• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // SPDX-License-Identifier: GPL-2.0
2 /* Copyright (C) 2007-2020  B.A.T.M.A.N. contributors:
3  *
4  * Marek Lindner, Simon Wunderlich
5  */
6 
7 #include "routing.h"
8 #include "main.h"
9 
10 #include <linux/atomic.h>
11 #include <linux/byteorder/generic.h>
12 #include <linux/compiler.h>
13 #include <linux/errno.h>
14 #include <linux/etherdevice.h>
15 #include <linux/if_ether.h>
16 #include <linux/jiffies.h>
17 #include <linux/kref.h>
18 #include <linux/netdevice.h>
19 #include <linux/printk.h>
20 #include <linux/rculist.h>
21 #include <linux/rcupdate.h>
22 #include <linux/skbuff.h>
23 #include <linux/spinlock.h>
24 #include <linux/stddef.h>
25 #include <uapi/linux/batadv_packet.h>
26 
27 #include "bitarray.h"
28 #include "bridge_loop_avoidance.h"
29 #include "distributed-arp-table.h"
30 #include "fragmentation.h"
31 #include "hard-interface.h"
32 #include "icmp_socket.h"
33 #include "log.h"
34 #include "network-coding.h"
35 #include "originator.h"
36 #include "send.h"
37 #include "soft-interface.h"
38 #include "tp_meter.h"
39 #include "translation-table.h"
40 #include "tvlv.h"
41 
42 static int batadv_route_unicast_packet(struct sk_buff *skb,
43 				       struct batadv_hard_iface *recv_if);
44 
45 /**
46  * _batadv_update_route() - set the router for this originator
47  * @bat_priv: the bat priv with all the soft interface information
48  * @orig_node: orig node which is to be configured
49  * @recv_if: the receive interface for which this route is set
50  * @neigh_node: neighbor which should be the next router
51  *
52  * This function does not perform any error checks
53  */
_batadv_update_route(struct batadv_priv * bat_priv,struct batadv_orig_node * orig_node,struct batadv_hard_iface * recv_if,struct batadv_neigh_node * neigh_node)54 static void _batadv_update_route(struct batadv_priv *bat_priv,
55 				 struct batadv_orig_node *orig_node,
56 				 struct batadv_hard_iface *recv_if,
57 				 struct batadv_neigh_node *neigh_node)
58 {
59 	struct batadv_orig_ifinfo *orig_ifinfo;
60 	struct batadv_neigh_node *curr_router;
61 
62 	orig_ifinfo = batadv_orig_ifinfo_get(orig_node, recv_if);
63 	if (!orig_ifinfo)
64 		return;
65 
66 	spin_lock_bh(&orig_node->neigh_list_lock);
67 	/* curr_router used earlier may not be the current orig_ifinfo->router
68 	 * anymore because it was dereferenced outside of the neigh_list_lock
69 	 * protected region. After the new best neighbor has replace the current
70 	 * best neighbor the reference counter needs to decrease. Consequently,
71 	 * the code needs to ensure the curr_router variable contains a pointer
72 	 * to the replaced best neighbor.
73 	 */
74 
75 	/* increase refcount of new best neighbor */
76 	if (neigh_node)
77 		kref_get(&neigh_node->refcount);
78 
79 	curr_router = rcu_replace_pointer(orig_ifinfo->router, neigh_node,
80 					  true);
81 	spin_unlock_bh(&orig_node->neigh_list_lock);
82 	batadv_orig_ifinfo_put(orig_ifinfo);
83 
84 	/* route deleted */
85 	if (curr_router && !neigh_node) {
86 		batadv_dbg(BATADV_DBG_ROUTES, bat_priv,
87 			   "Deleting route towards: %pM\n", orig_node->orig);
88 		batadv_tt_global_del_orig(bat_priv, orig_node, -1,
89 					  "Deleted route towards originator");
90 
91 	/* route added */
92 	} else if (!curr_router && neigh_node) {
93 		batadv_dbg(BATADV_DBG_ROUTES, bat_priv,
94 			   "Adding route towards: %pM (via %pM)\n",
95 			   orig_node->orig, neigh_node->addr);
96 	/* route changed */
97 	} else if (neigh_node && curr_router) {
98 		batadv_dbg(BATADV_DBG_ROUTES, bat_priv,
99 			   "Changing route towards: %pM (now via %pM - was via %pM)\n",
100 			   orig_node->orig, neigh_node->addr,
101 			   curr_router->addr);
102 	}
103 
104 	/* decrease refcount of previous best neighbor */
105 	if (curr_router)
106 		batadv_neigh_node_put(curr_router);
107 }
108 
109 /**
110  * batadv_update_route() - set the router for this originator
111  * @bat_priv: the bat priv with all the soft interface information
112  * @orig_node: orig node which is to be configured
113  * @recv_if: the receive interface for which this route is set
114  * @neigh_node: neighbor which should be the next router
115  */
batadv_update_route(struct batadv_priv * bat_priv,struct batadv_orig_node * orig_node,struct batadv_hard_iface * recv_if,struct batadv_neigh_node * neigh_node)116 void batadv_update_route(struct batadv_priv *bat_priv,
117 			 struct batadv_orig_node *orig_node,
118 			 struct batadv_hard_iface *recv_if,
119 			 struct batadv_neigh_node *neigh_node)
120 {
121 	struct batadv_neigh_node *router = NULL;
122 
123 	if (!orig_node)
124 		goto out;
125 
126 	router = batadv_orig_router_get(orig_node, recv_if);
127 
128 	if (router != neigh_node)
129 		_batadv_update_route(bat_priv, orig_node, recv_if, neigh_node);
130 
131 out:
132 	if (router)
133 		batadv_neigh_node_put(router);
134 }
135 
136 /**
137  * batadv_window_protected() - checks whether the host restarted and is in the
138  *  protection time.
139  * @bat_priv: the bat priv with all the soft interface information
140  * @seq_num_diff: difference between the current/received sequence number and
141  *  the last sequence number
142  * @seq_old_max_diff: maximum age of sequence number not considered as restart
143  * @last_reset: jiffies timestamp of the last reset, will be updated when reset
144  *  is detected
145  * @protection_started: is set to true if the protection window was started,
146  *   doesn't change otherwise.
147  *
148  * Return:
149  *  false if the packet is to be accepted.
150  *  true if the packet is to be ignored.
151  */
batadv_window_protected(struct batadv_priv * bat_priv,s32 seq_num_diff,s32 seq_old_max_diff,unsigned long * last_reset,bool * protection_started)152 bool batadv_window_protected(struct batadv_priv *bat_priv, s32 seq_num_diff,
153 			     s32 seq_old_max_diff, unsigned long *last_reset,
154 			     bool *protection_started)
155 {
156 	if (seq_num_diff <= -seq_old_max_diff ||
157 	    seq_num_diff >= BATADV_EXPECTED_SEQNO_RANGE) {
158 		if (!batadv_has_timed_out(*last_reset,
159 					  BATADV_RESET_PROTECTION_MS))
160 			return true;
161 
162 		*last_reset = jiffies;
163 		if (protection_started)
164 			*protection_started = true;
165 		batadv_dbg(BATADV_DBG_BATMAN, bat_priv,
166 			   "old packet received, start protection\n");
167 	}
168 
169 	return false;
170 }
171 
172 /**
173  * batadv_check_management_packet() - Check preconditions for management packets
174  * @skb: incoming packet buffer
175  * @hard_iface: incoming hard interface
176  * @header_len: minimal header length of packet type
177  *
178  * Return: true when management preconditions are met, false otherwise
179  */
batadv_check_management_packet(struct sk_buff * skb,struct batadv_hard_iface * hard_iface,int header_len)180 bool batadv_check_management_packet(struct sk_buff *skb,
181 				    struct batadv_hard_iface *hard_iface,
182 				    int header_len)
183 {
184 	struct ethhdr *ethhdr;
185 
186 	/* drop packet if it has not necessary minimum size */
187 	if (unlikely(!pskb_may_pull(skb, header_len)))
188 		return false;
189 
190 	ethhdr = eth_hdr(skb);
191 
192 	/* packet with broadcast indication but unicast recipient */
193 	if (!is_broadcast_ether_addr(ethhdr->h_dest))
194 		return false;
195 
196 	/* packet with invalid sender address */
197 	if (!is_valid_ether_addr(ethhdr->h_source))
198 		return false;
199 
200 	/* create a copy of the skb, if needed, to modify it. */
201 	if (skb_cow(skb, 0) < 0)
202 		return false;
203 
204 	/* keep skb linear */
205 	if (skb_linearize(skb) < 0)
206 		return false;
207 
208 	return true;
209 }
210 
211 /**
212  * batadv_recv_my_icmp_packet() - receive an icmp packet locally
213  * @bat_priv: the bat priv with all the soft interface information
214  * @skb: icmp packet to process
215  *
216  * Return: NET_RX_SUCCESS if the packet has been consumed or NET_RX_DROP
217  * otherwise.
218  */
batadv_recv_my_icmp_packet(struct batadv_priv * bat_priv,struct sk_buff * skb)219 static int batadv_recv_my_icmp_packet(struct batadv_priv *bat_priv,
220 				      struct sk_buff *skb)
221 {
222 	struct batadv_hard_iface *primary_if = NULL;
223 	struct batadv_orig_node *orig_node = NULL;
224 	struct batadv_icmp_header *icmph;
225 	int res, ret = NET_RX_DROP;
226 
227 	icmph = (struct batadv_icmp_header *)skb->data;
228 
229 	switch (icmph->msg_type) {
230 	case BATADV_ECHO_REPLY:
231 	case BATADV_DESTINATION_UNREACHABLE:
232 	case BATADV_TTL_EXCEEDED:
233 		/* receive the packet */
234 		if (skb_linearize(skb) < 0)
235 			break;
236 
237 		batadv_socket_receive_packet(icmph, skb->len);
238 		break;
239 	case BATADV_ECHO_REQUEST:
240 		/* answer echo request (ping) */
241 		primary_if = batadv_primary_if_get_selected(bat_priv);
242 		if (!primary_if)
243 			goto out;
244 
245 		/* get routing information */
246 		orig_node = batadv_orig_hash_find(bat_priv, icmph->orig);
247 		if (!orig_node)
248 			goto out;
249 
250 		/* create a copy of the skb, if needed, to modify it. */
251 		if (skb_cow(skb, ETH_HLEN) < 0)
252 			goto out;
253 
254 		icmph = (struct batadv_icmp_header *)skb->data;
255 
256 		ether_addr_copy(icmph->dst, icmph->orig);
257 		ether_addr_copy(icmph->orig, primary_if->net_dev->dev_addr);
258 		icmph->msg_type = BATADV_ECHO_REPLY;
259 		icmph->ttl = BATADV_TTL;
260 
261 		res = batadv_send_skb_to_orig(skb, orig_node, NULL);
262 		if (res == NET_XMIT_SUCCESS)
263 			ret = NET_RX_SUCCESS;
264 
265 		/* skb was consumed */
266 		skb = NULL;
267 		break;
268 	case BATADV_TP:
269 		if (!pskb_may_pull(skb, sizeof(struct batadv_icmp_tp_packet)))
270 			goto out;
271 
272 		batadv_tp_meter_recv(bat_priv, skb);
273 		ret = NET_RX_SUCCESS;
274 		/* skb was consumed */
275 		skb = NULL;
276 		goto out;
277 	default:
278 		/* drop unknown type */
279 		goto out;
280 	}
281 out:
282 	if (primary_if)
283 		batadv_hardif_put(primary_if);
284 	if (orig_node)
285 		batadv_orig_node_put(orig_node);
286 
287 	kfree_skb(skb);
288 
289 	return ret;
290 }
291 
batadv_recv_icmp_ttl_exceeded(struct batadv_priv * bat_priv,struct sk_buff * skb)292 static int batadv_recv_icmp_ttl_exceeded(struct batadv_priv *bat_priv,
293 					 struct sk_buff *skb)
294 {
295 	struct batadv_hard_iface *primary_if = NULL;
296 	struct batadv_orig_node *orig_node = NULL;
297 	struct batadv_icmp_packet *icmp_packet;
298 	int res, ret = NET_RX_DROP;
299 
300 	icmp_packet = (struct batadv_icmp_packet *)skb->data;
301 
302 	/* send TTL exceeded if packet is an echo request (traceroute) */
303 	if (icmp_packet->msg_type != BATADV_ECHO_REQUEST) {
304 		pr_debug("Warning - can't forward icmp packet from %pM to %pM: ttl exceeded\n",
305 			 icmp_packet->orig, icmp_packet->dst);
306 		goto out;
307 	}
308 
309 	primary_if = batadv_primary_if_get_selected(bat_priv);
310 	if (!primary_if)
311 		goto out;
312 
313 	/* get routing information */
314 	orig_node = batadv_orig_hash_find(bat_priv, icmp_packet->orig);
315 	if (!orig_node)
316 		goto out;
317 
318 	/* create a copy of the skb, if needed, to modify it. */
319 	if (skb_cow(skb, ETH_HLEN) < 0)
320 		goto out;
321 
322 	icmp_packet = (struct batadv_icmp_packet *)skb->data;
323 
324 	ether_addr_copy(icmp_packet->dst, icmp_packet->orig);
325 	ether_addr_copy(icmp_packet->orig, primary_if->net_dev->dev_addr);
326 	icmp_packet->msg_type = BATADV_TTL_EXCEEDED;
327 	icmp_packet->ttl = BATADV_TTL;
328 
329 	res = batadv_send_skb_to_orig(skb, orig_node, NULL);
330 	if (res == NET_RX_SUCCESS)
331 		ret = NET_XMIT_SUCCESS;
332 
333 	/* skb was consumed */
334 	skb = NULL;
335 
336 out:
337 	if (primary_if)
338 		batadv_hardif_put(primary_if);
339 	if (orig_node)
340 		batadv_orig_node_put(orig_node);
341 
342 	kfree_skb(skb);
343 
344 	return ret;
345 }
346 
347 /**
348  * batadv_recv_icmp_packet() - Process incoming icmp packet
349  * @skb: incoming packet buffer
350  * @recv_if: incoming hard interface
351  *
352  * Return: NET_RX_SUCCESS on success or NET_RX_DROP in case of failure
353  */
batadv_recv_icmp_packet(struct sk_buff * skb,struct batadv_hard_iface * recv_if)354 int batadv_recv_icmp_packet(struct sk_buff *skb,
355 			    struct batadv_hard_iface *recv_if)
356 {
357 	struct batadv_priv *bat_priv = netdev_priv(recv_if->soft_iface);
358 	struct batadv_icmp_header *icmph;
359 	struct batadv_icmp_packet_rr *icmp_packet_rr;
360 	struct ethhdr *ethhdr;
361 	struct batadv_orig_node *orig_node = NULL;
362 	int hdr_size = sizeof(struct batadv_icmp_header);
363 	int res, ret = NET_RX_DROP;
364 
365 	/* drop packet if it has not necessary minimum size */
366 	if (unlikely(!pskb_may_pull(skb, hdr_size)))
367 		goto free_skb;
368 
369 	ethhdr = eth_hdr(skb);
370 
371 	/* packet with unicast indication but non-unicast recipient */
372 	if (!is_valid_ether_addr(ethhdr->h_dest))
373 		goto free_skb;
374 
375 	/* packet with broadcast/multicast sender address */
376 	if (is_multicast_ether_addr(ethhdr->h_source))
377 		goto free_skb;
378 
379 	/* not for me */
380 	if (!batadv_is_my_mac(bat_priv, ethhdr->h_dest))
381 		goto free_skb;
382 
383 	icmph = (struct batadv_icmp_header *)skb->data;
384 
385 	/* add record route information if not full */
386 	if ((icmph->msg_type == BATADV_ECHO_REPLY ||
387 	     icmph->msg_type == BATADV_ECHO_REQUEST) &&
388 	    skb->len >= sizeof(struct batadv_icmp_packet_rr)) {
389 		if (skb_linearize(skb) < 0)
390 			goto free_skb;
391 
392 		/* create a copy of the skb, if needed, to modify it. */
393 		if (skb_cow(skb, ETH_HLEN) < 0)
394 			goto free_skb;
395 
396 		ethhdr = eth_hdr(skb);
397 		icmph = (struct batadv_icmp_header *)skb->data;
398 		icmp_packet_rr = (struct batadv_icmp_packet_rr *)icmph;
399 		if (icmp_packet_rr->rr_cur >= BATADV_RR_LEN)
400 			goto free_skb;
401 
402 		ether_addr_copy(icmp_packet_rr->rr[icmp_packet_rr->rr_cur],
403 				ethhdr->h_dest);
404 		icmp_packet_rr->rr_cur++;
405 	}
406 
407 	/* packet for me */
408 	if (batadv_is_my_mac(bat_priv, icmph->dst))
409 		return batadv_recv_my_icmp_packet(bat_priv, skb);
410 
411 	/* TTL exceeded */
412 	if (icmph->ttl < 2)
413 		return batadv_recv_icmp_ttl_exceeded(bat_priv, skb);
414 
415 	/* get routing information */
416 	orig_node = batadv_orig_hash_find(bat_priv, icmph->dst);
417 	if (!orig_node)
418 		goto free_skb;
419 
420 	/* create a copy of the skb, if needed, to modify it. */
421 	if (skb_cow(skb, ETH_HLEN) < 0)
422 		goto put_orig_node;
423 
424 	icmph = (struct batadv_icmp_header *)skb->data;
425 
426 	/* decrement ttl */
427 	icmph->ttl--;
428 
429 	/* route it */
430 	res = batadv_send_skb_to_orig(skb, orig_node, recv_if);
431 	if (res == NET_XMIT_SUCCESS)
432 		ret = NET_RX_SUCCESS;
433 
434 	/* skb was consumed */
435 	skb = NULL;
436 
437 put_orig_node:
438 	if (orig_node)
439 		batadv_orig_node_put(orig_node);
440 free_skb:
441 	kfree_skb(skb);
442 
443 	return ret;
444 }
445 
446 /**
447  * batadv_check_unicast_packet() - Check for malformed unicast packets
448  * @bat_priv: the bat priv with all the soft interface information
449  * @skb: packet to check
450  * @hdr_size: size of header to pull
451  *
452  * Checks for short header and bad addresses in the given packet.
453  *
454  * Return: negative value when check fails and 0 otherwise. The negative value
455  * depends on the reason: -ENODATA for bad header, -EBADR for broadcast
456  * destination or source, and -EREMOTE for non-local (other host) destination.
457  */
batadv_check_unicast_packet(struct batadv_priv * bat_priv,struct sk_buff * skb,int hdr_size)458 static int batadv_check_unicast_packet(struct batadv_priv *bat_priv,
459 				       struct sk_buff *skb, int hdr_size)
460 {
461 	struct ethhdr *ethhdr;
462 
463 	/* drop packet if it has not necessary minimum size */
464 	if (unlikely(!pskb_may_pull(skb, hdr_size)))
465 		return -ENODATA;
466 
467 	ethhdr = eth_hdr(skb);
468 
469 	/* packet with unicast indication but non-unicast recipient */
470 	if (!is_valid_ether_addr(ethhdr->h_dest))
471 		return -EBADR;
472 
473 	/* packet with broadcast/multicast sender address */
474 	if (is_multicast_ether_addr(ethhdr->h_source))
475 		return -EBADR;
476 
477 	/* not for me */
478 	if (!batadv_is_my_mac(bat_priv, ethhdr->h_dest))
479 		return -EREMOTE;
480 
481 	return 0;
482 }
483 
484 /**
485  * batadv_last_bonding_get() - Get last_bonding_candidate of orig_node
486  * @orig_node: originator node whose last bonding candidate should be retrieved
487  *
488  * Return: last bonding candidate of router or NULL if not found
489  *
490  * The object is returned with refcounter increased by 1.
491  */
492 static struct batadv_orig_ifinfo *
batadv_last_bonding_get(struct batadv_orig_node * orig_node)493 batadv_last_bonding_get(struct batadv_orig_node *orig_node)
494 {
495 	struct batadv_orig_ifinfo *last_bonding_candidate;
496 
497 	spin_lock_bh(&orig_node->neigh_list_lock);
498 	last_bonding_candidate = orig_node->last_bonding_candidate;
499 
500 	if (last_bonding_candidate)
501 		kref_get(&last_bonding_candidate->refcount);
502 	spin_unlock_bh(&orig_node->neigh_list_lock);
503 
504 	return last_bonding_candidate;
505 }
506 
507 /**
508  * batadv_last_bonding_replace() - Replace last_bonding_candidate of orig_node
509  * @orig_node: originator node whose bonding candidates should be replaced
510  * @new_candidate: new bonding candidate or NULL
511  */
512 static void
batadv_last_bonding_replace(struct batadv_orig_node * orig_node,struct batadv_orig_ifinfo * new_candidate)513 batadv_last_bonding_replace(struct batadv_orig_node *orig_node,
514 			    struct batadv_orig_ifinfo *new_candidate)
515 {
516 	struct batadv_orig_ifinfo *old_candidate;
517 
518 	spin_lock_bh(&orig_node->neigh_list_lock);
519 	old_candidate = orig_node->last_bonding_candidate;
520 
521 	if (new_candidate)
522 		kref_get(&new_candidate->refcount);
523 	orig_node->last_bonding_candidate = new_candidate;
524 	spin_unlock_bh(&orig_node->neigh_list_lock);
525 
526 	if (old_candidate)
527 		batadv_orig_ifinfo_put(old_candidate);
528 }
529 
530 /**
531  * batadv_find_router() - find a suitable router for this originator
532  * @bat_priv: the bat priv with all the soft interface information
533  * @orig_node: the destination node
534  * @recv_if: pointer to interface this packet was received on
535  *
536  * Return: the router which should be used for this orig_node on
537  * this interface, or NULL if not available.
538  */
539 struct batadv_neigh_node *
batadv_find_router(struct batadv_priv * bat_priv,struct batadv_orig_node * orig_node,struct batadv_hard_iface * recv_if)540 batadv_find_router(struct batadv_priv *bat_priv,
541 		   struct batadv_orig_node *orig_node,
542 		   struct batadv_hard_iface *recv_if)
543 {
544 	struct batadv_algo_ops *bao = bat_priv->algo_ops;
545 	struct batadv_neigh_node *first_candidate_router = NULL;
546 	struct batadv_neigh_node *next_candidate_router = NULL;
547 	struct batadv_neigh_node *router, *cand_router = NULL;
548 	struct batadv_neigh_node *last_cand_router = NULL;
549 	struct batadv_orig_ifinfo *cand, *first_candidate = NULL;
550 	struct batadv_orig_ifinfo *next_candidate = NULL;
551 	struct batadv_orig_ifinfo *last_candidate;
552 	bool last_candidate_found = false;
553 
554 	if (!orig_node)
555 		return NULL;
556 
557 	router = batadv_orig_router_get(orig_node, recv_if);
558 
559 	if (!router)
560 		return router;
561 
562 	/* only consider bonding for recv_if == BATADV_IF_DEFAULT (first hop)
563 	 * and if activated.
564 	 */
565 	if (!(recv_if == BATADV_IF_DEFAULT && atomic_read(&bat_priv->bonding)))
566 		return router;
567 
568 	/* bonding: loop through the list of possible routers found
569 	 * for the various outgoing interfaces and find a candidate after
570 	 * the last chosen bonding candidate (next_candidate). If no such
571 	 * router is found, use the first candidate found (the previously
572 	 * chosen bonding candidate might have been the last one in the list).
573 	 * If this can't be found either, return the previously chosen
574 	 * router - obviously there are no other candidates.
575 	 */
576 	rcu_read_lock();
577 	last_candidate = batadv_last_bonding_get(orig_node);
578 	if (last_candidate)
579 		last_cand_router = rcu_dereference(last_candidate->router);
580 
581 	hlist_for_each_entry_rcu(cand, &orig_node->ifinfo_list, list) {
582 		/* acquire some structures and references ... */
583 		if (!kref_get_unless_zero(&cand->refcount))
584 			continue;
585 
586 		cand_router = rcu_dereference(cand->router);
587 		if (!cand_router)
588 			goto next;
589 
590 		if (!kref_get_unless_zero(&cand_router->refcount)) {
591 			cand_router = NULL;
592 			goto next;
593 		}
594 
595 		/* alternative candidate should be good enough to be
596 		 * considered
597 		 */
598 		if (!bao->neigh.is_similar_or_better(cand_router,
599 						     cand->if_outgoing, router,
600 						     recv_if))
601 			goto next;
602 
603 		/* don't use the same router twice */
604 		if (last_cand_router == cand_router)
605 			goto next;
606 
607 		/* mark the first possible candidate */
608 		if (!first_candidate) {
609 			kref_get(&cand_router->refcount);
610 			kref_get(&cand->refcount);
611 			first_candidate = cand;
612 			first_candidate_router = cand_router;
613 		}
614 
615 		/* check if the loop has already passed the previously selected
616 		 * candidate ... this function should select the next candidate
617 		 * AFTER the previously used bonding candidate.
618 		 */
619 		if (!last_candidate || last_candidate_found) {
620 			next_candidate = cand;
621 			next_candidate_router = cand_router;
622 			break;
623 		}
624 
625 		if (last_candidate == cand)
626 			last_candidate_found = true;
627 next:
628 		/* free references */
629 		if (cand_router) {
630 			batadv_neigh_node_put(cand_router);
631 			cand_router = NULL;
632 		}
633 		batadv_orig_ifinfo_put(cand);
634 	}
635 	rcu_read_unlock();
636 
637 	/* After finding candidates, handle the three cases:
638 	 * 1) there is a next candidate, use that
639 	 * 2) there is no next candidate, use the first of the list
640 	 * 3) there is no candidate at all, return the default router
641 	 */
642 	if (next_candidate) {
643 		batadv_neigh_node_put(router);
644 
645 		kref_get(&next_candidate_router->refcount);
646 		router = next_candidate_router;
647 		batadv_last_bonding_replace(orig_node, next_candidate);
648 	} else if (first_candidate) {
649 		batadv_neigh_node_put(router);
650 
651 		kref_get(&first_candidate_router->refcount);
652 		router = first_candidate_router;
653 		batadv_last_bonding_replace(orig_node, first_candidate);
654 	} else {
655 		batadv_last_bonding_replace(orig_node, NULL);
656 	}
657 
658 	/* cleanup of candidates */
659 	if (first_candidate) {
660 		batadv_neigh_node_put(first_candidate_router);
661 		batadv_orig_ifinfo_put(first_candidate);
662 	}
663 
664 	if (next_candidate) {
665 		batadv_neigh_node_put(next_candidate_router);
666 		batadv_orig_ifinfo_put(next_candidate);
667 	}
668 
669 	if (last_candidate)
670 		batadv_orig_ifinfo_put(last_candidate);
671 
672 	return router;
673 }
674 
batadv_route_unicast_packet(struct sk_buff * skb,struct batadv_hard_iface * recv_if)675 static int batadv_route_unicast_packet(struct sk_buff *skb,
676 				       struct batadv_hard_iface *recv_if)
677 {
678 	struct batadv_priv *bat_priv = netdev_priv(recv_if->soft_iface);
679 	struct batadv_orig_node *orig_node = NULL;
680 	struct batadv_unicast_packet *unicast_packet;
681 	struct ethhdr *ethhdr = eth_hdr(skb);
682 	int res, hdr_len, ret = NET_RX_DROP;
683 	unsigned int len;
684 
685 	unicast_packet = (struct batadv_unicast_packet *)skb->data;
686 
687 	/* TTL exceeded */
688 	if (unicast_packet->ttl < 2) {
689 		pr_debug("Warning - can't forward unicast packet from %pM to %pM: ttl exceeded\n",
690 			 ethhdr->h_source, unicast_packet->dest);
691 		goto free_skb;
692 	}
693 
694 	/* get routing information */
695 	orig_node = batadv_orig_hash_find(bat_priv, unicast_packet->dest);
696 
697 	if (!orig_node)
698 		goto free_skb;
699 
700 	/* create a copy of the skb, if needed, to modify it. */
701 	if (skb_cow(skb, ETH_HLEN) < 0)
702 		goto put_orig_node;
703 
704 	/* decrement ttl */
705 	unicast_packet = (struct batadv_unicast_packet *)skb->data;
706 	unicast_packet->ttl--;
707 
708 	switch (unicast_packet->packet_type) {
709 	case BATADV_UNICAST_4ADDR:
710 		hdr_len = sizeof(struct batadv_unicast_4addr_packet);
711 		break;
712 	case BATADV_UNICAST:
713 		hdr_len = sizeof(struct batadv_unicast_packet);
714 		break;
715 	default:
716 		/* other packet types not supported - yet */
717 		hdr_len = -1;
718 		break;
719 	}
720 
721 	if (hdr_len > 0)
722 		batadv_skb_set_priority(skb, hdr_len);
723 
724 	len = skb->len;
725 	res = batadv_send_skb_to_orig(skb, orig_node, recv_if);
726 
727 	/* translate transmit result into receive result */
728 	if (res == NET_XMIT_SUCCESS) {
729 		ret = NET_RX_SUCCESS;
730 		/* skb was transmitted and consumed */
731 		batadv_inc_counter(bat_priv, BATADV_CNT_FORWARD);
732 		batadv_add_counter(bat_priv, BATADV_CNT_FORWARD_BYTES,
733 				   len + ETH_HLEN);
734 	}
735 
736 	/* skb was consumed */
737 	skb = NULL;
738 
739 put_orig_node:
740 	batadv_orig_node_put(orig_node);
741 free_skb:
742 	kfree_skb(skb);
743 
744 	return ret;
745 }
746 
747 /**
748  * batadv_reroute_unicast_packet() - update the unicast header for re-routing
749  * @bat_priv: the bat priv with all the soft interface information
750  * @skb: unicast packet to process
751  * @unicast_packet: the unicast header to be updated
752  * @dst_addr: the payload destination
753  * @vid: VLAN identifier
754  *
755  * Search the translation table for dst_addr and update the unicast header with
756  * the new corresponding information (originator address where the destination
757  * client currently is and its known TTVN)
758  *
759  * Return: true if the packet header has been updated, false otherwise
760  */
761 static bool
batadv_reroute_unicast_packet(struct batadv_priv * bat_priv,struct sk_buff * skb,struct batadv_unicast_packet * unicast_packet,u8 * dst_addr,unsigned short vid)762 batadv_reroute_unicast_packet(struct batadv_priv *bat_priv, struct sk_buff *skb,
763 			      struct batadv_unicast_packet *unicast_packet,
764 			      u8 *dst_addr, unsigned short vid)
765 {
766 	struct batadv_orig_node *orig_node = NULL;
767 	struct batadv_hard_iface *primary_if = NULL;
768 	bool ret = false;
769 	u8 *orig_addr, orig_ttvn;
770 
771 	if (batadv_is_my_client(bat_priv, dst_addr, vid)) {
772 		primary_if = batadv_primary_if_get_selected(bat_priv);
773 		if (!primary_if)
774 			goto out;
775 		orig_addr = primary_if->net_dev->dev_addr;
776 		orig_ttvn = (u8)atomic_read(&bat_priv->tt.vn);
777 	} else {
778 		orig_node = batadv_transtable_search(bat_priv, NULL, dst_addr,
779 						     vid);
780 		if (!orig_node)
781 			goto out;
782 
783 		if (batadv_compare_eth(orig_node->orig, unicast_packet->dest))
784 			goto out;
785 
786 		orig_addr = orig_node->orig;
787 		orig_ttvn = (u8)atomic_read(&orig_node->last_ttvn);
788 	}
789 
790 	/* update the packet header */
791 	skb_postpull_rcsum(skb, unicast_packet, sizeof(*unicast_packet));
792 	ether_addr_copy(unicast_packet->dest, orig_addr);
793 	unicast_packet->ttvn = orig_ttvn;
794 	skb_postpush_rcsum(skb, unicast_packet, sizeof(*unicast_packet));
795 
796 	ret = true;
797 out:
798 	if (primary_if)
799 		batadv_hardif_put(primary_if);
800 	if (orig_node)
801 		batadv_orig_node_put(orig_node);
802 
803 	return ret;
804 }
805 
batadv_check_unicast_ttvn(struct batadv_priv * bat_priv,struct sk_buff * skb,int hdr_len)806 static bool batadv_check_unicast_ttvn(struct batadv_priv *bat_priv,
807 				      struct sk_buff *skb, int hdr_len)
808 {
809 	struct batadv_unicast_packet *unicast_packet;
810 	struct batadv_hard_iface *primary_if;
811 	struct batadv_orig_node *orig_node;
812 	u8 curr_ttvn, old_ttvn;
813 	struct ethhdr *ethhdr;
814 	unsigned short vid;
815 	int is_old_ttvn;
816 
817 	/* check if there is enough data before accessing it */
818 	if (!pskb_may_pull(skb, hdr_len + ETH_HLEN))
819 		return false;
820 
821 	/* create a copy of the skb (in case of for re-routing) to modify it. */
822 	if (skb_cow(skb, sizeof(*unicast_packet)) < 0)
823 		return false;
824 
825 	unicast_packet = (struct batadv_unicast_packet *)skb->data;
826 	vid = batadv_get_vid(skb, hdr_len);
827 	ethhdr = (struct ethhdr *)(skb->data + hdr_len);
828 
829 	/* do not reroute multicast frames in a unicast header */
830 	if (is_multicast_ether_addr(ethhdr->h_dest))
831 		return true;
832 
833 	/* check if the destination client was served by this node and it is now
834 	 * roaming. In this case, it means that the node has got a ROAM_ADV
835 	 * message and that it knows the new destination in the mesh to re-route
836 	 * the packet to
837 	 */
838 	if (batadv_tt_local_client_is_roaming(bat_priv, ethhdr->h_dest, vid)) {
839 		if (batadv_reroute_unicast_packet(bat_priv, skb, unicast_packet,
840 						  ethhdr->h_dest, vid))
841 			batadv_dbg_ratelimited(BATADV_DBG_TT,
842 					       bat_priv,
843 					       "Rerouting unicast packet to %pM (dst=%pM): Local Roaming\n",
844 					       unicast_packet->dest,
845 					       ethhdr->h_dest);
846 		/* at this point the mesh destination should have been
847 		 * substituted with the originator address found in the global
848 		 * table. If not, let the packet go untouched anyway because
849 		 * there is nothing the node can do
850 		 */
851 		return true;
852 	}
853 
854 	/* retrieve the TTVN known by this node for the packet destination. This
855 	 * value is used later to check if the node which sent (or re-routed
856 	 * last time) the packet had an updated information or not
857 	 */
858 	curr_ttvn = (u8)atomic_read(&bat_priv->tt.vn);
859 	if (!batadv_is_my_mac(bat_priv, unicast_packet->dest)) {
860 		orig_node = batadv_orig_hash_find(bat_priv,
861 						  unicast_packet->dest);
862 		/* if it is not possible to find the orig_node representing the
863 		 * destination, the packet can immediately be dropped as it will
864 		 * not be possible to deliver it
865 		 */
866 		if (!orig_node)
867 			return false;
868 
869 		curr_ttvn = (u8)atomic_read(&orig_node->last_ttvn);
870 		batadv_orig_node_put(orig_node);
871 	}
872 
873 	/* check if the TTVN contained in the packet is fresher than what the
874 	 * node knows
875 	 */
876 	is_old_ttvn = batadv_seq_before(unicast_packet->ttvn, curr_ttvn);
877 	if (!is_old_ttvn)
878 		return true;
879 
880 	old_ttvn = unicast_packet->ttvn;
881 	/* the packet was forged based on outdated network information. Its
882 	 * destination can possibly be updated and forwarded towards the new
883 	 * target host
884 	 */
885 	if (batadv_reroute_unicast_packet(bat_priv, skb, unicast_packet,
886 					  ethhdr->h_dest, vid)) {
887 		batadv_dbg_ratelimited(BATADV_DBG_TT, bat_priv,
888 				       "Rerouting unicast packet to %pM (dst=%pM): TTVN mismatch old_ttvn=%u new_ttvn=%u\n",
889 				       unicast_packet->dest, ethhdr->h_dest,
890 				       old_ttvn, curr_ttvn);
891 		return true;
892 	}
893 
894 	/* the packet has not been re-routed: either the destination is
895 	 * currently served by this node or there is no destination at all and
896 	 * it is possible to drop the packet
897 	 */
898 	if (!batadv_is_my_client(bat_priv, ethhdr->h_dest, vid))
899 		return false;
900 
901 	/* update the header in order to let the packet be delivered to this
902 	 * node's soft interface
903 	 */
904 	primary_if = batadv_primary_if_get_selected(bat_priv);
905 	if (!primary_if)
906 		return false;
907 
908 	/* update the packet header */
909 	skb_postpull_rcsum(skb, unicast_packet, sizeof(*unicast_packet));
910 	ether_addr_copy(unicast_packet->dest, primary_if->net_dev->dev_addr);
911 	unicast_packet->ttvn = curr_ttvn;
912 	skb_postpush_rcsum(skb, unicast_packet, sizeof(*unicast_packet));
913 
914 	batadv_hardif_put(primary_if);
915 
916 	return true;
917 }
918 
919 /**
920  * batadv_recv_unhandled_unicast_packet() - receive and process packets which
921  *	are in the unicast number space but not yet known to the implementation
922  * @skb: unicast tvlv packet to process
923  * @recv_if: pointer to interface this packet was received on
924  *
925  * Return: NET_RX_SUCCESS if the packet has been consumed or NET_RX_DROP
926  * otherwise.
927  */
batadv_recv_unhandled_unicast_packet(struct sk_buff * skb,struct batadv_hard_iface * recv_if)928 int batadv_recv_unhandled_unicast_packet(struct sk_buff *skb,
929 					 struct batadv_hard_iface *recv_if)
930 {
931 	struct batadv_unicast_packet *unicast_packet;
932 	struct batadv_priv *bat_priv = netdev_priv(recv_if->soft_iface);
933 	int check, hdr_size = sizeof(*unicast_packet);
934 
935 	check = batadv_check_unicast_packet(bat_priv, skb, hdr_size);
936 	if (check < 0)
937 		goto free_skb;
938 
939 	/* we don't know about this type, drop it. */
940 	unicast_packet = (struct batadv_unicast_packet *)skb->data;
941 	if (batadv_is_my_mac(bat_priv, unicast_packet->dest))
942 		goto free_skb;
943 
944 	return batadv_route_unicast_packet(skb, recv_if);
945 
946 free_skb:
947 	kfree_skb(skb);
948 	return NET_RX_DROP;
949 }
950 
951 /**
952  * batadv_recv_unicast_packet() - Process incoming unicast packet
953  * @skb: incoming packet buffer
954  * @recv_if: incoming hard interface
955  *
956  * Return: NET_RX_SUCCESS on success or NET_RX_DROP in case of failure
957  */
batadv_recv_unicast_packet(struct sk_buff * skb,struct batadv_hard_iface * recv_if)958 int batadv_recv_unicast_packet(struct sk_buff *skb,
959 			       struct batadv_hard_iface *recv_if)
960 {
961 	struct batadv_priv *bat_priv = netdev_priv(recv_if->soft_iface);
962 	struct batadv_unicast_packet *unicast_packet;
963 	struct batadv_unicast_4addr_packet *unicast_4addr_packet;
964 	u8 *orig_addr, *orig_addr_gw;
965 	struct batadv_orig_node *orig_node = NULL, *orig_node_gw = NULL;
966 	int check, hdr_size = sizeof(*unicast_packet);
967 	enum batadv_subtype subtype;
968 	int ret = NET_RX_DROP;
969 	bool is4addr, is_gw;
970 
971 	unicast_packet = (struct batadv_unicast_packet *)skb->data;
972 	is4addr = unicast_packet->packet_type == BATADV_UNICAST_4ADDR;
973 	/* the caller function should have already pulled 2 bytes */
974 	if (is4addr)
975 		hdr_size = sizeof(*unicast_4addr_packet);
976 
977 	/* function returns -EREMOTE for promiscuous packets */
978 	check = batadv_check_unicast_packet(bat_priv, skb, hdr_size);
979 
980 	/* Even though the packet is not for us, we might save it to use for
981 	 * decoding a later received coded packet
982 	 */
983 	if (check == -EREMOTE)
984 		batadv_nc_skb_store_sniffed_unicast(bat_priv, skb);
985 
986 	if (check < 0)
987 		goto free_skb;
988 	if (!batadv_check_unicast_ttvn(bat_priv, skb, hdr_size))
989 		goto free_skb;
990 
991 	unicast_packet = (struct batadv_unicast_packet *)skb->data;
992 
993 	/* packet for me */
994 	if (batadv_is_my_mac(bat_priv, unicast_packet->dest)) {
995 		/* If this is a unicast packet from another backgone gw,
996 		 * drop it.
997 		 */
998 		orig_addr_gw = eth_hdr(skb)->h_source;
999 		orig_node_gw = batadv_orig_hash_find(bat_priv, orig_addr_gw);
1000 		if (orig_node_gw) {
1001 			is_gw = batadv_bla_is_backbone_gw(skb, orig_node_gw,
1002 							  hdr_size);
1003 			batadv_orig_node_put(orig_node_gw);
1004 			if (is_gw) {
1005 				batadv_dbg(BATADV_DBG_BLA, bat_priv,
1006 					   "%s(): Dropped unicast pkt received from another backbone gw %pM.\n",
1007 					   __func__, orig_addr_gw);
1008 				goto free_skb;
1009 			}
1010 		}
1011 
1012 		if (is4addr) {
1013 			unicast_4addr_packet =
1014 				(struct batadv_unicast_4addr_packet *)skb->data;
1015 			subtype = unicast_4addr_packet->subtype;
1016 			batadv_dat_inc_counter(bat_priv, subtype);
1017 
1018 			/* Only payload data should be considered for speedy
1019 			 * join. For example, DAT also uses unicast 4addr
1020 			 * types, but those packets should not be considered
1021 			 * for speedy join, since the clients do not actually
1022 			 * reside at the sending originator.
1023 			 */
1024 			if (subtype == BATADV_P_DATA) {
1025 				orig_addr = unicast_4addr_packet->src;
1026 				orig_node = batadv_orig_hash_find(bat_priv,
1027 								  orig_addr);
1028 			}
1029 		}
1030 
1031 		if (batadv_dat_snoop_incoming_arp_request(bat_priv, skb,
1032 							  hdr_size))
1033 			goto rx_success;
1034 		if (batadv_dat_snoop_incoming_arp_reply(bat_priv, skb,
1035 							hdr_size))
1036 			goto rx_success;
1037 
1038 		batadv_dat_snoop_incoming_dhcp_ack(bat_priv, skb, hdr_size);
1039 
1040 		batadv_interface_rx(recv_if->soft_iface, skb, hdr_size,
1041 				    orig_node);
1042 
1043 rx_success:
1044 		if (orig_node)
1045 			batadv_orig_node_put(orig_node);
1046 
1047 		return NET_RX_SUCCESS;
1048 	}
1049 
1050 	ret = batadv_route_unicast_packet(skb, recv_if);
1051 	/* skb was consumed */
1052 	skb = NULL;
1053 
1054 free_skb:
1055 	kfree_skb(skb);
1056 
1057 	return ret;
1058 }
1059 
1060 /**
1061  * batadv_recv_unicast_tvlv() - receive and process unicast tvlv packets
1062  * @skb: unicast tvlv packet to process
1063  * @recv_if: pointer to interface this packet was received on
1064  *
1065  * Return: NET_RX_SUCCESS if the packet has been consumed or NET_RX_DROP
1066  * otherwise.
1067  */
batadv_recv_unicast_tvlv(struct sk_buff * skb,struct batadv_hard_iface * recv_if)1068 int batadv_recv_unicast_tvlv(struct sk_buff *skb,
1069 			     struct batadv_hard_iface *recv_if)
1070 {
1071 	struct batadv_priv *bat_priv = netdev_priv(recv_if->soft_iface);
1072 	struct batadv_unicast_tvlv_packet *unicast_tvlv_packet;
1073 	unsigned char *tvlv_buff;
1074 	u16 tvlv_buff_len;
1075 	int hdr_size = sizeof(*unicast_tvlv_packet);
1076 	int ret = NET_RX_DROP;
1077 
1078 	if (batadv_check_unicast_packet(bat_priv, skb, hdr_size) < 0)
1079 		goto free_skb;
1080 
1081 	/* the header is likely to be modified while forwarding */
1082 	if (skb_cow(skb, hdr_size) < 0)
1083 		goto free_skb;
1084 
1085 	/* packet needs to be linearized to access the tvlv content */
1086 	if (skb_linearize(skb) < 0)
1087 		goto free_skb;
1088 
1089 	unicast_tvlv_packet = (struct batadv_unicast_tvlv_packet *)skb->data;
1090 
1091 	tvlv_buff = (unsigned char *)(skb->data + hdr_size);
1092 	tvlv_buff_len = ntohs(unicast_tvlv_packet->tvlv_len);
1093 
1094 	if (tvlv_buff_len > skb->len - hdr_size)
1095 		goto free_skb;
1096 
1097 	ret = batadv_tvlv_containers_process(bat_priv, false, NULL,
1098 					     unicast_tvlv_packet->src,
1099 					     unicast_tvlv_packet->dst,
1100 					     tvlv_buff, tvlv_buff_len);
1101 
1102 	if (ret != NET_RX_SUCCESS) {
1103 		ret = batadv_route_unicast_packet(skb, recv_if);
1104 		/* skb was consumed */
1105 		skb = NULL;
1106 	}
1107 
1108 free_skb:
1109 	kfree_skb(skb);
1110 
1111 	return ret;
1112 }
1113 
1114 /**
1115  * batadv_recv_frag_packet() - process received fragment
1116  * @skb: the received fragment
1117  * @recv_if: interface that the skb is received on
1118  *
1119  * This function does one of the three following things: 1) Forward fragment, if
1120  * the assembled packet will exceed our MTU; 2) Buffer fragment, if we still
1121  * lack further fragments; 3) Merge fragments, if we have all needed parts.
1122  *
1123  * Return: NET_RX_DROP if the skb is not consumed, NET_RX_SUCCESS otherwise.
1124  */
batadv_recv_frag_packet(struct sk_buff * skb,struct batadv_hard_iface * recv_if)1125 int batadv_recv_frag_packet(struct sk_buff *skb,
1126 			    struct batadv_hard_iface *recv_if)
1127 {
1128 	struct batadv_priv *bat_priv = netdev_priv(recv_if->soft_iface);
1129 	struct batadv_orig_node *orig_node_src = NULL;
1130 	struct batadv_frag_packet *frag_packet;
1131 	int ret = NET_RX_DROP;
1132 
1133 	if (batadv_check_unicast_packet(bat_priv, skb,
1134 					sizeof(*frag_packet)) < 0)
1135 		goto free_skb;
1136 
1137 	frag_packet = (struct batadv_frag_packet *)skb->data;
1138 	orig_node_src = batadv_orig_hash_find(bat_priv, frag_packet->orig);
1139 	if (!orig_node_src)
1140 		goto free_skb;
1141 
1142 	skb->priority = frag_packet->priority + 256;
1143 
1144 	/* Route the fragment if it is not for us and too big to be merged. */
1145 	if (!batadv_is_my_mac(bat_priv, frag_packet->dest) &&
1146 	    batadv_frag_skb_fwd(skb, recv_if, orig_node_src)) {
1147 		/* skb was consumed */
1148 		skb = NULL;
1149 		ret = NET_RX_SUCCESS;
1150 		goto put_orig_node;
1151 	}
1152 
1153 	batadv_inc_counter(bat_priv, BATADV_CNT_FRAG_RX);
1154 	batadv_add_counter(bat_priv, BATADV_CNT_FRAG_RX_BYTES, skb->len);
1155 
1156 	/* Add fragment to buffer and merge if possible. */
1157 	if (!batadv_frag_skb_buffer(&skb, orig_node_src))
1158 		goto put_orig_node;
1159 
1160 	/* Deliver merged packet to the appropriate handler, if it was
1161 	 * merged
1162 	 */
1163 	if (skb) {
1164 		batadv_batman_skb_recv(skb, recv_if->net_dev,
1165 				       &recv_if->batman_adv_ptype, NULL);
1166 		/* skb was consumed */
1167 		skb = NULL;
1168 	}
1169 
1170 	ret = NET_RX_SUCCESS;
1171 
1172 put_orig_node:
1173 	batadv_orig_node_put(orig_node_src);
1174 free_skb:
1175 	kfree_skb(skb);
1176 
1177 	return ret;
1178 }
1179 
1180 /**
1181  * batadv_recv_bcast_packet() - Process incoming broadcast packet
1182  * @skb: incoming packet buffer
1183  * @recv_if: incoming hard interface
1184  *
1185  * Return: NET_RX_SUCCESS on success or NET_RX_DROP in case of failure
1186  */
batadv_recv_bcast_packet(struct sk_buff * skb,struct batadv_hard_iface * recv_if)1187 int batadv_recv_bcast_packet(struct sk_buff *skb,
1188 			     struct batadv_hard_iface *recv_if)
1189 {
1190 	struct batadv_priv *bat_priv = netdev_priv(recv_if->soft_iface);
1191 	struct batadv_orig_node *orig_node = NULL;
1192 	struct batadv_bcast_packet *bcast_packet;
1193 	struct ethhdr *ethhdr;
1194 	int hdr_size = sizeof(*bcast_packet);
1195 	int ret = NET_RX_DROP;
1196 	s32 seq_diff;
1197 	u32 seqno;
1198 
1199 	/* drop packet if it has not necessary minimum size */
1200 	if (unlikely(!pskb_may_pull(skb, hdr_size)))
1201 		goto free_skb;
1202 
1203 	ethhdr = eth_hdr(skb);
1204 
1205 	/* packet with broadcast indication but unicast recipient */
1206 	if (!is_broadcast_ether_addr(ethhdr->h_dest))
1207 		goto free_skb;
1208 
1209 	/* packet with broadcast/multicast sender address */
1210 	if (is_multicast_ether_addr(ethhdr->h_source))
1211 		goto free_skb;
1212 
1213 	/* ignore broadcasts sent by myself */
1214 	if (batadv_is_my_mac(bat_priv, ethhdr->h_source))
1215 		goto free_skb;
1216 
1217 	bcast_packet = (struct batadv_bcast_packet *)skb->data;
1218 
1219 	/* ignore broadcasts originated by myself */
1220 	if (batadv_is_my_mac(bat_priv, bcast_packet->orig))
1221 		goto free_skb;
1222 
1223 	if (bcast_packet->ttl < 2)
1224 		goto free_skb;
1225 
1226 	orig_node = batadv_orig_hash_find(bat_priv, bcast_packet->orig);
1227 
1228 	if (!orig_node)
1229 		goto free_skb;
1230 
1231 	spin_lock_bh(&orig_node->bcast_seqno_lock);
1232 
1233 	seqno = ntohl(bcast_packet->seqno);
1234 	/* check whether the packet is a duplicate */
1235 	if (batadv_test_bit(orig_node->bcast_bits, orig_node->last_bcast_seqno,
1236 			    seqno))
1237 		goto spin_unlock;
1238 
1239 	seq_diff = seqno - orig_node->last_bcast_seqno;
1240 
1241 	/* check whether the packet is old and the host just restarted. */
1242 	if (batadv_window_protected(bat_priv, seq_diff,
1243 				    BATADV_BCAST_MAX_AGE,
1244 				    &orig_node->bcast_seqno_reset, NULL))
1245 		goto spin_unlock;
1246 
1247 	/* mark broadcast in flood history, update window position
1248 	 * if required.
1249 	 */
1250 	if (batadv_bit_get_packet(bat_priv, orig_node->bcast_bits, seq_diff, 1))
1251 		orig_node->last_bcast_seqno = seqno;
1252 
1253 	spin_unlock_bh(&orig_node->bcast_seqno_lock);
1254 
1255 	/* check whether this has been sent by another originator before */
1256 	if (batadv_bla_check_bcast_duplist(bat_priv, skb))
1257 		goto free_skb;
1258 
1259 	batadv_skb_set_priority(skb, sizeof(struct batadv_bcast_packet));
1260 
1261 	/* rebroadcast packet */
1262 	batadv_add_bcast_packet_to_list(bat_priv, skb, 1, false);
1263 
1264 	/* don't hand the broadcast up if it is from an originator
1265 	 * from the same backbone.
1266 	 */
1267 	if (batadv_bla_is_backbone_gw(skb, orig_node, hdr_size))
1268 		goto free_skb;
1269 
1270 	if (batadv_dat_snoop_incoming_arp_request(bat_priv, skb, hdr_size))
1271 		goto rx_success;
1272 	if (batadv_dat_snoop_incoming_arp_reply(bat_priv, skb, hdr_size))
1273 		goto rx_success;
1274 
1275 	batadv_dat_snoop_incoming_dhcp_ack(bat_priv, skb, hdr_size);
1276 
1277 	/* broadcast for me */
1278 	batadv_interface_rx(recv_if->soft_iface, skb, hdr_size, orig_node);
1279 
1280 rx_success:
1281 	ret = NET_RX_SUCCESS;
1282 	goto out;
1283 
1284 spin_unlock:
1285 	spin_unlock_bh(&orig_node->bcast_seqno_lock);
1286 free_skb:
1287 	kfree_skb(skb);
1288 out:
1289 	if (orig_node)
1290 		batadv_orig_node_put(orig_node);
1291 	return ret;
1292 }
1293