• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * IPv6 library code, needed by static components when full IPv6 support is
3  * not configured or static.  These functions are needed by GSO/GRO implementation.
4  */
5 #include <linux/export.h>
6 #include <net/ip.h>
7 #include <net/ipv6.h>
8 #include <net/ip6_fib.h>
9 #include <net/addrconf.h>
10 #include <net/secure_seq.h>
11 #include <linux/netfilter.h>
12 
__ipv6_select_ident(struct net * net,const struct in6_addr * dst,const struct in6_addr * src)13 static u32 __ipv6_select_ident(struct net *net,
14 			       const struct in6_addr *dst,
15 			       const struct in6_addr *src)
16 {
17 	const struct {
18 		struct in6_addr dst;
19 		struct in6_addr src;
20 	} __aligned(SIPHASH_ALIGNMENT) combined = {
21 		.dst = *dst,
22 		.src = *src,
23 	};
24 	u32 hash, id;
25 
26 	/* Note the following code is not safe, but this is okay. */
27 	if (unlikely(siphash_key_is_zero(&net->ipv4.ip_id_key)))
28 		get_random_bytes(&net->ipv4.ip_id_key,
29 				 sizeof(net->ipv4.ip_id_key));
30 
31 	hash = siphash(&combined, sizeof(combined), &net->ipv4.ip_id_key);
32 
33 	/* Treat id of 0 as unset and if we get 0 back from ip_idents_reserve,
34 	 * set the hight order instead thus minimizing possible future
35 	 * collisions.
36 	 */
37 	id = ip_idents_reserve(hash, 1);
38 	if (unlikely(!id))
39 		id = 1 << 31;
40 
41 	return id;
42 }
43 
44 /* This function exists only for tap drivers that must support broken
45  * clients requesting UFO without specifying an IPv6 fragment ID.
46  *
47  * This is similar to ipv6_select_ident() but we use an independent hash
48  * seed to limit information leakage.
49  *
50  * The network header must be set before calling this.
51  */
ipv6_proxy_select_ident(struct net * net,struct sk_buff * skb)52 __be32 ipv6_proxy_select_ident(struct net *net, struct sk_buff *skb)
53 {
54 	struct in6_addr buf[2];
55 	struct in6_addr *addrs;
56 	u32 id;
57 
58 	addrs = skb_header_pointer(skb,
59 				   skb_network_offset(skb) +
60 				   offsetof(struct ipv6hdr, saddr),
61 				   sizeof(buf), buf);
62 	if (!addrs)
63 		return 0;
64 
65 	id = __ipv6_select_ident(net, &addrs[1], &addrs[0]);
66 	return htonl(id);
67 }
68 EXPORT_SYMBOL_GPL(ipv6_proxy_select_ident);
69 
ipv6_select_ident(struct net * net,const struct in6_addr * daddr,const struct in6_addr * saddr)70 __be32 ipv6_select_ident(struct net *net,
71 			 const struct in6_addr *daddr,
72 			 const struct in6_addr *saddr)
73 {
74 	u32 id;
75 
76 	id = __ipv6_select_ident(net, daddr, saddr);
77 	return htonl(id);
78 }
79 EXPORT_SYMBOL(ipv6_select_ident);
80 
ip6_find_1stfragopt(struct sk_buff * skb,u8 ** nexthdr)81 int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr)
82 {
83 	unsigned int offset = sizeof(struct ipv6hdr);
84 	unsigned int packet_len = skb_tail_pointer(skb) -
85 		skb_network_header(skb);
86 	int found_rhdr = 0;
87 	*nexthdr = &ipv6_hdr(skb)->nexthdr;
88 
89 	while (offset <= packet_len) {
90 		struct ipv6_opt_hdr *exthdr;
91 
92 		switch (**nexthdr) {
93 
94 		case NEXTHDR_HOP:
95 			break;
96 		case NEXTHDR_ROUTING:
97 			found_rhdr = 1;
98 			break;
99 		case NEXTHDR_DEST:
100 #if IS_ENABLED(CONFIG_IPV6_MIP6)
101 			if (ipv6_find_tlv(skb, offset, IPV6_TLV_HAO) >= 0)
102 				break;
103 #endif
104 			if (found_rhdr)
105 				return offset;
106 			break;
107 		default:
108 			return offset;
109 		}
110 
111 		if (offset + sizeof(struct ipv6_opt_hdr) > packet_len)
112 			return -EINVAL;
113 
114 		exthdr = (struct ipv6_opt_hdr *)(skb_network_header(skb) +
115 						 offset);
116 		offset += ipv6_optlen(exthdr);
117 		if (offset > IPV6_MAXPLEN)
118 			return -EINVAL;
119 		*nexthdr = &exthdr->nexthdr;
120 	}
121 
122 	return -EINVAL;
123 }
124 EXPORT_SYMBOL(ip6_find_1stfragopt);
125 
126 #if IS_ENABLED(CONFIG_IPV6)
ip6_dst_hoplimit(struct dst_entry * dst)127 int ip6_dst_hoplimit(struct dst_entry *dst)
128 {
129 	int hoplimit = dst_metric_raw(dst, RTAX_HOPLIMIT);
130 	if (hoplimit == 0) {
131 		struct net_device *dev = dst->dev;
132 		struct inet6_dev *idev;
133 
134 		rcu_read_lock();
135 		idev = __in6_dev_get(dev);
136 		if (idev)
137 			hoplimit = idev->cnf.hop_limit;
138 		else
139 			hoplimit = dev_net(dev)->ipv6.devconf_all->hop_limit;
140 		rcu_read_unlock();
141 	}
142 	return hoplimit;
143 }
144 EXPORT_SYMBOL(ip6_dst_hoplimit);
145 #endif
146 
__ip6_local_out(struct net * net,struct sock * sk,struct sk_buff * skb)147 int __ip6_local_out(struct net *net, struct sock *sk, struct sk_buff *skb)
148 {
149 	int len;
150 
151 	len = skb->len - sizeof(struct ipv6hdr);
152 	if (len > IPV6_MAXPLEN)
153 		len = 0;
154 	ipv6_hdr(skb)->payload_len = htons(len);
155 	IP6CB(skb)->nhoff = offsetof(struct ipv6hdr, nexthdr);
156 
157 	/* if egress device is enslaved to an L3 master device pass the
158 	 * skb to its handler for processing
159 	 */
160 	skb = l3mdev_ip6_out(sk, skb);
161 	if (unlikely(!skb))
162 		return 0;
163 
164 	skb->protocol = htons(ETH_P_IPV6);
165 
166 	return nf_hook(NFPROTO_IPV6, NF_INET_LOCAL_OUT,
167 		       net, sk, skb, NULL, skb_dst(skb)->dev,
168 		       dst_output);
169 }
170 EXPORT_SYMBOL_GPL(__ip6_local_out);
171 
ip6_local_out(struct net * net,struct sock * sk,struct sk_buff * skb)172 int ip6_local_out(struct net *net, struct sock *sk, struct sk_buff *skb)
173 {
174 	int err;
175 
176 	err = __ip6_local_out(net, sk, skb);
177 	if (likely(err == 1))
178 		err = dst_output(net, sk, skb);
179 
180 	return err;
181 }
182 EXPORT_SYMBOL_GPL(ip6_local_out);
183