1 /* Copyright (C) 2007-2017 B.A.T.M.A.N. contributors:
2 *
3 * Marek Lindner, Simon Wunderlich
4 *
5 * This program is free software; you can redistribute it and/or
6 * modify it under the terms of version 2 of the GNU General Public
7 * License as published by the Free Software Foundation.
8 *
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, see <http://www.gnu.org/licenses/>.
16 */
17
18 #include "routing.h"
19 #include "main.h"
20
21 #include <linux/atomic.h>
22 #include <linux/byteorder/generic.h>
23 #include <linux/compiler.h>
24 #include <linux/errno.h>
25 #include <linux/etherdevice.h>
26 #include <linux/if_ether.h>
27 #include <linux/jiffies.h>
28 #include <linux/kref.h>
29 #include <linux/netdevice.h>
30 #include <linux/printk.h>
31 #include <linux/rculist.h>
32 #include <linux/rcupdate.h>
33 #include <linux/skbuff.h>
34 #include <linux/spinlock.h>
35 #include <linux/stddef.h>
36
37 #include "bitarray.h"
38 #include "bridge_loop_avoidance.h"
39 #include "distributed-arp-table.h"
40 #include "fragmentation.h"
41 #include "hard-interface.h"
42 #include "icmp_socket.h"
43 #include "log.h"
44 #include "network-coding.h"
45 #include "originator.h"
46 #include "packet.h"
47 #include "send.h"
48 #include "soft-interface.h"
49 #include "tp_meter.h"
50 #include "translation-table.h"
51 #include "tvlv.h"
52
53 static int batadv_route_unicast_packet(struct sk_buff *skb,
54 struct batadv_hard_iface *recv_if);
55
56 /**
57 * _batadv_update_route - set the router for this originator
58 * @bat_priv: the bat priv with all the soft interface information
59 * @orig_node: orig node which is to be configured
60 * @recv_if: the receive interface for which this route is set
61 * @neigh_node: neighbor which should be the next router
62 *
63 * This function does not perform any error checks
64 */
_batadv_update_route(struct batadv_priv * bat_priv,struct batadv_orig_node * orig_node,struct batadv_hard_iface * recv_if,struct batadv_neigh_node * neigh_node)65 static void _batadv_update_route(struct batadv_priv *bat_priv,
66 struct batadv_orig_node *orig_node,
67 struct batadv_hard_iface *recv_if,
68 struct batadv_neigh_node *neigh_node)
69 {
70 struct batadv_orig_ifinfo *orig_ifinfo;
71 struct batadv_neigh_node *curr_router;
72
73 orig_ifinfo = batadv_orig_ifinfo_get(orig_node, recv_if);
74 if (!orig_ifinfo)
75 return;
76
77 spin_lock_bh(&orig_node->neigh_list_lock);
78 /* curr_router used earlier may not be the current orig_ifinfo->router
79 * anymore because it was dereferenced outside of the neigh_list_lock
80 * protected region. After the new best neighbor has replace the current
81 * best neighbor the reference counter needs to decrease. Consequently,
82 * the code needs to ensure the curr_router variable contains a pointer
83 * to the replaced best neighbor.
84 */
85 curr_router = rcu_dereference_protected(orig_ifinfo->router, true);
86
87 /* increase refcount of new best neighbor */
88 if (neigh_node)
89 kref_get(&neigh_node->refcount);
90
91 rcu_assign_pointer(orig_ifinfo->router, neigh_node);
92 spin_unlock_bh(&orig_node->neigh_list_lock);
93 batadv_orig_ifinfo_put(orig_ifinfo);
94
95 /* route deleted */
96 if ((curr_router) && (!neigh_node)) {
97 batadv_dbg(BATADV_DBG_ROUTES, bat_priv,
98 "Deleting route towards: %pM\n", orig_node->orig);
99 batadv_tt_global_del_orig(bat_priv, orig_node, -1,
100 "Deleted route towards originator");
101
102 /* route added */
103 } else if ((!curr_router) && (neigh_node)) {
104 batadv_dbg(BATADV_DBG_ROUTES, bat_priv,
105 "Adding route towards: %pM (via %pM)\n",
106 orig_node->orig, neigh_node->addr);
107 /* route changed */
108 } else if (neigh_node && curr_router) {
109 batadv_dbg(BATADV_DBG_ROUTES, bat_priv,
110 "Changing route towards: %pM (now via %pM - was via %pM)\n",
111 orig_node->orig, neigh_node->addr,
112 curr_router->addr);
113 }
114
115 /* decrease refcount of previous best neighbor */
116 if (curr_router)
117 batadv_neigh_node_put(curr_router);
118 }
119
120 /**
121 * batadv_update_route - set the router for this originator
122 * @bat_priv: the bat priv with all the soft interface information
123 * @orig_node: orig node which is to be configured
124 * @recv_if: the receive interface for which this route is set
125 * @neigh_node: neighbor which should be the next router
126 */
batadv_update_route(struct batadv_priv * bat_priv,struct batadv_orig_node * orig_node,struct batadv_hard_iface * recv_if,struct batadv_neigh_node * neigh_node)127 void batadv_update_route(struct batadv_priv *bat_priv,
128 struct batadv_orig_node *orig_node,
129 struct batadv_hard_iface *recv_if,
130 struct batadv_neigh_node *neigh_node)
131 {
132 struct batadv_neigh_node *router = NULL;
133
134 if (!orig_node)
135 goto out;
136
137 router = batadv_orig_router_get(orig_node, recv_if);
138
139 if (router != neigh_node)
140 _batadv_update_route(bat_priv, orig_node, recv_if, neigh_node);
141
142 out:
143 if (router)
144 batadv_neigh_node_put(router);
145 }
146
147 /**
148 * batadv_window_protected - checks whether the host restarted and is in the
149 * protection time.
150 * @bat_priv: the bat priv with all the soft interface information
151 * @seq_num_diff: difference between the current/received sequence number and
152 * the last sequence number
153 * @seq_old_max_diff: maximum age of sequence number not considered as restart
154 * @last_reset: jiffies timestamp of the last reset, will be updated when reset
155 * is detected
156 * @protection_started: is set to true if the protection window was started,
157 * doesn't change otherwise.
158 *
159 * Return:
160 * false if the packet is to be accepted.
161 * true if the packet is to be ignored.
162 */
batadv_window_protected(struct batadv_priv * bat_priv,s32 seq_num_diff,s32 seq_old_max_diff,unsigned long * last_reset,bool * protection_started)163 bool batadv_window_protected(struct batadv_priv *bat_priv, s32 seq_num_diff,
164 s32 seq_old_max_diff, unsigned long *last_reset,
165 bool *protection_started)
166 {
167 if (seq_num_diff <= -seq_old_max_diff ||
168 seq_num_diff >= BATADV_EXPECTED_SEQNO_RANGE) {
169 if (!batadv_has_timed_out(*last_reset,
170 BATADV_RESET_PROTECTION_MS))
171 return true;
172
173 *last_reset = jiffies;
174 if (protection_started)
175 *protection_started = true;
176 batadv_dbg(BATADV_DBG_BATMAN, bat_priv,
177 "old packet received, start protection\n");
178 }
179
180 return false;
181 }
182
batadv_check_management_packet(struct sk_buff * skb,struct batadv_hard_iface * hard_iface,int header_len)183 bool batadv_check_management_packet(struct sk_buff *skb,
184 struct batadv_hard_iface *hard_iface,
185 int header_len)
186 {
187 struct ethhdr *ethhdr;
188
189 /* drop packet if it has not necessary minimum size */
190 if (unlikely(!pskb_may_pull(skb, header_len)))
191 return false;
192
193 ethhdr = eth_hdr(skb);
194
195 /* packet with broadcast indication but unicast recipient */
196 if (!is_broadcast_ether_addr(ethhdr->h_dest))
197 return false;
198
199 /* packet with invalid sender address */
200 if (!is_valid_ether_addr(ethhdr->h_source))
201 return false;
202
203 /* create a copy of the skb, if needed, to modify it. */
204 if (skb_cow(skb, 0) < 0)
205 return false;
206
207 /* keep skb linear */
208 if (skb_linearize(skb) < 0)
209 return false;
210
211 return true;
212 }
213
214 /**
215 * batadv_recv_my_icmp_packet - receive an icmp packet locally
216 * @bat_priv: the bat priv with all the soft interface information
217 * @skb: icmp packet to process
218 *
219 * Return: NET_RX_SUCCESS if the packet has been consumed or NET_RX_DROP
220 * otherwise.
221 */
batadv_recv_my_icmp_packet(struct batadv_priv * bat_priv,struct sk_buff * skb)222 static int batadv_recv_my_icmp_packet(struct batadv_priv *bat_priv,
223 struct sk_buff *skb)
224 {
225 struct batadv_hard_iface *primary_if = NULL;
226 struct batadv_orig_node *orig_node = NULL;
227 struct batadv_icmp_header *icmph;
228 int res, ret = NET_RX_DROP;
229
230 icmph = (struct batadv_icmp_header *)skb->data;
231
232 switch (icmph->msg_type) {
233 case BATADV_ECHO_REPLY:
234 case BATADV_DESTINATION_UNREACHABLE:
235 case BATADV_TTL_EXCEEDED:
236 /* receive the packet */
237 if (skb_linearize(skb) < 0)
238 break;
239
240 batadv_socket_receive_packet(icmph, skb->len);
241 break;
242 case BATADV_ECHO_REQUEST:
243 /* answer echo request (ping) */
244 primary_if = batadv_primary_if_get_selected(bat_priv);
245 if (!primary_if)
246 goto out;
247
248 /* get routing information */
249 orig_node = batadv_orig_hash_find(bat_priv, icmph->orig);
250 if (!orig_node)
251 goto out;
252
253 /* create a copy of the skb, if needed, to modify it. */
254 if (skb_cow(skb, ETH_HLEN) < 0)
255 goto out;
256
257 icmph = (struct batadv_icmp_header *)skb->data;
258
259 ether_addr_copy(icmph->dst, icmph->orig);
260 ether_addr_copy(icmph->orig, primary_if->net_dev->dev_addr);
261 icmph->msg_type = BATADV_ECHO_REPLY;
262 icmph->ttl = BATADV_TTL;
263
264 res = batadv_send_skb_to_orig(skb, orig_node, NULL);
265 if (res == NET_XMIT_SUCCESS)
266 ret = NET_RX_SUCCESS;
267
268 /* skb was consumed */
269 skb = NULL;
270 break;
271 case BATADV_TP:
272 if (!pskb_may_pull(skb, sizeof(struct batadv_icmp_tp_packet)))
273 goto out;
274
275 batadv_tp_meter_recv(bat_priv, skb);
276 ret = NET_RX_SUCCESS;
277 /* skb was consumed */
278 skb = NULL;
279 goto out;
280 default:
281 /* drop unknown type */
282 goto out;
283 }
284 out:
285 if (primary_if)
286 batadv_hardif_put(primary_if);
287 if (orig_node)
288 batadv_orig_node_put(orig_node);
289
290 kfree_skb(skb);
291
292 return ret;
293 }
294
batadv_recv_icmp_ttl_exceeded(struct batadv_priv * bat_priv,struct sk_buff * skb)295 static int batadv_recv_icmp_ttl_exceeded(struct batadv_priv *bat_priv,
296 struct sk_buff *skb)
297 {
298 struct batadv_hard_iface *primary_if = NULL;
299 struct batadv_orig_node *orig_node = NULL;
300 struct batadv_icmp_packet *icmp_packet;
301 int res, ret = NET_RX_DROP;
302
303 icmp_packet = (struct batadv_icmp_packet *)skb->data;
304
305 /* send TTL exceeded if packet is an echo request (traceroute) */
306 if (icmp_packet->msg_type != BATADV_ECHO_REQUEST) {
307 pr_debug("Warning - can't forward icmp packet from %pM to %pM: ttl exceeded\n",
308 icmp_packet->orig, icmp_packet->dst);
309 goto out;
310 }
311
312 primary_if = batadv_primary_if_get_selected(bat_priv);
313 if (!primary_if)
314 goto out;
315
316 /* get routing information */
317 orig_node = batadv_orig_hash_find(bat_priv, icmp_packet->orig);
318 if (!orig_node)
319 goto out;
320
321 /* create a copy of the skb, if needed, to modify it. */
322 if (skb_cow(skb, ETH_HLEN) < 0)
323 goto out;
324
325 icmp_packet = (struct batadv_icmp_packet *)skb->data;
326
327 ether_addr_copy(icmp_packet->dst, icmp_packet->orig);
328 ether_addr_copy(icmp_packet->orig, primary_if->net_dev->dev_addr);
329 icmp_packet->msg_type = BATADV_TTL_EXCEEDED;
330 icmp_packet->ttl = BATADV_TTL;
331
332 res = batadv_send_skb_to_orig(skb, orig_node, NULL);
333 if (res == NET_RX_SUCCESS)
334 ret = NET_XMIT_SUCCESS;
335
336 /* skb was consumed */
337 skb = NULL;
338
339 out:
340 if (primary_if)
341 batadv_hardif_put(primary_if);
342 if (orig_node)
343 batadv_orig_node_put(orig_node);
344
345 kfree_skb(skb);
346
347 return ret;
348 }
349
batadv_recv_icmp_packet(struct sk_buff * skb,struct batadv_hard_iface * recv_if)350 int batadv_recv_icmp_packet(struct sk_buff *skb,
351 struct batadv_hard_iface *recv_if)
352 {
353 struct batadv_priv *bat_priv = netdev_priv(recv_if->soft_iface);
354 struct batadv_icmp_header *icmph;
355 struct batadv_icmp_packet_rr *icmp_packet_rr;
356 struct ethhdr *ethhdr;
357 struct batadv_orig_node *orig_node = NULL;
358 int hdr_size = sizeof(struct batadv_icmp_header);
359 int res, ret = NET_RX_DROP;
360
361 /* drop packet if it has not necessary minimum size */
362 if (unlikely(!pskb_may_pull(skb, hdr_size)))
363 goto free_skb;
364
365 ethhdr = eth_hdr(skb);
366
367 /* packet with unicast indication but non-unicast recipient */
368 if (!is_valid_ether_addr(ethhdr->h_dest))
369 goto free_skb;
370
371 /* packet with broadcast/multicast sender address */
372 if (is_multicast_ether_addr(ethhdr->h_source))
373 goto free_skb;
374
375 /* not for me */
376 if (!batadv_is_my_mac(bat_priv, ethhdr->h_dest))
377 goto free_skb;
378
379 icmph = (struct batadv_icmp_header *)skb->data;
380
381 /* add record route information if not full */
382 if ((icmph->msg_type == BATADV_ECHO_REPLY ||
383 icmph->msg_type == BATADV_ECHO_REQUEST) &&
384 (skb->len >= sizeof(struct batadv_icmp_packet_rr))) {
385 if (skb_linearize(skb) < 0)
386 goto free_skb;
387
388 /* create a copy of the skb, if needed, to modify it. */
389 if (skb_cow(skb, ETH_HLEN) < 0)
390 goto free_skb;
391
392 ethhdr = eth_hdr(skb);
393 icmph = (struct batadv_icmp_header *)skb->data;
394 icmp_packet_rr = (struct batadv_icmp_packet_rr *)icmph;
395 if (icmp_packet_rr->rr_cur >= BATADV_RR_LEN)
396 goto free_skb;
397
398 ether_addr_copy(icmp_packet_rr->rr[icmp_packet_rr->rr_cur],
399 ethhdr->h_dest);
400 icmp_packet_rr->rr_cur++;
401 }
402
403 /* packet for me */
404 if (batadv_is_my_mac(bat_priv, icmph->dst))
405 return batadv_recv_my_icmp_packet(bat_priv, skb);
406
407 /* TTL exceeded */
408 if (icmph->ttl < 2)
409 return batadv_recv_icmp_ttl_exceeded(bat_priv, skb);
410
411 /* get routing information */
412 orig_node = batadv_orig_hash_find(bat_priv, icmph->dst);
413 if (!orig_node)
414 goto free_skb;
415
416 /* create a copy of the skb, if needed, to modify it. */
417 if (skb_cow(skb, ETH_HLEN) < 0)
418 goto put_orig_node;
419
420 icmph = (struct batadv_icmp_header *)skb->data;
421
422 /* decrement ttl */
423 icmph->ttl--;
424
425 /* route it */
426 res = batadv_send_skb_to_orig(skb, orig_node, recv_if);
427 if (res == NET_XMIT_SUCCESS)
428 ret = NET_RX_SUCCESS;
429
430 /* skb was consumed */
431 skb = NULL;
432
433 put_orig_node:
434 if (orig_node)
435 batadv_orig_node_put(orig_node);
436 free_skb:
437 kfree_skb(skb);
438
439 return ret;
440 }
441
442 /**
443 * batadv_check_unicast_packet - Check for malformed unicast packets
444 * @bat_priv: the bat priv with all the soft interface information
445 * @skb: packet to check
446 * @hdr_size: size of header to pull
447 *
448 * Check for short header and bad addresses in given packet.
449 *
450 * Return: negative value when check fails and 0 otherwise. The negative value
451 * depends on the reason: -ENODATA for bad header, -EBADR for broadcast
452 * destination or source, and -EREMOTE for non-local (other host) destination.
453 */
batadv_check_unicast_packet(struct batadv_priv * bat_priv,struct sk_buff * skb,int hdr_size)454 static int batadv_check_unicast_packet(struct batadv_priv *bat_priv,
455 struct sk_buff *skb, int hdr_size)
456 {
457 struct ethhdr *ethhdr;
458
459 /* drop packet if it has not necessary minimum size */
460 if (unlikely(!pskb_may_pull(skb, hdr_size)))
461 return -ENODATA;
462
463 ethhdr = eth_hdr(skb);
464
465 /* packet with unicast indication but non-unicast recipient */
466 if (!is_valid_ether_addr(ethhdr->h_dest))
467 return -EBADR;
468
469 /* packet with broadcast/multicast sender address */
470 if (is_multicast_ether_addr(ethhdr->h_source))
471 return -EBADR;
472
473 /* not for me */
474 if (!batadv_is_my_mac(bat_priv, ethhdr->h_dest))
475 return -EREMOTE;
476
477 return 0;
478 }
479
480 /**
481 * batadv_last_bonding_get - Get last_bonding_candidate of orig_node
482 * @orig_node: originator node whose last bonding candidate should be retrieved
483 *
484 * Return: last bonding candidate of router or NULL if not found
485 *
486 * The object is returned with refcounter increased by 1.
487 */
488 static struct batadv_orig_ifinfo *
batadv_last_bonding_get(struct batadv_orig_node * orig_node)489 batadv_last_bonding_get(struct batadv_orig_node *orig_node)
490 {
491 struct batadv_orig_ifinfo *last_bonding_candidate;
492
493 spin_lock_bh(&orig_node->neigh_list_lock);
494 last_bonding_candidate = orig_node->last_bonding_candidate;
495
496 if (last_bonding_candidate)
497 kref_get(&last_bonding_candidate->refcount);
498 spin_unlock_bh(&orig_node->neigh_list_lock);
499
500 return last_bonding_candidate;
501 }
502
503 /**
504 * batadv_last_bonding_replace - Replace last_bonding_candidate of orig_node
505 * @orig_node: originator node whose bonding candidates should be replaced
506 * @new_candidate: new bonding candidate or NULL
507 */
508 static void
batadv_last_bonding_replace(struct batadv_orig_node * orig_node,struct batadv_orig_ifinfo * new_candidate)509 batadv_last_bonding_replace(struct batadv_orig_node *orig_node,
510 struct batadv_orig_ifinfo *new_candidate)
511 {
512 struct batadv_orig_ifinfo *old_candidate;
513
514 spin_lock_bh(&orig_node->neigh_list_lock);
515 old_candidate = orig_node->last_bonding_candidate;
516
517 if (new_candidate)
518 kref_get(&new_candidate->refcount);
519 orig_node->last_bonding_candidate = new_candidate;
520 spin_unlock_bh(&orig_node->neigh_list_lock);
521
522 if (old_candidate)
523 batadv_orig_ifinfo_put(old_candidate);
524 }
525
526 /**
527 * batadv_find_router - find a suitable router for this originator
528 * @bat_priv: the bat priv with all the soft interface information
529 * @orig_node: the destination node
530 * @recv_if: pointer to interface this packet was received on
531 *
532 * Return: the router which should be used for this orig_node on
533 * this interface, or NULL if not available.
534 */
535 struct batadv_neigh_node *
batadv_find_router(struct batadv_priv * bat_priv,struct batadv_orig_node * orig_node,struct batadv_hard_iface * recv_if)536 batadv_find_router(struct batadv_priv *bat_priv,
537 struct batadv_orig_node *orig_node,
538 struct batadv_hard_iface *recv_if)
539 {
540 struct batadv_algo_ops *bao = bat_priv->algo_ops;
541 struct batadv_neigh_node *first_candidate_router = NULL;
542 struct batadv_neigh_node *next_candidate_router = NULL;
543 struct batadv_neigh_node *router, *cand_router = NULL;
544 struct batadv_neigh_node *last_cand_router = NULL;
545 struct batadv_orig_ifinfo *cand, *first_candidate = NULL;
546 struct batadv_orig_ifinfo *next_candidate = NULL;
547 struct batadv_orig_ifinfo *last_candidate;
548 bool last_candidate_found = false;
549
550 if (!orig_node)
551 return NULL;
552
553 router = batadv_orig_router_get(orig_node, recv_if);
554
555 if (!router)
556 return router;
557
558 /* only consider bonding for recv_if == BATADV_IF_DEFAULT (first hop)
559 * and if activated.
560 */
561 if (!(recv_if == BATADV_IF_DEFAULT && atomic_read(&bat_priv->bonding)))
562 return router;
563
564 /* bonding: loop through the list of possible routers found
565 * for the various outgoing interfaces and find a candidate after
566 * the last chosen bonding candidate (next_candidate). If no such
567 * router is found, use the first candidate found (the previously
568 * chosen bonding candidate might have been the last one in the list).
569 * If this can't be found either, return the previously chosen
570 * router - obviously there are no other candidates.
571 */
572 rcu_read_lock();
573 last_candidate = batadv_last_bonding_get(orig_node);
574 if (last_candidate)
575 last_cand_router = rcu_dereference(last_candidate->router);
576
577 hlist_for_each_entry_rcu(cand, &orig_node->ifinfo_list, list) {
578 /* acquire some structures and references ... */
579 if (!kref_get_unless_zero(&cand->refcount))
580 continue;
581
582 cand_router = rcu_dereference(cand->router);
583 if (!cand_router)
584 goto next;
585
586 if (!kref_get_unless_zero(&cand_router->refcount)) {
587 cand_router = NULL;
588 goto next;
589 }
590
591 /* alternative candidate should be good enough to be
592 * considered
593 */
594 if (!bao->neigh.is_similar_or_better(cand_router,
595 cand->if_outgoing, router,
596 recv_if))
597 goto next;
598
599 /* don't use the same router twice */
600 if (last_cand_router == cand_router)
601 goto next;
602
603 /* mark the first possible candidate */
604 if (!first_candidate) {
605 kref_get(&cand_router->refcount);
606 kref_get(&cand->refcount);
607 first_candidate = cand;
608 first_candidate_router = cand_router;
609 }
610
611 /* check if the loop has already passed the previously selected
612 * candidate ... this function should select the next candidate
613 * AFTER the previously used bonding candidate.
614 */
615 if (!last_candidate || last_candidate_found) {
616 next_candidate = cand;
617 next_candidate_router = cand_router;
618 break;
619 }
620
621 if (last_candidate == cand)
622 last_candidate_found = true;
623 next:
624 /* free references */
625 if (cand_router) {
626 batadv_neigh_node_put(cand_router);
627 cand_router = NULL;
628 }
629 batadv_orig_ifinfo_put(cand);
630 }
631 rcu_read_unlock();
632
633 /* After finding candidates, handle the three cases:
634 * 1) there is a next candidate, use that
635 * 2) there is no next candidate, use the first of the list
636 * 3) there is no candidate at all, return the default router
637 */
638 if (next_candidate) {
639 batadv_neigh_node_put(router);
640
641 kref_get(&next_candidate_router->refcount);
642 router = next_candidate_router;
643 batadv_last_bonding_replace(orig_node, next_candidate);
644 } else if (first_candidate) {
645 batadv_neigh_node_put(router);
646
647 kref_get(&first_candidate_router->refcount);
648 router = first_candidate_router;
649 batadv_last_bonding_replace(orig_node, first_candidate);
650 } else {
651 batadv_last_bonding_replace(orig_node, NULL);
652 }
653
654 /* cleanup of candidates */
655 if (first_candidate) {
656 batadv_neigh_node_put(first_candidate_router);
657 batadv_orig_ifinfo_put(first_candidate);
658 }
659
660 if (next_candidate) {
661 batadv_neigh_node_put(next_candidate_router);
662 batadv_orig_ifinfo_put(next_candidate);
663 }
664
665 if (last_candidate)
666 batadv_orig_ifinfo_put(last_candidate);
667
668 return router;
669 }
670
batadv_route_unicast_packet(struct sk_buff * skb,struct batadv_hard_iface * recv_if)671 static int batadv_route_unicast_packet(struct sk_buff *skb,
672 struct batadv_hard_iface *recv_if)
673 {
674 struct batadv_priv *bat_priv = netdev_priv(recv_if->soft_iface);
675 struct batadv_orig_node *orig_node = NULL;
676 struct batadv_unicast_packet *unicast_packet;
677 struct ethhdr *ethhdr = eth_hdr(skb);
678 int res, hdr_len, ret = NET_RX_DROP;
679 unsigned int len;
680
681 unicast_packet = (struct batadv_unicast_packet *)skb->data;
682
683 /* TTL exceeded */
684 if (unicast_packet->ttl < 2) {
685 pr_debug("Warning - can't forward unicast packet from %pM to %pM: ttl exceeded\n",
686 ethhdr->h_source, unicast_packet->dest);
687 goto free_skb;
688 }
689
690 /* get routing information */
691 orig_node = batadv_orig_hash_find(bat_priv, unicast_packet->dest);
692
693 if (!orig_node)
694 goto free_skb;
695
696 /* create a copy of the skb, if needed, to modify it. */
697 if (skb_cow(skb, ETH_HLEN) < 0)
698 goto put_orig_node;
699
700 /* decrement ttl */
701 unicast_packet = (struct batadv_unicast_packet *)skb->data;
702 unicast_packet->ttl--;
703
704 switch (unicast_packet->packet_type) {
705 case BATADV_UNICAST_4ADDR:
706 hdr_len = sizeof(struct batadv_unicast_4addr_packet);
707 break;
708 case BATADV_UNICAST:
709 hdr_len = sizeof(struct batadv_unicast_packet);
710 break;
711 default:
712 /* other packet types not supported - yet */
713 hdr_len = -1;
714 break;
715 }
716
717 if (hdr_len > 0)
718 batadv_skb_set_priority(skb, hdr_len);
719
720 len = skb->len;
721 res = batadv_send_skb_to_orig(skb, orig_node, recv_if);
722
723 /* translate transmit result into receive result */
724 if (res == NET_XMIT_SUCCESS) {
725 ret = NET_RX_SUCCESS;
726 /* skb was transmitted and consumed */
727 batadv_inc_counter(bat_priv, BATADV_CNT_FORWARD);
728 batadv_add_counter(bat_priv, BATADV_CNT_FORWARD_BYTES,
729 len + ETH_HLEN);
730 }
731
732 /* skb was consumed */
733 skb = NULL;
734
735 put_orig_node:
736 batadv_orig_node_put(orig_node);
737 free_skb:
738 kfree_skb(skb);
739
740 return ret;
741 }
742
743 /**
744 * batadv_reroute_unicast_packet - update the unicast header for re-routing
745 * @bat_priv: the bat priv with all the soft interface information
746 * @skb: unicast packet to process
747 * @unicast_packet: the unicast header to be updated
748 * @dst_addr: the payload destination
749 * @vid: VLAN identifier
750 *
751 * Search the translation table for dst_addr and update the unicast header with
752 * the new corresponding information (originator address where the destination
753 * client currently is and its known TTVN)
754 *
755 * Return: true if the packet header has been updated, false otherwise
756 */
757 static bool
batadv_reroute_unicast_packet(struct batadv_priv * bat_priv,struct sk_buff * skb,struct batadv_unicast_packet * unicast_packet,u8 * dst_addr,unsigned short vid)758 batadv_reroute_unicast_packet(struct batadv_priv *bat_priv, struct sk_buff *skb,
759 struct batadv_unicast_packet *unicast_packet,
760 u8 *dst_addr, unsigned short vid)
761 {
762 struct batadv_orig_node *orig_node = NULL;
763 struct batadv_hard_iface *primary_if = NULL;
764 bool ret = false;
765 u8 *orig_addr, orig_ttvn;
766
767 if (batadv_is_my_client(bat_priv, dst_addr, vid)) {
768 primary_if = batadv_primary_if_get_selected(bat_priv);
769 if (!primary_if)
770 goto out;
771 orig_addr = primary_if->net_dev->dev_addr;
772 orig_ttvn = (u8)atomic_read(&bat_priv->tt.vn);
773 } else {
774 orig_node = batadv_transtable_search(bat_priv, NULL, dst_addr,
775 vid);
776 if (!orig_node)
777 goto out;
778
779 if (batadv_compare_eth(orig_node->orig, unicast_packet->dest))
780 goto out;
781
782 orig_addr = orig_node->orig;
783 orig_ttvn = (u8)atomic_read(&orig_node->last_ttvn);
784 }
785
786 /* update the packet header */
787 skb_postpull_rcsum(skb, unicast_packet, sizeof(*unicast_packet));
788 ether_addr_copy(unicast_packet->dest, orig_addr);
789 unicast_packet->ttvn = orig_ttvn;
790 skb_postpush_rcsum(skb, unicast_packet, sizeof(*unicast_packet));
791
792 ret = true;
793 out:
794 if (primary_if)
795 batadv_hardif_put(primary_if);
796 if (orig_node)
797 batadv_orig_node_put(orig_node);
798
799 return ret;
800 }
801
batadv_check_unicast_ttvn(struct batadv_priv * bat_priv,struct sk_buff * skb,int hdr_len)802 static bool batadv_check_unicast_ttvn(struct batadv_priv *bat_priv,
803 struct sk_buff *skb, int hdr_len)
804 {
805 struct batadv_unicast_packet *unicast_packet;
806 struct batadv_hard_iface *primary_if;
807 struct batadv_orig_node *orig_node;
808 u8 curr_ttvn, old_ttvn;
809 struct ethhdr *ethhdr;
810 unsigned short vid;
811 int is_old_ttvn;
812
813 /* check if there is enough data before accessing it */
814 if (!pskb_may_pull(skb, hdr_len + ETH_HLEN))
815 return false;
816
817 /* create a copy of the skb (in case of for re-routing) to modify it. */
818 if (skb_cow(skb, sizeof(*unicast_packet)) < 0)
819 return false;
820
821 unicast_packet = (struct batadv_unicast_packet *)skb->data;
822 vid = batadv_get_vid(skb, hdr_len);
823 ethhdr = (struct ethhdr *)(skb->data + hdr_len);
824
825 /* check if the destination client was served by this node and it is now
826 * roaming. In this case, it means that the node has got a ROAM_ADV
827 * message and that it knows the new destination in the mesh to re-route
828 * the packet to
829 */
830 if (batadv_tt_local_client_is_roaming(bat_priv, ethhdr->h_dest, vid)) {
831 if (batadv_reroute_unicast_packet(bat_priv, skb, unicast_packet,
832 ethhdr->h_dest, vid))
833 batadv_dbg_ratelimited(BATADV_DBG_TT,
834 bat_priv,
835 "Rerouting unicast packet to %pM (dst=%pM): Local Roaming\n",
836 unicast_packet->dest,
837 ethhdr->h_dest);
838 /* at this point the mesh destination should have been
839 * substituted with the originator address found in the global
840 * table. If not, let the packet go untouched anyway because
841 * there is nothing the node can do
842 */
843 return true;
844 }
845
846 /* retrieve the TTVN known by this node for the packet destination. This
847 * value is used later to check if the node which sent (or re-routed
848 * last time) the packet had an updated information or not
849 */
850 curr_ttvn = (u8)atomic_read(&bat_priv->tt.vn);
851 if (!batadv_is_my_mac(bat_priv, unicast_packet->dest)) {
852 orig_node = batadv_orig_hash_find(bat_priv,
853 unicast_packet->dest);
854 /* if it is not possible to find the orig_node representing the
855 * destination, the packet can immediately be dropped as it will
856 * not be possible to deliver it
857 */
858 if (!orig_node)
859 return false;
860
861 curr_ttvn = (u8)atomic_read(&orig_node->last_ttvn);
862 batadv_orig_node_put(orig_node);
863 }
864
865 /* check if the TTVN contained in the packet is fresher than what the
866 * node knows
867 */
868 is_old_ttvn = batadv_seq_before(unicast_packet->ttvn, curr_ttvn);
869 if (!is_old_ttvn)
870 return true;
871
872 old_ttvn = unicast_packet->ttvn;
873 /* the packet was forged based on outdated network information. Its
874 * destination can possibly be updated and forwarded towards the new
875 * target host
876 */
877 if (batadv_reroute_unicast_packet(bat_priv, skb, unicast_packet,
878 ethhdr->h_dest, vid)) {
879 batadv_dbg_ratelimited(BATADV_DBG_TT, bat_priv,
880 "Rerouting unicast packet to %pM (dst=%pM): TTVN mismatch old_ttvn=%u new_ttvn=%u\n",
881 unicast_packet->dest, ethhdr->h_dest,
882 old_ttvn, curr_ttvn);
883 return true;
884 }
885
886 /* the packet has not been re-routed: either the destination is
887 * currently served by this node or there is no destination at all and
888 * it is possible to drop the packet
889 */
890 if (!batadv_is_my_client(bat_priv, ethhdr->h_dest, vid))
891 return false;
892
893 /* update the header in order to let the packet be delivered to this
894 * node's soft interface
895 */
896 primary_if = batadv_primary_if_get_selected(bat_priv);
897 if (!primary_if)
898 return false;
899
900 /* update the packet header */
901 skb_postpull_rcsum(skb, unicast_packet, sizeof(*unicast_packet));
902 ether_addr_copy(unicast_packet->dest, primary_if->net_dev->dev_addr);
903 unicast_packet->ttvn = curr_ttvn;
904 skb_postpush_rcsum(skb, unicast_packet, sizeof(*unicast_packet));
905
906 batadv_hardif_put(primary_if);
907
908 return true;
909 }
910
911 /**
912 * batadv_recv_unhandled_unicast_packet - receive and process packets which
913 * are in the unicast number space but not yet known to the implementation
914 * @skb: unicast tvlv packet to process
915 * @recv_if: pointer to interface this packet was received on
916 *
917 * Return: NET_RX_SUCCESS if the packet has been consumed or NET_RX_DROP
918 * otherwise.
919 */
batadv_recv_unhandled_unicast_packet(struct sk_buff * skb,struct batadv_hard_iface * recv_if)920 int batadv_recv_unhandled_unicast_packet(struct sk_buff *skb,
921 struct batadv_hard_iface *recv_if)
922 {
923 struct batadv_unicast_packet *unicast_packet;
924 struct batadv_priv *bat_priv = netdev_priv(recv_if->soft_iface);
925 int check, hdr_size = sizeof(*unicast_packet);
926
927 check = batadv_check_unicast_packet(bat_priv, skb, hdr_size);
928 if (check < 0)
929 goto free_skb;
930
931 /* we don't know about this type, drop it. */
932 unicast_packet = (struct batadv_unicast_packet *)skb->data;
933 if (batadv_is_my_mac(bat_priv, unicast_packet->dest))
934 goto free_skb;
935
936 return batadv_route_unicast_packet(skb, recv_if);
937
938 free_skb:
939 kfree_skb(skb);
940 return NET_RX_DROP;
941 }
942
batadv_recv_unicast_packet(struct sk_buff * skb,struct batadv_hard_iface * recv_if)943 int batadv_recv_unicast_packet(struct sk_buff *skb,
944 struct batadv_hard_iface *recv_if)
945 {
946 struct batadv_priv *bat_priv = netdev_priv(recv_if->soft_iface);
947 struct batadv_unicast_packet *unicast_packet;
948 struct batadv_unicast_4addr_packet *unicast_4addr_packet;
949 u8 *orig_addr, *orig_addr_gw;
950 struct batadv_orig_node *orig_node = NULL, *orig_node_gw = NULL;
951 int check, hdr_size = sizeof(*unicast_packet);
952 enum batadv_subtype subtype;
953 int ret = NET_RX_DROP;
954 bool is4addr, is_gw;
955
956 unicast_packet = (struct batadv_unicast_packet *)skb->data;
957 is4addr = unicast_packet->packet_type == BATADV_UNICAST_4ADDR;
958 /* the caller function should have already pulled 2 bytes */
959 if (is4addr)
960 hdr_size = sizeof(*unicast_4addr_packet);
961
962 /* function returns -EREMOTE for promiscuous packets */
963 check = batadv_check_unicast_packet(bat_priv, skb, hdr_size);
964
965 /* Even though the packet is not for us, we might save it to use for
966 * decoding a later received coded packet
967 */
968 if (check == -EREMOTE)
969 batadv_nc_skb_store_sniffed_unicast(bat_priv, skb);
970
971 if (check < 0)
972 goto free_skb;
973 if (!batadv_check_unicast_ttvn(bat_priv, skb, hdr_size))
974 goto free_skb;
975
976 unicast_packet = (struct batadv_unicast_packet *)skb->data;
977
978 /* packet for me */
979 if (batadv_is_my_mac(bat_priv, unicast_packet->dest)) {
980 /* If this is a unicast packet from another backgone gw,
981 * drop it.
982 */
983 orig_addr_gw = eth_hdr(skb)->h_source;
984 orig_node_gw = batadv_orig_hash_find(bat_priv, orig_addr_gw);
985 if (orig_node_gw) {
986 is_gw = batadv_bla_is_backbone_gw(skb, orig_node_gw,
987 hdr_size);
988 batadv_orig_node_put(orig_node_gw);
989 if (is_gw) {
990 batadv_dbg(BATADV_DBG_BLA, bat_priv,
991 "%s(): Dropped unicast pkt received from another backbone gw %pM.\n",
992 __func__, orig_addr_gw);
993 goto free_skb;
994 }
995 }
996
997 if (is4addr) {
998 unicast_4addr_packet =
999 (struct batadv_unicast_4addr_packet *)skb->data;
1000 subtype = unicast_4addr_packet->subtype;
1001 batadv_dat_inc_counter(bat_priv, subtype);
1002
1003 /* Only payload data should be considered for speedy
1004 * join. For example, DAT also uses unicast 4addr
1005 * types, but those packets should not be considered
1006 * for speedy join, since the clients do not actually
1007 * reside at the sending originator.
1008 */
1009 if (subtype == BATADV_P_DATA) {
1010 orig_addr = unicast_4addr_packet->src;
1011 orig_node = batadv_orig_hash_find(bat_priv,
1012 orig_addr);
1013 }
1014 }
1015
1016 if (batadv_dat_snoop_incoming_arp_request(bat_priv, skb,
1017 hdr_size))
1018 goto rx_success;
1019 if (batadv_dat_snoop_incoming_arp_reply(bat_priv, skb,
1020 hdr_size))
1021 goto rx_success;
1022
1023 batadv_interface_rx(recv_if->soft_iface, skb, hdr_size,
1024 orig_node);
1025
1026 rx_success:
1027 if (orig_node)
1028 batadv_orig_node_put(orig_node);
1029
1030 return NET_RX_SUCCESS;
1031 }
1032
1033 ret = batadv_route_unicast_packet(skb, recv_if);
1034 /* skb was consumed */
1035 skb = NULL;
1036
1037 free_skb:
1038 kfree_skb(skb);
1039
1040 return ret;
1041 }
1042
1043 /**
1044 * batadv_recv_unicast_tvlv - receive and process unicast tvlv packets
1045 * @skb: unicast tvlv packet to process
1046 * @recv_if: pointer to interface this packet was received on
1047 *
1048 * Return: NET_RX_SUCCESS if the packet has been consumed or NET_RX_DROP
1049 * otherwise.
1050 */
batadv_recv_unicast_tvlv(struct sk_buff * skb,struct batadv_hard_iface * recv_if)1051 int batadv_recv_unicast_tvlv(struct sk_buff *skb,
1052 struct batadv_hard_iface *recv_if)
1053 {
1054 struct batadv_priv *bat_priv = netdev_priv(recv_if->soft_iface);
1055 struct batadv_unicast_tvlv_packet *unicast_tvlv_packet;
1056 unsigned char *tvlv_buff;
1057 u16 tvlv_buff_len;
1058 int hdr_size = sizeof(*unicast_tvlv_packet);
1059 int ret = NET_RX_DROP;
1060
1061 if (batadv_check_unicast_packet(bat_priv, skb, hdr_size) < 0)
1062 goto free_skb;
1063
1064 /* the header is likely to be modified while forwarding */
1065 if (skb_cow(skb, hdr_size) < 0)
1066 goto free_skb;
1067
1068 /* packet needs to be linearized to access the tvlv content */
1069 if (skb_linearize(skb) < 0)
1070 goto free_skb;
1071
1072 unicast_tvlv_packet = (struct batadv_unicast_tvlv_packet *)skb->data;
1073
1074 tvlv_buff = (unsigned char *)(skb->data + hdr_size);
1075 tvlv_buff_len = ntohs(unicast_tvlv_packet->tvlv_len);
1076
1077 if (tvlv_buff_len > skb->len - hdr_size)
1078 goto free_skb;
1079
1080 ret = batadv_tvlv_containers_process(bat_priv, false, NULL,
1081 unicast_tvlv_packet->src,
1082 unicast_tvlv_packet->dst,
1083 tvlv_buff, tvlv_buff_len);
1084
1085 if (ret != NET_RX_SUCCESS) {
1086 ret = batadv_route_unicast_packet(skb, recv_if);
1087 /* skb was consumed */
1088 skb = NULL;
1089 }
1090
1091 free_skb:
1092 kfree_skb(skb);
1093
1094 return ret;
1095 }
1096
1097 /**
1098 * batadv_recv_frag_packet - process received fragment
1099 * @skb: the received fragment
1100 * @recv_if: interface that the skb is received on
1101 *
1102 * This function does one of the three following things: 1) Forward fragment, if
1103 * the assembled packet will exceed our MTU; 2) Buffer fragment, if we till
1104 * lack further fragments; 3) Merge fragments, if we have all needed parts.
1105 *
1106 * Return: NET_RX_DROP if the skb is not consumed, NET_RX_SUCCESS otherwise.
1107 */
batadv_recv_frag_packet(struct sk_buff * skb,struct batadv_hard_iface * recv_if)1108 int batadv_recv_frag_packet(struct sk_buff *skb,
1109 struct batadv_hard_iface *recv_if)
1110 {
1111 struct batadv_priv *bat_priv = netdev_priv(recv_if->soft_iface);
1112 struct batadv_orig_node *orig_node_src = NULL;
1113 struct batadv_frag_packet *frag_packet;
1114 int ret = NET_RX_DROP;
1115
1116 if (batadv_check_unicast_packet(bat_priv, skb,
1117 sizeof(*frag_packet)) < 0)
1118 goto free_skb;
1119
1120 frag_packet = (struct batadv_frag_packet *)skb->data;
1121 orig_node_src = batadv_orig_hash_find(bat_priv, frag_packet->orig);
1122 if (!orig_node_src)
1123 goto free_skb;
1124
1125 skb->priority = frag_packet->priority + 256;
1126
1127 /* Route the fragment if it is not for us and too big to be merged. */
1128 if (!batadv_is_my_mac(bat_priv, frag_packet->dest) &&
1129 batadv_frag_skb_fwd(skb, recv_if, orig_node_src)) {
1130 /* skb was consumed */
1131 skb = NULL;
1132 ret = NET_RX_SUCCESS;
1133 goto put_orig_node;
1134 }
1135
1136 batadv_inc_counter(bat_priv, BATADV_CNT_FRAG_RX);
1137 batadv_add_counter(bat_priv, BATADV_CNT_FRAG_RX_BYTES, skb->len);
1138
1139 /* Add fragment to buffer and merge if possible. */
1140 if (!batadv_frag_skb_buffer(&skb, orig_node_src))
1141 goto put_orig_node;
1142
1143 /* Deliver merged packet to the appropriate handler, if it was
1144 * merged
1145 */
1146 if (skb) {
1147 batadv_batman_skb_recv(skb, recv_if->net_dev,
1148 &recv_if->batman_adv_ptype, NULL);
1149 /* skb was consumed */
1150 skb = NULL;
1151 }
1152
1153 ret = NET_RX_SUCCESS;
1154
1155 put_orig_node:
1156 batadv_orig_node_put(orig_node_src);
1157 free_skb:
1158 kfree_skb(skb);
1159
1160 return ret;
1161 }
1162
batadv_recv_bcast_packet(struct sk_buff * skb,struct batadv_hard_iface * recv_if)1163 int batadv_recv_bcast_packet(struct sk_buff *skb,
1164 struct batadv_hard_iface *recv_if)
1165 {
1166 struct batadv_priv *bat_priv = netdev_priv(recv_if->soft_iface);
1167 struct batadv_orig_node *orig_node = NULL;
1168 struct batadv_bcast_packet *bcast_packet;
1169 struct ethhdr *ethhdr;
1170 int hdr_size = sizeof(*bcast_packet);
1171 int ret = NET_RX_DROP;
1172 s32 seq_diff;
1173 u32 seqno;
1174
1175 /* drop packet if it has not necessary minimum size */
1176 if (unlikely(!pskb_may_pull(skb, hdr_size)))
1177 goto free_skb;
1178
1179 ethhdr = eth_hdr(skb);
1180
1181 /* packet with broadcast indication but unicast recipient */
1182 if (!is_broadcast_ether_addr(ethhdr->h_dest))
1183 goto free_skb;
1184
1185 /* packet with broadcast/multicast sender address */
1186 if (is_multicast_ether_addr(ethhdr->h_source))
1187 goto free_skb;
1188
1189 /* ignore broadcasts sent by myself */
1190 if (batadv_is_my_mac(bat_priv, ethhdr->h_source))
1191 goto free_skb;
1192
1193 bcast_packet = (struct batadv_bcast_packet *)skb->data;
1194
1195 /* ignore broadcasts originated by myself */
1196 if (batadv_is_my_mac(bat_priv, bcast_packet->orig))
1197 goto free_skb;
1198
1199 if (bcast_packet->ttl < 2)
1200 goto free_skb;
1201
1202 orig_node = batadv_orig_hash_find(bat_priv, bcast_packet->orig);
1203
1204 if (!orig_node)
1205 goto free_skb;
1206
1207 spin_lock_bh(&orig_node->bcast_seqno_lock);
1208
1209 seqno = ntohl(bcast_packet->seqno);
1210 /* check whether the packet is a duplicate */
1211 if (batadv_test_bit(orig_node->bcast_bits, orig_node->last_bcast_seqno,
1212 seqno))
1213 goto spin_unlock;
1214
1215 seq_diff = seqno - orig_node->last_bcast_seqno;
1216
1217 /* check whether the packet is old and the host just restarted. */
1218 if (batadv_window_protected(bat_priv, seq_diff,
1219 BATADV_BCAST_MAX_AGE,
1220 &orig_node->bcast_seqno_reset, NULL))
1221 goto spin_unlock;
1222
1223 /* mark broadcast in flood history, update window position
1224 * if required.
1225 */
1226 if (batadv_bit_get_packet(bat_priv, orig_node->bcast_bits, seq_diff, 1))
1227 orig_node->last_bcast_seqno = seqno;
1228
1229 spin_unlock_bh(&orig_node->bcast_seqno_lock);
1230
1231 /* check whether this has been sent by another originator before */
1232 if (batadv_bla_check_bcast_duplist(bat_priv, skb))
1233 goto free_skb;
1234
1235 batadv_skb_set_priority(skb, sizeof(struct batadv_bcast_packet));
1236
1237 /* rebroadcast packet */
1238 batadv_add_bcast_packet_to_list(bat_priv, skb, 1, false);
1239
1240 /* don't hand the broadcast up if it is from an originator
1241 * from the same backbone.
1242 */
1243 if (batadv_bla_is_backbone_gw(skb, orig_node, hdr_size))
1244 goto free_skb;
1245
1246 if (batadv_dat_snoop_incoming_arp_request(bat_priv, skb, hdr_size))
1247 goto rx_success;
1248 if (batadv_dat_snoop_incoming_arp_reply(bat_priv, skb, hdr_size))
1249 goto rx_success;
1250
1251 /* broadcast for me */
1252 batadv_interface_rx(recv_if->soft_iface, skb, hdr_size, orig_node);
1253
1254 rx_success:
1255 ret = NET_RX_SUCCESS;
1256 goto out;
1257
1258 spin_unlock:
1259 spin_unlock_bh(&orig_node->bcast_seqno_lock);
1260 free_skb:
1261 kfree_skb(skb);
1262 out:
1263 if (orig_node)
1264 batadv_orig_node_put(orig_node);
1265 return ret;
1266 }
1267