blob: 5b3d91be2db0c8f1a78606727c703475dd61b598 [file] [log] [blame]
Linus Torvalds1da177e2005-04-16 15:20:36 -07001/*
2 * INET An implementation of the TCP/IP protocol suite for the LINUX
3 * operating system. INET is implemented using the BSD Socket
4 * interface as the means of communication with the user level.
5 *
6 * The options processing module for ip.c
7 *
Linus Torvalds1da177e2005-04-16 15:20:36 -07008 * Authors: A.N.Kuznetsov
YOSHIFUJI Hideakie905a9e2007-02-09 23:24:47 +09009 *
Linus Torvalds1da177e2005-04-16 15:20:36 -070010 */
11
Joe Perchesafd465032012-03-12 07:03:32 +000012#define pr_fmt(fmt) "IPv4: " fmt
13
Randy Dunlap4fc268d2006-01-11 12:17:47 -080014#include <linux/capability.h>
Linus Torvalds1da177e2005-04-16 15:20:36 -070015#include <linux/module.h>
Tejun Heo5a0e3ad2010-03-24 17:04:11 +090016#include <linux/slab.h>
Linus Torvalds1da177e2005-04-16 15:20:36 -070017#include <linux/types.h>
18#include <asm/uaccess.h>
Chris Metcalf48bdf072011-05-29 10:55:44 +000019#include <asm/unaligned.h>
Linus Torvalds1da177e2005-04-16 15:20:36 -070020#include <linux/skbuff.h>
21#include <linux/ip.h>
22#include <linux/icmp.h>
23#include <linux/netdevice.h>
24#include <linux/rtnetlink.h>
25#include <net/sock.h>
26#include <net/ip.h>
27#include <net/icmp.h>
Arnaldo Carvalho de Melo14c85022005-12-27 02:43:12 -020028#include <net/route.h>
Paul Moore11a03f72006-08-03 16:46:20 -070029#include <net/cipso_ipv4.h>
David S. Miller35ebf652012-06-28 03:59:11 -070030#include <net/ip_fib.h>
Linus Torvalds1da177e2005-04-16 15:20:36 -070031
YOSHIFUJI Hideakie905a9e2007-02-09 23:24:47 +090032/*
Linus Torvalds1da177e2005-04-16 15:20:36 -070033 * Write options to IP header, record destination address to
34 * source route option, address of outgoing interface
35 * (we should already know it, so that this function is allowed be
36 * called only after routing decision) and timestamp,
37 * if we originate this datagram.
38 *
39 * daddr is real destination address, next hop is recorded in IP header.
40 * saddr is address of outgoing interface.
41 */
42
Eric Dumazetf6d8bd02011-04-21 09:45:37 +000043void ip_options_build(struct sk_buff *skb, struct ip_options *opt,
David S. Miller8e363602011-05-13 17:29:41 -040044 __be32 daddr, struct rtable *rt, int is_frag)
Linus Torvalds1da177e2005-04-16 15:20:36 -070045{
Arnaldo Carvalho de Melod56f90a2007-04-10 20:50:43 -070046 unsigned char *iph = skb_network_header(skb);
Linus Torvalds1da177e2005-04-16 15:20:36 -070047
48 memcpy(&(IPCB(skb)->opt), opt, sizeof(struct ip_options));
49 memcpy(iph+sizeof(struct iphdr), opt->__data, opt->optlen);
50 opt = &(IPCB(skb)->opt);
Linus Torvalds1da177e2005-04-16 15:20:36 -070051
52 if (opt->srr)
53 memcpy(iph+opt->srr+iph[opt->srr+1]-4, &daddr, 4);
54
55 if (!is_frag) {
56 if (opt->rr_needaddr)
David S. Miller8e363602011-05-13 17:29:41 -040057 ip_rt_get_source(iph+opt->rr+iph[opt->rr+2]-5, skb, rt);
Linus Torvalds1da177e2005-04-16 15:20:36 -070058 if (opt->ts_needaddr)
David S. Miller8e363602011-05-13 17:29:41 -040059 ip_rt_get_source(iph+opt->ts+iph[opt->ts+2]-9, skb, rt);
Linus Torvalds1da177e2005-04-16 15:20:36 -070060 if (opt->ts_needtime) {
YOSHIFUJI Hideakif25c3d62008-04-21 02:34:08 -070061 struct timespec tv;
Al Viroe25d2ca2006-09-27 18:28:47 -070062 __be32 midtime;
YOSHIFUJI Hideakif25c3d62008-04-21 02:34:08 -070063 getnstimeofday(&tv);
64 midtime = htonl((tv.tv_sec % 86400) * MSEC_PER_SEC + tv.tv_nsec / NSEC_PER_MSEC);
Linus Torvalds1da177e2005-04-16 15:20:36 -070065 memcpy(iph+opt->ts+iph[opt->ts+2]-5, &midtime, 4);
66 }
67 return;
68 }
69 if (opt->rr) {
70 memset(iph+opt->rr, IPOPT_NOP, iph[opt->rr+1]);
71 opt->rr = 0;
72 opt->rr_needaddr = 0;
73 }
74 if (opt->ts) {
75 memset(iph+opt->ts, IPOPT_NOP, iph[opt->ts+1]);
76 opt->ts = 0;
77 opt->ts_needaddr = opt->ts_needtime = 0;
78 }
79}
80
YOSHIFUJI Hideakie905a9e2007-02-09 23:24:47 +090081/*
Linus Torvalds1da177e2005-04-16 15:20:36 -070082 * Provided (sopt, skb) points to received options,
83 * build in dopt compiled option set appropriate for answering.
84 * i.e. invert SRR option, copy anothers,
85 * and grab room in RR/TS options.
86 *
87 * NOTE: dopt cannot point to skb.
88 */
89
Eric Dumazet24a2d432014-09-27 09:50:55 -070090int __ip_options_echo(struct ip_options *dopt, struct sk_buff *skb,
91 const struct ip_options *sopt)
Linus Torvalds1da177e2005-04-16 15:20:36 -070092{
Linus Torvalds1da177e2005-04-16 15:20:36 -070093 unsigned char *sptr, *dptr;
94 int soffset, doffset;
95 int optlen;
Linus Torvalds1da177e2005-04-16 15:20:36 -070096
97 memset(dopt, 0, sizeof(struct ip_options));
98
Eric Dumazetf6d8bd02011-04-21 09:45:37 +000099 if (sopt->optlen == 0)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700100 return 0;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700101
Arnaldo Carvalho de Melod56f90a2007-04-10 20:50:43 -0700102 sptr = skb_network_header(skb);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700103 dptr = dopt->__data;
104
Linus Torvalds1da177e2005-04-16 15:20:36 -0700105 if (sopt->rr) {
106 optlen = sptr[sopt->rr+1];
107 soffset = sptr[sopt->rr+2];
108 dopt->rr = dopt->optlen + sizeof(struct iphdr);
109 memcpy(dptr, sptr+sopt->rr, optlen);
110 if (sopt->rr_needaddr && soffset <= optlen) {
111 if (soffset + 3 > optlen)
112 return -EINVAL;
113 dptr[2] = soffset + 4;
114 dopt->rr_needaddr = 1;
115 }
116 dptr += optlen;
117 dopt->optlen += optlen;
118 }
119 if (sopt->ts) {
120 optlen = sptr[sopt->ts+1];
121 soffset = sptr[sopt->ts+2];
122 dopt->ts = dopt->optlen + sizeof(struct iphdr);
123 memcpy(dptr, sptr+sopt->ts, optlen);
124 if (soffset <= optlen) {
125 if (sopt->ts_needaddr) {
126 if (soffset + 3 > optlen)
127 return -EINVAL;
128 dopt->ts_needaddr = 1;
129 soffset += 4;
130 }
131 if (sopt->ts_needtime) {
132 if (soffset + 3 > optlen)
133 return -EINVAL;
134 if ((dptr[3]&0xF) != IPOPT_TS_PRESPEC) {
135 dopt->ts_needtime = 1;
136 soffset += 4;
137 } else {
138 dopt->ts_needtime = 0;
139
Jan Luebbe8628bd82011-03-24 07:44:22 +0000140 if (soffset + 7 <= optlen) {
Al Virofd683222006-09-26 22:17:51 -0700141 __be32 addr;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700142
Jan Luebbe8628bd82011-03-24 07:44:22 +0000143 memcpy(&addr, dptr+soffset-1, 4);
144 if (inet_addr_type(dev_net(skb_dst(skb)->dev), addr) != RTN_UNICAST) {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700145 dopt->ts_needtime = 1;
146 soffset += 8;
147 }
148 }
149 }
150 }
151 dptr[2] = soffset;
152 }
153 dptr += optlen;
154 dopt->optlen += optlen;
155 }
156 if (sopt->srr) {
Eric Dumazetf6d8bd02011-04-21 09:45:37 +0000157 unsigned char *start = sptr+sopt->srr;
Al Viro3ca3c682006-09-27 18:28:07 -0700158 __be32 faddr;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700159
160 optlen = start[1];
161 soffset = start[2];
162 doffset = 0;
163 if (soffset > optlen)
164 soffset = optlen + 1;
165 soffset -= 4;
166 if (soffset > 3) {
167 memcpy(&faddr, &start[soffset-1], 4);
Weilong Chena22318e2013-12-23 14:37:26 +0800168 for (soffset -= 4, doffset = 4; soffset > 3; soffset -= 4, doffset += 4)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700169 memcpy(&dptr[doffset-1], &start[soffset-1], 4);
170 /*
171 * RFC1812 requires to fix illegal source routes.
172 */
Arnaldo Carvalho de Meloeddc9ec2007-04-20 22:47:35 -0700173 if (memcmp(&ip_hdr(skb)->saddr,
174 &start[soffset + 3], 4) == 0)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700175 doffset -= 4;
176 }
177 if (doffset > 3) {
Julian Anastasov6255e5e2012-07-18 21:34:24 +0000178 __be32 daddr = fib_compute_spec_dst(skb);
179
Linus Torvalds1da177e2005-04-16 15:20:36 -0700180 memcpy(&start[doffset-1], &daddr, 4);
181 dopt->faddr = faddr;
182 dptr[0] = start[0];
183 dptr[1] = doffset+3;
184 dptr[2] = 4;
185 dptr += doffset+3;
186 dopt->srr = dopt->optlen + sizeof(struct iphdr);
187 dopt->optlen += doffset+3;
188 dopt->is_strictroute = sopt->is_strictroute;
189 }
190 }
Paul Moore11a03f72006-08-03 16:46:20 -0700191 if (sopt->cipso) {
192 optlen = sptr[sopt->cipso+1];
193 dopt->cipso = dopt->optlen+sizeof(struct iphdr);
194 memcpy(dptr, sptr+sopt->cipso, optlen);
195 dptr += optlen;
196 dopt->optlen += optlen;
197 }
Linus Torvalds1da177e2005-04-16 15:20:36 -0700198 while (dopt->optlen & 3) {
199 *dptr++ = IPOPT_END;
200 dopt->optlen++;
201 }
202 return 0;
203}
204
205/*
206 * Options "fragmenting", just fill options not
207 * allowed in fragments with NOOPs.
208 * Simple and stupid 8), but the most efficient way.
209 */
210
Daniel Baluta5e73ea12012-04-15 01:34:41 +0000211void ip_options_fragment(struct sk_buff *skb)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700212{
Arnaldo Carvalho de Melod56f90a2007-04-10 20:50:43 -0700213 unsigned char *optptr = skb_network_header(skb) + sizeof(struct iphdr);
Daniel Baluta5e73ea12012-04-15 01:34:41 +0000214 struct ip_options *opt = &(IPCB(skb)->opt);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700215 int l = opt->optlen;
216 int optlen;
217
218 while (l > 0) {
219 switch (*optptr) {
220 case IPOPT_END:
221 return;
222 case IPOPT_NOOP:
223 l--;
224 optptr++;
225 continue;
226 }
227 optlen = optptr[1];
Weilong Chena22318e2013-12-23 14:37:26 +0800228 if (optlen < 2 || optlen > l)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700229 return;
230 if (!IPOPT_COPIED(*optptr))
231 memset(optptr, IPOPT_NOOP, optlen);
232 l -= optlen;
233 optptr += optlen;
234 }
235 opt->ts = 0;
236 opt->rr = 0;
237 opt->rr_needaddr = 0;
238 opt->ts_needaddr = 0;
239 opt->ts_needtime = 0;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700240}
241
Eric Dumazetbf5e53e2012-07-04 22:30:09 +0000242/* helper used by ip_options_compile() to call fib_compute_spec_dst()
243 * at most one time.
244 */
245static void spec_dst_fill(__be32 *spec_dst, struct sk_buff *skb)
246{
247 if (*spec_dst == htonl(INADDR_ANY))
248 *spec_dst = fib_compute_spec_dst(skb);
249}
250
Linus Torvalds1da177e2005-04-16 15:20:36 -0700251/*
252 * Verify options and fill pointers in struct options.
253 * Caller should clear *opt, and set opt->data.
254 * If opt == NULL, then skb->data should point to IP header.
255 */
256
Denis V. Lunev0e6bd4a2008-03-24 15:29:23 -0700257int ip_options_compile(struct net *net,
Daniel Baluta5e73ea12012-04-15 01:34:41 +0000258 struct ip_options *opt, struct sk_buff *skb)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700259{
Eric Dumazetbf5e53e2012-07-04 22:30:09 +0000260 __be32 spec_dst = htonl(INADDR_ANY);
Daniel Baluta5e73ea12012-04-15 01:34:41 +0000261 unsigned char *pp_ptr = NULL;
David S. Miller11604722012-07-04 16:13:17 -0700262 struct rtable *rt = NULL;
David S. Miller35ebf652012-06-28 03:59:11 -0700263 unsigned char *optptr;
264 unsigned char *iph;
265 int optlen, l;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700266
Denis V. Lunev22aba382008-03-22 16:36:20 -0700267 if (skb != NULL) {
David S. Miller11604722012-07-04 16:13:17 -0700268 rt = skb_rtable(skb);
Denis V. Lunev22aba382008-03-22 16:36:20 -0700269 optptr = (unsigned char *)&(ip_hdr(skb)[1]);
270 } else
Denis V. Lunev10fe7d82008-03-22 16:35:00 -0700271 optptr = opt->__data;
Denis V. Lunev22aba382008-03-22 16:36:20 -0700272 iph = optptr - sizeof(struct iphdr);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700273
274 for (l = opt->optlen; l > 0; ) {
275 switch (*optptr) {
Weilong Chendd9b4552013-12-31 15:11:28 +0800276 case IPOPT_END:
Weilong Chena22318e2013-12-23 14:37:26 +0800277 for (optptr++, l--; l > 0; optptr++, l--) {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700278 if (*optptr != IPOPT_END) {
279 *optptr = IPOPT_END;
280 opt->is_changed = 1;
281 }
282 }
283 goto eol;
Weilong Chendd9b4552013-12-31 15:11:28 +0800284 case IPOPT_NOOP:
Linus Torvalds1da177e2005-04-16 15:20:36 -0700285 l--;
286 optptr++;
287 continue;
288 }
Eric Dumazet10ec9472014-07-21 07:17:42 +0200289 if (unlikely(l < 2)) {
290 pp_ptr = optptr;
291 goto error;
292 }
Linus Torvalds1da177e2005-04-16 15:20:36 -0700293 optlen = optptr[1];
Weilong Chena22318e2013-12-23 14:37:26 +0800294 if (optlen < 2 || optlen > l) {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700295 pp_ptr = optptr;
296 goto error;
297 }
298 switch (*optptr) {
Weilong Chendd9b4552013-12-31 15:11:28 +0800299 case IPOPT_SSRR:
300 case IPOPT_LSRR:
Linus Torvalds1da177e2005-04-16 15:20:36 -0700301 if (optlen < 3) {
302 pp_ptr = optptr + 1;
303 goto error;
304 }
305 if (optptr[2] < 4) {
306 pp_ptr = optptr + 2;
307 goto error;
308 }
309 /* NB: cf RFC-1812 5.2.4.1 */
310 if (opt->srr) {
311 pp_ptr = optptr;
312 goto error;
313 }
314 if (!skb) {
315 if (optptr[2] != 4 || optlen < 7 || ((optlen-3) & 3)) {
316 pp_ptr = optptr + 1;
317 goto error;
318 }
319 memcpy(&opt->faddr, &optptr[3], 4);
320 if (optlen > 7)
321 memmove(&optptr[3], &optptr[7], optlen-7);
322 }
323 opt->is_strictroute = (optptr[0] == IPOPT_SSRR);
324 opt->srr = optptr - iph;
325 break;
Weilong Chendd9b4552013-12-31 15:11:28 +0800326 case IPOPT_RR:
Linus Torvalds1da177e2005-04-16 15:20:36 -0700327 if (opt->rr) {
328 pp_ptr = optptr;
329 goto error;
330 }
331 if (optlen < 3) {
332 pp_ptr = optptr + 1;
333 goto error;
334 }
335 if (optptr[2] < 4) {
336 pp_ptr = optptr + 2;
337 goto error;
338 }
339 if (optptr[2] <= optlen) {
340 if (optptr[2]+3 > optlen) {
341 pp_ptr = optptr + 2;
342 goto error;
343 }
David S. Miller11604722012-07-04 16:13:17 -0700344 if (rt) {
Eric Dumazetbf5e53e2012-07-04 22:30:09 +0000345 spec_dst_fill(&spec_dst, skb);
David S. Miller35ebf652012-06-28 03:59:11 -0700346 memcpy(&optptr[optptr[2]-1], &spec_dst, 4);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700347 opt->is_changed = 1;
348 }
349 optptr[2] += 4;
350 opt->rr_needaddr = 1;
351 }
352 opt->rr = optptr - iph;
353 break;
Weilong Chendd9b4552013-12-31 15:11:28 +0800354 case IPOPT_TIMESTAMP:
Linus Torvalds1da177e2005-04-16 15:20:36 -0700355 if (opt->ts) {
356 pp_ptr = optptr;
357 goto error;
358 }
359 if (optlen < 4) {
360 pp_ptr = optptr + 1;
361 goto error;
362 }
363 if (optptr[2] < 5) {
364 pp_ptr = optptr + 2;
365 goto error;
366 }
367 if (optptr[2] <= optlen) {
Chris Metcalf48bdf072011-05-29 10:55:44 +0000368 unsigned char *timeptr = NULL;
Hisao Tanabe5a2b6462014-04-27 19:03:45 +0900369 if (optptr[2]+3 > optlen) {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700370 pp_ptr = optptr + 2;
371 goto error;
372 }
373 switch (optptr[3]&0xF) {
Weilong Chendd9b4552013-12-31 15:11:28 +0800374 case IPOPT_TS_TSONLY:
YOSHIFUJI Hideakie905a9e2007-02-09 23:24:47 +0900375 if (skb)
Chris Metcalf48bdf072011-05-29 10:55:44 +0000376 timeptr = &optptr[optptr[2]-1];
Linus Torvalds1da177e2005-04-16 15:20:36 -0700377 opt->ts_needtime = 1;
378 optptr[2] += 4;
379 break;
Weilong Chendd9b4552013-12-31 15:11:28 +0800380 case IPOPT_TS_TSANDADDR:
Hisao Tanabe5a2b6462014-04-27 19:03:45 +0900381 if (optptr[2]+7 > optlen) {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700382 pp_ptr = optptr + 2;
383 goto error;
384 }
David S. Miller11604722012-07-04 16:13:17 -0700385 if (rt) {
Eric Dumazetbf5e53e2012-07-04 22:30:09 +0000386 spec_dst_fill(&spec_dst, skb);
David S. Miller35ebf652012-06-28 03:59:11 -0700387 memcpy(&optptr[optptr[2]-1], &spec_dst, 4);
Chris Metcalf48bdf072011-05-29 10:55:44 +0000388 timeptr = &optptr[optptr[2]+3];
Linus Torvalds1da177e2005-04-16 15:20:36 -0700389 }
390 opt->ts_needaddr = 1;
391 opt->ts_needtime = 1;
392 optptr[2] += 8;
393 break;
Weilong Chendd9b4552013-12-31 15:11:28 +0800394 case IPOPT_TS_PRESPEC:
Hisao Tanabe5a2b6462014-04-27 19:03:45 +0900395 if (optptr[2]+7 > optlen) {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700396 pp_ptr = optptr + 2;
397 goto error;
398 }
Linus Torvalds1da177e2005-04-16 15:20:36 -0700399 {
Al Virofd683222006-09-26 22:17:51 -0700400 __be32 addr;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700401 memcpy(&addr, &optptr[optptr[2]-1], 4);
Denis V. Lunev0e6bd4a2008-03-24 15:29:23 -0700402 if (inet_addr_type(net, addr) == RTN_UNICAST)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700403 break;
404 if (skb)
Chris Metcalf48bdf072011-05-29 10:55:44 +0000405 timeptr = &optptr[optptr[2]+3];
Linus Torvalds1da177e2005-04-16 15:20:36 -0700406 }
407 opt->ts_needtime = 1;
408 optptr[2] += 8;
409 break;
Weilong Chendd9b4552013-12-31 15:11:28 +0800410 default:
Eric W. Biederman52e804c2012-11-16 03:03:05 +0000411 if (!skb && !ns_capable(net->user_ns, CAP_NET_RAW)) {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700412 pp_ptr = optptr + 3;
413 goto error;
414 }
415 break;
416 }
417 if (timeptr) {
YOSHIFUJI Hideakif25c3d62008-04-21 02:34:08 -0700418 struct timespec tv;
Chris Metcalf48bdf072011-05-29 10:55:44 +0000419 u32 midtime;
YOSHIFUJI Hideakif25c3d62008-04-21 02:34:08 -0700420 getnstimeofday(&tv);
Chris Metcalf48bdf072011-05-29 10:55:44 +0000421 midtime = (tv.tv_sec % 86400) * MSEC_PER_SEC + tv.tv_nsec / NSEC_PER_MSEC;
422 put_unaligned_be32(midtime, timeptr);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700423 opt->is_changed = 1;
424 }
David Wardfa2b04f2013-03-05 17:06:32 +0000425 } else if ((optptr[3]&0xF) != IPOPT_TS_PRESPEC) {
Eric Dumazet95c96172012-04-15 05:58:06 +0000426 unsigned int overflow = optptr[3]>>4;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700427 if (overflow == 15) {
428 pp_ptr = optptr + 3;
429 goto error;
430 }
Linus Torvalds1da177e2005-04-16 15:20:36 -0700431 if (skb) {
432 optptr[3] = (optptr[3]&0xF)|((overflow+1)<<4);
433 opt->is_changed = 1;
434 }
435 }
David Ward4660c7f2013-03-11 10:43:39 +0000436 opt->ts = optptr - iph;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700437 break;
Weilong Chendd9b4552013-12-31 15:11:28 +0800438 case IPOPT_RA:
Linus Torvalds1da177e2005-04-16 15:20:36 -0700439 if (optlen < 4) {
440 pp_ptr = optptr + 1;
441 goto error;
442 }
443 if (optptr[2] == 0 && optptr[3] == 0)
444 opt->router_alert = optptr - iph;
445 break;
Weilong Chendd9b4552013-12-31 15:11:28 +0800446 case IPOPT_CIPSO:
Eric W. Biederman52e804c2012-11-16 03:03:05 +0000447 if ((!skb && !ns_capable(net->user_ns, CAP_NET_RAW)) || opt->cipso) {
Paul Moore11a03f72006-08-03 16:46:20 -0700448 pp_ptr = optptr;
449 goto error;
450 }
451 opt->cipso = optptr - iph;
Paul Moore15c45f72008-10-10 10:16:34 -0400452 if (cipso_v4_validate(skb, &optptr)) {
Paul Moore11a03f72006-08-03 16:46:20 -0700453 pp_ptr = optptr;
454 goto error;
455 }
456 break;
Weilong Chendd9b4552013-12-31 15:11:28 +0800457 case IPOPT_SEC:
458 case IPOPT_SID:
459 default:
Eric W. Biederman52e804c2012-11-16 03:03:05 +0000460 if (!skb && !ns_capable(net->user_ns, CAP_NET_RAW)) {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700461 pp_ptr = optptr;
462 goto error;
463 }
464 break;
465 }
466 l -= optlen;
467 optptr += optlen;
468 }
469
470eol:
471 if (!pp_ptr)
472 return 0;
473
474error:
475 if (skb) {
476 icmp_send(skb, ICMP_PARAMETERPROB, 0, htonl((pp_ptr-iph)<<24));
477 }
478 return -EINVAL;
479}
Bandan Das462fb2a2010-09-19 09:34:33 +0000480EXPORT_SYMBOL(ip_options_compile);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700481
482/*
483 * Undo all the changes done by ip_options_compile().
484 */
485
Daniel Baluta5e73ea12012-04-15 01:34:41 +0000486void ip_options_undo(struct ip_options *opt)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700487{
488 if (opt->srr) {
Daniel Baluta5e73ea12012-04-15 01:34:41 +0000489 unsigned char *optptr = opt->__data+opt->srr-sizeof(struct iphdr);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700490 memmove(optptr+7, optptr+3, optptr[1]-7);
491 memcpy(optptr+3, &opt->faddr, 4);
492 }
493 if (opt->rr_needaddr) {
Daniel Baluta5e73ea12012-04-15 01:34:41 +0000494 unsigned char *optptr = opt->__data+opt->rr-sizeof(struct iphdr);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700495 optptr[2] -= 4;
496 memset(&optptr[optptr[2]-1], 0, 4);
497 }
498 if (opt->ts) {
Daniel Baluta5e73ea12012-04-15 01:34:41 +0000499 unsigned char *optptr = opt->__data+opt->ts-sizeof(struct iphdr);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700500 if (opt->ts_needtime) {
501 optptr[2] -= 4;
502 memset(&optptr[optptr[2]-1], 0, 4);
503 if ((optptr[3]&0xF) == IPOPT_TS_PRESPEC)
504 optptr[2] -= 4;
505 }
506 if (opt->ts_needaddr) {
507 optptr[2] -= 4;
508 memset(&optptr[optptr[2]-1], 0, 4);
509 }
510 }
511}
512
Eric Dumazetf6d8bd02011-04-21 09:45:37 +0000513static struct ip_options_rcu *ip_options_get_alloc(const int optlen)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700514{
Eric Dumazetf6d8bd02011-04-21 09:45:37 +0000515 return kzalloc(sizeof(struct ip_options_rcu) + ((optlen + 3) & ~3),
Mariusz Kozlowski37640702007-07-31 14:06:45 -0700516 GFP_KERNEL);
Arnaldo Carvalho de Melo4c6ea292005-08-16 19:46:48 -0300517}
Linus Torvalds1da177e2005-04-16 15:20:36 -0700518
Eric Dumazetf6d8bd02011-04-21 09:45:37 +0000519static int ip_options_get_finish(struct net *net, struct ip_options_rcu **optp,
520 struct ip_options_rcu *opt, int optlen)
Arnaldo Carvalho de Melo4c6ea292005-08-16 19:46:48 -0300521{
Linus Torvalds1da177e2005-04-16 15:20:36 -0700522 while (optlen & 3)
Eric Dumazetf6d8bd02011-04-21 09:45:37 +0000523 opt->opt.__data[optlen++] = IPOPT_END;
524 opt->opt.optlen = optlen;
525 if (optlen && ip_options_compile(net, &opt->opt, NULL)) {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700526 kfree(opt);
527 return -EINVAL;
528 }
Jesper Juhla51482b2005-11-08 09:41:34 -0800529 kfree(*optp);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700530 *optp = opt;
531 return 0;
532}
533
Eric Dumazetf6d8bd02011-04-21 09:45:37 +0000534int ip_options_get_from_user(struct net *net, struct ip_options_rcu **optp,
Denis V. Lunevf2c48022008-03-24 15:29:55 -0700535 unsigned char __user *data, int optlen)
Arnaldo Carvalho de Melo4c6ea292005-08-16 19:46:48 -0300536{
Eric Dumazetf6d8bd02011-04-21 09:45:37 +0000537 struct ip_options_rcu *opt = ip_options_get_alloc(optlen);
Arnaldo Carvalho de Melo4c6ea292005-08-16 19:46:48 -0300538
539 if (!opt)
540 return -ENOMEM;
Eric Dumazetf6d8bd02011-04-21 09:45:37 +0000541 if (optlen && copy_from_user(opt->opt.__data, data, optlen)) {
Arnaldo Carvalho de Melo4c6ea292005-08-16 19:46:48 -0300542 kfree(opt);
543 return -EFAULT;
544 }
Denis V. Lunevf2c48022008-03-24 15:29:55 -0700545 return ip_options_get_finish(net, optp, opt, optlen);
Arnaldo Carvalho de Melo4c6ea292005-08-16 19:46:48 -0300546}
547
Eric Dumazetf6d8bd02011-04-21 09:45:37 +0000548int ip_options_get(struct net *net, struct ip_options_rcu **optp,
Denis V. Lunevf2c48022008-03-24 15:29:55 -0700549 unsigned char *data, int optlen)
Arnaldo Carvalho de Melo4c6ea292005-08-16 19:46:48 -0300550{
Eric Dumazetf6d8bd02011-04-21 09:45:37 +0000551 struct ip_options_rcu *opt = ip_options_get_alloc(optlen);
Arnaldo Carvalho de Melo4c6ea292005-08-16 19:46:48 -0300552
553 if (!opt)
554 return -ENOMEM;
555 if (optlen)
Eric Dumazetf6d8bd02011-04-21 09:45:37 +0000556 memcpy(opt->opt.__data, data, optlen);
Denis V. Lunevf2c48022008-03-24 15:29:55 -0700557 return ip_options_get_finish(net, optp, opt, optlen);
Arnaldo Carvalho de Melo4c6ea292005-08-16 19:46:48 -0300558}
559
Linus Torvalds1da177e2005-04-16 15:20:36 -0700560void ip_forward_options(struct sk_buff *skb)
561{
Daniel Baluta5e73ea12012-04-15 01:34:41 +0000562 struct ip_options *opt = &(IPCB(skb)->opt);
563 unsigned char *optptr;
Eric Dumazet511c3f92009-06-02 05:14:27 +0000564 struct rtable *rt = skb_rtable(skb);
Arnaldo Carvalho de Melod56f90a2007-04-10 20:50:43 -0700565 unsigned char *raw = skb_network_header(skb);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700566
567 if (opt->rr_needaddr) {
568 optptr = (unsigned char *)raw + opt->rr;
David S. Miller8e363602011-05-13 17:29:41 -0400569 ip_rt_get_source(&optptr[optptr[2]-5], skb, rt);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700570 opt->is_changed = 1;
571 }
572 if (opt->srr_is_hit) {
573 int srrptr, srrspace;
574
575 optptr = raw + opt->srr;
576
Weilong Chena22318e2013-12-23 14:37:26 +0800577 for ( srrptr = optptr[2], srrspace = optptr[1];
Linus Torvalds1da177e2005-04-16 15:20:36 -0700578 srrptr <= srrspace;
579 srrptr += 4
580 ) {
581 if (srrptr + 3 > srrspace)
582 break;
Li Weiac8a4812011-11-22 23:33:10 +0000583 if (memcmp(&opt->nexthop, &optptr[srrptr-1], 4) == 0)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700584 break;
585 }
586 if (srrptr + 3 <= srrspace) {
587 opt->is_changed = 1;
Li Weiac8a4812011-11-22 23:33:10 +0000588 ip_hdr(skb)->daddr = opt->nexthop;
Li Wei5dc78832012-02-09 21:15:25 +0000589 ip_rt_get_source(&optptr[srrptr-1], skb, rt);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700590 optptr[2] = srrptr+4;
Joe Perchese87cc472012-05-13 21:56:26 +0000591 } else {
592 net_crit_ratelimited("%s(): Argh! Destination lost!\n",
593 __func__);
594 }
Linus Torvalds1da177e2005-04-16 15:20:36 -0700595 if (opt->ts_needaddr) {
596 optptr = raw + opt->ts;
David S. Miller8e363602011-05-13 17:29:41 -0400597 ip_rt_get_source(&optptr[optptr[2]-9], skb, rt);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700598 opt->is_changed = 1;
599 }
600 }
601 if (opt->is_changed) {
602 opt->is_changed = 0;
Arnaldo Carvalho de Meloeddc9ec2007-04-20 22:47:35 -0700603 ip_send_check(ip_hdr(skb));
Linus Torvalds1da177e2005-04-16 15:20:36 -0700604 }
605}
606
607int ip_options_rcv_srr(struct sk_buff *skb)
608{
609 struct ip_options *opt = &(IPCB(skb)->opt);
610 int srrspace, srrptr;
Al Viro9e12bb22006-09-26 21:25:20 -0700611 __be32 nexthop;
Arnaldo Carvalho de Meloeddc9ec2007-04-20 22:47:35 -0700612 struct iphdr *iph = ip_hdr(skb);
Arnaldo Carvalho de Melod56f90a2007-04-10 20:50:43 -0700613 unsigned char *optptr = skb_network_header(skb) + opt->srr;
Eric Dumazet511c3f92009-06-02 05:14:27 +0000614 struct rtable *rt = skb_rtable(skb);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700615 struct rtable *rt2;
Eric Dumazet7fee2262010-05-11 23:19:48 +0000616 unsigned long orefdst;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700617 int err;
618
David S. Miller10949552011-05-12 19:26:57 -0400619 if (!rt)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700620 return 0;
621
622 if (skb->pkt_type != PACKET_HOST)
623 return -EINVAL;
624 if (rt->rt_type == RTN_UNICAST) {
625 if (!opt->is_strictroute)
626 return 0;
627 icmp_send(skb, ICMP_PARAMETERPROB, 0, htonl(16<<24));
628 return -EINVAL;
629 }
630 if (rt->rt_type != RTN_LOCAL)
631 return -EINVAL;
632
Weilong Chena22318e2013-12-23 14:37:26 +0800633 for (srrptr = optptr[2], srrspace = optptr[1]; srrptr <= srrspace; srrptr += 4) {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700634 if (srrptr + 3 > srrspace) {
635 icmp_send(skb, ICMP_PARAMETERPROB, 0, htonl((opt->srr+2)<<24));
636 return -EINVAL;
637 }
638 memcpy(&nexthop, &optptr[srrptr-1], 4);
639
Eric Dumazet7fee2262010-05-11 23:19:48 +0000640 orefdst = skb->_skb_refdst;
Eric Dumazetadf30902009-06-02 05:19:30 +0000641 skb_dst_set(skb, NULL);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700642 err = ip_route_input(skb, nexthop, iph->saddr, iph->tos, skb->dev);
Eric Dumazet511c3f92009-06-02 05:14:27 +0000643 rt2 = skb_rtable(skb);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700644 if (err || (rt2->rt_type != RTN_UNICAST && rt2->rt_type != RTN_LOCAL)) {
Eric Dumazet7fee2262010-05-11 23:19:48 +0000645 skb_dst_drop(skb);
646 skb->_skb_refdst = orefdst;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700647 return -EINVAL;
648 }
Eric Dumazet7fee2262010-05-11 23:19:48 +0000649 refdst_drop(orefdst);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700650 if (rt2->rt_type != RTN_LOCAL)
651 break;
652 /* Superfast 8) loopback forward */
David S. Millerc30883b2011-05-12 19:30:58 -0400653 iph->daddr = nexthop;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700654 opt->is_changed = 1;
655 }
656 if (srrptr <= srrspace) {
657 opt->srr_is_hit = 1;
Li Weiac8a4812011-11-22 23:33:10 +0000658 opt->nexthop = nexthop;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700659 opt->is_changed = 1;
660 }
661 return 0;
662}
Bandan Das462fb2a2010-09-19 09:34:33 +0000663EXPORT_SYMBOL(ip_options_rcv_srr);