[linux.git] / net / ipv6 / exthdrs_core.c

/*
 * IPv6 library code, needed by static components when full IPv6 support is
 * not configured or static.
 */
#include <linux/export.h>
#include <net/ipv6.h>

/*
 * find out if nexthdr is a well-known extension header or a protocol
 */

bool ipv6_ext_hdr(u8 nexthdr)
{
	/*
	 * find out if nexthdr is an extension header or a protocol
	 */
	return   (nexthdr == NEXTHDR_HOP)	||
		 (nexthdr == NEXTHDR_ROUTING)	||
		 (nexthdr == NEXTHDR_FRAGMENT)	||
		 (nexthdr == NEXTHDR_AUTH)	||
		 (nexthdr == NEXTHDR_NONE)	||
		 (nexthdr == NEXTHDR_DEST);
}
EXPORT_SYMBOL(ipv6_ext_hdr);

/*
 * Skip any extension headers. This is used by the ICMP module.
 *
 * Note that strictly speaking this conflicts with RFC 2460 4.0:
 * ...The contents and semantics of each extension header determine whether
 * or not to proceed to the next header.  Therefore, extension headers must
 * be processed strictly in the order they appear in the packet; a
 * receiver must not, for example, scan through a packet looking for a
 * particular kind of extension header and process that header prior to
 * processing all preceding ones.
 *
 * We do exactly this. This is a protocol bug. We can't decide after a
 * seeing an unknown discard-with-error flavour TLV option if it's a
 * ICMP error message or not (errors should never be send in reply to
 * ICMP error messages).
 *
 * But I see no other way to do this. This might need to be reexamined
 * when Linux implements ESP (and maybe AUTH) headers.
 * --AK
 *
 * This function parses (probably truncated) exthdr set "hdr".
 * "nexthdrp" initially points to some place,
 * where type of the first header can be found.
 *
 * It skips all well-known exthdrs, and returns pointer to the start
 * of unparsable area i.e. the first header with unknown type.
 * If it is not NULL *nexthdr is updated by type/protocol of this header.
 *
 * NOTES: - if packet terminated with NEXTHDR_NONE it returns NULL.
 *        - it may return pointer pointing beyond end of packet,
 *	    if the last recognized header is truncated in the middle.
 *        - if packet is truncated, so that all parsed headers are skipped,
 *	    it returns NULL.
 *	  - First fragment header is skipped, not-first ones
 *	    are considered as unparsable.
 *	  - Reports the offset field of the final fragment header so it is
 *	    possible to tell whether this is a first fragment, later fragment,
 *	    or not fragmented.
 *	  - ESP is unparsable for now and considered like
 *	    normal payload protocol.
 *	  - Note also special handling of AUTH header. Thanks to IPsec wizards.
 *
 * --ANK (980726)
 */

int ipv6_skip_exthdr(const struct sk_buff *skb, int start, u8 *nexthdrp,
		     __be16 *frag_offp)
{
	u8 nexthdr = *nexthdrp;

	*frag_offp = 0;

	while (ipv6_ext_hdr(nexthdr)) {
		struct ipv6_opt_hdr _hdr, *hp;
		int hdrlen;

		if (nexthdr == NEXTHDR_NONE)
			return -1;
		hp = skb_header_pointer(skb, start, sizeof(_hdr), &_hdr);
		if (!hp)
			return -1;
		if (nexthdr == NEXTHDR_FRAGMENT) {
			__be16 _frag_off, *fp;
			fp = skb_header_pointer(skb,
						start+offsetof(struct frag_hdr,
							       frag_off),
						sizeof(_frag_off),
						&_frag_off);
			if (!fp)
				return -1;

			*frag_offp = *fp;
			if (ntohs(*frag_offp) & ~0x7)
				break;
			hdrlen = 8;
		} else if (nexthdr == NEXTHDR_AUTH)
			hdrlen = (hp->hdrlen+2)<<2;
		else
			hdrlen = ipv6_optlen(hp);

		nexthdr = hp->nexthdr;
		start += hdrlen;
	}

	*nexthdrp = nexthdr;
	return start;
}
EXPORT_SYMBOL(ipv6_skip_exthdr);

int ipv6_find_tlv(const struct sk_buff *skb, int offset, int type)
{
	const unsigned char *nh = skb_network_header(skb);
	int packet_len = skb_tail_pointer(skb) - skb_network_header(skb);
	struct ipv6_opt_hdr *hdr;
	int len;

	if (offset + 2 > packet_len)
		goto bad;
	hdr = (struct ipv6_opt_hdr *)(nh + offset);
	len = ((hdr->hdrlen + 1) << 3);

	if (offset + len > packet_len)
		goto bad;

	offset += 2;
	len -= 2;

	while (len > 0) {
		int opttype = nh[offset];
		int optlen;

		if (opttype == type)
			return offset;

		switch (opttype) {
		case IPV6_TLV_PAD1:
			optlen = 1;
			break;
		default:
			optlen = nh[offset + 1] + 2;
			if (optlen > len)
				goto bad;
			break;
		}
		offset += optlen;
		len -= optlen;
	}
	/* not_found */
 bad:
	return -1;
}
EXPORT_SYMBOL_GPL(ipv6_find_tlv);

/*
 * find the offset to specified header or the protocol number of last header
 * if target < 0. "last header" is transport protocol header, ESP, or
 * "No next header".
 *
 * Note that *offset is used as input/output parameter. an if it is not zero,
 * then it must be a valid offset to an inner IPv6 header. This can be used
 * to explore inner IPv6 header, eg. ICMPv6 error messages.
 *
 * If target header is found, its offset is set in *offset and return protocol
 * number. Otherwise, return -1.
 *
 * If the first fragment doesn't contain the final protocol header or
 * NEXTHDR_NONE it is considered invalid.
 *
 * Note that non-1st fragment is special case that "the protocol number
 * of last header" is "next header" field in Fragment header. In this case,
 * *offset is meaningless and fragment offset is stored in *fragoff if fragoff
 * isn't NULL.
 *
 * if flags is not NULL and it's a fragment, then the frag flag
 * IP6_FH_F_FRAG will be set. If it's an AH header, the
 * IP6_FH_F_AUTH flag is set and target < 0, then this function will
 * stop at the AH header. If IP6_FH_F_SKIP_RH flag was passed, then this
 * function will skip all those routing headers, where segements_left was 0.
 */
int ipv6_find_hdr(const struct sk_buff *skb, unsigned int *offset,
		  int target, unsigned short *fragoff, int *flags)
{
	unsigned int start = skb_network_offset(skb) + sizeof(struct ipv6hdr);
	u8 nexthdr = ipv6_hdr(skb)->nexthdr;
	unsigned int len;
	bool found;

	if (fragoff)
		*fragoff = 0;

	if (*offset) {
		struct ipv6hdr _ip6, *ip6;

		ip6 = skb_header_pointer(skb, *offset, sizeof(_ip6), &_ip6);
		if (!ip6 || (ip6->version != 6)) {
			printk(KERN_ERR "IPv6 header not found\n");
			return -EBADMSG;
		}
		start = *offset + sizeof(struct ipv6hdr);
		nexthdr = ip6->nexthdr;
	}
	len = skb->len - start;

	do {
		struct ipv6_opt_hdr _hdr, *hp;
		unsigned int hdrlen;
		found = (nexthdr == target);

		if ((!ipv6_ext_hdr(nexthdr)) || nexthdr == NEXTHDR_NONE) {
			if (target < 0 || found)
				break;
			return -ENOENT;
		}

		hp = skb_header_pointer(skb, start, sizeof(_hdr), &_hdr);
		if (!hp)
			return -EBADMSG;

		if (nexthdr == NEXTHDR_ROUTING) {
			struct ipv6_rt_hdr _rh, *rh;

			rh = skb_header_pointer(skb, start, sizeof(_rh),
						&_rh);
			if (!rh)
				return -EBADMSG;

			if (flags && (*flags & IP6_FH_F_SKIP_RH) &&
			    rh->segments_left == 0)
				found = false;
		}

		if (nexthdr == NEXTHDR_FRAGMENT) {
			unsigned short _frag_off;
			__be16 *fp;

			if (flags)	/* Indicate that this is a fragment */
				*flags |= IP6_FH_F_FRAG;
			fp = skb_header_pointer(skb,
						start+offsetof(struct frag_hdr,
							       frag_off),
						sizeof(_frag_off),
						&_frag_off);
			if (!fp)
				return -EBADMSG;

			_frag_off = ntohs(*fp) & ~0x7;
			if (_frag_off) {
				if (target < 0 &&
				    ((!ipv6_ext_hdr(hp->nexthdr)) ||
				     hp->nexthdr == NEXTHDR_NONE)) {
					if (fragoff)
						*fragoff = _frag_off;
					return hp->nexthdr;
				}
				if (!found)
					return -ENOENT;
				if (fragoff)
					*fragoff = _frag_off;
				break;
			}
			hdrlen = 8;
		} else if (nexthdr == NEXTHDR_AUTH) {
			if (flags && (*flags & IP6_FH_F_AUTH) && (target < 0))
				break;
			hdrlen = (hp->hdrlen + 2) << 2;
		} else
			hdrlen = ipv6_optlen(hp);

		if (!found) {
			nexthdr = hp->nexthdr;
			len -= hdrlen;
			start += hdrlen;
		}
	} while (!found);

	*offset = start;
	return nexthdr;
}
EXPORT_SYMBOL(ipv6_find_hdr);
Commit	Line	Data
1da177e4 LT	1	/*
	2	* IPv6 library code, needed by static components when full IPv6 support is
	3	* not configured or static.
	4	*/
bc3b2d7f	5	#include <linux/export.h>
1da177e4 LT	6	#include <net/ipv6.h>
1da177e4 LT	7
1ab1457c	8	/*
1da177e4 LT	9	* find out if nexthdr is a well-known extension header or a protocol
	10	*/
	11
a50feda5	12	bool ipv6_ext_hdr(u8 nexthdr)
1da177e4	13	{
1ab1457c	14	/*
1da177e4 LT	15	* find out if nexthdr is an extension header or a protocol
1da177e4 LT	16	*/
a02cec21	17	return (nexthdr == NEXTHDR_HOP) \|\|
1da177e4 LT	18	(nexthdr == NEXTHDR_ROUTING) \|\|
	19	(nexthdr == NEXTHDR_FRAGMENT) \|\|
	20	(nexthdr == NEXTHDR_AUTH) \|\|
	21	(nexthdr == NEXTHDR_NONE) \|\|
a02cec21	22	(nexthdr == NEXTHDR_DEST);
1da177e4	23	}
81bd60b5	24	EXPORT_SYMBOL(ipv6_ext_hdr);
1da177e4 LT	25
	26	/*
	27	* Skip any extension headers. This is used by the ICMP module.
	28	*
	29	* Note that strictly speaking this conflicts with RFC 2460 4.0:
1ab1457c	30	* ...The contents and semantics of each extension header determine whether
1da177e4 LT	31	* or not to proceed to the next header. Therefore, extension headers must
	32	* be processed strictly in the order they appear in the packet; a
	33	* receiver must not, for example, scan through a packet looking for a
	34	* particular kind of extension header and process that header prior to
	35	* processing all preceding ones.
1ab1457c	36	*
1da177e4	37	* We do exactly this. This is a protocol bug. We can't decide after a
1ab1457c	38	* seeing an unknown discard-with-error flavour TLV option if it's a
1da177e4 LT	39	* ICMP error message or not (errors should never be send in reply to
1da177e4 LT	40	* ICMP error messages).
1ab1457c	41	*
1da177e4 LT	42	* But I see no other way to do this. This might need to be reexamined
	43	* when Linux implements ESP (and maybe AUTH) headers.
	44	* --AK
	45	*
0d3d077c HX	46	* This function parses (probably truncated) exthdr set "hdr".
0d3d077c HX	47	* "nexthdrp" initially points to some place,
1da177e4 LT	48	* where type of the first header can be found.
	49	*
	50	* It skips all well-known exthdrs, and returns pointer to the start
	51	* of unparsable area i.e. the first header with unknown type.
	52	* If it is not NULL *nexthdr is updated by type/protocol of this header.
	53	*
	54	* NOTES: - if packet terminated with NEXTHDR_NONE it returns NULL.
	55	* - it may return pointer pointing beyond end of packet,
	56	* if the last recognized header is truncated in the middle.
	57	* - if packet is truncated, so that all parsed headers are skipped,
	58	* it returns NULL.
	59	* - First fragment header is skipped, not-first ones
	60	* are considered as unparsable.
75f2811c JG	61	* - Reports the offset field of the final fragment header so it is
	62	* possible to tell whether this is a first fragment, later fragment,
	63	* or not fragmented.
1da177e4 LT	64	* - ESP is unparsable for now and considered like
	65	* normal payload protocol.
	66	* - Note also special handling of AUTH header. Thanks to IPsec wizards.
	67	*
	68	* --ANK (980726)
	69	*/
	70
75f2811c JG	71	int ipv6_skip_exthdr(const struct sk_buff skb, int start, u8 nexthdrp,
75f2811c JG	72	__be16 *frag_offp)
1da177e4 LT	73	{
	74	u8 nexthdr = *nexthdrp;
	75
75f2811c JG	76	*frag_offp = 0;
75f2811c JG	77
1da177e4 LT	78	while (ipv6_ext_hdr(nexthdr)) {
	79	struct ipv6_opt_hdr _hdr, *hp;
	80	int hdrlen;
	81
1da177e4 LT	82	if (nexthdr == NEXTHDR_NONE)
	83	return -1;
	84	hp = skb_header_pointer(skb, start, sizeof(_hdr), &_hdr);
63159f29	85	if (!hp)
0d3d077c	86	return -1;
1da177e4	87	if (nexthdr == NEXTHDR_FRAGMENT) {
e69a4adc	88	__be16 _frag_off, *fp;
1da177e4 LT	89	fp = skb_header_pointer(skb,
	90	start+offsetof(struct frag_hdr,
	91	frag_off),
	92	sizeof(_frag_off),
	93	&_frag_off);
63159f29	94	if (!fp)
1da177e4 LT	95	return -1;
1da177e4 LT	96
75f2811c JG	97	frag_offp = fp;
75f2811c JG	98	if (ntohs(*frag_offp) & ~0x7)
1da177e4 LT	99	break;
	100	hdrlen = 8;
	101	} else if (nexthdr == NEXTHDR_AUTH)
1ab1457c	102	hdrlen = (hp->hdrlen+2)<<2;
1da177e4	103	else
1ab1457c	104	hdrlen = ipv6_optlen(hp);
1da177e4 LT	105
1da177e4 LT	106	nexthdr = hp->nexthdr;
1da177e4 LT	107	start += hdrlen;
	108	}
	109
	110	*nexthdrp = nexthdr;
	111	return start;
	112	}
1da177e4	113	EXPORT_SYMBOL(ipv6_skip_exthdr);
3c73a036	114
0868383b	115	int ipv6_find_tlv(const struct sk_buff *skb, int offset, int type)
3c73a036 VY	116	{
3c73a036 VY	117	const unsigned char *nh = skb_network_header(skb);
29a3cad5	118	int packet_len = skb_tail_pointer(skb) - skb_network_header(skb);
3c73a036 VY	119	struct ipv6_opt_hdr *hdr;
	120	int len;
	121
	122	if (offset + 2 > packet_len)
	123	goto bad;
	124	hdr = (struct ipv6_opt_hdr *)(nh + offset);
	125	len = ((hdr->hdrlen + 1) << 3);
	126
	127	if (offset + len > packet_len)
	128	goto bad;
	129
	130	offset += 2;
	131	len -= 2;
	132
	133	while (len > 0) {
	134	int opttype = nh[offset];
	135	int optlen;
	136
	137	if (opttype == type)
	138	return offset;
	139
	140	switch (opttype) {
	141	case IPV6_TLV_PAD1:
	142	optlen = 1;
	143	break;
	144	default:
	145	optlen = nh[offset + 1] + 2;
	146	if (optlen > len)
	147	goto bad;
	148	break;
	149	}
	150	offset += optlen;
	151	len -= optlen;
	152	}
	153	/* not_found */
	154	bad:
	155	return -1;
	156	}
	157	EXPORT_SYMBOL_GPL(ipv6_find_tlv);
e7165030	158
f8f62675 JG	159	/*
	160	* find the offset to specified header or the protocol number of last header
	161	* if target < 0. "last header" is transport protocol header, ESP, or
	162	* "No next header".
	163	*
	164	* Note that *offset is used as input/output parameter. an if it is not zero,
	165	* then it must be a valid offset to an inner IPv6 header. This can be used
	166	* to explore inner IPv6 header, eg. ICMPv6 error messages.
	167	*
	168	* If target header is found, its offset is set in *offset and return protocol
	169	* number. Otherwise, return -1.
	170	*
	171	* If the first fragment doesn't contain the final protocol header or
	172	* NEXTHDR_NONE it is considered invalid.
	173	*
	174	* Note that non-1st fragment is special case that "the protocol number
	175	* of last header" is "next header" field in Fragment header. In this case,
	176	* offset is meaningless and fragment offset is stored in fragoff if fragoff
	177	* isn't NULL.
	178	*
9195bb8e AA	179	* if flags is not NULL and it's a fragment, then the frag flag
	180	* IP6_FH_F_FRAG will be set. If it's an AH header, the
	181	* IP6_FH_F_AUTH flag is set and target < 0, then this function will
	182	* stop at the AH header. If IP6_FH_F_SKIP_RH flag was passed, then this
	183	* function will skip all those routing headers, where segements_left was 0.
f8f62675 JG	184	*/
	185	int ipv6_find_hdr(const struct sk_buff skb, unsigned int offset,
	186	int target, unsigned short fragoff, int flags)
	187	{
	188	unsigned int start = skb_network_offset(skb) + sizeof(struct ipv6hdr);
	189	u8 nexthdr = ipv6_hdr(skb)->nexthdr;
	190	unsigned int len;
9195bb8e	191	bool found;
f8f62675 JG	192
	193	if (fragoff)
	194	*fragoff = 0;
	195
	196	if (*offset) {
	197	struct ipv6hdr _ip6, *ip6;
	198
	199	ip6 = skb_header_pointer(skb, *offset, sizeof(_ip6), &_ip6);
	200	if (!ip6 \|\| (ip6->version != 6)) {
	201	printk(KERN_ERR "IPv6 header not found\n");
	202	return -EBADMSG;
	203	}
	204	start = *offset + sizeof(struct ipv6hdr);
	205	nexthdr = ip6->nexthdr;
	206	}
	207	len = skb->len - start;
	208
9195bb8e	209	do {
f8f62675 JG	210	struct ipv6_opt_hdr _hdr, *hp;
f8f62675 JG	211	unsigned int hdrlen;
9195bb8e	212	found = (nexthdr == target);
f8f62675 JG	213
f8f62675 JG	214	if ((!ipv6_ext_hdr(nexthdr)) \|\| nexthdr == NEXTHDR_NONE) {
accfe0e3	215	if (target < 0 \|\| found)
f8f62675 JG	216	break;
	217	return -ENOENT;
	218	}
	219
	220	hp = skb_header_pointer(skb, start, sizeof(_hdr), &_hdr);
63159f29	221	if (!hp)
f8f62675	222	return -EBADMSG;
9195bb8e AA	223
	224	if (nexthdr == NEXTHDR_ROUTING) {
	225	struct ipv6_rt_hdr _rh, *rh;
	226
	227	rh = skb_header_pointer(skb, start, sizeof(_rh),
	228	&_rh);
63159f29	229	if (!rh)
9195bb8e AA	230	return -EBADMSG;
	231
	232	if (flags && (*flags & IP6_FH_F_SKIP_RH) &&
	233	rh->segments_left == 0)
	234	found = false;
	235	}
	236
f8f62675 JG	237	if (nexthdr == NEXTHDR_FRAGMENT) {
	238	unsigned short _frag_off;
	239	__be16 *fp;
	240
	241	if (flags) /* Indicate that this is a fragment */
	242	*flags \|= IP6_FH_F_FRAG;
	243	fp = skb_header_pointer(skb,
	244	start+offsetof(struct frag_hdr,
	245	frag_off),
	246	sizeof(_frag_off),
	247	&_frag_off);
63159f29	248	if (!fp)
f8f62675 JG	249	return -EBADMSG;
	250
	251	_frag_off = ntohs(*fp) & ~0x7;
	252	if (_frag_off) {
	253	if (target < 0 &&
	254	((!ipv6_ext_hdr(hp->nexthdr)) \|\|
	255	hp->nexthdr == NEXTHDR_NONE)) {
	256	if (fragoff)
	257	*fragoff = _frag_off;
	258	return hp->nexthdr;
	259	}
5d150a98 FW	260	if (!found)
	261	return -ENOENT;
	262	if (fragoff)
	263	*fragoff = _frag_off;
	264	break;
f8f62675 JG	265	}
	266	hdrlen = 8;
	267	} else if (nexthdr == NEXTHDR_AUTH) {
	268	if (flags && (*flags & IP6_FH_F_AUTH) && (target < 0))
	269	break;
	270	hdrlen = (hp->hdrlen + 2) << 2;
	271	} else
	272	hdrlen = ipv6_optlen(hp);
	273
9195bb8e AA	274	if (!found) {
	275	nexthdr = hp->nexthdr;
	276	len -= hdrlen;
	277	start += hdrlen;
	278	}
	279	} while (!found);
f8f62675 JG	280
	281	*offset = start;
	282	return nexthdr;
	283	}
	284	EXPORT_SYMBOL(ipv6_find_hdr);
e7165030	285