[linux.git] / net / ipv6 / mcast_snoop.c

/* Copyright (C) 2010: YOSHIFUJI Hideaki <[email protected]>
 * Copyright (C) 2015: Linus Lüssing <[email protected]>
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of version 2 of the GNU General Public
 * License as published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, see <http://www.gnu.org/licenses/>.
 *
 *
 * Based on the MLD support added to br_multicast.c by YOSHIFUJI Hideaki.
 */

#include <linux/skbuff.h>
#include <net/ipv6.h>
#include <net/mld.h>
#include <net/addrconf.h>
#include <net/ip6_checksum.h>

static int ipv6_mc_check_ip6hdr(struct sk_buff *skb)
{
	const struct ipv6hdr *ip6h;
	unsigned int len;
	unsigned int offset = skb_network_offset(skb) + sizeof(*ip6h);

	if (!pskb_may_pull(skb, offset))
		return -EINVAL;

	ip6h = ipv6_hdr(skb);

	if (ip6h->version != 6)
		return -EINVAL;

	len = offset + ntohs(ip6h->payload_len);
	if (skb->len < len || len <= offset)
		return -EINVAL;

	return 0;
}

static int ipv6_mc_check_exthdrs(struct sk_buff *skb)
{
	const struct ipv6hdr *ip6h;
	int offset;
	u8 nexthdr;
	__be16 frag_off;

	ip6h = ipv6_hdr(skb);

	if (ip6h->nexthdr != IPPROTO_HOPOPTS)
		return -ENOMSG;

	nexthdr = ip6h->nexthdr;
	offset = skb_network_offset(skb) + sizeof(*ip6h);
	offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);

	if (offset < 0)
		return -EINVAL;

	if (nexthdr != IPPROTO_ICMPV6)
		return -ENOMSG;

	skb_set_transport_header(skb, offset);

	return 0;
}

static int ipv6_mc_check_mld_reportv2(struct sk_buff *skb)
{
	unsigned int len = skb_transport_offset(skb);

	len += sizeof(struct mld2_report);

	return pskb_may_pull(skb, len) ? 0 : -EINVAL;
}

static int ipv6_mc_check_mld_query(struct sk_buff *skb)
{
	struct mld_msg *mld;
	unsigned int len = skb_transport_offset(skb);

	/* RFC2710+RFC3810 (MLDv1+MLDv2) require link-local source addresses */
	if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL))
		return -EINVAL;

	len += sizeof(struct mld_msg);
	if (skb->len < len)
		return -EINVAL;

	/* MLDv1? */
	if (skb->len != len) {
		/* or MLDv2? */
		len += sizeof(struct mld2_query) - sizeof(struct mld_msg);
		if (skb->len < len || !pskb_may_pull(skb, len))
			return -EINVAL;
	}

	mld = (struct mld_msg *)skb_transport_header(skb);

	/* RFC2710+RFC3810 (MLDv1+MLDv2) require the multicast link layer
	 * all-nodes destination address (ff02::1) for general queries
	 */
	if (ipv6_addr_any(&mld->mld_mca) &&
	    !ipv6_addr_is_ll_all_nodes(&ipv6_hdr(skb)->daddr))
		return -EINVAL;

	return 0;
}

static int ipv6_mc_check_mld_msg(struct sk_buff *skb)
{
	struct mld_msg *mld = (struct mld_msg *)skb_transport_header(skb);

	switch (mld->mld_type) {
	case ICMPV6_MGM_REDUCTION:
	case ICMPV6_MGM_REPORT:
		/* fall through */
		return 0;
	case ICMPV6_MLD2_REPORT:
		return ipv6_mc_check_mld_reportv2(skb);
	case ICMPV6_MGM_QUERY:
		return ipv6_mc_check_mld_query(skb);
	default:
		return -ENOMSG;
	}
}

static inline __sum16 ipv6_mc_validate_checksum(struct sk_buff *skb)
{
	return skb_checksum_validate(skb, IPPROTO_ICMPV6, ip6_compute_pseudo);
}

static int __ipv6_mc_check_mld(struct sk_buff *skb,
			       struct sk_buff **skb_trimmed)

{
	struct sk_buff *skb_chk = NULL;
	unsigned int transport_len;
	unsigned int len = skb_transport_offset(skb) + sizeof(struct mld_msg);
	int ret = -EINVAL;

	transport_len = ntohs(ipv6_hdr(skb)->payload_len);
	transport_len -= skb_transport_offset(skb) - sizeof(struct ipv6hdr);

	skb_chk = skb_checksum_trimmed(skb, transport_len,
				       ipv6_mc_validate_checksum);
	if (!skb_chk)
		goto err;

	if (!pskb_may_pull(skb_chk, len))
		goto err;

	ret = ipv6_mc_check_mld_msg(skb_chk);
	if (ret)
		goto err;

	if (skb_trimmed)
		*skb_trimmed = skb_chk;
	/* free now unneeded clone */
	else if (skb_chk != skb)
		kfree_skb(skb_chk);

	ret = 0;

err:
	if (ret && skb_chk && skb_chk != skb)
		kfree_skb(skb_chk);

	return ret;
}

/**
 * ipv6_mc_check_mld - checks whether this is a sane MLD packet
 * @skb: the skb to validate
 * @skb_trimmed: to store an skb pointer trimmed to IPv6 packet tail (optional)
 *
 * Checks whether an IPv6 packet is a valid MLD packet. If so sets
 * skb transport header accordingly and returns zero.
 *
 * -EINVAL: A broken packet was detected, i.e. it violates some internet
 *  standard
 * -ENOMSG: IP header validation succeeded but it is not an MLD packet.
 * -ENOMEM: A memory allocation failure happened.
 *
 * Optionally, an skb pointer might be provided via skb_trimmed (or set it
 * to NULL): After parsing an MLD packet successfully it will point to
 * an skb which has its tail aligned to the IP packet end. This might
 * either be the originally provided skb or a trimmed, cloned version if
 * the skb frame had data beyond the IP packet. A cloned skb allows us
 * to leave the original skb and its full frame unchanged (which might be
 * desirable for layer 2 frame jugglers).
 *
 * Caller needs to set the skb network header and free any returned skb if it
 * differs from the provided skb.
 */
int ipv6_mc_check_mld(struct sk_buff *skb, struct sk_buff **skb_trimmed)
{
	int ret;

	ret = ipv6_mc_check_ip6hdr(skb);
	if (ret < 0)
		return ret;

	ret = ipv6_mc_check_exthdrs(skb);
	if (ret < 0)
		return ret;

	return __ipv6_mc_check_mld(skb, skb_trimmed);
}
EXPORT_SYMBOL(ipv6_mc_check_mld);
Commit	Line	Data
9afd85c9 LL	1	/* Copyright (C) 2010: YOSHIFUJI Hideaki <[email protected]>
	2	* Copyright (C) 2015: Linus Lüssing <[email protected]>
	3	*
	4	* This program is free software; you can redistribute it and/or
	5	* modify it under the terms of version 2 of the GNU General Public
	6	* License as published by the Free Software Foundation.
	7	*
	8	* This program is distributed in the hope that it will be useful, but
	9	* WITHOUT ANY WARRANTY; without even the implied warranty of
	10	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	11	* General Public License for more details.
	12	*
	13	* You should have received a copy of the GNU General Public License
	14	* along with this program; if not, see <http://www.gnu.org/licenses/>.
	15	*
	16	*
	17	* Based on the MLD support added to br_multicast.c by YOSHIFUJI Hideaki.
	18	*/
	19
	20	#include <linux/skbuff.h>
	21	#include <net/ipv6.h>
	22	#include <net/mld.h>
	23	#include <net/addrconf.h>
	24	#include <net/ip6_checksum.h>
	25
	26	static int ipv6_mc_check_ip6hdr(struct sk_buff *skb)
	27	{
	28	const struct ipv6hdr *ip6h;
	29	unsigned int len;
	30	unsigned int offset = skb_network_offset(skb) + sizeof(*ip6h);
	31
	32	if (!pskb_may_pull(skb, offset))
	33	return -EINVAL;
	34
	35	ip6h = ipv6_hdr(skb);
	36
	37	if (ip6h->version != 6)
	38	return -EINVAL;
	39
	40	len = offset + ntohs(ip6h->payload_len);
	41	if (skb->len < len \|\| len <= offset)
	42	return -EINVAL;
	43
	44	return 0;
	45	}
	46
	47	static int ipv6_mc_check_exthdrs(struct sk_buff *skb)
	48	{
	49	const struct ipv6hdr *ip6h;
fcba67c9	50	int offset;
9afd85c9 LL	51	u8 nexthdr;
	52	__be16 frag_off;
	53
	54	ip6h = ipv6_hdr(skb);
	55
	56	if (ip6h->nexthdr != IPPROTO_HOPOPTS)
	57	return -ENOMSG;
	58
	59	nexthdr = ip6h->nexthdr;
	60	offset = skb_network_offset(skb) + sizeof(*ip6h);
	61	offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
	62
	63	if (offset < 0)
	64	return -EINVAL;
	65
	66	if (nexthdr != IPPROTO_ICMPV6)
	67	return -ENOMSG;
	68
	69	skb_set_transport_header(skb, offset);
	70
	71	return 0;
	72	}
	73
	74	static int ipv6_mc_check_mld_reportv2(struct sk_buff *skb)
	75	{
	76	unsigned int len = skb_transport_offset(skb);
	77
	78	len += sizeof(struct mld2_report);
	79
	80	return pskb_may_pull(skb, len) ? 0 : -EINVAL;
	81	}
	82
	83	static int ipv6_mc_check_mld_query(struct sk_buff *skb)
	84	{
	85	struct mld_msg *mld;
	86	unsigned int len = skb_transport_offset(skb);
	87
	88	/* RFC2710+RFC3810 (MLDv1+MLDv2) require link-local source addresses */
	89	if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL))
	90	return -EINVAL;
	91
	92	len += sizeof(struct mld_msg);
	93	if (skb->len < len)
	94	return -EINVAL;
	95
	96	/* MLDv1? */
	97	if (skb->len != len) {
	98	/* or MLDv2? */
	99	len += sizeof(struct mld2_query) - sizeof(struct mld_msg);
	100	if (skb->len < len \|\| !pskb_may_pull(skb, len))
	101	return -EINVAL;
	102	}
	103
	104	mld = (struct mld_msg *)skb_transport_header(skb);
	105
	106	/* RFC2710+RFC3810 (MLDv1+MLDv2) require the multicast link layer
	107	* all-nodes destination address (ff02::1) for general queries
	108	*/
	109	if (ipv6_addr_any(&mld->mld_mca) &&
	110	!ipv6_addr_is_ll_all_nodes(&ipv6_hdr(skb)->daddr))
	111	return -EINVAL;
	112
	113	return 0;
	114	}
115
116	static int ipv6_mc_check_mld_msg(struct sk_buff *skb)
117	{
118	struct mld_msg mld = (struct mld_msg )skb_transport_header(skb);
119
120	switch (mld->mld_type) {
121	case ICMPV6_MGM_REDUCTION:
122	case ICMPV6_MGM_REPORT:
123	/* fall through */
124	return 0;
125	case ICMPV6_MLD2_REPORT:
126	return ipv6_mc_check_mld_reportv2(skb);
127	case ICMPV6_MGM_QUERY:
128	return ipv6_mc_check_mld_query(skb);
129	default:
130	return -ENOMSG;
131	}
132	}
133
134	static inline __sum16 ipv6_mc_validate_checksum(struct sk_buff *skb)
135	{
136	return skb_checksum_validate(skb, IPPROTO_ICMPV6, ip6_compute_pseudo);
137	}
138
139	static int __ipv6_mc_check_mld(struct sk_buff *skb,
140	struct sk_buff **skb_trimmed)
141
142	{
143	struct sk_buff *skb_chk = NULL;
144	unsigned int transport_len;
145	unsigned int len = skb_transport_offset(skb) + sizeof(struct mld_msg);
a516993f	146	int ret = -EINVAL;
9afd85c9 LL	147
	148	transport_len = ntohs(ipv6_hdr(skb)->payload_len);
	149	transport_len -= skb_transport_offset(skb) - sizeof(struct ipv6hdr);
	150
9afd85c9 LL	151	skb_chk = skb_checksum_trimmed(skb, transport_len,
	152	ipv6_mc_validate_checksum);
	153	if (!skb_chk)
a516993f	154	goto err;
9afd85c9	155
a516993f LL	156	if (!pskb_may_pull(skb_chk, len))
a516993f LL	157	goto err;
9afd85c9 LL	158
9afd85c9 LL	159	ret = ipv6_mc_check_mld_msg(skb_chk);
a516993f LL	160	if (ret)
a516993f LL	161	goto err;
9afd85c9 LL	162
	163	if (skb_trimmed)
	164	*skb_trimmed = skb_chk;
a516993f LL	165	/* free now unneeded clone */
a516993f LL	166	else if (skb_chk != skb)
9afd85c9 LL	167	kfree_skb(skb_chk);
9afd85c9 LL	168
a516993f LL	169	ret = 0;
	170
	171	err:
	172	if (ret && skb_chk && skb_chk != skb)
	173	kfree_skb(skb_chk);
	174
	175	return ret;
9afd85c9 LL	176	}
	177
	178	/**
	179	* ipv6_mc_check_mld - checks whether this is a sane MLD packet
	180	* @skb: the skb to validate
	181	* @skb_trimmed: to store an skb pointer trimmed to IPv6 packet tail (optional)
	182	*
	183	* Checks whether an IPv6 packet is a valid MLD packet. If so sets
a516993f	184	* skb transport header accordingly and returns zero.
9afd85c9 LL	185	*
	186	* -EINVAL: A broken packet was detected, i.e. it violates some internet
	187	* standard
	188	* -ENOMSG: IP header validation succeeded but it is not an MLD packet.
	189	* -ENOMEM: A memory allocation failure happened.
	190	*
	191	* Optionally, an skb pointer might be provided via skb_trimmed (or set it
	192	* to NULL): After parsing an MLD packet successfully it will point to
	193	* an skb which has its tail aligned to the IP packet end. This might
	194	* either be the originally provided skb or a trimmed, cloned version if
	195	* the skb frame had data beyond the IP packet. A cloned skb allows us
	196	* to leave the original skb and its full frame unchanged (which might be
	197	* desirable for layer 2 frame jugglers).
	198	*
a516993f LL	199	* Caller needs to set the skb network header and free any returned skb if it
a516993f LL	200	* differs from the provided skb.
9afd85c9 LL	201	*/
	202	int ipv6_mc_check_mld(struct sk_buff skb, struct sk_buff *skb_trimmed)
	203	{
	204	int ret;
	205
	206	ret = ipv6_mc_check_ip6hdr(skb);
	207	if (ret < 0)
	208	return ret;
	209
	210	ret = ipv6_mc_check_exthdrs(skb);
	211	if (ret < 0)
	212	return ret;
	213
	214	return __ipv6_mc_check_mld(skb, skb_trimmed);
	215	}
	216	EXPORT_SYMBOL(ipv6_mc_check_mld);