~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/net/ipv6/mcast_snoop.c

Version: ~ [ linux-6.1-rc7 ] ~ [ linux-6.0.10 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.80 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.156 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.225 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.267 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.300 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.334 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.302 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.9 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /* Copyright (C) 2010: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
  2  * Copyright (C) 2015: Linus L├╝ssing <linus.luessing@c0d3.blue>
  3  *
  4  * This program is free software; you can redistribute it and/or
  5  * modify it under the terms of version 2 of the GNU General Public
  6  * License as published by the Free Software Foundation.
  7  *
  8  * This program is distributed in the hope that it will be useful, but
  9  * WITHOUT ANY WARRANTY; without even the implied warranty of
 10  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 11  * General Public License for more details.
 12  *
 13  * You should have received a copy of the GNU General Public License
 14  * along with this program; if not, see <http://www.gnu.org/licenses/>.
 15  *
 16  *
 17  * Based on the MLD support added to br_multicast.c by YOSHIFUJI Hideaki.
 18  */
 19 
 20 #include <linux/skbuff.h>
 21 #include <net/ipv6.h>
 22 #include <net/mld.h>
 23 #include <net/addrconf.h>
 24 #include <net/ip6_checksum.h>
 25 
 26 static int ipv6_mc_check_ip6hdr(struct sk_buff *skb)
 27 {
 28         const struct ipv6hdr *ip6h;
 29         unsigned int len;
 30         unsigned int offset = skb_network_offset(skb) + sizeof(*ip6h);
 31 
 32         if (!pskb_may_pull(skb, offset))
 33                 return -EINVAL;
 34 
 35         ip6h = ipv6_hdr(skb);
 36 
 37         if (ip6h->version != 6)
 38                 return -EINVAL;
 39 
 40         len = offset + ntohs(ip6h->payload_len);
 41         if (skb->len < len || len <= offset)
 42                 return -EINVAL;
 43 
 44         return 0;
 45 }
 46 
 47 static int ipv6_mc_check_exthdrs(struct sk_buff *skb)
 48 {
 49         const struct ipv6hdr *ip6h;
 50         int offset;
 51         u8 nexthdr;
 52         __be16 frag_off;
 53 
 54         ip6h = ipv6_hdr(skb);
 55 
 56         if (ip6h->nexthdr != IPPROTO_HOPOPTS)
 57                 return -ENOMSG;
 58 
 59         nexthdr = ip6h->nexthdr;
 60         offset = skb_network_offset(skb) + sizeof(*ip6h);
 61         offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
 62 
 63         if (offset < 0)
 64                 return -EINVAL;
 65 
 66         if (nexthdr != IPPROTO_ICMPV6)
 67                 return -ENOMSG;
 68 
 69         skb_set_transport_header(skb, offset);
 70 
 71         return 0;
 72 }
 73 
 74 static int ipv6_mc_check_mld_reportv2(struct sk_buff *skb)
 75 {
 76         unsigned int len = skb_transport_offset(skb);
 77 
 78         len += sizeof(struct mld2_report);
 79 
 80         return pskb_may_pull(skb, len) ? 0 : -EINVAL;
 81 }
 82 
 83 static int ipv6_mc_check_mld_query(struct sk_buff *skb)
 84 {
 85         struct mld_msg *mld;
 86         unsigned int len = skb_transport_offset(skb);
 87 
 88         /* RFC2710+RFC3810 (MLDv1+MLDv2) require link-local source addresses */
 89         if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL))
 90                 return -EINVAL;
 91 
 92         len += sizeof(struct mld_msg);
 93         if (skb->len < len)
 94                 return -EINVAL;
 95 
 96         /* MLDv1? */
 97         if (skb->len != len) {
 98                 /* or MLDv2? */
 99                 len += sizeof(struct mld2_query) - sizeof(struct mld_msg);
100                 if (skb->len < len || !pskb_may_pull(skb, len))
101                         return -EINVAL;
102         }
103 
104         mld = (struct mld_msg *)skb_transport_header(skb);
105 
106         /* RFC2710+RFC3810 (MLDv1+MLDv2) require the multicast link layer
107          * all-nodes destination address (ff02::1) for general queries
108          */
109         if (ipv6_addr_any(&mld->mld_mca) &&
110             !ipv6_addr_is_ll_all_nodes(&ipv6_hdr(skb)->daddr))
111                 return -EINVAL;
112 
113         return 0;
114 }
115 
116 static int ipv6_mc_check_mld_msg(struct sk_buff *skb)
117 {
118         struct mld_msg *mld = (struct mld_msg *)skb_transport_header(skb);
119 
120         switch (mld->mld_type) {
121         case ICMPV6_MGM_REDUCTION:
122         case ICMPV6_MGM_REPORT:
123                 /* fall through */
124                 return 0;
125         case ICMPV6_MLD2_REPORT:
126                 return ipv6_mc_check_mld_reportv2(skb);
127         case ICMPV6_MGM_QUERY:
128                 return ipv6_mc_check_mld_query(skb);
129         default:
130                 return -ENOMSG;
131         }
132 }
133 
134 static inline __sum16 ipv6_mc_validate_checksum(struct sk_buff *skb)
135 {
136         return skb_checksum_validate(skb, IPPROTO_ICMPV6, ip6_compute_pseudo);
137 }
138 
139 static int __ipv6_mc_check_mld(struct sk_buff *skb,
140                                struct sk_buff **skb_trimmed)
141 
142 {
143         struct sk_buff *skb_chk = NULL;
144         unsigned int transport_len;
145         unsigned int len = skb_transport_offset(skb) + sizeof(struct mld_msg);
146         int ret = -EINVAL;
147 
148         transport_len = ntohs(ipv6_hdr(skb)->payload_len);
149         transport_len -= skb_transport_offset(skb) - sizeof(struct ipv6hdr);
150 
151         skb_chk = skb_checksum_trimmed(skb, transport_len,
152                                        ipv6_mc_validate_checksum);
153         if (!skb_chk)
154                 goto err;
155 
156         if (!pskb_may_pull(skb_chk, len))
157                 goto err;
158 
159         ret = ipv6_mc_check_mld_msg(skb_chk);
160         if (ret)
161                 goto err;
162 
163         if (skb_trimmed)
164                 *skb_trimmed = skb_chk;
165         /* free now unneeded clone */
166         else if (skb_chk != skb)
167                 kfree_skb(skb_chk);
168 
169         ret = 0;
170 
171 err:
172         if (ret && skb_chk && skb_chk != skb)
173                 kfree_skb(skb_chk);
174 
175         return ret;
176 }
177 
178 /**
179  * ipv6_mc_check_mld - checks whether this is a sane MLD packet
180  * @skb: the skb to validate
181  * @skb_trimmed: to store an skb pointer trimmed to IPv6 packet tail (optional)
182  *
183  * Checks whether an IPv6 packet is a valid MLD packet. If so sets
184  * skb transport header accordingly and returns zero.
185  *
186  * -EINVAL: A broken packet was detected, i.e. it violates some internet
187  *  standard
188  * -ENOMSG: IP header validation succeeded but it is not an MLD packet.
189  * -ENOMEM: A memory allocation failure happened.
190  *
191  * Optionally, an skb pointer might be provided via skb_trimmed (or set it
192  * to NULL): After parsing an MLD packet successfully it will point to
193  * an skb which has its tail aligned to the IP packet end. This might
194  * either be the originally provided skb or a trimmed, cloned version if
195  * the skb frame had data beyond the IP packet. A cloned skb allows us
196  * to leave the original skb and its full frame unchanged (which might be
197  * desirable for layer 2 frame jugglers).
198  *
199  * Caller needs to set the skb network header and free any returned skb if it
200  * differs from the provided skb.
201  */
202 int ipv6_mc_check_mld(struct sk_buff *skb, struct sk_buff **skb_trimmed)
203 {
204         int ret;
205 
206         ret = ipv6_mc_check_ip6hdr(skb);
207         if (ret < 0)
208                 return ret;
209 
210         ret = ipv6_mc_check_exthdrs(skb);
211         if (ret < 0)
212                 return ret;
213 
214         return __ipv6_mc_check_mld(skb, skb_trimmed);
215 }
216 EXPORT_SYMBOL(ipv6_mc_check_mld);
217 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp