Commit | Line | Data |
---|---|---|
b7c320ff | 1 | // SPDX-License-Identifier: GPL-2.0-only |
9afd85c9 LL |
2 | /* Copyright (C) 2010: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> |
3 | * Copyright (C) 2015: Linus Lüssing <linus.luessing@c0d3.blue> | |
4 | * | |
9afd85c9 LL |
5 | * Based on the MLD support added to br_multicast.c by YOSHIFUJI Hideaki. |
6 | */ | |
7 | ||
8 | #include <linux/skbuff.h> | |
9 | #include <net/ipv6.h> | |
10 | #include <net/mld.h> | |
11 | #include <net/addrconf.h> | |
12 | #include <net/ip6_checksum.h> | |
13 | ||
14 | static int ipv6_mc_check_ip6hdr(struct sk_buff *skb) | |
15 | { | |
16 | const struct ipv6hdr *ip6h; | |
17 | unsigned int len; | |
18 | unsigned int offset = skb_network_offset(skb) + sizeof(*ip6h); | |
19 | ||
20 | if (!pskb_may_pull(skb, offset)) | |
21 | return -EINVAL; | |
22 | ||
23 | ip6h = ipv6_hdr(skb); | |
24 | ||
25 | if (ip6h->version != 6) | |
26 | return -EINVAL; | |
27 | ||
28 | len = offset + ntohs(ip6h->payload_len); | |
29 | if (skb->len < len || len <= offset) | |
30 | return -EINVAL; | |
31 | ||
4b3087c7 LL |
32 | skb_set_transport_header(skb, offset); |
33 | ||
9afd85c9 LL |
34 | return 0; |
35 | } | |
36 | ||
37 | static int ipv6_mc_check_exthdrs(struct sk_buff *skb) | |
38 | { | |
39 | const struct ipv6hdr *ip6h; | |
fcba67c9 | 40 | int offset; |
9afd85c9 LL |
41 | u8 nexthdr; |
42 | __be16 frag_off; | |
43 | ||
44 | ip6h = ipv6_hdr(skb); | |
45 | ||
46 | if (ip6h->nexthdr != IPPROTO_HOPOPTS) | |
47 | return -ENOMSG; | |
48 | ||
49 | nexthdr = ip6h->nexthdr; | |
50 | offset = skb_network_offset(skb) + sizeof(*ip6h); | |
51 | offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off); | |
52 | ||
53 | if (offset < 0) | |
54 | return -EINVAL; | |
55 | ||
56 | if (nexthdr != IPPROTO_ICMPV6) | |
57 | return -ENOMSG; | |
58 | ||
59 | skb_set_transport_header(skb, offset); | |
60 | ||
61 | return 0; | |
62 | } | |
63 | ||
64 | static int ipv6_mc_check_mld_reportv2(struct sk_buff *skb) | |
65 | { | |
66 | unsigned int len = skb_transport_offset(skb); | |
67 | ||
68 | len += sizeof(struct mld2_report); | |
69 | ||
a2e2ca3b | 70 | return ipv6_mc_may_pull(skb, len) ? 0 : -EINVAL; |
9afd85c9 LL |
71 | } |
72 | ||
73 | static int ipv6_mc_check_mld_query(struct sk_buff *skb) | |
74 | { | |
a2e2ca3b | 75 | unsigned int transport_len = ipv6_transport_len(skb); |
9afd85c9 | 76 | struct mld_msg *mld; |
a2e2ca3b | 77 | unsigned int len; |
9afd85c9 LL |
78 | |
79 | /* RFC2710+RFC3810 (MLDv1+MLDv2) require link-local source addresses */ | |
80 | if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) | |
81 | return -EINVAL; | |
82 | ||
9afd85c9 | 83 | /* MLDv1? */ |
a2e2ca3b | 84 | if (transport_len != sizeof(struct mld_msg)) { |
9afd85c9 | 85 | /* or MLDv2? */ |
a2e2ca3b LL |
86 | if (transport_len < sizeof(struct mld2_query)) |
87 | return -EINVAL; | |
88 | ||
89 | len = skb_transport_offset(skb) + sizeof(struct mld2_query); | |
90 | if (!ipv6_mc_may_pull(skb, len)) | |
9afd85c9 LL |
91 | return -EINVAL; |
92 | } | |
93 | ||
94 | mld = (struct mld_msg *)skb_transport_header(skb); | |
95 | ||
96 | /* RFC2710+RFC3810 (MLDv1+MLDv2) require the multicast link layer | |
97 | * all-nodes destination address (ff02::1) for general queries | |
98 | */ | |
99 | if (ipv6_addr_any(&mld->mld_mca) && | |
100 | !ipv6_addr_is_ll_all_nodes(&ipv6_hdr(skb)->daddr)) | |
101 | return -EINVAL; | |
102 | ||
103 | return 0; | |
104 | } | |
105 | ||
106 | static int ipv6_mc_check_mld_msg(struct sk_buff *skb) | |
107 | { | |
a2e2ca3b LL |
108 | unsigned int len = skb_transport_offset(skb) + sizeof(struct mld_msg); |
109 | struct mld_msg *mld; | |
110 | ||
111 | if (!ipv6_mc_may_pull(skb, len)) | |
99014088 | 112 | return -ENODATA; |
a2e2ca3b LL |
113 | |
114 | mld = (struct mld_msg *)skb_transport_header(skb); | |
9afd85c9 LL |
115 | |
116 | switch (mld->mld_type) { | |
117 | case ICMPV6_MGM_REDUCTION: | |
118 | case ICMPV6_MGM_REPORT: | |
9afd85c9 LL |
119 | return 0; |
120 | case ICMPV6_MLD2_REPORT: | |
121 | return ipv6_mc_check_mld_reportv2(skb); | |
122 | case ICMPV6_MGM_QUERY: | |
123 | return ipv6_mc_check_mld_query(skb); | |
124 | default: | |
99014088 | 125 | return -ENODATA; |
9afd85c9 LL |
126 | } |
127 | } | |
128 | ||
129 | static inline __sum16 ipv6_mc_validate_checksum(struct sk_buff *skb) | |
130 | { | |
131 | return skb_checksum_validate(skb, IPPROTO_ICMPV6, ip6_compute_pseudo); | |
132 | } | |
133 | ||
99014088 | 134 | static int ipv6_mc_check_icmpv6(struct sk_buff *skb) |
9afd85c9 | 135 | { |
a2e2ca3b LL |
136 | unsigned int len = skb_transport_offset(skb) + sizeof(struct icmp6hdr); |
137 | unsigned int transport_len = ipv6_transport_len(skb); | |
138 | struct sk_buff *skb_chk; | |
9afd85c9 | 139 | |
a2e2ca3b LL |
140 | if (!ipv6_mc_may_pull(skb, len)) |
141 | return -EINVAL; | |
9afd85c9 | 142 | |
9afd85c9 LL |
143 | skb_chk = skb_checksum_trimmed(skb, transport_len, |
144 | ipv6_mc_validate_checksum); | |
145 | if (!skb_chk) | |
a2e2ca3b | 146 | return -EINVAL; |
a516993f | 147 | |
a2e2ca3b | 148 | if (skb_chk != skb) |
a516993f LL |
149 | kfree_skb(skb_chk); |
150 | ||
a2e2ca3b | 151 | return 0; |
9afd85c9 LL |
152 | } |
153 | ||
154 | /** | |
155 | * ipv6_mc_check_mld - checks whether this is a sane MLD packet | |
156 | * @skb: the skb to validate | |
9afd85c9 LL |
157 | * |
158 | * Checks whether an IPv6 packet is a valid MLD packet. If so sets | |
a516993f | 159 | * skb transport header accordingly and returns zero. |
9afd85c9 LL |
160 | * |
161 | * -EINVAL: A broken packet was detected, i.e. it violates some internet | |
162 | * standard | |
99014088 LL |
163 | * -ENOMSG: IP header validation succeeded but it is not an ICMPv6 packet |
164 | * with a hop-by-hop option. | |
165 | * -ENODATA: IP+ICMPv6 header with hop-by-hop option validation succeeded | |
166 | * but it is not an MLD packet. | |
9afd85c9 LL |
167 | * -ENOMEM: A memory allocation failure happened. |
168 | * | |
a516993f LL |
169 | * Caller needs to set the skb network header and free any returned skb if it |
170 | * differs from the provided skb. | |
9afd85c9 | 171 | */ |
ba5ea614 | 172 | int ipv6_mc_check_mld(struct sk_buff *skb) |
9afd85c9 LL |
173 | { |
174 | int ret; | |
175 | ||
176 | ret = ipv6_mc_check_ip6hdr(skb); | |
177 | if (ret < 0) | |
178 | return ret; | |
179 | ||
180 | ret = ipv6_mc_check_exthdrs(skb); | |
181 | if (ret < 0) | |
182 | return ret; | |
183 | ||
a2e2ca3b LL |
184 | ret = ipv6_mc_check_icmpv6(skb); |
185 | if (ret < 0) | |
186 | return ret; | |
187 | ||
188 | return ipv6_mc_check_mld_msg(skb); | |
9afd85c9 LL |
189 | } |
190 | EXPORT_SYMBOL(ipv6_mc_check_mld); |