Commit | Line | Data |
---|---|---|
1ccea77e | 1 | // SPDX-License-Identifier: GPL-2.0-or-later |
2c8d7ca0 NT |
2 | /* |
3 | * Copyright (C)2003-2006 Helsinki University of Technology | |
4 | * Copyright (C)2003-2006 USAGI/WIDE Project | |
2c8d7ca0 NT |
5 | */ |
6 | /* | |
7 | * Authors: | |
8 | * Noriaki TAKAMIYA @USAGI | |
9 | * Masahide NAKAMURA @USAGI | |
10 | */ | |
11 | ||
f3213831 JP |
12 | #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt |
13 | ||
2c8d7ca0 NT |
14 | #include <linux/module.h> |
15 | #include <linux/skbuff.h> | |
70182ed2 | 16 | #include <linux/time.h> |
2c8d7ca0 | 17 | #include <linux/ipv6.h> |
7be96f76 MN |
18 | #include <linux/icmpv6.h> |
19 | #include <net/sock.h> | |
2c8d7ca0 | 20 | #include <net/ipv6.h> |
7be96f76 | 21 | #include <net/ip6_checksum.h> |
59fbb3a6 | 22 | #include <net/rawv6.h> |
2c8d7ca0 NT |
23 | #include <net/xfrm.h> |
24 | #include <net/mip6.h> | |
25 | ||
3d126890 NT |
26 | static inline unsigned int calc_padlen(unsigned int len, unsigned int n) |
27 | { | |
28 | return (n - len + 16) & 0x7; | |
29 | } | |
30 | ||
31 | static inline void *mip6_padn(__u8 *data, __u8 padlen) | |
32 | { | |
33 | if (!data) | |
34 | return NULL; | |
35 | if (padlen == 1) { | |
1de5a71c | 36 | data[0] = IPV6_TLV_PAD1; |
3d126890 | 37 | } else if (padlen > 1) { |
7f1eced8 | 38 | data[0] = IPV6_TLV_PADN; |
3d126890 NT |
39 | data[1] = padlen - 2; |
40 | if (padlen > 2) | |
41 | memset(data+2, 0, data[1]); | |
42 | } | |
43 | return data + padlen; | |
44 | } | |
45 | ||
d5fdd6ba | 46 | static inline void mip6_param_prob(struct sk_buff *skb, u8 code, int pos) |
7be96f76 | 47 | { |
3ffe533c | 48 | icmpv6_send(skb, ICMPV6_PARAMPROB, code, pos); |
7be96f76 MN |
49 | } |
50 | ||
51 | static int mip6_mh_len(int type) | |
52 | { | |
53 | int len = 0; | |
54 | ||
55 | switch (type) { | |
56 | case IP6_MH_TYPE_BRR: | |
57 | len = 0; | |
58 | break; | |
59 | case IP6_MH_TYPE_HOTI: | |
60 | case IP6_MH_TYPE_COTI: | |
61 | case IP6_MH_TYPE_BU: | |
62 | case IP6_MH_TYPE_BACK: | |
63 | len = 1; | |
64 | break; | |
65 | case IP6_MH_TYPE_HOT: | |
66 | case IP6_MH_TYPE_COT: | |
67 | case IP6_MH_TYPE_BERROR: | |
68 | len = 2; | |
69 | break; | |
70 | } | |
71 | return len; | |
72 | } | |
73 | ||
59fbb3a6 | 74 | static int mip6_mh_filter(struct sock *sk, struct sk_buff *skb) |
7be96f76 | 75 | { |
96af69ea ED |
76 | struct ip6_mh _hdr; |
77 | const struct ip6_mh *mh; | |
7be96f76 | 78 | |
96af69ea ED |
79 | mh = skb_header_pointer(skb, skb_transport_offset(skb), |
80 | sizeof(_hdr), &_hdr); | |
81 | if (!mh) | |
7be96f76 MN |
82 | return -1; |
83 | ||
96af69ea ED |
84 | if (((mh->ip6mh_hdrlen + 1) << 3) > skb->len) |
85 | return -1; | |
7be96f76 MN |
86 | |
87 | if (mh->ip6mh_hdrlen < mip6_mh_len(mh->ip6mh_type)) { | |
ba7a46f1 JP |
88 | net_dbg_ratelimited("mip6: MH message too short: %d vs >=%d\n", |
89 | mh->ip6mh_hdrlen, | |
90 | mip6_mh_len(mh->ip6mh_type)); | |
96af69ea ED |
91 | mip6_param_prob(skb, 0, offsetof(struct ip6_mh, ip6mh_hdrlen) + |
92 | skb_network_header_len(skb)); | |
7be96f76 MN |
93 | return -1; |
94 | } | |
7be96f76 MN |
95 | |
96 | if (mh->ip6mh_proto != IPPROTO_NONE) { | |
ba7a46f1 JP |
97 | net_dbg_ratelimited("mip6: MH invalid payload proto = %d\n", |
98 | mh->ip6mh_proto); | |
96af69ea ED |
99 | mip6_param_prob(skb, 0, offsetof(struct ip6_mh, ip6mh_proto) + |
100 | skb_network_header_len(skb)); | |
7be96f76 MN |
101 | return -1; |
102 | } | |
103 | ||
104 | return 0; | |
105 | } | |
106 | ||
70182ed2 MN |
107 | struct mip6_report_rate_limiter { |
108 | spinlock_t lock; | |
3dd7669f | 109 | ktime_t stamp; |
70182ed2 MN |
110 | int iif; |
111 | struct in6_addr src; | |
112 | struct in6_addr dst; | |
113 | }; | |
114 | ||
115 | static struct mip6_report_rate_limiter mip6_report_rl = { | |
4ef8d0ae | 116 | .lock = __SPIN_LOCK_UNLOCKED(mip6_report_rl.lock) |
70182ed2 MN |
117 | }; |
118 | ||
3d126890 NT |
119 | static int mip6_destopt_input(struct xfrm_state *x, struct sk_buff *skb) |
120 | { | |
b71d1d42 | 121 | const struct ipv6hdr *iph = ipv6_hdr(skb); |
3d126890 | 122 | struct ipv6_destopt_hdr *destopt = (struct ipv6_destopt_hdr *)skb->data; |
0ebea8ef | 123 | int err = destopt->nexthdr; |
3d126890 | 124 | |
0ebea8ef | 125 | spin_lock(&x->lock); |
3d126890 NT |
126 | if (!ipv6_addr_equal(&iph->saddr, (struct in6_addr *)x->coaddr) && |
127 | !ipv6_addr_any((struct in6_addr *)x->coaddr)) | |
0ebea8ef HX |
128 | err = -ENOENT; |
129 | spin_unlock(&x->lock); | |
3d126890 | 130 | |
0ebea8ef | 131 | return err; |
3d126890 NT |
132 | } |
133 | ||
134 | /* Destination Option Header is inserted. | |
135 | * IP Header's src address is replaced with Home Address Option in | |
136 | * Destination Option Header. | |
137 | */ | |
138 | static int mip6_destopt_output(struct xfrm_state *x, struct sk_buff *skb) | |
139 | { | |
140 | struct ipv6hdr *iph; | |
141 | struct ipv6_destopt_hdr *dstopt; | |
142 | struct ipv6_destopt_hao *hao; | |
143 | u8 nexthdr; | |
144 | int len; | |
145 | ||
7b277b1a | 146 | skb_push(skb, -skb_network_offset(skb)); |
007f0211 | 147 | iph = ipv6_hdr(skb); |
3d126890 | 148 | |
007f0211 HX |
149 | nexthdr = *skb_mac_header(skb); |
150 | *skb_mac_header(skb) = IPPROTO_DSTOPTS; | |
3d126890 | 151 | |
9c70220b | 152 | dstopt = (struct ipv6_destopt_hdr *)skb_transport_header(skb); |
3d126890 NT |
153 | dstopt->nexthdr = nexthdr; |
154 | ||
155 | hao = mip6_padn((char *)(dstopt + 1), | |
156 | calc_padlen(sizeof(*dstopt), 6)); | |
157 | ||
158 | hao->type = IPV6_TLV_HAO; | |
547b792c | 159 | BUILD_BUG_ON(sizeof(*hao) != 18); |
3d126890 | 160 | hao->length = sizeof(*hao) - 2; |
3d126890 NT |
161 | |
162 | len = ((char *)hao - (char *)dstopt) + sizeof(*hao); | |
163 | ||
164 | memcpy(&hao->addr, &iph->saddr, sizeof(hao->addr)); | |
b7c6538c | 165 | spin_lock_bh(&x->lock); |
3d126890 | 166 | memcpy(&iph->saddr, x->coaddr, sizeof(iph->saddr)); |
b7c6538c | 167 | spin_unlock_bh(&x->lock); |
3d126890 | 168 | |
547b792c | 169 | WARN_ON(len != x->props.header_len); |
3d126890 NT |
170 | dstopt->hdrlen = (x->props.header_len >> 3) - 1; |
171 | ||
172 | return 0; | |
173 | } | |
174 | ||
3dd7669f | 175 | static inline int mip6_report_rl_allow(ktime_t stamp, |
b71d1d42 ED |
176 | const struct in6_addr *dst, |
177 | const struct in6_addr *src, int iif) | |
70182ed2 MN |
178 | { |
179 | int allow = 0; | |
180 | ||
181 | spin_lock_bh(&mip6_report_rl.lock); | |
1f3a8e49 | 182 | if (mip6_report_rl.stamp != stamp || |
70182ed2 MN |
183 | mip6_report_rl.iif != iif || |
184 | !ipv6_addr_equal(&mip6_report_rl.src, src) || | |
185 | !ipv6_addr_equal(&mip6_report_rl.dst, dst)) { | |
3dd7669f | 186 | mip6_report_rl.stamp = stamp; |
70182ed2 | 187 | mip6_report_rl.iif = iif; |
4e3fd7a0 AD |
188 | mip6_report_rl.src = *src; |
189 | mip6_report_rl.dst = *dst; | |
70182ed2 MN |
190 | allow = 1; |
191 | } | |
192 | spin_unlock_bh(&mip6_report_rl.lock); | |
193 | return allow; | |
194 | } | |
195 | ||
8f029de2 DM |
196 | static int mip6_destopt_reject(struct xfrm_state *x, struct sk_buff *skb, |
197 | const struct flowi *fl) | |
70182ed2 | 198 | { |
db983c11 | 199 | struct net *net = xs_net(x); |
70182ed2 | 200 | struct inet6_skb_parm *opt = (struct inet6_skb_parm *)skb->cb; |
4c9483b2 | 201 | const struct flowi6 *fl6 = &fl->u.ip6; |
70182ed2 MN |
202 | struct ipv6_destopt_hao *hao = NULL; |
203 | struct xfrm_selector sel; | |
204 | int offset; | |
3dd7669f | 205 | ktime_t stamp; |
70182ed2 MN |
206 | int err = 0; |
207 | ||
4c9483b2 | 208 | if (unlikely(fl6->flowi6_proto == IPPROTO_MH && |
1958b856 | 209 | fl6->fl6_mh_type <= IP6_MH_TYPE_MAX)) |
01be8e5d MN |
210 | goto out; |
211 | ||
70182ed2 MN |
212 | if (likely(opt->dsthao)) { |
213 | offset = ipv6_find_tlv(skb, opt->dsthao, IPV6_TLV_HAO); | |
214 | if (likely(offset >= 0)) | |
d56f90a7 ACM |
215 | hao = (struct ipv6_destopt_hao *) |
216 | (skb_network_header(skb) + offset); | |
70182ed2 MN |
217 | } |
218 | ||
3dd7669f | 219 | stamp = skb_get_ktime(skb); |
70182ed2 | 220 | |
3dd7669f | 221 | if (!mip6_report_rl_allow(stamp, &ipv6_hdr(skb)->daddr, |
0660e03f | 222 | hao ? &hao->addr : &ipv6_hdr(skb)->saddr, |
70182ed2 MN |
223 | opt->iif)) |
224 | goto out; | |
225 | ||
226 | memset(&sel, 0, sizeof(sel)); | |
0660e03f | 227 | memcpy(&sel.daddr, (xfrm_address_t *)&ipv6_hdr(skb)->daddr, |
70182ed2 MN |
228 | sizeof(sel.daddr)); |
229 | sel.prefixlen_d = 128; | |
0660e03f | 230 | memcpy(&sel.saddr, (xfrm_address_t *)&ipv6_hdr(skb)->saddr, |
70182ed2 MN |
231 | sizeof(sel.saddr)); |
232 | sel.prefixlen_s = 128; | |
233 | sel.family = AF_INET6; | |
4c9483b2 DM |
234 | sel.proto = fl6->flowi6_proto; |
235 | sel.dport = xfrm_flowi_dport(fl, &fl6->uli); | |
70182ed2 | 236 | if (sel.dport) |
e69a4adc | 237 | sel.dport_mask = htons(~0); |
4c9483b2 | 238 | sel.sport = xfrm_flowi_sport(fl, &fl6->uli); |
70182ed2 | 239 | if (sel.sport) |
e69a4adc | 240 | sel.sport_mask = htons(~0); |
4c9483b2 | 241 | sel.ifindex = fl6->flowi6_oif; |
70182ed2 | 242 | |
db983c11 | 243 | err = km_report(net, IPPROTO_DSTOPTS, &sel, |
70182ed2 MN |
244 | (hao ? (xfrm_address_t *)&hao->addr : NULL)); |
245 | ||
246 | out: | |
247 | return err; | |
248 | } | |
249 | ||
e1e10b44 | 250 | static int mip6_destopt_init_state(struct xfrm_state *x, struct netlink_ext_ack *extack) |
3d126890 NT |
251 | { |
252 | if (x->id.spi) { | |
28b5dbd5 | 253 | NL_SET_ERR_MSG(extack, "SPI must be 0"); |
3d126890 NT |
254 | return -EINVAL; |
255 | } | |
256 | if (x->props.mode != XFRM_MODE_ROUTEOPTIMIZATION) { | |
28b5dbd5 | 257 | NL_SET_ERR_MSG(extack, "XFRM mode must be XFRM_MODE_ROUTEOPTIMIZATION"); |
3d126890 NT |
258 | return -EINVAL; |
259 | } | |
260 | ||
261 | x->props.header_len = sizeof(struct ipv6_destopt_hdr) + | |
262 | calc_padlen(sizeof(struct ipv6_destopt_hdr), 6) + | |
263 | sizeof(struct ipv6_destopt_hao); | |
547b792c | 264 | WARN_ON(x->props.header_len != 24); |
3d126890 NT |
265 | |
266 | return 0; | |
267 | } | |
268 | ||
269 | /* | |
270 | * Do nothing about destroying since it has no specific operation for | |
271 | * destination options header unlike IPsec protocols. | |
272 | */ | |
273 | static void mip6_destopt_destroy(struct xfrm_state *x) | |
274 | { | |
275 | } | |
276 | ||
cc24beca | 277 | static const struct xfrm_type mip6_destopt_type = { |
3d126890 | 278 | .owner = THIS_MODULE, |
cc24beca | 279 | .proto = IPPROTO_DSTOPTS, |
f04e7e8d | 280 | .flags = XFRM_TYPE_NON_FRAGMENT | XFRM_TYPE_LOCAL_COADDR, |
3d126890 NT |
281 | .init_state = mip6_destopt_init_state, |
282 | .destructor = mip6_destopt_destroy, | |
283 | .input = mip6_destopt_input, | |
284 | .output = mip6_destopt_output, | |
1ab1457c | 285 | .reject = mip6_destopt_reject, |
3d126890 NT |
286 | }; |
287 | ||
2c8d7ca0 NT |
288 | static int mip6_rthdr_input(struct xfrm_state *x, struct sk_buff *skb) |
289 | { | |
b71d1d42 | 290 | const struct ipv6hdr *iph = ipv6_hdr(skb); |
2c8d7ca0 | 291 | struct rt2_hdr *rt2 = (struct rt2_hdr *)skb->data; |
0ebea8ef | 292 | int err = rt2->rt_hdr.nexthdr; |
2c8d7ca0 | 293 | |
0ebea8ef | 294 | spin_lock(&x->lock); |
d9a9dc66 | 295 | if (!ipv6_addr_equal(&iph->daddr, (struct in6_addr *)x->coaddr) && |
2c8d7ca0 | 296 | !ipv6_addr_any((struct in6_addr *)x->coaddr)) |
0ebea8ef HX |
297 | err = -ENOENT; |
298 | spin_unlock(&x->lock); | |
2c8d7ca0 | 299 | |
0ebea8ef | 300 | return err; |
2c8d7ca0 NT |
301 | } |
302 | ||
303 | /* Routing Header type 2 is inserted. | |
304 | * IP Header's dst address is replaced with Routing Header's Home Address. | |
305 | */ | |
306 | static int mip6_rthdr_output(struct xfrm_state *x, struct sk_buff *skb) | |
307 | { | |
308 | struct ipv6hdr *iph; | |
309 | struct rt2_hdr *rt2; | |
310 | u8 nexthdr; | |
311 | ||
7b277b1a | 312 | skb_push(skb, -skb_network_offset(skb)); |
007f0211 | 313 | iph = ipv6_hdr(skb); |
2c8d7ca0 | 314 | |
007f0211 HX |
315 | nexthdr = *skb_mac_header(skb); |
316 | *skb_mac_header(skb) = IPPROTO_ROUTING; | |
2c8d7ca0 | 317 | |
9c70220b | 318 | rt2 = (struct rt2_hdr *)skb_transport_header(skb); |
2c8d7ca0 NT |
319 | rt2->rt_hdr.nexthdr = nexthdr; |
320 | rt2->rt_hdr.hdrlen = (x->props.header_len >> 3) - 1; | |
321 | rt2->rt_hdr.type = IPV6_SRCRT_TYPE_2; | |
322 | rt2->rt_hdr.segments_left = 1; | |
323 | memset(&rt2->reserved, 0, sizeof(rt2->reserved)); | |
324 | ||
547b792c | 325 | WARN_ON(rt2->rt_hdr.hdrlen != 2); |
2c8d7ca0 NT |
326 | |
327 | memcpy(&rt2->addr, &iph->daddr, sizeof(rt2->addr)); | |
b7c6538c | 328 | spin_lock_bh(&x->lock); |
2c8d7ca0 | 329 | memcpy(&iph->daddr, x->coaddr, sizeof(iph->daddr)); |
b7c6538c | 330 | spin_unlock_bh(&x->lock); |
2c8d7ca0 NT |
331 | |
332 | return 0; | |
333 | } | |
334 | ||
e1e10b44 | 335 | static int mip6_rthdr_init_state(struct xfrm_state *x, struct netlink_ext_ack *extack) |
2c8d7ca0 NT |
336 | { |
337 | if (x->id.spi) { | |
28b5dbd5 | 338 | NL_SET_ERR_MSG(extack, "SPI must be 0"); |
2c8d7ca0 NT |
339 | return -EINVAL; |
340 | } | |
341 | if (x->props.mode != XFRM_MODE_ROUTEOPTIMIZATION) { | |
28b5dbd5 | 342 | NL_SET_ERR_MSG(extack, "XFRM mode must be XFRM_MODE_ROUTEOPTIMIZATION"); |
2c8d7ca0 NT |
343 | return -EINVAL; |
344 | } | |
345 | ||
346 | x->props.header_len = sizeof(struct rt2_hdr); | |
347 | ||
348 | return 0; | |
349 | } | |
350 | ||
351 | /* | |
352 | * Do nothing about destroying since it has no specific operation for routing | |
353 | * header type 2 unlike IPsec protocols. | |
354 | */ | |
355 | static void mip6_rthdr_destroy(struct xfrm_state *x) | |
356 | { | |
357 | } | |
358 | ||
cc24beca | 359 | static const struct xfrm_type mip6_rthdr_type = { |
2c8d7ca0 | 360 | .owner = THIS_MODULE, |
cc24beca | 361 | .proto = IPPROTO_ROUTING, |
f04e7e8d | 362 | .flags = XFRM_TYPE_NON_FRAGMENT | XFRM_TYPE_REMOTE_COADDR, |
2c8d7ca0 NT |
363 | .init_state = mip6_rthdr_init_state, |
364 | .destructor = mip6_rthdr_destroy, | |
365 | .input = mip6_rthdr_input, | |
366 | .output = mip6_rthdr_output, | |
2c8d7ca0 NT |
367 | }; |
368 | ||
59fbb3a6 | 369 | static int __init mip6_init(void) |
2c8d7ca0 | 370 | { |
f3213831 | 371 | pr_info("Mobile IPv6\n"); |
2c8d7ca0 | 372 | |
3d126890 | 373 | if (xfrm_register_type(&mip6_destopt_type, AF_INET6) < 0) { |
f3213831 | 374 | pr_info("%s: can't add xfrm type(destopt)\n", __func__); |
3d126890 NT |
375 | goto mip6_destopt_xfrm_fail; |
376 | } | |
2c8d7ca0 | 377 | if (xfrm_register_type(&mip6_rthdr_type, AF_INET6) < 0) { |
f3213831 | 378 | pr_info("%s: can't add xfrm type(rthdr)\n", __func__); |
2c8d7ca0 NT |
379 | goto mip6_rthdr_xfrm_fail; |
380 | } | |
59fbb3a6 | 381 | if (rawv6_mh_filter_register(mip6_mh_filter) < 0) { |
f3213831 | 382 | pr_info("%s: can't add rawv6 mh filter\n", __func__); |
59fbb3a6 MN |
383 | goto mip6_rawv6_mh_fail; |
384 | } | |
385 | ||
386 | ||
2c8d7ca0 NT |
387 | return 0; |
388 | ||
59fbb3a6 MN |
389 | mip6_rawv6_mh_fail: |
390 | xfrm_unregister_type(&mip6_rthdr_type, AF_INET6); | |
2c8d7ca0 | 391 | mip6_rthdr_xfrm_fail: |
3d126890 NT |
392 | xfrm_unregister_type(&mip6_destopt_type, AF_INET6); |
393 | mip6_destopt_xfrm_fail: | |
2c8d7ca0 NT |
394 | return -EAGAIN; |
395 | } | |
396 | ||
59fbb3a6 | 397 | static void __exit mip6_fini(void) |
2c8d7ca0 | 398 | { |
59fbb3a6 | 399 | if (rawv6_mh_filter_unregister(mip6_mh_filter) < 0) |
f3213831 | 400 | pr_info("%s: can't remove rawv6 mh filter\n", __func__); |
4f518e80 FW |
401 | xfrm_unregister_type(&mip6_rthdr_type, AF_INET6); |
402 | xfrm_unregister_type(&mip6_destopt_type, AF_INET6); | |
2c8d7ca0 | 403 | } |
59fbb3a6 MN |
404 | |
405 | module_init(mip6_init); | |
406 | module_exit(mip6_fini); | |
407 | ||
92ab08eb | 408 | MODULE_DESCRIPTION("IPv6 Mobility driver"); |
59fbb3a6 | 409 | MODULE_LICENSE("GPL"); |
d3d6dd3a MN |
410 | MODULE_ALIAS_XFRM_TYPE(AF_INET6, XFRM_PROTO_DSTOPTS); |
411 | MODULE_ALIAS_XFRM_TYPE(AF_INET6, XFRM_PROTO_ROUTING); |