[linux-2.6-block.git] / net / ipv6 / output_core.c

// SPDX-License-Identifier: GPL-2.0-only
/*
 * IPv6 library code, needed by static components when full IPv6 support is
 * not configured or static.  These functions are needed by GSO/GRO implementation.
 */
#include <linux/export.h>
#include <net/ip.h>
#include <net/ipv6.h>
#include <net/ip6_fib.h>
#include <net/addrconf.h>
#include <net/secure_seq.h>
#include <linux/netfilter.h>

static u32 __ipv6_select_ident(struct net *net,
			       const struct in6_addr *dst,
			       const struct in6_addr *src)
{
	const struct {
		struct in6_addr dst;
		struct in6_addr src;
	} __aligned(SIPHASH_ALIGNMENT) combined = {
		.dst = *dst,
		.src = *src,
	};
	u32 hash, id;

	/* Note the following code is not safe, but this is okay. */
	if (unlikely(siphash_key_is_zero(&net->ipv4.ip_id_key)))
		get_random_bytes(&net->ipv4.ip_id_key,
				 sizeof(net->ipv4.ip_id_key));

	hash = siphash(&combined, sizeof(combined), &net->ipv4.ip_id_key);

	/* Treat id of 0 as unset and if we get 0 back from ip_idents_reserve,
	 * set the hight order instead thus minimizing possible future
	 * collisions.
	 */
	id = ip_idents_reserve(hash, 1);
	if (unlikely(!id))
		id = 1 << 31;

	return id;
}

/* This function exists only for tap drivers that must support broken
 * clients requesting UFO without specifying an IPv6 fragment ID.
 *
 * This is similar to ipv6_select_ident() but we use an independent hash
 * seed to limit information leakage.
 *
 * The network header must be set before calling this.
 */
__be32 ipv6_proxy_select_ident(struct net *net, struct sk_buff *skb)
{
	struct in6_addr buf[2];
	struct in6_addr *addrs;
	u32 id;

	addrs = skb_header_pointer(skb,
				   skb_network_offset(skb) +
				   offsetof(struct ipv6hdr, saddr),
				   sizeof(buf), buf);
	if (!addrs)
		return 0;

	id = __ipv6_select_ident(net, &addrs[1], &addrs[0]);
	return htonl(id);
}
EXPORT_SYMBOL_GPL(ipv6_proxy_select_ident);

__be32 ipv6_select_ident(struct net *net,
			 const struct in6_addr *daddr,
			 const struct in6_addr *saddr)
{
	u32 id;

	id = __ipv6_select_ident(net, daddr, saddr);
	return htonl(id);
}
EXPORT_SYMBOL(ipv6_select_ident);

int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr)
{
	unsigned int offset = sizeof(struct ipv6hdr);
	unsigned int packet_len = skb_tail_pointer(skb) -
		skb_network_header(skb);
	int found_rhdr = 0;
	*nexthdr = &ipv6_hdr(skb)->nexthdr;

	while (offset <= packet_len) {
		struct ipv6_opt_hdr *exthdr;

		switch (**nexthdr) {

		case NEXTHDR_HOP:
			break;
		case NEXTHDR_ROUTING:
			found_rhdr = 1;
			break;
		case NEXTHDR_DEST:
#if IS_ENABLED(CONFIG_IPV6_MIP6)
			if (ipv6_find_tlv(skb, offset, IPV6_TLV_HAO) >= 0)
				break;
#endif
			if (found_rhdr)
				return offset;
			break;
		default:
			return offset;
		}

		if (offset + sizeof(struct ipv6_opt_hdr) > packet_len)
			return -EINVAL;

		exthdr = (struct ipv6_opt_hdr *)(skb_network_header(skb) +
						 offset);
		offset += ipv6_optlen(exthdr);
		if (offset > IPV6_MAXPLEN)
			return -EINVAL;
		*nexthdr = &exthdr->nexthdr;
	}

	return -EINVAL;
}
EXPORT_SYMBOL(ip6_find_1stfragopt);

#if IS_ENABLED(CONFIG_IPV6)
int ip6_dst_hoplimit(struct dst_entry *dst)
{
	int hoplimit = dst_metric_raw(dst, RTAX_HOPLIMIT);
	if (hoplimit == 0) {
		struct net_device *dev = dst->dev;
		struct inet6_dev *idev;

		rcu_read_lock();
		idev = __in6_dev_get(dev);
		if (idev)
			hoplimit = idev->cnf.hop_limit;
		else
			hoplimit = dev_net(dev)->ipv6.devconf_all->hop_limit;
		rcu_read_unlock();
	}
	return hoplimit;
}
EXPORT_SYMBOL(ip6_dst_hoplimit);
#endif

int __ip6_local_out(struct net *net, struct sock *sk, struct sk_buff *skb)
{
	int len;

	len = skb->len - sizeof(struct ipv6hdr);
	if (len > IPV6_MAXPLEN)
		len = 0;
	ipv6_hdr(skb)->payload_len = htons(len);
	IP6CB(skb)->nhoff = offsetof(struct ipv6hdr, nexthdr);

	/* if egress device is enslaved to an L3 master device pass the
	 * skb to its handler for processing
	 */
	skb = l3mdev_ip6_out(sk, skb);
	if (unlikely(!skb))
		return 0;

	skb->protocol = htons(ETH_P_IPV6);

	return nf_hook(NFPROTO_IPV6, NF_INET_LOCAL_OUT,
		       net, sk, skb, NULL, skb_dst(skb)->dev,
		       dst_output);
}
EXPORT_SYMBOL_GPL(__ip6_local_out);

int ip6_local_out(struct net *net, struct sock *sk, struct sk_buff *skb)
{
	int err;

	err = __ip6_local_out(net, sk, skb);
	if (likely(err == 1))
		err = dst_output(net, sk, skb);

	return err;
}
EXPORT_SYMBOL_GPL(ip6_local_out);
Commit	Line	Data
457c8996	1	// SPDX-License-Identifier: GPL-2.0-only
3c73a036 VY	2	/*
	3	* IPv6 library code, needed by static components when full IPv6 support is
	4	* not configured or static. These functions are needed by GSO/GRO implementation.
	5	*/
	6	#include <linux/export.h>
5188cd44	7	#include <net/ip.h>
3c73a036 VY	8	#include <net/ipv6.h>
3c73a036 VY	9	#include <net/ip6_fib.h>
3ce9b35f	10	#include <net/addrconf.h>
6dfac5c3	11	#include <net/secure_seq.h>
a263653e	12	#include <linux/netfilter.h>
3c73a036	13
df453700	14	static u32 __ipv6_select_ident(struct net *net,
fd0273d7 MKL	15	const struct in6_addr *dst,
fd0273d7 MKL	16	const struct in6_addr *src)
0508c07f	17	{
df453700 ED	18	const struct {
	19	struct in6_addr dst;
	20	struct in6_addr src;
	21	} __aligned(SIPHASH_ALIGNMENT) combined = {
	22	.dst = *dst,
	23	.src = *src,
	24	};
0508c07f VY	25	u32 hash, id;
0508c07f VY	26
df453700 ED	27	/* Note the following code is not safe, but this is okay. */
	28	if (unlikely(siphash_key_is_zero(&net->ipv4.ip_id_key)))
	29	get_random_bytes(&net->ipv4.ip_id_key,
	30	sizeof(net->ipv4.ip_id_key));
	31
	32	hash = siphash(&combined, sizeof(combined), &net->ipv4.ip_id_key);
0508c07f VY	33
	34	/* Treat id of 0 as unset and if we get 0 back from ip_idents_reserve,
	35	* set the hight order instead thus minimizing possible future
	36	* collisions.
	37	*/
	38	id = ip_idents_reserve(hash, 1);
	39	if (unlikely(!id))
	40	id = 1 << 31;
	41
	42	return id;
	43	}
	44
0c19f846 WB	45	/* This function exists only for tap drivers that must support broken
	46	* clients requesting UFO without specifying an IPv6 fragment ID.
	47	*
	48	* This is similar to ipv6_select_ident() but we use an independent hash
	49	* seed to limit information leakage.
	50	*
	51	* The network header must be set before calling this.
	52	*/
	53	__be32 ipv6_proxy_select_ident(struct net net, struct sk_buff skb)
	54	{
0c19f846 WB	55	struct in6_addr buf[2];
	56	struct in6_addr *addrs;
	57	u32 id;
	58
	59	addrs = skb_header_pointer(skb,
	60	skb_network_offset(skb) +
	61	offsetof(struct ipv6hdr, saddr),
	62	sizeof(buf), buf);
	63	if (!addrs)
	64	return 0;
	65
df453700	66	id = __ipv6_select_ident(net, &addrs[1], &addrs[0]);
0c19f846 WB	67	return htonl(id);
	68	}
	69	EXPORT_SYMBOL_GPL(ipv6_proxy_select_ident);
	70
7f159867 ED	71	__be32 ipv6_select_ident(struct net *net,
	72	const struct in6_addr *daddr,
	73	const struct in6_addr *saddr)
0508c07f	74	{
0508c07f VY	75	u32 id;
0508c07f VY	76
df453700	77	id = __ipv6_select_ident(net, daddr, saddr);
286c2349	78	return htonl(id);
0508c07f VY	79	}
	80	EXPORT_SYMBOL(ipv6_select_ident);
	81
3c73a036 VY	82	int ip6_find_1stfragopt(struct sk_buff skb, u8 *nexthdr)
3c73a036 VY	83	{
6399f1fa	84	unsigned int offset = sizeof(struct ipv6hdr);
29a3cad5 SH	85	unsigned int packet_len = skb_tail_pointer(skb) -
29a3cad5 SH	86	skb_network_header(skb);
3c73a036 VY	87	int found_rhdr = 0;
	88	*nexthdr = &ipv6_hdr(skb)->nexthdr;
	89
2423496a CG	90	while (offset <= packet_len) {
2423496a CG	91	struct ipv6_opt_hdr *exthdr;
3c73a036 VY	92
	93	switch (**nexthdr) {
	94
	95	case NEXTHDR_HOP:
	96	break;
	97	case NEXTHDR_ROUTING:
	98	found_rhdr = 1;
	99	break;
	100	case NEXTHDR_DEST:
	101	#if IS_ENABLED(CONFIG_IPV6_MIP6)
	102	if (ipv6_find_tlv(skb, offset, IPV6_TLV_HAO) >= 0)
	103	break;
	104	#endif
	105	if (found_rhdr)
	106	return offset;
	107	break;
67ba4152	108	default:
3c73a036 VY	109	return offset;
	110	}
	111
2423496a CG	112	if (offset + sizeof(struct ipv6_opt_hdr) > packet_len)
	113	return -EINVAL;
	114
3c73a036 VY	115	exthdr = (struct ipv6_opt_hdr *)(skb_network_header(skb) +
3c73a036 VY	116	offset);
3de33e1b SB	117	offset += ipv6_optlen(exthdr);
3de33e1b SB	118	if (offset > IPV6_MAXPLEN)
6399f1fa	119	return -EINVAL;
2423496a	120	*nexthdr = &exthdr->nexthdr;
3c73a036 VY	121	}
3c73a036 VY	122
2423496a	123	return -EINVAL;
3c73a036 VY	124	}
3c73a036 VY	125	EXPORT_SYMBOL(ip6_find_1stfragopt);
3ce9b35f CW	126
	127	#if IS_ENABLED(CONFIG_IPV6)
	128	int ip6_dst_hoplimit(struct dst_entry *dst)
	129	{
	130	int hoplimit = dst_metric_raw(dst, RTAX_HOPLIMIT);
	131	if (hoplimit == 0) {
	132	struct net_device *dev = dst->dev;
	133	struct inet6_dev *idev;
	134
	135	rcu_read_lock();
	136	idev = __in6_dev_get(dev);
	137	if (idev)
	138	hoplimit = idev->cnf.hop_limit;
	139	else
	140	hoplimit = dev_net(dev)->ipv6.devconf_all->hop_limit;
	141	rcu_read_unlock();
	142	}
	143	return hoplimit;
	144	}
	145	EXPORT_SYMBOL(ip6_dst_hoplimit);
	146	#endif
788787b5	147
cf91a99d	148	int __ip6_local_out(struct net net, struct sock sk, struct sk_buff *skb)
788787b5 CW	149	{
	150	int len;
	151
	152	len = skb->len - sizeof(struct ipv6hdr);
	153	if (len > IPV6_MAXPLEN)
	154	len = 0;
	155	ipv6_hdr(skb)->payload_len = htons(len);
f6c20c59	156	IP6CB(skb)->nhoff = offsetof(struct ipv6hdr, nexthdr);
788787b5	157
a8e3e1a9 DA	158	/* if egress device is enslaved to an L3 master device pass the
	159	* skb to its handler for processing
	160	*/
	161	skb = l3mdev_ip6_out(sk, skb);
	162	if (unlikely(!skb))
	163	return 0;
	164
b4e479a9 EC	165	skb->protocol = htons(ETH_P_IPV6);
b4e479a9 EC	166
29a26a56 EB	167	return nf_hook(NFPROTO_IPV6, NF_INET_LOCAL_OUT,
29a26a56 EB	168	net, sk, skb, NULL, skb_dst(skb)->dev,
13206b6b	169	dst_output);
788787b5 CW	170	}
	171	EXPORT_SYMBOL_GPL(__ip6_local_out);
	172
33224b16	173	int ip6_local_out(struct net net, struct sock sk, struct sk_buff *skb)
788787b5 CW	174	{
	175	int err;
	176
cf91a99d	177	err = __ip6_local_out(net, sk, skb);
788787b5	178	if (likely(err == 1))
13206b6b	179	err = dst_output(net, sk, skb);
788787b5 CW	180
	181	return err;
	182	}
	183	EXPORT_SYMBOL_GPL(ip6_local_out);