275d2e812a44e882780c249a09fe3205e3159fac
[linux-2.6.git] / net / ipv6 / exthdrs.c
1 /*
2  *      Extension Header handling for IPv6
3  *      Linux INET6 implementation
4  *
5  *      Authors:
6  *      Pedro Roque             <roque@di.fc.ul.pt>
7  *      Andi Kleen              <ak@muc.de>
8  *      Alexey Kuznetsov        <kuznet@ms2.inr.ac.ru>
9  *
10  *      $Id: exthdrs.c,v 1.13 2001/06/19 15:58:56 davem Exp $
11  *
12  *      This program is free software; you can redistribute it and/or
13  *      modify it under the terms of the GNU General Public License
14  *      as published by the Free Software Foundation; either version
15  *      2 of the License, or (at your option) any later version.
16  */
17
18 /* Changes:
19  *      yoshfuji                : ensure not to overrun while parsing
20  *                                tlv options.
21  *      Mitsuru KANDA @USAGI and: Remove ipv6_parse_exthdrs().
22  *      YOSHIFUJI Hideaki @USAGI  Register inbound extension header
23  *                                handlers as inet6_protocol{}.
24  */
25
26 #include <linux/errno.h>
27 #include <linux/types.h>
28 #include <linux/socket.h>
29 #include <linux/sockios.h>
30 #include <linux/net.h>
31 #include <linux/netdevice.h>
32 #include <linux/in6.h>
33 #include <linux/icmpv6.h>
34
35 #include <net/sock.h>
36 #include <net/snmp.h>
37
38 #include <net/ipv6.h>
39 #include <net/protocol.h>
40 #include <net/transp_v6.h>
41 #include <net/rawv6.h>
42 #include <net/ndisc.h>
43 #include <net/ip6_route.h>
44 #include <net/addrconf.h>
45 #ifdef CONFIG_IPV6_MIP6
46 #include <net/xfrm.h>
47 #endif
48
49 #include <asm/uaccess.h>
50
51 int ipv6_find_tlv(struct sk_buff *skb, int offset, int type)
52 {
53         const unsigned char *nh = skb_network_header(skb);
54         int packet_len = skb->tail - skb->network_header;
55         struct ipv6_opt_hdr *hdr;
56         int len;
57
58         if (offset + 2 > packet_len)
59                 goto bad;
60         hdr = (struct ipv6_opt_hdr *)(nh + offset);
61         len = ((hdr->hdrlen + 1) << 3);
62
63         if (offset + len > packet_len)
64                 goto bad;
65
66         offset += 2;
67         len -= 2;
68
69         while (len > 0) {
70                 int opttype = nh[offset];
71                 int optlen;
72
73                 if (opttype == type)
74                         return offset;
75
76                 switch (opttype) {
77                 case IPV6_TLV_PAD0:
78                         optlen = 1;
79                         break;
80                 default:
81                         optlen = nh[offset + 1] + 2;
82                         if (optlen > len)
83                                 goto bad;
84                         break;
85                 }
86                 offset += optlen;
87                 len -= optlen;
88         }
89         /* not_found */
90  bad:
91         return -1;
92 }
93
94 /*
95  *      Parsing tlv encoded headers.
96  *
97  *      Parsing function "func" returns 1, if parsing succeed
98  *      and 0, if it failed.
99  *      It MUST NOT touch skb->h.
100  */
101
102 struct tlvtype_proc {
103         int     type;
104         int     (*func)(struct sk_buff **skbp, int offset);
105 };
106
107 /*********************
108   Generic functions
109  *********************/
110
111 /* An unknown option is detected, decide what to do */
112
113 static int ip6_tlvopt_unknown(struct sk_buff **skbp, int optoff)
114 {
115         struct sk_buff *skb = *skbp;
116
117         switch ((skb_network_header(skb)[optoff] & 0xC0) >> 6) {
118         case 0: /* ignore */
119                 return 1;
120
121         case 1: /* drop packet */
122                 break;
123
124         case 3: /* Send ICMP if not a multicast address and drop packet */
125                 /* Actually, it is redundant check. icmp_send
126                    will recheck in any case.
127                  */
128                 if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr))
129                         break;
130         case 2: /* send ICMP PARM PROB regardless and drop packet */
131                 icmpv6_param_prob(skb, ICMPV6_UNK_OPTION, optoff);
132                 return 0;
133         };
134
135         kfree_skb(skb);
136         return 0;
137 }
138
139 /* Parse tlv encoded option header (hop-by-hop or destination) */
140
141 static int ip6_parse_tlv(struct tlvtype_proc *procs, struct sk_buff **skbp)
142 {
143         struct sk_buff *skb = *skbp;
144         struct tlvtype_proc *curr;
145         const unsigned char *nh = skb_network_header(skb);
146         int off = skb_network_header_len(skb);
147         int len = (skb_transport_header(skb)[1] + 1) << 3;
148
149         if (skb_transport_offset(skb) + len > skb_headlen(skb))
150                 goto bad;
151
152         off += 2;
153         len -= 2;
154
155         while (len > 0) {
156                 int optlen = nh[off + 1] + 2;
157
158                 switch (nh[off]) {
159                 case IPV6_TLV_PAD0:
160                         optlen = 1;
161                         break;
162
163                 case IPV6_TLV_PADN:
164                         break;
165
166                 default: /* Other TLV code so scan list */
167                         if (optlen > len)
168                                 goto bad;
169                         for (curr=procs; curr->type >= 0; curr++) {
170                                 if (curr->type == nh[off]) {
171                                         /* type specific length/alignment
172                                            checks will be performed in the
173                                            func(). */
174                                         if (curr->func(skbp, off) == 0)
175                                                 return 0;
176                                         break;
177                                 }
178                         }
179                         if (curr->type < 0) {
180                                 if (ip6_tlvopt_unknown(skbp, off) == 0)
181                                         return 0;
182                         }
183                         break;
184                 }
185                 off += optlen;
186                 len -= optlen;
187         }
188         if (len == 0)
189                 return 1;
190 bad:
191         kfree_skb(skb);
192         return 0;
193 }
194
195 /*****************************
196   Destination options header.
197  *****************************/
198
199 #ifdef CONFIG_IPV6_MIP6
200 static int ipv6_dest_hao(struct sk_buff **skbp, int optoff)
201 {
202         struct sk_buff *skb = *skbp;
203         struct ipv6_destopt_hao *hao;
204         struct inet6_skb_parm *opt = IP6CB(skb);
205         struct ipv6hdr *ipv6h = ipv6_hdr(skb);
206         struct in6_addr tmp_addr;
207         int ret;
208
209         if (opt->dsthao) {
210                 LIMIT_NETDEBUG(KERN_DEBUG "hao duplicated\n");
211                 goto discard;
212         }
213         opt->dsthao = opt->dst1;
214         opt->dst1 = 0;
215
216         hao = (struct ipv6_destopt_hao *)(skb_network_header(skb) + optoff);
217
218         if (hao->length != 16) {
219                 LIMIT_NETDEBUG(
220                         KERN_DEBUG "hao invalid option length = %d\n", hao->length);
221                 goto discard;
222         }
223
224         if (!(ipv6_addr_type(&hao->addr) & IPV6_ADDR_UNICAST)) {
225                 LIMIT_NETDEBUG(
226                         KERN_DEBUG "hao is not an unicast addr: " NIP6_FMT "\n", NIP6(hao->addr));
227                 goto discard;
228         }
229
230         ret = xfrm6_input_addr(skb, (xfrm_address_t *)&ipv6h->daddr,
231                                (xfrm_address_t *)&hao->addr, IPPROTO_DSTOPTS);
232         if (unlikely(ret < 0))
233                 goto discard;
234
235         if (skb_cloned(skb)) {
236                 struct sk_buff *skb2 = skb_copy(skb, GFP_ATOMIC);
237                 struct inet6_skb_parm *opt2;
238
239                 if (skb2 == NULL)
240                         goto discard;
241
242                 opt2 = IP6CB(skb2);
243                 memcpy(opt2, opt, sizeof(*opt2));
244
245                 kfree_skb(skb);
246
247                 /* update all variable using below by copied skbuff */
248                 *skbp = skb = skb2;
249                 hao = (struct ipv6_destopt_hao *)(skb_network_header(skb2) +
250                                                   optoff);
251                 ipv6h = ipv6_hdr(skb2);
252         }
253
254         if (skb->ip_summed == CHECKSUM_COMPLETE)
255                 skb->ip_summed = CHECKSUM_NONE;
256
257         ipv6_addr_copy(&tmp_addr, &ipv6h->saddr);
258         ipv6_addr_copy(&ipv6h->saddr, &hao->addr);
259         ipv6_addr_copy(&hao->addr, &tmp_addr);
260
261         if (skb->tstamp.tv64 == 0)
262                 __net_timestamp(skb);
263
264         return 1;
265
266  discard:
267         kfree_skb(skb);
268         return 0;
269 }
270 #endif
271
272 static struct tlvtype_proc tlvprocdestopt_lst[] = {
273 #ifdef CONFIG_IPV6_MIP6
274         {
275                 .type   = IPV6_TLV_HAO,
276                 .func   = ipv6_dest_hao,
277         },
278 #endif
279         {-1,                    NULL}
280 };
281
282 static int ipv6_destopt_rcv(struct sk_buff **skbp)
283 {
284         struct sk_buff *skb = *skbp;
285         struct inet6_skb_parm *opt = IP6CB(skb);
286 #ifdef CONFIG_IPV6_MIP6
287         __u16 dstbuf;
288 #endif
289         struct dst_entry *dst;
290
291         if (!pskb_may_pull(skb, skb_transport_offset(skb) + 8) ||
292             !pskb_may_pull(skb, (skb_transport_offset(skb) +
293                                  ((skb_transport_header(skb)[1] + 1) << 3)))) {
294                 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst),
295                                  IPSTATS_MIB_INHDRERRORS);
296                 kfree_skb(skb);
297                 return -1;
298         }
299
300         opt->lastopt = opt->dst1 = skb_network_header_len(skb);
301 #ifdef CONFIG_IPV6_MIP6
302         dstbuf = opt->dst1;
303 #endif
304
305         dst = dst_clone(skb->dst);
306         if (ip6_parse_tlv(tlvprocdestopt_lst, skbp)) {
307                 dst_release(dst);
308                 skb = *skbp;
309                 skb->transport_header += (skb_transport_header(skb)[1] + 1) << 3;
310                 opt = IP6CB(skb);
311 #ifdef CONFIG_IPV6_MIP6
312                 opt->nhoff = dstbuf;
313 #else
314                 opt->nhoff = opt->dst1;
315 #endif
316                 return 1;
317         }
318
319         IP6_INC_STATS_BH(ip6_dst_idev(dst), IPSTATS_MIB_INHDRERRORS);
320         dst_release(dst);
321         return -1;
322 }
323
324 static struct inet6_protocol destopt_protocol = {
325         .handler        =       ipv6_destopt_rcv,
326         .flags          =       INET6_PROTO_NOPOLICY | INET6_PROTO_GSO_EXTHDR,
327 };
328
329 void __init ipv6_destopt_init(void)
330 {
331         if (inet6_add_protocol(&destopt_protocol, IPPROTO_DSTOPTS) < 0)
332                 printk(KERN_ERR "ipv6_destopt_init: Could not register protocol\n");
333 }
334
335 /********************************
336   NONE header. No data in packet.
337  ********************************/
338
339 static int ipv6_nodata_rcv(struct sk_buff **skbp)
340 {
341         struct sk_buff *skb = *skbp;
342
343         kfree_skb(skb);
344         return 0;
345 }
346
347 static struct inet6_protocol nodata_protocol = {
348         .handler        =       ipv6_nodata_rcv,
349         .flags          =       INET6_PROTO_NOPOLICY,
350 };
351
352 void __init ipv6_nodata_init(void)
353 {
354         if (inet6_add_protocol(&nodata_protocol, IPPROTO_NONE) < 0)
355                 printk(KERN_ERR "ipv6_nodata_init: Could not register protocol\n");
356 }
357
358 /********************************
359   Routing header.
360  ********************************/
361
362 static int ipv6_rthdr_rcv(struct sk_buff **skbp)
363 {
364         struct sk_buff *skb = *skbp;
365         struct inet6_skb_parm *opt = IP6CB(skb);
366         struct in6_addr *addr = NULL;
367         struct in6_addr daddr;
368         struct inet6_dev *idev;
369         int n, i;
370         struct ipv6_rt_hdr *hdr;
371         struct rt0_hdr *rthdr;
372         int accept_source_route = ipv6_devconf.accept_source_route;
373
374         if (accept_source_route < 0 ||
375             ((idev = in6_dev_get(skb->dev)) == NULL)) {
376                 kfree_skb(skb);
377                 return -1;
378         }
379         if (idev->cnf.accept_source_route < 0) {
380                 in6_dev_put(idev);
381                 kfree_skb(skb);
382                 return -1;
383         }
384
385         if (accept_source_route > idev->cnf.accept_source_route)
386                 accept_source_route = idev->cnf.accept_source_route;
387
388         in6_dev_put(idev);
389
390         if (!pskb_may_pull(skb, skb_transport_offset(skb) + 8) ||
391             !pskb_may_pull(skb, (skb_transport_offset(skb) +
392                                  ((skb_transport_header(skb)[1] + 1) << 3)))) {
393                 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst),
394                                  IPSTATS_MIB_INHDRERRORS);
395                 kfree_skb(skb);
396                 return -1;
397         }
398
399         hdr = (struct ipv6_rt_hdr *)skb_transport_header(skb);
400
401         switch (hdr->type) {
402 #ifdef CONFIG_IPV6_MIP6
403                 break;
404 #endif
405         case IPV6_SRCRT_TYPE_0:
406                 if (accept_source_route > 0)
407                         break;
408                 kfree_skb(skb);
409                 return -1;
410         default:
411                 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst),
412                                  IPSTATS_MIB_INHDRERRORS);
413                 icmpv6_param_prob(skb, ICMPV6_HDR_FIELD,
414                                   (&hdr->type) - skb_network_header(skb));
415                 return -1;
416         }
417
418         if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr) ||
419             skb->pkt_type != PACKET_HOST) {
420                 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst),
421                                  IPSTATS_MIB_INADDRERRORS);
422                 kfree_skb(skb);
423                 return -1;
424         }
425
426 looped_back:
427         if (hdr->segments_left == 0) {
428                 switch (hdr->type) {
429 #ifdef CONFIG_IPV6_MIP6
430                 case IPV6_SRCRT_TYPE_2:
431                         /* Silently discard type 2 header unless it was
432                          * processed by own
433                          */
434                         if (!addr) {
435                                 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst),
436                                                  IPSTATS_MIB_INADDRERRORS);
437                                 kfree_skb(skb);
438                                 return -1;
439                         }
440                         break;
441 #endif
442                 default:
443                         break;
444                 }
445
446                 opt->lastopt = opt->srcrt = skb_network_header_len(skb);
447                 skb->transport_header += (hdr->hdrlen + 1) << 3;
448                 opt->dst0 = opt->dst1;
449                 opt->dst1 = 0;
450                 opt->nhoff = (&hdr->nexthdr) - skb_network_header(skb);
451                 return 1;
452         }
453
454         switch (hdr->type) {
455         case IPV6_SRCRT_TYPE_0:
456                 if (hdr->hdrlen & 0x01) {
457                         IP6_INC_STATS_BH(ip6_dst_idev(skb->dst),
458                                          IPSTATS_MIB_INHDRERRORS);
459                         icmpv6_param_prob(skb, ICMPV6_HDR_FIELD,
460                                           ((&hdr->hdrlen) -
461                                            skb_network_header(skb)));
462                         return -1;
463                 }
464                 break;
465 #ifdef CONFIG_IPV6_MIP6
466         case IPV6_SRCRT_TYPE_2:
467                 /* Silently discard invalid RTH type 2 */
468                 if (hdr->hdrlen != 2 || hdr->segments_left != 1) {
469                         IP6_INC_STATS_BH(ip6_dst_idev(skb->dst),
470                                          IPSTATS_MIB_INHDRERRORS);
471                         kfree_skb(skb);
472                         return -1;
473                 }
474                 break;
475 #endif
476         }
477
478         /*
479          *      This is the routing header forwarding algorithm from
480          *      RFC 2460, page 16.
481          */
482
483         n = hdr->hdrlen >> 1;
484
485         if (hdr->segments_left > n) {
486                 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst),
487                                  IPSTATS_MIB_INHDRERRORS);
488                 icmpv6_param_prob(skb, ICMPV6_HDR_FIELD,
489                                   ((&hdr->segments_left) -
490                                    skb_network_header(skb)));
491                 return -1;
492         }
493
494         /* We are about to mangle packet header. Be careful!
495            Do not damage packets queued somewhere.
496          */
497         if (skb_cloned(skb)) {
498                 struct sk_buff *skb2 = skb_copy(skb, GFP_ATOMIC);
499                 /* the copy is a forwarded packet */
500                 if (skb2 == NULL) {
501                         IP6_INC_STATS_BH(ip6_dst_idev(skb->dst),
502                                          IPSTATS_MIB_OUTDISCARDS);
503                         kfree_skb(skb);
504                         return -1;
505                 }
506                 kfree_skb(skb);
507                 *skbp = skb = skb2;
508                 opt = IP6CB(skb2);
509                 hdr = (struct ipv6_rt_hdr *)skb_transport_header(skb2);
510         }
511
512         if (skb->ip_summed == CHECKSUM_COMPLETE)
513                 skb->ip_summed = CHECKSUM_NONE;
514
515         i = n - --hdr->segments_left;
516
517         rthdr = (struct rt0_hdr *) hdr;
518         addr = rthdr->addr;
519         addr += i - 1;
520
521         switch (hdr->type) {
522 #ifdef CONFIG_IPV6_MIP6
523         case IPV6_SRCRT_TYPE_2:
524                 if (xfrm6_input_addr(skb, (xfrm_address_t *)addr,
525                                      (xfrm_address_t *)&ipv6_hdr(skb)->saddr,
526                                      IPPROTO_ROUTING) < 0) {
527                         IP6_INC_STATS_BH(ip6_dst_idev(skb->dst),
528                                          IPSTATS_MIB_INADDRERRORS);
529                         kfree_skb(skb);
530                         return -1;
531                 }
532                 if (!ipv6_chk_home_addr(addr)) {
533                         IP6_INC_STATS_BH(ip6_dst_idev(skb->dst),
534                                          IPSTATS_MIB_INADDRERRORS);
535                         kfree_skb(skb);
536                         return -1;
537                 }
538                 break;
539 #endif
540         default:
541                 break;
542         }
543
544         if (ipv6_addr_is_multicast(addr)) {
545                 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst),
546                                  IPSTATS_MIB_INADDRERRORS);
547                 kfree_skb(skb);
548                 return -1;
549         }
550
551         ipv6_addr_copy(&daddr, addr);
552         ipv6_addr_copy(addr, &ipv6_hdr(skb)->daddr);
553         ipv6_addr_copy(&ipv6_hdr(skb)->daddr, &daddr);
554
555         dst_release(xchg(&skb->dst, NULL));
556         ip6_route_input(skb);
557         if (skb->dst->error) {
558                 skb_push(skb, skb->data - skb_network_header(skb));
559                 dst_input(skb);
560                 return -1;
561         }
562
563         if (skb->dst->dev->flags&IFF_LOOPBACK) {
564                 if (ipv6_hdr(skb)->hop_limit <= 1) {
565                         IP6_INC_STATS_BH(ip6_dst_idev(skb->dst),
566                                          IPSTATS_MIB_INHDRERRORS);
567                         icmpv6_send(skb, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT,
568                                     0, skb->dev);
569                         kfree_skb(skb);
570                         return -1;
571                 }
572                 ipv6_hdr(skb)->hop_limit--;
573                 goto looped_back;
574         }
575
576         skb_push(skb, skb->data - skb_network_header(skb));
577         dst_input(skb);
578         return -1;
579 }
580
581 static struct inet6_protocol rthdr_protocol = {
582         .handler        =       ipv6_rthdr_rcv,
583         .flags          =       INET6_PROTO_NOPOLICY | INET6_PROTO_GSO_EXTHDR,
584 };
585
586 void __init ipv6_rthdr_init(void)
587 {
588         if (inet6_add_protocol(&rthdr_protocol, IPPROTO_ROUTING) < 0)
589                 printk(KERN_ERR "ipv6_rthdr_init: Could not register protocol\n");
590 };
591
592 /*
593    This function inverts received rthdr.
594    NOTE: specs allow to make it automatically only if
595    packet authenticated.
596
597    I will not discuss it here (though, I am really pissed off at
598    this stupid requirement making rthdr idea useless)
599
600    Actually, it creates severe problems  for us.
601    Embryonic requests has no associated sockets,
602    so that user have no control over it and
603    cannot not only to set reply options, but
604    even to know, that someone wants to connect
605    without success. :-(
606
607    For now we need to test the engine, so that I created
608    temporary (or permanent) backdoor.
609    If listening socket set IPV6_RTHDR to 2, then we invert header.
610                                                    --ANK (980729)
611  */
612
613 struct ipv6_txoptions *
614 ipv6_invert_rthdr(struct sock *sk, struct ipv6_rt_hdr *hdr)
615 {
616         /* Received rthdr:
617
618            [ H1 -> H2 -> ... H_prev ]  daddr=ME
619
620            Inverted result:
621            [ H_prev -> ... -> H1 ] daddr =sender
622
623            Note, that IP output engine will rewrite this rthdr
624            by rotating it left by one addr.
625          */
626
627         int n, i;
628         struct rt0_hdr *rthdr = (struct rt0_hdr*)hdr;
629         struct rt0_hdr *irthdr;
630         struct ipv6_txoptions *opt;
631         int hdrlen = ipv6_optlen(hdr);
632
633         if (hdr->segments_left ||
634             hdr->type != IPV6_SRCRT_TYPE_0 ||
635             hdr->hdrlen & 0x01)
636                 return NULL;
637
638         n = hdr->hdrlen >> 1;
639         opt = sock_kmalloc(sk, sizeof(*opt) + hdrlen, GFP_ATOMIC);
640         if (opt == NULL)
641                 return NULL;
642         memset(opt, 0, sizeof(*opt));
643         opt->tot_len = sizeof(*opt) + hdrlen;
644         opt->srcrt = (void*)(opt+1);
645         opt->opt_nflen = hdrlen;
646
647         memcpy(opt->srcrt, hdr, sizeof(*hdr));
648         irthdr = (struct rt0_hdr*)opt->srcrt;
649         irthdr->reserved = 0;
650         opt->srcrt->segments_left = n;
651         for (i=0; i<n; i++)
652                 memcpy(irthdr->addr+i, rthdr->addr+(n-1-i), 16);
653         return opt;
654 }
655
656 EXPORT_SYMBOL_GPL(ipv6_invert_rthdr);
657
658 /**********************************
659   Hop-by-hop options.
660  **********************************/
661
662 /* Router Alert as of RFC 2711 */
663
664 static int ipv6_hop_ra(struct sk_buff **skbp, int optoff)
665 {
666         struct sk_buff *skb = *skbp;
667         const unsigned char *nh = skb_network_header(skb);
668
669         if (nh[optoff + 1] == 2) {
670                 IP6CB(skb)->ra = optoff;
671                 return 1;
672         }
673         LIMIT_NETDEBUG(KERN_DEBUG "ipv6_hop_ra: wrong RA length %d\n",
674                        nh[optoff + 1]);
675         kfree_skb(skb);
676         return 0;
677 }
678
679 /* Jumbo payload */
680
681 static int ipv6_hop_jumbo(struct sk_buff **skbp, int optoff)
682 {
683         struct sk_buff *skb = *skbp;
684         const unsigned char *nh = skb_network_header(skb);
685         u32 pkt_len;
686
687         if (nh[optoff + 1] != 4 || (optoff & 3) != 2) {
688                 LIMIT_NETDEBUG(KERN_DEBUG "ipv6_hop_jumbo: wrong jumbo opt length/alignment %d\n",
689                                nh[optoff+1]);
690                 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst),
691                                  IPSTATS_MIB_INHDRERRORS);
692                 goto drop;
693         }
694
695         pkt_len = ntohl(*(__be32 *)(nh + optoff + 2));
696         if (pkt_len <= IPV6_MAXPLEN) {
697                 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), IPSTATS_MIB_INHDRERRORS);
698                 icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, optoff+2);
699                 return 0;
700         }
701         if (ipv6_hdr(skb)->payload_len) {
702                 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), IPSTATS_MIB_INHDRERRORS);
703                 icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, optoff);
704                 return 0;
705         }
706
707         if (pkt_len > skb->len - sizeof(struct ipv6hdr)) {
708                 IP6_INC_STATS_BH(ip6_dst_idev(skb->dst), IPSTATS_MIB_INTRUNCATEDPKTS);
709                 goto drop;
710         }
711
712         if (pskb_trim_rcsum(skb, pkt_len + sizeof(struct ipv6hdr)))
713                 goto drop;
714
715         return 1;
716
717 drop:
718         kfree_skb(skb);
719         return 0;
720 }
721
722 static struct tlvtype_proc tlvprochopopt_lst[] = {
723         {
724                 .type   = IPV6_TLV_ROUTERALERT,
725                 .func   = ipv6_hop_ra,
726         },
727         {
728                 .type   = IPV6_TLV_JUMBO,
729                 .func   = ipv6_hop_jumbo,
730         },
731         { -1, }
732 };
733
734 int ipv6_parse_hopopts(struct sk_buff **skbp)
735 {
736         struct sk_buff *skb = *skbp;
737         struct inet6_skb_parm *opt = IP6CB(skb);
738
739         /*
740          * skb_network_header(skb) is equal to skb->data, and
741          * skb_network_header_len(skb) is always equal to
742          * sizeof(struct ipv6hdr) by definition of
743          * hop-by-hop options.
744          */
745         if (!pskb_may_pull(skb, sizeof(struct ipv6hdr) + 8) ||
746             !pskb_may_pull(skb, (sizeof(struct ipv6hdr) +
747                                  ((skb_transport_header(skb)[1] + 1) << 3)))) {
748                 kfree_skb(skb);
749                 return -1;
750         }
751
752         opt->hop = sizeof(struct ipv6hdr);
753         if (ip6_parse_tlv(tlvprochopopt_lst, skbp)) {
754                 skb = *skbp;
755                 skb->transport_header += (skb_transport_header(skb)[1] + 1) << 3;
756                 opt = IP6CB(skb);
757                 opt->nhoff = sizeof(struct ipv6hdr);
758                 return 1;
759         }
760         return -1;
761 }
762
763 /*
764  *      Creating outbound headers.
765  *
766  *      "build" functions work when skb is filled from head to tail (datagram)
767  *      "push"  functions work when headers are added from tail to head (tcp)
768  *
769  *      In both cases we assume, that caller reserved enough room
770  *      for headers.
771  */
772
773 static void ipv6_push_rthdr(struct sk_buff *skb, u8 *proto,
774                             struct ipv6_rt_hdr *opt,
775                             struct in6_addr **addr_p)
776 {
777         struct rt0_hdr *phdr, *ihdr;
778         int hops;
779
780         ihdr = (struct rt0_hdr *) opt;
781
782         phdr = (struct rt0_hdr *) skb_push(skb, (ihdr->rt_hdr.hdrlen + 1) << 3);
783         memcpy(phdr, ihdr, sizeof(struct rt0_hdr));
784
785         hops = ihdr->rt_hdr.hdrlen >> 1;
786
787         if (hops > 1)
788                 memcpy(phdr->addr, ihdr->addr + 1,
789                        (hops - 1) * sizeof(struct in6_addr));
790
791         ipv6_addr_copy(phdr->addr + (hops - 1), *addr_p);
792         *addr_p = ihdr->addr;
793
794         phdr->rt_hdr.nexthdr = *proto;
795         *proto = NEXTHDR_ROUTING;
796 }
797
798 static void ipv6_push_exthdr(struct sk_buff *skb, u8 *proto, u8 type, struct ipv6_opt_hdr *opt)
799 {
800         struct ipv6_opt_hdr *h = (struct ipv6_opt_hdr *)skb_push(skb, ipv6_optlen(opt));
801
802         memcpy(h, opt, ipv6_optlen(opt));
803         h->nexthdr = *proto;
804         *proto = type;
805 }
806
807 void ipv6_push_nfrag_opts(struct sk_buff *skb, struct ipv6_txoptions *opt,
808                           u8 *proto,
809                           struct in6_addr **daddr)
810 {
811         if (opt->srcrt) {
812                 ipv6_push_rthdr(skb, proto, opt->srcrt, daddr);
813                 /*
814                  * IPV6_RTHDRDSTOPTS is ignored
815                  * unless IPV6_RTHDR is set (RFC3542).
816                  */
817                 if (opt->dst0opt)
818                         ipv6_push_exthdr(skb, proto, NEXTHDR_DEST, opt->dst0opt);
819         }
820         if (opt->hopopt)
821                 ipv6_push_exthdr(skb, proto, NEXTHDR_HOP, opt->hopopt);
822 }
823
824 EXPORT_SYMBOL(ipv6_push_nfrag_opts);
825
826 void ipv6_push_frag_opts(struct sk_buff *skb, struct ipv6_txoptions *opt, u8 *proto)
827 {
828         if (opt->dst1opt)
829                 ipv6_push_exthdr(skb, proto, NEXTHDR_DEST, opt->dst1opt);
830 }
831
832 struct ipv6_txoptions *
833 ipv6_dup_options(struct sock *sk, struct ipv6_txoptions *opt)
834 {
835         struct ipv6_txoptions *opt2;
836
837         opt2 = sock_kmalloc(sk, opt->tot_len, GFP_ATOMIC);
838         if (opt2) {
839                 long dif = (char*)opt2 - (char*)opt;
840                 memcpy(opt2, opt, opt->tot_len);
841                 if (opt2->hopopt)
842                         *((char**)&opt2->hopopt) += dif;
843                 if (opt2->dst0opt)
844                         *((char**)&opt2->dst0opt) += dif;
845                 if (opt2->dst1opt)
846                         *((char**)&opt2->dst1opt) += dif;
847                 if (opt2->srcrt)
848                         *((char**)&opt2->srcrt) += dif;
849         }
850         return opt2;
851 }
852
853 EXPORT_SYMBOL_GPL(ipv6_dup_options);
854
855 static int ipv6_renew_option(void *ohdr,
856                              struct ipv6_opt_hdr __user *newopt, int newoptlen,
857                              int inherit,
858                              struct ipv6_opt_hdr **hdr,
859                              char **p)
860 {
861         if (inherit) {
862                 if (ohdr) {
863                         memcpy(*p, ohdr, ipv6_optlen((struct ipv6_opt_hdr *)ohdr));
864                         *hdr = (struct ipv6_opt_hdr *)*p;
865                         *p += CMSG_ALIGN(ipv6_optlen(*(struct ipv6_opt_hdr **)hdr));
866                 }
867         } else {
868                 if (newopt) {
869                         if (copy_from_user(*p, newopt, newoptlen))
870                                 return -EFAULT;
871                         *hdr = (struct ipv6_opt_hdr *)*p;
872                         if (ipv6_optlen(*(struct ipv6_opt_hdr **)hdr) > newoptlen)
873                                 return -EINVAL;
874                         *p += CMSG_ALIGN(newoptlen);
875                 }
876         }
877         return 0;
878 }
879
880 struct ipv6_txoptions *
881 ipv6_renew_options(struct sock *sk, struct ipv6_txoptions *opt,
882                    int newtype,
883                    struct ipv6_opt_hdr __user *newopt, int newoptlen)
884 {
885         int tot_len = 0;
886         char *p;
887         struct ipv6_txoptions *opt2;
888         int err;
889
890         if (opt) {
891                 if (newtype != IPV6_HOPOPTS && opt->hopopt)
892                         tot_len += CMSG_ALIGN(ipv6_optlen(opt->hopopt));
893                 if (newtype != IPV6_RTHDRDSTOPTS && opt->dst0opt)
894                         tot_len += CMSG_ALIGN(ipv6_optlen(opt->dst0opt));
895                 if (newtype != IPV6_RTHDR && opt->srcrt)
896                         tot_len += CMSG_ALIGN(ipv6_optlen(opt->srcrt));
897                 if (newtype != IPV6_DSTOPTS && opt->dst1opt)
898                         tot_len += CMSG_ALIGN(ipv6_optlen(opt->dst1opt));
899         }
900
901         if (newopt && newoptlen)
902                 tot_len += CMSG_ALIGN(newoptlen);
903
904         if (!tot_len)
905                 return NULL;
906
907         tot_len += sizeof(*opt2);
908         opt2 = sock_kmalloc(sk, tot_len, GFP_ATOMIC);
909         if (!opt2)
910                 return ERR_PTR(-ENOBUFS);
911
912         memset(opt2, 0, tot_len);
913
914         opt2->tot_len = tot_len;
915         p = (char *)(opt2 + 1);
916
917         err = ipv6_renew_option(opt ? opt->hopopt : NULL, newopt, newoptlen,
918                                 newtype != IPV6_HOPOPTS,
919                                 &opt2->hopopt, &p);
920         if (err)
921                 goto out;
922
923         err = ipv6_renew_option(opt ? opt->dst0opt : NULL, newopt, newoptlen,
924                                 newtype != IPV6_RTHDRDSTOPTS,
925                                 &opt2->dst0opt, &p);
926         if (err)
927                 goto out;
928
929         err = ipv6_renew_option(opt ? opt->srcrt : NULL, newopt, newoptlen,
930                                 newtype != IPV6_RTHDR,
931                                 (struct ipv6_opt_hdr **)&opt2->srcrt, &p);
932         if (err)
933                 goto out;
934
935         err = ipv6_renew_option(opt ? opt->dst1opt : NULL, newopt, newoptlen,
936                                 newtype != IPV6_DSTOPTS,
937                                 &opt2->dst1opt, &p);
938         if (err)
939                 goto out;
940
941         opt2->opt_nflen = (opt2->hopopt ? ipv6_optlen(opt2->hopopt) : 0) +
942                           (opt2->dst0opt ? ipv6_optlen(opt2->dst0opt) : 0) +
943                           (opt2->srcrt ? ipv6_optlen(opt2->srcrt) : 0);
944         opt2->opt_flen = (opt2->dst1opt ? ipv6_optlen(opt2->dst1opt) : 0);
945
946         return opt2;
947 out:
948         sock_kfree_s(sk, opt2, opt2->tot_len);
949         return ERR_PTR(err);
950 }
951
952 struct ipv6_txoptions *ipv6_fixup_options(struct ipv6_txoptions *opt_space,
953                                           struct ipv6_txoptions *opt)
954 {
955         /*
956          * ignore the dest before srcrt unless srcrt is being included.
957          * --yoshfuji
958          */
959         if (opt && opt->dst0opt && !opt->srcrt) {
960                 if (opt_space != opt) {
961                         memcpy(opt_space, opt, sizeof(*opt_space));
962                         opt = opt_space;
963                 }
964                 opt->opt_nflen -= ipv6_optlen(opt->dst0opt);
965                 opt->dst0opt = NULL;
966         }
967
968         return opt;
969 }
970