1/*
2 * Linux INET6 implementation
3 *
4 * Authors:
5 * Pedro Roque <roque@di.fc.ul.pt>
6 *
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version
10 * 2 of the License, or (at your option) any later version.
11 */
12
13#ifndef _NET_IPV6_H
14#define _NET_IPV6_H
15
16#include <linux/ipv6.h>
17#include <linux/hardirq.h>
18#include <linux/jhash.h>
19#include <linux/refcount.h>
20#include <net/if_inet6.h>
21#include <net/ndisc.h>
22#include <net/flow.h>
23#include <net/flow_dissector.h>
24#include <net/snmp.h>
25#include <net/netns/hash.h>
26
27#define SIN6_LEN_RFC2133 24
28
29#define IPV6_MAXPLEN 65535
30
31/*
32 * NextHeader field of IPv6 header
33 */
34
35#define NEXTHDR_HOP 0 /* Hop-by-hop option header. */
36#define NEXTHDR_TCP 6 /* TCP segment. */
37#define NEXTHDR_UDP 17 /* UDP message. */
38#define NEXTHDR_IPV6 41 /* IPv6 in IPv6 */
39#define NEXTHDR_ROUTING 43 /* Routing header. */
40#define NEXTHDR_FRAGMENT 44 /* Fragmentation/reassembly header. */
41#define NEXTHDR_GRE 47 /* GRE header. */
42#define NEXTHDR_ESP 50 /* Encapsulating security payload. */
43#define NEXTHDR_AUTH 51 /* Authentication header. */
44#define NEXTHDR_ICMP 58 /* ICMP for IPv6. */
45#define NEXTHDR_NONE 59 /* No next header */
46#define NEXTHDR_DEST 60 /* Destination options header. */
47#define NEXTHDR_SCTP 132 /* SCTP message. */
48#define NEXTHDR_MOBILITY 135 /* Mobility header. */
49
50#define NEXTHDR_MAX 255
51
52#define IPV6_DEFAULT_HOPLIMIT 64
53#define IPV6_DEFAULT_MCASTHOPS 1
54
55/* Limits on Hop-by-Hop and Destination options.
56 *
57 * Per RFC8200 there is no limit on the maximum number or lengths of options in
58 * Hop-by-Hop or Destination options other then the packet must fit in an MTU.
59 * We allow configurable limits in order to mitigate potential denial of
60 * service attacks.
61 *
62 * There are three limits that may be set:
63 * - Limit the number of options in a Hop-by-Hop or Destination options
64 * extension header
65 * - Limit the byte length of a Hop-by-Hop or Destination options extension
66 * header
67 * - Disallow unknown options
68 *
69 * The limits are expressed in corresponding sysctls:
70 *
71 * ipv6.sysctl.max_dst_opts_cnt
72 * ipv6.sysctl.max_hbh_opts_cnt
73 * ipv6.sysctl.max_dst_opts_len
74 * ipv6.sysctl.max_hbh_opts_len
75 *
76 * max_*_opts_cnt is the number of TLVs that are allowed for Destination
77 * options or Hop-by-Hop options. If the number is less than zero then unknown
78 * TLVs are disallowed and the number of known options that are allowed is the
79 * absolute value. Setting the value to INT_MAX indicates no limit.
80 *
81 * max_*_opts_len is the length limit in bytes of a Destination or
82 * Hop-by-Hop options extension header. Setting the value to INT_MAX
83 * indicates no length limit.
84 *
85 * If a limit is exceeded when processing an extension header the packet is
86 * silently discarded.
87 */
88
89/* Default limits for Hop-by-Hop and Destination options */
90#define IP6_DEFAULT_MAX_DST_OPTS_CNT 8
91#define IP6_DEFAULT_MAX_HBH_OPTS_CNT 8
92#define IP6_DEFAULT_MAX_DST_OPTS_LEN INT_MAX /* No limit */
93#define IP6_DEFAULT_MAX_HBH_OPTS_LEN INT_MAX /* No limit */
94
95/*
96 * Addr type
97 *
98 * type - unicast | multicast
99 * scope - local | site | global
100 * v4 - compat
101 * v4mapped
102 * any
103 * loopback
104 */
105
106#define IPV6_ADDR_ANY 0x0000U
107
108#define IPV6_ADDR_UNICAST 0x0001U
109#define IPV6_ADDR_MULTICAST 0x0002U
110
111#define IPV6_ADDR_LOOPBACK 0x0010U
112#define IPV6_ADDR_LINKLOCAL 0x0020U
113#define IPV6_ADDR_SITELOCAL 0x0040U
114
115#define IPV6_ADDR_COMPATv4 0x0080U
116
117#define IPV6_ADDR_SCOPE_MASK 0x00f0U
118
119#define IPV6_ADDR_MAPPED 0x1000U
120
121/*
122 * Addr scopes
123 */
124#define IPV6_ADDR_MC_SCOPE(a) \
125 ((a)->s6_addr[1] & 0x0f) /* nonstandard */
126#define __IPV6_ADDR_SCOPE_INVALID -1
127#define IPV6_ADDR_SCOPE_NODELOCAL 0x01
128#define IPV6_ADDR_SCOPE_LINKLOCAL 0x02
129#define IPV6_ADDR_SCOPE_SITELOCAL 0x05
130#define IPV6_ADDR_SCOPE_ORGLOCAL 0x08
131#define IPV6_ADDR_SCOPE_GLOBAL 0x0e
132
133/*
134 * Addr flags
135 */
136#define IPV6_ADDR_MC_FLAG_TRANSIENT(a) \
137 ((a)->s6_addr[1] & 0x10)
138#define IPV6_ADDR_MC_FLAG_PREFIX(a) \
139 ((a)->s6_addr[1] & 0x20)
140#define IPV6_ADDR_MC_FLAG_RENDEZVOUS(a) \
141 ((a)->s6_addr[1] & 0x40)
142
143/*
144 * fragmentation header
145 */
146
147struct frag_hdr {
148 __u8 nexthdr;
149 __u8 reserved;
150 __be16 frag_off;
151 __be32 identification;
152};
153
154#define IP6_MF 0x0001
155#define IP6_OFFSET 0xFFF8
156
157#define IP6_REPLY_MARK(net, mark) \
158 ((net)->ipv6.sysctl.fwmark_reflect ? (mark) : 0)
159
160#include <net/sock.h>
161
162/* sysctls */
163extern int sysctl_mld_max_msf;
164extern int sysctl_mld_qrv;
165
166#define _DEVINC(net, statname, mod, idev, field) \
167({ \
168 struct inet6_dev *_idev = (idev); \
169 if (likely(_idev != NULL)) \
170 mod##SNMP_INC_STATS64((_idev)->stats.statname, (field));\
171 mod##SNMP_INC_STATS64((net)->mib.statname##_statistics, (field));\
172})
173
174/* per device counters are atomic_long_t */
175#define _DEVINCATOMIC(net, statname, mod, idev, field) \
176({ \
177 struct inet6_dev *_idev = (idev); \
178 if (likely(_idev != NULL)) \
179 SNMP_INC_STATS_ATOMIC_LONG((_idev)->stats.statname##dev, (field)); \
180 mod##SNMP_INC_STATS((net)->mib.statname##_statistics, (field));\
181})
182
183/* per device and per net counters are atomic_long_t */
184#define _DEVINC_ATOMIC_ATOMIC(net, statname, idev, field) \
185({ \
186 struct inet6_dev *_idev = (idev); \
187 if (likely(_idev != NULL)) \
188 SNMP_INC_STATS_ATOMIC_LONG((_idev)->stats.statname##dev, (field)); \
189 SNMP_INC_STATS_ATOMIC_LONG((net)->mib.statname##_statistics, (field));\
190})
191
192#define _DEVADD(net, statname, mod, idev, field, val) \
193({ \
194 struct inet6_dev *_idev = (idev); \
195 if (likely(_idev != NULL)) \
196 mod##SNMP_ADD_STATS((_idev)->stats.statname, (field), (val)); \
197 mod##SNMP_ADD_STATS((net)->mib.statname##_statistics, (field), (val));\
198})
199
200#define _DEVUPD(net, statname, mod, idev, field, val) \
201({ \
202 struct inet6_dev *_idev = (idev); \
203 if (likely(_idev != NULL)) \
204 mod##SNMP_UPD_PO_STATS((_idev)->stats.statname, field, (val)); \
205 mod##SNMP_UPD_PO_STATS((net)->mib.statname##_statistics, field, (val));\
206})
207
208/* MIBs */
209
210#define IP6_INC_STATS(net, idev,field) \
211 _DEVINC(net, ipv6, , idev, field)
212#define __IP6_INC_STATS(net, idev,field) \
213 _DEVINC(net, ipv6, __, idev, field)
214#define IP6_ADD_STATS(net, idev,field,val) \
215 _DEVADD(net, ipv6, , idev, field, val)
216#define __IP6_ADD_STATS(net, idev,field,val) \
217 _DEVADD(net, ipv6, __, idev, field, val)
218#define IP6_UPD_PO_STATS(net, idev,field,val) \
219 _DEVUPD(net, ipv6, , idev, field, val)
220#define __IP6_UPD_PO_STATS(net, idev,field,val) \
221 _DEVUPD(net, ipv6, __, idev, field, val)
222#define ICMP6_INC_STATS(net, idev, field) \
223 _DEVINCATOMIC(net, icmpv6, , idev, field)
224#define __ICMP6_INC_STATS(net, idev, field) \
225 _DEVINCATOMIC(net, icmpv6, __, idev, field)
226
227#define ICMP6MSGOUT_INC_STATS(net, idev, field) \
228 _DEVINC_ATOMIC_ATOMIC(net, icmpv6msg, idev, field +256)
229#define ICMP6MSGIN_INC_STATS(net, idev, field) \
230 _DEVINC_ATOMIC_ATOMIC(net, icmpv6msg, idev, field)
231
232struct ip6_ra_chain {
233 struct ip6_ra_chain *next;
234 struct sock *sk;
235 int sel;
236 void (*destructor)(struct sock *);
237};
238
239extern struct ip6_ra_chain *ip6_ra_chain;
240extern rwlock_t ip6_ra_lock;
241
242/*
243 This structure is prepared by protocol, when parsing
244 ancillary data and passed to IPv6.
245 */
246
247struct ipv6_txoptions {
248 refcount_t refcnt;
249 /* Length of this structure */
250 int tot_len;
251
252 /* length of extension headers */
253
254 __u16 opt_flen; /* after fragment hdr */
255 __u16 opt_nflen; /* before fragment hdr */
256
257 struct ipv6_opt_hdr *hopopt;
258 struct ipv6_opt_hdr *dst0opt;
259 struct ipv6_rt_hdr *srcrt; /* Routing Header */
260 struct ipv6_opt_hdr *dst1opt;
261 struct rcu_head rcu;
262 /* Option buffer, as read by IPV6_PKTOPTIONS, starts here. */
263};
264
265struct ip6_flowlabel {
266 struct ip6_flowlabel __rcu *next;
267 __be32 label;
268 atomic_t users;
269 struct in6_addr dst;
270 struct ipv6_txoptions *opt;
271 unsigned long linger;
272 struct rcu_head rcu;
273 u8 share;
274 union {
275 struct pid *pid;
276 kuid_t uid;
277 } owner;
278 unsigned long lastuse;
279 unsigned long expires;
280 struct net *fl_net;
281};
282
283#define IPV6_FLOWINFO_MASK cpu_to_be32(0x0FFFFFFF)
284#define IPV6_FLOWLABEL_MASK cpu_to_be32(0x000FFFFF)
285#define IPV6_FLOWLABEL_STATELESS_FLAG cpu_to_be32(0x00080000)
286
287#define IPV6_TCLASS_MASK (IPV6_FLOWINFO_MASK & ~IPV6_FLOWLABEL_MASK)
288#define IPV6_TCLASS_SHIFT 20
289
290struct ipv6_fl_socklist {
291 struct ipv6_fl_socklist __rcu *next;
292 struct ip6_flowlabel *fl;
293 struct rcu_head rcu;
294};
295
296struct ipcm6_cookie {
297 struct sockcm_cookie sockc;
298 __s16 hlimit;
299 __s16 tclass;
300 __s8 dontfrag;
301 struct ipv6_txoptions *opt;
302 __u16 gso_size;
303};
304
305static inline void ipcm6_init(struct ipcm6_cookie *ipc6)
306{
307 *ipc6 = (struct ipcm6_cookie) {
308 .hlimit = -1,
309 .tclass = -1,
310 .dontfrag = -1,
311 };
312}
313
314static inline void ipcm6_init_sk(struct ipcm6_cookie *ipc6,
315 const struct ipv6_pinfo *np)
316{
317 *ipc6 = (struct ipcm6_cookie) {
318 .hlimit = -1,
319 .tclass = np->tclass,
320 .dontfrag = np->dontfrag,
321 };
322}
323
324static inline struct ipv6_txoptions *txopt_get(const struct ipv6_pinfo *np)
325{
326 struct ipv6_txoptions *opt;
327
328 rcu_read_lock();
329 opt = rcu_dereference(np->opt);
330 if (opt) {
331 if (!refcount_inc_not_zero(&opt->refcnt))
332 opt = NULL;
333 else
334 opt = rcu_pointer_handoff(opt);
335 }
336 rcu_read_unlock();
337 return opt;
338}
339
340static inline void txopt_put(struct ipv6_txoptions *opt)
341{
342 if (opt && refcount_dec_and_test(&opt->refcnt))
343 kfree_rcu(opt, rcu);
344}
345
346struct ip6_flowlabel *fl6_sock_lookup(struct sock *sk, __be32 label);
347struct ipv6_txoptions *fl6_merge_options(struct ipv6_txoptions *opt_space,
348 struct ip6_flowlabel *fl,
349 struct ipv6_txoptions *fopt);
350void fl6_free_socklist(struct sock *sk);
351int ipv6_flowlabel_opt(struct sock *sk, char __user *optval, int optlen);
352int ipv6_flowlabel_opt_get(struct sock *sk, struct in6_flowlabel_req *freq,
353 int flags);
354int ip6_flowlabel_init(void);
355void ip6_flowlabel_cleanup(void);
356bool ip6_autoflowlabel(struct net *net, const struct ipv6_pinfo *np);
357
358static inline void fl6_sock_release(struct ip6_flowlabel *fl)
359{
360 if (fl)
361 atomic_dec(&fl->users);
362}
363
364void icmpv6_notify(struct sk_buff *skb, u8 type, u8 code, __be32 info);
365
366void icmpv6_push_pending_frames(struct sock *sk, struct flowi6 *fl6,
367 struct icmp6hdr *thdr, int len);
368
369int ip6_ra_control(struct sock *sk, int sel);
370
371int ipv6_parse_hopopts(struct sk_buff *skb);
372
373struct ipv6_txoptions *ipv6_dup_options(struct sock *sk,
374 struct ipv6_txoptions *opt);
375struct ipv6_txoptions *ipv6_renew_options(struct sock *sk,
376 struct ipv6_txoptions *opt,
377 int newtype,
378 struct ipv6_opt_hdr *newopt);
379struct ipv6_txoptions *ipv6_fixup_options(struct ipv6_txoptions *opt_space,
380 struct ipv6_txoptions *opt);
381
382bool ipv6_opt_accepted(const struct sock *sk, const struct sk_buff *skb,
383 const struct inet6_skb_parm *opt);
384struct ipv6_txoptions *ipv6_update_options(struct sock *sk,
385 struct ipv6_txoptions *opt);
386
387static inline bool ipv6_accept_ra(struct inet6_dev *idev)
388{
389 /* If forwarding is enabled, RA are not accepted unless the special
390 * hybrid mode (accept_ra=2) is enabled.
391 */
392 return idev->cnf.forwarding ? idev->cnf.accept_ra == 2 :
393 idev->cnf.accept_ra;
394}
395
396#define IPV6_FRAG_HIGH_THRESH (4 * 1024*1024) /* 4194304 */
397#define IPV6_FRAG_LOW_THRESH (3 * 1024*1024) /* 3145728 */
398#define IPV6_FRAG_TIMEOUT (60 * HZ) /* 60 seconds */
399
400int __ipv6_addr_type(const struct in6_addr *addr);
401static inline int ipv6_addr_type(const struct in6_addr *addr)
402{
403 return __ipv6_addr_type(addr) & 0xffff;
404}
405
406static inline int ipv6_addr_scope(const struct in6_addr *addr)
407{
408 return __ipv6_addr_type(addr) & IPV6_ADDR_SCOPE_MASK;
409}
410
411static inline int __ipv6_addr_src_scope(int type)
412{
413 return (type == IPV6_ADDR_ANY) ? __IPV6_ADDR_SCOPE_INVALID : (type >> 16);
414}
415
416static inline int ipv6_addr_src_scope(const struct in6_addr *addr)
417{
418 return __ipv6_addr_src_scope(__ipv6_addr_type(addr));
419}
420
421static inline bool __ipv6_addr_needs_scope_id(int type)
422{
423 return type & IPV6_ADDR_LINKLOCAL ||
424 (type & IPV6_ADDR_MULTICAST &&
425 (type & (IPV6_ADDR_LOOPBACK|IPV6_ADDR_LINKLOCAL)));
426}
427
428static inline __u32 ipv6_iface_scope_id(const struct in6_addr *addr, int iface)
429{
430 return __ipv6_addr_needs_scope_id(__ipv6_addr_type(addr)) ? iface : 0;
431}
432
433static inline int ipv6_addr_cmp(const struct in6_addr *a1, const struct in6_addr *a2)
434{
435 return memcmp(a1, a2, sizeof(struct in6_addr));
436}
437
438static inline bool
439ipv6_masked_addr_cmp(const struct in6_addr *a1, const struct in6_addr *m,
440 const struct in6_addr *a2)
441{
442#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64
443 const unsigned long *ul1 = (const unsigned long *)a1;
444 const unsigned long *ulm = (const unsigned long *)m;
445 const unsigned long *ul2 = (const unsigned long *)a2;
446
447 return !!(((ul1[0] ^ ul2[0]) & ulm[0]) |
448 ((ul1[1] ^ ul2[1]) & ulm[1]));
449#else
450 return !!(((a1->s6_addr32[0] ^ a2->s6_addr32[0]) & m->s6_addr32[0]) |
451 ((a1->s6_addr32[1] ^ a2->s6_addr32[1]) & m->s6_addr32[1]) |
452 ((a1->s6_addr32[2] ^ a2->s6_addr32[2]) & m->s6_addr32[2]) |
453 ((a1->s6_addr32[3] ^ a2->s6_addr32[3]) & m->s6_addr32[3]));
454#endif
455}
456
457static inline void ipv6_addr_prefix(struct in6_addr *pfx,
458 const struct in6_addr *addr,
459 int plen)
460{
461 /* caller must guarantee 0 <= plen <= 128 */
462 int o = plen >> 3,
463 b = plen & 0x7;
464
465 memset(pfx->s6_addr, 0, sizeof(pfx->s6_addr));
466 memcpy(pfx->s6_addr, addr, o);
467 if (b != 0)
468 pfx->s6_addr[o] = addr->s6_addr[o] & (0xff00 >> b);
469}
470
471static inline void ipv6_addr_prefix_copy(struct in6_addr *addr,
472 const struct in6_addr *pfx,
473 int plen)
474{
475 /* caller must guarantee 0 <= plen <= 128 */
476 int o = plen >> 3,
477 b = plen & 0x7;
478
479 memcpy(addr->s6_addr, pfx, o);
480 if (b != 0) {
481 addr->s6_addr[o] &= ~(0xff00 >> b);
482 addr->s6_addr[o] |= (pfx->s6_addr[o] & (0xff00 >> b));
483 }
484}
485
486static inline void __ipv6_addr_set_half(__be32 *addr,
487 __be32 wh, __be32 wl)
488{
489#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64
490#if defined(__BIG_ENDIAN)
491 if (__builtin_constant_p(wh) && __builtin_constant_p(wl)) {
492 *(__force u64 *)addr = ((__force u64)(wh) << 32 | (__force u64)(wl));
493 return;
494 }
495#elif defined(__LITTLE_ENDIAN)
496 if (__builtin_constant_p(wl) && __builtin_constant_p(wh)) {
497 *(__force u64 *)addr = ((__force u64)(wl) << 32 | (__force u64)(wh));
498 return;
499 }
500#endif
501#endif
502 addr[0] = wh;
503 addr[1] = wl;
504}
505
506static inline void ipv6_addr_set(struct in6_addr *addr,
507 __be32 w1, __be32 w2,
508 __be32 w3, __be32 w4)
509{
510 __ipv6_addr_set_half(&addr->s6_addr32[0], w1, w2);
511 __ipv6_addr_set_half(&addr->s6_addr32[2], w3, w4);
512}
513
514static inline bool ipv6_addr_equal(const struct in6_addr *a1,
515 const struct in6_addr *a2)
516{
517#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64
518 const unsigned long *ul1 = (const unsigned long *)a1;
519 const unsigned long *ul2 = (const unsigned long *)a2;
520
521 return ((ul1[0] ^ ul2[0]) | (ul1[1] ^ ul2[1])) == 0UL;
522#else
523 return ((a1->s6_addr32[0] ^ a2->s6_addr32[0]) |
524 (a1->s6_addr32[1] ^ a2->s6_addr32[1]) |
525 (a1->s6_addr32[2] ^ a2->s6_addr32[2]) |
526 (a1->s6_addr32[3] ^ a2->s6_addr32[3])) == 0;
527#endif
528}
529
530#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64
531static inline bool __ipv6_prefix_equal64_half(const __be64 *a1,
532 const __be64 *a2,
533 unsigned int len)
534{
535 if (len && ((*a1 ^ *a2) & cpu_to_be64((~0UL) << (64 - len))))
536 return false;
537 return true;
538}
539
540static inline bool ipv6_prefix_equal(const struct in6_addr *addr1,
541 const struct in6_addr *addr2,
542 unsigned int prefixlen)
543{
544 const __be64 *a1 = (const __be64 *)addr1;
545 const __be64 *a2 = (const __be64 *)addr2;
546
547 if (prefixlen >= 64) {
548 if (a1[0] ^ a2[0])
549 return false;
550 return __ipv6_prefix_equal64_half(a1 + 1, a2 + 1, prefixlen - 64);
551 }
552 return __ipv6_prefix_equal64_half(a1, a2, prefixlen);
553}
554#else
555static inline bool ipv6_prefix_equal(const struct in6_addr *addr1,
556 const struct in6_addr *addr2,
557 unsigned int prefixlen)
558{
559 const __be32 *a1 = addr1->s6_addr32;
560 const __be32 *a2 = addr2->s6_addr32;
561 unsigned int pdw, pbi;
562
563 /* check complete u32 in prefix */
564 pdw = prefixlen >> 5;
565 if (pdw && memcmp(a1, a2, pdw << 2))
566 return false;
567
568 /* check incomplete u32 in prefix */
569 pbi = prefixlen & 0x1f;
570 if (pbi && ((a1[pdw] ^ a2[pdw]) & htonl((0xffffffff) << (32 - pbi))))
571 return false;
572
573 return true;
574}
575#endif
576
577static inline bool ipv6_addr_any(const struct in6_addr *a)
578{
579#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64
580 const unsigned long *ul = (const unsigned long *)a;
581
582 return (ul[0] | ul[1]) == 0UL;
583#else
584 return (a->s6_addr32[0] | a->s6_addr32[1] |
585 a->s6_addr32[2] | a->s6_addr32[3]) == 0;
586#endif
587}
588
589static inline u32 ipv6_addr_hash(const struct in6_addr *a)
590{
591#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64
592 const unsigned long *ul = (const unsigned long *)a;
593 unsigned long x = ul[0] ^ ul[1];
594
595 return (u32)(x ^ (x >> 32));
596#else
597 return (__force u32)(a->s6_addr32[0] ^ a->s6_addr32[1] ^
598 a->s6_addr32[2] ^ a->s6_addr32[3]);
599#endif
600}
601
602/* more secured version of ipv6_addr_hash() */
603static inline u32 __ipv6_addr_jhash(const struct in6_addr *a, const u32 initval)
604{
605 u32 v = (__force u32)a->s6_addr32[0] ^ (__force u32)a->s6_addr32[1];
606
607 return jhash_3words(v,
608 (__force u32)a->s6_addr32[2],
609 (__force u32)a->s6_addr32[3],
610 initval);
611}
612
613static inline bool ipv6_addr_loopback(const struct in6_addr *a)
614{
615#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64
616 const __be64 *be = (const __be64 *)a;
617
618 return (be[0] | (be[1] ^ cpu_to_be64(1))) == 0UL;
619#else
620 return (a->s6_addr32[0] | a->s6_addr32[1] |
621 a->s6_addr32[2] | (a->s6_addr32[3] ^ cpu_to_be32(1))) == 0;
622#endif
623}
624
625/*
626 * Note that we must __force cast these to unsigned long to make sparse happy,
627 * since all of the endian-annotated types are fixed size regardless of arch.
628 */
629static inline bool ipv6_addr_v4mapped(const struct in6_addr *a)
630{
631 return (
632#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64
633 *(unsigned long *)a |
634#else
635 (__force unsigned long)(a->s6_addr32[0] | a->s6_addr32[1]) |
636#endif
637 (__force unsigned long)(a->s6_addr32[2] ^
638 cpu_to_be32(0x0000ffff))) == 0UL;
639}
640
641static inline u32 ipv6_portaddr_hash(const struct net *net,
642 const struct in6_addr *addr6,
643 unsigned int port)
644{
645 unsigned int hash, mix = net_hash_mix(net);
646
647 if (ipv6_addr_any(addr6))
648 hash = jhash_1word(0, mix);
649 else if (ipv6_addr_v4mapped(addr6))
650 hash = jhash_1word((__force u32)addr6->s6_addr32[3], mix);
651 else
652 hash = jhash2((__force u32 *)addr6->s6_addr32, 4, mix);
653
654 return hash ^ port;
655}
656
657/*
658 * Check for a RFC 4843 ORCHID address
659 * (Overlay Routable Cryptographic Hash Identifiers)
660 */
661static inline bool ipv6_addr_orchid(const struct in6_addr *a)
662{
663 return (a->s6_addr32[0] & htonl(0xfffffff0)) == htonl(0x20010010);
664}
665
666static inline bool ipv6_addr_is_multicast(const struct in6_addr *addr)
667{
668 return (addr->s6_addr32[0] & htonl(0xFF000000)) == htonl(0xFF000000);
669}
670
671static inline void ipv6_addr_set_v4mapped(const __be32 addr,
672 struct in6_addr *v4mapped)
673{
674 ipv6_addr_set(v4mapped,
675 0, 0,
676 htonl(0x0000FFFF),
677 addr);
678}
679
680/*
681 * find the first different bit between two addresses
682 * length of address must be a multiple of 32bits
683 */
684static inline int __ipv6_addr_diff32(const void *token1, const void *token2, int addrlen)
685{
686 const __be32 *a1 = token1, *a2 = token2;
687 int i;
688
689 addrlen >>= 2;
690
691 for (i = 0; i < addrlen; i++) {
692 __be32 xb = a1[i] ^ a2[i];
693 if (xb)
694 return i * 32 + 31 - __fls(ntohl(xb));
695 }
696
697 /*
698 * we should *never* get to this point since that
699 * would mean the addrs are equal
700 *
701 * However, we do get to it 8) And exacly, when
702 * addresses are equal 8)
703 *
704 * ip route add 1111::/128 via ...
705 * ip route add 1111::/64 via ...
706 * and we are here.
707 *
708 * Ideally, this function should stop comparison
709 * at prefix length. It does not, but it is still OK,
710 * if returned value is greater than prefix length.
711 * --ANK (980803)
712 */
713 return addrlen << 5;
714}
715
716#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64
717static inline int __ipv6_addr_diff64(const void *token1, const void *token2, int addrlen)
718{
719 const __be64 *a1 = token1, *a2 = token2;
720 int i;
721
722 addrlen >>= 3;
723
724 for (i = 0; i < addrlen; i++) {
725 __be64 xb = a1[i] ^ a2[i];
726 if (xb)
727 return i * 64 + 63 - __fls(be64_to_cpu(xb));
728 }
729
730 return addrlen << 6;
731}
732#endif
733
734static inline int __ipv6_addr_diff(const void *token1, const void *token2, int addrlen)
735{
736#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64
737 if (__builtin_constant_p(addrlen) && !(addrlen & 7))
738 return __ipv6_addr_diff64(token1, token2, addrlen);
739#endif
740 return __ipv6_addr_diff32(token1, token2, addrlen);
741}
742
743static inline int ipv6_addr_diff(const struct in6_addr *a1, const struct in6_addr *a2)
744{
745 return __ipv6_addr_diff(a1, a2, sizeof(struct in6_addr));
746}
747
748__be32 ipv6_select_ident(struct net *net,
749 const struct in6_addr *daddr,
750 const struct in6_addr *saddr);
751__be32 ipv6_proxy_select_ident(struct net *net, struct sk_buff *skb);
752
753int ip6_dst_hoplimit(struct dst_entry *dst);
754
755static inline int ip6_sk_dst_hoplimit(struct ipv6_pinfo *np, struct flowi6 *fl6,
756 struct dst_entry *dst)
757{
758 int hlimit;
759
760 if (ipv6_addr_is_multicast(&fl6->daddr))
761 hlimit = np->mcast_hops;
762 else
763 hlimit = np->hop_limit;
764 if (hlimit < 0)
765 hlimit = ip6_dst_hoplimit(dst);
766 return hlimit;
767}
768
769/* copy IPv6 saddr & daddr to flow_keys, possibly using 64bit load/store
770 * Equivalent to : flow->v6addrs.src = iph->saddr;
771 * flow->v6addrs.dst = iph->daddr;
772 */
773static inline void iph_to_flow_copy_v6addrs(struct flow_keys *flow,
774 const struct ipv6hdr *iph)
775{
776 BUILD_BUG_ON(offsetof(typeof(flow->addrs), v6addrs.dst) !=
777 offsetof(typeof(flow->addrs), v6addrs.src) +
778 sizeof(flow->addrs.v6addrs.src));
779 memcpy(&flow->addrs.v6addrs, &iph->saddr, sizeof(flow->addrs.v6addrs));
780 flow->control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
781}
782
783#if IS_ENABLED(CONFIG_IPV6)
784
785static inline bool ipv6_can_nonlocal_bind(struct net *net,
786 struct inet_sock *inet)
787{
788 return net->ipv6.sysctl.ip_nonlocal_bind ||
789 inet->freebind || inet->transparent;
790}
791
792/* Sysctl settings for net ipv6.auto_flowlabels */
793#define IP6_AUTO_FLOW_LABEL_OFF 0
794#define IP6_AUTO_FLOW_LABEL_OPTOUT 1
795#define IP6_AUTO_FLOW_LABEL_OPTIN 2
796#define IP6_AUTO_FLOW_LABEL_FORCED 3
797
798#define IP6_AUTO_FLOW_LABEL_MAX IP6_AUTO_FLOW_LABEL_FORCED
799
800#define IP6_DEFAULT_AUTO_FLOW_LABELS IP6_AUTO_FLOW_LABEL_OPTOUT
801
802static inline __be32 ip6_make_flowlabel(struct net *net, struct sk_buff *skb,
803 __be32 flowlabel, bool autolabel,
804 struct flowi6 *fl6)
805{
806 u32 hash;
807
808 /* @flowlabel may include more than a flow label, eg, the traffic class.
809 * Here we want only the flow label value.
810 */
811 flowlabel &= IPV6_FLOWLABEL_MASK;
812
813 if (flowlabel ||
814 net->ipv6.sysctl.auto_flowlabels == IP6_AUTO_FLOW_LABEL_OFF ||
815 (!autolabel &&
816 net->ipv6.sysctl.auto_flowlabels != IP6_AUTO_FLOW_LABEL_FORCED))
817 return flowlabel;
818
819 hash = skb_get_hash_flowi6(skb, fl6);
820
821 /* Since this is being sent on the wire obfuscate hash a bit
822 * to minimize possbility that any useful information to an
823 * attacker is leaked. Only lower 20 bits are relevant.
824 */
825 hash = rol32(hash, 16);
826
827 flowlabel = (__force __be32)hash & IPV6_FLOWLABEL_MASK;
828
829 if (net->ipv6.sysctl.flowlabel_state_ranges)
830 flowlabel |= IPV6_FLOWLABEL_STATELESS_FLAG;
831
832 return flowlabel;
833}
834
835static inline int ip6_default_np_autolabel(struct net *net)
836{
837 switch (net->ipv6.sysctl.auto_flowlabels) {
838 case IP6_AUTO_FLOW_LABEL_OFF:
839 case IP6_AUTO_FLOW_LABEL_OPTIN:
840 default:
841 return 0;
842 case IP6_AUTO_FLOW_LABEL_OPTOUT:
843 case IP6_AUTO_FLOW_LABEL_FORCED:
844 return 1;
845 }
846}
847#else
848static inline void ip6_set_txhash(struct sock *sk) { }
849static inline __be32 ip6_make_flowlabel(struct net *net, struct sk_buff *skb,
850 __be32 flowlabel, bool autolabel,
851 struct flowi6 *fl6)
852{
853 return flowlabel;
854}
855static inline int ip6_default_np_autolabel(struct net *net)
856{
857 return 0;
858}
859#endif
860
861#if IS_ENABLED(CONFIG_IPV6)
862static inline int ip6_multipath_hash_policy(const struct net *net)
863{
864 return net->ipv6.sysctl.multipath_hash_policy;
865}
866#else
867static inline int ip6_multipath_hash_policy(const struct net *net)
868{
869 return 0;
870}
871#endif
872
873/*
874 * Header manipulation
875 */
876static inline void ip6_flow_hdr(struct ipv6hdr *hdr, unsigned int tclass,
877 __be32 flowlabel)
878{
879 *(__be32 *)hdr = htonl(0x60000000 | (tclass << 20)) | flowlabel;
880}
881
882static inline __be32 ip6_flowinfo(const struct ipv6hdr *hdr)
883{
884 return *(__be32 *)hdr & IPV6_FLOWINFO_MASK;
885}
886
887static inline __be32 ip6_flowlabel(const struct ipv6hdr *hdr)
888{
889 return *(__be32 *)hdr & IPV6_FLOWLABEL_MASK;
890}
891
892static inline u8 ip6_tclass(__be32 flowinfo)
893{
894 return ntohl(flowinfo & IPV6_TCLASS_MASK) >> IPV6_TCLASS_SHIFT;
895}
896
897static inline __be32 ip6_make_flowinfo(unsigned int tclass, __be32 flowlabel)
898{
899 return htonl(tclass << IPV6_TCLASS_SHIFT) | flowlabel;
900}
901
902static inline __be32 flowi6_get_flowlabel(const struct flowi6 *fl6)
903{
904 return fl6->flowlabel & IPV6_FLOWLABEL_MASK;
905}
906
907/*
908 * Prototypes exported by ipv6
909 */
910
911/*
912 * rcv function (called from netdevice level)
913 */
914
915int ipv6_rcv(struct sk_buff *skb, struct net_device *dev,
916 struct packet_type *pt, struct net_device *orig_dev);
917void ipv6_list_rcv(struct list_head *head, struct packet_type *pt,
918 struct net_device *orig_dev);
919
920int ip6_rcv_finish(struct net *net, struct sock *sk, struct sk_buff *skb);
921
922/*
923 * upper-layer output functions
924 */
925int ip6_xmit(const struct sock *sk, struct sk_buff *skb, struct flowi6 *fl6,
926 __u32 mark, struct ipv6_txoptions *opt, int tclass);
927
928int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr);
929
930int ip6_append_data(struct sock *sk,
931 int getfrag(void *from, char *to, int offset, int len,
932 int odd, struct sk_buff *skb),
933 void *from, int length, int transhdrlen,
934 struct ipcm6_cookie *ipc6, struct flowi6 *fl6,
935 struct rt6_info *rt, unsigned int flags);
936
937int ip6_push_pending_frames(struct sock *sk);
938
939void ip6_flush_pending_frames(struct sock *sk);
940
941int ip6_send_skb(struct sk_buff *skb);
942
943struct sk_buff *__ip6_make_skb(struct sock *sk, struct sk_buff_head *queue,
944 struct inet_cork_full *cork,
945 struct inet6_cork *v6_cork);
946struct sk_buff *ip6_make_skb(struct sock *sk,
947 int getfrag(void *from, char *to, int offset,
948 int len, int odd, struct sk_buff *skb),
949 void *from, int length, int transhdrlen,
950 struct ipcm6_cookie *ipc6, struct flowi6 *fl6,
951 struct rt6_info *rt, unsigned int flags,
952 struct inet_cork_full *cork);
953
954static inline struct sk_buff *ip6_finish_skb(struct sock *sk)
955{
956 return __ip6_make_skb(sk, &sk->sk_write_queue, &inet_sk(sk)->cork,
957 &inet6_sk(sk)->cork);
958}
959
960int ip6_dst_lookup(struct net *net, struct sock *sk, struct dst_entry **dst,
961 struct flowi6 *fl6);
962struct dst_entry *ip6_dst_lookup_flow(const struct sock *sk, struct flowi6 *fl6,
963 const struct in6_addr *final_dst);
964struct dst_entry *ip6_sk_dst_lookup_flow(struct sock *sk, struct flowi6 *fl6,
965 const struct in6_addr *final_dst,
966 bool connected);
967struct dst_entry *ip6_blackhole_route(struct net *net,
968 struct dst_entry *orig_dst);
969
970/*
971 * skb processing functions
972 */
973
974int ip6_output(struct net *net, struct sock *sk, struct sk_buff *skb);
975int ip6_forward(struct sk_buff *skb);
976int ip6_input(struct sk_buff *skb);
977int ip6_mc_input(struct sk_buff *skb);
978
979int __ip6_local_out(struct net *net, struct sock *sk, struct sk_buff *skb);
980int ip6_local_out(struct net *net, struct sock *sk, struct sk_buff *skb);
981
982/*
983 * Extension header (options) processing
984 */
985
986void ipv6_push_nfrag_opts(struct sk_buff *skb, struct ipv6_txoptions *opt,
987 u8 *proto, struct in6_addr **daddr_p,
988 struct in6_addr *saddr);
989void ipv6_push_frag_opts(struct sk_buff *skb, struct ipv6_txoptions *opt,
990 u8 *proto);
991
992int ipv6_skip_exthdr(const struct sk_buff *, int start, u8 *nexthdrp,
993 __be16 *frag_offp);
994
995bool ipv6_ext_hdr(u8 nexthdr);
996
997enum {
998 IP6_FH_F_FRAG = (1 << 0),
999 IP6_FH_F_AUTH = (1 << 1),
1000 IP6_FH_F_SKIP_RH = (1 << 2),
1001};
1002
1003/* find specified header and get offset to it */
1004int ipv6_find_hdr(const struct sk_buff *skb, unsigned int *offset, int target,
1005 unsigned short *fragoff, int *fragflg);
1006
1007int ipv6_find_tlv(const struct sk_buff *skb, int offset, int type);
1008
1009struct in6_addr *fl6_update_dst(struct flowi6 *fl6,
1010 const struct ipv6_txoptions *opt,
1011 struct in6_addr *orig);
1012
1013/*
1014 * socket options (ipv6_sockglue.c)
1015 */
1016
1017int ipv6_setsockopt(struct sock *sk, int level, int optname,
1018 char __user *optval, unsigned int optlen);
1019int ipv6_getsockopt(struct sock *sk, int level, int optname,
1020 char __user *optval, int __user *optlen);
1021int compat_ipv6_setsockopt(struct sock *sk, int level, int optname,
1022 char __user *optval, unsigned int optlen);
1023int compat_ipv6_getsockopt(struct sock *sk, int level, int optname,
1024 char __user *optval, int __user *optlen);
1025
1026int __ip6_datagram_connect(struct sock *sk, struct sockaddr *addr,
1027 int addr_len);
1028int ip6_datagram_connect(struct sock *sk, struct sockaddr *addr, int addr_len);
1029int ip6_datagram_connect_v6_only(struct sock *sk, struct sockaddr *addr,
1030 int addr_len);
1031int ip6_datagram_dst_update(struct sock *sk, bool fix_sk_saddr);
1032void ip6_datagram_release_cb(struct sock *sk);
1033
1034int ipv6_recv_error(struct sock *sk, struct msghdr *msg, int len,
1035 int *addr_len);
1036int ipv6_recv_rxpmtu(struct sock *sk, struct msghdr *msg, int len,
1037 int *addr_len);
1038void ipv6_icmp_error(struct sock *sk, struct sk_buff *skb, int err, __be16 port,
1039 u32 info, u8 *payload);
1040void ipv6_local_error(struct sock *sk, int err, struct flowi6 *fl6, u32 info);
1041void ipv6_local_rxpmtu(struct sock *sk, struct flowi6 *fl6, u32 mtu);
1042
1043int inet6_release(struct socket *sock);
1044int inet6_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len);
1045int inet6_getname(struct socket *sock, struct sockaddr *uaddr,
1046 int peer);
1047int inet6_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg);
1048
1049int inet6_hash_connect(struct inet_timewait_death_row *death_row,
1050 struct sock *sk);
1051
1052/*
1053 * reassembly.c
1054 */
1055extern const struct proto_ops inet6_stream_ops;
1056extern const struct proto_ops inet6_dgram_ops;
1057extern const struct proto_ops inet6_sockraw_ops;
1058
1059struct group_source_req;
1060struct group_filter;
1061
1062int ip6_mc_source(int add, int omode, struct sock *sk,
1063 struct group_source_req *pgsr);
1064int ip6_mc_msfilter(struct sock *sk, struct group_filter *gsf);
1065int ip6_mc_msfget(struct sock *sk, struct group_filter *gsf,
1066 struct group_filter __user *optval, int __user *optlen);
1067
1068#ifdef CONFIG_PROC_FS
1069int ac6_proc_init(struct net *net);
1070void ac6_proc_exit(struct net *net);
1071int raw6_proc_init(void);
1072void raw6_proc_exit(void);
1073int tcp6_proc_init(struct net *net);
1074void tcp6_proc_exit(struct net *net);
1075int udp6_proc_init(struct net *net);
1076void udp6_proc_exit(struct net *net);
1077int udplite6_proc_init(void);
1078void udplite6_proc_exit(void);
1079int ipv6_misc_proc_init(void);
1080void ipv6_misc_proc_exit(void);
1081int snmp6_register_dev(struct inet6_dev *idev);
1082int snmp6_unregister_dev(struct inet6_dev *idev);
1083
1084#else
1085static inline int ac6_proc_init(struct net *net) { return 0; }
1086static inline void ac6_proc_exit(struct net *net) { }
1087static inline int snmp6_register_dev(struct inet6_dev *idev) { return 0; }
1088static inline int snmp6_unregister_dev(struct inet6_dev *idev) { return 0; }
1089#endif
1090
1091#ifdef CONFIG_SYSCTL
1092extern struct ctl_table ipv6_route_table_template[];
1093
1094struct ctl_table *ipv6_icmp_sysctl_init(struct net *net);
1095struct ctl_table *ipv6_route_sysctl_init(struct net *net);
1096int ipv6_sysctl_register(void);
1097void ipv6_sysctl_unregister(void);
1098#endif
1099
1100int ipv6_sock_mc_join(struct sock *sk, int ifindex,
1101 const struct in6_addr *addr);
1102int ipv6_sock_mc_join_ssm(struct sock *sk, int ifindex,
1103 const struct in6_addr *addr, unsigned int mode);
1104int ipv6_sock_mc_drop(struct sock *sk, int ifindex,
1105 const struct in6_addr *addr);
1106#endif /* _NET_IPV6_H */
1107