ip_options.c source code [linux/net/ipv4/ip_options.c]

1	// SPDX-License-Identifier: GPL-2.0
2	/*
3	* INET An implementation of the TCP/IP protocol suite for the LINUX
4	* operating system. INET is implemented using the BSD Socket
5	* interface as the means of communication with the user level.
6	*
7	* The options processing module for ip.c
8	*
9	* Authors: A.N.Kuznetsov
10	*
11	*/
12
13	#define pr_fmt(fmt) "IPv4: " fmt
14
15	#include <linux/capability.h>
16	#include <linux/module.h>
17	#include <linux/slab.h>
18	#include <linux/types.h>
19	#include <linux/uaccess.h>
20	#include <asm/unaligned.h>
21	#include <linux/skbuff.h>
22	#include <linux/ip.h>
23	#include <linux/icmp.h>
24	#include <linux/netdevice.h>
25	#include <linux/rtnetlink.h>
26	#include <net/sock.h>
27	#include <net/ip.h>
28	#include <net/icmp.h>
29	#include <net/route.h>
30	#include <net/cipso_ipv4.h>
31	#include <net/ip_fib.h>
32
33	/*
34	* Write options to IP header, record destination address to
35	* source route option, address of outgoing interface
36	* (we should already know it, so that this function is allowed be
37	* called only after routing decision) and timestamp,
38	* if we originate this datagram.
39	*
40	* daddr is real destination address, next hop is recorded in IP header.
41	* saddr is address of outgoing interface.
42	*/
43
44	void ip_options_build(struct sk_buff skb, struct* ip_options *opt,
45	__be32 daddr, struct rtable rt, int* is_frag)
46	{
47	unsigned char *iph = skb_network_header(skb);
48
49	memcpy(&(IPCB(skb)->opt), opt, sizeof(struct ip_options));
50	memcpy(iph+sizeof(struct iphdr), opt->__data, opt->optlen);
51	opt = &(IPCB(skb)->opt);
52
53	if (opt->srr)
54	memcpy(iph+opt->srr+iph[opt->srr+`1`]-`4`, &daddr, `4`);
55
56	if (!is_frag) {
57	if (opt->rr_needaddr)
58	ip_rt_get_source(iph+opt->rr+iph[opt->rr+`2`]-`5`, skb, rt);
59	if (opt->ts_needaddr)
60	ip_rt_get_source(iph+opt->ts+iph[opt->ts+`2`]-`9`, skb, rt);
61	if (opt->ts_needtime) {
62	__be32 midtime;
63
64	midtime = inet_current_timestamp();
65	memcpy(iph+opt->ts+iph[opt->ts+`2`]-`5`, &midtime, `4`);
66	}
67	return;
68	}
69	if (opt->rr) {
70	memset(iph+opt->rr, IPOPT_NOP, iph[opt->rr+`1`]);
71	opt->rr = `0`;
72	opt->rr_needaddr = `0`;
73	}
74	if (opt->ts) {
75	memset(iph+opt->ts, IPOPT_NOP, iph[opt->ts+`1`]);
76	opt->ts = `0`;
77	opt->ts_needaddr = opt->ts_needtime = `0`;
78	}
79	}
80
81	/*
82	* Provided (sopt, skb) points to received options,
83	* build in dopt compiled option set appropriate for answering.
84	* i.e. invert SRR option, copy anothers,
85	* and grab room in RR/TS options.
86	*
87	* NOTE: dopt cannot point to skb.
88	*/
89
90	int __ip_options_echo(struct net net, struct* ip_options *dopt,
91	struct sk_buff skb, const* struct ip_options *sopt)
92	{
93	unsigned char sptr, dptr;
94	int soffset, doffset;
95	int optlen;
96
97	memset(dopt, `0`, sizeof(struct ip_options));
98
99	if (sopt->optlen == `0`)
100	return `0`;
101
102	sptr = skb_network_header(skb);
103	dptr = dopt->__data;
104
105	if (sopt->rr) {
106	optlen = sptr[sopt->rr+`1`];
107	soffset = sptr[sopt->rr+`2`];
108	dopt->rr = dopt->optlen + sizeof(struct iphdr);
109	memcpy(dptr, sptr+sopt->rr, optlen);
110	if (sopt->rr_needaddr && soffset <= optlen) {
111	if (soffset + `3` > optlen)
112	return -EINVAL;
113	dptr[`2`] = soffset + `4`;
114	dopt->rr_needaddr = `1`;
115	}
116	dptr += optlen;
117	dopt->optlen += optlen;
118	}
119	if (sopt->ts) {
120	optlen = sptr[sopt->ts+`1`];
121	soffset = sptr[sopt->ts+`2`];
122	dopt->ts = dopt->optlen + sizeof(struct iphdr);
123	memcpy(dptr, sptr+sopt->ts, optlen);
124	if (soffset <= optlen) {
125	if (sopt->ts_needaddr) {
126	if (soffset + `3` > optlen)
127	return -EINVAL;
128	dopt->ts_needaddr = `1`;
129	soffset += `4`;
130	}
131	if (sopt->ts_needtime) {
132	if (soffset + `3` > optlen)
133	return -EINVAL;
134	if ((dptr[`3`]&`0xF`) != IPOPT_TS_PRESPEC) {
135	dopt->ts_needtime = `1`;
136	soffset += `4`;
137	} else {
138	dopt->ts_needtime = `0`;
139
140	if (soffset + `7` <= optlen) {
141	__be32 addr;
142
143	memcpy(&addr, dptr+soffset-`1`, `4`);
144	if (inet_addr_type(net, addr) != RTN_UNICAST) {
145	dopt->ts_needtime = `1`;
146	soffset += `8`;
147	}
148	}
149	}
150	}
151	dptr[`2`] = soffset;
152	}
153	dptr += optlen;
154	dopt->optlen += optlen;
155	}
156	if (sopt->srr) {
157	unsigned char *start = sptr+sopt->srr;
158	__be32 faddr;
159
160	optlen = start[`1`];
161	soffset = start[`2`];
162	doffset = `0`;
163	if (soffset > optlen)
164	soffset = optlen + `1`;
165	soffset -= `4`;
166	if (soffset > `3`) {
167	memcpy(&faddr, &start[soffset-`1`], `4`);
168	for (soffset -= `4`, doffset = `4`; soffset > `3`; soffset -= `4`, doffset += `4`)
169	memcpy(&dptr[doffset-`1`], &start[soffset-`1`], `4`);
170	/*
171	* RFC1812 requires to fix illegal source routes.
172	*/
173	if (memcmp(&ip_hdr(skb)->saddr,
174	&start[soffset + `3`], `4`) == `0`)
175	doffset -= `4`;
176	}
177	if (doffset > `3`) {
178	dopt->faddr = faddr;
179	dptr[`0`] = start[`0`];
180	dptr[`1`] = doffset+`3`;
181	dptr[`2`] = `4`;
182	dptr += doffset+`3`;
183	dopt->srr = dopt->optlen + sizeof(struct iphdr);
184	dopt->optlen += doffset+`3`;
185	dopt->is_strictroute = sopt->is_strictroute;
186	}
187	}
188	if (sopt->cipso) {
189	optlen = sptr[sopt->cipso+`1`];
190	dopt->cipso = dopt->optlen+sizeof(struct iphdr);
191	memcpy(dptr, sptr+sopt->cipso, optlen);
192	dptr += optlen;
193	dopt->optlen += optlen;
194	}
195	while (dopt->optlen & `3`) {
196	*dptr++ = IPOPT_END;
197	dopt->optlen++;
198	}
199	return `0`;
200	}
201
202	/*
203	* Options "fragmenting", just fill options not
204	* allowed in fragments with NOOPs.
205	* Simple and stupid 8), but the most efficient way.
206	*/
207
208	void ip_options_fragment(struct sk_buff *skb)
209	{
210	unsigned char optptr = skb_network_header(skb) + sizeof(struct* iphdr);
211	struct ip_options *opt = &(IPCB(skb)->opt);
212	int l = opt->optlen;
213	int optlen;
214
215	while (l > `0`) {
216	switch (*optptr) {
217	case IPOPT_END:
218	return;
219	case IPOPT_NOOP:
220	l--;
221	optptr++;
222	continue;
223	}
224	optlen = optptr[`1`];
225	if (optlen < `2` \|\| optlen > l)
226	return;
227	if (!IPOPT_COPIED(*optptr))
228	memset(optptr, IPOPT_NOOP, optlen);
229	l -= optlen;
230	optptr += optlen;
231	}
232	opt->ts = `0`;
233	opt->rr = `0`;
234	opt->rr_needaddr = `0`;
235	opt->ts_needaddr = `0`;
236	opt->ts_needtime = `0`;
237	}
238
239	/ helper used by ip_options_compile() to call fib_compute_spec_dst()*
240	* at most one time.
241	*/
242	static void spec_dst_fill(__be32 spec_dst, struct* sk_buff *skb)
243	{
244	if (*spec_dst == htonl(INADDR_ANY))
245	*spec_dst = fib_compute_spec_dst(skb);
246	}
247
248	/*
249	* Verify options and fill pointers in struct options.
250	* Caller should clear *opt, and set opt->data.
251	* If opt == NULL, then skb->data should point to IP header.
252	*/
253
254	int __ip_options_compile(struct net *net,
255	struct ip_options opt, struct* sk_buff *skb,
256	__be32 *info)
257	{
258	__be32 spec_dst = htonl(INADDR_ANY);
259	unsigned char *pp_ptr = NULL;
260	struct rtable *rt = NULL;
261	unsigned char *optptr;
262	unsigned char *iph;
263	int optlen, l;
264
265	if (skb) {
266	rt = skb_rtable(skb);
267	optptr = (unsigned char *)&(ip_hdr(skb)[`1`]);
268	} else
269	optptr = opt->__data;
270	iph = optptr - sizeof(struct iphdr);
271
272	for (l = opt->optlen; l > `0`; ) {
273	switch (*optptr) {
274	case IPOPT_END:
275	for (optptr++, l--; l > `0`; optptr++, l--) {
276	if (*optptr != IPOPT_END) {
277	*optptr = IPOPT_END;
278	opt->is_changed = `1`;
279	}
280	}
281	goto eol;
282	case IPOPT_NOOP:
283	l--;
284	optptr++;
285	continue;
286	}
287	if (unlikely(l < `2`)) {
288	pp_ptr = optptr;
289	goto error;
290	}
291	optlen = optptr[`1`];
292	if (optlen < `2` \|\| optlen > l) {
293	pp_ptr = optptr;
294	goto error;
295	}
296	switch (*optptr) {
297	case IPOPT_SSRR:
298	case IPOPT_LSRR:
299	if (optlen < `3`) {
300	pp_ptr = optptr + `1`;
301	goto error;
302	}
303	if (optptr[`2`] < `4`) {
304	pp_ptr = optptr + `2`;
305	goto error;
306	}
307	/ NB: cf RFC-1812 5.2.4.1 /
308	if (opt->srr) {
309	pp_ptr = optptr;
310	goto error;
311	}
312	if (!skb) {
313	if (optptr[`2`] != `4` \|\| optlen < `7` \|\| ((optlen-`3`) & `3`)) {
314	pp_ptr = optptr + `1`;
315	goto error;
316	}
317	memcpy(&opt->faddr, &optptr[`3`], `4`);
318	if (optlen > `7`)
319	memmove(&optptr[`3`], &optptr[`7`], optlen-`7`);
320	}
321	opt->is_strictroute = (optptr[`0`] == IPOPT_SSRR);
322	opt->srr = optptr - iph;
323	break;
324	case IPOPT_RR:
325	if (opt->rr) {
326	pp_ptr = optptr;
327	goto error;
328	}
329	if (optlen < `3`) {
330	pp_ptr = optptr + `1`;
331	goto error;
332	}
333	if (optptr[`2`] < `4`) {
334	pp_ptr = optptr + `2`;
335	goto error;
336	}
337	if (optptr[`2`] <= optlen) {
338	if (optptr[`2`]+`3` > optlen) {
339	pp_ptr = optptr + `2`;
340	goto error;
341	}
342	if (rt) {
343	spec_dst_fill(&spec_dst, skb);
344	memcpy(&optptr[optptr[`2`]-`1`], &spec_dst, `4`);
345	opt->is_changed = `1`;
346	}
347	optptr[`2`] += `4`;
348	opt->rr_needaddr = `1`;
349	}
350	opt->rr = optptr - iph;
351	break;
352	case IPOPT_TIMESTAMP:
353	if (opt->ts) {
354	pp_ptr = optptr;
355	goto error;
356	}
357	if (optlen < `4`) {
358	pp_ptr = optptr + `1`;
359	goto error;
360	}
361	if (optptr[`2`] < `5`) {
362	pp_ptr = optptr + `2`;
363	goto error;
364	}
365	if (optptr[`2`] <= optlen) {
366	unsigned char *timeptr = NULL;
367	if (optptr[`2`]+`3` > optlen) {
368	pp_ptr = optptr + `2`;
369	goto error;
370	}
371	switch (optptr[`3`]&`0xF`) {
372	case IPOPT_TS_TSONLY:
373	if (skb)
374	timeptr = &optptr[optptr[`2`]-`1`];
375	opt->ts_needtime = `1`;
376	optptr[`2`] += `4`;
377	break;
378	case IPOPT_TS_TSANDADDR:
379	if (optptr[`2`]+`7` > optlen) {
380	pp_ptr = optptr + `2`;
381	goto error;
382	}
383	if (rt) {
384	spec_dst_fill(&spec_dst, skb);
385	memcpy(&optptr[optptr[`2`]-`1`], &spec_dst, `4`);
386	timeptr = &optptr[optptr[`2`]+`3`];
387	}
388	opt->ts_needaddr = `1`;
389	opt->ts_needtime = `1`;
390	optptr[`2`] += `8`;
391	break;
392	case IPOPT_TS_PRESPEC:
393	if (optptr[`2`]+`7` > optlen) {
394	pp_ptr = optptr + `2`;
395	goto error;
396	}
397	{
398	__be32 addr;
399	memcpy(&addr, &optptr[optptr[`2`]-`1`], `4`);
400	if (inet_addr_type(net, addr) == RTN_UNICAST)
401	break;
402	if (skb)
403	timeptr = &optptr[optptr[`2`]+`3`];
404	}
405	opt->ts_needtime = `1`;
406	optptr[`2`] += `8`;
407	break;
408	default:
409	if (!skb && !ns_capable(net->user_ns, CAP_NET_RAW)) {
410	pp_ptr = optptr + `3`;
411	goto error;
412	}
413	break;
414	}
415	if (timeptr) {
416	__be32 midtime;
417
418	midtime = inet_current_timestamp();
419	memcpy(timeptr, &midtime, `4`);
420	opt->is_changed = `1`;
421	}
422	} else if ((optptr[`3`]&`0xF`) != IPOPT_TS_PRESPEC) {
423	unsigned int overflow = optptr[`3`]>>`4`;
424	if (overflow == `15`) {
425	pp_ptr = optptr + `3`;
426	goto error;
427	}
428	if (skb) {
429	optptr[`3`] = (optptr[`3`]&`0xF`)\|((overflow+`1`)<<`4`);
430	opt->is_changed = `1`;
431	}
432	}
433	opt->ts = optptr - iph;
434	break;
435	case IPOPT_RA:
436	if (optlen < `4`) {
437	pp_ptr = optptr + `1`;
438	goto error;
439	}
440	if (optptr[`2`] == `0` && optptr[`3`] == `0`)
441	opt->router_alert = optptr - iph;
442	break;
443	case IPOPT_CIPSO:
444	if ((!skb && !ns_capable(net->user_ns, CAP_NET_RAW)) \|\| opt->cipso) {
445	pp_ptr = optptr;
446	goto error;
447	}
448	opt->cipso = optptr - iph;
449	if (cipso_v4_validate(skb, &optptr)) {
450	pp_ptr = optptr;
451	goto error;
452	}
453	break;
454	case IPOPT_SEC:
455	case IPOPT_SID:
456	default:
457	if (!skb && !ns_capable(net->user_ns, CAP_NET_RAW)) {
458	pp_ptr = optptr;
459	goto error;
460	}
461	break;
462	}
463	l -= optlen;
464	optptr += optlen;
465	}
466
467	eol:
468	if (!pp_ptr)
469	return `0`;
470
471	error:
472	if (info)
473	*info = htonl((pp_ptr-iph)<<`24`);
474	return -EINVAL;
475	}
476
477	int ip_options_compile(struct net *net,
478	struct ip_options opt, struct* sk_buff *skb)
479	{
480	int ret;
481	__be32 info;
482
483	ret = __ip_options_compile(net, opt, skb, &info);
484	if (ret != `0` && skb)
485	icmp_send(skb, ICMP_PARAMETERPROB, `0`, info);
486	return ret;
487	}
488	EXPORT_SYMBOL(ip_options_compile);
489
490	/*
491	* Undo all the changes done by ip_options_compile().
492	*/
493
494	void ip_options_undo(struct ip_options *opt)
495	{
496	if (opt->srr) {
497	unsigned char optptr = opt->__data+opt->srr-sizeof(struct* iphdr);
498	memmove(optptr+`7`, optptr+`3`, optptr[`1`]-`7`);
499	memcpy(optptr+`3`, &opt->faddr, `4`);
500	}
501	if (opt->rr_needaddr) {
502	unsigned char optptr = opt->__data+opt->rr-sizeof(struct* iphdr);
503	optptr[`2`] -= `4`;
504	memset(&optptr[optptr[`2`]-`1`], `0`, `4`);
505	}
506	if (opt->ts) {
507	unsigned char optptr = opt->__data+opt->ts-sizeof(struct* iphdr);
508	if (opt->ts_needtime) {
509	optptr[`2`] -= `4`;
510	memset(&optptr[optptr[`2`]-`1`], `0`, `4`);
511	if ((optptr[`3`]&`0xF`) == IPOPT_TS_PRESPEC)
512	optptr[`2`] -= `4`;
513	}
514	if (opt->ts_needaddr) {
515	optptr[`2`] -= `4`;
516	memset(&optptr[optptr[`2`]-`1`], `0`, `4`);
517	}
518	}
519	}
520
521	static struct ip_options_rcu ip_options_get_alloc(const* int optlen)
522	{
523	return kzalloc(sizeof(struct ip_options_rcu) + ((optlen + `3`) & ~`3`),
524	GFP_KERNEL);
525	}
526
527	static int ip_options_get_finish(struct net net, struct* ip_options_rcu **optp,
528	struct ip_options_rcu opt, int* optlen)
529	{
530	while (optlen & `3`)
531	opt->opt.__data[optlen++] = IPOPT_END;
532	opt->opt.optlen = optlen;
533	if (optlen && ip_options_compile(net, &opt->opt, NULL)) {
534	kfree(opt);
535	return -EINVAL;
536	}
537	kfree(*optp);
538	*optp = opt;
539	return `0`;
540	}
541
542	int ip_options_get_from_user(struct net net, struct* ip_options_rcu **optp,
543	unsigned char __user data, int* optlen)
544	{
545	struct ip_options_rcu *opt = ip_options_get_alloc(optlen);
546
547	if (!opt)
548	return -ENOMEM;
549	if (optlen && copy_from_user(opt->opt.__data, data, optlen)) {
550	kfree(opt);
551	return -EFAULT;
552	}
553	return ip_options_get_finish(net, optp, opt, optlen);
554	}
555
556	int ip_options_get(struct net net, struct* ip_options_rcu **optp,
557	unsigned char data, int* optlen)
558	{
559	struct ip_options_rcu *opt = ip_options_get_alloc(optlen);
560
561	if (!opt)
562	return -ENOMEM;
563	if (optlen)
564	memcpy(opt->opt.__data, data, optlen);
565	return ip_options_get_finish(net, optp, opt, optlen);
566	}
567
568	void ip_forward_options(struct sk_buff *skb)
569	{
570	struct ip_options *opt = &(IPCB(skb)->opt);
571	unsigned char *optptr;
572	struct rtable *rt = skb_rtable(skb);
573	unsigned char *raw = skb_network_header(skb);
574
575	if (opt->rr_needaddr) {
576	optptr = (unsigned char *)raw + opt->rr;
577	ip_rt_get_source(&optptr[optptr[`2`]-`5`], skb, rt);
578	opt->is_changed = `1`;
579	}
580	if (opt->srr_is_hit) {
581	int srrptr, srrspace;
582
583	optptr = raw + opt->srr;
584
585	for ( srrptr = optptr[`2`], srrspace = optptr[`1`];
586	srrptr <= srrspace;
587	srrptr += `4`
588	) {
589	if (srrptr + `3` > srrspace)
590	break;
591	if (memcmp(&opt->nexthop, &optptr[srrptr-`1`], `4`) == `0`)
592	break;
593	}
594	if (srrptr + `3` <= srrspace) {
595	opt->is_changed = `1`;
596	ip_hdr(skb)->daddr = opt->nexthop;
597	ip_rt_get_source(&optptr[srrptr-`1`], skb, rt);
598	optptr[`2`] = srrptr+`4`;
599	} else {
600	net_crit_ratelimited("%s(): Argh! Destination lost!\n",
601	__func__);
602	}
603	if (opt->ts_needaddr) {
604	optptr = raw + opt->ts;
605	ip_rt_get_source(&optptr[optptr[`2`]-`9`], skb, rt);
606	opt->is_changed = `1`;
607	}
608	}
609	if (opt->is_changed) {
610	opt->is_changed = `0`;
611	ip_send_check(ip_hdr(skb));
612	}
613	}
614
615	int ip_options_rcv_srr(struct sk_buff *skb)
616	{
617	struct ip_options *opt = &(IPCB(skb)->opt);
618	int srrspace, srrptr;
619	__be32 nexthop;
620	struct iphdr *iph = ip_hdr(skb);
621	unsigned char *optptr = skb_network_header(skb) + opt->srr;
622	struct rtable *rt = skb_rtable(skb);
623	struct rtable *rt2;
624	unsigned long orefdst;
625	int err;
626
627	if (!rt)
628	return `0`;
629
630	if (skb->pkt_type != PACKET_HOST)
631	return -EINVAL;
632	if (rt->rt_type == RTN_UNICAST) {
633	if (!opt->is_strictroute)
634	return `0`;
635	icmp_send(skb, ICMP_PARAMETERPROB, `0`, htonl(`16`<<`24`));
636	return -EINVAL;
637	}
638	if (rt->rt_type != RTN_LOCAL)
639	return -EINVAL;
640
641	for (srrptr = optptr[`2`], srrspace = optptr[`1`]; srrptr <= srrspace; srrptr += `4`) {
642	if (srrptr + `3` > srrspace) {
643	icmp_send(skb, ICMP_PARAMETERPROB, `0`, htonl((opt->srr+`2`)<<`24`));
644	return -EINVAL;
645	}
646	memcpy(&nexthop, &optptr[srrptr-`1`], `4`);
647
648	orefdst = skb->_skb_refdst;
649	skb_dst_set(skb, NULL);
650	err = ip_route_input(skb, nexthop, iph->saddr, iph->tos, skb->dev);
651	rt2 = skb_rtable(skb);
652	if (err \|\| (rt2->rt_type != RTN_UNICAST && rt2->rt_type != RTN_LOCAL)) {
653	skb_dst_drop(skb);
654	skb->_skb_refdst = orefdst;
655	return -EINVAL;
656	}
657	refdst_drop(orefdst);
658	if (rt2->rt_type != RTN_LOCAL)
659	break;
660	/ Superfast 8) loopback forward /
661	iph->daddr = nexthop;
662	opt->is_changed = `1`;
663	}
664	if (srrptr <= srrspace) {
665	opt->srr_is_hit = `1`;
666	opt->nexthop = nexthop;
667	opt->is_changed = `1`;
668	}
669	return `0`;
670	}
671	EXPORT_SYMBOL(ip_options_rcv_srr);
672

Browse the source code of linux/net/ipv4/ip_options.c