utils.c source code [linux/net/netfilter/utils.c]

1	// SPDX-License-Identifier: GPL-2.0
2	#include <linux/kernel.h>
3	#include <linux/netfilter.h>
4	#include <linux/netfilter_ipv4.h>
5	#include <linux/netfilter_ipv6.h>
6	#include <net/netfilter/nf_queue.h>
7	#include <net/ip6_checksum.h>
8
9	#ifdef CONFIG_INET
10	__sum16 nf_ip_checksum(struct sk_buff skb, unsigned* int hook,
11	unsigned int dataoff, u8 protocol)
12	{
13	const struct iphdr *iph = ip_hdr(skb);
14	__sum16 csum = `0`;
15
16	switch (skb->ip_summed) {
17	case CHECKSUM_COMPLETE:
18	if (hook != NF_INET_PRE_ROUTING && hook != NF_INET_LOCAL_IN)
19	break;
20	if ((protocol != IPPROTO_TCP && protocol != IPPROTO_UDP &&
21	!csum_fold(sum: skb->csum)) \|\|
22	!csum_tcpudp_magic(saddr: iph->saddr, daddr: iph->daddr,
23	len: skb->len - dataoff, proto: protocol,
24	sum: skb->csum)) {
25	skb->ip_summed = CHECKSUM_UNNECESSARY;
26	break;
27	}
28	fallthrough;
29	case CHECKSUM_NONE:
30	if (protocol != IPPROTO_TCP && protocol != IPPROTO_UDP)
31	skb->csum = `0`;
32	else
33	skb->csum = csum_tcpudp_nofold(saddr: iph->saddr, daddr: iph->daddr,
34	len: skb->len - dataoff,
35	proto: protocol, sum: `0`);
36	csum = __skb_checksum_complete(skb);
37	}
38	return csum;
39	}
40	EXPORT_SYMBOL(nf_ip_checksum);
41	#endif
42
43	static __sum16 nf_ip_checksum_partial(struct sk_buff skb, unsigned* int hook,
44	unsigned int dataoff, unsigned int len,
45	u8 protocol)
46	{
47	const struct iphdr *iph = ip_hdr(skb);
48	__sum16 csum = `0`;
49
50	switch (skb->ip_summed) {
51	case CHECKSUM_COMPLETE:
52	if (len == skb->len - dataoff)
53	return nf_ip_checksum(skb, hook, dataoff, protocol);
54	fallthrough;
55	case CHECKSUM_NONE:
56	skb->csum = csum_tcpudp_nofold(saddr: iph->saddr, daddr: iph->daddr, len: protocol,
57	proto: skb->len - dataoff, sum: `0`);
58	skb->ip_summed = CHECKSUM_NONE;
59	return __skb_checksum_complete_head(skb, len: dataoff + len);
60	}
61	return csum;
62	}
63
64	__sum16 nf_ip6_checksum(struct sk_buff skb, unsigned* int hook,
65	unsigned int dataoff, u8 protocol)
66	{
67	const struct ipv6hdr *ip6h = ipv6_hdr(skb);
68	__sum16 csum = `0`;
69
70	switch (skb->ip_summed) {
71	case CHECKSUM_COMPLETE:
72	if (hook != NF_INET_PRE_ROUTING && hook != NF_INET_LOCAL_IN)
73	break;
74	if (!csum_ipv6_magic(saddr: &ip6h->saddr, daddr: &ip6h->daddr,
75	len: skb->len - dataoff, proto: protocol,
76	sum: csum_sub(csum: skb->csum,
77	addend: skb_checksum(skb, offset: `0`,
78	len: dataoff, csum: `0`)))) {
79	skb->ip_summed = CHECKSUM_UNNECESSARY;
80	break;
81	}
82	fallthrough;
83	case CHECKSUM_NONE:
84	skb->csum = ~csum_unfold(
85	n: csum_ipv6_magic(saddr: &ip6h->saddr, daddr: &ip6h->daddr,
86	len: skb->len - dataoff,
87	proto: protocol,
88	sum: csum_sub(csum: `0`,
89	addend: skb_checksum(skb, offset: `0`,
90	len: dataoff, csum: `0`))));
91	csum = __skb_checksum_complete(skb);
92	}
93	return csum;
94	}
95	EXPORT_SYMBOL(nf_ip6_checksum);
96
97	static __sum16 nf_ip6_checksum_partial(struct sk_buff skb, unsigned* int hook,
98	unsigned int dataoff, unsigned int len,
99	u8 protocol)
100	{
101	const struct ipv6hdr *ip6h = ipv6_hdr(skb);
102	__wsum hsum;
103	__sum16 csum = `0`;
104
105	switch (skb->ip_summed) {
106	case CHECKSUM_COMPLETE:
107	if (len == skb->len - dataoff)
108	return nf_ip6_checksum(skb, hook, dataoff, protocol);
109	fallthrough;
110	case CHECKSUM_NONE:
111	hsum = skb_checksum(skb, offset: `0`, len: dataoff, csum: `0`);
112	skb->csum = ~csum_unfold(n: csum_ipv6_magic(saddr: &ip6h->saddr,
113	daddr: &ip6h->daddr,
114	len: skb->len - dataoff,
115	proto: protocol,
116	sum: csum_sub(csum: `0`, addend: hsum)));
117	skb->ip_summed = CHECKSUM_NONE;
118	return __skb_checksum_complete_head(skb, len: dataoff + len);
119	}
120	return csum;
121	};
122
123	__sum16 nf_checksum(struct sk_buff skb, unsigned* int hook,
124	unsigned int dataoff, u8 protocol,
125	unsigned short family)
126	{
127	__sum16 csum = `0`;
128
129	switch (family) {
130	case AF_INET:
131	csum = nf_ip_checksum(skb, hook, dataoff, protocol);
132	break;
133	case AF_INET6:
134	csum = nf_ip6_checksum(skb, hook, dataoff, protocol);
135	break;
136	}
137
138	return csum;
139	}
140	EXPORT_SYMBOL_GPL(nf_checksum);
141
142	__sum16 nf_checksum_partial(struct sk_buff skb, unsigned* int hook,
143	unsigned int dataoff, unsigned int len,
144	u8 protocol, unsigned short family)
145	{
146	__sum16 csum = `0`;
147
148	switch (family) {
149	case AF_INET:
150	csum = nf_ip_checksum_partial(skb, hook, dataoff, len,
151	protocol);
152	break;
153	case AF_INET6:
154	csum = nf_ip6_checksum_partial(skb, hook, dataoff, len,
155	protocol);
156	break;
157	}
158
159	return csum;
160	}
161	EXPORT_SYMBOL_GPL(nf_checksum_partial);
162
163	int nf_route(struct net net, struct* dst_entry dst, struct** flowi *fl,
164	bool strict, unsigned short family)
165	{
166	const struct nf_ipv6_ops *v6ops __maybe_unused;
167	int ret = `0`;
168
169	switch (family) {
170	case AF_INET:
171	ret = nf_ip_route(net, dst, fl, strict);
172	break;
173	case AF_INET6:
174	ret = nf_ip6_route(net, dst, fl, strict);
175	break;
176	}
177
178	return ret;
179	}
180	EXPORT_SYMBOL_GPL(nf_route);
181
182	static int nf_ip_reroute(struct sk_buff skb, const* struct nf_queue_entry *entry)
183	{
184	#ifdef CONFIG_INET
185	const struct ip_rt_info *rt_info = nf_queue_entry_reroute(entry);
186
187	if (entry->state.hook == NF_INET_LOCAL_OUT) {
188	const struct iphdr *iph = ip_hdr(skb);
189
190	if (!(iph->tos == rt_info->tos &&
191	skb->mark == rt_info->mark &&
192	iph->daddr == rt_info->daddr &&
193	iph->saddr == rt_info->saddr))
194	return ip_route_me_harder(net: entry->state.net, sk: entry->state.sk,
195	skb, addr_type: RTN_UNSPEC);
196	}
197	#endif
198	return `0`;
199	}
200
201	int nf_reroute(struct sk_buff skb, struct* nf_queue_entry *entry)
202	{
203	const struct nf_ipv6_ops *v6ops;
204	int ret = `0`;
205
206	switch (entry->state.pf) {
207	case AF_INET:
208	ret = nf_ip_reroute(skb, entry);
209	break;
210	case AF_INET6:
211	v6ops = rcu_dereference(nf_ipv6_ops);
212	if (v6ops)
213	ret = v6ops->reroute(skb, entry);
214	break;
215	}
216	return ret;
217	}
218
219	/ Only get and check the lengths, not do any hop-by-hop stuff. /
220	int nf_ip6_check_hbh_len(struct sk_buff skb, u32 plen)
221	{
222	int len, off = sizeof(struct ipv6hdr);
223	unsigned char *nh;
224
225	if (!pskb_may_pull(skb, len: off + `8`))
226	return -ENOMEM;
227	nh = (unsigned char *)(ipv6_hdr(skb) + `1`);
228	len = (nh[`1`] + `1`) << `3`;
229
230	if (!pskb_may_pull(skb, len: off + len))
231	return -ENOMEM;
232	nh = skb_network_header(skb);
233
234	off += `2`;
235	len -= `2`;
236	while (len > `0`) {
237	int optlen;
238
239	if (nh[off] == IPV6_TLV_PAD1) {
240	off++;
241	len--;
242	continue;
243	}
244	if (len < `2`)
245	return -EBADMSG;
246	optlen = nh[off + `1`] + `2`;
247	if (optlen > len)
248	return -EBADMSG;
249
250	if (nh[off] == IPV6_TLV_JUMBO) {
251	u32 pkt_len;
252
253	if (nh[off + `1`] != `4` \|\| (off & `3`) != `2`)
254	return -EBADMSG;
255	pkt_len = ntohl((__be32 )(nh + off + `2`));
256	if (pkt_len <= IPV6_MAXPLEN \|\|
257	ipv6_hdr(skb)->payload_len)
258	return -EBADMSG;
259	if (pkt_len > skb->len - sizeof(struct ipv6hdr))
260	return -EBADMSG;
261	*plen = pkt_len;
262	}
263	off += optlen;
264	len -= optlen;
265	}
266
267	return len ? -EBADMSG : `0`;
268	}
269	EXPORT_SYMBOL_GPL(nf_ip6_check_hbh_len);
270

source code of linux/net/netfilter/utils.c