mcast_snoop.c 5.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214
  1. /* Copyright (C) 2010: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
  2. * Copyright (C) 2015: Linus Lüssing <linus.luessing@c0d3.blue>
  3. *
  4. * This program is free software; you can redistribute it and/or
  5. * modify it under the terms of version 2 of the GNU General Public
  6. * License as published by the Free Software Foundation.
  7. *
  8. * This program is distributed in the hope that it will be useful, but
  9. * WITHOUT ANY WARRANTY; without even the implied warranty of
  10. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  11. * General Public License for more details.
  12. *
  13. * You should have received a copy of the GNU General Public License
  14. * along with this program; if not, see <http://www.gnu.org/licenses/>.
  15. *
  16. *
  17. * Based on the MLD support added to br_multicast.c by YOSHIFUJI Hideaki.
  18. */
  19. #include <linux/skbuff.h>
  20. #include <net/ipv6.h>
  21. #include <net/mld.h>
  22. #include <net/addrconf.h>
  23. #include <net/ip6_checksum.h>
  24. static int ipv6_mc_check_ip6hdr(struct sk_buff *skb)
  25. {
  26. const struct ipv6hdr *ip6h;
  27. unsigned int len;
  28. unsigned int offset = skb_network_offset(skb) + sizeof(*ip6h);
  29. if (!pskb_may_pull(skb, offset))
  30. return -EINVAL;
  31. ip6h = ipv6_hdr(skb);
  32. if (ip6h->version != 6)
  33. return -EINVAL;
  34. len = offset + ntohs(ip6h->payload_len);
  35. if (skb->len < len || len <= offset)
  36. return -EINVAL;
  37. return 0;
  38. }
  39. static int ipv6_mc_check_exthdrs(struct sk_buff *skb)
  40. {
  41. const struct ipv6hdr *ip6h;
  42. int offset;
  43. u8 nexthdr;
  44. __be16 frag_off;
  45. ip6h = ipv6_hdr(skb);
  46. if (ip6h->nexthdr != IPPROTO_HOPOPTS)
  47. return -ENOMSG;
  48. nexthdr = ip6h->nexthdr;
  49. offset = skb_network_offset(skb) + sizeof(*ip6h);
  50. offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
  51. if (offset < 0)
  52. return -EINVAL;
  53. if (nexthdr != IPPROTO_ICMPV6)
  54. return -ENOMSG;
  55. skb_set_transport_header(skb, offset);
  56. return 0;
  57. }
  58. static int ipv6_mc_check_mld_reportv2(struct sk_buff *skb)
  59. {
  60. unsigned int len = skb_transport_offset(skb);
  61. len += sizeof(struct mld2_report);
  62. return pskb_may_pull(skb, len) ? 0 : -EINVAL;
  63. }
  64. static int ipv6_mc_check_mld_query(struct sk_buff *skb)
  65. {
  66. struct mld_msg *mld;
  67. unsigned int len = skb_transport_offset(skb);
  68. /* RFC2710+RFC3810 (MLDv1+MLDv2) require link-local source addresses */
  69. if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL))
  70. return -EINVAL;
  71. len += sizeof(struct mld_msg);
  72. if (skb->len < len)
  73. return -EINVAL;
  74. /* MLDv1? */
  75. if (skb->len != len) {
  76. /* or MLDv2? */
  77. len += sizeof(struct mld2_query) - sizeof(struct mld_msg);
  78. if (skb->len < len || !pskb_may_pull(skb, len))
  79. return -EINVAL;
  80. }
  81. mld = (struct mld_msg *)skb_transport_header(skb);
  82. /* RFC2710+RFC3810 (MLDv1+MLDv2) require the multicast link layer
  83. * all-nodes destination address (ff02::1) for general queries
  84. */
  85. if (ipv6_addr_any(&mld->mld_mca) &&
  86. !ipv6_addr_is_ll_all_nodes(&ipv6_hdr(skb)->daddr))
  87. return -EINVAL;
  88. return 0;
  89. }
  90. static int ipv6_mc_check_mld_msg(struct sk_buff *skb)
  91. {
  92. struct mld_msg *mld = (struct mld_msg *)skb_transport_header(skb);
  93. switch (mld->mld_type) {
  94. case ICMPV6_MGM_REDUCTION:
  95. case ICMPV6_MGM_REPORT:
  96. /* fall through */
  97. return 0;
  98. case ICMPV6_MLD2_REPORT:
  99. return ipv6_mc_check_mld_reportv2(skb);
  100. case ICMPV6_MGM_QUERY:
  101. return ipv6_mc_check_mld_query(skb);
  102. default:
  103. return -ENOMSG;
  104. }
  105. }
  106. static inline __sum16 ipv6_mc_validate_checksum(struct sk_buff *skb)
  107. {
  108. return skb_checksum_validate(skb, IPPROTO_ICMPV6, ip6_compute_pseudo);
  109. }
  110. static int __ipv6_mc_check_mld(struct sk_buff *skb,
  111. struct sk_buff **skb_trimmed)
  112. {
  113. struct sk_buff *skb_chk = NULL;
  114. unsigned int transport_len;
  115. unsigned int len = skb_transport_offset(skb) + sizeof(struct mld_msg);
  116. int ret;
  117. transport_len = ntohs(ipv6_hdr(skb)->payload_len);
  118. transport_len -= skb_transport_offset(skb) - sizeof(struct ipv6hdr);
  119. skb_get(skb);
  120. skb_chk = skb_checksum_trimmed(skb, transport_len,
  121. ipv6_mc_validate_checksum);
  122. if (!skb_chk)
  123. return -EINVAL;
  124. if (!pskb_may_pull(skb_chk, len)) {
  125. kfree_skb(skb_chk);
  126. return -EINVAL;
  127. }
  128. ret = ipv6_mc_check_mld_msg(skb_chk);
  129. if (ret) {
  130. kfree_skb(skb_chk);
  131. return ret;
  132. }
  133. if (skb_trimmed)
  134. *skb_trimmed = skb_chk;
  135. else
  136. kfree_skb(skb_chk);
  137. return 0;
  138. }
  139. /**
  140. * ipv6_mc_check_mld - checks whether this is a sane MLD packet
  141. * @skb: the skb to validate
  142. * @skb_trimmed: to store an skb pointer trimmed to IPv6 packet tail (optional)
  143. *
  144. * Checks whether an IPv6 packet is a valid MLD packet. If so sets
  145. * skb network and transport headers accordingly and returns zero.
  146. *
  147. * -EINVAL: A broken packet was detected, i.e. it violates some internet
  148. * standard
  149. * -ENOMSG: IP header validation succeeded but it is not an MLD packet.
  150. * -ENOMEM: A memory allocation failure happened.
  151. *
  152. * Optionally, an skb pointer might be provided via skb_trimmed (or set it
  153. * to NULL): After parsing an MLD packet successfully it will point to
  154. * an skb which has its tail aligned to the IP packet end. This might
  155. * either be the originally provided skb or a trimmed, cloned version if
  156. * the skb frame had data beyond the IP packet. A cloned skb allows us
  157. * to leave the original skb and its full frame unchanged (which might be
  158. * desirable for layer 2 frame jugglers).
  159. *
  160. * The caller needs to release a reference count from any returned skb_trimmed.
  161. */
  162. int ipv6_mc_check_mld(struct sk_buff *skb, struct sk_buff **skb_trimmed)
  163. {
  164. int ret;
  165. ret = ipv6_mc_check_ip6hdr(skb);
  166. if (ret < 0)
  167. return ret;
  168. ret = ipv6_mc_check_exthdrs(skb);
  169. if (ret < 0)
  170. return ret;
  171. return __ipv6_mc_check_mld(skb, skb_trimmed);
  172. }
  173. EXPORT_SYMBOL(ipv6_mc_check_mld);