~hc/RK356X_SDK_RELEASE.git

..	..	@@ -1,18 +1,6 @@
	1	+// SPDX-License-Identifier: GPL-2.0-only
1	2	/* Copyright (C) 2010: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
2	3	* Copyright (C) 2015: Linus Lüssing <linus.luessing@c0d3.blue>
3		- *
4		- * This program is free software; you can redistribute it and/or
5		- * modify it under the terms of version 2 of the GNU General Public
6		- * License as published by the Free Software Foundation.
7		- *
8		- * This program is distributed in the hope that it will be useful, but
9		- * WITHOUT ANY WARRANTY; without even the implied warranty of
10		- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
11		- * General Public License for more details.
12		- *
13		- * You should have received a copy of the GNU General Public License
14		- * along with this program; if not, see <http://www.gnu.org/licenses/>.
15		- *
16	4	*
17	5	* Based on the MLD support added to br_multicast.c by YOSHIFUJI Hideaki.
18	6	*/
..	..	@@ -40,6 +28,8 @@
40	28	len = offset + ntohs(ip6h->payload_len);
41	29	if (skb->len < len \|\| len <= offset)
42	30	return -EINVAL;
	31	+
	32	+ skb_set_transport_header(skb, offset);
43	33
44	34	return 0;
45	35	}
..	..	@@ -77,27 +67,27 @@
77	67
78	68	len += sizeof(struct mld2_report);
79	69
80		- return pskb_may_pull(skb, len) ? 0 : -EINVAL;
	70	+ return ipv6_mc_may_pull(skb, len) ? 0 : -EINVAL;
81	71	}
82	72
83	73	static int ipv6_mc_check_mld_query(struct sk_buff *skb)
84	74	{
	75	+ unsigned int transport_len = ipv6_transport_len(skb);
85	76	struct mld_msg *mld;
86		- unsigned int len = skb_transport_offset(skb);
	77	+ unsigned int len;
87	78
88	79	/* RFC2710+RFC3810 (MLDv1+MLDv2) require link-local source addresses */
89	80	if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL))
90	81	return -EINVAL;
91	82
92		- len += sizeof(struct mld_msg);
93		- if (skb->len < len)
94		- return -EINVAL;
95		-
96	83	/* MLDv1? */
97		- if (skb->len != len) {
	84	+ if (transport_len != sizeof(struct mld_msg)) {
98	85	/* or MLDv2? */
99		- len += sizeof(struct mld2_query) - sizeof(struct mld_msg);
100		- if (skb->len < len \|\| !pskb_may_pull(skb, len))
	86	+ if (transport_len < sizeof(struct mld2_query))
	87	+ return -EINVAL;
	88	+
	89	+ len = skb_transport_offset(skb) + sizeof(struct mld2_query);
	90	+ if (!ipv6_mc_may_pull(skb, len))
101	91	return -EINVAL;
102	92	}
103	93
..	..	@@ -115,19 +105,24 @@
115	105
116	106	static int ipv6_mc_check_mld_msg(struct sk_buff *skb)
117	107	{
118		- struct mld_msg mld = (struct mld_msg )skb_transport_header(skb);
	108	+ unsigned int len = skb_transport_offset(skb) + sizeof(struct mld_msg);
	109	+ struct mld_msg *mld;
	110	+
	111	+ if (!ipv6_mc_may_pull(skb, len))
	112	+ return -ENODATA;
	113	+
	114	+ mld = (struct mld_msg *)skb_transport_header(skb);
119	115
120	116	switch (mld->mld_type) {
121	117	case ICMPV6_MGM_REDUCTION:
122	118	case ICMPV6_MGM_REPORT:
123		- /* fall through */
124	119	return 0;
125	120	case ICMPV6_MLD2_REPORT:
126	121	return ipv6_mc_check_mld_reportv2(skb);
127	122	case ICMPV6_MGM_QUERY:
128	123	return ipv6_mc_check_mld_query(skb);
129	124	default:
130		- return -ENOMSG;
	125	+ return -ENODATA;
131	126	}
132	127	}
133	128
..	..	@@ -136,70 +131,45 @@
136	131	return skb_checksum_validate(skb, IPPROTO_ICMPV6, ip6_compute_pseudo);
137	132	}
138	133
139		-static int __ipv6_mc_check_mld(struct sk_buff *skb,
140		- struct sk_buff **skb_trimmed)
141		-
	134	+static int ipv6_mc_check_icmpv6(struct sk_buff *skb)
142	135	{
143		- struct sk_buff *skb_chk = NULL;
144		- unsigned int transport_len;
145		- unsigned int len = skb_transport_offset(skb) + sizeof(struct mld_msg);
146		- int ret = -EINVAL;
	136	+ unsigned int len = skb_transport_offset(skb) + sizeof(struct icmp6hdr);
	137	+ unsigned int transport_len = ipv6_transport_len(skb);
	138	+ struct sk_buff *skb_chk;
147	139
148		- transport_len = ntohs(ipv6_hdr(skb)->payload_len);
149		- transport_len -= skb_transport_offset(skb) - sizeof(struct ipv6hdr);
	140	+ if (!ipv6_mc_may_pull(skb, len))
	141	+ return -EINVAL;
150	142
151	143	skb_chk = skb_checksum_trimmed(skb, transport_len,
152	144	ipv6_mc_validate_checksum);
153	145	if (!skb_chk)
154		- goto err;
	146	+ return -EINVAL;
155	147
156		- if (!pskb_may_pull(skb_chk, len))
157		- goto err;
158		-
159		- ret = ipv6_mc_check_mld_msg(skb_chk);
160		- if (ret)
161		- goto err;
162		-
163		- if (skb_trimmed)
164		- *skb_trimmed = skb_chk;
165		- /* free now unneeded clone */
166		- else if (skb_chk != skb)
	148	+ if (skb_chk != skb)
167	149	kfree_skb(skb_chk);
168	150
169		- ret = 0;
170		-
171		-err:
172		- if (ret && skb_chk && skb_chk != skb)
173		- kfree_skb(skb_chk);
174		-
175		- return ret;
	151	+ return 0;
176	152	}
177	153
178	154	/**
179	155	* ipv6_mc_check_mld - checks whether this is a sane MLD packet
180	156	* @skb: the skb to validate
181		- * @skb_trimmed: to store an skb pointer trimmed to IPv6 packet tail (optional)
182	157	*
183	158	* Checks whether an IPv6 packet is a valid MLD packet. If so sets
184	159	* skb transport header accordingly and returns zero.
185	160	*
186	161	* -EINVAL: A broken packet was detected, i.e. it violates some internet
187	162	* standard
188		- * -ENOMSG: IP header validation succeeded but it is not an MLD packet.
	163	+ * -ENOMSG: IP header validation succeeded but it is not an ICMPv6 packet
	164	+ * with a hop-by-hop option.
	165	+ * -ENODATA: IP+ICMPv6 header with hop-by-hop option validation succeeded
	166	+ * but it is not an MLD packet.
189	167	* -ENOMEM: A memory allocation failure happened.
190		- *
191		- * Optionally, an skb pointer might be provided via skb_trimmed (or set it
192		- * to NULL): After parsing an MLD packet successfully it will point to
193		- * an skb which has its tail aligned to the IP packet end. This might
194		- * either be the originally provided skb or a trimmed, cloned version if
195		- * the skb frame had data beyond the IP packet. A cloned skb allows us
196		- * to leave the original skb and its full frame unchanged (which might be
197		- * desirable for layer 2 frame jugglers).
198	168	*
199	169	* Caller needs to set the skb network header and free any returned skb if it
200	170	* differs from the provided skb.
201	171	*/
202		-int ipv6_mc_check_mld(struct sk_buff skb, struct sk_buff *skb_trimmed)
	172	+int ipv6_mc_check_mld(struct sk_buff *skb)
203	173	{
204	174	int ret;
205	175
..	..	@@ -211,6 +181,10 @@
211	181	if (ret < 0)
212	182	return ret;
213	183
214		- return __ipv6_mc_check_mld(skb, skb_trimmed);
	184	+ ret = ipv6_mc_check_icmpv6(skb);
	185	+ if (ret < 0)
	186	+ return ret;
	187	+
	188	+ return ipv6_mc_check_mld_msg(skb);
215	189	}
216	190	EXPORT_SYMBOL(ipv6_mc_check_mld);