debug lk

hc

2024-02-20 e636c8d336489bf3eed5878299e6cc045bbad077

 kernel/net/ipv6/exthdrs.c
..
..
@@ -1,3 +1,4 @@
1
+// SPDX-License-Identifier: GPL-2.0-or-later
1
2
 /*
2
3
  *	Extension Header handling for IPv6
3
4
  *	Linux INET6 implementation
..
..
@@ -6,11 +7,6 @@
6
7
  *	Pedro Roque		<roque@di.fc.ul.pt>
7
8
  *	Andi Kleen		<ak@muc.de>
8
9
  *	Alexey Kuznetsov	<kuznet@ms2.inr.ac.ru>
9
- *
10
- *	This program is free software; you can redistribute it and/or
11
- *      modify it under the terms of the GNU General Public License
12
- *      as published by the Free Software Foundation; either version
13
- *      2 of the License, or (at your option) any later version.
14
10
  */
15
11
 
16
12
 /* Changes:
..
..
@@ -52,6 +48,7 @@
52
48
 #ifdef CONFIG_IPV6_SEG6_HMAC
53
49
 #include <net/seg6_hmac.h>
54
50
 #endif
51
+#include <net/rpl.h>
55
52
 
56
53
 #include <linux/uaccess.h>
57
54
 
..
..
@@ -101,7 +98,7 @@
101
98
 		 */
102
99
 		if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr))
103
100
 			break;
104
-		/* fall through */
101
+		fallthrough;
105
102
 	case 2: /* send ICMP PARM PROB regardless and drop packet */
106
103
 		icmpv6_param_prob(skb, ICMPV6_UNK_OPTION, optoff);
107
104
 		return false;
..
..
@@ -471,6 +468,188 @@
471
468
 	return -1;
472
469
 }
473
470
 
471
+static int ipv6_rpl_srh_rcv(struct sk_buff *skb)
472
+{
473
+	struct ipv6_rpl_sr_hdr *hdr, *ohdr, *chdr;
474
+	struct inet6_skb_parm *opt = IP6CB(skb);
475
+	struct net *net = dev_net(skb->dev);
476
+	struct inet6_dev *idev;
477
+	struct ipv6hdr *oldhdr;
478
+	struct in6_addr addr;
479
+	unsigned char *buf;
480
+	int accept_rpl_seg;
481
+	int i, err;
482
+	u64 n = 0;
483
+	u32 r;
484
+
485
+	idev = __in6_dev_get(skb->dev);
486
+
487
+	accept_rpl_seg = net->ipv6.devconf_all->rpl_seg_enabled;
488
+	if (accept_rpl_seg > idev->cnf.rpl_seg_enabled)
489
+		accept_rpl_seg = idev->cnf.rpl_seg_enabled;
490
+
491
+	if (!accept_rpl_seg) {
492
+		kfree_skb(skb);
493
+		return -1;
494
+	}
495
+
496
+looped_back:
497
+	hdr = (struct ipv6_rpl_sr_hdr *)skb_transport_header(skb);
498
+
499
+	if (hdr->segments_left == 0) {
500
+		if (hdr->nexthdr == NEXTHDR_IPV6) {
501
+			int offset = (hdr->hdrlen + 1) << 3;
502
+
503
+			skb_postpull_rcsum(skb, skb_network_header(skb),
504
+					   skb_network_header_len(skb));
505
+
506
+			if (!pskb_pull(skb, offset)) {
507
+				kfree_skb(skb);
508
+				return -1;
509
+			}
510
+			skb_postpull_rcsum(skb, skb_transport_header(skb),
511
+					   offset);
512
+
513
+			skb_reset_network_header(skb);
514
+			skb_reset_transport_header(skb);
515
+			skb->encapsulation = 0;
516
+
517
+			__skb_tunnel_rx(skb, skb->dev, net);
518
+
519
+			netif_rx(skb);
520
+			return -1;
521
+		}
522
+
523
+		opt->srcrt = skb_network_header_len(skb);
524
+		opt->lastopt = opt->srcrt;
525
+		skb->transport_header += (hdr->hdrlen + 1) << 3;
526
+		opt->nhoff = (&hdr->nexthdr) - skb_network_header(skb);
527
+
528
+		return 1;
529
+	}
530
+
531
+	if (!pskb_may_pull(skb, sizeof(*hdr))) {
532
+		kfree_skb(skb);
533
+		return -1;
534
+	}
535
+
536
+	n = (hdr->hdrlen << 3) - hdr->pad - (16 - hdr->cmpre);
537
+	r = do_div(n, (16 - hdr->cmpri));
538
+	/* checks if calculation was without remainder and n fits into
539
+	 * unsigned char which is segments_left field. Should not be
540
+	 * higher than that.
541
+	 */
542
+	if (r || (n + 1) > 255) {
543
+		kfree_skb(skb);
544
+		return -1;
545
+	}
546
+
547
+	if (hdr->segments_left > n + 1) {
548
+		__IP6_INC_STATS(net, idev, IPSTATS_MIB_INHDRERRORS);
549
+		icmpv6_param_prob(skb, ICMPV6_HDR_FIELD,
550
+				  ((&hdr->segments_left) -
551
+				   skb_network_header(skb)));
552
+		return -1;
553
+	}
554
+
555
+	if (!pskb_may_pull(skb, ipv6_rpl_srh_size(n, hdr->cmpri,
556
+						  hdr->cmpre))) {
557
+		kfree_skb(skb);
558
+		return -1;
559
+	}
560
+
561
+	hdr->segments_left--;
562
+	i = n - hdr->segments_left;
563
+
564
+	buf = kcalloc(struct_size(hdr, segments.addr, n + 2), 2, GFP_ATOMIC);
565
+	if (unlikely(!buf)) {
566
+		kfree_skb(skb);
567
+		return -1;
568
+	}
569
+
570
+	ohdr = (struct ipv6_rpl_sr_hdr *)buf;
571
+	ipv6_rpl_srh_decompress(ohdr, hdr, &ipv6_hdr(skb)->daddr, n);
572
+	chdr = (struct ipv6_rpl_sr_hdr *)(buf + ((ohdr->hdrlen + 1) << 3));
573
+
574
+	if ((ipv6_addr_type(&ipv6_hdr(skb)->daddr) & IPV6_ADDR_MULTICAST) ||
575
+	    (ipv6_addr_type(&ohdr->rpl_segaddr[i]) & IPV6_ADDR_MULTICAST)) {
576
+		kfree_skb(skb);
577
+		kfree(buf);
578
+		return -1;
579
+	}
580
+
581
+	err = ipv6_chk_rpl_srh_loop(net, ohdr->rpl_segaddr, n + 1);
582
+	if (err) {
583
+		icmpv6_send(skb, ICMPV6_PARAMPROB, 0, 0);
584
+		kfree_skb(skb);
585
+		kfree(buf);
586
+		return -1;
587
+	}
588
+
589
+	addr = ipv6_hdr(skb)->daddr;
590
+	ipv6_hdr(skb)->daddr = ohdr->rpl_segaddr[i];
591
+	ohdr->rpl_segaddr[i] = addr;
592
+
593
+	ipv6_rpl_srh_compress(chdr, ohdr, &ipv6_hdr(skb)->daddr, n);
594
+
595
+	oldhdr = ipv6_hdr(skb);
596
+
597
+	skb_pull(skb, ((hdr->hdrlen + 1) << 3));
598
+	skb_postpull_rcsum(skb, oldhdr,
599
+			   sizeof(struct ipv6hdr) + ((hdr->hdrlen + 1) << 3));
600
+	if (unlikely(!hdr->segments_left)) {
601
+		if (pskb_expand_head(skb, sizeof(struct ipv6hdr) + ((chdr->hdrlen + 1) << 3), 0,
602
+				     GFP_ATOMIC)) {
603
+			__IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), IPSTATS_MIB_OUTDISCARDS);
604
+			kfree_skb(skb);
605
+			kfree(buf);
606
+			return -1;
607
+		}
608
+
609
+		oldhdr = ipv6_hdr(skb);
610
+	}
611
+	skb_push(skb, ((chdr->hdrlen + 1) << 3) + sizeof(struct ipv6hdr));
612
+	skb_reset_network_header(skb);
613
+	skb_mac_header_rebuild(skb);
614
+	skb_set_transport_header(skb, sizeof(struct ipv6hdr));
615
+
616
+	memmove(ipv6_hdr(skb), oldhdr, sizeof(struct ipv6hdr));
617
+	memcpy(skb_transport_header(skb), chdr, (chdr->hdrlen + 1) << 3);
618
+
619
+	ipv6_hdr(skb)->payload_len = htons(skb->len - sizeof(struct ipv6hdr));
620
+	skb_postpush_rcsum(skb, ipv6_hdr(skb),
621
+			   sizeof(struct ipv6hdr) + ((chdr->hdrlen + 1) << 3));
622
+
623
+	kfree(buf);
624
+
625
+	skb_dst_drop(skb);
626
+
627
+	ip6_route_input(skb);
628
+
629
+	if (skb_dst(skb)->error) {
630
+		dst_input(skb);
631
+		return -1;
632
+	}
633
+
634
+	if (skb_dst(skb)->dev->flags & IFF_LOOPBACK) {
635
+		if (ipv6_hdr(skb)->hop_limit <= 1) {
636
+			__IP6_INC_STATS(net, idev, IPSTATS_MIB_INHDRERRORS);
637
+			icmpv6_send(skb, ICMPV6_TIME_EXCEED,
638
+				    ICMPV6_EXC_HOPLIMIT, 0);
639
+			kfree_skb(skb);
640
+			return -1;
641
+		}
642
+		ipv6_hdr(skb)->hop_limit--;
643
+
644
+		skb_pull(skb, sizeof(struct ipv6hdr));
645
+		goto looped_back;
646
+	}
647
+
648
+	dst_input(skb);
649
+
650
+	return -1;
651
+}
652
+
474
653
 /********************************
475
654
   Routing header.
476
655
  ********************************/
..
..
@@ -509,9 +688,16 @@
509
688
 		return -1;
510
689
 	}
511
690
 
512
-	/* segment routing */
513
-	if (hdr->type == IPV6_SRCRT_TYPE_4)
691
+	switch (hdr->type) {
692
+	case IPV6_SRCRT_TYPE_4:
693
+		/* segment routing */
514
694
 		return ipv6_srh_rcv(skb);
695
+	case IPV6_SRCRT_TYPE_3:
696
+		/* rpl segment routing */
697
+		return ipv6_rpl_srh_rcv(skb);
698
+	default:
699
+		break;
700
+	}
515
701
 
516
702
 looped_back:
517
703
 	if (hdr->segments_left == 0) {
..
..
@@ -1038,7 +1224,6 @@
1038
1224
  * @opt: original options
1039
1225
  * @newtype: option type to replace in @opt
1040
1226
  * @newopt: new option of type @newtype to replace (user-mem)
1041
- * @newoptlen: length of @newopt
1042
1227
  *
1043
1228
  * Returns a new set of options which is a copy of @opt with the
1044
1229
  * option type @newtype replaced with @newopt.