From patchwork Mon Apr 15 17:52:14 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Herbert X-Patchwork-Id: 1085853 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=herbertland.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=herbertland-com.20150623.gappssmtp.com header.i=@herbertland-com.20150623.gappssmtp.com header.b="0fax7mJI"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 44jbgp2RcSz9s9T for ; Tue, 16 Apr 2019 03:52:54 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727664AbfDORww (ORCPT ); Mon, 15 Apr 2019 13:52:52 -0400 Received: from mail-pl1-f176.google.com ([209.85.214.176]:39017 "EHLO mail-pl1-f176.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727575AbfDORww (ORCPT ); Mon, 15 Apr 2019 13:52:52 -0400 Received: by mail-pl1-f176.google.com with SMTP id a96so8939789pla.6 for ; Mon, 15 Apr 2019 10:52:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=TGVxdFiZQLzHBlzs4zDdbLHcQYYHFVSYmQHKE1wUTzc=; b=0fax7mJI4uZc3m1ZzW0z3CPH6fJwD1ytYACLFedlsC+H9kLFFGmVtL9no7ppVKdyxF 4NkJptaJu93H8rT7TTZQLA6cCWtS/C+1CGraiHyvuA6BJJngFXg6F7tpQf94PofYMfr0 OoI+CSUCAxcfgxVz2hceJ6IDynujsUL9CXaEeb+52qJUI+bDvq1B/dG69TXnxSjm5EdG uQ7FteH/QgEaRRF648/COGR5w4q0mV6B4Zlnn8SztKbN77iXSI0sYpwleZbj8kgFPWy/ kH9H3DqPlDWy/lnsUPZEIxAtsps/xgU8qDtO20qf/SyYzKxzoP8lBo9N7wxkc9YZug4f qhyg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=TGVxdFiZQLzHBlzs4zDdbLHcQYYHFVSYmQHKE1wUTzc=; b=nh4xmI9IIjlCp+16wU8mCYTxhB57txap53gDUsTTCWJcZvjRxAB4xACD4WqKmQQ/UI ne6PbrDpZbwI5iv3RK+h6HKaTH+v98qD1VJxS5mQT8D8T5V396u4Jh23uYxfSCxJDN+L 7qG9cUmqTJUIeMUj3H0j+L5BYnxDOkhWABuus4jfTjsJUGW0hjoSSIcuAC4vbcvdEprx OqjKbh/IVnCESW/kwOG0k/a7P1w9OM8hoAD9zjD44e93JoyBEYuVPQp4iafpfvpFyxuB 9sBgnejZ3GvkY7MKtR3asMO5iKUz5stdr/V7WrODZWxEr4BZZk5PyKcxfGI+ljAKhEa1 tPSQ== X-Gm-Message-State: APjAAAXfvF2QeeJwWEjcecsxpnFz/DRze8gkjDPMv+nab3L6Vwv8lIVH GEW2IjlrCe6wiYeRJnoYdfGJ8A== X-Google-Smtp-Source: APXvYqxhhzc+/vS+8+uGOTsCvaeLYp2iKaNT5LmVhfCZ1IWlsKL+rdxBvxtiBf23euumGERa+pWIYQ== X-Received: by 2002:a17:902:9a0c:: with SMTP id v12mr50079443plp.184.1555350770857; Mon, 15 Apr 2019 10:52:50 -0700 (PDT) Received: from localhost.localdomain (c-73-223-249-119.hsd1.ca.comcast.net. [73.223.249.119]) by smtp.gmail.com with ESMTPSA id t24sm58751170pfe.110.2019.04.15.10.52.49 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 15 Apr 2019 10:52:50 -0700 (PDT) From: Tom Herbert X-Google-Original-From: Tom Herbert To: davem@davemloft.net, netdev@vger.kernel.org Cc: Tom Herbert Subject: [PATCH v3 net-next 1/7] exthdrs: Create exthdrs_options.c Date: Mon, 15 Apr 2019 10:52:14 -0700 Message-Id: <1555350740-23490-2-git-send-email-tom@quantonium.net> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1555350740-23490-1-git-send-email-tom@quantonium.net> References: <1555350740-23490-1-git-send-email-tom@quantonium.net> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Create exthdrs_options.c to hold code related to specific Hop-by-Hop and Destination extension header options. Move related functions in exthdrs.c to the new file. --- include/net/ipv6.h | 15 ++++ net/ipv6/Makefile | 2 +- net/ipv6/exthdrs.c | 204 --------------------------------------------- net/ipv6/exthdrs_options.c | 201 ++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 217 insertions(+), 205 deletions(-) create mode 100644 net/ipv6/exthdrs_options.c diff --git a/include/net/ipv6.h b/include/net/ipv6.h index daf8086..e36c2c1 100644 --- a/include/net/ipv6.h +++ b/include/net/ipv6.h @@ -379,6 +379,21 @@ struct ipv6_txoptions *ipv6_renew_options(struct sock *sk, struct ipv6_txoptions *ipv6_fixup_options(struct ipv6_txoptions *opt_space, struct ipv6_txoptions *opt); +/* + * Parsing tlv encoded headers. + * + * Parsing function "func" returns true, if parsing succeed + * and false, if it failed. + * It MUST NOT touch skb->h. + */ +struct tlvtype_proc { + int type; + bool (*func)(struct sk_buff *skb, int offset); +}; + +extern const struct tlvtype_proc tlvprocdestopt_lst[]; +extern const struct tlvtype_proc tlvprochopopt_lst[]; + bool ipv6_opt_accepted(const struct sock *sk, const struct sk_buff *skb, const struct inet6_skb_parm *opt); struct ipv6_txoptions *ipv6_update_options(struct sock *sk, diff --git a/net/ipv6/Makefile b/net/ipv6/Makefile index e0026fa..72bd775 100644 --- a/net/ipv6/Makefile +++ b/net/ipv6/Makefile @@ -10,7 +10,7 @@ ipv6-objs := af_inet6.o anycast.o ip6_output.o ip6_input.o addrconf.o \ route.o ip6_fib.o ipv6_sockglue.o ndisc.o udp.o udplite.o \ raw.o icmp.o mcast.o reassembly.o tcp_ipv6.o ping.o \ exthdrs.o datagram.o ip6_flowlabel.o inet6_connection_sock.o \ - udp_offload.o seg6.o fib6_notifier.o + udp_offload.o seg6.o fib6_notifier.o exthdrs_options.o ipv6-offload := ip6_offload.o tcpv6_offload.o exthdrs_offload.o diff --git a/net/ipv6/exthdrs.c b/net/ipv6/exthdrs.c index 20291c2..55ca778 100644 --- a/net/ipv6/exthdrs.c +++ b/net/ipv6/exthdrs.c @@ -43,7 +43,6 @@ #include #include #include -#include #if IS_ENABLED(CONFIG_IPV6_MIP6) #include #endif @@ -55,19 +54,6 @@ #include -/* - * Parsing tlv encoded headers. - * - * Parsing function "func" returns true, if parsing succeed - * and false, if it failed. - * It MUST NOT touch skb->h. - */ - -struct tlvtype_proc { - int type; - bool (*func)(struct sk_buff *skb, int offset); -}; - /********************* Generic functions *********************/ @@ -204,80 +190,6 @@ static bool ip6_parse_tlv(const struct tlvtype_proc *procs, return false; } -/***************************** - Destination options header. - *****************************/ - -#if IS_ENABLED(CONFIG_IPV6_MIP6) -static bool ipv6_dest_hao(struct sk_buff *skb, int optoff) -{ - struct ipv6_destopt_hao *hao; - struct inet6_skb_parm *opt = IP6CB(skb); - struct ipv6hdr *ipv6h = ipv6_hdr(skb); - int ret; - - if (opt->dsthao) { - net_dbg_ratelimited("hao duplicated\n"); - goto discard; - } - opt->dsthao = opt->dst1; - opt->dst1 = 0; - - hao = (struct ipv6_destopt_hao *)(skb_network_header(skb) + optoff); - - if (hao->length != 16) { - net_dbg_ratelimited("hao invalid option length = %d\n", - hao->length); - goto discard; - } - - if (!(ipv6_addr_type(&hao->addr) & IPV6_ADDR_UNICAST)) { - net_dbg_ratelimited("hao is not an unicast addr: %pI6\n", - &hao->addr); - goto discard; - } - - ret = xfrm6_input_addr(skb, (xfrm_address_t *)&ipv6h->daddr, - (xfrm_address_t *)&hao->addr, IPPROTO_DSTOPTS); - if (unlikely(ret < 0)) - goto discard; - - if (skb_cloned(skb)) { - if (pskb_expand_head(skb, 0, 0, GFP_ATOMIC)) - goto discard; - - /* update all variable using below by copied skbuff */ - hao = (struct ipv6_destopt_hao *)(skb_network_header(skb) + - optoff); - ipv6h = ipv6_hdr(skb); - } - - if (skb->ip_summed == CHECKSUM_COMPLETE) - skb->ip_summed = CHECKSUM_NONE; - - swap(ipv6h->saddr, hao->addr); - - if (skb->tstamp == 0) - __net_timestamp(skb); - - return true; - - discard: - kfree_skb(skb); - return false; -} -#endif - -static const struct tlvtype_proc tlvprocdestopt_lst[] = { -#if IS_ENABLED(CONFIG_IPV6_MIP6) - { - .type = IPV6_TLV_HAO, - .func = ipv6_dest_hao, - }, -#endif - {-1, NULL} -}; - static int ipv6_destopt_rcv(struct sk_buff *skb) { struct inet6_dev *idev = __in6_dev_get(skb->dev); @@ -706,122 +618,6 @@ void ipv6_exthdrs_exit(void) inet6_del_protocol(&rthdr_protocol, IPPROTO_ROUTING); } -/********************************** - Hop-by-hop options. - **********************************/ - -/* - * Note: we cannot rely on skb_dst(skb) before we assign it in ip6_route_input(). - */ -static inline struct inet6_dev *ipv6_skb_idev(struct sk_buff *skb) -{ - return skb_dst(skb) ? ip6_dst_idev(skb_dst(skb)) : __in6_dev_get(skb->dev); -} - -static inline struct net *ipv6_skb_net(struct sk_buff *skb) -{ - return skb_dst(skb) ? dev_net(skb_dst(skb)->dev) : dev_net(skb->dev); -} - -/* Router Alert as of RFC 2711 */ - -static bool ipv6_hop_ra(struct sk_buff *skb, int optoff) -{ - const unsigned char *nh = skb_network_header(skb); - - if (nh[optoff + 1] == 2) { - IP6CB(skb)->flags |= IP6SKB_ROUTERALERT; - memcpy(&IP6CB(skb)->ra, nh + optoff + 2, sizeof(IP6CB(skb)->ra)); - return true; - } - net_dbg_ratelimited("ipv6_hop_ra: wrong RA length %d\n", - nh[optoff + 1]); - kfree_skb(skb); - return false; -} - -/* Jumbo payload */ - -static bool ipv6_hop_jumbo(struct sk_buff *skb, int optoff) -{ - const unsigned char *nh = skb_network_header(skb); - struct inet6_dev *idev = __in6_dev_get_safely(skb->dev); - struct net *net = ipv6_skb_net(skb); - u32 pkt_len; - - if (nh[optoff + 1] != 4 || (optoff & 3) != 2) { - net_dbg_ratelimited("ipv6_hop_jumbo: wrong jumbo opt length/alignment %d\n", - nh[optoff+1]); - __IP6_INC_STATS(net, idev, IPSTATS_MIB_INHDRERRORS); - goto drop; - } - - pkt_len = ntohl(*(__be32 *)(nh + optoff + 2)); - if (pkt_len <= IPV6_MAXPLEN) { - __IP6_INC_STATS(net, idev, IPSTATS_MIB_INHDRERRORS); - icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, optoff+2); - return false; - } - if (ipv6_hdr(skb)->payload_len) { - __IP6_INC_STATS(net, idev, IPSTATS_MIB_INHDRERRORS); - icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, optoff); - return false; - } - - if (pkt_len > skb->len - sizeof(struct ipv6hdr)) { - __IP6_INC_STATS(net, idev, IPSTATS_MIB_INTRUNCATEDPKTS); - goto drop; - } - - if (pskb_trim_rcsum(skb, pkt_len + sizeof(struct ipv6hdr))) - goto drop; - - IP6CB(skb)->flags |= IP6SKB_JUMBOGRAM; - return true; - -drop: - kfree_skb(skb); - return false; -} - -/* CALIPSO RFC 5570 */ - -static bool ipv6_hop_calipso(struct sk_buff *skb, int optoff) -{ - const unsigned char *nh = skb_network_header(skb); - - if (nh[optoff + 1] < 8) - goto drop; - - if (nh[optoff + 6] * 4 + 8 > nh[optoff + 1]) - goto drop; - - if (!calipso_validate(skb, nh + optoff)) - goto drop; - - return true; - -drop: - kfree_skb(skb); - return false; -} - -static const struct tlvtype_proc tlvprochopopt_lst[] = { - { - .type = IPV6_TLV_ROUTERALERT, - .func = ipv6_hop_ra, - }, - { - .type = IPV6_TLV_JUMBO, - .func = ipv6_hop_jumbo, - }, - { - .type = IPV6_TLV_CALIPSO, - .func = ipv6_hop_calipso, - }, - { -1, } -}; - int ipv6_parse_hopopts(struct sk_buff *skb) { struct inet6_skb_parm *opt = IP6CB(skb); diff --git a/net/ipv6/exthdrs_options.c b/net/ipv6/exthdrs_options.c new file mode 100644 index 0000000..032e072 --- /dev/null +++ b/net/ipv6/exthdrs_options.c @@ -0,0 +1,201 @@ +// SPDX-License-Identifier: GPL-2.0 +#include +#include +#include +#include +#include +#include +#include +#include +#include +#if IS_ENABLED(CONFIG_IPV6_MIP6) +#include +#endif + +/* Destination options header */ + +#if IS_ENABLED(CONFIG_IPV6_MIP6) +static bool ipv6_dest_hao(struct sk_buff *skb, int optoff) +{ + struct ipv6_destopt_hao *hao; + struct inet6_skb_parm *opt = IP6CB(skb); + struct ipv6hdr *ipv6h = ipv6_hdr(skb); + int ret; + + if (opt->dsthao) { + net_dbg_ratelimited("hao duplicated\n"); + goto discard; + } + opt->dsthao = opt->dst1; + opt->dst1 = 0; + + hao = (struct ipv6_destopt_hao *)(skb_network_header(skb) + optoff); + + if (hao->length != 16) { + net_dbg_ratelimited("hao invalid option length = %d\n", + hao->length); + goto discard; + } + + if (!(ipv6_addr_type(&hao->addr) & IPV6_ADDR_UNICAST)) { + net_dbg_ratelimited("hao is not an unicast addr: %pI6\n", + &hao->addr); + goto discard; + } + + ret = xfrm6_input_addr(skb, (xfrm_address_t *)&ipv6h->daddr, + (xfrm_address_t *)&hao->addr, IPPROTO_DSTOPTS); + if (unlikely(ret < 0)) + goto discard; + + if (skb_cloned(skb)) { + if (pskb_expand_head(skb, 0, 0, GFP_ATOMIC)) + goto discard; + + /* update all variable using below by copied skbuff */ + hao = (struct ipv6_destopt_hao *)(skb_network_header(skb) + + optoff); + ipv6h = ipv6_hdr(skb); + } + + if (skb->ip_summed == CHECKSUM_COMPLETE) + skb->ip_summed = CHECKSUM_NONE; + + swap(ipv6h->saddr, hao->addr); + + if (skb->tstamp == 0) + __net_timestamp(skb); + + return true; + + discard: + kfree_skb(skb); + return false; +} +#endif + +const struct tlvtype_proc tlvprocdestopt_lst[] = { +#if IS_ENABLED(CONFIG_IPV6_MIP6) + { + .type = IPV6_TLV_HAO, + .func = ipv6_dest_hao, + }, +#endif + {-1, NULL} +}; + +/* Hop-by-hop options */ + +/* Note: we cannot rely on skb_dst(skb) before we assign it in + * ip6_route_input(). + */ +static inline struct inet6_dev *ipv6_skb_idev(struct sk_buff *skb) +{ + return skb_dst(skb) ? ip6_dst_idev(skb_dst(skb)) : + __in6_dev_get(skb->dev); +} + +static inline struct net *ipv6_skb_net(struct sk_buff *skb) +{ + return skb_dst(skb) ? dev_net(skb_dst(skb)->dev) : dev_net(skb->dev); +} + +/* Router Alert as of RFC 2711 */ + +static bool ipv6_hop_ra(struct sk_buff *skb, int optoff) +{ + const unsigned char *nh = skb_network_header(skb); + + if (nh[optoff + 1] == 2) { + IP6CB(skb)->flags |= IP6SKB_ROUTERALERT; + memcpy(&IP6CB(skb)->ra, nh + optoff + 2, + sizeof(IP6CB(skb)->ra)); + return true; + } + net_dbg_ratelimited("%s: wrong RA length %d\n", + __func__, nh[optoff + 1]); + kfree_skb(skb); + return false; +} + +/* Jumbo payload */ + +static bool ipv6_hop_jumbo(struct sk_buff *skb, int optoff) +{ + const unsigned char *nh = skb_network_header(skb); + struct inet6_dev *idev = __in6_dev_get_safely(skb->dev); + struct net *net = ipv6_skb_net(skb); + u32 pkt_len; + + if (nh[optoff + 1] != 4 || (optoff & 3) != 2) { + net_dbg_ratelimited("%s: wrong jumbo opt length/alignment %d\n", + __func__, nh[optoff + 1]); + __IP6_INC_STATS(net, idev, IPSTATS_MIB_INHDRERRORS); + goto drop; + } + + pkt_len = ntohl(*(__be32 *)(nh + optoff + 2)); + if (pkt_len <= IPV6_MAXPLEN) { + __IP6_INC_STATS(net, idev, IPSTATS_MIB_INHDRERRORS); + icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, optoff + 2); + return false; + } + if (ipv6_hdr(skb)->payload_len) { + __IP6_INC_STATS(net, idev, IPSTATS_MIB_INHDRERRORS); + icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, optoff); + return false; + } + + if (pkt_len > skb->len - sizeof(struct ipv6hdr)) { + __IP6_INC_STATS(net, idev, IPSTATS_MIB_INTRUNCATEDPKTS); + goto drop; + } + + if (pskb_trim_rcsum(skb, pkt_len + sizeof(struct ipv6hdr))) + goto drop; + + IP6CB(skb)->flags |= IP6SKB_JUMBOGRAM; + return true; + +drop: + kfree_skb(skb); + return false; +} + +/* CALIPSO RFC 5570 */ + +static bool ipv6_hop_calipso(struct sk_buff *skb, int optoff) +{ + const unsigned char *nh = skb_network_header(skb); + + if (nh[optoff + 1] < 8) + goto drop; + + if (nh[optoff + 6] * 4 + 8 > nh[optoff + 1]) + goto drop; + + if (!calipso_validate(skb, nh + optoff)) + goto drop; + + return true; + +drop: + kfree_skb(skb); + return false; +} + +const struct tlvtype_proc tlvprochopopt_lst[] = { + { + .type = IPV6_TLV_ROUTERALERT, + .func = ipv6_hop_ra, + }, + { + .type = IPV6_TLV_JUMBO, + .func = ipv6_hop_jumbo, + }, + { + .type = IPV6_TLV_CALIPSO, + .func = ipv6_hop_calipso, + }, + { -1, } +}; From patchwork Mon Apr 15 17:52:15 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Herbert X-Patchwork-Id: 1085858 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=herbertland.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=herbertland-com.20150623.gappssmtp.com header.i=@herbertland-com.20150623.gappssmtp.com header.b="Pqo+BNqg"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 44jbh54ghFz9s71 for ; Tue, 16 Apr 2019 03:53:09 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727731AbfDORw5 (ORCPT ); Mon, 15 Apr 2019 13:52:57 -0400 Received: from mail-pf1-f196.google.com ([209.85.210.196]:40051 "EHLO mail-pf1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727575AbfDORwx (ORCPT ); Mon, 15 Apr 2019 13:52:53 -0400 Received: by mail-pf1-f196.google.com with SMTP id c207so8976751pfc.7 for ; Mon, 15 Apr 2019 10:52:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=sj9oU0YSEg7QnYli96Smao2O+2f8msVsSTXeNWhB2Hk=; b=Pqo+BNqg1ZuBpcd1h8n2hw1q2OMWC1YB/tU1eX+tFnMwRdbYMmsZWEb+Na6GTyd/VX eXLKRbIE7mb0RwHmwlfXa0SirFFOv5HK8zvYdsA/Hp/Y/wQgw3VkFa4Rwrv3wZWeeCU2 BXbRnYB0Pm5r+NbE2hApkE5OBlXAXRWW4qVeqBsva01cwCrKA/tMgChsy9ywSFM8iI/V IAqRH552SWiiuFv9ECPxvs5/h7La7mmHDgS7E/zz60aSDnTgV5Rytqmi5O9TGLROG6mw yCU+oQb1Lvn0qTM0RWL7Lr48iXnKtB0b9TKQB/ZAFn0eVKGlgLKtBkdeLej5Z5WXOpk5 uYlA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=sj9oU0YSEg7QnYli96Smao2O+2f8msVsSTXeNWhB2Hk=; b=T0ixTxUFjAzQCgYV63wH6NsRW1lCk+1OLft4I4YTqvIiywU/7JTAgORHnrHXIZ4vlo 3AVtJ3tDbOqNWZ/aMhpCGlQgOyXoqfkW/LZ5CyyT4OfrbFKr87hMdAviMF6qYv8XbHnd UoCfM4XTCcDWtFN/M/Nk41YwkC3MXPSfqL1r14UG1VeYvQ2slC6FsHSPLW95TChJ/Ttu o4MmwMV0zckL9sLr3IMoDL6Pf0t30EKz96dM/pQCC+8hxRop1tg3zMXHDR0/QrhwXuQ+ ktCZjYiXJjOEokwu11pLyq6SOm5p604KryxTE0SQOnseeRAEziUGv3W6jF5o6xngt9Dk EFxw== X-Gm-Message-State: APjAAAVDTRJiKW4pYsOq5R7ZpdIfkOy2F0jLpuF8/RaMMCm59pARDDmi XCyLXoWz8jKGoh6Or/Req8zl0A== X-Google-Smtp-Source: APXvYqxqwro4QoDYAr+C20q9ZBs7vquCfN24z2bQkBvcJY1O+t7veSt6CkJ2gvcLMMi6RWXi5Mq1XA== X-Received: by 2002:aa7:8552:: with SMTP id y18mr76419525pfn.176.1555350772860; Mon, 15 Apr 2019 10:52:52 -0700 (PDT) Received: from localhost.localdomain (c-73-223-249-119.hsd1.ca.comcast.net. [73.223.249.119]) by smtp.gmail.com with ESMTPSA id t24sm58751170pfe.110.2019.04.15.10.52.52 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 15 Apr 2019 10:52:52 -0700 (PDT) From: Tom Herbert X-Google-Original-From: Tom Herbert To: davem@davemloft.net, netdev@vger.kernel.org Cc: Tom Herbert Subject: [PATCH v3 net-next 2/7] exthdrs: Move generic EH functions to exthdrs_core.c Date: Mon, 15 Apr 2019 10:52:15 -0700 Message-Id: <1555350740-23490-3-git-send-email-tom@quantonium.net> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1555350740-23490-1-git-send-email-tom@quantonium.net> References: <1555350740-23490-1-git-send-email-tom@quantonium.net> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Move generic functions in exthdrs.c to exthdrs_core.c so that exthdrs.c only contains functions that are specific to IPv6 processing, and exthdrs_core.c contains functions that are generic. --- net/ipv6/exthdrs.c | 138 ----------------------------------------------- net/ipv6/exthdrs_core.c | 139 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 139 insertions(+), 138 deletions(-) diff --git a/net/ipv6/exthdrs.c b/net/ipv6/exthdrs.c index 55ca778..6dbacf1 100644 --- a/net/ipv6/exthdrs.c +++ b/net/ipv6/exthdrs.c @@ -788,144 +788,6 @@ void ipv6_push_frag_opts(struct sk_buff *skb, struct ipv6_txoptions *opt, u8 *pr } EXPORT_SYMBOL(ipv6_push_frag_opts); -struct ipv6_txoptions * -ipv6_dup_options(struct sock *sk, struct ipv6_txoptions *opt) -{ - struct ipv6_txoptions *opt2; - - opt2 = sock_kmalloc(sk, opt->tot_len, GFP_ATOMIC); - if (opt2) { - long dif = (char *)opt2 - (char *)opt; - memcpy(opt2, opt, opt->tot_len); - if (opt2->hopopt) - *((char **)&opt2->hopopt) += dif; - if (opt2->dst0opt) - *((char **)&opt2->dst0opt) += dif; - if (opt2->dst1opt) - *((char **)&opt2->dst1opt) += dif; - if (opt2->srcrt) - *((char **)&opt2->srcrt) += dif; - refcount_set(&opt2->refcnt, 1); - } - return opt2; -} -EXPORT_SYMBOL_GPL(ipv6_dup_options); - -static void ipv6_renew_option(int renewtype, - struct ipv6_opt_hdr **dest, - struct ipv6_opt_hdr *old, - struct ipv6_opt_hdr *new, - int newtype, char **p) -{ - struct ipv6_opt_hdr *src; - - src = (renewtype == newtype ? new : old); - if (!src) - return; - - memcpy(*p, src, ipv6_optlen(src)); - *dest = (struct ipv6_opt_hdr *)*p; - *p += CMSG_ALIGN(ipv6_optlen(*dest)); -} - -/** - * ipv6_renew_options - replace a specific ext hdr with a new one. - * - * @sk: sock from which to allocate memory - * @opt: original options - * @newtype: option type to replace in @opt - * @newopt: new option of type @newtype to replace (user-mem) - * @newoptlen: length of @newopt - * - * Returns a new set of options which is a copy of @opt with the - * option type @newtype replaced with @newopt. - * - * @opt may be NULL, in which case a new set of options is returned - * containing just @newopt. - * - * @newopt may be NULL, in which case the specified option type is - * not copied into the new set of options. - * - * The new set of options is allocated from the socket option memory - * buffer of @sk. - */ -struct ipv6_txoptions * -ipv6_renew_options(struct sock *sk, struct ipv6_txoptions *opt, - int newtype, struct ipv6_opt_hdr *newopt) -{ - int tot_len = 0; - char *p; - struct ipv6_txoptions *opt2; - - if (opt) { - if (newtype != IPV6_HOPOPTS && opt->hopopt) - tot_len += CMSG_ALIGN(ipv6_optlen(opt->hopopt)); - if (newtype != IPV6_RTHDRDSTOPTS && opt->dst0opt) - tot_len += CMSG_ALIGN(ipv6_optlen(opt->dst0opt)); - if (newtype != IPV6_RTHDR && opt->srcrt) - tot_len += CMSG_ALIGN(ipv6_optlen(opt->srcrt)); - if (newtype != IPV6_DSTOPTS && opt->dst1opt) - tot_len += CMSG_ALIGN(ipv6_optlen(opt->dst1opt)); - } - - if (newopt) - tot_len += CMSG_ALIGN(ipv6_optlen(newopt)); - - if (!tot_len) - return NULL; - - tot_len += sizeof(*opt2); - opt2 = sock_kmalloc(sk, tot_len, GFP_ATOMIC); - if (!opt2) - return ERR_PTR(-ENOBUFS); - - memset(opt2, 0, tot_len); - refcount_set(&opt2->refcnt, 1); - opt2->tot_len = tot_len; - p = (char *)(opt2 + 1); - - ipv6_renew_option(IPV6_HOPOPTS, &opt2->hopopt, - (opt ? opt->hopopt : NULL), - newopt, newtype, &p); - ipv6_renew_option(IPV6_RTHDRDSTOPTS, &opt2->dst0opt, - (opt ? opt->dst0opt : NULL), - newopt, newtype, &p); - ipv6_renew_option(IPV6_RTHDR, - (struct ipv6_opt_hdr **)&opt2->srcrt, - (opt ? (struct ipv6_opt_hdr *)opt->srcrt : NULL), - newopt, newtype, &p); - ipv6_renew_option(IPV6_DSTOPTS, &opt2->dst1opt, - (opt ? opt->dst1opt : NULL), - newopt, newtype, &p); - - opt2->opt_nflen = (opt2->hopopt ? ipv6_optlen(opt2->hopopt) : 0) + - (opt2->dst0opt ? ipv6_optlen(opt2->dst0opt) : 0) + - (opt2->srcrt ? ipv6_optlen(opt2->srcrt) : 0); - opt2->opt_flen = (opt2->dst1opt ? ipv6_optlen(opt2->dst1opt) : 0); - - return opt2; -} - -struct ipv6_txoptions *ipv6_fixup_options(struct ipv6_txoptions *opt_space, - struct ipv6_txoptions *opt) -{ - /* - * ignore the dest before srcrt unless srcrt is being included. - * --yoshfuji - */ - if (opt && opt->dst0opt && !opt->srcrt) { - if (opt_space != opt) { - memcpy(opt_space, opt, sizeof(*opt_space)); - opt = opt_space; - } - opt->opt_nflen -= ipv6_optlen(opt->dst0opt); - opt->dst0opt = NULL; - } - - return opt; -} -EXPORT_SYMBOL_GPL(ipv6_fixup_options); - /** * fl6_update_dst - update flowi destination address with info given * by srcrt option, if any. diff --git a/net/ipv6/exthdrs_core.c b/net/ipv6/exthdrs_core.c index ae365df..119dfc2 100644 --- a/net/ipv6/exthdrs_core.c +++ b/net/ipv6/exthdrs_core.c @@ -279,3 +279,142 @@ int ipv6_find_hdr(const struct sk_buff *skb, unsigned int *offset, return nexthdr; } EXPORT_SYMBOL(ipv6_find_hdr); + +struct ipv6_txoptions * +ipv6_dup_options(struct sock *sk, struct ipv6_txoptions *opt) +{ + struct ipv6_txoptions *opt2; + + opt2 = sock_kmalloc(sk, opt->tot_len, GFP_ATOMIC); + if (opt2) { + long dif = (char *)opt2 - (char *)opt; + + memcpy(opt2, opt, opt->tot_len); + if (opt2->hopopt) + *((char **)&opt2->hopopt) += dif; + if (opt2->dst0opt) + *((char **)&opt2->dst0opt) += dif; + if (opt2->dst1opt) + *((char **)&opt2->dst1opt) += dif; + if (opt2->srcrt) + *((char **)&opt2->srcrt) += dif; + refcount_set(&opt2->refcnt, 1); + } + return opt2; +} +EXPORT_SYMBOL_GPL(ipv6_dup_options); + +static void ipv6_renew_option(int renewtype, + struct ipv6_opt_hdr **dest, + struct ipv6_opt_hdr *old, + struct ipv6_opt_hdr *new, + int newtype, char **p) +{ + struct ipv6_opt_hdr *src; + + src = (renewtype == newtype ? new : old); + if (!src) + return; + + memcpy(*p, src, ipv6_optlen(src)); + *dest = (struct ipv6_opt_hdr *)*p; + *p += CMSG_ALIGN(ipv6_optlen(*dest)); +} + +/** + * ipv6_renew_options - replace a specific ext hdr with a new one. + * + * @sk: sock from which to allocate memory + * @opt: original options + * @newtype: option type to replace in @opt + * @newopt: new option of type @newtype to replace (user-mem) + * @newoptlen: length of @newopt + * + * Returns a new set of options which is a copy of @opt with the + * option type @newtype replaced with @newopt. + * + * @opt may be NULL, in which case a new set of options is returned + * containing just @newopt. + * + * @newopt may be NULL, in which case the specified option type is + * not copied into the new set of options. + * + * The new set of options is allocated from the socket option memory + * buffer of @sk. + */ +struct ipv6_txoptions * +ipv6_renew_options(struct sock *sk, struct ipv6_txoptions *opt, + int newtype, struct ipv6_opt_hdr *newopt) +{ + int tot_len = 0; + char *p; + struct ipv6_txoptions *opt2; + + if (opt) { + if (newtype != IPV6_HOPOPTS && opt->hopopt) + tot_len += CMSG_ALIGN(ipv6_optlen(opt->hopopt)); + if (newtype != IPV6_RTHDRDSTOPTS && opt->dst0opt) + tot_len += CMSG_ALIGN(ipv6_optlen(opt->dst0opt)); + if (newtype != IPV6_RTHDR && opt->srcrt) + tot_len += CMSG_ALIGN(ipv6_optlen(opt->srcrt)); + if (newtype != IPV6_DSTOPTS && opt->dst1opt) + tot_len += CMSG_ALIGN(ipv6_optlen(opt->dst1opt)); + } + + if (newopt) + tot_len += CMSG_ALIGN(ipv6_optlen(newopt)); + + if (!tot_len) + return NULL; + + tot_len += sizeof(*opt2); + opt2 = sock_kmalloc(sk, tot_len, GFP_ATOMIC); + if (!opt2) + return ERR_PTR(-ENOBUFS); + + memset(opt2, 0, tot_len); + refcount_set(&opt2->refcnt, 1); + opt2->tot_len = tot_len; + p = (char *)(opt2 + 1); + + ipv6_renew_option(IPV6_HOPOPTS, &opt2->hopopt, + (opt ? opt->hopopt : NULL), + newopt, newtype, &p); + ipv6_renew_option(IPV6_RTHDRDSTOPTS, &opt2->dst0opt, + (opt ? opt->dst0opt : NULL), + newopt, newtype, &p); + ipv6_renew_option(IPV6_RTHDR, + (struct ipv6_opt_hdr **)&opt2->srcrt, + (opt ? (struct ipv6_opt_hdr *)opt->srcrt : NULL), + newopt, newtype, &p); + ipv6_renew_option(IPV6_DSTOPTS, &opt2->dst1opt, + (opt ? opt->dst1opt : NULL), + newopt, newtype, &p); + + opt2->opt_nflen = (opt2->hopopt ? ipv6_optlen(opt2->hopopt) : 0) + + (opt2->dst0opt ? ipv6_optlen(opt2->dst0opt) : 0) + + (opt2->srcrt ? ipv6_optlen(opt2->srcrt) : 0); + opt2->opt_flen = (opt2->dst1opt ? ipv6_optlen(opt2->dst1opt) : 0); + + return opt2; +} +EXPORT_SYMBOL(ipv6_renew_options); + +struct ipv6_txoptions *ipv6_fixup_options(struct ipv6_txoptions *opt_space, + struct ipv6_txoptions *opt) +{ + /* ignore the dest before srcrt unless srcrt is being included. + * --yoshfuji + */ + if (opt && opt->dst0opt && !opt->srcrt) { + if (opt_space != opt) { + memcpy(opt_space, opt, sizeof(*opt_space)); + opt = opt_space; + } + opt->opt_nflen -= ipv6_optlen(opt->dst0opt); + opt->dst0opt = NULL; + } + + return opt; +} +EXPORT_SYMBOL_GPL(ipv6_fixup_options); From patchwork Mon Apr 15 17:52:16 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Herbert X-Patchwork-Id: 1085854 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=herbertland.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=herbertland-com.20150623.gappssmtp.com header.i=@herbertland-com.20150623.gappssmtp.com header.b="WZtgSwX4"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 44jbgt3fBZz9s71 for ; Tue, 16 Apr 2019 03:52:58 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727753AbfDORw5 (ORCPT ); Mon, 15 Apr 2019 13:52:57 -0400 Received: from mail-pl1-f194.google.com ([209.85.214.194]:38767 "EHLO mail-pl1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727691AbfDORwz (ORCPT ); Mon, 15 Apr 2019 13:52:55 -0400 Received: by mail-pl1-f194.google.com with SMTP id f36so8942948plb.5 for ; Mon, 15 Apr 2019 10:52:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=saXVKYL9o8WFyFkFjV15f6EGlABvmjD7ESk09V1SVd8=; b=WZtgSwX4edQZ23kCPbAJMR1EpZgGWLRlUaPRyzdhtpjrw+izGVDSX0wSY7gl6fl5vR BM8qwHjqTgZyOVWkb/HMbTczNn4TFIIS6b0ZmjPtIgJpr5S1JHyt8TTzNwN2xC8sHTSF NgqPCprFVc/BSLrMBl/KDajCnzsdJrEjS+PRCO/s2rVqiMvfPPxLm97YeD1IOoC4uDhV ddcN1JfUYHeaELJLT/5rjNAEmXnj+EcjCxSjFuAbnA1woASVDGWLITy5cQcGSLC3uDBq cVaiKtN+/MwMMqUltWpK/epKBG2sH1YLyxYuUsAt5Vu3FUlxKloeL8ZNPnZQIor90ulT +qSg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=saXVKYL9o8WFyFkFjV15f6EGlABvmjD7ESk09V1SVd8=; b=S5Ya+iuDfr5l/a6gjfU6MjC0vypwENGGBWwaTZl3OEv9YbGZ/9Mw2vkDFR9ka0wWvA cTpormKky7Ur5+YnDFkkW/ArUqCV1pcHuyFbWv9XEGolgLb7DHwgHOHE4mTk8/KMpudq XNs6a39h1F7Z6C+KDNORWwg4qWjx/YgsmxRr79chrHme+drB7VuChyrCbiOeDtRXMko1 wduxQzJCLl63+VustelEo/Ldi7aZjdfBRsUv0cIwGs2ov2jDeQ0iyGNutx6opOQ7MJEL jM+HJlWlNTryLhlkcs6xnDd5XdqmHsdTLKHMSUBGu7kZLE2IeuBaOiaN92yb91ZZYkBS Azog== X-Gm-Message-State: APjAAAVDwHbQEvhzgnwJnMDfSF4LNhiZUR+Ca0TcOnwkkvlGpbjL7o3l ZFeitygUHVcg6niN0LJeXqc3OQ== X-Google-Smtp-Source: APXvYqzZGBdzV+kY1FqPgHiUxS3dIo+I6RWgcEVqzk3FO/NnO6sJH2n/Ie1kxeuALcm8wj6UOv8xnA== X-Received: by 2002:a17:902:110c:: with SMTP id d12mr49449165pla.47.1555350774634; Mon, 15 Apr 2019 10:52:54 -0700 (PDT) Received: from localhost.localdomain (c-73-223-249-119.hsd1.ca.comcast.net. [73.223.249.119]) by smtp.gmail.com with ESMTPSA id t24sm58751170pfe.110.2019.04.15.10.52.53 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 15 Apr 2019 10:52:54 -0700 (PDT) From: Tom Herbert X-Google-Original-From: Tom Herbert To: davem@davemloft.net, netdev@vger.kernel.org Cc: Tom Herbert Subject: [PATCH v3 net-next 3/7] ipv6: Consolidate option cases in ip6_datagram_send_ctl Date: Mon, 15 Apr 2019 10:52:16 -0700 Message-Id: <1555350740-23490-4-git-send-email-tom@quantonium.net> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1555350740-23490-1-git-send-email-tom@quantonium.net> References: <1555350740-23490-1-git-send-email-tom@quantonium.net> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Consolidate cases for IPV6_2292HOPOPTS, IPV6_HOPOPTS, IPV6_2292DSTOPTS, IPV6_DSTOPTS, and IPV6_RTHDRDSTOPTS. Most of the work and verifications are common for all these case, individual differences in processing can be implemented with an embedded switch statement. --- net/ipv6/datagram.c | 66 ++++++++++++++++++----------------------------------- 1 file changed, 22 insertions(+), 44 deletions(-) diff --git a/net/ipv6/datagram.c b/net/ipv6/datagram.c index ee4a4e5..f4742db 100644 --- a/net/ipv6/datagram.c +++ b/net/ipv6/datagram.c @@ -842,49 +842,7 @@ int ip6_datagram_send_ctl(struct net *net, struct sock *sk, case IPV6_2292HOPOPTS: case IPV6_HOPOPTS: - if (opt->hopopt || cmsg->cmsg_len < CMSG_LEN(sizeof(struct ipv6_opt_hdr))) { - err = -EINVAL; - goto exit_f; - } - - hdr = (struct ipv6_opt_hdr *)CMSG_DATA(cmsg); - len = ((hdr->hdrlen + 1) << 3); - if (cmsg->cmsg_len < CMSG_LEN(len)) { - err = -EINVAL; - goto exit_f; - } - if (!ns_capable(net->user_ns, CAP_NET_RAW)) { - err = -EPERM; - goto exit_f; - } - opt->opt_nflen += len; - opt->hopopt = hdr; - break; - case IPV6_2292DSTOPTS: - if (cmsg->cmsg_len < CMSG_LEN(sizeof(struct ipv6_opt_hdr))) { - err = -EINVAL; - goto exit_f; - } - - hdr = (struct ipv6_opt_hdr *)CMSG_DATA(cmsg); - len = ((hdr->hdrlen + 1) << 3); - if (cmsg->cmsg_len < CMSG_LEN(len)) { - err = -EINVAL; - goto exit_f; - } - if (!ns_capable(net->user_ns, CAP_NET_RAW)) { - err = -EPERM; - goto exit_f; - } - if (opt->dst1opt) { - err = -EINVAL; - goto exit_f; - } - opt->opt_flen += len; - opt->dst1opt = hdr; - break; - case IPV6_DSTOPTS: case IPV6_RTHDRDSTOPTS: if (cmsg->cmsg_len < CMSG_LEN(sizeof(struct ipv6_opt_hdr))) { @@ -902,13 +860,33 @@ int ip6_datagram_send_ctl(struct net *net, struct sock *sk, err = -EPERM; goto exit_f; } - if (cmsg->cmsg_type == IPV6_DSTOPTS) { + + switch (cmsg->cmsg_type) { + case IPV6_2292HOPOPTS: + case IPV6_HOPOPTS: + if (opt->hopopt) { + err = -EINVAL; + goto exit_f; + } + opt->opt_nflen += len; + opt->hopopt = hdr; + break; + case IPV6_2292DSTOPTS: + if (opt->dst1opt) { + err = -EINVAL; + goto exit_f; + } + /* Fallthrough */ + case IPV6_DSTOPTS: opt->opt_flen += len; opt->dst1opt = hdr; - } else { + break; + case IPV6_RTHDRDSTOPTS: opt->opt_nflen += len; opt->dst0opt = hdr; + break; } + break; case IPV6_2292RTHDR: From patchwork Mon Apr 15 17:52:17 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Herbert X-Patchwork-Id: 1085859 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=herbertland.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=herbertland-com.20150623.gappssmtp.com header.i=@herbertland-com.20150623.gappssmtp.com header.b="j8dZtXrK"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 44jbh72CDnz9s71 for ; Tue, 16 Apr 2019 03:53:11 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727881AbfDORxK (ORCPT ); Mon, 15 Apr 2019 13:53:10 -0400 Received: from mail-pg1-f193.google.com ([209.85.215.193]:46698 "EHLO mail-pg1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727687AbfDORw5 (ORCPT ); Mon, 15 Apr 2019 13:52:57 -0400 Received: by mail-pg1-f193.google.com with SMTP id q1so8925628pgv.13 for ; Mon, 15 Apr 2019 10:52:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=SZAl5/S4yesSjColTgQw5pwuF2PghQrJxGjFnOMcO5E=; b=j8dZtXrKe5gT9M0ExsE3GDiPKGUUrxE3KceVVPdirfbUvg6KRcp3QDVTyRGUdQyv/L G4FjoqATZ0sgeY/EXRoAUKutnzr2jQ9IPvaLV6vOC3JMT0OdCQvqBWv/8RnVhyIfshjy KnDsw7PTQdB/Kd0VjPiHCz32f3Y/ma0dS09y4WNuwVbDDe5PgmQ9ircbw7rTDRLAeY0G Xq+m8OfbrGFvheT7I/IehxeX6U5iRVhjpGmLUwqhnxABrsOLDDSOPcyd1sVPCfXS6Via Na1CNws9F1VURE8NELqs9gemTNfKPBCzbf5shPgjuv9jzl335MtMyK6aRq6x4lKMpy2k h6mQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=SZAl5/S4yesSjColTgQw5pwuF2PghQrJxGjFnOMcO5E=; b=hRdV64MfKfEsvdI59GMsCOXZqUWv5LJZ3wUe09LxVw4Kn1u48thtCkgBL8RajG9Nm2 jOZ28abQD6YGvb68cyAAbwvQmzsvZOzaVU46l3W8/+Ur1bPbU9vhadmBaMofEQjtVWdD goCitbjn1LkqdXHfbT+y/Zd0buNpeHqL2c6lTA3tThjZy1xnuXgGP5Mz4U1HM08ZnhK1 YOfFsMSfyzqf4XQavntjcO6SIcBICaFgZRz3ulckDrJjlB7kcGQFIgjjfTKpqO4pDFXp +YQ9IjhFOFzfgZFeyq61ZICDvXsa+A0dOvyACxEi8FyZo1+cJPLYuBmVkWxCkrhFtx8g oQDw== X-Gm-Message-State: APjAAAWJSlWxArrzo8lVaSJbcClNJmeHp3EVrqXNpSb8YpFonlEQGLxl i/xEjEaPlMnC3GrwCeIMnWLY1O8KtHg= X-Google-Smtp-Source: APXvYqzyoTfjuvHWQ5q6KGpUTub8Zyj+N+N8iyy8YlQhZjhBoLBh54DA4YUCLDGJnlhK5PtGf4CAvw== X-Received: by 2002:a63:dc50:: with SMTP id f16mr71155856pgj.396.1555350776080; Mon, 15 Apr 2019 10:52:56 -0700 (PDT) Received: from localhost.localdomain (c-73-223-249-119.hsd1.ca.comcast.net. [73.223.249.119]) by smtp.gmail.com with ESMTPSA id t24sm58751170pfe.110.2019.04.15.10.52.55 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 15 Apr 2019 10:52:55 -0700 (PDT) From: Tom Herbert X-Google-Original-From: Tom Herbert To: davem@davemloft.net, netdev@vger.kernel.org Cc: Tom Herbert Subject: [PATCH v3 net-next 4/7] exthdrs: Registration of TLV handlers and parameters Date: Mon, 15 Apr 2019 10:52:17 -0700 Message-Id: <1555350740-23490-5-git-send-email-tom@quantonium.net> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1555350740-23490-1-git-send-email-tom@quantonium.net> References: <1555350740-23490-1-git-send-email-tom@quantonium.net> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Create a single TLV parameter table that holds meta information for IPv6 Hop-by-Hop and Destination TLVs. The data structure is composed of a 256 element array of u8's (one entry for each TLV type to allow O(1) lookup). Each entry provides an offset into an array of TLV proc data structures which follows the array of u8s. The TLV proc data structure contains parameters and handler functions for receiving and transmitting TLVs. The zeroth element in the TLV proc array provides default parameters for TLVs. A class attribute indicates the type of extension header in which the TLV may be used (e.g. Hop-by-Hop options, Destination options, or Destination options before the routing header). Functions are defined to manipulate entries in the TLV parameter table. * tlv_{set|unset}_proc set a TLV proc entry (ops and parameters) * tlv_{set|unset}_params set parameters only Receive TLV lookup and processing is modified to be a lookup in the TLV parameter table. An init table containing parameters for TLVs supported by the kernel is used to initialize the TLV table. --- include/net/ipv6.h | 57 ++++++++- include/uapi/linux/in6.h | 10 ++ net/ipv6/exthdrs.c | 46 ++++---- net/ipv6/exthdrs_core.c | 279 +++++++++++++++++++++++++++++++++++++++++++++ net/ipv6/exthdrs_options.c | 64 +++++++---- 5 files changed, 409 insertions(+), 47 deletions(-) diff --git a/include/net/ipv6.h b/include/net/ipv6.h index e36c2c1..41da032 100644 --- a/include/net/ipv6.h +++ b/include/net/ipv6.h @@ -386,13 +386,60 @@ struct ipv6_txoptions *ipv6_fixup_options(struct ipv6_txoptions *opt_space, * and false, if it failed. * It MUST NOT touch skb->h. */ -struct tlvtype_proc { - int type; - bool (*func)(struct sk_buff *skb, int offset); +struct tlv_ops { + bool (*func)(unsigned int class, struct sk_buff *skb, int offset); }; -extern const struct tlvtype_proc tlvprocdestopt_lst[]; -extern const struct tlvtype_proc tlvprochopopt_lst[]; +struct tlv_params { + unsigned char rx_class : 3; +}; + +struct tlv_proc { + struct tlv_ops ops; + struct tlv_params params; +}; + +struct tlv_proc_init { + int type; + struct tlv_proc proc; +}; + +struct tlv_param_table_data { + unsigned char entries[256]; + unsigned char count; + struct rcu_head rcu; + struct tlv_proc procs[0]; +}; + +struct tlv_param_table { + struct tlv_param_table_data __rcu *data; +}; + +extern struct tlv_param_table ipv6_tlv_param_table; + +int tlv_set_proc(struct tlv_param_table *tlv_param_table, + unsigned char type, const struct tlv_proc *proc); +int tlv_unset_proc(struct tlv_param_table *tlv_param_table, unsigned char type); +int tlv_set_params(struct tlv_param_table *tlv_param_table, + unsigned char type, const struct tlv_params *params); +int tlv_unset_params(struct tlv_param_table *tlv_param_table, + unsigned char type); + +int exthdrs_init(struct tlv_param_table *tlv_param_table, + const struct tlv_proc_init *init_params, + int num_init_params); +void exthdrs_fini(struct tlv_param_table *tlv_param_table); + +/* tlv_get_proc assumes rcu_read_lock is held */ +static inline struct tlv_proc *tlv_get_proc( + struct tlv_param_table *tlv_param_table, + unsigned int type) +{ + struct tlv_param_table_data *tpt = + rcu_dereference(tlv_param_table->data); + + return &tpt->procs[tpt->entries[type]]; +} bool ipv6_opt_accepted(const struct sock *sk, const struct sk_buff *skb, const struct inet6_skb_parm *opt); diff --git a/include/uapi/linux/in6.h b/include/uapi/linux/in6.h index 9f2273a..8b9ac7f 100644 --- a/include/uapi/linux/in6.h +++ b/include/uapi/linux/in6.h @@ -297,4 +297,14 @@ struct in6_flowlabel_req { * ... * MRT6_MAX */ + +/* Flags for EH type that can use a TLV option */ +#define IPV6_TLV_CLASS_FLAG_HOPOPT BIT(0) +#define IPV6_TLV_CLASS_FLAG_RTRDSTOPT BIT(1) +#define IPV6_TLV_CLASS_FLAG_DSTOPT BIT(2) +#define IPV6_TLV_CLASS_MAX ((1 << 3) - 1) + +#define IPV6_TLV_CLASS_ANY_DSTOPT (IPV6_TLV_CLASS_FLAG_RTRDSTOPT | \ + IPV6_TLV_CLASS_FLAG_DSTOPT) + #endif /* _UAPI_LINUX_IN6_H */ diff --git a/net/ipv6/exthdrs.c b/net/ipv6/exthdrs.c index 6dbacf1..b28c108 100644 --- a/net/ipv6/exthdrs.c +++ b/net/ipv6/exthdrs.c @@ -100,15 +100,14 @@ static bool ip6_tlvopt_unknown(struct sk_buff *skb, int optoff, /* Parse tlv encoded option header (hop-by-hop or destination) */ -static bool ip6_parse_tlv(const struct tlvtype_proc *procs, - struct sk_buff *skb, +static bool ip6_parse_tlv(unsigned int class, struct sk_buff *skb, int max_count) { int len = (skb_transport_header(skb)[1] + 1) << 3; const unsigned char *nh = skb_network_header(skb); int off = skb_network_header_len(skb); - const struct tlvtype_proc *curr; bool disallow_unknowns = false; + const struct tlv_proc *curr; int tlv_count = 0; int padlen = 0; @@ -117,12 +116,16 @@ static bool ip6_parse_tlv(const struct tlvtype_proc *procs, max_count = -max_count; } - if (skb_transport_offset(skb) + len > skb_headlen(skb)) - goto bad; + if (skb_transport_offset(skb) + len > skb_headlen(skb)) { + kfree_skb(skb); + return false; + } off += 2; len -= 2; + rcu_read_lock(); + while (len > 0) { int optlen = nh[off + 1] + 2; int i; @@ -162,19 +165,18 @@ static bool ip6_parse_tlv(const struct tlvtype_proc *procs, if (tlv_count > max_count) goto bad; - for (curr = procs; curr->type >= 0; curr++) { - if (curr->type == nh[off]) { - /* type specific length/alignment - checks will be performed in the - func(). */ - if (curr->func(skb, off) == false) - return false; - break; - } + curr = tlv_get_proc(&ipv6_tlv_param_table, nh[off]); + if ((curr->params.rx_class & class) && curr->ops.func) { + /* Handler will apply additional checks to + * the TLV + */ + if (!curr->ops.func(class, skb, off)) + goto bad_nofree; + } else if (!ip6_tlvopt_unknown(skb, off, + disallow_unknowns)) { + /* No appropriate handler, TLV is unknown */ + goto bad_nofree; } - if (curr->type < 0 && - !ip6_tlvopt_unknown(skb, off, disallow_unknowns)) - return false; padlen = 0; break; @@ -183,10 +185,14 @@ static bool ip6_parse_tlv(const struct tlvtype_proc *procs, len -= optlen; } - if (len == 0) + if (len == 0) { + rcu_read_unlock(); return true; + } bad: kfree_skb(skb); +bad_nofree: + rcu_read_unlock(); return false; } @@ -220,7 +226,7 @@ static int ipv6_destopt_rcv(struct sk_buff *skb) dstbuf = opt->dst1; #endif - if (ip6_parse_tlv(tlvprocdestopt_lst, skb, + if (ip6_parse_tlv(IPV6_TLV_CLASS_FLAG_DSTOPT, skb, init_net.ipv6.sysctl.max_dst_opts_cnt)) { skb->transport_header += extlen; opt = IP6CB(skb); @@ -643,7 +649,7 @@ int ipv6_parse_hopopts(struct sk_buff *skb) goto fail_and_free; opt->flags |= IP6SKB_HOPBYHOP; - if (ip6_parse_tlv(tlvprochopopt_lst, skb, + if (ip6_parse_tlv(IPV6_TLV_CLASS_FLAG_HOPOPT, skb, init_net.ipv6.sysctl.max_hbh_opts_cnt)) { skb->transport_header += extlen; opt = IP6CB(skb); diff --git a/net/ipv6/exthdrs_core.c b/net/ipv6/exthdrs_core.c index 119dfc2..def52b5 100644 --- a/net/ipv6/exthdrs_core.c +++ b/net/ipv6/exthdrs_core.c @@ -418,3 +418,282 @@ struct ipv6_txoptions *ipv6_fixup_options(struct ipv6_txoptions *opt_space, return opt; } EXPORT_SYMBOL_GPL(ipv6_fixup_options); + +/* TLV parameter table functions and structures */ + +static void tlv_param_table_release(struct rcu_head *rcu) +{ + struct tlv_param_table_data *tpt = + container_of(rcu, struct tlv_param_table_data, rcu); + + kvfree(tpt); +} + +/* Default (unset) values for TLV parameters */ +static const struct tlv_proc tlv_default_proc = { + .params.rx_class = 0, +}; + +static size_t tlv_param_table_size(unsigned char count) +{ + return sizeof(struct tlv_param_table_data) + + (count * sizeof(struct tlv_proc)); +} + +static DEFINE_MUTEX(tlv_mutex); + +/* mutex held */ +static int __tlv_set_proc(struct tlv_param_table *tlv_param_table, + unsigned char type, const struct tlv_ops *ops, + const struct tlv_params *params) +{ + struct tlv_param_table_data *tpt, *old; + struct tlv_proc *tproc; + unsigned char count, pos; + + old = rcu_dereference_protected(tlv_param_table->data, + lockdep_is_held(&tlv_mutex)); + + if (old->entries[type]) { + /* Type is already set, modifying entry */ + pos = old->entries[type]; + count = old->count; + + /* If ops is not provided, take them from existing proc */ + if (!ops) + ops = &old->procs[pos].ops; + } else { + /* Type entry unset, need to create new entry */ + pos = old->count; + count = pos + 1; + } + + tpt = kvmalloc(tlv_param_table_size(count), GFP_KERNEL); + if (!tpt) + return -ENOMEM; + + memcpy(tpt, old, tlv_param_table_size(old->count)); + + tproc = &tpt->procs[pos]; + tproc->params = *params; + tproc->ops = ops ? *ops : tlv_default_proc.ops; + + tpt->entries[type] = pos; + tpt->count = count; + + rcu_assign_pointer(tlv_param_table->data, tpt); + + call_rcu(&old->rcu, tlv_param_table_release); + + return 0; +} + +/* mutex held */ +static int __tlv_unset_proc(struct tlv_param_table *tlv_param_table, + unsigned char type) +{ + struct tlv_param_table_data *tpt, *old; + unsigned char pos; + int i; + + old = rcu_dereference_protected(tlv_param_table->data, + lockdep_is_held(&tlv_mutex)); + + if (!old->entries[type]) { + /* Type entry already unset, nothing to do */ + return 0; + } + + tpt = kvmalloc(tlv_param_table_size(old->count - 1), GFP_KERNEL); + if (!tpt) + return -ENOMEM; + + pos = old->entries[type]; + + memcpy(tpt->procs, old->procs, pos * sizeof(struct tlv_proc)); + memcpy(&tpt->procs[pos], &old->procs[pos + 1], + (old->count - pos - 1) * sizeof(struct tlv_proc)); + + for (i = 0; i < 256; i++) { + if (old->entries[i] > pos) + tpt->entries[i] = old->entries[i] - 1; + else + tpt->entries[i] = old->entries[i]; + } + + /* Clear entry for type being unset (point to default params) */ + tpt->entries[type] = 0; + + tpt->count = old->count - 1; + + rcu_assign_pointer(tlv_param_table->data, tpt); + + call_rcu(&old->rcu, tlv_param_table_release); + + return 0; +} + +static void __tlv_destroy_param_table(struct tlv_param_table *tlv_param_table) +{ + struct tlv_param_table_data *tpt; + + mutex_lock(&tlv_mutex); + + tpt = rcu_dereference_protected(tlv_param_table->data, + lockdep_is_held(&tlv_mutex)); + if (tpt) { + rcu_assign_pointer(tlv_param_table->data, NULL); + call_rcu(&tpt->rcu, tlv_param_table_release); + } + + mutex_unlock(&tlv_mutex); +} + +int tlv_set_proc(struct tlv_param_table *tlv_param_table, unsigned char type, + const struct tlv_proc *proc) +{ + int ret; + + if (type < 2) + return -EINVAL; + + mutex_lock(&tlv_mutex); + ret = __tlv_set_proc(tlv_param_table, type, &proc->ops, + &proc->params); + mutex_unlock(&tlv_mutex); + + return ret; +} +EXPORT_SYMBOL(tlv_set_proc); + +int tlv_unset_proc(struct tlv_param_table *tlv_param_table, + unsigned char type) +{ + int ret; + + if (type < 2) + return -EINVAL; + + mutex_lock(&tlv_mutex); + ret = __tlv_unset_proc(tlv_param_table, type); + mutex_unlock(&tlv_mutex); + + return ret; +} +EXPORT_SYMBOL(tlv_unset_proc); + +int tlv_set_params(struct tlv_param_table *tlv_param_table, + unsigned char type, const struct tlv_params *params) +{ + int ret; + + if (type < 2) + return -EINVAL; + + mutex_lock(&tlv_mutex); + ret = __tlv_set_proc(tlv_param_table, type, NULL, params); + mutex_unlock(&tlv_mutex); + + return ret; +} +EXPORT_SYMBOL(tlv_set_params); + +/* tlv_internal_proc_type is used to check it the TLV proc was set + * internally. This is deduced by checking if any operations are + * defined. + */ +static bool tlv_internal_proc_type(struct tlv_proc *proc) +{ + return !!proc->ops.func; +} + +int tlv_unset_params(struct tlv_param_table *tlv_param_table, + unsigned char type) +{ + struct tlv_param_table_data *tpt; + struct tlv_proc *proc; + int entry, ret = 0; + + mutex_lock(&tlv_mutex); + + tpt = rcu_dereference_protected(tlv_param_table->data, + lockdep_is_held(&tlv_mutex)); + if (!tpt) + goto out; + + entry = tpt->entries[type]; + if (!entry) { + /* Entry is already unset */ + goto out; + } + + proc = &tpt->procs[entry]; + + if (tlv_internal_proc_type(proc)) { + /* TLV was set by internal source, so maintain + * the non-parameter fields (i.e. the operations). + */ + ret = __tlv_set_proc(tlv_param_table, type, &proc->ops, + &tlv_default_proc.params); + } else { + ret = __tlv_unset_proc(tlv_param_table, type); + } + +out: + mutex_unlock(&tlv_mutex); + + return ret; +} +EXPORT_SYMBOL(tlv_unset_params); + +int exthdrs_init(struct tlv_param_table *tlv_param_table, + const struct tlv_proc_init *tlv_init_params, + int num_init_params) +{ + struct tlv_param_table_data *tpt; + size_t tsize; + int i; + + tsize = tlv_param_table_size(num_init_params + 1); + + tpt = kvmalloc(tsize, GFP_KERNEL); + if (!tpt) + return -ENOMEM; + + memset(tpt, 0, tsize); + + /* Zeroth TLV proc entry is default */ + tpt->procs[0] = tlv_default_proc; + + for (i = 0; i < num_init_params; i++) { + const struct tlv_proc_init *tpi = &tlv_init_params[i]; + struct tlv_proc *tp = &tpt->procs[i + 1]; + + if (WARN_ON(tpi->type < 2)) { + /* Padding TLV initialized? */ + kvfree(tpt); + return -EINVAL; + } + if (WARN_ON(tpt->entries[tpi->type])) { + /* TLV type already set */ + kvfree(tpt); + return -EINVAL; + } + + *tp = tpi->proc; + tpt->entries[tpi->type] = i + 1; + } + + tpt->count = num_init_params + 1; + + RCU_INIT_POINTER(tlv_param_table->data, tpt); + + return 0; +} +EXPORT_SYMBOL(exthdrs_init); + +void exthdrs_fini(struct tlv_param_table *tlv_param_table) +{ + __tlv_destroy_param_table(tlv_param_table); +} +EXPORT_SYMBOL(exthdrs_fini); diff --git a/net/ipv6/exthdrs_options.c b/net/ipv6/exthdrs_options.c index 032e072..02d12c5 100644 --- a/net/ipv6/exthdrs_options.c +++ b/net/ipv6/exthdrs_options.c @@ -15,7 +15,7 @@ /* Destination options header */ #if IS_ENABLED(CONFIG_IPV6_MIP6) -static bool ipv6_dest_hao(struct sk_buff *skb, int optoff) +static bool ipv6_dest_hao(unsigned int class, struct sk_buff *skb, int optoff) { struct ipv6_destopt_hao *hao; struct inet6_skb_parm *opt = IP6CB(skb); @@ -74,16 +74,6 @@ static bool ipv6_dest_hao(struct sk_buff *skb, int optoff) } #endif -const struct tlvtype_proc tlvprocdestopt_lst[] = { -#if IS_ENABLED(CONFIG_IPV6_MIP6) - { - .type = IPV6_TLV_HAO, - .func = ipv6_dest_hao, - }, -#endif - {-1, NULL} -}; - /* Hop-by-hop options */ /* Note: we cannot rely on skb_dst(skb) before we assign it in @@ -102,7 +92,7 @@ static inline struct net *ipv6_skb_net(struct sk_buff *skb) /* Router Alert as of RFC 2711 */ -static bool ipv6_hop_ra(struct sk_buff *skb, int optoff) +static bool ipv6_hop_ra(unsigned int class, struct sk_buff *skb, int optoff) { const unsigned char *nh = skb_network_header(skb); @@ -120,7 +110,7 @@ static bool ipv6_hop_ra(struct sk_buff *skb, int optoff) /* Jumbo payload */ -static bool ipv6_hop_jumbo(struct sk_buff *skb, int optoff) +static bool ipv6_hop_jumbo(unsigned int class, struct sk_buff *skb, int optoff) { const unsigned char *nh = skb_network_header(skb); struct inet6_dev *idev = __in6_dev_get_safely(skb->dev); @@ -164,7 +154,8 @@ static bool ipv6_hop_jumbo(struct sk_buff *skb, int optoff) /* CALIPSO RFC 5570 */ -static bool ipv6_hop_calipso(struct sk_buff *skb, int optoff) +static bool ipv6_hop_calipso(unsigned int class, struct sk_buff *skb, + int optoff) { const unsigned char *nh = skb_network_header(skb); @@ -184,18 +175,47 @@ static bool ipv6_hop_calipso(struct sk_buff *skb, int optoff) return false; } -const struct tlvtype_proc tlvprochopopt_lst[] = { +static const struct tlv_proc_init tlv_init_params[] __initconst = { +#if IS_ENABLED(CONFIG_IPV6_MIP6) { - .type = IPV6_TLV_ROUTERALERT, - .func = ipv6_hop_ra, + .type = IPV6_TLV_HAO, + + .proc.ops.func = ipv6_dest_hao, + .proc.params.rx_class = IPV6_TLV_CLASS_FLAG_DSTOPT, }, +#endif { - .type = IPV6_TLV_JUMBO, - .func = ipv6_hop_jumbo, + .type = IPV6_TLV_ROUTERALERT, + + .proc.ops.func = ipv6_hop_ra, + .proc.params.rx_class = IPV6_TLV_CLASS_FLAG_HOPOPT, }, { - .type = IPV6_TLV_CALIPSO, - .func = ipv6_hop_calipso, + .type = IPV6_TLV_JUMBO, + + .proc.ops.func = ipv6_hop_jumbo, + .proc.params.rx_class = IPV6_TLV_CLASS_FLAG_HOPOPT, + }, + { + .type = IPV6_TLV_CALIPSO, + + .proc.ops.func = ipv6_hop_calipso, + .proc.params.rx_class = IPV6_TLV_CLASS_FLAG_HOPOPT, }, - { -1, } }; + +struct tlv_param_table __rcu ipv6_tlv_param_table; +EXPORT_SYMBOL(ipv6_tlv_param_table); + +static int __init ipv6_exthdrs_init(void) +{ + return exthdrs_init(&ipv6_tlv_param_table, tlv_init_params, + ARRAY_SIZE(tlv_init_params)); +} +module_init(ipv6_exthdrs_init); + +static void __exit ipv6_exthdrs_fini(void) +{ + exthdrs_fini(&ipv6_tlv_param_table); +} +module_exit(ipv6_exthdrs_fini); From patchwork Mon Apr 15 17:52:18 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Herbert X-Patchwork-Id: 1085855 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=herbertland.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=herbertland-com.20150623.gappssmtp.com header.i=@herbertland-com.20150623.gappssmtp.com header.b="VYgLlh18"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 44jbgx3tTqz9s71 for ; Tue, 16 Apr 2019 03:53:01 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727796AbfDORxA (ORCPT ); Mon, 15 Apr 2019 13:53:00 -0400 Received: from mail-pg1-f196.google.com ([209.85.215.196]:34109 "EHLO mail-pg1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727691AbfDORw6 (ORCPT ); Mon, 15 Apr 2019 13:52:58 -0400 Received: by mail-pg1-f196.google.com with SMTP id v12so8958004pgq.1 for ; Mon, 15 Apr 2019 10:52:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=KhQ84OjfFlyfUwhWf9s/hx3t2v0v8hYe7M26CMclbAY=; b=VYgLlh184/Bf9zjKAiGncCVuC3k3kSNoXoav6H7m6aoVtpY36dOVL5NqiP3NalIhTA dN6mCnnFiLXZlpAlwXdGBOLUua1VuP59pRVt0+NHTy7xqtmlifn2XvfWOWcb8soKhERk Addttz1ixHQX6h1NSpV/kB5hNX1y10yo4kmD9Zne3xYlIS01HYcLAlqi9HFlAs7g2Tyr wpTRKjPTK0DDaXAmc/rzv5C9+8wxeaGxLI42TjG4ChKoH2vHY8negIEDVpxuS+zk/Quy riBwrgpsX5Jc2KY02TBySHFG+SHolmV2NiVAmJBCW0zzG9C47TfC+HuBnovy0e1UT1qj hpdg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=KhQ84OjfFlyfUwhWf9s/hx3t2v0v8hYe7M26CMclbAY=; b=BR3dkqvF0ugCHxi6O+OKBdVn971YF0L/3xVLxijEMyJAvytTVVQMve2cQ1SLl+VAut J9cPFTWomtbJJ1RdKGUHiA9+lRNVOvo/bLOB66dGTtLD6NxfMGpNEku9+I2bmbeDD2ZN Q1UW2V8k4WQ5KEnLxQbuAtXzsHeDd+pPcAw6qYTvuldc3laYjxNuuScM3wQ/tbW4p8dz 09Wuh+sxiozBBcQGs1fCUyqOsNFnZC7Rv8UnUedJtOFohAvEVLnMda6zB3/DnGZ56ng2 bWgwbAaKA39U3/4yKwJUDHElAeYvNdZ2bRHA36PYbs3dmYccVcXrit7YPFfGkHjPZO0Q REEA== X-Gm-Message-State: APjAAAUSyOqG1RdLOamRB6dnJgtESlGyZIPL/gkn0swSQJnnp4jKDs/F k/BIkIZ79g2zYxycq3OCQG2f+A== X-Google-Smtp-Source: APXvYqzol+oh/lcydSvmsj6/cg0LD437RbqqXac3vFykJSnJKe567CcoxmzBd03AxIf54sQGytNHtQ== X-Received: by 2002:a63:7843:: with SMTP id t64mr53223940pgc.130.1555350777758; Mon, 15 Apr 2019 10:52:57 -0700 (PDT) Received: from localhost.localdomain (c-73-223-249-119.hsd1.ca.comcast.net. [73.223.249.119]) by smtp.gmail.com with ESMTPSA id t24sm58751170pfe.110.2019.04.15.10.52.56 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 15 Apr 2019 10:52:57 -0700 (PDT) From: Tom Herbert X-Google-Original-From: Tom Herbert To: davem@davemloft.net, netdev@vger.kernel.org Cc: Tom Herbert Subject: [PATCH v3 net-next 5/7] exthdrs: Add TX parameters Date: Mon, 15 Apr 2019 10:52:18 -0700 Message-Id: <1555350740-23490-6-git-send-email-tom@quantonium.net> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1555350740-23490-1-git-send-email-tom@quantonium.net> References: <1555350740-23490-1-git-send-email-tom@quantonium.net> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Define a number of transmit parameters for TLV Parameter table definitions. These will be used for validating TLVs that are set on a socket. --- include/net/ipv6.h | 26 ++++++++++++++++++++- include/uapi/linux/in6.h | 8 +++++++ net/ipv6/exthdrs.c | 2 +- net/ipv6/exthdrs_core.c | 22 +++++++++++++++++- net/ipv6/exthdrs_options.c | 57 ++++++++++++++++++++++++++++++++++++++++++---- 5 files changed, 108 insertions(+), 7 deletions(-) diff --git a/include/net/ipv6.h b/include/net/ipv6.h index 41da032..9b25d08 100644 --- a/include/net/ipv6.h +++ b/include/net/ipv6.h @@ -390,8 +390,26 @@ struct tlv_ops { bool (*func)(unsigned int class, struct sk_buff *skb, int offset); }; +struct tlv_rx_params { + unsigned char class : 3; +}; + +struct tlv_tx_params { + unsigned char admin_perm : 2; + unsigned char user_perm : 2; + unsigned char class : 3; + unsigned char align_mult : 4; + unsigned char align_off : 4; + unsigned char data_len_mult : 4; + unsigned char data_len_off : 4; + unsigned char min_data_len; + unsigned char max_data_len; + unsigned char preferred_order; +}; + struct tlv_params { - unsigned char rx_class : 3; + struct tlv_rx_params r; + struct tlv_tx_params t; }; struct tlv_proc { @@ -417,6 +435,12 @@ struct tlv_param_table { extern struct tlv_param_table ipv6_tlv_param_table; +/* Preferred TLV ordering (placed by increasing order) */ +#define TLV_PREF_ORDER_HAO 10 +#define TLV_PREF_ORDER_ROUTERALERT 20 +#define TLV_PREF_ORDER_JUMBO 30 +#define TLV_PREF_ORDER_CALIPSO 40 + int tlv_set_proc(struct tlv_param_table *tlv_param_table, unsigned char type, const struct tlv_proc *proc); int tlv_unset_proc(struct tlv_param_table *tlv_param_table, unsigned char type); diff --git a/include/uapi/linux/in6.h b/include/uapi/linux/in6.h index 8b9ac7f..6a99ee1 100644 --- a/include/uapi/linux/in6.h +++ b/include/uapi/linux/in6.h @@ -307,4 +307,12 @@ struct in6_flowlabel_req { #define IPV6_TLV_CLASS_ANY_DSTOPT (IPV6_TLV_CLASS_FLAG_RTRDSTOPT | \ IPV6_TLV_CLASS_FLAG_DSTOPT) +/* TLV permissions values */ +enum { + IPV6_TLV_PERM_NONE, + IPV6_TLV_PERM_WITH_CHECK, + IPV6_TLV_PERM_NO_CHECK, + IPV6_TLV_PERM_MAX = IPV6_TLV_PERM_NO_CHECK +}; + #endif /* _UAPI_LINUX_IN6_H */ diff --git a/net/ipv6/exthdrs.c b/net/ipv6/exthdrs.c index b28c108..520c2eb 100644 --- a/net/ipv6/exthdrs.c +++ b/net/ipv6/exthdrs.c @@ -166,7 +166,7 @@ static bool ip6_parse_tlv(unsigned int class, struct sk_buff *skb, goto bad; curr = tlv_get_proc(&ipv6_tlv_param_table, nh[off]); - if ((curr->params.rx_class & class) && curr->ops.func) { + if ((curr->params.r.class & class) && curr->ops.func) { /* Handler will apply additional checks to * the TLV */ diff --git a/net/ipv6/exthdrs_core.c b/net/ipv6/exthdrs_core.c index def52b5..53e92fd 100644 --- a/net/ipv6/exthdrs_core.c +++ b/net/ipv6/exthdrs_core.c @@ -431,7 +431,18 @@ static void tlv_param_table_release(struct rcu_head *rcu) /* Default (unset) values for TLV parameters */ static const struct tlv_proc tlv_default_proc = { - .params.rx_class = 0, + .params.r.class = 0, + + .params.t.preferred_order = 0, + .params.t.admin_perm = IPV6_TLV_PERM_NO_CHECK, + .params.t.user_perm = IPV6_TLV_PERM_NONE, + .params.t.class = 0, + .params.t.align_mult = (4 - 1), /* Default alignment: 4n + 2 */ + .params.t.align_off = 2, + .params.t.min_data_len = 0, + .params.t.max_data_len = 255, + .params.t.data_len_mult = (1 - 1), /* No default length align */ + .params.t.data_len_off = 0, }; static size_t tlv_param_table_size(unsigned char count) @@ -650,10 +661,13 @@ int exthdrs_init(struct tlv_param_table *tlv_param_table, const struct tlv_proc_init *tlv_init_params, int num_init_params) { + unsigned long check_map[BITS_TO_LONGS(256)]; struct tlv_param_table_data *tpt; size_t tsize; int i; + memset(check_map, 0, sizeof(check_map)); + tsize = tlv_param_table_size(num_init_params + 1); tpt = kvmalloc(tsize, GFP_KERNEL); @@ -667,6 +681,7 @@ int exthdrs_init(struct tlv_param_table *tlv_param_table, for (i = 0; i < num_init_params; i++) { const struct tlv_proc_init *tpi = &tlv_init_params[i]; + unsigned int order = tpi->proc.params.t.preferred_order; struct tlv_proc *tp = &tpt->procs[i + 1]; if (WARN_ON(tpi->type < 2)) { @@ -680,6 +695,11 @@ int exthdrs_init(struct tlv_param_table *tlv_param_table, return -EINVAL; } + if (order) { + WARN_ON(test_bit(order, check_map)); + set_bit(order, check_map); + } + *tp = tpi->proc; tpt->entries[tpi->type] = i + 1; } diff --git a/net/ipv6/exthdrs_options.c b/net/ipv6/exthdrs_options.c index 02d12c5..042ca14 100644 --- a/net/ipv6/exthdrs_options.c +++ b/net/ipv6/exthdrs_options.c @@ -181,26 +181,75 @@ static const struct tlv_proc_init tlv_init_params[] __initconst = { .type = IPV6_TLV_HAO, .proc.ops.func = ipv6_dest_hao, - .proc.params.rx_class = IPV6_TLV_CLASS_FLAG_DSTOPT, + + .proc.params.r.class = IPV6_TLV_CLASS_FLAG_DSTOPT, + + .proc.params.t.preferred_order = TLV_PREF_ORDER_HAO, + .proc.params.t.admin_perm = IPV6_TLV_PERM_NO_CHECK, + .proc.params.t.user_perm = IPV6_TLV_PERM_NONE, + .proc.params.t.class = IPV6_TLV_CLASS_FLAG_DSTOPT, + .proc.params.t.align_mult = (8 - 1), /* Align to 8n + 6 */ + .proc.params.t.align_off = 6, + .proc.params.t.min_data_len = 16, + .proc.params.t.max_data_len = 16, + .proc.params.t.data_len_mult = (1 - 1), /* Fixed length */ + .proc.params.t.data_len_off = 0, }, #endif { .type = IPV6_TLV_ROUTERALERT, .proc.ops.func = ipv6_hop_ra, - .proc.params.rx_class = IPV6_TLV_CLASS_FLAG_HOPOPT, + + .proc.params.r.class = IPV6_TLV_CLASS_FLAG_HOPOPT, + + .proc.params.t.preferred_order = TLV_PREF_ORDER_ROUTERALERT, + .proc.params.t.admin_perm = IPV6_TLV_PERM_NO_CHECK, + .proc.params.t.user_perm = IPV6_TLV_PERM_NONE, + .proc.params.t.class = IPV6_TLV_CLASS_FLAG_HOPOPT, + .proc.params.t.align_mult = (2 - 1), /* Align to 2n */ + .proc.params.t.align_off = 0, + .proc.params.t.min_data_len = 2, + .proc.params.t.max_data_len = 2, + .proc.params.t.data_len_mult = (1 - 1), /* Fixed length */ + .proc.params.t.data_len_off = 0, + }, { .type = IPV6_TLV_JUMBO, .proc.ops.func = ipv6_hop_jumbo, - .proc.params.rx_class = IPV6_TLV_CLASS_FLAG_HOPOPT, + + .proc.params.r.class = IPV6_TLV_CLASS_FLAG_HOPOPT, + + .proc.params.t.preferred_order = TLV_PREF_ORDER_JUMBO, + .proc.params.t.admin_perm = IPV6_TLV_PERM_NO_CHECK, + .proc.params.t.user_perm = IPV6_TLV_PERM_NONE, + .proc.params.t.class = IPV6_TLV_CLASS_FLAG_HOPOPT, + .proc.params.t.align_mult = (4 - 1), /* Align to 4n + 2 */ + .proc.params.t.align_off = 2, + .proc.params.t.min_data_len = 4, + .proc.params.t.max_data_len = 4, + .proc.params.t.data_len_mult = (1 - 1), /* Fixed length */ + .proc.params.t.data_len_off = 0, }, { .type = IPV6_TLV_CALIPSO, .proc.ops.func = ipv6_hop_calipso, - .proc.params.rx_class = IPV6_TLV_CLASS_FLAG_HOPOPT, + .proc.params.r.class = IPV6_TLV_CLASS_FLAG_HOPOPT, + + .proc.params.t.preferred_order = TLV_PREF_ORDER_CALIPSO, + .proc.params.t.admin_perm = IPV6_TLV_PERM_NO_CHECK, + .proc.params.t.user_perm = IPV6_TLV_PERM_NONE, + .proc.params.t.class = IPV6_TLV_CLASS_FLAG_HOPOPT, + .proc.params.t.align_mult = (4 - 1), /* Align to 4n + 2 */ + .proc.params.t.align_off = 2, + .proc.params.t.min_data_len = 8, + .proc.params.t.max_data_len = 252, + .proc.params.t.data_len_mult = (4 - 1), + /* Length is multiple of 4 */ + .proc.params.t.data_len_off = 0, }, }; From patchwork Mon Apr 15 17:52:19 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Herbert X-Patchwork-Id: 1085856 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=herbertland.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=herbertland-com.20150623.gappssmtp.com header.i=@herbertland-com.20150623.gappssmtp.com header.b="gmUO5Qki"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 44jbgz29Mfz9s71 for ; Tue, 16 Apr 2019 03:53:03 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727843AbfDORxB (ORCPT ); Mon, 15 Apr 2019 13:53:01 -0400 Received: from mail-pl1-f194.google.com ([209.85.214.194]:44347 "EHLO mail-pl1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727783AbfDORxA (ORCPT ); Mon, 15 Apr 2019 13:53:00 -0400 Received: by mail-pl1-f194.google.com with SMTP id g12so8918576pll.11 for ; Mon, 15 Apr 2019 10:52:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=+EKZB4lSyAv00up4y10uFREMZ1+Baceuv6qIq1SY2ss=; b=gmUO5QkiBUCbYtusLb/WnIWhsC0rTH9r28DCZ2jcG5rtFfefhWimGQ1dRSRyakuznG bT+eLOWqwNFNN6WEjcr8ovNB+qvnQLbmt6oySIx7EjctxaispD88Vp/YQBbEF+iBBcPJ 6eXiG/4WLEH+KQibU88Scs1YHozAwpKjv/Rk6D9iFa3xUGuoyOSa2euufClRLsCcWlx8 1VJ050R9tB2rMlQRbWsqtRnA07q9g7TtoiM4C+LLhIjSinbNtJQktoJHW/XPc2Ng4R2b wHtzvN+JnWAUaB+5LH47CgxMxQrLZxgQ1kTGWewSa8DBV+JrStN7yHX2A3MAtaciwOAk Dh1g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=+EKZB4lSyAv00up4y10uFREMZ1+Baceuv6qIq1SY2ss=; b=T3z61YInkCCCACc6OPZ54hNxvAuc84OY4vRC0RAiDwiSgVmm7R2yoUlRSXAdinNlex JdX1TICTIHg0un0MAqw4SvZBjxySmGnlahjTjPSIIE76J9ZOthsaHkmbKHEjfZvNWTWi NAYFMnqcGIgAYG2GnctbRaLwE/vdh9KpsOn7SvnxXkUJbvAosXXSjNhN4mnmJx8sI4kC SpZSmHc81i8OmCOjdNsSnDdd+BmEC5TuoEjTFZN8vOOwbwFd8nrylmQzE3DBg6C8QQRe D2WJ3v8mFgE9tO6e622IfL0pW4UAIiLoNuSSORuh3qQ+em6k10djBWXXHOMHJfIoWVd7 QSsQ== X-Gm-Message-State: APjAAAVrHxgznNj2zT3QfjGsJq6bLa2QTP7H4DiQN6fqRopd2iyVLzE+ XE2CptvY9q1ipxrSEw4FRXvVSg== X-Google-Smtp-Source: APXvYqwxbE/1oGuY1ObhR1UthnGc2aHVl7qWID6UFC0CREhF6CflBqDDxtJczsXoJk97lzh9Hz6oOA== X-Received: by 2002:a17:902:4a0c:: with SMTP id w12mr48503452pld.52.1555350779355; Mon, 15 Apr 2019 10:52:59 -0700 (PDT) Received: from localhost.localdomain (c-73-223-249-119.hsd1.ca.comcast.net. [73.223.249.119]) by smtp.gmail.com with ESMTPSA id t24sm58751170pfe.110.2019.04.15.10.52.58 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 15 Apr 2019 10:52:58 -0700 (PDT) From: Tom Herbert X-Google-Original-From: Tom Herbert To: davem@davemloft.net, netdev@vger.kernel.org Cc: Tom Herbert Subject: [PATCH v3 net-next 6/7] ip6tlvs: Add netlink interface Date: Mon, 15 Apr 2019 10:52:19 -0700 Message-Id: <1555350740-23490-7-git-send-email-tom@quantonium.net> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1555350740-23490-1-git-send-email-tom@quantonium.net> References: <1555350740-23490-1-git-send-email-tom@quantonium.net> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Add a netlink interface to manage the TX TLV parameters. Managed parameters include those for validating and sending TLVs being sent such as alignment, TLV ordering, length limits, etc. --- include/net/ipv6.h | 18 +++ include/uapi/linux/in6.h | 31 +++++ net/ipv6/exthdrs_core.c | 280 +++++++++++++++++++++++++++++++++++++++++++++ net/ipv6/exthdrs_options.c | 81 ++++++++++++- 4 files changed, 408 insertions(+), 2 deletions(-) diff --git a/include/net/ipv6.h b/include/net/ipv6.h index 9b25d08..a1a0af2 100644 --- a/include/net/ipv6.h +++ b/include/net/ipv6.h @@ -17,6 +17,7 @@ #include #include #include +#include #include #include #include @@ -449,6 +450,23 @@ int tlv_set_params(struct tlv_param_table *tlv_param_table, int tlv_unset_params(struct tlv_param_table *tlv_param_table, unsigned char type); +extern const struct nla_policy tlv_nl_policy[]; + +int tlv_nl_cmd_set(struct tlv_param_table *tlv_param_table, + struct genl_family *tlv_nl_family, + struct sk_buff *skb, struct genl_info *info); +int tlv_nl_cmd_unset(struct tlv_param_table *tlv_param_table, + struct genl_family *tlv_nl_family, + struct sk_buff *skb, struct genl_info *info); +int tlv_nl_cmd_get(struct tlv_param_table *tlv_param_table, + struct genl_family *tlv_nl_family, + struct sk_buff *skb, struct genl_info *info); +int tlv_fill_info(struct tlv_param_table *tlv_param_table, + int tlv_type, struct sk_buff *msg, bool admin); +int tlv_nl_dump(struct tlv_param_table *tlv_param_table, + struct genl_family *tlv_nl_family, + struct sk_buff *skb, struct netlink_callback *cb); + int exthdrs_init(struct tlv_param_table *tlv_param_table, const struct tlv_proc_init *init_params, int num_init_params); diff --git a/include/uapi/linux/in6.h b/include/uapi/linux/in6.h index 6a99ee1..1c79361 100644 --- a/include/uapi/linux/in6.h +++ b/include/uapi/linux/in6.h @@ -306,6 +306,37 @@ struct in6_flowlabel_req { #define IPV6_TLV_CLASS_ANY_DSTOPT (IPV6_TLV_CLASS_FLAG_RTRDSTOPT | \ IPV6_TLV_CLASS_FLAG_DSTOPT) +/* NETLINK_GENERIC related info for IPv6 TLVs */ + +#define IPV6_TLV_GENL_NAME "ipv6-tlv" +#define IPV6_TLV_GENL_VERSION 0x1 + +enum { + IPV6_TLV_ATTR_UNSPEC, + IPV6_TLV_ATTR_TYPE, /* u8, > 1 */ + IPV6_TLV_ATTR_ORDER, /* u8 */ + IPV6_TLV_ATTR_ADMIN_PERM, /* u8, perm value */ + IPV6_TLV_ATTR_USER_PERM, /* u8, perm value */ + IPV6_TLV_ATTR_CLASS, /* u8, 3 bit flags */ + IPV6_TLV_ATTR_ALIGN_MULT, /* u8, 1 to 16 */ + IPV6_TLV_ATTR_ALIGN_OFF, /* u8, 0 to 15 */ + IPV6_TLV_ATTR_MIN_DATA_LEN, /* u8 (option data length) */ + IPV6_TLV_ATTR_MAX_DATA_LEN, /* u8 (option data length) */ + IPV6_TLV_ATTR_DATA_LEN_MULT, /* u8, 1 to 16 */ + IPV6_TLV_ATTR_DATA_LEN_OFF, /* u8, 0 to 15 */ + + __IPV6_TLV_ATTR_MAX, +}; + +#define IPV6_TLV_ATTR_MAX (__IPV6_TLV_ATTR_MAX - 1) + +enum { + IPV6_TLV_CMD_SET, + IPV6_TLV_CMD_UNSET, + IPV6_TLV_CMD_GET, + + __IPV6_TLV_CMD_MAX, +}; /* TLV permissions values */ enum { diff --git a/net/ipv6/exthdrs_core.c b/net/ipv6/exthdrs_core.c index 53e92fd..0b56f7a 100644 --- a/net/ipv6/exthdrs_core.c +++ b/net/ipv6/exthdrs_core.c @@ -3,7 +3,9 @@ * not configured or static. */ #include +#include #include +#include /* * find out if nexthdr is a well-known extension header or a protocol @@ -657,6 +659,284 @@ int tlv_unset_params(struct tlv_param_table *tlv_param_table, } EXPORT_SYMBOL(tlv_unset_params); +const struct nla_policy tlv_nl_policy[IPV6_TLV_ATTR_MAX + 1] = { + [IPV6_TLV_ATTR_TYPE] = { .type = NLA_U8, }, + [IPV6_TLV_ATTR_ORDER] = { .type = NLA_U8, }, + [IPV6_TLV_ATTR_ADMIN_PERM] = { .type = NLA_U8, }, + [IPV6_TLV_ATTR_USER_PERM] = { .type = NLA_U8, }, + [IPV6_TLV_ATTR_CLASS] = { .type = NLA_U8, }, + [IPV6_TLV_ATTR_ALIGN_MULT] = { .type = NLA_U8, }, + [IPV6_TLV_ATTR_ALIGN_OFF] = { .type = NLA_U8, }, + [IPV6_TLV_ATTR_MIN_DATA_LEN] = { .type = NLA_U8, }, + [IPV6_TLV_ATTR_MAX_DATA_LEN] = { .type = NLA_U8, }, + [IPV6_TLV_ATTR_DATA_LEN_OFF] = { .type = NLA_U8, }, + [IPV6_TLV_ATTR_DATA_LEN_MULT] = { .type = NLA_U8, }, +}; +EXPORT_SYMBOL(tlv_nl_policy); + +int tlv_nl_cmd_set(struct tlv_param_table *tlv_param_table, + struct genl_family *tlv_nl_family, + struct sk_buff *skb, struct genl_info *info) +{ + struct tlv_params new_params; + struct tlv_tx_params *tptx; + struct tlv_proc *tproc; + int retv = -EINVAL, i; + u8 tlv_type, v; + + if (!info->attrs[IPV6_TLV_ATTR_TYPE]) + return -EINVAL; + + tlv_type = nla_get_u8(info->attrs[IPV6_TLV_ATTR_TYPE]); + if (tlv_type < 2) + return -EINVAL; + + rcu_read_lock(); + + /* Base new parameters on existing ones */ + tproc = tlv_get_proc(tlv_param_table, tlv_type); + new_params = tproc->params; + + if (info->attrs[IPV6_TLV_ATTR_ORDER]) { + v = nla_get_u8(info->attrs[IPV6_TLV_ATTR_ORDER]); + if (v) { + for (i = 2; i < 256; i++) { + tproc = tlv_get_proc(tlv_param_table, i); + tptx = &tproc->params.t; + + /* Preferred orders must be unique */ + if (tptx->preferred_order == v && + i != tlv_type) { + retv = -EALREADY; + goto out; + } + } + new_params.t.preferred_order = v; + } + } + + if (!new_params.t.preferred_order) { + unsigned long check_map[BITS_TO_LONGS(255)]; + int pos; + + /* Preferred order not specified, automatically set one. + * This is chosen to be the first value after the greatest + * order in use. + */ + memset(check_map, 0, sizeof(check_map)); + + for (i = 2; i < 256; i++) { + unsigned int order; + + tproc = tlv_get_proc(tlv_param_table, i); + tptx = &tproc->params.t; + order = tptx->preferred_order; + + if (!order) + continue; + + WARN_ON(test_bit(255 - order, check_map)); + set_bit(255 - order, check_map); + } + + pos = find_first_bit(check_map, 255); + if (pos) + new_params.t.preferred_order = 255 - (pos - 1); + else + new_params.t.preferred_order = 255 - + find_first_zero_bit(check_map, sizeof(check_map)); + } + + if (info->attrs[IPV6_TLV_ATTR_ADMIN_PERM]) { + v = nla_get_u8(info->attrs[IPV6_TLV_ATTR_ADMIN_PERM]); + if (v > IPV6_TLV_PERM_MAX) + goto out; + new_params.t.admin_perm = v; + } + + if (info->attrs[IPV6_TLV_ATTR_USER_PERM]) { + v = nla_get_u8(info->attrs[IPV6_TLV_ATTR_USER_PERM]); + if (v > IPV6_TLV_PERM_MAX) + goto out; + new_params.t.user_perm = v; + } + + if (info->attrs[IPV6_TLV_ATTR_CLASS]) { + v = nla_get_u8(info->attrs[IPV6_TLV_ATTR_CLASS]); + if (v > IPV6_TLV_CLASS_MAX) + goto out; + new_params.t.class = v; + } + + if (info->attrs[IPV6_TLV_ATTR_ALIGN_MULT]) { + v = nla_get_u8(info->attrs[IPV6_TLV_ATTR_ALIGN_MULT]); + if (v > 16 || v < 1) + goto out; + new_params.t.align_mult = v - 1; + } + + if (info->attrs[IPV6_TLV_ATTR_ALIGN_OFF]) { + v = nla_get_u8(info->attrs[IPV6_TLV_ATTR_ALIGN_OFF]); + if (v > 15) + goto out; + new_params.t.align_off = v; + } + + if (info->attrs[IPV6_TLV_ATTR_MAX_DATA_LEN]) + new_params.t.max_data_len = + nla_get_u8(info->attrs[IPV6_TLV_ATTR_MAX_DATA_LEN]); + + if (info->attrs[IPV6_TLV_ATTR_MIN_DATA_LEN]) + new_params.t.min_data_len = + nla_get_u8(info->attrs[IPV6_TLV_ATTR_MIN_DATA_LEN]); + + if (info->attrs[IPV6_TLV_ATTR_DATA_LEN_MULT]) { + v = nla_get_u8(info->attrs[IPV6_TLV_ATTR_DATA_LEN_MULT]); + if (v > 16 || v < 1) + goto out; + new_params.t.data_len_mult = v - 1; + } + + if (info->attrs[IPV6_TLV_ATTR_DATA_LEN_OFF]) { + v = nla_get_u8(info->attrs[IPV6_TLV_ATTR_DATA_LEN_OFF]); + if (v > 15) + goto out; + new_params.t.data_len_off = v; + } + + retv = tlv_set_params(tlv_param_table, tlv_type, &new_params); + +out: + rcu_read_unlock(); + return retv; +} +EXPORT_SYMBOL(tlv_nl_cmd_set); + +int tlv_nl_cmd_unset(struct tlv_param_table *tlv_param_table, + struct genl_family *tlv_nl_family, + struct sk_buff *skb, struct genl_info *info) +{ + unsigned int tlv_type; + + if (!info->attrs[IPV6_TLV_ATTR_TYPE]) + return -EINVAL; + + tlv_type = nla_get_u8(info->attrs[IPV6_TLV_ATTR_TYPE]); + if (tlv_type < 2) + return -EINVAL; + + return tlv_unset_params(tlv_param_table, tlv_type); +} +EXPORT_SYMBOL(tlv_nl_cmd_unset); + +int tlv_fill_info(struct tlv_param_table *tlv_param_table, + int tlv_type, struct sk_buff *msg, bool admin) +{ + struct tlv_proc *tproc; + struct tlv_params *tp; + int ret = 0; + + rcu_read_lock(); + + tproc = tlv_get_proc(tlv_param_table, tlv_type); + tp = &tproc->params; + + if (nla_put_u8(msg, IPV6_TLV_ATTR_TYPE, tlv_type) || + nla_put_u8(msg, IPV6_TLV_ATTR_ORDER, tp->t.preferred_order) || + nla_put_u8(msg, IPV6_TLV_ATTR_USER_PERM, tp->t.user_perm) || + (admin && nla_put_u8(msg, IPV6_TLV_ATTR_ADMIN_PERM, + tp->t.admin_perm)) || + nla_put_u8(msg, IPV6_TLV_ATTR_CLASS, tp->t.class) || + nla_put_u8(msg, IPV6_TLV_ATTR_ALIGN_MULT, tp->t.align_mult + 1) || + nla_put_u8(msg, IPV6_TLV_ATTR_ALIGN_OFF, tp->t.align_off) || + nla_put_u8(msg, IPV6_TLV_ATTR_MIN_DATA_LEN, tp->t.min_data_len) || + nla_put_u8(msg, IPV6_TLV_ATTR_MAX_DATA_LEN, tp->t.max_data_len) || + nla_put_u8(msg, IPV6_TLV_ATTR_DATA_LEN_MULT, + tp->t.data_len_mult + 1) || + nla_put_u8(msg, IPV6_TLV_ATTR_DATA_LEN_OFF, tp->t.data_len_off)) + ret = -1; + + rcu_read_unlock(); + + return ret; +} +EXPORT_SYMBOL(tlv_fill_info); + +static int tlv_dump_info(struct tlv_param_table *tlv_param_table, + struct genl_family *tlv_nl_family, + int tlv_type, u32 portid, u32 seq, u32 flags, + struct sk_buff *skb, u8 cmd, bool admin) +{ + void *hdr; + + hdr = genlmsg_put(skb, portid, seq, tlv_nl_family, flags, cmd); + if (!hdr) + return -ENOMEM; + + if (tlv_fill_info(tlv_param_table, tlv_type, skb, admin) < 0) { + genlmsg_cancel(skb, hdr); + return -EMSGSIZE; + } + + genlmsg_end(skb, hdr); + + return 0; +} + +int tlv_nl_cmd_get(struct tlv_param_table *tlv_param_table, + struct genl_family *tlv_nl_family, + struct sk_buff *skb, struct genl_info *info) +{ + struct sk_buff *msg; + int ret, tlv_type; + + if (!info->attrs[IPV6_TLV_ATTR_TYPE]) + return -EINVAL; + + tlv_type = nla_get_u8(info->attrs[IPV6_TLV_ATTR_TYPE]); + if (tlv_type < 2) + return -EINVAL; + + msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); + if (!msg) + return -ENOMEM; + + ret = tlv_dump_info(tlv_param_table, tlv_nl_family, + tlv_type, info->snd_portid, info->snd_seq, 0, msg, + info->genlhdr->cmd, + netlink_capable(skb, CAP_NET_ADMIN)); + if (ret < 0) { + nlmsg_free(msg); + return ret; + } + + return genlmsg_reply(msg, info); +} +EXPORT_SYMBOL(tlv_nl_cmd_get); + +int tlv_nl_dump(struct tlv_param_table *tlv_param_table, + struct genl_family *tlv_nl_family, + struct sk_buff *skb, struct netlink_callback *cb) +{ + int idx = 0, ret, i; + + for (i = 2; i < 256; i++) { + if (idx++ < cb->args[0]) + continue; + ret = tlv_dump_info(tlv_param_table, tlv_nl_family, i, + NETLINK_CB(cb->skb).portid, + cb->nlh->nlmsg_seq, NLM_F_MULTI, + skb, IPV6_TLV_CMD_GET, + netlink_capable(cb->skb, CAP_NET_ADMIN)); + if (ret) + break; + } + + cb->args[0] = idx; + return skb->len; +} +EXPORT_SYMBOL(tlv_nl_dump); + int exthdrs_init(struct tlv_param_table *tlv_param_table, const struct tlv_proc_init *tlv_init_params, int num_init_params) diff --git a/net/ipv6/exthdrs_options.c b/net/ipv6/exthdrs_options.c index 042ca14..87f3118 100644 --- a/net/ipv6/exthdrs_options.c +++ b/net/ipv6/exthdrs_options.c @@ -6,6 +6,7 @@ #include #include #include +#include #include #include #if IS_ENABLED(CONFIG_IPV6_MIP6) @@ -256,15 +257,91 @@ static const struct tlv_proc_init tlv_init_params[] __initconst = { struct tlv_param_table __rcu ipv6_tlv_param_table; EXPORT_SYMBOL(ipv6_tlv_param_table); +static int ipv6_tlv_nl_cmd_set(struct sk_buff *skb, struct genl_info *info); +static int ipv6_tlv_nl_cmd_unset(struct sk_buff *skb, struct genl_info *info); +static int ipv6_tlv_nl_cmd_get(struct sk_buff *skb, struct genl_info *info); +static int ipv6_tlv_nl_dump(struct sk_buff *skb, struct netlink_callback *cb); + +static const struct genl_ops ipv6_tlv_nl_ops[] = { +{ + .cmd = IPV6_TLV_CMD_SET, + .doit = ipv6_tlv_nl_cmd_set, + .flags = GENL_ADMIN_PERM, +}, +{ + .cmd = IPV6_TLV_CMD_UNSET, + .doit = ipv6_tlv_nl_cmd_unset, + .flags = GENL_ADMIN_PERM, +}, +{ + .cmd = IPV6_TLV_CMD_GET, + .doit = ipv6_tlv_nl_cmd_get, + .dumpit = ipv6_tlv_nl_dump, +}, +}; + +struct genl_family ipv6_tlv_nl_family __ro_after_init = { + .hdrsize = 0, + .name = IPV6_TLV_GENL_NAME, + .version = IPV6_TLV_GENL_VERSION, + .maxattr = IPV6_TLV_ATTR_MAX, + .policy = tlv_nl_policy, + .netnsok = true, + .parallel_ops = true, + .ops = ipv6_tlv_nl_ops, + .n_ops = ARRAY_SIZE(ipv6_tlv_nl_ops), + .module = THIS_MODULE, +}; + +static int ipv6_tlv_nl_cmd_set(struct sk_buff *skb, struct genl_info *info) +{ + return tlv_nl_cmd_set(&ipv6_tlv_param_table, &ipv6_tlv_nl_family, + skb, info); +} + +static int ipv6_tlv_nl_cmd_unset(struct sk_buff *skb, struct genl_info *info) +{ + return tlv_nl_cmd_unset(&ipv6_tlv_param_table, &ipv6_tlv_nl_family, + skb, info); +} + +static int ipv6_tlv_nl_cmd_get(struct sk_buff *skb, struct genl_info *info) +{ + return tlv_nl_cmd_get(&ipv6_tlv_param_table, &ipv6_tlv_nl_family, + skb, info); +} + +static int ipv6_tlv_nl_dump(struct sk_buff *skb, struct netlink_callback *cb) +{ + return tlv_nl_dump(&ipv6_tlv_param_table, &ipv6_tlv_nl_family, + skb, cb); +} + static int __init ipv6_exthdrs_init(void) { - return exthdrs_init(&ipv6_tlv_param_table, tlv_init_params, - ARRAY_SIZE(tlv_init_params)); + int err; + + err = genl_register_family(&ipv6_tlv_nl_family); + if (err) + goto out; + + err = exthdrs_init(&ipv6_tlv_param_table, tlv_init_params, + ARRAY_SIZE(tlv_init_params)); + if (err) + goto out_unregister_genl; + + return 0; + +out_unregister_genl: + genl_unregister_family(&ipv6_tlv_nl_family); +out: + return err; } module_init(ipv6_exthdrs_init); static void __exit ipv6_exthdrs_fini(void) { exthdrs_fini(&ipv6_tlv_param_table); + genl_unregister_family(&ipv6_tlv_nl_family); } module_exit(ipv6_exthdrs_fini); From patchwork Mon Apr 15 17:52:20 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Herbert X-Patchwork-Id: 1085857 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=herbertland.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=herbertland-com.20150623.gappssmtp.com header.i=@herbertland-com.20150623.gappssmtp.com header.b="ZNJz6F84"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 44jbh14bd2z9s71 for ; Tue, 16 Apr 2019 03:53:05 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727866AbfDORxE (ORCPT ); Mon, 15 Apr 2019 13:53:04 -0400 Received: from mail-pl1-f196.google.com ([209.85.214.196]:35044 "EHLO mail-pl1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727783AbfDORxD (ORCPT ); Mon, 15 Apr 2019 13:53:03 -0400 Received: by mail-pl1-f196.google.com with SMTP id w24so8944319plp.2 for ; Mon, 15 Apr 2019 10:53:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=exEH8AAk1DdJFl0za7kp0y8Laame4Vj1M2tPQwyTAxA=; b=ZNJz6F84xmGHhZRHLoZ/ccofM0AyojPdN6Oq+NUg+UR4g8mX45TIgeoZVtVSoSIIFX ydFBUS0nrvvv/UGQ4wUl3FoXhT7cRVOsZ47Uxd5DXyDBU3iRN7Bw5fDjdGPUMNwIpyzZ nrs4flMzSOXrQqzZz6eRilatcNaojL+ax21idQIGC9VV4L/kNuFM4gfMfF9VO85KNkNQ /84OnOwJqKVRAsb5EMj3Ldd8tWwr6UDXJBIX69QZk4wykKHYeGadmqfo81+zd0z6iy7t 7wKTJUbBC+u1zQLwiUaOxbuvTHmxQAQz1bC7ibrnGAlXtt6pIKQIn/P85w7MAuDDSNoz uN+g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=exEH8AAk1DdJFl0za7kp0y8Laame4Vj1M2tPQwyTAxA=; b=L8kirbAhfpEQuZJysjIPlgw/iw51Dm+flYsT7DwMHG/kLkHR9qdWstOgeBpvg2ZTyT TecDa6aE2uKh/u14jiWw9k/hZjA7b2FLvyOqmfPM68DLOT6+jwv2UVHdG1vM/1JqzD87 pV/Xpqdyp0J3MGoCI/sT16oYX/it3MLrrLWMe9TWYwjgENIGbuDDMi7Pio3OXMJcEPOH iQ/k0DG8zl5oQ7H6MQABfN1A0RpzebJRnJ1pV4IsJzF9dwORJdX3ae/5Y1oB60UI6kD1 PyDetuf5892csa37PUjbcRCXkP2uk+1Y5jhG3d+Umv4VSV1WVx6e8fsr7zjxpmkad6VM LP/Q== X-Gm-Message-State: APjAAAUCSXW7DiYlG29SUSFOyc8R1qaXUyGnWeg+c+DzPQX/h9SB8uNn UHvXXS4zBrtc+r//vJQOE5sIRg== X-Google-Smtp-Source: APXvYqyfiY8sEDNX5firoqyf86YlaaI4wJgOFu+sR1GITIT8hwa6AgFcYHjHWESBgtkU4+3rfhOBXA== X-Received: by 2002:a17:902:d83:: with SMTP id 3mr52907010plv.125.1555350781242; Mon, 15 Apr 2019 10:53:01 -0700 (PDT) Received: from localhost.localdomain (c-73-223-249-119.hsd1.ca.comcast.net. [73.223.249.119]) by smtp.gmail.com with ESMTPSA id t24sm58751170pfe.110.2019.04.15.10.53.00 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 15 Apr 2019 10:53:00 -0700 (PDT) From: Tom Herbert X-Google-Original-From: Tom Herbert To: davem@davemloft.net, netdev@vger.kernel.org Cc: Tom Herbert Subject: [PATCH v3 net-next 7/7] ip6tlvs: Validation of TX Destination and Hop-by-Hop options Date: Mon, 15 Apr 2019 10:52:20 -0700 Message-Id: <1555350740-23490-8-git-send-email-tom@quantonium.net> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1555350740-23490-1-git-send-email-tom@quantonium.net> References: <1555350740-23490-1-git-send-email-tom@quantonium.net> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Validate Destination and Hop-by-Hop options. This uses the information in the TLV parameters table to validate various aspects of both individual TLVs as well as a list of TLVs in an extension header. There are two levels of validation that can be performed: simple checks and deep checks. Simple checks validate only the most basic properties such as that the TLV list fits into the EH. Deep checks do a fine grained validation that includes perferred ordering, length limits, and length alignment. With proper permissions set in the TLV parameter table, this patch allows non-privileged users to send TLVs. Given that TLVs are open ended and potentially a source of DOS attack, deep checks are performed to limit the format that a non-privileged user can send. If deep checks are enabled, a canonical format for sending TLVs is enforced (in adherence with the robustness principle). A TLV must be well ordered with respect to the preferred order for the TLV. Each TLV must be aligned as described in the parameter table. Minimal padding (one padding TLV) is used to align TLVs. The length of the extension header as well as the count of non-padding TLVs is checked against max_*_opts_len and max_*_opts_cnt. For individual TLVs, length limits and length alignment is checked. --- include/net/ipv6.h | 23 +++ net/ipv6/datagram.c | 27 +++- net/ipv6/exthdrs_core.c | 373 +++++++++++++++++++++++++++++++++++++++++++++++ net/ipv6/ipv6_sockglue.c | 43 ++---- 4 files changed, 434 insertions(+), 32 deletions(-) diff --git a/include/net/ipv6.h b/include/net/ipv6.h index a1a0af2..f7f079f 100644 --- a/include/net/ipv6.h +++ b/include/net/ipv6.h @@ -472,6 +472,20 @@ int exthdrs_init(struct tlv_param_table *tlv_param_table, int num_init_params); void exthdrs_fini(struct tlv_param_table *tlv_param_table); +int ipv6_opt_validate_tlvs(struct net *net, + struct tlv_param_table *tlv_param_table, + struct ipv6_opt_hdr *opt, + unsigned int optname, bool admin, + unsigned int max_len, unsigned int max_cnt); +int ipv6_opt_validate_single_tlv(struct net *net, + struct tlv_param_table *tlv_param_table, + unsigned int optname, + unsigned char *tlv, size_t len, + bool deleting, bool admin); +int ipv6_opt_check_perm(struct net *net, + struct tlv_param_table *tlv_param_table, + struct sock *sk, int optname, bool admin); + /* tlv_get_proc assumes rcu_read_lock is held */ static inline struct tlv_proc *tlv_get_proc( struct tlv_param_table *tlv_param_table, @@ -488,6 +502,15 @@ bool ipv6_opt_accepted(const struct sock *sk, const struct sk_buff *skb, struct ipv6_txoptions *ipv6_update_options(struct sock *sk, struct ipv6_txoptions *opt); +struct ipv6_txoptions *txoptions_from_opt(struct sock *sk, + struct tlv_param_table + *tlv_param_table, + struct ipv6_txoptions *opt, + int optname, char __user *optval, + unsigned int optlen, + unsigned int max_len, + unsigned int max_cnt); + static inline bool ipv6_accept_ra(struct inet6_dev *idev) { /* If forwarding is enabled, RA are not accepted unless the special diff --git a/net/ipv6/datagram.c b/net/ipv6/datagram.c index f4742db..1d37ac1 100644 --- a/net/ipv6/datagram.c +++ b/net/ipv6/datagram.c @@ -844,7 +844,10 @@ int ip6_datagram_send_ctl(struct net *net, struct sock *sk, case IPV6_HOPOPTS: case IPV6_2292DSTOPTS: case IPV6_DSTOPTS: - case IPV6_RTHDRDSTOPTS: + case IPV6_RTHDRDSTOPTS: { + int type = IPV6_DSTOPTS; + unsigned int max_len, max_cnt; + if (cmsg->cmsg_len < CMSG_LEN(sizeof(struct ipv6_opt_hdr))) { err = -EINVAL; goto exit_f; @@ -856,11 +859,26 @@ int ip6_datagram_send_ctl(struct net *net, struct sock *sk, err = -EINVAL; goto exit_f; } - if (!ns_capable(net->user_ns, CAP_NET_RAW)) { - err = -EPERM; - goto exit_f; + + if (cmsg->cmsg_type == IPV6_2292HOPOPTS || + cmsg->cmsg_type == IPV6_HOPOPTS) { + type = IPV6_HOPOPTS; + max_len = net->ipv6.sysctl.max_hbh_opts_len; + max_cnt = net->ipv6.sysctl.max_hbh_opts_cnt; + } else { + type = IPV6_DSTOPTS; + max_len = net->ipv6.sysctl.max_dst_opts_len; + max_cnt = net->ipv6.sysctl.max_dst_opts_cnt; } + err = ipv6_opt_validate_tlvs(net, &ipv6_tlv_param_table, + hdr, type, + ns_capable(net->user_ns, + CAP_NET_RAW), + max_len, max_cnt); + if (err < 0) + goto exit_f; + switch (cmsg->cmsg_type) { case IPV6_2292HOPOPTS: case IPV6_HOPOPTS: @@ -888,6 +906,7 @@ int ip6_datagram_send_ctl(struct net *net, struct sock *sk, } break; + } case IPV6_2292RTHDR: case IPV6_RTHDR: diff --git a/net/ipv6/exthdrs_core.c b/net/ipv6/exthdrs_core.c index 0b56f7a..ef8e250 100644 --- a/net/ipv6/exthdrs_core.c +++ b/net/ipv6/exthdrs_core.c @@ -421,6 +421,309 @@ struct ipv6_txoptions *ipv6_fixup_options(struct ipv6_txoptions *opt_space, } EXPORT_SYMBOL_GPL(ipv6_fixup_options); +/* TLV validation functions */ + +/* Validate a single non-padding TLV */ +static int __ipv6_opt_validate_single_tlv(struct net *net, unsigned char *tlv, + struct tlv_tx_params *tptx, + unsigned int class, bool *deep_check, + bool deleting, bool admin) +{ + if (tlv[0] < 2) /* Must be non-padding */ + return -EINVAL; + + /* Check permissions */ + switch (admin ? tptx->admin_perm : tptx->user_perm) { + case IPV6_TLV_PERM_NO_CHECK: + /* Allowed with no deep checks */ + *deep_check = false; + return 0; + case IPV6_TLV_PERM_WITH_CHECK: + /* Allowed with deep checks */ + *deep_check = true; + break; + default: + /* No permission */ + return -EPERM; + } + + /* Perform deep checks on the TLV */ + + /* Check class */ + if ((tptx->class & class) != class) + return -EINVAL; + + /* Don't bother checking lengths when deleting, the TLV is only + * needed here for lookup + */ + if (deleting) { + /* Don't bother with deep checks when deleting */ + *deep_check = false; + } else { + /* Check length */ + if (tlv[1] < tptx->min_data_len || tlv[1] > tptx->max_data_len) + return -EINVAL; + + /* Check length alignment */ + if ((tlv[1] % (tptx->data_len_mult + 1)) != tptx->data_len_off) + return -EINVAL; + } + + return 0; +} + +static unsigned int optname_to_tlv_class(int optname) +{ + switch (optname) { + case IPV6_HOPOPTS: + return IPV6_TLV_CLASS_FLAG_HOPOPT; + case IPV6_RTHDRDSTOPTS: + return IPV6_TLV_CLASS_FLAG_RTRDSTOPT; + case IPV6_DSTOPTS: + return IPV6_TLV_CLASS_FLAG_DSTOPT; + default: + return -1U; + } +} + +static int __ipv6_opt_validate_tlvs(struct net *net, + struct tlv_param_table *tlv_param_table, + struct ipv6_opt_hdr *opt, + unsigned int optname, bool deleting, + bool admin, unsigned int max_len, + unsigned int max_cnt) +{ + unsigned char *tlv = (unsigned char *)opt; + bool deep_check, did_deep_check = false; + unsigned int opt_len, tlv_len, offset; + unsigned int padding = 0, numpad = 0; + unsigned char prev_tlv_order = 0; + unsigned int class, cnt = 0; + struct tlv_tx_params *tptx; + int retc, ret = -EINVAL; + struct tlv_proc *tproc; + + opt_len = ipv6_optlen(opt); + offset = sizeof(*opt); + + class = optname_to_tlv_class(optname); + + rcu_read_lock(); + + while (offset < opt_len) { + switch (tlv[offset]) { + case IPV6_TLV_PAD1: + tlv_len = 1; + padding++; + numpad++; + break; + case IPV6_TLV_PADN: + if (offset + 1 >= opt_len) + goto out; + + tlv_len = tlv[offset + 1] + 2; + + if (offset + tlv_len > opt_len) + goto out; + + padding += tlv_len; + numpad++; + break; + default: + if (offset + 1 >= opt_len) + goto out; + + tlv_len = tlv[offset + 1] + 2; + + if (offset + tlv_len > opt_len) + goto out; + + tproc = tlv_get_proc(tlv_param_table, tlv[offset]); + tptx = &tproc->params.t; + + retc = __ipv6_opt_validate_single_tlv(net, &tlv[offset], + tptx, class, + &deep_check, + deleting, admin); + if (retc < 0) { + ret = retc; + goto out; + } + + if (deep_check) { + /* Check for too many options */ + if (++cnt > max_cnt) { + ret = -E2BIG; + goto out; + } + + /* Check order */ + if (tptx->preferred_order < prev_tlv_order) + goto out; + + /* Check alignment */ + if ((offset % (tptx->align_mult + 1)) != + tptx->align_off) + goto out; + + /* Check for right amount of padding */ + if (numpad > 1 || padding > tptx->align_mult) + goto out; + + prev_tlv_order = tptx->preferred_order; + + did_deep_check = true; + } + padding = 0; + numpad = 0; + } + offset += tlv_len; + } + + /* If we did at least one deep check apply length limit */ + if (did_deep_check && opt_len > max_len) { + ret = -EMSGSIZE; + goto out; + } + + /* All good */ + ret = 0; +out: + rcu_read_unlock(); + + return ret; +} + +/** + * ipv6_opt_validate_tlvs - Validate TLVs. + * @net: Current net + * @tlv_param_table: TLV parameter table + * @opt: The option header + * @optname: IPV6_HOPOPTS, IPV6_RTHDRDSTOPTS, or IPV6_DSTOPTS + * @admin: Set for privileged user + * @max_len: Maximum length for TLV + * @max_cnt: Maximum number of non-padding TLVs + * + * Description: + * Walks the TLVs in a list to verify that the TLV lengths and other + * parameters are in bounds for a Destination or Hop-by-Hop option. + * Return -EINVAL is there is a problem, zero otherwise. + */ +int ipv6_opt_validate_tlvs(struct net *net, + struct tlv_param_table *tlv_param_table, + struct ipv6_opt_hdr *opt, unsigned int optname, + bool admin, unsigned int max_len, + unsigned int max_cnt) +{ + return __ipv6_opt_validate_tlvs(net, tlv_param_table, opt, optname, + false, admin, max_len, max_cnt); +} +EXPORT_SYMBOL(ipv6_opt_validate_tlvs); + +/** + * ipv6_opt_validate_single_tlv - Check that a single TLV is valid. + * @net: Current net + * @tlv_param_table: TLV parameter table + * @optname: IPV6_HOPOPTS, IPV6_RTHDRDSTOPTS, or IPV6_DSTOPTS + * @tlv: The TLV as array of bytes + * @len: Length of buffer holding TLV + * @deleting: TLV is being deleted + * @admin: Set for privileged user + * + * Description: + * Validates a single TLV. The TLV must be non-padding type. The length + * of the TLV (as determined by the second byte that gives length of the + * option data) must match @len. + */ +int ipv6_opt_validate_single_tlv(struct net *net, + struct tlv_param_table *tlv_param_table, + unsigned int optname, + unsigned char *tlv, size_t len, + bool deleting, bool admin) +{ + struct tlv_tx_params *tptx; + struct tlv_proc *tproc; + unsigned int class; + bool deep_check; + int ret = 0; + + class = optname_to_tlv_class(optname); + + if (tlv[0] < 2) + return -EINVAL; + + if (len < 2) + return -EINVAL; + + if (tlv[1] + 2 != len) + return -EINVAL; + + rcu_read_lock(); + + tproc = tlv_get_proc(tlv_param_table, tlv[0]); + tptx = &tproc->params.t; + + ret = __ipv6_opt_validate_single_tlv(net, tlv, tptx, class, + &deep_check, deleting, admin); + + rcu_read_unlock(); + + return ret; +} +EXPORT_SYMBOL(ipv6_opt_validate_single_tlv); + +/** + * ipv6_opt_check_perm - Check that current capabilities allows modifying + * txopts. + * @net: Current net + * @tlv_param_table: TLV parameter table + * @sk: the socket + * @optname: IPV6_HOPOPTS, IPV6_RTHDRDSTOPTS, or IPV6_DSTOPTS + * @admin: Set for privileged user + * + * Description: + * + * Checks whether the permissions of TLV that are set on a socket permit + * modificationr. + * + */ +int ipv6_opt_check_perm(struct net *net, + struct tlv_param_table *tlv_param_table, + struct sock *sk, int optname, bool admin) +{ + struct ipv6_txoptions *old = txopt_get(inet6_sk(sk)); + struct ipv6_opt_hdr *opt; + int retv = -EPERM; + + if (!old) + return 0; + + switch (optname) { + case IPV6_HOPOPTS: + opt = old->hopopt; + break; + case IPV6_RTHDRDSTOPTS: + opt = old->dst0opt; + break; + case IPV6_DSTOPTS: + opt = old->dst1opt; + break; + default: + goto out; + } + + /* Just call the validate function on the options as being + * deleted. + */ + retv = __ipv6_opt_validate_tlvs(net, tlv_param_table, opt, optname, + true, admin, -1U, -1U); + +out: + txopt_put(old); + return retv; +} +EXPORT_SYMBOL(ipv6_opt_check_perm); + /* TLV parameter table functions and structures */ static void tlv_param_table_release(struct rcu_head *rcu) @@ -659,6 +962,76 @@ int tlv_unset_params(struct tlv_param_table *tlv_param_table, } EXPORT_SYMBOL(tlv_unset_params); +/* Utility function tp create TX options from a setsockopt that is setting + * options on a socket. + */ +struct ipv6_txoptions *txoptions_from_opt(struct sock *sk, + struct tlv_param_table + *tlv_param_table, + struct ipv6_txoptions *opt, + int optname, char __user *optval, + unsigned int optlen, + unsigned int max_len, + unsigned int max_cnt) +{ + struct ipv6_opt_hdr *new = NULL; + struct net *net = sock_net(sk); + int retv; + + /* remove any sticky options header with a zero option + * length, per RFC3542. + */ + if (optlen == 0) { + optval = NULL; + } else if (!optval) { + return ERR_PTR(-EINVAL); + } else if (optlen < sizeof(struct ipv6_opt_hdr) || + optlen & 0x7 || optlen > 8 * 255) { + return ERR_PTR(-EINVAL); + } else { + new = memdup_user(optval, optlen); + if (IS_ERR(new)) + return (struct ipv6_txoptions *)new; + if (unlikely(ipv6_optlen(new) > optlen)) { + kfree(new); + return ERR_PTR(-EINVAL); + } + } + + if (optname != IPV6_RTHDR) { + bool cap = ns_capable(net->user_ns, CAP_NET_RAW); + + /* First check if we have permission to delete + * the existing options on the socket. + */ + retv = ipv6_opt_check_perm(net, tlv_param_table, + sk, optname, cap); + if (retv < 0) { + kfree(new); + return ERR_PTR(retv); + } + + /* Check permissions and other validations on new + * TLVs + */ + if (new) { + retv = ipv6_opt_validate_tlvs(net, tlv_param_table, + new, optname, cap, + max_len, max_cnt); + if (retv < 0) { + kfree(new); + return ERR_PTR(retv); + } + } + } + + opt = ipv6_renew_options(sk, opt, optname, new); + kfree(new); + + return opt; +} +EXPORT_SYMBOL(txoptions_from_opt); + const struct nla_policy tlv_nl_policy[IPV6_TLV_ATTR_MAX + 1] = { [IPV6_TLV_ATTR_TYPE] = { .type = NLA_U8, }, [IPV6_TLV_ATTR_ORDER] = { .type = NLA_U8, }, diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c index 40f21fe..14c4051 100644 --- a/net/ipv6/ipv6_sockglue.c +++ b/net/ipv6/ipv6_sockglue.c @@ -398,39 +398,26 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname, case IPV6_DSTOPTS: { struct ipv6_txoptions *opt; - struct ipv6_opt_hdr *new = NULL; + unsigned int max_len = -1U, max_cnt = -1U; - /* hop-by-hop / destination options are privileged option */ - retv = -EPERM; - if (optname != IPV6_RTHDR && !ns_capable(net->user_ns, CAP_NET_RAW)) + switch (optname) { + case IPV6_HOPOPTS: + max_len = net->ipv6.sysctl.max_hbh_opts_len; + max_cnt = net->ipv6.sysctl.max_hbh_opts_cnt; break; - - /* remove any sticky options header with a zero option - * length, per RFC3542. - */ - if (optlen == 0) - optval = NULL; - else if (!optval) - goto e_inval; - else if (optlen < sizeof(struct ipv6_opt_hdr) || - optlen & 0x7 || optlen > 8 * 255) - goto e_inval; - else { - new = memdup_user(optval, optlen); - if (IS_ERR(new)) { - retv = PTR_ERR(new); + case IPV6_RTHDRDSTOPTS: + case IPV6_DSTOPTS: + max_len = net->ipv6.sysctl.max_dst_opts_len; + max_cnt = net->ipv6.sysctl.max_dst_opts_cnt; break; - } - if (unlikely(ipv6_optlen(new) > optlen)) { - kfree(new); - goto e_inval; - } } - opt = rcu_dereference_protected(np->opt, - lockdep_sock_is_held(sk)); - opt = ipv6_renew_options(sk, opt, optname, new); - kfree(new); + opt = txoptions_from_opt(sk, &ipv6_tlv_param_table, + rcu_dereference_protected(np->opt, + lockdep_sock_is_held(sk)), + optname, optval, optlen, + max_len, max_cnt); + if (IS_ERR(opt)) { retv = PTR_ERR(opt); break;