ipv6.h 32.7 KB
Newer Older
1
/* SPDX-License-Identifier: GPL-2.0-or-later */
Linus Torvalds's avatar
Linus Torvalds committed
2
3
4
5
6
7
8
9
10
11
12
13
/*
 *	Linux INET6 implementation
 *
 *	Authors:
 *	Pedro Roque		<roque@di.fc.ul.pt>
 */

#ifndef _NET_IPV6_H
#define _NET_IPV6_H

#include <linux/ipv6.h>
#include <linux/hardirq.h>
14
#include <linux/jhash.h>
15
#include <linux/refcount.h>
16
#include <linux/jump_label_ratelimit.h>
17
#include <net/if_inet6.h>
Linus Torvalds's avatar
Linus Torvalds committed
18
19
#include <net/ndisc.h>
#include <net/flow.h>
20
#include <net/flow_dissector.h>
Linus Torvalds's avatar
Linus Torvalds committed
21
#include <net/snmp.h>
22
#include <net/netns/hash.h>
Linus Torvalds's avatar
Linus Torvalds committed
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37

#define SIN6_LEN_RFC2133	24

#define IPV6_MAXPLEN		65535

/*
 *	NextHeader field of IPv6 header
 */

#define NEXTHDR_HOP		0	/* Hop-by-hop option header. */
#define NEXTHDR_TCP		6	/* TCP segment. */
#define NEXTHDR_UDP		17	/* UDP message. */
#define NEXTHDR_IPV6		41	/* IPv6 in IPv6 */
#define NEXTHDR_ROUTING		43	/* Routing header. */
#define NEXTHDR_FRAGMENT	44	/* Fragmentation/reassembly header. */
xeb@mail.ru's avatar
xeb@mail.ru committed
38
#define NEXTHDR_GRE		47	/* GRE header. */
Linus Torvalds's avatar
Linus Torvalds committed
39
40
41
42
43
#define NEXTHDR_ESP		50	/* Encapsulating security payload. */
#define NEXTHDR_AUTH		51	/* Authentication header. */
#define NEXTHDR_ICMP		58	/* ICMP for IPv6. */
#define NEXTHDR_NONE		59	/* No next header */
#define NEXTHDR_DEST		60	/* Destination options header. */
Joe Stringer's avatar
Joe Stringer committed
44
#define NEXTHDR_SCTP		132	/* SCTP message. */
45
#define NEXTHDR_MOBILITY	135	/* Mobility header. */
Linus Torvalds's avatar
Linus Torvalds committed
46
47
48
49
50
51

#define NEXTHDR_MAX		255

#define IPV6_DEFAULT_HOPLIMIT   64
#define IPV6_DEFAULT_MCASTHOPS	1

52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
/* Limits on Hop-by-Hop and Destination options.
 *
 * Per RFC8200 there is no limit on the maximum number or lengths of options in
 * Hop-by-Hop or Destination options other then the packet must fit in an MTU.
 * We allow configurable limits in order to mitigate potential denial of
 * service attacks.
 *
 * There are three limits that may be set:
 *   - Limit the number of options in a Hop-by-Hop or Destination options
 *     extension header
 *   - Limit the byte length of a Hop-by-Hop or Destination options extension
 *     header
 *   - Disallow unknown options
 *
 * The limits are expressed in corresponding sysctls:
 *
 * ipv6.sysctl.max_dst_opts_cnt
 * ipv6.sysctl.max_hbh_opts_cnt
 * ipv6.sysctl.max_dst_opts_len
 * ipv6.sysctl.max_hbh_opts_len
 *
 * max_*_opts_cnt is the number of TLVs that are allowed for Destination
 * options or Hop-by-Hop options. If the number is less than zero then unknown
 * TLVs are disallowed and the number of known options that are allowed is the
 * absolute value. Setting the value to INT_MAX indicates no limit.
 *
 * max_*_opts_len is the length limit in bytes of a Destination or
 * Hop-by-Hop options extension header. Setting the value to INT_MAX
 * indicates no length limit.
 *
 * If a limit is exceeded when processing an extension header the packet is
 * silently discarded.
 */

/* Default limits for Hop-by-Hop and Destination options */
#define IP6_DEFAULT_MAX_DST_OPTS_CNT	 8
#define IP6_DEFAULT_MAX_HBH_OPTS_CNT	 8
#define IP6_DEFAULT_MAX_DST_OPTS_LEN	 INT_MAX /* No limit */
#define IP6_DEFAULT_MAX_HBH_OPTS_LEN	 INT_MAX /* No limit */

Linus Torvalds's avatar
Linus Torvalds committed
92
93
94
95
96
97
98
99
100
101
102
103
104
/*
 *	Addr type
 *	
 *	type	-	unicast | multicast
 *	scope	-	local	| site	    | global
 *	v4	-	compat
 *	v4mapped
 *	any
 *	loopback
 */

#define IPV6_ADDR_ANY		0x0000U

Stephen Hemminger's avatar
Stephen Hemminger committed
105
106
#define IPV6_ADDR_UNICAST	0x0001U
#define IPV6_ADDR_MULTICAST	0x0002U
Linus Torvalds's avatar
Linus Torvalds committed
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129

#define IPV6_ADDR_LOOPBACK	0x0010U
#define IPV6_ADDR_LINKLOCAL	0x0020U
#define IPV6_ADDR_SITELOCAL	0x0040U

#define IPV6_ADDR_COMPATv4	0x0080U

#define IPV6_ADDR_SCOPE_MASK	0x00f0U

#define IPV6_ADDR_MAPPED	0x1000U

/*
 *	Addr scopes
 */
#define IPV6_ADDR_MC_SCOPE(a)	\
	((a)->s6_addr[1] & 0x0f)	/* nonstandard */
#define __IPV6_ADDR_SCOPE_INVALID	-1
#define IPV6_ADDR_SCOPE_NODELOCAL	0x01
#define IPV6_ADDR_SCOPE_LINKLOCAL	0x02
#define IPV6_ADDR_SCOPE_SITELOCAL	0x05
#define IPV6_ADDR_SCOPE_ORGLOCAL	0x08
#define IPV6_ADDR_SCOPE_GLOBAL		0x0e

130
131
132
133
134
135
136
137
138
139
/*
 *	Addr flags
 */
#define IPV6_ADDR_MC_FLAG_TRANSIENT(a)	\
	((a)->s6_addr[1] & 0x10)
#define IPV6_ADDR_MC_FLAG_PREFIX(a)	\
	((a)->s6_addr[1] & 0x20)
#define IPV6_ADDR_MC_FLAG_RENDEZVOUS(a)	\
	((a)->s6_addr[1] & 0x40)

Linus Torvalds's avatar
Linus Torvalds committed
140
141
142
143
144
/*
 *	fragmentation header
 */

struct frag_hdr {
Al Viro's avatar
Al Viro committed
145
146
147
148
	__u8	nexthdr;
	__u8	reserved;
	__be16	frag_off;
	__be32	identification;
Linus Torvalds's avatar
Linus Torvalds committed
149
150
};

151
152
#define	IP6_MF		0x0001
#define	IP6_OFFSET	0xFFF8
Linus Torvalds's avatar
Linus Torvalds committed
153

154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
struct ip6_fraglist_iter {
	struct ipv6hdr	*tmp_hdr;
	struct sk_buff	*frag;
	int		offset;
	unsigned int	hlen;
	__be32		frag_id;
	u8		nexthdr;
};

int ip6_fraglist_init(struct sk_buff *skb, unsigned int hlen, u8 *prevhdr,
		      u8 nexthdr, __be32 frag_id,
		      struct ip6_fraglist_iter *iter);
void ip6_fraglist_prepare(struct sk_buff *skb, struct ip6_fraglist_iter *iter);

static inline struct sk_buff *ip6_fraglist_next(struct ip6_fraglist_iter *iter)
{
	struct sk_buff *skb = iter->frag;

	iter->frag = skb->next;
	skb_mark_not_on_list(skb);

	return skb;
}

178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
struct ip6_frag_state {
	u8		*prevhdr;
	unsigned int	hlen;
	unsigned int	mtu;
	unsigned int	left;
	int		offset;
	int		ptr;
	int		hroom;
	int		troom;
	__be32		frag_id;
	u8		nexthdr;
};

void ip6_frag_init(struct sk_buff *skb, unsigned int hlen, unsigned int mtu,
		   unsigned short needed_tailroom, int hdr_room, u8 *prevhdr,
		   u8 nexthdr, __be32 frag_id, struct ip6_frag_state *state);
struct sk_buff *ip6_frag_next(struct sk_buff *skb,
			      struct ip6_frag_state *state);

197
198
199
#define IP6_REPLY_MARK(net, mark) \
	((net)->ipv6.sysctl.fwmark_reflect ? (mark) : 0)

Linus Torvalds's avatar
Linus Torvalds committed
200
201
202
203
#include <net/sock.h>

/* sysctls */
extern int sysctl_mld_max_msf;
204
extern int sysctl_mld_qrv;
205

Eric Dumazet's avatar
Eric Dumazet committed
206
#define _DEVINC(net, statname, mod, idev, field)			\
207
({									\
208
209
	struct inet6_dev *_idev = (idev);				\
	if (likely(_idev != NULL))					\
Eric Dumazet's avatar
Eric Dumazet committed
210
211
		mod##SNMP_INC_STATS64((_idev)->stats.statname, (field));\
	mod##SNMP_INC_STATS64((net)->mib.statname##_statistics, (field));\
212
})
213

214
/* per device counters are atomic_long_t */
Eric Dumazet's avatar
Eric Dumazet committed
215
#define _DEVINCATOMIC(net, statname, mod, idev, field)			\
216
217
218
219
({									\
	struct inet6_dev *_idev = (idev);				\
	if (likely(_idev != NULL))					\
		SNMP_INC_STATS_ATOMIC_LONG((_idev)->stats.statname##dev, (field)); \
Eric Dumazet's avatar
Eric Dumazet committed
220
	mod##SNMP_INC_STATS((net)->mib.statname##_statistics, (field));\
221
222
})

223
224
225
226
227
228
229
230
231
/* per device and per net counters are atomic_long_t */
#define _DEVINC_ATOMIC_ATOMIC(net, statname, idev, field)		\
({									\
	struct inet6_dev *_idev = (idev);				\
	if (likely(_idev != NULL))					\
		SNMP_INC_STATS_ATOMIC_LONG((_idev)->stats.statname##dev, (field)); \
	SNMP_INC_STATS_ATOMIC_LONG((net)->mib.statname##_statistics, (field));\
})

Eric Dumazet's avatar
Eric Dumazet committed
232
#define _DEVADD(net, statname, mod, idev, field, val)			\
233
234
235
({									\
	struct inet6_dev *_idev = (idev);				\
	if (likely(_idev != NULL))					\
Eric Dumazet's avatar
Eric Dumazet committed
236
237
		mod##SNMP_ADD_STATS((_idev)->stats.statname, (field), (val)); \
	mod##SNMP_ADD_STATS((net)->mib.statname##_statistics, (field), (val));\
238
239
})

Eric Dumazet's avatar
Eric Dumazet committed
240
#define _DEVUPD(net, statname, mod, idev, field, val)			\
241
242
243
({									\
	struct inet6_dev *_idev = (idev);				\
	if (likely(_idev != NULL))					\
Eric Dumazet's avatar
Eric Dumazet committed
244
245
		mod##SNMP_UPD_PO_STATS((_idev)->stats.statname, field, (val)); \
	mod##SNMP_UPD_PO_STATS((net)->mib.statname##_statistics, field, (val));\
246
247
})

248
249
/* MIBs */

250
#define IP6_INC_STATS(net, idev,field)		\
Eric Dumazet's avatar
Eric Dumazet committed
251
		_DEVINC(net, ipv6, , idev, field)
Eric Dumazet's avatar
Eric Dumazet committed
252
#define __IP6_INC_STATS(net, idev,field)	\
Eric Dumazet's avatar
Eric Dumazet committed
253
		_DEVINC(net, ipv6, __, idev, field)
254
#define IP6_ADD_STATS(net, idev,field,val)	\
Eric Dumazet's avatar
Eric Dumazet committed
255
		_DEVADD(net, ipv6, , idev, field, val)
Eric Dumazet's avatar
Eric Dumazet committed
256
#define __IP6_ADD_STATS(net, idev,field,val)	\
Eric Dumazet's avatar
Eric Dumazet committed
257
		_DEVADD(net, ipv6, __, idev, field, val)
258
#define IP6_UPD_PO_STATS(net, idev,field,val)   \
Eric Dumazet's avatar
Eric Dumazet committed
259
		_DEVUPD(net, ipv6, , idev, field, val)
260
#define __IP6_UPD_PO_STATS(net, idev,field,val)   \
Eric Dumazet's avatar
Eric Dumazet committed
261
		_DEVUPD(net, ipv6, __, idev, field, val)
262
#define ICMP6_INC_STATS(net, idev, field)	\
263
		_DEVINCATOMIC(net, icmpv6, , idev, field)
264
#define __ICMP6_INC_STATS(net, idev, field)	\
Eric Dumazet's avatar
Eric Dumazet committed
265
		_DEVINCATOMIC(net, icmpv6, __, idev, field)
266
267

#define ICMP6MSGOUT_INC_STATS(net, idev, field)		\
268
	_DEVINC_ATOMIC_ATOMIC(net, icmpv6msg, idev, field +256)
269
#define ICMP6MSGIN_INC_STATS(net, idev, field)	\
270
	_DEVINC_ATOMIC_ATOMIC(net, icmpv6msg, idev, field)
271

Eric Dumazet's avatar
Eric Dumazet committed
272
struct ip6_ra_chain {
Linus Torvalds's avatar
Linus Torvalds committed
273
274
275
276
277
278
279
280
281
282
283
284
285
286
	struct ip6_ra_chain	*next;
	struct sock		*sk;
	int			sel;
	void			(*destructor)(struct sock *);
};

extern struct ip6_ra_chain	*ip6_ra_chain;
extern rwlock_t ip6_ra_lock;

/*
   This structure is prepared by protocol, when parsing
   ancillary data and passed to IPv6.
 */

Eric Dumazet's avatar
Eric Dumazet committed
287
struct ipv6_txoptions {
288
	refcount_t		refcnt;
Linus Torvalds's avatar
Linus Torvalds committed
289
290
291
292
293
294
295
296
297
298
299
300
	/* Length of this structure */
	int			tot_len;

	/* length of extension headers   */

	__u16			opt_flen;	/* after fragment hdr */
	__u16			opt_nflen;	/* before fragment hdr */

	struct ipv6_opt_hdr	*hopopt;
	struct ipv6_opt_hdr	*dst0opt;
	struct ipv6_rt_hdr	*srcrt;	/* Routing Header */
	struct ipv6_opt_hdr	*dst1opt;
301
	struct rcu_head		rcu;
Linus Torvalds's avatar
Linus Torvalds committed
302
303
304
	/* Option buffer, as read by IPV6_PKTOPTIONS, starts here. */
};

305
306
307
308
309
310
311
/* flowlabel_reflect sysctl values */
enum flowlabel_reflect {
	FLOWLABEL_REFLECT_ESTABLISHED		= 1,
	FLOWLABEL_REFLECT_TCP_RESET		= 2,
	FLOWLABEL_REFLECT_ICMPV6_ECHO_REPLIES	= 4,
};

Eric Dumazet's avatar
Eric Dumazet committed
312
struct ip6_flowlabel {
313
	struct ip6_flowlabel __rcu *next;
Al Viro's avatar
Al Viro committed
314
	__be32			label;
315
	atomic_t		users;
Linus Torvalds's avatar
Linus Torvalds committed
316
317
318
	struct in6_addr		dst;
	struct ipv6_txoptions	*opt;
	unsigned long		linger;
319
	struct rcu_head		rcu;
Linus Torvalds's avatar
Linus Torvalds committed
320
	u8			share;
321
322
323
324
	union {
		struct pid *pid;
		kuid_t uid;
	} owner;
Linus Torvalds's avatar
Linus Torvalds committed
325
326
	unsigned long		lastuse;
	unsigned long		expires;
327
	struct net		*fl_net;
Linus Torvalds's avatar
Linus Torvalds committed
328
329
};

Tom Herbert's avatar
Tom Herbert committed
330
331
332
333
#define IPV6_FLOWINFO_MASK		cpu_to_be32(0x0FFFFFFF)
#define IPV6_FLOWLABEL_MASK		cpu_to_be32(0x000FFFFF)
#define IPV6_FLOWLABEL_STATELESS_FLAG	cpu_to_be32(0x00080000)

334
#define IPV6_TCLASS_MASK (IPV6_FLOWINFO_MASK & ~IPV6_FLOWLABEL_MASK)
335
#define IPV6_TCLASS_SHIFT	20
Linus Torvalds's avatar
Linus Torvalds committed
336

Eric Dumazet's avatar
Eric Dumazet committed
337
struct ipv6_fl_socklist {
338
339
340
	struct ipv6_fl_socklist	__rcu	*next;
	struct ip6_flowlabel		*fl;
	struct rcu_head			rcu;
Linus Torvalds's avatar
Linus Torvalds committed
341
342
};

Wei Wang's avatar
Wei Wang committed
343
struct ipcm6_cookie {
344
	struct sockcm_cookie sockc;
Wei Wang's avatar
Wei Wang committed
345
346
347
348
	__s16 hlimit;
	__s16 tclass;
	__s8  dontfrag;
	struct ipv6_txoptions *opt;
349
	__u16 gso_size;
Wei Wang's avatar
Wei Wang committed
350
351
};

352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
static inline void ipcm6_init(struct ipcm6_cookie *ipc6)
{
	*ipc6 = (struct ipcm6_cookie) {
		.hlimit = -1,
		.tclass = -1,
		.dontfrag = -1,
	};
}

static inline void ipcm6_init_sk(struct ipcm6_cookie *ipc6,
				 const struct ipv6_pinfo *np)
{
	*ipc6 = (struct ipcm6_cookie) {
		.hlimit = -1,
		.tclass = np->tclass,
		.dontfrag = np->dontfrag,
	};
}

371
372
373
374
375
376
static inline struct ipv6_txoptions *txopt_get(const struct ipv6_pinfo *np)
{
	struct ipv6_txoptions *opt;

	rcu_read_lock();
	opt = rcu_dereference(np->opt);
377
	if (opt) {
378
		if (!refcount_inc_not_zero(&opt->refcnt))
379
380
381
382
			opt = NULL;
		else
			opt = rcu_pointer_handoff(opt);
	}
383
384
385
386
387
388
	rcu_read_unlock();
	return opt;
}

static inline void txopt_put(struct ipv6_txoptions *opt)
{
389
	if (opt && refcount_dec_and_test(&opt->refcnt))
390
391
392
		kfree_rcu(opt, rcu);
}

393
394
395
396
397
398
399
400
401
402
403
404
struct ip6_flowlabel *__fl6_sock_lookup(struct sock *sk, __be32 label);

extern struct static_key_false_deferred ipv6_flowlabel_exclusive;
static inline struct ip6_flowlabel *fl6_sock_lookup(struct sock *sk,
						    __be32 label)
{
	if (static_branch_unlikely(&ipv6_flowlabel_exclusive.key))
		return __fl6_sock_lookup(sk, label) ? : ERR_PTR(-ENOENT);

	return NULL;
}

405
406
407
408
409
struct ipv6_txoptions *fl6_merge_options(struct ipv6_txoptions *opt_space,
					 struct ip6_flowlabel *fl,
					 struct ipv6_txoptions *fopt);
void fl6_free_socklist(struct sock *sk);
int ipv6_flowlabel_opt(struct sock *sk, char __user *optval, int optlen);
410
411
int ipv6_flowlabel_opt_get(struct sock *sk, struct in6_flowlabel_req *freq,
			   int flags);
412
413
int ip6_flowlabel_init(void);
void ip6_flowlabel_cleanup(void);
414
bool ip6_autoflowlabel(struct net *net, const struct ipv6_pinfo *np);
Linus Torvalds's avatar
Linus Torvalds committed
415
416
417
418
419
420
421

static inline void fl6_sock_release(struct ip6_flowlabel *fl)
{
	if (fl)
		atomic_dec(&fl->users);
}

422
void icmpv6_notify(struct sk_buff *skb, u8 type, u8 code, __be32 info);
423

424
425
void icmpv6_push_pending_frames(struct sock *sk, struct flowi6 *fl6,
				struct icmp6hdr *thdr, int len);
426

427
int ip6_ra_control(struct sock *sk, int sel);
Linus Torvalds's avatar
Linus Torvalds committed
428

429
int ipv6_parse_hopopts(struct sk_buff *skb);
Linus Torvalds's avatar
Linus Torvalds committed
430

431
432
433
434
435
struct ipv6_txoptions *ipv6_dup_options(struct sock *sk,
					struct ipv6_txoptions *opt);
struct ipv6_txoptions *ipv6_renew_options(struct sock *sk,
					  struct ipv6_txoptions *opt,
					  int newtype,
436
					  struct ipv6_opt_hdr *newopt);
437
438
struct ipv6_txoptions *ipv6_fixup_options(struct ipv6_txoptions *opt_space,
					  struct ipv6_txoptions *opt);
Linus Torvalds's avatar
Linus Torvalds committed
439

440
441
bool ipv6_opt_accepted(const struct sock *sk, const struct sk_buff *skb,
		       const struct inet6_skb_parm *opt);
442
443
struct ipv6_txoptions *ipv6_update_options(struct sock *sk,
					   struct ipv6_txoptions *opt);
444

445
446
447
448
449
450
451
452
453
static inline bool ipv6_accept_ra(struct inet6_dev *idev)
{
	/* If forwarding is enabled, RA are not accepted unless the special
	 * hybrid mode (accept_ra=2) is enabled.
	 */
	return idev->cnf.forwarding ? idev->cnf.accept_ra == 2 :
	    idev->cnf.accept_ra;
}

454
455
#define IPV6_FRAG_HIGH_THRESH	(4 * 1024*1024)	/* 4194304 */
#define IPV6_FRAG_LOW_THRESH	(3 * 1024*1024)	/* 3145728 */
456
#define IPV6_FRAG_TIMEOUT	(60 * HZ)	/* 60 seconds */
Linus Torvalds's avatar
Linus Torvalds committed
457

458
int __ipv6_addr_type(const struct in6_addr *addr);
459
460
461
462
static inline int ipv6_addr_type(const struct in6_addr *addr)
{
	return __ipv6_addr_type(addr) & 0xffff;
}
Linus Torvalds's avatar
Linus Torvalds committed
463
464
465

static inline int ipv6_addr_scope(const struct in6_addr *addr)
{
466
467
468
469
470
	return __ipv6_addr_type(addr) & IPV6_ADDR_SCOPE_MASK;
}

static inline int __ipv6_addr_src_scope(int type)
{
Eric Dumazet's avatar
Eric Dumazet committed
471
	return (type == IPV6_ADDR_ANY) ? __IPV6_ADDR_SCOPE_INVALID : (type >> 16);
472
473
474
475
476
}

static inline int ipv6_addr_src_scope(const struct in6_addr *addr)
{
	return __ipv6_addr_src_scope(__ipv6_addr_type(addr));
Linus Torvalds's avatar
Linus Torvalds committed
477
478
}

479
480
481
482
483
484
485
486
487
488
489
490
static inline bool __ipv6_addr_needs_scope_id(int type)
{
	return type & IPV6_ADDR_LINKLOCAL ||
	       (type & IPV6_ADDR_MULTICAST &&
		(type & (IPV6_ADDR_LOOPBACK|IPV6_ADDR_LINKLOCAL)));
}

static inline __u32 ipv6_iface_scope_id(const struct in6_addr *addr, int iface)
{
	return __ipv6_addr_needs_scope_id(__ipv6_addr_type(addr)) ? iface : 0;
}

Linus Torvalds's avatar
Linus Torvalds committed
491
492
static inline int ipv6_addr_cmp(const struct in6_addr *a1, const struct in6_addr *a2)
{
493
	return memcmp(a1, a2, sizeof(struct in6_addr));
Linus Torvalds's avatar
Linus Torvalds committed
494
495
}

496
static inline bool
497
498
499
ipv6_masked_addr_cmp(const struct in6_addr *a1, const struct in6_addr *m,
		     const struct in6_addr *a2)
{
500
501
502
503
504
505
506
507
#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64
	const unsigned long *ul1 = (const unsigned long *)a1;
	const unsigned long *ulm = (const unsigned long *)m;
	const unsigned long *ul2 = (const unsigned long *)a2;

	return !!(((ul1[0] ^ ul2[0]) & ulm[0]) |
		  ((ul1[1] ^ ul2[1]) & ulm[1]));
#else
Eric Dumazet's avatar
Eric Dumazet committed
508
509
510
511
	return !!(((a1->s6_addr32[0] ^ a2->s6_addr32[0]) & m->s6_addr32[0]) |
		  ((a1->s6_addr32[1] ^ a2->s6_addr32[1]) & m->s6_addr32[1]) |
		  ((a1->s6_addr32[2] ^ a2->s6_addr32[2]) & m->s6_addr32[2]) |
		  ((a1->s6_addr32[3] ^ a2->s6_addr32[3]) & m->s6_addr32[3]));
512
#endif
513
514
}

Stephen Hemminger's avatar
Stephen Hemminger committed
515
static inline void ipv6_addr_prefix(struct in6_addr *pfx,
Linus Torvalds's avatar
Linus Torvalds committed
516
517
518
519
520
521
522
				    const struct in6_addr *addr,
				    int plen)
{
	/* caller must guarantee 0 <= plen <= 128 */
	int o = plen >> 3,
	    b = plen & 0x7;

523
	memset(pfx->s6_addr, 0, sizeof(pfx->s6_addr));
Linus Torvalds's avatar
Linus Torvalds committed
524
	memcpy(pfx->s6_addr, addr, o);
525
	if (b != 0)
Linus Torvalds's avatar
Linus Torvalds committed
526
527
528
		pfx->s6_addr[o] = addr->s6_addr[o] & (0xff00 >> b);
}

529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
static inline void ipv6_addr_prefix_copy(struct in6_addr *addr,
					 const struct in6_addr *pfx,
					 int plen)
{
	/* caller must guarantee 0 <= plen <= 128 */
	int o = plen >> 3,
	    b = plen & 0x7;

	memcpy(addr->s6_addr, pfx, o);
	if (b != 0) {
		addr->s6_addr[o] &= ~(0xff00 >> b);
		addr->s6_addr[o] |= (pfx->s6_addr[o] & (0xff00 >> b));
	}
}

544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
static inline void __ipv6_addr_set_half(__be32 *addr,
					__be32 wh, __be32 wl)
{
#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64
#if defined(__BIG_ENDIAN)
	if (__builtin_constant_p(wh) && __builtin_constant_p(wl)) {
		*(__force u64 *)addr = ((__force u64)(wh) << 32 | (__force u64)(wl));
		return;
	}
#elif defined(__LITTLE_ENDIAN)
	if (__builtin_constant_p(wl) && __builtin_constant_p(wh)) {
		*(__force u64 *)addr = ((__force u64)(wl) << 32 | (__force u64)(wh));
		return;
	}
#endif
#endif
	addr[0] = wh;
	addr[1] = wl;
}

Stephen Hemminger's avatar
Stephen Hemminger committed
564
static inline void ipv6_addr_set(struct in6_addr *addr,
Al Viro's avatar
Al Viro committed
565
566
				     __be32 w1, __be32 w2,
				     __be32 w3, __be32 w4)
Linus Torvalds's avatar
Linus Torvalds committed
567
{
568
569
	__ipv6_addr_set_half(&addr->s6_addr32[0], w1, w2);
	__ipv6_addr_set_half(&addr->s6_addr32[2], w3, w4);
Linus Torvalds's avatar
Linus Torvalds committed
570
571
}

Eric Dumazet's avatar
Eric Dumazet committed
572
573
static inline bool ipv6_addr_equal(const struct in6_addr *a1,
				   const struct in6_addr *a2)
Linus Torvalds's avatar
Linus Torvalds committed
574
{
575
576
577
578
579
580
#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64
	const unsigned long *ul1 = (const unsigned long *)a1;
	const unsigned long *ul2 = (const unsigned long *)a2;

	return ((ul1[0] ^ ul2[0]) | (ul1[1] ^ ul2[1])) == 0UL;
#else
Eric Dumazet's avatar
Eric Dumazet committed
581
582
583
584
	return ((a1->s6_addr32[0] ^ a2->s6_addr32[0]) |
		(a1->s6_addr32[1] ^ a2->s6_addr32[1]) |
		(a1->s6_addr32[2] ^ a2->s6_addr32[2]) |
		(a1->s6_addr32[3] ^ a2->s6_addr32[3])) == 0;
585
#endif
Linus Torvalds's avatar
Linus Torvalds committed
586
587
}

588
589
590
591
592
#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64
static inline bool __ipv6_prefix_equal64_half(const __be64 *a1,
					      const __be64 *a2,
					      unsigned int len)
{
593
	if (len && ((*a1 ^ *a2) & cpu_to_be64((~0UL) << (64 - len))))
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
		return false;
	return true;
}

static inline bool ipv6_prefix_equal(const struct in6_addr *addr1,
				     const struct in6_addr *addr2,
				     unsigned int prefixlen)
{
	const __be64 *a1 = (const __be64 *)addr1;
	const __be64 *a2 = (const __be64 *)addr2;

	if (prefixlen >= 64) {
		if (a1[0] ^ a2[0])
			return false;
		return __ipv6_prefix_equal64_half(a1 + 1, a2 + 1, prefixlen - 64);
	}
	return __ipv6_prefix_equal64_half(a1, a2, prefixlen);
}
#else
613
614
615
static inline bool ipv6_prefix_equal(const struct in6_addr *addr1,
				     const struct in6_addr *addr2,
				     unsigned int prefixlen)
Linus Torvalds's avatar
Linus Torvalds committed
616
{
617
618
	const __be32 *a1 = addr1->s6_addr32;
	const __be32 *a2 = addr2->s6_addr32;
619
	unsigned int pdw, pbi;
Linus Torvalds's avatar
Linus Torvalds committed
620
621
622
623

	/* check complete u32 in prefix */
	pdw = prefixlen >> 5;
	if (pdw && memcmp(a1, a2, pdw << 2))
Eric Dumazet's avatar
Eric Dumazet committed
624
		return false;
Linus Torvalds's avatar
Linus Torvalds committed
625
626
627
628

	/* check incomplete u32 in prefix */
	pbi = prefixlen & 0x1f;
	if (pbi && ((a1[pdw] ^ a2[pdw]) & htonl((0xffffffff) << (32 - pbi))))
Eric Dumazet's avatar
Eric Dumazet committed
629
		return false;
Linus Torvalds's avatar
Linus Torvalds committed
630

Eric Dumazet's avatar
Eric Dumazet committed
631
	return true;
Linus Torvalds's avatar
Linus Torvalds committed
632
}
633
#endif
Linus Torvalds's avatar
Linus Torvalds committed
634

Eric Dumazet's avatar
Eric Dumazet committed
635
static inline bool ipv6_addr_any(const struct in6_addr *a)
Linus Torvalds's avatar
Linus Torvalds committed
636
{
637
638
639
640
641
#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64
	const unsigned long *ul = (const unsigned long *)a;

	return (ul[0] | ul[1]) == 0UL;
#else
Eric Dumazet's avatar
Eric Dumazet committed
642
643
	return (a->s6_addr32[0] | a->s6_addr32[1] |
		a->s6_addr32[2] | a->s6_addr32[3]) == 0;
644
#endif
Linus Torvalds's avatar
Linus Torvalds committed
645
646
}

647
648
649
650
651
652
653
654
655
656
657
658
659
static inline u32 ipv6_addr_hash(const struct in6_addr *a)
{
#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64
	const unsigned long *ul = (const unsigned long *)a;
	unsigned long x = ul[0] ^ ul[1];

	return (u32)(x ^ (x >> 32));
#else
	return (__force u32)(a->s6_addr32[0] ^ a->s6_addr32[1] ^
			     a->s6_addr32[2] ^ a->s6_addr32[3]);
#endif
}

660
/* more secured version of ipv6_addr_hash() */
661
static inline u32 __ipv6_addr_jhash(const struct in6_addr *a, const u32 initval)
662
663
664
665
666
667
{
	u32 v = (__force u32)a->s6_addr32[0] ^ (__force u32)a->s6_addr32[1];

	return jhash_3words(v,
			    (__force u32)a->s6_addr32[2],
			    (__force u32)a->s6_addr32[3],
668
			    initval);
669
670
}

Eric Dumazet's avatar
Eric Dumazet committed
671
static inline bool ipv6_addr_loopback(const struct in6_addr *a)
672
{
673
#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64
674
	const __be64 *be = (const __be64 *)a;
675

676
	return (be[0] | (be[1] ^ cpu_to_be64(1))) == 0UL;
677
#else
Eric Dumazet's avatar
Eric Dumazet committed
678
	return (a->s6_addr32[0] | a->s6_addr32[1] |
679
		a->s6_addr32[2] | (a->s6_addr32[3] ^ cpu_to_be32(1))) == 0;
680
#endif
681
682
}

683
684
685
686
/*
 * Note that we must __force cast these to unsigned long to make sparse happy,
 * since all of the endian-annotated types are fixed size regardless of arch.
 */
Eric Dumazet's avatar
Eric Dumazet committed
687
static inline bool ipv6_addr_v4mapped(const struct in6_addr *a)
688
{
689
690
	return (
#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64
691
		*(unsigned long *)a |
692
#else
693
		(__force unsigned long)(a->s6_addr32[0] | a->s6_addr32[1]) |
694
#endif
695
696
		(__force unsigned long)(a->s6_addr32[2] ^
					cpu_to_be32(0x0000ffff))) == 0UL;
697
698
}

699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
static inline u32 ipv6_portaddr_hash(const struct net *net,
				     const struct in6_addr *addr6,
				     unsigned int port)
{
	unsigned int hash, mix = net_hash_mix(net);

	if (ipv6_addr_any(addr6))
		hash = jhash_1word(0, mix);
	else if (ipv6_addr_v4mapped(addr6))
		hash = jhash_1word((__force u32)addr6->s6_addr32[3], mix);
	else
		hash = jhash2((__force u32 *)addr6->s6_addr32, 4, mix);

	return hash ^ port;
}

715
716
717
718
/*
 * Check for a RFC 4843 ORCHID address
 * (Overlay Routable Cryptographic Hash Identifiers)
 */
Eric Dumazet's avatar
Eric Dumazet committed
719
static inline bool ipv6_addr_orchid(const struct in6_addr *a)
720
{
Eric Dumazet's avatar
Eric Dumazet committed
721
	return (a->s6_addr32[0] & htonl(0xfffffff0)) == htonl(0x20010010);
722
723
}

724
725
726
727
728
static inline bool ipv6_addr_is_multicast(const struct in6_addr *addr)
{
	return (addr->s6_addr32[0] & htonl(0xFF000000)) == htonl(0xFF000000);
}

729
730
731
732
733
734
735
736
737
static inline void ipv6_addr_set_v4mapped(const __be32 addr,
					  struct in6_addr *v4mapped)
{
	ipv6_addr_set(v4mapped,
			0, 0,
			htonl(0x0000FFFF),
			addr);
}

738
739
740
741
/*
 * find the first different bit between two addresses
 * length of address must be a multiple of 32bits
 */
742
static inline int __ipv6_addr_diff32(const void *token1, const void *token2, int addrlen)
743
{
744
	const __be32 *a1 = token1, *a2 = token2;
745
746
747
748
749
	int i;

	addrlen >>= 2;

	for (i = 0; i < addrlen; i++) {
750
751
		__be32 xb = a1[i] ^ a2[i];
		if (xb)
752
			return i * 32 + 31 - __fls(ntohl(xb));
753
754
755
	}

	/*
Stephen Hemminger's avatar
Stephen Hemminger committed
756
	 *	we should *never* get to this point since that
757
758
759
760
761
762
763
764
765
766
767
768
769
770
	 *	would mean the addrs are equal
	 *
	 *	However, we do get to it 8) And exacly, when
	 *	addresses are equal 8)
	 *
	 *	ip route add 1111::/128 via ...
	 *	ip route add 1111::/64 via ...
	 *	and we are here.
	 *
	 *	Ideally, this function should stop comparison
	 *	at prefix length. It does not, but it is still OK,
	 *	if returned value is greater than prefix length.
	 *					--ANK (980803)
	 */
Eric Dumazet's avatar
Eric Dumazet committed
771
	return addrlen << 5;
772
773
}

774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64
static inline int __ipv6_addr_diff64(const void *token1, const void *token2, int addrlen)
{
	const __be64 *a1 = token1, *a2 = token2;
	int i;

	addrlen >>= 3;

	for (i = 0; i < addrlen; i++) {
		__be64 xb = a1[i] ^ a2[i];
		if (xb)
			return i * 64 + 63 - __fls(be64_to_cpu(xb));
	}

	return addrlen << 6;
}
#endif

static inline int __ipv6_addr_diff(const void *token1, const void *token2, int addrlen)
{
#if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64
	if (__builtin_constant_p(addrlen) && !(addrlen & 7))
		return __ipv6_addr_diff64(token1, token2, addrlen);
#endif
	return __ipv6_addr_diff32(token1, token2, addrlen);
}

801
802
803
804
805
static inline int ipv6_addr_diff(const struct in6_addr *a1, const struct in6_addr *a2)
{
	return __ipv6_addr_diff(a1, a2, sizeof(struct in6_addr));
}

806
807
808
__be32 ipv6_select_ident(struct net *net,
			 const struct in6_addr *daddr,
			 const struct in6_addr *saddr);
809
__be32 ipv6_proxy_select_ident(struct net *net, struct sk_buff *skb);
810

811
int ip6_dst_hoplimit(struct dst_entry *dst);
812

813
814
815
816
817
818
819
820
821
822
823
824
825
826
static inline int ip6_sk_dst_hoplimit(struct ipv6_pinfo *np, struct flowi6 *fl6,
				      struct dst_entry *dst)
{
	int hlimit;

	if (ipv6_addr_is_multicast(&fl6->daddr))
		hlimit = np->mcast_hops;
	else
		hlimit = np->hop_limit;
	if (hlimit < 0)
		hlimit = ip6_dst_hoplimit(dst);
	return hlimit;
}

827
828
829
830
831
832
833
834
835
836
837
838
839
840
/* copy IPv6 saddr & daddr to flow_keys, possibly using 64bit load/store
 * Equivalent to :	flow->v6addrs.src = iph->saddr;
 *			flow->v6addrs.dst = iph->daddr;
 */
static inline void iph_to_flow_copy_v6addrs(struct flow_keys *flow,
					    const struct ipv6hdr *iph)
{
	BUILD_BUG_ON(offsetof(typeof(flow->addrs), v6addrs.dst) !=
		     offsetof(typeof(flow->addrs), v6addrs.src) +
		     sizeof(flow->addrs.v6addrs.src));
	memcpy(&flow->addrs.v6addrs, &iph->saddr, sizeof(flow->addrs.v6addrs));
	flow->control.addr_type = FLOW_DISSECTOR_KEY_IPV6_ADDRS;
}

841
#if IS_ENABLED(CONFIG_IPV6)
842

843
844
845
846
847
848
849
static inline bool ipv6_can_nonlocal_bind(struct net *net,
					  struct inet_sock *inet)
{
	return net->ipv6.sysctl.ip_nonlocal_bind ||
		inet->freebind || inet->transparent;
}

850
851
852
853
854
855
856
857
/* Sysctl settings for net ipv6.auto_flowlabels */
#define IP6_AUTO_FLOW_LABEL_OFF		0
#define IP6_AUTO_FLOW_LABEL_OPTOUT	1
#define IP6_AUTO_FLOW_LABEL_OPTIN	2
#define IP6_AUTO_FLOW_LABEL_FORCED	3

#define IP6_AUTO_FLOW_LABEL_MAX		IP6_AUTO_FLOW_LABEL_FORCED

858
#define IP6_DEFAULT_AUTO_FLOW_LABELS	IP6_AUTO_FLOW_LABEL_OPTOUT
859

860
static inline __be32 ip6_make_flowlabel(struct net *net, struct sk_buff *skb,
861
862
					__be32 flowlabel, bool autolabel,
					struct flowi6 *fl6)
863
{
864
	u32 hash;
865

866
867
868
869
870
	/* @flowlabel may include more than a flow label, eg, the traffic class.
	 * Here we want only the flow label value.
	 */
	flowlabel &= IPV6_FLOWLABEL_MASK;

871
872
873
874
875
	if (flowlabel ||
	    net->ipv6.sysctl.auto_flowlabels == IP6_AUTO_FLOW_LABEL_OFF ||
	    (!autolabel &&
	     net->ipv6.sysctl.auto_flowlabels != IP6_AUTO_FLOW_LABEL_FORCED))
		return flowlabel;
876

877
	hash = skb_get_hash_flowi6(skb, fl6);
878

879
880
881
882
	/* Since this is being sent on the wire obfuscate hash a bit
	 * to minimize possbility that any useful information to an
	 * attacker is leaked. Only lower 20 bits are relevant.
	 */
883
	hash = rol32(hash, 16);
Tom Herbert's avatar
Tom Herbert committed
884

885
886
887
888
	flowlabel = (__force __be32)hash & IPV6_FLOWLABEL_MASK;

	if (net->ipv6.sysctl.flowlabel_state_ranges)
		flowlabel |= IPV6_FLOWLABEL_STATELESS_FLAG;
889
890
891

	return flowlabel;
}
892
893
894
895
896
897
898
899
900
901
902
903
904

static inline int ip6_default_np_autolabel(struct net *net)
{
	switch (net->ipv6.sysctl.auto_flowlabels) {
	case IP6_AUTO_FLOW_LABEL_OFF:
	case IP6_AUTO_FLOW_LABEL_OPTIN:
	default:
		return 0;
	case IP6_AUTO_FLOW_LABEL_OPTOUT:
	case IP6_AUTO_FLOW_LABEL_FORCED:
		return 1;
	}
}
905
906
907
#else
static inline void ip6_set_txhash(struct sock *sk) { }
static inline __be32 ip6_make_flowlabel(struct net *net, struct sk_buff *skb,
908
909
					__be32 flowlabel, bool autolabel,
					struct flowi6 *fl6)
910
911
912
{
	return flowlabel;
}
913
914
915
916
static inline int ip6_default_np_autolabel(struct net *net)
{
	return 0;
}
917
918
#endif

919
920
921
922
923
924
925
926
927
928
929
#if IS_ENABLED(CONFIG_IPV6)
static inline int ip6_multipath_hash_policy(const struct net *net)
{
	return net->ipv6.sysctl.multipath_hash_policy;
}
#else
static inline int ip6_multipath_hash_policy(const struct net *net)
{
	return 0;
}
#endif
930

931
932
933
934
935
936
/*
 *	Header manipulation
 */
static inline void ip6_flow_hdr(struct ipv6hdr *hdr, unsigned int tclass,
				__be32 flowlabel)
{
937
	*(__be32 *)hdr = htonl(0x60000000 | (tclass << 20)) | flowlabel;
938
939
}

940
941
942
943
944
static inline __be32 ip6_flowinfo(const struct ipv6hdr *hdr)
{
	return *(__be32 *)hdr & IPV6_FLOWINFO_MASK;
}

945
946
947
948
949
static inline __be32 ip6_flowlabel(const struct ipv6hdr *hdr)
{
	return *(__be32 *)hdr & IPV6_FLOWLABEL_MASK;
}

950
951
952
953
static inline u8 ip6_tclass(__be32 flowinfo)
{
	return ntohl(flowinfo & IPV6_TCLASS_MASK) >> IPV6_TCLASS_SHIFT;
}
954
955
956
957
958
959

static inline __be32 ip6_make_flowinfo(unsigned int tclass, __be32 flowlabel)
{
	return htonl(tclass << IPV6_TCLASS_SHIFT) | flowlabel;
}

960
961
962
963
964
static inline __be32 flowi6_get_flowlabel(const struct flowi6 *fl6)
{
	return fl6->flowlabel & IPV6_FLOWLABEL_MASK;
}

Linus Torvalds's avatar
Linus Torvalds committed
965
966
967
968
969
970
971
972
/*
 *	Prototypes exported by ipv6
 */

/*
 *	rcv function (called from netdevice level)
 */

973
974
int ipv6_rcv(struct sk_buff *skb, struct net_device *dev,
	     struct packet_type *pt, struct net_device *orig_dev);
975
976
void ipv6_list_rcv(struct list_head *head, struct packet_type *pt,
		   struct net_device *orig_dev);
Linus Torvalds's avatar
Linus Torvalds committed
977

978
int ip6_rcv_finish(struct net *net, struct sock *sk, struct sk_buff *skb);
979

Linus Torvalds's avatar
Linus Torvalds committed
980
981
982
/*
 *	upper-layer output functions
 */
983
int ip6_xmit(const struct sock *sk, struct sk_buff *skb, struct flowi6 *fl6,
984
	     __u32 mark, struct ipv6_txoptions *opt, int tclass, u32 priority);
985
986
987
988
989
990

int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr);

int ip6_append_data(struct sock *sk,
		    int getfrag(void *from, char *to, int offset, int len,
				int odd, struct sk_buff *skb),
Wei Wang's avatar
Wei Wang committed
991
992
		    void *from, int length, int transhdrlen,
		    struct ipcm6_cookie *ipc6, struct flowi6 *fl6,
993
		    struct rt6_info *rt, unsigned int flags);
994
995
996
997
998

int ip6_push_pending_frames(struct sock *sk);

void ip6_flush_pending_frames(struct sock *sk);

Vlad Yasevich's avatar
Vlad Yasevich committed
999
1000
int ip6_send_skb(struct sk_buff *skb);