Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 75f2811c authored by Jesse Gross's avatar Jesse Gross
Browse files

ipv6: Add fragment reporting to ipv6_skip_exthdr(). 



While parsing through IPv6 extension headers, fragment headers are
skipped making them invisible to the caller.  This reports the
fragment offset of the last header in order to make it possible to
determine whether the packet is fragmented and, if so whether it is
a first or last fragment.

Signed-off-by: default avatarJesse Gross <jesse@nicira.com>
parent 396cf943

include/net/ipv6.h

+1 −1
Original line number Diff line number Diff line
@@ -558,7 +558,7 @@ extern void ipv6_push_frag_opts(struct sk_buff *skb, 
						    u8 *proto);



extern int			ipv6_skip_exthdr(const struct sk_buff *, int start,

					         u8 *nexthdrp);

					         u8 *nexthdrp, __be16 *frag_offp);



extern int 			ipv6_ext_hdr(u8 nexthdr);

net/bridge/br_multicast.c

+2 −1
Original line number Diff line number Diff line
@@ -1458,6 +1458,7 @@ static int br_multicast_ipv6_rcv(struct net_bridge *br, 
	const struct ipv6hdr *ip6h;

	u8 icmp6_type;

	u8 nexthdr;

	__be16 frag_off;

	unsigned len;

	int offset;

	int err;
@@ -1483,7 +1484,7 @@ static int br_multicast_ipv6_rcv(struct net_bridge *br, 
		return -EINVAL;



	nexthdr = ip6h->nexthdr;

	offset = ipv6_skip_exthdr(skb, sizeof(*ip6h), &nexthdr);

	offset = ipv6_skip_exthdr(skb, sizeof(*ip6h), &nexthdr, &frag_off);



	if (offset < 0 || nexthdr != IPPROTO_ICMPV6)

		return 0;

net/bridge/netfilter/ebt_ip6.c

+2 −1
Original line number Diff line number Diff line
@@ -55,9 +55,10 @@ ebt_ip6_mt(const struct sk_buff *skb, struct xt_action_param *par) 
		return false;

	if (info->bitmask & EBT_IP6_PROTO) {

		uint8_t nexthdr = ih6->nexthdr;

		__be16 frag_off;

		int offset_ph;



		offset_ph = ipv6_skip_exthdr(skb, sizeof(_ip6h), &nexthdr);

		offset_ph = ipv6_skip_exthdr(skb, sizeof(_ip6h), &nexthdr, &frag_off);

		if (offset_ph == -1)

			return false;

		if (FWINV(info->protocol != nexthdr, EBT_IP6_PROTO))

net/bridge/netfilter/ebt_log.c

+2 −1
Original line number Diff line number Diff line
@@ -113,6 +113,7 @@ ebt_log_packet(u_int8_t pf, unsigned int hooknum, 
		const struct ipv6hdr *ih;

		struct ipv6hdr _iph;

		uint8_t nexthdr;

		__be16 frag_off;

		int offset_ph;



		ih = skb_header_pointer(skb, 0, sizeof(_iph), &_iph);
@@ -123,7 +124,7 @@ ebt_log_packet(u_int8_t pf, unsigned int hooknum, 
		printk(" IPv6 SRC=%pI6 IPv6 DST=%pI6, IPv6 priority=0x%01X, Next Header=%d",

		       &ih->saddr, &ih->daddr, ih->priority, ih->nexthdr);

		nexthdr = ih->nexthdr;

		offset_ph = ipv6_skip_exthdr(skb, sizeof(_iph), &nexthdr);

		offset_ph = ipv6_skip_exthdr(skb, sizeof(_iph), &nexthdr, &frag_off);

		if (offset_ph == -1)

			goto out;

		print_ports(skb, nexthdr, offset_ph);

net/ipv6/exthdrs_core.c

+9 −2
Original line number Diff line number Diff line
@@ -57,6 +57,9 @@ int ipv6_ext_hdr(u8 nexthdr) 
 *	    it returns NULL.

 *	  - First fragment header is skipped, not-first ones

 *	    are considered as unparsable.

 *	  - Reports the offset field of the final fragment header so it is

 *	    possible to tell whether this is a first fragment, later fragment,

 *	    or not fragmented.

 *	  - ESP is unparsable for now and considered like

 *	    normal payload protocol.

 *	  - Note also special handling of AUTH header. Thanks to IPsec wizards.
@@ -64,10 +67,13 @@ int ipv6_ext_hdr(u8 nexthdr) 
 * --ANK (980726)

 */



int ipv6_skip_exthdr(const struct sk_buff *skb, int start, u8 *nexthdrp)

int ipv6_skip_exthdr(const struct sk_buff *skb, int start, u8 *nexthdrp,

		     __be16 *frag_offp)

{

	u8 nexthdr = *nexthdrp;



	*frag_offp = 0;



	while (ipv6_ext_hdr(nexthdr)) {

		struct ipv6_opt_hdr _hdr, *hp;

		int hdrlen;
@@ -87,7 +93,8 @@ int ipv6_skip_exthdr(const struct sk_buff *skb, int start, u8 *nexthdrp) 
			if (fp == NULL)

				return -1;



			if (ntohs(*fp) & ~0x7)

			*frag_offp = *fp;

			if (ntohs(*frag_offp) & ~0x7)

				break;

			hdrlen = 8;

		} else if (nexthdr == NEXTHDR_AUTH)