net: Export IGMP/MLD message validation code

With this patch, the IGMP and MLD message validation functions are moved from the bridge code to IPv4/IPv6 multicast files. Some small refactoring was done to enhance readibility and to iron out some differences in behaviour between the IGMP and MLD parsing code (e.g. the skb-cloning of MLD messages is now only done if necessary, just like the IGMP part always did). Finally, these IGMP and MLD message validation functions are exported so that not only the bridge can use it but batman-adv later, too. Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Linus Lüssing <linus.luessing@c0d3.blue> 2015-05-02 08:01:07 -0400
committer: David S. Miller <davem@davemloft.net> 2015-05-04 14:49:23 -0400
commit: 9afd85c9e4552b276e2f4cfefd622bdeeffbbf26 (patch)
tree: 3657b92f850d03ec3a8f67e6171d5b61abdf3ae0 /net/ipv4/igmp.c
parent: 3c9e4f870012350a36dc3091c7a57f5ba2799afe (diff)
1 files changed, 162 insertions, 0 deletions
diff --git a/net/ipv4/igmp.c b/net/ipv4/igmp.c
index a3a697f5ffba..651cdf648ec4 100644
--- a/net/ipv4/igmp.c
+++ b/net/ipv4/igmp.c
@@ -1339,6 +1339,168 @@ out:
 }
 EXPORT_SYMBOL(ip_mc_inc_group);
+static int ip_mc_check_iphdr(struct sk_buff *skb)
+{
+        const struct iphdr *iph;
+        unsigned int len;
+        unsigned int offset = skb_network_offset(skb) + sizeof(*iph);
+        if (!pskb_may_pull(skb, offset))
+                return -EINVAL;
+        iph = ip_hdr(skb);
+        if (iph->version != 4 || ip_hdrlen(skb) < sizeof(*iph))
+                return -EINVAL;
+        offset += ip_hdrlen(skb) - sizeof(*iph);
+        if (!pskb_may_pull(skb, offset))
+                return -EINVAL;
+        iph = ip_hdr(skb);
+        if (unlikely(ip_fast_csum((u8 *)iph, iph->ihl)))
+                return -EINVAL;
+        len = skb_network_offset(skb) + ntohs(iph->tot_len);
+        if (skb->len < len || len < offset)
+                return -EINVAL;
+        skb_set_transport_header(skb, offset);
+        return 0;
+}
+static int ip_mc_check_igmp_reportv3(struct sk_buff *skb)
+{
+        unsigned int len = skb_transport_offset(skb);
+        len += sizeof(struct igmpv3_report);
+        return pskb_may_pull(skb, len) ? 0 : -EINVAL;
+}
+static int ip_mc_check_igmp_query(struct sk_buff *skb)
+{
+        unsigned int len = skb_transport_offset(skb);
+        len += sizeof(struct igmphdr);
+        if (skb->len < len)
+                return -EINVAL;
+        /* IGMPv{1,2}? */
+        if (skb->len != len) {
+                /* or IGMPv3? */
+                len += sizeof(struct igmpv3_query) - sizeof(struct igmphdr);
+                if (skb->len < len || !pskb_may_pull(skb, len))
+                        return -EINVAL;
+        }
+        /* RFC2236+RFC3376 (IGMPv2+IGMPv3) require the multicast link layer
+         * all-systems destination addresses (224.0.0.1) for general queries
+         */
+        if (!igmp_hdr(skb)->group &&
+            ip_hdr(skb)->daddr != htonl(INADDR_ALLHOSTS_GROUP))
+                return -EINVAL;
+        return 0;
+}
+static int ip_mc_check_igmp_msg(struct sk_buff *skb)
+{
+        switch (igmp_hdr(skb)->type) {
+        case IGMP_HOST_LEAVE_MESSAGE:
+        case IGMP_HOST_MEMBERSHIP_REPORT:
+        case IGMPV2_HOST_MEMBERSHIP_REPORT:
+                /* fall through */
+                return 0;
+        case IGMPV3_HOST_MEMBERSHIP_REPORT:
+                return ip_mc_check_igmp_reportv3(skb);
+        case IGMP_HOST_MEMBERSHIP_QUERY:
+                return ip_mc_check_igmp_query(skb);
+        default:
+                return -ENOMSG;
+        }
+}
+static inline __sum16 ip_mc_validate_checksum(struct sk_buff *skb)
+{
+        return skb_checksum_simple_validate(skb);
+}
+static int __ip_mc_check_igmp(struct sk_buff *skb, struct sk_buff **skb_trimmed)
+{
+        struct sk_buff *skb_chk;
+        unsigned int transport_len;
+        unsigned int len = skb_transport_offset(skb) + sizeof(struct igmphdr);
+        int ret;
+        transport_len = ntohs(ip_hdr(skb)->tot_len) - ip_hdrlen(skb);
+        skb_get(skb);
+        skb_chk = skb_checksum_trimmed(skb, transport_len,
+                                       ip_mc_validate_checksum);
+        if (!skb_chk)
+                return -EINVAL;
+        if (!pskb_may_pull(skb_chk, len)) {
+                kfree_skb(skb_chk);
+                return -EINVAL;
+        }
+        ret = ip_mc_check_igmp_msg(skb_chk);
+        if (ret) {
+                kfree_skb(skb_chk);
+                return ret;
+        }
+        if (skb_trimmed)
+                *skb_trimmed = skb_chk;
+        else
+                kfree_skb(skb_chk);
+        return 0;
+}
+/**
+ * ip_mc_check_igmp - checks whether this is a sane IGMP packet
+ * @skb: the skb to validate
+ * @skb_trimmed: to store an skb pointer trimmed to IPv4 packet tail (optional)
+ *
+ * Checks whether an IPv4 packet is a valid IGMP packet. If so sets
+ * skb network and transport headers accordingly and returns zero.
+ *
+ * -EINVAL: A broken packet was detected, i.e. it violates some internet
+ *  standard
+ * -ENOMSG: IP header validation succeeded but it is not an IGMP packet.
+ * -ENOMEM: A memory allocation failure happened.
+ *
+ * Optionally, an skb pointer might be provided via skb_trimmed (or set it
+ * to NULL): After parsing an IGMP packet successfully it will point to
+ * an skb which has its tail aligned to the IP packet end. This might
+ * either be the originally provided skb or a trimmed, cloned version if
+ * the skb frame had data beyond the IP packet. A cloned skb allows us
+ * to leave the original skb and its full frame unchanged (which might be
+ * desirable for layer 2 frame jugglers).
+ *
+ * The caller needs to release a reference count from any returned skb_trimmed.
+ */
+int ip_mc_check_igmp(struct sk_buff *skb, struct sk_buff **skb_trimmed)
+{
+        int ret = ip_mc_check_iphdr(skb);
+        if (ret < 0)
+                return ret;
+        if (ip_hdr(skb)->protocol != IPPROTO_IGMP)
+                return -ENOMSG;
+        return __ip_mc_check_igmp(skb, skb_trimmed);
+}
+EXPORT_SYMBOL(ip_mc_check_igmp);
 /*
 *      Resend IGMP JOIN report; used by netdev notifier.
 */
author	Linus Lüssing <linus.luessing@c0d3.blue>	2015-05-02 08:01:07 -0400
committer	David S. Miller <davem@davemloft.net>	2015-05-04 14:49:23 -0400
commit	9afd85c9e4552b276e2f4cfefd622bdeeffbbf26 (patch)
tree	3657b92f850d03ec3a8f67e6171d5b61abdf3ae0 /net/ipv4/igmp.c
parent	3c9e4f870012350a36dc3091c7a57f5ba2799afe (diff)

diff --git a/net/ipv4/igmp.c b/net/ipv4/igmp.c index a3a697f5ffba..651cdf648ec4 100644 --- a/net/ipv4/igmp.c +++ b/net/ipv4/igmp.c
@@ -1339,6 +1339,168 @@ out:
1339	}	1339	}
1340	EXPORT_SYMBOL(ip_mc_inc_group);	1340	EXPORT_SYMBOL(ip_mc_inc_group);
1341		1341
		1342	static int ip_mc_check_iphdr(struct sk_buff *skb)
		1343	{
		1344	const struct iphdr *iph;
		1345	unsigned int len;
		1346	unsigned int offset = skb_network_offset(skb) + sizeof(*iph);
		1347
		1348	if (!pskb_may_pull(skb, offset))
		1349	return -EINVAL;
		1350
		1351	iph = ip_hdr(skb);
		1352
		1353	if (iph->version != 4 \|\| ip_hdrlen(skb) < sizeof(*iph))
		1354	return -EINVAL;
		1355
		1356	offset += ip_hdrlen(skb) - sizeof(*iph);
		1357
		1358	if (!pskb_may_pull(skb, offset))
		1359	return -EINVAL;
		1360
		1361	iph = ip_hdr(skb);
		1362
		1363	if (unlikely(ip_fast_csum((u8 *)iph, iph->ihl)))
		1364	return -EINVAL;
		1365
		1366	len = skb_network_offset(skb) + ntohs(iph->tot_len);
		1367	if (skb->len < len \|\| len < offset)
		1368	return -EINVAL;
		1369
		1370	skb_set_transport_header(skb, offset);
		1371
		1372	return 0;
		1373	}
		1374
		1375	static int ip_mc_check_igmp_reportv3(struct sk_buff *skb)
		1376	{
		1377	unsigned int len = skb_transport_offset(skb);
		1378
		1379	len += sizeof(struct igmpv3_report);
		1380
		1381	return pskb_may_pull(skb, len) ? 0 : -EINVAL;
		1382	}
		1383
		1384	static int ip_mc_check_igmp_query(struct sk_buff *skb)
		1385	{
		1386	unsigned int len = skb_transport_offset(skb);
		1387
		1388	len += sizeof(struct igmphdr);
		1389	if (skb->len < len)
		1390	return -EINVAL;
		1391
		1392	/* IGMPv{1,2}? */
		1393	if (skb->len != len) {
		1394	/* or IGMPv3? */
		1395	len += sizeof(struct igmpv3_query) - sizeof(struct igmphdr);
		1396	if (skb->len < len \|\| !pskb_may_pull(skb, len))
		1397	return -EINVAL;
		1398	}
		1399
		1400	/* RFC2236+RFC3376 (IGMPv2+IGMPv3) require the multicast link layer
		1401	* all-systems destination addresses (224.0.0.1) for general queries
		1402	*/
		1403	if (!igmp_hdr(skb)->group &&
		1404	ip_hdr(skb)->daddr != htonl(INADDR_ALLHOSTS_GROUP))
		1405	return -EINVAL;
		1406
		1407	return 0;
		1408	}
		1409
		1410	static int ip_mc_check_igmp_msg(struct sk_buff *skb)
		1411	{
		1412	switch (igmp_hdr(skb)->type) {
		1413	case IGMP_HOST_LEAVE_MESSAGE:
		1414	case IGMP_HOST_MEMBERSHIP_REPORT:
		1415	case IGMPV2_HOST_MEMBERSHIP_REPORT:
		1416	/* fall through */
		1417	return 0;
		1418	case IGMPV3_HOST_MEMBERSHIP_REPORT:
		1419	return ip_mc_check_igmp_reportv3(skb);
		1420	case IGMP_HOST_MEMBERSHIP_QUERY:
		1421	return ip_mc_check_igmp_query(skb);
		1422	default:
		1423	return -ENOMSG;
		1424	}
		1425	}
		1426
		1427	static inline __sum16 ip_mc_validate_checksum(struct sk_buff *skb)
		1428	{
		1429	return skb_checksum_simple_validate(skb);
		1430	}
		1431
		1432	static int __ip_mc_check_igmp(struct sk_buff skb, struct sk_buff *skb_trimmed)
		1433
		1434	{
		1435	struct sk_buff *skb_chk;
		1436	unsigned int transport_len;
		1437	unsigned int len = skb_transport_offset(skb) + sizeof(struct igmphdr);
		1438	int ret;
		1439
		1440	transport_len = ntohs(ip_hdr(skb)->tot_len) - ip_hdrlen(skb);
		1441
		1442	skb_get(skb);
		1443	skb_chk = skb_checksum_trimmed(skb, transport_len,
		1444	ip_mc_validate_checksum);
		1445	if (!skb_chk)
		1446	return -EINVAL;
		1447
		1448	if (!pskb_may_pull(skb_chk, len)) {
		1449	kfree_skb(skb_chk);
		1450	return -EINVAL;
		1451	}
		1452
		1453	ret = ip_mc_check_igmp_msg(skb_chk);
		1454	if (ret) {
		1455	kfree_skb(skb_chk);
		1456	return ret;
		1457	}
		1458
		1459	if (skb_trimmed)
		1460	*skb_trimmed = skb_chk;
		1461	else
		1462	kfree_skb(skb_chk);
		1463
		1464	return 0;
		1465	}
		1466
		1467	/**
		1468	* ip_mc_check_igmp - checks whether this is a sane IGMP packet
		1469	* @skb: the skb to validate
		1470	* @skb_trimmed: to store an skb pointer trimmed to IPv4 packet tail (optional)
		1471	*
		1472	* Checks whether an IPv4 packet is a valid IGMP packet. If so sets
		1473	* skb network and transport headers accordingly and returns zero.
		1474	*
		1475	* -EINVAL: A broken packet was detected, i.e. it violates some internet
		1476	* standard
		1477	* -ENOMSG: IP header validation succeeded but it is not an IGMP packet.
		1478	* -ENOMEM: A memory allocation failure happened.
		1479	*
		1480	* Optionally, an skb pointer might be provided via skb_trimmed (or set it
		1481	* to NULL): After parsing an IGMP packet successfully it will point to
		1482	* an skb which has its tail aligned to the IP packet end. This might
		1483	* either be the originally provided skb or a trimmed, cloned version if
		1484	* the skb frame had data beyond the IP packet. A cloned skb allows us
		1485	* to leave the original skb and its full frame unchanged (which might be
		1486	* desirable for layer 2 frame jugglers).
		1487	*
		1488	* The caller needs to release a reference count from any returned skb_trimmed.
		1489	*/
		1490	int ip_mc_check_igmp(struct sk_buff skb, struct sk_buff *skb_trimmed)
		1491	{
		1492	int ret = ip_mc_check_iphdr(skb);
		1493
		1494	if (ret < 0)
		1495	return ret;
		1496
		1497	if (ip_hdr(skb)->protocol != IPPROTO_IGMP)
		1498	return -ENOMSG;
		1499
		1500	return __ip_mc_check_igmp(skb, skb_trimmed);
		1501	}
		1502	EXPORT_SYMBOL(ip_mc_check_igmp);
		1503
1342	/*	1504	/*
1343	* Resend IGMP JOIN report; used by netdev notifier.	1505	* Resend IGMP JOIN report; used by netdev notifier.
1344	*/	1506	*/