Linux 2.4.23 Networking: ip_input.c Source File

00001 /* 00002 * INET An implementation of the TCP/IP protocol suite for the LINUX 00003 * operating system. INET is implemented using the BSD Socket 00004 * interface as the means of communication with the user level. 00005 * 00006 * The Internet Protocol (IP) module. 00007 * 00008 * Version: $Id: ip_input.c,v 1.54.2.1 2002/01/12 07:39:23 davem Exp $ 00009 * 00010 * Authors: Ross Biro, <bir7@leland.Stanford.Edu> 00011 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG> 00012 * Donald Becker, <becker@super.org> 00013 * Alan Cox, <Alan.Cox@linux.org> 00014 * Richard Underwood 00015 * Stefan Becker, <stefanb@yello.ping.de> 00016 * Jorge Cwik, <jorge@laser.satlink.net> 00017 * Arnt Gulbrandsen, <agulbra@nvg.unit.no> 00018 * 00019 * 00020 * Fixes: 00021 * Alan Cox : Commented a couple of minor bits of surplus code 00022 * Alan Cox : Undefining IP_FORWARD doesn't include the code 00023 * (just stops a compiler warning). 00024 * Alan Cox : Frames with >=MAX_ROUTE record routes, strict routes or loose routes 00025 * are junked rather than corrupting things. 00026 * Alan Cox : Frames to bad broadcast subnets are dumped 00027 * We used to process them non broadcast and 00028 * boy could that cause havoc. 00029 * Alan Cox : ip_forward sets the free flag on the 00030 * new frame it queues. Still crap because 00031 * it copies the frame but at least it 00032 * doesn't eat memory too. 00033 * Alan Cox : Generic queue code and memory fixes. 00034 * Fred Van Kempen : IP fragment support (borrowed from NET2E) 00035 * Gerhard Koerting: Forward fragmented frames correctly. 00036 * Gerhard Koerting: Fixes to my fix of the above 8-). 00037 * Gerhard Koerting: IP interface addressing fix. 00038 * Linus Torvalds : More robustness checks 00039 * Alan Cox : Even more checks: Still not as robust as it ought to be 00040 * Alan Cox : Save IP header pointer for later 00041 * Alan Cox : ip option setting 00042 * Alan Cox : Use ip_tos/ip_ttl settings 00043 * Alan Cox : Fragmentation bogosity removed 00044 * (Thanks to Mark.Bush@prg.ox.ac.uk) 00045 * Dmitry Gorodchanin : Send of a raw packet crash fix. 00046 * Alan Cox : Silly ip bug when an overlength 00047 * fragment turns up. Now frees the 00048 * queue. 00049 * Linus Torvalds/ : Memory leakage on fragmentation 00050 * Alan Cox : handling. 00051 * Gerhard Koerting: Forwarding uses IP priority hints 00052 * Teemu Rantanen : Fragment problems. 00053 * Alan Cox : General cleanup, comments and reformat 00054 * Alan Cox : SNMP statistics 00055 * Alan Cox : BSD address rule semantics. Also see 00056 * UDP as there is a nasty checksum issue 00057 * if you do things the wrong way. 00058 * Alan Cox : Always defrag, moved IP_FORWARD to the config.in file 00059 * Alan Cox : IP options adjust sk->priority. 00060 * Pedro Roque : Fix mtu/length error in ip_forward. 00061 * Alan Cox : Avoid ip_chk_addr when possible. 00062 * Richard Underwood : IP multicasting. 00063 * Alan Cox : Cleaned up multicast handlers. 00064 * Alan Cox : RAW sockets demultiplex in the BSD style. 00065 * Gunther Mayer : Fix the SNMP reporting typo 00066 * Alan Cox : Always in group 224.0.0.1 00067 * Pauline Middelink : Fast ip_checksum update when forwarding 00068 * Masquerading support. 00069 * Alan Cox : Multicast loopback error for 224.0.0.1 00070 * Alan Cox : IP_MULTICAST_LOOP option. 00071 * Alan Cox : Use notifiers. 00072 * Bjorn Ekwall : Removed ip_csum (from slhc.c too) 00073 * Bjorn Ekwall : Moved ip_fast_csum to ip.h (inline!) 00074 * Stefan Becker : Send out ICMP HOST REDIRECT 00075 * Arnt Gulbrandsen : ip_build_xmit 00076 * Alan Cox : Per socket routing cache 00077 * Alan Cox : Fixed routing cache, added header cache. 00078 * Alan Cox : Loopback didn't work right in original ip_build_xmit - fixed it. 00079 * Alan Cox : Only send ICMP_REDIRECT if src/dest are the same net. 00080 * Alan Cox : Incoming IP option handling. 00081 * Alan Cox : Set saddr on raw output frames as per BSD. 00082 * Alan Cox : Stopped broadcast source route explosions. 00083 * Alan Cox : Can disable source routing 00084 * Takeshi Sone : Masquerading didn't work. 00085 * Dave Bonn,Alan Cox : Faster IP forwarding whenever possible. 00086 * Alan Cox : Memory leaks, tramples, misc debugging. 00087 * Alan Cox : Fixed multicast (by popular demand 8)) 00088 * Alan Cox : Fixed forwarding (by even more popular demand 8)) 00089 * Alan Cox : Fixed SNMP statistics [I think] 00090 * Gerhard Koerting : IP fragmentation forwarding fix 00091 * Alan Cox : Device lock against page fault. 00092 * Alan Cox : IP_HDRINCL facility. 00093 * Werner Almesberger : Zero fragment bug 00094 * Alan Cox : RAW IP frame length bug 00095 * Alan Cox : Outgoing firewall on build_xmit 00096 * A.N.Kuznetsov : IP_OPTIONS support throughout the kernel 00097 * Alan Cox : Multicast routing hooks 00098 * Jos Vos : Do accounting *before* call_in_firewall 00099 * Willy Konynenberg : Transparent proxying support 00100 * 00101 * 00102 * 00103 * To Fix: 00104 * IP fragmentation wants rewriting cleanly. The RFC815 algorithm is much more efficient 00105 * and could be made very efficient with the addition of some virtual memory hacks to permit 00106 * the allocation of a buffer that can then be 'grown' by twiddling page tables. 00107 * Output fragmentation wants updating along with the buffer management to use a single 00108 * interleaved copy algorithm so that fragmenting has a one copy overhead. Actual packet 00109 * output should probably do its own fragmentation at the UDP/RAW layer. TCP shouldn't cause 00110 * fragmentation anyway. 00111 * 00112 * This program is free software; you can redistribute it and/or 00113 * modify it under the terms of the GNU General Public License 00114 * as published by the Free Software Foundation; either version 00115 * 2 of the License, or (at your option) any later version. 00116 */ 00117 00118 #include <asm/system.h> 00119 #include <linux/types.h> 00120 #include <linux/kernel.h> 00121 #include <linux/string.h> 00122 #include <linux/errno.h> 00123 #include <linux/config.h> 00124 00125 #include <linux/net.h> 00126 #include <linux/socket.h> 00127 #include <linux/sockios.h> 00128 #include <linux/in.h> 00129 #include <linux/inet.h> 00130 #include <linux/netdevice.h> 00131 #include <linux/etherdevice.h> 00132 00133 #include <net/snmp.h> 00134 #include <net/ip.h> 00135 #include <net/protocol.h> 00136 #include <net/route.h> 00137 #include <linux/skbuff.h> 00138 #include <net/sock.h> 00139 #include <net/arp.h> 00140 #include <net/icmp.h> 00141 #include <net/raw.h> 00142 #include <net/checksum.h> 00143 #include <linux/netfilter_ipv4.h> 00144 #include <linux/mroute.h> 00145 #include <linux/netlink.h> 00146 00147 /* 00148 * SNMP management statistics 00149 */ 00150 00151 struct ip_mib ip_statistics[NR_CPUS*2]; 00152 00153 /* 00154 * Process Router Attention IP option 00155 */ 00156 int ip_call_ra_chain(struct sk_buff *skb) 00157 { 00158 struct ip_ra_chain *ra; 00159 u8 protocol = skb->nh.iph->protocol; 00160 struct sock *last = NULL; 00161 00162 read_lock(&ip_ra_lock); 00163 for (ra = ip_ra_chain; ra; ra = ra->next) { 00164 struct sock *sk = ra->sk; 00165 00166 /* If socket is bound to an interface, only report 00167 * the packet if it came from that interface. 00168 */ 00169 if (sk && sk->num == protocol 00170 && ((sk->bound_dev_if == 0) 00171 || (sk->bound_dev_if == skb->dev->ifindex))) { 00172 if (skb->nh.iph->frag_off & htons(IP_MF|IP_OFFSET)) { 00173 skb = ip_defrag(skb); 00174 if (skb == NULL) { 00175 read_unlock(&ip_ra_lock); 00176 return 1; 00177 } 00178 } 00179 if (last) { 00180 struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC); 00181 if (skb2) 00182 raw_rcv(last, skb2); 00183 } 00184 last = sk; 00185 } 00186 } 00187 00188 if (last) { 00189 raw_rcv(last, skb); 00190 read_unlock(&ip_ra_lock); 00191 return 1; 00192 } 00193 read_unlock(&ip_ra_lock); 00194 return 0; 00195 } 00196 00197 /* Handle this out of line, it is rare. */ 00198 static int ip_run_ipprot(struct sk_buff *skb, struct iphdr *iph, 00199 struct inet_protocol *ipprot, int force_copy) 00200 { 00201 int ret = 0; 00202 00203 do { 00204 if (ipprot->protocol == iph->protocol) { 00205 struct sk_buff *skb2 = skb; 00206 if (ipprot->copy || force_copy) 00207 skb2 = skb_clone(skb, GFP_ATOMIC); 00208 if(skb2 != NULL) { 00209 ret = 1; 00210 ipprot->handler(skb2); 00211 } 00212 } 00213 ipprot = (struct inet_protocol *) ipprot->next; 00214 } while(ipprot != NULL); 00215 00216 return ret; 00217 } 00218 00244 static inline int ip_local_deliver_finish(struct sk_buff *skb) 00245 { 00246 int ihl = skb->nh.iph->ihl*4; 00247 00248 #ifdef CONFIG_NETFILTER_DEBUG 00249 nf_debug_ip_local_deliver(skb); 00250 #endif /*CONFIG_NETFILTER_DEBUG*/ 00251 00252 __skb_pull(skb, ihl); 00253 00254 #ifdef CONFIG_NETFILTER 00255 /* Free reference early: we don't need it any more, and it may 00256 hold ip_conntrack module loaded indefinitely. */ 00257 nf_conntrack_put(skb->nfct); 00258 skb->nfct = NULL; 00259 #endif /*CONFIG_NETFILTER*/ 00260 00261 /* Point into the IP datagram, just past the header. */ 00262 skb->h.raw = skb->data; 00263 00264 { 00265 /* Note: See raw.c and net/raw.h, RAWV4_HTABLE_SIZE==MAX_INET_PROTOS */ 00266 int protocol = skb->nh.iph->protocol; 00267 int hash = protocol & (MAX_INET_PROTOS - 1); 00268 struct sock *raw_sk = raw_v4_htable[hash]; 00269 struct inet_protocol *ipprot; 00270 int flag; 00271 00272 /* If there maybe a raw socket we must check - if not we 00273 * don't care less 00274 */ 00275 if(raw_sk != NULL) 00276 raw_sk = raw_v4_input(skb, skb->nh.iph, hash); 00277 00278 ipprot = (struct inet_protocol *) inet_protos[hash]; 00279 flag = 0; 00280 if(ipprot != NULL) { 00281 if(raw_sk == NULL && 00282 ipprot->next == NULL && 00283 ipprot->protocol == protocol) { 00284 int ret; 00285 00286 /* Fast path... */ 00287 ret = ipprot->handler(skb); 00288 00289 return ret; 00290 } else { 00291 flag = ip_run_ipprot(skb, skb->nh.iph, ipprot, (raw_sk != NULL)); 00292 } 00293 } 00294 00295 /* All protocols checked. 00296 * If this packet was a broadcast, we may *not* reply to it, since that 00297 * causes (proven, grin) ARP storms and a leakage of memory (i.e. all 00298 * ICMP reply messages get queued up for transmission...) 00299 */ 00300 if(raw_sk != NULL) { /* Shift to last raw user */ 00301 raw_rcv(raw_sk, skb); 00302 sock_put(raw_sk); 00303 } else if (!flag) { /* Free and report errors */ 00304 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PROT_UNREACH, 0); 00305 kfree_skb(skb); 00306 } 00307 } 00308 00309 return 0; 00310 } 00311 00312 /* 00313 * Deliver IP Packets to the higher protocol layers. 00314 */ 00315 int ip_local_deliver(struct sk_buff *skb) 00316 { 00317 /* 00318 * Reassemble IP fragments. 00319 */ 00320 00321 if (skb->nh.iph->frag_off & htons(IP_MF|IP_OFFSET)) { 00322 skb = ip_defrag(skb); 00323 if (!skb) 00324 return 0; 00325 } 00326 00327 return NF_HOOK(PF_INET, NF_IP_LOCAL_IN, skb, skb->dev, NULL, 00328 ip_local_deliver_finish); 00329 } 00330 00341 static inline int ip_rcv_finish(struct sk_buff *skb) 00342 { 00343 struct net_device *dev = skb->dev; 00344 struct iphdr *iph = skb->nh.iph; 00345 00346 /* 00347 * Initialise the virtual path cache for the packet. It describes 00348 * how the packet travels inside Linux networking. 00349 */ 00350 if (skb->dst == NULL) { 00351 if (ip_route_input(skb, iph->daddr, iph->saddr, iph->tos, dev)) 00352 goto drop; 00353 } 00354 00355 #ifdef CONFIG_NET_CLS_ROUTE 00356 if (skb->dst->tclassid) { 00357 struct ip_rt_acct *st = ip_rt_acct + 256*smp_processor_id(); 00358 u32 idx = skb->dst->tclassid; 00359 st[idx&0xFF].o_packets++; 00360 st[idx&0xFF].o_bytes+=skb->len; 00361 st[(idx>>16)&0xFF].i_packets++; 00362 st[(idx>>16)&0xFF].i_bytes+=skb->len; 00363 } 00364 #endif 00365 00366 if (iph->ihl > 5) { 00367 struct ip_options *opt; 00368 00369 /* It looks as overkill, because not all 00370 IP options require packet mangling. 00371 But it is the easiest for now, especially taking 00372 into account that combination of IP options 00373 and running sniffer is extremely rare condition. 00374 --ANK (980813) 00375 */ 00376 00377 if (skb_cow(skb, skb_headroom(skb))) 00378 goto drop; 00379 iph = skb->nh.iph; 00380 00381 if (ip_options_compile(NULL, skb)) 00382 goto inhdr_error; 00383 00384 opt = &(IPCB(skb)->opt); 00385 if (opt->srr) { 00386 struct in_device *in_dev = in_dev_get(dev); 00387 if (in_dev) { 00388 if (!IN_DEV_SOURCE_ROUTE(in_dev)) { 00389 if (IN_DEV_LOG_MARTIANS(in_dev) && net_ratelimit()) 00390 printk(KERN_INFO "source route option %u.%u.%u.%u -> %u.%u.%u.%u\n", 00391 NIPQUAD(iph->saddr), NIPQUAD(iph->daddr)); 00392 in_dev_put(in_dev); 00393 goto drop; 00394 } 00395 in_dev_put(in_dev); 00396 } 00397 if (ip_options_rcv_srr(skb)) 00398 goto drop; 00399 } 00400 } 00401 00402 return skb->dst->input(skb); 00403 00404 inhdr_error: 00405 IP_INC_STATS_BH(IpInHdrErrors); 00406 drop: 00407 kfree_skb(skb); 00408 return NET_RX_DROP; 00409 } 00410 00411 /* 00412 * Main IP Receive routine. 00413 */ 00421 int ip_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt) 00422 { 00423 struct iphdr *iph; 00424 00425 /* When the interface is in promisc. mode, drop all the crap 00426 * that it receives, do not try to analyse it. 00427 */ 00428 if (skb->pkt_type == PACKET_OTHERHOST) 00429 goto drop; 00430 00431 IP_INC_STATS_BH(IpInReceives); 00432 00433 if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL) 00434 goto out; 00435 00436 if (!pskb_may_pull(skb, sizeof(struct iphdr))) 00437 goto inhdr_error; 00438 00439 iph = skb->nh.iph; 00440 00441 /* 00442 * RFC1122: 3.1.2.2 MUST silently discard any IP frame that fails the checksum. 00443 * 00444 * Is the datagram acceptable? 00445 * 00446 * 1. Length at least the size of an ip header 00447 * 2. Version of 4 00448 * 3. Checksums correctly. [Speed optimisation for later, skip loopback checksums] 00449 * 4. Doesn't have a bogus length 00450 */ 00451 00452 if (iph->ihl < 5 || iph->version != 4) 00453 goto inhdr_error; 00454 00455 if (!pskb_may_pull(skb, iph->ihl*4)) 00456 goto inhdr_error; 00457 00458 iph = skb->nh.iph; 00459 00460 if (ip_fast_csum((u8 *)iph, iph->ihl) != 0) 00461 goto inhdr_error; 00462 00463 { 00464 __u32 len = ntohs(iph->tot_len); 00465 if (skb->len < len || len < (iph->ihl<<2)) 00466 goto inhdr_error; 00467 00468 /* Our transport medium may have padded the buffer out. Now we know it 00469 * is IP we can trim to the true length of the frame. 00470 * Note this now means skb->len holds ntohs(iph->tot_len). 00471 */ 00472 if (skb->len > len) { 00473 __pskb_trim(skb, len); 00474 if (skb->ip_summed == CHECKSUM_HW) 00475 skb->ip_summed = CHECKSUM_NONE; 00476 } 00477 } 00478 00479 return NF_HOOK(PF_INET, NF_IP_PRE_ROUTING, skb, dev, NULL, 00480 ip_rcv_finish); 00481 00482 inhdr_error: 00483 IP_INC_STATS_BH(IpInHdrErrors); 00484 drop: 00485 kfree_skb(skb); 00486 out: 00487 return NET_RX_DROP; 00488 } 00489