1 /* $KAME: ip6opt.c,v 1.13 2003/06/06 10:08:20 suz Exp $ */ 2 3 /* 4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. Neither the name of the project nor the names of its contributors 16 * may be used to endorse or promote products derived from this software 17 * without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 */ 31 32 #include <sys/cdefs.h> 33 __FBSDID("$FreeBSD$"); 34 35 #include <sys/param.h> 36 #include <sys/types.h> 37 #include <sys/socket.h> 38 39 #include <netinet/in.h> 40 #include <netinet/ip6.h> 41 42 #include <string.h> 43 #include <stdio.h> 44 45 static int ip6optlen(u_int8_t *opt, u_int8_t *lim); 46 static void inet6_insert_padopt(u_char *p, int len); 47 48 /* 49 * This function returns the number of bytes required to hold an option 50 * when it is stored as ancillary data, including the cmsghdr structure 51 * at the beginning, and any padding at the end (to make its size a 52 * multiple of 8 bytes). The argument is the size of the structure 53 * defining the option, which must include any pad bytes at the 54 * beginning (the value y in the alignment term "xn + y"), the type 55 * byte, the length byte, and the option data. 56 */ 57 int 58 inet6_option_space(int nbytes) 59 { 60 nbytes += 2; /* we need space for nxt-hdr and length fields */ 61 return(CMSG_SPACE((nbytes + 7) & ~7)); 62 } 63 64 /* 65 * This function is called once per ancillary data object that will 66 * contain either Hop-by-Hop or Destination options. It returns 0 on 67 * success or -1 on an error. 68 */ 69 int 70 inet6_option_init(void *bp, struct cmsghdr **cmsgp, int type) 71 { 72 struct cmsghdr *ch = (struct cmsghdr *)bp; 73 74 /* argument validation */ 75 if (type != IPV6_HOPOPTS && type != IPV6_DSTOPTS) 76 return(-1); 77 78 ch->cmsg_level = IPPROTO_IPV6; 79 ch->cmsg_type = type; 80 ch->cmsg_len = CMSG_LEN(0); 81 82 *cmsgp = ch; 83 return(0); 84 } 85 86 /* 87 * This function appends a Hop-by-Hop option or a Destination option 88 * into an ancillary data object that has been initialized by 89 * inet6_option_init(). This function returns 0 if it succeeds or -1 on 90 * an error. 91 * multx is the value x in the alignment term "xn + y" described 92 * earlier. It must have a value of 1, 2, 4, or 8. 93 * plusy is the value y in the alignment term "xn + y" described 94 * earlier. It must have a value between 0 and 7, inclusive. 95 */ 96 int 97 inet6_option_append(struct cmsghdr *cmsg, const u_int8_t *typep, int multx, 98 int plusy) 99 { 100 int padlen, optlen, off; 101 u_char *bp = (u_char *)cmsg + cmsg->cmsg_len; 102 struct ip6_ext *eh = (struct ip6_ext *)CMSG_DATA(cmsg); 103 104 /* argument validation */ 105 if (multx != 1 && multx != 2 && multx != 4 && multx != 8) 106 return(-1); 107 if (plusy < 0 || plusy > 7) 108 return(-1); 109 110 /* 111 * If this is the first option, allocate space for the 112 * first 2 bytes(for next header and length fields) of 113 * the option header. 114 */ 115 if (bp == (u_char *)eh) { 116 bp += 2; 117 cmsg->cmsg_len += 2; 118 } 119 120 /* calculate pad length before the option. */ 121 off = bp - (u_char *)eh; 122 padlen = (((off % multx) + (multx - 1)) & ~(multx - 1)) - 123 (off % multx); 124 padlen += plusy; 125 padlen %= multx; /* keep the pad as short as possible */ 126 /* insert padding */ 127 inet6_insert_padopt(bp, padlen); 128 cmsg->cmsg_len += padlen; 129 bp += padlen; 130 131 /* copy the option */ 132 if (typep[0] == IP6OPT_PAD1) 133 optlen = 1; 134 else 135 optlen = typep[1] + 2; 136 memcpy(bp, typep, optlen); 137 bp += optlen; 138 cmsg->cmsg_len += optlen; 139 140 /* calculate pad length after the option and insert the padding */ 141 off = bp - (u_char *)eh; 142 padlen = ((off + 7) & ~7) - off; 143 inet6_insert_padopt(bp, padlen); 144 bp += padlen; 145 cmsg->cmsg_len += padlen; 146 147 /* update the length field of the ip6 option header */ 148 eh->ip6e_len = ((bp - (u_char *)eh) >> 3) - 1; 149 150 return(0); 151 } 152 153 /* 154 * This function appends a Hop-by-Hop option or a Destination option 155 * into an ancillary data object that has been initialized by 156 * inet6_option_init(). This function returns a pointer to the 8-bit 157 * option type field that starts the option on success, or NULL on an 158 * error. 159 * The difference between this function and inet6_option_append() is 160 * that the latter copies the contents of a previously built option into 161 * the ancillary data object while the current function returns a 162 * pointer to the space in the data object where the option's TLV must 163 * then be built by the caller. 164 * 165 */ 166 u_int8_t * 167 inet6_option_alloc(struct cmsghdr *cmsg, int datalen, int multx, int plusy) 168 { 169 int padlen, off; 170 u_int8_t *bp = (u_char *)cmsg + cmsg->cmsg_len; 171 u_int8_t *retval; 172 struct ip6_ext *eh = (struct ip6_ext *)CMSG_DATA(cmsg); 173 174 /* argument validation */ 175 if (multx != 1 && multx != 2 && multx != 4 && multx != 8) 176 return(NULL); 177 if (plusy < 0 || plusy > 7) 178 return(NULL); 179 180 /* 181 * If this is the first option, allocate space for the 182 * first 2 bytes(for next header and length fields) of 183 * the option header. 184 */ 185 if (bp == (u_char *)eh) { 186 bp += 2; 187 cmsg->cmsg_len += 2; 188 } 189 190 /* calculate pad length before the option. */ 191 off = bp - (u_char *)eh; 192 padlen = (((off % multx) + (multx - 1)) & ~(multx - 1)) - 193 (off % multx); 194 padlen += plusy; 195 padlen %= multx; /* keep the pad as short as possible */ 196 /* insert padding */ 197 inet6_insert_padopt(bp, padlen); 198 cmsg->cmsg_len += padlen; 199 bp += padlen; 200 201 /* keep space to store specified length of data */ 202 retval = bp; 203 bp += datalen; 204 cmsg->cmsg_len += datalen; 205 206 /* calculate pad length after the option and insert the padding */ 207 off = bp - (u_char *)eh; 208 padlen = ((off + 7) & ~7) - off; 209 inet6_insert_padopt(bp, padlen); 210 bp += padlen; 211 cmsg->cmsg_len += padlen; 212 213 /* update the length field of the ip6 option header */ 214 eh->ip6e_len = ((bp - (u_char *)eh) >> 3) - 1; 215 216 return(retval); 217 } 218 219 /* 220 * This function processes the next Hop-by-Hop option or Destination 221 * option in an ancillary data object. If another option remains to be 222 * processed, the return value of the function is 0 and *tptrp points to 223 * the 8-bit option type field (which is followed by the 8-bit option 224 * data length, followed by the option data). If no more options remain 225 * to be processed, the return value is -1 and *tptrp is NULL. If an 226 * error occurs, the return value is -1 and *tptrp is not NULL. 227 * (RFC 2292, 6.3.5) 228 */ 229 int 230 inet6_option_next(const struct cmsghdr *cmsg, u_int8_t **tptrp) 231 { 232 struct ip6_ext *ip6e; 233 int hdrlen, optlen; 234 u_int8_t *lim; 235 236 if (cmsg->cmsg_level != IPPROTO_IPV6 || 237 (cmsg->cmsg_type != IPV6_HOPOPTS && 238 cmsg->cmsg_type != IPV6_DSTOPTS)) 239 return(-1); 240 241 /* message length validation */ 242 if (cmsg->cmsg_len < CMSG_SPACE(sizeof(struct ip6_ext))) 243 return(-1); 244 ip6e = (struct ip6_ext *)CMSG_DATA(cmsg); 245 hdrlen = (ip6e->ip6e_len + 1) << 3; 246 if (cmsg->cmsg_len < CMSG_SPACE(hdrlen)) 247 return(-1); 248 249 /* 250 * If the caller does not specify the starting point, 251 * simply return the 1st option. 252 * Otherwise, search the option list for the next option. 253 */ 254 lim = (u_int8_t *)ip6e + hdrlen; 255 if (*tptrp == NULL) 256 *tptrp = (u_int8_t *)(ip6e + 1); 257 else { 258 if ((optlen = ip6optlen(*tptrp, lim)) == 0) 259 return(-1); 260 261 *tptrp = *tptrp + optlen; 262 } 263 if (*tptrp >= lim) { /* there is no option */ 264 *tptrp = NULL; 265 return(-1); 266 } 267 /* 268 * Finally, checks if the next option is safely stored in the 269 * cmsg data. 270 */ 271 if (ip6optlen(*tptrp, lim) == 0) 272 return(-1); 273 else 274 return(0); 275 } 276 277 /* 278 * This function is similar to the inet6_option_next() function, 279 * except this function lets the caller specify the option type to be 280 * searched for, instead of always returning the next option in the 281 * ancillary data object. 282 * Note: RFC 2292 says the type of tptrp is u_int8_t *, but we think 283 * it's a typo. The variable should be type of u_int8_t **. 284 */ 285 int 286 inet6_option_find(const struct cmsghdr *cmsg, u_int8_t **tptrp, int type) 287 { 288 struct ip6_ext *ip6e; 289 int hdrlen, optlen; 290 u_int8_t *optp, *lim; 291 292 if (cmsg->cmsg_level != IPPROTO_IPV6 || 293 (cmsg->cmsg_type != IPV6_HOPOPTS && 294 cmsg->cmsg_type != IPV6_DSTOPTS)) 295 return(-1); 296 297 /* message length validation */ 298 if (cmsg->cmsg_len < CMSG_SPACE(sizeof(struct ip6_ext))) 299 return(-1); 300 ip6e = (struct ip6_ext *)CMSG_DATA(cmsg); 301 hdrlen = (ip6e->ip6e_len + 1) << 3; 302 if (cmsg->cmsg_len < CMSG_SPACE(hdrlen)) 303 return(-1); 304 305 /* 306 * If the caller does not specify the starting point, 307 * search from the beginning of the option list. 308 * Otherwise, search from *the next option* of the specified point. 309 */ 310 lim = (u_int8_t *)ip6e + hdrlen; 311 if (*tptrp == NULL) 312 *tptrp = (u_int8_t *)(ip6e + 1); 313 else { 314 if ((optlen = ip6optlen(*tptrp, lim)) == 0) 315 return(-1); 316 317 *tptrp = *tptrp + optlen; 318 } 319 for (optp = *tptrp; optp < lim; optp += optlen) { 320 if (*optp == type) { 321 *tptrp = optp; 322 return(0); 323 } 324 if ((optlen = ip6optlen(optp, lim)) == 0) 325 return(-1); 326 } 327 328 /* search failed */ 329 *tptrp = NULL; 330 return(-1); 331 } 332 333 /* 334 * Calculate the length of a given IPv6 option. Also checks 335 * if the option is safely stored in user's buffer according to the 336 * calculated length and the limitation of the buffer. 337 */ 338 static int 339 ip6optlen(u_int8_t *opt, u_int8_t *lim) 340 { 341 int optlen; 342 343 if (*opt == IP6OPT_PAD1) 344 optlen = 1; 345 else { 346 /* is there enough space to store type and len? */ 347 if (opt + 2 > lim) 348 return(0); 349 optlen = *(opt + 1) + 2; 350 } 351 if (opt + optlen <= lim) 352 return(optlen); 353 354 return(0); 355 } 356 357 static void 358 inet6_insert_padopt(u_char *p, int len) 359 { 360 switch(len) { 361 case 0: 362 return; 363 case 1: 364 p[0] = IP6OPT_PAD1; 365 return; 366 default: 367 p[0] = IP6OPT_PADN; 368 p[1] = len - 2; 369 memset(&p[2], 0, len - 2); 370 return; 371 } 372 } 373 374 /* 375 * The following functions are defined in RFC3542, which is a successor 376 * of RFC2292. 377 */ 378 379 int 380 inet6_opt_init(void *extbuf, socklen_t extlen) 381 { 382 struct ip6_ext *ext = (struct ip6_ext *)extbuf; 383 384 if (ext) { 385 if (extlen <= 0 || (extlen % 8)) 386 return(-1); 387 ext->ip6e_len = (extlen >> 3) - 1; 388 } 389 390 return(2); /* sizeof the next and the length fields */ 391 } 392 393 int 394 inet6_opt_append(void *extbuf, socklen_t extlen, int offset, u_int8_t type, 395 socklen_t len, u_int8_t align, void **databufp) 396 { 397 int currentlen = offset, padlen = 0; 398 399 /* 400 * The option type must have a value from 2 to 255, inclusive. 401 * (0 and 1 are reserved for the Pad1 and PadN options, respectively.) 402 */ 403 if (type < 2) 404 return(-1); 405 406 /* 407 * The option data length must have a value between 0 and 255, 408 * inclusive, and is the length of the option data that follows. 409 */ 410 if (len < 0 || len > 255) 411 return(-1); 412 413 /* 414 * The align parameter must have a value of 1, 2, 4, or 8. 415 * The align value can not exceed the value of len. 416 */ 417 if (align != 1 && align != 2 && align != 4 && align != 8) 418 return(-1); 419 if (align > len) 420 return(-1); 421 422 /* Calculate the padding length. */ 423 currentlen += 2 + len; /* 2 means "type + len" */ 424 if (currentlen % align) 425 padlen = align - (currentlen % align); 426 427 /* The option must fit in the extension header buffer. */ 428 currentlen += padlen; 429 if (extlen && /* XXX: right? */ 430 currentlen > extlen) 431 return(-1); 432 433 if (extbuf) { 434 u_int8_t *optp = (u_int8_t *)extbuf + offset; 435 436 if (padlen == 1) { 437 /* insert a Pad1 option */ 438 *optp = IP6OPT_PAD1; 439 optp++; 440 } 441 else if (padlen > 0) { 442 /* insert a PadN option for alignment */ 443 *optp++ = IP6OPT_PADN; 444 *optp++ = padlen - 2; 445 memset(optp, 0, padlen - 2); 446 optp += (padlen - 2); 447 } 448 449 *optp++ = type; 450 *optp++ = len; 451 452 *databufp = optp; 453 } 454 455 return(currentlen); 456 } 457 458 int 459 inet6_opt_finish(void *extbuf, socklen_t extlen, int offset) 460 { 461 int updatelen = offset > 0 ? (1 + ((offset - 1) | 7)) : 0; 462 463 if (extbuf) { 464 u_int8_t *padp; 465 int padlen = updatelen - offset; 466 467 if (updatelen > extlen) 468 return(-1); 469 470 padp = (u_int8_t *)extbuf + offset; 471 if (padlen == 1) 472 *padp = IP6OPT_PAD1; 473 else if (padlen > 0) { 474 *padp++ = IP6OPT_PADN; 475 *padp++ = (padlen - 2); 476 memset(padp, 0, padlen - 2); 477 } 478 } 479 480 return(updatelen); 481 } 482 483 int 484 inet6_opt_set_val(void *databuf, int offset, void *val, socklen_t vallen) 485 { 486 487 memcpy((u_int8_t *)databuf + offset, val, vallen); 488 return(offset + vallen); 489 } 490 491 int 492 inet6_opt_next(void *extbuf, socklen_t extlen, int offset, u_int8_t *typep, 493 socklen_t *lenp, void **databufp) 494 { 495 u_int8_t *optp, *lim; 496 int optlen; 497 498 /* Validate extlen. XXX: is the variable really necessary?? */ 499 if (extlen == 0 || (extlen % 8)) 500 return(-1); 501 lim = (u_int8_t *)extbuf + extlen; 502 503 /* 504 * If this is the first time this function called for this options 505 * header, simply return the 1st option. 506 * Otherwise, search the option list for the next option. 507 */ 508 if (offset == 0) { 509 optp = (u_int8_t *)((struct ip6_hbh *)extbuf + 1); 510 } 511 else 512 optp = (u_int8_t *)extbuf + offset; 513 514 /* Find the next option skipping any padding options. */ 515 while(optp < lim) { 516 switch(*optp) { 517 case IP6OPT_PAD1: 518 optp++; 519 break; 520 case IP6OPT_PADN: 521 if ((optlen = ip6optlen(optp, lim)) == 0) 522 goto optend; 523 optp += optlen; 524 break; 525 default: /* found */ 526 if ((optlen = ip6optlen(optp, lim)) == 0) 527 goto optend; 528 *typep = *optp; 529 *lenp = optlen - 2; 530 *databufp = optp + 2; 531 return(optp + optlen - (u_int8_t *)extbuf); 532 } 533 } 534 535 optend: 536 *databufp = NULL; /* for safety */ 537 return(-1); 538 } 539 540 int 541 inet6_opt_find(void *extbuf, socklen_t extlen, int offset, u_int8_t type, 542 socklen_t *lenp, void **databufp) 543 { 544 u_int8_t *optp, *lim; 545 int optlen; 546 547 /* Validate extlen. XXX: is the variable really necessary?? */ 548 if (extlen == 0 || (extlen % 8)) 549 return(-1); 550 lim = (u_int8_t *)extbuf + extlen; 551 552 /* 553 * If this is the first time this function called for this options 554 * header, simply return the 1st option. 555 * Otherwise, search the option list for the next option. 556 */ 557 if (offset == 0) { 558 optp = (u_int8_t *)((struct ip6_hbh *)extbuf + 1); 559 } 560 else 561 optp = (u_int8_t *)extbuf + offset; 562 563 /* Find the specified option */ 564 while(optp < lim) { 565 if ((optlen = ip6optlen(optp, lim)) == 0) 566 goto optend; 567 568 if (*optp == type) { /* found */ 569 *lenp = optlen - 2; 570 *databufp = optp + 2; 571 return(optp + optlen - (u_int8_t *)extbuf); 572 } 573 574 optp += optlen; 575 } 576 577 optend: 578 *databufp = NULL; /* for safety */ 579 return(-1); 580 } 581 582 int 583 inet6_opt_get_val(void *databuf, int offset, void *val, socklen_t vallen) 584 { 585 586 /* we can't assume alignment here */ 587 memcpy(val, (u_int8_t *)databuf + offset, vallen); 588 589 return(offset + vallen); 590 } 591