1 /* $KAME: ip6opt.c,v 1.13 2003/06/06 10:08:20 suz Exp $ */ 2 3 /* 4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. Neither the name of the project nor the names of its contributors 16 * may be used to endorse or promote products derived from this software 17 * without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 */ 31 32 #include <sys/cdefs.h> 33 __FBSDID("$FreeBSD$"); 34 35 #include <sys/param.h> 36 #include <sys/types.h> 37 #include <sys/socket.h> 38 39 #include <netinet/in.h> 40 #include <netinet/ip6.h> 41 42 #include <string.h> 43 #include <stdio.h> 44 45 static int ip6optlen(u_int8_t *opt, u_int8_t *lim); 46 static void inet6_insert_padopt(u_char *p, int len); 47 48 /* 49 * This function returns the number of bytes required to hold an option 50 * when it is stored as ancillary data, including the cmsghdr structure 51 * at the beginning, and any padding at the end (to make its size a 52 * multiple of 8 bytes). The argument is the size of the structure 53 * defining the option, which must include any pad bytes at the 54 * beginning (the value y in the alignment term "xn + y"), the type 55 * byte, the length byte, and the option data. 56 */ 57 int 58 inet6_option_space(int nbytes) 59 { 60 nbytes += 2; /* we need space for nxt-hdr and length fields */ 61 return(CMSG_SPACE((nbytes + 7) & ~7)); 62 } 63 64 /* 65 * This function is called once per ancillary data object that will 66 * contain either Hop-by-Hop or Destination options. It returns 0 on 67 * success or -1 on an error. 68 */ 69 int 70 inet6_option_init(void *bp, struct cmsghdr **cmsgp, int type) 71 { 72 struct cmsghdr *ch = (struct cmsghdr *)bp; 73 74 /* argument validation */ 75 if (type != IPV6_HOPOPTS && type != IPV6_DSTOPTS) 76 return(-1); 77 78 ch->cmsg_level = IPPROTO_IPV6; 79 ch->cmsg_type = type; 80 ch->cmsg_len = CMSG_LEN(0); 81 82 *cmsgp = ch; 83 return(0); 84 } 85 86 /* 87 * This function appends a Hop-by-Hop option or a Destination option 88 * into an ancillary data object that has been initialized by 89 * inet6_option_init(). This function returns 0 if it succeeds or -1 on 90 * an error. 91 * multx is the value x in the alignment term "xn + y" described 92 * earlier. It must have a value of 1, 2, 4, or 8. 93 * plusy is the value y in the alignment term "xn + y" described 94 * earlier. It must have a value between 0 and 7, inclusive. 95 */ 96 int 97 inet6_option_append(struct cmsghdr *cmsg, const u_int8_t *typep, int multx, 98 int plusy) 99 { 100 int padlen, optlen, off; 101 u_char *bp = (u_char *)cmsg + cmsg->cmsg_len; 102 struct ip6_ext *eh = (struct ip6_ext *)CMSG_DATA(cmsg); 103 104 /* argument validation */ 105 if (multx != 1 && multx != 2 && multx != 4 && multx != 8) 106 return(-1); 107 if (plusy < 0 || plusy > 7) 108 return(-1); 109 110 /* 111 * If this is the first option, allocate space for the 112 * first 2 bytes(for next header and length fields) of 113 * the option header. 114 */ 115 if (bp == (u_char *)eh) { 116 bp += 2; 117 cmsg->cmsg_len += 2; 118 } 119 120 /* calculate pad length before the option. */ 121 off = bp - (u_char *)eh; 122 padlen = (((off % multx) + (multx - 1)) & ~(multx - 1)) - 123 (off % multx); 124 padlen += plusy; 125 padlen %= multx; /* keep the pad as short as possible */ 126 /* insert padding */ 127 inet6_insert_padopt(bp, padlen); 128 cmsg->cmsg_len += padlen; 129 bp += padlen; 130 131 /* copy the option */ 132 if (typep[0] == IP6OPT_PAD1) 133 optlen = 1; 134 else 135 optlen = typep[1] + 2; 136 memcpy(bp, typep, optlen); 137 bp += optlen; 138 cmsg->cmsg_len += optlen; 139 140 /* calculate pad length after the option and insert the padding */ 141 off = bp - (u_char *)eh; 142 padlen = ((off + 7) & ~7) - off; 143 inet6_insert_padopt(bp, padlen); 144 bp += padlen; 145 cmsg->cmsg_len += padlen; 146 147 /* update the length field of the ip6 option header */ 148 eh->ip6e_len = ((bp - (u_char *)eh) >> 3) - 1; 149 150 return(0); 151 } 152 153 /* 154 * This function appends a Hop-by-Hop option or a Destination option 155 * into an ancillary data object that has been initialized by 156 * inet6_option_init(). This function returns a pointer to the 8-bit 157 * option type field that starts the option on success, or NULL on an 158 * error. 159 * The difference between this function and inet6_option_append() is 160 * that the latter copies the contents of a previously built option into 161 * the ancillary data object while the current function returns a 162 * pointer to the space in the data object where the option's TLV must 163 * then be built by the caller. 164 * 165 */ 166 u_int8_t * 167 inet6_option_alloc(struct cmsghdr *cmsg, int datalen, int multx, int plusy) 168 { 169 int padlen, off; 170 u_int8_t *bp = (u_char *)cmsg + cmsg->cmsg_len; 171 u_int8_t *retval; 172 struct ip6_ext *eh = (struct ip6_ext *)CMSG_DATA(cmsg); 173 174 /* argument validation */ 175 if (multx != 1 && multx != 2 && multx != 4 && multx != 8) 176 return(NULL); 177 if (plusy < 0 || plusy > 7) 178 return(NULL); 179 180 /* 181 * If this is the first option, allocate space for the 182 * first 2 bytes(for next header and length fields) of 183 * the option header. 184 */ 185 if (bp == (u_char *)eh) { 186 bp += 2; 187 cmsg->cmsg_len += 2; 188 } 189 190 /* calculate pad length before the option. */ 191 off = bp - (u_char *)eh; 192 padlen = (((off % multx) + (multx - 1)) & ~(multx - 1)) - 193 (off % multx); 194 padlen += plusy; 195 padlen %= multx; /* keep the pad as short as possible */ 196 /* insert padding */ 197 inet6_insert_padopt(bp, padlen); 198 cmsg->cmsg_len += padlen; 199 bp += padlen; 200 201 /* keep space to store specified length of data */ 202 retval = bp; 203 bp += datalen; 204 cmsg->cmsg_len += datalen; 205 206 /* calculate pad length after the option and insert the padding */ 207 off = bp - (u_char *)eh; 208 padlen = ((off + 7) & ~7) - off; 209 inet6_insert_padopt(bp, padlen); 210 bp += padlen; 211 cmsg->cmsg_len += padlen; 212 213 /* update the length field of the ip6 option header */ 214 eh->ip6e_len = ((bp - (u_char *)eh) >> 3) - 1; 215 216 return(retval); 217 } 218 219 /* 220 * This function processes the next Hop-by-Hop option or Destination 221 * option in an ancillary data object. If another option remains to be 222 * processed, the return value of the function is 0 and *tptrp points to 223 * the 8-bit option type field (which is followed by the 8-bit option 224 * data length, followed by the option data). If no more options remain 225 * to be processed, the return value is -1 and *tptrp is NULL. If an 226 * error occurs, the return value is -1 and *tptrp is not NULL. 227 * (RFC 2292, 6.3.5) 228 */ 229 int 230 inet6_option_next(const struct cmsghdr *cmsg, u_int8_t **tptrp) 231 { 232 struct ip6_ext *ip6e; 233 int hdrlen, optlen; 234 u_int8_t *lim; 235 236 if (cmsg->cmsg_level != IPPROTO_IPV6 || 237 (cmsg->cmsg_type != IPV6_HOPOPTS && 238 cmsg->cmsg_type != IPV6_DSTOPTS)) 239 return(-1); 240 241 /* message length validation */ 242 if (cmsg->cmsg_len < CMSG_SPACE(sizeof(struct ip6_ext))) 243 return(-1); 244 ip6e = (struct ip6_ext *)CMSG_DATA(cmsg); 245 hdrlen = (ip6e->ip6e_len + 1) << 3; 246 if (cmsg->cmsg_len < CMSG_SPACE(hdrlen)) 247 return(-1); 248 249 /* 250 * If the caller does not specify the starting point, 251 * simply return the 1st option. 252 * Otherwise, search the option list for the next option. 253 */ 254 lim = (u_int8_t *)ip6e + hdrlen; 255 if (*tptrp == NULL) 256 *tptrp = (u_int8_t *)(ip6e + 1); 257 else { 258 if ((optlen = ip6optlen(*tptrp, lim)) == 0) 259 return(-1); 260 261 *tptrp = *tptrp + optlen; 262 } 263 if (*tptrp >= lim) { /* there is no option */ 264 *tptrp = NULL; 265 return(-1); 266 } 267 /* 268 * Finally, checks if the next option is safely stored in the 269 * cmsg data. 270 */ 271 if (ip6optlen(*tptrp, lim) == 0) 272 return(-1); 273 else 274 return(0); 275 } 276 277 /* 278 * This function is similar to the inet6_option_next() function, 279 * except this function lets the caller specify the option type to be 280 * searched for, instead of always returning the next option in the 281 * ancillary data object. 282 * Note: RFC 2292 says the type of tptrp is u_int8_t *, but we think 283 * it's a typo. The variable should be type of u_int8_t **. 284 */ 285 int 286 inet6_option_find(const struct cmsghdr *cmsg, u_int8_t **tptrp, int type) 287 { 288 struct ip6_ext *ip6e; 289 int hdrlen, optlen; 290 u_int8_t *optp, *lim; 291 292 if (cmsg->cmsg_level != IPPROTO_IPV6 || 293 (cmsg->cmsg_type != IPV6_HOPOPTS && 294 cmsg->cmsg_type != IPV6_DSTOPTS)) 295 return(-1); 296 297 /* message length validation */ 298 if (cmsg->cmsg_len < CMSG_SPACE(sizeof(struct ip6_ext))) 299 return(-1); 300 ip6e = (struct ip6_ext *)CMSG_DATA(cmsg); 301 hdrlen = (ip6e->ip6e_len + 1) << 3; 302 if (cmsg->cmsg_len < CMSG_SPACE(hdrlen)) 303 return(-1); 304 305 /* 306 * If the caller does not specify the starting point, 307 * search from the beginning of the option list. 308 * Otherwise, search from *the next option* of the specified point. 309 */ 310 lim = (u_int8_t *)ip6e + hdrlen; 311 if (*tptrp == NULL) 312 *tptrp = (u_int8_t *)(ip6e + 1); 313 else { 314 if ((optlen = ip6optlen(*tptrp, lim)) == 0) 315 return(-1); 316 317 *tptrp = *tptrp + optlen; 318 } 319 for (optp = *tptrp; optp < lim; optp += optlen) { 320 if (*optp == type) { 321 *tptrp = optp; 322 return(0); 323 } 324 if ((optlen = ip6optlen(optp, lim)) == 0) 325 return(-1); 326 } 327 328 /* search failed */ 329 *tptrp = NULL; 330 return(-1); 331 } 332 333 /* 334 * Calculate the length of a given IPv6 option. Also checks 335 * if the option is safely stored in user's buffer according to the 336 * calculated length and the limitation of the buffer. 337 */ 338 static int 339 ip6optlen(u_int8_t *opt, u_int8_t *lim) 340 { 341 int optlen; 342 343 if (*opt == IP6OPT_PAD1) 344 optlen = 1; 345 else { 346 /* is there enough space to store type and len? */ 347 if (opt + 2 > lim) 348 return(0); 349 optlen = *(opt + 1) + 2; 350 } 351 if (opt + optlen <= lim) 352 return(optlen); 353 354 return(0); 355 } 356 357 static void 358 inet6_insert_padopt(u_char *p, int len) 359 { 360 switch(len) { 361 case 0: 362 return; 363 case 1: 364 p[0] = IP6OPT_PAD1; 365 return; 366 default: 367 p[0] = IP6OPT_PADN; 368 p[1] = len - 2; 369 memset(&p[2], 0, len - 2); 370 return; 371 } 372 } 373 374 /* 375 * The following functions are defined in RFC3542, which is a successor 376 * of RFC2292. 377 */ 378 379 int 380 inet6_opt_init(void *extbuf, socklen_t extlen) 381 { 382 struct ip6_ext *ext = (struct ip6_ext *)extbuf; 383 384 if (extlen < 0 || (extlen % 8)) 385 return(-1); 386 387 if (ext) { 388 if (extlen == 0) 389 return(-1); 390 ext->ip6e_len = (extlen >> 3) - 1; 391 } 392 393 return(2); /* sizeof the next and the length fields */ 394 } 395 396 int 397 inet6_opt_append(void *extbuf, socklen_t extlen, int offset, u_int8_t type, 398 socklen_t len, u_int8_t align, void **databufp) 399 { 400 int currentlen = offset, padlen = 0; 401 402 /* 403 * The option type must have a value from 2 to 255, inclusive. 404 * (0 and 1 are reserved for the Pad1 and PadN options, respectively.) 405 */ 406 if (type < 2) 407 return(-1); 408 409 /* 410 * The option data length must have a value between 0 and 255, 411 * inclusive, and is the length of the option data that follows. 412 */ 413 if (len < 0 || len > 255) 414 return(-1); 415 416 /* 417 * The align parameter must have a value of 1, 2, 4, or 8. 418 * The align value can not exceed the value of len. 419 */ 420 if (align != 1 && align != 2 && align != 4 && align != 8) 421 return(-1); 422 if (align > len) 423 return(-1); 424 425 /* Calculate the padding length. */ 426 currentlen += 2 + len; /* 2 means "type + len" */ 427 if (currentlen % align) 428 padlen = align - (currentlen % align); 429 430 /* The option must fit in the extension header buffer. */ 431 currentlen += padlen; 432 if (extlen && /* XXX: right? */ 433 currentlen > extlen) 434 return(-1); 435 436 if (extbuf) { 437 u_int8_t *optp = (u_int8_t *)extbuf + offset; 438 439 if (padlen == 1) { 440 /* insert a Pad1 option */ 441 *optp = IP6OPT_PAD1; 442 optp++; 443 } 444 else if (padlen > 0) { 445 /* insert a PadN option for alignment */ 446 *optp++ = IP6OPT_PADN; 447 *optp++ = padlen - 2; 448 memset(optp, 0, padlen - 2); 449 optp += (padlen - 2); 450 } 451 452 *optp++ = type; 453 *optp++ = len; 454 455 *databufp = optp; 456 } 457 458 return(currentlen); 459 } 460 461 int 462 inet6_opt_finish(void *extbuf, socklen_t extlen, int offset) 463 { 464 int updatelen = offset > 0 ? (1 + ((offset - 1) | 7)) : 0;; 465 466 if (extbuf) { 467 u_int8_t *padp; 468 int padlen = updatelen - offset; 469 470 if (updatelen > extlen) 471 return(-1); 472 473 padp = (u_int8_t *)extbuf + offset; 474 if (padlen == 1) 475 *padp = IP6OPT_PAD1; 476 else if (padlen > 0) { 477 *padp++ = IP6OPT_PADN; 478 *padp++ = (padlen - 2); 479 memset(padp, 0, padlen - 2); 480 } 481 } 482 483 return(updatelen); 484 } 485 486 int 487 inet6_opt_set_val(void *databuf, int offset, void *val, socklen_t vallen) 488 { 489 490 memcpy((u_int8_t *)databuf + offset, val, vallen); 491 return(offset + vallen); 492 } 493 494 int 495 inet6_opt_next(void *extbuf, socklen_t extlen, int offset, u_int8_t *typep, 496 socklen_t *lenp, void **databufp) 497 { 498 u_int8_t *optp, *lim; 499 int optlen; 500 501 /* Validate extlen. XXX: is the variable really necessary?? */ 502 if (extlen == 0 || (extlen % 8)) 503 return(-1); 504 lim = (u_int8_t *)extbuf + extlen; 505 506 /* 507 * If this is the first time this function called for this options 508 * header, simply return the 1st option. 509 * Otherwise, search the option list for the next option. 510 */ 511 if (offset == 0) { 512 optp = (u_int8_t *)((struct ip6_hbh *)extbuf + 1); 513 } 514 else 515 optp = (u_int8_t *)extbuf + offset; 516 517 /* Find the next option skipping any padding options. */ 518 while(optp < lim) { 519 switch(*optp) { 520 case IP6OPT_PAD1: 521 optp++; 522 break; 523 case IP6OPT_PADN: 524 if ((optlen = ip6optlen(optp, lim)) == 0) 525 goto optend; 526 optp += optlen; 527 break; 528 default: /* found */ 529 if ((optlen = ip6optlen(optp, lim)) == 0) 530 goto optend; 531 *typep = *optp; 532 *lenp = optlen - 2; 533 *databufp = optp + 2; 534 return(optp + optlen - (u_int8_t *)extbuf); 535 } 536 } 537 538 optend: 539 *databufp = NULL; /* for safety */ 540 return(-1); 541 } 542 543 int 544 inet6_opt_find(void *extbuf, socklen_t extlen, int offset, u_int8_t type, 545 socklen_t *lenp, void **databufp) 546 { 547 u_int8_t *optp, *lim; 548 int optlen; 549 550 /* Validate extlen. XXX: is the variable really necessary?? */ 551 if (extlen == 0 || (extlen % 8)) 552 return(-1); 553 lim = (u_int8_t *)extbuf + extlen; 554 555 /* 556 * If this is the first time this function called for this options 557 * header, simply return the 1st option. 558 * Otherwise, search the option list for the next option. 559 */ 560 if (offset == 0) { 561 optp = (u_int8_t *)((struct ip6_hbh *)extbuf + 1); 562 } 563 else 564 optp = (u_int8_t *)extbuf + offset; 565 566 /* Find the specified option */ 567 while(optp < lim) { 568 if ((optlen = ip6optlen(optp, lim)) == 0) 569 goto optend; 570 571 if (*optp == type) { /* found */ 572 *lenp = optlen - 2; 573 *databufp = optp + 2; 574 return(optp + optlen - (u_int8_t *)extbuf); 575 } 576 577 optp += optlen; 578 } 579 580 optend: 581 *databufp = NULL; /* for safety */ 582 return(-1); 583 } 584 585 int 586 inet6_opt_get_val(void *databuf, int offset, void *val, socklen_t vallen) 587 { 588 589 /* we can't assume alignment here */ 590 memcpy(val, (u_int8_t *)databuf + offset, vallen); 591 592 return(offset + vallen); 593 } 594