1 // SPDX-License-Identifier: GPL-2.0 2 /* Copyright (C) 2007-2019 B.A.T.M.A.N. contributors: 3 * 4 * Marek Lindner, Simon Wunderlich 5 */ 6 7 #include "routing.h" 8 #include "main.h" 9 10 #include <linux/atomic.h> 11 #include <linux/byteorder/generic.h> 12 #include <linux/compiler.h> 13 #include <linux/errno.h> 14 #include <linux/etherdevice.h> 15 #include <linux/if_ether.h> 16 #include <linux/jiffies.h> 17 #include <linux/kref.h> 18 #include <linux/netdevice.h> 19 #include <linux/printk.h> 20 #include <linux/rculist.h> 21 #include <linux/rcupdate.h> 22 #include <linux/skbuff.h> 23 #include <linux/spinlock.h> 24 #include <linux/stddef.h> 25 #include <uapi/linux/batadv_packet.h> 26 27 #include "bitarray.h" 28 #include "bridge_loop_avoidance.h" 29 #include "distributed-arp-table.h" 30 #include "fragmentation.h" 31 #include "hard-interface.h" 32 #include "icmp_socket.h" 33 #include "log.h" 34 #include "network-coding.h" 35 #include "originator.h" 36 #include "send.h" 37 #include "soft-interface.h" 38 #include "tp_meter.h" 39 #include "translation-table.h" 40 #include "tvlv.h" 41 42 static int batadv_route_unicast_packet(struct sk_buff *skb, 43 struct batadv_hard_iface *recv_if); 44 45 /** 46 * _batadv_update_route() - set the router for this originator 47 * @bat_priv: the bat priv with all the soft interface information 48 * @orig_node: orig node which is to be configured 49 * @recv_if: the receive interface for which this route is set 50 * @neigh_node: neighbor which should be the next router 51 * 52 * This function does not perform any error checks 53 */ 54 static void _batadv_update_route(struct batadv_priv *bat_priv, 55 struct batadv_orig_node *orig_node, 56 struct batadv_hard_iface *recv_if, 57 struct batadv_neigh_node *neigh_node) 58 { 59 struct batadv_orig_ifinfo *orig_ifinfo; 60 struct batadv_neigh_node *curr_router; 61 62 orig_ifinfo = batadv_orig_ifinfo_get(orig_node, recv_if); 63 if (!orig_ifinfo) 64 return; 65 66 spin_lock_bh(&orig_node->neigh_list_lock); 67 /* curr_router used earlier may not be the current orig_ifinfo->router 68 * anymore because it was dereferenced outside of the neigh_list_lock 69 * protected region. After the new best neighbor has replace the current 70 * best neighbor the reference counter needs to decrease. Consequently, 71 * the code needs to ensure the curr_router variable contains a pointer 72 * to the replaced best neighbor. 73 */ 74 curr_router = rcu_dereference_protected(orig_ifinfo->router, true); 75 76 /* increase refcount of new best neighbor */ 77 if (neigh_node) 78 kref_get(&neigh_node->refcount); 79 80 rcu_assign_pointer(orig_ifinfo->router, neigh_node); 81 spin_unlock_bh(&orig_node->neigh_list_lock); 82 batadv_orig_ifinfo_put(orig_ifinfo); 83 84 /* route deleted */ 85 if (curr_router && !neigh_node) { 86 batadv_dbg(BATADV_DBG_ROUTES, bat_priv, 87 "Deleting route towards: %pM\n", orig_node->orig); 88 batadv_tt_global_del_orig(bat_priv, orig_node, -1, 89 "Deleted route towards originator"); 90 91 /* route added */ 92 } else if (!curr_router && neigh_node) { 93 batadv_dbg(BATADV_DBG_ROUTES, bat_priv, 94 "Adding route towards: %pM (via %pM)\n", 95 orig_node->orig, neigh_node->addr); 96 /* route changed */ 97 } else if (neigh_node && curr_router) { 98 batadv_dbg(BATADV_DBG_ROUTES, bat_priv, 99 "Changing route towards: %pM (now via %pM - was via %pM)\n", 100 orig_node->orig, neigh_node->addr, 101 curr_router->addr); 102 } 103 104 /* decrease refcount of previous best neighbor */ 105 if (curr_router) 106 batadv_neigh_node_put(curr_router); 107 } 108 109 /** 110 * batadv_update_route() - set the router for this originator 111 * @bat_priv: the bat priv with all the soft interface information 112 * @orig_node: orig node which is to be configured 113 * @recv_if: the receive interface for which this route is set 114 * @neigh_node: neighbor which should be the next router 115 */ 116 void batadv_update_route(struct batadv_priv *bat_priv, 117 struct batadv_orig_node *orig_node, 118 struct batadv_hard_iface *recv_if, 119 struct batadv_neigh_node *neigh_node) 120 { 121 struct batadv_neigh_node *router = NULL; 122 123 if (!orig_node) 124 goto out; 125 126 router = batadv_orig_router_get(orig_node, recv_if); 127 128 if (router != neigh_node) 129 _batadv_update_route(bat_priv, orig_node, recv_if, neigh_node); 130 131 out: 132 if (router) 133 batadv_neigh_node_put(router); 134 } 135 136 /** 137 * batadv_window_protected() - checks whether the host restarted and is in the 138 * protection time. 139 * @bat_priv: the bat priv with all the soft interface information 140 * @seq_num_diff: difference between the current/received sequence number and 141 * the last sequence number 142 * @seq_old_max_diff: maximum age of sequence number not considered as restart 143 * @last_reset: jiffies timestamp of the last reset, will be updated when reset 144 * is detected 145 * @protection_started: is set to true if the protection window was started, 146 * doesn't change otherwise. 147 * 148 * Return: 149 * false if the packet is to be accepted. 150 * true if the packet is to be ignored. 151 */ 152 bool batadv_window_protected(struct batadv_priv *bat_priv, s32 seq_num_diff, 153 s32 seq_old_max_diff, unsigned long *last_reset, 154 bool *protection_started) 155 { 156 if (seq_num_diff <= -seq_old_max_diff || 157 seq_num_diff >= BATADV_EXPECTED_SEQNO_RANGE) { 158 if (!batadv_has_timed_out(*last_reset, 159 BATADV_RESET_PROTECTION_MS)) 160 return true; 161 162 *last_reset = jiffies; 163 if (protection_started) 164 *protection_started = true; 165 batadv_dbg(BATADV_DBG_BATMAN, bat_priv, 166 "old packet received, start protection\n"); 167 } 168 169 return false; 170 } 171 172 /** 173 * batadv_check_management_packet() - Check preconditions for management packets 174 * @skb: incoming packet buffer 175 * @hard_iface: incoming hard interface 176 * @header_len: minimal header length of packet type 177 * 178 * Return: true when management preconditions are met, false otherwise 179 */ 180 bool batadv_check_management_packet(struct sk_buff *skb, 181 struct batadv_hard_iface *hard_iface, 182 int header_len) 183 { 184 struct ethhdr *ethhdr; 185 186 /* drop packet if it has not necessary minimum size */ 187 if (unlikely(!pskb_may_pull(skb, header_len))) 188 return false; 189 190 ethhdr = eth_hdr(skb); 191 192 /* packet with broadcast indication but unicast recipient */ 193 if (!is_broadcast_ether_addr(ethhdr->h_dest)) 194 return false; 195 196 /* packet with invalid sender address */ 197 if (!is_valid_ether_addr(ethhdr->h_source)) 198 return false; 199 200 /* create a copy of the skb, if needed, to modify it. */ 201 if (skb_cow(skb, 0) < 0) 202 return false; 203 204 /* keep skb linear */ 205 if (skb_linearize(skb) < 0) 206 return false; 207 208 return true; 209 } 210 211 /** 212 * batadv_recv_my_icmp_packet() - receive an icmp packet locally 213 * @bat_priv: the bat priv with all the soft interface information 214 * @skb: icmp packet to process 215 * 216 * Return: NET_RX_SUCCESS if the packet has been consumed or NET_RX_DROP 217 * otherwise. 218 */ 219 static int batadv_recv_my_icmp_packet(struct batadv_priv *bat_priv, 220 struct sk_buff *skb) 221 { 222 struct batadv_hard_iface *primary_if = NULL; 223 struct batadv_orig_node *orig_node = NULL; 224 struct batadv_icmp_header *icmph; 225 int res, ret = NET_RX_DROP; 226 227 icmph = (struct batadv_icmp_header *)skb->data; 228 229 switch (icmph->msg_type) { 230 case BATADV_ECHO_REPLY: 231 case BATADV_DESTINATION_UNREACHABLE: 232 case BATADV_TTL_EXCEEDED: 233 /* receive the packet */ 234 if (skb_linearize(skb) < 0) 235 break; 236 237 batadv_socket_receive_packet(icmph, skb->len); 238 break; 239 case BATADV_ECHO_REQUEST: 240 /* answer echo request (ping) */ 241 primary_if = batadv_primary_if_get_selected(bat_priv); 242 if (!primary_if) 243 goto out; 244 245 /* get routing information */ 246 orig_node = batadv_orig_hash_find(bat_priv, icmph->orig); 247 if (!orig_node) 248 goto out; 249 250 /* create a copy of the skb, if needed, to modify it. */ 251 if (skb_cow(skb, ETH_HLEN) < 0) 252 goto out; 253 254 icmph = (struct batadv_icmp_header *)skb->data; 255 256 ether_addr_copy(icmph->dst, icmph->orig); 257 ether_addr_copy(icmph->orig, primary_if->net_dev->dev_addr); 258 icmph->msg_type = BATADV_ECHO_REPLY; 259 icmph->ttl = BATADV_TTL; 260 261 res = batadv_send_skb_to_orig(skb, orig_node, NULL); 262 if (res == NET_XMIT_SUCCESS) 263 ret = NET_RX_SUCCESS; 264 265 /* skb was consumed */ 266 skb = NULL; 267 break; 268 case BATADV_TP: 269 if (!pskb_may_pull(skb, sizeof(struct batadv_icmp_tp_packet))) 270 goto out; 271 272 batadv_tp_meter_recv(bat_priv, skb); 273 ret = NET_RX_SUCCESS; 274 /* skb was consumed */ 275 skb = NULL; 276 goto out; 277 default: 278 /* drop unknown type */ 279 goto out; 280 } 281 out: 282 if (primary_if) 283 batadv_hardif_put(primary_if); 284 if (orig_node) 285 batadv_orig_node_put(orig_node); 286 287 kfree_skb(skb); 288 289 return ret; 290 } 291 292 static int batadv_recv_icmp_ttl_exceeded(struct batadv_priv *bat_priv, 293 struct sk_buff *skb) 294 { 295 struct batadv_hard_iface *primary_if = NULL; 296 struct batadv_orig_node *orig_node = NULL; 297 struct batadv_icmp_packet *icmp_packet; 298 int res, ret = NET_RX_DROP; 299 300 icmp_packet = (struct batadv_icmp_packet *)skb->data; 301 302 /* send TTL exceeded if packet is an echo request (traceroute) */ 303 if (icmp_packet->msg_type != BATADV_ECHO_REQUEST) { 304 pr_debug("Warning - can't forward icmp packet from %pM to %pM: ttl exceeded\n", 305 icmp_packet->orig, icmp_packet->dst); 306 goto out; 307 } 308 309 primary_if = batadv_primary_if_get_selected(bat_priv); 310 if (!primary_if) 311 goto out; 312 313 /* get routing information */ 314 orig_node = batadv_orig_hash_find(bat_priv, icmp_packet->orig); 315 if (!orig_node) 316 goto out; 317 318 /* create a copy of the skb, if needed, to modify it. */ 319 if (skb_cow(skb, ETH_HLEN) < 0) 320 goto out; 321 322 icmp_packet = (struct batadv_icmp_packet *)skb->data; 323 324 ether_addr_copy(icmp_packet->dst, icmp_packet->orig); 325 ether_addr_copy(icmp_packet->orig, primary_if->net_dev->dev_addr); 326 icmp_packet->msg_type = BATADV_TTL_EXCEEDED; 327 icmp_packet->ttl = BATADV_TTL; 328 329 res = batadv_send_skb_to_orig(skb, orig_node, NULL); 330 if (res == NET_RX_SUCCESS) 331 ret = NET_XMIT_SUCCESS; 332 333 /* skb was consumed */ 334 skb = NULL; 335 336 out: 337 if (primary_if) 338 batadv_hardif_put(primary_if); 339 if (orig_node) 340 batadv_orig_node_put(orig_node); 341 342 kfree_skb(skb); 343 344 return ret; 345 } 346 347 /** 348 * batadv_recv_icmp_packet() - Process incoming icmp packet 349 * @skb: incoming packet buffer 350 * @recv_if: incoming hard interface 351 * 352 * Return: NET_RX_SUCCESS on success or NET_RX_DROP in case of failure 353 */ 354 int batadv_recv_icmp_packet(struct sk_buff *skb, 355 struct batadv_hard_iface *recv_if) 356 { 357 struct batadv_priv *bat_priv = netdev_priv(recv_if->soft_iface); 358 struct batadv_icmp_header *icmph; 359 struct batadv_icmp_packet_rr *icmp_packet_rr; 360 struct ethhdr *ethhdr; 361 struct batadv_orig_node *orig_node = NULL; 362 int hdr_size = sizeof(struct batadv_icmp_header); 363 int res, ret = NET_RX_DROP; 364 365 /* drop packet if it has not necessary minimum size */ 366 if (unlikely(!pskb_may_pull(skb, hdr_size))) 367 goto free_skb; 368 369 ethhdr = eth_hdr(skb); 370 371 /* packet with unicast indication but non-unicast recipient */ 372 if (!is_valid_ether_addr(ethhdr->h_dest)) 373 goto free_skb; 374 375 /* packet with broadcast/multicast sender address */ 376 if (is_multicast_ether_addr(ethhdr->h_source)) 377 goto free_skb; 378 379 /* not for me */ 380 if (!batadv_is_my_mac(bat_priv, ethhdr->h_dest)) 381 goto free_skb; 382 383 icmph = (struct batadv_icmp_header *)skb->data; 384 385 /* add record route information if not full */ 386 if ((icmph->msg_type == BATADV_ECHO_REPLY || 387 icmph->msg_type == BATADV_ECHO_REQUEST) && 388 skb->len >= sizeof(struct batadv_icmp_packet_rr)) { 389 if (skb_linearize(skb) < 0) 390 goto free_skb; 391 392 /* create a copy of the skb, if needed, to modify it. */ 393 if (skb_cow(skb, ETH_HLEN) < 0) 394 goto free_skb; 395 396 ethhdr = eth_hdr(skb); 397 icmph = (struct batadv_icmp_header *)skb->data; 398 icmp_packet_rr = (struct batadv_icmp_packet_rr *)icmph; 399 if (icmp_packet_rr->rr_cur >= BATADV_RR_LEN) 400 goto free_skb; 401 402 ether_addr_copy(icmp_packet_rr->rr[icmp_packet_rr->rr_cur], 403 ethhdr->h_dest); 404 icmp_packet_rr->rr_cur++; 405 } 406 407 /* packet for me */ 408 if (batadv_is_my_mac(bat_priv, icmph->dst)) 409 return batadv_recv_my_icmp_packet(bat_priv, skb); 410 411 /* TTL exceeded */ 412 if (icmph->ttl < 2) 413 return batadv_recv_icmp_ttl_exceeded(bat_priv, skb); 414 415 /* get routing information */ 416 orig_node = batadv_orig_hash_find(bat_priv, icmph->dst); 417 if (!orig_node) 418 goto free_skb; 419 420 /* create a copy of the skb, if needed, to modify it. */ 421 if (skb_cow(skb, ETH_HLEN) < 0) 422 goto put_orig_node; 423 424 icmph = (struct batadv_icmp_header *)skb->data; 425 426 /* decrement ttl */ 427 icmph->ttl--; 428 429 /* route it */ 430 res = batadv_send_skb_to_orig(skb, orig_node, recv_if); 431 if (res == NET_XMIT_SUCCESS) 432 ret = NET_RX_SUCCESS; 433 434 /* skb was consumed */ 435 skb = NULL; 436 437 put_orig_node: 438 if (orig_node) 439 batadv_orig_node_put(orig_node); 440 free_skb: 441 kfree_skb(skb); 442 443 return ret; 444 } 445 446 /** 447 * batadv_check_unicast_packet() - Check for malformed unicast packets 448 * @bat_priv: the bat priv with all the soft interface information 449 * @skb: packet to check 450 * @hdr_size: size of header to pull 451 * 452 * Check for short header and bad addresses in given packet. 453 * 454 * Return: negative value when check fails and 0 otherwise. The negative value 455 * depends on the reason: -ENODATA for bad header, -EBADR for broadcast 456 * destination or source, and -EREMOTE for non-local (other host) destination. 457 */ 458 static int batadv_check_unicast_packet(struct batadv_priv *bat_priv, 459 struct sk_buff *skb, int hdr_size) 460 { 461 struct ethhdr *ethhdr; 462 463 /* drop packet if it has not necessary minimum size */ 464 if (unlikely(!pskb_may_pull(skb, hdr_size))) 465 return -ENODATA; 466 467 ethhdr = eth_hdr(skb); 468 469 /* packet with unicast indication but non-unicast recipient */ 470 if (!is_valid_ether_addr(ethhdr->h_dest)) 471 return -EBADR; 472 473 /* packet with broadcast/multicast sender address */ 474 if (is_multicast_ether_addr(ethhdr->h_source)) 475 return -EBADR; 476 477 /* not for me */ 478 if (!batadv_is_my_mac(bat_priv, ethhdr->h_dest)) 479 return -EREMOTE; 480 481 return 0; 482 } 483 484 /** 485 * batadv_last_bonding_get() - Get last_bonding_candidate of orig_node 486 * @orig_node: originator node whose last bonding candidate should be retrieved 487 * 488 * Return: last bonding candidate of router or NULL if not found 489 * 490 * The object is returned with refcounter increased by 1. 491 */ 492 static struct batadv_orig_ifinfo * 493 batadv_last_bonding_get(struct batadv_orig_node *orig_node) 494 { 495 struct batadv_orig_ifinfo *last_bonding_candidate; 496 497 spin_lock_bh(&orig_node->neigh_list_lock); 498 last_bonding_candidate = orig_node->last_bonding_candidate; 499 500 if (last_bonding_candidate) 501 kref_get(&last_bonding_candidate->refcount); 502 spin_unlock_bh(&orig_node->neigh_list_lock); 503 504 return last_bonding_candidate; 505 } 506 507 /** 508 * batadv_last_bonding_replace() - Replace last_bonding_candidate of orig_node 509 * @orig_node: originator node whose bonding candidates should be replaced 510 * @new_candidate: new bonding candidate or NULL 511 */ 512 static void 513 batadv_last_bonding_replace(struct batadv_orig_node *orig_node, 514 struct batadv_orig_ifinfo *new_candidate) 515 { 516 struct batadv_orig_ifinfo *old_candidate; 517 518 spin_lock_bh(&orig_node->neigh_list_lock); 519 old_candidate = orig_node->last_bonding_candidate; 520 521 if (new_candidate) 522 kref_get(&new_candidate->refcount); 523 orig_node->last_bonding_candidate = new_candidate; 524 spin_unlock_bh(&orig_node->neigh_list_lock); 525 526 if (old_candidate) 527 batadv_orig_ifinfo_put(old_candidate); 528 } 529 530 /** 531 * batadv_find_router() - find a suitable router for this originator 532 * @bat_priv: the bat priv with all the soft interface information 533 * @orig_node: the destination node 534 * @recv_if: pointer to interface this packet was received on 535 * 536 * Return: the router which should be used for this orig_node on 537 * this interface, or NULL if not available. 538 */ 539 struct batadv_neigh_node * 540 batadv_find_router(struct batadv_priv *bat_priv, 541 struct batadv_orig_node *orig_node, 542 struct batadv_hard_iface *recv_if) 543 { 544 struct batadv_algo_ops *bao = bat_priv->algo_ops; 545 struct batadv_neigh_node *first_candidate_router = NULL; 546 struct batadv_neigh_node *next_candidate_router = NULL; 547 struct batadv_neigh_node *router, *cand_router = NULL; 548 struct batadv_neigh_node *last_cand_router = NULL; 549 struct batadv_orig_ifinfo *cand, *first_candidate = NULL; 550 struct batadv_orig_ifinfo *next_candidate = NULL; 551 struct batadv_orig_ifinfo *last_candidate; 552 bool last_candidate_found = false; 553 554 if (!orig_node) 555 return NULL; 556 557 router = batadv_orig_router_get(orig_node, recv_if); 558 559 if (!router) 560 return router; 561 562 /* only consider bonding for recv_if == BATADV_IF_DEFAULT (first hop) 563 * and if activated. 564 */ 565 if (!(recv_if == BATADV_IF_DEFAULT && atomic_read(&bat_priv->bonding))) 566 return router; 567 568 /* bonding: loop through the list of possible routers found 569 * for the various outgoing interfaces and find a candidate after 570 * the last chosen bonding candidate (next_candidate). If no such 571 * router is found, use the first candidate found (the previously 572 * chosen bonding candidate might have been the last one in the list). 573 * If this can't be found either, return the previously chosen 574 * router - obviously there are no other candidates. 575 */ 576 rcu_read_lock(); 577 last_candidate = batadv_last_bonding_get(orig_node); 578 if (last_candidate) 579 last_cand_router = rcu_dereference(last_candidate->router); 580 581 hlist_for_each_entry_rcu(cand, &orig_node->ifinfo_list, list) { 582 /* acquire some structures and references ... */ 583 if (!kref_get_unless_zero(&cand->refcount)) 584 continue; 585 586 cand_router = rcu_dereference(cand->router); 587 if (!cand_router) 588 goto next; 589 590 if (!kref_get_unless_zero(&cand_router->refcount)) { 591 cand_router = NULL; 592 goto next; 593 } 594 595 /* alternative candidate should be good enough to be 596 * considered 597 */ 598 if (!bao->neigh.is_similar_or_better(cand_router, 599 cand->if_outgoing, router, 600 recv_if)) 601 goto next; 602 603 /* don't use the same router twice */ 604 if (last_cand_router == cand_router) 605 goto next; 606 607 /* mark the first possible candidate */ 608 if (!first_candidate) { 609 kref_get(&cand_router->refcount); 610 kref_get(&cand->refcount); 611 first_candidate = cand; 612 first_candidate_router = cand_router; 613 } 614 615 /* check if the loop has already passed the previously selected 616 * candidate ... this function should select the next candidate 617 * AFTER the previously used bonding candidate. 618 */ 619 if (!last_candidate || last_candidate_found) { 620 next_candidate = cand; 621 next_candidate_router = cand_router; 622 break; 623 } 624 625 if (last_candidate == cand) 626 last_candidate_found = true; 627 next: 628 /* free references */ 629 if (cand_router) { 630 batadv_neigh_node_put(cand_router); 631 cand_router = NULL; 632 } 633 batadv_orig_ifinfo_put(cand); 634 } 635 rcu_read_unlock(); 636 637 /* After finding candidates, handle the three cases: 638 * 1) there is a next candidate, use that 639 * 2) there is no next candidate, use the first of the list 640 * 3) there is no candidate at all, return the default router 641 */ 642 if (next_candidate) { 643 batadv_neigh_node_put(router); 644 645 kref_get(&next_candidate_router->refcount); 646 router = next_candidate_router; 647 batadv_last_bonding_replace(orig_node, next_candidate); 648 } else if (first_candidate) { 649 batadv_neigh_node_put(router); 650 651 kref_get(&first_candidate_router->refcount); 652 router = first_candidate_router; 653 batadv_last_bonding_replace(orig_node, first_candidate); 654 } else { 655 batadv_last_bonding_replace(orig_node, NULL); 656 } 657 658 /* cleanup of candidates */ 659 if (first_candidate) { 660 batadv_neigh_node_put(first_candidate_router); 661 batadv_orig_ifinfo_put(first_candidate); 662 } 663 664 if (next_candidate) { 665 batadv_neigh_node_put(next_candidate_router); 666 batadv_orig_ifinfo_put(next_candidate); 667 } 668 669 if (last_candidate) 670 batadv_orig_ifinfo_put(last_candidate); 671 672 return router; 673 } 674 675 static int batadv_route_unicast_packet(struct sk_buff *skb, 676 struct batadv_hard_iface *recv_if) 677 { 678 struct batadv_priv *bat_priv = netdev_priv(recv_if->soft_iface); 679 struct batadv_orig_node *orig_node = NULL; 680 struct batadv_unicast_packet *unicast_packet; 681 struct ethhdr *ethhdr = eth_hdr(skb); 682 int res, hdr_len, ret = NET_RX_DROP; 683 unsigned int len; 684 685 unicast_packet = (struct batadv_unicast_packet *)skb->data; 686 687 /* TTL exceeded */ 688 if (unicast_packet->ttl < 2) { 689 pr_debug("Warning - can't forward unicast packet from %pM to %pM: ttl exceeded\n", 690 ethhdr->h_source, unicast_packet->dest); 691 goto free_skb; 692 } 693 694 /* get routing information */ 695 orig_node = batadv_orig_hash_find(bat_priv, unicast_packet->dest); 696 697 if (!orig_node) 698 goto free_skb; 699 700 /* create a copy of the skb, if needed, to modify it. */ 701 if (skb_cow(skb, ETH_HLEN) < 0) 702 goto put_orig_node; 703 704 /* decrement ttl */ 705 unicast_packet = (struct batadv_unicast_packet *)skb->data; 706 unicast_packet->ttl--; 707 708 switch (unicast_packet->packet_type) { 709 case BATADV_UNICAST_4ADDR: 710 hdr_len = sizeof(struct batadv_unicast_4addr_packet); 711 break; 712 case BATADV_UNICAST: 713 hdr_len = sizeof(struct batadv_unicast_packet); 714 break; 715 default: 716 /* other packet types not supported - yet */ 717 hdr_len = -1; 718 break; 719 } 720 721 if (hdr_len > 0) 722 batadv_skb_set_priority(skb, hdr_len); 723 724 len = skb->len; 725 res = batadv_send_skb_to_orig(skb, orig_node, recv_if); 726 727 /* translate transmit result into receive result */ 728 if (res == NET_XMIT_SUCCESS) { 729 ret = NET_RX_SUCCESS; 730 /* skb was transmitted and consumed */ 731 batadv_inc_counter(bat_priv, BATADV_CNT_FORWARD); 732 batadv_add_counter(bat_priv, BATADV_CNT_FORWARD_BYTES, 733 len + ETH_HLEN); 734 } 735 736 /* skb was consumed */ 737 skb = NULL; 738 739 put_orig_node: 740 batadv_orig_node_put(orig_node); 741 free_skb: 742 kfree_skb(skb); 743 744 return ret; 745 } 746 747 /** 748 * batadv_reroute_unicast_packet() - update the unicast header for re-routing 749 * @bat_priv: the bat priv with all the soft interface information 750 * @skb: unicast packet to process 751 * @unicast_packet: the unicast header to be updated 752 * @dst_addr: the payload destination 753 * @vid: VLAN identifier 754 * 755 * Search the translation table for dst_addr and update the unicast header with 756 * the new corresponding information (originator address where the destination 757 * client currently is and its known TTVN) 758 * 759 * Return: true if the packet header has been updated, false otherwise 760 */ 761 static bool 762 batadv_reroute_unicast_packet(struct batadv_priv *bat_priv, struct sk_buff *skb, 763 struct batadv_unicast_packet *unicast_packet, 764 u8 *dst_addr, unsigned short vid) 765 { 766 struct batadv_orig_node *orig_node = NULL; 767 struct batadv_hard_iface *primary_if = NULL; 768 bool ret = false; 769 u8 *orig_addr, orig_ttvn; 770 771 if (batadv_is_my_client(bat_priv, dst_addr, vid)) { 772 primary_if = batadv_primary_if_get_selected(bat_priv); 773 if (!primary_if) 774 goto out; 775 orig_addr = primary_if->net_dev->dev_addr; 776 orig_ttvn = (u8)atomic_read(&bat_priv->tt.vn); 777 } else { 778 orig_node = batadv_transtable_search(bat_priv, NULL, dst_addr, 779 vid); 780 if (!orig_node) 781 goto out; 782 783 if (batadv_compare_eth(orig_node->orig, unicast_packet->dest)) 784 goto out; 785 786 orig_addr = orig_node->orig; 787 orig_ttvn = (u8)atomic_read(&orig_node->last_ttvn); 788 } 789 790 /* update the packet header */ 791 skb_postpull_rcsum(skb, unicast_packet, sizeof(*unicast_packet)); 792 ether_addr_copy(unicast_packet->dest, orig_addr); 793 unicast_packet->ttvn = orig_ttvn; 794 skb_postpush_rcsum(skb, unicast_packet, sizeof(*unicast_packet)); 795 796 ret = true; 797 out: 798 if (primary_if) 799 batadv_hardif_put(primary_if); 800 if (orig_node) 801 batadv_orig_node_put(orig_node); 802 803 return ret; 804 } 805 806 static bool batadv_check_unicast_ttvn(struct batadv_priv *bat_priv, 807 struct sk_buff *skb, int hdr_len) 808 { 809 struct batadv_unicast_packet *unicast_packet; 810 struct batadv_hard_iface *primary_if; 811 struct batadv_orig_node *orig_node; 812 u8 curr_ttvn, old_ttvn; 813 struct ethhdr *ethhdr; 814 unsigned short vid; 815 int is_old_ttvn; 816 817 /* check if there is enough data before accessing it */ 818 if (!pskb_may_pull(skb, hdr_len + ETH_HLEN)) 819 return false; 820 821 /* create a copy of the skb (in case of for re-routing) to modify it. */ 822 if (skb_cow(skb, sizeof(*unicast_packet)) < 0) 823 return false; 824 825 unicast_packet = (struct batadv_unicast_packet *)skb->data; 826 vid = batadv_get_vid(skb, hdr_len); 827 ethhdr = (struct ethhdr *)(skb->data + hdr_len); 828 829 /* check if the destination client was served by this node and it is now 830 * roaming. In this case, it means that the node has got a ROAM_ADV 831 * message and that it knows the new destination in the mesh to re-route 832 * the packet to 833 */ 834 if (batadv_tt_local_client_is_roaming(bat_priv, ethhdr->h_dest, vid)) { 835 if (batadv_reroute_unicast_packet(bat_priv, skb, unicast_packet, 836 ethhdr->h_dest, vid)) 837 batadv_dbg_ratelimited(BATADV_DBG_TT, 838 bat_priv, 839 "Rerouting unicast packet to %pM (dst=%pM): Local Roaming\n", 840 unicast_packet->dest, 841 ethhdr->h_dest); 842 /* at this point the mesh destination should have been 843 * substituted with the originator address found in the global 844 * table. If not, let the packet go untouched anyway because 845 * there is nothing the node can do 846 */ 847 return true; 848 } 849 850 /* retrieve the TTVN known by this node for the packet destination. This 851 * value is used later to check if the node which sent (or re-routed 852 * last time) the packet had an updated information or not 853 */ 854 curr_ttvn = (u8)atomic_read(&bat_priv->tt.vn); 855 if (!batadv_is_my_mac(bat_priv, unicast_packet->dest)) { 856 orig_node = batadv_orig_hash_find(bat_priv, 857 unicast_packet->dest); 858 /* if it is not possible to find the orig_node representing the 859 * destination, the packet can immediately be dropped as it will 860 * not be possible to deliver it 861 */ 862 if (!orig_node) 863 return false; 864 865 curr_ttvn = (u8)atomic_read(&orig_node->last_ttvn); 866 batadv_orig_node_put(orig_node); 867 } 868 869 /* check if the TTVN contained in the packet is fresher than what the 870 * node knows 871 */ 872 is_old_ttvn = batadv_seq_before(unicast_packet->ttvn, curr_ttvn); 873 if (!is_old_ttvn) 874 return true; 875 876 old_ttvn = unicast_packet->ttvn; 877 /* the packet was forged based on outdated network information. Its 878 * destination can possibly be updated and forwarded towards the new 879 * target host 880 */ 881 if (batadv_reroute_unicast_packet(bat_priv, skb, unicast_packet, 882 ethhdr->h_dest, vid)) { 883 batadv_dbg_ratelimited(BATADV_DBG_TT, bat_priv, 884 "Rerouting unicast packet to %pM (dst=%pM): TTVN mismatch old_ttvn=%u new_ttvn=%u\n", 885 unicast_packet->dest, ethhdr->h_dest, 886 old_ttvn, curr_ttvn); 887 return true; 888 } 889 890 /* the packet has not been re-routed: either the destination is 891 * currently served by this node or there is no destination at all and 892 * it is possible to drop the packet 893 */ 894 if (!batadv_is_my_client(bat_priv, ethhdr->h_dest, vid)) 895 return false; 896 897 /* update the header in order to let the packet be delivered to this 898 * node's soft interface 899 */ 900 primary_if = batadv_primary_if_get_selected(bat_priv); 901 if (!primary_if) 902 return false; 903 904 /* update the packet header */ 905 skb_postpull_rcsum(skb, unicast_packet, sizeof(*unicast_packet)); 906 ether_addr_copy(unicast_packet->dest, primary_if->net_dev->dev_addr); 907 unicast_packet->ttvn = curr_ttvn; 908 skb_postpush_rcsum(skb, unicast_packet, sizeof(*unicast_packet)); 909 910 batadv_hardif_put(primary_if); 911 912 return true; 913 } 914 915 /** 916 * batadv_recv_unhandled_unicast_packet() - receive and process packets which 917 * are in the unicast number space but not yet known to the implementation 918 * @skb: unicast tvlv packet to process 919 * @recv_if: pointer to interface this packet was received on 920 * 921 * Return: NET_RX_SUCCESS if the packet has been consumed or NET_RX_DROP 922 * otherwise. 923 */ 924 int batadv_recv_unhandled_unicast_packet(struct sk_buff *skb, 925 struct batadv_hard_iface *recv_if) 926 { 927 struct batadv_unicast_packet *unicast_packet; 928 struct batadv_priv *bat_priv = netdev_priv(recv_if->soft_iface); 929 int check, hdr_size = sizeof(*unicast_packet); 930 931 check = batadv_check_unicast_packet(bat_priv, skb, hdr_size); 932 if (check < 0) 933 goto free_skb; 934 935 /* we don't know about this type, drop it. */ 936 unicast_packet = (struct batadv_unicast_packet *)skb->data; 937 if (batadv_is_my_mac(bat_priv, unicast_packet->dest)) 938 goto free_skb; 939 940 return batadv_route_unicast_packet(skb, recv_if); 941 942 free_skb: 943 kfree_skb(skb); 944 return NET_RX_DROP; 945 } 946 947 /** 948 * batadv_recv_unicast_packet() - Process incoming unicast packet 949 * @skb: incoming packet buffer 950 * @recv_if: incoming hard interface 951 * 952 * Return: NET_RX_SUCCESS on success or NET_RX_DROP in case of failure 953 */ 954 int batadv_recv_unicast_packet(struct sk_buff *skb, 955 struct batadv_hard_iface *recv_if) 956 { 957 struct batadv_priv *bat_priv = netdev_priv(recv_if->soft_iface); 958 struct batadv_unicast_packet *unicast_packet; 959 struct batadv_unicast_4addr_packet *unicast_4addr_packet; 960 u8 *orig_addr, *orig_addr_gw; 961 struct batadv_orig_node *orig_node = NULL, *orig_node_gw = NULL; 962 int check, hdr_size = sizeof(*unicast_packet); 963 enum batadv_subtype subtype; 964 int ret = NET_RX_DROP; 965 bool is4addr, is_gw; 966 967 unicast_packet = (struct batadv_unicast_packet *)skb->data; 968 is4addr = unicast_packet->packet_type == BATADV_UNICAST_4ADDR; 969 /* the caller function should have already pulled 2 bytes */ 970 if (is4addr) 971 hdr_size = sizeof(*unicast_4addr_packet); 972 973 /* function returns -EREMOTE for promiscuous packets */ 974 check = batadv_check_unicast_packet(bat_priv, skb, hdr_size); 975 976 /* Even though the packet is not for us, we might save it to use for 977 * decoding a later received coded packet 978 */ 979 if (check == -EREMOTE) 980 batadv_nc_skb_store_sniffed_unicast(bat_priv, skb); 981 982 if (check < 0) 983 goto free_skb; 984 if (!batadv_check_unicast_ttvn(bat_priv, skb, hdr_size)) 985 goto free_skb; 986 987 unicast_packet = (struct batadv_unicast_packet *)skb->data; 988 989 /* packet for me */ 990 if (batadv_is_my_mac(bat_priv, unicast_packet->dest)) { 991 /* If this is a unicast packet from another backgone gw, 992 * drop it. 993 */ 994 orig_addr_gw = eth_hdr(skb)->h_source; 995 orig_node_gw = batadv_orig_hash_find(bat_priv, orig_addr_gw); 996 if (orig_node_gw) { 997 is_gw = batadv_bla_is_backbone_gw(skb, orig_node_gw, 998 hdr_size); 999 batadv_orig_node_put(orig_node_gw); 1000 if (is_gw) { 1001 batadv_dbg(BATADV_DBG_BLA, bat_priv, 1002 "%s(): Dropped unicast pkt received from another backbone gw %pM.\n", 1003 __func__, orig_addr_gw); 1004 goto free_skb; 1005 } 1006 } 1007 1008 if (is4addr) { 1009 unicast_4addr_packet = 1010 (struct batadv_unicast_4addr_packet *)skb->data; 1011 subtype = unicast_4addr_packet->subtype; 1012 batadv_dat_inc_counter(bat_priv, subtype); 1013 1014 /* Only payload data should be considered for speedy 1015 * join. For example, DAT also uses unicast 4addr 1016 * types, but those packets should not be considered 1017 * for speedy join, since the clients do not actually 1018 * reside at the sending originator. 1019 */ 1020 if (subtype == BATADV_P_DATA) { 1021 orig_addr = unicast_4addr_packet->src; 1022 orig_node = batadv_orig_hash_find(bat_priv, 1023 orig_addr); 1024 } 1025 } 1026 1027 if (batadv_dat_snoop_incoming_arp_request(bat_priv, skb, 1028 hdr_size)) 1029 goto rx_success; 1030 if (batadv_dat_snoop_incoming_arp_reply(bat_priv, skb, 1031 hdr_size)) 1032 goto rx_success; 1033 1034 batadv_dat_snoop_incoming_dhcp_ack(bat_priv, skb, hdr_size); 1035 1036 batadv_interface_rx(recv_if->soft_iface, skb, hdr_size, 1037 orig_node); 1038 1039 rx_success: 1040 if (orig_node) 1041 batadv_orig_node_put(orig_node); 1042 1043 return NET_RX_SUCCESS; 1044 } 1045 1046 ret = batadv_route_unicast_packet(skb, recv_if); 1047 /* skb was consumed */ 1048 skb = NULL; 1049 1050 free_skb: 1051 kfree_skb(skb); 1052 1053 return ret; 1054 } 1055 1056 /** 1057 * batadv_recv_unicast_tvlv() - receive and process unicast tvlv packets 1058 * @skb: unicast tvlv packet to process 1059 * @recv_if: pointer to interface this packet was received on 1060 * 1061 * Return: NET_RX_SUCCESS if the packet has been consumed or NET_RX_DROP 1062 * otherwise. 1063 */ 1064 int batadv_recv_unicast_tvlv(struct sk_buff *skb, 1065 struct batadv_hard_iface *recv_if) 1066 { 1067 struct batadv_priv *bat_priv = netdev_priv(recv_if->soft_iface); 1068 struct batadv_unicast_tvlv_packet *unicast_tvlv_packet; 1069 unsigned char *tvlv_buff; 1070 u16 tvlv_buff_len; 1071 int hdr_size = sizeof(*unicast_tvlv_packet); 1072 int ret = NET_RX_DROP; 1073 1074 if (batadv_check_unicast_packet(bat_priv, skb, hdr_size) < 0) 1075 goto free_skb; 1076 1077 /* the header is likely to be modified while forwarding */ 1078 if (skb_cow(skb, hdr_size) < 0) 1079 goto free_skb; 1080 1081 /* packet needs to be linearized to access the tvlv content */ 1082 if (skb_linearize(skb) < 0) 1083 goto free_skb; 1084 1085 unicast_tvlv_packet = (struct batadv_unicast_tvlv_packet *)skb->data; 1086 1087 tvlv_buff = (unsigned char *)(skb->data + hdr_size); 1088 tvlv_buff_len = ntohs(unicast_tvlv_packet->tvlv_len); 1089 1090 if (tvlv_buff_len > skb->len - hdr_size) 1091 goto free_skb; 1092 1093 ret = batadv_tvlv_containers_process(bat_priv, false, NULL, 1094 unicast_tvlv_packet->src, 1095 unicast_tvlv_packet->dst, 1096 tvlv_buff, tvlv_buff_len); 1097 1098 if (ret != NET_RX_SUCCESS) { 1099 ret = batadv_route_unicast_packet(skb, recv_if); 1100 /* skb was consumed */ 1101 skb = NULL; 1102 } 1103 1104 free_skb: 1105 kfree_skb(skb); 1106 1107 return ret; 1108 } 1109 1110 /** 1111 * batadv_recv_frag_packet() - process received fragment 1112 * @skb: the received fragment 1113 * @recv_if: interface that the skb is received on 1114 * 1115 * This function does one of the three following things: 1) Forward fragment, if 1116 * the assembled packet will exceed our MTU; 2) Buffer fragment, if we till 1117 * lack further fragments; 3) Merge fragments, if we have all needed parts. 1118 * 1119 * Return: NET_RX_DROP if the skb is not consumed, NET_RX_SUCCESS otherwise. 1120 */ 1121 int batadv_recv_frag_packet(struct sk_buff *skb, 1122 struct batadv_hard_iface *recv_if) 1123 { 1124 struct batadv_priv *bat_priv = netdev_priv(recv_if->soft_iface); 1125 struct batadv_orig_node *orig_node_src = NULL; 1126 struct batadv_frag_packet *frag_packet; 1127 int ret = NET_RX_DROP; 1128 1129 if (batadv_check_unicast_packet(bat_priv, skb, 1130 sizeof(*frag_packet)) < 0) 1131 goto free_skb; 1132 1133 frag_packet = (struct batadv_frag_packet *)skb->data; 1134 orig_node_src = batadv_orig_hash_find(bat_priv, frag_packet->orig); 1135 if (!orig_node_src) 1136 goto free_skb; 1137 1138 skb->priority = frag_packet->priority + 256; 1139 1140 /* Route the fragment if it is not for us and too big to be merged. */ 1141 if (!batadv_is_my_mac(bat_priv, frag_packet->dest) && 1142 batadv_frag_skb_fwd(skb, recv_if, orig_node_src)) { 1143 /* skb was consumed */ 1144 skb = NULL; 1145 ret = NET_RX_SUCCESS; 1146 goto put_orig_node; 1147 } 1148 1149 batadv_inc_counter(bat_priv, BATADV_CNT_FRAG_RX); 1150 batadv_add_counter(bat_priv, BATADV_CNT_FRAG_RX_BYTES, skb->len); 1151 1152 /* Add fragment to buffer and merge if possible. */ 1153 if (!batadv_frag_skb_buffer(&skb, orig_node_src)) 1154 goto put_orig_node; 1155 1156 /* Deliver merged packet to the appropriate handler, if it was 1157 * merged 1158 */ 1159 if (skb) { 1160 batadv_batman_skb_recv(skb, recv_if->net_dev, 1161 &recv_if->batman_adv_ptype, NULL); 1162 /* skb was consumed */ 1163 skb = NULL; 1164 } 1165 1166 ret = NET_RX_SUCCESS; 1167 1168 put_orig_node: 1169 batadv_orig_node_put(orig_node_src); 1170 free_skb: 1171 kfree_skb(skb); 1172 1173 return ret; 1174 } 1175 1176 /** 1177 * batadv_recv_bcast_packet() - Process incoming broadcast packet 1178 * @skb: incoming packet buffer 1179 * @recv_if: incoming hard interface 1180 * 1181 * Return: NET_RX_SUCCESS on success or NET_RX_DROP in case of failure 1182 */ 1183 int batadv_recv_bcast_packet(struct sk_buff *skb, 1184 struct batadv_hard_iface *recv_if) 1185 { 1186 struct batadv_priv *bat_priv = netdev_priv(recv_if->soft_iface); 1187 struct batadv_orig_node *orig_node = NULL; 1188 struct batadv_bcast_packet *bcast_packet; 1189 struct ethhdr *ethhdr; 1190 int hdr_size = sizeof(*bcast_packet); 1191 int ret = NET_RX_DROP; 1192 s32 seq_diff; 1193 u32 seqno; 1194 1195 /* drop packet if it has not necessary minimum size */ 1196 if (unlikely(!pskb_may_pull(skb, hdr_size))) 1197 goto free_skb; 1198 1199 ethhdr = eth_hdr(skb); 1200 1201 /* packet with broadcast indication but unicast recipient */ 1202 if (!is_broadcast_ether_addr(ethhdr->h_dest)) 1203 goto free_skb; 1204 1205 /* packet with broadcast/multicast sender address */ 1206 if (is_multicast_ether_addr(ethhdr->h_source)) 1207 goto free_skb; 1208 1209 /* ignore broadcasts sent by myself */ 1210 if (batadv_is_my_mac(bat_priv, ethhdr->h_source)) 1211 goto free_skb; 1212 1213 bcast_packet = (struct batadv_bcast_packet *)skb->data; 1214 1215 /* ignore broadcasts originated by myself */ 1216 if (batadv_is_my_mac(bat_priv, bcast_packet->orig)) 1217 goto free_skb; 1218 1219 if (bcast_packet->ttl < 2) 1220 goto free_skb; 1221 1222 orig_node = batadv_orig_hash_find(bat_priv, bcast_packet->orig); 1223 1224 if (!orig_node) 1225 goto free_skb; 1226 1227 spin_lock_bh(&orig_node->bcast_seqno_lock); 1228 1229 seqno = ntohl(bcast_packet->seqno); 1230 /* check whether the packet is a duplicate */ 1231 if (batadv_test_bit(orig_node->bcast_bits, orig_node->last_bcast_seqno, 1232 seqno)) 1233 goto spin_unlock; 1234 1235 seq_diff = seqno - orig_node->last_bcast_seqno; 1236 1237 /* check whether the packet is old and the host just restarted. */ 1238 if (batadv_window_protected(bat_priv, seq_diff, 1239 BATADV_BCAST_MAX_AGE, 1240 &orig_node->bcast_seqno_reset, NULL)) 1241 goto spin_unlock; 1242 1243 /* mark broadcast in flood history, update window position 1244 * if required. 1245 */ 1246 if (batadv_bit_get_packet(bat_priv, orig_node->bcast_bits, seq_diff, 1)) 1247 orig_node->last_bcast_seqno = seqno; 1248 1249 spin_unlock_bh(&orig_node->bcast_seqno_lock); 1250 1251 /* check whether this has been sent by another originator before */ 1252 if (batadv_bla_check_bcast_duplist(bat_priv, skb)) 1253 goto free_skb; 1254 1255 batadv_skb_set_priority(skb, sizeof(struct batadv_bcast_packet)); 1256 1257 /* rebroadcast packet */ 1258 batadv_add_bcast_packet_to_list(bat_priv, skb, 1, false); 1259 1260 /* don't hand the broadcast up if it is from an originator 1261 * from the same backbone. 1262 */ 1263 if (batadv_bla_is_backbone_gw(skb, orig_node, hdr_size)) 1264 goto free_skb; 1265 1266 if (batadv_dat_snoop_incoming_arp_request(bat_priv, skb, hdr_size)) 1267 goto rx_success; 1268 if (batadv_dat_snoop_incoming_arp_reply(bat_priv, skb, hdr_size)) 1269 goto rx_success; 1270 1271 batadv_dat_snoop_incoming_dhcp_ack(bat_priv, skb, hdr_size); 1272 1273 /* broadcast for me */ 1274 batadv_interface_rx(recv_if->soft_iface, skb, hdr_size, orig_node); 1275 1276 rx_success: 1277 ret = NET_RX_SUCCESS; 1278 goto out; 1279 1280 spin_unlock: 1281 spin_unlock_bh(&orig_node->bcast_seqno_lock); 1282 free_skb: 1283 kfree_skb(skb); 1284 out: 1285 if (orig_node) 1286 batadv_orig_node_put(orig_node); 1287 return ret; 1288 } 1289