1 /* $NetBSD: ip6opt.c,v 1.5 2000/01/23 00:09:19 mycroft Exp $ */ 2 3 /* 4 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. Neither the name of the project nor the names of its contributors 16 * may be used to endorse or promote products derived from this software 17 * without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. 30 */ 31 32 #include <sys/param.h> 33 #include <sys/types.h> 34 #include <sys/socket.h> 35 36 #include <netinet/in.h> 37 #include <netinet/ip6.h> 38 39 #include <assert.h> 40 #include <string.h> 41 #include <stdio.h> 42 43 static int ip6optlen(u_int8_t *opt, u_int8_t *lim); 44 static void inet6_insert_padopt(u_char *p, size_t len); 45 46 /* 47 * This function returns the number of bytes required to hold an option 48 * when it is stored as ancillary data, including the cmsghdr structure 49 * at the beginning, and any padding at the end (to make its size a 50 * multiple of 8 bytes). The argument is the size of the structure 51 * defining the option, which must include any pad bytes at the 52 * beginning (the value y in the alignment term "xn + y"), the type 53 * byte, the length byte, and the option data. 54 */ 55 int 56 inet6_option_space(nbytes) 57 int nbytes; 58 { 59 nbytes += 2; /* we need space for nxt-hdr and length fields */ 60 return(CMSG_SPACE((nbytes + 7) & ~7)); 61 } 62 63 /* 64 * This function is called once per ancillary data object that will 65 * contain either Hop-by-Hop or Destination options. It returns 0 on 66 * success or -1 on an error. 67 */ 68 int 69 inet6_option_init(bp, cmsgp, type) 70 void *bp; 71 struct cmsghdr **cmsgp; 72 int type; 73 { 74 register struct cmsghdr *ch; 75 76 _DIAGASSERT(bp != NULL); 77 _DIAGASSERT(cmsgp != NULL); 78 79 ch = (struct cmsghdr *)bp; 80 81 /* argument validation */ 82 if (type != IPV6_HOPOPTS && type != IPV6_DSTOPTS) 83 return(-1); 84 85 ch->cmsg_level = IPPROTO_IPV6; 86 ch->cmsg_type = type; 87 ch->cmsg_len = CMSG_LEN(0); 88 89 *cmsgp = ch; 90 return(0); 91 } 92 93 /* 94 * This function appends a Hop-by-Hop option or a Destination option 95 * into an ancillary data object that has been initialized by 96 * inet6_option_init(). This function returns 0 if it succeeds or -1 on 97 * an error. 98 * multx is the value x in the alignment term "xn + y" described 99 * earlier. It must have a value of 1, 2, 4, or 8. 100 * plusy is the value y in the alignment term "xn + y" described 101 * earlier. It must have a value between 0 and 7, inclusive. 102 */ 103 int 104 inet6_option_append(cmsg, typep, multx, plusy) 105 struct cmsghdr *cmsg; 106 const u_int8_t *typep; 107 int multx; 108 int plusy; 109 { 110 size_t padlen, optlen, off; 111 register u_char *bp; 112 struct ip6_ext *eh; 113 114 _DIAGASSERT(cmsg != NULL); 115 _DIAGASSERT(typep != NULL); 116 117 bp = (u_char *)cmsg + cmsg->cmsg_len; 118 eh = (struct ip6_ext *)CMSG_DATA(cmsg); 119 120 /* argument validation */ 121 if (multx != 1 && multx != 2 && multx != 4 && multx != 8) 122 return(-1); 123 if (plusy < 0 || plusy > 7) 124 return(-1); 125 if (typep[0] > 255) 126 return(-1); 127 128 /* 129 * If this is the first option, allocate space for the 130 * first 2 bytes(for next header and length fields) of 131 * the option header. 132 */ 133 if (bp == (u_char *)eh) { 134 bp += 2; 135 cmsg->cmsg_len += 2; 136 } 137 138 /* calculate pad length before the option. */ 139 off = bp - (u_char *)eh; 140 padlen = (((off % multx) + (multx - 1)) & ~(multx - 1)) - 141 (off % multx); 142 padlen += plusy; 143 /* insert padding */ 144 inet6_insert_padopt(bp, padlen); 145 cmsg->cmsg_len += padlen; 146 bp += padlen; 147 148 /* copy the option */ 149 if (typep[0] == IP6OPT_PAD1) 150 optlen = 1; 151 else 152 optlen = typep[1] + 2; 153 memcpy(bp, typep, (size_t)optlen); 154 bp += optlen; 155 cmsg->cmsg_len += optlen; 156 157 /* calculate pad length after the option and insert the padding */ 158 off = bp - (u_char *)eh; 159 padlen = ((off + 7) & ~7) - off; 160 inet6_insert_padopt(bp, padlen); 161 bp += padlen; 162 cmsg->cmsg_len += padlen; 163 164 /* update the length field of the ip6 option header */ 165 off = bp - (u_char *)eh; 166 eh->ip6e_len = (off >> 3) - 1; 167 168 return(0); 169 } 170 171 /* 172 * This function appends a Hop-by-Hop option or a Destination option 173 * into an ancillary data object that has been initialized by 174 * inet6_option_init(). This function returns a pointer to the 8-bit 175 * option type field that starts the option on success, or NULL on an 176 * error. 177 * The difference between this function and inet6_option_append() is 178 * that the latter copies the contents of a previously built option into 179 * the ancillary data object while the current function returns a 180 * pointer to the space in the data object where the option's TLV must 181 * then be built by the caller. 182 * 183 */ 184 u_int8_t * 185 inet6_option_alloc(cmsg, datalen, multx, plusy) 186 struct cmsghdr *cmsg; 187 int datalen; 188 int multx; 189 int plusy; 190 { 191 size_t padlen, off; 192 register u_int8_t *bp; 193 u_int8_t *retval; 194 struct ip6_ext *eh; 195 196 _DIAGASSERT(cmsg != NULL); 197 198 bp = (u_char *)cmsg + cmsg->cmsg_len; 199 eh = (struct ip6_ext *)CMSG_DATA(cmsg); 200 201 /* argument validation */ 202 if (multx != 1 && multx != 2 && multx != 4 && multx != 8) 203 return(NULL); 204 if (plusy < 0 || plusy > 7) 205 return(NULL); 206 207 /* 208 * If this is the first option, allocate space for the 209 * first 2 bytes(for next header and length fields) of 210 * the option header. 211 */ 212 if (bp == (u_char *)eh) { 213 bp += 2; 214 cmsg->cmsg_len += 2; 215 } 216 217 /* calculate pad length before the option. */ 218 off = bp - (u_char *)eh; 219 padlen = (((off % multx) + (multx - 1)) & ~(multx - 1)) - 220 (off % multx); 221 padlen += plusy; 222 /* insert padding */ 223 inet6_insert_padopt(bp, padlen); 224 cmsg->cmsg_len += padlen; 225 bp += padlen; 226 227 /* keep space to store specified length of data */ 228 retval = bp; 229 bp += datalen; 230 cmsg->cmsg_len += datalen; 231 232 /* calculate pad length after the option and insert the padding */ 233 off = bp - (u_char *)eh; 234 padlen = ((off + 7) & ~7) - off; 235 inet6_insert_padopt(bp, padlen); 236 bp += padlen; 237 cmsg->cmsg_len += padlen; 238 239 /* update the length field of the ip6 option header */ 240 off = bp - (u_char *)eh; 241 eh->ip6e_len = (off >> 3) - 1; 242 243 return(retval); 244 } 245 246 /* 247 * This function processes the next Hop-by-Hop option or Destination 248 * option in an ancillary data object. If another option remains to be 249 * processed, the return value of the function is 0 and *tptrp points to 250 * the 8-bit option type field (which is followed by the 8-bit option 251 * data length, followed by the option data). If no more options remain 252 * to be processed, the return value is -1 and *tptrp is NULL. If an 253 * error occurs, the return value is -1 and *tptrp is not NULL. 254 * (RFC 2292, 6.3.5) 255 */ 256 int 257 inet6_option_next(cmsg, tptrp) 258 const struct cmsghdr *cmsg; 259 u_int8_t **tptrp; 260 { 261 struct ip6_ext *ip6e; 262 int hdrlen, optlen; 263 u_int8_t *lim; 264 265 _DIAGASSERT(cmsg != NULL); 266 _DIAGASSERT(tptrp != NULL); 267 268 if (cmsg->cmsg_level != IPPROTO_IPV6 || 269 (cmsg->cmsg_type != IPV6_HOPOPTS && 270 cmsg->cmsg_type != IPV6_DSTOPTS)) 271 return(-1); 272 273 /* message length validation */ 274 if (cmsg->cmsg_len < CMSG_SPACE(sizeof(struct ip6_ext))) 275 return(-1); 276 ip6e = (struct ip6_ext *)CMSG_DATA(cmsg); 277 hdrlen = (ip6e->ip6e_len + 1) << 3; 278 if (cmsg->cmsg_len < CMSG_SPACE(hdrlen)) 279 return(-1); 280 281 /* 282 * If the caller does not specify the starting point, 283 * simply return the 1st option. 284 * Otherwise, search the option list for the next option. 285 */ 286 lim = (u_int8_t *)ip6e + hdrlen; 287 if (*tptrp == NULL) 288 *tptrp = (u_int8_t *)(ip6e + 1); 289 else { 290 if ((optlen = ip6optlen(*tptrp, lim)) == 0) 291 return(-1); 292 293 *tptrp = *tptrp + optlen; 294 } 295 if (*tptrp >= lim) { /* there is no option */ 296 *tptrp = NULL; 297 return(-1); 298 } 299 /* 300 * Finally, checks if the next option is safely stored in the 301 * cmsg data. 302 */ 303 if (ip6optlen(*tptrp, lim) == 0) 304 return(-1); 305 else 306 return(0); 307 } 308 309 /* 310 * This function is similar to the inet6_option_next() function, 311 * except this function lets the caller specify the option type to be 312 * searched for, instead of always returning the next option in the 313 * ancillary data object. 314 * Note: RFC 2292 says the type of tptrp is u_int8_t *, but we think 315 * it's a typo. The variable should be type of u_int8_t **. 316 */ 317 int 318 inet6_option_find(cmsg, tptrp, type) 319 const struct cmsghdr *cmsg; 320 u_int8_t **tptrp; 321 int type; 322 { 323 struct ip6_ext *ip6e; 324 int hdrlen, optlen; 325 u_int8_t *optp, *lim; 326 327 _DIAGASSERT(cmsg != NULL); 328 _DIAGASSERT(tptrp != NULL); 329 330 if (cmsg->cmsg_level != IPPROTO_IPV6 || 331 (cmsg->cmsg_type != IPV6_HOPOPTS && 332 cmsg->cmsg_type != IPV6_DSTOPTS)) 333 return(-1); 334 335 /* message length validation */ 336 if (cmsg->cmsg_len < CMSG_SPACE(sizeof(struct ip6_ext))) 337 return(-1); 338 ip6e = (struct ip6_ext *)CMSG_DATA(cmsg); 339 hdrlen = (ip6e->ip6e_len + 1) << 3; 340 if (cmsg->cmsg_len < CMSG_SPACE(hdrlen)) 341 return(-1); 342 343 /* 344 * If the caller does not specify the starting point, 345 * search from the beginning of the option list. 346 * Otherwise, search from *the next option* of the specified point. 347 */ 348 lim = (u_int8_t *)ip6e + hdrlen; 349 if (*tptrp == NULL) 350 *tptrp = (u_int8_t *)(ip6e + 1); 351 else { 352 if ((optlen = ip6optlen(*tptrp, lim)) == 0) 353 return(-1); 354 355 *tptrp = *tptrp + optlen; 356 } 357 for (optp = *tptrp; optp < lim; optp += optlen) { 358 if (*optp == type) { 359 *tptrp = optp; 360 return(0); 361 } 362 if ((optlen = ip6optlen(optp, lim)) == 0) 363 return(-1); 364 } 365 366 /* search failed */ 367 *tptrp = NULL; 368 return(-1); 369 } 370 371 /* 372 * Calculate the length of a given IPv6 option. Also checks 373 * if the option is safely stored in user's buffer according to the 374 * calculated length and the limitation of the buffer. 375 */ 376 static int 377 ip6optlen(opt, lim) 378 u_int8_t *opt, *lim; 379 { 380 int optlen; 381 382 _DIAGASSERT(opt != NULL); 383 _DIAGASSERT(lim != NULL); 384 385 if (*opt == IP6OPT_PAD1) 386 optlen = 1; 387 else { 388 /* is there enough space to store type and len? */ 389 if (opt + 2 > lim) 390 return(0); 391 optlen = *(opt + 1) + 2; 392 } 393 if (opt + optlen <= lim) 394 return(optlen); 395 396 return(0); 397 } 398 399 static void 400 inet6_insert_padopt(u_char *p, size_t len) 401 { 402 403 _DIAGASSERT(p != NULL); 404 405 switch(len) { 406 case 0: 407 return; 408 case 1: 409 p[0] = IP6OPT_PAD1; 410 return; 411 default: 412 p[0] = IP6OPT_PADN; 413 p[1] = len - 2; 414 memset(&p[2], 0, len - 2); 415 return; 416 } 417 } 418