1 /** @file
2 * @brief IPv6 related functions
3 */
4
5 /*
6 * Copyright (c) 2016 Intel Corporation
7 *
8 * SPDX-License-Identifier: Apache-2.0
9 */
10
11 /* By default this prints too much data, set the value to 1 to see
12 * neighbor cache contents.
13 */
14 #define NET_DEBUG_NBR 0
15
16 #include <zephyr/logging/log.h>
17 LOG_MODULE_REGISTER(net_ipv6, CONFIG_NET_IPV6_LOG_LEVEL);
18
19 #include <errno.h>
20 #include <stdlib.h>
21
22 #if defined(CONFIG_NET_IPV6_IID_STABLE)
23 #include <zephyr/random/random.h>
24 #include <mbedtls/md.h>
25 #endif /* CONFIG_NET_IPV6_IID_STABLE */
26
27 #include <zephyr/net/net_core.h>
28 #include <zephyr/net/net_pkt.h>
29 #include <zephyr/net/net_stats.h>
30 #include <zephyr/net/net_context.h>
31 #include <zephyr/net/net_mgmt.h>
32 #include <zephyr/net/virtual.h>
33 #include "net_private.h"
34 #include "connection.h"
35 #include "icmpv6.h"
36 #include "udp_internal.h"
37 #include "tcp_internal.h"
38 #include "ipv6.h"
39 #include "nbr.h"
40 #include "6lo.h"
41 #include "route.h"
42 #include "net_stats.h"
43
44 BUILD_ASSERT(sizeof(struct in6_addr) == NET_IPV6_ADDR_SIZE);
45
46 /* Timeout value to be used when allocating net buffer during various
47 * neighbor discovery procedures.
48 */
49 #define ND_NET_BUF_TIMEOUT K_MSEC(100)
50
51 /* Timeout for various buffer allocations in this file. */
52 #define NET_BUF_TIMEOUT K_MSEC(50)
53
54 /* Maximum reachable time value specified in RFC 4861 section
55 * 6.2.1. Router Configuration Variables, AdvReachableTime
56 */
57 #define MAX_REACHABLE_TIME 3600000
58
net_ipv6_create(struct net_pkt * pkt,const struct in6_addr * src,const struct in6_addr * dst)59 int net_ipv6_create(struct net_pkt *pkt,
60 const struct in6_addr *src,
61 const struct in6_addr *dst)
62 {
63 NET_PKT_DATA_ACCESS_CONTIGUOUS_DEFINE(ipv6_access, struct net_ipv6_hdr);
64 struct net_ipv6_hdr *ipv6_hdr;
65 uint8_t tc = 0;
66
67 ipv6_hdr = (struct net_ipv6_hdr *)net_pkt_get_data(pkt, &ipv6_access);
68 if (!ipv6_hdr) {
69 return -ENOBUFS;
70 }
71
72 if (IS_ENABLED(CONFIG_NET_IP_DSCP_ECN)) {
73 net_ipv6_set_dscp(&tc, net_pkt_ip_dscp(pkt));
74 net_ipv6_set_ecn(&tc, net_pkt_ip_ecn(pkt));
75 }
76
77 ipv6_hdr->vtc = 0x60 | ((tc >> 4) & 0x0F);
78 ipv6_hdr->tcflow = (tc << 4) & 0xF0;
79 ipv6_hdr->flow = 0U;
80 ipv6_hdr->len = 0U;
81 ipv6_hdr->nexthdr = 0U;
82
83 /* Set the hop limit by default from net_pkt as that could
84 * be set for example when sending NS. If the limit is 0,
85 * then take the value from socket.
86 */
87 ipv6_hdr->hop_limit = net_pkt_ipv6_hop_limit(pkt);
88 if (ipv6_hdr->hop_limit == 0U) {
89 if (net_ipv6_is_addr_mcast(dst)) {
90 if (net_pkt_context(pkt) != NULL) {
91 ipv6_hdr->hop_limit =
92 net_context_get_ipv6_mcast_hop_limit(net_pkt_context(pkt));
93 } else {
94 ipv6_hdr->hop_limit =
95 net_if_ipv6_get_mcast_hop_limit(net_pkt_iface(pkt));
96 }
97 } else {
98 if (net_pkt_context(pkt) != NULL) {
99 ipv6_hdr->hop_limit =
100 net_context_get_ipv6_hop_limit(net_pkt_context(pkt));
101 } else {
102 ipv6_hdr->hop_limit =
103 net_if_ipv6_get_hop_limit(net_pkt_iface(pkt));
104 }
105 }
106 }
107
108 net_ipv6_addr_copy_raw(ipv6_hdr->dst, (uint8_t *)dst);
109 net_ipv6_addr_copy_raw(ipv6_hdr->src, (uint8_t *)src);
110
111 net_pkt_set_ip_hdr_len(pkt, sizeof(struct net_ipv6_hdr));
112 net_pkt_set_ipv6_ext_len(pkt, 0);
113
114 return net_pkt_set_data(pkt, &ipv6_access);
115 }
116
net_ipv6_finalize(struct net_pkt * pkt,uint8_t next_header_proto)117 int net_ipv6_finalize(struct net_pkt *pkt, uint8_t next_header_proto)
118 {
119 NET_PKT_DATA_ACCESS_CONTIGUOUS_DEFINE(ipv6_access, struct net_ipv6_hdr);
120 struct net_ipv6_hdr *ipv6_hdr;
121
122 net_pkt_set_overwrite(pkt, true);
123
124 ipv6_hdr = (struct net_ipv6_hdr *)net_pkt_get_data(pkt, &ipv6_access);
125 if (!ipv6_hdr) {
126 return -ENOBUFS;
127 }
128
129 ipv6_hdr->len = htons(net_pkt_get_len(pkt) -
130 sizeof(struct net_ipv6_hdr));
131
132 if (net_pkt_ipv6_next_hdr(pkt) != 255U) {
133 ipv6_hdr->nexthdr = net_pkt_ipv6_next_hdr(pkt);
134 } else {
135 ipv6_hdr->nexthdr = next_header_proto;
136 }
137
138 net_pkt_set_data(pkt, &ipv6_access);
139
140 if (net_pkt_ipv6_next_hdr(pkt) != 255U &&
141 net_pkt_skip(pkt, net_pkt_ipv6_ext_len(pkt))) {
142 return -ENOBUFS;
143 }
144
145 if (IS_ENABLED(CONFIG_NET_UDP) &&
146 next_header_proto == IPPROTO_UDP) {
147 return net_udp_finalize(pkt, false);
148 } else if (IS_ENABLED(CONFIG_NET_TCP) &&
149 next_header_proto == IPPROTO_TCP) {
150 return net_tcp_finalize(pkt, false);
151 } else if (next_header_proto == IPPROTO_ICMPV6) {
152 return net_icmpv6_finalize(pkt, false);
153 }
154
155 return 0;
156 }
157
ipv6_drop_on_unknown_option(struct net_pkt * pkt,struct net_ipv6_hdr * hdr,uint8_t opt_type,uint16_t opt_type_offset)158 static inline bool ipv6_drop_on_unknown_option(struct net_pkt *pkt,
159 struct net_ipv6_hdr *hdr,
160 uint8_t opt_type,
161 uint16_t opt_type_offset)
162 {
163 /* RFC 2460 chapter 4.2 tells how to handle the unknown
164 * options by the two highest order bits of the option:
165 *
166 * 00: Skip over this option and continue processing the header.
167 * 01: Discard the packet.
168 * 10: Discard the packet and, regardless of whether or not the
169 * packet's Destination Address was a multicast address,
170 * send an ICMP Parameter Problem, Code 2, message to the packet's
171 * Source Address, pointing to the unrecognized Option Type.
172 * 11: Discard the packet and, only if the packet's Destination
173 * Address was not a multicast address, send an ICMP Parameter
174 * Problem, Code 2, message to the packet's Source Address,
175 * pointing to the unrecognized Option Type.
176 */
177 NET_DBG("Unknown option %d (0x%02x) MSB %d - 0x%02x",
178 opt_type, opt_type, opt_type >> 6, opt_type & 0xc0);
179
180 switch (opt_type & 0xc0) {
181 case 0x00:
182 return false;
183 case 0x40:
184 break;
185 case 0xc0:
186 if (net_ipv6_is_addr_mcast((struct in6_addr *)hdr->dst)) {
187 break;
188 }
189
190 __fallthrough;
191 case 0x80:
192 net_icmpv6_send_error(pkt, NET_ICMPV6_PARAM_PROBLEM,
193 NET_ICMPV6_PARAM_PROB_OPTION,
194 (uint32_t)opt_type_offset);
195 break;
196 }
197
198 return true;
199 }
200
ipv6_handle_ext_hdr_options(struct net_pkt * pkt,struct net_ipv6_hdr * hdr,uint16_t pkt_len)201 static inline int ipv6_handle_ext_hdr_options(struct net_pkt *pkt,
202 struct net_ipv6_hdr *hdr,
203 uint16_t pkt_len)
204 {
205 uint16_t exthdr_len = 0U;
206 uint16_t length = 0U;
207
208 {
209 uint8_t val = 0U;
210
211 if (net_pkt_read_u8(pkt, &val)) {
212 return -ENOBUFS;
213 }
214 exthdr_len = val * 8U + 8;
215 }
216
217 if (exthdr_len > pkt_len) {
218 NET_DBG("Corrupted packet, extension header %d too long "
219 "(max %d bytes)", exthdr_len, pkt_len);
220 return -EINVAL;
221 }
222
223 length += 2U;
224
225 while (length < exthdr_len) {
226 uint16_t opt_type_offset;
227 uint8_t opt_type, opt_len;
228
229 opt_type_offset = net_pkt_get_current_offset(pkt);
230
231 /* Each extension option has type and length - except
232 * Pad1 which has only a type without any length
233 */
234 if (net_pkt_read_u8(pkt, &opt_type)) {
235 return -ENOBUFS;
236 }
237
238 if (opt_type != NET_IPV6_EXT_HDR_OPT_PAD1) {
239 if (net_pkt_read_u8(pkt, &opt_len)) {
240 return -ENOBUFS;
241 }
242 }
243
244 switch (opt_type) {
245 case NET_IPV6_EXT_HDR_OPT_PAD1:
246 NET_DBG("PAD1 option");
247 length++;
248 break;
249 case NET_IPV6_EXT_HDR_OPT_PADN:
250 NET_DBG("PADN option");
251 length += opt_len + 2;
252 net_pkt_skip(pkt, opt_len);
253 break;
254 default:
255 /* Make sure that the option length is not too large.
256 * The former 1 + 1 is the length of extension type +
257 * length fields.
258 * The latter 1 + 1 is the length of the sub-option
259 * type and length fields.
260 */
261 if (opt_len > (exthdr_len - (1 + 1 + 1 + 1))) {
262 return -EINVAL;
263 }
264
265 if (ipv6_drop_on_unknown_option(pkt, hdr,
266 opt_type, opt_type_offset)) {
267 return -ENOTSUP;
268 }
269
270 if (net_pkt_skip(pkt, opt_len)) {
271 return -ENOBUFS;
272 }
273
274 length += opt_len + 2;
275
276 break;
277 }
278 }
279
280 return exthdr_len;
281 }
282
283 #if defined(CONFIG_NET_ROUTE)
add_route(struct net_if * iface,struct in6_addr * addr,uint8_t prefix_len)284 static struct net_route_entry *add_route(struct net_if *iface,
285 struct in6_addr *addr,
286 uint8_t prefix_len)
287 {
288 struct net_route_entry *route;
289
290 route = net_route_lookup(iface, addr);
291 if (route) {
292 return route;
293 }
294
295 route = net_route_add(iface, addr, prefix_len, addr,
296 NET_IPV6_ND_INFINITE_LIFETIME,
297 NET_ROUTE_PREFERENCE_LOW);
298
299 NET_DBG("%s route to %s/%d iface %p", route ? "Add" : "Cannot add",
300 net_sprint_ipv6_addr(addr), prefix_len, iface);
301
302 return route;
303 }
304 #endif /* CONFIG_NET_ROUTE */
305
ipv6_no_route_info(struct net_pkt * pkt,struct in6_addr * src,struct in6_addr * dst)306 static void ipv6_no_route_info(struct net_pkt *pkt,
307 struct in6_addr *src,
308 struct in6_addr *dst)
309 {
310 NET_DBG("Will not route pkt %p ll src %s to dst %s between interfaces",
311 pkt, net_sprint_ipv6_addr(src),
312 net_sprint_ipv6_addr(dst));
313 }
314
315 #if defined(CONFIG_NET_ROUTE)
ipv6_route_packet(struct net_pkt * pkt,struct net_ipv6_hdr * hdr)316 static enum net_verdict ipv6_route_packet(struct net_pkt *pkt,
317 struct net_ipv6_hdr *hdr)
318 {
319 struct net_route_entry *route;
320 struct in6_addr *nexthop;
321 bool found;
322
323 /* Check if the packet can be routed */
324 if (IS_ENABLED(CONFIG_NET_ROUTING)) {
325 found = net_route_get_info(NULL, (struct in6_addr *)hdr->dst,
326 &route, &nexthop);
327 } else {
328 found = net_route_get_info(net_pkt_iface(pkt),
329 (struct in6_addr *)hdr->dst,
330 &route, &nexthop);
331 }
332
333 if (found) {
334 int ret;
335
336 if (IS_ENABLED(CONFIG_NET_ROUTING) &&
337 (net_ipv6_is_ll_addr((struct in6_addr *)hdr->src) ||
338 net_ipv6_is_ll_addr((struct in6_addr *)hdr->dst))) {
339 /* RFC 4291 ch 2.5.6 */
340 ipv6_no_route_info(pkt, (struct in6_addr *)hdr->src,
341 (struct in6_addr *)hdr->dst);
342 goto drop;
343 }
344
345 /* Used when detecting if the original link
346 * layer address length is changed or not.
347 */
348 net_pkt_set_orig_iface(pkt, net_pkt_iface(pkt));
349
350 if (route) {
351 net_pkt_set_iface(pkt, route->iface);
352 }
353
354 if (IS_ENABLED(CONFIG_NET_ROUTING) &&
355 net_pkt_orig_iface(pkt) != net_pkt_iface(pkt) &&
356 !net_if_flag_is_set(net_pkt_orig_iface(pkt), NET_IF_IPV6_NO_ND)) {
357 /* If the route interface to destination is
358 * different than the original route, then add
359 * route to original source.
360 */
361 NET_DBG("Route pkt %p from %p to %p",
362 pkt, net_pkt_orig_iface(pkt),
363 net_pkt_iface(pkt));
364
365 add_route(net_pkt_orig_iface(pkt),
366 (struct in6_addr *)hdr->src, 128);
367 }
368
369 ret = net_route_packet(pkt, nexthop);
370 if (ret < 0) {
371 NET_DBG("Cannot re-route pkt %p via %s "
372 "at iface %p (%d)",
373 pkt, net_sprint_ipv6_addr(nexthop),
374 net_pkt_iface(pkt), ret);
375 } else {
376 return NET_OK;
377 }
378 } else {
379 struct net_if *iface = NULL;
380 int ret;
381
382 if (net_if_ipv6_addr_onlink(&iface, (struct in6_addr *)hdr->dst)) {
383 ret = net_route_packet_if(pkt, iface);
384 if (ret < 0) {
385 NET_DBG("Cannot re-route pkt %p "
386 "at iface %p (%d)",
387 pkt, net_pkt_iface(pkt), ret);
388 } else {
389 return NET_OK;
390 }
391 }
392
393 NET_DBG("No route to %s pkt %p dropped",
394 net_sprint_ipv6_addr(&hdr->dst), pkt);
395 }
396
397 drop:
398 return NET_DROP;
399 }
400 #else
ipv6_route_packet(struct net_pkt * pkt,struct net_ipv6_hdr * hdr)401 static inline enum net_verdict ipv6_route_packet(struct net_pkt *pkt,
402 struct net_ipv6_hdr *hdr)
403 {
404 ARG_UNUSED(pkt);
405 ARG_UNUSED(hdr);
406
407 NET_DBG("DROP: Packet %p not for me", pkt);
408
409 return NET_DROP;
410 }
411
412 #endif /* CONFIG_NET_ROUTE */
413
414
ipv6_forward_mcast_packet(struct net_pkt * pkt,struct net_ipv6_hdr * hdr)415 static enum net_verdict ipv6_forward_mcast_packet(struct net_pkt *pkt,
416 struct net_ipv6_hdr *hdr)
417 {
418 #if defined(CONFIG_NET_ROUTE_MCAST)
419 int routed;
420
421 /* Continue processing without forwarding if:
422 * 1. routing loop could be created
423 * 2. the destination is of interface local scope
424 * 3. is from link local source
425 * 4. hop limit is or would become zero
426 */
427 if (net_ipv6_is_addr_mcast((struct in6_addr *)hdr->src) ||
428 net_ipv6_is_addr_mcast_iface((struct in6_addr *)hdr->dst) ||
429 net_ipv6_is_ll_addr((struct in6_addr *)hdr->src) || hdr->hop_limit <= 1) {
430 return NET_CONTINUE;
431 }
432
433 routed = net_route_mcast_forward_packet(pkt, hdr);
434
435 if (routed < 0) {
436 return NET_DROP;
437 }
438 #endif /*CONFIG_NET_ROUTE_MCAST*/
439 return NET_CONTINUE;
440 }
441
extension_to_bitmap(uint8_t header,uint8_t ext_bitmap)442 static uint8_t extension_to_bitmap(uint8_t header, uint8_t ext_bitmap)
443 {
444 switch (header) {
445 case NET_IPV6_NEXTHDR_HBHO:
446 return NET_IPV6_EXT_HDR_BITMAP_HBHO;
447 case NET_IPV6_NEXTHDR_DESTO:
448 /* Destination header can appears twice */
449 if (ext_bitmap & NET_IPV6_EXT_HDR_BITMAP_DESTO1) {
450 return NET_IPV6_EXT_HDR_BITMAP_DESTO2;
451 }
452 return NET_IPV6_EXT_HDR_BITMAP_DESTO1;
453 case NET_IPV6_NEXTHDR_ROUTING:
454 return NET_IPV6_EXT_HDR_BITMAP_ROUTING;
455 case NET_IPV6_NEXTHDR_FRAG:
456 return NET_IPV6_EXT_HDR_BITMAP_FRAG;
457 default:
458 return 0;
459 }
460 }
461
is_src_non_tentative_itself(struct in6_addr * src)462 static inline bool is_src_non_tentative_itself(struct in6_addr *src)
463 {
464 struct net_if_addr *ifaddr;
465
466 ifaddr = net_if_ipv6_addr_lookup(src, NULL);
467 if (ifaddr != NULL && ifaddr->addr_state != NET_ADDR_TENTATIVE) {
468 return true;
469 }
470
471 return false;
472 }
473
net_ipv6_input(struct net_pkt * pkt,bool is_loopback)474 enum net_verdict net_ipv6_input(struct net_pkt *pkt, bool is_loopback)
475 {
476 NET_PKT_DATA_ACCESS_CONTIGUOUS_DEFINE(ipv6_access, struct net_ipv6_hdr);
477 NET_PKT_DATA_ACCESS_DEFINE(udp_access, struct net_udp_hdr);
478 NET_PKT_DATA_ACCESS_DEFINE(tcp_access, struct net_tcp_hdr);
479 struct net_if *pkt_iface = net_pkt_iface(pkt);
480 enum net_verdict verdict = NET_DROP;
481 int real_len = net_pkt_get_len(pkt);
482 uint8_t ext_bitmap = 0U;
483 uint16_t ext_len = 0U;
484 uint8_t current_hdr, nexthdr, prev_hdr_offset;
485 union net_proto_header proto_hdr;
486 struct net_ipv6_hdr *hdr;
487 struct net_if_mcast_addr *if_mcast_addr;
488 union net_ip_header ip;
489 int pkt_len;
490
491 #if defined(CONFIG_NET_L2_IPIP)
492 struct net_pkt_cursor hdr_start;
493
494 net_pkt_cursor_backup(pkt, &hdr_start);
495 #endif
496
497 net_stats_update_ipv6_recv(pkt_iface);
498
499 hdr = (struct net_ipv6_hdr *)net_pkt_get_data(pkt, &ipv6_access);
500 if (!hdr) {
501 NET_DBG("DROP: no buffer");
502 goto drop;
503 }
504
505 pkt_len = ntohs(hdr->len) + sizeof(struct net_ipv6_hdr);
506 if (real_len < pkt_len) {
507 NET_DBG("DROP: pkt len per hdr %d != pkt real len %d",
508 pkt_len, real_len);
509 goto drop;
510 } else if (real_len > pkt_len) {
511 net_pkt_update_length(pkt, pkt_len);
512 }
513
514 NET_DBG("IPv6 packet len %d received from %s to %s", pkt_len,
515 net_sprint_ipv6_addr(&hdr->src),
516 net_sprint_ipv6_addr(&hdr->dst));
517
518 if (net_ipv6_is_addr_unspecified((struct in6_addr *)hdr->src)) {
519 /* If this is a possible DAD message, let it pass. Extra checks
520 * are done in duplicate address detection code to verify that
521 * the packet is ok.
522 */
523 if (!(IS_ENABLED(CONFIG_NET_IPV6_DAD) &&
524 net_ipv6_is_addr_solicited_node((struct in6_addr *)hdr->dst))) {
525 NET_DBG("DROP: src addr is %s", "unspecified");
526 goto drop;
527 }
528 }
529
530 if (net_ipv6_is_addr_mcast((struct in6_addr *)hdr->src) ||
531 net_ipv6_is_addr_mcast_scope((struct in6_addr *)hdr->dst, 0)) {
532 NET_DBG("DROP: multicast packet");
533 goto drop;
534 }
535
536 if (!is_loopback) {
537 if (net_ipv6_is_addr_loopback((struct in6_addr *)hdr->dst) ||
538 net_ipv6_is_addr_loopback((struct in6_addr *)hdr->src)) {
539 NET_DBG("DROP: ::1 packet");
540 goto drop;
541 }
542
543 if (net_ipv6_is_addr_mcast_iface((struct in6_addr *)hdr->dst) ||
544 (net_ipv6_is_addr_mcast_group(
545 (struct in6_addr *)hdr->dst,
546 net_ipv6_unspecified_address()) &&
547 (net_ipv6_is_addr_mcast_site((struct in6_addr *)hdr->dst) ||
548 net_ipv6_is_addr_mcast_org((struct in6_addr *)hdr->dst)))) {
549 NET_DBG("DROP: invalid scope multicast packet");
550 goto drop;
551 }
552
553 /* We need to pass the packet through in case our address is
554 * tentative, as receiving a packet with a tentative address as
555 * source means that duplicate address has been detected.
556 * This check is done later on if routing features are enabled.
557 */
558 if (!IS_ENABLED(CONFIG_NET_ROUTING) && !IS_ENABLED(CONFIG_NET_ROUTE_MCAST) &&
559 is_src_non_tentative_itself((struct in6_addr *)hdr->src)) {
560 NET_DBG("DROP: src addr is %s", "mine");
561 goto drop;
562 }
563 }
564
565 /* Reconstruct TC field. */
566
567 if (IS_ENABLED(CONFIG_NET_IP_DSCP_ECN)) {
568 uint8_t tc = ((hdr->vtc << 4) & 0xF0) | ((hdr->tcflow >> 4) & 0x0F);
569
570 net_pkt_set_ip_dscp(pkt, net_ipv6_get_dscp(tc));
571 net_pkt_set_ip_ecn(pkt, net_ipv6_get_ecn(tc));
572 }
573
574 /* Check extension headers */
575 net_pkt_set_ipv6_next_hdr(pkt, hdr->nexthdr);
576 net_pkt_set_ipv6_ext_len(pkt, 0);
577 net_pkt_set_ip_hdr_len(pkt, sizeof(struct net_ipv6_hdr));
578 net_pkt_set_ipv6_hop_limit(pkt, NET_IPV6_HDR(pkt)->hop_limit);
579 net_pkt_set_family(pkt, PF_INET6);
580
581 if (!net_pkt_filter_ip_recv_ok(pkt)) {
582 /* drop the packet */
583 NET_DBG("DROP: pkt filter");
584 return NET_DROP;
585 }
586
587 if (IS_ENABLED(CONFIG_NET_ROUTE_MCAST) &&
588 net_ipv6_is_addr_mcast((struct in6_addr *)hdr->dst) && !net_pkt_forwarding(pkt)) {
589 /* If the packet is a multicast packet and multicast routing
590 * is activated, we give the packet to the routing engine.
591 *
592 * But we only drop the packet if an error occurs, otherwise
593 * it might be eminent to respond on the packet on application
594 * layer.
595 */
596 if (ipv6_forward_mcast_packet(pkt, hdr) == NET_DROP) {
597 NET_DBG("DROP: forward mcast");
598 goto drop;
599 }
600 }
601
602 if (!net_ipv6_is_addr_mcast((struct in6_addr *)hdr->dst)) {
603 if (!net_if_ipv6_addr_lookup_by_iface(pkt_iface, (struct in6_addr *)hdr->dst)) {
604 if (ipv6_route_packet(pkt, hdr) == NET_OK) {
605 return NET_OK;
606 }
607
608 NET_DBG("DROP: no such address %s in iface %d",
609 net_sprint_ipv6_addr((struct in6_addr *)hdr->dst),
610 net_if_get_by_iface(pkt_iface));
611 goto drop;
612 }
613
614 /* If we receive a packet with ll source address fe80: and
615 * destination address is one of ours, and if the packet would
616 * cross interface boundary, then drop the packet.
617 * RFC 4291 ch 2.5.6
618 */
619 if (IS_ENABLED(CONFIG_NET_ROUTING) &&
620 net_ipv6_is_ll_addr((struct in6_addr *)hdr->src) &&
621 !net_if_ipv6_addr_lookup_by_iface(
622 pkt_iface, (struct in6_addr *)hdr->dst)) {
623 ipv6_no_route_info(pkt, (struct in6_addr *)hdr->src,
624 (struct in6_addr *)hdr->dst);
625 NET_DBG("DROP: cross interface boundary");
626 goto drop;
627 }
628 }
629
630 if ((IS_ENABLED(CONFIG_NET_ROUTING) || IS_ENABLED(CONFIG_NET_ROUTE_MCAST)) &&
631 !is_loopback && is_src_non_tentative_itself((struct in6_addr *)hdr->src)) {
632 NET_DBG("DROP: src addr is %s", "mine");
633 goto drop;
634 }
635
636 if (net_ipv6_is_addr_mcast((struct in6_addr *)hdr->dst) &&
637 !(net_ipv6_is_addr_mcast_iface((struct in6_addr *)hdr->dst) ||
638 net_ipv6_is_addr_mcast_link_all_nodes((struct in6_addr *)hdr->dst))) {
639 /* If we receive a packet with a interface-local or
640 * link-local all-nodes multicast destination address we
641 * always have to pass it to the upper layer.
642 *
643 * For all other destination multicast addresses we have to
644 * check if one of the joined multicast groups on the
645 * originating interface of the packet matches. Otherwise the
646 * packet will be dropped.
647 * RFC4291 ch 2.7.1, ch 2.8
648 */
649 if_mcast_addr = net_if_ipv6_maddr_lookup(
650 (struct in6_addr *)hdr->dst, &pkt_iface);
651
652 if (!if_mcast_addr ||
653 !net_if_ipv6_maddr_is_joined(if_mcast_addr)) {
654 NET_DBG("DROP: packet for unjoined multicast address");
655 goto drop;
656 }
657 }
658
659 net_pkt_acknowledge_data(pkt, &ipv6_access);
660
661 current_hdr = hdr->nexthdr;
662 ext_bitmap = extension_to_bitmap(current_hdr, ext_bitmap);
663 /* Offset of "nexthdr" in the IPv6 header */
664 prev_hdr_offset = (uint8_t *)&hdr->nexthdr - (uint8_t *)hdr;
665 net_pkt_set_ipv6_hdr_prev(pkt, prev_hdr_offset);
666
667 while (!net_ipv6_is_nexthdr_upper_layer(current_hdr)) {
668 int exthdr_len;
669 uint8_t ext_bit;
670
671 NET_DBG("IPv6 next header %d", current_hdr);
672
673 if (current_hdr == NET_IPV6_NEXTHDR_NONE) {
674 /* There is nothing after this header (see RFC 2460,
675 * ch 4.7), so we can drop the packet now.
676 * This is not an error case so do not update drop
677 * statistics.
678 */
679 NET_DBG("DROP: none nexthdr");
680 return NET_DROP;
681 }
682
683 /* Offset of "nexthdr" in the Extension Header */
684 prev_hdr_offset = net_pkt_get_current_offset(pkt);
685
686 if (net_pkt_read_u8(pkt, &nexthdr)) {
687 NET_DBG("DROP: pkt invalid read");
688 goto drop;
689 }
690
691 /* Detect duplicated Extension headers */
692 ext_bit = extension_to_bitmap(nexthdr, ext_bitmap);
693 if (ext_bit & ext_bitmap) {
694 goto bad_hdr;
695 }
696 ext_bitmap |= ext_bit;
697
698 /* Make sure that nexthdr is valid, reject the Extension Header early otherwise.
699 * This is also important so that the "pointer" field in the ICMPv6 error
700 * message points to the "nexthdr" field.
701 */
702 switch (nexthdr) {
703 case NET_IPV6_NEXTHDR_HBHO:
704 /* Hop-by-hop header can appear only once and must appear right after
705 * the IPv6 header. Consequently the "nexthdr" field of an Extension
706 * Header can never be an HBH option.
707 */
708 goto bad_hdr;
709
710 case NET_IPV6_NEXTHDR_DESTO:
711 case NET_IPV6_NEXTHDR_FRAG:
712 case NET_IPV6_NEXTHDR_NONE:
713 /* Valid values */
714 break;
715
716 default:
717 if (net_ipv6_is_nexthdr_upper_layer(nexthdr)) {
718 break;
719 }
720 goto bad_hdr;
721 }
722
723 /* Process the current Extension Header */
724 switch (current_hdr) {
725 case NET_IPV6_NEXTHDR_HBHO:
726 case NET_IPV6_NEXTHDR_DESTO:
727 /* Process options below */
728 break;
729
730 case NET_IPV6_NEXTHDR_FRAG:
731 if (IS_ENABLED(CONFIG_NET_IPV6_FRAGMENT)) {
732 net_pkt_set_ipv6_fragment_start(
733 pkt,
734 net_pkt_get_current_offset(pkt) - 1);
735 return net_ipv6_handle_fragment_hdr(pkt, hdr,
736 current_hdr);
737 }
738
739 goto bad_hdr;
740
741 default:
742 /* Unsupported */
743 goto bad_hdr;
744 }
745
746 exthdr_len = ipv6_handle_ext_hdr_options(pkt, hdr, pkt_len);
747 if (exthdr_len < 0) {
748 NET_DBG("DROP: extension hdr len (%d)", exthdr_len);
749 goto drop;
750 }
751
752 ext_len += exthdr_len;
753 current_hdr = nexthdr;
754 /* Save the offset to "nexthdr" in case we need to overwrite it
755 * when processing a fragment header
756 */
757 net_pkt_set_ipv6_hdr_prev(pkt, prev_hdr_offset);
758 }
759
760 net_pkt_set_ipv6_ext_len(pkt, ext_len);
761
762 switch (current_hdr) {
763 case IPPROTO_ICMPV6:
764 verdict = net_icmpv6_input(pkt, hdr);
765 break;
766 case IPPROTO_TCP:
767 proto_hdr.tcp = net_tcp_input(pkt, &tcp_access);
768 if (proto_hdr.tcp) {
769 verdict = NET_OK;
770 }
771
772 NET_DBG("%s verdict %s", "TCP", net_verdict2str(verdict));
773 break;
774 case IPPROTO_UDP:
775 proto_hdr.udp = net_udp_input(pkt, &udp_access);
776 if (proto_hdr.udp) {
777 verdict = NET_OK;
778 }
779
780 NET_DBG("%s verdict %s", "UDP", net_verdict2str(verdict));
781 break;
782
783 #if defined(CONFIG_NET_L2_IPIP)
784 case IPPROTO_IPV6:
785 case IPPROTO_IPIP: {
786 struct sockaddr_in6 remote_addr = { 0 };
787 struct net_if *tunnel_iface;
788
789 remote_addr.sin6_family = AF_INET6;
790 net_ipv6_addr_copy_raw((uint8_t *)&remote_addr.sin6_addr, hdr->src);
791
792 net_pkt_set_remote_address(pkt, (struct sockaddr *)&remote_addr,
793 sizeof(struct sockaddr_in6));
794
795 /* Get rid of the old IP header */
796 net_pkt_cursor_restore(pkt, &hdr_start);
797 net_pkt_pull(pkt, net_pkt_ip_hdr_len(pkt) +
798 net_pkt_ipv6_ext_len(pkt));
799
800 tunnel_iface = net_ipip_get_virtual_interface(net_pkt_iface(pkt));
801 if (tunnel_iface != NULL && net_if_l2(tunnel_iface)->recv != NULL) {
802 return net_if_l2(tunnel_iface)->recv(net_pkt_iface(pkt), pkt);
803 }
804 }
805 #endif
806 }
807
808 if (verdict == NET_DROP) {
809 NET_DBG("DROP: because verdict");
810 goto drop;
811 } else if (current_hdr == IPPROTO_ICMPV6) {
812 NET_DBG("%s verdict %s", "ICMPv6", net_verdict2str(verdict));
813 return verdict;
814 }
815
816 ip.ipv6 = hdr;
817
818 verdict = net_conn_input(pkt, &ip, current_hdr, &proto_hdr);
819
820 NET_DBG("%s verdict %s", "Connection", net_verdict2str(verdict));
821
822 if (verdict != NET_DROP) {
823 return verdict;
824 }
825
826 drop:
827 net_stats_update_ipv6_drop(pkt_iface);
828 return NET_DROP;
829
830 bad_hdr:
831 /* Send error message about parameter problem (RFC 2460) */
832 net_icmpv6_send_error(pkt, NET_ICMPV6_PARAM_PROBLEM,
833 NET_ICMPV6_PARAM_PROB_NEXTHEADER,
834 net_pkt_get_current_offset(pkt) - 1);
835
836 NET_DBG("DROP: Unknown/wrong nexthdr type");
837 net_stats_update_ip_errors_protoerr(pkt_iface);
838
839 return NET_DROP;
840 }
841
842 #if defined(CONFIG_NET_IPV6_IID_STABLE)
check_reserved(const uint8_t * buf,size_t len)843 static bool check_reserved(const uint8_t *buf, size_t len)
844 {
845 /* Subnet-Router Anycast (RFC 4291) */
846 if (memcmp(buf, (uint8_t *)&(struct in6_addr)IN6ADDR_ANY_INIT, len) == 0) {
847 return true;
848 }
849
850 /* Reserved Subnet Anycast Addresses (RFC 2526)
851 * FDFF:FFFF:FFFF:FF80 - FDFF:FFFF:FFFF:FFFF
852 */
853 if (buf[0] == 0xFD && buf[1] == 0xFF && buf[2] == 0xFF &&
854 buf[3] == 0xFF && buf[4] == 0xFF && buf[5] == 0xFF &&
855 buf[6] == 0xFF && buf[7] >= 0x80) {
856 return true;
857 }
858
859 return false;
860 }
861 #endif /* CONFIG_NET_IPV6_IID_STABLE */
862
gen_stable_iid(uint8_t if_index,const struct in6_addr * prefix,uint8_t * network_id,size_t network_id_len,uint8_t dad_counter,uint8_t * stable_iid,size_t stable_iid_len)863 static int gen_stable_iid(uint8_t if_index,
864 const struct in6_addr *prefix,
865 uint8_t *network_id, size_t network_id_len,
866 uint8_t dad_counter,
867 uint8_t *stable_iid,
868 size_t stable_iid_len)
869 {
870 #if defined(CONFIG_NET_IPV6_IID_STABLE)
871 const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
872 mbedtls_md_context_t ctx;
873 uint8_t digest[32];
874 int ret;
875 static bool once;
876 static uint8_t secret_key[16]; /* Min 128 bits, RFC 7217 ch 5 */
877 struct {
878 struct in6_addr prefix;
879 uint8_t if_index;
880 uint8_t network_id[16];
881 uint8_t dad_counter;
882 } buf = {
883 .dad_counter = dad_counter,
884 };
885
886 if (prefix == NULL) {
887 NET_ERR("IPv6 prefix must be set for generating a stable IID");
888 return -EINVAL;
889 }
890
891 memcpy(&buf.prefix, prefix, sizeof(struct in6_addr));
892
893 buf.if_index = if_index;
894
895 if (network_id != NULL && network_id_len > 0) {
896 memcpy(buf.network_id, network_id,
897 MIN(network_id_len, sizeof(buf.network_id)));
898 }
899
900 if (!once) {
901 sys_rand_get(&secret_key, sizeof(secret_key));
902 once = true;
903 }
904
905 mbedtls_md_init(&ctx);
906 ret = mbedtls_md_setup(&ctx, md_info, true);
907 if (ret != 0) {
908 NET_DBG("Cannot %s hmac (%d)", "setup", ret);
909 goto err;
910 }
911
912 ret = mbedtls_md_hmac_starts(&ctx, secret_key, sizeof(secret_key));
913 if (ret != 0) {
914 NET_DBG("Cannot %s hmac (%d)", "start", ret);
915 goto err;
916 }
917
918 ret = mbedtls_md_hmac_update(&ctx, (uint8_t *)&buf, sizeof(buf));
919 if (ret != 0) {
920 NET_DBG("Cannot %s hmac (%d)", "update", ret);
921 goto err;
922 }
923
924 ret = mbedtls_md_hmac_finish(&ctx, digest);
925 if (ret != 0) {
926 NET_DBG("Cannot %s hmac (%d)", "finish", ret);
927 goto err;
928 }
929
930 memcpy(stable_iid, digest, MIN(sizeof(digest), stable_iid_len));
931
932 /* Check reserved addresses, RFC 5453 ch 3 */
933 if (unlikely(check_reserved(stable_iid, stable_iid_len))) {
934 LOG_HEXDUMP_DBG(stable_iid, stable_iid_len,
935 "Generated IID is reserved");
936 ret = -EINVAL;
937 goto err;
938 }
939
940 err:
941 mbedtls_md_free(&ctx);
942
943 return ret;
944 #else
945 return -ENOTSUP;
946 #endif
947 }
948
net_ipv6_addr_generate_iid(struct net_if * iface,const struct in6_addr * prefix,uint8_t * network_id,size_t network_id_len,uint8_t dad_counter,struct in6_addr * addr,struct net_linkaddr * lladdr)949 int net_ipv6_addr_generate_iid(struct net_if *iface,
950 const struct in6_addr *prefix,
951 uint8_t *network_id,
952 size_t network_id_len,
953 uint8_t dad_counter,
954 struct in6_addr *addr,
955 struct net_linkaddr *lladdr)
956 {
957 struct in6_addr tmp_addr;
958 uint8_t if_index;
959
960 if_index = (iface == NULL) ? net_if_get_by_iface(net_if_get_default())
961 : net_if_get_by_iface(iface);
962
963 if (IS_ENABLED(CONFIG_NET_IPV6_IID_STABLE)) {
964 struct in6_addr tmp_prefix = { 0 };
965 int ret;
966
967 if (prefix == NULL) {
968 UNALIGNED_PUT(htonl(0xfe800000), &tmp_prefix.s6_addr32[0]);
969 } else {
970 UNALIGNED_PUT(UNALIGNED_GET(&prefix->s6_addr32[0]),
971 &tmp_prefix.s6_addr32[0]);
972 UNALIGNED_PUT(UNALIGNED_GET(&prefix->s6_addr32[1]),
973 &tmp_prefix.s6_addr32[1]);
974 }
975
976 ret = gen_stable_iid(if_index, &tmp_prefix, network_id, network_id_len,
977 dad_counter, (uint8_t *)&tmp_addr + 8,
978 sizeof(tmp_addr) / 2);
979 if (ret < 0) {
980 return ret;
981 }
982 }
983
984 if (prefix == NULL) {
985 UNALIGNED_PUT(htonl(0xfe800000), &tmp_addr.s6_addr32[0]);
986 UNALIGNED_PUT(0, &tmp_addr.s6_addr32[1]);
987 } else {
988 UNALIGNED_PUT(UNALIGNED_GET(&prefix->s6_addr32[0]), &tmp_addr.s6_addr32[0]);
989 UNALIGNED_PUT(UNALIGNED_GET(&prefix->s6_addr32[1]), &tmp_addr.s6_addr32[1]);
990 }
991
992 if (IS_ENABLED(CONFIG_NET_IPV6_IID_EUI_64)) {
993 switch (lladdr->len) {
994 case 2:
995 /* The generated IPv6 shall not toggle the
996 * Universal/Local bit. RFC 6282 ch 3.2.2
997 */
998 if (lladdr->type == NET_LINK_IEEE802154) {
999 UNALIGNED_PUT(0, &tmp_addr.s6_addr32[2]);
1000 tmp_addr.s6_addr[11] = 0xff;
1001 tmp_addr.s6_addr[12] = 0xfe;
1002 tmp_addr.s6_addr[13] = 0U;
1003 tmp_addr.s6_addr[14] = lladdr->addr[0];
1004 tmp_addr.s6_addr[15] = lladdr->addr[1];
1005 }
1006
1007 break;
1008 case 6:
1009 /* We do not toggle the Universal/Local bit
1010 * in Bluetooth. See RFC 7668 ch 3.2.2
1011 */
1012 memcpy(&tmp_addr.s6_addr[8], lladdr->addr, 3);
1013 tmp_addr.s6_addr[11] = 0xff;
1014 tmp_addr.s6_addr[12] = 0xfe;
1015 memcpy(&tmp_addr.s6_addr[13], lladdr->addr + 3, 3);
1016
1017 if (lladdr->type == NET_LINK_ETHERNET) {
1018 tmp_addr.s6_addr[8] ^= 0x02;
1019 }
1020
1021 break;
1022 case 8:
1023 memcpy(&tmp_addr.s6_addr[8], lladdr->addr, lladdr->len);
1024 tmp_addr.s6_addr[8] ^= 0x02;
1025 break;
1026 }
1027 }
1028
1029 NET_DBG("%s IID for iface %d %s",
1030 IS_ENABLED(CONFIG_NET_IPV6_IID_STABLE) ? "Stable" : "EUI-64",
1031 if_index, net_sprint_ipv6_addr(&tmp_addr));
1032
1033 memcpy(addr, &tmp_addr, sizeof(*addr));
1034 return 0;
1035 }
1036
net_ipv6_init(void)1037 void net_ipv6_init(void)
1038 {
1039 net_ipv6_nbr_init();
1040
1041 #if defined(CONFIG_NET_IPV6_MLD)
1042 net_ipv6_mld_init();
1043 #endif
1044 }
1045
