PageRenderTime 110ms CodeModel.GetById 23ms app.highlight 77ms RepoModel.GetById 1ms app.codeStats 1ms

/net/batman-adv/routing.c

http://github.com/mirrors/linux
C | 1288 lines | 762 code | 216 blank | 310 comment | 158 complexity | 64bcbc8747b8668c4d5301774fe8821e MD5 | raw file
   1// SPDX-License-Identifier: GPL-2.0
   2/* Copyright (C) 2007-2020  B.A.T.M.A.N. contributors:
   3 *
   4 * Marek Lindner, Simon Wunderlich
   5 */
   6
   7#include "routing.h"
   8#include "main.h"
   9
  10#include <linux/atomic.h>
  11#include <linux/byteorder/generic.h>
  12#include <linux/compiler.h>
  13#include <linux/errno.h>
  14#include <linux/etherdevice.h>
  15#include <linux/if_ether.h>
  16#include <linux/jiffies.h>
  17#include <linux/kref.h>
  18#include <linux/netdevice.h>
  19#include <linux/printk.h>
  20#include <linux/rculist.h>
  21#include <linux/rcupdate.h>
  22#include <linux/skbuff.h>
  23#include <linux/spinlock.h>
  24#include <linux/stddef.h>
  25#include <uapi/linux/batadv_packet.h>
  26
  27#include "bitarray.h"
  28#include "bridge_loop_avoidance.h"
  29#include "distributed-arp-table.h"
  30#include "fragmentation.h"
  31#include "hard-interface.h"
  32#include "icmp_socket.h"
  33#include "log.h"
  34#include "network-coding.h"
  35#include "originator.h"
  36#include "send.h"
  37#include "soft-interface.h"
  38#include "tp_meter.h"
  39#include "translation-table.h"
  40#include "tvlv.h"
  41
  42static int batadv_route_unicast_packet(struct sk_buff *skb,
  43				       struct batadv_hard_iface *recv_if);
  44
  45/**
  46 * _batadv_update_route() - set the router for this originator
  47 * @bat_priv: the bat priv with all the soft interface information
  48 * @orig_node: orig node which is to be configured
  49 * @recv_if: the receive interface for which this route is set
  50 * @neigh_node: neighbor which should be the next router
  51 *
  52 * This function does not perform any error checks
  53 */
  54static void _batadv_update_route(struct batadv_priv *bat_priv,
  55				 struct batadv_orig_node *orig_node,
  56				 struct batadv_hard_iface *recv_if,
  57				 struct batadv_neigh_node *neigh_node)
  58{
  59	struct batadv_orig_ifinfo *orig_ifinfo;
  60	struct batadv_neigh_node *curr_router;
  61
  62	orig_ifinfo = batadv_orig_ifinfo_get(orig_node, recv_if);
  63	if (!orig_ifinfo)
  64		return;
  65
  66	spin_lock_bh(&orig_node->neigh_list_lock);
  67	/* curr_router used earlier may not be the current orig_ifinfo->router
  68	 * anymore because it was dereferenced outside of the neigh_list_lock
  69	 * protected region. After the new best neighbor has replace the current
  70	 * best neighbor the reference counter needs to decrease. Consequently,
  71	 * the code needs to ensure the curr_router variable contains a pointer
  72	 * to the replaced best neighbor.
  73	 */
  74	curr_router = rcu_dereference_protected(orig_ifinfo->router, true);
  75
  76	/* increase refcount of new best neighbor */
  77	if (neigh_node)
  78		kref_get(&neigh_node->refcount);
  79
  80	rcu_assign_pointer(orig_ifinfo->router, neigh_node);
  81	spin_unlock_bh(&orig_node->neigh_list_lock);
  82	batadv_orig_ifinfo_put(orig_ifinfo);
  83
  84	/* route deleted */
  85	if (curr_router && !neigh_node) {
  86		batadv_dbg(BATADV_DBG_ROUTES, bat_priv,
  87			   "Deleting route towards: %pM\n", orig_node->orig);
  88		batadv_tt_global_del_orig(bat_priv, orig_node, -1,
  89					  "Deleted route towards originator");
  90
  91	/* route added */
  92	} else if (!curr_router && neigh_node) {
  93		batadv_dbg(BATADV_DBG_ROUTES, bat_priv,
  94			   "Adding route towards: %pM (via %pM)\n",
  95			   orig_node->orig, neigh_node->addr);
  96	/* route changed */
  97	} else if (neigh_node && curr_router) {
  98		batadv_dbg(BATADV_DBG_ROUTES, bat_priv,
  99			   "Changing route towards: %pM (now via %pM - was via %pM)\n",
 100			   orig_node->orig, neigh_node->addr,
 101			   curr_router->addr);
 102	}
 103
 104	/* decrease refcount of previous best neighbor */
 105	if (curr_router)
 106		batadv_neigh_node_put(curr_router);
 107}
 108
 109/**
 110 * batadv_update_route() - set the router for this originator
 111 * @bat_priv: the bat priv with all the soft interface information
 112 * @orig_node: orig node which is to be configured
 113 * @recv_if: the receive interface for which this route is set
 114 * @neigh_node: neighbor which should be the next router
 115 */
 116void batadv_update_route(struct batadv_priv *bat_priv,
 117			 struct batadv_orig_node *orig_node,
 118			 struct batadv_hard_iface *recv_if,
 119			 struct batadv_neigh_node *neigh_node)
 120{
 121	struct batadv_neigh_node *router = NULL;
 122
 123	if (!orig_node)
 124		goto out;
 125
 126	router = batadv_orig_router_get(orig_node, recv_if);
 127
 128	if (router != neigh_node)
 129		_batadv_update_route(bat_priv, orig_node, recv_if, neigh_node);
 130
 131out:
 132	if (router)
 133		batadv_neigh_node_put(router);
 134}
 135
 136/**
 137 * batadv_window_protected() - checks whether the host restarted and is in the
 138 *  protection time.
 139 * @bat_priv: the bat priv with all the soft interface information
 140 * @seq_num_diff: difference between the current/received sequence number and
 141 *  the last sequence number
 142 * @seq_old_max_diff: maximum age of sequence number not considered as restart
 143 * @last_reset: jiffies timestamp of the last reset, will be updated when reset
 144 *  is detected
 145 * @protection_started: is set to true if the protection window was started,
 146 *   doesn't change otherwise.
 147 *
 148 * Return:
 149 *  false if the packet is to be accepted.
 150 *  true if the packet is to be ignored.
 151 */
 152bool batadv_window_protected(struct batadv_priv *bat_priv, s32 seq_num_diff,
 153			     s32 seq_old_max_diff, unsigned long *last_reset,
 154			     bool *protection_started)
 155{
 156	if (seq_num_diff <= -seq_old_max_diff ||
 157	    seq_num_diff >= BATADV_EXPECTED_SEQNO_RANGE) {
 158		if (!batadv_has_timed_out(*last_reset,
 159					  BATADV_RESET_PROTECTION_MS))
 160			return true;
 161
 162		*last_reset = jiffies;
 163		if (protection_started)
 164			*protection_started = true;
 165		batadv_dbg(BATADV_DBG_BATMAN, bat_priv,
 166			   "old packet received, start protection\n");
 167	}
 168
 169	return false;
 170}
 171
 172/**
 173 * batadv_check_management_packet() - Check preconditions for management packets
 174 * @skb: incoming packet buffer
 175 * @hard_iface: incoming hard interface
 176 * @header_len: minimal header length of packet type
 177 *
 178 * Return: true when management preconditions are met, false otherwise
 179 */
 180bool batadv_check_management_packet(struct sk_buff *skb,
 181				    struct batadv_hard_iface *hard_iface,
 182				    int header_len)
 183{
 184	struct ethhdr *ethhdr;
 185
 186	/* drop packet if it has not necessary minimum size */
 187	if (unlikely(!pskb_may_pull(skb, header_len)))
 188		return false;
 189
 190	ethhdr = eth_hdr(skb);
 191
 192	/* packet with broadcast indication but unicast recipient */
 193	if (!is_broadcast_ether_addr(ethhdr->h_dest))
 194		return false;
 195
 196	/* packet with invalid sender address */
 197	if (!is_valid_ether_addr(ethhdr->h_source))
 198		return false;
 199
 200	/* create a copy of the skb, if needed, to modify it. */
 201	if (skb_cow(skb, 0) < 0)
 202		return false;
 203
 204	/* keep skb linear */
 205	if (skb_linearize(skb) < 0)
 206		return false;
 207
 208	return true;
 209}
 210
 211/**
 212 * batadv_recv_my_icmp_packet() - receive an icmp packet locally
 213 * @bat_priv: the bat priv with all the soft interface information
 214 * @skb: icmp packet to process
 215 *
 216 * Return: NET_RX_SUCCESS if the packet has been consumed or NET_RX_DROP
 217 * otherwise.
 218 */
 219static int batadv_recv_my_icmp_packet(struct batadv_priv *bat_priv,
 220				      struct sk_buff *skb)
 221{
 222	struct batadv_hard_iface *primary_if = NULL;
 223	struct batadv_orig_node *orig_node = NULL;
 224	struct batadv_icmp_header *icmph;
 225	int res, ret = NET_RX_DROP;
 226
 227	icmph = (struct batadv_icmp_header *)skb->data;
 228
 229	switch (icmph->msg_type) {
 230	case BATADV_ECHO_REPLY:
 231	case BATADV_DESTINATION_UNREACHABLE:
 232	case BATADV_TTL_EXCEEDED:
 233		/* receive the packet */
 234		if (skb_linearize(skb) < 0)
 235			break;
 236
 237		batadv_socket_receive_packet(icmph, skb->len);
 238		break;
 239	case BATADV_ECHO_REQUEST:
 240		/* answer echo request (ping) */
 241		primary_if = batadv_primary_if_get_selected(bat_priv);
 242		if (!primary_if)
 243			goto out;
 244
 245		/* get routing information */
 246		orig_node = batadv_orig_hash_find(bat_priv, icmph->orig);
 247		if (!orig_node)
 248			goto out;
 249
 250		/* create a copy of the skb, if needed, to modify it. */
 251		if (skb_cow(skb, ETH_HLEN) < 0)
 252			goto out;
 253
 254		icmph = (struct batadv_icmp_header *)skb->data;
 255
 256		ether_addr_copy(icmph->dst, icmph->orig);
 257		ether_addr_copy(icmph->orig, primary_if->net_dev->dev_addr);
 258		icmph->msg_type = BATADV_ECHO_REPLY;
 259		icmph->ttl = BATADV_TTL;
 260
 261		res = batadv_send_skb_to_orig(skb, orig_node, NULL);
 262		if (res == NET_XMIT_SUCCESS)
 263			ret = NET_RX_SUCCESS;
 264
 265		/* skb was consumed */
 266		skb = NULL;
 267		break;
 268	case BATADV_TP:
 269		if (!pskb_may_pull(skb, sizeof(struct batadv_icmp_tp_packet)))
 270			goto out;
 271
 272		batadv_tp_meter_recv(bat_priv, skb);
 273		ret = NET_RX_SUCCESS;
 274		/* skb was consumed */
 275		skb = NULL;
 276		goto out;
 277	default:
 278		/* drop unknown type */
 279		goto out;
 280	}
 281out:
 282	if (primary_if)
 283		batadv_hardif_put(primary_if);
 284	if (orig_node)
 285		batadv_orig_node_put(orig_node);
 286
 287	kfree_skb(skb);
 288
 289	return ret;
 290}
 291
 292static int batadv_recv_icmp_ttl_exceeded(struct batadv_priv *bat_priv,
 293					 struct sk_buff *skb)
 294{
 295	struct batadv_hard_iface *primary_if = NULL;
 296	struct batadv_orig_node *orig_node = NULL;
 297	struct batadv_icmp_packet *icmp_packet;
 298	int res, ret = NET_RX_DROP;
 299
 300	icmp_packet = (struct batadv_icmp_packet *)skb->data;
 301
 302	/* send TTL exceeded if packet is an echo request (traceroute) */
 303	if (icmp_packet->msg_type != BATADV_ECHO_REQUEST) {
 304		pr_debug("Warning - can't forward icmp packet from %pM to %pM: ttl exceeded\n",
 305			 icmp_packet->orig, icmp_packet->dst);
 306		goto out;
 307	}
 308
 309	primary_if = batadv_primary_if_get_selected(bat_priv);
 310	if (!primary_if)
 311		goto out;
 312
 313	/* get routing information */
 314	orig_node = batadv_orig_hash_find(bat_priv, icmp_packet->orig);
 315	if (!orig_node)
 316		goto out;
 317
 318	/* create a copy of the skb, if needed, to modify it. */
 319	if (skb_cow(skb, ETH_HLEN) < 0)
 320		goto out;
 321
 322	icmp_packet = (struct batadv_icmp_packet *)skb->data;
 323
 324	ether_addr_copy(icmp_packet->dst, icmp_packet->orig);
 325	ether_addr_copy(icmp_packet->orig, primary_if->net_dev->dev_addr);
 326	icmp_packet->msg_type = BATADV_TTL_EXCEEDED;
 327	icmp_packet->ttl = BATADV_TTL;
 328
 329	res = batadv_send_skb_to_orig(skb, orig_node, NULL);
 330	if (res == NET_RX_SUCCESS)
 331		ret = NET_XMIT_SUCCESS;
 332
 333	/* skb was consumed */
 334	skb = NULL;
 335
 336out:
 337	if (primary_if)
 338		batadv_hardif_put(primary_if);
 339	if (orig_node)
 340		batadv_orig_node_put(orig_node);
 341
 342	kfree_skb(skb);
 343
 344	return ret;
 345}
 346
 347/**
 348 * batadv_recv_icmp_packet() - Process incoming icmp packet
 349 * @skb: incoming packet buffer
 350 * @recv_if: incoming hard interface
 351 *
 352 * Return: NET_RX_SUCCESS on success or NET_RX_DROP in case of failure
 353 */
 354int batadv_recv_icmp_packet(struct sk_buff *skb,
 355			    struct batadv_hard_iface *recv_if)
 356{
 357	struct batadv_priv *bat_priv = netdev_priv(recv_if->soft_iface);
 358	struct batadv_icmp_header *icmph;
 359	struct batadv_icmp_packet_rr *icmp_packet_rr;
 360	struct ethhdr *ethhdr;
 361	struct batadv_orig_node *orig_node = NULL;
 362	int hdr_size = sizeof(struct batadv_icmp_header);
 363	int res, ret = NET_RX_DROP;
 364
 365	/* drop packet if it has not necessary minimum size */
 366	if (unlikely(!pskb_may_pull(skb, hdr_size)))
 367		goto free_skb;
 368
 369	ethhdr = eth_hdr(skb);
 370
 371	/* packet with unicast indication but non-unicast recipient */
 372	if (!is_valid_ether_addr(ethhdr->h_dest))
 373		goto free_skb;
 374
 375	/* packet with broadcast/multicast sender address */
 376	if (is_multicast_ether_addr(ethhdr->h_source))
 377		goto free_skb;
 378
 379	/* not for me */
 380	if (!batadv_is_my_mac(bat_priv, ethhdr->h_dest))
 381		goto free_skb;
 382
 383	icmph = (struct batadv_icmp_header *)skb->data;
 384
 385	/* add record route information if not full */
 386	if ((icmph->msg_type == BATADV_ECHO_REPLY ||
 387	     icmph->msg_type == BATADV_ECHO_REQUEST) &&
 388	    skb->len >= sizeof(struct batadv_icmp_packet_rr)) {
 389		if (skb_linearize(skb) < 0)
 390			goto free_skb;
 391
 392		/* create a copy of the skb, if needed, to modify it. */
 393		if (skb_cow(skb, ETH_HLEN) < 0)
 394			goto free_skb;
 395
 396		ethhdr = eth_hdr(skb);
 397		icmph = (struct batadv_icmp_header *)skb->data;
 398		icmp_packet_rr = (struct batadv_icmp_packet_rr *)icmph;
 399		if (icmp_packet_rr->rr_cur >= BATADV_RR_LEN)
 400			goto free_skb;
 401
 402		ether_addr_copy(icmp_packet_rr->rr[icmp_packet_rr->rr_cur],
 403				ethhdr->h_dest);
 404		icmp_packet_rr->rr_cur++;
 405	}
 406
 407	/* packet for me */
 408	if (batadv_is_my_mac(bat_priv, icmph->dst))
 409		return batadv_recv_my_icmp_packet(bat_priv, skb);
 410
 411	/* TTL exceeded */
 412	if (icmph->ttl < 2)
 413		return batadv_recv_icmp_ttl_exceeded(bat_priv, skb);
 414
 415	/* get routing information */
 416	orig_node = batadv_orig_hash_find(bat_priv, icmph->dst);
 417	if (!orig_node)
 418		goto free_skb;
 419
 420	/* create a copy of the skb, if needed, to modify it. */
 421	if (skb_cow(skb, ETH_HLEN) < 0)
 422		goto put_orig_node;
 423
 424	icmph = (struct batadv_icmp_header *)skb->data;
 425
 426	/* decrement ttl */
 427	icmph->ttl--;
 428
 429	/* route it */
 430	res = batadv_send_skb_to_orig(skb, orig_node, recv_if);
 431	if (res == NET_XMIT_SUCCESS)
 432		ret = NET_RX_SUCCESS;
 433
 434	/* skb was consumed */
 435	skb = NULL;
 436
 437put_orig_node:
 438	if (orig_node)
 439		batadv_orig_node_put(orig_node);
 440free_skb:
 441	kfree_skb(skb);
 442
 443	return ret;
 444}
 445
 446/**
 447 * batadv_check_unicast_packet() - Check for malformed unicast packets
 448 * @bat_priv: the bat priv with all the soft interface information
 449 * @skb: packet to check
 450 * @hdr_size: size of header to pull
 451 *
 452 * Check for short header and bad addresses in given packet.
 453 *
 454 * Return: negative value when check fails and 0 otherwise. The negative value
 455 * depends on the reason: -ENODATA for bad header, -EBADR for broadcast
 456 * destination or source, and -EREMOTE for non-local (other host) destination.
 457 */
 458static int batadv_check_unicast_packet(struct batadv_priv *bat_priv,
 459				       struct sk_buff *skb, int hdr_size)
 460{
 461	struct ethhdr *ethhdr;
 462
 463	/* drop packet if it has not necessary minimum size */
 464	if (unlikely(!pskb_may_pull(skb, hdr_size)))
 465		return -ENODATA;
 466
 467	ethhdr = eth_hdr(skb);
 468
 469	/* packet with unicast indication but non-unicast recipient */
 470	if (!is_valid_ether_addr(ethhdr->h_dest))
 471		return -EBADR;
 472
 473	/* packet with broadcast/multicast sender address */
 474	if (is_multicast_ether_addr(ethhdr->h_source))
 475		return -EBADR;
 476
 477	/* not for me */
 478	if (!batadv_is_my_mac(bat_priv, ethhdr->h_dest))
 479		return -EREMOTE;
 480
 481	return 0;
 482}
 483
 484/**
 485 * batadv_last_bonding_get() - Get last_bonding_candidate of orig_node
 486 * @orig_node: originator node whose last bonding candidate should be retrieved
 487 *
 488 * Return: last bonding candidate of router or NULL if not found
 489 *
 490 * The object is returned with refcounter increased by 1.
 491 */
 492static struct batadv_orig_ifinfo *
 493batadv_last_bonding_get(struct batadv_orig_node *orig_node)
 494{
 495	struct batadv_orig_ifinfo *last_bonding_candidate;
 496
 497	spin_lock_bh(&orig_node->neigh_list_lock);
 498	last_bonding_candidate = orig_node->last_bonding_candidate;
 499
 500	if (last_bonding_candidate)
 501		kref_get(&last_bonding_candidate->refcount);
 502	spin_unlock_bh(&orig_node->neigh_list_lock);
 503
 504	return last_bonding_candidate;
 505}
 506
 507/**
 508 * batadv_last_bonding_replace() - Replace last_bonding_candidate of orig_node
 509 * @orig_node: originator node whose bonding candidates should be replaced
 510 * @new_candidate: new bonding candidate or NULL
 511 */
 512static void
 513batadv_last_bonding_replace(struct batadv_orig_node *orig_node,
 514			    struct batadv_orig_ifinfo *new_candidate)
 515{
 516	struct batadv_orig_ifinfo *old_candidate;
 517
 518	spin_lock_bh(&orig_node->neigh_list_lock);
 519	old_candidate = orig_node->last_bonding_candidate;
 520
 521	if (new_candidate)
 522		kref_get(&new_candidate->refcount);
 523	orig_node->last_bonding_candidate = new_candidate;
 524	spin_unlock_bh(&orig_node->neigh_list_lock);
 525
 526	if (old_candidate)
 527		batadv_orig_ifinfo_put(old_candidate);
 528}
 529
 530/**
 531 * batadv_find_router() - find a suitable router for this originator
 532 * @bat_priv: the bat priv with all the soft interface information
 533 * @orig_node: the destination node
 534 * @recv_if: pointer to interface this packet was received on
 535 *
 536 * Return: the router which should be used for this orig_node on
 537 * this interface, or NULL if not available.
 538 */
 539struct batadv_neigh_node *
 540batadv_find_router(struct batadv_priv *bat_priv,
 541		   struct batadv_orig_node *orig_node,
 542		   struct batadv_hard_iface *recv_if)
 543{
 544	struct batadv_algo_ops *bao = bat_priv->algo_ops;
 545	struct batadv_neigh_node *first_candidate_router = NULL;
 546	struct batadv_neigh_node *next_candidate_router = NULL;
 547	struct batadv_neigh_node *router, *cand_router = NULL;
 548	struct batadv_neigh_node *last_cand_router = NULL;
 549	struct batadv_orig_ifinfo *cand, *first_candidate = NULL;
 550	struct batadv_orig_ifinfo *next_candidate = NULL;
 551	struct batadv_orig_ifinfo *last_candidate;
 552	bool last_candidate_found = false;
 553
 554	if (!orig_node)
 555		return NULL;
 556
 557	router = batadv_orig_router_get(orig_node, recv_if);
 558
 559	if (!router)
 560		return router;
 561
 562	/* only consider bonding for recv_if == BATADV_IF_DEFAULT (first hop)
 563	 * and if activated.
 564	 */
 565	if (!(recv_if == BATADV_IF_DEFAULT && atomic_read(&bat_priv->bonding)))
 566		return router;
 567
 568	/* bonding: loop through the list of possible routers found
 569	 * for the various outgoing interfaces and find a candidate after
 570	 * the last chosen bonding candidate (next_candidate). If no such
 571	 * router is found, use the first candidate found (the previously
 572	 * chosen bonding candidate might have been the last one in the list).
 573	 * If this can't be found either, return the previously chosen
 574	 * router - obviously there are no other candidates.
 575	 */
 576	rcu_read_lock();
 577	last_candidate = batadv_last_bonding_get(orig_node);
 578	if (last_candidate)
 579		last_cand_router = rcu_dereference(last_candidate->router);
 580
 581	hlist_for_each_entry_rcu(cand, &orig_node->ifinfo_list, list) {
 582		/* acquire some structures and references ... */
 583		if (!kref_get_unless_zero(&cand->refcount))
 584			continue;
 585
 586		cand_router = rcu_dereference(cand->router);
 587		if (!cand_router)
 588			goto next;
 589
 590		if (!kref_get_unless_zero(&cand_router->refcount)) {
 591			cand_router = NULL;
 592			goto next;
 593		}
 594
 595		/* alternative candidate should be good enough to be
 596		 * considered
 597		 */
 598		if (!bao->neigh.is_similar_or_better(cand_router,
 599						     cand->if_outgoing, router,
 600						     recv_if))
 601			goto next;
 602
 603		/* don't use the same router twice */
 604		if (last_cand_router == cand_router)
 605			goto next;
 606
 607		/* mark the first possible candidate */
 608		if (!first_candidate) {
 609			kref_get(&cand_router->refcount);
 610			kref_get(&cand->refcount);
 611			first_candidate = cand;
 612			first_candidate_router = cand_router;
 613		}
 614
 615		/* check if the loop has already passed the previously selected
 616		 * candidate ... this function should select the next candidate
 617		 * AFTER the previously used bonding candidate.
 618		 */
 619		if (!last_candidate || last_candidate_found) {
 620			next_candidate = cand;
 621			next_candidate_router = cand_router;
 622			break;
 623		}
 624
 625		if (last_candidate == cand)
 626			last_candidate_found = true;
 627next:
 628		/* free references */
 629		if (cand_router) {
 630			batadv_neigh_node_put(cand_router);
 631			cand_router = NULL;
 632		}
 633		batadv_orig_ifinfo_put(cand);
 634	}
 635	rcu_read_unlock();
 636
 637	/* After finding candidates, handle the three cases:
 638	 * 1) there is a next candidate, use that
 639	 * 2) there is no next candidate, use the first of the list
 640	 * 3) there is no candidate at all, return the default router
 641	 */
 642	if (next_candidate) {
 643		batadv_neigh_node_put(router);
 644
 645		kref_get(&next_candidate_router->refcount);
 646		router = next_candidate_router;
 647		batadv_last_bonding_replace(orig_node, next_candidate);
 648	} else if (first_candidate) {
 649		batadv_neigh_node_put(router);
 650
 651		kref_get(&first_candidate_router->refcount);
 652		router = first_candidate_router;
 653		batadv_last_bonding_replace(orig_node, first_candidate);
 654	} else {
 655		batadv_last_bonding_replace(orig_node, NULL);
 656	}
 657
 658	/* cleanup of candidates */
 659	if (first_candidate) {
 660		batadv_neigh_node_put(first_candidate_router);
 661		batadv_orig_ifinfo_put(first_candidate);
 662	}
 663
 664	if (next_candidate) {
 665		batadv_neigh_node_put(next_candidate_router);
 666		batadv_orig_ifinfo_put(next_candidate);
 667	}
 668
 669	if (last_candidate)
 670		batadv_orig_ifinfo_put(last_candidate);
 671
 672	return router;
 673}
 674
 675static int batadv_route_unicast_packet(struct sk_buff *skb,
 676				       struct batadv_hard_iface *recv_if)
 677{
 678	struct batadv_priv *bat_priv = netdev_priv(recv_if->soft_iface);
 679	struct batadv_orig_node *orig_node = NULL;
 680	struct batadv_unicast_packet *unicast_packet;
 681	struct ethhdr *ethhdr = eth_hdr(skb);
 682	int res, hdr_len, ret = NET_RX_DROP;
 683	unsigned int len;
 684
 685	unicast_packet = (struct batadv_unicast_packet *)skb->data;
 686
 687	/* TTL exceeded */
 688	if (unicast_packet->ttl < 2) {
 689		pr_debug("Warning - can't forward unicast packet from %pM to %pM: ttl exceeded\n",
 690			 ethhdr->h_source, unicast_packet->dest);
 691		goto free_skb;
 692	}
 693
 694	/* get routing information */
 695	orig_node = batadv_orig_hash_find(bat_priv, unicast_packet->dest);
 696
 697	if (!orig_node)
 698		goto free_skb;
 699
 700	/* create a copy of the skb, if needed, to modify it. */
 701	if (skb_cow(skb, ETH_HLEN) < 0)
 702		goto put_orig_node;
 703
 704	/* decrement ttl */
 705	unicast_packet = (struct batadv_unicast_packet *)skb->data;
 706	unicast_packet->ttl--;
 707
 708	switch (unicast_packet->packet_type) {
 709	case BATADV_UNICAST_4ADDR:
 710		hdr_len = sizeof(struct batadv_unicast_4addr_packet);
 711		break;
 712	case BATADV_UNICAST:
 713		hdr_len = sizeof(struct batadv_unicast_packet);
 714		break;
 715	default:
 716		/* other packet types not supported - yet */
 717		hdr_len = -1;
 718		break;
 719	}
 720
 721	if (hdr_len > 0)
 722		batadv_skb_set_priority(skb, hdr_len);
 723
 724	len = skb->len;
 725	res = batadv_send_skb_to_orig(skb, orig_node, recv_if);
 726
 727	/* translate transmit result into receive result */
 728	if (res == NET_XMIT_SUCCESS) {
 729		ret = NET_RX_SUCCESS;
 730		/* skb was transmitted and consumed */
 731		batadv_inc_counter(bat_priv, BATADV_CNT_FORWARD);
 732		batadv_add_counter(bat_priv, BATADV_CNT_FORWARD_BYTES,
 733				   len + ETH_HLEN);
 734	}
 735
 736	/* skb was consumed */
 737	skb = NULL;
 738
 739put_orig_node:
 740	batadv_orig_node_put(orig_node);
 741free_skb:
 742	kfree_skb(skb);
 743
 744	return ret;
 745}
 746
 747/**
 748 * batadv_reroute_unicast_packet() - update the unicast header for re-routing
 749 * @bat_priv: the bat priv with all the soft interface information
 750 * @skb: unicast packet to process
 751 * @unicast_packet: the unicast header to be updated
 752 * @dst_addr: the payload destination
 753 * @vid: VLAN identifier
 754 *
 755 * Search the translation table for dst_addr and update the unicast header with
 756 * the new corresponding information (originator address where the destination
 757 * client currently is and its known TTVN)
 758 *
 759 * Return: true if the packet header has been updated, false otherwise
 760 */
 761static bool
 762batadv_reroute_unicast_packet(struct batadv_priv *bat_priv, struct sk_buff *skb,
 763			      struct batadv_unicast_packet *unicast_packet,
 764			      u8 *dst_addr, unsigned short vid)
 765{
 766	struct batadv_orig_node *orig_node = NULL;
 767	struct batadv_hard_iface *primary_if = NULL;
 768	bool ret = false;
 769	u8 *orig_addr, orig_ttvn;
 770
 771	if (batadv_is_my_client(bat_priv, dst_addr, vid)) {
 772		primary_if = batadv_primary_if_get_selected(bat_priv);
 773		if (!primary_if)
 774			goto out;
 775		orig_addr = primary_if->net_dev->dev_addr;
 776		orig_ttvn = (u8)atomic_read(&bat_priv->tt.vn);
 777	} else {
 778		orig_node = batadv_transtable_search(bat_priv, NULL, dst_addr,
 779						     vid);
 780		if (!orig_node)
 781			goto out;
 782
 783		if (batadv_compare_eth(orig_node->orig, unicast_packet->dest))
 784			goto out;
 785
 786		orig_addr = orig_node->orig;
 787		orig_ttvn = (u8)atomic_read(&orig_node->last_ttvn);
 788	}
 789
 790	/* update the packet header */
 791	skb_postpull_rcsum(skb, unicast_packet, sizeof(*unicast_packet));
 792	ether_addr_copy(unicast_packet->dest, orig_addr);
 793	unicast_packet->ttvn = orig_ttvn;
 794	skb_postpush_rcsum(skb, unicast_packet, sizeof(*unicast_packet));
 795
 796	ret = true;
 797out:
 798	if (primary_if)
 799		batadv_hardif_put(primary_if);
 800	if (orig_node)
 801		batadv_orig_node_put(orig_node);
 802
 803	return ret;
 804}
 805
 806static bool batadv_check_unicast_ttvn(struct batadv_priv *bat_priv,
 807				      struct sk_buff *skb, int hdr_len)
 808{
 809	struct batadv_unicast_packet *unicast_packet;
 810	struct batadv_hard_iface *primary_if;
 811	struct batadv_orig_node *orig_node;
 812	u8 curr_ttvn, old_ttvn;
 813	struct ethhdr *ethhdr;
 814	unsigned short vid;
 815	int is_old_ttvn;
 816
 817	/* check if there is enough data before accessing it */
 818	if (!pskb_may_pull(skb, hdr_len + ETH_HLEN))
 819		return false;
 820
 821	/* create a copy of the skb (in case of for re-routing) to modify it. */
 822	if (skb_cow(skb, sizeof(*unicast_packet)) < 0)
 823		return false;
 824
 825	unicast_packet = (struct batadv_unicast_packet *)skb->data;
 826	vid = batadv_get_vid(skb, hdr_len);
 827	ethhdr = (struct ethhdr *)(skb->data + hdr_len);
 828
 829	/* check if the destination client was served by this node and it is now
 830	 * roaming. In this case, it means that the node has got a ROAM_ADV
 831	 * message and that it knows the new destination in the mesh to re-route
 832	 * the packet to
 833	 */
 834	if (batadv_tt_local_client_is_roaming(bat_priv, ethhdr->h_dest, vid)) {
 835		if (batadv_reroute_unicast_packet(bat_priv, skb, unicast_packet,
 836						  ethhdr->h_dest, vid))
 837			batadv_dbg_ratelimited(BATADV_DBG_TT,
 838					       bat_priv,
 839					       "Rerouting unicast packet to %pM (dst=%pM): Local Roaming\n",
 840					       unicast_packet->dest,
 841					       ethhdr->h_dest);
 842		/* at this point the mesh destination should have been
 843		 * substituted with the originator address found in the global
 844		 * table. If not, let the packet go untouched anyway because
 845		 * there is nothing the node can do
 846		 */
 847		return true;
 848	}
 849
 850	/* retrieve the TTVN known by this node for the packet destination. This
 851	 * value is used later to check if the node which sent (or re-routed
 852	 * last time) the packet had an updated information or not
 853	 */
 854	curr_ttvn = (u8)atomic_read(&bat_priv->tt.vn);
 855	if (!batadv_is_my_mac(bat_priv, unicast_packet->dest)) {
 856		orig_node = batadv_orig_hash_find(bat_priv,
 857						  unicast_packet->dest);
 858		/* if it is not possible to find the orig_node representing the
 859		 * destination, the packet can immediately be dropped as it will
 860		 * not be possible to deliver it
 861		 */
 862		if (!orig_node)
 863			return false;
 864
 865		curr_ttvn = (u8)atomic_read(&orig_node->last_ttvn);
 866		batadv_orig_node_put(orig_node);
 867	}
 868
 869	/* check if the TTVN contained in the packet is fresher than what the
 870	 * node knows
 871	 */
 872	is_old_ttvn = batadv_seq_before(unicast_packet->ttvn, curr_ttvn);
 873	if (!is_old_ttvn)
 874		return true;
 875
 876	old_ttvn = unicast_packet->ttvn;
 877	/* the packet was forged based on outdated network information. Its
 878	 * destination can possibly be updated and forwarded towards the new
 879	 * target host
 880	 */
 881	if (batadv_reroute_unicast_packet(bat_priv, skb, unicast_packet,
 882					  ethhdr->h_dest, vid)) {
 883		batadv_dbg_ratelimited(BATADV_DBG_TT, bat_priv,
 884				       "Rerouting unicast packet to %pM (dst=%pM): TTVN mismatch old_ttvn=%u new_ttvn=%u\n",
 885				       unicast_packet->dest, ethhdr->h_dest,
 886				       old_ttvn, curr_ttvn);
 887		return true;
 888	}
 889
 890	/* the packet has not been re-routed: either the destination is
 891	 * currently served by this node or there is no destination at all and
 892	 * it is possible to drop the packet
 893	 */
 894	if (!batadv_is_my_client(bat_priv, ethhdr->h_dest, vid))
 895		return false;
 896
 897	/* update the header in order to let the packet be delivered to this
 898	 * node's soft interface
 899	 */
 900	primary_if = batadv_primary_if_get_selected(bat_priv);
 901	if (!primary_if)
 902		return false;
 903
 904	/* update the packet header */
 905	skb_postpull_rcsum(skb, unicast_packet, sizeof(*unicast_packet));
 906	ether_addr_copy(unicast_packet->dest, primary_if->net_dev->dev_addr);
 907	unicast_packet->ttvn = curr_ttvn;
 908	skb_postpush_rcsum(skb, unicast_packet, sizeof(*unicast_packet));
 909
 910	batadv_hardif_put(primary_if);
 911
 912	return true;
 913}
 914
 915/**
 916 * batadv_recv_unhandled_unicast_packet() - receive and process packets which
 917 *	are in the unicast number space but not yet known to the implementation
 918 * @skb: unicast tvlv packet to process
 919 * @recv_if: pointer to interface this packet was received on
 920 *
 921 * Return: NET_RX_SUCCESS if the packet has been consumed or NET_RX_DROP
 922 * otherwise.
 923 */
 924int batadv_recv_unhandled_unicast_packet(struct sk_buff *skb,
 925					 struct batadv_hard_iface *recv_if)
 926{
 927	struct batadv_unicast_packet *unicast_packet;
 928	struct batadv_priv *bat_priv = netdev_priv(recv_if->soft_iface);
 929	int check, hdr_size = sizeof(*unicast_packet);
 930
 931	check = batadv_check_unicast_packet(bat_priv, skb, hdr_size);
 932	if (check < 0)
 933		goto free_skb;
 934
 935	/* we don't know about this type, drop it. */
 936	unicast_packet = (struct batadv_unicast_packet *)skb->data;
 937	if (batadv_is_my_mac(bat_priv, unicast_packet->dest))
 938		goto free_skb;
 939
 940	return batadv_route_unicast_packet(skb, recv_if);
 941
 942free_skb:
 943	kfree_skb(skb);
 944	return NET_RX_DROP;
 945}
 946
 947/**
 948 * batadv_recv_unicast_packet() - Process incoming unicast packet
 949 * @skb: incoming packet buffer
 950 * @recv_if: incoming hard interface
 951 *
 952 * Return: NET_RX_SUCCESS on success or NET_RX_DROP in case of failure
 953 */
 954int batadv_recv_unicast_packet(struct sk_buff *skb,
 955			       struct batadv_hard_iface *recv_if)
 956{
 957	struct batadv_priv *bat_priv = netdev_priv(recv_if->soft_iface);
 958	struct batadv_unicast_packet *unicast_packet;
 959	struct batadv_unicast_4addr_packet *unicast_4addr_packet;
 960	u8 *orig_addr, *orig_addr_gw;
 961	struct batadv_orig_node *orig_node = NULL, *orig_node_gw = NULL;
 962	int check, hdr_size = sizeof(*unicast_packet);
 963	enum batadv_subtype subtype;
 964	int ret = NET_RX_DROP;
 965	bool is4addr, is_gw;
 966
 967	unicast_packet = (struct batadv_unicast_packet *)skb->data;
 968	is4addr = unicast_packet->packet_type == BATADV_UNICAST_4ADDR;
 969	/* the caller function should have already pulled 2 bytes */
 970	if (is4addr)
 971		hdr_size = sizeof(*unicast_4addr_packet);
 972
 973	/* function returns -EREMOTE for promiscuous packets */
 974	check = batadv_check_unicast_packet(bat_priv, skb, hdr_size);
 975
 976	/* Even though the packet is not for us, we might save it to use for
 977	 * decoding a later received coded packet
 978	 */
 979	if (check == -EREMOTE)
 980		batadv_nc_skb_store_sniffed_unicast(bat_priv, skb);
 981
 982	if (check < 0)
 983		goto free_skb;
 984	if (!batadv_check_unicast_ttvn(bat_priv, skb, hdr_size))
 985		goto free_skb;
 986
 987	unicast_packet = (struct batadv_unicast_packet *)skb->data;
 988
 989	/* packet for me */
 990	if (batadv_is_my_mac(bat_priv, unicast_packet->dest)) {
 991		/* If this is a unicast packet from another backgone gw,
 992		 * drop it.
 993		 */
 994		orig_addr_gw = eth_hdr(skb)->h_source;
 995		orig_node_gw = batadv_orig_hash_find(bat_priv, orig_addr_gw);
 996		if (orig_node_gw) {
 997			is_gw = batadv_bla_is_backbone_gw(skb, orig_node_gw,
 998							  hdr_size);
 999			batadv_orig_node_put(orig_node_gw);
1000			if (is_gw) {
1001				batadv_dbg(BATADV_DBG_BLA, bat_priv,
1002					   "%s(): Dropped unicast pkt received from another backbone gw %pM.\n",
1003					   __func__, orig_addr_gw);
1004				goto free_skb;
1005			}
1006		}
1007
1008		if (is4addr) {
1009			unicast_4addr_packet =
1010				(struct batadv_unicast_4addr_packet *)skb->data;
1011			subtype = unicast_4addr_packet->subtype;
1012			batadv_dat_inc_counter(bat_priv, subtype);
1013
1014			/* Only payload data should be considered for speedy
1015			 * join. For example, DAT also uses unicast 4addr
1016			 * types, but those packets should not be considered
1017			 * for speedy join, since the clients do not actually
1018			 * reside at the sending originator.
1019			 */
1020			if (subtype == BATADV_P_DATA) {
1021				orig_addr = unicast_4addr_packet->src;
1022				orig_node = batadv_orig_hash_find(bat_priv,
1023								  orig_addr);
1024			}
1025		}
1026
1027		if (batadv_dat_snoop_incoming_arp_request(bat_priv, skb,
1028							  hdr_size))
1029			goto rx_success;
1030		if (batadv_dat_snoop_incoming_arp_reply(bat_priv, skb,
1031							hdr_size))
1032			goto rx_success;
1033
1034		batadv_dat_snoop_incoming_dhcp_ack(bat_priv, skb, hdr_size);
1035
1036		batadv_interface_rx(recv_if->soft_iface, skb, hdr_size,
1037				    orig_node);
1038
1039rx_success:
1040		if (orig_node)
1041			batadv_orig_node_put(orig_node);
1042
1043		return NET_RX_SUCCESS;
1044	}
1045
1046	ret = batadv_route_unicast_packet(skb, recv_if);
1047	/* skb was consumed */
1048	skb = NULL;
1049
1050free_skb:
1051	kfree_skb(skb);
1052
1053	return ret;
1054}
1055
1056/**
1057 * batadv_recv_unicast_tvlv() - receive and process unicast tvlv packets
1058 * @skb: unicast tvlv packet to process
1059 * @recv_if: pointer to interface this packet was received on
1060 *
1061 * Return: NET_RX_SUCCESS if the packet has been consumed or NET_RX_DROP
1062 * otherwise.
1063 */
1064int batadv_recv_unicast_tvlv(struct sk_buff *skb,
1065			     struct batadv_hard_iface *recv_if)
1066{
1067	struct batadv_priv *bat_priv = netdev_priv(recv_if->soft_iface);
1068	struct batadv_unicast_tvlv_packet *unicast_tvlv_packet;
1069	unsigned char *tvlv_buff;
1070	u16 tvlv_buff_len;
1071	int hdr_size = sizeof(*unicast_tvlv_packet);
1072	int ret = NET_RX_DROP;
1073
1074	if (batadv_check_unicast_packet(bat_priv, skb, hdr_size) < 0)
1075		goto free_skb;
1076
1077	/* the header is likely to be modified while forwarding */
1078	if (skb_cow(skb, hdr_size) < 0)
1079		goto free_skb;
1080
1081	/* packet needs to be linearized to access the tvlv content */
1082	if (skb_linearize(skb) < 0)
1083		goto free_skb;
1084
1085	unicast_tvlv_packet = (struct batadv_unicast_tvlv_packet *)skb->data;
1086
1087	tvlv_buff = (unsigned char *)(skb->data + hdr_size);
1088	tvlv_buff_len = ntohs(unicast_tvlv_packet->tvlv_len);
1089
1090	if (tvlv_buff_len > skb->len - hdr_size)
1091		goto free_skb;
1092
1093	ret = batadv_tvlv_containers_process(bat_priv, false, NULL,
1094					     unicast_tvlv_packet->src,
1095					     unicast_tvlv_packet->dst,
1096					     tvlv_buff, tvlv_buff_len);
1097
1098	if (ret != NET_RX_SUCCESS) {
1099		ret = batadv_route_unicast_packet(skb, recv_if);
1100		/* skb was consumed */
1101		skb = NULL;
1102	}
1103
1104free_skb:
1105	kfree_skb(skb);
1106
1107	return ret;
1108}
1109
1110/**
1111 * batadv_recv_frag_packet() - process received fragment
1112 * @skb: the received fragment
1113 * @recv_if: interface that the skb is received on
1114 *
1115 * This function does one of the three following things: 1) Forward fragment, if
1116 * the assembled packet will exceed our MTU; 2) Buffer fragment, if we till
1117 * lack further fragments; 3) Merge fragments, if we have all needed parts.
1118 *
1119 * Return: NET_RX_DROP if the skb is not consumed, NET_RX_SUCCESS otherwise.
1120 */
1121int batadv_recv_frag_packet(struct sk_buff *skb,
1122			    struct batadv_hard_iface *recv_if)
1123{
1124	struct batadv_priv *bat_priv = netdev_priv(recv_if->soft_iface);
1125	struct batadv_orig_node *orig_node_src = NULL;
1126	struct batadv_frag_packet *frag_packet;
1127	int ret = NET_RX_DROP;
1128
1129	if (batadv_check_unicast_packet(bat_priv, skb,
1130					sizeof(*frag_packet)) < 0)
1131		goto free_skb;
1132
1133	frag_packet = (struct batadv_frag_packet *)skb->data;
1134	orig_node_src = batadv_orig_hash_find(bat_priv, frag_packet->orig);
1135	if (!orig_node_src)
1136		goto free_skb;
1137
1138	skb->priority = frag_packet->priority + 256;
1139
1140	/* Route the fragment if it is not for us and too big to be merged. */
1141	if (!batadv_is_my_mac(bat_priv, frag_packet->dest) &&
1142	    batadv_frag_skb_fwd(skb, recv_if, orig_node_src)) {
1143		/* skb was consumed */
1144		skb = NULL;
1145		ret = NET_RX_SUCCESS;
1146		goto put_orig_node;
1147	}
1148
1149	batadv_inc_counter(bat_priv, BATADV_CNT_FRAG_RX);
1150	batadv_add_counter(bat_priv, BATADV_CNT_FRAG_RX_BYTES, skb->len);
1151
1152	/* Add fragment to buffer and merge if possible. */
1153	if (!batadv_frag_skb_buffer(&skb, orig_node_src))
1154		goto put_orig_node;
1155
1156	/* Deliver merged packet to the appropriate handler, if it was
1157	 * merged
1158	 */
1159	if (skb) {
1160		batadv_batman_skb_recv(skb, recv_if->net_dev,
1161				       &recv_if->batman_adv_ptype, NULL);
1162		/* skb was consumed */
1163		skb = NULL;
1164	}
1165
1166	ret = NET_RX_SUCCESS;
1167
1168put_orig_node:
1169	batadv_orig_node_put(orig_node_src);
1170free_skb:
1171	kfree_skb(skb);
1172
1173	return ret;
1174}
1175
1176/**
1177 * batadv_recv_bcast_packet() - Process incoming broadcast packet
1178 * @skb: incoming packet buffer
1179 * @recv_if: incoming hard interface
1180 *
1181 * Return: NET_RX_SUCCESS on success or NET_RX_DROP in case of failure
1182 */
1183int batadv_recv_bcast_packet(struct sk_buff *skb,
1184			     struct batadv_hard_iface *recv_if)
1185{
1186	struct batadv_priv *bat_priv = netdev_priv(recv_if->soft_iface);
1187	struct batadv_orig_node *orig_node = NULL;
1188	struct batadv_bcast_packet *bcast_packet;
1189	struct ethhdr *ethhdr;
1190	int hdr_size = sizeof(*bcast_packet);
1191	int ret = NET_RX_DROP;
1192	s32 seq_diff;
1193	u32 seqno;
1194
1195	/* drop packet if it has not necessary minimum size */
1196	if (unlikely(!pskb_may_pull(skb, hdr_size)))
1197		goto free_skb;
1198
1199	ethhdr = eth_hdr(skb);
1200
1201	/* packet with broadcast indication but unicast recipient */
1202	if (!is_broadcast_ether_addr(ethhdr->h_dest))
1203		goto free_skb;
1204
1205	/* packet with broadcast/multicast sender address */
1206	if (is_multicast_ether_addr(ethhdr->h_source))
1207		goto free_skb;
1208
1209	/* ignore broadcasts sent by myself */
1210	if (batadv_is_my_mac(bat_priv, ethhdr->h_source))
1211		goto free_skb;
1212
1213	bcast_packet = (struct batadv_bcast_packet *)skb->data;
1214
1215	/* ignore broadcasts originated by myself */
1216	if (batadv_is_my_mac(bat_priv, bcast_packet->orig))
1217		goto free_skb;
1218
1219	if (bcast_packet->ttl < 2)
1220		goto free_skb;
1221
1222	orig_node = batadv_orig_hash_find(bat_priv, bcast_packet->orig);
1223
1224	if (!orig_node)
1225		goto free_skb;
1226
1227	spin_lock_bh(&orig_node->bcast_seqno_lock);
1228
1229	seqno = ntohl(bcast_packet->seqno);
1230	/* check whether the packet is a duplicate */
1231	if (batadv_test_bit(orig_node->bcast_bits, orig_node->last_bcast_seqno,
1232			    seqno))
1233		goto spin_unlock;
1234
1235	seq_diff = seqno - orig_node->last_bcast_seqno;
1236
1237	/* check whether the packet is old and the host just restarted. */
1238	if (batadv_window_protected(bat_priv, seq_diff,
1239				    BATADV_BCAST_MAX_AGE,
1240				    &orig_node->bcast_seqno_reset, NULL))
1241		goto spin_unlock;
1242
1243	/* mark broadcast in flood history, update window position
1244	 * if required.
1245	 */
1246	if (batadv_bit_get_packet(bat_priv, orig_node->bcast_bits, seq_diff, 1))
1247		orig_node->last_bcast_seqno = seqno;
1248
1249	spin_unlock_bh(&orig_node->bcast_seqno_lock);
1250
1251	/* check whether this has been sent by another originator before */
1252	if (batadv_bla_check_bcast_duplist(bat_priv, skb))
1253		goto free_skb;
1254
1255	batadv_skb_set_priority(skb, sizeof(struct batadv_bcast_packet));
1256
1257	/* rebroadcast packet */
1258	batadv_add_bcast_packet_to_list(bat_priv, skb, 1, false);
1259
1260	/* don't hand the broadcast up if it is from an originator
1261	 * from the same backbone.
1262	 */
1263	if (batadv_bla_is_backbone_gw(skb, orig_node, hdr_size))
1264		goto free_skb;
1265
1266	if (batadv_dat_snoop_incoming_arp_request(bat_priv, skb, hdr_size))
1267		goto rx_success;
1268	if (batadv_dat_snoop_incoming_arp_reply(bat_priv, skb, hdr_size))
1269		goto rx_success;
1270
1271	batadv_dat_snoop_incoming_dhcp_ack(bat_priv, skb, hdr_size);
1272
1273	/* broadcast for me */
1274	batadv_interface_rx(recv_if->soft_iface, skb, hdr_size, orig_node);
1275
1276rx_success:
1277	ret = NET_RX_SUCCESS;
1278	goto out;
1279
1280spin_unlock:
1281	spin_unlock_bh(&orig_node->bcast_seqno_lock);
1282free_skb:
1283	kfree_skb(skb);
1284out:
1285	if (orig_node)
1286		batadv_orig_node_put(orig_node);
1287	return ret;
1288}