projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
net: Put fl6_* macros to struct flowi6 and use them again.
[deliverable/linux.git] / net / ipv6 / icmp.c
CommitLineData
1da177e4
LT		 1/*
2 * Internet Control Message Protocol (ICMPv6)
3 * Linux INET6 implementation
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 *
1da177e4
LT		 8 * Based on net/ipv4/icmp.c
9 *
10 * RFC 1885
11 *
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version
15 * 2 of the License, or (at your option) any later version.
16 */
17
18/*
19 * Changes:
20 *
21 * Andi Kleen : exception handling
22 * Andi Kleen add rate limits. never reply to a icmp.
23 * add more length checks and other fixes.
24 * yoshfuji : ensure to sent parameter problem for
25 * fragments.
26 * YOSHIFUJI Hideaki @USAGI: added sysctl for icmp rate limit.
27 * Randy Dunlap and
28 * YOSHIFUJI Hideaki @USAGI: Per-interface statistics support
29 * Kazunori MIYAZAWA @USAGI: change output process to use ip6_append_data
30 */
31
32#include <linux/module.h>
33#include <linux/errno.h>
34#include <linux/types.h>
35#include <linux/socket.h>
36#include <linux/in.h>
37#include <linux/kernel.h>
1da177e4
LT		 38#include <linux/sockios.h>
39#include <linux/net.h>
40#include <linux/skbuff.h>
41#include <linux/init.h>
763ecff1 42#include <linux/netfilter.h>
5a0e3ad6 43#include <linux/slab.h>
1da177e4
LT		 44
45#ifdef CONFIG_SYSCTL
46#include <linux/sysctl.h>
47#endif
48
49#include <linux/inet.h>
50#include <linux/netdevice.h>
51#include <linux/icmpv6.h>
52
53#include <net/ip.h>
54#include <net/sock.h>
55
56#include <net/ipv6.h>
57#include <net/ip6_checksum.h>
58#include <net/protocol.h>
59#include <net/raw.h>
60#include <net/rawv6.h>
61#include <net/transp_v6.h>
62#include <net/ip6_route.h>
63#include <net/addrconf.h>
64#include <net/icmp.h>
8b7817f3 65#include <net/xfrm.h>
1ed8516f 66#include <net/inet_common.h>
1da177e4
LT		 67
68#include <asm/uaccess.h>
69#include <asm/system.h>
70
1da177e4
LT		 71/*
72 * The ICMP socket(s). This is the most convenient way to flow control
73 * our ICMP output as well as maintain a clean interface throughout
74 * all layers. All Socketless IP sends will soon be gone.
75 *
76 * On SMP we have one ICMP socket per-cpu.
77 */
98c6d1b2
DL		 78static inline struct sock *icmpv6_sk(struct net *net)
79{
80 return net->ipv6.icmp_sk[smp_processor_id()];
81}
1da177e4 82
e5bbef20 83static int icmpv6_rcv(struct sk_buff *skb);
1da177e4 84
41135cc8 85static const struct inet6_protocol icmpv6_protocol = {
1da177e4 86 .handler = icmpv6_rcv,
8b7817f3 87 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
1da177e4
LT		 88};
89
fdc0bde9 90static __inline__ struct sock *icmpv6_xmit_lock(struct net *net)
1da177e4 91{
fdc0bde9
DL		 92 struct sock *sk;
93
1da177e4
LT		 94 local_bh_disable();
95
fdc0bde9 96 sk = icmpv6_sk(net);
405666db 97 if (unlikely(!spin_trylock(&sk->sk_lock.slock))) {
1da177e4
LT		 98 /* This can happen if the output path (f.e. SIT or
99 * ip6ip6 tunnel) signals dst_link_failure() for an
100 * outgoing ICMP6 packet.
101 */
102 local_bh_enable();
fdc0bde9 103 return NULL;
1da177e4 104 }
fdc0bde9 105 return sk;
1da177e4
LT		 106}
107
405666db 108static __inline__ void icmpv6_xmit_unlock(struct sock *sk)
1da177e4 109{
405666db 110 spin_unlock_bh(&sk->sk_lock.slock);
1da177e4
LT		 111}
112
1ab1457c 113/*
1da177e4
LT		 114 * Slightly more convenient version of icmpv6_send.
115 */
d5fdd6ba 116void icmpv6_param_prob(struct sk_buff *skb, u8 code, int pos)
1da177e4 117{
3ffe533c 118 icmpv6_send(skb, ICMPV6_PARAMPROB, code, pos);
1da177e4
LT		 119 kfree_skb(skb);
120}
121
122/*
123 * Figure out, may we reply to this packet with icmp error.
124 *
125 * We do not reply, if:
126 * - it was icmp error message.
127 * - it is truncated, so that it is known, that protocol is ICMPV6
128 * (i.e. in the middle of some exthdr)
129 *
130 * --ANK (980726)
131 */
132
133static int is_ineligible(struct sk_buff *skb)
134{
0660e03f 135 int ptr = (u8 *)(ipv6_hdr(skb) + 1) - skb->data;
1da177e4 136 int len = skb->len - ptr;
0660e03f 137 __u8 nexthdr = ipv6_hdr(skb)->nexthdr;
1da177e4
LT		 138
139 if (len < 0)
140 return 1;
141
0d3d077c 142 ptr = ipv6_skip_exthdr(skb, ptr, &nexthdr);
1da177e4
LT		 143 if (ptr < 0)
144 return 0;
145 if (nexthdr == IPPROTO_ICMPV6) {
146 u8 _type, *tp;
147 tp = skb_header_pointer(skb,
148 ptr+offsetof(struct icmp6hdr, icmp6_type),
149 sizeof(_type), &_type);
150 if (tp == NULL ||
151 !(*tp & ICMPV6_INFOMSG_MASK))
152 return 1;
153 }
154 return 0;
155}
156
1ab1457c
YH		 157/*
158 * Check the ICMP output rate limit
1da177e4 159 */
92d86829 160static inline bool icmpv6_xrlim_allow(struct sock *sk, u8 type,
4c9483b2 161 struct flowi6 *fl6)
1da177e4
LT		 162{
163 struct dst_entry *dst;
3b1e0a65 164 struct net *net = sock_net(sk);
92d86829 165 bool res = false;
1da177e4
LT		 166
167 /* Informational messages are not limited. */
168 if (type & ICMPV6_INFOMSG_MASK)
92d86829 169 return true;
1da177e4
LT		 170
171 /* Do not limit pmtu discovery, it would break it. */
172 if (type == ICMPV6_PKT_TOOBIG)
92d86829 173 return true;
1da177e4 174
1ab1457c 175 /*
1da177e4
LT		 176 * Look up the output route.
177 * XXX: perhaps the expire for routing entries cloned by
178 * this lookup should be more aggressive (not longer than timeout).
179 */
4c9483b2 180 dst = ip6_route_output(net, sk, fl6);
1da177e4 181 if (dst->error) {
3bd653c8 182 IP6_INC_STATS(net, ip6_dst_idev(dst),
a11d206d 183 IPSTATS_MIB_OUTNOROUTES);
1da177e4 184 } else if (dst->dev && (dst->dev->flags&IFF_LOOPBACK)) {
92d86829 185 res = true;
1da177e4
LT		 186 } else {
187 struct rt6_info *rt = (struct rt6_info *)dst;
9a43b709 188 int tmo = net->ipv6.sysctl.icmpv6_time;
1da177e4
LT		 189
190 /* Give more bandwidth to wider prefixes. */
191 if (rt->rt6i_dst.plen < 128)
192 tmo >>= ((128 - rt->rt6i_dst.plen)>>5);
193
92d86829
DM		 194 if (!rt->rt6i_peer)
195 rt6_bind_peer(rt, 1);
196 res = inet_peer_xrlim_allow(rt->rt6i_peer, tmo);
1da177e4
LT		 197 }
198 dst_release(dst);
199 return res;
200}
201
202/*
203 * an inline helper for the "simple" if statement below
204 * checks if parameter problem report is caused by an
1ab1457c 205 * unrecognized IPv6 option that has the Option Type
1da177e4
LT		 206 * highest-order two bits set to 10
207 */
208
209static __inline__ int opt_unrec(struct sk_buff *skb, __u32 offset)
210{
211 u8 _optval, *op;
212
bbe735e4 213 offset += skb_network_offset(skb);
1da177e4
LT		 214 op = skb_header_pointer(skb, offset, sizeof(_optval), &_optval);
215 if (op == NULL)
216 return 1;
217 return (*op & 0xC0) == 0x80;
218}
219
4c9483b2 220static int icmpv6_push_pending_frames(struct sock *sk, struct flowi6 *fl6, struct icmp6hdr *thdr, int len)
1da177e4
LT		 221{
222 struct sk_buff *skb;
223 struct icmp6hdr *icmp6h;
224 int err = 0;
225
226 if ((skb = skb_peek(&sk->sk_write_queue)) == NULL)
227 goto out;
228
cc70ab26 229 icmp6h = icmp6_hdr(skb);
1da177e4
LT		 230 memcpy(icmp6h, thdr, sizeof(struct icmp6hdr));
231 icmp6h->icmp6_cksum = 0;
232
233 if (skb_queue_len(&sk->sk_write_queue) == 1) {
07f0757a 234 skb->csum = csum_partial(icmp6h,
1da177e4 235 sizeof(struct icmp6hdr), skb->csum);
4c9483b2
DM		 236 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr,
237 &fl6->daddr,
238 len, fl6->flowi6_proto,
1da177e4
LT		 239 skb->csum);
240 } else {
868c86bc 241 __wsum tmp_csum = 0;
1da177e4
LT		 242
243 skb_queue_walk(&sk->sk_write_queue, skb) {
244 tmp_csum = csum_add(tmp_csum, skb->csum);
245 }
246
07f0757a 247 tmp_csum = csum_partial(icmp6h,
1da177e4 248 sizeof(struct icmp6hdr), tmp_csum);
4c9483b2
DM		 249 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr,
250 &fl6->daddr,
251 len, fl6->flowi6_proto,
868c86bc 252 tmp_csum);
1da177e4 253 }
1da177e4
LT		 254 ip6_push_pending_frames(sk);
255out:
256 return err;
257}
258
259struct icmpv6_msg {
260 struct sk_buff *skb;
261 int offset;
763ecff1 262 uint8_t type;
1da177e4
LT		 263};
264
265static int icmpv6_getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb)
266{
267 struct icmpv6_msg *msg = (struct icmpv6_msg *) from;
268 struct sk_buff *org_skb = msg->skb;
5f92a738 269 __wsum csum = 0;
1da177e4
LT		 270
271 csum = skb_copy_and_csum_bits(org_skb, msg->offset + offset,
272 to, len, csum);
273 skb->csum = csum_block_add(skb->csum, csum, odd);
763ecff1
YK		 274 if (!(msg->type & ICMPV6_INFOMSG_MASK))
275 nf_ct_attach(skb, org_skb);
1da177e4
LT		 276 return 0;
277}
278
59fbb3a6 279#if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE)
79383236
MN		 280static void mip6_addr_swap(struct sk_buff *skb)
281{
0660e03f 282 struct ipv6hdr *iph = ipv6_hdr(skb);
79383236
MN		 283 struct inet6_skb_parm *opt = IP6CB(skb);
284 struct ipv6_destopt_hao *hao;
285 struct in6_addr tmp;
286 int off;
287
288 if (opt->dsthao) {
289 off = ipv6_find_tlv(skb, opt->dsthao, IPV6_TLV_HAO);
290 if (likely(off >= 0)) {
d56f90a7
ACM		 291 hao = (struct ipv6_destopt_hao *)
292 (skb_network_header(skb) + off);
79383236
MN		 293 ipv6_addr_copy(&tmp, &iph->saddr);
294 ipv6_addr_copy(&iph->saddr, &hao->addr);
295 ipv6_addr_copy(&hao->addr, &tmp);
296 }
297 }
298}
299#else
300static inline void mip6_addr_swap(struct sk_buff *skb) {}
301#endif
302
b42835db 303static struct dst_entry *icmpv6_route_lookup(struct net *net, struct sk_buff *skb,
4c9483b2 304 struct sock *sk, struct flowi6 *fl6)
b42835db
DM		 305{
306 struct dst_entry *dst, *dst2;
4c9483b2 307 struct flowi6 fl2;
b42835db
DM		 308 int err;
309
4c9483b2 310 err = ip6_dst_lookup(sk, &dst, fl6);
b42835db
DM		 311 if (err)
312 return ERR_PTR(err);
313
314 /*
315 * We won't send icmp if the destination is known
316 * anycast.
317 */
318 if (((struct rt6_info *)dst)->rt6i_flags & RTF_ANYCAST) {
319 LIMIT_NETDEBUG(KERN_DEBUG "icmpv6_send: acast source\n");
320 dst_release(dst);
321 return ERR_PTR(-EINVAL);
322 }
323
324 /* No need to clone since we're just using its address. */
325 dst2 = dst;
326
4c9483b2 327 dst = xfrm_lookup(net, dst, flowi6_to_flowi(fl6), sk, 0);
452edd59 328 if (!IS_ERR(dst)) {
b42835db
DM		 329 if (dst != dst2)
330 return dst;
452edd59
DM		 331 } else {
332 if (PTR_ERR(dst) == -EPERM)
333 dst = NULL;
334 else
335 return dst;
b42835db
DM		 336 }
337
4c9483b2 338 err = xfrm_decode_session_reverse(skb, flowi6_to_flowi(&fl2), AF_INET6);
b42835db
DM		 339 if (err)
340 goto relookup_failed;
341
342 err = ip6_dst_lookup(sk, &dst2, &fl2);
343 if (err)
344 goto relookup_failed;
345
4c9483b2 346 dst2 = xfrm_lookup(net, dst2, flowi6_to_flowi(&fl2), sk, XFRM_LOOKUP_ICMP);
452edd59 347 if (!IS_ERR(dst2)) {
b42835db
DM		 348 dst_release(dst);
349 dst = dst2;
452edd59
DM		 350 } else {
351 err = PTR_ERR(dst2);
352 if (err == -EPERM) {
353 dst_release(dst);
354 return dst2;
355 } else
356 goto relookup_failed;
b42835db
DM		 357 }
358
359relookup_failed:
360 if (dst)
361 return dst;
362 return ERR_PTR(err);
363}
364
1da177e4
LT		 365/*
366 * Send an ICMP message in response to a packet in error
367 */
3ffe533c 368void icmpv6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info)
1da177e4 369{
c346dca1 370 struct net *net = dev_net(skb->dev);
1da177e4 371 struct inet6_dev *idev = NULL;
0660e03f 372 struct ipv6hdr *hdr = ipv6_hdr(skb);
84427d53
YH		 373 struct sock *sk;
374 struct ipv6_pinfo *np;
1da177e4
LT		 375 struct in6_addr *saddr = NULL;
376 struct dst_entry *dst;
377 struct icmp6hdr tmp_hdr;
4c9483b2 378 struct flowi6 fl6;
1da177e4
LT		 379 struct icmpv6_msg msg;
380 int iif = 0;
381 int addr_type = 0;
382 int len;
e651f03a 383 int hlimit;
1da177e4
LT		 384 int err = 0;
385
27a884dc
ACM		 386 if ((u8 *)hdr < skb->head ||
387 (skb->network_header + sizeof(*hdr)) > skb->tail)
1da177e4
LT		 388 return;
389
390 /*
1ab1457c 391 * Make sure we respect the rules
1da177e4
LT		 392 * i.e. RFC 1885 2.4(e)
393 * Rule (e.1) is enforced by not using icmpv6_send
394 * in any code that processes icmp errors.
395 */
396 addr_type = ipv6_addr_type(&hdr->daddr);
397
9a43b709 398 if (ipv6_chk_addr(net, &hdr->daddr, skb->dev, 0))
1da177e4
LT		 399 saddr = &hdr->daddr;
400
401 /*
402 * Dest addr check
403 */
404
405 if ((addr_type & IPV6_ADDR_MULTICAST || skb->pkt_type != PACKET_HOST)) {
406 if (type != ICMPV6_PKT_TOOBIG &&
1ab1457c
YH		 407 !(type == ICMPV6_PARAMPROB &&
408 code == ICMPV6_UNK_OPTION &&
1da177e4
LT		 409 (opt_unrec(skb, info))))
410 return;
411
412 saddr = NULL;
413 }
414
415 addr_type = ipv6_addr_type(&hdr->saddr);
416
417 /*
418 * Source addr check
419 */
420
421 if (addr_type & IPV6_ADDR_LINKLOCAL)
422 iif = skb->dev->ifindex;
423
424 /*
8de3351e
YH		 425 * Must not send error if the source does not uniquely
426 * identify a single node (RFC2463 Section 2.4).
427 * We check unspecified / multicast addresses here,
428 * and anycast addresses will be checked later.
1da177e4
LT		 429 */
430 if ((addr_type == IPV6_ADDR_ANY) || (addr_type & IPV6_ADDR_MULTICAST)) {
64ce2073 431 LIMIT_NETDEBUG(KERN_DEBUG "icmpv6_send: addr_any/mcast source\n");
1da177e4
LT		 432 return;
433 }
434
1ab1457c 435 /*
1da177e4
LT		 436 * Never answer to a ICMP packet.
437 */
438 if (is_ineligible(skb)) {
64ce2073 439 LIMIT_NETDEBUG(KERN_DEBUG "icmpv6_send: no reply to icmp error\n");
1da177e4
LT		 440 return;
441 }
442
79383236
MN		 443 mip6_addr_swap(skb);
444
4c9483b2
DM		 445 memset(&fl6, 0, sizeof(fl6));
446 fl6.flowi6_proto = IPPROTO_ICMPV6;
447 ipv6_addr_copy(&fl6.daddr, &hdr->saddr);
1da177e4 448 if (saddr)
4c9483b2
DM		 449 ipv6_addr_copy(&fl6.saddr, saddr);
450 fl6.flowi6_oif = iif;
1958b856
DM		 451 fl6.fl6_icmp_type = type;
452 fl6.fl6_icmp_code = code;
4c9483b2 453 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
1da177e4 454
fdc0bde9
DL		 455 sk = icmpv6_xmit_lock(net);
456 if (sk == NULL)
405666db 457 return;
fdc0bde9 458 np = inet6_sk(sk);
405666db 459
4c9483b2 460 if (!icmpv6_xrlim_allow(sk, type, &fl6))
1da177e4
LT		 461 goto out;
462
463 tmp_hdr.icmp6_type = type;
464 tmp_hdr.icmp6_code = code;
465 tmp_hdr.icmp6_cksum = 0;
466 tmp_hdr.icmp6_pointer = htonl(info);
467
4c9483b2
DM		 468 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
469 fl6.flowi6_oif = np->mcast_oif;
1da177e4 470
4c9483b2 471 dst = icmpv6_route_lookup(net, skb, sk, &fl6);
b42835db 472 if (IS_ERR(dst))
1da177e4 473 goto out;
8de3351e 474
4c9483b2 475 if (ipv6_addr_is_multicast(&fl6.daddr))
1da177e4
LT		 476 hlimit = np->mcast_hops;
477 else
478 hlimit = np->hop_limit;
479 if (hlimit < 0)
6b75d090 480 hlimit = ip6_dst_hoplimit(dst);
1da177e4
LT		 481
482 msg.skb = skb;
bbe735e4 483 msg.offset = skb_network_offset(skb);
763ecff1 484 msg.type = type;
1da177e4
LT		 485
486 len = skb->len - msg.offset;
487 len = min_t(unsigned int, len, IPV6_MIN_MTU - sizeof(struct ipv6hdr) -sizeof(struct icmp6hdr));
488 if (len < 0) {
64ce2073 489 LIMIT_NETDEBUG(KERN_DEBUG "icmp: len problem\n");
1da177e4
LT		 490 goto out_dst_release;
491 }
492
493 idev = in6_dev_get(skb->dev);
494
495 err = ip6_append_data(sk, icmpv6_getfrag, &msg,
496 len + sizeof(struct icmp6hdr),
e651f03a 497 sizeof(struct icmp6hdr), hlimit,
4c9483b2 498 np->tclass, NULL, &fl6, (struct rt6_info*)dst,
13b52cd4 499 MSG_DONTWAIT, np->dontfrag);
1da177e4 500 if (err) {
00d9d6a1 501 ICMP6_INC_STATS_BH(net, idev, ICMP6_MIB_OUTERRORS);
1da177e4
LT		 502 ip6_flush_pending_frames(sk);
503 goto out_put;
504 }
4c9483b2 505 err = icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr, len + sizeof(struct icmp6hdr));
1da177e4 506
1da177e4
LT		 507out_put:
508 if (likely(idev != NULL))
509 in6_dev_put(idev);
510out_dst_release:
511 dst_release(dst);
512out:
405666db 513 icmpv6_xmit_unlock(sk);
1da177e4
LT		 514}
515
7159039a
YH		 516EXPORT_SYMBOL(icmpv6_send);
517
1da177e4
LT		 518static void icmpv6_echo_reply(struct sk_buff *skb)
519{
c346dca1 520 struct net *net = dev_net(skb->dev);
84427d53 521 struct sock *sk;
1da177e4 522 struct inet6_dev *idev;
84427d53 523 struct ipv6_pinfo *np;
1da177e4 524 struct in6_addr *saddr = NULL;
cc70ab26 525 struct icmp6hdr *icmph = icmp6_hdr(skb);
1da177e4 526 struct icmp6hdr tmp_hdr;
4c9483b2 527 struct flowi6 fl6;
1da177e4
LT		 528 struct icmpv6_msg msg;
529 struct dst_entry *dst;
530 int err = 0;
531 int hlimit;
532
0660e03f 533 saddr = &ipv6_hdr(skb)->daddr;
1da177e4
LT		 534
535 if (!ipv6_unicast_destination(skb))
536 saddr = NULL;
537
538 memcpy(&tmp_hdr, icmph, sizeof(tmp_hdr));
539 tmp_hdr.icmp6_type = ICMPV6_ECHO_REPLY;
540
4c9483b2
DM		 541 memset(&fl6, 0, sizeof(fl6));
542 fl6.flowi6_proto = IPPROTO_ICMPV6;
543 ipv6_addr_copy(&fl6.daddr, &ipv6_hdr(skb)->saddr);
1da177e4 544 if (saddr)
4c9483b2
DM		 545 ipv6_addr_copy(&fl6.saddr, saddr);
546 fl6.flowi6_oif = skb->dev->ifindex;
1958b856 547 fl6.fl6_icmp_type = ICMPV6_ECHO_REPLY;
4c9483b2 548 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
1da177e4 549
fdc0bde9
DL		 550 sk = icmpv6_xmit_lock(net);
551 if (sk == NULL)
405666db 552 return;
fdc0bde9 553 np = inet6_sk(sk);
405666db 554
4c9483b2
DM		 555 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
556 fl6.flowi6_oif = np->mcast_oif;
1da177e4 557
4c9483b2 558 err = ip6_dst_lookup(sk, &dst, &fl6);
1da177e4
LT		 559 if (err)
560 goto out;
4c9483b2 561 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), sk, 0);
452edd59 562 if (IS_ERR(dst))
e104411b 563 goto out;
1da177e4 564
4c9483b2 565 if (ipv6_addr_is_multicast(&fl6.daddr))
1da177e4
LT		 566 hlimit = np->mcast_hops;
567 else
568 hlimit = np->hop_limit;
569 if (hlimit < 0)
6b75d090 570 hlimit = ip6_dst_hoplimit(dst);
1da177e4
LT		 571
572 idev = in6_dev_get(skb->dev);
573
574 msg.skb = skb;
575 msg.offset = 0;
763ecff1 576 msg.type = ICMPV6_ECHO_REPLY;
1da177e4
LT		 577
578 err = ip6_append_data(sk, icmpv6_getfrag, &msg, skb->len + sizeof(struct icmp6hdr),
4c9483b2 579 sizeof(struct icmp6hdr), hlimit, np->tclass, NULL, &fl6,
13b52cd4
BH		 580 (struct rt6_info*)dst, MSG_DONTWAIT,
581 np->dontfrag);
1da177e4
LT		 582
583 if (err) {
00d9d6a1 584 ICMP6_INC_STATS_BH(net, idev, ICMP6_MIB_OUTERRORS);
1da177e4
LT		 585 ip6_flush_pending_frames(sk);
586 goto out_put;
587 }
4c9483b2 588 err = icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr, skb->len + sizeof(struct icmp6hdr));
1da177e4 589
1ab1457c 590out_put:
1da177e4
LT		 591 if (likely(idev != NULL))
592 in6_dev_put(idev);
1da177e4 593 dst_release(dst);
1ab1457c 594out:
405666db 595 icmpv6_xmit_unlock(sk);
1da177e4
LT		 596}
597
d5fdd6ba 598static void icmpv6_notify(struct sk_buff *skb, u8 type, u8 code, __be32 info)
1da177e4 599{
41135cc8 600 const struct inet6_protocol *ipprot;
1da177e4
LT		 601 int inner_offset;
602 int hash;
603 u8 nexthdr;
604
605 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
606 return;
607
608 nexthdr = ((struct ipv6hdr *)skb->data)->nexthdr;
609 if (ipv6_ext_hdr(nexthdr)) {
610 /* now skip over extension headers */
0d3d077c 611 inner_offset = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), &nexthdr);
1da177e4
LT		 612 if (inner_offset<0)
613 return;
614 } else {
615 inner_offset = sizeof(struct ipv6hdr);
616 }
617
618 /* Checkin header including 8 bytes of inner protocol header. */
619 if (!pskb_may_pull(skb, inner_offset+8))
620 return;
621
1da177e4
LT		 622 /* BUGGG_FUTURE: we should try to parse exthdrs in this packet.
623 Without this we will not able f.e. to make source routed
624 pmtu discovery.
625 Corresponding argument (opt) to notifiers is already added.
626 --ANK (980726)
627 */
628
629 hash = nexthdr & (MAX_INET_PROTOS - 1);
630
631 rcu_read_lock();
632 ipprot = rcu_dereference(inet6_protos[hash]);
633 if (ipprot && ipprot->err_handler)
634 ipprot->err_handler(skb, NULL, type, code, inner_offset, info);
635 rcu_read_unlock();
636
69d6da0b 637 raw6_icmp_error(skb, nexthdr, type, code, inner_offset, info);
1da177e4 638}
1ab1457c 639
1da177e4
LT		 640/*
641 * Handle icmp messages
642 */
643
e5bbef20 644static int icmpv6_rcv(struct sk_buff *skb)
1da177e4 645{
1da177e4
LT		 646 struct net_device *dev = skb->dev;
647 struct inet6_dev *idev = __in6_dev_get(dev);
648 struct in6_addr *saddr, *daddr;
649 struct ipv6hdr *orig_hdr;
650 struct icmp6hdr *hdr;
d5fdd6ba 651 u8 type;
1da177e4 652
aebcf82c 653 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
def8b4fa 654 struct sec_path *sp = skb_sec_path(skb);
8b7817f3
HX		 655 int nh;
656
def8b4fa 657 if (!(sp && sp->xvec[sp->len - 1]->props.flags &
aebcf82c
HX		 658 XFRM_STATE_ICMP))
659 goto drop_no_count;
660
8b7817f3
HX		 661 if (!pskb_may_pull(skb, sizeof(*hdr) + sizeof(*orig_hdr)))
662 goto drop_no_count;
663
664 nh = skb_network_offset(skb);
665 skb_set_network_header(skb, sizeof(*hdr));
666
667 if (!xfrm6_policy_check_reverse(NULL, XFRM_POLICY_IN, skb))
668 goto drop_no_count;
669
670 skb_set_network_header(skb, nh);
671 }
672
e41b5368 673 ICMP6_INC_STATS_BH(dev_net(dev), idev, ICMP6_MIB_INMSGS);
1da177e4 674
0660e03f
ACM		 675 saddr = &ipv6_hdr(skb)->saddr;
676 daddr = &ipv6_hdr(skb)->daddr;
1da177e4
LT		 677
678 /* Perform checksum. */
fb286bb2 679 switch (skb->ip_summed) {
84fa7933 680 case CHECKSUM_COMPLETE:
fb286bb2
HX		 681 if (!csum_ipv6_magic(saddr, daddr, skb->len, IPPROTO_ICMPV6,
682 skb->csum))
683 break;
684 /* fall through */
685 case CHECKSUM_NONE:
868c86bc
AV		 686 skb->csum = ~csum_unfold(csum_ipv6_magic(saddr, daddr, skb->len,
687 IPPROTO_ICMPV6, 0));
fb286bb2 688 if (__skb_checksum_complete(skb)) {
5b095d98 689 LIMIT_NETDEBUG(KERN_DEBUG "ICMPv6 checksum failed [%pI6 > %pI6]\n",
0c6ce78a 690 saddr, daddr);
1da177e4
LT		 691 goto discard_it;
692 }
693 }
694
8cf22943
HX		 695 if (!pskb_pull(skb, sizeof(*hdr)))
696 goto discard_it;
1da177e4 697
cc70ab26 698 hdr = icmp6_hdr(skb);
1da177e4
LT		 699
700 type = hdr->icmp6_type;
701
55d43808 702 ICMP6MSGIN_INC_STATS_BH(dev_net(dev), idev, type);
1da177e4
LT		 703
704 switch (type) {
705 case ICMPV6_ECHO_REQUEST:
706 icmpv6_echo_reply(skb);
707 break;
708
709 case ICMPV6_ECHO_REPLY:
710 /* we couldn't care less */
711 break;
712
713 case ICMPV6_PKT_TOOBIG:
714 /* BUGGG_FUTURE: if packet contains rthdr, we cannot update
715 standard destination cache. Seems, only "advanced"
716 destination cache will allow to solve this problem
717 --ANK (980726)
718 */
719 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
720 goto discard_it;
cc70ab26 721 hdr = icmp6_hdr(skb);
1da177e4
LT		 722 orig_hdr = (struct ipv6hdr *) (hdr + 1);
723 rt6_pmtu_discovery(&orig_hdr->daddr, &orig_hdr->saddr, dev,
724 ntohl(hdr->icmp6_mtu));
725
726 /*
727 * Drop through to notify
728 */
729
730 case ICMPV6_DEST_UNREACH:
731 case ICMPV6_TIME_EXCEED:
732 case ICMPV6_PARAMPROB:
733 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu);
734 break;
735
736 case NDISC_ROUTER_SOLICITATION:
737 case NDISC_ROUTER_ADVERTISEMENT:
738 case NDISC_NEIGHBOUR_SOLICITATION:
739 case NDISC_NEIGHBOUR_ADVERTISEMENT:
740 case NDISC_REDIRECT:
741 ndisc_rcv(skb);
742 break;
743
744 case ICMPV6_MGM_QUERY:
745 igmp6_event_query(skb);
746 break;
747
748 case ICMPV6_MGM_REPORT:
749 igmp6_event_report(skb);
750 break;
751
752 case ICMPV6_MGM_REDUCTION:
753 case ICMPV6_NI_QUERY:
754 case ICMPV6_NI_REPLY:
755 case ICMPV6_MLD2_REPORT:
756 case ICMPV6_DHAAD_REQUEST:
757 case ICMPV6_DHAAD_REPLY:
758 case ICMPV6_MOBILE_PREFIX_SOL:
759 case ICMPV6_MOBILE_PREFIX_ADV:
760 break;
761
762 default:
64ce2073 763 LIMIT_NETDEBUG(KERN_DEBUG "icmpv6: msg of unknown type\n");
1da177e4
LT		 764
765 /* informational */
766 if (type & ICMPV6_INFOMSG_MASK)
767 break;
768
1ab1457c
YH		 769 /*
770 * error of unknown type.
771 * must pass to upper level
1da177e4
LT		 772 */
773
774 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu);
3ff50b79
SH		 775 }
776
1da177e4
LT		 777 kfree_skb(skb);
778 return 0;
779
780discard_it:
e41b5368 781 ICMP6_INC_STATS_BH(dev_net(dev), idev, ICMP6_MIB_INERRORS);
8b7817f3 782drop_no_count:
1da177e4
LT		 783 kfree_skb(skb);
784 return 0;
785}
786
4c9483b2 787void icmpv6_flow_init(struct sock *sk, struct flowi6 *fl6,
95e41e93
YH		 788 u8 type,
789 const struct in6_addr *saddr,
790 const struct in6_addr *daddr,
791 int oif)
792{
4c9483b2
DM		 793 memset(fl6, 0, sizeof(*fl6));
794 ipv6_addr_copy(&fl6->saddr, saddr);
795 ipv6_addr_copy(&fl6->daddr, daddr);
796 fl6->flowi6_proto = IPPROTO_ICMPV6;
1958b856
DM		 797 fl6->fl6_icmp_type = type;
798 fl6->fl6_icmp_code = 0;
4c9483b2
DM		 799 fl6->flowi6_oif = oif;
800 security_sk_classify_flow(sk, flowi6_to_flowi(fl6));
95e41e93
YH		 801}
802
640c41c7 803/*
b7e729c4 804 * Special lock-class for __icmpv6_sk:
640c41c7
IM		 805 */
806static struct lock_class_key icmpv6_socket_sk_dst_lock_key;
807
98c6d1b2 808static int __net_init icmpv6_sk_init(struct net *net)
1da177e4
LT		 809{
810 struct sock *sk;
811 int err, i, j;
812
98c6d1b2
DL		 813 net->ipv6.icmp_sk =
814 kzalloc(nr_cpu_ids * sizeof(struct sock *), GFP_KERNEL);
815 if (net->ipv6.icmp_sk == NULL)
79c91159
DL		 816 return -ENOMEM;
817
6f912042 818 for_each_possible_cpu(i) {
1ed8516f
DL		 819 err = inet_ctl_sock_create(&sk, PF_INET6,
820 SOCK_RAW, IPPROTO_ICMPV6, net);
1da177e4
LT		 821 if (err < 0) {
822 printk(KERN_ERR
823 "Failed to initialize the ICMP6 control socket "
824 "(err %d).\n",
825 err);
826 goto fail;
827 }
828
1ed8516f 829 net->ipv6.icmp_sk[i] = sk;
5c8cafd6 830
640c41c7
IM		 831 /*
832 * Split off their lock-class, because sk->sk_dst_lock
833 * gets used from softirqs, which is safe for
b7e729c4 834 * __icmpv6_sk (because those never get directly used
640c41c7
IM		 835 * via userspace syscalls), but unsafe for normal sockets.
836 */
837 lockdep_set_class(&sk->sk_dst_lock,
838 &icmpv6_socket_sk_dst_lock_key);
1da177e4
LT		 839
840 /* Enough space for 2 64K ICMP packets, including
841 * sk_buff struct overhead.
842 */
843 sk->sk_sndbuf =
844 (2 * ((64 * 1024) + sizeof(struct sk_buff)));
1da177e4 845 }
1da177e4
LT		 846 return 0;
847
848 fail:
5c8cafd6 849 for (j = 0; j < i; j++)
1ed8516f 850 inet_ctl_sock_destroy(net->ipv6.icmp_sk[j]);
98c6d1b2 851 kfree(net->ipv6.icmp_sk);
1da177e4
LT		 852 return err;
853}
854
98c6d1b2 855static void __net_exit icmpv6_sk_exit(struct net *net)
1da177e4
LT		 856{
857 int i;
858
6f912042 859 for_each_possible_cpu(i) {
1ed8516f 860 inet_ctl_sock_destroy(net->ipv6.icmp_sk[i]);
1da177e4 861 }
98c6d1b2
DL		 862 kfree(net->ipv6.icmp_sk);
863}
864
8ed7edce 865static struct pernet_operations icmpv6_sk_ops = {
98c6d1b2
DL		 866 .init = icmpv6_sk_init,
867 .exit = icmpv6_sk_exit,
868};
869
870int __init icmpv6_init(void)
871{
872 int err;
873
874 err = register_pernet_subsys(&icmpv6_sk_ops);
875 if (err < 0)
876 return err;
877
878 err = -EAGAIN;
879 if (inet6_add_protocol(&icmpv6_protocol, IPPROTO_ICMPV6) < 0)
880 goto fail;
881 return 0;
882
883fail:
884 printk(KERN_ERR "Failed to register ICMP6 protocol\n");
885 unregister_pernet_subsys(&icmpv6_sk_ops);
886 return err;
887}
888
8ed7edce 889void icmpv6_cleanup(void)
98c6d1b2
DL		 890{
891 unregister_pernet_subsys(&icmpv6_sk_ops);
1da177e4
LT		 892 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6);
893}
894
98c6d1b2 895
9b5b5cff 896static const struct icmp6_err {
1da177e4
LT		 897 int err;
898 int fatal;
899} tab_unreach[] = {
900 { /* NOROUTE */
901 .err = ENETUNREACH,
902 .fatal = 0,
903 },
904 { /* ADM_PROHIBITED */
905 .err = EACCES,
906 .fatal = 1,
907 },
908 { /* Was NOT_NEIGHBOUR, now reserved */
909 .err = EHOSTUNREACH,
910 .fatal = 0,
911 },
912 { /* ADDR_UNREACH */
913 .err = EHOSTUNREACH,
914 .fatal = 0,
915 },
916 { /* PORT_UNREACH */
917 .err = ECONNREFUSED,
918 .fatal = 1,
919 },
920};
921
d5fdd6ba 922int icmpv6_err_convert(u8 type, u8 code, int *err)
1da177e4
LT		 923{
924 int fatal = 0;
925
926 *err = EPROTO;
927
928 switch (type) {
929 case ICMPV6_DEST_UNREACH:
930 fatal = 1;
931 if (code <= ICMPV6_PORT_UNREACH) {
932 *err = tab_unreach[code].err;
933 fatal = tab_unreach[code].fatal;
934 }
935 break;
936
937 case ICMPV6_PKT_TOOBIG:
938 *err = EMSGSIZE;
939 break;
1ab1457c 940
1da177e4
LT		 941 case ICMPV6_PARAMPROB:
942 *err = EPROTO;
943 fatal = 1;
944 break;
945
946 case ICMPV6_TIME_EXCEED:
947 *err = EHOSTUNREACH;
948 break;
3ff50b79 949 }
1da177e4
LT		 950
951 return fatal;
952}
953
7159039a
YH		 954EXPORT_SYMBOL(icmpv6_err_convert);
955
1da177e4 956#ifdef CONFIG_SYSCTL
760f2d01 957ctl_table ipv6_icmp_table_template[] = {
1da177e4 958 {
1da177e4 959 .procname = "ratelimit",
41a76906 960 .data = &init_net.ipv6.sysctl.icmpv6_time,
1da177e4
LT		 961 .maxlen = sizeof(int),
962 .mode = 0644,
6d9f239a 963 .proc_handler = proc_dointvec_ms_jiffies,
1da177e4 964 },
f8572d8f 965 { },
1da177e4 966};
760f2d01 967
2c8c1e72 968struct ctl_table * __net_init ipv6_icmp_sysctl_init(struct net *net)
760f2d01
DL		 969{
970 struct ctl_table *table;
971
972 table = kmemdup(ipv6_icmp_table_template,
973 sizeof(ipv6_icmp_table_template),
974 GFP_KERNEL);
5ee09105
YH		 975
976 if (table)
977 table[0].data = &net->ipv6.sysctl.icmpv6_time;
978
760f2d01
DL		 979 return table;
980}
1da177e4
LT		 981#endif
982
Linux kernel - Deliverables
This page took 0.724205 seconds and 5 git commands to generate.