projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
ipv6: drop unused "dev" arg of icmpv6_send()
[deliverable/linux.git] / net / ipv6 / icmp.c
CommitLineData
1da177e4
LT		 1/*
2 * Internet Control Message Protocol (ICMPv6)
3 * Linux INET6 implementation
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 *
1da177e4
LT		 8 * Based on net/ipv4/icmp.c
9 *
10 * RFC 1885
11 *
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version
15 * 2 of the License, or (at your option) any later version.
16 */
17
18/*
19 * Changes:
20 *
21 * Andi Kleen : exception handling
22 * Andi Kleen add rate limits. never reply to a icmp.
23 * add more length checks and other fixes.
24 * yoshfuji : ensure to sent parameter problem for
25 * fragments.
26 * YOSHIFUJI Hideaki @USAGI: added sysctl for icmp rate limit.
27 * Randy Dunlap and
28 * YOSHIFUJI Hideaki @USAGI: Per-interface statistics support
29 * Kazunori MIYAZAWA @USAGI: change output process to use ip6_append_data
30 */
31
32#include <linux/module.h>
33#include <linux/errno.h>
34#include <linux/types.h>
35#include <linux/socket.h>
36#include <linux/in.h>
37#include <linux/kernel.h>
1da177e4
LT		 38#include <linux/sockios.h>
39#include <linux/net.h>
40#include <linux/skbuff.h>
41#include <linux/init.h>
763ecff1 42#include <linux/netfilter.h>
1da177e4
LT		 43
44#ifdef CONFIG_SYSCTL
45#include <linux/sysctl.h>
46#endif
47
48#include <linux/inet.h>
49#include <linux/netdevice.h>
50#include <linux/icmpv6.h>
51
52#include <net/ip.h>
53#include <net/sock.h>
54
55#include <net/ipv6.h>
56#include <net/ip6_checksum.h>
57#include <net/protocol.h>
58#include <net/raw.h>
59#include <net/rawv6.h>
60#include <net/transp_v6.h>
61#include <net/ip6_route.h>
62#include <net/addrconf.h>
63#include <net/icmp.h>
8b7817f3 64#include <net/xfrm.h>
1ed8516f 65#include <net/inet_common.h>
1da177e4
LT		 66
67#include <asm/uaccess.h>
68#include <asm/system.h>
69
1da177e4
LT		 70/*
71 * The ICMP socket(s). This is the most convenient way to flow control
72 * our ICMP output as well as maintain a clean interface throughout
73 * all layers. All Socketless IP sends will soon be gone.
74 *
75 * On SMP we have one ICMP socket per-cpu.
76 */
98c6d1b2
DL		 77static inline struct sock *icmpv6_sk(struct net *net)
78{
79 return net->ipv6.icmp_sk[smp_processor_id()];
80}
1da177e4 81
e5bbef20 82static int icmpv6_rcv(struct sk_buff *skb);
1da177e4 83
41135cc8 84static const struct inet6_protocol icmpv6_protocol = {
1da177e4 85 .handler = icmpv6_rcv,
8b7817f3 86 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
1da177e4
LT		 87};
88
fdc0bde9 89static __inline__ struct sock *icmpv6_xmit_lock(struct net *net)
1da177e4 90{
fdc0bde9
DL		 91 struct sock *sk;
92
1da177e4
LT		 93 local_bh_disable();
94
fdc0bde9 95 sk = icmpv6_sk(net);
405666db 96 if (unlikely(!spin_trylock(&sk->sk_lock.slock))) {
1da177e4
LT		 97 /* This can happen if the output path (f.e. SIT or
98 * ip6ip6 tunnel) signals dst_link_failure() for an
99 * outgoing ICMP6 packet.
100 */
101 local_bh_enable();
fdc0bde9 102 return NULL;
1da177e4 103 }
fdc0bde9 104 return sk;
1da177e4
LT		 105}
106
405666db 107static __inline__ void icmpv6_xmit_unlock(struct sock *sk)
1da177e4 108{
405666db 109 spin_unlock_bh(&sk->sk_lock.slock);
1da177e4
LT		 110}
111
1ab1457c 112/*
1da177e4
LT		 113 * Slightly more convenient version of icmpv6_send.
114 */
d5fdd6ba 115void icmpv6_param_prob(struct sk_buff *skb, u8 code, int pos)
1da177e4 116{
3ffe533c 117 icmpv6_send(skb, ICMPV6_PARAMPROB, code, pos);
1da177e4
LT		 118 kfree_skb(skb);
119}
120
121/*
122 * Figure out, may we reply to this packet with icmp error.
123 *
124 * We do not reply, if:
125 * - it was icmp error message.
126 * - it is truncated, so that it is known, that protocol is ICMPV6
127 * (i.e. in the middle of some exthdr)
128 *
129 * --ANK (980726)
130 */
131
132static int is_ineligible(struct sk_buff *skb)
133{
0660e03f 134 int ptr = (u8 *)(ipv6_hdr(skb) + 1) - skb->data;
1da177e4 135 int len = skb->len - ptr;
0660e03f 136 __u8 nexthdr = ipv6_hdr(skb)->nexthdr;
1da177e4
LT		 137
138 if (len < 0)
139 return 1;
140
0d3d077c 141 ptr = ipv6_skip_exthdr(skb, ptr, &nexthdr);
1da177e4
LT		 142 if (ptr < 0)
143 return 0;
144 if (nexthdr == IPPROTO_ICMPV6) {
145 u8 _type, *tp;
146 tp = skb_header_pointer(skb,
147 ptr+offsetof(struct icmp6hdr, icmp6_type),
148 sizeof(_type), &_type);
149 if (tp == NULL ||
150 !(*tp & ICMPV6_INFOMSG_MASK))
151 return 1;
152 }
153 return 0;
154}
155
1ab1457c
YH		 156/*
157 * Check the ICMP output rate limit
1da177e4 158 */
d5fdd6ba 159static inline int icmpv6_xrlim_allow(struct sock *sk, u8 type,
1da177e4
LT		 160 struct flowi *fl)
161{
162 struct dst_entry *dst;
3b1e0a65 163 struct net *net = sock_net(sk);
1da177e4
LT		 164 int res = 0;
165
166 /* Informational messages are not limited. */
167 if (type & ICMPV6_INFOMSG_MASK)
168 return 1;
169
170 /* Do not limit pmtu discovery, it would break it. */
171 if (type == ICMPV6_PKT_TOOBIG)
172 return 1;
173
1ab1457c 174 /*
1da177e4
LT		 175 * Look up the output route.
176 * XXX: perhaps the expire for routing entries cloned by
177 * this lookup should be more aggressive (not longer than timeout).
178 */
9a43b709 179 dst = ip6_route_output(net, sk, fl);
1da177e4 180 if (dst->error) {
3bd653c8 181 IP6_INC_STATS(net, ip6_dst_idev(dst),
a11d206d 182 IPSTATS_MIB_OUTNOROUTES);
1da177e4
LT		 183 } else if (dst->dev && (dst->dev->flags&IFF_LOOPBACK)) {
184 res = 1;
185 } else {
186 struct rt6_info *rt = (struct rt6_info *)dst;
9a43b709 187 int tmo = net->ipv6.sysctl.icmpv6_time;
1da177e4
LT		 188
189 /* Give more bandwidth to wider prefixes. */
190 if (rt->rt6i_dst.plen < 128)
191 tmo >>= ((128 - rt->rt6i_dst.plen)>>5);
192
193 res = xrlim_allow(dst, tmo);
194 }
195 dst_release(dst);
196 return res;
197}
198
199/*
200 * an inline helper for the "simple" if statement below
201 * checks if parameter problem report is caused by an
1ab1457c 202 * unrecognized IPv6 option that has the Option Type
1da177e4
LT		 203 * highest-order two bits set to 10
204 */
205
206static __inline__ int opt_unrec(struct sk_buff *skb, __u32 offset)
207{
208 u8 _optval, *op;
209
bbe735e4 210 offset += skb_network_offset(skb);
1da177e4
LT		 211 op = skb_header_pointer(skb, offset, sizeof(_optval), &_optval);
212 if (op == NULL)
213 return 1;
214 return (*op & 0xC0) == 0x80;
215}
216
217static int icmpv6_push_pending_frames(struct sock *sk, struct flowi *fl, struct icmp6hdr *thdr, int len)
218{
219 struct sk_buff *skb;
220 struct icmp6hdr *icmp6h;
221 int err = 0;
222
223 if ((skb = skb_peek(&sk->sk_write_queue)) == NULL)
224 goto out;
225
cc70ab26 226 icmp6h = icmp6_hdr(skb);
1da177e4
LT		 227 memcpy(icmp6h, thdr, sizeof(struct icmp6hdr));
228 icmp6h->icmp6_cksum = 0;
229
230 if (skb_queue_len(&sk->sk_write_queue) == 1) {
07f0757a 231 skb->csum = csum_partial(icmp6h,
1da177e4
LT		 232 sizeof(struct icmp6hdr), skb->csum);
233 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl->fl6_src,
234 &fl->fl6_dst,
235 len, fl->proto,
236 skb->csum);
237 } else {
868c86bc 238 __wsum tmp_csum = 0;
1da177e4
LT		 239
240 skb_queue_walk(&sk->sk_write_queue, skb) {
241 tmp_csum = csum_add(tmp_csum, skb->csum);
242 }
243
07f0757a 244 tmp_csum = csum_partial(icmp6h,
1da177e4 245 sizeof(struct icmp6hdr), tmp_csum);
868c86bc
AV		 246 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl->fl6_src,
247 &fl->fl6_dst,
248 len, fl->proto,
249 tmp_csum);
1da177e4 250 }
1da177e4
LT		 251 ip6_push_pending_frames(sk);
252out:
253 return err;
254}
255
256struct icmpv6_msg {
257 struct sk_buff *skb;
258 int offset;
763ecff1 259 uint8_t type;
1da177e4
LT		 260};
261
262static int icmpv6_getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb)
263{
264 struct icmpv6_msg *msg = (struct icmpv6_msg *) from;
265 struct sk_buff *org_skb = msg->skb;
5f92a738 266 __wsum csum = 0;
1da177e4
LT		 267
268 csum = skb_copy_and_csum_bits(org_skb, msg->offset + offset,
269 to, len, csum);
270 skb->csum = csum_block_add(skb->csum, csum, odd);
763ecff1
YK		 271 if (!(msg->type & ICMPV6_INFOMSG_MASK))
272 nf_ct_attach(skb, org_skb);
1da177e4
LT		 273 return 0;
274}
275
59fbb3a6 276#if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE)
79383236
MN		 277static void mip6_addr_swap(struct sk_buff *skb)
278{
0660e03f 279 struct ipv6hdr *iph = ipv6_hdr(skb);
79383236
MN		 280 struct inet6_skb_parm *opt = IP6CB(skb);
281 struct ipv6_destopt_hao *hao;
282 struct in6_addr tmp;
283 int off;
284
285 if (opt->dsthao) {
286 off = ipv6_find_tlv(skb, opt->dsthao, IPV6_TLV_HAO);
287 if (likely(off >= 0)) {
d56f90a7
ACM		 288 hao = (struct ipv6_destopt_hao *)
289 (skb_network_header(skb) + off);
79383236
MN		 290 ipv6_addr_copy(&tmp, &iph->saddr);
291 ipv6_addr_copy(&iph->saddr, &hao->addr);
292 ipv6_addr_copy(&hao->addr, &tmp);
293 }
294 }
295}
296#else
297static inline void mip6_addr_swap(struct sk_buff *skb) {}
298#endif
299
1da177e4
LT		 300/*
301 * Send an ICMP message in response to a packet in error
302 */
3ffe533c 303void icmpv6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info)
1da177e4 304{
c346dca1 305 struct net *net = dev_net(skb->dev);
1da177e4 306 struct inet6_dev *idev = NULL;
0660e03f 307 struct ipv6hdr *hdr = ipv6_hdr(skb);
84427d53
YH		 308 struct sock *sk;
309 struct ipv6_pinfo *np;
1da177e4
LT		 310 struct in6_addr *saddr = NULL;
311 struct dst_entry *dst;
8b7817f3 312 struct dst_entry *dst2;
1da177e4
LT		 313 struct icmp6hdr tmp_hdr;
314 struct flowi fl;
8b7817f3 315 struct flowi fl2;
1da177e4
LT		 316 struct icmpv6_msg msg;
317 int iif = 0;
318 int addr_type = 0;
319 int len;
e651f03a 320 int hlimit;
1da177e4
LT		 321 int err = 0;
322
27a884dc
ACM		 323 if ((u8 *)hdr < skb->head ||
324 (skb->network_header + sizeof(*hdr)) > skb->tail)
1da177e4
LT		 325 return;
326
327 /*
1ab1457c 328 * Make sure we respect the rules
1da177e4
LT		 329 * i.e. RFC 1885 2.4(e)
330 * Rule (e.1) is enforced by not using icmpv6_send
331 * in any code that processes icmp errors.
332 */
333 addr_type = ipv6_addr_type(&hdr->daddr);
334
9a43b709 335 if (ipv6_chk_addr(net, &hdr->daddr, skb->dev, 0))
1da177e4
LT		 336 saddr = &hdr->daddr;
337
338 /*
339 * Dest addr check
340 */
341
342 if ((addr_type & IPV6_ADDR_MULTICAST || skb->pkt_type != PACKET_HOST)) {
343 if (type != ICMPV6_PKT_TOOBIG &&
1ab1457c
YH		 344 !(type == ICMPV6_PARAMPROB &&
345 code == ICMPV6_UNK_OPTION &&
1da177e4
LT		 346 (opt_unrec(skb, info))))
347 return;
348
349 saddr = NULL;
350 }
351
352 addr_type = ipv6_addr_type(&hdr->saddr);
353
354 /*
355 * Source addr check
356 */
357
358 if (addr_type & IPV6_ADDR_LINKLOCAL)
359 iif = skb->dev->ifindex;
360
361 /*
8de3351e
YH		 362 * Must not send error if the source does not uniquely
363 * identify a single node (RFC2463 Section 2.4).
364 * We check unspecified / multicast addresses here,
365 * and anycast addresses will be checked later.
1da177e4
LT		 366 */
367 if ((addr_type == IPV6_ADDR_ANY) || (addr_type & IPV6_ADDR_MULTICAST)) {
64ce2073 368 LIMIT_NETDEBUG(KERN_DEBUG "icmpv6_send: addr_any/mcast source\n");
1da177e4
LT		 369 return;
370 }
371
1ab1457c 372 /*
1da177e4
LT		 373 * Never answer to a ICMP packet.
374 */
375 if (is_ineligible(skb)) {
64ce2073 376 LIMIT_NETDEBUG(KERN_DEBUG "icmpv6_send: no reply to icmp error\n");
1da177e4
LT		 377 return;
378 }
379
79383236
MN		 380 mip6_addr_swap(skb);
381
1da177e4
LT		 382 memset(&fl, 0, sizeof(fl));
383 fl.proto = IPPROTO_ICMPV6;
384 ipv6_addr_copy(&fl.fl6_dst, &hdr->saddr);
385 if (saddr)
386 ipv6_addr_copy(&fl.fl6_src, saddr);
387 fl.oif = iif;
388 fl.fl_icmp_type = type;
389 fl.fl_icmp_code = code;
beb8d13b 390 security_skb_classify_flow(skb, &fl);
1da177e4 391
fdc0bde9
DL		 392 sk = icmpv6_xmit_lock(net);
393 if (sk == NULL)
405666db 394 return;
fdc0bde9 395 np = inet6_sk(sk);
405666db 396
1da177e4
LT		 397 if (!icmpv6_xrlim_allow(sk, type, &fl))
398 goto out;
399
400 tmp_hdr.icmp6_type = type;
401 tmp_hdr.icmp6_code = code;
402 tmp_hdr.icmp6_cksum = 0;
403 tmp_hdr.icmp6_pointer = htonl(info);
404
405 if (!fl.oif && ipv6_addr_is_multicast(&fl.fl6_dst))
406 fl.oif = np->mcast_oif;
407
408 err = ip6_dst_lookup(sk, &dst, &fl);
409 if (err)
410 goto out;
8de3351e
YH		 411
412 /*
413 * We won't send icmp if the destination is known
414 * anycast.
415 */
416 if (((struct rt6_info *)dst)->rt6i_flags & RTF_ANYCAST) {
417 LIMIT_NETDEBUG(KERN_DEBUG "icmpv6_send: acast source\n");
418 goto out_dst_release;
419 }
420
8b7817f3
HX		 421 /* No need to clone since we're just using its address. */
422 dst2 = dst;
423
52479b62 424 err = xfrm_lookup(net, &dst, &fl, sk, 0);
8b7817f3
HX		 425 switch (err) {
426 case 0:
427 if (dst != dst2)
428 goto route_done;
429 break;
430 case -EPERM:
431 dst = NULL;
432 break;
433 default:
434 goto out;
435 }
436
437 if (xfrm_decode_session_reverse(skb, &fl2, AF_INET6))
af268182 438 goto relookup_failed;
8b7817f3 439
6c06a478 440 if (ip6_dst_lookup(sk, &dst2, &fl2))
af268182 441 goto relookup_failed;
1da177e4 442
6c06a478 443 err = xfrm_lookup(net, &dst2, &fl2, sk, XFRM_LOOKUP_ICMP);
af268182
HX		 444 switch (err) {
445 case 0:
446 dst_release(dst);
447 dst = dst2;
448 break;
449 case -EPERM:
450 goto out_dst_release;
451 default:
452relookup_failed:
8b7817f3
HX		 453 if (!dst)
454 goto out;
af268182 455 break;
8b7817f3
HX		 456 }
457
8b7817f3 458route_done:
1da177e4
LT		 459 if (ipv6_addr_is_multicast(&fl.fl6_dst))
460 hlimit = np->mcast_hops;
461 else
462 hlimit = np->hop_limit;
463 if (hlimit < 0)
6b75d090 464 hlimit = ip6_dst_hoplimit(dst);
1da177e4
LT		 465
466 msg.skb = skb;
bbe735e4 467 msg.offset = skb_network_offset(skb);
763ecff1 468 msg.type = type;
1da177e4
LT		 469
470 len = skb->len - msg.offset;
471 len = min_t(unsigned int, len, IPV6_MIN_MTU - sizeof(struct ipv6hdr) -sizeof(struct icmp6hdr));
472 if (len < 0) {
64ce2073 473 LIMIT_NETDEBUG(KERN_DEBUG "icmp: len problem\n");
1da177e4
LT		 474 goto out_dst_release;
475 }
476
477 idev = in6_dev_get(skb->dev);
478
479 err = ip6_append_data(sk, icmpv6_getfrag, &msg,
480 len + sizeof(struct icmp6hdr),
e651f03a
GR		 481 sizeof(struct icmp6hdr), hlimit,
482 np->tclass, NULL, &fl, (struct rt6_info*)dst,
1da177e4
LT		 483 MSG_DONTWAIT);
484 if (err) {
485 ip6_flush_pending_frames(sk);
486 goto out_put;
487 }
488 err = icmpv6_push_pending_frames(sk, &fl, &tmp_hdr, len + sizeof(struct icmp6hdr));
489
1da177e4
LT		 490out_put:
491 if (likely(idev != NULL))
492 in6_dev_put(idev);
493out_dst_release:
494 dst_release(dst);
495out:
405666db 496 icmpv6_xmit_unlock(sk);
1da177e4
LT		 497}
498
7159039a
YH		 499EXPORT_SYMBOL(icmpv6_send);
500
1da177e4
LT		 501static void icmpv6_echo_reply(struct sk_buff *skb)
502{
c346dca1 503 struct net *net = dev_net(skb->dev);
84427d53 504 struct sock *sk;
1da177e4 505 struct inet6_dev *idev;
84427d53 506 struct ipv6_pinfo *np;
1da177e4 507 struct in6_addr *saddr = NULL;
cc70ab26 508 struct icmp6hdr *icmph = icmp6_hdr(skb);
1da177e4
LT		 509 struct icmp6hdr tmp_hdr;
510 struct flowi fl;
511 struct icmpv6_msg msg;
512 struct dst_entry *dst;
513 int err = 0;
514 int hlimit;
515
0660e03f 516 saddr = &ipv6_hdr(skb)->daddr;
1da177e4
LT		 517
518 if (!ipv6_unicast_destination(skb))
519 saddr = NULL;
520
521 memcpy(&tmp_hdr, icmph, sizeof(tmp_hdr));
522 tmp_hdr.icmp6_type = ICMPV6_ECHO_REPLY;
523
524 memset(&fl, 0, sizeof(fl));
525 fl.proto = IPPROTO_ICMPV6;
0660e03f 526 ipv6_addr_copy(&fl.fl6_dst, &ipv6_hdr(skb)->saddr);
1da177e4
LT		 527 if (saddr)
528 ipv6_addr_copy(&fl.fl6_src, saddr);
529 fl.oif = skb->dev->ifindex;
530 fl.fl_icmp_type = ICMPV6_ECHO_REPLY;
beb8d13b 531 security_skb_classify_flow(skb, &fl);
1da177e4 532
fdc0bde9
DL		 533 sk = icmpv6_xmit_lock(net);
534 if (sk == NULL)
405666db 535 return;
fdc0bde9 536 np = inet6_sk(sk);
405666db 537
1da177e4
LT		 538 if (!fl.oif && ipv6_addr_is_multicast(&fl.fl6_dst))
539 fl.oif = np->mcast_oif;
540
541 err = ip6_dst_lookup(sk, &dst, &fl);
542 if (err)
543 goto out;
52479b62 544 if ((err = xfrm_lookup(net, &dst, &fl, sk, 0)) < 0)
e104411b 545 goto out;
1da177e4
LT		 546
547 if (ipv6_addr_is_multicast(&fl.fl6_dst))
548 hlimit = np->mcast_hops;
549 else
550 hlimit = np->hop_limit;
551 if (hlimit < 0)
6b75d090 552 hlimit = ip6_dst_hoplimit(dst);
1da177e4
LT		 553
554 idev = in6_dev_get(skb->dev);
555
556 msg.skb = skb;
557 msg.offset = 0;
763ecff1 558 msg.type = ICMPV6_ECHO_REPLY;
1da177e4
LT		 559
560 err = ip6_append_data(sk, icmpv6_getfrag, &msg, skb->len + sizeof(struct icmp6hdr),
e651f03a 561 sizeof(struct icmp6hdr), hlimit, np->tclass, NULL, &fl,
1da177e4
LT		 562 (struct rt6_info*)dst, MSG_DONTWAIT);
563
564 if (err) {
565 ip6_flush_pending_frames(sk);
566 goto out_put;
567 }
568 err = icmpv6_push_pending_frames(sk, &fl, &tmp_hdr, skb->len + sizeof(struct icmp6hdr));
569
1ab1457c 570out_put:
1da177e4
LT		 571 if (likely(idev != NULL))
572 in6_dev_put(idev);
1da177e4 573 dst_release(dst);
1ab1457c 574out:
405666db 575 icmpv6_xmit_unlock(sk);
1da177e4
LT		 576}
577
d5fdd6ba 578static void icmpv6_notify(struct sk_buff *skb, u8 type, u8 code, __be32 info)
1da177e4 579{
41135cc8 580 const struct inet6_protocol *ipprot;
1da177e4
LT		 581 int inner_offset;
582 int hash;
583 u8 nexthdr;
584
585 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
586 return;
587
588 nexthdr = ((struct ipv6hdr *)skb->data)->nexthdr;
589 if (ipv6_ext_hdr(nexthdr)) {
590 /* now skip over extension headers */
0d3d077c 591 inner_offset = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), &nexthdr);
1da177e4
LT		 592 if (inner_offset<0)
593 return;
594 } else {
595 inner_offset = sizeof(struct ipv6hdr);
596 }
597
598 /* Checkin header including 8 bytes of inner protocol header. */
599 if (!pskb_may_pull(skb, inner_offset+8))
600 return;
601
1da177e4
LT		 602 /* BUGGG_FUTURE: we should try to parse exthdrs in this packet.
603 Without this we will not able f.e. to make source routed
604 pmtu discovery.
605 Corresponding argument (opt) to notifiers is already added.
606 --ANK (980726)
607 */
608
609 hash = nexthdr & (MAX_INET_PROTOS - 1);
610
611 rcu_read_lock();
612 ipprot = rcu_dereference(inet6_protos[hash]);
613 if (ipprot && ipprot->err_handler)
614 ipprot->err_handler(skb, NULL, type, code, inner_offset, info);
615 rcu_read_unlock();
616
69d6da0b 617 raw6_icmp_error(skb, nexthdr, type, code, inner_offset, info);
1da177e4 618}
1ab1457c 619
1da177e4
LT		 620/*
621 * Handle icmp messages
622 */
623
e5bbef20 624static int icmpv6_rcv(struct sk_buff *skb)
1da177e4 625{
1da177e4
LT		 626 struct net_device *dev = skb->dev;
627 struct inet6_dev *idev = __in6_dev_get(dev);
628 struct in6_addr *saddr, *daddr;
629 struct ipv6hdr *orig_hdr;
630 struct icmp6hdr *hdr;
d5fdd6ba 631 u8 type;
1da177e4 632
aebcf82c 633 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
def8b4fa 634 struct sec_path *sp = skb_sec_path(skb);
8b7817f3
HX		 635 int nh;
636
def8b4fa 637 if (!(sp && sp->xvec[sp->len - 1]->props.flags &
aebcf82c
HX		 638 XFRM_STATE_ICMP))
639 goto drop_no_count;
640
8b7817f3
HX		 641 if (!pskb_may_pull(skb, sizeof(*hdr) + sizeof(*orig_hdr)))
642 goto drop_no_count;
643
644 nh = skb_network_offset(skb);
645 skb_set_network_header(skb, sizeof(*hdr));
646
647 if (!xfrm6_policy_check_reverse(NULL, XFRM_POLICY_IN, skb))
648 goto drop_no_count;
649
650 skb_set_network_header(skb, nh);
651 }
652
e41b5368 653 ICMP6_INC_STATS_BH(dev_net(dev), idev, ICMP6_MIB_INMSGS);
1da177e4 654
0660e03f
ACM		 655 saddr = &ipv6_hdr(skb)->saddr;
656 daddr = &ipv6_hdr(skb)->daddr;
1da177e4
LT		 657
658 /* Perform checksum. */
fb286bb2 659 switch (skb->ip_summed) {
84fa7933 660 case CHECKSUM_COMPLETE:
fb286bb2
HX		 661 if (!csum_ipv6_magic(saddr, daddr, skb->len, IPPROTO_ICMPV6,
662 skb->csum))
663 break;
664 /* fall through */
665 case CHECKSUM_NONE:
868c86bc
AV		 666 skb->csum = ~csum_unfold(csum_ipv6_magic(saddr, daddr, skb->len,
667 IPPROTO_ICMPV6, 0));
fb286bb2 668 if (__skb_checksum_complete(skb)) {
5b095d98 669 LIMIT_NETDEBUG(KERN_DEBUG "ICMPv6 checksum failed [%pI6 > %pI6]\n",
0c6ce78a 670 saddr, daddr);
1da177e4
LT		 671 goto discard_it;
672 }
673 }
674
8cf22943
HX		 675 if (!pskb_pull(skb, sizeof(*hdr)))
676 goto discard_it;
1da177e4 677
cc70ab26 678 hdr = icmp6_hdr(skb);
1da177e4
LT		 679
680 type = hdr->icmp6_type;
681
55d43808 682 ICMP6MSGIN_INC_STATS_BH(dev_net(dev), idev, type);
1da177e4
LT		 683
684 switch (type) {
685 case ICMPV6_ECHO_REQUEST:
686 icmpv6_echo_reply(skb);
687 break;
688
689 case ICMPV6_ECHO_REPLY:
690 /* we couldn't care less */
691 break;
692
693 case ICMPV6_PKT_TOOBIG:
694 /* BUGGG_FUTURE: if packet contains rthdr, we cannot update
695 standard destination cache. Seems, only "advanced"
696 destination cache will allow to solve this problem
697 --ANK (980726)
698 */
699 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
700 goto discard_it;
cc70ab26 701 hdr = icmp6_hdr(skb);
1da177e4
LT		 702 orig_hdr = (struct ipv6hdr *) (hdr + 1);
703 rt6_pmtu_discovery(&orig_hdr->daddr, &orig_hdr->saddr, dev,
704 ntohl(hdr->icmp6_mtu));
705
706 /*
707 * Drop through to notify
708 */
709
710 case ICMPV6_DEST_UNREACH:
711 case ICMPV6_TIME_EXCEED:
712 case ICMPV6_PARAMPROB:
713 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu);
714 break;
715
716 case NDISC_ROUTER_SOLICITATION:
717 case NDISC_ROUTER_ADVERTISEMENT:
718 case NDISC_NEIGHBOUR_SOLICITATION:
719 case NDISC_NEIGHBOUR_ADVERTISEMENT:
720 case NDISC_REDIRECT:
721 ndisc_rcv(skb);
722 break;
723
724 case ICMPV6_MGM_QUERY:
725 igmp6_event_query(skb);
726 break;
727
728 case ICMPV6_MGM_REPORT:
729 igmp6_event_report(skb);
730 break;
731
732 case ICMPV6_MGM_REDUCTION:
733 case ICMPV6_NI_QUERY:
734 case ICMPV6_NI_REPLY:
735 case ICMPV6_MLD2_REPORT:
736 case ICMPV6_DHAAD_REQUEST:
737 case ICMPV6_DHAAD_REPLY:
738 case ICMPV6_MOBILE_PREFIX_SOL:
739 case ICMPV6_MOBILE_PREFIX_ADV:
740 break;
741
742 default:
64ce2073 743 LIMIT_NETDEBUG(KERN_DEBUG "icmpv6: msg of unknown type\n");
1da177e4
LT		 744
745 /* informational */
746 if (type & ICMPV6_INFOMSG_MASK)
747 break;
748
1ab1457c
YH		 749 /*
750 * error of unknown type.
751 * must pass to upper level
1da177e4
LT		 752 */
753
754 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu);
3ff50b79
SH		 755 }
756
1da177e4
LT		 757 kfree_skb(skb);
758 return 0;
759
760discard_it:
e41b5368 761 ICMP6_INC_STATS_BH(dev_net(dev), idev, ICMP6_MIB_INERRORS);
8b7817f3 762drop_no_count:
1da177e4
LT		 763 kfree_skb(skb);
764 return 0;
765}
766
95e41e93
YH		 767void icmpv6_flow_init(struct sock *sk, struct flowi *fl,
768 u8 type,
769 const struct in6_addr *saddr,
770 const struct in6_addr *daddr,
771 int oif)
772{
773 memset(fl, 0, sizeof(*fl));
774 ipv6_addr_copy(&fl->fl6_src, saddr);
775 ipv6_addr_copy(&fl->fl6_dst, daddr);
776 fl->proto = IPPROTO_ICMPV6;
777 fl->fl_icmp_type = type;
778 fl->fl_icmp_code = 0;
779 fl->oif = oif;
780 security_sk_classify_flow(sk, fl);
781}
782
640c41c7 783/*
b7e729c4 784 * Special lock-class for __icmpv6_sk:
640c41c7
IM		 785 */
786static struct lock_class_key icmpv6_socket_sk_dst_lock_key;
787
98c6d1b2 788static int __net_init icmpv6_sk_init(struct net *net)
1da177e4
LT		 789{
790 struct sock *sk;
791 int err, i, j;
792
98c6d1b2
DL		 793 net->ipv6.icmp_sk =
794 kzalloc(nr_cpu_ids * sizeof(struct sock *), GFP_KERNEL);
795 if (net->ipv6.icmp_sk == NULL)
79c91159
DL		 796 return -ENOMEM;
797
6f912042 798 for_each_possible_cpu(i) {
1ed8516f
DL		 799 err = inet_ctl_sock_create(&sk, PF_INET6,
800 SOCK_RAW, IPPROTO_ICMPV6, net);
1da177e4
LT		 801 if (err < 0) {
802 printk(KERN_ERR
803 "Failed to initialize the ICMP6 control socket "
804 "(err %d).\n",
805 err);
806 goto fail;
807 }
808
1ed8516f 809 net->ipv6.icmp_sk[i] = sk;
5c8cafd6 810
640c41c7
IM		 811 /*
812 * Split off their lock-class, because sk->sk_dst_lock
813 * gets used from softirqs, which is safe for
b7e729c4 814 * __icmpv6_sk (because those never get directly used
640c41c7
IM		 815 * via userspace syscalls), but unsafe for normal sockets.
816 */
817 lockdep_set_class(&sk->sk_dst_lock,
818 &icmpv6_socket_sk_dst_lock_key);
1da177e4
LT		 819
820 /* Enough space for 2 64K ICMP packets, including
821 * sk_buff struct overhead.
822 */
823 sk->sk_sndbuf =
824 (2 * ((64 * 1024) + sizeof(struct sk_buff)));
1da177e4 825 }
1da177e4
LT		 826 return 0;
827
828 fail:
5c8cafd6 829 for (j = 0; j < i; j++)
1ed8516f 830 inet_ctl_sock_destroy(net->ipv6.icmp_sk[j]);
98c6d1b2 831 kfree(net->ipv6.icmp_sk);
1da177e4
LT		 832 return err;
833}
834
98c6d1b2 835static void __net_exit icmpv6_sk_exit(struct net *net)
1da177e4
LT		 836{
837 int i;
838
6f912042 839 for_each_possible_cpu(i) {
1ed8516f 840 inet_ctl_sock_destroy(net->ipv6.icmp_sk[i]);
1da177e4 841 }
98c6d1b2
DL		 842 kfree(net->ipv6.icmp_sk);
843}
844
8ed7edce 845static struct pernet_operations icmpv6_sk_ops = {
98c6d1b2
DL		 846 .init = icmpv6_sk_init,
847 .exit = icmpv6_sk_exit,
848};
849
850int __init icmpv6_init(void)
851{
852 int err;
853
854 err = register_pernet_subsys(&icmpv6_sk_ops);
855 if (err < 0)
856 return err;
857
858 err = -EAGAIN;
859 if (inet6_add_protocol(&icmpv6_protocol, IPPROTO_ICMPV6) < 0)
860 goto fail;
861 return 0;
862
863fail:
864 printk(KERN_ERR "Failed to register ICMP6 protocol\n");
865 unregister_pernet_subsys(&icmpv6_sk_ops);
866 return err;
867}
868
8ed7edce 869void icmpv6_cleanup(void)
98c6d1b2
DL		 870{
871 unregister_pernet_subsys(&icmpv6_sk_ops);
1da177e4
LT		 872 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6);
873}
874
98c6d1b2 875
9b5b5cff 876static const struct icmp6_err {
1da177e4
LT		 877 int err;
878 int fatal;
879} tab_unreach[] = {
880 { /* NOROUTE */
881 .err = ENETUNREACH,
882 .fatal = 0,
883 },
884 { /* ADM_PROHIBITED */
885 .err = EACCES,
886 .fatal = 1,
887 },
888 { /* Was NOT_NEIGHBOUR, now reserved */
889 .err = EHOSTUNREACH,
890 .fatal = 0,
891 },
892 { /* ADDR_UNREACH */
893 .err = EHOSTUNREACH,
894 .fatal = 0,
895 },
896 { /* PORT_UNREACH */
897 .err = ECONNREFUSED,
898 .fatal = 1,
899 },
900};
901
d5fdd6ba 902int icmpv6_err_convert(u8 type, u8 code, int *err)
1da177e4
LT		 903{
904 int fatal = 0;
905
906 *err = EPROTO;
907
908 switch (type) {
909 case ICMPV6_DEST_UNREACH:
910 fatal = 1;
911 if (code <= ICMPV6_PORT_UNREACH) {
912 *err = tab_unreach[code].err;
913 fatal = tab_unreach[code].fatal;
914 }
915 break;
916
917 case ICMPV6_PKT_TOOBIG:
918 *err = EMSGSIZE;
919 break;
1ab1457c 920
1da177e4
LT		 921 case ICMPV6_PARAMPROB:
922 *err = EPROTO;
923 fatal = 1;
924 break;
925
926 case ICMPV6_TIME_EXCEED:
927 *err = EHOSTUNREACH;
928 break;
3ff50b79 929 }
1da177e4
LT		 930
931 return fatal;
932}
933
7159039a
YH		 934EXPORT_SYMBOL(icmpv6_err_convert);
935
1da177e4 936#ifdef CONFIG_SYSCTL
760f2d01 937ctl_table ipv6_icmp_table_template[] = {
1da177e4 938 {
1da177e4 939 .procname = "ratelimit",
41a76906 940 .data = &init_net.ipv6.sysctl.icmpv6_time,
1da177e4
LT		 941 .maxlen = sizeof(int),
942 .mode = 0644,
6d9f239a 943 .proc_handler = proc_dointvec_ms_jiffies,
1da177e4 944 },
f8572d8f 945 { },
1da177e4 946};
760f2d01 947
2c8c1e72 948struct ctl_table * __net_init ipv6_icmp_sysctl_init(struct net *net)
760f2d01
DL		 949{
950 struct ctl_table *table;
951
952 table = kmemdup(ipv6_icmp_table_template,
953 sizeof(ipv6_icmp_table_template),
954 GFP_KERNEL);
5ee09105
YH		 955
956 if (table)
957 table[0].data = &net->ipv6.sysctl.icmpv6_time;
958
760f2d01
DL		 959 return table;
960}
1da177e4
LT		 961#endif
962
Linux kernel - Deliverables
This page took 0.553128 seconds and 5 git commands to generate.