Commit | Line | Data |
---|---|---|
1da177e4 LT |
1 | /* |
2 | * Internet Control Message Protocol (ICMPv6) | |
3 | * Linux INET6 implementation | |
4 | * | |
5 | * Authors: | |
6 | * Pedro Roque <roque@di.fc.ul.pt> | |
7 | * | |
1da177e4 LT |
8 | * Based on net/ipv4/icmp.c |
9 | * | |
10 | * RFC 1885 | |
11 | * | |
12 | * This program is free software; you can redistribute it and/or | |
13 | * modify it under the terms of the GNU General Public License | |
14 | * as published by the Free Software Foundation; either version | |
15 | * 2 of the License, or (at your option) any later version. | |
16 | */ | |
17 | ||
18 | /* | |
19 | * Changes: | |
20 | * | |
21 | * Andi Kleen : exception handling | |
22 | * Andi Kleen add rate limits. never reply to a icmp. | |
23 | * add more length checks and other fixes. | |
24 | * yoshfuji : ensure to sent parameter problem for | |
25 | * fragments. | |
26 | * YOSHIFUJI Hideaki @USAGI: added sysctl for icmp rate limit. | |
27 | * Randy Dunlap and | |
28 | * YOSHIFUJI Hideaki @USAGI: Per-interface statistics support | |
29 | * Kazunori MIYAZAWA @USAGI: change output process to use ip6_append_data | |
30 | */ | |
31 | ||
f3213831 JP |
32 | #define pr_fmt(fmt) "IPv6: " fmt |
33 | ||
1da177e4 LT |
34 | #include <linux/module.h> |
35 | #include <linux/errno.h> | |
36 | #include <linux/types.h> | |
37 | #include <linux/socket.h> | |
38 | #include <linux/in.h> | |
39 | #include <linux/kernel.h> | |
1da177e4 LT |
40 | #include <linux/sockios.h> |
41 | #include <linux/net.h> | |
42 | #include <linux/skbuff.h> | |
43 | #include <linux/init.h> | |
763ecff1 | 44 | #include <linux/netfilter.h> |
5a0e3ad6 | 45 | #include <linux/slab.h> |
1da177e4 LT |
46 | |
47 | #ifdef CONFIG_SYSCTL | |
48 | #include <linux/sysctl.h> | |
49 | #endif | |
50 | ||
51 | #include <linux/inet.h> | |
52 | #include <linux/netdevice.h> | |
53 | #include <linux/icmpv6.h> | |
54 | ||
55 | #include <net/ip.h> | |
56 | #include <net/sock.h> | |
57 | ||
58 | #include <net/ipv6.h> | |
59 | #include <net/ip6_checksum.h> | |
6d0bfe22 | 60 | #include <net/ping.h> |
1da177e4 LT |
61 | #include <net/protocol.h> |
62 | #include <net/raw.h> | |
63 | #include <net/rawv6.h> | |
64 | #include <net/transp_v6.h> | |
65 | #include <net/ip6_route.h> | |
66 | #include <net/addrconf.h> | |
67 | #include <net/icmp.h> | |
8b7817f3 | 68 | #include <net/xfrm.h> |
1ed8516f | 69 | #include <net/inet_common.h> |
1da177e4 LT |
70 | |
71 | #include <asm/uaccess.h> | |
1da177e4 | 72 | |
1da177e4 LT |
73 | /* |
74 | * The ICMP socket(s). This is the most convenient way to flow control | |
75 | * our ICMP output as well as maintain a clean interface throughout | |
76 | * all layers. All Socketless IP sends will soon be gone. | |
77 | * | |
78 | * On SMP we have one ICMP socket per-cpu. | |
79 | */ | |
98c6d1b2 DL |
80 | static inline struct sock *icmpv6_sk(struct net *net) |
81 | { | |
82 | return net->ipv6.icmp_sk[smp_processor_id()]; | |
83 | } | |
1da177e4 | 84 | |
6f809da2 SK |
85 | static void icmpv6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, |
86 | u8 type, u8 code, int offset, __be32 info) | |
87 | { | |
6d0bfe22 LC |
88 | /* icmpv6_notify checks 8 bytes can be pulled, icmp6hdr is 8 bytes */ |
89 | struct icmp6hdr *icmp6 = (struct icmp6hdr *) (skb->data + offset); | |
6f809da2 SK |
90 | struct net *net = dev_net(skb->dev); |
91 | ||
92 | if (type == ICMPV6_PKT_TOOBIG) | |
93 | ip6_update_pmtu(skb, net, info, 0, 0); | |
94 | else if (type == NDISC_REDIRECT) | |
b55b76b2 | 95 | ip6_redirect(skb, net, skb->dev->ifindex, 0); |
6d0bfe22 LC |
96 | |
97 | if (!(type & ICMPV6_INFOMSG_MASK)) | |
98 | if (icmp6->icmp6_type == ICMPV6_ECHO_REQUEST) | |
99 | ping_err(skb, offset, info); | |
6f809da2 SK |
100 | } |
101 | ||
e5bbef20 | 102 | static int icmpv6_rcv(struct sk_buff *skb); |
1da177e4 | 103 | |
41135cc8 | 104 | static const struct inet6_protocol icmpv6_protocol = { |
1da177e4 | 105 | .handler = icmpv6_rcv, |
6f809da2 | 106 | .err_handler = icmpv6_err, |
8b7817f3 | 107 | .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL, |
1da177e4 LT |
108 | }; |
109 | ||
fdc0bde9 | 110 | static __inline__ struct sock *icmpv6_xmit_lock(struct net *net) |
1da177e4 | 111 | { |
fdc0bde9 DL |
112 | struct sock *sk; |
113 | ||
1da177e4 LT |
114 | local_bh_disable(); |
115 | ||
fdc0bde9 | 116 | sk = icmpv6_sk(net); |
405666db | 117 | if (unlikely(!spin_trylock(&sk->sk_lock.slock))) { |
1da177e4 LT |
118 | /* This can happen if the output path (f.e. SIT or |
119 | * ip6ip6 tunnel) signals dst_link_failure() for an | |
120 | * outgoing ICMP6 packet. | |
121 | */ | |
122 | local_bh_enable(); | |
fdc0bde9 | 123 | return NULL; |
1da177e4 | 124 | } |
fdc0bde9 | 125 | return sk; |
1da177e4 LT |
126 | } |
127 | ||
405666db | 128 | static __inline__ void icmpv6_xmit_unlock(struct sock *sk) |
1da177e4 | 129 | { |
405666db | 130 | spin_unlock_bh(&sk->sk_lock.slock); |
1da177e4 LT |
131 | } |
132 | ||
1da177e4 LT |
133 | /* |
134 | * Figure out, may we reply to this packet with icmp error. | |
135 | * | |
136 | * We do not reply, if: | |
137 | * - it was icmp error message. | |
138 | * - it is truncated, so that it is known, that protocol is ICMPV6 | |
139 | * (i.e. in the middle of some exthdr) | |
140 | * | |
141 | * --ANK (980726) | |
142 | */ | |
143 | ||
a50feda5 | 144 | static bool is_ineligible(const struct sk_buff *skb) |
1da177e4 | 145 | { |
0660e03f | 146 | int ptr = (u8 *)(ipv6_hdr(skb) + 1) - skb->data; |
1da177e4 | 147 | int len = skb->len - ptr; |
0660e03f | 148 | __u8 nexthdr = ipv6_hdr(skb)->nexthdr; |
75f2811c | 149 | __be16 frag_off; |
1da177e4 LT |
150 | |
151 | if (len < 0) | |
a50feda5 | 152 | return true; |
1da177e4 | 153 | |
75f2811c | 154 | ptr = ipv6_skip_exthdr(skb, ptr, &nexthdr, &frag_off); |
1da177e4 | 155 | if (ptr < 0) |
a50feda5 | 156 | return false; |
1da177e4 LT |
157 | if (nexthdr == IPPROTO_ICMPV6) { |
158 | u8 _type, *tp; | |
159 | tp = skb_header_pointer(skb, | |
160 | ptr+offsetof(struct icmp6hdr, icmp6_type), | |
161 | sizeof(_type), &_type); | |
162 | if (tp == NULL || | |
163 | !(*tp & ICMPV6_INFOMSG_MASK)) | |
a50feda5 | 164 | return true; |
1da177e4 | 165 | } |
a50feda5 | 166 | return false; |
1da177e4 LT |
167 | } |
168 | ||
1ab1457c YH |
169 | /* |
170 | * Check the ICMP output rate limit | |
1da177e4 | 171 | */ |
92d86829 | 172 | static inline bool icmpv6_xrlim_allow(struct sock *sk, u8 type, |
4c9483b2 | 173 | struct flowi6 *fl6) |
1da177e4 LT |
174 | { |
175 | struct dst_entry *dst; | |
3b1e0a65 | 176 | struct net *net = sock_net(sk); |
92d86829 | 177 | bool res = false; |
1da177e4 LT |
178 | |
179 | /* Informational messages are not limited. */ | |
180 | if (type & ICMPV6_INFOMSG_MASK) | |
92d86829 | 181 | return true; |
1da177e4 LT |
182 | |
183 | /* Do not limit pmtu discovery, it would break it. */ | |
184 | if (type == ICMPV6_PKT_TOOBIG) | |
92d86829 | 185 | return true; |
1da177e4 | 186 | |
1ab1457c | 187 | /* |
1da177e4 LT |
188 | * Look up the output route. |
189 | * XXX: perhaps the expire for routing entries cloned by | |
190 | * this lookup should be more aggressive (not longer than timeout). | |
191 | */ | |
4c9483b2 | 192 | dst = ip6_route_output(net, sk, fl6); |
1da177e4 | 193 | if (dst->error) { |
3bd653c8 | 194 | IP6_INC_STATS(net, ip6_dst_idev(dst), |
a11d206d | 195 | IPSTATS_MIB_OUTNOROUTES); |
1da177e4 | 196 | } else if (dst->dev && (dst->dev->flags&IFF_LOOPBACK)) { |
92d86829 | 197 | res = true; |
1da177e4 LT |
198 | } else { |
199 | struct rt6_info *rt = (struct rt6_info *)dst; | |
9a43b709 | 200 | int tmo = net->ipv6.sysctl.icmpv6_time; |
fbfe95a4 | 201 | struct inet_peer *peer; |
1da177e4 LT |
202 | |
203 | /* Give more bandwidth to wider prefixes. */ | |
204 | if (rt->rt6i_dst.plen < 128) | |
205 | tmo >>= ((128 - rt->rt6i_dst.plen)>>5); | |
206 | ||
1d861aa4 | 207 | peer = inet_getpeer_v6(net->ipv6.peers, &rt->rt6i_dst.addr, 1); |
fbfe95a4 | 208 | res = inet_peer_xrlim_allow(peer, tmo); |
1d861aa4 DM |
209 | if (peer) |
210 | inet_putpeer(peer); | |
1da177e4 LT |
211 | } |
212 | dst_release(dst); | |
213 | return res; | |
214 | } | |
215 | ||
216 | /* | |
217 | * an inline helper for the "simple" if statement below | |
218 | * checks if parameter problem report is caused by an | |
1ab1457c | 219 | * unrecognized IPv6 option that has the Option Type |
1da177e4 LT |
220 | * highest-order two bits set to 10 |
221 | */ | |
222 | ||
a50feda5 | 223 | static bool opt_unrec(struct sk_buff *skb, __u32 offset) |
1da177e4 LT |
224 | { |
225 | u8 _optval, *op; | |
226 | ||
bbe735e4 | 227 | offset += skb_network_offset(skb); |
1da177e4 LT |
228 | op = skb_header_pointer(skb, offset, sizeof(_optval), &_optval); |
229 | if (op == NULL) | |
a50feda5 | 230 | return true; |
1da177e4 LT |
231 | return (*op & 0xC0) == 0x80; |
232 | } | |
233 | ||
6d0bfe22 LC |
234 | int icmpv6_push_pending_frames(struct sock *sk, struct flowi6 *fl6, |
235 | struct icmp6hdr *thdr, int len) | |
1da177e4 LT |
236 | { |
237 | struct sk_buff *skb; | |
238 | struct icmp6hdr *icmp6h; | |
239 | int err = 0; | |
240 | ||
241 | if ((skb = skb_peek(&sk->sk_write_queue)) == NULL) | |
242 | goto out; | |
243 | ||
cc70ab26 | 244 | icmp6h = icmp6_hdr(skb); |
1da177e4 LT |
245 | memcpy(icmp6h, thdr, sizeof(struct icmp6hdr)); |
246 | icmp6h->icmp6_cksum = 0; | |
247 | ||
248 | if (skb_queue_len(&sk->sk_write_queue) == 1) { | |
07f0757a | 249 | skb->csum = csum_partial(icmp6h, |
1da177e4 | 250 | sizeof(struct icmp6hdr), skb->csum); |
4c9483b2 DM |
251 | icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr, |
252 | &fl6->daddr, | |
253 | len, fl6->flowi6_proto, | |
1da177e4 LT |
254 | skb->csum); |
255 | } else { | |
868c86bc | 256 | __wsum tmp_csum = 0; |
1da177e4 LT |
257 | |
258 | skb_queue_walk(&sk->sk_write_queue, skb) { | |
259 | tmp_csum = csum_add(tmp_csum, skb->csum); | |
260 | } | |
261 | ||
07f0757a | 262 | tmp_csum = csum_partial(icmp6h, |
1da177e4 | 263 | sizeof(struct icmp6hdr), tmp_csum); |
4c9483b2 DM |
264 | icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr, |
265 | &fl6->daddr, | |
266 | len, fl6->flowi6_proto, | |
868c86bc | 267 | tmp_csum); |
1da177e4 | 268 | } |
1da177e4 LT |
269 | ip6_push_pending_frames(sk); |
270 | out: | |
271 | return err; | |
272 | } | |
273 | ||
274 | struct icmpv6_msg { | |
275 | struct sk_buff *skb; | |
276 | int offset; | |
763ecff1 | 277 | uint8_t type; |
1da177e4 LT |
278 | }; |
279 | ||
280 | static int icmpv6_getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb) | |
281 | { | |
282 | struct icmpv6_msg *msg = (struct icmpv6_msg *) from; | |
283 | struct sk_buff *org_skb = msg->skb; | |
5f92a738 | 284 | __wsum csum = 0; |
1da177e4 LT |
285 | |
286 | csum = skb_copy_and_csum_bits(org_skb, msg->offset + offset, | |
287 | to, len, csum); | |
288 | skb->csum = csum_block_add(skb->csum, csum, odd); | |
763ecff1 YK |
289 | if (!(msg->type & ICMPV6_INFOMSG_MASK)) |
290 | nf_ct_attach(skb, org_skb); | |
1da177e4 LT |
291 | return 0; |
292 | } | |
293 | ||
07a93626 | 294 | #if IS_ENABLED(CONFIG_IPV6_MIP6) |
79383236 MN |
295 | static void mip6_addr_swap(struct sk_buff *skb) |
296 | { | |
0660e03f | 297 | struct ipv6hdr *iph = ipv6_hdr(skb); |
79383236 MN |
298 | struct inet6_skb_parm *opt = IP6CB(skb); |
299 | struct ipv6_destopt_hao *hao; | |
300 | struct in6_addr tmp; | |
301 | int off; | |
302 | ||
303 | if (opt->dsthao) { | |
304 | off = ipv6_find_tlv(skb, opt->dsthao, IPV6_TLV_HAO); | |
305 | if (likely(off >= 0)) { | |
d56f90a7 ACM |
306 | hao = (struct ipv6_destopt_hao *) |
307 | (skb_network_header(skb) + off); | |
4e3fd7a0 AD |
308 | tmp = iph->saddr; |
309 | iph->saddr = hao->addr; | |
310 | hao->addr = tmp; | |
79383236 MN |
311 | } |
312 | } | |
313 | } | |
314 | #else | |
315 | static inline void mip6_addr_swap(struct sk_buff *skb) {} | |
316 | #endif | |
317 | ||
e8243534 | 318 | static struct dst_entry *icmpv6_route_lookup(struct net *net, |
319 | struct sk_buff *skb, | |
320 | struct sock *sk, | |
321 | struct flowi6 *fl6) | |
b42835db DM |
322 | { |
323 | struct dst_entry *dst, *dst2; | |
4c9483b2 | 324 | struct flowi6 fl2; |
b42835db DM |
325 | int err; |
326 | ||
4c9483b2 | 327 | err = ip6_dst_lookup(sk, &dst, fl6); |
b42835db DM |
328 | if (err) |
329 | return ERR_PTR(err); | |
330 | ||
331 | /* | |
332 | * We won't send icmp if the destination is known | |
333 | * anycast. | |
334 | */ | |
335 | if (((struct rt6_info *)dst)->rt6i_flags & RTF_ANYCAST) { | |
5f5624cf | 336 | LIMIT_NETDEBUG(KERN_DEBUG "icmp6_send: acast source\n"); |
b42835db DM |
337 | dst_release(dst); |
338 | return ERR_PTR(-EINVAL); | |
339 | } | |
340 | ||
341 | /* No need to clone since we're just using its address. */ | |
342 | dst2 = dst; | |
343 | ||
4c9483b2 | 344 | dst = xfrm_lookup(net, dst, flowi6_to_flowi(fl6), sk, 0); |
452edd59 | 345 | if (!IS_ERR(dst)) { |
b42835db DM |
346 | if (dst != dst2) |
347 | return dst; | |
452edd59 DM |
348 | } else { |
349 | if (PTR_ERR(dst) == -EPERM) | |
350 | dst = NULL; | |
351 | else | |
352 | return dst; | |
b42835db DM |
353 | } |
354 | ||
4c9483b2 | 355 | err = xfrm_decode_session_reverse(skb, flowi6_to_flowi(&fl2), AF_INET6); |
b42835db DM |
356 | if (err) |
357 | goto relookup_failed; | |
358 | ||
359 | err = ip6_dst_lookup(sk, &dst2, &fl2); | |
360 | if (err) | |
361 | goto relookup_failed; | |
362 | ||
4c9483b2 | 363 | dst2 = xfrm_lookup(net, dst2, flowi6_to_flowi(&fl2), sk, XFRM_LOOKUP_ICMP); |
452edd59 | 364 | if (!IS_ERR(dst2)) { |
b42835db DM |
365 | dst_release(dst); |
366 | dst = dst2; | |
452edd59 DM |
367 | } else { |
368 | err = PTR_ERR(dst2); | |
369 | if (err == -EPERM) { | |
370 | dst_release(dst); | |
371 | return dst2; | |
372 | } else | |
373 | goto relookup_failed; | |
b42835db DM |
374 | } |
375 | ||
376 | relookup_failed: | |
377 | if (dst) | |
378 | return dst; | |
379 | return ERR_PTR(err); | |
380 | } | |
381 | ||
1da177e4 LT |
382 | /* |
383 | * Send an ICMP message in response to a packet in error | |
384 | */ | |
5f5624cf | 385 | static void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info) |
1da177e4 | 386 | { |
c346dca1 | 387 | struct net *net = dev_net(skb->dev); |
1da177e4 | 388 | struct inet6_dev *idev = NULL; |
0660e03f | 389 | struct ipv6hdr *hdr = ipv6_hdr(skb); |
84427d53 YH |
390 | struct sock *sk; |
391 | struct ipv6_pinfo *np; | |
b71d1d42 | 392 | const struct in6_addr *saddr = NULL; |
1da177e4 LT |
393 | struct dst_entry *dst; |
394 | struct icmp6hdr tmp_hdr; | |
4c9483b2 | 395 | struct flowi6 fl6; |
1da177e4 LT |
396 | struct icmpv6_msg msg; |
397 | int iif = 0; | |
398 | int addr_type = 0; | |
399 | int len; | |
e651f03a | 400 | int hlimit; |
1da177e4 LT |
401 | int err = 0; |
402 | ||
27a884dc | 403 | if ((u8 *)hdr < skb->head || |
29a3cad5 | 404 | (skb_network_header(skb) + sizeof(*hdr)) > skb_tail_pointer(skb)) |
1da177e4 LT |
405 | return; |
406 | ||
407 | /* | |
1ab1457c | 408 | * Make sure we respect the rules |
1da177e4 | 409 | * i.e. RFC 1885 2.4(e) |
5f5624cf | 410 | * Rule (e.1) is enforced by not using icmp6_send |
1da177e4 LT |
411 | * in any code that processes icmp errors. |
412 | */ | |
413 | addr_type = ipv6_addr_type(&hdr->daddr); | |
414 | ||
9a43b709 | 415 | if (ipv6_chk_addr(net, &hdr->daddr, skb->dev, 0)) |
1da177e4 LT |
416 | saddr = &hdr->daddr; |
417 | ||
418 | /* | |
419 | * Dest addr check | |
420 | */ | |
421 | ||
422 | if ((addr_type & IPV6_ADDR_MULTICAST || skb->pkt_type != PACKET_HOST)) { | |
423 | if (type != ICMPV6_PKT_TOOBIG && | |
1ab1457c YH |
424 | !(type == ICMPV6_PARAMPROB && |
425 | code == ICMPV6_UNK_OPTION && | |
1da177e4 LT |
426 | (opt_unrec(skb, info)))) |
427 | return; | |
428 | ||
429 | saddr = NULL; | |
430 | } | |
431 | ||
432 | addr_type = ipv6_addr_type(&hdr->saddr); | |
433 | ||
434 | /* | |
435 | * Source addr check | |
436 | */ | |
437 | ||
842df073 | 438 | if (__ipv6_addr_needs_scope_id(addr_type)) |
1da177e4 LT |
439 | iif = skb->dev->ifindex; |
440 | ||
441 | /* | |
8de3351e YH |
442 | * Must not send error if the source does not uniquely |
443 | * identify a single node (RFC2463 Section 2.4). | |
444 | * We check unspecified / multicast addresses here, | |
445 | * and anycast addresses will be checked later. | |
1da177e4 LT |
446 | */ |
447 | if ((addr_type == IPV6_ADDR_ANY) || (addr_type & IPV6_ADDR_MULTICAST)) { | |
5f5624cf | 448 | LIMIT_NETDEBUG(KERN_DEBUG "icmp6_send: addr_any/mcast source\n"); |
1da177e4 LT |
449 | return; |
450 | } | |
451 | ||
1ab1457c | 452 | /* |
1da177e4 LT |
453 | * Never answer to a ICMP packet. |
454 | */ | |
455 | if (is_ineligible(skb)) { | |
5f5624cf | 456 | LIMIT_NETDEBUG(KERN_DEBUG "icmp6_send: no reply to icmp error\n"); |
1da177e4 LT |
457 | return; |
458 | } | |
459 | ||
79383236 MN |
460 | mip6_addr_swap(skb); |
461 | ||
4c9483b2 DM |
462 | memset(&fl6, 0, sizeof(fl6)); |
463 | fl6.flowi6_proto = IPPROTO_ICMPV6; | |
4e3fd7a0 | 464 | fl6.daddr = hdr->saddr; |
1da177e4 | 465 | if (saddr) |
4e3fd7a0 | 466 | fl6.saddr = *saddr; |
4c9483b2 | 467 | fl6.flowi6_oif = iif; |
1958b856 DM |
468 | fl6.fl6_icmp_type = type; |
469 | fl6.fl6_icmp_code = code; | |
4c9483b2 | 470 | security_skb_classify_flow(skb, flowi6_to_flowi(&fl6)); |
1da177e4 | 471 | |
fdc0bde9 DL |
472 | sk = icmpv6_xmit_lock(net); |
473 | if (sk == NULL) | |
405666db | 474 | return; |
fdc0bde9 | 475 | np = inet6_sk(sk); |
405666db | 476 | |
4c9483b2 | 477 | if (!icmpv6_xrlim_allow(sk, type, &fl6)) |
1da177e4 LT |
478 | goto out; |
479 | ||
480 | tmp_hdr.icmp6_type = type; | |
481 | tmp_hdr.icmp6_code = code; | |
482 | tmp_hdr.icmp6_cksum = 0; | |
483 | tmp_hdr.icmp6_pointer = htonl(info); | |
484 | ||
4c9483b2 DM |
485 | if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr)) |
486 | fl6.flowi6_oif = np->mcast_oif; | |
c4062dfc EH |
487 | else if (!fl6.flowi6_oif) |
488 | fl6.flowi6_oif = np->ucast_oif; | |
1da177e4 | 489 | |
4c9483b2 | 490 | dst = icmpv6_route_lookup(net, skb, sk, &fl6); |
b42835db | 491 | if (IS_ERR(dst)) |
1da177e4 | 492 | goto out; |
8de3351e | 493 | |
4c9483b2 | 494 | if (ipv6_addr_is_multicast(&fl6.daddr)) |
1da177e4 LT |
495 | hlimit = np->mcast_hops; |
496 | else | |
497 | hlimit = np->hop_limit; | |
498 | if (hlimit < 0) | |
6b75d090 | 499 | hlimit = ip6_dst_hoplimit(dst); |
1da177e4 LT |
500 | |
501 | msg.skb = skb; | |
bbe735e4 | 502 | msg.offset = skb_network_offset(skb); |
763ecff1 | 503 | msg.type = type; |
1da177e4 LT |
504 | |
505 | len = skb->len - msg.offset; | |
506 | len = min_t(unsigned int, len, IPV6_MIN_MTU - sizeof(struct ipv6hdr) -sizeof(struct icmp6hdr)); | |
507 | if (len < 0) { | |
64ce2073 | 508 | LIMIT_NETDEBUG(KERN_DEBUG "icmp: len problem\n"); |
1da177e4 LT |
509 | goto out_dst_release; |
510 | } | |
511 | ||
cfdf7647 ED |
512 | rcu_read_lock(); |
513 | idev = __in6_dev_get(skb->dev); | |
1da177e4 LT |
514 | |
515 | err = ip6_append_data(sk, icmpv6_getfrag, &msg, | |
516 | len + sizeof(struct icmp6hdr), | |
e651f03a | 517 | sizeof(struct icmp6hdr), hlimit, |
a2d91a09 | 518 | np->tclass, NULL, &fl6, (struct rt6_info *)dst, |
13b52cd4 | 519 | MSG_DONTWAIT, np->dontfrag); |
1da177e4 | 520 | if (err) { |
00d9d6a1 | 521 | ICMP6_INC_STATS_BH(net, idev, ICMP6_MIB_OUTERRORS); |
1da177e4 | 522 | ip6_flush_pending_frames(sk); |
cfdf7647 ED |
523 | } else { |
524 | err = icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr, | |
525 | len + sizeof(struct icmp6hdr)); | |
1da177e4 | 526 | } |
cfdf7647 | 527 | rcu_read_unlock(); |
1da177e4 LT |
528 | out_dst_release: |
529 | dst_release(dst); | |
530 | out: | |
405666db | 531 | icmpv6_xmit_unlock(sk); |
1da177e4 | 532 | } |
5f5624cf PS |
533 | |
534 | /* Slightly more convenient version of icmp6_send. | |
535 | */ | |
536 | void icmpv6_param_prob(struct sk_buff *skb, u8 code, int pos) | |
537 | { | |
538 | icmp6_send(skb, ICMPV6_PARAMPROB, code, pos); | |
539 | kfree_skb(skb); | |
540 | } | |
7159039a | 541 | |
1da177e4 LT |
542 | static void icmpv6_echo_reply(struct sk_buff *skb) |
543 | { | |
c346dca1 | 544 | struct net *net = dev_net(skb->dev); |
84427d53 | 545 | struct sock *sk; |
1da177e4 | 546 | struct inet6_dev *idev; |
84427d53 | 547 | struct ipv6_pinfo *np; |
b71d1d42 | 548 | const struct in6_addr *saddr = NULL; |
cc70ab26 | 549 | struct icmp6hdr *icmph = icmp6_hdr(skb); |
1da177e4 | 550 | struct icmp6hdr tmp_hdr; |
4c9483b2 | 551 | struct flowi6 fl6; |
1da177e4 LT |
552 | struct icmpv6_msg msg; |
553 | struct dst_entry *dst; | |
554 | int err = 0; | |
555 | int hlimit; | |
556 | ||
0660e03f | 557 | saddr = &ipv6_hdr(skb)->daddr; |
1da177e4 | 558 | |
509aba3b FLB |
559 | if (!ipv6_unicast_destination(skb) && |
560 | !(net->ipv6.anycast_src_echo_reply && | |
561 | ipv6_anycast_destination(skb))) | |
1da177e4 LT |
562 | saddr = NULL; |
563 | ||
564 | memcpy(&tmp_hdr, icmph, sizeof(tmp_hdr)); | |
565 | tmp_hdr.icmp6_type = ICMPV6_ECHO_REPLY; | |
566 | ||
4c9483b2 DM |
567 | memset(&fl6, 0, sizeof(fl6)); |
568 | fl6.flowi6_proto = IPPROTO_ICMPV6; | |
4e3fd7a0 | 569 | fl6.daddr = ipv6_hdr(skb)->saddr; |
1da177e4 | 570 | if (saddr) |
4e3fd7a0 | 571 | fl6.saddr = *saddr; |
4c9483b2 | 572 | fl6.flowi6_oif = skb->dev->ifindex; |
1958b856 | 573 | fl6.fl6_icmp_type = ICMPV6_ECHO_REPLY; |
4c9483b2 | 574 | security_skb_classify_flow(skb, flowi6_to_flowi(&fl6)); |
1da177e4 | 575 | |
fdc0bde9 DL |
576 | sk = icmpv6_xmit_lock(net); |
577 | if (sk == NULL) | |
405666db | 578 | return; |
fdc0bde9 | 579 | np = inet6_sk(sk); |
405666db | 580 | |
4c9483b2 DM |
581 | if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr)) |
582 | fl6.flowi6_oif = np->mcast_oif; | |
c4062dfc EH |
583 | else if (!fl6.flowi6_oif) |
584 | fl6.flowi6_oif = np->ucast_oif; | |
1da177e4 | 585 | |
4c9483b2 | 586 | err = ip6_dst_lookup(sk, &dst, &fl6); |
1da177e4 LT |
587 | if (err) |
588 | goto out; | |
4c9483b2 | 589 | dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), sk, 0); |
452edd59 | 590 | if (IS_ERR(dst)) |
e104411b | 591 | goto out; |
1da177e4 | 592 | |
4c9483b2 | 593 | if (ipv6_addr_is_multicast(&fl6.daddr)) |
1da177e4 LT |
594 | hlimit = np->mcast_hops; |
595 | else | |
596 | hlimit = np->hop_limit; | |
597 | if (hlimit < 0) | |
6b75d090 | 598 | hlimit = ip6_dst_hoplimit(dst); |
1da177e4 | 599 | |
cfdf7647 | 600 | idev = __in6_dev_get(skb->dev); |
1da177e4 LT |
601 | |
602 | msg.skb = skb; | |
603 | msg.offset = 0; | |
763ecff1 | 604 | msg.type = ICMPV6_ECHO_REPLY; |
1da177e4 LT |
605 | |
606 | err = ip6_append_data(sk, icmpv6_getfrag, &msg, skb->len + sizeof(struct icmp6hdr), | |
4c9483b2 | 607 | sizeof(struct icmp6hdr), hlimit, np->tclass, NULL, &fl6, |
a2d91a09 | 608 | (struct rt6_info *)dst, MSG_DONTWAIT, |
13b52cd4 | 609 | np->dontfrag); |
1da177e4 LT |
610 | |
611 | if (err) { | |
00d9d6a1 | 612 | ICMP6_INC_STATS_BH(net, idev, ICMP6_MIB_OUTERRORS); |
1da177e4 | 613 | ip6_flush_pending_frames(sk); |
cfdf7647 ED |
614 | } else { |
615 | err = icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr, | |
616 | skb->len + sizeof(struct icmp6hdr)); | |
1da177e4 | 617 | } |
1da177e4 | 618 | dst_release(dst); |
1ab1457c | 619 | out: |
405666db | 620 | icmpv6_xmit_unlock(sk); |
1da177e4 LT |
621 | } |
622 | ||
b94f1c09 | 623 | void icmpv6_notify(struct sk_buff *skb, u8 type, u8 code, __be32 info) |
1da177e4 | 624 | { |
41135cc8 | 625 | const struct inet6_protocol *ipprot; |
1da177e4 | 626 | int inner_offset; |
75f2811c | 627 | __be16 frag_off; |
f9242b6b | 628 | u8 nexthdr; |
1da177e4 LT |
629 | |
630 | if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) | |
631 | return; | |
632 | ||
633 | nexthdr = ((struct ipv6hdr *)skb->data)->nexthdr; | |
634 | if (ipv6_ext_hdr(nexthdr)) { | |
635 | /* now skip over extension headers */ | |
75f2811c JG |
636 | inner_offset = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), |
637 | &nexthdr, &frag_off); | |
1da177e4 LT |
638 | if (inner_offset<0) |
639 | return; | |
640 | } else { | |
641 | inner_offset = sizeof(struct ipv6hdr); | |
642 | } | |
643 | ||
644 | /* Checkin header including 8 bytes of inner protocol header. */ | |
645 | if (!pskb_may_pull(skb, inner_offset+8)) | |
646 | return; | |
647 | ||
1da177e4 LT |
648 | /* BUGGG_FUTURE: we should try to parse exthdrs in this packet. |
649 | Without this we will not able f.e. to make source routed | |
650 | pmtu discovery. | |
651 | Corresponding argument (opt) to notifiers is already added. | |
652 | --ANK (980726) | |
653 | */ | |
654 | ||
1da177e4 | 655 | rcu_read_lock(); |
f9242b6b | 656 | ipprot = rcu_dereference(inet6_protos[nexthdr]); |
1da177e4 LT |
657 | if (ipprot && ipprot->err_handler) |
658 | ipprot->err_handler(skb, NULL, type, code, inner_offset, info); | |
659 | rcu_read_unlock(); | |
660 | ||
69d6da0b | 661 | raw6_icmp_error(skb, nexthdr, type, code, inner_offset, info); |
1da177e4 | 662 | } |
1ab1457c | 663 | |
1da177e4 LT |
664 | /* |
665 | * Handle icmp messages | |
666 | */ | |
667 | ||
e5bbef20 | 668 | static int icmpv6_rcv(struct sk_buff *skb) |
1da177e4 | 669 | { |
1da177e4 LT |
670 | struct net_device *dev = skb->dev; |
671 | struct inet6_dev *idev = __in6_dev_get(dev); | |
b71d1d42 | 672 | const struct in6_addr *saddr, *daddr; |
1da177e4 | 673 | struct icmp6hdr *hdr; |
d5fdd6ba | 674 | u8 type; |
1da177e4 | 675 | |
aebcf82c | 676 | if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) { |
def8b4fa | 677 | struct sec_path *sp = skb_sec_path(skb); |
8b7817f3 HX |
678 | int nh; |
679 | ||
def8b4fa | 680 | if (!(sp && sp->xvec[sp->len - 1]->props.flags & |
aebcf82c HX |
681 | XFRM_STATE_ICMP)) |
682 | goto drop_no_count; | |
683 | ||
81aded24 | 684 | if (!pskb_may_pull(skb, sizeof(*hdr) + sizeof(struct ipv6hdr))) |
8b7817f3 HX |
685 | goto drop_no_count; |
686 | ||
687 | nh = skb_network_offset(skb); | |
688 | skb_set_network_header(skb, sizeof(*hdr)); | |
689 | ||
690 | if (!xfrm6_policy_check_reverse(NULL, XFRM_POLICY_IN, skb)) | |
691 | goto drop_no_count; | |
692 | ||
693 | skb_set_network_header(skb, nh); | |
694 | } | |
695 | ||
e41b5368 | 696 | ICMP6_INC_STATS_BH(dev_net(dev), idev, ICMP6_MIB_INMSGS); |
1da177e4 | 697 | |
0660e03f ACM |
698 | saddr = &ipv6_hdr(skb)->saddr; |
699 | daddr = &ipv6_hdr(skb)->daddr; | |
1da177e4 LT |
700 | |
701 | /* Perform checksum. */ | |
fb286bb2 | 702 | switch (skb->ip_summed) { |
84fa7933 | 703 | case CHECKSUM_COMPLETE: |
fb286bb2 HX |
704 | if (!csum_ipv6_magic(saddr, daddr, skb->len, IPPROTO_ICMPV6, |
705 | skb->csum)) | |
706 | break; | |
707 | /* fall through */ | |
708 | case CHECKSUM_NONE: | |
868c86bc AV |
709 | skb->csum = ~csum_unfold(csum_ipv6_magic(saddr, daddr, skb->len, |
710 | IPPROTO_ICMPV6, 0)); | |
fb286bb2 | 711 | if (__skb_checksum_complete(skb)) { |
6d0bfe22 LC |
712 | LIMIT_NETDEBUG(KERN_DEBUG |
713 | "ICMPv6 checksum failed [%pI6c > %pI6c]\n", | |
0c6ce78a | 714 | saddr, daddr); |
6a5dc9e5 | 715 | goto csum_error; |
1da177e4 LT |
716 | } |
717 | } | |
718 | ||
8cf22943 HX |
719 | if (!pskb_pull(skb, sizeof(*hdr))) |
720 | goto discard_it; | |
1da177e4 | 721 | |
cc70ab26 | 722 | hdr = icmp6_hdr(skb); |
1da177e4 LT |
723 | |
724 | type = hdr->icmp6_type; | |
725 | ||
55d43808 | 726 | ICMP6MSGIN_INC_STATS_BH(dev_net(dev), idev, type); |
1da177e4 LT |
727 | |
728 | switch (type) { | |
729 | case ICMPV6_ECHO_REQUEST: | |
730 | icmpv6_echo_reply(skb); | |
731 | break; | |
732 | ||
733 | case ICMPV6_ECHO_REPLY: | |
6d0bfe22 | 734 | ping_rcv(skb); |
1da177e4 LT |
735 | break; |
736 | ||
737 | case ICMPV6_PKT_TOOBIG: | |
738 | /* BUGGG_FUTURE: if packet contains rthdr, we cannot update | |
739 | standard destination cache. Seems, only "advanced" | |
740 | destination cache will allow to solve this problem | |
741 | --ANK (980726) | |
742 | */ | |
743 | if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) | |
744 | goto discard_it; | |
cc70ab26 | 745 | hdr = icmp6_hdr(skb); |
1da177e4 LT |
746 | |
747 | /* | |
748 | * Drop through to notify | |
749 | */ | |
750 | ||
751 | case ICMPV6_DEST_UNREACH: | |
752 | case ICMPV6_TIME_EXCEED: | |
753 | case ICMPV6_PARAMPROB: | |
754 | icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu); | |
755 | break; | |
756 | ||
757 | case NDISC_ROUTER_SOLICITATION: | |
758 | case NDISC_ROUTER_ADVERTISEMENT: | |
759 | case NDISC_NEIGHBOUR_SOLICITATION: | |
760 | case NDISC_NEIGHBOUR_ADVERTISEMENT: | |
761 | case NDISC_REDIRECT: | |
762 | ndisc_rcv(skb); | |
763 | break; | |
764 | ||
765 | case ICMPV6_MGM_QUERY: | |
766 | igmp6_event_query(skb); | |
767 | break; | |
768 | ||
769 | case ICMPV6_MGM_REPORT: | |
770 | igmp6_event_report(skb); | |
771 | break; | |
772 | ||
773 | case ICMPV6_MGM_REDUCTION: | |
774 | case ICMPV6_NI_QUERY: | |
775 | case ICMPV6_NI_REPLY: | |
776 | case ICMPV6_MLD2_REPORT: | |
777 | case ICMPV6_DHAAD_REQUEST: | |
778 | case ICMPV6_DHAAD_REPLY: | |
779 | case ICMPV6_MOBILE_PREFIX_SOL: | |
780 | case ICMPV6_MOBILE_PREFIX_ADV: | |
781 | break; | |
782 | ||
783 | default: | |
64ce2073 | 784 | LIMIT_NETDEBUG(KERN_DEBUG "icmpv6: msg of unknown type\n"); |
1da177e4 LT |
785 | |
786 | /* informational */ | |
787 | if (type & ICMPV6_INFOMSG_MASK) | |
788 | break; | |
789 | ||
1ab1457c YH |
790 | /* |
791 | * error of unknown type. | |
792 | * must pass to upper level | |
1da177e4 LT |
793 | */ |
794 | ||
795 | icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu); | |
3ff50b79 SH |
796 | } |
797 | ||
1da177e4 LT |
798 | kfree_skb(skb); |
799 | return 0; | |
800 | ||
6a5dc9e5 ED |
801 | csum_error: |
802 | ICMP6_INC_STATS_BH(dev_net(dev), idev, ICMP6_MIB_CSUMERRORS); | |
1da177e4 | 803 | discard_it: |
e41b5368 | 804 | ICMP6_INC_STATS_BH(dev_net(dev), idev, ICMP6_MIB_INERRORS); |
8b7817f3 | 805 | drop_no_count: |
1da177e4 LT |
806 | kfree_skb(skb); |
807 | return 0; | |
808 | } | |
809 | ||
4c9483b2 | 810 | void icmpv6_flow_init(struct sock *sk, struct flowi6 *fl6, |
95e41e93 YH |
811 | u8 type, |
812 | const struct in6_addr *saddr, | |
813 | const struct in6_addr *daddr, | |
814 | int oif) | |
815 | { | |
4c9483b2 | 816 | memset(fl6, 0, sizeof(*fl6)); |
4e3fd7a0 AD |
817 | fl6->saddr = *saddr; |
818 | fl6->daddr = *daddr; | |
4c9483b2 | 819 | fl6->flowi6_proto = IPPROTO_ICMPV6; |
1958b856 DM |
820 | fl6->fl6_icmp_type = type; |
821 | fl6->fl6_icmp_code = 0; | |
4c9483b2 DM |
822 | fl6->flowi6_oif = oif; |
823 | security_sk_classify_flow(sk, flowi6_to_flowi(fl6)); | |
95e41e93 YH |
824 | } |
825 | ||
640c41c7 | 826 | /* |
b7e729c4 | 827 | * Special lock-class for __icmpv6_sk: |
640c41c7 IM |
828 | */ |
829 | static struct lock_class_key icmpv6_socket_sk_dst_lock_key; | |
830 | ||
98c6d1b2 | 831 | static int __net_init icmpv6_sk_init(struct net *net) |
1da177e4 LT |
832 | { |
833 | struct sock *sk; | |
834 | int err, i, j; | |
835 | ||
98c6d1b2 DL |
836 | net->ipv6.icmp_sk = |
837 | kzalloc(nr_cpu_ids * sizeof(struct sock *), GFP_KERNEL); | |
838 | if (net->ipv6.icmp_sk == NULL) | |
79c91159 DL |
839 | return -ENOMEM; |
840 | ||
6f912042 | 841 | for_each_possible_cpu(i) { |
1ed8516f DL |
842 | err = inet_ctl_sock_create(&sk, PF_INET6, |
843 | SOCK_RAW, IPPROTO_ICMPV6, net); | |
1da177e4 | 844 | if (err < 0) { |
f3213831 | 845 | pr_err("Failed to initialize the ICMP6 control socket (err %d)\n", |
1da177e4 LT |
846 | err); |
847 | goto fail; | |
848 | } | |
849 | ||
1ed8516f | 850 | net->ipv6.icmp_sk[i] = sk; |
5c8cafd6 | 851 | |
640c41c7 IM |
852 | /* |
853 | * Split off their lock-class, because sk->sk_dst_lock | |
854 | * gets used from softirqs, which is safe for | |
b7e729c4 | 855 | * __icmpv6_sk (because those never get directly used |
640c41c7 IM |
856 | * via userspace syscalls), but unsafe for normal sockets. |
857 | */ | |
858 | lockdep_set_class(&sk->sk_dst_lock, | |
859 | &icmpv6_socket_sk_dst_lock_key); | |
1da177e4 LT |
860 | |
861 | /* Enough space for 2 64K ICMP packets, including | |
862 | * sk_buff struct overhead. | |
863 | */ | |
87fb4b7b | 864 | sk->sk_sndbuf = 2 * SKB_TRUESIZE(64 * 1024); |
1da177e4 | 865 | } |
1da177e4 LT |
866 | return 0; |
867 | ||
868 | fail: | |
5c8cafd6 | 869 | for (j = 0; j < i; j++) |
1ed8516f | 870 | inet_ctl_sock_destroy(net->ipv6.icmp_sk[j]); |
98c6d1b2 | 871 | kfree(net->ipv6.icmp_sk); |
1da177e4 LT |
872 | return err; |
873 | } | |
874 | ||
98c6d1b2 | 875 | static void __net_exit icmpv6_sk_exit(struct net *net) |
1da177e4 LT |
876 | { |
877 | int i; | |
878 | ||
6f912042 | 879 | for_each_possible_cpu(i) { |
1ed8516f | 880 | inet_ctl_sock_destroy(net->ipv6.icmp_sk[i]); |
1da177e4 | 881 | } |
98c6d1b2 DL |
882 | kfree(net->ipv6.icmp_sk); |
883 | } | |
884 | ||
8ed7edce | 885 | static struct pernet_operations icmpv6_sk_ops = { |
98c6d1b2 DL |
886 | .init = icmpv6_sk_init, |
887 | .exit = icmpv6_sk_exit, | |
888 | }; | |
889 | ||
890 | int __init icmpv6_init(void) | |
891 | { | |
892 | int err; | |
893 | ||
894 | err = register_pernet_subsys(&icmpv6_sk_ops); | |
895 | if (err < 0) | |
896 | return err; | |
897 | ||
898 | err = -EAGAIN; | |
899 | if (inet6_add_protocol(&icmpv6_protocol, IPPROTO_ICMPV6) < 0) | |
900 | goto fail; | |
5f5624cf PS |
901 | |
902 | err = inet6_register_icmp_sender(icmp6_send); | |
903 | if (err) | |
904 | goto sender_reg_err; | |
98c6d1b2 DL |
905 | return 0; |
906 | ||
5f5624cf PS |
907 | sender_reg_err: |
908 | inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6); | |
98c6d1b2 | 909 | fail: |
f3213831 | 910 | pr_err("Failed to register ICMP6 protocol\n"); |
98c6d1b2 DL |
911 | unregister_pernet_subsys(&icmpv6_sk_ops); |
912 | return err; | |
913 | } | |
914 | ||
8ed7edce | 915 | void icmpv6_cleanup(void) |
98c6d1b2 | 916 | { |
5f5624cf | 917 | inet6_unregister_icmp_sender(icmp6_send); |
98c6d1b2 | 918 | unregister_pernet_subsys(&icmpv6_sk_ops); |
1da177e4 LT |
919 | inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6); |
920 | } | |
921 | ||
98c6d1b2 | 922 | |
9b5b5cff | 923 | static const struct icmp6_err { |
1da177e4 LT |
924 | int err; |
925 | int fatal; | |
926 | } tab_unreach[] = { | |
927 | { /* NOROUTE */ | |
928 | .err = ENETUNREACH, | |
929 | .fatal = 0, | |
930 | }, | |
931 | { /* ADM_PROHIBITED */ | |
932 | .err = EACCES, | |
933 | .fatal = 1, | |
934 | }, | |
935 | { /* Was NOT_NEIGHBOUR, now reserved */ | |
936 | .err = EHOSTUNREACH, | |
937 | .fatal = 0, | |
938 | }, | |
939 | { /* ADDR_UNREACH */ | |
940 | .err = EHOSTUNREACH, | |
941 | .fatal = 0, | |
942 | }, | |
943 | { /* PORT_UNREACH */ | |
944 | .err = ECONNREFUSED, | |
945 | .fatal = 1, | |
946 | }, | |
61e76b17 JB |
947 | { /* POLICY_FAIL */ |
948 | .err = EACCES, | |
949 | .fatal = 1, | |
950 | }, | |
951 | { /* REJECT_ROUTE */ | |
952 | .err = EACCES, | |
953 | .fatal = 1, | |
954 | }, | |
1da177e4 LT |
955 | }; |
956 | ||
d5fdd6ba | 957 | int icmpv6_err_convert(u8 type, u8 code, int *err) |
1da177e4 LT |
958 | { |
959 | int fatal = 0; | |
960 | ||
961 | *err = EPROTO; | |
962 | ||
963 | switch (type) { | |
964 | case ICMPV6_DEST_UNREACH: | |
965 | fatal = 1; | |
61e76b17 | 966 | if (code < ARRAY_SIZE(tab_unreach)) { |
1da177e4 LT |
967 | *err = tab_unreach[code].err; |
968 | fatal = tab_unreach[code].fatal; | |
969 | } | |
970 | break; | |
971 | ||
972 | case ICMPV6_PKT_TOOBIG: | |
973 | *err = EMSGSIZE; | |
974 | break; | |
1ab1457c | 975 | |
1da177e4 LT |
976 | case ICMPV6_PARAMPROB: |
977 | *err = EPROTO; | |
978 | fatal = 1; | |
979 | break; | |
980 | ||
981 | case ICMPV6_TIME_EXCEED: | |
982 | *err = EHOSTUNREACH; | |
983 | break; | |
3ff50b79 | 984 | } |
1da177e4 LT |
985 | |
986 | return fatal; | |
987 | } | |
7159039a YH |
988 | EXPORT_SYMBOL(icmpv6_err_convert); |
989 | ||
1da177e4 | 990 | #ifdef CONFIG_SYSCTL |
e8243534 | 991 | static struct ctl_table ipv6_icmp_table_template[] = { |
1da177e4 | 992 | { |
1da177e4 | 993 | .procname = "ratelimit", |
41a76906 | 994 | .data = &init_net.ipv6.sysctl.icmpv6_time, |
1da177e4 LT |
995 | .maxlen = sizeof(int), |
996 | .mode = 0644, | |
6d9f239a | 997 | .proc_handler = proc_dointvec_ms_jiffies, |
1da177e4 | 998 | }, |
f8572d8f | 999 | { }, |
1da177e4 | 1000 | }; |
760f2d01 | 1001 | |
2c8c1e72 | 1002 | struct ctl_table * __net_init ipv6_icmp_sysctl_init(struct net *net) |
760f2d01 DL |
1003 | { |
1004 | struct ctl_table *table; | |
1005 | ||
1006 | table = kmemdup(ipv6_icmp_table_template, | |
1007 | sizeof(ipv6_icmp_table_template), | |
1008 | GFP_KERNEL); | |
5ee09105 | 1009 | |
c027aab4 | 1010 | if (table) |
5ee09105 YH |
1011 | table[0].data = &net->ipv6.sysctl.icmpv6_time; |
1012 | ||
760f2d01 DL |
1013 | return table; |
1014 | } | |
1da177e4 LT |
1015 | #endif |
1016 |