projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
ipv4: register igmp_notifier even when !CONFIG_PROC_FS
[deliverable/linux.git] / net / ipv6 / icmp.c
CommitLineData
1da177e4
LT		 1/*
2 * Internet Control Message Protocol (ICMPv6)
3 * Linux INET6 implementation
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 *
1da177e4
LT		 8 * Based on net/ipv4/icmp.c
9 *
10 * RFC 1885
11 *
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version
15 * 2 of the License, or (at your option) any later version.
16 */
17
18/*
19 * Changes:
20 *
21 * Andi Kleen : exception handling
22 * Andi Kleen add rate limits. never reply to a icmp.
23 * add more length checks and other fixes.
24 * yoshfuji : ensure to sent parameter problem for
25 * fragments.
26 * YOSHIFUJI Hideaki @USAGI: added sysctl for icmp rate limit.
27 * Randy Dunlap and
28 * YOSHIFUJI Hideaki @USAGI: Per-interface statistics support
29 * Kazunori MIYAZAWA @USAGI: change output process to use ip6_append_data
30 */
31
f3213831
JP		 32#define pr_fmt(fmt) "IPv6: " fmt
33
1da177e4
LT		 34#include <linux/module.h>
35#include <linux/errno.h>
36#include <linux/types.h>
37#include <linux/socket.h>
38#include <linux/in.h>
39#include <linux/kernel.h>
1da177e4
LT		 40#include <linux/sockios.h>
41#include <linux/net.h>
42#include <linux/skbuff.h>
43#include <linux/init.h>
763ecff1 44#include <linux/netfilter.h>
5a0e3ad6 45#include <linux/slab.h>
1da177e4
LT		 46
47#ifdef CONFIG_SYSCTL
48#include <linux/sysctl.h>
49#endif
50
51#include <linux/inet.h>
52#include <linux/netdevice.h>
53#include <linux/icmpv6.h>
54
55#include <net/ip.h>
56#include <net/sock.h>
57
58#include <net/ipv6.h>
59#include <net/ip6_checksum.h>
6d0bfe22 60#include <net/ping.h>
1da177e4
LT		 61#include <net/protocol.h>
62#include <net/raw.h>
63#include <net/rawv6.h>
64#include <net/transp_v6.h>
65#include <net/ip6_route.h>
66#include <net/addrconf.h>
67#include <net/icmp.h>
8b7817f3 68#include <net/xfrm.h>
1ed8516f 69#include <net/inet_common.h>
1da177e4
LT		 70
71#include <asm/uaccess.h>
1da177e4 72
1da177e4
LT		 73/*
74 * The ICMP socket(s). This is the most convenient way to flow control
75 * our ICMP output as well as maintain a clean interface throughout
76 * all layers. All Socketless IP sends will soon be gone.
77 *
78 * On SMP we have one ICMP socket per-cpu.
79 */
98c6d1b2
DL		 80static inline struct sock *icmpv6_sk(struct net *net)
81{
82 return net->ipv6.icmp_sk[smp_processor_id()];
83}
1da177e4 84
6f809da2
SK		 85static void icmpv6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
86 u8 type, u8 code, int offset, __be32 info)
87{
6d0bfe22
LC		 88 /* icmpv6_notify checks 8 bytes can be pulled, icmp6hdr is 8 bytes */
89 struct icmp6hdr *icmp6 = (struct icmp6hdr *) (skb->data + offset);
6f809da2
SK		 90 struct net *net = dev_net(skb->dev);
91
92 if (type == ICMPV6_PKT_TOOBIG)
93 ip6_update_pmtu(skb, net, info, 0, 0);
94 else if (type == NDISC_REDIRECT)
b55b76b2 95 ip6_redirect(skb, net, skb->dev->ifindex, 0);
6d0bfe22
LC		 96
97 if (!(type & ICMPV6_INFOMSG_MASK))
98 if (icmp6->icmp6_type == ICMPV6_ECHO_REQUEST)
99 ping_err(skb, offset, info);
6f809da2
SK		 100}
101
e5bbef20 102static int icmpv6_rcv(struct sk_buff *skb);
1da177e4 103
41135cc8 104static const struct inet6_protocol icmpv6_protocol = {
1da177e4 105 .handler = icmpv6_rcv,
6f809da2 106 .err_handler = icmpv6_err,
8b7817f3 107 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
1da177e4
LT		 108};
109
fdc0bde9 110static __inline__ struct sock *icmpv6_xmit_lock(struct net *net)
1da177e4 111{
fdc0bde9
DL		 112 struct sock *sk;
113
1da177e4
LT		 114 local_bh_disable();
115
fdc0bde9 116 sk = icmpv6_sk(net);
405666db 117 if (unlikely(!spin_trylock(&sk->sk_lock.slock))) {
1da177e4
LT		 118 /* This can happen if the output path (f.e. SIT or
119 * ip6ip6 tunnel) signals dst_link_failure() for an
120 * outgoing ICMP6 packet.
121 */
122 local_bh_enable();
fdc0bde9 123 return NULL;
1da177e4 124 }
fdc0bde9 125 return sk;
1da177e4
LT		 126}
127
405666db 128static __inline__ void icmpv6_xmit_unlock(struct sock *sk)
1da177e4 129{
405666db 130 spin_unlock_bh(&sk->sk_lock.slock);
1da177e4
LT		 131}
132
1da177e4
LT		 133/*
134 * Figure out, may we reply to this packet with icmp error.
135 *
136 * We do not reply, if:
137 * - it was icmp error message.
138 * - it is truncated, so that it is known, that protocol is ICMPV6
139 * (i.e. in the middle of some exthdr)
140 *
141 * --ANK (980726)
142 */
143
a50feda5 144static bool is_ineligible(const struct sk_buff *skb)
1da177e4 145{
0660e03f 146 int ptr = (u8 *)(ipv6_hdr(skb) + 1) - skb->data;
1da177e4 147 int len = skb->len - ptr;
0660e03f 148 __u8 nexthdr = ipv6_hdr(skb)->nexthdr;
75f2811c 149 __be16 frag_off;
1da177e4
LT		 150
151 if (len < 0)
a50feda5 152 return true;
1da177e4 153
75f2811c 154 ptr = ipv6_skip_exthdr(skb, ptr, &nexthdr, &frag_off);
1da177e4 155 if (ptr < 0)
a50feda5 156 return false;
1da177e4
LT		 157 if (nexthdr == IPPROTO_ICMPV6) {
158 u8 _type, *tp;
159 tp = skb_header_pointer(skb,
160 ptr+offsetof(struct icmp6hdr, icmp6_type),
161 sizeof(_type), &_type);
162 if (tp == NULL ||
163 !(*tp & ICMPV6_INFOMSG_MASK))
a50feda5 164 return true;
1da177e4 165 }
a50feda5 166 return false;
1da177e4
LT		 167}
168
1ab1457c
YH		 169/*
170 * Check the ICMP output rate limit
1da177e4 171 */
92d86829 172static inline bool icmpv6_xrlim_allow(struct sock *sk, u8 type,
4c9483b2 173 struct flowi6 *fl6)
1da177e4
LT		 174{
175 struct dst_entry *dst;
3b1e0a65 176 struct net *net = sock_net(sk);
92d86829 177 bool res = false;
1da177e4
LT		 178
179 /* Informational messages are not limited. */
180 if (type & ICMPV6_INFOMSG_MASK)
92d86829 181 return true;
1da177e4
LT		 182
183 /* Do not limit pmtu discovery, it would break it. */
184 if (type == ICMPV6_PKT_TOOBIG)
92d86829 185 return true;
1da177e4 186
1ab1457c 187 /*
1da177e4
LT		 188 * Look up the output route.
189 * XXX: perhaps the expire for routing entries cloned by
190 * this lookup should be more aggressive (not longer than timeout).
191 */
4c9483b2 192 dst = ip6_route_output(net, sk, fl6);
1da177e4 193 if (dst->error) {
3bd653c8 194 IP6_INC_STATS(net, ip6_dst_idev(dst),
a11d206d 195 IPSTATS_MIB_OUTNOROUTES);
1da177e4 196 } else if (dst->dev && (dst->dev->flags&IFF_LOOPBACK)) {
92d86829 197 res = true;
1da177e4
LT		 198 } else {
199 struct rt6_info *rt = (struct rt6_info *)dst;
9a43b709 200 int tmo = net->ipv6.sysctl.icmpv6_time;
fbfe95a4 201 struct inet_peer *peer;
1da177e4
LT		 202
203 /* Give more bandwidth to wider prefixes. */
204 if (rt->rt6i_dst.plen < 128)
205 tmo >>= ((128 - rt->rt6i_dst.plen)>>5);
206
1d861aa4 207 peer = inet_getpeer_v6(net->ipv6.peers, &rt->rt6i_dst.addr, 1);
fbfe95a4 208 res = inet_peer_xrlim_allow(peer, tmo);
1d861aa4
DM		 209 if (peer)
210 inet_putpeer(peer);
1da177e4
LT		 211 }
212 dst_release(dst);
213 return res;
214}
215
216/*
217 * an inline helper for the "simple" if statement below
218 * checks if parameter problem report is caused by an
1ab1457c 219 * unrecognized IPv6 option that has the Option Type
1da177e4
LT		 220 * highest-order two bits set to 10
221 */
222
a50feda5 223static bool opt_unrec(struct sk_buff *skb, __u32 offset)
1da177e4
LT		 224{
225 u8 _optval, *op;
226
bbe735e4 227 offset += skb_network_offset(skb);
1da177e4
LT		 228 op = skb_header_pointer(skb, offset, sizeof(_optval), &_optval);
229 if (op == NULL)
a50feda5 230 return true;
1da177e4
LT		 231 return (*op & 0xC0) == 0x80;
232}
233
6d0bfe22
LC		 234int icmpv6_push_pending_frames(struct sock *sk, struct flowi6 *fl6,
235 struct icmp6hdr *thdr, int len)
1da177e4
LT		 236{
237 struct sk_buff *skb;
238 struct icmp6hdr *icmp6h;
239 int err = 0;
240
241 if ((skb = skb_peek(&sk->sk_write_queue)) == NULL)
242 goto out;
243
cc70ab26 244 icmp6h = icmp6_hdr(skb);
1da177e4
LT		 245 memcpy(icmp6h, thdr, sizeof(struct icmp6hdr));
246 icmp6h->icmp6_cksum = 0;
247
248 if (skb_queue_len(&sk->sk_write_queue) == 1) {
07f0757a 249 skb->csum = csum_partial(icmp6h,
1da177e4 250 sizeof(struct icmp6hdr), skb->csum);
4c9483b2
DM		 251 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr,
252 &fl6->daddr,
253 len, fl6->flowi6_proto,
1da177e4
LT		 254 skb->csum);
255 } else {
868c86bc 256 __wsum tmp_csum = 0;
1da177e4
LT		 257
258 skb_queue_walk(&sk->sk_write_queue, skb) {
259 tmp_csum = csum_add(tmp_csum, skb->csum);
260 }
261
07f0757a 262 tmp_csum = csum_partial(icmp6h,
1da177e4 263 sizeof(struct icmp6hdr), tmp_csum);
4c9483b2
DM		 264 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr,
265 &fl6->daddr,
266 len, fl6->flowi6_proto,
868c86bc 267 tmp_csum);
1da177e4 268 }
1da177e4
LT		 269 ip6_push_pending_frames(sk);
270out:
271 return err;
272}
273
274struct icmpv6_msg {
275 struct sk_buff *skb;
276 int offset;
763ecff1 277 uint8_t type;
1da177e4
LT		 278};
279
280static int icmpv6_getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb)
281{
282 struct icmpv6_msg *msg = (struct icmpv6_msg *) from;
283 struct sk_buff *org_skb = msg->skb;
5f92a738 284 __wsum csum = 0;
1da177e4
LT		 285
286 csum = skb_copy_and_csum_bits(org_skb, msg->offset + offset,
287 to, len, csum);
288 skb->csum = csum_block_add(skb->csum, csum, odd);
763ecff1
YK		 289 if (!(msg->type & ICMPV6_INFOMSG_MASK))
290 nf_ct_attach(skb, org_skb);
1da177e4
LT		 291 return 0;
292}
293
07a93626 294#if IS_ENABLED(CONFIG_IPV6_MIP6)
79383236
MN		 295static void mip6_addr_swap(struct sk_buff *skb)
296{
0660e03f 297 struct ipv6hdr *iph = ipv6_hdr(skb);
79383236
MN		 298 struct inet6_skb_parm *opt = IP6CB(skb);
299 struct ipv6_destopt_hao *hao;
300 struct in6_addr tmp;
301 int off;
302
303 if (opt->dsthao) {
304 off = ipv6_find_tlv(skb, opt->dsthao, IPV6_TLV_HAO);
305 if (likely(off >= 0)) {
d56f90a7
ACM		 306 hao = (struct ipv6_destopt_hao *)
307 (skb_network_header(skb) + off);
4e3fd7a0
AD		 308 tmp = iph->saddr;
309 iph->saddr = hao->addr;
310 hao->addr = tmp;
79383236
MN		 311 }
312 }
313}
314#else
315static inline void mip6_addr_swap(struct sk_buff *skb) {}
316#endif
317
e8243534 318static struct dst_entry *icmpv6_route_lookup(struct net *net,
319 struct sk_buff *skb,
320 struct sock *sk,
321 struct flowi6 *fl6)
b42835db
DM		 322{
323 struct dst_entry *dst, *dst2;
4c9483b2 324 struct flowi6 fl2;
b42835db
DM		 325 int err;
326
4c9483b2 327 err = ip6_dst_lookup(sk, &dst, fl6);
b42835db
DM		 328 if (err)
329 return ERR_PTR(err);
330
331 /*
332 * We won't send icmp if the destination is known
333 * anycast.
334 */
335 if (((struct rt6_info *)dst)->rt6i_flags & RTF_ANYCAST) {
5f5624cf 336 LIMIT_NETDEBUG(KERN_DEBUG "icmp6_send: acast source\n");
b42835db
DM		 337 dst_release(dst);
338 return ERR_PTR(-EINVAL);
339 }
340
341 /* No need to clone since we're just using its address. */
342 dst2 = dst;
343
4c9483b2 344 dst = xfrm_lookup(net, dst, flowi6_to_flowi(fl6), sk, 0);
452edd59 345 if (!IS_ERR(dst)) {
b42835db
DM		 346 if (dst != dst2)
347 return dst;
452edd59
DM		 348 } else {
349 if (PTR_ERR(dst) == -EPERM)
350 dst = NULL;
351 else
352 return dst;
b42835db
DM		 353 }
354
4c9483b2 355 err = xfrm_decode_session_reverse(skb, flowi6_to_flowi(&fl2), AF_INET6);
b42835db
DM		 356 if (err)
357 goto relookup_failed;
358
359 err = ip6_dst_lookup(sk, &dst2, &fl2);
360 if (err)
361 goto relookup_failed;
362
4c9483b2 363 dst2 = xfrm_lookup(net, dst2, flowi6_to_flowi(&fl2), sk, XFRM_LOOKUP_ICMP);
452edd59 364 if (!IS_ERR(dst2)) {
b42835db
DM		 365 dst_release(dst);
366 dst = dst2;
452edd59
DM		 367 } else {
368 err = PTR_ERR(dst2);
369 if (err == -EPERM) {
370 dst_release(dst);
371 return dst2;
372 } else
373 goto relookup_failed;
b42835db
DM		 374 }
375
376relookup_failed:
377 if (dst)
378 return dst;
379 return ERR_PTR(err);
380}
381
1da177e4
LT		 382/*
383 * Send an ICMP message in response to a packet in error
384 */
5f5624cf 385static void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info)
1da177e4 386{
c346dca1 387 struct net *net = dev_net(skb->dev);
1da177e4 388 struct inet6_dev *idev = NULL;
0660e03f 389 struct ipv6hdr *hdr = ipv6_hdr(skb);
84427d53
YH		 390 struct sock *sk;
391 struct ipv6_pinfo *np;
b71d1d42 392 const struct in6_addr *saddr = NULL;
1da177e4
LT		 393 struct dst_entry *dst;
394 struct icmp6hdr tmp_hdr;
4c9483b2 395 struct flowi6 fl6;
1da177e4
LT		 396 struct icmpv6_msg msg;
397 int iif = 0;
398 int addr_type = 0;
399 int len;
e651f03a 400 int hlimit;
1da177e4
LT		 401 int err = 0;
402
27a884dc 403 if ((u8 *)hdr < skb->head ||
29a3cad5 404 (skb_network_header(skb) + sizeof(*hdr)) > skb_tail_pointer(skb))
1da177e4
LT		 405 return;
406
407 /*
1ab1457c 408 * Make sure we respect the rules
1da177e4 409 * i.e. RFC 1885 2.4(e)
5f5624cf 410 * Rule (e.1) is enforced by not using icmp6_send
1da177e4
LT		 411 * in any code that processes icmp errors.
412 */
413 addr_type = ipv6_addr_type(&hdr->daddr);
414
9a43b709 415 if (ipv6_chk_addr(net, &hdr->daddr, skb->dev, 0))
1da177e4
LT		 416 saddr = &hdr->daddr;
417
418 /*
419 * Dest addr check
420 */
421
422 if ((addr_type & IPV6_ADDR_MULTICAST || skb->pkt_type != PACKET_HOST)) {
423 if (type != ICMPV6_PKT_TOOBIG &&
1ab1457c
YH		 424 !(type == ICMPV6_PARAMPROB &&
425 code == ICMPV6_UNK_OPTION &&
1da177e4
LT		 426 (opt_unrec(skb, info))))
427 return;
428
429 saddr = NULL;
430 }
431
432 addr_type = ipv6_addr_type(&hdr->saddr);
433
434 /*
435 * Source addr check
436 */
437
842df073 438 if (__ipv6_addr_needs_scope_id(addr_type))
1da177e4
LT		 439 iif = skb->dev->ifindex;
440
441 /*
8de3351e
YH		 442 * Must not send error if the source does not uniquely
443 * identify a single node (RFC2463 Section 2.4).
444 * We check unspecified / multicast addresses here,
445 * and anycast addresses will be checked later.
1da177e4
LT		 446 */
447 if ((addr_type == IPV6_ADDR_ANY) || (addr_type & IPV6_ADDR_MULTICAST)) {
5f5624cf 448 LIMIT_NETDEBUG(KERN_DEBUG "icmp6_send: addr_any/mcast source\n");
1da177e4
LT		 449 return;
450 }
451
1ab1457c 452 /*
1da177e4
LT		 453 * Never answer to a ICMP packet.
454 */
455 if (is_ineligible(skb)) {
5f5624cf 456 LIMIT_NETDEBUG(KERN_DEBUG "icmp6_send: no reply to icmp error\n");
1da177e4
LT		 457 return;
458 }
459
79383236
MN		 460 mip6_addr_swap(skb);
461
4c9483b2
DM		 462 memset(&fl6, 0, sizeof(fl6));
463 fl6.flowi6_proto = IPPROTO_ICMPV6;
4e3fd7a0 464 fl6.daddr = hdr->saddr;
1da177e4 465 if (saddr)
4e3fd7a0 466 fl6.saddr = *saddr;
4c9483b2 467 fl6.flowi6_oif = iif;
1958b856
DM		 468 fl6.fl6_icmp_type = type;
469 fl6.fl6_icmp_code = code;
4c9483b2 470 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
1da177e4 471
fdc0bde9
DL		 472 sk = icmpv6_xmit_lock(net);
473 if (sk == NULL)
405666db 474 return;
fdc0bde9 475 np = inet6_sk(sk);
405666db 476
4c9483b2 477 if (!icmpv6_xrlim_allow(sk, type, &fl6))
1da177e4
LT		 478 goto out;
479
480 tmp_hdr.icmp6_type = type;
481 tmp_hdr.icmp6_code = code;
482 tmp_hdr.icmp6_cksum = 0;
483 tmp_hdr.icmp6_pointer = htonl(info);
484
4c9483b2
DM		 485 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
486 fl6.flowi6_oif = np->mcast_oif;
c4062dfc
EH		 487 else if (!fl6.flowi6_oif)
488 fl6.flowi6_oif = np->ucast_oif;
1da177e4 489
4c9483b2 490 dst = icmpv6_route_lookup(net, skb, sk, &fl6);
b42835db 491 if (IS_ERR(dst))
1da177e4 492 goto out;
8de3351e 493
4c9483b2 494 if (ipv6_addr_is_multicast(&fl6.daddr))
1da177e4
LT		 495 hlimit = np->mcast_hops;
496 else
497 hlimit = np->hop_limit;
498 if (hlimit < 0)
6b75d090 499 hlimit = ip6_dst_hoplimit(dst);
1da177e4
LT		 500
501 msg.skb = skb;
bbe735e4 502 msg.offset = skb_network_offset(skb);
763ecff1 503 msg.type = type;
1da177e4
LT		 504
505 len = skb->len - msg.offset;
506 len = min_t(unsigned int, len, IPV6_MIN_MTU - sizeof(struct ipv6hdr) -sizeof(struct icmp6hdr));
507 if (len < 0) {
64ce2073 508 LIMIT_NETDEBUG(KERN_DEBUG "icmp: len problem\n");
1da177e4
LT		 509 goto out_dst_release;
510 }
511
cfdf7647
ED		 512 rcu_read_lock();
513 idev = __in6_dev_get(skb->dev);
1da177e4
LT		 514
515 err = ip6_append_data(sk, icmpv6_getfrag, &msg,
516 len + sizeof(struct icmp6hdr),
e651f03a 517 sizeof(struct icmp6hdr), hlimit,
a2d91a09 518 np->tclass, NULL, &fl6, (struct rt6_info *)dst,
13b52cd4 519 MSG_DONTWAIT, np->dontfrag);
1da177e4 520 if (err) {
00d9d6a1 521 ICMP6_INC_STATS_BH(net, idev, ICMP6_MIB_OUTERRORS);
1da177e4 522 ip6_flush_pending_frames(sk);
cfdf7647
ED		 523 } else {
524 err = icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr,
525 len + sizeof(struct icmp6hdr));
1da177e4 526 }
cfdf7647 527 rcu_read_unlock();
1da177e4
LT		 528out_dst_release:
529 dst_release(dst);
530out:
405666db 531 icmpv6_xmit_unlock(sk);
1da177e4 532}
5f5624cf
PS		 533
534/* Slightly more convenient version of icmp6_send.
535 */
536void icmpv6_param_prob(struct sk_buff *skb, u8 code, int pos)
537{
538 icmp6_send(skb, ICMPV6_PARAMPROB, code, pos);
539 kfree_skb(skb);
540}
7159039a 541
1da177e4
LT		 542static void icmpv6_echo_reply(struct sk_buff *skb)
543{
c346dca1 544 struct net *net = dev_net(skb->dev);
84427d53 545 struct sock *sk;
1da177e4 546 struct inet6_dev *idev;
84427d53 547 struct ipv6_pinfo *np;
b71d1d42 548 const struct in6_addr *saddr = NULL;
cc70ab26 549 struct icmp6hdr *icmph = icmp6_hdr(skb);
1da177e4 550 struct icmp6hdr tmp_hdr;
4c9483b2 551 struct flowi6 fl6;
1da177e4
LT		 552 struct icmpv6_msg msg;
553 struct dst_entry *dst;
554 int err = 0;
555 int hlimit;
556
0660e03f 557 saddr = &ipv6_hdr(skb)->daddr;
1da177e4 558
509aba3b
FLB		 559 if (!ipv6_unicast_destination(skb) &&
560 !(net->ipv6.anycast_src_echo_reply &&
561 ipv6_anycast_destination(skb)))
1da177e4
LT		 562 saddr = NULL;
563
564 memcpy(&tmp_hdr, icmph, sizeof(tmp_hdr));
565 tmp_hdr.icmp6_type = ICMPV6_ECHO_REPLY;
566
4c9483b2
DM		 567 memset(&fl6, 0, sizeof(fl6));
568 fl6.flowi6_proto = IPPROTO_ICMPV6;
4e3fd7a0 569 fl6.daddr = ipv6_hdr(skb)->saddr;
1da177e4 570 if (saddr)
4e3fd7a0 571 fl6.saddr = *saddr;
4c9483b2 572 fl6.flowi6_oif = skb->dev->ifindex;
1958b856 573 fl6.fl6_icmp_type = ICMPV6_ECHO_REPLY;
4c9483b2 574 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
1da177e4 575
fdc0bde9
DL		 576 sk = icmpv6_xmit_lock(net);
577 if (sk == NULL)
405666db 578 return;
fdc0bde9 579 np = inet6_sk(sk);
405666db 580
4c9483b2
DM		 581 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
582 fl6.flowi6_oif = np->mcast_oif;
c4062dfc
EH		 583 else if (!fl6.flowi6_oif)
584 fl6.flowi6_oif = np->ucast_oif;
1da177e4 585
4c9483b2 586 err = ip6_dst_lookup(sk, &dst, &fl6);
1da177e4
LT		 587 if (err)
588 goto out;
4c9483b2 589 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), sk, 0);
452edd59 590 if (IS_ERR(dst))
e104411b 591 goto out;
1da177e4 592
4c9483b2 593 if (ipv6_addr_is_multicast(&fl6.daddr))
1da177e4
LT		 594 hlimit = np->mcast_hops;
595 else
596 hlimit = np->hop_limit;
597 if (hlimit < 0)
6b75d090 598 hlimit = ip6_dst_hoplimit(dst);
1da177e4 599
cfdf7647 600 idev = __in6_dev_get(skb->dev);
1da177e4
LT		 601
602 msg.skb = skb;
603 msg.offset = 0;
763ecff1 604 msg.type = ICMPV6_ECHO_REPLY;
1da177e4
LT		 605
606 err = ip6_append_data(sk, icmpv6_getfrag, &msg, skb->len + sizeof(struct icmp6hdr),
4c9483b2 607 sizeof(struct icmp6hdr), hlimit, np->tclass, NULL, &fl6,
a2d91a09 608 (struct rt6_info *)dst, MSG_DONTWAIT,
13b52cd4 609 np->dontfrag);
1da177e4
LT		 610
611 if (err) {
00d9d6a1 612 ICMP6_INC_STATS_BH(net, idev, ICMP6_MIB_OUTERRORS);
1da177e4 613 ip6_flush_pending_frames(sk);
cfdf7647
ED		 614 } else {
615 err = icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr,
616 skb->len + sizeof(struct icmp6hdr));
1da177e4 617 }
1da177e4 618 dst_release(dst);
1ab1457c 619out:
405666db 620 icmpv6_xmit_unlock(sk);
1da177e4
LT		 621}
622
b94f1c09 623void icmpv6_notify(struct sk_buff *skb, u8 type, u8 code, __be32 info)
1da177e4 624{
41135cc8 625 const struct inet6_protocol *ipprot;
1da177e4 626 int inner_offset;
75f2811c 627 __be16 frag_off;
f9242b6b 628 u8 nexthdr;
1da177e4
LT		 629
630 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
631 return;
632
633 nexthdr = ((struct ipv6hdr *)skb->data)->nexthdr;
634 if (ipv6_ext_hdr(nexthdr)) {
635 /* now skip over extension headers */
75f2811c
JG		 636 inner_offset = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr),
637 &nexthdr, &frag_off);
1da177e4
LT		 638 if (inner_offset<0)
639 return;
640 } else {
641 inner_offset = sizeof(struct ipv6hdr);
642 }
643
644 /* Checkin header including 8 bytes of inner protocol header. */
645 if (!pskb_may_pull(skb, inner_offset+8))
646 return;
647
1da177e4
LT		 648 /* BUGGG_FUTURE: we should try to parse exthdrs in this packet.
649 Without this we will not able f.e. to make source routed
650 pmtu discovery.
651 Corresponding argument (opt) to notifiers is already added.
652 --ANK (980726)
653 */
654
1da177e4 655 rcu_read_lock();
f9242b6b 656 ipprot = rcu_dereference(inet6_protos[nexthdr]);
1da177e4
LT		 657 if (ipprot && ipprot->err_handler)
658 ipprot->err_handler(skb, NULL, type, code, inner_offset, info);
659 rcu_read_unlock();
660
69d6da0b 661 raw6_icmp_error(skb, nexthdr, type, code, inner_offset, info);
1da177e4 662}
1ab1457c 663
1da177e4
LT		 664/*
665 * Handle icmp messages
666 */
667
e5bbef20 668static int icmpv6_rcv(struct sk_buff *skb)
1da177e4 669{
1da177e4
LT		 670 struct net_device *dev = skb->dev;
671 struct inet6_dev *idev = __in6_dev_get(dev);
b71d1d42 672 const struct in6_addr *saddr, *daddr;
1da177e4 673 struct icmp6hdr *hdr;
d5fdd6ba 674 u8 type;
1da177e4 675
aebcf82c 676 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
def8b4fa 677 struct sec_path *sp = skb_sec_path(skb);
8b7817f3
HX		 678 int nh;
679
def8b4fa 680 if (!(sp && sp->xvec[sp->len - 1]->props.flags &
aebcf82c
HX		 681 XFRM_STATE_ICMP))
682 goto drop_no_count;
683
81aded24 684 if (!pskb_may_pull(skb, sizeof(*hdr) + sizeof(struct ipv6hdr)))
8b7817f3
HX		 685 goto drop_no_count;
686
687 nh = skb_network_offset(skb);
688 skb_set_network_header(skb, sizeof(*hdr));
689
690 if (!xfrm6_policy_check_reverse(NULL, XFRM_POLICY_IN, skb))
691 goto drop_no_count;
692
693 skb_set_network_header(skb, nh);
694 }
695
e41b5368 696 ICMP6_INC_STATS_BH(dev_net(dev), idev, ICMP6_MIB_INMSGS);
1da177e4 697
0660e03f
ACM		 698 saddr = &ipv6_hdr(skb)->saddr;
699 daddr = &ipv6_hdr(skb)->daddr;
1da177e4
LT		 700
701 /* Perform checksum. */
fb286bb2 702 switch (skb->ip_summed) {
84fa7933 703 case CHECKSUM_COMPLETE:
fb286bb2
HX		 704 if (!csum_ipv6_magic(saddr, daddr, skb->len, IPPROTO_ICMPV6,
705 skb->csum))
706 break;
707 /* fall through */
708 case CHECKSUM_NONE:
868c86bc
AV		 709 skb->csum = ~csum_unfold(csum_ipv6_magic(saddr, daddr, skb->len,
710 IPPROTO_ICMPV6, 0));
fb286bb2 711 if (__skb_checksum_complete(skb)) {
6d0bfe22
LC		 712 LIMIT_NETDEBUG(KERN_DEBUG
713 "ICMPv6 checksum failed [%pI6c > %pI6c]\n",
0c6ce78a 714 saddr, daddr);
6a5dc9e5 715 goto csum_error;
1da177e4
LT		 716 }
717 }
718
8cf22943
HX		 719 if (!pskb_pull(skb, sizeof(*hdr)))
720 goto discard_it;
1da177e4 721
cc70ab26 722 hdr = icmp6_hdr(skb);
1da177e4
LT		 723
724 type = hdr->icmp6_type;
725
55d43808 726 ICMP6MSGIN_INC_STATS_BH(dev_net(dev), idev, type);
1da177e4
LT		 727
728 switch (type) {
729 case ICMPV6_ECHO_REQUEST:
730 icmpv6_echo_reply(skb);
731 break;
732
733 case ICMPV6_ECHO_REPLY:
6d0bfe22 734 ping_rcv(skb);
1da177e4
LT		 735 break;
736
737 case ICMPV6_PKT_TOOBIG:
738 /* BUGGG_FUTURE: if packet contains rthdr, we cannot update
739 standard destination cache. Seems, only "advanced"
740 destination cache will allow to solve this problem
741 --ANK (980726)
742 */
743 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
744 goto discard_it;
cc70ab26 745 hdr = icmp6_hdr(skb);
1da177e4
LT		 746
747 /*
748 * Drop through to notify
749 */
750
751 case ICMPV6_DEST_UNREACH:
752 case ICMPV6_TIME_EXCEED:
753 case ICMPV6_PARAMPROB:
754 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu);
755 break;
756
757 case NDISC_ROUTER_SOLICITATION:
758 case NDISC_ROUTER_ADVERTISEMENT:
759 case NDISC_NEIGHBOUR_SOLICITATION:
760 case NDISC_NEIGHBOUR_ADVERTISEMENT:
761 case NDISC_REDIRECT:
762 ndisc_rcv(skb);
763 break;
764
765 case ICMPV6_MGM_QUERY:
766 igmp6_event_query(skb);
767 break;
768
769 case ICMPV6_MGM_REPORT:
770 igmp6_event_report(skb);
771 break;
772
773 case ICMPV6_MGM_REDUCTION:
774 case ICMPV6_NI_QUERY:
775 case ICMPV6_NI_REPLY:
776 case ICMPV6_MLD2_REPORT:
777 case ICMPV6_DHAAD_REQUEST:
778 case ICMPV6_DHAAD_REPLY:
779 case ICMPV6_MOBILE_PREFIX_SOL:
780 case ICMPV6_MOBILE_PREFIX_ADV:
781 break;
782
783 default:
64ce2073 784 LIMIT_NETDEBUG(KERN_DEBUG "icmpv6: msg of unknown type\n");
1da177e4
LT		 785
786 /* informational */
787 if (type & ICMPV6_INFOMSG_MASK)
788 break;
789
1ab1457c
YH		 790 /*
791 * error of unknown type.
792 * must pass to upper level
1da177e4
LT		 793 */
794
795 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu);
3ff50b79
SH		 796 }
797
1da177e4
LT		 798 kfree_skb(skb);
799 return 0;
800
6a5dc9e5
ED		 801csum_error:
802 ICMP6_INC_STATS_BH(dev_net(dev), idev, ICMP6_MIB_CSUMERRORS);
1da177e4 803discard_it:
e41b5368 804 ICMP6_INC_STATS_BH(dev_net(dev), idev, ICMP6_MIB_INERRORS);
8b7817f3 805drop_no_count:
1da177e4
LT		 806 kfree_skb(skb);
807 return 0;
808}
809
4c9483b2 810void icmpv6_flow_init(struct sock *sk, struct flowi6 *fl6,
95e41e93
YH		 811 u8 type,
812 const struct in6_addr *saddr,
813 const struct in6_addr *daddr,
814 int oif)
815{
4c9483b2 816 memset(fl6, 0, sizeof(*fl6));
4e3fd7a0
AD		 817 fl6->saddr = *saddr;
818 fl6->daddr = *daddr;
4c9483b2 819 fl6->flowi6_proto = IPPROTO_ICMPV6;
1958b856
DM		 820 fl6->fl6_icmp_type = type;
821 fl6->fl6_icmp_code = 0;
4c9483b2
DM		 822 fl6->flowi6_oif = oif;
823 security_sk_classify_flow(sk, flowi6_to_flowi(fl6));
95e41e93
YH		 824}
825
640c41c7 826/*
b7e729c4 827 * Special lock-class for __icmpv6_sk:
640c41c7
IM		 828 */
829static struct lock_class_key icmpv6_socket_sk_dst_lock_key;
830
98c6d1b2 831static int __net_init icmpv6_sk_init(struct net *net)
1da177e4
LT		 832{
833 struct sock *sk;
834 int err, i, j;
835
98c6d1b2
DL		 836 net->ipv6.icmp_sk =
837 kzalloc(nr_cpu_ids * sizeof(struct sock *), GFP_KERNEL);
838 if (net->ipv6.icmp_sk == NULL)
79c91159
DL		 839 return -ENOMEM;
840
6f912042 841 for_each_possible_cpu(i) {
1ed8516f
DL		 842 err = inet_ctl_sock_create(&sk, PF_INET6,
843 SOCK_RAW, IPPROTO_ICMPV6, net);
1da177e4 844 if (err < 0) {
f3213831 845 pr_err("Failed to initialize the ICMP6 control socket (err %d)\n",
1da177e4
LT		 846 err);
847 goto fail;
848 }
849
1ed8516f 850 net->ipv6.icmp_sk[i] = sk;
5c8cafd6 851
640c41c7
IM		 852 /*
853 * Split off their lock-class, because sk->sk_dst_lock
854 * gets used from softirqs, which is safe for
b7e729c4 855 * __icmpv6_sk (because those never get directly used
640c41c7
IM		 856 * via userspace syscalls), but unsafe for normal sockets.
857 */
858 lockdep_set_class(&sk->sk_dst_lock,
859 &icmpv6_socket_sk_dst_lock_key);
1da177e4
LT		 860
861 /* Enough space for 2 64K ICMP packets, including
862 * sk_buff struct overhead.
863 */
87fb4b7b 864 sk->sk_sndbuf = 2 * SKB_TRUESIZE(64 * 1024);
1da177e4 865 }
1da177e4
LT		 866 return 0;
867
868 fail:
5c8cafd6 869 for (j = 0; j < i; j++)
1ed8516f 870 inet_ctl_sock_destroy(net->ipv6.icmp_sk[j]);
98c6d1b2 871 kfree(net->ipv6.icmp_sk);
1da177e4
LT		 872 return err;
873}
874
98c6d1b2 875static void __net_exit icmpv6_sk_exit(struct net *net)
1da177e4
LT		 876{
877 int i;
878
6f912042 879 for_each_possible_cpu(i) {
1ed8516f 880 inet_ctl_sock_destroy(net->ipv6.icmp_sk[i]);
1da177e4 881 }
98c6d1b2
DL		 882 kfree(net->ipv6.icmp_sk);
883}
884
8ed7edce 885static struct pernet_operations icmpv6_sk_ops = {
98c6d1b2
DL		 886 .init = icmpv6_sk_init,
887 .exit = icmpv6_sk_exit,
888};
889
890int __init icmpv6_init(void)
891{
892 int err;
893
894 err = register_pernet_subsys(&icmpv6_sk_ops);
895 if (err < 0)
896 return err;
897
898 err = -EAGAIN;
899 if (inet6_add_protocol(&icmpv6_protocol, IPPROTO_ICMPV6) < 0)
900 goto fail;
5f5624cf
PS		 901
902 err = inet6_register_icmp_sender(icmp6_send);
903 if (err)
904 goto sender_reg_err;
98c6d1b2
DL		 905 return 0;
906
5f5624cf
PS		 907sender_reg_err:
908 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6);
98c6d1b2 909fail:
f3213831 910 pr_err("Failed to register ICMP6 protocol\n");
98c6d1b2
DL		 911 unregister_pernet_subsys(&icmpv6_sk_ops);
912 return err;
913}
914
8ed7edce 915void icmpv6_cleanup(void)
98c6d1b2 916{
5f5624cf 917 inet6_unregister_icmp_sender(icmp6_send);
98c6d1b2 918 unregister_pernet_subsys(&icmpv6_sk_ops);
1da177e4
LT		 919 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6);
920}
921
98c6d1b2 922
9b5b5cff 923static const struct icmp6_err {
1da177e4
LT		 924 int err;
925 int fatal;
926} tab_unreach[] = {
927 { /* NOROUTE */
928 .err = ENETUNREACH,
929 .fatal = 0,
930 },
931 { /* ADM_PROHIBITED */
932 .err = EACCES,
933 .fatal = 1,
934 },
935 { /* Was NOT_NEIGHBOUR, now reserved */
936 .err = EHOSTUNREACH,
937 .fatal = 0,
938 },
939 { /* ADDR_UNREACH */
940 .err = EHOSTUNREACH,
941 .fatal = 0,
942 },
943 { /* PORT_UNREACH */
944 .err = ECONNREFUSED,
945 .fatal = 1,
946 },
61e76b17
JB		 947 { /* POLICY_FAIL */
948 .err = EACCES,
949 .fatal = 1,
950 },
951 { /* REJECT_ROUTE */
952 .err = EACCES,
953 .fatal = 1,
954 },
1da177e4
LT		 955};
956
d5fdd6ba 957int icmpv6_err_convert(u8 type, u8 code, int *err)
1da177e4
LT		 958{
959 int fatal = 0;
960
961 *err = EPROTO;
962
963 switch (type) {
964 case ICMPV6_DEST_UNREACH:
965 fatal = 1;
61e76b17 966 if (code < ARRAY_SIZE(tab_unreach)) {
1da177e4
LT		 967 *err = tab_unreach[code].err;
968 fatal = tab_unreach[code].fatal;
969 }
970 break;
971
972 case ICMPV6_PKT_TOOBIG:
973 *err = EMSGSIZE;
974 break;
1ab1457c 975
1da177e4
LT		 976 case ICMPV6_PARAMPROB:
977 *err = EPROTO;
978 fatal = 1;
979 break;
980
981 case ICMPV6_TIME_EXCEED:
982 *err = EHOSTUNREACH;
983 break;
3ff50b79 984 }
1da177e4
LT		 985
986 return fatal;
987}
7159039a
YH		 988EXPORT_SYMBOL(icmpv6_err_convert);
989
1da177e4 990#ifdef CONFIG_SYSCTL
e8243534 991static struct ctl_table ipv6_icmp_table_template[] = {
1da177e4 992 {
1da177e4 993 .procname = "ratelimit",
41a76906 994 .data = &init_net.ipv6.sysctl.icmpv6_time,
1da177e4
LT		 995 .maxlen = sizeof(int),
996 .mode = 0644,
6d9f239a 997 .proc_handler = proc_dointvec_ms_jiffies,
1da177e4 998 },
f8572d8f 999 { },
1da177e4 1000};
760f2d01 1001
2c8c1e72 1002struct ctl_table * __net_init ipv6_icmp_sysctl_init(struct net *net)
760f2d01
DL		 1003{
1004 struct ctl_table *table;
1005
1006 table = kmemdup(ipv6_icmp_table_template,
1007 sizeof(ipv6_icmp_table_template),
1008 GFP_KERNEL);
5ee09105 1009
c027aab4 1010 if (table)
5ee09105
YH		 1011 table[0].data = &net->ipv6.sysctl.icmpv6_time;
1012
760f2d01
DL		 1013 return table;
1014}
1da177e4
LT		 1015#endif
1016
Linux kernel - Deliverables
This page took 0.931365 seconds and 5 git commands to generate.