1/* 2 * Internet Control Message Protocol (ICMPv6) 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * 8 * Based on net/ipv4/icmp.c 9 * 10 * RFC 1885 11 * 12 * This program is free software; you can redistribute it and/or 13 * modify it under the terms of the GNU General Public License 14 * as published by the Free Software Foundation; either version 15 * 2 of the License, or (at your option) any later version. 16 */ 17 18/* 19 * Changes: 20 * 21 * Andi Kleen : exception handling 22 * Andi Kleen add rate limits. never reply to a icmp. 23 * add more length checks and other fixes. 24 * yoshfuji : ensure to sent parameter problem for 25 * fragments. 26 * YOSHIFUJI Hideaki @USAGI: added sysctl for icmp rate limit. 27 * Randy Dunlap and 28 * YOSHIFUJI Hideaki @USAGI: Per-interface statistics support 29 * Kazunori MIYAZAWA @USAGI: change output process to use ip6_append_data 30 */ 31 32#define pr_fmt(fmt) "IPv6: " fmt 33 34#include <linux/module.h> 35#include <linux/errno.h> 36#include <linux/types.h> 37#include <linux/socket.h> 38#include <linux/in.h> 39#include <linux/kernel.h> 40#include <linux/sockios.h> 41#include <linux/net.h> 42#include <linux/skbuff.h> 43#include <linux/init.h> 44#include <linux/netfilter.h> 45#include <linux/slab.h> 46 47#ifdef CONFIG_SYSCTL 48#include <linux/sysctl.h> 49#endif 50 51#include <linux/inet.h> 52#include <linux/netdevice.h> 53#include <linux/icmpv6.h> 54 55#include <net/ip.h> 56#include <net/sock.h> 57 58#include <net/ipv6.h> 59#include <net/ip6_checksum.h> 60#include <net/ping.h> 61#include <net/protocol.h> 62#include <net/raw.h> 63#include <net/rawv6.h> 64#include <net/transp_v6.h> 65#include <net/ip6_route.h> 66#include <net/addrconf.h> 67#include <net/icmp.h> 68#include <net/xfrm.h> 69#include <net/inet_common.h> 70 71#include <asm/uaccess.h> 72 73/* 74 * The ICMP socket(s). This is the most convenient way to flow control 75 * our ICMP output as well as maintain a clean interface throughout 76 * all layers. All Socketless IP sends will soon be gone. 77 * 78 * On SMP we have one ICMP socket per-cpu. 79 */ 80static inline struct sock *icmpv6_sk(struct net *net) 81{ 82 return net->ipv6.icmp_sk[smp_processor_id()]; 83} 84 85static void icmpv6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, 86 u8 type, u8 code, int offset, __be32 info) 87{ 88 /* icmpv6_notify checks 8 bytes can be pulled, icmp6hdr is 8 bytes */ 89 struct icmp6hdr *icmp6 = (struct icmp6hdr *) (skb->data + offset); 90 struct net *net = dev_net(skb->dev); 91 92 if (type == ICMPV6_PKT_TOOBIG) 93 ip6_update_pmtu(skb, net, info, 0, 0, INVALID_UID); 94 else if (type == NDISC_REDIRECT) 95 ip6_redirect(skb, net, 0, 0); 96 97 if (!(type & ICMPV6_INFOMSG_MASK)) 98 if (icmp6->icmp6_type == ICMPV6_ECHO_REQUEST) 99 ping_err(skb, offset, info); 100} 101 102static int icmpv6_rcv(struct sk_buff *skb); 103 104static const struct inet6_protocol icmpv6_protocol = { 105 .handler = icmpv6_rcv, 106 .err_handler = icmpv6_err, 107 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL, 108}; 109 110static __inline__ struct sock *icmpv6_xmit_lock(struct net *net) 111{ 112 struct sock *sk; 113 114 local_bh_disable(); 115 116 sk = icmpv6_sk(net); 117 if (unlikely(!spin_trylock(&sk->sk_lock.slock))) { 118 /* This can happen if the output path (f.e. SIT or 119 * ip6ip6 tunnel) signals dst_link_failure() for an 120 * outgoing ICMP6 packet. 121 */ 122 local_bh_enable(); 123 return NULL; 124 } 125 return sk; 126} 127 128static __inline__ void icmpv6_xmit_unlock(struct sock *sk) 129{ 130 spin_unlock_bh(&sk->sk_lock.slock); 131} 132 133/* 134 * Figure out, may we reply to this packet with icmp error. 135 * 136 * We do not reply, if: 137 * - it was icmp error message. 138 * - it is truncated, so that it is known, that protocol is ICMPV6 139 * (i.e. in the middle of some exthdr) 140 * 141 * --ANK (980726) 142 */ 143 144static bool is_ineligible(const struct sk_buff *skb) 145{ 146 int ptr = (u8 *)(ipv6_hdr(skb) + 1) - skb->data; 147 int len = skb->len - ptr; 148 __u8 nexthdr = ipv6_hdr(skb)->nexthdr; 149 __be16 frag_off; 150 151 if (len < 0) 152 return true; 153 154 ptr = ipv6_skip_exthdr(skb, ptr, &nexthdr, &frag_off); 155 if (ptr < 0) 156 return false; 157 if (nexthdr == IPPROTO_ICMPV6) { 158 u8 _type, *tp; 159 tp = skb_header_pointer(skb, 160 ptr+offsetof(struct icmp6hdr, icmp6_type), 161 sizeof(_type), &_type); 162 if (tp == NULL || 163 !(*tp & ICMPV6_INFOMSG_MASK)) 164 return true; 165 } 166 return false; 167} 168 169/* 170 * Check the ICMP output rate limit 171 */ 172static inline bool icmpv6_xrlim_allow(struct sock *sk, u8 type, 173 struct flowi6 *fl6) 174{ 175 struct dst_entry *dst; 176 struct net *net = sock_net(sk); 177 bool res = false; 178 179 /* Informational messages are not limited. */ 180 if (type & ICMPV6_INFOMSG_MASK) 181 return true; 182 183 /* Do not limit pmtu discovery, it would break it. */ 184 if (type == ICMPV6_PKT_TOOBIG) 185 return true; 186 187 /* 188 * Look up the output route. 189 * XXX: perhaps the expire for routing entries cloned by 190 * this lookup should be more aggressive (not longer than timeout). 191 */ 192 dst = ip6_route_output(net, sk, fl6); 193 if (dst->error) { 194 IP6_INC_STATS(net, ip6_dst_idev(dst), 195 IPSTATS_MIB_OUTNOROUTES); 196 } else if (dst->dev && (dst->dev->flags&IFF_LOOPBACK)) { 197 res = true; 198 } else { 199 struct rt6_info *rt = (struct rt6_info *)dst; 200 int tmo = net->ipv6.sysctl.icmpv6_time; 201 struct inet_peer *peer; 202 203 /* Give more bandwidth to wider prefixes. */ 204 if (rt->rt6i_dst.plen < 128) 205 tmo >>= ((128 - rt->rt6i_dst.plen)>>5); 206 207 peer = inet_getpeer_v6(net->ipv6.peers, &rt->rt6i_dst.addr, 1); 208 res = inet_peer_xrlim_allow(peer, tmo); 209 if (peer) 210 inet_putpeer(peer); 211 } 212 dst_release(dst); 213 return res; 214} 215 216/* 217 * an inline helper for the "simple" if statement below 218 * checks if parameter problem report is caused by an 219 * unrecognized IPv6 option that has the Option Type 220 * highest-order two bits set to 10 221 */ 222 223static bool opt_unrec(struct sk_buff *skb, __u32 offset) 224{ 225 u8 _optval, *op; 226 227 offset += skb_network_offset(skb); 228 op = skb_header_pointer(skb, offset, sizeof(_optval), &_optval); 229 if (op == NULL) 230 return true; 231 return (*op & 0xC0) == 0x80; 232} 233 234int icmpv6_push_pending_frames(struct sock *sk, struct flowi6 *fl6, 235 struct icmp6hdr *thdr, int len) 236{ 237 struct sk_buff *skb; 238 struct icmp6hdr *icmp6h; 239 int err = 0; 240 241 if ((skb = skb_peek(&sk->sk_write_queue)) == NULL) 242 goto out; 243 244 icmp6h = icmp6_hdr(skb); 245 memcpy(icmp6h, thdr, sizeof(struct icmp6hdr)); 246 icmp6h->icmp6_cksum = 0; 247 248 if (skb_queue_len(&sk->sk_write_queue) == 1) { 249 skb->csum = csum_partial(icmp6h, 250 sizeof(struct icmp6hdr), skb->csum); 251 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr, 252 &fl6->daddr, 253 len, fl6->flowi6_proto, 254 skb->csum); 255 } else { 256 __wsum tmp_csum = 0; 257 258 skb_queue_walk(&sk->sk_write_queue, skb) { 259 tmp_csum = csum_add(tmp_csum, skb->csum); 260 } 261 262 tmp_csum = csum_partial(icmp6h, 263 sizeof(struct icmp6hdr), tmp_csum); 264 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr, 265 &fl6->daddr, 266 len, fl6->flowi6_proto, 267 tmp_csum); 268 } 269 ip6_push_pending_frames(sk); 270out: 271 return err; 272} 273 274struct icmpv6_msg { 275 struct sk_buff *skb; 276 int offset; 277 uint8_t type; 278}; 279 280static int icmpv6_getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb) 281{ 282 struct icmpv6_msg *msg = (struct icmpv6_msg *) from; 283 struct sk_buff *org_skb = msg->skb; 284 __wsum csum = 0; 285 286 csum = skb_copy_and_csum_bits(org_skb, msg->offset + offset, 287 to, len, csum); 288 skb->csum = csum_block_add(skb->csum, csum, odd); 289 if (!(msg->type & ICMPV6_INFOMSG_MASK)) 290 nf_ct_attach(skb, org_skb); 291 return 0; 292} 293 294#if IS_ENABLED(CONFIG_IPV6_MIP6) 295static void mip6_addr_swap(struct sk_buff *skb) 296{ 297 struct ipv6hdr *iph = ipv6_hdr(skb); 298 struct inet6_skb_parm *opt = IP6CB(skb); 299 struct ipv6_destopt_hao *hao; 300 struct in6_addr tmp; 301 int off; 302 303 if (opt->dsthao) { 304 off = ipv6_find_tlv(skb, opt->dsthao, IPV6_TLV_HAO); 305 if (likely(off >= 0)) { 306 hao = (struct ipv6_destopt_hao *) 307 (skb_network_header(skb) + off); 308 tmp = iph->saddr; 309 iph->saddr = hao->addr; 310 hao->addr = tmp; 311 } 312 } 313} 314#else 315static inline void mip6_addr_swap(struct sk_buff *skb) {} 316#endif 317 318struct dst_entry *icmpv6_route_lookup(struct net *net, struct sk_buff *skb, 319 struct sock *sk, struct flowi6 *fl6) 320{ 321 struct dst_entry *dst, *dst2; 322 struct flowi6 fl2; 323 int err; 324 325 err = ip6_dst_lookup(sk, &dst, fl6); 326 if (err) 327 return ERR_PTR(err); 328 329 /* 330 * We won't send icmp if the destination is known 331 * anycast. 332 */ 333 if (((struct rt6_info *)dst)->rt6i_flags & RTF_ANYCAST) { 334 LIMIT_NETDEBUG(KERN_DEBUG "icmp6_send: acast source\n"); 335 dst_release(dst); 336 return ERR_PTR(-EINVAL); 337 } 338 339 /* No need to clone since we're just using its address. */ 340 dst2 = dst; 341 342 dst = xfrm_lookup(net, dst, flowi6_to_flowi(fl6), sk, 0); 343 if (!IS_ERR(dst)) { 344 if (dst != dst2) 345 return dst; 346 } else { 347 if (PTR_ERR(dst) == -EPERM) 348 dst = NULL; 349 else 350 return dst; 351 } 352 353 err = xfrm_decode_session_reverse(skb, flowi6_to_flowi(&fl2), AF_INET6); 354 if (err) 355 goto relookup_failed; 356 357 err = ip6_dst_lookup(sk, &dst2, &fl2); 358 if (err) 359 goto relookup_failed; 360 361 dst2 = xfrm_lookup(net, dst2, flowi6_to_flowi(&fl2), sk, XFRM_LOOKUP_ICMP); 362 if (!IS_ERR(dst2)) { 363 dst_release(dst); 364 dst = dst2; 365 } else { 366 err = PTR_ERR(dst2); 367 if (err == -EPERM) { 368 dst_release(dst); 369 return dst2; 370 } else 371 goto relookup_failed; 372 } 373 374relookup_failed: 375 if (dst) 376 return dst; 377 return ERR_PTR(err); 378} 379 380/* 381 * Send an ICMP message in response to a packet in error 382 */ 383static void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info) 384{ 385 struct net *net = dev_net(skb->dev); 386 struct inet6_dev *idev = NULL; 387 struct ipv6hdr *hdr = ipv6_hdr(skb); 388 struct sock *sk; 389 struct ipv6_pinfo *np; 390 const struct in6_addr *saddr = NULL; 391 struct dst_entry *dst; 392 struct icmp6hdr tmp_hdr; 393 struct flowi6 fl6; 394 struct icmpv6_msg msg; 395 int iif = 0; 396 int addr_type = 0; 397 int len; 398 int hlimit; 399 int err = 0; 400 u32 mark = IP6_REPLY_MARK(net, skb->mark); 401 402 if ((u8 *)hdr < skb->head || 403 (skb->network_header + sizeof(*hdr)) > skb->tail) 404 return; 405 406 /* 407 * Make sure we respect the rules 408 * i.e. RFC 1885 2.4(e) 409 * Rule (e.1) is enforced by not using icmp6_send 410 * in any code that processes icmp errors. 411 */ 412 addr_type = ipv6_addr_type(&hdr->daddr); 413 414 if (ipv6_chk_addr(net, &hdr->daddr, skb->dev, 0)) 415 saddr = &hdr->daddr; 416 417 /* 418 * Dest addr check 419 */ 420 421 if ((addr_type & IPV6_ADDR_MULTICAST || skb->pkt_type != PACKET_HOST)) { 422 if (type != ICMPV6_PKT_TOOBIG && 423 !(type == ICMPV6_PARAMPROB && 424 code == ICMPV6_UNK_OPTION && 425 (opt_unrec(skb, info)))) 426 return; 427 428 saddr = NULL; 429 } 430 431 addr_type = ipv6_addr_type(&hdr->saddr); 432 433 /* 434 * Source addr check 435 */ 436 437 if (__ipv6_addr_needs_scope_id(addr_type)) 438 iif = skb->dev->ifindex; 439 440 /* 441 * Must not send error if the source does not uniquely 442 * identify a single node (RFC2463 Section 2.4). 443 * We check unspecified / multicast addresses here, 444 * and anycast addresses will be checked later. 445 */ 446 if ((addr_type == IPV6_ADDR_ANY) || (addr_type & IPV6_ADDR_MULTICAST)) { 447 LIMIT_NETDEBUG(KERN_DEBUG "icmp6_send: addr_any/mcast source\n"); 448 return; 449 } 450 451 /* 452 * Never answer to a ICMP packet. 453 */ 454 if (is_ineligible(skb)) { 455 LIMIT_NETDEBUG(KERN_DEBUG "icmp6_send: no reply to icmp error\n"); 456 return; 457 } 458 459 mip6_addr_swap(skb); 460 461 memset(&fl6, 0, sizeof(fl6)); 462 fl6.flowi6_proto = IPPROTO_ICMPV6; 463 fl6.daddr = hdr->saddr; 464 if (saddr) 465 fl6.saddr = *saddr; 466 fl6.flowi6_mark = mark; 467 fl6.flowi6_oif = iif; 468 fl6.fl6_icmp_type = type; 469 fl6.fl6_icmp_code = code; 470 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6)); 471 472 sk = icmpv6_xmit_lock(net); 473 if (sk == NULL) 474 return; 475 sk->sk_mark = mark; 476 np = inet6_sk(sk); 477 478 if (!icmpv6_xrlim_allow(sk, type, &fl6)) 479 goto out; 480 481 tmp_hdr.icmp6_type = type; 482 tmp_hdr.icmp6_code = code; 483 tmp_hdr.icmp6_cksum = 0; 484 tmp_hdr.icmp6_pointer = htonl(info); 485 486 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr)) 487 fl6.flowi6_oif = np->mcast_oif; 488 else if (!fl6.flowi6_oif) 489 fl6.flowi6_oif = np->ucast_oif; 490 491 dst = icmpv6_route_lookup(net, skb, sk, &fl6); 492 if (IS_ERR(dst)) 493 goto out; 494 495 if (ipv6_addr_is_multicast(&fl6.daddr)) 496 hlimit = np->mcast_hops; 497 else 498 hlimit = np->hop_limit; 499 if (hlimit < 0) 500 hlimit = ip6_dst_hoplimit(dst); 501 502 msg.skb = skb; 503 msg.offset = skb_network_offset(skb); 504 msg.type = type; 505 506 len = skb->len - msg.offset; 507 len = min_t(unsigned int, len, IPV6_MIN_MTU - sizeof(struct ipv6hdr) -sizeof(struct icmp6hdr)); 508 if (len < 0) { 509 LIMIT_NETDEBUG(KERN_DEBUG "icmp: len problem\n"); 510 goto out_dst_release; 511 } 512 513 rcu_read_lock(); 514 idev = __in6_dev_get(skb->dev); 515 516 err = ip6_append_data(sk, icmpv6_getfrag, &msg, 517 len + sizeof(struct icmp6hdr), 518 sizeof(struct icmp6hdr), hlimit, 519 np->tclass, NULL, &fl6, (struct rt6_info *)dst, 520 MSG_DONTWAIT, np->dontfrag); 521 if (err) { 522 ICMP6_INC_STATS_BH(net, idev, ICMP6_MIB_OUTERRORS); 523 ip6_flush_pending_frames(sk); 524 } else { 525 err = icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr, 526 len + sizeof(struct icmp6hdr)); 527 } 528 rcu_read_unlock(); 529out_dst_release: 530 dst_release(dst); 531out: 532 icmpv6_xmit_unlock(sk); 533} 534 535/* Slightly more convenient version of icmp6_send. 536 */ 537void icmpv6_param_prob(struct sk_buff *skb, u8 code, int pos) 538{ 539 icmp6_send(skb, ICMPV6_PARAMPROB, code, pos); 540 kfree_skb(skb); 541} 542 543static void icmpv6_echo_reply(struct sk_buff *skb) 544{ 545 struct net *net = dev_net(skb->dev); 546 struct sock *sk; 547 struct inet6_dev *idev; 548 struct ipv6_pinfo *np; 549 const struct in6_addr *saddr = NULL; 550 struct icmp6hdr *icmph = icmp6_hdr(skb); 551 struct icmp6hdr tmp_hdr; 552 struct flowi6 fl6; 553 struct icmpv6_msg msg; 554 struct dst_entry *dst; 555 int err = 0; 556 int hlimit; 557 u32 mark = IP6_REPLY_MARK(net, skb->mark); 558 559 saddr = &ipv6_hdr(skb)->daddr; 560 561 if (!ipv6_unicast_destination(skb)) 562 saddr = NULL; 563 564 memcpy(&tmp_hdr, icmph, sizeof(tmp_hdr)); 565 tmp_hdr.icmp6_type = ICMPV6_ECHO_REPLY; 566 567 memset(&fl6, 0, sizeof(fl6)); 568 fl6.flowi6_proto = IPPROTO_ICMPV6; 569 fl6.daddr = ipv6_hdr(skb)->saddr; 570 if (saddr) 571 fl6.saddr = *saddr; 572 fl6.flowi6_oif = skb->dev->ifindex; 573 fl6.fl6_icmp_type = ICMPV6_ECHO_REPLY; 574 fl6.flowi6_mark = mark; 575 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6)); 576 577 sk = icmpv6_xmit_lock(net); 578 if (sk == NULL) 579 return; 580 sk->sk_mark = mark; 581 np = inet6_sk(sk); 582 583 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr)) 584 fl6.flowi6_oif = np->mcast_oif; 585 else if (!fl6.flowi6_oif) 586 fl6.flowi6_oif = np->ucast_oif; 587 588 err = ip6_dst_lookup(sk, &dst, &fl6); 589 if (err) 590 goto out; 591 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), sk, 0); 592 if (IS_ERR(dst)) 593 goto out; 594 595 if (ipv6_addr_is_multicast(&fl6.daddr)) 596 hlimit = np->mcast_hops; 597 else 598 hlimit = np->hop_limit; 599 if (hlimit < 0) 600 hlimit = ip6_dst_hoplimit(dst); 601 602 idev = __in6_dev_get(skb->dev); 603 604 msg.skb = skb; 605 msg.offset = 0; 606 msg.type = ICMPV6_ECHO_REPLY; 607 608 err = ip6_append_data(sk, icmpv6_getfrag, &msg, skb->len + sizeof(struct icmp6hdr), 609 sizeof(struct icmp6hdr), hlimit, np->tclass, NULL, &fl6, 610 (struct rt6_info *)dst, MSG_DONTWAIT, 611 np->dontfrag); 612 613 if (err) { 614 ICMP6_INC_STATS_BH(net, idev, ICMP6_MIB_OUTERRORS); 615 ip6_flush_pending_frames(sk); 616 } else { 617 err = icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr, 618 skb->len + sizeof(struct icmp6hdr)); 619 } 620 dst_release(dst); 621out: 622 icmpv6_xmit_unlock(sk); 623} 624 625void icmpv6_notify(struct sk_buff *skb, u8 type, u8 code, __be32 info) 626{ 627 const struct inet6_protocol *ipprot; 628 int inner_offset; 629 __be16 frag_off; 630 u8 nexthdr; 631 632 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) 633 return; 634 635 nexthdr = ((struct ipv6hdr *)skb->data)->nexthdr; 636 if (ipv6_ext_hdr(nexthdr)) { 637 /* now skip over extension headers */ 638 inner_offset = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), 639 &nexthdr, &frag_off); 640 if (inner_offset<0) 641 return; 642 } else { 643 inner_offset = sizeof(struct ipv6hdr); 644 } 645 646 /* Checkin header including 8 bytes of inner protocol header. */ 647 if (!pskb_may_pull(skb, inner_offset+8)) 648 return; 649 650 /* BUGGG_FUTURE: we should try to parse exthdrs in this packet. 651 Without this we will not able f.e. to make source routed 652 pmtu discovery. 653 Corresponding argument (opt) to notifiers is already added. 654 --ANK (980726) 655 */ 656 657 rcu_read_lock(); 658 ipprot = rcu_dereference(inet6_protos[nexthdr]); 659 if (ipprot && ipprot->err_handler) 660 ipprot->err_handler(skb, NULL, type, code, inner_offset, info); 661 rcu_read_unlock(); 662 663 raw6_icmp_error(skb, nexthdr, type, code, inner_offset, info); 664} 665 666/* 667 * Handle icmp messages 668 */ 669 670static int icmpv6_rcv(struct sk_buff *skb) 671{ 672 struct net_device *dev = skb->dev; 673 struct inet6_dev *idev = __in6_dev_get(dev); 674 const struct in6_addr *saddr, *daddr; 675 struct icmp6hdr *hdr; 676 u8 type; 677 678 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) { 679 struct sec_path *sp = skb_sec_path(skb); 680 int nh; 681 682 if (!(sp && sp->xvec[sp->len - 1]->props.flags & 683 XFRM_STATE_ICMP)) 684 goto drop_no_count; 685 686 if (!pskb_may_pull(skb, sizeof(*hdr) + sizeof(struct ipv6hdr))) 687 goto drop_no_count; 688 689 nh = skb_network_offset(skb); 690 skb_set_network_header(skb, sizeof(*hdr)); 691 692 if (!xfrm6_policy_check_reverse(NULL, XFRM_POLICY_IN, skb)) 693 goto drop_no_count; 694 695 skb_set_network_header(skb, nh); 696 } 697 698 ICMP6_INC_STATS_BH(dev_net(dev), idev, ICMP6_MIB_INMSGS); 699 700 saddr = &ipv6_hdr(skb)->saddr; 701 daddr = &ipv6_hdr(skb)->daddr; 702 703 /* Perform checksum. */ 704 switch (skb->ip_summed) { 705 case CHECKSUM_COMPLETE: 706 if (!csum_ipv6_magic(saddr, daddr, skb->len, IPPROTO_ICMPV6, 707 skb->csum)) 708 break; 709 /* fall through */ 710 case CHECKSUM_NONE: 711 skb->csum = ~csum_unfold(csum_ipv6_magic(saddr, daddr, skb->len, 712 IPPROTO_ICMPV6, 0)); 713 if (__skb_checksum_complete(skb)) { 714 LIMIT_NETDEBUG(KERN_DEBUG 715 "ICMPv6 checksum failed [%pI6c > %pI6c]\n", 716 saddr, daddr); 717 goto csum_error; 718 } 719 } 720 721 if (!pskb_pull(skb, sizeof(*hdr))) 722 goto discard_it; 723 724 hdr = icmp6_hdr(skb); 725 726 type = hdr->icmp6_type; 727 728 ICMP6MSGIN_INC_STATS_BH(dev_net(dev), idev, type); 729 730 switch (type) { 731 case ICMPV6_ECHO_REQUEST: 732 icmpv6_echo_reply(skb); 733 break; 734 735 case ICMPV6_ECHO_REPLY: 736 ping_rcv(skb); 737 break; 738 739 case ICMPV6_PKT_TOOBIG: 740 /* BUGGG_FUTURE: if packet contains rthdr, we cannot update 741 standard destination cache. Seems, only "advanced" 742 destination cache will allow to solve this problem 743 --ANK (980726) 744 */ 745 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) 746 goto discard_it; 747 hdr = icmp6_hdr(skb); 748 749 /* 750 * Drop through to notify 751 */ 752 753 case ICMPV6_DEST_UNREACH: 754 case ICMPV6_TIME_EXCEED: 755 case ICMPV6_PARAMPROB: 756 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu); 757 break; 758 759 case NDISC_ROUTER_SOLICITATION: 760 case NDISC_ROUTER_ADVERTISEMENT: 761 case NDISC_NEIGHBOUR_SOLICITATION: 762 case NDISC_NEIGHBOUR_ADVERTISEMENT: 763 case NDISC_REDIRECT: 764 ndisc_rcv(skb); 765 break; 766 767 case ICMPV6_MGM_QUERY: 768 igmp6_event_query(skb); 769 break; 770 771 case ICMPV6_MGM_REPORT: 772 igmp6_event_report(skb); 773 break; 774 775 case ICMPV6_MGM_REDUCTION: 776 case ICMPV6_NI_QUERY: 777 case ICMPV6_NI_REPLY: 778 case ICMPV6_MLD2_REPORT: 779 case ICMPV6_DHAAD_REQUEST: 780 case ICMPV6_DHAAD_REPLY: 781 case ICMPV6_MOBILE_PREFIX_SOL: 782 case ICMPV6_MOBILE_PREFIX_ADV: 783 break; 784 785 default: 786 LIMIT_NETDEBUG(KERN_DEBUG "icmpv6: msg of unknown type\n"); 787 788 /* informational */ 789 if (type & ICMPV6_INFOMSG_MASK) 790 break; 791 792 /* 793 * error of unknown type. 794 * must pass to upper level 795 */ 796 797 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu); 798 } 799 800 kfree_skb(skb); 801 return 0; 802 803csum_error: 804 ICMP6_INC_STATS_BH(dev_net(dev), idev, ICMP6_MIB_CSUMERRORS); 805discard_it: 806 ICMP6_INC_STATS_BH(dev_net(dev), idev, ICMP6_MIB_INERRORS); 807drop_no_count: 808 kfree_skb(skb); 809 return 0; 810} 811 812void icmpv6_flow_init(struct sock *sk, struct flowi6 *fl6, 813 u8 type, 814 const struct in6_addr *saddr, 815 const struct in6_addr *daddr, 816 int oif) 817{ 818 memset(fl6, 0, sizeof(*fl6)); 819 fl6->saddr = *saddr; 820 fl6->daddr = *daddr; 821 fl6->flowi6_proto = IPPROTO_ICMPV6; 822 fl6->fl6_icmp_type = type; 823 fl6->fl6_icmp_code = 0; 824 fl6->flowi6_oif = oif; 825 security_sk_classify_flow(sk, flowi6_to_flowi(fl6)); 826} 827 828/* 829 * Special lock-class for __icmpv6_sk: 830 */ 831static struct lock_class_key icmpv6_socket_sk_dst_lock_key; 832 833static int __net_init icmpv6_sk_init(struct net *net) 834{ 835 struct sock *sk; 836 int err, i, j; 837 838 net->ipv6.icmp_sk = 839 kzalloc(nr_cpu_ids * sizeof(struct sock *), GFP_KERNEL); 840 if (net->ipv6.icmp_sk == NULL) 841 return -ENOMEM; 842 843 for_each_possible_cpu(i) { 844 err = inet_ctl_sock_create(&sk, PF_INET6, 845 SOCK_RAW, IPPROTO_ICMPV6, net); 846 if (err < 0) { 847 pr_err("Failed to initialize the ICMP6 control socket (err %d)\n", 848 err); 849 goto fail; 850 } 851 852 net->ipv6.icmp_sk[i] = sk; 853 854 /* 855 * Split off their lock-class, because sk->sk_dst_lock 856 * gets used from softirqs, which is safe for 857 * __icmpv6_sk (because those never get directly used 858 * via userspace syscalls), but unsafe for normal sockets. 859 */ 860 lockdep_set_class(&sk->sk_dst_lock, 861 &icmpv6_socket_sk_dst_lock_key); 862 863 /* Enough space for 2 64K ICMP packets, including 864 * sk_buff struct overhead. 865 */ 866 sk->sk_sndbuf = 2 * SKB_TRUESIZE(64 * 1024); 867 } 868 return 0; 869 870 fail: 871 for (j = 0; j < i; j++) 872 inet_ctl_sock_destroy(net->ipv6.icmp_sk[j]); 873 kfree(net->ipv6.icmp_sk); 874 return err; 875} 876 877static void __net_exit icmpv6_sk_exit(struct net *net) 878{ 879 int i; 880 881 for_each_possible_cpu(i) { 882 inet_ctl_sock_destroy(net->ipv6.icmp_sk[i]); 883 } 884 kfree(net->ipv6.icmp_sk); 885} 886 887static struct pernet_operations icmpv6_sk_ops = { 888 .init = icmpv6_sk_init, 889 .exit = icmpv6_sk_exit, 890}; 891 892int __init icmpv6_init(void) 893{ 894 int err; 895 896 err = register_pernet_subsys(&icmpv6_sk_ops); 897 if (err < 0) 898 return err; 899 900 err = -EAGAIN; 901 if (inet6_add_protocol(&icmpv6_protocol, IPPROTO_ICMPV6) < 0) 902 goto fail; 903 904 err = inet6_register_icmp_sender(icmp6_send); 905 if (err) 906 goto sender_reg_err; 907 return 0; 908 909sender_reg_err: 910 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6); 911fail: 912 pr_err("Failed to register ICMP6 protocol\n"); 913 unregister_pernet_subsys(&icmpv6_sk_ops); 914 return err; 915} 916 917void icmpv6_cleanup(void) 918{ 919 inet6_unregister_icmp_sender(icmp6_send); 920 unregister_pernet_subsys(&icmpv6_sk_ops); 921 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6); 922} 923 924 925static const struct icmp6_err { 926 int err; 927 int fatal; 928} tab_unreach[] = { 929 { /* NOROUTE */ 930 .err = ENETUNREACH, 931 .fatal = 0, 932 }, 933 { /* ADM_PROHIBITED */ 934 .err = EACCES, 935 .fatal = 1, 936 }, 937 { /* Was NOT_NEIGHBOUR, now reserved */ 938 .err = EHOSTUNREACH, 939 .fatal = 0, 940 }, 941 { /* ADDR_UNREACH */ 942 .err = EHOSTUNREACH, 943 .fatal = 0, 944 }, 945 { /* PORT_UNREACH */ 946 .err = ECONNREFUSED, 947 .fatal = 1, 948 }, 949}; 950 951int icmpv6_err_convert(u8 type, u8 code, int *err) 952{ 953 int fatal = 0; 954 955 *err = EPROTO; 956 957 switch (type) { 958 case ICMPV6_DEST_UNREACH: 959 fatal = 1; 960 if (code <= ICMPV6_PORT_UNREACH) { 961 *err = tab_unreach[code].err; 962 fatal = tab_unreach[code].fatal; 963 } 964 break; 965 966 case ICMPV6_PKT_TOOBIG: 967 *err = EMSGSIZE; 968 break; 969 970 case ICMPV6_PARAMPROB: 971 *err = EPROTO; 972 fatal = 1; 973 break; 974 975 case ICMPV6_TIME_EXCEED: 976 *err = EHOSTUNREACH; 977 break; 978 } 979 980 return fatal; 981} 982EXPORT_SYMBOL(icmpv6_err_convert); 983 984#ifdef CONFIG_SYSCTL 985ctl_table ipv6_icmp_table_template[] = { 986 { 987 .procname = "ratelimit", 988 .data = &init_net.ipv6.sysctl.icmpv6_time, 989 .maxlen = sizeof(int), 990 .mode = 0644, 991 .proc_handler = proc_dointvec_ms_jiffies, 992 }, 993 { }, 994}; 995 996struct ctl_table * __net_init ipv6_icmp_sysctl_init(struct net *net) 997{ 998 struct ctl_table *table; 999 1000 table = kmemdup(ipv6_icmp_table_template, 1001 sizeof(ipv6_icmp_table_template), 1002 GFP_KERNEL); 1003 1004 if (table) 1005 table[0].data = &net->ipv6.sysctl.icmpv6_time; 1006 1007 return table; 1008} 1009#endif 1010 1011