Lines Matching +full:layers +full:- +full:configurable
1 // SPDX-License-Identifier: GPL-2.0-or-later
46 * the rates sysctl configurable.
48 * - IP option length was accounted wrongly
49 * - ICMP header length was not accounted
56 * - Should use skb_pull() instead of all the manual checking.
57 * This would also greatly simply some upper layer error handlers. --AK
208 if (unlikely(!spin_trylock(&sk->sk_lock.slock))) { in icmp_xmit_lock()
221 spin_unlock(&sk->sk_lock.slock); in icmp_xmit_unlock()
233 * icmp_global_allow - Are we allowed to send one more ICMP message ?
253 delta = min_t(u32, now - oldstamp, HZ); in icmp_global_allow()
291 if (!((1 << type) & READ_ONCE(net->ipv4.sysctl_icmp_ratemask))) in icmpv4_mask_allow()
319 struct dst_entry *dst = &rt->dst; in icmpv4_xrlim_allow()
327 if (dst->dev && (dst->dev->flags&IFF_LOOPBACK)) in icmpv4_xrlim_allow()
331 peer = inet_getpeer_v4(net->ipv4.peers, fl4->daddr, in icmpv4_xrlim_allow()
332 l3mdev_master_ifindex_rcu(dst->dev)); in icmpv4_xrlim_allow()
334 READ_ONCE(net->ipv4.sysctl_icmp_ratelimit)); in icmpv4_xrlim_allow()
363 csum = skb_copy_and_csum_bits(icmp_param->skb, in icmp_glue_bits()
364 icmp_param->offset + offset, in icmp_glue_bits()
367 skb->csum = csum_block_add(skb->csum, csum, odd); in icmp_glue_bits()
368 if (icmp_pointers[icmp_param->data.icmph.type].error) in icmp_glue_bits()
369 nf_ct_attach(skb, icmp_param->skb); in icmp_glue_bits()
381 icmp_param->data_len+icmp_param->head_len, in icmp_push_reply()
382 icmp_param->head_len, in icmp_push_reply()
386 } else if ((skb = skb_peek(&sk->sk_write_queue)) != NULL) { in icmp_push_reply()
391 csum = csum_partial_copy_nocheck((void *)&icmp_param->data, in icmp_push_reply()
393 icmp_param->head_len); in icmp_push_reply()
394 skb_queue_walk(&sk->sk_write_queue, skb1) { in icmp_push_reply()
395 csum = csum_add(csum, skb1->csum); in icmp_push_reply()
397 icmph->checksum = csum_fold(csum); in icmp_push_reply()
398 skb->ip_summed = CHECKSUM_NONE; in icmp_push_reply()
410 struct net *net = dev_net_rcu(rt->dst.dev); in icmp_reply()
417 u32 mark = IP4_REPLY_MARK(net, skb->mark); in icmp_reply()
418 int type = icmp_param->data.icmph.type; in icmp_reply()
419 int code = icmp_param->data.icmph.code; in icmp_reply()
421 if (ip_options_echo(net, &icmp_param->replyopts.opt.opt, skb)) in icmp_reply()
436 icmp_param->data.icmph.checksum = 0; in icmp_reply()
439 inet->tos = ip_hdr(skb)->tos; in icmp_reply()
441 daddr = ipc.addr = ip_hdr(skb)->saddr; in icmp_reply()
444 if (icmp_param->replyopts.opt.opt.optlen) { in icmp_reply()
445 ipc.opt = &icmp_param->replyopts.opt; in icmp_reply()
446 if (ipc.opt->opt.srr) in icmp_reply()
447 daddr = icmp_param->replyopts.opt.opt.faddr; in icmp_reply()
454 fl4.flowi4_tos = RT_TOS(ip_hdr(skb)->tos); in icmp_reply()
456 fl4.flowi4_oif = l3mdev_master_ifindex(skb->dev); in icmp_reply()
480 if (skb->dev) in icmp_get_route_lookup_dev()
481 route_lookup_dev = skb->dev; in icmp_get_route_lookup_dev()
483 route_lookup_dev = skb_dst(skb)->dev; in icmp_get_route_lookup_dev()
499 fl4->daddr = (param->replyopts.opt.opt.srr ? in icmp_route_lookup()
500 param->replyopts.opt.opt.faddr : iph->saddr); in icmp_route_lookup()
501 fl4->saddr = saddr; in icmp_route_lookup()
502 fl4->flowi4_mark = mark; in icmp_route_lookup()
503 fl4->flowi4_uid = sock_net_uid(net, NULL); in icmp_route_lookup()
504 fl4->flowi4_tos = inet_dscp_to_dsfield(dscp); in icmp_route_lookup()
505 fl4->flowi4_proto = IPPROTO_ICMP; in icmp_route_lookup()
506 fl4->fl4_icmp_type = type; in icmp_route_lookup()
507 fl4->fl4_icmp_code = code; in icmp_route_lookup()
509 fl4->flowi4_oif = l3mdev_master_ifindex(route_lookup_dev); in icmp_route_lookup()
519 rt = (struct rtable *) xfrm_lookup(net, &rt->dst, in icmp_route_lookup()
524 } else if (PTR_ERR(rt) == -EPERM) { in icmp_route_lookup()
549 orefdst = skb_in->_skb_refdst; /* save old refdst */ in icmp_route_lookup()
552 dscp, rt2->dst.dev); in icmp_route_lookup()
554 dst_release(&rt2->dst); in icmp_route_lookup()
556 skb_in->_skb_refdst = orefdst; /* restore old refdst */ in icmp_route_lookup()
562 rt2 = (struct rtable *) xfrm_lookup(net, &rt2->dst, in icmp_route_lookup()
566 dst_release(&rt->dst); in icmp_route_lookup()
569 } else if (PTR_ERR(rt2) == -EPERM) { in icmp_route_lookup()
571 dst_release(&rt->dst); in icmp_route_lookup()
617 if (rt->dst.dev) in __icmp_send()
618 net = dev_net_rcu(rt->dst.dev); in __icmp_send()
619 else if (skb_in->dev) in __icmp_send()
620 net = dev_net_rcu(skb_in->dev); in __icmp_send()
631 if ((u8 *)iph < skb_in->head || in __icmp_send()
639 if (skb_in->pkt_type != PACKET_HOST) in __icmp_send()
645 if (rt->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST)) in __icmp_send()
649 * Only reply to fragment 0. We byte re-order the constant in __icmp_send()
652 if (iph->frag_off & htons(IP_OFFSET)) in __icmp_send()
663 if (iph->protocol == IPPROTO_ICMP) { in __icmp_send()
668 (iph->ihl << 2) + in __icmp_send()
670 type) - in __icmp_send()
671 skb_in->data, in __icmp_send()
694 if (!(skb_in->dev && (skb_in->dev->flags&IFF_LOOPBACK)) && in __icmp_send()
706 saddr = iph->daddr; in __icmp_send()
707 if (!(rt->rt_flags & RTCF_LOCAL)) { in __icmp_send()
712 READ_ONCE(net->ipv4.sysctl_icmp_errors_use_inbound_ifaddr)) in __icmp_send()
716 saddr = inet_select_addr(dev, iph->saddr, in __icmp_send()
723 tos = icmp_pointers[type].error ? (RT_TOS(iph->tos) | in __icmp_send()
725 iph->tos; in __icmp_send()
726 mark = IP4_REPLY_MARK(net, skb_in->mark); in __icmp_send()
742 inet_sk(sk)->tos = tos; in __icmp_send()
744 ipc.addr = iph->saddr; in __icmp_send()
760 room = dst_mtu(&rt->dst); in __icmp_send()
763 room -= sizeof(struct iphdr) + icmp_param.replyopts.opt.opt.optlen; in __icmp_send()
764 room -= sizeof(struct icmphdr); in __icmp_send()
771 icmp_param.data_len = skb_in->len - icmp_param.offset; in __icmp_send()
808 if (!ct || !(ct->status & IPS_SRC_NAT)) { in icmp_ndo_send()
816 if (unlikely(!skb_in || skb_network_header(skb_in) < skb_in->head || in icmp_ndo_send()
822 orig_ip = ip_hdr(skb_in)->saddr; in icmp_ndo_send()
823 ip_hdr(skb_in)->saddr = ct->tuplehash[0].tuple.src.u3.ip; in icmp_ndo_send()
825 ip_hdr(skb_in)->saddr = orig_ip; in icmp_ndo_send()
834 const struct iphdr *iph = (const struct iphdr *)skb->data; in icmp_socket_deliver()
836 int protocol = iph->protocol; in icmp_socket_deliver()
841 if (!pskb_may_pull(skb, iph->ihl * 4 + 8)) { in icmp_socket_deliver()
842 __ICMP_INC_STATS(dev_net_rcu(skb->dev), ICMP_MIB_INERRORS); in icmp_socket_deliver()
849 if (ipprot && ipprot->err_handler) in icmp_socket_deliver()
850 ipprot->err_handler(skb, info); in icmp_socket_deliver()
858 ok = rcu_dereference(inet_protos[proto])->icmp_strict_tag_validation; in icmp_tag_validation()
876 net = dev_net_rcu(skb_dst(skb)->dev); in icmp_unreach()
888 iph = (const struct iphdr *)skb->data; in icmp_unreach()
890 if (iph->ihl < 5) { /* Mangled header, drop. */ in icmp_unreach()
895 switch (icmph->type) { in icmp_unreach()
897 switch (icmph->code & 15) { in icmp_unreach()
906 * Documentation/networking/ip-sysctl.rst in icmp_unreach()
908 switch (READ_ONCE(net->ipv4.sysctl_ip_no_pmtu_disc)) { in icmp_unreach()
911 &iph->daddr); in icmp_unreach()
916 if (!icmp_tag_validation(iph->protocol)) in icmp_unreach()
920 info = ntohs(icmph->un.frag.mtu); in icmp_unreach()
925 &iph->daddr); in icmp_unreach()
930 if (icmph->code > NR_ICMP_UNREACH) in icmp_unreach()
934 info = ntohl(icmph->un.gateway) >> 24; in icmp_unreach()
938 if (icmph->code == ICMP_EXC_FRAGTIME) in icmp_unreach()
944 * Throw it at our lower layers in icmp_unreach()
961 if (!READ_ONCE(net->ipv4.sysctl_icmp_ignore_bogus_error_responses) && in icmp_unreach()
962 inet_addr_type_dev_table(net, skb->dev, iph->daddr) == RTN_BROADCAST) { in icmp_unreach()
964 &ip_hdr(skb)->saddr, in icmp_unreach()
965 icmph->type, icmph->code, in icmp_unreach()
966 &iph->daddr, skb->dev->name); in icmp_unreach()
986 if (skb->len < sizeof(struct iphdr)) { in icmp_redirect()
987 __ICMP_INC_STATS(dev_net_rcu(skb->dev), ICMP_MIB_INERRORS); in icmp_redirect()
996 icmp_socket_deliver(skb, ntohl(icmp_hdr(skb)->un.gateway)); in icmp_redirect()
1019 net = dev_net_rcu(skb_dst(skb)->dev); in icmp_echo()
1021 if (READ_ONCE(net->ipv4.sysctl_icmp_echo_ignore_all)) in icmp_echo()
1027 icmp_param.data_len = skb->len; in icmp_echo()
1048 struct net *net = dev_net_rcu(skb->dev); in icmp_build_probe()
1058 if (!READ_ONCE(net->ipv4.sysctl_icmp_echo_enable_probe)) in icmp_build_probe()
1062 * Check to ensure L-bit is set in icmp_build_probe()
1064 if (!(ntohs(icmphdr->un.echo.sequence) & 1)) in icmp_build_probe()
1067 icmphdr->un.echo.sequence &= htons(0xFF00); in icmp_build_probe()
1068 if (icmphdr->type == ICMP_EXT_ECHO) in icmp_build_probe()
1069 icmphdr->type = ICMP_EXT_ECHOREPLY; in icmp_build_probe()
1071 icmphdr->type = ICMPV6_EXT_ECHO_REPLY; in icmp_build_probe()
1076 iio = skb_header_pointer(skb, sizeof(_ext_hdr), sizeof(iio->extobj_hdr), &_iio); in icmp_build_probe()
1079 if (ntohs(iio->extobj_hdr.length) <= sizeof(iio->extobj_hdr) || in icmp_build_probe()
1080 ntohs(iio->extobj_hdr.length) > sizeof(_iio)) in icmp_build_probe()
1082 ident_len = ntohs(iio->extobj_hdr.length) - sizeof(iio->extobj_hdr); in icmp_build_probe()
1084 sizeof(iio->extobj_hdr) + ident_len, &_iio); in icmp_build_probe()
1090 switch (iio->extobj_hdr.class_type) { in icmp_build_probe()
1095 memcpy(buff, &iio->ident.name, ident_len); in icmp_build_probe()
1099 if (ident_len != sizeof(iio->ident.ifindex)) in icmp_build_probe()
1101 dev = dev_get_by_index(net, ntohl(iio->ident.ifindex)); in icmp_build_probe()
1104 if (ident_len < sizeof(iio->ident.addr.ctype3_hdr) || in icmp_build_probe()
1105 ident_len != sizeof(iio->ident.addr.ctype3_hdr) + in icmp_build_probe()
1106 iio->ident.addr.ctype3_hdr.addrlen) in icmp_build_probe()
1108 switch (ntohs(iio->ident.addr.ctype3_hdr.afi)) { in icmp_build_probe()
1110 if (iio->ident.addr.ctype3_hdr.addrlen != sizeof(struct in_addr)) in icmp_build_probe()
1112 dev = ip_dev_find(net, iio->ident.addr.ip_addr.ipv4_addr); in icmp_build_probe()
1116 if (iio->ident.addr.ctype3_hdr.addrlen != sizeof(struct in6_addr)) in icmp_build_probe()
1118 dev = ipv6_stub->ipv6_dev_find(net, &iio->ident.addr.ip_addr.ipv6_addr, dev); in icmp_build_probe()
1130 icmphdr->code = ICMP_EXT_CODE_NO_IF; in icmp_build_probe()
1134 if (dev->flags & IFF_UP) in icmp_build_probe()
1138 if (in_dev && rcu_access_pointer(in_dev->ifa_list)) in icmp_build_probe()
1142 if (in6_dev && !list_empty(&in6_dev->addr_list)) in icmp_build_probe()
1146 icmphdr->un.echo.sequence |= htons(status); in icmp_build_probe()
1149 icmphdr->code = ICMP_EXT_CODE_MAL_QUERY; in icmp_build_probe()
1167 if (skb->len < 4) in icmp_timestamp()
1189 __ICMP_INC_STATS(dev_net_rcu(skb_dst(skb)->dev), ICMP_MIB_INERRORS); in icmp_timestamp()
1206 struct net *net = dev_net_rcu(rt->dst.dev); in icmp_rcv()
1213 if (!(sp && sp->xvec[sp->len - 1]->props.flags & in icmp_rcv()
1244 ICMPMSGIN_INC_STATS(net, icmph->type); in icmp_rcv()
1247 if (icmph->type == ICMP_EXT_ECHO) { in icmp_rcv()
1255 if (icmph->type == ICMP_EXT_ECHOREPLY) { in icmp_rcv()
1266 if (icmph->type > NR_ICMP_TYPES) { in icmp_rcv()
1275 if (rt->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST)) { in icmp_rcv()
1282 if ((icmph->type == ICMP_ECHO || in icmp_rcv()
1283 icmph->type == ICMP_TIMESTAMP) && in icmp_rcv()
1284 READ_ONCE(net->ipv4.sysctl_icmp_echo_ignore_broadcasts)) { in icmp_rcv()
1288 if (icmph->type != ICMP_ECHO && in icmp_rcv()
1289 icmph->type != ICMP_TIMESTAMP && in icmp_rcv()
1290 icmph->type != ICMP_ADDRESS && in icmp_rcv()
1291 icmph->type != ICMP_ADDRESSREPLY) { in icmp_rcv()
1297 reason = icmp_pointers[icmph->type].handler(skb); in icmp_rcv()
1324 if (exth->version != 2) in ip_icmp_error_rfc4884_validate()
1327 if (exth->checksum && in ip_icmp_error_rfc4884_validate()
1328 csum_fold(skb_checksum(skb, off, skb->len - off, 0))) in ip_icmp_error_rfc4884_validate()
1332 while (off < skb->len) { in ip_icmp_error_rfc4884_validate()
1337 olen = ntohs(objh->length); in ip_icmp_error_rfc4884_validate()
1342 if (off > skb->len) in ip_icmp_error_rfc4884_validate()
1355 /* original datagram headers: end of icmph to payload (skb->data) */ in ip_icmp_error_rfc4884()
1356 hlen = -skb_transport_offset(skb) - thlen; in ip_icmp_error_rfc4884()
1363 off -= hlen; in ip_icmp_error_rfc4884()
1364 if (off + sizeof(struct icmp_ext_hdr) > skb->len) in ip_icmp_error_rfc4884()
1367 out->len = off; in ip_icmp_error_rfc4884()
1370 out->flags |= SO_EE_RFC4884_FLAG_INVALID; in ip_icmp_error_rfc4884()
1376 struct iphdr *iph = (struct iphdr *)skb->data; in icmp_err()
1377 int offset = iph->ihl<<2; in icmp_err()
1378 struct icmphdr *icmph = (struct icmphdr *)(skb->data + offset); in icmp_err()
1379 struct net *net = dev_net_rcu(skb->dev); in icmp_err()
1380 int type = icmp_hdr(skb)->type; in icmp_err()
1381 int code = icmp_hdr(skb)->code; in icmp_err()
1387 if (icmph->type != ICMP_ECHOREPLY) { in icmp_err()
1477 net->ipv4.sysctl_icmp_echo_ignore_all = 0; in icmp_sk_init()
1478 net->ipv4.sysctl_icmp_echo_enable_probe = 0; in icmp_sk_init()
1479 net->ipv4.sysctl_icmp_echo_ignore_broadcasts = 1; in icmp_sk_init()
1481 /* Control parameter - ignore bogus broadcast responses? */ in icmp_sk_init()
1482 net->ipv4.sysctl_icmp_ignore_bogus_error_responses = 1; in icmp_sk_init()
1485 * Configurable global rate limit. in icmp_sk_init()
1487 * ratelimit defines tokens/packet consumed for dst->rate_token in icmp_sk_init()
1496 net->ipv4.sysctl_icmp_ratelimit = 1 * HZ; in icmp_sk_init()
1497 net->ipv4.sysctl_icmp_ratemask = 0x1818; in icmp_sk_init()
1498 net->ipv4.sysctl_icmp_errors_use_inbound_ifaddr = 0; in icmp_sk_init()
1524 sk->sk_sndbuf = 2 * SKB_TRUESIZE(64 * 1024); in icmp_init()
1530 inet_sk(sk)->pmtudisc = IP_PMTUDISC_DONT; in icmp_init()