1 /* 2 * Internet Control Message Protocol (ICMPv6) 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * 8 * Based on net/ipv4/icmp.c 9 * 10 * RFC 1885 11 * 12 * This program is free software; you can redistribute it and/or 13 * modify it under the terms of the GNU General Public License 14 * as published by the Free Software Foundation; either version 15 * 2 of the License, or (at your option) any later version. 16 */ 17 18 /* 19 * Changes: 20 * 21 * Andi Kleen : exception handling 22 * Andi Kleen add rate limits. never reply to a icmp. 23 * add more length checks and other fixes. 24 * yoshfuji : ensure to sent parameter problem for 25 * fragments. 26 * YOSHIFUJI Hideaki @USAGI: added sysctl for icmp rate limit. 27 * Randy Dunlap and 28 * YOSHIFUJI Hideaki @USAGI: Per-interface statistics support 29 * Kazunori MIYAZAWA @USAGI: change output process to use ip6_append_data 30 */ 31 32 #include <linux/module.h> 33 #include <linux/errno.h> 34 #include <linux/types.h> 35 #include <linux/socket.h> 36 #include <linux/in.h> 37 #include <linux/kernel.h> 38 #include <linux/sockios.h> 39 #include <linux/net.h> 40 #include <linux/skbuff.h> 41 #include <linux/init.h> 42 #include <linux/netfilter.h> 43 44 #ifdef CONFIG_SYSCTL 45 #include <linux/sysctl.h> 46 #endif 47 48 #include <linux/inet.h> 49 #include <linux/netdevice.h> 50 #include <linux/icmpv6.h> 51 52 #include <net/ip.h> 53 #include <net/sock.h> 54 55 #include <net/ipv6.h> 56 #include <net/ip6_checksum.h> 57 #include <net/protocol.h> 58 #include <net/raw.h> 59 #include <net/rawv6.h> 60 #include <net/transp_v6.h> 61 #include <net/ip6_route.h> 62 #include <net/addrconf.h> 63 #include <net/icmp.h> 64 #include <net/xfrm.h> 65 #include <net/inet_common.h> 66 67 #include <asm/uaccess.h> 68 #include <asm/system.h> 69 70 /* 71 * The ICMP socket(s). This is the most convenient way to flow control 72 * our ICMP output as well as maintain a clean interface throughout 73 * all layers. All Socketless IP sends will soon be gone. 74 * 75 * On SMP we have one ICMP socket per-cpu. 76 */ 77 static inline struct sock *icmpv6_sk(struct net *net) 78 { 79 return net->ipv6.icmp_sk[smp_processor_id()]; 80 } 81 82 static int icmpv6_rcv(struct sk_buff *skb); 83 84 static const struct inet6_protocol icmpv6_protocol = { 85 .handler = icmpv6_rcv, 86 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL, 87 }; 88 89 static __inline__ struct sock *icmpv6_xmit_lock(struct net *net) 90 { 91 struct sock *sk; 92 93 local_bh_disable(); 94 95 sk = icmpv6_sk(net); 96 if (unlikely(!spin_trylock(&sk->sk_lock.slock))) { 97 /* This can happen if the output path (f.e. SIT or 98 * ip6ip6 tunnel) signals dst_link_failure() for an 99 * outgoing ICMP6 packet. 100 */ 101 local_bh_enable(); 102 return NULL; 103 } 104 return sk; 105 } 106 107 static __inline__ void icmpv6_xmit_unlock(struct sock *sk) 108 { 109 spin_unlock_bh(&sk->sk_lock.slock); 110 } 111 112 /* 113 * Slightly more convenient version of icmpv6_send. 114 */ 115 void icmpv6_param_prob(struct sk_buff *skb, u8 code, int pos) 116 { 117 icmpv6_send(skb, ICMPV6_PARAMPROB, code, pos); 118 kfree_skb(skb); 119 } 120 121 /* 122 * Figure out, may we reply to this packet with icmp error. 123 * 124 * We do not reply, if: 125 * - it was icmp error message. 126 * - it is truncated, so that it is known, that protocol is ICMPV6 127 * (i.e. in the middle of some exthdr) 128 * 129 * --ANK (980726) 130 */ 131 132 static int is_ineligible(struct sk_buff *skb) 133 { 134 int ptr = (u8 *)(ipv6_hdr(skb) + 1) - skb->data; 135 int len = skb->len - ptr; 136 __u8 nexthdr = ipv6_hdr(skb)->nexthdr; 137 138 if (len < 0) 139 return 1; 140 141 ptr = ipv6_skip_exthdr(skb, ptr, &nexthdr); 142 if (ptr < 0) 143 return 0; 144 if (nexthdr == IPPROTO_ICMPV6) { 145 u8 _type, *tp; 146 tp = skb_header_pointer(skb, 147 ptr+offsetof(struct icmp6hdr, icmp6_type), 148 sizeof(_type), &_type); 149 if (tp == NULL || 150 !(*tp & ICMPV6_INFOMSG_MASK)) 151 return 1; 152 } 153 return 0; 154 } 155 156 /* 157 * Check the ICMP output rate limit 158 */ 159 static inline int icmpv6_xrlim_allow(struct sock *sk, u8 type, 160 struct flowi *fl) 161 { 162 struct dst_entry *dst; 163 struct net *net = sock_net(sk); 164 int res = 0; 165 166 /* Informational messages are not limited. */ 167 if (type & ICMPV6_INFOMSG_MASK) 168 return 1; 169 170 /* Do not limit pmtu discovery, it would break it. */ 171 if (type == ICMPV6_PKT_TOOBIG) 172 return 1; 173 174 /* 175 * Look up the output route. 176 * XXX: perhaps the expire for routing entries cloned by 177 * this lookup should be more aggressive (not longer than timeout). 178 */ 179 dst = ip6_route_output(net, sk, fl); 180 if (dst->error) { 181 IP6_INC_STATS(net, ip6_dst_idev(dst), 182 IPSTATS_MIB_OUTNOROUTES); 183 } else if (dst->dev && (dst->dev->flags&IFF_LOOPBACK)) { 184 res = 1; 185 } else { 186 struct rt6_info *rt = (struct rt6_info *)dst; 187 int tmo = net->ipv6.sysctl.icmpv6_time; 188 189 /* Give more bandwidth to wider prefixes. */ 190 if (rt->rt6i_dst.plen < 128) 191 tmo >>= ((128 - rt->rt6i_dst.plen)>>5); 192 193 res = xrlim_allow(dst, tmo); 194 } 195 dst_release(dst); 196 return res; 197 } 198 199 /* 200 * an inline helper for the "simple" if statement below 201 * checks if parameter problem report is caused by an 202 * unrecognized IPv6 option that has the Option Type 203 * highest-order two bits set to 10 204 */ 205 206 static __inline__ int opt_unrec(struct sk_buff *skb, __u32 offset) 207 { 208 u8 _optval, *op; 209 210 offset += skb_network_offset(skb); 211 op = skb_header_pointer(skb, offset, sizeof(_optval), &_optval); 212 if (op == NULL) 213 return 1; 214 return (*op & 0xC0) == 0x80; 215 } 216 217 static int icmpv6_push_pending_frames(struct sock *sk, struct flowi *fl, struct icmp6hdr *thdr, int len) 218 { 219 struct sk_buff *skb; 220 struct icmp6hdr *icmp6h; 221 int err = 0; 222 223 if ((skb = skb_peek(&sk->sk_write_queue)) == NULL) 224 goto out; 225 226 icmp6h = icmp6_hdr(skb); 227 memcpy(icmp6h, thdr, sizeof(struct icmp6hdr)); 228 icmp6h->icmp6_cksum = 0; 229 230 if (skb_queue_len(&sk->sk_write_queue) == 1) { 231 skb->csum = csum_partial(icmp6h, 232 sizeof(struct icmp6hdr), skb->csum); 233 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl->fl6_src, 234 &fl->fl6_dst, 235 len, fl->proto, 236 skb->csum); 237 } else { 238 __wsum tmp_csum = 0; 239 240 skb_queue_walk(&sk->sk_write_queue, skb) { 241 tmp_csum = csum_add(tmp_csum, skb->csum); 242 } 243 244 tmp_csum = csum_partial(icmp6h, 245 sizeof(struct icmp6hdr), tmp_csum); 246 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl->fl6_src, 247 &fl->fl6_dst, 248 len, fl->proto, 249 tmp_csum); 250 } 251 ip6_push_pending_frames(sk); 252 out: 253 return err; 254 } 255 256 struct icmpv6_msg { 257 struct sk_buff *skb; 258 int offset; 259 uint8_t type; 260 }; 261 262 static int icmpv6_getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb) 263 { 264 struct icmpv6_msg *msg = (struct icmpv6_msg *) from; 265 struct sk_buff *org_skb = msg->skb; 266 __wsum csum = 0; 267 268 csum = skb_copy_and_csum_bits(org_skb, msg->offset + offset, 269 to, len, csum); 270 skb->csum = csum_block_add(skb->csum, csum, odd); 271 if (!(msg->type & ICMPV6_INFOMSG_MASK)) 272 nf_ct_attach(skb, org_skb); 273 return 0; 274 } 275 276 #if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE) 277 static void mip6_addr_swap(struct sk_buff *skb) 278 { 279 struct ipv6hdr *iph = ipv6_hdr(skb); 280 struct inet6_skb_parm *opt = IP6CB(skb); 281 struct ipv6_destopt_hao *hao; 282 struct in6_addr tmp; 283 int off; 284 285 if (opt->dsthao) { 286 off = ipv6_find_tlv(skb, opt->dsthao, IPV6_TLV_HAO); 287 if (likely(off >= 0)) { 288 hao = (struct ipv6_destopt_hao *) 289 (skb_network_header(skb) + off); 290 ipv6_addr_copy(&tmp, &iph->saddr); 291 ipv6_addr_copy(&iph->saddr, &hao->addr); 292 ipv6_addr_copy(&hao->addr, &tmp); 293 } 294 } 295 } 296 #else 297 static inline void mip6_addr_swap(struct sk_buff *skb) {} 298 #endif 299 300 /* 301 * Send an ICMP message in response to a packet in error 302 */ 303 void icmpv6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info) 304 { 305 struct net *net = dev_net(skb->dev); 306 struct inet6_dev *idev = NULL; 307 struct ipv6hdr *hdr = ipv6_hdr(skb); 308 struct sock *sk; 309 struct ipv6_pinfo *np; 310 struct in6_addr *saddr = NULL; 311 struct dst_entry *dst; 312 struct dst_entry *dst2; 313 struct icmp6hdr tmp_hdr; 314 struct flowi fl; 315 struct flowi fl2; 316 struct icmpv6_msg msg; 317 int iif = 0; 318 int addr_type = 0; 319 int len; 320 int hlimit; 321 int err = 0; 322 323 if ((u8 *)hdr < skb->head || 324 (skb->network_header + sizeof(*hdr)) > skb->tail) 325 return; 326 327 /* 328 * Make sure we respect the rules 329 * i.e. RFC 1885 2.4(e) 330 * Rule (e.1) is enforced by not using icmpv6_send 331 * in any code that processes icmp errors. 332 */ 333 addr_type = ipv6_addr_type(&hdr->daddr); 334 335 if (ipv6_chk_addr(net, &hdr->daddr, skb->dev, 0)) 336 saddr = &hdr->daddr; 337 338 /* 339 * Dest addr check 340 */ 341 342 if ((addr_type & IPV6_ADDR_MULTICAST || skb->pkt_type != PACKET_HOST)) { 343 if (type != ICMPV6_PKT_TOOBIG && 344 !(type == ICMPV6_PARAMPROB && 345 code == ICMPV6_UNK_OPTION && 346 (opt_unrec(skb, info)))) 347 return; 348 349 saddr = NULL; 350 } 351 352 addr_type = ipv6_addr_type(&hdr->saddr); 353 354 /* 355 * Source addr check 356 */ 357 358 if (addr_type & IPV6_ADDR_LINKLOCAL) 359 iif = skb->dev->ifindex; 360 361 /* 362 * Must not send error if the source does not uniquely 363 * identify a single node (RFC2463 Section 2.4). 364 * We check unspecified / multicast addresses here, 365 * and anycast addresses will be checked later. 366 */ 367 if ((addr_type == IPV6_ADDR_ANY) || (addr_type & IPV6_ADDR_MULTICAST)) { 368 LIMIT_NETDEBUG(KERN_DEBUG "icmpv6_send: addr_any/mcast source\n"); 369 return; 370 } 371 372 /* 373 * Never answer to a ICMP packet. 374 */ 375 if (is_ineligible(skb)) { 376 LIMIT_NETDEBUG(KERN_DEBUG "icmpv6_send: no reply to icmp error\n"); 377 return; 378 } 379 380 mip6_addr_swap(skb); 381 382 memset(&fl, 0, sizeof(fl)); 383 fl.proto = IPPROTO_ICMPV6; 384 ipv6_addr_copy(&fl.fl6_dst, &hdr->saddr); 385 if (saddr) 386 ipv6_addr_copy(&fl.fl6_src, saddr); 387 fl.oif = iif; 388 fl.fl_icmp_type = type; 389 fl.fl_icmp_code = code; 390 security_skb_classify_flow(skb, &fl); 391 392 sk = icmpv6_xmit_lock(net); 393 if (sk == NULL) 394 return; 395 np = inet6_sk(sk); 396 397 if (!icmpv6_xrlim_allow(sk, type, &fl)) 398 goto out; 399 400 tmp_hdr.icmp6_type = type; 401 tmp_hdr.icmp6_code = code; 402 tmp_hdr.icmp6_cksum = 0; 403 tmp_hdr.icmp6_pointer = htonl(info); 404 405 if (!fl.oif && ipv6_addr_is_multicast(&fl.fl6_dst)) 406 fl.oif = np->mcast_oif; 407 408 err = ip6_dst_lookup(sk, &dst, &fl); 409 if (err) 410 goto out; 411 412 /* 413 * We won't send icmp if the destination is known 414 * anycast. 415 */ 416 if (((struct rt6_info *)dst)->rt6i_flags & RTF_ANYCAST) { 417 LIMIT_NETDEBUG(KERN_DEBUG "icmpv6_send: acast source\n"); 418 goto out_dst_release; 419 } 420 421 /* No need to clone since we're just using its address. */ 422 dst2 = dst; 423 424 err = xfrm_lookup(net, &dst, &fl, sk, 0); 425 switch (err) { 426 case 0: 427 if (dst != dst2) 428 goto route_done; 429 break; 430 case -EPERM: 431 dst = NULL; 432 break; 433 default: 434 goto out; 435 } 436 437 if (xfrm_decode_session_reverse(skb, &fl2, AF_INET6)) 438 goto relookup_failed; 439 440 if (ip6_dst_lookup(sk, &dst2, &fl2)) 441 goto relookup_failed; 442 443 err = xfrm_lookup(net, &dst2, &fl2, sk, XFRM_LOOKUP_ICMP); 444 switch (err) { 445 case 0: 446 dst_release(dst); 447 dst = dst2; 448 break; 449 case -EPERM: 450 goto out_dst_release; 451 default: 452 relookup_failed: 453 if (!dst) 454 goto out; 455 break; 456 } 457 458 route_done: 459 if (ipv6_addr_is_multicast(&fl.fl6_dst)) 460 hlimit = np->mcast_hops; 461 else 462 hlimit = np->hop_limit; 463 if (hlimit < 0) 464 hlimit = ip6_dst_hoplimit(dst); 465 466 msg.skb = skb; 467 msg.offset = skb_network_offset(skb); 468 msg.type = type; 469 470 len = skb->len - msg.offset; 471 len = min_t(unsigned int, len, IPV6_MIN_MTU - sizeof(struct ipv6hdr) -sizeof(struct icmp6hdr)); 472 if (len < 0) { 473 LIMIT_NETDEBUG(KERN_DEBUG "icmp: len problem\n"); 474 goto out_dst_release; 475 } 476 477 idev = in6_dev_get(skb->dev); 478 479 err = ip6_append_data(sk, icmpv6_getfrag, &msg, 480 len + sizeof(struct icmp6hdr), 481 sizeof(struct icmp6hdr), hlimit, 482 np->tclass, NULL, &fl, (struct rt6_info*)dst, 483 MSG_DONTWAIT); 484 if (err) { 485 ICMP6_INC_STATS_BH(net, idev, ICMP6_MIB_OUTMSGS); 486 ip6_flush_pending_frames(sk); 487 goto out_put; 488 } 489 err = icmpv6_push_pending_frames(sk, &fl, &tmp_hdr, len + sizeof(struct icmp6hdr)); 490 491 out_put: 492 if (likely(idev != NULL)) 493 in6_dev_put(idev); 494 out_dst_release: 495 dst_release(dst); 496 out: 497 icmpv6_xmit_unlock(sk); 498 } 499 500 EXPORT_SYMBOL(icmpv6_send); 501 502 static void icmpv6_echo_reply(struct sk_buff *skb) 503 { 504 struct net *net = dev_net(skb->dev); 505 struct sock *sk; 506 struct inet6_dev *idev; 507 struct ipv6_pinfo *np; 508 struct in6_addr *saddr = NULL; 509 struct icmp6hdr *icmph = icmp6_hdr(skb); 510 struct icmp6hdr tmp_hdr; 511 struct flowi fl; 512 struct icmpv6_msg msg; 513 struct dst_entry *dst; 514 int err = 0; 515 int hlimit; 516 517 saddr = &ipv6_hdr(skb)->daddr; 518 519 if (!ipv6_unicast_destination(skb)) 520 saddr = NULL; 521 522 memcpy(&tmp_hdr, icmph, sizeof(tmp_hdr)); 523 tmp_hdr.icmp6_type = ICMPV6_ECHO_REPLY; 524 525 memset(&fl, 0, sizeof(fl)); 526 fl.proto = IPPROTO_ICMPV6; 527 ipv6_addr_copy(&fl.fl6_dst, &ipv6_hdr(skb)->saddr); 528 if (saddr) 529 ipv6_addr_copy(&fl.fl6_src, saddr); 530 fl.oif = skb->dev->ifindex; 531 fl.fl_icmp_type = ICMPV6_ECHO_REPLY; 532 security_skb_classify_flow(skb, &fl); 533 534 sk = icmpv6_xmit_lock(net); 535 if (sk == NULL) 536 return; 537 np = inet6_sk(sk); 538 539 if (!fl.oif && ipv6_addr_is_multicast(&fl.fl6_dst)) 540 fl.oif = np->mcast_oif; 541 542 err = ip6_dst_lookup(sk, &dst, &fl); 543 if (err) 544 goto out; 545 if ((err = xfrm_lookup(net, &dst, &fl, sk, 0)) < 0) 546 goto out; 547 548 if (ipv6_addr_is_multicast(&fl.fl6_dst)) 549 hlimit = np->mcast_hops; 550 else 551 hlimit = np->hop_limit; 552 if (hlimit < 0) 553 hlimit = ip6_dst_hoplimit(dst); 554 555 idev = in6_dev_get(skb->dev); 556 557 msg.skb = skb; 558 msg.offset = 0; 559 msg.type = ICMPV6_ECHO_REPLY; 560 561 err = ip6_append_data(sk, icmpv6_getfrag, &msg, skb->len + sizeof(struct icmp6hdr), 562 sizeof(struct icmp6hdr), hlimit, np->tclass, NULL, &fl, 563 (struct rt6_info*)dst, MSG_DONTWAIT); 564 565 if (err) { 566 ICMP6_INC_STATS_BH(net, idev, ICMP6_MIB_OUTMSGS); 567 ip6_flush_pending_frames(sk); 568 goto out_put; 569 } 570 err = icmpv6_push_pending_frames(sk, &fl, &tmp_hdr, skb->len + sizeof(struct icmp6hdr)); 571 572 out_put: 573 if (likely(idev != NULL)) 574 in6_dev_put(idev); 575 dst_release(dst); 576 out: 577 icmpv6_xmit_unlock(sk); 578 } 579 580 static void icmpv6_notify(struct sk_buff *skb, u8 type, u8 code, __be32 info) 581 { 582 const struct inet6_protocol *ipprot; 583 int inner_offset; 584 int hash; 585 u8 nexthdr; 586 587 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) 588 return; 589 590 nexthdr = ((struct ipv6hdr *)skb->data)->nexthdr; 591 if (ipv6_ext_hdr(nexthdr)) { 592 /* now skip over extension headers */ 593 inner_offset = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), &nexthdr); 594 if (inner_offset<0) 595 return; 596 } else { 597 inner_offset = sizeof(struct ipv6hdr); 598 } 599 600 /* Checkin header including 8 bytes of inner protocol header. */ 601 if (!pskb_may_pull(skb, inner_offset+8)) 602 return; 603 604 /* BUGGG_FUTURE: we should try to parse exthdrs in this packet. 605 Without this we will not able f.e. to make source routed 606 pmtu discovery. 607 Corresponding argument (opt) to notifiers is already added. 608 --ANK (980726) 609 */ 610 611 hash = nexthdr & (MAX_INET_PROTOS - 1); 612 613 rcu_read_lock(); 614 ipprot = rcu_dereference(inet6_protos[hash]); 615 if (ipprot && ipprot->err_handler) 616 ipprot->err_handler(skb, NULL, type, code, inner_offset, info); 617 rcu_read_unlock(); 618 619 raw6_icmp_error(skb, nexthdr, type, code, inner_offset, info); 620 } 621 622 /* 623 * Handle icmp messages 624 */ 625 626 static int icmpv6_rcv(struct sk_buff *skb) 627 { 628 struct net_device *dev = skb->dev; 629 struct inet6_dev *idev = __in6_dev_get(dev); 630 struct in6_addr *saddr, *daddr; 631 struct ipv6hdr *orig_hdr; 632 struct icmp6hdr *hdr; 633 u8 type; 634 635 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) { 636 struct sec_path *sp = skb_sec_path(skb); 637 int nh; 638 639 if (!(sp && sp->xvec[sp->len - 1]->props.flags & 640 XFRM_STATE_ICMP)) 641 goto drop_no_count; 642 643 if (!pskb_may_pull(skb, sizeof(*hdr) + sizeof(*orig_hdr))) 644 goto drop_no_count; 645 646 nh = skb_network_offset(skb); 647 skb_set_network_header(skb, sizeof(*hdr)); 648 649 if (!xfrm6_policy_check_reverse(NULL, XFRM_POLICY_IN, skb)) 650 goto drop_no_count; 651 652 skb_set_network_header(skb, nh); 653 } 654 655 ICMP6_INC_STATS_BH(dev_net(dev), idev, ICMP6_MIB_INMSGS); 656 657 saddr = &ipv6_hdr(skb)->saddr; 658 daddr = &ipv6_hdr(skb)->daddr; 659 660 /* Perform checksum. */ 661 switch (skb->ip_summed) { 662 case CHECKSUM_COMPLETE: 663 if (!csum_ipv6_magic(saddr, daddr, skb->len, IPPROTO_ICMPV6, 664 skb->csum)) 665 break; 666 /* fall through */ 667 case CHECKSUM_NONE: 668 skb->csum = ~csum_unfold(csum_ipv6_magic(saddr, daddr, skb->len, 669 IPPROTO_ICMPV6, 0)); 670 if (__skb_checksum_complete(skb)) { 671 LIMIT_NETDEBUG(KERN_DEBUG "ICMPv6 checksum failed [%pI6 > %pI6]\n", 672 saddr, daddr); 673 goto discard_it; 674 } 675 } 676 677 if (!pskb_pull(skb, sizeof(*hdr))) 678 goto discard_it; 679 680 hdr = icmp6_hdr(skb); 681 682 type = hdr->icmp6_type; 683 684 ICMP6MSGIN_INC_STATS_BH(dev_net(dev), idev, type); 685 686 switch (type) { 687 case ICMPV6_ECHO_REQUEST: 688 icmpv6_echo_reply(skb); 689 break; 690 691 case ICMPV6_ECHO_REPLY: 692 /* we couldn't care less */ 693 break; 694 695 case ICMPV6_PKT_TOOBIG: 696 /* BUGGG_FUTURE: if packet contains rthdr, we cannot update 697 standard destination cache. Seems, only "advanced" 698 destination cache will allow to solve this problem 699 --ANK (980726) 700 */ 701 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) 702 goto discard_it; 703 hdr = icmp6_hdr(skb); 704 orig_hdr = (struct ipv6hdr *) (hdr + 1); 705 rt6_pmtu_discovery(&orig_hdr->daddr, &orig_hdr->saddr, dev, 706 ntohl(hdr->icmp6_mtu)); 707 708 /* 709 * Drop through to notify 710 */ 711 712 case ICMPV6_DEST_UNREACH: 713 case ICMPV6_TIME_EXCEED: 714 case ICMPV6_PARAMPROB: 715 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu); 716 break; 717 718 case NDISC_ROUTER_SOLICITATION: 719 case NDISC_ROUTER_ADVERTISEMENT: 720 case NDISC_NEIGHBOUR_SOLICITATION: 721 case NDISC_NEIGHBOUR_ADVERTISEMENT: 722 case NDISC_REDIRECT: 723 ndisc_rcv(skb); 724 break; 725 726 case ICMPV6_MGM_QUERY: 727 igmp6_event_query(skb); 728 break; 729 730 case ICMPV6_MGM_REPORT: 731 igmp6_event_report(skb); 732 break; 733 734 case ICMPV6_MGM_REDUCTION: 735 case ICMPV6_NI_QUERY: 736 case ICMPV6_NI_REPLY: 737 case ICMPV6_MLD2_REPORT: 738 case ICMPV6_DHAAD_REQUEST: 739 case ICMPV6_DHAAD_REPLY: 740 case ICMPV6_MOBILE_PREFIX_SOL: 741 case ICMPV6_MOBILE_PREFIX_ADV: 742 break; 743 744 default: 745 LIMIT_NETDEBUG(KERN_DEBUG "icmpv6: msg of unknown type\n"); 746 747 /* informational */ 748 if (type & ICMPV6_INFOMSG_MASK) 749 break; 750 751 /* 752 * error of unknown type. 753 * must pass to upper level 754 */ 755 756 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu); 757 } 758 759 kfree_skb(skb); 760 return 0; 761 762 discard_it: 763 ICMP6_INC_STATS_BH(dev_net(dev), idev, ICMP6_MIB_INERRORS); 764 drop_no_count: 765 kfree_skb(skb); 766 return 0; 767 } 768 769 void icmpv6_flow_init(struct sock *sk, struct flowi *fl, 770 u8 type, 771 const struct in6_addr *saddr, 772 const struct in6_addr *daddr, 773 int oif) 774 { 775 memset(fl, 0, sizeof(*fl)); 776 ipv6_addr_copy(&fl->fl6_src, saddr); 777 ipv6_addr_copy(&fl->fl6_dst, daddr); 778 fl->proto = IPPROTO_ICMPV6; 779 fl->fl_icmp_type = type; 780 fl->fl_icmp_code = 0; 781 fl->oif = oif; 782 security_sk_classify_flow(sk, fl); 783 } 784 785 /* 786 * Special lock-class for __icmpv6_sk: 787 */ 788 static struct lock_class_key icmpv6_socket_sk_dst_lock_key; 789 790 static int __net_init icmpv6_sk_init(struct net *net) 791 { 792 struct sock *sk; 793 int err, i, j; 794 795 net->ipv6.icmp_sk = 796 kzalloc(nr_cpu_ids * sizeof(struct sock *), GFP_KERNEL); 797 if (net->ipv6.icmp_sk == NULL) 798 return -ENOMEM; 799 800 for_each_possible_cpu(i) { 801 err = inet_ctl_sock_create(&sk, PF_INET6, 802 SOCK_RAW, IPPROTO_ICMPV6, net); 803 if (err < 0) { 804 printk(KERN_ERR 805 "Failed to initialize the ICMP6 control socket " 806 "(err %d).\n", 807 err); 808 goto fail; 809 } 810 811 net->ipv6.icmp_sk[i] = sk; 812 813 /* 814 * Split off their lock-class, because sk->sk_dst_lock 815 * gets used from softirqs, which is safe for 816 * __icmpv6_sk (because those never get directly used 817 * via userspace syscalls), but unsafe for normal sockets. 818 */ 819 lockdep_set_class(&sk->sk_dst_lock, 820 &icmpv6_socket_sk_dst_lock_key); 821 822 /* Enough space for 2 64K ICMP packets, including 823 * sk_buff struct overhead. 824 */ 825 sk->sk_sndbuf = 826 (2 * ((64 * 1024) + sizeof(struct sk_buff))); 827 } 828 return 0; 829 830 fail: 831 for (j = 0; j < i; j++) 832 inet_ctl_sock_destroy(net->ipv6.icmp_sk[j]); 833 kfree(net->ipv6.icmp_sk); 834 return err; 835 } 836 837 static void __net_exit icmpv6_sk_exit(struct net *net) 838 { 839 int i; 840 841 for_each_possible_cpu(i) { 842 inet_ctl_sock_destroy(net->ipv6.icmp_sk[i]); 843 } 844 kfree(net->ipv6.icmp_sk); 845 } 846 847 static struct pernet_operations icmpv6_sk_ops = { 848 .init = icmpv6_sk_init, 849 .exit = icmpv6_sk_exit, 850 }; 851 852 int __init icmpv6_init(void) 853 { 854 int err; 855 856 err = register_pernet_subsys(&icmpv6_sk_ops); 857 if (err < 0) 858 return err; 859 860 err = -EAGAIN; 861 if (inet6_add_protocol(&icmpv6_protocol, IPPROTO_ICMPV6) < 0) 862 goto fail; 863 return 0; 864 865 fail: 866 printk(KERN_ERR "Failed to register ICMP6 protocol\n"); 867 unregister_pernet_subsys(&icmpv6_sk_ops); 868 return err; 869 } 870 871 void icmpv6_cleanup(void) 872 { 873 unregister_pernet_subsys(&icmpv6_sk_ops); 874 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6); 875 } 876 877 878 static const struct icmp6_err { 879 int err; 880 int fatal; 881 } tab_unreach[] = { 882 { /* NOROUTE */ 883 .err = ENETUNREACH, 884 .fatal = 0, 885 }, 886 { /* ADM_PROHIBITED */ 887 .err = EACCES, 888 .fatal = 1, 889 }, 890 { /* Was NOT_NEIGHBOUR, now reserved */ 891 .err = EHOSTUNREACH, 892 .fatal = 0, 893 }, 894 { /* ADDR_UNREACH */ 895 .err = EHOSTUNREACH, 896 .fatal = 0, 897 }, 898 { /* PORT_UNREACH */ 899 .err = ECONNREFUSED, 900 .fatal = 1, 901 }, 902 }; 903 904 int icmpv6_err_convert(u8 type, u8 code, int *err) 905 { 906 int fatal = 0; 907 908 *err = EPROTO; 909 910 switch (type) { 911 case ICMPV6_DEST_UNREACH: 912 fatal = 1; 913 if (code <= ICMPV6_PORT_UNREACH) { 914 *err = tab_unreach[code].err; 915 fatal = tab_unreach[code].fatal; 916 } 917 break; 918 919 case ICMPV6_PKT_TOOBIG: 920 *err = EMSGSIZE; 921 break; 922 923 case ICMPV6_PARAMPROB: 924 *err = EPROTO; 925 fatal = 1; 926 break; 927 928 case ICMPV6_TIME_EXCEED: 929 *err = EHOSTUNREACH; 930 break; 931 } 932 933 return fatal; 934 } 935 936 EXPORT_SYMBOL(icmpv6_err_convert); 937 938 #ifdef CONFIG_SYSCTL 939 ctl_table ipv6_icmp_table_template[] = { 940 { 941 .procname = "ratelimit", 942 .data = &init_net.ipv6.sysctl.icmpv6_time, 943 .maxlen = sizeof(int), 944 .mode = 0644, 945 .proc_handler = proc_dointvec_ms_jiffies, 946 }, 947 { }, 948 }; 949 950 struct ctl_table * __net_init ipv6_icmp_sysctl_init(struct net *net) 951 { 952 struct ctl_table *table; 953 954 table = kmemdup(ipv6_icmp_table_template, 955 sizeof(ipv6_icmp_table_template), 956 GFP_KERNEL); 957 958 if (table) 959 table[0].data = &net->ipv6.sysctl.icmpv6_time; 960 961 return table; 962 } 963 #endif 964 965