1 /* 2 * Internet Control Message Protocol (ICMPv6) 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * 8 * $Id: icmp.c,v 1.38 2002/02/08 03:57:19 davem Exp $ 9 * 10 * Based on net/ipv4/icmp.c 11 * 12 * RFC 1885 13 * 14 * This program is free software; you can redistribute it and/or 15 * modify it under the terms of the GNU General Public License 16 * as published by the Free Software Foundation; either version 17 * 2 of the License, or (at your option) any later version. 18 */ 19 20 /* 21 * Changes: 22 * 23 * Andi Kleen : exception handling 24 * Andi Kleen add rate limits. never reply to a icmp. 25 * add more length checks and other fixes. 26 * yoshfuji : ensure to sent parameter problem for 27 * fragments. 28 * YOSHIFUJI Hideaki @USAGI: added sysctl for icmp rate limit. 29 * Randy Dunlap and 30 * YOSHIFUJI Hideaki @USAGI: Per-interface statistics support 31 * Kazunori MIYAZAWA @USAGI: change output process to use ip6_append_data 32 */ 33 34 #include <linux/module.h> 35 #include <linux/errno.h> 36 #include <linux/types.h> 37 #include <linux/socket.h> 38 #include <linux/in.h> 39 #include <linux/kernel.h> 40 #include <linux/sockios.h> 41 #include <linux/net.h> 42 #include <linux/skbuff.h> 43 #include <linux/init.h> 44 #include <linux/netfilter.h> 45 46 #ifdef CONFIG_SYSCTL 47 #include <linux/sysctl.h> 48 #endif 49 50 #include <linux/inet.h> 51 #include <linux/netdevice.h> 52 #include <linux/icmpv6.h> 53 54 #include <net/ip.h> 55 #include <net/sock.h> 56 57 #include <net/ipv6.h> 58 #include <net/ip6_checksum.h> 59 #include <net/protocol.h> 60 #include <net/raw.h> 61 #include <net/rawv6.h> 62 #include <net/transp_v6.h> 63 #include <net/ip6_route.h> 64 #include <net/addrconf.h> 65 #include <net/icmp.h> 66 #include <net/xfrm.h> 67 68 #include <asm/uaccess.h> 69 #include <asm/system.h> 70 71 DEFINE_SNMP_STAT(struct icmpv6_mib, icmpv6_statistics) __read_mostly; 72 EXPORT_SYMBOL(icmpv6_statistics); 73 DEFINE_SNMP_STAT(struct icmpv6msg_mib, icmpv6msg_statistics) __read_mostly; 74 EXPORT_SYMBOL(icmpv6msg_statistics); 75 76 /* 77 * The ICMP socket(s). This is the most convenient way to flow control 78 * our ICMP output as well as maintain a clean interface throughout 79 * all layers. All Socketless IP sends will soon be gone. 80 * 81 * On SMP we have one ICMP socket per-cpu. 82 */ 83 static inline struct sock *icmpv6_sk(struct net *net) 84 { 85 return net->ipv6.icmp_sk[smp_processor_id()]; 86 } 87 88 static int icmpv6_rcv(struct sk_buff *skb); 89 90 static struct inet6_protocol icmpv6_protocol = { 91 .handler = icmpv6_rcv, 92 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL, 93 }; 94 95 static __inline__ int icmpv6_xmit_lock(struct sock *sk) 96 { 97 local_bh_disable(); 98 99 if (unlikely(!spin_trylock(&sk->sk_lock.slock))) { 100 /* This can happen if the output path (f.e. SIT or 101 * ip6ip6 tunnel) signals dst_link_failure() for an 102 * outgoing ICMP6 packet. 103 */ 104 local_bh_enable(); 105 return 1; 106 } 107 return 0; 108 } 109 110 static __inline__ void icmpv6_xmit_unlock(struct sock *sk) 111 { 112 spin_unlock_bh(&sk->sk_lock.slock); 113 } 114 115 /* 116 * Slightly more convenient version of icmpv6_send. 117 */ 118 void icmpv6_param_prob(struct sk_buff *skb, int code, int pos) 119 { 120 icmpv6_send(skb, ICMPV6_PARAMPROB, code, pos, skb->dev); 121 kfree_skb(skb); 122 } 123 124 /* 125 * Figure out, may we reply to this packet with icmp error. 126 * 127 * We do not reply, if: 128 * - it was icmp error message. 129 * - it is truncated, so that it is known, that protocol is ICMPV6 130 * (i.e. in the middle of some exthdr) 131 * 132 * --ANK (980726) 133 */ 134 135 static int is_ineligible(struct sk_buff *skb) 136 { 137 int ptr = (u8 *)(ipv6_hdr(skb) + 1) - skb->data; 138 int len = skb->len - ptr; 139 __u8 nexthdr = ipv6_hdr(skb)->nexthdr; 140 141 if (len < 0) 142 return 1; 143 144 ptr = ipv6_skip_exthdr(skb, ptr, &nexthdr); 145 if (ptr < 0) 146 return 0; 147 if (nexthdr == IPPROTO_ICMPV6) { 148 u8 _type, *tp; 149 tp = skb_header_pointer(skb, 150 ptr+offsetof(struct icmp6hdr, icmp6_type), 151 sizeof(_type), &_type); 152 if (tp == NULL || 153 !(*tp & ICMPV6_INFOMSG_MASK)) 154 return 1; 155 } 156 return 0; 157 } 158 159 /* 160 * Check the ICMP output rate limit 161 */ 162 static inline int icmpv6_xrlim_allow(struct sock *sk, int type, 163 struct flowi *fl) 164 { 165 struct dst_entry *dst; 166 struct net *net = sk->sk_net; 167 int res = 0; 168 169 /* Informational messages are not limited. */ 170 if (type & ICMPV6_INFOMSG_MASK) 171 return 1; 172 173 /* Do not limit pmtu discovery, it would break it. */ 174 if (type == ICMPV6_PKT_TOOBIG) 175 return 1; 176 177 /* 178 * Look up the output route. 179 * XXX: perhaps the expire for routing entries cloned by 180 * this lookup should be more aggressive (not longer than timeout). 181 */ 182 dst = ip6_route_output(net, sk, fl); 183 if (dst->error) { 184 IP6_INC_STATS(ip6_dst_idev(dst), 185 IPSTATS_MIB_OUTNOROUTES); 186 } else if (dst->dev && (dst->dev->flags&IFF_LOOPBACK)) { 187 res = 1; 188 } else { 189 struct rt6_info *rt = (struct rt6_info *)dst; 190 int tmo = net->ipv6.sysctl.icmpv6_time; 191 192 /* Give more bandwidth to wider prefixes. */ 193 if (rt->rt6i_dst.plen < 128) 194 tmo >>= ((128 - rt->rt6i_dst.plen)>>5); 195 196 res = xrlim_allow(dst, tmo); 197 } 198 dst_release(dst); 199 return res; 200 } 201 202 /* 203 * an inline helper for the "simple" if statement below 204 * checks if parameter problem report is caused by an 205 * unrecognized IPv6 option that has the Option Type 206 * highest-order two bits set to 10 207 */ 208 209 static __inline__ int opt_unrec(struct sk_buff *skb, __u32 offset) 210 { 211 u8 _optval, *op; 212 213 offset += skb_network_offset(skb); 214 op = skb_header_pointer(skb, offset, sizeof(_optval), &_optval); 215 if (op == NULL) 216 return 1; 217 return (*op & 0xC0) == 0x80; 218 } 219 220 static int icmpv6_push_pending_frames(struct sock *sk, struct flowi *fl, struct icmp6hdr *thdr, int len) 221 { 222 struct sk_buff *skb; 223 struct icmp6hdr *icmp6h; 224 int err = 0; 225 226 if ((skb = skb_peek(&sk->sk_write_queue)) == NULL) 227 goto out; 228 229 icmp6h = icmp6_hdr(skb); 230 memcpy(icmp6h, thdr, sizeof(struct icmp6hdr)); 231 icmp6h->icmp6_cksum = 0; 232 233 if (skb_queue_len(&sk->sk_write_queue) == 1) { 234 skb->csum = csum_partial((char *)icmp6h, 235 sizeof(struct icmp6hdr), skb->csum); 236 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl->fl6_src, 237 &fl->fl6_dst, 238 len, fl->proto, 239 skb->csum); 240 } else { 241 __wsum tmp_csum = 0; 242 243 skb_queue_walk(&sk->sk_write_queue, skb) { 244 tmp_csum = csum_add(tmp_csum, skb->csum); 245 } 246 247 tmp_csum = csum_partial((char *)icmp6h, 248 sizeof(struct icmp6hdr), tmp_csum); 249 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl->fl6_src, 250 &fl->fl6_dst, 251 len, fl->proto, 252 tmp_csum); 253 } 254 ip6_push_pending_frames(sk); 255 out: 256 return err; 257 } 258 259 struct icmpv6_msg { 260 struct sk_buff *skb; 261 int offset; 262 uint8_t type; 263 }; 264 265 static int icmpv6_getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb) 266 { 267 struct icmpv6_msg *msg = (struct icmpv6_msg *) from; 268 struct sk_buff *org_skb = msg->skb; 269 __wsum csum = 0; 270 271 csum = skb_copy_and_csum_bits(org_skb, msg->offset + offset, 272 to, len, csum); 273 skb->csum = csum_block_add(skb->csum, csum, odd); 274 if (!(msg->type & ICMPV6_INFOMSG_MASK)) 275 nf_ct_attach(skb, org_skb); 276 return 0; 277 } 278 279 #if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE) 280 static void mip6_addr_swap(struct sk_buff *skb) 281 { 282 struct ipv6hdr *iph = ipv6_hdr(skb); 283 struct inet6_skb_parm *opt = IP6CB(skb); 284 struct ipv6_destopt_hao *hao; 285 struct in6_addr tmp; 286 int off; 287 288 if (opt->dsthao) { 289 off = ipv6_find_tlv(skb, opt->dsthao, IPV6_TLV_HAO); 290 if (likely(off >= 0)) { 291 hao = (struct ipv6_destopt_hao *) 292 (skb_network_header(skb) + off); 293 ipv6_addr_copy(&tmp, &iph->saddr); 294 ipv6_addr_copy(&iph->saddr, &hao->addr); 295 ipv6_addr_copy(&hao->addr, &tmp); 296 } 297 } 298 } 299 #else 300 static inline void mip6_addr_swap(struct sk_buff *skb) {} 301 #endif 302 303 /* 304 * Send an ICMP message in response to a packet in error 305 */ 306 void icmpv6_send(struct sk_buff *skb, int type, int code, __u32 info, 307 struct net_device *dev) 308 { 309 struct net *net = skb->dev->nd_net; 310 struct inet6_dev *idev = NULL; 311 struct ipv6hdr *hdr = ipv6_hdr(skb); 312 struct sock *sk; 313 struct ipv6_pinfo *np; 314 struct in6_addr *saddr = NULL; 315 struct dst_entry *dst; 316 struct dst_entry *dst2; 317 struct icmp6hdr tmp_hdr; 318 struct flowi fl; 319 struct flowi fl2; 320 struct icmpv6_msg msg; 321 int iif = 0; 322 int addr_type = 0; 323 int len; 324 int hlimit, tclass; 325 int err = 0; 326 327 if ((u8 *)hdr < skb->head || 328 (skb->network_header + sizeof(*hdr)) > skb->tail) 329 return; 330 331 /* 332 * Make sure we respect the rules 333 * i.e. RFC 1885 2.4(e) 334 * Rule (e.1) is enforced by not using icmpv6_send 335 * in any code that processes icmp errors. 336 */ 337 addr_type = ipv6_addr_type(&hdr->daddr); 338 339 if (ipv6_chk_addr(net, &hdr->daddr, skb->dev, 0)) 340 saddr = &hdr->daddr; 341 342 /* 343 * Dest addr check 344 */ 345 346 if ((addr_type & IPV6_ADDR_MULTICAST || skb->pkt_type != PACKET_HOST)) { 347 if (type != ICMPV6_PKT_TOOBIG && 348 !(type == ICMPV6_PARAMPROB && 349 code == ICMPV6_UNK_OPTION && 350 (opt_unrec(skb, info)))) 351 return; 352 353 saddr = NULL; 354 } 355 356 addr_type = ipv6_addr_type(&hdr->saddr); 357 358 /* 359 * Source addr check 360 */ 361 362 if (addr_type & IPV6_ADDR_LINKLOCAL) 363 iif = skb->dev->ifindex; 364 365 /* 366 * Must not send error if the source does not uniquely 367 * identify a single node (RFC2463 Section 2.4). 368 * We check unspecified / multicast addresses here, 369 * and anycast addresses will be checked later. 370 */ 371 if ((addr_type == IPV6_ADDR_ANY) || (addr_type & IPV6_ADDR_MULTICAST)) { 372 LIMIT_NETDEBUG(KERN_DEBUG "icmpv6_send: addr_any/mcast source\n"); 373 return; 374 } 375 376 /* 377 * Never answer to a ICMP packet. 378 */ 379 if (is_ineligible(skb)) { 380 LIMIT_NETDEBUG(KERN_DEBUG "icmpv6_send: no reply to icmp error\n"); 381 return; 382 } 383 384 mip6_addr_swap(skb); 385 386 memset(&fl, 0, sizeof(fl)); 387 fl.proto = IPPROTO_ICMPV6; 388 ipv6_addr_copy(&fl.fl6_dst, &hdr->saddr); 389 if (saddr) 390 ipv6_addr_copy(&fl.fl6_src, saddr); 391 fl.oif = iif; 392 fl.fl_icmp_type = type; 393 fl.fl_icmp_code = code; 394 security_skb_classify_flow(skb, &fl); 395 396 sk = icmpv6_sk(net); 397 np = inet6_sk(sk); 398 399 if (icmpv6_xmit_lock(sk)) 400 return; 401 402 if (!icmpv6_xrlim_allow(sk, type, &fl)) 403 goto out; 404 405 tmp_hdr.icmp6_type = type; 406 tmp_hdr.icmp6_code = code; 407 tmp_hdr.icmp6_cksum = 0; 408 tmp_hdr.icmp6_pointer = htonl(info); 409 410 if (!fl.oif && ipv6_addr_is_multicast(&fl.fl6_dst)) 411 fl.oif = np->mcast_oif; 412 413 err = ip6_dst_lookup(sk, &dst, &fl); 414 if (err) 415 goto out; 416 417 /* 418 * We won't send icmp if the destination is known 419 * anycast. 420 */ 421 if (((struct rt6_info *)dst)->rt6i_flags & RTF_ANYCAST) { 422 LIMIT_NETDEBUG(KERN_DEBUG "icmpv6_send: acast source\n"); 423 goto out_dst_release; 424 } 425 426 /* No need to clone since we're just using its address. */ 427 dst2 = dst; 428 429 err = xfrm_lookup(&dst, &fl, sk, 0); 430 switch (err) { 431 case 0: 432 if (dst != dst2) 433 goto route_done; 434 break; 435 case -EPERM: 436 dst = NULL; 437 break; 438 default: 439 goto out; 440 } 441 442 if (xfrm_decode_session_reverse(skb, &fl2, AF_INET6)) 443 goto out; 444 445 if (ip6_dst_lookup(sk, &dst2, &fl)) 446 goto out; 447 448 err = xfrm_lookup(&dst2, &fl, sk, XFRM_LOOKUP_ICMP); 449 if (err == -ENOENT) { 450 if (!dst) 451 goto out; 452 goto route_done; 453 } 454 455 dst_release(dst); 456 dst = dst2; 457 458 if (err) 459 goto out; 460 461 route_done: 462 if (ipv6_addr_is_multicast(&fl.fl6_dst)) 463 hlimit = np->mcast_hops; 464 else 465 hlimit = np->hop_limit; 466 if (hlimit < 0) 467 hlimit = ip6_dst_hoplimit(dst); 468 469 tclass = np->tclass; 470 if (tclass < 0) 471 tclass = 0; 472 473 msg.skb = skb; 474 msg.offset = skb_network_offset(skb); 475 msg.type = type; 476 477 len = skb->len - msg.offset; 478 len = min_t(unsigned int, len, IPV6_MIN_MTU - sizeof(struct ipv6hdr) -sizeof(struct icmp6hdr)); 479 if (len < 0) { 480 LIMIT_NETDEBUG(KERN_DEBUG "icmp: len problem\n"); 481 goto out_dst_release; 482 } 483 484 idev = in6_dev_get(skb->dev); 485 486 err = ip6_append_data(sk, icmpv6_getfrag, &msg, 487 len + sizeof(struct icmp6hdr), 488 sizeof(struct icmp6hdr), 489 hlimit, tclass, NULL, &fl, (struct rt6_info*)dst, 490 MSG_DONTWAIT); 491 if (err) { 492 ip6_flush_pending_frames(sk); 493 goto out_put; 494 } 495 err = icmpv6_push_pending_frames(sk, &fl, &tmp_hdr, len + sizeof(struct icmp6hdr)); 496 497 out_put: 498 if (likely(idev != NULL)) 499 in6_dev_put(idev); 500 out_dst_release: 501 dst_release(dst); 502 out: 503 icmpv6_xmit_unlock(sk); 504 } 505 506 EXPORT_SYMBOL(icmpv6_send); 507 508 static void icmpv6_echo_reply(struct sk_buff *skb) 509 { 510 struct net *net = skb->dev->nd_net; 511 struct sock *sk; 512 struct inet6_dev *idev; 513 struct ipv6_pinfo *np; 514 struct in6_addr *saddr = NULL; 515 struct icmp6hdr *icmph = icmp6_hdr(skb); 516 struct icmp6hdr tmp_hdr; 517 struct flowi fl; 518 struct icmpv6_msg msg; 519 struct dst_entry *dst; 520 int err = 0; 521 int hlimit; 522 int tclass; 523 524 saddr = &ipv6_hdr(skb)->daddr; 525 526 if (!ipv6_unicast_destination(skb)) 527 saddr = NULL; 528 529 memcpy(&tmp_hdr, icmph, sizeof(tmp_hdr)); 530 tmp_hdr.icmp6_type = ICMPV6_ECHO_REPLY; 531 532 memset(&fl, 0, sizeof(fl)); 533 fl.proto = IPPROTO_ICMPV6; 534 ipv6_addr_copy(&fl.fl6_dst, &ipv6_hdr(skb)->saddr); 535 if (saddr) 536 ipv6_addr_copy(&fl.fl6_src, saddr); 537 fl.oif = skb->dev->ifindex; 538 fl.fl_icmp_type = ICMPV6_ECHO_REPLY; 539 security_skb_classify_flow(skb, &fl); 540 541 sk = icmpv6_sk(net); 542 np = inet6_sk(sk); 543 544 if (icmpv6_xmit_lock(sk)) 545 return; 546 547 if (!fl.oif && ipv6_addr_is_multicast(&fl.fl6_dst)) 548 fl.oif = np->mcast_oif; 549 550 err = ip6_dst_lookup(sk, &dst, &fl); 551 if (err) 552 goto out; 553 if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0) 554 goto out; 555 556 if (ipv6_addr_is_multicast(&fl.fl6_dst)) 557 hlimit = np->mcast_hops; 558 else 559 hlimit = np->hop_limit; 560 if (hlimit < 0) 561 hlimit = ip6_dst_hoplimit(dst); 562 563 tclass = np->tclass; 564 if (tclass < 0) 565 tclass = 0; 566 567 idev = in6_dev_get(skb->dev); 568 569 msg.skb = skb; 570 msg.offset = 0; 571 msg.type = ICMPV6_ECHO_REPLY; 572 573 err = ip6_append_data(sk, icmpv6_getfrag, &msg, skb->len + sizeof(struct icmp6hdr), 574 sizeof(struct icmp6hdr), hlimit, tclass, NULL, &fl, 575 (struct rt6_info*)dst, MSG_DONTWAIT); 576 577 if (err) { 578 ip6_flush_pending_frames(sk); 579 goto out_put; 580 } 581 err = icmpv6_push_pending_frames(sk, &fl, &tmp_hdr, skb->len + sizeof(struct icmp6hdr)); 582 583 out_put: 584 if (likely(idev != NULL)) 585 in6_dev_put(idev); 586 dst_release(dst); 587 out: 588 icmpv6_xmit_unlock(sk); 589 } 590 591 static void icmpv6_notify(struct sk_buff *skb, int type, int code, __be32 info) 592 { 593 struct inet6_protocol *ipprot; 594 int inner_offset; 595 int hash; 596 u8 nexthdr; 597 598 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) 599 return; 600 601 nexthdr = ((struct ipv6hdr *)skb->data)->nexthdr; 602 if (ipv6_ext_hdr(nexthdr)) { 603 /* now skip over extension headers */ 604 inner_offset = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), &nexthdr); 605 if (inner_offset<0) 606 return; 607 } else { 608 inner_offset = sizeof(struct ipv6hdr); 609 } 610 611 /* Checkin header including 8 bytes of inner protocol header. */ 612 if (!pskb_may_pull(skb, inner_offset+8)) 613 return; 614 615 /* BUGGG_FUTURE: we should try to parse exthdrs in this packet. 616 Without this we will not able f.e. to make source routed 617 pmtu discovery. 618 Corresponding argument (opt) to notifiers is already added. 619 --ANK (980726) 620 */ 621 622 hash = nexthdr & (MAX_INET_PROTOS - 1); 623 624 rcu_read_lock(); 625 ipprot = rcu_dereference(inet6_protos[hash]); 626 if (ipprot && ipprot->err_handler) 627 ipprot->err_handler(skb, NULL, type, code, inner_offset, info); 628 rcu_read_unlock(); 629 630 raw6_icmp_error(skb, nexthdr, type, code, inner_offset, info); 631 } 632 633 /* 634 * Handle icmp messages 635 */ 636 637 static int icmpv6_rcv(struct sk_buff *skb) 638 { 639 struct net_device *dev = skb->dev; 640 struct inet6_dev *idev = __in6_dev_get(dev); 641 struct in6_addr *saddr, *daddr; 642 struct ipv6hdr *orig_hdr; 643 struct icmp6hdr *hdr; 644 int type; 645 646 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) { 647 int nh; 648 649 if (!(skb->sp && skb->sp->xvec[skb->sp->len - 1]->props.flags & 650 XFRM_STATE_ICMP)) 651 goto drop_no_count; 652 653 if (!pskb_may_pull(skb, sizeof(*hdr) + sizeof(*orig_hdr))) 654 goto drop_no_count; 655 656 nh = skb_network_offset(skb); 657 skb_set_network_header(skb, sizeof(*hdr)); 658 659 if (!xfrm6_policy_check_reverse(NULL, XFRM_POLICY_IN, skb)) 660 goto drop_no_count; 661 662 skb_set_network_header(skb, nh); 663 } 664 665 ICMP6_INC_STATS_BH(idev, ICMP6_MIB_INMSGS); 666 667 saddr = &ipv6_hdr(skb)->saddr; 668 daddr = &ipv6_hdr(skb)->daddr; 669 670 /* Perform checksum. */ 671 switch (skb->ip_summed) { 672 case CHECKSUM_COMPLETE: 673 if (!csum_ipv6_magic(saddr, daddr, skb->len, IPPROTO_ICMPV6, 674 skb->csum)) 675 break; 676 /* fall through */ 677 case CHECKSUM_NONE: 678 skb->csum = ~csum_unfold(csum_ipv6_magic(saddr, daddr, skb->len, 679 IPPROTO_ICMPV6, 0)); 680 if (__skb_checksum_complete(skb)) { 681 LIMIT_NETDEBUG(KERN_DEBUG "ICMPv6 checksum failed [" NIP6_FMT " > " NIP6_FMT "]\n", 682 NIP6(*saddr), NIP6(*daddr)); 683 goto discard_it; 684 } 685 } 686 687 if (!pskb_pull(skb, sizeof(*hdr))) 688 goto discard_it; 689 690 hdr = icmp6_hdr(skb); 691 692 type = hdr->icmp6_type; 693 694 ICMP6MSGIN_INC_STATS_BH(idev, type); 695 696 switch (type) { 697 case ICMPV6_ECHO_REQUEST: 698 icmpv6_echo_reply(skb); 699 break; 700 701 case ICMPV6_ECHO_REPLY: 702 /* we couldn't care less */ 703 break; 704 705 case ICMPV6_PKT_TOOBIG: 706 /* BUGGG_FUTURE: if packet contains rthdr, we cannot update 707 standard destination cache. Seems, only "advanced" 708 destination cache will allow to solve this problem 709 --ANK (980726) 710 */ 711 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) 712 goto discard_it; 713 hdr = icmp6_hdr(skb); 714 orig_hdr = (struct ipv6hdr *) (hdr + 1); 715 rt6_pmtu_discovery(&orig_hdr->daddr, &orig_hdr->saddr, dev, 716 ntohl(hdr->icmp6_mtu)); 717 718 /* 719 * Drop through to notify 720 */ 721 722 case ICMPV6_DEST_UNREACH: 723 case ICMPV6_TIME_EXCEED: 724 case ICMPV6_PARAMPROB: 725 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu); 726 break; 727 728 case NDISC_ROUTER_SOLICITATION: 729 case NDISC_ROUTER_ADVERTISEMENT: 730 case NDISC_NEIGHBOUR_SOLICITATION: 731 case NDISC_NEIGHBOUR_ADVERTISEMENT: 732 case NDISC_REDIRECT: 733 ndisc_rcv(skb); 734 break; 735 736 case ICMPV6_MGM_QUERY: 737 igmp6_event_query(skb); 738 break; 739 740 case ICMPV6_MGM_REPORT: 741 igmp6_event_report(skb); 742 break; 743 744 case ICMPV6_MGM_REDUCTION: 745 case ICMPV6_NI_QUERY: 746 case ICMPV6_NI_REPLY: 747 case ICMPV6_MLD2_REPORT: 748 case ICMPV6_DHAAD_REQUEST: 749 case ICMPV6_DHAAD_REPLY: 750 case ICMPV6_MOBILE_PREFIX_SOL: 751 case ICMPV6_MOBILE_PREFIX_ADV: 752 break; 753 754 default: 755 LIMIT_NETDEBUG(KERN_DEBUG "icmpv6: msg of unknown type\n"); 756 757 /* informational */ 758 if (type & ICMPV6_INFOMSG_MASK) 759 break; 760 761 /* 762 * error of unknown type. 763 * must pass to upper level 764 */ 765 766 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu); 767 } 768 769 kfree_skb(skb); 770 return 0; 771 772 discard_it: 773 ICMP6_INC_STATS_BH(idev, ICMP6_MIB_INERRORS); 774 drop_no_count: 775 kfree_skb(skb); 776 return 0; 777 } 778 779 void icmpv6_flow_init(struct sock *sk, struct flowi *fl, 780 u8 type, 781 const struct in6_addr *saddr, 782 const struct in6_addr *daddr, 783 int oif) 784 { 785 memset(fl, 0, sizeof(*fl)); 786 ipv6_addr_copy(&fl->fl6_src, saddr); 787 ipv6_addr_copy(&fl->fl6_dst, daddr); 788 fl->proto = IPPROTO_ICMPV6; 789 fl->fl_icmp_type = type; 790 fl->fl_icmp_code = 0; 791 fl->oif = oif; 792 security_sk_classify_flow(sk, fl); 793 } 794 795 /* 796 * Special lock-class for __icmpv6_sk: 797 */ 798 static struct lock_class_key icmpv6_socket_sk_dst_lock_key; 799 800 static int __net_init icmpv6_sk_init(struct net *net) 801 { 802 struct sock *sk; 803 int err, i, j; 804 805 net->ipv6.icmp_sk = 806 kzalloc(nr_cpu_ids * sizeof(struct sock *), GFP_KERNEL); 807 if (net->ipv6.icmp_sk == NULL) 808 return -ENOMEM; 809 810 for_each_possible_cpu(i) { 811 struct socket *sock; 812 err = sock_create_kern(PF_INET6, SOCK_RAW, IPPROTO_ICMPV6, 813 &sock); 814 if (err < 0) { 815 printk(KERN_ERR 816 "Failed to initialize the ICMP6 control socket " 817 "(err %d).\n", 818 err); 819 goto fail; 820 } 821 822 net->ipv6.icmp_sk[i] = sk = sock->sk; 823 sk_change_net(sk, net); 824 825 sk->sk_allocation = GFP_ATOMIC; 826 /* 827 * Split off their lock-class, because sk->sk_dst_lock 828 * gets used from softirqs, which is safe for 829 * __icmpv6_sk (because those never get directly used 830 * via userspace syscalls), but unsafe for normal sockets. 831 */ 832 lockdep_set_class(&sk->sk_dst_lock, 833 &icmpv6_socket_sk_dst_lock_key); 834 835 /* Enough space for 2 64K ICMP packets, including 836 * sk_buff struct overhead. 837 */ 838 sk->sk_sndbuf = 839 (2 * ((64 * 1024) + sizeof(struct sk_buff))); 840 841 sk->sk_prot->unhash(sk); 842 } 843 return 0; 844 845 fail: 846 for (j = 0; j < i; j++) 847 sk_release_kernel(net->ipv6.icmp_sk[j]); 848 kfree(net->ipv6.icmp_sk); 849 return err; 850 } 851 852 static void __net_exit icmpv6_sk_exit(struct net *net) 853 { 854 int i; 855 856 for_each_possible_cpu(i) { 857 sk_release_kernel(net->ipv6.icmp_sk[i]); 858 } 859 kfree(net->ipv6.icmp_sk); 860 } 861 862 static struct pernet_operations icmpv6_sk_ops = { 863 .init = icmpv6_sk_init, 864 .exit = icmpv6_sk_exit, 865 }; 866 867 int __init icmpv6_init(void) 868 { 869 int err; 870 871 err = register_pernet_subsys(&icmpv6_sk_ops); 872 if (err < 0) 873 return err; 874 875 err = -EAGAIN; 876 if (inet6_add_protocol(&icmpv6_protocol, IPPROTO_ICMPV6) < 0) 877 goto fail; 878 return 0; 879 880 fail: 881 printk(KERN_ERR "Failed to register ICMP6 protocol\n"); 882 unregister_pernet_subsys(&icmpv6_sk_ops); 883 return err; 884 } 885 886 void icmpv6_cleanup(void) 887 { 888 unregister_pernet_subsys(&icmpv6_sk_ops); 889 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6); 890 } 891 892 893 static const struct icmp6_err { 894 int err; 895 int fatal; 896 } tab_unreach[] = { 897 { /* NOROUTE */ 898 .err = ENETUNREACH, 899 .fatal = 0, 900 }, 901 { /* ADM_PROHIBITED */ 902 .err = EACCES, 903 .fatal = 1, 904 }, 905 { /* Was NOT_NEIGHBOUR, now reserved */ 906 .err = EHOSTUNREACH, 907 .fatal = 0, 908 }, 909 { /* ADDR_UNREACH */ 910 .err = EHOSTUNREACH, 911 .fatal = 0, 912 }, 913 { /* PORT_UNREACH */ 914 .err = ECONNREFUSED, 915 .fatal = 1, 916 }, 917 }; 918 919 int icmpv6_err_convert(int type, int code, int *err) 920 { 921 int fatal = 0; 922 923 *err = EPROTO; 924 925 switch (type) { 926 case ICMPV6_DEST_UNREACH: 927 fatal = 1; 928 if (code <= ICMPV6_PORT_UNREACH) { 929 *err = tab_unreach[code].err; 930 fatal = tab_unreach[code].fatal; 931 } 932 break; 933 934 case ICMPV6_PKT_TOOBIG: 935 *err = EMSGSIZE; 936 break; 937 938 case ICMPV6_PARAMPROB: 939 *err = EPROTO; 940 fatal = 1; 941 break; 942 943 case ICMPV6_TIME_EXCEED: 944 *err = EHOSTUNREACH; 945 break; 946 } 947 948 return fatal; 949 } 950 951 EXPORT_SYMBOL(icmpv6_err_convert); 952 953 #ifdef CONFIG_SYSCTL 954 ctl_table ipv6_icmp_table_template[] = { 955 { 956 .ctl_name = NET_IPV6_ICMP_RATELIMIT, 957 .procname = "ratelimit", 958 .data = &init_net.ipv6.sysctl.icmpv6_time, 959 .maxlen = sizeof(int), 960 .mode = 0644, 961 .proc_handler = &proc_dointvec 962 }, 963 { .ctl_name = 0 }, 964 }; 965 966 struct ctl_table *ipv6_icmp_sysctl_init(struct net *net) 967 { 968 struct ctl_table *table; 969 970 table = kmemdup(ipv6_icmp_table_template, 971 sizeof(ipv6_icmp_table_template), 972 GFP_KERNEL); 973 974 if (table) 975 table[0].data = &net->ipv6.sysctl.icmpv6_time; 976 977 return table; 978 } 979 #endif 980 981