1 /* 2 * Internet Control Message Protocol (ICMPv6) 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * 8 * Based on net/ipv4/icmp.c 9 * 10 * RFC 1885 11 * 12 * This program is free software; you can redistribute it and/or 13 * modify it under the terms of the GNU General Public License 14 * as published by the Free Software Foundation; either version 15 * 2 of the License, or (at your option) any later version. 16 */ 17 18 /* 19 * Changes: 20 * 21 * Andi Kleen : exception handling 22 * Andi Kleen add rate limits. never reply to a icmp. 23 * add more length checks and other fixes. 24 * yoshfuji : ensure to sent parameter problem for 25 * fragments. 26 * YOSHIFUJI Hideaki @USAGI: added sysctl for icmp rate limit. 27 * Randy Dunlap and 28 * YOSHIFUJI Hideaki @USAGI: Per-interface statistics support 29 * Kazunori MIYAZAWA @USAGI: change output process to use ip6_append_data 30 */ 31 32 #include <linux/module.h> 33 #include <linux/errno.h> 34 #include <linux/types.h> 35 #include <linux/socket.h> 36 #include <linux/in.h> 37 #include <linux/kernel.h> 38 #include <linux/sockios.h> 39 #include <linux/net.h> 40 #include <linux/skbuff.h> 41 #include <linux/init.h> 42 #include <linux/netfilter.h> 43 #include <linux/slab.h> 44 45 #ifdef CONFIG_SYSCTL 46 #include <linux/sysctl.h> 47 #endif 48 49 #include <linux/inet.h> 50 #include <linux/netdevice.h> 51 #include <linux/icmpv6.h> 52 53 #include <net/ip.h> 54 #include <net/sock.h> 55 56 #include <net/ipv6.h> 57 #include <net/ip6_checksum.h> 58 #include <net/protocol.h> 59 #include <net/raw.h> 60 #include <net/rawv6.h> 61 #include <net/transp_v6.h> 62 #include <net/ip6_route.h> 63 #include <net/addrconf.h> 64 #include <net/icmp.h> 65 #include <net/xfrm.h> 66 #include <net/inet_common.h> 67 68 #include <asm/uaccess.h> 69 #include <asm/system.h> 70 71 /* 72 * The ICMP socket(s). This is the most convenient way to flow control 73 * our ICMP output as well as maintain a clean interface throughout 74 * all layers. All Socketless IP sends will soon be gone. 75 * 76 * On SMP we have one ICMP socket per-cpu. 77 */ 78 static inline struct sock *icmpv6_sk(struct net *net) 79 { 80 return net->ipv6.icmp_sk[smp_processor_id()]; 81 } 82 83 static int icmpv6_rcv(struct sk_buff *skb); 84 85 static const struct inet6_protocol icmpv6_protocol = { 86 .handler = icmpv6_rcv, 87 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL, 88 }; 89 90 static __inline__ struct sock *icmpv6_xmit_lock(struct net *net) 91 { 92 struct sock *sk; 93 94 local_bh_disable(); 95 96 sk = icmpv6_sk(net); 97 if (unlikely(!spin_trylock(&sk->sk_lock.slock))) { 98 /* This can happen if the output path (f.e. SIT or 99 * ip6ip6 tunnel) signals dst_link_failure() for an 100 * outgoing ICMP6 packet. 101 */ 102 local_bh_enable(); 103 return NULL; 104 } 105 return sk; 106 } 107 108 static __inline__ void icmpv6_xmit_unlock(struct sock *sk) 109 { 110 spin_unlock_bh(&sk->sk_lock.slock); 111 } 112 113 /* 114 * Slightly more convenient version of icmpv6_send. 115 */ 116 void icmpv6_param_prob(struct sk_buff *skb, u8 code, int pos) 117 { 118 icmpv6_send(skb, ICMPV6_PARAMPROB, code, pos); 119 kfree_skb(skb); 120 } 121 122 /* 123 * Figure out, may we reply to this packet with icmp error. 124 * 125 * We do not reply, if: 126 * - it was icmp error message. 127 * - it is truncated, so that it is known, that protocol is ICMPV6 128 * (i.e. in the middle of some exthdr) 129 * 130 * --ANK (980726) 131 */ 132 133 static int is_ineligible(struct sk_buff *skb) 134 { 135 int ptr = (u8 *)(ipv6_hdr(skb) + 1) - skb->data; 136 int len = skb->len - ptr; 137 __u8 nexthdr = ipv6_hdr(skb)->nexthdr; 138 __be16 frag_off; 139 140 if (len < 0) 141 return 1; 142 143 ptr = ipv6_skip_exthdr(skb, ptr, &nexthdr, &frag_off); 144 if (ptr < 0) 145 return 0; 146 if (nexthdr == IPPROTO_ICMPV6) { 147 u8 _type, *tp; 148 tp = skb_header_pointer(skb, 149 ptr+offsetof(struct icmp6hdr, icmp6_type), 150 sizeof(_type), &_type); 151 if (tp == NULL || 152 !(*tp & ICMPV6_INFOMSG_MASK)) 153 return 1; 154 } 155 return 0; 156 } 157 158 /* 159 * Check the ICMP output rate limit 160 */ 161 static inline bool icmpv6_xrlim_allow(struct sock *sk, u8 type, 162 struct flowi6 *fl6) 163 { 164 struct dst_entry *dst; 165 struct net *net = sock_net(sk); 166 bool res = false; 167 168 /* Informational messages are not limited. */ 169 if (type & ICMPV6_INFOMSG_MASK) 170 return true; 171 172 /* Do not limit pmtu discovery, it would break it. */ 173 if (type == ICMPV6_PKT_TOOBIG) 174 return true; 175 176 /* 177 * Look up the output route. 178 * XXX: perhaps the expire for routing entries cloned by 179 * this lookup should be more aggressive (not longer than timeout). 180 */ 181 dst = ip6_route_output(net, sk, fl6); 182 if (dst->error) { 183 IP6_INC_STATS(net, ip6_dst_idev(dst), 184 IPSTATS_MIB_OUTNOROUTES); 185 } else if (dst->dev && (dst->dev->flags&IFF_LOOPBACK)) { 186 res = true; 187 } else { 188 struct rt6_info *rt = (struct rt6_info *)dst; 189 int tmo = net->ipv6.sysctl.icmpv6_time; 190 191 /* Give more bandwidth to wider prefixes. */ 192 if (rt->rt6i_dst.plen < 128) 193 tmo >>= ((128 - rt->rt6i_dst.plen)>>5); 194 195 if (!rt->rt6i_peer) 196 rt6_bind_peer(rt, 1); 197 res = inet_peer_xrlim_allow(rt->rt6i_peer, tmo); 198 } 199 dst_release(dst); 200 return res; 201 } 202 203 /* 204 * an inline helper for the "simple" if statement below 205 * checks if parameter problem report is caused by an 206 * unrecognized IPv6 option that has the Option Type 207 * highest-order two bits set to 10 208 */ 209 210 static __inline__ int opt_unrec(struct sk_buff *skb, __u32 offset) 211 { 212 u8 _optval, *op; 213 214 offset += skb_network_offset(skb); 215 op = skb_header_pointer(skb, offset, sizeof(_optval), &_optval); 216 if (op == NULL) 217 return 1; 218 return (*op & 0xC0) == 0x80; 219 } 220 221 static int icmpv6_push_pending_frames(struct sock *sk, struct flowi6 *fl6, struct icmp6hdr *thdr, int len) 222 { 223 struct sk_buff *skb; 224 struct icmp6hdr *icmp6h; 225 int err = 0; 226 227 if ((skb = skb_peek(&sk->sk_write_queue)) == NULL) 228 goto out; 229 230 icmp6h = icmp6_hdr(skb); 231 memcpy(icmp6h, thdr, sizeof(struct icmp6hdr)); 232 icmp6h->icmp6_cksum = 0; 233 234 if (skb_queue_len(&sk->sk_write_queue) == 1) { 235 skb->csum = csum_partial(icmp6h, 236 sizeof(struct icmp6hdr), skb->csum); 237 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr, 238 &fl6->daddr, 239 len, fl6->flowi6_proto, 240 skb->csum); 241 } else { 242 __wsum tmp_csum = 0; 243 244 skb_queue_walk(&sk->sk_write_queue, skb) { 245 tmp_csum = csum_add(tmp_csum, skb->csum); 246 } 247 248 tmp_csum = csum_partial(icmp6h, 249 sizeof(struct icmp6hdr), tmp_csum); 250 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr, 251 &fl6->daddr, 252 len, fl6->flowi6_proto, 253 tmp_csum); 254 } 255 ip6_push_pending_frames(sk); 256 out: 257 return err; 258 } 259 260 struct icmpv6_msg { 261 struct sk_buff *skb; 262 int offset; 263 uint8_t type; 264 }; 265 266 static int icmpv6_getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb) 267 { 268 struct icmpv6_msg *msg = (struct icmpv6_msg *) from; 269 struct sk_buff *org_skb = msg->skb; 270 __wsum csum = 0; 271 272 csum = skb_copy_and_csum_bits(org_skb, msg->offset + offset, 273 to, len, csum); 274 skb->csum = csum_block_add(skb->csum, csum, odd); 275 if (!(msg->type & ICMPV6_INFOMSG_MASK)) 276 nf_ct_attach(skb, org_skb); 277 return 0; 278 } 279 280 #if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE) 281 static void mip6_addr_swap(struct sk_buff *skb) 282 { 283 struct ipv6hdr *iph = ipv6_hdr(skb); 284 struct inet6_skb_parm *opt = IP6CB(skb); 285 struct ipv6_destopt_hao *hao; 286 struct in6_addr tmp; 287 int off; 288 289 if (opt->dsthao) { 290 off = ipv6_find_tlv(skb, opt->dsthao, IPV6_TLV_HAO); 291 if (likely(off >= 0)) { 292 hao = (struct ipv6_destopt_hao *) 293 (skb_network_header(skb) + off); 294 tmp = iph->saddr; 295 iph->saddr = hao->addr; 296 hao->addr = tmp; 297 } 298 } 299 } 300 #else 301 static inline void mip6_addr_swap(struct sk_buff *skb) {} 302 #endif 303 304 static struct dst_entry *icmpv6_route_lookup(struct net *net, struct sk_buff *skb, 305 struct sock *sk, struct flowi6 *fl6) 306 { 307 struct dst_entry *dst, *dst2; 308 struct flowi6 fl2; 309 int err; 310 311 err = ip6_dst_lookup(sk, &dst, fl6); 312 if (err) 313 return ERR_PTR(err); 314 315 /* 316 * We won't send icmp if the destination is known 317 * anycast. 318 */ 319 if (((struct rt6_info *)dst)->rt6i_flags & RTF_ANYCAST) { 320 LIMIT_NETDEBUG(KERN_DEBUG "icmpv6_send: acast source\n"); 321 dst_release(dst); 322 return ERR_PTR(-EINVAL); 323 } 324 325 /* No need to clone since we're just using its address. */ 326 dst2 = dst; 327 328 dst = xfrm_lookup(net, dst, flowi6_to_flowi(fl6), sk, 0); 329 if (!IS_ERR(dst)) { 330 if (dst != dst2) 331 return dst; 332 } else { 333 if (PTR_ERR(dst) == -EPERM) 334 dst = NULL; 335 else 336 return dst; 337 } 338 339 err = xfrm_decode_session_reverse(skb, flowi6_to_flowi(&fl2), AF_INET6); 340 if (err) 341 goto relookup_failed; 342 343 err = ip6_dst_lookup(sk, &dst2, &fl2); 344 if (err) 345 goto relookup_failed; 346 347 dst2 = xfrm_lookup(net, dst2, flowi6_to_flowi(&fl2), sk, XFRM_LOOKUP_ICMP); 348 if (!IS_ERR(dst2)) { 349 dst_release(dst); 350 dst = dst2; 351 } else { 352 err = PTR_ERR(dst2); 353 if (err == -EPERM) { 354 dst_release(dst); 355 return dst2; 356 } else 357 goto relookup_failed; 358 } 359 360 relookup_failed: 361 if (dst) 362 return dst; 363 return ERR_PTR(err); 364 } 365 366 /* 367 * Send an ICMP message in response to a packet in error 368 */ 369 void icmpv6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info) 370 { 371 struct net *net = dev_net(skb->dev); 372 struct inet6_dev *idev = NULL; 373 struct ipv6hdr *hdr = ipv6_hdr(skb); 374 struct sock *sk; 375 struct ipv6_pinfo *np; 376 const struct in6_addr *saddr = NULL; 377 struct dst_entry *dst; 378 struct icmp6hdr tmp_hdr; 379 struct flowi6 fl6; 380 struct icmpv6_msg msg; 381 int iif = 0; 382 int addr_type = 0; 383 int len; 384 int hlimit; 385 int err = 0; 386 387 if ((u8 *)hdr < skb->head || 388 (skb->network_header + sizeof(*hdr)) > skb->tail) 389 return; 390 391 /* 392 * Make sure we respect the rules 393 * i.e. RFC 1885 2.4(e) 394 * Rule (e.1) is enforced by not using icmpv6_send 395 * in any code that processes icmp errors. 396 */ 397 addr_type = ipv6_addr_type(&hdr->daddr); 398 399 if (ipv6_chk_addr(net, &hdr->daddr, skb->dev, 0)) 400 saddr = &hdr->daddr; 401 402 /* 403 * Dest addr check 404 */ 405 406 if ((addr_type & IPV6_ADDR_MULTICAST || skb->pkt_type != PACKET_HOST)) { 407 if (type != ICMPV6_PKT_TOOBIG && 408 !(type == ICMPV6_PARAMPROB && 409 code == ICMPV6_UNK_OPTION && 410 (opt_unrec(skb, info)))) 411 return; 412 413 saddr = NULL; 414 } 415 416 addr_type = ipv6_addr_type(&hdr->saddr); 417 418 /* 419 * Source addr check 420 */ 421 422 if (addr_type & IPV6_ADDR_LINKLOCAL) 423 iif = skb->dev->ifindex; 424 425 /* 426 * Must not send error if the source does not uniquely 427 * identify a single node (RFC2463 Section 2.4). 428 * We check unspecified / multicast addresses here, 429 * and anycast addresses will be checked later. 430 */ 431 if ((addr_type == IPV6_ADDR_ANY) || (addr_type & IPV6_ADDR_MULTICAST)) { 432 LIMIT_NETDEBUG(KERN_DEBUG "icmpv6_send: addr_any/mcast source\n"); 433 return; 434 } 435 436 /* 437 * Never answer to a ICMP packet. 438 */ 439 if (is_ineligible(skb)) { 440 LIMIT_NETDEBUG(KERN_DEBUG "icmpv6_send: no reply to icmp error\n"); 441 return; 442 } 443 444 mip6_addr_swap(skb); 445 446 memset(&fl6, 0, sizeof(fl6)); 447 fl6.flowi6_proto = IPPROTO_ICMPV6; 448 fl6.daddr = hdr->saddr; 449 if (saddr) 450 fl6.saddr = *saddr; 451 fl6.flowi6_oif = iif; 452 fl6.fl6_icmp_type = type; 453 fl6.fl6_icmp_code = code; 454 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6)); 455 456 sk = icmpv6_xmit_lock(net); 457 if (sk == NULL) 458 return; 459 np = inet6_sk(sk); 460 461 if (!icmpv6_xrlim_allow(sk, type, &fl6)) 462 goto out; 463 464 tmp_hdr.icmp6_type = type; 465 tmp_hdr.icmp6_code = code; 466 tmp_hdr.icmp6_cksum = 0; 467 tmp_hdr.icmp6_pointer = htonl(info); 468 469 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr)) 470 fl6.flowi6_oif = np->mcast_oif; 471 472 dst = icmpv6_route_lookup(net, skb, sk, &fl6); 473 if (IS_ERR(dst)) 474 goto out; 475 476 if (ipv6_addr_is_multicast(&fl6.daddr)) 477 hlimit = np->mcast_hops; 478 else 479 hlimit = np->hop_limit; 480 if (hlimit < 0) 481 hlimit = ip6_dst_hoplimit(dst); 482 483 msg.skb = skb; 484 msg.offset = skb_network_offset(skb); 485 msg.type = type; 486 487 len = skb->len - msg.offset; 488 len = min_t(unsigned int, len, IPV6_MIN_MTU - sizeof(struct ipv6hdr) -sizeof(struct icmp6hdr)); 489 if (len < 0) { 490 LIMIT_NETDEBUG(KERN_DEBUG "icmp: len problem\n"); 491 goto out_dst_release; 492 } 493 494 rcu_read_lock(); 495 idev = __in6_dev_get(skb->dev); 496 497 err = ip6_append_data(sk, icmpv6_getfrag, &msg, 498 len + sizeof(struct icmp6hdr), 499 sizeof(struct icmp6hdr), hlimit, 500 np->tclass, NULL, &fl6, (struct rt6_info*)dst, 501 MSG_DONTWAIT, np->dontfrag); 502 if (err) { 503 ICMP6_INC_STATS_BH(net, idev, ICMP6_MIB_OUTERRORS); 504 ip6_flush_pending_frames(sk); 505 } else { 506 err = icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr, 507 len + sizeof(struct icmp6hdr)); 508 } 509 rcu_read_unlock(); 510 out_dst_release: 511 dst_release(dst); 512 out: 513 icmpv6_xmit_unlock(sk); 514 } 515 EXPORT_SYMBOL(icmpv6_send); 516 517 static void icmpv6_echo_reply(struct sk_buff *skb) 518 { 519 struct net *net = dev_net(skb->dev); 520 struct sock *sk; 521 struct inet6_dev *idev; 522 struct ipv6_pinfo *np; 523 const struct in6_addr *saddr = NULL; 524 struct icmp6hdr *icmph = icmp6_hdr(skb); 525 struct icmp6hdr tmp_hdr; 526 struct flowi6 fl6; 527 struct icmpv6_msg msg; 528 struct dst_entry *dst; 529 int err = 0; 530 int hlimit; 531 532 saddr = &ipv6_hdr(skb)->daddr; 533 534 if (!ipv6_unicast_destination(skb)) 535 saddr = NULL; 536 537 memcpy(&tmp_hdr, icmph, sizeof(tmp_hdr)); 538 tmp_hdr.icmp6_type = ICMPV6_ECHO_REPLY; 539 540 memset(&fl6, 0, sizeof(fl6)); 541 fl6.flowi6_proto = IPPROTO_ICMPV6; 542 fl6.daddr = ipv6_hdr(skb)->saddr; 543 if (saddr) 544 fl6.saddr = *saddr; 545 fl6.flowi6_oif = skb->dev->ifindex; 546 fl6.fl6_icmp_type = ICMPV6_ECHO_REPLY; 547 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6)); 548 549 sk = icmpv6_xmit_lock(net); 550 if (sk == NULL) 551 return; 552 np = inet6_sk(sk); 553 554 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr)) 555 fl6.flowi6_oif = np->mcast_oif; 556 557 err = ip6_dst_lookup(sk, &dst, &fl6); 558 if (err) 559 goto out; 560 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), sk, 0); 561 if (IS_ERR(dst)) 562 goto out; 563 564 if (ipv6_addr_is_multicast(&fl6.daddr)) 565 hlimit = np->mcast_hops; 566 else 567 hlimit = np->hop_limit; 568 if (hlimit < 0) 569 hlimit = ip6_dst_hoplimit(dst); 570 571 idev = __in6_dev_get(skb->dev); 572 573 msg.skb = skb; 574 msg.offset = 0; 575 msg.type = ICMPV6_ECHO_REPLY; 576 577 err = ip6_append_data(sk, icmpv6_getfrag, &msg, skb->len + sizeof(struct icmp6hdr), 578 sizeof(struct icmp6hdr), hlimit, np->tclass, NULL, &fl6, 579 (struct rt6_info*)dst, MSG_DONTWAIT, 580 np->dontfrag); 581 582 if (err) { 583 ICMP6_INC_STATS_BH(net, idev, ICMP6_MIB_OUTERRORS); 584 ip6_flush_pending_frames(sk); 585 } else { 586 err = icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr, 587 skb->len + sizeof(struct icmp6hdr)); 588 } 589 dst_release(dst); 590 out: 591 icmpv6_xmit_unlock(sk); 592 } 593 594 static void icmpv6_notify(struct sk_buff *skb, u8 type, u8 code, __be32 info) 595 { 596 const struct inet6_protocol *ipprot; 597 int inner_offset; 598 int hash; 599 u8 nexthdr; 600 __be16 frag_off; 601 602 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) 603 return; 604 605 nexthdr = ((struct ipv6hdr *)skb->data)->nexthdr; 606 if (ipv6_ext_hdr(nexthdr)) { 607 /* now skip over extension headers */ 608 inner_offset = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), 609 &nexthdr, &frag_off); 610 if (inner_offset<0) 611 return; 612 } else { 613 inner_offset = sizeof(struct ipv6hdr); 614 } 615 616 /* Checkin header including 8 bytes of inner protocol header. */ 617 if (!pskb_may_pull(skb, inner_offset+8)) 618 return; 619 620 /* BUGGG_FUTURE: we should try to parse exthdrs in this packet. 621 Without this we will not able f.e. to make source routed 622 pmtu discovery. 623 Corresponding argument (opt) to notifiers is already added. 624 --ANK (980726) 625 */ 626 627 hash = nexthdr & (MAX_INET_PROTOS - 1); 628 629 rcu_read_lock(); 630 ipprot = rcu_dereference(inet6_protos[hash]); 631 if (ipprot && ipprot->err_handler) 632 ipprot->err_handler(skb, NULL, type, code, inner_offset, info); 633 rcu_read_unlock(); 634 635 raw6_icmp_error(skb, nexthdr, type, code, inner_offset, info); 636 } 637 638 /* 639 * Handle icmp messages 640 */ 641 642 static int icmpv6_rcv(struct sk_buff *skb) 643 { 644 struct net_device *dev = skb->dev; 645 struct inet6_dev *idev = __in6_dev_get(dev); 646 const struct in6_addr *saddr, *daddr; 647 const struct ipv6hdr *orig_hdr; 648 struct icmp6hdr *hdr; 649 u8 type; 650 651 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) { 652 struct sec_path *sp = skb_sec_path(skb); 653 int nh; 654 655 if (!(sp && sp->xvec[sp->len - 1]->props.flags & 656 XFRM_STATE_ICMP)) 657 goto drop_no_count; 658 659 if (!pskb_may_pull(skb, sizeof(*hdr) + sizeof(*orig_hdr))) 660 goto drop_no_count; 661 662 nh = skb_network_offset(skb); 663 skb_set_network_header(skb, sizeof(*hdr)); 664 665 if (!xfrm6_policy_check_reverse(NULL, XFRM_POLICY_IN, skb)) 666 goto drop_no_count; 667 668 skb_set_network_header(skb, nh); 669 } 670 671 ICMP6_INC_STATS_BH(dev_net(dev), idev, ICMP6_MIB_INMSGS); 672 673 saddr = &ipv6_hdr(skb)->saddr; 674 daddr = &ipv6_hdr(skb)->daddr; 675 676 /* Perform checksum. */ 677 switch (skb->ip_summed) { 678 case CHECKSUM_COMPLETE: 679 if (!csum_ipv6_magic(saddr, daddr, skb->len, IPPROTO_ICMPV6, 680 skb->csum)) 681 break; 682 /* fall through */ 683 case CHECKSUM_NONE: 684 skb->csum = ~csum_unfold(csum_ipv6_magic(saddr, daddr, skb->len, 685 IPPROTO_ICMPV6, 0)); 686 if (__skb_checksum_complete(skb)) { 687 LIMIT_NETDEBUG(KERN_DEBUG "ICMPv6 checksum failed [%pI6 > %pI6]\n", 688 saddr, daddr); 689 goto discard_it; 690 } 691 } 692 693 if (!pskb_pull(skb, sizeof(*hdr))) 694 goto discard_it; 695 696 hdr = icmp6_hdr(skb); 697 698 type = hdr->icmp6_type; 699 700 ICMP6MSGIN_INC_STATS_BH(dev_net(dev), idev, type); 701 702 switch (type) { 703 case ICMPV6_ECHO_REQUEST: 704 icmpv6_echo_reply(skb); 705 break; 706 707 case ICMPV6_ECHO_REPLY: 708 /* we couldn't care less */ 709 break; 710 711 case ICMPV6_PKT_TOOBIG: 712 /* BUGGG_FUTURE: if packet contains rthdr, we cannot update 713 standard destination cache. Seems, only "advanced" 714 destination cache will allow to solve this problem 715 --ANK (980726) 716 */ 717 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) 718 goto discard_it; 719 hdr = icmp6_hdr(skb); 720 orig_hdr = (struct ipv6hdr *) (hdr + 1); 721 rt6_pmtu_discovery(&orig_hdr->daddr, &orig_hdr->saddr, dev, 722 ntohl(hdr->icmp6_mtu)); 723 724 /* 725 * Drop through to notify 726 */ 727 728 case ICMPV6_DEST_UNREACH: 729 case ICMPV6_TIME_EXCEED: 730 case ICMPV6_PARAMPROB: 731 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu); 732 break; 733 734 case NDISC_ROUTER_SOLICITATION: 735 case NDISC_ROUTER_ADVERTISEMENT: 736 case NDISC_NEIGHBOUR_SOLICITATION: 737 case NDISC_NEIGHBOUR_ADVERTISEMENT: 738 case NDISC_REDIRECT: 739 ndisc_rcv(skb); 740 break; 741 742 case ICMPV6_MGM_QUERY: 743 igmp6_event_query(skb); 744 break; 745 746 case ICMPV6_MGM_REPORT: 747 igmp6_event_report(skb); 748 break; 749 750 case ICMPV6_MGM_REDUCTION: 751 case ICMPV6_NI_QUERY: 752 case ICMPV6_NI_REPLY: 753 case ICMPV6_MLD2_REPORT: 754 case ICMPV6_DHAAD_REQUEST: 755 case ICMPV6_DHAAD_REPLY: 756 case ICMPV6_MOBILE_PREFIX_SOL: 757 case ICMPV6_MOBILE_PREFIX_ADV: 758 break; 759 760 default: 761 LIMIT_NETDEBUG(KERN_DEBUG "icmpv6: msg of unknown type\n"); 762 763 /* informational */ 764 if (type & ICMPV6_INFOMSG_MASK) 765 break; 766 767 /* 768 * error of unknown type. 769 * must pass to upper level 770 */ 771 772 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu); 773 } 774 775 kfree_skb(skb); 776 return 0; 777 778 discard_it: 779 ICMP6_INC_STATS_BH(dev_net(dev), idev, ICMP6_MIB_INERRORS); 780 drop_no_count: 781 kfree_skb(skb); 782 return 0; 783 } 784 785 void icmpv6_flow_init(struct sock *sk, struct flowi6 *fl6, 786 u8 type, 787 const struct in6_addr *saddr, 788 const struct in6_addr *daddr, 789 int oif) 790 { 791 memset(fl6, 0, sizeof(*fl6)); 792 fl6->saddr = *saddr; 793 fl6->daddr = *daddr; 794 fl6->flowi6_proto = IPPROTO_ICMPV6; 795 fl6->fl6_icmp_type = type; 796 fl6->fl6_icmp_code = 0; 797 fl6->flowi6_oif = oif; 798 security_sk_classify_flow(sk, flowi6_to_flowi(fl6)); 799 } 800 801 /* 802 * Special lock-class for __icmpv6_sk: 803 */ 804 static struct lock_class_key icmpv6_socket_sk_dst_lock_key; 805 806 static int __net_init icmpv6_sk_init(struct net *net) 807 { 808 struct sock *sk; 809 int err, i, j; 810 811 net->ipv6.icmp_sk = 812 kzalloc(nr_cpu_ids * sizeof(struct sock *), GFP_KERNEL); 813 if (net->ipv6.icmp_sk == NULL) 814 return -ENOMEM; 815 816 for_each_possible_cpu(i) { 817 err = inet_ctl_sock_create(&sk, PF_INET6, 818 SOCK_RAW, IPPROTO_ICMPV6, net); 819 if (err < 0) { 820 printk(KERN_ERR 821 "Failed to initialize the ICMP6 control socket " 822 "(err %d).\n", 823 err); 824 goto fail; 825 } 826 827 net->ipv6.icmp_sk[i] = sk; 828 829 /* 830 * Split off their lock-class, because sk->sk_dst_lock 831 * gets used from softirqs, which is safe for 832 * __icmpv6_sk (because those never get directly used 833 * via userspace syscalls), but unsafe for normal sockets. 834 */ 835 lockdep_set_class(&sk->sk_dst_lock, 836 &icmpv6_socket_sk_dst_lock_key); 837 838 /* Enough space for 2 64K ICMP packets, including 839 * sk_buff struct overhead. 840 */ 841 sk->sk_sndbuf = 2 * SKB_TRUESIZE(64 * 1024); 842 } 843 return 0; 844 845 fail: 846 for (j = 0; j < i; j++) 847 inet_ctl_sock_destroy(net->ipv6.icmp_sk[j]); 848 kfree(net->ipv6.icmp_sk); 849 return err; 850 } 851 852 static void __net_exit icmpv6_sk_exit(struct net *net) 853 { 854 int i; 855 856 for_each_possible_cpu(i) { 857 inet_ctl_sock_destroy(net->ipv6.icmp_sk[i]); 858 } 859 kfree(net->ipv6.icmp_sk); 860 } 861 862 static struct pernet_operations icmpv6_sk_ops = { 863 .init = icmpv6_sk_init, 864 .exit = icmpv6_sk_exit, 865 }; 866 867 int __init icmpv6_init(void) 868 { 869 int err; 870 871 err = register_pernet_subsys(&icmpv6_sk_ops); 872 if (err < 0) 873 return err; 874 875 err = -EAGAIN; 876 if (inet6_add_protocol(&icmpv6_protocol, IPPROTO_ICMPV6) < 0) 877 goto fail; 878 return 0; 879 880 fail: 881 printk(KERN_ERR "Failed to register ICMP6 protocol\n"); 882 unregister_pernet_subsys(&icmpv6_sk_ops); 883 return err; 884 } 885 886 void icmpv6_cleanup(void) 887 { 888 unregister_pernet_subsys(&icmpv6_sk_ops); 889 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6); 890 } 891 892 893 static const struct icmp6_err { 894 int err; 895 int fatal; 896 } tab_unreach[] = { 897 { /* NOROUTE */ 898 .err = ENETUNREACH, 899 .fatal = 0, 900 }, 901 { /* ADM_PROHIBITED */ 902 .err = EACCES, 903 .fatal = 1, 904 }, 905 { /* Was NOT_NEIGHBOUR, now reserved */ 906 .err = EHOSTUNREACH, 907 .fatal = 0, 908 }, 909 { /* ADDR_UNREACH */ 910 .err = EHOSTUNREACH, 911 .fatal = 0, 912 }, 913 { /* PORT_UNREACH */ 914 .err = ECONNREFUSED, 915 .fatal = 1, 916 }, 917 }; 918 919 int icmpv6_err_convert(u8 type, u8 code, int *err) 920 { 921 int fatal = 0; 922 923 *err = EPROTO; 924 925 switch (type) { 926 case ICMPV6_DEST_UNREACH: 927 fatal = 1; 928 if (code <= ICMPV6_PORT_UNREACH) { 929 *err = tab_unreach[code].err; 930 fatal = tab_unreach[code].fatal; 931 } 932 break; 933 934 case ICMPV6_PKT_TOOBIG: 935 *err = EMSGSIZE; 936 break; 937 938 case ICMPV6_PARAMPROB: 939 *err = EPROTO; 940 fatal = 1; 941 break; 942 943 case ICMPV6_TIME_EXCEED: 944 *err = EHOSTUNREACH; 945 break; 946 } 947 948 return fatal; 949 } 950 951 EXPORT_SYMBOL(icmpv6_err_convert); 952 953 #ifdef CONFIG_SYSCTL 954 ctl_table ipv6_icmp_table_template[] = { 955 { 956 .procname = "ratelimit", 957 .data = &init_net.ipv6.sysctl.icmpv6_time, 958 .maxlen = sizeof(int), 959 .mode = 0644, 960 .proc_handler = proc_dointvec_ms_jiffies, 961 }, 962 { }, 963 }; 964 965 struct ctl_table * __net_init ipv6_icmp_sysctl_init(struct net *net) 966 { 967 struct ctl_table *table; 968 969 table = kmemdup(ipv6_icmp_table_template, 970 sizeof(ipv6_icmp_table_template), 971 GFP_KERNEL); 972 973 if (table) 974 table[0].data = &net->ipv6.sysctl.icmpv6_time; 975 976 return table; 977 } 978 #endif 979 980