1 /* 2 * Internet Control Message Protocol (ICMPv6) 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * 8 * Based on net/ipv4/icmp.c 9 * 10 * RFC 1885 11 * 12 * This program is free software; you can redistribute it and/or 13 * modify it under the terms of the GNU General Public License 14 * as published by the Free Software Foundation; either version 15 * 2 of the License, or (at your option) any later version. 16 */ 17 18 /* 19 * Changes: 20 * 21 * Andi Kleen : exception handling 22 * Andi Kleen add rate limits. never reply to a icmp. 23 * add more length checks and other fixes. 24 * yoshfuji : ensure to sent parameter problem for 25 * fragments. 26 * YOSHIFUJI Hideaki @USAGI: added sysctl for icmp rate limit. 27 * Randy Dunlap and 28 * YOSHIFUJI Hideaki @USAGI: Per-interface statistics support 29 * Kazunori MIYAZAWA @USAGI: change output process to use ip6_append_data 30 */ 31 32 #include <linux/module.h> 33 #include <linux/errno.h> 34 #include <linux/types.h> 35 #include <linux/socket.h> 36 #include <linux/in.h> 37 #include <linux/kernel.h> 38 #include <linux/sockios.h> 39 #include <linux/net.h> 40 #include <linux/skbuff.h> 41 #include <linux/init.h> 42 #include <linux/netfilter.h> 43 #include <linux/slab.h> 44 45 #ifdef CONFIG_SYSCTL 46 #include <linux/sysctl.h> 47 #endif 48 49 #include <linux/inet.h> 50 #include <linux/netdevice.h> 51 #include <linux/icmpv6.h> 52 53 #include <net/ip.h> 54 #include <net/sock.h> 55 56 #include <net/ipv6.h> 57 #include <net/ip6_checksum.h> 58 #include <net/protocol.h> 59 #include <net/raw.h> 60 #include <net/rawv6.h> 61 #include <net/transp_v6.h> 62 #include <net/ip6_route.h> 63 #include <net/addrconf.h> 64 #include <net/icmp.h> 65 #include <net/xfrm.h> 66 #include <net/inet_common.h> 67 68 #include <asm/uaccess.h> 69 #include <asm/system.h> 70 71 /* 72 * The ICMP socket(s). This is the most convenient way to flow control 73 * our ICMP output as well as maintain a clean interface throughout 74 * all layers. All Socketless IP sends will soon be gone. 75 * 76 * On SMP we have one ICMP socket per-cpu. 77 */ 78 static inline struct sock *icmpv6_sk(struct net *net) 79 { 80 return net->ipv6.icmp_sk[smp_processor_id()]; 81 } 82 83 static int icmpv6_rcv(struct sk_buff *skb); 84 85 static const struct inet6_protocol icmpv6_protocol = { 86 .handler = icmpv6_rcv, 87 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL, 88 }; 89 90 static __inline__ struct sock *icmpv6_xmit_lock(struct net *net) 91 { 92 struct sock *sk; 93 94 local_bh_disable(); 95 96 sk = icmpv6_sk(net); 97 if (unlikely(!spin_trylock(&sk->sk_lock.slock))) { 98 /* This can happen if the output path (f.e. SIT or 99 * ip6ip6 tunnel) signals dst_link_failure() for an 100 * outgoing ICMP6 packet. 101 */ 102 local_bh_enable(); 103 return NULL; 104 } 105 return sk; 106 } 107 108 static __inline__ void icmpv6_xmit_unlock(struct sock *sk) 109 { 110 spin_unlock_bh(&sk->sk_lock.slock); 111 } 112 113 /* 114 * Slightly more convenient version of icmpv6_send. 115 */ 116 void icmpv6_param_prob(struct sk_buff *skb, u8 code, int pos) 117 { 118 icmpv6_send(skb, ICMPV6_PARAMPROB, code, pos); 119 kfree_skb(skb); 120 } 121 122 /* 123 * Figure out, may we reply to this packet with icmp error. 124 * 125 * We do not reply, if: 126 * - it was icmp error message. 127 * - it is truncated, so that it is known, that protocol is ICMPV6 128 * (i.e. in the middle of some exthdr) 129 * 130 * --ANK (980726) 131 */ 132 133 static int is_ineligible(struct sk_buff *skb) 134 { 135 int ptr = (u8 *)(ipv6_hdr(skb) + 1) - skb->data; 136 int len = skb->len - ptr; 137 __u8 nexthdr = ipv6_hdr(skb)->nexthdr; 138 139 if (len < 0) 140 return 1; 141 142 ptr = ipv6_skip_exthdr(skb, ptr, &nexthdr); 143 if (ptr < 0) 144 return 0; 145 if (nexthdr == IPPROTO_ICMPV6) { 146 u8 _type, *tp; 147 tp = skb_header_pointer(skb, 148 ptr+offsetof(struct icmp6hdr, icmp6_type), 149 sizeof(_type), &_type); 150 if (tp == NULL || 151 !(*tp & ICMPV6_INFOMSG_MASK)) 152 return 1; 153 } 154 return 0; 155 } 156 157 /* 158 * Check the ICMP output rate limit 159 */ 160 static inline bool icmpv6_xrlim_allow(struct sock *sk, u8 type, 161 struct flowi *fl) 162 { 163 struct dst_entry *dst; 164 struct net *net = sock_net(sk); 165 bool res = false; 166 167 /* Informational messages are not limited. */ 168 if (type & ICMPV6_INFOMSG_MASK) 169 return true; 170 171 /* Do not limit pmtu discovery, it would break it. */ 172 if (type == ICMPV6_PKT_TOOBIG) 173 return true; 174 175 /* 176 * Look up the output route. 177 * XXX: perhaps the expire for routing entries cloned by 178 * this lookup should be more aggressive (not longer than timeout). 179 */ 180 dst = ip6_route_output(net, sk, fl); 181 if (dst->error) { 182 IP6_INC_STATS(net, ip6_dst_idev(dst), 183 IPSTATS_MIB_OUTNOROUTES); 184 } else if (dst->dev && (dst->dev->flags&IFF_LOOPBACK)) { 185 res = true; 186 } else { 187 struct rt6_info *rt = (struct rt6_info *)dst; 188 int tmo = net->ipv6.sysctl.icmpv6_time; 189 190 /* Give more bandwidth to wider prefixes. */ 191 if (rt->rt6i_dst.plen < 128) 192 tmo >>= ((128 - rt->rt6i_dst.plen)>>5); 193 194 if (!rt->rt6i_peer) 195 rt6_bind_peer(rt, 1); 196 res = inet_peer_xrlim_allow(rt->rt6i_peer, tmo); 197 } 198 dst_release(dst); 199 return res; 200 } 201 202 /* 203 * an inline helper for the "simple" if statement below 204 * checks if parameter problem report is caused by an 205 * unrecognized IPv6 option that has the Option Type 206 * highest-order two bits set to 10 207 */ 208 209 static __inline__ int opt_unrec(struct sk_buff *skb, __u32 offset) 210 { 211 u8 _optval, *op; 212 213 offset += skb_network_offset(skb); 214 op = skb_header_pointer(skb, offset, sizeof(_optval), &_optval); 215 if (op == NULL) 216 return 1; 217 return (*op & 0xC0) == 0x80; 218 } 219 220 static int icmpv6_push_pending_frames(struct sock *sk, struct flowi *fl, struct icmp6hdr *thdr, int len) 221 { 222 struct sk_buff *skb; 223 struct icmp6hdr *icmp6h; 224 int err = 0; 225 226 if ((skb = skb_peek(&sk->sk_write_queue)) == NULL) 227 goto out; 228 229 icmp6h = icmp6_hdr(skb); 230 memcpy(icmp6h, thdr, sizeof(struct icmp6hdr)); 231 icmp6h->icmp6_cksum = 0; 232 233 if (skb_queue_len(&sk->sk_write_queue) == 1) { 234 skb->csum = csum_partial(icmp6h, 235 sizeof(struct icmp6hdr), skb->csum); 236 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl->fl6_src, 237 &fl->fl6_dst, 238 len, fl->proto, 239 skb->csum); 240 } else { 241 __wsum tmp_csum = 0; 242 243 skb_queue_walk(&sk->sk_write_queue, skb) { 244 tmp_csum = csum_add(tmp_csum, skb->csum); 245 } 246 247 tmp_csum = csum_partial(icmp6h, 248 sizeof(struct icmp6hdr), tmp_csum); 249 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl->fl6_src, 250 &fl->fl6_dst, 251 len, fl->proto, 252 tmp_csum); 253 } 254 ip6_push_pending_frames(sk); 255 out: 256 return err; 257 } 258 259 struct icmpv6_msg { 260 struct sk_buff *skb; 261 int offset; 262 uint8_t type; 263 }; 264 265 static int icmpv6_getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb) 266 { 267 struct icmpv6_msg *msg = (struct icmpv6_msg *) from; 268 struct sk_buff *org_skb = msg->skb; 269 __wsum csum = 0; 270 271 csum = skb_copy_and_csum_bits(org_skb, msg->offset + offset, 272 to, len, csum); 273 skb->csum = csum_block_add(skb->csum, csum, odd); 274 if (!(msg->type & ICMPV6_INFOMSG_MASK)) 275 nf_ct_attach(skb, org_skb); 276 return 0; 277 } 278 279 #if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE) 280 static void mip6_addr_swap(struct sk_buff *skb) 281 { 282 struct ipv6hdr *iph = ipv6_hdr(skb); 283 struct inet6_skb_parm *opt = IP6CB(skb); 284 struct ipv6_destopt_hao *hao; 285 struct in6_addr tmp; 286 int off; 287 288 if (opt->dsthao) { 289 off = ipv6_find_tlv(skb, opt->dsthao, IPV6_TLV_HAO); 290 if (likely(off >= 0)) { 291 hao = (struct ipv6_destopt_hao *) 292 (skb_network_header(skb) + off); 293 ipv6_addr_copy(&tmp, &iph->saddr); 294 ipv6_addr_copy(&iph->saddr, &hao->addr); 295 ipv6_addr_copy(&hao->addr, &tmp); 296 } 297 } 298 } 299 #else 300 static inline void mip6_addr_swap(struct sk_buff *skb) {} 301 #endif 302 303 /* 304 * Send an ICMP message in response to a packet in error 305 */ 306 void icmpv6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info) 307 { 308 struct net *net = dev_net(skb->dev); 309 struct inet6_dev *idev = NULL; 310 struct ipv6hdr *hdr = ipv6_hdr(skb); 311 struct sock *sk; 312 struct ipv6_pinfo *np; 313 struct in6_addr *saddr = NULL; 314 struct dst_entry *dst; 315 struct dst_entry *dst2; 316 struct icmp6hdr tmp_hdr; 317 struct flowi fl; 318 struct flowi fl2; 319 struct icmpv6_msg msg; 320 int iif = 0; 321 int addr_type = 0; 322 int len; 323 int hlimit; 324 int err = 0; 325 326 if ((u8 *)hdr < skb->head || 327 (skb->network_header + sizeof(*hdr)) > skb->tail) 328 return; 329 330 /* 331 * Make sure we respect the rules 332 * i.e. RFC 1885 2.4(e) 333 * Rule (e.1) is enforced by not using icmpv6_send 334 * in any code that processes icmp errors. 335 */ 336 addr_type = ipv6_addr_type(&hdr->daddr); 337 338 if (ipv6_chk_addr(net, &hdr->daddr, skb->dev, 0)) 339 saddr = &hdr->daddr; 340 341 /* 342 * Dest addr check 343 */ 344 345 if ((addr_type & IPV6_ADDR_MULTICAST || skb->pkt_type != PACKET_HOST)) { 346 if (type != ICMPV6_PKT_TOOBIG && 347 !(type == ICMPV6_PARAMPROB && 348 code == ICMPV6_UNK_OPTION && 349 (opt_unrec(skb, info)))) 350 return; 351 352 saddr = NULL; 353 } 354 355 addr_type = ipv6_addr_type(&hdr->saddr); 356 357 /* 358 * Source addr check 359 */ 360 361 if (addr_type & IPV6_ADDR_LINKLOCAL) 362 iif = skb->dev->ifindex; 363 364 /* 365 * Must not send error if the source does not uniquely 366 * identify a single node (RFC2463 Section 2.4). 367 * We check unspecified / multicast addresses here, 368 * and anycast addresses will be checked later. 369 */ 370 if ((addr_type == IPV6_ADDR_ANY) || (addr_type & IPV6_ADDR_MULTICAST)) { 371 LIMIT_NETDEBUG(KERN_DEBUG "icmpv6_send: addr_any/mcast source\n"); 372 return; 373 } 374 375 /* 376 * Never answer to a ICMP packet. 377 */ 378 if (is_ineligible(skb)) { 379 LIMIT_NETDEBUG(KERN_DEBUG "icmpv6_send: no reply to icmp error\n"); 380 return; 381 } 382 383 mip6_addr_swap(skb); 384 385 memset(&fl, 0, sizeof(fl)); 386 fl.proto = IPPROTO_ICMPV6; 387 ipv6_addr_copy(&fl.fl6_dst, &hdr->saddr); 388 if (saddr) 389 ipv6_addr_copy(&fl.fl6_src, saddr); 390 fl.oif = iif; 391 fl.fl_icmp_type = type; 392 fl.fl_icmp_code = code; 393 security_skb_classify_flow(skb, &fl); 394 395 sk = icmpv6_xmit_lock(net); 396 if (sk == NULL) 397 return; 398 np = inet6_sk(sk); 399 400 if (!icmpv6_xrlim_allow(sk, type, &fl)) 401 goto out; 402 403 tmp_hdr.icmp6_type = type; 404 tmp_hdr.icmp6_code = code; 405 tmp_hdr.icmp6_cksum = 0; 406 tmp_hdr.icmp6_pointer = htonl(info); 407 408 if (!fl.oif && ipv6_addr_is_multicast(&fl.fl6_dst)) 409 fl.oif = np->mcast_oif; 410 411 err = ip6_dst_lookup(sk, &dst, &fl); 412 if (err) 413 goto out; 414 415 /* 416 * We won't send icmp if the destination is known 417 * anycast. 418 */ 419 if (((struct rt6_info *)dst)->rt6i_flags & RTF_ANYCAST) { 420 LIMIT_NETDEBUG(KERN_DEBUG "icmpv6_send: acast source\n"); 421 goto out_dst_release; 422 } 423 424 /* No need to clone since we're just using its address. */ 425 dst2 = dst; 426 427 err = xfrm_lookup(net, &dst, &fl, sk, 0); 428 switch (err) { 429 case 0: 430 if (dst != dst2) 431 goto route_done; 432 break; 433 case -EPERM: 434 dst = NULL; 435 break; 436 default: 437 goto out; 438 } 439 440 if (xfrm_decode_session_reverse(skb, &fl2, AF_INET6)) 441 goto relookup_failed; 442 443 if (ip6_dst_lookup(sk, &dst2, &fl2)) 444 goto relookup_failed; 445 446 err = xfrm_lookup(net, &dst2, &fl2, sk, XFRM_LOOKUP_ICMP); 447 switch (err) { 448 case 0: 449 dst_release(dst); 450 dst = dst2; 451 break; 452 case -EPERM: 453 goto out_dst_release; 454 default: 455 relookup_failed: 456 if (!dst) 457 goto out; 458 break; 459 } 460 461 route_done: 462 if (ipv6_addr_is_multicast(&fl.fl6_dst)) 463 hlimit = np->mcast_hops; 464 else 465 hlimit = np->hop_limit; 466 if (hlimit < 0) 467 hlimit = ip6_dst_hoplimit(dst); 468 469 msg.skb = skb; 470 msg.offset = skb_network_offset(skb); 471 msg.type = type; 472 473 len = skb->len - msg.offset; 474 len = min_t(unsigned int, len, IPV6_MIN_MTU - sizeof(struct ipv6hdr) -sizeof(struct icmp6hdr)); 475 if (len < 0) { 476 LIMIT_NETDEBUG(KERN_DEBUG "icmp: len problem\n"); 477 goto out_dst_release; 478 } 479 480 idev = in6_dev_get(skb->dev); 481 482 err = ip6_append_data(sk, icmpv6_getfrag, &msg, 483 len + sizeof(struct icmp6hdr), 484 sizeof(struct icmp6hdr), hlimit, 485 np->tclass, NULL, &fl, (struct rt6_info*)dst, 486 MSG_DONTWAIT, np->dontfrag); 487 if (err) { 488 ICMP6_INC_STATS_BH(net, idev, ICMP6_MIB_OUTERRORS); 489 ip6_flush_pending_frames(sk); 490 goto out_put; 491 } 492 err = icmpv6_push_pending_frames(sk, &fl, &tmp_hdr, len + sizeof(struct icmp6hdr)); 493 494 out_put: 495 if (likely(idev != NULL)) 496 in6_dev_put(idev); 497 out_dst_release: 498 dst_release(dst); 499 out: 500 icmpv6_xmit_unlock(sk); 501 } 502 503 EXPORT_SYMBOL(icmpv6_send); 504 505 static void icmpv6_echo_reply(struct sk_buff *skb) 506 { 507 struct net *net = dev_net(skb->dev); 508 struct sock *sk; 509 struct inet6_dev *idev; 510 struct ipv6_pinfo *np; 511 struct in6_addr *saddr = NULL; 512 struct icmp6hdr *icmph = icmp6_hdr(skb); 513 struct icmp6hdr tmp_hdr; 514 struct flowi fl; 515 struct icmpv6_msg msg; 516 struct dst_entry *dst; 517 int err = 0; 518 int hlimit; 519 520 saddr = &ipv6_hdr(skb)->daddr; 521 522 if (!ipv6_unicast_destination(skb)) 523 saddr = NULL; 524 525 memcpy(&tmp_hdr, icmph, sizeof(tmp_hdr)); 526 tmp_hdr.icmp6_type = ICMPV6_ECHO_REPLY; 527 528 memset(&fl, 0, sizeof(fl)); 529 fl.proto = IPPROTO_ICMPV6; 530 ipv6_addr_copy(&fl.fl6_dst, &ipv6_hdr(skb)->saddr); 531 if (saddr) 532 ipv6_addr_copy(&fl.fl6_src, saddr); 533 fl.oif = skb->dev->ifindex; 534 fl.fl_icmp_type = ICMPV6_ECHO_REPLY; 535 security_skb_classify_flow(skb, &fl); 536 537 sk = icmpv6_xmit_lock(net); 538 if (sk == NULL) 539 return; 540 np = inet6_sk(sk); 541 542 if (!fl.oif && ipv6_addr_is_multicast(&fl.fl6_dst)) 543 fl.oif = np->mcast_oif; 544 545 err = ip6_dst_lookup(sk, &dst, &fl); 546 if (err) 547 goto out; 548 if ((err = xfrm_lookup(net, &dst, &fl, sk, 0)) < 0) 549 goto out; 550 551 if (ipv6_addr_is_multicast(&fl.fl6_dst)) 552 hlimit = np->mcast_hops; 553 else 554 hlimit = np->hop_limit; 555 if (hlimit < 0) 556 hlimit = ip6_dst_hoplimit(dst); 557 558 idev = in6_dev_get(skb->dev); 559 560 msg.skb = skb; 561 msg.offset = 0; 562 msg.type = ICMPV6_ECHO_REPLY; 563 564 err = ip6_append_data(sk, icmpv6_getfrag, &msg, skb->len + sizeof(struct icmp6hdr), 565 sizeof(struct icmp6hdr), hlimit, np->tclass, NULL, &fl, 566 (struct rt6_info*)dst, MSG_DONTWAIT, 567 np->dontfrag); 568 569 if (err) { 570 ICMP6_INC_STATS_BH(net, idev, ICMP6_MIB_OUTERRORS); 571 ip6_flush_pending_frames(sk); 572 goto out_put; 573 } 574 err = icmpv6_push_pending_frames(sk, &fl, &tmp_hdr, skb->len + sizeof(struct icmp6hdr)); 575 576 out_put: 577 if (likely(idev != NULL)) 578 in6_dev_put(idev); 579 dst_release(dst); 580 out: 581 icmpv6_xmit_unlock(sk); 582 } 583 584 static void icmpv6_notify(struct sk_buff *skb, u8 type, u8 code, __be32 info) 585 { 586 const struct inet6_protocol *ipprot; 587 int inner_offset; 588 int hash; 589 u8 nexthdr; 590 591 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) 592 return; 593 594 nexthdr = ((struct ipv6hdr *)skb->data)->nexthdr; 595 if (ipv6_ext_hdr(nexthdr)) { 596 /* now skip over extension headers */ 597 inner_offset = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), &nexthdr); 598 if (inner_offset<0) 599 return; 600 } else { 601 inner_offset = sizeof(struct ipv6hdr); 602 } 603 604 /* Checkin header including 8 bytes of inner protocol header. */ 605 if (!pskb_may_pull(skb, inner_offset+8)) 606 return; 607 608 /* BUGGG_FUTURE: we should try to parse exthdrs in this packet. 609 Without this we will not able f.e. to make source routed 610 pmtu discovery. 611 Corresponding argument (opt) to notifiers is already added. 612 --ANK (980726) 613 */ 614 615 hash = nexthdr & (MAX_INET_PROTOS - 1); 616 617 rcu_read_lock(); 618 ipprot = rcu_dereference(inet6_protos[hash]); 619 if (ipprot && ipprot->err_handler) 620 ipprot->err_handler(skb, NULL, type, code, inner_offset, info); 621 rcu_read_unlock(); 622 623 raw6_icmp_error(skb, nexthdr, type, code, inner_offset, info); 624 } 625 626 /* 627 * Handle icmp messages 628 */ 629 630 static int icmpv6_rcv(struct sk_buff *skb) 631 { 632 struct net_device *dev = skb->dev; 633 struct inet6_dev *idev = __in6_dev_get(dev); 634 struct in6_addr *saddr, *daddr; 635 struct ipv6hdr *orig_hdr; 636 struct icmp6hdr *hdr; 637 u8 type; 638 639 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) { 640 struct sec_path *sp = skb_sec_path(skb); 641 int nh; 642 643 if (!(sp && sp->xvec[sp->len - 1]->props.flags & 644 XFRM_STATE_ICMP)) 645 goto drop_no_count; 646 647 if (!pskb_may_pull(skb, sizeof(*hdr) + sizeof(*orig_hdr))) 648 goto drop_no_count; 649 650 nh = skb_network_offset(skb); 651 skb_set_network_header(skb, sizeof(*hdr)); 652 653 if (!xfrm6_policy_check_reverse(NULL, XFRM_POLICY_IN, skb)) 654 goto drop_no_count; 655 656 skb_set_network_header(skb, nh); 657 } 658 659 ICMP6_INC_STATS_BH(dev_net(dev), idev, ICMP6_MIB_INMSGS); 660 661 saddr = &ipv6_hdr(skb)->saddr; 662 daddr = &ipv6_hdr(skb)->daddr; 663 664 /* Perform checksum. */ 665 switch (skb->ip_summed) { 666 case CHECKSUM_COMPLETE: 667 if (!csum_ipv6_magic(saddr, daddr, skb->len, IPPROTO_ICMPV6, 668 skb->csum)) 669 break; 670 /* fall through */ 671 case CHECKSUM_NONE: 672 skb->csum = ~csum_unfold(csum_ipv6_magic(saddr, daddr, skb->len, 673 IPPROTO_ICMPV6, 0)); 674 if (__skb_checksum_complete(skb)) { 675 LIMIT_NETDEBUG(KERN_DEBUG "ICMPv6 checksum failed [%pI6 > %pI6]\n", 676 saddr, daddr); 677 goto discard_it; 678 } 679 } 680 681 if (!pskb_pull(skb, sizeof(*hdr))) 682 goto discard_it; 683 684 hdr = icmp6_hdr(skb); 685 686 type = hdr->icmp6_type; 687 688 ICMP6MSGIN_INC_STATS_BH(dev_net(dev), idev, type); 689 690 switch (type) { 691 case ICMPV6_ECHO_REQUEST: 692 icmpv6_echo_reply(skb); 693 break; 694 695 case ICMPV6_ECHO_REPLY: 696 /* we couldn't care less */ 697 break; 698 699 case ICMPV6_PKT_TOOBIG: 700 /* BUGGG_FUTURE: if packet contains rthdr, we cannot update 701 standard destination cache. Seems, only "advanced" 702 destination cache will allow to solve this problem 703 --ANK (980726) 704 */ 705 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) 706 goto discard_it; 707 hdr = icmp6_hdr(skb); 708 orig_hdr = (struct ipv6hdr *) (hdr + 1); 709 rt6_pmtu_discovery(&orig_hdr->daddr, &orig_hdr->saddr, dev, 710 ntohl(hdr->icmp6_mtu)); 711 712 /* 713 * Drop through to notify 714 */ 715 716 case ICMPV6_DEST_UNREACH: 717 case ICMPV6_TIME_EXCEED: 718 case ICMPV6_PARAMPROB: 719 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu); 720 break; 721 722 case NDISC_ROUTER_SOLICITATION: 723 case NDISC_ROUTER_ADVERTISEMENT: 724 case NDISC_NEIGHBOUR_SOLICITATION: 725 case NDISC_NEIGHBOUR_ADVERTISEMENT: 726 case NDISC_REDIRECT: 727 ndisc_rcv(skb); 728 break; 729 730 case ICMPV6_MGM_QUERY: 731 igmp6_event_query(skb); 732 break; 733 734 case ICMPV6_MGM_REPORT: 735 igmp6_event_report(skb); 736 break; 737 738 case ICMPV6_MGM_REDUCTION: 739 case ICMPV6_NI_QUERY: 740 case ICMPV6_NI_REPLY: 741 case ICMPV6_MLD2_REPORT: 742 case ICMPV6_DHAAD_REQUEST: 743 case ICMPV6_DHAAD_REPLY: 744 case ICMPV6_MOBILE_PREFIX_SOL: 745 case ICMPV6_MOBILE_PREFIX_ADV: 746 break; 747 748 default: 749 LIMIT_NETDEBUG(KERN_DEBUG "icmpv6: msg of unknown type\n"); 750 751 /* informational */ 752 if (type & ICMPV6_INFOMSG_MASK) 753 break; 754 755 /* 756 * error of unknown type. 757 * must pass to upper level 758 */ 759 760 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu); 761 } 762 763 kfree_skb(skb); 764 return 0; 765 766 discard_it: 767 ICMP6_INC_STATS_BH(dev_net(dev), idev, ICMP6_MIB_INERRORS); 768 drop_no_count: 769 kfree_skb(skb); 770 return 0; 771 } 772 773 void icmpv6_flow_init(struct sock *sk, struct flowi *fl, 774 u8 type, 775 const struct in6_addr *saddr, 776 const struct in6_addr *daddr, 777 int oif) 778 { 779 memset(fl, 0, sizeof(*fl)); 780 ipv6_addr_copy(&fl->fl6_src, saddr); 781 ipv6_addr_copy(&fl->fl6_dst, daddr); 782 fl->proto = IPPROTO_ICMPV6; 783 fl->fl_icmp_type = type; 784 fl->fl_icmp_code = 0; 785 fl->oif = oif; 786 security_sk_classify_flow(sk, fl); 787 } 788 789 /* 790 * Special lock-class for __icmpv6_sk: 791 */ 792 static struct lock_class_key icmpv6_socket_sk_dst_lock_key; 793 794 static int __net_init icmpv6_sk_init(struct net *net) 795 { 796 struct sock *sk; 797 int err, i, j; 798 799 net->ipv6.icmp_sk = 800 kzalloc(nr_cpu_ids * sizeof(struct sock *), GFP_KERNEL); 801 if (net->ipv6.icmp_sk == NULL) 802 return -ENOMEM; 803 804 for_each_possible_cpu(i) { 805 err = inet_ctl_sock_create(&sk, PF_INET6, 806 SOCK_RAW, IPPROTO_ICMPV6, net); 807 if (err < 0) { 808 printk(KERN_ERR 809 "Failed to initialize the ICMP6 control socket " 810 "(err %d).\n", 811 err); 812 goto fail; 813 } 814 815 net->ipv6.icmp_sk[i] = sk; 816 817 /* 818 * Split off their lock-class, because sk->sk_dst_lock 819 * gets used from softirqs, which is safe for 820 * __icmpv6_sk (because those never get directly used 821 * via userspace syscalls), but unsafe for normal sockets. 822 */ 823 lockdep_set_class(&sk->sk_dst_lock, 824 &icmpv6_socket_sk_dst_lock_key); 825 826 /* Enough space for 2 64K ICMP packets, including 827 * sk_buff struct overhead. 828 */ 829 sk->sk_sndbuf = 830 (2 * ((64 * 1024) + sizeof(struct sk_buff))); 831 } 832 return 0; 833 834 fail: 835 for (j = 0; j < i; j++) 836 inet_ctl_sock_destroy(net->ipv6.icmp_sk[j]); 837 kfree(net->ipv6.icmp_sk); 838 return err; 839 } 840 841 static void __net_exit icmpv6_sk_exit(struct net *net) 842 { 843 int i; 844 845 for_each_possible_cpu(i) { 846 inet_ctl_sock_destroy(net->ipv6.icmp_sk[i]); 847 } 848 kfree(net->ipv6.icmp_sk); 849 } 850 851 static struct pernet_operations icmpv6_sk_ops = { 852 .init = icmpv6_sk_init, 853 .exit = icmpv6_sk_exit, 854 }; 855 856 int __init icmpv6_init(void) 857 { 858 int err; 859 860 err = register_pernet_subsys(&icmpv6_sk_ops); 861 if (err < 0) 862 return err; 863 864 err = -EAGAIN; 865 if (inet6_add_protocol(&icmpv6_protocol, IPPROTO_ICMPV6) < 0) 866 goto fail; 867 return 0; 868 869 fail: 870 printk(KERN_ERR "Failed to register ICMP6 protocol\n"); 871 unregister_pernet_subsys(&icmpv6_sk_ops); 872 return err; 873 } 874 875 void icmpv6_cleanup(void) 876 { 877 unregister_pernet_subsys(&icmpv6_sk_ops); 878 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6); 879 } 880 881 882 static const struct icmp6_err { 883 int err; 884 int fatal; 885 } tab_unreach[] = { 886 { /* NOROUTE */ 887 .err = ENETUNREACH, 888 .fatal = 0, 889 }, 890 { /* ADM_PROHIBITED */ 891 .err = EACCES, 892 .fatal = 1, 893 }, 894 { /* Was NOT_NEIGHBOUR, now reserved */ 895 .err = EHOSTUNREACH, 896 .fatal = 0, 897 }, 898 { /* ADDR_UNREACH */ 899 .err = EHOSTUNREACH, 900 .fatal = 0, 901 }, 902 { /* PORT_UNREACH */ 903 .err = ECONNREFUSED, 904 .fatal = 1, 905 }, 906 }; 907 908 int icmpv6_err_convert(u8 type, u8 code, int *err) 909 { 910 int fatal = 0; 911 912 *err = EPROTO; 913 914 switch (type) { 915 case ICMPV6_DEST_UNREACH: 916 fatal = 1; 917 if (code <= ICMPV6_PORT_UNREACH) { 918 *err = tab_unreach[code].err; 919 fatal = tab_unreach[code].fatal; 920 } 921 break; 922 923 case ICMPV6_PKT_TOOBIG: 924 *err = EMSGSIZE; 925 break; 926 927 case ICMPV6_PARAMPROB: 928 *err = EPROTO; 929 fatal = 1; 930 break; 931 932 case ICMPV6_TIME_EXCEED: 933 *err = EHOSTUNREACH; 934 break; 935 } 936 937 return fatal; 938 } 939 940 EXPORT_SYMBOL(icmpv6_err_convert); 941 942 #ifdef CONFIG_SYSCTL 943 ctl_table ipv6_icmp_table_template[] = { 944 { 945 .procname = "ratelimit", 946 .data = &init_net.ipv6.sysctl.icmpv6_time, 947 .maxlen = sizeof(int), 948 .mode = 0644, 949 .proc_handler = proc_dointvec_ms_jiffies, 950 }, 951 { }, 952 }; 953 954 struct ctl_table * __net_init ipv6_icmp_sysctl_init(struct net *net) 955 { 956 struct ctl_table *table; 957 958 table = kmemdup(ipv6_icmp_table_template, 959 sizeof(ipv6_icmp_table_template), 960 GFP_KERNEL); 961 962 if (table) 963 table[0].data = &net->ipv6.sysctl.icmpv6_time; 964 965 return table; 966 } 967 #endif 968 969