1 /* 2 * Internet Control Message Protocol (ICMPv6) 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * 8 * $Id: icmp.c,v 1.38 2002/02/08 03:57:19 davem Exp $ 9 * 10 * Based on net/ipv4/icmp.c 11 * 12 * RFC 1885 13 * 14 * This program is free software; you can redistribute it and/or 15 * modify it under the terms of the GNU General Public License 16 * as published by the Free Software Foundation; either version 17 * 2 of the License, or (at your option) any later version. 18 */ 19 20 /* 21 * Changes: 22 * 23 * Andi Kleen : exception handling 24 * Andi Kleen add rate limits. never reply to a icmp. 25 * add more length checks and other fixes. 26 * yoshfuji : ensure to sent parameter problem for 27 * fragments. 28 * YOSHIFUJI Hideaki @USAGI: added sysctl for icmp rate limit. 29 * Randy Dunlap and 30 * YOSHIFUJI Hideaki @USAGI: Per-interface statistics support 31 * Kazunori MIYAZAWA @USAGI: change output process to use ip6_append_data 32 */ 33 34 #include <linux/module.h> 35 #include <linux/errno.h> 36 #include <linux/types.h> 37 #include <linux/socket.h> 38 #include <linux/in.h> 39 #include <linux/kernel.h> 40 #include <linux/sockios.h> 41 #include <linux/net.h> 42 #include <linux/skbuff.h> 43 #include <linux/init.h> 44 #include <linux/netfilter.h> 45 46 #ifdef CONFIG_SYSCTL 47 #include <linux/sysctl.h> 48 #endif 49 50 #include <linux/inet.h> 51 #include <linux/netdevice.h> 52 #include <linux/icmpv6.h> 53 54 #include <net/ip.h> 55 #include <net/sock.h> 56 57 #include <net/ipv6.h> 58 #include <net/ip6_checksum.h> 59 #include <net/protocol.h> 60 #include <net/raw.h> 61 #include <net/rawv6.h> 62 #include <net/transp_v6.h> 63 #include <net/ip6_route.h> 64 #include <net/addrconf.h> 65 #include <net/icmp.h> 66 #include <net/xfrm.h> 67 68 #include <asm/uaccess.h> 69 #include <asm/system.h> 70 71 DEFINE_SNMP_STAT(struct icmpv6_mib, icmpv6_statistics) __read_mostly; 72 EXPORT_SYMBOL(icmpv6_statistics); 73 DEFINE_SNMP_STAT(struct icmpv6msg_mib, icmpv6msg_statistics) __read_mostly; 74 EXPORT_SYMBOL(icmpv6msg_statistics); 75 76 /* 77 * The ICMP socket(s). This is the most convenient way to flow control 78 * our ICMP output as well as maintain a clean interface throughout 79 * all layers. All Socketless IP sends will soon be gone. 80 * 81 * On SMP we have one ICMP socket per-cpu. 82 */ 83 static inline struct sock *icmpv6_sk(struct net *net) 84 { 85 return net->ipv6.icmp_sk[smp_processor_id()]; 86 } 87 88 static int icmpv6_rcv(struct sk_buff *skb); 89 90 static struct inet6_protocol icmpv6_protocol = { 91 .handler = icmpv6_rcv, 92 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL, 93 }; 94 95 static __inline__ int icmpv6_xmit_lock(struct sock *sk) 96 { 97 local_bh_disable(); 98 99 if (unlikely(!spin_trylock(&sk->sk_lock.slock))) { 100 /* This can happen if the output path (f.e. SIT or 101 * ip6ip6 tunnel) signals dst_link_failure() for an 102 * outgoing ICMP6 packet. 103 */ 104 local_bh_enable(); 105 return 1; 106 } 107 return 0; 108 } 109 110 static __inline__ void icmpv6_xmit_unlock(struct sock *sk) 111 { 112 spin_unlock_bh(&sk->sk_lock.slock); 113 } 114 115 /* 116 * Slightly more convenient version of icmpv6_send. 117 */ 118 void icmpv6_param_prob(struct sk_buff *skb, int code, int pos) 119 { 120 icmpv6_send(skb, ICMPV6_PARAMPROB, code, pos, skb->dev); 121 kfree_skb(skb); 122 } 123 124 /* 125 * Figure out, may we reply to this packet with icmp error. 126 * 127 * We do not reply, if: 128 * - it was icmp error message. 129 * - it is truncated, so that it is known, that protocol is ICMPV6 130 * (i.e. in the middle of some exthdr) 131 * 132 * --ANK (980726) 133 */ 134 135 static int is_ineligible(struct sk_buff *skb) 136 { 137 int ptr = (u8 *)(ipv6_hdr(skb) + 1) - skb->data; 138 int len = skb->len - ptr; 139 __u8 nexthdr = ipv6_hdr(skb)->nexthdr; 140 141 if (len < 0) 142 return 1; 143 144 ptr = ipv6_skip_exthdr(skb, ptr, &nexthdr); 145 if (ptr < 0) 146 return 0; 147 if (nexthdr == IPPROTO_ICMPV6) { 148 u8 _type, *tp; 149 tp = skb_header_pointer(skb, 150 ptr+offsetof(struct icmp6hdr, icmp6_type), 151 sizeof(_type), &_type); 152 if (tp == NULL || 153 !(*tp & ICMPV6_INFOMSG_MASK)) 154 return 1; 155 } 156 return 0; 157 } 158 159 /* 160 * Check the ICMP output rate limit 161 */ 162 static inline int icmpv6_xrlim_allow(struct sock *sk, int type, 163 struct flowi *fl) 164 { 165 struct dst_entry *dst; 166 int res = 0; 167 168 /* Informational messages are not limited. */ 169 if (type & ICMPV6_INFOMSG_MASK) 170 return 1; 171 172 /* Do not limit pmtu discovery, it would break it. */ 173 if (type == ICMPV6_PKT_TOOBIG) 174 return 1; 175 176 /* 177 * Look up the output route. 178 * XXX: perhaps the expire for routing entries cloned by 179 * this lookup should be more aggressive (not longer than timeout). 180 */ 181 dst = ip6_route_output(sk, fl); 182 if (dst->error) { 183 IP6_INC_STATS(ip6_dst_idev(dst), 184 IPSTATS_MIB_OUTNOROUTES); 185 } else if (dst->dev && (dst->dev->flags&IFF_LOOPBACK)) { 186 res = 1; 187 } else { 188 struct rt6_info *rt = (struct rt6_info *)dst; 189 int tmo = init_net.ipv6.sysctl.icmpv6_time; 190 191 /* Give more bandwidth to wider prefixes. */ 192 if (rt->rt6i_dst.plen < 128) 193 tmo >>= ((128 - rt->rt6i_dst.plen)>>5); 194 195 res = xrlim_allow(dst, tmo); 196 } 197 dst_release(dst); 198 return res; 199 } 200 201 /* 202 * an inline helper for the "simple" if statement below 203 * checks if parameter problem report is caused by an 204 * unrecognized IPv6 option that has the Option Type 205 * highest-order two bits set to 10 206 */ 207 208 static __inline__ int opt_unrec(struct sk_buff *skb, __u32 offset) 209 { 210 u8 _optval, *op; 211 212 offset += skb_network_offset(skb); 213 op = skb_header_pointer(skb, offset, sizeof(_optval), &_optval); 214 if (op == NULL) 215 return 1; 216 return (*op & 0xC0) == 0x80; 217 } 218 219 static int icmpv6_push_pending_frames(struct sock *sk, struct flowi *fl, struct icmp6hdr *thdr, int len) 220 { 221 struct sk_buff *skb; 222 struct icmp6hdr *icmp6h; 223 int err = 0; 224 225 if ((skb = skb_peek(&sk->sk_write_queue)) == NULL) 226 goto out; 227 228 icmp6h = icmp6_hdr(skb); 229 memcpy(icmp6h, thdr, sizeof(struct icmp6hdr)); 230 icmp6h->icmp6_cksum = 0; 231 232 if (skb_queue_len(&sk->sk_write_queue) == 1) { 233 skb->csum = csum_partial((char *)icmp6h, 234 sizeof(struct icmp6hdr), skb->csum); 235 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl->fl6_src, 236 &fl->fl6_dst, 237 len, fl->proto, 238 skb->csum); 239 } else { 240 __wsum tmp_csum = 0; 241 242 skb_queue_walk(&sk->sk_write_queue, skb) { 243 tmp_csum = csum_add(tmp_csum, skb->csum); 244 } 245 246 tmp_csum = csum_partial((char *)icmp6h, 247 sizeof(struct icmp6hdr), tmp_csum); 248 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl->fl6_src, 249 &fl->fl6_dst, 250 len, fl->proto, 251 tmp_csum); 252 } 253 ip6_push_pending_frames(sk); 254 out: 255 return err; 256 } 257 258 struct icmpv6_msg { 259 struct sk_buff *skb; 260 int offset; 261 uint8_t type; 262 }; 263 264 static int icmpv6_getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb) 265 { 266 struct icmpv6_msg *msg = (struct icmpv6_msg *) from; 267 struct sk_buff *org_skb = msg->skb; 268 __wsum csum = 0; 269 270 csum = skb_copy_and_csum_bits(org_skb, msg->offset + offset, 271 to, len, csum); 272 skb->csum = csum_block_add(skb->csum, csum, odd); 273 if (!(msg->type & ICMPV6_INFOMSG_MASK)) 274 nf_ct_attach(skb, org_skb); 275 return 0; 276 } 277 278 #if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE) 279 static void mip6_addr_swap(struct sk_buff *skb) 280 { 281 struct ipv6hdr *iph = ipv6_hdr(skb); 282 struct inet6_skb_parm *opt = IP6CB(skb); 283 struct ipv6_destopt_hao *hao; 284 struct in6_addr tmp; 285 int off; 286 287 if (opt->dsthao) { 288 off = ipv6_find_tlv(skb, opt->dsthao, IPV6_TLV_HAO); 289 if (likely(off >= 0)) { 290 hao = (struct ipv6_destopt_hao *) 291 (skb_network_header(skb) + off); 292 ipv6_addr_copy(&tmp, &iph->saddr); 293 ipv6_addr_copy(&iph->saddr, &hao->addr); 294 ipv6_addr_copy(&hao->addr, &tmp); 295 } 296 } 297 } 298 #else 299 static inline void mip6_addr_swap(struct sk_buff *skb) {} 300 #endif 301 302 /* 303 * Send an ICMP message in response to a packet in error 304 */ 305 void icmpv6_send(struct sk_buff *skb, int type, int code, __u32 info, 306 struct net_device *dev) 307 { 308 struct inet6_dev *idev = NULL; 309 struct ipv6hdr *hdr = ipv6_hdr(skb); 310 struct sock *sk; 311 struct ipv6_pinfo *np; 312 struct in6_addr *saddr = NULL; 313 struct dst_entry *dst; 314 struct dst_entry *dst2; 315 struct icmp6hdr tmp_hdr; 316 struct flowi fl; 317 struct flowi fl2; 318 struct icmpv6_msg msg; 319 int iif = 0; 320 int addr_type = 0; 321 int len; 322 int hlimit, tclass; 323 int err = 0; 324 325 if ((u8 *)hdr < skb->head || 326 (skb->network_header + sizeof(*hdr)) > skb->tail) 327 return; 328 329 /* 330 * Make sure we respect the rules 331 * i.e. RFC 1885 2.4(e) 332 * Rule (e.1) is enforced by not using icmpv6_send 333 * in any code that processes icmp errors. 334 */ 335 addr_type = ipv6_addr_type(&hdr->daddr); 336 337 if (ipv6_chk_addr(&init_net, &hdr->daddr, skb->dev, 0)) 338 saddr = &hdr->daddr; 339 340 /* 341 * Dest addr check 342 */ 343 344 if ((addr_type & IPV6_ADDR_MULTICAST || skb->pkt_type != PACKET_HOST)) { 345 if (type != ICMPV6_PKT_TOOBIG && 346 !(type == ICMPV6_PARAMPROB && 347 code == ICMPV6_UNK_OPTION && 348 (opt_unrec(skb, info)))) 349 return; 350 351 saddr = NULL; 352 } 353 354 addr_type = ipv6_addr_type(&hdr->saddr); 355 356 /* 357 * Source addr check 358 */ 359 360 if (addr_type & IPV6_ADDR_LINKLOCAL) 361 iif = skb->dev->ifindex; 362 363 /* 364 * Must not send error if the source does not uniquely 365 * identify a single node (RFC2463 Section 2.4). 366 * We check unspecified / multicast addresses here, 367 * and anycast addresses will be checked later. 368 */ 369 if ((addr_type == IPV6_ADDR_ANY) || (addr_type & IPV6_ADDR_MULTICAST)) { 370 LIMIT_NETDEBUG(KERN_DEBUG "icmpv6_send: addr_any/mcast source\n"); 371 return; 372 } 373 374 /* 375 * Never answer to a ICMP packet. 376 */ 377 if (is_ineligible(skb)) { 378 LIMIT_NETDEBUG(KERN_DEBUG "icmpv6_send: no reply to icmp error\n"); 379 return; 380 } 381 382 mip6_addr_swap(skb); 383 384 memset(&fl, 0, sizeof(fl)); 385 fl.proto = IPPROTO_ICMPV6; 386 ipv6_addr_copy(&fl.fl6_dst, &hdr->saddr); 387 if (saddr) 388 ipv6_addr_copy(&fl.fl6_src, saddr); 389 fl.oif = iif; 390 fl.fl_icmp_type = type; 391 fl.fl_icmp_code = code; 392 security_skb_classify_flow(skb, &fl); 393 394 sk = icmpv6_sk(&init_net); 395 np = inet6_sk(sk); 396 397 if (icmpv6_xmit_lock(sk)) 398 return; 399 400 if (!icmpv6_xrlim_allow(sk, type, &fl)) 401 goto out; 402 403 tmp_hdr.icmp6_type = type; 404 tmp_hdr.icmp6_code = code; 405 tmp_hdr.icmp6_cksum = 0; 406 tmp_hdr.icmp6_pointer = htonl(info); 407 408 if (!fl.oif && ipv6_addr_is_multicast(&fl.fl6_dst)) 409 fl.oif = np->mcast_oif; 410 411 err = ip6_dst_lookup(sk, &dst, &fl); 412 if (err) 413 goto out; 414 415 /* 416 * We won't send icmp if the destination is known 417 * anycast. 418 */ 419 if (((struct rt6_info *)dst)->rt6i_flags & RTF_ANYCAST) { 420 LIMIT_NETDEBUG(KERN_DEBUG "icmpv6_send: acast source\n"); 421 goto out_dst_release; 422 } 423 424 /* No need to clone since we're just using its address. */ 425 dst2 = dst; 426 427 err = xfrm_lookup(&dst, &fl, sk, 0); 428 switch (err) { 429 case 0: 430 if (dst != dst2) 431 goto route_done; 432 break; 433 case -EPERM: 434 dst = NULL; 435 break; 436 default: 437 goto out; 438 } 439 440 if (xfrm_decode_session_reverse(skb, &fl2, AF_INET6)) 441 goto out; 442 443 if (ip6_dst_lookup(sk, &dst2, &fl)) 444 goto out; 445 446 err = xfrm_lookup(&dst2, &fl, sk, XFRM_LOOKUP_ICMP); 447 if (err == -ENOENT) { 448 if (!dst) 449 goto out; 450 goto route_done; 451 } 452 453 dst_release(dst); 454 dst = dst2; 455 456 if (err) 457 goto out; 458 459 route_done: 460 if (ipv6_addr_is_multicast(&fl.fl6_dst)) 461 hlimit = np->mcast_hops; 462 else 463 hlimit = np->hop_limit; 464 if (hlimit < 0) 465 hlimit = dst_metric(dst, RTAX_HOPLIMIT); 466 if (hlimit < 0) 467 hlimit = ipv6_get_hoplimit(dst->dev); 468 469 tclass = np->tclass; 470 if (tclass < 0) 471 tclass = 0; 472 473 msg.skb = skb; 474 msg.offset = skb_network_offset(skb); 475 msg.type = type; 476 477 len = skb->len - msg.offset; 478 len = min_t(unsigned int, len, IPV6_MIN_MTU - sizeof(struct ipv6hdr) -sizeof(struct icmp6hdr)); 479 if (len < 0) { 480 LIMIT_NETDEBUG(KERN_DEBUG "icmp: len problem\n"); 481 goto out_dst_release; 482 } 483 484 idev = in6_dev_get(skb->dev); 485 486 err = ip6_append_data(sk, icmpv6_getfrag, &msg, 487 len + sizeof(struct icmp6hdr), 488 sizeof(struct icmp6hdr), 489 hlimit, tclass, NULL, &fl, (struct rt6_info*)dst, 490 MSG_DONTWAIT); 491 if (err) { 492 ip6_flush_pending_frames(sk); 493 goto out_put; 494 } 495 err = icmpv6_push_pending_frames(sk, &fl, &tmp_hdr, len + sizeof(struct icmp6hdr)); 496 497 out_put: 498 if (likely(idev != NULL)) 499 in6_dev_put(idev); 500 out_dst_release: 501 dst_release(dst); 502 out: 503 icmpv6_xmit_unlock(sk); 504 } 505 506 EXPORT_SYMBOL(icmpv6_send); 507 508 static void icmpv6_echo_reply(struct sk_buff *skb) 509 { 510 struct sock *sk; 511 struct inet6_dev *idev; 512 struct ipv6_pinfo *np; 513 struct in6_addr *saddr = NULL; 514 struct icmp6hdr *icmph = icmp6_hdr(skb); 515 struct icmp6hdr tmp_hdr; 516 struct flowi fl; 517 struct icmpv6_msg msg; 518 struct dst_entry *dst; 519 int err = 0; 520 int hlimit; 521 int tclass; 522 523 saddr = &ipv6_hdr(skb)->daddr; 524 525 if (!ipv6_unicast_destination(skb)) 526 saddr = NULL; 527 528 memcpy(&tmp_hdr, icmph, sizeof(tmp_hdr)); 529 tmp_hdr.icmp6_type = ICMPV6_ECHO_REPLY; 530 531 memset(&fl, 0, sizeof(fl)); 532 fl.proto = IPPROTO_ICMPV6; 533 ipv6_addr_copy(&fl.fl6_dst, &ipv6_hdr(skb)->saddr); 534 if (saddr) 535 ipv6_addr_copy(&fl.fl6_src, saddr); 536 fl.oif = skb->dev->ifindex; 537 fl.fl_icmp_type = ICMPV6_ECHO_REPLY; 538 security_skb_classify_flow(skb, &fl); 539 540 sk = icmpv6_sk(&init_net); 541 np = inet6_sk(sk); 542 543 if (icmpv6_xmit_lock(sk)) 544 return; 545 546 if (!fl.oif && ipv6_addr_is_multicast(&fl.fl6_dst)) 547 fl.oif = np->mcast_oif; 548 549 err = ip6_dst_lookup(sk, &dst, &fl); 550 if (err) 551 goto out; 552 if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0) 553 goto out; 554 555 if (ipv6_addr_is_multicast(&fl.fl6_dst)) 556 hlimit = np->mcast_hops; 557 else 558 hlimit = np->hop_limit; 559 if (hlimit < 0) 560 hlimit = dst_metric(dst, RTAX_HOPLIMIT); 561 if (hlimit < 0) 562 hlimit = ipv6_get_hoplimit(dst->dev); 563 564 tclass = np->tclass; 565 if (tclass < 0) 566 tclass = 0; 567 568 idev = in6_dev_get(skb->dev); 569 570 msg.skb = skb; 571 msg.offset = 0; 572 msg.type = ICMPV6_ECHO_REPLY; 573 574 err = ip6_append_data(sk, icmpv6_getfrag, &msg, skb->len + sizeof(struct icmp6hdr), 575 sizeof(struct icmp6hdr), hlimit, tclass, NULL, &fl, 576 (struct rt6_info*)dst, MSG_DONTWAIT); 577 578 if (err) { 579 ip6_flush_pending_frames(sk); 580 goto out_put; 581 } 582 err = icmpv6_push_pending_frames(sk, &fl, &tmp_hdr, skb->len + sizeof(struct icmp6hdr)); 583 584 out_put: 585 if (likely(idev != NULL)) 586 in6_dev_put(idev); 587 dst_release(dst); 588 out: 589 icmpv6_xmit_unlock(sk); 590 } 591 592 static void icmpv6_notify(struct sk_buff *skb, int type, int code, __be32 info) 593 { 594 struct inet6_protocol *ipprot; 595 int inner_offset; 596 int hash; 597 u8 nexthdr; 598 599 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) 600 return; 601 602 nexthdr = ((struct ipv6hdr *)skb->data)->nexthdr; 603 if (ipv6_ext_hdr(nexthdr)) { 604 /* now skip over extension headers */ 605 inner_offset = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), &nexthdr); 606 if (inner_offset<0) 607 return; 608 } else { 609 inner_offset = sizeof(struct ipv6hdr); 610 } 611 612 /* Checkin header including 8 bytes of inner protocol header. */ 613 if (!pskb_may_pull(skb, inner_offset+8)) 614 return; 615 616 /* BUGGG_FUTURE: we should try to parse exthdrs in this packet. 617 Without this we will not able f.e. to make source routed 618 pmtu discovery. 619 Corresponding argument (opt) to notifiers is already added. 620 --ANK (980726) 621 */ 622 623 hash = nexthdr & (MAX_INET_PROTOS - 1); 624 625 rcu_read_lock(); 626 ipprot = rcu_dereference(inet6_protos[hash]); 627 if (ipprot && ipprot->err_handler) 628 ipprot->err_handler(skb, NULL, type, code, inner_offset, info); 629 rcu_read_unlock(); 630 631 raw6_icmp_error(skb, nexthdr, type, code, inner_offset, info); 632 } 633 634 /* 635 * Handle icmp messages 636 */ 637 638 static int icmpv6_rcv(struct sk_buff *skb) 639 { 640 struct net_device *dev = skb->dev; 641 struct inet6_dev *idev = __in6_dev_get(dev); 642 struct in6_addr *saddr, *daddr; 643 struct ipv6hdr *orig_hdr; 644 struct icmp6hdr *hdr; 645 int type; 646 647 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) { 648 int nh; 649 650 if (!(skb->sp && skb->sp->xvec[skb->sp->len - 1]->props.flags & 651 XFRM_STATE_ICMP)) 652 goto drop_no_count; 653 654 if (!pskb_may_pull(skb, sizeof(*hdr) + sizeof(*orig_hdr))) 655 goto drop_no_count; 656 657 nh = skb_network_offset(skb); 658 skb_set_network_header(skb, sizeof(*hdr)); 659 660 if (!xfrm6_policy_check_reverse(NULL, XFRM_POLICY_IN, skb)) 661 goto drop_no_count; 662 663 skb_set_network_header(skb, nh); 664 } 665 666 ICMP6_INC_STATS_BH(idev, ICMP6_MIB_INMSGS); 667 668 saddr = &ipv6_hdr(skb)->saddr; 669 daddr = &ipv6_hdr(skb)->daddr; 670 671 /* Perform checksum. */ 672 switch (skb->ip_summed) { 673 case CHECKSUM_COMPLETE: 674 if (!csum_ipv6_magic(saddr, daddr, skb->len, IPPROTO_ICMPV6, 675 skb->csum)) 676 break; 677 /* fall through */ 678 case CHECKSUM_NONE: 679 skb->csum = ~csum_unfold(csum_ipv6_magic(saddr, daddr, skb->len, 680 IPPROTO_ICMPV6, 0)); 681 if (__skb_checksum_complete(skb)) { 682 LIMIT_NETDEBUG(KERN_DEBUG "ICMPv6 checksum failed [" NIP6_FMT " > " NIP6_FMT "]\n", 683 NIP6(*saddr), NIP6(*daddr)); 684 goto discard_it; 685 } 686 } 687 688 if (!pskb_pull(skb, sizeof(*hdr))) 689 goto discard_it; 690 691 hdr = icmp6_hdr(skb); 692 693 type = hdr->icmp6_type; 694 695 ICMP6MSGIN_INC_STATS_BH(idev, type); 696 697 switch (type) { 698 case ICMPV6_ECHO_REQUEST: 699 icmpv6_echo_reply(skb); 700 break; 701 702 case ICMPV6_ECHO_REPLY: 703 /* we couldn't care less */ 704 break; 705 706 case ICMPV6_PKT_TOOBIG: 707 /* BUGGG_FUTURE: if packet contains rthdr, we cannot update 708 standard destination cache. Seems, only "advanced" 709 destination cache will allow to solve this problem 710 --ANK (980726) 711 */ 712 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) 713 goto discard_it; 714 hdr = icmp6_hdr(skb); 715 orig_hdr = (struct ipv6hdr *) (hdr + 1); 716 rt6_pmtu_discovery(&orig_hdr->daddr, &orig_hdr->saddr, dev, 717 ntohl(hdr->icmp6_mtu)); 718 719 /* 720 * Drop through to notify 721 */ 722 723 case ICMPV6_DEST_UNREACH: 724 case ICMPV6_TIME_EXCEED: 725 case ICMPV6_PARAMPROB: 726 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu); 727 break; 728 729 case NDISC_ROUTER_SOLICITATION: 730 case NDISC_ROUTER_ADVERTISEMENT: 731 case NDISC_NEIGHBOUR_SOLICITATION: 732 case NDISC_NEIGHBOUR_ADVERTISEMENT: 733 case NDISC_REDIRECT: 734 ndisc_rcv(skb); 735 break; 736 737 case ICMPV6_MGM_QUERY: 738 igmp6_event_query(skb); 739 break; 740 741 case ICMPV6_MGM_REPORT: 742 igmp6_event_report(skb); 743 break; 744 745 case ICMPV6_MGM_REDUCTION: 746 case ICMPV6_NI_QUERY: 747 case ICMPV6_NI_REPLY: 748 case ICMPV6_MLD2_REPORT: 749 case ICMPV6_DHAAD_REQUEST: 750 case ICMPV6_DHAAD_REPLY: 751 case ICMPV6_MOBILE_PREFIX_SOL: 752 case ICMPV6_MOBILE_PREFIX_ADV: 753 break; 754 755 default: 756 LIMIT_NETDEBUG(KERN_DEBUG "icmpv6: msg of unknown type\n"); 757 758 /* informational */ 759 if (type & ICMPV6_INFOMSG_MASK) 760 break; 761 762 /* 763 * error of unknown type. 764 * must pass to upper level 765 */ 766 767 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu); 768 } 769 770 kfree_skb(skb); 771 return 0; 772 773 discard_it: 774 ICMP6_INC_STATS_BH(idev, ICMP6_MIB_INERRORS); 775 drop_no_count: 776 kfree_skb(skb); 777 return 0; 778 } 779 780 void icmpv6_flow_init(struct sock *sk, struct flowi *fl, 781 u8 type, 782 const struct in6_addr *saddr, 783 const struct in6_addr *daddr, 784 int oif) 785 { 786 memset(fl, 0, sizeof(*fl)); 787 ipv6_addr_copy(&fl->fl6_src, saddr); 788 ipv6_addr_copy(&fl->fl6_dst, daddr); 789 fl->proto = IPPROTO_ICMPV6; 790 fl->fl_icmp_type = type; 791 fl->fl_icmp_code = 0; 792 fl->oif = oif; 793 security_sk_classify_flow(sk, fl); 794 } 795 796 /* 797 * Special lock-class for __icmpv6_sk: 798 */ 799 static struct lock_class_key icmpv6_socket_sk_dst_lock_key; 800 801 static int __net_init icmpv6_sk_init(struct net *net) 802 { 803 struct sock *sk; 804 int err, i, j; 805 806 net->ipv6.icmp_sk = 807 kzalloc(nr_cpu_ids * sizeof(struct sock *), GFP_KERNEL); 808 if (net->ipv6.icmp_sk == NULL) 809 return -ENOMEM; 810 811 for_each_possible_cpu(i) { 812 struct socket *sock; 813 err = sock_create_kern(PF_INET6, SOCK_RAW, IPPROTO_ICMPV6, 814 &sock); 815 if (err < 0) { 816 printk(KERN_ERR 817 "Failed to initialize the ICMP6 control socket " 818 "(err %d).\n", 819 err); 820 goto fail; 821 } 822 823 net->ipv6.icmp_sk[i] = sk = sock->sk; 824 sk_change_net(sk, net); 825 826 sk->sk_allocation = GFP_ATOMIC; 827 /* 828 * Split off their lock-class, because sk->sk_dst_lock 829 * gets used from softirqs, which is safe for 830 * __icmpv6_sk (because those never get directly used 831 * via userspace syscalls), but unsafe for normal sockets. 832 */ 833 lockdep_set_class(&sk->sk_dst_lock, 834 &icmpv6_socket_sk_dst_lock_key); 835 836 /* Enough space for 2 64K ICMP packets, including 837 * sk_buff struct overhead. 838 */ 839 sk->sk_sndbuf = 840 (2 * ((64 * 1024) + sizeof(struct sk_buff))); 841 842 sk->sk_prot->unhash(sk); 843 } 844 return 0; 845 846 fail: 847 for (j = 0; j < i; j++) 848 sk_release_kernel(net->ipv6.icmp_sk[j]); 849 kfree(net->ipv6.icmp_sk); 850 return err; 851 } 852 853 static void __net_exit icmpv6_sk_exit(struct net *net) 854 { 855 int i; 856 857 for_each_possible_cpu(i) { 858 sk_release_kernel(net->ipv6.icmp_sk[i]); 859 } 860 kfree(net->ipv6.icmp_sk); 861 } 862 863 static struct pernet_operations icmpv6_sk_ops = { 864 .init = icmpv6_sk_init, 865 .exit = icmpv6_sk_exit, 866 }; 867 868 int __init icmpv6_init(void) 869 { 870 int err; 871 872 err = register_pernet_subsys(&icmpv6_sk_ops); 873 if (err < 0) 874 return err; 875 876 err = -EAGAIN; 877 if (inet6_add_protocol(&icmpv6_protocol, IPPROTO_ICMPV6) < 0) 878 goto fail; 879 return 0; 880 881 fail: 882 printk(KERN_ERR "Failed to register ICMP6 protocol\n"); 883 unregister_pernet_subsys(&icmpv6_sk_ops); 884 return err; 885 } 886 887 void icmpv6_cleanup(void) 888 { 889 unregister_pernet_subsys(&icmpv6_sk_ops); 890 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6); 891 } 892 893 894 static const struct icmp6_err { 895 int err; 896 int fatal; 897 } tab_unreach[] = { 898 { /* NOROUTE */ 899 .err = ENETUNREACH, 900 .fatal = 0, 901 }, 902 { /* ADM_PROHIBITED */ 903 .err = EACCES, 904 .fatal = 1, 905 }, 906 { /* Was NOT_NEIGHBOUR, now reserved */ 907 .err = EHOSTUNREACH, 908 .fatal = 0, 909 }, 910 { /* ADDR_UNREACH */ 911 .err = EHOSTUNREACH, 912 .fatal = 0, 913 }, 914 { /* PORT_UNREACH */ 915 .err = ECONNREFUSED, 916 .fatal = 1, 917 }, 918 }; 919 920 int icmpv6_err_convert(int type, int code, int *err) 921 { 922 int fatal = 0; 923 924 *err = EPROTO; 925 926 switch (type) { 927 case ICMPV6_DEST_UNREACH: 928 fatal = 1; 929 if (code <= ICMPV6_PORT_UNREACH) { 930 *err = tab_unreach[code].err; 931 fatal = tab_unreach[code].fatal; 932 } 933 break; 934 935 case ICMPV6_PKT_TOOBIG: 936 *err = EMSGSIZE; 937 break; 938 939 case ICMPV6_PARAMPROB: 940 *err = EPROTO; 941 fatal = 1; 942 break; 943 944 case ICMPV6_TIME_EXCEED: 945 *err = EHOSTUNREACH; 946 break; 947 } 948 949 return fatal; 950 } 951 952 EXPORT_SYMBOL(icmpv6_err_convert); 953 954 #ifdef CONFIG_SYSCTL 955 ctl_table ipv6_icmp_table_template[] = { 956 { 957 .ctl_name = NET_IPV6_ICMP_RATELIMIT, 958 .procname = "ratelimit", 959 .data = &init_net.ipv6.sysctl.icmpv6_time, 960 .maxlen = sizeof(int), 961 .mode = 0644, 962 .proc_handler = &proc_dointvec 963 }, 964 { .ctl_name = 0 }, 965 }; 966 967 struct ctl_table *ipv6_icmp_sysctl_init(struct net *net) 968 { 969 struct ctl_table *table; 970 971 table = kmemdup(ipv6_icmp_table_template, 972 sizeof(ipv6_icmp_table_template), 973 GFP_KERNEL); 974 975 if (table) 976 table[0].data = &net->ipv6.sysctl.icmpv6_time; 977 978 return table; 979 } 980 #endif 981 982