1 /* 2 * Internet Control Message Protocol (ICMPv6) 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * 8 * Based on net/ipv4/icmp.c 9 * 10 * RFC 1885 11 * 12 * This program is free software; you can redistribute it and/or 13 * modify it under the terms of the GNU General Public License 14 * as published by the Free Software Foundation; either version 15 * 2 of the License, or (at your option) any later version. 16 */ 17 18 /* 19 * Changes: 20 * 21 * Andi Kleen : exception handling 22 * Andi Kleen add rate limits. never reply to a icmp. 23 * add more length checks and other fixes. 24 * yoshfuji : ensure to sent parameter problem for 25 * fragments. 26 * YOSHIFUJI Hideaki @USAGI: added sysctl for icmp rate limit. 27 * Randy Dunlap and 28 * YOSHIFUJI Hideaki @USAGI: Per-interface statistics support 29 * Kazunori MIYAZAWA @USAGI: change output process to use ip6_append_data 30 */ 31 32 #include <linux/module.h> 33 #include <linux/errno.h> 34 #include <linux/types.h> 35 #include <linux/socket.h> 36 #include <linux/in.h> 37 #include <linux/kernel.h> 38 #include <linux/sockios.h> 39 #include <linux/net.h> 40 #include <linux/skbuff.h> 41 #include <linux/init.h> 42 #include <linux/netfilter.h> 43 #include <linux/slab.h> 44 45 #ifdef CONFIG_SYSCTL 46 #include <linux/sysctl.h> 47 #endif 48 49 #include <linux/inet.h> 50 #include <linux/netdevice.h> 51 #include <linux/icmpv6.h> 52 53 #include <net/ip.h> 54 #include <net/sock.h> 55 56 #include <net/ipv6.h> 57 #include <net/ip6_checksum.h> 58 #include <net/protocol.h> 59 #include <net/raw.h> 60 #include <net/rawv6.h> 61 #include <net/transp_v6.h> 62 #include <net/ip6_route.h> 63 #include <net/addrconf.h> 64 #include <net/icmp.h> 65 #include <net/xfrm.h> 66 #include <net/inet_common.h> 67 68 #include <asm/uaccess.h> 69 #include <asm/system.h> 70 71 /* 72 * The ICMP socket(s). This is the most convenient way to flow control 73 * our ICMP output as well as maintain a clean interface throughout 74 * all layers. All Socketless IP sends will soon be gone. 75 * 76 * On SMP we have one ICMP socket per-cpu. 77 */ 78 static inline struct sock *icmpv6_sk(struct net *net) 79 { 80 return net->ipv6.icmp_sk[smp_processor_id()]; 81 } 82 83 static int icmpv6_rcv(struct sk_buff *skb); 84 85 static const struct inet6_protocol icmpv6_protocol = { 86 .handler = icmpv6_rcv, 87 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL, 88 }; 89 90 static __inline__ struct sock *icmpv6_xmit_lock(struct net *net) 91 { 92 struct sock *sk; 93 94 local_bh_disable(); 95 96 sk = icmpv6_sk(net); 97 if (unlikely(!spin_trylock(&sk->sk_lock.slock))) { 98 /* This can happen if the output path (f.e. SIT or 99 * ip6ip6 tunnel) signals dst_link_failure() for an 100 * outgoing ICMP6 packet. 101 */ 102 local_bh_enable(); 103 return NULL; 104 } 105 return sk; 106 } 107 108 static __inline__ void icmpv6_xmit_unlock(struct sock *sk) 109 { 110 spin_unlock_bh(&sk->sk_lock.slock); 111 } 112 113 /* 114 * Slightly more convenient version of icmpv6_send. 115 */ 116 void icmpv6_param_prob(struct sk_buff *skb, u8 code, int pos) 117 { 118 icmpv6_send(skb, ICMPV6_PARAMPROB, code, pos); 119 kfree_skb(skb); 120 } 121 122 /* 123 * Figure out, may we reply to this packet with icmp error. 124 * 125 * We do not reply, if: 126 * - it was icmp error message. 127 * - it is truncated, so that it is known, that protocol is ICMPV6 128 * (i.e. in the middle of some exthdr) 129 * 130 * --ANK (980726) 131 */ 132 133 static int is_ineligible(struct sk_buff *skb) 134 { 135 int ptr = (u8 *)(ipv6_hdr(skb) + 1) - skb->data; 136 int len = skb->len - ptr; 137 __u8 nexthdr = ipv6_hdr(skb)->nexthdr; 138 139 if (len < 0) 140 return 1; 141 142 ptr = ipv6_skip_exthdr(skb, ptr, &nexthdr); 143 if (ptr < 0) 144 return 0; 145 if (nexthdr == IPPROTO_ICMPV6) { 146 u8 _type, *tp; 147 tp = skb_header_pointer(skb, 148 ptr+offsetof(struct icmp6hdr, icmp6_type), 149 sizeof(_type), &_type); 150 if (tp == NULL || 151 !(*tp & ICMPV6_INFOMSG_MASK)) 152 return 1; 153 } 154 return 0; 155 } 156 157 /* 158 * Check the ICMP output rate limit 159 */ 160 static inline bool icmpv6_xrlim_allow(struct sock *sk, u8 type, 161 struct flowi *fl) 162 { 163 struct dst_entry *dst; 164 struct net *net = sock_net(sk); 165 bool res = false; 166 167 /* Informational messages are not limited. */ 168 if (type & ICMPV6_INFOMSG_MASK) 169 return true; 170 171 /* Do not limit pmtu discovery, it would break it. */ 172 if (type == ICMPV6_PKT_TOOBIG) 173 return true; 174 175 /* 176 * Look up the output route. 177 * XXX: perhaps the expire for routing entries cloned by 178 * this lookup should be more aggressive (not longer than timeout). 179 */ 180 dst = ip6_route_output(net, sk, fl); 181 if (dst->error) { 182 IP6_INC_STATS(net, ip6_dst_idev(dst), 183 IPSTATS_MIB_OUTNOROUTES); 184 } else if (dst->dev && (dst->dev->flags&IFF_LOOPBACK)) { 185 res = true; 186 } else { 187 struct rt6_info *rt = (struct rt6_info *)dst; 188 int tmo = net->ipv6.sysctl.icmpv6_time; 189 190 /* Give more bandwidth to wider prefixes. */ 191 if (rt->rt6i_dst.plen < 128) 192 tmo >>= ((128 - rt->rt6i_dst.plen)>>5); 193 194 if (!rt->rt6i_peer) 195 rt6_bind_peer(rt, 1); 196 res = inet_peer_xrlim_allow(rt->rt6i_peer, tmo); 197 } 198 dst_release(dst); 199 return res; 200 } 201 202 /* 203 * an inline helper for the "simple" if statement below 204 * checks if parameter problem report is caused by an 205 * unrecognized IPv6 option that has the Option Type 206 * highest-order two bits set to 10 207 */ 208 209 static __inline__ int opt_unrec(struct sk_buff *skb, __u32 offset) 210 { 211 u8 _optval, *op; 212 213 offset += skb_network_offset(skb); 214 op = skb_header_pointer(skb, offset, sizeof(_optval), &_optval); 215 if (op == NULL) 216 return 1; 217 return (*op & 0xC0) == 0x80; 218 } 219 220 static int icmpv6_push_pending_frames(struct sock *sk, struct flowi *fl, struct icmp6hdr *thdr, int len) 221 { 222 struct sk_buff *skb; 223 struct icmp6hdr *icmp6h; 224 int err = 0; 225 226 if ((skb = skb_peek(&sk->sk_write_queue)) == NULL) 227 goto out; 228 229 icmp6h = icmp6_hdr(skb); 230 memcpy(icmp6h, thdr, sizeof(struct icmp6hdr)); 231 icmp6h->icmp6_cksum = 0; 232 233 if (skb_queue_len(&sk->sk_write_queue) == 1) { 234 skb->csum = csum_partial(icmp6h, 235 sizeof(struct icmp6hdr), skb->csum); 236 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl->fl6_src, 237 &fl->fl6_dst, 238 len, fl->proto, 239 skb->csum); 240 } else { 241 __wsum tmp_csum = 0; 242 243 skb_queue_walk(&sk->sk_write_queue, skb) { 244 tmp_csum = csum_add(tmp_csum, skb->csum); 245 } 246 247 tmp_csum = csum_partial(icmp6h, 248 sizeof(struct icmp6hdr), tmp_csum); 249 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl->fl6_src, 250 &fl->fl6_dst, 251 len, fl->proto, 252 tmp_csum); 253 } 254 ip6_push_pending_frames(sk); 255 out: 256 return err; 257 } 258 259 struct icmpv6_msg { 260 struct sk_buff *skb; 261 int offset; 262 uint8_t type; 263 }; 264 265 static int icmpv6_getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb) 266 { 267 struct icmpv6_msg *msg = (struct icmpv6_msg *) from; 268 struct sk_buff *org_skb = msg->skb; 269 __wsum csum = 0; 270 271 csum = skb_copy_and_csum_bits(org_skb, msg->offset + offset, 272 to, len, csum); 273 skb->csum = csum_block_add(skb->csum, csum, odd); 274 if (!(msg->type & ICMPV6_INFOMSG_MASK)) 275 nf_ct_attach(skb, org_skb); 276 return 0; 277 } 278 279 #if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE) 280 static void mip6_addr_swap(struct sk_buff *skb) 281 { 282 struct ipv6hdr *iph = ipv6_hdr(skb); 283 struct inet6_skb_parm *opt = IP6CB(skb); 284 struct ipv6_destopt_hao *hao; 285 struct in6_addr tmp; 286 int off; 287 288 if (opt->dsthao) { 289 off = ipv6_find_tlv(skb, opt->dsthao, IPV6_TLV_HAO); 290 if (likely(off >= 0)) { 291 hao = (struct ipv6_destopt_hao *) 292 (skb_network_header(skb) + off); 293 ipv6_addr_copy(&tmp, &iph->saddr); 294 ipv6_addr_copy(&iph->saddr, &hao->addr); 295 ipv6_addr_copy(&hao->addr, &tmp); 296 } 297 } 298 } 299 #else 300 static inline void mip6_addr_swap(struct sk_buff *skb) {} 301 #endif 302 303 static struct dst_entry *icmpv6_route_lookup(struct net *net, struct sk_buff *skb, 304 struct sock *sk, struct flowi *fl) 305 { 306 struct dst_entry *dst, *dst2; 307 struct flowi fl2; 308 int err; 309 310 err = ip6_dst_lookup(sk, &dst, fl); 311 if (err) 312 return ERR_PTR(err); 313 314 /* 315 * We won't send icmp if the destination is known 316 * anycast. 317 */ 318 if (((struct rt6_info *)dst)->rt6i_flags & RTF_ANYCAST) { 319 LIMIT_NETDEBUG(KERN_DEBUG "icmpv6_send: acast source\n"); 320 dst_release(dst); 321 return ERR_PTR(-EINVAL); 322 } 323 324 /* No need to clone since we're just using its address. */ 325 dst2 = dst; 326 327 err = xfrm_lookup(net, &dst, fl, sk, 0); 328 switch (err) { 329 case 0: 330 if (dst != dst2) 331 return dst; 332 break; 333 case -EPERM: 334 dst = NULL; 335 break; 336 default: 337 return ERR_PTR(err); 338 } 339 340 err = xfrm_decode_session_reverse(skb, &fl2, AF_INET6); 341 if (err) 342 goto relookup_failed; 343 344 err = ip6_dst_lookup(sk, &dst2, &fl2); 345 if (err) 346 goto relookup_failed; 347 348 err = xfrm_lookup(net, &dst2, &fl2, sk, XFRM_LOOKUP_ICMP); 349 switch (err) { 350 case 0: 351 dst_release(dst); 352 dst = dst2; 353 break; 354 case -EPERM: 355 dst_release(dst); 356 return ERR_PTR(err); 357 default: 358 goto relookup_failed; 359 } 360 361 relookup_failed: 362 if (dst) 363 return dst; 364 return ERR_PTR(err); 365 } 366 367 /* 368 * Send an ICMP message in response to a packet in error 369 */ 370 void icmpv6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info) 371 { 372 struct net *net = dev_net(skb->dev); 373 struct inet6_dev *idev = NULL; 374 struct ipv6hdr *hdr = ipv6_hdr(skb); 375 struct sock *sk; 376 struct ipv6_pinfo *np; 377 struct in6_addr *saddr = NULL; 378 struct dst_entry *dst; 379 struct icmp6hdr tmp_hdr; 380 struct flowi fl; 381 struct icmpv6_msg msg; 382 int iif = 0; 383 int addr_type = 0; 384 int len; 385 int hlimit; 386 int err = 0; 387 388 if ((u8 *)hdr < skb->head || 389 (skb->network_header + sizeof(*hdr)) > skb->tail) 390 return; 391 392 /* 393 * Make sure we respect the rules 394 * i.e. RFC 1885 2.4(e) 395 * Rule (e.1) is enforced by not using icmpv6_send 396 * in any code that processes icmp errors. 397 */ 398 addr_type = ipv6_addr_type(&hdr->daddr); 399 400 if (ipv6_chk_addr(net, &hdr->daddr, skb->dev, 0)) 401 saddr = &hdr->daddr; 402 403 /* 404 * Dest addr check 405 */ 406 407 if ((addr_type & IPV6_ADDR_MULTICAST || skb->pkt_type != PACKET_HOST)) { 408 if (type != ICMPV6_PKT_TOOBIG && 409 !(type == ICMPV6_PARAMPROB && 410 code == ICMPV6_UNK_OPTION && 411 (opt_unrec(skb, info)))) 412 return; 413 414 saddr = NULL; 415 } 416 417 addr_type = ipv6_addr_type(&hdr->saddr); 418 419 /* 420 * Source addr check 421 */ 422 423 if (addr_type & IPV6_ADDR_LINKLOCAL) 424 iif = skb->dev->ifindex; 425 426 /* 427 * Must not send error if the source does not uniquely 428 * identify a single node (RFC2463 Section 2.4). 429 * We check unspecified / multicast addresses here, 430 * and anycast addresses will be checked later. 431 */ 432 if ((addr_type == IPV6_ADDR_ANY) || (addr_type & IPV6_ADDR_MULTICAST)) { 433 LIMIT_NETDEBUG(KERN_DEBUG "icmpv6_send: addr_any/mcast source\n"); 434 return; 435 } 436 437 /* 438 * Never answer to a ICMP packet. 439 */ 440 if (is_ineligible(skb)) { 441 LIMIT_NETDEBUG(KERN_DEBUG "icmpv6_send: no reply to icmp error\n"); 442 return; 443 } 444 445 mip6_addr_swap(skb); 446 447 memset(&fl, 0, sizeof(fl)); 448 fl.proto = IPPROTO_ICMPV6; 449 ipv6_addr_copy(&fl.fl6_dst, &hdr->saddr); 450 if (saddr) 451 ipv6_addr_copy(&fl.fl6_src, saddr); 452 fl.oif = iif; 453 fl.fl_icmp_type = type; 454 fl.fl_icmp_code = code; 455 security_skb_classify_flow(skb, &fl); 456 457 sk = icmpv6_xmit_lock(net); 458 if (sk == NULL) 459 return; 460 np = inet6_sk(sk); 461 462 if (!icmpv6_xrlim_allow(sk, type, &fl)) 463 goto out; 464 465 tmp_hdr.icmp6_type = type; 466 tmp_hdr.icmp6_code = code; 467 tmp_hdr.icmp6_cksum = 0; 468 tmp_hdr.icmp6_pointer = htonl(info); 469 470 if (!fl.oif && ipv6_addr_is_multicast(&fl.fl6_dst)) 471 fl.oif = np->mcast_oif; 472 473 dst = icmpv6_route_lookup(net, skb, sk, &fl); 474 if (IS_ERR(dst)) 475 goto out; 476 477 if (ipv6_addr_is_multicast(&fl.fl6_dst)) 478 hlimit = np->mcast_hops; 479 else 480 hlimit = np->hop_limit; 481 if (hlimit < 0) 482 hlimit = ip6_dst_hoplimit(dst); 483 484 msg.skb = skb; 485 msg.offset = skb_network_offset(skb); 486 msg.type = type; 487 488 len = skb->len - msg.offset; 489 len = min_t(unsigned int, len, IPV6_MIN_MTU - sizeof(struct ipv6hdr) -sizeof(struct icmp6hdr)); 490 if (len < 0) { 491 LIMIT_NETDEBUG(KERN_DEBUG "icmp: len problem\n"); 492 goto out_dst_release; 493 } 494 495 idev = in6_dev_get(skb->dev); 496 497 err = ip6_append_data(sk, icmpv6_getfrag, &msg, 498 len + sizeof(struct icmp6hdr), 499 sizeof(struct icmp6hdr), hlimit, 500 np->tclass, NULL, &fl, (struct rt6_info*)dst, 501 MSG_DONTWAIT, np->dontfrag); 502 if (err) { 503 ICMP6_INC_STATS_BH(net, idev, ICMP6_MIB_OUTERRORS); 504 ip6_flush_pending_frames(sk); 505 goto out_put; 506 } 507 err = icmpv6_push_pending_frames(sk, &fl, &tmp_hdr, len + sizeof(struct icmp6hdr)); 508 509 out_put: 510 if (likely(idev != NULL)) 511 in6_dev_put(idev); 512 out_dst_release: 513 dst_release(dst); 514 out: 515 icmpv6_xmit_unlock(sk); 516 } 517 518 EXPORT_SYMBOL(icmpv6_send); 519 520 static void icmpv6_echo_reply(struct sk_buff *skb) 521 { 522 struct net *net = dev_net(skb->dev); 523 struct sock *sk; 524 struct inet6_dev *idev; 525 struct ipv6_pinfo *np; 526 struct in6_addr *saddr = NULL; 527 struct icmp6hdr *icmph = icmp6_hdr(skb); 528 struct icmp6hdr tmp_hdr; 529 struct flowi fl; 530 struct icmpv6_msg msg; 531 struct dst_entry *dst; 532 int err = 0; 533 int hlimit; 534 535 saddr = &ipv6_hdr(skb)->daddr; 536 537 if (!ipv6_unicast_destination(skb)) 538 saddr = NULL; 539 540 memcpy(&tmp_hdr, icmph, sizeof(tmp_hdr)); 541 tmp_hdr.icmp6_type = ICMPV6_ECHO_REPLY; 542 543 memset(&fl, 0, sizeof(fl)); 544 fl.proto = IPPROTO_ICMPV6; 545 ipv6_addr_copy(&fl.fl6_dst, &ipv6_hdr(skb)->saddr); 546 if (saddr) 547 ipv6_addr_copy(&fl.fl6_src, saddr); 548 fl.oif = skb->dev->ifindex; 549 fl.fl_icmp_type = ICMPV6_ECHO_REPLY; 550 security_skb_classify_flow(skb, &fl); 551 552 sk = icmpv6_xmit_lock(net); 553 if (sk == NULL) 554 return; 555 np = inet6_sk(sk); 556 557 if (!fl.oif && ipv6_addr_is_multicast(&fl.fl6_dst)) 558 fl.oif = np->mcast_oif; 559 560 err = ip6_dst_lookup(sk, &dst, &fl); 561 if (err) 562 goto out; 563 if ((err = xfrm_lookup(net, &dst, &fl, sk, 0)) < 0) 564 goto out; 565 566 if (ipv6_addr_is_multicast(&fl.fl6_dst)) 567 hlimit = np->mcast_hops; 568 else 569 hlimit = np->hop_limit; 570 if (hlimit < 0) 571 hlimit = ip6_dst_hoplimit(dst); 572 573 idev = in6_dev_get(skb->dev); 574 575 msg.skb = skb; 576 msg.offset = 0; 577 msg.type = ICMPV6_ECHO_REPLY; 578 579 err = ip6_append_data(sk, icmpv6_getfrag, &msg, skb->len + sizeof(struct icmp6hdr), 580 sizeof(struct icmp6hdr), hlimit, np->tclass, NULL, &fl, 581 (struct rt6_info*)dst, MSG_DONTWAIT, 582 np->dontfrag); 583 584 if (err) { 585 ICMP6_INC_STATS_BH(net, idev, ICMP6_MIB_OUTERRORS); 586 ip6_flush_pending_frames(sk); 587 goto out_put; 588 } 589 err = icmpv6_push_pending_frames(sk, &fl, &tmp_hdr, skb->len + sizeof(struct icmp6hdr)); 590 591 out_put: 592 if (likely(idev != NULL)) 593 in6_dev_put(idev); 594 dst_release(dst); 595 out: 596 icmpv6_xmit_unlock(sk); 597 } 598 599 static void icmpv6_notify(struct sk_buff *skb, u8 type, u8 code, __be32 info) 600 { 601 const struct inet6_protocol *ipprot; 602 int inner_offset; 603 int hash; 604 u8 nexthdr; 605 606 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) 607 return; 608 609 nexthdr = ((struct ipv6hdr *)skb->data)->nexthdr; 610 if (ipv6_ext_hdr(nexthdr)) { 611 /* now skip over extension headers */ 612 inner_offset = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), &nexthdr); 613 if (inner_offset<0) 614 return; 615 } else { 616 inner_offset = sizeof(struct ipv6hdr); 617 } 618 619 /* Checkin header including 8 bytes of inner protocol header. */ 620 if (!pskb_may_pull(skb, inner_offset+8)) 621 return; 622 623 /* BUGGG_FUTURE: we should try to parse exthdrs in this packet. 624 Without this we will not able f.e. to make source routed 625 pmtu discovery. 626 Corresponding argument (opt) to notifiers is already added. 627 --ANK (980726) 628 */ 629 630 hash = nexthdr & (MAX_INET_PROTOS - 1); 631 632 rcu_read_lock(); 633 ipprot = rcu_dereference(inet6_protos[hash]); 634 if (ipprot && ipprot->err_handler) 635 ipprot->err_handler(skb, NULL, type, code, inner_offset, info); 636 rcu_read_unlock(); 637 638 raw6_icmp_error(skb, nexthdr, type, code, inner_offset, info); 639 } 640 641 /* 642 * Handle icmp messages 643 */ 644 645 static int icmpv6_rcv(struct sk_buff *skb) 646 { 647 struct net_device *dev = skb->dev; 648 struct inet6_dev *idev = __in6_dev_get(dev); 649 struct in6_addr *saddr, *daddr; 650 struct ipv6hdr *orig_hdr; 651 struct icmp6hdr *hdr; 652 u8 type; 653 654 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) { 655 struct sec_path *sp = skb_sec_path(skb); 656 int nh; 657 658 if (!(sp && sp->xvec[sp->len - 1]->props.flags & 659 XFRM_STATE_ICMP)) 660 goto drop_no_count; 661 662 if (!pskb_may_pull(skb, sizeof(*hdr) + sizeof(*orig_hdr))) 663 goto drop_no_count; 664 665 nh = skb_network_offset(skb); 666 skb_set_network_header(skb, sizeof(*hdr)); 667 668 if (!xfrm6_policy_check_reverse(NULL, XFRM_POLICY_IN, skb)) 669 goto drop_no_count; 670 671 skb_set_network_header(skb, nh); 672 } 673 674 ICMP6_INC_STATS_BH(dev_net(dev), idev, ICMP6_MIB_INMSGS); 675 676 saddr = &ipv6_hdr(skb)->saddr; 677 daddr = &ipv6_hdr(skb)->daddr; 678 679 /* Perform checksum. */ 680 switch (skb->ip_summed) { 681 case CHECKSUM_COMPLETE: 682 if (!csum_ipv6_magic(saddr, daddr, skb->len, IPPROTO_ICMPV6, 683 skb->csum)) 684 break; 685 /* fall through */ 686 case CHECKSUM_NONE: 687 skb->csum = ~csum_unfold(csum_ipv6_magic(saddr, daddr, skb->len, 688 IPPROTO_ICMPV6, 0)); 689 if (__skb_checksum_complete(skb)) { 690 LIMIT_NETDEBUG(KERN_DEBUG "ICMPv6 checksum failed [%pI6 > %pI6]\n", 691 saddr, daddr); 692 goto discard_it; 693 } 694 } 695 696 if (!pskb_pull(skb, sizeof(*hdr))) 697 goto discard_it; 698 699 hdr = icmp6_hdr(skb); 700 701 type = hdr->icmp6_type; 702 703 ICMP6MSGIN_INC_STATS_BH(dev_net(dev), idev, type); 704 705 switch (type) { 706 case ICMPV6_ECHO_REQUEST: 707 icmpv6_echo_reply(skb); 708 break; 709 710 case ICMPV6_ECHO_REPLY: 711 /* we couldn't care less */ 712 break; 713 714 case ICMPV6_PKT_TOOBIG: 715 /* BUGGG_FUTURE: if packet contains rthdr, we cannot update 716 standard destination cache. Seems, only "advanced" 717 destination cache will allow to solve this problem 718 --ANK (980726) 719 */ 720 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) 721 goto discard_it; 722 hdr = icmp6_hdr(skb); 723 orig_hdr = (struct ipv6hdr *) (hdr + 1); 724 rt6_pmtu_discovery(&orig_hdr->daddr, &orig_hdr->saddr, dev, 725 ntohl(hdr->icmp6_mtu)); 726 727 /* 728 * Drop through to notify 729 */ 730 731 case ICMPV6_DEST_UNREACH: 732 case ICMPV6_TIME_EXCEED: 733 case ICMPV6_PARAMPROB: 734 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu); 735 break; 736 737 case NDISC_ROUTER_SOLICITATION: 738 case NDISC_ROUTER_ADVERTISEMENT: 739 case NDISC_NEIGHBOUR_SOLICITATION: 740 case NDISC_NEIGHBOUR_ADVERTISEMENT: 741 case NDISC_REDIRECT: 742 ndisc_rcv(skb); 743 break; 744 745 case ICMPV6_MGM_QUERY: 746 igmp6_event_query(skb); 747 break; 748 749 case ICMPV6_MGM_REPORT: 750 igmp6_event_report(skb); 751 break; 752 753 case ICMPV6_MGM_REDUCTION: 754 case ICMPV6_NI_QUERY: 755 case ICMPV6_NI_REPLY: 756 case ICMPV6_MLD2_REPORT: 757 case ICMPV6_DHAAD_REQUEST: 758 case ICMPV6_DHAAD_REPLY: 759 case ICMPV6_MOBILE_PREFIX_SOL: 760 case ICMPV6_MOBILE_PREFIX_ADV: 761 break; 762 763 default: 764 LIMIT_NETDEBUG(KERN_DEBUG "icmpv6: msg of unknown type\n"); 765 766 /* informational */ 767 if (type & ICMPV6_INFOMSG_MASK) 768 break; 769 770 /* 771 * error of unknown type. 772 * must pass to upper level 773 */ 774 775 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu); 776 } 777 778 kfree_skb(skb); 779 return 0; 780 781 discard_it: 782 ICMP6_INC_STATS_BH(dev_net(dev), idev, ICMP6_MIB_INERRORS); 783 drop_no_count: 784 kfree_skb(skb); 785 return 0; 786 } 787 788 void icmpv6_flow_init(struct sock *sk, struct flowi *fl, 789 u8 type, 790 const struct in6_addr *saddr, 791 const struct in6_addr *daddr, 792 int oif) 793 { 794 memset(fl, 0, sizeof(*fl)); 795 ipv6_addr_copy(&fl->fl6_src, saddr); 796 ipv6_addr_copy(&fl->fl6_dst, daddr); 797 fl->proto = IPPROTO_ICMPV6; 798 fl->fl_icmp_type = type; 799 fl->fl_icmp_code = 0; 800 fl->oif = oif; 801 security_sk_classify_flow(sk, fl); 802 } 803 804 /* 805 * Special lock-class for __icmpv6_sk: 806 */ 807 static struct lock_class_key icmpv6_socket_sk_dst_lock_key; 808 809 static int __net_init icmpv6_sk_init(struct net *net) 810 { 811 struct sock *sk; 812 int err, i, j; 813 814 net->ipv6.icmp_sk = 815 kzalloc(nr_cpu_ids * sizeof(struct sock *), GFP_KERNEL); 816 if (net->ipv6.icmp_sk == NULL) 817 return -ENOMEM; 818 819 for_each_possible_cpu(i) { 820 err = inet_ctl_sock_create(&sk, PF_INET6, 821 SOCK_RAW, IPPROTO_ICMPV6, net); 822 if (err < 0) { 823 printk(KERN_ERR 824 "Failed to initialize the ICMP6 control socket " 825 "(err %d).\n", 826 err); 827 goto fail; 828 } 829 830 net->ipv6.icmp_sk[i] = sk; 831 832 /* 833 * Split off their lock-class, because sk->sk_dst_lock 834 * gets used from softirqs, which is safe for 835 * __icmpv6_sk (because those never get directly used 836 * via userspace syscalls), but unsafe for normal sockets. 837 */ 838 lockdep_set_class(&sk->sk_dst_lock, 839 &icmpv6_socket_sk_dst_lock_key); 840 841 /* Enough space for 2 64K ICMP packets, including 842 * sk_buff struct overhead. 843 */ 844 sk->sk_sndbuf = 845 (2 * ((64 * 1024) + sizeof(struct sk_buff))); 846 } 847 return 0; 848 849 fail: 850 for (j = 0; j < i; j++) 851 inet_ctl_sock_destroy(net->ipv6.icmp_sk[j]); 852 kfree(net->ipv6.icmp_sk); 853 return err; 854 } 855 856 static void __net_exit icmpv6_sk_exit(struct net *net) 857 { 858 int i; 859 860 for_each_possible_cpu(i) { 861 inet_ctl_sock_destroy(net->ipv6.icmp_sk[i]); 862 } 863 kfree(net->ipv6.icmp_sk); 864 } 865 866 static struct pernet_operations icmpv6_sk_ops = { 867 .init = icmpv6_sk_init, 868 .exit = icmpv6_sk_exit, 869 }; 870 871 int __init icmpv6_init(void) 872 { 873 int err; 874 875 err = register_pernet_subsys(&icmpv6_sk_ops); 876 if (err < 0) 877 return err; 878 879 err = -EAGAIN; 880 if (inet6_add_protocol(&icmpv6_protocol, IPPROTO_ICMPV6) < 0) 881 goto fail; 882 return 0; 883 884 fail: 885 printk(KERN_ERR "Failed to register ICMP6 protocol\n"); 886 unregister_pernet_subsys(&icmpv6_sk_ops); 887 return err; 888 } 889 890 void icmpv6_cleanup(void) 891 { 892 unregister_pernet_subsys(&icmpv6_sk_ops); 893 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6); 894 } 895 896 897 static const struct icmp6_err { 898 int err; 899 int fatal; 900 } tab_unreach[] = { 901 { /* NOROUTE */ 902 .err = ENETUNREACH, 903 .fatal = 0, 904 }, 905 { /* ADM_PROHIBITED */ 906 .err = EACCES, 907 .fatal = 1, 908 }, 909 { /* Was NOT_NEIGHBOUR, now reserved */ 910 .err = EHOSTUNREACH, 911 .fatal = 0, 912 }, 913 { /* ADDR_UNREACH */ 914 .err = EHOSTUNREACH, 915 .fatal = 0, 916 }, 917 { /* PORT_UNREACH */ 918 .err = ECONNREFUSED, 919 .fatal = 1, 920 }, 921 }; 922 923 int icmpv6_err_convert(u8 type, u8 code, int *err) 924 { 925 int fatal = 0; 926 927 *err = EPROTO; 928 929 switch (type) { 930 case ICMPV6_DEST_UNREACH: 931 fatal = 1; 932 if (code <= ICMPV6_PORT_UNREACH) { 933 *err = tab_unreach[code].err; 934 fatal = tab_unreach[code].fatal; 935 } 936 break; 937 938 case ICMPV6_PKT_TOOBIG: 939 *err = EMSGSIZE; 940 break; 941 942 case ICMPV6_PARAMPROB: 943 *err = EPROTO; 944 fatal = 1; 945 break; 946 947 case ICMPV6_TIME_EXCEED: 948 *err = EHOSTUNREACH; 949 break; 950 } 951 952 return fatal; 953 } 954 955 EXPORT_SYMBOL(icmpv6_err_convert); 956 957 #ifdef CONFIG_SYSCTL 958 ctl_table ipv6_icmp_table_template[] = { 959 { 960 .procname = "ratelimit", 961 .data = &init_net.ipv6.sysctl.icmpv6_time, 962 .maxlen = sizeof(int), 963 .mode = 0644, 964 .proc_handler = proc_dointvec_ms_jiffies, 965 }, 966 { }, 967 }; 968 969 struct ctl_table * __net_init ipv6_icmp_sysctl_init(struct net *net) 970 { 971 struct ctl_table *table; 972 973 table = kmemdup(ipv6_icmp_table_template, 974 sizeof(ipv6_icmp_table_template), 975 GFP_KERNEL); 976 977 if (table) 978 table[0].data = &net->ipv6.sysctl.icmpv6_time; 979 980 return table; 981 } 982 #endif 983 984