1 /* 2 * Internet Control Message Protocol (ICMPv6) 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * 8 * Based on net/ipv4/icmp.c 9 * 10 * RFC 1885 11 * 12 * This program is free software; you can redistribute it and/or 13 * modify it under the terms of the GNU General Public License 14 * as published by the Free Software Foundation; either version 15 * 2 of the License, or (at your option) any later version. 16 */ 17 18 /* 19 * Changes: 20 * 21 * Andi Kleen : exception handling 22 * Andi Kleen add rate limits. never reply to a icmp. 23 * add more length checks and other fixes. 24 * yoshfuji : ensure to sent parameter problem for 25 * fragments. 26 * YOSHIFUJI Hideaki @USAGI: added sysctl for icmp rate limit. 27 * Randy Dunlap and 28 * YOSHIFUJI Hideaki @USAGI: Per-interface statistics support 29 * Kazunori MIYAZAWA @USAGI: change output process to use ip6_append_data 30 */ 31 32 #define pr_fmt(fmt) "IPv6: " fmt 33 34 #include <linux/module.h> 35 #include <linux/errno.h> 36 #include <linux/types.h> 37 #include <linux/socket.h> 38 #include <linux/in.h> 39 #include <linux/kernel.h> 40 #include <linux/sockios.h> 41 #include <linux/net.h> 42 #include <linux/skbuff.h> 43 #include <linux/init.h> 44 #include <linux/netfilter.h> 45 #include <linux/slab.h> 46 47 #ifdef CONFIG_SYSCTL 48 #include <linux/sysctl.h> 49 #endif 50 51 #include <linux/inet.h> 52 #include <linux/netdevice.h> 53 #include <linux/icmpv6.h> 54 55 #include <net/ip.h> 56 #include <net/sock.h> 57 58 #include <net/ipv6.h> 59 #include <net/ip6_checksum.h> 60 #include <net/ping.h> 61 #include <net/protocol.h> 62 #include <net/raw.h> 63 #include <net/rawv6.h> 64 #include <net/transp_v6.h> 65 #include <net/ip6_route.h> 66 #include <net/addrconf.h> 67 #include <net/icmp.h> 68 #include <net/xfrm.h> 69 #include <net/inet_common.h> 70 #include <net/dsfield.h> 71 #include <net/l3mdev.h> 72 73 #include <linux/uaccess.h> 74 75 /* 76 * The ICMP socket(s). This is the most convenient way to flow control 77 * our ICMP output as well as maintain a clean interface throughout 78 * all layers. All Socketless IP sends will soon be gone. 79 * 80 * On SMP we have one ICMP socket per-cpu. 81 */ 82 static inline struct sock *icmpv6_sk(struct net *net) 83 { 84 return net->ipv6.icmp_sk[smp_processor_id()]; 85 } 86 87 static void icmpv6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, 88 u8 type, u8 code, int offset, __be32 info) 89 { 90 /* icmpv6_notify checks 8 bytes can be pulled, icmp6hdr is 8 bytes */ 91 struct icmp6hdr *icmp6 = (struct icmp6hdr *) (skb->data + offset); 92 struct net *net = dev_net(skb->dev); 93 94 if (type == ICMPV6_PKT_TOOBIG) 95 ip6_update_pmtu(skb, net, info, 0, 0, sock_net_uid(net, NULL)); 96 else if (type == NDISC_REDIRECT) 97 ip6_redirect(skb, net, skb->dev->ifindex, 0, 98 sock_net_uid(net, NULL)); 99 100 if (!(type & ICMPV6_INFOMSG_MASK)) 101 if (icmp6->icmp6_type == ICMPV6_ECHO_REQUEST) 102 ping_err(skb, offset, ntohl(info)); 103 } 104 105 static int icmpv6_rcv(struct sk_buff *skb); 106 107 static const struct inet6_protocol icmpv6_protocol = { 108 .handler = icmpv6_rcv, 109 .err_handler = icmpv6_err, 110 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL, 111 }; 112 113 /* Called with BH disabled */ 114 static __inline__ struct sock *icmpv6_xmit_lock(struct net *net) 115 { 116 struct sock *sk; 117 118 sk = icmpv6_sk(net); 119 if (unlikely(!spin_trylock(&sk->sk_lock.slock))) { 120 /* This can happen if the output path (f.e. SIT or 121 * ip6ip6 tunnel) signals dst_link_failure() for an 122 * outgoing ICMP6 packet. 123 */ 124 return NULL; 125 } 126 return sk; 127 } 128 129 static __inline__ void icmpv6_xmit_unlock(struct sock *sk) 130 { 131 spin_unlock(&sk->sk_lock.slock); 132 } 133 134 /* 135 * Figure out, may we reply to this packet with icmp error. 136 * 137 * We do not reply, if: 138 * - it was icmp error message. 139 * - it is truncated, so that it is known, that protocol is ICMPV6 140 * (i.e. in the middle of some exthdr) 141 * 142 * --ANK (980726) 143 */ 144 145 static bool is_ineligible(const struct sk_buff *skb) 146 { 147 int ptr = (u8 *)(ipv6_hdr(skb) + 1) - skb->data; 148 int len = skb->len - ptr; 149 __u8 nexthdr = ipv6_hdr(skb)->nexthdr; 150 __be16 frag_off; 151 152 if (len < 0) 153 return true; 154 155 ptr = ipv6_skip_exthdr(skb, ptr, &nexthdr, &frag_off); 156 if (ptr < 0) 157 return false; 158 if (nexthdr == IPPROTO_ICMPV6) { 159 u8 _type, *tp; 160 tp = skb_header_pointer(skb, 161 ptr+offsetof(struct icmp6hdr, icmp6_type), 162 sizeof(_type), &_type); 163 if (!tp || !(*tp & ICMPV6_INFOMSG_MASK)) 164 return true; 165 } 166 return false; 167 } 168 169 static bool icmpv6_mask_allow(int type) 170 { 171 /* Informational messages are not limited. */ 172 if (type & ICMPV6_INFOMSG_MASK) 173 return true; 174 175 /* Do not limit pmtu discovery, it would break it. */ 176 if (type == ICMPV6_PKT_TOOBIG) 177 return true; 178 179 return false; 180 } 181 182 static bool icmpv6_global_allow(int type) 183 { 184 if (icmpv6_mask_allow(type)) 185 return true; 186 187 if (icmp_global_allow()) 188 return true; 189 190 return false; 191 } 192 193 /* 194 * Check the ICMP output rate limit 195 */ 196 static bool icmpv6_xrlim_allow(struct sock *sk, u8 type, 197 struct flowi6 *fl6) 198 { 199 struct net *net = sock_net(sk); 200 struct dst_entry *dst; 201 bool res = false; 202 203 if (icmpv6_mask_allow(type)) 204 return true; 205 206 /* 207 * Look up the output route. 208 * XXX: perhaps the expire for routing entries cloned by 209 * this lookup should be more aggressive (not longer than timeout). 210 */ 211 dst = ip6_route_output(net, sk, fl6); 212 if (dst->error) { 213 IP6_INC_STATS(net, ip6_dst_idev(dst), 214 IPSTATS_MIB_OUTNOROUTES); 215 } else if (dst->dev && (dst->dev->flags&IFF_LOOPBACK)) { 216 res = true; 217 } else { 218 struct rt6_info *rt = (struct rt6_info *)dst; 219 int tmo = net->ipv6.sysctl.icmpv6_time; 220 struct inet_peer *peer; 221 222 /* Give more bandwidth to wider prefixes. */ 223 if (rt->rt6i_dst.plen < 128) 224 tmo >>= ((128 - rt->rt6i_dst.plen)>>5); 225 226 peer = inet_getpeer_v6(net->ipv6.peers, &fl6->daddr, 1); 227 res = inet_peer_xrlim_allow(peer, tmo); 228 if (peer) 229 inet_putpeer(peer); 230 } 231 dst_release(dst); 232 return res; 233 } 234 235 /* 236 * an inline helper for the "simple" if statement below 237 * checks if parameter problem report is caused by an 238 * unrecognized IPv6 option that has the Option Type 239 * highest-order two bits set to 10 240 */ 241 242 static bool opt_unrec(struct sk_buff *skb, __u32 offset) 243 { 244 u8 _optval, *op; 245 246 offset += skb_network_offset(skb); 247 op = skb_header_pointer(skb, offset, sizeof(_optval), &_optval); 248 if (!op) 249 return true; 250 return (*op & 0xC0) == 0x80; 251 } 252 253 int icmpv6_push_pending_frames(struct sock *sk, struct flowi6 *fl6, 254 struct icmp6hdr *thdr, int len) 255 { 256 struct sk_buff *skb; 257 struct icmp6hdr *icmp6h; 258 int err = 0; 259 260 skb = skb_peek(&sk->sk_write_queue); 261 if (!skb) 262 goto out; 263 264 icmp6h = icmp6_hdr(skb); 265 memcpy(icmp6h, thdr, sizeof(struct icmp6hdr)); 266 icmp6h->icmp6_cksum = 0; 267 268 if (skb_queue_len(&sk->sk_write_queue) == 1) { 269 skb->csum = csum_partial(icmp6h, 270 sizeof(struct icmp6hdr), skb->csum); 271 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr, 272 &fl6->daddr, 273 len, fl6->flowi6_proto, 274 skb->csum); 275 } else { 276 __wsum tmp_csum = 0; 277 278 skb_queue_walk(&sk->sk_write_queue, skb) { 279 tmp_csum = csum_add(tmp_csum, skb->csum); 280 } 281 282 tmp_csum = csum_partial(icmp6h, 283 sizeof(struct icmp6hdr), tmp_csum); 284 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr, 285 &fl6->daddr, 286 len, fl6->flowi6_proto, 287 tmp_csum); 288 } 289 ip6_push_pending_frames(sk); 290 out: 291 return err; 292 } 293 294 struct icmpv6_msg { 295 struct sk_buff *skb; 296 int offset; 297 uint8_t type; 298 }; 299 300 static int icmpv6_getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb) 301 { 302 struct icmpv6_msg *msg = (struct icmpv6_msg *) from; 303 struct sk_buff *org_skb = msg->skb; 304 __wsum csum = 0; 305 306 csum = skb_copy_and_csum_bits(org_skb, msg->offset + offset, 307 to, len, csum); 308 skb->csum = csum_block_add(skb->csum, csum, odd); 309 if (!(msg->type & ICMPV6_INFOMSG_MASK)) 310 nf_ct_attach(skb, org_skb); 311 return 0; 312 } 313 314 #if IS_ENABLED(CONFIG_IPV6_MIP6) 315 static void mip6_addr_swap(struct sk_buff *skb) 316 { 317 struct ipv6hdr *iph = ipv6_hdr(skb); 318 struct inet6_skb_parm *opt = IP6CB(skb); 319 struct ipv6_destopt_hao *hao; 320 struct in6_addr tmp; 321 int off; 322 323 if (opt->dsthao) { 324 off = ipv6_find_tlv(skb, opt->dsthao, IPV6_TLV_HAO); 325 if (likely(off >= 0)) { 326 hao = (struct ipv6_destopt_hao *) 327 (skb_network_header(skb) + off); 328 tmp = iph->saddr; 329 iph->saddr = hao->addr; 330 hao->addr = tmp; 331 } 332 } 333 } 334 #else 335 static inline void mip6_addr_swap(struct sk_buff *skb) {} 336 #endif 337 338 static struct dst_entry *icmpv6_route_lookup(struct net *net, 339 struct sk_buff *skb, 340 struct sock *sk, 341 struct flowi6 *fl6) 342 { 343 struct dst_entry *dst, *dst2; 344 struct flowi6 fl2; 345 int err; 346 347 err = ip6_dst_lookup(net, sk, &dst, fl6); 348 if (err) 349 return ERR_PTR(err); 350 351 /* 352 * We won't send icmp if the destination is known 353 * anycast. 354 */ 355 if (ipv6_anycast_destination(dst, &fl6->daddr)) { 356 net_dbg_ratelimited("icmp6_send: acast source\n"); 357 dst_release(dst); 358 return ERR_PTR(-EINVAL); 359 } 360 361 /* No need to clone since we're just using its address. */ 362 dst2 = dst; 363 364 dst = xfrm_lookup(net, dst, flowi6_to_flowi(fl6), sk, 0); 365 if (!IS_ERR(dst)) { 366 if (dst != dst2) 367 return dst; 368 } else { 369 if (PTR_ERR(dst) == -EPERM) 370 dst = NULL; 371 else 372 return dst; 373 } 374 375 err = xfrm_decode_session_reverse(skb, flowi6_to_flowi(&fl2), AF_INET6); 376 if (err) 377 goto relookup_failed; 378 379 err = ip6_dst_lookup(net, sk, &dst2, &fl2); 380 if (err) 381 goto relookup_failed; 382 383 dst2 = xfrm_lookup(net, dst2, flowi6_to_flowi(&fl2), sk, XFRM_LOOKUP_ICMP); 384 if (!IS_ERR(dst2)) { 385 dst_release(dst); 386 dst = dst2; 387 } else { 388 err = PTR_ERR(dst2); 389 if (err == -EPERM) { 390 dst_release(dst); 391 return dst2; 392 } else 393 goto relookup_failed; 394 } 395 396 relookup_failed: 397 if (dst) 398 return dst; 399 return ERR_PTR(err); 400 } 401 402 /* 403 * Send an ICMP message in response to a packet in error 404 */ 405 static void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info, 406 const struct in6_addr *force_saddr) 407 { 408 struct net *net = dev_net(skb->dev); 409 struct inet6_dev *idev = NULL; 410 struct ipv6hdr *hdr = ipv6_hdr(skb); 411 struct sock *sk; 412 struct ipv6_pinfo *np; 413 const struct in6_addr *saddr = NULL; 414 struct dst_entry *dst; 415 struct icmp6hdr tmp_hdr; 416 struct flowi6 fl6; 417 struct icmpv6_msg msg; 418 struct sockcm_cookie sockc_unused = {0}; 419 struct ipcm6_cookie ipc6; 420 int iif = 0; 421 int addr_type = 0; 422 int len; 423 int err = 0; 424 u32 mark = IP6_REPLY_MARK(net, skb->mark); 425 426 if ((u8 *)hdr < skb->head || 427 (skb_network_header(skb) + sizeof(*hdr)) > skb_tail_pointer(skb)) 428 return; 429 430 /* 431 * Make sure we respect the rules 432 * i.e. RFC 1885 2.4(e) 433 * Rule (e.1) is enforced by not using icmp6_send 434 * in any code that processes icmp errors. 435 */ 436 addr_type = ipv6_addr_type(&hdr->daddr); 437 438 if (ipv6_chk_addr(net, &hdr->daddr, skb->dev, 0) || 439 ipv6_chk_acast_addr_src(net, skb->dev, &hdr->daddr)) 440 saddr = &hdr->daddr; 441 442 /* 443 * Dest addr check 444 */ 445 446 if (addr_type & IPV6_ADDR_MULTICAST || skb->pkt_type != PACKET_HOST) { 447 if (type != ICMPV6_PKT_TOOBIG && 448 !(type == ICMPV6_PARAMPROB && 449 code == ICMPV6_UNK_OPTION && 450 (opt_unrec(skb, info)))) 451 return; 452 453 saddr = NULL; 454 } 455 456 addr_type = ipv6_addr_type(&hdr->saddr); 457 458 /* 459 * Source addr check 460 */ 461 462 if (__ipv6_addr_needs_scope_id(addr_type)) 463 iif = skb->dev->ifindex; 464 else { 465 dst = skb_dst(skb); 466 iif = l3mdev_master_ifindex(dst ? dst->dev : skb->dev); 467 } 468 469 /* 470 * Must not send error if the source does not uniquely 471 * identify a single node (RFC2463 Section 2.4). 472 * We check unspecified / multicast addresses here, 473 * and anycast addresses will be checked later. 474 */ 475 if ((addr_type == IPV6_ADDR_ANY) || (addr_type & IPV6_ADDR_MULTICAST)) { 476 net_dbg_ratelimited("icmp6_send: addr_any/mcast source [%pI6c > %pI6c]\n", 477 &hdr->saddr, &hdr->daddr); 478 return; 479 } 480 481 /* 482 * Never answer to a ICMP packet. 483 */ 484 if (is_ineligible(skb)) { 485 net_dbg_ratelimited("icmp6_send: no reply to icmp error [%pI6c > %pI6c]\n", 486 &hdr->saddr, &hdr->daddr); 487 return; 488 } 489 490 /* Needed by both icmp_global_allow and icmpv6_xmit_lock */ 491 local_bh_disable(); 492 493 /* Check global sysctl_icmp_msgs_per_sec ratelimit */ 494 if (!icmpv6_global_allow(type)) 495 goto out_bh_enable; 496 497 mip6_addr_swap(skb); 498 499 memset(&fl6, 0, sizeof(fl6)); 500 fl6.flowi6_proto = IPPROTO_ICMPV6; 501 fl6.daddr = hdr->saddr; 502 if (force_saddr) 503 saddr = force_saddr; 504 if (saddr) 505 fl6.saddr = *saddr; 506 fl6.flowi6_mark = mark; 507 fl6.flowi6_oif = iif; 508 fl6.fl6_icmp_type = type; 509 fl6.fl6_icmp_code = code; 510 fl6.flowi6_uid = sock_net_uid(net, NULL); 511 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6)); 512 513 sk = icmpv6_xmit_lock(net); 514 if (!sk) 515 goto out_bh_enable; 516 517 sk->sk_mark = mark; 518 np = inet6_sk(sk); 519 520 if (!icmpv6_xrlim_allow(sk, type, &fl6)) 521 goto out; 522 523 tmp_hdr.icmp6_type = type; 524 tmp_hdr.icmp6_code = code; 525 tmp_hdr.icmp6_cksum = 0; 526 tmp_hdr.icmp6_pointer = htonl(info); 527 528 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr)) 529 fl6.flowi6_oif = np->mcast_oif; 530 else if (!fl6.flowi6_oif) 531 fl6.flowi6_oif = np->ucast_oif; 532 533 ipc6.tclass = np->tclass; 534 fl6.flowlabel = ip6_make_flowinfo(ipc6.tclass, fl6.flowlabel); 535 536 dst = icmpv6_route_lookup(net, skb, sk, &fl6); 537 if (IS_ERR(dst)) 538 goto out; 539 540 ipc6.hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst); 541 ipc6.dontfrag = np->dontfrag; 542 ipc6.opt = NULL; 543 544 msg.skb = skb; 545 msg.offset = skb_network_offset(skb); 546 msg.type = type; 547 548 len = skb->len - msg.offset; 549 len = min_t(unsigned int, len, IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(struct icmp6hdr)); 550 if (len < 0) { 551 net_dbg_ratelimited("icmp: len problem [%pI6c > %pI6c]\n", 552 &hdr->saddr, &hdr->daddr); 553 goto out_dst_release; 554 } 555 556 rcu_read_lock(); 557 idev = __in6_dev_get(skb->dev); 558 559 err = ip6_append_data(sk, icmpv6_getfrag, &msg, 560 len + sizeof(struct icmp6hdr), 561 sizeof(struct icmp6hdr), 562 &ipc6, &fl6, (struct rt6_info *)dst, 563 MSG_DONTWAIT, &sockc_unused); 564 if (err) { 565 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTERRORS); 566 ip6_flush_pending_frames(sk); 567 } else { 568 err = icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr, 569 len + sizeof(struct icmp6hdr)); 570 } 571 rcu_read_unlock(); 572 out_dst_release: 573 dst_release(dst); 574 out: 575 icmpv6_xmit_unlock(sk); 576 out_bh_enable: 577 local_bh_enable(); 578 } 579 580 /* Slightly more convenient version of icmp6_send. 581 */ 582 void icmpv6_param_prob(struct sk_buff *skb, u8 code, int pos) 583 { 584 icmp6_send(skb, ICMPV6_PARAMPROB, code, pos, NULL); 585 kfree_skb(skb); 586 } 587 588 /* Generate icmpv6 with type/code ICMPV6_DEST_UNREACH/ICMPV6_ADDR_UNREACH 589 * if sufficient data bytes are available 590 * @nhs is the size of the tunnel header(s) : 591 * Either an IPv4 header for SIT encap 592 * an IPv4 header + GRE header for GRE encap 593 */ 594 int ip6_err_gen_icmpv6_unreach(struct sk_buff *skb, int nhs, int type, 595 unsigned int data_len) 596 { 597 struct in6_addr temp_saddr; 598 struct rt6_info *rt; 599 struct sk_buff *skb2; 600 u32 info = 0; 601 602 if (!pskb_may_pull(skb, nhs + sizeof(struct ipv6hdr) + 8)) 603 return 1; 604 605 /* RFC 4884 (partial) support for ICMP extensions */ 606 if (data_len < 128 || (data_len & 7) || skb->len < data_len) 607 data_len = 0; 608 609 skb2 = data_len ? skb_copy(skb, GFP_ATOMIC) : skb_clone(skb, GFP_ATOMIC); 610 611 if (!skb2) 612 return 1; 613 614 skb_dst_drop(skb2); 615 skb_pull(skb2, nhs); 616 skb_reset_network_header(skb2); 617 618 rt = rt6_lookup(dev_net(skb->dev), &ipv6_hdr(skb2)->saddr, NULL, 0, 0); 619 620 if (rt && rt->dst.dev) 621 skb2->dev = rt->dst.dev; 622 623 ipv6_addr_set_v4mapped(ip_hdr(skb)->saddr, &temp_saddr); 624 625 if (data_len) { 626 /* RFC 4884 (partial) support : 627 * insert 0 padding at the end, before the extensions 628 */ 629 __skb_push(skb2, nhs); 630 skb_reset_network_header(skb2); 631 memmove(skb2->data, skb2->data + nhs, data_len - nhs); 632 memset(skb2->data + data_len - nhs, 0, nhs); 633 /* RFC 4884 4.5 : Length is measured in 64-bit words, 634 * and stored in reserved[0] 635 */ 636 info = (data_len/8) << 24; 637 } 638 if (type == ICMP_TIME_EXCEEDED) 639 icmp6_send(skb2, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT, 640 info, &temp_saddr); 641 else 642 icmp6_send(skb2, ICMPV6_DEST_UNREACH, ICMPV6_ADDR_UNREACH, 643 info, &temp_saddr); 644 if (rt) 645 ip6_rt_put(rt); 646 647 kfree_skb(skb2); 648 649 return 0; 650 } 651 EXPORT_SYMBOL(ip6_err_gen_icmpv6_unreach); 652 653 static void icmpv6_echo_reply(struct sk_buff *skb) 654 { 655 struct net *net = dev_net(skb->dev); 656 struct sock *sk; 657 struct inet6_dev *idev; 658 struct ipv6_pinfo *np; 659 const struct in6_addr *saddr = NULL; 660 struct icmp6hdr *icmph = icmp6_hdr(skb); 661 struct icmp6hdr tmp_hdr; 662 struct flowi6 fl6; 663 struct icmpv6_msg msg; 664 struct dst_entry *dst; 665 struct ipcm6_cookie ipc6; 666 int err = 0; 667 u32 mark = IP6_REPLY_MARK(net, skb->mark); 668 struct sockcm_cookie sockc_unused = {0}; 669 670 saddr = &ipv6_hdr(skb)->daddr; 671 672 if (!ipv6_unicast_destination(skb) && 673 !(net->ipv6.sysctl.anycast_src_echo_reply && 674 ipv6_anycast_destination(skb_dst(skb), saddr))) 675 saddr = NULL; 676 677 memcpy(&tmp_hdr, icmph, sizeof(tmp_hdr)); 678 tmp_hdr.icmp6_type = ICMPV6_ECHO_REPLY; 679 680 memset(&fl6, 0, sizeof(fl6)); 681 fl6.flowi6_proto = IPPROTO_ICMPV6; 682 fl6.daddr = ipv6_hdr(skb)->saddr; 683 if (saddr) 684 fl6.saddr = *saddr; 685 fl6.flowi6_oif = skb->dev->ifindex; 686 fl6.fl6_icmp_type = ICMPV6_ECHO_REPLY; 687 fl6.flowi6_mark = mark; 688 fl6.flowi6_uid = sock_net_uid(net, NULL); 689 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6)); 690 691 local_bh_disable(); 692 sk = icmpv6_xmit_lock(net); 693 if (!sk) 694 goto out_bh_enable; 695 sk->sk_mark = mark; 696 np = inet6_sk(sk); 697 698 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr)) 699 fl6.flowi6_oif = np->mcast_oif; 700 else if (!fl6.flowi6_oif) 701 fl6.flowi6_oif = np->ucast_oif; 702 703 err = ip6_dst_lookup(net, sk, &dst, &fl6); 704 if (err) 705 goto out; 706 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), sk, 0); 707 if (IS_ERR(dst)) 708 goto out; 709 710 idev = __in6_dev_get(skb->dev); 711 712 msg.skb = skb; 713 msg.offset = 0; 714 msg.type = ICMPV6_ECHO_REPLY; 715 716 ipc6.hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst); 717 ipc6.tclass = ipv6_get_dsfield(ipv6_hdr(skb)); 718 ipc6.dontfrag = np->dontfrag; 719 ipc6.opt = NULL; 720 721 err = ip6_append_data(sk, icmpv6_getfrag, &msg, skb->len + sizeof(struct icmp6hdr), 722 sizeof(struct icmp6hdr), &ipc6, &fl6, 723 (struct rt6_info *)dst, MSG_DONTWAIT, 724 &sockc_unused); 725 726 if (err) { 727 __ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTERRORS); 728 ip6_flush_pending_frames(sk); 729 } else { 730 err = icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr, 731 skb->len + sizeof(struct icmp6hdr)); 732 } 733 dst_release(dst); 734 out: 735 icmpv6_xmit_unlock(sk); 736 out_bh_enable: 737 local_bh_enable(); 738 } 739 740 void icmpv6_notify(struct sk_buff *skb, u8 type, u8 code, __be32 info) 741 { 742 const struct inet6_protocol *ipprot; 743 int inner_offset; 744 __be16 frag_off; 745 u8 nexthdr; 746 struct net *net = dev_net(skb->dev); 747 748 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) 749 goto out; 750 751 nexthdr = ((struct ipv6hdr *)skb->data)->nexthdr; 752 if (ipv6_ext_hdr(nexthdr)) { 753 /* now skip over extension headers */ 754 inner_offset = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), 755 &nexthdr, &frag_off); 756 if (inner_offset < 0) 757 goto out; 758 } else { 759 inner_offset = sizeof(struct ipv6hdr); 760 } 761 762 /* Checkin header including 8 bytes of inner protocol header. */ 763 if (!pskb_may_pull(skb, inner_offset+8)) 764 goto out; 765 766 /* BUGGG_FUTURE: we should try to parse exthdrs in this packet. 767 Without this we will not able f.e. to make source routed 768 pmtu discovery. 769 Corresponding argument (opt) to notifiers is already added. 770 --ANK (980726) 771 */ 772 773 ipprot = rcu_dereference(inet6_protos[nexthdr]); 774 if (ipprot && ipprot->err_handler) 775 ipprot->err_handler(skb, NULL, type, code, inner_offset, info); 776 777 raw6_icmp_error(skb, nexthdr, type, code, inner_offset, info); 778 return; 779 780 out: 781 __ICMP6_INC_STATS(net, __in6_dev_get(skb->dev), ICMP6_MIB_INERRORS); 782 } 783 784 /* 785 * Handle icmp messages 786 */ 787 788 static int icmpv6_rcv(struct sk_buff *skb) 789 { 790 struct net_device *dev = skb->dev; 791 struct inet6_dev *idev = __in6_dev_get(dev); 792 const struct in6_addr *saddr, *daddr; 793 struct icmp6hdr *hdr; 794 u8 type; 795 bool success = false; 796 797 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) { 798 struct sec_path *sp = skb_sec_path(skb); 799 int nh; 800 801 if (!(sp && sp->xvec[sp->len - 1]->props.flags & 802 XFRM_STATE_ICMP)) 803 goto drop_no_count; 804 805 if (!pskb_may_pull(skb, sizeof(*hdr) + sizeof(struct ipv6hdr))) 806 goto drop_no_count; 807 808 nh = skb_network_offset(skb); 809 skb_set_network_header(skb, sizeof(*hdr)); 810 811 if (!xfrm6_policy_check_reverse(NULL, XFRM_POLICY_IN, skb)) 812 goto drop_no_count; 813 814 skb_set_network_header(skb, nh); 815 } 816 817 __ICMP6_INC_STATS(dev_net(dev), idev, ICMP6_MIB_INMSGS); 818 819 saddr = &ipv6_hdr(skb)->saddr; 820 daddr = &ipv6_hdr(skb)->daddr; 821 822 if (skb_checksum_validate(skb, IPPROTO_ICMPV6, ip6_compute_pseudo)) { 823 net_dbg_ratelimited("ICMPv6 checksum failed [%pI6c > %pI6c]\n", 824 saddr, daddr); 825 goto csum_error; 826 } 827 828 if (!pskb_pull(skb, sizeof(*hdr))) 829 goto discard_it; 830 831 hdr = icmp6_hdr(skb); 832 833 type = hdr->icmp6_type; 834 835 ICMP6MSGIN_INC_STATS(dev_net(dev), idev, type); 836 837 switch (type) { 838 case ICMPV6_ECHO_REQUEST: 839 icmpv6_echo_reply(skb); 840 break; 841 842 case ICMPV6_ECHO_REPLY: 843 success = ping_rcv(skb); 844 break; 845 846 case ICMPV6_PKT_TOOBIG: 847 /* BUGGG_FUTURE: if packet contains rthdr, we cannot update 848 standard destination cache. Seems, only "advanced" 849 destination cache will allow to solve this problem 850 --ANK (980726) 851 */ 852 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) 853 goto discard_it; 854 hdr = icmp6_hdr(skb); 855 856 /* 857 * Drop through to notify 858 */ 859 860 case ICMPV6_DEST_UNREACH: 861 case ICMPV6_TIME_EXCEED: 862 case ICMPV6_PARAMPROB: 863 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu); 864 break; 865 866 case NDISC_ROUTER_SOLICITATION: 867 case NDISC_ROUTER_ADVERTISEMENT: 868 case NDISC_NEIGHBOUR_SOLICITATION: 869 case NDISC_NEIGHBOUR_ADVERTISEMENT: 870 case NDISC_REDIRECT: 871 ndisc_rcv(skb); 872 break; 873 874 case ICMPV6_MGM_QUERY: 875 igmp6_event_query(skb); 876 break; 877 878 case ICMPV6_MGM_REPORT: 879 igmp6_event_report(skb); 880 break; 881 882 case ICMPV6_MGM_REDUCTION: 883 case ICMPV6_NI_QUERY: 884 case ICMPV6_NI_REPLY: 885 case ICMPV6_MLD2_REPORT: 886 case ICMPV6_DHAAD_REQUEST: 887 case ICMPV6_DHAAD_REPLY: 888 case ICMPV6_MOBILE_PREFIX_SOL: 889 case ICMPV6_MOBILE_PREFIX_ADV: 890 break; 891 892 default: 893 /* informational */ 894 if (type & ICMPV6_INFOMSG_MASK) 895 break; 896 897 net_dbg_ratelimited("icmpv6: msg of unknown type [%pI6c > %pI6c]\n", 898 saddr, daddr); 899 900 /* 901 * error of unknown type. 902 * must pass to upper level 903 */ 904 905 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu); 906 } 907 908 /* until the v6 path can be better sorted assume failure and 909 * preserve the status quo behaviour for the rest of the paths to here 910 */ 911 if (success) 912 consume_skb(skb); 913 else 914 kfree_skb(skb); 915 916 return 0; 917 918 csum_error: 919 __ICMP6_INC_STATS(dev_net(dev), idev, ICMP6_MIB_CSUMERRORS); 920 discard_it: 921 __ICMP6_INC_STATS(dev_net(dev), idev, ICMP6_MIB_INERRORS); 922 drop_no_count: 923 kfree_skb(skb); 924 return 0; 925 } 926 927 void icmpv6_flow_init(struct sock *sk, struct flowi6 *fl6, 928 u8 type, 929 const struct in6_addr *saddr, 930 const struct in6_addr *daddr, 931 int oif) 932 { 933 memset(fl6, 0, sizeof(*fl6)); 934 fl6->saddr = *saddr; 935 fl6->daddr = *daddr; 936 fl6->flowi6_proto = IPPROTO_ICMPV6; 937 fl6->fl6_icmp_type = type; 938 fl6->fl6_icmp_code = 0; 939 fl6->flowi6_oif = oif; 940 security_sk_classify_flow(sk, flowi6_to_flowi(fl6)); 941 } 942 943 static int __net_init icmpv6_sk_init(struct net *net) 944 { 945 struct sock *sk; 946 int err, i, j; 947 948 net->ipv6.icmp_sk = 949 kzalloc(nr_cpu_ids * sizeof(struct sock *), GFP_KERNEL); 950 if (!net->ipv6.icmp_sk) 951 return -ENOMEM; 952 953 for_each_possible_cpu(i) { 954 err = inet_ctl_sock_create(&sk, PF_INET6, 955 SOCK_RAW, IPPROTO_ICMPV6, net); 956 if (err < 0) { 957 pr_err("Failed to initialize the ICMP6 control socket (err %d)\n", 958 err); 959 goto fail; 960 } 961 962 net->ipv6.icmp_sk[i] = sk; 963 964 /* Enough space for 2 64K ICMP packets, including 965 * sk_buff struct overhead. 966 */ 967 sk->sk_sndbuf = 2 * SKB_TRUESIZE(64 * 1024); 968 } 969 return 0; 970 971 fail: 972 for (j = 0; j < i; j++) 973 inet_ctl_sock_destroy(net->ipv6.icmp_sk[j]); 974 kfree(net->ipv6.icmp_sk); 975 return err; 976 } 977 978 static void __net_exit icmpv6_sk_exit(struct net *net) 979 { 980 int i; 981 982 for_each_possible_cpu(i) { 983 inet_ctl_sock_destroy(net->ipv6.icmp_sk[i]); 984 } 985 kfree(net->ipv6.icmp_sk); 986 } 987 988 static struct pernet_operations icmpv6_sk_ops = { 989 .init = icmpv6_sk_init, 990 .exit = icmpv6_sk_exit, 991 }; 992 993 int __init icmpv6_init(void) 994 { 995 int err; 996 997 err = register_pernet_subsys(&icmpv6_sk_ops); 998 if (err < 0) 999 return err; 1000 1001 err = -EAGAIN; 1002 if (inet6_add_protocol(&icmpv6_protocol, IPPROTO_ICMPV6) < 0) 1003 goto fail; 1004 1005 err = inet6_register_icmp_sender(icmp6_send); 1006 if (err) 1007 goto sender_reg_err; 1008 return 0; 1009 1010 sender_reg_err: 1011 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6); 1012 fail: 1013 pr_err("Failed to register ICMP6 protocol\n"); 1014 unregister_pernet_subsys(&icmpv6_sk_ops); 1015 return err; 1016 } 1017 1018 void icmpv6_cleanup(void) 1019 { 1020 inet6_unregister_icmp_sender(icmp6_send); 1021 unregister_pernet_subsys(&icmpv6_sk_ops); 1022 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6); 1023 } 1024 1025 1026 static const struct icmp6_err { 1027 int err; 1028 int fatal; 1029 } tab_unreach[] = { 1030 { /* NOROUTE */ 1031 .err = ENETUNREACH, 1032 .fatal = 0, 1033 }, 1034 { /* ADM_PROHIBITED */ 1035 .err = EACCES, 1036 .fatal = 1, 1037 }, 1038 { /* Was NOT_NEIGHBOUR, now reserved */ 1039 .err = EHOSTUNREACH, 1040 .fatal = 0, 1041 }, 1042 { /* ADDR_UNREACH */ 1043 .err = EHOSTUNREACH, 1044 .fatal = 0, 1045 }, 1046 { /* PORT_UNREACH */ 1047 .err = ECONNREFUSED, 1048 .fatal = 1, 1049 }, 1050 { /* POLICY_FAIL */ 1051 .err = EACCES, 1052 .fatal = 1, 1053 }, 1054 { /* REJECT_ROUTE */ 1055 .err = EACCES, 1056 .fatal = 1, 1057 }, 1058 }; 1059 1060 int icmpv6_err_convert(u8 type, u8 code, int *err) 1061 { 1062 int fatal = 0; 1063 1064 *err = EPROTO; 1065 1066 switch (type) { 1067 case ICMPV6_DEST_UNREACH: 1068 fatal = 1; 1069 if (code < ARRAY_SIZE(tab_unreach)) { 1070 *err = tab_unreach[code].err; 1071 fatal = tab_unreach[code].fatal; 1072 } 1073 break; 1074 1075 case ICMPV6_PKT_TOOBIG: 1076 *err = EMSGSIZE; 1077 break; 1078 1079 case ICMPV6_PARAMPROB: 1080 *err = EPROTO; 1081 fatal = 1; 1082 break; 1083 1084 case ICMPV6_TIME_EXCEED: 1085 *err = EHOSTUNREACH; 1086 break; 1087 } 1088 1089 return fatal; 1090 } 1091 EXPORT_SYMBOL(icmpv6_err_convert); 1092 1093 #ifdef CONFIG_SYSCTL 1094 static struct ctl_table ipv6_icmp_table_template[] = { 1095 { 1096 .procname = "ratelimit", 1097 .data = &init_net.ipv6.sysctl.icmpv6_time, 1098 .maxlen = sizeof(int), 1099 .mode = 0644, 1100 .proc_handler = proc_dointvec_ms_jiffies, 1101 }, 1102 { }, 1103 }; 1104 1105 struct ctl_table * __net_init ipv6_icmp_sysctl_init(struct net *net) 1106 { 1107 struct ctl_table *table; 1108 1109 table = kmemdup(ipv6_icmp_table_template, 1110 sizeof(ipv6_icmp_table_template), 1111 GFP_KERNEL); 1112 1113 if (table) 1114 table[0].data = &net->ipv6.sysctl.icmpv6_time; 1115 1116 return table; 1117 } 1118 #endif 1119