]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blame - net/ipv6/icmp.c
projects / mirror_ubuntu-artful-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
netfilter: nft_ct: prepare for key-dependent error unwind
[mirror_ubuntu-artful-kernel.git] / net / ipv6 / icmp.c
CommitLineData
1da177e4
LT		 1/*
2 * Internet Control Message Protocol (ICMPv6)
3 * Linux INET6 implementation
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 *
1da177e4
LT		 8 * Based on net/ipv4/icmp.c
9 *
10 * RFC 1885
11 *
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version
15 * 2 of the License, or (at your option) any later version.
16 */
17
18/*
19 * Changes:
20 *
21 * Andi Kleen : exception handling
22 * Andi Kleen add rate limits. never reply to a icmp.
23 * add more length checks and other fixes.
24 * yoshfuji : ensure to sent parameter problem for
25 * fragments.
26 * YOSHIFUJI Hideaki @USAGI: added sysctl for icmp rate limit.
27 * Randy Dunlap and
28 * YOSHIFUJI Hideaki @USAGI: Per-interface statistics support
29 * Kazunori MIYAZAWA @USAGI: change output process to use ip6_append_data
30 */
31
f3213831
JP		 32#define pr_fmt(fmt) "IPv6: " fmt
33
1da177e4
LT		 34#include <linux/module.h>
35#include <linux/errno.h>
36#include <linux/types.h>
37#include <linux/socket.h>
38#include <linux/in.h>
39#include <linux/kernel.h>
1da177e4
LT		 40#include <linux/sockios.h>
41#include <linux/net.h>
42#include <linux/skbuff.h>
43#include <linux/init.h>
763ecff1 44#include <linux/netfilter.h>
5a0e3ad6 45#include <linux/slab.h>
1da177e4
LT		 46
47#ifdef CONFIG_SYSCTL
48#include <linux/sysctl.h>
49#endif
50
51#include <linux/inet.h>
52#include <linux/netdevice.h>
53#include <linux/icmpv6.h>
54
55#include <net/ip.h>
56#include <net/sock.h>
57
58#include <net/ipv6.h>
59#include <net/ip6_checksum.h>
6d0bfe22 60#include <net/ping.h>
1da177e4
LT		 61#include <net/protocol.h>
62#include <net/raw.h>
63#include <net/rawv6.h>
64#include <net/transp_v6.h>
65#include <net/ip6_route.h>
66#include <net/addrconf.h>
67#include <net/icmp.h>
8b7817f3 68#include <net/xfrm.h>
1ed8516f 69#include <net/inet_common.h>
825edac4 70#include <net/dsfield.h>
ca254490 71#include <net/l3mdev.h>
1da177e4 72
7c0f6ba6 73#include <linux/uaccess.h>
1da177e4 74
1da177e4
LT		 75/*
76 * The ICMP socket(s). This is the most convenient way to flow control
77 * our ICMP output as well as maintain a clean interface throughout
78 * all layers. All Socketless IP sends will soon be gone.
79 *
80 * On SMP we have one ICMP socket per-cpu.
81 */
98c6d1b2
DL		 82static inline struct sock *icmpv6_sk(struct net *net)
83{
84 return net->ipv6.icmp_sk[smp_processor_id()];
85}
1da177e4 86
6f809da2
SK		 87static void icmpv6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
88 u8 type, u8 code, int offset, __be32 info)
89{
6d0bfe22
LC		 90 /* icmpv6_notify checks 8 bytes can be pulled, icmp6hdr is 8 bytes */
91 struct icmp6hdr *icmp6 = (struct icmp6hdr *) (skb->data + offset);
6f809da2
SK		 92 struct net *net = dev_net(skb->dev);
93
94 if (type == ICMPV6_PKT_TOOBIG)
e2d118a1 95 ip6_update_pmtu(skb, net, info, 0, 0, sock_net_uid(net, NULL));
6f809da2 96 else if (type == NDISC_REDIRECT)
e2d118a1
LC		 97 ip6_redirect(skb, net, skb->dev->ifindex, 0,
98 sock_net_uid(net, NULL));
6d0bfe22
LC		 99
100 if (!(type & ICMPV6_INFOMSG_MASK))
101 if (icmp6->icmp6_type == ICMPV6_ECHO_REQUEST)
dcb94b88 102 ping_err(skb, offset, ntohl(info));
6f809da2
SK		 103}
104
e5bbef20 105static int icmpv6_rcv(struct sk_buff *skb);
1da177e4 106
41135cc8 107static const struct inet6_protocol icmpv6_protocol = {
1da177e4 108 .handler = icmpv6_rcv,
6f809da2 109 .err_handler = icmpv6_err,
8b7817f3 110 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
1da177e4
LT		 111};
112
7ba91ecb 113/* Called with BH disabled */
fdc0bde9 114static __inline__ struct sock *icmpv6_xmit_lock(struct net *net)
1da177e4 115{
fdc0bde9
DL		 116 struct sock *sk;
117
fdc0bde9 118 sk = icmpv6_sk(net);
405666db 119 if (unlikely(!spin_trylock(&sk->sk_lock.slock))) {
1da177e4
LT		 120 /* This can happen if the output path (f.e. SIT or
121 * ip6ip6 tunnel) signals dst_link_failure() for an
122 * outgoing ICMP6 packet.
123 */
fdc0bde9 124 return NULL;
1da177e4 125 }
fdc0bde9 126 return sk;
1da177e4
LT		 127}
128
405666db 129static __inline__ void icmpv6_xmit_unlock(struct sock *sk)
1da177e4 130{
7ba91ecb 131 spin_unlock(&sk->sk_lock.slock);
1da177e4
LT		 132}
133
1da177e4
LT		 134/*
135 * Figure out, may we reply to this packet with icmp error.
136 *
137 * We do not reply, if:
138 * - it was icmp error message.
139 * - it is truncated, so that it is known, that protocol is ICMPV6
140 * (i.e. in the middle of some exthdr)
141 *
142 * --ANK (980726)
143 */
144
a50feda5 145static bool is_ineligible(const struct sk_buff *skb)
1da177e4 146{
0660e03f 147 int ptr = (u8 *)(ipv6_hdr(skb) + 1) - skb->data;
1da177e4 148 int len = skb->len - ptr;
0660e03f 149 __u8 nexthdr = ipv6_hdr(skb)->nexthdr;
75f2811c 150 __be16 frag_off;
1da177e4
LT		 151
152 if (len < 0)
a50feda5 153 return true;
1da177e4 154
75f2811c 155 ptr = ipv6_skip_exthdr(skb, ptr, &nexthdr, &frag_off);
1da177e4 156 if (ptr < 0)
a50feda5 157 return false;
1da177e4
LT		 158 if (nexthdr == IPPROTO_ICMPV6) {
159 u8 _type, *tp;
160 tp = skb_header_pointer(skb,
161 ptr+offsetof(struct icmp6hdr, icmp6_type),
162 sizeof(_type), &_type);
63159f29 163 if (!tp || !(*tp & ICMPV6_INFOMSG_MASK))
a50feda5 164 return true;
1da177e4 165 }
a50feda5 166 return false;
1da177e4
LT		 167}
168
c0303efe
JDB		 169static bool icmpv6_mask_allow(int type)
170{
171 /* Informational messages are not limited. */
172 if (type & ICMPV6_INFOMSG_MASK)
173 return true;
174
175 /* Do not limit pmtu discovery, it would break it. */
176 if (type == ICMPV6_PKT_TOOBIG)
177 return true;
178
179 return false;
180}
181
182static bool icmpv6_global_allow(int type)
183{
184 if (icmpv6_mask_allow(type))
185 return true;
186
187 if (icmp_global_allow())
188 return true;
189
190 return false;
191}
192
1ab1457c
YH		 193/*
194 * Check the ICMP output rate limit
1da177e4 195 */
4cdf507d
ED		 196static bool icmpv6_xrlim_allow(struct sock *sk, u8 type,
197 struct flowi6 *fl6)
1da177e4 198{
3b1e0a65 199 struct net *net = sock_net(sk);
4cdf507d 200 struct dst_entry *dst;
92d86829 201 bool res = false;
1da177e4 202
c0303efe 203 if (icmpv6_mask_allow(type))
92d86829 204 return true;
1da177e4 205
1ab1457c 206 /*
1da177e4
LT		 207 * Look up the output route.
208 * XXX: perhaps the expire for routing entries cloned by
209 * this lookup should be more aggressive (not longer than timeout).
210 */
4c9483b2 211 dst = ip6_route_output(net, sk, fl6);
1da177e4 212 if (dst->error) {
3bd653c8 213 IP6_INC_STATS(net, ip6_dst_idev(dst),
a11d206d 214 IPSTATS_MIB_OUTNOROUTES);
1da177e4 215 } else if (dst->dev && (dst->dev->flags&IFF_LOOPBACK)) {
92d86829 216 res = true;
1da177e4
LT		 217 } else {
218 struct rt6_info *rt = (struct rt6_info *)dst;
9a43b709 219 int tmo = net->ipv6.sysctl.icmpv6_time;
c0303efe 220 struct inet_peer *peer;
1da177e4
LT		 221
222 /* Give more bandwidth to wider prefixes. */
223 if (rt->rt6i_dst.plen < 128)
224 tmo >>= ((128 - rt->rt6i_dst.plen)>>5);
225
c0303efe
JDB		 226 peer = inet_getpeer_v6(net->ipv6.peers, &fl6->daddr, 1);
227 res = inet_peer_xrlim_allow(peer, tmo);
228 if (peer)
229 inet_putpeer(peer);
1da177e4
LT		 230 }
231 dst_release(dst);
232 return res;
233}
234
235/*
236 * an inline helper for the "simple" if statement below
237 * checks if parameter problem report is caused by an
1ab1457c 238 * unrecognized IPv6 option that has the Option Type
1da177e4
LT		 239 * highest-order two bits set to 10
240 */
241
a50feda5 242static bool opt_unrec(struct sk_buff *skb, __u32 offset)
1da177e4
LT		 243{
244 u8 _optval, *op;
245
bbe735e4 246 offset += skb_network_offset(skb);
1da177e4 247 op = skb_header_pointer(skb, offset, sizeof(_optval), &_optval);
63159f29 248 if (!op)
a50feda5 249 return true;
1da177e4
LT		 250 return (*op & 0xC0) == 0x80;
251}
252
6d0bfe22
LC		 253int icmpv6_push_pending_frames(struct sock *sk, struct flowi6 *fl6,
254 struct icmp6hdr *thdr, int len)
1da177e4
LT		 255{
256 struct sk_buff *skb;
257 struct icmp6hdr *icmp6h;
258 int err = 0;
259
e5d08d71 260 skb = skb_peek(&sk->sk_write_queue);
63159f29 261 if (!skb)
1da177e4
LT		 262 goto out;
263
cc70ab26 264 icmp6h = icmp6_hdr(skb);
1da177e4
LT		 265 memcpy(icmp6h, thdr, sizeof(struct icmp6hdr));
266 icmp6h->icmp6_cksum = 0;
267
268 if (skb_queue_len(&sk->sk_write_queue) == 1) {
07f0757a 269 skb->csum = csum_partial(icmp6h,
1da177e4 270 sizeof(struct icmp6hdr), skb->csum);
4c9483b2
DM		 271 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr,
272 &fl6->daddr,
273 len, fl6->flowi6_proto,
1da177e4
LT		 274 skb->csum);
275 } else {
868c86bc 276 __wsum tmp_csum = 0;
1da177e4
LT		 277
278 skb_queue_walk(&sk->sk_write_queue, skb) {
279 tmp_csum = csum_add(tmp_csum, skb->csum);
280 }
281
07f0757a 282 tmp_csum = csum_partial(icmp6h,
1da177e4 283 sizeof(struct icmp6hdr), tmp_csum);
4c9483b2
DM		 284 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr,
285 &fl6->daddr,
286 len, fl6->flowi6_proto,
868c86bc 287 tmp_csum);
1da177e4 288 }
1da177e4
LT		 289 ip6_push_pending_frames(sk);
290out:
291 return err;
292}
293
294struct icmpv6_msg {
295 struct sk_buff *skb;
296 int offset;
763ecff1 297 uint8_t type;
1da177e4
LT		 298};
299
300static int icmpv6_getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb)
301{
302 struct icmpv6_msg *msg = (struct icmpv6_msg *) from;
303 struct sk_buff *org_skb = msg->skb;
5f92a738 304 __wsum csum = 0;
1da177e4
LT		 305
306 csum = skb_copy_and_csum_bits(org_skb, msg->offset + offset,
307 to, len, csum);
308 skb->csum = csum_block_add(skb->csum, csum, odd);
763ecff1
YK		 309 if (!(msg->type & ICMPV6_INFOMSG_MASK))
310 nf_ct_attach(skb, org_skb);
1da177e4
LT		 311 return 0;
312}
313
07a93626 314#if IS_ENABLED(CONFIG_IPV6_MIP6)
79383236
MN		 315static void mip6_addr_swap(struct sk_buff *skb)
316{
0660e03f 317 struct ipv6hdr *iph = ipv6_hdr(skb);
79383236
MN		 318 struct inet6_skb_parm *opt = IP6CB(skb);
319 struct ipv6_destopt_hao *hao;
320 struct in6_addr tmp;
321 int off;
322
323 if (opt->dsthao) {
324 off = ipv6_find_tlv(skb, opt->dsthao, IPV6_TLV_HAO);
325 if (likely(off >= 0)) {
d56f90a7
ACM		 326 hao = (struct ipv6_destopt_hao *)
327 (skb_network_header(skb) + off);
4e3fd7a0
AD		 328 tmp = iph->saddr;
329 iph->saddr = hao->addr;
330 hao->addr = tmp;
79383236
MN		 331 }
332 }
333}
334#else
335static inline void mip6_addr_swap(struct sk_buff *skb) {}
336#endif
337
e8243534 338static struct dst_entry *icmpv6_route_lookup(struct net *net,
339 struct sk_buff *skb,
340 struct sock *sk,
341 struct flowi6 *fl6)
b42835db
DM		 342{
343 struct dst_entry *dst, *dst2;
4c9483b2 344 struct flowi6 fl2;
b42835db
DM		 345 int err;
346
343d60aa 347 err = ip6_dst_lookup(net, sk, &dst, fl6);
b42835db
DM		 348 if (err)
349 return ERR_PTR(err);
350
351 /*
352 * We won't send icmp if the destination is known
353 * anycast.
354 */
2647a9b0 355 if (ipv6_anycast_destination(dst, &fl6->daddr)) {
ba7a46f1 356 net_dbg_ratelimited("icmp6_send: acast source\n");
b42835db
DM		 357 dst_release(dst);
358 return ERR_PTR(-EINVAL);
359 }
360
361 /* No need to clone since we're just using its address. */
362 dst2 = dst;
363
4c9483b2 364 dst = xfrm_lookup(net, dst, flowi6_to_flowi(fl6), sk, 0);
452edd59 365 if (!IS_ERR(dst)) {
b42835db
DM		 366 if (dst != dst2)
367 return dst;
452edd59
DM		 368 } else {
369 if (PTR_ERR(dst) == -EPERM)
370 dst = NULL;
371 else
372 return dst;
b42835db
DM		 373 }
374
4c9483b2 375 err = xfrm_decode_session_reverse(skb, flowi6_to_flowi(&fl2), AF_INET6);
b42835db
DM		 376 if (err)
377 goto relookup_failed;
378
343d60aa 379 err = ip6_dst_lookup(net, sk, &dst2, &fl2);
b42835db
DM		 380 if (err)
381 goto relookup_failed;
382
4c9483b2 383 dst2 = xfrm_lookup(net, dst2, flowi6_to_flowi(&fl2), sk, XFRM_LOOKUP_ICMP);
452edd59 384 if (!IS_ERR(dst2)) {
b42835db
DM		 385 dst_release(dst);
386 dst = dst2;
452edd59
DM		 387 } else {
388 err = PTR_ERR(dst2);
389 if (err == -EPERM) {
390 dst_release(dst);
391 return dst2;
392 } else
393 goto relookup_failed;
b42835db
DM		 394 }
395
396relookup_failed:
397 if (dst)
398 return dst;
399 return ERR_PTR(err);
400}
401
1da177e4
LT		 402/*
403 * Send an ICMP message in response to a packet in error
404 */
b1cadc1a
ED		 405static void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info,
406 const struct in6_addr *force_saddr)
1da177e4 407{
c346dca1 408 struct net *net = dev_net(skb->dev);
1da177e4 409 struct inet6_dev *idev = NULL;
0660e03f 410 struct ipv6hdr *hdr = ipv6_hdr(skb);
84427d53
YH		 411 struct sock *sk;
412 struct ipv6_pinfo *np;
b71d1d42 413 const struct in6_addr *saddr = NULL;
1da177e4
LT		 414 struct dst_entry *dst;
415 struct icmp6hdr tmp_hdr;
4c9483b2 416 struct flowi6 fl6;
1da177e4 417 struct icmpv6_msg msg;
c14ac945 418 struct sockcm_cookie sockc_unused = {0};
26879da5 419 struct ipcm6_cookie ipc6;
1da177e4
LT		 420 int iif = 0;
421 int addr_type = 0;
422 int len;
1da177e4 423 int err = 0;
e110861f 424 u32 mark = IP6_REPLY_MARK(net, skb->mark);
1da177e4 425
27a884dc 426 if ((u8 *)hdr < skb->head ||
29a3cad5 427 (skb_network_header(skb) + sizeof(*hdr)) > skb_tail_pointer(skb))
1da177e4
LT		 428 return;
429
430 /*
1ab1457c 431 * Make sure we respect the rules
1da177e4 432 * i.e. RFC 1885 2.4(e)
5f5624cf 433 * Rule (e.1) is enforced by not using icmp6_send
1da177e4
LT		 434 * in any code that processes icmp errors.
435 */
436 addr_type = ipv6_addr_type(&hdr->daddr);
437
446fab59 438 if (ipv6_chk_addr(net, &hdr->daddr, skb->dev, 0) ||
d94c1f92 439 ipv6_chk_acast_addr_src(net, skb->dev, &hdr->daddr))
1da177e4
LT		 440 saddr = &hdr->daddr;
441
442 /*
443 * Dest addr check
444 */
445
9a6b4b39 446 if (addr_type & IPV6_ADDR_MULTICAST || skb->pkt_type != PACKET_HOST) {
1da177e4 447 if (type != ICMPV6_PKT_TOOBIG &&
1ab1457c
YH		 448 !(type == ICMPV6_PARAMPROB &&
449 code == ICMPV6_UNK_OPTION &&
1da177e4
LT		 450 (opt_unrec(skb, info))))
451 return;
452
453 saddr = NULL;
454 }
455
456 addr_type = ipv6_addr_type(&hdr->saddr);
457
458 /*
459 * Source addr check
460 */
461
842df073 462 if (__ipv6_addr_needs_scope_id(addr_type))
1da177e4 463 iif = skb->dev->ifindex;
79dc7e3f
DA		 464 else {
465 dst = skb_dst(skb);
466 iif = l3mdev_master_ifindex(dst ? dst->dev : skb->dev);
467 }
1da177e4
LT		 468
469 /*
8de3351e
YH		 470 * Must not send error if the source does not uniquely
471 * identify a single node (RFC2463 Section 2.4).
472 * We check unspecified / multicast addresses here,
473 * and anycast addresses will be checked later.
1da177e4
LT		 474 */
475 if ((addr_type == IPV6_ADDR_ANY) || (addr_type & IPV6_ADDR_MULTICAST)) {
4b3418fb
BM		 476 net_dbg_ratelimited("icmp6_send: addr_any/mcast source [%pI6c > %pI6c]\n",
477 &hdr->saddr, &hdr->daddr);
1da177e4
LT		 478 return;
479 }
480
1ab1457c 481 /*
1da177e4
LT		 482 * Never answer to a ICMP packet.
483 */
484 if (is_ineligible(skb)) {
4b3418fb
BM		 485 net_dbg_ratelimited("icmp6_send: no reply to icmp error [%pI6c > %pI6c]\n",
486 &hdr->saddr, &hdr->daddr);
1da177e4
LT		 487 return;
488 }
489
7ba91ecb
JDB		 490 /* Needed by both icmp_global_allow and icmpv6_xmit_lock */
491 local_bh_disable();
492
493 /* Check global sysctl_icmp_msgs_per_sec ratelimit */
494 if (!icmpv6_global_allow(type))
495 goto out_bh_enable;
496
79383236
MN		 497 mip6_addr_swap(skb);
498
4c9483b2
DM		 499 memset(&fl6, 0, sizeof(fl6));
500 fl6.flowi6_proto = IPPROTO_ICMPV6;
4e3fd7a0 501 fl6.daddr = hdr->saddr;
b1cadc1a
ED		 502 if (force_saddr)
503 saddr = force_saddr;
1da177e4 504 if (saddr)
4e3fd7a0 505 fl6.saddr = *saddr;
e110861f 506 fl6.flowi6_mark = mark;
4c9483b2 507 fl6.flowi6_oif = iif;
1958b856
DM		 508 fl6.fl6_icmp_type = type;
509 fl6.fl6_icmp_code = code;
e2d118a1 510 fl6.flowi6_uid = sock_net_uid(net, NULL);
4c9483b2 511 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
1da177e4 512
fdc0bde9 513 sk = icmpv6_xmit_lock(net);
63159f29 514 if (!sk)
7ba91ecb 515 goto out_bh_enable;
c0303efe 516
e110861f 517 sk->sk_mark = mark;
fdc0bde9 518 np = inet6_sk(sk);
405666db 519
4c9483b2 520 if (!icmpv6_xrlim_allow(sk, type, &fl6))
1da177e4
LT		 521 goto out;
522
523 tmp_hdr.icmp6_type = type;
524 tmp_hdr.icmp6_code = code;
525 tmp_hdr.icmp6_cksum = 0;
526 tmp_hdr.icmp6_pointer = htonl(info);
527
4c9483b2
DM		 528 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
529 fl6.flowi6_oif = np->mcast_oif;
c4062dfc
EH		 530 else if (!fl6.flowi6_oif)
531 fl6.flowi6_oif = np->ucast_oif;
1da177e4 532
38b7097b
HFS		 533 ipc6.tclass = np->tclass;
534 fl6.flowlabel = ip6_make_flowinfo(ipc6.tclass, fl6.flowlabel);
535
4c9483b2 536 dst = icmpv6_route_lookup(net, skb, sk, &fl6);
b42835db 537 if (IS_ERR(dst))
1da177e4 538 goto out;
8de3351e 539
26879da5 540 ipc6.hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst);
26879da5
WW		 541 ipc6.dontfrag = np->dontfrag;
542 ipc6.opt = NULL;
1da177e4
LT		 543
544 msg.skb = skb;
bbe735e4 545 msg.offset = skb_network_offset(skb);
763ecff1 546 msg.type = type;
1da177e4
LT		 547
548 len = skb->len - msg.offset;
67ba4152 549 len = min_t(unsigned int, len, IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(struct icmp6hdr));
1da177e4 550 if (len < 0) {
4b3418fb
BM		 551 net_dbg_ratelimited("icmp: len problem [%pI6c > %pI6c]\n",
552 &hdr->saddr, &hdr->daddr);
1da177e4
LT		 553 goto out_dst_release;
554 }
555
cfdf7647
ED		 556 rcu_read_lock();
557 idev = __in6_dev_get(skb->dev);
1da177e4
LT		 558
559 err = ip6_append_data(sk, icmpv6_getfrag, &msg,
560 len + sizeof(struct icmp6hdr),
26879da5
WW		 561 sizeof(struct icmp6hdr),
562 &ipc6, &fl6, (struct rt6_info *)dst,
563 MSG_DONTWAIT, &sockc_unused);
1da177e4 564 if (err) {
43a43b60 565 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTERRORS);
1da177e4 566 ip6_flush_pending_frames(sk);
cfdf7647
ED		 567 } else {
568 err = icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr,
569 len + sizeof(struct icmp6hdr));
1da177e4 570 }
cfdf7647 571 rcu_read_unlock();
1da177e4
LT		 572out_dst_release:
573 dst_release(dst);
574out:
405666db 575 icmpv6_xmit_unlock(sk);
7ba91ecb
JDB		 576out_bh_enable:
577 local_bh_enable();
1da177e4 578}
5f5624cf
PS		 579
580/* Slightly more convenient version of icmp6_send.
581 */
582void icmpv6_param_prob(struct sk_buff *skb, u8 code, int pos)
583{
b1cadc1a 584 icmp6_send(skb, ICMPV6_PARAMPROB, code, pos, NULL);
5f5624cf
PS		 585 kfree_skb(skb);
586}
7159039a 587
5fbba8ac
ED		 588/* Generate icmpv6 with type/code ICMPV6_DEST_UNREACH/ICMPV6_ADDR_UNREACH
589 * if sufficient data bytes are available
590 * @nhs is the size of the tunnel header(s) :
591 * Either an IPv4 header for SIT encap
592 * an IPv4 header + GRE header for GRE encap
593 */
20e1954f
ED		 594int ip6_err_gen_icmpv6_unreach(struct sk_buff *skb, int nhs, int type,
595 unsigned int data_len)
5fbba8ac 596{
2d7a3b27 597 struct in6_addr temp_saddr;
5fbba8ac
ED		 598 struct rt6_info *rt;
599 struct sk_buff *skb2;
20e1954f 600 u32 info = 0;
5fbba8ac
ED		 601
602 if (!pskb_may_pull(skb, nhs + sizeof(struct ipv6hdr) + 8))
603 return 1;
604
20e1954f
ED		 605 /* RFC 4884 (partial) support for ICMP extensions */
606 if (data_len < 128 || (data_len & 7) || skb->len < data_len)
607 data_len = 0;
608
609 skb2 = data_len ? skb_copy(skb, GFP_ATOMIC) : skb_clone(skb, GFP_ATOMIC);
5fbba8ac
ED		 610
611 if (!skb2)
612 return 1;
613
614 skb_dst_drop(skb2);
615 skb_pull(skb2, nhs);
616 skb_reset_network_header(skb2);
617
618 rt = rt6_lookup(dev_net(skb->dev), &ipv6_hdr(skb2)->saddr, NULL, 0, 0);
619
620 if (rt && rt->dst.dev)
621 skb2->dev = rt->dst.dev;
622
2d7a3b27 623 ipv6_addr_set_v4mapped(ip_hdr(skb)->saddr, &temp_saddr);
20e1954f
ED		 624
625 if (data_len) {
626 /* RFC 4884 (partial) support :
627 * insert 0 padding at the end, before the extensions
628 */
629 __skb_push(skb2, nhs);
630 skb_reset_network_header(skb2);
631 memmove(skb2->data, skb2->data + nhs, data_len - nhs);
632 memset(skb2->data + data_len - nhs, 0, nhs);
633 /* RFC 4884 4.5 : Length is measured in 64-bit words,
634 * and stored in reserved[0]
635 */
636 info = (data_len/8) << 24;
637 }
2d7a3b27
ED		 638 if (type == ICMP_TIME_EXCEEDED)
639 icmp6_send(skb2, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT,
20e1954f 640 info, &temp_saddr);
2d7a3b27
ED		 641 else
642 icmp6_send(skb2, ICMPV6_DEST_UNREACH, ICMPV6_ADDR_UNREACH,
20e1954f 643 info, &temp_saddr);
5fbba8ac
ED		 644 if (rt)
645 ip6_rt_put(rt);
646
647 kfree_skb(skb2);
648
649 return 0;
650}
651EXPORT_SYMBOL(ip6_err_gen_icmpv6_unreach);
652
1da177e4
LT		 653static void icmpv6_echo_reply(struct sk_buff *skb)
654{
c346dca1 655 struct net *net = dev_net(skb->dev);
84427d53 656 struct sock *sk;
1da177e4 657 struct inet6_dev *idev;
84427d53 658 struct ipv6_pinfo *np;
b71d1d42 659 const struct in6_addr *saddr = NULL;
cc70ab26 660 struct icmp6hdr *icmph = icmp6_hdr(skb);
1da177e4 661 struct icmp6hdr tmp_hdr;
4c9483b2 662 struct flowi6 fl6;
1da177e4
LT		 663 struct icmpv6_msg msg;
664 struct dst_entry *dst;
26879da5 665 struct ipcm6_cookie ipc6;
1da177e4 666 int err = 0;
e110861f 667 u32 mark = IP6_REPLY_MARK(net, skb->mark);
c14ac945 668 struct sockcm_cookie sockc_unused = {0};
1da177e4 669
0660e03f 670 saddr = &ipv6_hdr(skb)->daddr;
1da177e4 671
509aba3b 672 if (!ipv6_unicast_destination(skb) &&
ec35b61e 673 !(net->ipv6.sysctl.anycast_src_echo_reply &&
2647a9b0 674 ipv6_anycast_destination(skb_dst(skb), saddr)))
1da177e4
LT		 675 saddr = NULL;
676
677 memcpy(&tmp_hdr, icmph, sizeof(tmp_hdr));
678 tmp_hdr.icmp6_type = ICMPV6_ECHO_REPLY;
679
4c9483b2
DM		 680 memset(&fl6, 0, sizeof(fl6));
681 fl6.flowi6_proto = IPPROTO_ICMPV6;
4e3fd7a0 682 fl6.daddr = ipv6_hdr(skb)->saddr;
1da177e4 683 if (saddr)
4e3fd7a0 684 fl6.saddr = *saddr;
9ff74384 685 fl6.flowi6_oif = skb->dev->ifindex;
1958b856 686 fl6.fl6_icmp_type = ICMPV6_ECHO_REPLY;
e110861f 687 fl6.flowi6_mark = mark;
e2d118a1 688 fl6.flowi6_uid = sock_net_uid(net, NULL);
4c9483b2 689 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
1da177e4 690
7ba91ecb 691 local_bh_disable();
fdc0bde9 692 sk = icmpv6_xmit_lock(net);
63159f29 693 if (!sk)
7ba91ecb 694 goto out_bh_enable;
e110861f 695 sk->sk_mark = mark;
fdc0bde9 696 np = inet6_sk(sk);
405666db 697
4c9483b2
DM		 698 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
699 fl6.flowi6_oif = np->mcast_oif;
c4062dfc
EH		 700 else if (!fl6.flowi6_oif)
701 fl6.flowi6_oif = np->ucast_oif;
1da177e4 702
343d60aa 703 err = ip6_dst_lookup(net, sk, &dst, &fl6);
1da177e4
LT		 704 if (err)
705 goto out;
4c9483b2 706 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), sk, 0);
452edd59 707 if (IS_ERR(dst))
e104411b 708 goto out;
1da177e4 709
cfdf7647 710 idev = __in6_dev_get(skb->dev);
1da177e4
LT		 711
712 msg.skb = skb;
713 msg.offset = 0;
763ecff1 714 msg.type = ICMPV6_ECHO_REPLY;
1da177e4 715
26879da5
WW		 716 ipc6.hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst);
717 ipc6.tclass = ipv6_get_dsfield(ipv6_hdr(skb));
718 ipc6.dontfrag = np->dontfrag;
719 ipc6.opt = NULL;
720
1da177e4 721 err = ip6_append_data(sk, icmpv6_getfrag, &msg, skb->len + sizeof(struct icmp6hdr),
26879da5 722 sizeof(struct icmp6hdr), &ipc6, &fl6,
a2d91a09 723 (struct rt6_info *)dst, MSG_DONTWAIT,
26879da5 724 &sockc_unused);
1da177e4
LT		 725
726 if (err) {
a16292a0 727 __ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTERRORS);
1da177e4 728 ip6_flush_pending_frames(sk);
cfdf7647
ED		 729 } else {
730 err = icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr,
731 skb->len + sizeof(struct icmp6hdr));
1da177e4 732 }
1da177e4 733 dst_release(dst);
1ab1457c 734out:
405666db 735 icmpv6_xmit_unlock(sk);
7ba91ecb
JDB		 736out_bh_enable:
737 local_bh_enable();
1da177e4
LT		 738}
739
b94f1c09 740void icmpv6_notify(struct sk_buff *skb, u8 type, u8 code, __be32 info)
1da177e4 741{
41135cc8 742 const struct inet6_protocol *ipprot;
1da177e4 743 int inner_offset;
75f2811c 744 __be16 frag_off;
f9242b6b 745 u8 nexthdr;
7304fe46 746 struct net *net = dev_net(skb->dev);
1da177e4
LT		 747
748 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
7304fe46 749 goto out;
1da177e4
LT		 750
751 nexthdr = ((struct ipv6hdr *)skb->data)->nexthdr;
752 if (ipv6_ext_hdr(nexthdr)) {
753 /* now skip over extension headers */
75f2811c
JG		 754 inner_offset = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr),
755 &nexthdr, &frag_off);
67ba4152 756 if (inner_offset < 0)
7304fe46 757 goto out;
1da177e4
LT		 758 } else {
759 inner_offset = sizeof(struct ipv6hdr);
760 }
761
762 /* Checkin header including 8 bytes of inner protocol header. */
763 if (!pskb_may_pull(skb, inner_offset+8))
7304fe46 764 goto out;
1da177e4 765
1da177e4
LT		 766 /* BUGGG_FUTURE: we should try to parse exthdrs in this packet.
767 Without this we will not able f.e. to make source routed
768 pmtu discovery.
769 Corresponding argument (opt) to notifiers is already added.
770 --ANK (980726)
771 */
772
f9242b6b 773 ipprot = rcu_dereference(inet6_protos[nexthdr]);
1da177e4
LT		 774 if (ipprot && ipprot->err_handler)
775 ipprot->err_handler(skb, NULL, type, code, inner_offset, info);
1da177e4 776
69d6da0b 777 raw6_icmp_error(skb, nexthdr, type, code, inner_offset, info);
7304fe46
DJ		 778 return;
779
780out:
a16292a0 781 __ICMP6_INC_STATS(net, __in6_dev_get(skb->dev), ICMP6_MIB_INERRORS);
1da177e4 782}
1ab1457c 783
1da177e4
LT		 784/*
785 * Handle icmp messages
786 */
787
e5bbef20 788static int icmpv6_rcv(struct sk_buff *skb)
1da177e4 789{
1da177e4
LT		 790 struct net_device *dev = skb->dev;
791 struct inet6_dev *idev = __in6_dev_get(dev);
b71d1d42 792 const struct in6_addr *saddr, *daddr;
1da177e4 793 struct icmp6hdr *hdr;
d5fdd6ba 794 u8 type;
e3e32170 795 bool success = false;
1da177e4 796
aebcf82c 797 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
def8b4fa 798 struct sec_path *sp = skb_sec_path(skb);
8b7817f3
HX		 799 int nh;
800
def8b4fa 801 if (!(sp && sp->xvec[sp->len - 1]->props.flags &
aebcf82c
HX		 802 XFRM_STATE_ICMP))
803 goto drop_no_count;
804
81aded24 805 if (!pskb_may_pull(skb, sizeof(*hdr) + sizeof(struct ipv6hdr)))
8b7817f3
HX		 806 goto drop_no_count;
807
808 nh = skb_network_offset(skb);
809 skb_set_network_header(skb, sizeof(*hdr));
810
811 if (!xfrm6_policy_check_reverse(NULL, XFRM_POLICY_IN, skb))
812 goto drop_no_count;
813
814 skb_set_network_header(skb, nh);
815 }
816
a16292a0 817 __ICMP6_INC_STATS(dev_net(dev), idev, ICMP6_MIB_INMSGS);
1da177e4 818
0660e03f
ACM		 819 saddr = &ipv6_hdr(skb)->saddr;
820 daddr = &ipv6_hdr(skb)->daddr;
1da177e4 821
39471ac8 822 if (skb_checksum_validate(skb, IPPROTO_ICMPV6, ip6_compute_pseudo)) {
ba7a46f1
JP		 823 net_dbg_ratelimited("ICMPv6 checksum failed [%pI6c > %pI6c]\n",
824 saddr, daddr);
39471ac8 825 goto csum_error;
1da177e4
LT		 826 }
827
8cf22943
HX		 828 if (!pskb_pull(skb, sizeof(*hdr)))
829 goto discard_it;
1da177e4 830
cc70ab26 831 hdr = icmp6_hdr(skb);
1da177e4
LT		 832
833 type = hdr->icmp6_type;
834
f3832ed2 835 ICMP6MSGIN_INC_STATS(dev_net(dev), idev, type);
1da177e4
LT		 836
837 switch (type) {
838 case ICMPV6_ECHO_REQUEST:
839 icmpv6_echo_reply(skb);
840 break;
841
842 case ICMPV6_ECHO_REPLY:
e3e32170 843 success = ping_rcv(skb);
1da177e4
LT		 844 break;
845
846 case ICMPV6_PKT_TOOBIG:
847 /* BUGGG_FUTURE: if packet contains rthdr, we cannot update
848 standard destination cache. Seems, only "advanced"
849 destination cache will allow to solve this problem
850 --ANK (980726)
851 */
852 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
853 goto discard_it;
cc70ab26 854 hdr = icmp6_hdr(skb);
1da177e4
LT		 855
856 /*
857 * Drop through to notify
858 */
859
860 case ICMPV6_DEST_UNREACH:
861 case ICMPV6_TIME_EXCEED:
862 case ICMPV6_PARAMPROB:
863 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu);
864 break;
865
866 case NDISC_ROUTER_SOLICITATION:
867 case NDISC_ROUTER_ADVERTISEMENT:
868 case NDISC_NEIGHBOUR_SOLICITATION:
869 case NDISC_NEIGHBOUR_ADVERTISEMENT:
870 case NDISC_REDIRECT:
871 ndisc_rcv(skb);
872 break;
873
874 case ICMPV6_MGM_QUERY:
875 igmp6_event_query(skb);
876 break;
877
878 case ICMPV6_MGM_REPORT:
879 igmp6_event_report(skb);
880 break;
881
882 case ICMPV6_MGM_REDUCTION:
883 case ICMPV6_NI_QUERY:
884 case ICMPV6_NI_REPLY:
885 case ICMPV6_MLD2_REPORT:
886 case ICMPV6_DHAAD_REQUEST:
887 case ICMPV6_DHAAD_REPLY:
888 case ICMPV6_MOBILE_PREFIX_SOL:
889 case ICMPV6_MOBILE_PREFIX_ADV:
890 break;
891
892 default:
1da177e4
LT		 893 /* informational */
894 if (type & ICMPV6_INFOMSG_MASK)
895 break;
896
4b3418fb
BM		 897 net_dbg_ratelimited("icmpv6: msg of unknown type [%pI6c > %pI6c]\n",
898 saddr, daddr);
ea85a0a2 899
1ab1457c
YH		 900 /*
901 * error of unknown type.
902 * must pass to upper level
1da177e4
LT		 903 */
904
905 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu);
3ff50b79
SH		 906 }
907
e3e32170
RJ		 908 /* until the v6 path can be better sorted assume failure and
909 * preserve the status quo behaviour for the rest of the paths to here
910 */
911 if (success)
912 consume_skb(skb);
913 else
914 kfree_skb(skb);
915
1da177e4
LT		 916 return 0;
917
6a5dc9e5 918csum_error:
a16292a0 919 __ICMP6_INC_STATS(dev_net(dev), idev, ICMP6_MIB_CSUMERRORS);
1da177e4 920discard_it:
a16292a0 921 __ICMP6_INC_STATS(dev_net(dev), idev, ICMP6_MIB_INERRORS);
8b7817f3 922drop_no_count:
1da177e4
LT		 923 kfree_skb(skb);
924 return 0;
925}
926
4c9483b2 927void icmpv6_flow_init(struct sock *sk, struct flowi6 *fl6,
95e41e93
YH		 928 u8 type,
929 const struct in6_addr *saddr,
930 const struct in6_addr *daddr,
931 int oif)
932{
4c9483b2 933 memset(fl6, 0, sizeof(*fl6));
4e3fd7a0
AD		 934 fl6->saddr = *saddr;
935 fl6->daddr = *daddr;
67ba4152 936 fl6->flowi6_proto = IPPROTO_ICMPV6;
1958b856
DM		 937 fl6->fl6_icmp_type = type;
938 fl6->fl6_icmp_code = 0;
4c9483b2
DM		 939 fl6->flowi6_oif = oif;
940 security_sk_classify_flow(sk, flowi6_to_flowi(fl6));
95e41e93
YH		 941}
942
98c6d1b2 943static int __net_init icmpv6_sk_init(struct net *net)
1da177e4
LT		 944{
945 struct sock *sk;
946 int err, i, j;
947
98c6d1b2
DL		 948 net->ipv6.icmp_sk =
949 kzalloc(nr_cpu_ids * sizeof(struct sock *), GFP_KERNEL);
63159f29 950 if (!net->ipv6.icmp_sk)
79c91159
DL		 951 return -ENOMEM;
952
6f912042 953 for_each_possible_cpu(i) {
1ed8516f
DL		 954 err = inet_ctl_sock_create(&sk, PF_INET6,
955 SOCK_RAW, IPPROTO_ICMPV6, net);
1da177e4 956 if (err < 0) {
f3213831 957 pr_err("Failed to initialize the ICMP6 control socket (err %d)\n",
1da177e4
LT		 958 err);
959 goto fail;
960 }
961
1ed8516f 962 net->ipv6.icmp_sk[i] = sk;
5c8cafd6 963
1da177e4
LT		 964 /* Enough space for 2 64K ICMP packets, including
965 * sk_buff struct overhead.
966 */
87fb4b7b 967 sk->sk_sndbuf = 2 * SKB_TRUESIZE(64 * 1024);
1da177e4 968 }
1da177e4
LT		 969 return 0;
970
971 fail:
5c8cafd6 972 for (j = 0; j < i; j++)
1ed8516f 973 inet_ctl_sock_destroy(net->ipv6.icmp_sk[j]);
98c6d1b2 974 kfree(net->ipv6.icmp_sk);
1da177e4
LT		 975 return err;
976}
977
98c6d1b2 978static void __net_exit icmpv6_sk_exit(struct net *net)
1da177e4
LT		 979{
980 int i;
981
6f912042 982 for_each_possible_cpu(i) {
1ed8516f 983 inet_ctl_sock_destroy(net->ipv6.icmp_sk[i]);
1da177e4 984 }
98c6d1b2
DL		 985 kfree(net->ipv6.icmp_sk);
986}
987
8ed7edce 988static struct pernet_operations icmpv6_sk_ops = {
67ba4152
IM		 989 .init = icmpv6_sk_init,
990 .exit = icmpv6_sk_exit,
98c6d1b2
DL		 991};
992
993int __init icmpv6_init(void)
994{
995 int err;
996
997 err = register_pernet_subsys(&icmpv6_sk_ops);
998 if (err < 0)
999 return err;
1000
1001 err = -EAGAIN;
1002 if (inet6_add_protocol(&icmpv6_protocol, IPPROTO_ICMPV6) < 0)
1003 goto fail;
5f5624cf
PS		 1004
1005 err = inet6_register_icmp_sender(icmp6_send);
1006 if (err)
1007 goto sender_reg_err;
98c6d1b2
DL		 1008 return 0;
1009
5f5624cf
PS		 1010sender_reg_err:
1011 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6);
98c6d1b2 1012fail:
f3213831 1013 pr_err("Failed to register ICMP6 protocol\n");
98c6d1b2
DL		 1014 unregister_pernet_subsys(&icmpv6_sk_ops);
1015 return err;
1016}
1017
8ed7edce 1018void icmpv6_cleanup(void)
98c6d1b2 1019{
5f5624cf 1020 inet6_unregister_icmp_sender(icmp6_send);
98c6d1b2 1021 unregister_pernet_subsys(&icmpv6_sk_ops);
1da177e4
LT		 1022 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6);
1023}
1024
98c6d1b2 1025
9b5b5cff 1026static const struct icmp6_err {
1da177e4
LT		 1027 int err;
1028 int fatal;
1029} tab_unreach[] = {
1030 { /* NOROUTE */
1031 .err = ENETUNREACH,
1032 .fatal = 0,
1033 },
1034 { /* ADM_PROHIBITED */
1035 .err = EACCES,
1036 .fatal = 1,
1037 },
1038 { /* Was NOT_NEIGHBOUR, now reserved */
1039 .err = EHOSTUNREACH,
1040 .fatal = 0,
1041 },
1042 { /* ADDR_UNREACH */
1043 .err = EHOSTUNREACH,
1044 .fatal = 0,
1045 },
1046 { /* PORT_UNREACH */
1047 .err = ECONNREFUSED,
1048 .fatal = 1,
1049 },
61e76b17
JB		 1050 { /* POLICY_FAIL */
1051 .err = EACCES,
1052 .fatal = 1,
1053 },
1054 { /* REJECT_ROUTE */
1055 .err = EACCES,
1056 .fatal = 1,
1057 },
1da177e4
LT		 1058};
1059
d5fdd6ba 1060int icmpv6_err_convert(u8 type, u8 code, int *err)
1da177e4
LT		 1061{
1062 int fatal = 0;
1063
1064 *err = EPROTO;
1065
1066 switch (type) {
1067 case ICMPV6_DEST_UNREACH:
1068 fatal = 1;
61e76b17 1069 if (code < ARRAY_SIZE(tab_unreach)) {
1da177e4
LT		 1070 *err = tab_unreach[code].err;
1071 fatal = tab_unreach[code].fatal;
1072 }
1073 break;
1074
1075 case ICMPV6_PKT_TOOBIG:
1076 *err = EMSGSIZE;
1077 break;
1ab1457c 1078
1da177e4
LT		 1079 case ICMPV6_PARAMPROB:
1080 *err = EPROTO;
1081 fatal = 1;
1082 break;
1083
1084 case ICMPV6_TIME_EXCEED:
1085 *err = EHOSTUNREACH;
1086 break;
3ff50b79 1087 }
1da177e4
LT		 1088
1089 return fatal;
1090}
7159039a
YH		 1091EXPORT_SYMBOL(icmpv6_err_convert);
1092
1da177e4 1093#ifdef CONFIG_SYSCTL
e8243534 1094static struct ctl_table ipv6_icmp_table_template[] = {
1da177e4 1095 {
1da177e4 1096 .procname = "ratelimit",
41a76906 1097 .data = &init_net.ipv6.sysctl.icmpv6_time,
1da177e4
LT		 1098 .maxlen = sizeof(int),
1099 .mode = 0644,
6d9f239a 1100 .proc_handler = proc_dointvec_ms_jiffies,
1da177e4 1101 },
f8572d8f 1102 { },
1da177e4 1103};
760f2d01 1104
2c8c1e72 1105struct ctl_table * __net_init ipv6_icmp_sysctl_init(struct net *net)
760f2d01
DL		 1106{
1107 struct ctl_table *table;
1108
1109 table = kmemdup(ipv6_icmp_table_template,
1110 sizeof(ipv6_icmp_table_template),
1111 GFP_KERNEL);
5ee09105 1112
c027aab4 1113 if (table)
5ee09105
YH		 1114 table[0].data = &net->ipv6.sysctl.icmpv6_time;
1115
760f2d01
DL		 1116 return table;
1117}
1da177e4 1118#endif
Ubuntu Artful kernel mirror