]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blame - net/ipv6/icmp.c
projects / mirror_ubuntu-bionic-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
drm/i915/gvt: remove duplicated definition
[mirror_ubuntu-bionic-kernel.git] / net / ipv6 / icmp.c
CommitLineData
1da177e4
LT		 1/*
2 * Internet Control Message Protocol (ICMPv6)
3 * Linux INET6 implementation
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 *
1da177e4
LT		 8 * Based on net/ipv4/icmp.c
9 *
10 * RFC 1885
11 *
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version
15 * 2 of the License, or (at your option) any later version.
16 */
17
18/*
19 * Changes:
20 *
21 * Andi Kleen : exception handling
22 * Andi Kleen add rate limits. never reply to a icmp.
23 * add more length checks and other fixes.
24 * yoshfuji : ensure to sent parameter problem for
25 * fragments.
26 * YOSHIFUJI Hideaki @USAGI: added sysctl for icmp rate limit.
27 * Randy Dunlap and
28 * YOSHIFUJI Hideaki @USAGI: Per-interface statistics support
29 * Kazunori MIYAZAWA @USAGI: change output process to use ip6_append_data
30 */
31
f3213831
JP		 32#define pr_fmt(fmt) "IPv6: " fmt
33
1da177e4
LT		 34#include <linux/module.h>
35#include <linux/errno.h>
36#include <linux/types.h>
37#include <linux/socket.h>
38#include <linux/in.h>
39#include <linux/kernel.h>
1da177e4
LT		 40#include <linux/sockios.h>
41#include <linux/net.h>
42#include <linux/skbuff.h>
43#include <linux/init.h>
763ecff1 44#include <linux/netfilter.h>
5a0e3ad6 45#include <linux/slab.h>
1da177e4
LT		 46
47#ifdef CONFIG_SYSCTL
48#include <linux/sysctl.h>
49#endif
50
51#include <linux/inet.h>
52#include <linux/netdevice.h>
53#include <linux/icmpv6.h>
54
55#include <net/ip.h>
56#include <net/sock.h>
57
58#include <net/ipv6.h>
59#include <net/ip6_checksum.h>
6d0bfe22 60#include <net/ping.h>
1da177e4
LT		 61#include <net/protocol.h>
62#include <net/raw.h>
63#include <net/rawv6.h>
64#include <net/transp_v6.h>
65#include <net/ip6_route.h>
66#include <net/addrconf.h>
67#include <net/icmp.h>
8b7817f3 68#include <net/xfrm.h>
1ed8516f 69#include <net/inet_common.h>
825edac4 70#include <net/dsfield.h>
ca254490 71#include <net/l3mdev.h>
1da177e4 72
7c0f6ba6 73#include <linux/uaccess.h>
1da177e4 74
1da177e4
LT		 75/*
76 * The ICMP socket(s). This is the most convenient way to flow control
77 * our ICMP output as well as maintain a clean interface throughout
78 * all layers. All Socketless IP sends will soon be gone.
79 *
80 * On SMP we have one ICMP socket per-cpu.
81 */
98c6d1b2
DL		 82static inline struct sock *icmpv6_sk(struct net *net)
83{
84 return net->ipv6.icmp_sk[smp_processor_id()];
85}
1da177e4 86
6f809da2
SK		 87static void icmpv6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
88 u8 type, u8 code, int offset, __be32 info)
89{
6d0bfe22
LC		 90 /* icmpv6_notify checks 8 bytes can be pulled, icmp6hdr is 8 bytes */
91 struct icmp6hdr *icmp6 = (struct icmp6hdr *) (skb->data + offset);
6f809da2
SK		 92 struct net *net = dev_net(skb->dev);
93
94 if (type == ICMPV6_PKT_TOOBIG)
e2d118a1 95 ip6_update_pmtu(skb, net, info, 0, 0, sock_net_uid(net, NULL));
6f809da2 96 else if (type == NDISC_REDIRECT)
e2d118a1
LC		 97 ip6_redirect(skb, net, skb->dev->ifindex, 0,
98 sock_net_uid(net, NULL));
6d0bfe22
LC		 99
100 if (!(type & ICMPV6_INFOMSG_MASK))
101 if (icmp6->icmp6_type == ICMPV6_ECHO_REQUEST)
dcb94b88 102 ping_err(skb, offset, ntohl(info));
6f809da2
SK		 103}
104
e5bbef20 105static int icmpv6_rcv(struct sk_buff *skb);
1da177e4 106
41135cc8 107static const struct inet6_protocol icmpv6_protocol = {
1da177e4 108 .handler = icmpv6_rcv,
6f809da2 109 .err_handler = icmpv6_err,
8b7817f3 110 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
1da177e4
LT		 111};
112
fdc0bde9 113static __inline__ struct sock *icmpv6_xmit_lock(struct net *net)
1da177e4 114{
fdc0bde9
DL		 115 struct sock *sk;
116
1da177e4
LT		 117 local_bh_disable();
118
fdc0bde9 119 sk = icmpv6_sk(net);
405666db 120 if (unlikely(!spin_trylock(&sk->sk_lock.slock))) {
1da177e4
LT		 121 /* This can happen if the output path (f.e. SIT or
122 * ip6ip6 tunnel) signals dst_link_failure() for an
123 * outgoing ICMP6 packet.
124 */
125 local_bh_enable();
fdc0bde9 126 return NULL;
1da177e4 127 }
fdc0bde9 128 return sk;
1da177e4
LT		 129}
130
405666db 131static __inline__ void icmpv6_xmit_unlock(struct sock *sk)
1da177e4 132{
405666db 133 spin_unlock_bh(&sk->sk_lock.slock);
1da177e4
LT		 134}
135
1da177e4
LT		 136/*
137 * Figure out, may we reply to this packet with icmp error.
138 *
139 * We do not reply, if:
140 * - it was icmp error message.
141 * - it is truncated, so that it is known, that protocol is ICMPV6
142 * (i.e. in the middle of some exthdr)
143 *
144 * --ANK (980726)
145 */
146
a50feda5 147static bool is_ineligible(const struct sk_buff *skb)
1da177e4 148{
0660e03f 149 int ptr = (u8 *)(ipv6_hdr(skb) + 1) - skb->data;
1da177e4 150 int len = skb->len - ptr;
0660e03f 151 __u8 nexthdr = ipv6_hdr(skb)->nexthdr;
75f2811c 152 __be16 frag_off;
1da177e4
LT		 153
154 if (len < 0)
a50feda5 155 return true;
1da177e4 156
75f2811c 157 ptr = ipv6_skip_exthdr(skb, ptr, &nexthdr, &frag_off);
1da177e4 158 if (ptr < 0)
a50feda5 159 return false;
1da177e4
LT		 160 if (nexthdr == IPPROTO_ICMPV6) {
161 u8 _type, *tp;
162 tp = skb_header_pointer(skb,
163 ptr+offsetof(struct icmp6hdr, icmp6_type),
164 sizeof(_type), &_type);
63159f29 165 if (!tp || !(*tp & ICMPV6_INFOMSG_MASK))
a50feda5 166 return true;
1da177e4 167 }
a50feda5 168 return false;
1da177e4
LT		 169}
170
1ab1457c
YH		 171/*
172 * Check the ICMP output rate limit
1da177e4 173 */
4cdf507d
ED		 174static bool icmpv6_xrlim_allow(struct sock *sk, u8 type,
175 struct flowi6 *fl6)
1da177e4 176{
3b1e0a65 177 struct net *net = sock_net(sk);
4cdf507d 178 struct dst_entry *dst;
92d86829 179 bool res = false;
1da177e4
LT		 180
181 /* Informational messages are not limited. */
182 if (type & ICMPV6_INFOMSG_MASK)
92d86829 183 return true;
1da177e4
LT		 184
185 /* Do not limit pmtu discovery, it would break it. */
186 if (type == ICMPV6_PKT_TOOBIG)
92d86829 187 return true;
1da177e4 188
1ab1457c 189 /*
1da177e4
LT		 190 * Look up the output route.
191 * XXX: perhaps the expire for routing entries cloned by
192 * this lookup should be more aggressive (not longer than timeout).
193 */
4c9483b2 194 dst = ip6_route_output(net, sk, fl6);
1da177e4 195 if (dst->error) {
3bd653c8 196 IP6_INC_STATS(net, ip6_dst_idev(dst),
a11d206d 197 IPSTATS_MIB_OUTNOROUTES);
1da177e4 198 } else if (dst->dev && (dst->dev->flags&IFF_LOOPBACK)) {
92d86829 199 res = true;
1da177e4
LT		 200 } else {
201 struct rt6_info *rt = (struct rt6_info *)dst;
9a43b709 202 int tmo = net->ipv6.sysctl.icmpv6_time;
1da177e4
LT		 203
204 /* Give more bandwidth to wider prefixes. */
205 if (rt->rt6i_dst.plen < 128)
206 tmo >>= ((128 - rt->rt6i_dst.plen)>>5);
207
4cdf507d
ED		 208 if (icmp_global_allow()) {
209 struct inet_peer *peer;
210
211 peer = inet_getpeer_v6(net->ipv6.peers,
fd0273d7 212 &fl6->daddr, 1);
4cdf507d
ED		 213 res = inet_peer_xrlim_allow(peer, tmo);
214 if (peer)
215 inet_putpeer(peer);
216 }
1da177e4
LT		 217 }
218 dst_release(dst);
219 return res;
220}
221
222/*
223 * an inline helper for the "simple" if statement below
224 * checks if parameter problem report is caused by an
1ab1457c 225 * unrecognized IPv6 option that has the Option Type
1da177e4
LT		 226 * highest-order two bits set to 10
227 */
228
a50feda5 229static bool opt_unrec(struct sk_buff *skb, __u32 offset)
1da177e4
LT		 230{
231 u8 _optval, *op;
232
bbe735e4 233 offset += skb_network_offset(skb);
1da177e4 234 op = skb_header_pointer(skb, offset, sizeof(_optval), &_optval);
63159f29 235 if (!op)
a50feda5 236 return true;
1da177e4
LT		 237 return (*op & 0xC0) == 0x80;
238}
239
6d0bfe22
LC		 240int icmpv6_push_pending_frames(struct sock *sk, struct flowi6 *fl6,
241 struct icmp6hdr *thdr, int len)
1da177e4
LT		 242{
243 struct sk_buff *skb;
244 struct icmp6hdr *icmp6h;
245 int err = 0;
246
e5d08d71 247 skb = skb_peek(&sk->sk_write_queue);
63159f29 248 if (!skb)
1da177e4
LT		 249 goto out;
250
cc70ab26 251 icmp6h = icmp6_hdr(skb);
1da177e4
LT		 252 memcpy(icmp6h, thdr, sizeof(struct icmp6hdr));
253 icmp6h->icmp6_cksum = 0;
254
255 if (skb_queue_len(&sk->sk_write_queue) == 1) {
07f0757a 256 skb->csum = csum_partial(icmp6h,
1da177e4 257 sizeof(struct icmp6hdr), skb->csum);
4c9483b2
DM		 258 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr,
259 &fl6->daddr,
260 len, fl6->flowi6_proto,
1da177e4
LT		 261 skb->csum);
262 } else {
868c86bc 263 __wsum tmp_csum = 0;
1da177e4
LT		 264
265 skb_queue_walk(&sk->sk_write_queue, skb) {
266 tmp_csum = csum_add(tmp_csum, skb->csum);
267 }
268
07f0757a 269 tmp_csum = csum_partial(icmp6h,
1da177e4 270 sizeof(struct icmp6hdr), tmp_csum);
4c9483b2
DM		 271 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr,
272 &fl6->daddr,
273 len, fl6->flowi6_proto,
868c86bc 274 tmp_csum);
1da177e4 275 }
1da177e4
LT		 276 ip6_push_pending_frames(sk);
277out:
278 return err;
279}
280
281struct icmpv6_msg {
282 struct sk_buff *skb;
283 int offset;
763ecff1 284 uint8_t type;
1da177e4
LT		 285};
286
287static int icmpv6_getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb)
288{
289 struct icmpv6_msg *msg = (struct icmpv6_msg *) from;
290 struct sk_buff *org_skb = msg->skb;
5f92a738 291 __wsum csum = 0;
1da177e4
LT		 292
293 csum = skb_copy_and_csum_bits(org_skb, msg->offset + offset,
294 to, len, csum);
295 skb->csum = csum_block_add(skb->csum, csum, odd);
763ecff1
YK		 296 if (!(msg->type & ICMPV6_INFOMSG_MASK))
297 nf_ct_attach(skb, org_skb);
1da177e4
LT		 298 return 0;
299}
300
07a93626 301#if IS_ENABLED(CONFIG_IPV6_MIP6)
79383236
MN		 302static void mip6_addr_swap(struct sk_buff *skb)
303{
0660e03f 304 struct ipv6hdr *iph = ipv6_hdr(skb);
79383236
MN		 305 struct inet6_skb_parm *opt = IP6CB(skb);
306 struct ipv6_destopt_hao *hao;
307 struct in6_addr tmp;
308 int off;
309
310 if (opt->dsthao) {
311 off = ipv6_find_tlv(skb, opt->dsthao, IPV6_TLV_HAO);
312 if (likely(off >= 0)) {
d56f90a7
ACM		 313 hao = (struct ipv6_destopt_hao *)
314 (skb_network_header(skb) + off);
4e3fd7a0
AD		 315 tmp = iph->saddr;
316 iph->saddr = hao->addr;
317 hao->addr = tmp;
79383236
MN		 318 }
319 }
320}
321#else
322static inline void mip6_addr_swap(struct sk_buff *skb) {}
323#endif
324
e8243534 325static struct dst_entry *icmpv6_route_lookup(struct net *net,
326 struct sk_buff *skb,
327 struct sock *sk,
328 struct flowi6 *fl6)
b42835db
DM		 329{
330 struct dst_entry *dst, *dst2;
4c9483b2 331 struct flowi6 fl2;
b42835db
DM		 332 int err;
333
343d60aa 334 err = ip6_dst_lookup(net, sk, &dst, fl6);
b42835db
DM		 335 if (err)
336 return ERR_PTR(err);
337
338 /*
339 * We won't send icmp if the destination is known
340 * anycast.
341 */
2647a9b0 342 if (ipv6_anycast_destination(dst, &fl6->daddr)) {
ba7a46f1 343 net_dbg_ratelimited("icmp6_send: acast source\n");
b42835db
DM		 344 dst_release(dst);
345 return ERR_PTR(-EINVAL);
346 }
347
348 /* No need to clone since we're just using its address. */
349 dst2 = dst;
350
4c9483b2 351 dst = xfrm_lookup(net, dst, flowi6_to_flowi(fl6), sk, 0);
452edd59 352 if (!IS_ERR(dst)) {
b42835db
DM		 353 if (dst != dst2)
354 return dst;
452edd59
DM		 355 } else {
356 if (PTR_ERR(dst) == -EPERM)
357 dst = NULL;
358 else
359 return dst;
b42835db
DM		 360 }
361
4c9483b2 362 err = xfrm_decode_session_reverse(skb, flowi6_to_flowi(&fl2), AF_INET6);
b42835db
DM		 363 if (err)
364 goto relookup_failed;
365
343d60aa 366 err = ip6_dst_lookup(net, sk, &dst2, &fl2);
b42835db
DM		 367 if (err)
368 goto relookup_failed;
369
4c9483b2 370 dst2 = xfrm_lookup(net, dst2, flowi6_to_flowi(&fl2), sk, XFRM_LOOKUP_ICMP);
452edd59 371 if (!IS_ERR(dst2)) {
b42835db
DM		 372 dst_release(dst);
373 dst = dst2;
452edd59
DM		 374 } else {
375 err = PTR_ERR(dst2);
376 if (err == -EPERM) {
377 dst_release(dst);
378 return dst2;
379 } else
380 goto relookup_failed;
b42835db
DM		 381 }
382
383relookup_failed:
384 if (dst)
385 return dst;
386 return ERR_PTR(err);
387}
388
1da177e4
LT		 389/*
390 * Send an ICMP message in response to a packet in error
391 */
b1cadc1a
ED		 392static void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info,
393 const struct in6_addr *force_saddr)
1da177e4 394{
c346dca1 395 struct net *net = dev_net(skb->dev);
1da177e4 396 struct inet6_dev *idev = NULL;
0660e03f 397 struct ipv6hdr *hdr = ipv6_hdr(skb);
84427d53
YH		 398 struct sock *sk;
399 struct ipv6_pinfo *np;
b71d1d42 400 const struct in6_addr *saddr = NULL;
1da177e4
LT		 401 struct dst_entry *dst;
402 struct icmp6hdr tmp_hdr;
4c9483b2 403 struct flowi6 fl6;
1da177e4 404 struct icmpv6_msg msg;
c14ac945 405 struct sockcm_cookie sockc_unused = {0};
26879da5 406 struct ipcm6_cookie ipc6;
1da177e4
LT		 407 int iif = 0;
408 int addr_type = 0;
409 int len;
1da177e4 410 int err = 0;
e110861f 411 u32 mark = IP6_REPLY_MARK(net, skb->mark);
1da177e4 412
27a884dc 413 if ((u8 *)hdr < skb->head ||
29a3cad5 414 (skb_network_header(skb) + sizeof(*hdr)) > skb_tail_pointer(skb))
1da177e4
LT		 415 return;
416
417 /*
1ab1457c 418 * Make sure we respect the rules
1da177e4 419 * i.e. RFC 1885 2.4(e)
5f5624cf 420 * Rule (e.1) is enforced by not using icmp6_send
1da177e4
LT		 421 * in any code that processes icmp errors.
422 */
423 addr_type = ipv6_addr_type(&hdr->daddr);
424
446fab59 425 if (ipv6_chk_addr(net, &hdr->daddr, skb->dev, 0) ||
d94c1f92 426 ipv6_chk_acast_addr_src(net, skb->dev, &hdr->daddr))
1da177e4
LT		 427 saddr = &hdr->daddr;
428
429 /*
430 * Dest addr check
431 */
432
9a6b4b39 433 if (addr_type & IPV6_ADDR_MULTICAST || skb->pkt_type != PACKET_HOST) {
1da177e4 434 if (type != ICMPV6_PKT_TOOBIG &&
1ab1457c
YH		 435 !(type == ICMPV6_PARAMPROB &&
436 code == ICMPV6_UNK_OPTION &&
1da177e4
LT		 437 (opt_unrec(skb, info))))
438 return;
439
440 saddr = NULL;
441 }
442
443 addr_type = ipv6_addr_type(&hdr->saddr);
444
445 /*
446 * Source addr check
447 */
448
842df073 449 if (__ipv6_addr_needs_scope_id(addr_type))
1da177e4 450 iif = skb->dev->ifindex;
79dc7e3f
DA		 451 else {
452 dst = skb_dst(skb);
453 iif = l3mdev_master_ifindex(dst ? dst->dev : skb->dev);
454 }
1da177e4
LT		 455
456 /*
8de3351e
YH		 457 * Must not send error if the source does not uniquely
458 * identify a single node (RFC2463 Section 2.4).
459 * We check unspecified / multicast addresses here,
460 * and anycast addresses will be checked later.
1da177e4
LT		 461 */
462 if ((addr_type == IPV6_ADDR_ANY) || (addr_type & IPV6_ADDR_MULTICAST)) {
4b3418fb
BM		 463 net_dbg_ratelimited("icmp6_send: addr_any/mcast source [%pI6c > %pI6c]\n",
464 &hdr->saddr, &hdr->daddr);
1da177e4
LT		 465 return;
466 }
467
1ab1457c 468 /*
1da177e4
LT		 469 * Never answer to a ICMP packet.
470 */
471 if (is_ineligible(skb)) {
4b3418fb
BM		 472 net_dbg_ratelimited("icmp6_send: no reply to icmp error [%pI6c > %pI6c]\n",
473 &hdr->saddr, &hdr->daddr);
1da177e4
LT		 474 return;
475 }
476
79383236
MN		 477 mip6_addr_swap(skb);
478
4c9483b2
DM		 479 memset(&fl6, 0, sizeof(fl6));
480 fl6.flowi6_proto = IPPROTO_ICMPV6;
4e3fd7a0 481 fl6.daddr = hdr->saddr;
b1cadc1a
ED		 482 if (force_saddr)
483 saddr = force_saddr;
1da177e4 484 if (saddr)
4e3fd7a0 485 fl6.saddr = *saddr;
e110861f 486 fl6.flowi6_mark = mark;
4c9483b2 487 fl6.flowi6_oif = iif;
1958b856
DM		 488 fl6.fl6_icmp_type = type;
489 fl6.fl6_icmp_code = code;
e2d118a1 490 fl6.flowi6_uid = sock_net_uid(net, NULL);
4c9483b2 491 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
1da177e4 492
fdc0bde9 493 sk = icmpv6_xmit_lock(net);
63159f29 494 if (!sk)
405666db 495 return;
e110861f 496 sk->sk_mark = mark;
fdc0bde9 497 np = inet6_sk(sk);
405666db 498
4c9483b2 499 if (!icmpv6_xrlim_allow(sk, type, &fl6))
1da177e4
LT		 500 goto out;
501
502 tmp_hdr.icmp6_type = type;
503 tmp_hdr.icmp6_code = code;
504 tmp_hdr.icmp6_cksum = 0;
505 tmp_hdr.icmp6_pointer = htonl(info);
506
4c9483b2
DM		 507 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
508 fl6.flowi6_oif = np->mcast_oif;
c4062dfc
EH		 509 else if (!fl6.flowi6_oif)
510 fl6.flowi6_oif = np->ucast_oif;
1da177e4 511
38b7097b
HFS		 512 ipc6.tclass = np->tclass;
513 fl6.flowlabel = ip6_make_flowinfo(ipc6.tclass, fl6.flowlabel);
514
4c9483b2 515 dst = icmpv6_route_lookup(net, skb, sk, &fl6);
b42835db 516 if (IS_ERR(dst))
1da177e4 517 goto out;
8de3351e 518
26879da5 519 ipc6.hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst);
26879da5
WW		 520 ipc6.dontfrag = np->dontfrag;
521 ipc6.opt = NULL;
1da177e4
LT		 522
523 msg.skb = skb;
bbe735e4 524 msg.offset = skb_network_offset(skb);
763ecff1 525 msg.type = type;
1da177e4
LT		 526
527 len = skb->len - msg.offset;
67ba4152 528 len = min_t(unsigned int, len, IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(struct icmp6hdr));
1da177e4 529 if (len < 0) {
4b3418fb
BM		 530 net_dbg_ratelimited("icmp: len problem [%pI6c > %pI6c]\n",
531 &hdr->saddr, &hdr->daddr);
1da177e4
LT		 532 goto out_dst_release;
533 }
534
cfdf7647
ED		 535 rcu_read_lock();
536 idev = __in6_dev_get(skb->dev);
1da177e4
LT		 537
538 err = ip6_append_data(sk, icmpv6_getfrag, &msg,
539 len + sizeof(struct icmp6hdr),
26879da5
WW		 540 sizeof(struct icmp6hdr),
541 &ipc6, &fl6, (struct rt6_info *)dst,
542 MSG_DONTWAIT, &sockc_unused);
1da177e4 543 if (err) {
43a43b60 544 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTERRORS);
1da177e4 545 ip6_flush_pending_frames(sk);
cfdf7647
ED		 546 } else {
547 err = icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr,
548 len + sizeof(struct icmp6hdr));
1da177e4 549 }
cfdf7647 550 rcu_read_unlock();
1da177e4
LT		 551out_dst_release:
552 dst_release(dst);
553out:
405666db 554 icmpv6_xmit_unlock(sk);
1da177e4 555}
5f5624cf
PS		 556
557/* Slightly more convenient version of icmp6_send.
558 */
559void icmpv6_param_prob(struct sk_buff *skb, u8 code, int pos)
560{
b1cadc1a 561 icmp6_send(skb, ICMPV6_PARAMPROB, code, pos, NULL);
5f5624cf
PS		 562 kfree_skb(skb);
563}
7159039a 564
5fbba8ac
ED		 565/* Generate icmpv6 with type/code ICMPV6_DEST_UNREACH/ICMPV6_ADDR_UNREACH
566 * if sufficient data bytes are available
567 * @nhs is the size of the tunnel header(s) :
568 * Either an IPv4 header for SIT encap
569 * an IPv4 header + GRE header for GRE encap
570 */
20e1954f
ED		 571int ip6_err_gen_icmpv6_unreach(struct sk_buff *skb, int nhs, int type,
572 unsigned int data_len)
5fbba8ac 573{
2d7a3b27 574 struct in6_addr temp_saddr;
5fbba8ac
ED		 575 struct rt6_info *rt;
576 struct sk_buff *skb2;
20e1954f 577 u32 info = 0;
5fbba8ac
ED		 578
579 if (!pskb_may_pull(skb, nhs + sizeof(struct ipv6hdr) + 8))
580 return 1;
581
20e1954f
ED		 582 /* RFC 4884 (partial) support for ICMP extensions */
583 if (data_len < 128 || (data_len & 7) || skb->len < data_len)
584 data_len = 0;
585
586 skb2 = data_len ? skb_copy(skb, GFP_ATOMIC) : skb_clone(skb, GFP_ATOMIC);
5fbba8ac
ED		 587
588 if (!skb2)
589 return 1;
590
591 skb_dst_drop(skb2);
592 skb_pull(skb2, nhs);
593 skb_reset_network_header(skb2);
594
595 rt = rt6_lookup(dev_net(skb->dev), &ipv6_hdr(skb2)->saddr, NULL, 0, 0);
596
597 if (rt && rt->dst.dev)
598 skb2->dev = rt->dst.dev;
599
2d7a3b27 600 ipv6_addr_set_v4mapped(ip_hdr(skb)->saddr, &temp_saddr);
20e1954f
ED		 601
602 if (data_len) {
603 /* RFC 4884 (partial) support :
604 * insert 0 padding at the end, before the extensions
605 */
606 __skb_push(skb2, nhs);
607 skb_reset_network_header(skb2);
608 memmove(skb2->data, skb2->data + nhs, data_len - nhs);
609 memset(skb2->data + data_len - nhs, 0, nhs);
610 /* RFC 4884 4.5 : Length is measured in 64-bit words,
611 * and stored in reserved[0]
612 */
613 info = (data_len/8) << 24;
614 }
2d7a3b27
ED		 615 if (type == ICMP_TIME_EXCEEDED)
616 icmp6_send(skb2, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT,
20e1954f 617 info, &temp_saddr);
2d7a3b27
ED		 618 else
619 icmp6_send(skb2, ICMPV6_DEST_UNREACH, ICMPV6_ADDR_UNREACH,
20e1954f 620 info, &temp_saddr);
5fbba8ac
ED		 621 if (rt)
622 ip6_rt_put(rt);
623
624 kfree_skb(skb2);
625
626 return 0;
627}
628EXPORT_SYMBOL(ip6_err_gen_icmpv6_unreach);
629
1da177e4
LT		 630static void icmpv6_echo_reply(struct sk_buff *skb)
631{
c346dca1 632 struct net *net = dev_net(skb->dev);
84427d53 633 struct sock *sk;
1da177e4 634 struct inet6_dev *idev;
84427d53 635 struct ipv6_pinfo *np;
b71d1d42 636 const struct in6_addr *saddr = NULL;
cc70ab26 637 struct icmp6hdr *icmph = icmp6_hdr(skb);
1da177e4 638 struct icmp6hdr tmp_hdr;
4c9483b2 639 struct flowi6 fl6;
1da177e4
LT		 640 struct icmpv6_msg msg;
641 struct dst_entry *dst;
26879da5 642 struct ipcm6_cookie ipc6;
1da177e4 643 int err = 0;
e110861f 644 u32 mark = IP6_REPLY_MARK(net, skb->mark);
c14ac945 645 struct sockcm_cookie sockc_unused = {0};
1da177e4 646
0660e03f 647 saddr = &ipv6_hdr(skb)->daddr;
1da177e4 648
509aba3b 649 if (!ipv6_unicast_destination(skb) &&
ec35b61e 650 !(net->ipv6.sysctl.anycast_src_echo_reply &&
2647a9b0 651 ipv6_anycast_destination(skb_dst(skb), saddr)))
1da177e4
LT		 652 saddr = NULL;
653
654 memcpy(&tmp_hdr, icmph, sizeof(tmp_hdr));
655 tmp_hdr.icmp6_type = ICMPV6_ECHO_REPLY;
656
4c9483b2
DM		 657 memset(&fl6, 0, sizeof(fl6));
658 fl6.flowi6_proto = IPPROTO_ICMPV6;
4e3fd7a0 659 fl6.daddr = ipv6_hdr(skb)->saddr;
1da177e4 660 if (saddr)
4e3fd7a0 661 fl6.saddr = *saddr;
9ff74384 662 fl6.flowi6_oif = skb->dev->ifindex;
1958b856 663 fl6.fl6_icmp_type = ICMPV6_ECHO_REPLY;
e110861f 664 fl6.flowi6_mark = mark;
e2d118a1 665 fl6.flowi6_uid = sock_net_uid(net, NULL);
4c9483b2 666 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
1da177e4 667
fdc0bde9 668 sk = icmpv6_xmit_lock(net);
63159f29 669 if (!sk)
405666db 670 return;
e110861f 671 sk->sk_mark = mark;
fdc0bde9 672 np = inet6_sk(sk);
405666db 673
4c9483b2
DM		 674 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
675 fl6.flowi6_oif = np->mcast_oif;
c4062dfc
EH		 676 else if (!fl6.flowi6_oif)
677 fl6.flowi6_oif = np->ucast_oif;
1da177e4 678
343d60aa 679 err = ip6_dst_lookup(net, sk, &dst, &fl6);
1da177e4
LT		 680 if (err)
681 goto out;
4c9483b2 682 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), sk, 0);
452edd59 683 if (IS_ERR(dst))
e104411b 684 goto out;
1da177e4 685
cfdf7647 686 idev = __in6_dev_get(skb->dev);
1da177e4
LT		 687
688 msg.skb = skb;
689 msg.offset = 0;
763ecff1 690 msg.type = ICMPV6_ECHO_REPLY;
1da177e4 691
26879da5
WW		 692 ipc6.hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst);
693 ipc6.tclass = ipv6_get_dsfield(ipv6_hdr(skb));
694 ipc6.dontfrag = np->dontfrag;
695 ipc6.opt = NULL;
696
1da177e4 697 err = ip6_append_data(sk, icmpv6_getfrag, &msg, skb->len + sizeof(struct icmp6hdr),
26879da5 698 sizeof(struct icmp6hdr), &ipc6, &fl6,
a2d91a09 699 (struct rt6_info *)dst, MSG_DONTWAIT,
26879da5 700 &sockc_unused);
1da177e4
LT		 701
702 if (err) {
a16292a0 703 __ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTERRORS);
1da177e4 704 ip6_flush_pending_frames(sk);
cfdf7647
ED		 705 } else {
706 err = icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr,
707 skb->len + sizeof(struct icmp6hdr));
1da177e4 708 }
1da177e4 709 dst_release(dst);
1ab1457c 710out:
405666db 711 icmpv6_xmit_unlock(sk);
1da177e4
LT		 712}
713
b94f1c09 714void icmpv6_notify(struct sk_buff *skb, u8 type, u8 code, __be32 info)
1da177e4 715{
41135cc8 716 const struct inet6_protocol *ipprot;
1da177e4 717 int inner_offset;
75f2811c 718 __be16 frag_off;
f9242b6b 719 u8 nexthdr;
7304fe46 720 struct net *net = dev_net(skb->dev);
1da177e4
LT		 721
722 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
7304fe46 723 goto out;
1da177e4
LT		 724
725 nexthdr = ((struct ipv6hdr *)skb->data)->nexthdr;
726 if (ipv6_ext_hdr(nexthdr)) {
727 /* now skip over extension headers */
75f2811c
JG		 728 inner_offset = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr),
729 &nexthdr, &frag_off);
67ba4152 730 if (inner_offset < 0)
7304fe46 731 goto out;
1da177e4
LT		 732 } else {
733 inner_offset = sizeof(struct ipv6hdr);
734 }
735
736 /* Checkin header including 8 bytes of inner protocol header. */
737 if (!pskb_may_pull(skb, inner_offset+8))
7304fe46 738 goto out;
1da177e4 739
1da177e4
LT		 740 /* BUGGG_FUTURE: we should try to parse exthdrs in this packet.
741 Without this we will not able f.e. to make source routed
742 pmtu discovery.
743 Corresponding argument (opt) to notifiers is already added.
744 --ANK (980726)
745 */
746
f9242b6b 747 ipprot = rcu_dereference(inet6_protos[nexthdr]);
1da177e4
LT		 748 if (ipprot && ipprot->err_handler)
749 ipprot->err_handler(skb, NULL, type, code, inner_offset, info);
1da177e4 750
69d6da0b 751 raw6_icmp_error(skb, nexthdr, type, code, inner_offset, info);
7304fe46
DJ		 752 return;
753
754out:
a16292a0 755 __ICMP6_INC_STATS(net, __in6_dev_get(skb->dev), ICMP6_MIB_INERRORS);
1da177e4 756}
1ab1457c 757
1da177e4
LT		 758/*
759 * Handle icmp messages
760 */
761
e5bbef20 762static int icmpv6_rcv(struct sk_buff *skb)
1da177e4 763{
1da177e4
LT		 764 struct net_device *dev = skb->dev;
765 struct inet6_dev *idev = __in6_dev_get(dev);
b71d1d42 766 const struct in6_addr *saddr, *daddr;
1da177e4 767 struct icmp6hdr *hdr;
d5fdd6ba 768 u8 type;
e3e32170 769 bool success = false;
1da177e4 770
aebcf82c 771 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
def8b4fa 772 struct sec_path *sp = skb_sec_path(skb);
8b7817f3
HX		 773 int nh;
774
def8b4fa 775 if (!(sp && sp->xvec[sp->len - 1]->props.flags &
aebcf82c
HX		 776 XFRM_STATE_ICMP))
777 goto drop_no_count;
778
81aded24 779 if (!pskb_may_pull(skb, sizeof(*hdr) + sizeof(struct ipv6hdr)))
8b7817f3
HX		 780 goto drop_no_count;
781
782 nh = skb_network_offset(skb);
783 skb_set_network_header(skb, sizeof(*hdr));
784
785 if (!xfrm6_policy_check_reverse(NULL, XFRM_POLICY_IN, skb))
786 goto drop_no_count;
787
788 skb_set_network_header(skb, nh);
789 }
790
a16292a0 791 __ICMP6_INC_STATS(dev_net(dev), idev, ICMP6_MIB_INMSGS);
1da177e4 792
0660e03f
ACM		 793 saddr = &ipv6_hdr(skb)->saddr;
794 daddr = &ipv6_hdr(skb)->daddr;
1da177e4 795
39471ac8 796 if (skb_checksum_validate(skb, IPPROTO_ICMPV6, ip6_compute_pseudo)) {
ba7a46f1
JP		 797 net_dbg_ratelimited("ICMPv6 checksum failed [%pI6c > %pI6c]\n",
798 saddr, daddr);
39471ac8 799 goto csum_error;
1da177e4
LT		 800 }
801
8cf22943
HX		 802 if (!pskb_pull(skb, sizeof(*hdr)))
803 goto discard_it;
1da177e4 804
cc70ab26 805 hdr = icmp6_hdr(skb);
1da177e4
LT		 806
807 type = hdr->icmp6_type;
808
f3832ed2 809 ICMP6MSGIN_INC_STATS(dev_net(dev), idev, type);
1da177e4
LT		 810
811 switch (type) {
812 case ICMPV6_ECHO_REQUEST:
813 icmpv6_echo_reply(skb);
814 break;
815
816 case ICMPV6_ECHO_REPLY:
e3e32170 817 success = ping_rcv(skb);
1da177e4
LT		 818 break;
819
820 case ICMPV6_PKT_TOOBIG:
821 /* BUGGG_FUTURE: if packet contains rthdr, we cannot update
822 standard destination cache. Seems, only "advanced"
823 destination cache will allow to solve this problem
824 --ANK (980726)
825 */
826 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
827 goto discard_it;
cc70ab26 828 hdr = icmp6_hdr(skb);
1da177e4
LT		 829
830 /*
831 * Drop through to notify
832 */
833
834 case ICMPV6_DEST_UNREACH:
835 case ICMPV6_TIME_EXCEED:
836 case ICMPV6_PARAMPROB:
837 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu);
838 break;
839
840 case NDISC_ROUTER_SOLICITATION:
841 case NDISC_ROUTER_ADVERTISEMENT:
842 case NDISC_NEIGHBOUR_SOLICITATION:
843 case NDISC_NEIGHBOUR_ADVERTISEMENT:
844 case NDISC_REDIRECT:
845 ndisc_rcv(skb);
846 break;
847
848 case ICMPV6_MGM_QUERY:
849 igmp6_event_query(skb);
850 break;
851
852 case ICMPV6_MGM_REPORT:
853 igmp6_event_report(skb);
854 break;
855
856 case ICMPV6_MGM_REDUCTION:
857 case ICMPV6_NI_QUERY:
858 case ICMPV6_NI_REPLY:
859 case ICMPV6_MLD2_REPORT:
860 case ICMPV6_DHAAD_REQUEST:
861 case ICMPV6_DHAAD_REPLY:
862 case ICMPV6_MOBILE_PREFIX_SOL:
863 case ICMPV6_MOBILE_PREFIX_ADV:
864 break;
865
866 default:
1da177e4
LT		 867 /* informational */
868 if (type & ICMPV6_INFOMSG_MASK)
869 break;
870
4b3418fb
BM		 871 net_dbg_ratelimited("icmpv6: msg of unknown type [%pI6c > %pI6c]\n",
872 saddr, daddr);
ea85a0a2 873
1ab1457c
YH		 874 /*
875 * error of unknown type.
876 * must pass to upper level
1da177e4
LT		 877 */
878
879 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu);
3ff50b79
SH		 880 }
881
e3e32170
RJ		 882 /* until the v6 path can be better sorted assume failure and
883 * preserve the status quo behaviour for the rest of the paths to here
884 */
885 if (success)
886 consume_skb(skb);
887 else
888 kfree_skb(skb);
889
1da177e4
LT		 890 return 0;
891
6a5dc9e5 892csum_error:
a16292a0 893 __ICMP6_INC_STATS(dev_net(dev), idev, ICMP6_MIB_CSUMERRORS);
1da177e4 894discard_it:
a16292a0 895 __ICMP6_INC_STATS(dev_net(dev), idev, ICMP6_MIB_INERRORS);
8b7817f3 896drop_no_count:
1da177e4
LT		 897 kfree_skb(skb);
898 return 0;
899}
900
4c9483b2 901void icmpv6_flow_init(struct sock *sk, struct flowi6 *fl6,
95e41e93
YH		 902 u8 type,
903 const struct in6_addr *saddr,
904 const struct in6_addr *daddr,
905 int oif)
906{
4c9483b2 907 memset(fl6, 0, sizeof(*fl6));
4e3fd7a0
AD		 908 fl6->saddr = *saddr;
909 fl6->daddr = *daddr;
67ba4152 910 fl6->flowi6_proto = IPPROTO_ICMPV6;
1958b856
DM		 911 fl6->fl6_icmp_type = type;
912 fl6->fl6_icmp_code = 0;
4c9483b2
DM		 913 fl6->flowi6_oif = oif;
914 security_sk_classify_flow(sk, flowi6_to_flowi(fl6));
95e41e93
YH		 915}
916
98c6d1b2 917static int __net_init icmpv6_sk_init(struct net *net)
1da177e4
LT		 918{
919 struct sock *sk;
920 int err, i, j;
921
98c6d1b2
DL		 922 net->ipv6.icmp_sk =
923 kzalloc(nr_cpu_ids * sizeof(struct sock *), GFP_KERNEL);
63159f29 924 if (!net->ipv6.icmp_sk)
79c91159
DL		 925 return -ENOMEM;
926
6f912042 927 for_each_possible_cpu(i) {
1ed8516f
DL		 928 err = inet_ctl_sock_create(&sk, PF_INET6,
929 SOCK_RAW, IPPROTO_ICMPV6, net);
1da177e4 930 if (err < 0) {
f3213831 931 pr_err("Failed to initialize the ICMP6 control socket (err %d)\n",
1da177e4
LT		 932 err);
933 goto fail;
934 }
935
1ed8516f 936 net->ipv6.icmp_sk[i] = sk;
5c8cafd6 937
1da177e4
LT		 938 /* Enough space for 2 64K ICMP packets, including
939 * sk_buff struct overhead.
940 */
87fb4b7b 941 sk->sk_sndbuf = 2 * SKB_TRUESIZE(64 * 1024);
1da177e4 942 }
1da177e4
LT		 943 return 0;
944
945 fail:
5c8cafd6 946 for (j = 0; j < i; j++)
1ed8516f 947 inet_ctl_sock_destroy(net->ipv6.icmp_sk[j]);
98c6d1b2 948 kfree(net->ipv6.icmp_sk);
1da177e4
LT		 949 return err;
950}
951
98c6d1b2 952static void __net_exit icmpv6_sk_exit(struct net *net)
1da177e4
LT		 953{
954 int i;
955
6f912042 956 for_each_possible_cpu(i) {
1ed8516f 957 inet_ctl_sock_destroy(net->ipv6.icmp_sk[i]);
1da177e4 958 }
98c6d1b2
DL		 959 kfree(net->ipv6.icmp_sk);
960}
961
8ed7edce 962static struct pernet_operations icmpv6_sk_ops = {
67ba4152
IM		 963 .init = icmpv6_sk_init,
964 .exit = icmpv6_sk_exit,
98c6d1b2
DL		 965};
966
967int __init icmpv6_init(void)
968{
969 int err;
970
971 err = register_pernet_subsys(&icmpv6_sk_ops);
972 if (err < 0)
973 return err;
974
975 err = -EAGAIN;
976 if (inet6_add_protocol(&icmpv6_protocol, IPPROTO_ICMPV6) < 0)
977 goto fail;
5f5624cf
PS		 978
979 err = inet6_register_icmp_sender(icmp6_send);
980 if (err)
981 goto sender_reg_err;
98c6d1b2
DL		 982 return 0;
983
5f5624cf
PS		 984sender_reg_err:
985 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6);
98c6d1b2 986fail:
f3213831 987 pr_err("Failed to register ICMP6 protocol\n");
98c6d1b2
DL		 988 unregister_pernet_subsys(&icmpv6_sk_ops);
989 return err;
990}
991
8ed7edce 992void icmpv6_cleanup(void)
98c6d1b2 993{
5f5624cf 994 inet6_unregister_icmp_sender(icmp6_send);
98c6d1b2 995 unregister_pernet_subsys(&icmpv6_sk_ops);
1da177e4
LT		 996 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6);
997}
998
98c6d1b2 999
9b5b5cff 1000static const struct icmp6_err {
1da177e4
LT		 1001 int err;
1002 int fatal;
1003} tab_unreach[] = {
1004 { /* NOROUTE */
1005 .err = ENETUNREACH,
1006 .fatal = 0,
1007 },
1008 { /* ADM_PROHIBITED */
1009 .err = EACCES,
1010 .fatal = 1,
1011 },
1012 { /* Was NOT_NEIGHBOUR, now reserved */
1013 .err = EHOSTUNREACH,
1014 .fatal = 0,
1015 },
1016 { /* ADDR_UNREACH */
1017 .err = EHOSTUNREACH,
1018 .fatal = 0,
1019 },
1020 { /* PORT_UNREACH */
1021 .err = ECONNREFUSED,
1022 .fatal = 1,
1023 },
61e76b17
JB		 1024 { /* POLICY_FAIL */
1025 .err = EACCES,
1026 .fatal = 1,
1027 },
1028 { /* REJECT_ROUTE */
1029 .err = EACCES,
1030 .fatal = 1,
1031 },
1da177e4
LT		 1032};
1033
d5fdd6ba 1034int icmpv6_err_convert(u8 type, u8 code, int *err)
1da177e4
LT		 1035{
1036 int fatal = 0;
1037
1038 *err = EPROTO;
1039
1040 switch (type) {
1041 case ICMPV6_DEST_UNREACH:
1042 fatal = 1;
61e76b17 1043 if (code < ARRAY_SIZE(tab_unreach)) {
1da177e4
LT		 1044 *err = tab_unreach[code].err;
1045 fatal = tab_unreach[code].fatal;
1046 }
1047 break;
1048
1049 case ICMPV6_PKT_TOOBIG:
1050 *err = EMSGSIZE;
1051 break;
1ab1457c 1052
1da177e4
LT		 1053 case ICMPV6_PARAMPROB:
1054 *err = EPROTO;
1055 fatal = 1;
1056 break;
1057
1058 case ICMPV6_TIME_EXCEED:
1059 *err = EHOSTUNREACH;
1060 break;
3ff50b79 1061 }
1da177e4
LT		 1062
1063 return fatal;
1064}
7159039a
YH		 1065EXPORT_SYMBOL(icmpv6_err_convert);
1066
1da177e4 1067#ifdef CONFIG_SYSCTL
e8243534 1068static struct ctl_table ipv6_icmp_table_template[] = {
1da177e4 1069 {
1da177e4 1070 .procname = "ratelimit",
41a76906 1071 .data = &init_net.ipv6.sysctl.icmpv6_time,
1da177e4
LT		 1072 .maxlen = sizeof(int),
1073 .mode = 0644,
6d9f239a 1074 .proc_handler = proc_dointvec_ms_jiffies,
1da177e4 1075 },
f8572d8f 1076 { },
1da177e4 1077};
760f2d01 1078
2c8c1e72 1079struct ctl_table * __net_init ipv6_icmp_sysctl_init(struct net *net)
760f2d01
DL		 1080{
1081 struct ctl_table *table;
1082
1083 table = kmemdup(ipv6_icmp_table_template,
1084 sizeof(ipv6_icmp_table_template),
1085 GFP_KERNEL);
5ee09105 1086
c027aab4 1087 if (table)
5ee09105
YH		 1088 table[0].data = &net->ipv6.sysctl.icmpv6_time;
1089
760f2d01
DL		 1090 return table;
1091}
1da177e4 1092#endif
ubuntu-bionic-kernel mirror