]>
Commit | Line | Data |
---|---|---|
1da177e4 LT |
1 | /* |
2 | * Internet Control Message Protocol (ICMPv6) | |
3 | * Linux INET6 implementation | |
4 | * | |
5 | * Authors: | |
6 | * Pedro Roque <roque@di.fc.ul.pt> | |
7 | * | |
1da177e4 LT |
8 | * Based on net/ipv4/icmp.c |
9 | * | |
10 | * RFC 1885 | |
11 | * | |
12 | * This program is free software; you can redistribute it and/or | |
13 | * modify it under the terms of the GNU General Public License | |
14 | * as published by the Free Software Foundation; either version | |
15 | * 2 of the License, or (at your option) any later version. | |
16 | */ | |
17 | ||
18 | /* | |
19 | * Changes: | |
20 | * | |
21 | * Andi Kleen : exception handling | |
22 | * Andi Kleen add rate limits. never reply to a icmp. | |
23 | * add more length checks and other fixes. | |
24 | * yoshfuji : ensure to sent parameter problem for | |
25 | * fragments. | |
26 | * YOSHIFUJI Hideaki @USAGI: added sysctl for icmp rate limit. | |
27 | * Randy Dunlap and | |
28 | * YOSHIFUJI Hideaki @USAGI: Per-interface statistics support | |
29 | * Kazunori MIYAZAWA @USAGI: change output process to use ip6_append_data | |
30 | */ | |
31 | ||
f3213831 JP |
32 | #define pr_fmt(fmt) "IPv6: " fmt |
33 | ||
1da177e4 LT |
34 | #include <linux/module.h> |
35 | #include <linux/errno.h> | |
36 | #include <linux/types.h> | |
37 | #include <linux/socket.h> | |
38 | #include <linux/in.h> | |
39 | #include <linux/kernel.h> | |
1da177e4 LT |
40 | #include <linux/sockios.h> |
41 | #include <linux/net.h> | |
42 | #include <linux/skbuff.h> | |
43 | #include <linux/init.h> | |
763ecff1 | 44 | #include <linux/netfilter.h> |
5a0e3ad6 | 45 | #include <linux/slab.h> |
1da177e4 LT |
46 | |
47 | #ifdef CONFIG_SYSCTL | |
48 | #include <linux/sysctl.h> | |
49 | #endif | |
50 | ||
51 | #include <linux/inet.h> | |
52 | #include <linux/netdevice.h> | |
53 | #include <linux/icmpv6.h> | |
54 | ||
55 | #include <net/ip.h> | |
56 | #include <net/sock.h> | |
57 | ||
58 | #include <net/ipv6.h> | |
59 | #include <net/ip6_checksum.h> | |
6d0bfe22 | 60 | #include <net/ping.h> |
1da177e4 LT |
61 | #include <net/protocol.h> |
62 | #include <net/raw.h> | |
63 | #include <net/rawv6.h> | |
64 | #include <net/transp_v6.h> | |
65 | #include <net/ip6_route.h> | |
66 | #include <net/addrconf.h> | |
67 | #include <net/icmp.h> | |
8b7817f3 | 68 | #include <net/xfrm.h> |
1ed8516f | 69 | #include <net/inet_common.h> |
825edac4 | 70 | #include <net/dsfield.h> |
ca254490 | 71 | #include <net/l3mdev.h> |
1da177e4 | 72 | |
7c0f6ba6 | 73 | #include <linux/uaccess.h> |
1da177e4 | 74 | |
1da177e4 LT |
75 | /* |
76 | * The ICMP socket(s). This is the most convenient way to flow control | |
77 | * our ICMP output as well as maintain a clean interface throughout | |
78 | * all layers. All Socketless IP sends will soon be gone. | |
79 | * | |
80 | * On SMP we have one ICMP socket per-cpu. | |
81 | */ | |
98c6d1b2 DL |
82 | static inline struct sock *icmpv6_sk(struct net *net) |
83 | { | |
84 | return net->ipv6.icmp_sk[smp_processor_id()]; | |
85 | } | |
1da177e4 | 86 | |
6f809da2 SK |
87 | static void icmpv6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, |
88 | u8 type, u8 code, int offset, __be32 info) | |
89 | { | |
6d0bfe22 LC |
90 | /* icmpv6_notify checks 8 bytes can be pulled, icmp6hdr is 8 bytes */ |
91 | struct icmp6hdr *icmp6 = (struct icmp6hdr *) (skb->data + offset); | |
6f809da2 SK |
92 | struct net *net = dev_net(skb->dev); |
93 | ||
94 | if (type == ICMPV6_PKT_TOOBIG) | |
e2d118a1 | 95 | ip6_update_pmtu(skb, net, info, 0, 0, sock_net_uid(net, NULL)); |
6f809da2 | 96 | else if (type == NDISC_REDIRECT) |
e2d118a1 LC |
97 | ip6_redirect(skb, net, skb->dev->ifindex, 0, |
98 | sock_net_uid(net, NULL)); | |
6d0bfe22 LC |
99 | |
100 | if (!(type & ICMPV6_INFOMSG_MASK)) | |
101 | if (icmp6->icmp6_type == ICMPV6_ECHO_REQUEST) | |
dcb94b88 | 102 | ping_err(skb, offset, ntohl(info)); |
6f809da2 SK |
103 | } |
104 | ||
e5bbef20 | 105 | static int icmpv6_rcv(struct sk_buff *skb); |
1da177e4 | 106 | |
41135cc8 | 107 | static const struct inet6_protocol icmpv6_protocol = { |
1da177e4 | 108 | .handler = icmpv6_rcv, |
6f809da2 | 109 | .err_handler = icmpv6_err, |
8b7817f3 | 110 | .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL, |
1da177e4 LT |
111 | }; |
112 | ||
7ba91ecb | 113 | /* Called with BH disabled */ |
fdc0bde9 | 114 | static __inline__ struct sock *icmpv6_xmit_lock(struct net *net) |
1da177e4 | 115 | { |
fdc0bde9 DL |
116 | struct sock *sk; |
117 | ||
fdc0bde9 | 118 | sk = icmpv6_sk(net); |
405666db | 119 | if (unlikely(!spin_trylock(&sk->sk_lock.slock))) { |
1da177e4 LT |
120 | /* This can happen if the output path (f.e. SIT or |
121 | * ip6ip6 tunnel) signals dst_link_failure() for an | |
122 | * outgoing ICMP6 packet. | |
123 | */ | |
fdc0bde9 | 124 | return NULL; |
1da177e4 | 125 | } |
fdc0bde9 | 126 | return sk; |
1da177e4 LT |
127 | } |
128 | ||
405666db | 129 | static __inline__ void icmpv6_xmit_unlock(struct sock *sk) |
1da177e4 | 130 | { |
7ba91ecb | 131 | spin_unlock(&sk->sk_lock.slock); |
1da177e4 LT |
132 | } |
133 | ||
1da177e4 LT |
134 | /* |
135 | * Figure out, may we reply to this packet with icmp error. | |
136 | * | |
137 | * We do not reply, if: | |
138 | * - it was icmp error message. | |
139 | * - it is truncated, so that it is known, that protocol is ICMPV6 | |
140 | * (i.e. in the middle of some exthdr) | |
141 | * | |
142 | * --ANK (980726) | |
143 | */ | |
144 | ||
a50feda5 | 145 | static bool is_ineligible(const struct sk_buff *skb) |
1da177e4 | 146 | { |
0660e03f | 147 | int ptr = (u8 *)(ipv6_hdr(skb) + 1) - skb->data; |
1da177e4 | 148 | int len = skb->len - ptr; |
0660e03f | 149 | __u8 nexthdr = ipv6_hdr(skb)->nexthdr; |
75f2811c | 150 | __be16 frag_off; |
1da177e4 LT |
151 | |
152 | if (len < 0) | |
a50feda5 | 153 | return true; |
1da177e4 | 154 | |
75f2811c | 155 | ptr = ipv6_skip_exthdr(skb, ptr, &nexthdr, &frag_off); |
1da177e4 | 156 | if (ptr < 0) |
a50feda5 | 157 | return false; |
1da177e4 LT |
158 | if (nexthdr == IPPROTO_ICMPV6) { |
159 | u8 _type, *tp; | |
160 | tp = skb_header_pointer(skb, | |
161 | ptr+offsetof(struct icmp6hdr, icmp6_type), | |
162 | sizeof(_type), &_type); | |
63159f29 | 163 | if (!tp || !(*tp & ICMPV6_INFOMSG_MASK)) |
a50feda5 | 164 | return true; |
1da177e4 | 165 | } |
a50feda5 | 166 | return false; |
1da177e4 LT |
167 | } |
168 | ||
c0303efe JDB |
169 | static bool icmpv6_mask_allow(int type) |
170 | { | |
171 | /* Informational messages are not limited. */ | |
172 | if (type & ICMPV6_INFOMSG_MASK) | |
173 | return true; | |
174 | ||
175 | /* Do not limit pmtu discovery, it would break it. */ | |
176 | if (type == ICMPV6_PKT_TOOBIG) | |
177 | return true; | |
178 | ||
179 | return false; | |
180 | } | |
181 | ||
182 | static bool icmpv6_global_allow(int type) | |
183 | { | |
184 | if (icmpv6_mask_allow(type)) | |
185 | return true; | |
186 | ||
187 | if (icmp_global_allow()) | |
188 | return true; | |
189 | ||
190 | return false; | |
191 | } | |
192 | ||
1ab1457c YH |
193 | /* |
194 | * Check the ICMP output rate limit | |
1da177e4 | 195 | */ |
4cdf507d ED |
196 | static bool icmpv6_xrlim_allow(struct sock *sk, u8 type, |
197 | struct flowi6 *fl6) | |
1da177e4 | 198 | { |
3b1e0a65 | 199 | struct net *net = sock_net(sk); |
4cdf507d | 200 | struct dst_entry *dst; |
92d86829 | 201 | bool res = false; |
1da177e4 | 202 | |
c0303efe | 203 | if (icmpv6_mask_allow(type)) |
92d86829 | 204 | return true; |
1da177e4 | 205 | |
1ab1457c | 206 | /* |
1da177e4 LT |
207 | * Look up the output route. |
208 | * XXX: perhaps the expire for routing entries cloned by | |
209 | * this lookup should be more aggressive (not longer than timeout). | |
210 | */ | |
4c9483b2 | 211 | dst = ip6_route_output(net, sk, fl6); |
1da177e4 | 212 | if (dst->error) { |
3bd653c8 | 213 | IP6_INC_STATS(net, ip6_dst_idev(dst), |
a11d206d | 214 | IPSTATS_MIB_OUTNOROUTES); |
1da177e4 | 215 | } else if (dst->dev && (dst->dev->flags&IFF_LOOPBACK)) { |
92d86829 | 216 | res = true; |
1da177e4 LT |
217 | } else { |
218 | struct rt6_info *rt = (struct rt6_info *)dst; | |
9a43b709 | 219 | int tmo = net->ipv6.sysctl.icmpv6_time; |
c0303efe | 220 | struct inet_peer *peer; |
1da177e4 LT |
221 | |
222 | /* Give more bandwidth to wider prefixes. */ | |
223 | if (rt->rt6i_dst.plen < 128) | |
224 | tmo >>= ((128 - rt->rt6i_dst.plen)>>5); | |
225 | ||
c0303efe JDB |
226 | peer = inet_getpeer_v6(net->ipv6.peers, &fl6->daddr, 1); |
227 | res = inet_peer_xrlim_allow(peer, tmo); | |
228 | if (peer) | |
229 | inet_putpeer(peer); | |
1da177e4 LT |
230 | } |
231 | dst_release(dst); | |
232 | return res; | |
233 | } | |
234 | ||
235 | /* | |
236 | * an inline helper for the "simple" if statement below | |
237 | * checks if parameter problem report is caused by an | |
1ab1457c | 238 | * unrecognized IPv6 option that has the Option Type |
1da177e4 LT |
239 | * highest-order two bits set to 10 |
240 | */ | |
241 | ||
a50feda5 | 242 | static bool opt_unrec(struct sk_buff *skb, __u32 offset) |
1da177e4 LT |
243 | { |
244 | u8 _optval, *op; | |
245 | ||
bbe735e4 | 246 | offset += skb_network_offset(skb); |
1da177e4 | 247 | op = skb_header_pointer(skb, offset, sizeof(_optval), &_optval); |
63159f29 | 248 | if (!op) |
a50feda5 | 249 | return true; |
1da177e4 LT |
250 | return (*op & 0xC0) == 0x80; |
251 | } | |
252 | ||
4e64b1ed JP |
253 | void icmpv6_push_pending_frames(struct sock *sk, struct flowi6 *fl6, |
254 | struct icmp6hdr *thdr, int len) | |
1da177e4 LT |
255 | { |
256 | struct sk_buff *skb; | |
257 | struct icmp6hdr *icmp6h; | |
1da177e4 | 258 | |
e5d08d71 | 259 | skb = skb_peek(&sk->sk_write_queue); |
63159f29 | 260 | if (!skb) |
4e64b1ed | 261 | return; |
1da177e4 | 262 | |
cc70ab26 | 263 | icmp6h = icmp6_hdr(skb); |
1da177e4 LT |
264 | memcpy(icmp6h, thdr, sizeof(struct icmp6hdr)); |
265 | icmp6h->icmp6_cksum = 0; | |
266 | ||
267 | if (skb_queue_len(&sk->sk_write_queue) == 1) { | |
07f0757a | 268 | skb->csum = csum_partial(icmp6h, |
1da177e4 | 269 | sizeof(struct icmp6hdr), skb->csum); |
4c9483b2 DM |
270 | icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr, |
271 | &fl6->daddr, | |
272 | len, fl6->flowi6_proto, | |
1da177e4 LT |
273 | skb->csum); |
274 | } else { | |
868c86bc | 275 | __wsum tmp_csum = 0; |
1da177e4 LT |
276 | |
277 | skb_queue_walk(&sk->sk_write_queue, skb) { | |
278 | tmp_csum = csum_add(tmp_csum, skb->csum); | |
279 | } | |
280 | ||
07f0757a | 281 | tmp_csum = csum_partial(icmp6h, |
1da177e4 | 282 | sizeof(struct icmp6hdr), tmp_csum); |
4c9483b2 DM |
283 | icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr, |
284 | &fl6->daddr, | |
285 | len, fl6->flowi6_proto, | |
868c86bc | 286 | tmp_csum); |
1da177e4 | 287 | } |
1da177e4 | 288 | ip6_push_pending_frames(sk); |
1da177e4 LT |
289 | } |
290 | ||
291 | struct icmpv6_msg { | |
292 | struct sk_buff *skb; | |
293 | int offset; | |
763ecff1 | 294 | uint8_t type; |
1da177e4 LT |
295 | }; |
296 | ||
297 | static int icmpv6_getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb) | |
298 | { | |
299 | struct icmpv6_msg *msg = (struct icmpv6_msg *) from; | |
300 | struct sk_buff *org_skb = msg->skb; | |
5f92a738 | 301 | __wsum csum = 0; |
1da177e4 LT |
302 | |
303 | csum = skb_copy_and_csum_bits(org_skb, msg->offset + offset, | |
304 | to, len, csum); | |
305 | skb->csum = csum_block_add(skb->csum, csum, odd); | |
763ecff1 YK |
306 | if (!(msg->type & ICMPV6_INFOMSG_MASK)) |
307 | nf_ct_attach(skb, org_skb); | |
1da177e4 LT |
308 | return 0; |
309 | } | |
310 | ||
07a93626 | 311 | #if IS_ENABLED(CONFIG_IPV6_MIP6) |
79383236 MN |
312 | static void mip6_addr_swap(struct sk_buff *skb) |
313 | { | |
0660e03f | 314 | struct ipv6hdr *iph = ipv6_hdr(skb); |
79383236 MN |
315 | struct inet6_skb_parm *opt = IP6CB(skb); |
316 | struct ipv6_destopt_hao *hao; | |
317 | struct in6_addr tmp; | |
318 | int off; | |
319 | ||
320 | if (opt->dsthao) { | |
321 | off = ipv6_find_tlv(skb, opt->dsthao, IPV6_TLV_HAO); | |
322 | if (likely(off >= 0)) { | |
d56f90a7 ACM |
323 | hao = (struct ipv6_destopt_hao *) |
324 | (skb_network_header(skb) + off); | |
4e3fd7a0 AD |
325 | tmp = iph->saddr; |
326 | iph->saddr = hao->addr; | |
327 | hao->addr = tmp; | |
79383236 MN |
328 | } |
329 | } | |
330 | } | |
331 | #else | |
332 | static inline void mip6_addr_swap(struct sk_buff *skb) {} | |
333 | #endif | |
334 | ||
e8243534 | 335 | static struct dst_entry *icmpv6_route_lookup(struct net *net, |
336 | struct sk_buff *skb, | |
337 | struct sock *sk, | |
338 | struct flowi6 *fl6) | |
b42835db DM |
339 | { |
340 | struct dst_entry *dst, *dst2; | |
4c9483b2 | 341 | struct flowi6 fl2; |
b42835db DM |
342 | int err; |
343 | ||
343d60aa | 344 | err = ip6_dst_lookup(net, sk, &dst, fl6); |
b42835db DM |
345 | if (err) |
346 | return ERR_PTR(err); | |
347 | ||
348 | /* | |
349 | * We won't send icmp if the destination is known | |
350 | * anycast. | |
351 | */ | |
2647a9b0 | 352 | if (ipv6_anycast_destination(dst, &fl6->daddr)) { |
ba7a46f1 | 353 | net_dbg_ratelimited("icmp6_send: acast source\n"); |
b42835db DM |
354 | dst_release(dst); |
355 | return ERR_PTR(-EINVAL); | |
356 | } | |
357 | ||
358 | /* No need to clone since we're just using its address. */ | |
359 | dst2 = dst; | |
360 | ||
4c9483b2 | 361 | dst = xfrm_lookup(net, dst, flowi6_to_flowi(fl6), sk, 0); |
452edd59 | 362 | if (!IS_ERR(dst)) { |
b42835db DM |
363 | if (dst != dst2) |
364 | return dst; | |
452edd59 DM |
365 | } else { |
366 | if (PTR_ERR(dst) == -EPERM) | |
367 | dst = NULL; | |
368 | else | |
369 | return dst; | |
b42835db DM |
370 | } |
371 | ||
4c9483b2 | 372 | err = xfrm_decode_session_reverse(skb, flowi6_to_flowi(&fl2), AF_INET6); |
b42835db DM |
373 | if (err) |
374 | goto relookup_failed; | |
375 | ||
343d60aa | 376 | err = ip6_dst_lookup(net, sk, &dst2, &fl2); |
b42835db DM |
377 | if (err) |
378 | goto relookup_failed; | |
379 | ||
4c9483b2 | 380 | dst2 = xfrm_lookup(net, dst2, flowi6_to_flowi(&fl2), sk, XFRM_LOOKUP_ICMP); |
452edd59 | 381 | if (!IS_ERR(dst2)) { |
b42835db DM |
382 | dst_release(dst); |
383 | dst = dst2; | |
452edd59 DM |
384 | } else { |
385 | err = PTR_ERR(dst2); | |
386 | if (err == -EPERM) { | |
387 | dst_release(dst); | |
388 | return dst2; | |
389 | } else | |
390 | goto relookup_failed; | |
b42835db DM |
391 | } |
392 | ||
393 | relookup_failed: | |
394 | if (dst) | |
395 | return dst; | |
396 | return ERR_PTR(err); | |
397 | } | |
398 | ||
1b70d792 DA |
399 | static int icmp6_iif(const struct sk_buff *skb) |
400 | { | |
401 | int iif = skb->dev->ifindex; | |
402 | ||
403 | /* for local traffic to local address, skb dev is the loopback | |
404 | * device. Check if there is a dst attached to the skb and if so | |
405 | * get the real device index. | |
406 | */ | |
407 | if (unlikely(iif == LOOPBACK_IFINDEX)) { | |
408 | const struct rt6_info *rt6 = skb_rt6_info(skb); | |
409 | ||
410 | if (rt6) | |
411 | iif = rt6->rt6i_idev->dev->ifindex; | |
412 | } | |
413 | ||
414 | return iif; | |
415 | } | |
416 | ||
1da177e4 LT |
417 | /* |
418 | * Send an ICMP message in response to a packet in error | |
419 | */ | |
b1cadc1a ED |
420 | static void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info, |
421 | const struct in6_addr *force_saddr) | |
1da177e4 | 422 | { |
c346dca1 | 423 | struct net *net = dev_net(skb->dev); |
1da177e4 | 424 | struct inet6_dev *idev = NULL; |
0660e03f | 425 | struct ipv6hdr *hdr = ipv6_hdr(skb); |
84427d53 YH |
426 | struct sock *sk; |
427 | struct ipv6_pinfo *np; | |
b71d1d42 | 428 | const struct in6_addr *saddr = NULL; |
1da177e4 LT |
429 | struct dst_entry *dst; |
430 | struct icmp6hdr tmp_hdr; | |
4c9483b2 | 431 | struct flowi6 fl6; |
1da177e4 | 432 | struct icmpv6_msg msg; |
c14ac945 | 433 | struct sockcm_cookie sockc_unused = {0}; |
26879da5 | 434 | struct ipcm6_cookie ipc6; |
1da177e4 LT |
435 | int iif = 0; |
436 | int addr_type = 0; | |
437 | int len; | |
e110861f | 438 | u32 mark = IP6_REPLY_MARK(net, skb->mark); |
1da177e4 | 439 | |
27a884dc | 440 | if ((u8 *)hdr < skb->head || |
29a3cad5 | 441 | (skb_network_header(skb) + sizeof(*hdr)) > skb_tail_pointer(skb)) |
1da177e4 LT |
442 | return; |
443 | ||
444 | /* | |
1ab1457c | 445 | * Make sure we respect the rules |
1da177e4 | 446 | * i.e. RFC 1885 2.4(e) |
5f5624cf | 447 | * Rule (e.1) is enforced by not using icmp6_send |
1da177e4 LT |
448 | * in any code that processes icmp errors. |
449 | */ | |
450 | addr_type = ipv6_addr_type(&hdr->daddr); | |
451 | ||
446fab59 | 452 | if (ipv6_chk_addr(net, &hdr->daddr, skb->dev, 0) || |
d94c1f92 | 453 | ipv6_chk_acast_addr_src(net, skb->dev, &hdr->daddr)) |
1da177e4 LT |
454 | saddr = &hdr->daddr; |
455 | ||
456 | /* | |
457 | * Dest addr check | |
458 | */ | |
459 | ||
9a6b4b39 | 460 | if (addr_type & IPV6_ADDR_MULTICAST || skb->pkt_type != PACKET_HOST) { |
1da177e4 | 461 | if (type != ICMPV6_PKT_TOOBIG && |
1ab1457c YH |
462 | !(type == ICMPV6_PARAMPROB && |
463 | code == ICMPV6_UNK_OPTION && | |
1da177e4 LT |
464 | (opt_unrec(skb, info)))) |
465 | return; | |
466 | ||
467 | saddr = NULL; | |
468 | } | |
469 | ||
470 | addr_type = ipv6_addr_type(&hdr->saddr); | |
471 | ||
472 | /* | |
473 | * Source addr check | |
474 | */ | |
475 | ||
4832c30d | 476 | if (__ipv6_addr_needs_scope_id(addr_type)) { |
1b70d792 | 477 | iif = icmp6_iif(skb); |
4832c30d | 478 | } else { |
79dc7e3f DA |
479 | dst = skb_dst(skb); |
480 | iif = l3mdev_master_ifindex(dst ? dst->dev : skb->dev); | |
481 | } | |
1da177e4 LT |
482 | |
483 | /* | |
8de3351e YH |
484 | * Must not send error if the source does not uniquely |
485 | * identify a single node (RFC2463 Section 2.4). | |
486 | * We check unspecified / multicast addresses here, | |
487 | * and anycast addresses will be checked later. | |
1da177e4 LT |
488 | */ |
489 | if ((addr_type == IPV6_ADDR_ANY) || (addr_type & IPV6_ADDR_MULTICAST)) { | |
4b3418fb BM |
490 | net_dbg_ratelimited("icmp6_send: addr_any/mcast source [%pI6c > %pI6c]\n", |
491 | &hdr->saddr, &hdr->daddr); | |
1da177e4 LT |
492 | return; |
493 | } | |
494 | ||
1ab1457c | 495 | /* |
1da177e4 LT |
496 | * Never answer to a ICMP packet. |
497 | */ | |
498 | if (is_ineligible(skb)) { | |
4b3418fb BM |
499 | net_dbg_ratelimited("icmp6_send: no reply to icmp error [%pI6c > %pI6c]\n", |
500 | &hdr->saddr, &hdr->daddr); | |
1da177e4 LT |
501 | return; |
502 | } | |
503 | ||
7ba91ecb JDB |
504 | /* Needed by both icmp_global_allow and icmpv6_xmit_lock */ |
505 | local_bh_disable(); | |
506 | ||
507 | /* Check global sysctl_icmp_msgs_per_sec ratelimit */ | |
849a44de | 508 | if (!(skb->dev->flags&IFF_LOOPBACK) && !icmpv6_global_allow(type)) |
7ba91ecb JDB |
509 | goto out_bh_enable; |
510 | ||
79383236 MN |
511 | mip6_addr_swap(skb); |
512 | ||
4c9483b2 DM |
513 | memset(&fl6, 0, sizeof(fl6)); |
514 | fl6.flowi6_proto = IPPROTO_ICMPV6; | |
4e3fd7a0 | 515 | fl6.daddr = hdr->saddr; |
b1cadc1a ED |
516 | if (force_saddr) |
517 | saddr = force_saddr; | |
1da177e4 | 518 | if (saddr) |
4e3fd7a0 | 519 | fl6.saddr = *saddr; |
e110861f | 520 | fl6.flowi6_mark = mark; |
4c9483b2 | 521 | fl6.flowi6_oif = iif; |
1958b856 DM |
522 | fl6.fl6_icmp_type = type; |
523 | fl6.fl6_icmp_code = code; | |
e2d118a1 | 524 | fl6.flowi6_uid = sock_net_uid(net, NULL); |
23aebdac | 525 | fl6.mp_hash = rt6_multipath_hash(&fl6, skb); |
4c9483b2 | 526 | security_skb_classify_flow(skb, flowi6_to_flowi(&fl6)); |
1da177e4 | 527 | |
fdc0bde9 | 528 | sk = icmpv6_xmit_lock(net); |
63159f29 | 529 | if (!sk) |
7ba91ecb | 530 | goto out_bh_enable; |
c0303efe | 531 | |
e110861f | 532 | sk->sk_mark = mark; |
fdc0bde9 | 533 | np = inet6_sk(sk); |
405666db | 534 | |
4c9483b2 | 535 | if (!icmpv6_xrlim_allow(sk, type, &fl6)) |
1da177e4 LT |
536 | goto out; |
537 | ||
538 | tmp_hdr.icmp6_type = type; | |
539 | tmp_hdr.icmp6_code = code; | |
540 | tmp_hdr.icmp6_cksum = 0; | |
541 | tmp_hdr.icmp6_pointer = htonl(info); | |
542 | ||
4c9483b2 DM |
543 | if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr)) |
544 | fl6.flowi6_oif = np->mcast_oif; | |
c4062dfc EH |
545 | else if (!fl6.flowi6_oif) |
546 | fl6.flowi6_oif = np->ucast_oif; | |
1da177e4 | 547 | |
38b7097b HFS |
548 | ipc6.tclass = np->tclass; |
549 | fl6.flowlabel = ip6_make_flowinfo(ipc6.tclass, fl6.flowlabel); | |
550 | ||
4c9483b2 | 551 | dst = icmpv6_route_lookup(net, skb, sk, &fl6); |
b42835db | 552 | if (IS_ERR(dst)) |
1da177e4 | 553 | goto out; |
8de3351e | 554 | |
26879da5 | 555 | ipc6.hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst); |
26879da5 WW |
556 | ipc6.dontfrag = np->dontfrag; |
557 | ipc6.opt = NULL; | |
1da177e4 LT |
558 | |
559 | msg.skb = skb; | |
bbe735e4 | 560 | msg.offset = skb_network_offset(skb); |
763ecff1 | 561 | msg.type = type; |
1da177e4 LT |
562 | |
563 | len = skb->len - msg.offset; | |
67ba4152 | 564 | len = min_t(unsigned int, len, IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(struct icmp6hdr)); |
1da177e4 | 565 | if (len < 0) { |
4b3418fb BM |
566 | net_dbg_ratelimited("icmp: len problem [%pI6c > %pI6c]\n", |
567 | &hdr->saddr, &hdr->daddr); | |
1da177e4 LT |
568 | goto out_dst_release; |
569 | } | |
570 | ||
cfdf7647 ED |
571 | rcu_read_lock(); |
572 | idev = __in6_dev_get(skb->dev); | |
1da177e4 | 573 | |
4e64b1ed JP |
574 | if (ip6_append_data(sk, icmpv6_getfrag, &msg, |
575 | len + sizeof(struct icmp6hdr), | |
576 | sizeof(struct icmp6hdr), | |
577 | &ipc6, &fl6, (struct rt6_info *)dst, | |
578 | MSG_DONTWAIT, &sockc_unused)) { | |
43a43b60 | 579 | ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTERRORS); |
1da177e4 | 580 | ip6_flush_pending_frames(sk); |
cfdf7647 | 581 | } else { |
4e64b1ed JP |
582 | icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr, |
583 | len + sizeof(struct icmp6hdr)); | |
1da177e4 | 584 | } |
cfdf7647 | 585 | rcu_read_unlock(); |
1da177e4 LT |
586 | out_dst_release: |
587 | dst_release(dst); | |
588 | out: | |
405666db | 589 | icmpv6_xmit_unlock(sk); |
7ba91ecb JDB |
590 | out_bh_enable: |
591 | local_bh_enable(); | |
1da177e4 | 592 | } |
5f5624cf PS |
593 | |
594 | /* Slightly more convenient version of icmp6_send. | |
595 | */ | |
596 | void icmpv6_param_prob(struct sk_buff *skb, u8 code, int pos) | |
597 | { | |
b1cadc1a | 598 | icmp6_send(skb, ICMPV6_PARAMPROB, code, pos, NULL); |
5f5624cf PS |
599 | kfree_skb(skb); |
600 | } | |
7159039a | 601 | |
5fbba8ac ED |
602 | /* Generate icmpv6 with type/code ICMPV6_DEST_UNREACH/ICMPV6_ADDR_UNREACH |
603 | * if sufficient data bytes are available | |
604 | * @nhs is the size of the tunnel header(s) : | |
605 | * Either an IPv4 header for SIT encap | |
606 | * an IPv4 header + GRE header for GRE encap | |
607 | */ | |
20e1954f ED |
608 | int ip6_err_gen_icmpv6_unreach(struct sk_buff *skb, int nhs, int type, |
609 | unsigned int data_len) | |
5fbba8ac | 610 | { |
2d7a3b27 | 611 | struct in6_addr temp_saddr; |
5fbba8ac ED |
612 | struct rt6_info *rt; |
613 | struct sk_buff *skb2; | |
20e1954f | 614 | u32 info = 0; |
5fbba8ac ED |
615 | |
616 | if (!pskb_may_pull(skb, nhs + sizeof(struct ipv6hdr) + 8)) | |
617 | return 1; | |
618 | ||
20e1954f ED |
619 | /* RFC 4884 (partial) support for ICMP extensions */ |
620 | if (data_len < 128 || (data_len & 7) || skb->len < data_len) | |
621 | data_len = 0; | |
622 | ||
623 | skb2 = data_len ? skb_copy(skb, GFP_ATOMIC) : skb_clone(skb, GFP_ATOMIC); | |
5fbba8ac ED |
624 | |
625 | if (!skb2) | |
626 | return 1; | |
627 | ||
628 | skb_dst_drop(skb2); | |
629 | skb_pull(skb2, nhs); | |
630 | skb_reset_network_header(skb2); | |
631 | ||
632 | rt = rt6_lookup(dev_net(skb->dev), &ipv6_hdr(skb2)->saddr, NULL, 0, 0); | |
633 | ||
634 | if (rt && rt->dst.dev) | |
635 | skb2->dev = rt->dst.dev; | |
636 | ||
2d7a3b27 | 637 | ipv6_addr_set_v4mapped(ip_hdr(skb)->saddr, &temp_saddr); |
20e1954f ED |
638 | |
639 | if (data_len) { | |
640 | /* RFC 4884 (partial) support : | |
641 | * insert 0 padding at the end, before the extensions | |
642 | */ | |
643 | __skb_push(skb2, nhs); | |
644 | skb_reset_network_header(skb2); | |
645 | memmove(skb2->data, skb2->data + nhs, data_len - nhs); | |
646 | memset(skb2->data + data_len - nhs, 0, nhs); | |
647 | /* RFC 4884 4.5 : Length is measured in 64-bit words, | |
648 | * and stored in reserved[0] | |
649 | */ | |
650 | info = (data_len/8) << 24; | |
651 | } | |
2d7a3b27 ED |
652 | if (type == ICMP_TIME_EXCEEDED) |
653 | icmp6_send(skb2, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT, | |
20e1954f | 654 | info, &temp_saddr); |
2d7a3b27 ED |
655 | else |
656 | icmp6_send(skb2, ICMPV6_DEST_UNREACH, ICMPV6_ADDR_UNREACH, | |
20e1954f | 657 | info, &temp_saddr); |
5fbba8ac ED |
658 | if (rt) |
659 | ip6_rt_put(rt); | |
660 | ||
661 | kfree_skb(skb2); | |
662 | ||
663 | return 0; | |
664 | } | |
665 | EXPORT_SYMBOL(ip6_err_gen_icmpv6_unreach); | |
666 | ||
1da177e4 LT |
667 | static void icmpv6_echo_reply(struct sk_buff *skb) |
668 | { | |
c346dca1 | 669 | struct net *net = dev_net(skb->dev); |
84427d53 | 670 | struct sock *sk; |
1da177e4 | 671 | struct inet6_dev *idev; |
84427d53 | 672 | struct ipv6_pinfo *np; |
b71d1d42 | 673 | const struct in6_addr *saddr = NULL; |
cc70ab26 | 674 | struct icmp6hdr *icmph = icmp6_hdr(skb); |
1da177e4 | 675 | struct icmp6hdr tmp_hdr; |
4c9483b2 | 676 | struct flowi6 fl6; |
1da177e4 LT |
677 | struct icmpv6_msg msg; |
678 | struct dst_entry *dst; | |
26879da5 | 679 | struct ipcm6_cookie ipc6; |
e110861f | 680 | u32 mark = IP6_REPLY_MARK(net, skb->mark); |
c14ac945 | 681 | struct sockcm_cookie sockc_unused = {0}; |
1da177e4 | 682 | |
0660e03f | 683 | saddr = &ipv6_hdr(skb)->daddr; |
1da177e4 | 684 | |
509aba3b | 685 | if (!ipv6_unicast_destination(skb) && |
ec35b61e | 686 | !(net->ipv6.sysctl.anycast_src_echo_reply && |
2647a9b0 | 687 | ipv6_anycast_destination(skb_dst(skb), saddr))) |
1da177e4 LT |
688 | saddr = NULL; |
689 | ||
690 | memcpy(&tmp_hdr, icmph, sizeof(tmp_hdr)); | |
691 | tmp_hdr.icmp6_type = ICMPV6_ECHO_REPLY; | |
692 | ||
4c9483b2 DM |
693 | memset(&fl6, 0, sizeof(fl6)); |
694 | fl6.flowi6_proto = IPPROTO_ICMPV6; | |
4e3fd7a0 | 695 | fl6.daddr = ipv6_hdr(skb)->saddr; |
1da177e4 | 696 | if (saddr) |
4e3fd7a0 | 697 | fl6.saddr = *saddr; |
1b70d792 | 698 | fl6.flowi6_oif = icmp6_iif(skb); |
1958b856 | 699 | fl6.fl6_icmp_type = ICMPV6_ECHO_REPLY; |
e110861f | 700 | fl6.flowi6_mark = mark; |
e2d118a1 | 701 | fl6.flowi6_uid = sock_net_uid(net, NULL); |
4c9483b2 | 702 | security_skb_classify_flow(skb, flowi6_to_flowi(&fl6)); |
1da177e4 | 703 | |
7ba91ecb | 704 | local_bh_disable(); |
fdc0bde9 | 705 | sk = icmpv6_xmit_lock(net); |
63159f29 | 706 | if (!sk) |
7ba91ecb | 707 | goto out_bh_enable; |
e110861f | 708 | sk->sk_mark = mark; |
fdc0bde9 | 709 | np = inet6_sk(sk); |
405666db | 710 | |
4c9483b2 DM |
711 | if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr)) |
712 | fl6.flowi6_oif = np->mcast_oif; | |
c4062dfc EH |
713 | else if (!fl6.flowi6_oif) |
714 | fl6.flowi6_oif = np->ucast_oif; | |
1da177e4 | 715 | |
4e64b1ed | 716 | if (ip6_dst_lookup(net, sk, &dst, &fl6)) |
1da177e4 | 717 | goto out; |
4c9483b2 | 718 | dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), sk, 0); |
452edd59 | 719 | if (IS_ERR(dst)) |
e104411b | 720 | goto out; |
1da177e4 | 721 | |
cfdf7647 | 722 | idev = __in6_dev_get(skb->dev); |
1da177e4 LT |
723 | |
724 | msg.skb = skb; | |
725 | msg.offset = 0; | |
763ecff1 | 726 | msg.type = ICMPV6_ECHO_REPLY; |
1da177e4 | 727 | |
26879da5 WW |
728 | ipc6.hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst); |
729 | ipc6.tclass = ipv6_get_dsfield(ipv6_hdr(skb)); | |
730 | ipc6.dontfrag = np->dontfrag; | |
731 | ipc6.opt = NULL; | |
732 | ||
4e64b1ed JP |
733 | if (ip6_append_data(sk, icmpv6_getfrag, &msg, |
734 | skb->len + sizeof(struct icmp6hdr), | |
735 | sizeof(struct icmp6hdr), &ipc6, &fl6, | |
736 | (struct rt6_info *)dst, MSG_DONTWAIT, | |
737 | &sockc_unused)) { | |
a16292a0 | 738 | __ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTERRORS); |
1da177e4 | 739 | ip6_flush_pending_frames(sk); |
cfdf7647 | 740 | } else { |
4e64b1ed JP |
741 | icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr, |
742 | skb->len + sizeof(struct icmp6hdr)); | |
1da177e4 | 743 | } |
1da177e4 | 744 | dst_release(dst); |
1ab1457c | 745 | out: |
405666db | 746 | icmpv6_xmit_unlock(sk); |
7ba91ecb JDB |
747 | out_bh_enable: |
748 | local_bh_enable(); | |
1da177e4 LT |
749 | } |
750 | ||
b94f1c09 | 751 | void icmpv6_notify(struct sk_buff *skb, u8 type, u8 code, __be32 info) |
1da177e4 | 752 | { |
41135cc8 | 753 | const struct inet6_protocol *ipprot; |
1da177e4 | 754 | int inner_offset; |
75f2811c | 755 | __be16 frag_off; |
f9242b6b | 756 | u8 nexthdr; |
7304fe46 | 757 | struct net *net = dev_net(skb->dev); |
1da177e4 LT |
758 | |
759 | if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) | |
7304fe46 | 760 | goto out; |
1da177e4 LT |
761 | |
762 | nexthdr = ((struct ipv6hdr *)skb->data)->nexthdr; | |
763 | if (ipv6_ext_hdr(nexthdr)) { | |
764 | /* now skip over extension headers */ | |
75f2811c JG |
765 | inner_offset = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), |
766 | &nexthdr, &frag_off); | |
67ba4152 | 767 | if (inner_offset < 0) |
7304fe46 | 768 | goto out; |
1da177e4 LT |
769 | } else { |
770 | inner_offset = sizeof(struct ipv6hdr); | |
771 | } | |
772 | ||
773 | /* Checkin header including 8 bytes of inner protocol header. */ | |
774 | if (!pskb_may_pull(skb, inner_offset+8)) | |
7304fe46 | 775 | goto out; |
1da177e4 | 776 | |
1da177e4 LT |
777 | /* BUGGG_FUTURE: we should try to parse exthdrs in this packet. |
778 | Without this we will not able f.e. to make source routed | |
779 | pmtu discovery. | |
780 | Corresponding argument (opt) to notifiers is already added. | |
781 | --ANK (980726) | |
782 | */ | |
783 | ||
f9242b6b | 784 | ipprot = rcu_dereference(inet6_protos[nexthdr]); |
1da177e4 LT |
785 | if (ipprot && ipprot->err_handler) |
786 | ipprot->err_handler(skb, NULL, type, code, inner_offset, info); | |
1da177e4 | 787 | |
69d6da0b | 788 | raw6_icmp_error(skb, nexthdr, type, code, inner_offset, info); |
7304fe46 DJ |
789 | return; |
790 | ||
791 | out: | |
a16292a0 | 792 | __ICMP6_INC_STATS(net, __in6_dev_get(skb->dev), ICMP6_MIB_INERRORS); |
1da177e4 | 793 | } |
1ab1457c | 794 | |
1da177e4 LT |
795 | /* |
796 | * Handle icmp messages | |
797 | */ | |
798 | ||
e5bbef20 | 799 | static int icmpv6_rcv(struct sk_buff *skb) |
1da177e4 | 800 | { |
1da177e4 LT |
801 | struct net_device *dev = skb->dev; |
802 | struct inet6_dev *idev = __in6_dev_get(dev); | |
b71d1d42 | 803 | const struct in6_addr *saddr, *daddr; |
1da177e4 | 804 | struct icmp6hdr *hdr; |
d5fdd6ba | 805 | u8 type; |
e3e32170 | 806 | bool success = false; |
1da177e4 | 807 | |
aebcf82c | 808 | if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) { |
def8b4fa | 809 | struct sec_path *sp = skb_sec_path(skb); |
8b7817f3 HX |
810 | int nh; |
811 | ||
def8b4fa | 812 | if (!(sp && sp->xvec[sp->len - 1]->props.flags & |
aebcf82c HX |
813 | XFRM_STATE_ICMP)) |
814 | goto drop_no_count; | |
815 | ||
81aded24 | 816 | if (!pskb_may_pull(skb, sizeof(*hdr) + sizeof(struct ipv6hdr))) |
8b7817f3 HX |
817 | goto drop_no_count; |
818 | ||
819 | nh = skb_network_offset(skb); | |
820 | skb_set_network_header(skb, sizeof(*hdr)); | |
821 | ||
822 | if (!xfrm6_policy_check_reverse(NULL, XFRM_POLICY_IN, skb)) | |
823 | goto drop_no_count; | |
824 | ||
825 | skb_set_network_header(skb, nh); | |
826 | } | |
827 | ||
a16292a0 | 828 | __ICMP6_INC_STATS(dev_net(dev), idev, ICMP6_MIB_INMSGS); |
1da177e4 | 829 | |
0660e03f ACM |
830 | saddr = &ipv6_hdr(skb)->saddr; |
831 | daddr = &ipv6_hdr(skb)->daddr; | |
1da177e4 | 832 | |
39471ac8 | 833 | if (skb_checksum_validate(skb, IPPROTO_ICMPV6, ip6_compute_pseudo)) { |
ba7a46f1 JP |
834 | net_dbg_ratelimited("ICMPv6 checksum failed [%pI6c > %pI6c]\n", |
835 | saddr, daddr); | |
39471ac8 | 836 | goto csum_error; |
1da177e4 LT |
837 | } |
838 | ||
8cf22943 HX |
839 | if (!pskb_pull(skb, sizeof(*hdr))) |
840 | goto discard_it; | |
1da177e4 | 841 | |
cc70ab26 | 842 | hdr = icmp6_hdr(skb); |
1da177e4 LT |
843 | |
844 | type = hdr->icmp6_type; | |
845 | ||
f3832ed2 | 846 | ICMP6MSGIN_INC_STATS(dev_net(dev), idev, type); |
1da177e4 LT |
847 | |
848 | switch (type) { | |
849 | case ICMPV6_ECHO_REQUEST: | |
850 | icmpv6_echo_reply(skb); | |
851 | break; | |
852 | ||
853 | case ICMPV6_ECHO_REPLY: | |
e3e32170 | 854 | success = ping_rcv(skb); |
1da177e4 LT |
855 | break; |
856 | ||
857 | case ICMPV6_PKT_TOOBIG: | |
858 | /* BUGGG_FUTURE: if packet contains rthdr, we cannot update | |
859 | standard destination cache. Seems, only "advanced" | |
860 | destination cache will allow to solve this problem | |
861 | --ANK (980726) | |
862 | */ | |
863 | if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) | |
864 | goto discard_it; | |
cc70ab26 | 865 | hdr = icmp6_hdr(skb); |
1da177e4 | 866 | |
275757e6 GS |
867 | /* to notify */ |
868 | /* fall through */ | |
1da177e4 LT |
869 | case ICMPV6_DEST_UNREACH: |
870 | case ICMPV6_TIME_EXCEED: | |
871 | case ICMPV6_PARAMPROB: | |
872 | icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu); | |
873 | break; | |
874 | ||
875 | case NDISC_ROUTER_SOLICITATION: | |
876 | case NDISC_ROUTER_ADVERTISEMENT: | |
877 | case NDISC_NEIGHBOUR_SOLICITATION: | |
878 | case NDISC_NEIGHBOUR_ADVERTISEMENT: | |
879 | case NDISC_REDIRECT: | |
880 | ndisc_rcv(skb); | |
881 | break; | |
882 | ||
883 | case ICMPV6_MGM_QUERY: | |
884 | igmp6_event_query(skb); | |
885 | break; | |
886 | ||
887 | case ICMPV6_MGM_REPORT: | |
888 | igmp6_event_report(skb); | |
889 | break; | |
890 | ||
891 | case ICMPV6_MGM_REDUCTION: | |
892 | case ICMPV6_NI_QUERY: | |
893 | case ICMPV6_NI_REPLY: | |
894 | case ICMPV6_MLD2_REPORT: | |
895 | case ICMPV6_DHAAD_REQUEST: | |
896 | case ICMPV6_DHAAD_REPLY: | |
897 | case ICMPV6_MOBILE_PREFIX_SOL: | |
898 | case ICMPV6_MOBILE_PREFIX_ADV: | |
899 | break; | |
900 | ||
901 | default: | |
1da177e4 LT |
902 | /* informational */ |
903 | if (type & ICMPV6_INFOMSG_MASK) | |
904 | break; | |
905 | ||
4b3418fb BM |
906 | net_dbg_ratelimited("icmpv6: msg of unknown type [%pI6c > %pI6c]\n", |
907 | saddr, daddr); | |
ea85a0a2 | 908 | |
1ab1457c YH |
909 | /* |
910 | * error of unknown type. | |
911 | * must pass to upper level | |
1da177e4 LT |
912 | */ |
913 | ||
914 | icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu); | |
3ff50b79 SH |
915 | } |
916 | ||
e3e32170 RJ |
917 | /* until the v6 path can be better sorted assume failure and |
918 | * preserve the status quo behaviour for the rest of the paths to here | |
919 | */ | |
920 | if (success) | |
921 | consume_skb(skb); | |
922 | else | |
923 | kfree_skb(skb); | |
924 | ||
1da177e4 LT |
925 | return 0; |
926 | ||
6a5dc9e5 | 927 | csum_error: |
a16292a0 | 928 | __ICMP6_INC_STATS(dev_net(dev), idev, ICMP6_MIB_CSUMERRORS); |
1da177e4 | 929 | discard_it: |
a16292a0 | 930 | __ICMP6_INC_STATS(dev_net(dev), idev, ICMP6_MIB_INERRORS); |
8b7817f3 | 931 | drop_no_count: |
1da177e4 LT |
932 | kfree_skb(skb); |
933 | return 0; | |
934 | } | |
935 | ||
4c9483b2 | 936 | void icmpv6_flow_init(struct sock *sk, struct flowi6 *fl6, |
95e41e93 YH |
937 | u8 type, |
938 | const struct in6_addr *saddr, | |
939 | const struct in6_addr *daddr, | |
940 | int oif) | |
941 | { | |
4c9483b2 | 942 | memset(fl6, 0, sizeof(*fl6)); |
4e3fd7a0 AD |
943 | fl6->saddr = *saddr; |
944 | fl6->daddr = *daddr; | |
67ba4152 | 945 | fl6->flowi6_proto = IPPROTO_ICMPV6; |
1958b856 DM |
946 | fl6->fl6_icmp_type = type; |
947 | fl6->fl6_icmp_code = 0; | |
4c9483b2 DM |
948 | fl6->flowi6_oif = oif; |
949 | security_sk_classify_flow(sk, flowi6_to_flowi(fl6)); | |
95e41e93 YH |
950 | } |
951 | ||
98c6d1b2 | 952 | static int __net_init icmpv6_sk_init(struct net *net) |
1da177e4 LT |
953 | { |
954 | struct sock *sk; | |
955 | int err, i, j; | |
956 | ||
98c6d1b2 DL |
957 | net->ipv6.icmp_sk = |
958 | kzalloc(nr_cpu_ids * sizeof(struct sock *), GFP_KERNEL); | |
63159f29 | 959 | if (!net->ipv6.icmp_sk) |
79c91159 DL |
960 | return -ENOMEM; |
961 | ||
6f912042 | 962 | for_each_possible_cpu(i) { |
1ed8516f DL |
963 | err = inet_ctl_sock_create(&sk, PF_INET6, |
964 | SOCK_RAW, IPPROTO_ICMPV6, net); | |
1da177e4 | 965 | if (err < 0) { |
f3213831 | 966 | pr_err("Failed to initialize the ICMP6 control socket (err %d)\n", |
1da177e4 LT |
967 | err); |
968 | goto fail; | |
969 | } | |
970 | ||
1ed8516f | 971 | net->ipv6.icmp_sk[i] = sk; |
5c8cafd6 | 972 | |
1da177e4 LT |
973 | /* Enough space for 2 64K ICMP packets, including |
974 | * sk_buff struct overhead. | |
975 | */ | |
87fb4b7b | 976 | sk->sk_sndbuf = 2 * SKB_TRUESIZE(64 * 1024); |
1da177e4 | 977 | } |
1da177e4 LT |
978 | return 0; |
979 | ||
980 | fail: | |
5c8cafd6 | 981 | for (j = 0; j < i; j++) |
1ed8516f | 982 | inet_ctl_sock_destroy(net->ipv6.icmp_sk[j]); |
98c6d1b2 | 983 | kfree(net->ipv6.icmp_sk); |
1da177e4 LT |
984 | return err; |
985 | } | |
986 | ||
98c6d1b2 | 987 | static void __net_exit icmpv6_sk_exit(struct net *net) |
1da177e4 LT |
988 | { |
989 | int i; | |
990 | ||
6f912042 | 991 | for_each_possible_cpu(i) { |
1ed8516f | 992 | inet_ctl_sock_destroy(net->ipv6.icmp_sk[i]); |
1da177e4 | 993 | } |
98c6d1b2 DL |
994 | kfree(net->ipv6.icmp_sk); |
995 | } | |
996 | ||
8ed7edce | 997 | static struct pernet_operations icmpv6_sk_ops = { |
67ba4152 IM |
998 | .init = icmpv6_sk_init, |
999 | .exit = icmpv6_sk_exit, | |
98c6d1b2 DL |
1000 | }; |
1001 | ||
1002 | int __init icmpv6_init(void) | |
1003 | { | |
1004 | int err; | |
1005 | ||
1006 | err = register_pernet_subsys(&icmpv6_sk_ops); | |
1007 | if (err < 0) | |
1008 | return err; | |
1009 | ||
1010 | err = -EAGAIN; | |
1011 | if (inet6_add_protocol(&icmpv6_protocol, IPPROTO_ICMPV6) < 0) | |
1012 | goto fail; | |
5f5624cf PS |
1013 | |
1014 | err = inet6_register_icmp_sender(icmp6_send); | |
1015 | if (err) | |
1016 | goto sender_reg_err; | |
98c6d1b2 DL |
1017 | return 0; |
1018 | ||
5f5624cf PS |
1019 | sender_reg_err: |
1020 | inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6); | |
98c6d1b2 | 1021 | fail: |
f3213831 | 1022 | pr_err("Failed to register ICMP6 protocol\n"); |
98c6d1b2 DL |
1023 | unregister_pernet_subsys(&icmpv6_sk_ops); |
1024 | return err; | |
1025 | } | |
1026 | ||
8ed7edce | 1027 | void icmpv6_cleanup(void) |
98c6d1b2 | 1028 | { |
5f5624cf | 1029 | inet6_unregister_icmp_sender(icmp6_send); |
98c6d1b2 | 1030 | unregister_pernet_subsys(&icmpv6_sk_ops); |
1da177e4 LT |
1031 | inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6); |
1032 | } | |
1033 | ||
98c6d1b2 | 1034 | |
9b5b5cff | 1035 | static const struct icmp6_err { |
1da177e4 LT |
1036 | int err; |
1037 | int fatal; | |
1038 | } tab_unreach[] = { | |
1039 | { /* NOROUTE */ | |
1040 | .err = ENETUNREACH, | |
1041 | .fatal = 0, | |
1042 | }, | |
1043 | { /* ADM_PROHIBITED */ | |
1044 | .err = EACCES, | |
1045 | .fatal = 1, | |
1046 | }, | |
1047 | { /* Was NOT_NEIGHBOUR, now reserved */ | |
1048 | .err = EHOSTUNREACH, | |
1049 | .fatal = 0, | |
1050 | }, | |
1051 | { /* ADDR_UNREACH */ | |
1052 | .err = EHOSTUNREACH, | |
1053 | .fatal = 0, | |
1054 | }, | |
1055 | { /* PORT_UNREACH */ | |
1056 | .err = ECONNREFUSED, | |
1057 | .fatal = 1, | |
1058 | }, | |
61e76b17 JB |
1059 | { /* POLICY_FAIL */ |
1060 | .err = EACCES, | |
1061 | .fatal = 1, | |
1062 | }, | |
1063 | { /* REJECT_ROUTE */ | |
1064 | .err = EACCES, | |
1065 | .fatal = 1, | |
1066 | }, | |
1da177e4 LT |
1067 | }; |
1068 | ||
d5fdd6ba | 1069 | int icmpv6_err_convert(u8 type, u8 code, int *err) |
1da177e4 LT |
1070 | { |
1071 | int fatal = 0; | |
1072 | ||
1073 | *err = EPROTO; | |
1074 | ||
1075 | switch (type) { | |
1076 | case ICMPV6_DEST_UNREACH: | |
1077 | fatal = 1; | |
61e76b17 | 1078 | if (code < ARRAY_SIZE(tab_unreach)) { |
1da177e4 LT |
1079 | *err = tab_unreach[code].err; |
1080 | fatal = tab_unreach[code].fatal; | |
1081 | } | |
1082 | break; | |
1083 | ||
1084 | case ICMPV6_PKT_TOOBIG: | |
1085 | *err = EMSGSIZE; | |
1086 | break; | |
1ab1457c | 1087 | |
1da177e4 LT |
1088 | case ICMPV6_PARAMPROB: |
1089 | *err = EPROTO; | |
1090 | fatal = 1; | |
1091 | break; | |
1092 | ||
1093 | case ICMPV6_TIME_EXCEED: | |
1094 | *err = EHOSTUNREACH; | |
1095 | break; | |
3ff50b79 | 1096 | } |
1da177e4 LT |
1097 | |
1098 | return fatal; | |
1099 | } | |
7159039a YH |
1100 | EXPORT_SYMBOL(icmpv6_err_convert); |
1101 | ||
1da177e4 | 1102 | #ifdef CONFIG_SYSCTL |
e8243534 | 1103 | static struct ctl_table ipv6_icmp_table_template[] = { |
1da177e4 | 1104 | { |
1da177e4 | 1105 | .procname = "ratelimit", |
41a76906 | 1106 | .data = &init_net.ipv6.sysctl.icmpv6_time, |
1da177e4 LT |
1107 | .maxlen = sizeof(int), |
1108 | .mode = 0644, | |
6d9f239a | 1109 | .proc_handler = proc_dointvec_ms_jiffies, |
1da177e4 | 1110 | }, |
f8572d8f | 1111 | { }, |
1da177e4 | 1112 | }; |
760f2d01 | 1113 | |
2c8c1e72 | 1114 | struct ctl_table * __net_init ipv6_icmp_sysctl_init(struct net *net) |
760f2d01 DL |
1115 | { |
1116 | struct ctl_table *table; | |
1117 | ||
1118 | table = kmemdup(ipv6_icmp_table_template, | |
1119 | sizeof(ipv6_icmp_table_template), | |
1120 | GFP_KERNEL); | |
5ee09105 | 1121 | |
c027aab4 | 1122 | if (table) |
5ee09105 YH |
1123 | table[0].data = &net->ipv6.sysctl.icmpv6_time; |
1124 | ||
760f2d01 DL |
1125 | return table; |
1126 | } | |
1da177e4 | 1127 | #endif |