]> git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/blame - net/ipv6/icmp.c
projects / mirror_ubuntu-jammy-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
sctp: Fixup v4mapped behaviour to comply with Sock API
[mirror_ubuntu-jammy-kernel.git] / net / ipv6 / icmp.c
CommitLineData
1da177e4
LT		 1/*
2 * Internet Control Message Protocol (ICMPv6)
3 * Linux INET6 implementation
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 *
1da177e4
LT		 8 * Based on net/ipv4/icmp.c
9 *
10 * RFC 1885
11 *
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version
15 * 2 of the License, or (at your option) any later version.
16 */
17
18/*
19 * Changes:
20 *
21 * Andi Kleen : exception handling
22 * Andi Kleen add rate limits. never reply to a icmp.
23 * add more length checks and other fixes.
24 * yoshfuji : ensure to sent parameter problem for
25 * fragments.
26 * YOSHIFUJI Hideaki @USAGI: added sysctl for icmp rate limit.
27 * Randy Dunlap and
28 * YOSHIFUJI Hideaki @USAGI: Per-interface statistics support
29 * Kazunori MIYAZAWA @USAGI: change output process to use ip6_append_data
30 */
31
f3213831
JP		 32#define pr_fmt(fmt) "IPv6: " fmt
33
1da177e4
LT		 34#include <linux/module.h>
35#include <linux/errno.h>
36#include <linux/types.h>
37#include <linux/socket.h>
38#include <linux/in.h>
39#include <linux/kernel.h>
1da177e4
LT		 40#include <linux/sockios.h>
41#include <linux/net.h>
42#include <linux/skbuff.h>
43#include <linux/init.h>
763ecff1 44#include <linux/netfilter.h>
5a0e3ad6 45#include <linux/slab.h>
1da177e4
LT		 46
47#ifdef CONFIG_SYSCTL
48#include <linux/sysctl.h>
49#endif
50
51#include <linux/inet.h>
52#include <linux/netdevice.h>
53#include <linux/icmpv6.h>
54
55#include <net/ip.h>
56#include <net/sock.h>
57
58#include <net/ipv6.h>
59#include <net/ip6_checksum.h>
6d0bfe22 60#include <net/ping.h>
1da177e4
LT		 61#include <net/protocol.h>
62#include <net/raw.h>
63#include <net/rawv6.h>
64#include <net/transp_v6.h>
65#include <net/ip6_route.h>
66#include <net/addrconf.h>
67#include <net/icmp.h>
8b7817f3 68#include <net/xfrm.h>
1ed8516f 69#include <net/inet_common.h>
825edac4 70#include <net/dsfield.h>
1da177e4
LT		 71
72#include <asm/uaccess.h>
1da177e4 73
1da177e4
LT		 74/*
75 * The ICMP socket(s). This is the most convenient way to flow control
76 * our ICMP output as well as maintain a clean interface throughout
77 * all layers. All Socketless IP sends will soon be gone.
78 *
79 * On SMP we have one ICMP socket per-cpu.
80 */
98c6d1b2
DL		 81static inline struct sock *icmpv6_sk(struct net *net)
82{
83 return net->ipv6.icmp_sk[smp_processor_id()];
84}
1da177e4 85
6f809da2
SK		 86static void icmpv6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
87 u8 type, u8 code, int offset, __be32 info)
88{
6d0bfe22
LC		 89 /* icmpv6_notify checks 8 bytes can be pulled, icmp6hdr is 8 bytes */
90 struct icmp6hdr *icmp6 = (struct icmp6hdr *) (skb->data + offset);
6f809da2
SK		 91 struct net *net = dev_net(skb->dev);
92
93 if (type == ICMPV6_PKT_TOOBIG)
94 ip6_update_pmtu(skb, net, info, 0, 0);
95 else if (type == NDISC_REDIRECT)
b55b76b2 96 ip6_redirect(skb, net, skb->dev->ifindex, 0);
6d0bfe22
LC		 97
98 if (!(type & ICMPV6_INFOMSG_MASK))
99 if (icmp6->icmp6_type == ICMPV6_ECHO_REQUEST)
100 ping_err(skb, offset, info);
6f809da2
SK		 101}
102
e5bbef20 103static int icmpv6_rcv(struct sk_buff *skb);
1da177e4 104
41135cc8 105static const struct inet6_protocol icmpv6_protocol = {
1da177e4 106 .handler = icmpv6_rcv,
6f809da2 107 .err_handler = icmpv6_err,
8b7817f3 108 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
1da177e4
LT		 109};
110
fdc0bde9 111static __inline__ struct sock *icmpv6_xmit_lock(struct net *net)
1da177e4 112{
fdc0bde9
DL		 113 struct sock *sk;
114
1da177e4
LT		 115 local_bh_disable();
116
fdc0bde9 117 sk = icmpv6_sk(net);
405666db 118 if (unlikely(!spin_trylock(&sk->sk_lock.slock))) {
1da177e4
LT		 119 /* This can happen if the output path (f.e. SIT or
120 * ip6ip6 tunnel) signals dst_link_failure() for an
121 * outgoing ICMP6 packet.
122 */
123 local_bh_enable();
fdc0bde9 124 return NULL;
1da177e4 125 }
fdc0bde9 126 return sk;
1da177e4
LT		 127}
128
405666db 129static __inline__ void icmpv6_xmit_unlock(struct sock *sk)
1da177e4 130{
405666db 131 spin_unlock_bh(&sk->sk_lock.slock);
1da177e4
LT		 132}
133
1da177e4
LT		 134/*
135 * Figure out, may we reply to this packet with icmp error.
136 *
137 * We do not reply, if:
138 * - it was icmp error message.
139 * - it is truncated, so that it is known, that protocol is ICMPV6
140 * (i.e. in the middle of some exthdr)
141 *
142 * --ANK (980726)
143 */
144
a50feda5 145static bool is_ineligible(const struct sk_buff *skb)
1da177e4 146{
0660e03f 147 int ptr = (u8 *)(ipv6_hdr(skb) + 1) - skb->data;
1da177e4 148 int len = skb->len - ptr;
0660e03f 149 __u8 nexthdr = ipv6_hdr(skb)->nexthdr;
75f2811c 150 __be16 frag_off;
1da177e4
LT		 151
152 if (len < 0)
a50feda5 153 return true;
1da177e4 154
75f2811c 155 ptr = ipv6_skip_exthdr(skb, ptr, &nexthdr, &frag_off);
1da177e4 156 if (ptr < 0)
a50feda5 157 return false;
1da177e4
LT		 158 if (nexthdr == IPPROTO_ICMPV6) {
159 u8 _type, *tp;
160 tp = skb_header_pointer(skb,
161 ptr+offsetof(struct icmp6hdr, icmp6_type),
162 sizeof(_type), &_type);
163 if (tp == NULL ||
164 !(*tp & ICMPV6_INFOMSG_MASK))
a50feda5 165 return true;
1da177e4 166 }
a50feda5 167 return false;
1da177e4
LT		 168}
169
1ab1457c
YH		 170/*
171 * Check the ICMP output rate limit
1da177e4 172 */
92d86829 173static inline bool icmpv6_xrlim_allow(struct sock *sk, u8 type,
4c9483b2 174 struct flowi6 *fl6)
1da177e4
LT		 175{
176 struct dst_entry *dst;
3b1e0a65 177 struct net *net = sock_net(sk);
92d86829 178 bool res = false;
1da177e4
LT		 179
180 /* Informational messages are not limited. */
181 if (type & ICMPV6_INFOMSG_MASK)
92d86829 182 return true;
1da177e4
LT		 183
184 /* Do not limit pmtu discovery, it would break it. */
185 if (type == ICMPV6_PKT_TOOBIG)
92d86829 186 return true;
1da177e4 187
1ab1457c 188 /*
1da177e4
LT		 189 * Look up the output route.
190 * XXX: perhaps the expire for routing entries cloned by
191 * this lookup should be more aggressive (not longer than timeout).
192 */
4c9483b2 193 dst = ip6_route_output(net, sk, fl6);
1da177e4 194 if (dst->error) {
3bd653c8 195 IP6_INC_STATS(net, ip6_dst_idev(dst),
a11d206d 196 IPSTATS_MIB_OUTNOROUTES);
1da177e4 197 } else if (dst->dev && (dst->dev->flags&IFF_LOOPBACK)) {
92d86829 198 res = true;
1da177e4
LT		 199 } else {
200 struct rt6_info *rt = (struct rt6_info *)dst;
9a43b709 201 int tmo = net->ipv6.sysctl.icmpv6_time;
fbfe95a4 202 struct inet_peer *peer;
1da177e4
LT		 203
204 /* Give more bandwidth to wider prefixes. */
205 if (rt->rt6i_dst.plen < 128)
206 tmo >>= ((128 - rt->rt6i_dst.plen)>>5);
207
1d861aa4 208 peer = inet_getpeer_v6(net->ipv6.peers, &rt->rt6i_dst.addr, 1);
fbfe95a4 209 res = inet_peer_xrlim_allow(peer, tmo);
1d861aa4
DM		 210 if (peer)
211 inet_putpeer(peer);
1da177e4
LT		 212 }
213 dst_release(dst);
214 return res;
215}
216
217/*
218 * an inline helper for the "simple" if statement below
219 * checks if parameter problem report is caused by an
1ab1457c 220 * unrecognized IPv6 option that has the Option Type
1da177e4
LT		 221 * highest-order two bits set to 10
222 */
223
a50feda5 224static bool opt_unrec(struct sk_buff *skb, __u32 offset)
1da177e4
LT		 225{
226 u8 _optval, *op;
227
bbe735e4 228 offset += skb_network_offset(skb);
1da177e4
LT		 229 op = skb_header_pointer(skb, offset, sizeof(_optval), &_optval);
230 if (op == NULL)
a50feda5 231 return true;
1da177e4
LT		 232 return (*op & 0xC0) == 0x80;
233}
234
6d0bfe22
LC		 235int icmpv6_push_pending_frames(struct sock *sk, struct flowi6 *fl6,
236 struct icmp6hdr *thdr, int len)
1da177e4
LT		 237{
238 struct sk_buff *skb;
239 struct icmp6hdr *icmp6h;
240 int err = 0;
241
242 if ((skb = skb_peek(&sk->sk_write_queue)) == NULL)
243 goto out;
244
cc70ab26 245 icmp6h = icmp6_hdr(skb);
1da177e4
LT		 246 memcpy(icmp6h, thdr, sizeof(struct icmp6hdr));
247 icmp6h->icmp6_cksum = 0;
248
249 if (skb_queue_len(&sk->sk_write_queue) == 1) {
07f0757a 250 skb->csum = csum_partial(icmp6h,
1da177e4 251 sizeof(struct icmp6hdr), skb->csum);
4c9483b2
DM		 252 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr,
253 &fl6->daddr,
254 len, fl6->flowi6_proto,
1da177e4
LT		 255 skb->csum);
256 } else {
868c86bc 257 __wsum tmp_csum = 0;
1da177e4
LT		 258
259 skb_queue_walk(&sk->sk_write_queue, skb) {
260 tmp_csum = csum_add(tmp_csum, skb->csum);
261 }
262
07f0757a 263 tmp_csum = csum_partial(icmp6h,
1da177e4 264 sizeof(struct icmp6hdr), tmp_csum);
4c9483b2
DM		 265 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr,
266 &fl6->daddr,
267 len, fl6->flowi6_proto,
868c86bc 268 tmp_csum);
1da177e4 269 }
1da177e4
LT		 270 ip6_push_pending_frames(sk);
271out:
272 return err;
273}
274
275struct icmpv6_msg {
276 struct sk_buff *skb;
277 int offset;
763ecff1 278 uint8_t type;
1da177e4
LT		 279};
280
281static int icmpv6_getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb)
282{
283 struct icmpv6_msg *msg = (struct icmpv6_msg *) from;
284 struct sk_buff *org_skb = msg->skb;
5f92a738 285 __wsum csum = 0;
1da177e4
LT		 286
287 csum = skb_copy_and_csum_bits(org_skb, msg->offset + offset,
288 to, len, csum);
289 skb->csum = csum_block_add(skb->csum, csum, odd);
763ecff1
YK		 290 if (!(msg->type & ICMPV6_INFOMSG_MASK))
291 nf_ct_attach(skb, org_skb);
1da177e4
LT		 292 return 0;
293}
294
07a93626 295#if IS_ENABLED(CONFIG_IPV6_MIP6)
79383236
MN		 296static void mip6_addr_swap(struct sk_buff *skb)
297{
0660e03f 298 struct ipv6hdr *iph = ipv6_hdr(skb);
79383236
MN		 299 struct inet6_skb_parm *opt = IP6CB(skb);
300 struct ipv6_destopt_hao *hao;
301 struct in6_addr tmp;
302 int off;
303
304 if (opt->dsthao) {
305 off = ipv6_find_tlv(skb, opt->dsthao, IPV6_TLV_HAO);
306 if (likely(off >= 0)) {
d56f90a7
ACM		 307 hao = (struct ipv6_destopt_hao *)
308 (skb_network_header(skb) + off);
4e3fd7a0
AD		 309 tmp = iph->saddr;
310 iph->saddr = hao->addr;
311 hao->addr = tmp;
79383236
MN		 312 }
313 }
314}
315#else
316static inline void mip6_addr_swap(struct sk_buff *skb) {}
317#endif
318
e8243534 319static struct dst_entry *icmpv6_route_lookup(struct net *net,
320 struct sk_buff *skb,
321 struct sock *sk,
322 struct flowi6 *fl6)
b42835db
DM		 323{
324 struct dst_entry *dst, *dst2;
4c9483b2 325 struct flowi6 fl2;
b42835db
DM		 326 int err;
327
4c9483b2 328 err = ip6_dst_lookup(sk, &dst, fl6);
b42835db
DM		 329 if (err)
330 return ERR_PTR(err);
331
332 /*
333 * We won't send icmp if the destination is known
334 * anycast.
335 */
336 if (((struct rt6_info *)dst)->rt6i_flags & RTF_ANYCAST) {
5f5624cf 337 LIMIT_NETDEBUG(KERN_DEBUG "icmp6_send: acast source\n");
b42835db
DM		 338 dst_release(dst);
339 return ERR_PTR(-EINVAL);
340 }
341
342 /* No need to clone since we're just using its address. */
343 dst2 = dst;
344
4c9483b2 345 dst = xfrm_lookup(net, dst, flowi6_to_flowi(fl6), sk, 0);
452edd59 346 if (!IS_ERR(dst)) {
b42835db
DM		 347 if (dst != dst2)
348 return dst;
452edd59
DM		 349 } else {
350 if (PTR_ERR(dst) == -EPERM)
351 dst = NULL;
352 else
353 return dst;
b42835db
DM		 354 }
355
4c9483b2 356 err = xfrm_decode_session_reverse(skb, flowi6_to_flowi(&fl2), AF_INET6);
b42835db
DM		 357 if (err)
358 goto relookup_failed;
359
360 err = ip6_dst_lookup(sk, &dst2, &fl2);
361 if (err)
362 goto relookup_failed;
363
4c9483b2 364 dst2 = xfrm_lookup(net, dst2, flowi6_to_flowi(&fl2), sk, XFRM_LOOKUP_ICMP);
452edd59 365 if (!IS_ERR(dst2)) {
b42835db
DM		 366 dst_release(dst);
367 dst = dst2;
452edd59
DM		 368 } else {
369 err = PTR_ERR(dst2);
370 if (err == -EPERM) {
371 dst_release(dst);
372 return dst2;
373 } else
374 goto relookup_failed;
b42835db
DM		 375 }
376
377relookup_failed:
378 if (dst)
379 return dst;
380 return ERR_PTR(err);
381}
382
1da177e4
LT		 383/*
384 * Send an ICMP message in response to a packet in error
385 */
5f5624cf 386static void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info)
1da177e4 387{
c346dca1 388 struct net *net = dev_net(skb->dev);
1da177e4 389 struct inet6_dev *idev = NULL;
0660e03f 390 struct ipv6hdr *hdr = ipv6_hdr(skb);
84427d53
YH		 391 struct sock *sk;
392 struct ipv6_pinfo *np;
b71d1d42 393 const struct in6_addr *saddr = NULL;
1da177e4
LT		 394 struct dst_entry *dst;
395 struct icmp6hdr tmp_hdr;
4c9483b2 396 struct flowi6 fl6;
1da177e4
LT		 397 struct icmpv6_msg msg;
398 int iif = 0;
399 int addr_type = 0;
400 int len;
e651f03a 401 int hlimit;
1da177e4 402 int err = 0;
e110861f 403 u32 mark = IP6_REPLY_MARK(net, skb->mark);
1da177e4 404
27a884dc 405 if ((u8 *)hdr < skb->head ||
29a3cad5 406 (skb_network_header(skb) + sizeof(*hdr)) > skb_tail_pointer(skb))
1da177e4
LT		 407 return;
408
409 /*
1ab1457c 410 * Make sure we respect the rules
1da177e4 411 * i.e. RFC 1885 2.4(e)
5f5624cf 412 * Rule (e.1) is enforced by not using icmp6_send
1da177e4
LT		 413 * in any code that processes icmp errors.
414 */
415 addr_type = ipv6_addr_type(&hdr->daddr);
416
446fab59 417 if (ipv6_chk_addr(net, &hdr->daddr, skb->dev, 0) ||
d94c1f92 418 ipv6_chk_acast_addr_src(net, skb->dev, &hdr->daddr))
1da177e4
LT		 419 saddr = &hdr->daddr;
420
421 /*
422 * Dest addr check
423 */
424
425 if ((addr_type & IPV6_ADDR_MULTICAST || skb->pkt_type != PACKET_HOST)) {
426 if (type != ICMPV6_PKT_TOOBIG &&
1ab1457c
YH		 427 !(type == ICMPV6_PARAMPROB &&
428 code == ICMPV6_UNK_OPTION &&
1da177e4
LT		 429 (opt_unrec(skb, info))))
430 return;
431
432 saddr = NULL;
433 }
434
435 addr_type = ipv6_addr_type(&hdr->saddr);
436
437 /*
438 * Source addr check
439 */
440
842df073 441 if (__ipv6_addr_needs_scope_id(addr_type))
1da177e4
LT		 442 iif = skb->dev->ifindex;
443
444 /*
8de3351e
YH		 445 * Must not send error if the source does not uniquely
446 * identify a single node (RFC2463 Section 2.4).
447 * We check unspecified / multicast addresses here,
448 * and anycast addresses will be checked later.
1da177e4
LT		 449 */
450 if ((addr_type == IPV6_ADDR_ANY) || (addr_type & IPV6_ADDR_MULTICAST)) {
5f5624cf 451 LIMIT_NETDEBUG(KERN_DEBUG "icmp6_send: addr_any/mcast source\n");
1da177e4
LT		 452 return;
453 }
454
1ab1457c 455 /*
1da177e4
LT		 456 * Never answer to a ICMP packet.
457 */
458 if (is_ineligible(skb)) {
5f5624cf 459 LIMIT_NETDEBUG(KERN_DEBUG "icmp6_send: no reply to icmp error\n");
1da177e4
LT		 460 return;
461 }
462
79383236
MN		 463 mip6_addr_swap(skb);
464
4c9483b2
DM		 465 memset(&fl6, 0, sizeof(fl6));
466 fl6.flowi6_proto = IPPROTO_ICMPV6;
4e3fd7a0 467 fl6.daddr = hdr->saddr;
1da177e4 468 if (saddr)
4e3fd7a0 469 fl6.saddr = *saddr;
e110861f 470 fl6.flowi6_mark = mark;
4c9483b2 471 fl6.flowi6_oif = iif;
1958b856
DM		 472 fl6.fl6_icmp_type = type;
473 fl6.fl6_icmp_code = code;
4c9483b2 474 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
1da177e4 475
fdc0bde9
DL		 476 sk = icmpv6_xmit_lock(net);
477 if (sk == NULL)
405666db 478 return;
e110861f 479 sk->sk_mark = mark;
fdc0bde9 480 np = inet6_sk(sk);
405666db 481
4c9483b2 482 if (!icmpv6_xrlim_allow(sk, type, &fl6))
1da177e4
LT		 483 goto out;
484
485 tmp_hdr.icmp6_type = type;
486 tmp_hdr.icmp6_code = code;
487 tmp_hdr.icmp6_cksum = 0;
488 tmp_hdr.icmp6_pointer = htonl(info);
489
4c9483b2
DM		 490 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
491 fl6.flowi6_oif = np->mcast_oif;
c4062dfc
EH		 492 else if (!fl6.flowi6_oif)
493 fl6.flowi6_oif = np->ucast_oif;
1da177e4 494
4c9483b2 495 dst = icmpv6_route_lookup(net, skb, sk, &fl6);
b42835db 496 if (IS_ERR(dst))
1da177e4 497 goto out;
8de3351e 498
5c98631c 499 hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst);
1da177e4
LT		 500
501 msg.skb = skb;
bbe735e4 502 msg.offset = skb_network_offset(skb);
763ecff1 503 msg.type = type;
1da177e4
LT		 504
505 len = skb->len - msg.offset;
506 len = min_t(unsigned int, len, IPV6_MIN_MTU - sizeof(struct ipv6hdr) -sizeof(struct icmp6hdr));
507 if (len < 0) {
64ce2073 508 LIMIT_NETDEBUG(KERN_DEBUG "icmp: len problem\n");
1da177e4
LT		 509 goto out_dst_release;
510 }
511
cfdf7647
ED		 512 rcu_read_lock();
513 idev = __in6_dev_get(skb->dev);
1da177e4
LT		 514
515 err = ip6_append_data(sk, icmpv6_getfrag, &msg,
516 len + sizeof(struct icmp6hdr),
e651f03a 517 sizeof(struct icmp6hdr), hlimit,
a2d91a09 518 np->tclass, NULL, &fl6, (struct rt6_info *)dst,
13b52cd4 519 MSG_DONTWAIT, np->dontfrag);
1da177e4 520 if (err) {
43a43b60 521 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTERRORS);
1da177e4 522 ip6_flush_pending_frames(sk);
cfdf7647
ED		 523 } else {
524 err = icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr,
525 len + sizeof(struct icmp6hdr));
1da177e4 526 }
cfdf7647 527 rcu_read_unlock();
1da177e4
LT		 528out_dst_release:
529 dst_release(dst);
530out:
405666db 531 icmpv6_xmit_unlock(sk);
1da177e4 532}
5f5624cf
PS		 533
534/* Slightly more convenient version of icmp6_send.
535 */
536void icmpv6_param_prob(struct sk_buff *skb, u8 code, int pos)
537{
538 icmp6_send(skb, ICMPV6_PARAMPROB, code, pos);
539 kfree_skb(skb);
540}
7159039a 541
1da177e4
LT		 542static void icmpv6_echo_reply(struct sk_buff *skb)
543{
c346dca1 544 struct net *net = dev_net(skb->dev);
84427d53 545 struct sock *sk;
1da177e4 546 struct inet6_dev *idev;
84427d53 547 struct ipv6_pinfo *np;
b71d1d42 548 const struct in6_addr *saddr = NULL;
cc70ab26 549 struct icmp6hdr *icmph = icmp6_hdr(skb);
1da177e4 550 struct icmp6hdr tmp_hdr;
4c9483b2 551 struct flowi6 fl6;
1da177e4
LT		 552 struct icmpv6_msg msg;
553 struct dst_entry *dst;
554 int err = 0;
555 int hlimit;
825edac4 556 u8 tclass;
e110861f 557 u32 mark = IP6_REPLY_MARK(net, skb->mark);
1da177e4 558
0660e03f 559 saddr = &ipv6_hdr(skb)->daddr;
1da177e4 560
509aba3b 561 if (!ipv6_unicast_destination(skb) &&
ec35b61e 562 !(net->ipv6.sysctl.anycast_src_echo_reply &&
509aba3b 563 ipv6_anycast_destination(skb)))
1da177e4
LT		 564 saddr = NULL;
565
566 memcpy(&tmp_hdr, icmph, sizeof(tmp_hdr));
567 tmp_hdr.icmp6_type = ICMPV6_ECHO_REPLY;
568
4c9483b2
DM		 569 memset(&fl6, 0, sizeof(fl6));
570 fl6.flowi6_proto = IPPROTO_ICMPV6;
4e3fd7a0 571 fl6.daddr = ipv6_hdr(skb)->saddr;
1da177e4 572 if (saddr)
4e3fd7a0 573 fl6.saddr = *saddr;
4c9483b2 574 fl6.flowi6_oif = skb->dev->ifindex;
1958b856 575 fl6.fl6_icmp_type = ICMPV6_ECHO_REPLY;
e110861f 576 fl6.flowi6_mark = mark;
4c9483b2 577 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
1da177e4 578
fdc0bde9
DL		 579 sk = icmpv6_xmit_lock(net);
580 if (sk == NULL)
405666db 581 return;
e110861f 582 sk->sk_mark = mark;
fdc0bde9 583 np = inet6_sk(sk);
405666db 584
4c9483b2
DM		 585 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
586 fl6.flowi6_oif = np->mcast_oif;
c4062dfc
EH		 587 else if (!fl6.flowi6_oif)
588 fl6.flowi6_oif = np->ucast_oif;
1da177e4 589
4c9483b2 590 err = ip6_dst_lookup(sk, &dst, &fl6);
1da177e4
LT		 591 if (err)
592 goto out;
4c9483b2 593 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), sk, 0);
452edd59 594 if (IS_ERR(dst))
e104411b 595 goto out;
1da177e4 596
5c98631c 597 hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst);
1da177e4 598
cfdf7647 599 idev = __in6_dev_get(skb->dev);
1da177e4
LT		 600
601 msg.skb = skb;
602 msg.offset = 0;
763ecff1 603 msg.type = ICMPV6_ECHO_REPLY;
1da177e4 604
825edac4 605 tclass = ipv6_get_dsfield(ipv6_hdr(skb));
1da177e4 606 err = ip6_append_data(sk, icmpv6_getfrag, &msg, skb->len + sizeof(struct icmp6hdr),
825edac4 607 sizeof(struct icmp6hdr), hlimit, tclass, NULL, &fl6,
a2d91a09 608 (struct rt6_info *)dst, MSG_DONTWAIT,
13b52cd4 609 np->dontfrag);
1da177e4
LT		 610
611 if (err) {
00d9d6a1 612 ICMP6_INC_STATS_BH(net, idev, ICMP6_MIB_OUTERRORS);
1da177e4 613 ip6_flush_pending_frames(sk);
cfdf7647
ED		 614 } else {
615 err = icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr,
616 skb->len + sizeof(struct icmp6hdr));
1da177e4 617 }
1da177e4 618 dst_release(dst);
1ab1457c 619out:
405666db 620 icmpv6_xmit_unlock(sk);
1da177e4
LT		 621}
622
b94f1c09 623void icmpv6_notify(struct sk_buff *skb, u8 type, u8 code, __be32 info)
1da177e4 624{
41135cc8 625 const struct inet6_protocol *ipprot;
1da177e4 626 int inner_offset;
75f2811c 627 __be16 frag_off;
f9242b6b 628 u8 nexthdr;
1da177e4
LT		 629
630 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
631 return;
632
633 nexthdr = ((struct ipv6hdr *)skb->data)->nexthdr;
634 if (ipv6_ext_hdr(nexthdr)) {
635 /* now skip over extension headers */
75f2811c
JG		 636 inner_offset = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr),
637 &nexthdr, &frag_off);
1da177e4
LT		 638 if (inner_offset<0)
639 return;
640 } else {
641 inner_offset = sizeof(struct ipv6hdr);
642 }
643
644 /* Checkin header including 8 bytes of inner protocol header. */
645 if (!pskb_may_pull(skb, inner_offset+8))
646 return;
647
1da177e4
LT		 648 /* BUGGG_FUTURE: we should try to parse exthdrs in this packet.
649 Without this we will not able f.e. to make source routed
650 pmtu discovery.
651 Corresponding argument (opt) to notifiers is already added.
652 --ANK (980726)
653 */
654
1da177e4 655 rcu_read_lock();
f9242b6b 656 ipprot = rcu_dereference(inet6_protos[nexthdr]);
1da177e4
LT		 657 if (ipprot && ipprot->err_handler)
658 ipprot->err_handler(skb, NULL, type, code, inner_offset, info);
659 rcu_read_unlock();
660
69d6da0b 661 raw6_icmp_error(skb, nexthdr, type, code, inner_offset, info);
1da177e4 662}
1ab1457c 663
1da177e4
LT		 664/*
665 * Handle icmp messages
666 */
667
e5bbef20 668static int icmpv6_rcv(struct sk_buff *skb)
1da177e4 669{
1da177e4
LT		 670 struct net_device *dev = skb->dev;
671 struct inet6_dev *idev = __in6_dev_get(dev);
b71d1d42 672 const struct in6_addr *saddr, *daddr;
1da177e4 673 struct icmp6hdr *hdr;
d5fdd6ba 674 u8 type;
1da177e4 675
aebcf82c 676 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
def8b4fa 677 struct sec_path *sp = skb_sec_path(skb);
8b7817f3
HX		 678 int nh;
679
def8b4fa 680 if (!(sp && sp->xvec[sp->len - 1]->props.flags &
aebcf82c
HX		 681 XFRM_STATE_ICMP))
682 goto drop_no_count;
683
81aded24 684 if (!pskb_may_pull(skb, sizeof(*hdr) + sizeof(struct ipv6hdr)))
8b7817f3
HX		 685 goto drop_no_count;
686
687 nh = skb_network_offset(skb);
688 skb_set_network_header(skb, sizeof(*hdr));
689
690 if (!xfrm6_policy_check_reverse(NULL, XFRM_POLICY_IN, skb))
691 goto drop_no_count;
692
693 skb_set_network_header(skb, nh);
694 }
695
e41b5368 696 ICMP6_INC_STATS_BH(dev_net(dev), idev, ICMP6_MIB_INMSGS);
1da177e4 697
0660e03f
ACM		 698 saddr = &ipv6_hdr(skb)->saddr;
699 daddr = &ipv6_hdr(skb)->daddr;
1da177e4 700
39471ac8
TH		 701 if (skb_checksum_validate(skb, IPPROTO_ICMPV6, ip6_compute_pseudo)) {
702 LIMIT_NETDEBUG(KERN_DEBUG
703 "ICMPv6 checksum failed [%pI6c > %pI6c]\n",
704 saddr, daddr);
705 goto csum_error;
1da177e4
LT		 706 }
707
8cf22943
HX		 708 if (!pskb_pull(skb, sizeof(*hdr)))
709 goto discard_it;
1da177e4 710
cc70ab26 711 hdr = icmp6_hdr(skb);
1da177e4
LT		 712
713 type = hdr->icmp6_type;
714
55d43808 715 ICMP6MSGIN_INC_STATS_BH(dev_net(dev), idev, type);
1da177e4
LT		 716
717 switch (type) {
718 case ICMPV6_ECHO_REQUEST:
719 icmpv6_echo_reply(skb);
720 break;
721
722 case ICMPV6_ECHO_REPLY:
6d0bfe22 723 ping_rcv(skb);
1da177e4
LT		 724 break;
725
726 case ICMPV6_PKT_TOOBIG:
727 /* BUGGG_FUTURE: if packet contains rthdr, we cannot update
728 standard destination cache. Seems, only "advanced"
729 destination cache will allow to solve this problem
730 --ANK (980726)
731 */
732 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
733 goto discard_it;
cc70ab26 734 hdr = icmp6_hdr(skb);
1da177e4
LT		 735
736 /*
737 * Drop through to notify
738 */
739
740 case ICMPV6_DEST_UNREACH:
741 case ICMPV6_TIME_EXCEED:
742 case ICMPV6_PARAMPROB:
743 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu);
744 break;
745
746 case NDISC_ROUTER_SOLICITATION:
747 case NDISC_ROUTER_ADVERTISEMENT:
748 case NDISC_NEIGHBOUR_SOLICITATION:
749 case NDISC_NEIGHBOUR_ADVERTISEMENT:
750 case NDISC_REDIRECT:
751 ndisc_rcv(skb);
752 break;
753
754 case ICMPV6_MGM_QUERY:
755 igmp6_event_query(skb);
756 break;
757
758 case ICMPV6_MGM_REPORT:
759 igmp6_event_report(skb);
760 break;
761
762 case ICMPV6_MGM_REDUCTION:
763 case ICMPV6_NI_QUERY:
764 case ICMPV6_NI_REPLY:
765 case ICMPV6_MLD2_REPORT:
766 case ICMPV6_DHAAD_REQUEST:
767 case ICMPV6_DHAAD_REPLY:
768 case ICMPV6_MOBILE_PREFIX_SOL:
769 case ICMPV6_MOBILE_PREFIX_ADV:
770 break;
771
772 default:
64ce2073 773 LIMIT_NETDEBUG(KERN_DEBUG "icmpv6: msg of unknown type\n");
1da177e4
LT		 774
775 /* informational */
776 if (type & ICMPV6_INFOMSG_MASK)
777 break;
778
1ab1457c
YH		 779 /*
780 * error of unknown type.
781 * must pass to upper level
1da177e4
LT		 782 */
783
784 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu);
3ff50b79
SH		 785 }
786
1da177e4
LT		 787 kfree_skb(skb);
788 return 0;
789
6a5dc9e5
ED		 790csum_error:
791 ICMP6_INC_STATS_BH(dev_net(dev), idev, ICMP6_MIB_CSUMERRORS);
1da177e4 792discard_it:
e41b5368 793 ICMP6_INC_STATS_BH(dev_net(dev), idev, ICMP6_MIB_INERRORS);
8b7817f3 794drop_no_count:
1da177e4
LT		 795 kfree_skb(skb);
796 return 0;
797}
798
4c9483b2 799void icmpv6_flow_init(struct sock *sk, struct flowi6 *fl6,
95e41e93
YH		 800 u8 type,
801 const struct in6_addr *saddr,
802 const struct in6_addr *daddr,
803 int oif)
804{
4c9483b2 805 memset(fl6, 0, sizeof(*fl6));
4e3fd7a0
AD		 806 fl6->saddr = *saddr;
807 fl6->daddr = *daddr;
4c9483b2 808 fl6->flowi6_proto = IPPROTO_ICMPV6;
1958b856
DM		 809 fl6->fl6_icmp_type = type;
810 fl6->fl6_icmp_code = 0;
4c9483b2
DM		 811 fl6->flowi6_oif = oif;
812 security_sk_classify_flow(sk, flowi6_to_flowi(fl6));
95e41e93
YH		 813}
814
640c41c7 815/*
b7e729c4 816 * Special lock-class for __icmpv6_sk:
640c41c7
IM		 817 */
818static struct lock_class_key icmpv6_socket_sk_dst_lock_key;
819
98c6d1b2 820static int __net_init icmpv6_sk_init(struct net *net)
1da177e4
LT		 821{
822 struct sock *sk;
823 int err, i, j;
824
98c6d1b2
DL		 825 net->ipv6.icmp_sk =
826 kzalloc(nr_cpu_ids * sizeof(struct sock *), GFP_KERNEL);
827 if (net->ipv6.icmp_sk == NULL)
79c91159
DL		 828 return -ENOMEM;
829
6f912042 830 for_each_possible_cpu(i) {
1ed8516f
DL		 831 err = inet_ctl_sock_create(&sk, PF_INET6,
832 SOCK_RAW, IPPROTO_ICMPV6, net);
1da177e4 833 if (err < 0) {
f3213831 834 pr_err("Failed to initialize the ICMP6 control socket (err %d)\n",
1da177e4
LT		 835 err);
836 goto fail;
837 }
838
1ed8516f 839 net->ipv6.icmp_sk[i] = sk;
5c8cafd6 840
640c41c7
IM		 841 /*
842 * Split off their lock-class, because sk->sk_dst_lock
843 * gets used from softirqs, which is safe for
b7e729c4 844 * __icmpv6_sk (because those never get directly used
640c41c7
IM		 845 * via userspace syscalls), but unsafe for normal sockets.
846 */
847 lockdep_set_class(&sk->sk_dst_lock,
848 &icmpv6_socket_sk_dst_lock_key);
1da177e4
LT		 849
850 /* Enough space for 2 64K ICMP packets, including
851 * sk_buff struct overhead.
852 */
87fb4b7b 853 sk->sk_sndbuf = 2 * SKB_TRUESIZE(64 * 1024);
1da177e4 854 }
1da177e4
LT		 855 return 0;
856
857 fail:
5c8cafd6 858 for (j = 0; j < i; j++)
1ed8516f 859 inet_ctl_sock_destroy(net->ipv6.icmp_sk[j]);
98c6d1b2 860 kfree(net->ipv6.icmp_sk);
1da177e4
LT		 861 return err;
862}
863
98c6d1b2 864static void __net_exit icmpv6_sk_exit(struct net *net)
1da177e4
LT		 865{
866 int i;
867
6f912042 868 for_each_possible_cpu(i) {
1ed8516f 869 inet_ctl_sock_destroy(net->ipv6.icmp_sk[i]);
1da177e4 870 }
98c6d1b2
DL		 871 kfree(net->ipv6.icmp_sk);
872}
873
8ed7edce 874static struct pernet_operations icmpv6_sk_ops = {
98c6d1b2
DL		 875 .init = icmpv6_sk_init,
876 .exit = icmpv6_sk_exit,
877};
878
879int __init icmpv6_init(void)
880{
881 int err;
882
883 err = register_pernet_subsys(&icmpv6_sk_ops);
884 if (err < 0)
885 return err;
886
887 err = -EAGAIN;
888 if (inet6_add_protocol(&icmpv6_protocol, IPPROTO_ICMPV6) < 0)
889 goto fail;
5f5624cf
PS		 890
891 err = inet6_register_icmp_sender(icmp6_send);
892 if (err)
893 goto sender_reg_err;
98c6d1b2
DL		 894 return 0;
895
5f5624cf
PS		 896sender_reg_err:
897 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6);
98c6d1b2 898fail:
f3213831 899 pr_err("Failed to register ICMP6 protocol\n");
98c6d1b2
DL		 900 unregister_pernet_subsys(&icmpv6_sk_ops);
901 return err;
902}
903
8ed7edce 904void icmpv6_cleanup(void)
98c6d1b2 905{
5f5624cf 906 inet6_unregister_icmp_sender(icmp6_send);
98c6d1b2 907 unregister_pernet_subsys(&icmpv6_sk_ops);
1da177e4
LT		 908 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6);
909}
910
98c6d1b2 911
9b5b5cff 912static const struct icmp6_err {
1da177e4
LT		 913 int err;
914 int fatal;
915} tab_unreach[] = {
916 { /* NOROUTE */
917 .err = ENETUNREACH,
918 .fatal = 0,
919 },
920 { /* ADM_PROHIBITED */
921 .err = EACCES,
922 .fatal = 1,
923 },
924 { /* Was NOT_NEIGHBOUR, now reserved */
925 .err = EHOSTUNREACH,
926 .fatal = 0,
927 },
928 { /* ADDR_UNREACH */
929 .err = EHOSTUNREACH,
930 .fatal = 0,
931 },
932 { /* PORT_UNREACH */
933 .err = ECONNREFUSED,
934 .fatal = 1,
935 },
61e76b17
JB		 936 { /* POLICY_FAIL */
937 .err = EACCES,
938 .fatal = 1,
939 },
940 { /* REJECT_ROUTE */
941 .err = EACCES,
942 .fatal = 1,
943 },
1da177e4
LT		 944};
945
d5fdd6ba 946int icmpv6_err_convert(u8 type, u8 code, int *err)
1da177e4
LT		 947{
948 int fatal = 0;
949
950 *err = EPROTO;
951
952 switch (type) {
953 case ICMPV6_DEST_UNREACH:
954 fatal = 1;
61e76b17 955 if (code < ARRAY_SIZE(tab_unreach)) {
1da177e4
LT		 956 *err = tab_unreach[code].err;
957 fatal = tab_unreach[code].fatal;
958 }
959 break;
960
961 case ICMPV6_PKT_TOOBIG:
962 *err = EMSGSIZE;
963 break;
1ab1457c 964
1da177e4
LT		 965 case ICMPV6_PARAMPROB:
966 *err = EPROTO;
967 fatal = 1;
968 break;
969
970 case ICMPV6_TIME_EXCEED:
971 *err = EHOSTUNREACH;
972 break;
3ff50b79 973 }
1da177e4
LT		 974
975 return fatal;
976}
7159039a
YH		 977EXPORT_SYMBOL(icmpv6_err_convert);
978
1da177e4 979#ifdef CONFIG_SYSCTL
e8243534 980static struct ctl_table ipv6_icmp_table_template[] = {
1da177e4 981 {
1da177e4 982 .procname = "ratelimit",
41a76906 983 .data = &init_net.ipv6.sysctl.icmpv6_time,
1da177e4
LT		 984 .maxlen = sizeof(int),
985 .mode = 0644,
6d9f239a 986 .proc_handler = proc_dointvec_ms_jiffies,
1da177e4 987 },
f8572d8f 988 { },
1da177e4 989};
760f2d01 990
2c8c1e72 991struct ctl_table * __net_init ipv6_icmp_sysctl_init(struct net *net)
760f2d01
DL		 992{
993 struct ctl_table *table;
994
995 table = kmemdup(ipv6_icmp_table_template,
996 sizeof(ipv6_icmp_table_template),
997 GFP_KERNEL);
5ee09105 998
c027aab4 999 if (table)
5ee09105
YH		 1000 table[0].data = &net->ipv6.sysctl.icmpv6_time;
1001
760f2d01
DL		 1002 return table;
1003}
1da177e4
LT		 1004#endif
1005
Ubuntu Jammy Linux kernel mirror