]> git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/blame - net/ipv6/icmp.c
projects / mirror_ubuntu-jammy-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
icmp: Call skb_checksum_simple_validate
[mirror_ubuntu-jammy-kernel.git] / net / ipv6 / icmp.c
CommitLineData
1da177e4
LT		 1/*
2 * Internet Control Message Protocol (ICMPv6)
3 * Linux INET6 implementation
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 *
1da177e4
LT		 8 * Based on net/ipv4/icmp.c
9 *
10 * RFC 1885
11 *
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version
15 * 2 of the License, or (at your option) any later version.
16 */
17
18/*
19 * Changes:
20 *
21 * Andi Kleen : exception handling
22 * Andi Kleen add rate limits. never reply to a icmp.
23 * add more length checks and other fixes.
24 * yoshfuji : ensure to sent parameter problem for
25 * fragments.
26 * YOSHIFUJI Hideaki @USAGI: added sysctl for icmp rate limit.
27 * Randy Dunlap and
28 * YOSHIFUJI Hideaki @USAGI: Per-interface statistics support
29 * Kazunori MIYAZAWA @USAGI: change output process to use ip6_append_data
30 */
31
f3213831
JP		 32#define pr_fmt(fmt) "IPv6: " fmt
33
1da177e4
LT		 34#include <linux/module.h>
35#include <linux/errno.h>
36#include <linux/types.h>
37#include <linux/socket.h>
38#include <linux/in.h>
39#include <linux/kernel.h>
1da177e4
LT		 40#include <linux/sockios.h>
41#include <linux/net.h>
42#include <linux/skbuff.h>
43#include <linux/init.h>
763ecff1 44#include <linux/netfilter.h>
5a0e3ad6 45#include <linux/slab.h>
1da177e4
LT		 46
47#ifdef CONFIG_SYSCTL
48#include <linux/sysctl.h>
49#endif
50
51#include <linux/inet.h>
52#include <linux/netdevice.h>
53#include <linux/icmpv6.h>
54
55#include <net/ip.h>
56#include <net/sock.h>
57
58#include <net/ipv6.h>
59#include <net/ip6_checksum.h>
6d0bfe22 60#include <net/ping.h>
1da177e4
LT		 61#include <net/protocol.h>
62#include <net/raw.h>
63#include <net/rawv6.h>
64#include <net/transp_v6.h>
65#include <net/ip6_route.h>
66#include <net/addrconf.h>
67#include <net/icmp.h>
8b7817f3 68#include <net/xfrm.h>
1ed8516f 69#include <net/inet_common.h>
825edac4 70#include <net/dsfield.h>
1da177e4
LT		 71
72#include <asm/uaccess.h>
1da177e4 73
1da177e4
LT		 74/*
75 * The ICMP socket(s). This is the most convenient way to flow control
76 * our ICMP output as well as maintain a clean interface throughout
77 * all layers. All Socketless IP sends will soon be gone.
78 *
79 * On SMP we have one ICMP socket per-cpu.
80 */
98c6d1b2
DL		 81static inline struct sock *icmpv6_sk(struct net *net)
82{
83 return net->ipv6.icmp_sk[smp_processor_id()];
84}
1da177e4 85
6f809da2
SK		 86static void icmpv6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
87 u8 type, u8 code, int offset, __be32 info)
88{
6d0bfe22
LC		 89 /* icmpv6_notify checks 8 bytes can be pulled, icmp6hdr is 8 bytes */
90 struct icmp6hdr *icmp6 = (struct icmp6hdr *) (skb->data + offset);
6f809da2
SK		 91 struct net *net = dev_net(skb->dev);
92
93 if (type == ICMPV6_PKT_TOOBIG)
94 ip6_update_pmtu(skb, net, info, 0, 0);
95 else if (type == NDISC_REDIRECT)
b55b76b2 96 ip6_redirect(skb, net, skb->dev->ifindex, 0);
6d0bfe22
LC		 97
98 if (!(type & ICMPV6_INFOMSG_MASK))
99 if (icmp6->icmp6_type == ICMPV6_ECHO_REQUEST)
100 ping_err(skb, offset, info);
6f809da2
SK		 101}
102
e5bbef20 103static int icmpv6_rcv(struct sk_buff *skb);
1da177e4 104
41135cc8 105static const struct inet6_protocol icmpv6_protocol = {
1da177e4 106 .handler = icmpv6_rcv,
6f809da2 107 .err_handler = icmpv6_err,
8b7817f3 108 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
1da177e4
LT		 109};
110
fdc0bde9 111static __inline__ struct sock *icmpv6_xmit_lock(struct net *net)
1da177e4 112{
fdc0bde9
DL		 113 struct sock *sk;
114
1da177e4
LT		 115 local_bh_disable();
116
fdc0bde9 117 sk = icmpv6_sk(net);
405666db 118 if (unlikely(!spin_trylock(&sk->sk_lock.slock))) {
1da177e4
LT		 119 /* This can happen if the output path (f.e. SIT or
120 * ip6ip6 tunnel) signals dst_link_failure() for an
121 * outgoing ICMP6 packet.
122 */
123 local_bh_enable();
fdc0bde9 124 return NULL;
1da177e4 125 }
fdc0bde9 126 return sk;
1da177e4
LT		 127}
128
405666db 129static __inline__ void icmpv6_xmit_unlock(struct sock *sk)
1da177e4 130{
405666db 131 spin_unlock_bh(&sk->sk_lock.slock);
1da177e4
LT		 132}
133
1da177e4
LT		 134/*
135 * Figure out, may we reply to this packet with icmp error.
136 *
137 * We do not reply, if:
138 * - it was icmp error message.
139 * - it is truncated, so that it is known, that protocol is ICMPV6
140 * (i.e. in the middle of some exthdr)
141 *
142 * --ANK (980726)
143 */
144
a50feda5 145static bool is_ineligible(const struct sk_buff *skb)
1da177e4 146{
0660e03f 147 int ptr = (u8 *)(ipv6_hdr(skb) + 1) - skb->data;
1da177e4 148 int len = skb->len - ptr;
0660e03f 149 __u8 nexthdr = ipv6_hdr(skb)->nexthdr;
75f2811c 150 __be16 frag_off;
1da177e4
LT		 151
152 if (len < 0)
a50feda5 153 return true;
1da177e4 154
75f2811c 155 ptr = ipv6_skip_exthdr(skb, ptr, &nexthdr, &frag_off);
1da177e4 156 if (ptr < 0)
a50feda5 157 return false;
1da177e4
LT		 158 if (nexthdr == IPPROTO_ICMPV6) {
159 u8 _type, *tp;
160 tp = skb_header_pointer(skb,
161 ptr+offsetof(struct icmp6hdr, icmp6_type),
162 sizeof(_type), &_type);
163 if (tp == NULL ||
164 !(*tp & ICMPV6_INFOMSG_MASK))
a50feda5 165 return true;
1da177e4 166 }
a50feda5 167 return false;
1da177e4
LT		 168}
169
1ab1457c
YH		 170/*
171 * Check the ICMP output rate limit
1da177e4 172 */
92d86829 173static inline bool icmpv6_xrlim_allow(struct sock *sk, u8 type,
4c9483b2 174 struct flowi6 *fl6)
1da177e4
LT		 175{
176 struct dst_entry *dst;
3b1e0a65 177 struct net *net = sock_net(sk);
92d86829 178 bool res = false;
1da177e4
LT		 179
180 /* Informational messages are not limited. */
181 if (type & ICMPV6_INFOMSG_MASK)
92d86829 182 return true;
1da177e4
LT		 183
184 /* Do not limit pmtu discovery, it would break it. */
185 if (type == ICMPV6_PKT_TOOBIG)
92d86829 186 return true;
1da177e4 187
1ab1457c 188 /*
1da177e4
LT		 189 * Look up the output route.
190 * XXX: perhaps the expire for routing entries cloned by
191 * this lookup should be more aggressive (not longer than timeout).
192 */
4c9483b2 193 dst = ip6_route_output(net, sk, fl6);
1da177e4 194 if (dst->error) {
3bd653c8 195 IP6_INC_STATS(net, ip6_dst_idev(dst),
a11d206d 196 IPSTATS_MIB_OUTNOROUTES);
1da177e4 197 } else if (dst->dev && (dst->dev->flags&IFF_LOOPBACK)) {
92d86829 198 res = true;
1da177e4
LT		 199 } else {
200 struct rt6_info *rt = (struct rt6_info *)dst;
9a43b709 201 int tmo = net->ipv6.sysctl.icmpv6_time;
fbfe95a4 202 struct inet_peer *peer;
1da177e4
LT		 203
204 /* Give more bandwidth to wider prefixes. */
205 if (rt->rt6i_dst.plen < 128)
206 tmo >>= ((128 - rt->rt6i_dst.plen)>>5);
207
1d861aa4 208 peer = inet_getpeer_v6(net->ipv6.peers, &rt->rt6i_dst.addr, 1);
fbfe95a4 209 res = inet_peer_xrlim_allow(peer, tmo);
1d861aa4
DM		 210 if (peer)
211 inet_putpeer(peer);
1da177e4
LT		 212 }
213 dst_release(dst);
214 return res;
215}
216
217/*
218 * an inline helper for the "simple" if statement below
219 * checks if parameter problem report is caused by an
1ab1457c 220 * unrecognized IPv6 option that has the Option Type
1da177e4
LT		 221 * highest-order two bits set to 10
222 */
223
a50feda5 224static bool opt_unrec(struct sk_buff *skb, __u32 offset)
1da177e4
LT		 225{
226 u8 _optval, *op;
227
bbe735e4 228 offset += skb_network_offset(skb);
1da177e4
LT		 229 op = skb_header_pointer(skb, offset, sizeof(_optval), &_optval);
230 if (op == NULL)
a50feda5 231 return true;
1da177e4
LT		 232 return (*op & 0xC0) == 0x80;
233}
234
6d0bfe22
LC		 235int icmpv6_push_pending_frames(struct sock *sk, struct flowi6 *fl6,
236 struct icmp6hdr *thdr, int len)
1da177e4
LT		 237{
238 struct sk_buff *skb;
239 struct icmp6hdr *icmp6h;
240 int err = 0;
241
242 if ((skb = skb_peek(&sk->sk_write_queue)) == NULL)
243 goto out;
244
cc70ab26 245 icmp6h = icmp6_hdr(skb);
1da177e4
LT		 246 memcpy(icmp6h, thdr, sizeof(struct icmp6hdr));
247 icmp6h->icmp6_cksum = 0;
248
249 if (skb_queue_len(&sk->sk_write_queue) == 1) {
07f0757a 250 skb->csum = csum_partial(icmp6h,
1da177e4 251 sizeof(struct icmp6hdr), skb->csum);
4c9483b2
DM		 252 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr,
253 &fl6->daddr,
254 len, fl6->flowi6_proto,
1da177e4
LT		 255 skb->csum);
256 } else {
868c86bc 257 __wsum tmp_csum = 0;
1da177e4
LT		 258
259 skb_queue_walk(&sk->sk_write_queue, skb) {
260 tmp_csum = csum_add(tmp_csum, skb->csum);
261 }
262
07f0757a 263 tmp_csum = csum_partial(icmp6h,
1da177e4 264 sizeof(struct icmp6hdr), tmp_csum);
4c9483b2
DM		 265 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr,
266 &fl6->daddr,
267 len, fl6->flowi6_proto,
868c86bc 268 tmp_csum);
1da177e4 269 }
1da177e4
LT		 270 ip6_push_pending_frames(sk);
271out:
272 return err;
273}
274
275struct icmpv6_msg {
276 struct sk_buff *skb;
277 int offset;
763ecff1 278 uint8_t type;
1da177e4
LT		 279};
280
281static int icmpv6_getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb)
282{
283 struct icmpv6_msg *msg = (struct icmpv6_msg *) from;
284 struct sk_buff *org_skb = msg->skb;
5f92a738 285 __wsum csum = 0;
1da177e4
LT		 286
287 csum = skb_copy_and_csum_bits(org_skb, msg->offset + offset,
288 to, len, csum);
289 skb->csum = csum_block_add(skb->csum, csum, odd);
763ecff1
YK		 290 if (!(msg->type & ICMPV6_INFOMSG_MASK))
291 nf_ct_attach(skb, org_skb);
1da177e4
LT		 292 return 0;
293}
294
07a93626 295#if IS_ENABLED(CONFIG_IPV6_MIP6)
79383236
MN		 296static void mip6_addr_swap(struct sk_buff *skb)
297{
0660e03f 298 struct ipv6hdr *iph = ipv6_hdr(skb);
79383236
MN		 299 struct inet6_skb_parm *opt = IP6CB(skb);
300 struct ipv6_destopt_hao *hao;
301 struct in6_addr tmp;
302 int off;
303
304 if (opt->dsthao) {
305 off = ipv6_find_tlv(skb, opt->dsthao, IPV6_TLV_HAO);
306 if (likely(off >= 0)) {
d56f90a7
ACM		 307 hao = (struct ipv6_destopt_hao *)
308 (skb_network_header(skb) + off);
4e3fd7a0
AD		 309 tmp = iph->saddr;
310 iph->saddr = hao->addr;
311 hao->addr = tmp;
79383236
MN		 312 }
313 }
314}
315#else
316static inline void mip6_addr_swap(struct sk_buff *skb) {}
317#endif
318
e8243534 319static struct dst_entry *icmpv6_route_lookup(struct net *net,
320 struct sk_buff *skb,
321 struct sock *sk,
322 struct flowi6 *fl6)
b42835db
DM		 323{
324 struct dst_entry *dst, *dst2;
4c9483b2 325 struct flowi6 fl2;
b42835db
DM		 326 int err;
327
4c9483b2 328 err = ip6_dst_lookup(sk, &dst, fl6);
b42835db
DM		 329 if (err)
330 return ERR_PTR(err);
331
332 /*
333 * We won't send icmp if the destination is known
334 * anycast.
335 */
336 if (((struct rt6_info *)dst)->rt6i_flags & RTF_ANYCAST) {
5f5624cf 337 LIMIT_NETDEBUG(KERN_DEBUG "icmp6_send: acast source\n");
b42835db
DM		 338 dst_release(dst);
339 return ERR_PTR(-EINVAL);
340 }
341
342 /* No need to clone since we're just using its address. */
343 dst2 = dst;
344
4c9483b2 345 dst = xfrm_lookup(net, dst, flowi6_to_flowi(fl6), sk, 0);
452edd59 346 if (!IS_ERR(dst)) {
b42835db
DM		 347 if (dst != dst2)
348 return dst;
452edd59
DM		 349 } else {
350 if (PTR_ERR(dst) == -EPERM)
351 dst = NULL;
352 else
353 return dst;
b42835db
DM		 354 }
355
4c9483b2 356 err = xfrm_decode_session_reverse(skb, flowi6_to_flowi(&fl2), AF_INET6);
b42835db
DM		 357 if (err)
358 goto relookup_failed;
359
360 err = ip6_dst_lookup(sk, &dst2, &fl2);
361 if (err)
362 goto relookup_failed;
363
4c9483b2 364 dst2 = xfrm_lookup(net, dst2, flowi6_to_flowi(&fl2), sk, XFRM_LOOKUP_ICMP);
452edd59 365 if (!IS_ERR(dst2)) {
b42835db
DM		 366 dst_release(dst);
367 dst = dst2;
452edd59
DM		 368 } else {
369 err = PTR_ERR(dst2);
370 if (err == -EPERM) {
371 dst_release(dst);
372 return dst2;
373 } else
374 goto relookup_failed;
b42835db
DM		 375 }
376
377relookup_failed:
378 if (dst)
379 return dst;
380 return ERR_PTR(err);
381}
382
1da177e4
LT		 383/*
384 * Send an ICMP message in response to a packet in error
385 */
5f5624cf 386static void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info)
1da177e4 387{
c346dca1 388 struct net *net = dev_net(skb->dev);
1da177e4 389 struct inet6_dev *idev = NULL;
0660e03f 390 struct ipv6hdr *hdr = ipv6_hdr(skb);
84427d53
YH		 391 struct sock *sk;
392 struct ipv6_pinfo *np;
b71d1d42 393 const struct in6_addr *saddr = NULL;
1da177e4
LT		 394 struct dst_entry *dst;
395 struct icmp6hdr tmp_hdr;
4c9483b2 396 struct flowi6 fl6;
1da177e4
LT		 397 struct icmpv6_msg msg;
398 int iif = 0;
399 int addr_type = 0;
400 int len;
e651f03a 401 int hlimit;
1da177e4
LT		 402 int err = 0;
403
27a884dc 404 if ((u8 *)hdr < skb->head ||
29a3cad5 405 (skb_network_header(skb) + sizeof(*hdr)) > skb_tail_pointer(skb))
1da177e4
LT		 406 return;
407
408 /*
1ab1457c 409 * Make sure we respect the rules
1da177e4 410 * i.e. RFC 1885 2.4(e)
5f5624cf 411 * Rule (e.1) is enforced by not using icmp6_send
1da177e4
LT		 412 * in any code that processes icmp errors.
413 */
414 addr_type = ipv6_addr_type(&hdr->daddr);
415
446fab59 416 if (ipv6_chk_addr(net, &hdr->daddr, skb->dev, 0) ||
d94c1f92 417 ipv6_chk_acast_addr_src(net, skb->dev, &hdr->daddr))
1da177e4
LT		 418 saddr = &hdr->daddr;
419
420 /*
421 * Dest addr check
422 */
423
424 if ((addr_type & IPV6_ADDR_MULTICAST || skb->pkt_type != PACKET_HOST)) {
425 if (type != ICMPV6_PKT_TOOBIG &&
1ab1457c
YH		 426 !(type == ICMPV6_PARAMPROB &&
427 code == ICMPV6_UNK_OPTION &&
1da177e4
LT		 428 (opt_unrec(skb, info))))
429 return;
430
431 saddr = NULL;
432 }
433
434 addr_type = ipv6_addr_type(&hdr->saddr);
435
436 /*
437 * Source addr check
438 */
439
842df073 440 if (__ipv6_addr_needs_scope_id(addr_type))
1da177e4
LT		 441 iif = skb->dev->ifindex;
442
443 /*
8de3351e
YH		 444 * Must not send error if the source does not uniquely
445 * identify a single node (RFC2463 Section 2.4).
446 * We check unspecified / multicast addresses here,
447 * and anycast addresses will be checked later.
1da177e4
LT		 448 */
449 if ((addr_type == IPV6_ADDR_ANY) || (addr_type & IPV6_ADDR_MULTICAST)) {
5f5624cf 450 LIMIT_NETDEBUG(KERN_DEBUG "icmp6_send: addr_any/mcast source\n");
1da177e4
LT		 451 return;
452 }
453
1ab1457c 454 /*
1da177e4
LT		 455 * Never answer to a ICMP packet.
456 */
457 if (is_ineligible(skb)) {
5f5624cf 458 LIMIT_NETDEBUG(KERN_DEBUG "icmp6_send: no reply to icmp error\n");
1da177e4
LT		 459 return;
460 }
461
79383236
MN		 462 mip6_addr_swap(skb);
463
4c9483b2
DM		 464 memset(&fl6, 0, sizeof(fl6));
465 fl6.flowi6_proto = IPPROTO_ICMPV6;
4e3fd7a0 466 fl6.daddr = hdr->saddr;
1da177e4 467 if (saddr)
4e3fd7a0 468 fl6.saddr = *saddr;
4c9483b2 469 fl6.flowi6_oif = iif;
1958b856
DM		 470 fl6.fl6_icmp_type = type;
471 fl6.fl6_icmp_code = code;
4c9483b2 472 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
1da177e4 473
fdc0bde9
DL		 474 sk = icmpv6_xmit_lock(net);
475 if (sk == NULL)
405666db 476 return;
fdc0bde9 477 np = inet6_sk(sk);
405666db 478
4c9483b2 479 if (!icmpv6_xrlim_allow(sk, type, &fl6))
1da177e4
LT		 480 goto out;
481
482 tmp_hdr.icmp6_type = type;
483 tmp_hdr.icmp6_code = code;
484 tmp_hdr.icmp6_cksum = 0;
485 tmp_hdr.icmp6_pointer = htonl(info);
486
4c9483b2
DM		 487 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
488 fl6.flowi6_oif = np->mcast_oif;
c4062dfc
EH		 489 else if (!fl6.flowi6_oif)
490 fl6.flowi6_oif = np->ucast_oif;
1da177e4 491
4c9483b2 492 dst = icmpv6_route_lookup(net, skb, sk, &fl6);
b42835db 493 if (IS_ERR(dst))
1da177e4 494 goto out;
8de3351e 495
5c98631c 496 hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst);
1da177e4
LT		 497
498 msg.skb = skb;
bbe735e4 499 msg.offset = skb_network_offset(skb);
763ecff1 500 msg.type = type;
1da177e4
LT		 501
502 len = skb->len - msg.offset;
503 len = min_t(unsigned int, len, IPV6_MIN_MTU - sizeof(struct ipv6hdr) -sizeof(struct icmp6hdr));
504 if (len < 0) {
64ce2073 505 LIMIT_NETDEBUG(KERN_DEBUG "icmp: len problem\n");
1da177e4
LT		 506 goto out_dst_release;
507 }
508
cfdf7647
ED		 509 rcu_read_lock();
510 idev = __in6_dev_get(skb->dev);
1da177e4
LT		 511
512 err = ip6_append_data(sk, icmpv6_getfrag, &msg,
513 len + sizeof(struct icmp6hdr),
e651f03a 514 sizeof(struct icmp6hdr), hlimit,
a2d91a09 515 np->tclass, NULL, &fl6, (struct rt6_info *)dst,
13b52cd4 516 MSG_DONTWAIT, np->dontfrag);
1da177e4 517 if (err) {
43a43b60 518 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTERRORS);
1da177e4 519 ip6_flush_pending_frames(sk);
cfdf7647
ED		 520 } else {
521 err = icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr,
522 len + sizeof(struct icmp6hdr));
1da177e4 523 }
cfdf7647 524 rcu_read_unlock();
1da177e4
LT		 525out_dst_release:
526 dst_release(dst);
527out:
405666db 528 icmpv6_xmit_unlock(sk);
1da177e4 529}
5f5624cf
PS		 530
531/* Slightly more convenient version of icmp6_send.
532 */
533void icmpv6_param_prob(struct sk_buff *skb, u8 code, int pos)
534{
535 icmp6_send(skb, ICMPV6_PARAMPROB, code, pos);
536 kfree_skb(skb);
537}
7159039a 538
1da177e4
LT		 539static void icmpv6_echo_reply(struct sk_buff *skb)
540{
c346dca1 541 struct net *net = dev_net(skb->dev);
84427d53 542 struct sock *sk;
1da177e4 543 struct inet6_dev *idev;
84427d53 544 struct ipv6_pinfo *np;
b71d1d42 545 const struct in6_addr *saddr = NULL;
cc70ab26 546 struct icmp6hdr *icmph = icmp6_hdr(skb);
1da177e4 547 struct icmp6hdr tmp_hdr;
4c9483b2 548 struct flowi6 fl6;
1da177e4
LT		 549 struct icmpv6_msg msg;
550 struct dst_entry *dst;
551 int err = 0;
552 int hlimit;
825edac4 553 u8 tclass;
1da177e4 554
0660e03f 555 saddr = &ipv6_hdr(skb)->daddr;
1da177e4 556
509aba3b 557 if (!ipv6_unicast_destination(skb) &&
ec35b61e 558 !(net->ipv6.sysctl.anycast_src_echo_reply &&
509aba3b 559 ipv6_anycast_destination(skb)))
1da177e4
LT		 560 saddr = NULL;
561
562 memcpy(&tmp_hdr, icmph, sizeof(tmp_hdr));
563 tmp_hdr.icmp6_type = ICMPV6_ECHO_REPLY;
564
4c9483b2
DM		 565 memset(&fl6, 0, sizeof(fl6));
566 fl6.flowi6_proto = IPPROTO_ICMPV6;
4e3fd7a0 567 fl6.daddr = ipv6_hdr(skb)->saddr;
1da177e4 568 if (saddr)
4e3fd7a0 569 fl6.saddr = *saddr;
4c9483b2 570 fl6.flowi6_oif = skb->dev->ifindex;
1958b856 571 fl6.fl6_icmp_type = ICMPV6_ECHO_REPLY;
4c9483b2 572 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
1da177e4 573
fdc0bde9
DL		 574 sk = icmpv6_xmit_lock(net);
575 if (sk == NULL)
405666db 576 return;
fdc0bde9 577 np = inet6_sk(sk);
405666db 578
4c9483b2
DM		 579 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
580 fl6.flowi6_oif = np->mcast_oif;
c4062dfc
EH		 581 else if (!fl6.flowi6_oif)
582 fl6.flowi6_oif = np->ucast_oif;
1da177e4 583
4c9483b2 584 err = ip6_dst_lookup(sk, &dst, &fl6);
1da177e4
LT		 585 if (err)
586 goto out;
4c9483b2 587 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), sk, 0);
452edd59 588 if (IS_ERR(dst))
e104411b 589 goto out;
1da177e4 590
5c98631c 591 hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst);
1da177e4 592
cfdf7647 593 idev = __in6_dev_get(skb->dev);
1da177e4
LT		 594
595 msg.skb = skb;
596 msg.offset = 0;
763ecff1 597 msg.type = ICMPV6_ECHO_REPLY;
1da177e4 598
825edac4 599 tclass = ipv6_get_dsfield(ipv6_hdr(skb));
1da177e4 600 err = ip6_append_data(sk, icmpv6_getfrag, &msg, skb->len + sizeof(struct icmp6hdr),
825edac4 601 sizeof(struct icmp6hdr), hlimit, tclass, NULL, &fl6,
a2d91a09 602 (struct rt6_info *)dst, MSG_DONTWAIT,
13b52cd4 603 np->dontfrag);
1da177e4
LT		 604
605 if (err) {
00d9d6a1 606 ICMP6_INC_STATS_BH(net, idev, ICMP6_MIB_OUTERRORS);
1da177e4 607 ip6_flush_pending_frames(sk);
cfdf7647
ED		 608 } else {
609 err = icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr,
610 skb->len + sizeof(struct icmp6hdr));
1da177e4 611 }
1da177e4 612 dst_release(dst);
1ab1457c 613out:
405666db 614 icmpv6_xmit_unlock(sk);
1da177e4
LT		 615}
616
b94f1c09 617void icmpv6_notify(struct sk_buff *skb, u8 type, u8 code, __be32 info)
1da177e4 618{
41135cc8 619 const struct inet6_protocol *ipprot;
1da177e4 620 int inner_offset;
75f2811c 621 __be16 frag_off;
f9242b6b 622 u8 nexthdr;
1da177e4
LT		 623
624 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
625 return;
626
627 nexthdr = ((struct ipv6hdr *)skb->data)->nexthdr;
628 if (ipv6_ext_hdr(nexthdr)) {
629 /* now skip over extension headers */
75f2811c
JG		 630 inner_offset = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr),
631 &nexthdr, &frag_off);
1da177e4
LT		 632 if (inner_offset<0)
633 return;
634 } else {
635 inner_offset = sizeof(struct ipv6hdr);
636 }
637
638 /* Checkin header including 8 bytes of inner protocol header. */
639 if (!pskb_may_pull(skb, inner_offset+8))
640 return;
641
1da177e4
LT		 642 /* BUGGG_FUTURE: we should try to parse exthdrs in this packet.
643 Without this we will not able f.e. to make source routed
644 pmtu discovery.
645 Corresponding argument (opt) to notifiers is already added.
646 --ANK (980726)
647 */
648
1da177e4 649 rcu_read_lock();
f9242b6b 650 ipprot = rcu_dereference(inet6_protos[nexthdr]);
1da177e4
LT		 651 if (ipprot && ipprot->err_handler)
652 ipprot->err_handler(skb, NULL, type, code, inner_offset, info);
653 rcu_read_unlock();
654
69d6da0b 655 raw6_icmp_error(skb, nexthdr, type, code, inner_offset, info);
1da177e4 656}
1ab1457c 657
1da177e4
LT		 658/*
659 * Handle icmp messages
660 */
661
e5bbef20 662static int icmpv6_rcv(struct sk_buff *skb)
1da177e4 663{
1da177e4
LT		 664 struct net_device *dev = skb->dev;
665 struct inet6_dev *idev = __in6_dev_get(dev);
b71d1d42 666 const struct in6_addr *saddr, *daddr;
1da177e4 667 struct icmp6hdr *hdr;
d5fdd6ba 668 u8 type;
1da177e4 669
aebcf82c 670 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
def8b4fa 671 struct sec_path *sp = skb_sec_path(skb);
8b7817f3
HX		 672 int nh;
673
def8b4fa 674 if (!(sp && sp->xvec[sp->len - 1]->props.flags &
aebcf82c
HX		 675 XFRM_STATE_ICMP))
676 goto drop_no_count;
677
81aded24 678 if (!pskb_may_pull(skb, sizeof(*hdr) + sizeof(struct ipv6hdr)))
8b7817f3
HX		 679 goto drop_no_count;
680
681 nh = skb_network_offset(skb);
682 skb_set_network_header(skb, sizeof(*hdr));
683
684 if (!xfrm6_policy_check_reverse(NULL, XFRM_POLICY_IN, skb))
685 goto drop_no_count;
686
687 skb_set_network_header(skb, nh);
688 }
689
e41b5368 690 ICMP6_INC_STATS_BH(dev_net(dev), idev, ICMP6_MIB_INMSGS);
1da177e4 691
0660e03f
ACM		 692 saddr = &ipv6_hdr(skb)->saddr;
693 daddr = &ipv6_hdr(skb)->daddr;
1da177e4
LT		 694
695 /* Perform checksum. */
fb286bb2 696 switch (skb->ip_summed) {
84fa7933 697 case CHECKSUM_COMPLETE:
fb286bb2
HX		 698 if (!csum_ipv6_magic(saddr, daddr, skb->len, IPPROTO_ICMPV6,
699 skb->csum))
700 break;
701 /* fall through */
702 case CHECKSUM_NONE:
868c86bc
AV		 703 skb->csum = ~csum_unfold(csum_ipv6_magic(saddr, daddr, skb->len,
704 IPPROTO_ICMPV6, 0));
fb286bb2 705 if (__skb_checksum_complete(skb)) {
6d0bfe22
LC		 706 LIMIT_NETDEBUG(KERN_DEBUG
707 "ICMPv6 checksum failed [%pI6c > %pI6c]\n",
0c6ce78a 708 saddr, daddr);
6a5dc9e5 709 goto csum_error;
1da177e4
LT		 710 }
711 }
712
8cf22943
HX		 713 if (!pskb_pull(skb, sizeof(*hdr)))
714 goto discard_it;
1da177e4 715
cc70ab26 716 hdr = icmp6_hdr(skb);
1da177e4
LT		 717
718 type = hdr->icmp6_type;
719
55d43808 720 ICMP6MSGIN_INC_STATS_BH(dev_net(dev), idev, type);
1da177e4
LT		 721
722 switch (type) {
723 case ICMPV6_ECHO_REQUEST:
724 icmpv6_echo_reply(skb);
725 break;
726
727 case ICMPV6_ECHO_REPLY:
6d0bfe22 728 ping_rcv(skb);
1da177e4
LT		 729 break;
730
731 case ICMPV6_PKT_TOOBIG:
732 /* BUGGG_FUTURE: if packet contains rthdr, we cannot update
733 standard destination cache. Seems, only "advanced"
734 destination cache will allow to solve this problem
735 --ANK (980726)
736 */
737 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
738 goto discard_it;
cc70ab26 739 hdr = icmp6_hdr(skb);
1da177e4
LT		 740
741 /*
742 * Drop through to notify
743 */
744
745 case ICMPV6_DEST_UNREACH:
746 case ICMPV6_TIME_EXCEED:
747 case ICMPV6_PARAMPROB:
748 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu);
749 break;
750
751 case NDISC_ROUTER_SOLICITATION:
752 case NDISC_ROUTER_ADVERTISEMENT:
753 case NDISC_NEIGHBOUR_SOLICITATION:
754 case NDISC_NEIGHBOUR_ADVERTISEMENT:
755 case NDISC_REDIRECT:
756 ndisc_rcv(skb);
757 break;
758
759 case ICMPV6_MGM_QUERY:
760 igmp6_event_query(skb);
761 break;
762
763 case ICMPV6_MGM_REPORT:
764 igmp6_event_report(skb);
765 break;
766
767 case ICMPV6_MGM_REDUCTION:
768 case ICMPV6_NI_QUERY:
769 case ICMPV6_NI_REPLY:
770 case ICMPV6_MLD2_REPORT:
771 case ICMPV6_DHAAD_REQUEST:
772 case ICMPV6_DHAAD_REPLY:
773 case ICMPV6_MOBILE_PREFIX_SOL:
774 case ICMPV6_MOBILE_PREFIX_ADV:
775 break;
776
777 default:
64ce2073 778 LIMIT_NETDEBUG(KERN_DEBUG "icmpv6: msg of unknown type\n");
1da177e4
LT		 779
780 /* informational */
781 if (type & ICMPV6_INFOMSG_MASK)
782 break;
783
1ab1457c
YH		 784 /*
785 * error of unknown type.
786 * must pass to upper level
1da177e4
LT		 787 */
788
789 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu);
3ff50b79
SH		 790 }
791
1da177e4
LT		 792 kfree_skb(skb);
793 return 0;
794
6a5dc9e5
ED		 795csum_error:
796 ICMP6_INC_STATS_BH(dev_net(dev), idev, ICMP6_MIB_CSUMERRORS);
1da177e4 797discard_it:
e41b5368 798 ICMP6_INC_STATS_BH(dev_net(dev), idev, ICMP6_MIB_INERRORS);
8b7817f3 799drop_no_count:
1da177e4
LT		 800 kfree_skb(skb);
801 return 0;
802}
803
4c9483b2 804void icmpv6_flow_init(struct sock *sk, struct flowi6 *fl6,
95e41e93
YH		 805 u8 type,
806 const struct in6_addr *saddr,
807 const struct in6_addr *daddr,
808 int oif)
809{
4c9483b2 810 memset(fl6, 0, sizeof(*fl6));
4e3fd7a0
AD		 811 fl6->saddr = *saddr;
812 fl6->daddr = *daddr;
4c9483b2 813 fl6->flowi6_proto = IPPROTO_ICMPV6;
1958b856
DM		 814 fl6->fl6_icmp_type = type;
815 fl6->fl6_icmp_code = 0;
4c9483b2
DM		 816 fl6->flowi6_oif = oif;
817 security_sk_classify_flow(sk, flowi6_to_flowi(fl6));
95e41e93
YH		 818}
819
640c41c7 820/*
b7e729c4 821 * Special lock-class for __icmpv6_sk:
640c41c7
IM		 822 */
823static struct lock_class_key icmpv6_socket_sk_dst_lock_key;
824
98c6d1b2 825static int __net_init icmpv6_sk_init(struct net *net)
1da177e4
LT		 826{
827 struct sock *sk;
828 int err, i, j;
829
98c6d1b2
DL		 830 net->ipv6.icmp_sk =
831 kzalloc(nr_cpu_ids * sizeof(struct sock *), GFP_KERNEL);
832 if (net->ipv6.icmp_sk == NULL)
79c91159
DL		 833 return -ENOMEM;
834
6f912042 835 for_each_possible_cpu(i) {
1ed8516f
DL		 836 err = inet_ctl_sock_create(&sk, PF_INET6,
837 SOCK_RAW, IPPROTO_ICMPV6, net);
1da177e4 838 if (err < 0) {
f3213831 839 pr_err("Failed to initialize the ICMP6 control socket (err %d)\n",
1da177e4
LT		 840 err);
841 goto fail;
842 }
843
1ed8516f 844 net->ipv6.icmp_sk[i] = sk;
5c8cafd6 845
640c41c7
IM		 846 /*
847 * Split off their lock-class, because sk->sk_dst_lock
848 * gets used from softirqs, which is safe for
b7e729c4 849 * __icmpv6_sk (because those never get directly used
640c41c7
IM		 850 * via userspace syscalls), but unsafe for normal sockets.
851 */
852 lockdep_set_class(&sk->sk_dst_lock,
853 &icmpv6_socket_sk_dst_lock_key);
1da177e4
LT		 854
855 /* Enough space for 2 64K ICMP packets, including
856 * sk_buff struct overhead.
857 */
87fb4b7b 858 sk->sk_sndbuf = 2 * SKB_TRUESIZE(64 * 1024);
1da177e4 859 }
1da177e4
LT		 860 return 0;
861
862 fail:
5c8cafd6 863 for (j = 0; j < i; j++)
1ed8516f 864 inet_ctl_sock_destroy(net->ipv6.icmp_sk[j]);
98c6d1b2 865 kfree(net->ipv6.icmp_sk);
1da177e4
LT		 866 return err;
867}
868
98c6d1b2 869static void __net_exit icmpv6_sk_exit(struct net *net)
1da177e4
LT		 870{
871 int i;
872
6f912042 873 for_each_possible_cpu(i) {
1ed8516f 874 inet_ctl_sock_destroy(net->ipv6.icmp_sk[i]);
1da177e4 875 }
98c6d1b2
DL		 876 kfree(net->ipv6.icmp_sk);
877}
878
8ed7edce 879static struct pernet_operations icmpv6_sk_ops = {
98c6d1b2
DL		 880 .init = icmpv6_sk_init,
881 .exit = icmpv6_sk_exit,
882};
883
884int __init icmpv6_init(void)
885{
886 int err;
887
888 err = register_pernet_subsys(&icmpv6_sk_ops);
889 if (err < 0)
890 return err;
891
892 err = -EAGAIN;
893 if (inet6_add_protocol(&icmpv6_protocol, IPPROTO_ICMPV6) < 0)
894 goto fail;
5f5624cf
PS		 895
896 err = inet6_register_icmp_sender(icmp6_send);
897 if (err)
898 goto sender_reg_err;
98c6d1b2
DL		 899 return 0;
900
5f5624cf
PS		 901sender_reg_err:
902 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6);
98c6d1b2 903fail:
f3213831 904 pr_err("Failed to register ICMP6 protocol\n");
98c6d1b2
DL		 905 unregister_pernet_subsys(&icmpv6_sk_ops);
906 return err;
907}
908
8ed7edce 909void icmpv6_cleanup(void)
98c6d1b2 910{
5f5624cf 911 inet6_unregister_icmp_sender(icmp6_send);
98c6d1b2 912 unregister_pernet_subsys(&icmpv6_sk_ops);
1da177e4
LT		 913 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6);
914}
915
98c6d1b2 916
9b5b5cff 917static const struct icmp6_err {
1da177e4
LT		 918 int err;
919 int fatal;
920} tab_unreach[] = {
921 { /* NOROUTE */
922 .err = ENETUNREACH,
923 .fatal = 0,
924 },
925 { /* ADM_PROHIBITED */
926 .err = EACCES,
927 .fatal = 1,
928 },
929 { /* Was NOT_NEIGHBOUR, now reserved */
930 .err = EHOSTUNREACH,
931 .fatal = 0,
932 },
933 { /* ADDR_UNREACH */
934 .err = EHOSTUNREACH,
935 .fatal = 0,
936 },
937 { /* PORT_UNREACH */
938 .err = ECONNREFUSED,
939 .fatal = 1,
940 },
61e76b17
JB		 941 { /* POLICY_FAIL */
942 .err = EACCES,
943 .fatal = 1,
944 },
945 { /* REJECT_ROUTE */
946 .err = EACCES,
947 .fatal = 1,
948 },
1da177e4
LT		 949};
950
d5fdd6ba 951int icmpv6_err_convert(u8 type, u8 code, int *err)
1da177e4
LT		 952{
953 int fatal = 0;
954
955 *err = EPROTO;
956
957 switch (type) {
958 case ICMPV6_DEST_UNREACH:
959 fatal = 1;
61e76b17 960 if (code < ARRAY_SIZE(tab_unreach)) {
1da177e4
LT		 961 *err = tab_unreach[code].err;
962 fatal = tab_unreach[code].fatal;
963 }
964 break;
965
966 case ICMPV6_PKT_TOOBIG:
967 *err = EMSGSIZE;
968 break;
1ab1457c 969
1da177e4
LT		 970 case ICMPV6_PARAMPROB:
971 *err = EPROTO;
972 fatal = 1;
973 break;
974
975 case ICMPV6_TIME_EXCEED:
976 *err = EHOSTUNREACH;
977 break;
3ff50b79 978 }
1da177e4
LT		 979
980 return fatal;
981}
7159039a
YH		 982EXPORT_SYMBOL(icmpv6_err_convert);
983
1da177e4 984#ifdef CONFIG_SYSCTL
e8243534 985static struct ctl_table ipv6_icmp_table_template[] = {
1da177e4 986 {
1da177e4 987 .procname = "ratelimit",
41a76906 988 .data = &init_net.ipv6.sysctl.icmpv6_time,
1da177e4
LT		 989 .maxlen = sizeof(int),
990 .mode = 0644,
6d9f239a 991 .proc_handler = proc_dointvec_ms_jiffies,
1da177e4 992 },
f8572d8f 993 { },
1da177e4 994};
760f2d01 995
2c8c1e72 996struct ctl_table * __net_init ipv6_icmp_sysctl_init(struct net *net)
760f2d01
DL		 997{
998 struct ctl_table *table;
999
1000 table = kmemdup(ipv6_icmp_table_template,
1001 sizeof(ipv6_icmp_table_template),
1002 GFP_KERNEL);
5ee09105 1003
c027aab4 1004 if (table)
5ee09105
YH		 1005 table[0].data = &net->ipv6.sysctl.icmpv6_time;
1006
760f2d01
DL		 1007 return table;
1008}
1da177e4
LT		 1009#endif
1010
Ubuntu Jammy Linux kernel mirror