]>
Commit | Line | Data |
---|---|---|
1da177e4 LT |
1 | /* |
2 | * Internet Control Message Protocol (ICMPv6) | |
3 | * Linux INET6 implementation | |
4 | * | |
5 | * Authors: | |
6 | * Pedro Roque <roque@di.fc.ul.pt> | |
7 | * | |
1da177e4 LT |
8 | * Based on net/ipv4/icmp.c |
9 | * | |
10 | * RFC 1885 | |
11 | * | |
12 | * This program is free software; you can redistribute it and/or | |
13 | * modify it under the terms of the GNU General Public License | |
14 | * as published by the Free Software Foundation; either version | |
15 | * 2 of the License, or (at your option) any later version. | |
16 | */ | |
17 | ||
18 | /* | |
19 | * Changes: | |
20 | * | |
21 | * Andi Kleen : exception handling | |
22 | * Andi Kleen add rate limits. never reply to a icmp. | |
23 | * add more length checks and other fixes. | |
24 | * yoshfuji : ensure to sent parameter problem for | |
25 | * fragments. | |
26 | * YOSHIFUJI Hideaki @USAGI: added sysctl for icmp rate limit. | |
27 | * Randy Dunlap and | |
28 | * YOSHIFUJI Hideaki @USAGI: Per-interface statistics support | |
29 | * Kazunori MIYAZAWA @USAGI: change output process to use ip6_append_data | |
30 | */ | |
31 | ||
f3213831 JP |
32 | #define pr_fmt(fmt) "IPv6: " fmt |
33 | ||
1da177e4 LT |
34 | #include <linux/module.h> |
35 | #include <linux/errno.h> | |
36 | #include <linux/types.h> | |
37 | #include <linux/socket.h> | |
38 | #include <linux/in.h> | |
39 | #include <linux/kernel.h> | |
1da177e4 LT |
40 | #include <linux/sockios.h> |
41 | #include <linux/net.h> | |
42 | #include <linux/skbuff.h> | |
43 | #include <linux/init.h> | |
763ecff1 | 44 | #include <linux/netfilter.h> |
5a0e3ad6 | 45 | #include <linux/slab.h> |
1da177e4 LT |
46 | |
47 | #ifdef CONFIG_SYSCTL | |
48 | #include <linux/sysctl.h> | |
49 | #endif | |
50 | ||
51 | #include <linux/inet.h> | |
52 | #include <linux/netdevice.h> | |
53 | #include <linux/icmpv6.h> | |
54 | ||
55 | #include <net/ip.h> | |
56 | #include <net/sock.h> | |
57 | ||
58 | #include <net/ipv6.h> | |
59 | #include <net/ip6_checksum.h> | |
6d0bfe22 | 60 | #include <net/ping.h> |
1da177e4 LT |
61 | #include <net/protocol.h> |
62 | #include <net/raw.h> | |
63 | #include <net/rawv6.h> | |
64 | #include <net/transp_v6.h> | |
65 | #include <net/ip6_route.h> | |
66 | #include <net/addrconf.h> | |
67 | #include <net/icmp.h> | |
8b7817f3 | 68 | #include <net/xfrm.h> |
1ed8516f | 69 | #include <net/inet_common.h> |
825edac4 | 70 | #include <net/dsfield.h> |
1da177e4 LT |
71 | |
72 | #include <asm/uaccess.h> | |
1da177e4 | 73 | |
1da177e4 LT |
74 | /* |
75 | * The ICMP socket(s). This is the most convenient way to flow control | |
76 | * our ICMP output as well as maintain a clean interface throughout | |
77 | * all layers. All Socketless IP sends will soon be gone. | |
78 | * | |
79 | * On SMP we have one ICMP socket per-cpu. | |
80 | */ | |
98c6d1b2 DL |
81 | static inline struct sock *icmpv6_sk(struct net *net) |
82 | { | |
83 | return net->ipv6.icmp_sk[smp_processor_id()]; | |
84 | } | |
1da177e4 | 85 | |
6f809da2 SK |
86 | static void icmpv6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, |
87 | u8 type, u8 code, int offset, __be32 info) | |
88 | { | |
6d0bfe22 LC |
89 | /* icmpv6_notify checks 8 bytes can be pulled, icmp6hdr is 8 bytes */ |
90 | struct icmp6hdr *icmp6 = (struct icmp6hdr *) (skb->data + offset); | |
6f809da2 SK |
91 | struct net *net = dev_net(skb->dev); |
92 | ||
93 | if (type == ICMPV6_PKT_TOOBIG) | |
94 | ip6_update_pmtu(skb, net, info, 0, 0); | |
95 | else if (type == NDISC_REDIRECT) | |
b55b76b2 | 96 | ip6_redirect(skb, net, skb->dev->ifindex, 0); |
6d0bfe22 LC |
97 | |
98 | if (!(type & ICMPV6_INFOMSG_MASK)) | |
99 | if (icmp6->icmp6_type == ICMPV6_ECHO_REQUEST) | |
100 | ping_err(skb, offset, info); | |
6f809da2 SK |
101 | } |
102 | ||
e5bbef20 | 103 | static int icmpv6_rcv(struct sk_buff *skb); |
1da177e4 | 104 | |
41135cc8 | 105 | static const struct inet6_protocol icmpv6_protocol = { |
1da177e4 | 106 | .handler = icmpv6_rcv, |
6f809da2 | 107 | .err_handler = icmpv6_err, |
8b7817f3 | 108 | .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL, |
1da177e4 LT |
109 | }; |
110 | ||
fdc0bde9 | 111 | static __inline__ struct sock *icmpv6_xmit_lock(struct net *net) |
1da177e4 | 112 | { |
fdc0bde9 DL |
113 | struct sock *sk; |
114 | ||
1da177e4 LT |
115 | local_bh_disable(); |
116 | ||
fdc0bde9 | 117 | sk = icmpv6_sk(net); |
405666db | 118 | if (unlikely(!spin_trylock(&sk->sk_lock.slock))) { |
1da177e4 LT |
119 | /* This can happen if the output path (f.e. SIT or |
120 | * ip6ip6 tunnel) signals dst_link_failure() for an | |
121 | * outgoing ICMP6 packet. | |
122 | */ | |
123 | local_bh_enable(); | |
fdc0bde9 | 124 | return NULL; |
1da177e4 | 125 | } |
fdc0bde9 | 126 | return sk; |
1da177e4 LT |
127 | } |
128 | ||
405666db | 129 | static __inline__ void icmpv6_xmit_unlock(struct sock *sk) |
1da177e4 | 130 | { |
405666db | 131 | spin_unlock_bh(&sk->sk_lock.slock); |
1da177e4 LT |
132 | } |
133 | ||
1da177e4 LT |
134 | /* |
135 | * Figure out, may we reply to this packet with icmp error. | |
136 | * | |
137 | * We do not reply, if: | |
138 | * - it was icmp error message. | |
139 | * - it is truncated, so that it is known, that protocol is ICMPV6 | |
140 | * (i.e. in the middle of some exthdr) | |
141 | * | |
142 | * --ANK (980726) | |
143 | */ | |
144 | ||
a50feda5 | 145 | static bool is_ineligible(const struct sk_buff *skb) |
1da177e4 | 146 | { |
0660e03f | 147 | int ptr = (u8 *)(ipv6_hdr(skb) + 1) - skb->data; |
1da177e4 | 148 | int len = skb->len - ptr; |
0660e03f | 149 | __u8 nexthdr = ipv6_hdr(skb)->nexthdr; |
75f2811c | 150 | __be16 frag_off; |
1da177e4 LT |
151 | |
152 | if (len < 0) | |
a50feda5 | 153 | return true; |
1da177e4 | 154 | |
75f2811c | 155 | ptr = ipv6_skip_exthdr(skb, ptr, &nexthdr, &frag_off); |
1da177e4 | 156 | if (ptr < 0) |
a50feda5 | 157 | return false; |
1da177e4 LT |
158 | if (nexthdr == IPPROTO_ICMPV6) { |
159 | u8 _type, *tp; | |
160 | tp = skb_header_pointer(skb, | |
161 | ptr+offsetof(struct icmp6hdr, icmp6_type), | |
162 | sizeof(_type), &_type); | |
163 | if (tp == NULL || | |
164 | !(*tp & ICMPV6_INFOMSG_MASK)) | |
a50feda5 | 165 | return true; |
1da177e4 | 166 | } |
a50feda5 | 167 | return false; |
1da177e4 LT |
168 | } |
169 | ||
1ab1457c YH |
170 | /* |
171 | * Check the ICMP output rate limit | |
1da177e4 | 172 | */ |
92d86829 | 173 | static inline bool icmpv6_xrlim_allow(struct sock *sk, u8 type, |
4c9483b2 | 174 | struct flowi6 *fl6) |
1da177e4 LT |
175 | { |
176 | struct dst_entry *dst; | |
3b1e0a65 | 177 | struct net *net = sock_net(sk); |
92d86829 | 178 | bool res = false; |
1da177e4 LT |
179 | |
180 | /* Informational messages are not limited. */ | |
181 | if (type & ICMPV6_INFOMSG_MASK) | |
92d86829 | 182 | return true; |
1da177e4 LT |
183 | |
184 | /* Do not limit pmtu discovery, it would break it. */ | |
185 | if (type == ICMPV6_PKT_TOOBIG) | |
92d86829 | 186 | return true; |
1da177e4 | 187 | |
1ab1457c | 188 | /* |
1da177e4 LT |
189 | * Look up the output route. |
190 | * XXX: perhaps the expire for routing entries cloned by | |
191 | * this lookup should be more aggressive (not longer than timeout). | |
192 | */ | |
4c9483b2 | 193 | dst = ip6_route_output(net, sk, fl6); |
1da177e4 | 194 | if (dst->error) { |
3bd653c8 | 195 | IP6_INC_STATS(net, ip6_dst_idev(dst), |
a11d206d | 196 | IPSTATS_MIB_OUTNOROUTES); |
1da177e4 | 197 | } else if (dst->dev && (dst->dev->flags&IFF_LOOPBACK)) { |
92d86829 | 198 | res = true; |
1da177e4 LT |
199 | } else { |
200 | struct rt6_info *rt = (struct rt6_info *)dst; | |
9a43b709 | 201 | int tmo = net->ipv6.sysctl.icmpv6_time; |
fbfe95a4 | 202 | struct inet_peer *peer; |
1da177e4 LT |
203 | |
204 | /* Give more bandwidth to wider prefixes. */ | |
205 | if (rt->rt6i_dst.plen < 128) | |
206 | tmo >>= ((128 - rt->rt6i_dst.plen)>>5); | |
207 | ||
1d861aa4 | 208 | peer = inet_getpeer_v6(net->ipv6.peers, &rt->rt6i_dst.addr, 1); |
fbfe95a4 | 209 | res = inet_peer_xrlim_allow(peer, tmo); |
1d861aa4 DM |
210 | if (peer) |
211 | inet_putpeer(peer); | |
1da177e4 LT |
212 | } |
213 | dst_release(dst); | |
214 | return res; | |
215 | } | |
216 | ||
217 | /* | |
218 | * an inline helper for the "simple" if statement below | |
219 | * checks if parameter problem report is caused by an | |
1ab1457c | 220 | * unrecognized IPv6 option that has the Option Type |
1da177e4 LT |
221 | * highest-order two bits set to 10 |
222 | */ | |
223 | ||
a50feda5 | 224 | static bool opt_unrec(struct sk_buff *skb, __u32 offset) |
1da177e4 LT |
225 | { |
226 | u8 _optval, *op; | |
227 | ||
bbe735e4 | 228 | offset += skb_network_offset(skb); |
1da177e4 LT |
229 | op = skb_header_pointer(skb, offset, sizeof(_optval), &_optval); |
230 | if (op == NULL) | |
a50feda5 | 231 | return true; |
1da177e4 LT |
232 | return (*op & 0xC0) == 0x80; |
233 | } | |
234 | ||
6d0bfe22 LC |
235 | int icmpv6_push_pending_frames(struct sock *sk, struct flowi6 *fl6, |
236 | struct icmp6hdr *thdr, int len) | |
1da177e4 LT |
237 | { |
238 | struct sk_buff *skb; | |
239 | struct icmp6hdr *icmp6h; | |
240 | int err = 0; | |
241 | ||
242 | if ((skb = skb_peek(&sk->sk_write_queue)) == NULL) | |
243 | goto out; | |
244 | ||
cc70ab26 | 245 | icmp6h = icmp6_hdr(skb); |
1da177e4 LT |
246 | memcpy(icmp6h, thdr, sizeof(struct icmp6hdr)); |
247 | icmp6h->icmp6_cksum = 0; | |
248 | ||
249 | if (skb_queue_len(&sk->sk_write_queue) == 1) { | |
07f0757a | 250 | skb->csum = csum_partial(icmp6h, |
1da177e4 | 251 | sizeof(struct icmp6hdr), skb->csum); |
4c9483b2 DM |
252 | icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr, |
253 | &fl6->daddr, | |
254 | len, fl6->flowi6_proto, | |
1da177e4 LT |
255 | skb->csum); |
256 | } else { | |
868c86bc | 257 | __wsum tmp_csum = 0; |
1da177e4 LT |
258 | |
259 | skb_queue_walk(&sk->sk_write_queue, skb) { | |
260 | tmp_csum = csum_add(tmp_csum, skb->csum); | |
261 | } | |
262 | ||
07f0757a | 263 | tmp_csum = csum_partial(icmp6h, |
1da177e4 | 264 | sizeof(struct icmp6hdr), tmp_csum); |
4c9483b2 DM |
265 | icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr, |
266 | &fl6->daddr, | |
267 | len, fl6->flowi6_proto, | |
868c86bc | 268 | tmp_csum); |
1da177e4 | 269 | } |
1da177e4 LT |
270 | ip6_push_pending_frames(sk); |
271 | out: | |
272 | return err; | |
273 | } | |
274 | ||
275 | struct icmpv6_msg { | |
276 | struct sk_buff *skb; | |
277 | int offset; | |
763ecff1 | 278 | uint8_t type; |
1da177e4 LT |
279 | }; |
280 | ||
281 | static int icmpv6_getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb) | |
282 | { | |
283 | struct icmpv6_msg *msg = (struct icmpv6_msg *) from; | |
284 | struct sk_buff *org_skb = msg->skb; | |
5f92a738 | 285 | __wsum csum = 0; |
1da177e4 LT |
286 | |
287 | csum = skb_copy_and_csum_bits(org_skb, msg->offset + offset, | |
288 | to, len, csum); | |
289 | skb->csum = csum_block_add(skb->csum, csum, odd); | |
763ecff1 YK |
290 | if (!(msg->type & ICMPV6_INFOMSG_MASK)) |
291 | nf_ct_attach(skb, org_skb); | |
1da177e4 LT |
292 | return 0; |
293 | } | |
294 | ||
07a93626 | 295 | #if IS_ENABLED(CONFIG_IPV6_MIP6) |
79383236 MN |
296 | static void mip6_addr_swap(struct sk_buff *skb) |
297 | { | |
0660e03f | 298 | struct ipv6hdr *iph = ipv6_hdr(skb); |
79383236 MN |
299 | struct inet6_skb_parm *opt = IP6CB(skb); |
300 | struct ipv6_destopt_hao *hao; | |
301 | struct in6_addr tmp; | |
302 | int off; | |
303 | ||
304 | if (opt->dsthao) { | |
305 | off = ipv6_find_tlv(skb, opt->dsthao, IPV6_TLV_HAO); | |
306 | if (likely(off >= 0)) { | |
d56f90a7 ACM |
307 | hao = (struct ipv6_destopt_hao *) |
308 | (skb_network_header(skb) + off); | |
4e3fd7a0 AD |
309 | tmp = iph->saddr; |
310 | iph->saddr = hao->addr; | |
311 | hao->addr = tmp; | |
79383236 MN |
312 | } |
313 | } | |
314 | } | |
315 | #else | |
316 | static inline void mip6_addr_swap(struct sk_buff *skb) {} | |
317 | #endif | |
318 | ||
e8243534 | 319 | static struct dst_entry *icmpv6_route_lookup(struct net *net, |
320 | struct sk_buff *skb, | |
321 | struct sock *sk, | |
322 | struct flowi6 *fl6) | |
b42835db DM |
323 | { |
324 | struct dst_entry *dst, *dst2; | |
4c9483b2 | 325 | struct flowi6 fl2; |
b42835db DM |
326 | int err; |
327 | ||
4c9483b2 | 328 | err = ip6_dst_lookup(sk, &dst, fl6); |
b42835db DM |
329 | if (err) |
330 | return ERR_PTR(err); | |
331 | ||
332 | /* | |
333 | * We won't send icmp if the destination is known | |
334 | * anycast. | |
335 | */ | |
336 | if (((struct rt6_info *)dst)->rt6i_flags & RTF_ANYCAST) { | |
5f5624cf | 337 | LIMIT_NETDEBUG(KERN_DEBUG "icmp6_send: acast source\n"); |
b42835db DM |
338 | dst_release(dst); |
339 | return ERR_PTR(-EINVAL); | |
340 | } | |
341 | ||
342 | /* No need to clone since we're just using its address. */ | |
343 | dst2 = dst; | |
344 | ||
4c9483b2 | 345 | dst = xfrm_lookup(net, dst, flowi6_to_flowi(fl6), sk, 0); |
452edd59 | 346 | if (!IS_ERR(dst)) { |
b42835db DM |
347 | if (dst != dst2) |
348 | return dst; | |
452edd59 DM |
349 | } else { |
350 | if (PTR_ERR(dst) == -EPERM) | |
351 | dst = NULL; | |
352 | else | |
353 | return dst; | |
b42835db DM |
354 | } |
355 | ||
4c9483b2 | 356 | err = xfrm_decode_session_reverse(skb, flowi6_to_flowi(&fl2), AF_INET6); |
b42835db DM |
357 | if (err) |
358 | goto relookup_failed; | |
359 | ||
360 | err = ip6_dst_lookup(sk, &dst2, &fl2); | |
361 | if (err) | |
362 | goto relookup_failed; | |
363 | ||
4c9483b2 | 364 | dst2 = xfrm_lookup(net, dst2, flowi6_to_flowi(&fl2), sk, XFRM_LOOKUP_ICMP); |
452edd59 | 365 | if (!IS_ERR(dst2)) { |
b42835db DM |
366 | dst_release(dst); |
367 | dst = dst2; | |
452edd59 DM |
368 | } else { |
369 | err = PTR_ERR(dst2); | |
370 | if (err == -EPERM) { | |
371 | dst_release(dst); | |
372 | return dst2; | |
373 | } else | |
374 | goto relookup_failed; | |
b42835db DM |
375 | } |
376 | ||
377 | relookup_failed: | |
378 | if (dst) | |
379 | return dst; | |
380 | return ERR_PTR(err); | |
381 | } | |
382 | ||
1da177e4 LT |
383 | /* |
384 | * Send an ICMP message in response to a packet in error | |
385 | */ | |
5f5624cf | 386 | static void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info) |
1da177e4 | 387 | { |
c346dca1 | 388 | struct net *net = dev_net(skb->dev); |
1da177e4 | 389 | struct inet6_dev *idev = NULL; |
0660e03f | 390 | struct ipv6hdr *hdr = ipv6_hdr(skb); |
84427d53 YH |
391 | struct sock *sk; |
392 | struct ipv6_pinfo *np; | |
b71d1d42 | 393 | const struct in6_addr *saddr = NULL; |
1da177e4 LT |
394 | struct dst_entry *dst; |
395 | struct icmp6hdr tmp_hdr; | |
4c9483b2 | 396 | struct flowi6 fl6; |
1da177e4 LT |
397 | struct icmpv6_msg msg; |
398 | int iif = 0; | |
399 | int addr_type = 0; | |
400 | int len; | |
e651f03a | 401 | int hlimit; |
1da177e4 LT |
402 | int err = 0; |
403 | ||
27a884dc | 404 | if ((u8 *)hdr < skb->head || |
29a3cad5 | 405 | (skb_network_header(skb) + sizeof(*hdr)) > skb_tail_pointer(skb)) |
1da177e4 LT |
406 | return; |
407 | ||
408 | /* | |
1ab1457c | 409 | * Make sure we respect the rules |
1da177e4 | 410 | * i.e. RFC 1885 2.4(e) |
5f5624cf | 411 | * Rule (e.1) is enforced by not using icmp6_send |
1da177e4 LT |
412 | * in any code that processes icmp errors. |
413 | */ | |
414 | addr_type = ipv6_addr_type(&hdr->daddr); | |
415 | ||
446fab59 | 416 | if (ipv6_chk_addr(net, &hdr->daddr, skb->dev, 0) || |
d94c1f92 | 417 | ipv6_chk_acast_addr_src(net, skb->dev, &hdr->daddr)) |
1da177e4 LT |
418 | saddr = &hdr->daddr; |
419 | ||
420 | /* | |
421 | * Dest addr check | |
422 | */ | |
423 | ||
424 | if ((addr_type & IPV6_ADDR_MULTICAST || skb->pkt_type != PACKET_HOST)) { | |
425 | if (type != ICMPV6_PKT_TOOBIG && | |
1ab1457c YH |
426 | !(type == ICMPV6_PARAMPROB && |
427 | code == ICMPV6_UNK_OPTION && | |
1da177e4 LT |
428 | (opt_unrec(skb, info)))) |
429 | return; | |
430 | ||
431 | saddr = NULL; | |
432 | } | |
433 | ||
434 | addr_type = ipv6_addr_type(&hdr->saddr); | |
435 | ||
436 | /* | |
437 | * Source addr check | |
438 | */ | |
439 | ||
842df073 | 440 | if (__ipv6_addr_needs_scope_id(addr_type)) |
1da177e4 LT |
441 | iif = skb->dev->ifindex; |
442 | ||
443 | /* | |
8de3351e YH |
444 | * Must not send error if the source does not uniquely |
445 | * identify a single node (RFC2463 Section 2.4). | |
446 | * We check unspecified / multicast addresses here, | |
447 | * and anycast addresses will be checked later. | |
1da177e4 LT |
448 | */ |
449 | if ((addr_type == IPV6_ADDR_ANY) || (addr_type & IPV6_ADDR_MULTICAST)) { | |
5f5624cf | 450 | LIMIT_NETDEBUG(KERN_DEBUG "icmp6_send: addr_any/mcast source\n"); |
1da177e4 LT |
451 | return; |
452 | } | |
453 | ||
1ab1457c | 454 | /* |
1da177e4 LT |
455 | * Never answer to a ICMP packet. |
456 | */ | |
457 | if (is_ineligible(skb)) { | |
5f5624cf | 458 | LIMIT_NETDEBUG(KERN_DEBUG "icmp6_send: no reply to icmp error\n"); |
1da177e4 LT |
459 | return; |
460 | } | |
461 | ||
79383236 MN |
462 | mip6_addr_swap(skb); |
463 | ||
4c9483b2 DM |
464 | memset(&fl6, 0, sizeof(fl6)); |
465 | fl6.flowi6_proto = IPPROTO_ICMPV6; | |
4e3fd7a0 | 466 | fl6.daddr = hdr->saddr; |
1da177e4 | 467 | if (saddr) |
4e3fd7a0 | 468 | fl6.saddr = *saddr; |
4c9483b2 | 469 | fl6.flowi6_oif = iif; |
1958b856 DM |
470 | fl6.fl6_icmp_type = type; |
471 | fl6.fl6_icmp_code = code; | |
4c9483b2 | 472 | security_skb_classify_flow(skb, flowi6_to_flowi(&fl6)); |
1da177e4 | 473 | |
fdc0bde9 DL |
474 | sk = icmpv6_xmit_lock(net); |
475 | if (sk == NULL) | |
405666db | 476 | return; |
fdc0bde9 | 477 | np = inet6_sk(sk); |
405666db | 478 | |
4c9483b2 | 479 | if (!icmpv6_xrlim_allow(sk, type, &fl6)) |
1da177e4 LT |
480 | goto out; |
481 | ||
482 | tmp_hdr.icmp6_type = type; | |
483 | tmp_hdr.icmp6_code = code; | |
484 | tmp_hdr.icmp6_cksum = 0; | |
485 | tmp_hdr.icmp6_pointer = htonl(info); | |
486 | ||
4c9483b2 DM |
487 | if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr)) |
488 | fl6.flowi6_oif = np->mcast_oif; | |
c4062dfc EH |
489 | else if (!fl6.flowi6_oif) |
490 | fl6.flowi6_oif = np->ucast_oif; | |
1da177e4 | 491 | |
4c9483b2 | 492 | dst = icmpv6_route_lookup(net, skb, sk, &fl6); |
b42835db | 493 | if (IS_ERR(dst)) |
1da177e4 | 494 | goto out; |
8de3351e | 495 | |
5c98631c | 496 | hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst); |
1da177e4 LT |
497 | |
498 | msg.skb = skb; | |
bbe735e4 | 499 | msg.offset = skb_network_offset(skb); |
763ecff1 | 500 | msg.type = type; |
1da177e4 LT |
501 | |
502 | len = skb->len - msg.offset; | |
503 | len = min_t(unsigned int, len, IPV6_MIN_MTU - sizeof(struct ipv6hdr) -sizeof(struct icmp6hdr)); | |
504 | if (len < 0) { | |
64ce2073 | 505 | LIMIT_NETDEBUG(KERN_DEBUG "icmp: len problem\n"); |
1da177e4 LT |
506 | goto out_dst_release; |
507 | } | |
508 | ||
cfdf7647 ED |
509 | rcu_read_lock(); |
510 | idev = __in6_dev_get(skb->dev); | |
1da177e4 LT |
511 | |
512 | err = ip6_append_data(sk, icmpv6_getfrag, &msg, | |
513 | len + sizeof(struct icmp6hdr), | |
e651f03a | 514 | sizeof(struct icmp6hdr), hlimit, |
a2d91a09 | 515 | np->tclass, NULL, &fl6, (struct rt6_info *)dst, |
13b52cd4 | 516 | MSG_DONTWAIT, np->dontfrag); |
1da177e4 | 517 | if (err) { |
43a43b60 | 518 | ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTERRORS); |
1da177e4 | 519 | ip6_flush_pending_frames(sk); |
cfdf7647 ED |
520 | } else { |
521 | err = icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr, | |
522 | len + sizeof(struct icmp6hdr)); | |
1da177e4 | 523 | } |
cfdf7647 | 524 | rcu_read_unlock(); |
1da177e4 LT |
525 | out_dst_release: |
526 | dst_release(dst); | |
527 | out: | |
405666db | 528 | icmpv6_xmit_unlock(sk); |
1da177e4 | 529 | } |
5f5624cf PS |
530 | |
531 | /* Slightly more convenient version of icmp6_send. | |
532 | */ | |
533 | void icmpv6_param_prob(struct sk_buff *skb, u8 code, int pos) | |
534 | { | |
535 | icmp6_send(skb, ICMPV6_PARAMPROB, code, pos); | |
536 | kfree_skb(skb); | |
537 | } | |
7159039a | 538 | |
1da177e4 LT |
539 | static void icmpv6_echo_reply(struct sk_buff *skb) |
540 | { | |
c346dca1 | 541 | struct net *net = dev_net(skb->dev); |
84427d53 | 542 | struct sock *sk; |
1da177e4 | 543 | struct inet6_dev *idev; |
84427d53 | 544 | struct ipv6_pinfo *np; |
b71d1d42 | 545 | const struct in6_addr *saddr = NULL; |
cc70ab26 | 546 | struct icmp6hdr *icmph = icmp6_hdr(skb); |
1da177e4 | 547 | struct icmp6hdr tmp_hdr; |
4c9483b2 | 548 | struct flowi6 fl6; |
1da177e4 LT |
549 | struct icmpv6_msg msg; |
550 | struct dst_entry *dst; | |
551 | int err = 0; | |
552 | int hlimit; | |
825edac4 | 553 | u8 tclass; |
1da177e4 | 554 | |
0660e03f | 555 | saddr = &ipv6_hdr(skb)->daddr; |
1da177e4 | 556 | |
509aba3b | 557 | if (!ipv6_unicast_destination(skb) && |
ec35b61e | 558 | !(net->ipv6.sysctl.anycast_src_echo_reply && |
509aba3b | 559 | ipv6_anycast_destination(skb))) |
1da177e4 LT |
560 | saddr = NULL; |
561 | ||
562 | memcpy(&tmp_hdr, icmph, sizeof(tmp_hdr)); | |
563 | tmp_hdr.icmp6_type = ICMPV6_ECHO_REPLY; | |
564 | ||
4c9483b2 DM |
565 | memset(&fl6, 0, sizeof(fl6)); |
566 | fl6.flowi6_proto = IPPROTO_ICMPV6; | |
4e3fd7a0 | 567 | fl6.daddr = ipv6_hdr(skb)->saddr; |
1da177e4 | 568 | if (saddr) |
4e3fd7a0 | 569 | fl6.saddr = *saddr; |
4c9483b2 | 570 | fl6.flowi6_oif = skb->dev->ifindex; |
1958b856 | 571 | fl6.fl6_icmp_type = ICMPV6_ECHO_REPLY; |
4c9483b2 | 572 | security_skb_classify_flow(skb, flowi6_to_flowi(&fl6)); |
1da177e4 | 573 | |
fdc0bde9 DL |
574 | sk = icmpv6_xmit_lock(net); |
575 | if (sk == NULL) | |
405666db | 576 | return; |
fdc0bde9 | 577 | np = inet6_sk(sk); |
405666db | 578 | |
4c9483b2 DM |
579 | if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr)) |
580 | fl6.flowi6_oif = np->mcast_oif; | |
c4062dfc EH |
581 | else if (!fl6.flowi6_oif) |
582 | fl6.flowi6_oif = np->ucast_oif; | |
1da177e4 | 583 | |
4c9483b2 | 584 | err = ip6_dst_lookup(sk, &dst, &fl6); |
1da177e4 LT |
585 | if (err) |
586 | goto out; | |
4c9483b2 | 587 | dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), sk, 0); |
452edd59 | 588 | if (IS_ERR(dst)) |
e104411b | 589 | goto out; |
1da177e4 | 590 | |
5c98631c | 591 | hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst); |
1da177e4 | 592 | |
cfdf7647 | 593 | idev = __in6_dev_get(skb->dev); |
1da177e4 LT |
594 | |
595 | msg.skb = skb; | |
596 | msg.offset = 0; | |
763ecff1 | 597 | msg.type = ICMPV6_ECHO_REPLY; |
1da177e4 | 598 | |
825edac4 | 599 | tclass = ipv6_get_dsfield(ipv6_hdr(skb)); |
1da177e4 | 600 | err = ip6_append_data(sk, icmpv6_getfrag, &msg, skb->len + sizeof(struct icmp6hdr), |
825edac4 | 601 | sizeof(struct icmp6hdr), hlimit, tclass, NULL, &fl6, |
a2d91a09 | 602 | (struct rt6_info *)dst, MSG_DONTWAIT, |
13b52cd4 | 603 | np->dontfrag); |
1da177e4 LT |
604 | |
605 | if (err) { | |
00d9d6a1 | 606 | ICMP6_INC_STATS_BH(net, idev, ICMP6_MIB_OUTERRORS); |
1da177e4 | 607 | ip6_flush_pending_frames(sk); |
cfdf7647 ED |
608 | } else { |
609 | err = icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr, | |
610 | skb->len + sizeof(struct icmp6hdr)); | |
1da177e4 | 611 | } |
1da177e4 | 612 | dst_release(dst); |
1ab1457c | 613 | out: |
405666db | 614 | icmpv6_xmit_unlock(sk); |
1da177e4 LT |
615 | } |
616 | ||
b94f1c09 | 617 | void icmpv6_notify(struct sk_buff *skb, u8 type, u8 code, __be32 info) |
1da177e4 | 618 | { |
41135cc8 | 619 | const struct inet6_protocol *ipprot; |
1da177e4 | 620 | int inner_offset; |
75f2811c | 621 | __be16 frag_off; |
f9242b6b | 622 | u8 nexthdr; |
1da177e4 LT |
623 | |
624 | if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) | |
625 | return; | |
626 | ||
627 | nexthdr = ((struct ipv6hdr *)skb->data)->nexthdr; | |
628 | if (ipv6_ext_hdr(nexthdr)) { | |
629 | /* now skip over extension headers */ | |
75f2811c JG |
630 | inner_offset = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), |
631 | &nexthdr, &frag_off); | |
1da177e4 LT |
632 | if (inner_offset<0) |
633 | return; | |
634 | } else { | |
635 | inner_offset = sizeof(struct ipv6hdr); | |
636 | } | |
637 | ||
638 | /* Checkin header including 8 bytes of inner protocol header. */ | |
639 | if (!pskb_may_pull(skb, inner_offset+8)) | |
640 | return; | |
641 | ||
1da177e4 LT |
642 | /* BUGGG_FUTURE: we should try to parse exthdrs in this packet. |
643 | Without this we will not able f.e. to make source routed | |
644 | pmtu discovery. | |
645 | Corresponding argument (opt) to notifiers is already added. | |
646 | --ANK (980726) | |
647 | */ | |
648 | ||
1da177e4 | 649 | rcu_read_lock(); |
f9242b6b | 650 | ipprot = rcu_dereference(inet6_protos[nexthdr]); |
1da177e4 LT |
651 | if (ipprot && ipprot->err_handler) |
652 | ipprot->err_handler(skb, NULL, type, code, inner_offset, info); | |
653 | rcu_read_unlock(); | |
654 | ||
69d6da0b | 655 | raw6_icmp_error(skb, nexthdr, type, code, inner_offset, info); |
1da177e4 | 656 | } |
1ab1457c | 657 | |
1da177e4 LT |
658 | /* |
659 | * Handle icmp messages | |
660 | */ | |
661 | ||
e5bbef20 | 662 | static int icmpv6_rcv(struct sk_buff *skb) |
1da177e4 | 663 | { |
1da177e4 LT |
664 | struct net_device *dev = skb->dev; |
665 | struct inet6_dev *idev = __in6_dev_get(dev); | |
b71d1d42 | 666 | const struct in6_addr *saddr, *daddr; |
1da177e4 | 667 | struct icmp6hdr *hdr; |
d5fdd6ba | 668 | u8 type; |
1da177e4 | 669 | |
aebcf82c | 670 | if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) { |
def8b4fa | 671 | struct sec_path *sp = skb_sec_path(skb); |
8b7817f3 HX |
672 | int nh; |
673 | ||
def8b4fa | 674 | if (!(sp && sp->xvec[sp->len - 1]->props.flags & |
aebcf82c HX |
675 | XFRM_STATE_ICMP)) |
676 | goto drop_no_count; | |
677 | ||
81aded24 | 678 | if (!pskb_may_pull(skb, sizeof(*hdr) + sizeof(struct ipv6hdr))) |
8b7817f3 HX |
679 | goto drop_no_count; |
680 | ||
681 | nh = skb_network_offset(skb); | |
682 | skb_set_network_header(skb, sizeof(*hdr)); | |
683 | ||
684 | if (!xfrm6_policy_check_reverse(NULL, XFRM_POLICY_IN, skb)) | |
685 | goto drop_no_count; | |
686 | ||
687 | skb_set_network_header(skb, nh); | |
688 | } | |
689 | ||
e41b5368 | 690 | ICMP6_INC_STATS_BH(dev_net(dev), idev, ICMP6_MIB_INMSGS); |
1da177e4 | 691 | |
0660e03f ACM |
692 | saddr = &ipv6_hdr(skb)->saddr; |
693 | daddr = &ipv6_hdr(skb)->daddr; | |
1da177e4 LT |
694 | |
695 | /* Perform checksum. */ | |
fb286bb2 | 696 | switch (skb->ip_summed) { |
84fa7933 | 697 | case CHECKSUM_COMPLETE: |
fb286bb2 HX |
698 | if (!csum_ipv6_magic(saddr, daddr, skb->len, IPPROTO_ICMPV6, |
699 | skb->csum)) | |
700 | break; | |
701 | /* fall through */ | |
702 | case CHECKSUM_NONE: | |
868c86bc AV |
703 | skb->csum = ~csum_unfold(csum_ipv6_magic(saddr, daddr, skb->len, |
704 | IPPROTO_ICMPV6, 0)); | |
fb286bb2 | 705 | if (__skb_checksum_complete(skb)) { |
6d0bfe22 LC |
706 | LIMIT_NETDEBUG(KERN_DEBUG |
707 | "ICMPv6 checksum failed [%pI6c > %pI6c]\n", | |
0c6ce78a | 708 | saddr, daddr); |
6a5dc9e5 | 709 | goto csum_error; |
1da177e4 LT |
710 | } |
711 | } | |
712 | ||
8cf22943 HX |
713 | if (!pskb_pull(skb, sizeof(*hdr))) |
714 | goto discard_it; | |
1da177e4 | 715 | |
cc70ab26 | 716 | hdr = icmp6_hdr(skb); |
1da177e4 LT |
717 | |
718 | type = hdr->icmp6_type; | |
719 | ||
55d43808 | 720 | ICMP6MSGIN_INC_STATS_BH(dev_net(dev), idev, type); |
1da177e4 LT |
721 | |
722 | switch (type) { | |
723 | case ICMPV6_ECHO_REQUEST: | |
724 | icmpv6_echo_reply(skb); | |
725 | break; | |
726 | ||
727 | case ICMPV6_ECHO_REPLY: | |
6d0bfe22 | 728 | ping_rcv(skb); |
1da177e4 LT |
729 | break; |
730 | ||
731 | case ICMPV6_PKT_TOOBIG: | |
732 | /* BUGGG_FUTURE: if packet contains rthdr, we cannot update | |
733 | standard destination cache. Seems, only "advanced" | |
734 | destination cache will allow to solve this problem | |
735 | --ANK (980726) | |
736 | */ | |
737 | if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) | |
738 | goto discard_it; | |
cc70ab26 | 739 | hdr = icmp6_hdr(skb); |
1da177e4 LT |
740 | |
741 | /* | |
742 | * Drop through to notify | |
743 | */ | |
744 | ||
745 | case ICMPV6_DEST_UNREACH: | |
746 | case ICMPV6_TIME_EXCEED: | |
747 | case ICMPV6_PARAMPROB: | |
748 | icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu); | |
749 | break; | |
750 | ||
751 | case NDISC_ROUTER_SOLICITATION: | |
752 | case NDISC_ROUTER_ADVERTISEMENT: | |
753 | case NDISC_NEIGHBOUR_SOLICITATION: | |
754 | case NDISC_NEIGHBOUR_ADVERTISEMENT: | |
755 | case NDISC_REDIRECT: | |
756 | ndisc_rcv(skb); | |
757 | break; | |
758 | ||
759 | case ICMPV6_MGM_QUERY: | |
760 | igmp6_event_query(skb); | |
761 | break; | |
762 | ||
763 | case ICMPV6_MGM_REPORT: | |
764 | igmp6_event_report(skb); | |
765 | break; | |
766 | ||
767 | case ICMPV6_MGM_REDUCTION: | |
768 | case ICMPV6_NI_QUERY: | |
769 | case ICMPV6_NI_REPLY: | |
770 | case ICMPV6_MLD2_REPORT: | |
771 | case ICMPV6_DHAAD_REQUEST: | |
772 | case ICMPV6_DHAAD_REPLY: | |
773 | case ICMPV6_MOBILE_PREFIX_SOL: | |
774 | case ICMPV6_MOBILE_PREFIX_ADV: | |
775 | break; | |
776 | ||
777 | default: | |
64ce2073 | 778 | LIMIT_NETDEBUG(KERN_DEBUG "icmpv6: msg of unknown type\n"); |
1da177e4 LT |
779 | |
780 | /* informational */ | |
781 | if (type & ICMPV6_INFOMSG_MASK) | |
782 | break; | |
783 | ||
1ab1457c YH |
784 | /* |
785 | * error of unknown type. | |
786 | * must pass to upper level | |
1da177e4 LT |
787 | */ |
788 | ||
789 | icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu); | |
3ff50b79 SH |
790 | } |
791 | ||
1da177e4 LT |
792 | kfree_skb(skb); |
793 | return 0; | |
794 | ||
6a5dc9e5 ED |
795 | csum_error: |
796 | ICMP6_INC_STATS_BH(dev_net(dev), idev, ICMP6_MIB_CSUMERRORS); | |
1da177e4 | 797 | discard_it: |
e41b5368 | 798 | ICMP6_INC_STATS_BH(dev_net(dev), idev, ICMP6_MIB_INERRORS); |
8b7817f3 | 799 | drop_no_count: |
1da177e4 LT |
800 | kfree_skb(skb); |
801 | return 0; | |
802 | } | |
803 | ||
4c9483b2 | 804 | void icmpv6_flow_init(struct sock *sk, struct flowi6 *fl6, |
95e41e93 YH |
805 | u8 type, |
806 | const struct in6_addr *saddr, | |
807 | const struct in6_addr *daddr, | |
808 | int oif) | |
809 | { | |
4c9483b2 | 810 | memset(fl6, 0, sizeof(*fl6)); |
4e3fd7a0 AD |
811 | fl6->saddr = *saddr; |
812 | fl6->daddr = *daddr; | |
4c9483b2 | 813 | fl6->flowi6_proto = IPPROTO_ICMPV6; |
1958b856 DM |
814 | fl6->fl6_icmp_type = type; |
815 | fl6->fl6_icmp_code = 0; | |
4c9483b2 DM |
816 | fl6->flowi6_oif = oif; |
817 | security_sk_classify_flow(sk, flowi6_to_flowi(fl6)); | |
95e41e93 YH |
818 | } |
819 | ||
640c41c7 | 820 | /* |
b7e729c4 | 821 | * Special lock-class for __icmpv6_sk: |
640c41c7 IM |
822 | */ |
823 | static struct lock_class_key icmpv6_socket_sk_dst_lock_key; | |
824 | ||
98c6d1b2 | 825 | static int __net_init icmpv6_sk_init(struct net *net) |
1da177e4 LT |
826 | { |
827 | struct sock *sk; | |
828 | int err, i, j; | |
829 | ||
98c6d1b2 DL |
830 | net->ipv6.icmp_sk = |
831 | kzalloc(nr_cpu_ids * sizeof(struct sock *), GFP_KERNEL); | |
832 | if (net->ipv6.icmp_sk == NULL) | |
79c91159 DL |
833 | return -ENOMEM; |
834 | ||
6f912042 | 835 | for_each_possible_cpu(i) { |
1ed8516f DL |
836 | err = inet_ctl_sock_create(&sk, PF_INET6, |
837 | SOCK_RAW, IPPROTO_ICMPV6, net); | |
1da177e4 | 838 | if (err < 0) { |
f3213831 | 839 | pr_err("Failed to initialize the ICMP6 control socket (err %d)\n", |
1da177e4 LT |
840 | err); |
841 | goto fail; | |
842 | } | |
843 | ||
1ed8516f | 844 | net->ipv6.icmp_sk[i] = sk; |
5c8cafd6 | 845 | |
640c41c7 IM |
846 | /* |
847 | * Split off their lock-class, because sk->sk_dst_lock | |
848 | * gets used from softirqs, which is safe for | |
b7e729c4 | 849 | * __icmpv6_sk (because those never get directly used |
640c41c7 IM |
850 | * via userspace syscalls), but unsafe for normal sockets. |
851 | */ | |
852 | lockdep_set_class(&sk->sk_dst_lock, | |
853 | &icmpv6_socket_sk_dst_lock_key); | |
1da177e4 LT |
854 | |
855 | /* Enough space for 2 64K ICMP packets, including | |
856 | * sk_buff struct overhead. | |
857 | */ | |
87fb4b7b | 858 | sk->sk_sndbuf = 2 * SKB_TRUESIZE(64 * 1024); |
1da177e4 | 859 | } |
1da177e4 LT |
860 | return 0; |
861 | ||
862 | fail: | |
5c8cafd6 | 863 | for (j = 0; j < i; j++) |
1ed8516f | 864 | inet_ctl_sock_destroy(net->ipv6.icmp_sk[j]); |
98c6d1b2 | 865 | kfree(net->ipv6.icmp_sk); |
1da177e4 LT |
866 | return err; |
867 | } | |
868 | ||
98c6d1b2 | 869 | static void __net_exit icmpv6_sk_exit(struct net *net) |
1da177e4 LT |
870 | { |
871 | int i; | |
872 | ||
6f912042 | 873 | for_each_possible_cpu(i) { |
1ed8516f | 874 | inet_ctl_sock_destroy(net->ipv6.icmp_sk[i]); |
1da177e4 | 875 | } |
98c6d1b2 DL |
876 | kfree(net->ipv6.icmp_sk); |
877 | } | |
878 | ||
8ed7edce | 879 | static struct pernet_operations icmpv6_sk_ops = { |
98c6d1b2 DL |
880 | .init = icmpv6_sk_init, |
881 | .exit = icmpv6_sk_exit, | |
882 | }; | |
883 | ||
884 | int __init icmpv6_init(void) | |
885 | { | |
886 | int err; | |
887 | ||
888 | err = register_pernet_subsys(&icmpv6_sk_ops); | |
889 | if (err < 0) | |
890 | return err; | |
891 | ||
892 | err = -EAGAIN; | |
893 | if (inet6_add_protocol(&icmpv6_protocol, IPPROTO_ICMPV6) < 0) | |
894 | goto fail; | |
5f5624cf PS |
895 | |
896 | err = inet6_register_icmp_sender(icmp6_send); | |
897 | if (err) | |
898 | goto sender_reg_err; | |
98c6d1b2 DL |
899 | return 0; |
900 | ||
5f5624cf PS |
901 | sender_reg_err: |
902 | inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6); | |
98c6d1b2 | 903 | fail: |
f3213831 | 904 | pr_err("Failed to register ICMP6 protocol\n"); |
98c6d1b2 DL |
905 | unregister_pernet_subsys(&icmpv6_sk_ops); |
906 | return err; | |
907 | } | |
908 | ||
8ed7edce | 909 | void icmpv6_cleanup(void) |
98c6d1b2 | 910 | { |
5f5624cf | 911 | inet6_unregister_icmp_sender(icmp6_send); |
98c6d1b2 | 912 | unregister_pernet_subsys(&icmpv6_sk_ops); |
1da177e4 LT |
913 | inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6); |
914 | } | |
915 | ||
98c6d1b2 | 916 | |
9b5b5cff | 917 | static const struct icmp6_err { |
1da177e4 LT |
918 | int err; |
919 | int fatal; | |
920 | } tab_unreach[] = { | |
921 | { /* NOROUTE */ | |
922 | .err = ENETUNREACH, | |
923 | .fatal = 0, | |
924 | }, | |
925 | { /* ADM_PROHIBITED */ | |
926 | .err = EACCES, | |
927 | .fatal = 1, | |
928 | }, | |
929 | { /* Was NOT_NEIGHBOUR, now reserved */ | |
930 | .err = EHOSTUNREACH, | |
931 | .fatal = 0, | |
932 | }, | |
933 | { /* ADDR_UNREACH */ | |
934 | .err = EHOSTUNREACH, | |
935 | .fatal = 0, | |
936 | }, | |
937 | { /* PORT_UNREACH */ | |
938 | .err = ECONNREFUSED, | |
939 | .fatal = 1, | |
940 | }, | |
61e76b17 JB |
941 | { /* POLICY_FAIL */ |
942 | .err = EACCES, | |
943 | .fatal = 1, | |
944 | }, | |
945 | { /* REJECT_ROUTE */ | |
946 | .err = EACCES, | |
947 | .fatal = 1, | |
948 | }, | |
1da177e4 LT |
949 | }; |
950 | ||
d5fdd6ba | 951 | int icmpv6_err_convert(u8 type, u8 code, int *err) |
1da177e4 LT |
952 | { |
953 | int fatal = 0; | |
954 | ||
955 | *err = EPROTO; | |
956 | ||
957 | switch (type) { | |
958 | case ICMPV6_DEST_UNREACH: | |
959 | fatal = 1; | |
61e76b17 | 960 | if (code < ARRAY_SIZE(tab_unreach)) { |
1da177e4 LT |
961 | *err = tab_unreach[code].err; |
962 | fatal = tab_unreach[code].fatal; | |
963 | } | |
964 | break; | |
965 | ||
966 | case ICMPV6_PKT_TOOBIG: | |
967 | *err = EMSGSIZE; | |
968 | break; | |
1ab1457c | 969 | |
1da177e4 LT |
970 | case ICMPV6_PARAMPROB: |
971 | *err = EPROTO; | |
972 | fatal = 1; | |
973 | break; | |
974 | ||
975 | case ICMPV6_TIME_EXCEED: | |
976 | *err = EHOSTUNREACH; | |
977 | break; | |
3ff50b79 | 978 | } |
1da177e4 LT |
979 | |
980 | return fatal; | |
981 | } | |
7159039a YH |
982 | EXPORT_SYMBOL(icmpv6_err_convert); |
983 | ||
1da177e4 | 984 | #ifdef CONFIG_SYSCTL |
e8243534 | 985 | static struct ctl_table ipv6_icmp_table_template[] = { |
1da177e4 | 986 | { |
1da177e4 | 987 | .procname = "ratelimit", |
41a76906 | 988 | .data = &init_net.ipv6.sysctl.icmpv6_time, |
1da177e4 LT |
989 | .maxlen = sizeof(int), |
990 | .mode = 0644, | |
6d9f239a | 991 | .proc_handler = proc_dointvec_ms_jiffies, |
1da177e4 | 992 | }, |
f8572d8f | 993 | { }, |
1da177e4 | 994 | }; |
760f2d01 | 995 | |
2c8c1e72 | 996 | struct ctl_table * __net_init ipv6_icmp_sysctl_init(struct net *net) |
760f2d01 DL |
997 | { |
998 | struct ctl_table *table; | |
999 | ||
1000 | table = kmemdup(ipv6_icmp_table_template, | |
1001 | sizeof(ipv6_icmp_table_template), | |
1002 | GFP_KERNEL); | |
5ee09105 | 1003 | |
c027aab4 | 1004 | if (table) |
5ee09105 YH |
1005 | table[0].data = &net->ipv6.sysctl.icmpv6_time; |
1006 | ||
760f2d01 DL |
1007 | return table; |
1008 | } | |
1da177e4 LT |
1009 | #endif |
1010 |