]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blob - net/ipv6/icmp.c
projects / mirror_ubuntu-zesty-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
[NET] NETNS: Omit net_device->nd_net without CONFIG_NET_NS.
[mirror_ubuntu-zesty-kernel.git] / net / ipv6 / icmp.c
1 /*
2 * Internet Control Message Protocol (ICMPv6)
3 * Linux INET6 implementation
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 *
8 * $Id: icmp.c,v 1.38 2002/02/08 03:57:19 davem Exp $
9 *
10 * Based on net/ipv4/icmp.c
11 *
12 * RFC 1885
13 *
14 * This program is free software; you can redistribute it and/or
15 * modify it under the terms of the GNU General Public License
16 * as published by the Free Software Foundation; either version
17 * 2 of the License, or (at your option) any later version.
18 */
19
20 /*
21 * Changes:
22 *
23 * Andi Kleen : exception handling
24 * Andi Kleen add rate limits. never reply to a icmp.
25 * add more length checks and other fixes.
26 * yoshfuji : ensure to sent parameter problem for
27 * fragments.
28 * YOSHIFUJI Hideaki @USAGI: added sysctl for icmp rate limit.
29 * Randy Dunlap and
30 * YOSHIFUJI Hideaki @USAGI: Per-interface statistics support
31 * Kazunori MIYAZAWA @USAGI: change output process to use ip6_append_data
32 */
33
34 #include <linux/module.h>
35 #include <linux/errno.h>
36 #include <linux/types.h>
37 #include <linux/socket.h>
38 #include <linux/in.h>
39 #include <linux/kernel.h>
40 #include <linux/sockios.h>
41 #include <linux/net.h>
42 #include <linux/skbuff.h>
43 #include <linux/init.h>
44 #include <linux/netfilter.h>
45
46 #ifdef CONFIG_SYSCTL
47 #include <linux/sysctl.h>
48 #endif
49
50 #include <linux/inet.h>
51 #include <linux/netdevice.h>
52 #include <linux/icmpv6.h>
53
54 #include <net/ip.h>
55 #include <net/sock.h>
56
57 #include <net/ipv6.h>
58 #include <net/ip6_checksum.h>
59 #include <net/protocol.h>
60 #include <net/raw.h>
61 #include <net/rawv6.h>
62 #include <net/transp_v6.h>
63 #include <net/ip6_route.h>
64 #include <net/addrconf.h>
65 #include <net/icmp.h>
66 #include <net/xfrm.h>
67
68 #include <asm/uaccess.h>
69 #include <asm/system.h>
70
71 DEFINE_SNMP_STAT(struct icmpv6_mib, icmpv6_statistics) __read_mostly;
72 EXPORT_SYMBOL(icmpv6_statistics);
73 DEFINE_SNMP_STAT(struct icmpv6msg_mib, icmpv6msg_statistics) __read_mostly;
74 EXPORT_SYMBOL(icmpv6msg_statistics);
75
76 /*
77 * The ICMP socket(s). This is the most convenient way to flow control
78 * our ICMP output as well as maintain a clean interface throughout
79 * all layers. All Socketless IP sends will soon be gone.
80 *
81 * On SMP we have one ICMP socket per-cpu.
82 */
83 static inline struct sock *icmpv6_sk(struct net *net)
84 {
85 return net->ipv6.icmp_sk[smp_processor_id()];
86 }
87
88 static int icmpv6_rcv(struct sk_buff *skb);
89
90 static struct inet6_protocol icmpv6_protocol = {
91 .handler = icmpv6_rcv,
92 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
93 };
94
95 static __inline__ int icmpv6_xmit_lock(struct sock *sk)
96 {
97 local_bh_disable();
98
99 if (unlikely(!spin_trylock(&sk->sk_lock.slock))) {
100 /* This can happen if the output path (f.e. SIT or
101 * ip6ip6 tunnel) signals dst_link_failure() for an
102 * outgoing ICMP6 packet.
103 */
104 local_bh_enable();
105 return 1;
106 }
107 return 0;
108 }
109
110 static __inline__ void icmpv6_xmit_unlock(struct sock *sk)
111 {
112 spin_unlock_bh(&sk->sk_lock.slock);
113 }
114
115 /*
116 * Slightly more convenient version of icmpv6_send.
117 */
118 void icmpv6_param_prob(struct sk_buff *skb, int code, int pos)
119 {
120 icmpv6_send(skb, ICMPV6_PARAMPROB, code, pos, skb->dev);
121 kfree_skb(skb);
122 }
123
124 /*
125 * Figure out, may we reply to this packet with icmp error.
126 *
127 * We do not reply, if:
128 * - it was icmp error message.
129 * - it is truncated, so that it is known, that protocol is ICMPV6
130 * (i.e. in the middle of some exthdr)
131 *
132 * --ANK (980726)
133 */
134
135 static int is_ineligible(struct sk_buff *skb)
136 {
137 int ptr = (u8 *)(ipv6_hdr(skb) + 1) - skb->data;
138 int len = skb->len - ptr;
139 __u8 nexthdr = ipv6_hdr(skb)->nexthdr;
140
141 if (len < 0)
142 return 1;
143
144 ptr = ipv6_skip_exthdr(skb, ptr, &nexthdr);
145 if (ptr < 0)
146 return 0;
147 if (nexthdr == IPPROTO_ICMPV6) {
148 u8 _type, *tp;
149 tp = skb_header_pointer(skb,
150 ptr+offsetof(struct icmp6hdr, icmp6_type),
151 sizeof(_type), &_type);
152 if (tp == NULL ||
153 !(*tp & ICMPV6_INFOMSG_MASK))
154 return 1;
155 }
156 return 0;
157 }
158
159 /*
160 * Check the ICMP output rate limit
161 */
162 static inline int icmpv6_xrlim_allow(struct sock *sk, int type,
163 struct flowi *fl)
164 {
165 struct dst_entry *dst;
166 struct net *net = sk->sk_net;
167 int res = 0;
168
169 /* Informational messages are not limited. */
170 if (type & ICMPV6_INFOMSG_MASK)
171 return 1;
172
173 /* Do not limit pmtu discovery, it would break it. */
174 if (type == ICMPV6_PKT_TOOBIG)
175 return 1;
176
177 /*
178 * Look up the output route.
179 * XXX: perhaps the expire for routing entries cloned by
180 * this lookup should be more aggressive (not longer than timeout).
181 */
182 dst = ip6_route_output(net, sk, fl);
183 if (dst->error) {
184 IP6_INC_STATS(ip6_dst_idev(dst),
185 IPSTATS_MIB_OUTNOROUTES);
186 } else if (dst->dev && (dst->dev->flags&IFF_LOOPBACK)) {
187 res = 1;
188 } else {
189 struct rt6_info *rt = (struct rt6_info *)dst;
190 int tmo = net->ipv6.sysctl.icmpv6_time;
191
192 /* Give more bandwidth to wider prefixes. */
193 if (rt->rt6i_dst.plen < 128)
194 tmo >>= ((128 - rt->rt6i_dst.plen)>>5);
195
196 res = xrlim_allow(dst, tmo);
197 }
198 dst_release(dst);
199 return res;
200 }
201
202 /*
203 * an inline helper for the "simple" if statement below
204 * checks if parameter problem report is caused by an
205 * unrecognized IPv6 option that has the Option Type
206 * highest-order two bits set to 10
207 */
208
209 static __inline__ int opt_unrec(struct sk_buff *skb, __u32 offset)
210 {
211 u8 _optval, *op;
212
213 offset += skb_network_offset(skb);
214 op = skb_header_pointer(skb, offset, sizeof(_optval), &_optval);
215 if (op == NULL)
216 return 1;
217 return (*op & 0xC0) == 0x80;
218 }
219
220 static int icmpv6_push_pending_frames(struct sock *sk, struct flowi *fl, struct icmp6hdr *thdr, int len)
221 {
222 struct sk_buff *skb;
223 struct icmp6hdr *icmp6h;
224 int err = 0;
225
226 if ((skb = skb_peek(&sk->sk_write_queue)) == NULL)
227 goto out;
228
229 icmp6h = icmp6_hdr(skb);
230 memcpy(icmp6h, thdr, sizeof(struct icmp6hdr));
231 icmp6h->icmp6_cksum = 0;
232
233 if (skb_queue_len(&sk->sk_write_queue) == 1) {
234 skb->csum = csum_partial((char *)icmp6h,
235 sizeof(struct icmp6hdr), skb->csum);
236 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl->fl6_src,
237 &fl->fl6_dst,
238 len, fl->proto,
239 skb->csum);
240 } else {
241 __wsum tmp_csum = 0;
242
243 skb_queue_walk(&sk->sk_write_queue, skb) {
244 tmp_csum = csum_add(tmp_csum, skb->csum);
245 }
246
247 tmp_csum = csum_partial((char *)icmp6h,
248 sizeof(struct icmp6hdr), tmp_csum);
249 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl->fl6_src,
250 &fl->fl6_dst,
251 len, fl->proto,
252 tmp_csum);
253 }
254 ip6_push_pending_frames(sk);
255 out:
256 return err;
257 }
258
259 struct icmpv6_msg {
260 struct sk_buff *skb;
261 int offset;
262 uint8_t type;
263 };
264
265 static int icmpv6_getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb)
266 {
267 struct icmpv6_msg *msg = (struct icmpv6_msg *) from;
268 struct sk_buff *org_skb = msg->skb;
269 __wsum csum = 0;
270
271 csum = skb_copy_and_csum_bits(org_skb, msg->offset + offset,
272 to, len, csum);
273 skb->csum = csum_block_add(skb->csum, csum, odd);
274 if (!(msg->type & ICMPV6_INFOMSG_MASK))
275 nf_ct_attach(skb, org_skb);
276 return 0;
277 }
278
279 #if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE)
280 static void mip6_addr_swap(struct sk_buff *skb)
281 {
282 struct ipv6hdr *iph = ipv6_hdr(skb);
283 struct inet6_skb_parm *opt = IP6CB(skb);
284 struct ipv6_destopt_hao *hao;
285 struct in6_addr tmp;
286 int off;
287
288 if (opt->dsthao) {
289 off = ipv6_find_tlv(skb, opt->dsthao, IPV6_TLV_HAO);
290 if (likely(off >= 0)) {
291 hao = (struct ipv6_destopt_hao *)
292 (skb_network_header(skb) + off);
293 ipv6_addr_copy(&tmp, &iph->saddr);
294 ipv6_addr_copy(&iph->saddr, &hao->addr);
295 ipv6_addr_copy(&hao->addr, &tmp);
296 }
297 }
298 }
299 #else
300 static inline void mip6_addr_swap(struct sk_buff *skb) {}
301 #endif
302
303 /*
304 * Send an ICMP message in response to a packet in error
305 */
306 void icmpv6_send(struct sk_buff *skb, int type, int code, __u32 info,
307 struct net_device *dev)
308 {
309 struct net *net = dev_net(skb->dev);
310 struct inet6_dev *idev = NULL;
311 struct ipv6hdr *hdr = ipv6_hdr(skb);
312 struct sock *sk;
313 struct ipv6_pinfo *np;
314 struct in6_addr *saddr = NULL;
315 struct dst_entry *dst;
316 struct dst_entry *dst2;
317 struct icmp6hdr tmp_hdr;
318 struct flowi fl;
319 struct flowi fl2;
320 struct icmpv6_msg msg;
321 int iif = 0;
322 int addr_type = 0;
323 int len;
324 int hlimit, tclass;
325 int err = 0;
326
327 if ((u8 *)hdr < skb->head ||
328 (skb->network_header + sizeof(*hdr)) > skb->tail)
329 return;
330
331 /*
332 * Make sure we respect the rules
333 * i.e. RFC 1885 2.4(e)
334 * Rule (e.1) is enforced by not using icmpv6_send
335 * in any code that processes icmp errors.
336 */
337 addr_type = ipv6_addr_type(&hdr->daddr);
338
339 if (ipv6_chk_addr(net, &hdr->daddr, skb->dev, 0))
340 saddr = &hdr->daddr;
341
342 /*
343 * Dest addr check
344 */
345
346 if ((addr_type & IPV6_ADDR_MULTICAST || skb->pkt_type != PACKET_HOST)) {
347 if (type != ICMPV6_PKT_TOOBIG &&
348 !(type == ICMPV6_PARAMPROB &&
349 code == ICMPV6_UNK_OPTION &&
350 (opt_unrec(skb, info))))
351 return;
352
353 saddr = NULL;
354 }
355
356 addr_type = ipv6_addr_type(&hdr->saddr);
357
358 /*
359 * Source addr check
360 */
361
362 if (addr_type & IPV6_ADDR_LINKLOCAL)
363 iif = skb->dev->ifindex;
364
365 /*
366 * Must not send error if the source does not uniquely
367 * identify a single node (RFC2463 Section 2.4).
368 * We check unspecified / multicast addresses here,
369 * and anycast addresses will be checked later.
370 */
371 if ((addr_type == IPV6_ADDR_ANY) || (addr_type & IPV6_ADDR_MULTICAST)) {
372 LIMIT_NETDEBUG(KERN_DEBUG "icmpv6_send: addr_any/mcast source\n");
373 return;
374 }
375
376 /*
377 * Never answer to a ICMP packet.
378 */
379 if (is_ineligible(skb)) {
380 LIMIT_NETDEBUG(KERN_DEBUG "icmpv6_send: no reply to icmp error\n");
381 return;
382 }
383
384 mip6_addr_swap(skb);
385
386 memset(&fl, 0, sizeof(fl));
387 fl.proto = IPPROTO_ICMPV6;
388 ipv6_addr_copy(&fl.fl6_dst, &hdr->saddr);
389 if (saddr)
390 ipv6_addr_copy(&fl.fl6_src, saddr);
391 fl.oif = iif;
392 fl.fl_icmp_type = type;
393 fl.fl_icmp_code = code;
394 security_skb_classify_flow(skb, &fl);
395
396 sk = icmpv6_sk(net);
397 np = inet6_sk(sk);
398
399 if (icmpv6_xmit_lock(sk))
400 return;
401
402 if (!icmpv6_xrlim_allow(sk, type, &fl))
403 goto out;
404
405 tmp_hdr.icmp6_type = type;
406 tmp_hdr.icmp6_code = code;
407 tmp_hdr.icmp6_cksum = 0;
408 tmp_hdr.icmp6_pointer = htonl(info);
409
410 if (!fl.oif && ipv6_addr_is_multicast(&fl.fl6_dst))
411 fl.oif = np->mcast_oif;
412
413 err = ip6_dst_lookup(sk, &dst, &fl);
414 if (err)
415 goto out;
416
417 /*
418 * We won't send icmp if the destination is known
419 * anycast.
420 */
421 if (((struct rt6_info *)dst)->rt6i_flags & RTF_ANYCAST) {
422 LIMIT_NETDEBUG(KERN_DEBUG "icmpv6_send: acast source\n");
423 goto out_dst_release;
424 }
425
426 /* No need to clone since we're just using its address. */
427 dst2 = dst;
428
429 err = xfrm_lookup(&dst, &fl, sk, 0);
430 switch (err) {
431 case 0:
432 if (dst != dst2)
433 goto route_done;
434 break;
435 case -EPERM:
436 dst = NULL;
437 break;
438 default:
439 goto out;
440 }
441
442 if (xfrm_decode_session_reverse(skb, &fl2, AF_INET6))
443 goto out;
444
445 if (ip6_dst_lookup(sk, &dst2, &fl))
446 goto out;
447
448 err = xfrm_lookup(&dst2, &fl, sk, XFRM_LOOKUP_ICMP);
449 if (err == -ENOENT) {
450 if (!dst)
451 goto out;
452 goto route_done;
453 }
454
455 dst_release(dst);
456 dst = dst2;
457
458 if (err)
459 goto out;
460
461 route_done:
462 if (ipv6_addr_is_multicast(&fl.fl6_dst))
463 hlimit = np->mcast_hops;
464 else
465 hlimit = np->hop_limit;
466 if (hlimit < 0)
467 hlimit = ip6_dst_hoplimit(dst);
468
469 tclass = np->tclass;
470 if (tclass < 0)
471 tclass = 0;
472
473 msg.skb = skb;
474 msg.offset = skb_network_offset(skb);
475 msg.type = type;
476
477 len = skb->len - msg.offset;
478 len = min_t(unsigned int, len, IPV6_MIN_MTU - sizeof(struct ipv6hdr) -sizeof(struct icmp6hdr));
479 if (len < 0) {
480 LIMIT_NETDEBUG(KERN_DEBUG "icmp: len problem\n");
481 goto out_dst_release;
482 }
483
484 idev = in6_dev_get(skb->dev);
485
486 err = ip6_append_data(sk, icmpv6_getfrag, &msg,
487 len + sizeof(struct icmp6hdr),
488 sizeof(struct icmp6hdr),
489 hlimit, tclass, NULL, &fl, (struct rt6_info*)dst,
490 MSG_DONTWAIT);
491 if (err) {
492 ip6_flush_pending_frames(sk);
493 goto out_put;
494 }
495 err = icmpv6_push_pending_frames(sk, &fl, &tmp_hdr, len + sizeof(struct icmp6hdr));
496
497 out_put:
498 if (likely(idev != NULL))
499 in6_dev_put(idev);
500 out_dst_release:
501 dst_release(dst);
502 out:
503 icmpv6_xmit_unlock(sk);
504 }
505
506 EXPORT_SYMBOL(icmpv6_send);
507
508 static void icmpv6_echo_reply(struct sk_buff *skb)
509 {
510 struct net *net = dev_net(skb->dev);
511 struct sock *sk;
512 struct inet6_dev *idev;
513 struct ipv6_pinfo *np;
514 struct in6_addr *saddr = NULL;
515 struct icmp6hdr *icmph = icmp6_hdr(skb);
516 struct icmp6hdr tmp_hdr;
517 struct flowi fl;
518 struct icmpv6_msg msg;
519 struct dst_entry *dst;
520 int err = 0;
521 int hlimit;
522 int tclass;
523
524 saddr = &ipv6_hdr(skb)->daddr;
525
526 if (!ipv6_unicast_destination(skb))
527 saddr = NULL;
528
529 memcpy(&tmp_hdr, icmph, sizeof(tmp_hdr));
530 tmp_hdr.icmp6_type = ICMPV6_ECHO_REPLY;
531
532 memset(&fl, 0, sizeof(fl));
533 fl.proto = IPPROTO_ICMPV6;
534 ipv6_addr_copy(&fl.fl6_dst, &ipv6_hdr(skb)->saddr);
535 if (saddr)
536 ipv6_addr_copy(&fl.fl6_src, saddr);
537 fl.oif = skb->dev->ifindex;
538 fl.fl_icmp_type = ICMPV6_ECHO_REPLY;
539 security_skb_classify_flow(skb, &fl);
540
541 sk = icmpv6_sk(net);
542 np = inet6_sk(sk);
543
544 if (icmpv6_xmit_lock(sk))
545 return;
546
547 if (!fl.oif && ipv6_addr_is_multicast(&fl.fl6_dst))
548 fl.oif = np->mcast_oif;
549
550 err = ip6_dst_lookup(sk, &dst, &fl);
551 if (err)
552 goto out;
553 if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0)
554 goto out;
555
556 if (ipv6_addr_is_multicast(&fl.fl6_dst))
557 hlimit = np->mcast_hops;
558 else
559 hlimit = np->hop_limit;
560 if (hlimit < 0)
561 hlimit = ip6_dst_hoplimit(dst);
562
563 tclass = np->tclass;
564 if (tclass < 0)
565 tclass = 0;
566
567 idev = in6_dev_get(skb->dev);
568
569 msg.skb = skb;
570 msg.offset = 0;
571 msg.type = ICMPV6_ECHO_REPLY;
572
573 err = ip6_append_data(sk, icmpv6_getfrag, &msg, skb->len + sizeof(struct icmp6hdr),
574 sizeof(struct icmp6hdr), hlimit, tclass, NULL, &fl,
575 (struct rt6_info*)dst, MSG_DONTWAIT);
576
577 if (err) {
578 ip6_flush_pending_frames(sk);
579 goto out_put;
580 }
581 err = icmpv6_push_pending_frames(sk, &fl, &tmp_hdr, skb->len + sizeof(struct icmp6hdr));
582
583 out_put:
584 if (likely(idev != NULL))
585 in6_dev_put(idev);
586 dst_release(dst);
587 out:
588 icmpv6_xmit_unlock(sk);
589 }
590
591 static void icmpv6_notify(struct sk_buff *skb, int type, int code, __be32 info)
592 {
593 struct inet6_protocol *ipprot;
594 int inner_offset;
595 int hash;
596 u8 nexthdr;
597
598 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
599 return;
600
601 nexthdr = ((struct ipv6hdr *)skb->data)->nexthdr;
602 if (ipv6_ext_hdr(nexthdr)) {
603 /* now skip over extension headers */
604 inner_offset = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), &nexthdr);
605 if (inner_offset<0)
606 return;
607 } else {
608 inner_offset = sizeof(struct ipv6hdr);
609 }
610
611 /* Checkin header including 8 bytes of inner protocol header. */
612 if (!pskb_may_pull(skb, inner_offset+8))
613 return;
614
615 /* BUGGG_FUTURE: we should try to parse exthdrs in this packet.
616 Without this we will not able f.e. to make source routed
617 pmtu discovery.
618 Corresponding argument (opt) to notifiers is already added.
619 --ANK (980726)
620 */
621
622 hash = nexthdr & (MAX_INET_PROTOS - 1);
623
624 rcu_read_lock();
625 ipprot = rcu_dereference(inet6_protos[hash]);
626 if (ipprot && ipprot->err_handler)
627 ipprot->err_handler(skb, NULL, type, code, inner_offset, info);
628 rcu_read_unlock();
629
630 raw6_icmp_error(skb, nexthdr, type, code, inner_offset, info);
631 }
632
633 /*
634 * Handle icmp messages
635 */
636
637 static int icmpv6_rcv(struct sk_buff *skb)
638 {
639 struct net_device *dev = skb->dev;
640 struct inet6_dev *idev = __in6_dev_get(dev);
641 struct in6_addr *saddr, *daddr;
642 struct ipv6hdr *orig_hdr;
643 struct icmp6hdr *hdr;
644 int type;
645
646 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
647 int nh;
648
649 if (!(skb->sp && skb->sp->xvec[skb->sp->len - 1]->props.flags &
650 XFRM_STATE_ICMP))
651 goto drop_no_count;
652
653 if (!pskb_may_pull(skb, sizeof(*hdr) + sizeof(*orig_hdr)))
654 goto drop_no_count;
655
656 nh = skb_network_offset(skb);
657 skb_set_network_header(skb, sizeof(*hdr));
658
659 if (!xfrm6_policy_check_reverse(NULL, XFRM_POLICY_IN, skb))
660 goto drop_no_count;
661
662 skb_set_network_header(skb, nh);
663 }
664
665 ICMP6_INC_STATS_BH(idev, ICMP6_MIB_INMSGS);
666
667 saddr = &ipv6_hdr(skb)->saddr;
668 daddr = &ipv6_hdr(skb)->daddr;
669
670 /* Perform checksum. */
671 switch (skb->ip_summed) {
672 case CHECKSUM_COMPLETE:
673 if (!csum_ipv6_magic(saddr, daddr, skb->len, IPPROTO_ICMPV6,
674 skb->csum))
675 break;
676 /* fall through */
677 case CHECKSUM_NONE:
678 skb->csum = ~csum_unfold(csum_ipv6_magic(saddr, daddr, skb->len,
679 IPPROTO_ICMPV6, 0));
680 if (__skb_checksum_complete(skb)) {
681 LIMIT_NETDEBUG(KERN_DEBUG "ICMPv6 checksum failed [" NIP6_FMT " > " NIP6_FMT "]\n",
682 NIP6(*saddr), NIP6(*daddr));
683 goto discard_it;
684 }
685 }
686
687 if (!pskb_pull(skb, sizeof(*hdr)))
688 goto discard_it;
689
690 hdr = icmp6_hdr(skb);
691
692 type = hdr->icmp6_type;
693
694 ICMP6MSGIN_INC_STATS_BH(idev, type);
695
696 switch (type) {
697 case ICMPV6_ECHO_REQUEST:
698 icmpv6_echo_reply(skb);
699 break;
700
701 case ICMPV6_ECHO_REPLY:
702 /* we couldn't care less */
703 break;
704
705 case ICMPV6_PKT_TOOBIG:
706 /* BUGGG_FUTURE: if packet contains rthdr, we cannot update
707 standard destination cache. Seems, only "advanced"
708 destination cache will allow to solve this problem
709 --ANK (980726)
710 */
711 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
712 goto discard_it;
713 hdr = icmp6_hdr(skb);
714 orig_hdr = (struct ipv6hdr *) (hdr + 1);
715 rt6_pmtu_discovery(&orig_hdr->daddr, &orig_hdr->saddr, dev,
716 ntohl(hdr->icmp6_mtu));
717
718 /*
719 * Drop through to notify
720 */
721
722 case ICMPV6_DEST_UNREACH:
723 case ICMPV6_TIME_EXCEED:
724 case ICMPV6_PARAMPROB:
725 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu);
726 break;
727
728 case NDISC_ROUTER_SOLICITATION:
729 case NDISC_ROUTER_ADVERTISEMENT:
730 case NDISC_NEIGHBOUR_SOLICITATION:
731 case NDISC_NEIGHBOUR_ADVERTISEMENT:
732 case NDISC_REDIRECT:
733 ndisc_rcv(skb);
734 break;
735
736 case ICMPV6_MGM_QUERY:
737 igmp6_event_query(skb);
738 break;
739
740 case ICMPV6_MGM_REPORT:
741 igmp6_event_report(skb);
742 break;
743
744 case ICMPV6_MGM_REDUCTION:
745 case ICMPV6_NI_QUERY:
746 case ICMPV6_NI_REPLY:
747 case ICMPV6_MLD2_REPORT:
748 case ICMPV6_DHAAD_REQUEST:
749 case ICMPV6_DHAAD_REPLY:
750 case ICMPV6_MOBILE_PREFIX_SOL:
751 case ICMPV6_MOBILE_PREFIX_ADV:
752 break;
753
754 default:
755 LIMIT_NETDEBUG(KERN_DEBUG "icmpv6: msg of unknown type\n");
756
757 /* informational */
758 if (type & ICMPV6_INFOMSG_MASK)
759 break;
760
761 /*
762 * error of unknown type.
763 * must pass to upper level
764 */
765
766 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu);
767 }
768
769 kfree_skb(skb);
770 return 0;
771
772 discard_it:
773 ICMP6_INC_STATS_BH(idev, ICMP6_MIB_INERRORS);
774 drop_no_count:
775 kfree_skb(skb);
776 return 0;
777 }
778
779 void icmpv6_flow_init(struct sock *sk, struct flowi *fl,
780 u8 type,
781 const struct in6_addr *saddr,
782 const struct in6_addr *daddr,
783 int oif)
784 {
785 memset(fl, 0, sizeof(*fl));
786 ipv6_addr_copy(&fl->fl6_src, saddr);
787 ipv6_addr_copy(&fl->fl6_dst, daddr);
788 fl->proto = IPPROTO_ICMPV6;
789 fl->fl_icmp_type = type;
790 fl->fl_icmp_code = 0;
791 fl->oif = oif;
792 security_sk_classify_flow(sk, fl);
793 }
794
795 /*
796 * Special lock-class for __icmpv6_sk:
797 */
798 static struct lock_class_key icmpv6_socket_sk_dst_lock_key;
799
800 static int __net_init icmpv6_sk_init(struct net *net)
801 {
802 struct sock *sk;
803 int err, i, j;
804
805 net->ipv6.icmp_sk =
806 kzalloc(nr_cpu_ids * sizeof(struct sock *), GFP_KERNEL);
807 if (net->ipv6.icmp_sk == NULL)
808 return -ENOMEM;
809
810 for_each_possible_cpu(i) {
811 struct socket *sock;
812 err = sock_create_kern(PF_INET6, SOCK_RAW, IPPROTO_ICMPV6,
813 &sock);
814 if (err < 0) {
815 printk(KERN_ERR
816 "Failed to initialize the ICMP6 control socket "
817 "(err %d).\n",
818 err);
819 goto fail;
820 }
821
822 net->ipv6.icmp_sk[i] = sk = sock->sk;
823 sk_change_net(sk, net);
824
825 sk->sk_allocation = GFP_ATOMIC;
826 /*
827 * Split off their lock-class, because sk->sk_dst_lock
828 * gets used from softirqs, which is safe for
829 * __icmpv6_sk (because those never get directly used
830 * via userspace syscalls), but unsafe for normal sockets.
831 */
832 lockdep_set_class(&sk->sk_dst_lock,
833 &icmpv6_socket_sk_dst_lock_key);
834
835 /* Enough space for 2 64K ICMP packets, including
836 * sk_buff struct overhead.
837 */
838 sk->sk_sndbuf =
839 (2 * ((64 * 1024) + sizeof(struct sk_buff)));
840
841 sk->sk_prot->unhash(sk);
842 }
843 return 0;
844
845 fail:
846 for (j = 0; j < i; j++)
847 sk_release_kernel(net->ipv6.icmp_sk[j]);
848 kfree(net->ipv6.icmp_sk);
849 return err;
850 }
851
852 static void __net_exit icmpv6_sk_exit(struct net *net)
853 {
854 int i;
855
856 for_each_possible_cpu(i) {
857 sk_release_kernel(net->ipv6.icmp_sk[i]);
858 }
859 kfree(net->ipv6.icmp_sk);
860 }
861
862 static struct pernet_operations icmpv6_sk_ops = {
863 .init = icmpv6_sk_init,
864 .exit = icmpv6_sk_exit,
865 };
866
867 int __init icmpv6_init(void)
868 {
869 int err;
870
871 err = register_pernet_subsys(&icmpv6_sk_ops);
872 if (err < 0)
873 return err;
874
875 err = -EAGAIN;
876 if (inet6_add_protocol(&icmpv6_protocol, IPPROTO_ICMPV6) < 0)
877 goto fail;
878 return 0;
879
880 fail:
881 printk(KERN_ERR "Failed to register ICMP6 protocol\n");
882 unregister_pernet_subsys(&icmpv6_sk_ops);
883 return err;
884 }
885
886 void icmpv6_cleanup(void)
887 {
888 unregister_pernet_subsys(&icmpv6_sk_ops);
889 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6);
890 }
891
892
893 static const struct icmp6_err {
894 int err;
895 int fatal;
896 } tab_unreach[] = {
897 { /* NOROUTE */
898 .err = ENETUNREACH,
899 .fatal = 0,
900 },
901 { /* ADM_PROHIBITED */
902 .err = EACCES,
903 .fatal = 1,
904 },
905 { /* Was NOT_NEIGHBOUR, now reserved */
906 .err = EHOSTUNREACH,
907 .fatal = 0,
908 },
909 { /* ADDR_UNREACH */
910 .err = EHOSTUNREACH,
911 .fatal = 0,
912 },
913 { /* PORT_UNREACH */
914 .err = ECONNREFUSED,
915 .fatal = 1,
916 },
917 };
918
919 int icmpv6_err_convert(int type, int code, int *err)
920 {
921 int fatal = 0;
922
923 *err = EPROTO;
924
925 switch (type) {
926 case ICMPV6_DEST_UNREACH:
927 fatal = 1;
928 if (code <= ICMPV6_PORT_UNREACH) {
929 *err = tab_unreach[code].err;
930 fatal = tab_unreach[code].fatal;
931 }
932 break;
933
934 case ICMPV6_PKT_TOOBIG:
935 *err = EMSGSIZE;
936 break;
937
938 case ICMPV6_PARAMPROB:
939 *err = EPROTO;
940 fatal = 1;
941 break;
942
943 case ICMPV6_TIME_EXCEED:
944 *err = EHOSTUNREACH;
945 break;
946 }
947
948 return fatal;
949 }
950
951 EXPORT_SYMBOL(icmpv6_err_convert);
952
953 #ifdef CONFIG_SYSCTL
954 ctl_table ipv6_icmp_table_template[] = {
955 {
956 .ctl_name = NET_IPV6_ICMP_RATELIMIT,
957 .procname = "ratelimit",
958 .data = &init_net.ipv6.sysctl.icmpv6_time,
959 .maxlen = sizeof(int),
960 .mode = 0644,
961 .proc_handler = &proc_dointvec
962 },
963 { .ctl_name = 0 },
964 };
965
966 struct ctl_table *ipv6_icmp_sysctl_init(struct net *net)
967 {
968 struct ctl_table *table;
969
970 table = kmemdup(ipv6_icmp_table_template,
971 sizeof(ipv6_icmp_table_template),
972 GFP_KERNEL);
973
974 if (table)
975 table[0].data = &net->ipv6.sysctl.icmpv6_time;
976
977 return table;
978 }
979 #endif
980
ubuntu-zesty-kernel mirror