]> git.proxmox.com Git - mirror_ubuntu-kernels.git/blob - net/ipv6/icmp.c
projects / mirror_ubuntu-kernels.git / blob
? search:


bafdd04a768d16b7c862db3ac84ad1633deafc09
[mirror_ubuntu-kernels.git] / net / ipv6 / icmp.c
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Internet Control Message Protocol (ICMPv6)
4 * Linux INET6 implementation
5 *
6 * Authors:
7 * Pedro Roque <roque@di.fc.ul.pt>
8 *
9 * Based on net/ipv4/icmp.c
10 *
11 * RFC 1885
12 */
13
14 /*
15 * Changes:
16 *
17 * Andi Kleen : exception handling
18 * Andi Kleen add rate limits. never reply to a icmp.
19 * add more length checks and other fixes.
20 * yoshfuji : ensure to sent parameter problem for
21 * fragments.
22 * YOSHIFUJI Hideaki @USAGI: added sysctl for icmp rate limit.
23 * Randy Dunlap and
24 * YOSHIFUJI Hideaki @USAGI: Per-interface statistics support
25 * Kazunori MIYAZAWA @USAGI: change output process to use ip6_append_data
26 */
27
28 #define pr_fmt(fmt) "IPv6: " fmt
29
30 #include <linux/module.h>
31 #include <linux/errno.h>
32 #include <linux/types.h>
33 #include <linux/socket.h>
34 #include <linux/in.h>
35 #include <linux/kernel.h>
36 #include <linux/sockios.h>
37 #include <linux/net.h>
38 #include <linux/skbuff.h>
39 #include <linux/init.h>
40 #include <linux/netfilter.h>
41 #include <linux/slab.h>
42
43 #ifdef CONFIG_SYSCTL
44 #include <linux/sysctl.h>
45 #endif
46
47 #include <linux/inet.h>
48 #include <linux/netdevice.h>
49 #include <linux/icmpv6.h>
50
51 #include <net/ip.h>
52 #include <net/sock.h>
53
54 #include <net/ipv6.h>
55 #include <net/ip6_checksum.h>
56 #include <net/ping.h>
57 #include <net/protocol.h>
58 #include <net/raw.h>
59 #include <net/rawv6.h>
60 #include <net/transp_v6.h>
61 #include <net/ip6_route.h>
62 #include <net/addrconf.h>
63 #include <net/icmp.h>
64 #include <net/xfrm.h>
65 #include <net/inet_common.h>
66 #include <net/dsfield.h>
67 #include <net/l3mdev.h>
68
69 #include <linux/uaccess.h>
70
71 /*
72 * The ICMP socket(s). This is the most convenient way to flow control
73 * our ICMP output as well as maintain a clean interface throughout
74 * all layers. All Socketless IP sends will soon be gone.
75 *
76 * On SMP we have one ICMP socket per-cpu.
77 */
78 static inline struct sock *icmpv6_sk(struct net *net)
79 {
80 return *this_cpu_ptr(net->ipv6.icmp_sk);
81 }
82
83 static int icmpv6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
84 u8 type, u8 code, int offset, __be32 info)
85 {
86 /* icmpv6_notify checks 8 bytes can be pulled, icmp6hdr is 8 bytes */
87 struct icmp6hdr *icmp6 = (struct icmp6hdr *) (skb->data + offset);
88 struct net *net = dev_net(skb->dev);
89
90 if (type == ICMPV6_PKT_TOOBIG)
91 ip6_update_pmtu(skb, net, info, skb->dev->ifindex, 0, sock_net_uid(net, NULL));
92 else if (type == NDISC_REDIRECT)
93 ip6_redirect(skb, net, skb->dev->ifindex, 0,
94 sock_net_uid(net, NULL));
95
96 if (!(type & ICMPV6_INFOMSG_MASK))
97 if (icmp6->icmp6_type == ICMPV6_ECHO_REQUEST)
98 ping_err(skb, offset, ntohl(info));
99
100 return 0;
101 }
102
103 static int icmpv6_rcv(struct sk_buff *skb);
104
105 static const struct inet6_protocol icmpv6_protocol = {
106 .handler = icmpv6_rcv,
107 .err_handler = icmpv6_err,
108 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
109 };
110
111 /* Called with BH disabled */
112 static __inline__ struct sock *icmpv6_xmit_lock(struct net *net)
113 {
114 struct sock *sk;
115
116 sk = icmpv6_sk(net);
117 if (unlikely(!spin_trylock(&sk->sk_lock.slock))) {
118 /* This can happen if the output path (f.e. SIT or
119 * ip6ip6 tunnel) signals dst_link_failure() for an
120 * outgoing ICMP6 packet.
121 */
122 return NULL;
123 }
124 return sk;
125 }
126
127 static __inline__ void icmpv6_xmit_unlock(struct sock *sk)
128 {
129 spin_unlock(&sk->sk_lock.slock);
130 }
131
132 /*
133 * Figure out, may we reply to this packet with icmp error.
134 *
135 * We do not reply, if:
136 * - it was icmp error message.
137 * - it is truncated, so that it is known, that protocol is ICMPV6
138 * (i.e. in the middle of some exthdr)
139 *
140 * --ANK (980726)
141 */
142
143 static bool is_ineligible(const struct sk_buff *skb)
144 {
145 int ptr = (u8 *)(ipv6_hdr(skb) + 1) - skb->data;
146 int len = skb->len - ptr;
147 __u8 nexthdr = ipv6_hdr(skb)->nexthdr;
148 __be16 frag_off;
149
150 if (len < 0)
151 return true;
152
153 ptr = ipv6_skip_exthdr(skb, ptr, &nexthdr, &frag_off);
154 if (ptr < 0)
155 return false;
156 if (nexthdr == IPPROTO_ICMPV6) {
157 u8 _type, *tp;
158 tp = skb_header_pointer(skb,
159 ptr+offsetof(struct icmp6hdr, icmp6_type),
160 sizeof(_type), &_type);
161 if (!tp || !(*tp & ICMPV6_INFOMSG_MASK))
162 return true;
163 }
164 return false;
165 }
166
167 static bool icmpv6_mask_allow(struct net *net, int type)
168 {
169 if (type > ICMPV6_MSG_MAX)
170 return true;
171
172 /* Limit if icmp type is set in ratemask. */
173 if (!test_bit(type, net->ipv6.sysctl.icmpv6_ratemask))
174 return true;
175
176 return false;
177 }
178
179 static bool icmpv6_global_allow(struct net *net, int type)
180 {
181 if (icmpv6_mask_allow(net, type))
182 return true;
183
184 if (icmp_global_allow())
185 return true;
186
187 return false;
188 }
189
190 /*
191 * Check the ICMP output rate limit
192 */
193 static bool icmpv6_xrlim_allow(struct sock *sk, u8 type,
194 struct flowi6 *fl6)
195 {
196 struct net *net = sock_net(sk);
197 struct dst_entry *dst;
198 bool res = false;
199
200 if (icmpv6_mask_allow(net, type))
201 return true;
202
203 /*
204 * Look up the output route.
205 * XXX: perhaps the expire for routing entries cloned by
206 * this lookup should be more aggressive (not longer than timeout).
207 */
208 dst = ip6_route_output(net, sk, fl6);
209 if (dst->error) {
210 IP6_INC_STATS(net, ip6_dst_idev(dst),
211 IPSTATS_MIB_OUTNOROUTES);
212 } else if (dst->dev && (dst->dev->flags&IFF_LOOPBACK)) {
213 res = true;
214 } else {
215 struct rt6_info *rt = (struct rt6_info *)dst;
216 int tmo = net->ipv6.sysctl.icmpv6_time;
217 struct inet_peer *peer;
218
219 /* Give more bandwidth to wider prefixes. */
220 if (rt->rt6i_dst.plen < 128)
221 tmo >>= ((128 - rt->rt6i_dst.plen)>>5);
222
223 peer = inet_getpeer_v6(net->ipv6.peers, &fl6->daddr, 1);
224 res = inet_peer_xrlim_allow(peer, tmo);
225 if (peer)
226 inet_putpeer(peer);
227 }
228 dst_release(dst);
229 return res;
230 }
231
232 /*
233 * an inline helper for the "simple" if statement below
234 * checks if parameter problem report is caused by an
235 * unrecognized IPv6 option that has the Option Type
236 * highest-order two bits set to 10
237 */
238
239 static bool opt_unrec(struct sk_buff *skb, __u32 offset)
240 {
241 u8 _optval, *op;
242
243 offset += skb_network_offset(skb);
244 op = skb_header_pointer(skb, offset, sizeof(_optval), &_optval);
245 if (!op)
246 return true;
247 return (*op & 0xC0) == 0x80;
248 }
249
250 void icmpv6_push_pending_frames(struct sock *sk, struct flowi6 *fl6,
251 struct icmp6hdr *thdr, int len)
252 {
253 struct sk_buff *skb;
254 struct icmp6hdr *icmp6h;
255
256 skb = skb_peek(&sk->sk_write_queue);
257 if (!skb)
258 return;
259
260 icmp6h = icmp6_hdr(skb);
261 memcpy(icmp6h, thdr, sizeof(struct icmp6hdr));
262 icmp6h->icmp6_cksum = 0;
263
264 if (skb_queue_len(&sk->sk_write_queue) == 1) {
265 skb->csum = csum_partial(icmp6h,
266 sizeof(struct icmp6hdr), skb->csum);
267 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr,
268 &fl6->daddr,
269 len, fl6->flowi6_proto,
270 skb->csum);
271 } else {
272 __wsum tmp_csum = 0;
273
274 skb_queue_walk(&sk->sk_write_queue, skb) {
275 tmp_csum = csum_add(tmp_csum, skb->csum);
276 }
277
278 tmp_csum = csum_partial(icmp6h,
279 sizeof(struct icmp6hdr), tmp_csum);
280 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr,
281 &fl6->daddr,
282 len, fl6->flowi6_proto,
283 tmp_csum);
284 }
285 ip6_push_pending_frames(sk);
286 }
287
288 struct icmpv6_msg {
289 struct sk_buff *skb;
290 int offset;
291 uint8_t type;
292 };
293
294 static int icmpv6_getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb)
295 {
296 struct icmpv6_msg *msg = (struct icmpv6_msg *) from;
297 struct sk_buff *org_skb = msg->skb;
298 __wsum csum = 0;
299
300 csum = skb_copy_and_csum_bits(org_skb, msg->offset + offset,
301 to, len, csum);
302 skb->csum = csum_block_add(skb->csum, csum, odd);
303 if (!(msg->type & ICMPV6_INFOMSG_MASK))
304 nf_ct_attach(skb, org_skb);
305 return 0;
306 }
307
308 #if IS_ENABLED(CONFIG_IPV6_MIP6)
309 static void mip6_addr_swap(struct sk_buff *skb)
310 {
311 struct ipv6hdr *iph = ipv6_hdr(skb);
312 struct inet6_skb_parm *opt = IP6CB(skb);
313 struct ipv6_destopt_hao *hao;
314 struct in6_addr tmp;
315 int off;
316
317 if (opt->dsthao) {
318 off = ipv6_find_tlv(skb, opt->dsthao, IPV6_TLV_HAO);
319 if (likely(off >= 0)) {
320 hao = (struct ipv6_destopt_hao *)
321 (skb_network_header(skb) + off);
322 tmp = iph->saddr;
323 iph->saddr = hao->addr;
324 hao->addr = tmp;
325 }
326 }
327 }
328 #else
329 static inline void mip6_addr_swap(struct sk_buff *skb) {}
330 #endif
331
332 static struct dst_entry *icmpv6_route_lookup(struct net *net,
333 struct sk_buff *skb,
334 struct sock *sk,
335 struct flowi6 *fl6)
336 {
337 struct dst_entry *dst, *dst2;
338 struct flowi6 fl2;
339 int err;
340
341 err = ip6_dst_lookup(net, sk, &dst, fl6);
342 if (err)
343 return ERR_PTR(err);
344
345 /*
346 * We won't send icmp if the destination is known
347 * anycast.
348 */
349 if (ipv6_anycast_destination(dst, &fl6->daddr)) {
350 net_dbg_ratelimited("icmp6_send: acast source\n");
351 dst_release(dst);
352 return ERR_PTR(-EINVAL);
353 }
354
355 /* No need to clone since we're just using its address. */
356 dst2 = dst;
357
358 dst = xfrm_lookup(net, dst, flowi6_to_flowi(fl6), sk, 0);
359 if (!IS_ERR(dst)) {
360 if (dst != dst2)
361 return dst;
362 } else {
363 if (PTR_ERR(dst) == -EPERM)
364 dst = NULL;
365 else
366 return dst;
367 }
368
369 err = xfrm_decode_session_reverse(skb, flowi6_to_flowi(&fl2), AF_INET6);
370 if (err)
371 goto relookup_failed;
372
373 err = ip6_dst_lookup(net, sk, &dst2, &fl2);
374 if (err)
375 goto relookup_failed;
376
377 dst2 = xfrm_lookup(net, dst2, flowi6_to_flowi(&fl2), sk, XFRM_LOOKUP_ICMP);
378 if (!IS_ERR(dst2)) {
379 dst_release(dst);
380 dst = dst2;
381 } else {
382 err = PTR_ERR(dst2);
383 if (err == -EPERM) {
384 dst_release(dst);
385 return dst2;
386 } else
387 goto relookup_failed;
388 }
389
390 relookup_failed:
391 if (dst)
392 return dst;
393 return ERR_PTR(err);
394 }
395
396 static int icmp6_iif(const struct sk_buff *skb)
397 {
398 int iif = skb->dev->ifindex;
399
400 /* for local traffic to local address, skb dev is the loopback
401 * device. Check if there is a dst attached to the skb and if so
402 * get the real device index. Same is needed for replies to a link
403 * local address on a device enslaved to an L3 master device
404 */
405 if (unlikely(iif == LOOPBACK_IFINDEX || netif_is_l3_master(skb->dev))) {
406 const struct rt6_info *rt6 = skb_rt6_info(skb);
407
408 if (rt6)
409 iif = rt6->rt6i_idev->dev->ifindex;
410 }
411
412 return iif;
413 }
414
415 /*
416 * Send an ICMP message in response to a packet in error
417 */
418 static void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info,
419 const struct in6_addr *force_saddr)
420 {
421 struct inet6_dev *idev = NULL;
422 struct ipv6hdr *hdr = ipv6_hdr(skb);
423 struct sock *sk;
424 struct net *net;
425 struct ipv6_pinfo *np;
426 const struct in6_addr *saddr = NULL;
427 struct dst_entry *dst;
428 struct icmp6hdr tmp_hdr;
429 struct flowi6 fl6;
430 struct icmpv6_msg msg;
431 struct ipcm6_cookie ipc6;
432 int iif = 0;
433 int addr_type = 0;
434 int len;
435 u32 mark;
436
437 if ((u8 *)hdr < skb->head ||
438 (skb_network_header(skb) + sizeof(*hdr)) > skb_tail_pointer(skb))
439 return;
440
441 if (!skb->dev)
442 return;
443 net = dev_net(skb->dev);
444 mark = IP6_REPLY_MARK(net, skb->mark);
445 /*
446 * Make sure we respect the rules
447 * i.e. RFC 1885 2.4(e)
448 * Rule (e.1) is enforced by not using icmp6_send
449 * in any code that processes icmp errors.
450 */
451 addr_type = ipv6_addr_type(&hdr->daddr);
452
453 if (ipv6_chk_addr(net, &hdr->daddr, skb->dev, 0) ||
454 ipv6_chk_acast_addr_src(net, skb->dev, &hdr->daddr))
455 saddr = &hdr->daddr;
456
457 /*
458 * Dest addr check
459 */
460
461 if (addr_type & IPV6_ADDR_MULTICAST || skb->pkt_type != PACKET_HOST) {
462 if (type != ICMPV6_PKT_TOOBIG &&
463 !(type == ICMPV6_PARAMPROB &&
464 code == ICMPV6_UNK_OPTION &&
465 (opt_unrec(skb, info))))
466 return;
467
468 saddr = NULL;
469 }
470
471 addr_type = ipv6_addr_type(&hdr->saddr);
472
473 /*
474 * Source addr check
475 */
476
477 if (__ipv6_addr_needs_scope_id(addr_type)) {
478 iif = icmp6_iif(skb);
479 } else {
480 dst = skb_dst(skb);
481 iif = l3mdev_master_ifindex(dst ? dst->dev : skb->dev);
482 }
483
484 /*
485 * Must not send error if the source does not uniquely
486 * identify a single node (RFC2463 Section 2.4).
487 * We check unspecified / multicast addresses here,
488 * and anycast addresses will be checked later.
489 */
490 if ((addr_type == IPV6_ADDR_ANY) || (addr_type & IPV6_ADDR_MULTICAST)) {
491 net_dbg_ratelimited("icmp6_send: addr_any/mcast source [%pI6c > %pI6c]\n",
492 &hdr->saddr, &hdr->daddr);
493 return;
494 }
495
496 /*
497 * Never answer to a ICMP packet.
498 */
499 if (is_ineligible(skb)) {
500 net_dbg_ratelimited("icmp6_send: no reply to icmp error [%pI6c > %pI6c]\n",
501 &hdr->saddr, &hdr->daddr);
502 return;
503 }
504
505 /* Needed by both icmp_global_allow and icmpv6_xmit_lock */
506 local_bh_disable();
507
508 /* Check global sysctl_icmp_msgs_per_sec ratelimit */
509 if (!(skb->dev->flags & IFF_LOOPBACK) && !icmpv6_global_allow(net, type))
510 goto out_bh_enable;
511
512 mip6_addr_swap(skb);
513
514 memset(&fl6, 0, sizeof(fl6));
515 fl6.flowi6_proto = IPPROTO_ICMPV6;
516 fl6.daddr = hdr->saddr;
517 if (force_saddr)
518 saddr = force_saddr;
519 if (saddr)
520 fl6.saddr = *saddr;
521 fl6.flowi6_mark = mark;
522 fl6.flowi6_oif = iif;
523 fl6.fl6_icmp_type = type;
524 fl6.fl6_icmp_code = code;
525 fl6.flowi6_uid = sock_net_uid(net, NULL);
526 fl6.mp_hash = rt6_multipath_hash(net, &fl6, skb, NULL);
527 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
528
529 sk = icmpv6_xmit_lock(net);
530 if (!sk)
531 goto out_bh_enable;
532
533 sk->sk_mark = mark;
534 np = inet6_sk(sk);
535
536 if (!icmpv6_xrlim_allow(sk, type, &fl6))
537 goto out;
538
539 tmp_hdr.icmp6_type = type;
540 tmp_hdr.icmp6_code = code;
541 tmp_hdr.icmp6_cksum = 0;
542 tmp_hdr.icmp6_pointer = htonl(info);
543
544 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
545 fl6.flowi6_oif = np->mcast_oif;
546 else if (!fl6.flowi6_oif)
547 fl6.flowi6_oif = np->ucast_oif;
548
549 ipcm6_init_sk(&ipc6, np);
550 fl6.flowlabel = ip6_make_flowinfo(ipc6.tclass, fl6.flowlabel);
551
552 dst = icmpv6_route_lookup(net, skb, sk, &fl6);
553 if (IS_ERR(dst))
554 goto out;
555
556 ipc6.hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst);
557
558 msg.skb = skb;
559 msg.offset = skb_network_offset(skb);
560 msg.type = type;
561
562 len = skb->len - msg.offset;
563 len = min_t(unsigned int, len, IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(struct icmp6hdr));
564 if (len < 0) {
565 net_dbg_ratelimited("icmp: len problem [%pI6c > %pI6c]\n",
566 &hdr->saddr, &hdr->daddr);
567 goto out_dst_release;
568 }
569
570 rcu_read_lock();
571 idev = __in6_dev_get(skb->dev);
572
573 if (ip6_append_data(sk, icmpv6_getfrag, &msg,
574 len + sizeof(struct icmp6hdr),
575 sizeof(struct icmp6hdr),
576 &ipc6, &fl6, (struct rt6_info *)dst,
577 MSG_DONTWAIT)) {
578 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTERRORS);
579 ip6_flush_pending_frames(sk);
580 } else {
581 icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr,
582 len + sizeof(struct icmp6hdr));
583 }
584 rcu_read_unlock();
585 out_dst_release:
586 dst_release(dst);
587 out:
588 icmpv6_xmit_unlock(sk);
589 out_bh_enable:
590 local_bh_enable();
591 }
592
593 /* Slightly more convenient version of icmp6_send.
594 */
595 void icmpv6_param_prob(struct sk_buff *skb, u8 code, int pos)
596 {
597 icmp6_send(skb, ICMPV6_PARAMPROB, code, pos, NULL);
598 kfree_skb(skb);
599 }
600
601 /* Generate icmpv6 with type/code ICMPV6_DEST_UNREACH/ICMPV6_ADDR_UNREACH
602 * if sufficient data bytes are available
603 * @nhs is the size of the tunnel header(s) :
604 * Either an IPv4 header for SIT encap
605 * an IPv4 header + GRE header for GRE encap
606 */
607 int ip6_err_gen_icmpv6_unreach(struct sk_buff *skb, int nhs, int type,
608 unsigned int data_len)
609 {
610 struct in6_addr temp_saddr;
611 struct rt6_info *rt;
612 struct sk_buff *skb2;
613 u32 info = 0;
614
615 if (!pskb_may_pull(skb, nhs + sizeof(struct ipv6hdr) + 8))
616 return 1;
617
618 /* RFC 4884 (partial) support for ICMP extensions */
619 if (data_len < 128 || (data_len & 7) || skb->len < data_len)
620 data_len = 0;
621
622 skb2 = data_len ? skb_copy(skb, GFP_ATOMIC) : skb_clone(skb, GFP_ATOMIC);
623
624 if (!skb2)
625 return 1;
626
627 skb_dst_drop(skb2);
628 skb_pull(skb2, nhs);
629 skb_reset_network_header(skb2);
630
631 rt = rt6_lookup(dev_net(skb->dev), &ipv6_hdr(skb2)->saddr, NULL, 0,
632 skb, 0);
633
634 if (rt && rt->dst.dev)
635 skb2->dev = rt->dst.dev;
636
637 ipv6_addr_set_v4mapped(ip_hdr(skb)->saddr, &temp_saddr);
638
639 if (data_len) {
640 /* RFC 4884 (partial) support :
641 * insert 0 padding at the end, before the extensions
642 */
643 __skb_push(skb2, nhs);
644 skb_reset_network_header(skb2);
645 memmove(skb2->data, skb2->data + nhs, data_len - nhs);
646 memset(skb2->data + data_len - nhs, 0, nhs);
647 /* RFC 4884 4.5 : Length is measured in 64-bit words,
648 * and stored in reserved[0]
649 */
650 info = (data_len/8) << 24;
651 }
652 if (type == ICMP_TIME_EXCEEDED)
653 icmp6_send(skb2, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT,
654 info, &temp_saddr);
655 else
656 icmp6_send(skb2, ICMPV6_DEST_UNREACH, ICMPV6_ADDR_UNREACH,
657 info, &temp_saddr);
658 if (rt)
659 ip6_rt_put(rt);
660
661 kfree_skb(skb2);
662
663 return 0;
664 }
665 EXPORT_SYMBOL(ip6_err_gen_icmpv6_unreach);
666
667 static void icmpv6_echo_reply(struct sk_buff *skb)
668 {
669 struct net *net = dev_net(skb->dev);
670 struct sock *sk;
671 struct inet6_dev *idev;
672 struct ipv6_pinfo *np;
673 const struct in6_addr *saddr = NULL;
674 struct icmp6hdr *icmph = icmp6_hdr(skb);
675 struct icmp6hdr tmp_hdr;
676 struct flowi6 fl6;
677 struct icmpv6_msg msg;
678 struct dst_entry *dst;
679 struct ipcm6_cookie ipc6;
680 u32 mark = IP6_REPLY_MARK(net, skb->mark);
681 bool acast;
682
683 if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr) &&
684 net->ipv6.sysctl.icmpv6_echo_ignore_multicast)
685 return;
686
687 saddr = &ipv6_hdr(skb)->daddr;
688
689 acast = ipv6_anycast_destination(skb_dst(skb), saddr);
690 if (acast && net->ipv6.sysctl.icmpv6_echo_ignore_anycast)
691 return;
692
693 if (!ipv6_unicast_destination(skb) &&
694 !(net->ipv6.sysctl.anycast_src_echo_reply && acast))
695 saddr = NULL;
696
697 memcpy(&tmp_hdr, icmph, sizeof(tmp_hdr));
698 tmp_hdr.icmp6_type = ICMPV6_ECHO_REPLY;
699
700 memset(&fl6, 0, sizeof(fl6));
701 fl6.flowi6_proto = IPPROTO_ICMPV6;
702 fl6.daddr = ipv6_hdr(skb)->saddr;
703 if (saddr)
704 fl6.saddr = *saddr;
705 fl6.flowi6_oif = icmp6_iif(skb);
706 fl6.fl6_icmp_type = ICMPV6_ECHO_REPLY;
707 fl6.flowi6_mark = mark;
708 fl6.flowi6_uid = sock_net_uid(net, NULL);
709 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
710
711 local_bh_disable();
712 sk = icmpv6_xmit_lock(net);
713 if (!sk)
714 goto out_bh_enable;
715 sk->sk_mark = mark;
716 np = inet6_sk(sk);
717
718 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
719 fl6.flowi6_oif = np->mcast_oif;
720 else if (!fl6.flowi6_oif)
721 fl6.flowi6_oif = np->ucast_oif;
722
723 if (ip6_dst_lookup(net, sk, &dst, &fl6))
724 goto out;
725 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), sk, 0);
726 if (IS_ERR(dst))
727 goto out;
728
729 /* Check the ratelimit */
730 if ((!(skb->dev->flags & IFF_LOOPBACK) && !icmpv6_global_allow(net, ICMPV6_ECHO_REPLY)) ||
731 !icmpv6_xrlim_allow(sk, ICMPV6_ECHO_REPLY, &fl6))
732 goto out_dst_release;
733
734 idev = __in6_dev_get(skb->dev);
735
736 msg.skb = skb;
737 msg.offset = 0;
738 msg.type = ICMPV6_ECHO_REPLY;
739
740 ipcm6_init_sk(&ipc6, np);
741 ipc6.hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst);
742 ipc6.tclass = ipv6_get_dsfield(ipv6_hdr(skb));
743
744 if (ip6_append_data(sk, icmpv6_getfrag, &msg,
745 skb->len + sizeof(struct icmp6hdr),
746 sizeof(struct icmp6hdr), &ipc6, &fl6,
747 (struct rt6_info *)dst, MSG_DONTWAIT)) {
748 __ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTERRORS);
749 ip6_flush_pending_frames(sk);
750 } else {
751 icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr,
752 skb->len + sizeof(struct icmp6hdr));
753 }
754 out_dst_release:
755 dst_release(dst);
756 out:
757 icmpv6_xmit_unlock(sk);
758 out_bh_enable:
759 local_bh_enable();
760 }
761
762 void icmpv6_notify(struct sk_buff *skb, u8 type, u8 code, __be32 info)
763 {
764 const struct inet6_protocol *ipprot;
765 int inner_offset;
766 __be16 frag_off;
767 u8 nexthdr;
768 struct net *net = dev_net(skb->dev);
769
770 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
771 goto out;
772
773 nexthdr = ((struct ipv6hdr *)skb->data)->nexthdr;
774 if (ipv6_ext_hdr(nexthdr)) {
775 /* now skip over extension headers */
776 inner_offset = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr),
777 &nexthdr, &frag_off);
778 if (inner_offset < 0)
779 goto out;
780 } else {
781 inner_offset = sizeof(struct ipv6hdr);
782 }
783
784 /* Checkin header including 8 bytes of inner protocol header. */
785 if (!pskb_may_pull(skb, inner_offset+8))
786 goto out;
787
788 /* BUGGG_FUTURE: we should try to parse exthdrs in this packet.
789 Without this we will not able f.e. to make source routed
790 pmtu discovery.
791 Corresponding argument (opt) to notifiers is already added.
792 --ANK (980726)
793 */
794
795 ipprot = rcu_dereference(inet6_protos[nexthdr]);
796 if (ipprot && ipprot->err_handler)
797 ipprot->err_handler(skb, NULL, type, code, inner_offset, info);
798
799 raw6_icmp_error(skb, nexthdr, type, code, inner_offset, info);
800 return;
801
802 out:
803 __ICMP6_INC_STATS(net, __in6_dev_get(skb->dev), ICMP6_MIB_INERRORS);
804 }
805
806 /*
807 * Handle icmp messages
808 */
809
810 static int icmpv6_rcv(struct sk_buff *skb)
811 {
812 struct net *net = dev_net(skb->dev);
813 struct net_device *dev = skb->dev;
814 struct inet6_dev *idev = __in6_dev_get(dev);
815 const struct in6_addr *saddr, *daddr;
816 struct icmp6hdr *hdr;
817 u8 type;
818 bool success = false;
819
820 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
821 struct sec_path *sp = skb_sec_path(skb);
822 int nh;
823
824 if (!(sp && sp->xvec[sp->len - 1]->props.flags &
825 XFRM_STATE_ICMP))
826 goto drop_no_count;
827
828 if (!pskb_may_pull(skb, sizeof(*hdr) + sizeof(struct ipv6hdr)))
829 goto drop_no_count;
830
831 nh = skb_network_offset(skb);
832 skb_set_network_header(skb, sizeof(*hdr));
833
834 if (!xfrm6_policy_check_reverse(NULL, XFRM_POLICY_IN, skb))
835 goto drop_no_count;
836
837 skb_set_network_header(skb, nh);
838 }
839
840 __ICMP6_INC_STATS(dev_net(dev), idev, ICMP6_MIB_INMSGS);
841
842 saddr = &ipv6_hdr(skb)->saddr;
843 daddr = &ipv6_hdr(skb)->daddr;
844
845 if (skb_checksum_validate(skb, IPPROTO_ICMPV6, ip6_compute_pseudo)) {
846 net_dbg_ratelimited("ICMPv6 checksum failed [%pI6c > %pI6c]\n",
847 saddr, daddr);
848 goto csum_error;
849 }
850
851 if (!pskb_pull(skb, sizeof(*hdr)))
852 goto discard_it;
853
854 hdr = icmp6_hdr(skb);
855
856 type = hdr->icmp6_type;
857
858 ICMP6MSGIN_INC_STATS(dev_net(dev), idev, type);
859
860 switch (type) {
861 case ICMPV6_ECHO_REQUEST:
862 if (!net->ipv6.sysctl.icmpv6_echo_ignore_all)
863 icmpv6_echo_reply(skb);
864 break;
865
866 case ICMPV6_ECHO_REPLY:
867 success = ping_rcv(skb);
868 break;
869
870 case ICMPV6_PKT_TOOBIG:
871 /* BUGGG_FUTURE: if packet contains rthdr, we cannot update
872 standard destination cache. Seems, only "advanced"
873 destination cache will allow to solve this problem
874 --ANK (980726)
875 */
876 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
877 goto discard_it;
878 hdr = icmp6_hdr(skb);
879
880 /* to notify */
881 /* fall through */
882 case ICMPV6_DEST_UNREACH:
883 case ICMPV6_TIME_EXCEED:
884 case ICMPV6_PARAMPROB:
885 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu);
886 break;
887
888 case NDISC_ROUTER_SOLICITATION:
889 case NDISC_ROUTER_ADVERTISEMENT:
890 case NDISC_NEIGHBOUR_SOLICITATION:
891 case NDISC_NEIGHBOUR_ADVERTISEMENT:
892 case NDISC_REDIRECT:
893 ndisc_rcv(skb);
894 break;
895
896 case ICMPV6_MGM_QUERY:
897 igmp6_event_query(skb);
898 break;
899
900 case ICMPV6_MGM_REPORT:
901 igmp6_event_report(skb);
902 break;
903
904 case ICMPV6_MGM_REDUCTION:
905 case ICMPV6_NI_QUERY:
906 case ICMPV6_NI_REPLY:
907 case ICMPV6_MLD2_REPORT:
908 case ICMPV6_DHAAD_REQUEST:
909 case ICMPV6_DHAAD_REPLY:
910 case ICMPV6_MOBILE_PREFIX_SOL:
911 case ICMPV6_MOBILE_PREFIX_ADV:
912 break;
913
914 default:
915 /* informational */
916 if (type & ICMPV6_INFOMSG_MASK)
917 break;
918
919 net_dbg_ratelimited("icmpv6: msg of unknown type [%pI6c > %pI6c]\n",
920 saddr, daddr);
921
922 /*
923 * error of unknown type.
924 * must pass to upper level
925 */
926
927 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu);
928 }
929
930 /* until the v6 path can be better sorted assume failure and
931 * preserve the status quo behaviour for the rest of the paths to here
932 */
933 if (success)
934 consume_skb(skb);
935 else
936 kfree_skb(skb);
937
938 return 0;
939
940 csum_error:
941 __ICMP6_INC_STATS(dev_net(dev), idev, ICMP6_MIB_CSUMERRORS);
942 discard_it:
943 __ICMP6_INC_STATS(dev_net(dev), idev, ICMP6_MIB_INERRORS);
944 drop_no_count:
945 kfree_skb(skb);
946 return 0;
947 }
948
949 void icmpv6_flow_init(struct sock *sk, struct flowi6 *fl6,
950 u8 type,
951 const struct in6_addr *saddr,
952 const struct in6_addr *daddr,
953 int oif)
954 {
955 memset(fl6, 0, sizeof(*fl6));
956 fl6->saddr = *saddr;
957 fl6->daddr = *daddr;
958 fl6->flowi6_proto = IPPROTO_ICMPV6;
959 fl6->fl6_icmp_type = type;
960 fl6->fl6_icmp_code = 0;
961 fl6->flowi6_oif = oif;
962 security_sk_classify_flow(sk, flowi6_to_flowi(fl6));
963 }
964
965 static void __net_exit icmpv6_sk_exit(struct net *net)
966 {
967 int i;
968
969 for_each_possible_cpu(i)
970 inet_ctl_sock_destroy(*per_cpu_ptr(net->ipv6.icmp_sk, i));
971 free_percpu(net->ipv6.icmp_sk);
972 }
973
974 static int __net_init icmpv6_sk_init(struct net *net)
975 {
976 struct sock *sk;
977 int err, i;
978
979 net->ipv6.icmp_sk = alloc_percpu(struct sock *);
980 if (!net->ipv6.icmp_sk)
981 return -ENOMEM;
982
983 for_each_possible_cpu(i) {
984 err = inet_ctl_sock_create(&sk, PF_INET6,
985 SOCK_RAW, IPPROTO_ICMPV6, net);
986 if (err < 0) {
987 pr_err("Failed to initialize the ICMP6 control socket (err %d)\n",
988 err);
989 goto fail;
990 }
991
992 *per_cpu_ptr(net->ipv6.icmp_sk, i) = sk;
993
994 /* Enough space for 2 64K ICMP packets, including
995 * sk_buff struct overhead.
996 */
997 sk->sk_sndbuf = 2 * SKB_TRUESIZE(64 * 1024);
998 }
999 return 0;
1000
1001 fail:
1002 icmpv6_sk_exit(net);
1003 return err;
1004 }
1005
1006 static struct pernet_operations icmpv6_sk_ops = {
1007 .init = icmpv6_sk_init,
1008 .exit = icmpv6_sk_exit,
1009 };
1010
1011 int __init icmpv6_init(void)
1012 {
1013 int err;
1014
1015 err = register_pernet_subsys(&icmpv6_sk_ops);
1016 if (err < 0)
1017 return err;
1018
1019 err = -EAGAIN;
1020 if (inet6_add_protocol(&icmpv6_protocol, IPPROTO_ICMPV6) < 0)
1021 goto fail;
1022
1023 err = inet6_register_icmp_sender(icmp6_send);
1024 if (err)
1025 goto sender_reg_err;
1026 return 0;
1027
1028 sender_reg_err:
1029 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6);
1030 fail:
1031 pr_err("Failed to register ICMP6 protocol\n");
1032 unregister_pernet_subsys(&icmpv6_sk_ops);
1033 return err;
1034 }
1035
1036 void icmpv6_cleanup(void)
1037 {
1038 inet6_unregister_icmp_sender(icmp6_send);
1039 unregister_pernet_subsys(&icmpv6_sk_ops);
1040 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6);
1041 }
1042
1043
1044 static const struct icmp6_err {
1045 int err;
1046 int fatal;
1047 } tab_unreach[] = {
1048 { /* NOROUTE */
1049 .err = ENETUNREACH,
1050 .fatal = 0,
1051 },
1052 { /* ADM_PROHIBITED */
1053 .err = EACCES,
1054 .fatal = 1,
1055 },
1056 { /* Was NOT_NEIGHBOUR, now reserved */
1057 .err = EHOSTUNREACH,
1058 .fatal = 0,
1059 },
1060 { /* ADDR_UNREACH */
1061 .err = EHOSTUNREACH,
1062 .fatal = 0,
1063 },
1064 { /* PORT_UNREACH */
1065 .err = ECONNREFUSED,
1066 .fatal = 1,
1067 },
1068 { /* POLICY_FAIL */
1069 .err = EACCES,
1070 .fatal = 1,
1071 },
1072 { /* REJECT_ROUTE */
1073 .err = EACCES,
1074 .fatal = 1,
1075 },
1076 };
1077
1078 int icmpv6_err_convert(u8 type, u8 code, int *err)
1079 {
1080 int fatal = 0;
1081
1082 *err = EPROTO;
1083
1084 switch (type) {
1085 case ICMPV6_DEST_UNREACH:
1086 fatal = 1;
1087 if (code < ARRAY_SIZE(tab_unreach)) {
1088 *err = tab_unreach[code].err;
1089 fatal = tab_unreach[code].fatal;
1090 }
1091 break;
1092
1093 case ICMPV6_PKT_TOOBIG:
1094 *err = EMSGSIZE;
1095 break;
1096
1097 case ICMPV6_PARAMPROB:
1098 *err = EPROTO;
1099 fatal = 1;
1100 break;
1101
1102 case ICMPV6_TIME_EXCEED:
1103 *err = EHOSTUNREACH;
1104 break;
1105 }
1106
1107 return fatal;
1108 }
1109 EXPORT_SYMBOL(icmpv6_err_convert);
1110
1111 #ifdef CONFIG_SYSCTL
1112 static struct ctl_table ipv6_icmp_table_template[] = {
1113 {
1114 .procname = "ratelimit",
1115 .data = &init_net.ipv6.sysctl.icmpv6_time,
1116 .maxlen = sizeof(int),
1117 .mode = 0644,
1118 .proc_handler = proc_dointvec_ms_jiffies,
1119 },
1120 {
1121 .procname = "echo_ignore_all",
1122 .data = &init_net.ipv6.sysctl.icmpv6_echo_ignore_all,
1123 .maxlen = sizeof(int),
1124 .mode = 0644,
1125 .proc_handler = proc_dointvec,
1126 },
1127 {
1128 .procname = "echo_ignore_multicast",
1129 .data = &init_net.ipv6.sysctl.icmpv6_echo_ignore_multicast,
1130 .maxlen = sizeof(int),
1131 .mode = 0644,
1132 .proc_handler = proc_dointvec,
1133 },
1134 {
1135 .procname = "echo_ignore_anycast",
1136 .data = &init_net.ipv6.sysctl.icmpv6_echo_ignore_anycast,
1137 .maxlen = sizeof(int),
1138 .mode = 0644,
1139 .proc_handler = proc_dointvec,
1140 },
1141 {
1142 .procname = "ratemask",
1143 .data = &init_net.ipv6.sysctl.icmpv6_ratemask_ptr,
1144 .maxlen = ICMPV6_MSG_MAX + 1,
1145 .mode = 0644,
1146 .proc_handler = proc_do_large_bitmap,
1147 },
1148 { },
1149 };
1150
1151 struct ctl_table * __net_init ipv6_icmp_sysctl_init(struct net *net)
1152 {
1153 struct ctl_table *table;
1154
1155 table = kmemdup(ipv6_icmp_table_template,
1156 sizeof(ipv6_icmp_table_template),
1157 GFP_KERNEL);
1158
1159 if (table) {
1160 table[0].data = &net->ipv6.sysctl.icmpv6_time;
1161 table[1].data = &net->ipv6.sysctl.icmpv6_echo_ignore_all;
1162 table[2].data = &net->ipv6.sysctl.icmpv6_echo_ignore_multicast;
1163 table[3].data = &net->ipv6.sysctl.icmpv6_echo_ignore_anycast;
1164 table[4].data = &net->ipv6.sysctl.icmpv6_ratemask_ptr;
1165 }
1166 return table;
1167 }
1168 #endif
Ubuntu combined Linux kernel mirror