]> git.proxmox.com Git - mirror_qemu.git/blob - slirp/src/ip_icmp.c
projects / mirror_qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge tag 'pull-maintainer-may24-160524-2' of https://gitlab.com/stsquad/qemu into...
[mirror_qemu.git] / slirp / src / ip_icmp.c
1 /* SPDX-License-Identifier: BSD-3-Clause */
2 /*
3 * Copyright (c) 1982, 1986, 1988, 1993
4 * The Regents of the University of California. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 * 3. Neither the name of the University nor the names of its contributors
15 * may be used to endorse or promote products derived from this software
16 * without specific prior written permission.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
19 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
22 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28 * SUCH DAMAGE.
29 *
30 * @(#)ip_icmp.c 8.2 (Berkeley) 1/4/94
31 * ip_icmp.c,v 1.7 1995/05/30 08:09:42 rgrimes Exp
32 */
33
34 #include "slirp.h"
35 #include "ip_icmp.h"
36
37 #ifndef WITH_ICMP_ERROR_MSG
38 #define WITH_ICMP_ERROR_MSG 0
39 #endif
40
41 /* The message sent when emulating PING */
42 /* Be nice and tell them it's just a pseudo-ping packet */
43 static const char icmp_ping_msg[] = "This is a pseudo-PING packet used by Slirp to emulate ICMP ECHO-REQUEST packets.\n";
44
45 /* list of actions for icmp_send_error() on RX of an icmp message */
46 static const int icmp_flush[19] = {
47 /* ECHO REPLY (0) */ 0,
48 1,
49 1,
50 /* DEST UNREACH (3) */ 1,
51 /* SOURCE QUENCH (4)*/ 1,
52 /* REDIRECT (5) */ 1,
53 1,
54 1,
55 /* ECHO (8) */ 0,
56 /* ROUTERADVERT (9) */ 1,
57 /* ROUTERSOLICIT (10) */ 1,
58 /* TIME EXCEEDED (11) */ 1,
59 /* PARAMETER PROBLEM (12) */ 1,
60 /* TIMESTAMP (13) */ 0,
61 /* TIMESTAMP REPLY (14) */ 0,
62 /* INFO (15) */ 0,
63 /* INFO REPLY (16) */ 0,
64 /* ADDR MASK (17) */ 0,
65 /* ADDR MASK REPLY (18) */ 0
66 };
67
68 void icmp_init(Slirp *slirp)
69 {
70 slirp->icmp.so_next = slirp->icmp.so_prev = &slirp->icmp;
71 slirp->icmp_last_so = &slirp->icmp;
72 }
73
74 void icmp_cleanup(Slirp *slirp)
75 {
76 while (slirp->icmp.so_next != &slirp->icmp) {
77 icmp_detach(slirp->icmp.so_next);
78 }
79 }
80
81 static int icmp_send(struct socket *so, struct mbuf *m, int hlen)
82 {
83 struct ip *ip = mtod(m, struct ip *);
84 struct sockaddr_in addr;
85
86 so->s = slirp_socket(AF_INET, SOCK_DGRAM, IPPROTO_ICMP);
87 if (so->s == -1) {
88 return -1;
89 }
90
91 so->so_m = m;
92 so->so_faddr = ip->ip_dst;
93 so->so_laddr = ip->ip_src;
94 so->so_iptos = ip->ip_tos;
95 so->so_type = IPPROTO_ICMP;
96 so->so_state = SS_ISFCONNECTED;
97 so->so_expire = curtime + SO_EXPIRE;
98
99 addr.sin_family = AF_INET;
100 addr.sin_addr = so->so_faddr;
101
102 insque(so, &so->slirp->icmp);
103
104 if (sendto(so->s, m->m_data + hlen, m->m_len - hlen, 0,
105 (struct sockaddr *)&addr, sizeof(addr)) == -1) {
106 DEBUG_MISC("icmp_input icmp sendto tx errno = %d-%s",
107 errno, strerror(errno));
108 icmp_send_error(m, ICMP_UNREACH, ICMP_UNREACH_NET, 0, strerror(errno));
109 icmp_detach(so);
110 }
111
112 return 0;
113 }
114
115 void icmp_detach(struct socket *so)
116 {
117 so->slirp->cb->unregister_poll_fd(so->s, so->slirp->opaque);
118 closesocket(so->s);
119 sofree(so);
120 }
121
122 /*
123 * Process a received ICMP message.
124 */
125 void
126 icmp_input(struct mbuf *m, int hlen)
127 {
128 register struct icmp *icp;
129 register struct ip *ip=mtod(m, struct ip *);
130 int icmplen=ip->ip_len;
131 Slirp *slirp = m->slirp;
132
133 DEBUG_CALL("icmp_input");
134 DEBUG_ARG("m = %p", m);
135 DEBUG_ARG("m_len = %d", m->m_len);
136
137 /*
138 * Locate icmp structure in mbuf, and check
139 * that its not corrupted and of at least minimum length.
140 */
141 if (icmplen < ICMP_MINLEN) { /* min 8 bytes payload */
142 freeit:
143 m_free(m);
144 goto end_error;
145 }
146
147 m->m_len -= hlen;
148 m->m_data += hlen;
149 icp = mtod(m, struct icmp *);
150 if (cksum(m, icmplen)) {
151 goto freeit;
152 }
153 m->m_len += hlen;
154 m->m_data -= hlen;
155
156 DEBUG_ARG("icmp_type = %d", icp->icmp_type);
157 switch (icp->icmp_type) {
158 case ICMP_ECHO:
159 ip->ip_len += hlen; /* since ip_input subtracts this */
160 if (ip->ip_dst.s_addr == slirp->vhost_addr.s_addr ||
161 ip->ip_dst.s_addr == slirp->vnameserver_addr.s_addr) {
162 icmp_reflect(m);
163 } else if (slirp->restricted) {
164 goto freeit;
165 } else {
166 struct socket *so;
167 struct sockaddr_storage addr;
168 so = socreate(slirp);
169 if (icmp_send(so, m, hlen) == 0) {
170 return;
171 }
172 if (udp_attach(so, AF_INET) == -1) {
173 DEBUG_MISC("icmp_input udp_attach errno = %d-%s",
174 errno,strerror(errno));
175 sofree(so);
176 m_free(m);
177 goto end_error;
178 }
179 so->so_m = m;
180 so->so_ffamily = AF_INET;
181 so->so_faddr = ip->ip_dst;
182 so->so_fport = htons(7);
183 so->so_lfamily = AF_INET;
184 so->so_laddr = ip->ip_src;
185 so->so_lport = htons(9);
186 so->so_iptos = ip->ip_tos;
187 so->so_type = IPPROTO_ICMP;
188 so->so_state = SS_ISFCONNECTED;
189
190 /* Send the packet */
191 addr = so->fhost.ss;
192 sotranslate_out(so, &addr);
193
194 if(sendto(so->s, icmp_ping_msg, strlen(icmp_ping_msg), 0,
195 (struct sockaddr *)&addr, sockaddr_size(&addr)) == -1) {
196 DEBUG_MISC("icmp_input udp sendto tx errno = %d-%s",
197 errno,strerror(errno));
198 icmp_send_error(m, ICMP_UNREACH, ICMP_UNREACH_NET, 0, strerror(errno));
199 udp_detach(so);
200 }
201 } /* if ip->ip_dst.s_addr == alias_addr.s_addr */
202 break;
203 case ICMP_UNREACH:
204 /* XXX? report error? close socket? */
205 case ICMP_TIMXCEED:
206 case ICMP_PARAMPROB:
207 case ICMP_SOURCEQUENCH:
208 case ICMP_TSTAMP:
209 case ICMP_MASKREQ:
210 case ICMP_REDIRECT:
211 m_free(m);
212 break;
213
214 default:
215 m_free(m);
216 } /* swith */
217
218 end_error:
219 /* m is m_free()'d xor put in a socket xor or given to ip_send */
220 return;
221 }
222
223
224 /*
225 * Send an ICMP message in response to a situation
226 *
227 * RFC 1122: 3.2.2 MUST send at least the IP header and 8 bytes of header. MAY send more (we do).
228 * MUST NOT change this header information.
229 * MUST NOT reply to a multicast/broadcast IP address.
230 * MUST NOT reply to a multicast/broadcast MAC address.
231 * MUST reply to only the first fragment.
232 */
233 /*
234 * Send ICMP_UNREACH back to the source regarding msrc.
235 * mbuf *msrc is used as a template, but is NOT m_free()'d.
236 * It is reported as the bad ip packet. The header should
237 * be fully correct and in host byte order.
238 * ICMP fragmentation is illegal. All machines must accept 576 bytes in one
239 * packet. The maximum payload is 576-20(ip hdr)-8(icmp hdr)=548
240 */
241
242 #define ICMP_MAXDATALEN (IP_MSS-28)
243 void
244 icmp_send_error(struct mbuf *msrc, uint8_t type, uint8_t code, int minsize,
245 const char *message)
246 {
247 unsigned hlen, shlen, s_ip_len;
248 register struct ip *ip;
249 register struct icmp *icp;
250 register struct mbuf *m;
251
252 DEBUG_CALL("icmp_send_error");
253 DEBUG_ARG("msrc = %p", msrc);
254 DEBUG_ARG("msrc_len = %d", msrc->m_len);
255
256 if(type!=ICMP_UNREACH && type!=ICMP_TIMXCEED) goto end_error;
257
258 /* check msrc */
259 if(!msrc) goto end_error;
260 ip = mtod(msrc, struct ip *);
261 if (slirp_debug & DBG_MISC) {
262 char bufa[20], bufb[20];
263 strcpy(bufa, inet_ntoa(ip->ip_src));
264 strcpy(bufb, inet_ntoa(ip->ip_dst));
265 DEBUG_MISC(" %.16s to %.16s", bufa, bufb);
266 }
267 if(ip->ip_off & IP_OFFMASK) goto end_error; /* Only reply to fragment 0 */
268
269 /* Do not reply to source-only IPs */
270 if ((ip->ip_src.s_addr & htonl(~(0xf << 28))) == 0) {
271 goto end_error;
272 }
273
274 shlen=ip->ip_hl << 2;
275 s_ip_len=ip->ip_len;
276 if(ip->ip_p == IPPROTO_ICMP) {
277 icp = (struct icmp *)((char *)ip + shlen);
278 /*
279 * Assume any unknown ICMP type is an error. This isn't
280 * specified by the RFC, but think about it..
281 */
282 if(icp->icmp_type>18 || icmp_flush[icp->icmp_type]) goto end_error;
283 }
284
285 /* make a copy */
286 m = m_get(msrc->slirp);
287 if (!m) {
288 goto end_error;
289 }
290
291 { int new_m_size;
292 new_m_size=sizeof(struct ip )+ICMP_MINLEN+msrc->m_len+ICMP_MAXDATALEN;
293 if(new_m_size>m->m_size) m_inc(m, new_m_size);
294 }
295 memcpy(m->m_data, msrc->m_data, msrc->m_len);
296 m->m_len = msrc->m_len; /* copy msrc to m */
297
298 /* make the header of the reply packet */
299 ip = mtod(m, struct ip *);
300 hlen= sizeof(struct ip ); /* no options in reply */
301
302 /* fill in icmp */
303 m->m_data += hlen;
304 m->m_len -= hlen;
305
306 icp = mtod(m, struct icmp *);
307
308 if(minsize) s_ip_len=shlen+ICMP_MINLEN; /* return header+8b only */
309 else if(s_ip_len>ICMP_MAXDATALEN) /* maximum size */
310 s_ip_len=ICMP_MAXDATALEN;
311
312 m->m_len=ICMP_MINLEN+s_ip_len; /* 8 bytes ICMP header */
313
314 /* min. size = 8+sizeof(struct ip)+8 */
315
316 icp->icmp_type = type;
317 icp->icmp_code = code;
318 icp->icmp_id = 0;
319 icp->icmp_seq = 0;
320
321 memcpy(&icp->icmp_ip, msrc->m_data, s_ip_len); /* report the ip packet */
322 HTONS(icp->icmp_ip.ip_len);
323 HTONS(icp->icmp_ip.ip_id);
324 HTONS(icp->icmp_ip.ip_off);
325
326 if (message && WITH_ICMP_ERROR_MSG) { /* append message to ICMP packet */
327 int message_len;
328 char *cpnt;
329 message_len=strlen(message);
330 if(message_len>ICMP_MAXDATALEN) message_len=ICMP_MAXDATALEN;
331 cpnt=(char *)m->m_data+m->m_len;
332 memcpy(cpnt, message, message_len);
333 m->m_len+=message_len;
334 }
335
336 icp->icmp_cksum = 0;
337 icp->icmp_cksum = cksum(m, m->m_len);
338
339 m->m_data -= hlen;
340 m->m_len += hlen;
341
342 /* fill in ip */
343 ip->ip_hl = hlen >> 2;
344 ip->ip_len = m->m_len;
345
346 ip->ip_tos=((ip->ip_tos & 0x1E) | 0xC0); /* high priority for errors */
347
348 ip->ip_ttl = MAXTTL;
349 ip->ip_p = IPPROTO_ICMP;
350 ip->ip_dst = ip->ip_src; /* ip addresses */
351 ip->ip_src = m->slirp->vhost_addr;
352
353 (void ) ip_output((struct socket *)NULL, m);
354
355 end_error:
356 return;
357 }
358 #undef ICMP_MAXDATALEN
359
360 /*
361 * Reflect the ip packet back to the source
362 */
363 void
364 icmp_reflect(struct mbuf *m)
365 {
366 register struct ip *ip = mtod(m, struct ip *);
367 int hlen = ip->ip_hl << 2;
368 int optlen = hlen - sizeof(struct ip );
369 register struct icmp *icp;
370
371 /*
372 * Send an icmp packet back to the ip level,
373 * after supplying a checksum.
374 */
375 m->m_data += hlen;
376 m->m_len -= hlen;
377 icp = mtod(m, struct icmp *);
378
379 icp->icmp_type = ICMP_ECHOREPLY;
380 icp->icmp_cksum = 0;
381 icp->icmp_cksum = cksum(m, ip->ip_len - hlen);
382
383 m->m_data -= hlen;
384 m->m_len += hlen;
385
386 /* fill in ip */
387 if (optlen > 0) {
388 /*
389 * Strip out original options by copying rest of first
390 * mbuf's data back, and adjust the IP length.
391 */
392 memmove((char *)(ip + 1), (char *)ip + hlen,
393 (unsigned )(m->m_len - hlen));
394 hlen -= optlen;
395 ip->ip_hl = hlen >> 2;
396 ip->ip_len -= optlen;
397 m->m_len -= optlen;
398 }
399
400 ip->ip_ttl = MAXTTL;
401 { /* swap */
402 struct in_addr icmp_dst;
403 icmp_dst = ip->ip_dst;
404 ip->ip_dst = ip->ip_src;
405 ip->ip_src = icmp_dst;
406 }
407
408 (void ) ip_output((struct socket *)NULL, m);
409 }
410
411 void icmp_receive(struct socket *so)
412 {
413 struct mbuf *m = so->so_m;
414 struct ip *ip = mtod(m, struct ip *);
415 int hlen = ip->ip_hl << 2;
416 uint8_t error_code;
417 struct icmp *icp;
418 int id, len;
419
420 m->m_data += hlen;
421 m->m_len -= hlen;
422 icp = mtod(m, struct icmp *);
423
424 id = icp->icmp_id;
425 len = recv(so->s, icp, M_ROOM(m), 0);
426 /*
427 * The behavior of reading SOCK_DGRAM+IPPROTO_ICMP sockets is inconsistent
428 * between host OSes. On Linux, only the ICMP header and payload is
429 * included. On macOS/Darwin, the socket acts like a raw socket and
430 * includes the IP header as well. On other BSDs, SOCK_DGRAM+IPPROTO_ICMP
431 * sockets aren't supported at all, so we treat them like raw sockets. It
432 * isn't possible to detect this difference at runtime, so we must use an
433 * #ifdef to determine if we need to remove the IP header.
434 */
435 #ifdef CONFIG_BSD
436 if (len >= sizeof(struct ip)) {
437 struct ip *inner_ip = mtod(m, struct ip *);
438 int inner_hlen = inner_ip->ip_hl << 2;
439 if (inner_hlen > len) {
440 len = -1;
441 errno = -EINVAL;
442 } else {
443 len -= inner_hlen;
444 memmove(icp, (unsigned char *)icp + inner_hlen, len);
445 }
446 } else {
447 len = -1;
448 errno = -EINVAL;
449 }
450 #endif
451 icp->icmp_id = id;
452
453 m->m_data -= hlen;
454 m->m_len += hlen;
455
456 if (len == -1 || len == 0) {
457 if (errno == ENETUNREACH) {
458 error_code = ICMP_UNREACH_NET;
459 } else {
460 error_code = ICMP_UNREACH_HOST;
461 }
462 DEBUG_MISC(" udp icmp rx errno = %d-%s", errno,
463 strerror(errno));
464 icmp_send_error(so->so_m, ICMP_UNREACH, error_code, 0, strerror(errno));
465 } else {
466 icmp_reflect(so->so_m);
467 so->so_m = NULL; /* Don't m_free() it again! */
468 }
469 icmp_detach(so);
470 }
QEMU mirror