Loading...
1/*
2 * Internet Control Message Protocol (ICMPv6)
3 * Linux INET6 implementation
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 *
8 * Based on net/ipv4/icmp.c
9 *
10 * RFC 1885
11 *
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version
15 * 2 of the License, or (at your option) any later version.
16 */
17
18/*
19 * Changes:
20 *
21 * Andi Kleen : exception handling
22 * Andi Kleen add rate limits. never reply to a icmp.
23 * add more length checks and other fixes.
24 * yoshfuji : ensure to sent parameter problem for
25 * fragments.
26 * YOSHIFUJI Hideaki @USAGI: added sysctl for icmp rate limit.
27 * Randy Dunlap and
28 * YOSHIFUJI Hideaki @USAGI: Per-interface statistics support
29 * Kazunori MIYAZAWA @USAGI: change output process to use ip6_append_data
30 */
31
32#define pr_fmt(fmt) "IPv6: " fmt
33
34#include <linux/module.h>
35#include <linux/errno.h>
36#include <linux/types.h>
37#include <linux/socket.h>
38#include <linux/in.h>
39#include <linux/kernel.h>
40#include <linux/sockios.h>
41#include <linux/net.h>
42#include <linux/skbuff.h>
43#include <linux/init.h>
44#include <linux/netfilter.h>
45#include <linux/slab.h>
46
47#ifdef CONFIG_SYSCTL
48#include <linux/sysctl.h>
49#endif
50
51#include <linux/inet.h>
52#include <linux/netdevice.h>
53#include <linux/icmpv6.h>
54
55#include <net/ip.h>
56#include <net/sock.h>
57
58#include <net/ipv6.h>
59#include <net/ip6_checksum.h>
60#include <net/ping.h>
61#include <net/protocol.h>
62#include <net/raw.h>
63#include <net/rawv6.h>
64#include <net/transp_v6.h>
65#include <net/ip6_route.h>
66#include <net/addrconf.h>
67#include <net/icmp.h>
68#include <net/xfrm.h>
69#include <net/inet_common.h>
70#include <net/dsfield.h>
71#include <net/l3mdev.h>
72
73#include <asm/uaccess.h>
74
75/*
76 * The ICMP socket(s). This is the most convenient way to flow control
77 * our ICMP output as well as maintain a clean interface throughout
78 * all layers. All Socketless IP sends will soon be gone.
79 *
80 * On SMP we have one ICMP socket per-cpu.
81 */
82static inline struct sock *icmpv6_sk(struct net *net)
83{
84 return net->ipv6.icmp_sk[smp_processor_id()];
85}
86
87static void icmpv6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
88 u8 type, u8 code, int offset, __be32 info)
89{
90 /* icmpv6_notify checks 8 bytes can be pulled, icmp6hdr is 8 bytes */
91 struct icmp6hdr *icmp6 = (struct icmp6hdr *) (skb->data + offset);
92 struct net *net = dev_net(skb->dev);
93
94 if (type == ICMPV6_PKT_TOOBIG)
95 ip6_update_pmtu(skb, net, info, 0, 0);
96 else if (type == NDISC_REDIRECT)
97 ip6_redirect(skb, net, skb->dev->ifindex, 0);
98
99 if (!(type & ICMPV6_INFOMSG_MASK))
100 if (icmp6->icmp6_type == ICMPV6_ECHO_REQUEST)
101 ping_err(skb, offset, info);
102}
103
104static int icmpv6_rcv(struct sk_buff *skb);
105
106static const struct inet6_protocol icmpv6_protocol = {
107 .handler = icmpv6_rcv,
108 .err_handler = icmpv6_err,
109 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
110};
111
112static __inline__ struct sock *icmpv6_xmit_lock(struct net *net)
113{
114 struct sock *sk;
115
116 local_bh_disable();
117
118 sk = icmpv6_sk(net);
119 if (unlikely(!spin_trylock(&sk->sk_lock.slock))) {
120 /* This can happen if the output path (f.e. SIT or
121 * ip6ip6 tunnel) signals dst_link_failure() for an
122 * outgoing ICMP6 packet.
123 */
124 local_bh_enable();
125 return NULL;
126 }
127 return sk;
128}
129
130static __inline__ void icmpv6_xmit_unlock(struct sock *sk)
131{
132 spin_unlock_bh(&sk->sk_lock.slock);
133}
134
135/*
136 * Figure out, may we reply to this packet with icmp error.
137 *
138 * We do not reply, if:
139 * - it was icmp error message.
140 * - it is truncated, so that it is known, that protocol is ICMPV6
141 * (i.e. in the middle of some exthdr)
142 *
143 * --ANK (980726)
144 */
145
146static bool is_ineligible(const struct sk_buff *skb)
147{
148 int ptr = (u8 *)(ipv6_hdr(skb) + 1) - skb->data;
149 int len = skb->len - ptr;
150 __u8 nexthdr = ipv6_hdr(skb)->nexthdr;
151 __be16 frag_off;
152
153 if (len < 0)
154 return true;
155
156 ptr = ipv6_skip_exthdr(skb, ptr, &nexthdr, &frag_off);
157 if (ptr < 0)
158 return false;
159 if (nexthdr == IPPROTO_ICMPV6) {
160 u8 _type, *tp;
161 tp = skb_header_pointer(skb,
162 ptr+offsetof(struct icmp6hdr, icmp6_type),
163 sizeof(_type), &_type);
164 if (!tp || !(*tp & ICMPV6_INFOMSG_MASK))
165 return true;
166 }
167 return false;
168}
169
170/*
171 * Check the ICMP output rate limit
172 */
173static bool icmpv6_xrlim_allow(struct sock *sk, u8 type,
174 struct flowi6 *fl6)
175{
176 struct net *net = sock_net(sk);
177 struct dst_entry *dst;
178 bool res = false;
179
180 /* Informational messages are not limited. */
181 if (type & ICMPV6_INFOMSG_MASK)
182 return true;
183
184 /* Do not limit pmtu discovery, it would break it. */
185 if (type == ICMPV6_PKT_TOOBIG)
186 return true;
187
188 /*
189 * Look up the output route.
190 * XXX: perhaps the expire for routing entries cloned by
191 * this lookup should be more aggressive (not longer than timeout).
192 */
193 dst = ip6_route_output(net, sk, fl6);
194 if (dst->error) {
195 IP6_INC_STATS(net, ip6_dst_idev(dst),
196 IPSTATS_MIB_OUTNOROUTES);
197 } else if (dst->dev && (dst->dev->flags&IFF_LOOPBACK)) {
198 res = true;
199 } else {
200 struct rt6_info *rt = (struct rt6_info *)dst;
201 int tmo = net->ipv6.sysctl.icmpv6_time;
202
203 /* Give more bandwidth to wider prefixes. */
204 if (rt->rt6i_dst.plen < 128)
205 tmo >>= ((128 - rt->rt6i_dst.plen)>>5);
206
207 if (icmp_global_allow()) {
208 struct inet_peer *peer;
209
210 peer = inet_getpeer_v6(net->ipv6.peers,
211 &fl6->daddr, 1);
212 res = inet_peer_xrlim_allow(peer, tmo);
213 if (peer)
214 inet_putpeer(peer);
215 }
216 }
217 dst_release(dst);
218 return res;
219}
220
221/*
222 * an inline helper for the "simple" if statement below
223 * checks if parameter problem report is caused by an
224 * unrecognized IPv6 option that has the Option Type
225 * highest-order two bits set to 10
226 */
227
228static bool opt_unrec(struct sk_buff *skb, __u32 offset)
229{
230 u8 _optval, *op;
231
232 offset += skb_network_offset(skb);
233 op = skb_header_pointer(skb, offset, sizeof(_optval), &_optval);
234 if (!op)
235 return true;
236 return (*op & 0xC0) == 0x80;
237}
238
239int icmpv6_push_pending_frames(struct sock *sk, struct flowi6 *fl6,
240 struct icmp6hdr *thdr, int len)
241{
242 struct sk_buff *skb;
243 struct icmp6hdr *icmp6h;
244 int err = 0;
245
246 skb = skb_peek(&sk->sk_write_queue);
247 if (!skb)
248 goto out;
249
250 icmp6h = icmp6_hdr(skb);
251 memcpy(icmp6h, thdr, sizeof(struct icmp6hdr));
252 icmp6h->icmp6_cksum = 0;
253
254 if (skb_queue_len(&sk->sk_write_queue) == 1) {
255 skb->csum = csum_partial(icmp6h,
256 sizeof(struct icmp6hdr), skb->csum);
257 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr,
258 &fl6->daddr,
259 len, fl6->flowi6_proto,
260 skb->csum);
261 } else {
262 __wsum tmp_csum = 0;
263
264 skb_queue_walk(&sk->sk_write_queue, skb) {
265 tmp_csum = csum_add(tmp_csum, skb->csum);
266 }
267
268 tmp_csum = csum_partial(icmp6h,
269 sizeof(struct icmp6hdr), tmp_csum);
270 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr,
271 &fl6->daddr,
272 len, fl6->flowi6_proto,
273 tmp_csum);
274 }
275 ip6_push_pending_frames(sk);
276out:
277 return err;
278}
279
280struct icmpv6_msg {
281 struct sk_buff *skb;
282 int offset;
283 uint8_t type;
284};
285
286static int icmpv6_getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb)
287{
288 struct icmpv6_msg *msg = (struct icmpv6_msg *) from;
289 struct sk_buff *org_skb = msg->skb;
290 __wsum csum = 0;
291
292 csum = skb_copy_and_csum_bits(org_skb, msg->offset + offset,
293 to, len, csum);
294 skb->csum = csum_block_add(skb->csum, csum, odd);
295 if (!(msg->type & ICMPV6_INFOMSG_MASK))
296 nf_ct_attach(skb, org_skb);
297 return 0;
298}
299
300#if IS_ENABLED(CONFIG_IPV6_MIP6)
301static void mip6_addr_swap(struct sk_buff *skb)
302{
303 struct ipv6hdr *iph = ipv6_hdr(skb);
304 struct inet6_skb_parm *opt = IP6CB(skb);
305 struct ipv6_destopt_hao *hao;
306 struct in6_addr tmp;
307 int off;
308
309 if (opt->dsthao) {
310 off = ipv6_find_tlv(skb, opt->dsthao, IPV6_TLV_HAO);
311 if (likely(off >= 0)) {
312 hao = (struct ipv6_destopt_hao *)
313 (skb_network_header(skb) + off);
314 tmp = iph->saddr;
315 iph->saddr = hao->addr;
316 hao->addr = tmp;
317 }
318 }
319}
320#else
321static inline void mip6_addr_swap(struct sk_buff *skb) {}
322#endif
323
324static struct dst_entry *icmpv6_route_lookup(struct net *net,
325 struct sk_buff *skb,
326 struct sock *sk,
327 struct flowi6 *fl6)
328{
329 struct dst_entry *dst, *dst2;
330 struct flowi6 fl2;
331 int err;
332
333 err = ip6_dst_lookup(net, sk, &dst, fl6);
334 if (err)
335 return ERR_PTR(err);
336
337 /*
338 * We won't send icmp if the destination is known
339 * anycast.
340 */
341 if (ipv6_anycast_destination(dst, &fl6->daddr)) {
342 net_dbg_ratelimited("icmp6_send: acast source\n");
343 dst_release(dst);
344 return ERR_PTR(-EINVAL);
345 }
346
347 /* No need to clone since we're just using its address. */
348 dst2 = dst;
349
350 dst = xfrm_lookup(net, dst, flowi6_to_flowi(fl6), sk, 0);
351 if (!IS_ERR(dst)) {
352 if (dst != dst2)
353 return dst;
354 } else {
355 if (PTR_ERR(dst) == -EPERM)
356 dst = NULL;
357 else
358 return dst;
359 }
360
361 err = xfrm_decode_session_reverse(skb, flowi6_to_flowi(&fl2), AF_INET6);
362 if (err)
363 goto relookup_failed;
364
365 err = ip6_dst_lookup(net, sk, &dst2, &fl2);
366 if (err)
367 goto relookup_failed;
368
369 dst2 = xfrm_lookup(net, dst2, flowi6_to_flowi(&fl2), sk, XFRM_LOOKUP_ICMP);
370 if (!IS_ERR(dst2)) {
371 dst_release(dst);
372 dst = dst2;
373 } else {
374 err = PTR_ERR(dst2);
375 if (err == -EPERM) {
376 dst_release(dst);
377 return dst2;
378 } else
379 goto relookup_failed;
380 }
381
382relookup_failed:
383 if (dst)
384 return dst;
385 return ERR_PTR(err);
386}
387
388/*
389 * Send an ICMP message in response to a packet in error
390 */
391static void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info)
392{
393 struct net *net = dev_net(skb->dev);
394 struct inet6_dev *idev = NULL;
395 struct ipv6hdr *hdr = ipv6_hdr(skb);
396 struct sock *sk;
397 struct ipv6_pinfo *np;
398 const struct in6_addr *saddr = NULL;
399 struct dst_entry *dst;
400 struct icmp6hdr tmp_hdr;
401 struct flowi6 fl6;
402 struct icmpv6_msg msg;
403 int iif = 0;
404 int addr_type = 0;
405 int len;
406 int hlimit;
407 int err = 0;
408 u32 mark = IP6_REPLY_MARK(net, skb->mark);
409
410 if ((u8 *)hdr < skb->head ||
411 (skb_network_header(skb) + sizeof(*hdr)) > skb_tail_pointer(skb))
412 return;
413
414 /*
415 * Make sure we respect the rules
416 * i.e. RFC 1885 2.4(e)
417 * Rule (e.1) is enforced by not using icmp6_send
418 * in any code that processes icmp errors.
419 */
420 addr_type = ipv6_addr_type(&hdr->daddr);
421
422 if (ipv6_chk_addr(net, &hdr->daddr, skb->dev, 0) ||
423 ipv6_chk_acast_addr_src(net, skb->dev, &hdr->daddr))
424 saddr = &hdr->daddr;
425
426 /*
427 * Dest addr check
428 */
429
430 if (addr_type & IPV6_ADDR_MULTICAST || skb->pkt_type != PACKET_HOST) {
431 if (type != ICMPV6_PKT_TOOBIG &&
432 !(type == ICMPV6_PARAMPROB &&
433 code == ICMPV6_UNK_OPTION &&
434 (opt_unrec(skb, info))))
435 return;
436
437 saddr = NULL;
438 }
439
440 addr_type = ipv6_addr_type(&hdr->saddr);
441
442 /*
443 * Source addr check
444 */
445
446 if (__ipv6_addr_needs_scope_id(addr_type))
447 iif = skb->dev->ifindex;
448 else
449 iif = l3mdev_master_ifindex(skb->dev);
450
451 /*
452 * Must not send error if the source does not uniquely
453 * identify a single node (RFC2463 Section 2.4).
454 * We check unspecified / multicast addresses here,
455 * and anycast addresses will be checked later.
456 */
457 if ((addr_type == IPV6_ADDR_ANY) || (addr_type & IPV6_ADDR_MULTICAST)) {
458 net_dbg_ratelimited("icmp6_send: addr_any/mcast source [%pI6c > %pI6c]\n",
459 &hdr->saddr, &hdr->daddr);
460 return;
461 }
462
463 /*
464 * Never answer to a ICMP packet.
465 */
466 if (is_ineligible(skb)) {
467 net_dbg_ratelimited("icmp6_send: no reply to icmp error [%pI6c > %pI6c]\n",
468 &hdr->saddr, &hdr->daddr);
469 return;
470 }
471
472 mip6_addr_swap(skb);
473
474 memset(&fl6, 0, sizeof(fl6));
475 fl6.flowi6_proto = IPPROTO_ICMPV6;
476 fl6.daddr = hdr->saddr;
477 if (saddr)
478 fl6.saddr = *saddr;
479 fl6.flowi6_mark = mark;
480 fl6.flowi6_oif = iif;
481 fl6.fl6_icmp_type = type;
482 fl6.fl6_icmp_code = code;
483 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
484
485 sk = icmpv6_xmit_lock(net);
486 if (!sk)
487 return;
488 sk->sk_mark = mark;
489 np = inet6_sk(sk);
490
491 if (!icmpv6_xrlim_allow(sk, type, &fl6))
492 goto out;
493
494 tmp_hdr.icmp6_type = type;
495 tmp_hdr.icmp6_code = code;
496 tmp_hdr.icmp6_cksum = 0;
497 tmp_hdr.icmp6_pointer = htonl(info);
498
499 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
500 fl6.flowi6_oif = np->mcast_oif;
501 else if (!fl6.flowi6_oif)
502 fl6.flowi6_oif = np->ucast_oif;
503
504 dst = icmpv6_route_lookup(net, skb, sk, &fl6);
505 if (IS_ERR(dst))
506 goto out;
507
508 hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst);
509
510 msg.skb = skb;
511 msg.offset = skb_network_offset(skb);
512 msg.type = type;
513
514 len = skb->len - msg.offset;
515 len = min_t(unsigned int, len, IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(struct icmp6hdr));
516 if (len < 0) {
517 net_dbg_ratelimited("icmp: len problem [%pI6c > %pI6c]\n",
518 &hdr->saddr, &hdr->daddr);
519 goto out_dst_release;
520 }
521
522 rcu_read_lock();
523 idev = __in6_dev_get(skb->dev);
524
525 err = ip6_append_data(sk, icmpv6_getfrag, &msg,
526 len + sizeof(struct icmp6hdr),
527 sizeof(struct icmp6hdr), hlimit,
528 np->tclass, NULL, &fl6, (struct rt6_info *)dst,
529 MSG_DONTWAIT, np->dontfrag);
530 if (err) {
531 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTERRORS);
532 ip6_flush_pending_frames(sk);
533 } else {
534 err = icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr,
535 len + sizeof(struct icmp6hdr));
536 }
537 rcu_read_unlock();
538out_dst_release:
539 dst_release(dst);
540out:
541 icmpv6_xmit_unlock(sk);
542}
543
544/* Slightly more convenient version of icmp6_send.
545 */
546void icmpv6_param_prob(struct sk_buff *skb, u8 code, int pos)
547{
548 icmp6_send(skb, ICMPV6_PARAMPROB, code, pos);
549 kfree_skb(skb);
550}
551
552static void icmpv6_echo_reply(struct sk_buff *skb)
553{
554 struct net *net = dev_net(skb->dev);
555 struct sock *sk;
556 struct inet6_dev *idev;
557 struct ipv6_pinfo *np;
558 const struct in6_addr *saddr = NULL;
559 struct icmp6hdr *icmph = icmp6_hdr(skb);
560 struct icmp6hdr tmp_hdr;
561 struct flowi6 fl6;
562 struct icmpv6_msg msg;
563 struct dst_entry *dst;
564 int err = 0;
565 int hlimit;
566 u8 tclass;
567 u32 mark = IP6_REPLY_MARK(net, skb->mark);
568
569 saddr = &ipv6_hdr(skb)->daddr;
570
571 if (!ipv6_unicast_destination(skb) &&
572 !(net->ipv6.sysctl.anycast_src_echo_reply &&
573 ipv6_anycast_destination(skb_dst(skb), saddr)))
574 saddr = NULL;
575
576 memcpy(&tmp_hdr, icmph, sizeof(tmp_hdr));
577 tmp_hdr.icmp6_type = ICMPV6_ECHO_REPLY;
578
579 memset(&fl6, 0, sizeof(fl6));
580 fl6.flowi6_proto = IPPROTO_ICMPV6;
581 fl6.daddr = ipv6_hdr(skb)->saddr;
582 if (saddr)
583 fl6.saddr = *saddr;
584 fl6.flowi6_oif = l3mdev_fib_oif(skb->dev);
585 fl6.fl6_icmp_type = ICMPV6_ECHO_REPLY;
586 fl6.flowi6_mark = mark;
587 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
588
589 sk = icmpv6_xmit_lock(net);
590 if (!sk)
591 return;
592 sk->sk_mark = mark;
593 np = inet6_sk(sk);
594
595 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
596 fl6.flowi6_oif = np->mcast_oif;
597 else if (!fl6.flowi6_oif)
598 fl6.flowi6_oif = np->ucast_oif;
599
600 err = ip6_dst_lookup(net, sk, &dst, &fl6);
601 if (err)
602 goto out;
603 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), sk, 0);
604 if (IS_ERR(dst))
605 goto out;
606
607 hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst);
608
609 idev = __in6_dev_get(skb->dev);
610
611 msg.skb = skb;
612 msg.offset = 0;
613 msg.type = ICMPV6_ECHO_REPLY;
614
615 tclass = ipv6_get_dsfield(ipv6_hdr(skb));
616 err = ip6_append_data(sk, icmpv6_getfrag, &msg, skb->len + sizeof(struct icmp6hdr),
617 sizeof(struct icmp6hdr), hlimit, tclass, NULL, &fl6,
618 (struct rt6_info *)dst, MSG_DONTWAIT,
619 np->dontfrag);
620
621 if (err) {
622 ICMP6_INC_STATS_BH(net, idev, ICMP6_MIB_OUTERRORS);
623 ip6_flush_pending_frames(sk);
624 } else {
625 err = icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr,
626 skb->len + sizeof(struct icmp6hdr));
627 }
628 dst_release(dst);
629out:
630 icmpv6_xmit_unlock(sk);
631}
632
633void icmpv6_notify(struct sk_buff *skb, u8 type, u8 code, __be32 info)
634{
635 const struct inet6_protocol *ipprot;
636 int inner_offset;
637 __be16 frag_off;
638 u8 nexthdr;
639 struct net *net = dev_net(skb->dev);
640
641 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
642 goto out;
643
644 nexthdr = ((struct ipv6hdr *)skb->data)->nexthdr;
645 if (ipv6_ext_hdr(nexthdr)) {
646 /* now skip over extension headers */
647 inner_offset = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr),
648 &nexthdr, &frag_off);
649 if (inner_offset < 0)
650 goto out;
651 } else {
652 inner_offset = sizeof(struct ipv6hdr);
653 }
654
655 /* Checkin header including 8 bytes of inner protocol header. */
656 if (!pskb_may_pull(skb, inner_offset+8))
657 goto out;
658
659 /* BUGGG_FUTURE: we should try to parse exthdrs in this packet.
660 Without this we will not able f.e. to make source routed
661 pmtu discovery.
662 Corresponding argument (opt) to notifiers is already added.
663 --ANK (980726)
664 */
665
666 ipprot = rcu_dereference(inet6_protos[nexthdr]);
667 if (ipprot && ipprot->err_handler)
668 ipprot->err_handler(skb, NULL, type, code, inner_offset, info);
669
670 raw6_icmp_error(skb, nexthdr, type, code, inner_offset, info);
671 return;
672
673out:
674 ICMP6_INC_STATS_BH(net, __in6_dev_get(skb->dev), ICMP6_MIB_INERRORS);
675}
676
677/*
678 * Handle icmp messages
679 */
680
681static int icmpv6_rcv(struct sk_buff *skb)
682{
683 struct net_device *dev = skb->dev;
684 struct inet6_dev *idev = __in6_dev_get(dev);
685 const struct in6_addr *saddr, *daddr;
686 struct icmp6hdr *hdr;
687 u8 type;
688 bool success = false;
689
690 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
691 struct sec_path *sp = skb_sec_path(skb);
692 int nh;
693
694 if (!(sp && sp->xvec[sp->len - 1]->props.flags &
695 XFRM_STATE_ICMP))
696 goto drop_no_count;
697
698 if (!pskb_may_pull(skb, sizeof(*hdr) + sizeof(struct ipv6hdr)))
699 goto drop_no_count;
700
701 nh = skb_network_offset(skb);
702 skb_set_network_header(skb, sizeof(*hdr));
703
704 if (!xfrm6_policy_check_reverse(NULL, XFRM_POLICY_IN, skb))
705 goto drop_no_count;
706
707 skb_set_network_header(skb, nh);
708 }
709
710 ICMP6_INC_STATS_BH(dev_net(dev), idev, ICMP6_MIB_INMSGS);
711
712 saddr = &ipv6_hdr(skb)->saddr;
713 daddr = &ipv6_hdr(skb)->daddr;
714
715 if (skb_checksum_validate(skb, IPPROTO_ICMPV6, ip6_compute_pseudo)) {
716 net_dbg_ratelimited("ICMPv6 checksum failed [%pI6c > %pI6c]\n",
717 saddr, daddr);
718 goto csum_error;
719 }
720
721 if (!pskb_pull(skb, sizeof(*hdr)))
722 goto discard_it;
723
724 hdr = icmp6_hdr(skb);
725
726 type = hdr->icmp6_type;
727
728 ICMP6MSGIN_INC_STATS_BH(dev_net(dev), idev, type);
729
730 switch (type) {
731 case ICMPV6_ECHO_REQUEST:
732 icmpv6_echo_reply(skb);
733 break;
734
735 case ICMPV6_ECHO_REPLY:
736 success = ping_rcv(skb);
737 break;
738
739 case ICMPV6_PKT_TOOBIG:
740 /* BUGGG_FUTURE: if packet contains rthdr, we cannot update
741 standard destination cache. Seems, only "advanced"
742 destination cache will allow to solve this problem
743 --ANK (980726)
744 */
745 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
746 goto discard_it;
747 hdr = icmp6_hdr(skb);
748
749 /*
750 * Drop through to notify
751 */
752
753 case ICMPV6_DEST_UNREACH:
754 case ICMPV6_TIME_EXCEED:
755 case ICMPV6_PARAMPROB:
756 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu);
757 break;
758
759 case NDISC_ROUTER_SOLICITATION:
760 case NDISC_ROUTER_ADVERTISEMENT:
761 case NDISC_NEIGHBOUR_SOLICITATION:
762 case NDISC_NEIGHBOUR_ADVERTISEMENT:
763 case NDISC_REDIRECT:
764 ndisc_rcv(skb);
765 break;
766
767 case ICMPV6_MGM_QUERY:
768 igmp6_event_query(skb);
769 break;
770
771 case ICMPV6_MGM_REPORT:
772 igmp6_event_report(skb);
773 break;
774
775 case ICMPV6_MGM_REDUCTION:
776 case ICMPV6_NI_QUERY:
777 case ICMPV6_NI_REPLY:
778 case ICMPV6_MLD2_REPORT:
779 case ICMPV6_DHAAD_REQUEST:
780 case ICMPV6_DHAAD_REPLY:
781 case ICMPV6_MOBILE_PREFIX_SOL:
782 case ICMPV6_MOBILE_PREFIX_ADV:
783 break;
784
785 default:
786 /* informational */
787 if (type & ICMPV6_INFOMSG_MASK)
788 break;
789
790 net_dbg_ratelimited("icmpv6: msg of unknown type [%pI6c > %pI6c]\n",
791 saddr, daddr);
792
793 /*
794 * error of unknown type.
795 * must pass to upper level
796 */
797
798 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu);
799 }
800
801 /* until the v6 path can be better sorted assume failure and
802 * preserve the status quo behaviour for the rest of the paths to here
803 */
804 if (success)
805 consume_skb(skb);
806 else
807 kfree_skb(skb);
808
809 return 0;
810
811csum_error:
812 ICMP6_INC_STATS_BH(dev_net(dev), idev, ICMP6_MIB_CSUMERRORS);
813discard_it:
814 ICMP6_INC_STATS_BH(dev_net(dev), idev, ICMP6_MIB_INERRORS);
815drop_no_count:
816 kfree_skb(skb);
817 return 0;
818}
819
820void icmpv6_flow_init(struct sock *sk, struct flowi6 *fl6,
821 u8 type,
822 const struct in6_addr *saddr,
823 const struct in6_addr *daddr,
824 int oif)
825{
826 memset(fl6, 0, sizeof(*fl6));
827 fl6->saddr = *saddr;
828 fl6->daddr = *daddr;
829 fl6->flowi6_proto = IPPROTO_ICMPV6;
830 fl6->fl6_icmp_type = type;
831 fl6->fl6_icmp_code = 0;
832 fl6->flowi6_oif = oif;
833 security_sk_classify_flow(sk, flowi6_to_flowi(fl6));
834}
835
836static int __net_init icmpv6_sk_init(struct net *net)
837{
838 struct sock *sk;
839 int err, i, j;
840
841 net->ipv6.icmp_sk =
842 kzalloc(nr_cpu_ids * sizeof(struct sock *), GFP_KERNEL);
843 if (!net->ipv6.icmp_sk)
844 return -ENOMEM;
845
846 for_each_possible_cpu(i) {
847 err = inet_ctl_sock_create(&sk, PF_INET6,
848 SOCK_RAW, IPPROTO_ICMPV6, net);
849 if (err < 0) {
850 pr_err("Failed to initialize the ICMP6 control socket (err %d)\n",
851 err);
852 goto fail;
853 }
854
855 net->ipv6.icmp_sk[i] = sk;
856
857 /* Enough space for 2 64K ICMP packets, including
858 * sk_buff struct overhead.
859 */
860 sk->sk_sndbuf = 2 * SKB_TRUESIZE(64 * 1024);
861 }
862 return 0;
863
864 fail:
865 for (j = 0; j < i; j++)
866 inet_ctl_sock_destroy(net->ipv6.icmp_sk[j]);
867 kfree(net->ipv6.icmp_sk);
868 return err;
869}
870
871static void __net_exit icmpv6_sk_exit(struct net *net)
872{
873 int i;
874
875 for_each_possible_cpu(i) {
876 inet_ctl_sock_destroy(net->ipv6.icmp_sk[i]);
877 }
878 kfree(net->ipv6.icmp_sk);
879}
880
881static struct pernet_operations icmpv6_sk_ops = {
882 .init = icmpv6_sk_init,
883 .exit = icmpv6_sk_exit,
884};
885
886int __init icmpv6_init(void)
887{
888 int err;
889
890 err = register_pernet_subsys(&icmpv6_sk_ops);
891 if (err < 0)
892 return err;
893
894 err = -EAGAIN;
895 if (inet6_add_protocol(&icmpv6_protocol, IPPROTO_ICMPV6) < 0)
896 goto fail;
897
898 err = inet6_register_icmp_sender(icmp6_send);
899 if (err)
900 goto sender_reg_err;
901 return 0;
902
903sender_reg_err:
904 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6);
905fail:
906 pr_err("Failed to register ICMP6 protocol\n");
907 unregister_pernet_subsys(&icmpv6_sk_ops);
908 return err;
909}
910
911void icmpv6_cleanup(void)
912{
913 inet6_unregister_icmp_sender(icmp6_send);
914 unregister_pernet_subsys(&icmpv6_sk_ops);
915 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6);
916}
917
918
919static const struct icmp6_err {
920 int err;
921 int fatal;
922} tab_unreach[] = {
923 { /* NOROUTE */
924 .err = ENETUNREACH,
925 .fatal = 0,
926 },
927 { /* ADM_PROHIBITED */
928 .err = EACCES,
929 .fatal = 1,
930 },
931 { /* Was NOT_NEIGHBOUR, now reserved */
932 .err = EHOSTUNREACH,
933 .fatal = 0,
934 },
935 { /* ADDR_UNREACH */
936 .err = EHOSTUNREACH,
937 .fatal = 0,
938 },
939 { /* PORT_UNREACH */
940 .err = ECONNREFUSED,
941 .fatal = 1,
942 },
943 { /* POLICY_FAIL */
944 .err = EACCES,
945 .fatal = 1,
946 },
947 { /* REJECT_ROUTE */
948 .err = EACCES,
949 .fatal = 1,
950 },
951};
952
953int icmpv6_err_convert(u8 type, u8 code, int *err)
954{
955 int fatal = 0;
956
957 *err = EPROTO;
958
959 switch (type) {
960 case ICMPV6_DEST_UNREACH:
961 fatal = 1;
962 if (code < ARRAY_SIZE(tab_unreach)) {
963 *err = tab_unreach[code].err;
964 fatal = tab_unreach[code].fatal;
965 }
966 break;
967
968 case ICMPV6_PKT_TOOBIG:
969 *err = EMSGSIZE;
970 break;
971
972 case ICMPV6_PARAMPROB:
973 *err = EPROTO;
974 fatal = 1;
975 break;
976
977 case ICMPV6_TIME_EXCEED:
978 *err = EHOSTUNREACH;
979 break;
980 }
981
982 return fatal;
983}
984EXPORT_SYMBOL(icmpv6_err_convert);
985
986#ifdef CONFIG_SYSCTL
987static struct ctl_table ipv6_icmp_table_template[] = {
988 {
989 .procname = "ratelimit",
990 .data = &init_net.ipv6.sysctl.icmpv6_time,
991 .maxlen = sizeof(int),
992 .mode = 0644,
993 .proc_handler = proc_dointvec_ms_jiffies,
994 },
995 { },
996};
997
998struct ctl_table * __net_init ipv6_icmp_sysctl_init(struct net *net)
999{
1000 struct ctl_table *table;
1001
1002 table = kmemdup(ipv6_icmp_table_template,
1003 sizeof(ipv6_icmp_table_template),
1004 GFP_KERNEL);
1005
1006 if (table)
1007 table[0].data = &net->ipv6.sysctl.icmpv6_time;
1008
1009 return table;
1010}
1011#endif
1/*
2 * Internet Control Message Protocol (ICMPv6)
3 * Linux INET6 implementation
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 *
8 * Based on net/ipv4/icmp.c
9 *
10 * RFC 1885
11 *
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version
15 * 2 of the License, or (at your option) any later version.
16 */
17
18/*
19 * Changes:
20 *
21 * Andi Kleen : exception handling
22 * Andi Kleen add rate limits. never reply to a icmp.
23 * add more length checks and other fixes.
24 * yoshfuji : ensure to sent parameter problem for
25 * fragments.
26 * YOSHIFUJI Hideaki @USAGI: added sysctl for icmp rate limit.
27 * Randy Dunlap and
28 * YOSHIFUJI Hideaki @USAGI: Per-interface statistics support
29 * Kazunori MIYAZAWA @USAGI: change output process to use ip6_append_data
30 */
31
32#define pr_fmt(fmt) "IPv6: " fmt
33
34#include <linux/module.h>
35#include <linux/errno.h>
36#include <linux/types.h>
37#include <linux/socket.h>
38#include <linux/in.h>
39#include <linux/kernel.h>
40#include <linux/sockios.h>
41#include <linux/net.h>
42#include <linux/skbuff.h>
43#include <linux/init.h>
44#include <linux/netfilter.h>
45#include <linux/slab.h>
46
47#ifdef CONFIG_SYSCTL
48#include <linux/sysctl.h>
49#endif
50
51#include <linux/inet.h>
52#include <linux/netdevice.h>
53#include <linux/icmpv6.h>
54
55#include <net/ip.h>
56#include <net/sock.h>
57
58#include <net/ipv6.h>
59#include <net/ip6_checksum.h>
60#include <net/protocol.h>
61#include <net/raw.h>
62#include <net/rawv6.h>
63#include <net/transp_v6.h>
64#include <net/ip6_route.h>
65#include <net/addrconf.h>
66#include <net/icmp.h>
67#include <net/xfrm.h>
68#include <net/inet_common.h>
69
70#include <asm/uaccess.h>
71
72/*
73 * The ICMP socket(s). This is the most convenient way to flow control
74 * our ICMP output as well as maintain a clean interface throughout
75 * all layers. All Socketless IP sends will soon be gone.
76 *
77 * On SMP we have one ICMP socket per-cpu.
78 */
79static inline struct sock *icmpv6_sk(struct net *net)
80{
81 return net->ipv6.icmp_sk[smp_processor_id()];
82}
83
84static int icmpv6_rcv(struct sk_buff *skb);
85
86static const struct inet6_protocol icmpv6_protocol = {
87 .handler = icmpv6_rcv,
88 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
89};
90
91static __inline__ struct sock *icmpv6_xmit_lock(struct net *net)
92{
93 struct sock *sk;
94
95 local_bh_disable();
96
97 sk = icmpv6_sk(net);
98 if (unlikely(!spin_trylock(&sk->sk_lock.slock))) {
99 /* This can happen if the output path (f.e. SIT or
100 * ip6ip6 tunnel) signals dst_link_failure() for an
101 * outgoing ICMP6 packet.
102 */
103 local_bh_enable();
104 return NULL;
105 }
106 return sk;
107}
108
109static __inline__ void icmpv6_xmit_unlock(struct sock *sk)
110{
111 spin_unlock_bh(&sk->sk_lock.slock);
112}
113
114/*
115 * Slightly more convenient version of icmpv6_send.
116 */
117void icmpv6_param_prob(struct sk_buff *skb, u8 code, int pos)
118{
119 icmpv6_send(skb, ICMPV6_PARAMPROB, code, pos);
120 kfree_skb(skb);
121}
122
123/*
124 * Figure out, may we reply to this packet with icmp error.
125 *
126 * We do not reply, if:
127 * - it was icmp error message.
128 * - it is truncated, so that it is known, that protocol is ICMPV6
129 * (i.e. in the middle of some exthdr)
130 *
131 * --ANK (980726)
132 */
133
134static bool is_ineligible(const struct sk_buff *skb)
135{
136 int ptr = (u8 *)(ipv6_hdr(skb) + 1) - skb->data;
137 int len = skb->len - ptr;
138 __u8 nexthdr = ipv6_hdr(skb)->nexthdr;
139 __be16 frag_off;
140
141 if (len < 0)
142 return true;
143
144 ptr = ipv6_skip_exthdr(skb, ptr, &nexthdr, &frag_off);
145 if (ptr < 0)
146 return false;
147 if (nexthdr == IPPROTO_ICMPV6) {
148 u8 _type, *tp;
149 tp = skb_header_pointer(skb,
150 ptr+offsetof(struct icmp6hdr, icmp6_type),
151 sizeof(_type), &_type);
152 if (tp == NULL ||
153 !(*tp & ICMPV6_INFOMSG_MASK))
154 return true;
155 }
156 return false;
157}
158
159/*
160 * Check the ICMP output rate limit
161 */
162static inline bool icmpv6_xrlim_allow(struct sock *sk, u8 type,
163 struct flowi6 *fl6)
164{
165 struct dst_entry *dst;
166 struct net *net = sock_net(sk);
167 bool res = false;
168
169 /* Informational messages are not limited. */
170 if (type & ICMPV6_INFOMSG_MASK)
171 return true;
172
173 /* Do not limit pmtu discovery, it would break it. */
174 if (type == ICMPV6_PKT_TOOBIG)
175 return true;
176
177 /*
178 * Look up the output route.
179 * XXX: perhaps the expire for routing entries cloned by
180 * this lookup should be more aggressive (not longer than timeout).
181 */
182 dst = ip6_route_output(net, sk, fl6);
183 if (dst->error) {
184 IP6_INC_STATS(net, ip6_dst_idev(dst),
185 IPSTATS_MIB_OUTNOROUTES);
186 } else if (dst->dev && (dst->dev->flags&IFF_LOOPBACK)) {
187 res = true;
188 } else {
189 struct rt6_info *rt = (struct rt6_info *)dst;
190 int tmo = net->ipv6.sysctl.icmpv6_time;
191
192 /* Give more bandwidth to wider prefixes. */
193 if (rt->rt6i_dst.plen < 128)
194 tmo >>= ((128 - rt->rt6i_dst.plen)>>5);
195
196 if (!rt->rt6i_peer)
197 rt6_bind_peer(rt, 1);
198 res = inet_peer_xrlim_allow(rt->rt6i_peer, tmo);
199 }
200 dst_release(dst);
201 return res;
202}
203
204/*
205 * an inline helper for the "simple" if statement below
206 * checks if parameter problem report is caused by an
207 * unrecognized IPv6 option that has the Option Type
208 * highest-order two bits set to 10
209 */
210
211static bool opt_unrec(struct sk_buff *skb, __u32 offset)
212{
213 u8 _optval, *op;
214
215 offset += skb_network_offset(skb);
216 op = skb_header_pointer(skb, offset, sizeof(_optval), &_optval);
217 if (op == NULL)
218 return true;
219 return (*op & 0xC0) == 0x80;
220}
221
222static int icmpv6_push_pending_frames(struct sock *sk, struct flowi6 *fl6, struct icmp6hdr *thdr, int len)
223{
224 struct sk_buff *skb;
225 struct icmp6hdr *icmp6h;
226 int err = 0;
227
228 if ((skb = skb_peek(&sk->sk_write_queue)) == NULL)
229 goto out;
230
231 icmp6h = icmp6_hdr(skb);
232 memcpy(icmp6h, thdr, sizeof(struct icmp6hdr));
233 icmp6h->icmp6_cksum = 0;
234
235 if (skb_queue_len(&sk->sk_write_queue) == 1) {
236 skb->csum = csum_partial(icmp6h,
237 sizeof(struct icmp6hdr), skb->csum);
238 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr,
239 &fl6->daddr,
240 len, fl6->flowi6_proto,
241 skb->csum);
242 } else {
243 __wsum tmp_csum = 0;
244
245 skb_queue_walk(&sk->sk_write_queue, skb) {
246 tmp_csum = csum_add(tmp_csum, skb->csum);
247 }
248
249 tmp_csum = csum_partial(icmp6h,
250 sizeof(struct icmp6hdr), tmp_csum);
251 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr,
252 &fl6->daddr,
253 len, fl6->flowi6_proto,
254 tmp_csum);
255 }
256 ip6_push_pending_frames(sk);
257out:
258 return err;
259}
260
261struct icmpv6_msg {
262 struct sk_buff *skb;
263 int offset;
264 uint8_t type;
265};
266
267static int icmpv6_getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb)
268{
269 struct icmpv6_msg *msg = (struct icmpv6_msg *) from;
270 struct sk_buff *org_skb = msg->skb;
271 __wsum csum = 0;
272
273 csum = skb_copy_and_csum_bits(org_skb, msg->offset + offset,
274 to, len, csum);
275 skb->csum = csum_block_add(skb->csum, csum, odd);
276 if (!(msg->type & ICMPV6_INFOMSG_MASK))
277 nf_ct_attach(skb, org_skb);
278 return 0;
279}
280
281#if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE)
282static void mip6_addr_swap(struct sk_buff *skb)
283{
284 struct ipv6hdr *iph = ipv6_hdr(skb);
285 struct inet6_skb_parm *opt = IP6CB(skb);
286 struct ipv6_destopt_hao *hao;
287 struct in6_addr tmp;
288 int off;
289
290 if (opt->dsthao) {
291 off = ipv6_find_tlv(skb, opt->dsthao, IPV6_TLV_HAO);
292 if (likely(off >= 0)) {
293 hao = (struct ipv6_destopt_hao *)
294 (skb_network_header(skb) + off);
295 tmp = iph->saddr;
296 iph->saddr = hao->addr;
297 hao->addr = tmp;
298 }
299 }
300}
301#else
302static inline void mip6_addr_swap(struct sk_buff *skb) {}
303#endif
304
305static struct dst_entry *icmpv6_route_lookup(struct net *net, struct sk_buff *skb,
306 struct sock *sk, struct flowi6 *fl6)
307{
308 struct dst_entry *dst, *dst2;
309 struct flowi6 fl2;
310 int err;
311
312 err = ip6_dst_lookup(sk, &dst, fl6);
313 if (err)
314 return ERR_PTR(err);
315
316 /*
317 * We won't send icmp if the destination is known
318 * anycast.
319 */
320 if (((struct rt6_info *)dst)->rt6i_flags & RTF_ANYCAST) {
321 LIMIT_NETDEBUG(KERN_DEBUG "icmpv6_send: acast source\n");
322 dst_release(dst);
323 return ERR_PTR(-EINVAL);
324 }
325
326 /* No need to clone since we're just using its address. */
327 dst2 = dst;
328
329 dst = xfrm_lookup(net, dst, flowi6_to_flowi(fl6), sk, 0);
330 if (!IS_ERR(dst)) {
331 if (dst != dst2)
332 return dst;
333 } else {
334 if (PTR_ERR(dst) == -EPERM)
335 dst = NULL;
336 else
337 return dst;
338 }
339
340 err = xfrm_decode_session_reverse(skb, flowi6_to_flowi(&fl2), AF_INET6);
341 if (err)
342 goto relookup_failed;
343
344 err = ip6_dst_lookup(sk, &dst2, &fl2);
345 if (err)
346 goto relookup_failed;
347
348 dst2 = xfrm_lookup(net, dst2, flowi6_to_flowi(&fl2), sk, XFRM_LOOKUP_ICMP);
349 if (!IS_ERR(dst2)) {
350 dst_release(dst);
351 dst = dst2;
352 } else {
353 err = PTR_ERR(dst2);
354 if (err == -EPERM) {
355 dst_release(dst);
356 return dst2;
357 } else
358 goto relookup_failed;
359 }
360
361relookup_failed:
362 if (dst)
363 return dst;
364 return ERR_PTR(err);
365}
366
367/*
368 * Send an ICMP message in response to a packet in error
369 */
370void icmpv6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info)
371{
372 struct net *net = dev_net(skb->dev);
373 struct inet6_dev *idev = NULL;
374 struct ipv6hdr *hdr = ipv6_hdr(skb);
375 struct sock *sk;
376 struct ipv6_pinfo *np;
377 const struct in6_addr *saddr = NULL;
378 struct dst_entry *dst;
379 struct icmp6hdr tmp_hdr;
380 struct flowi6 fl6;
381 struct icmpv6_msg msg;
382 int iif = 0;
383 int addr_type = 0;
384 int len;
385 int hlimit;
386 int err = 0;
387
388 if ((u8 *)hdr < skb->head ||
389 (skb->network_header + sizeof(*hdr)) > skb->tail)
390 return;
391
392 /*
393 * Make sure we respect the rules
394 * i.e. RFC 1885 2.4(e)
395 * Rule (e.1) is enforced by not using icmpv6_send
396 * in any code that processes icmp errors.
397 */
398 addr_type = ipv6_addr_type(&hdr->daddr);
399
400 if (ipv6_chk_addr(net, &hdr->daddr, skb->dev, 0))
401 saddr = &hdr->daddr;
402
403 /*
404 * Dest addr check
405 */
406
407 if ((addr_type & IPV6_ADDR_MULTICAST || skb->pkt_type != PACKET_HOST)) {
408 if (type != ICMPV6_PKT_TOOBIG &&
409 !(type == ICMPV6_PARAMPROB &&
410 code == ICMPV6_UNK_OPTION &&
411 (opt_unrec(skb, info))))
412 return;
413
414 saddr = NULL;
415 }
416
417 addr_type = ipv6_addr_type(&hdr->saddr);
418
419 /*
420 * Source addr check
421 */
422
423 if (addr_type & IPV6_ADDR_LINKLOCAL)
424 iif = skb->dev->ifindex;
425
426 /*
427 * Must not send error if the source does not uniquely
428 * identify a single node (RFC2463 Section 2.4).
429 * We check unspecified / multicast addresses here,
430 * and anycast addresses will be checked later.
431 */
432 if ((addr_type == IPV6_ADDR_ANY) || (addr_type & IPV6_ADDR_MULTICAST)) {
433 LIMIT_NETDEBUG(KERN_DEBUG "icmpv6_send: addr_any/mcast source\n");
434 return;
435 }
436
437 /*
438 * Never answer to a ICMP packet.
439 */
440 if (is_ineligible(skb)) {
441 LIMIT_NETDEBUG(KERN_DEBUG "icmpv6_send: no reply to icmp error\n");
442 return;
443 }
444
445 mip6_addr_swap(skb);
446
447 memset(&fl6, 0, sizeof(fl6));
448 fl6.flowi6_proto = IPPROTO_ICMPV6;
449 fl6.daddr = hdr->saddr;
450 if (saddr)
451 fl6.saddr = *saddr;
452 fl6.flowi6_oif = iif;
453 fl6.fl6_icmp_type = type;
454 fl6.fl6_icmp_code = code;
455 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
456
457 sk = icmpv6_xmit_lock(net);
458 if (sk == NULL)
459 return;
460 np = inet6_sk(sk);
461
462 if (!icmpv6_xrlim_allow(sk, type, &fl6))
463 goto out;
464
465 tmp_hdr.icmp6_type = type;
466 tmp_hdr.icmp6_code = code;
467 tmp_hdr.icmp6_cksum = 0;
468 tmp_hdr.icmp6_pointer = htonl(info);
469
470 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
471 fl6.flowi6_oif = np->mcast_oif;
472 else if (!fl6.flowi6_oif)
473 fl6.flowi6_oif = np->ucast_oif;
474
475 dst = icmpv6_route_lookup(net, skb, sk, &fl6);
476 if (IS_ERR(dst))
477 goto out;
478
479 if (ipv6_addr_is_multicast(&fl6.daddr))
480 hlimit = np->mcast_hops;
481 else
482 hlimit = np->hop_limit;
483 if (hlimit < 0)
484 hlimit = ip6_dst_hoplimit(dst);
485
486 msg.skb = skb;
487 msg.offset = skb_network_offset(skb);
488 msg.type = type;
489
490 len = skb->len - msg.offset;
491 len = min_t(unsigned int, len, IPV6_MIN_MTU - sizeof(struct ipv6hdr) -sizeof(struct icmp6hdr));
492 if (len < 0) {
493 LIMIT_NETDEBUG(KERN_DEBUG "icmp: len problem\n");
494 goto out_dst_release;
495 }
496
497 rcu_read_lock();
498 idev = __in6_dev_get(skb->dev);
499
500 err = ip6_append_data(sk, icmpv6_getfrag, &msg,
501 len + sizeof(struct icmp6hdr),
502 sizeof(struct icmp6hdr), hlimit,
503 np->tclass, NULL, &fl6, (struct rt6_info *)dst,
504 MSG_DONTWAIT, np->dontfrag);
505 if (err) {
506 ICMP6_INC_STATS_BH(net, idev, ICMP6_MIB_OUTERRORS);
507 ip6_flush_pending_frames(sk);
508 } else {
509 err = icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr,
510 len + sizeof(struct icmp6hdr));
511 }
512 rcu_read_unlock();
513out_dst_release:
514 dst_release(dst);
515out:
516 icmpv6_xmit_unlock(sk);
517}
518EXPORT_SYMBOL(icmpv6_send);
519
520static void icmpv6_echo_reply(struct sk_buff *skb)
521{
522 struct net *net = dev_net(skb->dev);
523 struct sock *sk;
524 struct inet6_dev *idev;
525 struct ipv6_pinfo *np;
526 const struct in6_addr *saddr = NULL;
527 struct icmp6hdr *icmph = icmp6_hdr(skb);
528 struct icmp6hdr tmp_hdr;
529 struct flowi6 fl6;
530 struct icmpv6_msg msg;
531 struct dst_entry *dst;
532 int err = 0;
533 int hlimit;
534
535 saddr = &ipv6_hdr(skb)->daddr;
536
537 if (!ipv6_unicast_destination(skb))
538 saddr = NULL;
539
540 memcpy(&tmp_hdr, icmph, sizeof(tmp_hdr));
541 tmp_hdr.icmp6_type = ICMPV6_ECHO_REPLY;
542
543 memset(&fl6, 0, sizeof(fl6));
544 fl6.flowi6_proto = IPPROTO_ICMPV6;
545 fl6.daddr = ipv6_hdr(skb)->saddr;
546 if (saddr)
547 fl6.saddr = *saddr;
548 fl6.flowi6_oif = skb->dev->ifindex;
549 fl6.fl6_icmp_type = ICMPV6_ECHO_REPLY;
550 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
551
552 sk = icmpv6_xmit_lock(net);
553 if (sk == NULL)
554 return;
555 np = inet6_sk(sk);
556
557 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
558 fl6.flowi6_oif = np->mcast_oif;
559 else if (!fl6.flowi6_oif)
560 fl6.flowi6_oif = np->ucast_oif;
561
562 err = ip6_dst_lookup(sk, &dst, &fl6);
563 if (err)
564 goto out;
565 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), sk, 0);
566 if (IS_ERR(dst))
567 goto out;
568
569 if (ipv6_addr_is_multicast(&fl6.daddr))
570 hlimit = np->mcast_hops;
571 else
572 hlimit = np->hop_limit;
573 if (hlimit < 0)
574 hlimit = ip6_dst_hoplimit(dst);
575
576 idev = __in6_dev_get(skb->dev);
577
578 msg.skb = skb;
579 msg.offset = 0;
580 msg.type = ICMPV6_ECHO_REPLY;
581
582 err = ip6_append_data(sk, icmpv6_getfrag, &msg, skb->len + sizeof(struct icmp6hdr),
583 sizeof(struct icmp6hdr), hlimit, np->tclass, NULL, &fl6,
584 (struct rt6_info *)dst, MSG_DONTWAIT,
585 np->dontfrag);
586
587 if (err) {
588 ICMP6_INC_STATS_BH(net, idev, ICMP6_MIB_OUTERRORS);
589 ip6_flush_pending_frames(sk);
590 } else {
591 err = icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr,
592 skb->len + sizeof(struct icmp6hdr));
593 }
594 dst_release(dst);
595out:
596 icmpv6_xmit_unlock(sk);
597}
598
599static void icmpv6_notify(struct sk_buff *skb, u8 type, u8 code, __be32 info)
600{
601 const struct inet6_protocol *ipprot;
602 int inner_offset;
603 int hash;
604 u8 nexthdr;
605 __be16 frag_off;
606
607 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
608 return;
609
610 nexthdr = ((struct ipv6hdr *)skb->data)->nexthdr;
611 if (ipv6_ext_hdr(nexthdr)) {
612 /* now skip over extension headers */
613 inner_offset = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr),
614 &nexthdr, &frag_off);
615 if (inner_offset<0)
616 return;
617 } else {
618 inner_offset = sizeof(struct ipv6hdr);
619 }
620
621 /* Checkin header including 8 bytes of inner protocol header. */
622 if (!pskb_may_pull(skb, inner_offset+8))
623 return;
624
625 /* BUGGG_FUTURE: we should try to parse exthdrs in this packet.
626 Without this we will not able f.e. to make source routed
627 pmtu discovery.
628 Corresponding argument (opt) to notifiers is already added.
629 --ANK (980726)
630 */
631
632 hash = nexthdr & (MAX_INET_PROTOS - 1);
633
634 rcu_read_lock();
635 ipprot = rcu_dereference(inet6_protos[hash]);
636 if (ipprot && ipprot->err_handler)
637 ipprot->err_handler(skb, NULL, type, code, inner_offset, info);
638 rcu_read_unlock();
639
640 raw6_icmp_error(skb, nexthdr, type, code, inner_offset, info);
641}
642
643/*
644 * Handle icmp messages
645 */
646
647static int icmpv6_rcv(struct sk_buff *skb)
648{
649 struct net_device *dev = skb->dev;
650 struct inet6_dev *idev = __in6_dev_get(dev);
651 const struct in6_addr *saddr, *daddr;
652 const struct ipv6hdr *orig_hdr;
653 struct icmp6hdr *hdr;
654 u8 type;
655
656 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
657 struct sec_path *sp = skb_sec_path(skb);
658 int nh;
659
660 if (!(sp && sp->xvec[sp->len - 1]->props.flags &
661 XFRM_STATE_ICMP))
662 goto drop_no_count;
663
664 if (!pskb_may_pull(skb, sizeof(*hdr) + sizeof(*orig_hdr)))
665 goto drop_no_count;
666
667 nh = skb_network_offset(skb);
668 skb_set_network_header(skb, sizeof(*hdr));
669
670 if (!xfrm6_policy_check_reverse(NULL, XFRM_POLICY_IN, skb))
671 goto drop_no_count;
672
673 skb_set_network_header(skb, nh);
674 }
675
676 ICMP6_INC_STATS_BH(dev_net(dev), idev, ICMP6_MIB_INMSGS);
677
678 saddr = &ipv6_hdr(skb)->saddr;
679 daddr = &ipv6_hdr(skb)->daddr;
680
681 /* Perform checksum. */
682 switch (skb->ip_summed) {
683 case CHECKSUM_COMPLETE:
684 if (!csum_ipv6_magic(saddr, daddr, skb->len, IPPROTO_ICMPV6,
685 skb->csum))
686 break;
687 /* fall through */
688 case CHECKSUM_NONE:
689 skb->csum = ~csum_unfold(csum_ipv6_magic(saddr, daddr, skb->len,
690 IPPROTO_ICMPV6, 0));
691 if (__skb_checksum_complete(skb)) {
692 LIMIT_NETDEBUG(KERN_DEBUG "ICMPv6 checksum failed [%pI6 > %pI6]\n",
693 saddr, daddr);
694 goto discard_it;
695 }
696 }
697
698 if (!pskb_pull(skb, sizeof(*hdr)))
699 goto discard_it;
700
701 hdr = icmp6_hdr(skb);
702
703 type = hdr->icmp6_type;
704
705 ICMP6MSGIN_INC_STATS_BH(dev_net(dev), idev, type);
706
707 switch (type) {
708 case ICMPV6_ECHO_REQUEST:
709 icmpv6_echo_reply(skb);
710 break;
711
712 case ICMPV6_ECHO_REPLY:
713 /* we couldn't care less */
714 break;
715
716 case ICMPV6_PKT_TOOBIG:
717 /* BUGGG_FUTURE: if packet contains rthdr, we cannot update
718 standard destination cache. Seems, only "advanced"
719 destination cache will allow to solve this problem
720 --ANK (980726)
721 */
722 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
723 goto discard_it;
724 hdr = icmp6_hdr(skb);
725 orig_hdr = (struct ipv6hdr *) (hdr + 1);
726 rt6_pmtu_discovery(&orig_hdr->daddr, &orig_hdr->saddr, dev,
727 ntohl(hdr->icmp6_mtu));
728
729 /*
730 * Drop through to notify
731 */
732
733 case ICMPV6_DEST_UNREACH:
734 case ICMPV6_TIME_EXCEED:
735 case ICMPV6_PARAMPROB:
736 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu);
737 break;
738
739 case NDISC_ROUTER_SOLICITATION:
740 case NDISC_ROUTER_ADVERTISEMENT:
741 case NDISC_NEIGHBOUR_SOLICITATION:
742 case NDISC_NEIGHBOUR_ADVERTISEMENT:
743 case NDISC_REDIRECT:
744 ndisc_rcv(skb);
745 break;
746
747 case ICMPV6_MGM_QUERY:
748 igmp6_event_query(skb);
749 break;
750
751 case ICMPV6_MGM_REPORT:
752 igmp6_event_report(skb);
753 break;
754
755 case ICMPV6_MGM_REDUCTION:
756 case ICMPV6_NI_QUERY:
757 case ICMPV6_NI_REPLY:
758 case ICMPV6_MLD2_REPORT:
759 case ICMPV6_DHAAD_REQUEST:
760 case ICMPV6_DHAAD_REPLY:
761 case ICMPV6_MOBILE_PREFIX_SOL:
762 case ICMPV6_MOBILE_PREFIX_ADV:
763 break;
764
765 default:
766 LIMIT_NETDEBUG(KERN_DEBUG "icmpv6: msg of unknown type\n");
767
768 /* informational */
769 if (type & ICMPV6_INFOMSG_MASK)
770 break;
771
772 /*
773 * error of unknown type.
774 * must pass to upper level
775 */
776
777 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu);
778 }
779
780 kfree_skb(skb);
781 return 0;
782
783discard_it:
784 ICMP6_INC_STATS_BH(dev_net(dev), idev, ICMP6_MIB_INERRORS);
785drop_no_count:
786 kfree_skb(skb);
787 return 0;
788}
789
790void icmpv6_flow_init(struct sock *sk, struct flowi6 *fl6,
791 u8 type,
792 const struct in6_addr *saddr,
793 const struct in6_addr *daddr,
794 int oif)
795{
796 memset(fl6, 0, sizeof(*fl6));
797 fl6->saddr = *saddr;
798 fl6->daddr = *daddr;
799 fl6->flowi6_proto = IPPROTO_ICMPV6;
800 fl6->fl6_icmp_type = type;
801 fl6->fl6_icmp_code = 0;
802 fl6->flowi6_oif = oif;
803 security_sk_classify_flow(sk, flowi6_to_flowi(fl6));
804}
805
806/*
807 * Special lock-class for __icmpv6_sk:
808 */
809static struct lock_class_key icmpv6_socket_sk_dst_lock_key;
810
811static int __net_init icmpv6_sk_init(struct net *net)
812{
813 struct sock *sk;
814 int err, i, j;
815
816 net->ipv6.icmp_sk =
817 kzalloc(nr_cpu_ids * sizeof(struct sock *), GFP_KERNEL);
818 if (net->ipv6.icmp_sk == NULL)
819 return -ENOMEM;
820
821 for_each_possible_cpu(i) {
822 err = inet_ctl_sock_create(&sk, PF_INET6,
823 SOCK_RAW, IPPROTO_ICMPV6, net);
824 if (err < 0) {
825 pr_err("Failed to initialize the ICMP6 control socket (err %d)\n",
826 err);
827 goto fail;
828 }
829
830 net->ipv6.icmp_sk[i] = sk;
831
832 /*
833 * Split off their lock-class, because sk->sk_dst_lock
834 * gets used from softirqs, which is safe for
835 * __icmpv6_sk (because those never get directly used
836 * via userspace syscalls), but unsafe for normal sockets.
837 */
838 lockdep_set_class(&sk->sk_dst_lock,
839 &icmpv6_socket_sk_dst_lock_key);
840
841 /* Enough space for 2 64K ICMP packets, including
842 * sk_buff struct overhead.
843 */
844 sk->sk_sndbuf = 2 * SKB_TRUESIZE(64 * 1024);
845 }
846 return 0;
847
848 fail:
849 for (j = 0; j < i; j++)
850 inet_ctl_sock_destroy(net->ipv6.icmp_sk[j]);
851 kfree(net->ipv6.icmp_sk);
852 return err;
853}
854
855static void __net_exit icmpv6_sk_exit(struct net *net)
856{
857 int i;
858
859 for_each_possible_cpu(i) {
860 inet_ctl_sock_destroy(net->ipv6.icmp_sk[i]);
861 }
862 kfree(net->ipv6.icmp_sk);
863}
864
865static struct pernet_operations icmpv6_sk_ops = {
866 .init = icmpv6_sk_init,
867 .exit = icmpv6_sk_exit,
868};
869
870int __init icmpv6_init(void)
871{
872 int err;
873
874 err = register_pernet_subsys(&icmpv6_sk_ops);
875 if (err < 0)
876 return err;
877
878 err = -EAGAIN;
879 if (inet6_add_protocol(&icmpv6_protocol, IPPROTO_ICMPV6) < 0)
880 goto fail;
881 return 0;
882
883fail:
884 pr_err("Failed to register ICMP6 protocol\n");
885 unregister_pernet_subsys(&icmpv6_sk_ops);
886 return err;
887}
888
889void icmpv6_cleanup(void)
890{
891 unregister_pernet_subsys(&icmpv6_sk_ops);
892 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6);
893}
894
895
896static const struct icmp6_err {
897 int err;
898 int fatal;
899} tab_unreach[] = {
900 { /* NOROUTE */
901 .err = ENETUNREACH,
902 .fatal = 0,
903 },
904 { /* ADM_PROHIBITED */
905 .err = EACCES,
906 .fatal = 1,
907 },
908 { /* Was NOT_NEIGHBOUR, now reserved */
909 .err = EHOSTUNREACH,
910 .fatal = 0,
911 },
912 { /* ADDR_UNREACH */
913 .err = EHOSTUNREACH,
914 .fatal = 0,
915 },
916 { /* PORT_UNREACH */
917 .err = ECONNREFUSED,
918 .fatal = 1,
919 },
920};
921
922int icmpv6_err_convert(u8 type, u8 code, int *err)
923{
924 int fatal = 0;
925
926 *err = EPROTO;
927
928 switch (type) {
929 case ICMPV6_DEST_UNREACH:
930 fatal = 1;
931 if (code <= ICMPV6_PORT_UNREACH) {
932 *err = tab_unreach[code].err;
933 fatal = tab_unreach[code].fatal;
934 }
935 break;
936
937 case ICMPV6_PKT_TOOBIG:
938 *err = EMSGSIZE;
939 break;
940
941 case ICMPV6_PARAMPROB:
942 *err = EPROTO;
943 fatal = 1;
944 break;
945
946 case ICMPV6_TIME_EXCEED:
947 *err = EHOSTUNREACH;
948 break;
949 }
950
951 return fatal;
952}
953EXPORT_SYMBOL(icmpv6_err_convert);
954
955#ifdef CONFIG_SYSCTL
956ctl_table ipv6_icmp_table_template[] = {
957 {
958 .procname = "ratelimit",
959 .data = &init_net.ipv6.sysctl.icmpv6_time,
960 .maxlen = sizeof(int),
961 .mode = 0644,
962 .proc_handler = proc_dointvec_ms_jiffies,
963 },
964 { },
965};
966
967struct ctl_table * __net_init ipv6_icmp_sysctl_init(struct net *net)
968{
969 struct ctl_table *table;
970
971 table = kmemdup(ipv6_icmp_table_template,
972 sizeof(ipv6_icmp_table_template),
973 GFP_KERNEL);
974
975 if (table)
976 table[0].data = &net->ipv6.sysctl.icmpv6_time;
977
978 return table;
979}
980#endif
981