Merge branch 'for-linus' of git://git.kernel.dk/linux-block
[linux/fpc-iii.git] / net / ipv6 / icmp.c
blob8d7b113958b1332be11545069fafa8072a64e6a2
1 /*
2 * Internet Control Message Protocol (ICMPv6)
3 * Linux INET6 implementation
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
8 * Based on net/ipv4/icmp.c
10 * RFC 1885
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version
15 * 2 of the License, or (at your option) any later version.
19 * Changes:
21 * Andi Kleen : exception handling
22 * Andi Kleen add rate limits. never reply to a icmp.
23 * add more length checks and other fixes.
24 * yoshfuji : ensure to sent parameter problem for
25 * fragments.
26 * YOSHIFUJI Hideaki @USAGI: added sysctl for icmp rate limit.
27 * Randy Dunlap and
28 * YOSHIFUJI Hideaki @USAGI: Per-interface statistics support
29 * Kazunori MIYAZAWA @USAGI: change output process to use ip6_append_data
32 #define pr_fmt(fmt) "IPv6: " fmt
34 #include <linux/module.h>
35 #include <linux/errno.h>
36 #include <linux/types.h>
37 #include <linux/socket.h>
38 #include <linux/in.h>
39 #include <linux/kernel.h>
40 #include <linux/sockios.h>
41 #include <linux/net.h>
42 #include <linux/skbuff.h>
43 #include <linux/init.h>
44 #include <linux/netfilter.h>
45 #include <linux/slab.h>
47 #ifdef CONFIG_SYSCTL
48 #include <linux/sysctl.h>
49 #endif
51 #include <linux/inet.h>
52 #include <linux/netdevice.h>
53 #include <linux/icmpv6.h>
55 #include <net/ip.h>
56 #include <net/sock.h>
58 #include <net/ipv6.h>
59 #include <net/ip6_checksum.h>
60 #include <net/ping.h>
61 #include <net/protocol.h>
62 #include <net/raw.h>
63 #include <net/rawv6.h>
64 #include <net/transp_v6.h>
65 #include <net/ip6_route.h>
66 #include <net/addrconf.h>
67 #include <net/icmp.h>
68 #include <net/xfrm.h>
69 #include <net/inet_common.h>
70 #include <net/dsfield.h>
71 #include <net/l3mdev.h>
73 #include <linux/uaccess.h>
76 * The ICMP socket(s). This is the most convenient way to flow control
77 * our ICMP output as well as maintain a clean interface throughout
78 * all layers. All Socketless IP sends will soon be gone.
80 * On SMP we have one ICMP socket per-cpu.
82 static inline struct sock *icmpv6_sk(struct net *net)
84 return net->ipv6.icmp_sk[smp_processor_id()];
87 static void icmpv6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
88 u8 type, u8 code, int offset, __be32 info)
90 /* icmpv6_notify checks 8 bytes can be pulled, icmp6hdr is 8 bytes */
91 struct icmp6hdr *icmp6 = (struct icmp6hdr *) (skb->data + offset);
92 struct net *net = dev_net(skb->dev);
94 if (type == ICMPV6_PKT_TOOBIG)
95 ip6_update_pmtu(skb, net, info, 0, 0, sock_net_uid(net, NULL));
96 else if (type == NDISC_REDIRECT)
97 ip6_redirect(skb, net, skb->dev->ifindex, 0,
98 sock_net_uid(net, NULL));
100 if (!(type & ICMPV6_INFOMSG_MASK))
101 if (icmp6->icmp6_type == ICMPV6_ECHO_REQUEST)
102 ping_err(skb, offset, ntohl(info));
105 static int icmpv6_rcv(struct sk_buff *skb);
107 static const struct inet6_protocol icmpv6_protocol = {
108 .handler = icmpv6_rcv,
109 .err_handler = icmpv6_err,
110 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
113 /* Called with BH disabled */
114 static __inline__ struct sock *icmpv6_xmit_lock(struct net *net)
116 struct sock *sk;
118 sk = icmpv6_sk(net);
119 if (unlikely(!spin_trylock(&sk->sk_lock.slock))) {
120 /* This can happen if the output path (f.e. SIT or
121 * ip6ip6 tunnel) signals dst_link_failure() for an
122 * outgoing ICMP6 packet.
124 return NULL;
126 return sk;
129 static __inline__ void icmpv6_xmit_unlock(struct sock *sk)
131 spin_unlock(&sk->sk_lock.slock);
135 * Figure out, may we reply to this packet with icmp error.
137 * We do not reply, if:
138 * - it was icmp error message.
139 * - it is truncated, so that it is known, that protocol is ICMPV6
140 * (i.e. in the middle of some exthdr)
142 * --ANK (980726)
145 static bool is_ineligible(const struct sk_buff *skb)
147 int ptr = (u8 *)(ipv6_hdr(skb) + 1) - skb->data;
148 int len = skb->len - ptr;
149 __u8 nexthdr = ipv6_hdr(skb)->nexthdr;
150 __be16 frag_off;
152 if (len < 0)
153 return true;
155 ptr = ipv6_skip_exthdr(skb, ptr, &nexthdr, &frag_off);
156 if (ptr < 0)
157 return false;
158 if (nexthdr == IPPROTO_ICMPV6) {
159 u8 _type, *tp;
160 tp = skb_header_pointer(skb,
161 ptr+offsetof(struct icmp6hdr, icmp6_type),
162 sizeof(_type), &_type);
163 if (!tp || !(*tp & ICMPV6_INFOMSG_MASK))
164 return true;
166 return false;
169 static bool icmpv6_mask_allow(int type)
171 /* Informational messages are not limited. */
172 if (type & ICMPV6_INFOMSG_MASK)
173 return true;
175 /* Do not limit pmtu discovery, it would break it. */
176 if (type == ICMPV6_PKT_TOOBIG)
177 return true;
179 return false;
182 static bool icmpv6_global_allow(int type)
184 if (icmpv6_mask_allow(type))
185 return true;
187 if (icmp_global_allow())
188 return true;
190 return false;
194 * Check the ICMP output rate limit
196 static bool icmpv6_xrlim_allow(struct sock *sk, u8 type,
197 struct flowi6 *fl6)
199 struct net *net = sock_net(sk);
200 struct dst_entry *dst;
201 bool res = false;
203 if (icmpv6_mask_allow(type))
204 return true;
207 * Look up the output route.
208 * XXX: perhaps the expire for routing entries cloned by
209 * this lookup should be more aggressive (not longer than timeout).
211 dst = ip6_route_output(net, sk, fl6);
212 if (dst->error) {
213 IP6_INC_STATS(net, ip6_dst_idev(dst),
214 IPSTATS_MIB_OUTNOROUTES);
215 } else if (dst->dev && (dst->dev->flags&IFF_LOOPBACK)) {
216 res = true;
217 } else {
218 struct rt6_info *rt = (struct rt6_info *)dst;
219 int tmo = net->ipv6.sysctl.icmpv6_time;
220 struct inet_peer *peer;
222 /* Give more bandwidth to wider prefixes. */
223 if (rt->rt6i_dst.plen < 128)
224 tmo >>= ((128 - rt->rt6i_dst.plen)>>5);
226 peer = inet_getpeer_v6(net->ipv6.peers, &fl6->daddr, 1);
227 res = inet_peer_xrlim_allow(peer, tmo);
228 if (peer)
229 inet_putpeer(peer);
231 dst_release(dst);
232 return res;
236 * an inline helper for the "simple" if statement below
237 * checks if parameter problem report is caused by an
238 * unrecognized IPv6 option that has the Option Type
239 * highest-order two bits set to 10
242 static bool opt_unrec(struct sk_buff *skb, __u32 offset)
244 u8 _optval, *op;
246 offset += skb_network_offset(skb);
247 op = skb_header_pointer(skb, offset, sizeof(_optval), &_optval);
248 if (!op)
249 return true;
250 return (*op & 0xC0) == 0x80;
253 int icmpv6_push_pending_frames(struct sock *sk, struct flowi6 *fl6,
254 struct icmp6hdr *thdr, int len)
256 struct sk_buff *skb;
257 struct icmp6hdr *icmp6h;
258 int err = 0;
260 skb = skb_peek(&sk->sk_write_queue);
261 if (!skb)
262 goto out;
264 icmp6h = icmp6_hdr(skb);
265 memcpy(icmp6h, thdr, sizeof(struct icmp6hdr));
266 icmp6h->icmp6_cksum = 0;
268 if (skb_queue_len(&sk->sk_write_queue) == 1) {
269 skb->csum = csum_partial(icmp6h,
270 sizeof(struct icmp6hdr), skb->csum);
271 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr,
272 &fl6->daddr,
273 len, fl6->flowi6_proto,
274 skb->csum);
275 } else {
276 __wsum tmp_csum = 0;
278 skb_queue_walk(&sk->sk_write_queue, skb) {
279 tmp_csum = csum_add(tmp_csum, skb->csum);
282 tmp_csum = csum_partial(icmp6h,
283 sizeof(struct icmp6hdr), tmp_csum);
284 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr,
285 &fl6->daddr,
286 len, fl6->flowi6_proto,
287 tmp_csum);
289 ip6_push_pending_frames(sk);
290 out:
291 return err;
294 struct icmpv6_msg {
295 struct sk_buff *skb;
296 int offset;
297 uint8_t type;
300 static int icmpv6_getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb)
302 struct icmpv6_msg *msg = (struct icmpv6_msg *) from;
303 struct sk_buff *org_skb = msg->skb;
304 __wsum csum = 0;
306 csum = skb_copy_and_csum_bits(org_skb, msg->offset + offset,
307 to, len, csum);
308 skb->csum = csum_block_add(skb->csum, csum, odd);
309 if (!(msg->type & ICMPV6_INFOMSG_MASK))
310 nf_ct_attach(skb, org_skb);
311 return 0;
314 #if IS_ENABLED(CONFIG_IPV6_MIP6)
315 static void mip6_addr_swap(struct sk_buff *skb)
317 struct ipv6hdr *iph = ipv6_hdr(skb);
318 struct inet6_skb_parm *opt = IP6CB(skb);
319 struct ipv6_destopt_hao *hao;
320 struct in6_addr tmp;
321 int off;
323 if (opt->dsthao) {
324 off = ipv6_find_tlv(skb, opt->dsthao, IPV6_TLV_HAO);
325 if (likely(off >= 0)) {
326 hao = (struct ipv6_destopt_hao *)
327 (skb_network_header(skb) + off);
328 tmp = iph->saddr;
329 iph->saddr = hao->addr;
330 hao->addr = tmp;
334 #else
335 static inline void mip6_addr_swap(struct sk_buff *skb) {}
336 #endif
338 static struct dst_entry *icmpv6_route_lookup(struct net *net,
339 struct sk_buff *skb,
340 struct sock *sk,
341 struct flowi6 *fl6)
343 struct dst_entry *dst, *dst2;
344 struct flowi6 fl2;
345 int err;
347 err = ip6_dst_lookup(net, sk, &dst, fl6);
348 if (err)
349 return ERR_PTR(err);
352 * We won't send icmp if the destination is known
353 * anycast.
355 if (ipv6_anycast_destination(dst, &fl6->daddr)) {
356 net_dbg_ratelimited("icmp6_send: acast source\n");
357 dst_release(dst);
358 return ERR_PTR(-EINVAL);
361 /* No need to clone since we're just using its address. */
362 dst2 = dst;
364 dst = xfrm_lookup(net, dst, flowi6_to_flowi(fl6), sk, 0);
365 if (!IS_ERR(dst)) {
366 if (dst != dst2)
367 return dst;
368 } else {
369 if (PTR_ERR(dst) == -EPERM)
370 dst = NULL;
371 else
372 return dst;
375 err = xfrm_decode_session_reverse(skb, flowi6_to_flowi(&fl2), AF_INET6);
376 if (err)
377 goto relookup_failed;
379 err = ip6_dst_lookup(net, sk, &dst2, &fl2);
380 if (err)
381 goto relookup_failed;
383 dst2 = xfrm_lookup(net, dst2, flowi6_to_flowi(&fl2), sk, XFRM_LOOKUP_ICMP);
384 if (!IS_ERR(dst2)) {
385 dst_release(dst);
386 dst = dst2;
387 } else {
388 err = PTR_ERR(dst2);
389 if (err == -EPERM) {
390 dst_release(dst);
391 return dst2;
392 } else
393 goto relookup_failed;
396 relookup_failed:
397 if (dst)
398 return dst;
399 return ERR_PTR(err);
403 * Send an ICMP message in response to a packet in error
405 static void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info,
406 const struct in6_addr *force_saddr)
408 struct net *net = dev_net(skb->dev);
409 struct inet6_dev *idev = NULL;
410 struct ipv6hdr *hdr = ipv6_hdr(skb);
411 struct sock *sk;
412 struct ipv6_pinfo *np;
413 const struct in6_addr *saddr = NULL;
414 struct dst_entry *dst;
415 struct icmp6hdr tmp_hdr;
416 struct flowi6 fl6;
417 struct icmpv6_msg msg;
418 struct sockcm_cookie sockc_unused = {0};
419 struct ipcm6_cookie ipc6;
420 int iif = 0;
421 int addr_type = 0;
422 int len;
423 int err = 0;
424 u32 mark = IP6_REPLY_MARK(net, skb->mark);
426 if ((u8 *)hdr < skb->head ||
427 (skb_network_header(skb) + sizeof(*hdr)) > skb_tail_pointer(skb))
428 return;
431 * Make sure we respect the rules
432 * i.e. RFC 1885 2.4(e)
433 * Rule (e.1) is enforced by not using icmp6_send
434 * in any code that processes icmp errors.
436 addr_type = ipv6_addr_type(&hdr->daddr);
438 if (ipv6_chk_addr(net, &hdr->daddr, skb->dev, 0) ||
439 ipv6_chk_acast_addr_src(net, skb->dev, &hdr->daddr))
440 saddr = &hdr->daddr;
443 * Dest addr check
446 if (addr_type & IPV6_ADDR_MULTICAST || skb->pkt_type != PACKET_HOST) {
447 if (type != ICMPV6_PKT_TOOBIG &&
448 !(type == ICMPV6_PARAMPROB &&
449 code == ICMPV6_UNK_OPTION &&
450 (opt_unrec(skb, info))))
451 return;
453 saddr = NULL;
456 addr_type = ipv6_addr_type(&hdr->saddr);
459 * Source addr check
462 if (__ipv6_addr_needs_scope_id(addr_type))
463 iif = skb->dev->ifindex;
464 else {
465 dst = skb_dst(skb);
466 iif = l3mdev_master_ifindex(dst ? dst->dev : skb->dev);
470 * Must not send error if the source does not uniquely
471 * identify a single node (RFC2463 Section 2.4).
472 * We check unspecified / multicast addresses here,
473 * and anycast addresses will be checked later.
475 if ((addr_type == IPV6_ADDR_ANY) || (addr_type & IPV6_ADDR_MULTICAST)) {
476 net_dbg_ratelimited("icmp6_send: addr_any/mcast source [%pI6c > %pI6c]\n",
477 &hdr->saddr, &hdr->daddr);
478 return;
482 * Never answer to a ICMP packet.
484 if (is_ineligible(skb)) {
485 net_dbg_ratelimited("icmp6_send: no reply to icmp error [%pI6c > %pI6c]\n",
486 &hdr->saddr, &hdr->daddr);
487 return;
490 /* Needed by both icmp_global_allow and icmpv6_xmit_lock */
491 local_bh_disable();
493 /* Check global sysctl_icmp_msgs_per_sec ratelimit */
494 if (!(skb->dev->flags&IFF_LOOPBACK) && !icmpv6_global_allow(type))
495 goto out_bh_enable;
497 mip6_addr_swap(skb);
499 memset(&fl6, 0, sizeof(fl6));
500 fl6.flowi6_proto = IPPROTO_ICMPV6;
501 fl6.daddr = hdr->saddr;
502 if (force_saddr)
503 saddr = force_saddr;
504 if (saddr)
505 fl6.saddr = *saddr;
506 fl6.flowi6_mark = mark;
507 fl6.flowi6_oif = iif;
508 fl6.fl6_icmp_type = type;
509 fl6.fl6_icmp_code = code;
510 fl6.flowi6_uid = sock_net_uid(net, NULL);
511 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
513 sk = icmpv6_xmit_lock(net);
514 if (!sk)
515 goto out_bh_enable;
517 sk->sk_mark = mark;
518 np = inet6_sk(sk);
520 if (!icmpv6_xrlim_allow(sk, type, &fl6))
521 goto out;
523 tmp_hdr.icmp6_type = type;
524 tmp_hdr.icmp6_code = code;
525 tmp_hdr.icmp6_cksum = 0;
526 tmp_hdr.icmp6_pointer = htonl(info);
528 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
529 fl6.flowi6_oif = np->mcast_oif;
530 else if (!fl6.flowi6_oif)
531 fl6.flowi6_oif = np->ucast_oif;
533 ipc6.tclass = np->tclass;
534 fl6.flowlabel = ip6_make_flowinfo(ipc6.tclass, fl6.flowlabel);
536 dst = icmpv6_route_lookup(net, skb, sk, &fl6);
537 if (IS_ERR(dst))
538 goto out;
540 ipc6.hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst);
541 ipc6.dontfrag = np->dontfrag;
542 ipc6.opt = NULL;
544 msg.skb = skb;
545 msg.offset = skb_network_offset(skb);
546 msg.type = type;
548 len = skb->len - msg.offset;
549 len = min_t(unsigned int, len, IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(struct icmp6hdr));
550 if (len < 0) {
551 net_dbg_ratelimited("icmp: len problem [%pI6c > %pI6c]\n",
552 &hdr->saddr, &hdr->daddr);
553 goto out_dst_release;
556 rcu_read_lock();
557 idev = __in6_dev_get(skb->dev);
559 err = ip6_append_data(sk, icmpv6_getfrag, &msg,
560 len + sizeof(struct icmp6hdr),
561 sizeof(struct icmp6hdr),
562 &ipc6, &fl6, (struct rt6_info *)dst,
563 MSG_DONTWAIT, &sockc_unused);
564 if (err) {
565 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTERRORS);
566 ip6_flush_pending_frames(sk);
567 } else {
568 err = icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr,
569 len + sizeof(struct icmp6hdr));
571 rcu_read_unlock();
572 out_dst_release:
573 dst_release(dst);
574 out:
575 icmpv6_xmit_unlock(sk);
576 out_bh_enable:
577 local_bh_enable();
580 /* Slightly more convenient version of icmp6_send.
582 void icmpv6_param_prob(struct sk_buff *skb, u8 code, int pos)
584 icmp6_send(skb, ICMPV6_PARAMPROB, code, pos, NULL);
585 kfree_skb(skb);
588 /* Generate icmpv6 with type/code ICMPV6_DEST_UNREACH/ICMPV6_ADDR_UNREACH
589 * if sufficient data bytes are available
590 * @nhs is the size of the tunnel header(s) :
591 * Either an IPv4 header for SIT encap
592 * an IPv4 header + GRE header for GRE encap
594 int ip6_err_gen_icmpv6_unreach(struct sk_buff *skb, int nhs, int type,
595 unsigned int data_len)
597 struct in6_addr temp_saddr;
598 struct rt6_info *rt;
599 struct sk_buff *skb2;
600 u32 info = 0;
602 if (!pskb_may_pull(skb, nhs + sizeof(struct ipv6hdr) + 8))
603 return 1;
605 /* RFC 4884 (partial) support for ICMP extensions */
606 if (data_len < 128 || (data_len & 7) || skb->len < data_len)
607 data_len = 0;
609 skb2 = data_len ? skb_copy(skb, GFP_ATOMIC) : skb_clone(skb, GFP_ATOMIC);
611 if (!skb2)
612 return 1;
614 skb_dst_drop(skb2);
615 skb_pull(skb2, nhs);
616 skb_reset_network_header(skb2);
618 rt = rt6_lookup(dev_net(skb->dev), &ipv6_hdr(skb2)->saddr, NULL, 0, 0);
620 if (rt && rt->dst.dev)
621 skb2->dev = rt->dst.dev;
623 ipv6_addr_set_v4mapped(ip_hdr(skb)->saddr, &temp_saddr);
625 if (data_len) {
626 /* RFC 4884 (partial) support :
627 * insert 0 padding at the end, before the extensions
629 __skb_push(skb2, nhs);
630 skb_reset_network_header(skb2);
631 memmove(skb2->data, skb2->data + nhs, data_len - nhs);
632 memset(skb2->data + data_len - nhs, 0, nhs);
633 /* RFC 4884 4.5 : Length is measured in 64-bit words,
634 * and stored in reserved[0]
636 info = (data_len/8) << 24;
638 if (type == ICMP_TIME_EXCEEDED)
639 icmp6_send(skb2, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT,
640 info, &temp_saddr);
641 else
642 icmp6_send(skb2, ICMPV6_DEST_UNREACH, ICMPV6_ADDR_UNREACH,
643 info, &temp_saddr);
644 if (rt)
645 ip6_rt_put(rt);
647 kfree_skb(skb2);
649 return 0;
651 EXPORT_SYMBOL(ip6_err_gen_icmpv6_unreach);
653 static void icmpv6_echo_reply(struct sk_buff *skb)
655 struct net *net = dev_net(skb->dev);
656 struct sock *sk;
657 struct inet6_dev *idev;
658 struct ipv6_pinfo *np;
659 const struct in6_addr *saddr = NULL;
660 struct icmp6hdr *icmph = icmp6_hdr(skb);
661 struct icmp6hdr tmp_hdr;
662 struct flowi6 fl6;
663 struct icmpv6_msg msg;
664 struct dst_entry *dst;
665 struct ipcm6_cookie ipc6;
666 int err = 0;
667 u32 mark = IP6_REPLY_MARK(net, skb->mark);
668 struct sockcm_cookie sockc_unused = {0};
670 saddr = &ipv6_hdr(skb)->daddr;
672 if (!ipv6_unicast_destination(skb) &&
673 !(net->ipv6.sysctl.anycast_src_echo_reply &&
674 ipv6_anycast_destination(skb_dst(skb), saddr)))
675 saddr = NULL;
677 memcpy(&tmp_hdr, icmph, sizeof(tmp_hdr));
678 tmp_hdr.icmp6_type = ICMPV6_ECHO_REPLY;
680 memset(&fl6, 0, sizeof(fl6));
681 fl6.flowi6_proto = IPPROTO_ICMPV6;
682 fl6.daddr = ipv6_hdr(skb)->saddr;
683 if (saddr)
684 fl6.saddr = *saddr;
685 fl6.flowi6_oif = skb->dev->ifindex;
686 fl6.fl6_icmp_type = ICMPV6_ECHO_REPLY;
687 fl6.flowi6_mark = mark;
688 fl6.flowi6_uid = sock_net_uid(net, NULL);
689 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
691 local_bh_disable();
692 sk = icmpv6_xmit_lock(net);
693 if (!sk)
694 goto out_bh_enable;
695 sk->sk_mark = mark;
696 np = inet6_sk(sk);
698 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
699 fl6.flowi6_oif = np->mcast_oif;
700 else if (!fl6.flowi6_oif)
701 fl6.flowi6_oif = np->ucast_oif;
703 err = ip6_dst_lookup(net, sk, &dst, &fl6);
704 if (err)
705 goto out;
706 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), sk, 0);
707 if (IS_ERR(dst))
708 goto out;
710 idev = __in6_dev_get(skb->dev);
712 msg.skb = skb;
713 msg.offset = 0;
714 msg.type = ICMPV6_ECHO_REPLY;
716 ipc6.hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst);
717 ipc6.tclass = ipv6_get_dsfield(ipv6_hdr(skb));
718 ipc6.dontfrag = np->dontfrag;
719 ipc6.opt = NULL;
721 err = ip6_append_data(sk, icmpv6_getfrag, &msg, skb->len + sizeof(struct icmp6hdr),
722 sizeof(struct icmp6hdr), &ipc6, &fl6,
723 (struct rt6_info *)dst, MSG_DONTWAIT,
724 &sockc_unused);
726 if (err) {
727 __ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTERRORS);
728 ip6_flush_pending_frames(sk);
729 } else {
730 err = icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr,
731 skb->len + sizeof(struct icmp6hdr));
733 dst_release(dst);
734 out:
735 icmpv6_xmit_unlock(sk);
736 out_bh_enable:
737 local_bh_enable();
740 void icmpv6_notify(struct sk_buff *skb, u8 type, u8 code, __be32 info)
742 const struct inet6_protocol *ipprot;
743 int inner_offset;
744 __be16 frag_off;
745 u8 nexthdr;
746 struct net *net = dev_net(skb->dev);
748 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
749 goto out;
751 nexthdr = ((struct ipv6hdr *)skb->data)->nexthdr;
752 if (ipv6_ext_hdr(nexthdr)) {
753 /* now skip over extension headers */
754 inner_offset = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr),
755 &nexthdr, &frag_off);
756 if (inner_offset < 0)
757 goto out;
758 } else {
759 inner_offset = sizeof(struct ipv6hdr);
762 /* Checkin header including 8 bytes of inner protocol header. */
763 if (!pskb_may_pull(skb, inner_offset+8))
764 goto out;
766 /* BUGGG_FUTURE: we should try to parse exthdrs in this packet.
767 Without this we will not able f.e. to make source routed
768 pmtu discovery.
769 Corresponding argument (opt) to notifiers is already added.
770 --ANK (980726)
773 ipprot = rcu_dereference(inet6_protos[nexthdr]);
774 if (ipprot && ipprot->err_handler)
775 ipprot->err_handler(skb, NULL, type, code, inner_offset, info);
777 raw6_icmp_error(skb, nexthdr, type, code, inner_offset, info);
778 return;
780 out:
781 __ICMP6_INC_STATS(net, __in6_dev_get(skb->dev), ICMP6_MIB_INERRORS);
785 * Handle icmp messages
788 static int icmpv6_rcv(struct sk_buff *skb)
790 struct net_device *dev = skb->dev;
791 struct inet6_dev *idev = __in6_dev_get(dev);
792 const struct in6_addr *saddr, *daddr;
793 struct icmp6hdr *hdr;
794 u8 type;
795 bool success = false;
797 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
798 struct sec_path *sp = skb_sec_path(skb);
799 int nh;
801 if (!(sp && sp->xvec[sp->len - 1]->props.flags &
802 XFRM_STATE_ICMP))
803 goto drop_no_count;
805 if (!pskb_may_pull(skb, sizeof(*hdr) + sizeof(struct ipv6hdr)))
806 goto drop_no_count;
808 nh = skb_network_offset(skb);
809 skb_set_network_header(skb, sizeof(*hdr));
811 if (!xfrm6_policy_check_reverse(NULL, XFRM_POLICY_IN, skb))
812 goto drop_no_count;
814 skb_set_network_header(skb, nh);
817 __ICMP6_INC_STATS(dev_net(dev), idev, ICMP6_MIB_INMSGS);
819 saddr = &ipv6_hdr(skb)->saddr;
820 daddr = &ipv6_hdr(skb)->daddr;
822 if (skb_checksum_validate(skb, IPPROTO_ICMPV6, ip6_compute_pseudo)) {
823 net_dbg_ratelimited("ICMPv6 checksum failed [%pI6c > %pI6c]\n",
824 saddr, daddr);
825 goto csum_error;
828 if (!pskb_pull(skb, sizeof(*hdr)))
829 goto discard_it;
831 hdr = icmp6_hdr(skb);
833 type = hdr->icmp6_type;
835 ICMP6MSGIN_INC_STATS(dev_net(dev), idev, type);
837 switch (type) {
838 case ICMPV6_ECHO_REQUEST:
839 icmpv6_echo_reply(skb);
840 break;
842 case ICMPV6_ECHO_REPLY:
843 success = ping_rcv(skb);
844 break;
846 case ICMPV6_PKT_TOOBIG:
847 /* BUGGG_FUTURE: if packet contains rthdr, we cannot update
848 standard destination cache. Seems, only "advanced"
849 destination cache will allow to solve this problem
850 --ANK (980726)
852 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
853 goto discard_it;
854 hdr = icmp6_hdr(skb);
857 * Drop through to notify
860 case ICMPV6_DEST_UNREACH:
861 case ICMPV6_TIME_EXCEED:
862 case ICMPV6_PARAMPROB:
863 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu);
864 break;
866 case NDISC_ROUTER_SOLICITATION:
867 case NDISC_ROUTER_ADVERTISEMENT:
868 case NDISC_NEIGHBOUR_SOLICITATION:
869 case NDISC_NEIGHBOUR_ADVERTISEMENT:
870 case NDISC_REDIRECT:
871 ndisc_rcv(skb);
872 break;
874 case ICMPV6_MGM_QUERY:
875 igmp6_event_query(skb);
876 break;
878 case ICMPV6_MGM_REPORT:
879 igmp6_event_report(skb);
880 break;
882 case ICMPV6_MGM_REDUCTION:
883 case ICMPV6_NI_QUERY:
884 case ICMPV6_NI_REPLY:
885 case ICMPV6_MLD2_REPORT:
886 case ICMPV6_DHAAD_REQUEST:
887 case ICMPV6_DHAAD_REPLY:
888 case ICMPV6_MOBILE_PREFIX_SOL:
889 case ICMPV6_MOBILE_PREFIX_ADV:
890 break;
892 default:
893 /* informational */
894 if (type & ICMPV6_INFOMSG_MASK)
895 break;
897 net_dbg_ratelimited("icmpv6: msg of unknown type [%pI6c > %pI6c]\n",
898 saddr, daddr);
901 * error of unknown type.
902 * must pass to upper level
905 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu);
908 /* until the v6 path can be better sorted assume failure and
909 * preserve the status quo behaviour for the rest of the paths to here
911 if (success)
912 consume_skb(skb);
913 else
914 kfree_skb(skb);
916 return 0;
918 csum_error:
919 __ICMP6_INC_STATS(dev_net(dev), idev, ICMP6_MIB_CSUMERRORS);
920 discard_it:
921 __ICMP6_INC_STATS(dev_net(dev), idev, ICMP6_MIB_INERRORS);
922 drop_no_count:
923 kfree_skb(skb);
924 return 0;
927 void icmpv6_flow_init(struct sock *sk, struct flowi6 *fl6,
928 u8 type,
929 const struct in6_addr *saddr,
930 const struct in6_addr *daddr,
931 int oif)
933 memset(fl6, 0, sizeof(*fl6));
934 fl6->saddr = *saddr;
935 fl6->daddr = *daddr;
936 fl6->flowi6_proto = IPPROTO_ICMPV6;
937 fl6->fl6_icmp_type = type;
938 fl6->fl6_icmp_code = 0;
939 fl6->flowi6_oif = oif;
940 security_sk_classify_flow(sk, flowi6_to_flowi(fl6));
943 static int __net_init icmpv6_sk_init(struct net *net)
945 struct sock *sk;
946 int err, i, j;
948 net->ipv6.icmp_sk =
949 kzalloc(nr_cpu_ids * sizeof(struct sock *), GFP_KERNEL);
950 if (!net->ipv6.icmp_sk)
951 return -ENOMEM;
953 for_each_possible_cpu(i) {
954 err = inet_ctl_sock_create(&sk, PF_INET6,
955 SOCK_RAW, IPPROTO_ICMPV6, net);
956 if (err < 0) {
957 pr_err("Failed to initialize the ICMP6 control socket (err %d)\n",
958 err);
959 goto fail;
962 net->ipv6.icmp_sk[i] = sk;
964 /* Enough space for 2 64K ICMP packets, including
965 * sk_buff struct overhead.
967 sk->sk_sndbuf = 2 * SKB_TRUESIZE(64 * 1024);
969 return 0;
971 fail:
972 for (j = 0; j < i; j++)
973 inet_ctl_sock_destroy(net->ipv6.icmp_sk[j]);
974 kfree(net->ipv6.icmp_sk);
975 return err;
978 static void __net_exit icmpv6_sk_exit(struct net *net)
980 int i;
982 for_each_possible_cpu(i) {
983 inet_ctl_sock_destroy(net->ipv6.icmp_sk[i]);
985 kfree(net->ipv6.icmp_sk);
988 static struct pernet_operations icmpv6_sk_ops = {
989 .init = icmpv6_sk_init,
990 .exit = icmpv6_sk_exit,
993 int __init icmpv6_init(void)
995 int err;
997 err = register_pernet_subsys(&icmpv6_sk_ops);
998 if (err < 0)
999 return err;
1001 err = -EAGAIN;
1002 if (inet6_add_protocol(&icmpv6_protocol, IPPROTO_ICMPV6) < 0)
1003 goto fail;
1005 err = inet6_register_icmp_sender(icmp6_send);
1006 if (err)
1007 goto sender_reg_err;
1008 return 0;
1010 sender_reg_err:
1011 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6);
1012 fail:
1013 pr_err("Failed to register ICMP6 protocol\n");
1014 unregister_pernet_subsys(&icmpv6_sk_ops);
1015 return err;
1018 void icmpv6_cleanup(void)
1020 inet6_unregister_icmp_sender(icmp6_send);
1021 unregister_pernet_subsys(&icmpv6_sk_ops);
1022 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6);
1026 static const struct icmp6_err {
1027 int err;
1028 int fatal;
1029 } tab_unreach[] = {
1030 { /* NOROUTE */
1031 .err = ENETUNREACH,
1032 .fatal = 0,
1034 { /* ADM_PROHIBITED */
1035 .err = EACCES,
1036 .fatal = 1,
1038 { /* Was NOT_NEIGHBOUR, now reserved */
1039 .err = EHOSTUNREACH,
1040 .fatal = 0,
1042 { /* ADDR_UNREACH */
1043 .err = EHOSTUNREACH,
1044 .fatal = 0,
1046 { /* PORT_UNREACH */
1047 .err = ECONNREFUSED,
1048 .fatal = 1,
1050 { /* POLICY_FAIL */
1051 .err = EACCES,
1052 .fatal = 1,
1054 { /* REJECT_ROUTE */
1055 .err = EACCES,
1056 .fatal = 1,
1060 int icmpv6_err_convert(u8 type, u8 code, int *err)
1062 int fatal = 0;
1064 *err = EPROTO;
1066 switch (type) {
1067 case ICMPV6_DEST_UNREACH:
1068 fatal = 1;
1069 if (code < ARRAY_SIZE(tab_unreach)) {
1070 *err = tab_unreach[code].err;
1071 fatal = tab_unreach[code].fatal;
1073 break;
1075 case ICMPV6_PKT_TOOBIG:
1076 *err = EMSGSIZE;
1077 break;
1079 case ICMPV6_PARAMPROB:
1080 *err = EPROTO;
1081 fatal = 1;
1082 break;
1084 case ICMPV6_TIME_EXCEED:
1085 *err = EHOSTUNREACH;
1086 break;
1089 return fatal;
1091 EXPORT_SYMBOL(icmpv6_err_convert);
1093 #ifdef CONFIG_SYSCTL
1094 static struct ctl_table ipv6_icmp_table_template[] = {
1096 .procname = "ratelimit",
1097 .data = &init_net.ipv6.sysctl.icmpv6_time,
1098 .maxlen = sizeof(int),
1099 .mode = 0644,
1100 .proc_handler = proc_dointvec_ms_jiffies,
1102 { },
1105 struct ctl_table * __net_init ipv6_icmp_sysctl_init(struct net *net)
1107 struct ctl_table *table;
1109 table = kmemdup(ipv6_icmp_table_template,
1110 sizeof(ipv6_icmp_table_template),
1111 GFP_KERNEL);
1113 if (table)
1114 table[0].data = &net->ipv6.sysctl.icmpv6_time;
1116 return table;
1118 #endif