Lines Matching +full:layers +full:- +full:configurable
1 // SPDX-License-Identifier: GPL-2.0-or-later
46 * the rates sysctl configurable.
48 * - IP option length was accounted wrongly
49 * - ICMP header length was not accounted
56 * - Should use skb_pull() instead of all the manual checking.
57 * This would also greatly simply some upper layer error handlers. --AK
198 * all layers. All Socketless IP sends will soon be gone.
200 * On SMP we have one ICMP socket per-cpu.
204 return this_cpu_read(*net->ipv4.icmp_sk); in icmp_sk()
214 if (unlikely(!spin_trylock(&sk->sk_lock.slock))) { in icmp_xmit_lock()
225 spin_unlock(&sk->sk_lock.slock); in icmp_xmit_unlock()
237 * icmp_global_allow - Are we allowed to send one more ICMP message ?
257 delta = min_t(u32, now - oldstamp, HZ); in icmp_global_allow()
295 if (!((1 << type) & READ_ONCE(net->ipv4.sysctl_icmp_ratemask))) in icmpv4_mask_allow()
322 struct dst_entry *dst = &rt->dst; in icmpv4_xrlim_allow()
331 if (dst->dev && (dst->dev->flags&IFF_LOOPBACK)) in icmpv4_xrlim_allow()
334 vif = l3mdev_master_ifindex(dst->dev); in icmpv4_xrlim_allow()
335 peer = inet_getpeer_v4(net->ipv4.peers, fl4->daddr, vif, 1); in icmpv4_xrlim_allow()
337 READ_ONCE(net->ipv4.sysctl_icmp_ratelimit)); in icmpv4_xrlim_allow()
365 csum = skb_copy_and_csum_bits(icmp_param->skb, in icmp_glue_bits()
366 icmp_param->offset + offset, in icmp_glue_bits()
369 skb->csum = csum_block_add(skb->csum, csum, odd); in icmp_glue_bits()
370 if (icmp_pointers[icmp_param->data.icmph.type].error) in icmp_glue_bits()
371 nf_ct_attach(skb, icmp_param->skb); in icmp_glue_bits()
382 sk = icmp_sk(dev_net((*rt)->dst.dev)); in icmp_push_reply()
384 icmp_param->data_len+icmp_param->head_len, in icmp_push_reply()
385 icmp_param->head_len, in icmp_push_reply()
389 } else if ((skb = skb_peek(&sk->sk_write_queue)) != NULL) { in icmp_push_reply()
394 csum = csum_partial_copy_nocheck((void *)&icmp_param->data, in icmp_push_reply()
396 icmp_param->head_len); in icmp_push_reply()
397 skb_queue_walk(&sk->sk_write_queue, skb1) { in icmp_push_reply()
398 csum = csum_add(csum, skb1->csum); in icmp_push_reply()
400 icmph->checksum = csum_fold(csum); in icmp_push_reply()
401 skb->ip_summed = CHECKSUM_NONE; in icmp_push_reply()
414 struct net *net = dev_net(rt->dst.dev); in icmp_reply()
420 u32 mark = IP4_REPLY_MARK(net, skb->mark); in icmp_reply()
421 int type = icmp_param->data.icmph.type; in icmp_reply()
422 int code = icmp_param->data.icmph.code; in icmp_reply()
424 if (ip_options_echo(net, &icmp_param->replyopts.opt.opt, skb)) in icmp_reply()
439 icmp_param->data.icmph.checksum = 0; in icmp_reply()
442 inet->tos = ip_hdr(skb)->tos; in icmp_reply()
444 daddr = ipc.addr = ip_hdr(skb)->saddr; in icmp_reply()
447 if (icmp_param->replyopts.opt.opt.optlen) { in icmp_reply()
448 ipc.opt = &icmp_param->replyopts.opt; in icmp_reply()
449 if (ipc.opt->opt.srr) in icmp_reply()
450 daddr = icmp_param->replyopts.opt.opt.faddr; in icmp_reply()
457 fl4.flowi4_tos = RT_TOS(ip_hdr(skb)->tos); in icmp_reply()
459 fl4.flowi4_oif = l3mdev_master_ifindex(skb->dev); in icmp_reply()
483 if (skb->dev) in icmp_get_route_lookup_dev()
484 route_lookup_dev = skb->dev; in icmp_get_route_lookup_dev()
486 route_lookup_dev = skb_dst(skb)->dev; in icmp_get_route_lookup_dev()
504 fl4->daddr = (param->replyopts.opt.opt.srr ? in icmp_route_lookup()
505 param->replyopts.opt.opt.faddr : iph->saddr); in icmp_route_lookup()
506 fl4->saddr = saddr; in icmp_route_lookup()
507 fl4->flowi4_mark = mark; in icmp_route_lookup()
508 fl4->flowi4_uid = sock_net_uid(net, NULL); in icmp_route_lookup()
509 fl4->flowi4_tos = RT_TOS(tos); in icmp_route_lookup()
510 fl4->flowi4_proto = IPPROTO_ICMP; in icmp_route_lookup()
511 fl4->fl4_icmp_type = type; in icmp_route_lookup()
512 fl4->fl4_icmp_code = code; in icmp_route_lookup()
514 fl4->flowi4_oif = l3mdev_master_ifindex(route_lookup_dev); in icmp_route_lookup()
524 rt = (struct rtable *) xfrm_lookup(net, &rt->dst, in icmp_route_lookup()
530 fl4->daddr) == RTN_LOCAL) in icmp_route_lookup()
532 } else if (PTR_ERR(rt) == -EPERM) { in icmp_route_lookup()
557 orefdst = skb_in->_skb_refdst; /* save old refdst */ in icmp_route_lookup()
560 RT_TOS(tos), rt2->dst.dev); in icmp_route_lookup()
562 dst_release(&rt2->dst); in icmp_route_lookup()
564 skb_in->_skb_refdst = orefdst; /* restore old refdst */ in icmp_route_lookup()
570 rt2 = (struct rtable *) xfrm_lookup(net, &rt2->dst, in icmp_route_lookup()
574 dst_release(&rt->dst); in icmp_route_lookup()
577 } else if (PTR_ERR(rt2) == -EPERM) { in icmp_route_lookup()
579 dst_release(&rt->dst); in icmp_route_lookup()
623 if (rt->dst.dev) in __icmp_send()
624 net = dev_net(rt->dst.dev); in __icmp_send()
625 else if (skb_in->dev) in __icmp_send()
626 net = dev_net(skb_in->dev); in __icmp_send()
637 if ((u8 *)iph < skb_in->head || in __icmp_send()
645 if (skb_in->pkt_type != PACKET_HOST) in __icmp_send()
651 if (rt->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST)) in __icmp_send()
655 * Only reply to fragment 0. We byte re-order the constant in __icmp_send()
658 if (iph->frag_off & htons(IP_OFFSET)) in __icmp_send()
669 if (iph->protocol == IPPROTO_ICMP) { in __icmp_send()
674 (iph->ihl << 2) + in __icmp_send()
676 type) - in __icmp_send()
677 skb_in->data, in __icmp_send()
700 if (!(skb_in->dev && (skb_in->dev->flags&IFF_LOOPBACK)) && in __icmp_send()
712 saddr = iph->daddr; in __icmp_send()
713 if (!(rt->rt_flags & RTCF_LOCAL)) { in __icmp_send()
718 READ_ONCE(net->ipv4.sysctl_icmp_errors_use_inbound_ifaddr)) in __icmp_send()
722 saddr = inet_select_addr(dev, iph->saddr, in __icmp_send()
729 tos = icmp_pointers[type].error ? (RT_TOS(iph->tos) | in __icmp_send()
731 iph->tos; in __icmp_send()
732 mark = IP4_REPLY_MARK(net, skb_in->mark); in __icmp_send()
748 inet_sk(sk)->tos = tos; in __icmp_send()
750 ipc.addr = iph->saddr; in __icmp_send()
765 room = dst_mtu(&rt->dst); in __icmp_send()
768 room -= sizeof(struct iphdr) + icmp_param.replyopts.opt.opt.optlen; in __icmp_send()
769 room -= sizeof(struct icmphdr); in __icmp_send()
776 icmp_param.data_len = skb_in->len - icmp_param.offset; in __icmp_send()
810 if (!ct || !(ct->status & IPS_SRC_NAT)) { in icmp_ndo_send()
818 if (unlikely(!skb_in || skb_network_header(skb_in) < skb_in->head || in icmp_ndo_send()
824 orig_ip = ip_hdr(skb_in)->saddr; in icmp_ndo_send()
825 ip_hdr(skb_in)->saddr = ct->tuplehash[0].tuple.src.u3.ip; in icmp_ndo_send()
827 ip_hdr(skb_in)->saddr = orig_ip; in icmp_ndo_send()
836 const struct iphdr *iph = (const struct iphdr *)skb->data; in icmp_socket_deliver()
838 int protocol = iph->protocol; in icmp_socket_deliver()
843 if (!pskb_may_pull(skb, iph->ihl * 4 + 8)) { in icmp_socket_deliver()
844 __ICMP_INC_STATS(dev_net(skb->dev), ICMP_MIB_INERRORS); in icmp_socket_deliver()
851 if (ipprot && ipprot->err_handler) in icmp_socket_deliver()
852 ipprot->err_handler(skb, info); in icmp_socket_deliver()
860 ok = rcu_dereference(inet_protos[proto])->icmp_strict_tag_validation; in icmp_tag_validation()
877 net = dev_net(skb_dst(skb)->dev); in icmp_unreach()
889 iph = (const struct iphdr *)skb->data; in icmp_unreach()
891 if (iph->ihl < 5) /* Mangled header, drop. */ in icmp_unreach()
894 switch (icmph->type) { in icmp_unreach()
896 switch (icmph->code & 15) { in icmp_unreach()
905 * Documentation/networking/ip-sysctl.rst in icmp_unreach()
907 switch (READ_ONCE(net->ipv4.sysctl_ip_no_pmtu_disc)) { in icmp_unreach()
910 &iph->daddr); in icmp_unreach()
915 if (!icmp_tag_validation(iph->protocol)) in icmp_unreach()
919 info = ntohs(icmph->un.frag.mtu); in icmp_unreach()
924 &iph->daddr); in icmp_unreach()
929 if (icmph->code > NR_ICMP_UNREACH) in icmp_unreach()
933 info = ntohl(icmph->un.gateway) >> 24; in icmp_unreach()
937 if (icmph->code == ICMP_EXC_FRAGTIME) in icmp_unreach()
943 * Throw it at our lower layers in icmp_unreach()
960 if (!net->ipv4.sysctl_icmp_ignore_bogus_error_responses && in icmp_unreach()
961 inet_addr_type_dev_table(net, skb->dev, iph->daddr) == RTN_BROADCAST) { in icmp_unreach()
963 &ip_hdr(skb)->saddr, in icmp_unreach()
964 icmph->type, icmph->code, in icmp_unreach()
965 &iph->daddr, skb->dev->name); in icmp_unreach()
985 if (skb->len < sizeof(struct iphdr)) { in icmp_redirect()
986 __ICMP_INC_STATS(dev_net(skb->dev), ICMP_MIB_INERRORS); in icmp_redirect()
995 icmp_socket_deliver(skb, ntohl(icmp_hdr(skb)->un.gateway)); in icmp_redirect()
1015 net = dev_net(skb_dst(skb)->dev); in icmp_echo()
1016 if (!net->ipv4.sysctl_icmp_echo_ignore_all) { in icmp_echo()
1023 icmp_param.data_len = skb->len; in icmp_echo()
1044 if (skb->len < 4) in icmp_timestamp()
1066 __ICMP_INC_STATS(dev_net(skb_dst(skb)->dev), ICMP_MIB_INERRORS); in icmp_timestamp()
1083 struct net *net = dev_net(rt->dst.dev); in icmp_rcv()
1090 if (!(sp && sp->xvec[sp->len - 1]->props.flags & in icmp_rcv()
1116 ICMPMSGIN_INC_STATS(net, icmph->type); in icmp_rcv()
1123 if (icmph->type > NR_ICMP_TYPES) in icmp_rcv()
1131 if (rt->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST)) { in icmp_rcv()
1138 if ((icmph->type == ICMP_ECHO || in icmp_rcv()
1139 icmph->type == ICMP_TIMESTAMP) && in icmp_rcv()
1140 net->ipv4.sysctl_icmp_echo_ignore_broadcasts) { in icmp_rcv()
1143 if (icmph->type != ICMP_ECHO && in icmp_rcv()
1144 icmph->type != ICMP_TIMESTAMP && in icmp_rcv()
1145 icmph->type != ICMP_ADDRESS && in icmp_rcv()
1146 icmph->type != ICMP_ADDRESSREPLY) { in icmp_rcv()
1151 success = icmp_pointers[icmph->type].handler(skb); in icmp_rcv()
1177 if (exth->version != 2) in ip_icmp_error_rfc4884_validate()
1180 if (exth->checksum && in ip_icmp_error_rfc4884_validate()
1181 csum_fold(skb_checksum(skb, off, skb->len - off, 0))) in ip_icmp_error_rfc4884_validate()
1185 while (off < skb->len) { in ip_icmp_error_rfc4884_validate()
1190 olen = ntohs(objh->length); in ip_icmp_error_rfc4884_validate()
1195 if (off > skb->len) in ip_icmp_error_rfc4884_validate()
1208 /* original datagram headers: end of icmph to payload (skb->data) */ in ip_icmp_error_rfc4884()
1209 hlen = -skb_transport_offset(skb) - thlen; in ip_icmp_error_rfc4884()
1216 off -= hlen; in ip_icmp_error_rfc4884()
1217 if (off + sizeof(struct icmp_ext_hdr) > skb->len) in ip_icmp_error_rfc4884()
1220 out->len = off; in ip_icmp_error_rfc4884()
1223 out->flags |= SO_EE_RFC4884_FLAG_INVALID; in ip_icmp_error_rfc4884()
1229 struct iphdr *iph = (struct iphdr *)skb->data; in icmp_err()
1230 int offset = iph->ihl<<2; in icmp_err()
1231 struct icmphdr *icmph = (struct icmphdr *)(skb->data + offset); in icmp_err()
1232 int type = icmp_hdr(skb)->type; in icmp_err()
1233 int code = icmp_hdr(skb)->code; in icmp_err()
1234 struct net *net = dev_net(skb->dev); in icmp_err()
1240 if (icmph->type != ICMP_ECHOREPLY) { in icmp_err()
1332 inet_ctl_sock_destroy(*per_cpu_ptr(net->ipv4.icmp_sk, i)); in icmp_sk_exit()
1333 free_percpu(net->ipv4.icmp_sk); in icmp_sk_exit()
1334 net->ipv4.icmp_sk = NULL; in icmp_sk_exit()
1341 net->ipv4.icmp_sk = alloc_percpu(struct sock *); in icmp_sk_init()
1342 if (!net->ipv4.icmp_sk) in icmp_sk_init()
1343 return -ENOMEM; in icmp_sk_init()
1353 *per_cpu_ptr(net->ipv4.icmp_sk, i) = sk; in icmp_sk_init()
1358 sk->sk_sndbuf = 2 * SKB_TRUESIZE(64 * 1024); in icmp_sk_init()
1364 inet_sk(sk)->pmtudisc = IP_PMTUDISC_DONT; in icmp_sk_init()
1368 net->ipv4.sysctl_icmp_echo_ignore_all = 0; in icmp_sk_init()
1369 net->ipv4.sysctl_icmp_echo_ignore_broadcasts = 1; in icmp_sk_init()
1371 /* Control parameter - ignore bogus broadcast responses? */ in icmp_sk_init()
1372 net->ipv4.sysctl_icmp_ignore_bogus_error_responses = 1; in icmp_sk_init()
1375 * Configurable global rate limit. in icmp_sk_init()
1377 * ratelimit defines tokens/packet consumed for dst->rate_token in icmp_sk_init()
1386 net->ipv4.sysctl_icmp_ratelimit = 1 * HZ; in icmp_sk_init()
1387 net->ipv4.sysctl_icmp_ratemask = 0x1818; in icmp_sk_init()
1388 net->ipv4.sysctl_icmp_errors_use_inbound_ifaddr = 0; in icmp_sk_init()