1 /*
2 * Internet Control Message Protocol (ICMPv6)
3 * Linux INET6 implementation
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 *
8 * Based on net/ipv4/icmp.c
9 *
10 * RFC 1885
11 *
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version
15 * 2 of the License, or (at your option) any later version.
16 */
17
18 /*
19 * Changes:
20 *
21 * Andi Kleen : exception handling
22 * Andi Kleen add rate limits. never reply to a icmp.
23 * add more length checks and other fixes.
24 * yoshfuji : ensure to sent parameter problem for
25 * fragments.
26 * YOSHIFUJI Hideaki @USAGI: added sysctl for icmp rate limit.
27 * Randy Dunlap and
28 * YOSHIFUJI Hideaki @USAGI: Per-interface statistics support
29 * Kazunori MIYAZAWA @USAGI: change output process to use ip6_append_data
30 */
31
32 #define pr_fmt(fmt) "IPv6: " fmt
33
34 #include <linux/module.h>
35 #include <linux/errno.h>
36 #include <linux/types.h>
37 #include <linux/socket.h>
38 #include <linux/in.h>
39 #include <linux/kernel.h>
40 #include <linux/sockios.h>
41 #include <linux/net.h>
42 #include <linux/skbuff.h>
43 #include <linux/init.h>
44 #include <linux/netfilter.h>
45 #include <linux/slab.h>
46
47 #ifdef CONFIG_SYSCTL
48 #include <linux/sysctl.h>
49 #endif
50
51 #include <linux/inet.h>
52 #include <linux/netdevice.h>
53 #include <linux/icmpv6.h>
54
55 #include <net/ip.h>
56 #include <net/sock.h>
57
58 #include <net/ipv6.h>
59 #include <net/ip6_checksum.h>
60 #include <net/ping.h>
61 #include <net/protocol.h>
62 #include <net/raw.h>
63 #include <net/rawv6.h>
64 #include <net/transp_v6.h>
65 #include <net/ip6_route.h>
66 #include <net/addrconf.h>
67 #include <net/icmp.h>
68 #include <net/xfrm.h>
69 #include <net/inet_common.h>
70 #include <net/dsfield.h>
71
72 #include <asm/uaccess.h>
73
74 /*
75 * The ICMP socket(s). This is the most convenient way to flow control
76 * our ICMP output as well as maintain a clean interface throughout
77 * all layers. All Socketless IP sends will soon be gone.
78 *
79 * On SMP we have one ICMP socket per-cpu.
80 */
icmpv6_sk(struct net * net)81 static inline struct sock *icmpv6_sk(struct net *net)
82 {
83 return net->ipv6.icmp_sk[smp_processor_id()];
84 }
85
icmpv6_err(struct sk_buff * skb,struct inet6_skb_parm * opt,u8 type,u8 code,int offset,__be32 info)86 static void icmpv6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
87 u8 type, u8 code, int offset, __be32 info)
88 {
89 /* icmpv6_notify checks 8 bytes can be pulled, icmp6hdr is 8 bytes */
90 struct icmp6hdr *icmp6 = (struct icmp6hdr *) (skb->data + offset);
91 struct net *net = dev_net(skb->dev);
92
93 if (type == ICMPV6_PKT_TOOBIG)
94 ip6_update_pmtu(skb, net, info, 0, 0, sock_net_uid(net, NULL));
95 else if (type == NDISC_REDIRECT)
96 ip6_redirect(skb, net, skb->dev->ifindex, 0,
97 sock_net_uid(net, NULL));
98
99 if (!(type & ICMPV6_INFOMSG_MASK))
100 if (icmp6->icmp6_type == ICMPV6_ECHO_REQUEST)
101 ping_err(skb, offset, ntohl(info));
102 }
103
104 static int icmpv6_rcv(struct sk_buff *skb);
105
106 static const struct inet6_protocol icmpv6_protocol = {
107 .handler = icmpv6_rcv,
108 .err_handler = icmpv6_err,
109 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
110 };
111
icmpv6_xmit_lock(struct net * net)112 static __inline__ struct sock *icmpv6_xmit_lock(struct net *net)
113 {
114 struct sock *sk;
115
116 local_bh_disable();
117
118 sk = icmpv6_sk(net);
119 if (unlikely(!spin_trylock(&sk->sk_lock.slock))) {
120 /* This can happen if the output path (f.e. SIT or
121 * ip6ip6 tunnel) signals dst_link_failure() for an
122 * outgoing ICMP6 packet.
123 */
124 local_bh_enable();
125 return NULL;
126 }
127 return sk;
128 }
129
icmpv6_xmit_unlock(struct sock * sk)130 static __inline__ void icmpv6_xmit_unlock(struct sock *sk)
131 {
132 spin_unlock_bh(&sk->sk_lock.slock);
133 }
134
135 /*
136 * Figure out, may we reply to this packet with icmp error.
137 *
138 * We do not reply, if:
139 * - it was icmp error message.
140 * - it is truncated, so that it is known, that protocol is ICMPV6
141 * (i.e. in the middle of some exthdr)
142 *
143 * --ANK (980726)
144 */
145
is_ineligible(const struct sk_buff * skb)146 static bool is_ineligible(const struct sk_buff *skb)
147 {
148 int ptr = (u8 *)(ipv6_hdr(skb) + 1) - skb->data;
149 int len = skb->len - ptr;
150 __u8 nexthdr = ipv6_hdr(skb)->nexthdr;
151 __be16 frag_off;
152
153 if (len < 0)
154 return true;
155
156 ptr = ipv6_skip_exthdr(skb, ptr, &nexthdr, &frag_off);
157 if (ptr < 0)
158 return false;
159 if (nexthdr == IPPROTO_ICMPV6) {
160 u8 _type, *tp;
161 tp = skb_header_pointer(skb,
162 ptr+offsetof(struct icmp6hdr, icmp6_type),
163 sizeof(_type), &_type);
164 if (tp == NULL ||
165 !(*tp & ICMPV6_INFOMSG_MASK))
166 return true;
167 }
168 return false;
169 }
170
171 /*
172 * Check the ICMP output rate limit
173 */
icmpv6_xrlim_allow(struct sock * sk,u8 type,struct flowi6 * fl6)174 static bool icmpv6_xrlim_allow(struct sock *sk, u8 type,
175 struct flowi6 *fl6)
176 {
177 struct net *net = sock_net(sk);
178 struct dst_entry *dst;
179 bool res = false;
180
181 /* Informational messages are not limited. */
182 if (type & ICMPV6_INFOMSG_MASK)
183 return true;
184
185 /* Do not limit pmtu discovery, it would break it. */
186 if (type == ICMPV6_PKT_TOOBIG)
187 return true;
188
189 /*
190 * Look up the output route.
191 * XXX: perhaps the expire for routing entries cloned by
192 * this lookup should be more aggressive (not longer than timeout).
193 */
194 dst = ip6_route_output(net, sk, fl6);
195 if (dst->error) {
196 IP6_INC_STATS(net, ip6_dst_idev(dst),
197 IPSTATS_MIB_OUTNOROUTES);
198 } else if (dst->dev && (dst->dev->flags&IFF_LOOPBACK)) {
199 res = true;
200 } else {
201 struct rt6_info *rt = (struct rt6_info *)dst;
202 int tmo = net->ipv6.sysctl.icmpv6_time;
203
204 /* Give more bandwidth to wider prefixes. */
205 if (rt->rt6i_dst.plen < 128)
206 tmo >>= ((128 - rt->rt6i_dst.plen)>>5);
207
208 if (icmp_global_allow()) {
209 struct inet_peer *peer;
210
211 peer = inet_getpeer_v6(net->ipv6.peers,
212 &rt->rt6i_dst.addr, 1);
213 res = inet_peer_xrlim_allow(peer, tmo);
214 if (peer)
215 inet_putpeer(peer);
216 }
217 }
218 dst_release(dst);
219 return res;
220 }
221
222 /*
223 * an inline helper for the "simple" if statement below
224 * checks if parameter problem report is caused by an
225 * unrecognized IPv6 option that has the Option Type
226 * highest-order two bits set to 10
227 */
228
opt_unrec(struct sk_buff * skb,__u32 offset)229 static bool opt_unrec(struct sk_buff *skb, __u32 offset)
230 {
231 u8 _optval, *op;
232
233 offset += skb_network_offset(skb);
234 op = skb_header_pointer(skb, offset, sizeof(_optval), &_optval);
235 if (op == NULL)
236 return true;
237 return (*op & 0xC0) == 0x80;
238 }
239
icmpv6_push_pending_frames(struct sock * sk,struct flowi6 * fl6,struct icmp6hdr * thdr,int len)240 int icmpv6_push_pending_frames(struct sock *sk, struct flowi6 *fl6,
241 struct icmp6hdr *thdr, int len)
242 {
243 struct sk_buff *skb;
244 struct icmp6hdr *icmp6h;
245 int err = 0;
246
247 if ((skb = skb_peek(&sk->sk_write_queue)) == NULL)
248 goto out;
249
250 icmp6h = icmp6_hdr(skb);
251 memcpy(icmp6h, thdr, sizeof(struct icmp6hdr));
252 icmp6h->icmp6_cksum = 0;
253
254 if (skb_queue_len(&sk->sk_write_queue) == 1) {
255 skb->csum = csum_partial(icmp6h,
256 sizeof(struct icmp6hdr), skb->csum);
257 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr,
258 &fl6->daddr,
259 len, fl6->flowi6_proto,
260 skb->csum);
261 } else {
262 __wsum tmp_csum = 0;
263
264 skb_queue_walk(&sk->sk_write_queue, skb) {
265 tmp_csum = csum_add(tmp_csum, skb->csum);
266 }
267
268 tmp_csum = csum_partial(icmp6h,
269 sizeof(struct icmp6hdr), tmp_csum);
270 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr,
271 &fl6->daddr,
272 len, fl6->flowi6_proto,
273 tmp_csum);
274 }
275 ip6_push_pending_frames(sk);
276 out:
277 return err;
278 }
279
280 struct icmpv6_msg {
281 struct sk_buff *skb;
282 int offset;
283 uint8_t type;
284 };
285
icmpv6_getfrag(void * from,char * to,int offset,int len,int odd,struct sk_buff * skb)286 static int icmpv6_getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb)
287 {
288 struct icmpv6_msg *msg = (struct icmpv6_msg *) from;
289 struct sk_buff *org_skb = msg->skb;
290 __wsum csum = 0;
291
292 csum = skb_copy_and_csum_bits(org_skb, msg->offset + offset,
293 to, len, csum);
294 skb->csum = csum_block_add(skb->csum, csum, odd);
295 if (!(msg->type & ICMPV6_INFOMSG_MASK))
296 nf_ct_attach(skb, org_skb);
297 return 0;
298 }
299
300 #if IS_ENABLED(CONFIG_IPV6_MIP6)
mip6_addr_swap(struct sk_buff * skb)301 static void mip6_addr_swap(struct sk_buff *skb)
302 {
303 struct ipv6hdr *iph = ipv6_hdr(skb);
304 struct inet6_skb_parm *opt = IP6CB(skb);
305 struct ipv6_destopt_hao *hao;
306 struct in6_addr tmp;
307 int off;
308
309 if (opt->dsthao) {
310 off = ipv6_find_tlv(skb, opt->dsthao, IPV6_TLV_HAO);
311 if (likely(off >= 0)) {
312 hao = (struct ipv6_destopt_hao *)
313 (skb_network_header(skb) + off);
314 tmp = iph->saddr;
315 iph->saddr = hao->addr;
316 hao->addr = tmp;
317 }
318 }
319 }
320 #else
mip6_addr_swap(struct sk_buff * skb)321 static inline void mip6_addr_swap(struct sk_buff *skb) {}
322 #endif
323
icmpv6_route_lookup(struct net * net,struct sk_buff * skb,struct sock * sk,struct flowi6 * fl6)324 static struct dst_entry *icmpv6_route_lookup(struct net *net,
325 struct sk_buff *skb,
326 struct sock *sk,
327 struct flowi6 *fl6)
328 {
329 struct dst_entry *dst, *dst2;
330 struct flowi6 fl2;
331 int err;
332
333 err = ip6_dst_lookup(sk, &dst, fl6);
334 if (err)
335 return ERR_PTR(err);
336
337 /*
338 * We won't send icmp if the destination is known
339 * anycast.
340 */
341 if (((struct rt6_info *)dst)->rt6i_flags & RTF_ANYCAST) {
342 LIMIT_NETDEBUG(KERN_DEBUG "icmp6_send: acast source\n");
343 dst_release(dst);
344 return ERR_PTR(-EINVAL);
345 }
346
347 /* No need to clone since we're just using its address. */
348 dst2 = dst;
349
350 dst = xfrm_lookup(net, dst, flowi6_to_flowi(fl6), sk, 0);
351 if (!IS_ERR(dst)) {
352 if (dst != dst2)
353 return dst;
354 } else {
355 if (PTR_ERR(dst) == -EPERM)
356 dst = NULL;
357 else
358 return dst;
359 }
360
361 err = xfrm_decode_session_reverse(skb, flowi6_to_flowi(&fl2), AF_INET6);
362 if (err)
363 goto relookup_failed;
364
365 err = ip6_dst_lookup(sk, &dst2, &fl2);
366 if (err)
367 goto relookup_failed;
368
369 dst2 = xfrm_lookup(net, dst2, flowi6_to_flowi(&fl2), sk, XFRM_LOOKUP_ICMP);
370 if (!IS_ERR(dst2)) {
371 dst_release(dst);
372 dst = dst2;
373 } else {
374 err = PTR_ERR(dst2);
375 if (err == -EPERM) {
376 dst_release(dst);
377 return dst2;
378 } else
379 goto relookup_failed;
380 }
381
382 relookup_failed:
383 if (dst)
384 return dst;
385 return ERR_PTR(err);
386 }
387
388 /*
389 * Send an ICMP message in response to a packet in error
390 */
icmp6_send(struct sk_buff * skb,u8 type,u8 code,__u32 info)391 static void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info)
392 {
393 struct net *net = dev_net(skb->dev);
394 struct inet6_dev *idev = NULL;
395 struct ipv6hdr *hdr = ipv6_hdr(skb);
396 struct sock *sk;
397 struct ipv6_pinfo *np;
398 const struct in6_addr *saddr = NULL;
399 struct dst_entry *dst;
400 struct icmp6hdr tmp_hdr;
401 struct flowi6 fl6;
402 struct icmpv6_msg msg;
403 int iif = 0;
404 int addr_type = 0;
405 int len;
406 int hlimit;
407 int err = 0;
408 u32 mark = IP6_REPLY_MARK(net, skb->mark);
409
410 if ((u8 *)hdr < skb->head ||
411 (skb_network_header(skb) + sizeof(*hdr)) > skb_tail_pointer(skb))
412 return;
413
414 /*
415 * Make sure we respect the rules
416 * i.e. RFC 1885 2.4(e)
417 * Rule (e.1) is enforced by not using icmp6_send
418 * in any code that processes icmp errors.
419 */
420 addr_type = ipv6_addr_type(&hdr->daddr);
421
422 if (ipv6_chk_addr(net, &hdr->daddr, skb->dev, 0) ||
423 ipv6_chk_acast_addr_src(net, skb->dev, &hdr->daddr))
424 saddr = &hdr->daddr;
425
426 /*
427 * Dest addr check
428 */
429
430 if ((addr_type & IPV6_ADDR_MULTICAST || skb->pkt_type != PACKET_HOST)) {
431 if (type != ICMPV6_PKT_TOOBIG &&
432 !(type == ICMPV6_PARAMPROB &&
433 code == ICMPV6_UNK_OPTION &&
434 (opt_unrec(skb, info))))
435 return;
436
437 saddr = NULL;
438 }
439
440 addr_type = ipv6_addr_type(&hdr->saddr);
441
442 /*
443 * Source addr check
444 */
445
446 if (__ipv6_addr_needs_scope_id(addr_type))
447 iif = skb->dev->ifindex;
448
449 /*
450 * Must not send error if the source does not uniquely
451 * identify a single node (RFC2463 Section 2.4).
452 * We check unspecified / multicast addresses here,
453 * and anycast addresses will be checked later.
454 */
455 if ((addr_type == IPV6_ADDR_ANY) || (addr_type & IPV6_ADDR_MULTICAST)) {
456 LIMIT_NETDEBUG(KERN_DEBUG "icmp6_send: addr_any/mcast source\n");
457 return;
458 }
459
460 /*
461 * Never answer to a ICMP packet.
462 */
463 if (is_ineligible(skb)) {
464 LIMIT_NETDEBUG(KERN_DEBUG "icmp6_send: no reply to icmp error\n");
465 return;
466 }
467
468 mip6_addr_swap(skb);
469
470 memset(&fl6, 0, sizeof(fl6));
471 fl6.flowi6_proto = IPPROTO_ICMPV6;
472 fl6.daddr = hdr->saddr;
473 if (saddr)
474 fl6.saddr = *saddr;
475 fl6.flowi6_mark = mark;
476 fl6.flowi6_oif = iif;
477 fl6.fl6_icmp_type = type;
478 fl6.fl6_icmp_code = code;
479 fl6.flowi6_uid = sock_net_uid(net, NULL);
480 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
481
482 sk = icmpv6_xmit_lock(net);
483 if (sk == NULL)
484 return;
485 sk->sk_mark = mark;
486 np = inet6_sk(sk);
487
488 if (!icmpv6_xrlim_allow(sk, type, &fl6))
489 goto out;
490
491 tmp_hdr.icmp6_type = type;
492 tmp_hdr.icmp6_code = code;
493 tmp_hdr.icmp6_cksum = 0;
494 tmp_hdr.icmp6_pointer = htonl(info);
495
496 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
497 fl6.flowi6_oif = np->mcast_oif;
498 else if (!fl6.flowi6_oif)
499 fl6.flowi6_oif = np->ucast_oif;
500
501 dst = icmpv6_route_lookup(net, skb, sk, &fl6);
502 if (IS_ERR(dst))
503 goto out;
504
505 hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst);
506
507 msg.skb = skb;
508 msg.offset = skb_network_offset(skb);
509 msg.type = type;
510
511 len = skb->len - msg.offset;
512 len = min_t(unsigned int, len, IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(struct icmp6hdr));
513 if (len < 0) {
514 LIMIT_NETDEBUG(KERN_DEBUG "icmp: len problem\n");
515 goto out_dst_release;
516 }
517
518 rcu_read_lock();
519 idev = __in6_dev_get(skb->dev);
520
521 err = ip6_append_data(sk, icmpv6_getfrag, &msg,
522 len + sizeof(struct icmp6hdr),
523 sizeof(struct icmp6hdr), hlimit,
524 np->tclass, NULL, &fl6, (struct rt6_info *)dst,
525 MSG_DONTWAIT, np->dontfrag);
526 if (err) {
527 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTERRORS);
528 ip6_flush_pending_frames(sk);
529 } else {
530 err = icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr,
531 len + sizeof(struct icmp6hdr));
532 }
533 rcu_read_unlock();
534 out_dst_release:
535 dst_release(dst);
536 out:
537 icmpv6_xmit_unlock(sk);
538 }
539
540 /* Slightly more convenient version of icmp6_send.
541 */
icmpv6_param_prob(struct sk_buff * skb,u8 code,int pos)542 void icmpv6_param_prob(struct sk_buff *skb, u8 code, int pos)
543 {
544 icmp6_send(skb, ICMPV6_PARAMPROB, code, pos);
545 kfree_skb(skb);
546 }
547
icmpv6_echo_reply(struct sk_buff * skb)548 static void icmpv6_echo_reply(struct sk_buff *skb)
549 {
550 struct net *net = dev_net(skb->dev);
551 struct sock *sk;
552 struct inet6_dev *idev;
553 struct ipv6_pinfo *np;
554 const struct in6_addr *saddr = NULL;
555 struct icmp6hdr *icmph = icmp6_hdr(skb);
556 struct icmp6hdr tmp_hdr;
557 struct flowi6 fl6;
558 struct icmpv6_msg msg;
559 struct dst_entry *dst;
560 int err = 0;
561 int hlimit;
562 u8 tclass;
563 u32 mark = IP6_REPLY_MARK(net, skb->mark);
564
565 saddr = &ipv6_hdr(skb)->daddr;
566
567 if (!ipv6_unicast_destination(skb) &&
568 !(net->ipv6.sysctl.anycast_src_echo_reply &&
569 ipv6_anycast_destination(skb)))
570 saddr = NULL;
571
572 memcpy(&tmp_hdr, icmph, sizeof(tmp_hdr));
573 tmp_hdr.icmp6_type = ICMPV6_ECHO_REPLY;
574
575 memset(&fl6, 0, sizeof(fl6));
576 fl6.flowi6_proto = IPPROTO_ICMPV6;
577 fl6.daddr = ipv6_hdr(skb)->saddr;
578 if (saddr)
579 fl6.saddr = *saddr;
580 fl6.flowi6_oif = skb->dev->ifindex;
581 fl6.fl6_icmp_type = ICMPV6_ECHO_REPLY;
582 fl6.flowi6_mark = mark;
583 fl6.flowi6_uid = sock_net_uid(net, NULL);
584 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
585
586 sk = icmpv6_xmit_lock(net);
587 if (sk == NULL)
588 return;
589 sk->sk_mark = mark;
590 np = inet6_sk(sk);
591
592 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
593 fl6.flowi6_oif = np->mcast_oif;
594 else if (!fl6.flowi6_oif)
595 fl6.flowi6_oif = np->ucast_oif;
596
597 err = ip6_dst_lookup(sk, &dst, &fl6);
598 if (err)
599 goto out;
600 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), sk, 0);
601 if (IS_ERR(dst))
602 goto out;
603
604 hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst);
605
606 idev = __in6_dev_get(skb->dev);
607
608 msg.skb = skb;
609 msg.offset = 0;
610 msg.type = ICMPV6_ECHO_REPLY;
611
612 tclass = ipv6_get_dsfield(ipv6_hdr(skb));
613 err = ip6_append_data(sk, icmpv6_getfrag, &msg, skb->len + sizeof(struct icmp6hdr),
614 sizeof(struct icmp6hdr), hlimit, tclass, NULL, &fl6,
615 (struct rt6_info *)dst, MSG_DONTWAIT,
616 np->dontfrag);
617
618 if (err) {
619 ICMP6_INC_STATS_BH(net, idev, ICMP6_MIB_OUTERRORS);
620 ip6_flush_pending_frames(sk);
621 } else {
622 err = icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr,
623 skb->len + sizeof(struct icmp6hdr));
624 }
625 dst_release(dst);
626 out:
627 icmpv6_xmit_unlock(sk);
628 }
629
icmpv6_notify(struct sk_buff * skb,u8 type,u8 code,__be32 info)630 void icmpv6_notify(struct sk_buff *skb, u8 type, u8 code, __be32 info)
631 {
632 const struct inet6_protocol *ipprot;
633 int inner_offset;
634 __be16 frag_off;
635 u8 nexthdr;
636 struct net *net = dev_net(skb->dev);
637
638 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
639 goto out;
640
641 nexthdr = ((struct ipv6hdr *)skb->data)->nexthdr;
642 if (ipv6_ext_hdr(nexthdr)) {
643 /* now skip over extension headers */
644 inner_offset = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr),
645 &nexthdr, &frag_off);
646 if (inner_offset < 0)
647 goto out;
648 } else {
649 inner_offset = sizeof(struct ipv6hdr);
650 }
651
652 /* Checkin header including 8 bytes of inner protocol header. */
653 if (!pskb_may_pull(skb, inner_offset+8))
654 goto out;
655
656 /* BUGGG_FUTURE: we should try to parse exthdrs in this packet.
657 Without this we will not able f.e. to make source routed
658 pmtu discovery.
659 Corresponding argument (opt) to notifiers is already added.
660 --ANK (980726)
661 */
662
663 ipprot = rcu_dereference(inet6_protos[nexthdr]);
664 if (ipprot && ipprot->err_handler)
665 ipprot->err_handler(skb, NULL, type, code, inner_offset, info);
666
667 raw6_icmp_error(skb, nexthdr, type, code, inner_offset, info);
668 return;
669
670 out:
671 ICMP6_INC_STATS_BH(net, __in6_dev_get(skb->dev), ICMP6_MIB_INERRORS);
672 }
673
674 /*
675 * Handle icmp messages
676 */
677
icmpv6_rcv(struct sk_buff * skb)678 static int icmpv6_rcv(struct sk_buff *skb)
679 {
680 struct net_device *dev = skb->dev;
681 struct inet6_dev *idev = __in6_dev_get(dev);
682 const struct in6_addr *saddr, *daddr;
683 struct icmp6hdr *hdr;
684 u8 type;
685
686 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
687 struct sec_path *sp = skb_sec_path(skb);
688 int nh;
689
690 if (!(sp && sp->xvec[sp->len - 1]->props.flags &
691 XFRM_STATE_ICMP))
692 goto drop_no_count;
693
694 if (!pskb_may_pull(skb, sizeof(*hdr) + sizeof(struct ipv6hdr)))
695 goto drop_no_count;
696
697 nh = skb_network_offset(skb);
698 skb_set_network_header(skb, sizeof(*hdr));
699
700 if (!xfrm6_policy_check_reverse(NULL, XFRM_POLICY_IN, skb))
701 goto drop_no_count;
702
703 skb_set_network_header(skb, nh);
704 }
705
706 ICMP6_INC_STATS_BH(dev_net(dev), idev, ICMP6_MIB_INMSGS);
707
708 saddr = &ipv6_hdr(skb)->saddr;
709 daddr = &ipv6_hdr(skb)->daddr;
710
711 if (skb_checksum_validate(skb, IPPROTO_ICMPV6, ip6_compute_pseudo)) {
712 LIMIT_NETDEBUG(KERN_DEBUG
713 "ICMPv6 checksum failed [%pI6c > %pI6c]\n",
714 saddr, daddr);
715 goto csum_error;
716 }
717
718 if (!pskb_pull(skb, sizeof(*hdr)))
719 goto discard_it;
720
721 hdr = icmp6_hdr(skb);
722
723 type = hdr->icmp6_type;
724
725 ICMP6MSGIN_INC_STATS_BH(dev_net(dev), idev, type);
726
727 switch (type) {
728 case ICMPV6_ECHO_REQUEST:
729 icmpv6_echo_reply(skb);
730 break;
731
732 case ICMPV6_ECHO_REPLY:
733 ping_rcv(skb);
734 break;
735
736 case ICMPV6_PKT_TOOBIG:
737 /* BUGGG_FUTURE: if packet contains rthdr, we cannot update
738 standard destination cache. Seems, only "advanced"
739 destination cache will allow to solve this problem
740 --ANK (980726)
741 */
742 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
743 goto discard_it;
744 hdr = icmp6_hdr(skb);
745
746 /*
747 * Drop through to notify
748 */
749
750 case ICMPV6_DEST_UNREACH:
751 case ICMPV6_TIME_EXCEED:
752 case ICMPV6_PARAMPROB:
753 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu);
754 break;
755
756 case NDISC_ROUTER_SOLICITATION:
757 case NDISC_ROUTER_ADVERTISEMENT:
758 case NDISC_NEIGHBOUR_SOLICITATION:
759 case NDISC_NEIGHBOUR_ADVERTISEMENT:
760 case NDISC_REDIRECT:
761 ndisc_rcv(skb);
762 break;
763
764 case ICMPV6_MGM_QUERY:
765 igmp6_event_query(skb);
766 break;
767
768 case ICMPV6_MGM_REPORT:
769 igmp6_event_report(skb);
770 break;
771
772 case ICMPV6_MGM_REDUCTION:
773 case ICMPV6_NI_QUERY:
774 case ICMPV6_NI_REPLY:
775 case ICMPV6_MLD2_REPORT:
776 case ICMPV6_DHAAD_REQUEST:
777 case ICMPV6_DHAAD_REPLY:
778 case ICMPV6_MOBILE_PREFIX_SOL:
779 case ICMPV6_MOBILE_PREFIX_ADV:
780 break;
781
782 default:
783 /* informational */
784 if (type & ICMPV6_INFOMSG_MASK)
785 break;
786
787 LIMIT_NETDEBUG(KERN_DEBUG "icmpv6: msg of unknown type\n");
788
789 /*
790 * error of unknown type.
791 * must pass to upper level
792 */
793
794 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu);
795 }
796
797 kfree_skb(skb);
798 return 0;
799
800 csum_error:
801 ICMP6_INC_STATS_BH(dev_net(dev), idev, ICMP6_MIB_CSUMERRORS);
802 discard_it:
803 ICMP6_INC_STATS_BH(dev_net(dev), idev, ICMP6_MIB_INERRORS);
804 drop_no_count:
805 kfree_skb(skb);
806 return 0;
807 }
808
icmpv6_flow_init(struct sock * sk,struct flowi6 * fl6,u8 type,const struct in6_addr * saddr,const struct in6_addr * daddr,int oif)809 void icmpv6_flow_init(struct sock *sk, struct flowi6 *fl6,
810 u8 type,
811 const struct in6_addr *saddr,
812 const struct in6_addr *daddr,
813 int oif)
814 {
815 memset(fl6, 0, sizeof(*fl6));
816 fl6->saddr = *saddr;
817 fl6->daddr = *daddr;
818 fl6->flowi6_proto = IPPROTO_ICMPV6;
819 fl6->fl6_icmp_type = type;
820 fl6->fl6_icmp_code = 0;
821 fl6->flowi6_oif = oif;
822 security_sk_classify_flow(sk, flowi6_to_flowi(fl6));
823 }
824
825 /*
826 * Special lock-class for __icmpv6_sk:
827 */
828 static struct lock_class_key icmpv6_socket_sk_dst_lock_key;
829
icmpv6_sk_init(struct net * net)830 static int __net_init icmpv6_sk_init(struct net *net)
831 {
832 struct sock *sk;
833 int err, i, j;
834
835 net->ipv6.icmp_sk =
836 kzalloc(nr_cpu_ids * sizeof(struct sock *), GFP_KERNEL);
837 if (net->ipv6.icmp_sk == NULL)
838 return -ENOMEM;
839
840 for_each_possible_cpu(i) {
841 err = inet_ctl_sock_create(&sk, PF_INET6,
842 SOCK_RAW, IPPROTO_ICMPV6, net);
843 if (err < 0) {
844 pr_err("Failed to initialize the ICMP6 control socket (err %d)\n",
845 err);
846 goto fail;
847 }
848
849 net->ipv6.icmp_sk[i] = sk;
850
851 /*
852 * Split off their lock-class, because sk->sk_dst_lock
853 * gets used from softirqs, which is safe for
854 * __icmpv6_sk (because those never get directly used
855 * via userspace syscalls), but unsafe for normal sockets.
856 */
857 lockdep_set_class(&sk->sk_dst_lock,
858 &icmpv6_socket_sk_dst_lock_key);
859
860 /* Enough space for 2 64K ICMP packets, including
861 * sk_buff struct overhead.
862 */
863 sk->sk_sndbuf = 2 * SKB_TRUESIZE(64 * 1024);
864 }
865 return 0;
866
867 fail:
868 for (j = 0; j < i; j++)
869 inet_ctl_sock_destroy(net->ipv6.icmp_sk[j]);
870 kfree(net->ipv6.icmp_sk);
871 return err;
872 }
873
icmpv6_sk_exit(struct net * net)874 static void __net_exit icmpv6_sk_exit(struct net *net)
875 {
876 int i;
877
878 for_each_possible_cpu(i) {
879 inet_ctl_sock_destroy(net->ipv6.icmp_sk[i]);
880 }
881 kfree(net->ipv6.icmp_sk);
882 }
883
884 static struct pernet_operations icmpv6_sk_ops = {
885 .init = icmpv6_sk_init,
886 .exit = icmpv6_sk_exit,
887 };
888
icmpv6_init(void)889 int __init icmpv6_init(void)
890 {
891 int err;
892
893 err = register_pernet_subsys(&icmpv6_sk_ops);
894 if (err < 0)
895 return err;
896
897 err = -EAGAIN;
898 if (inet6_add_protocol(&icmpv6_protocol, IPPROTO_ICMPV6) < 0)
899 goto fail;
900
901 err = inet6_register_icmp_sender(icmp6_send);
902 if (err)
903 goto sender_reg_err;
904 return 0;
905
906 sender_reg_err:
907 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6);
908 fail:
909 pr_err("Failed to register ICMP6 protocol\n");
910 unregister_pernet_subsys(&icmpv6_sk_ops);
911 return err;
912 }
913
icmpv6_cleanup(void)914 void icmpv6_cleanup(void)
915 {
916 inet6_unregister_icmp_sender(icmp6_send);
917 unregister_pernet_subsys(&icmpv6_sk_ops);
918 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6);
919 }
920
921
922 static const struct icmp6_err {
923 int err;
924 int fatal;
925 } tab_unreach[] = {
926 { /* NOROUTE */
927 .err = ENETUNREACH,
928 .fatal = 0,
929 },
930 { /* ADM_PROHIBITED */
931 .err = EACCES,
932 .fatal = 1,
933 },
934 { /* Was NOT_NEIGHBOUR, now reserved */
935 .err = EHOSTUNREACH,
936 .fatal = 0,
937 },
938 { /* ADDR_UNREACH */
939 .err = EHOSTUNREACH,
940 .fatal = 0,
941 },
942 { /* PORT_UNREACH */
943 .err = ECONNREFUSED,
944 .fatal = 1,
945 },
946 { /* POLICY_FAIL */
947 .err = EACCES,
948 .fatal = 1,
949 },
950 { /* REJECT_ROUTE */
951 .err = EACCES,
952 .fatal = 1,
953 },
954 };
955
icmpv6_err_convert(u8 type,u8 code,int * err)956 int icmpv6_err_convert(u8 type, u8 code, int *err)
957 {
958 int fatal = 0;
959
960 *err = EPROTO;
961
962 switch (type) {
963 case ICMPV6_DEST_UNREACH:
964 fatal = 1;
965 if (code < ARRAY_SIZE(tab_unreach)) {
966 *err = tab_unreach[code].err;
967 fatal = tab_unreach[code].fatal;
968 }
969 break;
970
971 case ICMPV6_PKT_TOOBIG:
972 *err = EMSGSIZE;
973 break;
974
975 case ICMPV6_PARAMPROB:
976 *err = EPROTO;
977 fatal = 1;
978 break;
979
980 case ICMPV6_TIME_EXCEED:
981 *err = EHOSTUNREACH;
982 break;
983 }
984
985 return fatal;
986 }
987 EXPORT_SYMBOL(icmpv6_err_convert);
988
989 #ifdef CONFIG_SYSCTL
990 static struct ctl_table ipv6_icmp_table_template[] = {
991 {
992 .procname = "ratelimit",
993 .data = &init_net.ipv6.sysctl.icmpv6_time,
994 .maxlen = sizeof(int),
995 .mode = 0644,
996 .proc_handler = proc_dointvec_ms_jiffies,
997 },
998 { },
999 };
1000
ipv6_icmp_sysctl_init(struct net * net)1001 struct ctl_table * __net_init ipv6_icmp_sysctl_init(struct net *net)
1002 {
1003 struct ctl_table *table;
1004
1005 table = kmemdup(ipv6_icmp_table_template,
1006 sizeof(ipv6_icmp_table_template),
1007 GFP_KERNEL);
1008
1009 if (table)
1010 table[0].data = &net->ipv6.sysctl.icmpv6_time;
1011
1012 return table;
1013 }
1014 #endif
1015
1016