Lines Matching +full:layers +full:- +full:configurable
1 // SPDX-License-Identifier: GPL-2.0-or-later
46 * the rates sysctl configurable.
48 * - IP option length was accounted wrongly
49 * - ICMP header length was not accounted
56 * - Should use skb_pull() instead of all the manual checking.
57 * This would also greatly simply some upper layer error handlers. --AK
198 * all layers. All Socketless IP sends will soon be gone.
200 * On SMP we have one ICMP socket per-cpu.
204 return this_cpu_read(*net->ipv4.icmp_sk); in icmp_sk()
214 if (unlikely(!spin_trylock(&sk->sk_lock.slock))) { in icmp_xmit_lock()
225 spin_unlock(&sk->sk_lock.slock); in icmp_xmit_unlock()
240 * icmp_global_allow - Are we allowed to send one more ICMP message ?
256 delta = min_t(u32, now - READ_ONCE(icmp_global.stamp), HZ); in icmp_global_allow()
262 delta = min_t(u32, now - icmp_global.stamp, HZ); in icmp_global_allow()
274 credit = max_t(int, credit - prandom_u32_max(3), 0); in icmp_global_allow()
293 if (!((1 << type) & READ_ONCE(net->ipv4.sysctl_icmp_ratemask))) in icmpv4_mask_allow()
317 struct dst_entry *dst = &rt->dst; in icmpv4_xrlim_allow()
326 if (dst->dev && (dst->dev->flags&IFF_LOOPBACK)) in icmpv4_xrlim_allow()
329 vif = l3mdev_master_ifindex(dst->dev); in icmpv4_xrlim_allow()
330 peer = inet_getpeer_v4(net->ipv4.peers, fl4->daddr, vif, 1); in icmpv4_xrlim_allow()
332 READ_ONCE(net->ipv4.sysctl_icmp_ratelimit)); in icmpv4_xrlim_allow()
358 csum = skb_copy_and_csum_bits(icmp_param->skb, in icmp_glue_bits()
359 icmp_param->offset + offset, in icmp_glue_bits()
362 skb->csum = csum_block_add(skb->csum, csum, odd); in icmp_glue_bits()
363 if (icmp_pointers[icmp_param->data.icmph.type].error) in icmp_glue_bits()
364 nf_ct_attach(skb, icmp_param->skb); in icmp_glue_bits()
375 sk = icmp_sk(dev_net((*rt)->dst.dev)); in icmp_push_reply()
377 icmp_param->data_len+icmp_param->head_len, in icmp_push_reply()
378 icmp_param->head_len, in icmp_push_reply()
382 } else if ((skb = skb_peek(&sk->sk_write_queue)) != NULL) { in icmp_push_reply()
387 csum = csum_partial_copy_nocheck((void *)&icmp_param->data, in icmp_push_reply()
389 icmp_param->head_len); in icmp_push_reply()
390 skb_queue_walk(&sk->sk_write_queue, skb1) { in icmp_push_reply()
391 csum = csum_add(csum, skb1->csum); in icmp_push_reply()
393 icmph->checksum = csum_fold(csum); in icmp_push_reply()
394 skb->ip_summed = CHECKSUM_NONE; in icmp_push_reply()
407 struct net *net = dev_net(rt->dst.dev); in icmp_reply()
412 u32 mark = IP4_REPLY_MARK(net, skb->mark); in icmp_reply()
413 int type = icmp_param->data.icmph.type; in icmp_reply()
414 int code = icmp_param->data.icmph.code; in icmp_reply()
416 if (ip_options_echo(net, &icmp_param->replyopts.opt.opt, skb)) in icmp_reply()
431 icmp_param->data.icmph.checksum = 0; in icmp_reply()
434 inet->tos = ip_hdr(skb)->tos; in icmp_reply()
436 daddr = ipc.addr = ip_hdr(skb)->saddr; in icmp_reply()
439 if (icmp_param->replyopts.opt.opt.optlen) { in icmp_reply()
440 ipc.opt = &icmp_param->replyopts.opt; in icmp_reply()
441 if (ipc.opt->opt.srr) in icmp_reply()
442 daddr = icmp_param->replyopts.opt.opt.faddr; in icmp_reply()
449 fl4.flowi4_tos = RT_TOS(ip_hdr(skb)->tos); in icmp_reply()
451 fl4.flowi4_oif = l3mdev_master_ifindex(skb->dev); in icmp_reply()
475 if (skb->dev) in icmp_get_route_lookup_dev()
476 route_lookup_dev = skb->dev; in icmp_get_route_lookup_dev()
478 route_lookup_dev = skb_dst(skb)->dev; in icmp_get_route_lookup_dev()
496 fl4->daddr = (param->replyopts.opt.opt.srr ? in icmp_route_lookup()
497 param->replyopts.opt.opt.faddr : iph->saddr); in icmp_route_lookup()
498 fl4->saddr = saddr; in icmp_route_lookup()
499 fl4->flowi4_mark = mark; in icmp_route_lookup()
500 fl4->flowi4_uid = sock_net_uid(net, NULL); in icmp_route_lookup()
501 fl4->flowi4_tos = RT_TOS(tos); in icmp_route_lookup()
502 fl4->flowi4_proto = IPPROTO_ICMP; in icmp_route_lookup()
503 fl4->fl4_icmp_type = type; in icmp_route_lookup()
504 fl4->fl4_icmp_code = code; in icmp_route_lookup()
506 fl4->flowi4_oif = l3mdev_master_ifindex(route_lookup_dev); in icmp_route_lookup()
516 rt = (struct rtable *) xfrm_lookup(net, &rt->dst, in icmp_route_lookup()
522 fl4->daddr) == RTN_LOCAL) in icmp_route_lookup()
524 } else if (PTR_ERR(rt) == -EPERM) { in icmp_route_lookup()
549 orefdst = skb_in->_skb_refdst; /* save old refdst */ in icmp_route_lookup()
552 RT_TOS(tos), rt2->dst.dev); in icmp_route_lookup()
554 dst_release(&rt2->dst); in icmp_route_lookup()
556 skb_in->_skb_refdst = orefdst; /* restore old refdst */ in icmp_route_lookup()
562 rt2 = (struct rtable *) xfrm_lookup(net, &rt2->dst, in icmp_route_lookup()
566 dst_release(&rt->dst); in icmp_route_lookup()
569 } else if (PTR_ERR(rt2) == -EPERM) { in icmp_route_lookup()
571 dst_release(&rt->dst); in icmp_route_lookup()
614 if (rt->dst.dev) in __icmp_send()
615 net = dev_net(rt->dst.dev); in __icmp_send()
616 else if (skb_in->dev) in __icmp_send()
617 net = dev_net(skb_in->dev); in __icmp_send()
628 if ((u8 *)iph < skb_in->head || in __icmp_send()
636 if (skb_in->pkt_type != PACKET_HOST) in __icmp_send()
642 if (rt->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST)) in __icmp_send()
646 * Only reply to fragment 0. We byte re-order the constant in __icmp_send()
649 if (iph->frag_off & htons(IP_OFFSET)) in __icmp_send()
660 if (iph->protocol == IPPROTO_ICMP) { in __icmp_send()
665 (iph->ihl << 2) + in __icmp_send()
667 type) - in __icmp_send()
668 skb_in->data, in __icmp_send()
691 if (!(skb_in->dev && (skb_in->dev->flags&IFF_LOOPBACK)) && in __icmp_send()
703 saddr = iph->daddr; in __icmp_send()
704 if (!(rt->rt_flags & RTCF_LOCAL)) { in __icmp_send()
709 READ_ONCE(net->ipv4.sysctl_icmp_errors_use_inbound_ifaddr)) in __icmp_send()
713 saddr = inet_select_addr(dev, iph->saddr, in __icmp_send()
720 tos = icmp_pointers[type].error ? (RT_TOS(iph->tos) | in __icmp_send()
722 iph->tos; in __icmp_send()
723 mark = IP4_REPLY_MARK(net, skb_in->mark); in __icmp_send()
739 inet_sk(sk)->tos = tos; in __icmp_send()
741 ipc.addr = iph->saddr; in __icmp_send()
756 room = dst_mtu(&rt->dst); in __icmp_send()
759 room -= sizeof(struct iphdr) + icmp_param.replyopts.opt.opt.optlen; in __icmp_send()
760 room -= sizeof(struct icmphdr); in __icmp_send()
767 icmp_param.data_len = skb_in->len - icmp_param.offset; in __icmp_send()
801 if (!ct || !(ct->status & IPS_SRC_NAT)) { in icmp_ndo_send()
809 if (unlikely(!skb_in || skb_network_header(skb_in) < skb_in->head || in icmp_ndo_send()
815 orig_ip = ip_hdr(skb_in)->saddr; in icmp_ndo_send()
816 ip_hdr(skb_in)->saddr = ct->tuplehash[0].tuple.src.u3.ip; in icmp_ndo_send()
818 ip_hdr(skb_in)->saddr = orig_ip; in icmp_ndo_send()
827 const struct iphdr *iph = (const struct iphdr *)skb->data; in icmp_socket_deliver()
829 int protocol = iph->protocol; in icmp_socket_deliver()
834 if (!pskb_may_pull(skb, iph->ihl * 4 + 8)) { in icmp_socket_deliver()
835 __ICMP_INC_STATS(dev_net(skb->dev), ICMP_MIB_INERRORS); in icmp_socket_deliver()
842 if (ipprot && ipprot->err_handler) in icmp_socket_deliver()
843 ipprot->err_handler(skb, info); in icmp_socket_deliver()
851 ok = rcu_dereference(inet_protos[proto])->icmp_strict_tag_validation; in icmp_tag_validation()
868 net = dev_net(skb_dst(skb)->dev); in icmp_unreach()
880 iph = (const struct iphdr *)skb->data; in icmp_unreach()
882 if (iph->ihl < 5) /* Mangled header, drop. */ in icmp_unreach()
885 switch (icmph->type) { in icmp_unreach()
887 switch (icmph->code & 15) { in icmp_unreach()
896 * Documentation/networking/ip-sysctl.rst in icmp_unreach()
898 switch (READ_ONCE(net->ipv4.sysctl_ip_no_pmtu_disc)) { in icmp_unreach()
901 &iph->daddr); in icmp_unreach()
906 if (!icmp_tag_validation(iph->protocol)) in icmp_unreach()
910 info = ntohs(icmph->un.frag.mtu); in icmp_unreach()
915 &iph->daddr); in icmp_unreach()
920 if (icmph->code > NR_ICMP_UNREACH) in icmp_unreach()
924 info = ntohl(icmph->un.gateway) >> 24; in icmp_unreach()
928 if (icmph->code == ICMP_EXC_FRAGTIME) in icmp_unreach()
934 * Throw it at our lower layers in icmp_unreach()
951 if (!net->ipv4.sysctl_icmp_ignore_bogus_error_responses && in icmp_unreach()
952 inet_addr_type_dev_table(net, skb->dev, iph->daddr) == RTN_BROADCAST) { in icmp_unreach()
954 &ip_hdr(skb)->saddr, in icmp_unreach()
955 icmph->type, icmph->code, in icmp_unreach()
956 &iph->daddr, skb->dev->name); in icmp_unreach()
976 if (skb->len < sizeof(struct iphdr)) { in icmp_redirect()
977 __ICMP_INC_STATS(dev_net(skb->dev), ICMP_MIB_INERRORS); in icmp_redirect()
986 icmp_socket_deliver(skb, ntohl(icmp_hdr(skb)->un.gateway)); in icmp_redirect()
1006 net = dev_net(skb_dst(skb)->dev); in icmp_echo()
1007 if (!net->ipv4.sysctl_icmp_echo_ignore_all) { in icmp_echo()
1014 icmp_param.data_len = skb->len; in icmp_echo()
1035 if (skb->len < 4) in icmp_timestamp()
1057 __ICMP_INC_STATS(dev_net(skb_dst(skb)->dev), ICMP_MIB_INERRORS); in icmp_timestamp()
1074 struct net *net = dev_net(rt->dst.dev); in icmp_rcv()
1081 if (!(sp && sp->xvec[sp->len - 1]->props.flags & in icmp_rcv()
1107 ICMPMSGIN_INC_STATS(net, icmph->type); in icmp_rcv()
1114 if (icmph->type > NR_ICMP_TYPES) in icmp_rcv()
1122 if (rt->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST)) { in icmp_rcv()
1129 if ((icmph->type == ICMP_ECHO || in icmp_rcv()
1130 icmph->type == ICMP_TIMESTAMP) && in icmp_rcv()
1131 net->ipv4.sysctl_icmp_echo_ignore_broadcasts) { in icmp_rcv()
1134 if (icmph->type != ICMP_ECHO && in icmp_rcv()
1135 icmph->type != ICMP_TIMESTAMP && in icmp_rcv()
1136 icmph->type != ICMP_ADDRESS && in icmp_rcv()
1137 icmph->type != ICMP_ADDRESSREPLY) { in icmp_rcv()
1142 success = icmp_pointers[icmph->type].handler(skb); in icmp_rcv()
1168 if (exth->version != 2) in ip_icmp_error_rfc4884_validate()
1171 if (exth->checksum && in ip_icmp_error_rfc4884_validate()
1172 csum_fold(skb_checksum(skb, off, skb->len - off, 0))) in ip_icmp_error_rfc4884_validate()
1176 while (off < skb->len) { in ip_icmp_error_rfc4884_validate()
1181 olen = ntohs(objh->length); in ip_icmp_error_rfc4884_validate()
1186 if (off > skb->len) in ip_icmp_error_rfc4884_validate()
1199 /* original datagram headers: end of icmph to payload (skb->data) */ in ip_icmp_error_rfc4884()
1200 hlen = -skb_transport_offset(skb) - thlen; in ip_icmp_error_rfc4884()
1207 off -= hlen; in ip_icmp_error_rfc4884()
1208 if (off + sizeof(struct icmp_ext_hdr) > skb->len) in ip_icmp_error_rfc4884()
1211 out->len = off; in ip_icmp_error_rfc4884()
1214 out->flags |= SO_EE_RFC4884_FLAG_INVALID; in ip_icmp_error_rfc4884()
1220 struct iphdr *iph = (struct iphdr *)skb->data; in icmp_err()
1221 int offset = iph->ihl<<2; in icmp_err()
1222 struct icmphdr *icmph = (struct icmphdr *)(skb->data + offset); in icmp_err()
1223 int type = icmp_hdr(skb)->type; in icmp_err()
1224 int code = icmp_hdr(skb)->code; in icmp_err()
1225 struct net *net = dev_net(skb->dev); in icmp_err()
1231 if (icmph->type != ICMP_ECHOREPLY) { in icmp_err()
1323 inet_ctl_sock_destroy(*per_cpu_ptr(net->ipv4.icmp_sk, i)); in icmp_sk_exit()
1324 free_percpu(net->ipv4.icmp_sk); in icmp_sk_exit()
1325 net->ipv4.icmp_sk = NULL; in icmp_sk_exit()
1332 net->ipv4.icmp_sk = alloc_percpu(struct sock *); in icmp_sk_init()
1333 if (!net->ipv4.icmp_sk) in icmp_sk_init()
1334 return -ENOMEM; in icmp_sk_init()
1344 *per_cpu_ptr(net->ipv4.icmp_sk, i) = sk; in icmp_sk_init()
1349 sk->sk_sndbuf = 2 * SKB_TRUESIZE(64 * 1024); in icmp_sk_init()
1355 inet_sk(sk)->pmtudisc = IP_PMTUDISC_DONT; in icmp_sk_init()
1359 net->ipv4.sysctl_icmp_echo_ignore_all = 0; in icmp_sk_init()
1360 net->ipv4.sysctl_icmp_echo_ignore_broadcasts = 1; in icmp_sk_init()
1362 /* Control parameter - ignore bogus broadcast responses? */ in icmp_sk_init()
1363 net->ipv4.sysctl_icmp_ignore_bogus_error_responses = 1; in icmp_sk_init()
1366 * Configurable global rate limit. in icmp_sk_init()
1368 * ratelimit defines tokens/packet consumed for dst->rate_token in icmp_sk_init()
1377 net->ipv4.sysctl_icmp_ratelimit = 1 * HZ; in icmp_sk_init()
1378 net->ipv4.sysctl_icmp_ratemask = 0x1818; in icmp_sk_init()
1379 net->ipv4.sysctl_icmp_errors_use_inbound_ifaddr = 0; in icmp_sk_init()