1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Internet Control Message Protocol (ICMPv6)
4 * Linux INET6 implementation
5 *
6 * Authors:
7 * Pedro Roque <roque@di.fc.ul.pt>
8 *
9 * Based on net/ipv4/icmp.c
10 *
11 * RFC 1885
12 */
13
14 /*
15 * Changes:
16 *
17 * Andi Kleen : exception handling
18 * Andi Kleen add rate limits. never reply to a icmp.
19 * add more length checks and other fixes.
20 * yoshfuji : ensure to sent parameter problem for
21 * fragments.
22 * YOSHIFUJI Hideaki @USAGI: added sysctl for icmp rate limit.
23 * Randy Dunlap and
24 * YOSHIFUJI Hideaki @USAGI: Per-interface statistics support
25 * Kazunori MIYAZAWA @USAGI: change output process to use ip6_append_data
26 */
27
28 #define pr_fmt(fmt) "IPv6: " fmt
29
30 #include <linux/module.h>
31 #include <linux/errno.h>
32 #include <linux/types.h>
33 #include <linux/socket.h>
34 #include <linux/in.h>
35 #include <linux/kernel.h>
36 #include <linux/sockios.h>
37 #include <linux/net.h>
38 #include <linux/skbuff.h>
39 #include <linux/init.h>
40 #include <linux/netfilter.h>
41 #include <linux/slab.h>
42
43 #ifdef CONFIG_SYSCTL
44 #include <linux/sysctl.h>
45 #endif
46
47 #include <linux/inet.h>
48 #include <linux/netdevice.h>
49 #include <linux/icmpv6.h>
50
51 #include <net/ip.h>
52 #include <net/sock.h>
53
54 #include <net/ipv6.h>
55 #include <net/ip6_checksum.h>
56 #include <net/ping.h>
57 #include <net/protocol.h>
58 #include <net/raw.h>
59 #include <net/rawv6.h>
60 #include <net/seg6.h>
61 #include <net/transp_v6.h>
62 #include <net/ip6_route.h>
63 #include <net/addrconf.h>
64 #include <net/icmp.h>
65 #include <net/xfrm.h>
66 #include <net/inet_common.h>
67 #include <net/dsfield.h>
68 #include <net/l3mdev.h>
69
70 #include <linux/uaccess.h>
71
72 static DEFINE_PER_CPU(struct sock *, ipv6_icmp_sk);
73
icmpv6_err(struct sk_buff * skb,struct inet6_skb_parm * opt,u8 type,u8 code,int offset,__be32 info)74 static int icmpv6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
75 u8 type, u8 code, int offset, __be32 info)
76 {
77 /* icmpv6_notify checks 8 bytes can be pulled, icmp6hdr is 8 bytes */
78 struct icmp6hdr *icmp6 = (struct icmp6hdr *) (skb->data + offset);
79 struct net *net = dev_net_rcu(skb->dev);
80
81 if (type == ICMPV6_PKT_TOOBIG)
82 ip6_update_pmtu(skb, net, info, skb->dev->ifindex, 0, sock_net_uid(net, NULL));
83 else if (type == NDISC_REDIRECT)
84 ip6_redirect(skb, net, skb->dev->ifindex, 0,
85 sock_net_uid(net, NULL));
86
87 if (!(type & ICMPV6_INFOMSG_MASK))
88 if (icmp6->icmp6_type == ICMPV6_ECHO_REQUEST)
89 ping_err(skb, offset, ntohl(info));
90
91 return 0;
92 }
93
94 static int icmpv6_rcv(struct sk_buff *skb);
95
96 static const struct inet6_protocol icmpv6_protocol = {
97 .handler = icmpv6_rcv,
98 .err_handler = icmpv6_err,
99 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
100 };
101
102 /* Called with BH disabled */
icmpv6_xmit_lock(struct net * net)103 static struct sock *icmpv6_xmit_lock(struct net *net)
104 {
105 struct sock *sk;
106
107 sk = this_cpu_read(ipv6_icmp_sk);
108 if (unlikely(!spin_trylock(&sk->sk_lock.slock))) {
109 /* This can happen if the output path (f.e. SIT or
110 * ip6ip6 tunnel) signals dst_link_failure() for an
111 * outgoing ICMP6 packet.
112 */
113 return NULL;
114 }
115 sock_net_set(sk, net);
116 return sk;
117 }
118
icmpv6_xmit_unlock(struct sock * sk)119 static void icmpv6_xmit_unlock(struct sock *sk)
120 {
121 sock_net_set(sk, &init_net);
122 spin_unlock(&sk->sk_lock.slock);
123 }
124
125 /*
126 * Figure out, may we reply to this packet with icmp error.
127 *
128 * We do not reply, if:
129 * - it was icmp error message.
130 * - it is truncated, so that it is known, that protocol is ICMPV6
131 * (i.e. in the middle of some exthdr)
132 *
133 * --ANK (980726)
134 */
135
is_ineligible(const struct sk_buff * skb)136 static bool is_ineligible(const struct sk_buff *skb)
137 {
138 int ptr = (u8 *)(ipv6_hdr(skb) + 1) - skb->data;
139 int len = skb->len - ptr;
140 __u8 nexthdr = ipv6_hdr(skb)->nexthdr;
141 __be16 frag_off;
142
143 if (len < 0)
144 return true;
145
146 ptr = ipv6_skip_exthdr(skb, ptr, &nexthdr, &frag_off);
147 if (ptr < 0)
148 return false;
149 if (nexthdr == IPPROTO_ICMPV6) {
150 u8 _type, *tp;
151 tp = skb_header_pointer(skb,
152 ptr+offsetof(struct icmp6hdr, icmp6_type),
153 sizeof(_type), &_type);
154
155 /* Based on RFC 8200, Section 4.5 Fragment Header, return
156 * false if this is a fragment packet with no icmp header info.
157 */
158 if (!tp && frag_off != 0)
159 return false;
160 else if (!tp || !(*tp & ICMPV6_INFOMSG_MASK))
161 return true;
162 }
163 return false;
164 }
165
icmpv6_mask_allow(struct net * net,int type)166 static bool icmpv6_mask_allow(struct net *net, int type)
167 {
168 if (type > ICMPV6_MSG_MAX)
169 return true;
170
171 /* Limit if icmp type is set in ratemask. */
172 if (!test_bit(type, net->ipv6.sysctl.icmpv6_ratemask))
173 return true;
174
175 return false;
176 }
177
icmpv6_global_allow(struct net * net,int type,bool * apply_ratelimit)178 static bool icmpv6_global_allow(struct net *net, int type,
179 bool *apply_ratelimit)
180 {
181 if (icmpv6_mask_allow(net, type))
182 return true;
183
184 if (icmp_global_allow(net)) {
185 *apply_ratelimit = true;
186 return true;
187 }
188 __ICMP_INC_STATS(net, ICMP_MIB_RATELIMITGLOBAL);
189 return false;
190 }
191
192 /*
193 * Check the ICMP output rate limit
194 */
icmpv6_xrlim_allow(struct sock * sk,u8 type,struct flowi6 * fl6,bool apply_ratelimit)195 static bool icmpv6_xrlim_allow(struct sock *sk, u8 type,
196 struct flowi6 *fl6, bool apply_ratelimit)
197 {
198 struct net *net = sock_net(sk);
199 struct net_device *dev;
200 struct dst_entry *dst;
201 bool res = false;
202
203 if (!apply_ratelimit)
204 return true;
205
206 /*
207 * Look up the output route.
208 * XXX: perhaps the expire for routing entries cloned by
209 * this lookup should be more aggressive (not longer than timeout).
210 */
211 dst = ip6_route_output(net, sk, fl6);
212 rcu_read_lock();
213 dev = dst_dev_rcu(dst);
214 if (dst->error) {
215 IP6_INC_STATS(net, ip6_dst_idev(dst),
216 IPSTATS_MIB_OUTNOROUTES);
217 } else if (dev && (dev->flags & IFF_LOOPBACK)) {
218 res = true;
219 } else {
220 struct rt6_info *rt = dst_rt6_info(dst);
221 int tmo = net->ipv6.sysctl.icmpv6_time;
222 struct inet_peer *peer;
223
224 /* Give more bandwidth to wider prefixes. */
225 if (rt->rt6i_dst.plen < 128)
226 tmo >>= ((128 - rt->rt6i_dst.plen)>>5);
227
228 peer = inet_getpeer_v6(net->ipv6.peers, &fl6->daddr);
229 res = inet_peer_xrlim_allow(peer, tmo);
230 }
231 rcu_read_unlock();
232 if (!res)
233 __ICMP6_INC_STATS(net, NULL, ICMP6_MIB_RATELIMITHOST);
234 else
235 icmp_global_consume(net);
236 dst_release(dst);
237 return res;
238 }
239
icmpv6_rt_has_prefsrc(struct sock * sk,u8 type,struct flowi6 * fl6)240 static bool icmpv6_rt_has_prefsrc(struct sock *sk, u8 type,
241 struct flowi6 *fl6)
242 {
243 struct net *net = sock_net(sk);
244 struct dst_entry *dst;
245 bool res = false;
246
247 dst = ip6_route_output(net, sk, fl6);
248 if (!dst->error) {
249 struct rt6_info *rt = dst_rt6_info(dst);
250 struct in6_addr prefsrc;
251
252 rt6_get_prefsrc(rt, &prefsrc);
253 res = !ipv6_addr_any(&prefsrc);
254 }
255 dst_release(dst);
256 return res;
257 }
258
259 /*
260 * an inline helper for the "simple" if statement below
261 * checks if parameter problem report is caused by an
262 * unrecognized IPv6 option that has the Option Type
263 * highest-order two bits set to 10
264 */
265
opt_unrec(struct sk_buff * skb,__u32 offset)266 static bool opt_unrec(struct sk_buff *skb, __u32 offset)
267 {
268 u8 _optval, *op;
269
270 offset += skb_network_offset(skb);
271 op = skb_header_pointer(skb, offset, sizeof(_optval), &_optval);
272 if (!op)
273 return true;
274 return (*op & 0xC0) == 0x80;
275 }
276
icmpv6_push_pending_frames(struct sock * sk,struct flowi6 * fl6,struct icmp6hdr * thdr,int len)277 void icmpv6_push_pending_frames(struct sock *sk, struct flowi6 *fl6,
278 struct icmp6hdr *thdr, int len)
279 {
280 struct sk_buff *skb;
281 struct icmp6hdr *icmp6h;
282
283 skb = skb_peek(&sk->sk_write_queue);
284 if (!skb)
285 return;
286
287 icmp6h = icmp6_hdr(skb);
288 memcpy(icmp6h, thdr, sizeof(struct icmp6hdr));
289 icmp6h->icmp6_cksum = 0;
290
291 if (skb_queue_len(&sk->sk_write_queue) == 1) {
292 skb->csum = csum_partial(icmp6h,
293 sizeof(struct icmp6hdr), skb->csum);
294 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr,
295 &fl6->daddr,
296 len, fl6->flowi6_proto,
297 skb->csum);
298 } else {
299 __wsum tmp_csum = 0;
300
301 skb_queue_walk(&sk->sk_write_queue, skb) {
302 tmp_csum = csum_add(tmp_csum, skb->csum);
303 }
304
305 tmp_csum = csum_partial(icmp6h,
306 sizeof(struct icmp6hdr), tmp_csum);
307 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr,
308 &fl6->daddr,
309 len, fl6->flowi6_proto,
310 tmp_csum);
311 }
312 ip6_push_pending_frames(sk);
313 }
314
315 struct icmpv6_msg {
316 struct sk_buff *skb;
317 int offset;
318 uint8_t type;
319 };
320
icmpv6_getfrag(void * from,char * to,int offset,int len,int odd,struct sk_buff * skb)321 static int icmpv6_getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb)
322 {
323 struct icmpv6_msg *msg = (struct icmpv6_msg *) from;
324 struct sk_buff *org_skb = msg->skb;
325 __wsum csum;
326
327 csum = skb_copy_and_csum_bits(org_skb, msg->offset + offset,
328 to, len);
329 skb->csum = csum_block_add(skb->csum, csum, odd);
330 if (!(msg->type & ICMPV6_INFOMSG_MASK))
331 nf_ct_attach(skb, org_skb);
332 return 0;
333 }
334
335 #if IS_ENABLED(CONFIG_IPV6_MIP6)
mip6_addr_swap(struct sk_buff * skb,const struct inet6_skb_parm * opt)336 static void mip6_addr_swap(struct sk_buff *skb, const struct inet6_skb_parm *opt)
337 {
338 struct ipv6hdr *iph = ipv6_hdr(skb);
339 struct ipv6_destopt_hao *hao;
340 int off;
341
342 if (opt->dsthao) {
343 off = ipv6_find_tlv(skb, opt->dsthao, IPV6_TLV_HAO);
344 if (likely(off >= 0)) {
345 hao = (struct ipv6_destopt_hao *)
346 (skb_network_header(skb) + off);
347 swap(iph->saddr, hao->addr);
348 }
349 }
350 }
351 #else
mip6_addr_swap(struct sk_buff * skb,const struct inet6_skb_parm * opt)352 static inline void mip6_addr_swap(struct sk_buff *skb, const struct inet6_skb_parm *opt) {}
353 #endif
354
icmpv6_route_lookup(struct net * net,struct sk_buff * skb,struct sock * sk,struct flowi6 * fl6)355 static struct dst_entry *icmpv6_route_lookup(struct net *net,
356 struct sk_buff *skb,
357 struct sock *sk,
358 struct flowi6 *fl6)
359 {
360 struct dst_entry *dst, *dst2;
361 struct flowi6 fl2;
362 int err;
363
364 err = ip6_dst_lookup(net, sk, &dst, fl6);
365 if (err)
366 return ERR_PTR(err);
367
368 /*
369 * We won't send icmp if the destination is known
370 * anycast unless we need to treat anycast as unicast.
371 */
372 if (!READ_ONCE(net->ipv6.sysctl.icmpv6_error_anycast_as_unicast) &&
373 ipv6_anycast_destination(dst, &fl6->daddr)) {
374 net_dbg_ratelimited("icmp6_send: acast source\n");
375 dst_release(dst);
376 return ERR_PTR(-EINVAL);
377 }
378
379 /* No need to clone since we're just using its address. */
380 dst2 = dst;
381
382 dst = xfrm_lookup(net, dst, flowi6_to_flowi(fl6), sk, 0);
383 if (!IS_ERR(dst)) {
384 if (dst != dst2)
385 return dst;
386 } else {
387 if (PTR_ERR(dst) == -EPERM)
388 dst = NULL;
389 else
390 return dst;
391 }
392
393 err = xfrm_decode_session_reverse(net, skb, flowi6_to_flowi(&fl2), AF_INET6);
394 if (err)
395 goto relookup_failed;
396
397 err = ip6_dst_lookup(net, sk, &dst2, &fl2);
398 if (err)
399 goto relookup_failed;
400
401 dst2 = xfrm_lookup(net, dst2, flowi6_to_flowi(&fl2), sk, XFRM_LOOKUP_ICMP);
402 if (!IS_ERR(dst2)) {
403 dst_release(dst);
404 dst = dst2;
405 } else {
406 err = PTR_ERR(dst2);
407 if (err == -EPERM) {
408 dst_release(dst);
409 return dst2;
410 } else
411 goto relookup_failed;
412 }
413
414 relookup_failed:
415 if (dst)
416 return dst;
417 return ERR_PTR(err);
418 }
419
icmp6_dev(const struct sk_buff * skb)420 static struct net_device *icmp6_dev(const struct sk_buff *skb)
421 {
422 struct net_device *dev = skb->dev;
423
424 /* for local traffic to local address, skb dev is the loopback
425 * device. Check if there is a dst attached to the skb and if so
426 * get the real device index. Same is needed for replies to a link
427 * local address on a device enslaved to an L3 master device
428 */
429 if (unlikely(dev->ifindex == LOOPBACK_IFINDEX || netif_is_l3_master(skb->dev))) {
430 const struct rt6_info *rt6 = skb_rt6_info(skb);
431
432 /* The destination could be an external IP in Ext Hdr (SRv6, RPL, etc.),
433 * and ip6_null_entry could be set to skb if no route is found.
434 */
435 if (rt6 && rt6->rt6i_idev)
436 dev = rt6->rt6i_idev->dev;
437 }
438
439 return dev;
440 }
441
icmp6_iif(const struct sk_buff * skb)442 static int icmp6_iif(const struct sk_buff *skb)
443 {
444 return icmp6_dev(skb)->ifindex;
445 }
446
447 struct icmp6_ext_iio_addr6_subobj {
448 __be16 afi;
449 __be16 reserved;
450 struct in6_addr addr6;
451 };
452
icmp6_ext_iio_len(void)453 static unsigned int icmp6_ext_iio_len(void)
454 {
455 return sizeof(struct icmp_extobj_hdr) +
456 /* ifIndex */
457 sizeof(__be32) +
458 /* Interface Address Sub-Object */
459 sizeof(struct icmp6_ext_iio_addr6_subobj) +
460 /* Interface Name Sub-Object. Length must be a multiple of 4
461 * bytes.
462 */
463 ALIGN(sizeof(struct icmp_ext_iio_name_subobj), 4) +
464 /* MTU */
465 sizeof(__be32);
466 }
467
icmp6_ext_max_len(u8 ext_objs)468 static unsigned int icmp6_ext_max_len(u8 ext_objs)
469 {
470 unsigned int ext_max_len;
471
472 ext_max_len = sizeof(struct icmp_ext_hdr);
473
474 if (ext_objs & BIT(ICMP_ERR_EXT_IIO_IIF))
475 ext_max_len += icmp6_ext_iio_len();
476
477 return ext_max_len;
478 }
479
icmp6_ext_iio_addr6_find(const struct net_device * dev)480 static struct in6_addr *icmp6_ext_iio_addr6_find(const struct net_device *dev)
481 {
482 struct inet6_dev *in6_dev;
483 struct inet6_ifaddr *ifa;
484
485 in6_dev = __in6_dev_get(dev);
486 if (!in6_dev)
487 return NULL;
488
489 /* It is unclear from RFC 5837 which IP address should be chosen, but
490 * it makes sense to choose a global unicast address.
491 */
492 list_for_each_entry_rcu(ifa, &in6_dev->addr_list, if_list) {
493 if (ifa->flags & (IFA_F_TENTATIVE | IFA_F_DADFAILED))
494 continue;
495 if (ipv6_addr_type(&ifa->addr) != IPV6_ADDR_UNICAST ||
496 ipv6_addr_src_scope(&ifa->addr) != IPV6_ADDR_SCOPE_GLOBAL)
497 continue;
498 return &ifa->addr;
499 }
500
501 return NULL;
502 }
503
icmp6_ext_iio_iif_append(struct net * net,struct sk_buff * skb,int iif)504 static void icmp6_ext_iio_iif_append(struct net *net, struct sk_buff *skb,
505 int iif)
506 {
507 struct icmp_ext_iio_name_subobj *name_subobj;
508 struct icmp_extobj_hdr *objh;
509 struct net_device *dev;
510 struct in6_addr *addr6;
511 __be32 data;
512
513 if (!iif)
514 return;
515
516 /* Add the fields in the order specified by RFC 5837. */
517 objh = skb_put(skb, sizeof(*objh));
518 objh->class_num = ICMP_EXT_OBJ_CLASS_IIO;
519 objh->class_type = ICMP_EXT_CTYPE_IIO_ROLE(ICMP_EXT_CTYPE_IIO_ROLE_IIF);
520
521 data = htonl(iif);
522 skb_put_data(skb, &data, sizeof(__be32));
523 objh->class_type |= ICMP_EXT_CTYPE_IIO_IFINDEX;
524
525 rcu_read_lock();
526
527 dev = dev_get_by_index_rcu(net, iif);
528 if (!dev)
529 goto out;
530
531 addr6 = icmp6_ext_iio_addr6_find(dev);
532 if (addr6) {
533 struct icmp6_ext_iio_addr6_subobj *addr6_subobj;
534
535 addr6_subobj = skb_put_zero(skb, sizeof(*addr6_subobj));
536 addr6_subobj->afi = htons(ICMP_AFI_IP6);
537 addr6_subobj->addr6 = *addr6;
538 objh->class_type |= ICMP_EXT_CTYPE_IIO_IPADDR;
539 }
540
541 name_subobj = skb_put_zero(skb, ALIGN(sizeof(*name_subobj), 4));
542 name_subobj->len = ALIGN(sizeof(*name_subobj), 4);
543 netdev_copy_name(dev, name_subobj->name);
544 objh->class_type |= ICMP_EXT_CTYPE_IIO_NAME;
545
546 data = htonl(READ_ONCE(dev->mtu));
547 skb_put_data(skb, &data, sizeof(__be32));
548 objh->class_type |= ICMP_EXT_CTYPE_IIO_MTU;
549
550 out:
551 rcu_read_unlock();
552 objh->length = htons(skb_tail_pointer(skb) - (unsigned char *)objh);
553 }
554
icmp6_ext_objs_append(struct net * net,struct sk_buff * skb,u8 ext_objs,int iif)555 static void icmp6_ext_objs_append(struct net *net, struct sk_buff *skb,
556 u8 ext_objs, int iif)
557 {
558 if (ext_objs & BIT(ICMP_ERR_EXT_IIO_IIF))
559 icmp6_ext_iio_iif_append(net, skb, iif);
560 }
561
562 static struct sk_buff *
icmp6_ext_append(struct net * net,struct sk_buff * skb_in,struct icmp6hdr * icmp6h,unsigned int room,int iif)563 icmp6_ext_append(struct net *net, struct sk_buff *skb_in,
564 struct icmp6hdr *icmp6h, unsigned int room, int iif)
565 {
566 unsigned int payload_len, ext_max_len, ext_len;
567 struct icmp_ext_hdr *ext_hdr;
568 struct sk_buff *skb;
569 u8 ext_objs;
570 int nhoff;
571
572 switch (icmp6h->icmp6_type) {
573 case ICMPV6_DEST_UNREACH:
574 case ICMPV6_TIME_EXCEED:
575 break;
576 default:
577 return NULL;
578 }
579
580 /* Do not overwrite existing extensions. This can happen when we
581 * receive an ICMPv4 message with extensions from a tunnel and
582 * translate it to an ICMPv6 message towards an IPv6 host in the
583 * overlay network.
584 */
585 if (icmp6h->icmp6_datagram_len)
586 return NULL;
587
588 ext_objs = READ_ONCE(net->ipv6.sysctl.icmpv6_errors_extension_mask);
589 if (!ext_objs)
590 return NULL;
591
592 ext_max_len = icmp6_ext_max_len(ext_objs);
593 if (ICMP_EXT_ORIG_DGRAM_MIN_LEN + ext_max_len > room)
594 return NULL;
595
596 skb = skb_clone(skb_in, GFP_ATOMIC);
597 if (!skb)
598 return NULL;
599
600 nhoff = skb_network_offset(skb);
601 payload_len = min(skb->len - nhoff, ICMP_EXT_ORIG_DGRAM_MIN_LEN);
602
603 if (!pskb_network_may_pull(skb, payload_len))
604 goto free_skb;
605
606 if (pskb_trim(skb, nhoff + ICMP_EXT_ORIG_DGRAM_MIN_LEN) ||
607 __skb_put_padto(skb, nhoff + ICMP_EXT_ORIG_DGRAM_MIN_LEN, false))
608 goto free_skb;
609
610 if (pskb_expand_head(skb, 0, ext_max_len, GFP_ATOMIC))
611 goto free_skb;
612
613 ext_hdr = skb_put_zero(skb, sizeof(*ext_hdr));
614 ext_hdr->version = ICMP_EXT_VERSION_2;
615
616 icmp6_ext_objs_append(net, skb, ext_objs, iif);
617
618 /* Do not send an empty extension structure. */
619 ext_len = skb_tail_pointer(skb) - (unsigned char *)ext_hdr;
620 if (ext_len == sizeof(*ext_hdr))
621 goto free_skb;
622
623 ext_hdr->checksum = ip_compute_csum(ext_hdr, ext_len);
624 /* The length of the original datagram in 64-bit words (RFC 4884). */
625 icmp6h->icmp6_datagram_len = ICMP_EXT_ORIG_DGRAM_MIN_LEN / sizeof(u64);
626
627 return skb;
628
629 free_skb:
630 consume_skb(skb);
631 return NULL;
632 }
633
634 /*
635 * Send an ICMP message in response to a packet in error
636 */
icmp6_send(struct sk_buff * skb,u8 type,u8 code,__u32 info,const struct in6_addr * force_saddr,const struct inet6_skb_parm * parm)637 void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info,
638 const struct in6_addr *force_saddr,
639 const struct inet6_skb_parm *parm)
640 {
641 struct inet6_dev *idev = NULL;
642 struct ipv6hdr *hdr = ipv6_hdr(skb);
643 struct sock *sk;
644 struct net *net;
645 struct ipv6_pinfo *np;
646 const struct in6_addr *saddr = NULL;
647 bool apply_ratelimit = false;
648 struct sk_buff *ext_skb;
649 struct dst_entry *dst;
650 unsigned int room;
651 struct icmp6hdr tmp_hdr;
652 struct flowi6 fl6;
653 struct icmpv6_msg msg;
654 struct ipcm6_cookie ipc6;
655 int iif = 0;
656 int addr_type = 0;
657 int len;
658 u32 mark;
659
660 if ((u8 *)hdr < skb->head ||
661 (skb_network_header(skb) + sizeof(*hdr)) > skb_tail_pointer(skb))
662 return;
663
664 if (!skb->dev)
665 return;
666
667 rcu_read_lock();
668
669 net = dev_net_rcu(skb->dev);
670 mark = IP6_REPLY_MARK(net, skb->mark);
671 /*
672 * Make sure we respect the rules
673 * i.e. RFC 1885 2.4(e)
674 * Rule (e.1) is enforced by not using icmp6_send
675 * in any code that processes icmp errors.
676 */
677 addr_type = ipv6_addr_type(&hdr->daddr);
678
679 if (ipv6_chk_addr(net, &hdr->daddr, skb->dev, 0) ||
680 ipv6_chk_acast_addr_src(net, skb->dev, &hdr->daddr))
681 saddr = &hdr->daddr;
682
683 /*
684 * Dest addr check
685 */
686
687 if (addr_type & IPV6_ADDR_MULTICAST || skb->pkt_type != PACKET_HOST) {
688 if (type != ICMPV6_PKT_TOOBIG &&
689 !(type == ICMPV6_PARAMPROB &&
690 code == ICMPV6_UNK_OPTION &&
691 (opt_unrec(skb, info))))
692 goto out;
693
694 saddr = NULL;
695 }
696
697 addr_type = ipv6_addr_type(&hdr->saddr);
698
699 /*
700 * Source addr check
701 */
702
703 if (__ipv6_addr_needs_scope_id(addr_type)) {
704 iif = icmp6_iif(skb);
705 } else {
706 /*
707 * The source device is used for looking up which routing table
708 * to use for sending an ICMP error.
709 */
710 iif = l3mdev_master_ifindex(skb->dev);
711 }
712
713 /*
714 * Must not send error if the source does not uniquely
715 * identify a single node (RFC2463 Section 2.4).
716 * We check unspecified / multicast addresses here,
717 * and anycast addresses will be checked later.
718 */
719 if ((addr_type == IPV6_ADDR_ANY) || (addr_type & IPV6_ADDR_MULTICAST)) {
720 net_dbg_ratelimited("icmp6_send: addr_any/mcast source [%pI6c > %pI6c]\n",
721 &hdr->saddr, &hdr->daddr);
722 goto out;
723 }
724
725 /*
726 * Never answer to a ICMP packet.
727 */
728 if (is_ineligible(skb)) {
729 net_dbg_ratelimited("icmp6_send: no reply to icmp error [%pI6c > %pI6c]\n",
730 &hdr->saddr, &hdr->daddr);
731 goto out;
732 }
733
734 /* Needed by both icmpv6_global_allow and icmpv6_xmit_lock */
735 local_bh_disable();
736
737 /* Check global sysctl_icmp_msgs_per_sec ratelimit */
738 if (!(skb->dev->flags & IFF_LOOPBACK) &&
739 !icmpv6_global_allow(net, type, &apply_ratelimit))
740 goto out_bh_enable;
741
742 mip6_addr_swap(skb, parm);
743
744 sk = icmpv6_xmit_lock(net);
745 if (!sk)
746 goto out_bh_enable;
747
748 memset(&fl6, 0, sizeof(fl6));
749 fl6.flowi6_proto = IPPROTO_ICMPV6;
750 fl6.daddr = hdr->saddr;
751 if (force_saddr)
752 saddr = force_saddr;
753 if (saddr) {
754 fl6.saddr = *saddr;
755 } else if (!icmpv6_rt_has_prefsrc(sk, type, &fl6)) {
756 /* select a more meaningful saddr from input if */
757 struct net_device *in_netdev;
758
759 in_netdev = dev_get_by_index(net, parm->iif);
760 if (in_netdev) {
761 ipv6_dev_get_saddr(net, in_netdev, &fl6.daddr,
762 inet6_sk(sk)->srcprefs,
763 &fl6.saddr);
764 dev_put(in_netdev);
765 }
766 }
767 fl6.flowi6_mark = mark;
768 fl6.flowi6_oif = iif;
769 fl6.fl6_icmp_type = type;
770 fl6.fl6_icmp_code = code;
771 fl6.flowi6_uid = sock_net_uid(net, NULL);
772 fl6.mp_hash = rt6_multipath_hash(net, &fl6, skb, NULL);
773 security_skb_classify_flow(skb, flowi6_to_flowi_common(&fl6));
774
775 np = inet6_sk(sk);
776
777 if (!icmpv6_xrlim_allow(sk, type, &fl6, apply_ratelimit))
778 goto out_unlock;
779
780 tmp_hdr.icmp6_type = type;
781 tmp_hdr.icmp6_code = code;
782 tmp_hdr.icmp6_cksum = 0;
783 tmp_hdr.icmp6_pointer = htonl(info);
784
785 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
786 fl6.flowi6_oif = READ_ONCE(np->mcast_oif);
787 else if (!fl6.flowi6_oif)
788 fl6.flowi6_oif = READ_ONCE(np->ucast_oif);
789
790 ipcm6_init_sk(&ipc6, sk);
791 ipc6.sockc.mark = mark;
792 fl6.flowlabel = ip6_make_flowinfo(ipc6.tclass, fl6.flowlabel);
793
794 dst = icmpv6_route_lookup(net, skb, sk, &fl6);
795 if (IS_ERR(dst))
796 goto out_unlock;
797
798 ipc6.hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst);
799
800 msg.skb = skb;
801 msg.offset = skb_network_offset(skb);
802 msg.type = type;
803
804 room = IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(struct icmp6hdr);
805 ext_skb = icmp6_ext_append(net, skb, &tmp_hdr, room, parm->iif);
806 if (ext_skb)
807 msg.skb = ext_skb;
808
809 len = msg.skb->len - msg.offset;
810 len = min_t(unsigned int, len, room);
811 if (len < 0) {
812 net_dbg_ratelimited("icmp: len problem [%pI6c > %pI6c]\n",
813 &hdr->saddr, &hdr->daddr);
814 goto out_dst_release;
815 }
816
817 idev = __in6_dev_get(skb->dev);
818
819 if (ip6_append_data(sk, icmpv6_getfrag, &msg,
820 len + sizeof(struct icmp6hdr),
821 sizeof(struct icmp6hdr),
822 &ipc6, &fl6, dst_rt6_info(dst),
823 MSG_DONTWAIT)) {
824 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTERRORS);
825 ip6_flush_pending_frames(sk);
826 } else {
827 icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr,
828 len + sizeof(struct icmp6hdr));
829 }
830
831 out_dst_release:
832 if (ext_skb)
833 consume_skb(ext_skb);
834 dst_release(dst);
835 out_unlock:
836 icmpv6_xmit_unlock(sk);
837 out_bh_enable:
838 local_bh_enable();
839 out:
840 rcu_read_unlock();
841 }
842 EXPORT_SYMBOL(icmp6_send);
843
844 /* Slightly more convenient version of icmp6_send with drop reasons.
845 */
icmpv6_param_prob_reason(struct sk_buff * skb,u8 code,int pos,enum skb_drop_reason reason)846 void icmpv6_param_prob_reason(struct sk_buff *skb, u8 code, int pos,
847 enum skb_drop_reason reason)
848 {
849 icmp6_send(skb, ICMPV6_PARAMPROB, code, pos, NULL, IP6CB(skb));
850 kfree_skb_reason(skb, reason);
851 }
852
853 /* Generate icmpv6 with type/code ICMPV6_DEST_UNREACH/ICMPV6_ADDR_UNREACH
854 * if sufficient data bytes are available
855 * @nhs is the size of the tunnel header(s) :
856 * Either an IPv4 header for SIT encap
857 * an IPv4 header + GRE header for GRE encap
858 */
ip6_err_gen_icmpv6_unreach(struct sk_buff * skb,int nhs,int type,unsigned int data_len)859 int ip6_err_gen_icmpv6_unreach(struct sk_buff *skb, int nhs, int type,
860 unsigned int data_len)
861 {
862 struct in6_addr temp_saddr;
863 struct rt6_info *rt;
864 struct sk_buff *skb2;
865 u32 info = 0;
866
867 if (!pskb_may_pull(skb, nhs + sizeof(struct ipv6hdr) + 8))
868 return 1;
869
870 /* RFC 4884 (partial) support for ICMP extensions */
871 if (data_len < 128 || (data_len & 7) || skb->len < data_len)
872 data_len = 0;
873
874 skb2 = data_len ? skb_copy(skb, GFP_ATOMIC) : skb_clone(skb, GFP_ATOMIC);
875
876 if (!skb2)
877 return 1;
878
879 skb_dst_drop(skb2);
880 skb_pull(skb2, nhs);
881 skb_reset_network_header(skb2);
882
883 rt = rt6_lookup(dev_net_rcu(skb->dev), &ipv6_hdr(skb2)->saddr,
884 NULL, 0, skb, 0);
885
886 if (rt && rt->dst.dev)
887 skb2->dev = rt->dst.dev;
888
889 ipv6_addr_set_v4mapped(ip_hdr(skb)->saddr, &temp_saddr);
890
891 if (data_len) {
892 /* RFC 4884 (partial) support :
893 * insert 0 padding at the end, before the extensions
894 */
895 __skb_push(skb2, nhs);
896 skb_reset_network_header(skb2);
897 memmove(skb2->data, skb2->data + nhs, data_len - nhs);
898 memset(skb2->data + data_len - nhs, 0, nhs);
899 /* RFC 4884 4.5 : Length is measured in 64-bit words,
900 * and stored in reserved[0]
901 */
902 info = (data_len/8) << 24;
903 }
904 if (type == ICMP_TIME_EXCEEDED)
905 icmp6_send(skb2, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT,
906 info, &temp_saddr, IP6CB(skb2));
907 else
908 icmp6_send(skb2, ICMPV6_DEST_UNREACH, ICMPV6_ADDR_UNREACH,
909 info, &temp_saddr, IP6CB(skb2));
910 if (rt)
911 ip6_rt_put(rt);
912
913 kfree_skb(skb2);
914
915 return 0;
916 }
917 EXPORT_SYMBOL(ip6_err_gen_icmpv6_unreach);
918
icmpv6_echo_reply(struct sk_buff * skb)919 static enum skb_drop_reason icmpv6_echo_reply(struct sk_buff *skb)
920 {
921 struct net *net = dev_net_rcu(skb->dev);
922 struct sock *sk;
923 struct inet6_dev *idev;
924 struct ipv6_pinfo *np;
925 const struct in6_addr *saddr = NULL;
926 struct icmp6hdr *icmph = icmp6_hdr(skb);
927 bool apply_ratelimit = false;
928 struct icmp6hdr tmp_hdr;
929 struct flowi6 fl6;
930 struct icmpv6_msg msg;
931 struct dst_entry *dst;
932 struct ipcm6_cookie ipc6;
933 u32 mark = IP6_REPLY_MARK(net, skb->mark);
934 SKB_DR(reason);
935 bool acast;
936 u8 type;
937
938 if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr) &&
939 net->ipv6.sysctl.icmpv6_echo_ignore_multicast)
940 return reason;
941
942 saddr = &ipv6_hdr(skb)->daddr;
943
944 acast = ipv6_anycast_destination(skb_dst(skb), saddr);
945 if (acast && net->ipv6.sysctl.icmpv6_echo_ignore_anycast)
946 return reason;
947
948 if (!ipv6_unicast_destination(skb) &&
949 !(net->ipv6.sysctl.anycast_src_echo_reply && acast))
950 saddr = NULL;
951
952 if (icmph->icmp6_type == ICMPV6_EXT_ECHO_REQUEST)
953 type = ICMPV6_EXT_ECHO_REPLY;
954 else
955 type = ICMPV6_ECHO_REPLY;
956
957 memcpy(&tmp_hdr, icmph, sizeof(tmp_hdr));
958 tmp_hdr.icmp6_type = type;
959
960 memset(&fl6, 0, sizeof(fl6));
961 if (net->ipv6.sysctl.flowlabel_reflect & FLOWLABEL_REFLECT_ICMPV6_ECHO_REPLIES)
962 fl6.flowlabel = ip6_flowlabel(ipv6_hdr(skb));
963
964 fl6.flowi6_proto = IPPROTO_ICMPV6;
965 fl6.daddr = ipv6_hdr(skb)->saddr;
966 if (saddr)
967 fl6.saddr = *saddr;
968 fl6.flowi6_oif = ipv6_addr_loopback(&fl6.daddr) ?
969 skb->dev->ifindex :
970 icmp6_iif(skb);
971 fl6.fl6_icmp_type = type;
972 fl6.flowi6_mark = mark;
973 fl6.flowi6_uid = sock_net_uid(net, NULL);
974 security_skb_classify_flow(skb, flowi6_to_flowi_common(&fl6));
975
976 local_bh_disable();
977 sk = icmpv6_xmit_lock(net);
978 if (!sk)
979 goto out_bh_enable;
980 np = inet6_sk(sk);
981
982 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
983 fl6.flowi6_oif = READ_ONCE(np->mcast_oif);
984 else if (!fl6.flowi6_oif)
985 fl6.flowi6_oif = READ_ONCE(np->ucast_oif);
986
987 if (ip6_dst_lookup(net, sk, &dst, &fl6))
988 goto out;
989 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), sk, 0);
990 if (IS_ERR(dst))
991 goto out;
992
993 /* Check the ratelimit */
994 if ((!(skb->dev->flags & IFF_LOOPBACK) &&
995 !icmpv6_global_allow(net, ICMPV6_ECHO_REPLY, &apply_ratelimit)) ||
996 !icmpv6_xrlim_allow(sk, ICMPV6_ECHO_REPLY, &fl6, apply_ratelimit))
997 goto out_dst_release;
998
999 idev = __in6_dev_get(skb->dev);
1000
1001 msg.skb = skb;
1002 msg.offset = 0;
1003 msg.type = type;
1004
1005 ipcm6_init_sk(&ipc6, sk);
1006 ipc6.hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst);
1007 ipc6.tclass = ipv6_get_dsfield(ipv6_hdr(skb));
1008 ipc6.sockc.mark = mark;
1009
1010 if (icmph->icmp6_type == ICMPV6_EXT_ECHO_REQUEST)
1011 if (!icmp_build_probe(skb, (struct icmphdr *)&tmp_hdr))
1012 goto out_dst_release;
1013
1014 if (ip6_append_data(sk, icmpv6_getfrag, &msg,
1015 skb->len + sizeof(struct icmp6hdr),
1016 sizeof(struct icmp6hdr), &ipc6, &fl6,
1017 dst_rt6_info(dst), MSG_DONTWAIT)) {
1018 __ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTERRORS);
1019 ip6_flush_pending_frames(sk);
1020 } else {
1021 icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr,
1022 skb->len + sizeof(struct icmp6hdr));
1023 reason = SKB_CONSUMED;
1024 }
1025 out_dst_release:
1026 dst_release(dst);
1027 out:
1028 icmpv6_xmit_unlock(sk);
1029 out_bh_enable:
1030 local_bh_enable();
1031 return reason;
1032 }
1033
icmpv6_notify(struct sk_buff * skb,u8 type,u8 code,__be32 info)1034 enum skb_drop_reason icmpv6_notify(struct sk_buff *skb, u8 type,
1035 u8 code, __be32 info)
1036 {
1037 struct inet6_skb_parm *opt = IP6CB(skb);
1038 struct net *net = dev_net_rcu(skb->dev);
1039 const struct inet6_protocol *ipprot;
1040 enum skb_drop_reason reason;
1041 int inner_offset;
1042 __be16 frag_off;
1043 u8 nexthdr;
1044
1045 reason = pskb_may_pull_reason(skb, sizeof(struct ipv6hdr));
1046 if (reason != SKB_NOT_DROPPED_YET)
1047 goto out;
1048
1049 seg6_icmp_srh(skb, opt);
1050
1051 nexthdr = ((struct ipv6hdr *)skb->data)->nexthdr;
1052 if (ipv6_ext_hdr(nexthdr)) {
1053 /* now skip over extension headers */
1054 inner_offset = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr),
1055 &nexthdr, &frag_off);
1056 if (inner_offset < 0) {
1057 SKB_DR_SET(reason, IPV6_BAD_EXTHDR);
1058 goto out;
1059 }
1060 } else {
1061 inner_offset = sizeof(struct ipv6hdr);
1062 }
1063
1064 /* Checkin header including 8 bytes of inner protocol header. */
1065 reason = pskb_may_pull_reason(skb, inner_offset + 8);
1066 if (reason != SKB_NOT_DROPPED_YET)
1067 goto out;
1068
1069 /* BUGGG_FUTURE: we should try to parse exthdrs in this packet.
1070 Without this we will not able f.e. to make source routed
1071 pmtu discovery.
1072 Corresponding argument (opt) to notifiers is already added.
1073 --ANK (980726)
1074 */
1075
1076 ipprot = rcu_dereference(inet6_protos[nexthdr]);
1077 if (ipprot && ipprot->err_handler)
1078 ipprot->err_handler(skb, opt, type, code, inner_offset, info);
1079
1080 raw6_icmp_error(skb, nexthdr, type, code, inner_offset, info);
1081 return SKB_CONSUMED;
1082
1083 out:
1084 __ICMP6_INC_STATS(net, __in6_dev_get(skb->dev), ICMP6_MIB_INERRORS);
1085 return reason;
1086 }
1087
1088 /*
1089 * Handle icmp messages
1090 */
1091
icmpv6_rcv(struct sk_buff * skb)1092 static int icmpv6_rcv(struct sk_buff *skb)
1093 {
1094 enum skb_drop_reason reason = SKB_DROP_REASON_NOT_SPECIFIED;
1095 struct net *net = dev_net_rcu(skb->dev);
1096 struct net_device *dev = icmp6_dev(skb);
1097 struct inet6_dev *idev = __in6_dev_get(dev);
1098 const struct in6_addr *saddr, *daddr;
1099 struct icmp6hdr *hdr;
1100 u8 type;
1101
1102 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
1103 struct sec_path *sp = skb_sec_path(skb);
1104 int nh;
1105
1106 if (!(sp && sp->xvec[sp->len - 1]->props.flags &
1107 XFRM_STATE_ICMP)) {
1108 reason = SKB_DROP_REASON_XFRM_POLICY;
1109 goto drop_no_count;
1110 }
1111
1112 if (!pskb_may_pull(skb, sizeof(*hdr) + sizeof(struct ipv6hdr)))
1113 goto drop_no_count;
1114
1115 nh = skb_network_offset(skb);
1116 skb_set_network_header(skb, sizeof(*hdr));
1117
1118 if (!xfrm6_policy_check_reverse(NULL, XFRM_POLICY_IN,
1119 skb)) {
1120 reason = SKB_DROP_REASON_XFRM_POLICY;
1121 goto drop_no_count;
1122 }
1123
1124 skb_set_network_header(skb, nh);
1125 }
1126
1127 __ICMP6_INC_STATS(dev_net_rcu(dev), idev, ICMP6_MIB_INMSGS);
1128
1129 saddr = &ipv6_hdr(skb)->saddr;
1130 daddr = &ipv6_hdr(skb)->daddr;
1131
1132 if (skb_checksum_validate(skb, IPPROTO_ICMPV6, ip6_compute_pseudo)) {
1133 net_dbg_ratelimited("ICMPv6 checksum failed [%pI6c > %pI6c]\n",
1134 saddr, daddr);
1135 goto csum_error;
1136 }
1137
1138 if (!pskb_pull(skb, sizeof(*hdr)))
1139 goto discard_it;
1140
1141 hdr = icmp6_hdr(skb);
1142
1143 type = hdr->icmp6_type;
1144
1145 ICMP6MSGIN_INC_STATS(dev_net_rcu(dev), idev, type);
1146
1147 switch (type) {
1148 case ICMPV6_ECHO_REQUEST:
1149 if (!net->ipv6.sysctl.icmpv6_echo_ignore_all)
1150 reason = icmpv6_echo_reply(skb);
1151 break;
1152 case ICMPV6_EXT_ECHO_REQUEST:
1153 if (!net->ipv6.sysctl.icmpv6_echo_ignore_all &&
1154 READ_ONCE(net->ipv4.sysctl_icmp_echo_enable_probe))
1155 reason = icmpv6_echo_reply(skb);
1156 break;
1157
1158 case ICMPV6_ECHO_REPLY:
1159 case ICMPV6_EXT_ECHO_REPLY:
1160 ping_rcv(skb);
1161 return 0;
1162
1163 case ICMPV6_PKT_TOOBIG:
1164 /* BUGGG_FUTURE: if packet contains rthdr, we cannot update
1165 standard destination cache. Seems, only "advanced"
1166 destination cache will allow to solve this problem
1167 --ANK (980726)
1168 */
1169 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
1170 goto discard_it;
1171 hdr = icmp6_hdr(skb);
1172
1173 /* to notify */
1174 fallthrough;
1175 case ICMPV6_DEST_UNREACH:
1176 case ICMPV6_TIME_EXCEED:
1177 case ICMPV6_PARAMPROB:
1178 reason = icmpv6_notify(skb, type, hdr->icmp6_code,
1179 hdr->icmp6_mtu);
1180 break;
1181
1182 case NDISC_ROUTER_SOLICITATION:
1183 case NDISC_ROUTER_ADVERTISEMENT:
1184 case NDISC_NEIGHBOUR_SOLICITATION:
1185 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1186 case NDISC_REDIRECT:
1187 reason = ndisc_rcv(skb);
1188 break;
1189
1190 case ICMPV6_MGM_QUERY:
1191 igmp6_event_query(skb);
1192 return 0;
1193
1194 case ICMPV6_MGM_REPORT:
1195 igmp6_event_report(skb);
1196 return 0;
1197
1198 case ICMPV6_MGM_REDUCTION:
1199 case ICMPV6_NI_QUERY:
1200 case ICMPV6_NI_REPLY:
1201 case ICMPV6_MLD2_REPORT:
1202 case ICMPV6_DHAAD_REQUEST:
1203 case ICMPV6_DHAAD_REPLY:
1204 case ICMPV6_MOBILE_PREFIX_SOL:
1205 case ICMPV6_MOBILE_PREFIX_ADV:
1206 break;
1207
1208 default:
1209 /* informational */
1210 if (type & ICMPV6_INFOMSG_MASK)
1211 break;
1212
1213 net_dbg_ratelimited("icmpv6: msg of unknown type [%pI6c > %pI6c]\n",
1214 saddr, daddr);
1215
1216 /*
1217 * error of unknown type.
1218 * must pass to upper level
1219 */
1220
1221 reason = icmpv6_notify(skb, type, hdr->icmp6_code,
1222 hdr->icmp6_mtu);
1223 }
1224
1225 /* until the v6 path can be better sorted assume failure and
1226 * preserve the status quo behaviour for the rest of the paths to here
1227 */
1228 if (reason)
1229 kfree_skb_reason(skb, reason);
1230 else
1231 consume_skb(skb);
1232
1233 return 0;
1234
1235 csum_error:
1236 reason = SKB_DROP_REASON_ICMP_CSUM;
1237 __ICMP6_INC_STATS(dev_net_rcu(dev), idev, ICMP6_MIB_CSUMERRORS);
1238 discard_it:
1239 __ICMP6_INC_STATS(dev_net_rcu(dev), idev, ICMP6_MIB_INERRORS);
1240 drop_no_count:
1241 kfree_skb_reason(skb, reason);
1242 return 0;
1243 }
1244
icmpv6_flow_init(const struct sock * sk,struct flowi6 * fl6,u8 type,const struct in6_addr * saddr,const struct in6_addr * daddr,int oif)1245 void icmpv6_flow_init(const struct sock *sk, struct flowi6 *fl6, u8 type,
1246 const struct in6_addr *saddr,
1247 const struct in6_addr *daddr, int oif)
1248 {
1249 memset(fl6, 0, sizeof(*fl6));
1250 fl6->saddr = *saddr;
1251 fl6->daddr = *daddr;
1252 fl6->flowi6_proto = IPPROTO_ICMPV6;
1253 fl6->fl6_icmp_type = type;
1254 fl6->fl6_icmp_code = 0;
1255 fl6->flowi6_oif = oif;
1256 security_sk_classify_flow(sk, flowi6_to_flowi_common(fl6));
1257 }
1258
icmpv6_init(void)1259 int __init icmpv6_init(void)
1260 {
1261 struct sock *sk;
1262 int err, i;
1263
1264 for_each_possible_cpu(i) {
1265 err = inet_ctl_sock_create(&sk, PF_INET6,
1266 SOCK_RAW, IPPROTO_ICMPV6, &init_net);
1267 if (err < 0) {
1268 pr_err("Failed to initialize the ICMP6 control socket (err %d)\n",
1269 err);
1270 return err;
1271 }
1272
1273 per_cpu(ipv6_icmp_sk, i) = sk;
1274
1275 /* Enough space for 2 64K ICMP packets, including
1276 * sk_buff struct overhead.
1277 */
1278 sk->sk_sndbuf = 2 * SKB_TRUESIZE(64 * 1024);
1279 }
1280
1281 err = -EAGAIN;
1282 if (inet6_add_protocol(&icmpv6_protocol, IPPROTO_ICMPV6) < 0)
1283 goto fail;
1284
1285 err = inet6_register_icmp_sender(icmp6_send);
1286 if (err)
1287 goto sender_reg_err;
1288 return 0;
1289
1290 sender_reg_err:
1291 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6);
1292 fail:
1293 pr_err("Failed to register ICMP6 protocol\n");
1294 return err;
1295 }
1296
icmpv6_cleanup(void)1297 void icmpv6_cleanup(void)
1298 {
1299 inet6_unregister_icmp_sender(icmp6_send);
1300 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6);
1301 }
1302
1303
1304 static const struct icmp6_err {
1305 int err;
1306 int fatal;
1307 } tab_unreach[] = {
1308 { /* NOROUTE */
1309 .err = ENETUNREACH,
1310 .fatal = 0,
1311 },
1312 { /* ADM_PROHIBITED */
1313 .err = EACCES,
1314 .fatal = 1,
1315 },
1316 { /* Was NOT_NEIGHBOUR, now reserved */
1317 .err = EHOSTUNREACH,
1318 .fatal = 0,
1319 },
1320 { /* ADDR_UNREACH */
1321 .err = EHOSTUNREACH,
1322 .fatal = 0,
1323 },
1324 { /* PORT_UNREACH */
1325 .err = ECONNREFUSED,
1326 .fatal = 1,
1327 },
1328 { /* POLICY_FAIL */
1329 .err = EACCES,
1330 .fatal = 1,
1331 },
1332 { /* REJECT_ROUTE */
1333 .err = EACCES,
1334 .fatal = 1,
1335 },
1336 };
1337
icmpv6_err_convert(u8 type,u8 code,int * err)1338 int icmpv6_err_convert(u8 type, u8 code, int *err)
1339 {
1340 int fatal = 0;
1341
1342 *err = EPROTO;
1343
1344 switch (type) {
1345 case ICMPV6_DEST_UNREACH:
1346 fatal = 1;
1347 if (code < ARRAY_SIZE(tab_unreach)) {
1348 *err = tab_unreach[code].err;
1349 fatal = tab_unreach[code].fatal;
1350 }
1351 break;
1352
1353 case ICMPV6_PKT_TOOBIG:
1354 *err = EMSGSIZE;
1355 break;
1356
1357 case ICMPV6_PARAMPROB:
1358 *err = EPROTO;
1359 fatal = 1;
1360 break;
1361
1362 case ICMPV6_TIME_EXCEED:
1363 *err = EHOSTUNREACH;
1364 break;
1365 }
1366
1367 return fatal;
1368 }
1369 EXPORT_SYMBOL(icmpv6_err_convert);
1370
1371 #ifdef CONFIG_SYSCTL
1372
1373 static u32 icmpv6_errors_extension_mask_all =
1374 GENMASK_U8(ICMP_ERR_EXT_COUNT - 1, 0);
1375
1376 static struct ctl_table ipv6_icmp_table_template[] = {
1377 {
1378 .procname = "ratelimit",
1379 .data = &init_net.ipv6.sysctl.icmpv6_time,
1380 .maxlen = sizeof(int),
1381 .mode = 0644,
1382 .proc_handler = proc_dointvec_ms_jiffies,
1383 },
1384 {
1385 .procname = "echo_ignore_all",
1386 .data = &init_net.ipv6.sysctl.icmpv6_echo_ignore_all,
1387 .maxlen = sizeof(u8),
1388 .mode = 0644,
1389 .proc_handler = proc_dou8vec_minmax,
1390 },
1391 {
1392 .procname = "echo_ignore_multicast",
1393 .data = &init_net.ipv6.sysctl.icmpv6_echo_ignore_multicast,
1394 .maxlen = sizeof(u8),
1395 .mode = 0644,
1396 .proc_handler = proc_dou8vec_minmax,
1397 },
1398 {
1399 .procname = "echo_ignore_anycast",
1400 .data = &init_net.ipv6.sysctl.icmpv6_echo_ignore_anycast,
1401 .maxlen = sizeof(u8),
1402 .mode = 0644,
1403 .proc_handler = proc_dou8vec_minmax,
1404 },
1405 {
1406 .procname = "ratemask",
1407 .data = &init_net.ipv6.sysctl.icmpv6_ratemask_ptr,
1408 .maxlen = ICMPV6_MSG_MAX + 1,
1409 .mode = 0644,
1410 .proc_handler = proc_do_large_bitmap,
1411 },
1412 {
1413 .procname = "error_anycast_as_unicast",
1414 .data = &init_net.ipv6.sysctl.icmpv6_error_anycast_as_unicast,
1415 .maxlen = sizeof(u8),
1416 .mode = 0644,
1417 .proc_handler = proc_dou8vec_minmax,
1418 .extra1 = SYSCTL_ZERO,
1419 .extra2 = SYSCTL_ONE,
1420 },
1421 {
1422 .procname = "errors_extension_mask",
1423 .data = &init_net.ipv6.sysctl.icmpv6_errors_extension_mask,
1424 .maxlen = sizeof(u8),
1425 .mode = 0644,
1426 .proc_handler = proc_dou8vec_minmax,
1427 .extra1 = SYSCTL_ZERO,
1428 .extra2 = &icmpv6_errors_extension_mask_all,
1429 },
1430 };
1431
ipv6_icmp_sysctl_init(struct net * net)1432 struct ctl_table * __net_init ipv6_icmp_sysctl_init(struct net *net)
1433 {
1434 struct ctl_table *table;
1435
1436 table = kmemdup(ipv6_icmp_table_template,
1437 sizeof(ipv6_icmp_table_template),
1438 GFP_KERNEL);
1439
1440 if (table) {
1441 table[0].data = &net->ipv6.sysctl.icmpv6_time;
1442 table[1].data = &net->ipv6.sysctl.icmpv6_echo_ignore_all;
1443 table[2].data = &net->ipv6.sysctl.icmpv6_echo_ignore_multicast;
1444 table[3].data = &net->ipv6.sysctl.icmpv6_echo_ignore_anycast;
1445 table[4].data = &net->ipv6.sysctl.icmpv6_ratemask_ptr;
1446 table[5].data = &net->ipv6.sysctl.icmpv6_error_anycast_as_unicast;
1447 table[6].data = &net->ipv6.sysctl.icmpv6_errors_extension_mask;
1448 }
1449 return table;
1450 }
1451
ipv6_icmp_sysctl_table_size(void)1452 size_t ipv6_icmp_sysctl_table_size(void)
1453 {
1454 return ARRAY_SIZE(ipv6_icmp_table_template);
1455 }
1456 #endif
1457