1 /* 2 * Copyright (c) 1982, 1986, 1988, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. All advertising materials mentioning features or use of this software 14 * must display the following acknowledgement: 15 * This product includes software developed by the University of 16 * California, Berkeley and its contributors. 17 * 4. Neither the name of the University nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 * 33 * @(#)ip_icmp.c 8.2 (Berkeley) 1/4/94 34 * $Id$ 35 */ 36 37 #include <sys/param.h> 38 #include <sys/systm.h> 39 #include <sys/malloc.h> 40 #include <sys/mbuf.h> 41 #include <sys/protosw.h> 42 #include <sys/socket.h> 43 #include <sys/time.h> 44 #include <sys/kernel.h> 45 46 #include <net/if.h> 47 #include <net/route.h> 48 49 #include <netinet/in.h> 50 #include <netinet/in_systm.h> 51 #include <netinet/in_var.h> 52 #include <netinet/ip.h> 53 #include <netinet/ip_icmp.h> 54 #include <netinet/icmp_var.h> 55 56 /* 57 * ICMP routines: error generation, receive packet processing, and 58 * routines to turnaround packets back to the originator, and 59 * host table maintenance routines. 60 */ 61 62 int icmpmaskrepl = 0; 63 #ifdef ICMPPRINTFS 64 int icmpprintfs = 0; 65 #endif 66 67 extern struct protosw inetsw[]; 68 69 /* 70 * Generate an error packet of type error 71 * in response to bad packet ip. 72 */ 73 void 74 icmp_error(n, type, code, dest, destifp) 75 struct mbuf *n; 76 int type, code; 77 n_long dest; 78 struct ifnet *destifp; 79 { 80 register struct ip *oip = mtod(n, struct ip *), *nip; 81 register unsigned oiplen = oip->ip_hl << 2; 82 register struct icmp *icp; 83 register struct mbuf *m; 84 unsigned icmplen; 85 86 #ifdef ICMPPRINTFS 87 if (icmpprintfs) 88 printf("icmp_error(%x, %d, %d)\n", oip, type, code); 89 #endif 90 if (type != ICMP_REDIRECT) 91 icmpstat.icps_error++; 92 /* 93 * Don't send error if not the first fragment of message. 94 * Don't error if the old packet protocol was ICMP 95 * error message, only known informational types. 96 */ 97 if (oip->ip_off &~ (IP_MF|IP_DF)) 98 goto freeit; 99 if (oip->ip_p == IPPROTO_ICMP && type != ICMP_REDIRECT && 100 n->m_len >= oiplen + ICMP_MINLEN && 101 !ICMP_INFOTYPE(((struct icmp *)((caddr_t)oip + oiplen))->icmp_type)) { 102 icmpstat.icps_oldicmp++; 103 goto freeit; 104 } 105 /* Don't send error in response to a multicast or broadcast packet */ 106 if (n->m_flags & (M_BCAST|M_MCAST)) 107 goto freeit; 108 /* 109 * First, formulate icmp message 110 */ 111 m = m_gethdr(M_DONTWAIT, MT_HEADER); 112 if (m == NULL) 113 goto freeit; 114 icmplen = oiplen + min(8, oip->ip_len); 115 m->m_len = icmplen + ICMP_MINLEN; 116 MH_ALIGN(m, m->m_len); 117 icp = mtod(m, struct icmp *); 118 if ((u_int)type > ICMP_MAXTYPE) 119 panic("icmp_error"); 120 icmpstat.icps_outhist[type]++; 121 icp->icmp_type = type; 122 if (type == ICMP_REDIRECT) 123 icp->icmp_gwaddr.s_addr = dest; 124 else { 125 icp->icmp_void = 0; 126 /* 127 * The following assignments assume an overlay with the 128 * zeroed icmp_void field. 129 */ 130 if (type == ICMP_PARAMPROB) { 131 icp->icmp_pptr = code; 132 code = 0; 133 } else if (type == ICMP_UNREACH && 134 code == ICMP_UNREACH_NEEDFRAG && destifp) { 135 icp->icmp_nextmtu = htons(destifp->if_mtu); 136 } 137 } 138 139 icp->icmp_code = code; 140 bcopy((caddr_t)oip, (caddr_t)&icp->icmp_ip, icmplen); 141 nip = &icp->icmp_ip; 142 nip->ip_len = htons((u_short)(nip->ip_len + oiplen)); 143 144 /* 145 * Now, copy old ip header (without options) 146 * in front of icmp message. 147 */ 148 if (m->m_data - sizeof(struct ip) < m->m_pktdat) 149 panic("icmp len"); 150 m->m_data -= sizeof(struct ip); 151 m->m_len += sizeof(struct ip); 152 m->m_pkthdr.len = m->m_len; 153 m->m_pkthdr.rcvif = n->m_pkthdr.rcvif; 154 nip = mtod(m, struct ip *); 155 bcopy((caddr_t)oip, (caddr_t)nip, sizeof(struct ip)); 156 nip->ip_len = m->m_len; 157 nip->ip_hl = sizeof(struct ip) >> 2; 158 nip->ip_p = IPPROTO_ICMP; 159 nip->ip_tos = 0; 160 icmp_reflect(m); 161 162 freeit: 163 m_freem(n); 164 } 165 166 static struct sockaddr_in icmpsrc = { sizeof (struct sockaddr_in), AF_INET }; 167 static struct sockaddr_in icmpdst = { sizeof (struct sockaddr_in), AF_INET }; 168 static struct sockaddr_in icmpgw = { sizeof (struct sockaddr_in), AF_INET }; 169 struct sockaddr_in icmpmask = { 8, 0 }; 170 171 /* 172 * Process a received ICMP message. 173 */ 174 void 175 icmp_input(m, hlen) 176 register struct mbuf *m; 177 int hlen; 178 { 179 register struct icmp *icp; 180 register struct ip *ip = mtod(m, struct ip *); 181 int icmplen = ip->ip_len; 182 register int i; 183 struct in_ifaddr *ia; 184 void (*ctlfunc) __P((int, struct sockaddr *, struct ip *)); 185 int code; 186 extern u_char ip_protox[]; 187 188 /* 189 * Locate icmp structure in mbuf, and check 190 * that not corrupted and of at least minimum length. 191 */ 192 #ifdef ICMPPRINTFS 193 if (icmpprintfs) 194 printf("icmp_input from %x to %x, len %d\n", 195 ntohl(ip->ip_src.s_addr), ntohl(ip->ip_dst.s_addr), 196 icmplen); 197 #endif 198 if (icmplen < ICMP_MINLEN) { 199 icmpstat.icps_tooshort++; 200 goto freeit; 201 } 202 i = hlen + min(icmplen, ICMP_ADVLENMIN); 203 if (m->m_len < i && (m = m_pullup(m, i)) == 0) { 204 icmpstat.icps_tooshort++; 205 return; 206 } 207 ip = mtod(m, struct ip *); 208 m->m_len -= hlen; 209 m->m_data += hlen; 210 icp = mtod(m, struct icmp *); 211 if (in_cksum(m, icmplen)) { 212 icmpstat.icps_checksum++; 213 goto freeit; 214 } 215 m->m_len += hlen; 216 m->m_data -= hlen; 217 218 #ifdef ICMPPRINTFS 219 /* 220 * Message type specific processing. 221 */ 222 if (icmpprintfs) 223 printf("icmp_input, type %d code %d\n", icp->icmp_type, 224 icp->icmp_code); 225 #endif 226 if (icp->icmp_type > ICMP_MAXTYPE) 227 goto raw; 228 icmpstat.icps_inhist[icp->icmp_type]++; 229 code = icp->icmp_code; 230 switch (icp->icmp_type) { 231 232 case ICMP_UNREACH: 233 switch (code) { 234 case ICMP_UNREACH_NET: 235 case ICMP_UNREACH_HOST: 236 case ICMP_UNREACH_PROTOCOL: 237 case ICMP_UNREACH_PORT: 238 case ICMP_UNREACH_SRCFAIL: 239 code += PRC_UNREACH_NET; 240 break; 241 242 case ICMP_UNREACH_NEEDFRAG: 243 code = PRC_MSGSIZE; 244 break; 245 246 case ICMP_UNREACH_NET_UNKNOWN: 247 case ICMP_UNREACH_NET_PROHIB: 248 case ICMP_UNREACH_TOSNET: 249 code = PRC_UNREACH_NET; 250 break; 251 252 case ICMP_UNREACH_HOST_UNKNOWN: 253 case ICMP_UNREACH_ISOLATED: 254 case ICMP_UNREACH_HOST_PROHIB: 255 case ICMP_UNREACH_TOSHOST: 256 code = PRC_UNREACH_HOST; 257 break; 258 259 default: 260 goto badcode; 261 } 262 goto deliver; 263 264 case ICMP_TIMXCEED: 265 if (code > 1) 266 goto badcode; 267 code += PRC_TIMXCEED_INTRANS; 268 goto deliver; 269 270 case ICMP_PARAMPROB: 271 if (code > 1) 272 goto badcode; 273 code = PRC_PARAMPROB; 274 goto deliver; 275 276 case ICMP_SOURCEQUENCH: 277 if (code) 278 goto badcode; 279 code = PRC_QUENCH; 280 deliver: 281 /* 282 * Problem with datagram; advise higher level routines. 283 */ 284 if (icmplen < ICMP_ADVLENMIN || icmplen < ICMP_ADVLEN(icp) || 285 icp->icmp_ip.ip_hl < (sizeof(struct ip) >> 2)) { 286 icmpstat.icps_badlen++; 287 goto freeit; 288 } 289 NTOHS(icp->icmp_ip.ip_len); 290 #ifdef ICMPPRINTFS 291 if (icmpprintfs) 292 printf("deliver to protocol %d\n", icp->icmp_ip.ip_p); 293 #endif 294 icmpsrc.sin_addr = icp->icmp_ip.ip_dst; 295 if (ctlfunc = inetsw[ip_protox[icp->icmp_ip.ip_p]].pr_ctlinput) 296 (*ctlfunc)(code, (struct sockaddr *)&icmpsrc, 297 &icp->icmp_ip); 298 break; 299 300 badcode: 301 icmpstat.icps_badcode++; 302 break; 303 304 case ICMP_ECHO: 305 icp->icmp_type = ICMP_ECHOREPLY; 306 goto reflect; 307 308 case ICMP_TSTAMP: 309 if (icmplen < ICMP_TSLEN) { 310 icmpstat.icps_badlen++; 311 break; 312 } 313 icp->icmp_type = ICMP_TSTAMPREPLY; 314 icp->icmp_rtime = iptime(); 315 icp->icmp_ttime = icp->icmp_rtime; /* bogus, do later! */ 316 goto reflect; 317 318 case ICMP_MASKREQ: 319 #define satosin(sa) ((struct sockaddr_in *)(sa)) 320 if (icmpmaskrepl == 0) 321 break; 322 /* 323 * We are not able to respond with all ones broadcast 324 * unless we receive it over a point-to-point interface. 325 */ 326 if (icmplen < ICMP_MASKLEN) 327 break; 328 switch (ip->ip_dst.s_addr) { 329 330 case INADDR_BROADCAST: 331 case INADDR_ANY: 332 icmpdst.sin_addr = ip->ip_src; 333 break; 334 335 default: 336 icmpdst.sin_addr = ip->ip_dst; 337 } 338 ia = (struct in_ifaddr *)ifaof_ifpforaddr( 339 (struct sockaddr *)&icmpdst, m->m_pkthdr.rcvif); 340 if (ia == 0) 341 break; 342 icp->icmp_type = ICMP_MASKREPLY; 343 icp->icmp_mask = ia->ia_sockmask.sin_addr.s_addr; 344 if (ip->ip_src.s_addr == 0) { 345 if (ia->ia_ifp->if_flags & IFF_BROADCAST) 346 ip->ip_src = satosin(&ia->ia_broadaddr)->sin_addr; 347 else if (ia->ia_ifp->if_flags & IFF_POINTOPOINT) 348 ip->ip_src = satosin(&ia->ia_dstaddr)->sin_addr; 349 } 350 reflect: 351 ip->ip_len += hlen; /* since ip_input deducts this */ 352 icmpstat.icps_reflect++; 353 icmpstat.icps_outhist[icp->icmp_type]++; 354 icmp_reflect(m); 355 return; 356 357 case ICMP_REDIRECT: 358 if (code > 3) 359 goto badcode; 360 if (icmplen < ICMP_ADVLENMIN || icmplen < ICMP_ADVLEN(icp) || 361 icp->icmp_ip.ip_hl < (sizeof(struct ip) >> 2)) { 362 icmpstat.icps_badlen++; 363 break; 364 } 365 /* 366 * Short circuit routing redirects to force 367 * immediate change in the kernel's routing 368 * tables. The message is also handed to anyone 369 * listening on a raw socket (e.g. the routing 370 * daemon for use in updating its tables). 371 */ 372 icmpgw.sin_addr = ip->ip_src; 373 icmpdst.sin_addr = icp->icmp_gwaddr; 374 #ifdef ICMPPRINTFS 375 if (icmpprintfs) 376 printf("redirect dst %x to %x\n", icp->icmp_ip.ip_dst, 377 icp->icmp_gwaddr); 378 #endif 379 icmpsrc.sin_addr = icp->icmp_ip.ip_dst; 380 rtredirect((struct sockaddr *)&icmpsrc, 381 (struct sockaddr *)&icmpdst, 382 (struct sockaddr *)0, RTF_GATEWAY | RTF_HOST, 383 (struct sockaddr *)&icmpgw, (struct rtentry **)0); 384 pfctlinput(PRC_REDIRECT_HOST, (struct sockaddr *)&icmpsrc); 385 break; 386 387 /* 388 * No kernel processing for the following; 389 * just fall through to send to raw listener. 390 */ 391 case ICMP_ECHOREPLY: 392 case ICMP_ROUTERADVERT: 393 case ICMP_ROUTERSOLICIT: 394 case ICMP_TSTAMPREPLY: 395 case ICMP_IREQREPLY: 396 case ICMP_MASKREPLY: 397 default: 398 break; 399 } 400 401 raw: 402 rip_input(m); 403 return; 404 405 freeit: 406 m_freem(m); 407 } 408 409 /* 410 * Reflect the ip packet back to the source 411 */ 412 void 413 icmp_reflect(m) 414 struct mbuf *m; 415 { 416 register struct ip *ip = mtod(m, struct ip *); 417 register struct in_ifaddr *ia; 418 struct in_addr t; 419 struct mbuf *opts = 0, *ip_srcroute(); 420 int optlen = (ip->ip_hl << 2) - sizeof(struct ip); 421 422 if (!in_canforward(ip->ip_src) && 423 ((ntohl(ip->ip_src.s_addr) & IN_CLASSA_NET) != 424 (IN_LOOPBACKNET << IN_CLASSA_NSHIFT))) { 425 m_freem(m); /* Bad return address */ 426 goto done; /* Ip_output() will check for broadcast */ 427 } 428 t = ip->ip_dst; 429 ip->ip_dst = ip->ip_src; 430 /* 431 * If the incoming packet was addressed directly to us, 432 * use dst as the src for the reply. Otherwise (broadcast 433 * or anonymous), use the address which corresponds 434 * to the incoming interface. 435 */ 436 for (ia = in_ifaddr; ia; ia = ia->ia_next) { 437 if (t.s_addr == IA_SIN(ia)->sin_addr.s_addr) 438 break; 439 if ((ia->ia_ifp->if_flags & IFF_BROADCAST) && 440 t.s_addr == satosin(&ia->ia_broadaddr)->sin_addr.s_addr) 441 break; 442 } 443 icmpdst.sin_addr = t; 444 if (ia == (struct in_ifaddr *)0) 445 ia = (struct in_ifaddr *)ifaof_ifpforaddr( 446 (struct sockaddr *)&icmpdst, m->m_pkthdr.rcvif); 447 /* 448 * The following happens if the packet was not addressed to us, 449 * and was received on an interface with no IP address. 450 */ 451 if (ia == (struct in_ifaddr *)0) 452 ia = in_ifaddr; 453 t = IA_SIN(ia)->sin_addr; 454 ip->ip_src = t; 455 ip->ip_ttl = MAXTTL; 456 457 if (optlen > 0) { 458 register u_char *cp; 459 int opt, cnt; 460 u_int len; 461 462 /* 463 * Retrieve any source routing from the incoming packet; 464 * add on any record-route or timestamp options. 465 */ 466 cp = (u_char *) (ip + 1); 467 if ((opts = ip_srcroute()) == 0 && 468 (opts = m_gethdr(M_DONTWAIT, MT_HEADER))) { 469 opts->m_len = sizeof(struct in_addr); 470 mtod(opts, struct in_addr *)->s_addr = 0; 471 } 472 if (opts) { 473 #ifdef ICMPPRINTFS 474 if (icmpprintfs) 475 printf("icmp_reflect optlen %d rt %d => ", 476 optlen, opts->m_len); 477 #endif 478 for (cnt = optlen; cnt > 0; cnt -= len, cp += len) { 479 opt = cp[IPOPT_OPTVAL]; 480 if (opt == IPOPT_EOL) 481 break; 482 if (opt == IPOPT_NOP) 483 len = 1; 484 else { 485 len = cp[IPOPT_OLEN]; 486 if (len <= 0 || len > cnt) 487 break; 488 } 489 /* 490 * Should check for overflow, but it "can't happen" 491 */ 492 if (opt == IPOPT_RR || opt == IPOPT_TS || 493 opt == IPOPT_SECURITY) { 494 bcopy((caddr_t)cp, 495 mtod(opts, caddr_t) + opts->m_len, len); 496 opts->m_len += len; 497 } 498 } 499 /* Terminate & pad, if necessary */ 500 if (cnt = opts->m_len % 4) { 501 for (; cnt < 4; cnt++) { 502 *(mtod(opts, caddr_t) + opts->m_len) = 503 IPOPT_EOL; 504 opts->m_len++; 505 } 506 } 507 #ifdef ICMPPRINTFS 508 if (icmpprintfs) 509 printf("%d\n", opts->m_len); 510 #endif 511 } 512 /* 513 * Now strip out original options by copying rest of first 514 * mbuf's data back, and adjust the IP length. 515 */ 516 ip->ip_len -= optlen; 517 ip->ip_hl = sizeof(struct ip) >> 2; 518 m->m_len -= optlen; 519 if (m->m_flags & M_PKTHDR) 520 m->m_pkthdr.len -= optlen; 521 optlen += sizeof(struct ip); 522 bcopy((caddr_t)ip + optlen, (caddr_t)(ip + 1), 523 (unsigned)(m->m_len - sizeof(struct ip))); 524 } 525 m->m_flags &= ~(M_BCAST|M_MCAST); 526 icmp_send(m, opts); 527 done: 528 if (opts) 529 (void)m_free(opts); 530 } 531 532 /* 533 * Send an icmp packet back to the ip level, 534 * after supplying a checksum. 535 */ 536 void 537 icmp_send(m, opts) 538 register struct mbuf *m; 539 struct mbuf *opts; 540 { 541 register struct ip *ip = mtod(m, struct ip *); 542 register int hlen; 543 register struct icmp *icp; 544 545 hlen = ip->ip_hl << 2; 546 m->m_data += hlen; 547 m->m_len -= hlen; 548 icp = mtod(m, struct icmp *); 549 icp->icmp_cksum = 0; 550 icp->icmp_cksum = in_cksum(m, ip->ip_len - hlen); 551 m->m_data -= hlen; 552 m->m_len += hlen; 553 #ifdef ICMPPRINTFS 554 if (icmpprintfs) 555 printf("icmp_send dst %x src %x\n", ip->ip_dst, ip->ip_src); 556 #endif 557 (void) ip_output(m, opts, NULL, 0, NULL); 558 } 559 560 n_time 561 iptime() 562 { 563 struct timeval atv; 564 u_long t; 565 566 microtime(&atv); 567 t = (atv.tv_sec % (24*60*60)) * 1000 + atv.tv_usec / 1000; 568 return (htonl(t)); 569 } 570 571 int 572 icmp_sysctl(name, namelen, oldp, oldlenp, newp, newlen) 573 int *name; 574 u_int namelen; 575 void *oldp; 576 size_t *oldlenp; 577 void *newp; 578 size_t newlen; 579 { 580 581 /* All sysctl names at this level are terminal. */ 582 if (namelen != 1) 583 return (ENOTDIR); 584 585 switch (name[0]) { 586 case ICMPCTL_MASKREPL: 587 return (sysctl_int(oldp, oldlenp, newp, newlen, &icmpmaskrepl)); 588 default: 589 return (ENOPROTOOPT); 590 } 591 /* NOTREACHED */ 592 } 593