1 /* 2 * Copyright (c) 1982, 1986, 1988, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. All advertising materials mentioning features or use of this software 14 * must display the following acknowledgement: 15 * This product includes software developed by the University of 16 * California, Berkeley and its contributors. 17 * 4. Neither the name of the University nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 * 33 * @(#)ip_icmp.c 8.2 (Berkeley) 1/4/94 34 * $Id: ip_icmp.c,v 1.4 1994/10/08 22:39:56 phk Exp $ 35 */ 36 37 #include <sys/param.h> 38 #include <sys/systm.h> 39 #include <sys/malloc.h> 40 #include <sys/mbuf.h> 41 #include <sys/protosw.h> 42 #include <sys/socket.h> 43 #include <sys/time.h> 44 #include <sys/kernel.h> 45 #include <sys/socket.h> 46 47 #include <net/if.h> 48 #include <net/route.h> 49 50 #include <netinet/in.h> 51 #include <netinet/in_systm.h> 52 #include <netinet/in_var.h> 53 #include <netinet/ip.h> 54 #include <netinet/ip_icmp.h> 55 #include <netinet/icmp_var.h> 56 57 /* 58 * ICMP routines: error generation, receive packet processing, and 59 * routines to turnaround packets back to the originator, and 60 * host table maintenance routines. 61 */ 62 63 struct icmpstat icmpstat; 64 int icmpmaskrepl = 0; 65 #ifdef ICMPPRINTFS 66 int icmpprintfs = 0; 67 #endif 68 69 extern struct protosw inetsw[]; 70 71 /* 72 * Generate an error packet of type error 73 * in response to bad packet ip. 74 */ 75 void 76 icmp_error(n, type, code, dest, destifp) 77 struct mbuf *n; 78 int type, code; 79 n_long dest; 80 struct ifnet *destifp; 81 { 82 register struct ip *oip = mtod(n, struct ip *), *nip; 83 register unsigned oiplen = oip->ip_hl << 2; 84 register struct icmp *icp; 85 register struct mbuf *m; 86 unsigned icmplen; 87 88 #ifdef ICMPPRINTFS 89 if (icmpprintfs) 90 printf("icmp_error(%p, %x, %d)\n", oip, type, code); 91 #endif 92 if (type != ICMP_REDIRECT) 93 icmpstat.icps_error++; 94 /* 95 * Don't send error if not the first fragment of message. 96 * Don't error if the old packet protocol was ICMP 97 * error message, only known informational types. 98 */ 99 if (oip->ip_off &~ (IP_MF|IP_DF)) 100 goto freeit; 101 if (oip->ip_p == IPPROTO_ICMP && type != ICMP_REDIRECT && 102 n->m_len >= oiplen + ICMP_MINLEN && 103 !ICMP_INFOTYPE(((struct icmp *)((caddr_t)oip + oiplen))->icmp_type)) { 104 icmpstat.icps_oldicmp++; 105 goto freeit; 106 } 107 /* Don't send error in response to a multicast or broadcast packet */ 108 if (n->m_flags & (M_BCAST|M_MCAST)) 109 goto freeit; 110 /* 111 * First, formulate icmp message 112 */ 113 m = m_gethdr(M_DONTWAIT, MT_HEADER); 114 if (m == NULL) 115 goto freeit; 116 icmplen = oiplen + min(8, oip->ip_len); 117 m->m_len = icmplen + ICMP_MINLEN; 118 MH_ALIGN(m, m->m_len); 119 icp = mtod(m, struct icmp *); 120 if ((u_int)type > ICMP_MAXTYPE) 121 panic("icmp_error"); 122 icmpstat.icps_outhist[type]++; 123 icp->icmp_type = type; 124 if (type == ICMP_REDIRECT) 125 icp->icmp_gwaddr.s_addr = dest; 126 else { 127 icp->icmp_void = 0; 128 /* 129 * The following assignments assume an overlay with the 130 * zeroed icmp_void field. 131 */ 132 if (type == ICMP_PARAMPROB) { 133 icp->icmp_pptr = code; 134 code = 0; 135 } else if (type == ICMP_UNREACH && 136 code == ICMP_UNREACH_NEEDFRAG && destifp) { 137 icp->icmp_nextmtu = htons(destifp->if_mtu); 138 } 139 } 140 141 icp->icmp_code = code; 142 bcopy((caddr_t)oip, (caddr_t)&icp->icmp_ip, icmplen); 143 nip = &icp->icmp_ip; 144 nip->ip_len = htons((u_short)(nip->ip_len + oiplen)); 145 146 /* 147 * Now, copy old ip header (without options) 148 * in front of icmp message. 149 */ 150 if (m->m_data - sizeof(struct ip) < m->m_pktdat) 151 panic("icmp len"); 152 m->m_data -= sizeof(struct ip); 153 m->m_len += sizeof(struct ip); 154 m->m_pkthdr.len = m->m_len; 155 m->m_pkthdr.rcvif = n->m_pkthdr.rcvif; 156 nip = mtod(m, struct ip *); 157 bcopy((caddr_t)oip, (caddr_t)nip, sizeof(struct ip)); 158 nip->ip_len = m->m_len; 159 nip->ip_hl = sizeof(struct ip) >> 2; 160 nip->ip_p = IPPROTO_ICMP; 161 nip->ip_tos = 0; 162 icmp_reflect(m); 163 164 freeit: 165 m_freem(n); 166 } 167 168 static struct sockaddr_in icmpsrc = { sizeof (struct sockaddr_in), AF_INET }; 169 static struct sockaddr_in icmpdst = { sizeof (struct sockaddr_in), AF_INET }; 170 static struct sockaddr_in icmpgw = { sizeof (struct sockaddr_in), AF_INET }; 171 struct sockaddr_in icmpmask = { 8, 0 }; 172 173 /* 174 * Process a received ICMP message. 175 */ 176 void 177 icmp_input(m, hlen) 178 register struct mbuf *m; 179 int hlen; 180 { 181 register struct icmp *icp; 182 register struct ip *ip = mtod(m, struct ip *); 183 int icmplen = ip->ip_len; 184 register int i; 185 struct in_ifaddr *ia; 186 void (*ctlfunc) __P((int, struct sockaddr *, struct ip *)); 187 int code; 188 extern u_char ip_protox[]; 189 190 /* 191 * Locate icmp structure in mbuf, and check 192 * that not corrupted and of at least minimum length. 193 */ 194 #ifdef ICMPPRINTFS 195 if (icmpprintfs) 196 printf("icmp_input from %lx to %lx, len %d\n", 197 ntohl(ip->ip_src.s_addr), ntohl(ip->ip_dst.s_addr), 198 icmplen); 199 #endif 200 if (icmplen < ICMP_MINLEN) { 201 icmpstat.icps_tooshort++; 202 goto freeit; 203 } 204 i = hlen + min(icmplen, ICMP_ADVLENMIN); 205 if (m->m_len < i && (m = m_pullup(m, i)) == 0) { 206 icmpstat.icps_tooshort++; 207 return; 208 } 209 ip = mtod(m, struct ip *); 210 m->m_len -= hlen; 211 m->m_data += hlen; 212 icp = mtod(m, struct icmp *); 213 if (in_cksum(m, icmplen)) { 214 icmpstat.icps_checksum++; 215 goto freeit; 216 } 217 m->m_len += hlen; 218 m->m_data -= hlen; 219 220 #ifdef ICMPPRINTFS 221 /* 222 * Message type specific processing. 223 */ 224 if (icmpprintfs) 225 printf("icmp_input, type %d code %d\n", icp->icmp_type, 226 icp->icmp_code); 227 #endif 228 if (icp->icmp_type > ICMP_MAXTYPE) 229 goto raw; 230 icmpstat.icps_inhist[icp->icmp_type]++; 231 code = icp->icmp_code; 232 switch (icp->icmp_type) { 233 234 case ICMP_UNREACH: 235 switch (code) { 236 case ICMP_UNREACH_NET: 237 case ICMP_UNREACH_HOST: 238 case ICMP_UNREACH_PROTOCOL: 239 case ICMP_UNREACH_PORT: 240 case ICMP_UNREACH_SRCFAIL: 241 code += PRC_UNREACH_NET; 242 break; 243 244 case ICMP_UNREACH_NEEDFRAG: 245 code = PRC_MSGSIZE; 246 break; 247 248 case ICMP_UNREACH_NET_UNKNOWN: 249 case ICMP_UNREACH_NET_PROHIB: 250 case ICMP_UNREACH_TOSNET: 251 code = PRC_UNREACH_NET; 252 break; 253 254 case ICMP_UNREACH_HOST_UNKNOWN: 255 case ICMP_UNREACH_ISOLATED: 256 case ICMP_UNREACH_HOST_PROHIB: 257 case ICMP_UNREACH_TOSHOST: 258 code = PRC_UNREACH_HOST; 259 break; 260 261 default: 262 goto badcode; 263 } 264 goto deliver; 265 266 case ICMP_TIMXCEED: 267 if (code > 1) 268 goto badcode; 269 code += PRC_TIMXCEED_INTRANS; 270 goto deliver; 271 272 case ICMP_PARAMPROB: 273 if (code > 1) 274 goto badcode; 275 code = PRC_PARAMPROB; 276 goto deliver; 277 278 case ICMP_SOURCEQUENCH: 279 if (code) 280 goto badcode; 281 code = PRC_QUENCH; 282 deliver: 283 /* 284 * Problem with datagram; advise higher level routines. 285 */ 286 if (icmplen < ICMP_ADVLENMIN || icmplen < ICMP_ADVLEN(icp) || 287 icp->icmp_ip.ip_hl < (sizeof(struct ip) >> 2)) { 288 icmpstat.icps_badlen++; 289 goto freeit; 290 } 291 NTOHS(icp->icmp_ip.ip_len); 292 #ifdef ICMPPRINTFS 293 if (icmpprintfs) 294 printf("deliver to protocol %d\n", icp->icmp_ip.ip_p); 295 #endif 296 icmpsrc.sin_addr = icp->icmp_ip.ip_dst; 297 ctlfunc = inetsw[ip_protox[icp->icmp_ip.ip_p]].pr_ctlinput; 298 if (ctlfunc) 299 (*ctlfunc)(code, (struct sockaddr *)&icmpsrc, 300 &icp->icmp_ip); 301 break; 302 303 badcode: 304 icmpstat.icps_badcode++; 305 break; 306 307 case ICMP_ECHO: 308 icp->icmp_type = ICMP_ECHOREPLY; 309 goto reflect; 310 311 case ICMP_TSTAMP: 312 if (icmplen < ICMP_TSLEN) { 313 icmpstat.icps_badlen++; 314 break; 315 } 316 icp->icmp_type = ICMP_TSTAMPREPLY; 317 icp->icmp_rtime = iptime(); 318 icp->icmp_ttime = icp->icmp_rtime; /* bogus, do later! */ 319 goto reflect; 320 321 case ICMP_MASKREQ: 322 #define satosin(sa) ((struct sockaddr_in *)(sa)) 323 if (icmpmaskrepl == 0) 324 break; 325 /* 326 * We are not able to respond with all ones broadcast 327 * unless we receive it over a point-to-point interface. 328 */ 329 if (icmplen < ICMP_MASKLEN) 330 break; 331 switch (ip->ip_dst.s_addr) { 332 333 case INADDR_BROADCAST: 334 case INADDR_ANY: 335 icmpdst.sin_addr = ip->ip_src; 336 break; 337 338 default: 339 icmpdst.sin_addr = ip->ip_dst; 340 } 341 ia = (struct in_ifaddr *)ifaof_ifpforaddr( 342 (struct sockaddr *)&icmpdst, m->m_pkthdr.rcvif); 343 if (ia == 0) 344 break; 345 icp->icmp_type = ICMP_MASKREPLY; 346 icp->icmp_mask = ia->ia_sockmask.sin_addr.s_addr; 347 if (ip->ip_src.s_addr == 0) { 348 if (ia->ia_ifp->if_flags & IFF_BROADCAST) 349 ip->ip_src = satosin(&ia->ia_broadaddr)->sin_addr; 350 else if (ia->ia_ifp->if_flags & IFF_POINTOPOINT) 351 ip->ip_src = satosin(&ia->ia_dstaddr)->sin_addr; 352 } 353 reflect: 354 ip->ip_len += hlen; /* since ip_input deducts this */ 355 icmpstat.icps_reflect++; 356 icmpstat.icps_outhist[icp->icmp_type]++; 357 icmp_reflect(m); 358 return; 359 360 case ICMP_REDIRECT: 361 if (code > 3) 362 goto badcode; 363 if (icmplen < ICMP_ADVLENMIN || icmplen < ICMP_ADVLEN(icp) || 364 icp->icmp_ip.ip_hl < (sizeof(struct ip) >> 2)) { 365 icmpstat.icps_badlen++; 366 break; 367 } 368 /* 369 * Short circuit routing redirects to force 370 * immediate change in the kernel's routing 371 * tables. The message is also handed to anyone 372 * listening on a raw socket (e.g. the routing 373 * daemon for use in updating its tables). 374 */ 375 icmpgw.sin_addr = ip->ip_src; 376 icmpdst.sin_addr = icp->icmp_gwaddr; 377 #ifdef ICMPPRINTFS 378 if (icmpprintfs) 379 printf("redirect dst %lx to %lx\n", 380 NTOHL(icp->icmp_ip.ip_dst.s_addr), 381 NTOHL(icp->icmp_gwaddr.s_addr)); 382 #endif 383 icmpsrc.sin_addr = icp->icmp_ip.ip_dst; 384 rtredirect((struct sockaddr *)&icmpsrc, 385 (struct sockaddr *)&icmpdst, 386 (struct sockaddr *)0, RTF_GATEWAY | RTF_HOST, 387 (struct sockaddr *)&icmpgw, (struct rtentry **)0); 388 pfctlinput(PRC_REDIRECT_HOST, (struct sockaddr *)&icmpsrc); 389 break; 390 391 /* 392 * No kernel processing for the following; 393 * just fall through to send to raw listener. 394 */ 395 case ICMP_ECHOREPLY: 396 case ICMP_ROUTERADVERT: 397 case ICMP_ROUTERSOLICIT: 398 case ICMP_TSTAMPREPLY: 399 case ICMP_IREQREPLY: 400 case ICMP_MASKREPLY: 401 default: 402 break; 403 } 404 405 raw: 406 rip_input(m); 407 return; 408 409 freeit: 410 m_freem(m); 411 } 412 413 /* 414 * Reflect the ip packet back to the source 415 */ 416 void 417 icmp_reflect(m) 418 struct mbuf *m; 419 { 420 register struct ip *ip = mtod(m, struct ip *); 421 register struct in_ifaddr *ia; 422 struct in_addr t; 423 struct mbuf *opts = 0, *ip_srcroute(); 424 int optlen = (ip->ip_hl << 2) - sizeof(struct ip); 425 426 if (!in_canforward(ip->ip_src) && 427 ((ntohl(ip->ip_src.s_addr) & IN_CLASSA_NET) != 428 (IN_LOOPBACKNET << IN_CLASSA_NSHIFT))) { 429 m_freem(m); /* Bad return address */ 430 goto done; /* Ip_output() will check for broadcast */ 431 } 432 t = ip->ip_dst; 433 ip->ip_dst = ip->ip_src; 434 /* 435 * If the incoming packet was addressed directly to us, 436 * use dst as the src for the reply. Otherwise (broadcast 437 * or anonymous), use the address which corresponds 438 * to the incoming interface. 439 */ 440 for (ia = in_ifaddr; ia; ia = ia->ia_next) { 441 if (t.s_addr == IA_SIN(ia)->sin_addr.s_addr) 442 break; 443 if ((ia->ia_ifp->if_flags & IFF_BROADCAST) && 444 t.s_addr == satosin(&ia->ia_broadaddr)->sin_addr.s_addr) 445 break; 446 } 447 icmpdst.sin_addr = t; 448 if (ia == (struct in_ifaddr *)0) 449 ia = (struct in_ifaddr *)ifaof_ifpforaddr( 450 (struct sockaddr *)&icmpdst, m->m_pkthdr.rcvif); 451 /* 452 * The following happens if the packet was not addressed to us, 453 * and was received on an interface with no IP address. 454 */ 455 if (ia == (struct in_ifaddr *)0) 456 ia = in_ifaddr; 457 t = IA_SIN(ia)->sin_addr; 458 ip->ip_src = t; 459 ip->ip_ttl = MAXTTL; 460 461 if (optlen > 0) { 462 register u_char *cp; 463 int opt, cnt; 464 u_int len; 465 466 /* 467 * Retrieve any source routing from the incoming packet; 468 * add on any record-route or timestamp options. 469 */ 470 cp = (u_char *) (ip + 1); 471 if ((opts = ip_srcroute()) == 0 && 472 (opts = m_gethdr(M_DONTWAIT, MT_HEADER))) { 473 opts->m_len = sizeof(struct in_addr); 474 mtod(opts, struct in_addr *)->s_addr = 0; 475 } 476 if (opts) { 477 #ifdef ICMPPRINTFS 478 if (icmpprintfs) 479 printf("icmp_reflect optlen %d rt %d => ", 480 optlen, opts->m_len); 481 #endif 482 for (cnt = optlen; cnt > 0; cnt -= len, cp += len) { 483 opt = cp[IPOPT_OPTVAL]; 484 if (opt == IPOPT_EOL) 485 break; 486 if (opt == IPOPT_NOP) 487 len = 1; 488 else { 489 len = cp[IPOPT_OLEN]; 490 if (len <= 0 || len > cnt) 491 break; 492 } 493 /* 494 * Should check for overflow, but it "can't happen" 495 */ 496 if (opt == IPOPT_RR || opt == IPOPT_TS || 497 opt == IPOPT_SECURITY) { 498 bcopy((caddr_t)cp, 499 mtod(opts, caddr_t) + opts->m_len, len); 500 opts->m_len += len; 501 } 502 } 503 /* Terminate & pad, if necessary */ 504 cnt = opts->m_len % 4; 505 if (cnt) { 506 for (; cnt < 4; cnt++) { 507 *(mtod(opts, caddr_t) + opts->m_len) = 508 IPOPT_EOL; 509 opts->m_len++; 510 } 511 } 512 #ifdef ICMPPRINTFS 513 if (icmpprintfs) 514 printf("%d\n", opts->m_len); 515 #endif 516 } 517 /* 518 * Now strip out original options by copying rest of first 519 * mbuf's data back, and adjust the IP length. 520 */ 521 ip->ip_len -= optlen; 522 ip->ip_hl = sizeof(struct ip) >> 2; 523 m->m_len -= optlen; 524 if (m->m_flags & M_PKTHDR) 525 m->m_pkthdr.len -= optlen; 526 optlen += sizeof(struct ip); 527 bcopy((caddr_t)ip + optlen, (caddr_t)(ip + 1), 528 (unsigned)(m->m_len - sizeof(struct ip))); 529 } 530 m->m_flags &= ~(M_BCAST|M_MCAST); 531 icmp_send(m, opts); 532 done: 533 if (opts) 534 (void)m_free(opts); 535 } 536 537 /* 538 * Send an icmp packet back to the ip level, 539 * after supplying a checksum. 540 */ 541 void 542 icmp_send(m, opts) 543 register struct mbuf *m; 544 struct mbuf *opts; 545 { 546 register struct ip *ip = mtod(m, struct ip *); 547 register int hlen; 548 register struct icmp *icp; 549 550 hlen = ip->ip_hl << 2; 551 m->m_data += hlen; 552 m->m_len -= hlen; 553 icp = mtod(m, struct icmp *); 554 icp->icmp_cksum = 0; 555 icp->icmp_cksum = in_cksum(m, ip->ip_len - hlen); 556 m->m_data -= hlen; 557 m->m_len += hlen; 558 #ifdef ICMPPRINTFS 559 if (icmpprintfs) 560 printf("icmp_send dst %lx src %lx\n", 561 NTOHL(ip->ip_dst.s_addr), NTOHL(ip->ip_src.s_addr)); 562 #endif 563 (void) ip_output(m, opts, NULL, 0, NULL); 564 } 565 566 n_time 567 iptime() 568 { 569 struct timeval atv; 570 u_long t; 571 572 microtime(&atv); 573 t = (atv.tv_sec % (24*60*60)) * 1000 + atv.tv_usec / 1000; 574 return (htonl(t)); 575 } 576 577 int 578 icmp_sysctl(name, namelen, oldp, oldlenp, newp, newlen) 579 int *name; 580 u_int namelen; 581 void *oldp; 582 size_t *oldlenp; 583 void *newp; 584 size_t newlen; 585 { 586 /* All sysctl names at this level are terminal. */ 587 if (namelen != 1) 588 return (ENOTDIR); /* XXX overloaded */ 589 590 switch (name[0]) { 591 case ICMPCTL_MASKREPL: 592 return (sysctl_int(oldp, oldlenp, newp, newlen, &icmpmaskrepl)); 593 case ICMPCTL_STATS: 594 return (sysctl_rdstruct(oldp, oldlenp, newp, &icmpstat, 595 sizeof icmpstat)); 596 default: 597 return (ENOPROTOOPT); 598 } 599 /* NOTREACHED */ 600 } 601