1 /* 2 * Copyright (c) 1982, 1986, 1988, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. All advertising materials mentioning features or use of this software 14 * must display the following acknowledgement: 15 * This product includes software developed by the University of 16 * California, Berkeley and its contributors. 17 * 4. Neither the name of the University nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 * 33 * @(#)ip_icmp.c 8.2 (Berkeley) 1/4/94 34 * $Id: ip_icmp.c,v 1.5 1995/02/16 00:27:43 wollman Exp $ 35 */ 36 37 #include <sys/param.h> 38 #include <sys/systm.h> 39 #include <sys/malloc.h> 40 #include <sys/mbuf.h> 41 #include <sys/protosw.h> 42 #include <sys/socket.h> 43 #include <sys/time.h> 44 #include <sys/kernel.h> 45 #include <sys/socket.h> 46 #include <vm/vm.h> 47 #include <sys/sysctl.h> 48 49 #include <net/if.h> 50 #include <net/route.h> 51 52 #include <netinet/in.h> 53 #include <netinet/in_systm.h> 54 #include <netinet/in_var.h> 55 #include <netinet/ip.h> 56 #include <netinet/ip_icmp.h> 57 #include <netinet/ip_var.h> 58 #include <netinet/icmp_var.h> 59 60 /* 61 * ICMP routines: error generation, receive packet processing, and 62 * routines to turnaround packets back to the originator, and 63 * host table maintenance routines. 64 */ 65 66 struct icmpstat icmpstat; 67 int icmpmaskrepl = 0; 68 #ifdef ICMPPRINTFS 69 int icmpprintfs = 0; 70 #endif 71 72 extern struct protosw inetsw[]; 73 74 /* 75 * Generate an error packet of type error 76 * in response to bad packet ip. 77 */ 78 void 79 icmp_error(n, type, code, dest, destifp) 80 struct mbuf *n; 81 int type, code; 82 n_long dest; 83 struct ifnet *destifp; 84 { 85 register struct ip *oip = mtod(n, struct ip *), *nip; 86 register unsigned oiplen = oip->ip_hl << 2; 87 register struct icmp *icp; 88 register struct mbuf *m; 89 unsigned icmplen; 90 91 #ifdef ICMPPRINTFS 92 if (icmpprintfs) 93 printf("icmp_error(%p, %x, %d)\n", oip, type, code); 94 #endif 95 if (type != ICMP_REDIRECT) 96 icmpstat.icps_error++; 97 /* 98 * Don't send error if not the first fragment of message. 99 * Don't error if the old packet protocol was ICMP 100 * error message, only known informational types. 101 */ 102 if (oip->ip_off &~ (IP_MF|IP_DF)) 103 goto freeit; 104 if (oip->ip_p == IPPROTO_ICMP && type != ICMP_REDIRECT && 105 n->m_len >= oiplen + ICMP_MINLEN && 106 !ICMP_INFOTYPE(((struct icmp *)((caddr_t)oip + oiplen))->icmp_type)) { 107 icmpstat.icps_oldicmp++; 108 goto freeit; 109 } 110 /* Don't send error in response to a multicast or broadcast packet */ 111 if (n->m_flags & (M_BCAST|M_MCAST)) 112 goto freeit; 113 /* 114 * First, formulate icmp message 115 */ 116 m = m_gethdr(M_DONTWAIT, MT_HEADER); 117 if (m == NULL) 118 goto freeit; 119 icmplen = oiplen + min(8, oip->ip_len); 120 m->m_len = icmplen + ICMP_MINLEN; 121 MH_ALIGN(m, m->m_len); 122 icp = mtod(m, struct icmp *); 123 if ((u_int)type > ICMP_MAXTYPE) 124 panic("icmp_error"); 125 icmpstat.icps_outhist[type]++; 126 icp->icmp_type = type; 127 if (type == ICMP_REDIRECT) 128 icp->icmp_gwaddr.s_addr = dest; 129 else { 130 icp->icmp_void = 0; 131 /* 132 * The following assignments assume an overlay with the 133 * zeroed icmp_void field. 134 */ 135 if (type == ICMP_PARAMPROB) { 136 icp->icmp_pptr = code; 137 code = 0; 138 } else if (type == ICMP_UNREACH && 139 code == ICMP_UNREACH_NEEDFRAG && destifp) { 140 icp->icmp_nextmtu = htons(destifp->if_mtu); 141 } 142 } 143 144 icp->icmp_code = code; 145 bcopy((caddr_t)oip, (caddr_t)&icp->icmp_ip, icmplen); 146 nip = &icp->icmp_ip; 147 nip->ip_len = htons((u_short)(nip->ip_len + oiplen)); 148 149 /* 150 * Now, copy old ip header (without options) 151 * in front of icmp message. 152 */ 153 if (m->m_data - sizeof(struct ip) < m->m_pktdat) 154 panic("icmp len"); 155 m->m_data -= sizeof(struct ip); 156 m->m_len += sizeof(struct ip); 157 m->m_pkthdr.len = m->m_len; 158 m->m_pkthdr.rcvif = n->m_pkthdr.rcvif; 159 nip = mtod(m, struct ip *); 160 bcopy((caddr_t)oip, (caddr_t)nip, sizeof(struct ip)); 161 nip->ip_len = m->m_len; 162 nip->ip_hl = sizeof(struct ip) >> 2; 163 nip->ip_p = IPPROTO_ICMP; 164 nip->ip_tos = 0; 165 icmp_reflect(m); 166 167 freeit: 168 m_freem(n); 169 } 170 171 static struct sockaddr_in icmpsrc = { sizeof (struct sockaddr_in), AF_INET }; 172 static struct sockaddr_in icmpdst = { sizeof (struct sockaddr_in), AF_INET }; 173 static struct sockaddr_in icmpgw = { sizeof (struct sockaddr_in), AF_INET }; 174 struct sockaddr_in icmpmask = { 8, 0 }; 175 176 /* 177 * Process a received ICMP message. 178 */ 179 void 180 icmp_input(m, hlen) 181 register struct mbuf *m; 182 int hlen; 183 { 184 register struct icmp *icp; 185 register struct ip *ip = mtod(m, struct ip *); 186 int icmplen = ip->ip_len; 187 register int i; 188 struct in_ifaddr *ia; 189 void (*ctlfunc) __P((int, struct sockaddr *, struct ip *)); 190 int code; 191 192 /* 193 * Locate icmp structure in mbuf, and check 194 * that not corrupted and of at least minimum length. 195 */ 196 #ifdef ICMPPRINTFS 197 if (icmpprintfs) 198 printf("icmp_input from %lx to %lx, len %d\n", 199 ntohl(ip->ip_src.s_addr), ntohl(ip->ip_dst.s_addr), 200 icmplen); 201 #endif 202 if (icmplen < ICMP_MINLEN) { 203 icmpstat.icps_tooshort++; 204 goto freeit; 205 } 206 i = hlen + min(icmplen, ICMP_ADVLENMIN); 207 if (m->m_len < i && (m = m_pullup(m, i)) == 0) { 208 icmpstat.icps_tooshort++; 209 return; 210 } 211 ip = mtod(m, struct ip *); 212 m->m_len -= hlen; 213 m->m_data += hlen; 214 icp = mtod(m, struct icmp *); 215 if (in_cksum(m, icmplen)) { 216 icmpstat.icps_checksum++; 217 goto freeit; 218 } 219 m->m_len += hlen; 220 m->m_data -= hlen; 221 222 #ifdef ICMPPRINTFS 223 /* 224 * Message type specific processing. 225 */ 226 if (icmpprintfs) 227 printf("icmp_input, type %d code %d\n", icp->icmp_type, 228 icp->icmp_code); 229 #endif 230 if (icp->icmp_type > ICMP_MAXTYPE) 231 goto raw; 232 icmpstat.icps_inhist[icp->icmp_type]++; 233 code = icp->icmp_code; 234 switch (icp->icmp_type) { 235 236 case ICMP_UNREACH: 237 switch (code) { 238 case ICMP_UNREACH_NET: 239 case ICMP_UNREACH_HOST: 240 case ICMP_UNREACH_PROTOCOL: 241 case ICMP_UNREACH_PORT: 242 case ICMP_UNREACH_SRCFAIL: 243 code += PRC_UNREACH_NET; 244 break; 245 246 case ICMP_UNREACH_NEEDFRAG: 247 code = PRC_MSGSIZE; 248 break; 249 250 case ICMP_UNREACH_NET_UNKNOWN: 251 case ICMP_UNREACH_NET_PROHIB: 252 case ICMP_UNREACH_TOSNET: 253 code = PRC_UNREACH_NET; 254 break; 255 256 case ICMP_UNREACH_HOST_UNKNOWN: 257 case ICMP_UNREACH_ISOLATED: 258 case ICMP_UNREACH_HOST_PROHIB: 259 case ICMP_UNREACH_TOSHOST: 260 code = PRC_UNREACH_HOST; 261 break; 262 263 default: 264 goto badcode; 265 } 266 goto deliver; 267 268 case ICMP_TIMXCEED: 269 if (code > 1) 270 goto badcode; 271 code += PRC_TIMXCEED_INTRANS; 272 goto deliver; 273 274 case ICMP_PARAMPROB: 275 if (code > 1) 276 goto badcode; 277 code = PRC_PARAMPROB; 278 goto deliver; 279 280 case ICMP_SOURCEQUENCH: 281 if (code) 282 goto badcode; 283 code = PRC_QUENCH; 284 deliver: 285 /* 286 * Problem with datagram; advise higher level routines. 287 */ 288 if (icmplen < ICMP_ADVLENMIN || icmplen < ICMP_ADVLEN(icp) || 289 icp->icmp_ip.ip_hl < (sizeof(struct ip) >> 2)) { 290 icmpstat.icps_badlen++; 291 goto freeit; 292 } 293 NTOHS(icp->icmp_ip.ip_len); 294 #ifdef ICMPPRINTFS 295 if (icmpprintfs) 296 printf("deliver to protocol %d\n", icp->icmp_ip.ip_p); 297 #endif 298 icmpsrc.sin_addr = icp->icmp_ip.ip_dst; 299 ctlfunc = inetsw[ip_protox[icp->icmp_ip.ip_p]].pr_ctlinput; 300 if (ctlfunc) 301 (*ctlfunc)(code, (struct sockaddr *)&icmpsrc, 302 &icp->icmp_ip); 303 break; 304 305 badcode: 306 icmpstat.icps_badcode++; 307 break; 308 309 case ICMP_ECHO: 310 icp->icmp_type = ICMP_ECHOREPLY; 311 goto reflect; 312 313 case ICMP_TSTAMP: 314 if (icmplen < ICMP_TSLEN) { 315 icmpstat.icps_badlen++; 316 break; 317 } 318 icp->icmp_type = ICMP_TSTAMPREPLY; 319 icp->icmp_rtime = iptime(); 320 icp->icmp_ttime = icp->icmp_rtime; /* bogus, do later! */ 321 goto reflect; 322 323 case ICMP_MASKREQ: 324 #define satosin(sa) ((struct sockaddr_in *)(sa)) 325 if (icmpmaskrepl == 0) 326 break; 327 /* 328 * We are not able to respond with all ones broadcast 329 * unless we receive it over a point-to-point interface. 330 */ 331 if (icmplen < ICMP_MASKLEN) 332 break; 333 switch (ip->ip_dst.s_addr) { 334 335 case INADDR_BROADCAST: 336 case INADDR_ANY: 337 icmpdst.sin_addr = ip->ip_src; 338 break; 339 340 default: 341 icmpdst.sin_addr = ip->ip_dst; 342 } 343 ia = (struct in_ifaddr *)ifaof_ifpforaddr( 344 (struct sockaddr *)&icmpdst, m->m_pkthdr.rcvif); 345 if (ia == 0) 346 break; 347 icp->icmp_type = ICMP_MASKREPLY; 348 icp->icmp_mask = ia->ia_sockmask.sin_addr.s_addr; 349 if (ip->ip_src.s_addr == 0) { 350 if (ia->ia_ifp->if_flags & IFF_BROADCAST) 351 ip->ip_src = satosin(&ia->ia_broadaddr)->sin_addr; 352 else if (ia->ia_ifp->if_flags & IFF_POINTOPOINT) 353 ip->ip_src = satosin(&ia->ia_dstaddr)->sin_addr; 354 } 355 reflect: 356 ip->ip_len += hlen; /* since ip_input deducts this */ 357 icmpstat.icps_reflect++; 358 icmpstat.icps_outhist[icp->icmp_type]++; 359 icmp_reflect(m); 360 return; 361 362 case ICMP_REDIRECT: 363 if (code > 3) 364 goto badcode; 365 if (icmplen < ICMP_ADVLENMIN || icmplen < ICMP_ADVLEN(icp) || 366 icp->icmp_ip.ip_hl < (sizeof(struct ip) >> 2)) { 367 icmpstat.icps_badlen++; 368 break; 369 } 370 /* 371 * Short circuit routing redirects to force 372 * immediate change in the kernel's routing 373 * tables. The message is also handed to anyone 374 * listening on a raw socket (e.g. the routing 375 * daemon for use in updating its tables). 376 */ 377 icmpgw.sin_addr = ip->ip_src; 378 icmpdst.sin_addr = icp->icmp_gwaddr; 379 #ifdef ICMPPRINTFS 380 if (icmpprintfs) 381 printf("redirect dst %lx to %lx\n", 382 NTOHL(icp->icmp_ip.ip_dst.s_addr), 383 NTOHL(icp->icmp_gwaddr.s_addr)); 384 #endif 385 icmpsrc.sin_addr = icp->icmp_ip.ip_dst; 386 rtredirect((struct sockaddr *)&icmpsrc, 387 (struct sockaddr *)&icmpdst, 388 (struct sockaddr *)0, RTF_GATEWAY | RTF_HOST, 389 (struct sockaddr *)&icmpgw, (struct rtentry **)0); 390 pfctlinput(PRC_REDIRECT_HOST, (struct sockaddr *)&icmpsrc); 391 break; 392 393 /* 394 * No kernel processing for the following; 395 * just fall through to send to raw listener. 396 */ 397 case ICMP_ECHOREPLY: 398 case ICMP_ROUTERADVERT: 399 case ICMP_ROUTERSOLICIT: 400 case ICMP_TSTAMPREPLY: 401 case ICMP_IREQREPLY: 402 case ICMP_MASKREPLY: 403 default: 404 break; 405 } 406 407 raw: 408 rip_input(m); 409 return; 410 411 freeit: 412 m_freem(m); 413 } 414 415 /* 416 * Reflect the ip packet back to the source 417 */ 418 void 419 icmp_reflect(m) 420 struct mbuf *m; 421 { 422 register struct ip *ip = mtod(m, struct ip *); 423 register struct in_ifaddr *ia; 424 struct in_addr t; 425 struct mbuf *opts = 0; 426 int optlen = (ip->ip_hl << 2) - sizeof(struct ip); 427 428 if (!in_canforward(ip->ip_src) && 429 ((ntohl(ip->ip_src.s_addr) & IN_CLASSA_NET) != 430 (IN_LOOPBACKNET << IN_CLASSA_NSHIFT))) { 431 m_freem(m); /* Bad return address */ 432 goto done; /* Ip_output() will check for broadcast */ 433 } 434 t = ip->ip_dst; 435 ip->ip_dst = ip->ip_src; 436 /* 437 * If the incoming packet was addressed directly to us, 438 * use dst as the src for the reply. Otherwise (broadcast 439 * or anonymous), use the address which corresponds 440 * to the incoming interface. 441 */ 442 for (ia = in_ifaddr; ia; ia = ia->ia_next) { 443 if (t.s_addr == IA_SIN(ia)->sin_addr.s_addr) 444 break; 445 if ((ia->ia_ifp->if_flags & IFF_BROADCAST) && 446 t.s_addr == satosin(&ia->ia_broadaddr)->sin_addr.s_addr) 447 break; 448 } 449 icmpdst.sin_addr = t; 450 if (ia == (struct in_ifaddr *)0) 451 ia = (struct in_ifaddr *)ifaof_ifpforaddr( 452 (struct sockaddr *)&icmpdst, m->m_pkthdr.rcvif); 453 /* 454 * The following happens if the packet was not addressed to us, 455 * and was received on an interface with no IP address. 456 */ 457 if (ia == (struct in_ifaddr *)0) 458 ia = in_ifaddr; 459 t = IA_SIN(ia)->sin_addr; 460 ip->ip_src = t; 461 ip->ip_ttl = MAXTTL; 462 463 if (optlen > 0) { 464 register u_char *cp; 465 int opt, cnt; 466 u_int len; 467 468 /* 469 * Retrieve any source routing from the incoming packet; 470 * add on any record-route or timestamp options. 471 */ 472 cp = (u_char *) (ip + 1); 473 if ((opts = ip_srcroute()) == 0 && 474 (opts = m_gethdr(M_DONTWAIT, MT_HEADER))) { 475 opts->m_len = sizeof(struct in_addr); 476 mtod(opts, struct in_addr *)->s_addr = 0; 477 } 478 if (opts) { 479 #ifdef ICMPPRINTFS 480 if (icmpprintfs) 481 printf("icmp_reflect optlen %d rt %d => ", 482 optlen, opts->m_len); 483 #endif 484 for (cnt = optlen; cnt > 0; cnt -= len, cp += len) { 485 opt = cp[IPOPT_OPTVAL]; 486 if (opt == IPOPT_EOL) 487 break; 488 if (opt == IPOPT_NOP) 489 len = 1; 490 else { 491 len = cp[IPOPT_OLEN]; 492 if (len <= 0 || len > cnt) 493 break; 494 } 495 /* 496 * Should check for overflow, but it "can't happen" 497 */ 498 if (opt == IPOPT_RR || opt == IPOPT_TS || 499 opt == IPOPT_SECURITY) { 500 bcopy((caddr_t)cp, 501 mtod(opts, caddr_t) + opts->m_len, len); 502 opts->m_len += len; 503 } 504 } 505 /* Terminate & pad, if necessary */ 506 cnt = opts->m_len % 4; 507 if (cnt) { 508 for (; cnt < 4; cnt++) { 509 *(mtod(opts, caddr_t) + opts->m_len) = 510 IPOPT_EOL; 511 opts->m_len++; 512 } 513 } 514 #ifdef ICMPPRINTFS 515 if (icmpprintfs) 516 printf("%d\n", opts->m_len); 517 #endif 518 } 519 /* 520 * Now strip out original options by copying rest of first 521 * mbuf's data back, and adjust the IP length. 522 */ 523 ip->ip_len -= optlen; 524 ip->ip_hl = sizeof(struct ip) >> 2; 525 m->m_len -= optlen; 526 if (m->m_flags & M_PKTHDR) 527 m->m_pkthdr.len -= optlen; 528 optlen += sizeof(struct ip); 529 bcopy((caddr_t)ip + optlen, (caddr_t)(ip + 1), 530 (unsigned)(m->m_len - sizeof(struct ip))); 531 } 532 m->m_flags &= ~(M_BCAST|M_MCAST); 533 icmp_send(m, opts); 534 done: 535 if (opts) 536 (void)m_free(opts); 537 } 538 539 /* 540 * Send an icmp packet back to the ip level, 541 * after supplying a checksum. 542 */ 543 void 544 icmp_send(m, opts) 545 register struct mbuf *m; 546 struct mbuf *opts; 547 { 548 register struct ip *ip = mtod(m, struct ip *); 549 register int hlen; 550 register struct icmp *icp; 551 552 hlen = ip->ip_hl << 2; 553 m->m_data += hlen; 554 m->m_len -= hlen; 555 icp = mtod(m, struct icmp *); 556 icp->icmp_cksum = 0; 557 icp->icmp_cksum = in_cksum(m, ip->ip_len - hlen); 558 m->m_data -= hlen; 559 m->m_len += hlen; 560 #ifdef ICMPPRINTFS 561 if (icmpprintfs) 562 printf("icmp_send dst %lx src %lx\n", 563 NTOHL(ip->ip_dst.s_addr), NTOHL(ip->ip_src.s_addr)); 564 #endif 565 (void) ip_output(m, opts, NULL, 0, NULL); 566 } 567 568 n_time 569 iptime() 570 { 571 struct timeval atv; 572 u_long t; 573 574 microtime(&atv); 575 t = (atv.tv_sec % (24*60*60)) * 1000 + atv.tv_usec / 1000; 576 return (htonl(t)); 577 } 578 579 int 580 icmp_sysctl(name, namelen, oldp, oldlenp, newp, newlen) 581 int *name; 582 u_int namelen; 583 void *oldp; 584 size_t *oldlenp; 585 void *newp; 586 size_t newlen; 587 { 588 /* All sysctl names at this level are terminal. */ 589 if (namelen != 1) 590 return (ENOTDIR); /* XXX overloaded */ 591 592 switch (name[0]) { 593 case ICMPCTL_MASKREPL: 594 return (sysctl_int(oldp, oldlenp, newp, newlen, &icmpmaskrepl)); 595 case ICMPCTL_STATS: 596 return (sysctl_rdstruct(oldp, oldlenp, newp, &icmpstat, 597 sizeof icmpstat)); 598 default: 599 return (ENOPROTOOPT); 600 } 601 /* NOTREACHED */ 602 } 603