1 /* 2 * Internet Control Message Protocol (ICMPv6) 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * 8 * Based on net/ipv4/icmp.c 9 * 10 * RFC 1885 11 * 12 * This program is free software; you can redistribute it and/or 13 * modify it under the terms of the GNU General Public License 14 * as published by the Free Software Foundation; either version 15 * 2 of the License, or (at your option) any later version. 16 */ 17 18 /* 19 * Changes: 20 * 21 * Andi Kleen : exception handling 22 * Andi Kleen add rate limits. never reply to a icmp. 23 * add more length checks and other fixes. 24 * yoshfuji : ensure to sent parameter problem for 25 * fragments. 26 * YOSHIFUJI Hideaki @USAGI: added sysctl for icmp rate limit. 27 * Randy Dunlap and 28 * YOSHIFUJI Hideaki @USAGI: Per-interface statistics support 29 * Kazunori MIYAZAWA @USAGI: change output process to use ip6_append_data 30 */ 31 32 #define pr_fmt(fmt) "IPv6: " fmt 33 34 #include <linux/module.h> 35 #include <linux/errno.h> 36 #include <linux/types.h> 37 #include <linux/socket.h> 38 #include <linux/in.h> 39 #include <linux/kernel.h> 40 #include <linux/sockios.h> 41 #include <linux/net.h> 42 #include <linux/skbuff.h> 43 #include <linux/init.h> 44 #include <linux/netfilter.h> 45 #include <linux/slab.h> 46 47 #ifdef CONFIG_SYSCTL 48 #include <linux/sysctl.h> 49 #endif 50 51 #include <linux/inet.h> 52 #include <linux/netdevice.h> 53 #include <linux/icmpv6.h> 54 55 #include <net/ip.h> 56 #include <net/sock.h> 57 58 #include <net/ipv6.h> 59 #include <net/ip6_checksum.h> 60 #include <net/ping.h> 61 #include <net/protocol.h> 62 #include <net/raw.h> 63 #include <net/rawv6.h> 64 #include <net/transp_v6.h> 65 #include <net/ip6_route.h> 66 #include <net/addrconf.h> 67 #include <net/icmp.h> 68 #include <net/xfrm.h> 69 #include <net/inet_common.h> 70 #include <net/dsfield.h> 71 #include <net/l3mdev.h> 72 73 #include <asm/uaccess.h> 74 75 /* 76 * The ICMP socket(s). This is the most convenient way to flow control 77 * our ICMP output as well as maintain a clean interface throughout 78 * all layers. All Socketless IP sends will soon be gone. 79 * 80 * On SMP we have one ICMP socket per-cpu. 81 */ 82 static inline struct sock *icmpv6_sk(struct net *net) 83 { 84 return net->ipv6.icmp_sk[smp_processor_id()]; 85 } 86 87 static void icmpv6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, 88 u8 type, u8 code, int offset, __be32 info) 89 { 90 /* icmpv6_notify checks 8 bytes can be pulled, icmp6hdr is 8 bytes */ 91 struct icmp6hdr *icmp6 = (struct icmp6hdr *) (skb->data + offset); 92 struct net *net = dev_net(skb->dev); 93 94 if (type == ICMPV6_PKT_TOOBIG) 95 ip6_update_pmtu(skb, net, info, 0, 0); 96 else if (type == NDISC_REDIRECT) 97 ip6_redirect(skb, net, skb->dev->ifindex, 0); 98 99 if (!(type & ICMPV6_INFOMSG_MASK)) 100 if (icmp6->icmp6_type == ICMPV6_ECHO_REQUEST) 101 ping_err(skb, offset, info); 102 } 103 104 static int icmpv6_rcv(struct sk_buff *skb); 105 106 static const struct inet6_protocol icmpv6_protocol = { 107 .handler = icmpv6_rcv, 108 .err_handler = icmpv6_err, 109 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL, 110 }; 111 112 static __inline__ struct sock *icmpv6_xmit_lock(struct net *net) 113 { 114 struct sock *sk; 115 116 local_bh_disable(); 117 118 sk = icmpv6_sk(net); 119 if (unlikely(!spin_trylock(&sk->sk_lock.slock))) { 120 /* This can happen if the output path (f.e. SIT or 121 * ip6ip6 tunnel) signals dst_link_failure() for an 122 * outgoing ICMP6 packet. 123 */ 124 local_bh_enable(); 125 return NULL; 126 } 127 return sk; 128 } 129 130 static __inline__ void icmpv6_xmit_unlock(struct sock *sk) 131 { 132 spin_unlock_bh(&sk->sk_lock.slock); 133 } 134 135 /* 136 * Figure out, may we reply to this packet with icmp error. 137 * 138 * We do not reply, if: 139 * - it was icmp error message. 140 * - it is truncated, so that it is known, that protocol is ICMPV6 141 * (i.e. in the middle of some exthdr) 142 * 143 * --ANK (980726) 144 */ 145 146 static bool is_ineligible(const struct sk_buff *skb) 147 { 148 int ptr = (u8 *)(ipv6_hdr(skb) + 1) - skb->data; 149 int len = skb->len - ptr; 150 __u8 nexthdr = ipv6_hdr(skb)->nexthdr; 151 __be16 frag_off; 152 153 if (len < 0) 154 return true; 155 156 ptr = ipv6_skip_exthdr(skb, ptr, &nexthdr, &frag_off); 157 if (ptr < 0) 158 return false; 159 if (nexthdr == IPPROTO_ICMPV6) { 160 u8 _type, *tp; 161 tp = skb_header_pointer(skb, 162 ptr+offsetof(struct icmp6hdr, icmp6_type), 163 sizeof(_type), &_type); 164 if (!tp || !(*tp & ICMPV6_INFOMSG_MASK)) 165 return true; 166 } 167 return false; 168 } 169 170 /* 171 * Check the ICMP output rate limit 172 */ 173 static bool icmpv6_xrlim_allow(struct sock *sk, u8 type, 174 struct flowi6 *fl6) 175 { 176 struct net *net = sock_net(sk); 177 struct dst_entry *dst; 178 bool res = false; 179 180 /* Informational messages are not limited. */ 181 if (type & ICMPV6_INFOMSG_MASK) 182 return true; 183 184 /* Do not limit pmtu discovery, it would break it. */ 185 if (type == ICMPV6_PKT_TOOBIG) 186 return true; 187 188 /* 189 * Look up the output route. 190 * XXX: perhaps the expire for routing entries cloned by 191 * this lookup should be more aggressive (not longer than timeout). 192 */ 193 dst = ip6_route_output(net, sk, fl6); 194 if (dst->error) { 195 IP6_INC_STATS(net, ip6_dst_idev(dst), 196 IPSTATS_MIB_OUTNOROUTES); 197 } else if (dst->dev && (dst->dev->flags&IFF_LOOPBACK)) { 198 res = true; 199 } else { 200 struct rt6_info *rt = (struct rt6_info *)dst; 201 int tmo = net->ipv6.sysctl.icmpv6_time; 202 203 /* Give more bandwidth to wider prefixes. */ 204 if (rt->rt6i_dst.plen < 128) 205 tmo >>= ((128 - rt->rt6i_dst.plen)>>5); 206 207 if (icmp_global_allow()) { 208 struct inet_peer *peer; 209 210 peer = inet_getpeer_v6(net->ipv6.peers, 211 &fl6->daddr, 1); 212 res = inet_peer_xrlim_allow(peer, tmo); 213 if (peer) 214 inet_putpeer(peer); 215 } 216 } 217 dst_release(dst); 218 return res; 219 } 220 221 /* 222 * an inline helper for the "simple" if statement below 223 * checks if parameter problem report is caused by an 224 * unrecognized IPv6 option that has the Option Type 225 * highest-order two bits set to 10 226 */ 227 228 static bool opt_unrec(struct sk_buff *skb, __u32 offset) 229 { 230 u8 _optval, *op; 231 232 offset += skb_network_offset(skb); 233 op = skb_header_pointer(skb, offset, sizeof(_optval), &_optval); 234 if (!op) 235 return true; 236 return (*op & 0xC0) == 0x80; 237 } 238 239 int icmpv6_push_pending_frames(struct sock *sk, struct flowi6 *fl6, 240 struct icmp6hdr *thdr, int len) 241 { 242 struct sk_buff *skb; 243 struct icmp6hdr *icmp6h; 244 int err = 0; 245 246 skb = skb_peek(&sk->sk_write_queue); 247 if (!skb) 248 goto out; 249 250 icmp6h = icmp6_hdr(skb); 251 memcpy(icmp6h, thdr, sizeof(struct icmp6hdr)); 252 icmp6h->icmp6_cksum = 0; 253 254 if (skb_queue_len(&sk->sk_write_queue) == 1) { 255 skb->csum = csum_partial(icmp6h, 256 sizeof(struct icmp6hdr), skb->csum); 257 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr, 258 &fl6->daddr, 259 len, fl6->flowi6_proto, 260 skb->csum); 261 } else { 262 __wsum tmp_csum = 0; 263 264 skb_queue_walk(&sk->sk_write_queue, skb) { 265 tmp_csum = csum_add(tmp_csum, skb->csum); 266 } 267 268 tmp_csum = csum_partial(icmp6h, 269 sizeof(struct icmp6hdr), tmp_csum); 270 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr, 271 &fl6->daddr, 272 len, fl6->flowi6_proto, 273 tmp_csum); 274 } 275 ip6_push_pending_frames(sk); 276 out: 277 return err; 278 } 279 280 struct icmpv6_msg { 281 struct sk_buff *skb; 282 int offset; 283 uint8_t type; 284 }; 285 286 static int icmpv6_getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb) 287 { 288 struct icmpv6_msg *msg = (struct icmpv6_msg *) from; 289 struct sk_buff *org_skb = msg->skb; 290 __wsum csum = 0; 291 292 csum = skb_copy_and_csum_bits(org_skb, msg->offset + offset, 293 to, len, csum); 294 skb->csum = csum_block_add(skb->csum, csum, odd); 295 if (!(msg->type & ICMPV6_INFOMSG_MASK)) 296 nf_ct_attach(skb, org_skb); 297 return 0; 298 } 299 300 #if IS_ENABLED(CONFIG_IPV6_MIP6) 301 static void mip6_addr_swap(struct sk_buff *skb) 302 { 303 struct ipv6hdr *iph = ipv6_hdr(skb); 304 struct inet6_skb_parm *opt = IP6CB(skb); 305 struct ipv6_destopt_hao *hao; 306 struct in6_addr tmp; 307 int off; 308 309 if (opt->dsthao) { 310 off = ipv6_find_tlv(skb, opt->dsthao, IPV6_TLV_HAO); 311 if (likely(off >= 0)) { 312 hao = (struct ipv6_destopt_hao *) 313 (skb_network_header(skb) + off); 314 tmp = iph->saddr; 315 iph->saddr = hao->addr; 316 hao->addr = tmp; 317 } 318 } 319 } 320 #else 321 static inline void mip6_addr_swap(struct sk_buff *skb) {} 322 #endif 323 324 static struct dst_entry *icmpv6_route_lookup(struct net *net, 325 struct sk_buff *skb, 326 struct sock *sk, 327 struct flowi6 *fl6) 328 { 329 struct dst_entry *dst, *dst2; 330 struct flowi6 fl2; 331 int err; 332 333 err = ip6_dst_lookup(net, sk, &dst, fl6); 334 if (err) 335 return ERR_PTR(err); 336 337 /* 338 * We won't send icmp if the destination is known 339 * anycast. 340 */ 341 if (ipv6_anycast_destination(dst, &fl6->daddr)) { 342 net_dbg_ratelimited("icmp6_send: acast source\n"); 343 dst_release(dst); 344 return ERR_PTR(-EINVAL); 345 } 346 347 /* No need to clone since we're just using its address. */ 348 dst2 = dst; 349 350 dst = xfrm_lookup(net, dst, flowi6_to_flowi(fl6), sk, 0); 351 if (!IS_ERR(dst)) { 352 if (dst != dst2) 353 return dst; 354 } else { 355 if (PTR_ERR(dst) == -EPERM) 356 dst = NULL; 357 else 358 return dst; 359 } 360 361 err = xfrm_decode_session_reverse(skb, flowi6_to_flowi(&fl2), AF_INET6); 362 if (err) 363 goto relookup_failed; 364 365 err = ip6_dst_lookup(net, sk, &dst2, &fl2); 366 if (err) 367 goto relookup_failed; 368 369 dst2 = xfrm_lookup(net, dst2, flowi6_to_flowi(&fl2), sk, XFRM_LOOKUP_ICMP); 370 if (!IS_ERR(dst2)) { 371 dst_release(dst); 372 dst = dst2; 373 } else { 374 err = PTR_ERR(dst2); 375 if (err == -EPERM) { 376 dst_release(dst); 377 return dst2; 378 } else 379 goto relookup_failed; 380 } 381 382 relookup_failed: 383 if (dst) 384 return dst; 385 return ERR_PTR(err); 386 } 387 388 /* 389 * Send an ICMP message in response to a packet in error 390 */ 391 static void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info) 392 { 393 struct net *net = dev_net(skb->dev); 394 struct inet6_dev *idev = NULL; 395 struct ipv6hdr *hdr = ipv6_hdr(skb); 396 struct sock *sk; 397 struct ipv6_pinfo *np; 398 const struct in6_addr *saddr = NULL; 399 struct dst_entry *dst; 400 struct icmp6hdr tmp_hdr; 401 struct flowi6 fl6; 402 struct icmpv6_msg msg; 403 int iif = 0; 404 int addr_type = 0; 405 int len; 406 int hlimit; 407 int err = 0; 408 u32 mark = IP6_REPLY_MARK(net, skb->mark); 409 410 if ((u8 *)hdr < skb->head || 411 (skb_network_header(skb) + sizeof(*hdr)) > skb_tail_pointer(skb)) 412 return; 413 414 /* 415 * Make sure we respect the rules 416 * i.e. RFC 1885 2.4(e) 417 * Rule (e.1) is enforced by not using icmp6_send 418 * in any code that processes icmp errors. 419 */ 420 addr_type = ipv6_addr_type(&hdr->daddr); 421 422 if (ipv6_chk_addr(net, &hdr->daddr, skb->dev, 0) || 423 ipv6_chk_acast_addr_src(net, skb->dev, &hdr->daddr)) 424 saddr = &hdr->daddr; 425 426 /* 427 * Dest addr check 428 */ 429 430 if (addr_type & IPV6_ADDR_MULTICAST || skb->pkt_type != PACKET_HOST) { 431 if (type != ICMPV6_PKT_TOOBIG && 432 !(type == ICMPV6_PARAMPROB && 433 code == ICMPV6_UNK_OPTION && 434 (opt_unrec(skb, info)))) 435 return; 436 437 saddr = NULL; 438 } 439 440 addr_type = ipv6_addr_type(&hdr->saddr); 441 442 /* 443 * Source addr check 444 */ 445 446 if (__ipv6_addr_needs_scope_id(addr_type)) 447 iif = skb->dev->ifindex; 448 else 449 iif = l3mdev_master_ifindex(skb->dev); 450 451 /* 452 * Must not send error if the source does not uniquely 453 * identify a single node (RFC2463 Section 2.4). 454 * We check unspecified / multicast addresses here, 455 * and anycast addresses will be checked later. 456 */ 457 if ((addr_type == IPV6_ADDR_ANY) || (addr_type & IPV6_ADDR_MULTICAST)) { 458 net_dbg_ratelimited("icmp6_send: addr_any/mcast source [%pI6c > %pI6c]\n", 459 &hdr->saddr, &hdr->daddr); 460 return; 461 } 462 463 /* 464 * Never answer to a ICMP packet. 465 */ 466 if (is_ineligible(skb)) { 467 net_dbg_ratelimited("icmp6_send: no reply to icmp error [%pI6c > %pI6c]\n", 468 &hdr->saddr, &hdr->daddr); 469 return; 470 } 471 472 mip6_addr_swap(skb); 473 474 memset(&fl6, 0, sizeof(fl6)); 475 fl6.flowi6_proto = IPPROTO_ICMPV6; 476 fl6.daddr = hdr->saddr; 477 if (saddr) 478 fl6.saddr = *saddr; 479 fl6.flowi6_mark = mark; 480 fl6.flowi6_oif = iif; 481 fl6.fl6_icmp_type = type; 482 fl6.fl6_icmp_code = code; 483 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6)); 484 485 sk = icmpv6_xmit_lock(net); 486 if (!sk) 487 return; 488 sk->sk_mark = mark; 489 np = inet6_sk(sk); 490 491 if (!icmpv6_xrlim_allow(sk, type, &fl6)) 492 goto out; 493 494 tmp_hdr.icmp6_type = type; 495 tmp_hdr.icmp6_code = code; 496 tmp_hdr.icmp6_cksum = 0; 497 tmp_hdr.icmp6_pointer = htonl(info); 498 499 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr)) 500 fl6.flowi6_oif = np->mcast_oif; 501 else if (!fl6.flowi6_oif) 502 fl6.flowi6_oif = np->ucast_oif; 503 504 dst = icmpv6_route_lookup(net, skb, sk, &fl6); 505 if (IS_ERR(dst)) 506 goto out; 507 508 hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst); 509 510 msg.skb = skb; 511 msg.offset = skb_network_offset(skb); 512 msg.type = type; 513 514 len = skb->len - msg.offset; 515 len = min_t(unsigned int, len, IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(struct icmp6hdr)); 516 if (len < 0) { 517 net_dbg_ratelimited("icmp: len problem [%pI6c > %pI6c]\n", 518 &hdr->saddr, &hdr->daddr); 519 goto out_dst_release; 520 } 521 522 rcu_read_lock(); 523 idev = __in6_dev_get(skb->dev); 524 525 err = ip6_append_data(sk, icmpv6_getfrag, &msg, 526 len + sizeof(struct icmp6hdr), 527 sizeof(struct icmp6hdr), hlimit, 528 np->tclass, NULL, &fl6, (struct rt6_info *)dst, 529 MSG_DONTWAIT, np->dontfrag); 530 if (err) { 531 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTERRORS); 532 ip6_flush_pending_frames(sk); 533 } else { 534 err = icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr, 535 len + sizeof(struct icmp6hdr)); 536 } 537 rcu_read_unlock(); 538 out_dst_release: 539 dst_release(dst); 540 out: 541 icmpv6_xmit_unlock(sk); 542 } 543 544 /* Slightly more convenient version of icmp6_send. 545 */ 546 void icmpv6_param_prob(struct sk_buff *skb, u8 code, int pos) 547 { 548 icmp6_send(skb, ICMPV6_PARAMPROB, code, pos); 549 kfree_skb(skb); 550 } 551 552 static void icmpv6_echo_reply(struct sk_buff *skb) 553 { 554 struct net *net = dev_net(skb->dev); 555 struct sock *sk; 556 struct inet6_dev *idev; 557 struct ipv6_pinfo *np; 558 const struct in6_addr *saddr = NULL; 559 struct icmp6hdr *icmph = icmp6_hdr(skb); 560 struct icmp6hdr tmp_hdr; 561 struct flowi6 fl6; 562 struct icmpv6_msg msg; 563 struct dst_entry *dst; 564 int err = 0; 565 int hlimit; 566 u8 tclass; 567 u32 mark = IP6_REPLY_MARK(net, skb->mark); 568 569 saddr = &ipv6_hdr(skb)->daddr; 570 571 if (!ipv6_unicast_destination(skb) && 572 !(net->ipv6.sysctl.anycast_src_echo_reply && 573 ipv6_anycast_destination(skb_dst(skb), saddr))) 574 saddr = NULL; 575 576 memcpy(&tmp_hdr, icmph, sizeof(tmp_hdr)); 577 tmp_hdr.icmp6_type = ICMPV6_ECHO_REPLY; 578 579 memset(&fl6, 0, sizeof(fl6)); 580 fl6.flowi6_proto = IPPROTO_ICMPV6; 581 fl6.daddr = ipv6_hdr(skb)->saddr; 582 if (saddr) 583 fl6.saddr = *saddr; 584 fl6.flowi6_oif = l3mdev_fib_oif(skb->dev); 585 fl6.fl6_icmp_type = ICMPV6_ECHO_REPLY; 586 fl6.flowi6_mark = mark; 587 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6)); 588 589 sk = icmpv6_xmit_lock(net); 590 if (!sk) 591 return; 592 sk->sk_mark = mark; 593 np = inet6_sk(sk); 594 595 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr)) 596 fl6.flowi6_oif = np->mcast_oif; 597 else if (!fl6.flowi6_oif) 598 fl6.flowi6_oif = np->ucast_oif; 599 600 err = ip6_dst_lookup(net, sk, &dst, &fl6); 601 if (err) 602 goto out; 603 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), sk, 0); 604 if (IS_ERR(dst)) 605 goto out; 606 607 hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst); 608 609 idev = __in6_dev_get(skb->dev); 610 611 msg.skb = skb; 612 msg.offset = 0; 613 msg.type = ICMPV6_ECHO_REPLY; 614 615 tclass = ipv6_get_dsfield(ipv6_hdr(skb)); 616 err = ip6_append_data(sk, icmpv6_getfrag, &msg, skb->len + sizeof(struct icmp6hdr), 617 sizeof(struct icmp6hdr), hlimit, tclass, NULL, &fl6, 618 (struct rt6_info *)dst, MSG_DONTWAIT, 619 np->dontfrag); 620 621 if (err) { 622 ICMP6_INC_STATS_BH(net, idev, ICMP6_MIB_OUTERRORS); 623 ip6_flush_pending_frames(sk); 624 } else { 625 err = icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr, 626 skb->len + sizeof(struct icmp6hdr)); 627 } 628 dst_release(dst); 629 out: 630 icmpv6_xmit_unlock(sk); 631 } 632 633 void icmpv6_notify(struct sk_buff *skb, u8 type, u8 code, __be32 info) 634 { 635 const struct inet6_protocol *ipprot; 636 int inner_offset; 637 __be16 frag_off; 638 u8 nexthdr; 639 struct net *net = dev_net(skb->dev); 640 641 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) 642 goto out; 643 644 nexthdr = ((struct ipv6hdr *)skb->data)->nexthdr; 645 if (ipv6_ext_hdr(nexthdr)) { 646 /* now skip over extension headers */ 647 inner_offset = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), 648 &nexthdr, &frag_off); 649 if (inner_offset < 0) 650 goto out; 651 } else { 652 inner_offset = sizeof(struct ipv6hdr); 653 } 654 655 /* Checkin header including 8 bytes of inner protocol header. */ 656 if (!pskb_may_pull(skb, inner_offset+8)) 657 goto out; 658 659 /* BUGGG_FUTURE: we should try to parse exthdrs in this packet. 660 Without this we will not able f.e. to make source routed 661 pmtu discovery. 662 Corresponding argument (opt) to notifiers is already added. 663 --ANK (980726) 664 */ 665 666 ipprot = rcu_dereference(inet6_protos[nexthdr]); 667 if (ipprot && ipprot->err_handler) 668 ipprot->err_handler(skb, NULL, type, code, inner_offset, info); 669 670 raw6_icmp_error(skb, nexthdr, type, code, inner_offset, info); 671 return; 672 673 out: 674 ICMP6_INC_STATS_BH(net, __in6_dev_get(skb->dev), ICMP6_MIB_INERRORS); 675 } 676 677 /* 678 * Handle icmp messages 679 */ 680 681 static int icmpv6_rcv(struct sk_buff *skb) 682 { 683 struct net_device *dev = skb->dev; 684 struct inet6_dev *idev = __in6_dev_get(dev); 685 const struct in6_addr *saddr, *daddr; 686 struct icmp6hdr *hdr; 687 u8 type; 688 bool success = false; 689 690 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) { 691 struct sec_path *sp = skb_sec_path(skb); 692 int nh; 693 694 if (!(sp && sp->xvec[sp->len - 1]->props.flags & 695 XFRM_STATE_ICMP)) 696 goto drop_no_count; 697 698 if (!pskb_may_pull(skb, sizeof(*hdr) + sizeof(struct ipv6hdr))) 699 goto drop_no_count; 700 701 nh = skb_network_offset(skb); 702 skb_set_network_header(skb, sizeof(*hdr)); 703 704 if (!xfrm6_policy_check_reverse(NULL, XFRM_POLICY_IN, skb)) 705 goto drop_no_count; 706 707 skb_set_network_header(skb, nh); 708 } 709 710 ICMP6_INC_STATS_BH(dev_net(dev), idev, ICMP6_MIB_INMSGS); 711 712 saddr = &ipv6_hdr(skb)->saddr; 713 daddr = &ipv6_hdr(skb)->daddr; 714 715 if (skb_checksum_validate(skb, IPPROTO_ICMPV6, ip6_compute_pseudo)) { 716 net_dbg_ratelimited("ICMPv6 checksum failed [%pI6c > %pI6c]\n", 717 saddr, daddr); 718 goto csum_error; 719 } 720 721 if (!pskb_pull(skb, sizeof(*hdr))) 722 goto discard_it; 723 724 hdr = icmp6_hdr(skb); 725 726 type = hdr->icmp6_type; 727 728 ICMP6MSGIN_INC_STATS_BH(dev_net(dev), idev, type); 729 730 switch (type) { 731 case ICMPV6_ECHO_REQUEST: 732 icmpv6_echo_reply(skb); 733 break; 734 735 case ICMPV6_ECHO_REPLY: 736 success = ping_rcv(skb); 737 break; 738 739 case ICMPV6_PKT_TOOBIG: 740 /* BUGGG_FUTURE: if packet contains rthdr, we cannot update 741 standard destination cache. Seems, only "advanced" 742 destination cache will allow to solve this problem 743 --ANK (980726) 744 */ 745 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) 746 goto discard_it; 747 hdr = icmp6_hdr(skb); 748 749 /* 750 * Drop through to notify 751 */ 752 753 case ICMPV6_DEST_UNREACH: 754 case ICMPV6_TIME_EXCEED: 755 case ICMPV6_PARAMPROB: 756 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu); 757 break; 758 759 case NDISC_ROUTER_SOLICITATION: 760 case NDISC_ROUTER_ADVERTISEMENT: 761 case NDISC_NEIGHBOUR_SOLICITATION: 762 case NDISC_NEIGHBOUR_ADVERTISEMENT: 763 case NDISC_REDIRECT: 764 ndisc_rcv(skb); 765 break; 766 767 case ICMPV6_MGM_QUERY: 768 igmp6_event_query(skb); 769 break; 770 771 case ICMPV6_MGM_REPORT: 772 igmp6_event_report(skb); 773 break; 774 775 case ICMPV6_MGM_REDUCTION: 776 case ICMPV6_NI_QUERY: 777 case ICMPV6_NI_REPLY: 778 case ICMPV6_MLD2_REPORT: 779 case ICMPV6_DHAAD_REQUEST: 780 case ICMPV6_DHAAD_REPLY: 781 case ICMPV6_MOBILE_PREFIX_SOL: 782 case ICMPV6_MOBILE_PREFIX_ADV: 783 break; 784 785 default: 786 /* informational */ 787 if (type & ICMPV6_INFOMSG_MASK) 788 break; 789 790 net_dbg_ratelimited("icmpv6: msg of unknown type [%pI6c > %pI6c]\n", 791 saddr, daddr); 792 793 /* 794 * error of unknown type. 795 * must pass to upper level 796 */ 797 798 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu); 799 } 800 801 /* until the v6 path can be better sorted assume failure and 802 * preserve the status quo behaviour for the rest of the paths to here 803 */ 804 if (success) 805 consume_skb(skb); 806 else 807 kfree_skb(skb); 808 809 return 0; 810 811 csum_error: 812 ICMP6_INC_STATS_BH(dev_net(dev), idev, ICMP6_MIB_CSUMERRORS); 813 discard_it: 814 ICMP6_INC_STATS_BH(dev_net(dev), idev, ICMP6_MIB_INERRORS); 815 drop_no_count: 816 kfree_skb(skb); 817 return 0; 818 } 819 820 void icmpv6_flow_init(struct sock *sk, struct flowi6 *fl6, 821 u8 type, 822 const struct in6_addr *saddr, 823 const struct in6_addr *daddr, 824 int oif) 825 { 826 memset(fl6, 0, sizeof(*fl6)); 827 fl6->saddr = *saddr; 828 fl6->daddr = *daddr; 829 fl6->flowi6_proto = IPPROTO_ICMPV6; 830 fl6->fl6_icmp_type = type; 831 fl6->fl6_icmp_code = 0; 832 fl6->flowi6_oif = oif; 833 security_sk_classify_flow(sk, flowi6_to_flowi(fl6)); 834 } 835 836 static int __net_init icmpv6_sk_init(struct net *net) 837 { 838 struct sock *sk; 839 int err, i, j; 840 841 net->ipv6.icmp_sk = 842 kzalloc(nr_cpu_ids * sizeof(struct sock *), GFP_KERNEL); 843 if (!net->ipv6.icmp_sk) 844 return -ENOMEM; 845 846 for_each_possible_cpu(i) { 847 err = inet_ctl_sock_create(&sk, PF_INET6, 848 SOCK_RAW, IPPROTO_ICMPV6, net); 849 if (err < 0) { 850 pr_err("Failed to initialize the ICMP6 control socket (err %d)\n", 851 err); 852 goto fail; 853 } 854 855 net->ipv6.icmp_sk[i] = sk; 856 857 /* Enough space for 2 64K ICMP packets, including 858 * sk_buff struct overhead. 859 */ 860 sk->sk_sndbuf = 2 * SKB_TRUESIZE(64 * 1024); 861 } 862 return 0; 863 864 fail: 865 for (j = 0; j < i; j++) 866 inet_ctl_sock_destroy(net->ipv6.icmp_sk[j]); 867 kfree(net->ipv6.icmp_sk); 868 return err; 869 } 870 871 static void __net_exit icmpv6_sk_exit(struct net *net) 872 { 873 int i; 874 875 for_each_possible_cpu(i) { 876 inet_ctl_sock_destroy(net->ipv6.icmp_sk[i]); 877 } 878 kfree(net->ipv6.icmp_sk); 879 } 880 881 static struct pernet_operations icmpv6_sk_ops = { 882 .init = icmpv6_sk_init, 883 .exit = icmpv6_sk_exit, 884 }; 885 886 int __init icmpv6_init(void) 887 { 888 int err; 889 890 err = register_pernet_subsys(&icmpv6_sk_ops); 891 if (err < 0) 892 return err; 893 894 err = -EAGAIN; 895 if (inet6_add_protocol(&icmpv6_protocol, IPPROTO_ICMPV6) < 0) 896 goto fail; 897 898 err = inet6_register_icmp_sender(icmp6_send); 899 if (err) 900 goto sender_reg_err; 901 return 0; 902 903 sender_reg_err: 904 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6); 905 fail: 906 pr_err("Failed to register ICMP6 protocol\n"); 907 unregister_pernet_subsys(&icmpv6_sk_ops); 908 return err; 909 } 910 911 void icmpv6_cleanup(void) 912 { 913 inet6_unregister_icmp_sender(icmp6_send); 914 unregister_pernet_subsys(&icmpv6_sk_ops); 915 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6); 916 } 917 918 919 static const struct icmp6_err { 920 int err; 921 int fatal; 922 } tab_unreach[] = { 923 { /* NOROUTE */ 924 .err = ENETUNREACH, 925 .fatal = 0, 926 }, 927 { /* ADM_PROHIBITED */ 928 .err = EACCES, 929 .fatal = 1, 930 }, 931 { /* Was NOT_NEIGHBOUR, now reserved */ 932 .err = EHOSTUNREACH, 933 .fatal = 0, 934 }, 935 { /* ADDR_UNREACH */ 936 .err = EHOSTUNREACH, 937 .fatal = 0, 938 }, 939 { /* PORT_UNREACH */ 940 .err = ECONNREFUSED, 941 .fatal = 1, 942 }, 943 { /* POLICY_FAIL */ 944 .err = EACCES, 945 .fatal = 1, 946 }, 947 { /* REJECT_ROUTE */ 948 .err = EACCES, 949 .fatal = 1, 950 }, 951 }; 952 953 int icmpv6_err_convert(u8 type, u8 code, int *err) 954 { 955 int fatal = 0; 956 957 *err = EPROTO; 958 959 switch (type) { 960 case ICMPV6_DEST_UNREACH: 961 fatal = 1; 962 if (code < ARRAY_SIZE(tab_unreach)) { 963 *err = tab_unreach[code].err; 964 fatal = tab_unreach[code].fatal; 965 } 966 break; 967 968 case ICMPV6_PKT_TOOBIG: 969 *err = EMSGSIZE; 970 break; 971 972 case ICMPV6_PARAMPROB: 973 *err = EPROTO; 974 fatal = 1; 975 break; 976 977 case ICMPV6_TIME_EXCEED: 978 *err = EHOSTUNREACH; 979 break; 980 } 981 982 return fatal; 983 } 984 EXPORT_SYMBOL(icmpv6_err_convert); 985 986 #ifdef CONFIG_SYSCTL 987 static struct ctl_table ipv6_icmp_table_template[] = { 988 { 989 .procname = "ratelimit", 990 .data = &init_net.ipv6.sysctl.icmpv6_time, 991 .maxlen = sizeof(int), 992 .mode = 0644, 993 .proc_handler = proc_dointvec_ms_jiffies, 994 }, 995 { }, 996 }; 997 998 struct ctl_table * __net_init ipv6_icmp_sysctl_init(struct net *net) 999 { 1000 struct ctl_table *table; 1001 1002 table = kmemdup(ipv6_icmp_table_template, 1003 sizeof(ipv6_icmp_table_template), 1004 GFP_KERNEL); 1005 1006 if (table) 1007 table[0].data = &net->ipv6.sysctl.icmpv6_time; 1008 1009 return table; 1010 } 1011 #endif 1012