1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Internet Control Message Protocol (ICMPv6) 4 * Linux INET6 implementation 5 * 6 * Authors: 7 * Pedro Roque <roque@di.fc.ul.pt> 8 * 9 * Based on net/ipv4/icmp.c 10 * 11 * RFC 1885 12 */ 13 14 /* 15 * Changes: 16 * 17 * Andi Kleen : exception handling 18 * Andi Kleen add rate limits. never reply to a icmp. 19 * add more length checks and other fixes. 20 * yoshfuji : ensure to sent parameter problem for 21 * fragments. 22 * YOSHIFUJI Hideaki @USAGI: added sysctl for icmp rate limit. 23 * Randy Dunlap and 24 * YOSHIFUJI Hideaki @USAGI: Per-interface statistics support 25 * Kazunori MIYAZAWA @USAGI: change output process to use ip6_append_data 26 */ 27 28 #define pr_fmt(fmt) "IPv6: " fmt 29 30 #include <linux/module.h> 31 #include <linux/errno.h> 32 #include <linux/types.h> 33 #include <linux/socket.h> 34 #include <linux/in.h> 35 #include <linux/kernel.h> 36 #include <linux/sockios.h> 37 #include <linux/net.h> 38 #include <linux/skbuff.h> 39 #include <linux/init.h> 40 #include <linux/netfilter.h> 41 #include <linux/slab.h> 42 43 #ifdef CONFIG_SYSCTL 44 #include <linux/sysctl.h> 45 #endif 46 47 #include <linux/inet.h> 48 #include <linux/netdevice.h> 49 #include <linux/icmpv6.h> 50 51 #include <net/ip.h> 52 #include <net/sock.h> 53 54 #include <net/ipv6.h> 55 #include <net/ip6_checksum.h> 56 #include <net/ping.h> 57 #include <net/protocol.h> 58 #include <net/raw.h> 59 #include <net/rawv6.h> 60 #include <net/seg6.h> 61 #include <net/transp_v6.h> 62 #include <net/ip6_route.h> 63 #include <net/addrconf.h> 64 #include <net/icmp.h> 65 #include <net/xfrm.h> 66 #include <net/inet_common.h> 67 #include <net/dsfield.h> 68 #include <net/l3mdev.h> 69 70 #include <linux/uaccess.h> 71 72 static DEFINE_PER_CPU(struct sock *, ipv6_icmp_sk); 73 74 static int icmpv6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, 75 u8 type, u8 code, int offset, __be32 info) 76 { 77 /* icmpv6_notify checks 8 bytes can be pulled, icmp6hdr is 8 bytes */ 78 struct icmp6hdr *icmp6 = (struct icmp6hdr *) (skb->data + offset); 79 struct net *net = dev_net_rcu(skb->dev); 80 81 if (type == ICMPV6_PKT_TOOBIG) 82 ip6_update_pmtu(skb, net, info, skb->dev->ifindex, 0, sock_net_uid(net, NULL)); 83 else if (type == NDISC_REDIRECT) 84 ip6_redirect(skb, net, skb->dev->ifindex, 0, 85 sock_net_uid(net, NULL)); 86 87 if (!(type & ICMPV6_INFOMSG_MASK)) 88 if (icmp6->icmp6_type == ICMPV6_ECHO_REQUEST) 89 ping_err(skb, offset, ntohl(info)); 90 91 return 0; 92 } 93 94 static int icmpv6_rcv(struct sk_buff *skb); 95 96 static const struct inet6_protocol icmpv6_protocol = { 97 .handler = icmpv6_rcv, 98 .err_handler = icmpv6_err, 99 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL, 100 }; 101 102 /* Called with BH disabled */ 103 static struct sock *icmpv6_xmit_lock(struct net *net) 104 { 105 struct sock *sk; 106 107 sk = this_cpu_read(ipv6_icmp_sk); 108 if (unlikely(!spin_trylock(&sk->sk_lock.slock))) { 109 /* This can happen if the output path (f.e. SIT or 110 * ip6ip6 tunnel) signals dst_link_failure() for an 111 * outgoing ICMP6 packet. 112 */ 113 return NULL; 114 } 115 sock_net_set(sk, net); 116 return sk; 117 } 118 119 static void icmpv6_xmit_unlock(struct sock *sk) 120 { 121 sock_net_set(sk, &init_net); 122 spin_unlock(&sk->sk_lock.slock); 123 } 124 125 /* 126 * Figure out, may we reply to this packet with icmp error. 127 * 128 * We do not reply, if: 129 * - it was icmp error message. 130 * - it is truncated, so that it is known, that protocol is ICMPV6 131 * (i.e. in the middle of some exthdr) 132 * 133 * --ANK (980726) 134 */ 135 136 static bool is_ineligible(const struct sk_buff *skb) 137 { 138 int ptr = (u8 *)(ipv6_hdr(skb) + 1) - skb->data; 139 int len = skb->len - ptr; 140 __u8 nexthdr = ipv6_hdr(skb)->nexthdr; 141 __be16 frag_off; 142 143 if (len < 0) 144 return true; 145 146 ptr = ipv6_skip_exthdr(skb, ptr, &nexthdr, &frag_off); 147 if (ptr < 0) 148 return false; 149 if (nexthdr == IPPROTO_ICMPV6) { 150 u8 _type, *tp; 151 tp = skb_header_pointer(skb, 152 ptr+offsetof(struct icmp6hdr, icmp6_type), 153 sizeof(_type), &_type); 154 155 /* Based on RFC 8200, Section 4.5 Fragment Header, return 156 * false if this is a fragment packet with no icmp header info. 157 */ 158 if (!tp && frag_off != 0) 159 return false; 160 else if (!tp || !(*tp & ICMPV6_INFOMSG_MASK)) 161 return true; 162 } 163 return false; 164 } 165 166 static bool icmpv6_mask_allow(struct net *net, int type) 167 { 168 if (type > ICMPV6_MSG_MAX) 169 return true; 170 171 /* Limit if icmp type is set in ratemask. */ 172 if (!test_bit(type, net->ipv6.sysctl.icmpv6_ratemask)) 173 return true; 174 175 return false; 176 } 177 178 static bool icmpv6_global_allow(struct net *net, int type, 179 bool *apply_ratelimit) 180 { 181 if (icmpv6_mask_allow(net, type)) 182 return true; 183 184 if (icmp_global_allow(net)) { 185 *apply_ratelimit = true; 186 return true; 187 } 188 __ICMP_INC_STATS(net, ICMP_MIB_RATELIMITGLOBAL); 189 return false; 190 } 191 192 /* 193 * Check the ICMP output rate limit 194 */ 195 static bool icmpv6_xrlim_allow(struct sock *sk, u8 type, 196 struct flowi6 *fl6, bool apply_ratelimit) 197 { 198 struct net *net = sock_net(sk); 199 struct net_device *dev; 200 struct dst_entry *dst; 201 bool res = false; 202 203 if (!apply_ratelimit) 204 return true; 205 206 /* 207 * Look up the output route. 208 * XXX: perhaps the expire for routing entries cloned by 209 * this lookup should be more aggressive (not longer than timeout). 210 */ 211 dst = ip6_route_output(net, sk, fl6); 212 rcu_read_lock(); 213 dev = dst_dev_rcu(dst); 214 if (dst->error) { 215 IP6_INC_STATS(net, ip6_dst_idev(dst), 216 IPSTATS_MIB_OUTNOROUTES); 217 } else if (dev && (dev->flags & IFF_LOOPBACK)) { 218 res = true; 219 } else { 220 int tmo = READ_ONCE(net->ipv6.sysctl.icmpv6_time); 221 struct inet_peer *peer; 222 223 if (!tmo) { 224 res = true; 225 } else { 226 peer = inet_getpeer_v6(net->ipv6.peers, &fl6->daddr); 227 res = inet_peer_xrlim_allow(peer, tmo); 228 } 229 } 230 rcu_read_unlock(); 231 if (!res) 232 __ICMP6_INC_STATS(net, NULL, ICMP6_MIB_RATELIMITHOST); 233 else 234 icmp_global_consume(net); 235 dst_release(dst); 236 return res; 237 } 238 239 static bool icmpv6_rt_has_prefsrc(struct sock *sk, u8 type, 240 struct flowi6 *fl6) 241 { 242 struct net *net = sock_net(sk); 243 struct dst_entry *dst; 244 bool res = false; 245 246 dst = ip6_route_output(net, sk, fl6); 247 if (!dst->error) { 248 struct rt6_info *rt = dst_rt6_info(dst); 249 struct in6_addr prefsrc; 250 251 rt6_get_prefsrc(rt, &prefsrc); 252 res = !ipv6_addr_any(&prefsrc); 253 } 254 dst_release(dst); 255 return res; 256 } 257 258 /* 259 * an inline helper for the "simple" if statement below 260 * checks if parameter problem report is caused by an 261 * unrecognized IPv6 option that has the Option Type 262 * highest-order two bits set to 10 263 */ 264 265 static bool opt_unrec(struct sk_buff *skb, __u32 offset) 266 { 267 u8 _optval, *op; 268 269 offset += skb_network_offset(skb); 270 op = skb_header_pointer(skb, offset, sizeof(_optval), &_optval); 271 if (!op) 272 return true; 273 return (*op & 0xC0) == 0x80; 274 } 275 276 void icmpv6_push_pending_frames(struct sock *sk, struct flowi6 *fl6, 277 struct icmp6hdr *thdr, int len) 278 { 279 struct sk_buff *skb; 280 struct icmp6hdr *icmp6h; 281 282 skb = skb_peek(&sk->sk_write_queue); 283 if (!skb) 284 return; 285 286 icmp6h = icmp6_hdr(skb); 287 memcpy(icmp6h, thdr, sizeof(struct icmp6hdr)); 288 icmp6h->icmp6_cksum = 0; 289 290 if (skb_queue_len(&sk->sk_write_queue) == 1) { 291 skb->csum = csum_partial(icmp6h, 292 sizeof(struct icmp6hdr), skb->csum); 293 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr, 294 &fl6->daddr, 295 len, fl6->flowi6_proto, 296 skb->csum); 297 } else { 298 __wsum tmp_csum = 0; 299 300 skb_queue_walk(&sk->sk_write_queue, skb) { 301 tmp_csum = csum_add(tmp_csum, skb->csum); 302 } 303 304 tmp_csum = csum_partial(icmp6h, 305 sizeof(struct icmp6hdr), tmp_csum); 306 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr, 307 &fl6->daddr, 308 len, fl6->flowi6_proto, 309 tmp_csum); 310 } 311 ip6_push_pending_frames(sk); 312 } 313 314 struct icmpv6_msg { 315 struct sk_buff *skb; 316 int offset; 317 uint8_t type; 318 }; 319 320 static int icmpv6_getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb) 321 { 322 struct icmpv6_msg *msg = (struct icmpv6_msg *) from; 323 struct sk_buff *org_skb = msg->skb; 324 __wsum csum; 325 326 csum = skb_copy_and_csum_bits(org_skb, msg->offset + offset, 327 to, len); 328 skb->csum = csum_block_add(skb->csum, csum, odd); 329 if (!(msg->type & ICMPV6_INFOMSG_MASK)) 330 nf_ct_attach(skb, org_skb); 331 return 0; 332 } 333 334 #if IS_ENABLED(CONFIG_IPV6_MIP6) 335 static void mip6_addr_swap(struct sk_buff *skb, const struct inet6_skb_parm *opt) 336 { 337 struct ipv6hdr *iph = ipv6_hdr(skb); 338 struct ipv6_destopt_hao *hao; 339 int off; 340 341 if (opt->dsthao) { 342 off = ipv6_find_tlv(skb, opt->dsthao, IPV6_TLV_HAO); 343 if (likely(off >= 0)) { 344 hao = (struct ipv6_destopt_hao *) 345 (skb_network_header(skb) + off); 346 swap(iph->saddr, hao->addr); 347 } 348 } 349 } 350 #else 351 static inline void mip6_addr_swap(struct sk_buff *skb, const struct inet6_skb_parm *opt) {} 352 #endif 353 354 static struct dst_entry *icmpv6_route_lookup(struct net *net, 355 struct sk_buff *skb, 356 struct sock *sk, 357 struct flowi6 *fl6) 358 { 359 struct dst_entry *dst, *dst2; 360 struct flowi6 fl2; 361 int err; 362 363 err = ip6_dst_lookup(net, sk, &dst, fl6); 364 if (err) 365 return ERR_PTR(err); 366 367 /* 368 * We won't send icmp if the destination is known 369 * anycast unless we need to treat anycast as unicast. 370 */ 371 if (!READ_ONCE(net->ipv6.sysctl.icmpv6_error_anycast_as_unicast) && 372 ipv6_anycast_destination(dst, &fl6->daddr)) { 373 net_dbg_ratelimited("icmp6_send: acast source\n"); 374 dst_release(dst); 375 return ERR_PTR(-EINVAL); 376 } 377 378 /* No need to clone since we're just using its address. */ 379 dst2 = dst; 380 381 dst = xfrm_lookup(net, dst, flowi6_to_flowi(fl6), sk, 0); 382 if (!IS_ERR(dst)) { 383 if (dst != dst2) 384 return dst; 385 } else { 386 if (PTR_ERR(dst) == -EPERM) 387 dst = NULL; 388 else 389 return dst; 390 } 391 392 err = xfrm_decode_session_reverse(net, skb, flowi6_to_flowi(&fl2), AF_INET6); 393 if (err) 394 goto relookup_failed; 395 396 err = ip6_dst_lookup(net, sk, &dst2, &fl2); 397 if (err) 398 goto relookup_failed; 399 400 dst2 = xfrm_lookup(net, dst2, flowi6_to_flowi(&fl2), sk, XFRM_LOOKUP_ICMP); 401 if (!IS_ERR(dst2)) { 402 dst_release(dst); 403 dst = dst2; 404 } else { 405 err = PTR_ERR(dst2); 406 if (err == -EPERM) { 407 dst_release(dst); 408 return dst2; 409 } else 410 goto relookup_failed; 411 } 412 413 relookup_failed: 414 if (dst) 415 return dst; 416 return ERR_PTR(err); 417 } 418 419 static struct net_device *icmp6_dev(const struct sk_buff *skb) 420 { 421 struct net_device *dev = skb->dev; 422 423 /* for local traffic to local address, skb dev is the loopback 424 * device. Check if there is a dst attached to the skb and if so 425 * get the real device index. Same is needed for replies to a link 426 * local address on a device enslaved to an L3 master device 427 */ 428 if (unlikely(dev->ifindex == LOOPBACK_IFINDEX || netif_is_l3_master(skb->dev))) { 429 const struct rt6_info *rt6 = skb_rt6_info(skb); 430 431 /* The destination could be an external IP in Ext Hdr (SRv6, RPL, etc.), 432 * and ip6_null_entry could be set to skb if no route is found. 433 */ 434 if (rt6 && rt6->rt6i_idev) 435 dev = rt6->rt6i_idev->dev; 436 } 437 438 return dev; 439 } 440 441 static int icmp6_iif(const struct sk_buff *skb) 442 { 443 return icmp6_dev(skb)->ifindex; 444 } 445 446 struct icmp6_ext_iio_addr6_subobj { 447 __be16 afi; 448 __be16 reserved; 449 struct in6_addr addr6; 450 }; 451 452 static unsigned int icmp6_ext_iio_len(void) 453 { 454 return sizeof(struct icmp_extobj_hdr) + 455 /* ifIndex */ 456 sizeof(__be32) + 457 /* Interface Address Sub-Object */ 458 sizeof(struct icmp6_ext_iio_addr6_subobj) + 459 /* Interface Name Sub-Object. Length must be a multiple of 4 460 * bytes. 461 */ 462 ALIGN(sizeof(struct icmp_ext_iio_name_subobj), 4) + 463 /* MTU */ 464 sizeof(__be32); 465 } 466 467 static unsigned int icmp6_ext_max_len(u8 ext_objs) 468 { 469 unsigned int ext_max_len; 470 471 ext_max_len = sizeof(struct icmp_ext_hdr); 472 473 if (ext_objs & BIT(ICMP_ERR_EXT_IIO_IIF)) 474 ext_max_len += icmp6_ext_iio_len(); 475 476 return ext_max_len; 477 } 478 479 static struct in6_addr *icmp6_ext_iio_addr6_find(const struct net_device *dev) 480 { 481 struct inet6_dev *in6_dev; 482 struct inet6_ifaddr *ifa; 483 484 in6_dev = __in6_dev_get(dev); 485 if (!in6_dev) 486 return NULL; 487 488 /* It is unclear from RFC 5837 which IP address should be chosen, but 489 * it makes sense to choose a global unicast address. 490 */ 491 list_for_each_entry_rcu(ifa, &in6_dev->addr_list, if_list) { 492 if (ifa->flags & (IFA_F_TENTATIVE | IFA_F_DADFAILED)) 493 continue; 494 if (ipv6_addr_type(&ifa->addr) != IPV6_ADDR_UNICAST || 495 ipv6_addr_src_scope(&ifa->addr) != IPV6_ADDR_SCOPE_GLOBAL) 496 continue; 497 return &ifa->addr; 498 } 499 500 return NULL; 501 } 502 503 static void icmp6_ext_iio_iif_append(struct net *net, struct sk_buff *skb, 504 int iif) 505 { 506 struct icmp_ext_iio_name_subobj *name_subobj; 507 struct icmp_extobj_hdr *objh; 508 struct net_device *dev; 509 struct in6_addr *addr6; 510 __be32 data; 511 512 if (!iif) 513 return; 514 515 /* Add the fields in the order specified by RFC 5837. */ 516 objh = skb_put(skb, sizeof(*objh)); 517 objh->class_num = ICMP_EXT_OBJ_CLASS_IIO; 518 objh->class_type = ICMP_EXT_CTYPE_IIO_ROLE(ICMP_EXT_CTYPE_IIO_ROLE_IIF); 519 520 data = htonl(iif); 521 skb_put_data(skb, &data, sizeof(__be32)); 522 objh->class_type |= ICMP_EXT_CTYPE_IIO_IFINDEX; 523 524 rcu_read_lock(); 525 526 dev = dev_get_by_index_rcu(net, iif); 527 if (!dev) 528 goto out; 529 530 addr6 = icmp6_ext_iio_addr6_find(dev); 531 if (addr6) { 532 struct icmp6_ext_iio_addr6_subobj *addr6_subobj; 533 534 addr6_subobj = skb_put_zero(skb, sizeof(*addr6_subobj)); 535 addr6_subobj->afi = htons(ICMP_AFI_IP6); 536 addr6_subobj->addr6 = *addr6; 537 objh->class_type |= ICMP_EXT_CTYPE_IIO_IPADDR; 538 } 539 540 name_subobj = skb_put_zero(skb, ALIGN(sizeof(*name_subobj), 4)); 541 name_subobj->len = ALIGN(sizeof(*name_subobj), 4); 542 netdev_copy_name(dev, name_subobj->name); 543 objh->class_type |= ICMP_EXT_CTYPE_IIO_NAME; 544 545 data = htonl(READ_ONCE(dev->mtu)); 546 skb_put_data(skb, &data, sizeof(__be32)); 547 objh->class_type |= ICMP_EXT_CTYPE_IIO_MTU; 548 549 out: 550 rcu_read_unlock(); 551 objh->length = htons(skb_tail_pointer(skb) - (unsigned char *)objh); 552 } 553 554 static void icmp6_ext_objs_append(struct net *net, struct sk_buff *skb, 555 u8 ext_objs, int iif) 556 { 557 if (ext_objs & BIT(ICMP_ERR_EXT_IIO_IIF)) 558 icmp6_ext_iio_iif_append(net, skb, iif); 559 } 560 561 static struct sk_buff * 562 icmp6_ext_append(struct net *net, struct sk_buff *skb_in, 563 struct icmp6hdr *icmp6h, unsigned int room, int iif) 564 { 565 unsigned int payload_len, ext_max_len, ext_len; 566 struct icmp_ext_hdr *ext_hdr; 567 struct sk_buff *skb; 568 u8 ext_objs; 569 int nhoff; 570 571 switch (icmp6h->icmp6_type) { 572 case ICMPV6_DEST_UNREACH: 573 case ICMPV6_TIME_EXCEED: 574 break; 575 default: 576 return NULL; 577 } 578 579 /* Do not overwrite existing extensions. This can happen when we 580 * receive an ICMPv4 message with extensions from a tunnel and 581 * translate it to an ICMPv6 message towards an IPv6 host in the 582 * overlay network. 583 */ 584 if (icmp6h->icmp6_datagram_len) 585 return NULL; 586 587 ext_objs = READ_ONCE(net->ipv6.sysctl.icmpv6_errors_extension_mask); 588 if (!ext_objs) 589 return NULL; 590 591 ext_max_len = icmp6_ext_max_len(ext_objs); 592 if (ICMP_EXT_ORIG_DGRAM_MIN_LEN + ext_max_len > room) 593 return NULL; 594 595 skb = skb_clone(skb_in, GFP_ATOMIC); 596 if (!skb) 597 return NULL; 598 599 nhoff = skb_network_offset(skb); 600 payload_len = min(skb->len - nhoff, ICMP_EXT_ORIG_DGRAM_MIN_LEN); 601 602 if (!pskb_network_may_pull(skb, payload_len)) 603 goto free_skb; 604 605 if (pskb_trim(skb, nhoff + ICMP_EXT_ORIG_DGRAM_MIN_LEN) || 606 __skb_put_padto(skb, nhoff + ICMP_EXT_ORIG_DGRAM_MIN_LEN, false)) 607 goto free_skb; 608 609 if (pskb_expand_head(skb, 0, ext_max_len, GFP_ATOMIC)) 610 goto free_skb; 611 612 ext_hdr = skb_put_zero(skb, sizeof(*ext_hdr)); 613 ext_hdr->version = ICMP_EXT_VERSION_2; 614 615 icmp6_ext_objs_append(net, skb, ext_objs, iif); 616 617 /* Do not send an empty extension structure. */ 618 ext_len = skb_tail_pointer(skb) - (unsigned char *)ext_hdr; 619 if (ext_len == sizeof(*ext_hdr)) 620 goto free_skb; 621 622 ext_hdr->checksum = ip_compute_csum(ext_hdr, ext_len); 623 /* The length of the original datagram in 64-bit words (RFC 4884). */ 624 icmp6h->icmp6_datagram_len = ICMP_EXT_ORIG_DGRAM_MIN_LEN / sizeof(u64); 625 626 return skb; 627 628 free_skb: 629 consume_skb(skb); 630 return NULL; 631 } 632 633 /* 634 * Send an ICMP message in response to a packet in error 635 */ 636 void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info, 637 const struct in6_addr *force_saddr, 638 const struct inet6_skb_parm *parm) 639 { 640 struct inet6_dev *idev = NULL; 641 struct ipv6hdr *hdr = ipv6_hdr(skb); 642 struct sock *sk; 643 struct net *net; 644 struct ipv6_pinfo *np; 645 const struct in6_addr *saddr = NULL; 646 bool apply_ratelimit = false; 647 struct sk_buff *ext_skb; 648 struct dst_entry *dst; 649 unsigned int room; 650 struct icmp6hdr tmp_hdr; 651 struct flowi6 fl6; 652 struct icmpv6_msg msg; 653 struct ipcm6_cookie ipc6; 654 int iif = 0; 655 int addr_type = 0; 656 int len; 657 u32 mark; 658 659 if ((u8 *)hdr < skb->head || 660 (skb_network_header(skb) + sizeof(*hdr)) > skb_tail_pointer(skb)) 661 return; 662 663 if (!skb->dev) 664 return; 665 666 rcu_read_lock(); 667 668 net = dev_net_rcu(skb->dev); 669 mark = IP6_REPLY_MARK(net, skb->mark); 670 /* 671 * Make sure we respect the rules 672 * i.e. RFC 1885 2.4(e) 673 * Rule (e.1) is enforced by not using icmp6_send 674 * in any code that processes icmp errors. 675 */ 676 addr_type = ipv6_addr_type(&hdr->daddr); 677 678 if (ipv6_chk_addr(net, &hdr->daddr, skb->dev, 0) || 679 ipv6_chk_acast_addr_src(net, skb->dev, &hdr->daddr)) 680 saddr = &hdr->daddr; 681 682 /* 683 * Dest addr check 684 */ 685 686 if (addr_type & IPV6_ADDR_MULTICAST || skb->pkt_type != PACKET_HOST) { 687 if (type != ICMPV6_PKT_TOOBIG && 688 !(type == ICMPV6_PARAMPROB && 689 code == ICMPV6_UNK_OPTION && 690 (opt_unrec(skb, info)))) 691 goto out; 692 693 saddr = NULL; 694 } 695 696 addr_type = ipv6_addr_type(&hdr->saddr); 697 698 /* 699 * Source addr check 700 */ 701 702 if (__ipv6_addr_needs_scope_id(addr_type)) { 703 iif = icmp6_iif(skb); 704 } else { 705 /* 706 * The source device is used for looking up which routing table 707 * to use for sending an ICMP error. 708 */ 709 iif = l3mdev_master_ifindex(skb->dev); 710 } 711 712 /* 713 * Must not send error if the source does not uniquely 714 * identify a single node (RFC2463 Section 2.4). 715 * We check unspecified / multicast addresses here, 716 * and anycast addresses will be checked later. 717 */ 718 if ((addr_type == IPV6_ADDR_ANY) || (addr_type & IPV6_ADDR_MULTICAST)) { 719 net_dbg_ratelimited("icmp6_send: addr_any/mcast source [%pI6c > %pI6c]\n", 720 &hdr->saddr, &hdr->daddr); 721 goto out; 722 } 723 724 /* 725 * Never answer to a ICMP packet. 726 */ 727 if (is_ineligible(skb)) { 728 net_dbg_ratelimited("icmp6_send: no reply to icmp error [%pI6c > %pI6c]\n", 729 &hdr->saddr, &hdr->daddr); 730 goto out; 731 } 732 733 /* Needed by both icmpv6_global_allow and icmpv6_xmit_lock */ 734 local_bh_disable(); 735 736 /* Check global sysctl_icmp_msgs_per_sec ratelimit */ 737 if (!(skb->dev->flags & IFF_LOOPBACK) && 738 !icmpv6_global_allow(net, type, &apply_ratelimit)) 739 goto out_bh_enable; 740 741 mip6_addr_swap(skb, parm); 742 743 sk = icmpv6_xmit_lock(net); 744 if (!sk) 745 goto out_bh_enable; 746 747 memset(&fl6, 0, sizeof(fl6)); 748 fl6.flowi6_proto = IPPROTO_ICMPV6; 749 fl6.daddr = hdr->saddr; 750 if (force_saddr) 751 saddr = force_saddr; 752 if (saddr) { 753 fl6.saddr = *saddr; 754 } else if (!icmpv6_rt_has_prefsrc(sk, type, &fl6)) { 755 /* select a more meaningful saddr from input if */ 756 struct net_device *in_netdev; 757 758 in_netdev = dev_get_by_index(net, parm->iif); 759 if (in_netdev) { 760 ipv6_dev_get_saddr(net, in_netdev, &fl6.daddr, 761 inet6_sk(sk)->srcprefs, 762 &fl6.saddr); 763 dev_put(in_netdev); 764 } 765 } 766 fl6.flowi6_mark = mark; 767 fl6.flowi6_oif = iif; 768 fl6.fl6_icmp_type = type; 769 fl6.fl6_icmp_code = code; 770 fl6.flowi6_uid = sock_net_uid(net, NULL); 771 fl6.mp_hash = rt6_multipath_hash(net, &fl6, skb, NULL); 772 security_skb_classify_flow(skb, flowi6_to_flowi_common(&fl6)); 773 774 np = inet6_sk(sk); 775 776 if (!icmpv6_xrlim_allow(sk, type, &fl6, apply_ratelimit)) 777 goto out_unlock; 778 779 tmp_hdr.icmp6_type = type; 780 tmp_hdr.icmp6_code = code; 781 tmp_hdr.icmp6_cksum = 0; 782 tmp_hdr.icmp6_pointer = htonl(info); 783 784 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr)) 785 fl6.flowi6_oif = READ_ONCE(np->mcast_oif); 786 else if (!fl6.flowi6_oif) 787 fl6.flowi6_oif = READ_ONCE(np->ucast_oif); 788 789 ipcm6_init_sk(&ipc6, sk); 790 ipc6.sockc.mark = mark; 791 fl6.flowlabel = ip6_make_flowinfo(ipc6.tclass, fl6.flowlabel); 792 793 dst = icmpv6_route_lookup(net, skb, sk, &fl6); 794 if (IS_ERR(dst)) 795 goto out_unlock; 796 797 ipc6.hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst); 798 799 msg.skb = skb; 800 msg.offset = skb_network_offset(skb); 801 msg.type = type; 802 803 room = IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(struct icmp6hdr); 804 ext_skb = icmp6_ext_append(net, skb, &tmp_hdr, room, parm->iif); 805 if (ext_skb) 806 msg.skb = ext_skb; 807 808 len = msg.skb->len - msg.offset; 809 len = min_t(unsigned int, len, room); 810 if (len < 0) { 811 net_dbg_ratelimited("icmp: len problem [%pI6c > %pI6c]\n", 812 &hdr->saddr, &hdr->daddr); 813 goto out_dst_release; 814 } 815 816 idev = __in6_dev_get(skb->dev); 817 818 if (ip6_append_data(sk, icmpv6_getfrag, &msg, 819 len + sizeof(struct icmp6hdr), 820 sizeof(struct icmp6hdr), 821 &ipc6, &fl6, dst_rt6_info(dst), 822 MSG_DONTWAIT)) { 823 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTERRORS); 824 ip6_flush_pending_frames(sk); 825 } else { 826 icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr, 827 len + sizeof(struct icmp6hdr)); 828 } 829 830 out_dst_release: 831 if (ext_skb) 832 consume_skb(ext_skb); 833 dst_release(dst); 834 out_unlock: 835 icmpv6_xmit_unlock(sk); 836 out_bh_enable: 837 local_bh_enable(); 838 out: 839 rcu_read_unlock(); 840 } 841 EXPORT_SYMBOL(icmp6_send); 842 843 /* Slightly more convenient version of icmp6_send with drop reasons. 844 */ 845 void icmpv6_param_prob_reason(struct sk_buff *skb, u8 code, int pos, 846 enum skb_drop_reason reason) 847 { 848 icmp6_send(skb, ICMPV6_PARAMPROB, code, pos, NULL, IP6CB(skb)); 849 kfree_skb_reason(skb, reason); 850 } 851 852 /* Generate icmpv6 with type/code ICMPV6_DEST_UNREACH/ICMPV6_ADDR_UNREACH 853 * if sufficient data bytes are available 854 * @nhs is the size of the tunnel header(s) : 855 * Either an IPv4 header for SIT encap 856 * an IPv4 header + GRE header for GRE encap 857 */ 858 int ip6_err_gen_icmpv6_unreach(struct sk_buff *skb, int nhs, int type, 859 unsigned int data_len) 860 { 861 struct in6_addr temp_saddr; 862 struct rt6_info *rt; 863 struct sk_buff *skb2; 864 u32 info = 0; 865 866 if (!pskb_may_pull(skb, nhs + sizeof(struct ipv6hdr) + 8)) 867 return 1; 868 869 /* RFC 4884 (partial) support for ICMP extensions */ 870 if (data_len < 128 || (data_len & 7) || skb->len < data_len) 871 data_len = 0; 872 873 skb2 = data_len ? skb_copy(skb, GFP_ATOMIC) : skb_clone(skb, GFP_ATOMIC); 874 875 if (!skb2) 876 return 1; 877 878 skb_dst_drop(skb2); 879 skb_pull(skb2, nhs); 880 skb_reset_network_header(skb2); 881 882 rt = rt6_lookup(dev_net_rcu(skb->dev), &ipv6_hdr(skb2)->saddr, 883 NULL, 0, skb, 0); 884 885 if (rt && rt->dst.dev) 886 skb2->dev = rt->dst.dev; 887 888 ipv6_addr_set_v4mapped(ip_hdr(skb)->saddr, &temp_saddr); 889 890 if (data_len) { 891 /* RFC 4884 (partial) support : 892 * insert 0 padding at the end, before the extensions 893 */ 894 __skb_push(skb2, nhs); 895 skb_reset_network_header(skb2); 896 memmove(skb2->data, skb2->data + nhs, data_len - nhs); 897 memset(skb2->data + data_len - nhs, 0, nhs); 898 /* RFC 4884 4.5 : Length is measured in 64-bit words, 899 * and stored in reserved[0] 900 */ 901 info = (data_len/8) << 24; 902 } 903 if (type == ICMP_TIME_EXCEEDED) 904 icmp6_send(skb2, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT, 905 info, &temp_saddr, IP6CB(skb2)); 906 else 907 icmp6_send(skb2, ICMPV6_DEST_UNREACH, ICMPV6_ADDR_UNREACH, 908 info, &temp_saddr, IP6CB(skb2)); 909 if (rt) 910 ip6_rt_put(rt); 911 912 kfree_skb(skb2); 913 914 return 0; 915 } 916 EXPORT_SYMBOL(ip6_err_gen_icmpv6_unreach); 917 918 static enum skb_drop_reason icmpv6_echo_reply(struct sk_buff *skb) 919 { 920 struct net *net = dev_net_rcu(skb->dev); 921 struct sock *sk; 922 struct inet6_dev *idev; 923 struct ipv6_pinfo *np; 924 const struct in6_addr *saddr = NULL; 925 struct icmp6hdr *icmph = icmp6_hdr(skb); 926 bool apply_ratelimit = false; 927 struct icmp6hdr tmp_hdr; 928 struct flowi6 fl6; 929 struct icmpv6_msg msg; 930 struct dst_entry *dst; 931 struct ipcm6_cookie ipc6; 932 u32 mark = IP6_REPLY_MARK(net, skb->mark); 933 SKB_DR(reason); 934 bool acast; 935 u8 type; 936 937 if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr) && 938 net->ipv6.sysctl.icmpv6_echo_ignore_multicast) 939 return reason; 940 941 saddr = &ipv6_hdr(skb)->daddr; 942 943 acast = ipv6_anycast_destination(skb_dst(skb), saddr); 944 if (acast && net->ipv6.sysctl.icmpv6_echo_ignore_anycast) 945 return reason; 946 947 if (!ipv6_unicast_destination(skb) && 948 !(net->ipv6.sysctl.anycast_src_echo_reply && acast)) 949 saddr = NULL; 950 951 if (icmph->icmp6_type == ICMPV6_EXT_ECHO_REQUEST) 952 type = ICMPV6_EXT_ECHO_REPLY; 953 else 954 type = ICMPV6_ECHO_REPLY; 955 956 memcpy(&tmp_hdr, icmph, sizeof(tmp_hdr)); 957 tmp_hdr.icmp6_type = type; 958 959 memset(&fl6, 0, sizeof(fl6)); 960 if (READ_ONCE(net->ipv6.sysctl.flowlabel_reflect) & 961 FLOWLABEL_REFLECT_ICMPV6_ECHO_REPLIES) 962 fl6.flowlabel = ip6_flowlabel(ipv6_hdr(skb)); 963 964 fl6.flowi6_proto = IPPROTO_ICMPV6; 965 fl6.daddr = ipv6_hdr(skb)->saddr; 966 if (saddr) 967 fl6.saddr = *saddr; 968 fl6.flowi6_oif = ipv6_addr_loopback(&fl6.daddr) ? 969 skb->dev->ifindex : 970 icmp6_iif(skb); 971 fl6.fl6_icmp_type = type; 972 fl6.flowi6_mark = mark; 973 fl6.flowi6_uid = sock_net_uid(net, NULL); 974 security_skb_classify_flow(skb, flowi6_to_flowi_common(&fl6)); 975 976 local_bh_disable(); 977 sk = icmpv6_xmit_lock(net); 978 if (!sk) 979 goto out_bh_enable; 980 np = inet6_sk(sk); 981 982 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr)) 983 fl6.flowi6_oif = READ_ONCE(np->mcast_oif); 984 else if (!fl6.flowi6_oif) 985 fl6.flowi6_oif = READ_ONCE(np->ucast_oif); 986 987 if (ip6_dst_lookup(net, sk, &dst, &fl6)) 988 goto out; 989 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), sk, 0); 990 if (IS_ERR(dst)) 991 goto out; 992 993 /* Check the ratelimit */ 994 if ((!(skb->dev->flags & IFF_LOOPBACK) && 995 !icmpv6_global_allow(net, ICMPV6_ECHO_REPLY, &apply_ratelimit)) || 996 !icmpv6_xrlim_allow(sk, ICMPV6_ECHO_REPLY, &fl6, apply_ratelimit)) 997 goto out_dst_release; 998 999 idev = __in6_dev_get(skb->dev); 1000 1001 msg.skb = skb; 1002 msg.offset = 0; 1003 msg.type = type; 1004 1005 ipcm6_init_sk(&ipc6, sk); 1006 ipc6.hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst); 1007 ipc6.tclass = ipv6_get_dsfield(ipv6_hdr(skb)); 1008 ipc6.sockc.mark = mark; 1009 1010 if (icmph->icmp6_type == ICMPV6_EXT_ECHO_REQUEST) 1011 if (!icmp_build_probe(skb, (struct icmphdr *)&tmp_hdr)) 1012 goto out_dst_release; 1013 1014 if (ip6_append_data(sk, icmpv6_getfrag, &msg, 1015 skb->len + sizeof(struct icmp6hdr), 1016 sizeof(struct icmp6hdr), &ipc6, &fl6, 1017 dst_rt6_info(dst), MSG_DONTWAIT)) { 1018 __ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTERRORS); 1019 ip6_flush_pending_frames(sk); 1020 } else { 1021 icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr, 1022 skb->len + sizeof(struct icmp6hdr)); 1023 reason = SKB_CONSUMED; 1024 } 1025 out_dst_release: 1026 dst_release(dst); 1027 out: 1028 icmpv6_xmit_unlock(sk); 1029 out_bh_enable: 1030 local_bh_enable(); 1031 return reason; 1032 } 1033 1034 enum skb_drop_reason icmpv6_notify(struct sk_buff *skb, u8 type, 1035 u8 code, __be32 info) 1036 { 1037 struct inet6_skb_parm *opt = IP6CB(skb); 1038 struct net *net = dev_net_rcu(skb->dev); 1039 const struct inet6_protocol *ipprot; 1040 enum skb_drop_reason reason; 1041 int inner_offset; 1042 __be16 frag_off; 1043 u8 nexthdr; 1044 1045 reason = pskb_may_pull_reason(skb, sizeof(struct ipv6hdr)); 1046 if (reason != SKB_NOT_DROPPED_YET) 1047 goto out; 1048 1049 seg6_icmp_srh(skb, opt); 1050 1051 nexthdr = ((struct ipv6hdr *)skb->data)->nexthdr; 1052 if (ipv6_ext_hdr(nexthdr)) { 1053 /* now skip over extension headers */ 1054 inner_offset = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), 1055 &nexthdr, &frag_off); 1056 if (inner_offset < 0) { 1057 SKB_DR_SET(reason, IPV6_BAD_EXTHDR); 1058 goto out; 1059 } 1060 } else { 1061 inner_offset = sizeof(struct ipv6hdr); 1062 } 1063 1064 /* Checkin header including 8 bytes of inner protocol header. */ 1065 reason = pskb_may_pull_reason(skb, inner_offset + 8); 1066 if (reason != SKB_NOT_DROPPED_YET) 1067 goto out; 1068 1069 if (nexthdr == IPPROTO_RAW) { 1070 /* Add a more specific reason later ? */ 1071 reason = SKB_DROP_REASON_NOT_SPECIFIED; 1072 goto out; 1073 } 1074 1075 /* BUGGG_FUTURE: we should try to parse exthdrs in this packet. 1076 Without this we will not able f.e. to make source routed 1077 pmtu discovery. 1078 Corresponding argument (opt) to notifiers is already added. 1079 --ANK (980726) 1080 */ 1081 1082 ipprot = rcu_dereference(inet6_protos[nexthdr]); 1083 if (ipprot && ipprot->err_handler) 1084 ipprot->err_handler(skb, opt, type, code, inner_offset, info); 1085 1086 raw6_icmp_error(skb, nexthdr, type, code, inner_offset, info); 1087 return SKB_CONSUMED; 1088 1089 out: 1090 __ICMP6_INC_STATS(net, __in6_dev_get(skb->dev), ICMP6_MIB_INERRORS); 1091 return reason; 1092 } 1093 1094 /* 1095 * Handle icmp messages 1096 */ 1097 1098 static int icmpv6_rcv(struct sk_buff *skb) 1099 { 1100 enum skb_drop_reason reason = SKB_DROP_REASON_NOT_SPECIFIED; 1101 struct net *net = dev_net_rcu(skb->dev); 1102 struct net_device *dev = icmp6_dev(skb); 1103 struct inet6_dev *idev = __in6_dev_get(dev); 1104 const struct in6_addr *saddr, *daddr; 1105 struct icmp6hdr *hdr; 1106 u8 type; 1107 1108 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) { 1109 struct sec_path *sp = skb_sec_path(skb); 1110 int nh; 1111 1112 if (!(sp && sp->xvec[sp->len - 1]->props.flags & 1113 XFRM_STATE_ICMP)) { 1114 reason = SKB_DROP_REASON_XFRM_POLICY; 1115 goto drop_no_count; 1116 } 1117 1118 if (!pskb_may_pull(skb, sizeof(*hdr) + sizeof(struct ipv6hdr))) 1119 goto drop_no_count; 1120 1121 nh = skb_network_offset(skb); 1122 skb_set_network_header(skb, sizeof(*hdr)); 1123 1124 if (!xfrm6_policy_check_reverse(NULL, XFRM_POLICY_IN, 1125 skb)) { 1126 reason = SKB_DROP_REASON_XFRM_POLICY; 1127 goto drop_no_count; 1128 } 1129 1130 skb_set_network_header(skb, nh); 1131 } 1132 1133 __ICMP6_INC_STATS(dev_net_rcu(dev), idev, ICMP6_MIB_INMSGS); 1134 1135 saddr = &ipv6_hdr(skb)->saddr; 1136 daddr = &ipv6_hdr(skb)->daddr; 1137 1138 if (skb_checksum_validate(skb, IPPROTO_ICMPV6, ip6_compute_pseudo)) { 1139 net_dbg_ratelimited("ICMPv6 checksum failed [%pI6c > %pI6c]\n", 1140 saddr, daddr); 1141 goto csum_error; 1142 } 1143 1144 if (!pskb_pull(skb, sizeof(*hdr))) 1145 goto discard_it; 1146 1147 hdr = icmp6_hdr(skb); 1148 1149 type = hdr->icmp6_type; 1150 1151 ICMP6MSGIN_INC_STATS(dev_net_rcu(dev), idev, type); 1152 1153 switch (type) { 1154 case ICMPV6_ECHO_REQUEST: 1155 if (!net->ipv6.sysctl.icmpv6_echo_ignore_all) 1156 reason = icmpv6_echo_reply(skb); 1157 break; 1158 case ICMPV6_EXT_ECHO_REQUEST: 1159 if (!net->ipv6.sysctl.icmpv6_echo_ignore_all && 1160 READ_ONCE(net->ipv4.sysctl_icmp_echo_enable_probe)) 1161 reason = icmpv6_echo_reply(skb); 1162 break; 1163 1164 case ICMPV6_ECHO_REPLY: 1165 case ICMPV6_EXT_ECHO_REPLY: 1166 ping_rcv(skb); 1167 return 0; 1168 1169 case ICMPV6_PKT_TOOBIG: 1170 /* BUGGG_FUTURE: if packet contains rthdr, we cannot update 1171 standard destination cache. Seems, only "advanced" 1172 destination cache will allow to solve this problem 1173 --ANK (980726) 1174 */ 1175 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) 1176 goto discard_it; 1177 hdr = icmp6_hdr(skb); 1178 1179 /* to notify */ 1180 fallthrough; 1181 case ICMPV6_DEST_UNREACH: 1182 case ICMPV6_TIME_EXCEED: 1183 case ICMPV6_PARAMPROB: 1184 reason = icmpv6_notify(skb, type, hdr->icmp6_code, 1185 hdr->icmp6_mtu); 1186 break; 1187 1188 case NDISC_ROUTER_SOLICITATION: 1189 case NDISC_ROUTER_ADVERTISEMENT: 1190 case NDISC_NEIGHBOUR_SOLICITATION: 1191 case NDISC_NEIGHBOUR_ADVERTISEMENT: 1192 case NDISC_REDIRECT: 1193 reason = ndisc_rcv(skb); 1194 break; 1195 1196 case ICMPV6_MGM_QUERY: 1197 igmp6_event_query(skb); 1198 return 0; 1199 1200 case ICMPV6_MGM_REPORT: 1201 igmp6_event_report(skb); 1202 return 0; 1203 1204 case ICMPV6_MGM_REDUCTION: 1205 case ICMPV6_NI_QUERY: 1206 case ICMPV6_NI_REPLY: 1207 case ICMPV6_MLD2_REPORT: 1208 case ICMPV6_DHAAD_REQUEST: 1209 case ICMPV6_DHAAD_REPLY: 1210 case ICMPV6_MOBILE_PREFIX_SOL: 1211 case ICMPV6_MOBILE_PREFIX_ADV: 1212 break; 1213 1214 default: 1215 /* informational */ 1216 if (type & ICMPV6_INFOMSG_MASK) 1217 break; 1218 1219 net_dbg_ratelimited("icmpv6: msg of unknown type [%pI6c > %pI6c]\n", 1220 saddr, daddr); 1221 1222 /* 1223 * error of unknown type. 1224 * must pass to upper level 1225 */ 1226 1227 reason = icmpv6_notify(skb, type, hdr->icmp6_code, 1228 hdr->icmp6_mtu); 1229 } 1230 1231 /* until the v6 path can be better sorted assume failure and 1232 * preserve the status quo behaviour for the rest of the paths to here 1233 */ 1234 if (reason) 1235 kfree_skb_reason(skb, reason); 1236 else 1237 consume_skb(skb); 1238 1239 return 0; 1240 1241 csum_error: 1242 reason = SKB_DROP_REASON_ICMP_CSUM; 1243 __ICMP6_INC_STATS(dev_net_rcu(dev), idev, ICMP6_MIB_CSUMERRORS); 1244 discard_it: 1245 __ICMP6_INC_STATS(dev_net_rcu(dev), idev, ICMP6_MIB_INERRORS); 1246 drop_no_count: 1247 kfree_skb_reason(skb, reason); 1248 return 0; 1249 } 1250 1251 void icmpv6_flow_init(const struct sock *sk, struct flowi6 *fl6, u8 type, 1252 const struct in6_addr *saddr, 1253 const struct in6_addr *daddr, int oif) 1254 { 1255 memset(fl6, 0, sizeof(*fl6)); 1256 fl6->saddr = *saddr; 1257 fl6->daddr = *daddr; 1258 fl6->flowi6_proto = IPPROTO_ICMPV6; 1259 fl6->fl6_icmp_type = type; 1260 fl6->fl6_icmp_code = 0; 1261 fl6->flowi6_oif = oif; 1262 security_sk_classify_flow(sk, flowi6_to_flowi_common(fl6)); 1263 } 1264 1265 int __init icmpv6_init(void) 1266 { 1267 struct sock *sk; 1268 int err, i; 1269 1270 for_each_possible_cpu(i) { 1271 err = inet_ctl_sock_create(&sk, PF_INET6, 1272 SOCK_RAW, IPPROTO_ICMPV6, &init_net); 1273 if (err < 0) { 1274 pr_err("Failed to initialize the ICMP6 control socket (err %d)\n", 1275 err); 1276 return err; 1277 } 1278 1279 per_cpu(ipv6_icmp_sk, i) = sk; 1280 1281 /* Enough space for 2 64K ICMP packets, including 1282 * sk_buff struct overhead. 1283 */ 1284 sk->sk_sndbuf = 2 * SKB_TRUESIZE(64 * 1024); 1285 } 1286 1287 err = -EAGAIN; 1288 if (inet6_add_protocol(&icmpv6_protocol, IPPROTO_ICMPV6) < 0) 1289 goto fail; 1290 1291 err = inet6_register_icmp_sender(icmp6_send); 1292 if (err) 1293 goto sender_reg_err; 1294 return 0; 1295 1296 sender_reg_err: 1297 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6); 1298 fail: 1299 pr_err("Failed to register ICMP6 protocol\n"); 1300 return err; 1301 } 1302 1303 void icmpv6_cleanup(void) 1304 { 1305 inet6_unregister_icmp_sender(icmp6_send); 1306 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6); 1307 } 1308 1309 1310 static const struct icmp6_err { 1311 int err; 1312 int fatal; 1313 } tab_unreach[] = { 1314 { /* NOROUTE */ 1315 .err = ENETUNREACH, 1316 .fatal = 0, 1317 }, 1318 { /* ADM_PROHIBITED */ 1319 .err = EACCES, 1320 .fatal = 1, 1321 }, 1322 { /* Was NOT_NEIGHBOUR, now reserved */ 1323 .err = EHOSTUNREACH, 1324 .fatal = 0, 1325 }, 1326 { /* ADDR_UNREACH */ 1327 .err = EHOSTUNREACH, 1328 .fatal = 0, 1329 }, 1330 { /* PORT_UNREACH */ 1331 .err = ECONNREFUSED, 1332 .fatal = 1, 1333 }, 1334 { /* POLICY_FAIL */ 1335 .err = EACCES, 1336 .fatal = 1, 1337 }, 1338 { /* REJECT_ROUTE */ 1339 .err = EACCES, 1340 .fatal = 1, 1341 }, 1342 }; 1343 1344 int icmpv6_err_convert(u8 type, u8 code, int *err) 1345 { 1346 int fatal = 0; 1347 1348 *err = EPROTO; 1349 1350 switch (type) { 1351 case ICMPV6_DEST_UNREACH: 1352 fatal = 1; 1353 if (code < ARRAY_SIZE(tab_unreach)) { 1354 *err = tab_unreach[code].err; 1355 fatal = tab_unreach[code].fatal; 1356 } 1357 break; 1358 1359 case ICMPV6_PKT_TOOBIG: 1360 *err = EMSGSIZE; 1361 break; 1362 1363 case ICMPV6_PARAMPROB: 1364 *err = EPROTO; 1365 fatal = 1; 1366 break; 1367 1368 case ICMPV6_TIME_EXCEED: 1369 *err = EHOSTUNREACH; 1370 break; 1371 } 1372 1373 return fatal; 1374 } 1375 EXPORT_SYMBOL(icmpv6_err_convert); 1376 1377 #ifdef CONFIG_SYSCTL 1378 1379 static u32 icmpv6_errors_extension_mask_all = 1380 GENMASK_U8(ICMP_ERR_EXT_COUNT - 1, 0); 1381 1382 static struct ctl_table ipv6_icmp_table_template[] = { 1383 { 1384 .procname = "ratelimit", 1385 .data = &init_net.ipv6.sysctl.icmpv6_time, 1386 .maxlen = sizeof(int), 1387 .mode = 0644, 1388 .proc_handler = proc_dointvec_ms_jiffies, 1389 }, 1390 { 1391 .procname = "echo_ignore_all", 1392 .data = &init_net.ipv6.sysctl.icmpv6_echo_ignore_all, 1393 .maxlen = sizeof(u8), 1394 .mode = 0644, 1395 .proc_handler = proc_dou8vec_minmax, 1396 }, 1397 { 1398 .procname = "echo_ignore_multicast", 1399 .data = &init_net.ipv6.sysctl.icmpv6_echo_ignore_multicast, 1400 .maxlen = sizeof(u8), 1401 .mode = 0644, 1402 .proc_handler = proc_dou8vec_minmax, 1403 }, 1404 { 1405 .procname = "echo_ignore_anycast", 1406 .data = &init_net.ipv6.sysctl.icmpv6_echo_ignore_anycast, 1407 .maxlen = sizeof(u8), 1408 .mode = 0644, 1409 .proc_handler = proc_dou8vec_minmax, 1410 }, 1411 { 1412 .procname = "ratemask", 1413 .data = &init_net.ipv6.sysctl.icmpv6_ratemask_ptr, 1414 .maxlen = ICMPV6_MSG_MAX + 1, 1415 .mode = 0644, 1416 .proc_handler = proc_do_large_bitmap, 1417 }, 1418 { 1419 .procname = "error_anycast_as_unicast", 1420 .data = &init_net.ipv6.sysctl.icmpv6_error_anycast_as_unicast, 1421 .maxlen = sizeof(u8), 1422 .mode = 0644, 1423 .proc_handler = proc_dou8vec_minmax, 1424 .extra1 = SYSCTL_ZERO, 1425 .extra2 = SYSCTL_ONE, 1426 }, 1427 { 1428 .procname = "errors_extension_mask", 1429 .data = &init_net.ipv6.sysctl.icmpv6_errors_extension_mask, 1430 .maxlen = sizeof(u8), 1431 .mode = 0644, 1432 .proc_handler = proc_dou8vec_minmax, 1433 .extra1 = SYSCTL_ZERO, 1434 .extra2 = &icmpv6_errors_extension_mask_all, 1435 }, 1436 }; 1437 1438 struct ctl_table * __net_init ipv6_icmp_sysctl_init(struct net *net) 1439 { 1440 struct ctl_table *table; 1441 1442 table = kmemdup(ipv6_icmp_table_template, 1443 sizeof(ipv6_icmp_table_template), 1444 GFP_KERNEL); 1445 1446 if (table) { 1447 table[0].data = &net->ipv6.sysctl.icmpv6_time; 1448 table[1].data = &net->ipv6.sysctl.icmpv6_echo_ignore_all; 1449 table[2].data = &net->ipv6.sysctl.icmpv6_echo_ignore_multicast; 1450 table[3].data = &net->ipv6.sysctl.icmpv6_echo_ignore_anycast; 1451 table[4].data = &net->ipv6.sysctl.icmpv6_ratemask_ptr; 1452 table[5].data = &net->ipv6.sysctl.icmpv6_error_anycast_as_unicast; 1453 table[6].data = &net->ipv6.sysctl.icmpv6_errors_extension_mask; 1454 } 1455 return table; 1456 } 1457 1458 size_t ipv6_icmp_sysctl_table_size(void) 1459 { 1460 return ARRAY_SIZE(ipv6_icmp_table_template); 1461 } 1462 #endif 1463