1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Internet Control Message Protocol (ICMPv6) 4 * Linux INET6 implementation 5 * 6 * Authors: 7 * Pedro Roque <roque@di.fc.ul.pt> 8 * 9 * Based on net/ipv4/icmp.c 10 * 11 * RFC 1885 12 */ 13 14 /* 15 * Changes: 16 * 17 * Andi Kleen : exception handling 18 * Andi Kleen add rate limits. never reply to a icmp. 19 * add more length checks and other fixes. 20 * yoshfuji : ensure to sent parameter problem for 21 * fragments. 22 * YOSHIFUJI Hideaki @USAGI: added sysctl for icmp rate limit. 23 * Randy Dunlap and 24 * YOSHIFUJI Hideaki @USAGI: Per-interface statistics support 25 * Kazunori MIYAZAWA @USAGI: change output process to use ip6_append_data 26 */ 27 28 #define pr_fmt(fmt) "IPv6: " fmt 29 30 #include <linux/module.h> 31 #include <linux/errno.h> 32 #include <linux/types.h> 33 #include <linux/socket.h> 34 #include <linux/in.h> 35 #include <linux/kernel.h> 36 #include <linux/sockios.h> 37 #include <linux/net.h> 38 #include <linux/skbuff.h> 39 #include <linux/init.h> 40 #include <linux/netfilter.h> 41 #include <linux/slab.h> 42 43 #ifdef CONFIG_SYSCTL 44 #include <linux/sysctl.h> 45 #endif 46 47 #include <linux/inet.h> 48 #include <linux/netdevice.h> 49 #include <linux/icmpv6.h> 50 51 #include <net/ip.h> 52 #include <net/sock.h> 53 54 #include <net/ipv6.h> 55 #include <net/ip6_checksum.h> 56 #include <net/ping.h> 57 #include <net/protocol.h> 58 #include <net/raw.h> 59 #include <net/rawv6.h> 60 #include <net/seg6.h> 61 #include <net/transp_v6.h> 62 #include <net/ip6_route.h> 63 #include <net/addrconf.h> 64 #include <net/icmp.h> 65 #include <net/xfrm.h> 66 #include <net/inet_common.h> 67 #include <net/dsfield.h> 68 #include <net/l3mdev.h> 69 70 #include <linux/uaccess.h> 71 72 static DEFINE_PER_CPU(struct sock *, ipv6_icmp_sk); 73 74 static int icmpv6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, 75 u8 type, u8 code, int offset, __be32 info) 76 { 77 /* icmpv6_notify checks 8 bytes can be pulled, icmp6hdr is 8 bytes */ 78 struct icmp6hdr *icmp6 = (struct icmp6hdr *) (skb->data + offset); 79 struct net *net = dev_net_rcu(skb->dev); 80 81 if (type == ICMPV6_PKT_TOOBIG) 82 ip6_update_pmtu(skb, net, info, skb->dev->ifindex, 0, sock_net_uid(net, NULL)); 83 else if (type == NDISC_REDIRECT) 84 ip6_redirect(skb, net, skb->dev->ifindex, 0, 85 sock_net_uid(net, NULL)); 86 87 if (!(type & ICMPV6_INFOMSG_MASK)) 88 if (icmp6->icmp6_type == ICMPV6_ECHO_REQUEST) 89 ping_err(skb, offset, ntohl(info)); 90 91 return 0; 92 } 93 94 static int icmpv6_rcv(struct sk_buff *skb); 95 96 static const struct inet6_protocol icmpv6_protocol = { 97 .handler = icmpv6_rcv, 98 .err_handler = icmpv6_err, 99 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL, 100 }; 101 102 /* Called with BH disabled */ 103 static struct sock *icmpv6_xmit_lock(struct net *net) 104 { 105 struct sock *sk; 106 107 sk = this_cpu_read(ipv6_icmp_sk); 108 if (unlikely(!spin_trylock(&sk->sk_lock.slock))) { 109 /* This can happen if the output path (f.e. SIT or 110 * ip6ip6 tunnel) signals dst_link_failure() for an 111 * outgoing ICMP6 packet. 112 */ 113 return NULL; 114 } 115 sock_net_set(sk, net); 116 return sk; 117 } 118 119 static void icmpv6_xmit_unlock(struct sock *sk) 120 { 121 sock_net_set(sk, &init_net); 122 spin_unlock(&sk->sk_lock.slock); 123 } 124 125 /* 126 * Figure out, may we reply to this packet with icmp error. 127 * 128 * We do not reply, if: 129 * - it was icmp error message. 130 * - it is truncated, so that it is known, that protocol is ICMPV6 131 * (i.e. in the middle of some exthdr) 132 * 133 * --ANK (980726) 134 */ 135 136 static bool is_ineligible(const struct sk_buff *skb) 137 { 138 int ptr = (u8 *)(ipv6_hdr(skb) + 1) - skb->data; 139 int len = skb->len - ptr; 140 __u8 nexthdr = ipv6_hdr(skb)->nexthdr; 141 __be16 frag_off; 142 143 if (len < 0) 144 return true; 145 146 ptr = ipv6_skip_exthdr(skb, ptr, &nexthdr, &frag_off); 147 if (ptr < 0) 148 return false; 149 if (nexthdr == IPPROTO_ICMPV6) { 150 u8 _type, *tp; 151 tp = skb_header_pointer(skb, 152 ptr+offsetof(struct icmp6hdr, icmp6_type), 153 sizeof(_type), &_type); 154 155 /* Based on RFC 8200, Section 4.5 Fragment Header, return 156 * false if this is a fragment packet with no icmp header info. 157 */ 158 if (!tp && frag_off != 0) 159 return false; 160 else if (!tp || !(*tp & ICMPV6_INFOMSG_MASK)) 161 return true; 162 } 163 return false; 164 } 165 166 static bool icmpv6_mask_allow(struct net *net, int type) 167 { 168 if (type > ICMPV6_MSG_MAX) 169 return true; 170 171 /* Limit if icmp type is set in ratemask. */ 172 if (!test_bit(type, net->ipv6.sysctl.icmpv6_ratemask)) 173 return true; 174 175 return false; 176 } 177 178 static bool icmpv6_global_allow(struct net *net, int type, 179 bool *apply_ratelimit) 180 { 181 if (icmpv6_mask_allow(net, type)) 182 return true; 183 184 if (icmp_global_allow(net)) { 185 *apply_ratelimit = true; 186 return true; 187 } 188 __ICMP_INC_STATS(net, ICMP_MIB_RATELIMITGLOBAL); 189 return false; 190 } 191 192 /* 193 * Check the ICMP output rate limit 194 */ 195 static bool icmpv6_xrlim_allow(struct sock *sk, u8 type, 196 struct flowi6 *fl6, bool apply_ratelimit) 197 { 198 struct net *net = sock_net(sk); 199 struct net_device *dev; 200 struct dst_entry *dst; 201 bool res = false; 202 203 if (!apply_ratelimit) 204 return true; 205 206 /* 207 * Look up the output route. 208 * XXX: perhaps the expire for routing entries cloned by 209 * this lookup should be more aggressive (not longer than timeout). 210 */ 211 dst = ip6_route_output(net, sk, fl6); 212 rcu_read_lock(); 213 dev = dst_dev_rcu(dst); 214 if (dst->error) { 215 IP6_INC_STATS(net, ip6_dst_idev(dst), 216 IPSTATS_MIB_OUTNOROUTES); 217 } else if (dev && (dev->flags & IFF_LOOPBACK)) { 218 res = true; 219 } else { 220 struct rt6_info *rt = dst_rt6_info(dst); 221 int tmo = net->ipv6.sysctl.icmpv6_time; 222 struct inet_peer *peer; 223 224 /* Give more bandwidth to wider prefixes. */ 225 if (rt->rt6i_dst.plen < 128) 226 tmo >>= ((128 - rt->rt6i_dst.plen)>>5); 227 228 peer = inet_getpeer_v6(net->ipv6.peers, &fl6->daddr); 229 res = inet_peer_xrlim_allow(peer, tmo); 230 } 231 rcu_read_unlock(); 232 if (!res) 233 __ICMP6_INC_STATS(net, NULL, ICMP6_MIB_RATELIMITHOST); 234 else 235 icmp_global_consume(net); 236 dst_release(dst); 237 return res; 238 } 239 240 static bool icmpv6_rt_has_prefsrc(struct sock *sk, u8 type, 241 struct flowi6 *fl6) 242 { 243 struct net *net = sock_net(sk); 244 struct dst_entry *dst; 245 bool res = false; 246 247 dst = ip6_route_output(net, sk, fl6); 248 if (!dst->error) { 249 struct rt6_info *rt = dst_rt6_info(dst); 250 struct in6_addr prefsrc; 251 252 rt6_get_prefsrc(rt, &prefsrc); 253 res = !ipv6_addr_any(&prefsrc); 254 } 255 dst_release(dst); 256 return res; 257 } 258 259 /* 260 * an inline helper for the "simple" if statement below 261 * checks if parameter problem report is caused by an 262 * unrecognized IPv6 option that has the Option Type 263 * highest-order two bits set to 10 264 */ 265 266 static bool opt_unrec(struct sk_buff *skb, __u32 offset) 267 { 268 u8 _optval, *op; 269 270 offset += skb_network_offset(skb); 271 op = skb_header_pointer(skb, offset, sizeof(_optval), &_optval); 272 if (!op) 273 return true; 274 return (*op & 0xC0) == 0x80; 275 } 276 277 void icmpv6_push_pending_frames(struct sock *sk, struct flowi6 *fl6, 278 struct icmp6hdr *thdr, int len) 279 { 280 struct sk_buff *skb; 281 struct icmp6hdr *icmp6h; 282 283 skb = skb_peek(&sk->sk_write_queue); 284 if (!skb) 285 return; 286 287 icmp6h = icmp6_hdr(skb); 288 memcpy(icmp6h, thdr, sizeof(struct icmp6hdr)); 289 icmp6h->icmp6_cksum = 0; 290 291 if (skb_queue_len(&sk->sk_write_queue) == 1) { 292 skb->csum = csum_partial(icmp6h, 293 sizeof(struct icmp6hdr), skb->csum); 294 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr, 295 &fl6->daddr, 296 len, fl6->flowi6_proto, 297 skb->csum); 298 } else { 299 __wsum tmp_csum = 0; 300 301 skb_queue_walk(&sk->sk_write_queue, skb) { 302 tmp_csum = csum_add(tmp_csum, skb->csum); 303 } 304 305 tmp_csum = csum_partial(icmp6h, 306 sizeof(struct icmp6hdr), tmp_csum); 307 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr, 308 &fl6->daddr, 309 len, fl6->flowi6_proto, 310 tmp_csum); 311 } 312 ip6_push_pending_frames(sk); 313 } 314 315 struct icmpv6_msg { 316 struct sk_buff *skb; 317 int offset; 318 uint8_t type; 319 }; 320 321 static int icmpv6_getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb) 322 { 323 struct icmpv6_msg *msg = (struct icmpv6_msg *) from; 324 struct sk_buff *org_skb = msg->skb; 325 __wsum csum; 326 327 csum = skb_copy_and_csum_bits(org_skb, msg->offset + offset, 328 to, len); 329 skb->csum = csum_block_add(skb->csum, csum, odd); 330 if (!(msg->type & ICMPV6_INFOMSG_MASK)) 331 nf_ct_attach(skb, org_skb); 332 return 0; 333 } 334 335 #if IS_ENABLED(CONFIG_IPV6_MIP6) 336 static void mip6_addr_swap(struct sk_buff *skb, const struct inet6_skb_parm *opt) 337 { 338 struct ipv6hdr *iph = ipv6_hdr(skb); 339 struct ipv6_destopt_hao *hao; 340 int off; 341 342 if (opt->dsthao) { 343 off = ipv6_find_tlv(skb, opt->dsthao, IPV6_TLV_HAO); 344 if (likely(off >= 0)) { 345 hao = (struct ipv6_destopt_hao *) 346 (skb_network_header(skb) + off); 347 swap(iph->saddr, hao->addr); 348 } 349 } 350 } 351 #else 352 static inline void mip6_addr_swap(struct sk_buff *skb, const struct inet6_skb_parm *opt) {} 353 #endif 354 355 static struct dst_entry *icmpv6_route_lookup(struct net *net, 356 struct sk_buff *skb, 357 struct sock *sk, 358 struct flowi6 *fl6) 359 { 360 struct dst_entry *dst, *dst2; 361 struct flowi6 fl2; 362 int err; 363 364 err = ip6_dst_lookup(net, sk, &dst, fl6); 365 if (err) 366 return ERR_PTR(err); 367 368 /* 369 * We won't send icmp if the destination is known 370 * anycast unless we need to treat anycast as unicast. 371 */ 372 if (!READ_ONCE(net->ipv6.sysctl.icmpv6_error_anycast_as_unicast) && 373 ipv6_anycast_destination(dst, &fl6->daddr)) { 374 net_dbg_ratelimited("icmp6_send: acast source\n"); 375 dst_release(dst); 376 return ERR_PTR(-EINVAL); 377 } 378 379 /* No need to clone since we're just using its address. */ 380 dst2 = dst; 381 382 dst = xfrm_lookup(net, dst, flowi6_to_flowi(fl6), sk, 0); 383 if (!IS_ERR(dst)) { 384 if (dst != dst2) 385 return dst; 386 } else { 387 if (PTR_ERR(dst) == -EPERM) 388 dst = NULL; 389 else 390 return dst; 391 } 392 393 err = xfrm_decode_session_reverse(net, skb, flowi6_to_flowi(&fl2), AF_INET6); 394 if (err) 395 goto relookup_failed; 396 397 err = ip6_dst_lookup(net, sk, &dst2, &fl2); 398 if (err) 399 goto relookup_failed; 400 401 dst2 = xfrm_lookup(net, dst2, flowi6_to_flowi(&fl2), sk, XFRM_LOOKUP_ICMP); 402 if (!IS_ERR(dst2)) { 403 dst_release(dst); 404 dst = dst2; 405 } else { 406 err = PTR_ERR(dst2); 407 if (err == -EPERM) { 408 dst_release(dst); 409 return dst2; 410 } else 411 goto relookup_failed; 412 } 413 414 relookup_failed: 415 if (dst) 416 return dst; 417 return ERR_PTR(err); 418 } 419 420 static struct net_device *icmp6_dev(const struct sk_buff *skb) 421 { 422 struct net_device *dev = skb->dev; 423 424 /* for local traffic to local address, skb dev is the loopback 425 * device. Check if there is a dst attached to the skb and if so 426 * get the real device index. Same is needed for replies to a link 427 * local address on a device enslaved to an L3 master device 428 */ 429 if (unlikely(dev->ifindex == LOOPBACK_IFINDEX || netif_is_l3_master(skb->dev))) { 430 const struct rt6_info *rt6 = skb_rt6_info(skb); 431 432 /* The destination could be an external IP in Ext Hdr (SRv6, RPL, etc.), 433 * and ip6_null_entry could be set to skb if no route is found. 434 */ 435 if (rt6 && rt6->rt6i_idev) 436 dev = rt6->rt6i_idev->dev; 437 } 438 439 return dev; 440 } 441 442 static int icmp6_iif(const struct sk_buff *skb) 443 { 444 return icmp6_dev(skb)->ifindex; 445 } 446 447 struct icmp6_ext_iio_addr6_subobj { 448 __be16 afi; 449 __be16 reserved; 450 struct in6_addr addr6; 451 }; 452 453 static unsigned int icmp6_ext_iio_len(void) 454 { 455 return sizeof(struct icmp_extobj_hdr) + 456 /* ifIndex */ 457 sizeof(__be32) + 458 /* Interface Address Sub-Object */ 459 sizeof(struct icmp6_ext_iio_addr6_subobj) + 460 /* Interface Name Sub-Object. Length must be a multiple of 4 461 * bytes. 462 */ 463 ALIGN(sizeof(struct icmp_ext_iio_name_subobj), 4) + 464 /* MTU */ 465 sizeof(__be32); 466 } 467 468 static unsigned int icmp6_ext_max_len(u8 ext_objs) 469 { 470 unsigned int ext_max_len; 471 472 ext_max_len = sizeof(struct icmp_ext_hdr); 473 474 if (ext_objs & BIT(ICMP_ERR_EXT_IIO_IIF)) 475 ext_max_len += icmp6_ext_iio_len(); 476 477 return ext_max_len; 478 } 479 480 static struct in6_addr *icmp6_ext_iio_addr6_find(const struct net_device *dev) 481 { 482 struct inet6_dev *in6_dev; 483 struct inet6_ifaddr *ifa; 484 485 in6_dev = __in6_dev_get(dev); 486 if (!in6_dev) 487 return NULL; 488 489 /* It is unclear from RFC 5837 which IP address should be chosen, but 490 * it makes sense to choose a global unicast address. 491 */ 492 list_for_each_entry_rcu(ifa, &in6_dev->addr_list, if_list) { 493 if (ifa->flags & (IFA_F_TENTATIVE | IFA_F_DADFAILED)) 494 continue; 495 if (ipv6_addr_type(&ifa->addr) != IPV6_ADDR_UNICAST || 496 ipv6_addr_src_scope(&ifa->addr) != IPV6_ADDR_SCOPE_GLOBAL) 497 continue; 498 return &ifa->addr; 499 } 500 501 return NULL; 502 } 503 504 static void icmp6_ext_iio_iif_append(struct net *net, struct sk_buff *skb, 505 int iif) 506 { 507 struct icmp_ext_iio_name_subobj *name_subobj; 508 struct icmp_extobj_hdr *objh; 509 struct net_device *dev; 510 struct in6_addr *addr6; 511 __be32 data; 512 513 if (!iif) 514 return; 515 516 /* Add the fields in the order specified by RFC 5837. */ 517 objh = skb_put(skb, sizeof(*objh)); 518 objh->class_num = ICMP_EXT_OBJ_CLASS_IIO; 519 objh->class_type = ICMP_EXT_CTYPE_IIO_ROLE(ICMP_EXT_CTYPE_IIO_ROLE_IIF); 520 521 data = htonl(iif); 522 skb_put_data(skb, &data, sizeof(__be32)); 523 objh->class_type |= ICMP_EXT_CTYPE_IIO_IFINDEX; 524 525 rcu_read_lock(); 526 527 dev = dev_get_by_index_rcu(net, iif); 528 if (!dev) 529 goto out; 530 531 addr6 = icmp6_ext_iio_addr6_find(dev); 532 if (addr6) { 533 struct icmp6_ext_iio_addr6_subobj *addr6_subobj; 534 535 addr6_subobj = skb_put_zero(skb, sizeof(*addr6_subobj)); 536 addr6_subobj->afi = htons(ICMP_AFI_IP6); 537 addr6_subobj->addr6 = *addr6; 538 objh->class_type |= ICMP_EXT_CTYPE_IIO_IPADDR; 539 } 540 541 name_subobj = skb_put_zero(skb, ALIGN(sizeof(*name_subobj), 4)); 542 name_subobj->len = ALIGN(sizeof(*name_subobj), 4); 543 netdev_copy_name(dev, name_subobj->name); 544 objh->class_type |= ICMP_EXT_CTYPE_IIO_NAME; 545 546 data = htonl(READ_ONCE(dev->mtu)); 547 skb_put_data(skb, &data, sizeof(__be32)); 548 objh->class_type |= ICMP_EXT_CTYPE_IIO_MTU; 549 550 out: 551 rcu_read_unlock(); 552 objh->length = htons(skb_tail_pointer(skb) - (unsigned char *)objh); 553 } 554 555 static void icmp6_ext_objs_append(struct net *net, struct sk_buff *skb, 556 u8 ext_objs, int iif) 557 { 558 if (ext_objs & BIT(ICMP_ERR_EXT_IIO_IIF)) 559 icmp6_ext_iio_iif_append(net, skb, iif); 560 } 561 562 static struct sk_buff * 563 icmp6_ext_append(struct net *net, struct sk_buff *skb_in, 564 struct icmp6hdr *icmp6h, unsigned int room, int iif) 565 { 566 unsigned int payload_len, ext_max_len, ext_len; 567 struct icmp_ext_hdr *ext_hdr; 568 struct sk_buff *skb; 569 u8 ext_objs; 570 int nhoff; 571 572 switch (icmp6h->icmp6_type) { 573 case ICMPV6_DEST_UNREACH: 574 case ICMPV6_TIME_EXCEED: 575 break; 576 default: 577 return NULL; 578 } 579 580 /* Do not overwrite existing extensions. This can happen when we 581 * receive an ICMPv4 message with extensions from a tunnel and 582 * translate it to an ICMPv6 message towards an IPv6 host in the 583 * overlay network. 584 */ 585 if (icmp6h->icmp6_datagram_len) 586 return NULL; 587 588 ext_objs = READ_ONCE(net->ipv6.sysctl.icmpv6_errors_extension_mask); 589 if (!ext_objs) 590 return NULL; 591 592 ext_max_len = icmp6_ext_max_len(ext_objs); 593 if (ICMP_EXT_ORIG_DGRAM_MIN_LEN + ext_max_len > room) 594 return NULL; 595 596 skb = skb_clone(skb_in, GFP_ATOMIC); 597 if (!skb) 598 return NULL; 599 600 nhoff = skb_network_offset(skb); 601 payload_len = min(skb->len - nhoff, ICMP_EXT_ORIG_DGRAM_MIN_LEN); 602 603 if (!pskb_network_may_pull(skb, payload_len)) 604 goto free_skb; 605 606 if (pskb_trim(skb, nhoff + ICMP_EXT_ORIG_DGRAM_MIN_LEN) || 607 __skb_put_padto(skb, nhoff + ICMP_EXT_ORIG_DGRAM_MIN_LEN, false)) 608 goto free_skb; 609 610 if (pskb_expand_head(skb, 0, ext_max_len, GFP_ATOMIC)) 611 goto free_skb; 612 613 ext_hdr = skb_put_zero(skb, sizeof(*ext_hdr)); 614 ext_hdr->version = ICMP_EXT_VERSION_2; 615 616 icmp6_ext_objs_append(net, skb, ext_objs, iif); 617 618 /* Do not send an empty extension structure. */ 619 ext_len = skb_tail_pointer(skb) - (unsigned char *)ext_hdr; 620 if (ext_len == sizeof(*ext_hdr)) 621 goto free_skb; 622 623 ext_hdr->checksum = ip_compute_csum(ext_hdr, ext_len); 624 /* The length of the original datagram in 64-bit words (RFC 4884). */ 625 icmp6h->icmp6_datagram_len = ICMP_EXT_ORIG_DGRAM_MIN_LEN / sizeof(u64); 626 627 return skb; 628 629 free_skb: 630 consume_skb(skb); 631 return NULL; 632 } 633 634 /* 635 * Send an ICMP message in response to a packet in error 636 */ 637 void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info, 638 const struct in6_addr *force_saddr, 639 const struct inet6_skb_parm *parm) 640 { 641 struct inet6_dev *idev = NULL; 642 struct ipv6hdr *hdr = ipv6_hdr(skb); 643 struct sock *sk; 644 struct net *net; 645 struct ipv6_pinfo *np; 646 const struct in6_addr *saddr = NULL; 647 bool apply_ratelimit = false; 648 struct sk_buff *ext_skb; 649 struct dst_entry *dst; 650 unsigned int room; 651 struct icmp6hdr tmp_hdr; 652 struct flowi6 fl6; 653 struct icmpv6_msg msg; 654 struct ipcm6_cookie ipc6; 655 int iif = 0; 656 int addr_type = 0; 657 int len; 658 u32 mark; 659 660 if ((u8 *)hdr < skb->head || 661 (skb_network_header(skb) + sizeof(*hdr)) > skb_tail_pointer(skb)) 662 return; 663 664 if (!skb->dev) 665 return; 666 667 rcu_read_lock(); 668 669 net = dev_net_rcu(skb->dev); 670 mark = IP6_REPLY_MARK(net, skb->mark); 671 /* 672 * Make sure we respect the rules 673 * i.e. RFC 1885 2.4(e) 674 * Rule (e.1) is enforced by not using icmp6_send 675 * in any code that processes icmp errors. 676 */ 677 addr_type = ipv6_addr_type(&hdr->daddr); 678 679 if (ipv6_chk_addr(net, &hdr->daddr, skb->dev, 0) || 680 ipv6_chk_acast_addr_src(net, skb->dev, &hdr->daddr)) 681 saddr = &hdr->daddr; 682 683 /* 684 * Dest addr check 685 */ 686 687 if (addr_type & IPV6_ADDR_MULTICAST || skb->pkt_type != PACKET_HOST) { 688 if (type != ICMPV6_PKT_TOOBIG && 689 !(type == ICMPV6_PARAMPROB && 690 code == ICMPV6_UNK_OPTION && 691 (opt_unrec(skb, info)))) 692 goto out; 693 694 saddr = NULL; 695 } 696 697 addr_type = ipv6_addr_type(&hdr->saddr); 698 699 /* 700 * Source addr check 701 */ 702 703 if (__ipv6_addr_needs_scope_id(addr_type)) { 704 iif = icmp6_iif(skb); 705 } else { 706 /* 707 * The source device is used for looking up which routing table 708 * to use for sending an ICMP error. 709 */ 710 iif = l3mdev_master_ifindex(skb->dev); 711 } 712 713 /* 714 * Must not send error if the source does not uniquely 715 * identify a single node (RFC2463 Section 2.4). 716 * We check unspecified / multicast addresses here, 717 * and anycast addresses will be checked later. 718 */ 719 if ((addr_type == IPV6_ADDR_ANY) || (addr_type & IPV6_ADDR_MULTICAST)) { 720 net_dbg_ratelimited("icmp6_send: addr_any/mcast source [%pI6c > %pI6c]\n", 721 &hdr->saddr, &hdr->daddr); 722 goto out; 723 } 724 725 /* 726 * Never answer to a ICMP packet. 727 */ 728 if (is_ineligible(skb)) { 729 net_dbg_ratelimited("icmp6_send: no reply to icmp error [%pI6c > %pI6c]\n", 730 &hdr->saddr, &hdr->daddr); 731 goto out; 732 } 733 734 /* Needed by both icmpv6_global_allow and icmpv6_xmit_lock */ 735 local_bh_disable(); 736 737 /* Check global sysctl_icmp_msgs_per_sec ratelimit */ 738 if (!(skb->dev->flags & IFF_LOOPBACK) && 739 !icmpv6_global_allow(net, type, &apply_ratelimit)) 740 goto out_bh_enable; 741 742 mip6_addr_swap(skb, parm); 743 744 sk = icmpv6_xmit_lock(net); 745 if (!sk) 746 goto out_bh_enable; 747 748 memset(&fl6, 0, sizeof(fl6)); 749 fl6.flowi6_proto = IPPROTO_ICMPV6; 750 fl6.daddr = hdr->saddr; 751 if (force_saddr) 752 saddr = force_saddr; 753 if (saddr) { 754 fl6.saddr = *saddr; 755 } else if (!icmpv6_rt_has_prefsrc(sk, type, &fl6)) { 756 /* select a more meaningful saddr from input if */ 757 struct net_device *in_netdev; 758 759 in_netdev = dev_get_by_index(net, parm->iif); 760 if (in_netdev) { 761 ipv6_dev_get_saddr(net, in_netdev, &fl6.daddr, 762 inet6_sk(sk)->srcprefs, 763 &fl6.saddr); 764 dev_put(in_netdev); 765 } 766 } 767 fl6.flowi6_mark = mark; 768 fl6.flowi6_oif = iif; 769 fl6.fl6_icmp_type = type; 770 fl6.fl6_icmp_code = code; 771 fl6.flowi6_uid = sock_net_uid(net, NULL); 772 fl6.mp_hash = rt6_multipath_hash(net, &fl6, skb, NULL); 773 security_skb_classify_flow(skb, flowi6_to_flowi_common(&fl6)); 774 775 np = inet6_sk(sk); 776 777 if (!icmpv6_xrlim_allow(sk, type, &fl6, apply_ratelimit)) 778 goto out_unlock; 779 780 tmp_hdr.icmp6_type = type; 781 tmp_hdr.icmp6_code = code; 782 tmp_hdr.icmp6_cksum = 0; 783 tmp_hdr.icmp6_pointer = htonl(info); 784 785 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr)) 786 fl6.flowi6_oif = READ_ONCE(np->mcast_oif); 787 else if (!fl6.flowi6_oif) 788 fl6.flowi6_oif = READ_ONCE(np->ucast_oif); 789 790 ipcm6_init_sk(&ipc6, sk); 791 ipc6.sockc.mark = mark; 792 fl6.flowlabel = ip6_make_flowinfo(ipc6.tclass, fl6.flowlabel); 793 794 dst = icmpv6_route_lookup(net, skb, sk, &fl6); 795 if (IS_ERR(dst)) 796 goto out_unlock; 797 798 ipc6.hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst); 799 800 msg.skb = skb; 801 msg.offset = skb_network_offset(skb); 802 msg.type = type; 803 804 room = IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(struct icmp6hdr); 805 ext_skb = icmp6_ext_append(net, skb, &tmp_hdr, room, parm->iif); 806 if (ext_skb) 807 msg.skb = ext_skb; 808 809 len = msg.skb->len - msg.offset; 810 len = min_t(unsigned int, len, room); 811 if (len < 0) { 812 net_dbg_ratelimited("icmp: len problem [%pI6c > %pI6c]\n", 813 &hdr->saddr, &hdr->daddr); 814 goto out_dst_release; 815 } 816 817 idev = __in6_dev_get(skb->dev); 818 819 if (ip6_append_data(sk, icmpv6_getfrag, &msg, 820 len + sizeof(struct icmp6hdr), 821 sizeof(struct icmp6hdr), 822 &ipc6, &fl6, dst_rt6_info(dst), 823 MSG_DONTWAIT)) { 824 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTERRORS); 825 ip6_flush_pending_frames(sk); 826 } else { 827 icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr, 828 len + sizeof(struct icmp6hdr)); 829 } 830 831 out_dst_release: 832 if (ext_skb) 833 consume_skb(ext_skb); 834 dst_release(dst); 835 out_unlock: 836 icmpv6_xmit_unlock(sk); 837 out_bh_enable: 838 local_bh_enable(); 839 out: 840 rcu_read_unlock(); 841 } 842 EXPORT_SYMBOL(icmp6_send); 843 844 /* Slightly more convenient version of icmp6_send with drop reasons. 845 */ 846 void icmpv6_param_prob_reason(struct sk_buff *skb, u8 code, int pos, 847 enum skb_drop_reason reason) 848 { 849 icmp6_send(skb, ICMPV6_PARAMPROB, code, pos, NULL, IP6CB(skb)); 850 kfree_skb_reason(skb, reason); 851 } 852 853 /* Generate icmpv6 with type/code ICMPV6_DEST_UNREACH/ICMPV6_ADDR_UNREACH 854 * if sufficient data bytes are available 855 * @nhs is the size of the tunnel header(s) : 856 * Either an IPv4 header for SIT encap 857 * an IPv4 header + GRE header for GRE encap 858 */ 859 int ip6_err_gen_icmpv6_unreach(struct sk_buff *skb, int nhs, int type, 860 unsigned int data_len) 861 { 862 struct in6_addr temp_saddr; 863 struct rt6_info *rt; 864 struct sk_buff *skb2; 865 u32 info = 0; 866 867 if (!pskb_may_pull(skb, nhs + sizeof(struct ipv6hdr) + 8)) 868 return 1; 869 870 /* RFC 4884 (partial) support for ICMP extensions */ 871 if (data_len < 128 || (data_len & 7) || skb->len < data_len) 872 data_len = 0; 873 874 skb2 = data_len ? skb_copy(skb, GFP_ATOMIC) : skb_clone(skb, GFP_ATOMIC); 875 876 if (!skb2) 877 return 1; 878 879 skb_dst_drop(skb2); 880 skb_pull(skb2, nhs); 881 skb_reset_network_header(skb2); 882 883 rt = rt6_lookup(dev_net_rcu(skb->dev), &ipv6_hdr(skb2)->saddr, 884 NULL, 0, skb, 0); 885 886 if (rt && rt->dst.dev) 887 skb2->dev = rt->dst.dev; 888 889 ipv6_addr_set_v4mapped(ip_hdr(skb)->saddr, &temp_saddr); 890 891 if (data_len) { 892 /* RFC 4884 (partial) support : 893 * insert 0 padding at the end, before the extensions 894 */ 895 __skb_push(skb2, nhs); 896 skb_reset_network_header(skb2); 897 memmove(skb2->data, skb2->data + nhs, data_len - nhs); 898 memset(skb2->data + data_len - nhs, 0, nhs); 899 /* RFC 4884 4.5 : Length is measured in 64-bit words, 900 * and stored in reserved[0] 901 */ 902 info = (data_len/8) << 24; 903 } 904 if (type == ICMP_TIME_EXCEEDED) 905 icmp6_send(skb2, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT, 906 info, &temp_saddr, IP6CB(skb2)); 907 else 908 icmp6_send(skb2, ICMPV6_DEST_UNREACH, ICMPV6_ADDR_UNREACH, 909 info, &temp_saddr, IP6CB(skb2)); 910 if (rt) 911 ip6_rt_put(rt); 912 913 kfree_skb(skb2); 914 915 return 0; 916 } 917 EXPORT_SYMBOL(ip6_err_gen_icmpv6_unreach); 918 919 static enum skb_drop_reason icmpv6_echo_reply(struct sk_buff *skb) 920 { 921 struct net *net = dev_net_rcu(skb->dev); 922 struct sock *sk; 923 struct inet6_dev *idev; 924 struct ipv6_pinfo *np; 925 const struct in6_addr *saddr = NULL; 926 struct icmp6hdr *icmph = icmp6_hdr(skb); 927 bool apply_ratelimit = false; 928 struct icmp6hdr tmp_hdr; 929 struct flowi6 fl6; 930 struct icmpv6_msg msg; 931 struct dst_entry *dst; 932 struct ipcm6_cookie ipc6; 933 u32 mark = IP6_REPLY_MARK(net, skb->mark); 934 SKB_DR(reason); 935 bool acast; 936 u8 type; 937 938 if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr) && 939 net->ipv6.sysctl.icmpv6_echo_ignore_multicast) 940 return reason; 941 942 saddr = &ipv6_hdr(skb)->daddr; 943 944 acast = ipv6_anycast_destination(skb_dst(skb), saddr); 945 if (acast && net->ipv6.sysctl.icmpv6_echo_ignore_anycast) 946 return reason; 947 948 if (!ipv6_unicast_destination(skb) && 949 !(net->ipv6.sysctl.anycast_src_echo_reply && acast)) 950 saddr = NULL; 951 952 if (icmph->icmp6_type == ICMPV6_EXT_ECHO_REQUEST) 953 type = ICMPV6_EXT_ECHO_REPLY; 954 else 955 type = ICMPV6_ECHO_REPLY; 956 957 memcpy(&tmp_hdr, icmph, sizeof(tmp_hdr)); 958 tmp_hdr.icmp6_type = type; 959 960 memset(&fl6, 0, sizeof(fl6)); 961 if (READ_ONCE(net->ipv6.sysctl.flowlabel_reflect) & 962 FLOWLABEL_REFLECT_ICMPV6_ECHO_REPLIES) 963 fl6.flowlabel = ip6_flowlabel(ipv6_hdr(skb)); 964 965 fl6.flowi6_proto = IPPROTO_ICMPV6; 966 fl6.daddr = ipv6_hdr(skb)->saddr; 967 if (saddr) 968 fl6.saddr = *saddr; 969 fl6.flowi6_oif = icmp6_iif(skb); 970 fl6.fl6_icmp_type = type; 971 fl6.flowi6_mark = mark; 972 fl6.flowi6_uid = sock_net_uid(net, NULL); 973 security_skb_classify_flow(skb, flowi6_to_flowi_common(&fl6)); 974 975 local_bh_disable(); 976 sk = icmpv6_xmit_lock(net); 977 if (!sk) 978 goto out_bh_enable; 979 np = inet6_sk(sk); 980 981 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr)) 982 fl6.flowi6_oif = READ_ONCE(np->mcast_oif); 983 else if (!fl6.flowi6_oif) 984 fl6.flowi6_oif = READ_ONCE(np->ucast_oif); 985 986 if (ip6_dst_lookup(net, sk, &dst, &fl6)) 987 goto out; 988 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), sk, 0); 989 if (IS_ERR(dst)) 990 goto out; 991 992 /* Check the ratelimit */ 993 if ((!(skb->dev->flags & IFF_LOOPBACK) && 994 !icmpv6_global_allow(net, ICMPV6_ECHO_REPLY, &apply_ratelimit)) || 995 !icmpv6_xrlim_allow(sk, ICMPV6_ECHO_REPLY, &fl6, apply_ratelimit)) 996 goto out_dst_release; 997 998 idev = __in6_dev_get(skb->dev); 999 1000 msg.skb = skb; 1001 msg.offset = 0; 1002 msg.type = type; 1003 1004 ipcm6_init_sk(&ipc6, sk); 1005 ipc6.hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst); 1006 ipc6.tclass = ipv6_get_dsfield(ipv6_hdr(skb)); 1007 ipc6.sockc.mark = mark; 1008 1009 if (icmph->icmp6_type == ICMPV6_EXT_ECHO_REQUEST) 1010 if (!icmp_build_probe(skb, (struct icmphdr *)&tmp_hdr)) 1011 goto out_dst_release; 1012 1013 if (ip6_append_data(sk, icmpv6_getfrag, &msg, 1014 skb->len + sizeof(struct icmp6hdr), 1015 sizeof(struct icmp6hdr), &ipc6, &fl6, 1016 dst_rt6_info(dst), MSG_DONTWAIT)) { 1017 __ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTERRORS); 1018 ip6_flush_pending_frames(sk); 1019 } else { 1020 icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr, 1021 skb->len + sizeof(struct icmp6hdr)); 1022 reason = SKB_CONSUMED; 1023 } 1024 out_dst_release: 1025 dst_release(dst); 1026 out: 1027 icmpv6_xmit_unlock(sk); 1028 out_bh_enable: 1029 local_bh_enable(); 1030 return reason; 1031 } 1032 1033 enum skb_drop_reason icmpv6_notify(struct sk_buff *skb, u8 type, 1034 u8 code, __be32 info) 1035 { 1036 struct inet6_skb_parm *opt = IP6CB(skb); 1037 struct net *net = dev_net_rcu(skb->dev); 1038 const struct inet6_protocol *ipprot; 1039 enum skb_drop_reason reason; 1040 int inner_offset; 1041 __be16 frag_off; 1042 u8 nexthdr; 1043 1044 reason = pskb_may_pull_reason(skb, sizeof(struct ipv6hdr)); 1045 if (reason != SKB_NOT_DROPPED_YET) 1046 goto out; 1047 1048 seg6_icmp_srh(skb, opt); 1049 1050 nexthdr = ((struct ipv6hdr *)skb->data)->nexthdr; 1051 if (ipv6_ext_hdr(nexthdr)) { 1052 /* now skip over extension headers */ 1053 inner_offset = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), 1054 &nexthdr, &frag_off); 1055 if (inner_offset < 0) { 1056 SKB_DR_SET(reason, IPV6_BAD_EXTHDR); 1057 goto out; 1058 } 1059 } else { 1060 inner_offset = sizeof(struct ipv6hdr); 1061 } 1062 1063 /* Checkin header including 8 bytes of inner protocol header. */ 1064 reason = pskb_may_pull_reason(skb, inner_offset + 8); 1065 if (reason != SKB_NOT_DROPPED_YET) 1066 goto out; 1067 1068 /* BUGGG_FUTURE: we should try to parse exthdrs in this packet. 1069 Without this we will not able f.e. to make source routed 1070 pmtu discovery. 1071 Corresponding argument (opt) to notifiers is already added. 1072 --ANK (980726) 1073 */ 1074 1075 ipprot = rcu_dereference(inet6_protos[nexthdr]); 1076 if (ipprot && ipprot->err_handler) 1077 ipprot->err_handler(skb, opt, type, code, inner_offset, info); 1078 1079 raw6_icmp_error(skb, nexthdr, type, code, inner_offset, info); 1080 return SKB_CONSUMED; 1081 1082 out: 1083 __ICMP6_INC_STATS(net, __in6_dev_get(skb->dev), ICMP6_MIB_INERRORS); 1084 return reason; 1085 } 1086 1087 /* 1088 * Handle icmp messages 1089 */ 1090 1091 static int icmpv6_rcv(struct sk_buff *skb) 1092 { 1093 enum skb_drop_reason reason = SKB_DROP_REASON_NOT_SPECIFIED; 1094 struct net *net = dev_net_rcu(skb->dev); 1095 struct net_device *dev = icmp6_dev(skb); 1096 struct inet6_dev *idev = __in6_dev_get(dev); 1097 const struct in6_addr *saddr, *daddr; 1098 struct icmp6hdr *hdr; 1099 u8 type; 1100 1101 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) { 1102 struct sec_path *sp = skb_sec_path(skb); 1103 int nh; 1104 1105 if (!(sp && sp->xvec[sp->len - 1]->props.flags & 1106 XFRM_STATE_ICMP)) { 1107 reason = SKB_DROP_REASON_XFRM_POLICY; 1108 goto drop_no_count; 1109 } 1110 1111 if (!pskb_may_pull(skb, sizeof(*hdr) + sizeof(struct ipv6hdr))) 1112 goto drop_no_count; 1113 1114 nh = skb_network_offset(skb); 1115 skb_set_network_header(skb, sizeof(*hdr)); 1116 1117 if (!xfrm6_policy_check_reverse(NULL, XFRM_POLICY_IN, 1118 skb)) { 1119 reason = SKB_DROP_REASON_XFRM_POLICY; 1120 goto drop_no_count; 1121 } 1122 1123 skb_set_network_header(skb, nh); 1124 } 1125 1126 __ICMP6_INC_STATS(dev_net_rcu(dev), idev, ICMP6_MIB_INMSGS); 1127 1128 saddr = &ipv6_hdr(skb)->saddr; 1129 daddr = &ipv6_hdr(skb)->daddr; 1130 1131 if (skb_checksum_validate(skb, IPPROTO_ICMPV6, ip6_compute_pseudo)) { 1132 net_dbg_ratelimited("ICMPv6 checksum failed [%pI6c > %pI6c]\n", 1133 saddr, daddr); 1134 goto csum_error; 1135 } 1136 1137 if (!pskb_pull(skb, sizeof(*hdr))) 1138 goto discard_it; 1139 1140 hdr = icmp6_hdr(skb); 1141 1142 type = hdr->icmp6_type; 1143 1144 ICMP6MSGIN_INC_STATS(dev_net_rcu(dev), idev, type); 1145 1146 switch (type) { 1147 case ICMPV6_ECHO_REQUEST: 1148 if (!net->ipv6.sysctl.icmpv6_echo_ignore_all) 1149 reason = icmpv6_echo_reply(skb); 1150 break; 1151 case ICMPV6_EXT_ECHO_REQUEST: 1152 if (!net->ipv6.sysctl.icmpv6_echo_ignore_all && 1153 READ_ONCE(net->ipv4.sysctl_icmp_echo_enable_probe)) 1154 reason = icmpv6_echo_reply(skb); 1155 break; 1156 1157 case ICMPV6_ECHO_REPLY: 1158 case ICMPV6_EXT_ECHO_REPLY: 1159 ping_rcv(skb); 1160 return 0; 1161 1162 case ICMPV6_PKT_TOOBIG: 1163 /* BUGGG_FUTURE: if packet contains rthdr, we cannot update 1164 standard destination cache. Seems, only "advanced" 1165 destination cache will allow to solve this problem 1166 --ANK (980726) 1167 */ 1168 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr))) 1169 goto discard_it; 1170 hdr = icmp6_hdr(skb); 1171 1172 /* to notify */ 1173 fallthrough; 1174 case ICMPV6_DEST_UNREACH: 1175 case ICMPV6_TIME_EXCEED: 1176 case ICMPV6_PARAMPROB: 1177 reason = icmpv6_notify(skb, type, hdr->icmp6_code, 1178 hdr->icmp6_mtu); 1179 break; 1180 1181 case NDISC_ROUTER_SOLICITATION: 1182 case NDISC_ROUTER_ADVERTISEMENT: 1183 case NDISC_NEIGHBOUR_SOLICITATION: 1184 case NDISC_NEIGHBOUR_ADVERTISEMENT: 1185 case NDISC_REDIRECT: 1186 reason = ndisc_rcv(skb); 1187 break; 1188 1189 case ICMPV6_MGM_QUERY: 1190 igmp6_event_query(skb); 1191 return 0; 1192 1193 case ICMPV6_MGM_REPORT: 1194 igmp6_event_report(skb); 1195 return 0; 1196 1197 case ICMPV6_MGM_REDUCTION: 1198 case ICMPV6_NI_QUERY: 1199 case ICMPV6_NI_REPLY: 1200 case ICMPV6_MLD2_REPORT: 1201 case ICMPV6_DHAAD_REQUEST: 1202 case ICMPV6_DHAAD_REPLY: 1203 case ICMPV6_MOBILE_PREFIX_SOL: 1204 case ICMPV6_MOBILE_PREFIX_ADV: 1205 break; 1206 1207 default: 1208 /* informational */ 1209 if (type & ICMPV6_INFOMSG_MASK) 1210 break; 1211 1212 net_dbg_ratelimited("icmpv6: msg of unknown type [%pI6c > %pI6c]\n", 1213 saddr, daddr); 1214 1215 /* 1216 * error of unknown type. 1217 * must pass to upper level 1218 */ 1219 1220 reason = icmpv6_notify(skb, type, hdr->icmp6_code, 1221 hdr->icmp6_mtu); 1222 } 1223 1224 /* until the v6 path can be better sorted assume failure and 1225 * preserve the status quo behaviour for the rest of the paths to here 1226 */ 1227 if (reason) 1228 kfree_skb_reason(skb, reason); 1229 else 1230 consume_skb(skb); 1231 1232 return 0; 1233 1234 csum_error: 1235 reason = SKB_DROP_REASON_ICMP_CSUM; 1236 __ICMP6_INC_STATS(dev_net_rcu(dev), idev, ICMP6_MIB_CSUMERRORS); 1237 discard_it: 1238 __ICMP6_INC_STATS(dev_net_rcu(dev), idev, ICMP6_MIB_INERRORS); 1239 drop_no_count: 1240 kfree_skb_reason(skb, reason); 1241 return 0; 1242 } 1243 1244 void icmpv6_flow_init(const struct sock *sk, struct flowi6 *fl6, u8 type, 1245 const struct in6_addr *saddr, 1246 const struct in6_addr *daddr, int oif) 1247 { 1248 memset(fl6, 0, sizeof(*fl6)); 1249 fl6->saddr = *saddr; 1250 fl6->daddr = *daddr; 1251 fl6->flowi6_proto = IPPROTO_ICMPV6; 1252 fl6->fl6_icmp_type = type; 1253 fl6->fl6_icmp_code = 0; 1254 fl6->flowi6_oif = oif; 1255 security_sk_classify_flow(sk, flowi6_to_flowi_common(fl6)); 1256 } 1257 1258 int __init icmpv6_init(void) 1259 { 1260 struct sock *sk; 1261 int err, i; 1262 1263 for_each_possible_cpu(i) { 1264 err = inet_ctl_sock_create(&sk, PF_INET6, 1265 SOCK_RAW, IPPROTO_ICMPV6, &init_net); 1266 if (err < 0) { 1267 pr_err("Failed to initialize the ICMP6 control socket (err %d)\n", 1268 err); 1269 return err; 1270 } 1271 1272 per_cpu(ipv6_icmp_sk, i) = sk; 1273 1274 /* Enough space for 2 64K ICMP packets, including 1275 * sk_buff struct overhead. 1276 */ 1277 sk->sk_sndbuf = 2 * SKB_TRUESIZE(64 * 1024); 1278 } 1279 1280 err = -EAGAIN; 1281 if (inet6_add_protocol(&icmpv6_protocol, IPPROTO_ICMPV6) < 0) 1282 goto fail; 1283 1284 err = inet6_register_icmp_sender(icmp6_send); 1285 if (err) 1286 goto sender_reg_err; 1287 return 0; 1288 1289 sender_reg_err: 1290 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6); 1291 fail: 1292 pr_err("Failed to register ICMP6 protocol\n"); 1293 return err; 1294 } 1295 1296 void icmpv6_cleanup(void) 1297 { 1298 inet6_unregister_icmp_sender(icmp6_send); 1299 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6); 1300 } 1301 1302 1303 static const struct icmp6_err { 1304 int err; 1305 int fatal; 1306 } tab_unreach[] = { 1307 { /* NOROUTE */ 1308 .err = ENETUNREACH, 1309 .fatal = 0, 1310 }, 1311 { /* ADM_PROHIBITED */ 1312 .err = EACCES, 1313 .fatal = 1, 1314 }, 1315 { /* Was NOT_NEIGHBOUR, now reserved */ 1316 .err = EHOSTUNREACH, 1317 .fatal = 0, 1318 }, 1319 { /* ADDR_UNREACH */ 1320 .err = EHOSTUNREACH, 1321 .fatal = 0, 1322 }, 1323 { /* PORT_UNREACH */ 1324 .err = ECONNREFUSED, 1325 .fatal = 1, 1326 }, 1327 { /* POLICY_FAIL */ 1328 .err = EACCES, 1329 .fatal = 1, 1330 }, 1331 { /* REJECT_ROUTE */ 1332 .err = EACCES, 1333 .fatal = 1, 1334 }, 1335 }; 1336 1337 int icmpv6_err_convert(u8 type, u8 code, int *err) 1338 { 1339 int fatal = 0; 1340 1341 *err = EPROTO; 1342 1343 switch (type) { 1344 case ICMPV6_DEST_UNREACH: 1345 fatal = 1; 1346 if (code < ARRAY_SIZE(tab_unreach)) { 1347 *err = tab_unreach[code].err; 1348 fatal = tab_unreach[code].fatal; 1349 } 1350 break; 1351 1352 case ICMPV6_PKT_TOOBIG: 1353 *err = EMSGSIZE; 1354 break; 1355 1356 case ICMPV6_PARAMPROB: 1357 *err = EPROTO; 1358 fatal = 1; 1359 break; 1360 1361 case ICMPV6_TIME_EXCEED: 1362 *err = EHOSTUNREACH; 1363 break; 1364 } 1365 1366 return fatal; 1367 } 1368 EXPORT_SYMBOL(icmpv6_err_convert); 1369 1370 #ifdef CONFIG_SYSCTL 1371 1372 static u32 icmpv6_errors_extension_mask_all = 1373 GENMASK_U8(ICMP_ERR_EXT_COUNT - 1, 0); 1374 1375 static struct ctl_table ipv6_icmp_table_template[] = { 1376 { 1377 .procname = "ratelimit", 1378 .data = &init_net.ipv6.sysctl.icmpv6_time, 1379 .maxlen = sizeof(int), 1380 .mode = 0644, 1381 .proc_handler = proc_dointvec_ms_jiffies, 1382 }, 1383 { 1384 .procname = "echo_ignore_all", 1385 .data = &init_net.ipv6.sysctl.icmpv6_echo_ignore_all, 1386 .maxlen = sizeof(u8), 1387 .mode = 0644, 1388 .proc_handler = proc_dou8vec_minmax, 1389 }, 1390 { 1391 .procname = "echo_ignore_multicast", 1392 .data = &init_net.ipv6.sysctl.icmpv6_echo_ignore_multicast, 1393 .maxlen = sizeof(u8), 1394 .mode = 0644, 1395 .proc_handler = proc_dou8vec_minmax, 1396 }, 1397 { 1398 .procname = "echo_ignore_anycast", 1399 .data = &init_net.ipv6.sysctl.icmpv6_echo_ignore_anycast, 1400 .maxlen = sizeof(u8), 1401 .mode = 0644, 1402 .proc_handler = proc_dou8vec_minmax, 1403 }, 1404 { 1405 .procname = "ratemask", 1406 .data = &init_net.ipv6.sysctl.icmpv6_ratemask_ptr, 1407 .maxlen = ICMPV6_MSG_MAX + 1, 1408 .mode = 0644, 1409 .proc_handler = proc_do_large_bitmap, 1410 }, 1411 { 1412 .procname = "error_anycast_as_unicast", 1413 .data = &init_net.ipv6.sysctl.icmpv6_error_anycast_as_unicast, 1414 .maxlen = sizeof(u8), 1415 .mode = 0644, 1416 .proc_handler = proc_dou8vec_minmax, 1417 .extra1 = SYSCTL_ZERO, 1418 .extra2 = SYSCTL_ONE, 1419 }, 1420 { 1421 .procname = "errors_extension_mask", 1422 .data = &init_net.ipv6.sysctl.icmpv6_errors_extension_mask, 1423 .maxlen = sizeof(u8), 1424 .mode = 0644, 1425 .proc_handler = proc_dou8vec_minmax, 1426 .extra1 = SYSCTL_ZERO, 1427 .extra2 = &icmpv6_errors_extension_mask_all, 1428 }, 1429 }; 1430 1431 struct ctl_table * __net_init ipv6_icmp_sysctl_init(struct net *net) 1432 { 1433 struct ctl_table *table; 1434 1435 table = kmemdup(ipv6_icmp_table_template, 1436 sizeof(ipv6_icmp_table_template), 1437 GFP_KERNEL); 1438 1439 if (table) { 1440 table[0].data = &net->ipv6.sysctl.icmpv6_time; 1441 table[1].data = &net->ipv6.sysctl.icmpv6_echo_ignore_all; 1442 table[2].data = &net->ipv6.sysctl.icmpv6_echo_ignore_multicast; 1443 table[3].data = &net->ipv6.sysctl.icmpv6_echo_ignore_anycast; 1444 table[4].data = &net->ipv6.sysctl.icmpv6_ratemask_ptr; 1445 table[5].data = &net->ipv6.sysctl.icmpv6_error_anycast_as_unicast; 1446 table[6].data = &net->ipv6.sysctl.icmpv6_errors_extension_mask; 1447 } 1448 return table; 1449 } 1450 1451 size_t ipv6_icmp_sysctl_table_size(void) 1452 { 1453 return ARRAY_SIZE(ipv6_icmp_table_template); 1454 } 1455 #endif 1456