projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
[NETNS][IPV6]: inet6_addr - isolate inet6 addresses from proc file
[linux-2.6-block.git] / net / ipv6 / icmp.c
CommitLineData
1da177e4
LT		 1/*
2 * Internet Control Message Protocol (ICMPv6)
3 * Linux INET6 implementation
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 *
8 * $Id: icmp.c,v 1.38 2002/02/08 03:57:19 davem Exp $
9 *
10 * Based on net/ipv4/icmp.c
11 *
12 * RFC 1885
13 *
14 * This program is free software; you can redistribute it and/or
15 * modify it under the terms of the GNU General Public License
16 * as published by the Free Software Foundation; either version
17 * 2 of the License, or (at your option) any later version.
18 */
19
20/*
21 * Changes:
22 *
23 * Andi Kleen : exception handling
24 * Andi Kleen add rate limits. never reply to a icmp.
25 * add more length checks and other fixes.
26 * yoshfuji : ensure to sent parameter problem for
27 * fragments.
28 * YOSHIFUJI Hideaki @USAGI: added sysctl for icmp rate limit.
29 * Randy Dunlap and
30 * YOSHIFUJI Hideaki @USAGI: Per-interface statistics support
31 * Kazunori MIYAZAWA @USAGI: change output process to use ip6_append_data
32 */
33
34#include <linux/module.h>
35#include <linux/errno.h>
36#include <linux/types.h>
37#include <linux/socket.h>
38#include <linux/in.h>
39#include <linux/kernel.h>
1da177e4
LT		 40#include <linux/sockios.h>
41#include <linux/net.h>
42#include <linux/skbuff.h>
43#include <linux/init.h>
763ecff1 44#include <linux/netfilter.h>
1da177e4
LT		 45
46#ifdef CONFIG_SYSCTL
47#include <linux/sysctl.h>
48#endif
49
50#include <linux/inet.h>
51#include <linux/netdevice.h>
52#include <linux/icmpv6.h>
53
54#include <net/ip.h>
55#include <net/sock.h>
56
57#include <net/ipv6.h>
58#include <net/ip6_checksum.h>
59#include <net/protocol.h>
60#include <net/raw.h>
61#include <net/rawv6.h>
62#include <net/transp_v6.h>
63#include <net/ip6_route.h>
64#include <net/addrconf.h>
65#include <net/icmp.h>
8b7817f3 66#include <net/xfrm.h>
1da177e4
LT		 67
68#include <asm/uaccess.h>
69#include <asm/system.h>
70
ba89966c 71DEFINE_SNMP_STAT(struct icmpv6_mib, icmpv6_statistics) __read_mostly;
7159039a 72EXPORT_SYMBOL(icmpv6_statistics);
14878f75
DS		 73DEFINE_SNMP_STAT(struct icmpv6msg_mib, icmpv6msg_statistics) __read_mostly;
74EXPORT_SYMBOL(icmpv6msg_statistics);
1da177e4
LT		 75
76/*
77 * The ICMP socket(s). This is the most convenient way to flow control
78 * our ICMP output as well as maintain a clean interface throughout
79 * all layers. All Socketless IP sends will soon be gone.
80 *
81 * On SMP we have one ICMP socket per-cpu.
82 */
83static DEFINE_PER_CPU(struct socket *, __icmpv6_socket) = NULL;
84#define icmpv6_socket __get_cpu_var(__icmpv6_socket)
85
e5bbef20 86static int icmpv6_rcv(struct sk_buff *skb);
1da177e4
LT		 87
88static struct inet6_protocol icmpv6_protocol = {
89 .handler = icmpv6_rcv,
8b7817f3 90 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
1da177e4
LT		 91};
92
93static __inline__ int icmpv6_xmit_lock(void)
94{
95 local_bh_disable();
96
97 if (unlikely(!spin_trylock(&icmpv6_socket->sk->sk_lock.slock))) {
98 /* This can happen if the output path (f.e. SIT or
99 * ip6ip6 tunnel) signals dst_link_failure() for an
100 * outgoing ICMP6 packet.
101 */
102 local_bh_enable();
103 return 1;
104 }
105 return 0;
106}
107
108static __inline__ void icmpv6_xmit_unlock(void)
109{
110 spin_unlock_bh(&icmpv6_socket->sk->sk_lock.slock);
111}
112
1ab1457c 113/*
1da177e4
LT		 114 * Slightly more convenient version of icmpv6_send.
115 */
116void icmpv6_param_prob(struct sk_buff *skb, int code, int pos)
117{
118 icmpv6_send(skb, ICMPV6_PARAMPROB, code, pos, skb->dev);
119 kfree_skb(skb);
120}
121
122/*
123 * Figure out, may we reply to this packet with icmp error.
124 *
125 * We do not reply, if:
126 * - it was icmp error message.
127 * - it is truncated, so that it is known, that protocol is ICMPV6
128 * (i.e. in the middle of some exthdr)
129 *
130 * --ANK (980726)
131 */
132
133static int is_ineligible(struct sk_buff *skb)
134{
0660e03f 135 int ptr = (u8 *)(ipv6_hdr(skb) + 1) - skb->data;
1da177e4 136 int len = skb->len - ptr;
0660e03f 137 __u8 nexthdr = ipv6_hdr(skb)->nexthdr;
1da177e4
LT		 138
139 if (len < 0)
140 return 1;
141
0d3d077c 142 ptr = ipv6_skip_exthdr(skb, ptr, &nexthdr);
1da177e4
LT		 143 if (ptr < 0)
144 return 0;
145 if (nexthdr == IPPROTO_ICMPV6) {
146 u8 _type, *tp;
147 tp = skb_header_pointer(skb,
148 ptr+offsetof(struct icmp6hdr, icmp6_type),
149 sizeof(_type), &_type);
150 if (tp == NULL ||
151 !(*tp & ICMPV6_INFOMSG_MASK))
152 return 1;
153 }
154 return 0;
155}
156
1ab1457c
YH		 157/*
158 * Check the ICMP output rate limit
1da177e4
LT		 159 */
160static inline int icmpv6_xrlim_allow(struct sock *sk, int type,
161 struct flowi *fl)
162{
163 struct dst_entry *dst;
164 int res = 0;
165
166 /* Informational messages are not limited. */
167 if (type & ICMPV6_INFOMSG_MASK)
168 return 1;
169
170 /* Do not limit pmtu discovery, it would break it. */
171 if (type == ICMPV6_PKT_TOOBIG)
172 return 1;
173
1ab1457c 174 /*
1da177e4
LT		 175 * Look up the output route.
176 * XXX: perhaps the expire for routing entries cloned by
177 * this lookup should be more aggressive (not longer than timeout).
178 */
179 dst = ip6_route_output(sk, fl);
180 if (dst->error) {
a11d206d
YH		 181 IP6_INC_STATS(ip6_dst_idev(dst),
182 IPSTATS_MIB_OUTNOROUTES);
1da177e4
LT		 183 } else if (dst->dev && (dst->dev->flags&IFF_LOOPBACK)) {
184 res = 1;
185 } else {
186 struct rt6_info *rt = (struct rt6_info *)dst;
41a76906 187 int tmo = init_net.ipv6.sysctl.icmpv6_time;
1da177e4
LT		 188
189 /* Give more bandwidth to wider prefixes. */
190 if (rt->rt6i_dst.plen < 128)
191 tmo >>= ((128 - rt->rt6i_dst.plen)>>5);
192
193 res = xrlim_allow(dst, tmo);
194 }
195 dst_release(dst);
196 return res;
197}
198
199/*
200 * an inline helper for the "simple" if statement below
201 * checks if parameter problem report is caused by an
1ab1457c 202 * unrecognized IPv6 option that has the Option Type
1da177e4
LT		 203 * highest-order two bits set to 10
204 */
205
206static __inline__ int opt_unrec(struct sk_buff *skb, __u32 offset)
207{
208 u8 _optval, *op;
209
bbe735e4 210 offset += skb_network_offset(skb);
1da177e4
LT		 211 op = skb_header_pointer(skb, offset, sizeof(_optval), &_optval);
212 if (op == NULL)
213 return 1;
214 return (*op & 0xC0) == 0x80;
215}
216
217static int icmpv6_push_pending_frames(struct sock *sk, struct flowi *fl, struct icmp6hdr *thdr, int len)
218{
219 struct sk_buff *skb;
220 struct icmp6hdr *icmp6h;
221 int err = 0;
222
223 if ((skb = skb_peek(&sk->sk_write_queue)) == NULL)
224 goto out;
225
cc70ab26 226 icmp6h = icmp6_hdr(skb);
1da177e4
LT		 227 memcpy(icmp6h, thdr, sizeof(struct icmp6hdr));
228 icmp6h->icmp6_cksum = 0;
229
230 if (skb_queue_len(&sk->sk_write_queue) == 1) {
231 skb->csum = csum_partial((char *)icmp6h,
232 sizeof(struct icmp6hdr), skb->csum);
233 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl->fl6_src,
234 &fl->fl6_dst,
235 len, fl->proto,
236 skb->csum);
237 } else {
868c86bc 238 __wsum tmp_csum = 0;
1da177e4
LT		 239
240 skb_queue_walk(&sk->sk_write_queue, skb) {
241 tmp_csum = csum_add(tmp_csum, skb->csum);
242 }
243
244 tmp_csum = csum_partial((char *)icmp6h,
245 sizeof(struct icmp6hdr), tmp_csum);
868c86bc
AV		 246 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl->fl6_src,
247 &fl->fl6_dst,
248 len, fl->proto,
249 tmp_csum);
1da177e4 250 }
1da177e4
LT		 251 ip6_push_pending_frames(sk);
252out:
253 return err;
254}
255
256struct icmpv6_msg {
257 struct sk_buff *skb;
258 int offset;
763ecff1 259 uint8_t type;
1da177e4
LT		 260};
261
262static int icmpv6_getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb)
263{
264 struct icmpv6_msg *msg = (struct icmpv6_msg *) from;
265 struct sk_buff *org_skb = msg->skb;
5f92a738 266 __wsum csum = 0;
1da177e4
LT		 267
268 csum = skb_copy_and_csum_bits(org_skb, msg->offset + offset,
269 to, len, csum);
270 skb->csum = csum_block_add(skb->csum, csum, odd);
763ecff1
YK		 271 if (!(msg->type & ICMPV6_INFOMSG_MASK))
272 nf_ct_attach(skb, org_skb);
1da177e4
LT		 273 return 0;
274}
275
59fbb3a6 276#if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE)
79383236
MN		 277static void mip6_addr_swap(struct sk_buff *skb)
278{
0660e03f 279 struct ipv6hdr *iph = ipv6_hdr(skb);
79383236
MN		 280 struct inet6_skb_parm *opt = IP6CB(skb);
281 struct ipv6_destopt_hao *hao;
282 struct in6_addr tmp;
283 int off;
284
285 if (opt->dsthao) {
286 off = ipv6_find_tlv(skb, opt->dsthao, IPV6_TLV_HAO);
287 if (likely(off >= 0)) {
d56f90a7
ACM		 288 hao = (struct ipv6_destopt_hao *)
289 (skb_network_header(skb) + off);
79383236
MN		 290 ipv6_addr_copy(&tmp, &iph->saddr);
291 ipv6_addr_copy(&iph->saddr, &hao->addr);
292 ipv6_addr_copy(&hao->addr, &tmp);
293 }
294 }
295}
296#else
297static inline void mip6_addr_swap(struct sk_buff *skb) {}
298#endif
299
1da177e4
LT		 300/*
301 * Send an ICMP message in response to a packet in error
302 */
1ab1457c 303void icmpv6_send(struct sk_buff *skb, int type, int code, __u32 info,
1da177e4
LT		 304 struct net_device *dev)
305{
306 struct inet6_dev *idev = NULL;
0660e03f 307 struct ipv6hdr *hdr = ipv6_hdr(skb);
84427d53
YH		 308 struct sock *sk;
309 struct ipv6_pinfo *np;
1da177e4
LT		 310 struct in6_addr *saddr = NULL;
311 struct dst_entry *dst;
8b7817f3 312 struct dst_entry *dst2;
1da177e4
LT		 313 struct icmp6hdr tmp_hdr;
314 struct flowi fl;
8b7817f3 315 struct flowi fl2;
1da177e4
LT		 316 struct icmpv6_msg msg;
317 int iif = 0;
318 int addr_type = 0;
319 int len;
41a1f8ea 320 int hlimit, tclass;
1da177e4
LT		 321 int err = 0;
322
27a884dc
ACM		 323 if ((u8 *)hdr < skb->head ||
324 (skb->network_header + sizeof(*hdr)) > skb->tail)
1da177e4
LT		 325 return;
326
327 /*
1ab1457c 328 * Make sure we respect the rules
1da177e4
LT		 329 * i.e. RFC 1885 2.4(e)
330 * Rule (e.1) is enforced by not using icmpv6_send
331 * in any code that processes icmp errors.
332 */
333 addr_type = ipv6_addr_type(&hdr->daddr);
334
335 if (ipv6_chk_addr(&hdr->daddr, skb->dev, 0))
336 saddr = &hdr->daddr;
337
338 /*
339 * Dest addr check
340 */
341
342 if ((addr_type & IPV6_ADDR_MULTICAST || skb->pkt_type != PACKET_HOST)) {
343 if (type != ICMPV6_PKT_TOOBIG &&
1ab1457c
YH		 344 !(type == ICMPV6_PARAMPROB &&
345 code == ICMPV6_UNK_OPTION &&
1da177e4
LT		 346 (opt_unrec(skb, info))))
347 return;
348
349 saddr = NULL;
350 }
351
352 addr_type = ipv6_addr_type(&hdr->saddr);
353
354 /*
355 * Source addr check
356 */
357
358 if (addr_type & IPV6_ADDR_LINKLOCAL)
359 iif = skb->dev->ifindex;
360
361 /*
8de3351e
YH		 362 * Must not send error if the source does not uniquely
363 * identify a single node (RFC2463 Section 2.4).
364 * We check unspecified / multicast addresses here,
365 * and anycast addresses will be checked later.
1da177e4
LT		 366 */
367 if ((addr_type == IPV6_ADDR_ANY) || (addr_type & IPV6_ADDR_MULTICAST)) {
64ce2073 368 LIMIT_NETDEBUG(KERN_DEBUG "icmpv6_send: addr_any/mcast source\n");
1da177e4
LT		 369 return;
370 }
371
1ab1457c 372 /*
1da177e4
LT		 373 * Never answer to a ICMP packet.
374 */
375 if (is_ineligible(skb)) {
64ce2073 376 LIMIT_NETDEBUG(KERN_DEBUG "icmpv6_send: no reply to icmp error\n");
1da177e4
LT		 377 return;
378 }
379
79383236
MN		 380 mip6_addr_swap(skb);
381
1da177e4
LT		 382 memset(&fl, 0, sizeof(fl));
383 fl.proto = IPPROTO_ICMPV6;
384 ipv6_addr_copy(&fl.fl6_dst, &hdr->saddr);
385 if (saddr)
386 ipv6_addr_copy(&fl.fl6_src, saddr);
387 fl.oif = iif;
388 fl.fl_icmp_type = type;
389 fl.fl_icmp_code = code;
beb8d13b 390 security_skb_classify_flow(skb, &fl);
1da177e4
LT		 391
392 if (icmpv6_xmit_lock())
393 return;
394
84427d53
YH		 395 sk = icmpv6_socket->sk;
396 np = inet6_sk(sk);
397
1da177e4
LT		 398 if (!icmpv6_xrlim_allow(sk, type, &fl))
399 goto out;
400
401 tmp_hdr.icmp6_type = type;
402 tmp_hdr.icmp6_code = code;
403 tmp_hdr.icmp6_cksum = 0;
404 tmp_hdr.icmp6_pointer = htonl(info);
405
406 if (!fl.oif && ipv6_addr_is_multicast(&fl.fl6_dst))
407 fl.oif = np->mcast_oif;
408
409 err = ip6_dst_lookup(sk, &dst, &fl);
410 if (err)
411 goto out;
8de3351e
YH		 412
413 /*
414 * We won't send icmp if the destination is known
415 * anycast.
416 */
417 if (((struct rt6_info *)dst)->rt6i_flags & RTF_ANYCAST) {
418 LIMIT_NETDEBUG(KERN_DEBUG "icmpv6_send: acast source\n");
419 goto out_dst_release;
420 }
421
8b7817f3
HX		 422 /* No need to clone since we're just using its address. */
423 dst2 = dst;
424
425 err = xfrm_lookup(&dst, &fl, sk, 0);
426 switch (err) {
427 case 0:
428 if (dst != dst2)
429 goto route_done;
430 break;
431 case -EPERM:
432 dst = NULL;
433 break;
434 default:
435 goto out;
436 }
437
438 if (xfrm_decode_session_reverse(skb, &fl2, AF_INET6))
439 goto out;
440
441 if (ip6_dst_lookup(sk, &dst2, &fl))
e104411b 442 goto out;
1da177e4 443
8b7817f3
HX		 444 err = xfrm_lookup(&dst2, &fl, sk, XFRM_LOOKUP_ICMP);
445 if (err == -ENOENT) {
446 if (!dst)
447 goto out;
448 goto route_done;
449 }
450
451 dst_release(dst);
452 dst = dst2;
453
454 if (err)
455 goto out;
456
457route_done:
1da177e4
LT		 458 if (ipv6_addr_is_multicast(&fl.fl6_dst))
459 hlimit = np->mcast_hops;
460 else
461 hlimit = np->hop_limit;
462 if (hlimit < 0)
463 hlimit = dst_metric(dst, RTAX_HOPLIMIT);
464 if (hlimit < 0)
465 hlimit = ipv6_get_hoplimit(dst->dev);
466
e012d51c 467 tclass = np->tclass;
41a1f8ea
YH		 468 if (tclass < 0)
469 tclass = 0;
470
1da177e4 471 msg.skb = skb;
bbe735e4 472 msg.offset = skb_network_offset(skb);
763ecff1 473 msg.type = type;
1da177e4
LT		 474
475 len = skb->len - msg.offset;
476 len = min_t(unsigned int, len, IPV6_MIN_MTU - sizeof(struct ipv6hdr) -sizeof(struct icmp6hdr));
477 if (len < 0) {
64ce2073 478 LIMIT_NETDEBUG(KERN_DEBUG "icmp: len problem\n");
1da177e4
LT		 479 goto out_dst_release;
480 }
481
482 idev = in6_dev_get(skb->dev);
483
484 err = ip6_append_data(sk, icmpv6_getfrag, &msg,
485 len + sizeof(struct icmp6hdr),
486 sizeof(struct icmp6hdr),
41a1f8ea 487 hlimit, tclass, NULL, &fl, (struct rt6_info*)dst,
1da177e4
LT		 488 MSG_DONTWAIT);
489 if (err) {
490 ip6_flush_pending_frames(sk);
491 goto out_put;
492 }
493 err = icmpv6_push_pending_frames(sk, &fl, &tmp_hdr, len + sizeof(struct icmp6hdr));
494
1da177e4
LT		 495out_put:
496 if (likely(idev != NULL))
497 in6_dev_put(idev);
498out_dst_release:
499 dst_release(dst);
500out:
501 icmpv6_xmit_unlock();
502}
503
7159039a
YH		 504EXPORT_SYMBOL(icmpv6_send);
505
1da177e4
LT		 506static void icmpv6_echo_reply(struct sk_buff *skb)
507{
84427d53 508 struct sock *sk;
1da177e4 509 struct inet6_dev *idev;
84427d53 510 struct ipv6_pinfo *np;
1da177e4 511 struct in6_addr *saddr = NULL;
cc70ab26 512 struct icmp6hdr *icmph = icmp6_hdr(skb);
1da177e4
LT		 513 struct icmp6hdr tmp_hdr;
514 struct flowi fl;
515 struct icmpv6_msg msg;
516 struct dst_entry *dst;
517 int err = 0;
518 int hlimit;
41a1f8ea 519 int tclass;
1da177e4 520
0660e03f 521 saddr = &ipv6_hdr(skb)->daddr;
1da177e4
LT		 522
523 if (!ipv6_unicast_destination(skb))
524 saddr = NULL;
525
526 memcpy(&tmp_hdr, icmph, sizeof(tmp_hdr));
527 tmp_hdr.icmp6_type = ICMPV6_ECHO_REPLY;
528
529 memset(&fl, 0, sizeof(fl));
530 fl.proto = IPPROTO_ICMPV6;
0660e03f 531 ipv6_addr_copy(&fl.fl6_dst, &ipv6_hdr(skb)->saddr);
1da177e4
LT		 532 if (saddr)
533 ipv6_addr_copy(&fl.fl6_src, saddr);
534 fl.oif = skb->dev->ifindex;
535 fl.fl_icmp_type = ICMPV6_ECHO_REPLY;
beb8d13b 536 security_skb_classify_flow(skb, &fl);
1da177e4
LT		 537
538 if (icmpv6_xmit_lock())
539 return;
540
84427d53
YH		 541 sk = icmpv6_socket->sk;
542 np = inet6_sk(sk);
543
1da177e4
LT		 544 if (!fl.oif && ipv6_addr_is_multicast(&fl.fl6_dst))
545 fl.oif = np->mcast_oif;
546
547 err = ip6_dst_lookup(sk, &dst, &fl);
548 if (err)
549 goto out;
550 if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0)
e104411b 551 goto out;
1da177e4
LT		 552
553 if (ipv6_addr_is_multicast(&fl.fl6_dst))
554 hlimit = np->mcast_hops;
555 else
556 hlimit = np->hop_limit;
557 if (hlimit < 0)
558 hlimit = dst_metric(dst, RTAX_HOPLIMIT);
559 if (hlimit < 0)
560 hlimit = ipv6_get_hoplimit(dst->dev);
561
e012d51c 562 tclass = np->tclass;
41a1f8ea
YH		 563 if (tclass < 0)
564 tclass = 0;
565
1da177e4
LT		 566 idev = in6_dev_get(skb->dev);
567
568 msg.skb = skb;
569 msg.offset = 0;
763ecff1 570 msg.type = ICMPV6_ECHO_REPLY;
1da177e4
LT		 571
572 err = ip6_append_data(sk, icmpv6_getfrag, &msg, skb->len + sizeof(struct icmp6hdr),
41a1f8ea 573 sizeof(struct icmp6hdr), hlimit, tclass, NULL, &fl,
1da177e4
LT		 574 (struct rt6_info*)dst, MSG_DONTWAIT);
575
576 if (err) {
577 ip6_flush_pending_frames(sk);
578 goto out_put;
579 }
580 err = icmpv6_push_pending_frames(sk, &fl, &tmp_hdr, skb->len + sizeof(struct icmp6hdr));
581
1ab1457c 582out_put:
1da177e4
LT		 583 if (likely(idev != NULL))
584 in6_dev_put(idev);
1da177e4 585 dst_release(dst);
1ab1457c 586out:
1da177e4
LT		 587 icmpv6_xmit_unlock();
588}
589
04ce6909 590static void icmpv6_notify(struct sk_buff *skb, int type, int code, __be32 info)
1da177e4 591{
1da177e4 592 struct inet6_protocol *ipprot;
1da177e4
LT		 593 int inner_offset;
594 int hash;
595 u8 nexthdr;
596
597 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
598 return;
599
600 nexthdr = ((struct ipv6hdr *)skb->data)->nexthdr;
601 if (ipv6_ext_hdr(nexthdr)) {
602 /* now skip over extension headers */
0d3d077c 603 inner_offset = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), &nexthdr);
1da177e4
LT		 604 if (inner_offset<0)
605 return;
606 } else {
607 inner_offset = sizeof(struct ipv6hdr);
608 }
609
610 /* Checkin header including 8 bytes of inner protocol header. */
611 if (!pskb_may_pull(skb, inner_offset+8))
612 return;
613
1da177e4
LT		 614 /* BUGGG_FUTURE: we should try to parse exthdrs in this packet.
615 Without this we will not able f.e. to make source routed
616 pmtu discovery.
617 Corresponding argument (opt) to notifiers is already added.
618 --ANK (980726)
619 */
620
621 hash = nexthdr & (MAX_INET_PROTOS - 1);
622
623 rcu_read_lock();
624 ipprot = rcu_dereference(inet6_protos[hash]);
625 if (ipprot && ipprot->err_handler)
626 ipprot->err_handler(skb, NULL, type, code, inner_offset, info);
627 rcu_read_unlock();
628
69d6da0b 629 raw6_icmp_error(skb, nexthdr, type, code, inner_offset, info);
1da177e4 630}
1ab1457c 631
1da177e4
LT		 632/*
633 * Handle icmp messages
634 */
635
e5bbef20 636static int icmpv6_rcv(struct sk_buff *skb)
1da177e4 637{
1da177e4
LT		 638 struct net_device *dev = skb->dev;
639 struct inet6_dev *idev = __in6_dev_get(dev);
640 struct in6_addr *saddr, *daddr;
641 struct ipv6hdr *orig_hdr;
642 struct icmp6hdr *hdr;
643 int type;
644
aebcf82c 645 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
8b7817f3
HX		 646 int nh;
647
aebcf82c
HX		 648 if (!(skb->sp && skb->sp->xvec[skb->sp->len - 1]->props.flags &
649 XFRM_STATE_ICMP))
650 goto drop_no_count;
651
8b7817f3
HX		 652 if (!pskb_may_pull(skb, sizeof(*hdr) + sizeof(*orig_hdr)))
653 goto drop_no_count;
654
655 nh = skb_network_offset(skb);
656 skb_set_network_header(skb, sizeof(*hdr));
657
658 if (!xfrm6_policy_check_reverse(NULL, XFRM_POLICY_IN, skb))
659 goto drop_no_count;
660
661 skb_set_network_header(skb, nh);
662 }
663
1da177e4
LT		 664 ICMP6_INC_STATS_BH(idev, ICMP6_MIB_INMSGS);
665
0660e03f
ACM		 666 saddr = &ipv6_hdr(skb)->saddr;
667 daddr = &ipv6_hdr(skb)->daddr;
1da177e4
LT		 668
669 /* Perform checksum. */
fb286bb2 670 switch (skb->ip_summed) {
84fa7933 671 case CHECKSUM_COMPLETE:
fb286bb2
HX		 672 if (!csum_ipv6_magic(saddr, daddr, skb->len, IPPROTO_ICMPV6,
673 skb->csum))
674 break;
675 /* fall through */
676 case CHECKSUM_NONE:
868c86bc
AV		 677 skb->csum = ~csum_unfold(csum_ipv6_magic(saddr, daddr, skb->len,
678 IPPROTO_ICMPV6, 0));
fb286bb2 679 if (__skb_checksum_complete(skb)) {
46b86a2d 680 LIMIT_NETDEBUG(KERN_DEBUG "ICMPv6 checksum failed [" NIP6_FMT " > " NIP6_FMT "]\n",
64ce2073 681 NIP6(*saddr), NIP6(*daddr));
1da177e4
LT		 682 goto discard_it;
683 }
684 }
685
8b7817f3 686 __skb_pull(skb, sizeof(*hdr));
1da177e4 687
cc70ab26 688 hdr = icmp6_hdr(skb);
1da177e4
LT		 689
690 type = hdr->icmp6_type;
691
14878f75 692 ICMP6MSGIN_INC_STATS_BH(idev, type);
1da177e4
LT		 693
694 switch (type) {
695 case ICMPV6_ECHO_REQUEST:
696 icmpv6_echo_reply(skb);
697 break;
698
699 case ICMPV6_ECHO_REPLY:
700 /* we couldn't care less */
701 break;
702
703 case ICMPV6_PKT_TOOBIG:
704 /* BUGGG_FUTURE: if packet contains rthdr, we cannot update
705 standard destination cache. Seems, only "advanced"
706 destination cache will allow to solve this problem
707 --ANK (980726)
708 */
709 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
710 goto discard_it;
cc70ab26 711 hdr = icmp6_hdr(skb);
1da177e4
LT		 712 orig_hdr = (struct ipv6hdr *) (hdr + 1);
713 rt6_pmtu_discovery(&orig_hdr->daddr, &orig_hdr->saddr, dev,
714 ntohl(hdr->icmp6_mtu));
715
716 /*
717 * Drop through to notify
718 */
719
720 case ICMPV6_DEST_UNREACH:
721 case ICMPV6_TIME_EXCEED:
722 case ICMPV6_PARAMPROB:
723 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu);
724 break;
725
726 case NDISC_ROUTER_SOLICITATION:
727 case NDISC_ROUTER_ADVERTISEMENT:
728 case NDISC_NEIGHBOUR_SOLICITATION:
729 case NDISC_NEIGHBOUR_ADVERTISEMENT:
730 case NDISC_REDIRECT:
731 ndisc_rcv(skb);
732 break;
733
734 case ICMPV6_MGM_QUERY:
735 igmp6_event_query(skb);
736 break;
737
738 case ICMPV6_MGM_REPORT:
739 igmp6_event_report(skb);
740 break;
741
742 case ICMPV6_MGM_REDUCTION:
743 case ICMPV6_NI_QUERY:
744 case ICMPV6_NI_REPLY:
745 case ICMPV6_MLD2_REPORT:
746 case ICMPV6_DHAAD_REQUEST:
747 case ICMPV6_DHAAD_REPLY:
748 case ICMPV6_MOBILE_PREFIX_SOL:
749 case ICMPV6_MOBILE_PREFIX_ADV:
750 break;
751
752 default:
64ce2073 753 LIMIT_NETDEBUG(KERN_DEBUG "icmpv6: msg of unknown type\n");
1da177e4
LT		 754
755 /* informational */
756 if (type & ICMPV6_INFOMSG_MASK)
757 break;
758
1ab1457c
YH		 759 /*
760 * error of unknown type.
761 * must pass to upper level
1da177e4
LT		 762 */
763
764 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu);
3ff50b79
SH		 765 }
766
1da177e4
LT		 767 kfree_skb(skb);
768 return 0;
769
770discard_it:
771 ICMP6_INC_STATS_BH(idev, ICMP6_MIB_INERRORS);
8b7817f3 772drop_no_count:
1da177e4
LT		 773 kfree_skb(skb);
774 return 0;
775}
776
640c41c7
IM		 777/*
778 * Special lock-class for __icmpv6_socket:
779 */
780static struct lock_class_key icmpv6_socket_sk_dst_lock_key;
781
1da177e4
LT		 782int __init icmpv6_init(struct net_proto_family *ops)
783{
784 struct sock *sk;
785 int err, i, j;
786
6f912042 787 for_each_possible_cpu(i) {
1da177e4
LT		 788 err = sock_create_kern(PF_INET6, SOCK_RAW, IPPROTO_ICMPV6,
789 &per_cpu(__icmpv6_socket, i));
790 if (err < 0) {
791 printk(KERN_ERR
792 "Failed to initialize the ICMP6 control socket "
793 "(err %d).\n",
794 err);
795 goto fail;
796 }
797
798 sk = per_cpu(__icmpv6_socket, i)->sk;
799 sk->sk_allocation = GFP_ATOMIC;
640c41c7
IM		 800 /*
801 * Split off their lock-class, because sk->sk_dst_lock
802 * gets used from softirqs, which is safe for
803 * __icmpv6_socket (because those never get directly used
804 * via userspace syscalls), but unsafe for normal sockets.
805 */
806 lockdep_set_class(&sk->sk_dst_lock,
807 &icmpv6_socket_sk_dst_lock_key);
1da177e4
LT		 808
809 /* Enough space for 2 64K ICMP packets, including
810 * sk_buff struct overhead.
811 */
812 sk->sk_sndbuf =
813 (2 * ((64 * 1024) + sizeof(struct sk_buff)));
814
815 sk->sk_prot->unhash(sk);
816 }
817
818
819 if (inet6_add_protocol(&icmpv6_protocol, IPPROTO_ICMPV6) < 0) {
820 printk(KERN_ERR "Failed to register ICMP6 protocol\n");
821 err = -EAGAIN;
822 goto fail;
823 }
824
825 return 0;
826
827 fail:
828 for (j = 0; j < i; j++) {
829 if (!cpu_possible(j))
830 continue;
831 sock_release(per_cpu(__icmpv6_socket, j));
832 }
833
834 return err;
835}
836
837void icmpv6_cleanup(void)
838{
839 int i;
840
6f912042 841 for_each_possible_cpu(i) {
1da177e4
LT		 842 sock_release(per_cpu(__icmpv6_socket, i));
843 }
844 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6);
845}
846
9b5b5cff 847static const struct icmp6_err {
1da177e4
LT		 848 int err;
849 int fatal;
850} tab_unreach[] = {
851 { /* NOROUTE */
852 .err = ENETUNREACH,
853 .fatal = 0,
854 },
855 { /* ADM_PROHIBITED */
856 .err = EACCES,
857 .fatal = 1,
858 },
859 { /* Was NOT_NEIGHBOUR, now reserved */
860 .err = EHOSTUNREACH,
861 .fatal = 0,
862 },
863 { /* ADDR_UNREACH */
864 .err = EHOSTUNREACH,
865 .fatal = 0,
866 },
867 { /* PORT_UNREACH */
868 .err = ECONNREFUSED,
869 .fatal = 1,
870 },
871};
872
873int icmpv6_err_convert(int type, int code, int *err)
874{
875 int fatal = 0;
876
877 *err = EPROTO;
878
879 switch (type) {
880 case ICMPV6_DEST_UNREACH:
881 fatal = 1;
882 if (code <= ICMPV6_PORT_UNREACH) {
883 *err = tab_unreach[code].err;
884 fatal = tab_unreach[code].fatal;
885 }
886 break;
887
888 case ICMPV6_PKT_TOOBIG:
889 *err = EMSGSIZE;
890 break;
1ab1457c 891
1da177e4
LT		 892 case ICMPV6_PARAMPROB:
893 *err = EPROTO;
894 fatal = 1;
895 break;
896
897 case ICMPV6_TIME_EXCEED:
898 *err = EHOSTUNREACH;
899 break;
3ff50b79 900 }
1da177e4
LT		 901
902 return fatal;
903}
904
7159039a
YH		 905EXPORT_SYMBOL(icmpv6_err_convert);
906
1da177e4 907#ifdef CONFIG_SYSCTL
760f2d01 908ctl_table ipv6_icmp_table_template[] = {
1da177e4
LT		 909 {
910 .ctl_name = NET_IPV6_ICMP_RATELIMIT,
911 .procname = "ratelimit",
41a76906 912 .data = &init_net.ipv6.sysctl.icmpv6_time,
1da177e4
LT		 913 .maxlen = sizeof(int),
914 .mode = 0644,
915 .proc_handler = &proc_dointvec
916 },
917 { .ctl_name = 0 },
918};
760f2d01
DL		 919
920struct ctl_table *ipv6_icmp_sysctl_init(struct net *net)
921{
922 struct ctl_table *table;
923
924 table = kmemdup(ipv6_icmp_table_template,
925 sizeof(ipv6_icmp_table_template),
926 GFP_KERNEL);
927 return table;
928}
1da177e4
LT		 929#endif
930
Linux 6.x block layer and io_uring tree(s)