projects / linux-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
ipv4: Implement IP_UNICAST_IF socket option.
[linux-block.git] / net / ipv6 / icmp.c
CommitLineData
1da177e4
LT		 1/*
2 * Internet Control Message Protocol (ICMPv6)
3 * Linux INET6 implementation
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 *
1da177e4
LT		 8 * Based on net/ipv4/icmp.c
9 *
10 * RFC 1885
11 *
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version
15 * 2 of the License, or (at your option) any later version.
16 */
17
18/*
19 * Changes:
20 *
21 * Andi Kleen : exception handling
22 * Andi Kleen add rate limits. never reply to a icmp.
23 * add more length checks and other fixes.
24 * yoshfuji : ensure to sent parameter problem for
25 * fragments.
26 * YOSHIFUJI Hideaki @USAGI: added sysctl for icmp rate limit.
27 * Randy Dunlap and
28 * YOSHIFUJI Hideaki @USAGI: Per-interface statistics support
29 * Kazunori MIYAZAWA @USAGI: change output process to use ip6_append_data
30 */
31
32#include <linux/module.h>
33#include <linux/errno.h>
34#include <linux/types.h>
35#include <linux/socket.h>
36#include <linux/in.h>
37#include <linux/kernel.h>
1da177e4
LT		 38#include <linux/sockios.h>
39#include <linux/net.h>
40#include <linux/skbuff.h>
41#include <linux/init.h>
763ecff1 42#include <linux/netfilter.h>
5a0e3ad6 43#include <linux/slab.h>
1da177e4
LT		 44
45#ifdef CONFIG_SYSCTL
46#include <linux/sysctl.h>
47#endif
48
49#include <linux/inet.h>
50#include <linux/netdevice.h>
51#include <linux/icmpv6.h>
52
53#include <net/ip.h>
54#include <net/sock.h>
55
56#include <net/ipv6.h>
57#include <net/ip6_checksum.h>
58#include <net/protocol.h>
59#include <net/raw.h>
60#include <net/rawv6.h>
61#include <net/transp_v6.h>
62#include <net/ip6_route.h>
63#include <net/addrconf.h>
64#include <net/icmp.h>
8b7817f3 65#include <net/xfrm.h>
1ed8516f 66#include <net/inet_common.h>
1da177e4
LT		 67
68#include <asm/uaccess.h>
69#include <asm/system.h>
70
1da177e4
LT		 71/*
72 * The ICMP socket(s). This is the most convenient way to flow control
73 * our ICMP output as well as maintain a clean interface throughout
74 * all layers. All Socketless IP sends will soon be gone.
75 *
76 * On SMP we have one ICMP socket per-cpu.
77 */
98c6d1b2
DL		 78static inline struct sock *icmpv6_sk(struct net *net)
79{
80 return net->ipv6.icmp_sk[smp_processor_id()];
81}
1da177e4 82
e5bbef20 83static int icmpv6_rcv(struct sk_buff *skb);
1da177e4 84
41135cc8 85static const struct inet6_protocol icmpv6_protocol = {
1da177e4 86 .handler = icmpv6_rcv,
8b7817f3 87 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
1da177e4
LT		 88};
89
fdc0bde9 90static __inline__ struct sock *icmpv6_xmit_lock(struct net *net)
1da177e4 91{
fdc0bde9
DL		 92 struct sock *sk;
93
1da177e4
LT		 94 local_bh_disable();
95
fdc0bde9 96 sk = icmpv6_sk(net);
405666db 97 if (unlikely(!spin_trylock(&sk->sk_lock.slock))) {
1da177e4
LT		 98 /* This can happen if the output path (f.e. SIT or
99 * ip6ip6 tunnel) signals dst_link_failure() for an
100 * outgoing ICMP6 packet.
101 */
102 local_bh_enable();
fdc0bde9 103 return NULL;
1da177e4 104 }
fdc0bde9 105 return sk;
1da177e4
LT		 106}
107
405666db 108static __inline__ void icmpv6_xmit_unlock(struct sock *sk)
1da177e4 109{
405666db 110 spin_unlock_bh(&sk->sk_lock.slock);
1da177e4
LT		 111}
112
1ab1457c 113/*
1da177e4
LT		 114 * Slightly more convenient version of icmpv6_send.
115 */
d5fdd6ba 116void icmpv6_param_prob(struct sk_buff *skb, u8 code, int pos)
1da177e4 117{
3ffe533c 118 icmpv6_send(skb, ICMPV6_PARAMPROB, code, pos);
1da177e4
LT		 119 kfree_skb(skb);
120}
121
122/*
123 * Figure out, may we reply to this packet with icmp error.
124 *
125 * We do not reply, if:
126 * - it was icmp error message.
127 * - it is truncated, so that it is known, that protocol is ICMPV6
128 * (i.e. in the middle of some exthdr)
129 *
130 * --ANK (980726)
131 */
132
133static int is_ineligible(struct sk_buff *skb)
134{
0660e03f 135 int ptr = (u8 *)(ipv6_hdr(skb) + 1) - skb->data;
1da177e4 136 int len = skb->len - ptr;
0660e03f 137 __u8 nexthdr = ipv6_hdr(skb)->nexthdr;
75f2811c 138 __be16 frag_off;
1da177e4
LT		 139
140 if (len < 0)
141 return 1;
142
75f2811c 143 ptr = ipv6_skip_exthdr(skb, ptr, &nexthdr, &frag_off);
1da177e4
LT		 144 if (ptr < 0)
145 return 0;
146 if (nexthdr == IPPROTO_ICMPV6) {
147 u8 _type, *tp;
148 tp = skb_header_pointer(skb,
149 ptr+offsetof(struct icmp6hdr, icmp6_type),
150 sizeof(_type), &_type);
151 if (tp == NULL ||
152 !(*tp & ICMPV6_INFOMSG_MASK))
153 return 1;
154 }
155 return 0;
156}
157
1ab1457c
YH		 158/*
159 * Check the ICMP output rate limit
1da177e4 160 */
92d86829 161static inline bool icmpv6_xrlim_allow(struct sock *sk, u8 type,
4c9483b2 162 struct flowi6 *fl6)
1da177e4
LT		 163{
164 struct dst_entry *dst;
3b1e0a65 165 struct net *net = sock_net(sk);
92d86829 166 bool res = false;
1da177e4
LT		 167
168 /* Informational messages are not limited. */
169 if (type & ICMPV6_INFOMSG_MASK)
92d86829 170 return true;
1da177e4
LT		 171
172 /* Do not limit pmtu discovery, it would break it. */
173 if (type == ICMPV6_PKT_TOOBIG)
92d86829 174 return true;
1da177e4 175
1ab1457c 176 /*
1da177e4
LT		 177 * Look up the output route.
178 * XXX: perhaps the expire for routing entries cloned by
179 * this lookup should be more aggressive (not longer than timeout).
180 */
4c9483b2 181 dst = ip6_route_output(net, sk, fl6);
1da177e4 182 if (dst->error) {
3bd653c8 183 IP6_INC_STATS(net, ip6_dst_idev(dst),
a11d206d 184 IPSTATS_MIB_OUTNOROUTES);
1da177e4 185 } else if (dst->dev && (dst->dev->flags&IFF_LOOPBACK)) {
92d86829 186 res = true;
1da177e4
LT		 187 } else {
188 struct rt6_info *rt = (struct rt6_info *)dst;
9a43b709 189 int tmo = net->ipv6.sysctl.icmpv6_time;
1da177e4
LT		 190
191 /* Give more bandwidth to wider prefixes. */
192 if (rt->rt6i_dst.plen < 128)
193 tmo >>= ((128 - rt->rt6i_dst.plen)>>5);
194
92d86829
DM		 195 if (!rt->rt6i_peer)
196 rt6_bind_peer(rt, 1);
197 res = inet_peer_xrlim_allow(rt->rt6i_peer, tmo);
1da177e4
LT		 198 }
199 dst_release(dst);
200 return res;
201}
202
203/*
204 * an inline helper for the "simple" if statement below
205 * checks if parameter problem report is caused by an
1ab1457c 206 * unrecognized IPv6 option that has the Option Type
1da177e4
LT		 207 * highest-order two bits set to 10
208 */
209
210static __inline__ int opt_unrec(struct sk_buff *skb, __u32 offset)
211{
212 u8 _optval, *op;
213
bbe735e4 214 offset += skb_network_offset(skb);
1da177e4
LT		 215 op = skb_header_pointer(skb, offset, sizeof(_optval), &_optval);
216 if (op == NULL)
217 return 1;
218 return (*op & 0xC0) == 0x80;
219}
220
4c9483b2 221static int icmpv6_push_pending_frames(struct sock *sk, struct flowi6 *fl6, struct icmp6hdr *thdr, int len)
1da177e4
LT		 222{
223 struct sk_buff *skb;
224 struct icmp6hdr *icmp6h;
225 int err = 0;
226
227 if ((skb = skb_peek(&sk->sk_write_queue)) == NULL)
228 goto out;
229
cc70ab26 230 icmp6h = icmp6_hdr(skb);
1da177e4
LT		 231 memcpy(icmp6h, thdr, sizeof(struct icmp6hdr));
232 icmp6h->icmp6_cksum = 0;
233
234 if (skb_queue_len(&sk->sk_write_queue) == 1) {
07f0757a 235 skb->csum = csum_partial(icmp6h,
1da177e4 236 sizeof(struct icmp6hdr), skb->csum);
4c9483b2
DM		 237 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr,
238 &fl6->daddr,
239 len, fl6->flowi6_proto,
1da177e4
LT		 240 skb->csum);
241 } else {
868c86bc 242 __wsum tmp_csum = 0;
1da177e4
LT		 243
244 skb_queue_walk(&sk->sk_write_queue, skb) {
245 tmp_csum = csum_add(tmp_csum, skb->csum);
246 }
247
07f0757a 248 tmp_csum = csum_partial(icmp6h,
1da177e4 249 sizeof(struct icmp6hdr), tmp_csum);
4c9483b2
DM		 250 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr,
251 &fl6->daddr,
252 len, fl6->flowi6_proto,
868c86bc 253 tmp_csum);
1da177e4 254 }
1da177e4
LT		 255 ip6_push_pending_frames(sk);
256out:
257 return err;
258}
259
260struct icmpv6_msg {
261 struct sk_buff *skb;
262 int offset;
763ecff1 263 uint8_t type;
1da177e4
LT		 264};
265
266static int icmpv6_getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb)
267{
268 struct icmpv6_msg *msg = (struct icmpv6_msg *) from;
269 struct sk_buff *org_skb = msg->skb;
5f92a738 270 __wsum csum = 0;
1da177e4
LT		 271
272 csum = skb_copy_and_csum_bits(org_skb, msg->offset + offset,
273 to, len, csum);
274 skb->csum = csum_block_add(skb->csum, csum, odd);
763ecff1
YK		 275 if (!(msg->type & ICMPV6_INFOMSG_MASK))
276 nf_ct_attach(skb, org_skb);
1da177e4
LT		 277 return 0;
278}
279
59fbb3a6 280#if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE)
79383236
MN		 281static void mip6_addr_swap(struct sk_buff *skb)
282{
0660e03f 283 struct ipv6hdr *iph = ipv6_hdr(skb);
79383236
MN		 284 struct inet6_skb_parm *opt = IP6CB(skb);
285 struct ipv6_destopt_hao *hao;
286 struct in6_addr tmp;
287 int off;
288
289 if (opt->dsthao) {
290 off = ipv6_find_tlv(skb, opt->dsthao, IPV6_TLV_HAO);
291 if (likely(off >= 0)) {
d56f90a7
ACM		 292 hao = (struct ipv6_destopt_hao *)
293 (skb_network_header(skb) + off);
4e3fd7a0
AD		 294 tmp = iph->saddr;
295 iph->saddr = hao->addr;
296 hao->addr = tmp;
79383236
MN		 297 }
298 }
299}
300#else
301static inline void mip6_addr_swap(struct sk_buff *skb) {}
302#endif
303
b42835db 304static struct dst_entry *icmpv6_route_lookup(struct net *net, struct sk_buff *skb,
4c9483b2 305 struct sock *sk, struct flowi6 *fl6)
b42835db
DM		 306{
307 struct dst_entry *dst, *dst2;
4c9483b2 308 struct flowi6 fl2;
b42835db
DM		 309 int err;
310
4c9483b2 311 err = ip6_dst_lookup(sk, &dst, fl6);
b42835db
DM		 312 if (err)
313 return ERR_PTR(err);
314
315 /*
316 * We won't send icmp if the destination is known
317 * anycast.
318 */
319 if (((struct rt6_info *)dst)->rt6i_flags & RTF_ANYCAST) {
320 LIMIT_NETDEBUG(KERN_DEBUG "icmpv6_send: acast source\n");
321 dst_release(dst);
322 return ERR_PTR(-EINVAL);
323 }
324
325 /* No need to clone since we're just using its address. */
326 dst2 = dst;
327
4c9483b2 328 dst = xfrm_lookup(net, dst, flowi6_to_flowi(fl6), sk, 0);
452edd59 329 if (!IS_ERR(dst)) {
b42835db
DM		 330 if (dst != dst2)
331 return dst;
452edd59
DM		 332 } else {
333 if (PTR_ERR(dst) == -EPERM)
334 dst = NULL;
335 else
336 return dst;
b42835db
DM		 337 }
338
4c9483b2 339 err = xfrm_decode_session_reverse(skb, flowi6_to_flowi(&fl2), AF_INET6);
b42835db
DM		 340 if (err)
341 goto relookup_failed;
342
343 err = ip6_dst_lookup(sk, &dst2, &fl2);
344 if (err)
345 goto relookup_failed;
346
4c9483b2 347 dst2 = xfrm_lookup(net, dst2, flowi6_to_flowi(&fl2), sk, XFRM_LOOKUP_ICMP);
452edd59 348 if (!IS_ERR(dst2)) {
b42835db
DM		 349 dst_release(dst);
350 dst = dst2;
452edd59
DM		 351 } else {
352 err = PTR_ERR(dst2);
353 if (err == -EPERM) {
354 dst_release(dst);
355 return dst2;
356 } else
357 goto relookup_failed;
b42835db
DM		 358 }
359
360relookup_failed:
361 if (dst)
362 return dst;
363 return ERR_PTR(err);
364}
365
1da177e4
LT		 366/*
367 * Send an ICMP message in response to a packet in error
368 */
3ffe533c 369void icmpv6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info)
1da177e4 370{
c346dca1 371 struct net *net = dev_net(skb->dev);
1da177e4 372 struct inet6_dev *idev = NULL;
0660e03f 373 struct ipv6hdr *hdr = ipv6_hdr(skb);
84427d53
YH		 374 struct sock *sk;
375 struct ipv6_pinfo *np;
b71d1d42 376 const struct in6_addr *saddr = NULL;
1da177e4
LT		 377 struct dst_entry *dst;
378 struct icmp6hdr tmp_hdr;
4c9483b2 379 struct flowi6 fl6;
1da177e4
LT		 380 struct icmpv6_msg msg;
381 int iif = 0;
382 int addr_type = 0;
383 int len;
e651f03a 384 int hlimit;
1da177e4
LT		 385 int err = 0;
386
27a884dc
ACM		 387 if ((u8 *)hdr < skb->head ||
388 (skb->network_header + sizeof(*hdr)) > skb->tail)
1da177e4
LT		 389 return;
390
391 /*
1ab1457c 392 * Make sure we respect the rules
1da177e4
LT		 393 * i.e. RFC 1885 2.4(e)
394 * Rule (e.1) is enforced by not using icmpv6_send
395 * in any code that processes icmp errors.
396 */
397 addr_type = ipv6_addr_type(&hdr->daddr);
398
9a43b709 399 if (ipv6_chk_addr(net, &hdr->daddr, skb->dev, 0))
1da177e4
LT		 400 saddr = &hdr->daddr;
401
402 /*
403 * Dest addr check
404 */
405
406 if ((addr_type & IPV6_ADDR_MULTICAST || skb->pkt_type != PACKET_HOST)) {
407 if (type != ICMPV6_PKT_TOOBIG &&
1ab1457c
YH		 408 !(type == ICMPV6_PARAMPROB &&
409 code == ICMPV6_UNK_OPTION &&
1da177e4
LT		 410 (opt_unrec(skb, info))))
411 return;
412
413 saddr = NULL;
414 }
415
416 addr_type = ipv6_addr_type(&hdr->saddr);
417
418 /*
419 * Source addr check
420 */
421
422 if (addr_type & IPV6_ADDR_LINKLOCAL)
423 iif = skb->dev->ifindex;
424
425 /*
8de3351e
YH		 426 * Must not send error if the source does not uniquely
427 * identify a single node (RFC2463 Section 2.4).
428 * We check unspecified / multicast addresses here,
429 * and anycast addresses will be checked later.
1da177e4
LT		 430 */
431 if ((addr_type == IPV6_ADDR_ANY) || (addr_type & IPV6_ADDR_MULTICAST)) {
64ce2073 432 LIMIT_NETDEBUG(KERN_DEBUG "icmpv6_send: addr_any/mcast source\n");
1da177e4
LT		 433 return;
434 }
435
1ab1457c 436 /*
1da177e4
LT		 437 * Never answer to a ICMP packet.
438 */
439 if (is_ineligible(skb)) {
64ce2073 440 LIMIT_NETDEBUG(KERN_DEBUG "icmpv6_send: no reply to icmp error\n");
1da177e4
LT		 441 return;
442 }
443
79383236
MN		 444 mip6_addr_swap(skb);
445
4c9483b2
DM		 446 memset(&fl6, 0, sizeof(fl6));
447 fl6.flowi6_proto = IPPROTO_ICMPV6;
4e3fd7a0 448 fl6.daddr = hdr->saddr;
1da177e4 449 if (saddr)
4e3fd7a0 450 fl6.saddr = *saddr;
4c9483b2 451 fl6.flowi6_oif = iif;
1958b856
DM		 452 fl6.fl6_icmp_type = type;
453 fl6.fl6_icmp_code = code;
4c9483b2 454 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
1da177e4 455
fdc0bde9
DL		 456 sk = icmpv6_xmit_lock(net);
457 if (sk == NULL)
405666db 458 return;
fdc0bde9 459 np = inet6_sk(sk);
405666db 460
4c9483b2 461 if (!icmpv6_xrlim_allow(sk, type, &fl6))
1da177e4
LT		 462 goto out;
463
464 tmp_hdr.icmp6_type = type;
465 tmp_hdr.icmp6_code = code;
466 tmp_hdr.icmp6_cksum = 0;
467 tmp_hdr.icmp6_pointer = htonl(info);
468
4c9483b2
DM		 469 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
470 fl6.flowi6_oif = np->mcast_oif;
1da177e4 471
4c9483b2 472 dst = icmpv6_route_lookup(net, skb, sk, &fl6);
b42835db 473 if (IS_ERR(dst))
1da177e4 474 goto out;
8de3351e 475
4c9483b2 476 if (ipv6_addr_is_multicast(&fl6.daddr))
1da177e4
LT		 477 hlimit = np->mcast_hops;
478 else
479 hlimit = np->hop_limit;
480 if (hlimit < 0)
6b75d090 481 hlimit = ip6_dst_hoplimit(dst);
1da177e4
LT		 482
483 msg.skb = skb;
bbe735e4 484 msg.offset = skb_network_offset(skb);
763ecff1 485 msg.type = type;
1da177e4
LT		 486
487 len = skb->len - msg.offset;
488 len = min_t(unsigned int, len, IPV6_MIN_MTU - sizeof(struct ipv6hdr) -sizeof(struct icmp6hdr));
489 if (len < 0) {
64ce2073 490 LIMIT_NETDEBUG(KERN_DEBUG "icmp: len problem\n");
1da177e4
LT		 491 goto out_dst_release;
492 }
493
cfdf7647
ED		 494 rcu_read_lock();
495 idev = __in6_dev_get(skb->dev);
1da177e4
LT		 496
497 err = ip6_append_data(sk, icmpv6_getfrag, &msg,
498 len + sizeof(struct icmp6hdr),
e651f03a 499 sizeof(struct icmp6hdr), hlimit,
4c9483b2 500 np->tclass, NULL, &fl6, (struct rt6_info*)dst,
13b52cd4 501 MSG_DONTWAIT, np->dontfrag);
1da177e4 502 if (err) {
00d9d6a1 503 ICMP6_INC_STATS_BH(net, idev, ICMP6_MIB_OUTERRORS);
1da177e4 504 ip6_flush_pending_frames(sk);
cfdf7647
ED		 505 } else {
506 err = icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr,
507 len + sizeof(struct icmp6hdr));
1da177e4 508 }
cfdf7647 509 rcu_read_unlock();
1da177e4
LT		 510out_dst_release:
511 dst_release(dst);
512out:
405666db 513 icmpv6_xmit_unlock(sk);
1da177e4 514}
7159039a
YH		 515EXPORT_SYMBOL(icmpv6_send);
516
1da177e4
LT		 517static void icmpv6_echo_reply(struct sk_buff *skb)
518{
c346dca1 519 struct net *net = dev_net(skb->dev);
84427d53 520 struct sock *sk;
1da177e4 521 struct inet6_dev *idev;
84427d53 522 struct ipv6_pinfo *np;
b71d1d42 523 const struct in6_addr *saddr = NULL;
cc70ab26 524 struct icmp6hdr *icmph = icmp6_hdr(skb);
1da177e4 525 struct icmp6hdr tmp_hdr;
4c9483b2 526 struct flowi6 fl6;
1da177e4
LT		 527 struct icmpv6_msg msg;
528 struct dst_entry *dst;
529 int err = 0;
530 int hlimit;
531
0660e03f 532 saddr = &ipv6_hdr(skb)->daddr;
1da177e4
LT		 533
534 if (!ipv6_unicast_destination(skb))
535 saddr = NULL;
536
537 memcpy(&tmp_hdr, icmph, sizeof(tmp_hdr));
538 tmp_hdr.icmp6_type = ICMPV6_ECHO_REPLY;
539
4c9483b2
DM		 540 memset(&fl6, 0, sizeof(fl6));
541 fl6.flowi6_proto = IPPROTO_ICMPV6;
4e3fd7a0 542 fl6.daddr = ipv6_hdr(skb)->saddr;
1da177e4 543 if (saddr)
4e3fd7a0 544 fl6.saddr = *saddr;
4c9483b2 545 fl6.flowi6_oif = skb->dev->ifindex;
1958b856 546 fl6.fl6_icmp_type = ICMPV6_ECHO_REPLY;
4c9483b2 547 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
1da177e4 548
fdc0bde9
DL		 549 sk = icmpv6_xmit_lock(net);
550 if (sk == NULL)
405666db 551 return;
fdc0bde9 552 np = inet6_sk(sk);
405666db 553
4c9483b2
DM		 554 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
555 fl6.flowi6_oif = np->mcast_oif;
1da177e4 556
4c9483b2 557 err = ip6_dst_lookup(sk, &dst, &fl6);
1da177e4
LT		 558 if (err)
559 goto out;
4c9483b2 560 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), sk, 0);
452edd59 561 if (IS_ERR(dst))
e104411b 562 goto out;
1da177e4 563
4c9483b2 564 if (ipv6_addr_is_multicast(&fl6.daddr))
1da177e4
LT		 565 hlimit = np->mcast_hops;
566 else
567 hlimit = np->hop_limit;
568 if (hlimit < 0)
6b75d090 569 hlimit = ip6_dst_hoplimit(dst);
1da177e4 570
cfdf7647 571 idev = __in6_dev_get(skb->dev);
1da177e4
LT		 572
573 msg.skb = skb;
574 msg.offset = 0;
763ecff1 575 msg.type = ICMPV6_ECHO_REPLY;
1da177e4
LT		 576
577 err = ip6_append_data(sk, icmpv6_getfrag, &msg, skb->len + sizeof(struct icmp6hdr),
4c9483b2 578 sizeof(struct icmp6hdr), hlimit, np->tclass, NULL, &fl6,
13b52cd4
BH		 579 (struct rt6_info*)dst, MSG_DONTWAIT,
580 np->dontfrag);
1da177e4
LT		 581
582 if (err) {
00d9d6a1 583 ICMP6_INC_STATS_BH(net, idev, ICMP6_MIB_OUTERRORS);
1da177e4 584 ip6_flush_pending_frames(sk);
cfdf7647
ED		 585 } else {
586 err = icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr,
587 skb->len + sizeof(struct icmp6hdr));
1da177e4 588 }
1da177e4 589 dst_release(dst);
1ab1457c 590out:
405666db 591 icmpv6_xmit_unlock(sk);
1da177e4
LT		 592}
593
d5fdd6ba 594static void icmpv6_notify(struct sk_buff *skb, u8 type, u8 code, __be32 info)
1da177e4 595{
41135cc8 596 const struct inet6_protocol *ipprot;
1da177e4
LT		 597 int inner_offset;
598 int hash;
599 u8 nexthdr;
75f2811c 600 __be16 frag_off;
1da177e4
LT		 601
602 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
603 return;
604
605 nexthdr = ((struct ipv6hdr *)skb->data)->nexthdr;
606 if (ipv6_ext_hdr(nexthdr)) {
607 /* now skip over extension headers */
75f2811c
JG		 608 inner_offset = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr),
609 &nexthdr, &frag_off);
1da177e4
LT		 610 if (inner_offset<0)
611 return;
612 } else {
613 inner_offset = sizeof(struct ipv6hdr);
614 }
615
616 /* Checkin header including 8 bytes of inner protocol header. */
617 if (!pskb_may_pull(skb, inner_offset+8))
618 return;
619
1da177e4
LT		 620 /* BUGGG_FUTURE: we should try to parse exthdrs in this packet.
621 Without this we will not able f.e. to make source routed
622 pmtu discovery.
623 Corresponding argument (opt) to notifiers is already added.
624 --ANK (980726)
625 */
626
627 hash = nexthdr & (MAX_INET_PROTOS - 1);
628
629 rcu_read_lock();
630 ipprot = rcu_dereference(inet6_protos[hash]);
631 if (ipprot && ipprot->err_handler)
632 ipprot->err_handler(skb, NULL, type, code, inner_offset, info);
633 rcu_read_unlock();
634
69d6da0b 635 raw6_icmp_error(skb, nexthdr, type, code, inner_offset, info);
1da177e4 636}
1ab1457c 637
1da177e4
LT		 638/*
639 * Handle icmp messages
640 */
641
e5bbef20 642static int icmpv6_rcv(struct sk_buff *skb)
1da177e4 643{
1da177e4
LT		 644 struct net_device *dev = skb->dev;
645 struct inet6_dev *idev = __in6_dev_get(dev);
b71d1d42
ED		 646 const struct in6_addr *saddr, *daddr;
647 const struct ipv6hdr *orig_hdr;
1da177e4 648 struct icmp6hdr *hdr;
d5fdd6ba 649 u8 type;
1da177e4 650
aebcf82c 651 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
def8b4fa 652 struct sec_path *sp = skb_sec_path(skb);
8b7817f3
HX		 653 int nh;
654
def8b4fa 655 if (!(sp && sp->xvec[sp->len - 1]->props.flags &
aebcf82c
HX		 656 XFRM_STATE_ICMP))
657 goto drop_no_count;
658
8b7817f3
HX		 659 if (!pskb_may_pull(skb, sizeof(*hdr) + sizeof(*orig_hdr)))
660 goto drop_no_count;
661
662 nh = skb_network_offset(skb);
663 skb_set_network_header(skb, sizeof(*hdr));
664
665 if (!xfrm6_policy_check_reverse(NULL, XFRM_POLICY_IN, skb))
666 goto drop_no_count;
667
668 skb_set_network_header(skb, nh);
669 }
670
e41b5368 671 ICMP6_INC_STATS_BH(dev_net(dev), idev, ICMP6_MIB_INMSGS);
1da177e4 672
0660e03f
ACM		 673 saddr = &ipv6_hdr(skb)->saddr;
674 daddr = &ipv6_hdr(skb)->daddr;
1da177e4
LT		 675
676 /* Perform checksum. */
fb286bb2 677 switch (skb->ip_summed) {
84fa7933 678 case CHECKSUM_COMPLETE:
fb286bb2
HX		 679 if (!csum_ipv6_magic(saddr, daddr, skb->len, IPPROTO_ICMPV6,
680 skb->csum))
681 break;
682 /* fall through */
683 case CHECKSUM_NONE:
868c86bc
AV		 684 skb->csum = ~csum_unfold(csum_ipv6_magic(saddr, daddr, skb->len,
685 IPPROTO_ICMPV6, 0));
fb286bb2 686 if (__skb_checksum_complete(skb)) {
5b095d98 687 LIMIT_NETDEBUG(KERN_DEBUG "ICMPv6 checksum failed [%pI6 > %pI6]\n",
0c6ce78a 688 saddr, daddr);
1da177e4
LT		 689 goto discard_it;
690 }
691 }
692
8cf22943
HX		 693 if (!pskb_pull(skb, sizeof(*hdr)))
694 goto discard_it;
1da177e4 695
cc70ab26 696 hdr = icmp6_hdr(skb);
1da177e4
LT		 697
698 type = hdr->icmp6_type;
699
55d43808 700 ICMP6MSGIN_INC_STATS_BH(dev_net(dev), idev, type);
1da177e4
LT		 701
702 switch (type) {
703 case ICMPV6_ECHO_REQUEST:
704 icmpv6_echo_reply(skb);
705 break;
706
707 case ICMPV6_ECHO_REPLY:
708 /* we couldn't care less */
709 break;
710
711 case ICMPV6_PKT_TOOBIG:
712 /* BUGGG_FUTURE: if packet contains rthdr, we cannot update
713 standard destination cache. Seems, only "advanced"
714 destination cache will allow to solve this problem
715 --ANK (980726)
716 */
717 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
718 goto discard_it;
cc70ab26 719 hdr = icmp6_hdr(skb);
1da177e4
LT		 720 orig_hdr = (struct ipv6hdr *) (hdr + 1);
721 rt6_pmtu_discovery(&orig_hdr->daddr, &orig_hdr->saddr, dev,
722 ntohl(hdr->icmp6_mtu));
723
724 /*
725 * Drop through to notify
726 */
727
728 case ICMPV6_DEST_UNREACH:
729 case ICMPV6_TIME_EXCEED:
730 case ICMPV6_PARAMPROB:
731 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu);
732 break;
733
734 case NDISC_ROUTER_SOLICITATION:
735 case NDISC_ROUTER_ADVERTISEMENT:
736 case NDISC_NEIGHBOUR_SOLICITATION:
737 case NDISC_NEIGHBOUR_ADVERTISEMENT:
738 case NDISC_REDIRECT:
739 ndisc_rcv(skb);
740 break;
741
742 case ICMPV6_MGM_QUERY:
743 igmp6_event_query(skb);
744 break;
745
746 case ICMPV6_MGM_REPORT:
747 igmp6_event_report(skb);
748 break;
749
750 case ICMPV6_MGM_REDUCTION:
751 case ICMPV6_NI_QUERY:
752 case ICMPV6_NI_REPLY:
753 case ICMPV6_MLD2_REPORT:
754 case ICMPV6_DHAAD_REQUEST:
755 case ICMPV6_DHAAD_REPLY:
756 case ICMPV6_MOBILE_PREFIX_SOL:
757 case ICMPV6_MOBILE_PREFIX_ADV:
758 break;
759
760 default:
64ce2073 761 LIMIT_NETDEBUG(KERN_DEBUG "icmpv6: msg of unknown type\n");
1da177e4
LT		 762
763 /* informational */
764 if (type & ICMPV6_INFOMSG_MASK)
765 break;
766
1ab1457c
YH		 767 /*
768 * error of unknown type.
769 * must pass to upper level
1da177e4
LT		 770 */
771
772 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu);
3ff50b79
SH		 773 }
774
1da177e4
LT		 775 kfree_skb(skb);
776 return 0;
777
778discard_it:
e41b5368 779 ICMP6_INC_STATS_BH(dev_net(dev), idev, ICMP6_MIB_INERRORS);
8b7817f3 780drop_no_count:
1da177e4
LT		 781 kfree_skb(skb);
782 return 0;
783}
784
4c9483b2 785void icmpv6_flow_init(struct sock *sk, struct flowi6 *fl6,
95e41e93
YH		 786 u8 type,
787 const struct in6_addr *saddr,
788 const struct in6_addr *daddr,
789 int oif)
790{
4c9483b2 791 memset(fl6, 0, sizeof(*fl6));
4e3fd7a0
AD		 792 fl6->saddr = *saddr;
793 fl6->daddr = *daddr;
4c9483b2 794 fl6->flowi6_proto = IPPROTO_ICMPV6;
1958b856
DM		 795 fl6->fl6_icmp_type = type;
796 fl6->fl6_icmp_code = 0;
4c9483b2
DM		 797 fl6->flowi6_oif = oif;
798 security_sk_classify_flow(sk, flowi6_to_flowi(fl6));
95e41e93
YH		 799}
800
640c41c7 801/*
b7e729c4 802 * Special lock-class for __icmpv6_sk:
640c41c7
IM		 803 */
804static struct lock_class_key icmpv6_socket_sk_dst_lock_key;
805
98c6d1b2 806static int __net_init icmpv6_sk_init(struct net *net)
1da177e4
LT		 807{
808 struct sock *sk;
809 int err, i, j;
810
98c6d1b2
DL		 811 net->ipv6.icmp_sk =
812 kzalloc(nr_cpu_ids * sizeof(struct sock *), GFP_KERNEL);
813 if (net->ipv6.icmp_sk == NULL)
79c91159
DL		 814 return -ENOMEM;
815
6f912042 816 for_each_possible_cpu(i) {
1ed8516f
DL		 817 err = inet_ctl_sock_create(&sk, PF_INET6,
818 SOCK_RAW, IPPROTO_ICMPV6, net);
1da177e4
LT		 819 if (err < 0) {
820 printk(KERN_ERR
821 "Failed to initialize the ICMP6 control socket "
822 "(err %d).\n",
823 err);
824 goto fail;
825 }
826
1ed8516f 827 net->ipv6.icmp_sk[i] = sk;
5c8cafd6 828
640c41c7
IM		 829 /*
830 * Split off their lock-class, because sk->sk_dst_lock
831 * gets used from softirqs, which is safe for
b7e729c4 832 * __icmpv6_sk (because those never get directly used
640c41c7
IM		 833 * via userspace syscalls), but unsafe for normal sockets.
834 */
835 lockdep_set_class(&sk->sk_dst_lock,
836 &icmpv6_socket_sk_dst_lock_key);
1da177e4
LT		 837
838 /* Enough space for 2 64K ICMP packets, including
839 * sk_buff struct overhead.
840 */
87fb4b7b 841 sk->sk_sndbuf = 2 * SKB_TRUESIZE(64 * 1024);
1da177e4 842 }
1da177e4
LT		 843 return 0;
844
845 fail:
5c8cafd6 846 for (j = 0; j < i; j++)
1ed8516f 847 inet_ctl_sock_destroy(net->ipv6.icmp_sk[j]);
98c6d1b2 848 kfree(net->ipv6.icmp_sk);
1da177e4
LT		 849 return err;
850}
851
98c6d1b2 852static void __net_exit icmpv6_sk_exit(struct net *net)
1da177e4
LT		 853{
854 int i;
855
6f912042 856 for_each_possible_cpu(i) {
1ed8516f 857 inet_ctl_sock_destroy(net->ipv6.icmp_sk[i]);
1da177e4 858 }
98c6d1b2
DL		 859 kfree(net->ipv6.icmp_sk);
860}
861
8ed7edce 862static struct pernet_operations icmpv6_sk_ops = {
98c6d1b2
DL		 863 .init = icmpv6_sk_init,
864 .exit = icmpv6_sk_exit,
865};
866
867int __init icmpv6_init(void)
868{
869 int err;
870
871 err = register_pernet_subsys(&icmpv6_sk_ops);
872 if (err < 0)
873 return err;
874
875 err = -EAGAIN;
876 if (inet6_add_protocol(&icmpv6_protocol, IPPROTO_ICMPV6) < 0)
877 goto fail;
878 return 0;
879
880fail:
881 printk(KERN_ERR "Failed to register ICMP6 protocol\n");
882 unregister_pernet_subsys(&icmpv6_sk_ops);
883 return err;
884}
885
8ed7edce 886void icmpv6_cleanup(void)
98c6d1b2
DL		 887{
888 unregister_pernet_subsys(&icmpv6_sk_ops);
1da177e4
LT		 889 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6);
890}
891
98c6d1b2 892
9b5b5cff 893static const struct icmp6_err {
1da177e4
LT		 894 int err;
895 int fatal;
896} tab_unreach[] = {
897 { /* NOROUTE */
898 .err = ENETUNREACH,
899 .fatal = 0,
900 },
901 { /* ADM_PROHIBITED */
902 .err = EACCES,
903 .fatal = 1,
904 },
905 { /* Was NOT_NEIGHBOUR, now reserved */
906 .err = EHOSTUNREACH,
907 .fatal = 0,
908 },
909 { /* ADDR_UNREACH */
910 .err = EHOSTUNREACH,
911 .fatal = 0,
912 },
913 { /* PORT_UNREACH */
914 .err = ECONNREFUSED,
915 .fatal = 1,
916 },
917};
918
d5fdd6ba 919int icmpv6_err_convert(u8 type, u8 code, int *err)
1da177e4
LT		 920{
921 int fatal = 0;
922
923 *err = EPROTO;
924
925 switch (type) {
926 case ICMPV6_DEST_UNREACH:
927 fatal = 1;
928 if (code <= ICMPV6_PORT_UNREACH) {
929 *err = tab_unreach[code].err;
930 fatal = tab_unreach[code].fatal;
931 }
932 break;
933
934 case ICMPV6_PKT_TOOBIG:
935 *err = EMSGSIZE;
936 break;
1ab1457c 937
1da177e4
LT		 938 case ICMPV6_PARAMPROB:
939 *err = EPROTO;
940 fatal = 1;
941 break;
942
943 case ICMPV6_TIME_EXCEED:
944 *err = EHOSTUNREACH;
945 break;
3ff50b79 946 }
1da177e4
LT		 947
948 return fatal;
949}
950
7159039a
YH		 951EXPORT_SYMBOL(icmpv6_err_convert);
952
1da177e4 953#ifdef CONFIG_SYSCTL
760f2d01 954ctl_table ipv6_icmp_table_template[] = {
1da177e4 955 {
1da177e4 956 .procname = "ratelimit",
41a76906 957 .data = &init_net.ipv6.sysctl.icmpv6_time,
1da177e4
LT		 958 .maxlen = sizeof(int),
959 .mode = 0644,
6d9f239a 960 .proc_handler = proc_dointvec_ms_jiffies,
1da177e4 961 },
f8572d8f 962 { },
1da177e4 963};
760f2d01 964
2c8c1e72 965struct ctl_table * __net_init ipv6_icmp_sysctl_init(struct net *net)
760f2d01
DL		 966{
967 struct ctl_table *table;
968
969 table = kmemdup(ipv6_icmp_table_template,
970 sizeof(ipv6_icmp_table_template),
971 GFP_KERNEL);
5ee09105
YH		 972
973 if (table)
974 table[0].data = &net->ipv6.sysctl.icmpv6_time;
975
760f2d01
DL		 976 return table;
977}
1da177e4
LT		 978#endif
979
Linux 6.x block layer and io_uring tree(s)