projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge tag 'pci-v6.16-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/pci/pci
[linux-2.6-block.git] / net / ipv6 / icmp.c
CommitLineData
2874c5fd 1// SPDX-License-Identifier: GPL-2.0-or-later
1da177e4
LT		 2/*
3 * Internet Control Message Protocol (ICMPv6)
4 * Linux INET6 implementation
5 *
6 * Authors:
7 * Pedro Roque <roque@di.fc.ul.pt>
8 *
1da177e4
LT		 9 * Based on net/ipv4/icmp.c
10 *
11 * RFC 1885
1da177e4
LT		 12 */
13
14/*
15 * Changes:
16 *
17 * Andi Kleen : exception handling
18 * Andi Kleen add rate limits. never reply to a icmp.
19 * add more length checks and other fixes.
20 * yoshfuji : ensure to sent parameter problem for
21 * fragments.
22 * YOSHIFUJI Hideaki @USAGI: added sysctl for icmp rate limit.
23 * Randy Dunlap and
24 * YOSHIFUJI Hideaki @USAGI: Per-interface statistics support
25 * Kazunori MIYAZAWA @USAGI: change output process to use ip6_append_data
26 */
27
f3213831
JP		 28#define pr_fmt(fmt) "IPv6: " fmt
29
1da177e4
LT		 30#include <linux/module.h>
31#include <linux/errno.h>
32#include <linux/types.h>
33#include <linux/socket.h>
34#include <linux/in.h>
35#include <linux/kernel.h>
1da177e4
LT		 36#include <linux/sockios.h>
37#include <linux/net.h>
38#include <linux/skbuff.h>
39#include <linux/init.h>
763ecff1 40#include <linux/netfilter.h>
5a0e3ad6 41#include <linux/slab.h>
1da177e4
LT		 42
43#ifdef CONFIG_SYSCTL
44#include <linux/sysctl.h>
45#endif
46
47#include <linux/inet.h>
48#include <linux/netdevice.h>
49#include <linux/icmpv6.h>
50
51#include <net/ip.h>
52#include <net/sock.h>
53
54#include <net/ipv6.h>
55#include <net/ip6_checksum.h>
6d0bfe22 56#include <net/ping.h>
1da177e4
LT		 57#include <net/protocol.h>
58#include <net/raw.h>
59#include <net/rawv6.h>
e4129440 60#include <net/seg6.h>
1da177e4
LT		 61#include <net/transp_v6.h>
62#include <net/ip6_route.h>
63#include <net/addrconf.h>
64#include <net/icmp.h>
8b7817f3 65#include <net/xfrm.h>
1ed8516f 66#include <net/inet_common.h>
825edac4 67#include <net/dsfield.h>
ca254490 68#include <net/l3mdev.h>
1da177e4 69
7c0f6ba6 70#include <linux/uaccess.h>
1da177e4 71
6a17b961 72static DEFINE_PER_CPU(struct sock *, ipv6_icmp_sk);
1da177e4 73
32bbd879 74static int icmpv6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
6f809da2
SK		 75 u8 type, u8 code, int offset, __be32 info)
76{
6d0bfe22
LC		 77 /* icmpv6_notify checks 8 bytes can be pulled, icmp6hdr is 8 bytes */
78 struct icmp6hdr *icmp6 = (struct icmp6hdr *) (skb->data + offset);
34aef2b0 79 struct net *net = dev_net_rcu(skb->dev);
6f809da2
SK		 80
81 if (type == ICMPV6_PKT_TOOBIG)
5f379ef5 82 ip6_update_pmtu(skb, net, info, skb->dev->ifindex, 0, sock_net_uid(net, NULL));
6f809da2 83 else if (type == NDISC_REDIRECT)
e2d118a1
LC		 84 ip6_redirect(skb, net, skb->dev->ifindex, 0,
85 sock_net_uid(net, NULL));
6d0bfe22
LC		 86
87 if (!(type & ICMPV6_INFOMSG_MASK))
88 if (icmp6->icmp6_type == ICMPV6_ECHO_REQUEST)
dcb94b88 89 ping_err(skb, offset, ntohl(info));
32bbd879
SB		 90
91 return 0;
6f809da2
SK		 92}
93
e5bbef20 94static int icmpv6_rcv(struct sk_buff *skb);
1da177e4 95
41135cc8 96static const struct inet6_protocol icmpv6_protocol = {
1da177e4 97 .handler = icmpv6_rcv,
6f809da2 98 .err_handler = icmpv6_err,
8b7817f3 99 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
1da177e4
LT		 100};
101
7ba91ecb 102/* Called with BH disabled */
6a17b961 103static struct sock *icmpv6_xmit_lock(struct net *net)
1da177e4 104{
fdc0bde9
DL		 105 struct sock *sk;
106
6a17b961 107 sk = this_cpu_read(ipv6_icmp_sk);
405666db 108 if (unlikely(!spin_trylock(&sk->sk_lock.slock))) {
1da177e4
LT		 109 /* This can happen if the output path (f.e. SIT or
110 * ip6ip6 tunnel) signals dst_link_failure() for an
111 * outgoing ICMP6 packet.
112 */
fdc0bde9 113 return NULL;
1da177e4 114 }
6a17b961 115 sock_net_set(sk, net);
fdc0bde9 116 return sk;
1da177e4
LT		 117}
118
6a17b961 119static void icmpv6_xmit_unlock(struct sock *sk)
1da177e4 120{
6a17b961 121 sock_net_set(sk, &init_net);
7ba91ecb 122 spin_unlock(&sk->sk_lock.slock);
1da177e4
LT		 123}
124
1da177e4
LT		 125/*
126 * Figure out, may we reply to this packet with icmp error.
127 *
128 * We do not reply, if:
129 * - it was icmp error message.
130 * - it is truncated, so that it is known, that protocol is ICMPV6
131 * (i.e. in the middle of some exthdr)
132 *
133 * --ANK (980726)
134 */
135
a50feda5 136static bool is_ineligible(const struct sk_buff *skb)
1da177e4 137{
0660e03f 138 int ptr = (u8 *)(ipv6_hdr(skb) + 1) - skb->data;
1da177e4 139 int len = skb->len - ptr;
0660e03f 140 __u8 nexthdr = ipv6_hdr(skb)->nexthdr;
75f2811c 141 __be16 frag_off;
1da177e4
LT		 142
143 if (len < 0)
a50feda5 144 return true;
1da177e4 145
75f2811c 146 ptr = ipv6_skip_exthdr(skb, ptr, &nexthdr, &frag_off);
1da177e4 147 if (ptr < 0)
a50feda5 148 return false;
1da177e4
LT		 149 if (nexthdr == IPPROTO_ICMPV6) {
150 u8 _type, *tp;
151 tp = skb_header_pointer(skb,
152 ptr+offsetof(struct icmp6hdr, icmp6_type),
153 sizeof(_type), &_type);
2efdaaaf
HL		 154
155 /* Based on RFC 8200, Section 4.5 Fragment Header, return
156 * false if this is a fragment packet with no icmp header info.
157 */
158 if (!tp && frag_off != 0)
159 return false;
160 else if (!tp || !(*tp & ICMPV6_INFOMSG_MASK))
a50feda5 161 return true;
1da177e4 162 }
a50feda5 163 return false;
1da177e4
LT		 164}
165
0bc19985 166static bool icmpv6_mask_allow(struct net *net, int type)
c0303efe 167{
0bc19985 168 if (type > ICMPV6_MSG_MAX)
c0303efe
JDB		 169 return true;
170
0bc19985
SS		 171 /* Limit if icmp type is set in ratemask. */
172 if (!test_bit(type, net->ipv6.sysctl.icmpv6_ratemask))
c0303efe
JDB		 173 return true;
174
175 return false;
176}
177
8c2bd38b
ED		 178static bool icmpv6_global_allow(struct net *net, int type,
179 bool *apply_ratelimit)
c0303efe 180{
0bc19985 181 if (icmpv6_mask_allow(net, type))
c0303efe
JDB		 182 return true;
183
b056b4cd 184 if (icmp_global_allow(net)) {
8c2bd38b 185 *apply_ratelimit = true;
c0303efe 186 return true;
8c2bd38b 187 }
d0941130 188 __ICMP_INC_STATS(net, ICMP_MIB_RATELIMITGLOBAL);
c0303efe
JDB		 189 return false;
190}
191
1ab1457c
YH		 192/*
193 * Check the ICMP output rate limit
1da177e4 194 */
4cdf507d 195static bool icmpv6_xrlim_allow(struct sock *sk, u8 type,
8c2bd38b 196 struct flowi6 *fl6, bool apply_ratelimit)
1da177e4 197{
3b1e0a65 198 struct net *net = sock_net(sk);
4cdf507d 199 struct dst_entry *dst;
92d86829 200 bool res = false;
1da177e4 201
8c2bd38b 202 if (!apply_ratelimit)
92d86829 203 return true;
1da177e4 204
1ab1457c 205 /*
1da177e4
LT		 206 * Look up the output route.
207 * XXX: perhaps the expire for routing entries cloned by
208 * this lookup should be more aggressive (not longer than timeout).
209 */
4c9483b2 210 dst = ip6_route_output(net, sk, fl6);
1da177e4 211 if (dst->error) {
3bd653c8 212 IP6_INC_STATS(net, ip6_dst_idev(dst),
a11d206d 213 IPSTATS_MIB_OUTNOROUTES);
1da177e4 214 } else if (dst->dev && (dst->dev->flags&IFF_LOOPBACK)) {
92d86829 215 res = true;
1da177e4 216 } else {
e8dfd42c 217 struct rt6_info *rt = dst_rt6_info(dst);
9a43b709 218 int tmo = net->ipv6.sysctl.icmpv6_time;
c0303efe 219 struct inet_peer *peer;
1da177e4
LT		 220
221 /* Give more bandwidth to wider prefixes. */
222 if (rt->rt6i_dst.plen < 128)
223 tmo >>= ((128 - rt->rt6i_dst.plen)>>5);
224
a853c609 225 rcu_read_lock();
661cd8fc 226 peer = inet_getpeer_v6(net->ipv6.peers, &fl6->daddr);
c0303efe 227 res = inet_peer_xrlim_allow(peer, tmo);
a853c609 228 rcu_read_unlock();
1da177e4 229 }
d0941130
JB		 230 if (!res)
231 __ICMP6_INC_STATS(net, ip6_dst_idev(dst),
232 ICMP6_MIB_RATELIMITHOST);
8c2bd38b 233 else
b056b4cd 234 icmp_global_consume(net);
1da177e4
LT		 235 dst_release(dst);
236 return res;
237}
238
b93cfb9c
TS		 239static bool icmpv6_rt_has_prefsrc(struct sock *sk, u8 type,
240 struct flowi6 *fl6)
241{
242 struct net *net = sock_net(sk);
243 struct dst_entry *dst;
244 bool res = false;
245
246 dst = ip6_route_output(net, sk, fl6);
247 if (!dst->error) {
e8dfd42c 248 struct rt6_info *rt = dst_rt6_info(dst);
b93cfb9c
TS		 249 struct in6_addr prefsrc;
250
251 rt6_get_prefsrc(rt, &prefsrc);
252 res = !ipv6_addr_any(&prefsrc);
253 }
254 dst_release(dst);
255 return res;
256}
257
1da177e4
LT		 258/*
259 * an inline helper for the "simple" if statement below
260 * checks if parameter problem report is caused by an
1ab1457c 261 * unrecognized IPv6 option that has the Option Type
1da177e4
LT		 262 * highest-order two bits set to 10
263 */
264
a50feda5 265static bool opt_unrec(struct sk_buff *skb, __u32 offset)
1da177e4
LT		 266{
267 u8 _optval, *op;
268
bbe735e4 269 offset += skb_network_offset(skb);
1da177e4 270 op = skb_header_pointer(skb, offset, sizeof(_optval), &_optval);
63159f29 271 if (!op)
a50feda5 272 return true;
1da177e4
LT		 273 return (*op & 0xC0) == 0x80;
274}
275
4e64b1ed
JP		 276void icmpv6_push_pending_frames(struct sock *sk, struct flowi6 *fl6,
277 struct icmp6hdr *thdr, int len)
1da177e4
LT		 278{
279 struct sk_buff *skb;
280 struct icmp6hdr *icmp6h;
1da177e4 281
e5d08d71 282 skb = skb_peek(&sk->sk_write_queue);
63159f29 283 if (!skb)
4e64b1ed 284 return;
1da177e4 285
cc70ab26 286 icmp6h = icmp6_hdr(skb);
1da177e4
LT		 287 memcpy(icmp6h, thdr, sizeof(struct icmp6hdr));
288 icmp6h->icmp6_cksum = 0;
289
290 if (skb_queue_len(&sk->sk_write_queue) == 1) {
07f0757a 291 skb->csum = csum_partial(icmp6h,
1da177e4 292 sizeof(struct icmp6hdr), skb->csum);
4c9483b2
DM		 293 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr,
294 &fl6->daddr,
295 len, fl6->flowi6_proto,
1da177e4
LT		 296 skb->csum);
297 } else {
868c86bc 298 __wsum tmp_csum = 0;
1da177e4
LT		 299
300 skb_queue_walk(&sk->sk_write_queue, skb) {
301 tmp_csum = csum_add(tmp_csum, skb->csum);
302 }
303
07f0757a 304 tmp_csum = csum_partial(icmp6h,
1da177e4 305 sizeof(struct icmp6hdr), tmp_csum);
4c9483b2
DM		 306 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr,
307 &fl6->daddr,
308 len, fl6->flowi6_proto,
868c86bc 309 tmp_csum);
1da177e4 310 }
1da177e4 311 ip6_push_pending_frames(sk);
1da177e4
LT		 312}
313
314struct icmpv6_msg {
315 struct sk_buff *skb;
316 int offset;
763ecff1 317 uint8_t type;
1da177e4
LT		 318};
319
320static int icmpv6_getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb)
321{
322 struct icmpv6_msg *msg = (struct icmpv6_msg *) from;
323 struct sk_buff *org_skb = msg->skb;
8d5930df 324 __wsum csum;
1da177e4
LT		 325
326 csum = skb_copy_and_csum_bits(org_skb, msg->offset + offset,
8d5930df 327 to, len);
1da177e4 328 skb->csum = csum_block_add(skb->csum, csum, odd);
763ecff1
YK		 329 if (!(msg->type & ICMPV6_INFOMSG_MASK))
330 nf_ct_attach(skb, org_skb);
1da177e4
LT		 331 return 0;
332}
333
07a93626 334#if IS_ENABLED(CONFIG_IPV6_MIP6)
ee576c47 335static void mip6_addr_swap(struct sk_buff *skb, const struct inet6_skb_parm *opt)
79383236 336{
0660e03f 337 struct ipv6hdr *iph = ipv6_hdr(skb);
79383236 338 struct ipv6_destopt_hao *hao;
79383236
MN		 339 int off;
340
341 if (opt->dsthao) {
342 off = ipv6_find_tlv(skb, opt->dsthao, IPV6_TLV_HAO);
343 if (likely(off >= 0)) {
d56f90a7
ACM		 344 hao = (struct ipv6_destopt_hao *)
345 (skb_network_header(skb) + off);
bc617613 346 swap(iph->saddr, hao->addr);
79383236
MN		 347 }
348 }
349}
350#else
ee576c47 351static inline void mip6_addr_swap(struct sk_buff *skb, const struct inet6_skb_parm *opt) {}
79383236
MN		 352#endif
353
e8243534 354static struct dst_entry *icmpv6_route_lookup(struct net *net,
355 struct sk_buff *skb,
356 struct sock *sk,
357 struct flowi6 *fl6)
b42835db
DM		 358{
359 struct dst_entry *dst, *dst2;
4c9483b2 360 struct flowi6 fl2;
b42835db
DM		 361 int err;
362
343d60aa 363 err = ip6_dst_lookup(net, sk, &dst, fl6);
b42835db
DM		 364 if (err)
365 return ERR_PTR(err);
366
367 /*
368 * We won't send icmp if the destination is known
7ab75456 369 * anycast unless we need to treat anycast as unicast.
b42835db 370 */
7ab75456
MB		 371 if (!READ_ONCE(net->ipv6.sysctl.icmpv6_error_anycast_as_unicast) &&
372 ipv6_anycast_destination(dst, &fl6->daddr)) {
ba7a46f1 373 net_dbg_ratelimited("icmp6_send: acast source\n");
b42835db
DM		 374 dst_release(dst);
375 return ERR_PTR(-EINVAL);
376 }
377
378 /* No need to clone since we're just using its address. */
379 dst2 = dst;
380
4c9483b2 381 dst = xfrm_lookup(net, dst, flowi6_to_flowi(fl6), sk, 0);
452edd59 382 if (!IS_ERR(dst)) {
b42835db
DM		 383 if (dst != dst2)
384 return dst;
452edd59
DM		 385 } else {
386 if (PTR_ERR(dst) == -EPERM)
387 dst = NULL;
388 else
389 return dst;
b42835db
DM		 390 }
391
2b1dc628 392 err = xfrm_decode_session_reverse(net, skb, flowi6_to_flowi(&fl2), AF_INET6);
b42835db
DM		 393 if (err)
394 goto relookup_failed;
395
343d60aa 396 err = ip6_dst_lookup(net, sk, &dst2, &fl2);
b42835db
DM		 397 if (err)
398 goto relookup_failed;
399
4c9483b2 400 dst2 = xfrm_lookup(net, dst2, flowi6_to_flowi(&fl2), sk, XFRM_LOOKUP_ICMP);
452edd59 401 if (!IS_ERR(dst2)) {
b42835db
DM		 402 dst_release(dst);
403 dst = dst2;
452edd59
DM		 404 } else {
405 err = PTR_ERR(dst2);
406 if (err == -EPERM) {
407 dst_release(dst);
408 return dst2;
409 } else
410 goto relookup_failed;
b42835db
DM		 411 }
412
413relookup_failed:
414 if (dst)
415 return dst;
416 return ERR_PTR(err);
417}
418
e1ae5c2e 419static struct net_device *icmp6_dev(const struct sk_buff *skb)
1b70d792 420{
e1ae5c2e 421 struct net_device *dev = skb->dev;
1b70d792
DA		 422
423 /* for local traffic to local address, skb dev is the loopback
424 * device. Check if there is a dst attached to the skb and if so
24b711ed
DA		 425 * get the real device index. Same is needed for replies to a link
426 * local address on a device enslaved to an L3 master device
1b70d792 427 */
e1ae5c2e 428 if (unlikely(dev->ifindex == LOOPBACK_IFINDEX || netif_is_l3_master(skb->dev))) {
1b70d792
DA		 429 const struct rt6_info *rt6 = skb_rt6_info(skb);
430
2aaa8a15
KI		 431 /* The destination could be an external IP in Ext Hdr (SRv6, RPL, etc.),
432 * and ip6_null_entry could be set to skb if no route is found.
433 */
434 if (rt6 && rt6->rt6i_idev)
e1ae5c2e 435 dev = rt6->rt6i_idev->dev;
1b70d792
DA		 436 }
437
e1ae5c2e
SS		 438 return dev;
439}
440
441static int icmp6_iif(const struct sk_buff *skb)
442{
443 return icmp6_dev(skb)->ifindex;
1b70d792
DA		 444}
445
1da177e4
LT		 446/*
447 * Send an ICMP message in response to a packet in error
448 */
cc7a21b6 449void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info,
ee576c47
JD		 450 const struct in6_addr *force_saddr,
451 const struct inet6_skb_parm *parm)
1da177e4
LT		 452{
453 struct inet6_dev *idev = NULL;
0660e03f 454 struct ipv6hdr *hdr = ipv6_hdr(skb);
84427d53 455 struct sock *sk;
8d933670 456 struct net *net;
84427d53 457 struct ipv6_pinfo *np;
b71d1d42 458 const struct in6_addr *saddr = NULL;
8c2bd38b 459 bool apply_ratelimit = false;
1da177e4
LT		 460 struct dst_entry *dst;
461 struct icmp6hdr tmp_hdr;
4c9483b2 462 struct flowi6 fl6;
1da177e4 463 struct icmpv6_msg msg;
26879da5 464 struct ipcm6_cookie ipc6;
1da177e4
LT		 465 int iif = 0;
466 int addr_type = 0;
467 int len;
8d933670 468 u32 mark;
1da177e4 469
27a884dc 470 if ((u8 *)hdr < skb->head ||
29a3cad5 471 (skb_network_header(skb) + sizeof(*hdr)) > skb_tail_pointer(skb))
1da177e4
LT		 472 return;
473
8d933670
ED		 474 if (!skb->dev)
475 return;
34aef2b0
ED		 476
477 rcu_read_lock();
478
479 net = dev_net_rcu(skb->dev);
8d933670 480 mark = IP6_REPLY_MARK(net, skb->mark);
1da177e4 481 /*
1ab1457c 482 * Make sure we respect the rules
1da177e4 483 * i.e. RFC 1885 2.4(e)
5f5624cf 484 * Rule (e.1) is enforced by not using icmp6_send
1da177e4
LT		 485 * in any code that processes icmp errors.
486 */
487 addr_type = ipv6_addr_type(&hdr->daddr);
488
446fab59 489 if (ipv6_chk_addr(net, &hdr->daddr, skb->dev, 0) ||
d94c1f92 490 ipv6_chk_acast_addr_src(net, skb->dev, &hdr->daddr))
1da177e4
LT		 491 saddr = &hdr->daddr;
492
493 /*
494 * Dest addr check
495 */
496
9a6b4b39 497 if (addr_type & IPV6_ADDR_MULTICAST || skb->pkt_type != PACKET_HOST) {
1da177e4 498 if (type != ICMPV6_PKT_TOOBIG &&
1ab1457c
YH		 499 !(type == ICMPV6_PARAMPROB &&
500 code == ICMPV6_UNK_OPTION &&
1da177e4 501 (opt_unrec(skb, info))))
34aef2b0 502 goto out;
1da177e4
LT		 503
504 saddr = NULL;
505 }
506
507 addr_type = ipv6_addr_type(&hdr->saddr);
508
509 /*
510 * Source addr check
511 */
512
4832c30d 513 if (__ipv6_addr_needs_scope_id(addr_type)) {
1b70d792 514 iif = icmp6_iif(skb);
4832c30d 515 } else {
272928d1
MD		 516 /*
517 * The source device is used for looking up which routing table
518 * to use for sending an ICMP error.
519 */
520 iif = l3mdev_master_ifindex(skb->dev);
79dc7e3f 521 }
1da177e4
LT		 522
523 /*
8de3351e
YH		 524 * Must not send error if the source does not uniquely
525 * identify a single node (RFC2463 Section 2.4).
526 * We check unspecified / multicast addresses here,
527 * and anycast addresses will be checked later.
1da177e4
LT		 528 */
529 if ((addr_type == IPV6_ADDR_ANY) || (addr_type & IPV6_ADDR_MULTICAST)) {
4b3418fb
BM		 530 net_dbg_ratelimited("icmp6_send: addr_any/mcast source [%pI6c > %pI6c]\n",
531 &hdr->saddr, &hdr->daddr);
34aef2b0 532 goto out;
1da177e4
LT		 533 }
534
1ab1457c 535 /*
1da177e4
LT		 536 * Never answer to a ICMP packet.
537 */
538 if (is_ineligible(skb)) {
4b3418fb
BM		 539 net_dbg_ratelimited("icmp6_send: no reply to icmp error [%pI6c > %pI6c]\n",
540 &hdr->saddr, &hdr->daddr);
34aef2b0 541 goto out;
1da177e4
LT		 542 }
543
8c2bd38b 544 /* Needed by both icmpv6_global_allow and icmpv6_xmit_lock */
7ba91ecb
JDB		 545 local_bh_disable();
546
547 /* Check global sysctl_icmp_msgs_per_sec ratelimit */
8c2bd38b
ED		 548 if (!(skb->dev->flags & IFF_LOOPBACK) &&
549 !icmpv6_global_allow(net, type, &apply_ratelimit))
7ba91ecb
JDB		 550 goto out_bh_enable;
551
ee576c47 552 mip6_addr_swap(skb, parm);
79383236 553
fac6fce9
FR		 554 sk = icmpv6_xmit_lock(net);
555 if (!sk)
556 goto out_bh_enable;
557
4c9483b2
DM		 558 memset(&fl6, 0, sizeof(fl6));
559 fl6.flowi6_proto = IPPROTO_ICMPV6;
4e3fd7a0 560 fl6.daddr = hdr->saddr;
b1cadc1a
ED		 561 if (force_saddr)
562 saddr = force_saddr;
fac6fce9 563 if (saddr) {
4e3fd7a0 564 fl6.saddr = *saddr;
b93cfb9c 565 } else if (!icmpv6_rt_has_prefsrc(sk, type, &fl6)) {
fac6fce9
FR		 566 /* select a more meaningful saddr from input if */
567 struct net_device *in_netdev;
568
ee576c47 569 in_netdev = dev_get_by_index(net, parm->iif);
fac6fce9
FR		 570 if (in_netdev) {
571 ipv6_dev_get_saddr(net, in_netdev, &fl6.daddr,
572 inet6_sk(sk)->srcprefs,
573 &fl6.saddr);
574 dev_put(in_netdev);
575 }
576 }
e110861f 577 fl6.flowi6_mark = mark;
4c9483b2 578 fl6.flowi6_oif = iif;
1958b856
DM		 579 fl6.fl6_icmp_type = type;
580 fl6.fl6_icmp_code = code;
e2d118a1 581 fl6.flowi6_uid = sock_net_uid(net, NULL);
b4bac172 582 fl6.mp_hash = rt6_multipath_hash(net, &fl6, skb, NULL);
3df98d79 583 security_skb_classify_flow(skb, flowi6_to_flowi_common(&fl6));
1da177e4 584
fdc0bde9 585 np = inet6_sk(sk);
405666db 586
8c2bd38b 587 if (!icmpv6_xrlim_allow(sk, type, &fl6, apply_ratelimit))
34aef2b0 588 goto out_unlock;
1da177e4
LT		 589
590 tmp_hdr.icmp6_type = type;
591 tmp_hdr.icmp6_code = code;
592 tmp_hdr.icmp6_cksum = 0;
593 tmp_hdr.icmp6_pointer = htonl(info);
594
4c9483b2 595 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
d2f011a0 596 fl6.flowi6_oif = READ_ONCE(np->mcast_oif);
c4062dfc 597 else if (!fl6.flowi6_oif)
1ac13efd 598 fl6.flowi6_oif = READ_ONCE(np->ucast_oif);
1da177e4 599
1086ca7c 600 ipcm6_init_sk(&ipc6, sk);
0da7536f 601 ipc6.sockc.mark = mark;
38b7097b
HFS		 602 fl6.flowlabel = ip6_make_flowinfo(ipc6.tclass, fl6.flowlabel);
603
4c9483b2 604 dst = icmpv6_route_lookup(net, skb, sk, &fl6);
b42835db 605 if (IS_ERR(dst))
34aef2b0 606 goto out_unlock;
8de3351e 607
26879da5 608 ipc6.hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst);
1da177e4
LT		 609
610 msg.skb = skb;
bbe735e4 611 msg.offset = skb_network_offset(skb);
763ecff1 612 msg.type = type;
1da177e4
LT		 613
614 len = skb->len - msg.offset;
67ba4152 615 len = min_t(unsigned int, len, IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(struct icmp6hdr));
1da177e4 616 if (len < 0) {
4b3418fb
BM		 617 net_dbg_ratelimited("icmp: len problem [%pI6c > %pI6c]\n",
618 &hdr->saddr, &hdr->daddr);
1da177e4
LT		 619 goto out_dst_release;
620 }
621
cfdf7647 622 idev = __in6_dev_get(skb->dev);
1da177e4 623
4e64b1ed
JP		 624 if (ip6_append_data(sk, icmpv6_getfrag, &msg,
625 len + sizeof(struct icmp6hdr),
626 sizeof(struct icmp6hdr),
e8dfd42c 627 &ipc6, &fl6, dst_rt6_info(dst),
5fdaa88d 628 MSG_DONTWAIT)) {
43a43b60 629 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTERRORS);
1da177e4 630 ip6_flush_pending_frames(sk);
cfdf7647 631 } else {
4e64b1ed
JP		 632 icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr,
633 len + sizeof(struct icmp6hdr));
1da177e4 634 }
34aef2b0 635
1da177e4
LT		 636out_dst_release:
637 dst_release(dst);
34aef2b0 638out_unlock:
405666db 639 icmpv6_xmit_unlock(sk);
7ba91ecb
JDB		 640out_bh_enable:
641 local_bh_enable();
34aef2b0
ED		 642out:
643 rcu_read_unlock();
1da177e4 644}
cc7a21b6 645EXPORT_SYMBOL(icmp6_send);
5f5624cf 646
1ad6d548 647/* Slightly more convenient version of icmp6_send with drop reasons.
5f5624cf 648 */
1ad6d548
MD		 649void icmpv6_param_prob_reason(struct sk_buff *skb, u8 code, int pos,
650 enum skb_drop_reason reason)
5f5624cf 651{
ee576c47 652 icmp6_send(skb, ICMPV6_PARAMPROB, code, pos, NULL, IP6CB(skb));
1ad6d548 653 kfree_skb_reason(skb, reason);
5f5624cf 654}
7159039a 655
5fbba8ac
ED		 656/* Generate icmpv6 with type/code ICMPV6_DEST_UNREACH/ICMPV6_ADDR_UNREACH
657 * if sufficient data bytes are available
658 * @nhs is the size of the tunnel header(s) :
659 * Either an IPv4 header for SIT encap
660 * an IPv4 header + GRE header for GRE encap
661 */
20e1954f
ED		 662int ip6_err_gen_icmpv6_unreach(struct sk_buff *skb, int nhs, int type,
663 unsigned int data_len)
5fbba8ac 664{
2d7a3b27 665 struct in6_addr temp_saddr;
5fbba8ac
ED		 666 struct rt6_info *rt;
667 struct sk_buff *skb2;
20e1954f 668 u32 info = 0;
5fbba8ac
ED		 669
670 if (!pskb_may_pull(skb, nhs + sizeof(struct ipv6hdr) + 8))
671 return 1;
672
20e1954f
ED		 673 /* RFC 4884 (partial) support for ICMP extensions */
674 if (data_len < 128 || (data_len & 7) || skb->len < data_len)
675 data_len = 0;
676
677 skb2 = data_len ? skb_copy(skb, GFP_ATOMIC) : skb_clone(skb, GFP_ATOMIC);
5fbba8ac
ED		 678
679 if (!skb2)
680 return 1;
681
682 skb_dst_drop(skb2);
683 skb_pull(skb2, nhs);
684 skb_reset_network_header(skb2);
685
34aef2b0
ED		 686 rt = rt6_lookup(dev_net_rcu(skb->dev), &ipv6_hdr(skb2)->saddr,
687 NULL, 0, skb, 0);
5fbba8ac
ED		 688
689 if (rt && rt->dst.dev)
690 skb2->dev = rt->dst.dev;
691
2d7a3b27 692 ipv6_addr_set_v4mapped(ip_hdr(skb)->saddr, &temp_saddr);
20e1954f
ED		 693
694 if (data_len) {
695 /* RFC 4884 (partial) support :
696 * insert 0 padding at the end, before the extensions
697 */
698 __skb_push(skb2, nhs);
699 skb_reset_network_header(skb2);
700 memmove(skb2->data, skb2->data + nhs, data_len - nhs);
701 memset(skb2->data + data_len - nhs, 0, nhs);
702 /* RFC 4884 4.5 : Length is measured in 64-bit words,
703 * and stored in reserved[0]
704 */
705 info = (data_len/8) << 24;
706 }
2d7a3b27
ED		 707 if (type == ICMP_TIME_EXCEEDED)
708 icmp6_send(skb2, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT,
ee576c47 709 info, &temp_saddr, IP6CB(skb2));
2d7a3b27
ED		 710 else
711 icmp6_send(skb2, ICMPV6_DEST_UNREACH, ICMPV6_ADDR_UNREACH,
ee576c47 712 info, &temp_saddr, IP6CB(skb2));
5fbba8ac
ED		 713 if (rt)
714 ip6_rt_put(rt);
715
716 kfree_skb(skb2);
717
718 return 0;
719}
720EXPORT_SYMBOL(ip6_err_gen_icmpv6_unreach);
721
ac03694b 722static enum skb_drop_reason icmpv6_echo_reply(struct sk_buff *skb)
1da177e4 723{
34aef2b0 724 struct net *net = dev_net_rcu(skb->dev);
84427d53 725 struct sock *sk;
1da177e4 726 struct inet6_dev *idev;
84427d53 727 struct ipv6_pinfo *np;
b71d1d42 728 const struct in6_addr *saddr = NULL;
cc70ab26 729 struct icmp6hdr *icmph = icmp6_hdr(skb);
8c2bd38b 730 bool apply_ratelimit = false;
1da177e4 731 struct icmp6hdr tmp_hdr;
4c9483b2 732 struct flowi6 fl6;
1da177e4
LT		 733 struct icmpv6_msg msg;
734 struct dst_entry *dst;
26879da5 735 struct ipcm6_cookie ipc6;
e110861f 736 u32 mark = IP6_REPLY_MARK(net, skb->mark);
ac03694b 737 SKB_DR(reason);
0b03a5ca 738 bool acast;
1fd07f33 739 u8 type;
1da177e4 740
03f1eccc
SS		 741 if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr) &&
742 net->ipv6.sysctl.icmpv6_echo_ignore_multicast)
ac03694b 743 return reason;
03f1eccc 744
0660e03f 745 saddr = &ipv6_hdr(skb)->daddr;
1da177e4 746
0b03a5ca
SS		 747 acast = ipv6_anycast_destination(skb_dst(skb), saddr);
748 if (acast && net->ipv6.sysctl.icmpv6_echo_ignore_anycast)
ac03694b 749 return reason;
0b03a5ca 750
509aba3b 751 if (!ipv6_unicast_destination(skb) &&
0b03a5ca 752 !(net->ipv6.sysctl.anycast_src_echo_reply && acast))
1da177e4
LT		 753 saddr = NULL;
754
1fd07f33
AR		 755 if (icmph->icmp6_type == ICMPV6_EXT_ECHO_REQUEST)
756 type = ICMPV6_EXT_ECHO_REPLY;
757 else
758 type = ICMPV6_ECHO_REPLY;
759
1da177e4 760 memcpy(&tmp_hdr, icmph, sizeof(tmp_hdr));
1fd07f33 761 tmp_hdr.icmp6_type = type;
1da177e4 762
4c9483b2 763 memset(&fl6, 0, sizeof(fl6));
a346abe0
ED		 764 if (net->ipv6.sysctl.flowlabel_reflect & FLOWLABEL_REFLECT_ICMPV6_ECHO_REPLIES)
765 fl6.flowlabel = ip6_flowlabel(ipv6_hdr(skb));
766
4c9483b2 767 fl6.flowi6_proto = IPPROTO_ICMPV6;
4e3fd7a0 768 fl6.daddr = ipv6_hdr(skb)->saddr;
1da177e4 769 if (saddr)
4e3fd7a0 770 fl6.saddr = *saddr;
1b70d792 771 fl6.flowi6_oif = icmp6_iif(skb);
1fd07f33 772 fl6.fl6_icmp_type = type;
e110861f 773 fl6.flowi6_mark = mark;
e2d118a1 774 fl6.flowi6_uid = sock_net_uid(net, NULL);
3df98d79 775 security_skb_classify_flow(skb, flowi6_to_flowi_common(&fl6));
1da177e4 776
7ba91ecb 777 local_bh_disable();
fdc0bde9 778 sk = icmpv6_xmit_lock(net);
63159f29 779 if (!sk)
7ba91ecb 780 goto out_bh_enable;
fdc0bde9 781 np = inet6_sk(sk);
405666db 782
4c9483b2 783 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
d2f011a0 784 fl6.flowi6_oif = READ_ONCE(np->mcast_oif);
c4062dfc 785 else if (!fl6.flowi6_oif)
1ac13efd 786 fl6.flowi6_oif = READ_ONCE(np->ucast_oif);
1da177e4 787
4e64b1ed 788 if (ip6_dst_lookup(net, sk, &dst, &fl6))
1da177e4 789 goto out;
4c9483b2 790 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), sk, 0);
452edd59 791 if (IS_ERR(dst))
e104411b 792 goto out;
1da177e4 793
0bc19985 794 /* Check the ratelimit */
8c2bd38b
ED		 795 if ((!(skb->dev->flags & IFF_LOOPBACK) &&
796 !icmpv6_global_allow(net, ICMPV6_ECHO_REPLY, &apply_ratelimit)) ||
797 !icmpv6_xrlim_allow(sk, ICMPV6_ECHO_REPLY, &fl6, apply_ratelimit))
0bc19985
SS		 798 goto out_dst_release;
799
cfdf7647 800 idev = __in6_dev_get(skb->dev);
1da177e4
LT		 801
802 msg.skb = skb;
803 msg.offset = 0;
1fd07f33 804 msg.type = type;
1da177e4 805
1086ca7c 806 ipcm6_init_sk(&ipc6, sk);
26879da5
WW		 807 ipc6.hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst);
808 ipc6.tclass = ipv6_get_dsfield(ipv6_hdr(skb));
0da7536f 809 ipc6.sockc.mark = mark;
26879da5 810
1fd07f33
AR		 811 if (icmph->icmp6_type == ICMPV6_EXT_ECHO_REQUEST)
812 if (!icmp_build_probe(skb, (struct icmphdr *)&tmp_hdr))
813 goto out_dst_release;
814
4e64b1ed
JP		 815 if (ip6_append_data(sk, icmpv6_getfrag, &msg,
816 skb->len + sizeof(struct icmp6hdr),
817 sizeof(struct icmp6hdr), &ipc6, &fl6,
e8dfd42c 818 dst_rt6_info(dst), MSG_DONTWAIT)) {
a16292a0 819 __ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTERRORS);
1da177e4 820 ip6_flush_pending_frames(sk);
cfdf7647 821 } else {
4e64b1ed
JP		 822 icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr,
823 skb->len + sizeof(struct icmp6hdr));
ac03694b 824 reason = SKB_CONSUMED;
1da177e4 825 }
0bc19985 826out_dst_release:
1da177e4 827 dst_release(dst);
1ab1457c 828out:
405666db 829 icmpv6_xmit_unlock(sk);
7ba91ecb
JDB		 830out_bh_enable:
831 local_bh_enable();
ac03694b 832 return reason;
1da177e4
LT		 833}
834
30c89bad
ED		 835enum skb_drop_reason icmpv6_notify(struct sk_buff *skb, u8 type,
836 u8 code, __be32 info)
1da177e4 837{
e4129440 838 struct inet6_skb_parm *opt = IP6CB(skb);
34aef2b0 839 struct net *net = dev_net_rcu(skb->dev);
41135cc8 840 const struct inet6_protocol *ipprot;
30c89bad 841 enum skb_drop_reason reason;
1da177e4 842 int inner_offset;
75f2811c 843 __be16 frag_off;
f9242b6b 844 u8 nexthdr;
1da177e4 845
30c89bad
ED		 846 reason = pskb_may_pull_reason(skb, sizeof(struct ipv6hdr));
847 if (reason != SKB_NOT_DROPPED_YET)
7304fe46 848 goto out;
1da177e4 849
e4129440
AL		 850 seg6_icmp_srh(skb, opt);
851
1da177e4
LT		 852 nexthdr = ((struct ipv6hdr *)skb->data)->nexthdr;
853 if (ipv6_ext_hdr(nexthdr)) {
854 /* now skip over extension headers */
75f2811c
JG		 855 inner_offset = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr),
856 &nexthdr, &frag_off);
30c89bad
ED		 857 if (inner_offset < 0) {
858 SKB_DR_SET(reason, IPV6_BAD_EXTHDR);
7304fe46 859 goto out;
30c89bad 860 }
1da177e4
LT		 861 } else {
862 inner_offset = sizeof(struct ipv6hdr);
863 }
864
865 /* Checkin header including 8 bytes of inner protocol header. */
30c89bad
ED		 866 reason = pskb_may_pull_reason(skb, inner_offset + 8);
867 if (reason != SKB_NOT_DROPPED_YET)
7304fe46 868 goto out;
1da177e4 869
1da177e4
LT		 870 /* BUGGG_FUTURE: we should try to parse exthdrs in this packet.
871 Without this we will not able f.e. to make source routed
872 pmtu discovery.
873 Corresponding argument (opt) to notifiers is already added.
874 --ANK (980726)
875 */
876
f9242b6b 877 ipprot = rcu_dereference(inet6_protos[nexthdr]);
1da177e4 878 if (ipprot && ipprot->err_handler)
e4129440 879 ipprot->err_handler(skb, opt, type, code, inner_offset, info);
1da177e4 880
69d6da0b 881 raw6_icmp_error(skb, nexthdr, type, code, inner_offset, info);
30c89bad 882 return SKB_CONSUMED;
7304fe46
DJ		 883
884out:
a16292a0 885 __ICMP6_INC_STATS(net, __in6_dev_get(skb->dev), ICMP6_MIB_INERRORS);
30c89bad 886 return reason;
1da177e4 887}
1ab1457c 888
1da177e4
LT		 889/*
890 * Handle icmp messages
891 */
892
e5bbef20 893static int icmpv6_rcv(struct sk_buff *skb)
1da177e4 894{
b384c95a 895 enum skb_drop_reason reason = SKB_DROP_REASON_NOT_SPECIFIED;
34aef2b0 896 struct net *net = dev_net_rcu(skb->dev);
e1ae5c2e 897 struct net_device *dev = icmp6_dev(skb);
1da177e4 898 struct inet6_dev *idev = __in6_dev_get(dev);
b71d1d42 899 const struct in6_addr *saddr, *daddr;
1da177e4 900 struct icmp6hdr *hdr;
d5fdd6ba 901 u8 type;
1da177e4 902
aebcf82c 903 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
def8b4fa 904 struct sec_path *sp = skb_sec_path(skb);
8b7817f3
HX		 905 int nh;
906
def8b4fa 907 if (!(sp && sp->xvec[sp->len - 1]->props.flags &
b384c95a
MD		 908 XFRM_STATE_ICMP)) {
909 reason = SKB_DROP_REASON_XFRM_POLICY;
aebcf82c 910 goto drop_no_count;
b384c95a 911 }
aebcf82c 912
81aded24 913 if (!pskb_may_pull(skb, sizeof(*hdr) + sizeof(struct ipv6hdr)))
8b7817f3
HX		 914 goto drop_no_count;
915
916 nh = skb_network_offset(skb);
917 skb_set_network_header(skb, sizeof(*hdr));
918
b384c95a
MD		 919 if (!xfrm6_policy_check_reverse(NULL, XFRM_POLICY_IN,
920 skb)) {
921 reason = SKB_DROP_REASON_XFRM_POLICY;
8b7817f3 922 goto drop_no_count;
b384c95a 923 }
8b7817f3
HX		 924
925 skb_set_network_header(skb, nh);
926 }
927
34aef2b0 928 __ICMP6_INC_STATS(dev_net_rcu(dev), idev, ICMP6_MIB_INMSGS);
1da177e4 929
0660e03f
ACM		 930 saddr = &ipv6_hdr(skb)->saddr;
931 daddr = &ipv6_hdr(skb)->daddr;
1da177e4 932
39471ac8 933 if (skb_checksum_validate(skb, IPPROTO_ICMPV6, ip6_compute_pseudo)) {
ba7a46f1
JP		 934 net_dbg_ratelimited("ICMPv6 checksum failed [%pI6c > %pI6c]\n",
935 saddr, daddr);
39471ac8 936 goto csum_error;
1da177e4
LT		 937 }
938
8cf22943
HX		 939 if (!pskb_pull(skb, sizeof(*hdr)))
940 goto discard_it;
1da177e4 941
cc70ab26 942 hdr = icmp6_hdr(skb);
1da177e4
LT		 943
944 type = hdr->icmp6_type;
945
34aef2b0 946 ICMP6MSGIN_INC_STATS(dev_net_rcu(dev), idev, type);
1da177e4
LT		 947
948 switch (type) {
949 case ICMPV6_ECHO_REQUEST:
e6f86b0f 950 if (!net->ipv6.sysctl.icmpv6_echo_ignore_all)
ac03694b 951 reason = icmpv6_echo_reply(skb);
1da177e4 952 break;
1fd07f33
AR		 953 case ICMPV6_EXT_ECHO_REQUEST:
954 if (!net->ipv6.sysctl.icmpv6_echo_ignore_all &&
4a2f7083 955 READ_ONCE(net->ipv4.sysctl_icmp_echo_enable_probe))
ac03694b 956 reason = icmpv6_echo_reply(skb);
1fd07f33 957 break;
1da177e4
LT		 958
959 case ICMPV6_ECHO_REPLY:
31433202 960 case ICMPV6_EXT_ECHO_REPLY:
a7e38208
ED		 961 ping_rcv(skb);
962 return 0;
31433202 963
1da177e4
LT		 964 case ICMPV6_PKT_TOOBIG:
965 /* BUGGG_FUTURE: if packet contains rthdr, we cannot update
966 standard destination cache. Seems, only "advanced"
967 destination cache will allow to solve this problem
968 --ANK (980726)
969 */
970 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
971 goto discard_it;
cc70ab26 972 hdr = icmp6_hdr(skb);
1da177e4 973
275757e6 974 /* to notify */
a8eceea8 975 fallthrough;
1da177e4
LT		 976 case ICMPV6_DEST_UNREACH:
977 case ICMPV6_TIME_EXCEED:
978 case ICMPV6_PARAMPROB:
30c89bad
ED		 979 reason = icmpv6_notify(skb, type, hdr->icmp6_code,
980 hdr->icmp6_mtu);
1da177e4
LT		 981 break;
982
983 case NDISC_ROUTER_SOLICITATION:
984 case NDISC_ROUTER_ADVERTISEMENT:
985 case NDISC_NEIGHBOUR_SOLICITATION:
986 case NDISC_NEIGHBOUR_ADVERTISEMENT:
987 case NDISC_REDIRECT:
545dbcd1 988 reason = ndisc_rcv(skb);
1da177e4
LT		 989 break;
990
991 case ICMPV6_MGM_QUERY:
992 igmp6_event_query(skb);
f185de28 993 return 0;
1da177e4
LT		 994
995 case ICMPV6_MGM_REPORT:
996 igmp6_event_report(skb);
f185de28 997 return 0;
1da177e4
LT		 998
999 case ICMPV6_MGM_REDUCTION:
1000 case ICMPV6_NI_QUERY:
1001 case ICMPV6_NI_REPLY:
1002 case ICMPV6_MLD2_REPORT:
1003 case ICMPV6_DHAAD_REQUEST:
1004 case ICMPV6_DHAAD_REPLY:
1005 case ICMPV6_MOBILE_PREFIX_SOL:
1006 case ICMPV6_MOBILE_PREFIX_ADV:
1007 break;
1008
1009 default:
1da177e4
LT		 1010 /* informational */
1011 if (type & ICMPV6_INFOMSG_MASK)
1012 break;
1013
4b3418fb
BM		 1014 net_dbg_ratelimited("icmpv6: msg of unknown type [%pI6c > %pI6c]\n",
1015 saddr, daddr);
ea85a0a2 1016
1ab1457c
YH		 1017 /*
1018 * error of unknown type.
1019 * must pass to upper level
1da177e4
LT		 1020 */
1021
30c89bad
ED		 1022 reason = icmpv6_notify(skb, type, hdr->icmp6_code,
1023 hdr->icmp6_mtu);
3ff50b79
SH		 1024 }
1025
e3e32170
RJ		 1026 /* until the v6 path can be better sorted assume failure and
1027 * preserve the status quo behaviour for the rest of the paths to here
1028 */
b384c95a
MD		 1029 if (reason)
1030 kfree_skb_reason(skb, reason);
e3e32170 1031 else
b384c95a 1032 consume_skb(skb);
e3e32170 1033
1da177e4
LT		 1034 return 0;
1035
6a5dc9e5 1036csum_error:
b384c95a 1037 reason = SKB_DROP_REASON_ICMP_CSUM;
34aef2b0 1038 __ICMP6_INC_STATS(dev_net_rcu(dev), idev, ICMP6_MIB_CSUMERRORS);
1da177e4 1039discard_it:
34aef2b0 1040 __ICMP6_INC_STATS(dev_net_rcu(dev), idev, ICMP6_MIB_INERRORS);
8b7817f3 1041drop_no_count:
b384c95a 1042 kfree_skb_reason(skb, reason);
1da177e4
LT		 1043 return 0;
1044}
1045
5bc67a85 1046void icmpv6_flow_init(const struct sock *sk, struct flowi6 *fl6, u8 type,
95e41e93 1047 const struct in6_addr *saddr,
5bc67a85 1048 const struct in6_addr *daddr, int oif)
95e41e93 1049{
4c9483b2 1050 memset(fl6, 0, sizeof(*fl6));
4e3fd7a0
AD		 1051 fl6->saddr = *saddr;
1052 fl6->daddr = *daddr;
67ba4152 1053 fl6->flowi6_proto = IPPROTO_ICMPV6;
1958b856
DM		 1054 fl6->fl6_icmp_type = type;
1055 fl6->fl6_icmp_code = 0;
4c9483b2 1056 fl6->flowi6_oif = oif;
3df98d79 1057 security_sk_classify_flow(sk, flowi6_to_flowi_common(fl6));
95e41e93
YH		 1058}
1059
6a17b961 1060int __init icmpv6_init(void)
1da177e4
LT		 1061{
1062 struct sock *sk;
3232a1ef 1063 int err, i;
1da177e4 1064
6f912042 1065 for_each_possible_cpu(i) {
1ed8516f 1066 err = inet_ctl_sock_create(&sk, PF_INET6,
6a17b961 1067 SOCK_RAW, IPPROTO_ICMPV6, &init_net);
1da177e4 1068 if (err < 0) {
f3213831 1069 pr_err("Failed to initialize the ICMP6 control socket (err %d)\n",
1da177e4 1070 err);
6a17b961 1071 return err;
1da177e4
LT		 1072 }
1073
6a17b961 1074 per_cpu(ipv6_icmp_sk, i) = sk;
5c8cafd6 1075
1da177e4
LT		 1076 /* Enough space for 2 64K ICMP packets, including
1077 * sk_buff struct overhead.
1078 */
87fb4b7b 1079 sk->sk_sndbuf = 2 * SKB_TRUESIZE(64 * 1024);
1da177e4 1080 }
98c6d1b2
DL		 1081
1082 err = -EAGAIN;
1083 if (inet6_add_protocol(&icmpv6_protocol, IPPROTO_ICMPV6) < 0)
1084 goto fail;
5f5624cf
PS		 1085
1086 err = inet6_register_icmp_sender(icmp6_send);
1087 if (err)
1088 goto sender_reg_err;
98c6d1b2
DL		 1089 return 0;
1090
5f5624cf
PS		 1091sender_reg_err:
1092 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6);
98c6d1b2 1093fail:
f3213831 1094 pr_err("Failed to register ICMP6 protocol\n");
98c6d1b2
DL		 1095 return err;
1096}
1097
8ed7edce 1098void icmpv6_cleanup(void)
98c6d1b2 1099{
5f5624cf 1100 inet6_unregister_icmp_sender(icmp6_send);
1da177e4
LT		 1101 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6);
1102}
1103
98c6d1b2 1104
9b5b5cff 1105static const struct icmp6_err {
1da177e4
LT		 1106 int err;
1107 int fatal;
1108} tab_unreach[] = {
1109 { /* NOROUTE */
1110 .err = ENETUNREACH,
1111 .fatal = 0,
1112 },
1113 { /* ADM_PROHIBITED */
1114 .err = EACCES,
1115 .fatal = 1,
1116 },
1117 { /* Was NOT_NEIGHBOUR, now reserved */
1118 .err = EHOSTUNREACH,
1119 .fatal = 0,
1120 },
1121 { /* ADDR_UNREACH */
1122 .err = EHOSTUNREACH,
1123 .fatal = 0,
1124 },
1125 { /* PORT_UNREACH */
1126 .err = ECONNREFUSED,
1127 .fatal = 1,
1128 },
61e76b17
JB		 1129 { /* POLICY_FAIL */
1130 .err = EACCES,
1131 .fatal = 1,
1132 },
1133 { /* REJECT_ROUTE */
1134 .err = EACCES,
1135 .fatal = 1,
1136 },
1da177e4
LT		 1137};
1138
d5fdd6ba 1139int icmpv6_err_convert(u8 type, u8 code, int *err)
1da177e4
LT		 1140{
1141 int fatal = 0;
1142
1143 *err = EPROTO;
1144
1145 switch (type) {
1146 case ICMPV6_DEST_UNREACH:
1147 fatal = 1;
61e76b17 1148 if (code < ARRAY_SIZE(tab_unreach)) {
1da177e4
LT		 1149 *err = tab_unreach[code].err;
1150 fatal = tab_unreach[code].fatal;
1151 }
1152 break;
1153
1154 case ICMPV6_PKT_TOOBIG:
1155 *err = EMSGSIZE;
1156 break;
1ab1457c 1157
1da177e4
LT		 1158 case ICMPV6_PARAMPROB:
1159 *err = EPROTO;
1160 fatal = 1;
1161 break;
1162
1163 case ICMPV6_TIME_EXCEED:
1164 *err = EHOSTUNREACH;
1165 break;
3ff50b79 1166 }
1da177e4
LT		 1167
1168 return fatal;
1169}
7159039a
YH		 1170EXPORT_SYMBOL(icmpv6_err_convert);
1171
1da177e4 1172#ifdef CONFIG_SYSCTL
e8243534 1173static struct ctl_table ipv6_icmp_table_template[] = {
1da177e4 1174 {
1da177e4 1175 .procname = "ratelimit",
41a76906 1176 .data = &init_net.ipv6.sysctl.icmpv6_time,
1da177e4
LT		 1177 .maxlen = sizeof(int),
1178 .mode = 0644,
6d9f239a 1179 .proc_handler = proc_dointvec_ms_jiffies,
1da177e4 1180 },
e6f86b0f
VJ		 1181 {
1182 .procname = "echo_ignore_all",
1183 .data = &init_net.ipv6.sysctl.icmpv6_echo_ignore_all,
a6175633 1184 .maxlen = sizeof(u8),
e6f86b0f 1185 .mode = 0644,
a6175633 1186 .proc_handler = proc_dou8vec_minmax,
e6f86b0f 1187 },
03f1eccc
SS		 1188 {
1189 .procname = "echo_ignore_multicast",
1190 .data = &init_net.ipv6.sysctl.icmpv6_echo_ignore_multicast,
a6175633 1191 .maxlen = sizeof(u8),
03f1eccc 1192 .mode = 0644,
a6175633 1193 .proc_handler = proc_dou8vec_minmax,
03f1eccc 1194 },
0b03a5ca
SS		 1195 {
1196 .procname = "echo_ignore_anycast",
1197 .data = &init_net.ipv6.sysctl.icmpv6_echo_ignore_anycast,
a6175633 1198 .maxlen = sizeof(u8),
0b03a5ca 1199 .mode = 0644,
a6175633 1200 .proc_handler = proc_dou8vec_minmax,
0b03a5ca 1201 },
0bc19985
SS		 1202 {
1203 .procname = "ratemask",
1204 .data = &init_net.ipv6.sysctl.icmpv6_ratemask_ptr,
1205 .maxlen = ICMPV6_MSG_MAX + 1,
1206 .mode = 0644,
1207 .proc_handler = proc_do_large_bitmap,
1208 },
7ab75456
MB		 1209 {
1210 .procname = "error_anycast_as_unicast",
1211 .data = &init_net.ipv6.sysctl.icmpv6_error_anycast_as_unicast,
1212 .maxlen = sizeof(u8),
1213 .mode = 0644,
1214 .proc_handler = proc_dou8vec_minmax,
1215 .extra1 = SYSCTL_ZERO,
1216 .extra2 = SYSCTL_ONE,
1217 },
1da177e4 1218};
760f2d01 1219
2c8c1e72 1220struct ctl_table * __net_init ipv6_icmp_sysctl_init(struct net *net)
760f2d01
DL		 1221{
1222 struct ctl_table *table;
1223
1224 table = kmemdup(ipv6_icmp_table_template,
1225 sizeof(ipv6_icmp_table_template),
1226 GFP_KERNEL);
5ee09105 1227
e6f86b0f 1228 if (table) {
5ee09105 1229 table[0].data = &net->ipv6.sysctl.icmpv6_time;
e6f86b0f 1230 table[1].data = &net->ipv6.sysctl.icmpv6_echo_ignore_all;
03f1eccc 1231 table[2].data = &net->ipv6.sysctl.icmpv6_echo_ignore_multicast;
0b03a5ca 1232 table[3].data = &net->ipv6.sysctl.icmpv6_echo_ignore_anycast;
0bc19985 1233 table[4].data = &net->ipv6.sysctl.icmpv6_ratemask_ptr;
7ab75456 1234 table[5].data = &net->ipv6.sysctl.icmpv6_error_anycast_as_unicast;
e6f86b0f 1235 }
760f2d01
DL		 1236 return table;
1237}
c899710f
JG		 1238
1239size_t ipv6_icmp_sysctl_table_size(void)
1240{
1241 return ARRAY_SIZE(ipv6_icmp_table_template);
1242}
1da177e4 1243#endif
Linux 6.x block layer and io_uring tree(s)