projects / linux-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux
[linux-block.git] / net / ipv6 / icmp.c
CommitLineData
2874c5fd 1// SPDX-License-Identifier: GPL-2.0-or-later
1da177e4
LT		 2/*
3 * Internet Control Message Protocol (ICMPv6)
4 * Linux INET6 implementation
5 *
6 * Authors:
7 * Pedro Roque <roque@di.fc.ul.pt>
8 *
1da177e4
LT		 9 * Based on net/ipv4/icmp.c
10 *
11 * RFC 1885
1da177e4
LT		 12 */
13
14/*
15 * Changes:
16 *
17 * Andi Kleen : exception handling
18 * Andi Kleen add rate limits. never reply to a icmp.
19 * add more length checks and other fixes.
20 * yoshfuji : ensure to sent parameter problem for
21 * fragments.
22 * YOSHIFUJI Hideaki @USAGI: added sysctl for icmp rate limit.
23 * Randy Dunlap and
24 * YOSHIFUJI Hideaki @USAGI: Per-interface statistics support
25 * Kazunori MIYAZAWA @USAGI: change output process to use ip6_append_data
26 */
27
f3213831
JP		 28#define pr_fmt(fmt) "IPv6: " fmt
29
1da177e4
LT		 30#include <linux/module.h>
31#include <linux/errno.h>
32#include <linux/types.h>
33#include <linux/socket.h>
34#include <linux/in.h>
35#include <linux/kernel.h>
1da177e4
LT		 36#include <linux/sockios.h>
37#include <linux/net.h>
38#include <linux/skbuff.h>
39#include <linux/init.h>
763ecff1 40#include <linux/netfilter.h>
5a0e3ad6 41#include <linux/slab.h>
1da177e4
LT		 42
43#ifdef CONFIG_SYSCTL
44#include <linux/sysctl.h>
45#endif
46
47#include <linux/inet.h>
48#include <linux/netdevice.h>
49#include <linux/icmpv6.h>
50
51#include <net/ip.h>
52#include <net/sock.h>
53
54#include <net/ipv6.h>
55#include <net/ip6_checksum.h>
6d0bfe22 56#include <net/ping.h>
1da177e4
LT		 57#include <net/protocol.h>
58#include <net/raw.h>
59#include <net/rawv6.h>
e4129440 60#include <net/seg6.h>
1da177e4
LT		 61#include <net/transp_v6.h>
62#include <net/ip6_route.h>
63#include <net/addrconf.h>
64#include <net/icmp.h>
8b7817f3 65#include <net/xfrm.h>
1ed8516f 66#include <net/inet_common.h>
825edac4 67#include <net/dsfield.h>
ca254490 68#include <net/l3mdev.h>
1da177e4 69
7c0f6ba6 70#include <linux/uaccess.h>
1da177e4 71
6a17b961 72static DEFINE_PER_CPU(struct sock *, ipv6_icmp_sk);
1da177e4 73
32bbd879 74static int icmpv6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
6f809da2
SK		 75 u8 type, u8 code, int offset, __be32 info)
76{
6d0bfe22
LC		 77 /* icmpv6_notify checks 8 bytes can be pulled, icmp6hdr is 8 bytes */
78 struct icmp6hdr *icmp6 = (struct icmp6hdr *) (skb->data + offset);
6f809da2
SK		 79 struct net *net = dev_net(skb->dev);
80
81 if (type == ICMPV6_PKT_TOOBIG)
5f379ef5 82 ip6_update_pmtu(skb, net, info, skb->dev->ifindex, 0, sock_net_uid(net, NULL));
6f809da2 83 else if (type == NDISC_REDIRECT)
e2d118a1
LC		 84 ip6_redirect(skb, net, skb->dev->ifindex, 0,
85 sock_net_uid(net, NULL));
6d0bfe22
LC		 86
87 if (!(type & ICMPV6_INFOMSG_MASK))
88 if (icmp6->icmp6_type == ICMPV6_ECHO_REQUEST)
dcb94b88 89 ping_err(skb, offset, ntohl(info));
32bbd879
SB		 90
91 return 0;
6f809da2
SK		 92}
93
e5bbef20 94static int icmpv6_rcv(struct sk_buff *skb);
1da177e4 95
41135cc8 96static const struct inet6_protocol icmpv6_protocol = {
1da177e4 97 .handler = icmpv6_rcv,
6f809da2 98 .err_handler = icmpv6_err,
8b7817f3 99 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
1da177e4
LT		 100};
101
7ba91ecb 102/* Called with BH disabled */
6a17b961 103static struct sock *icmpv6_xmit_lock(struct net *net)
1da177e4 104{
fdc0bde9
DL		 105 struct sock *sk;
106
6a17b961 107 sk = this_cpu_read(ipv6_icmp_sk);
405666db 108 if (unlikely(!spin_trylock(&sk->sk_lock.slock))) {
1da177e4
LT		 109 /* This can happen if the output path (f.e. SIT or
110 * ip6ip6 tunnel) signals dst_link_failure() for an
111 * outgoing ICMP6 packet.
112 */
fdc0bde9 113 return NULL;
1da177e4 114 }
6a17b961 115 sock_net_set(sk, net);
fdc0bde9 116 return sk;
1da177e4
LT		 117}
118
6a17b961 119static void icmpv6_xmit_unlock(struct sock *sk)
1da177e4 120{
6a17b961 121 sock_net_set(sk, &init_net);
7ba91ecb 122 spin_unlock(&sk->sk_lock.slock);
1da177e4
LT		 123}
124
1da177e4
LT		 125/*
126 * Figure out, may we reply to this packet with icmp error.
127 *
128 * We do not reply, if:
129 * - it was icmp error message.
130 * - it is truncated, so that it is known, that protocol is ICMPV6
131 * (i.e. in the middle of some exthdr)
132 *
133 * --ANK (980726)
134 */
135
a50feda5 136static bool is_ineligible(const struct sk_buff *skb)
1da177e4 137{
0660e03f 138 int ptr = (u8 *)(ipv6_hdr(skb) + 1) - skb->data;
1da177e4 139 int len = skb->len - ptr;
0660e03f 140 __u8 nexthdr = ipv6_hdr(skb)->nexthdr;
75f2811c 141 __be16 frag_off;
1da177e4
LT		 142
143 if (len < 0)
a50feda5 144 return true;
1da177e4 145
75f2811c 146 ptr = ipv6_skip_exthdr(skb, ptr, &nexthdr, &frag_off);
1da177e4 147 if (ptr < 0)
a50feda5 148 return false;
1da177e4
LT		 149 if (nexthdr == IPPROTO_ICMPV6) {
150 u8 _type, *tp;
151 tp = skb_header_pointer(skb,
152 ptr+offsetof(struct icmp6hdr, icmp6_type),
153 sizeof(_type), &_type);
2efdaaaf
HL		 154
155 /* Based on RFC 8200, Section 4.5 Fragment Header, return
156 * false if this is a fragment packet with no icmp header info.
157 */
158 if (!tp && frag_off != 0)
159 return false;
160 else if (!tp || !(*tp & ICMPV6_INFOMSG_MASK))
a50feda5 161 return true;
1da177e4 162 }
a50feda5 163 return false;
1da177e4
LT		 164}
165
0bc19985 166static bool icmpv6_mask_allow(struct net *net, int type)
c0303efe 167{
0bc19985 168 if (type > ICMPV6_MSG_MAX)
c0303efe
JDB		 169 return true;
170
0bc19985
SS		 171 /* Limit if icmp type is set in ratemask. */
172 if (!test_bit(type, net->ipv6.sysctl.icmpv6_ratemask))
c0303efe
JDB		 173 return true;
174
175 return false;
176}
177
8c2bd38b
ED		 178static bool icmpv6_global_allow(struct net *net, int type,
179 bool *apply_ratelimit)
c0303efe 180{
0bc19985 181 if (icmpv6_mask_allow(net, type))
c0303efe
JDB		 182 return true;
183
b056b4cd 184 if (icmp_global_allow(net)) {
8c2bd38b 185 *apply_ratelimit = true;
c0303efe 186 return true;
8c2bd38b 187 }
d0941130 188 __ICMP_INC_STATS(net, ICMP_MIB_RATELIMITGLOBAL);
c0303efe
JDB		 189 return false;
190}
191
1ab1457c
YH		 192/*
193 * Check the ICMP output rate limit
1da177e4 194 */
4cdf507d 195static bool icmpv6_xrlim_allow(struct sock *sk, u8 type,
8c2bd38b 196 struct flowi6 *fl6, bool apply_ratelimit)
1da177e4 197{
3b1e0a65 198 struct net *net = sock_net(sk);
4cdf507d 199 struct dst_entry *dst;
92d86829 200 bool res = false;
1da177e4 201
8c2bd38b 202 if (!apply_ratelimit)
92d86829 203 return true;
1da177e4 204
1ab1457c 205 /*
1da177e4
LT		 206 * Look up the output route.
207 * XXX: perhaps the expire for routing entries cloned by
208 * this lookup should be more aggressive (not longer than timeout).
209 */
4c9483b2 210 dst = ip6_route_output(net, sk, fl6);
1da177e4 211 if (dst->error) {
3bd653c8 212 IP6_INC_STATS(net, ip6_dst_idev(dst),
a11d206d 213 IPSTATS_MIB_OUTNOROUTES);
1da177e4 214 } else if (dst->dev && (dst->dev->flags&IFF_LOOPBACK)) {
92d86829 215 res = true;
1da177e4 216 } else {
e8dfd42c 217 struct rt6_info *rt = dst_rt6_info(dst);
9a43b709 218 int tmo = net->ipv6.sysctl.icmpv6_time;
c0303efe 219 struct inet_peer *peer;
1da177e4
LT		 220
221 /* Give more bandwidth to wider prefixes. */
222 if (rt->rt6i_dst.plen < 128)
223 tmo >>= ((128 - rt->rt6i_dst.plen)>>5);
224
c0303efe
JDB		 225 peer = inet_getpeer_v6(net->ipv6.peers, &fl6->daddr, 1);
226 res = inet_peer_xrlim_allow(peer, tmo);
227 if (peer)
228 inet_putpeer(peer);
1da177e4 229 }
d0941130
JB		 230 if (!res)
231 __ICMP6_INC_STATS(net, ip6_dst_idev(dst),
232 ICMP6_MIB_RATELIMITHOST);
8c2bd38b 233 else
b056b4cd 234 icmp_global_consume(net);
1da177e4
LT		 235 dst_release(dst);
236 return res;
237}
238
b93cfb9c
TS		 239static bool icmpv6_rt_has_prefsrc(struct sock *sk, u8 type,
240 struct flowi6 *fl6)
241{
242 struct net *net = sock_net(sk);
243 struct dst_entry *dst;
244 bool res = false;
245
246 dst = ip6_route_output(net, sk, fl6);
247 if (!dst->error) {
e8dfd42c 248 struct rt6_info *rt = dst_rt6_info(dst);
b93cfb9c
TS		 249 struct in6_addr prefsrc;
250
251 rt6_get_prefsrc(rt, &prefsrc);
252 res = !ipv6_addr_any(&prefsrc);
253 }
254 dst_release(dst);
255 return res;
256}
257
1da177e4
LT		 258/*
259 * an inline helper for the "simple" if statement below
260 * checks if parameter problem report is caused by an
1ab1457c 261 * unrecognized IPv6 option that has the Option Type
1da177e4
LT		 262 * highest-order two bits set to 10
263 */
264
a50feda5 265static bool opt_unrec(struct sk_buff *skb, __u32 offset)
1da177e4
LT		 266{
267 u8 _optval, *op;
268
bbe735e4 269 offset += skb_network_offset(skb);
1da177e4 270 op = skb_header_pointer(skb, offset, sizeof(_optval), &_optval);
63159f29 271 if (!op)
a50feda5 272 return true;
1da177e4
LT		 273 return (*op & 0xC0) == 0x80;
274}
275
4e64b1ed
JP		 276void icmpv6_push_pending_frames(struct sock *sk, struct flowi6 *fl6,
277 struct icmp6hdr *thdr, int len)
1da177e4
LT		 278{
279 struct sk_buff *skb;
280 struct icmp6hdr *icmp6h;
1da177e4 281
e5d08d71 282 skb = skb_peek(&sk->sk_write_queue);
63159f29 283 if (!skb)
4e64b1ed 284 return;
1da177e4 285
cc70ab26 286 icmp6h = icmp6_hdr(skb);
1da177e4
LT		 287 memcpy(icmp6h, thdr, sizeof(struct icmp6hdr));
288 icmp6h->icmp6_cksum = 0;
289
290 if (skb_queue_len(&sk->sk_write_queue) == 1) {
07f0757a 291 skb->csum = csum_partial(icmp6h,
1da177e4 292 sizeof(struct icmp6hdr), skb->csum);
4c9483b2
DM		 293 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr,
294 &fl6->daddr,
295 len, fl6->flowi6_proto,
1da177e4
LT		 296 skb->csum);
297 } else {
868c86bc 298 __wsum tmp_csum = 0;
1da177e4
LT		 299
300 skb_queue_walk(&sk->sk_write_queue, skb) {
301 tmp_csum = csum_add(tmp_csum, skb->csum);
302 }
303
07f0757a 304 tmp_csum = csum_partial(icmp6h,
1da177e4 305 sizeof(struct icmp6hdr), tmp_csum);
4c9483b2
DM		 306 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr,
307 &fl6->daddr,
308 len, fl6->flowi6_proto,
868c86bc 309 tmp_csum);
1da177e4 310 }
1da177e4 311 ip6_push_pending_frames(sk);
1da177e4
LT		 312}
313
314struct icmpv6_msg {
315 struct sk_buff *skb;
316 int offset;
763ecff1 317 uint8_t type;
1da177e4
LT		 318};
319
320static int icmpv6_getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb)
321{
322 struct icmpv6_msg *msg = (struct icmpv6_msg *) from;
323 struct sk_buff *org_skb = msg->skb;
8d5930df 324 __wsum csum;
1da177e4
LT		 325
326 csum = skb_copy_and_csum_bits(org_skb, msg->offset + offset,
8d5930df 327 to, len);
1da177e4 328 skb->csum = csum_block_add(skb->csum, csum, odd);
763ecff1
YK		 329 if (!(msg->type & ICMPV6_INFOMSG_MASK))
330 nf_ct_attach(skb, org_skb);
1da177e4
LT		 331 return 0;
332}
333
07a93626 334#if IS_ENABLED(CONFIG_IPV6_MIP6)
ee576c47 335static void mip6_addr_swap(struct sk_buff *skb, const struct inet6_skb_parm *opt)
79383236 336{
0660e03f 337 struct ipv6hdr *iph = ipv6_hdr(skb);
79383236 338 struct ipv6_destopt_hao *hao;
79383236
MN		 339 int off;
340
341 if (opt->dsthao) {
342 off = ipv6_find_tlv(skb, opt->dsthao, IPV6_TLV_HAO);
343 if (likely(off >= 0)) {
d56f90a7
ACM		 344 hao = (struct ipv6_destopt_hao *)
345 (skb_network_header(skb) + off);
bc617613 346 swap(iph->saddr, hao->addr);
79383236
MN		 347 }
348 }
349}
350#else
ee576c47 351static inline void mip6_addr_swap(struct sk_buff *skb, const struct inet6_skb_parm *opt) {}
79383236
MN		 352#endif
353
e8243534 354static struct dst_entry *icmpv6_route_lookup(struct net *net,
355 struct sk_buff *skb,
356 struct sock *sk,
357 struct flowi6 *fl6)
b42835db
DM		 358{
359 struct dst_entry *dst, *dst2;
4c9483b2 360 struct flowi6 fl2;
b42835db
DM		 361 int err;
362
343d60aa 363 err = ip6_dst_lookup(net, sk, &dst, fl6);
b42835db
DM		 364 if (err)
365 return ERR_PTR(err);
366
367 /*
368 * We won't send icmp if the destination is known
7ab75456 369 * anycast unless we need to treat anycast as unicast.
b42835db 370 */
7ab75456
MB		 371 if (!READ_ONCE(net->ipv6.sysctl.icmpv6_error_anycast_as_unicast) &&
372 ipv6_anycast_destination(dst, &fl6->daddr)) {
ba7a46f1 373 net_dbg_ratelimited("icmp6_send: acast source\n");
b42835db
DM		 374 dst_release(dst);
375 return ERR_PTR(-EINVAL);
376 }
377
378 /* No need to clone since we're just using its address. */
379 dst2 = dst;
380
4c9483b2 381 dst = xfrm_lookup(net, dst, flowi6_to_flowi(fl6), sk, 0);
452edd59 382 if (!IS_ERR(dst)) {
b42835db
DM		 383 if (dst != dst2)
384 return dst;
452edd59
DM		 385 } else {
386 if (PTR_ERR(dst) == -EPERM)
387 dst = NULL;
388 else
389 return dst;
b42835db
DM		 390 }
391
2b1dc628 392 err = xfrm_decode_session_reverse(net, skb, flowi6_to_flowi(&fl2), AF_INET6);
b42835db
DM		 393 if (err)
394 goto relookup_failed;
395
343d60aa 396 err = ip6_dst_lookup(net, sk, &dst2, &fl2);
b42835db
DM		 397 if (err)
398 goto relookup_failed;
399
4c9483b2 400 dst2 = xfrm_lookup(net, dst2, flowi6_to_flowi(&fl2), sk, XFRM_LOOKUP_ICMP);
452edd59 401 if (!IS_ERR(dst2)) {
b42835db
DM		 402 dst_release(dst);
403 dst = dst2;
452edd59
DM		 404 } else {
405 err = PTR_ERR(dst2);
406 if (err == -EPERM) {
407 dst_release(dst);
408 return dst2;
409 } else
410 goto relookup_failed;
b42835db
DM		 411 }
412
413relookup_failed:
414 if (dst)
415 return dst;
416 return ERR_PTR(err);
417}
418
e1ae5c2e 419static struct net_device *icmp6_dev(const struct sk_buff *skb)
1b70d792 420{
e1ae5c2e 421 struct net_device *dev = skb->dev;
1b70d792
DA		 422
423 /* for local traffic to local address, skb dev is the loopback
424 * device. Check if there is a dst attached to the skb and if so
24b711ed
DA		 425 * get the real device index. Same is needed for replies to a link
426 * local address on a device enslaved to an L3 master device
1b70d792 427 */
e1ae5c2e 428 if (unlikely(dev->ifindex == LOOPBACK_IFINDEX || netif_is_l3_master(skb->dev))) {
1b70d792
DA		 429 const struct rt6_info *rt6 = skb_rt6_info(skb);
430
2aaa8a15
KI		 431 /* The destination could be an external IP in Ext Hdr (SRv6, RPL, etc.),
432 * and ip6_null_entry could be set to skb if no route is found.
433 */
434 if (rt6 && rt6->rt6i_idev)
e1ae5c2e 435 dev = rt6->rt6i_idev->dev;
1b70d792
DA		 436 }
437
e1ae5c2e
SS		 438 return dev;
439}
440
441static int icmp6_iif(const struct sk_buff *skb)
442{
443 return icmp6_dev(skb)->ifindex;
1b70d792
DA		 444}
445
1da177e4
LT		 446/*
447 * Send an ICMP message in response to a packet in error
448 */
cc7a21b6 449void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info,
ee576c47
JD		 450 const struct in6_addr *force_saddr,
451 const struct inet6_skb_parm *parm)
1da177e4
LT		 452{
453 struct inet6_dev *idev = NULL;
0660e03f 454 struct ipv6hdr *hdr = ipv6_hdr(skb);
84427d53 455 struct sock *sk;
8d933670 456 struct net *net;
84427d53 457 struct ipv6_pinfo *np;
b71d1d42 458 const struct in6_addr *saddr = NULL;
8c2bd38b 459 bool apply_ratelimit = false;
1da177e4
LT		 460 struct dst_entry *dst;
461 struct icmp6hdr tmp_hdr;
4c9483b2 462 struct flowi6 fl6;
1da177e4 463 struct icmpv6_msg msg;
26879da5 464 struct ipcm6_cookie ipc6;
1da177e4
LT		 465 int iif = 0;
466 int addr_type = 0;
467 int len;
8d933670 468 u32 mark;
1da177e4 469
27a884dc 470 if ((u8 *)hdr < skb->head ||
29a3cad5 471 (skb_network_header(skb) + sizeof(*hdr)) > skb_tail_pointer(skb))
1da177e4
LT		 472 return;
473
8d933670
ED		 474 if (!skb->dev)
475 return;
476 net = dev_net(skb->dev);
477 mark = IP6_REPLY_MARK(net, skb->mark);
1da177e4 478 /*
1ab1457c 479 * Make sure we respect the rules
1da177e4 480 * i.e. RFC 1885 2.4(e)
5f5624cf 481 * Rule (e.1) is enforced by not using icmp6_send
1da177e4
LT		 482 * in any code that processes icmp errors.
483 */
484 addr_type = ipv6_addr_type(&hdr->daddr);
485
446fab59 486 if (ipv6_chk_addr(net, &hdr->daddr, skb->dev, 0) ||
d94c1f92 487 ipv6_chk_acast_addr_src(net, skb->dev, &hdr->daddr))
1da177e4
LT		 488 saddr = &hdr->daddr;
489
490 /*
491 * Dest addr check
492 */
493
9a6b4b39 494 if (addr_type & IPV6_ADDR_MULTICAST || skb->pkt_type != PACKET_HOST) {
1da177e4 495 if (type != ICMPV6_PKT_TOOBIG &&
1ab1457c
YH		 496 !(type == ICMPV6_PARAMPROB &&
497 code == ICMPV6_UNK_OPTION &&
1da177e4
LT		 498 (opt_unrec(skb, info))))
499 return;
500
501 saddr = NULL;
502 }
503
504 addr_type = ipv6_addr_type(&hdr->saddr);
505
506 /*
507 * Source addr check
508 */
509
4832c30d 510 if (__ipv6_addr_needs_scope_id(addr_type)) {
1b70d792 511 iif = icmp6_iif(skb);
4832c30d 512 } else {
272928d1
MD		 513 /*
514 * The source device is used for looking up which routing table
515 * to use for sending an ICMP error.
516 */
517 iif = l3mdev_master_ifindex(skb->dev);
79dc7e3f 518 }
1da177e4
LT		 519
520 /*
8de3351e
YH		 521 * Must not send error if the source does not uniquely
522 * identify a single node (RFC2463 Section 2.4).
523 * We check unspecified / multicast addresses here,
524 * and anycast addresses will be checked later.
1da177e4
LT		 525 */
526 if ((addr_type == IPV6_ADDR_ANY) || (addr_type & IPV6_ADDR_MULTICAST)) {
4b3418fb
BM		 527 net_dbg_ratelimited("icmp6_send: addr_any/mcast source [%pI6c > %pI6c]\n",
528 &hdr->saddr, &hdr->daddr);
1da177e4
LT		 529 return;
530 }
531
1ab1457c 532 /*
1da177e4
LT		 533 * Never answer to a ICMP packet.
534 */
535 if (is_ineligible(skb)) {
4b3418fb
BM		 536 net_dbg_ratelimited("icmp6_send: no reply to icmp error [%pI6c > %pI6c]\n",
537 &hdr->saddr, &hdr->daddr);
1da177e4
LT		 538 return;
539 }
540
8c2bd38b 541 /* Needed by both icmpv6_global_allow and icmpv6_xmit_lock */
7ba91ecb
JDB		 542 local_bh_disable();
543
544 /* Check global sysctl_icmp_msgs_per_sec ratelimit */
8c2bd38b
ED		 545 if (!(skb->dev->flags & IFF_LOOPBACK) &&
546 !icmpv6_global_allow(net, type, &apply_ratelimit))
7ba91ecb
JDB		 547 goto out_bh_enable;
548
ee576c47 549 mip6_addr_swap(skb, parm);
79383236 550
fac6fce9
FR		 551 sk = icmpv6_xmit_lock(net);
552 if (!sk)
553 goto out_bh_enable;
554
4c9483b2
DM		 555 memset(&fl6, 0, sizeof(fl6));
556 fl6.flowi6_proto = IPPROTO_ICMPV6;
4e3fd7a0 557 fl6.daddr = hdr->saddr;
b1cadc1a
ED		 558 if (force_saddr)
559 saddr = force_saddr;
fac6fce9 560 if (saddr) {
4e3fd7a0 561 fl6.saddr = *saddr;
b93cfb9c 562 } else if (!icmpv6_rt_has_prefsrc(sk, type, &fl6)) {
fac6fce9
FR		 563 /* select a more meaningful saddr from input if */
564 struct net_device *in_netdev;
565
ee576c47 566 in_netdev = dev_get_by_index(net, parm->iif);
fac6fce9
FR		 567 if (in_netdev) {
568 ipv6_dev_get_saddr(net, in_netdev, &fl6.daddr,
569 inet6_sk(sk)->srcprefs,
570 &fl6.saddr);
571 dev_put(in_netdev);
572 }
573 }
e110861f 574 fl6.flowi6_mark = mark;
4c9483b2 575 fl6.flowi6_oif = iif;
1958b856
DM		 576 fl6.fl6_icmp_type = type;
577 fl6.fl6_icmp_code = code;
e2d118a1 578 fl6.flowi6_uid = sock_net_uid(net, NULL);
b4bac172 579 fl6.mp_hash = rt6_multipath_hash(net, &fl6, skb, NULL);
3df98d79 580 security_skb_classify_flow(skb, flowi6_to_flowi_common(&fl6));
1da177e4 581
fdc0bde9 582 np = inet6_sk(sk);
405666db 583
8c2bd38b 584 if (!icmpv6_xrlim_allow(sk, type, &fl6, apply_ratelimit))
1da177e4
LT		 585 goto out;
586
587 tmp_hdr.icmp6_type = type;
588 tmp_hdr.icmp6_code = code;
589 tmp_hdr.icmp6_cksum = 0;
590 tmp_hdr.icmp6_pointer = htonl(info);
591
4c9483b2 592 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
d2f011a0 593 fl6.flowi6_oif = READ_ONCE(np->mcast_oif);
c4062dfc 594 else if (!fl6.flowi6_oif)
1ac13efd 595 fl6.flowi6_oif = READ_ONCE(np->ucast_oif);
1da177e4 596
1086ca7c 597 ipcm6_init_sk(&ipc6, sk);
0da7536f 598 ipc6.sockc.mark = mark;
38b7097b
HFS		 599 fl6.flowlabel = ip6_make_flowinfo(ipc6.tclass, fl6.flowlabel);
600
4c9483b2 601 dst = icmpv6_route_lookup(net, skb, sk, &fl6);
b42835db 602 if (IS_ERR(dst))
1da177e4 603 goto out;
8de3351e 604
26879da5 605 ipc6.hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst);
1da177e4
LT		 606
607 msg.skb = skb;
bbe735e4 608 msg.offset = skb_network_offset(skb);
763ecff1 609 msg.type = type;
1da177e4
LT		 610
611 len = skb->len - msg.offset;
67ba4152 612 len = min_t(unsigned int, len, IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(struct icmp6hdr));
1da177e4 613 if (len < 0) {
4b3418fb
BM		 614 net_dbg_ratelimited("icmp: len problem [%pI6c > %pI6c]\n",
615 &hdr->saddr, &hdr->daddr);
1da177e4
LT		 616 goto out_dst_release;
617 }
618
cfdf7647
ED		 619 rcu_read_lock();
620 idev = __in6_dev_get(skb->dev);
1da177e4 621
4e64b1ed
JP		 622 if (ip6_append_data(sk, icmpv6_getfrag, &msg,
623 len + sizeof(struct icmp6hdr),
624 sizeof(struct icmp6hdr),
e8dfd42c 625 &ipc6, &fl6, dst_rt6_info(dst),
5fdaa88d 626 MSG_DONTWAIT)) {
43a43b60 627 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTERRORS);
1da177e4 628 ip6_flush_pending_frames(sk);
cfdf7647 629 } else {
4e64b1ed
JP		 630 icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr,
631 len + sizeof(struct icmp6hdr));
1da177e4 632 }
cfdf7647 633 rcu_read_unlock();
1da177e4
LT		 634out_dst_release:
635 dst_release(dst);
636out:
405666db 637 icmpv6_xmit_unlock(sk);
7ba91ecb
JDB		 638out_bh_enable:
639 local_bh_enable();
1da177e4 640}
cc7a21b6 641EXPORT_SYMBOL(icmp6_send);
5f5624cf 642
1ad6d548 643/* Slightly more convenient version of icmp6_send with drop reasons.
5f5624cf 644 */
1ad6d548
MD		 645void icmpv6_param_prob_reason(struct sk_buff *skb, u8 code, int pos,
646 enum skb_drop_reason reason)
5f5624cf 647{
ee576c47 648 icmp6_send(skb, ICMPV6_PARAMPROB, code, pos, NULL, IP6CB(skb));
1ad6d548 649 kfree_skb_reason(skb, reason);
5f5624cf 650}
7159039a 651
5fbba8ac
ED		 652/* Generate icmpv6 with type/code ICMPV6_DEST_UNREACH/ICMPV6_ADDR_UNREACH
653 * if sufficient data bytes are available
654 * @nhs is the size of the tunnel header(s) :
655 * Either an IPv4 header for SIT encap
656 * an IPv4 header + GRE header for GRE encap
657 */
20e1954f
ED		 658int ip6_err_gen_icmpv6_unreach(struct sk_buff *skb, int nhs, int type,
659 unsigned int data_len)
5fbba8ac 660{
2d7a3b27 661 struct in6_addr temp_saddr;
5fbba8ac
ED		 662 struct rt6_info *rt;
663 struct sk_buff *skb2;
20e1954f 664 u32 info = 0;
5fbba8ac
ED		 665
666 if (!pskb_may_pull(skb, nhs + sizeof(struct ipv6hdr) + 8))
667 return 1;
668
20e1954f
ED		 669 /* RFC 4884 (partial) support for ICMP extensions */
670 if (data_len < 128 || (data_len & 7) || skb->len < data_len)
671 data_len = 0;
672
673 skb2 = data_len ? skb_copy(skb, GFP_ATOMIC) : skb_clone(skb, GFP_ATOMIC);
5fbba8ac
ED		 674
675 if (!skb2)
676 return 1;
677
678 skb_dst_drop(skb2);
679 skb_pull(skb2, nhs);
680 skb_reset_network_header(skb2);
681
b75cc8f9
DA		 682 rt = rt6_lookup(dev_net(skb->dev), &ipv6_hdr(skb2)->saddr, NULL, 0,
683 skb, 0);
5fbba8ac
ED		 684
685 if (rt && rt->dst.dev)
686 skb2->dev = rt->dst.dev;
687
2d7a3b27 688 ipv6_addr_set_v4mapped(ip_hdr(skb)->saddr, &temp_saddr);
20e1954f
ED		 689
690 if (data_len) {
691 /* RFC 4884 (partial) support :
692 * insert 0 padding at the end, before the extensions
693 */
694 __skb_push(skb2, nhs);
695 skb_reset_network_header(skb2);
696 memmove(skb2->data, skb2->data + nhs, data_len - nhs);
697 memset(skb2->data + data_len - nhs, 0, nhs);
698 /* RFC 4884 4.5 : Length is measured in 64-bit words,
699 * and stored in reserved[0]
700 */
701 info = (data_len/8) << 24;
702 }
2d7a3b27
ED		 703 if (type == ICMP_TIME_EXCEEDED)
704 icmp6_send(skb2, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT,
ee576c47 705 info, &temp_saddr, IP6CB(skb2));
2d7a3b27
ED		 706 else
707 icmp6_send(skb2, ICMPV6_DEST_UNREACH, ICMPV6_ADDR_UNREACH,
ee576c47 708 info, &temp_saddr, IP6CB(skb2));
5fbba8ac
ED		 709 if (rt)
710 ip6_rt_put(rt);
711
712 kfree_skb(skb2);
713
714 return 0;
715}
716EXPORT_SYMBOL(ip6_err_gen_icmpv6_unreach);
717
ac03694b 718static enum skb_drop_reason icmpv6_echo_reply(struct sk_buff *skb)
1da177e4 719{
c346dca1 720 struct net *net = dev_net(skb->dev);
84427d53 721 struct sock *sk;
1da177e4 722 struct inet6_dev *idev;
84427d53 723 struct ipv6_pinfo *np;
b71d1d42 724 const struct in6_addr *saddr = NULL;
cc70ab26 725 struct icmp6hdr *icmph = icmp6_hdr(skb);
8c2bd38b 726 bool apply_ratelimit = false;
1da177e4 727 struct icmp6hdr tmp_hdr;
4c9483b2 728 struct flowi6 fl6;
1da177e4
LT		 729 struct icmpv6_msg msg;
730 struct dst_entry *dst;
26879da5 731 struct ipcm6_cookie ipc6;
e110861f 732 u32 mark = IP6_REPLY_MARK(net, skb->mark);
ac03694b 733 SKB_DR(reason);
0b03a5ca 734 bool acast;
1fd07f33 735 u8 type;
1da177e4 736
03f1eccc
SS		 737 if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr) &&
738 net->ipv6.sysctl.icmpv6_echo_ignore_multicast)
ac03694b 739 return reason;
03f1eccc 740
0660e03f 741 saddr = &ipv6_hdr(skb)->daddr;
1da177e4 742
0b03a5ca
SS		 743 acast = ipv6_anycast_destination(skb_dst(skb), saddr);
744 if (acast && net->ipv6.sysctl.icmpv6_echo_ignore_anycast)
ac03694b 745 return reason;
0b03a5ca 746
509aba3b 747 if (!ipv6_unicast_destination(skb) &&
0b03a5ca 748 !(net->ipv6.sysctl.anycast_src_echo_reply && acast))
1da177e4
LT		 749 saddr = NULL;
750
1fd07f33
AR		 751 if (icmph->icmp6_type == ICMPV6_EXT_ECHO_REQUEST)
752 type = ICMPV6_EXT_ECHO_REPLY;
753 else
754 type = ICMPV6_ECHO_REPLY;
755
1da177e4 756 memcpy(&tmp_hdr, icmph, sizeof(tmp_hdr));
1fd07f33 757 tmp_hdr.icmp6_type = type;
1da177e4 758
4c9483b2 759 memset(&fl6, 0, sizeof(fl6));
a346abe0
ED		 760 if (net->ipv6.sysctl.flowlabel_reflect & FLOWLABEL_REFLECT_ICMPV6_ECHO_REPLIES)
761 fl6.flowlabel = ip6_flowlabel(ipv6_hdr(skb));
762
4c9483b2 763 fl6.flowi6_proto = IPPROTO_ICMPV6;
4e3fd7a0 764 fl6.daddr = ipv6_hdr(skb)->saddr;
1da177e4 765 if (saddr)
4e3fd7a0 766 fl6.saddr = *saddr;
1b70d792 767 fl6.flowi6_oif = icmp6_iif(skb);
1fd07f33 768 fl6.fl6_icmp_type = type;
e110861f 769 fl6.flowi6_mark = mark;
e2d118a1 770 fl6.flowi6_uid = sock_net_uid(net, NULL);
3df98d79 771 security_skb_classify_flow(skb, flowi6_to_flowi_common(&fl6));
1da177e4 772
7ba91ecb 773 local_bh_disable();
fdc0bde9 774 sk = icmpv6_xmit_lock(net);
63159f29 775 if (!sk)
7ba91ecb 776 goto out_bh_enable;
fdc0bde9 777 np = inet6_sk(sk);
405666db 778
4c9483b2 779 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
d2f011a0 780 fl6.flowi6_oif = READ_ONCE(np->mcast_oif);
c4062dfc 781 else if (!fl6.flowi6_oif)
1ac13efd 782 fl6.flowi6_oif = READ_ONCE(np->ucast_oif);
1da177e4 783
4e64b1ed 784 if (ip6_dst_lookup(net, sk, &dst, &fl6))
1da177e4 785 goto out;
4c9483b2 786 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), sk, 0);
452edd59 787 if (IS_ERR(dst))
e104411b 788 goto out;
1da177e4 789
0bc19985 790 /* Check the ratelimit */
8c2bd38b
ED		 791 if ((!(skb->dev->flags & IFF_LOOPBACK) &&
792 !icmpv6_global_allow(net, ICMPV6_ECHO_REPLY, &apply_ratelimit)) ||
793 !icmpv6_xrlim_allow(sk, ICMPV6_ECHO_REPLY, &fl6, apply_ratelimit))
0bc19985
SS		 794 goto out_dst_release;
795
cfdf7647 796 idev = __in6_dev_get(skb->dev);
1da177e4
LT		 797
798 msg.skb = skb;
799 msg.offset = 0;
1fd07f33 800 msg.type = type;
1da177e4 801
1086ca7c 802 ipcm6_init_sk(&ipc6, sk);
26879da5
WW		 803 ipc6.hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst);
804 ipc6.tclass = ipv6_get_dsfield(ipv6_hdr(skb));
0da7536f 805 ipc6.sockc.mark = mark;
26879da5 806
1fd07f33
AR		 807 if (icmph->icmp6_type == ICMPV6_EXT_ECHO_REQUEST)
808 if (!icmp_build_probe(skb, (struct icmphdr *)&tmp_hdr))
809 goto out_dst_release;
810
4e64b1ed
JP		 811 if (ip6_append_data(sk, icmpv6_getfrag, &msg,
812 skb->len + sizeof(struct icmp6hdr),
813 sizeof(struct icmp6hdr), &ipc6, &fl6,
e8dfd42c 814 dst_rt6_info(dst), MSG_DONTWAIT)) {
a16292a0 815 __ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTERRORS);
1da177e4 816 ip6_flush_pending_frames(sk);
cfdf7647 817 } else {
4e64b1ed
JP		 818 icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr,
819 skb->len + sizeof(struct icmp6hdr));
ac03694b 820 reason = SKB_CONSUMED;
1da177e4 821 }
0bc19985 822out_dst_release:
1da177e4 823 dst_release(dst);
1ab1457c 824out:
405666db 825 icmpv6_xmit_unlock(sk);
7ba91ecb
JDB		 826out_bh_enable:
827 local_bh_enable();
ac03694b 828 return reason;
1da177e4
LT		 829}
830
30c89bad
ED		 831enum skb_drop_reason icmpv6_notify(struct sk_buff *skb, u8 type,
832 u8 code, __be32 info)
1da177e4 833{
e4129440 834 struct inet6_skb_parm *opt = IP6CB(skb);
30c89bad 835 struct net *net = dev_net(skb->dev);
41135cc8 836 const struct inet6_protocol *ipprot;
30c89bad 837 enum skb_drop_reason reason;
1da177e4 838 int inner_offset;
75f2811c 839 __be16 frag_off;
f9242b6b 840 u8 nexthdr;
1da177e4 841
30c89bad
ED		 842 reason = pskb_may_pull_reason(skb, sizeof(struct ipv6hdr));
843 if (reason != SKB_NOT_DROPPED_YET)
7304fe46 844 goto out;
1da177e4 845
e4129440
AL		 846 seg6_icmp_srh(skb, opt);
847
1da177e4
LT		 848 nexthdr = ((struct ipv6hdr *)skb->data)->nexthdr;
849 if (ipv6_ext_hdr(nexthdr)) {
850 /* now skip over extension headers */
75f2811c
JG		 851 inner_offset = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr),
852 &nexthdr, &frag_off);
30c89bad
ED		 853 if (inner_offset < 0) {
854 SKB_DR_SET(reason, IPV6_BAD_EXTHDR);
7304fe46 855 goto out;
30c89bad 856 }
1da177e4
LT		 857 } else {
858 inner_offset = sizeof(struct ipv6hdr);
859 }
860
861 /* Checkin header including 8 bytes of inner protocol header. */
30c89bad
ED		 862 reason = pskb_may_pull_reason(skb, inner_offset + 8);
863 if (reason != SKB_NOT_DROPPED_YET)
7304fe46 864 goto out;
1da177e4 865
1da177e4
LT		 866 /* BUGGG_FUTURE: we should try to parse exthdrs in this packet.
867 Without this we will not able f.e. to make source routed
868 pmtu discovery.
869 Corresponding argument (opt) to notifiers is already added.
870 --ANK (980726)
871 */
872
f9242b6b 873 ipprot = rcu_dereference(inet6_protos[nexthdr]);
1da177e4 874 if (ipprot && ipprot->err_handler)
e4129440 875 ipprot->err_handler(skb, opt, type, code, inner_offset, info);
1da177e4 876
69d6da0b 877 raw6_icmp_error(skb, nexthdr, type, code, inner_offset, info);
30c89bad 878 return SKB_CONSUMED;
7304fe46
DJ		 879
880out:
a16292a0 881 __ICMP6_INC_STATS(net, __in6_dev_get(skb->dev), ICMP6_MIB_INERRORS);
30c89bad 882 return reason;
1da177e4 883}
1ab1457c 884
1da177e4
LT		 885/*
886 * Handle icmp messages
887 */
888
e5bbef20 889static int icmpv6_rcv(struct sk_buff *skb)
1da177e4 890{
b384c95a 891 enum skb_drop_reason reason = SKB_DROP_REASON_NOT_SPECIFIED;
e6f86b0f 892 struct net *net = dev_net(skb->dev);
e1ae5c2e 893 struct net_device *dev = icmp6_dev(skb);
1da177e4 894 struct inet6_dev *idev = __in6_dev_get(dev);
b71d1d42 895 const struct in6_addr *saddr, *daddr;
1da177e4 896 struct icmp6hdr *hdr;
d5fdd6ba 897 u8 type;
1da177e4 898
aebcf82c 899 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
def8b4fa 900 struct sec_path *sp = skb_sec_path(skb);
8b7817f3
HX		 901 int nh;
902
def8b4fa 903 if (!(sp && sp->xvec[sp->len - 1]->props.flags &
b384c95a
MD		 904 XFRM_STATE_ICMP)) {
905 reason = SKB_DROP_REASON_XFRM_POLICY;
aebcf82c 906 goto drop_no_count;
b384c95a 907 }
aebcf82c 908
81aded24 909 if (!pskb_may_pull(skb, sizeof(*hdr) + sizeof(struct ipv6hdr)))
8b7817f3
HX		 910 goto drop_no_count;
911
912 nh = skb_network_offset(skb);
913 skb_set_network_header(skb, sizeof(*hdr));
914
b384c95a
MD		 915 if (!xfrm6_policy_check_reverse(NULL, XFRM_POLICY_IN,
916 skb)) {
917 reason = SKB_DROP_REASON_XFRM_POLICY;
8b7817f3 918 goto drop_no_count;
b384c95a 919 }
8b7817f3
HX		 920
921 skb_set_network_header(skb, nh);
922 }
923
a16292a0 924 __ICMP6_INC_STATS(dev_net(dev), idev, ICMP6_MIB_INMSGS);
1da177e4 925
0660e03f
ACM		 926 saddr = &ipv6_hdr(skb)->saddr;
927 daddr = &ipv6_hdr(skb)->daddr;
1da177e4 928
39471ac8 929 if (skb_checksum_validate(skb, IPPROTO_ICMPV6, ip6_compute_pseudo)) {
ba7a46f1
JP		 930 net_dbg_ratelimited("ICMPv6 checksum failed [%pI6c > %pI6c]\n",
931 saddr, daddr);
39471ac8 932 goto csum_error;
1da177e4
LT		 933 }
934
8cf22943
HX		 935 if (!pskb_pull(skb, sizeof(*hdr)))
936 goto discard_it;
1da177e4 937
cc70ab26 938 hdr = icmp6_hdr(skb);
1da177e4
LT		 939
940 type = hdr->icmp6_type;
941
f3832ed2 942 ICMP6MSGIN_INC_STATS(dev_net(dev), idev, type);
1da177e4
LT		 943
944 switch (type) {
945 case ICMPV6_ECHO_REQUEST:
e6f86b0f 946 if (!net->ipv6.sysctl.icmpv6_echo_ignore_all)
ac03694b 947 reason = icmpv6_echo_reply(skb);
1da177e4 948 break;
1fd07f33
AR		 949 case ICMPV6_EXT_ECHO_REQUEST:
950 if (!net->ipv6.sysctl.icmpv6_echo_ignore_all &&
4a2f7083 951 READ_ONCE(net->ipv4.sysctl_icmp_echo_enable_probe))
ac03694b 952 reason = icmpv6_echo_reply(skb);
1fd07f33 953 break;
1da177e4
LT		 954
955 case ICMPV6_ECHO_REPLY:
b384c95a 956 reason = ping_rcv(skb);
1da177e4
LT		 957 break;
958
31433202 959 case ICMPV6_EXT_ECHO_REPLY:
b384c95a 960 reason = ping_rcv(skb);
31433202
AR		 961 break;
962
1da177e4
LT		 963 case ICMPV6_PKT_TOOBIG:
964 /* BUGGG_FUTURE: if packet contains rthdr, we cannot update
965 standard destination cache. Seems, only "advanced"
966 destination cache will allow to solve this problem
967 --ANK (980726)
968 */
969 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
970 goto discard_it;
cc70ab26 971 hdr = icmp6_hdr(skb);
1da177e4 972
275757e6 973 /* to notify */
a8eceea8 974 fallthrough;
1da177e4
LT		 975 case ICMPV6_DEST_UNREACH:
976 case ICMPV6_TIME_EXCEED:
977 case ICMPV6_PARAMPROB:
30c89bad
ED		 978 reason = icmpv6_notify(skb, type, hdr->icmp6_code,
979 hdr->icmp6_mtu);
1da177e4
LT		 980 break;
981
982 case NDISC_ROUTER_SOLICITATION:
983 case NDISC_ROUTER_ADVERTISEMENT:
984 case NDISC_NEIGHBOUR_SOLICITATION:
985 case NDISC_NEIGHBOUR_ADVERTISEMENT:
986 case NDISC_REDIRECT:
545dbcd1 987 reason = ndisc_rcv(skb);
1da177e4
LT		 988 break;
989
990 case ICMPV6_MGM_QUERY:
991 igmp6_event_query(skb);
f185de28 992 return 0;
1da177e4
LT		 993
994 case ICMPV6_MGM_REPORT:
995 igmp6_event_report(skb);
f185de28 996 return 0;
1da177e4
LT		 997
998 case ICMPV6_MGM_REDUCTION:
999 case ICMPV6_NI_QUERY:
1000 case ICMPV6_NI_REPLY:
1001 case ICMPV6_MLD2_REPORT:
1002 case ICMPV6_DHAAD_REQUEST:
1003 case ICMPV6_DHAAD_REPLY:
1004 case ICMPV6_MOBILE_PREFIX_SOL:
1005 case ICMPV6_MOBILE_PREFIX_ADV:
1006 break;
1007
1008 default:
1da177e4
LT		 1009 /* informational */
1010 if (type & ICMPV6_INFOMSG_MASK)
1011 break;
1012
4b3418fb
BM		 1013 net_dbg_ratelimited("icmpv6: msg of unknown type [%pI6c > %pI6c]\n",
1014 saddr, daddr);
ea85a0a2 1015
1ab1457c
YH		 1016 /*
1017 * error of unknown type.
1018 * must pass to upper level
1da177e4
LT		 1019 */
1020
30c89bad
ED		 1021 reason = icmpv6_notify(skb, type, hdr->icmp6_code,
1022 hdr->icmp6_mtu);
3ff50b79
SH		 1023 }
1024
e3e32170
RJ		 1025 /* until the v6 path can be better sorted assume failure and
1026 * preserve the status quo behaviour for the rest of the paths to here
1027 */
b384c95a
MD		 1028 if (reason)
1029 kfree_skb_reason(skb, reason);
e3e32170 1030 else
b384c95a 1031 consume_skb(skb);
e3e32170 1032
1da177e4
LT		 1033 return 0;
1034
6a5dc9e5 1035csum_error:
b384c95a 1036 reason = SKB_DROP_REASON_ICMP_CSUM;
a16292a0 1037 __ICMP6_INC_STATS(dev_net(dev), idev, ICMP6_MIB_CSUMERRORS);
1da177e4 1038discard_it:
a16292a0 1039 __ICMP6_INC_STATS(dev_net(dev), idev, ICMP6_MIB_INERRORS);
8b7817f3 1040drop_no_count:
b384c95a 1041 kfree_skb_reason(skb, reason);
1da177e4
LT		 1042 return 0;
1043}
1044
5bc67a85 1045void icmpv6_flow_init(const struct sock *sk, struct flowi6 *fl6, u8 type,
95e41e93 1046 const struct in6_addr *saddr,
5bc67a85 1047 const struct in6_addr *daddr, int oif)
95e41e93 1048{
4c9483b2 1049 memset(fl6, 0, sizeof(*fl6));
4e3fd7a0
AD		 1050 fl6->saddr = *saddr;
1051 fl6->daddr = *daddr;
67ba4152 1052 fl6->flowi6_proto = IPPROTO_ICMPV6;
1958b856
DM		 1053 fl6->fl6_icmp_type = type;
1054 fl6->fl6_icmp_code = 0;
4c9483b2 1055 fl6->flowi6_oif = oif;
3df98d79 1056 security_sk_classify_flow(sk, flowi6_to_flowi_common(fl6));
95e41e93
YH		 1057}
1058
6a17b961 1059int __init icmpv6_init(void)
1da177e4
LT		 1060{
1061 struct sock *sk;
3232a1ef 1062 int err, i;
1da177e4 1063
6f912042 1064 for_each_possible_cpu(i) {
1ed8516f 1065 err = inet_ctl_sock_create(&sk, PF_INET6,
6a17b961 1066 SOCK_RAW, IPPROTO_ICMPV6, &init_net);
1da177e4 1067 if (err < 0) {
f3213831 1068 pr_err("Failed to initialize the ICMP6 control socket (err %d)\n",
1da177e4 1069 err);
6a17b961 1070 return err;
1da177e4
LT		 1071 }
1072
6a17b961 1073 per_cpu(ipv6_icmp_sk, i) = sk;
5c8cafd6 1074
1da177e4
LT		 1075 /* Enough space for 2 64K ICMP packets, including
1076 * sk_buff struct overhead.
1077 */
87fb4b7b 1078 sk->sk_sndbuf = 2 * SKB_TRUESIZE(64 * 1024);
1da177e4 1079 }
98c6d1b2
DL		 1080
1081 err = -EAGAIN;
1082 if (inet6_add_protocol(&icmpv6_protocol, IPPROTO_ICMPV6) < 0)
1083 goto fail;
5f5624cf
PS		 1084
1085 err = inet6_register_icmp_sender(icmp6_send);
1086 if (err)
1087 goto sender_reg_err;
98c6d1b2
DL		 1088 return 0;
1089
5f5624cf
PS		 1090sender_reg_err:
1091 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6);
98c6d1b2 1092fail:
f3213831 1093 pr_err("Failed to register ICMP6 protocol\n");
98c6d1b2
DL		 1094 return err;
1095}
1096
8ed7edce 1097void icmpv6_cleanup(void)
98c6d1b2 1098{
5f5624cf 1099 inet6_unregister_icmp_sender(icmp6_send);
1da177e4
LT		 1100 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6);
1101}
1102
98c6d1b2 1103
9b5b5cff 1104static const struct icmp6_err {
1da177e4
LT		 1105 int err;
1106 int fatal;
1107} tab_unreach[] = {
1108 { /* NOROUTE */
1109 .err = ENETUNREACH,
1110 .fatal = 0,
1111 },
1112 { /* ADM_PROHIBITED */
1113 .err = EACCES,
1114 .fatal = 1,
1115 },
1116 { /* Was NOT_NEIGHBOUR, now reserved */
1117 .err = EHOSTUNREACH,
1118 .fatal = 0,
1119 },
1120 { /* ADDR_UNREACH */
1121 .err = EHOSTUNREACH,
1122 .fatal = 0,
1123 },
1124 { /* PORT_UNREACH */
1125 .err = ECONNREFUSED,
1126 .fatal = 1,
1127 },
61e76b17
JB		 1128 { /* POLICY_FAIL */
1129 .err = EACCES,
1130 .fatal = 1,
1131 },
1132 { /* REJECT_ROUTE */
1133 .err = EACCES,
1134 .fatal = 1,
1135 },
1da177e4
LT		 1136};
1137
d5fdd6ba 1138int icmpv6_err_convert(u8 type, u8 code, int *err)
1da177e4
LT		 1139{
1140 int fatal = 0;
1141
1142 *err = EPROTO;
1143
1144 switch (type) {
1145 case ICMPV6_DEST_UNREACH:
1146 fatal = 1;
61e76b17 1147 if (code < ARRAY_SIZE(tab_unreach)) {
1da177e4
LT		 1148 *err = tab_unreach[code].err;
1149 fatal = tab_unreach[code].fatal;
1150 }
1151 break;
1152
1153 case ICMPV6_PKT_TOOBIG:
1154 *err = EMSGSIZE;
1155 break;
1ab1457c 1156
1da177e4
LT		 1157 case ICMPV6_PARAMPROB:
1158 *err = EPROTO;
1159 fatal = 1;
1160 break;
1161
1162 case ICMPV6_TIME_EXCEED:
1163 *err = EHOSTUNREACH;
1164 break;
3ff50b79 1165 }
1da177e4
LT		 1166
1167 return fatal;
1168}
7159039a
YH		 1169EXPORT_SYMBOL(icmpv6_err_convert);
1170
1da177e4 1171#ifdef CONFIG_SYSCTL
e8243534 1172static struct ctl_table ipv6_icmp_table_template[] = {
1da177e4 1173 {
1da177e4 1174 .procname = "ratelimit",
41a76906 1175 .data = &init_net.ipv6.sysctl.icmpv6_time,
1da177e4
LT		 1176 .maxlen = sizeof(int),
1177 .mode = 0644,
6d9f239a 1178 .proc_handler = proc_dointvec_ms_jiffies,
1da177e4 1179 },
e6f86b0f
VJ		 1180 {
1181 .procname = "echo_ignore_all",
1182 .data = &init_net.ipv6.sysctl.icmpv6_echo_ignore_all,
a6175633 1183 .maxlen = sizeof(u8),
e6f86b0f 1184 .mode = 0644,
a6175633 1185 .proc_handler = proc_dou8vec_minmax,
e6f86b0f 1186 },
03f1eccc
SS		 1187 {
1188 .procname = "echo_ignore_multicast",
1189 .data = &init_net.ipv6.sysctl.icmpv6_echo_ignore_multicast,
a6175633 1190 .maxlen = sizeof(u8),
03f1eccc 1191 .mode = 0644,
a6175633 1192 .proc_handler = proc_dou8vec_minmax,
03f1eccc 1193 },
0b03a5ca
SS		 1194 {
1195 .procname = "echo_ignore_anycast",
1196 .data = &init_net.ipv6.sysctl.icmpv6_echo_ignore_anycast,
a6175633 1197 .maxlen = sizeof(u8),
0b03a5ca 1198 .mode = 0644,
a6175633 1199 .proc_handler = proc_dou8vec_minmax,
0b03a5ca 1200 },
0bc19985
SS		 1201 {
1202 .procname = "ratemask",
1203 .data = &init_net.ipv6.sysctl.icmpv6_ratemask_ptr,
1204 .maxlen = ICMPV6_MSG_MAX + 1,
1205 .mode = 0644,
1206 .proc_handler = proc_do_large_bitmap,
1207 },
7ab75456
MB		 1208 {
1209 .procname = "error_anycast_as_unicast",
1210 .data = &init_net.ipv6.sysctl.icmpv6_error_anycast_as_unicast,
1211 .maxlen = sizeof(u8),
1212 .mode = 0644,
1213 .proc_handler = proc_dou8vec_minmax,
1214 .extra1 = SYSCTL_ZERO,
1215 .extra2 = SYSCTL_ONE,
1216 },
1da177e4 1217};
760f2d01 1218
2c8c1e72 1219struct ctl_table * __net_init ipv6_icmp_sysctl_init(struct net *net)
760f2d01
DL		 1220{
1221 struct ctl_table *table;
1222
1223 table = kmemdup(ipv6_icmp_table_template,
1224 sizeof(ipv6_icmp_table_template),
1225 GFP_KERNEL);
5ee09105 1226
e6f86b0f 1227 if (table) {
5ee09105 1228 table[0].data = &net->ipv6.sysctl.icmpv6_time;
e6f86b0f 1229 table[1].data = &net->ipv6.sysctl.icmpv6_echo_ignore_all;
03f1eccc 1230 table[2].data = &net->ipv6.sysctl.icmpv6_echo_ignore_multicast;
0b03a5ca 1231 table[3].data = &net->ipv6.sysctl.icmpv6_echo_ignore_anycast;
0bc19985 1232 table[4].data = &net->ipv6.sysctl.icmpv6_ratemask_ptr;
7ab75456 1233 table[5].data = &net->ipv6.sysctl.icmpv6_error_anycast_as_unicast;
e6f86b0f 1234 }
760f2d01
DL		 1235 return table;
1236}
c899710f
JG		 1237
1238size_t ipv6_icmp_sysctl_table_size(void)
1239{
1240 return ARRAY_SIZE(ipv6_icmp_table_template);
1241}
1da177e4 1242#endif
Linux 6.x block layer and io_uring tree(s)