1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * Internet Control Message Protocol (ICMPv6)
4 * Linux INET6 implementation
7 * Pedro Roque <roque@di.fc.ul.pt>
9 * Based on net/ipv4/icmp.c
17 * Andi Kleen : exception handling
18 * Andi Kleen add rate limits. never reply to a icmp.
19 * add more length checks and other fixes.
20 * yoshfuji : ensure to sent parameter problem for
22 * YOSHIFUJI Hideaki @USAGI: added sysctl for icmp rate limit.
24 * YOSHIFUJI Hideaki @USAGI: Per-interface statistics support
25 * Kazunori MIYAZAWA @USAGI: change output process to use ip6_append_data
28 #define pr_fmt(fmt) "IPv6: " fmt
30 #include <linux/module.h>
31 #include <linux/errno.h>
32 #include <linux/types.h>
33 #include <linux/socket.h>
35 #include <linux/kernel.h>
36 #include <linux/sockios.h>
37 #include <linux/net.h>
38 #include <linux/skbuff.h>
39 #include <linux/init.h>
40 #include <linux/netfilter.h>
41 #include <linux/slab.h>
44 #include <linux/sysctl.h>
47 #include <linux/inet.h>
48 #include <linux/netdevice.h>
49 #include <linux/icmpv6.h>
55 #include <net/ip6_checksum.h>
57 #include <net/protocol.h>
59 #include <net/rawv6.h>
61 #include <net/transp_v6.h>
62 #include <net/ip6_route.h>
63 #include <net/addrconf.h>
66 #include <net/inet_common.h>
67 #include <net/dsfield.h>
68 #include <net/l3mdev.h>
70 #include <linux/uaccess.h>
72 static DEFINE_PER_CPU(struct sock *, ipv6_icmp_sk);
74 static int icmpv6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
75 u8 type, u8 code, int offset, __be32 info)
77 /* icmpv6_notify checks 8 bytes can be pulled, icmp6hdr is 8 bytes */
78 struct icmp6hdr *icmp6 = (struct icmp6hdr *) (skb->data + offset);
79 struct net *net = dev_net_rcu(skb->dev);
81 if (type == ICMPV6_PKT_TOOBIG)
82 ip6_update_pmtu(skb, net, info, skb->dev->ifindex, 0, sock_net_uid(net, NULL));
83 else if (type == NDISC_REDIRECT)
84 ip6_redirect(skb, net, skb->dev->ifindex, 0,
85 sock_net_uid(net, NULL));
87 if (!(type & ICMPV6_INFOMSG_MASK))
88 if (icmp6->icmp6_type == ICMPV6_ECHO_REQUEST)
89 ping_err(skb, offset, ntohl(info));
94 static int icmpv6_rcv(struct sk_buff *skb);
96 static const struct inet6_protocol icmpv6_protocol = {
97 .handler = icmpv6_rcv,
98 .err_handler = icmpv6_err,
99 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
102 /* Called with BH disabled */
103 static struct sock *icmpv6_xmit_lock(struct net *net)
107 sk = this_cpu_read(ipv6_icmp_sk);
108 if (unlikely(!spin_trylock(&sk->sk_lock.slock))) {
109 /* This can happen if the output path (f.e. SIT or
110 * ip6ip6 tunnel) signals dst_link_failure() for an
111 * outgoing ICMP6 packet.
115 sock_net_set(sk, net);
119 static void icmpv6_xmit_unlock(struct sock *sk)
121 sock_net_set(sk, &init_net);
122 spin_unlock(&sk->sk_lock.slock);
126 * Figure out, may we reply to this packet with icmp error.
128 * We do not reply, if:
129 * - it was icmp error message.
130 * - it is truncated, so that it is known, that protocol is ICMPV6
131 * (i.e. in the middle of some exthdr)
136 static bool is_ineligible(const struct sk_buff *skb)
138 int ptr = (u8 *)(ipv6_hdr(skb) + 1) - skb->data;
139 int len = skb->len - ptr;
140 __u8 nexthdr = ipv6_hdr(skb)->nexthdr;
146 ptr = ipv6_skip_exthdr(skb, ptr, &nexthdr, &frag_off);
149 if (nexthdr == IPPROTO_ICMPV6) {
151 tp = skb_header_pointer(skb,
152 ptr+offsetof(struct icmp6hdr, icmp6_type),
153 sizeof(_type), &_type);
155 /* Based on RFC 8200, Section 4.5 Fragment Header, return
156 * false if this is a fragment packet with no icmp header info.
158 if (!tp && frag_off != 0)
160 else if (!tp || !(*tp & ICMPV6_INFOMSG_MASK))
166 static bool icmpv6_mask_allow(struct net *net, int type)
168 if (type > ICMPV6_MSG_MAX)
171 /* Limit if icmp type is set in ratemask. */
172 if (!test_bit(type, net->ipv6.sysctl.icmpv6_ratemask))
178 static bool icmpv6_global_allow(struct net *net, int type,
179 bool *apply_ratelimit)
181 if (icmpv6_mask_allow(net, type))
184 if (icmp_global_allow(net)) {
185 *apply_ratelimit = true;
188 __ICMP_INC_STATS(net, ICMP_MIB_RATELIMITGLOBAL);
193 * Check the ICMP output rate limit
195 static bool icmpv6_xrlim_allow(struct sock *sk, u8 type,
196 struct flowi6 *fl6, bool apply_ratelimit)
198 struct net *net = sock_net(sk);
199 struct dst_entry *dst;
202 if (!apply_ratelimit)
206 * Look up the output route.
207 * XXX: perhaps the expire for routing entries cloned by
208 * this lookup should be more aggressive (not longer than timeout).
210 dst = ip6_route_output(net, sk, fl6);
212 IP6_INC_STATS(net, ip6_dst_idev(dst),
213 IPSTATS_MIB_OUTNOROUTES);
214 } else if (dst->dev && (dst->dev->flags&IFF_LOOPBACK)) {
217 struct rt6_info *rt = dst_rt6_info(dst);
218 int tmo = net->ipv6.sysctl.icmpv6_time;
219 struct inet_peer *peer;
221 /* Give more bandwidth to wider prefixes. */
222 if (rt->rt6i_dst.plen < 128)
223 tmo >>= ((128 - rt->rt6i_dst.plen)>>5);
226 peer = inet_getpeer_v6(net->ipv6.peers, &fl6->daddr);
227 res = inet_peer_xrlim_allow(peer, tmo);
231 __ICMP6_INC_STATS(net, ip6_dst_idev(dst),
232 ICMP6_MIB_RATELIMITHOST);
234 icmp_global_consume(net);
239 static bool icmpv6_rt_has_prefsrc(struct sock *sk, u8 type,
242 struct net *net = sock_net(sk);
243 struct dst_entry *dst;
246 dst = ip6_route_output(net, sk, fl6);
248 struct rt6_info *rt = dst_rt6_info(dst);
249 struct in6_addr prefsrc;
251 rt6_get_prefsrc(rt, &prefsrc);
252 res = !ipv6_addr_any(&prefsrc);
259 * an inline helper for the "simple" if statement below
260 * checks if parameter problem report is caused by an
261 * unrecognized IPv6 option that has the Option Type
262 * highest-order two bits set to 10
265 static bool opt_unrec(struct sk_buff *skb, __u32 offset)
269 offset += skb_network_offset(skb);
270 op = skb_header_pointer(skb, offset, sizeof(_optval), &_optval);
273 return (*op & 0xC0) == 0x80;
276 void icmpv6_push_pending_frames(struct sock *sk, struct flowi6 *fl6,
277 struct icmp6hdr *thdr, int len)
280 struct icmp6hdr *icmp6h;
282 skb = skb_peek(&sk->sk_write_queue);
286 icmp6h = icmp6_hdr(skb);
287 memcpy(icmp6h, thdr, sizeof(struct icmp6hdr));
288 icmp6h->icmp6_cksum = 0;
290 if (skb_queue_len(&sk->sk_write_queue) == 1) {
291 skb->csum = csum_partial(icmp6h,
292 sizeof(struct icmp6hdr), skb->csum);
293 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr,
295 len, fl6->flowi6_proto,
300 skb_queue_walk(&sk->sk_write_queue, skb) {
301 tmp_csum = csum_add(tmp_csum, skb->csum);
304 tmp_csum = csum_partial(icmp6h,
305 sizeof(struct icmp6hdr), tmp_csum);
306 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr,
308 len, fl6->flowi6_proto,
311 ip6_push_pending_frames(sk);
320 static int icmpv6_getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb)
322 struct icmpv6_msg *msg = (struct icmpv6_msg *) from;
323 struct sk_buff *org_skb = msg->skb;
326 csum = skb_copy_and_csum_bits(org_skb, msg->offset + offset,
328 skb->csum = csum_block_add(skb->csum, csum, odd);
329 if (!(msg->type & ICMPV6_INFOMSG_MASK))
330 nf_ct_attach(skb, org_skb);
334 #if IS_ENABLED(CONFIG_IPV6_MIP6)
335 static void mip6_addr_swap(struct sk_buff *skb, const struct inet6_skb_parm *opt)
337 struct ipv6hdr *iph = ipv6_hdr(skb);
338 struct ipv6_destopt_hao *hao;
342 off = ipv6_find_tlv(skb, opt->dsthao, IPV6_TLV_HAO);
343 if (likely(off >= 0)) {
344 hao = (struct ipv6_destopt_hao *)
345 (skb_network_header(skb) + off);
346 swap(iph->saddr, hao->addr);
351 static inline void mip6_addr_swap(struct sk_buff *skb, const struct inet6_skb_parm *opt) {}
354 static struct dst_entry *icmpv6_route_lookup(struct net *net,
359 struct dst_entry *dst, *dst2;
363 err = ip6_dst_lookup(net, sk, &dst, fl6);
368 * We won't send icmp if the destination is known
369 * anycast unless we need to treat anycast as unicast.
371 if (!READ_ONCE(net->ipv6.sysctl.icmpv6_error_anycast_as_unicast) &&
372 ipv6_anycast_destination(dst, &fl6->daddr)) {
373 net_dbg_ratelimited("icmp6_send: acast source\n");
375 return ERR_PTR(-EINVAL);
378 /* No need to clone since we're just using its address. */
381 dst = xfrm_lookup(net, dst, flowi6_to_flowi(fl6), sk, 0);
386 if (PTR_ERR(dst) == -EPERM)
392 err = xfrm_decode_session_reverse(net, skb, flowi6_to_flowi(&fl2), AF_INET6);
394 goto relookup_failed;
396 err = ip6_dst_lookup(net, sk, &dst2, &fl2);
398 goto relookup_failed;
400 dst2 = xfrm_lookup(net, dst2, flowi6_to_flowi(&fl2), sk, XFRM_LOOKUP_ICMP);
410 goto relookup_failed;
419 static struct net_device *icmp6_dev(const struct sk_buff *skb)
421 struct net_device *dev = skb->dev;
423 /* for local traffic to local address, skb dev is the loopback
424 * device. Check if there is a dst attached to the skb and if so
425 * get the real device index. Same is needed for replies to a link
426 * local address on a device enslaved to an L3 master device
428 if (unlikely(dev->ifindex == LOOPBACK_IFINDEX || netif_is_l3_master(skb->dev))) {
429 const struct rt6_info *rt6 = skb_rt6_info(skb);
431 /* The destination could be an external IP in Ext Hdr (SRv6, RPL, etc.),
432 * and ip6_null_entry could be set to skb if no route is found.
434 if (rt6 && rt6->rt6i_idev)
435 dev = rt6->rt6i_idev->dev;
441 static int icmp6_iif(const struct sk_buff *skb)
443 return icmp6_dev(skb)->ifindex;
447 * Send an ICMP message in response to a packet in error
449 void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info,
450 const struct in6_addr *force_saddr,
451 const struct inet6_skb_parm *parm)
453 struct inet6_dev *idev = NULL;
454 struct ipv6hdr *hdr = ipv6_hdr(skb);
457 struct ipv6_pinfo *np;
458 const struct in6_addr *saddr = NULL;
459 bool apply_ratelimit = false;
460 struct dst_entry *dst;
461 struct icmp6hdr tmp_hdr;
463 struct icmpv6_msg msg;
464 struct ipcm6_cookie ipc6;
470 if ((u8 *)hdr < skb->head ||
471 (skb_network_header(skb) + sizeof(*hdr)) > skb_tail_pointer(skb))
479 net = dev_net_rcu(skb->dev);
480 mark = IP6_REPLY_MARK(net, skb->mark);
482 * Make sure we respect the rules
483 * i.e. RFC 1885 2.4(e)
484 * Rule (e.1) is enforced by not using icmp6_send
485 * in any code that processes icmp errors.
487 addr_type = ipv6_addr_type(&hdr->daddr);
489 if (ipv6_chk_addr(net, &hdr->daddr, skb->dev, 0) ||
490 ipv6_chk_acast_addr_src(net, skb->dev, &hdr->daddr))
497 if (addr_type & IPV6_ADDR_MULTICAST || skb->pkt_type != PACKET_HOST) {
498 if (type != ICMPV6_PKT_TOOBIG &&
499 !(type == ICMPV6_PARAMPROB &&
500 code == ICMPV6_UNK_OPTION &&
501 (opt_unrec(skb, info))))
507 addr_type = ipv6_addr_type(&hdr->saddr);
513 if (__ipv6_addr_needs_scope_id(addr_type)) {
514 iif = icmp6_iif(skb);
517 * The source device is used for looking up which routing table
518 * to use for sending an ICMP error.
520 iif = l3mdev_master_ifindex(skb->dev);
524 * Must not send error if the source does not uniquely
525 * identify a single node (RFC2463 Section 2.4).
526 * We check unspecified / multicast addresses here,
527 * and anycast addresses will be checked later.
529 if ((addr_type == IPV6_ADDR_ANY) || (addr_type & IPV6_ADDR_MULTICAST)) {
530 net_dbg_ratelimited("icmp6_send: addr_any/mcast source [%pI6c > %pI6c]\n",
531 &hdr->saddr, &hdr->daddr);
536 * Never answer to a ICMP packet.
538 if (is_ineligible(skb)) {
539 net_dbg_ratelimited("icmp6_send: no reply to icmp error [%pI6c > %pI6c]\n",
540 &hdr->saddr, &hdr->daddr);
544 /* Needed by both icmpv6_global_allow and icmpv6_xmit_lock */
547 /* Check global sysctl_icmp_msgs_per_sec ratelimit */
548 if (!(skb->dev->flags & IFF_LOOPBACK) &&
549 !icmpv6_global_allow(net, type, &apply_ratelimit))
552 mip6_addr_swap(skb, parm);
554 sk = icmpv6_xmit_lock(net);
558 memset(&fl6, 0, sizeof(fl6));
559 fl6.flowi6_proto = IPPROTO_ICMPV6;
560 fl6.daddr = hdr->saddr;
565 } else if (!icmpv6_rt_has_prefsrc(sk, type, &fl6)) {
566 /* select a more meaningful saddr from input if */
567 struct net_device *in_netdev;
569 in_netdev = dev_get_by_index(net, parm->iif);
571 ipv6_dev_get_saddr(net, in_netdev, &fl6.daddr,
572 inet6_sk(sk)->srcprefs,
577 fl6.flowi6_mark = mark;
578 fl6.flowi6_oif = iif;
579 fl6.fl6_icmp_type = type;
580 fl6.fl6_icmp_code = code;
581 fl6.flowi6_uid = sock_net_uid(net, NULL);
582 fl6.mp_hash = rt6_multipath_hash(net, &fl6, skb, NULL);
583 security_skb_classify_flow(skb, flowi6_to_flowi_common(&fl6));
587 if (!icmpv6_xrlim_allow(sk, type, &fl6, apply_ratelimit))
590 tmp_hdr.icmp6_type = type;
591 tmp_hdr.icmp6_code = code;
592 tmp_hdr.icmp6_cksum = 0;
593 tmp_hdr.icmp6_pointer = htonl(info);
595 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
596 fl6.flowi6_oif = READ_ONCE(np->mcast_oif);
597 else if (!fl6.flowi6_oif)
598 fl6.flowi6_oif = READ_ONCE(np->ucast_oif);
600 ipcm6_init_sk(&ipc6, sk);
601 ipc6.sockc.mark = mark;
602 fl6.flowlabel = ip6_make_flowinfo(ipc6.tclass, fl6.flowlabel);
604 dst = icmpv6_route_lookup(net, skb, sk, &fl6);
608 ipc6.hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst);
611 msg.offset = skb_network_offset(skb);
614 len = skb->len - msg.offset;
615 len = min_t(unsigned int, len, IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(struct icmp6hdr));
617 net_dbg_ratelimited("icmp: len problem [%pI6c > %pI6c]\n",
618 &hdr->saddr, &hdr->daddr);
619 goto out_dst_release;
622 idev = __in6_dev_get(skb->dev);
624 if (ip6_append_data(sk, icmpv6_getfrag, &msg,
625 len + sizeof(struct icmp6hdr),
626 sizeof(struct icmp6hdr),
627 &ipc6, &fl6, dst_rt6_info(dst),
629 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTERRORS);
630 ip6_flush_pending_frames(sk);
632 icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr,
633 len + sizeof(struct icmp6hdr));
639 icmpv6_xmit_unlock(sk);
645 EXPORT_SYMBOL(icmp6_send);
647 /* Slightly more convenient version of icmp6_send with drop reasons.
649 void icmpv6_param_prob_reason(struct sk_buff *skb, u8 code, int pos,
650 enum skb_drop_reason reason)
652 icmp6_send(skb, ICMPV6_PARAMPROB, code, pos, NULL, IP6CB(skb));
653 kfree_skb_reason(skb, reason);
656 /* Generate icmpv6 with type/code ICMPV6_DEST_UNREACH/ICMPV6_ADDR_UNREACH
657 * if sufficient data bytes are available
658 * @nhs is the size of the tunnel header(s) :
659 * Either an IPv4 header for SIT encap
660 * an IPv4 header + GRE header for GRE encap
662 int ip6_err_gen_icmpv6_unreach(struct sk_buff *skb, int nhs, int type,
663 unsigned int data_len)
665 struct in6_addr temp_saddr;
667 struct sk_buff *skb2;
670 if (!pskb_may_pull(skb, nhs + sizeof(struct ipv6hdr) + 8))
673 /* RFC 4884 (partial) support for ICMP extensions */
674 if (data_len < 128 || (data_len & 7) || skb->len < data_len)
677 skb2 = data_len ? skb_copy(skb, GFP_ATOMIC) : skb_clone(skb, GFP_ATOMIC);
684 skb_reset_network_header(skb2);
686 rt = rt6_lookup(dev_net_rcu(skb->dev), &ipv6_hdr(skb2)->saddr,
689 if (rt && rt->dst.dev)
690 skb2->dev = rt->dst.dev;
692 ipv6_addr_set_v4mapped(ip_hdr(skb)->saddr, &temp_saddr);
695 /* RFC 4884 (partial) support :
696 * insert 0 padding at the end, before the extensions
698 __skb_push(skb2, nhs);
699 skb_reset_network_header(skb2);
700 memmove(skb2->data, skb2->data + nhs, data_len - nhs);
701 memset(skb2->data + data_len - nhs, 0, nhs);
702 /* RFC 4884 4.5 : Length is measured in 64-bit words,
703 * and stored in reserved[0]
705 info = (data_len/8) << 24;
707 if (type == ICMP_TIME_EXCEEDED)
708 icmp6_send(skb2, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT,
709 info, &temp_saddr, IP6CB(skb2));
711 icmp6_send(skb2, ICMPV6_DEST_UNREACH, ICMPV6_ADDR_UNREACH,
712 info, &temp_saddr, IP6CB(skb2));
720 EXPORT_SYMBOL(ip6_err_gen_icmpv6_unreach);
722 static enum skb_drop_reason icmpv6_echo_reply(struct sk_buff *skb)
724 struct net *net = dev_net_rcu(skb->dev);
726 struct inet6_dev *idev;
727 struct ipv6_pinfo *np;
728 const struct in6_addr *saddr = NULL;
729 struct icmp6hdr *icmph = icmp6_hdr(skb);
730 bool apply_ratelimit = false;
731 struct icmp6hdr tmp_hdr;
733 struct icmpv6_msg msg;
734 struct dst_entry *dst;
735 struct ipcm6_cookie ipc6;
736 u32 mark = IP6_REPLY_MARK(net, skb->mark);
741 if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr) &&
742 net->ipv6.sysctl.icmpv6_echo_ignore_multicast)
745 saddr = &ipv6_hdr(skb)->daddr;
747 acast = ipv6_anycast_destination(skb_dst(skb), saddr);
748 if (acast && net->ipv6.sysctl.icmpv6_echo_ignore_anycast)
751 if (!ipv6_unicast_destination(skb) &&
752 !(net->ipv6.sysctl.anycast_src_echo_reply && acast))
755 if (icmph->icmp6_type == ICMPV6_EXT_ECHO_REQUEST)
756 type = ICMPV6_EXT_ECHO_REPLY;
758 type = ICMPV6_ECHO_REPLY;
760 memcpy(&tmp_hdr, icmph, sizeof(tmp_hdr));
761 tmp_hdr.icmp6_type = type;
763 memset(&fl6, 0, sizeof(fl6));
764 if (net->ipv6.sysctl.flowlabel_reflect & FLOWLABEL_REFLECT_ICMPV6_ECHO_REPLIES)
765 fl6.flowlabel = ip6_flowlabel(ipv6_hdr(skb));
767 fl6.flowi6_proto = IPPROTO_ICMPV6;
768 fl6.daddr = ipv6_hdr(skb)->saddr;
771 fl6.flowi6_oif = icmp6_iif(skb);
772 fl6.fl6_icmp_type = type;
773 fl6.flowi6_mark = mark;
774 fl6.flowi6_uid = sock_net_uid(net, NULL);
775 security_skb_classify_flow(skb, flowi6_to_flowi_common(&fl6));
778 sk = icmpv6_xmit_lock(net);
783 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
784 fl6.flowi6_oif = READ_ONCE(np->mcast_oif);
785 else if (!fl6.flowi6_oif)
786 fl6.flowi6_oif = READ_ONCE(np->ucast_oif);
788 if (ip6_dst_lookup(net, sk, &dst, &fl6))
790 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), sk, 0);
794 /* Check the ratelimit */
795 if ((!(skb->dev->flags & IFF_LOOPBACK) &&
796 !icmpv6_global_allow(net, ICMPV6_ECHO_REPLY, &apply_ratelimit)) ||
797 !icmpv6_xrlim_allow(sk, ICMPV6_ECHO_REPLY, &fl6, apply_ratelimit))
798 goto out_dst_release;
800 idev = __in6_dev_get(skb->dev);
806 ipcm6_init_sk(&ipc6, sk);
807 ipc6.hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst);
808 ipc6.tclass = ipv6_get_dsfield(ipv6_hdr(skb));
809 ipc6.sockc.mark = mark;
811 if (icmph->icmp6_type == ICMPV6_EXT_ECHO_REQUEST)
812 if (!icmp_build_probe(skb, (struct icmphdr *)&tmp_hdr))
813 goto out_dst_release;
815 if (ip6_append_data(sk, icmpv6_getfrag, &msg,
816 skb->len + sizeof(struct icmp6hdr),
817 sizeof(struct icmp6hdr), &ipc6, &fl6,
818 dst_rt6_info(dst), MSG_DONTWAIT)) {
819 __ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTERRORS);
820 ip6_flush_pending_frames(sk);
822 icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr,
823 skb->len + sizeof(struct icmp6hdr));
824 reason = SKB_CONSUMED;
829 icmpv6_xmit_unlock(sk);
835 enum skb_drop_reason icmpv6_notify(struct sk_buff *skb, u8 type,
836 u8 code, __be32 info)
838 struct inet6_skb_parm *opt = IP6CB(skb);
839 struct net *net = dev_net_rcu(skb->dev);
840 const struct inet6_protocol *ipprot;
841 enum skb_drop_reason reason;
846 reason = pskb_may_pull_reason(skb, sizeof(struct ipv6hdr));
847 if (reason != SKB_NOT_DROPPED_YET)
850 seg6_icmp_srh(skb, opt);
852 nexthdr = ((struct ipv6hdr *)skb->data)->nexthdr;
853 if (ipv6_ext_hdr(nexthdr)) {
854 /* now skip over extension headers */
855 inner_offset = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr),
856 &nexthdr, &frag_off);
857 if (inner_offset < 0) {
858 SKB_DR_SET(reason, IPV6_BAD_EXTHDR);
862 inner_offset = sizeof(struct ipv6hdr);
865 /* Checkin header including 8 bytes of inner protocol header. */
866 reason = pskb_may_pull_reason(skb, inner_offset + 8);
867 if (reason != SKB_NOT_DROPPED_YET)
870 /* BUGGG_FUTURE: we should try to parse exthdrs in this packet.
871 Without this we will not able f.e. to make source routed
873 Corresponding argument (opt) to notifiers is already added.
877 ipprot = rcu_dereference(inet6_protos[nexthdr]);
878 if (ipprot && ipprot->err_handler)
879 ipprot->err_handler(skb, opt, type, code, inner_offset, info);
881 raw6_icmp_error(skb, nexthdr, type, code, inner_offset, info);
885 __ICMP6_INC_STATS(net, __in6_dev_get(skb->dev), ICMP6_MIB_INERRORS);
890 * Handle icmp messages
893 static int icmpv6_rcv(struct sk_buff *skb)
895 enum skb_drop_reason reason = SKB_DROP_REASON_NOT_SPECIFIED;
896 struct net *net = dev_net_rcu(skb->dev);
897 struct net_device *dev = icmp6_dev(skb);
898 struct inet6_dev *idev = __in6_dev_get(dev);
899 const struct in6_addr *saddr, *daddr;
900 struct icmp6hdr *hdr;
903 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
904 struct sec_path *sp = skb_sec_path(skb);
907 if (!(sp && sp->xvec[sp->len - 1]->props.flags &
909 reason = SKB_DROP_REASON_XFRM_POLICY;
913 if (!pskb_may_pull(skb, sizeof(*hdr) + sizeof(struct ipv6hdr)))
916 nh = skb_network_offset(skb);
917 skb_set_network_header(skb, sizeof(*hdr));
919 if (!xfrm6_policy_check_reverse(NULL, XFRM_POLICY_IN,
921 reason = SKB_DROP_REASON_XFRM_POLICY;
925 skb_set_network_header(skb, nh);
928 __ICMP6_INC_STATS(dev_net_rcu(dev), idev, ICMP6_MIB_INMSGS);
930 saddr = &ipv6_hdr(skb)->saddr;
931 daddr = &ipv6_hdr(skb)->daddr;
933 if (skb_checksum_validate(skb, IPPROTO_ICMPV6, ip6_compute_pseudo)) {
934 net_dbg_ratelimited("ICMPv6 checksum failed [%pI6c > %pI6c]\n",
939 if (!pskb_pull(skb, sizeof(*hdr)))
942 hdr = icmp6_hdr(skb);
944 type = hdr->icmp6_type;
946 ICMP6MSGIN_INC_STATS(dev_net_rcu(dev), idev, type);
949 case ICMPV6_ECHO_REQUEST:
950 if (!net->ipv6.sysctl.icmpv6_echo_ignore_all)
951 reason = icmpv6_echo_reply(skb);
953 case ICMPV6_EXT_ECHO_REQUEST:
954 if (!net->ipv6.sysctl.icmpv6_echo_ignore_all &&
955 READ_ONCE(net->ipv4.sysctl_icmp_echo_enable_probe))
956 reason = icmpv6_echo_reply(skb);
959 case ICMPV6_ECHO_REPLY:
960 case ICMPV6_EXT_ECHO_REPLY:
964 case ICMPV6_PKT_TOOBIG:
965 /* BUGGG_FUTURE: if packet contains rthdr, we cannot update
966 standard destination cache. Seems, only "advanced"
967 destination cache will allow to solve this problem
970 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
972 hdr = icmp6_hdr(skb);
976 case ICMPV6_DEST_UNREACH:
977 case ICMPV6_TIME_EXCEED:
978 case ICMPV6_PARAMPROB:
979 reason = icmpv6_notify(skb, type, hdr->icmp6_code,
983 case NDISC_ROUTER_SOLICITATION:
984 case NDISC_ROUTER_ADVERTISEMENT:
985 case NDISC_NEIGHBOUR_SOLICITATION:
986 case NDISC_NEIGHBOUR_ADVERTISEMENT:
988 reason = ndisc_rcv(skb);
991 case ICMPV6_MGM_QUERY:
992 igmp6_event_query(skb);
995 case ICMPV6_MGM_REPORT:
996 igmp6_event_report(skb);
999 case ICMPV6_MGM_REDUCTION:
1000 case ICMPV6_NI_QUERY:
1001 case ICMPV6_NI_REPLY:
1002 case ICMPV6_MLD2_REPORT:
1003 case ICMPV6_DHAAD_REQUEST:
1004 case ICMPV6_DHAAD_REPLY:
1005 case ICMPV6_MOBILE_PREFIX_SOL:
1006 case ICMPV6_MOBILE_PREFIX_ADV:
1011 if (type & ICMPV6_INFOMSG_MASK)
1014 net_dbg_ratelimited("icmpv6: msg of unknown type [%pI6c > %pI6c]\n",
1018 * error of unknown type.
1019 * must pass to upper level
1022 reason = icmpv6_notify(skb, type, hdr->icmp6_code,
1026 /* until the v6 path can be better sorted assume failure and
1027 * preserve the status quo behaviour for the rest of the paths to here
1030 kfree_skb_reason(skb, reason);
1037 reason = SKB_DROP_REASON_ICMP_CSUM;
1038 __ICMP6_INC_STATS(dev_net_rcu(dev), idev, ICMP6_MIB_CSUMERRORS);
1040 __ICMP6_INC_STATS(dev_net_rcu(dev), idev, ICMP6_MIB_INERRORS);
1042 kfree_skb_reason(skb, reason);
1046 void icmpv6_flow_init(const struct sock *sk, struct flowi6 *fl6, u8 type,
1047 const struct in6_addr *saddr,
1048 const struct in6_addr *daddr, int oif)
1050 memset(fl6, 0, sizeof(*fl6));
1051 fl6->saddr = *saddr;
1052 fl6->daddr = *daddr;
1053 fl6->flowi6_proto = IPPROTO_ICMPV6;
1054 fl6->fl6_icmp_type = type;
1055 fl6->fl6_icmp_code = 0;
1056 fl6->flowi6_oif = oif;
1057 security_sk_classify_flow(sk, flowi6_to_flowi_common(fl6));
1060 int __init icmpv6_init(void)
1065 for_each_possible_cpu(i) {
1066 err = inet_ctl_sock_create(&sk, PF_INET6,
1067 SOCK_RAW, IPPROTO_ICMPV6, &init_net);
1069 pr_err("Failed to initialize the ICMP6 control socket (err %d)\n",
1074 per_cpu(ipv6_icmp_sk, i) = sk;
1076 /* Enough space for 2 64K ICMP packets, including
1077 * sk_buff struct overhead.
1079 sk->sk_sndbuf = 2 * SKB_TRUESIZE(64 * 1024);
1083 if (inet6_add_protocol(&icmpv6_protocol, IPPROTO_ICMPV6) < 0)
1086 err = inet6_register_icmp_sender(icmp6_send);
1088 goto sender_reg_err;
1092 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6);
1094 pr_err("Failed to register ICMP6 protocol\n");
1098 void icmpv6_cleanup(void)
1100 inet6_unregister_icmp_sender(icmp6_send);
1101 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6);
1105 static const struct icmp6_err {
1113 { /* ADM_PROHIBITED */
1117 { /* Was NOT_NEIGHBOUR, now reserved */
1118 .err = EHOSTUNREACH,
1121 { /* ADDR_UNREACH */
1122 .err = EHOSTUNREACH,
1125 { /* PORT_UNREACH */
1126 .err = ECONNREFUSED,
1133 { /* REJECT_ROUTE */
1139 int icmpv6_err_convert(u8 type, u8 code, int *err)
1146 case ICMPV6_DEST_UNREACH:
1148 if (code < ARRAY_SIZE(tab_unreach)) {
1149 *err = tab_unreach[code].err;
1150 fatal = tab_unreach[code].fatal;
1154 case ICMPV6_PKT_TOOBIG:
1158 case ICMPV6_PARAMPROB:
1163 case ICMPV6_TIME_EXCEED:
1164 *err = EHOSTUNREACH;
1170 EXPORT_SYMBOL(icmpv6_err_convert);
1172 #ifdef CONFIG_SYSCTL
1173 static struct ctl_table ipv6_icmp_table_template[] = {
1175 .procname = "ratelimit",
1176 .data = &init_net.ipv6.sysctl.icmpv6_time,
1177 .maxlen = sizeof(int),
1179 .proc_handler = proc_dointvec_ms_jiffies,
1182 .procname = "echo_ignore_all",
1183 .data = &init_net.ipv6.sysctl.icmpv6_echo_ignore_all,
1184 .maxlen = sizeof(u8),
1186 .proc_handler = proc_dou8vec_minmax,
1189 .procname = "echo_ignore_multicast",
1190 .data = &init_net.ipv6.sysctl.icmpv6_echo_ignore_multicast,
1191 .maxlen = sizeof(u8),
1193 .proc_handler = proc_dou8vec_minmax,
1196 .procname = "echo_ignore_anycast",
1197 .data = &init_net.ipv6.sysctl.icmpv6_echo_ignore_anycast,
1198 .maxlen = sizeof(u8),
1200 .proc_handler = proc_dou8vec_minmax,
1203 .procname = "ratemask",
1204 .data = &init_net.ipv6.sysctl.icmpv6_ratemask_ptr,
1205 .maxlen = ICMPV6_MSG_MAX + 1,
1207 .proc_handler = proc_do_large_bitmap,
1210 .procname = "error_anycast_as_unicast",
1211 .data = &init_net.ipv6.sysctl.icmpv6_error_anycast_as_unicast,
1212 .maxlen = sizeof(u8),
1214 .proc_handler = proc_dou8vec_minmax,
1215 .extra1 = SYSCTL_ZERO,
1216 .extra2 = SYSCTL_ONE,
1220 struct ctl_table * __net_init ipv6_icmp_sysctl_init(struct net *net)
1222 struct ctl_table *table;
1224 table = kmemdup(ipv6_icmp_table_template,
1225 sizeof(ipv6_icmp_table_template),
1229 table[0].data = &net->ipv6.sysctl.icmpv6_time;
1230 table[1].data = &net->ipv6.sysctl.icmpv6_echo_ignore_all;
1231 table[2].data = &net->ipv6.sysctl.icmpv6_echo_ignore_multicast;
1232 table[3].data = &net->ipv6.sysctl.icmpv6_echo_ignore_anycast;
1233 table[4].data = &net->ipv6.sysctl.icmpv6_ratemask_ptr;
1234 table[5].data = &net->ipv6.sysctl.icmpv6_error_anycast_as_unicast;
1239 size_t ipv6_icmp_sysctl_table_size(void)
1241 return ARRAY_SIZE(ipv6_icmp_table_template);
projects / linux-2.6-block.git / blob