1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65#include <linux/module.h>
66#include <linux/types.h>
67#include <linux/jiffies.h>
68#include <linux/kernel.h>
69#include <linux/fcntl.h>
70#include <linux/socket.h>
71#include <linux/in.h>
72#include <linux/inet.h>
73#include <linux/inetdevice.h>
74#include <linux/netdevice.h>
75#include <linux/string.h>
76#include <linux/netfilter_ipv4.h>
77#include <net/snmp.h>
78#include <net/ip.h>
79#include <net/route.h>
80#include <net/protocol.h>
81#include <net/icmp.h>
82#include <net/tcp.h>
83#include <net/udp.h>
84#include <net/raw.h>
85#include <linux/skbuff.h>
86#include <net/sock.h>
87#include <linux/errno.h>
88#include <linux/timer.h>
89#include <linux/init.h>
90#include <asm/system.h>
91#include <asm/uaccess.h>
92#include <net/checksum.h>
93#include <net/xfrm.h>
94#include <net/inet_common.h>
95
96
97
98
99
100struct icmp_bxm {
101 struct sk_buff *skb;
102 int offset;
103 int data_len;
104
105 struct {
106 struct icmphdr icmph;
107 __be32 times[3];
108 } data;
109 int head_len;
110 struct ip_options replyopts;
111 unsigned char optbuf[40];
112};
113
114
115
116
117struct icmp_err icmp_err_convert[] = {
118 {
119 .errno = ENETUNREACH,
120 .fatal = 0,
121 },
122 {
123 .errno = EHOSTUNREACH,
124 .fatal = 0,
125 },
126 {
127 .errno = ENOPROTOOPT ,
128 .fatal = 1,
129 },
130 {
131 .errno = ECONNREFUSED,
132 .fatal = 1,
133 },
134 {
135 .errno = EMSGSIZE,
136 .fatal = 0,
137 },
138 {
139 .errno = EOPNOTSUPP,
140 .fatal = 0,
141 },
142 {
143 .errno = ENETUNREACH,
144 .fatal = 1,
145 },
146 {
147 .errno = EHOSTDOWN,
148 .fatal = 1,
149 },
150 {
151 .errno = ENONET,
152 .fatal = 1,
153 },
154 {
155 .errno = ENETUNREACH,
156 .fatal = 1,
157 },
158 {
159 .errno = EHOSTUNREACH,
160 .fatal = 1,
161 },
162 {
163 .errno = ENETUNREACH,
164 .fatal = 0,
165 },
166 {
167 .errno = EHOSTUNREACH,
168 .fatal = 0,
169 },
170 {
171 .errno = EHOSTUNREACH,
172 .fatal = 1,
173 },
174 {
175 .errno = EHOSTUNREACH,
176 .fatal = 1,
177 },
178 {
179 .errno = EHOSTUNREACH,
180 .fatal = 1,
181 },
182};
183
184
185
186
187
188struct icmp_control {
189 void (*handler)(struct sk_buff *skb);
190 short error;
191};
192
193static const struct icmp_control icmp_pointers[NR_ICMP_TYPES+1];
194
195
196
197
198
199
200
201
202static struct sock *icmp_sk(struct net *net)
203{
204 return net->ipv4.icmp_sk[smp_processor_id()];
205}
206
207static inline struct sock *icmp_xmit_lock(struct net *net)
208{
209 struct sock *sk;
210
211 local_bh_disable();
212
213 sk = icmp_sk(net);
214
215 if (unlikely(!spin_trylock(&sk->sk_lock.slock))) {
216
217
218
219 local_bh_enable();
220 return NULL;
221 }
222 return sk;
223}
224
225static inline void icmp_xmit_unlock(struct sock *sk)
226{
227 spin_unlock_bh(&sk->sk_lock.slock);
228}
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251#define XRLIM_BURST_FACTOR 6
252int xrlim_allow(struct dst_entry *dst, int timeout)
253{
254 unsigned long now, token = dst->rate_tokens;
255 int rc = 0;
256
257 now = jiffies;
258 token += now - dst->rate_last;
259 dst->rate_last = now;
260 if (token > XRLIM_BURST_FACTOR * timeout)
261 token = XRLIM_BURST_FACTOR * timeout;
262 if (token >= timeout) {
263 token -= timeout;
264 rc = 1;
265 }
266 dst->rate_tokens = token;
267 return rc;
268}
269
270static inline int icmpv4_xrlim_allow(struct net *net, struct rtable *rt,
271 int type, int code)
272{
273 struct dst_entry *dst = &rt->u.dst;
274 int rc = 1;
275
276 if (type > NR_ICMP_TYPES)
277 goto out;
278
279
280 if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED)
281 goto out;
282
283
284 if (dst->dev && (dst->dev->flags&IFF_LOOPBACK))
285 goto out;
286
287
288 if ((1 << type) & net->ipv4.sysctl_icmp_ratemask)
289 rc = xrlim_allow(dst, net->ipv4.sysctl_icmp_ratelimit);
290out:
291 return rc;
292}
293
294
295
296
297void icmp_out_count(struct net *net, unsigned char type)
298{
299 ICMPMSGOUT_INC_STATS(net, type);
300 ICMP_INC_STATS(net, ICMP_MIB_OUTMSGS);
301}
302
303
304
305
306
307static int icmp_glue_bits(void *from, char *to, int offset, int len, int odd,
308 struct sk_buff *skb)
309{
310 struct icmp_bxm *icmp_param = (struct icmp_bxm *)from;
311 __wsum csum;
312
313 csum = skb_copy_and_csum_bits(icmp_param->skb,
314 icmp_param->offset + offset,
315 to, len, 0);
316
317 skb->csum = csum_block_add(skb->csum, csum, odd);
318 if (icmp_pointers[icmp_param->data.icmph.type].error)
319 nf_ct_attach(skb, icmp_param->skb);
320 return 0;
321}
322
323static void icmp_push_reply(struct icmp_bxm *icmp_param,
324 struct ipcm_cookie *ipc, struct rtable **rt)
325{
326 struct sock *sk;
327 struct sk_buff *skb;
328
329 sk = icmp_sk(dev_net((*rt)->u.dst.dev));
330 if (ip_append_data(sk, icmp_glue_bits, icmp_param,
331 icmp_param->data_len+icmp_param->head_len,
332 icmp_param->head_len,
333 ipc, rt, MSG_DONTWAIT) < 0)
334 ip_flush_pending_frames(sk);
335 else if ((skb = skb_peek(&sk->sk_write_queue)) != NULL) {
336 struct icmphdr *icmph = icmp_hdr(skb);
337 __wsum csum = 0;
338 struct sk_buff *skb1;
339
340 skb_queue_walk(&sk->sk_write_queue, skb1) {
341 csum = csum_add(csum, skb1->csum);
342 }
343 csum = csum_partial_copy_nocheck((void *)&icmp_param->data,
344 (char *)icmph,
345 icmp_param->head_len, csum);
346 icmph->checksum = csum_fold(csum);
347 skb->ip_summed = CHECKSUM_NONE;
348 ip_push_pending_frames(sk);
349 }
350}
351
352
353
354
355
356static void icmp_reply(struct icmp_bxm *icmp_param, struct sk_buff *skb)
357{
358 struct ipcm_cookie ipc;
359 struct rtable *rt = skb_rtable(skb);
360 struct net *net = dev_net(rt->u.dst.dev);
361 struct sock *sk;
362 struct inet_sock *inet;
363 __be32 daddr;
364
365 if (ip_options_echo(&icmp_param->replyopts, skb))
366 return;
367
368 sk = icmp_xmit_lock(net);
369 if (sk == NULL)
370 return;
371 inet = inet_sk(sk);
372
373 icmp_param->data.icmph.checksum = 0;
374
375 inet->tos = ip_hdr(skb)->tos;
376 daddr = ipc.addr = rt->rt_src;
377 ipc.opt = NULL;
378 ipc.shtx.flags = 0;
379 if (icmp_param->replyopts.optlen) {
380 ipc.opt = &icmp_param->replyopts;
381 if (ipc.opt->srr)
382 daddr = icmp_param->replyopts.faddr;
383 }
384 {
385 struct flowi fl = { .nl_u = { .ip4_u =
386 { .daddr = daddr,
387 .saddr = rt->rt_spec_dst,
388 .tos = RT_TOS(ip_hdr(skb)->tos) } },
389 .proto = IPPROTO_ICMP };
390 security_skb_classify_flow(skb, &fl);
391 if (ip_route_output_key(net, &rt, &fl))
392 goto out_unlock;
393 }
394 if (icmpv4_xrlim_allow(net, rt, icmp_param->data.icmph.type,
395 icmp_param->data.icmph.code))
396 icmp_push_reply(icmp_param, &ipc, &rt);
397 ip_rt_put(rt);
398out_unlock:
399 icmp_xmit_unlock(sk);
400}
401
402
403
404
405
406
407
408
409
410
411
412
413
414void icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info)
415{
416 struct iphdr *iph;
417 int room;
418 struct icmp_bxm icmp_param;
419 struct rtable *rt = skb_rtable(skb_in);
420 struct ipcm_cookie ipc;
421 __be32 saddr;
422 u8 tos;
423 struct net *net;
424 struct sock *sk;
425
426 if (!rt)
427 goto out;
428 net = dev_net(rt->u.dst.dev);
429
430
431
432
433
434
435 iph = ip_hdr(skb_in);
436
437 if ((u8 *)iph < skb_in->head ||
438 (skb_in->network_header + sizeof(*iph)) > skb_in->tail)
439 goto out;
440
441
442
443
444 if (skb_in->pkt_type != PACKET_HOST)
445 goto out;
446
447
448
449
450 if (rt->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST))
451 goto out;
452
453
454
455
456
457 if (iph->frag_off & htons(IP_OFFSET))
458 goto out;
459
460
461
462
463 if (icmp_pointers[type].error) {
464
465
466
467
468 if (iph->protocol == IPPROTO_ICMP) {
469 u8 _inner_type, *itp;
470
471 itp = skb_header_pointer(skb_in,
472 skb_network_header(skb_in) +
473 (iph->ihl << 2) +
474 offsetof(struct icmphdr,
475 type) -
476 skb_in->data,
477 sizeof(_inner_type),
478 &_inner_type);
479 if (itp == NULL)
480 goto out;
481
482
483
484
485
486 if (*itp > NR_ICMP_TYPES ||
487 icmp_pointers[*itp].error)
488 goto out;
489 }
490 }
491
492 sk = icmp_xmit_lock(net);
493 if (sk == NULL)
494 return;
495
496
497
498
499
500 saddr = iph->daddr;
501 if (!(rt->rt_flags & RTCF_LOCAL)) {
502 struct net_device *dev = NULL;
503
504 if (rt->fl.iif &&
505 net->ipv4.sysctl_icmp_errors_use_inbound_ifaddr)
506 dev = dev_get_by_index(net, rt->fl.iif);
507
508 if (dev) {
509 saddr = inet_select_addr(dev, 0, RT_SCOPE_LINK);
510 dev_put(dev);
511 } else
512 saddr = 0;
513 }
514
515 tos = icmp_pointers[type].error ? ((iph->tos & IPTOS_TOS_MASK) |
516 IPTOS_PREC_INTERNETCONTROL) :
517 iph->tos;
518
519 if (ip_options_echo(&icmp_param.replyopts, skb_in))
520 goto out_unlock;
521
522
523
524
525
526
527 icmp_param.data.icmph.type = type;
528 icmp_param.data.icmph.code = code;
529 icmp_param.data.icmph.un.gateway = info;
530 icmp_param.data.icmph.checksum = 0;
531 icmp_param.skb = skb_in;
532 icmp_param.offset = skb_network_offset(skb_in);
533 inet_sk(sk)->tos = tos;
534 ipc.addr = iph->saddr;
535 ipc.opt = &icmp_param.replyopts;
536 ipc.shtx.flags = 0;
537
538 {
539 struct flowi fl = {
540 .nl_u = {
541 .ip4_u = {
542 .daddr = icmp_param.replyopts.srr ?
543 icmp_param.replyopts.faddr :
544 iph->saddr,
545 .saddr = saddr,
546 .tos = RT_TOS(tos)
547 }
548 },
549 .proto = IPPROTO_ICMP,
550 .uli_u = {
551 .icmpt = {
552 .type = type,
553 .code = code
554 }
555 }
556 };
557 int err;
558 struct rtable *rt2;
559
560 security_skb_classify_flow(skb_in, &fl);
561 if (__ip_route_output_key(net, &rt, &fl))
562 goto out_unlock;
563
564
565 rt2 = rt;
566
567 err = xfrm_lookup(net, (struct dst_entry **)&rt, &fl, NULL, 0);
568 switch (err) {
569 case 0:
570 if (rt != rt2)
571 goto route_done;
572 break;
573 case -EPERM:
574 rt = NULL;
575 break;
576 default:
577 goto out_unlock;
578 }
579
580 if (xfrm_decode_session_reverse(skb_in, &fl, AF_INET))
581 goto relookup_failed;
582
583 if (inet_addr_type(net, fl.fl4_src) == RTN_LOCAL)
584 err = __ip_route_output_key(net, &rt2, &fl);
585 else {
586 struct flowi fl2 = {};
587 struct dst_entry *odst;
588
589 fl2.fl4_dst = fl.fl4_src;
590 if (ip_route_output_key(net, &rt2, &fl2))
591 goto relookup_failed;
592
593
594 odst = skb_dst(skb_in);
595 err = ip_route_input(skb_in, fl.fl4_dst, fl.fl4_src,
596 RT_TOS(tos), rt2->u.dst.dev);
597
598 dst_release(&rt2->u.dst);
599 rt2 = skb_rtable(skb_in);
600 skb_dst_set(skb_in, odst);
601 }
602
603 if (err)
604 goto relookup_failed;
605
606 err = xfrm_lookup(net, (struct dst_entry **)&rt2, &fl, NULL,
607 XFRM_LOOKUP_ICMP);
608 switch (err) {
609 case 0:
610 dst_release(&rt->u.dst);
611 rt = rt2;
612 break;
613 case -EPERM:
614 goto ende;
615 default:
616relookup_failed:
617 if (!rt)
618 goto out_unlock;
619 break;
620 }
621 }
622
623route_done:
624 if (!icmpv4_xrlim_allow(net, rt, type, code))
625 goto ende;
626
627
628
629 room = dst_mtu(&rt->u.dst);
630 if (room > 576)
631 room = 576;
632 room -= sizeof(struct iphdr) + icmp_param.replyopts.optlen;
633 room -= sizeof(struct icmphdr);
634
635 icmp_param.data_len = skb_in->len - icmp_param.offset;
636 if (icmp_param.data_len > room)
637 icmp_param.data_len = room;
638 icmp_param.head_len = sizeof(struct icmphdr);
639
640 icmp_push_reply(&icmp_param, &ipc, &rt);
641ende:
642 ip_rt_put(rt);
643out_unlock:
644 icmp_xmit_unlock(sk);
645out:;
646}
647
648
649
650
651
652
653static void icmp_unreach(struct sk_buff *skb)
654{
655 struct iphdr *iph;
656 struct icmphdr *icmph;
657 int hash, protocol;
658 const struct net_protocol *ipprot;
659 u32 info = 0;
660 struct net *net;
661
662 net = dev_net(skb_dst(skb)->dev);
663
664
665
666
667
668
669
670 if (!pskb_may_pull(skb, sizeof(struct iphdr)))
671 goto out_err;
672
673 icmph = icmp_hdr(skb);
674 iph = (struct iphdr *)skb->data;
675
676 if (iph->ihl < 5)
677 goto out_err;
678
679 if (icmph->type == ICMP_DEST_UNREACH) {
680 switch (icmph->code & 15) {
681 case ICMP_NET_UNREACH:
682 case ICMP_HOST_UNREACH:
683 case ICMP_PROT_UNREACH:
684 case ICMP_PORT_UNREACH:
685 break;
686 case ICMP_FRAG_NEEDED:
687 if (ipv4_config.no_pmtu_disc) {
688 LIMIT_NETDEBUG(KERN_INFO "ICMP: %pI4: fragmentation needed and DF set.\n",
689 &iph->daddr);
690 } else {
691 info = ip_rt_frag_needed(net, iph,
692 ntohs(icmph->un.frag.mtu),
693 skb->dev);
694 if (!info)
695 goto out;
696 }
697 break;
698 case ICMP_SR_FAILED:
699 LIMIT_NETDEBUG(KERN_INFO "ICMP: %pI4: Source Route Failed.\n",
700 &iph->daddr);
701 break;
702 default:
703 break;
704 }
705 if (icmph->code > NR_ICMP_UNREACH)
706 goto out;
707 } else if (icmph->type == ICMP_PARAMETERPROB)
708 info = ntohl(icmph->un.gateway) >> 24;
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728 if (!net->ipv4.sysctl_icmp_ignore_bogus_error_responses &&
729 inet_addr_type(net, iph->daddr) == RTN_BROADCAST) {
730 if (net_ratelimit())
731 printk(KERN_WARNING "%pI4 sent an invalid ICMP "
732 "type %u, code %u "
733 "error to a broadcast: %pI4 on %s\n",
734 &ip_hdr(skb)->saddr,
735 icmph->type, icmph->code,
736 &iph->daddr,
737 skb->dev->name);
738 goto out;
739 }
740
741
742
743
744 if (!pskb_may_pull(skb, iph->ihl * 4 + 8))
745 goto out;
746
747 iph = (struct iphdr *)skb->data;
748 protocol = iph->protocol;
749
750
751
752
753 raw_icmp_error(skb, protocol, info);
754
755 hash = protocol & (MAX_INET_PROTOS - 1);
756 rcu_read_lock();
757 ipprot = rcu_dereference(inet_protos[hash]);
758 if (ipprot && ipprot->err_handler)
759 ipprot->err_handler(skb, info);
760 rcu_read_unlock();
761
762out:
763 return;
764out_err:
765 ICMP_INC_STATS_BH(net, ICMP_MIB_INERRORS);
766 goto out;
767}
768
769
770
771
772
773
774static void icmp_redirect(struct sk_buff *skb)
775{
776 struct iphdr *iph;
777
778 if (skb->len < sizeof(struct iphdr))
779 goto out_err;
780
781
782
783
784 if (!pskb_may_pull(skb, sizeof(struct iphdr)))
785 goto out;
786
787 iph = (struct iphdr *)skb->data;
788
789 switch (icmp_hdr(skb)->code & 7) {
790 case ICMP_REDIR_NET:
791 case ICMP_REDIR_NETTOS:
792
793
794
795 case ICMP_REDIR_HOST:
796 case ICMP_REDIR_HOSTTOS:
797 ip_rt_redirect(ip_hdr(skb)->saddr, iph->daddr,
798 icmp_hdr(skb)->un.gateway,
799 iph->saddr, skb->dev);
800 break;
801 }
802out:
803 return;
804out_err:
805 ICMP_INC_STATS_BH(dev_net(skb->dev), ICMP_MIB_INERRORS);
806 goto out;
807}
808
809
810
811
812
813
814
815
816
817
818
819
820
821static void icmp_echo(struct sk_buff *skb)
822{
823 struct net *net;
824
825 net = dev_net(skb_dst(skb)->dev);
826 if (!net->ipv4.sysctl_icmp_echo_ignore_all) {
827 struct icmp_bxm icmp_param;
828
829 icmp_param.data.icmph = *icmp_hdr(skb);
830 icmp_param.data.icmph.type = ICMP_ECHOREPLY;
831 icmp_param.skb = skb;
832 icmp_param.offset = 0;
833 icmp_param.data_len = skb->len;
834 icmp_param.head_len = sizeof(struct icmphdr);
835 icmp_reply(&icmp_param, skb);
836 }
837}
838
839
840
841
842
843
844
845
846static void icmp_timestamp(struct sk_buff *skb)
847{
848 struct timespec tv;
849 struct icmp_bxm icmp_param;
850
851
852
853 if (skb->len < 4)
854 goto out_err;
855
856
857
858
859 getnstimeofday(&tv);
860 icmp_param.data.times[1] = htonl((tv.tv_sec % 86400) * MSEC_PER_SEC +
861 tv.tv_nsec / NSEC_PER_MSEC);
862 icmp_param.data.times[2] = icmp_param.data.times[1];
863 if (skb_copy_bits(skb, 0, &icmp_param.data.times[0], 4))
864 BUG();
865 icmp_param.data.icmph = *icmp_hdr(skb);
866 icmp_param.data.icmph.type = ICMP_TIMESTAMPREPLY;
867 icmp_param.data.icmph.code = 0;
868 icmp_param.skb = skb;
869 icmp_param.offset = 0;
870 icmp_param.data_len = 0;
871 icmp_param.head_len = sizeof(struct icmphdr) + 12;
872 icmp_reply(&icmp_param, skb);
873out:
874 return;
875out_err:
876 ICMP_INC_STATS_BH(dev_net(skb_dst(skb)->dev), ICMP_MIB_INERRORS);
877 goto out;
878}
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914static void icmp_address(struct sk_buff *skb)
915{
916#if 0
917 if (net_ratelimit())
918 printk(KERN_DEBUG "a guy asks for address mask. Who is it?\n");
919#endif
920}
921
922
923
924
925
926
927static void icmp_address_reply(struct sk_buff *skb)
928{
929 struct rtable *rt = skb_rtable(skb);
930 struct net_device *dev = skb->dev;
931 struct in_device *in_dev;
932 struct in_ifaddr *ifa;
933
934 if (skb->len < 4 || !(rt->rt_flags&RTCF_DIRECTSRC))
935 goto out;
936
937 in_dev = in_dev_get(dev);
938 if (!in_dev)
939 goto out;
940 rcu_read_lock();
941 if (in_dev->ifa_list &&
942 IN_DEV_LOG_MARTIANS(in_dev) &&
943 IN_DEV_FORWARD(in_dev)) {
944 __be32 _mask, *mp;
945
946 mp = skb_header_pointer(skb, 0, sizeof(_mask), &_mask);
947 BUG_ON(mp == NULL);
948 for (ifa = in_dev->ifa_list; ifa; ifa = ifa->ifa_next) {
949 if (*mp == ifa->ifa_mask &&
950 inet_ifa_match(rt->rt_src, ifa))
951 break;
952 }
953 if (!ifa && net_ratelimit()) {
954 printk(KERN_INFO "Wrong address mask %pI4 from %s/%pI4\n",
955 mp, dev->name, &rt->rt_src);
956 }
957 }
958 rcu_read_unlock();
959 in_dev_put(in_dev);
960out:;
961}
962
963static void icmp_discard(struct sk_buff *skb)
964{
965}
966
967
968
969
970int icmp_rcv(struct sk_buff *skb)
971{
972 struct icmphdr *icmph;
973 struct rtable *rt = skb_rtable(skb);
974 struct net *net = dev_net(rt->u.dst.dev);
975
976 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) {
977 struct sec_path *sp = skb_sec_path(skb);
978 int nh;
979
980 if (!(sp && sp->xvec[sp->len - 1]->props.flags &
981 XFRM_STATE_ICMP))
982 goto drop;
983
984 if (!pskb_may_pull(skb, sizeof(*icmph) + sizeof(struct iphdr)))
985 goto drop;
986
987 nh = skb_network_offset(skb);
988 skb_set_network_header(skb, sizeof(*icmph));
989
990 if (!xfrm4_policy_check_reverse(NULL, XFRM_POLICY_IN, skb))
991 goto drop;
992
993 skb_set_network_header(skb, nh);
994 }
995
996 ICMP_INC_STATS_BH(net, ICMP_MIB_INMSGS);
997
998 switch (skb->ip_summed) {
999 case CHECKSUM_COMPLETE:
1000 if (!csum_fold(skb->csum))
1001 break;
1002
1003 case CHECKSUM_NONE:
1004 skb->csum = 0;
1005 if (__skb_checksum_complete(skb))
1006 goto error;
1007 }
1008
1009 if (!pskb_pull(skb, sizeof(*icmph)))
1010 goto error;
1011
1012 icmph = icmp_hdr(skb);
1013
1014 ICMPMSGIN_INC_STATS_BH(net, icmph->type);
1015
1016
1017
1018
1019
1020
1021 if (icmph->type > NR_ICMP_TYPES)
1022 goto error;
1023
1024
1025
1026
1027
1028
1029 if (rt->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST)) {
1030
1031
1032
1033
1034
1035
1036 if ((icmph->type == ICMP_ECHO ||
1037 icmph->type == ICMP_TIMESTAMP) &&
1038 net->ipv4.sysctl_icmp_echo_ignore_broadcasts) {
1039 goto error;
1040 }
1041 if (icmph->type != ICMP_ECHO &&
1042 icmph->type != ICMP_TIMESTAMP &&
1043 icmph->type != ICMP_ADDRESS &&
1044 icmph->type != ICMP_ADDRESSREPLY) {
1045 goto error;
1046 }
1047 }
1048
1049 icmp_pointers[icmph->type].handler(skb);
1050
1051drop:
1052 kfree_skb(skb);
1053 return 0;
1054error:
1055 ICMP_INC_STATS_BH(net, ICMP_MIB_INERRORS);
1056 goto drop;
1057}
1058
1059
1060
1061
1062static const struct icmp_control icmp_pointers[NR_ICMP_TYPES + 1] = {
1063 [ICMP_ECHOREPLY] = {
1064 .handler = icmp_discard,
1065 },
1066 [1] = {
1067 .handler = icmp_discard,
1068 .error = 1,
1069 },
1070 [2] = {
1071 .handler = icmp_discard,
1072 .error = 1,
1073 },
1074 [ICMP_DEST_UNREACH] = {
1075 .handler = icmp_unreach,
1076 .error = 1,
1077 },
1078 [ICMP_SOURCE_QUENCH] = {
1079 .handler = icmp_unreach,
1080 .error = 1,
1081 },
1082 [ICMP_REDIRECT] = {
1083 .handler = icmp_redirect,
1084 .error = 1,
1085 },
1086 [6] = {
1087 .handler = icmp_discard,
1088 .error = 1,
1089 },
1090 [7] = {
1091 .handler = icmp_discard,
1092 .error = 1,
1093 },
1094 [ICMP_ECHO] = {
1095 .handler = icmp_echo,
1096 },
1097 [9] = {
1098 .handler = icmp_discard,
1099 .error = 1,
1100 },
1101 [10] = {
1102 .handler = icmp_discard,
1103 .error = 1,
1104 },
1105 [ICMP_TIME_EXCEEDED] = {
1106 .handler = icmp_unreach,
1107 .error = 1,
1108 },
1109 [ICMP_PARAMETERPROB] = {
1110 .handler = icmp_unreach,
1111 .error = 1,
1112 },
1113 [ICMP_TIMESTAMP] = {
1114 .handler = icmp_timestamp,
1115 },
1116 [ICMP_TIMESTAMPREPLY] = {
1117 .handler = icmp_discard,
1118 },
1119 [ICMP_INFO_REQUEST] = {
1120 .handler = icmp_discard,
1121 },
1122 [ICMP_INFO_REPLY] = {
1123 .handler = icmp_discard,
1124 },
1125 [ICMP_ADDRESS] = {
1126 .handler = icmp_address,
1127 },
1128 [ICMP_ADDRESSREPLY] = {
1129 .handler = icmp_address_reply,
1130 },
1131};
1132
1133static void __net_exit icmp_sk_exit(struct net *net)
1134{
1135 int i;
1136
1137 for_each_possible_cpu(i)
1138 inet_ctl_sock_destroy(net->ipv4.icmp_sk[i]);
1139 kfree(net->ipv4.icmp_sk);
1140 net->ipv4.icmp_sk = NULL;
1141}
1142
1143static int __net_init icmp_sk_init(struct net *net)
1144{
1145 int i, err;
1146
1147 net->ipv4.icmp_sk =
1148 kzalloc(nr_cpu_ids * sizeof(struct sock *), GFP_KERNEL);
1149 if (net->ipv4.icmp_sk == NULL)
1150 return -ENOMEM;
1151
1152 for_each_possible_cpu(i) {
1153 struct sock *sk;
1154
1155 err = inet_ctl_sock_create(&sk, PF_INET,
1156 SOCK_RAW, IPPROTO_ICMP, net);
1157 if (err < 0)
1158 goto fail;
1159
1160 net->ipv4.icmp_sk[i] = sk;
1161
1162
1163
1164
1165 sk->sk_sndbuf =
1166 (2 * ((64 * 1024) + sizeof(struct sk_buff)));
1167
1168 inet_sk(sk)->pmtudisc = IP_PMTUDISC_DONT;
1169 }
1170
1171
1172 net->ipv4.sysctl_icmp_echo_ignore_all = 0;
1173 net->ipv4.sysctl_icmp_echo_ignore_broadcasts = 1;
1174
1175
1176 net->ipv4.sysctl_icmp_ignore_bogus_error_responses = 1;
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190 net->ipv4.sysctl_icmp_ratelimit = 1 * HZ;
1191 net->ipv4.sysctl_icmp_ratemask = 0x1818;
1192 net->ipv4.sysctl_icmp_errors_use_inbound_ifaddr = 0;
1193
1194 return 0;
1195
1196fail:
1197 for_each_possible_cpu(i)
1198 inet_ctl_sock_destroy(net->ipv4.icmp_sk[i]);
1199 kfree(net->ipv4.icmp_sk);
1200 return err;
1201}
1202
1203static struct pernet_operations __net_initdata icmp_sk_ops = {
1204 .init = icmp_sk_init,
1205 .exit = icmp_sk_exit,
1206};
1207
1208int __init icmp_init(void)
1209{
1210 return register_pernet_subsys(&icmp_sk_ops);
1211}
1212
1213EXPORT_SYMBOL(icmp_err_convert);
1214EXPORT_SYMBOL(icmp_send);
1215EXPORT_SYMBOL(xrlim_allow);
1216