LXR linux/net/ipv6/icmp.c

   1/*
   2 *      Internet Control Message Protocol (ICMPv6)
   3 *      Linux INET6 implementation
   4 *
   5 *      Authors:
   6 *      Pedro Roque             <roque@di.fc.ul.pt>
   7 *
   8 *      Based on net/ipv4/icmp.c
   9 *
  10 *      RFC 1885
  11 *
  12 *      This program is free software; you can redistribute it and/or
  13 *      modify it under the terms of the GNU General Public License
  14 *      as published by the Free Software Foundation; either version
  15 *      2 of the License, or (at your option) any later version.
  16 */
  17
  18/*
  19 *      Changes:
  20 *
  21 *      Andi Kleen              :       exception handling
  22 *      Andi Kleen                      add rate limits. never reply to a icmp.
  23 *                                      add more length checks and other fixes.
  24 *      yoshfuji                :       ensure to sent parameter problem for
  25 *                                      fragments.
  26 *      YOSHIFUJI Hideaki @USAGI:       added sysctl for icmp rate limit.
  27 *      Randy Dunlap and
  28 *      YOSHIFUJI Hideaki @USAGI:       Per-interface statistics support
  29 *      Kazunori MIYAZAWA @USAGI:       change output process to use ip6_append_data
  30 */
  31
  32#define pr_fmt(fmt) "IPv6: " fmt
  33
  34#include <linux/module.h>
  35#include <linux/errno.h>
  36#include <linux/types.h>
  37#include <linux/socket.h>
  38#include <linux/in.h>
  39#include <linux/kernel.h>
  40#include <linux/sockios.h>
  41#include <linux/net.h>
  42#include <linux/skbuff.h>
  43#include <linux/init.h>
  44#include <linux/netfilter.h>
  45#include <linux/slab.h>
  46
  47#ifdef CONFIG_SYSCTL
  48#include <linux/sysctl.h>
  49#endif
  50
  51#include <linux/inet.h>
  52#include <linux/netdevice.h>
  53#include <linux/icmpv6.h>
  54
  55#include <net/ip.h>
  56#include <net/sock.h>
  57
  58#include <net/ipv6.h>
  59#include <net/ip6_checksum.h>
  60#include <net/protocol.h>
  61#include <net/raw.h>
  62#include <net/rawv6.h>
  63#include <net/transp_v6.h>
  64#include <net/ip6_route.h>
  65#include <net/addrconf.h>
  66#include <net/icmp.h>
  67#include <net/xfrm.h>
  68#include <net/inet_common.h>
  69
  70#include <asm/uaccess.h>
  71
  72/*
  73 *      The ICMP socket(s). This is the most convenient way to flow control
  74 *      our ICMP output as well as maintain a clean interface throughout
  75 *      all layers. All Socketless IP sends will soon be gone.
  76 *
  77 *      On SMP we have one ICMP socket per-cpu.
  78 */
  79static inline struct sock *icmpv6_sk(struct net *net)
  80{
  81        return net->ipv6.icmp_sk[smp_processor_id()];
  82}
  83
  84static void icmpv6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
  85                       u8 type, u8 code, int offset, __be32 info)
  86{
  87        struct net *net = dev_net(skb->dev);
  88
  89        if (type == ICMPV6_PKT_TOOBIG)
  90                ip6_update_pmtu(skb, net, info, 0, 0);
  91        else if (type == NDISC_REDIRECT)
  92                ip6_redirect(skb, net, 0, 0);
  93}
  94
  95static int icmpv6_rcv(struct sk_buff *skb);
  96
  97static const struct inet6_protocol icmpv6_protocol = {
  98        .handler        =       icmpv6_rcv,
  99        .err_handler    =       icmpv6_err,
 100        .flags          =       INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
 101};
 102
 103static __inline__ struct sock *icmpv6_xmit_lock(struct net *net)
 104{
 105        struct sock *sk;
 106
 107        local_bh_disable();
 108
 109        sk = icmpv6_sk(net);
 110        if (unlikely(!spin_trylock(&sk->sk_lock.slock))) {
 111                /* This can happen if the output path (f.e. SIT or
 112                 * ip6ip6 tunnel) signals dst_link_failure() for an
 113                 * outgoing ICMP6 packet.
 114                 */
 115                local_bh_enable();
 116                return NULL;
 117        }
 118        return sk;
 119}
 120
 121static __inline__ void icmpv6_xmit_unlock(struct sock *sk)
 122{
 123        spin_unlock_bh(&sk->sk_lock.slock);
 124}
 125
 126/*
 127 * Slightly more convenient version of icmpv6_send.
 128 */
 129void icmpv6_param_prob(struct sk_buff *skb, u8 code, int pos)
 130{
 131        icmpv6_send(skb, ICMPV6_PARAMPROB, code, pos);
 132        kfree_skb(skb);
 133}
 134
 135/*
 136 * Figure out, may we reply to this packet with icmp error.
 137 *
 138 * We do not reply, if:
 139 *      - it was icmp error message.
 140 *      - it is truncated, so that it is known, that protocol is ICMPV6
 141 *        (i.e. in the middle of some exthdr)
 142 *
 143 *      --ANK (980726)
 144 */
 145
 146static bool is_ineligible(const struct sk_buff *skb)
 147{
 148        int ptr = (u8 *)(ipv6_hdr(skb) + 1) - skb->data;
 149        int len = skb->len - ptr;
 150        __u8 nexthdr = ipv6_hdr(skb)->nexthdr;
 151        __be16 frag_off;
 152
 153        if (len < 0)
 154                return true;
 155
 156        ptr = ipv6_skip_exthdr(skb, ptr, &nexthdr, &frag_off);
 157        if (ptr < 0)
 158                return false;
 159        if (nexthdr == IPPROTO_ICMPV6) {
 160                u8 _type, *tp;
 161                tp = skb_header_pointer(skb,
 162                        ptr+offsetof(struct icmp6hdr, icmp6_type),
 163                        sizeof(_type), &_type);
 164                if (tp == NULL ||
 165                    !(*tp & ICMPV6_INFOMSG_MASK))
 166                        return true;
 167        }
 168        return false;
 169}
 170
 171/*
 172 * Check the ICMP output rate limit
 173 */
 174static inline bool icmpv6_xrlim_allow(struct sock *sk, u8 type,
 175                                      struct flowi6 *fl6)
 176{
 177        struct dst_entry *dst;
 178        struct net *net = sock_net(sk);
 179        bool res = false;
 180
 181        /* Informational messages are not limited. */
 182        if (type & ICMPV6_INFOMSG_MASK)
 183                return true;
 184
 185        /* Do not limit pmtu discovery, it would break it. */
 186        if (type == ICMPV6_PKT_TOOBIG)
 187                return true;
 188
 189        /*
 190         * Look up the output route.
 191         * XXX: perhaps the expire for routing entries cloned by
 192         * this lookup should be more aggressive (not longer than timeout).
 193         */
 194        dst = ip6_route_output(net, sk, fl6);
 195        if (dst->error) {
 196                IP6_INC_STATS(net, ip6_dst_idev(dst),
 197                              IPSTATS_MIB_OUTNOROUTES);
 198        } else if (dst->dev && (dst->dev->flags&IFF_LOOPBACK)) {
 199                res = true;
 200        } else {
 201                struct rt6_info *rt = (struct rt6_info *)dst;
 202                int tmo = net->ipv6.sysctl.icmpv6_time;
 203                struct inet_peer *peer;
 204
 205                /* Give more bandwidth to wider prefixes. */
 206                if (rt->rt6i_dst.plen < 128)
 207                        tmo >>= ((128 - rt->rt6i_dst.plen)>>5);
 208
 209                peer = inet_getpeer_v6(net->ipv6.peers, &rt->rt6i_dst.addr, 1);
 210                res = inet_peer_xrlim_allow(peer, tmo);
 211                if (peer)
 212                        inet_putpeer(peer);
 213        }
 214        dst_release(dst);
 215        return res;
 216}
 217
 218/*
 219 *      an inline helper for the "simple" if statement below
 220 *      checks if parameter problem report is caused by an
 221 *      unrecognized IPv6 option that has the Option Type
 222 *      highest-order two bits set to 10
 223 */
 224
 225static bool opt_unrec(struct sk_buff *skb, __u32 offset)
 226{
 227        u8 _optval, *op;
 228
 229        offset += skb_network_offset(skb);
 230        op = skb_header_pointer(skb, offset, sizeof(_optval), &_optval);
 231        if (op == NULL)
 232                return true;
 233        return (*op & 0xC0) == 0x80;
 234}
 235
 236static int icmpv6_push_pending_frames(struct sock *sk, struct flowi6 *fl6, struct icmp6hdr *thdr, int len)
 237{
 238        struct sk_buff *skb;
 239        struct icmp6hdr *icmp6h;
 240        int err = 0;
 241
 242        if ((skb = skb_peek(&sk->sk_write_queue)) == NULL)
 243                goto out;
 244
 245        icmp6h = icmp6_hdr(skb);
 246        memcpy(icmp6h, thdr, sizeof(struct icmp6hdr));
 247        icmp6h->icmp6_cksum = 0;
 248
 249        if (skb_queue_len(&sk->sk_write_queue) == 1) {
 250                skb->csum = csum_partial(icmp6h,
 251                                        sizeof(struct icmp6hdr), skb->csum);
 252                icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr,
 253                                                      &fl6->daddr,
 254                                                      len, fl6->flowi6_proto,
 255                                                      skb->csum);
 256        } else {
 257                __wsum tmp_csum = 0;
 258
 259                skb_queue_walk(&sk->sk_write_queue, skb) {
 260                        tmp_csum = csum_add(tmp_csum, skb->csum);
 261                }
 262
 263                tmp_csum = csum_partial(icmp6h,
 264                                        sizeof(struct icmp6hdr), tmp_csum);
 265                icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr,
 266                                                      &fl6->daddr,
 267                                                      len, fl6->flowi6_proto,
 268                                                      tmp_csum);
 269        }
 270        ip6_push_pending_frames(sk);
 271out:
 272        return err;
 273}
 274
 275struct icmpv6_msg {
 276        struct sk_buff  *skb;
 277        int             offset;
 278        uint8_t         type;
 279};
 280
 281static int icmpv6_getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb)
 282{
 283        struct icmpv6_msg *msg = (struct icmpv6_msg *) from;
 284        struct sk_buff *org_skb = msg->skb;
 285        __wsum csum = 0;
 286
 287        csum = skb_copy_and_csum_bits(org_skb, msg->offset + offset,
 288                                      to, len, csum);
 289        skb->csum = csum_block_add(skb->csum, csum, odd);
 290        if (!(msg->type & ICMPV6_INFOMSG_MASK))
 291                nf_ct_attach(skb, org_skb);
 292        return 0;
 293}
 294
 295#if IS_ENABLED(CONFIG_IPV6_MIP6)
 296static void mip6_addr_swap(struct sk_buff *skb)
 297{
 298        struct ipv6hdr *iph = ipv6_hdr(skb);
 299        struct inet6_skb_parm *opt = IP6CB(skb);
 300        struct ipv6_destopt_hao *hao;
 301        struct in6_addr tmp;
 302        int off;
 303
 304        if (opt->dsthao) {
 305                off = ipv6_find_tlv(skb, opt->dsthao, IPV6_TLV_HAO);
 306                if (likely(off >= 0)) {
 307                        hao = (struct ipv6_destopt_hao *)
 308                                        (skb_network_header(skb) + off);
 309                        tmp = iph->saddr;
 310                        iph->saddr = hao->addr;
 311                        hao->addr = tmp;
 312                }
 313        }
 314}
 315#else
 316static inline void mip6_addr_swap(struct sk_buff *skb) {}
 317#endif
 318
 319static struct dst_entry *icmpv6_route_lookup(struct net *net, struct sk_buff *skb,
 320                                             struct sock *sk, struct flowi6 *fl6)
 321{
 322        struct dst_entry *dst, *dst2;
 323        struct flowi6 fl2;
 324        int err;
 325
 326        err = ip6_dst_lookup(sk, &dst, fl6);
 327        if (err)
 328                return ERR_PTR(err);
 329
 330        /*
 331         * We won't send icmp if the destination is known
 332         * anycast.
 333         */
 334        if (((struct rt6_info *)dst)->rt6i_flags & RTF_ANYCAST) {
 335                LIMIT_NETDEBUG(KERN_DEBUG "icmpv6_send: acast source\n");
 336                dst_release(dst);
 337                return ERR_PTR(-EINVAL);
 338        }
 339
 340        /* No need to clone since we're just using its address. */
 341        dst2 = dst;
 342
 343        dst = xfrm_lookup(net, dst, flowi6_to_flowi(fl6), sk, 0);
 344        if (!IS_ERR(dst)) {
 345                if (dst != dst2)
 346                        return dst;
 347        } else {
 348                if (PTR_ERR(dst) == -EPERM)
 349                        dst = NULL;
 350                else
 351                        return dst;
 352        }
 353
 354        err = xfrm_decode_session_reverse(skb, flowi6_to_flowi(&fl2), AF_INET6);
 355        if (err)
 356                goto relookup_failed;
 357
 358        err = ip6_dst_lookup(sk, &dst2, &fl2);
 359        if (err)
 360                goto relookup_failed;
 361
 362        dst2 = xfrm_lookup(net, dst2, flowi6_to_flowi(&fl2), sk, XFRM_LOOKUP_ICMP);
 363        if (!IS_ERR(dst2)) {
 364                dst_release(dst);
 365                dst = dst2;
 366        } else {
 367                err = PTR_ERR(dst2);
 368                if (err == -EPERM) {
 369                        dst_release(dst);
 370                        return dst2;
 371                } else
 372                        goto relookup_failed;
 373        }
 374
 375relookup_failed:
 376        if (dst)
 377                return dst;
 378        return ERR_PTR(err);
 379}
 380
 381/*
 382 *      Send an ICMP message in response to a packet in error
 383 */
 384void icmpv6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info)
 385{
 386        struct net *net = dev_net(skb->dev);
 387        struct inet6_dev *idev = NULL;
 388        struct ipv6hdr *hdr = ipv6_hdr(skb);
 389        struct sock *sk;
 390        struct ipv6_pinfo *np;
 391        const struct in6_addr *saddr = NULL;
 392        struct dst_entry *dst;
 393        struct icmp6hdr tmp_hdr;
 394        struct flowi6 fl6;
 395        struct icmpv6_msg msg;
 396        int iif = 0;
 397        int addr_type = 0;
 398        int len;
 399        int hlimit;
 400        int err = 0;
 401
 402        if ((u8 *)hdr < skb->head ||
 403            (skb->network_header + sizeof(*hdr)) > skb->tail)
 404                return;
 405
 406        /*
 407         *      Make sure we respect the rules
 408         *      i.e. RFC 1885 2.4(e)
 409         *      Rule (e.1) is enforced by not using icmpv6_send
 410         *      in any code that processes icmp errors.
 411         */
 412        addr_type = ipv6_addr_type(&hdr->daddr);
 413
 414        if (ipv6_chk_addr(net, &hdr->daddr, skb->dev, 0))
 415                saddr = &hdr->daddr;
 416
 417        /*
 418         *      Dest addr check
 419         */
 420
 421        if ((addr_type & IPV6_ADDR_MULTICAST || skb->pkt_type != PACKET_HOST)) {
 422                if (type != ICMPV6_PKT_TOOBIG &&
 423                    !(type == ICMPV6_PARAMPROB &&
 424                      code == ICMPV6_UNK_OPTION &&
 425                      (opt_unrec(skb, info))))
 426                        return;
 427
 428                saddr = NULL;
 429        }
 430
 431        addr_type = ipv6_addr_type(&hdr->saddr);
 432
 433        /*
 434         *      Source addr check
 435         */
 436
 437        if (addr_type & IPV6_ADDR_LINKLOCAL)
 438                iif = skb->dev->ifindex;
 439
 440        /*
 441         *      Must not send error if the source does not uniquely
 442         *      identify a single node (RFC2463 Section 2.4).
 443         *      We check unspecified / multicast addresses here,
 444         *      and anycast addresses will be checked later.
 445         */
 446        if ((addr_type == IPV6_ADDR_ANY) || (addr_type & IPV6_ADDR_MULTICAST)) {
 447                LIMIT_NETDEBUG(KERN_DEBUG "icmpv6_send: addr_any/mcast source\n");
 448                return;
 449        }
 450
 451        /*
 452         *      Never answer to a ICMP packet.
 453         */
 454        if (is_ineligible(skb)) {
 455                LIMIT_NETDEBUG(KERN_DEBUG "icmpv6_send: no reply to icmp error\n");
 456                return;
 457        }
 458
 459        mip6_addr_swap(skb);
 460
 461        memset(&fl6, 0, sizeof(fl6));
 462        fl6.flowi6_proto = IPPROTO_ICMPV6;
 463        fl6.daddr = hdr->saddr;
 464        if (saddr)
 465                fl6.saddr = *saddr;
 466        fl6.flowi6_oif = iif;
 467        fl6.fl6_icmp_type = type;
 468        fl6.fl6_icmp_code = code;
 469        security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
 470
 471        sk = icmpv6_xmit_lock(net);
 472        if (sk == NULL)
 473                return;
 474        np = inet6_sk(sk);
 475
 476        if (!icmpv6_xrlim_allow(sk, type, &fl6))
 477                goto out;
 478
 479        tmp_hdr.icmp6_type = type;
 480        tmp_hdr.icmp6_code = code;
 481        tmp_hdr.icmp6_cksum = 0;
 482        tmp_hdr.icmp6_pointer = htonl(info);
 483
 484        if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
 485                fl6.flowi6_oif = np->mcast_oif;
 486        else if (!fl6.flowi6_oif)
 487                fl6.flowi6_oif = np->ucast_oif;
 488
 489        dst = icmpv6_route_lookup(net, skb, sk, &fl6);
 490        if (IS_ERR(dst))
 491                goto out;
 492
 493        if (ipv6_addr_is_multicast(&fl6.daddr))
 494                hlimit = np->mcast_hops;
 495        else
 496                hlimit = np->hop_limit;
 497        if (hlimit < 0)
 498                hlimit = ip6_dst_hoplimit(dst);
 499
 500        msg.skb = skb;
 501        msg.offset = skb_network_offset(skb);
 502        msg.type = type;
 503
 504        len = skb->len - msg.offset;
 505        len = min_t(unsigned int, len, IPV6_MIN_MTU - sizeof(struct ipv6hdr) -sizeof(struct icmp6hdr));
 506        if (len < 0) {
 507                LIMIT_NETDEBUG(KERN_DEBUG "icmp: len problem\n");
 508                goto out_dst_release;
 509        }
 510
 511        rcu_read_lock();
 512        idev = __in6_dev_get(skb->dev);
 513
 514        err = ip6_append_data(sk, icmpv6_getfrag, &msg,
 515                              len + sizeof(struct icmp6hdr),
 516                              sizeof(struct icmp6hdr), hlimit,
 517                              np->tclass, NULL, &fl6, (struct rt6_info *)dst,
 518                              MSG_DONTWAIT, np->dontfrag);
 519        if (err) {
 520                ICMP6_INC_STATS_BH(net, idev, ICMP6_MIB_OUTERRORS);
 521                ip6_flush_pending_frames(sk);
 522        } else {
 523                err = icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr,
 524                                                 len + sizeof(struct icmp6hdr));
 525        }
 526        rcu_read_unlock();
 527out_dst_release:
 528        dst_release(dst);
 529out:
 530        icmpv6_xmit_unlock(sk);
 531}
 532EXPORT_SYMBOL(icmpv6_send);
 533
 534static void icmpv6_echo_reply(struct sk_buff *skb)
 535{
 536        struct net *net = dev_net(skb->dev);
 537        struct sock *sk;
 538        struct inet6_dev *idev;
 539        struct ipv6_pinfo *np;
 540        const struct in6_addr *saddr = NULL;
 541        struct icmp6hdr *icmph = icmp6_hdr(skb);
 542        struct icmp6hdr tmp_hdr;
 543        struct flowi6 fl6;
 544        struct icmpv6_msg msg;
 545        struct dst_entry *dst;
 546        int err = 0;
 547        int hlimit;
 548
 549        saddr = &ipv6_hdr(skb)->daddr;
 550
 551        if (!ipv6_unicast_destination(skb))
 552                saddr = NULL;
 553
 554        memcpy(&tmp_hdr, icmph, sizeof(tmp_hdr));
 555        tmp_hdr.icmp6_type = ICMPV6_ECHO_REPLY;
 556
 557        memset(&fl6, 0, sizeof(fl6));
 558        fl6.flowi6_proto = IPPROTO_ICMPV6;
 559        fl6.daddr = ipv6_hdr(skb)->saddr;
 560        if (saddr)
 561                fl6.saddr = *saddr;
 562        fl6.flowi6_oif = skb->dev->ifindex;
 563        fl6.fl6_icmp_type = ICMPV6_ECHO_REPLY;
 564        security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
 565
 566        sk = icmpv6_xmit_lock(net);
 567        if (sk == NULL)
 568                return;
 569        np = inet6_sk(sk);
 570
 571        if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
 572                fl6.flowi6_oif = np->mcast_oif;
 573        else if (!fl6.flowi6_oif)
 574                fl6.flowi6_oif = np->ucast_oif;
 575
 576        err = ip6_dst_lookup(sk, &dst, &fl6);
 577        if (err)
 578                goto out;
 579        dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), sk, 0);
 580        if (IS_ERR(dst))
 581                goto out;
 582
 583        if (ipv6_addr_is_multicast(&fl6.daddr))
 584                hlimit = np->mcast_hops;
 585        else
 586                hlimit = np->hop_limit;
 587        if (hlimit < 0)
 588                hlimit = ip6_dst_hoplimit(dst);
 589
 590        idev = __in6_dev_get(skb->dev);
 591
 592        msg.skb = skb;
 593        msg.offset = 0;
 594        msg.type = ICMPV6_ECHO_REPLY;
 595
 596        err = ip6_append_data(sk, icmpv6_getfrag, &msg, skb->len + sizeof(struct icmp6hdr),
 597                                sizeof(struct icmp6hdr), hlimit, np->tclass, NULL, &fl6,
 598                                (struct rt6_info *)dst, MSG_DONTWAIT,
 599                                np->dontfrag);
 600
 601        if (err) {
 602                ICMP6_INC_STATS_BH(net, idev, ICMP6_MIB_OUTERRORS);
 603                ip6_flush_pending_frames(sk);
 604        } else {
 605                err = icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr,
 606                                                 skb->len + sizeof(struct icmp6hdr));
 607        }
 608        dst_release(dst);
 609out:
 610        icmpv6_xmit_unlock(sk);
 611}
 612
 613void icmpv6_notify(struct sk_buff *skb, u8 type, u8 code, __be32 info)
 614{
 615        const struct inet6_protocol *ipprot;
 616        int inner_offset;
 617        __be16 frag_off;
 618        u8 nexthdr;
 619
 620        if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
 621                return;
 622
 623        nexthdr = ((struct ipv6hdr *)skb->data)->nexthdr;
 624        if (ipv6_ext_hdr(nexthdr)) {
 625                /* now skip over extension headers */
 626                inner_offset = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr),
 627                                                &nexthdr, &frag_off);
 628                if (inner_offset<0)
 629                        return;
 630        } else {
 631                inner_offset = sizeof(struct ipv6hdr);
 632        }
 633
 634        /* Checkin header including 8 bytes of inner protocol header. */
 635        if (!pskb_may_pull(skb, inner_offset+8))
 636                return;
 637
 638        /* BUGGG_FUTURE: we should try to parse exthdrs in this packet.
 639           Without this we will not able f.e. to make source routed
 640           pmtu discovery.
 641           Corresponding argument (opt) to notifiers is already added.
 642           --ANK (980726)
 643         */
 644
 645        rcu_read_lock();
 646        ipprot = rcu_dereference(inet6_protos[nexthdr]);
 647        if (ipprot && ipprot->err_handler)
 648                ipprot->err_handler(skb, NULL, type, code, inner_offset, info);
 649        rcu_read_unlock();
 650
 651        raw6_icmp_error(skb, nexthdr, type, code, inner_offset, info);
 652}
 653
 654/*
 655 *      Handle icmp messages
 656 */
 657
 658static int icmpv6_rcv(struct sk_buff *skb)
 659{
 660        struct net_device *dev = skb->dev;
 661        struct inet6_dev *idev = __in6_dev_get(dev);
 662        const struct in6_addr *saddr, *daddr;
 663        struct icmp6hdr *hdr;
 664        u8 type;
 665
 666        if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
 667                struct sec_path *sp = skb_sec_path(skb);
 668                int nh;
 669
 670                if (!(sp && sp->xvec[sp->len - 1]->props.flags &
 671                                 XFRM_STATE_ICMP))
 672                        goto drop_no_count;
 673
 674                if (!pskb_may_pull(skb, sizeof(*hdr) + sizeof(struct ipv6hdr)))
 675                        goto drop_no_count;
 676
 677                nh = skb_network_offset(skb);
 678                skb_set_network_header(skb, sizeof(*hdr));
 679
 680                if (!xfrm6_policy_check_reverse(NULL, XFRM_POLICY_IN, skb))
 681                        goto drop_no_count;
 682
 683                skb_set_network_header(skb, nh);
 684        }
 685
 686        ICMP6_INC_STATS_BH(dev_net(dev), idev, ICMP6_MIB_INMSGS);
 687
 688        saddr = &ipv6_hdr(skb)->saddr;
 689        daddr = &ipv6_hdr(skb)->daddr;
 690
 691        /* Perform checksum. */
 692        switch (skb->ip_summed) {
 693        case CHECKSUM_COMPLETE:
 694                if (!csum_ipv6_magic(saddr, daddr, skb->len, IPPROTO_ICMPV6,
 695                                     skb->csum))
 696                        break;
 697                /* fall through */
 698        case CHECKSUM_NONE:
 699                skb->csum = ~csum_unfold(csum_ipv6_magic(saddr, daddr, skb->len,
 700                                             IPPROTO_ICMPV6, 0));
 701                if (__skb_checksum_complete(skb)) {
 702                        LIMIT_NETDEBUG(KERN_DEBUG "ICMPv6 checksum failed [%pI6 > %pI6]\n",
 703                                       saddr, daddr);
 704                        goto discard_it;
 705                }
 706        }
 707
 708        if (!pskb_pull(skb, sizeof(*hdr)))
 709                goto discard_it;
 710
 711        hdr = icmp6_hdr(skb);
 712
 713        type = hdr->icmp6_type;
 714
 715        ICMP6MSGIN_INC_STATS_BH(dev_net(dev), idev, type);
 716
 717        switch (type) {
 718        case ICMPV6_ECHO_REQUEST:
 719                icmpv6_echo_reply(skb);
 720                break;
 721
 722        case ICMPV6_ECHO_REPLY:
 723                /* we couldn't care less */
 724                break;
 725
 726        case ICMPV6_PKT_TOOBIG:
 727                /* BUGGG_FUTURE: if packet contains rthdr, we cannot update
 728                   standard destination cache. Seems, only "advanced"
 729                   destination cache will allow to solve this problem
 730                   --ANK (980726)
 731                 */
 732                if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
 733                        goto discard_it;
 734                hdr = icmp6_hdr(skb);
 735
 736                /*
 737                 *      Drop through to notify
 738                 */
 739
 740        case ICMPV6_DEST_UNREACH:
 741        case ICMPV6_TIME_EXCEED:
 742        case ICMPV6_PARAMPROB:
 743                icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu);
 744                break;
 745
 746        case NDISC_ROUTER_SOLICITATION:
 747        case NDISC_ROUTER_ADVERTISEMENT:
 748        case NDISC_NEIGHBOUR_SOLICITATION:
 749        case NDISC_NEIGHBOUR_ADVERTISEMENT:
 750        case NDISC_REDIRECT:
 751                ndisc_rcv(skb);
 752                break;
 753
 754        case ICMPV6_MGM_QUERY:
 755                igmp6_event_query(skb);
 756                break;
 757
 758        case ICMPV6_MGM_REPORT:
 759                igmp6_event_report(skb);
 760                break;
 761
 762        case ICMPV6_MGM_REDUCTION:
 763        case ICMPV6_NI_QUERY:
 764        case ICMPV6_NI_REPLY:
 765        case ICMPV6_MLD2_REPORT:
 766        case ICMPV6_DHAAD_REQUEST:
 767        case ICMPV6_DHAAD_REPLY:
 768        case ICMPV6_MOBILE_PREFIX_SOL:
 769        case ICMPV6_MOBILE_PREFIX_ADV:
 770                break;
 771
 772        default:
 773                LIMIT_NETDEBUG(KERN_DEBUG "icmpv6: msg of unknown type\n");
 774
 775                /* informational */
 776                if (type & ICMPV6_INFOMSG_MASK)
 777                        break;
 778
 779                /*
 780                 * error of unknown type.
 781                 * must pass to upper level
 782                 */
 783
 784                icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu);
 785        }
 786
 787        kfree_skb(skb);
 788        return 0;
 789
 790discard_it:
 791        ICMP6_INC_STATS_BH(dev_net(dev), idev, ICMP6_MIB_INERRORS);
 792drop_no_count:
 793        kfree_skb(skb);
 794        return 0;
 795}
 796
 797void icmpv6_flow_init(struct sock *sk, struct flowi6 *fl6,
 798                      u8 type,
 799                      const struct in6_addr *saddr,
 800                      const struct in6_addr *daddr,
 801                      int oif)
 802{
 803        memset(fl6, 0, sizeof(*fl6));
 804        fl6->saddr = *saddr;
 805        fl6->daddr = *daddr;
 806        fl6->flowi6_proto       = IPPROTO_ICMPV6;
 807        fl6->fl6_icmp_type      = type;
 808        fl6->fl6_icmp_code      = 0;
 809        fl6->flowi6_oif         = oif;
 810        security_sk_classify_flow(sk, flowi6_to_flowi(fl6));
 811}
 812
 813/*
 814 * Special lock-class for __icmpv6_sk:
 815 */
 816static struct lock_class_key icmpv6_socket_sk_dst_lock_key;
 817
 818static int __net_init icmpv6_sk_init(struct net *net)
 819{
 820        struct sock *sk;
 821        int err, i, j;
 822
 823        net->ipv6.icmp_sk =
 824                kzalloc(nr_cpu_ids * sizeof(struct sock *), GFP_KERNEL);
 825        if (net->ipv6.icmp_sk == NULL)
 826                return -ENOMEM;
 827
 828        for_each_possible_cpu(i) {
 829                err = inet_ctl_sock_create(&sk, PF_INET6,
 830                                           SOCK_RAW, IPPROTO_ICMPV6, net);
 831                if (err < 0) {
 832                        pr_err("Failed to initialize the ICMP6 control socket (err %d)\n",
 833                               err);
 834                        goto fail;
 835                }
 836
 837                net->ipv6.icmp_sk[i] = sk;
 838
 839                /*
 840                 * Split off their lock-class, because sk->sk_dst_lock
 841                 * gets used from softirqs, which is safe for
 842                 * __icmpv6_sk (because those never get directly used
 843                 * via userspace syscalls), but unsafe for normal sockets.
 844                 */
 845                lockdep_set_class(&sk->sk_dst_lock,
 846                                  &icmpv6_socket_sk_dst_lock_key);
 847
 848                /* Enough space for 2 64K ICMP packets, including
 849                 * sk_buff struct overhead.
 850                 */
 851                sk->sk_sndbuf = 2 * SKB_TRUESIZE(64 * 1024);
 852        }
 853        return 0;
 854
 855 fail:
 856        for (j = 0; j < i; j++)
 857                inet_ctl_sock_destroy(net->ipv6.icmp_sk[j]);
 858        kfree(net->ipv6.icmp_sk);
 859        return err;
 860}
 861
 862static void __net_exit icmpv6_sk_exit(struct net *net)
 863{
 864        int i;
 865
 866        for_each_possible_cpu(i) {
 867                inet_ctl_sock_destroy(net->ipv6.icmp_sk[i]);
 868        }
 869        kfree(net->ipv6.icmp_sk);
 870}
 871
 872static struct pernet_operations icmpv6_sk_ops = {
 873       .init = icmpv6_sk_init,
 874       .exit = icmpv6_sk_exit,
 875};
 876
 877int __init icmpv6_init(void)
 878{
 879        int err;
 880
 881        err = register_pernet_subsys(&icmpv6_sk_ops);
 882        if (err < 0)
 883                return err;
 884
 885        err = -EAGAIN;
 886        if (inet6_add_protocol(&icmpv6_protocol, IPPROTO_ICMPV6) < 0)
 887                goto fail;
 888        return 0;
 889
 890fail:
 891        pr_err("Failed to register ICMP6 protocol\n");
 892        unregister_pernet_subsys(&icmpv6_sk_ops);
 893        return err;
 894}
 895
 896void icmpv6_cleanup(void)
 897{
 898        unregister_pernet_subsys(&icmpv6_sk_ops);
 899        inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6);
 900}
 901
 902
 903static const struct icmp6_err {
 904        int err;
 905        int fatal;
 906} tab_unreach[] = {
 907        {       /* NOROUTE */
 908                .err    = ENETUNREACH,
 909                .fatal  = 0,
 910        },
 911        {       /* ADM_PROHIBITED */
 912                .err    = EACCES,
 913                .fatal  = 1,
 914        },
 915        {       /* Was NOT_NEIGHBOUR, now reserved */
 916                .err    = EHOSTUNREACH,
 917                .fatal  = 0,
 918        },
 919        {       /* ADDR_UNREACH */
 920                .err    = EHOSTUNREACH,
 921                .fatal  = 0,
 922        },
 923        {       /* PORT_UNREACH */
 924                .err    = ECONNREFUSED,
 925                .fatal  = 1,
 926        },
 927};
 928
 929int icmpv6_err_convert(u8 type, u8 code, int *err)
 930{
 931        int fatal = 0;
 932
 933        *err = EPROTO;
 934
 935        switch (type) {
 936        case ICMPV6_DEST_UNREACH:
 937                fatal = 1;
 938                if (code <= ICMPV6_PORT_UNREACH) {
 939                        *err  = tab_unreach[code].err;
 940                        fatal = tab_unreach[code].fatal;
 941                }
 942                break;
 943
 944        case ICMPV6_PKT_TOOBIG:
 945                *err = EMSGSIZE;
 946                break;
 947
 948        case ICMPV6_PARAMPROB:
 949                *err = EPROTO;
 950                fatal = 1;
 951                break;
 952
 953        case ICMPV6_TIME_EXCEED:
 954                *err = EHOSTUNREACH;
 955                break;
 956        }
 957
 958        return fatal;
 959}
 960EXPORT_SYMBOL(icmpv6_err_convert);
 961
 962#ifdef CONFIG_SYSCTL
 963ctl_table ipv6_icmp_table_template[] = {
 964        {
 965                .procname       = "ratelimit",
 966                .data           = &init_net.ipv6.sysctl.icmpv6_time,
 967                .maxlen         = sizeof(int),
 968                .mode           = 0644,
 969                .proc_handler   = proc_dointvec_ms_jiffies,
 970        },
 971        { },
 972};
 973
 974struct ctl_table * __net_init ipv6_icmp_sysctl_init(struct net *net)
 975{
 976        struct ctl_table *table;
 977
 978        table = kmemdup(ipv6_icmp_table_template,
 979                        sizeof(ipv6_icmp_table_template),
 980                        GFP_KERNEL);
 981
 982        if (table)
 983                table[0].data = &net->ipv6.sysctl.icmpv6_time;
 984
 985        return table;
 986}
 987#endif
 988
 989