LXR linux/net/ipv6/icmp.c

   1/*
   2 *      Internet Control Message Protocol (ICMPv6)
   3 *      Linux INET6 implementation
   4 *
   5 *      Authors:
   6 *      Pedro Roque             <roque@di.fc.ul.pt>
   7 *
   8 *      Based on net/ipv4/icmp.c
   9 *
  10 *      RFC 1885
  11 *
  12 *      This program is free software; you can redistribute it and/or
  13 *      modify it under the terms of the GNU General Public License
  14 *      as published by the Free Software Foundation; either version
  15 *      2 of the License, or (at your option) any later version.
  16 */
  17
  18/*
  19 *      Changes:
  20 *
  21 *      Andi Kleen              :       exception handling
  22 *      Andi Kleen                      add rate limits. never reply to a icmp.
  23 *                                      add more length checks and other fixes.
  24 *      yoshfuji                :       ensure to sent parameter problem for
  25 *                                      fragments.
  26 *      YOSHIFUJI Hideaki @USAGI:       added sysctl for icmp rate limit.
  27 *      Randy Dunlap and
  28 *      YOSHIFUJI Hideaki @USAGI:       Per-interface statistics support
  29 *      Kazunori MIYAZAWA @USAGI:       change output process to use ip6_append_data
  30 */
  31
  32#define pr_fmt(fmt) "IPv6: " fmt
  33
  34#include <linux/module.h>
  35#include <linux/errno.h>
  36#include <linux/types.h>
  37#include <linux/socket.h>
  38#include <linux/in.h>
  39#include <linux/kernel.h>
  40#include <linux/sockios.h>
  41#include <linux/net.h>
  42#include <linux/skbuff.h>
  43#include <linux/init.h>
  44#include <linux/netfilter.h>
  45#include <linux/slab.h>
  46
  47#ifdef CONFIG_SYSCTL
  48#include <linux/sysctl.h>
  49#endif
  50
  51#include <linux/inet.h>
  52#include <linux/netdevice.h>
  53#include <linux/icmpv6.h>
  54
  55#include <net/ip.h>
  56#include <net/sock.h>
  57
  58#include <net/ipv6.h>
  59#include <net/ip6_checksum.h>
  60#include <net/ping.h>
  61#include <net/protocol.h>
  62#include <net/raw.h>
  63#include <net/rawv6.h>
  64#include <net/transp_v6.h>
  65#include <net/ip6_route.h>
  66#include <net/addrconf.h>
  67#include <net/icmp.h>
  68#include <net/xfrm.h>
  69#include <net/inet_common.h>
  70#include <net/dsfield.h>
  71
  72#include <asm/uaccess.h>
  73
  74/*
  75 *      The ICMP socket(s). This is the most convenient way to flow control
  76 *      our ICMP output as well as maintain a clean interface throughout
  77 *      all layers. All Socketless IP sends will soon be gone.
  78 *
  79 *      On SMP we have one ICMP socket per-cpu.
  80 */
  81static inline struct sock *icmpv6_sk(struct net *net)
  82{
  83        return net->ipv6.icmp_sk[smp_processor_id()];
  84}
  85
  86static void icmpv6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
  87                       u8 type, u8 code, int offset, __be32 info)
  88{
  89        /* icmpv6_notify checks 8 bytes can be pulled, icmp6hdr is 8 bytes */
  90        struct icmp6hdr *icmp6 = (struct icmp6hdr *) (skb->data + offset);
  91        struct net *net = dev_net(skb->dev);
  92
  93        if (type == ICMPV6_PKT_TOOBIG)
  94                ip6_update_pmtu(skb, net, info, 0, 0);
  95        else if (type == NDISC_REDIRECT)
  96                ip6_redirect(skb, net, skb->dev->ifindex, 0);
  97
  98        if (!(type & ICMPV6_INFOMSG_MASK))
  99                if (icmp6->icmp6_type == ICMPV6_ECHO_REQUEST)
 100                        ping_err(skb, offset, info);
 101}
 102
 103static int icmpv6_rcv(struct sk_buff *skb);
 104
 105static const struct inet6_protocol icmpv6_protocol = {
 106        .handler        =       icmpv6_rcv,
 107        .err_handler    =       icmpv6_err,
 108        .flags          =       INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
 109};
 110
 111static __inline__ struct sock *icmpv6_xmit_lock(struct net *net)
 112{
 113        struct sock *sk;
 114
 115        local_bh_disable();
 116
 117        sk = icmpv6_sk(net);
 118        if (unlikely(!spin_trylock(&sk->sk_lock.slock))) {
 119                /* This can happen if the output path (f.e. SIT or
 120                 * ip6ip6 tunnel) signals dst_link_failure() for an
 121                 * outgoing ICMP6 packet.
 122                 */
 123                local_bh_enable();
 124                return NULL;
 125        }
 126        return sk;
 127}
 128
 129static __inline__ void icmpv6_xmit_unlock(struct sock *sk)
 130{
 131        spin_unlock_bh(&sk->sk_lock.slock);
 132}
 133
 134/*
 135 * Figure out, may we reply to this packet with icmp error.
 136 *
 137 * We do not reply, if:
 138 *      - it was icmp error message.
 139 *      - it is truncated, so that it is known, that protocol is ICMPV6
 140 *        (i.e. in the middle of some exthdr)
 141 *
 142 *      --ANK (980726)
 143 */
 144
 145static bool is_ineligible(const struct sk_buff *skb)
 146{
 147        int ptr = (u8 *)(ipv6_hdr(skb) + 1) - skb->data;
 148        int len = skb->len - ptr;
 149        __u8 nexthdr = ipv6_hdr(skb)->nexthdr;
 150        __be16 frag_off;
 151
 152        if (len < 0)
 153                return true;
 154
 155        ptr = ipv6_skip_exthdr(skb, ptr, &nexthdr, &frag_off);
 156        if (ptr < 0)
 157                return false;
 158        if (nexthdr == IPPROTO_ICMPV6) {
 159                u8 _type, *tp;
 160                tp = skb_header_pointer(skb,
 161                        ptr+offsetof(struct icmp6hdr, icmp6_type),
 162                        sizeof(_type), &_type);
 163                if (!tp || !(*tp & ICMPV6_INFOMSG_MASK))
 164                        return true;
 165        }
 166        return false;
 167}
 168
 169/*
 170 * Check the ICMP output rate limit
 171 */
 172static bool icmpv6_xrlim_allow(struct sock *sk, u8 type,
 173                               struct flowi6 *fl6)
 174{
 175        struct net *net = sock_net(sk);
 176        struct dst_entry *dst;
 177        bool res = false;
 178
 179        /* Informational messages are not limited. */
 180        if (type & ICMPV6_INFOMSG_MASK)
 181                return true;
 182
 183        /* Do not limit pmtu discovery, it would break it. */
 184        if (type == ICMPV6_PKT_TOOBIG)
 185                return true;
 186
 187        /*
 188         * Look up the output route.
 189         * XXX: perhaps the expire for routing entries cloned by
 190         * this lookup should be more aggressive (not longer than timeout).
 191         */
 192        dst = ip6_route_output(net, sk, fl6);
 193        if (dst->error) {
 194                IP6_INC_STATS(net, ip6_dst_idev(dst),
 195                              IPSTATS_MIB_OUTNOROUTES);
 196        } else if (dst->dev && (dst->dev->flags&IFF_LOOPBACK)) {
 197                res = true;
 198        } else {
 199                struct rt6_info *rt = (struct rt6_info *)dst;
 200                int tmo = net->ipv6.sysctl.icmpv6_time;
 201
 202                /* Give more bandwidth to wider prefixes. */
 203                if (rt->rt6i_dst.plen < 128)
 204                        tmo >>= ((128 - rt->rt6i_dst.plen)>>5);
 205
 206                if (icmp_global_allow()) {
 207                        struct inet_peer *peer;
 208
 209                        peer = inet_getpeer_v6(net->ipv6.peers,
 210                                               &rt->rt6i_dst.addr, 1);
 211                        res = inet_peer_xrlim_allow(peer, tmo);
 212                        if (peer)
 213                                inet_putpeer(peer);
 214                }
 215        }
 216        dst_release(dst);
 217        return res;
 218}
 219
 220/*
 221 *      an inline helper for the "simple" if statement below
 222 *      checks if parameter problem report is caused by an
 223 *      unrecognized IPv6 option that has the Option Type
 224 *      highest-order two bits set to 10
 225 */
 226
 227static bool opt_unrec(struct sk_buff *skb, __u32 offset)
 228{
 229        u8 _optval, *op;
 230
 231        offset += skb_network_offset(skb);
 232        op = skb_header_pointer(skb, offset, sizeof(_optval), &_optval);
 233        if (!op)
 234                return true;
 235        return (*op & 0xC0) == 0x80;
 236}
 237
 238int icmpv6_push_pending_frames(struct sock *sk, struct flowi6 *fl6,
 239                               struct icmp6hdr *thdr, int len)
 240{
 241        struct sk_buff *skb;
 242        struct icmp6hdr *icmp6h;
 243        int err = 0;
 244
 245        skb = skb_peek(&sk->sk_write_queue);
 246        if (!skb)
 247                goto out;
 248
 249        icmp6h = icmp6_hdr(skb);
 250        memcpy(icmp6h, thdr, sizeof(struct icmp6hdr));
 251        icmp6h->icmp6_cksum = 0;
 252
 253        if (skb_queue_len(&sk->sk_write_queue) == 1) {
 254                skb->csum = csum_partial(icmp6h,
 255                                        sizeof(struct icmp6hdr), skb->csum);
 256                icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr,
 257                                                      &fl6->daddr,
 258                                                      len, fl6->flowi6_proto,
 259                                                      skb->csum);
 260        } else {
 261                __wsum tmp_csum = 0;
 262
 263                skb_queue_walk(&sk->sk_write_queue, skb) {
 264                        tmp_csum = csum_add(tmp_csum, skb->csum);
 265                }
 266
 267                tmp_csum = csum_partial(icmp6h,
 268                                        sizeof(struct icmp6hdr), tmp_csum);
 269                icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr,
 270                                                      &fl6->daddr,
 271                                                      len, fl6->flowi6_proto,
 272                                                      tmp_csum);
 273        }
 274        ip6_push_pending_frames(sk);
 275out:
 276        return err;
 277}
 278
 279struct icmpv6_msg {
 280        struct sk_buff  *skb;
 281        int             offset;
 282        uint8_t         type;
 283};
 284
 285static int icmpv6_getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb)
 286{
 287        struct icmpv6_msg *msg = (struct icmpv6_msg *) from;
 288        struct sk_buff *org_skb = msg->skb;
 289        __wsum csum = 0;
 290
 291        csum = skb_copy_and_csum_bits(org_skb, msg->offset + offset,
 292                                      to, len, csum);
 293        skb->csum = csum_block_add(skb->csum, csum, odd);
 294        if (!(msg->type & ICMPV6_INFOMSG_MASK))
 295                nf_ct_attach(skb, org_skb);
 296        return 0;
 297}
 298
 299#if IS_ENABLED(CONFIG_IPV6_MIP6)
 300static void mip6_addr_swap(struct sk_buff *skb)
 301{
 302        struct ipv6hdr *iph = ipv6_hdr(skb);
 303        struct inet6_skb_parm *opt = IP6CB(skb);
 304        struct ipv6_destopt_hao *hao;
 305        struct in6_addr tmp;
 306        int off;
 307
 308        if (opt->dsthao) {
 309                off = ipv6_find_tlv(skb, opt->dsthao, IPV6_TLV_HAO);
 310                if (likely(off >= 0)) {
 311                        hao = (struct ipv6_destopt_hao *)
 312                                        (skb_network_header(skb) + off);
 313                        tmp = iph->saddr;
 314                        iph->saddr = hao->addr;
 315                        hao->addr = tmp;
 316                }
 317        }
 318}
 319#else
 320static inline void mip6_addr_swap(struct sk_buff *skb) {}
 321#endif
 322
 323static struct dst_entry *icmpv6_route_lookup(struct net *net,
 324                                             struct sk_buff *skb,
 325                                             struct sock *sk,
 326                                             struct flowi6 *fl6)
 327{
 328        struct dst_entry *dst, *dst2;
 329        struct flowi6 fl2;
 330        int err;
 331
 332        err = ip6_dst_lookup(sk, &dst, fl6);
 333        if (err)
 334                return ERR_PTR(err);
 335
 336        /*
 337         * We won't send icmp if the destination is known
 338         * anycast.
 339         */
 340        if (((struct rt6_info *)dst)->rt6i_flags & RTF_ANYCAST) {
 341                net_dbg_ratelimited("icmp6_send: acast source\n");
 342                dst_release(dst);
 343                return ERR_PTR(-EINVAL);
 344        }
 345
 346        /* No need to clone since we're just using its address. */
 347        dst2 = dst;
 348
 349        dst = xfrm_lookup(net, dst, flowi6_to_flowi(fl6), sk, 0);
 350        if (!IS_ERR(dst)) {
 351                if (dst != dst2)
 352                        return dst;
 353        } else {
 354                if (PTR_ERR(dst) == -EPERM)
 355                        dst = NULL;
 356                else
 357                        return dst;
 358        }
 359
 360        err = xfrm_decode_session_reverse(skb, flowi6_to_flowi(&fl2), AF_INET6);
 361        if (err)
 362                goto relookup_failed;
 363
 364        err = ip6_dst_lookup(sk, &dst2, &fl2);
 365        if (err)
 366                goto relookup_failed;
 367
 368        dst2 = xfrm_lookup(net, dst2, flowi6_to_flowi(&fl2), sk, XFRM_LOOKUP_ICMP);
 369        if (!IS_ERR(dst2)) {
 370                dst_release(dst);
 371                dst = dst2;
 372        } else {
 373                err = PTR_ERR(dst2);
 374                if (err == -EPERM) {
 375                        dst_release(dst);
 376                        return dst2;
 377                } else
 378                        goto relookup_failed;
 379        }
 380
 381relookup_failed:
 382        if (dst)
 383                return dst;
 384        return ERR_PTR(err);
 385}
 386
 387/*
 388 *      Send an ICMP message in response to a packet in error
 389 */
 390static void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info)
 391{
 392        struct net *net = dev_net(skb->dev);
 393        struct inet6_dev *idev = NULL;
 394        struct ipv6hdr *hdr = ipv6_hdr(skb);
 395        struct sock *sk;
 396        struct ipv6_pinfo *np;
 397        const struct in6_addr *saddr = NULL;
 398        struct dst_entry *dst;
 399        struct icmp6hdr tmp_hdr;
 400        struct flowi6 fl6;
 401        struct icmpv6_msg msg;
 402        int iif = 0;
 403        int addr_type = 0;
 404        int len;
 405        int hlimit;
 406        int err = 0;
 407        u32 mark = IP6_REPLY_MARK(net, skb->mark);
 408
 409        if ((u8 *)hdr < skb->head ||
 410            (skb_network_header(skb) + sizeof(*hdr)) > skb_tail_pointer(skb))
 411                return;
 412
 413        /*
 414         *      Make sure we respect the rules
 415         *      i.e. RFC 1885 2.4(e)
 416         *      Rule (e.1) is enforced by not using icmp6_send
 417         *      in any code that processes icmp errors.
 418         */
 419        addr_type = ipv6_addr_type(&hdr->daddr);
 420
 421        if (ipv6_chk_addr(net, &hdr->daddr, skb->dev, 0) ||
 422            ipv6_chk_acast_addr_src(net, skb->dev, &hdr->daddr))
 423                saddr = &hdr->daddr;
 424
 425        /*
 426         *      Dest addr check
 427         */
 428
 429        if (addr_type & IPV6_ADDR_MULTICAST || skb->pkt_type != PACKET_HOST) {
 430                if (type != ICMPV6_PKT_TOOBIG &&
 431                    !(type == ICMPV6_PARAMPROB &&
 432                      code == ICMPV6_UNK_OPTION &&
 433                      (opt_unrec(skb, info))))
 434                        return;
 435
 436                saddr = NULL;
 437        }
 438
 439        addr_type = ipv6_addr_type(&hdr->saddr);
 440
 441        /*
 442         *      Source addr check
 443         */
 444
 445        if (__ipv6_addr_needs_scope_id(addr_type))
 446                iif = skb->dev->ifindex;
 447
 448        /*
 449         *      Must not send error if the source does not uniquely
 450         *      identify a single node (RFC2463 Section 2.4).
 451         *      We check unspecified / multicast addresses here,
 452         *      and anycast addresses will be checked later.
 453         */
 454        if ((addr_type == IPV6_ADDR_ANY) || (addr_type & IPV6_ADDR_MULTICAST)) {
 455                net_dbg_ratelimited("icmp6_send: addr_any/mcast source\n");
 456                return;
 457        }
 458
 459        /*
 460         *      Never answer to a ICMP packet.
 461         */
 462        if (is_ineligible(skb)) {
 463                net_dbg_ratelimited("icmp6_send: no reply to icmp error\n");
 464                return;
 465        }
 466
 467        mip6_addr_swap(skb);
 468
 469        memset(&fl6, 0, sizeof(fl6));
 470        fl6.flowi6_proto = IPPROTO_ICMPV6;
 471        fl6.daddr = hdr->saddr;
 472        if (saddr)
 473                fl6.saddr = *saddr;
 474        fl6.flowi6_mark = mark;
 475        fl6.flowi6_oif = iif;
 476        fl6.fl6_icmp_type = type;
 477        fl6.fl6_icmp_code = code;
 478        security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
 479
 480        sk = icmpv6_xmit_lock(net);
 481        if (!sk)
 482                return;
 483        sk->sk_mark = mark;
 484        np = inet6_sk(sk);
 485
 486        if (!icmpv6_xrlim_allow(sk, type, &fl6))
 487                goto out;
 488
 489        tmp_hdr.icmp6_type = type;
 490        tmp_hdr.icmp6_code = code;
 491        tmp_hdr.icmp6_cksum = 0;
 492        tmp_hdr.icmp6_pointer = htonl(info);
 493
 494        if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
 495                fl6.flowi6_oif = np->mcast_oif;
 496        else if (!fl6.flowi6_oif)
 497                fl6.flowi6_oif = np->ucast_oif;
 498
 499        dst = icmpv6_route_lookup(net, skb, sk, &fl6);
 500        if (IS_ERR(dst))
 501                goto out;
 502
 503        hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst);
 504
 505        msg.skb = skb;
 506        msg.offset = skb_network_offset(skb);
 507        msg.type = type;
 508
 509        len = skb->len - msg.offset;
 510        len = min_t(unsigned int, len, IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(struct icmp6hdr));
 511        if (len < 0) {
 512                net_dbg_ratelimited("icmp: len problem\n");
 513                goto out_dst_release;
 514        }
 515
 516        rcu_read_lock();
 517        idev = __in6_dev_get(skb->dev);
 518
 519        err = ip6_append_data(sk, icmpv6_getfrag, &msg,
 520                              len + sizeof(struct icmp6hdr),
 521                              sizeof(struct icmp6hdr), hlimit,
 522                              np->tclass, NULL, &fl6, (struct rt6_info *)dst,
 523                              MSG_DONTWAIT, np->dontfrag);
 524        if (err) {
 525                ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTERRORS);
 526                ip6_flush_pending_frames(sk);
 527        } else {
 528                err = icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr,
 529                                                 len + sizeof(struct icmp6hdr));
 530        }
 531        rcu_read_unlock();
 532out_dst_release:
 533        dst_release(dst);
 534out:
 535        icmpv6_xmit_unlock(sk);
 536}
 537
 538/* Slightly more convenient version of icmp6_send.
 539 */
 540void icmpv6_param_prob(struct sk_buff *skb, u8 code, int pos)
 541{
 542        icmp6_send(skb, ICMPV6_PARAMPROB, code, pos);
 543        kfree_skb(skb);
 544}
 545
 546static void icmpv6_echo_reply(struct sk_buff *skb)
 547{
 548        struct net *net = dev_net(skb->dev);
 549        struct sock *sk;
 550        struct inet6_dev *idev;
 551        struct ipv6_pinfo *np;
 552        const struct in6_addr *saddr = NULL;
 553        struct icmp6hdr *icmph = icmp6_hdr(skb);
 554        struct icmp6hdr tmp_hdr;
 555        struct flowi6 fl6;
 556        struct icmpv6_msg msg;
 557        struct dst_entry *dst;
 558        int err = 0;
 559        int hlimit;
 560        u8 tclass;
 561        u32 mark = IP6_REPLY_MARK(net, skb->mark);
 562
 563        saddr = &ipv6_hdr(skb)->daddr;
 564
 565        if (!ipv6_unicast_destination(skb) &&
 566            !(net->ipv6.sysctl.anycast_src_echo_reply &&
 567              ipv6_anycast_destination(skb)))
 568                saddr = NULL;
 569
 570        memcpy(&tmp_hdr, icmph, sizeof(tmp_hdr));
 571        tmp_hdr.icmp6_type = ICMPV6_ECHO_REPLY;
 572
 573        memset(&fl6, 0, sizeof(fl6));
 574        fl6.flowi6_proto = IPPROTO_ICMPV6;
 575        fl6.daddr = ipv6_hdr(skb)->saddr;
 576        if (saddr)
 577                fl6.saddr = *saddr;
 578        fl6.flowi6_oif = skb->dev->ifindex;
 579        fl6.fl6_icmp_type = ICMPV6_ECHO_REPLY;
 580        fl6.flowi6_mark = mark;
 581        security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
 582
 583        sk = icmpv6_xmit_lock(net);
 584        if (!sk)
 585                return;
 586        sk->sk_mark = mark;
 587        np = inet6_sk(sk);
 588
 589        if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
 590                fl6.flowi6_oif = np->mcast_oif;
 591        else if (!fl6.flowi6_oif)
 592                fl6.flowi6_oif = np->ucast_oif;
 593
 594        err = ip6_dst_lookup(sk, &dst, &fl6);
 595        if (err)
 596                goto out;
 597        dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), sk, 0);
 598        if (IS_ERR(dst))
 599                goto out;
 600
 601        hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst);
 602
 603        idev = __in6_dev_get(skb->dev);
 604
 605        msg.skb = skb;
 606        msg.offset = 0;
 607        msg.type = ICMPV6_ECHO_REPLY;
 608
 609        tclass = ipv6_get_dsfield(ipv6_hdr(skb));
 610        err = ip6_append_data(sk, icmpv6_getfrag, &msg, skb->len + sizeof(struct icmp6hdr),
 611                                sizeof(struct icmp6hdr), hlimit, tclass, NULL, &fl6,
 612                                (struct rt6_info *)dst, MSG_DONTWAIT,
 613                                np->dontfrag);
 614
 615        if (err) {
 616                ICMP6_INC_STATS_BH(net, idev, ICMP6_MIB_OUTERRORS);
 617                ip6_flush_pending_frames(sk);
 618        } else {
 619                err = icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr,
 620                                                 skb->len + sizeof(struct icmp6hdr));
 621        }
 622        dst_release(dst);
 623out:
 624        icmpv6_xmit_unlock(sk);
 625}
 626
 627void icmpv6_notify(struct sk_buff *skb, u8 type, u8 code, __be32 info)
 628{
 629        const struct inet6_protocol *ipprot;
 630        int inner_offset;
 631        __be16 frag_off;
 632        u8 nexthdr;
 633        struct net *net = dev_net(skb->dev);
 634
 635        if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
 636                goto out;
 637
 638        nexthdr = ((struct ipv6hdr *)skb->data)->nexthdr;
 639        if (ipv6_ext_hdr(nexthdr)) {
 640                /* now skip over extension headers */
 641                inner_offset = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr),
 642                                                &nexthdr, &frag_off);
 643                if (inner_offset < 0)
 644                        goto out;
 645        } else {
 646                inner_offset = sizeof(struct ipv6hdr);
 647        }
 648
 649        /* Checkin header including 8 bytes of inner protocol header. */
 650        if (!pskb_may_pull(skb, inner_offset+8))
 651                goto out;
 652
 653        /* BUGGG_FUTURE: we should try to parse exthdrs in this packet.
 654           Without this we will not able f.e. to make source routed
 655           pmtu discovery.
 656           Corresponding argument (opt) to notifiers is already added.
 657           --ANK (980726)
 658         */
 659
 660        ipprot = rcu_dereference(inet6_protos[nexthdr]);
 661        if (ipprot && ipprot->err_handler)
 662                ipprot->err_handler(skb, NULL, type, code, inner_offset, info);
 663
 664        raw6_icmp_error(skb, nexthdr, type, code, inner_offset, info);
 665        return;
 666
 667out:
 668        ICMP6_INC_STATS_BH(net, __in6_dev_get(skb->dev), ICMP6_MIB_INERRORS);
 669}
 670
 671/*
 672 *      Handle icmp messages
 673 */
 674
 675static int icmpv6_rcv(struct sk_buff *skb)
 676{
 677        struct net_device *dev = skb->dev;
 678        struct inet6_dev *idev = __in6_dev_get(dev);
 679        const struct in6_addr *saddr, *daddr;
 680        struct icmp6hdr *hdr;
 681        u8 type;
 682        bool success = false;
 683
 684        if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
 685                struct sec_path *sp = skb_sec_path(skb);
 686                int nh;
 687
 688                if (!(sp && sp->xvec[sp->len - 1]->props.flags &
 689                                 XFRM_STATE_ICMP))
 690                        goto drop_no_count;
 691
 692                if (!pskb_may_pull(skb, sizeof(*hdr) + sizeof(struct ipv6hdr)))
 693                        goto drop_no_count;
 694
 695                nh = skb_network_offset(skb);
 696                skb_set_network_header(skb, sizeof(*hdr));
 697
 698                if (!xfrm6_policy_check_reverse(NULL, XFRM_POLICY_IN, skb))
 699                        goto drop_no_count;
 700
 701                skb_set_network_header(skb, nh);
 702        }
 703
 704        ICMP6_INC_STATS_BH(dev_net(dev), idev, ICMP6_MIB_INMSGS);
 705
 706        saddr = &ipv6_hdr(skb)->saddr;
 707        daddr = &ipv6_hdr(skb)->daddr;
 708
 709        if (skb_checksum_validate(skb, IPPROTO_ICMPV6, ip6_compute_pseudo)) {
 710                net_dbg_ratelimited("ICMPv6 checksum failed [%pI6c > %pI6c]\n",
 711                                    saddr, daddr);
 712                goto csum_error;
 713        }
 714
 715        if (!pskb_pull(skb, sizeof(*hdr)))
 716                goto discard_it;
 717
 718        hdr = icmp6_hdr(skb);
 719
 720        type = hdr->icmp6_type;
 721
 722        ICMP6MSGIN_INC_STATS_BH(dev_net(dev), idev, type);
 723
 724        switch (type) {
 725        case ICMPV6_ECHO_REQUEST:
 726                icmpv6_echo_reply(skb);
 727                break;
 728
 729        case ICMPV6_ECHO_REPLY:
 730                success = ping_rcv(skb);
 731                break;
 732
 733        case ICMPV6_PKT_TOOBIG:
 734                /* BUGGG_FUTURE: if packet contains rthdr, we cannot update
 735                   standard destination cache. Seems, only "advanced"
 736                   destination cache will allow to solve this problem
 737                   --ANK (980726)
 738                 */
 739                if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
 740                        goto discard_it;
 741                hdr = icmp6_hdr(skb);
 742
 743                /*
 744                 *      Drop through to notify
 745                 */
 746
 747        case ICMPV6_DEST_UNREACH:
 748        case ICMPV6_TIME_EXCEED:
 749        case ICMPV6_PARAMPROB:
 750                icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu);
 751                break;
 752
 753        case NDISC_ROUTER_SOLICITATION:
 754        case NDISC_ROUTER_ADVERTISEMENT:
 755        case NDISC_NEIGHBOUR_SOLICITATION:
 756        case NDISC_NEIGHBOUR_ADVERTISEMENT:
 757        case NDISC_REDIRECT:
 758                ndisc_rcv(skb);
 759                break;
 760
 761        case ICMPV6_MGM_QUERY:
 762                igmp6_event_query(skb);
 763                break;
 764
 765        case ICMPV6_MGM_REPORT:
 766                igmp6_event_report(skb);
 767                break;
 768
 769        case ICMPV6_MGM_REDUCTION:
 770        case ICMPV6_NI_QUERY:
 771        case ICMPV6_NI_REPLY:
 772        case ICMPV6_MLD2_REPORT:
 773        case ICMPV6_DHAAD_REQUEST:
 774        case ICMPV6_DHAAD_REPLY:
 775        case ICMPV6_MOBILE_PREFIX_SOL:
 776        case ICMPV6_MOBILE_PREFIX_ADV:
 777                break;
 778
 779        default:
 780                /* informational */
 781                if (type & ICMPV6_INFOMSG_MASK)
 782                        break;
 783
 784                net_dbg_ratelimited("icmpv6: msg of unknown type\n");
 785
 786                /*
 787                 * error of unknown type.
 788                 * must pass to upper level
 789                 */
 790
 791                icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu);
 792        }
 793
 794        /* until the v6 path can be better sorted assume failure and
 795         * preserve the status quo behaviour for the rest of the paths to here
 796         */
 797        if (success)
 798                consume_skb(skb);
 799        else
 800                kfree_skb(skb);
 801
 802        return 0;
 803
 804csum_error:
 805        ICMP6_INC_STATS_BH(dev_net(dev), idev, ICMP6_MIB_CSUMERRORS);
 806discard_it:
 807        ICMP6_INC_STATS_BH(dev_net(dev), idev, ICMP6_MIB_INERRORS);
 808drop_no_count:
 809        kfree_skb(skb);
 810        return 0;
 811}
 812
 813void icmpv6_flow_init(struct sock *sk, struct flowi6 *fl6,
 814                      u8 type,
 815                      const struct in6_addr *saddr,
 816                      const struct in6_addr *daddr,
 817                      int oif)
 818{
 819        memset(fl6, 0, sizeof(*fl6));
 820        fl6->saddr = *saddr;
 821        fl6->daddr = *daddr;
 822        fl6->flowi6_proto       = IPPROTO_ICMPV6;
 823        fl6->fl6_icmp_type      = type;
 824        fl6->fl6_icmp_code      = 0;
 825        fl6->flowi6_oif         = oif;
 826        security_sk_classify_flow(sk, flowi6_to_flowi(fl6));
 827}
 828
 829/*
 830 * Special lock-class for __icmpv6_sk:
 831 */
 832static struct lock_class_key icmpv6_socket_sk_dst_lock_key;
 833
 834static int __net_init icmpv6_sk_init(struct net *net)
 835{
 836        struct sock *sk;
 837        int err, i, j;
 838
 839        net->ipv6.icmp_sk =
 840                kzalloc(nr_cpu_ids * sizeof(struct sock *), GFP_KERNEL);
 841        if (!net->ipv6.icmp_sk)
 842                return -ENOMEM;
 843
 844        for_each_possible_cpu(i) {
 845                err = inet_ctl_sock_create(&sk, PF_INET6,
 846                                           SOCK_RAW, IPPROTO_ICMPV6, net);
 847                if (err < 0) {
 848                        pr_err("Failed to initialize the ICMP6 control socket (err %d)\n",
 849                               err);
 850                        goto fail;
 851                }
 852
 853                net->ipv6.icmp_sk[i] = sk;
 854
 855                /*
 856                 * Split off their lock-class, because sk->sk_dst_lock
 857                 * gets used from softirqs, which is safe for
 858                 * __icmpv6_sk (because those never get directly used
 859                 * via userspace syscalls), but unsafe for normal sockets.
 860                 */
 861                lockdep_set_class(&sk->sk_dst_lock,
 862                                  &icmpv6_socket_sk_dst_lock_key);
 863
 864                /* Enough space for 2 64K ICMP packets, including
 865                 * sk_buff struct overhead.
 866                 */
 867                sk->sk_sndbuf = 2 * SKB_TRUESIZE(64 * 1024);
 868        }
 869        return 0;
 870
 871 fail:
 872        for (j = 0; j < i; j++)
 873                inet_ctl_sock_destroy(net->ipv6.icmp_sk[j]);
 874        kfree(net->ipv6.icmp_sk);
 875        return err;
 876}
 877
 878static void __net_exit icmpv6_sk_exit(struct net *net)
 879{
 880        int i;
 881
 882        for_each_possible_cpu(i) {
 883                inet_ctl_sock_destroy(net->ipv6.icmp_sk[i]);
 884        }
 885        kfree(net->ipv6.icmp_sk);
 886}
 887
 888static struct pernet_operations icmpv6_sk_ops = {
 889        .init = icmpv6_sk_init,
 890        .exit = icmpv6_sk_exit,
 891};
 892
 893int __init icmpv6_init(void)
 894{
 895        int err;
 896
 897        err = register_pernet_subsys(&icmpv6_sk_ops);
 898        if (err < 0)
 899                return err;
 900
 901        err = -EAGAIN;
 902        if (inet6_add_protocol(&icmpv6_protocol, IPPROTO_ICMPV6) < 0)
 903                goto fail;
 904
 905        err = inet6_register_icmp_sender(icmp6_send);
 906        if (err)
 907                goto sender_reg_err;
 908        return 0;
 909
 910sender_reg_err:
 911        inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6);
 912fail:
 913        pr_err("Failed to register ICMP6 protocol\n");
 914        unregister_pernet_subsys(&icmpv6_sk_ops);
 915        return err;
 916}
 917
 918void icmpv6_cleanup(void)
 919{
 920        inet6_unregister_icmp_sender(icmp6_send);
 921        unregister_pernet_subsys(&icmpv6_sk_ops);
 922        inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6);
 923}
 924
 925
 926static const struct icmp6_err {
 927        int err;
 928        int fatal;
 929} tab_unreach[] = {
 930        {       /* NOROUTE */
 931                .err    = ENETUNREACH,
 932                .fatal  = 0,
 933        },
 934        {       /* ADM_PROHIBITED */
 935                .err    = EACCES,
 936                .fatal  = 1,
 937        },
 938        {       /* Was NOT_NEIGHBOUR, now reserved */
 939                .err    = EHOSTUNREACH,
 940                .fatal  = 0,
 941        },
 942        {       /* ADDR_UNREACH */
 943                .err    = EHOSTUNREACH,
 944                .fatal  = 0,
 945        },
 946        {       /* PORT_UNREACH */
 947                .err    = ECONNREFUSED,
 948                .fatal  = 1,
 949        },
 950        {       /* POLICY_FAIL */
 951                .err    = EACCES,
 952                .fatal  = 1,
 953        },
 954        {       /* REJECT_ROUTE */
 955                .err    = EACCES,
 956                .fatal  = 1,
 957        },
 958};
 959
 960int icmpv6_err_convert(u8 type, u8 code, int *err)
 961{
 962        int fatal = 0;
 963
 964        *err = EPROTO;
 965
 966        switch (type) {
 967        case ICMPV6_DEST_UNREACH:
 968                fatal = 1;
 969                if (code < ARRAY_SIZE(tab_unreach)) {
 970                        *err  = tab_unreach[code].err;
 971                        fatal = tab_unreach[code].fatal;
 972                }
 973                break;
 974
 975        case ICMPV6_PKT_TOOBIG:
 976                *err = EMSGSIZE;
 977                break;
 978
 979        case ICMPV6_PARAMPROB:
 980                *err = EPROTO;
 981                fatal = 1;
 982                break;
 983
 984        case ICMPV6_TIME_EXCEED:
 985                *err = EHOSTUNREACH;
 986                break;
 987        }
 988
 989        return fatal;
 990}
 991EXPORT_SYMBOL(icmpv6_err_convert);
 992
 993#ifdef CONFIG_SYSCTL
 994static struct ctl_table ipv6_icmp_table_template[] = {
 995        {
 996                .procname       = "ratelimit",
 997                .data           = &init_net.ipv6.sysctl.icmpv6_time,
 998                .maxlen         = sizeof(int),
 999                .mode           = 0644,
1000                .proc_handler   = proc_dointvec_ms_jiffies,

1001        },
1002        { },
1003};
1004
1005struct ctl_table * __net_init ipv6_icmp_sysctl_init(struct net *net)
1006{
1007        struct ctl_table *table;
1008
1009        table = kmemdup(ipv6_icmp_table_template,
1010                        sizeof(ipv6_icmp_table_template),
1011                        GFP_KERNEL);
1012
1013        if (table)
1014                table[0].data = &net->ipv6.sysctl.icmpv6_time;
1015
1016        return table;
1017}
1018#endif
1019