1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * Internet Control Message Protocol (ICMPv6)
4 * Linux INET6 implementation
7 * Pedro Roque <roque@di.fc.ul.pt>
9 * Based on net/ipv4/icmp.c
17 * Andi Kleen : exception handling
18 * Andi Kleen add rate limits. never reply to a icmp.
19 * add more length checks and other fixes.
20 * yoshfuji : ensure to sent parameter problem for
22 * YOSHIFUJI Hideaki @USAGI: added sysctl for icmp rate limit.
24 * YOSHIFUJI Hideaki @USAGI: Per-interface statistics support
25 * Kazunori MIYAZAWA @USAGI: change output process to use ip6_append_data
28 #define pr_fmt(fmt) "IPv6: " fmt
30 #include <linux/module.h>
31 #include <linux/errno.h>
32 #include <linux/types.h>
33 #include <linux/socket.h>
35 #include <linux/kernel.h>
36 #include <linux/sockios.h>
37 #include <linux/net.h>
38 #include <linux/skbuff.h>
39 #include <linux/init.h>
40 #include <linux/netfilter.h>
41 #include <linux/slab.h>
44 #include <linux/sysctl.h>
47 #include <linux/inet.h>
48 #include <linux/netdevice.h>
49 #include <linux/icmpv6.h>
55 #include <net/ip6_checksum.h>
57 #include <net/protocol.h>
59 #include <net/rawv6.h>
60 #include <net/transp_v6.h>
61 #include <net/ip6_route.h>
62 #include <net/addrconf.h>
65 #include <net/inet_common.h>
66 #include <net/dsfield.h>
67 #include <net/l3mdev.h>
69 #include <linux/uaccess.h>
72 * The ICMP socket(s). This is the most convenient way to flow control
73 * our ICMP output as well as maintain a clean interface throughout
74 * all layers. All Socketless IP sends will soon be gone.
76 * On SMP we have one ICMP socket per-cpu.
78 static inline struct sock *icmpv6_sk(struct net *net)
80 return *this_cpu_ptr(net->ipv6.icmp_sk);
83 static int icmpv6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
84 u8 type, u8 code, int offset, __be32 info)
86 /* icmpv6_notify checks 8 bytes can be pulled, icmp6hdr is 8 bytes */
87 struct icmp6hdr *icmp6 = (struct icmp6hdr *) (skb->data + offset);
88 struct net *net = dev_net(skb->dev);
90 if (type == ICMPV6_PKT_TOOBIG)
91 ip6_update_pmtu(skb, net, info, skb->dev->ifindex, 0, sock_net_uid(net, NULL));
92 else if (type == NDISC_REDIRECT)
93 ip6_redirect(skb, net, skb->dev->ifindex, 0,
94 sock_net_uid(net, NULL));
96 if (!(type & ICMPV6_INFOMSG_MASK))
97 if (icmp6->icmp6_type == ICMPV6_ECHO_REQUEST)
98 ping_err(skb, offset, ntohl(info));
103 static int icmpv6_rcv(struct sk_buff *skb);
105 static const struct inet6_protocol icmpv6_protocol = {
106 .handler = icmpv6_rcv,
107 .err_handler = icmpv6_err,
108 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
111 /* Called with BH disabled */
112 static __inline__ struct sock *icmpv6_xmit_lock(struct net *net)
117 if (unlikely(!spin_trylock(&sk->sk_lock.slock))) {
118 /* This can happen if the output path (f.e. SIT or
119 * ip6ip6 tunnel) signals dst_link_failure() for an
120 * outgoing ICMP6 packet.
127 static __inline__ void icmpv6_xmit_unlock(struct sock *sk)
129 spin_unlock(&sk->sk_lock.slock);
133 * Figure out, may we reply to this packet with icmp error.
135 * We do not reply, if:
136 * - it was icmp error message.
137 * - it is truncated, so that it is known, that protocol is ICMPV6
138 * (i.e. in the middle of some exthdr)
143 static bool is_ineligible(const struct sk_buff *skb)
145 int ptr = (u8 *)(ipv6_hdr(skb) + 1) - skb->data;
146 int len = skb->len - ptr;
147 __u8 nexthdr = ipv6_hdr(skb)->nexthdr;
153 ptr = ipv6_skip_exthdr(skb, ptr, &nexthdr, &frag_off);
156 if (nexthdr == IPPROTO_ICMPV6) {
158 tp = skb_header_pointer(skb,
159 ptr+offsetof(struct icmp6hdr, icmp6_type),
160 sizeof(_type), &_type);
161 if (!tp || !(*tp & ICMPV6_INFOMSG_MASK))
167 static bool icmpv6_mask_allow(struct net *net, int type)
169 if (type > ICMPV6_MSG_MAX)
172 /* Limit if icmp type is set in ratemask. */
173 if (!test_bit(type, net->ipv6.sysctl.icmpv6_ratemask))
179 static bool icmpv6_global_allow(struct net *net, int type)
181 if (icmpv6_mask_allow(net, type))
184 if (icmp_global_allow())
191 * Check the ICMP output rate limit
193 static bool icmpv6_xrlim_allow(struct sock *sk, u8 type,
196 struct net *net = sock_net(sk);
197 struct dst_entry *dst;
200 if (icmpv6_mask_allow(net, type))
204 * Look up the output route.
205 * XXX: perhaps the expire for routing entries cloned by
206 * this lookup should be more aggressive (not longer than timeout).
208 dst = ip6_route_output(net, sk, fl6);
210 IP6_INC_STATS(net, ip6_dst_idev(dst),
211 IPSTATS_MIB_OUTNOROUTES);
212 } else if (dst->dev && (dst->dev->flags&IFF_LOOPBACK)) {
215 struct rt6_info *rt = (struct rt6_info *)dst;
216 int tmo = net->ipv6.sysctl.icmpv6_time;
217 struct inet_peer *peer;
219 /* Give more bandwidth to wider prefixes. */
220 if (rt->rt6i_dst.plen < 128)
221 tmo >>= ((128 - rt->rt6i_dst.plen)>>5);
223 peer = inet_getpeer_v6(net->ipv6.peers, &fl6->daddr, 1);
224 res = inet_peer_xrlim_allow(peer, tmo);
233 * an inline helper for the "simple" if statement below
234 * checks if parameter problem report is caused by an
235 * unrecognized IPv6 option that has the Option Type
236 * highest-order two bits set to 10
239 static bool opt_unrec(struct sk_buff *skb, __u32 offset)
243 offset += skb_network_offset(skb);
244 op = skb_header_pointer(skb, offset, sizeof(_optval), &_optval);
247 return (*op & 0xC0) == 0x80;
250 void icmpv6_push_pending_frames(struct sock *sk, struct flowi6 *fl6,
251 struct icmp6hdr *thdr, int len)
254 struct icmp6hdr *icmp6h;
256 skb = skb_peek(&sk->sk_write_queue);
260 icmp6h = icmp6_hdr(skb);
261 memcpy(icmp6h, thdr, sizeof(struct icmp6hdr));
262 icmp6h->icmp6_cksum = 0;
264 if (skb_queue_len(&sk->sk_write_queue) == 1) {
265 skb->csum = csum_partial(icmp6h,
266 sizeof(struct icmp6hdr), skb->csum);
267 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr,
269 len, fl6->flowi6_proto,
274 skb_queue_walk(&sk->sk_write_queue, skb) {
275 tmp_csum = csum_add(tmp_csum, skb->csum);
278 tmp_csum = csum_partial(icmp6h,
279 sizeof(struct icmp6hdr), tmp_csum);
280 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr,
282 len, fl6->flowi6_proto,
285 ip6_push_pending_frames(sk);
294 static int icmpv6_getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb)
296 struct icmpv6_msg *msg = (struct icmpv6_msg *) from;
297 struct sk_buff *org_skb = msg->skb;
300 csum = skb_copy_and_csum_bits(org_skb, msg->offset + offset,
302 skb->csum = csum_block_add(skb->csum, csum, odd);
303 if (!(msg->type & ICMPV6_INFOMSG_MASK))
304 nf_ct_attach(skb, org_skb);
308 #if IS_ENABLED(CONFIG_IPV6_MIP6)
309 static void mip6_addr_swap(struct sk_buff *skb)
311 struct ipv6hdr *iph = ipv6_hdr(skb);
312 struct inet6_skb_parm *opt = IP6CB(skb);
313 struct ipv6_destopt_hao *hao;
318 off = ipv6_find_tlv(skb, opt->dsthao, IPV6_TLV_HAO);
319 if (likely(off >= 0)) {
320 hao = (struct ipv6_destopt_hao *)
321 (skb_network_header(skb) + off);
323 iph->saddr = hao->addr;
329 static inline void mip6_addr_swap(struct sk_buff *skb) {}
332 static struct dst_entry *icmpv6_route_lookup(struct net *net,
337 struct dst_entry *dst, *dst2;
341 err = ip6_dst_lookup(net, sk, &dst, fl6);
346 * We won't send icmp if the destination is known
349 if (ipv6_anycast_destination(dst, &fl6->daddr)) {
350 net_dbg_ratelimited("icmp6_send: acast source\n");
352 return ERR_PTR(-EINVAL);
355 /* No need to clone since we're just using its address. */
358 dst = xfrm_lookup(net, dst, flowi6_to_flowi(fl6), sk, 0);
363 if (PTR_ERR(dst) == -EPERM)
369 err = xfrm_decode_session_reverse(skb, flowi6_to_flowi(&fl2), AF_INET6);
371 goto relookup_failed;
373 err = ip6_dst_lookup(net, sk, &dst2, &fl2);
375 goto relookup_failed;
377 dst2 = xfrm_lookup(net, dst2, flowi6_to_flowi(&fl2), sk, XFRM_LOOKUP_ICMP);
387 goto relookup_failed;
396 static int icmp6_iif(const struct sk_buff *skb)
398 int iif = skb->dev->ifindex;
400 /* for local traffic to local address, skb dev is the loopback
401 * device. Check if there is a dst attached to the skb and if so
402 * get the real device index. Same is needed for replies to a link
403 * local address on a device enslaved to an L3 master device
405 if (unlikely(iif == LOOPBACK_IFINDEX || netif_is_l3_master(skb->dev))) {
406 const struct rt6_info *rt6 = skb_rt6_info(skb);
409 iif = rt6->rt6i_idev->dev->ifindex;
416 * Send an ICMP message in response to a packet in error
418 static void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info,
419 const struct in6_addr *force_saddr)
421 struct inet6_dev *idev = NULL;
422 struct ipv6hdr *hdr = ipv6_hdr(skb);
425 struct ipv6_pinfo *np;
426 const struct in6_addr *saddr = NULL;
427 struct dst_entry *dst;
428 struct icmp6hdr tmp_hdr;
430 struct icmpv6_msg msg;
431 struct ipcm6_cookie ipc6;
437 if ((u8 *)hdr < skb->head ||
438 (skb_network_header(skb) + sizeof(*hdr)) > skb_tail_pointer(skb))
443 net = dev_net(skb->dev);
444 mark = IP6_REPLY_MARK(net, skb->mark);
446 * Make sure we respect the rules
447 * i.e. RFC 1885 2.4(e)
448 * Rule (e.1) is enforced by not using icmp6_send
449 * in any code that processes icmp errors.
451 addr_type = ipv6_addr_type(&hdr->daddr);
453 if (ipv6_chk_addr(net, &hdr->daddr, skb->dev, 0) ||
454 ipv6_chk_acast_addr_src(net, skb->dev, &hdr->daddr))
461 if (addr_type & IPV6_ADDR_MULTICAST || skb->pkt_type != PACKET_HOST) {
462 if (type != ICMPV6_PKT_TOOBIG &&
463 !(type == ICMPV6_PARAMPROB &&
464 code == ICMPV6_UNK_OPTION &&
465 (opt_unrec(skb, info))))
471 addr_type = ipv6_addr_type(&hdr->saddr);
477 if (__ipv6_addr_needs_scope_id(addr_type)) {
478 iif = icmp6_iif(skb);
481 iif = l3mdev_master_ifindex(dst ? dst->dev : skb->dev);
485 * Must not send error if the source does not uniquely
486 * identify a single node (RFC2463 Section 2.4).
487 * We check unspecified / multicast addresses here,
488 * and anycast addresses will be checked later.
490 if ((addr_type == IPV6_ADDR_ANY) || (addr_type & IPV6_ADDR_MULTICAST)) {
491 net_dbg_ratelimited("icmp6_send: addr_any/mcast source [%pI6c > %pI6c]\n",
492 &hdr->saddr, &hdr->daddr);
497 * Never answer to a ICMP packet.
499 if (is_ineligible(skb)) {
500 net_dbg_ratelimited("icmp6_send: no reply to icmp error [%pI6c > %pI6c]\n",
501 &hdr->saddr, &hdr->daddr);
505 /* Needed by both icmp_global_allow and icmpv6_xmit_lock */
508 /* Check global sysctl_icmp_msgs_per_sec ratelimit */
509 if (!(skb->dev->flags & IFF_LOOPBACK) && !icmpv6_global_allow(net, type))
514 memset(&fl6, 0, sizeof(fl6));
515 fl6.flowi6_proto = IPPROTO_ICMPV6;
516 fl6.daddr = hdr->saddr;
521 fl6.flowi6_mark = mark;
522 fl6.flowi6_oif = iif;
523 fl6.fl6_icmp_type = type;
524 fl6.fl6_icmp_code = code;
525 fl6.flowi6_uid = sock_net_uid(net, NULL);
526 fl6.mp_hash = rt6_multipath_hash(net, &fl6, skb, NULL);
527 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
529 sk = icmpv6_xmit_lock(net);
536 if (!icmpv6_xrlim_allow(sk, type, &fl6))
539 tmp_hdr.icmp6_type = type;
540 tmp_hdr.icmp6_code = code;
541 tmp_hdr.icmp6_cksum = 0;
542 tmp_hdr.icmp6_pointer = htonl(info);
544 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
545 fl6.flowi6_oif = np->mcast_oif;
546 else if (!fl6.flowi6_oif)
547 fl6.flowi6_oif = np->ucast_oif;
549 ipcm6_init_sk(&ipc6, np);
550 fl6.flowlabel = ip6_make_flowinfo(ipc6.tclass, fl6.flowlabel);
552 dst = icmpv6_route_lookup(net, skb, sk, &fl6);
556 ipc6.hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst);
559 msg.offset = skb_network_offset(skb);
562 len = skb->len - msg.offset;
563 len = min_t(unsigned int, len, IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(struct icmp6hdr));
565 net_dbg_ratelimited("icmp: len problem [%pI6c > %pI6c]\n",
566 &hdr->saddr, &hdr->daddr);
567 goto out_dst_release;
571 idev = __in6_dev_get(skb->dev);
573 if (ip6_append_data(sk, icmpv6_getfrag, &msg,
574 len + sizeof(struct icmp6hdr),
575 sizeof(struct icmp6hdr),
576 &ipc6, &fl6, (struct rt6_info *)dst,
578 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTERRORS);
579 ip6_flush_pending_frames(sk);
581 icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr,
582 len + sizeof(struct icmp6hdr));
588 icmpv6_xmit_unlock(sk);
593 /* Slightly more convenient version of icmp6_send.
595 void icmpv6_param_prob(struct sk_buff *skb, u8 code, int pos)
597 icmp6_send(skb, ICMPV6_PARAMPROB, code, pos, NULL);
601 /* Generate icmpv6 with type/code ICMPV6_DEST_UNREACH/ICMPV6_ADDR_UNREACH
602 * if sufficient data bytes are available
603 * @nhs is the size of the tunnel header(s) :
604 * Either an IPv4 header for SIT encap
605 * an IPv4 header + GRE header for GRE encap
607 int ip6_err_gen_icmpv6_unreach(struct sk_buff *skb, int nhs, int type,
608 unsigned int data_len)
610 struct in6_addr temp_saddr;
612 struct sk_buff *skb2;
615 if (!pskb_may_pull(skb, nhs + sizeof(struct ipv6hdr) + 8))
618 /* RFC 4884 (partial) support for ICMP extensions */
619 if (data_len < 128 || (data_len & 7) || skb->len < data_len)
622 skb2 = data_len ? skb_copy(skb, GFP_ATOMIC) : skb_clone(skb, GFP_ATOMIC);
629 skb_reset_network_header(skb2);
631 rt = rt6_lookup(dev_net(skb->dev), &ipv6_hdr(skb2)->saddr, NULL, 0,
634 if (rt && rt->dst.dev)
635 skb2->dev = rt->dst.dev;
637 ipv6_addr_set_v4mapped(ip_hdr(skb)->saddr, &temp_saddr);
640 /* RFC 4884 (partial) support :
641 * insert 0 padding at the end, before the extensions
643 __skb_push(skb2, nhs);
644 skb_reset_network_header(skb2);
645 memmove(skb2->data, skb2->data + nhs, data_len - nhs);
646 memset(skb2->data + data_len - nhs, 0, nhs);
647 /* RFC 4884 4.5 : Length is measured in 64-bit words,
648 * and stored in reserved[0]
650 info = (data_len/8) << 24;
652 if (type == ICMP_TIME_EXCEEDED)
653 icmp6_send(skb2, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT,
656 icmp6_send(skb2, ICMPV6_DEST_UNREACH, ICMPV6_ADDR_UNREACH,
665 EXPORT_SYMBOL(ip6_err_gen_icmpv6_unreach);
667 static void icmpv6_echo_reply(struct sk_buff *skb)
669 struct net *net = dev_net(skb->dev);
671 struct inet6_dev *idev;
672 struct ipv6_pinfo *np;
673 const struct in6_addr *saddr = NULL;
674 struct icmp6hdr *icmph = icmp6_hdr(skb);
675 struct icmp6hdr tmp_hdr;
677 struct icmpv6_msg msg;
678 struct dst_entry *dst;
679 struct ipcm6_cookie ipc6;
680 u32 mark = IP6_REPLY_MARK(net, skb->mark);
683 if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr) &&
684 net->ipv6.sysctl.icmpv6_echo_ignore_multicast)
687 saddr = &ipv6_hdr(skb)->daddr;
689 acast = ipv6_anycast_destination(skb_dst(skb), saddr);
690 if (acast && net->ipv6.sysctl.icmpv6_echo_ignore_anycast)
693 if (!ipv6_unicast_destination(skb) &&
694 !(net->ipv6.sysctl.anycast_src_echo_reply && acast))
697 memcpy(&tmp_hdr, icmph, sizeof(tmp_hdr));
698 tmp_hdr.icmp6_type = ICMPV6_ECHO_REPLY;
700 memset(&fl6, 0, sizeof(fl6));
701 fl6.flowi6_proto = IPPROTO_ICMPV6;
702 fl6.daddr = ipv6_hdr(skb)->saddr;
705 fl6.flowi6_oif = icmp6_iif(skb);
706 fl6.fl6_icmp_type = ICMPV6_ECHO_REPLY;
707 fl6.flowi6_mark = mark;
708 fl6.flowi6_uid = sock_net_uid(net, NULL);
709 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
712 sk = icmpv6_xmit_lock(net);
718 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
719 fl6.flowi6_oif = np->mcast_oif;
720 else if (!fl6.flowi6_oif)
721 fl6.flowi6_oif = np->ucast_oif;
723 if (ip6_dst_lookup(net, sk, &dst, &fl6))
725 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), sk, 0);
729 /* Check the ratelimit */
730 if ((!(skb->dev->flags & IFF_LOOPBACK) && !icmpv6_global_allow(net, ICMPV6_ECHO_REPLY)) ||
731 !icmpv6_xrlim_allow(sk, ICMPV6_ECHO_REPLY, &fl6))
732 goto out_dst_release;
734 idev = __in6_dev_get(skb->dev);
738 msg.type = ICMPV6_ECHO_REPLY;
740 ipcm6_init_sk(&ipc6, np);
741 ipc6.hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst);
742 ipc6.tclass = ipv6_get_dsfield(ipv6_hdr(skb));
744 if (ip6_append_data(sk, icmpv6_getfrag, &msg,
745 skb->len + sizeof(struct icmp6hdr),
746 sizeof(struct icmp6hdr), &ipc6, &fl6,
747 (struct rt6_info *)dst, MSG_DONTWAIT)) {
748 __ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTERRORS);
749 ip6_flush_pending_frames(sk);
751 icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr,
752 skb->len + sizeof(struct icmp6hdr));
757 icmpv6_xmit_unlock(sk);
762 void icmpv6_notify(struct sk_buff *skb, u8 type, u8 code, __be32 info)
764 const struct inet6_protocol *ipprot;
768 struct net *net = dev_net(skb->dev);
770 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
773 nexthdr = ((struct ipv6hdr *)skb->data)->nexthdr;
774 if (ipv6_ext_hdr(nexthdr)) {
775 /* now skip over extension headers */
776 inner_offset = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr),
777 &nexthdr, &frag_off);
778 if (inner_offset < 0)
781 inner_offset = sizeof(struct ipv6hdr);
784 /* Checkin header including 8 bytes of inner protocol header. */
785 if (!pskb_may_pull(skb, inner_offset+8))
788 /* BUGGG_FUTURE: we should try to parse exthdrs in this packet.
789 Without this we will not able f.e. to make source routed
791 Corresponding argument (opt) to notifiers is already added.
795 ipprot = rcu_dereference(inet6_protos[nexthdr]);
796 if (ipprot && ipprot->err_handler)
797 ipprot->err_handler(skb, NULL, type, code, inner_offset, info);
799 raw6_icmp_error(skb, nexthdr, type, code, inner_offset, info);
803 __ICMP6_INC_STATS(net, __in6_dev_get(skb->dev), ICMP6_MIB_INERRORS);
807 * Handle icmp messages
810 static int icmpv6_rcv(struct sk_buff *skb)
812 struct net *net = dev_net(skb->dev);
813 struct net_device *dev = skb->dev;
814 struct inet6_dev *idev = __in6_dev_get(dev);
815 const struct in6_addr *saddr, *daddr;
816 struct icmp6hdr *hdr;
818 bool success = false;
820 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
821 struct sec_path *sp = skb_sec_path(skb);
824 if (!(sp && sp->xvec[sp->len - 1]->props.flags &
828 if (!pskb_may_pull(skb, sizeof(*hdr) + sizeof(struct ipv6hdr)))
831 nh = skb_network_offset(skb);
832 skb_set_network_header(skb, sizeof(*hdr));
834 if (!xfrm6_policy_check_reverse(NULL, XFRM_POLICY_IN, skb))
837 skb_set_network_header(skb, nh);
840 __ICMP6_INC_STATS(dev_net(dev), idev, ICMP6_MIB_INMSGS);
842 saddr = &ipv6_hdr(skb)->saddr;
843 daddr = &ipv6_hdr(skb)->daddr;
845 if (skb_checksum_validate(skb, IPPROTO_ICMPV6, ip6_compute_pseudo)) {
846 net_dbg_ratelimited("ICMPv6 checksum failed [%pI6c > %pI6c]\n",
851 if (!pskb_pull(skb, sizeof(*hdr)))
854 hdr = icmp6_hdr(skb);
856 type = hdr->icmp6_type;
858 ICMP6MSGIN_INC_STATS(dev_net(dev), idev, type);
861 case ICMPV6_ECHO_REQUEST:
862 if (!net->ipv6.sysctl.icmpv6_echo_ignore_all)
863 icmpv6_echo_reply(skb);
866 case ICMPV6_ECHO_REPLY:
867 success = ping_rcv(skb);
870 case ICMPV6_PKT_TOOBIG:
871 /* BUGGG_FUTURE: if packet contains rthdr, we cannot update
872 standard destination cache. Seems, only "advanced"
873 destination cache will allow to solve this problem
876 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
878 hdr = icmp6_hdr(skb);
882 case ICMPV6_DEST_UNREACH:
883 case ICMPV6_TIME_EXCEED:
884 case ICMPV6_PARAMPROB:
885 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu);
888 case NDISC_ROUTER_SOLICITATION:
889 case NDISC_ROUTER_ADVERTISEMENT:
890 case NDISC_NEIGHBOUR_SOLICITATION:
891 case NDISC_NEIGHBOUR_ADVERTISEMENT:
896 case ICMPV6_MGM_QUERY:
897 igmp6_event_query(skb);
900 case ICMPV6_MGM_REPORT:
901 igmp6_event_report(skb);
904 case ICMPV6_MGM_REDUCTION:
905 case ICMPV6_NI_QUERY:
906 case ICMPV6_NI_REPLY:
907 case ICMPV6_MLD2_REPORT:
908 case ICMPV6_DHAAD_REQUEST:
909 case ICMPV6_DHAAD_REPLY:
910 case ICMPV6_MOBILE_PREFIX_SOL:
911 case ICMPV6_MOBILE_PREFIX_ADV:
916 if (type & ICMPV6_INFOMSG_MASK)
919 net_dbg_ratelimited("icmpv6: msg of unknown type [%pI6c > %pI6c]\n",
923 * error of unknown type.
924 * must pass to upper level
927 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu);
930 /* until the v6 path can be better sorted assume failure and
931 * preserve the status quo behaviour for the rest of the paths to here
941 __ICMP6_INC_STATS(dev_net(dev), idev, ICMP6_MIB_CSUMERRORS);
943 __ICMP6_INC_STATS(dev_net(dev), idev, ICMP6_MIB_INERRORS);
949 void icmpv6_flow_init(struct sock *sk, struct flowi6 *fl6,
951 const struct in6_addr *saddr,
952 const struct in6_addr *daddr,
955 memset(fl6, 0, sizeof(*fl6));
958 fl6->flowi6_proto = IPPROTO_ICMPV6;
959 fl6->fl6_icmp_type = type;
960 fl6->fl6_icmp_code = 0;
961 fl6->flowi6_oif = oif;
962 security_sk_classify_flow(sk, flowi6_to_flowi(fl6));
965 static void __net_exit icmpv6_sk_exit(struct net *net)
969 for_each_possible_cpu(i)
970 inet_ctl_sock_destroy(*per_cpu_ptr(net->ipv6.icmp_sk, i));
971 free_percpu(net->ipv6.icmp_sk);
974 static int __net_init icmpv6_sk_init(struct net *net)
979 net->ipv6.icmp_sk = alloc_percpu(struct sock *);
980 if (!net->ipv6.icmp_sk)
983 for_each_possible_cpu(i) {
984 err = inet_ctl_sock_create(&sk, PF_INET6,
985 SOCK_RAW, IPPROTO_ICMPV6, net);
987 pr_err("Failed to initialize the ICMP6 control socket (err %d)\n",
992 *per_cpu_ptr(net->ipv6.icmp_sk, i) = sk;
994 /* Enough space for 2 64K ICMP packets, including
995 * sk_buff struct overhead.
997 sk->sk_sndbuf = 2 * SKB_TRUESIZE(64 * 1024);
1002 icmpv6_sk_exit(net);
1006 static struct pernet_operations icmpv6_sk_ops = {
1007 .init = icmpv6_sk_init,
1008 .exit = icmpv6_sk_exit,
1011 int __init icmpv6_init(void)
1015 err = register_pernet_subsys(&icmpv6_sk_ops);
1020 if (inet6_add_protocol(&icmpv6_protocol, IPPROTO_ICMPV6) < 0)
1023 err = inet6_register_icmp_sender(icmp6_send);
1025 goto sender_reg_err;
1029 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6);
1031 pr_err("Failed to register ICMP6 protocol\n");
1032 unregister_pernet_subsys(&icmpv6_sk_ops);
1036 void icmpv6_cleanup(void)
1038 inet6_unregister_icmp_sender(icmp6_send);
1039 unregister_pernet_subsys(&icmpv6_sk_ops);
1040 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6);
1044 static const struct icmp6_err {
1052 { /* ADM_PROHIBITED */
1056 { /* Was NOT_NEIGHBOUR, now reserved */
1057 .err = EHOSTUNREACH,
1060 { /* ADDR_UNREACH */
1061 .err = EHOSTUNREACH,
1064 { /* PORT_UNREACH */
1065 .err = ECONNREFUSED,
1072 { /* REJECT_ROUTE */
1078 int icmpv6_err_convert(u8 type, u8 code, int *err)
1085 case ICMPV6_DEST_UNREACH:
1087 if (code < ARRAY_SIZE(tab_unreach)) {
1088 *err = tab_unreach[code].err;
1089 fatal = tab_unreach[code].fatal;
1093 case ICMPV6_PKT_TOOBIG:
1097 case ICMPV6_PARAMPROB:
1102 case ICMPV6_TIME_EXCEED:
1103 *err = EHOSTUNREACH;
1109 EXPORT_SYMBOL(icmpv6_err_convert);
1111 #ifdef CONFIG_SYSCTL
1112 static struct ctl_table ipv6_icmp_table_template[] = {
1114 .procname = "ratelimit",
1115 .data = &init_net.ipv6.sysctl.icmpv6_time,
1116 .maxlen = sizeof(int),
1118 .proc_handler = proc_dointvec_ms_jiffies,
1121 .procname = "echo_ignore_all",
1122 .data = &init_net.ipv6.sysctl.icmpv6_echo_ignore_all,
1123 .maxlen = sizeof(int),
1125 .proc_handler = proc_dointvec,
1128 .procname = "echo_ignore_multicast",
1129 .data = &init_net.ipv6.sysctl.icmpv6_echo_ignore_multicast,
1130 .maxlen = sizeof(int),
1132 .proc_handler = proc_dointvec,
1135 .procname = "echo_ignore_anycast",
1136 .data = &init_net.ipv6.sysctl.icmpv6_echo_ignore_anycast,
1137 .maxlen = sizeof(int),
1139 .proc_handler = proc_dointvec,
1142 .procname = "ratemask",
1143 .data = &init_net.ipv6.sysctl.icmpv6_ratemask_ptr,
1144 .maxlen = ICMPV6_MSG_MAX + 1,
1146 .proc_handler = proc_do_large_bitmap,
1151 struct ctl_table * __net_init ipv6_icmp_sysctl_init(struct net *net)
1153 struct ctl_table *table;
1155 table = kmemdup(ipv6_icmp_table_template,
1156 sizeof(ipv6_icmp_table_template),
1160 table[0].data = &net->ipv6.sysctl.icmpv6_time;
1161 table[1].data = &net->ipv6.sysctl.icmpv6_echo_ignore_all;
1162 table[2].data = &net->ipv6.sysctl.icmpv6_echo_ignore_multicast;
1163 table[3].data = &net->ipv6.sysctl.icmpv6_echo_ignore_anycast;
1164 table[4].data = &net->ipv6.sysctl.icmpv6_ratemask_ptr;