1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * Internet Control Message Protocol (ICMPv6)
4 * Linux INET6 implementation
7 * Pedro Roque <roque@di.fc.ul.pt>
9 * Based on net/ipv4/icmp.c
17 * Andi Kleen : exception handling
18 * Andi Kleen add rate limits. never reply to a icmp.
19 * add more length checks and other fixes.
20 * yoshfuji : ensure to sent parameter problem for
22 * YOSHIFUJI Hideaki @USAGI: added sysctl for icmp rate limit.
24 * YOSHIFUJI Hideaki @USAGI: Per-interface statistics support
25 * Kazunori MIYAZAWA @USAGI: change output process to use ip6_append_data
28 #define pr_fmt(fmt) "IPv6: " fmt
30 #include <linux/module.h>
31 #include <linux/errno.h>
32 #include <linux/types.h>
33 #include <linux/socket.h>
35 #include <linux/kernel.h>
36 #include <linux/sockios.h>
37 #include <linux/net.h>
38 #include <linux/skbuff.h>
39 #include <linux/init.h>
40 #include <linux/netfilter.h>
41 #include <linux/slab.h>
44 #include <linux/sysctl.h>
47 #include <linux/inet.h>
48 #include <linux/netdevice.h>
49 #include <linux/icmpv6.h>
55 #include <net/ip6_checksum.h>
57 #include <net/protocol.h>
59 #include <net/rawv6.h>
60 #include <net/transp_v6.h>
61 #include <net/ip6_route.h>
62 #include <net/addrconf.h>
65 #include <net/inet_common.h>
66 #include <net/dsfield.h>
67 #include <net/l3mdev.h>
69 #include <linux/uaccess.h>
72 * The ICMP socket(s). This is the most convenient way to flow control
73 * our ICMP output as well as maintain a clean interface throughout
74 * all layers. All Socketless IP sends will soon be gone.
76 * On SMP we have one ICMP socket per-cpu.
78 static struct sock *icmpv6_sk(struct net *net)
80 return this_cpu_read(*net->ipv6.icmp_sk);
83 static int icmpv6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
84 u8 type, u8 code, int offset, __be32 info)
86 /* icmpv6_notify checks 8 bytes can be pulled, icmp6hdr is 8 bytes */
87 struct icmp6hdr *icmp6 = (struct icmp6hdr *) (skb->data + offset);
88 struct net *net = dev_net(skb->dev);
90 if (type == ICMPV6_PKT_TOOBIG)
91 ip6_update_pmtu(skb, net, info, skb->dev->ifindex, 0, sock_net_uid(net, NULL));
92 else if (type == NDISC_REDIRECT)
93 ip6_redirect(skb, net, skb->dev->ifindex, 0,
94 sock_net_uid(net, NULL));
96 if (!(type & ICMPV6_INFOMSG_MASK))
97 if (icmp6->icmp6_type == ICMPV6_ECHO_REQUEST)
98 ping_err(skb, offset, ntohl(info));
103 static int icmpv6_rcv(struct sk_buff *skb);
105 static const struct inet6_protocol icmpv6_protocol = {
106 .handler = icmpv6_rcv,
107 .err_handler = icmpv6_err,
108 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
111 /* Called with BH disabled */
112 static __inline__ struct sock *icmpv6_xmit_lock(struct net *net)
117 if (unlikely(!spin_trylock(&sk->sk_lock.slock))) {
118 /* This can happen if the output path (f.e. SIT or
119 * ip6ip6 tunnel) signals dst_link_failure() for an
120 * outgoing ICMP6 packet.
127 static __inline__ void icmpv6_xmit_unlock(struct sock *sk)
129 spin_unlock(&sk->sk_lock.slock);
133 * Figure out, may we reply to this packet with icmp error.
135 * We do not reply, if:
136 * - it was icmp error message.
137 * - it is truncated, so that it is known, that protocol is ICMPV6
138 * (i.e. in the middle of some exthdr)
143 static bool is_ineligible(const struct sk_buff *skb)
145 int ptr = (u8 *)(ipv6_hdr(skb) + 1) - skb->data;
146 int len = skb->len - ptr;
147 __u8 nexthdr = ipv6_hdr(skb)->nexthdr;
153 ptr = ipv6_skip_exthdr(skb, ptr, &nexthdr, &frag_off);
156 if (nexthdr == IPPROTO_ICMPV6) {
158 tp = skb_header_pointer(skb,
159 ptr+offsetof(struct icmp6hdr, icmp6_type),
160 sizeof(_type), &_type);
161 if (!tp || !(*tp & ICMPV6_INFOMSG_MASK))
167 static bool icmpv6_mask_allow(struct net *net, int type)
169 if (type > ICMPV6_MSG_MAX)
172 /* Limit if icmp type is set in ratemask. */
173 if (!test_bit(type, net->ipv6.sysctl.icmpv6_ratemask))
179 static bool icmpv6_global_allow(struct net *net, int type)
181 if (icmpv6_mask_allow(net, type))
184 if (icmp_global_allow())
191 * Check the ICMP output rate limit
193 static bool icmpv6_xrlim_allow(struct sock *sk, u8 type,
196 struct net *net = sock_net(sk);
197 struct dst_entry *dst;
200 if (icmpv6_mask_allow(net, type))
204 * Look up the output route.
205 * XXX: perhaps the expire for routing entries cloned by
206 * this lookup should be more aggressive (not longer than timeout).
208 dst = ip6_route_output(net, sk, fl6);
210 IP6_INC_STATS(net, ip6_dst_idev(dst),
211 IPSTATS_MIB_OUTNOROUTES);
212 } else if (dst->dev && (dst->dev->flags&IFF_LOOPBACK)) {
215 struct rt6_info *rt = (struct rt6_info *)dst;
216 int tmo = net->ipv6.sysctl.icmpv6_time;
217 struct inet_peer *peer;
219 /* Give more bandwidth to wider prefixes. */
220 if (rt->rt6i_dst.plen < 128)
221 tmo >>= ((128 - rt->rt6i_dst.plen)>>5);
223 peer = inet_getpeer_v6(net->ipv6.peers, &fl6->daddr, 1);
224 res = inet_peer_xrlim_allow(peer, tmo);
233 * an inline helper for the "simple" if statement below
234 * checks if parameter problem report is caused by an
235 * unrecognized IPv6 option that has the Option Type
236 * highest-order two bits set to 10
239 static bool opt_unrec(struct sk_buff *skb, __u32 offset)
243 offset += skb_network_offset(skb);
244 op = skb_header_pointer(skb, offset, sizeof(_optval), &_optval);
247 return (*op & 0xC0) == 0x80;
250 void icmpv6_push_pending_frames(struct sock *sk, struct flowi6 *fl6,
251 struct icmp6hdr *thdr, int len)
254 struct icmp6hdr *icmp6h;
256 skb = skb_peek(&sk->sk_write_queue);
260 icmp6h = icmp6_hdr(skb);
261 memcpy(icmp6h, thdr, sizeof(struct icmp6hdr));
262 icmp6h->icmp6_cksum = 0;
264 if (skb_queue_len(&sk->sk_write_queue) == 1) {
265 skb->csum = csum_partial(icmp6h,
266 sizeof(struct icmp6hdr), skb->csum);
267 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr,
269 len, fl6->flowi6_proto,
274 skb_queue_walk(&sk->sk_write_queue, skb) {
275 tmp_csum = csum_add(tmp_csum, skb->csum);
278 tmp_csum = csum_partial(icmp6h,
279 sizeof(struct icmp6hdr), tmp_csum);
280 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr,
282 len, fl6->flowi6_proto,
285 ip6_push_pending_frames(sk);
294 static int icmpv6_getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb)
296 struct icmpv6_msg *msg = (struct icmpv6_msg *) from;
297 struct sk_buff *org_skb = msg->skb;
300 csum = skb_copy_and_csum_bits(org_skb, msg->offset + offset,
302 skb->csum = csum_block_add(skb->csum, csum, odd);
303 if (!(msg->type & ICMPV6_INFOMSG_MASK))
304 nf_ct_attach(skb, org_skb);
308 #if IS_ENABLED(CONFIG_IPV6_MIP6)
309 static void mip6_addr_swap(struct sk_buff *skb)
311 struct ipv6hdr *iph = ipv6_hdr(skb);
312 struct inet6_skb_parm *opt = IP6CB(skb);
313 struct ipv6_destopt_hao *hao;
318 off = ipv6_find_tlv(skb, opt->dsthao, IPV6_TLV_HAO);
319 if (likely(off >= 0)) {
320 hao = (struct ipv6_destopt_hao *)
321 (skb_network_header(skb) + off);
323 iph->saddr = hao->addr;
329 static inline void mip6_addr_swap(struct sk_buff *skb) {}
332 static struct dst_entry *icmpv6_route_lookup(struct net *net,
337 struct dst_entry *dst, *dst2;
341 err = ip6_dst_lookup(net, sk, &dst, fl6);
346 * We won't send icmp if the destination is known
349 if (ipv6_anycast_destination(dst, &fl6->daddr)) {
350 net_dbg_ratelimited("icmp6_send: acast source\n");
352 return ERR_PTR(-EINVAL);
355 /* No need to clone since we're just using its address. */
358 dst = xfrm_lookup(net, dst, flowi6_to_flowi(fl6), sk, 0);
363 if (PTR_ERR(dst) == -EPERM)
369 err = xfrm_decode_session_reverse(skb, flowi6_to_flowi(&fl2), AF_INET6);
371 goto relookup_failed;
373 err = ip6_dst_lookup(net, sk, &dst2, &fl2);
375 goto relookup_failed;
377 dst2 = xfrm_lookup(net, dst2, flowi6_to_flowi(&fl2), sk, XFRM_LOOKUP_ICMP);
387 goto relookup_failed;
396 static struct net_device *icmp6_dev(const struct sk_buff *skb)
398 struct net_device *dev = skb->dev;
400 /* for local traffic to local address, skb dev is the loopback
401 * device. Check if there is a dst attached to the skb and if so
402 * get the real device index. Same is needed for replies to a link
403 * local address on a device enslaved to an L3 master device
405 if (unlikely(dev->ifindex == LOOPBACK_IFINDEX || netif_is_l3_master(skb->dev))) {
406 const struct rt6_info *rt6 = skb_rt6_info(skb);
409 dev = rt6->rt6i_idev->dev;
415 static int icmp6_iif(const struct sk_buff *skb)
417 return icmp6_dev(skb)->ifindex;
421 * Send an ICMP message in response to a packet in error
423 static void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info,
424 const struct in6_addr *force_saddr)
426 struct inet6_dev *idev = NULL;
427 struct ipv6hdr *hdr = ipv6_hdr(skb);
430 struct ipv6_pinfo *np;
431 const struct in6_addr *saddr = NULL;
432 struct dst_entry *dst;
433 struct icmp6hdr tmp_hdr;
435 struct icmpv6_msg msg;
436 struct ipcm6_cookie ipc6;
442 if ((u8 *)hdr < skb->head ||
443 (skb_network_header(skb) + sizeof(*hdr)) > skb_tail_pointer(skb))
448 net = dev_net(skb->dev);
449 mark = IP6_REPLY_MARK(net, skb->mark);
451 * Make sure we respect the rules
452 * i.e. RFC 1885 2.4(e)
453 * Rule (e.1) is enforced by not using icmp6_send
454 * in any code that processes icmp errors.
456 addr_type = ipv6_addr_type(&hdr->daddr);
458 if (ipv6_chk_addr(net, &hdr->daddr, skb->dev, 0) ||
459 ipv6_chk_acast_addr_src(net, skb->dev, &hdr->daddr))
466 if (addr_type & IPV6_ADDR_MULTICAST || skb->pkt_type != PACKET_HOST) {
467 if (type != ICMPV6_PKT_TOOBIG &&
468 !(type == ICMPV6_PARAMPROB &&
469 code == ICMPV6_UNK_OPTION &&
470 (opt_unrec(skb, info))))
476 addr_type = ipv6_addr_type(&hdr->saddr);
482 if (__ipv6_addr_needs_scope_id(addr_type)) {
483 iif = icmp6_iif(skb);
486 iif = l3mdev_master_ifindex(dst ? dst->dev : skb->dev);
490 * Must not send error if the source does not uniquely
491 * identify a single node (RFC2463 Section 2.4).
492 * We check unspecified / multicast addresses here,
493 * and anycast addresses will be checked later.
495 if ((addr_type == IPV6_ADDR_ANY) || (addr_type & IPV6_ADDR_MULTICAST)) {
496 net_dbg_ratelimited("icmp6_send: addr_any/mcast source [%pI6c > %pI6c]\n",
497 &hdr->saddr, &hdr->daddr);
502 * Never answer to a ICMP packet.
504 if (is_ineligible(skb)) {
505 net_dbg_ratelimited("icmp6_send: no reply to icmp error [%pI6c > %pI6c]\n",
506 &hdr->saddr, &hdr->daddr);
510 /* Needed by both icmp_global_allow and icmpv6_xmit_lock */
513 /* Check global sysctl_icmp_msgs_per_sec ratelimit */
514 if (!(skb->dev->flags & IFF_LOOPBACK) && !icmpv6_global_allow(net, type))
519 sk = icmpv6_xmit_lock(net);
523 memset(&fl6, 0, sizeof(fl6));
524 fl6.flowi6_proto = IPPROTO_ICMPV6;
525 fl6.daddr = hdr->saddr;
531 /* select a more meaningful saddr from input if */
532 struct net_device *in_netdev;
534 in_netdev = dev_get_by_index(net, IP6CB(skb)->iif);
536 ipv6_dev_get_saddr(net, in_netdev, &fl6.daddr,
537 inet6_sk(sk)->srcprefs,
542 fl6.flowi6_mark = mark;
543 fl6.flowi6_oif = iif;
544 fl6.fl6_icmp_type = type;
545 fl6.fl6_icmp_code = code;
546 fl6.flowi6_uid = sock_net_uid(net, NULL);
547 fl6.mp_hash = rt6_multipath_hash(net, &fl6, skb, NULL);
548 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
553 if (!icmpv6_xrlim_allow(sk, type, &fl6))
556 tmp_hdr.icmp6_type = type;
557 tmp_hdr.icmp6_code = code;
558 tmp_hdr.icmp6_cksum = 0;
559 tmp_hdr.icmp6_pointer = htonl(info);
561 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
562 fl6.flowi6_oif = np->mcast_oif;
563 else if (!fl6.flowi6_oif)
564 fl6.flowi6_oif = np->ucast_oif;
566 ipcm6_init_sk(&ipc6, np);
567 fl6.flowlabel = ip6_make_flowinfo(ipc6.tclass, fl6.flowlabel);
569 dst = icmpv6_route_lookup(net, skb, sk, &fl6);
573 ipc6.hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst);
576 msg.offset = skb_network_offset(skb);
579 len = skb->len - msg.offset;
580 len = min_t(unsigned int, len, IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(struct icmp6hdr));
582 net_dbg_ratelimited("icmp: len problem [%pI6c > %pI6c]\n",
583 &hdr->saddr, &hdr->daddr);
584 goto out_dst_release;
588 idev = __in6_dev_get(skb->dev);
590 if (ip6_append_data(sk, icmpv6_getfrag, &msg,
591 len + sizeof(struct icmp6hdr),
592 sizeof(struct icmp6hdr),
593 &ipc6, &fl6, (struct rt6_info *)dst,
595 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTERRORS);
596 ip6_flush_pending_frames(sk);
598 icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr,
599 len + sizeof(struct icmp6hdr));
605 icmpv6_xmit_unlock(sk);
610 /* Slightly more convenient version of icmp6_send.
612 void icmpv6_param_prob(struct sk_buff *skb, u8 code, int pos)
614 icmp6_send(skb, ICMPV6_PARAMPROB, code, pos, NULL);
618 /* Generate icmpv6 with type/code ICMPV6_DEST_UNREACH/ICMPV6_ADDR_UNREACH
619 * if sufficient data bytes are available
620 * @nhs is the size of the tunnel header(s) :
621 * Either an IPv4 header for SIT encap
622 * an IPv4 header + GRE header for GRE encap
624 int ip6_err_gen_icmpv6_unreach(struct sk_buff *skb, int nhs, int type,
625 unsigned int data_len)
627 struct in6_addr temp_saddr;
629 struct sk_buff *skb2;
632 if (!pskb_may_pull(skb, nhs + sizeof(struct ipv6hdr) + 8))
635 /* RFC 4884 (partial) support for ICMP extensions */
636 if (data_len < 128 || (data_len & 7) || skb->len < data_len)
639 skb2 = data_len ? skb_copy(skb, GFP_ATOMIC) : skb_clone(skb, GFP_ATOMIC);
646 skb_reset_network_header(skb2);
648 rt = rt6_lookup(dev_net(skb->dev), &ipv6_hdr(skb2)->saddr, NULL, 0,
651 if (rt && rt->dst.dev)
652 skb2->dev = rt->dst.dev;
654 ipv6_addr_set_v4mapped(ip_hdr(skb)->saddr, &temp_saddr);
657 /* RFC 4884 (partial) support :
658 * insert 0 padding at the end, before the extensions
660 __skb_push(skb2, nhs);
661 skb_reset_network_header(skb2);
662 memmove(skb2->data, skb2->data + nhs, data_len - nhs);
663 memset(skb2->data + data_len - nhs, 0, nhs);
664 /* RFC 4884 4.5 : Length is measured in 64-bit words,
665 * and stored in reserved[0]
667 info = (data_len/8) << 24;
669 if (type == ICMP_TIME_EXCEEDED)
670 icmp6_send(skb2, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT,
673 icmp6_send(skb2, ICMPV6_DEST_UNREACH, ICMPV6_ADDR_UNREACH,
682 EXPORT_SYMBOL(ip6_err_gen_icmpv6_unreach);
684 static void icmpv6_echo_reply(struct sk_buff *skb)
686 struct net *net = dev_net(skb->dev);
688 struct inet6_dev *idev;
689 struct ipv6_pinfo *np;
690 const struct in6_addr *saddr = NULL;
691 struct icmp6hdr *icmph = icmp6_hdr(skb);
692 struct icmp6hdr tmp_hdr;
694 struct icmpv6_msg msg;
695 struct dst_entry *dst;
696 struct ipcm6_cookie ipc6;
697 u32 mark = IP6_REPLY_MARK(net, skb->mark);
700 if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr) &&
701 net->ipv6.sysctl.icmpv6_echo_ignore_multicast)
704 saddr = &ipv6_hdr(skb)->daddr;
706 acast = ipv6_anycast_destination(skb_dst(skb), saddr);
707 if (acast && net->ipv6.sysctl.icmpv6_echo_ignore_anycast)
710 if (!ipv6_unicast_destination(skb) &&
711 !(net->ipv6.sysctl.anycast_src_echo_reply && acast))
714 memcpy(&tmp_hdr, icmph, sizeof(tmp_hdr));
715 tmp_hdr.icmp6_type = ICMPV6_ECHO_REPLY;
717 memset(&fl6, 0, sizeof(fl6));
718 if (net->ipv6.sysctl.flowlabel_reflect & FLOWLABEL_REFLECT_ICMPV6_ECHO_REPLIES)
719 fl6.flowlabel = ip6_flowlabel(ipv6_hdr(skb));
721 fl6.flowi6_proto = IPPROTO_ICMPV6;
722 fl6.daddr = ipv6_hdr(skb)->saddr;
725 fl6.flowi6_oif = icmp6_iif(skb);
726 fl6.fl6_icmp_type = ICMPV6_ECHO_REPLY;
727 fl6.flowi6_mark = mark;
728 fl6.flowi6_uid = sock_net_uid(net, NULL);
729 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
732 sk = icmpv6_xmit_lock(net);
738 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
739 fl6.flowi6_oif = np->mcast_oif;
740 else if (!fl6.flowi6_oif)
741 fl6.flowi6_oif = np->ucast_oif;
743 if (ip6_dst_lookup(net, sk, &dst, &fl6))
745 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), sk, 0);
749 /* Check the ratelimit */
750 if ((!(skb->dev->flags & IFF_LOOPBACK) && !icmpv6_global_allow(net, ICMPV6_ECHO_REPLY)) ||
751 !icmpv6_xrlim_allow(sk, ICMPV6_ECHO_REPLY, &fl6))
752 goto out_dst_release;
754 idev = __in6_dev_get(skb->dev);
758 msg.type = ICMPV6_ECHO_REPLY;
760 ipcm6_init_sk(&ipc6, np);
761 ipc6.hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst);
762 ipc6.tclass = ipv6_get_dsfield(ipv6_hdr(skb));
764 if (ip6_append_data(sk, icmpv6_getfrag, &msg,
765 skb->len + sizeof(struct icmp6hdr),
766 sizeof(struct icmp6hdr), &ipc6, &fl6,
767 (struct rt6_info *)dst, MSG_DONTWAIT)) {
768 __ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTERRORS);
769 ip6_flush_pending_frames(sk);
771 icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr,
772 skb->len + sizeof(struct icmp6hdr));
777 icmpv6_xmit_unlock(sk);
782 void icmpv6_notify(struct sk_buff *skb, u8 type, u8 code, __be32 info)
784 const struct inet6_protocol *ipprot;
788 struct net *net = dev_net(skb->dev);
790 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
793 nexthdr = ((struct ipv6hdr *)skb->data)->nexthdr;
794 if (ipv6_ext_hdr(nexthdr)) {
795 /* now skip over extension headers */
796 inner_offset = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr),
797 &nexthdr, &frag_off);
798 if (inner_offset < 0)
801 inner_offset = sizeof(struct ipv6hdr);
804 /* Checkin header including 8 bytes of inner protocol header. */
805 if (!pskb_may_pull(skb, inner_offset+8))
808 /* BUGGG_FUTURE: we should try to parse exthdrs in this packet.
809 Without this we will not able f.e. to make source routed
811 Corresponding argument (opt) to notifiers is already added.
815 ipprot = rcu_dereference(inet6_protos[nexthdr]);
816 if (ipprot && ipprot->err_handler)
817 ipprot->err_handler(skb, NULL, type, code, inner_offset, info);
819 raw6_icmp_error(skb, nexthdr, type, code, inner_offset, info);
823 __ICMP6_INC_STATS(net, __in6_dev_get(skb->dev), ICMP6_MIB_INERRORS);
827 * Handle icmp messages
830 static int icmpv6_rcv(struct sk_buff *skb)
832 struct net *net = dev_net(skb->dev);
833 struct net_device *dev = icmp6_dev(skb);
834 struct inet6_dev *idev = __in6_dev_get(dev);
835 const struct in6_addr *saddr, *daddr;
836 struct icmp6hdr *hdr;
838 bool success = false;
840 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
841 struct sec_path *sp = skb_sec_path(skb);
844 if (!(sp && sp->xvec[sp->len - 1]->props.flags &
848 if (!pskb_may_pull(skb, sizeof(*hdr) + sizeof(struct ipv6hdr)))
851 nh = skb_network_offset(skb);
852 skb_set_network_header(skb, sizeof(*hdr));
854 if (!xfrm6_policy_check_reverse(NULL, XFRM_POLICY_IN, skb))
857 skb_set_network_header(skb, nh);
860 __ICMP6_INC_STATS(dev_net(dev), idev, ICMP6_MIB_INMSGS);
862 saddr = &ipv6_hdr(skb)->saddr;
863 daddr = &ipv6_hdr(skb)->daddr;
865 if (skb_checksum_validate(skb, IPPROTO_ICMPV6, ip6_compute_pseudo)) {
866 net_dbg_ratelimited("ICMPv6 checksum failed [%pI6c > %pI6c]\n",
871 if (!pskb_pull(skb, sizeof(*hdr)))
874 hdr = icmp6_hdr(skb);
876 type = hdr->icmp6_type;
878 ICMP6MSGIN_INC_STATS(dev_net(dev), idev, type);
881 case ICMPV6_ECHO_REQUEST:
882 if (!net->ipv6.sysctl.icmpv6_echo_ignore_all)
883 icmpv6_echo_reply(skb);
886 case ICMPV6_ECHO_REPLY:
887 success = ping_rcv(skb);
890 case ICMPV6_PKT_TOOBIG:
891 /* BUGGG_FUTURE: if packet contains rthdr, we cannot update
892 standard destination cache. Seems, only "advanced"
893 destination cache will allow to solve this problem
896 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
898 hdr = icmp6_hdr(skb);
902 case ICMPV6_DEST_UNREACH:
903 case ICMPV6_TIME_EXCEED:
904 case ICMPV6_PARAMPROB:
905 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu);
908 case NDISC_ROUTER_SOLICITATION:
909 case NDISC_ROUTER_ADVERTISEMENT:
910 case NDISC_NEIGHBOUR_SOLICITATION:
911 case NDISC_NEIGHBOUR_ADVERTISEMENT:
916 case ICMPV6_MGM_QUERY:
917 igmp6_event_query(skb);
920 case ICMPV6_MGM_REPORT:
921 igmp6_event_report(skb);
924 case ICMPV6_MGM_REDUCTION:
925 case ICMPV6_NI_QUERY:
926 case ICMPV6_NI_REPLY:
927 case ICMPV6_MLD2_REPORT:
928 case ICMPV6_DHAAD_REQUEST:
929 case ICMPV6_DHAAD_REPLY:
930 case ICMPV6_MOBILE_PREFIX_SOL:
931 case ICMPV6_MOBILE_PREFIX_ADV:
936 if (type & ICMPV6_INFOMSG_MASK)
939 net_dbg_ratelimited("icmpv6: msg of unknown type [%pI6c > %pI6c]\n",
943 * error of unknown type.
944 * must pass to upper level
947 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu);
950 /* until the v6 path can be better sorted assume failure and
951 * preserve the status quo behaviour for the rest of the paths to here
961 __ICMP6_INC_STATS(dev_net(dev), idev, ICMP6_MIB_CSUMERRORS);
963 __ICMP6_INC_STATS(dev_net(dev), idev, ICMP6_MIB_INERRORS);
969 void icmpv6_flow_init(struct sock *sk, struct flowi6 *fl6,
971 const struct in6_addr *saddr,
972 const struct in6_addr *daddr,
975 memset(fl6, 0, sizeof(*fl6));
978 fl6->flowi6_proto = IPPROTO_ICMPV6;
979 fl6->fl6_icmp_type = type;
980 fl6->fl6_icmp_code = 0;
981 fl6->flowi6_oif = oif;
982 security_sk_classify_flow(sk, flowi6_to_flowi(fl6));
985 static void __net_exit icmpv6_sk_exit(struct net *net)
989 for_each_possible_cpu(i)
990 inet_ctl_sock_destroy(*per_cpu_ptr(net->ipv6.icmp_sk, i));
991 free_percpu(net->ipv6.icmp_sk);
994 static int __net_init icmpv6_sk_init(struct net *net)
999 net->ipv6.icmp_sk = alloc_percpu(struct sock *);
1000 if (!net->ipv6.icmp_sk)
1003 for_each_possible_cpu(i) {
1004 err = inet_ctl_sock_create(&sk, PF_INET6,
1005 SOCK_RAW, IPPROTO_ICMPV6, net);
1007 pr_err("Failed to initialize the ICMP6 control socket (err %d)\n",
1012 *per_cpu_ptr(net->ipv6.icmp_sk, i) = sk;
1014 /* Enough space for 2 64K ICMP packets, including
1015 * sk_buff struct overhead.
1017 sk->sk_sndbuf = 2 * SKB_TRUESIZE(64 * 1024);
1022 icmpv6_sk_exit(net);
1026 static struct pernet_operations icmpv6_sk_ops = {
1027 .init = icmpv6_sk_init,
1028 .exit = icmpv6_sk_exit,
1031 int __init icmpv6_init(void)
1035 err = register_pernet_subsys(&icmpv6_sk_ops);
1040 if (inet6_add_protocol(&icmpv6_protocol, IPPROTO_ICMPV6) < 0)
1043 err = inet6_register_icmp_sender(icmp6_send);
1045 goto sender_reg_err;
1049 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6);
1051 pr_err("Failed to register ICMP6 protocol\n");
1052 unregister_pernet_subsys(&icmpv6_sk_ops);
1056 void icmpv6_cleanup(void)
1058 inet6_unregister_icmp_sender(icmp6_send);
1059 unregister_pernet_subsys(&icmpv6_sk_ops);
1060 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6);
1064 static const struct icmp6_err {
1072 { /* ADM_PROHIBITED */
1076 { /* Was NOT_NEIGHBOUR, now reserved */
1077 .err = EHOSTUNREACH,
1080 { /* ADDR_UNREACH */
1081 .err = EHOSTUNREACH,
1084 { /* PORT_UNREACH */
1085 .err = ECONNREFUSED,
1092 { /* REJECT_ROUTE */
1098 int icmpv6_err_convert(u8 type, u8 code, int *err)
1105 case ICMPV6_DEST_UNREACH:
1107 if (code < ARRAY_SIZE(tab_unreach)) {
1108 *err = tab_unreach[code].err;
1109 fatal = tab_unreach[code].fatal;
1113 case ICMPV6_PKT_TOOBIG:
1117 case ICMPV6_PARAMPROB:
1122 case ICMPV6_TIME_EXCEED:
1123 *err = EHOSTUNREACH;
1129 EXPORT_SYMBOL(icmpv6_err_convert);
1131 #ifdef CONFIG_SYSCTL
1132 static struct ctl_table ipv6_icmp_table_template[] = {
1134 .procname = "ratelimit",
1135 .data = &init_net.ipv6.sysctl.icmpv6_time,
1136 .maxlen = sizeof(int),
1138 .proc_handler = proc_dointvec_ms_jiffies,
1141 .procname = "echo_ignore_all",
1142 .data = &init_net.ipv6.sysctl.icmpv6_echo_ignore_all,
1143 .maxlen = sizeof(int),
1145 .proc_handler = proc_dointvec,
1148 .procname = "echo_ignore_multicast",
1149 .data = &init_net.ipv6.sysctl.icmpv6_echo_ignore_multicast,
1150 .maxlen = sizeof(int),
1152 .proc_handler = proc_dointvec,
1155 .procname = "echo_ignore_anycast",
1156 .data = &init_net.ipv6.sysctl.icmpv6_echo_ignore_anycast,
1157 .maxlen = sizeof(int),
1159 .proc_handler = proc_dointvec,
1162 .procname = "ratemask",
1163 .data = &init_net.ipv6.sysctl.icmpv6_ratemask_ptr,
1164 .maxlen = ICMPV6_MSG_MAX + 1,
1166 .proc_handler = proc_do_large_bitmap,
1171 struct ctl_table * __net_init ipv6_icmp_sysctl_init(struct net *net)
1173 struct ctl_table *table;
1175 table = kmemdup(ipv6_icmp_table_template,
1176 sizeof(ipv6_icmp_table_template),
1180 table[0].data = &net->ipv6.sysctl.icmpv6_time;
1181 table[1].data = &net->ipv6.sysctl.icmpv6_echo_ignore_all;
1182 table[2].data = &net->ipv6.sysctl.icmpv6_echo_ignore_multicast;
1183 table[3].data = &net->ipv6.sysctl.icmpv6_echo_ignore_anycast;
1184 table[4].data = &net->ipv6.sysctl.icmpv6_ratemask_ptr;
projects / linux-2.6-microblaze.git / blob