1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * Internet Control Message Protocol (ICMPv6)
4 * Linux INET6 implementation
7 * Pedro Roque <roque@di.fc.ul.pt>
9 * Based on net/ipv4/icmp.c
17 * Andi Kleen : exception handling
18 * Andi Kleen add rate limits. never reply to a icmp.
19 * add more length checks and other fixes.
20 * yoshfuji : ensure to sent parameter problem for
22 * YOSHIFUJI Hideaki @USAGI: added sysctl for icmp rate limit.
24 * YOSHIFUJI Hideaki @USAGI: Per-interface statistics support
25 * Kazunori MIYAZAWA @USAGI: change output process to use ip6_append_data
28 #define pr_fmt(fmt) "IPv6: " fmt
30 #include <linux/module.h>
31 #include <linux/errno.h>
32 #include <linux/types.h>
33 #include <linux/socket.h>
35 #include <linux/kernel.h>
36 #include <linux/sockios.h>
37 #include <linux/net.h>
38 #include <linux/skbuff.h>
39 #include <linux/init.h>
40 #include <linux/netfilter.h>
41 #include <linux/slab.h>
44 #include <linux/sysctl.h>
47 #include <linux/inet.h>
48 #include <linux/netdevice.h>
49 #include <linux/icmpv6.h>
55 #include <net/ip6_checksum.h>
57 #include <net/protocol.h>
59 #include <net/rawv6.h>
61 #include <net/transp_v6.h>
62 #include <net/ip6_route.h>
63 #include <net/addrconf.h>
66 #include <net/inet_common.h>
67 #include <net/dsfield.h>
68 #include <net/l3mdev.h>
70 #include <linux/uaccess.h>
72 static DEFINE_PER_CPU(struct sock *, ipv6_icmp_sk);
74 static int icmpv6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
75 u8 type, u8 code, int offset, __be32 info)
77 /* icmpv6_notify checks 8 bytes can be pulled, icmp6hdr is 8 bytes */
78 struct icmp6hdr *icmp6 = (struct icmp6hdr *) (skb->data + offset);
79 struct net *net = dev_net(skb->dev);
81 if (type == ICMPV6_PKT_TOOBIG)
82 ip6_update_pmtu(skb, net, info, skb->dev->ifindex, 0, sock_net_uid(net, NULL));
83 else if (type == NDISC_REDIRECT)
84 ip6_redirect(skb, net, skb->dev->ifindex, 0,
85 sock_net_uid(net, NULL));
87 if (!(type & ICMPV6_INFOMSG_MASK))
88 if (icmp6->icmp6_type == ICMPV6_ECHO_REQUEST)
89 ping_err(skb, offset, ntohl(info));
94 static int icmpv6_rcv(struct sk_buff *skb);
96 static const struct inet6_protocol icmpv6_protocol = {
97 .handler = icmpv6_rcv,
98 .err_handler = icmpv6_err,
99 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
102 /* Called with BH disabled */
103 static struct sock *icmpv6_xmit_lock(struct net *net)
107 sk = this_cpu_read(ipv6_icmp_sk);
108 if (unlikely(!spin_trylock(&sk->sk_lock.slock))) {
109 /* This can happen if the output path (f.e. SIT or
110 * ip6ip6 tunnel) signals dst_link_failure() for an
111 * outgoing ICMP6 packet.
115 sock_net_set(sk, net);
119 static void icmpv6_xmit_unlock(struct sock *sk)
121 sock_net_set(sk, &init_net);
122 spin_unlock(&sk->sk_lock.slock);
126 * Figure out, may we reply to this packet with icmp error.
128 * We do not reply, if:
129 * - it was icmp error message.
130 * - it is truncated, so that it is known, that protocol is ICMPV6
131 * (i.e. in the middle of some exthdr)
136 static bool is_ineligible(const struct sk_buff *skb)
138 int ptr = (u8 *)(ipv6_hdr(skb) + 1) - skb->data;
139 int len = skb->len - ptr;
140 __u8 nexthdr = ipv6_hdr(skb)->nexthdr;
146 ptr = ipv6_skip_exthdr(skb, ptr, &nexthdr, &frag_off);
149 if (nexthdr == IPPROTO_ICMPV6) {
151 tp = skb_header_pointer(skb,
152 ptr+offsetof(struct icmp6hdr, icmp6_type),
153 sizeof(_type), &_type);
155 /* Based on RFC 8200, Section 4.5 Fragment Header, return
156 * false if this is a fragment packet with no icmp header info.
158 if (!tp && frag_off != 0)
160 else if (!tp || !(*tp & ICMPV6_INFOMSG_MASK))
166 static bool icmpv6_mask_allow(struct net *net, int type)
168 if (type > ICMPV6_MSG_MAX)
171 /* Limit if icmp type is set in ratemask. */
172 if (!test_bit(type, net->ipv6.sysctl.icmpv6_ratemask))
178 static bool icmpv6_global_allow(struct net *net, int type)
180 if (icmpv6_mask_allow(net, type))
183 if (icmp_global_allow())
186 __ICMP_INC_STATS(net, ICMP_MIB_RATELIMITGLOBAL);
191 * Check the ICMP output rate limit
193 static bool icmpv6_xrlim_allow(struct sock *sk, u8 type,
196 struct net *net = sock_net(sk);
197 struct dst_entry *dst;
200 if (icmpv6_mask_allow(net, type))
204 * Look up the output route.
205 * XXX: perhaps the expire for routing entries cloned by
206 * this lookup should be more aggressive (not longer than timeout).
208 dst = ip6_route_output(net, sk, fl6);
210 IP6_INC_STATS(net, ip6_dst_idev(dst),
211 IPSTATS_MIB_OUTNOROUTES);
212 } else if (dst->dev && (dst->dev->flags&IFF_LOOPBACK)) {
215 struct rt6_info *rt = (struct rt6_info *)dst;
216 int tmo = net->ipv6.sysctl.icmpv6_time;
217 struct inet_peer *peer;
219 /* Give more bandwidth to wider prefixes. */
220 if (rt->rt6i_dst.plen < 128)
221 tmo >>= ((128 - rt->rt6i_dst.plen)>>5);
223 peer = inet_getpeer_v6(net->ipv6.peers, &fl6->daddr, 1);
224 res = inet_peer_xrlim_allow(peer, tmo);
229 __ICMP6_INC_STATS(net, ip6_dst_idev(dst),
230 ICMP6_MIB_RATELIMITHOST);
235 static bool icmpv6_rt_has_prefsrc(struct sock *sk, u8 type,
238 struct net *net = sock_net(sk);
239 struct dst_entry *dst;
242 dst = ip6_route_output(net, sk, fl6);
244 struct rt6_info *rt = (struct rt6_info *)dst;
245 struct in6_addr prefsrc;
247 rt6_get_prefsrc(rt, &prefsrc);
248 res = !ipv6_addr_any(&prefsrc);
255 * an inline helper for the "simple" if statement below
256 * checks if parameter problem report is caused by an
257 * unrecognized IPv6 option that has the Option Type
258 * highest-order two bits set to 10
261 static bool opt_unrec(struct sk_buff *skb, __u32 offset)
265 offset += skb_network_offset(skb);
266 op = skb_header_pointer(skb, offset, sizeof(_optval), &_optval);
269 return (*op & 0xC0) == 0x80;
272 void icmpv6_push_pending_frames(struct sock *sk, struct flowi6 *fl6,
273 struct icmp6hdr *thdr, int len)
276 struct icmp6hdr *icmp6h;
278 skb = skb_peek(&sk->sk_write_queue);
282 icmp6h = icmp6_hdr(skb);
283 memcpy(icmp6h, thdr, sizeof(struct icmp6hdr));
284 icmp6h->icmp6_cksum = 0;
286 if (skb_queue_len(&sk->sk_write_queue) == 1) {
287 skb->csum = csum_partial(icmp6h,
288 sizeof(struct icmp6hdr), skb->csum);
289 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr,
291 len, fl6->flowi6_proto,
296 skb_queue_walk(&sk->sk_write_queue, skb) {
297 tmp_csum = csum_add(tmp_csum, skb->csum);
300 tmp_csum = csum_partial(icmp6h,
301 sizeof(struct icmp6hdr), tmp_csum);
302 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr,
304 len, fl6->flowi6_proto,
307 ip6_push_pending_frames(sk);
316 static int icmpv6_getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb)
318 struct icmpv6_msg *msg = (struct icmpv6_msg *) from;
319 struct sk_buff *org_skb = msg->skb;
322 csum = skb_copy_and_csum_bits(org_skb, msg->offset + offset,
324 skb->csum = csum_block_add(skb->csum, csum, odd);
325 if (!(msg->type & ICMPV6_INFOMSG_MASK))
326 nf_ct_attach(skb, org_skb);
330 #if IS_ENABLED(CONFIG_IPV6_MIP6)
331 static void mip6_addr_swap(struct sk_buff *skb, const struct inet6_skb_parm *opt)
333 struct ipv6hdr *iph = ipv6_hdr(skb);
334 struct ipv6_destopt_hao *hao;
338 off = ipv6_find_tlv(skb, opt->dsthao, IPV6_TLV_HAO);
339 if (likely(off >= 0)) {
340 hao = (struct ipv6_destopt_hao *)
341 (skb_network_header(skb) + off);
342 swap(iph->saddr, hao->addr);
347 static inline void mip6_addr_swap(struct sk_buff *skb, const struct inet6_skb_parm *opt) {}
350 static struct dst_entry *icmpv6_route_lookup(struct net *net,
355 struct dst_entry *dst, *dst2;
359 err = ip6_dst_lookup(net, sk, &dst, fl6);
364 * We won't send icmp if the destination is known
367 if (ipv6_anycast_destination(dst, &fl6->daddr)) {
368 net_dbg_ratelimited("icmp6_send: acast source\n");
370 return ERR_PTR(-EINVAL);
373 /* No need to clone since we're just using its address. */
376 dst = xfrm_lookup(net, dst, flowi6_to_flowi(fl6), sk, 0);
381 if (PTR_ERR(dst) == -EPERM)
387 err = xfrm_decode_session_reverse(skb, flowi6_to_flowi(&fl2), AF_INET6);
389 goto relookup_failed;
391 err = ip6_dst_lookup(net, sk, &dst2, &fl2);
393 goto relookup_failed;
395 dst2 = xfrm_lookup(net, dst2, flowi6_to_flowi(&fl2), sk, XFRM_LOOKUP_ICMP);
405 goto relookup_failed;
414 static struct net_device *icmp6_dev(const struct sk_buff *skb)
416 struct net_device *dev = skb->dev;
418 /* for local traffic to local address, skb dev is the loopback
419 * device. Check if there is a dst attached to the skb and if so
420 * get the real device index. Same is needed for replies to a link
421 * local address on a device enslaved to an L3 master device
423 if (unlikely(dev->ifindex == LOOPBACK_IFINDEX || netif_is_l3_master(skb->dev))) {
424 const struct rt6_info *rt6 = skb_rt6_info(skb);
427 dev = rt6->rt6i_idev->dev;
433 static int icmp6_iif(const struct sk_buff *skb)
435 return icmp6_dev(skb)->ifindex;
439 * Send an ICMP message in response to a packet in error
441 void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info,
442 const struct in6_addr *force_saddr,
443 const struct inet6_skb_parm *parm)
445 struct inet6_dev *idev = NULL;
446 struct ipv6hdr *hdr = ipv6_hdr(skb);
449 struct ipv6_pinfo *np;
450 const struct in6_addr *saddr = NULL;
451 struct dst_entry *dst;
452 struct icmp6hdr tmp_hdr;
454 struct icmpv6_msg msg;
455 struct ipcm6_cookie ipc6;
461 if ((u8 *)hdr < skb->head ||
462 (skb_network_header(skb) + sizeof(*hdr)) > skb_tail_pointer(skb))
467 net = dev_net(skb->dev);
468 mark = IP6_REPLY_MARK(net, skb->mark);
470 * Make sure we respect the rules
471 * i.e. RFC 1885 2.4(e)
472 * Rule (e.1) is enforced by not using icmp6_send
473 * in any code that processes icmp errors.
475 addr_type = ipv6_addr_type(&hdr->daddr);
477 if (ipv6_chk_addr(net, &hdr->daddr, skb->dev, 0) ||
478 ipv6_chk_acast_addr_src(net, skb->dev, &hdr->daddr))
485 if (addr_type & IPV6_ADDR_MULTICAST || skb->pkt_type != PACKET_HOST) {
486 if (type != ICMPV6_PKT_TOOBIG &&
487 !(type == ICMPV6_PARAMPROB &&
488 code == ICMPV6_UNK_OPTION &&
489 (opt_unrec(skb, info))))
495 addr_type = ipv6_addr_type(&hdr->saddr);
501 if (__ipv6_addr_needs_scope_id(addr_type)) {
502 iif = icmp6_iif(skb);
505 * The source device is used for looking up which routing table
506 * to use for sending an ICMP error.
508 iif = l3mdev_master_ifindex(skb->dev);
512 * Must not send error if the source does not uniquely
513 * identify a single node (RFC2463 Section 2.4).
514 * We check unspecified / multicast addresses here,
515 * and anycast addresses will be checked later.
517 if ((addr_type == IPV6_ADDR_ANY) || (addr_type & IPV6_ADDR_MULTICAST)) {
518 net_dbg_ratelimited("icmp6_send: addr_any/mcast source [%pI6c > %pI6c]\n",
519 &hdr->saddr, &hdr->daddr);
524 * Never answer to a ICMP packet.
526 if (is_ineligible(skb)) {
527 net_dbg_ratelimited("icmp6_send: no reply to icmp error [%pI6c > %pI6c]\n",
528 &hdr->saddr, &hdr->daddr);
532 /* Needed by both icmp_global_allow and icmpv6_xmit_lock */
535 /* Check global sysctl_icmp_msgs_per_sec ratelimit */
536 if (!(skb->dev->flags & IFF_LOOPBACK) && !icmpv6_global_allow(net, type))
539 mip6_addr_swap(skb, parm);
541 sk = icmpv6_xmit_lock(net);
545 memset(&fl6, 0, sizeof(fl6));
546 fl6.flowi6_proto = IPPROTO_ICMPV6;
547 fl6.daddr = hdr->saddr;
552 } else if (!icmpv6_rt_has_prefsrc(sk, type, &fl6)) {
553 /* select a more meaningful saddr from input if */
554 struct net_device *in_netdev;
556 in_netdev = dev_get_by_index(net, parm->iif);
558 ipv6_dev_get_saddr(net, in_netdev, &fl6.daddr,
559 inet6_sk(sk)->srcprefs,
564 fl6.flowi6_mark = mark;
565 fl6.flowi6_oif = iif;
566 fl6.fl6_icmp_type = type;
567 fl6.fl6_icmp_code = code;
568 fl6.flowi6_uid = sock_net_uid(net, NULL);
569 fl6.mp_hash = rt6_multipath_hash(net, &fl6, skb, NULL);
570 security_skb_classify_flow(skb, flowi6_to_flowi_common(&fl6));
574 if (!icmpv6_xrlim_allow(sk, type, &fl6))
577 tmp_hdr.icmp6_type = type;
578 tmp_hdr.icmp6_code = code;
579 tmp_hdr.icmp6_cksum = 0;
580 tmp_hdr.icmp6_pointer = htonl(info);
582 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
583 fl6.flowi6_oif = np->mcast_oif;
584 else if (!fl6.flowi6_oif)
585 fl6.flowi6_oif = np->ucast_oif;
587 ipcm6_init_sk(&ipc6, np);
588 ipc6.sockc.mark = mark;
589 fl6.flowlabel = ip6_make_flowinfo(ipc6.tclass, fl6.flowlabel);
591 dst = icmpv6_route_lookup(net, skb, sk, &fl6);
595 ipc6.hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst);
598 msg.offset = skb_network_offset(skb);
601 len = skb->len - msg.offset;
602 len = min_t(unsigned int, len, IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(struct icmp6hdr));
604 net_dbg_ratelimited("icmp: len problem [%pI6c > %pI6c]\n",
605 &hdr->saddr, &hdr->daddr);
606 goto out_dst_release;
610 idev = __in6_dev_get(skb->dev);
612 if (ip6_append_data(sk, icmpv6_getfrag, &msg,
613 len + sizeof(struct icmp6hdr),
614 sizeof(struct icmp6hdr),
615 &ipc6, &fl6, (struct rt6_info *)dst,
617 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTERRORS);
618 ip6_flush_pending_frames(sk);
620 icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr,
621 len + sizeof(struct icmp6hdr));
627 icmpv6_xmit_unlock(sk);
631 EXPORT_SYMBOL(icmp6_send);
633 /* Slightly more convenient version of icmp6_send with drop reasons.
635 void icmpv6_param_prob_reason(struct sk_buff *skb, u8 code, int pos,
636 enum skb_drop_reason reason)
638 icmp6_send(skb, ICMPV6_PARAMPROB, code, pos, NULL, IP6CB(skb));
639 kfree_skb_reason(skb, reason);
642 /* Generate icmpv6 with type/code ICMPV6_DEST_UNREACH/ICMPV6_ADDR_UNREACH
643 * if sufficient data bytes are available
644 * @nhs is the size of the tunnel header(s) :
645 * Either an IPv4 header for SIT encap
646 * an IPv4 header + GRE header for GRE encap
648 int ip6_err_gen_icmpv6_unreach(struct sk_buff *skb, int nhs, int type,
649 unsigned int data_len)
651 struct in6_addr temp_saddr;
653 struct sk_buff *skb2;
656 if (!pskb_may_pull(skb, nhs + sizeof(struct ipv6hdr) + 8))
659 /* RFC 4884 (partial) support for ICMP extensions */
660 if (data_len < 128 || (data_len & 7) || skb->len < data_len)
663 skb2 = data_len ? skb_copy(skb, GFP_ATOMIC) : skb_clone(skb, GFP_ATOMIC);
670 skb_reset_network_header(skb2);
672 rt = rt6_lookup(dev_net(skb->dev), &ipv6_hdr(skb2)->saddr, NULL, 0,
675 if (rt && rt->dst.dev)
676 skb2->dev = rt->dst.dev;
678 ipv6_addr_set_v4mapped(ip_hdr(skb)->saddr, &temp_saddr);
681 /* RFC 4884 (partial) support :
682 * insert 0 padding at the end, before the extensions
684 __skb_push(skb2, nhs);
685 skb_reset_network_header(skb2);
686 memmove(skb2->data, skb2->data + nhs, data_len - nhs);
687 memset(skb2->data + data_len - nhs, 0, nhs);
688 /* RFC 4884 4.5 : Length is measured in 64-bit words,
689 * and stored in reserved[0]
691 info = (data_len/8) << 24;
693 if (type == ICMP_TIME_EXCEEDED)
694 icmp6_send(skb2, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT,
695 info, &temp_saddr, IP6CB(skb2));
697 icmp6_send(skb2, ICMPV6_DEST_UNREACH, ICMPV6_ADDR_UNREACH,
698 info, &temp_saddr, IP6CB(skb2));
706 EXPORT_SYMBOL(ip6_err_gen_icmpv6_unreach);
708 static enum skb_drop_reason icmpv6_echo_reply(struct sk_buff *skb)
710 struct net *net = dev_net(skb->dev);
712 struct inet6_dev *idev;
713 struct ipv6_pinfo *np;
714 const struct in6_addr *saddr = NULL;
715 struct icmp6hdr *icmph = icmp6_hdr(skb);
716 struct icmp6hdr tmp_hdr;
718 struct icmpv6_msg msg;
719 struct dst_entry *dst;
720 struct ipcm6_cookie ipc6;
721 u32 mark = IP6_REPLY_MARK(net, skb->mark);
726 if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr) &&
727 net->ipv6.sysctl.icmpv6_echo_ignore_multicast)
730 saddr = &ipv6_hdr(skb)->daddr;
732 acast = ipv6_anycast_destination(skb_dst(skb), saddr);
733 if (acast && net->ipv6.sysctl.icmpv6_echo_ignore_anycast)
736 if (!ipv6_unicast_destination(skb) &&
737 !(net->ipv6.sysctl.anycast_src_echo_reply && acast))
740 if (icmph->icmp6_type == ICMPV6_EXT_ECHO_REQUEST)
741 type = ICMPV6_EXT_ECHO_REPLY;
743 type = ICMPV6_ECHO_REPLY;
745 memcpy(&tmp_hdr, icmph, sizeof(tmp_hdr));
746 tmp_hdr.icmp6_type = type;
748 memset(&fl6, 0, sizeof(fl6));
749 if (net->ipv6.sysctl.flowlabel_reflect & FLOWLABEL_REFLECT_ICMPV6_ECHO_REPLIES)
750 fl6.flowlabel = ip6_flowlabel(ipv6_hdr(skb));
752 fl6.flowi6_proto = IPPROTO_ICMPV6;
753 fl6.daddr = ipv6_hdr(skb)->saddr;
756 fl6.flowi6_oif = icmp6_iif(skb);
757 fl6.fl6_icmp_type = type;
758 fl6.flowi6_mark = mark;
759 fl6.flowi6_uid = sock_net_uid(net, NULL);
760 security_skb_classify_flow(skb, flowi6_to_flowi_common(&fl6));
763 sk = icmpv6_xmit_lock(net);
768 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
769 fl6.flowi6_oif = np->mcast_oif;
770 else if (!fl6.flowi6_oif)
771 fl6.flowi6_oif = np->ucast_oif;
773 if (ip6_dst_lookup(net, sk, &dst, &fl6))
775 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), sk, 0);
779 /* Check the ratelimit */
780 if ((!(skb->dev->flags & IFF_LOOPBACK) && !icmpv6_global_allow(net, ICMPV6_ECHO_REPLY)) ||
781 !icmpv6_xrlim_allow(sk, ICMPV6_ECHO_REPLY, &fl6))
782 goto out_dst_release;
784 idev = __in6_dev_get(skb->dev);
790 ipcm6_init_sk(&ipc6, np);
791 ipc6.hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst);
792 ipc6.tclass = ipv6_get_dsfield(ipv6_hdr(skb));
793 ipc6.sockc.mark = mark;
795 if (icmph->icmp6_type == ICMPV6_EXT_ECHO_REQUEST)
796 if (!icmp_build_probe(skb, (struct icmphdr *)&tmp_hdr))
797 goto out_dst_release;
799 if (ip6_append_data(sk, icmpv6_getfrag, &msg,
800 skb->len + sizeof(struct icmp6hdr),
801 sizeof(struct icmp6hdr), &ipc6, &fl6,
802 (struct rt6_info *)dst, MSG_DONTWAIT)) {
803 __ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTERRORS);
804 ip6_flush_pending_frames(sk);
806 icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr,
807 skb->len + sizeof(struct icmp6hdr));
808 reason = SKB_CONSUMED;
813 icmpv6_xmit_unlock(sk);
819 enum skb_drop_reason icmpv6_notify(struct sk_buff *skb, u8 type,
820 u8 code, __be32 info)
822 struct inet6_skb_parm *opt = IP6CB(skb);
823 struct net *net = dev_net(skb->dev);
824 const struct inet6_protocol *ipprot;
825 enum skb_drop_reason reason;
830 reason = pskb_may_pull_reason(skb, sizeof(struct ipv6hdr));
831 if (reason != SKB_NOT_DROPPED_YET)
834 seg6_icmp_srh(skb, opt);
836 nexthdr = ((struct ipv6hdr *)skb->data)->nexthdr;
837 if (ipv6_ext_hdr(nexthdr)) {
838 /* now skip over extension headers */
839 inner_offset = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr),
840 &nexthdr, &frag_off);
841 if (inner_offset < 0) {
842 SKB_DR_SET(reason, IPV6_BAD_EXTHDR);
846 inner_offset = sizeof(struct ipv6hdr);
849 /* Checkin header including 8 bytes of inner protocol header. */
850 reason = pskb_may_pull_reason(skb, inner_offset + 8);
851 if (reason != SKB_NOT_DROPPED_YET)
854 /* BUGGG_FUTURE: we should try to parse exthdrs in this packet.
855 Without this we will not able f.e. to make source routed
857 Corresponding argument (opt) to notifiers is already added.
861 ipprot = rcu_dereference(inet6_protos[nexthdr]);
862 if (ipprot && ipprot->err_handler)
863 ipprot->err_handler(skb, opt, type, code, inner_offset, info);
865 raw6_icmp_error(skb, nexthdr, type, code, inner_offset, info);
869 __ICMP6_INC_STATS(net, __in6_dev_get(skb->dev), ICMP6_MIB_INERRORS);
874 * Handle icmp messages
877 static int icmpv6_rcv(struct sk_buff *skb)
879 enum skb_drop_reason reason = SKB_DROP_REASON_NOT_SPECIFIED;
880 struct net *net = dev_net(skb->dev);
881 struct net_device *dev = icmp6_dev(skb);
882 struct inet6_dev *idev = __in6_dev_get(dev);
883 const struct in6_addr *saddr, *daddr;
884 struct icmp6hdr *hdr;
887 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
888 struct sec_path *sp = skb_sec_path(skb);
891 if (!(sp && sp->xvec[sp->len - 1]->props.flags &
893 reason = SKB_DROP_REASON_XFRM_POLICY;
897 if (!pskb_may_pull(skb, sizeof(*hdr) + sizeof(struct ipv6hdr)))
900 nh = skb_network_offset(skb);
901 skb_set_network_header(skb, sizeof(*hdr));
903 if (!xfrm6_policy_check_reverse(NULL, XFRM_POLICY_IN,
905 reason = SKB_DROP_REASON_XFRM_POLICY;
909 skb_set_network_header(skb, nh);
912 __ICMP6_INC_STATS(dev_net(dev), idev, ICMP6_MIB_INMSGS);
914 saddr = &ipv6_hdr(skb)->saddr;
915 daddr = &ipv6_hdr(skb)->daddr;
917 if (skb_checksum_validate(skb, IPPROTO_ICMPV6, ip6_compute_pseudo)) {
918 net_dbg_ratelimited("ICMPv6 checksum failed [%pI6c > %pI6c]\n",
923 if (!pskb_pull(skb, sizeof(*hdr)))
926 hdr = icmp6_hdr(skb);
928 type = hdr->icmp6_type;
930 ICMP6MSGIN_INC_STATS(dev_net(dev), idev, type);
933 case ICMPV6_ECHO_REQUEST:
934 if (!net->ipv6.sysctl.icmpv6_echo_ignore_all)
935 reason = icmpv6_echo_reply(skb);
937 case ICMPV6_EXT_ECHO_REQUEST:
938 if (!net->ipv6.sysctl.icmpv6_echo_ignore_all &&
939 READ_ONCE(net->ipv4.sysctl_icmp_echo_enable_probe))
940 reason = icmpv6_echo_reply(skb);
943 case ICMPV6_ECHO_REPLY:
944 reason = ping_rcv(skb);
947 case ICMPV6_EXT_ECHO_REPLY:
948 reason = ping_rcv(skb);
951 case ICMPV6_PKT_TOOBIG:
952 /* BUGGG_FUTURE: if packet contains rthdr, we cannot update
953 standard destination cache. Seems, only "advanced"
954 destination cache will allow to solve this problem
957 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
959 hdr = icmp6_hdr(skb);
963 case ICMPV6_DEST_UNREACH:
964 case ICMPV6_TIME_EXCEED:
965 case ICMPV6_PARAMPROB:
966 reason = icmpv6_notify(skb, type, hdr->icmp6_code,
970 case NDISC_ROUTER_SOLICITATION:
971 case NDISC_ROUTER_ADVERTISEMENT:
972 case NDISC_NEIGHBOUR_SOLICITATION:
973 case NDISC_NEIGHBOUR_ADVERTISEMENT:
975 reason = ndisc_rcv(skb);
978 case ICMPV6_MGM_QUERY:
979 igmp6_event_query(skb);
982 case ICMPV6_MGM_REPORT:
983 igmp6_event_report(skb);
986 case ICMPV6_MGM_REDUCTION:
987 case ICMPV6_NI_QUERY:
988 case ICMPV6_NI_REPLY:
989 case ICMPV6_MLD2_REPORT:
990 case ICMPV6_DHAAD_REQUEST:
991 case ICMPV6_DHAAD_REPLY:
992 case ICMPV6_MOBILE_PREFIX_SOL:
993 case ICMPV6_MOBILE_PREFIX_ADV:
998 if (type & ICMPV6_INFOMSG_MASK)
1001 net_dbg_ratelimited("icmpv6: msg of unknown type [%pI6c > %pI6c]\n",
1005 * error of unknown type.
1006 * must pass to upper level
1009 reason = icmpv6_notify(skb, type, hdr->icmp6_code,
1013 /* until the v6 path can be better sorted assume failure and
1014 * preserve the status quo behaviour for the rest of the paths to here
1017 kfree_skb_reason(skb, reason);
1024 reason = SKB_DROP_REASON_ICMP_CSUM;
1025 __ICMP6_INC_STATS(dev_net(dev), idev, ICMP6_MIB_CSUMERRORS);
1027 __ICMP6_INC_STATS(dev_net(dev), idev, ICMP6_MIB_INERRORS);
1029 kfree_skb_reason(skb, reason);
1033 void icmpv6_flow_init(struct sock *sk, struct flowi6 *fl6,
1035 const struct in6_addr *saddr,
1036 const struct in6_addr *daddr,
1039 memset(fl6, 0, sizeof(*fl6));
1040 fl6->saddr = *saddr;
1041 fl6->daddr = *daddr;
1042 fl6->flowi6_proto = IPPROTO_ICMPV6;
1043 fl6->fl6_icmp_type = type;
1044 fl6->fl6_icmp_code = 0;
1045 fl6->flowi6_oif = oif;
1046 security_sk_classify_flow(sk, flowi6_to_flowi_common(fl6));
1049 int __init icmpv6_init(void)
1054 for_each_possible_cpu(i) {
1055 err = inet_ctl_sock_create(&sk, PF_INET6,
1056 SOCK_RAW, IPPROTO_ICMPV6, &init_net);
1058 pr_err("Failed to initialize the ICMP6 control socket (err %d)\n",
1063 per_cpu(ipv6_icmp_sk, i) = sk;
1065 /* Enough space for 2 64K ICMP packets, including
1066 * sk_buff struct overhead.
1068 sk->sk_sndbuf = 2 * SKB_TRUESIZE(64 * 1024);
1072 if (inet6_add_protocol(&icmpv6_protocol, IPPROTO_ICMPV6) < 0)
1075 err = inet6_register_icmp_sender(icmp6_send);
1077 goto sender_reg_err;
1081 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6);
1083 pr_err("Failed to register ICMP6 protocol\n");
1087 void icmpv6_cleanup(void)
1089 inet6_unregister_icmp_sender(icmp6_send);
1090 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6);
1094 static const struct icmp6_err {
1102 { /* ADM_PROHIBITED */
1106 { /* Was NOT_NEIGHBOUR, now reserved */
1107 .err = EHOSTUNREACH,
1110 { /* ADDR_UNREACH */
1111 .err = EHOSTUNREACH,
1114 { /* PORT_UNREACH */
1115 .err = ECONNREFUSED,
1122 { /* REJECT_ROUTE */
1128 int icmpv6_err_convert(u8 type, u8 code, int *err)
1135 case ICMPV6_DEST_UNREACH:
1137 if (code < ARRAY_SIZE(tab_unreach)) {
1138 *err = tab_unreach[code].err;
1139 fatal = tab_unreach[code].fatal;
1143 case ICMPV6_PKT_TOOBIG:
1147 case ICMPV6_PARAMPROB:
1152 case ICMPV6_TIME_EXCEED:
1153 *err = EHOSTUNREACH;
1159 EXPORT_SYMBOL(icmpv6_err_convert);
1161 #ifdef CONFIG_SYSCTL
1162 static struct ctl_table ipv6_icmp_table_template[] = {
1164 .procname = "ratelimit",
1165 .data = &init_net.ipv6.sysctl.icmpv6_time,
1166 .maxlen = sizeof(int),
1168 .proc_handler = proc_dointvec_ms_jiffies,
1171 .procname = "echo_ignore_all",
1172 .data = &init_net.ipv6.sysctl.icmpv6_echo_ignore_all,
1173 .maxlen = sizeof(u8),
1175 .proc_handler = proc_dou8vec_minmax,
1178 .procname = "echo_ignore_multicast",
1179 .data = &init_net.ipv6.sysctl.icmpv6_echo_ignore_multicast,
1180 .maxlen = sizeof(u8),
1182 .proc_handler = proc_dou8vec_minmax,
1185 .procname = "echo_ignore_anycast",
1186 .data = &init_net.ipv6.sysctl.icmpv6_echo_ignore_anycast,
1187 .maxlen = sizeof(u8),
1189 .proc_handler = proc_dou8vec_minmax,
1192 .procname = "ratemask",
1193 .data = &init_net.ipv6.sysctl.icmpv6_ratemask_ptr,
1194 .maxlen = ICMPV6_MSG_MAX + 1,
1196 .proc_handler = proc_do_large_bitmap,
1201 struct ctl_table * __net_init ipv6_icmp_sysctl_init(struct net *net)
1203 struct ctl_table *table;
1205 table = kmemdup(ipv6_icmp_table_template,
1206 sizeof(ipv6_icmp_table_template),
1210 table[0].data = &net->ipv6.sysctl.icmpv6_time;
1211 table[1].data = &net->ipv6.sysctl.icmpv6_echo_ignore_all;
1212 table[2].data = &net->ipv6.sysctl.icmpv6_echo_ignore_multicast;
1213 table[3].data = &net->ipv6.sysctl.icmpv6_echo_ignore_anycast;
1214 table[4].data = &net->ipv6.sysctl.icmpv6_ratemask_ptr;
projects / platform / kernel / linux-rpi.git / blob