2 * Internet Control Message Protocol (ICMPv6)
3 * Linux INET6 implementation
8 * Based on net/ipv4/icmp.c
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version
15 * 2 of the License, or (at your option) any later version.
21 * Andi Kleen : exception handling
22 * Andi Kleen add rate limits. never reply to a icmp.
23 * add more length checks and other fixes.
24 * yoshfuji : ensure to sent parameter problem for
26 * YOSHIFUJI Hideaki @USAGI: added sysctl for icmp rate limit.
28 * YOSHIFUJI Hideaki @USAGI: Per-interface statistics support
29 * Kazunori MIYAZAWA @USAGI: change output process to use ip6_append_data
32 #define pr_fmt(fmt) "IPv6: " fmt
34 #include <linux/module.h>
35 #include <linux/errno.h>
36 #include <linux/types.h>
37 #include <linux/socket.h>
39 #include <linux/kernel.h>
40 #include <linux/sockios.h>
41 #include <linux/net.h>
42 #include <linux/skbuff.h>
43 #include <linux/init.h>
44 #include <linux/netfilter.h>
45 #include <linux/slab.h>
48 #include <linux/sysctl.h>
51 #include <linux/inet.h>
52 #include <linux/netdevice.h>
53 #include <linux/icmpv6.h>
59 #include <net/ip6_checksum.h>
61 #include <net/protocol.h>
63 #include <net/rawv6.h>
64 #include <net/transp_v6.h>
65 #include <net/ip6_route.h>
66 #include <net/addrconf.h>
69 #include <net/inet_common.h>
70 #include <net/dsfield.h>
71 #include <net/l3mdev.h>
73 #include <linux/uaccess.h>
76 * The ICMP socket(s). This is the most convenient way to flow control
77 * our ICMP output as well as maintain a clean interface throughout
78 * all layers. All Socketless IP sends will soon be gone.
80 * On SMP we have one ICMP socket per-cpu.
82 static struct sock *icmpv6_sk(struct net *net)
84 return this_cpu_read(*net->ipv6.icmp_sk);
87 static int icmpv6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
88 u8 type, u8 code, int offset, __be32 info)
90 /* icmpv6_notify checks 8 bytes can be pulled, icmp6hdr is 8 bytes */
91 struct icmp6hdr *icmp6 = (struct icmp6hdr *) (skb->data + offset);
92 struct net *net = dev_net(skb->dev);
94 if (type == ICMPV6_PKT_TOOBIG)
95 ip6_update_pmtu(skb, net, info, skb->dev->ifindex, 0, sock_net_uid(net, NULL));
96 else if (type == NDISC_REDIRECT)
97 ip6_redirect(skb, net, skb->dev->ifindex, 0,
98 sock_net_uid(net, NULL));
100 if (!(type & ICMPV6_INFOMSG_MASK))
101 if (icmp6->icmp6_type == ICMPV6_ECHO_REQUEST)
102 ping_err(skb, offset, ntohl(info));
107 static int icmpv6_rcv(struct sk_buff *skb);
109 static const struct inet6_protocol icmpv6_protocol = {
110 .handler = icmpv6_rcv,
111 .err_handler = icmpv6_err,
112 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
115 /* Called with BH disabled */
116 static __inline__ struct sock *icmpv6_xmit_lock(struct net *net)
121 if (unlikely(!spin_trylock(&sk->sk_lock.slock))) {
122 /* This can happen if the output path (f.e. SIT or
123 * ip6ip6 tunnel) signals dst_link_failure() for an
124 * outgoing ICMP6 packet.
131 static __inline__ void icmpv6_xmit_unlock(struct sock *sk)
133 spin_unlock(&sk->sk_lock.slock);
137 * Figure out, may we reply to this packet with icmp error.
139 * We do not reply, if:
140 * - it was icmp error message.
141 * - it is truncated, so that it is known, that protocol is ICMPV6
142 * (i.e. in the middle of some exthdr)
147 static bool is_ineligible(const struct sk_buff *skb)
149 int ptr = (u8 *)(ipv6_hdr(skb) + 1) - skb->data;
150 int len = skb->len - ptr;
151 __u8 nexthdr = ipv6_hdr(skb)->nexthdr;
157 ptr = ipv6_skip_exthdr(skb, ptr, &nexthdr, &frag_off);
160 if (nexthdr == IPPROTO_ICMPV6) {
162 tp = skb_header_pointer(skb,
163 ptr+offsetof(struct icmp6hdr, icmp6_type),
164 sizeof(_type), &_type);
165 if (!tp || !(*tp & ICMPV6_INFOMSG_MASK))
171 static bool icmpv6_mask_allow(struct net *net, int type)
173 if (type > ICMPV6_MSG_MAX)
176 /* Limit if icmp type is set in ratemask. */
177 if (!test_bit(type, net->ipv6.sysctl.icmpv6_ratemask))
183 static bool icmpv6_global_allow(struct net *net, int type)
185 if (icmpv6_mask_allow(net, type))
188 if (icmp_global_allow())
195 * Check the ICMP output rate limit
197 static bool icmpv6_xrlim_allow(struct sock *sk, u8 type,
200 struct net *net = sock_net(sk);
201 struct dst_entry *dst;
204 if (icmpv6_mask_allow(net, type))
208 * Look up the output route.
209 * XXX: perhaps the expire for routing entries cloned by
210 * this lookup should be more aggressive (not longer than timeout).
212 dst = ip6_route_output(net, sk, fl6);
214 IP6_INC_STATS(net, ip6_dst_idev(dst),
215 IPSTATS_MIB_OUTNOROUTES);
216 } else if (dst->dev && (dst->dev->flags&IFF_LOOPBACK)) {
219 struct rt6_info *rt = (struct rt6_info *)dst;
220 int tmo = net->ipv6.sysctl.icmpv6_time;
221 struct inet_peer *peer;
223 /* Give more bandwidth to wider prefixes. */
224 if (rt->rt6i_dst.plen < 128)
225 tmo >>= ((128 - rt->rt6i_dst.plen)>>5);
227 peer = inet_getpeer_v6(net->ipv6.peers, &fl6->daddr, 1);
228 res = inet_peer_xrlim_allow(peer, tmo);
237 * an inline helper for the "simple" if statement below
238 * checks if parameter problem report is caused by an
239 * unrecognized IPv6 option that has the Option Type
240 * highest-order two bits set to 10
243 static bool opt_unrec(struct sk_buff *skb, __u32 offset)
247 offset += skb_network_offset(skb);
248 op = skb_header_pointer(skb, offset, sizeof(_optval), &_optval);
251 return (*op & 0xC0) == 0x80;
254 void icmpv6_push_pending_frames(struct sock *sk, struct flowi6 *fl6,
255 struct icmp6hdr *thdr, int len)
258 struct icmp6hdr *icmp6h;
260 skb = skb_peek(&sk->sk_write_queue);
264 icmp6h = icmp6_hdr(skb);
265 memcpy(icmp6h, thdr, sizeof(struct icmp6hdr));
266 icmp6h->icmp6_cksum = 0;
268 if (skb_queue_len(&sk->sk_write_queue) == 1) {
269 skb->csum = csum_partial(icmp6h,
270 sizeof(struct icmp6hdr), skb->csum);
271 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr,
273 len, fl6->flowi6_proto,
278 skb_queue_walk(&sk->sk_write_queue, skb) {
279 tmp_csum = csum_add(tmp_csum, skb->csum);
282 tmp_csum = csum_partial(icmp6h,
283 sizeof(struct icmp6hdr), tmp_csum);
284 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr,
286 len, fl6->flowi6_proto,
289 ip6_push_pending_frames(sk);
298 static int icmpv6_getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb)
300 struct icmpv6_msg *msg = (struct icmpv6_msg *) from;
301 struct sk_buff *org_skb = msg->skb;
304 csum = skb_copy_and_csum_bits(org_skb, msg->offset + offset,
306 skb->csum = csum_block_add(skb->csum, csum, odd);
307 if (!(msg->type & ICMPV6_INFOMSG_MASK))
308 nf_ct_attach(skb, org_skb);
312 #if IS_ENABLED(CONFIG_IPV6_MIP6)
313 static void mip6_addr_swap(struct sk_buff *skb)
315 struct ipv6hdr *iph = ipv6_hdr(skb);
316 struct inet6_skb_parm *opt = IP6CB(skb);
317 struct ipv6_destopt_hao *hao;
322 off = ipv6_find_tlv(skb, opt->dsthao, IPV6_TLV_HAO);
323 if (likely(off >= 0)) {
324 hao = (struct ipv6_destopt_hao *)
325 (skb_network_header(skb) + off);
327 iph->saddr = hao->addr;
333 static inline void mip6_addr_swap(struct sk_buff *skb) {}
336 static struct dst_entry *icmpv6_route_lookup(struct net *net,
341 struct dst_entry *dst, *dst2;
345 err = ip6_dst_lookup(net, sk, &dst, fl6);
350 * We won't send icmp if the destination is known
353 if (ipv6_anycast_destination(dst, &fl6->daddr)) {
354 net_dbg_ratelimited("icmp6_send: acast source\n");
356 return ERR_PTR(-EINVAL);
359 /* No need to clone since we're just using its address. */
362 dst = xfrm_lookup(net, dst, flowi6_to_flowi(fl6), sk, 0);
367 if (PTR_ERR(dst) == -EPERM)
373 err = xfrm_decode_session_reverse(skb, flowi6_to_flowi(&fl2), AF_INET6);
375 goto relookup_failed;
377 err = ip6_dst_lookup(net, sk, &dst2, &fl2);
379 goto relookup_failed;
381 dst2 = xfrm_lookup(net, dst2, flowi6_to_flowi(&fl2), sk, XFRM_LOOKUP_ICMP);
391 goto relookup_failed;
400 static int icmp6_iif(const struct sk_buff *skb)
402 int iif = skb->dev->ifindex;
404 /* for local traffic to local address, skb dev is the loopback
405 * device. Check if there is a dst attached to the skb and if so
406 * get the real device index. Same is needed for replies to a link
407 * local address on a device enslaved to an L3 master device
409 if (unlikely(iif == LOOPBACK_IFINDEX || netif_is_l3_master(skb->dev))) {
410 const struct rt6_info *rt6 = skb_rt6_info(skb);
413 iif = rt6->rt6i_idev->dev->ifindex;
420 * Send an ICMP message in response to a packet in error
422 static void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info,
423 const struct in6_addr *force_saddr)
425 struct inet6_dev *idev = NULL;
426 struct ipv6hdr *hdr = ipv6_hdr(skb);
429 struct ipv6_pinfo *np;
430 const struct in6_addr *saddr = NULL;
431 struct dst_entry *dst;
432 struct icmp6hdr tmp_hdr;
434 struct icmpv6_msg msg;
435 struct ipcm6_cookie ipc6;
441 if ((u8 *)hdr < skb->head ||
442 (skb_network_header(skb) + sizeof(*hdr)) > skb_tail_pointer(skb))
447 net = dev_net(skb->dev);
448 mark = IP6_REPLY_MARK(net, skb->mark);
450 * Make sure we respect the rules
451 * i.e. RFC 1885 2.4(e)
452 * Rule (e.1) is enforced by not using icmp6_send
453 * in any code that processes icmp errors.
455 addr_type = ipv6_addr_type(&hdr->daddr);
457 if (ipv6_chk_addr(net, &hdr->daddr, skb->dev, 0) ||
458 ipv6_chk_acast_addr_src(net, skb->dev, &hdr->daddr))
465 if (addr_type & IPV6_ADDR_MULTICAST || skb->pkt_type != PACKET_HOST) {
466 if (type != ICMPV6_PKT_TOOBIG &&
467 !(type == ICMPV6_PARAMPROB &&
468 code == ICMPV6_UNK_OPTION &&
469 (opt_unrec(skb, info))))
475 addr_type = ipv6_addr_type(&hdr->saddr);
481 if (__ipv6_addr_needs_scope_id(addr_type)) {
482 iif = icmp6_iif(skb);
485 iif = l3mdev_master_ifindex(dst ? dst->dev : skb->dev);
489 * Must not send error if the source does not uniquely
490 * identify a single node (RFC2463 Section 2.4).
491 * We check unspecified / multicast addresses here,
492 * and anycast addresses will be checked later.
494 if ((addr_type == IPV6_ADDR_ANY) || (addr_type & IPV6_ADDR_MULTICAST)) {
495 net_dbg_ratelimited("icmp6_send: addr_any/mcast source [%pI6c > %pI6c]\n",
496 &hdr->saddr, &hdr->daddr);
501 * Never answer to a ICMP packet.
503 if (is_ineligible(skb)) {
504 net_dbg_ratelimited("icmp6_send: no reply to icmp error [%pI6c > %pI6c]\n",
505 &hdr->saddr, &hdr->daddr);
509 /* Needed by both icmp_global_allow and icmpv6_xmit_lock */
512 /* Check global sysctl_icmp_msgs_per_sec ratelimit */
513 if (!(skb->dev->flags & IFF_LOOPBACK) && !icmpv6_global_allow(net, type))
518 memset(&fl6, 0, sizeof(fl6));
519 fl6.flowi6_proto = IPPROTO_ICMPV6;
520 fl6.daddr = hdr->saddr;
525 fl6.flowi6_mark = mark;
526 fl6.flowi6_oif = iif;
527 fl6.fl6_icmp_type = type;
528 fl6.fl6_icmp_code = code;
529 fl6.flowi6_uid = sock_net_uid(net, NULL);
530 fl6.mp_hash = rt6_multipath_hash(net, &fl6, skb, NULL);
531 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
533 sk = icmpv6_xmit_lock(net);
540 if (!icmpv6_xrlim_allow(sk, type, &fl6))
543 tmp_hdr.icmp6_type = type;
544 tmp_hdr.icmp6_code = code;
545 tmp_hdr.icmp6_cksum = 0;
546 tmp_hdr.icmp6_pointer = htonl(info);
548 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
549 fl6.flowi6_oif = np->mcast_oif;
550 else if (!fl6.flowi6_oif)
551 fl6.flowi6_oif = np->ucast_oif;
553 ipcm6_init_sk(&ipc6, np);
554 fl6.flowlabel = ip6_make_flowinfo(ipc6.tclass, fl6.flowlabel);
556 dst = icmpv6_route_lookup(net, skb, sk, &fl6);
560 ipc6.hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst);
563 msg.offset = skb_network_offset(skb);
566 len = skb->len - msg.offset;
567 len = min_t(unsigned int, len, IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(struct icmp6hdr));
569 net_dbg_ratelimited("icmp: len problem [%pI6c > %pI6c]\n",
570 &hdr->saddr, &hdr->daddr);
571 goto out_dst_release;
575 idev = __in6_dev_get(skb->dev);
577 if (ip6_append_data(sk, icmpv6_getfrag, &msg,
578 len + sizeof(struct icmp6hdr),
579 sizeof(struct icmp6hdr),
580 &ipc6, &fl6, (struct rt6_info *)dst,
582 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTERRORS);
583 ip6_flush_pending_frames(sk);
585 icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr,
586 len + sizeof(struct icmp6hdr));
592 icmpv6_xmit_unlock(sk);
597 /* Slightly more convenient version of icmp6_send.
599 void icmpv6_param_prob(struct sk_buff *skb, u8 code, int pos)
601 icmp6_send(skb, ICMPV6_PARAMPROB, code, pos, NULL);
605 /* Generate icmpv6 with type/code ICMPV6_DEST_UNREACH/ICMPV6_ADDR_UNREACH
606 * if sufficient data bytes are available
607 * @nhs is the size of the tunnel header(s) :
608 * Either an IPv4 header for SIT encap
609 * an IPv4 header + GRE header for GRE encap
611 int ip6_err_gen_icmpv6_unreach(struct sk_buff *skb, int nhs, int type,
612 unsigned int data_len)
614 struct in6_addr temp_saddr;
616 struct sk_buff *skb2;
619 if (!pskb_may_pull(skb, nhs + sizeof(struct ipv6hdr) + 8))
622 /* RFC 4884 (partial) support for ICMP extensions */
623 if (data_len < 128 || (data_len & 7) || skb->len < data_len)
626 skb2 = data_len ? skb_copy(skb, GFP_ATOMIC) : skb_clone(skb, GFP_ATOMIC);
633 skb_reset_network_header(skb2);
635 rt = rt6_lookup(dev_net(skb->dev), &ipv6_hdr(skb2)->saddr, NULL, 0,
638 if (rt && rt->dst.dev)
639 skb2->dev = rt->dst.dev;
641 ipv6_addr_set_v4mapped(ip_hdr(skb)->saddr, &temp_saddr);
644 /* RFC 4884 (partial) support :
645 * insert 0 padding at the end, before the extensions
647 __skb_push(skb2, nhs);
648 skb_reset_network_header(skb2);
649 memmove(skb2->data, skb2->data + nhs, data_len - nhs);
650 memset(skb2->data + data_len - nhs, 0, nhs);
651 /* RFC 4884 4.5 : Length is measured in 64-bit words,
652 * and stored in reserved[0]
654 info = (data_len/8) << 24;
656 if (type == ICMP_TIME_EXCEEDED)
657 icmp6_send(skb2, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT,
660 icmp6_send(skb2, ICMPV6_DEST_UNREACH, ICMPV6_ADDR_UNREACH,
669 EXPORT_SYMBOL(ip6_err_gen_icmpv6_unreach);
671 static void icmpv6_echo_reply(struct sk_buff *skb)
673 struct net *net = dev_net(skb->dev);
675 struct inet6_dev *idev;
676 struct ipv6_pinfo *np;
677 const struct in6_addr *saddr = NULL;
678 struct icmp6hdr *icmph = icmp6_hdr(skb);
679 struct icmp6hdr tmp_hdr;
681 struct icmpv6_msg msg;
682 struct dst_entry *dst;
683 struct ipcm6_cookie ipc6;
684 u32 mark = IP6_REPLY_MARK(net, skb->mark);
687 if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr) &&
688 net->ipv6.sysctl.icmpv6_echo_ignore_multicast)
691 saddr = &ipv6_hdr(skb)->daddr;
693 acast = ipv6_anycast_destination(skb_dst(skb), saddr);
694 if (acast && net->ipv6.sysctl.icmpv6_echo_ignore_anycast)
697 if (!ipv6_unicast_destination(skb) &&
698 !(net->ipv6.sysctl.anycast_src_echo_reply && acast))
701 memcpy(&tmp_hdr, icmph, sizeof(tmp_hdr));
702 tmp_hdr.icmp6_type = ICMPV6_ECHO_REPLY;
704 memset(&fl6, 0, sizeof(fl6));
705 fl6.flowi6_proto = IPPROTO_ICMPV6;
706 fl6.daddr = ipv6_hdr(skb)->saddr;
709 fl6.flowi6_oif = icmp6_iif(skb);
710 fl6.fl6_icmp_type = ICMPV6_ECHO_REPLY;
711 fl6.flowi6_mark = mark;
712 fl6.flowi6_uid = sock_net_uid(net, NULL);
713 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
716 sk = icmpv6_xmit_lock(net);
722 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
723 fl6.flowi6_oif = np->mcast_oif;
724 else if (!fl6.flowi6_oif)
725 fl6.flowi6_oif = np->ucast_oif;
727 if (ip6_dst_lookup(net, sk, &dst, &fl6))
729 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), sk, 0);
733 /* Check the ratelimit */
734 if ((!(skb->dev->flags & IFF_LOOPBACK) && !icmpv6_global_allow(net, ICMPV6_ECHO_REPLY)) ||
735 !icmpv6_xrlim_allow(sk, ICMPV6_ECHO_REPLY, &fl6))
736 goto out_dst_release;
738 idev = __in6_dev_get(skb->dev);
742 msg.type = ICMPV6_ECHO_REPLY;
744 ipcm6_init_sk(&ipc6, np);
745 ipc6.hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst);
746 ipc6.tclass = ipv6_get_dsfield(ipv6_hdr(skb));
748 if (ip6_append_data(sk, icmpv6_getfrag, &msg,
749 skb->len + sizeof(struct icmp6hdr),
750 sizeof(struct icmp6hdr), &ipc6, &fl6,
751 (struct rt6_info *)dst, MSG_DONTWAIT)) {
752 __ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTERRORS);
753 ip6_flush_pending_frames(sk);
755 icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr,
756 skb->len + sizeof(struct icmp6hdr));
761 icmpv6_xmit_unlock(sk);
766 void icmpv6_notify(struct sk_buff *skb, u8 type, u8 code, __be32 info)
768 const struct inet6_protocol *ipprot;
772 struct net *net = dev_net(skb->dev);
774 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
777 nexthdr = ((struct ipv6hdr *)skb->data)->nexthdr;
778 if (ipv6_ext_hdr(nexthdr)) {
779 /* now skip over extension headers */
780 inner_offset = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr),
781 &nexthdr, &frag_off);
782 if (inner_offset < 0)
785 inner_offset = sizeof(struct ipv6hdr);
788 /* Checkin header including 8 bytes of inner protocol header. */
789 if (!pskb_may_pull(skb, inner_offset+8))
792 /* BUGGG_FUTURE: we should try to parse exthdrs in this packet.
793 Without this we will not able f.e. to make source routed
795 Corresponding argument (opt) to notifiers is already added.
799 ipprot = rcu_dereference(inet6_protos[nexthdr]);
800 if (ipprot && ipprot->err_handler)
801 ipprot->err_handler(skb, NULL, type, code, inner_offset, info);
803 raw6_icmp_error(skb, nexthdr, type, code, inner_offset, info);
807 __ICMP6_INC_STATS(net, __in6_dev_get(skb->dev), ICMP6_MIB_INERRORS);
811 * Handle icmp messages
814 static int icmpv6_rcv(struct sk_buff *skb)
816 struct net *net = dev_net(skb->dev);
817 struct net_device *dev = skb->dev;
818 struct inet6_dev *idev = __in6_dev_get(dev);
819 const struct in6_addr *saddr, *daddr;
820 struct icmp6hdr *hdr;
822 bool success = false;
824 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
825 struct sec_path *sp = skb_sec_path(skb);
828 if (!(sp && sp->xvec[sp->len - 1]->props.flags &
832 if (!pskb_may_pull(skb, sizeof(*hdr) + sizeof(struct ipv6hdr)))
835 nh = skb_network_offset(skb);
836 skb_set_network_header(skb, sizeof(*hdr));
838 if (!xfrm6_policy_check_reverse(NULL, XFRM_POLICY_IN, skb))
841 skb_set_network_header(skb, nh);
844 __ICMP6_INC_STATS(dev_net(dev), idev, ICMP6_MIB_INMSGS);
846 saddr = &ipv6_hdr(skb)->saddr;
847 daddr = &ipv6_hdr(skb)->daddr;
849 if (skb_checksum_validate(skb, IPPROTO_ICMPV6, ip6_compute_pseudo)) {
850 net_dbg_ratelimited("ICMPv6 checksum failed [%pI6c > %pI6c]\n",
855 if (!pskb_pull(skb, sizeof(*hdr)))
858 hdr = icmp6_hdr(skb);
860 type = hdr->icmp6_type;
862 ICMP6MSGIN_INC_STATS(dev_net(dev), idev, type);
865 case ICMPV6_ECHO_REQUEST:
866 if (!net->ipv6.sysctl.icmpv6_echo_ignore_all)
867 icmpv6_echo_reply(skb);
870 case ICMPV6_ECHO_REPLY:
871 success = ping_rcv(skb);
874 case ICMPV6_PKT_TOOBIG:
875 /* BUGGG_FUTURE: if packet contains rthdr, we cannot update
876 standard destination cache. Seems, only "advanced"
877 destination cache will allow to solve this problem
880 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
882 hdr = icmp6_hdr(skb);
886 case ICMPV6_DEST_UNREACH:
887 case ICMPV6_TIME_EXCEED:
888 case ICMPV6_PARAMPROB:
889 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu);
892 case NDISC_ROUTER_SOLICITATION:
893 case NDISC_ROUTER_ADVERTISEMENT:
894 case NDISC_NEIGHBOUR_SOLICITATION:
895 case NDISC_NEIGHBOUR_ADVERTISEMENT:
900 case ICMPV6_MGM_QUERY:
901 igmp6_event_query(skb);
904 case ICMPV6_MGM_REPORT:
905 igmp6_event_report(skb);
908 case ICMPV6_MGM_REDUCTION:
909 case ICMPV6_NI_QUERY:
910 case ICMPV6_NI_REPLY:
911 case ICMPV6_MLD2_REPORT:
912 case ICMPV6_DHAAD_REQUEST:
913 case ICMPV6_DHAAD_REPLY:
914 case ICMPV6_MOBILE_PREFIX_SOL:
915 case ICMPV6_MOBILE_PREFIX_ADV:
920 if (type & ICMPV6_INFOMSG_MASK)
923 net_dbg_ratelimited("icmpv6: msg of unknown type [%pI6c > %pI6c]\n",
927 * error of unknown type.
928 * must pass to upper level
931 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu);
934 /* until the v6 path can be better sorted assume failure and
935 * preserve the status quo behaviour for the rest of the paths to here
945 __ICMP6_INC_STATS(dev_net(dev), idev, ICMP6_MIB_CSUMERRORS);
947 __ICMP6_INC_STATS(dev_net(dev), idev, ICMP6_MIB_INERRORS);
953 void icmpv6_flow_init(struct sock *sk, struct flowi6 *fl6,
955 const struct in6_addr *saddr,
956 const struct in6_addr *daddr,
959 memset(fl6, 0, sizeof(*fl6));
962 fl6->flowi6_proto = IPPROTO_ICMPV6;
963 fl6->fl6_icmp_type = type;
964 fl6->fl6_icmp_code = 0;
965 fl6->flowi6_oif = oif;
966 security_sk_classify_flow(sk, flowi6_to_flowi(fl6));
969 static void __net_exit icmpv6_sk_exit(struct net *net)
973 for_each_possible_cpu(i)
974 inet_ctl_sock_destroy(*per_cpu_ptr(net->ipv6.icmp_sk, i));
975 free_percpu(net->ipv6.icmp_sk);
978 static int __net_init icmpv6_sk_init(struct net *net)
983 net->ipv6.icmp_sk = alloc_percpu(struct sock *);
984 if (!net->ipv6.icmp_sk)
987 for_each_possible_cpu(i) {
988 err = inet_ctl_sock_create(&sk, PF_INET6,
989 SOCK_RAW, IPPROTO_ICMPV6, net);
991 pr_err("Failed to initialize the ICMP6 control socket (err %d)\n",
996 *per_cpu_ptr(net->ipv6.icmp_sk, i) = sk;
998 /* Enough space for 2 64K ICMP packets, including
999 * sk_buff struct overhead.
1001 sk->sk_sndbuf = 2 * SKB_TRUESIZE(64 * 1024);
1006 icmpv6_sk_exit(net);
1010 static struct pernet_operations icmpv6_sk_ops = {
1011 .init = icmpv6_sk_init,
1012 .exit = icmpv6_sk_exit,
1015 int __init icmpv6_init(void)
1019 err = register_pernet_subsys(&icmpv6_sk_ops);
1024 if (inet6_add_protocol(&icmpv6_protocol, IPPROTO_ICMPV6) < 0)
1027 err = inet6_register_icmp_sender(icmp6_send);
1029 goto sender_reg_err;
1033 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6);
1035 pr_err("Failed to register ICMP6 protocol\n");
1036 unregister_pernet_subsys(&icmpv6_sk_ops);
1040 void icmpv6_cleanup(void)
1042 inet6_unregister_icmp_sender(icmp6_send);
1043 unregister_pernet_subsys(&icmpv6_sk_ops);
1044 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6);
1048 static const struct icmp6_err {
1056 { /* ADM_PROHIBITED */
1060 { /* Was NOT_NEIGHBOUR, now reserved */
1061 .err = EHOSTUNREACH,
1064 { /* ADDR_UNREACH */
1065 .err = EHOSTUNREACH,
1068 { /* PORT_UNREACH */
1069 .err = ECONNREFUSED,
1076 { /* REJECT_ROUTE */
1082 int icmpv6_err_convert(u8 type, u8 code, int *err)
1089 case ICMPV6_DEST_UNREACH:
1091 if (code < ARRAY_SIZE(tab_unreach)) {
1092 *err = tab_unreach[code].err;
1093 fatal = tab_unreach[code].fatal;
1097 case ICMPV6_PKT_TOOBIG:
1101 case ICMPV6_PARAMPROB:
1106 case ICMPV6_TIME_EXCEED:
1107 *err = EHOSTUNREACH;
1113 EXPORT_SYMBOL(icmpv6_err_convert);
1115 #ifdef CONFIG_SYSCTL
1116 static struct ctl_table ipv6_icmp_table_template[] = {
1118 .procname = "ratelimit",
1119 .data = &init_net.ipv6.sysctl.icmpv6_time,
1120 .maxlen = sizeof(int),
1122 .proc_handler = proc_dointvec_ms_jiffies,
1125 .procname = "echo_ignore_all",
1126 .data = &init_net.ipv6.sysctl.icmpv6_echo_ignore_all,
1127 .maxlen = sizeof(int),
1129 .proc_handler = proc_dointvec,
1132 .procname = "echo_ignore_multicast",
1133 .data = &init_net.ipv6.sysctl.icmpv6_echo_ignore_multicast,
1134 .maxlen = sizeof(int),
1136 .proc_handler = proc_dointvec,
1139 .procname = "echo_ignore_anycast",
1140 .data = &init_net.ipv6.sysctl.icmpv6_echo_ignore_anycast,
1141 .maxlen = sizeof(int),
1143 .proc_handler = proc_dointvec,
1146 .procname = "ratemask",
1147 .data = &init_net.ipv6.sysctl.icmpv6_ratemask_ptr,
1148 .maxlen = ICMPV6_MSG_MAX + 1,
1150 .proc_handler = proc_do_large_bitmap,
1155 struct ctl_table * __net_init ipv6_icmp_sysctl_init(struct net *net)
1157 struct ctl_table *table;
1159 table = kmemdup(ipv6_icmp_table_template,
1160 sizeof(ipv6_icmp_table_template),
1164 table[0].data = &net->ipv6.sysctl.icmpv6_time;
1165 table[1].data = &net->ipv6.sysctl.icmpv6_echo_ignore_all;
1166 table[2].data = &net->ipv6.sysctl.icmpv6_echo_ignore_multicast;
1167 table[3].data = &net->ipv6.sysctl.icmpv6_echo_ignore_anycast;
1168 table[4].data = &net->ipv6.sysctl.icmpv6_ratemask_ptr;
projects / linux.git / blob