2 * Internet Control Message Protocol (ICMPv6)
3 * Linux INET6 implementation
6 * Pedro Roque <roque@di.fc.ul.pt>
8 * Based on net/ipv4/icmp.c
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version
15 * 2 of the License, or (at your option) any later version.
21 * Andi Kleen : exception handling
22 * Andi Kleen add rate limits. never reply to a icmp.
23 * add more length checks and other fixes.
24 * yoshfuji : ensure to sent parameter problem for
26 * YOSHIFUJI Hideaki @USAGI: added sysctl for icmp rate limit.
28 * YOSHIFUJI Hideaki @USAGI: Per-interface statistics support
29 * Kazunori MIYAZAWA @USAGI: change output process to use ip6_append_data
32 #define pr_fmt(fmt) "IPv6: " fmt
34 #include <linux/module.h>
35 #include <linux/errno.h>
36 #include <linux/types.h>
37 #include <linux/socket.h>
39 #include <linux/kernel.h>
40 #include <linux/sockios.h>
41 #include <linux/net.h>
42 #include <linux/skbuff.h>
43 #include <linux/init.h>
44 #include <linux/netfilter.h>
45 #include <linux/slab.h>
48 #include <linux/sysctl.h>
51 #include <linux/inet.h>
52 #include <linux/netdevice.h>
53 #include <linux/icmpv6.h>
59 #include <net/ip6_checksum.h>
61 #include <net/protocol.h>
63 #include <net/rawv6.h>
64 #include <net/transp_v6.h>
65 #include <net/ip6_route.h>
66 #include <net/addrconf.h>
69 #include <net/inet_common.h>
70 #include <net/dsfield.h>
71 #include <net/l3mdev.h>
73 #include <linux/uaccess.h>
76 * The ICMP socket(s). This is the most convenient way to flow control
77 * our ICMP output as well as maintain a clean interface throughout
78 * all layers. All Socketless IP sends will soon be gone.
80 * On SMP we have one ICMP socket per-cpu.
82 static inline struct sock *icmpv6_sk(struct net *net)
84 return net->ipv6.icmp_sk[smp_processor_id()];
87 static int icmpv6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
88 u8 type, u8 code, int offset, __be32 info)
90 /* icmpv6_notify checks 8 bytes can be pulled, icmp6hdr is 8 bytes */
91 struct icmp6hdr *icmp6 = (struct icmp6hdr *) (skb->data + offset);
92 struct net *net = dev_net(skb->dev);
94 if (type == ICMPV6_PKT_TOOBIG)
95 ip6_update_pmtu(skb, net, info, skb->dev->ifindex, 0, sock_net_uid(net, NULL));
96 else if (type == NDISC_REDIRECT)
97 ip6_redirect(skb, net, skb->dev->ifindex, 0,
98 sock_net_uid(net, NULL));
100 if (!(type & ICMPV6_INFOMSG_MASK))
101 if (icmp6->icmp6_type == ICMPV6_ECHO_REQUEST)
102 ping_err(skb, offset, ntohl(info));
107 static int icmpv6_rcv(struct sk_buff *skb);
109 static const struct inet6_protocol icmpv6_protocol = {
110 .handler = icmpv6_rcv,
111 .err_handler = icmpv6_err,
112 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
115 /* Called with BH disabled */
116 static __inline__ struct sock *icmpv6_xmit_lock(struct net *net)
121 if (unlikely(!spin_trylock(&sk->sk_lock.slock))) {
122 /* This can happen if the output path (f.e. SIT or
123 * ip6ip6 tunnel) signals dst_link_failure() for an
124 * outgoing ICMP6 packet.
131 static __inline__ void icmpv6_xmit_unlock(struct sock *sk)
133 spin_unlock(&sk->sk_lock.slock);
137 * Figure out, may we reply to this packet with icmp error.
139 * We do not reply, if:
140 * - it was icmp error message.
141 * - it is truncated, so that it is known, that protocol is ICMPV6
142 * (i.e. in the middle of some exthdr)
147 static bool is_ineligible(const struct sk_buff *skb)
149 int ptr = (u8 *)(ipv6_hdr(skb) + 1) - skb->data;
150 int len = skb->len - ptr;
151 __u8 nexthdr = ipv6_hdr(skb)->nexthdr;
157 ptr = ipv6_skip_exthdr(skb, ptr, &nexthdr, &frag_off);
160 if (nexthdr == IPPROTO_ICMPV6) {
162 tp = skb_header_pointer(skb,
163 ptr+offsetof(struct icmp6hdr, icmp6_type),
164 sizeof(_type), &_type);
165 if (!tp || !(*tp & ICMPV6_INFOMSG_MASK))
171 static bool icmpv6_mask_allow(int type)
173 /* Informational messages are not limited. */
174 if (type & ICMPV6_INFOMSG_MASK)
177 /* Do not limit pmtu discovery, it would break it. */
178 if (type == ICMPV6_PKT_TOOBIG)
184 static bool icmpv6_global_allow(int type)
186 if (icmpv6_mask_allow(type))
189 if (icmp_global_allow())
196 * Check the ICMP output rate limit
198 static bool icmpv6_xrlim_allow(struct sock *sk, u8 type,
201 struct net *net = sock_net(sk);
202 struct dst_entry *dst;
205 if (icmpv6_mask_allow(type))
209 * Look up the output route.
210 * XXX: perhaps the expire for routing entries cloned by
211 * this lookup should be more aggressive (not longer than timeout).
213 dst = ip6_route_output(net, sk, fl6);
215 IP6_INC_STATS(net, ip6_dst_idev(dst),
216 IPSTATS_MIB_OUTNOROUTES);
217 } else if (dst->dev && (dst->dev->flags&IFF_LOOPBACK)) {
220 struct rt6_info *rt = (struct rt6_info *)dst;
221 int tmo = net->ipv6.sysctl.icmpv6_time;
222 struct inet_peer *peer;
224 /* Give more bandwidth to wider prefixes. */
225 if (rt->rt6i_dst.plen < 128)
226 tmo >>= ((128 - rt->rt6i_dst.plen)>>5);
228 peer = inet_getpeer_v6(net->ipv6.peers, &fl6->daddr, 1);
229 res = inet_peer_xrlim_allow(peer, tmo);
238 * an inline helper for the "simple" if statement below
239 * checks if parameter problem report is caused by an
240 * unrecognized IPv6 option that has the Option Type
241 * highest-order two bits set to 10
244 static bool opt_unrec(struct sk_buff *skb, __u32 offset)
248 offset += skb_network_offset(skb);
249 op = skb_header_pointer(skb, offset, sizeof(_optval), &_optval);
252 return (*op & 0xC0) == 0x80;
255 void icmpv6_push_pending_frames(struct sock *sk, struct flowi6 *fl6,
256 struct icmp6hdr *thdr, int len)
259 struct icmp6hdr *icmp6h;
261 skb = skb_peek(&sk->sk_write_queue);
265 icmp6h = icmp6_hdr(skb);
266 memcpy(icmp6h, thdr, sizeof(struct icmp6hdr));
267 icmp6h->icmp6_cksum = 0;
269 if (skb_queue_len(&sk->sk_write_queue) == 1) {
270 skb->csum = csum_partial(icmp6h,
271 sizeof(struct icmp6hdr), skb->csum);
272 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr,
274 len, fl6->flowi6_proto,
279 skb_queue_walk(&sk->sk_write_queue, skb) {
280 tmp_csum = csum_add(tmp_csum, skb->csum);
283 tmp_csum = csum_partial(icmp6h,
284 sizeof(struct icmp6hdr), tmp_csum);
285 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr,
287 len, fl6->flowi6_proto,
290 ip6_push_pending_frames(sk);
299 static int icmpv6_getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb)
301 struct icmpv6_msg *msg = (struct icmpv6_msg *) from;
302 struct sk_buff *org_skb = msg->skb;
305 csum = skb_copy_and_csum_bits(org_skb, msg->offset + offset,
307 skb->csum = csum_block_add(skb->csum, csum, odd);
308 if (!(msg->type & ICMPV6_INFOMSG_MASK))
309 nf_ct_attach(skb, org_skb);
313 #if IS_ENABLED(CONFIG_IPV6_MIP6)
314 static void mip6_addr_swap(struct sk_buff *skb)
316 struct ipv6hdr *iph = ipv6_hdr(skb);
317 struct inet6_skb_parm *opt = IP6CB(skb);
318 struct ipv6_destopt_hao *hao;
323 off = ipv6_find_tlv(skb, opt->dsthao, IPV6_TLV_HAO);
324 if (likely(off >= 0)) {
325 hao = (struct ipv6_destopt_hao *)
326 (skb_network_header(skb) + off);
328 iph->saddr = hao->addr;
334 static inline void mip6_addr_swap(struct sk_buff *skb) {}
337 static struct dst_entry *icmpv6_route_lookup(struct net *net,
342 struct dst_entry *dst, *dst2;
346 err = ip6_dst_lookup(net, sk, &dst, fl6);
351 * We won't send icmp if the destination is known
354 if (ipv6_anycast_destination(dst, &fl6->daddr)) {
355 net_dbg_ratelimited("icmp6_send: acast source\n");
357 return ERR_PTR(-EINVAL);
360 /* No need to clone since we're just using its address. */
363 dst = xfrm_lookup(net, dst, flowi6_to_flowi(fl6), sk, 0);
368 if (PTR_ERR(dst) == -EPERM)
374 err = xfrm_decode_session_reverse(skb, flowi6_to_flowi(&fl2), AF_INET6);
376 goto relookup_failed;
378 err = ip6_dst_lookup(net, sk, &dst2, &fl2);
380 goto relookup_failed;
382 dst2 = xfrm_lookup(net, dst2, flowi6_to_flowi(&fl2), sk, XFRM_LOOKUP_ICMP);
392 goto relookup_failed;
401 static int icmp6_iif(const struct sk_buff *skb)
403 int iif = skb->dev->ifindex;
405 /* for local traffic to local address, skb dev is the loopback
406 * device. Check if there is a dst attached to the skb and if so
407 * get the real device index. Same is needed for replies to a link
408 * local address on a device enslaved to an L3 master device
410 if (unlikely(iif == LOOPBACK_IFINDEX || netif_is_l3_master(skb->dev))) {
411 const struct rt6_info *rt6 = skb_rt6_info(skb);
414 iif = rt6->rt6i_idev->dev->ifindex;
421 * Send an ICMP message in response to a packet in error
423 static void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info,
424 const struct in6_addr *force_saddr)
426 struct inet6_dev *idev = NULL;
427 struct ipv6hdr *hdr = ipv6_hdr(skb);
430 struct ipv6_pinfo *np;
431 const struct in6_addr *saddr = NULL;
432 struct dst_entry *dst;
433 struct icmp6hdr tmp_hdr;
435 struct icmpv6_msg msg;
436 struct ipcm6_cookie ipc6;
442 if ((u8 *)hdr < skb->head ||
443 (skb_network_header(skb) + sizeof(*hdr)) > skb_tail_pointer(skb))
448 net = dev_net(skb->dev);
449 mark = IP6_REPLY_MARK(net, skb->mark);
451 * Make sure we respect the rules
452 * i.e. RFC 1885 2.4(e)
453 * Rule (e.1) is enforced by not using icmp6_send
454 * in any code that processes icmp errors.
456 addr_type = ipv6_addr_type(&hdr->daddr);
458 if (ipv6_chk_addr(net, &hdr->daddr, skb->dev, 0) ||
459 ipv6_chk_acast_addr_src(net, skb->dev, &hdr->daddr))
466 if (addr_type & IPV6_ADDR_MULTICAST || skb->pkt_type != PACKET_HOST) {
467 if (type != ICMPV6_PKT_TOOBIG &&
468 !(type == ICMPV6_PARAMPROB &&
469 code == ICMPV6_UNK_OPTION &&
470 (opt_unrec(skb, info))))
476 addr_type = ipv6_addr_type(&hdr->saddr);
482 if (__ipv6_addr_needs_scope_id(addr_type)) {
483 iif = icmp6_iif(skb);
486 iif = l3mdev_master_ifindex(dst ? dst->dev : skb->dev);
490 * Must not send error if the source does not uniquely
491 * identify a single node (RFC2463 Section 2.4).
492 * We check unspecified / multicast addresses here,
493 * and anycast addresses will be checked later.
495 if ((addr_type == IPV6_ADDR_ANY) || (addr_type & IPV6_ADDR_MULTICAST)) {
496 net_dbg_ratelimited("icmp6_send: addr_any/mcast source [%pI6c > %pI6c]\n",
497 &hdr->saddr, &hdr->daddr);
502 * Never answer to a ICMP packet.
504 if (is_ineligible(skb)) {
505 net_dbg_ratelimited("icmp6_send: no reply to icmp error [%pI6c > %pI6c]\n",
506 &hdr->saddr, &hdr->daddr);
510 /* Needed by both icmp_global_allow and icmpv6_xmit_lock */
513 /* Check global sysctl_icmp_msgs_per_sec ratelimit */
514 if (!(skb->dev->flags&IFF_LOOPBACK) && !icmpv6_global_allow(type))
519 memset(&fl6, 0, sizeof(fl6));
520 fl6.flowi6_proto = IPPROTO_ICMPV6;
521 fl6.daddr = hdr->saddr;
526 fl6.flowi6_mark = mark;
527 fl6.flowi6_oif = iif;
528 fl6.fl6_icmp_type = type;
529 fl6.fl6_icmp_code = code;
530 fl6.flowi6_uid = sock_net_uid(net, NULL);
531 fl6.mp_hash = rt6_multipath_hash(net, &fl6, skb, NULL);
532 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
534 sk = icmpv6_xmit_lock(net);
541 if (!icmpv6_xrlim_allow(sk, type, &fl6))
544 tmp_hdr.icmp6_type = type;
545 tmp_hdr.icmp6_code = code;
546 tmp_hdr.icmp6_cksum = 0;
547 tmp_hdr.icmp6_pointer = htonl(info);
549 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
550 fl6.flowi6_oif = np->mcast_oif;
551 else if (!fl6.flowi6_oif)
552 fl6.flowi6_oif = np->ucast_oif;
554 ipcm6_init_sk(&ipc6, np);
555 fl6.flowlabel = ip6_make_flowinfo(ipc6.tclass, fl6.flowlabel);
557 dst = icmpv6_route_lookup(net, skb, sk, &fl6);
561 ipc6.hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst);
564 msg.offset = skb_network_offset(skb);
567 len = skb->len - msg.offset;
568 len = min_t(unsigned int, len, IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(struct icmp6hdr));
570 net_dbg_ratelimited("icmp: len problem [%pI6c > %pI6c]\n",
571 &hdr->saddr, &hdr->daddr);
572 goto out_dst_release;
576 idev = __in6_dev_get(skb->dev);
578 if (ip6_append_data(sk, icmpv6_getfrag, &msg,
579 len + sizeof(struct icmp6hdr),
580 sizeof(struct icmp6hdr),
581 &ipc6, &fl6, (struct rt6_info *)dst,
583 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTERRORS);
584 ip6_flush_pending_frames(sk);
586 icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr,
587 len + sizeof(struct icmp6hdr));
593 icmpv6_xmit_unlock(sk);
598 /* Slightly more convenient version of icmp6_send.
600 void icmpv6_param_prob(struct sk_buff *skb, u8 code, int pos)
602 icmp6_send(skb, ICMPV6_PARAMPROB, code, pos, NULL);
606 /* Generate icmpv6 with type/code ICMPV6_DEST_UNREACH/ICMPV6_ADDR_UNREACH
607 * if sufficient data bytes are available
608 * @nhs is the size of the tunnel header(s) :
609 * Either an IPv4 header for SIT encap
610 * an IPv4 header + GRE header for GRE encap
612 int ip6_err_gen_icmpv6_unreach(struct sk_buff *skb, int nhs, int type,
613 unsigned int data_len)
615 struct in6_addr temp_saddr;
617 struct sk_buff *skb2;
620 if (!pskb_may_pull(skb, nhs + sizeof(struct ipv6hdr) + 8))
623 /* RFC 4884 (partial) support for ICMP extensions */
624 if (data_len < 128 || (data_len & 7) || skb->len < data_len)
627 skb2 = data_len ? skb_copy(skb, GFP_ATOMIC) : skb_clone(skb, GFP_ATOMIC);
634 skb_reset_network_header(skb2);
636 rt = rt6_lookup(dev_net(skb->dev), &ipv6_hdr(skb2)->saddr, NULL, 0,
639 if (rt && rt->dst.dev)
640 skb2->dev = rt->dst.dev;
642 ipv6_addr_set_v4mapped(ip_hdr(skb)->saddr, &temp_saddr);
645 /* RFC 4884 (partial) support :
646 * insert 0 padding at the end, before the extensions
648 __skb_push(skb2, nhs);
649 skb_reset_network_header(skb2);
650 memmove(skb2->data, skb2->data + nhs, data_len - nhs);
651 memset(skb2->data + data_len - nhs, 0, nhs);
652 /* RFC 4884 4.5 : Length is measured in 64-bit words,
653 * and stored in reserved[0]
655 info = (data_len/8) << 24;
657 if (type == ICMP_TIME_EXCEEDED)
658 icmp6_send(skb2, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT,
661 icmp6_send(skb2, ICMPV6_DEST_UNREACH, ICMPV6_ADDR_UNREACH,
670 EXPORT_SYMBOL(ip6_err_gen_icmpv6_unreach);
672 static void icmpv6_echo_reply(struct sk_buff *skb)
674 struct net *net = dev_net(skb->dev);
676 struct inet6_dev *idev;
677 struct ipv6_pinfo *np;
678 const struct in6_addr *saddr = NULL;
679 struct icmp6hdr *icmph = icmp6_hdr(skb);
680 struct icmp6hdr tmp_hdr;
682 struct icmpv6_msg msg;
683 struct dst_entry *dst;
684 struct ipcm6_cookie ipc6;
685 u32 mark = IP6_REPLY_MARK(net, skb->mark);
687 saddr = &ipv6_hdr(skb)->daddr;
689 if (!ipv6_unicast_destination(skb) &&
690 !(net->ipv6.sysctl.anycast_src_echo_reply &&
691 ipv6_anycast_destination(skb_dst(skb), saddr)))
694 memcpy(&tmp_hdr, icmph, sizeof(tmp_hdr));
695 tmp_hdr.icmp6_type = ICMPV6_ECHO_REPLY;
697 memset(&fl6, 0, sizeof(fl6));
698 fl6.flowi6_proto = IPPROTO_ICMPV6;
699 fl6.daddr = ipv6_hdr(skb)->saddr;
702 fl6.flowi6_oif = icmp6_iif(skb);
703 fl6.fl6_icmp_type = ICMPV6_ECHO_REPLY;
704 fl6.flowi6_mark = mark;
705 fl6.flowi6_uid = sock_net_uid(net, NULL);
706 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
709 sk = icmpv6_xmit_lock(net);
715 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
716 fl6.flowi6_oif = np->mcast_oif;
717 else if (!fl6.flowi6_oif)
718 fl6.flowi6_oif = np->ucast_oif;
720 if (ip6_dst_lookup(net, sk, &dst, &fl6))
722 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), sk, 0);
726 idev = __in6_dev_get(skb->dev);
730 msg.type = ICMPV6_ECHO_REPLY;
732 ipcm6_init_sk(&ipc6, np);
733 ipc6.hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst);
734 ipc6.tclass = ipv6_get_dsfield(ipv6_hdr(skb));
736 if (ip6_append_data(sk, icmpv6_getfrag, &msg,
737 skb->len + sizeof(struct icmp6hdr),
738 sizeof(struct icmp6hdr), &ipc6, &fl6,
739 (struct rt6_info *)dst, MSG_DONTWAIT)) {
740 __ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTERRORS);
741 ip6_flush_pending_frames(sk);
743 icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr,
744 skb->len + sizeof(struct icmp6hdr));
748 icmpv6_xmit_unlock(sk);
753 void icmpv6_notify(struct sk_buff *skb, u8 type, u8 code, __be32 info)
755 const struct inet6_protocol *ipprot;
759 struct net *net = dev_net(skb->dev);
761 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
764 nexthdr = ((struct ipv6hdr *)skb->data)->nexthdr;
765 if (ipv6_ext_hdr(nexthdr)) {
766 /* now skip over extension headers */
767 inner_offset = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr),
768 &nexthdr, &frag_off);
769 if (inner_offset < 0)
772 inner_offset = sizeof(struct ipv6hdr);
775 /* Checkin header including 8 bytes of inner protocol header. */
776 if (!pskb_may_pull(skb, inner_offset+8))
779 /* BUGGG_FUTURE: we should try to parse exthdrs in this packet.
780 Without this we will not able f.e. to make source routed
782 Corresponding argument (opt) to notifiers is already added.
786 ipprot = rcu_dereference(inet6_protos[nexthdr]);
787 if (ipprot && ipprot->err_handler)
788 ipprot->err_handler(skb, NULL, type, code, inner_offset, info);
790 raw6_icmp_error(skb, nexthdr, type, code, inner_offset, info);
794 __ICMP6_INC_STATS(net, __in6_dev_get(skb->dev), ICMP6_MIB_INERRORS);
798 * Handle icmp messages
801 static int icmpv6_rcv(struct sk_buff *skb)
803 struct net *net = dev_net(skb->dev);
804 struct net_device *dev = skb->dev;
805 struct inet6_dev *idev = __in6_dev_get(dev);
806 const struct in6_addr *saddr, *daddr;
807 struct icmp6hdr *hdr;
809 bool success = false;
811 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
812 struct sec_path *sp = skb_sec_path(skb);
815 if (!(sp && sp->xvec[sp->len - 1]->props.flags &
819 if (!pskb_may_pull(skb, sizeof(*hdr) + sizeof(struct ipv6hdr)))
822 nh = skb_network_offset(skb);
823 skb_set_network_header(skb, sizeof(*hdr));
825 if (!xfrm6_policy_check_reverse(NULL, XFRM_POLICY_IN, skb))
828 skb_set_network_header(skb, nh);
831 __ICMP6_INC_STATS(dev_net(dev), idev, ICMP6_MIB_INMSGS);
833 saddr = &ipv6_hdr(skb)->saddr;
834 daddr = &ipv6_hdr(skb)->daddr;
836 if (skb_checksum_validate(skb, IPPROTO_ICMPV6, ip6_compute_pseudo)) {
837 net_dbg_ratelimited("ICMPv6 checksum failed [%pI6c > %pI6c]\n",
842 if (!pskb_pull(skb, sizeof(*hdr)))
845 hdr = icmp6_hdr(skb);
847 type = hdr->icmp6_type;
849 ICMP6MSGIN_INC_STATS(dev_net(dev), idev, type);
852 case ICMPV6_ECHO_REQUEST:
853 if (!net->ipv6.sysctl.icmpv6_echo_ignore_all)
854 icmpv6_echo_reply(skb);
857 case ICMPV6_ECHO_REPLY:
858 success = ping_rcv(skb);
861 case ICMPV6_PKT_TOOBIG:
862 /* BUGGG_FUTURE: if packet contains rthdr, we cannot update
863 standard destination cache. Seems, only "advanced"
864 destination cache will allow to solve this problem
867 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
869 hdr = icmp6_hdr(skb);
873 case ICMPV6_DEST_UNREACH:
874 case ICMPV6_TIME_EXCEED:
875 case ICMPV6_PARAMPROB:
876 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu);
879 case NDISC_ROUTER_SOLICITATION:
880 case NDISC_ROUTER_ADVERTISEMENT:
881 case NDISC_NEIGHBOUR_SOLICITATION:
882 case NDISC_NEIGHBOUR_ADVERTISEMENT:
887 case ICMPV6_MGM_QUERY:
888 igmp6_event_query(skb);
891 case ICMPV6_MGM_REPORT:
892 igmp6_event_report(skb);
895 case ICMPV6_MGM_REDUCTION:
896 case ICMPV6_NI_QUERY:
897 case ICMPV6_NI_REPLY:
898 case ICMPV6_MLD2_REPORT:
899 case ICMPV6_DHAAD_REQUEST:
900 case ICMPV6_DHAAD_REPLY:
901 case ICMPV6_MOBILE_PREFIX_SOL:
902 case ICMPV6_MOBILE_PREFIX_ADV:
907 if (type & ICMPV6_INFOMSG_MASK)
910 net_dbg_ratelimited("icmpv6: msg of unknown type [%pI6c > %pI6c]\n",
914 * error of unknown type.
915 * must pass to upper level
918 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu);
921 /* until the v6 path can be better sorted assume failure and
922 * preserve the status quo behaviour for the rest of the paths to here
932 __ICMP6_INC_STATS(dev_net(dev), idev, ICMP6_MIB_CSUMERRORS);
934 __ICMP6_INC_STATS(dev_net(dev), idev, ICMP6_MIB_INERRORS);
940 void icmpv6_flow_init(struct sock *sk, struct flowi6 *fl6,
942 const struct in6_addr *saddr,
943 const struct in6_addr *daddr,
946 memset(fl6, 0, sizeof(*fl6));
949 fl6->flowi6_proto = IPPROTO_ICMPV6;
950 fl6->fl6_icmp_type = type;
951 fl6->fl6_icmp_code = 0;
952 fl6->flowi6_oif = oif;
953 security_sk_classify_flow(sk, flowi6_to_flowi(fl6));
956 static int __net_init icmpv6_sk_init(struct net *net)
962 kcalloc(nr_cpu_ids, sizeof(struct sock *), GFP_KERNEL);
963 if (!net->ipv6.icmp_sk)
966 for_each_possible_cpu(i) {
967 err = inet_ctl_sock_create(&sk, PF_INET6,
968 SOCK_RAW, IPPROTO_ICMPV6, net);
970 pr_err("Failed to initialize the ICMP6 control socket (err %d)\n",
975 net->ipv6.icmp_sk[i] = sk;
977 /* Enough space for 2 64K ICMP packets, including
978 * sk_buff struct overhead.
980 sk->sk_sndbuf = 2 * SKB_TRUESIZE(64 * 1024);
985 for (j = 0; j < i; j++)
986 inet_ctl_sock_destroy(net->ipv6.icmp_sk[j]);
987 kfree(net->ipv6.icmp_sk);
991 static void __net_exit icmpv6_sk_exit(struct net *net)
995 for_each_possible_cpu(i) {
996 inet_ctl_sock_destroy(net->ipv6.icmp_sk[i]);
998 kfree(net->ipv6.icmp_sk);
1001 static struct pernet_operations icmpv6_sk_ops = {
1002 .init = icmpv6_sk_init,
1003 .exit = icmpv6_sk_exit,
1006 int __init icmpv6_init(void)
1010 err = register_pernet_subsys(&icmpv6_sk_ops);
1015 if (inet6_add_protocol(&icmpv6_protocol, IPPROTO_ICMPV6) < 0)
1018 err = inet6_register_icmp_sender(icmp6_send);
1020 goto sender_reg_err;
1024 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6);
1026 pr_err("Failed to register ICMP6 protocol\n");
1027 unregister_pernet_subsys(&icmpv6_sk_ops);
1031 void icmpv6_cleanup(void)
1033 inet6_unregister_icmp_sender(icmp6_send);
1034 unregister_pernet_subsys(&icmpv6_sk_ops);
1035 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6);
1039 static const struct icmp6_err {
1047 { /* ADM_PROHIBITED */
1051 { /* Was NOT_NEIGHBOUR, now reserved */
1052 .err = EHOSTUNREACH,
1055 { /* ADDR_UNREACH */
1056 .err = EHOSTUNREACH,
1059 { /* PORT_UNREACH */
1060 .err = ECONNREFUSED,
1067 { /* REJECT_ROUTE */
1073 int icmpv6_err_convert(u8 type, u8 code, int *err)
1080 case ICMPV6_DEST_UNREACH:
1082 if (code < ARRAY_SIZE(tab_unreach)) {
1083 *err = tab_unreach[code].err;
1084 fatal = tab_unreach[code].fatal;
1088 case ICMPV6_PKT_TOOBIG:
1092 case ICMPV6_PARAMPROB:
1097 case ICMPV6_TIME_EXCEED:
1098 *err = EHOSTUNREACH;
1104 EXPORT_SYMBOL(icmpv6_err_convert);
1106 #ifdef CONFIG_SYSCTL
1107 static struct ctl_table ipv6_icmp_table_template[] = {
1109 .procname = "ratelimit",
1110 .data = &init_net.ipv6.sysctl.icmpv6_time,
1111 .maxlen = sizeof(int),
1113 .proc_handler = proc_dointvec_ms_jiffies,
1116 .procname = "echo_ignore_all",
1117 .data = &init_net.ipv6.sysctl.icmpv6_echo_ignore_all,
1118 .maxlen = sizeof(int),
1120 .proc_handler = proc_dointvec,
1125 struct ctl_table * __net_init ipv6_icmp_sysctl_init(struct net *net)
1127 struct ctl_table *table;
1129 table = kmemdup(ipv6_icmp_table_template,
1130 sizeof(ipv6_icmp_table_template),
1134 table[0].data = &net->ipv6.sysctl.icmpv6_time;
1135 table[1].data = &net->ipv6.sysctl.icmpv6_echo_ignore_all;
git.samba.org / sfrench / cifs-2.6.git / blob