1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * Internet Control Message Protocol (ICMPv6)
4 * Linux INET6 implementation
7 * Pedro Roque <roque@di.fc.ul.pt>
9 * Based on net/ipv4/icmp.c
17 * Andi Kleen : exception handling
18 * Andi Kleen add rate limits. never reply to a icmp.
19 * add more length checks and other fixes.
20 * yoshfuji : ensure to sent parameter problem for
22 * YOSHIFUJI Hideaki @USAGI: added sysctl for icmp rate limit.
24 * YOSHIFUJI Hideaki @USAGI: Per-interface statistics support
25 * Kazunori MIYAZAWA @USAGI: change output process to use ip6_append_data
28 #define pr_fmt(fmt) "IPv6: " fmt
30 #include <linux/module.h>
31 #include <linux/errno.h>
32 #include <linux/types.h>
33 #include <linux/socket.h>
35 #include <linux/kernel.h>
36 #include <linux/sockios.h>
37 #include <linux/net.h>
38 #include <linux/skbuff.h>
39 #include <linux/init.h>
40 #include <linux/netfilter.h>
41 #include <linux/slab.h>
44 #include <linux/sysctl.h>
47 #include <linux/inet.h>
48 #include <linux/netdevice.h>
49 #include <linux/icmpv6.h>
55 #include <net/ip6_checksum.h>
57 #include <net/protocol.h>
59 #include <net/rawv6.h>
61 #include <net/transp_v6.h>
62 #include <net/ip6_route.h>
63 #include <net/addrconf.h>
66 #include <net/inet_common.h>
67 #include <net/dsfield.h>
68 #include <net/l3mdev.h>
70 #include <linux/uaccess.h>
73 * The ICMP socket(s). This is the most convenient way to flow control
74 * our ICMP output as well as maintain a clean interface throughout
75 * all layers. All Socketless IP sends will soon be gone.
77 * On SMP we have one ICMP socket per-cpu.
79 static struct sock *icmpv6_sk(struct net *net)
81 return this_cpu_read(*net->ipv6.icmp_sk);
84 static int icmpv6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
85 u8 type, u8 code, int offset, __be32 info)
87 /* icmpv6_notify checks 8 bytes can be pulled, icmp6hdr is 8 bytes */
88 struct icmp6hdr *icmp6 = (struct icmp6hdr *) (skb->data + offset);
89 struct net *net = dev_net(skb->dev);
91 if (type == ICMPV6_PKT_TOOBIG)
92 ip6_update_pmtu(skb, net, info, skb->dev->ifindex, 0, sock_net_uid(net, NULL));
93 else if (type == NDISC_REDIRECT)
94 ip6_redirect(skb, net, skb->dev->ifindex, 0,
95 sock_net_uid(net, NULL));
97 if (!(type & ICMPV6_INFOMSG_MASK))
98 if (icmp6->icmp6_type == ICMPV6_ECHO_REQUEST)
99 ping_err(skb, offset, ntohl(info));
104 static int icmpv6_rcv(struct sk_buff *skb);
106 static const struct inet6_protocol icmpv6_protocol = {
107 .handler = icmpv6_rcv,
108 .err_handler = icmpv6_err,
109 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
112 /* Called with BH disabled */
113 static __inline__ struct sock *icmpv6_xmit_lock(struct net *net)
118 if (unlikely(!spin_trylock(&sk->sk_lock.slock))) {
119 /* This can happen if the output path (f.e. SIT or
120 * ip6ip6 tunnel) signals dst_link_failure() for an
121 * outgoing ICMP6 packet.
128 static __inline__ void icmpv6_xmit_unlock(struct sock *sk)
130 spin_unlock(&sk->sk_lock.slock);
134 * Figure out, may we reply to this packet with icmp error.
136 * We do not reply, if:
137 * - it was icmp error message.
138 * - it is truncated, so that it is known, that protocol is ICMPV6
139 * (i.e. in the middle of some exthdr)
144 static bool is_ineligible(const struct sk_buff *skb)
146 int ptr = (u8 *)(ipv6_hdr(skb) + 1) - skb->data;
147 int len = skb->len - ptr;
148 __u8 nexthdr = ipv6_hdr(skb)->nexthdr;
154 ptr = ipv6_skip_exthdr(skb, ptr, &nexthdr, &frag_off);
157 if (nexthdr == IPPROTO_ICMPV6) {
159 tp = skb_header_pointer(skb,
160 ptr+offsetof(struct icmp6hdr, icmp6_type),
161 sizeof(_type), &_type);
163 /* Based on RFC 8200, Section 4.5 Fragment Header, return
164 * false if this is a fragment packet with no icmp header info.
166 if (!tp && frag_off != 0)
168 else if (!tp || !(*tp & ICMPV6_INFOMSG_MASK))
174 static bool icmpv6_mask_allow(struct net *net, int type)
176 if (type > ICMPV6_MSG_MAX)
179 /* Limit if icmp type is set in ratemask. */
180 if (!test_bit(type, net->ipv6.sysctl.icmpv6_ratemask))
186 static bool icmpv6_global_allow(struct net *net, int type)
188 if (icmpv6_mask_allow(net, type))
191 if (icmp_global_allow())
198 * Check the ICMP output rate limit
200 static bool icmpv6_xrlim_allow(struct sock *sk, u8 type,
203 struct net *net = sock_net(sk);
204 struct dst_entry *dst;
207 if (icmpv6_mask_allow(net, type))
211 * Look up the output route.
212 * XXX: perhaps the expire for routing entries cloned by
213 * this lookup should be more aggressive (not longer than timeout).
215 dst = ip6_route_output(net, sk, fl6);
217 IP6_INC_STATS(net, ip6_dst_idev(dst),
218 IPSTATS_MIB_OUTNOROUTES);
219 } else if (dst->dev && (dst->dev->flags&IFF_LOOPBACK)) {
222 struct rt6_info *rt = (struct rt6_info *)dst;
223 int tmo = net->ipv6.sysctl.icmpv6_time;
224 struct inet_peer *peer;
226 /* Give more bandwidth to wider prefixes. */
227 if (rt->rt6i_dst.plen < 128)
228 tmo >>= ((128 - rt->rt6i_dst.plen)>>5);
230 peer = inet_getpeer_v6(net->ipv6.peers, &fl6->daddr, 1);
231 res = inet_peer_xrlim_allow(peer, tmo);
239 static bool icmpv6_rt_has_prefsrc(struct sock *sk, u8 type,
242 struct net *net = sock_net(sk);
243 struct dst_entry *dst;
246 dst = ip6_route_output(net, sk, fl6);
248 struct rt6_info *rt = (struct rt6_info *)dst;
249 struct in6_addr prefsrc;
251 rt6_get_prefsrc(rt, &prefsrc);
252 res = !ipv6_addr_any(&prefsrc);
259 * an inline helper for the "simple" if statement below
260 * checks if parameter problem report is caused by an
261 * unrecognized IPv6 option that has the Option Type
262 * highest-order two bits set to 10
265 static bool opt_unrec(struct sk_buff *skb, __u32 offset)
269 offset += skb_network_offset(skb);
270 op = skb_header_pointer(skb, offset, sizeof(_optval), &_optval);
273 return (*op & 0xC0) == 0x80;
276 void icmpv6_push_pending_frames(struct sock *sk, struct flowi6 *fl6,
277 struct icmp6hdr *thdr, int len)
280 struct icmp6hdr *icmp6h;
282 skb = skb_peek(&sk->sk_write_queue);
286 icmp6h = icmp6_hdr(skb);
287 memcpy(icmp6h, thdr, sizeof(struct icmp6hdr));
288 icmp6h->icmp6_cksum = 0;
290 if (skb_queue_len(&sk->sk_write_queue) == 1) {
291 skb->csum = csum_partial(icmp6h,
292 sizeof(struct icmp6hdr), skb->csum);
293 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr,
295 len, fl6->flowi6_proto,
300 skb_queue_walk(&sk->sk_write_queue, skb) {
301 tmp_csum = csum_add(tmp_csum, skb->csum);
304 tmp_csum = csum_partial(icmp6h,
305 sizeof(struct icmp6hdr), tmp_csum);
306 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr,
308 len, fl6->flowi6_proto,
311 ip6_push_pending_frames(sk);
320 static int icmpv6_getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb)
322 struct icmpv6_msg *msg = (struct icmpv6_msg *) from;
323 struct sk_buff *org_skb = msg->skb;
326 csum = skb_copy_and_csum_bits(org_skb, msg->offset + offset,
328 skb->csum = csum_block_add(skb->csum, csum, odd);
329 if (!(msg->type & ICMPV6_INFOMSG_MASK))
330 nf_ct_attach(skb, org_skb);
334 #if IS_ENABLED(CONFIG_IPV6_MIP6)
335 static void mip6_addr_swap(struct sk_buff *skb, const struct inet6_skb_parm *opt)
337 struct ipv6hdr *iph = ipv6_hdr(skb);
338 struct ipv6_destopt_hao *hao;
343 off = ipv6_find_tlv(skb, opt->dsthao, IPV6_TLV_HAO);
344 if (likely(off >= 0)) {
345 hao = (struct ipv6_destopt_hao *)
346 (skb_network_header(skb) + off);
348 iph->saddr = hao->addr;
354 static inline void mip6_addr_swap(struct sk_buff *skb, const struct inet6_skb_parm *opt) {}
357 static struct dst_entry *icmpv6_route_lookup(struct net *net,
362 struct dst_entry *dst, *dst2;
366 err = ip6_dst_lookup(net, sk, &dst, fl6);
371 * We won't send icmp if the destination is known
374 if (ipv6_anycast_destination(dst, &fl6->daddr)) {
375 net_dbg_ratelimited("icmp6_send: acast source\n");
377 return ERR_PTR(-EINVAL);
380 /* No need to clone since we're just using its address. */
383 dst = xfrm_lookup(net, dst, flowi6_to_flowi(fl6), sk, 0);
388 if (PTR_ERR(dst) == -EPERM)
394 err = xfrm_decode_session_reverse(skb, flowi6_to_flowi(&fl2), AF_INET6);
396 goto relookup_failed;
398 err = ip6_dst_lookup(net, sk, &dst2, &fl2);
400 goto relookup_failed;
402 dst2 = xfrm_lookup(net, dst2, flowi6_to_flowi(&fl2), sk, XFRM_LOOKUP_ICMP);
412 goto relookup_failed;
421 static struct net_device *icmp6_dev(const struct sk_buff *skb)
423 struct net_device *dev = skb->dev;
425 /* for local traffic to local address, skb dev is the loopback
426 * device. Check if there is a dst attached to the skb and if so
427 * get the real device index. Same is needed for replies to a link
428 * local address on a device enslaved to an L3 master device
430 if (unlikely(dev->ifindex == LOOPBACK_IFINDEX || netif_is_l3_master(skb->dev))) {
431 const struct rt6_info *rt6 = skb_rt6_info(skb);
433 /* The destination could be an external IP in Ext Hdr (SRv6, RPL, etc.),
434 * and ip6_null_entry could be set to skb if no route is found.
436 if (rt6 && rt6->rt6i_idev)
437 dev = rt6->rt6i_idev->dev;
443 static int icmp6_iif(const struct sk_buff *skb)
445 return icmp6_dev(skb)->ifindex;
449 * Send an ICMP message in response to a packet in error
451 void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info,
452 const struct in6_addr *force_saddr,
453 const struct inet6_skb_parm *parm)
455 struct inet6_dev *idev = NULL;
456 struct ipv6hdr *hdr = ipv6_hdr(skb);
459 struct ipv6_pinfo *np;
460 const struct in6_addr *saddr = NULL;
461 struct dst_entry *dst;
462 struct icmp6hdr tmp_hdr;
464 struct icmpv6_msg msg;
465 struct ipcm6_cookie ipc6;
471 if ((u8 *)hdr < skb->head ||
472 (skb_network_header(skb) + sizeof(*hdr)) > skb_tail_pointer(skb))
477 net = dev_net(skb->dev);
478 mark = IP6_REPLY_MARK(net, skb->mark);
480 * Make sure we respect the rules
481 * i.e. RFC 1885 2.4(e)
482 * Rule (e.1) is enforced by not using icmp6_send
483 * in any code that processes icmp errors.
485 addr_type = ipv6_addr_type(&hdr->daddr);
487 if (ipv6_chk_addr(net, &hdr->daddr, skb->dev, 0) ||
488 ipv6_chk_acast_addr_src(net, skb->dev, &hdr->daddr))
495 if (addr_type & IPV6_ADDR_MULTICAST || skb->pkt_type != PACKET_HOST) {
496 if (type != ICMPV6_PKT_TOOBIG &&
497 !(type == ICMPV6_PARAMPROB &&
498 code == ICMPV6_UNK_OPTION &&
499 (opt_unrec(skb, info))))
505 addr_type = ipv6_addr_type(&hdr->saddr);
511 if (__ipv6_addr_needs_scope_id(addr_type)) {
512 iif = icmp6_iif(skb);
515 * The source device is used for looking up which routing table
516 * to use for sending an ICMP error.
518 iif = l3mdev_master_ifindex(skb->dev);
522 * Must not send error if the source does not uniquely
523 * identify a single node (RFC2463 Section 2.4).
524 * We check unspecified / multicast addresses here,
525 * and anycast addresses will be checked later.
527 if ((addr_type == IPV6_ADDR_ANY) || (addr_type & IPV6_ADDR_MULTICAST)) {
528 net_dbg_ratelimited("icmp6_send: addr_any/mcast source [%pI6c > %pI6c]\n",
529 &hdr->saddr, &hdr->daddr);
534 * Never answer to a ICMP packet.
536 if (is_ineligible(skb)) {
537 net_dbg_ratelimited("icmp6_send: no reply to icmp error [%pI6c > %pI6c]\n",
538 &hdr->saddr, &hdr->daddr);
542 /* Needed by both icmp_global_allow and icmpv6_xmit_lock */
545 /* Check global sysctl_icmp_msgs_per_sec ratelimit */
546 if (!(skb->dev->flags & IFF_LOOPBACK) && !icmpv6_global_allow(net, type))
549 mip6_addr_swap(skb, parm);
551 sk = icmpv6_xmit_lock(net);
555 memset(&fl6, 0, sizeof(fl6));
556 fl6.flowi6_proto = IPPROTO_ICMPV6;
557 fl6.daddr = hdr->saddr;
562 } else if (!icmpv6_rt_has_prefsrc(sk, type, &fl6)) {
563 /* select a more meaningful saddr from input if */
564 struct net_device *in_netdev;
566 in_netdev = dev_get_by_index(net, parm->iif);
568 ipv6_dev_get_saddr(net, in_netdev, &fl6.daddr,
569 inet6_sk(sk)->srcprefs,
574 fl6.flowi6_mark = mark;
575 fl6.flowi6_oif = iif;
576 fl6.fl6_icmp_type = type;
577 fl6.fl6_icmp_code = code;
578 fl6.flowi6_uid = sock_net_uid(net, NULL);
579 fl6.mp_hash = rt6_multipath_hash(net, &fl6, skb, NULL);
580 security_skb_classify_flow(skb, flowi6_to_flowi_common(&fl6));
584 if (!icmpv6_xrlim_allow(sk, type, &fl6))
587 tmp_hdr.icmp6_type = type;
588 tmp_hdr.icmp6_code = code;
589 tmp_hdr.icmp6_cksum = 0;
590 tmp_hdr.icmp6_pointer = htonl(info);
592 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
593 fl6.flowi6_oif = np->mcast_oif;
594 else if (!fl6.flowi6_oif)
595 fl6.flowi6_oif = np->ucast_oif;
597 ipcm6_init_sk(&ipc6, np);
598 ipc6.sockc.mark = mark;
599 fl6.flowlabel = ip6_make_flowinfo(ipc6.tclass, fl6.flowlabel);
601 dst = icmpv6_route_lookup(net, skb, sk, &fl6);
605 ipc6.hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst);
608 msg.offset = skb_network_offset(skb);
611 len = skb->len - msg.offset;
612 len = min_t(unsigned int, len, IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(struct icmp6hdr));
614 net_dbg_ratelimited("icmp: len problem [%pI6c > %pI6c]\n",
615 &hdr->saddr, &hdr->daddr);
616 goto out_dst_release;
620 idev = __in6_dev_get(skb->dev);
622 if (ip6_append_data(sk, icmpv6_getfrag, &msg,
623 len + sizeof(struct icmp6hdr),
624 sizeof(struct icmp6hdr),
625 &ipc6, &fl6, (struct rt6_info *)dst,
627 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTERRORS);
628 ip6_flush_pending_frames(sk);
630 icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr,
631 len + sizeof(struct icmp6hdr));
637 icmpv6_xmit_unlock(sk);
641 EXPORT_SYMBOL(icmp6_send);
643 /* Slightly more convenient version of icmp6_send.
645 void icmpv6_param_prob(struct sk_buff *skb, u8 code, int pos)
647 icmp6_send(skb, ICMPV6_PARAMPROB, code, pos, NULL, IP6CB(skb));
651 /* Generate icmpv6 with type/code ICMPV6_DEST_UNREACH/ICMPV6_ADDR_UNREACH
652 * if sufficient data bytes are available
653 * @nhs is the size of the tunnel header(s) :
654 * Either an IPv4 header for SIT encap
655 * an IPv4 header + GRE header for GRE encap
657 int ip6_err_gen_icmpv6_unreach(struct sk_buff *skb, int nhs, int type,
658 unsigned int data_len)
660 struct in6_addr temp_saddr;
662 struct sk_buff *skb2;
665 if (!pskb_may_pull(skb, nhs + sizeof(struct ipv6hdr) + 8))
668 /* RFC 4884 (partial) support for ICMP extensions */
669 if (data_len < 128 || (data_len & 7) || skb->len < data_len)
672 skb2 = data_len ? skb_copy(skb, GFP_ATOMIC) : skb_clone(skb, GFP_ATOMIC);
679 skb_reset_network_header(skb2);
681 rt = rt6_lookup(dev_net(skb->dev), &ipv6_hdr(skb2)->saddr, NULL, 0,
684 if (rt && rt->dst.dev)
685 skb2->dev = rt->dst.dev;
687 ipv6_addr_set_v4mapped(ip_hdr(skb)->saddr, &temp_saddr);
690 /* RFC 4884 (partial) support :
691 * insert 0 padding at the end, before the extensions
693 __skb_push(skb2, nhs);
694 skb_reset_network_header(skb2);
695 memmove(skb2->data, skb2->data + nhs, data_len - nhs);
696 memset(skb2->data + data_len - nhs, 0, nhs);
697 /* RFC 4884 4.5 : Length is measured in 64-bit words,
698 * and stored in reserved[0]
700 info = (data_len/8) << 24;
702 if (type == ICMP_TIME_EXCEEDED)
703 icmp6_send(skb2, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT,
704 info, &temp_saddr, IP6CB(skb2));
706 icmp6_send(skb2, ICMPV6_DEST_UNREACH, ICMPV6_ADDR_UNREACH,
707 info, &temp_saddr, IP6CB(skb2));
715 EXPORT_SYMBOL(ip6_err_gen_icmpv6_unreach);
717 static void icmpv6_echo_reply(struct sk_buff *skb)
719 struct net *net = dev_net(skb->dev);
721 struct inet6_dev *idev;
722 struct ipv6_pinfo *np;
723 const struct in6_addr *saddr = NULL;
724 struct icmp6hdr *icmph = icmp6_hdr(skb);
725 struct icmp6hdr tmp_hdr;
727 struct icmpv6_msg msg;
728 struct dst_entry *dst;
729 struct ipcm6_cookie ipc6;
730 u32 mark = IP6_REPLY_MARK(net, skb->mark);
734 if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr) &&
735 net->ipv6.sysctl.icmpv6_echo_ignore_multicast)
738 saddr = &ipv6_hdr(skb)->daddr;
740 acast = ipv6_anycast_destination(skb_dst(skb), saddr);
741 if (acast && net->ipv6.sysctl.icmpv6_echo_ignore_anycast)
744 if (!ipv6_unicast_destination(skb) &&
745 !(net->ipv6.sysctl.anycast_src_echo_reply && acast))
748 if (icmph->icmp6_type == ICMPV6_EXT_ECHO_REQUEST)
749 type = ICMPV6_EXT_ECHO_REPLY;
751 type = ICMPV6_ECHO_REPLY;
753 memcpy(&tmp_hdr, icmph, sizeof(tmp_hdr));
754 tmp_hdr.icmp6_type = type;
756 memset(&fl6, 0, sizeof(fl6));
757 if (net->ipv6.sysctl.flowlabel_reflect & FLOWLABEL_REFLECT_ICMPV6_ECHO_REPLIES)
758 fl6.flowlabel = ip6_flowlabel(ipv6_hdr(skb));
760 fl6.flowi6_proto = IPPROTO_ICMPV6;
761 fl6.daddr = ipv6_hdr(skb)->saddr;
764 fl6.flowi6_oif = icmp6_iif(skb);
765 fl6.fl6_icmp_type = type;
766 fl6.flowi6_mark = mark;
767 fl6.flowi6_uid = sock_net_uid(net, NULL);
768 security_skb_classify_flow(skb, flowi6_to_flowi_common(&fl6));
771 sk = icmpv6_xmit_lock(net);
776 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
777 fl6.flowi6_oif = np->mcast_oif;
778 else if (!fl6.flowi6_oif)
779 fl6.flowi6_oif = np->ucast_oif;
781 if (ip6_dst_lookup(net, sk, &dst, &fl6))
783 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), sk, 0);
787 /* Check the ratelimit */
788 if ((!(skb->dev->flags & IFF_LOOPBACK) && !icmpv6_global_allow(net, ICMPV6_ECHO_REPLY)) ||
789 !icmpv6_xrlim_allow(sk, ICMPV6_ECHO_REPLY, &fl6))
790 goto out_dst_release;
792 idev = __in6_dev_get(skb->dev);
798 ipcm6_init_sk(&ipc6, np);
799 ipc6.hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst);
800 ipc6.tclass = ipv6_get_dsfield(ipv6_hdr(skb));
801 ipc6.sockc.mark = mark;
803 if (icmph->icmp6_type == ICMPV6_EXT_ECHO_REQUEST)
804 if (!icmp_build_probe(skb, (struct icmphdr *)&tmp_hdr))
805 goto out_dst_release;
807 if (ip6_append_data(sk, icmpv6_getfrag, &msg,
808 skb->len + sizeof(struct icmp6hdr),
809 sizeof(struct icmp6hdr), &ipc6, &fl6,
810 (struct rt6_info *)dst, MSG_DONTWAIT)) {
811 __ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTERRORS);
812 ip6_flush_pending_frames(sk);
814 icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr,
815 skb->len + sizeof(struct icmp6hdr));
820 icmpv6_xmit_unlock(sk);
825 void icmpv6_notify(struct sk_buff *skb, u8 type, u8 code, __be32 info)
827 struct inet6_skb_parm *opt = IP6CB(skb);
828 const struct inet6_protocol *ipprot;
832 struct net *net = dev_net(skb->dev);
834 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
837 seg6_icmp_srh(skb, opt);
839 nexthdr = ((struct ipv6hdr *)skb->data)->nexthdr;
840 if (ipv6_ext_hdr(nexthdr)) {
841 /* now skip over extension headers */
842 inner_offset = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr),
843 &nexthdr, &frag_off);
844 if (inner_offset < 0)
847 inner_offset = sizeof(struct ipv6hdr);
850 /* Checkin header including 8 bytes of inner protocol header. */
851 if (!pskb_may_pull(skb, inner_offset+8))
854 /* BUGGG_FUTURE: we should try to parse exthdrs in this packet.
855 Without this we will not able f.e. to make source routed
857 Corresponding argument (opt) to notifiers is already added.
861 ipprot = rcu_dereference(inet6_protos[nexthdr]);
862 if (ipprot && ipprot->err_handler)
863 ipprot->err_handler(skb, opt, type, code, inner_offset, info);
865 raw6_icmp_error(skb, nexthdr, type, code, inner_offset, info);
869 __ICMP6_INC_STATS(net, __in6_dev_get(skb->dev), ICMP6_MIB_INERRORS);
873 * Handle icmp messages
876 static int icmpv6_rcv(struct sk_buff *skb)
878 struct net *net = dev_net(skb->dev);
879 struct net_device *dev = icmp6_dev(skb);
880 struct inet6_dev *idev = __in6_dev_get(dev);
881 const struct in6_addr *saddr, *daddr;
882 struct icmp6hdr *hdr;
884 bool success = false;
886 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
887 struct sec_path *sp = skb_sec_path(skb);
890 if (!(sp && sp->xvec[sp->len - 1]->props.flags &
894 if (!pskb_may_pull(skb, sizeof(*hdr) + sizeof(struct ipv6hdr)))
897 nh = skb_network_offset(skb);
898 skb_set_network_header(skb, sizeof(*hdr));
900 if (!xfrm6_policy_check_reverse(NULL, XFRM_POLICY_IN, skb))
903 skb_set_network_header(skb, nh);
906 __ICMP6_INC_STATS(dev_net(dev), idev, ICMP6_MIB_INMSGS);
908 saddr = &ipv6_hdr(skb)->saddr;
909 daddr = &ipv6_hdr(skb)->daddr;
911 if (skb_checksum_validate(skb, IPPROTO_ICMPV6, ip6_compute_pseudo)) {
912 net_dbg_ratelimited("ICMPv6 checksum failed [%pI6c > %pI6c]\n",
917 if (!pskb_pull(skb, sizeof(*hdr)))
920 hdr = icmp6_hdr(skb);
922 type = hdr->icmp6_type;
924 ICMP6MSGIN_INC_STATS(dev_net(dev), idev, type);
927 case ICMPV6_ECHO_REQUEST:
928 if (!net->ipv6.sysctl.icmpv6_echo_ignore_all)
929 icmpv6_echo_reply(skb);
931 case ICMPV6_EXT_ECHO_REQUEST:
932 if (!net->ipv6.sysctl.icmpv6_echo_ignore_all &&
933 READ_ONCE(net->ipv4.sysctl_icmp_echo_enable_probe))
934 icmpv6_echo_reply(skb);
937 case ICMPV6_ECHO_REPLY:
938 success = ping_rcv(skb);
941 case ICMPV6_EXT_ECHO_REPLY:
942 success = ping_rcv(skb);
945 case ICMPV6_PKT_TOOBIG:
946 /* BUGGG_FUTURE: if packet contains rthdr, we cannot update
947 standard destination cache. Seems, only "advanced"
948 destination cache will allow to solve this problem
951 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
953 hdr = icmp6_hdr(skb);
957 case ICMPV6_DEST_UNREACH:
958 case ICMPV6_TIME_EXCEED:
959 case ICMPV6_PARAMPROB:
960 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu);
963 case NDISC_ROUTER_SOLICITATION:
964 case NDISC_ROUTER_ADVERTISEMENT:
965 case NDISC_NEIGHBOUR_SOLICITATION:
966 case NDISC_NEIGHBOUR_ADVERTISEMENT:
971 case ICMPV6_MGM_QUERY:
972 igmp6_event_query(skb);
975 case ICMPV6_MGM_REPORT:
976 igmp6_event_report(skb);
979 case ICMPV6_MGM_REDUCTION:
980 case ICMPV6_NI_QUERY:
981 case ICMPV6_NI_REPLY:
982 case ICMPV6_MLD2_REPORT:
983 case ICMPV6_DHAAD_REQUEST:
984 case ICMPV6_DHAAD_REPLY:
985 case ICMPV6_MOBILE_PREFIX_SOL:
986 case ICMPV6_MOBILE_PREFIX_ADV:
991 if (type & ICMPV6_INFOMSG_MASK)
994 net_dbg_ratelimited("icmpv6: msg of unknown type [%pI6c > %pI6c]\n",
998 * error of unknown type.
999 * must pass to upper level
1002 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu);
1005 /* until the v6 path can be better sorted assume failure and
1006 * preserve the status quo behaviour for the rest of the paths to here
1016 __ICMP6_INC_STATS(dev_net(dev), idev, ICMP6_MIB_CSUMERRORS);
1018 __ICMP6_INC_STATS(dev_net(dev), idev, ICMP6_MIB_INERRORS);
1024 void icmpv6_flow_init(struct sock *sk, struct flowi6 *fl6,
1026 const struct in6_addr *saddr,
1027 const struct in6_addr *daddr,
1030 memset(fl6, 0, sizeof(*fl6));
1031 fl6->saddr = *saddr;
1032 fl6->daddr = *daddr;
1033 fl6->flowi6_proto = IPPROTO_ICMPV6;
1034 fl6->fl6_icmp_type = type;
1035 fl6->fl6_icmp_code = 0;
1036 fl6->flowi6_oif = oif;
1037 security_sk_classify_flow(sk, flowi6_to_flowi_common(fl6));
1040 static void __net_exit icmpv6_sk_exit(struct net *net)
1044 for_each_possible_cpu(i)
1045 inet_ctl_sock_destroy(*per_cpu_ptr(net->ipv6.icmp_sk, i));
1046 free_percpu(net->ipv6.icmp_sk);
1049 static int __net_init icmpv6_sk_init(struct net *net)
1054 net->ipv6.icmp_sk = alloc_percpu(struct sock *);
1055 if (!net->ipv6.icmp_sk)
1058 for_each_possible_cpu(i) {
1059 err = inet_ctl_sock_create(&sk, PF_INET6,
1060 SOCK_RAW, IPPROTO_ICMPV6, net);
1062 pr_err("Failed to initialize the ICMP6 control socket (err %d)\n",
1067 *per_cpu_ptr(net->ipv6.icmp_sk, i) = sk;
1069 /* Enough space for 2 64K ICMP packets, including
1070 * sk_buff struct overhead.
1072 sk->sk_sndbuf = 2 * SKB_TRUESIZE(64 * 1024);
1077 icmpv6_sk_exit(net);
1081 static struct pernet_operations icmpv6_sk_ops = {
1082 .init = icmpv6_sk_init,
1083 .exit = icmpv6_sk_exit,
1086 int __init icmpv6_init(void)
1090 err = register_pernet_subsys(&icmpv6_sk_ops);
1095 if (inet6_add_protocol(&icmpv6_protocol, IPPROTO_ICMPV6) < 0)
1098 err = inet6_register_icmp_sender(icmp6_send);
1100 goto sender_reg_err;
1104 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6);
1106 pr_err("Failed to register ICMP6 protocol\n");
1107 unregister_pernet_subsys(&icmpv6_sk_ops);
1111 void icmpv6_cleanup(void)
1113 inet6_unregister_icmp_sender(icmp6_send);
1114 unregister_pernet_subsys(&icmpv6_sk_ops);
1115 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6);
1119 static const struct icmp6_err {
1127 { /* ADM_PROHIBITED */
1131 { /* Was NOT_NEIGHBOUR, now reserved */
1132 .err = EHOSTUNREACH,
1135 { /* ADDR_UNREACH */
1136 .err = EHOSTUNREACH,
1139 { /* PORT_UNREACH */
1140 .err = ECONNREFUSED,
1147 { /* REJECT_ROUTE */
1153 int icmpv6_err_convert(u8 type, u8 code, int *err)
1160 case ICMPV6_DEST_UNREACH:
1162 if (code < ARRAY_SIZE(tab_unreach)) {
1163 *err = tab_unreach[code].err;
1164 fatal = tab_unreach[code].fatal;
1168 case ICMPV6_PKT_TOOBIG:
1172 case ICMPV6_PARAMPROB:
1177 case ICMPV6_TIME_EXCEED:
1178 *err = EHOSTUNREACH;
1184 EXPORT_SYMBOL(icmpv6_err_convert);
1186 #ifdef CONFIG_SYSCTL
1187 static struct ctl_table ipv6_icmp_table_template[] = {
1189 .procname = "ratelimit",
1190 .data = &init_net.ipv6.sysctl.icmpv6_time,
1191 .maxlen = sizeof(int),
1193 .proc_handler = proc_dointvec_ms_jiffies,
1196 .procname = "echo_ignore_all",
1197 .data = &init_net.ipv6.sysctl.icmpv6_echo_ignore_all,
1198 .maxlen = sizeof(u8),
1200 .proc_handler = proc_dou8vec_minmax,
1203 .procname = "echo_ignore_multicast",
1204 .data = &init_net.ipv6.sysctl.icmpv6_echo_ignore_multicast,
1205 .maxlen = sizeof(u8),
1207 .proc_handler = proc_dou8vec_minmax,
1210 .procname = "echo_ignore_anycast",
1211 .data = &init_net.ipv6.sysctl.icmpv6_echo_ignore_anycast,
1212 .maxlen = sizeof(u8),
1214 .proc_handler = proc_dou8vec_minmax,
1217 .procname = "ratemask",
1218 .data = &init_net.ipv6.sysctl.icmpv6_ratemask_ptr,
1219 .maxlen = ICMPV6_MSG_MAX + 1,
1221 .proc_handler = proc_do_large_bitmap,
1226 struct ctl_table * __net_init ipv6_icmp_sysctl_init(struct net *net)
1228 struct ctl_table *table;
1230 table = kmemdup(ipv6_icmp_table_template,
1231 sizeof(ipv6_icmp_table_template),
1235 table[0].data = &net->ipv6.sysctl.icmpv6_time;
1236 table[1].data = &net->ipv6.sysctl.icmpv6_echo_ignore_all;
1237 table[2].data = &net->ipv6.sysctl.icmpv6_echo_ignore_multicast;
1238 table[3].data = &net->ipv6.sysctl.icmpv6_echo_ignore_anycast;
1239 table[4].data = &net->ipv6.sysctl.icmpv6_ratemask_ptr;