2 * Internet Control Message Protocol (ICMPv6)
3 * Linux INET6 implementation
6 * Pedro Roque <roque@di.fc.ul.pt>
8 * Based on net/ipv4/icmp.c
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version
15 * 2 of the License, or (at your option) any later version.
21 * Andi Kleen : exception handling
22 * Andi Kleen add rate limits. never reply to a icmp.
23 * add more length checks and other fixes.
24 * yoshfuji : ensure to sent parameter problem for
26 * YOSHIFUJI Hideaki @USAGI: added sysctl for icmp rate limit.
28 * YOSHIFUJI Hideaki @USAGI: Per-interface statistics support
29 * Kazunori MIYAZAWA @USAGI: change output process to use ip6_append_data
32 #define pr_fmt(fmt) "IPv6: " fmt
34 #include <linux/module.h>
35 #include <linux/errno.h>
36 #include <linux/types.h>
37 #include <linux/socket.h>
39 #include <linux/kernel.h>
40 #include <linux/sockios.h>
41 #include <linux/net.h>
42 #include <linux/skbuff.h>
43 #include <linux/init.h>
44 #include <linux/netfilter.h>
45 #include <linux/slab.h>
48 #include <linux/sysctl.h>
51 #include <linux/inet.h>
52 #include <linux/netdevice.h>
53 #include <linux/icmpv6.h>
59 #include <net/ip6_checksum.h>
61 #include <net/protocol.h>
63 #include <net/rawv6.h>
64 #include <net/transp_v6.h>
65 #include <net/ip6_route.h>
66 #include <net/addrconf.h>
69 #include <net/inet_common.h>
70 #include <net/dsfield.h>
71 #include <net/l3mdev.h>
73 #include <asm/uaccess.h>
76 * The ICMP socket(s). This is the most convenient way to flow control
77 * our ICMP output as well as maintain a clean interface throughout
78 * all layers. All Socketless IP sends will soon be gone.
80 * On SMP we have one ICMP socket per-cpu.
82 static inline struct sock *icmpv6_sk(struct net *net)
84 return net->ipv6.icmp_sk[smp_processor_id()];
87 static void icmpv6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
88 u8 type, u8 code, int offset, __be32 info)
90 /* icmpv6_notify checks 8 bytes can be pulled, icmp6hdr is 8 bytes */
91 struct icmp6hdr *icmp6 = (struct icmp6hdr *) (skb->data + offset);
92 struct net *net = dev_net(skb->dev);
94 if (type == ICMPV6_PKT_TOOBIG)
95 ip6_update_pmtu(skb, net, info, 0, 0);
96 else if (type == NDISC_REDIRECT)
97 ip6_redirect(skb, net, skb->dev->ifindex, 0);
99 if (!(type & ICMPV6_INFOMSG_MASK))
100 if (icmp6->icmp6_type == ICMPV6_ECHO_REQUEST)
101 ping_err(skb, offset, ntohl(info));
104 static int icmpv6_rcv(struct sk_buff *skb);
106 static const struct inet6_protocol icmpv6_protocol = {
107 .handler = icmpv6_rcv,
108 .err_handler = icmpv6_err,
109 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
112 static __inline__ struct sock *icmpv6_xmit_lock(struct net *net)
119 if (unlikely(!spin_trylock(&sk->sk_lock.slock))) {
120 /* This can happen if the output path (f.e. SIT or
121 * ip6ip6 tunnel) signals dst_link_failure() for an
122 * outgoing ICMP6 packet.
130 static __inline__ void icmpv6_xmit_unlock(struct sock *sk)
132 spin_unlock_bh(&sk->sk_lock.slock);
136 * Figure out, may we reply to this packet with icmp error.
138 * We do not reply, if:
139 * - it was icmp error message.
140 * - it is truncated, so that it is known, that protocol is ICMPV6
141 * (i.e. in the middle of some exthdr)
146 static bool is_ineligible(const struct sk_buff *skb)
148 int ptr = (u8 *)(ipv6_hdr(skb) + 1) - skb->data;
149 int len = skb->len - ptr;
150 __u8 nexthdr = ipv6_hdr(skb)->nexthdr;
156 ptr = ipv6_skip_exthdr(skb, ptr, &nexthdr, &frag_off);
159 if (nexthdr == IPPROTO_ICMPV6) {
161 tp = skb_header_pointer(skb,
162 ptr+offsetof(struct icmp6hdr, icmp6_type),
163 sizeof(_type), &_type);
164 if (!tp || !(*tp & ICMPV6_INFOMSG_MASK))
171 * Check the ICMP output rate limit
173 static bool icmpv6_xrlim_allow(struct sock *sk, u8 type,
176 struct net *net = sock_net(sk);
177 struct dst_entry *dst;
180 /* Informational messages are not limited. */
181 if (type & ICMPV6_INFOMSG_MASK)
184 /* Do not limit pmtu discovery, it would break it. */
185 if (type == ICMPV6_PKT_TOOBIG)
189 * Look up the output route.
190 * XXX: perhaps the expire for routing entries cloned by
191 * this lookup should be more aggressive (not longer than timeout).
193 dst = ip6_route_output(net, sk, fl6);
195 IP6_INC_STATS(net, ip6_dst_idev(dst),
196 IPSTATS_MIB_OUTNOROUTES);
197 } else if (dst->dev && (dst->dev->flags&IFF_LOOPBACK)) {
200 struct rt6_info *rt = (struct rt6_info *)dst;
201 int tmo = net->ipv6.sysctl.icmpv6_time;
203 /* Give more bandwidth to wider prefixes. */
204 if (rt->rt6i_dst.plen < 128)
205 tmo >>= ((128 - rt->rt6i_dst.plen)>>5);
207 if (icmp_global_allow()) {
208 struct inet_peer *peer;
210 peer = inet_getpeer_v6(net->ipv6.peers,
212 res = inet_peer_xrlim_allow(peer, tmo);
222 * an inline helper for the "simple" if statement below
223 * checks if parameter problem report is caused by an
224 * unrecognized IPv6 option that has the Option Type
225 * highest-order two bits set to 10
228 static bool opt_unrec(struct sk_buff *skb, __u32 offset)
232 offset += skb_network_offset(skb);
233 op = skb_header_pointer(skb, offset, sizeof(_optval), &_optval);
236 return (*op & 0xC0) == 0x80;
239 int icmpv6_push_pending_frames(struct sock *sk, struct flowi6 *fl6,
240 struct icmp6hdr *thdr, int len)
243 struct icmp6hdr *icmp6h;
246 skb = skb_peek(&sk->sk_write_queue);
250 icmp6h = icmp6_hdr(skb);
251 memcpy(icmp6h, thdr, sizeof(struct icmp6hdr));
252 icmp6h->icmp6_cksum = 0;
254 if (skb_queue_len(&sk->sk_write_queue) == 1) {
255 skb->csum = csum_partial(icmp6h,
256 sizeof(struct icmp6hdr), skb->csum);
257 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr,
259 len, fl6->flowi6_proto,
264 skb_queue_walk(&sk->sk_write_queue, skb) {
265 tmp_csum = csum_add(tmp_csum, skb->csum);
268 tmp_csum = csum_partial(icmp6h,
269 sizeof(struct icmp6hdr), tmp_csum);
270 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr,
272 len, fl6->flowi6_proto,
275 ip6_push_pending_frames(sk);
286 static int icmpv6_getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb)
288 struct icmpv6_msg *msg = (struct icmpv6_msg *) from;
289 struct sk_buff *org_skb = msg->skb;
292 csum = skb_copy_and_csum_bits(org_skb, msg->offset + offset,
294 skb->csum = csum_block_add(skb->csum, csum, odd);
295 if (!(msg->type & ICMPV6_INFOMSG_MASK))
296 nf_ct_attach(skb, org_skb);
300 #if IS_ENABLED(CONFIG_IPV6_MIP6)
301 static void mip6_addr_swap(struct sk_buff *skb, const struct inet6_skb_parm *opt)
303 struct ipv6hdr *iph = ipv6_hdr(skb);
304 struct ipv6_destopt_hao *hao;
309 off = ipv6_find_tlv(skb, opt->dsthao, IPV6_TLV_HAO);
310 if (likely(off >= 0)) {
311 hao = (struct ipv6_destopt_hao *)
312 (skb_network_header(skb) + off);
314 iph->saddr = hao->addr;
320 static inline void mip6_addr_swap(struct sk_buff *skb, const struct inet6_skb_parm *opt) {}
323 static struct dst_entry *icmpv6_route_lookup(struct net *net,
328 struct dst_entry *dst, *dst2;
332 err = ip6_dst_lookup(net, sk, &dst, fl6);
337 * We won't send icmp if the destination is known
340 if (ipv6_anycast_destination(dst, &fl6->daddr)) {
341 net_dbg_ratelimited("icmp6_send: acast source\n");
343 return ERR_PTR(-EINVAL);
346 /* No need to clone since we're just using its address. */
349 dst = xfrm_lookup(net, dst, flowi6_to_flowi(fl6), sk, 0);
354 if (PTR_ERR(dst) == -EPERM)
360 err = xfrm_decode_session_reverse(skb, flowi6_to_flowi(&fl2), AF_INET6);
362 goto relookup_failed;
364 err = ip6_dst_lookup(net, sk, &dst2, &fl2);
366 goto relookup_failed;
368 dst2 = xfrm_lookup(net, dst2, flowi6_to_flowi(&fl2), sk, XFRM_LOOKUP_ICMP);
378 goto relookup_failed;
388 * Send an ICMP message in response to a packet in error
390 void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info,
391 const struct in6_addr *force_saddr,
392 const struct inet6_skb_parm *parm)
394 struct net *net = dev_net(skb->dev);
395 struct inet6_dev *idev = NULL;
396 struct ipv6hdr *hdr = ipv6_hdr(skb);
398 struct ipv6_pinfo *np;
399 const struct in6_addr *saddr = NULL;
400 struct dst_entry *dst;
401 struct icmp6hdr tmp_hdr;
403 struct icmpv6_msg msg;
404 struct sockcm_cookie sockc_unused = {0};
405 struct ipcm6_cookie ipc6;
410 u32 mark = IP6_REPLY_MARK(net, skb->mark);
412 if ((u8 *)hdr < skb->head ||
413 (skb_network_header(skb) + sizeof(*hdr)) > skb_tail_pointer(skb))
417 * Make sure we respect the rules
418 * i.e. RFC 1885 2.4(e)
419 * Rule (e.1) is enforced by not using icmp6_send
420 * in any code that processes icmp errors.
422 addr_type = ipv6_addr_type(&hdr->daddr);
424 if (ipv6_chk_addr(net, &hdr->daddr, skb->dev, 0) ||
425 ipv6_chk_acast_addr_src(net, skb->dev, &hdr->daddr))
432 if (addr_type & IPV6_ADDR_MULTICAST || skb->pkt_type != PACKET_HOST) {
433 if (type != ICMPV6_PKT_TOOBIG &&
434 !(type == ICMPV6_PARAMPROB &&
435 code == ICMPV6_UNK_OPTION &&
436 (opt_unrec(skb, info))))
442 addr_type = ipv6_addr_type(&hdr->saddr);
448 if (__ipv6_addr_needs_scope_id(addr_type))
449 iif = skb->dev->ifindex;
452 iif = l3mdev_master_ifindex(dst ? dst->dev : skb->dev);
456 * Must not send error if the source does not uniquely
457 * identify a single node (RFC2463 Section 2.4).
458 * We check unspecified / multicast addresses here,
459 * and anycast addresses will be checked later.
461 if ((addr_type == IPV6_ADDR_ANY) || (addr_type & IPV6_ADDR_MULTICAST)) {
462 net_dbg_ratelimited("icmp6_send: addr_any/mcast source [%pI6c > %pI6c]\n",
463 &hdr->saddr, &hdr->daddr);
468 * Never answer to a ICMP packet.
470 if (is_ineligible(skb)) {
471 net_dbg_ratelimited("icmp6_send: no reply to icmp error [%pI6c > %pI6c]\n",
472 &hdr->saddr, &hdr->daddr);
476 mip6_addr_swap(skb, parm);
478 memset(&fl6, 0, sizeof(fl6));
479 fl6.flowi6_proto = IPPROTO_ICMPV6;
480 fl6.daddr = hdr->saddr;
485 fl6.flowi6_mark = mark;
486 fl6.flowi6_oif = iif;
487 fl6.fl6_icmp_type = type;
488 fl6.fl6_icmp_code = code;
489 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
491 sk = icmpv6_xmit_lock(net);
497 if (!icmpv6_xrlim_allow(sk, type, &fl6))
500 tmp_hdr.icmp6_type = type;
501 tmp_hdr.icmp6_code = code;
502 tmp_hdr.icmp6_cksum = 0;
503 tmp_hdr.icmp6_pointer = htonl(info);
505 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
506 fl6.flowi6_oif = np->mcast_oif;
507 else if (!fl6.flowi6_oif)
508 fl6.flowi6_oif = np->ucast_oif;
510 ipc6.tclass = np->tclass;
511 fl6.flowlabel = ip6_make_flowinfo(ipc6.tclass, fl6.flowlabel);
513 dst = icmpv6_route_lookup(net, skb, sk, &fl6);
517 ipc6.hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst);
518 ipc6.dontfrag = np->dontfrag;
522 msg.offset = skb_network_offset(skb);
525 len = skb->len - msg.offset;
526 len = min_t(unsigned int, len, IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(struct icmp6hdr));
528 net_dbg_ratelimited("icmp: len problem [%pI6c > %pI6c]\n",
529 &hdr->saddr, &hdr->daddr);
530 goto out_dst_release;
534 idev = __in6_dev_get(skb->dev);
536 err = ip6_append_data(sk, icmpv6_getfrag, &msg,
537 len + sizeof(struct icmp6hdr),
538 sizeof(struct icmp6hdr),
539 &ipc6, &fl6, (struct rt6_info *)dst,
540 MSG_DONTWAIT, &sockc_unused);
542 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTERRORS);
543 ip6_flush_pending_frames(sk);
545 err = icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr,
546 len + sizeof(struct icmp6hdr));
552 icmpv6_xmit_unlock(sk);
555 /* Slightly more convenient version of icmp6_send.
557 void icmpv6_param_prob(struct sk_buff *skb, u8 code, int pos)
559 icmp6_send(skb, ICMPV6_PARAMPROB, code, pos, NULL, IP6CB(skb));
562 EXPORT_SYMBOL(icmp6_send);
564 /* Generate icmpv6 with type/code ICMPV6_DEST_UNREACH/ICMPV6_ADDR_UNREACH
565 * if sufficient data bytes are available
566 * @nhs is the size of the tunnel header(s) :
567 * Either an IPv4 header for SIT encap
568 * an IPv4 header + GRE header for GRE encap
570 int ip6_err_gen_icmpv6_unreach(struct sk_buff *skb, int nhs, int type,
571 unsigned int data_len)
573 struct in6_addr temp_saddr;
575 struct sk_buff *skb2;
578 if (!pskb_may_pull(skb, nhs + sizeof(struct ipv6hdr) + 8))
581 /* RFC 4884 (partial) support for ICMP extensions */
582 if (data_len < 128 || (data_len & 7) || skb->len < data_len)
585 skb2 = data_len ? skb_copy(skb, GFP_ATOMIC) : skb_clone(skb, GFP_ATOMIC);
592 skb_reset_network_header(skb2);
594 rt = rt6_lookup(dev_net(skb->dev), &ipv6_hdr(skb2)->saddr, NULL, 0, 0);
596 if (rt && rt->dst.dev)
597 skb2->dev = rt->dst.dev;
599 ipv6_addr_set_v4mapped(ip_hdr(skb)->saddr, &temp_saddr);
602 /* RFC 4884 (partial) support :
603 * insert 0 padding at the end, before the extensions
605 __skb_push(skb2, nhs);
606 skb_reset_network_header(skb2);
607 memmove(skb2->data, skb2->data + nhs, data_len - nhs);
608 memset(skb2->data + data_len - nhs, 0, nhs);
609 /* RFC 4884 4.5 : Length is measured in 64-bit words,
610 * and stored in reserved[0]
612 info = (data_len/8) << 24;
614 if (type == ICMP_TIME_EXCEEDED)
615 icmp6_send(skb2, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT,
616 info, &temp_saddr, IP6CB(skb2));
618 icmp6_send(skb2, ICMPV6_DEST_UNREACH, ICMPV6_ADDR_UNREACH,
619 info, &temp_saddr, IP6CB(skb2));
627 EXPORT_SYMBOL(ip6_err_gen_icmpv6_unreach);
629 static void icmpv6_echo_reply(struct sk_buff *skb)
631 struct net *net = dev_net(skb->dev);
633 struct inet6_dev *idev;
634 struct ipv6_pinfo *np;
635 const struct in6_addr *saddr = NULL;
636 struct icmp6hdr *icmph = icmp6_hdr(skb);
637 struct icmp6hdr tmp_hdr;
639 struct icmpv6_msg msg;
640 struct dst_entry *dst;
641 struct ipcm6_cookie ipc6;
643 u32 mark = IP6_REPLY_MARK(net, skb->mark);
644 struct sockcm_cookie sockc_unused = {0};
646 saddr = &ipv6_hdr(skb)->daddr;
648 if (!ipv6_unicast_destination(skb) &&
649 !(net->ipv6.sysctl.anycast_src_echo_reply &&
650 ipv6_anycast_destination(skb_dst(skb), saddr)))
653 memcpy(&tmp_hdr, icmph, sizeof(tmp_hdr));
654 tmp_hdr.icmp6_type = ICMPV6_ECHO_REPLY;
656 memset(&fl6, 0, sizeof(fl6));
657 fl6.flowi6_proto = IPPROTO_ICMPV6;
658 fl6.daddr = ipv6_hdr(skb)->saddr;
661 fl6.flowi6_oif = skb->dev->ifindex;
662 fl6.fl6_icmp_type = ICMPV6_ECHO_REPLY;
663 fl6.flowi6_mark = mark;
664 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
666 sk = icmpv6_xmit_lock(net);
672 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
673 fl6.flowi6_oif = np->mcast_oif;
674 else if (!fl6.flowi6_oif)
675 fl6.flowi6_oif = np->ucast_oif;
677 err = ip6_dst_lookup(net, sk, &dst, &fl6);
680 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), sk, 0);
684 idev = __in6_dev_get(skb->dev);
688 msg.type = ICMPV6_ECHO_REPLY;
690 ipc6.hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst);
691 ipc6.tclass = ipv6_get_dsfield(ipv6_hdr(skb));
692 ipc6.dontfrag = np->dontfrag;
695 err = ip6_append_data(sk, icmpv6_getfrag, &msg, skb->len + sizeof(struct icmp6hdr),
696 sizeof(struct icmp6hdr), &ipc6, &fl6,
697 (struct rt6_info *)dst, MSG_DONTWAIT,
701 __ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTERRORS);
702 ip6_flush_pending_frames(sk);
704 err = icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr,
705 skb->len + sizeof(struct icmp6hdr));
709 icmpv6_xmit_unlock(sk);
712 void icmpv6_notify(struct sk_buff *skb, u8 type, u8 code, __be32 info)
714 const struct inet6_protocol *ipprot;
718 struct net *net = dev_net(skb->dev);
720 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
723 nexthdr = ((struct ipv6hdr *)skb->data)->nexthdr;
724 if (ipv6_ext_hdr(nexthdr)) {
725 /* now skip over extension headers */
726 inner_offset = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr),
727 &nexthdr, &frag_off);
728 if (inner_offset < 0)
731 inner_offset = sizeof(struct ipv6hdr);
734 /* Checkin header including 8 bytes of inner protocol header. */
735 if (!pskb_may_pull(skb, inner_offset+8))
738 /* BUGGG_FUTURE: we should try to parse exthdrs in this packet.
739 Without this we will not able f.e. to make source routed
741 Corresponding argument (opt) to notifiers is already added.
745 ipprot = rcu_dereference(inet6_protos[nexthdr]);
746 if (ipprot && ipprot->err_handler)
747 ipprot->err_handler(skb, NULL, type, code, inner_offset, info);
749 raw6_icmp_error(skb, nexthdr, type, code, inner_offset, info);
753 __ICMP6_INC_STATS(net, __in6_dev_get(skb->dev), ICMP6_MIB_INERRORS);
757 * Handle icmp messages
760 static int icmpv6_rcv(struct sk_buff *skb)
762 struct net_device *dev = skb->dev;
763 struct inet6_dev *idev = __in6_dev_get(dev);
764 const struct in6_addr *saddr, *daddr;
765 struct icmp6hdr *hdr;
767 bool success = false;
769 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
770 struct sec_path *sp = skb_sec_path(skb);
773 if (!(sp && sp->xvec[sp->len - 1]->props.flags &
777 if (!pskb_may_pull(skb, sizeof(*hdr) + sizeof(struct ipv6hdr)))
780 nh = skb_network_offset(skb);
781 skb_set_network_header(skb, sizeof(*hdr));
783 if (!xfrm6_policy_check_reverse(NULL, XFRM_POLICY_IN, skb))
786 skb_set_network_header(skb, nh);
789 __ICMP6_INC_STATS(dev_net(dev), idev, ICMP6_MIB_INMSGS);
791 saddr = &ipv6_hdr(skb)->saddr;
792 daddr = &ipv6_hdr(skb)->daddr;
794 if (skb_checksum_validate(skb, IPPROTO_ICMPV6, ip6_compute_pseudo)) {
795 net_dbg_ratelimited("ICMPv6 checksum failed [%pI6c > %pI6c]\n",
800 if (!pskb_pull(skb, sizeof(*hdr)))
803 hdr = icmp6_hdr(skb);
805 type = hdr->icmp6_type;
807 ICMP6MSGIN_INC_STATS(dev_net(dev), idev, type);
810 case ICMPV6_ECHO_REQUEST:
811 icmpv6_echo_reply(skb);
814 case ICMPV6_ECHO_REPLY:
815 success = ping_rcv(skb);
818 case ICMPV6_PKT_TOOBIG:
819 /* BUGGG_FUTURE: if packet contains rthdr, we cannot update
820 standard destination cache. Seems, only "advanced"
821 destination cache will allow to solve this problem
824 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
826 hdr = icmp6_hdr(skb);
829 * Drop through to notify
832 case ICMPV6_DEST_UNREACH:
833 case ICMPV6_TIME_EXCEED:
834 case ICMPV6_PARAMPROB:
835 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu);
838 case NDISC_ROUTER_SOLICITATION:
839 case NDISC_ROUTER_ADVERTISEMENT:
840 case NDISC_NEIGHBOUR_SOLICITATION:
841 case NDISC_NEIGHBOUR_ADVERTISEMENT:
846 case ICMPV6_MGM_QUERY:
847 igmp6_event_query(skb);
850 case ICMPV6_MGM_REPORT:
851 igmp6_event_report(skb);
854 case ICMPV6_MGM_REDUCTION:
855 case ICMPV6_NI_QUERY:
856 case ICMPV6_NI_REPLY:
857 case ICMPV6_MLD2_REPORT:
858 case ICMPV6_DHAAD_REQUEST:
859 case ICMPV6_DHAAD_REPLY:
860 case ICMPV6_MOBILE_PREFIX_SOL:
861 case ICMPV6_MOBILE_PREFIX_ADV:
866 if (type & ICMPV6_INFOMSG_MASK)
869 net_dbg_ratelimited("icmpv6: msg of unknown type [%pI6c > %pI6c]\n",
873 * error of unknown type.
874 * must pass to upper level
877 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu);
880 /* until the v6 path can be better sorted assume failure and
881 * preserve the status quo behaviour for the rest of the paths to here
891 __ICMP6_INC_STATS(dev_net(dev), idev, ICMP6_MIB_CSUMERRORS);
893 __ICMP6_INC_STATS(dev_net(dev), idev, ICMP6_MIB_INERRORS);
899 void icmpv6_flow_init(struct sock *sk, struct flowi6 *fl6,
901 const struct in6_addr *saddr,
902 const struct in6_addr *daddr,
905 memset(fl6, 0, sizeof(*fl6));
908 fl6->flowi6_proto = IPPROTO_ICMPV6;
909 fl6->fl6_icmp_type = type;
910 fl6->fl6_icmp_code = 0;
911 fl6->flowi6_oif = oif;
912 security_sk_classify_flow(sk, flowi6_to_flowi(fl6));
915 static int __net_init icmpv6_sk_init(struct net *net)
921 kzalloc(nr_cpu_ids * sizeof(struct sock *), GFP_KERNEL);
922 if (!net->ipv6.icmp_sk)
925 for_each_possible_cpu(i) {
926 err = inet_ctl_sock_create(&sk, PF_INET6,
927 SOCK_RAW, IPPROTO_ICMPV6, net);
929 pr_err("Failed to initialize the ICMP6 control socket (err %d)\n",
934 net->ipv6.icmp_sk[i] = sk;
936 /* Enough space for 2 64K ICMP packets, including
937 * sk_buff struct overhead.
939 sk->sk_sndbuf = 2 * SKB_TRUESIZE(64 * 1024);
944 for (j = 0; j < i; j++)
945 inet_ctl_sock_destroy(net->ipv6.icmp_sk[j]);
946 kfree(net->ipv6.icmp_sk);
950 static void __net_exit icmpv6_sk_exit(struct net *net)
954 for_each_possible_cpu(i) {
955 inet_ctl_sock_destroy(net->ipv6.icmp_sk[i]);
957 kfree(net->ipv6.icmp_sk);
960 static struct pernet_operations icmpv6_sk_ops = {
961 .init = icmpv6_sk_init,
962 .exit = icmpv6_sk_exit,
965 int __init icmpv6_init(void)
969 err = register_pernet_subsys(&icmpv6_sk_ops);
974 if (inet6_add_protocol(&icmpv6_protocol, IPPROTO_ICMPV6) < 0)
977 err = inet6_register_icmp_sender(icmp6_send);
983 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6);
985 pr_err("Failed to register ICMP6 protocol\n");
986 unregister_pernet_subsys(&icmpv6_sk_ops);
990 void icmpv6_cleanup(void)
992 inet6_unregister_icmp_sender(icmp6_send);
993 unregister_pernet_subsys(&icmpv6_sk_ops);
994 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6);
998 static const struct icmp6_err {
1006 { /* ADM_PROHIBITED */
1010 { /* Was NOT_NEIGHBOUR, now reserved */
1011 .err = EHOSTUNREACH,
1014 { /* ADDR_UNREACH */
1015 .err = EHOSTUNREACH,
1018 { /* PORT_UNREACH */
1019 .err = ECONNREFUSED,
1026 { /* REJECT_ROUTE */
1032 int icmpv6_err_convert(u8 type, u8 code, int *err)
1039 case ICMPV6_DEST_UNREACH:
1041 if (code < ARRAY_SIZE(tab_unreach)) {
1042 *err = tab_unreach[code].err;
1043 fatal = tab_unreach[code].fatal;
1047 case ICMPV6_PKT_TOOBIG:
1051 case ICMPV6_PARAMPROB:
1056 case ICMPV6_TIME_EXCEED:
1057 *err = EHOSTUNREACH;
1063 EXPORT_SYMBOL(icmpv6_err_convert);
1065 #ifdef CONFIG_SYSCTL
1066 static struct ctl_table ipv6_icmp_table_template[] = {
1068 .procname = "ratelimit",
1069 .data = &init_net.ipv6.sysctl.icmpv6_time,
1070 .maxlen = sizeof(int),
1072 .proc_handler = proc_dointvec_ms_jiffies,
1077 struct ctl_table * __net_init ipv6_icmp_sysctl_init(struct net *net)
1079 struct ctl_table *table;
1081 table = kmemdup(ipv6_icmp_table_template,
1082 sizeof(ipv6_icmp_table_template),
1086 table[0].data = &net->ipv6.sysctl.icmpv6_time;
projects / releases.git / blob