1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * Internet Control Message Protocol (ICMPv6)
4 * Linux INET6 implementation
7 * Pedro Roque <roque@di.fc.ul.pt>
9 * Based on net/ipv4/icmp.c
17 * Andi Kleen : exception handling
18 * Andi Kleen add rate limits. never reply to a icmp.
19 * add more length checks and other fixes.
20 * yoshfuji : ensure to sent parameter problem for
22 * YOSHIFUJI Hideaki @USAGI: added sysctl for icmp rate limit.
24 * YOSHIFUJI Hideaki @USAGI: Per-interface statistics support
25 * Kazunori MIYAZAWA @USAGI: change output process to use ip6_append_data
28 #define pr_fmt(fmt) "IPv6: " fmt
30 #include <linux/module.h>
31 #include <linux/errno.h>
32 #include <linux/types.h>
33 #include <linux/socket.h>
35 #include <linux/kernel.h>
36 #include <linux/sockios.h>
37 #include <linux/net.h>
38 #include <linux/skbuff.h>
39 #include <linux/init.h>
40 #include <linux/netfilter.h>
41 #include <linux/slab.h>
44 #include <linux/sysctl.h>
47 #include <linux/inet.h>
48 #include <linux/netdevice.h>
49 #include <linux/icmpv6.h>
55 #include <net/ip6_checksum.h>
57 #include <net/protocol.h>
59 #include <net/rawv6.h>
60 #include <net/transp_v6.h>
61 #include <net/ip6_route.h>
62 #include <net/addrconf.h>
65 #include <net/inet_common.h>
66 #include <net/dsfield.h>
67 #include <net/l3mdev.h>
69 #include <linux/uaccess.h>
72 * The ICMP socket(s). This is the most convenient way to flow control
73 * our ICMP output as well as maintain a clean interface throughout
74 * all layers. All Socketless IP sends will soon be gone.
76 * On SMP we have one ICMP socket per-cpu.
78 static struct sock *icmpv6_sk(struct net *net)
80 return this_cpu_read(*net->ipv6.icmp_sk);
83 static int icmpv6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
84 u8 type, u8 code, int offset, __be32 info)
86 /* icmpv6_notify checks 8 bytes can be pulled, icmp6hdr is 8 bytes */
87 struct icmp6hdr *icmp6 = (struct icmp6hdr *) (skb->data + offset);
88 struct net *net = dev_net(skb->dev);
90 if (type == ICMPV6_PKT_TOOBIG)
91 ip6_update_pmtu(skb, net, info, skb->dev->ifindex, 0, sock_net_uid(net, NULL));
92 else if (type == NDISC_REDIRECT)
93 ip6_redirect(skb, net, skb->dev->ifindex, 0,
94 sock_net_uid(net, NULL));
96 if (!(type & ICMPV6_INFOMSG_MASK))
97 if (icmp6->icmp6_type == ICMPV6_ECHO_REQUEST)
98 ping_err(skb, offset, ntohl(info));
103 static int icmpv6_rcv(struct sk_buff *skb);
105 static const struct inet6_protocol icmpv6_protocol = {
106 .handler = icmpv6_rcv,
107 .err_handler = icmpv6_err,
108 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
111 /* Called with BH disabled */
112 static __inline__ struct sock *icmpv6_xmit_lock(struct net *net)
117 if (unlikely(!spin_trylock(&sk->sk_lock.slock))) {
118 /* This can happen if the output path (f.e. SIT or
119 * ip6ip6 tunnel) signals dst_link_failure() for an
120 * outgoing ICMP6 packet.
127 static __inline__ void icmpv6_xmit_unlock(struct sock *sk)
129 spin_unlock(&sk->sk_lock.slock);
133 * Figure out, may we reply to this packet with icmp error.
135 * We do not reply, if:
136 * - it was icmp error message.
137 * - it is truncated, so that it is known, that protocol is ICMPV6
138 * (i.e. in the middle of some exthdr)
143 static bool is_ineligible(const struct sk_buff *skb)
145 int ptr = (u8 *)(ipv6_hdr(skb) + 1) - skb->data;
146 int len = skb->len - ptr;
147 __u8 nexthdr = ipv6_hdr(skb)->nexthdr;
153 ptr = ipv6_skip_exthdr(skb, ptr, &nexthdr, &frag_off);
156 if (nexthdr == IPPROTO_ICMPV6) {
158 tp = skb_header_pointer(skb,
159 ptr+offsetof(struct icmp6hdr, icmp6_type),
160 sizeof(_type), &_type);
162 /* Based on RFC 8200, Section 4.5 Fragment Header, return
163 * false if this is a fragment packet with no icmp header info.
165 if (!tp && frag_off != 0)
167 else if (!tp || !(*tp & ICMPV6_INFOMSG_MASK))
173 static bool icmpv6_mask_allow(struct net *net, int type)
175 if (type > ICMPV6_MSG_MAX)
178 /* Limit if icmp type is set in ratemask. */
179 if (!test_bit(type, net->ipv6.sysctl.icmpv6_ratemask))
185 static bool icmpv6_global_allow(struct net *net, int type)
187 if (icmpv6_mask_allow(net, type))
190 if (icmp_global_allow())
197 * Check the ICMP output rate limit
199 static bool icmpv6_xrlim_allow(struct sock *sk, u8 type,
202 struct net *net = sock_net(sk);
203 struct dst_entry *dst;
206 if (icmpv6_mask_allow(net, type))
210 * Look up the output route.
211 * XXX: perhaps the expire for routing entries cloned by
212 * this lookup should be more aggressive (not longer than timeout).
214 dst = ip6_route_output(net, sk, fl6);
216 IP6_INC_STATS(net, ip6_dst_idev(dst),
217 IPSTATS_MIB_OUTNOROUTES);
218 } else if (dst->dev && (dst->dev->flags&IFF_LOOPBACK)) {
221 struct rt6_info *rt = (struct rt6_info *)dst;
222 int tmo = net->ipv6.sysctl.icmpv6_time;
223 struct inet_peer *peer;
225 /* Give more bandwidth to wider prefixes. */
226 if (rt->rt6i_dst.plen < 128)
227 tmo >>= ((128 - rt->rt6i_dst.plen)>>5);
229 peer = inet_getpeer_v6(net->ipv6.peers, &fl6->daddr, 1);
230 res = inet_peer_xrlim_allow(peer, tmo);
238 static bool icmpv6_rt_has_prefsrc(struct sock *sk, u8 type,
241 struct net *net = sock_net(sk);
242 struct dst_entry *dst;
245 dst = ip6_route_output(net, sk, fl6);
247 struct rt6_info *rt = (struct rt6_info *)dst;
248 struct in6_addr prefsrc;
250 rt6_get_prefsrc(rt, &prefsrc);
251 res = !ipv6_addr_any(&prefsrc);
258 * an inline helper for the "simple" if statement below
259 * checks if parameter problem report is caused by an
260 * unrecognized IPv6 option that has the Option Type
261 * highest-order two bits set to 10
264 static bool opt_unrec(struct sk_buff *skb, __u32 offset)
268 offset += skb_network_offset(skb);
269 op = skb_header_pointer(skb, offset, sizeof(_optval), &_optval);
272 return (*op & 0xC0) == 0x80;
275 void icmpv6_push_pending_frames(struct sock *sk, struct flowi6 *fl6,
276 struct icmp6hdr *thdr, int len)
279 struct icmp6hdr *icmp6h;
281 skb = skb_peek(&sk->sk_write_queue);
285 icmp6h = icmp6_hdr(skb);
286 memcpy(icmp6h, thdr, sizeof(struct icmp6hdr));
287 icmp6h->icmp6_cksum = 0;
289 if (skb_queue_len(&sk->sk_write_queue) == 1) {
290 skb->csum = csum_partial(icmp6h,
291 sizeof(struct icmp6hdr), skb->csum);
292 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr,
294 len, fl6->flowi6_proto,
299 skb_queue_walk(&sk->sk_write_queue, skb) {
300 tmp_csum = csum_add(tmp_csum, skb->csum);
303 tmp_csum = csum_partial(icmp6h,
304 sizeof(struct icmp6hdr), tmp_csum);
305 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr,
307 len, fl6->flowi6_proto,
310 ip6_push_pending_frames(sk);
319 static int icmpv6_getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb)
321 struct icmpv6_msg *msg = (struct icmpv6_msg *) from;
322 struct sk_buff *org_skb = msg->skb;
325 csum = skb_copy_and_csum_bits(org_skb, msg->offset + offset,
327 skb->csum = csum_block_add(skb->csum, csum, odd);
328 if (!(msg->type & ICMPV6_INFOMSG_MASK))
329 nf_ct_attach(skb, org_skb);
333 #if IS_ENABLED(CONFIG_IPV6_MIP6)
334 static void mip6_addr_swap(struct sk_buff *skb, const struct inet6_skb_parm *opt)
336 struct ipv6hdr *iph = ipv6_hdr(skb);
337 struct ipv6_destopt_hao *hao;
342 off = ipv6_find_tlv(skb, opt->dsthao, IPV6_TLV_HAO);
343 if (likely(off >= 0)) {
344 hao = (struct ipv6_destopt_hao *)
345 (skb_network_header(skb) + off);
347 iph->saddr = hao->addr;
353 static inline void mip6_addr_swap(struct sk_buff *skb, const struct inet6_skb_parm *opt) {}
356 static struct dst_entry *icmpv6_route_lookup(struct net *net,
361 struct dst_entry *dst, *dst2;
365 err = ip6_dst_lookup(net, sk, &dst, fl6);
370 * We won't send icmp if the destination is known
373 if (ipv6_anycast_destination(dst, &fl6->daddr)) {
374 net_dbg_ratelimited("icmp6_send: acast source\n");
376 return ERR_PTR(-EINVAL);
379 /* No need to clone since we're just using its address. */
382 dst = xfrm_lookup(net, dst, flowi6_to_flowi(fl6), sk, 0);
387 if (PTR_ERR(dst) == -EPERM)
393 err = xfrm_decode_session_reverse(skb, flowi6_to_flowi(&fl2), AF_INET6);
395 goto relookup_failed;
397 err = ip6_dst_lookup(net, sk, &dst2, &fl2);
399 goto relookup_failed;
401 dst2 = xfrm_lookup(net, dst2, flowi6_to_flowi(&fl2), sk, XFRM_LOOKUP_ICMP);
411 goto relookup_failed;
420 static struct net_device *icmp6_dev(const struct sk_buff *skb)
422 struct net_device *dev = skb->dev;
424 /* for local traffic to local address, skb dev is the loopback
425 * device. Check if there is a dst attached to the skb and if so
426 * get the real device index. Same is needed for replies to a link
427 * local address on a device enslaved to an L3 master device
429 if (unlikely(dev->ifindex == LOOPBACK_IFINDEX || netif_is_l3_master(skb->dev))) {
430 const struct rt6_info *rt6 = skb_rt6_info(skb);
432 /* The destination could be an external IP in Ext Hdr (SRv6, RPL, etc.),
433 * and ip6_null_entry could be set to skb if no route is found.
435 if (rt6 && rt6->rt6i_idev)
436 dev = rt6->rt6i_idev->dev;
442 static int icmp6_iif(const struct sk_buff *skb)
444 return icmp6_dev(skb)->ifindex;
448 * Send an ICMP message in response to a packet in error
450 void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info,
451 const struct in6_addr *force_saddr,
452 const struct inet6_skb_parm *parm)
454 struct inet6_dev *idev = NULL;
455 struct ipv6hdr *hdr = ipv6_hdr(skb);
458 struct ipv6_pinfo *np;
459 const struct in6_addr *saddr = NULL;
460 struct dst_entry *dst;
461 struct icmp6hdr tmp_hdr;
463 struct icmpv6_msg msg;
464 struct ipcm6_cookie ipc6;
470 if ((u8 *)hdr < skb->head ||
471 (skb_network_header(skb) + sizeof(*hdr)) > skb_tail_pointer(skb))
476 net = dev_net(skb->dev);
477 mark = IP6_REPLY_MARK(net, skb->mark);
479 * Make sure we respect the rules
480 * i.e. RFC 1885 2.4(e)
481 * Rule (e.1) is enforced by not using icmp6_send
482 * in any code that processes icmp errors.
484 addr_type = ipv6_addr_type(&hdr->daddr);
486 if (ipv6_chk_addr(net, &hdr->daddr, skb->dev, 0) ||
487 ipv6_chk_acast_addr_src(net, skb->dev, &hdr->daddr))
494 if (addr_type & IPV6_ADDR_MULTICAST || skb->pkt_type != PACKET_HOST) {
495 if (type != ICMPV6_PKT_TOOBIG &&
496 !(type == ICMPV6_PARAMPROB &&
497 code == ICMPV6_UNK_OPTION &&
498 (opt_unrec(skb, info))))
504 addr_type = ipv6_addr_type(&hdr->saddr);
510 if (__ipv6_addr_needs_scope_id(addr_type)) {
511 iif = icmp6_iif(skb);
514 * The source device is used for looking up which routing table
515 * to use for sending an ICMP error.
517 iif = l3mdev_master_ifindex(skb->dev);
521 * Must not send error if the source does not uniquely
522 * identify a single node (RFC2463 Section 2.4).
523 * We check unspecified / multicast addresses here,
524 * and anycast addresses will be checked later.
526 if ((addr_type == IPV6_ADDR_ANY) || (addr_type & IPV6_ADDR_MULTICAST)) {
527 net_dbg_ratelimited("icmp6_send: addr_any/mcast source [%pI6c > %pI6c]\n",
528 &hdr->saddr, &hdr->daddr);
533 * Never answer to a ICMP packet.
535 if (is_ineligible(skb)) {
536 net_dbg_ratelimited("icmp6_send: no reply to icmp error [%pI6c > %pI6c]\n",
537 &hdr->saddr, &hdr->daddr);
541 /* Needed by both icmp_global_allow and icmpv6_xmit_lock */
544 /* Check global sysctl_icmp_msgs_per_sec ratelimit */
545 if (!(skb->dev->flags & IFF_LOOPBACK) && !icmpv6_global_allow(net, type))
548 mip6_addr_swap(skb, parm);
550 sk = icmpv6_xmit_lock(net);
554 memset(&fl6, 0, sizeof(fl6));
555 fl6.flowi6_proto = IPPROTO_ICMPV6;
556 fl6.daddr = hdr->saddr;
561 } else if (!icmpv6_rt_has_prefsrc(sk, type, &fl6)) {
562 /* select a more meaningful saddr from input if */
563 struct net_device *in_netdev;
565 in_netdev = dev_get_by_index(net, parm->iif);
567 ipv6_dev_get_saddr(net, in_netdev, &fl6.daddr,
568 inet6_sk(sk)->srcprefs,
573 fl6.flowi6_mark = mark;
574 fl6.flowi6_oif = iif;
575 fl6.fl6_icmp_type = type;
576 fl6.fl6_icmp_code = code;
577 fl6.flowi6_uid = sock_net_uid(net, NULL);
578 fl6.mp_hash = rt6_multipath_hash(net, &fl6, skb, NULL);
579 security_skb_classify_flow(skb, flowi6_to_flowi_common(&fl6));
583 if (!icmpv6_xrlim_allow(sk, type, &fl6))
586 tmp_hdr.icmp6_type = type;
587 tmp_hdr.icmp6_code = code;
588 tmp_hdr.icmp6_cksum = 0;
589 tmp_hdr.icmp6_pointer = htonl(info);
591 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
592 fl6.flowi6_oif = np->mcast_oif;
593 else if (!fl6.flowi6_oif)
594 fl6.flowi6_oif = np->ucast_oif;
596 ipcm6_init_sk(&ipc6, np);
597 ipc6.sockc.mark = mark;
598 fl6.flowlabel = ip6_make_flowinfo(ipc6.tclass, fl6.flowlabel);
600 dst = icmpv6_route_lookup(net, skb, sk, &fl6);
604 ipc6.hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst);
607 msg.offset = skb_network_offset(skb);
610 len = skb->len - msg.offset;
611 len = min_t(unsigned int, len, IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(struct icmp6hdr));
613 net_dbg_ratelimited("icmp: len problem [%pI6c > %pI6c]\n",
614 &hdr->saddr, &hdr->daddr);
615 goto out_dst_release;
619 idev = __in6_dev_get(skb->dev);
621 if (ip6_append_data(sk, icmpv6_getfrag, &msg,
622 len + sizeof(struct icmp6hdr),
623 sizeof(struct icmp6hdr),
624 &ipc6, &fl6, (struct rt6_info *)dst,
626 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTERRORS);
627 ip6_flush_pending_frames(sk);
629 icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr,
630 len + sizeof(struct icmp6hdr));
636 icmpv6_xmit_unlock(sk);
640 EXPORT_SYMBOL(icmp6_send);
642 /* Slightly more convenient version of icmp6_send.
644 void icmpv6_param_prob(struct sk_buff *skb, u8 code, int pos)
646 icmp6_send(skb, ICMPV6_PARAMPROB, code, pos, NULL, IP6CB(skb));
650 /* Generate icmpv6 with type/code ICMPV6_DEST_UNREACH/ICMPV6_ADDR_UNREACH
651 * if sufficient data bytes are available
652 * @nhs is the size of the tunnel header(s) :
653 * Either an IPv4 header for SIT encap
654 * an IPv4 header + GRE header for GRE encap
656 int ip6_err_gen_icmpv6_unreach(struct sk_buff *skb, int nhs, int type,
657 unsigned int data_len)
659 struct in6_addr temp_saddr;
661 struct sk_buff *skb2;
664 if (!pskb_may_pull(skb, nhs + sizeof(struct ipv6hdr) + 8))
667 /* RFC 4884 (partial) support for ICMP extensions */
668 if (data_len < 128 || (data_len & 7) || skb->len < data_len)
671 skb2 = data_len ? skb_copy(skb, GFP_ATOMIC) : skb_clone(skb, GFP_ATOMIC);
678 skb_reset_network_header(skb2);
680 rt = rt6_lookup(dev_net(skb->dev), &ipv6_hdr(skb2)->saddr, NULL, 0,
683 if (rt && rt->dst.dev)
684 skb2->dev = rt->dst.dev;
686 ipv6_addr_set_v4mapped(ip_hdr(skb)->saddr, &temp_saddr);
689 /* RFC 4884 (partial) support :
690 * insert 0 padding at the end, before the extensions
692 __skb_push(skb2, nhs);
693 skb_reset_network_header(skb2);
694 memmove(skb2->data, skb2->data + nhs, data_len - nhs);
695 memset(skb2->data + data_len - nhs, 0, nhs);
696 /* RFC 4884 4.5 : Length is measured in 64-bit words,
697 * and stored in reserved[0]
699 info = (data_len/8) << 24;
701 if (type == ICMP_TIME_EXCEEDED)
702 icmp6_send(skb2, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT,
703 info, &temp_saddr, IP6CB(skb2));
705 icmp6_send(skb2, ICMPV6_DEST_UNREACH, ICMPV6_ADDR_UNREACH,
706 info, &temp_saddr, IP6CB(skb2));
714 EXPORT_SYMBOL(ip6_err_gen_icmpv6_unreach);
716 static void icmpv6_echo_reply(struct sk_buff *skb)
718 struct net *net = dev_net(skb->dev);
720 struct inet6_dev *idev;
721 struct ipv6_pinfo *np;
722 const struct in6_addr *saddr = NULL;
723 struct icmp6hdr *icmph = icmp6_hdr(skb);
724 struct icmp6hdr tmp_hdr;
726 struct icmpv6_msg msg;
727 struct dst_entry *dst;
728 struct ipcm6_cookie ipc6;
729 u32 mark = IP6_REPLY_MARK(net, skb->mark);
732 if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr) &&
733 net->ipv6.sysctl.icmpv6_echo_ignore_multicast)
736 saddr = &ipv6_hdr(skb)->daddr;
738 acast = ipv6_anycast_destination(skb_dst(skb), saddr);
739 if (acast && net->ipv6.sysctl.icmpv6_echo_ignore_anycast)
742 if (!ipv6_unicast_destination(skb) &&
743 !(net->ipv6.sysctl.anycast_src_echo_reply && acast))
746 memcpy(&tmp_hdr, icmph, sizeof(tmp_hdr));
747 tmp_hdr.icmp6_type = ICMPV6_ECHO_REPLY;
749 memset(&fl6, 0, sizeof(fl6));
750 if (net->ipv6.sysctl.flowlabel_reflect & FLOWLABEL_REFLECT_ICMPV6_ECHO_REPLIES)
751 fl6.flowlabel = ip6_flowlabel(ipv6_hdr(skb));
753 fl6.flowi6_proto = IPPROTO_ICMPV6;
754 fl6.daddr = ipv6_hdr(skb)->saddr;
757 fl6.flowi6_oif = icmp6_iif(skb);
758 fl6.fl6_icmp_type = ICMPV6_ECHO_REPLY;
759 fl6.flowi6_mark = mark;
760 fl6.flowi6_uid = sock_net_uid(net, NULL);
761 security_skb_classify_flow(skb, flowi6_to_flowi_common(&fl6));
764 sk = icmpv6_xmit_lock(net);
769 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
770 fl6.flowi6_oif = np->mcast_oif;
771 else if (!fl6.flowi6_oif)
772 fl6.flowi6_oif = np->ucast_oif;
774 if (ip6_dst_lookup(net, sk, &dst, &fl6))
776 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), sk, 0);
780 /* Check the ratelimit */
781 if ((!(skb->dev->flags & IFF_LOOPBACK) && !icmpv6_global_allow(net, ICMPV6_ECHO_REPLY)) ||
782 !icmpv6_xrlim_allow(sk, ICMPV6_ECHO_REPLY, &fl6))
783 goto out_dst_release;
785 idev = __in6_dev_get(skb->dev);
789 msg.type = ICMPV6_ECHO_REPLY;
791 ipcm6_init_sk(&ipc6, np);
792 ipc6.hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst);
793 ipc6.tclass = ipv6_get_dsfield(ipv6_hdr(skb));
794 ipc6.sockc.mark = mark;
796 if (ip6_append_data(sk, icmpv6_getfrag, &msg,
797 skb->len + sizeof(struct icmp6hdr),
798 sizeof(struct icmp6hdr), &ipc6, &fl6,
799 (struct rt6_info *)dst, MSG_DONTWAIT)) {
800 __ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTERRORS);
801 ip6_flush_pending_frames(sk);
803 icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr,
804 skb->len + sizeof(struct icmp6hdr));
809 icmpv6_xmit_unlock(sk);
814 void icmpv6_notify(struct sk_buff *skb, u8 type, u8 code, __be32 info)
816 const struct inet6_protocol *ipprot;
820 struct net *net = dev_net(skb->dev);
822 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
825 nexthdr = ((struct ipv6hdr *)skb->data)->nexthdr;
826 if (ipv6_ext_hdr(nexthdr)) {
827 /* now skip over extension headers */
828 inner_offset = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr),
829 &nexthdr, &frag_off);
830 if (inner_offset < 0)
833 inner_offset = sizeof(struct ipv6hdr);
836 /* Checkin header including 8 bytes of inner protocol header. */
837 if (!pskb_may_pull(skb, inner_offset+8))
840 /* BUGGG_FUTURE: we should try to parse exthdrs in this packet.
841 Without this we will not able f.e. to make source routed
843 Corresponding argument (opt) to notifiers is already added.
847 ipprot = rcu_dereference(inet6_protos[nexthdr]);
848 if (ipprot && ipprot->err_handler)
849 ipprot->err_handler(skb, NULL, type, code, inner_offset, info);
851 raw6_icmp_error(skb, nexthdr, type, code, inner_offset, info);
855 __ICMP6_INC_STATS(net, __in6_dev_get(skb->dev), ICMP6_MIB_INERRORS);
859 * Handle icmp messages
862 static int icmpv6_rcv(struct sk_buff *skb)
864 struct net *net = dev_net(skb->dev);
865 struct net_device *dev = icmp6_dev(skb);
866 struct inet6_dev *idev = __in6_dev_get(dev);
867 const struct in6_addr *saddr, *daddr;
868 struct icmp6hdr *hdr;
870 bool success = false;
872 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
873 struct sec_path *sp = skb_sec_path(skb);
876 if (!(sp && sp->xvec[sp->len - 1]->props.flags &
880 if (!pskb_may_pull(skb, sizeof(*hdr) + sizeof(struct ipv6hdr)))
883 nh = skb_network_offset(skb);
884 skb_set_network_header(skb, sizeof(*hdr));
886 if (!xfrm6_policy_check_reverse(NULL, XFRM_POLICY_IN, skb))
889 skb_set_network_header(skb, nh);
892 __ICMP6_INC_STATS(dev_net(dev), idev, ICMP6_MIB_INMSGS);
894 saddr = &ipv6_hdr(skb)->saddr;
895 daddr = &ipv6_hdr(skb)->daddr;
897 if (skb_checksum_validate(skb, IPPROTO_ICMPV6, ip6_compute_pseudo)) {
898 net_dbg_ratelimited("ICMPv6 checksum failed [%pI6c > %pI6c]\n",
903 if (!pskb_pull(skb, sizeof(*hdr)))
906 hdr = icmp6_hdr(skb);
908 type = hdr->icmp6_type;
910 ICMP6MSGIN_INC_STATS(dev_net(dev), idev, type);
913 case ICMPV6_ECHO_REQUEST:
914 if (!net->ipv6.sysctl.icmpv6_echo_ignore_all)
915 icmpv6_echo_reply(skb);
918 case ICMPV6_ECHO_REPLY:
919 success = ping_rcv(skb);
922 case ICMPV6_PKT_TOOBIG:
923 /* BUGGG_FUTURE: if packet contains rthdr, we cannot update
924 standard destination cache. Seems, only "advanced"
925 destination cache will allow to solve this problem
928 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
930 hdr = icmp6_hdr(skb);
934 case ICMPV6_DEST_UNREACH:
935 case ICMPV6_TIME_EXCEED:
936 case ICMPV6_PARAMPROB:
937 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu);
940 case NDISC_ROUTER_SOLICITATION:
941 case NDISC_ROUTER_ADVERTISEMENT:
942 case NDISC_NEIGHBOUR_SOLICITATION:
943 case NDISC_NEIGHBOUR_ADVERTISEMENT:
948 case ICMPV6_MGM_QUERY:
949 igmp6_event_query(skb);
952 case ICMPV6_MGM_REPORT:
953 igmp6_event_report(skb);
956 case ICMPV6_MGM_REDUCTION:
957 case ICMPV6_NI_QUERY:
958 case ICMPV6_NI_REPLY:
959 case ICMPV6_MLD2_REPORT:
960 case ICMPV6_DHAAD_REQUEST:
961 case ICMPV6_DHAAD_REPLY:
962 case ICMPV6_MOBILE_PREFIX_SOL:
963 case ICMPV6_MOBILE_PREFIX_ADV:
968 if (type & ICMPV6_INFOMSG_MASK)
971 net_dbg_ratelimited("icmpv6: msg of unknown type [%pI6c > %pI6c]\n",
975 * error of unknown type.
976 * must pass to upper level
979 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu);
982 /* until the v6 path can be better sorted assume failure and
983 * preserve the status quo behaviour for the rest of the paths to here
993 __ICMP6_INC_STATS(dev_net(dev), idev, ICMP6_MIB_CSUMERRORS);
995 __ICMP6_INC_STATS(dev_net(dev), idev, ICMP6_MIB_INERRORS);
1001 void icmpv6_flow_init(struct sock *sk, struct flowi6 *fl6,
1003 const struct in6_addr *saddr,
1004 const struct in6_addr *daddr,
1007 memset(fl6, 0, sizeof(*fl6));
1008 fl6->saddr = *saddr;
1009 fl6->daddr = *daddr;
1010 fl6->flowi6_proto = IPPROTO_ICMPV6;
1011 fl6->fl6_icmp_type = type;
1012 fl6->fl6_icmp_code = 0;
1013 fl6->flowi6_oif = oif;
1014 security_sk_classify_flow(sk, flowi6_to_flowi_common(fl6));
1017 static void __net_exit icmpv6_sk_exit(struct net *net)
1021 for_each_possible_cpu(i)
1022 inet_ctl_sock_destroy(*per_cpu_ptr(net->ipv6.icmp_sk, i));
1023 free_percpu(net->ipv6.icmp_sk);
1026 static int __net_init icmpv6_sk_init(struct net *net)
1031 net->ipv6.icmp_sk = alloc_percpu(struct sock *);
1032 if (!net->ipv6.icmp_sk)
1035 for_each_possible_cpu(i) {
1036 err = inet_ctl_sock_create(&sk, PF_INET6,
1037 SOCK_RAW, IPPROTO_ICMPV6, net);
1039 pr_err("Failed to initialize the ICMP6 control socket (err %d)\n",
1044 *per_cpu_ptr(net->ipv6.icmp_sk, i) = sk;
1046 /* Enough space for 2 64K ICMP packets, including
1047 * sk_buff struct overhead.
1049 sk->sk_sndbuf = 2 * SKB_TRUESIZE(64 * 1024);
1054 icmpv6_sk_exit(net);
1058 static struct pernet_operations icmpv6_sk_ops = {
1059 .init = icmpv6_sk_init,
1060 .exit = icmpv6_sk_exit,
1063 int __init icmpv6_init(void)
1067 err = register_pernet_subsys(&icmpv6_sk_ops);
1072 if (inet6_add_protocol(&icmpv6_protocol, IPPROTO_ICMPV6) < 0)
1075 err = inet6_register_icmp_sender(icmp6_send);
1077 goto sender_reg_err;
1081 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6);
1083 pr_err("Failed to register ICMP6 protocol\n");
1084 unregister_pernet_subsys(&icmpv6_sk_ops);
1088 void icmpv6_cleanup(void)
1090 inet6_unregister_icmp_sender(icmp6_send);
1091 unregister_pernet_subsys(&icmpv6_sk_ops);
1092 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6);
1096 static const struct icmp6_err {
1104 { /* ADM_PROHIBITED */
1108 { /* Was NOT_NEIGHBOUR, now reserved */
1109 .err = EHOSTUNREACH,
1112 { /* ADDR_UNREACH */
1113 .err = EHOSTUNREACH,
1116 { /* PORT_UNREACH */
1117 .err = ECONNREFUSED,
1124 { /* REJECT_ROUTE */
1130 int icmpv6_err_convert(u8 type, u8 code, int *err)
1137 case ICMPV6_DEST_UNREACH:
1139 if (code < ARRAY_SIZE(tab_unreach)) {
1140 *err = tab_unreach[code].err;
1141 fatal = tab_unreach[code].fatal;
1145 case ICMPV6_PKT_TOOBIG:
1149 case ICMPV6_PARAMPROB:
1154 case ICMPV6_TIME_EXCEED:
1155 *err = EHOSTUNREACH;
1161 EXPORT_SYMBOL(icmpv6_err_convert);
1163 #ifdef CONFIG_SYSCTL
1164 static struct ctl_table ipv6_icmp_table_template[] = {
1166 .procname = "ratelimit",
1167 .data = &init_net.ipv6.sysctl.icmpv6_time,
1168 .maxlen = sizeof(int),
1170 .proc_handler = proc_dointvec_ms_jiffies,
1173 .procname = "echo_ignore_all",
1174 .data = &init_net.ipv6.sysctl.icmpv6_echo_ignore_all,
1175 .maxlen = sizeof(int),
1177 .proc_handler = proc_dointvec,
1180 .procname = "echo_ignore_multicast",
1181 .data = &init_net.ipv6.sysctl.icmpv6_echo_ignore_multicast,
1182 .maxlen = sizeof(int),
1184 .proc_handler = proc_dointvec,
1187 .procname = "echo_ignore_anycast",
1188 .data = &init_net.ipv6.sysctl.icmpv6_echo_ignore_anycast,
1189 .maxlen = sizeof(int),
1191 .proc_handler = proc_dointvec,
1194 .procname = "ratemask",
1195 .data = &init_net.ipv6.sysctl.icmpv6_ratemask_ptr,
1196 .maxlen = ICMPV6_MSG_MAX + 1,
1198 .proc_handler = proc_do_large_bitmap,
1203 struct ctl_table * __net_init ipv6_icmp_sysctl_init(struct net *net)
1205 struct ctl_table *table;
1207 table = kmemdup(ipv6_icmp_table_template,
1208 sizeof(ipv6_icmp_table_template),
1212 table[0].data = &net->ipv6.sysctl.icmpv6_time;
1213 table[1].data = &net->ipv6.sysctl.icmpv6_echo_ignore_all;
1214 table[2].data = &net->ipv6.sysctl.icmpv6_echo_ignore_multicast;
1215 table[3].data = &net->ipv6.sysctl.icmpv6_echo_ignore_anycast;
1216 table[4].data = &net->ipv6.sysctl.icmpv6_ratemask_ptr;