1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * Internet Control Message Protocol (ICMPv6)
4 * Linux INET6 implementation
7 * Pedro Roque <roque@di.fc.ul.pt>
9 * Based on net/ipv4/icmp.c
17 * Andi Kleen : exception handling
18 * Andi Kleen add rate limits. never reply to a icmp.
19 * add more length checks and other fixes.
20 * yoshfuji : ensure to sent parameter problem for
22 * YOSHIFUJI Hideaki @USAGI: added sysctl for icmp rate limit.
24 * YOSHIFUJI Hideaki @USAGI: Per-interface statistics support
25 * Kazunori MIYAZAWA @USAGI: change output process to use ip6_append_data
28 #define pr_fmt(fmt) "IPv6: " fmt
30 #include <linux/module.h>
31 #include <linux/errno.h>
32 #include <linux/types.h>
33 #include <linux/socket.h>
35 #include <linux/kernel.h>
36 #include <linux/sockios.h>
37 #include <linux/net.h>
38 #include <linux/skbuff.h>
39 #include <linux/init.h>
40 #include <linux/netfilter.h>
41 #include <linux/slab.h>
44 #include <linux/sysctl.h>
47 #include <linux/inet.h>
48 #include <linux/netdevice.h>
49 #include <linux/icmpv6.h>
55 #include <net/ip6_checksum.h>
57 #include <net/protocol.h>
59 #include <net/rawv6.h>
61 #include <net/transp_v6.h>
62 #include <net/ip6_route.h>
63 #include <net/addrconf.h>
66 #include <net/inet_common.h>
67 #include <net/dsfield.h>
68 #include <net/l3mdev.h>
70 #include <linux/uaccess.h>
72 static DEFINE_PER_CPU(struct sock *, ipv6_icmp_sk);
74 static int icmpv6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
75 u8 type, u8 code, int offset, __be32 info)
77 /* icmpv6_notify checks 8 bytes can be pulled, icmp6hdr is 8 bytes */
78 struct icmp6hdr *icmp6 = (struct icmp6hdr *) (skb->data + offset);
79 struct net *net = dev_net(skb->dev);
81 if (type == ICMPV6_PKT_TOOBIG)
82 ip6_update_pmtu(skb, net, info, skb->dev->ifindex, 0, sock_net_uid(net, NULL));
83 else if (type == NDISC_REDIRECT)
84 ip6_redirect(skb, net, skb->dev->ifindex, 0,
85 sock_net_uid(net, NULL));
87 if (!(type & ICMPV6_INFOMSG_MASK))
88 if (icmp6->icmp6_type == ICMPV6_ECHO_REQUEST)
89 ping_err(skb, offset, ntohl(info));
94 static int icmpv6_rcv(struct sk_buff *skb);
96 static const struct inet6_protocol icmpv6_protocol = {
97 .handler = icmpv6_rcv,
98 .err_handler = icmpv6_err,
99 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
102 /* Called with BH disabled */
103 static struct sock *icmpv6_xmit_lock(struct net *net)
107 sk = this_cpu_read(ipv6_icmp_sk);
108 if (unlikely(!spin_trylock(&sk->sk_lock.slock))) {
109 /* This can happen if the output path (f.e. SIT or
110 * ip6ip6 tunnel) signals dst_link_failure() for an
111 * outgoing ICMP6 packet.
115 sock_net_set(sk, net);
119 static void icmpv6_xmit_unlock(struct sock *sk)
121 sock_net_set(sk, &init_net);
122 spin_unlock(&sk->sk_lock.slock);
126 * Figure out, may we reply to this packet with icmp error.
128 * We do not reply, if:
129 * - it was icmp error message.
130 * - it is truncated, so that it is known, that protocol is ICMPV6
131 * (i.e. in the middle of some exthdr)
136 static bool is_ineligible(const struct sk_buff *skb)
138 int ptr = (u8 *)(ipv6_hdr(skb) + 1) - skb->data;
139 int len = skb->len - ptr;
140 __u8 nexthdr = ipv6_hdr(skb)->nexthdr;
146 ptr = ipv6_skip_exthdr(skb, ptr, &nexthdr, &frag_off);
149 if (nexthdr == IPPROTO_ICMPV6) {
151 tp = skb_header_pointer(skb,
152 ptr+offsetof(struct icmp6hdr, icmp6_type),
153 sizeof(_type), &_type);
155 /* Based on RFC 8200, Section 4.5 Fragment Header, return
156 * false if this is a fragment packet with no icmp header info.
158 if (!tp && frag_off != 0)
160 else if (!tp || !(*tp & ICMPV6_INFOMSG_MASK))
166 static bool icmpv6_mask_allow(struct net *net, int type)
168 if (type > ICMPV6_MSG_MAX)
171 /* Limit if icmp type is set in ratemask. */
172 if (!test_bit(type, net->ipv6.sysctl.icmpv6_ratemask))
178 static bool icmpv6_global_allow(struct net *net, int type)
180 if (icmpv6_mask_allow(net, type))
183 if (icmp_global_allow())
190 * Check the ICMP output rate limit
192 static bool icmpv6_xrlim_allow(struct sock *sk, u8 type,
195 struct net *net = sock_net(sk);
196 struct dst_entry *dst;
199 if (icmpv6_mask_allow(net, type))
203 * Look up the output route.
204 * XXX: perhaps the expire for routing entries cloned by
205 * this lookup should be more aggressive (not longer than timeout).
207 dst = ip6_route_output(net, sk, fl6);
209 IP6_INC_STATS(net, ip6_dst_idev(dst),
210 IPSTATS_MIB_OUTNOROUTES);
211 } else if (dst->dev && (dst->dev->flags&IFF_LOOPBACK)) {
214 struct rt6_info *rt = (struct rt6_info *)dst;
215 int tmo = net->ipv6.sysctl.icmpv6_time;
216 struct inet_peer *peer;
218 /* Give more bandwidth to wider prefixes. */
219 if (rt->rt6i_dst.plen < 128)
220 tmo >>= ((128 - rt->rt6i_dst.plen)>>5);
222 peer = inet_getpeer_v6(net->ipv6.peers, &fl6->daddr, 1);
223 res = inet_peer_xrlim_allow(peer, tmo);
231 static bool icmpv6_rt_has_prefsrc(struct sock *sk, u8 type,
234 struct net *net = sock_net(sk);
235 struct dst_entry *dst;
238 dst = ip6_route_output(net, sk, fl6);
240 struct rt6_info *rt = (struct rt6_info *)dst;
241 struct in6_addr prefsrc;
243 rt6_get_prefsrc(rt, &prefsrc);
244 res = !ipv6_addr_any(&prefsrc);
251 * an inline helper for the "simple" if statement below
252 * checks if parameter problem report is caused by an
253 * unrecognized IPv6 option that has the Option Type
254 * highest-order two bits set to 10
257 static bool opt_unrec(struct sk_buff *skb, __u32 offset)
261 offset += skb_network_offset(skb);
262 op = skb_header_pointer(skb, offset, sizeof(_optval), &_optval);
265 return (*op & 0xC0) == 0x80;
268 void icmpv6_push_pending_frames(struct sock *sk, struct flowi6 *fl6,
269 struct icmp6hdr *thdr, int len)
272 struct icmp6hdr *icmp6h;
274 skb = skb_peek(&sk->sk_write_queue);
278 icmp6h = icmp6_hdr(skb);
279 memcpy(icmp6h, thdr, sizeof(struct icmp6hdr));
280 icmp6h->icmp6_cksum = 0;
282 if (skb_queue_len(&sk->sk_write_queue) == 1) {
283 skb->csum = csum_partial(icmp6h,
284 sizeof(struct icmp6hdr), skb->csum);
285 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr,
287 len, fl6->flowi6_proto,
292 skb_queue_walk(&sk->sk_write_queue, skb) {
293 tmp_csum = csum_add(tmp_csum, skb->csum);
296 tmp_csum = csum_partial(icmp6h,
297 sizeof(struct icmp6hdr), tmp_csum);
298 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr,
300 len, fl6->flowi6_proto,
303 ip6_push_pending_frames(sk);
312 static int icmpv6_getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb)
314 struct icmpv6_msg *msg = (struct icmpv6_msg *) from;
315 struct sk_buff *org_skb = msg->skb;
318 csum = skb_copy_and_csum_bits(org_skb, msg->offset + offset,
320 skb->csum = csum_block_add(skb->csum, csum, odd);
321 if (!(msg->type & ICMPV6_INFOMSG_MASK))
322 nf_ct_attach(skb, org_skb);
326 #if IS_ENABLED(CONFIG_IPV6_MIP6)
327 static void mip6_addr_swap(struct sk_buff *skb, const struct inet6_skb_parm *opt)
329 struct ipv6hdr *iph = ipv6_hdr(skb);
330 struct ipv6_destopt_hao *hao;
335 off = ipv6_find_tlv(skb, opt->dsthao, IPV6_TLV_HAO);
336 if (likely(off >= 0)) {
337 hao = (struct ipv6_destopt_hao *)
338 (skb_network_header(skb) + off);
340 iph->saddr = hao->addr;
346 static inline void mip6_addr_swap(struct sk_buff *skb, const struct inet6_skb_parm *opt) {}
349 static struct dst_entry *icmpv6_route_lookup(struct net *net,
354 struct dst_entry *dst, *dst2;
358 err = ip6_dst_lookup(net, sk, &dst, fl6);
363 * We won't send icmp if the destination is known
366 if (ipv6_anycast_destination(dst, &fl6->daddr)) {
367 net_dbg_ratelimited("icmp6_send: acast source\n");
369 return ERR_PTR(-EINVAL);
372 /* No need to clone since we're just using its address. */
375 dst = xfrm_lookup(net, dst, flowi6_to_flowi(fl6), sk, 0);
380 if (PTR_ERR(dst) == -EPERM)
386 err = xfrm_decode_session_reverse(skb, flowi6_to_flowi(&fl2), AF_INET6);
388 goto relookup_failed;
390 err = ip6_dst_lookup(net, sk, &dst2, &fl2);
392 goto relookup_failed;
394 dst2 = xfrm_lookup(net, dst2, flowi6_to_flowi(&fl2), sk, XFRM_LOOKUP_ICMP);
404 goto relookup_failed;
413 static struct net_device *icmp6_dev(const struct sk_buff *skb)
415 struct net_device *dev = skb->dev;
417 /* for local traffic to local address, skb dev is the loopback
418 * device. Check if there is a dst attached to the skb and if so
419 * get the real device index. Same is needed for replies to a link
420 * local address on a device enslaved to an L3 master device
422 if (unlikely(dev->ifindex == LOOPBACK_IFINDEX || netif_is_l3_master(skb->dev))) {
423 const struct rt6_info *rt6 = skb_rt6_info(skb);
425 /* The destination could be an external IP in Ext Hdr (SRv6, RPL, etc.),
426 * and ip6_null_entry could be set to skb if no route is found.
428 if (rt6 && rt6->rt6i_idev)
429 dev = rt6->rt6i_idev->dev;
435 static int icmp6_iif(const struct sk_buff *skb)
437 return icmp6_dev(skb)->ifindex;
441 * Send an ICMP message in response to a packet in error
443 void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info,
444 const struct in6_addr *force_saddr,
445 const struct inet6_skb_parm *parm)
447 struct inet6_dev *idev = NULL;
448 struct ipv6hdr *hdr = ipv6_hdr(skb);
451 struct ipv6_pinfo *np;
452 const struct in6_addr *saddr = NULL;
453 struct dst_entry *dst;
454 struct icmp6hdr tmp_hdr;
456 struct icmpv6_msg msg;
457 struct ipcm6_cookie ipc6;
463 if ((u8 *)hdr < skb->head ||
464 (skb_network_header(skb) + sizeof(*hdr)) > skb_tail_pointer(skb))
469 net = dev_net(skb->dev);
470 mark = IP6_REPLY_MARK(net, skb->mark);
472 * Make sure we respect the rules
473 * i.e. RFC 1885 2.4(e)
474 * Rule (e.1) is enforced by not using icmp6_send
475 * in any code that processes icmp errors.
477 addr_type = ipv6_addr_type(&hdr->daddr);
479 if (ipv6_chk_addr(net, &hdr->daddr, skb->dev, 0) ||
480 ipv6_chk_acast_addr_src(net, skb->dev, &hdr->daddr))
487 if (addr_type & IPV6_ADDR_MULTICAST || skb->pkt_type != PACKET_HOST) {
488 if (type != ICMPV6_PKT_TOOBIG &&
489 !(type == ICMPV6_PARAMPROB &&
490 code == ICMPV6_UNK_OPTION &&
491 (opt_unrec(skb, info))))
497 addr_type = ipv6_addr_type(&hdr->saddr);
503 if (__ipv6_addr_needs_scope_id(addr_type)) {
504 iif = icmp6_iif(skb);
507 * The source device is used for looking up which routing table
508 * to use for sending an ICMP error.
510 iif = l3mdev_master_ifindex(skb->dev);
514 * Must not send error if the source does not uniquely
515 * identify a single node (RFC2463 Section 2.4).
516 * We check unspecified / multicast addresses here,
517 * and anycast addresses will be checked later.
519 if ((addr_type == IPV6_ADDR_ANY) || (addr_type & IPV6_ADDR_MULTICAST)) {
520 net_dbg_ratelimited("icmp6_send: addr_any/mcast source [%pI6c > %pI6c]\n",
521 &hdr->saddr, &hdr->daddr);
526 * Never answer to a ICMP packet.
528 if (is_ineligible(skb)) {
529 net_dbg_ratelimited("icmp6_send: no reply to icmp error [%pI6c > %pI6c]\n",
530 &hdr->saddr, &hdr->daddr);
534 /* Needed by both icmp_global_allow and icmpv6_xmit_lock */
537 /* Check global sysctl_icmp_msgs_per_sec ratelimit */
538 if (!(skb->dev->flags & IFF_LOOPBACK) && !icmpv6_global_allow(net, type))
541 mip6_addr_swap(skb, parm);
543 sk = icmpv6_xmit_lock(net);
547 memset(&fl6, 0, sizeof(fl6));
548 fl6.flowi6_proto = IPPROTO_ICMPV6;
549 fl6.daddr = hdr->saddr;
554 } else if (!icmpv6_rt_has_prefsrc(sk, type, &fl6)) {
555 /* select a more meaningful saddr from input if */
556 struct net_device *in_netdev;
558 in_netdev = dev_get_by_index(net, parm->iif);
560 ipv6_dev_get_saddr(net, in_netdev, &fl6.daddr,
561 inet6_sk(sk)->srcprefs,
566 fl6.flowi6_mark = mark;
567 fl6.flowi6_oif = iif;
568 fl6.fl6_icmp_type = type;
569 fl6.fl6_icmp_code = code;
570 fl6.flowi6_uid = sock_net_uid(net, NULL);
571 fl6.mp_hash = rt6_multipath_hash(net, &fl6, skb, NULL);
572 security_skb_classify_flow(skb, flowi6_to_flowi_common(&fl6));
576 if (!icmpv6_xrlim_allow(sk, type, &fl6))
579 tmp_hdr.icmp6_type = type;
580 tmp_hdr.icmp6_code = code;
581 tmp_hdr.icmp6_cksum = 0;
582 tmp_hdr.icmp6_pointer = htonl(info);
584 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
585 fl6.flowi6_oif = np->mcast_oif;
586 else if (!fl6.flowi6_oif)
587 fl6.flowi6_oif = np->ucast_oif;
589 ipcm6_init_sk(&ipc6, np);
590 ipc6.sockc.mark = mark;
591 fl6.flowlabel = ip6_make_flowinfo(ipc6.tclass, fl6.flowlabel);
593 dst = icmpv6_route_lookup(net, skb, sk, &fl6);
597 ipc6.hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst);
600 msg.offset = skb_network_offset(skb);
603 len = skb->len - msg.offset;
604 len = min_t(unsigned int, len, IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(struct icmp6hdr));
606 net_dbg_ratelimited("icmp: len problem [%pI6c > %pI6c]\n",
607 &hdr->saddr, &hdr->daddr);
608 goto out_dst_release;
612 idev = __in6_dev_get(skb->dev);
614 if (ip6_append_data(sk, icmpv6_getfrag, &msg,
615 len + sizeof(struct icmp6hdr),
616 sizeof(struct icmp6hdr),
617 &ipc6, &fl6, (struct rt6_info *)dst,
619 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTERRORS);
620 ip6_flush_pending_frames(sk);
622 icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr,
623 len + sizeof(struct icmp6hdr));
629 icmpv6_xmit_unlock(sk);
633 EXPORT_SYMBOL(icmp6_send);
635 /* Slightly more convenient version of icmp6_send with drop reasons.
637 void icmpv6_param_prob_reason(struct sk_buff *skb, u8 code, int pos,
638 enum skb_drop_reason reason)
640 icmp6_send(skb, ICMPV6_PARAMPROB, code, pos, NULL, IP6CB(skb));
641 kfree_skb_reason(skb, reason);
644 /* Generate icmpv6 with type/code ICMPV6_DEST_UNREACH/ICMPV6_ADDR_UNREACH
645 * if sufficient data bytes are available
646 * @nhs is the size of the tunnel header(s) :
647 * Either an IPv4 header for SIT encap
648 * an IPv4 header + GRE header for GRE encap
650 int ip6_err_gen_icmpv6_unreach(struct sk_buff *skb, int nhs, int type,
651 unsigned int data_len)
653 struct in6_addr temp_saddr;
655 struct sk_buff *skb2;
658 if (!pskb_may_pull(skb, nhs + sizeof(struct ipv6hdr) + 8))
661 /* RFC 4884 (partial) support for ICMP extensions */
662 if (data_len < 128 || (data_len & 7) || skb->len < data_len)
665 skb2 = data_len ? skb_copy(skb, GFP_ATOMIC) : skb_clone(skb, GFP_ATOMIC);
672 skb_reset_network_header(skb2);
674 rt = rt6_lookup(dev_net(skb->dev), &ipv6_hdr(skb2)->saddr, NULL, 0,
677 if (rt && rt->dst.dev)
678 skb2->dev = rt->dst.dev;
680 ipv6_addr_set_v4mapped(ip_hdr(skb)->saddr, &temp_saddr);
683 /* RFC 4884 (partial) support :
684 * insert 0 padding at the end, before the extensions
686 __skb_push(skb2, nhs);
687 skb_reset_network_header(skb2);
688 memmove(skb2->data, skb2->data + nhs, data_len - nhs);
689 memset(skb2->data + data_len - nhs, 0, nhs);
690 /* RFC 4884 4.5 : Length is measured in 64-bit words,
691 * and stored in reserved[0]
693 info = (data_len/8) << 24;
695 if (type == ICMP_TIME_EXCEEDED)
696 icmp6_send(skb2, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT,
697 info, &temp_saddr, IP6CB(skb2));
699 icmp6_send(skb2, ICMPV6_DEST_UNREACH, ICMPV6_ADDR_UNREACH,
700 info, &temp_saddr, IP6CB(skb2));
708 EXPORT_SYMBOL(ip6_err_gen_icmpv6_unreach);
710 static void icmpv6_echo_reply(struct sk_buff *skb)
712 struct net *net = dev_net(skb->dev);
714 struct inet6_dev *idev;
715 struct ipv6_pinfo *np;
716 const struct in6_addr *saddr = NULL;
717 struct icmp6hdr *icmph = icmp6_hdr(skb);
718 struct icmp6hdr tmp_hdr;
720 struct icmpv6_msg msg;
721 struct dst_entry *dst;
722 struct ipcm6_cookie ipc6;
723 u32 mark = IP6_REPLY_MARK(net, skb->mark);
727 if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr) &&
728 net->ipv6.sysctl.icmpv6_echo_ignore_multicast)
731 saddr = &ipv6_hdr(skb)->daddr;
733 acast = ipv6_anycast_destination(skb_dst(skb), saddr);
734 if (acast && net->ipv6.sysctl.icmpv6_echo_ignore_anycast)
737 if (!ipv6_unicast_destination(skb) &&
738 !(net->ipv6.sysctl.anycast_src_echo_reply && acast))
741 if (icmph->icmp6_type == ICMPV6_EXT_ECHO_REQUEST)
742 type = ICMPV6_EXT_ECHO_REPLY;
744 type = ICMPV6_ECHO_REPLY;
746 memcpy(&tmp_hdr, icmph, sizeof(tmp_hdr));
747 tmp_hdr.icmp6_type = type;
749 memset(&fl6, 0, sizeof(fl6));
750 if (net->ipv6.sysctl.flowlabel_reflect & FLOWLABEL_REFLECT_ICMPV6_ECHO_REPLIES)
751 fl6.flowlabel = ip6_flowlabel(ipv6_hdr(skb));
753 fl6.flowi6_proto = IPPROTO_ICMPV6;
754 fl6.daddr = ipv6_hdr(skb)->saddr;
757 fl6.flowi6_oif = icmp6_iif(skb);
758 fl6.fl6_icmp_type = type;
759 fl6.flowi6_mark = mark;
760 fl6.flowi6_uid = sock_net_uid(net, NULL);
761 security_skb_classify_flow(skb, flowi6_to_flowi_common(&fl6));
764 sk = icmpv6_xmit_lock(net);
769 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
770 fl6.flowi6_oif = np->mcast_oif;
771 else if (!fl6.flowi6_oif)
772 fl6.flowi6_oif = np->ucast_oif;
774 if (ip6_dst_lookup(net, sk, &dst, &fl6))
776 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), sk, 0);
780 /* Check the ratelimit */
781 if ((!(skb->dev->flags & IFF_LOOPBACK) && !icmpv6_global_allow(net, ICMPV6_ECHO_REPLY)) ||
782 !icmpv6_xrlim_allow(sk, ICMPV6_ECHO_REPLY, &fl6))
783 goto out_dst_release;
785 idev = __in6_dev_get(skb->dev);
791 ipcm6_init_sk(&ipc6, np);
792 ipc6.hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst);
793 ipc6.tclass = ipv6_get_dsfield(ipv6_hdr(skb));
794 ipc6.sockc.mark = mark;
796 if (icmph->icmp6_type == ICMPV6_EXT_ECHO_REQUEST)
797 if (!icmp_build_probe(skb, (struct icmphdr *)&tmp_hdr))
798 goto out_dst_release;
800 if (ip6_append_data(sk, icmpv6_getfrag, &msg,
801 skb->len + sizeof(struct icmp6hdr),
802 sizeof(struct icmp6hdr), &ipc6, &fl6,
803 (struct rt6_info *)dst, MSG_DONTWAIT)) {
804 __ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTERRORS);
805 ip6_flush_pending_frames(sk);
807 icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr,
808 skb->len + sizeof(struct icmp6hdr));
813 icmpv6_xmit_unlock(sk);
818 void icmpv6_notify(struct sk_buff *skb, u8 type, u8 code, __be32 info)
820 struct inet6_skb_parm *opt = IP6CB(skb);
821 const struct inet6_protocol *ipprot;
825 struct net *net = dev_net(skb->dev);
827 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
830 seg6_icmp_srh(skb, opt);
832 nexthdr = ((struct ipv6hdr *)skb->data)->nexthdr;
833 if (ipv6_ext_hdr(nexthdr)) {
834 /* now skip over extension headers */
835 inner_offset = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr),
836 &nexthdr, &frag_off);
837 if (inner_offset < 0)
840 inner_offset = sizeof(struct ipv6hdr);
843 /* Checkin header including 8 bytes of inner protocol header. */
844 if (!pskb_may_pull(skb, inner_offset+8))
847 /* BUGGG_FUTURE: we should try to parse exthdrs in this packet.
848 Without this we will not able f.e. to make source routed
850 Corresponding argument (opt) to notifiers is already added.
854 ipprot = rcu_dereference(inet6_protos[nexthdr]);
855 if (ipprot && ipprot->err_handler)
856 ipprot->err_handler(skb, opt, type, code, inner_offset, info);
858 raw6_icmp_error(skb, nexthdr, type, code, inner_offset, info);
862 __ICMP6_INC_STATS(net, __in6_dev_get(skb->dev), ICMP6_MIB_INERRORS);
866 * Handle icmp messages
869 static int icmpv6_rcv(struct sk_buff *skb)
871 enum skb_drop_reason reason = SKB_DROP_REASON_NOT_SPECIFIED;
872 struct net *net = dev_net(skb->dev);
873 struct net_device *dev = icmp6_dev(skb);
874 struct inet6_dev *idev = __in6_dev_get(dev);
875 const struct in6_addr *saddr, *daddr;
876 struct icmp6hdr *hdr;
879 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
880 struct sec_path *sp = skb_sec_path(skb);
883 if (!(sp && sp->xvec[sp->len - 1]->props.flags &
885 reason = SKB_DROP_REASON_XFRM_POLICY;
889 if (!pskb_may_pull(skb, sizeof(*hdr) + sizeof(struct ipv6hdr)))
892 nh = skb_network_offset(skb);
893 skb_set_network_header(skb, sizeof(*hdr));
895 if (!xfrm6_policy_check_reverse(NULL, XFRM_POLICY_IN,
897 reason = SKB_DROP_REASON_XFRM_POLICY;
901 skb_set_network_header(skb, nh);
904 __ICMP6_INC_STATS(dev_net(dev), idev, ICMP6_MIB_INMSGS);
906 saddr = &ipv6_hdr(skb)->saddr;
907 daddr = &ipv6_hdr(skb)->daddr;
909 if (skb_checksum_validate(skb, IPPROTO_ICMPV6, ip6_compute_pseudo)) {
910 net_dbg_ratelimited("ICMPv6 checksum failed [%pI6c > %pI6c]\n",
915 if (!pskb_pull(skb, sizeof(*hdr)))
918 hdr = icmp6_hdr(skb);
920 type = hdr->icmp6_type;
922 ICMP6MSGIN_INC_STATS(dev_net(dev), idev, type);
925 case ICMPV6_ECHO_REQUEST:
926 if (!net->ipv6.sysctl.icmpv6_echo_ignore_all)
927 icmpv6_echo_reply(skb);
929 case ICMPV6_EXT_ECHO_REQUEST:
930 if (!net->ipv6.sysctl.icmpv6_echo_ignore_all &&
931 READ_ONCE(net->ipv4.sysctl_icmp_echo_enable_probe))
932 icmpv6_echo_reply(skb);
935 case ICMPV6_ECHO_REPLY:
936 reason = ping_rcv(skb);
939 case ICMPV6_EXT_ECHO_REPLY:
940 reason = ping_rcv(skb);
943 case ICMPV6_PKT_TOOBIG:
944 /* BUGGG_FUTURE: if packet contains rthdr, we cannot update
945 standard destination cache. Seems, only "advanced"
946 destination cache will allow to solve this problem
949 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
951 hdr = icmp6_hdr(skb);
955 case ICMPV6_DEST_UNREACH:
956 case ICMPV6_TIME_EXCEED:
957 case ICMPV6_PARAMPROB:
958 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu);
961 case NDISC_ROUTER_SOLICITATION:
962 case NDISC_ROUTER_ADVERTISEMENT:
963 case NDISC_NEIGHBOUR_SOLICITATION:
964 case NDISC_NEIGHBOUR_ADVERTISEMENT:
969 case ICMPV6_MGM_QUERY:
970 igmp6_event_query(skb);
973 case ICMPV6_MGM_REPORT:
974 igmp6_event_report(skb);
977 case ICMPV6_MGM_REDUCTION:
978 case ICMPV6_NI_QUERY:
979 case ICMPV6_NI_REPLY:
980 case ICMPV6_MLD2_REPORT:
981 case ICMPV6_DHAAD_REQUEST:
982 case ICMPV6_DHAAD_REPLY:
983 case ICMPV6_MOBILE_PREFIX_SOL:
984 case ICMPV6_MOBILE_PREFIX_ADV:
989 if (type & ICMPV6_INFOMSG_MASK)
992 net_dbg_ratelimited("icmpv6: msg of unknown type [%pI6c > %pI6c]\n",
996 * error of unknown type.
997 * must pass to upper level
1000 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu);
1003 /* until the v6 path can be better sorted assume failure and
1004 * preserve the status quo behaviour for the rest of the paths to here
1007 kfree_skb_reason(skb, reason);
1014 reason = SKB_DROP_REASON_ICMP_CSUM;
1015 __ICMP6_INC_STATS(dev_net(dev), idev, ICMP6_MIB_CSUMERRORS);
1017 __ICMP6_INC_STATS(dev_net(dev), idev, ICMP6_MIB_INERRORS);
1019 kfree_skb_reason(skb, reason);
1023 void icmpv6_flow_init(struct sock *sk, struct flowi6 *fl6,
1025 const struct in6_addr *saddr,
1026 const struct in6_addr *daddr,
1029 memset(fl6, 0, sizeof(*fl6));
1030 fl6->saddr = *saddr;
1031 fl6->daddr = *daddr;
1032 fl6->flowi6_proto = IPPROTO_ICMPV6;
1033 fl6->fl6_icmp_type = type;
1034 fl6->fl6_icmp_code = 0;
1035 fl6->flowi6_oif = oif;
1036 security_sk_classify_flow(sk, flowi6_to_flowi_common(fl6));
1039 int __init icmpv6_init(void)
1044 for_each_possible_cpu(i) {
1045 err = inet_ctl_sock_create(&sk, PF_INET6,
1046 SOCK_RAW, IPPROTO_ICMPV6, &init_net);
1048 pr_err("Failed to initialize the ICMP6 control socket (err %d)\n",
1053 per_cpu(ipv6_icmp_sk, i) = sk;
1055 /* Enough space for 2 64K ICMP packets, including
1056 * sk_buff struct overhead.
1058 sk->sk_sndbuf = 2 * SKB_TRUESIZE(64 * 1024);
1062 if (inet6_add_protocol(&icmpv6_protocol, IPPROTO_ICMPV6) < 0)
1065 err = inet6_register_icmp_sender(icmp6_send);
1067 goto sender_reg_err;
1071 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6);
1073 pr_err("Failed to register ICMP6 protocol\n");
1077 void icmpv6_cleanup(void)
1079 inet6_unregister_icmp_sender(icmp6_send);
1080 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6);
1084 static const struct icmp6_err {
1092 { /* ADM_PROHIBITED */
1096 { /* Was NOT_NEIGHBOUR, now reserved */
1097 .err = EHOSTUNREACH,
1100 { /* ADDR_UNREACH */
1101 .err = EHOSTUNREACH,
1104 { /* PORT_UNREACH */
1105 .err = ECONNREFUSED,
1112 { /* REJECT_ROUTE */
1118 int icmpv6_err_convert(u8 type, u8 code, int *err)
1125 case ICMPV6_DEST_UNREACH:
1127 if (code < ARRAY_SIZE(tab_unreach)) {
1128 *err = tab_unreach[code].err;
1129 fatal = tab_unreach[code].fatal;
1133 case ICMPV6_PKT_TOOBIG:
1137 case ICMPV6_PARAMPROB:
1142 case ICMPV6_TIME_EXCEED:
1143 *err = EHOSTUNREACH;
1149 EXPORT_SYMBOL(icmpv6_err_convert);
1151 #ifdef CONFIG_SYSCTL
1152 static struct ctl_table ipv6_icmp_table_template[] = {
1154 .procname = "ratelimit",
1155 .data = &init_net.ipv6.sysctl.icmpv6_time,
1156 .maxlen = sizeof(int),
1158 .proc_handler = proc_dointvec_ms_jiffies,
1161 .procname = "echo_ignore_all",
1162 .data = &init_net.ipv6.sysctl.icmpv6_echo_ignore_all,
1163 .maxlen = sizeof(u8),
1165 .proc_handler = proc_dou8vec_minmax,
1168 .procname = "echo_ignore_multicast",
1169 .data = &init_net.ipv6.sysctl.icmpv6_echo_ignore_multicast,
1170 .maxlen = sizeof(u8),
1172 .proc_handler = proc_dou8vec_minmax,
1175 .procname = "echo_ignore_anycast",
1176 .data = &init_net.ipv6.sysctl.icmpv6_echo_ignore_anycast,
1177 .maxlen = sizeof(u8),
1179 .proc_handler = proc_dou8vec_minmax,
1182 .procname = "ratemask",
1183 .data = &init_net.ipv6.sysctl.icmpv6_ratemask_ptr,
1184 .maxlen = ICMPV6_MSG_MAX + 1,
1186 .proc_handler = proc_do_large_bitmap,
1191 struct ctl_table * __net_init ipv6_icmp_sysctl_init(struct net *net)
1193 struct ctl_table *table;
1195 table = kmemdup(ipv6_icmp_table_template,
1196 sizeof(ipv6_icmp_table_template),
1200 table[0].data = &net->ipv6.sysctl.icmpv6_time;
1201 table[1].data = &net->ipv6.sysctl.icmpv6_echo_ignore_all;
1202 table[2].data = &net->ipv6.sysctl.icmpv6_echo_ignore_multicast;
1203 table[3].data = &net->ipv6.sysctl.icmpv6_echo_ignore_anycast;
1204 table[4].data = &net->ipv6.sysctl.icmpv6_ratemask_ptr;