2 * Internet Control Message Protocol (ICMPv6)
3 * Linux INET6 implementation
6 * Pedro Roque <roque@di.fc.ul.pt>
8 * Based on net/ipv4/icmp.c
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation; either version
15 * 2 of the License, or (at your option) any later version.
21 * Andi Kleen : exception handling
22 * Andi Kleen add rate limits. never reply to a icmp.
23 * add more length checks and other fixes.
24 * yoshfuji : ensure to sent parameter problem for
26 * YOSHIFUJI Hideaki @USAGI: added sysctl for icmp rate limit.
28 * YOSHIFUJI Hideaki @USAGI: Per-interface statistics support
29 * Kazunori MIYAZAWA @USAGI: change output process to use ip6_append_data
32 #define pr_fmt(fmt) "IPv6: " fmt
34 #include <linux/module.h>
35 #include <linux/errno.h>
36 #include <linux/types.h>
37 #include <linux/socket.h>
39 #include <linux/kernel.h>
40 #include <linux/sockios.h>
41 #include <linux/net.h>
42 #include <linux/skbuff.h>
43 #include <linux/init.h>
44 #include <linux/netfilter.h>
45 #include <linux/slab.h>
48 #include <linux/sysctl.h>
51 #include <linux/inet.h>
52 #include <linux/netdevice.h>
53 #include <linux/icmpv6.h>
59 #include <net/ip6_checksum.h>
61 #include <net/protocol.h>
63 #include <net/rawv6.h>
64 #include <net/transp_v6.h>
65 #include <net/ip6_route.h>
66 #include <net/addrconf.h>
69 #include <net/inet_common.h>
70 #include <net/dsfield.h>
71 #include <net/l3mdev.h>
73 #include <linux/uaccess.h>
76 * The ICMP socket(s). This is the most convenient way to flow control
77 * our ICMP output as well as maintain a clean interface throughout
78 * all layers. All Socketless IP sends will soon be gone.
80 * On SMP we have one ICMP socket per-cpu.
82 static inline struct sock *icmpv6_sk(struct net *net)
84 return net->ipv6.icmp_sk[smp_processor_id()];
87 static void icmpv6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
88 u8 type, u8 code, int offset, __be32 info)
90 /* icmpv6_notify checks 8 bytes can be pulled, icmp6hdr is 8 bytes */
91 struct icmp6hdr *icmp6 = (struct icmp6hdr *) (skb->data + offset);
92 struct net *net = dev_net(skb->dev);
94 if (type == ICMPV6_PKT_TOOBIG)
95 ip6_update_pmtu(skb, net, info, skb->dev->ifindex, 0, sock_net_uid(net, NULL));
96 else if (type == NDISC_REDIRECT)
97 ip6_redirect(skb, net, skb->dev->ifindex, 0,
98 sock_net_uid(net, NULL));
100 if (!(type & ICMPV6_INFOMSG_MASK))
101 if (icmp6->icmp6_type == ICMPV6_ECHO_REQUEST)
102 ping_err(skb, offset, ntohl(info));
105 static int icmpv6_rcv(struct sk_buff *skb);
107 static const struct inet6_protocol icmpv6_protocol = {
108 .handler = icmpv6_rcv,
109 .err_handler = icmpv6_err,
110 .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
113 /* Called with BH disabled */
114 static __inline__ struct sock *icmpv6_xmit_lock(struct net *net)
119 if (unlikely(!spin_trylock(&sk->sk_lock.slock))) {
120 /* This can happen if the output path (f.e. SIT or
121 * ip6ip6 tunnel) signals dst_link_failure() for an
122 * outgoing ICMP6 packet.
129 static __inline__ void icmpv6_xmit_unlock(struct sock *sk)
131 spin_unlock(&sk->sk_lock.slock);
135 * Figure out, may we reply to this packet with icmp error.
137 * We do not reply, if:
138 * - it was icmp error message.
139 * - it is truncated, so that it is known, that protocol is ICMPV6
140 * (i.e. in the middle of some exthdr)
145 static bool is_ineligible(const struct sk_buff *skb)
147 int ptr = (u8 *)(ipv6_hdr(skb) + 1) - skb->data;
148 int len = skb->len - ptr;
149 __u8 nexthdr = ipv6_hdr(skb)->nexthdr;
155 ptr = ipv6_skip_exthdr(skb, ptr, &nexthdr, &frag_off);
158 if (nexthdr == IPPROTO_ICMPV6) {
160 tp = skb_header_pointer(skb,
161 ptr+offsetof(struct icmp6hdr, icmp6_type),
162 sizeof(_type), &_type);
163 if (!tp || !(*tp & ICMPV6_INFOMSG_MASK))
169 static bool icmpv6_mask_allow(int type)
171 /* Informational messages are not limited. */
172 if (type & ICMPV6_INFOMSG_MASK)
175 /* Do not limit pmtu discovery, it would break it. */
176 if (type == ICMPV6_PKT_TOOBIG)
182 static bool icmpv6_global_allow(int type)
184 if (icmpv6_mask_allow(type))
187 if (icmp_global_allow())
194 * Check the ICMP output rate limit
196 static bool icmpv6_xrlim_allow(struct sock *sk, u8 type,
199 struct net *net = sock_net(sk);
200 struct dst_entry *dst;
203 if (icmpv6_mask_allow(type))
207 * Look up the output route.
208 * XXX: perhaps the expire for routing entries cloned by
209 * this lookup should be more aggressive (not longer than timeout).
211 dst = ip6_route_output(net, sk, fl6);
213 IP6_INC_STATS(net, ip6_dst_idev(dst),
214 IPSTATS_MIB_OUTNOROUTES);
215 } else if (dst->dev && (dst->dev->flags&IFF_LOOPBACK)) {
218 struct rt6_info *rt = (struct rt6_info *)dst;
219 int tmo = net->ipv6.sysctl.icmpv6_time;
220 struct inet_peer *peer;
222 /* Give more bandwidth to wider prefixes. */
223 if (rt->rt6i_dst.plen < 128)
224 tmo >>= ((128 - rt->rt6i_dst.plen)>>5);
226 peer = inet_getpeer_v6(net->ipv6.peers, &fl6->daddr, 1);
227 res = inet_peer_xrlim_allow(peer, tmo);
236 * an inline helper for the "simple" if statement below
237 * checks if parameter problem report is caused by an
238 * unrecognized IPv6 option that has the Option Type
239 * highest-order two bits set to 10
242 static bool opt_unrec(struct sk_buff *skb, __u32 offset)
246 offset += skb_network_offset(skb);
247 op = skb_header_pointer(skb, offset, sizeof(_optval), &_optval);
250 return (*op & 0xC0) == 0x80;
253 void icmpv6_push_pending_frames(struct sock *sk, struct flowi6 *fl6,
254 struct icmp6hdr *thdr, int len)
257 struct icmp6hdr *icmp6h;
259 skb = skb_peek(&sk->sk_write_queue);
263 icmp6h = icmp6_hdr(skb);
264 memcpy(icmp6h, thdr, sizeof(struct icmp6hdr));
265 icmp6h->icmp6_cksum = 0;
267 if (skb_queue_len(&sk->sk_write_queue) == 1) {
268 skb->csum = csum_partial(icmp6h,
269 sizeof(struct icmp6hdr), skb->csum);
270 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr,
272 len, fl6->flowi6_proto,
277 skb_queue_walk(&sk->sk_write_queue, skb) {
278 tmp_csum = csum_add(tmp_csum, skb->csum);
281 tmp_csum = csum_partial(icmp6h,
282 sizeof(struct icmp6hdr), tmp_csum);
283 icmp6h->icmp6_cksum = csum_ipv6_magic(&fl6->saddr,
285 len, fl6->flowi6_proto,
288 ip6_push_pending_frames(sk);
297 static int icmpv6_getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb)
299 struct icmpv6_msg *msg = (struct icmpv6_msg *) from;
300 struct sk_buff *org_skb = msg->skb;
303 csum = skb_copy_and_csum_bits(org_skb, msg->offset + offset,
305 skb->csum = csum_block_add(skb->csum, csum, odd);
306 if (!(msg->type & ICMPV6_INFOMSG_MASK))
307 nf_ct_attach(skb, org_skb);
311 #if IS_ENABLED(CONFIG_IPV6_MIP6)
312 static void mip6_addr_swap(struct sk_buff *skb)
314 struct ipv6hdr *iph = ipv6_hdr(skb);
315 struct inet6_skb_parm *opt = IP6CB(skb);
316 struct ipv6_destopt_hao *hao;
321 off = ipv6_find_tlv(skb, opt->dsthao, IPV6_TLV_HAO);
322 if (likely(off >= 0)) {
323 hao = (struct ipv6_destopt_hao *)
324 (skb_network_header(skb) + off);
326 iph->saddr = hao->addr;
332 static inline void mip6_addr_swap(struct sk_buff *skb) {}
335 static struct dst_entry *icmpv6_route_lookup(struct net *net,
340 struct dst_entry *dst, *dst2;
344 err = ip6_dst_lookup(net, sk, &dst, fl6);
349 * We won't send icmp if the destination is known
352 if (ipv6_anycast_destination(dst, &fl6->daddr)) {
353 net_dbg_ratelimited("icmp6_send: acast source\n");
355 return ERR_PTR(-EINVAL);
358 /* No need to clone since we're just using its address. */
361 dst = xfrm_lookup(net, dst, flowi6_to_flowi(fl6), sk, 0);
366 if (PTR_ERR(dst) == -EPERM)
372 err = xfrm_decode_session_reverse(skb, flowi6_to_flowi(&fl2), AF_INET6);
374 goto relookup_failed;
376 err = ip6_dst_lookup(net, sk, &dst2, &fl2);
378 goto relookup_failed;
380 dst2 = xfrm_lookup(net, dst2, flowi6_to_flowi(&fl2), sk, XFRM_LOOKUP_ICMP);
390 goto relookup_failed;
399 static int icmp6_iif(const struct sk_buff *skb)
401 int iif = skb->dev->ifindex;
403 /* for local traffic to local address, skb dev is the loopback
404 * device. Check if there is a dst attached to the skb and if so
405 * get the real device index. Same is needed for replies to a link
406 * local address on a device enslaved to an L3 master device
408 if (unlikely(iif == LOOPBACK_IFINDEX || netif_is_l3_master(skb->dev))) {
409 const struct rt6_info *rt6 = skb_rt6_info(skb);
412 iif = rt6->rt6i_idev->dev->ifindex;
419 * Send an ICMP message in response to a packet in error
421 static void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info,
422 const struct in6_addr *force_saddr)
424 struct net *net = dev_net(skb->dev);
425 struct inet6_dev *idev = NULL;
426 struct ipv6hdr *hdr = ipv6_hdr(skb);
428 struct ipv6_pinfo *np;
429 const struct in6_addr *saddr = NULL;
430 struct dst_entry *dst;
431 struct icmp6hdr tmp_hdr;
433 struct icmpv6_msg msg;
434 struct ipcm6_cookie ipc6;
438 u32 mark = IP6_REPLY_MARK(net, skb->mark);
440 if ((u8 *)hdr < skb->head ||
441 (skb_network_header(skb) + sizeof(*hdr)) > skb_tail_pointer(skb))
445 * Make sure we respect the rules
446 * i.e. RFC 1885 2.4(e)
447 * Rule (e.1) is enforced by not using icmp6_send
448 * in any code that processes icmp errors.
450 addr_type = ipv6_addr_type(&hdr->daddr);
452 if (ipv6_chk_addr(net, &hdr->daddr, skb->dev, 0) ||
453 ipv6_chk_acast_addr_src(net, skb->dev, &hdr->daddr))
460 if (addr_type & IPV6_ADDR_MULTICAST || skb->pkt_type != PACKET_HOST) {
461 if (type != ICMPV6_PKT_TOOBIG &&
462 !(type == ICMPV6_PARAMPROB &&
463 code == ICMPV6_UNK_OPTION &&
464 (opt_unrec(skb, info))))
470 addr_type = ipv6_addr_type(&hdr->saddr);
476 if (__ipv6_addr_needs_scope_id(addr_type)) {
477 iif = icmp6_iif(skb);
480 iif = l3mdev_master_ifindex(dst ? dst->dev : skb->dev);
484 * Must not send error if the source does not uniquely
485 * identify a single node (RFC2463 Section 2.4).
486 * We check unspecified / multicast addresses here,
487 * and anycast addresses will be checked later.
489 if ((addr_type == IPV6_ADDR_ANY) || (addr_type & IPV6_ADDR_MULTICAST)) {
490 net_dbg_ratelimited("icmp6_send: addr_any/mcast source [%pI6c > %pI6c]\n",
491 &hdr->saddr, &hdr->daddr);
496 * Never answer to a ICMP packet.
498 if (is_ineligible(skb)) {
499 net_dbg_ratelimited("icmp6_send: no reply to icmp error [%pI6c > %pI6c]\n",
500 &hdr->saddr, &hdr->daddr);
504 /* Needed by both icmp_global_allow and icmpv6_xmit_lock */
507 /* Check global sysctl_icmp_msgs_per_sec ratelimit */
508 if (!(skb->dev->flags&IFF_LOOPBACK) && !icmpv6_global_allow(type))
513 memset(&fl6, 0, sizeof(fl6));
514 fl6.flowi6_proto = IPPROTO_ICMPV6;
515 fl6.daddr = hdr->saddr;
520 fl6.flowi6_mark = mark;
521 fl6.flowi6_oif = iif;
522 fl6.fl6_icmp_type = type;
523 fl6.fl6_icmp_code = code;
524 fl6.flowi6_uid = sock_net_uid(net, NULL);
525 fl6.mp_hash = rt6_multipath_hash(net, &fl6, skb, NULL);
526 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
528 sk = icmpv6_xmit_lock(net);
535 if (!icmpv6_xrlim_allow(sk, type, &fl6))
538 tmp_hdr.icmp6_type = type;
539 tmp_hdr.icmp6_code = code;
540 tmp_hdr.icmp6_cksum = 0;
541 tmp_hdr.icmp6_pointer = htonl(info);
543 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
544 fl6.flowi6_oif = np->mcast_oif;
545 else if (!fl6.flowi6_oif)
546 fl6.flowi6_oif = np->ucast_oif;
548 ipcm6_init_sk(&ipc6, np);
549 fl6.flowlabel = ip6_make_flowinfo(ipc6.tclass, fl6.flowlabel);
551 dst = icmpv6_route_lookup(net, skb, sk, &fl6);
555 ipc6.hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst);
558 msg.offset = skb_network_offset(skb);
561 len = skb->len - msg.offset;
562 len = min_t(unsigned int, len, IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(struct icmp6hdr));
564 net_dbg_ratelimited("icmp: len problem [%pI6c > %pI6c]\n",
565 &hdr->saddr, &hdr->daddr);
566 goto out_dst_release;
570 idev = __in6_dev_get(skb->dev);
572 if (ip6_append_data(sk, icmpv6_getfrag, &msg,
573 len + sizeof(struct icmp6hdr),
574 sizeof(struct icmp6hdr),
575 &ipc6, &fl6, (struct rt6_info *)dst,
577 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTERRORS);
578 ip6_flush_pending_frames(sk);
580 icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr,
581 len + sizeof(struct icmp6hdr));
587 icmpv6_xmit_unlock(sk);
592 /* Slightly more convenient version of icmp6_send.
594 void icmpv6_param_prob(struct sk_buff *skb, u8 code, int pos)
596 icmp6_send(skb, ICMPV6_PARAMPROB, code, pos, NULL);
600 /* Generate icmpv6 with type/code ICMPV6_DEST_UNREACH/ICMPV6_ADDR_UNREACH
601 * if sufficient data bytes are available
602 * @nhs is the size of the tunnel header(s) :
603 * Either an IPv4 header for SIT encap
604 * an IPv4 header + GRE header for GRE encap
606 int ip6_err_gen_icmpv6_unreach(struct sk_buff *skb, int nhs, int type,
607 unsigned int data_len)
609 struct in6_addr temp_saddr;
611 struct sk_buff *skb2;
614 if (!pskb_may_pull(skb, nhs + sizeof(struct ipv6hdr) + 8))
617 /* RFC 4884 (partial) support for ICMP extensions */
618 if (data_len < 128 || (data_len & 7) || skb->len < data_len)
621 skb2 = data_len ? skb_copy(skb, GFP_ATOMIC) : skb_clone(skb, GFP_ATOMIC);
628 skb_reset_network_header(skb2);
630 rt = rt6_lookup(dev_net(skb->dev), &ipv6_hdr(skb2)->saddr, NULL, 0,
633 if (rt && rt->dst.dev)
634 skb2->dev = rt->dst.dev;
636 ipv6_addr_set_v4mapped(ip_hdr(skb)->saddr, &temp_saddr);
639 /* RFC 4884 (partial) support :
640 * insert 0 padding at the end, before the extensions
642 __skb_push(skb2, nhs);
643 skb_reset_network_header(skb2);
644 memmove(skb2->data, skb2->data + nhs, data_len - nhs);
645 memset(skb2->data + data_len - nhs, 0, nhs);
646 /* RFC 4884 4.5 : Length is measured in 64-bit words,
647 * and stored in reserved[0]
649 info = (data_len/8) << 24;
651 if (type == ICMP_TIME_EXCEEDED)
652 icmp6_send(skb2, ICMPV6_TIME_EXCEED, ICMPV6_EXC_HOPLIMIT,
655 icmp6_send(skb2, ICMPV6_DEST_UNREACH, ICMPV6_ADDR_UNREACH,
664 EXPORT_SYMBOL(ip6_err_gen_icmpv6_unreach);
666 static void icmpv6_echo_reply(struct sk_buff *skb)
668 struct net *net = dev_net(skb->dev);
670 struct inet6_dev *idev;
671 struct ipv6_pinfo *np;
672 const struct in6_addr *saddr = NULL;
673 struct icmp6hdr *icmph = icmp6_hdr(skb);
674 struct icmp6hdr tmp_hdr;
676 struct icmpv6_msg msg;
677 struct dst_entry *dst;
678 struct ipcm6_cookie ipc6;
679 u32 mark = IP6_REPLY_MARK(net, skb->mark);
681 saddr = &ipv6_hdr(skb)->daddr;
683 if (!ipv6_unicast_destination(skb) &&
684 !(net->ipv6.sysctl.anycast_src_echo_reply &&
685 ipv6_anycast_destination(skb_dst(skb), saddr)))
688 memcpy(&tmp_hdr, icmph, sizeof(tmp_hdr));
689 tmp_hdr.icmp6_type = ICMPV6_ECHO_REPLY;
691 memset(&fl6, 0, sizeof(fl6));
692 fl6.flowi6_proto = IPPROTO_ICMPV6;
693 fl6.daddr = ipv6_hdr(skb)->saddr;
696 fl6.flowi6_oif = icmp6_iif(skb);
697 fl6.fl6_icmp_type = ICMPV6_ECHO_REPLY;
698 fl6.flowi6_mark = mark;
699 fl6.flowi6_uid = sock_net_uid(net, NULL);
700 security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
703 sk = icmpv6_xmit_lock(net);
709 if (!fl6.flowi6_oif && ipv6_addr_is_multicast(&fl6.daddr))
710 fl6.flowi6_oif = np->mcast_oif;
711 else if (!fl6.flowi6_oif)
712 fl6.flowi6_oif = np->ucast_oif;
714 if (ip6_dst_lookup(net, sk, &dst, &fl6))
716 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), sk, 0);
720 idev = __in6_dev_get(skb->dev);
724 msg.type = ICMPV6_ECHO_REPLY;
726 ipcm6_init_sk(&ipc6, np);
727 ipc6.hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst);
728 ipc6.tclass = ipv6_get_dsfield(ipv6_hdr(skb));
730 if (ip6_append_data(sk, icmpv6_getfrag, &msg,
731 skb->len + sizeof(struct icmp6hdr),
732 sizeof(struct icmp6hdr), &ipc6, &fl6,
733 (struct rt6_info *)dst, MSG_DONTWAIT)) {
734 __ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTERRORS);
735 ip6_flush_pending_frames(sk);
737 icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr,
738 skb->len + sizeof(struct icmp6hdr));
742 icmpv6_xmit_unlock(sk);
747 void icmpv6_notify(struct sk_buff *skb, u8 type, u8 code, __be32 info)
749 const struct inet6_protocol *ipprot;
753 struct net *net = dev_net(skb->dev);
755 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
758 nexthdr = ((struct ipv6hdr *)skb->data)->nexthdr;
759 if (ipv6_ext_hdr(nexthdr)) {
760 /* now skip over extension headers */
761 inner_offset = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr),
762 &nexthdr, &frag_off);
763 if (inner_offset < 0)
766 inner_offset = sizeof(struct ipv6hdr);
769 /* Checkin header including 8 bytes of inner protocol header. */
770 if (!pskb_may_pull(skb, inner_offset+8))
773 /* BUGGG_FUTURE: we should try to parse exthdrs in this packet.
774 Without this we will not able f.e. to make source routed
776 Corresponding argument (opt) to notifiers is already added.
780 ipprot = rcu_dereference(inet6_protos[nexthdr]);
781 if (ipprot && ipprot->err_handler)
782 ipprot->err_handler(skb, NULL, type, code, inner_offset, info);
784 raw6_icmp_error(skb, nexthdr, type, code, inner_offset, info);
788 __ICMP6_INC_STATS(net, __in6_dev_get(skb->dev), ICMP6_MIB_INERRORS);
792 * Handle icmp messages
795 static int icmpv6_rcv(struct sk_buff *skb)
797 struct net *net = dev_net(skb->dev);
798 struct net_device *dev = skb->dev;
799 struct inet6_dev *idev = __in6_dev_get(dev);
800 const struct in6_addr *saddr, *daddr;
801 struct icmp6hdr *hdr;
803 bool success = false;
805 if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
806 struct sec_path *sp = skb_sec_path(skb);
809 if (!(sp && sp->xvec[sp->len - 1]->props.flags &
813 if (!pskb_may_pull(skb, sizeof(*hdr) + sizeof(struct ipv6hdr)))
816 nh = skb_network_offset(skb);
817 skb_set_network_header(skb, sizeof(*hdr));
819 if (!xfrm6_policy_check_reverse(NULL, XFRM_POLICY_IN, skb))
822 skb_set_network_header(skb, nh);
825 __ICMP6_INC_STATS(dev_net(dev), idev, ICMP6_MIB_INMSGS);
827 saddr = &ipv6_hdr(skb)->saddr;
828 daddr = &ipv6_hdr(skb)->daddr;
830 if (skb_checksum_validate(skb, IPPROTO_ICMPV6, ip6_compute_pseudo)) {
831 net_dbg_ratelimited("ICMPv6 checksum failed [%pI6c > %pI6c]\n",
836 if (!pskb_pull(skb, sizeof(*hdr)))
839 hdr = icmp6_hdr(skb);
841 type = hdr->icmp6_type;
843 ICMP6MSGIN_INC_STATS(dev_net(dev), idev, type);
846 case ICMPV6_ECHO_REQUEST:
847 if (!net->ipv6.sysctl.icmpv6_echo_ignore_all)
848 icmpv6_echo_reply(skb);
851 case ICMPV6_ECHO_REPLY:
852 success = ping_rcv(skb);
855 case ICMPV6_PKT_TOOBIG:
856 /* BUGGG_FUTURE: if packet contains rthdr, we cannot update
857 standard destination cache. Seems, only "advanced"
858 destination cache will allow to solve this problem
861 if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
863 hdr = icmp6_hdr(skb);
867 case ICMPV6_DEST_UNREACH:
868 case ICMPV6_TIME_EXCEED:
869 case ICMPV6_PARAMPROB:
870 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu);
873 case NDISC_ROUTER_SOLICITATION:
874 case NDISC_ROUTER_ADVERTISEMENT:
875 case NDISC_NEIGHBOUR_SOLICITATION:
876 case NDISC_NEIGHBOUR_ADVERTISEMENT:
881 case ICMPV6_MGM_QUERY:
882 igmp6_event_query(skb);
885 case ICMPV6_MGM_REPORT:
886 igmp6_event_report(skb);
889 case ICMPV6_MGM_REDUCTION:
890 case ICMPV6_NI_QUERY:
891 case ICMPV6_NI_REPLY:
892 case ICMPV6_MLD2_REPORT:
893 case ICMPV6_DHAAD_REQUEST:
894 case ICMPV6_DHAAD_REPLY:
895 case ICMPV6_MOBILE_PREFIX_SOL:
896 case ICMPV6_MOBILE_PREFIX_ADV:
901 if (type & ICMPV6_INFOMSG_MASK)
904 net_dbg_ratelimited("icmpv6: msg of unknown type [%pI6c > %pI6c]\n",
908 * error of unknown type.
909 * must pass to upper level
912 icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu);
915 /* until the v6 path can be better sorted assume failure and
916 * preserve the status quo behaviour for the rest of the paths to here
926 __ICMP6_INC_STATS(dev_net(dev), idev, ICMP6_MIB_CSUMERRORS);
928 __ICMP6_INC_STATS(dev_net(dev), idev, ICMP6_MIB_INERRORS);
934 void icmpv6_flow_init(struct sock *sk, struct flowi6 *fl6,
936 const struct in6_addr *saddr,
937 const struct in6_addr *daddr,
940 memset(fl6, 0, sizeof(*fl6));
943 fl6->flowi6_proto = IPPROTO_ICMPV6;
944 fl6->fl6_icmp_type = type;
945 fl6->fl6_icmp_code = 0;
946 fl6->flowi6_oif = oif;
947 security_sk_classify_flow(sk, flowi6_to_flowi(fl6));
950 static int __net_init icmpv6_sk_init(struct net *net)
956 kcalloc(nr_cpu_ids, sizeof(struct sock *), GFP_KERNEL);
957 if (!net->ipv6.icmp_sk)
960 for_each_possible_cpu(i) {
961 err = inet_ctl_sock_create(&sk, PF_INET6,
962 SOCK_RAW, IPPROTO_ICMPV6, net);
964 pr_err("Failed to initialize the ICMP6 control socket (err %d)\n",
969 net->ipv6.icmp_sk[i] = sk;
971 /* Enough space for 2 64K ICMP packets, including
972 * sk_buff struct overhead.
974 sk->sk_sndbuf = 2 * SKB_TRUESIZE(64 * 1024);
979 for (j = 0; j < i; j++)
980 inet_ctl_sock_destroy(net->ipv6.icmp_sk[j]);
981 kfree(net->ipv6.icmp_sk);
985 static void __net_exit icmpv6_sk_exit(struct net *net)
989 for_each_possible_cpu(i) {
990 inet_ctl_sock_destroy(net->ipv6.icmp_sk[i]);
992 kfree(net->ipv6.icmp_sk);
995 static struct pernet_operations icmpv6_sk_ops = {
996 .init = icmpv6_sk_init,
997 .exit = icmpv6_sk_exit,
1000 int __init icmpv6_init(void)
1004 err = register_pernet_subsys(&icmpv6_sk_ops);
1009 if (inet6_add_protocol(&icmpv6_protocol, IPPROTO_ICMPV6) < 0)
1012 err = inet6_register_icmp_sender(icmp6_send);
1014 goto sender_reg_err;
1018 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6);
1020 pr_err("Failed to register ICMP6 protocol\n");
1021 unregister_pernet_subsys(&icmpv6_sk_ops);
1025 void icmpv6_cleanup(void)
1027 inet6_unregister_icmp_sender(icmp6_send);
1028 unregister_pernet_subsys(&icmpv6_sk_ops);
1029 inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6);
1033 static const struct icmp6_err {
1041 { /* ADM_PROHIBITED */
1045 { /* Was NOT_NEIGHBOUR, now reserved */
1046 .err = EHOSTUNREACH,
1049 { /* ADDR_UNREACH */
1050 .err = EHOSTUNREACH,
1053 { /* PORT_UNREACH */
1054 .err = ECONNREFUSED,
1061 { /* REJECT_ROUTE */
1067 int icmpv6_err_convert(u8 type, u8 code, int *err)
1074 case ICMPV6_DEST_UNREACH:
1076 if (code < ARRAY_SIZE(tab_unreach)) {
1077 *err = tab_unreach[code].err;
1078 fatal = tab_unreach[code].fatal;
1082 case ICMPV6_PKT_TOOBIG:
1086 case ICMPV6_PARAMPROB:
1091 case ICMPV6_TIME_EXCEED:
1092 *err = EHOSTUNREACH;
1098 EXPORT_SYMBOL(icmpv6_err_convert);
1100 #ifdef CONFIG_SYSCTL
1101 static struct ctl_table ipv6_icmp_table_template[] = {
1103 .procname = "ratelimit",
1104 .data = &init_net.ipv6.sysctl.icmpv6_time,
1105 .maxlen = sizeof(int),
1107 .proc_handler = proc_dointvec_ms_jiffies,
1110 .procname = "echo_ignore_all",
1111 .data = &init_net.ipv6.sysctl.icmpv6_echo_ignore_all,
1112 .maxlen = sizeof(int),
1114 .proc_handler = proc_dointvec,
1119 struct ctl_table * __net_init ipv6_icmp_sysctl_init(struct net *net)
1121 struct ctl_table *table;
1123 table = kmemdup(ipv6_icmp_table_template,
1124 sizeof(ipv6_icmp_table_template),
1128 table[0].data = &net->ipv6.sysctl.icmpv6_time;
1129 table[1].data = &net->ipv6.sysctl.icmpv6_echo_ignore_all;
projects / linux.git / blob