linux/net/ipv6/icmp.c
<<
>>
Prefs
   1/*
   2 *      Internet Control Message Protocol (ICMPv6)
   3 *      Linux INET6 implementation
   4 *
   5 *      Authors:
   6 *      Pedro Roque             <roque@di.fc.ul.pt>
   7 *
   8 *      Based on net/ipv4/icmp.c
   9 *
  10 *      RFC 1885
  11 *
  12 *      This program is free software; you can redistribute it and/or
  13 *      modify it under the terms of the GNU General Public License
  14 *      as published by the Free Software Foundation; either version
  15 *      2 of the License, or (at your option) any later version.
  16 */
  17
  18/*
  19 *      Changes:
  20 *
  21 *      Andi Kleen              :       exception handling
  22 *      Andi Kleen                      add rate limits. never reply to a icmp.
  23 *                                      add more length checks and other fixes.
  24 *      yoshfuji                :       ensure to sent parameter problem for
  25 *                                      fragments.
  26 *      YOSHIFUJI Hideaki @USAGI:       added sysctl for icmp rate limit.
  27 *      Randy Dunlap and
  28 *      YOSHIFUJI Hideaki @USAGI:       Per-interface statistics support
  29 *      Kazunori MIYAZAWA @USAGI:       change output process to use ip6_append_data
  30 */
  31
  32#include <linux/module.h>
  33#include <linux/errno.h>
  34#include <linux/types.h>
  35#include <linux/socket.h>
  36#include <linux/in.h>
  37#include <linux/kernel.h>
  38#include <linux/sockios.h>
  39#include <linux/net.h>
  40#include <linux/skbuff.h>
  41#include <linux/init.h>
  42#include <linux/netfilter.h>
  43
  44#ifdef CONFIG_SYSCTL
  45#include <linux/sysctl.h>
  46#endif
  47
  48#include <linux/inet.h>
  49#include <linux/netdevice.h>
  50#include <linux/icmpv6.h>
  51
  52#include <net/ip.h>
  53#include <net/sock.h>
  54
  55#include <net/ipv6.h>
  56#include <net/ip6_checksum.h>
  57#include <net/protocol.h>
  58#include <net/raw.h>
  59#include <net/rawv6.h>
  60#include <net/transp_v6.h>
  61#include <net/ip6_route.h>
  62#include <net/addrconf.h>
  63#include <net/icmp.h>
  64#include <net/xfrm.h>
  65#include <net/inet_common.h>
  66
  67#include <asm/uaccess.h>
  68#include <asm/system.h>
  69
  70DEFINE_SNMP_STAT(struct icmpv6_mib, icmpv6_statistics) __read_mostly;
  71EXPORT_SYMBOL(icmpv6_statistics);
  72DEFINE_SNMP_STAT(struct icmpv6msg_mib, icmpv6msg_statistics) __read_mostly;
  73EXPORT_SYMBOL(icmpv6msg_statistics);
  74
  75/*
  76 *      The ICMP socket(s). This is the most convenient way to flow control
  77 *      our ICMP output as well as maintain a clean interface throughout
  78 *      all layers. All Socketless IP sends will soon be gone.
  79 *
  80 *      On SMP we have one ICMP socket per-cpu.
  81 */
  82static inline struct sock *icmpv6_sk(struct net *net)
  83{
  84        return net->ipv6.icmp_sk[smp_processor_id()];
  85}
  86
  87static int icmpv6_rcv(struct sk_buff *skb);
  88
  89static struct inet6_protocol icmpv6_protocol = {
  90        .handler        =       icmpv6_rcv,
  91        .flags          =       INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
  92};
  93
  94static __inline__ struct sock *icmpv6_xmit_lock(struct net *net)
  95{
  96        struct sock *sk;
  97
  98        local_bh_disable();
  99
 100        sk = icmpv6_sk(net);
 101        if (unlikely(!spin_trylock(&sk->sk_lock.slock))) {
 102                /* This can happen if the output path (f.e. SIT or
 103                 * ip6ip6 tunnel) signals dst_link_failure() for an
 104                 * outgoing ICMP6 packet.
 105                 */
 106                local_bh_enable();
 107                return NULL;
 108        }
 109        return sk;
 110}
 111
 112static __inline__ void icmpv6_xmit_unlock(struct sock *sk)
 113{
 114        spin_unlock_bh(&sk->sk_lock.slock);
 115}
 116
 117/*
 118 * Slightly more convenient version of icmpv6_send.
 119 */
 120void icmpv6_param_prob(struct sk_buff *skb, int code, int pos)
 121{
 122        icmpv6_send(skb, ICMPV6_PARAMPROB, code, pos, skb->dev);
 123        kfree_skb(skb);
 124}
 125
 126/*
 127 * Figure out, may we reply to this packet with icmp error.
 128 *
 129 * We do not reply, if:
 130 *      - it was icmp error message.
 131 *      - it is truncated, so that it is known, that protocol is ICMPV6
 132 *        (i.e. in the middle of some exthdr)
 133 *
 134 *      --ANK (980726)
 135 */
 136
 137static int is_ineligible(struct sk_buff *skb)
 138{
 139        int ptr = (u8 *)(ipv6_hdr(skb) + 1) - skb->data;
 140        int len = skb->len - ptr;
 141        __u8 nexthdr = ipv6_hdr(skb)->nexthdr;
 142
 143        if (len < 0)
 144                return 1;
 145
 146        ptr = ipv6_skip_exthdr(skb, ptr, &nexthdr);
 147        if (ptr < 0)
 148                return 0;
 149        if (nexthdr == IPPROTO_ICMPV6) {
 150                u8 _type, *tp;
 151                tp = skb_header_pointer(skb,
 152                        ptr+offsetof(struct icmp6hdr, icmp6_type),
 153                        sizeof(_type), &_type);
 154                if (tp == NULL ||
 155                    !(*tp & ICMPV6_INFOMSG_MASK))
 156                        return 1;
 157        }
 158        return 0;
 159}
 160
 161/*
 162 * Check the ICMP output rate limit
 163 */
 164static inline int icmpv6_xrlim_allow(struct sock *sk, int type,
 165                                     struct flowi *fl)
 166{
 167        struct dst_entry *dst;
 168        struct net *net = sock_net(sk);
 169        int res = 0;
 170
 171        /* Informational messages are not limited. */
 172        if (type & ICMPV6_INFOMSG_MASK)
 173                return 1;
 174
 175        /* Do not limit pmtu discovery, it would break it. */
 176        if (type == ICMPV6_PKT_TOOBIG)
 177                return 1;
 178
 179        /*
 180         * Look up the output route.
 181         * XXX: perhaps the expire for routing entries cloned by
 182         * this lookup should be more aggressive (not longer than timeout).
 183         */
 184        dst = ip6_route_output(net, sk, fl);
 185        if (dst->error) {
 186                IP6_INC_STATS(net, ip6_dst_idev(dst),
 187                              IPSTATS_MIB_OUTNOROUTES);
 188        } else if (dst->dev && (dst->dev->flags&IFF_LOOPBACK)) {
 189                res = 1;
 190        } else {
 191                struct rt6_info *rt = (struct rt6_info *)dst;
 192                int tmo = net->ipv6.sysctl.icmpv6_time;
 193
 194                /* Give more bandwidth to wider prefixes. */
 195                if (rt->rt6i_dst.plen < 128)
 196                        tmo >>= ((128 - rt->rt6i_dst.plen)>>5);
 197
 198                res = xrlim_allow(dst, tmo);
 199        }
 200        dst_release(dst);
 201        return res;
 202}
 203
 204/*
 205 *      an inline helper for the "simple" if statement below
 206 *      checks if parameter problem report is caused by an
 207 *      unrecognized IPv6 option that has the Option Type
 208 *      highest-order two bits set to 10
 209 */
 210
 211static __inline__ int opt_unrec(struct sk_buff *skb, __u32 offset)
 212{
 213        u8 _optval, *op;
 214
 215        offset += skb_network_offset(skb);
 216        op = skb_header_pointer(skb, offset, sizeof(_optval), &_optval);
 217        if (op == NULL)
 218                return 1;
 219        return (*op & 0xC0) == 0x80;
 220}
 221
 222static int icmpv6_push_pending_frames(struct sock *sk, struct flowi *fl, struct icmp6hdr *thdr, int len)
 223{
 224        struct sk_buff *skb;
 225        struct icmp6hdr *icmp6h;
 226        int err = 0;
 227
 228        if ((skb = skb_peek(&sk->sk_write_queue)) == NULL)
 229                goto out;
 230
 231        icmp6h = icmp6_hdr(skb);
 232        memcpy(icmp6h, thdr, sizeof(struct icmp6hdr));
 233        icmp6h->icmp6_cksum = 0;
 234
 235        if (skb_queue_len(&sk->sk_write_queue) == 1) {
 236                skb->csum = csum_partial(icmp6h,
 237                                        sizeof(struct icmp6hdr), skb->csum);
 238                icmp6h->icmp6_cksum = csum_ipv6_magic(&fl->fl6_src,
 239                                                      &fl->fl6_dst,
 240                                                      len, fl->proto,
 241                                                      skb->csum);
 242        } else {
 243                __wsum tmp_csum = 0;
 244
 245                skb_queue_walk(&sk->sk_write_queue, skb) {
 246                        tmp_csum = csum_add(tmp_csum, skb->csum);
 247                }
 248
 249                tmp_csum = csum_partial(icmp6h,
 250                                        sizeof(struct icmp6hdr), tmp_csum);
 251                icmp6h->icmp6_cksum = csum_ipv6_magic(&fl->fl6_src,
 252                                                      &fl->fl6_dst,
 253                                                      len, fl->proto,
 254                                                      tmp_csum);
 255        }
 256        ip6_push_pending_frames(sk);
 257out:
 258        return err;
 259}
 260
 261struct icmpv6_msg {
 262        struct sk_buff  *skb;
 263        int             offset;
 264        uint8_t         type;
 265};
 266
 267static int icmpv6_getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb)
 268{
 269        struct icmpv6_msg *msg = (struct icmpv6_msg *) from;
 270        struct sk_buff *org_skb = msg->skb;
 271        __wsum csum = 0;
 272
 273        csum = skb_copy_and_csum_bits(org_skb, msg->offset + offset,
 274                                      to, len, csum);
 275        skb->csum = csum_block_add(skb->csum, csum, odd);
 276        if (!(msg->type & ICMPV6_INFOMSG_MASK))
 277                nf_ct_attach(skb, org_skb);
 278        return 0;
 279}
 280
 281#if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE)
 282static void mip6_addr_swap(struct sk_buff *skb)
 283{
 284        struct ipv6hdr *iph = ipv6_hdr(skb);
 285        struct inet6_skb_parm *opt = IP6CB(skb);
 286        struct ipv6_destopt_hao *hao;
 287        struct in6_addr tmp;
 288        int off;
 289
 290        if (opt->dsthao) {
 291                off = ipv6_find_tlv(skb, opt->dsthao, IPV6_TLV_HAO);
 292                if (likely(off >= 0)) {
 293                        hao = (struct ipv6_destopt_hao *)
 294                                        (skb_network_header(skb) + off);
 295                        ipv6_addr_copy(&tmp, &iph->saddr);
 296                        ipv6_addr_copy(&iph->saddr, &hao->addr);
 297                        ipv6_addr_copy(&hao->addr, &tmp);
 298                }
 299        }
 300}
 301#else
 302static inline void mip6_addr_swap(struct sk_buff *skb) {}
 303#endif
 304
 305/*
 306 *      Send an ICMP message in response to a packet in error
 307 */
 308void icmpv6_send(struct sk_buff *skb, int type, int code, __u32 info,
 309                 struct net_device *dev)
 310{
 311        struct net *net = dev_net(skb->dev);
 312        struct inet6_dev *idev = NULL;
 313        struct ipv6hdr *hdr = ipv6_hdr(skb);
 314        struct sock *sk;
 315        struct ipv6_pinfo *np;
 316        struct in6_addr *saddr = NULL;
 317        struct dst_entry *dst;
 318        struct dst_entry *dst2;
 319        struct icmp6hdr tmp_hdr;
 320        struct flowi fl;
 321        struct flowi fl2;
 322        struct icmpv6_msg msg;
 323        int iif = 0;
 324        int addr_type = 0;
 325        int len;
 326        int hlimit, tclass;
 327        int err = 0;
 328
 329        if ((u8 *)hdr < skb->head ||
 330            (skb->network_header + sizeof(*hdr)) > skb->tail)
 331                return;
 332
 333        /*
 334         *      Make sure we respect the rules
 335         *      i.e. RFC 1885 2.4(e)
 336         *      Rule (e.1) is enforced by not using icmpv6_send
 337         *      in any code that processes icmp errors.
 338         */
 339        addr_type = ipv6_addr_type(&hdr->daddr);
 340
 341        if (ipv6_chk_addr(net, &hdr->daddr, skb->dev, 0))
 342                saddr = &hdr->daddr;
 343
 344        /*
 345         *      Dest addr check
 346         */
 347
 348        if ((addr_type & IPV6_ADDR_MULTICAST || skb->pkt_type != PACKET_HOST)) {
 349                if (type != ICMPV6_PKT_TOOBIG &&
 350                    !(type == ICMPV6_PARAMPROB &&
 351                      code == ICMPV6_UNK_OPTION &&
 352                      (opt_unrec(skb, info))))
 353                        return;
 354
 355                saddr = NULL;
 356        }
 357
 358        addr_type = ipv6_addr_type(&hdr->saddr);
 359
 360        /*
 361         *      Source addr check
 362         */
 363
 364        if (addr_type & IPV6_ADDR_LINKLOCAL)
 365                iif = skb->dev->ifindex;
 366
 367        /*
 368         *      Must not send error if the source does not uniquely
 369         *      identify a single node (RFC2463 Section 2.4).
 370         *      We check unspecified / multicast addresses here,
 371         *      and anycast addresses will be checked later.
 372         */
 373        if ((addr_type == IPV6_ADDR_ANY) || (addr_type & IPV6_ADDR_MULTICAST)) {
 374                LIMIT_NETDEBUG(KERN_DEBUG "icmpv6_send: addr_any/mcast source\n");
 375                return;
 376        }
 377
 378        /*
 379         *      Never answer to a ICMP packet.
 380         */
 381        if (is_ineligible(skb)) {
 382                LIMIT_NETDEBUG(KERN_DEBUG "icmpv6_send: no reply to icmp error\n");
 383                return;
 384        }
 385
 386        mip6_addr_swap(skb);
 387
 388        memset(&fl, 0, sizeof(fl));
 389        fl.proto = IPPROTO_ICMPV6;
 390        ipv6_addr_copy(&fl.fl6_dst, &hdr->saddr);
 391        if (saddr)
 392                ipv6_addr_copy(&fl.fl6_src, saddr);
 393        fl.oif = iif;
 394        fl.fl_icmp_type = type;
 395        fl.fl_icmp_code = code;
 396        security_skb_classify_flow(skb, &fl);
 397
 398        sk = icmpv6_xmit_lock(net);
 399        if (sk == NULL)
 400                return;
 401        np = inet6_sk(sk);
 402
 403        if (!icmpv6_xrlim_allow(sk, type, &fl))
 404                goto out;
 405
 406        tmp_hdr.icmp6_type = type;
 407        tmp_hdr.icmp6_code = code;
 408        tmp_hdr.icmp6_cksum = 0;
 409        tmp_hdr.icmp6_pointer = htonl(info);
 410
 411        if (!fl.oif && ipv6_addr_is_multicast(&fl.fl6_dst))
 412                fl.oif = np->mcast_oif;
 413
 414        err = ip6_dst_lookup(sk, &dst, &fl);
 415        if (err)
 416                goto out;
 417
 418        /*
 419         * We won't send icmp if the destination is known
 420         * anycast.
 421         */
 422        if (((struct rt6_info *)dst)->rt6i_flags & RTF_ANYCAST) {
 423                LIMIT_NETDEBUG(KERN_DEBUG "icmpv6_send: acast source\n");
 424                goto out_dst_release;
 425        }
 426
 427        /* No need to clone since we're just using its address. */
 428        dst2 = dst;
 429
 430        err = xfrm_lookup(net, &dst, &fl, sk, 0);
 431        switch (err) {
 432        case 0:
 433                if (dst != dst2)
 434                        goto route_done;
 435                break;
 436        case -EPERM:
 437                dst = NULL;
 438                break;
 439        default:
 440                goto out;
 441        }
 442
 443        if (xfrm_decode_session_reverse(skb, &fl2, AF_INET6))
 444                goto relookup_failed;
 445
 446        if (ip6_dst_lookup(sk, &dst2, &fl2))
 447                goto relookup_failed;
 448
 449        err = xfrm_lookup(net, &dst2, &fl2, sk, XFRM_LOOKUP_ICMP);
 450        switch (err) {
 451        case 0:
 452                dst_release(dst);
 453                dst = dst2;
 454                break;
 455        case -EPERM:
 456                goto out_dst_release;
 457        default:
 458relookup_failed:
 459                if (!dst)
 460                        goto out;
 461                break;
 462        }
 463
 464route_done:
 465        if (ipv6_addr_is_multicast(&fl.fl6_dst))
 466                hlimit = np->mcast_hops;
 467        else
 468                hlimit = np->hop_limit;
 469        if (hlimit < 0)
 470                hlimit = ip6_dst_hoplimit(dst);
 471
 472        tclass = np->tclass;
 473        if (tclass < 0)
 474                tclass = 0;
 475
 476        msg.skb = skb;
 477        msg.offset = skb_network_offset(skb);
 478        msg.type = type;
 479
 480        len = skb->len - msg.offset;
 481        len = min_t(unsigned int, len, IPV6_MIN_MTU - sizeof(struct ipv6hdr) -sizeof(struct icmp6hdr));
 482        if (len < 0) {
 483                LIMIT_NETDEBUG(KERN_DEBUG "icmp: len problem\n");
 484                goto out_dst_release;
 485        }
 486
 487        idev = in6_dev_get(skb->dev);
 488
 489        err = ip6_append_data(sk, icmpv6_getfrag, &msg,
 490                              len + sizeof(struct icmp6hdr),
 491                              sizeof(struct icmp6hdr),
 492                              hlimit, tclass, NULL, &fl, (struct rt6_info*)dst,
 493                              MSG_DONTWAIT);
 494        if (err) {
 495                ip6_flush_pending_frames(sk);
 496                goto out_put;
 497        }
 498        err = icmpv6_push_pending_frames(sk, &fl, &tmp_hdr, len + sizeof(struct icmp6hdr));
 499
 500out_put:
 501        if (likely(idev != NULL))
 502                in6_dev_put(idev);
 503out_dst_release:
 504        dst_release(dst);
 505out:
 506        icmpv6_xmit_unlock(sk);
 507}
 508
 509EXPORT_SYMBOL(icmpv6_send);
 510
 511static void icmpv6_echo_reply(struct sk_buff *skb)
 512{
 513        struct net *net = dev_net(skb->dev);
 514        struct sock *sk;
 515        struct inet6_dev *idev;
 516        struct ipv6_pinfo *np;
 517        struct in6_addr *saddr = NULL;
 518        struct icmp6hdr *icmph = icmp6_hdr(skb);
 519        struct icmp6hdr tmp_hdr;
 520        struct flowi fl;
 521        struct icmpv6_msg msg;
 522        struct dst_entry *dst;
 523        int err = 0;
 524        int hlimit;
 525        int tclass;
 526
 527        saddr = &ipv6_hdr(skb)->daddr;
 528
 529        if (!ipv6_unicast_destination(skb))
 530                saddr = NULL;
 531
 532        memcpy(&tmp_hdr, icmph, sizeof(tmp_hdr));
 533        tmp_hdr.icmp6_type = ICMPV6_ECHO_REPLY;
 534
 535        memset(&fl, 0, sizeof(fl));
 536        fl.proto = IPPROTO_ICMPV6;
 537        ipv6_addr_copy(&fl.fl6_dst, &ipv6_hdr(skb)->saddr);
 538        if (saddr)
 539                ipv6_addr_copy(&fl.fl6_src, saddr);
 540        fl.oif = skb->dev->ifindex;
 541        fl.fl_icmp_type = ICMPV6_ECHO_REPLY;
 542        security_skb_classify_flow(skb, &fl);
 543
 544        sk = icmpv6_xmit_lock(net);
 545        if (sk == NULL)
 546                return;
 547        np = inet6_sk(sk);
 548
 549        if (!fl.oif && ipv6_addr_is_multicast(&fl.fl6_dst))
 550                fl.oif = np->mcast_oif;
 551
 552        err = ip6_dst_lookup(sk, &dst, &fl);
 553        if (err)
 554                goto out;
 555        if ((err = xfrm_lookup(net, &dst, &fl, sk, 0)) < 0)
 556                goto out;
 557
 558        if (ipv6_addr_is_multicast(&fl.fl6_dst))
 559                hlimit = np->mcast_hops;
 560        else
 561                hlimit = np->hop_limit;
 562        if (hlimit < 0)
 563                hlimit = ip6_dst_hoplimit(dst);
 564
 565        tclass = np->tclass;
 566        if (tclass < 0)
 567                tclass = 0;
 568
 569        idev = in6_dev_get(skb->dev);
 570
 571        msg.skb = skb;
 572        msg.offset = 0;
 573        msg.type = ICMPV6_ECHO_REPLY;
 574
 575        err = ip6_append_data(sk, icmpv6_getfrag, &msg, skb->len + sizeof(struct icmp6hdr),
 576                                sizeof(struct icmp6hdr), hlimit, tclass, NULL, &fl,
 577                                (struct rt6_info*)dst, MSG_DONTWAIT);
 578
 579        if (err) {
 580                ip6_flush_pending_frames(sk);
 581                goto out_put;
 582        }
 583        err = icmpv6_push_pending_frames(sk, &fl, &tmp_hdr, skb->len + sizeof(struct icmp6hdr));
 584
 585out_put:
 586        if (likely(idev != NULL))
 587                in6_dev_put(idev);
 588        dst_release(dst);
 589out:
 590        icmpv6_xmit_unlock(sk);
 591}
 592
 593static void icmpv6_notify(struct sk_buff *skb, int type, int code, __be32 info)
 594{
 595        struct inet6_protocol *ipprot;
 596        int inner_offset;
 597        int hash;
 598        u8 nexthdr;
 599
 600        if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
 601                return;
 602
 603        nexthdr = ((struct ipv6hdr *)skb->data)->nexthdr;
 604        if (ipv6_ext_hdr(nexthdr)) {
 605                /* now skip over extension headers */
 606                inner_offset = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), &nexthdr);
 607                if (inner_offset<0)
 608                        return;
 609        } else {
 610                inner_offset = sizeof(struct ipv6hdr);
 611        }
 612
 613        /* Checkin header including 8 bytes of inner protocol header. */
 614        if (!pskb_may_pull(skb, inner_offset+8))
 615                return;
 616
 617        /* BUGGG_FUTURE: we should try to parse exthdrs in this packet.
 618           Without this we will not able f.e. to make source routed
 619           pmtu discovery.
 620           Corresponding argument (opt) to notifiers is already added.
 621           --ANK (980726)
 622         */
 623
 624        hash = nexthdr & (MAX_INET_PROTOS - 1);
 625
 626        rcu_read_lock();
 627        ipprot = rcu_dereference(inet6_protos[hash]);
 628        if (ipprot && ipprot->err_handler)
 629                ipprot->err_handler(skb, NULL, type, code, inner_offset, info);
 630        rcu_read_unlock();
 631
 632        raw6_icmp_error(skb, nexthdr, type, code, inner_offset, info);
 633}
 634
 635/*
 636 *      Handle icmp messages
 637 */
 638
 639static int icmpv6_rcv(struct sk_buff *skb)
 640{
 641        struct net_device *dev = skb->dev;
 642        struct inet6_dev *idev = __in6_dev_get(dev);
 643        struct in6_addr *saddr, *daddr;
 644        struct ipv6hdr *orig_hdr;
 645        struct icmp6hdr *hdr;
 646        int type;
 647
 648        if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb)) {
 649                struct sec_path *sp = skb_sec_path(skb);
 650                int nh;
 651
 652                if (!(sp && sp->xvec[sp->len - 1]->props.flags &
 653                                 XFRM_STATE_ICMP))
 654                        goto drop_no_count;
 655
 656                if (!pskb_may_pull(skb, sizeof(*hdr) + sizeof(*orig_hdr)))
 657                        goto drop_no_count;
 658
 659                nh = skb_network_offset(skb);
 660                skb_set_network_header(skb, sizeof(*hdr));
 661
 662                if (!xfrm6_policy_check_reverse(NULL, XFRM_POLICY_IN, skb))
 663                        goto drop_no_count;
 664
 665                skb_set_network_header(skb, nh);
 666        }
 667
 668        ICMP6_INC_STATS_BH(dev_net(dev), idev, ICMP6_MIB_INMSGS);
 669
 670        saddr = &ipv6_hdr(skb)->saddr;
 671        daddr = &ipv6_hdr(skb)->daddr;
 672
 673        /* Perform checksum. */
 674        switch (skb->ip_summed) {
 675        case CHECKSUM_COMPLETE:
 676                if (!csum_ipv6_magic(saddr, daddr, skb->len, IPPROTO_ICMPV6,
 677                                     skb->csum))
 678                        break;
 679                /* fall through */
 680        case CHECKSUM_NONE:
 681                skb->csum = ~csum_unfold(csum_ipv6_magic(saddr, daddr, skb->len,
 682                                             IPPROTO_ICMPV6, 0));
 683                if (__skb_checksum_complete(skb)) {
 684                        LIMIT_NETDEBUG(KERN_DEBUG "ICMPv6 checksum failed [%pI6 > %pI6]\n",
 685                                       saddr, daddr);
 686                        goto discard_it;
 687                }
 688        }
 689
 690        if (!pskb_pull(skb, sizeof(*hdr)))
 691                goto discard_it;
 692
 693        hdr = icmp6_hdr(skb);
 694
 695        type = hdr->icmp6_type;
 696
 697        ICMP6MSGIN_INC_STATS_BH(dev_net(dev), idev, type);
 698
 699        switch (type) {
 700        case ICMPV6_ECHO_REQUEST:
 701                icmpv6_echo_reply(skb);
 702                break;
 703
 704        case ICMPV6_ECHO_REPLY:
 705                /* we couldn't care less */
 706                break;
 707
 708        case ICMPV6_PKT_TOOBIG:
 709                /* BUGGG_FUTURE: if packet contains rthdr, we cannot update
 710                   standard destination cache. Seems, only "advanced"
 711                   destination cache will allow to solve this problem
 712                   --ANK (980726)
 713                 */
 714                if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
 715                        goto discard_it;
 716                hdr = icmp6_hdr(skb);
 717                orig_hdr = (struct ipv6hdr *) (hdr + 1);
 718                rt6_pmtu_discovery(&orig_hdr->daddr, &orig_hdr->saddr, dev,
 719                                   ntohl(hdr->icmp6_mtu));
 720
 721                /*
 722                 *      Drop through to notify
 723                 */
 724
 725        case ICMPV6_DEST_UNREACH:
 726        case ICMPV6_TIME_EXCEED:
 727        case ICMPV6_PARAMPROB:
 728                icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu);
 729                break;
 730
 731        case NDISC_ROUTER_SOLICITATION:
 732        case NDISC_ROUTER_ADVERTISEMENT:
 733        case NDISC_NEIGHBOUR_SOLICITATION:
 734        case NDISC_NEIGHBOUR_ADVERTISEMENT:
 735        case NDISC_REDIRECT:
 736                ndisc_rcv(skb);
 737                break;
 738
 739        case ICMPV6_MGM_QUERY:
 740                igmp6_event_query(skb);
 741                break;
 742
 743        case ICMPV6_MGM_REPORT:
 744                igmp6_event_report(skb);
 745                break;
 746
 747        case ICMPV6_MGM_REDUCTION:
 748        case ICMPV6_NI_QUERY:
 749        case ICMPV6_NI_REPLY:
 750        case ICMPV6_MLD2_REPORT:
 751        case ICMPV6_DHAAD_REQUEST:
 752        case ICMPV6_DHAAD_REPLY:
 753        case ICMPV6_MOBILE_PREFIX_SOL:
 754        case ICMPV6_MOBILE_PREFIX_ADV:
 755                break;
 756
 757        default:
 758                LIMIT_NETDEBUG(KERN_DEBUG "icmpv6: msg of unknown type\n");
 759
 760                /* informational */
 761                if (type & ICMPV6_INFOMSG_MASK)
 762                        break;
 763
 764                /*
 765                 * error of unknown type.
 766                 * must pass to upper level
 767                 */
 768
 769                icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu);
 770        }
 771
 772        kfree_skb(skb);
 773        return 0;
 774
 775discard_it:
 776        ICMP6_INC_STATS_BH(dev_net(dev), idev, ICMP6_MIB_INERRORS);
 777drop_no_count:
 778        kfree_skb(skb);
 779        return 0;
 780}
 781
 782void icmpv6_flow_init(struct sock *sk, struct flowi *fl,
 783                      u8 type,
 784                      const struct in6_addr *saddr,
 785                      const struct in6_addr *daddr,
 786                      int oif)
 787{
 788        memset(fl, 0, sizeof(*fl));
 789        ipv6_addr_copy(&fl->fl6_src, saddr);
 790        ipv6_addr_copy(&fl->fl6_dst, daddr);
 791        fl->proto               = IPPROTO_ICMPV6;
 792        fl->fl_icmp_type        = type;
 793        fl->fl_icmp_code        = 0;
 794        fl->oif                 = oif;
 795        security_sk_classify_flow(sk, fl);
 796}
 797
 798/*
 799 * Special lock-class for __icmpv6_sk:
 800 */
 801static struct lock_class_key icmpv6_socket_sk_dst_lock_key;
 802
 803static int __net_init icmpv6_sk_init(struct net *net)
 804{
 805        struct sock *sk;
 806        int err, i, j;
 807
 808        net->ipv6.icmp_sk =
 809                kzalloc(nr_cpu_ids * sizeof(struct sock *), GFP_KERNEL);
 810        if (net->ipv6.icmp_sk == NULL)
 811                return -ENOMEM;
 812
 813        for_each_possible_cpu(i) {
 814                err = inet_ctl_sock_create(&sk, PF_INET6,
 815                                           SOCK_RAW, IPPROTO_ICMPV6, net);
 816                if (err < 0) {
 817                        printk(KERN_ERR
 818                               "Failed to initialize the ICMP6 control socket "
 819                               "(err %d).\n",
 820                               err);
 821                        goto fail;
 822                }
 823
 824                net->ipv6.icmp_sk[i] = sk;
 825
 826                /*
 827                 * Split off their lock-class, because sk->sk_dst_lock
 828                 * gets used from softirqs, which is safe for
 829                 * __icmpv6_sk (because those never get directly used
 830                 * via userspace syscalls), but unsafe for normal sockets.
 831                 */
 832                lockdep_set_class(&sk->sk_dst_lock,
 833                                  &icmpv6_socket_sk_dst_lock_key);
 834
 835                /* Enough space for 2 64K ICMP packets, including
 836                 * sk_buff struct overhead.
 837                 */
 838                sk->sk_sndbuf =
 839                        (2 * ((64 * 1024) + sizeof(struct sk_buff)));
 840        }
 841        return 0;
 842
 843 fail:
 844        for (j = 0; j < i; j++)
 845                inet_ctl_sock_destroy(net->ipv6.icmp_sk[j]);
 846        kfree(net->ipv6.icmp_sk);
 847        return err;
 848}
 849
 850static void __net_exit icmpv6_sk_exit(struct net *net)
 851{
 852        int i;
 853
 854        for_each_possible_cpu(i) {
 855                inet_ctl_sock_destroy(net->ipv6.icmp_sk[i]);
 856        }
 857        kfree(net->ipv6.icmp_sk);
 858}
 859
 860static struct pernet_operations icmpv6_sk_ops = {
 861       .init = icmpv6_sk_init,
 862       .exit = icmpv6_sk_exit,
 863};
 864
 865int __init icmpv6_init(void)
 866{
 867        int err;
 868
 869        err = register_pernet_subsys(&icmpv6_sk_ops);
 870        if (err < 0)
 871                return err;
 872
 873        err = -EAGAIN;
 874        if (inet6_add_protocol(&icmpv6_protocol, IPPROTO_ICMPV6) < 0)
 875                goto fail;
 876        return 0;
 877
 878fail:
 879        printk(KERN_ERR "Failed to register ICMP6 protocol\n");
 880        unregister_pernet_subsys(&icmpv6_sk_ops);
 881        return err;
 882}
 883
 884void icmpv6_cleanup(void)
 885{
 886        unregister_pernet_subsys(&icmpv6_sk_ops);
 887        inet6_del_protocol(&icmpv6_protocol, IPPROTO_ICMPV6);
 888}
 889
 890
 891static const struct icmp6_err {
 892        int err;
 893        int fatal;
 894} tab_unreach[] = {
 895        {       /* NOROUTE */
 896                .err    = ENETUNREACH,
 897                .fatal  = 0,
 898        },
 899        {       /* ADM_PROHIBITED */
 900                .err    = EACCES,
 901                .fatal  = 1,
 902        },
 903        {       /* Was NOT_NEIGHBOUR, now reserved */
 904                .err    = EHOSTUNREACH,
 905                .fatal  = 0,
 906        },
 907        {       /* ADDR_UNREACH */
 908                .err    = EHOSTUNREACH,
 909                .fatal  = 0,
 910        },
 911        {       /* PORT_UNREACH */
 912                .err    = ECONNREFUSED,
 913                .fatal  = 1,
 914        },
 915};
 916
 917int icmpv6_err_convert(int type, int code, int *err)
 918{
 919        int fatal = 0;
 920
 921        *err = EPROTO;
 922
 923        switch (type) {
 924        case ICMPV6_DEST_UNREACH:
 925                fatal = 1;
 926                if (code <= ICMPV6_PORT_UNREACH) {
 927                        *err  = tab_unreach[code].err;
 928                        fatal = tab_unreach[code].fatal;
 929                }
 930                break;
 931
 932        case ICMPV6_PKT_TOOBIG:
 933                *err = EMSGSIZE;
 934                break;
 935
 936        case ICMPV6_PARAMPROB:
 937                *err = EPROTO;
 938                fatal = 1;
 939                break;
 940
 941        case ICMPV6_TIME_EXCEED:
 942                *err = EHOSTUNREACH;
 943                break;
 944        }
 945
 946        return fatal;
 947}
 948
 949EXPORT_SYMBOL(icmpv6_err_convert);
 950
 951#ifdef CONFIG_SYSCTL
 952ctl_table ipv6_icmp_table_template[] = {
 953        {
 954                .ctl_name       = NET_IPV6_ICMP_RATELIMIT,
 955                .procname       = "ratelimit",
 956                .data           = &init_net.ipv6.sysctl.icmpv6_time,
 957                .maxlen         = sizeof(int),
 958                .mode           = 0644,
 959                .proc_handler   = proc_dointvec_ms_jiffies,
 960                .strategy       = sysctl_ms_jiffies
 961        },
 962        { .ctl_name = 0 },
 963};
 964
 965struct ctl_table *ipv6_icmp_sysctl_init(struct net *net)
 966{
 967        struct ctl_table *table;
 968
 969        table = kmemdup(ipv6_icmp_table_template,
 970                        sizeof(ipv6_icmp_table_template),
 971                        GFP_KERNEL);
 972
 973        if (table)
 974                table[0].data = &net->ipv6.sysctl.icmpv6_time;
 975
 976        return table;
 977}
 978#endif
 979
 980