Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
icmp.c
Go to the documentation of this file.
1 /*
2  * NET3: Implementation of the ICMP protocol layer.
3  *
4  * Alan Cox, <[email protected]>
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU General Public License
8  * as published by the Free Software Foundation; either version
9  * 2 of the License, or (at your option) any later version.
10  *
11  * Some of the function names and the icmp unreach table for this
12  * module were derived from [icmp.c 1.0.11 06/02/93] by
13  * Ross Biro, Fred N. van Kempen, Mark Evans, Alan Cox, Gerhard Koerting.
14  * Other than that this module is a complete rewrite.
15  *
16  * Fixes:
17  * Clemens Fruhwirth : introduce global icmp rate limiting
18  * with icmp type masking ability instead
19  * of broken per type icmp timeouts.
20  * Mike Shaver : RFC1122 checks.
21  * Alan Cox : Multicast ping reply as self.
22  * Alan Cox : Fix atomicity lockup in ip_build_xmit
23  * call.
24  * Alan Cox : Added 216,128 byte paths to the MTU
25  * code.
26  * Martin Mares : RFC1812 checks.
27  * Martin Mares : Can be configured to follow redirects
28  * if acting as a router _without_ a
29  * routing protocol (RFC 1812).
30  * Martin Mares : Echo requests may be configured to
31  * be ignored (RFC 1812).
32  * Martin Mares : Limitation of ICMP error message
33  * transmit rate (RFC 1812).
34  * Martin Mares : TOS and Precedence set correctly
35  * (RFC 1812).
36  * Martin Mares : Now copying as much data from the
37  * original packet as we can without
38  * exceeding 576 bytes (RFC 1812).
39  * Willy Konynenberg : Transparent proxying support.
40  * Keith Owens : RFC1191 correction for 4.2BSD based
41  * path MTU bug.
42  * Thomas Quinot : ICMP Dest Unreach codes up to 15 are
43  * valid (RFC 1812).
44  * Andi Kleen : Check all packet lengths properly
45  * and moved all kfree_skb() up to
46  * icmp_rcv.
47  * Andi Kleen : Move the rate limit bookkeeping
48  * into the dest entry and use a token
49  * bucket filter (thanks to ANK). Make
50  * the rates sysctl configurable.
51  * Yu Tianli : Fixed two ugly bugs in icmp_send
52  * - IP option length was accounted wrongly
53  * - ICMP header length was not accounted
54  * at all.
55  * Tristan Greaves : Added sysctl option to ignore bogus
56  * broadcast responses from broken routers.
57  *
58  * To Fix:
59  *
60  * - Should use skb_pull() instead of all the manual checking.
61  * This would also greatly simply some upper layer error handlers. --AK
62  *
63  */
64 
65 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
66 
67 #include <linux/module.h>
68 #include <linux/types.h>
69 #include <linux/jiffies.h>
70 #include <linux/kernel.h>
71 #include <linux/fcntl.h>
72 #include <linux/socket.h>
73 #include <linux/in.h>
74 #include <linux/inet.h>
75 #include <linux/inetdevice.h>
76 #include <linux/netdevice.h>
77 #include <linux/string.h>
78 #include <linux/netfilter_ipv4.h>
79 #include <linux/slab.h>
80 #include <net/snmp.h>
81 #include <net/ip.h>
82 #include <net/route.h>
83 #include <net/protocol.h>
84 #include <net/icmp.h>
85 #include <net/tcp.h>
86 #include <net/udp.h>
87 #include <net/raw.h>
88 #include <net/ping.h>
89 #include <linux/skbuff.h>
90 #include <net/sock.h>
91 #include <linux/errno.h>
92 #include <linux/timer.h>
93 #include <linux/init.h>
94 #include <asm/uaccess.h>
95 #include <net/checksum.h>
96 #include <net/xfrm.h>
97 #include <net/inet_common.h>
98 #include <net/ip_fib.h>
99 
100 /*
101  * Build xmit assembly blocks
102  */
103 
104 struct icmp_bxm {
105  struct sk_buff *skb;
106  int offset;
107  int data_len;
108 
109  struct {
110  struct icmphdr icmph;
111  __be32 times[3];
112  } data;
113  int head_len;
114  struct ip_options_data replyopts;
115 };
116 
117 /* An array of errno for error messages from dest unreach. */
118 /* RFC 1122: 3.2.2.1 States that NET_UNREACH, HOST_UNREACH and SR_FAILED MUST be considered 'transient errs'. */
119 
120 const struct icmp_err icmp_err_convert[] = {
121  {
122  .errno = ENETUNREACH, /* ICMP_NET_UNREACH */
123  .fatal = 0,
124  },
125  {
126  .errno = EHOSTUNREACH, /* ICMP_HOST_UNREACH */
127  .fatal = 0,
128  },
129  {
130  .errno = ENOPROTOOPT /* ICMP_PROT_UNREACH */,
131  .fatal = 1,
132  },
133  {
134  .errno = ECONNREFUSED, /* ICMP_PORT_UNREACH */
135  .fatal = 1,
136  },
137  {
138  .errno = EMSGSIZE, /* ICMP_FRAG_NEEDED */
139  .fatal = 0,
140  },
141  {
142  .errno = EOPNOTSUPP, /* ICMP_SR_FAILED */
143  .fatal = 0,
144  },
145  {
146  .errno = ENETUNREACH, /* ICMP_NET_UNKNOWN */
147  .fatal = 1,
148  },
149  {
150  .errno = EHOSTDOWN, /* ICMP_HOST_UNKNOWN */
151  .fatal = 1,
152  },
153  {
154  .errno = ENONET, /* ICMP_HOST_ISOLATED */
155  .fatal = 1,
156  },
157  {
158  .errno = ENETUNREACH, /* ICMP_NET_ANO */
159  .fatal = 1,
160  },
161  {
162  .errno = EHOSTUNREACH, /* ICMP_HOST_ANO */
163  .fatal = 1,
164  },
165  {
166  .errno = ENETUNREACH, /* ICMP_NET_UNR_TOS */
167  .fatal = 0,
168  },
169  {
170  .errno = EHOSTUNREACH, /* ICMP_HOST_UNR_TOS */
171  .fatal = 0,
172  },
173  {
174  .errno = EHOSTUNREACH, /* ICMP_PKT_FILTERED */
175  .fatal = 1,
176  },
177  {
178  .errno = EHOSTUNREACH, /* ICMP_PREC_VIOLATION */
179  .fatal = 1,
180  },
181  {
182  .errno = EHOSTUNREACH, /* ICMP_PREC_CUTOFF */
183  .fatal = 1,
184  },
185 };
186 EXPORT_SYMBOL(icmp_err_convert);
187 
188 /*
189  * ICMP control array. This specifies what to do with each ICMP.
190  */
191 
192 struct icmp_control {
193  void (*handler)(struct sk_buff *skb);
194  short error; /* This ICMP is classed as an error message */
195 };
196 
197 static const struct icmp_control icmp_pointers[NR_ICMP_TYPES+1];
198 
199 /*
200  * The ICMP socket(s). This is the most convenient way to flow control
201  * our ICMP output as well as maintain a clean interface throughout
202  * all layers. All Socketless IP sends will soon be gone.
203  *
204  * On SMP we have one ICMP socket per-cpu.
205  */
206 static struct sock *icmp_sk(struct net *net)
207 {
208  return net->ipv4.icmp_sk[smp_processor_id()];
209 }
210 
211 static inline struct sock *icmp_xmit_lock(struct net *net)
212 {
213  struct sock *sk;
214 
215  local_bh_disable();
216 
217  sk = icmp_sk(net);
218 
219  if (unlikely(!spin_trylock(&sk->sk_lock.slock))) {
220  /* This can happen if the output path signals a
221  * dst_link_failure() for an outgoing ICMP packet.
222  */
223  local_bh_enable();
224  return NULL;
225  }
226  return sk;
227 }
228 
229 static inline void icmp_xmit_unlock(struct sock *sk)
230 {
231  spin_unlock_bh(&sk->sk_lock.slock);
232 }
233 
234 /*
235  * Send an ICMP frame.
236  */
237 
238 static inline bool icmpv4_xrlim_allow(struct net *net, struct rtable *rt,
239  struct flowi4 *fl4, int type, int code)
240 {
241  struct dst_entry *dst = &rt->dst;
242  bool rc = true;
243 
244  if (type > NR_ICMP_TYPES)
245  goto out;
246 
247  /* Don't limit PMTU discovery. */
248  if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED)
249  goto out;
250 
251  /* No rate limit on loopback */
252  if (dst->dev && (dst->dev->flags&IFF_LOOPBACK))
253  goto out;
254 
255  /* Limit if icmp type is enabled in ratemask. */
256  if ((1 << type) & net->ipv4.sysctl_icmp_ratemask) {
257  struct inet_peer *peer = inet_getpeer_v4(net->ipv4.peers, fl4->daddr, 1);
258  rc = inet_peer_xrlim_allow(peer,
259  net->ipv4.sysctl_icmp_ratelimit);
260  if (peer)
261  inet_putpeer(peer);
262  }
263 out:
264  return rc;
265 }
266 
267 /*
268  * Maintain the counters used in the SNMP statistics for outgoing ICMP
269  */
270 void icmp_out_count(struct net *net, unsigned char type)
271 {
272  ICMPMSGOUT_INC_STATS(net, type);
273  ICMP_INC_STATS(net, ICMP_MIB_OUTMSGS);
274 }
275 
276 /*
277  * Checksum each fragment, and on the first include the headers and final
278  * checksum.
279  */
280 static int icmp_glue_bits(void *from, char *to, int offset, int len, int odd,
281  struct sk_buff *skb)
282 {
283  struct icmp_bxm *icmp_param = (struct icmp_bxm *)from;
284  __wsum csum;
285 
286  csum = skb_copy_and_csum_bits(icmp_param->skb,
287  icmp_param->offset + offset,
288  to, len, 0);
289 
290  skb->csum = csum_block_add(skb->csum, csum, odd);
291  if (icmp_pointers[icmp_param->data.icmph.type].error)
292  nf_ct_attach(skb, icmp_param->skb);
293  return 0;
294 }
295 
296 static void icmp_push_reply(struct icmp_bxm *icmp_param,
297  struct flowi4 *fl4,
298  struct ipcm_cookie *ipc, struct rtable **rt)
299 {
300  struct sock *sk;
301  struct sk_buff *skb;
302 
303  sk = icmp_sk(dev_net((*rt)->dst.dev));
304  if (ip_append_data(sk, fl4, icmp_glue_bits, icmp_param,
305  icmp_param->data_len+icmp_param->head_len,
306  icmp_param->head_len,
307  ipc, rt, MSG_DONTWAIT) < 0) {
308  ICMP_INC_STATS_BH(sock_net(sk), ICMP_MIB_OUTERRORS);
309  ip_flush_pending_frames(sk);
310  } else if ((skb = skb_peek(&sk->sk_write_queue)) != NULL) {
311  struct icmphdr *icmph = icmp_hdr(skb);
312  __wsum csum = 0;
313  struct sk_buff *skb1;
314 
315  skb_queue_walk(&sk->sk_write_queue, skb1) {
316  csum = csum_add(csum, skb1->csum);
317  }
318  csum = csum_partial_copy_nocheck((void *)&icmp_param->data,
319  (char *)icmph,
320  icmp_param->head_len, csum);
321  icmph->checksum = csum_fold(csum);
322  skb->ip_summed = CHECKSUM_NONE;
323  ip_push_pending_frames(sk, fl4);
324  }
325 }
326 
327 /*
328  * Driving logic for building and sending ICMP messages.
329  */
330 
331 static void icmp_reply(struct icmp_bxm *icmp_param, struct sk_buff *skb)
332 {
333  struct ipcm_cookie ipc;
334  struct rtable *rt = skb_rtable(skb);
335  struct net *net = dev_net(rt->dst.dev);
336  struct flowi4 fl4;
337  struct sock *sk;
338  struct inet_sock *inet;
339  __be32 daddr, saddr;
340 
341  if (ip_options_echo(&icmp_param->replyopts.opt.opt, skb))
342  return;
343 
344  sk = icmp_xmit_lock(net);
345  if (sk == NULL)
346  return;
347  inet = inet_sk(sk);
348 
349  icmp_param->data.icmph.checksum = 0;
350 
351  inet->tos = ip_hdr(skb)->tos;
352  daddr = ipc.addr = ip_hdr(skb)->saddr;
353  saddr = fib_compute_spec_dst(skb);
354  ipc.opt = NULL;
355  ipc.tx_flags = 0;
356  if (icmp_param->replyopts.opt.opt.optlen) {
357  ipc.opt = &icmp_param->replyopts.opt;
358  if (ipc.opt->opt.srr)
359  daddr = icmp_param->replyopts.opt.opt.faddr;
360  }
361  memset(&fl4, 0, sizeof(fl4));
362  fl4.daddr = daddr;
363  fl4.saddr = saddr;
364  fl4.flowi4_tos = RT_TOS(ip_hdr(skb)->tos);
365  fl4.flowi4_proto = IPPROTO_ICMP;
366  security_skb_classify_flow(skb, flowi4_to_flowi(&fl4));
367  rt = ip_route_output_key(net, &fl4);
368  if (IS_ERR(rt))
369  goto out_unlock;
370  if (icmpv4_xrlim_allow(net, rt, &fl4, icmp_param->data.icmph.type,
371  icmp_param->data.icmph.code))
372  icmp_push_reply(icmp_param, &fl4, &ipc, &rt);
373  ip_rt_put(rt);
374 out_unlock:
375  icmp_xmit_unlock(sk);
376 }
377 
378 static struct rtable *icmp_route_lookup(struct net *net,
379  struct flowi4 *fl4,
380  struct sk_buff *skb_in,
381  const struct iphdr *iph,
382  __be32 saddr, u8 tos,
383  int type, int code,
384  struct icmp_bxm *param)
385 {
386  struct rtable *rt, *rt2;
387  struct flowi4 fl4_dec;
388  int err;
389 
390  memset(fl4, 0, sizeof(*fl4));
391  fl4->daddr = (param->replyopts.opt.opt.srr ?
392  param->replyopts.opt.opt.faddr : iph->saddr);
393  fl4->saddr = saddr;
394  fl4->flowi4_tos = RT_TOS(tos);
395  fl4->flowi4_proto = IPPROTO_ICMP;
396  fl4->fl4_icmp_type = type;
397  fl4->fl4_icmp_code = code;
398  security_skb_classify_flow(skb_in, flowi4_to_flowi(fl4));
399  rt = __ip_route_output_key(net, fl4);
400  if (IS_ERR(rt))
401  return rt;
402 
403  /* No need to clone since we're just using its address. */
404  rt2 = rt;
405 
406  rt = (struct rtable *) xfrm_lookup(net, &rt->dst,
407  flowi4_to_flowi(fl4), NULL, 0);
408  if (!IS_ERR(rt)) {
409  if (rt != rt2)
410  return rt;
411  } else if (PTR_ERR(rt) == -EPERM) {
412  rt = NULL;
413  } else
414  return rt;
415 
416  err = xfrm_decode_session_reverse(skb_in, flowi4_to_flowi(&fl4_dec), AF_INET);
417  if (err)
418  goto relookup_failed;
419 
420  if (inet_addr_type(net, fl4_dec.saddr) == RTN_LOCAL) {
421  rt2 = __ip_route_output_key(net, &fl4_dec);
422  if (IS_ERR(rt2))
423  err = PTR_ERR(rt2);
424  } else {
425  struct flowi4 fl4_2 = {};
426  unsigned long orefdst;
427 
428  fl4_2.daddr = fl4_dec.saddr;
429  rt2 = ip_route_output_key(net, &fl4_2);
430  if (IS_ERR(rt2)) {
431  err = PTR_ERR(rt2);
432  goto relookup_failed;
433  }
434  /* Ugh! */
435  orefdst = skb_in->_skb_refdst; /* save old refdst */
436  err = ip_route_input(skb_in, fl4_dec.daddr, fl4_dec.saddr,
437  RT_TOS(tos), rt2->dst.dev);
438 
439  dst_release(&rt2->dst);
440  rt2 = skb_rtable(skb_in);
441  skb_in->_skb_refdst = orefdst; /* restore old refdst */
442  }
443 
444  if (err)
445  goto relookup_failed;
446 
447  rt2 = (struct rtable *) xfrm_lookup(net, &rt2->dst,
448  flowi4_to_flowi(&fl4_dec), NULL,
449  XFRM_LOOKUP_ICMP);
450  if (!IS_ERR(rt2)) {
451  dst_release(&rt->dst);
452  memcpy(fl4, &fl4_dec, sizeof(*fl4));
453  rt = rt2;
454  } else if (PTR_ERR(rt2) == -EPERM) {
455  if (rt)
456  dst_release(&rt->dst);
457  return rt2;
458  } else {
459  err = PTR_ERR(rt2);
460  goto relookup_failed;
461  }
462  return rt;
463 
464 relookup_failed:
465  if (rt)
466  return rt;
467  return ERR_PTR(err);
468 }
469 
470 /*
471  * Send an ICMP message in response to a situation
472  *
473  * RFC 1122: 3.2.2 MUST send at least the IP header and 8 bytes of header.
474  * MAY send more (we do).
475  * MUST NOT change this header information.
476  * MUST NOT reply to a multicast/broadcast IP address.
477  * MUST NOT reply to a multicast/broadcast MAC address.
478  * MUST reply to only the first fragment.
479  */
480 
481 void icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info)
482 {
483  struct iphdr *iph;
484  int room;
485  struct icmp_bxm icmp_param;
486  struct rtable *rt = skb_rtable(skb_in);
487  struct ipcm_cookie ipc;
488  struct flowi4 fl4;
489  __be32 saddr;
490  u8 tos;
491  struct net *net;
492  struct sock *sk;
493 
494  if (!rt)
495  goto out;
496  net = dev_net(rt->dst.dev);
497 
498  /*
499  * Find the original header. It is expected to be valid, of course.
500  * Check this, icmp_send is called from the most obscure devices
501  * sometimes.
502  */
503  iph = ip_hdr(skb_in);
504 
505  if ((u8 *)iph < skb_in->head ||
506  (skb_in->network_header + sizeof(*iph)) > skb_in->tail)
507  goto out;
508 
509  /*
510  * No replies to physical multicast/broadcast
511  */
512  if (skb_in->pkt_type != PACKET_HOST)
513  goto out;
514 
515  /*
516  * Now check at the protocol level
517  */
518  if (rt->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST))
519  goto out;
520 
521  /*
522  * Only reply to fragment 0. We byte re-order the constant
523  * mask for efficiency.
524  */
525  if (iph->frag_off & htons(IP_OFFSET))
526  goto out;
527 
528  /*
529  * If we send an ICMP error to an ICMP error a mess would result..
530  */
531  if (icmp_pointers[type].error) {
532  /*
533  * We are an error, check if we are replying to an
534  * ICMP error
535  */
536  if (iph->protocol == IPPROTO_ICMP) {
537  u8 _inner_type, *itp;
538 
539  itp = skb_header_pointer(skb_in,
540  skb_network_header(skb_in) +
541  (iph->ihl << 2) +
542  offsetof(struct icmphdr,
543  type) -
544  skb_in->data,
545  sizeof(_inner_type),
546  &_inner_type);
547  if (itp == NULL)
548  goto out;
549 
550  /*
551  * Assume any unknown ICMP type is an error. This
552  * isn't specified by the RFC, but think about it..
553  */
554  if (*itp > NR_ICMP_TYPES ||
555  icmp_pointers[*itp].error)
556  goto out;
557  }
558  }
559 
560  sk = icmp_xmit_lock(net);
561  if (sk == NULL)
562  return;
563 
564  /*
565  * Construct source address and options.
566  */
567 
568  saddr = iph->daddr;
569  if (!(rt->rt_flags & RTCF_LOCAL)) {
570  struct net_device *dev = NULL;
571 
572  rcu_read_lock();
573  if (rt_is_input_route(rt) &&
574  net->ipv4.sysctl_icmp_errors_use_inbound_ifaddr)
575  dev = dev_get_by_index_rcu(net, inet_iif(skb_in));
576 
577  if (dev)
578  saddr = inet_select_addr(dev, 0, RT_SCOPE_LINK);
579  else
580  saddr = 0;
581  rcu_read_unlock();
582  }
583 
584  tos = icmp_pointers[type].error ? ((iph->tos & IPTOS_TOS_MASK) |
585  IPTOS_PREC_INTERNETCONTROL) :
586  iph->tos;
587 
588  if (ip_options_echo(&icmp_param.replyopts.opt.opt, skb_in))
589  goto out_unlock;
590 
591 
592  /*
593  * Prepare data for ICMP header.
594  */
595 
596  icmp_param.data.icmph.type = type;
597  icmp_param.data.icmph.code = code;
598  icmp_param.data.icmph.un.gateway = info;
599  icmp_param.data.icmph.checksum = 0;
600  icmp_param.skb = skb_in;
601  icmp_param.offset = skb_network_offset(skb_in);
602  inet_sk(sk)->tos = tos;
603  ipc.addr = iph->saddr;
604  ipc.opt = &icmp_param.replyopts.opt;
605  ipc.tx_flags = 0;
606 
607  rt = icmp_route_lookup(net, &fl4, skb_in, iph, saddr, tos,
608  type, code, &icmp_param);
609  if (IS_ERR(rt))
610  goto out_unlock;
611 
612  if (!icmpv4_xrlim_allow(net, rt, &fl4, type, code))
613  goto ende;
614 
615  /* RFC says return as much as we can without exceeding 576 bytes. */
616 
617  room = dst_mtu(&rt->dst);
618  if (room > 576)
619  room = 576;
620  room -= sizeof(struct iphdr) + icmp_param.replyopts.opt.opt.optlen;
621  room -= sizeof(struct icmphdr);
622 
623  icmp_param.data_len = skb_in->len - icmp_param.offset;
624  if (icmp_param.data_len > room)
625  icmp_param.data_len = room;
626  icmp_param.head_len = sizeof(struct icmphdr);
627 
628  icmp_push_reply(&icmp_param, &fl4, &ipc, &rt);
629 ende:
630  ip_rt_put(rt);
631 out_unlock:
632  icmp_xmit_unlock(sk);
633 out:;
634 }
635 EXPORT_SYMBOL(icmp_send);
636 
637 
638 static void icmp_socket_deliver(struct sk_buff *skb, u32 info)
639 {
640  const struct iphdr *iph = (const struct iphdr *) skb->data;
641  const struct net_protocol *ipprot;
642  int protocol = iph->protocol;
643 
644  /* Checkin full IP header plus 8 bytes of protocol to
645  * avoid additional coding at protocol handlers.
646  */
647  if (!pskb_may_pull(skb, iph->ihl * 4 + 8))
648  return;
649 
650  raw_icmp_error(skb, protocol, info);
651 
652  rcu_read_lock();
653  ipprot = rcu_dereference(inet_protos[protocol]);
654  if (ipprot && ipprot->err_handler)
655  ipprot->err_handler(skb, info);
656  rcu_read_unlock();
657 }
658 
659 /*
660  * Handle ICMP_DEST_UNREACH, ICMP_TIME_EXCEED, and ICMP_QUENCH.
661  */
662 
663 static void icmp_unreach(struct sk_buff *skb)
664 {
665  const struct iphdr *iph;
666  struct icmphdr *icmph;
667  struct net *net;
668  u32 info = 0;
669 
670  net = dev_net(skb_dst(skb)->dev);
671 
672  /*
673  * Incomplete header ?
674  * Only checks for the IP header, there should be an
675  * additional check for longer headers in upper levels.
676  */
677 
678  if (!pskb_may_pull(skb, sizeof(struct iphdr)))
679  goto out_err;
680 
681  icmph = icmp_hdr(skb);
682  iph = (const struct iphdr *)skb->data;
683 
684  if (iph->ihl < 5) /* Mangled header, drop. */
685  goto out_err;
686 
687  if (icmph->type == ICMP_DEST_UNREACH) {
688  switch (icmph->code & 15) {
689  case ICMP_NET_UNREACH:
690  case ICMP_HOST_UNREACH:
691  case ICMP_PROT_UNREACH:
692  case ICMP_PORT_UNREACH:
693  break;
694  case ICMP_FRAG_NEEDED:
695  if (ipv4_config.no_pmtu_disc) {
696  LIMIT_NETDEBUG(KERN_INFO pr_fmt("%pI4: fragmentation needed and DF set\n"),
697  &iph->daddr);
698  } else {
699  info = ntohs(icmph->un.frag.mtu);
700  if (!info)
701  goto out;
702  }
703  break;
704  case ICMP_SR_FAILED:
705  LIMIT_NETDEBUG(KERN_INFO pr_fmt("%pI4: Source Route Failed\n"),
706  &iph->daddr);
707  break;
708  default:
709  break;
710  }
711  if (icmph->code > NR_ICMP_UNREACH)
712  goto out;
713  } else if (icmph->type == ICMP_PARAMETERPROB)
714  info = ntohl(icmph->un.gateway) >> 24;
715 
716  /*
717  * Throw it at our lower layers
718  *
719  * RFC 1122: 3.2.2 MUST extract the protocol ID from the passed
720  * header.
721  * RFC 1122: 3.2.2.1 MUST pass ICMP unreach messages to the
722  * transport layer.
723  * RFC 1122: 3.2.2.2 MUST pass ICMP time expired messages to
724  * transport layer.
725  */
726 
727  /*
728  * Check the other end isn't violating RFC 1122. Some routers send
729  * bogus responses to broadcast frames. If you see this message
730  * first check your netmask matches at both ends, if it does then
731  * get the other vendor to fix their kit.
732  */
733 
734  if (!net->ipv4.sysctl_icmp_ignore_bogus_error_responses &&
735  inet_addr_type(net, iph->daddr) == RTN_BROADCAST) {
736  net_warn_ratelimited("%pI4 sent an invalid ICMP type %u, code %u error to a broadcast: %pI4 on %s\n",
737  &ip_hdr(skb)->saddr,
738  icmph->type, icmph->code,
739  &iph->daddr, skb->dev->name);
740  goto out;
741  }
742 
743  icmp_socket_deliver(skb, info);
744 
745 out:
746  return;
747 out_err:
748  ICMP_INC_STATS_BH(net, ICMP_MIB_INERRORS);
749  goto out;
750 }
751 
752 
753 /*
754  * Handle ICMP_REDIRECT.
755  */
756 
757 static void icmp_redirect(struct sk_buff *skb)
758 {
759  if (skb->len < sizeof(struct iphdr)) {
760  ICMP_INC_STATS_BH(dev_net(skb->dev), ICMP_MIB_INERRORS);
761  return;
762  }
763 
764  if (!pskb_may_pull(skb, sizeof(struct iphdr)))
765  return;
766 
767  icmp_socket_deliver(skb, icmp_hdr(skb)->un.gateway);
768 }
769 
770 /*
771  * Handle ICMP_ECHO ("ping") requests.
772  *
773  * RFC 1122: 3.2.2.6 MUST have an echo server that answers ICMP echo
774  * requests.
775  * RFC 1122: 3.2.2.6 Data received in the ICMP_ECHO request MUST be
776  * included in the reply.
777  * RFC 1812: 4.3.3.6 SHOULD have a config option for silently ignoring
778  * echo requests, MUST have default=NOT.
779  * See also WRT handling of options once they are done and working.
780  */
781 
782 static void icmp_echo(struct sk_buff *skb)
783 {
784  struct net *net;
785 
786  net = dev_net(skb_dst(skb)->dev);
787  if (!net->ipv4.sysctl_icmp_echo_ignore_all) {
788  struct icmp_bxm icmp_param;
789 
790  icmp_param.data.icmph = *icmp_hdr(skb);
791  icmp_param.data.icmph.type = ICMP_ECHOREPLY;
792  icmp_param.skb = skb;
793  icmp_param.offset = 0;
794  icmp_param.data_len = skb->len;
795  icmp_param.head_len = sizeof(struct icmphdr);
796  icmp_reply(&icmp_param, skb);
797  }
798 }
799 
800 /*
801  * Handle ICMP Timestamp requests.
802  * RFC 1122: 3.2.2.8 MAY implement ICMP timestamp requests.
803  * SHOULD be in the kernel for minimum random latency.
804  * MUST be accurate to a few minutes.
805  * MUST be updated at least at 15Hz.
806  */
807 static void icmp_timestamp(struct sk_buff *skb)
808 {
809  struct timespec tv;
810  struct icmp_bxm icmp_param;
811  /*
812  * Too short.
813  */
814  if (skb->len < 4)
815  goto out_err;
816 
817  /*
818  * Fill in the current time as ms since midnight UT:
819  */
820  getnstimeofday(&tv);
821  icmp_param.data.times[1] = htonl((tv.tv_sec % 86400) * MSEC_PER_SEC +
822  tv.tv_nsec / NSEC_PER_MSEC);
823  icmp_param.data.times[2] = icmp_param.data.times[1];
824  if (skb_copy_bits(skb, 0, &icmp_param.data.times[0], 4))
825  BUG();
826  icmp_param.data.icmph = *icmp_hdr(skb);
827  icmp_param.data.icmph.type = ICMP_TIMESTAMPREPLY;
828  icmp_param.data.icmph.code = 0;
829  icmp_param.skb = skb;
830  icmp_param.offset = 0;
831  icmp_param.data_len = 0;
832  icmp_param.head_len = sizeof(struct icmphdr) + 12;
833  icmp_reply(&icmp_param, skb);
834 out:
835  return;
836 out_err:
837  ICMP_INC_STATS_BH(dev_net(skb_dst(skb)->dev), ICMP_MIB_INERRORS);
838  goto out;
839 }
840 
841 static void icmp_discard(struct sk_buff *skb)
842 {
843 }
844 
845 /*
846  * Deal with incoming ICMP packets.
847  */
848 int icmp_rcv(struct sk_buff *skb)
849 {
850  struct icmphdr *icmph;
851  struct rtable *rt = skb_rtable(skb);
852  struct net *net = dev_net(rt->dst.dev);
853 
854  if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) {
855  struct sec_path *sp = skb_sec_path(skb);
856  int nh;
857 
858  if (!(sp && sp->xvec[sp->len - 1]->props.flags &
859  XFRM_STATE_ICMP))
860  goto drop;
861 
862  if (!pskb_may_pull(skb, sizeof(*icmph) + sizeof(struct iphdr)))
863  goto drop;
864 
865  nh = skb_network_offset(skb);
866  skb_set_network_header(skb, sizeof(*icmph));
867 
868  if (!xfrm4_policy_check_reverse(NULL, XFRM_POLICY_IN, skb))
869  goto drop;
870 
871  skb_set_network_header(skb, nh);
872  }
873 
874  ICMP_INC_STATS_BH(net, ICMP_MIB_INMSGS);
875 
876  switch (skb->ip_summed) {
877  case CHECKSUM_COMPLETE:
878  if (!csum_fold(skb->csum))
879  break;
880  /* fall through */
881  case CHECKSUM_NONE:
882  skb->csum = 0;
883  if (__skb_checksum_complete(skb))
884  goto error;
885  }
886 
887  if (!pskb_pull(skb, sizeof(*icmph)))
888  goto error;
889 
890  icmph = icmp_hdr(skb);
891 
892  ICMPMSGIN_INC_STATS_BH(net, icmph->type);
893  /*
894  * 18 is the highest 'known' ICMP type. Anything else is a mystery
895  *
896  * RFC 1122: 3.2.2 Unknown ICMP messages types MUST be silently
897  * discarded.
898  */
899  if (icmph->type > NR_ICMP_TYPES)
900  goto error;
901 
902 
903  /*
904  * Parse the ICMP message
905  */
906 
907  if (rt->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST)) {
908  /*
909  * RFC 1122: 3.2.2.6 An ICMP_ECHO to broadcast MAY be
910  * silently ignored (we let user decide with a sysctl).
911  * RFC 1122: 3.2.2.8 An ICMP_TIMESTAMP MAY be silently
912  * discarded if to broadcast/multicast.
913  */
914  if ((icmph->type == ICMP_ECHO ||
915  icmph->type == ICMP_TIMESTAMP) &&
916  net->ipv4.sysctl_icmp_echo_ignore_broadcasts) {
917  goto error;
918  }
919  if (icmph->type != ICMP_ECHO &&
920  icmph->type != ICMP_TIMESTAMP &&
921  icmph->type != ICMP_ADDRESS &&
922  icmph->type != ICMP_ADDRESSREPLY) {
923  goto error;
924  }
925  }
926 
927  icmp_pointers[icmph->type].handler(skb);
928 
929 drop:
930  kfree_skb(skb);
931  return 0;
932 error:
933  ICMP_INC_STATS_BH(net, ICMP_MIB_INERRORS);
934  goto drop;
935 }
936 
937 /*
938  * This table is the definition of how we handle ICMP.
939  */
940 static const struct icmp_control icmp_pointers[NR_ICMP_TYPES + 1] = {
941  [ICMP_ECHOREPLY] = {
942  .handler = ping_rcv,
943  },
944  [1] = {
945  .handler = icmp_discard,
946  .error = 1,
947  },
948  [2] = {
949  .handler = icmp_discard,
950  .error = 1,
951  },
952  [ICMP_DEST_UNREACH] = {
953  .handler = icmp_unreach,
954  .error = 1,
955  },
956  [ICMP_SOURCE_QUENCH] = {
957  .handler = icmp_unreach,
958  .error = 1,
959  },
960  [ICMP_REDIRECT] = {
961  .handler = icmp_redirect,
962  .error = 1,
963  },
964  [6] = {
965  .handler = icmp_discard,
966  .error = 1,
967  },
968  [7] = {
969  .handler = icmp_discard,
970  .error = 1,
971  },
972  [ICMP_ECHO] = {
973  .handler = icmp_echo,
974  },
975  [9] = {
976  .handler = icmp_discard,
977  .error = 1,
978  },
979  [10] = {
980  .handler = icmp_discard,
981  .error = 1,
982  },
983  [ICMP_TIME_EXCEEDED] = {
984  .handler = icmp_unreach,
985  .error = 1,
986  },
987  [ICMP_PARAMETERPROB] = {
988  .handler = icmp_unreach,
989  .error = 1,
990  },
991  [ICMP_TIMESTAMP] = {
992  .handler = icmp_timestamp,
993  },
994  [ICMP_TIMESTAMPREPLY] = {
995  .handler = icmp_discard,
996  },
997  [ICMP_INFO_REQUEST] = {
998  .handler = icmp_discard,
999  },
1000  [ICMP_INFO_REPLY] = {
1001  .handler = icmp_discard,
1002  },
1003  [ICMP_ADDRESS] = {
1004  .handler = icmp_discard,
1005  },
1006  [ICMP_ADDRESSREPLY] = {
1007  .handler = icmp_discard,
1008  },
1009 };
1010 
1011 static void __net_exit icmp_sk_exit(struct net *net)
1012 {
1013  int i;
1014 
1015  for_each_possible_cpu(i)
1016  inet_ctl_sock_destroy(net->ipv4.icmp_sk[i]);
1017  kfree(net->ipv4.icmp_sk);
1018  net->ipv4.icmp_sk = NULL;
1019 }
1020 
1021 static int __net_init icmp_sk_init(struct net *net)
1022 {
1023  int i, err;
1024 
1025  net->ipv4.icmp_sk =
1026  kzalloc(nr_cpu_ids * sizeof(struct sock *), GFP_KERNEL);
1027  if (net->ipv4.icmp_sk == NULL)
1028  return -ENOMEM;
1029 
1030  for_each_possible_cpu(i) {
1031  struct sock *sk;
1032 
1033  err = inet_ctl_sock_create(&sk, PF_INET,
1034  SOCK_RAW, IPPROTO_ICMP, net);
1035  if (err < 0)
1036  goto fail;
1037 
1038  net->ipv4.icmp_sk[i] = sk;
1039 
1040  /* Enough space for 2 64K ICMP packets, including
1041  * sk_buff/skb_shared_info struct overhead.
1042  */
1043  sk->sk_sndbuf = 2 * SKB_TRUESIZE(64 * 1024);
1044 
1045  /*
1046  * Speedup sock_wfree()
1047  */
1048  sock_set_flag(sk, SOCK_USE_WRITE_QUEUE);
1049  inet_sk(sk)->pmtudisc = IP_PMTUDISC_DONT;
1050  }
1051 
1052  /* Control parameters for ECHO replies. */
1053  net->ipv4.sysctl_icmp_echo_ignore_all = 0;
1054  net->ipv4.sysctl_icmp_echo_ignore_broadcasts = 1;
1055 
1056  /* Control parameter - ignore bogus broadcast responses? */
1057  net->ipv4.sysctl_icmp_ignore_bogus_error_responses = 1;
1058 
1059  /*
1060  * Configurable global rate limit.
1061  *
1062  * ratelimit defines tokens/packet consumed for dst->rate_token
1063  * bucket ratemask defines which icmp types are ratelimited by
1064  * setting it's bit position.
1065  *
1066  * default:
1067  * dest unreachable (3), source quench (4),
1068  * time exceeded (11), parameter problem (12)
1069  */
1070 
1071  net->ipv4.sysctl_icmp_ratelimit = 1 * HZ;
1072  net->ipv4.sysctl_icmp_ratemask = 0x1818;
1073  net->ipv4.sysctl_icmp_errors_use_inbound_ifaddr = 0;
1074 
1075  return 0;
1076 
1077 fail:
1078  for_each_possible_cpu(i)
1079  inet_ctl_sock_destroy(net->ipv4.icmp_sk[i]);
1080  kfree(net->ipv4.icmp_sk);
1081  return err;
1082 }
1083 
1084 static struct pernet_operations __net_initdata icmp_sk_ops = {
1085  .init = icmp_sk_init,
1086  .exit = icmp_sk_exit,
1087 };
1088 
1089 int __init icmp_init(void)
1090 {
1091  return register_pernet_subsys(&icmp_sk_ops);
1092 }
Generated on Thu Jan 10 2013 14:58:19 for Linux Kernel by   doxygen 1.8.2