Lines Matching +full:layers +full:- +full:configurable
1 // SPDX-License-Identifier: GPL-2.0-or-later
46 * the rates sysctl configurable.
48 * - IP option length was accounted wrongly
49 * - ICMP header length was not accounted
56 * - Should use skb_pull() instead of all the manual checking.
57 * This would also greatly simply some upper layer error handlers. --AK
204 if (unlikely(!spin_trylock(&sk->sk_lock.slock))) { in icmp_xmit_lock()
217 spin_unlock(&sk->sk_lock.slock); in icmp_xmit_unlock()
232 * icmp_global_allow - Are we allowed to send one more ICMP message ?
248 delta = min_t(u32, now - READ_ONCE(icmp_global.stamp), HZ); in icmp_global_allow()
254 delta = min_t(u32, now - icmp_global.stamp, HZ); in icmp_global_allow()
266 credit = max_t(int, credit - get_random_u32_below(3), 0); in icmp_global_allow()
285 if (!((1 << type) & READ_ONCE(net->ipv4.sysctl_icmp_ratemask))) in icmpv4_mask_allow()
310 struct dst_entry *dst = &rt->dst; in icmpv4_xrlim_allow()
319 if (dst->dev && (dst->dev->flags&IFF_LOOPBACK)) in icmpv4_xrlim_allow()
322 vif = l3mdev_master_ifindex(dst->dev); in icmpv4_xrlim_allow()
323 peer = inet_getpeer_v4(net->ipv4.peers, fl4->daddr, vif, 1); in icmpv4_xrlim_allow()
325 READ_ONCE(net->ipv4.sysctl_icmp_ratelimit)); in icmpv4_xrlim_allow()
353 csum = skb_copy_and_csum_bits(icmp_param->skb, in icmp_glue_bits()
354 icmp_param->offset + offset, in icmp_glue_bits()
357 skb->csum = csum_block_add(skb->csum, csum, odd); in icmp_glue_bits()
358 if (icmp_pointers[icmp_param->data.icmph.type].error) in icmp_glue_bits()
359 nf_ct_attach(skb, icmp_param->skb); in icmp_glue_bits()
371 icmp_param->data_len+icmp_param->head_len, in icmp_push_reply()
372 icmp_param->head_len, in icmp_push_reply()
376 } else if ((skb = skb_peek(&sk->sk_write_queue)) != NULL) { in icmp_push_reply()
381 csum = csum_partial_copy_nocheck((void *)&icmp_param->data, in icmp_push_reply()
383 icmp_param->head_len); in icmp_push_reply()
384 skb_queue_walk(&sk->sk_write_queue, skb1) { in icmp_push_reply()
385 csum = csum_add(csum, skb1->csum); in icmp_push_reply()
387 icmph->checksum = csum_fold(csum); in icmp_push_reply()
388 skb->ip_summed = CHECKSUM_NONE; in icmp_push_reply()
401 struct net *net = dev_net(rt->dst.dev); in icmp_reply()
406 u32 mark = IP4_REPLY_MARK(net, skb->mark); in icmp_reply()
407 int type = icmp_param->data.icmph.type; in icmp_reply()
408 int code = icmp_param->data.icmph.code; in icmp_reply()
410 if (ip_options_echo(net, &icmp_param->replyopts.opt.opt, skb)) in icmp_reply()
425 icmp_param->data.icmph.checksum = 0; in icmp_reply()
428 inet->tos = ip_hdr(skb)->tos; in icmp_reply()
430 daddr = ipc.addr = ip_hdr(skb)->saddr; in icmp_reply()
433 if (icmp_param->replyopts.opt.opt.optlen) { in icmp_reply()
434 ipc.opt = &icmp_param->replyopts.opt; in icmp_reply()
435 if (ipc.opt->opt.srr) in icmp_reply()
436 daddr = icmp_param->replyopts.opt.opt.faddr; in icmp_reply()
443 fl4.flowi4_tos = RT_TOS(ip_hdr(skb)->tos); in icmp_reply()
445 fl4.flowi4_oif = l3mdev_master_ifindex(skb->dev); in icmp_reply()
469 if (skb->dev) in icmp_get_route_lookup_dev()
470 route_lookup_dev = skb->dev; in icmp_get_route_lookup_dev()
472 route_lookup_dev = skb_dst(skb)->dev; in icmp_get_route_lookup_dev()
490 fl4->daddr = (param->replyopts.opt.opt.srr ? in icmp_route_lookup()
491 param->replyopts.opt.opt.faddr : iph->saddr); in icmp_route_lookup()
492 fl4->saddr = saddr; in icmp_route_lookup()
493 fl4->flowi4_mark = mark; in icmp_route_lookup()
494 fl4->flowi4_uid = sock_net_uid(net, NULL); in icmp_route_lookup()
495 fl4->flowi4_tos = RT_TOS(tos); in icmp_route_lookup()
496 fl4->flowi4_proto = IPPROTO_ICMP; in icmp_route_lookup()
497 fl4->fl4_icmp_type = type; in icmp_route_lookup()
498 fl4->fl4_icmp_code = code; in icmp_route_lookup()
500 fl4->flowi4_oif = l3mdev_master_ifindex(route_lookup_dev); in icmp_route_lookup()
510 rt = (struct rtable *) xfrm_lookup(net, &rt->dst, in icmp_route_lookup()
515 } else if (PTR_ERR(rt) == -EPERM) { in icmp_route_lookup()
540 orefdst = skb_in->_skb_refdst; /* save old refdst */ in icmp_route_lookup()
543 RT_TOS(tos), rt2->dst.dev); in icmp_route_lookup()
545 dst_release(&rt2->dst); in icmp_route_lookup()
547 skb_in->_skb_refdst = orefdst; /* restore old refdst */ in icmp_route_lookup()
553 rt2 = (struct rtable *) xfrm_lookup(net, &rt2->dst, in icmp_route_lookup()
557 dst_release(&rt->dst); in icmp_route_lookup()
560 } else if (PTR_ERR(rt2) == -EPERM) { in icmp_route_lookup()
562 dst_release(&rt->dst); in icmp_route_lookup()
605 if (rt->dst.dev) in __icmp_send()
606 net = dev_net(rt->dst.dev); in __icmp_send()
607 else if (skb_in->dev) in __icmp_send()
608 net = dev_net(skb_in->dev); in __icmp_send()
619 if ((u8 *)iph < skb_in->head || in __icmp_send()
627 if (skb_in->pkt_type != PACKET_HOST) in __icmp_send()
633 if (rt->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST)) in __icmp_send()
637 * Only reply to fragment 0. We byte re-order the constant in __icmp_send()
640 if (iph->frag_off & htons(IP_OFFSET)) in __icmp_send()
651 if (iph->protocol == IPPROTO_ICMP) { in __icmp_send()
656 (iph->ihl << 2) + in __icmp_send()
658 type) - in __icmp_send()
659 skb_in->data, in __icmp_send()
682 if (!(skb_in->dev && (skb_in->dev->flags&IFF_LOOPBACK)) && in __icmp_send()
694 saddr = iph->daddr; in __icmp_send()
695 if (!(rt->rt_flags & RTCF_LOCAL)) { in __icmp_send()
700 READ_ONCE(net->ipv4.sysctl_icmp_errors_use_inbound_ifaddr)) in __icmp_send()
704 saddr = inet_select_addr(dev, iph->saddr, in __icmp_send()
711 tos = icmp_pointers[type].error ? (RT_TOS(iph->tos) | in __icmp_send()
713 iph->tos; in __icmp_send()
714 mark = IP4_REPLY_MARK(net, skb_in->mark); in __icmp_send()
730 inet_sk(sk)->tos = tos; in __icmp_send()
732 ipc.addr = iph->saddr; in __icmp_send()
747 room = dst_mtu(&rt->dst); in __icmp_send()
750 room -= sizeof(struct iphdr) + icmp_param.replyopts.opt.opt.optlen; in __icmp_send()
751 room -= sizeof(struct icmphdr); in __icmp_send()
758 icmp_param.data_len = skb_in->len - icmp_param.offset; in __icmp_send()
792 if (!ct || !(ct->status & IPS_SRC_NAT)) { in icmp_ndo_send()
800 if (unlikely(!skb_in || skb_network_header(skb_in) < skb_in->head || in icmp_ndo_send()
806 orig_ip = ip_hdr(skb_in)->saddr; in icmp_ndo_send()
807 ip_hdr(skb_in)->saddr = ct->tuplehash[0].tuple.src.u3.ip; in icmp_ndo_send()
809 ip_hdr(skb_in)->saddr = orig_ip; in icmp_ndo_send()
818 const struct iphdr *iph = (const struct iphdr *)skb->data; in icmp_socket_deliver()
820 int protocol = iph->protocol; in icmp_socket_deliver()
825 if (!pskb_may_pull(skb, iph->ihl * 4 + 8)) { in icmp_socket_deliver()
826 __ICMP_INC_STATS(dev_net(skb->dev), ICMP_MIB_INERRORS); in icmp_socket_deliver()
833 if (ipprot && ipprot->err_handler) in icmp_socket_deliver()
834 ipprot->err_handler(skb, info); in icmp_socket_deliver()
842 ok = rcu_dereference(inet_protos[proto])->icmp_strict_tag_validation; in icmp_tag_validation()
860 net = dev_net(skb_dst(skb)->dev); in icmp_unreach()
872 iph = (const struct iphdr *)skb->data; in icmp_unreach()
874 if (iph->ihl < 5) { /* Mangled header, drop. */ in icmp_unreach()
879 switch (icmph->type) { in icmp_unreach()
881 switch (icmph->code & 15) { in icmp_unreach()
890 * Documentation/networking/ip-sysctl.rst in icmp_unreach()
892 switch (READ_ONCE(net->ipv4.sysctl_ip_no_pmtu_disc)) { in icmp_unreach()
895 &iph->daddr); in icmp_unreach()
900 if (!icmp_tag_validation(iph->protocol)) in icmp_unreach()
904 info = ntohs(icmph->un.frag.mtu); in icmp_unreach()
909 &iph->daddr); in icmp_unreach()
914 if (icmph->code > NR_ICMP_UNREACH) in icmp_unreach()
918 info = ntohl(icmph->un.gateway) >> 24; in icmp_unreach()
922 if (icmph->code == ICMP_EXC_FRAGTIME) in icmp_unreach()
928 * Throw it at our lower layers in icmp_unreach()
945 if (!READ_ONCE(net->ipv4.sysctl_icmp_ignore_bogus_error_responses) && in icmp_unreach()
946 inet_addr_type_dev_table(net, skb->dev, iph->daddr) == RTN_BROADCAST) { in icmp_unreach()
948 &ip_hdr(skb)->saddr, in icmp_unreach()
949 icmph->type, icmph->code, in icmp_unreach()
950 &iph->daddr, skb->dev->name); in icmp_unreach()
970 if (skb->len < sizeof(struct iphdr)) { in icmp_redirect()
971 __ICMP_INC_STATS(dev_net(skb->dev), ICMP_MIB_INERRORS); in icmp_redirect()
980 icmp_socket_deliver(skb, ntohl(icmp_hdr(skb)->un.gateway)); in icmp_redirect()
1003 net = dev_net(skb_dst(skb)->dev); in icmp_echo()
1005 if (READ_ONCE(net->ipv4.sysctl_icmp_echo_ignore_all)) in icmp_echo()
1011 icmp_param.data_len = skb->len; in icmp_echo()
1034 struct net *net = dev_net(skb->dev); in icmp_build_probe()
1040 if (!READ_ONCE(net->ipv4.sysctl_icmp_echo_enable_probe)) in icmp_build_probe()
1044 * Check to ensure L-bit is set in icmp_build_probe()
1046 if (!(ntohs(icmphdr->un.echo.sequence) & 1)) in icmp_build_probe()
1049 icmphdr->un.echo.sequence &= htons(0xFF00); in icmp_build_probe()
1050 if (icmphdr->type == ICMP_EXT_ECHO) in icmp_build_probe()
1051 icmphdr->type = ICMP_EXT_ECHOREPLY; in icmp_build_probe()
1053 icmphdr->type = ICMPV6_EXT_ECHO_REPLY; in icmp_build_probe()
1058 iio = skb_header_pointer(skb, sizeof(_ext_hdr), sizeof(iio->extobj_hdr), &_iio); in icmp_build_probe()
1061 if (ntohs(iio->extobj_hdr.length) <= sizeof(iio->extobj_hdr) || in icmp_build_probe()
1062 ntohs(iio->extobj_hdr.length) > sizeof(_iio)) in icmp_build_probe()
1064 ident_len = ntohs(iio->extobj_hdr.length) - sizeof(iio->extobj_hdr); in icmp_build_probe()
1066 sizeof(iio->extobj_hdr) + ident_len, &_iio); in icmp_build_probe()
1072 switch (iio->extobj_hdr.class_type) { in icmp_build_probe()
1077 memcpy(buff, &iio->ident.name, ident_len); in icmp_build_probe()
1081 if (ident_len != sizeof(iio->ident.ifindex)) in icmp_build_probe()
1083 dev = dev_get_by_index(net, ntohl(iio->ident.ifindex)); in icmp_build_probe()
1086 if (ident_len < sizeof(iio->ident.addr.ctype3_hdr) || in icmp_build_probe()
1087 ident_len != sizeof(iio->ident.addr.ctype3_hdr) + in icmp_build_probe()
1088 iio->ident.addr.ctype3_hdr.addrlen) in icmp_build_probe()
1090 switch (ntohs(iio->ident.addr.ctype3_hdr.afi)) { in icmp_build_probe()
1092 if (iio->ident.addr.ctype3_hdr.addrlen != sizeof(struct in_addr)) in icmp_build_probe()
1094 dev = ip_dev_find(net, iio->ident.addr.ip_addr.ipv4_addr); in icmp_build_probe()
1098 if (iio->ident.addr.ctype3_hdr.addrlen != sizeof(struct in6_addr)) in icmp_build_probe()
1100 dev = ipv6_stub->ipv6_dev_find(net, &iio->ident.addr.ip_addr.ipv6_addr, dev); in icmp_build_probe()
1112 icmphdr->code = ICMP_EXT_CODE_NO_IF; in icmp_build_probe()
1116 if (dev->flags & IFF_UP) in icmp_build_probe()
1118 if (__in_dev_get_rcu(dev) && __in_dev_get_rcu(dev)->ifa_list) in icmp_build_probe()
1120 if (!list_empty(&rcu_dereference(dev->ip6_ptr)->addr_list)) in icmp_build_probe()
1123 icmphdr->un.echo.sequence |= htons(status); in icmp_build_probe()
1126 icmphdr->code = ICMP_EXT_CODE_MAL_QUERY; in icmp_build_probe()
1144 if (skb->len < 4) in icmp_timestamp()
1166 __ICMP_INC_STATS(dev_net(skb_dst(skb)->dev), ICMP_MIB_INERRORS); in icmp_timestamp()
1183 struct net *net = dev_net(rt->dst.dev); in icmp_rcv()
1190 if (!(sp && sp->xvec[sp->len - 1]->props.flags & in icmp_rcv()
1221 ICMPMSGIN_INC_STATS(net, icmph->type); in icmp_rcv()
1224 if (icmph->type == ICMP_EXT_ECHO) { in icmp_rcv()
1232 if (icmph->type == ICMP_EXT_ECHOREPLY) { in icmp_rcv()
1243 if (icmph->type > NR_ICMP_TYPES) { in icmp_rcv()
1252 if (rt->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST)) { in icmp_rcv()
1259 if ((icmph->type == ICMP_ECHO || in icmp_rcv()
1260 icmph->type == ICMP_TIMESTAMP) && in icmp_rcv()
1261 READ_ONCE(net->ipv4.sysctl_icmp_echo_ignore_broadcasts)) { in icmp_rcv()
1265 if (icmph->type != ICMP_ECHO && in icmp_rcv()
1266 icmph->type != ICMP_TIMESTAMP && in icmp_rcv()
1267 icmph->type != ICMP_ADDRESS && in icmp_rcv()
1268 icmph->type != ICMP_ADDRESSREPLY) { in icmp_rcv()
1274 reason = icmp_pointers[icmph->type].handler(skb); in icmp_rcv()
1301 if (exth->version != 2) in ip_icmp_error_rfc4884_validate()
1304 if (exth->checksum && in ip_icmp_error_rfc4884_validate()
1305 csum_fold(skb_checksum(skb, off, skb->len - off, 0))) in ip_icmp_error_rfc4884_validate()
1309 while (off < skb->len) { in ip_icmp_error_rfc4884_validate()
1314 olen = ntohs(objh->length); in ip_icmp_error_rfc4884_validate()
1319 if (off > skb->len) in ip_icmp_error_rfc4884_validate()
1332 /* original datagram headers: end of icmph to payload (skb->data) */ in ip_icmp_error_rfc4884()
1333 hlen = -skb_transport_offset(skb) - thlen; in ip_icmp_error_rfc4884()
1340 off -= hlen; in ip_icmp_error_rfc4884()
1341 if (off + sizeof(struct icmp_ext_hdr) > skb->len) in ip_icmp_error_rfc4884()
1344 out->len = off; in ip_icmp_error_rfc4884()
1347 out->flags |= SO_EE_RFC4884_FLAG_INVALID; in ip_icmp_error_rfc4884()
1353 struct iphdr *iph = (struct iphdr *)skb->data; in icmp_err()
1354 int offset = iph->ihl<<2; in icmp_err()
1355 struct icmphdr *icmph = (struct icmphdr *)(skb->data + offset); in icmp_err()
1356 int type = icmp_hdr(skb)->type; in icmp_err()
1357 int code = icmp_hdr(skb)->code; in icmp_err()
1358 struct net *net = dev_net(skb->dev); in icmp_err()
1364 if (icmph->type != ICMP_ECHOREPLY) { in icmp_err()
1454 net->ipv4.sysctl_icmp_echo_ignore_all = 0; in icmp_sk_init()
1455 net->ipv4.sysctl_icmp_echo_enable_probe = 0; in icmp_sk_init()
1456 net->ipv4.sysctl_icmp_echo_ignore_broadcasts = 1; in icmp_sk_init()
1458 /* Control parameter - ignore bogus broadcast responses? */ in icmp_sk_init()
1459 net->ipv4.sysctl_icmp_ignore_bogus_error_responses = 1; in icmp_sk_init()
1462 * Configurable global rate limit. in icmp_sk_init()
1464 * ratelimit defines tokens/packet consumed for dst->rate_token in icmp_sk_init()
1473 net->ipv4.sysctl_icmp_ratelimit = 1 * HZ; in icmp_sk_init()
1474 net->ipv4.sysctl_icmp_ratemask = 0x1818; in icmp_sk_init()
1475 net->ipv4.sysctl_icmp_errors_use_inbound_ifaddr = 0; in icmp_sk_init()
1501 sk->sk_sndbuf = 2 * SKB_TRUESIZE(64 * 1024); in icmp_init()
1507 inet_sk(sk)->pmtudisc = IP_PMTUDISC_DONT; in icmp_init()