Lines Matching +full:layers +full:- +full:configurable
1 // SPDX-License-Identifier: GPL-2.0-or-later
46 * the rates sysctl configurable.
48 * - IP option length was accounted wrongly
49 * - ICMP header length was not accounted
56 * - Should use skb_pull() instead of all the manual checking.
57 * This would also greatly simply some upper layer error handlers. --AK
208 if (unlikely(!spin_trylock(&sk->sk_lock.slock))) { in icmp_xmit_lock()
221 spin_unlock(&sk->sk_lock.slock); in icmp_xmit_unlock()
225 * icmp_global_allow - Are we allowed to send one more ICMP message ?
241 if (atomic_read(&net->ipv4.icmp_global_credit) > 0) in icmp_global_allow()
245 oldstamp = READ_ONCE(net->ipv4.icmp_global_stamp); in icmp_global_allow()
246 delta = min_t(u32, now - oldstamp, HZ); in icmp_global_allow()
250 incr = READ_ONCE(net->ipv4.sysctl_icmp_msgs_per_sec) * delta / HZ; in icmp_global_allow()
254 if (cmpxchg(&net->ipv4.icmp_global_stamp, oldstamp, now) == oldstamp) { in icmp_global_allow()
255 old = atomic_read(&net->ipv4.icmp_global_credit); in icmp_global_allow()
257 new = min(old + incr, READ_ONCE(net->ipv4.sysctl_icmp_msgs_burst)); in icmp_global_allow()
258 } while (!atomic_try_cmpxchg(&net->ipv4.icmp_global_credit, &old, new)); in icmp_global_allow()
270 atomic_sub(credits, &net->ipv4.icmp_global_credit); in icmp_global_consume()
284 if (!((1 << type) & READ_ONCE(net->ipv4.sysctl_icmp_ratemask))) in icmpv4_mask_allow()
312 struct dst_entry *dst = &rt->dst; in icmpv4_xrlim_allow()
320 if (dst->dev && (dst->dev->flags&IFF_LOOPBACK)) in icmpv4_xrlim_allow()
324 peer = inet_getpeer_v4(net->ipv4.peers, fl4->daddr, in icmpv4_xrlim_allow()
325 l3mdev_master_ifindex_rcu(dst->dev)); in icmpv4_xrlim_allow()
327 READ_ONCE(net->ipv4.sysctl_icmp_ratelimit)); in icmpv4_xrlim_allow()
356 csum = skb_copy_and_csum_bits(icmp_param->skb, in icmp_glue_bits()
357 icmp_param->offset + offset, in icmp_glue_bits()
360 skb->csum = csum_block_add(skb->csum, csum, odd); in icmp_glue_bits()
361 if (icmp_pointers[icmp_param->data.icmph.type].error) in icmp_glue_bits()
362 nf_ct_attach(skb, icmp_param->skb); in icmp_glue_bits()
374 icmp_param->data_len+icmp_param->head_len, in icmp_push_reply()
375 icmp_param->head_len, in icmp_push_reply()
379 } else if ((skb = skb_peek(&sk->sk_write_queue)) != NULL) { in icmp_push_reply()
384 csum = csum_partial_copy_nocheck((void *)&icmp_param->data, in icmp_push_reply()
386 icmp_param->head_len); in icmp_push_reply()
387 skb_queue_walk(&sk->sk_write_queue, skb1) { in icmp_push_reply()
388 csum = csum_add(csum, skb1->csum); in icmp_push_reply()
390 icmph->checksum = csum_fold(csum); in icmp_push_reply()
391 skb->ip_summed = CHECKSUM_NONE; in icmp_push_reply()
403 struct net *net = dev_net_rcu(rt->dst.dev); in icmp_reply()
410 u32 mark = IP4_REPLY_MARK(net, skb->mark); in icmp_reply()
411 int type = icmp_param->data.icmph.type; in icmp_reply()
412 int code = icmp_param->data.icmph.code; in icmp_reply()
414 if (ip_options_echo(net, &icmp_param->replyopts.opt.opt, skb)) in icmp_reply()
429 icmp_param->data.icmph.checksum = 0; in icmp_reply()
432 inet->tos = ip_hdr(skb)->tos; in icmp_reply()
434 daddr = ipc.addr = ip_hdr(skb)->saddr; in icmp_reply()
437 if (icmp_param->replyopts.opt.opt.optlen) { in icmp_reply()
438 ipc.opt = &icmp_param->replyopts.opt; in icmp_reply()
439 if (ipc.opt->opt.srr) in icmp_reply()
440 daddr = icmp_param->replyopts.opt.opt.faddr; in icmp_reply()
449 fl4.flowi4_oif = l3mdev_master_ifindex(skb->dev); in icmp_reply()
473 if (skb->dev) in icmp_get_route_lookup_dev()
474 route_lookup_dev = skb->dev; in icmp_get_route_lookup_dev()
476 route_lookup_dev = skb_dst(skb)->dev; in icmp_get_route_lookup_dev()
493 fl4->daddr = (param->replyopts.opt.opt.srr ? in icmp_route_lookup()
494 param->replyopts.opt.opt.faddr : iph->saddr); in icmp_route_lookup()
495 fl4->saddr = saddr; in icmp_route_lookup()
496 fl4->flowi4_mark = mark; in icmp_route_lookup()
497 fl4->flowi4_uid = sock_net_uid(net, NULL); in icmp_route_lookup()
498 fl4->flowi4_tos = inet_dscp_to_dsfield(dscp); in icmp_route_lookup()
499 fl4->flowi4_proto = IPPROTO_ICMP; in icmp_route_lookup()
500 fl4->fl4_icmp_type = type; in icmp_route_lookup()
501 fl4->fl4_icmp_code = code; in icmp_route_lookup()
503 fl4->flowi4_oif = l3mdev_master_ifindex(route_lookup_dev); in icmp_route_lookup()
513 dst = xfrm_lookup(net, &rt->dst, in icmp_route_lookup()
520 fl4->daddr) == RTN_LOCAL) in icmp_route_lookup()
522 } else if (PTR_ERR(dst) == -EPERM) { in icmp_route_lookup()
547 orefdst = skb_in->_skb_refdst; /* save old refdst */ in icmp_route_lookup()
550 dscp, rt2->dst.dev) ? -EINVAL : 0; in icmp_route_lookup()
552 dst_release(&rt2->dst); in icmp_route_lookup()
554 skb_in->_skb_refdst = orefdst; /* restore old refdst */ in icmp_route_lookup()
560 dst2 = xfrm_lookup(net, &rt2->dst, flowi4_to_flowi(&fl4_dec), NULL, in icmp_route_lookup()
564 dst_release(&rt->dst); in icmp_route_lookup()
567 } else if (PTR_ERR(dst2) == -EPERM) { in icmp_route_lookup()
569 dst_release(&rt->dst); in icmp_route_lookup()
615 if (rt->dst.dev) in __icmp_send()
616 net = dev_net_rcu(rt->dst.dev); in __icmp_send()
617 else if (skb_in->dev) in __icmp_send()
618 net = dev_net_rcu(skb_in->dev); in __icmp_send()
629 if ((u8 *)iph < skb_in->head || in __icmp_send()
637 if (skb_in->pkt_type != PACKET_HOST) in __icmp_send()
643 if (rt->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST)) in __icmp_send()
647 * Only reply to fragment 0. We byte re-order the constant in __icmp_send()
650 if (iph->frag_off & htons(IP_OFFSET)) in __icmp_send()
661 if (iph->protocol == IPPROTO_ICMP) { in __icmp_send()
666 (iph->ihl << 2) + in __icmp_send()
668 type) - in __icmp_send()
669 skb_in->data, in __icmp_send()
692 if (!(skb_in->dev && (skb_in->dev->flags&IFF_LOOPBACK)) && in __icmp_send()
704 saddr = iph->daddr; in __icmp_send()
705 if (!(rt->rt_flags & RTCF_LOCAL)) { in __icmp_send()
710 READ_ONCE(net->ipv4.sysctl_icmp_errors_use_inbound_ifaddr)) in __icmp_send()
714 saddr = inet_select_addr(dev, iph->saddr, in __icmp_send()
721 tos = icmp_pointers[type].error ? (RT_TOS(iph->tos) | in __icmp_send()
723 iph->tos; in __icmp_send()
724 mark = IP4_REPLY_MARK(net, skb_in->mark); in __icmp_send()
740 inet_sk(sk)->tos = tos; in __icmp_send()
742 ipc.addr = iph->saddr; in __icmp_send()
758 room = dst_mtu(&rt->dst); in __icmp_send()
761 room -= sizeof(struct iphdr) + icmp_param.replyopts.opt.opt.optlen; in __icmp_send()
762 room -= sizeof(struct icmphdr); in __icmp_send()
769 icmp_param.data_len = skb_in->len - icmp_param.offset; in __icmp_send()
806 if (!ct || !(ct->status & IPS_SRC_NAT)) { in icmp_ndo_send()
814 if (unlikely(!skb_in || skb_network_header(skb_in) < skb_in->head || in icmp_ndo_send()
820 orig_ip = ip_hdr(skb_in)->saddr; in icmp_ndo_send()
821 ip_hdr(skb_in)->saddr = ct->tuplehash[0].tuple.src.u3.ip; in icmp_ndo_send()
823 ip_hdr(skb_in)->saddr = orig_ip; in icmp_ndo_send()
832 const struct iphdr *iph = (const struct iphdr *)skb->data; in icmp_socket_deliver()
834 int protocol = iph->protocol; in icmp_socket_deliver()
839 if (!pskb_may_pull(skb, iph->ihl * 4 + 8)) { in icmp_socket_deliver()
840 __ICMP_INC_STATS(dev_net_rcu(skb->dev), ICMP_MIB_INERRORS); in icmp_socket_deliver()
847 if (ipprot && ipprot->err_handler) in icmp_socket_deliver()
848 ipprot->err_handler(skb, info); in icmp_socket_deliver()
856 ok = rcu_dereference(inet_protos[proto])->icmp_strict_tag_validation; in icmp_tag_validation()
874 net = dev_net_rcu(skb_dst(skb)->dev); in icmp_unreach()
886 iph = (const struct iphdr *)skb->data; in icmp_unreach()
888 if (iph->ihl < 5) { /* Mangled header, drop. */ in icmp_unreach()
893 switch (icmph->type) { in icmp_unreach()
895 switch (icmph->code & 15) { in icmp_unreach()
904 * Documentation/networking/ip-sysctl.rst in icmp_unreach()
906 switch (READ_ONCE(net->ipv4.sysctl_ip_no_pmtu_disc)) { in icmp_unreach()
909 &iph->daddr); in icmp_unreach()
914 if (!icmp_tag_validation(iph->protocol)) in icmp_unreach()
918 info = ntohs(icmph->un.frag.mtu); in icmp_unreach()
923 &iph->daddr); in icmp_unreach()
928 if (icmph->code > NR_ICMP_UNREACH) in icmp_unreach()
932 info = ntohl(icmph->un.gateway) >> 24; in icmp_unreach()
936 if (icmph->code == ICMP_EXC_FRAGTIME) in icmp_unreach()
942 * Throw it at our lower layers in icmp_unreach()
959 if (!READ_ONCE(net->ipv4.sysctl_icmp_ignore_bogus_error_responses) && in icmp_unreach()
960 inet_addr_type_dev_table(net, skb->dev, iph->daddr) == RTN_BROADCAST) { in icmp_unreach()
962 &ip_hdr(skb)->saddr, in icmp_unreach()
963 icmph->type, icmph->code, in icmp_unreach()
964 &iph->daddr, skb->dev->name); in icmp_unreach()
984 if (skb->len < sizeof(struct iphdr)) { in icmp_redirect()
985 __ICMP_INC_STATS(dev_net_rcu(skb->dev), ICMP_MIB_INERRORS); in icmp_redirect()
994 icmp_socket_deliver(skb, ntohl(icmp_hdr(skb)->un.gateway)); in icmp_redirect()
1017 net = dev_net_rcu(skb_dst(skb)->dev); in icmp_echo()
1019 if (READ_ONCE(net->ipv4.sysctl_icmp_echo_ignore_all)) in icmp_echo()
1025 icmp_param.data_len = skb->len; in icmp_echo()
1046 struct net *net = dev_net_rcu(skb->dev); in icmp_build_probe()
1056 if (!READ_ONCE(net->ipv4.sysctl_icmp_echo_enable_probe)) in icmp_build_probe()
1060 * Check to ensure L-bit is set in icmp_build_probe()
1062 if (!(ntohs(icmphdr->un.echo.sequence) & 1)) in icmp_build_probe()
1065 icmphdr->un.echo.sequence &= htons(0xFF00); in icmp_build_probe()
1066 if (icmphdr->type == ICMP_EXT_ECHO) in icmp_build_probe()
1067 icmphdr->type = ICMP_EXT_ECHOREPLY; in icmp_build_probe()
1069 icmphdr->type = ICMPV6_EXT_ECHO_REPLY; in icmp_build_probe()
1074 iio = skb_header_pointer(skb, sizeof(_ext_hdr), sizeof(iio->extobj_hdr), &_iio); in icmp_build_probe()
1077 if (ntohs(iio->extobj_hdr.length) <= sizeof(iio->extobj_hdr) || in icmp_build_probe()
1078 ntohs(iio->extobj_hdr.length) > sizeof(_iio)) in icmp_build_probe()
1080 ident_len = ntohs(iio->extobj_hdr.length) - sizeof(iio->extobj_hdr); in icmp_build_probe()
1082 sizeof(iio->extobj_hdr) + ident_len, &_iio); in icmp_build_probe()
1088 switch (iio->extobj_hdr.class_type) { in icmp_build_probe()
1093 memcpy(buff, &iio->ident.name, ident_len); in icmp_build_probe()
1097 if (ident_len != sizeof(iio->ident.ifindex)) in icmp_build_probe()
1099 dev = dev_get_by_index(net, ntohl(iio->ident.ifindex)); in icmp_build_probe()
1102 if (ident_len < sizeof(iio->ident.addr.ctype3_hdr) || in icmp_build_probe()
1103 ident_len != sizeof(iio->ident.addr.ctype3_hdr) + in icmp_build_probe()
1104 iio->ident.addr.ctype3_hdr.addrlen) in icmp_build_probe()
1106 switch (ntohs(iio->ident.addr.ctype3_hdr.afi)) { in icmp_build_probe()
1108 if (iio->ident.addr.ctype3_hdr.addrlen != sizeof(struct in_addr)) in icmp_build_probe()
1110 dev = ip_dev_find(net, iio->ident.addr.ip_addr.ipv4_addr); in icmp_build_probe()
1114 if (iio->ident.addr.ctype3_hdr.addrlen != sizeof(struct in6_addr)) in icmp_build_probe()
1116 dev = ipv6_stub->ipv6_dev_find(net, &iio->ident.addr.ip_addr.ipv6_addr, dev); in icmp_build_probe()
1128 icmphdr->code = ICMP_EXT_CODE_NO_IF; in icmp_build_probe()
1132 if (dev->flags & IFF_UP) in icmp_build_probe()
1136 if (in_dev && rcu_access_pointer(in_dev->ifa_list)) in icmp_build_probe()
1140 if (in6_dev && !list_empty(&in6_dev->addr_list)) in icmp_build_probe()
1144 icmphdr->un.echo.sequence |= htons(status); in icmp_build_probe()
1147 icmphdr->code = ICMP_EXT_CODE_MAL_QUERY; in icmp_build_probe()
1165 if (skb->len < 4) in icmp_timestamp()
1187 __ICMP_INC_STATS(dev_net_rcu(skb_dst(skb)->dev), ICMP_MIB_INERRORS); in icmp_timestamp()
1204 struct net *net = dev_net_rcu(rt->dst.dev); in icmp_rcv()
1211 if (!(sp && sp->xvec[sp->len - 1]->props.flags & in icmp_rcv()
1242 ICMPMSGIN_INC_STATS(net, icmph->type); in icmp_rcv()
1245 if (icmph->type == ICMP_EXT_ECHO) { in icmp_rcv()
1253 if (icmph->type == ICMP_EXT_ECHOREPLY) { in icmp_rcv()
1264 if (icmph->type > NR_ICMP_TYPES) { in icmp_rcv()
1273 if (rt->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST)) { in icmp_rcv()
1280 if ((icmph->type == ICMP_ECHO || in icmp_rcv()
1281 icmph->type == ICMP_TIMESTAMP) && in icmp_rcv()
1282 READ_ONCE(net->ipv4.sysctl_icmp_echo_ignore_broadcasts)) { in icmp_rcv()
1286 if (icmph->type != ICMP_ECHO && in icmp_rcv()
1287 icmph->type != ICMP_TIMESTAMP && in icmp_rcv()
1288 icmph->type != ICMP_ADDRESS && in icmp_rcv()
1289 icmph->type != ICMP_ADDRESSREPLY) { in icmp_rcv()
1295 reason = icmp_pointers[icmph->type].handler(skb); in icmp_rcv()
1322 if (exth->version != 2) in ip_icmp_error_rfc4884_validate()
1325 if (exth->checksum && in ip_icmp_error_rfc4884_validate()
1326 csum_fold(skb_checksum(skb, off, skb->len - off, 0))) in ip_icmp_error_rfc4884_validate()
1330 while (off < skb->len) { in ip_icmp_error_rfc4884_validate()
1335 olen = ntohs(objh->length); in ip_icmp_error_rfc4884_validate()
1340 if (off > skb->len) in ip_icmp_error_rfc4884_validate()
1353 /* original datagram headers: end of icmph to payload (skb->data) */ in ip_icmp_error_rfc4884()
1354 hlen = -skb_transport_offset(skb) - thlen; in ip_icmp_error_rfc4884()
1361 off -= hlen; in ip_icmp_error_rfc4884()
1362 if (off + sizeof(struct icmp_ext_hdr) > skb->len) in ip_icmp_error_rfc4884()
1365 out->len = off; in ip_icmp_error_rfc4884()
1368 out->flags |= SO_EE_RFC4884_FLAG_INVALID; in ip_icmp_error_rfc4884()
1374 struct iphdr *iph = (struct iphdr *)skb->data; in icmp_err()
1375 int offset = iph->ihl<<2; in icmp_err()
1376 struct icmphdr *icmph = (struct icmphdr *)(skb->data + offset); in icmp_err()
1377 struct net *net = dev_net_rcu(skb->dev); in icmp_err()
1378 int type = icmp_hdr(skb)->type; in icmp_err()
1379 int code = icmp_hdr(skb)->code; in icmp_err()
1385 if (icmph->type != ICMP_ECHOREPLY) { in icmp_err()
1475 net->ipv4.sysctl_icmp_echo_ignore_all = 0; in icmp_sk_init()
1476 net->ipv4.sysctl_icmp_echo_enable_probe = 0; in icmp_sk_init()
1477 net->ipv4.sysctl_icmp_echo_ignore_broadcasts = 1; in icmp_sk_init()
1479 /* Control parameter - ignore bogus broadcast responses? */ in icmp_sk_init()
1480 net->ipv4.sysctl_icmp_ignore_bogus_error_responses = 1; in icmp_sk_init()
1483 * Configurable global rate limit. in icmp_sk_init()
1485 * ratelimit defines tokens/packet consumed for dst->rate_token in icmp_sk_init()
1494 net->ipv4.sysctl_icmp_ratelimit = 1 * HZ; in icmp_sk_init()
1495 net->ipv4.sysctl_icmp_ratemask = 0x1818; in icmp_sk_init()
1496 net->ipv4.sysctl_icmp_errors_use_inbound_ifaddr = 0; in icmp_sk_init()
1497 net->ipv4.sysctl_icmp_msgs_per_sec = 1000; in icmp_sk_init()
1498 net->ipv4.sysctl_icmp_msgs_burst = 50; in icmp_sk_init()
1524 sk->sk_sndbuf = 2 * SKB_TRUESIZE(64 * 1024); in icmp_init()
1530 inet_sk(sk)->pmtudisc = IP_PMTUDISC_DONT; in icmp_init()