cregit-Linux how code gets into the kernel

Release 4.8 net/ipv4/icmp.c

Directory: net/ipv4
/*
 *      NET3:   Implementation of the ICMP protocol layer.
 *
 *              Alan Cox, <alan@lxorguk.ukuu.org.uk>
 *
 *      This program is free software; you can redistribute it and/or
 *      modify it under the terms of the GNU General Public License
 *      as published by the Free Software Foundation; either version
 *      2 of the License, or (at your option) any later version.
 *
 *      Some of the function names and the icmp unreach table for this
 *      module were derived from [icmp.c 1.0.11 06/02/93] by
 *      Ross Biro, Fred N. van Kempen, Mark Evans, Alan Cox, Gerhard Koerting.
 *      Other than that this module is a complete rewrite.
 *
 *      Fixes:
 *      Clemens Fruhwirth       :       introduce global icmp rate limiting
 *                                      with icmp type masking ability instead
 *                                      of broken per type icmp timeouts.
 *              Mike Shaver     :       RFC1122 checks.
 *              Alan Cox        :       Multicast ping reply as self.
 *              Alan Cox        :       Fix atomicity lockup in ip_build_xmit
 *                                      call.
 *              Alan Cox        :       Added 216,128 byte paths to the MTU
 *                                      code.
 *              Martin Mares    :       RFC1812 checks.
 *              Martin Mares    :       Can be configured to follow redirects
 *                                      if acting as a router _without_ a
 *                                      routing protocol (RFC 1812).
 *              Martin Mares    :       Echo requests may be configured to
 *                                      be ignored (RFC 1812).
 *              Martin Mares    :       Limitation of ICMP error message
 *                                      transmit rate (RFC 1812).
 *              Martin Mares    :       TOS and Precedence set correctly
 *                                      (RFC 1812).
 *              Martin Mares    :       Now copying as much data from the
 *                                      original packet as we can without
 *                                      exceeding 576 bytes (RFC 1812).
 *      Willy Konynenberg       :       Transparent proxying support.
 *              Keith Owens     :       RFC1191 correction for 4.2BSD based
 *                                      path MTU bug.
 *              Thomas Quinot   :       ICMP Dest Unreach codes up to 15 are
 *                                      valid (RFC 1812).
 *              Andi Kleen      :       Check all packet lengths properly
 *                                      and moved all kfree_skb() up to
 *                                      icmp_rcv.
 *              Andi Kleen      :       Move the rate limit bookkeeping
 *                                      into the dest entry and use a token
 *                                      bucket filter (thanks to ANK). Make
 *                                      the rates sysctl configurable.
 *              Yu Tianli       :       Fixed two ugly bugs in icmp_send
 *                                      - IP option length was accounted wrongly
 *                                      - ICMP header length was not accounted
 *                                        at all.
 *              Tristan Greaves :       Added sysctl option to ignore bogus
 *                                      broadcast responses from broken routers.
 *
 * To Fix:
 *
 *      - Should use skb_pull() instead of all the manual checking.
 *        This would also greatly simply some upper layer error handlers. --AK
 *
 */


#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt

#include <linux/module.h>
#include <linux/types.h>
#include <linux/jiffies.h>
#include <linux/kernel.h>
#include <linux/fcntl.h>
#include <linux/socket.h>
#include <linux/in.h>
#include <linux/inet.h>
#include <linux/inetdevice.h>
#include <linux/netdevice.h>
#include <linux/string.h>
#include <linux/netfilter_ipv4.h>
#include <linux/slab.h>
#include <net/snmp.h>
#include <net/ip.h>
#include <net/route.h>
#include <net/protocol.h>
#include <net/icmp.h>
#include <net/tcp.h>
#include <net/udp.h>
#include <net/raw.h>
#include <net/ping.h>
#include <linux/skbuff.h>
#include <net/sock.h>
#include <linux/errno.h>
#include <linux/timer.h>
#include <linux/init.h>
#include <asm/uaccess.h>
#include <net/checksum.h>
#include <net/xfrm.h>
#include <net/inet_common.h>
#include <net/ip_fib.h>
#include <net/l3mdev.h>

/*
 *      Build xmit assembly blocks
 */


struct icmp_bxm {
	
struct sk_buff *skb;
	
int offset;
	
int data_len;

	struct {
		
struct icmphdr icmph;
		
__be32	       times[3];
	} 
data;
	
int head_len;
	
struct ip_options_data replyopts;
};

/* An array of errno for error messages from dest unreach. */
/* RFC 1122: 3.2.2.1 States that NET_UNREACH, HOST_UNREACH and SR_FAILED MUST be considered 'transient errs'. */


const struct icmp_err icmp_err_convert[] = {
	{
		.errno = ENETUNREACH,	/* ICMP_NET_UNREACH */
		.fatal = 0,
        },
	{
		.errno = EHOSTUNREACH,	/* ICMP_HOST_UNREACH */
		.fatal = 0,
        },
	{
		.errno = ENOPROTOOPT	/* ICMP_PROT_UNREACH */,
		.fatal = 1,
        },
	{
		.errno = ECONNREFUSED,	/* ICMP_PORT_UNREACH */
		.fatal = 1,
        },
	{
		.errno = EMSGSIZE,	/* ICMP_FRAG_NEEDED */
		.fatal = 0,
        },
	{
		.errno = EOPNOTSUPP,	/* ICMP_SR_FAILED */
		.fatal = 0,
        },
	{
		.errno = ENETUNREACH,	/* ICMP_NET_UNKNOWN */
		.fatal = 1,
        },
	{
		.errno = EHOSTDOWN,	/* ICMP_HOST_UNKNOWN */
		.fatal = 1,
        },
	{
		.errno = ENONET,	/* ICMP_HOST_ISOLATED */
		.fatal = 1,
        },
	{
		.errno = ENETUNREACH,	/* ICMP_NET_ANO */
		.fatal = 1,
        },
	{
		.errno = EHOSTUNREACH,	/* ICMP_HOST_ANO */
		.fatal = 1,
        },
	{
		.errno = ENETUNREACH,	/* ICMP_NET_UNR_TOS */
		.fatal = 0,
        },
	{
		.errno = EHOSTUNREACH,	/* ICMP_HOST_UNR_TOS */
		.fatal = 0,
        },
	{
		.errno = EHOSTUNREACH,	/* ICMP_PKT_FILTERED */
		.fatal = 1,
        },
	{
		.errno = EHOSTUNREACH,	/* ICMP_PREC_VIOLATION */
		.fatal = 1,
        },
	{
		.errno = EHOSTUNREACH,	/* ICMP_PREC_CUTOFF */
		.fatal = 1,
        },
};

EXPORT_SYMBOL(icmp_err_convert);

/*
 *      ICMP control array. This specifies what to do with each ICMP.
 */


struct icmp_control {
	
bool (*handler)(struct sk_buff *skb);
	
short   error;		/* This ICMP is classed as an error message */
};


static const struct icmp_control icmp_pointers[NR_ICMP_TYPES+1];

/*
 *      The ICMP socket(s). This is the most convenient way to flow control
 *      our ICMP output as well as maintain a clean interface throughout
 *      all layers. All Socketless IP sends will soon be gone.
 *
 *      On SMP we have one ICMP socket per-cpu.
 */

static struct sock *icmp_sk(struct net *net) { return *this_cpu_ptr(net->ipv4.icmp_sk); }

Contributors

PersonTokensPropCommitsCommitProp
denis v. lunevdenis v. lunev1979.17%360.00%
eric dumazeteric dumazet416.67%120.00%
david s. millerdavid s. miller14.17%120.00%
Total24100.00%5100.00%


static inline struct sock *icmp_xmit_lock(struct net *net) { struct sock *sk; local_bh_disable(); sk = icmp_sk(net); if (unlikely(!spin_trylock(&sk->sk_lock.slock))) { /* This can happen if the output path signals a * dst_link_failure() for an outgoing ICMP packet. */ local_bh_enable(); return NULL; } return sk; }

Contributors

PersonTokensPropCommitsCommitProp
denis v. lunevdenis v. lunev2238.60%228.57%
pre-gitpre-git1933.33%114.29%
david s. millerdavid s. miller1424.56%228.57%
eric dumazeteric dumazet11.75%114.29%
arnaldo carvalho de meloarnaldo carvalho de melo11.75%114.29%
Total57100.00%7100.00%


static inline void icmp_xmit_unlock(struct sock *sk) { spin_unlock_bh(&sk->sk_lock.slock); }

Contributors

PersonTokensPropCommitsCommitProp
pre-gitpre-git1359.09%120.00%
denis v. lunevdenis v. lunev522.73%120.00%
david s. millerdavid s. miller29.09%120.00%
arnaldo carvalho de meloarnaldo carvalho de melo14.55%120.00%
eric dumazeteric dumazet14.55%120.00%
Total22100.00%5100.00%

int sysctl_icmp_msgs_per_sec __read_mostly = 1000; int sysctl_icmp_msgs_burst __read_mostly = 50; static struct { spinlock_t lock; u32 credit; u32 stamp; } icmp_global = { .lock = __SPIN_LOCK_UNLOCKED(icmp_global.lock), }; /** * icmp_global_allow - Are we allowed to send one more ICMP message ? * * Uses a token bucket to limit our ICMP messages to sysctl_icmp_msgs_per_sec. * Returns false if we reached the limit and can not send another packet. * Note: called with BH disabled */
bool icmp_global_allow(void) { u32 credit, delta, incr = 0, now = (u32)jiffies; bool rc = false; /* Check if token bucket is empty and cannot be refilled * without taking the spinlock. */ if (!icmp_global.credit) { delta = min_t(u32, now - icmp_global.stamp, HZ); if (delta < HZ / 50) return false; } spin_lock(&icmp_global.lock); delta = min_t(u32, now - icmp_global.stamp, HZ); if (delta >= HZ / 50) { incr = sysctl_icmp_msgs_per_sec * delta / HZ ; if (incr) icmp_global.stamp = now; } credit = min_t(u32, icmp_global.credit + incr, sysctl_icmp_msgs_burst); if (credit) { credit--; rc = true; } icmp_global.credit = credit; spin_unlock(&icmp_global.lock); return rc; }

Contributors

PersonTokensPropCommitsCommitProp
eric dumazeteric dumazet160100.00%1100.00%
Total160100.00%1100.00%

EXPORT_SYMBOL(icmp_global_allow); /* * Send an ICMP frame. */
static bool icmpv4_xrlim_allow(struct net *net, struct rtable *rt, struct flowi4 *fl4, int type, int code) { struct dst_entry *dst = &rt->dst; bool rc = true; if (type > NR_ICMP_TYPES) goto out; /* Don't limit PMTU discovery. */ if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED) goto out; /* No rate limit on loopback */ if (dst->dev && (dst->dev->flags&IFF_LOOPBACK)) goto out; /* Limit if icmp type is enabled in ratemask. */ if (!((1 << type) & net->ipv4.sysctl_icmp_ratemask)) goto out; rc = false; if (icmp_global_allow()) { int vif = l3mdev_master_ifindex(dst->dev); struct inet_peer *peer; peer = inet_getpeer_v4(net->ipv4.peers, fl4->daddr, vif, 1); rc = inet_peer_xrlim_allow(peer, net->ipv4.sysctl_icmp_ratelimit); if (peer) inet_putpeer(peer); } out: return rc; }

Contributors

PersonTokensPropCommitsCommitProp
pre-gitpre-git6335.39%320.00%
david s. millerdavid s. miller3519.66%426.67%
eric dumazeteric dumazet1910.67%16.67%
arnaldo carvalho de meloarnaldo carvalho de melo1810.11%16.67%
linus torvaldslinus torvalds147.87%16.67%
pavel emelianovpavel emelianov137.30%213.33%
david aherndavid ahern126.74%213.33%
neal cardwellneal cardwell42.25%16.67%
Total178100.00%15100.00%

/* * Maintain the counters used in the SNMP statistics for outgoing ICMP */
void icmp_out_count(struct net *net, unsigned char type) { ICMPMSGOUT_INC_STATS(net, type); ICMP_INC_STATS(net, ICMP_MIB_OUTMSGS); }

Contributors

PersonTokensPropCommitsCommitProp
pre-gitpre-git1450.00%225.00%
pavel emelianovpavel emelianov932.14%337.50%
david l stevensdavid l stevens310.71%112.50%
ravikiran g thirumalairavikiran g thirumalai13.57%112.50%
hideaki yoshifujihideaki yoshifuji13.57%112.50%
Total28100.00%8100.00%

/* * Checksum each fragment, and on the first include the headers and final * checksum. */
static int icmp_glue_bits(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb) { struct icmp_bxm *icmp_param = (struct icmp_bxm *)from; __wsum csum; csum = skb_copy_and_csum_bits(icmp_param->skb, icmp_param->offset + offset, to, len, 0); skb->csum = csum_block_add(skb->csum, csum, odd); if (icmp_pointers[icmp_param->data.icmph.type].error) nf_ct_attach(skb, icmp_param->skb); return 0; }

Contributors

PersonTokensPropCommitsCommitProp
pre-gitpre-git4441.51%646.15%
alexey kuznetsovalexey kuznetsov2927.36%215.38%
patrick mchardypatrick mchardy2422.64%17.69%
linus torvaldslinus torvalds65.66%17.69%
al viroal viro10.94%17.69%
arnaldo carvalho de meloarnaldo carvalho de melo10.94%17.69%
adrian bunkadrian bunk10.94%17.69%
Total106100.00%13100.00%


static void icmp_push_reply(struct icmp_bxm *icmp_param, struct flowi4 *fl4, struct ipcm_cookie *ipc, struct rtable **rt) { struct sock *sk; struct sk_buff *skb; sk = icmp_sk(dev_net((*rt)->dst.dev)); if (ip_append_data(sk, fl4, icmp_glue_bits, icmp_param, icmp_param->data_len+icmp_param->head_len, icmp_param->head_len, ipc, rt, MSG_DONTWAIT) < 0) { __ICMP_INC_STATS(sock_net(sk), ICMP_MIB_OUTERRORS); ip_flush_pending_frames(sk); } else if ((skb = skb_peek(&sk->sk_write_queue)) != NULL) { struct icmphdr *icmph = icmp_hdr(skb); __wsum csum = 0; struct sk_buff *skb1; skb_queue_walk(&sk->sk_write_queue, skb1) { csum = csum_add(csum, skb1->csum); } csum = csum_partial_copy_nocheck((void *)&icmp_param->data, (char *)icmph, icmp_param->head_len, csum); icmph->checksum = csum_fold(csum); skb->ip_summed = CHECKSUM_NONE; ip_push_pending_frames(sk, fl4); } }

Contributors

PersonTokensPropCommitsCommitProp
alexey kuznetsovalexey kuznetsov11353.81%15.56%
pre-gitpre-git3215.24%316.67%
denis v. lunevdenis v. lunev178.10%316.67%
eric dumazeteric dumazet167.62%316.67%
patrick mchardypatrick mchardy104.76%15.56%
david s. millerdavid s. miller94.29%211.11%
linus torvaldslinus torvalds52.38%15.56%
arnaldo carvalho de meloarnaldo carvalho de melo41.90%211.11%
hideaki yoshifujihideaki yoshifuji31.43%15.56%
al viroal viro10.48%15.56%
Total210100.00%18100.00%

/* * Driving logic for building and sending ICMP messages. */
static void icmp_reply(struct icmp_bxm *icmp_param, struct sk_buff *skb) { struct ipcm_cookie ipc; struct rtable *rt = skb_rtable(skb); struct net *net = dev_net(rt->dst.dev); struct flowi4 fl4; struct sock *sk; struct inet_sock *inet; __be32 daddr, saddr; u32 mark = IP4_REPLY_MARK(net, skb->mark); if (ip_options_echo(&icmp_param->replyopts.opt.opt, skb)) return; sk = icmp_xmit_lock(net); if (!sk) return; inet = inet_sk(sk); icmp_param->data.icmph.checksum = 0; inet->tos = ip_hdr(skb)->tos; sk->sk_mark = mark; daddr = ipc.addr = ip_hdr(skb)->saddr; saddr = fib_compute_spec_dst(skb); ipc.opt = NULL; ipc.tx_flags = 0; ipc.ttl = 0; ipc.tos = -1; if (icmp_param->replyopts.opt.opt.optlen) { ipc.opt = &icmp_param->replyopts.opt; if (ipc.opt->opt.srr) daddr = icmp_param->replyopts.opt.opt.faddr; } memset(&fl4, 0, sizeof(fl4)); fl4.daddr = daddr; fl4.saddr = saddr; fl4.flowi4_mark = mark; fl4.flowi4_tos = RT_TOS(ip_hdr(skb)->tos); fl4.flowi4_proto = IPPROTO_ICMP; fl4.flowi4_oif = l3mdev_master_ifindex(skb->dev); security_skb_classify_flow(skb, flowi4_to_flowi(&fl4)); rt = ip_route_output_key(net, &fl4); if (IS_ERR(rt)) goto out_unlock; if (icmpv4_xrlim_allow(net, rt, &fl4, icmp_param->data.icmph.type, icmp_param->data.icmph.code)) icmp_push_reply(icmp_param, &fl4, &ipc, &rt); ip_rt_put(rt); out_unlock: icmp_xmit_unlock(sk); }

Contributors

PersonTokensPropCommitsCommitProp
pre-gitpre-git14538.36%1225.53%
david s. millerdavid s. miller8221.69%1123.40%
denis v. lunevdenis v. lunev4311.38%48.51%
lorenzo colittilorenzo colitti246.35%12.13%
eric dumazeteric dumazet205.29%36.38%
francesco fuscofrancesco fusco133.44%12.13%
david aherndavid ahern112.91%24.26%
venkat yekkiralavenkat yekkirala71.85%12.13%
linus torvaldslinus torvalds71.85%12.13%
changli gaochangli gao61.59%12.13%
arnaldo carvalho de meloarnaldo carvalho de melo51.32%24.26%
patrick ohlypatrick ohly51.32%12.13%
hideaki yoshifujihideaki yoshifuji30.79%12.13%
pavel emelianovpavel emelianov20.53%12.13%
alexey kuznetsovalexey kuznetsov10.26%12.13%
al viroal viro10.26%12.13%
oliver hartkoppoliver hartkopp10.26%12.13%
simon hormansimon horman10.26%12.13%
ian morrisian morris10.26%12.13%
Total378100.00%47100.00%

#ifdef CONFIG_IP_ROUTE_MULTIPATH /* Source and destination is swapped. See ip_multipath_icmp_hash */
static int icmp_multipath_hash_skb(const struct sk_buff *skb) { const struct iphdr *iph = ip_hdr(skb); return fib_multipath_hash(iph->daddr, iph->saddr); }

Contributors

PersonTokensPropCommitsCommitProp
peter christensenpeter christensen35100.00%1100.00%
Total35100.00%1100.00%

#else #define icmp_multipath_hash_skb(skb) (-1) #endif
static struct rtable *icmp_route_lookup(struct net *net, struct flowi4 *fl4, struct sk_buff *skb_in, const struct iphdr *iph, __be32 saddr, u8 tos, u32 mark, int type, int code, struct icmp_bxm *param) { struct rtable *rt, *rt2; struct flowi4 fl4_dec; int err; memset(fl4, 0, sizeof(*fl4)); fl4->daddr = (param->replyopts.opt.opt.srr ? param->replyopts.opt.opt.faddr : iph->saddr); fl4->saddr = saddr; fl4->flowi4_mark = mark; fl4->flowi4_tos = RT_TOS(tos); fl4->flowi4_proto = IPPROTO_ICMP; fl4->fl4_icmp_type = type; fl4->fl4_icmp_code = code; fl4->flowi4_oif = l3mdev_master_ifindex(skb_in->dev); security_skb_classify_flow(skb_in, flowi4_to_flowi(fl4)); rt = __ip_route_output_key_hash(net, fl4, icmp_multipath_hash_skb(skb_in)); if (IS_ERR(rt)) return rt; /* No need to clone since we're just using its address. */ rt2 = rt; rt = (struct rtable *) xfrm_lookup(net, &rt->dst, flowi4_to_flowi(fl4), NULL, 0); if (!IS_ERR(rt)) { if (rt != rt2) return rt; } else if (PTR_ERR(rt) == -EPERM) { rt = NULL; } else return rt; err = xfrm_decode_session_reverse(skb_in, flowi4_to_flowi(&fl4_dec), AF_INET); if (err) goto relookup_failed; if (inet_addr_type_dev_table(net, skb_in->dev, fl4_dec.saddr) == RTN_LOCAL) { rt2 = __ip_route_output_key(net, &fl4_dec); if (IS_ERR(rt2)) err = PTR_ERR(rt2); } else { struct flowi4 fl4_2 = {}; unsigned long orefdst; fl4_2.daddr = fl4_dec.saddr; rt2 = ip_route_output_key(net, &fl4_2); if (IS_ERR(rt2)) { err = PTR_ERR(rt2); goto relookup_failed; } /* Ugh! */ orefdst = skb_in->_skb_refdst; /* save old refdst */ skb_dst_set(skb_in, NULL); err = ip_route_input(skb_in, fl4_dec.daddr, fl4_dec.saddr, RT_TOS(tos), rt2->dst.dev); dst_release(&rt2->dst); rt2 = skb_rtable(skb_in); skb_in->_skb_refdst = orefdst; /* restore old refdst */ } if (err) goto relookup_failed; rt2 = (struct rtable *) xfrm_lookup(net, &rt2->dst, flowi4_to_flowi(&fl4_dec), NULL, XFRM_LOOKUP_ICMP); if (!IS_ERR(rt2)) { dst_release(&rt->dst); memcpy(fl4, &fl4_dec, sizeof(*fl4)); rt = rt2; } else if (PTR_ERR(rt2) == -EPERM) { if (rt) dst_release(&rt->dst); return rt2; } else { err = PTR_ERR(rt2); goto relookup_failed; } return rt; relookup_failed: if (rt) return rt; return ERR_PTR(err); }

Contributors

PersonTokensPropCommitsCommitProp
david s. millerdavid s. miller43776.80%926.47%
pre-gitpre-git437.56%411.76%
david aherndavid ahern162.81%38.82%
patrick mchardypatrick mchardy101.76%12.94%
eric dumazeteric dumazet101.76%38.82%
lorenzo colittilorenzo colitti91.58%12.94%
j. simonettij. simonetti81.41%12.94%
thomas grafthomas graf71.23%12.94%
linus torvaldslinus torvalds71.23%12.94%
denis v. lunevdenis v. lunev61.05%38.82%
peter christensenpeter christensen61.05%12.94%
arnaldo carvalho de meloarnaldo carvalho de melo61.05%38.82%
hideaki yoshifujihideaki yoshifuji20.35%12.94%
pavel emelianovpavel emelianov10.18%12.94%
eric w. biedermaneric w. biederman10.18%12.94%
Total569100.00%34100.00%

/* * Send an ICMP message in response to a situation * * RFC 1122: 3.2.2 MUST send at least the IP header and 8 bytes of header. * MAY send more (we do). * MUST NOT change this header information. * MUST NOT reply to a multicast/broadcast IP address. * MUST NOT reply to a multicast/broadcast MAC address. * MUST reply to only the first fragment. */
void icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info) { struct iphdr *iph; int room; struct icmp_bxm *icmp_param; struct rtable *rt = skb_rtable(skb_in); struct ipcm_cookie ipc; struct flowi4 fl4; __be32 saddr; u8 tos; u32 mark; struct net *net; struct sock *sk; if (!rt) goto out; net = dev_net(rt->dst.dev); /* * Find the original header. It is expected to be valid, of course. * Check this, icmp_send is called from the most obscure devices * sometimes. */ iph = ip_hdr(skb_in); if ((u8 *)iph < skb_in->head || (skb_network_header(skb_in) + sizeof(*iph)) > skb_tail_pointer(skb_in)) goto out; /* * No replies to physical multicast/broadcast */ if (skb_in->pkt_type != PACKET_HOST) goto out; /* * Now check at the protocol level */ if (rt->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST)) goto out; /* * Only reply to fragment 0. We byte re-order the constant * mask for efficiency. */ if (iph->frag_off & htons(IP_OFFSET)) goto out; /* * If we send an ICMP error to an ICMP error a mess would result.. */ if (icmp_pointers[type].error) { /* * We are an error, check if we are replying to an * ICMP error */ if (iph->protocol == IPPROTO_ICMP) { u8 _inner_type, *itp; itp = skb_header_pointer(skb_in, skb_network_header(skb_in) + (iph->ihl << 2) + offsetof(struct icmphdr, type) - skb_in->data, sizeof(_inner_type), &_inner_type); if (!itp) goto out; /* * Assume any unknown ICMP type is an error. This * isn't specified by the RFC, but think about it.. */ if (*itp > NR_ICMP_TYPES || icmp_pointers[*itp].error) goto out; } } icmp_param = kmalloc(sizeof(*icmp_param), GFP_ATOMIC); if (!icmp_param) return; sk = icmp_xmit_lock(net); if (!sk) goto out_free; /* * Construct source address and options. */ saddr = iph->daddr; if (!(rt->rt_flags & RTCF_LOCAL)) { struct net_device *dev = NULL; rcu_read_lock(); if (rt_is_input_route(rt) && net->ipv4.sysctl_icmp_errors_use_inbound_ifaddr) dev = dev_get_by_index_rcu(net, inet_iif(skb_in)); if (dev) saddr = inet_select_addr(dev, 0, RT_SCOPE_LINK); else saddr = 0; rcu_read_unlock(); } tos = icmp_pointers[type].error ? ((iph->tos & IPTOS_TOS_MASK) | IPTOS_PREC_INTERNETCONTROL) : iph->tos; mark = IP4_REPLY_MARK(net, skb_in->mark); if (ip_options_echo(&icmp_param->replyopts.opt.opt, skb_in)) goto out_unlock; /* * Prepare data for ICMP header. */ icmp_param->data.icmph.type = type; icmp_param->data.icmph.code = code; icmp_param->data.icmph.un.gateway = info; icmp_param->data.icmph.checksum = 0; icmp_param->skb = skb_in; icmp_param->offset = skb_network_offset(skb_in); inet_sk(sk)->tos = tos; sk->sk_mark = mark; ipc.addr = iph->saddr; ipc.opt = &icmp_param->replyopts.opt; ipc.tx_flags = 0; ipc.ttl = 0; ipc.tos = -1; rt = icmp_route_lookup(net, &fl4, skb_in, iph, saddr, tos, mark, type, code, icmp_param); if (IS_ERR(rt)) goto out_unlock; if (!icmpv4_xrlim_allow(net, rt, &fl4, type, code)) goto ende; /* RFC says return as much as we can without exceeding 576 bytes. */ room = dst_mtu(&rt->dst); if (room > 576) room = 576; room -= sizeof(struct iphdr) + icmp_param->replyopts.opt.opt.optlen; room -= sizeof(struct icmphdr); icmp_param->data_len = skb_in->len - icmp_param->offset; if (icmp_param->data_len > room) icmp_param->data_len = room; icmp_param->head_len = sizeof(struct icmphdr); icmp_push_reply(icmp_param, &fl4, &ipc, &rt); ende: ip_rt_put(rt); out_unlock: icmp_xmit_unlock(sk); out_free: kfree(icmp_param); out:;