root/net/ipv4/icmp.c

/* [previous][next][first][last][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. xrlim_init
  2. xrlim_allow
  3. icmp_out_count
  4. icmp_glue_bits
  5. icmp_build_xmit
  6. icmp_send
  7. icmp_unreach
  8. icmp_redirect
  9. icmp_echo
  10. icmp_timestamp
  11. icmp_address
  12. icmp_discard
  13. icmp_rcv
  14. icmp_init

   1 /*
   2  *      NET3:   Implementation of the ICMP protocol layer. 
   3  *      
   4  *              Alan Cox, <alan@cymru.net>
   5  *
   6  *      This program is free software; you can redistribute it and/or
   7  *      modify it under the terms of the GNU General Public License
   8  *      as published by the Free Software Foundation; either version
   9  *      2 of the License, or (at your option) any later version.
  10  *
  11  *      Some of the function names and the icmp unreach table for this
  12  *      module were derived from [icmp.c 1.0.11 06/02/93] by
  13  *      Ross Biro, Fred N. van Kempen, Mark Evans, Alan Cox, Gerhard Koerting.
  14  *      Other than that this module is a complete rewrite.
  15  *
  16  *      Fixes:
  17  *              Mike Shaver     :       RFC1122 checks.
  18  *              Alan Cox        :       Multicast ping reply as self.
  19  *              Alan Cox        :       Fix atomicity lockup in ip_build_xmit call
  20  *              Alan Cox        :       Added 216,128 byte paths to the MTU code.
  21  *              Martin Mares    :       RFC1812 checks.
  22  *              Martin Mares    :       Can be configured to follow redirects if acting
  23  *                                      as a router _without_ a routing protocol (RFC 1812).
  24  *              Martin Mares    :       Echo requests may be configured to be ignored (RFC 1812).
  25  *              Martin Mares    :       Limitation of ICMP error message transmit rate (RFC 1812).
  26  *              Martin Mares    :       TOS and Precedence set correctly (RFC 1812).
  27  *
  28  *
  29  *
  30  * RFC1122 (Host Requirements -- Comm. Layer) Status:
  31  * (boy, are there a lot of rules for ICMP)
  32  *  3.2.2 (Generic ICMP stuff)
  33  *   MUST discard messages of unknown type. (OK)
  34  *   MUST copy at least the first 8 bytes from the offending packet
  35  *     when sending ICMP errors. (OBSOLETE -- see RFC1812)
  36  *   MUST pass received ICMP errors up to protocol level. (OK)
  37  *   SHOULD send ICMP errors with TOS == 0. (OBSOLETE -- see RFC1812)
  38  *   MUST NOT send ICMP errors in reply to:
  39  *     ICMP errors (OK)
  40  *     Broadcast/multicast datagrams (OK)
  41  *     MAC broadcasts (OK)
  42  *     Non-initial fragments (OK)
  43  *     Datagram with a source address that isn't a single host. (OK)
  44  *  3.2.2.1 (Destination Unreachable)
  45  *   All the rules govern the IP layer, and are dealt with in ip.c, not here.
  46  *  3.2.2.2 (Redirect)
  47  *   Host SHOULD NOT send ICMP_REDIRECTs.  (OK)
  48  *   MUST update routing table in response to host or network redirects.
  49  *     (host OK, network OBSOLETE)
  50  *   SHOULD drop redirects if they're not from directly connected gateway
  51  *     (OK -- we drop it if it's not from our old gateway, which is close
  52  *      enough)
  53  * 3.2.2.3 (Source Quench)
  54  *   MUST pass incoming SOURCE_QUENCHs to transport layer (OK)
  55  *   Other requirements are dealt with at the transport layer.
  56  * 3.2.2.4 (Time Exceeded)
  57  *   MUST pass TIME_EXCEEDED to transport layer (OK)
  58  *   Other requirements dealt with at IP (generating TIME_EXCEEDED).
  59  * 3.2.2.5 (Parameter Problem)
  60  *   SHOULD generate these (OK)
  61  *   MUST pass received PARAMPROBLEM to transport layer (NOT YET)
  62  *      [Solaris 2.X seems to assert EPROTO when this occurs] -- AC
  63  * 3.2.2.6 (Echo Request/Reply)
  64  *   MUST reply to ECHO_REQUEST, and give app to do ECHO stuff (OK, OK)
  65  *   MAY discard broadcast ECHO_REQUESTs. (We don't, but that's OK.)
  66  *   MUST reply using same source address as the request was sent to.
  67  *     We're OK for unicast ECHOs, and it doesn't say anything about
  68  *     how to handle broadcast ones, since it's optional.
  69  *   MUST copy data from REQUEST to REPLY (OK)
  70  *     unless it would require illegal fragmentation (OK)
  71  *   MUST pass REPLYs to transport/user layer (OK)
  72  *   MUST use any provided source route (reversed) for REPLY. (NOT YET)
  73  * 3.2.2.7 (Information Request/Reply)
  74  *   MUST NOT implement this. (I guess that means silently discard...?) (OK)
  75  * 3.2.2.8 (Timestamp Request/Reply)
  76  *   MAY implement (OK)
  77  *   SHOULD be in-kernel for "minimum variability" (OK)
  78  *   MAY discard broadcast REQUESTs.  (OK, but see source for inconsistency)
  79  *   MUST reply using same source address as the request was sent to. (OK)
  80  *   MUST reverse source route, as per ECHO (NOT YET)
  81  *   MUST pass REPLYs to transport/user layer (requires RAW, just like ECHO) (OK)
  82  *   MUST update clock for timestamp at least 15 times/sec (OK)
  83  *   MUST be "correct within a few minutes" (OK)
  84  * 3.2.2.9 (Address Mask Request/Reply)
  85  *   MAY implement (OK)
  86  *   MUST send a broadcast REQUEST if using this system to set netmask
  87  *     (OK... we don't use it)
  88  *   MUST discard received REPLYs if not using this system (OK)
  89  *   MUST NOT send replies unless specifically made agent for this sort
  90  *     of thing. (OK)
  91  *
  92  *
  93  * RFC 1812 (IPv4 Router Requirements) Status (even longer):
  94  *  4.3.2.1 (Unknown Message Types)
  95  *   MUST pass messages of unknown type to ICMP user iface or silently discard
  96  *     them (OK)
  97  *  4.3.2.2 (ICMP Message TTL)
  98  *   MUST initialize TTL when originating an ICMP message (OK)
  99  *  4.3.2.3 (Original Message Header)
 100  *   SHOULD copy as much data from the offending packet as possible without
 101  *     the length of the ICMP datagram exceeding 576 bytes (NOT YET)
 102  *   MUST leave original IP header of the offending packet, but we're not
 103  *     required to undo modifications made (OK)
 104  *  4.3.2.4 (Original Message Source Address)
 105  *   MUST use one of addresses for the interface the orig. packet arrived as
 106  *     source address (OK)
 107  *  4.3.2.5 (TOS and Precedence)
 108  *   SHOULD leave TOS set to the same value unless the packet would be discarded
 109  *     for that reason (OK)
 110  *   MUST use TOS=0 if not possible to leave original value (OK)
 111  *   MUST leave IP Precedence for Source Quench messages (OK -- not sent at all)
 112  *   SHOULD use IP Precedence = 6 (Internetwork Control) or 7 (Network Control)
 113  *     for all other error messages (OK, we use 6)
 114  *   MAY allow configuration of IP Precedence (OK -- not done)
 115  *   MUST leave IP Precedence and TOS for reply messages (OK)
 116  *  4.3.2.6 (Source Route)
 117  *   SHOULD use reverse source route UNLESS sending Parameter Problem on source
 118  *     routing and UNLESS the packet would be immediately discarded (NOT YET)
 119  *  4.3.2.7 (When Not to Send ICMP Errors)
 120  *   MUST NOT send ICMP errors in reply to:
 121  *     ICMP errors (OK)
 122  *     Packets failing IP header validation tests unless otherwise noted (OK)
 123  *     Broadcast/multicast datagrams (OK)
 124  *     MAC broadcasts (OK)
 125  *     Non-initial fragments (OK)
 126  *     Datagram with a source address that isn't a single host. (OK)
 127  *  4.3.2.8 (Rate Limiting)
 128  *   SHOULD be able to limit error message rate (OK)
 129  *   SHOULD allow setting of rate limits (OK, in the source)
 130  *  4.3.3.1 (Destination Unreachable)
 131  *   All the rules govern the IP layer, and are dealt with in ip.c, not here.
 132  *  4.3.3.2 (Redirect)
 133  *   MAY ignore ICMP Redirects if running a routing protocol or if forwarding
 134  *     is enabled on the interface (OK -- ignores)
 135  *  4.3.3.3 (Source Quench)
 136  *   SHOULD NOT originate SQ messages (OK)
 137  *   MUST be able to limit SQ rate if originates them (OK as we don't send them)
 138  *   MAY ignore SQ messages it receives (OK -- we don't)
 139  *  4.3.3.4 (Time Exceeded)
 140  *   Requirements dealt with at IP (generating TIME_EXCEEDED).
 141  *  4.3.3.5 (Parameter Problem)
 142  *   MUST generate these for all errors not covered by other messages (OK)
 143  *   MUST include original value of the value pointed by (OK)
 144  *  4.3.3.6 (Echo Request)
 145  *   MUST implement echo server function (OK)
 146  *   MUST process at ER of at least max(576, MTU) (OK)
 147  *   MAY reject broadcast/multicast ER's (We don't, but that's OK)
 148  *   SHOULD have a config option for silently ignoring ER's (OK)
 149  *   MUST have a default value for the above switch = NO (OK)
 150  *   MUST have application layer interface for Echo Request/Reply (OK)
 151  *   MUST reply using same source address as the request was sent to.
 152  *     We're OK for unicast ECHOs, and it doesn't say anything about
 153  *     how to handle broadcast ones, since it's optional.
 154  *   MUST copy data from Request to Reply (OK)
 155  *   SHOULD update Record Route / Timestamp options (??)
 156  *   MUST use reversed Source Route for Reply if possible (NOT YET)
 157  *  4.3.3.7 (Information Request/Reply)
 158  *   SHOULD NOT originate or respond to these (OK)
 159  *  4.3.3.8 (Timestamp / Timestamp Reply)
 160  *   MAY implement (OK)
 161  *   MUST reply to every Timestamp message received (OK)
 162  *   MAY discard broadcast REQUESTs.  (OK, but see source for inconsistency)
 163  *   MUST reply using same source address as the request was sent to. (OK)
 164  *   MUST use reversed Source Route if possible (NOT YET)
 165  *   SHOULD update Record Route / Timestamp options (??)
 166  *   MUST pass REPLYs to transport/user layer (requires RAW, just like ECHO) (OK)
 167  *   MUST update clock for timestamp at least 16 times/sec (OK)
 168  *   MUST be "correct within a few minutes" (OK)
 169  * 4.3.3.9 (Address Mask Request/Reply)
 170  *   MUST have support for receiving AMRq and responding with AMRe (OK, but only as a
 171  *     compile-time option)
 172  *   SHOULD have option for each interface for AMRe's, MUST default to NO (NOT YET)
 173  *   MUST NOT reply to AMRq before knows the correct AM (OK)
 174  *   MUST NOT respond to AMRq with source address 0.0.0.0 and the AM's for
 175  *     logical i-faces for the physical i-face are not the same (NOT YET)
 176  *   SHOULD examine all AMRe's it receives and check them (NOT YET)
 177  *   SHOULD log invalid AMRe's (AM+sender) (NOT YET)
 178  *   MUST NOT use contents of AMRe to determine correct AM (OK)
 179  *   MAY broadcast AMRe's after having configured address masks (OK -- doesn't)
 180  *   MUST NOT do broadcast AMRe's if not set by extra option (OK, no option)
 181  *   MUST use the { <NetPrefix>, -1 } form of broadcast addresses (OK)
 182  * 4.3.3.10 (Router Advertisement and Solicitations)
 183  *   MUST support router part of Router Discovery Protocol on all networks we
 184  *     support broadcast or multicast addressing. (OK -- done by gated)
 185  *   MUST have all config parameters with the respective defaults (OK)
 186  * 5.2.7.1 (Destination Unreachable)
 187  *   MUST generate DU's (OK)
 188  *   SHOULD choose a best-match response code (OK)
 189  *   SHOULD NOT generate Host Isolated codes (OK)
 190  *   SHOULD use Communication Administratively Prohibited when administratively
 191  *     filtering packets (NOT YET)
 192  *   MAY include config option for not generating the above and silently discard
 193  *     the packets instead (OK)
 194  *   MAY include config option for not generating Precedence Violation and
 195  *     Precedence Cutoff messages (OK as we don't generate them at all)
 196  *   MUST use Host Unreachable or Dest. Host Unknown codes whenever other hosts
 197  *     on the same network might be reachable (OK -- no net unreach's at all)
 198  *   MUST use new form of Fragmentation Needed and DF Set messages (OK)
 199  * 5.2.7.2 (Redirect)
 200  *   MUST NOT generate network redirects (OK)
 201  *   MUST be able to generate host redirects (OK)
 202  *   SHOULD be able to generate Host+TOS redirects (NO as we don't use TOS)
 203  *   MUST have an option to use Host redirects instead of Host+TOS ones (OK as
 204  *     no Host+TOS Redirects are used)
 205  *   MUST NOT generate redirects unless forwarding to the same i-face and the
 206  *     dest. address is on the same subnet as the src. address and no source
 207  *     routing is in use. (OK)
 208  *   MUST NOT follow redirects when using a routing protocol (OK)
 209  *   MAY use redirects if not using a routing protocol (OK, compile-time option)
 210  *   MUST comply to Host Requirements when not acting as a router (OK)
 211  *  5.2.7.3 (Time Exceeded)
 212  *   MUST generate Time Exceeded Code 0 when discarding packet due to TTL=0 (OK)
 213  *   MAY have a per-interface option to disable origination of TE messages, but
 214  *     it MUST default to "originate" (OK -- we don't support it)
 215  */
 216 
 217 #include <linux/config.h>
 218 #include <linux/types.h>
 219 #include <linux/sched.h>
 220 #include <linux/kernel.h>
 221 #include <linux/fcntl.h>
 222 #include <linux/socket.h>
 223 #include <linux/in.h>
 224 #include <linux/inet.h>
 225 #include <linux/netdevice.h>
 226 #include <linux/string.h>
 227 #include <net/snmp.h>
 228 #include <net/ip.h>
 229 #include <net/route.h>
 230 #include <net/protocol.h>
 231 #include <net/icmp.h>
 232 #include <net/tcp.h>
 233 #include <net/snmp.h>
 234 #include <linux/skbuff.h>
 235 #include <net/sock.h>
 236 #include <linux/errno.h>
 237 #include <linux/timer.h>
 238 #include <asm/system.h>
 239 #include <asm/segment.h>
 240 #include <net/checksum.h>
 241 
 242 #define min(a,b)        ((a)<(b)?(a):(b))
 243 
 244 /*
 245  *      Statistics
 246  */
 247  
 248 struct icmp_mib icmp_statistics;
 249 
 250 /* An array of errno for error messages from dest unreach. */
 251 /* RFC 1122: 3.2.2.1 States that NET_UNREACH, HOS_UNREACH and SR_FAIELD MUST be considered 'transient errs'. */
 252 
 253 struct icmp_err icmp_err_convert[] = {
 254   { ENETUNREACH,        0 },    /*      ICMP_NET_UNREACH        */
 255   { EHOSTUNREACH,       0 },    /*      ICMP_HOST_UNREACH       */
 256   { ENOPROTOOPT,        1 },    /*      ICMP_PROT_UNREACH       */
 257   { ECONNREFUSED,       1 },    /*      ICMP_PORT_UNREACH       */
 258   { EOPNOTSUPP,         0 },    /*      ICMP_FRAG_NEEDED        */
 259   { EOPNOTSUPP,         0 },    /*      ICMP_SR_FAILED          */
 260   { ENETUNREACH,        1 },    /*      ICMP_NET_UNKNOWN        */
 261   { EHOSTDOWN,          1 },    /*      ICMP_HOST_UNKNOWN       */
 262   { ENONET,             1 },    /*      ICMP_HOST_ISOLATED      */
 263   { ENETUNREACH,        1 },    /*      ICMP_NET_ANO            */
 264   { EHOSTUNREACH,       1 },    /*      ICMP_HOST_ANO           */
 265   { EOPNOTSUPP,         0 },    /*      ICMP_NET_UNR_TOS        */
 266   { EOPNOTSUPP,         0 }     /*      ICMP_HOST_UNR_TOS       */
 267 };
 268 
 269 /*
 270  *      A spare long used to speed up statistics updating
 271  */
 272  
 273 unsigned long dummy;
 274 
 275 /*
 276  *      ICMP transmit rate limit control structures. We use a relatively simple
 277  *      approach to the problem: For each type of ICMP message with rate limit
 278  *      we count the number of messages sent during some time quantum. If this
 279  *      count exceeds given maximal value, we ignore all messages not separated
 280  *      from the last message sent at least by specified time.
 281  */
 282 
 283 #define XRLIM_CACHE_SIZE 16             /* How many destination hosts do we cache */
 284 
 285 struct icmp_xrl_cache                   /* One entry of the ICMP rate cache */
 286 {
 287         __u32 daddr;                    /* Destination address */
 288         unsigned long counter;          /* Message counter */
 289         unsigned long next_reset;       /* Time of next reset of the counter */
 290         unsigned long last_access;      /* Time of last access to this entry (LRU) */
 291         unsigned int restricted;        /* Set if we're in restricted mode */
 292         unsigned long next_packet;      /* When we'll allow a next packet if restricted */
 293 };
 294 
 295 struct icmp_xrlim
 296 {
 297         unsigned long timeout;          /* Time quantum for rate measuring */
 298         unsigned long limit;            /* Maximal number of messages per time quantum allowed */
 299         unsigned long delay;            /* How long we wait between packets when restricting */
 300         struct icmp_xrl_cache cache[XRLIM_CACHE_SIZE];  /* Rate cache */
 301 };
 302 
 303 /*
 304  *      ICMP control array. This specifies what to do with each ICMP.
 305  */
 306  
 307 struct icmp_control
 308 {
 309         unsigned long *output;          /* Address to increment on output */
 310         unsigned long *input;           /* Address to increment on input */
 311         void (*handler)(struct icmphdr *icmph, struct sk_buff *skb, struct device *dev, __u32 saddr, __u32 daddr, int len);
 312         unsigned long error;            /* This ICMP is classed as an error message */
 313         struct icmp_xrlim *xrlim;       /* Transmit rate limit control structure or NULL for no limits */
 314 };
 315 
 316 static struct icmp_control icmp_pointers[19];
 317 
 318 /*
 319  *      Build xmit assembly blocks
 320  */
 321 
 322 struct icmp_bxm
 323 {
 324         void *data_ptr;
 325         int data_len;
 326         struct icmphdr icmph;
 327         unsigned long csum;
 328         struct options replyopts;
 329         unsigned char  optbuf[40];
 330 };
 331 
 332 /*
 333  *      The ICMP socket. This is the most convenient way to flow control
 334  *      our ICMP output as well as maintain a clean interface throughout
 335  *      all layers. All Socketless IP sends will soon be gone.
 336  */
 337         
 338 struct socket icmp_socket;
 339 
 340 /*
 341  *      Send an ICMP frame.
 342  */
 343  
 344 
 345 /*
 346  *      Initialize the transmit rate limitation mechanism.
 347  */
 348 
 349 #ifndef CONFIG_NO_ICMP_LIMIT
 350 
 351 static void xrlim_init(void)
     /* [previous][next][first][last][top][bottom][index][help] */
 352 {
 353         int type, entry;
 354         struct icmp_xrlim *xr;
 355 
 356         for (type=0; type<=18; type++) {
 357                 xr = icmp_pointers[type].xrlim;
 358                 if (xr) {
 359                         for (entry=0; entry<XRLIM_CACHE_SIZE; entry++)
 360                                 xr->cache[entry].daddr = INADDR_NONE;
 361                 }
 362         }
 363 }
 364 
 365 /*
 366  *      Check transmit rate limitation for given message.
 367  *
 368  *      RFC 1812: 4.3.2.8 SHOULD be able to limit error message rate
 369  *                        SHOULD allow setting of rate limits (we allow in the source)
 370  */
 371 
 372 static int xrlim_allow(int type, __u32 addr)
     /* [previous][next][first][last][top][bottom][index][help] */
 373 {
 374         struct icmp_xrlim *r;
 375         struct icmp_xrl_cache *c;
 376         unsigned long now;
 377 
 378         if (type > 18)                  /* No time limit present */
 379                 return 1;
 380         r = icmp_pointers[type].xrlim;
 381         if (!r)
 382                 return 1;
 383 
 384         for (c = r->cache; c < &r->cache[XRLIM_CACHE_SIZE]; c++)        /* Cache lookup */
 385                 if (c->daddr == addr)
 386                         break;
 387 
 388         now = jiffies;          /* Cache current time (saves accesses to volatile variable) */
 389 
 390         if (c == &r->cache[XRLIM_CACHE_SIZE]) {         /* Cache miss */
 391                 unsigned long oldest = now;             /* Find the oldest entry to replace */
 392                 struct icmp_xrl_cache *d;
 393                 c = r->cache;
 394                 for (d = r->cache; d < &r->cache[XRLIM_CACHE_SIZE]; d++)
 395                         if (!d->daddr) {                /* Unused entry */
 396                                 c = d;
 397                                 break;
 398                         } else if (d->last_access < oldest) {
 399                                 oldest = d->last_access;
 400                                 c = d;
 401                         }
 402                 c->last_access = now;                   /* Fill the entry with new data */
 403                 c->daddr = addr;
 404                 c->counter = 1;
 405                 c->next_reset = now + r->timeout;
 406                 c->restricted = 0;
 407                 return 1;
 408         }
 409 
 410         c->last_access = now;
 411         if (c->next_reset > now) {                      /* Let's increment the counter */
 412                 c->counter++;
 413                 if (c->counter == r->limit) {           /* Limit exceeded, start restrictions */
 414                         c->restricted = 1;
 415                         c->next_packet = now + r->delay;
 416                         return 0;
 417                 }
 418                 if (c->restricted) {                    /* Any restrictions pending? */
 419                         if (c->next_packet > now)
 420                                 return 0;
 421                         c->next_packet = now + r->delay;
 422                         return 1;
 423                 }
 424         } else {                                        /* Reset the counter */
 425                 if (c->counter < r->limit)              /* Switch off all restrictions */
 426                         c->restricted = 0;
 427                 c->next_reset = now + r->timeout;
 428                 c->counter = 0;
 429         }
 430 
 431         return 1;                                       /* Send the packet */
 432 }
 433 
 434 #endif /* CONFIG_NO_ICMP_LIMIT */
 435 
 436 /*
 437  *      Maintain the counters used in the SNMP statistics for outgoing ICMP
 438  */
 439  
 440 static void icmp_out_count(int type)
     /* [previous][next][first][last][top][bottom][index][help] */
 441 {
 442         if(type>18)
 443                 return;
 444         (*icmp_pointers[type].output)++;
 445         icmp_statistics.IcmpOutMsgs++;
 446 }
 447  
 448 /*
 449  *      Checksum each fragment, and on the first include the headers and final checksum.
 450  */
 451  
 452 static void icmp_glue_bits(const void *p, __u32 saddr, char *to, unsigned int offset, unsigned int fraglen)
     /* [previous][next][first][last][top][bottom][index][help] */
 453 {
 454         struct icmp_bxm *icmp_param = (struct icmp_bxm *)p;
 455         struct icmphdr *icmph;
 456         unsigned long csum;
 457 
 458         if (offset) {
 459                 icmp_param->csum=csum_partial_copy(icmp_param->data_ptr+offset-sizeof(struct icmphdr), 
 460                                 to, fraglen,icmp_param->csum);
 461                 return;
 462         }
 463 
 464         /*
 465          *      First fragment includes header. Note that we've done
 466          *      the other fragments first, so that we get the checksum
 467          *      for the whole packet here.
 468          */
 469         csum = csum_partial_copy((void *)&icmp_param->icmph,
 470                 to, sizeof(struct icmphdr), 
 471                 icmp_param->csum);
 472         csum = csum_partial_copy(icmp_param->data_ptr,
 473                 to+sizeof(struct icmphdr),
 474                 fraglen-sizeof(struct icmphdr), csum);
 475         icmph=(struct icmphdr *)to;
 476         icmph->checksum = csum_fold(csum);
 477 }
 478  
 479 /*
 480  *      Driving logic for building and sending ICMP messages.
 481  */
 482 
 483 static void icmp_build_xmit(struct icmp_bxm *icmp_param, __u32 saddr, __u32 daddr, __u8 tos)
     /* [previous][next][first][last][top][bottom][index][help] */
 484 {
 485         struct sock *sk=icmp_socket.data;
 486         icmp_param->icmph.checksum=0;
 487         icmp_param->csum=0;
 488         icmp_out_count(icmp_param->icmph.type);
 489         sk->ip_tos = tos;
 490         ip_build_xmit(sk, icmp_glue_bits, icmp_param, 
 491                 icmp_param->data_len+sizeof(struct icmphdr),
 492                 daddr, saddr, &icmp_param->replyopts, 0, IPPROTO_ICMP, 1);
 493 }
 494 
 495 
 496 /*
 497  *      Send an ICMP message in response to a situation
 498  *
 499  *      RFC 1122: 3.2.2 MUST send at least the IP header and 8 bytes of header. MAY send more (we don't).
 500  *                      MUST NOT change this header information.
 501  *                      MUST NOT reply to a multicast/broadcast IP address.
 502  *                      MUST NOT reply to a multicast/broadcast MAC address.
 503  *                      MUST reply to only the first fragment.
 504  */
 505 
 506 void icmp_send(struct sk_buff *skb_in, int type, int code, unsigned long info, struct device *dev)
     /* [previous][next][first][last][top][bottom][index][help] */
 507 {
 508         struct iphdr *iph;
 509         struct icmphdr *icmph;
 510         int atype;
 511         struct icmp_bxm icmp_param;
 512         __u32 saddr;
 513         
 514         /*
 515          *      Find the original header
 516          */
 517          
 518         iph = skb_in->ip_hdr;
 519         
 520         /*
 521          *      No replies to physical multicast/broadcast
 522          */
 523          
 524         if(skb_in->pkt_type!=PACKET_HOST)
 525                 return;
 526                 
 527         /*
 528          *      Now check at the protocol level
 529          */
 530          
 531         atype=ip_chk_addr(iph->daddr);
 532         if(atype==IS_BROADCAST||atype==IS_MULTICAST)
 533                 return;
 534                 
 535         /*
 536          *      Only reply to fragment 0. We byte re-order the constant
 537          *      mask for efficiency.
 538          */
 539          
 540         if(iph->frag_off&htons(IP_OFFSET))
 541                 return;
 542                 
 543         /* 
 544          *      If we send an ICMP error to an ICMP error a mess would result..
 545          */
 546          
 547         if(icmp_pointers[type].error)
 548         {
 549                 /*
 550                  *      We are an error, check if we are replying to an ICMP error
 551                  */
 552                  
 553                 if(iph->protocol==IPPROTO_ICMP)
 554                 {
 555                         icmph = (struct icmphdr *)((char *)iph + (iph->ihl<<2));
 556                         /*
 557                          *      Assume any unknown ICMP type is an error. This isn't
 558                          *      specified by the RFC, but think about it..
 559                          */
 560                         if(icmph->type>18 || icmp_pointers[icmph->type].error)
 561                                 return;
 562                 }
 563         }
 564 
 565         /*
 566          *      Check the rate limit
 567          */
 568 
 569 #ifndef CONFIG_NO_ICMP_LIMIT
 570         if (!xrlim_allow(type, iph->saddr))
 571                 return;
 572 #endif  
 573 
 574         /*
 575          *      Tell our driver what to send
 576          */
 577          
 578         saddr=iph->daddr;
 579         if(saddr!=dev->pa_addr && ip_chk_addr(saddr)!=IS_MYADDR)
 580                 saddr=dev->pa_addr;
 581         
 582         icmp_param.icmph.type=type;
 583         icmp_param.icmph.code=code;
 584         icmp_param.icmph.un.gateway = info;
 585         icmp_param.data_ptr=iph;
 586         icmp_param.data_len=(iph->ihl<<2)+8;    /* RFC says return header + 8 bytes */
 587         
 588         /*
 589          *      Set it to build.
 590          */
 591 
 592         if (ip_options_echo(&icmp_param.replyopts, NULL, saddr, iph->saddr, skb_in) == 0)
 593           icmp_build_xmit(&icmp_param, saddr, iph->saddr, ((iph->tos & 0x38) | 6));
 594 }
 595 
 596 
 597 /* 
 598  *      Handle ICMP_DEST_UNREACH, ICMP_TIME_EXCEED, and ICMP_QUENCH. 
 599  */
 600  
 601 static void icmp_unreach(struct icmphdr *icmph, struct sk_buff *skb, struct device *dev, __u32 saddr, __u32 daddr, int len)
     /* [previous][next][first][last][top][bottom][index][help] */
 602 {
 603         struct iphdr *iph;
 604         int hash;
 605         struct inet_protocol *ipprot;
 606         unsigned char *dp;      
 607         
 608         iph = (struct iphdr *) (icmph + 1);
 609         
 610         dp= ((unsigned char *)iph)+(iph->ihl<<2);
 611         
 612         if(icmph->type==ICMP_DEST_UNREACH)
 613         {
 614                 switch(icmph->code & 15)
 615                 {
 616                         case ICMP_NET_UNREACH:
 617                                 break;
 618                         case ICMP_HOST_UNREACH:
 619                                 break;
 620                         case ICMP_PROT_UNREACH:
 621 /*                              printk(KERN_INFO "ICMP: %s:%d: protocol unreachable.\n",
 622                                         in_ntoa(iph->daddr), (int)iph->protocol);*/
 623                                 break;
 624                         case ICMP_PORT_UNREACH:
 625                                 break;
 626                         case ICMP_FRAG_NEEDED:
 627 #ifdef CONFIG_NO_PATH_MTU_DISCOVERY
 628                                 printk(KERN_INFO "ICMP: %s: fragmentation needed and DF set.\n",
 629                                                                 in_ntoa(iph->daddr));
 630                                 break;
 631 #else
 632                         {
 633                                 unsigned short old_mtu = ntohs(iph->tot_len);
 634                                 unsigned short new_mtu = ntohs(icmph->un.echo.sequence);
 635 
 636                                 if (new_mtu < 68 || new_mtu >= old_mtu)
 637                                 {
 638                                         /*
 639                                          *      It is either dumb router, which does not
 640                                          *      understand Path MTU Disc. protocol
 641                                          *      or broken (f.e. Linux<=1.3.37 8) router.
 642                                          *      Try to guess...
 643                                          *      The table is taken from RFC-1191.
 644                                          */
 645                                         if (old_mtu > 32000)
 646                                                 new_mtu = 32000;
 647                                         else if (old_mtu > 17914)
 648                                                 new_mtu = 17914;
 649                                         else if (old_mtu > 8166)
 650                                                 new_mtu = 8166;
 651                                         else if (old_mtu > 4352)
 652                                                 new_mtu = 4352;
 653                                         else if (old_mtu > 2002)
 654                                                 new_mtu = 2002;
 655                                         else if (old_mtu > 1492)
 656                                                 new_mtu = 1492;
 657                                         else if (old_mtu > 576)
 658                                                 new_mtu = 576;
 659                                         else if (old_mtu > 296)
 660                                                 new_mtu = 296;
 661                                         /*
 662                                          *      These two are not from the RFC but
 663                                          *      are needed for AMPRnet AX.25 paths.
 664                                          */
 665                                         else if (old_mtu > 216)
 666                                                 new_mtu = 216;
 667                                         else if (old_mtu > 128)
 668                                                 new_mtu = 128;
 669                                         else
 670                                         /*
 671                                          *      Despair..
 672                                          */
 673                                                 new_mtu = 68;
 674                                 }
 675                                 /*
 676                                  * Ugly trick to pass MTU to protocol layer.
 677                                  * Really we should add argument "info" to error handler.
 678                                  */
 679                                 iph->id = htons(new_mtu);
 680                                 break;
 681                         }
 682 #endif
 683                         case ICMP_SR_FAILED:
 684                                 printk(KERN_INFO "ICMP: %s: Source Route Failed.\n", in_ntoa(iph->daddr));
 685                                 break;
 686                         default:
 687                                 break;
 688                 }
 689                 if(icmph->code>12)      /* Invalid type */
 690                         return;
 691         }
 692         
 693         /*
 694          *      Throw it at our lower layers
 695          *
 696          *      RFC 1122: 3.2.2 MUST extract the protocol ID from the passed header.
 697          *      RFC 1122: 3.2.2.1 MUST pass ICMP unreach messages to the transport layer.
 698          *      RFC 1122: 3.2.2.2 MUST pass ICMP time expired messages to transport layer.
 699          */
 700 
 701         /*
 702          *      Get the protocol(s). 
 703          */
 704          
 705         hash = iph->protocol & (MAX_INET_PROTOS -1);
 706 
 707         /*
 708          *      This can't change while we are doing it. 
 709          *
 710          *      FIXME: Deliver to appropriate raw sockets too.
 711          */
 712          
 713         ipprot = (struct inet_protocol *) inet_protos[hash];
 714         while(ipprot != NULL) 
 715         {
 716                 struct inet_protocol *nextip;
 717 
 718                 nextip = (struct inet_protocol *) ipprot->next;
 719         
 720                 /* 
 721                  *      Pass it off to everyone who wants it. 
 722                  */
 723 
 724                 /* RFC1122: OK. Passes appropriate ICMP errors to the */
 725                 /* appropriate protocol layer (MUST), as per 3.2.2. */
 726 
 727                 if (iph->protocol == ipprot->protocol && ipprot->err_handler) 
 728                 {
 729                         ipprot->err_handler(icmph->type, icmph->code, dp,
 730                                             iph->daddr, iph->saddr, ipprot);
 731                 }
 732 
 733                 ipprot = nextip;
 734         }
 735         kfree_skb(skb, FREE_READ);
 736 }
 737 
 738 
 739 /*
 740  *      Handle ICMP_REDIRECT. 
 741  */
 742 
 743 static void icmp_redirect(struct icmphdr *icmph, struct sk_buff *skb, struct device *dev, __u32 source, __u32 daddr, int len)
     /* [previous][next][first][last][top][bottom][index][help] */
 744 {
 745         struct iphdr *iph;
 746         unsigned long ip;
 747 
 748         /*
 749          *      Get the copied header of the packet that caused the redirect
 750          */
 751          
 752         iph = (struct iphdr *) (icmph + 1);
 753         ip = iph->daddr;
 754 
 755         /*
 756          *      If we are a router and we run a routing protocol, we MUST NOT follow redirects.
 757          *      When using no routing protocol, we MAY follow redirects. (RFC 1812, 5.2.7.2)
 758          */
 759 
 760 #if defined(CONFIG_IP_FORWARD) && !defined(CONFIG_IP_DUMB_ROUTER)
 761         printk(KERN_INFO "icmp: ICMP redirect ignored. dest = %s, "
 762                "orig gw = %s, \"new\" gw = %s, device = %s.\n", in_ntoa(ip),
 763                 in_ntoa(source), in_ntoa(icmph->un.gateway), dev->name);
 764 #else   
 765         switch(icmph->code & 7) 
 766         {
 767                 case ICMP_REDIR_NET:
 768                         /*
 769                          *      This causes a problem with subnetted networks. What we should do
 770                          *      is use ICMP_ADDRESS to get the subnet mask of the problem route
 771                          *      and set both. But we don't.. [RFC1812 says routers MUST NOT
 772                          *      generate Network Redirects]
 773                          */
 774 #ifdef not_a_good_idea
 775                         ip_rt_add((RTF_DYNAMIC | RTF_MODIFIED | RTF_GATEWAY),
 776                                 ip, 0, icmph->un.gateway, dev,0, 0, 0);
 777 #endif
 778                         /*
 779                          *      As per RFC recommendations now handle it as
 780                          *      a host redirect.
 781                          */
 782                          
 783                 case ICMP_REDIR_HOST:
 784                         /*
 785                          *      Add better route to host.
 786                          *      But first check that the redirect
 787                          *      comes from the old gateway..
 788                          *      And make sure it's an ok host address
 789                          *      (not some confused thing sending our
 790                          *      address)
 791                          */
 792                         printk(KERN_INFO "ICMP redirect from %s\n", in_ntoa(source));
 793                         ip_rt_redirect(source, ip, icmph->un.gateway, dev);
 794                         break;
 795                 case ICMP_REDIR_NETTOS:
 796                 case ICMP_REDIR_HOSTTOS:
 797                         printk(KERN_INFO "ICMP: cannot handle TOS redirects yet!\n");
 798                         break;
 799                 default:
 800                         break;
 801         }
 802 #endif          
 803         /*
 804          *      Discard the original packet
 805          */
 806          
 807         kfree_skb(skb, FREE_READ);
 808 }
 809 
 810 /*
 811  *      Handle ICMP_ECHO ("ping") requests. 
 812  *
 813  *      RFC 1122: 3.2.2.6 MUST have an echo server that answers ICMP echo requests.
 814  *      RFC 1122: 3.2.2.6 Data received in the ICMP_ECHO request MUST be included in the reply.
 815  *      RFC 1812: 4.3.3.6 SHOULD have a config option for silently ignoring echo requests, MUST have default=NOT.
 816  *      See also WRT handling of options once they are done and working.
 817  */
 818  
 819 static void icmp_echo(struct icmphdr *icmph, struct sk_buff *skb, struct device *dev, __u32 saddr, __u32 daddr, int len)
     /* [previous][next][first][last][top][bottom][index][help] */
 820 {
 821 #ifndef CONFIG_IP_IGNORE_ECHO_REQUESTS
 822         struct icmp_bxm icmp_param;
 823         icmp_param.icmph=*icmph;
 824         icmp_param.icmph.type=ICMP_ECHOREPLY;
 825         icmp_param.data_ptr=(icmph+1);
 826         icmp_param.data_len=len;
 827         if (ip_options_echo(&icmp_param.replyopts, NULL, daddr, saddr, skb)==0)
 828                 icmp_build_xmit(&icmp_param, daddr, saddr, skb->ip_hdr->tos);
 829 #endif
 830         kfree_skb(skb, FREE_READ);
 831 }
 832 
 833 /*
 834  *      Handle ICMP Timestamp requests. 
 835  *      RFC 1122: 3.2.2.8 MAY implement ICMP timestamp requests.
 836  *                SHOULD be in the kernel for minimum random latency.
 837  *                MUST be accurate to a few minutes.
 838  *                MUST be updated at least at 15Hz.
 839  */
 840  
 841 static void icmp_timestamp(struct icmphdr *icmph, struct sk_buff *skb, struct device *dev, __u32 saddr, __u32 daddr, int len)
     /* [previous][next][first][last][top][bottom][index][help] */
 842 {
 843         __u32 times[3];         /* So the new timestamp works on ALPHA's.. */
 844         struct icmp_bxm icmp_param;
 845         
 846         /*
 847          *      Too short.
 848          */
 849          
 850         if(len<12)
 851         {
 852                 icmp_statistics.IcmpInErrors++;
 853                 kfree_skb(skb, FREE_READ);
 854                 return;
 855         }
 856         
 857         /*
 858          *      Fill in the current time as ms since midnight UT: 
 859          */
 860          
 861         {
 862                 struct timeval tv;
 863                 do_gettimeofday(&tv);
 864                 times[1] = htonl((tv.tv_sec % 86400) * 1000 + tv.tv_usec / 1000);
 865         }
 866         times[2] = times[1];
 867         memcpy((void *)&times[0], icmph+1, 4);          /* Incoming stamp */
 868         icmp_param.icmph=*icmph;
 869         icmp_param.icmph.type=ICMP_TIMESTAMPREPLY;
 870         icmp_param.icmph.code=0;
 871         icmp_param.data_ptr=&times;
 872         icmp_param.data_len=12;
 873         if (ip_options_echo(&icmp_param.replyopts, NULL, daddr, saddr, skb)==0)
 874                 icmp_build_xmit(&icmp_param, daddr, saddr, skb->ip_hdr->tos);
 875         kfree_skb(skb,FREE_READ);
 876 }
 877 
 878 
 879 /* 
 880  *      Handle ICMP_ADDRESS_MASK requests.  (RFC950)
 881  *
 882  * RFC1122 (3.2.2.9).  A host MUST only send replies to 
 883  * ADDRESS_MASK requests if it's been configured as an address mask 
 884  * agent.  Receiving a request doesn't constitute implicit permission to 
 885  * act as one. Of course, implementing this correctly requires (SHOULD) 
 886  * a way to turn the functionality on and off.  Another one for sysctl(), 
 887  * I guess. -- MS 
 888  * Botched with a CONFIG option for now - Linus add scts sysctl please.. 
 889  */
 890  
 891 static void icmp_address(struct icmphdr *icmph, struct sk_buff *skb, struct device *dev, __u32 saddr, __u32 daddr, int len)
     /* [previous][next][first][last][top][bottom][index][help] */
 892 {
 893 #ifdef CONFIG_IP_ADDR_AGENT     /* Don't use, broken */
 894         struct icmp_bxm icmp_param;
 895         icmp_param.icmph.type=ICMP_ADDRESSREPLY;
 896         icmp_param.icmph.code=0;
 897         icmp_param.icmph.un.echo.id = icmph->un.echo.id;
 898         icmp_param.icmph.un.echo.sequence = icmph->un.echo.sequence;
 899         icmp_param.data_ptr=&dev->pa_mask;
 900         icmp_param.data_len=4;
 901         if (ip_options_echo(&icmp_param.replyopts, NULL, daddr, saddr, skb)==0)
 902                 icmp_build_xmit(&icmp_param, daddr, saddr, skb->iph->tos);
 903 #endif  
 904         kfree_skb(skb, FREE_READ);      
 905 }
 906 
 907 static void icmp_discard(struct icmphdr *icmph, struct sk_buff *skb, struct device *dev, __u32 saddr, __u32 daddr, int len)
     /* [previous][next][first][last][top][bottom][index][help] */
 908 {
 909         kfree_skb(skb, FREE_READ);
 910 }
 911 
 912 /* 
 913  *      Deal with incoming ICMP packets. 
 914  */
 915  
 916 int icmp_rcv(struct sk_buff *skb, struct device *dev, struct options *opt,
     /* [previous][next][first][last][top][bottom][index][help] */
 917          __u32 daddr, unsigned short len,
 918          __u32 saddr, int redo, struct inet_protocol *protocol)
 919 {
 920         struct icmphdr *icmph=(void *)skb->h.raw;
 921         icmp_statistics.IcmpInMsgs++;
 922         
 923         /*
 924          *      Validate the packet
 925          */
 926         
 927         if (ip_compute_csum((unsigned char *) icmph, len)) 
 928         {
 929                 /* Failed checksum! */
 930                 icmp_statistics.IcmpInErrors++;
 931                 printk(KERN_INFO "ICMP: failed checksum from %s!\n", in_ntoa(saddr));
 932                 kfree_skb(skb, FREE_READ);
 933                 return(0);
 934         }
 935         
 936         /*
 937          *      18 is the highest 'known' ICMP type. Anything else is a mystery
 938          *
 939          *      RFC 1122: 3.2.2  Unknown ICMP messages types MUST be silently discarded.
 940          */
 941          
 942         if(icmph->type > 18)
 943         {
 944                 icmp_statistics.IcmpInErrors++;         /* Is this right - or do we ignore ? */
 945                 kfree_skb(skb,FREE_READ);
 946                 return(0);
 947         }
 948         
 949         /*
 950          *      Parse the ICMP message 
 951          */
 952 
 953         if (daddr!=dev->pa_addr && ip_chk_addr(daddr) != IS_MYADDR)
 954         {
 955                 /*
 956                  *      RFC 1122: 3.2.2.6 An ICMP_ECHO to broadcast MAY be silently ignored (we don't as it is used
 957                  *      by some network mapping tools).
 958                  *      RFC 1122: 3.2.2.8 An ICMP_TIMESTAMP MAY be silently discarded if to broadcast/multicast.
 959                  */
 960                 if (icmph->type != ICMP_ECHO) 
 961                 {
 962                         icmp_statistics.IcmpInErrors++;
 963                         kfree_skb(skb, FREE_READ);
 964                         return(0);
 965                 }
 966                 /*
 967                  *      Reply the multicast/broadcast using a legal
 968                  *      interface - in this case the device we got
 969                  *      it from.
 970                  */
 971                 daddr=dev->pa_addr;
 972         }
 973         
 974         len-=sizeof(struct icmphdr);
 975         (*icmp_pointers[icmph->type].input)++;
 976         (icmp_pointers[icmph->type].handler)(icmph,skb,skb->dev,saddr,daddr,len);
 977         return 0;
 978 }
 979 
 980 /*
 981  *      This table defined limits of ICMP sending rate for various ICMP messages.
 982  */
 983 
 984 static struct icmp_xrlim
 985         xrl_unreach = { 4*HZ, 80, HZ/4 },               /* Host Unreachable */
 986         xrl_redirect = { 2*HZ, 10, HZ/2 },              /* Redirect */
 987         xrl_generic = { 3*HZ, 30, HZ/4 };               /* All other errors */
 988 
 989 /*
 990  *      This table is the definition of how we handle ICMP.
 991  */
 992  
 993 static struct icmp_control icmp_pointers[19] = {
 994 /* ECHO REPLY (0) */
 995  { &icmp_statistics.IcmpOutEchoReps, &icmp_statistics.IcmpInEchoReps, icmp_discard, 0, NULL },
 996  { &dummy, &icmp_statistics.IcmpInErrors, icmp_discard, 1, NULL },
 997  { &dummy, &icmp_statistics.IcmpInErrors, icmp_discard, 1, NULL },
 998 /* DEST UNREACH (3) */
 999  { &icmp_statistics.IcmpOutDestUnreachs, &icmp_statistics.IcmpInDestUnreachs, icmp_unreach, 1, &xrl_unreach },
1000 /* SOURCE QUENCH (4) */
1001  { &icmp_statistics.IcmpOutSrcQuenchs, &icmp_statistics.IcmpInSrcQuenchs, icmp_unreach, 1, NULL },
1002 /* REDIRECT (5) */
1003  { &icmp_statistics.IcmpOutRedirects, &icmp_statistics.IcmpInRedirects, icmp_redirect, 1, &xrl_redirect },
1004  { &dummy, &icmp_statistics.IcmpInErrors, icmp_discard, 1, NULL },
1005  { &dummy, &icmp_statistics.IcmpInErrors, icmp_discard, 1, NULL },
1006 /* ECHO (8) */
1007  { &icmp_statistics.IcmpOutEchos, &icmp_statistics.IcmpInEchos, icmp_echo, 0, NULL },
1008  { &dummy, &icmp_statistics.IcmpInErrors, icmp_discard, 1, NULL },
1009  { &dummy, &icmp_statistics.IcmpInErrors, icmp_discard, 1, NULL },
1010 /* TIME EXCEEDED (11) */
1011  { &icmp_statistics.IcmpOutTimeExcds, &icmp_statistics.IcmpInTimeExcds, icmp_unreach, 1, &xrl_generic },
1012 /* PARAMETER PROBLEM (12) */
1013 /* FIXME: RFC1122 3.2.2.5 - MUST pass PARAM_PROB messages to transport layer */
1014  { &icmp_statistics.IcmpOutParmProbs, &icmp_statistics.IcmpInParmProbs, icmp_discard, 1, &xrl_generic },
1015 /* TIMESTAMP (13) */
1016  { &icmp_statistics.IcmpOutTimestamps, &icmp_statistics.IcmpInTimestamps, icmp_timestamp, 0, NULL },
1017 /* TIMESTAMP REPLY (14) */
1018  { &icmp_statistics.IcmpOutTimestampReps, &icmp_statistics.IcmpInTimestampReps, icmp_discard, 0, NULL },
1019 /* INFO (15) */
1020  { &dummy, &dummy, icmp_discard, 0, NULL },
1021 /* INFO REPLY (16) */
1022  { &dummy, &dummy, icmp_discard, 0, NULL },
1023 /* ADDR MASK (17) */
1024  { &icmp_statistics.IcmpOutAddrMasks, &icmp_statistics.IcmpInAddrMasks, icmp_address, 0, NULL },
1025 /* ADDR MASK REPLY (18) */
1026  { &icmp_statistics.IcmpOutAddrMaskReps, &icmp_statistics.IcmpInAddrMaskReps, icmp_discard, 0, NULL }
1027 };
1028 
1029 void icmp_init(struct proto_ops *ops)
     /* [previous][next][first][last][top][bottom][index][help] */
1030 {
1031         struct sock *sk;
1032         int err;
1033         icmp_socket.type=SOCK_RAW;
1034         icmp_socket.ops=ops;
1035         if((err=ops->create(&icmp_socket, IPPROTO_ICMP))<0)
1036                 panic("Failed to create the ICMP control socket.\n");
1037         sk=icmp_socket.data;
1038         sk->allocation=GFP_ATOMIC;
1039         sk->num = 256;                  /* Don't receive any data */
1040 #ifndef CONFIG_NO_ICMP_LIMIT
1041         xrlim_init();
1042 #endif
1043 }
1044 

/* [previous][next][first][last][top][bottom][index][help] */