1 /* 2 * Copyright (c) 1982, 1986, 1988 Regents of the University of California. 3 * All rights reserved. 4 * 5 * %sccs.include.redist.c% 6 * 7 * @(#)ip_icmp.c 7.24 (Berkeley) 06/04/93 8 */ 9 10 #include <sys/param.h> 11 #include <sys/systm.h> 12 #include <sys/malloc.h> 13 #include <sys/mbuf.h> 14 #include <sys/protosw.h> 15 #include <sys/socket.h> 16 #include <sys/time.h> 17 #include <sys/kernel.h> 18 19 #include <net/if.h> 20 #include <net/route.h> 21 22 #include <netinet/in.h> 23 #include <netinet/in_systm.h> 24 #include <netinet/in_var.h> 25 #include <netinet/ip.h> 26 #include <netinet/ip_icmp.h> 27 #include <netinet/icmp_var.h> 28 29 /* 30 * ICMP routines: error generation, receive packet processing, and 31 * routines to turnaround packets back to the originator, and 32 * host table maintenance routines. 33 */ 34 35 int icmpmaskrepl = 0; 36 #ifdef ICMPPRINTFS 37 int icmpprintfs = 0; 38 #endif 39 40 extern struct protosw inetsw[]; 41 42 /* 43 * Generate an error packet of type error 44 * in response to bad packet ip. 45 */ 46 void 47 icmp_error(n, type, code, dest, destifp) 48 struct mbuf *n; 49 int type, code; 50 n_long dest; 51 struct ifnet *destifp; 52 { 53 register struct ip *oip = mtod(n, struct ip *), *nip; 54 register unsigned oiplen = oip->ip_hl << 2; 55 register struct icmp *icp; 56 register struct mbuf *m; 57 unsigned icmplen; 58 59 #ifdef ICMPPRINTFS 60 if (icmpprintfs) 61 printf("icmp_error(%x, %d, %d)\n", oip, type, code); 62 #endif 63 if (type != ICMP_REDIRECT) 64 icmpstat.icps_error++; 65 /* 66 * Don't send error if not the first fragment of message. 67 * Don't error if the old packet protocol was ICMP 68 * error message, only known informational types. 69 */ 70 if (oip->ip_off &~ (IP_MF|IP_DF)) 71 goto freeit; 72 if (oip->ip_p == IPPROTO_ICMP && type != ICMP_REDIRECT && 73 n->m_len >= oiplen + ICMP_MINLEN && 74 !ICMP_INFOTYPE(((struct icmp *)((caddr_t)oip + oiplen))->icmp_type)) { 75 icmpstat.icps_oldicmp++; 76 goto freeit; 77 } 78 /* Don't send error in response to a multicast or broadcast packet */ 79 if (n->m_flags & (M_BCAST|M_MCAST)) 80 goto freeit; 81 /* 82 * First, formulate icmp message 83 */ 84 m = m_gethdr(M_DONTWAIT, MT_HEADER); 85 if (m == NULL) 86 goto freeit; 87 icmplen = oiplen + min(8, oip->ip_len); 88 m->m_len = icmplen + ICMP_MINLEN; 89 MH_ALIGN(m, m->m_len); 90 icp = mtod(m, struct icmp *); 91 if ((u_int)type > ICMP_MAXTYPE) 92 panic("icmp_error"); 93 icmpstat.icps_outhist[type]++; 94 icp->icmp_type = type; 95 if (type == ICMP_REDIRECT) 96 icp->icmp_gwaddr.s_addr = dest; 97 else { 98 icp->icmp_void = 0; 99 /* 100 * The following assignments assume an overlay with the 101 * zeroed icmp_void field. 102 */ 103 if (type == ICMP_PARAMPROB) { 104 icp->icmp_pptr = code; 105 code = 0; 106 } else if (type == ICMP_UNREACH && 107 code == ICMP_UNREACH_NEEDFRAG && destifp) { 108 icp->icmp_nextmtu = htons(destifp->if_mtu); 109 } 110 } 111 112 icp->icmp_code = code; 113 bcopy((caddr_t)oip, (caddr_t)&icp->icmp_ip, icmplen); 114 nip = &icp->icmp_ip; 115 nip->ip_len = htons((u_short)(nip->ip_len + oiplen)); 116 117 /* 118 * Now, copy old ip header (without options) 119 * in front of icmp message. 120 */ 121 if (m->m_data - sizeof(struct ip) < m->m_pktdat) 122 panic("icmp len"); 123 m->m_data -= sizeof(struct ip); 124 m->m_len += sizeof(struct ip); 125 m->m_pkthdr.len = m->m_len; 126 m->m_pkthdr.rcvif = n->m_pkthdr.rcvif; 127 nip = mtod(m, struct ip *); 128 bcopy((caddr_t)oip, (caddr_t)nip, sizeof(struct ip)); 129 nip->ip_len = m->m_len; 130 nip->ip_hl = sizeof(struct ip) >> 2; 131 nip->ip_p = IPPROTO_ICMP; 132 nip->ip_tos = 0; 133 icmp_reflect(m); 134 135 freeit: 136 m_freem(n); 137 } 138 139 static struct sockproto icmproto = { AF_INET, IPPROTO_ICMP }; 140 static struct sockaddr_in icmpsrc = { sizeof (struct sockaddr_in), AF_INET }; 141 static struct sockaddr_in icmpdst = { sizeof (struct sockaddr_in), AF_INET }; 142 static struct sockaddr_in icmpgw = { sizeof (struct sockaddr_in), AF_INET }; 143 struct sockaddr_in icmpmask = { 8, 0 }; 144 145 /* 146 * Process a received ICMP message. 147 */ 148 void 149 icmp_input(m, hlen) 150 register struct mbuf *m; 151 int hlen; 152 { 153 register struct icmp *icp; 154 register struct ip *ip = mtod(m, struct ip *); 155 int icmplen = ip->ip_len; 156 register int i; 157 struct in_ifaddr *ia; 158 void (*ctlfunc) __P((int, struct sockaddr *, struct ip *)); 159 int code; 160 extern u_char ip_protox[]; 161 162 /* 163 * Locate icmp structure in mbuf, and check 164 * that not corrupted and of at least minimum length. 165 */ 166 #ifdef ICMPPRINTFS 167 if (icmpprintfs) 168 printf("icmp_input from %x to %x, len %d\n", 169 ntohl(ip->ip_src.s_addr), ntohl(ip->ip_dst.s_addr), 170 icmplen); 171 #endif 172 if (icmplen < ICMP_MINLEN) { 173 icmpstat.icps_tooshort++; 174 goto freeit; 175 } 176 i = hlen + min(icmplen, ICMP_ADVLENMIN); 177 if (m->m_len < i && (m = m_pullup(m, i)) == 0) { 178 icmpstat.icps_tooshort++; 179 return; 180 } 181 ip = mtod(m, struct ip *); 182 m->m_len -= hlen; 183 m->m_data += hlen; 184 icp = mtod(m, struct icmp *); 185 if (in_cksum(m, icmplen)) { 186 icmpstat.icps_checksum++; 187 goto freeit; 188 } 189 m->m_len += hlen; 190 m->m_data -= hlen; 191 192 #ifdef ICMPPRINTFS 193 /* 194 * Message type specific processing. 195 */ 196 if (icmpprintfs) 197 printf("icmp_input, type %d code %d\n", icp->icmp_type, 198 icp->icmp_code); 199 #endif 200 if (icp->icmp_type > ICMP_MAXTYPE) 201 goto raw; 202 icmpstat.icps_inhist[icp->icmp_type]++; 203 code = icp->icmp_code; 204 switch (icp->icmp_type) { 205 206 case ICMP_UNREACH: 207 switch (code) { 208 case ICMP_UNREACH_NET: 209 case ICMP_UNREACH_HOST: 210 case ICMP_UNREACH_PROTOCOL: 211 case ICMP_UNREACH_PORT: 212 case ICMP_UNREACH_SRCFAIL: 213 code += PRC_UNREACH_NET; 214 break; 215 216 case ICMP_UNREACH_NEEDFRAG: 217 code = PRC_MSGSIZE; 218 break; 219 220 case ICMP_UNREACH_NET_UNKNOWN: 221 case ICMP_UNREACH_NET_PROHIB: 222 case ICMP_UNREACH_TOSNET: 223 code = PRC_UNREACH_NET; 224 break; 225 226 case ICMP_UNREACH_HOST_UNKNOWN: 227 case ICMP_UNREACH_ISOLATED: 228 case ICMP_UNREACH_HOST_PROHIB: 229 case ICMP_UNREACH_TOSHOST: 230 code = PRC_UNREACH_HOST; 231 break; 232 233 default: 234 goto badcode; 235 } 236 goto deliver; 237 238 case ICMP_TIMXCEED: 239 if (code > 1) 240 goto badcode; 241 code += PRC_TIMXCEED_INTRANS; 242 goto deliver; 243 244 case ICMP_PARAMPROB: 245 if (code > 1) 246 goto badcode; 247 code = PRC_PARAMPROB; 248 goto deliver; 249 250 case ICMP_SOURCEQUENCH: 251 if (code) 252 goto badcode; 253 code = PRC_QUENCH; 254 deliver: 255 /* 256 * Problem with datagram; advise higher level routines. 257 */ 258 if (icmplen < ICMP_ADVLENMIN || icmplen < ICMP_ADVLEN(icp) || 259 icp->icmp_ip.ip_hl < (sizeof(struct ip) >> 2)) { 260 icmpstat.icps_badlen++; 261 goto freeit; 262 } 263 NTOHS(icp->icmp_ip.ip_len); 264 #ifdef ICMPPRINTFS 265 if (icmpprintfs) 266 printf("deliver to protocol %d\n", icp->icmp_ip.ip_p); 267 #endif 268 icmpsrc.sin_addr = icp->icmp_ip.ip_dst; 269 if (ctlfunc = inetsw[ip_protox[icp->icmp_ip.ip_p]].pr_ctlinput) 270 (*ctlfunc)(code, (struct sockaddr *)&icmpsrc, 271 &icp->icmp_ip); 272 break; 273 274 badcode: 275 icmpstat.icps_badcode++; 276 break; 277 278 case ICMP_ECHO: 279 icp->icmp_type = ICMP_ECHOREPLY; 280 goto reflect; 281 282 case ICMP_TSTAMP: 283 if (icmplen < ICMP_TSLEN) { 284 icmpstat.icps_badlen++; 285 break; 286 } 287 icp->icmp_type = ICMP_TSTAMPREPLY; 288 icp->icmp_rtime = iptime(); 289 icp->icmp_ttime = icp->icmp_rtime; /* bogus, do later! */ 290 goto reflect; 291 292 case ICMP_MASKREQ: 293 #define satosin(sa) ((struct sockaddr_in *)(sa)) 294 if (icmpmaskrepl == 0) 295 break; 296 /* 297 * We are not able to respond with all ones broadcast 298 * unless we receive it over a point-to-point interface. 299 */ 300 if (icmplen < ICMP_MASKLEN) 301 break; 302 switch (ip->ip_dst.s_addr) { 303 304 case INADDR_BROADCAST: 305 case INADDR_ANY: 306 icmpdst.sin_addr = ip->ip_src; 307 break; 308 309 default: 310 icmpdst.sin_addr = ip->ip_dst; 311 } 312 ia = (struct in_ifaddr *)ifaof_ifpforaddr( 313 (struct sockaddr *)&icmpdst, m->m_pkthdr.rcvif); 314 if (ia == 0) 315 break; 316 icp->icmp_type = ICMP_MASKREPLY; 317 icp->icmp_mask = ia->ia_sockmask.sin_addr.s_addr; 318 if (ip->ip_src.s_addr == 0) { 319 if (ia->ia_ifp->if_flags & IFF_BROADCAST) 320 ip->ip_src = satosin(&ia->ia_broadaddr)->sin_addr; 321 else if (ia->ia_ifp->if_flags & IFF_POINTOPOINT) 322 ip->ip_src = satosin(&ia->ia_dstaddr)->sin_addr; 323 } 324 reflect: 325 ip->ip_len += hlen; /* since ip_input deducts this */ 326 icmpstat.icps_reflect++; 327 icmpstat.icps_outhist[icp->icmp_type]++; 328 icmp_reflect(m); 329 return; 330 331 case ICMP_REDIRECT: 332 if (code > 3) 333 goto badcode; 334 if (icmplen < ICMP_ADVLENMIN || icmplen < ICMP_ADVLEN(icp) || 335 icp->icmp_ip.ip_hl < (sizeof(struct ip) >> 2)) { 336 icmpstat.icps_badlen++; 337 break; 338 } 339 /* 340 * Short circuit routing redirects to force 341 * immediate change in the kernel's routing 342 * tables. The message is also handed to anyone 343 * listening on a raw socket (e.g. the routing 344 * daemon for use in updating its tables). 345 */ 346 icmpgw.sin_addr = ip->ip_src; 347 icmpdst.sin_addr = icp->icmp_gwaddr; 348 #ifdef ICMPPRINTFS 349 if (icmpprintfs) 350 printf("redirect dst %x to %x\n", icp->icmp_ip.ip_dst, 351 icp->icmp_gwaddr); 352 #endif 353 icmpsrc.sin_addr = icp->icmp_ip.ip_dst; 354 rtredirect((struct sockaddr *)&icmpsrc, 355 (struct sockaddr *)&icmpdst, 356 (struct sockaddr *)0, RTF_GATEWAY | RTF_HOST, 357 (struct sockaddr *)&icmpgw, (struct rtentry **)0); 358 pfctlinput(PRC_REDIRECT_HOST, (struct sockaddr *)&icmpsrc); 359 break; 360 361 /* 362 * No kernel processing for the following; 363 * just fall through to send to raw listener. 364 */ 365 case ICMP_ECHOREPLY: 366 case ICMP_ROUTERADVERT: 367 case ICMP_ROUTERSOLICIT: 368 case ICMP_TSTAMPREPLY: 369 case ICMP_IREQREPLY: 370 case ICMP_MASKREPLY: 371 default: 372 break; 373 } 374 375 raw: 376 rip_input(m); 377 return; 378 379 freeit: 380 m_freem(m); 381 } 382 383 /* 384 * Reflect the ip packet back to the source 385 */ 386 void 387 icmp_reflect(m) 388 struct mbuf *m; 389 { 390 register struct ip *ip = mtod(m, struct ip *); 391 register struct in_ifaddr *ia; 392 struct in_addr t; 393 struct mbuf *opts = 0, *ip_srcroute(); 394 int optlen = (ip->ip_hl << 2) - sizeof(struct ip); 395 396 if (!in_canforward(ip->ip_src) && 397 ((ntohl(ip->ip_src.s_addr) & IN_CLASSA_NET) != 398 (IN_LOOPBACKNET << IN_CLASSA_NSHIFT))) { 399 m_freem(m); /* Bad return address */ 400 goto done; /* Ip_output() will check for broadcast */ 401 } 402 t = ip->ip_dst; 403 ip->ip_dst = ip->ip_src; 404 /* 405 * If the incoming packet was addressed directly to us, 406 * use dst as the src for the reply. Otherwise (broadcast 407 * or anonymous), use the address which corresponds 408 * to the incoming interface. 409 */ 410 for (ia = in_ifaddr; ia; ia = ia->ia_next) { 411 if (t.s_addr == IA_SIN(ia)->sin_addr.s_addr) 412 break; 413 if ((ia->ia_ifp->if_flags & IFF_BROADCAST) && 414 t.s_addr == satosin(&ia->ia_broadaddr)->sin_addr.s_addr) 415 break; 416 } 417 icmpdst.sin_addr = t; 418 if (ia == (struct in_ifaddr *)0) 419 ia = (struct in_ifaddr *)ifaof_ifpforaddr( 420 (struct sockaddr *)&icmpdst, m->m_pkthdr.rcvif); 421 /* 422 * The following happens if the packet was not addressed to us, 423 * and was received on an interface with no IP address. 424 */ 425 if (ia == (struct in_ifaddr *)0) 426 ia = in_ifaddr; 427 t = IA_SIN(ia)->sin_addr; 428 ip->ip_src = t; 429 ip->ip_ttl = MAXTTL; 430 431 if (optlen > 0) { 432 register u_char *cp; 433 int opt, cnt; 434 u_int len; 435 436 /* 437 * Retrieve any source routing from the incoming packet; 438 * add on any record-route or timestamp options. 439 */ 440 cp = (u_char *) (ip + 1); 441 if ((opts = ip_srcroute()) == 0 && 442 (opts = m_gethdr(M_DONTWAIT, MT_HEADER))) { 443 opts->m_len = sizeof(struct in_addr); 444 mtod(opts, struct in_addr *)->s_addr = 0; 445 } 446 if (opts) { 447 #ifdef ICMPPRINTFS 448 if (icmpprintfs) 449 printf("icmp_reflect optlen %d rt %d => ", 450 optlen, opts->m_len); 451 #endif 452 for (cnt = optlen; cnt > 0; cnt -= len, cp += len) { 453 opt = cp[IPOPT_OPTVAL]; 454 if (opt == IPOPT_EOL) 455 break; 456 if (opt == IPOPT_NOP) 457 len = 1; 458 else { 459 len = cp[IPOPT_OLEN]; 460 if (len <= 0 || len > cnt) 461 break; 462 } 463 /* 464 * Should check for overflow, but it "can't happen" 465 */ 466 if (opt == IPOPT_RR || opt == IPOPT_TS || 467 opt == IPOPT_SECURITY) { 468 bcopy((caddr_t)cp, 469 mtod(opts, caddr_t) + opts->m_len, len); 470 opts->m_len += len; 471 } 472 } 473 /* Terminate & pad, if necessary */ 474 if (cnt = opts->m_len % 4) { 475 for (; cnt < 4; cnt++) { 476 *(mtod(opts, caddr_t) + opts->m_len) = 477 IPOPT_EOL; 478 opts->m_len++; 479 } 480 } 481 #ifdef ICMPPRINTFS 482 if (icmpprintfs) 483 printf("%d\n", opts->m_len); 484 #endif 485 } 486 /* 487 * Now strip out original options by copying rest of first 488 * mbuf's data back, and adjust the IP length. 489 */ 490 ip->ip_len -= optlen; 491 ip->ip_hl = sizeof(struct ip) >> 2; 492 m->m_len -= optlen; 493 if (m->m_flags & M_PKTHDR) 494 m->m_pkthdr.len -= optlen; 495 optlen += sizeof(struct ip); 496 bcopy((caddr_t)ip + optlen, (caddr_t)(ip + 1), 497 (unsigned)(m->m_len - sizeof(struct ip))); 498 } 499 m->m_flags &= ~(M_BCAST|M_MCAST); 500 icmp_send(m, opts); 501 done: 502 if (opts) 503 (void)m_free(opts); 504 } 505 506 /* 507 * Send an icmp packet back to the ip level, 508 * after supplying a checksum. 509 */ 510 void 511 icmp_send(m, opts) 512 register struct mbuf *m; 513 struct mbuf *opts; 514 { 515 register struct ip *ip = mtod(m, struct ip *); 516 register int hlen; 517 register struct icmp *icp; 518 519 hlen = ip->ip_hl << 2; 520 m->m_data += hlen; 521 m->m_len -= hlen; 522 icp = mtod(m, struct icmp *); 523 icp->icmp_cksum = 0; 524 icp->icmp_cksum = in_cksum(m, ip->ip_len - hlen); 525 m->m_data -= hlen; 526 m->m_len += hlen; 527 #ifdef ICMPPRINTFS 528 if (icmpprintfs) 529 printf("icmp_send dst %x src %x\n", ip->ip_dst, ip->ip_src); 530 #endif 531 (void) ip_output(m, opts, NULL, 0, NULL); 532 } 533 534 n_time 535 iptime() 536 { 537 struct timeval atv; 538 u_long t; 539 540 microtime(&atv); 541 t = (atv.tv_sec % (24*60*60)) * 1000 + atv.tv_usec / 1000; 542 return (htonl(t)); 543 } 544 545 int 546 icmp_sysctl(name, namelen, oldp, oldlenp, newp, newlen) 547 int *name; 548 u_int namelen; 549 void *oldp; 550 size_t *oldlenp; 551 void *newp; 552 size_t newlen; 553 { 554 extern int ip_ttl; 555 556 /* all sysctl names at this level are terminal */ 557 if (namelen != 1) 558 return (ENOTDIR); 559 560 switch (name[0]) { 561 case ICMPCTL_MASKREPL: 562 return (sysctl_int(oldp, oldlenp, newp, newlen, &icmpmaskrepl)); 563 default: 564 return (ENOPROTOOPT); 565 } 566 /* NOTREACHED */ 567 } 568