ip_icmp.c revision 149349
1/*- 2 * Copyright (c) 1982, 1986, 1988, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 4. Neither the name of the University nor the names of its contributors 14 * may be used to endorse or promote products derived from this software 15 * without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 * @(#)ip_icmp.c 8.2 (Berkeley) 1/4/94 30 * $FreeBSD: head/sys/netinet/ip_icmp.c 149349 2005-08-21 15:09:07Z andre $ 31 */ 32 33#include "opt_ipsec.h" 34#include "opt_mac.h" 35 36#include <sys/param.h> 37#include <sys/systm.h> 38#include <sys/mac.h> 39#include <sys/mbuf.h> 40#include <sys/protosw.h> 41#include <sys/socket.h> 42#include <sys/time.h> 43#include <sys/kernel.h> 44#include <sys/sysctl.h> 45 46#include <net/if.h> 47#include <net/if_types.h> 48#include <net/route.h> 49 50#include <netinet/in.h> 51#include <netinet/in_pcb.h> 52#include <netinet/in_systm.h> 53#include <netinet/in_var.h> 54#include <netinet/ip.h> 55#include <netinet/ip_icmp.h> 56#include <netinet/ip_var.h> 57#include <netinet/tcp.h> 58#include <netinet/tcp_var.h> 59#include <netinet/tcpip.h> 60#include <netinet/icmp_var.h> 61 62#ifdef IPSEC 63#include <netinet6/ipsec.h> 64#include <netkey/key.h> 65#endif 66 67#ifdef FAST_IPSEC 68#include <netipsec/ipsec.h> 69#include <netipsec/key.h> 70#define IPSEC 71#endif 72 73#include <machine/in_cksum.h> 74 75/* 76 * ICMP routines: error generation, receive packet processing, and 77 * routines to turnaround packets back to the originator, and 78 * host table maintenance routines. 79 */ 80 81struct icmpstat icmpstat; 82SYSCTL_STRUCT(_net_inet_icmp, ICMPCTL_STATS, stats, CTLFLAG_RW, 83 &icmpstat, icmpstat, ""); 84 85static int icmpmaskrepl = 0; 86SYSCTL_INT(_net_inet_icmp, ICMPCTL_MASKREPL, maskrepl, CTLFLAG_RW, 87 &icmpmaskrepl, 0, "Reply to ICMP Address Mask Request packets."); 88 89static u_int icmpmaskfake = 0; 90SYSCTL_UINT(_net_inet_icmp, OID_AUTO, maskfake, CTLFLAG_RW, 91 &icmpmaskfake, 0, "Fake reply to ICMP Address Mask Request packets."); 92 93static int drop_redirect = 0; 94SYSCTL_INT(_net_inet_icmp, OID_AUTO, drop_redirect, CTLFLAG_RW, 95 &drop_redirect, 0, ""); 96 97static int log_redirect = 0; 98SYSCTL_INT(_net_inet_icmp, OID_AUTO, log_redirect, CTLFLAG_RW, 99 &log_redirect, 0, ""); 100 101static int icmplim = 200; 102SYSCTL_INT(_net_inet_icmp, ICMPCTL_ICMPLIM, icmplim, CTLFLAG_RW, 103 &icmplim, 0, ""); 104 105static int icmplim_output = 1; 106SYSCTL_INT(_net_inet_icmp, OID_AUTO, icmplim_output, CTLFLAG_RW, 107 &icmplim_output, 0, ""); 108 109static char reply_src[IFNAMSIZ]; 110SYSCTL_STRING(_net_inet_icmp, OID_AUTO, reply_src, CTLFLAG_RW, 111 &reply_src, IFNAMSIZ, "icmp reply source for non-local packets."); 112 113static int icmp_rfi = 0; 114SYSCTL_INT(_net_inet_icmp, OID_AUTO, reply_from_interface, CTLFLAG_RW, 115 &icmp_rfi, 0, "ICMP reply from incoming interface for " 116 "non-local packets"); 117 118static int icmp_quotelen = 8; 119SYSCTL_INT(_net_inet_icmp, OID_AUTO, quotelen, CTLFLAG_RW, 120 &icmp_quotelen, 0, "Number of bytes from original packet to " 121 "quote in ICMP reply"); 122 123/* 124 * ICMP broadcast echo sysctl 125 */ 126 127static int icmpbmcastecho = 0; 128SYSCTL_INT(_net_inet_icmp, OID_AUTO, bmcastecho, CTLFLAG_RW, 129 &icmpbmcastecho, 0, ""); 130 131 132#ifdef ICMPPRINTFS 133int icmpprintfs = 0; 134#endif 135 136static void icmp_reflect(struct mbuf *); 137static void icmp_send(struct mbuf *, struct mbuf *); 138 139extern struct protosw inetsw[]; 140 141/* 142 * Generate an error packet of type error 143 * in response to bad packet ip. 144 */ 145void 146icmp_error(n, type, code, dest, mtu) 147 struct mbuf *n; 148 int type, code; 149 n_long dest; 150 int mtu; 151{ 152 register struct ip *oip = mtod(n, struct ip *), *nip; 153 register unsigned oiplen = oip->ip_hl << 2; 154 register struct icmp *icp; 155 register struct mbuf *m; 156 unsigned icmplen; 157 158#ifdef ICMPPRINTFS 159 if (icmpprintfs) 160 printf("icmp_error(%p, %x, %d)\n", oip, type, code); 161#endif 162 if (type != ICMP_REDIRECT) 163 icmpstat.icps_error++; 164 /* 165 * Don't send error if the original packet was encrypted. 166 * Don't send error if not the first fragment of message. 167 * Don't error if the old packet protocol was ICMP 168 * error message, only known informational types. 169 */ 170 if (n->m_flags & M_DECRYPTED) 171 goto freeit; 172 if (oip->ip_off &~ (IP_MF|IP_DF)) 173 goto freeit; 174 if (oip->ip_p == IPPROTO_ICMP && type != ICMP_REDIRECT && 175 n->m_len >= oiplen + ICMP_MINLEN && 176 !ICMP_INFOTYPE(((struct icmp *)((caddr_t)oip + oiplen))->icmp_type)) { 177 icmpstat.icps_oldicmp++; 178 goto freeit; 179 } 180 /* Don't send error in response to a multicast or broadcast packet */ 181 if (n->m_flags & (M_BCAST|M_MCAST)) 182 goto freeit; 183 /* 184 * First, formulate icmp message 185 */ 186 m = m_gethdr(M_DONTWAIT, MT_HEADER); 187 if (m == NULL) 188 goto freeit; 189#ifdef MAC 190 mac_create_mbuf_netlayer(n, m); 191#endif 192 /* 193 * Calculate length to quote from original packet and 194 * prevent the ICMP mbuf from overflowing. 195 */ 196 icmplen = min(oiplen + max(8, icmp_quote), oip->ip_len); 197 icmplen = min(icmplen, M_TRAILINGSPACE(m) - 198 (ICMP_MINLEN + sizeof(struct ip))); 199 if (icmplen < sizeof(struct ip)) 200 panic("icmp_error: bad length"); 201 m->m_len = icmplen + ICMP_MINLEN; 202 MH_ALIGN(m, m->m_len); 203 icp = mtod(m, struct icmp *); 204 if ((u_int)type > ICMP_MAXTYPE) 205 panic("icmp_error"); 206 icmpstat.icps_outhist[type]++; 207 icp->icmp_type = type; 208 if (type == ICMP_REDIRECT) 209 icp->icmp_gwaddr.s_addr = dest; 210 else { 211 icp->icmp_void = 0; 212 /* 213 * The following assignments assume an overlay with the 214 * zeroed icmp_void field. 215 */ 216 if (type == ICMP_PARAMPROB) { 217 icp->icmp_pptr = code; 218 code = 0; 219 } else if (type == ICMP_UNREACH && 220 code == ICMP_UNREACH_NEEDFRAG && mtu) { 221 icp->icmp_nextmtu = htons(mtu); 222 } 223 } 224 225 icp->icmp_code = code; 226 m_copydata(n, 0, icmplen, (caddr_t)&icp->icmp_ip); 227 nip = &icp->icmp_ip; 228 229 /* 230 * Convert fields to network representation. 231 */ 232 nip->ip_len = htons(nip->ip_len); 233 nip->ip_off = htons(nip->ip_off); 234 235 /* 236 * Now, copy old ip header (without options) 237 * in front of icmp message. 238 */ 239 if (m->m_data - sizeof(struct ip) < m->m_pktdat) 240 panic("icmp len"); 241 /* 242 * If the original mbuf was meant to bypass the firewall, the error 243 * reply should bypass as well. 244 */ 245 m->m_flags |= n->m_flags & M_SKIP_FIREWALL; 246 m->m_data -= sizeof(struct ip); 247 m->m_len += sizeof(struct ip); 248 m->m_pkthdr.len = m->m_len; 249 m->m_pkthdr.rcvif = n->m_pkthdr.rcvif; 250 nip = mtod(m, struct ip *); 251 bcopy((caddr_t)oip, (caddr_t)nip, sizeof(struct ip)); 252 nip->ip_len = m->m_len; 253 nip->ip_v = IPVERSION; 254 nip->ip_hl = 5; 255 nip->ip_p = IPPROTO_ICMP; 256 nip->ip_tos = 0; 257 icmp_reflect(m); 258 259freeit: 260 m_freem(n); 261} 262 263/* 264 * Process a received ICMP message. 265 */ 266void 267icmp_input(m, off) 268 struct mbuf *m; 269 int off; 270{ 271 struct icmp *icp; 272 struct in_ifaddr *ia; 273 struct ip *ip = mtod(m, struct ip *); 274 struct sockaddr_in icmpsrc, icmpdst, icmpgw; 275 int hlen = off; 276 int icmplen = ip->ip_len; 277 int i, code; 278 void (*ctlfunc)(int, struct sockaddr *, void *); 279 280 /* 281 * Locate icmp structure in mbuf, and check 282 * that not corrupted and of at least minimum length. 283 */ 284#ifdef ICMPPRINTFS 285 if (icmpprintfs) { 286 char buf[4 * sizeof "123"]; 287 strcpy(buf, inet_ntoa(ip->ip_src)); 288 printf("icmp_input from %s to %s, len %d\n", 289 buf, inet_ntoa(ip->ip_dst), icmplen); 290 } 291#endif 292 if (icmplen < ICMP_MINLEN) { 293 icmpstat.icps_tooshort++; 294 goto freeit; 295 } 296 i = hlen + min(icmplen, ICMP_ADVLENMIN); 297 if (m->m_len < i && (m = m_pullup(m, i)) == 0) { 298 icmpstat.icps_tooshort++; 299 return; 300 } 301 ip = mtod(m, struct ip *); 302 m->m_len -= hlen; 303 m->m_data += hlen; 304 icp = mtod(m, struct icmp *); 305 if (in_cksum(m, icmplen)) { 306 icmpstat.icps_checksum++; 307 goto freeit; 308 } 309 m->m_len += hlen; 310 m->m_data -= hlen; 311 312 if (m->m_pkthdr.rcvif && m->m_pkthdr.rcvif->if_type == IFT_FAITH) { 313 /* 314 * Deliver very specific ICMP type only. 315 */ 316 switch (icp->icmp_type) { 317 case ICMP_UNREACH: 318 case ICMP_TIMXCEED: 319 break; 320 default: 321 goto freeit; 322 } 323 } 324 325#ifdef ICMPPRINTFS 326 if (icmpprintfs) 327 printf("icmp_input, type %d code %d\n", icp->icmp_type, 328 icp->icmp_code); 329#endif 330 331 /* 332 * Message type specific processing. 333 */ 334 if (icp->icmp_type > ICMP_MAXTYPE) 335 goto raw; 336 337 /* Initialize */ 338 bzero(&icmpsrc, sizeof(icmpsrc)); 339 icmpsrc.sin_len = sizeof(struct sockaddr_in); 340 icmpsrc.sin_family = AF_INET; 341 bzero(&icmpdst, sizeof(icmpdst)); 342 icmpdst.sin_len = sizeof(struct sockaddr_in); 343 icmpdst.sin_family = AF_INET; 344 bzero(&icmpgw, sizeof(icmpgw)); 345 icmpgw.sin_len = sizeof(struct sockaddr_in); 346 icmpgw.sin_family = AF_INET; 347 348 icmpstat.icps_inhist[icp->icmp_type]++; 349 code = icp->icmp_code; 350 switch (icp->icmp_type) { 351 352 case ICMP_UNREACH: 353 switch (code) { 354 case ICMP_UNREACH_NET: 355 case ICMP_UNREACH_HOST: 356 case ICMP_UNREACH_SRCFAIL: 357 case ICMP_UNREACH_NET_UNKNOWN: 358 case ICMP_UNREACH_HOST_UNKNOWN: 359 case ICMP_UNREACH_ISOLATED: 360 case ICMP_UNREACH_TOSNET: 361 case ICMP_UNREACH_TOSHOST: 362 case ICMP_UNREACH_HOST_PRECEDENCE: 363 case ICMP_UNREACH_PRECEDENCE_CUTOFF: 364 code = PRC_UNREACH_NET; 365 break; 366 367 case ICMP_UNREACH_NEEDFRAG: 368 code = PRC_MSGSIZE; 369 break; 370 371 /* 372 * RFC 1122, Sections 3.2.2.1 and 4.2.3.9. 373 * Treat subcodes 2,3 as immediate RST 374 */ 375 case ICMP_UNREACH_PROTOCOL: 376 case ICMP_UNREACH_PORT: 377 code = PRC_UNREACH_PORT; 378 break; 379 380 case ICMP_UNREACH_NET_PROHIB: 381 case ICMP_UNREACH_HOST_PROHIB: 382 case ICMP_UNREACH_FILTER_PROHIB: 383 code = PRC_UNREACH_ADMIN_PROHIB; 384 break; 385 386 default: 387 goto badcode; 388 } 389 goto deliver; 390 391 case ICMP_TIMXCEED: 392 if (code > 1) 393 goto badcode; 394 code += PRC_TIMXCEED_INTRANS; 395 goto deliver; 396 397 case ICMP_PARAMPROB: 398 if (code > 1) 399 goto badcode; 400 code = PRC_PARAMPROB; 401 goto deliver; 402 403 case ICMP_SOURCEQUENCH: 404 if (code) 405 goto badcode; 406 code = PRC_QUENCH; 407 deliver: 408 /* 409 * Problem with datagram; advise higher level routines. 410 */ 411 if (icmplen < ICMP_ADVLENMIN || icmplen < ICMP_ADVLEN(icp) || 412 icp->icmp_ip.ip_hl < (sizeof(struct ip) >> 2)) { 413 icmpstat.icps_badlen++; 414 goto freeit; 415 } 416 icp->icmp_ip.ip_len = ntohs(icp->icmp_ip.ip_len); 417 /* Discard ICMP's in response to multicast packets */ 418 if (IN_MULTICAST(ntohl(icp->icmp_ip.ip_dst.s_addr))) 419 goto badcode; 420#ifdef ICMPPRINTFS 421 if (icmpprintfs) 422 printf("deliver to protocol %d\n", icp->icmp_ip.ip_p); 423#endif 424 icmpsrc.sin_addr = icp->icmp_ip.ip_dst; 425 /* 426 * XXX if the packet contains [IPv4 AH TCP], we can't make a 427 * notification to TCP layer. 428 */ 429 ctlfunc = inetsw[ip_protox[icp->icmp_ip.ip_p]].pr_ctlinput; 430 if (ctlfunc) 431 (*ctlfunc)(code, (struct sockaddr *)&icmpsrc, 432 (void *)&icp->icmp_ip); 433 break; 434 435 badcode: 436 icmpstat.icps_badcode++; 437 break; 438 439 case ICMP_ECHO: 440 if (!icmpbmcastecho 441 && (m->m_flags & (M_MCAST | M_BCAST)) != 0) { 442 icmpstat.icps_bmcastecho++; 443 break; 444 } 445 icp->icmp_type = ICMP_ECHOREPLY; 446 if (badport_bandlim(BANDLIM_ICMP_ECHO) < 0) 447 goto freeit; 448 else 449 goto reflect; 450 451 case ICMP_TSTAMP: 452 if (!icmpbmcastecho 453 && (m->m_flags & (M_MCAST | M_BCAST)) != 0) { 454 icmpstat.icps_bmcasttstamp++; 455 break; 456 } 457 if (icmplen < ICMP_TSLEN) { 458 icmpstat.icps_badlen++; 459 break; 460 } 461 icp->icmp_type = ICMP_TSTAMPREPLY; 462 icp->icmp_rtime = iptime(); 463 icp->icmp_ttime = icp->icmp_rtime; /* bogus, do later! */ 464 if (badport_bandlim(BANDLIM_ICMP_TSTAMP) < 0) 465 goto freeit; 466 else 467 goto reflect; 468 469 case ICMP_MASKREQ: 470 if (icmpmaskrepl == 0) 471 break; 472 /* 473 * We are not able to respond with all ones broadcast 474 * unless we receive it over a point-to-point interface. 475 */ 476 if (icmplen < ICMP_MASKLEN) 477 break; 478 switch (ip->ip_dst.s_addr) { 479 480 case INADDR_BROADCAST: 481 case INADDR_ANY: 482 icmpdst.sin_addr = ip->ip_src; 483 break; 484 485 default: 486 icmpdst.sin_addr = ip->ip_dst; 487 } 488 ia = (struct in_ifaddr *)ifaof_ifpforaddr( 489 (struct sockaddr *)&icmpdst, m->m_pkthdr.rcvif); 490 if (ia == 0) 491 break; 492 if (ia->ia_ifp == 0) 493 break; 494 icp->icmp_type = ICMP_MASKREPLY; 495 if (icmpmaskfake == 0) 496 icp->icmp_mask = ia->ia_sockmask.sin_addr.s_addr; 497 else 498 icp->icmp_mask = icmpmaskfake; 499 if (ip->ip_src.s_addr == 0) { 500 if (ia->ia_ifp->if_flags & IFF_BROADCAST) 501 ip->ip_src = satosin(&ia->ia_broadaddr)->sin_addr; 502 else if (ia->ia_ifp->if_flags & IFF_POINTOPOINT) 503 ip->ip_src = satosin(&ia->ia_dstaddr)->sin_addr; 504 } 505reflect: 506 ip->ip_len += hlen; /* since ip_input deducts this */ 507 icmpstat.icps_reflect++; 508 icmpstat.icps_outhist[icp->icmp_type]++; 509 icmp_reflect(m); 510 return; 511 512 case ICMP_REDIRECT: 513 if (log_redirect) { 514 u_long src, dst, gw; 515 516 src = ntohl(ip->ip_src.s_addr); 517 dst = ntohl(icp->icmp_ip.ip_dst.s_addr); 518 gw = ntohl(icp->icmp_gwaddr.s_addr); 519 printf("icmp redirect from %d.%d.%d.%d: " 520 "%d.%d.%d.%d => %d.%d.%d.%d\n", 521 (int)(src >> 24), (int)((src >> 16) & 0xff), 522 (int)((src >> 8) & 0xff), (int)(src & 0xff), 523 (int)(dst >> 24), (int)((dst >> 16) & 0xff), 524 (int)((dst >> 8) & 0xff), (int)(dst & 0xff), 525 (int)(gw >> 24), (int)((gw >> 16) & 0xff), 526 (int)((gw >> 8) & 0xff), (int)(gw & 0xff)); 527 } 528 /* 529 * RFC1812 says we must ignore ICMP redirects if we 530 * are acting as router. 531 */ 532 if (drop_redirect || ipforwarding) 533 break; 534 if (code > 3) 535 goto badcode; 536 if (icmplen < ICMP_ADVLENMIN || icmplen < ICMP_ADVLEN(icp) || 537 icp->icmp_ip.ip_hl < (sizeof(struct ip) >> 2)) { 538 icmpstat.icps_badlen++; 539 break; 540 } 541 /* 542 * Short circuit routing redirects to force 543 * immediate change in the kernel's routing 544 * tables. The message is also handed to anyone 545 * listening on a raw socket (e.g. the routing 546 * daemon for use in updating its tables). 547 */ 548 icmpgw.sin_addr = ip->ip_src; 549 icmpdst.sin_addr = icp->icmp_gwaddr; 550#ifdef ICMPPRINTFS 551 if (icmpprintfs) { 552 char buf[4 * sizeof "123"]; 553 strcpy(buf, inet_ntoa(icp->icmp_ip.ip_dst)); 554 555 printf("redirect dst %s to %s\n", 556 buf, inet_ntoa(icp->icmp_gwaddr)); 557 } 558#endif 559 icmpsrc.sin_addr = icp->icmp_ip.ip_dst; 560 rtredirect((struct sockaddr *)&icmpsrc, 561 (struct sockaddr *)&icmpdst, 562 (struct sockaddr *)0, RTF_GATEWAY | RTF_HOST, 563 (struct sockaddr *)&icmpgw); 564 pfctlinput(PRC_REDIRECT_HOST, (struct sockaddr *)&icmpsrc); 565#ifdef IPSEC 566 key_sa_routechange((struct sockaddr *)&icmpsrc); 567#endif 568 break; 569 570 /* 571 * No kernel processing for the following; 572 * just fall through to send to raw listener. 573 */ 574 case ICMP_ECHOREPLY: 575 case ICMP_ROUTERADVERT: 576 case ICMP_ROUTERSOLICIT: 577 case ICMP_TSTAMPREPLY: 578 case ICMP_IREQREPLY: 579 case ICMP_MASKREPLY: 580 default: 581 break; 582 } 583 584raw: 585 rip_input(m, off); 586 return; 587 588freeit: 589 m_freem(m); 590} 591 592/* 593 * Reflect the ip packet back to the source 594 */ 595static void 596icmp_reflect(m) 597 struct mbuf *m; 598{ 599 struct ip *ip = mtod(m, struct ip *); 600 struct ifaddr *ifa; 601 struct ifnet *ifn; 602 struct in_ifaddr *ia; 603 struct in_addr t; 604 struct mbuf *opts = 0; 605 int optlen = (ip->ip_hl << 2) - sizeof(struct ip); 606 607 if (!in_canforward(ip->ip_src) && 608 ((ntohl(ip->ip_src.s_addr) & IN_CLASSA_NET) != 609 (IN_LOOPBACKNET << IN_CLASSA_NSHIFT))) { 610 m_freem(m); /* Bad return address */ 611 icmpstat.icps_badaddr++; 612 goto done; /* Ip_output() will check for broadcast */ 613 } 614 t = ip->ip_dst; 615 ip->ip_dst = ip->ip_src; 616 617 /* 618 * Source selection for ICMP replies: 619 * 620 * If the incoming packet was addressed directly to one of our 621 * own addresses, use dst as the src for the reply. 622 */ 623 LIST_FOREACH(ia, INADDR_HASH(t.s_addr), ia_hash) 624 if (t.s_addr == IA_SIN(ia)->sin_addr.s_addr) 625 goto match; 626 /* 627 * If the incoming packet was addressed to one of our broadcast 628 * addresses, use the first non-broadcast address which corresponds 629 * to the incoming interface. 630 */ 631 if (m->m_pkthdr.rcvif != NULL && 632 m->m_pkthdr.rcvif->if_flags & IFF_BROADCAST) { 633 TAILQ_FOREACH(ifa, &m->m_pkthdr.rcvif->if_addrhead, ifa_link) { 634 if (ifa->ifa_addr->sa_family != AF_INET) 635 continue; 636 ia = ifatoia(ifa); 637 if (satosin(&ia->ia_broadaddr)->sin_addr.s_addr == 638 t.s_addr) 639 goto match; 640 } 641 } 642 /* 643 * If the packet was transiting through us, use the address of 644 * the interface the packet came through in. If that interface 645 * doesn't have a suitable IP address, the normal selection 646 * criteria apply. 647 */ 648 if (icmp_rfi && m->m_pkthdr.rcvif != NULL) { 649 TAILQ_FOREACH(ifa, &m->m_pkthdr.rcvif->if_addrhead, ifa_link) { 650 if (ifa->ifa_addr->sa_family != AF_INET) 651 continue; 652 ia = ifatoia(ifa); 653 goto match; 654 } 655 } 656 /* 657 * If the incoming packet was not addressed directly to us, use 658 * designated interface for icmp replies specified by sysctl 659 * net.inet.icmp.reply_src (default not set). Otherwise continue 660 * with normal source selection. 661 */ 662 if (reply_src[0] != '\0' && (ifn = ifunit(reply_src))) { 663 TAILQ_FOREACH(ifa, &ifn->if_addrhead, ifa_link) { 664 if (ifa->ifa_addr->sa_family != AF_INET) 665 continue; 666 ia = ifatoia(ifa); 667 goto match; 668 } 669 } 670 /* 671 * If the packet was transiting through us, use the address of 672 * the interface that is the closest to the packet source. 673 * When we don't have a route back to the packet source, stop here 674 * and drop the packet. 675 */ 676 ia = ip_rtaddr(ip->ip_dst); 677 if (ia == NULL) { 678 m_freem(m); 679 icmpstat.icps_noroute++; 680 goto done; 681 } 682match: 683#ifdef MAC 684 mac_reflect_mbuf_icmp(m); 685#endif 686 t = IA_SIN(ia)->sin_addr; 687 ip->ip_src = t; 688 ip->ip_ttl = ip_defttl; 689 690 if (optlen > 0) { 691 register u_char *cp; 692 int opt, cnt; 693 u_int len; 694 695 /* 696 * Retrieve any source routing from the incoming packet; 697 * add on any record-route or timestamp options. 698 */ 699 cp = (u_char *) (ip + 1); 700 if ((opts = ip_srcroute(m)) == 0 && 701 (opts = m_gethdr(M_DONTWAIT, MT_HEADER))) { 702 opts->m_len = sizeof(struct in_addr); 703 mtod(opts, struct in_addr *)->s_addr = 0; 704 } 705 if (opts) { 706#ifdef ICMPPRINTFS 707 if (icmpprintfs) 708 printf("icmp_reflect optlen %d rt %d => ", 709 optlen, opts->m_len); 710#endif 711 for (cnt = optlen; cnt > 0; cnt -= len, cp += len) { 712 opt = cp[IPOPT_OPTVAL]; 713 if (opt == IPOPT_EOL) 714 break; 715 if (opt == IPOPT_NOP) 716 len = 1; 717 else { 718 if (cnt < IPOPT_OLEN + sizeof(*cp)) 719 break; 720 len = cp[IPOPT_OLEN]; 721 if (len < IPOPT_OLEN + sizeof(*cp) || 722 len > cnt) 723 break; 724 } 725 /* 726 * Should check for overflow, but it "can't happen" 727 */ 728 if (opt == IPOPT_RR || opt == IPOPT_TS || 729 opt == IPOPT_SECURITY) { 730 bcopy((caddr_t)cp, 731 mtod(opts, caddr_t) + opts->m_len, len); 732 opts->m_len += len; 733 } 734 } 735 /* Terminate & pad, if necessary */ 736 cnt = opts->m_len % 4; 737 if (cnt) { 738 for (; cnt < 4; cnt++) { 739 *(mtod(opts, caddr_t) + opts->m_len) = 740 IPOPT_EOL; 741 opts->m_len++; 742 } 743 } 744#ifdef ICMPPRINTFS 745 if (icmpprintfs) 746 printf("%d\n", opts->m_len); 747#endif 748 } 749 /* 750 * Now strip out original options by copying rest of first 751 * mbuf's data back, and adjust the IP length. 752 */ 753 ip->ip_len -= optlen; 754 ip->ip_v = IPVERSION; 755 ip->ip_hl = 5; 756 m->m_len -= optlen; 757 if (m->m_flags & M_PKTHDR) 758 m->m_pkthdr.len -= optlen; 759 optlen += sizeof(struct ip); 760 bcopy((caddr_t)ip + optlen, (caddr_t)(ip + 1), 761 (unsigned)(m->m_len - sizeof(struct ip))); 762 } 763 m_tag_delete_nonpersistent(m); 764 m->m_flags &= ~(M_BCAST|M_MCAST); 765 icmp_send(m, opts); 766done: 767 if (opts) 768 (void)m_free(opts); 769} 770 771/* 772 * Send an icmp packet back to the ip level, 773 * after supplying a checksum. 774 */ 775static void 776icmp_send(m, opts) 777 register struct mbuf *m; 778 struct mbuf *opts; 779{ 780 register struct ip *ip = mtod(m, struct ip *); 781 register int hlen; 782 register struct icmp *icp; 783 784 hlen = ip->ip_hl << 2; 785 m->m_data += hlen; 786 m->m_len -= hlen; 787 icp = mtod(m, struct icmp *); 788 icp->icmp_cksum = 0; 789 icp->icmp_cksum = in_cksum(m, ip->ip_len - hlen); 790 m->m_data -= hlen; 791 m->m_len += hlen; 792 m->m_pkthdr.rcvif = (struct ifnet *)0; 793#ifdef ICMPPRINTFS 794 if (icmpprintfs) { 795 char buf[4 * sizeof "123"]; 796 strcpy(buf, inet_ntoa(ip->ip_dst)); 797 printf("icmp_send dst %s src %s\n", 798 buf, inet_ntoa(ip->ip_src)); 799 } 800#endif 801 (void) ip_output(m, opts, NULL, 0, NULL, NULL); 802} 803 804n_time 805iptime() 806{ 807 struct timeval atv; 808 u_long t; 809 810 getmicrotime(&atv); 811 t = (atv.tv_sec % (24*60*60)) * 1000 + atv.tv_usec / 1000; 812 return (htonl(t)); 813} 814 815/* 816 * Return the next larger or smaller MTU plateau (table from RFC 1191) 817 * given current value MTU. If DIR is less than zero, a larger plateau 818 * is returned; otherwise, a smaller value is returned. 819 */ 820int 821ip_next_mtu(mtu, dir) 822 int mtu; 823 int dir; 824{ 825 static int mtutab[] = { 826 65535, 32000, 17914, 8166, 4352, 2002, 1492, 1280, 1006, 508, 827 296, 68, 0 828 }; 829 int i; 830 831 for (i = 0; i < (sizeof mtutab) / (sizeof mtutab[0]); i++) { 832 if (mtu >= mtutab[i]) 833 break; 834 } 835 836 if (dir < 0) { 837 if (i == 0) { 838 return 0; 839 } else { 840 return mtutab[i - 1]; 841 } 842 } else { 843 if (mtutab[i] == 0) { 844 return 0; 845 } else if(mtu > mtutab[i]) { 846 return mtutab[i]; 847 } else { 848 return mtutab[i + 1]; 849 } 850 } 851} 852 853 854/* 855 * badport_bandlim() - check for ICMP bandwidth limit 856 * 857 * Return 0 if it is ok to send an ICMP error response, -1 if we have 858 * hit our bandwidth limit and it is not ok. 859 * 860 * If icmplim is <= 0, the feature is disabled and 0 is returned. 861 * 862 * For now we separate the TCP and UDP subsystems w/ different 'which' 863 * values. We may eventually remove this separation (and simplify the 864 * code further). 865 * 866 * Note that the printing of the error message is delayed so we can 867 * properly print the icmp error rate that the system was trying to do 868 * (i.e. 22000/100 pps, etc...). This can cause long delays in printing 869 * the 'final' error, but it doesn't make sense to solve the printing 870 * delay with more complex code. 871 */ 872 873int 874badport_bandlim(int which) 875{ 876#define N(a) (sizeof (a) / sizeof (a[0])) 877 static struct rate { 878 const char *type; 879 struct timeval lasttime; 880 int curpps; 881 } rates[BANDLIM_MAX+1] = { 882 { "icmp unreach response" }, 883 { "icmp ping response" }, 884 { "icmp tstamp response" }, 885 { "closed port RST response" }, 886 { "open port RST response" } 887 }; 888 889 /* 890 * Return ok status if feature disabled or argument out of range. 891 */ 892 if (icmplim > 0 && (u_int) which < N(rates)) { 893 struct rate *r = &rates[which]; 894 int opps = r->curpps; 895 896 if (!ppsratecheck(&r->lasttime, &r->curpps, icmplim)) 897 return -1; /* discard packet */ 898 /* 899 * If we've dropped below the threshold after having 900 * rate-limited traffic print the message. This preserves 901 * the previous behaviour at the expense of added complexity. 902 */ 903 if (icmplim_output && opps > icmplim) 904 printf("Limiting %s from %d to %d packets/sec\n", 905 r->type, opps, icmplim); 906 } 907 return 0; /* okay to send packet */ 908#undef N 909} 910