diff options
| author | Jiri Bohac <jbohac@suse.cz> | 2013-08-30 05:18:45 -0400 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2013-09-14 09:54:56 -0400 |
| commit | 2aae409672a9ec6078702b2fe92bd41ecf05d826 (patch) | |
| tree | 9c1ce9b64620a3d31393ea77fbcc7906ba20fd0c | |
| parent | 00897febb83864e2dd388d719b256cb362198e27 (diff) | |
ICMPv6: treat dest unreachable codes 5 and 6 as EACCES, not EPROTO
[ Upstream commit 61e76b178dbe7145e8d6afa84bb4ccea71918994 ]
RFC 4443 has defined two additional codes for ICMPv6 type 1 (destination
unreachable) messages:
5 - Source address failed ingress/egress policy
6 - Reject route to destination
Now they are treated as protocol error and icmpv6_err_convert() converts them
to EPROTO.
RFC 4443 says:
"Codes 5 and 6 are more informative subsets of code 1."
Treat codes 5 and 6 as code 1 (EACCES)
Btw, connect() returning -EPROTO confuses firefox, so that fallback to
other/IPv4 addresses does not work:
https://bugzilla.mozilla.org/show_bug.cgi?id=910773
Signed-off-by: Jiri Bohac <jbohac@suse.cz>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| -rw-r--r-- | include/uapi/linux/icmpv6.h | 2 | ||||
| -rw-r--r-- | net/ipv6/icmp.c | 10 |
2 files changed, 11 insertions, 1 deletions
diff --git a/include/uapi/linux/icmpv6.h b/include/uapi/linux/icmpv6.h index e0133c73c304..590beda78ea0 100644 --- a/include/uapi/linux/icmpv6.h +++ b/include/uapi/linux/icmpv6.h | |||
| @@ -115,6 +115,8 @@ struct icmp6hdr { | |||
| 115 | #define ICMPV6_NOT_NEIGHBOUR 2 | 115 | #define ICMPV6_NOT_NEIGHBOUR 2 |
| 116 | #define ICMPV6_ADDR_UNREACH 3 | 116 | #define ICMPV6_ADDR_UNREACH 3 |
| 117 | #define ICMPV6_PORT_UNREACH 4 | 117 | #define ICMPV6_PORT_UNREACH 4 |
| 118 | #define ICMPV6_POLICY_FAIL 5 | ||
| 119 | #define ICMPV6_REJECT_ROUTE 6 | ||
| 118 | 120 | ||
| 119 | /* | 121 | /* |
| 120 | * Codes for Time Exceeded | 122 | * Codes for Time Exceeded |
diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c index b4ff0a42b8c7..70e704d49007 100644 --- a/net/ipv6/icmp.c +++ b/net/ipv6/icmp.c | |||
| @@ -931,6 +931,14 @@ static const struct icmp6_err { | |||
| 931 | .err = ECONNREFUSED, | 931 | .err = ECONNREFUSED, |
| 932 | .fatal = 1, | 932 | .fatal = 1, |
| 933 | }, | 933 | }, |
| 934 | { /* POLICY_FAIL */ | ||
| 935 | .err = EACCES, | ||
| 936 | .fatal = 1, | ||
| 937 | }, | ||
| 938 | { /* REJECT_ROUTE */ | ||
| 939 | .err = EACCES, | ||
| 940 | .fatal = 1, | ||
| 941 | }, | ||
| 934 | }; | 942 | }; |
| 935 | 943 | ||
| 936 | int icmpv6_err_convert(u8 type, u8 code, int *err) | 944 | int icmpv6_err_convert(u8 type, u8 code, int *err) |
| @@ -942,7 +950,7 @@ int icmpv6_err_convert(u8 type, u8 code, int *err) | |||
| 942 | switch (type) { | 950 | switch (type) { |
| 943 | case ICMPV6_DEST_UNREACH: | 951 | case ICMPV6_DEST_UNREACH: |
| 944 | fatal = 1; | 952 | fatal = 1; |
| 945 | if (code <= ICMPV6_PORT_UNREACH) { | 953 | if (code < ARRAY_SIZE(tab_unreach)) { |
| 946 | *err = tab_unreach[code].err; | 954 | *err = tab_unreach[code].err; |
| 947 | fatal = tab_unreach[code].fatal; | 955 | fatal = tab_unreach[code].fatal; |
| 948 | } | 956 | } |