sit: generate icmpv6 error when receiving icmpv4 error

Send icmpv6 error with type "destination unreachable" and code "address unreachable" when receiving icmpv4 error and sufficient data bytes are available This patch enhances the compliance of sit tunnel with section 3.4 of rfc 4213 Signed-off-by: Oussama Ghorbel <ghorbel@pivasoftware.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Oussama Ghorbel <ghorbel@pivasoftware.com> 2013-11-22 10:23:20 -0500
committer: David S. Miller <davem@davemloft.net> 2013-11-23 17:46:22 -0500
commit: ca15a078bd907df5fc1c009477869c5cbde3b753 (patch)
tree: 8bc078836afe69372da00aa7c3d145e4544871c3 /net
parent: fb10f802b0fb76079612cb78505cbc9ad81e683b (diff)
1 files changed, 38 insertions, 6 deletions
diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c
index 1b4a4a953675..8435267836a7 100644
--- a/net/ipv6/sit.c
+++ b/net/ipv6/sit.c
@@ -478,14 +478,44 @@ static void ipip6_tunnel_uninit(struct net_device *dev)
        dev_put(dev);
 }
+/* Generate icmpv6 with type/code ICMPV6_DEST_UNREACH/ICMPV6_ADDR_UNREACH
+ * if sufficient data bytes are available
+ */
+static int ipip6_err_gen_icmpv6_unreach(struct sk_buff *skb)
+{
+        const struct iphdr *iph = (const struct iphdr *) skb->data;
+        struct rt6_info *rt;
+        struct sk_buff *skb2;
+        if (!pskb_may_pull(skb, iph->ihl * 4 + sizeof(struct ipv6hdr) + 8))
+                return 1;
+        skb2 = skb_clone(skb, GFP_ATOMIC);
+        if (!skb2)
+                return 1;
+        skb_dst_drop(skb2);
+        skb_pull(skb2, iph->ihl * 4);
+        skb_reset_network_header(skb2);
+        rt = rt6_lookup(dev_net(skb->dev), &ipv6_hdr(skb2)->saddr, NULL, 0, 0);
+        if (rt && rt->dst.dev)
+                skb2->dev = rt->dst.dev;
+        icmpv6_send(skb2, ICMPV6_DEST_UNREACH, ICMPV6_ADDR_UNREACH, 0);
+        if (rt)
+                ip6_rt_put(rt);
+        kfree_skb(skb2);
+        return 0;
+}
 static int ipip6_err(struct sk_buff *skb, u32 info)
 {
-/* All the routers (except for Linux) return only
-   8 bytes of packet payload. It means, that precise relaying of
-   ICMP in the real Internet is absolutely infeasible.
- */
        const struct iphdr *iph = (const struct iphdr *)skb->data;
        const int type = icmp_hdr(skb)->type;
        const int code = icmp_hdr(skb)->code;
@@ -500,7 +530,6 @@ static int ipip6_err(struct sk_buff *skb, u32 info)
        case ICMP_DEST_UNREACH:
                switch (code) {
                case ICMP_SR_FAILED:
-                case ICMP_PORT_UNREACH:
                        /* Impossible event. */
                        return 0;
                default:
@@ -545,6 +574,9 @@ static int ipip6_err(struct sk_buff *skb, u32 info)
                goto out;
        err = 0;
+        if (!ipip6_err_gen_icmpv6_unreach(skb))
+                goto out;
        if (t->parms.iph.ttl == 0 && type == ICMP_TIME_EXCEEDED)
                goto out;
author	Oussama Ghorbel <ghorbel@pivasoftware.com>	2013-11-22 10:23:20 -0500
committer	David S. Miller <davem@davemloft.net>	2013-11-23 17:46:22 -0500
commit	ca15a078bd907df5fc1c009477869c5cbde3b753 (patch)
tree	8bc078836afe69372da00aa7c3d145e4544871c3 /net
parent	fb10f802b0fb76079612cb78505cbc9ad81e683b (diff)

diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c index 1b4a4a953675..8435267836a7 100644 --- a/net/ipv6/sit.c +++ b/net/ipv6/sit.c
@@ -478,14 +478,44 @@ static void ipip6_tunnel_uninit(struct net_device *dev)
478	dev_put(dev);	478	dev_put(dev);
479	}	479	}
480		480
		481	/* Generate icmpv6 with type/code ICMPV6_DEST_UNREACH/ICMPV6_ADDR_UNREACH
		482	* if sufficient data bytes are available
		483	*/
		484	static int ipip6_err_gen_icmpv6_unreach(struct sk_buff *skb)
		485	{
		486	const struct iphdr iph = (const struct iphdr ) skb->data;
		487	struct rt6_info *rt;
		488	struct sk_buff *skb2;
		489
		490	if (!pskb_may_pull(skb, iph->ihl * 4 + sizeof(struct ipv6hdr) + 8))
		491	return 1;
		492
		493	skb2 = skb_clone(skb, GFP_ATOMIC);
		494
		495	if (!skb2)
		496	return 1;
		497
		498	skb_dst_drop(skb2);
		499	skb_pull(skb2, iph->ihl * 4);
		500	skb_reset_network_header(skb2);
		501
		502	rt = rt6_lookup(dev_net(skb->dev), &ipv6_hdr(skb2)->saddr, NULL, 0, 0);
		503
		504	if (rt && rt->dst.dev)
		505	skb2->dev = rt->dst.dev;
		506
		507	icmpv6_send(skb2, ICMPV6_DEST_UNREACH, ICMPV6_ADDR_UNREACH, 0);
		508
		509	if (rt)
		510	ip6_rt_put(rt);
		511
		512	kfree_skb(skb2);
		513
		514	return 0;
		515	}
481		516
482	static int ipip6_err(struct sk_buff *skb, u32 info)	517	static int ipip6_err(struct sk_buff *skb, u32 info)
483	{	518	{
484
485	/* All the routers (except for Linux) return only
486	8 bytes of packet payload. It means, that precise relaying of
487	ICMP in the real Internet is absolutely infeasible.
488	*/
489	const struct iphdr iph = (const struct iphdr )skb->data;	519	const struct iphdr iph = (const struct iphdr )skb->data;
490	const int type = icmp_hdr(skb)->type;	520	const int type = icmp_hdr(skb)->type;
491	const int code = icmp_hdr(skb)->code;	521	const int code = icmp_hdr(skb)->code;
@@ -500,7 +530,6 @@ static int ipip6_err(struct sk_buff *skb, u32 info)
500	case ICMP_DEST_UNREACH:	530	case ICMP_DEST_UNREACH:
501	switch (code) {	531	switch (code) {
502	case ICMP_SR_FAILED:	532	case ICMP_SR_FAILED:
503	case ICMP_PORT_UNREACH:
504	/* Impossible event. */	533	/* Impossible event. */
505	return 0;	534	return 0;
506	default:	535	default:
@@ -545,6 +574,9 @@ static int ipip6_err(struct sk_buff *skb, u32 info)
545	goto out;	574	goto out;
546		575
547	err = 0;	576	err = 0;
		577	if (!ipip6_err_gen_icmpv6_unreach(skb))
		578	goto out;
		579
548	if (t->parms.iph.ttl == 0 && type == ICMP_TIME_EXCEEDED)	580	if (t->parms.iph.ttl == 0 && type == ICMP_TIME_EXCEEDED)
549	goto out;	581	goto out;
550		582