From patchwork Fri Dec 4 03:16:30 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Roeseler X-Patchwork-Id: 11950587 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 03F56C4361A for ; Fri, 4 Dec 2020 03:17:14 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 9F12022517 for ; Fri, 4 Dec 2020 03:17:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727658AbgLDDRM (ORCPT ); Thu, 3 Dec 2020 22:17:12 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46568 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727474AbgLDDRM (ORCPT ); Thu, 3 Dec 2020 22:17:12 -0500 Received: from mail-pj1-x1044.google.com (mail-pj1-x1044.google.com [IPv6:2607:f8b0:4864:20::1044]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 67C40C061A4F for ; Thu, 3 Dec 2020 19:16:32 -0800 (PST) Received: by mail-pj1-x1044.google.com with SMTP id r9so2259492pjl.5 for ; Thu, 03 Dec 2020 19:16:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=+NJ183lW8pLtZPUZUZ5nx/Wuq0zFK6HVT2A/DaRECak=; b=eP9HV8CgEK+vywN/jwojM1A2TKzPqijc2pDHbMdyKxiaWfy9GbYQ01omXa/YiswSVT T0lr6mJKGeax397EB+JocR5tPXs5LuiZR9O9nCZx2xX3M70VFAKlnA3yYWU+Bdg5UYFK CbJwMJjVjuPufme0pLrQ7Z+Z6a6dFAnZNOUsB57dK+UmnDTCFd9FGUFMVxYBheBHVJHX b90ZzYf4wrffoWp0gIl7fLgABhdl1wTtg0YU4aLhuqvrNLDM/r18xqZklGGWnmyqpRHB intsgENgV2QeMo9l6fZY0f9kqSbWShJOF4JhOARqMbbm2oTwh757lvXAW1wSSHJUTxYN QJxQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=+NJ183lW8pLtZPUZUZ5nx/Wuq0zFK6HVT2A/DaRECak=; b=OhIuiz7N5oLei75fYhB/6oJfuhc0oO1Nr6YFxLJAe40G6ckqHEvsX412F+ctbqOAMv B1R3ge2Oc9l4rqIoo8wffF9+71a/oJ5ZYl1jfNoZ3SkUgAhgNsAeQ+Y7qPwlCVTHVGaE hlcUwLuGOMtWPN0OPrZGUGfl28CLSAPqf9ghugMEA1cXNoCUjDaOcs1P4zSD1g+PrDHL fpceGxCRGLHUpftosibIeze+V0CO60vOPTOG/PgJsAzGNpvcQPG7yw6vCE+kanDmUxq9 U7iGzQp+pVM3VUEgeY+nRyUX1xeUT1bywlUdQeXTUJ5ySVBPlptVWkV1xg9AoOr70JL8 TjFQ== X-Gm-Message-State: AOAM530jZ0NARY6oBqNB8bDqLG9i1psGJFOpF2UePLVaOUk0TFLgoIYp JgNslzaxGeSvNVYHLp3SZXo= X-Google-Smtp-Source: ABdhPJzq1ahAdU838h9w0N0AY6wqZ3dDBjqVAMMQ+74MNY/9dEDlYpSkpkKVjNFA4Tbdei4M+Ch4tQ== X-Received: by 2002:a17:90a:17a4:: with SMTP id q33mr183715pja.0.1607051791945; Thu, 03 Dec 2020 19:16:31 -0800 (PST) Received: from clinic20-Precision-T3610.hsd1.ca.comcast.net ([2601:648:8400:9ef4:bf20:728e:4c43:a644]) by smtp.gmail.com with ESMTPSA id z25sm2264439pge.66.2020.12.03.19.16.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Dec 2020 19:16:31 -0800 (PST) From: Andreas Roeseler To: davem@davemloft.net, kuznet@ms2.inr.ac.ru, yoshfuji@linux-ipv6.org, kuba@kernel.org Cc: netdev@vger.kernel.org Subject: [PATCH net-next 1/6] icmp: support for RFC 8335 Date: Thu, 3 Dec 2020 19:16:30 -0800 Message-Id: <370f8a83f83bc201ef7f9fdd35aff86f632619a7.1607050389.git.andreas.a.roeseler@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org Add definitions for PROBE ICMP types and codes. Add a struct to represent the additional header when probing by IP address (ctype == 3) for use in parsing incoming PROBE messages. Signed-off-by: Andreas Roeseler --- include/uapi/linux/icmp.h | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/include/uapi/linux/icmp.h b/include/uapi/linux/icmp.h index fb169a50895e..0b69f1492f85 100644 --- a/include/uapi/linux/icmp.h +++ b/include/uapi/linux/icmp.h @@ -66,6 +66,21 @@ #define ICMP_EXC_TTL 0 /* TTL count exceeded */ #define ICMP_EXC_FRAGTIME 1 /* Fragment Reass time exceeded */ +/* Codes for EXT_ECHO (PROBE) */ +#define ICMP_EXT_ECHO 42 +#define ICMP_EXT_ECHOREPLY 43 +#define ICMP_EXT_MAL_QUERY 1 /* Malformed Query */ +#define ICMP_EXT_NO_IF 2 /* No such Interface */ +#define ICMP_EXT_NO_TABLE_ENT 3 /* No such Table Entry */ +#define ICMP_EXT_MULT_IFS 4 /* Multiple Interfaces Satisfy Query */ + +/* constants for EXT_ECHO (PROBE) */ +#define EXT_ECHOREPLY_ACTIVE (1 << 2)/* position of active flag in reply */ +#define EXT_ECHOREPLY_IPV4 (1 << 1)/* position of ipv4 flag in reply */ +#define EXT_ECHOREPLY_IPV6 1 /* position of ipv6 flag in reply */ +#define CTYPE_NAME 1 +#define CTYPE_INDEX 2 +#define CTYPE_ADDR 3 struct icmphdr { __u8 type; @@ -118,4 +133,11 @@ struct icmp_extobj_hdr { __u8 class_type; }; +/* RFC 8335: 2.1 Header for C-type 3 payload */ +struct icmp_ext_ctype3_hdr { + __u16 afi; + __u8 addrlen; + __u8 reserved; +}; + #endif /* _UAPI_LINUX_ICMP_H */ From patchwork Fri Dec 4 03:16:40 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Roeseler X-Patchwork-Id: 11950589 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9A678C4361A for ; Fri, 4 Dec 2020 03:17:29 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 55D4822517 for ; Fri, 4 Dec 2020 03:17:29 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727689AbgLDDR2 (ORCPT ); Thu, 3 Dec 2020 22:17:28 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46594 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727664AbgLDDR2 (ORCPT ); Thu, 3 Dec 2020 22:17:28 -0500 Received: from mail-pl1-x644.google.com (mail-pl1-x644.google.com [IPv6:2607:f8b0:4864:20::644]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 519E9C061A52 for ; Thu, 3 Dec 2020 19:16:42 -0800 (PST) Received: by mail-pl1-x644.google.com with SMTP id bj5so2341998plb.4 for ; Thu, 03 Dec 2020 19:16:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=6OppbIT1M1gvXOWsdS8QHmLhNPa/v+vgtcvDuscwBAU=; b=KSwdiRVUIqIAfWXb5NPKic4L2Xpn1VZAGol5E52YzNw88Q0CLElUTgvd0SuVCX1752 NBjRQFtthgbKNUxClysdjlyNzKktR1UJg95JUuJBU6PWyFPzF99AAmdE7bYixq3jPFxF adt/JqBNEciFderfyXAWvuGG+9E0CUU80qCvmAnY5HoBFYiNJNysqsOJI0ZvKiswImH2 6t3VKuGypN+EBgC3lPMAbUXkL1AT3K2b6jdSpTC70NPxfrq+OzbvpUcEMRxVCnkEsYcu 63x3N48Koaa2lIwcPR3h9aW5R5h19Pm5DYNjnNfPSnLJvymlgA6TogyYVpqNjaCjpBi3 iE2w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=6OppbIT1M1gvXOWsdS8QHmLhNPa/v+vgtcvDuscwBAU=; b=cRP2qgO52kJ2Y3unHfTLxVpZlrTIZqbzTGzWwxHIC9Fs3QkPnkO0zKa+JFOShW0zpN Os4IBGuTh94o+KmUhkAIiJqYHhsmZ0Dh0Eu0CwVgeE0PmEkISaxwxT5ochGaDezhZ/Ye Y80Z+RhVYSt52PoFTq22lhQ7jGzpuSUmuQSVcLR0wEi1O62s+pSo4uG/JbNjHFbeYcSi BAZKafC4YCyc1zCYChv+XrZKvLqq8sqyHU1zZpUs3yL43FnYfUEyzeC+ZoYxSJzwztdt XJRZNSGe4MMVs8Ap8QOwS9l8ofqBe7db4VIEgzRLnSREvRHOJs6NHRC7ySr6EwUbHrQH /dXA== X-Gm-Message-State: AOAM531x6itCeoKcmw0kmN3/vYJuK1aVyGXfMF7M/q1Yng/dDPreNH0U ETgrO/Pl09G+Qq6xXWwtsCs= X-Google-Smtp-Source: ABdhPJydM7pOfV1lov7nOfFs1SMbGTng5M6BsHCM5heeQ4/qQe0QSL0ufRP1CHOmN43KzcCcUATEcw== X-Received: by 2002:a17:90a:de0c:: with SMTP id m12mr2128560pjv.224.1607051801939; Thu, 03 Dec 2020 19:16:41 -0800 (PST) Received: from clinic20-Precision-T3610.hsd1.ca.comcast.net ([2601:648:8400:9ef4:bf20:728e:4c43:a644]) by smtp.gmail.com with ESMTPSA id k8sm3151896pfh.6.2020.12.03.19.16.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Dec 2020 19:16:41 -0800 (PST) From: Andreas Roeseler To: davem@davemloft.net, kuznet@ms2.inr.ac.ru, yoshfuji@linux-ipv6.org, kuba@kernel.org Cc: netdev@vger.kernel.org Subject: [PATCH net-next 2/6] ICMPv6: support for RFC 8335 Date: Thu, 3 Dec 2020 19:16:40 -0800 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org Add definitions for the ICMPV6 type of Extended Echo Request and Extended Echo Reply, as defined in sections 2 and 3 of RFC 8335. Signed-off-by: Andreas Roeseler --- include/uapi/linux/icmpv6.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/include/uapi/linux/icmpv6.h b/include/uapi/linux/icmpv6.h index 0564fd7ccde4..b2a9017ddb2d 100644 --- a/include/uapi/linux/icmpv6.h +++ b/include/uapi/linux/icmpv6.h @@ -140,6 +140,12 @@ struct icmp6hdr { #define ICMPV6_UNK_OPTION 2 #define ICMPV6_HDR_INCOMP 3 +/* + * Codes for EXT_ECHO (PROBE) + */ +#define ICMPV6_EXT_ECHO_REQUEST 160 +#define ICMPV6_EXT_ECHO_REPLY 161 + /* * constants for (set|get)sockopt */ From patchwork Fri Dec 4 03:16:49 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Roeseler X-Patchwork-Id: 11950591 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1B612C433FE for ; Fri, 4 Dec 2020 03:17:32 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id DAB4822517 for ; Fri, 4 Dec 2020 03:17:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727725AbgLDDRb (ORCPT ); Thu, 3 Dec 2020 22:17:31 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46616 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727669AbgLDDRa (ORCPT ); Thu, 3 Dec 2020 22:17:30 -0500 Received: from mail-pj1-x1032.google.com (mail-pj1-x1032.google.com [IPv6:2607:f8b0:4864:20::1032]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AFC43C061A53 for ; Thu, 3 Dec 2020 19:16:50 -0800 (PST) Received: by mail-pj1-x1032.google.com with SMTP id m5so2350021pjv.5 for ; Thu, 03 Dec 2020 19:16:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=rM4t2eXx/FS2J7CAO2fnC8vXaIERWWcRjKh6bkZ0osI=; b=R92+5YE9KqzDR26hmGKe9GIYFv2HJatvt41NZv8VoCVJ/KJe9aQmdyIV2lAsVhRf8q jM17sqo3QmQ+mVjqdXczPtf66ENIAZVD0wf4NIQsAT6skU1Y2FHvjWoU1B//BqhJAXmH mOpzd/8VkBpepK35UUtIg88dG6fmVYMLWgsxAwBAnb0eO+VGkB8aCFYWJj6FfuFuiPiJ +/gjE6wo8GtRMq1IMmywVNsB5uiVQY9JAqGkfbiG5q8kUcfMt1U/jfgV1hszyzyWfe8z sQQzsbvcjhRj33hXHPGXxAx1lWOVWuV6KlJM+rBvzUWDVRibJB9S7O3w2QkpL45ikAR/ TXpw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=rM4t2eXx/FS2J7CAO2fnC8vXaIERWWcRjKh6bkZ0osI=; b=N4YlChpegDhWqK0cmMx+vWQxY37Vyenb/X2FyFEvVYi3T4nnZdNlS3qIMYBXTIedZQ ZLDMt+wpMz+4yUBkJumr2SuOw4MQzmwi6PG1E0l0iDQjmHEW+yQ3R4KgdTriZXS8Zstl Gugk/8HpX3iLzOy7fVvZojW5J02JLePPh3np/YeTwk9G3GT8qitOXOf1bSuqlN9Pk0Ym edMy8RfcJBu/BOjPX5E6XY3mq9aq++wotHeApL+EvVPhGhApYY8fe0rcSjHx5ei5SjUe 9FgE6SOpIz5AGpKucwRn8SwS2eRITF/1arnvawLHvYvOsXmGRdil7JldFcQCWt5sa1CZ nOxw== X-Gm-Message-State: AOAM533HUfXwMHYNPoXQD/CAHZTRhX68XVhxmbORdDgMqF88caE3Xtt3 DDbaQZlmtgH1B8vu7gZmXqE= X-Google-Smtp-Source: ABdhPJyr/lbnckGafVC9J+5/GH2Fuu/6f67pXnGtu/LSpv/ldxpRqc162flhkhyj5w6YmZ16MkFtxQ== X-Received: by 2002:a17:90b:f8f:: with SMTP id ft15mr2215576pjb.210.1607051810359; Thu, 03 Dec 2020 19:16:50 -0800 (PST) Received: from clinic20-Precision-T3610.hsd1.ca.comcast.net ([2601:648:8400:9ef4:bf20:728e:4c43:a644]) by smtp.gmail.com with ESMTPSA id s11sm3089696pfh.128.2020.12.03.19.16.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Dec 2020 19:16:49 -0800 (PST) From: Andreas Roeseler To: davem@davemloft.net, kuznet@ms2.inr.ac.ru, yoshfuji@linux-ipv6.org, kuba@kernel.org Cc: netdev@vger.kernel.org Subject: [PATCH net-next 3/6] net: add sysctl for enabling RFC 8335 PROBE messages Date: Thu, 3 Dec 2020 19:16:49 -0800 Message-Id: <1de8170c1b7dec795f8ca257fbd56c61c36ad5a2.1607050389.git.andreas.a.roeseler@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org Section 8 of RFC 8335 specifies potential security concerns of responding to PROBE requests, and states that nodes that support PROBE functionality MUST be able to enable/disable responses and it is disabled by default. Add sysctl to enable responses to PROBE messages. Signed-off-by: Andreas Roeseler --- include/net/netns/ipv4.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/net/netns/ipv4.h b/include/net/netns/ipv4.h index 8e4fcac4df72..1d9b74228f3e 100644 --- a/include/net/netns/ipv4.h +++ b/include/net/netns/ipv4.h @@ -85,6 +85,7 @@ struct netns_ipv4 { #endif int sysctl_icmp_echo_ignore_all; + int sysctl_icmp_echo_enable_probe; int sysctl_icmp_echo_ignore_broadcasts; int sysctl_icmp_ignore_bogus_error_responses; int sysctl_icmp_ratelimit; From patchwork Fri Dec 4 03:16:55 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Roeseler X-Patchwork-Id: 11950593 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1582DC4361A for ; Fri, 4 Dec 2020 03:17:39 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id C56B622517 for ; Fri, 4 Dec 2020 03:17:38 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727738AbgLDDRi (ORCPT ); Thu, 3 Dec 2020 22:17:38 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46634 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727474AbgLDDRh (ORCPT ); Thu, 3 Dec 2020 22:17:37 -0500 Received: from mail-pl1-x642.google.com (mail-pl1-x642.google.com [IPv6:2607:f8b0:4864:20::642]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9055BC061A54 for ; Thu, 3 Dec 2020 19:16:57 -0800 (PST) Received: by mail-pl1-x642.google.com with SMTP id bj5so2342287plb.4 for ; Thu, 03 Dec 2020 19:16:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=unBJBYdJa7K6GwvokZQDCPmEMeNN5XNEhIq5Z4evB24=; b=iVnbkn3uEffoGNwzXjPRLE3qHej5rA0Ovf2JvVtGmJq5eeUW55rLXAJ+WsffJLHa29 3DbIOTV2G8zBhwF9QPlnrLaltkkrcmoR6aGsvKaix33jRRFTP6/RthqeM73DywhfZ7HI RyV9H8CpQloZQFZvFvdaA6PlDuHnKqKRJELzQ7UIVkfAdVKGjb5L1Lpfr4W6pZhY3j27 VBNv58zSSivLas6Utv2P6UqB3ivj6RU9WvrycLqyvs/Axwu5PyGK3zzl6RU7BjoT5Xuv hASV72yc88LzRKEdm42lVMiC8HyquFdZLTTeEFMSWWWSQ298Tix6rLKijFy0hatvl7Uz 4ByQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=unBJBYdJa7K6GwvokZQDCPmEMeNN5XNEhIq5Z4evB24=; b=ujvPdgPjtepOtECva/6ZbzZ9GL3E4dRjra2p0Rd8v6mm753vP9HW5Xmh6KTy5M4/w2 KPOEhyX7m8K7LftPoucpbCnf3FV6qczE6skHed1nQujC4982CyK7JXuRwH5QiaH/tk6i UxUQgrdzxTtR2J301gvQgQKhBPo1/SaLS5oLJTi3Hvfj/B3H1qSM63hKvYXI05fhufHg U2PJIZtPZll9LAvoMFSgtEpKYPUrCU9vipBpgQfOcY9MxneY1pBfSHil/2EtgaiGWbZs 7GbnfG+CKrNUjYVuXeameno8RPGhLYvlnBMCIl/mPsbPJk2AK7i+3lN21bMFzVDdx74b XIdw== X-Gm-Message-State: AOAM530aAGFgo5b9eUxZyE2MTqBaf2Sg8PAMEBTOC8JoxiZEAkJmE1qK +TRKoFYC+nItuVfQdtJ4KsE= X-Google-Smtp-Source: ABdhPJwD8+nR8gFw8O220s1mDziWkfvT0ZynZYBPY6DHaqFRa45r0vQHb3NC3JZTZAPLetmkpeeObw== X-Received: by 2002:a17:90a:6588:: with SMTP id k8mr2177650pjj.197.1607051816765; Thu, 03 Dec 2020 19:16:56 -0800 (PST) Received: from clinic20-Precision-T3610.hsd1.ca.comcast.net ([2601:648:8400:9ef4:bf20:728e:4c43:a644]) by smtp.gmail.com with ESMTPSA id q19sm3042251pff.101.2020.12.03.19.16.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Dec 2020 19:16:56 -0800 (PST) From: Andreas Roeseler To: davem@davemloft.net, kuznet@ms2.inr.ac.ru, yoshfuji@linux-ipv6.org, kuba@kernel.org Cc: netdev@vger.kernel.org Subject: [PATCH net-next 4/6] net: add sysctl for enabling RFC 8335 PROBE messages Date: Thu, 3 Dec 2020 19:16:55 -0800 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org Section 8 of RFC 8335 specifies potential security concerns of responding to PROBE requests, and states that nodes that support PROBE functionality MUST be able to enable/disable responses and it is disabled by default. Add sysctl to enable responses to PROBE messages. Signed-off-by: Andreas Roeseler --- net/ipv4/sysctl_net_ipv4.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c index 3e5f4f2e705e..f9f0e9d7394f 100644 --- a/net/ipv4/sysctl_net_ipv4.c +++ b/net/ipv4/sysctl_net_ipv4.c @@ -599,6 +599,13 @@ static struct ctl_table ipv4_net_table[] = { .mode = 0644, .proc_handler = proc_dointvec }, + { + .procname = "icmp_echo_enable_probe", + .data = &init_net.ipv4.sysctl_icmp_echo_enable_probe, + .maxlen = sizeof(int), + .mode = 0644, + .proc_handler = proc_dointvec + }, { .procname = "icmp_echo_ignore_broadcasts", .data = &init_net.ipv4.sysctl_icmp_echo_ignore_broadcasts, From patchwork Fri Dec 4 03:17:02 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Roeseler X-Patchwork-Id: 11950595 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E52B5C4361B for ; Fri, 4 Dec 2020 03:17:45 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id A199822517 for ; Fri, 4 Dec 2020 03:17:45 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727753AbgLDDRo (ORCPT ); Thu, 3 Dec 2020 22:17:44 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46656 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727474AbgLDDRo (ORCPT ); Thu, 3 Dec 2020 22:17:44 -0500 Received: from mail-pl1-x642.google.com (mail-pl1-x642.google.com [IPv6:2607:f8b0:4864:20::642]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7FDCCC061A51 for ; Thu, 3 Dec 2020 19:17:04 -0800 (PST) Received: by mail-pl1-x642.google.com with SMTP id j1so2346110pld.3 for ; Thu, 03 Dec 2020 19:17:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=GruVPqLuOype9ik6Ae+LofiIzgnB3RBUwZpQkQt0gCY=; b=d+r5W9cIiX32t49DWQAfKBI0Nrg/+KqoSfkAjLNQVfd34eVKYnLPQY0Di6N7vUjfVv zON9KNS9yI+I77ml25IjGyB8Hc3TCTNQNWA5877JuC3xWZWmF7BTTX10xMeO/l2fHGqQ 7wkuQTLNrg2q+t1Ol3AmPbx4sC/0bLLuwfZ9zi364oxFBoTqqO1Ohjvq0nLHjVT6nwVp hdPhD5HKwCUM5LE1j0jtz7wQjB/Oqtvy79ZPwH6X1x5OcBUrmy6PYqLLoLOGY9nESvR/ OIC7dUt4MS6EHnHCPTSWqXa85oOlMuYMuVf8ZV0sWPXahmYHBgCPhq4bss+yIR2Rk7AL /xgg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=GruVPqLuOype9ik6Ae+LofiIzgnB3RBUwZpQkQt0gCY=; b=dwOOwd9MrdFjverK+z5L6CARV03LfbvZucQ+p9qseSPEDDijhmYKc8MpvV7V06fL5m 41f9iy+MXU+3L1r7Rr9ljRablYb5DntWXWbce58YyBENRkGRiOxebdOYsAaAdjYDS4be 8a/0j+luOs3pUdDUeBlzxWI5bLkkbYa06GaTVyF8gRbV3AP+c0Ik+T+QvEggqrzjIlef LbrdjRvDqlfPJJe5n3LCG1xdnQtrjTeQAUkfaGWTM74YVV9GpGz8A49+z0OK47L+1zU8 TMRbDx0kKO7gAthOwLhDD4odhYiJGKPpqmuJGckMV4nDTB+S9YzcNlm/jZfQi/Yf7Zes ULhw== X-Gm-Message-State: AOAM533hFjPr8fyUzyZAMrN/WMoyvvCur89twPH4+ssWdk3GA9gCMRqb Ci7MIfnXHjZbSGKTje/c+88aLaGA77rshQ== X-Google-Smtp-Source: ABdhPJzQ5M2CQcJEfJ9Db6aCsSueGdyF964TLGepXh9oQ0I3vTtineXpHvckXd5KQaTZsVyYDjTnaQ== X-Received: by 2002:a17:902:ab83:b029:d8:d979:f083 with SMTP id f3-20020a170902ab83b02900d8d979f083mr2062055plr.84.1607051824163; Thu, 03 Dec 2020 19:17:04 -0800 (PST) Received: from clinic20-Precision-T3610.hsd1.ca.comcast.net ([2601:648:8400:9ef4:bf20:728e:4c43:a644]) by smtp.gmail.com with ESMTPSA id b20sm2797308pfi.218.2020.12.03.19.17.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Dec 2020 19:17:03 -0800 (PST) From: Andreas Roeseler To: davem@davemloft.net, kuznet@ms2.inr.ac.ru, yoshfuji@linux-ipv6.org, kuba@kernel.org Cc: netdev@vger.kernel.org Subject: [PATCH net-next 5/6] net: add support for sending RFC 8335 PROBE messages Date: Thu, 3 Dec 2020 19:17:02 -0800 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org Modify the ping_supported function to support PROBE message types. This allows tools such as the ping command in the iputils package to be modified to send PROBE requests through the existing framework for sending ping requests. Signed-off-by: Andreas Roeseler --- net/ipv4/ping.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c index 248856b301c4..39bdcb2bfc92 100644 --- a/net/ipv4/ping.c +++ b/net/ipv4/ping.c @@ -453,7 +453,9 @@ EXPORT_SYMBOL_GPL(ping_bind); static inline int ping_supported(int family, int type, int code) { return (family == AF_INET && type == ICMP_ECHO && code == 0) || - (family == AF_INET6 && type == ICMPV6_ECHO_REQUEST && code == 0); + (family == AF_INET && type == ICMP_EXT_ECHO && code == 0) || + (family == AF_INET6 && type == ICMPV6_ECHO_REQUEST && code == 0) || + (family == AF_INET6 && type == ICMPV6_EXT_ECHO_REQUEST && code == 0); } /* From patchwork Fri Dec 4 03:17:11 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Roeseler X-Patchwork-Id: 11950597 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 01BD1C4361B for ; Fri, 4 Dec 2020 03:17:55 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id B031A22517 for ; Fri, 4 Dec 2020 03:17:54 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727791AbgLDDRy (ORCPT ); Thu, 3 Dec 2020 22:17:54 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46682 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727066AbgLDDRx (ORCPT ); Thu, 3 Dec 2020 22:17:53 -0500 Received: from mail-pg1-x544.google.com (mail-pg1-x544.google.com [IPv6:2607:f8b0:4864:20::544]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4CA9DC061A4F for ; Thu, 3 Dec 2020 19:17:13 -0800 (PST) Received: by mail-pg1-x544.google.com with SMTP id t37so2676225pga.7 for ; Thu, 03 Dec 2020 19:17:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=KhdUb7dyDzVdEjqGLBmV/wGAVdtT552zc8ri2UMvozM=; b=Cads377RA/jnwd/YITfFD3QmsMifej4eDF6K+sYpjbXnK8gglkNvscSwVMpyIMc/St 2j9dvvAZdxa5xrpIl+D0OorAQ9chUhGcerhuyU5c8x9qFGb8ekICGZOKdl0ZrsbgYqg+ W3hDPMKZqnHxKlc8Hx2q8bwbOibl+mtjQfRh4lnzYdcf7g20ccVu/Rt6sLT6DGNASDc7 Y6fZVkLmSRe2vmUFd64wPh4599YkW/Z866wn3CQ4zcMCsJs5e3UBCAgfB3kgQleLY0Ka RhG5en0OHPM4Cr+qGDyCoYCklOESVf1glITjL38bdUqsEb1uqNt/VPuk5z2ILmjvXLG+ mlQg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=KhdUb7dyDzVdEjqGLBmV/wGAVdtT552zc8ri2UMvozM=; b=WGfOh6k4VzFnYsKhw1GC/LhkinECCoCKcbUfSeFIgH+QczjdT9+SMnT2ZJ01EumvcI jzICd3/J8LDKKbi6ZgG9njWFB9SMTVCx/Cc2v3NWNmCZidxOpi2I5NaXFxcVJtOf6fas Tq+UhDl0zi8l/ctzBK5sZeLtRyc8aZ0SwUuNUsI7ninpqV26Rsl6hKevTPZOGR+3DlPZ 56CENuolqHAIetxOsXTjwpTAQjIzeNqUmW3OKYTWce2yhq0xXSWZs+/dpSYRF0I1knin vTDIhwm6vhlGevv1FaakCCYbzPwGMaqcF4R27kbeFcl4isWDKg+oHHGaQZXj9mGu3NDT 3Bgg== X-Gm-Message-State: AOAM533aF2h/xuLJ24qHXv2yVDKnk29UAhQmrg4BM/F4iSJxU8BA0iKC Nl2Zzdl2v0KqJEmxH9y5Tmw= X-Google-Smtp-Source: ABdhPJy1WtJuXhpNESK/fwjiD6T6c3g2rwtisrKBwwmv8URurGp6cVUq6fA0Rn2yKuXYXl1uzWmqOw== X-Received: by 2002:a63:d312:: with SMTP id b18mr5736848pgg.233.1607051832879; Thu, 03 Dec 2020 19:17:12 -0800 (PST) Received: from clinic20-Precision-T3610.hsd1.ca.comcast.net ([2601:648:8400:9ef4:bf20:728e:4c43:a644]) by smtp.gmail.com with ESMTPSA id h7sm3072153pfr.210.2020.12.03.19.17.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Dec 2020 19:17:12 -0800 (PST) From: Andreas Roeseler To: davem@davemloft.net, kuznet@ms2.inr.ac.ru, yoshfuji@linux-ipv6.org, kuba@kernel.org Cc: netdev@vger.kernel.org Subject: [PATCH net-next 6/6] icmp: add response to RFC 8335 PROBE messages Date: Thu, 3 Dec 2020 19:17:11 -0800 Message-Id: <403b12364707f6e579b91927799c505867336bb3.1607050389.git.andreas.a.roeseler@gmail.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org Modify the icmp_rcv function to check for PROBE messages and call icmp_echo if a PROBE request is detected. Modify the existing icmp_echo function to respond to both ping and PROBE requests. This was tested using a custom modification of the iputils package and wireshark. It supports IPV4 probing by name, ifindex, and probing by both IPV4 and IPV6 addresses. It currently does not support responding to probes off the proxy node (See RFC 8335 Section 2). Signed-off-by: Andreas Roeseler --- net/ipv4/icmp.c | 135 ++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 125 insertions(+), 10 deletions(-) diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c index 005faea415a4..313061b60387 100644 --- a/net/ipv4/icmp.c +++ b/net/ipv4/icmp.c @@ -984,20 +984,121 @@ static bool icmp_redirect(struct sk_buff *skb) static bool icmp_echo(struct sk_buff *skb) { struct net *net; + struct icmp_bxm icmp_param; + struct net_device *dev; + struct net_device *target_dev; + struct in_ifaddr *ifaddr; + struct inet6_ifaddr *inet6_ifaddr; + struct list_head *position; + struct icmp_extobj_hdr *extobj_hdr; + struct icmp_ext_ctype3_hdr *ctype3_hdr; + __u8 status; net = dev_net(skb_dst(skb)->dev); - if (!net->ipv4.sysctl_icmp_echo_ignore_all) { - struct icmp_bxm icmp_param; + /* should there be an ICMP stat for ignored echos? */ + if (net->ipv4.sysctl_icmp_echo_ignore_all) + return true; + + icmp_param.data.icmph = *icmp_hdr(skb); + icmp_param.skb = skb; + icmp_param.offset = 0; + icmp_param.data_len = skb->len; + icmp_param.head_len = sizeof(struct icmphdr); - icmp_param.data.icmph = *icmp_hdr(skb); + if (icmp_param.data.icmph.type == ICMP_ECHO) { icmp_param.data.icmph.type = ICMP_ECHOREPLY; - icmp_param.skb = skb; - icmp_param.offset = 0; - icmp_param.data_len = skb->len; - icmp_param.head_len = sizeof(struct icmphdr); - icmp_reply(&icmp_param, skb); + goto send_reply; } - /* should there be an ICMP stat for ignored echos? */ + if (!net->ipv4.sysctl_icmp_echo_enable_probe) + return true; + /* We currently do not support probing off the proxy node */ + if ((ntohs(icmp_param.data.icmph.un.echo.sequence) & 1) == 0) + return true; + + icmp_param.data.icmph.type = ICMP_EXT_ECHOREPLY; + icmp_param.data.icmph.un.echo.sequence &= htons(0xFF00); + extobj_hdr = (struct icmp_extobj_hdr *)(skb->data + sizeof(struct icmp_ext_hdr)); + ctype3_hdr = (struct icmp_ext_ctype3_hdr *)(extobj_hdr + 1); + status = 0; + target_dev = NULL; + read_lock(&dev_base_lock); + for_each_netdev(net, dev) { + switch (extobj_hdr->class_type) { + case CTYPE_NAME: + if (strcmp(dev->name, (char *)(extobj_hdr + 1)) == 0) + goto found_matching_interface; + break; + case CTYPE_INDEX: + if (ntohl(*((uint32_t *)(extobj_hdr + 1))) == + dev->ifindex) + goto found_matching_interface; + break; + case CTYPE_ADDR: + switch (ntohs(ctype3_hdr->afi)) { + /* IPV4 address */ + case 1: + ifaddr = dev->ip_ptr->ifa_list; + while (ifaddr) { + if (memcmp(&ifaddr->ifa_address, + (ctype3_hdr + 1), + sizeof(ifaddr->ifa_address)) == 0) + goto found_matching_interface; + ifaddr = ifaddr->ifa_next; + } + break; + /* IPV6 address */ + case 2: + list_for_each(position, + &dev->ip6_ptr->addr_list) { + inet6_ifaddr = list_entry(position, + struct inet6_ifaddr, + if_list); + if (memcmp(&inet6_ifaddr->addr.in6_u, + (ctype3_hdr + 1), + sizeof(inet6_ifaddr->addr.in6_u)) == 0) + goto found_matching_interface; + } + break; + default: + icmp_param.data.icmph.code = ICMP_EXT_MAL_QUERY; + goto unlock_dev; + } + break; + default: + icmp_param.data.icmph.code = ICMP_EXT_MAL_QUERY; + goto unlock_dev; + } + continue; +found_matching_interface: + if (target_dev) { + icmp_param.data.icmph.code = ICMP_EXT_MULT_IFS; + goto unlock_dev; + } + target_dev = dev; + } + if (!target_dev) { + icmp_param.data.icmph.code = ICMP_EXT_NO_IF; + goto unlock_dev; + } + + /* RFC 8335: 3 the last 8 bits of the Extended Echo Reply Message + * are laid out as follows: + * +-+-+-+-+-+-+-+-+ + * |State|Res|A|4|6| + * +-+-+-+-+-+-+-+-+ + */ + if (target_dev->flags & IFF_UP) + status |= EXT_ECHOREPLY_ACTIVE; + if (target_dev->ip_ptr->ifa_list) + status |= EXT_ECHOREPLY_IPV4; + if (!list_empty(&target_dev->ip6_ptr->addr_list)) + status |= EXT_ECHOREPLY_IPV6; + + icmp_param.data.icmph.un.echo.sequence |= htons(status); +unlock_dev: + read_unlock(&dev_base_lock); +send_reply: + icmp_reply(&icmp_param, skb); return true; } @@ -1087,6 +1188,13 @@ int icmp_rcv(struct sk_buff *skb) icmph = icmp_hdr(skb); ICMPMSGIN_INC_STATS(net, icmph->type); + + /* + * Check for ICMP Extended Echo (PROBE) messages + */ + if (icmph->type == ICMP_EXT_ECHO || icmph->type == ICMPV6_EXT_ECHO_REQUEST) + goto probe; + /* * 18 is the highest 'known' ICMP type. Anything else is a mystery * @@ -1096,7 +1204,6 @@ int icmp_rcv(struct sk_buff *skb) if (icmph->type > NR_ICMP_TYPES) goto error; - /* * Parse the ICMP message */ @@ -1123,6 +1230,7 @@ int icmp_rcv(struct sk_buff *skb) success = icmp_pointers[icmph->type].handler(skb); +success_check: if (success) { consume_skb(skb); return NET_RX_SUCCESS; @@ -1136,6 +1244,13 @@ int icmp_rcv(struct sk_buff *skb) error: __ICMP_INC_STATS(net, ICMP_MIB_INERRORS); goto drop; +probe: + /* + * We can't use icmp_pointers[].handler() because the codes for PROBE + * messages are 42 or 160 + */ + success = icmp_echo(skb); + goto success_check; } static bool ip_icmp_error_rfc4884_validate(const struct sk_buff *skb, int off)