net: icmp: add skb drop reasons to icmp protocol

	SKB_DROP_REASON_TAP_TXFILTER,	/* dropped by tx filter implemented

					 * at tun/tap, e.g., check_filter()

					 */

	SKB_DROP_REASON_ICMP_CSUM,	/* ICMP checksum error */

	SKB_DROP_REASON_INVALID_PROTO,	/* the packet doesn't follow RFC

					 * 2211, such as a broadcasts

					 * ICMP_TIMESTAMP

					 */

	SKB_DROP_REASON_MAX,

};

int  ping_common_sendmsg(int family, struct msghdr *msg, size_t len,

			 void *user_icmph, size_t icmph_len);

int  ping_queue_rcv_skb(struct sock *sk, struct sk_buff *skb);

bool ping_rcv(struct sk_buff *skb);

enum skb_drop_reason ping_rcv(struct sk_buff *skb);

#ifdef CONFIG_PROC_FS

void *ping_seq_start(struct seq_file *seq, loff_t *pos, sa_family_t family);

	EM(SKB_DROP_REASON_HDR_TRUNC, HDR_TRUNC)		\

	EM(SKB_DROP_REASON_TAP_FILTER, TAP_FILTER)		\

	EM(SKB_DROP_REASON_TAP_TXFILTER, TAP_TXFILTER)		\

	EM(SKB_DROP_REASON_ICMP_CSUM, ICMP_CSUM)		\

	EM(SKB_DROP_REASON_INVALID_PROTO, INVALID_PROTO)	\

	EMe(SKB_DROP_REASON_MAX, MAX)

#undef EM

 */

struct icmp_control {

	bool (*handler)(struct sk_buff *skb);

	enum skb_drop_reason (*handler)(struct sk_buff *skb);

	short   error;		/* This ICMP is classed as an error message */

};

 *	ICMP_PARAMETERPROB.

 */

static bool icmp_unreach(struct sk_buff *skb)

static enum skb_drop_reason icmp_unreach(struct sk_buff *skb)

{

	enum skb_drop_reason reason = SKB_NOT_DROPPED_YET;

	const struct iphdr *iph;

	struct icmphdr *icmph;

	struct net *net;

	icmph = icmp_hdr(skb);

	iph   = (const struct iphdr *)skb->data;

	if (iph->ihl < 5) /* Mangled header, drop. */

	if (iph->ihl < 5)  { /* Mangled header, drop. */

		reason = SKB_DROP_REASON_IP_INHDR;

		goto out_err;

	}

	switch (icmph->type) {

	case ICMP_DEST_UNREACH:

	icmp_socket_deliver(skb, info);

out:

	return true;

	return reason;

out_err:

	__ICMP_INC_STATS(net, ICMP_MIB_INERRORS);

	return false;

	return reason ?: SKB_DROP_REASON_NOT_SPECIFIED;

}

 *	Handle ICMP_REDIRECT.

 */

static bool icmp_redirect(struct sk_buff *skb)

static enum skb_drop_reason icmp_redirect(struct sk_buff *skb)

{

	if (skb->len < sizeof(struct iphdr)) {

		__ICMP_INC_STATS(dev_net(skb->dev), ICMP_MIB_INERRORS);

		return false;

		return SKB_DROP_REASON_PKT_TOO_SMALL;

	}

	if (!pskb_may_pull(skb, sizeof(struct iphdr))) {

		/* there aught to be a stat */

		return false;

		return SKB_DROP_REASON_NOMEM;

	}

	icmp_socket_deliver(skb, ntohl(icmp_hdr(skb)->un.gateway));

	return true;

	return SKB_NOT_DROPPED_YET;

}

/*

 *	See also WRT handling of options once they are done and working.

 */

static bool icmp_echo(struct sk_buff *skb)

static enum skb_drop_reason icmp_echo(struct sk_buff *skb)

{

	struct icmp_bxm icmp_param;

	struct net *net;

	net = dev_net(skb_dst(skb)->dev);

	/* should there be an ICMP stat for ignored echos? */

	if (net->ipv4.sysctl_icmp_echo_ignore_all)

		return true;

		return SKB_NOT_DROPPED_YET;

	icmp_param.data.icmph	   = *icmp_hdr(skb);

	icmp_param.skb		   = skb;

	if (icmp_param.data.icmph.type == ICMP_ECHO)

		icmp_param.data.icmph.type = ICMP_ECHOREPLY;

	else if (!icmp_build_probe(skb, &icmp_param.data.icmph))

		return true;

		return SKB_NOT_DROPPED_YET;

	icmp_reply(&icmp_param, skb);

	return true;

	return SKB_NOT_DROPPED_YET;

}

/*	Helper for icmp_echo and icmpv6_echo_reply.

 *		  MUST be accurate to a few minutes.

 *		  MUST be updated at least at 15Hz.

 */

static bool icmp_timestamp(struct sk_buff *skb)

static enum skb_drop_reason icmp_timestamp(struct sk_buff *skb)

{

	struct icmp_bxm icmp_param;

	/*

	icmp_param.data_len	   = 0;

	icmp_param.head_len	   = sizeof(struct icmphdr) + 12;

	icmp_reply(&icmp_param, skb);

	return true;

	return SKB_NOT_DROPPED_YET;

out_err:

	__ICMP_INC_STATS(dev_net(skb_dst(skb)->dev), ICMP_MIB_INERRORS);

	return false;

	return SKB_DROP_REASON_PKT_TOO_SMALL;

}

static bool icmp_discard(struct sk_buff *skb)

static enum skb_drop_reason icmp_discard(struct sk_buff *skb)

{

	/* pretend it was a success */

	return true;

	return SKB_NOT_DROPPED_YET;

}

/*

 */

int icmp_rcv(struct sk_buff *skb)

{

	struct icmphdr *icmph;

	enum skb_drop_reason reason = SKB_DROP_REASON_NOT_SPECIFIED;

	struct rtable *rt = skb_rtable(skb);

	struct net *net = dev_net(rt->dst.dev);

	bool success;

	struct icmphdr *icmph;

	if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) {

		struct sec_path *sp = skb_sec_path(skb);

		int nh;

		if (!(sp && sp->xvec[sp->len - 1]->props.flags &

				 XFRM_STATE_ICMP))

				 XFRM_STATE_ICMP)) {

			reason = SKB_DROP_REASON_XFRM_POLICY;

			goto drop;

		}

		if (!pskb_may_pull(skb, sizeof(*icmph) + sizeof(struct iphdr)))

			goto drop;

		nh = skb_network_offset(skb);

		skb_set_network_header(skb, sizeof(*icmph));

		if (!xfrm4_policy_check_reverse(NULL, XFRM_POLICY_IN, skb))

		if (!xfrm4_policy_check_reverse(NULL, XFRM_POLICY_IN,

						skb)) {

			reason = SKB_DROP_REASON_XFRM_POLICY;

			goto drop;

		}

		skb_set_network_header(skb, nh);

	}

		/* We can't use icmp_pointers[].handler() because it is an array of

		 * size NR_ICMP_TYPES + 1 (19 elements) and PROBE has code 42.

		 */

		success = icmp_echo(skb);

		goto success_check;

		reason = icmp_echo(skb);

		goto reason_check;

	}

	if (icmph->type == ICMP_EXT_ECHOREPLY) {

		success = ping_rcv(skb);

		goto success_check;

		reason = ping_rcv(skb);

		goto reason_check;

	}

	/*

	 *	RFC 1122: 3.2.2  Unknown ICMP messages types MUST be silently

	 *		  discarded.

	 */

	if (icmph->type > NR_ICMP_TYPES)

	if (icmph->type > NR_ICMP_TYPES) {

		reason = SKB_DROP_REASON_UNHANDLED_PROTO;

		goto error;

	}

	/*

	 *	Parse the ICMP message

		if ((icmph->type == ICMP_ECHO ||

		     icmph->type == ICMP_TIMESTAMP) &&

		    net->ipv4.sysctl_icmp_echo_ignore_broadcasts) {

			reason = SKB_DROP_REASON_INVALID_PROTO;

			goto error;

		}

		if (icmph->type != ICMP_ECHO &&

		    icmph->type != ICMP_TIMESTAMP &&

		    icmph->type != ICMP_ADDRESS &&

		    icmph->type != ICMP_ADDRESSREPLY) {

			reason = SKB_DROP_REASON_INVALID_PROTO;

			goto error;

		}

	}

	success = icmp_pointers[icmph->type].handler(skb);

success_check:

	if (success)  {

	reason = icmp_pointers[icmph->type].handler(skb);

reason_check:

	if (!reason)  {

		consume_skb(skb);

		return NET_RX_SUCCESS;

	}

drop:

	kfree_skb(skb);

	kfree_skb_reason(skb, reason);

	return NET_RX_DROP;

csum_error:

	reason = SKB_DROP_REASON_ICMP_CSUM;

	__ICMP_INC_STATS(net, ICMP_MIB_CSUMERRORS);

error:

	__ICMP_INC_STATS(net, ICMP_MIB_INERRORS);

 *	All we need to do is get the socket.

 */

bool ping_rcv(struct sk_buff *skb)

enum skb_drop_reason ping_rcv(struct sk_buff *skb)

{

	enum skb_drop_reason reason = SKB_DROP_REASON_NO_SOCKET;

	struct sock *sk;

	struct net *net = dev_net(skb->dev);

	struct icmphdr *icmph = icmp_hdr(skb);

	bool rc = false;

	/* We assume the packet has already been checked by icmp_rcv */

		struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC);

		pr_debug("rcv on socket %p\n", sk);

		if (skb2 && !ping_queue_rcv_skb(sk, skb2))

			rc = true;

		if (skb2)

			reason = __ping_queue_rcv_skb(sk, skb2);

		else

			reason = SKB_DROP_REASON_NOMEM;

		sock_put(sk);

	}

	if (!rc)

	if (reason)

		pr_debug("no socket, dropping\n");

	return rc;

	return reason;

}

EXPORT_SYMBOL_GPL(ping_rcv);