/**
* Print info about bogus and possibly dangerous ICMP messages.
* e.g. "ICMP: (144.133.122.111) Bogus Redirect; GW = 111.110.109.108"
*/
static void icmp_bogus (const in_Header *ip, int type, const char *msg)
{
char buf[100];
strcpy (buf, _LANG("Bogus "));
strcat (buf, _LANG(icmp_type_str[type]));
if (msg)
strcat (buf, msg);
icmp_print (1, buf, ip->source);
}
/*
* Send an "ICMP Time Exceeded" (reassebly timeout) back to 'ip->source'
*/
void icmp_timexceed (const in_Header *ip, const void *mac_dest)
{
struct _pkt *pkt;
union icmp_pkt *tim;
int len;
if (!icmp_chk_src(ip,ICMP_TIMXCEED))
return;
pkt = (struct _pkt*) _eth_formatpacket (mac_dest, IP_TYPE);
tim = &pkt->icmp;
len = intel16 (ip->length) - in_GetHdrLen (ip);
len = min (len, sizeof(*ip) + sizeof(tim->unused.spares));
icmp_print (1, icmp_exceed_str[1], ip->destination);
memcpy (&tim->unused.ip, ip, len);
tim->unused.type = ICMP_TIMXCEED;
tim->unused.code = 1;
icmp_send (pkt, ip->destination, ip->source, sizeof(tim->unused));
}
/*
* Send an ICMP destination/protocol unreachable back to ip->source
*/
void icmp_unreach (const in_Header *ip, int code)
{
struct _pkt *pkt;
union icmp_pkt *unr;
int len;
if (!icmp_chk_src(ip,ICMP_UNREACH))
return;
pkt = (struct _pkt*) _eth_formatpacket (MAC_SRC(ip), IP_TYPE);
unr = &pkt->icmp;
len = intel16 (ip->length) - in_GetHdrLen (ip);
len = min (len, sizeof(*ip)+sizeof(unr->unused.spares));
icmp_print (1, icmp_unreach_str[code], ip->destination);
memcpy (&unr->unused.ip, ip, len);
unr->unused.type = ICMP_UNREACH;
unr->unused.code = code;
icmp_send (pkt, ip->destination, ip->source, sizeof(unr->unused));
}
/*
* Handler for incoming ICMP packets
*/
void icmp_handler (const in_Header *ip, BOOL broadcast)
{
union icmp_pkt *icmp;
in_Header *orig_ip;
int len, type, code;
BOOL for_me, i_orig; /* is it for me, did I originate it */
const char *msg;
DEBUG_RX (NULL, ip);
if (block_icmp) /* application is handling ICMP; not needed */
return;
len = in_GetHdrLen (ip);
icmp = (union icmp_pkt*) ((BYTE*)ip + len);
len = intel16 (ip->length) - len;
for_me = (DWORD) (intel(ip->destination) - my_ip_addr) <= multihomes;
if (!for_me || broadcast) /* drop broadcast pings.. */
return;
if (len < sizeof(icmp->info))
{
STAT (icmpstats.icps_tooshort++);
return;
}
if (checksum(icmp,len) != 0xFFFF)
{
STAT (icmpstats.icps_checksum++);
icmp_print (1, _LANG("bad checksum"), ip->source);
return;
}
type = icmp->unused.type;
code = icmp->unused.code;
orig_ip = &icmp->ip.ip;
i_orig = is_local_addr (intel(orig_ip->source));
if (type == ICMP_MASKREPLY)
{
if (!_domask_req)
return;
i_orig = TRUE;
}
/* !! this needs work
*/
if (!i_orig &&
(type != ICMP_ECHOREPLY && type != ICMP_ECHO &&
type != ICMP_IREQREPLY && type != ICMP_TSTAMP))
{
icmp_bogus (ip, type, NULL);
return;
}
switch (type)
{
case ICMP_ECHOREPLY: /* check if we were waiting for it */
STAT (icmpstats.icps_inhist[ICMP_ECHOREPLY]++);
ping_hcache = intel (ip->source);
ping_tcache = set_timeout (1000) - *(DWORD*)&icmp->echo.identifier;
if (ping_tcache > 0x7FFFFFFFL)
ping_tcache += 0x1800B0L;
ping_number = *(DWORD*)(((BYTE*)&icmp->echo.identifier) + 4);
return;
case ICMP_UNREACH:
STAT (icmpstats.icps_inhist[ICMP_UNREACH]++);
if (code < DIM(icmp_unreach_str))
{
icmp_print (1, msg = icmp_unreach_str[code], ip->source);
#if !defined(USE_UDP_ONLY)
if (orig_ip->proto == TCP_PROTO)
_tcp_cancel (orig_ip, type, msg, 0);
else
#endif
if (orig_ip->proto == UDP_PROTO)
_udp_cancel (orig_ip, type, msg, 0);
}
else
STAT (icmpstats.icps_badcode++);
return;
case ICMP_SOURCEQUENCH:
STAT (icmpstats.icps_inhist[ICMP_SOURCEQUENCH]++);
#if !defined(USE_UDP_ONLY)
if (orig_ip->proto == TCP_PROTO)
{
icmp_print (1, _LANG("Source Quench"), ip->source);
_tcp_cancel (orig_ip, type, NULL, 0);
}
#endif
return;
case ICMP_REDIRECT:
STAT (icmpstats.icps_inhist[ICMP_REDIRECT]++);
if (code < 4)
{
DWORD new_gw = intel (icmp->ip.ipaddr);
/* Check if new gateway is on our subnet
*/
if ((new_gw ^ my_ip_addr) & sin_mask)
{
char buf[100], adr[20];
strcpy (buf, ", GW = ");
strcat (buf, _inet_ntoa(adr,new_gw));
icmp_bogus (ip, type, buf);
return;
}
icmp_print (1, msg = icmp_redirect_str[code], ip->source);
switch (orig_ip->proto)
{
#if !defined(USE_UDP_ONLY)
case TCP_PROTO:
if (do_redirect.tcp) /* do it to some socket */
_tcp_cancel (orig_ip, type, msg, new_gw);
break;
#endif
case UDP_PROTO:
if (do_redirect.udp)
_udp_cancel (orig_ip, type, msg, new_gw);
break;
case ICMP_PROTO:
if (do_redirect.icmp)
{
_ip_recursion = 1;
_arp_register (new_gw, intel(orig_ip->destination), 0);
_ip_recursion = 0;
}
break;
case IGMP_PROTO:
if (do_redirect.igmp)
{
_ip_recursion = 1;
_arp_register (new_gw, intel(orig_ip->destination), 0);
_ip_recursion = 0;
}
break;
}
}
else
STAT (icmpstats.icps_badcode++);
return;
case ICMP_ECHO:
STAT (icmpstats.icps_inhist[ICMP_ECHO]++);
icmp_print (2, _LANG("PING requested of us"), ip->source);
{
/* Extract eth-address and create Echo reply packet.
*/
struct _pkt *pkt;
union icmp_pkt *newicmp;
if (!icmp_chk_src(ip,ICMP_ECHO))
return;
pkt = (struct _pkt*) _eth_formatpacket (MAC_SRC(ip), IP_TYPE);
newicmp = &pkt->icmp;
/* Don't let a huge reassembled ICMP-packet kill us.
*/
len = min (len, mtu - sizeof(*ip));
memcpy (newicmp, icmp, len);
newicmp->echo.type = ICMP_ECHOREPLY;
newicmp->echo.code = code;
/* Use supplied ip values in case we ever multi-home.
* Note that ip values are still in network order.
*/
icmp_send (pkt, ip->destination, ip->source, len);
icmp_print (2, _LANG("PING reply sent"), 0);
}
return;
case ICMP_TIMXCEED:
if (code >= DIM(icmp_exceed_str))
{
STAT (icmpstats.icps_badcode++);
return;
}
STAT (icmpstats.icps_inhist[ICMP_TIMXCEED]++);
if (code != 1)
switch (orig_ip->proto)
{
#if !defined(USE_UDP_ONLY)
case TCP_PROTO:
icmp_print (1, icmp_exceed_str[code], ip->source);
_tcp_cancel (orig_ip, ICMP_TIMXCEED, NULL, 0);
break;
#endif
case UDP_PROTO:
icmp_print (1, icmp_exceed_str[code], ip->source);
_udp_cancel (orig_ip, ICMP_TIMXCEED, NULL, 0);
break;
}
return;
case ICMP_PARAMPROB:
STAT (icmpstats.icps_inhist[ICMP_PARAMPROB]++);
switch (orig_ip->proto)
{
#if !defined(USE_UDP_ONLY)
case TCP_PROTO:
icmp_print (0, _LANG(icmp_type_str[type]), ip->source);
_tcp_cancel (orig_ip, type, NULL, 0);
break;
#endif
case UDP_PROTO:
icmp_print (0, _LANG(icmp_type_str[type]), ip->source);
_udp_cancel (orig_ip, type, NULL, 0);
break;
}
return;
case ICMP_ROUTERADVERT: /* todo !! */
STAT (icmpstats.icps_inhist[ICMP_ROUTERADVERT]++);
icmp_print (1, _LANG(icmp_type_str[type]), ip->source);
return;
case ICMP_ROUTERSOLICIT: /* todo !! */
STAT (icmpstats.icps_inhist[ICMP_ROUTERSOLICIT]++);
icmp_print (1, _LANG(icmp_type_str[type]), ip->source);
return;
case ICMP_TSTAMP:
STAT (icmpstats.icps_inhist[ICMP_TSTAMP]++);
icmp_print (1, _LANG(icmp_type_str[type]), ip->source);
/* todo!!, send reply? */
return;
case ICMP_TSTAMPREPLY:
STAT (icmpstats.icps_inhist[ICMP_TSTAMPREPLY]++);
icmp_print (1, _LANG(icmp_type_str[type]), ip->source);
/* todo!!, should store */
return;
case ICMP_IREQ:
STAT (icmpstats.icps_inhist[ICMP_IREQ]++);
icmp_print (1, _LANG(icmp_type_str[type]), ip->source);
/* todo!!, send reply */
return;
case ICMP_IREQREPLY:
STAT (icmpstats.icps_inhist[ICMP_IREQREPLY]++);
icmp_print (1, _LANG(icmp_type_str[type]), ip->source);
/* todo!!, send reply upwards */
return;
case ICMP_MASKREQ:
STAT (icmpstats.icps_inhist[ICMP_MASKREQ]++);
break;
case ICMP_MASKREPLY:
STAT (icmpstats.icps_inhist[ICMP_MASKREPLY]++);
icmp_print (0, _LANG(icmp_type_str[type]), ip->source);
if ((icmp->mask.identifier == addr_mask_id) &&
(icmp->mask.sequence == addr_mask_seq-1) &&
sin_mask != intel(icmp->mask.mask))
outsnl ("Conflicting net-mask from \"ICMP Addr Mask Reply\"\7");
addr_mask_id = 0;
return;
}
}
/**
* Handler for incoming ICMP packets.
*/
void icmp_handler (const in_Header *ip, BOOL broadcast)
{
union ICMP_PKT *icmp;
const in_Header *orig_ip;
int type, code;
unsigned len;
DWORD delta_time;
BOOL for_me, i_orig; /* is it for me, did I originate it */
const char *msg;
DEBUG_RX (NULL, ip);
if (block_icmp) /* application is handling ICMP; not needed */
return;
len = in_GetHdrLen (ip);
icmp = (union ICMP_PKT*) ((BYTE*)ip + len);
len = intel16 (ip->length) - len;
for_me = _ip4_is_multihome_addr (intel(ip->destination));
if (!for_me || broadcast) /* drop broadcast pings.. */
return;
if (len < sizeof(icmp->info))
{
STAT (icmpstats.icps_tooshort++);
return;
}
if (CHECKSUM(icmp,len) != 0xFFFF)
{
STAT (icmpstats.icps_checksum++);
icmp_print (1, _LANG("bad checksum"), ip->source);
return;
}
type = icmp->unused.type;
code = icmp->unused.code;
orig_ip = &icmp->ip.ip;
i_orig = _ip4_is_local_addr (intel(orig_ip->source));
if (type == ICMP_MASKREPLY)
{
if (!_do_mask_req)
return;
i_orig = TRUE;
}
/* !! this needs work
*/
if (!i_orig &&
(type != ICMP_ECHOREPLY && type != ICMP_ECHO &&
type != ICMP_IREQREPLY && type != ICMP_TSTAMP))
{
icmp_bogus (ip, type, NULL);
return;
}
switch (type)
{
case ICMP_ECHOREPLY: /* check if we were waiting for it */
delta_time = set_timeout(0) - icmp->echo.identifier;
add_ping (intel(ip->source), delta_time, icmp->echo.index);
return;
case ICMP_UNREACH:
if (code < DIM(icmp_unreach_str))
{
UINT len_needed = 8 + in_GetHdrLen (orig_ip);
WORD next_mtu = 0;
msg = _LANG (icmp_unreach_str[code]);
icmp_print (1, msg, ip->source);
if (orig_ip->proto == TCP_PROTO ||
orig_ip->proto == UDP_PROTO)
len_needed += 4; /* Need the src/dest port numbers */
if (len >= len_needed)
{
if (code == ICMP_UNREACH_NEEDFRAG)
next_mtu = intel16 (icmp->needfrag.next_mtu);
#if !defined(USE_UDP_ONLY)
if (orig_ip->proto == TCP_PROTO)
_tcp_cancel (orig_ip, ICMP_UNREACH, code, msg, &next_mtu);
else
#endif
if (orig_ip->proto == UDP_PROTO)
_udp_cancel (orig_ip, ICMP_UNREACH, code, msg, &next_mtu);
/** \todo Handle cancelling raw sockets */
#if defined(USE_BSD_API) && 0
else
_raw_cancel (orig_ip, ICMP_UNREACH, code, msg);
#endif
}
else
STAT (icmpstats.icps_tooshort++);
}
else
STAT (icmpstats.icps_badcode++);
return;
case ICMP_SOURCEQUENCH:
#if !defined(USE_UDP_ONLY)
if (orig_ip->proto == TCP_PROTO)
{
msg = _LANG (icmp_type_str[type]);
icmp_print (1, msg, ip->source);
_tcp_cancel (orig_ip, ICMP_SOURCEQUENCH, code, msg, NULL);
}
#endif
return;
case ICMP_REDIRECT:
if (code < DIM(icmp_redirect_str))
icmp_redirect (icmp, ip, orig_ip, code);
else STAT (icmpstats.icps_badcode++);
return;
case ICMP_ECHO:
icmp_print (2, _LANG("PING requested of us"), ip->source);
icmp_echo_reply (ip, icmp, len);
return;
case ICMP_TIMXCEED:
if (code >= DIM(icmp_exceed_str))
{
STAT (icmpstats.icps_badcode++);
return;
}
if (code == 0) /* "TTL exceeded in transit" */
switch (orig_ip->proto)
{
#if !defined(USE_UDP_ONLY)
case TCP_PROTO:
msg = _LANG (icmp_exceed_str[0]);
icmp_print (1, msg, ip->source);
_tcp_cancel (orig_ip, ICMP_TIMXCEED, code, msg, NULL);
break;
#endif
case UDP_PROTO:
msg = _LANG (icmp_exceed_str[0]);
icmp_print (1, msg, ip->source);
_udp_cancel (orig_ip, ICMP_TIMXCEED, code, msg, NULL);
break;
}
return;
case ICMP_PARAMPROB:
msg = _LANG (icmp_type_str[ICMP_PARAMPROB]);
switch (orig_ip->proto)
{
#if !defined(USE_UDP_ONLY)
case TCP_PROTO:
icmp_print (0, msg, ip->source);
_tcp_cancel (orig_ip, ICMP_PARAMPROB, code, msg, NULL);
break;
#endif
case UDP_PROTO:
icmp_print (0, msg, ip->source);
_udp_cancel (orig_ip, ICMP_PARAMPROB, code, msg, NULL);
break;
}
return;
case ICMP_ROUTERADVERT: /* todo !! */
msg = _LANG (icmp_type_str[ICMP_ROUTERADVERT]);
icmp_print (1, msg, ip->source);
return;
case ICMP_ROUTERSOLICIT: /* todo !! */
msg = _LANG (icmp_type_str[ICMP_ROUTERSOLICIT]);
icmp_print (1, msg, ip->source);
return;
case ICMP_TSTAMP:
msg = _LANG (icmp_type_str[ICMP_TSTAMP]);
icmp_print (1, msg, ip->source);
/**< \todo send reply? */
return;
case ICMP_TSTAMPREPLY:
msg = _LANG (icmp_type_str[ICMP_TSTAMPREPLY]);
icmp_print (1, msg, ip->source);
/**< \todo should store */
return;
case ICMP_IREQ:
msg = _LANG (icmp_type_str[ICMP_IREQ]);
icmp_print (1, msg, ip->source);
/**< \todo send reply */
return;
case ICMP_IREQREPLY:
msg = _LANG (icmp_type_str[ICMP_IREQREPLY]);
icmp_print (1, msg, ip->source);
/**< \todo send reply upwards */
return;
case ICMP_MASKREQ:
/* might be sent by us, never answer */
break;
case ICMP_MASKREPLY:
msg = _LANG (icmp_type_str[ICMP_MASKREPLY]);
icmp_print (0, msg, ip->source);
if ((icmp->mask.identifier == addr_mask_id) &&
(icmp->mask.sequence == addr_mask_seq-1) &&
sin_mask != intel(icmp->mask.mask))
outsnl ("Conflicting net-mask from \"ICMP Addr Mask Reply\"\7");
addr_mask_id = 0;
return;
}
}