static void icmp_reply(struct icmp_bxm *icmp_param, struct sk_buff *skb)
{
struct sock *sk=icmp_socket->sk;
struct ipcm_cookie ipc;
struct rtable *rt = (struct rtable*)skb->dst;
u32 daddr;
if (ip_options_echo(&icmp_param->replyopts, skb))
return;
icmp_param->icmph.checksum=0;
icmp_param->csum=0;
icmp_out_count(icmp_param->icmph.type);
sk->ip_tos = skb->nh.iph->tos;
daddr = ipc.addr = rt->rt_src;
ipc.opt = &icmp_param->replyopts;
if (ipc.opt->srr)
daddr = icmp_param->replyopts.faddr;
if (ip_route_output(&rt, daddr, rt->rt_spec_dst, RT_TOS(skb->nh.iph->tos), 0))
return;
if (icmpv4_xrlim_allow(rt, icmp_param->icmph.type,
icmp_param->icmph.code)) {
ip_build_xmit(sk, icmp_glue_bits, icmp_param,
icmp_param->data_len+sizeof(struct icmphdr),
&ipc, rt, MSG_DONTWAIT);
}
ip_rt_put(rt);
}
void icmp_send(struct sk_buff *skb_in, int type, int code, unsigned long info)
{
struct iphdr *iph;
struct icmphdr *icmph;
int room;
struct icmp_bxm icmp_param;
struct rtable *rt = (struct rtable*)skb_in->dst;
struct ipcm_cookie ipc;
u32 saddr;
u8 tos;
/*
* Find the original header
*/
iph = skb_in->nh.iph;
/*
* No replies to physical multicast/broadcast
*/
if (skb_in->pkt_type!=PACKET_HOST)
return;
/*
* Now check at the protocol level
*/
if (!rt) {
if (sysctl_ip_always_defrag == 0 &&
net_ratelimit())
printk(KERN_DEBUG "icmp_send: destinationless packet\n");
return;
}
if (rt->rt_flags&(RTCF_BROADCAST|RTCF_MULTICAST))
return;
/*
* Only reply to fragment 0. We byte re-order the constant
* mask for efficiency.
*/
if (iph->frag_off&htons(IP_OFFSET))
return;
/*
* If we send an ICMP error to an ICMP error a mess would result..
*/
if (icmp_pointers[type].error) {
/*
* We are an error, check if we are replying to an ICMP error
*/
if (iph->protocol==IPPROTO_ICMP) {
icmph = (struct icmphdr *)((char *)iph + (iph->ihl<<2));
/*
* Assume any unknown ICMP type is an error. This isn't
* specified by the RFC, but think about it..
*/
if (icmph->type>NR_ICMP_TYPES || icmp_pointers[icmph->type].error)
return;
}
}
/*
* Construct source address and options.
*/
#ifdef CONFIG_IP_ROUTE_NAT
/*
* Restore original addresses if packet has been translated.
*/
if (rt->rt_flags&RTCF_NAT && IPCB(skb_in)->flags&IPSKB_TRANSLATED) {
iph->daddr = rt->key.dst;
iph->saddr = rt->key.src;
}
#endif
#ifdef CONFIG_IP_MASQUERADE
if (type==ICMP_DEST_UNREACH && IPCB(skb_in)->flags&IPSKB_MASQUERADED) {
ip_fw_unmasq_icmp(skb_in);
}
#endif
saddr = iph->daddr;
if (!(rt->rt_flags & RTCF_LOCAL))
saddr = 0;
tos = icmp_pointers[type].error ?
((iph->tos & IPTOS_TOS_MASK) | IPTOS_PREC_INTERNETCONTROL) :
iph->tos;
/* XXX: use a more aggressive expire for routes created by
* this call (not longer than the rate limit timeout).
* It could be also worthwhile to not put them into ipv4
* fast routing cache at first. Otherwise an attacker can
* grow the routing table.
*/
if (ip_route_output(&rt, iph->saddr, saddr, RT_TOS(tos), 0))
return;
if (ip_options_echo(&icmp_param.replyopts, skb_in))
goto ende;
/*
* Prepare data for ICMP header.
*/
icmp_param.icmph.type=type;
icmp_param.icmph.code=code;
icmp_param.icmph.un.gateway = info;
icmp_param.icmph.checksum=0;
icmp_param.csum=0;
icmp_param.data_ptr=iph;
icmp_out_count(icmp_param.icmph.type);
icmp_socket->sk->ip_tos = tos;
ipc.addr = iph->saddr;
ipc.opt = &icmp_param.replyopts;
if (icmp_param.replyopts.srr) {
ip_rt_put(rt);
if (ip_route_output(&rt, icmp_param.replyopts.faddr, saddr, RT_TOS(tos), 0))
return;
}
if (!icmpv4_xrlim_allow(rt, type, code))
goto ende;
/* RFC says return as much as we can without exceeding 576 bytes. */
room = rt->u.dst.pmtu;
if (room > 576)
room = 576;
room -= sizeof(struct iphdr) + icmp_param.replyopts.optlen;
room -= sizeof(struct icmphdr);
icmp_param.data_len=(iph->ihl<<2)+skb_in->len;
if (icmp_param.data_len > room)
icmp_param.data_len = room;
ip_build_xmit(icmp_socket->sk, icmp_glue_bits, &icmp_param,
icmp_param.data_len+sizeof(struct icmphdr),
&ipc, rt, MSG_DONTWAIT);
ende:
ip_rt_put(rt);
}