Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

1546 lines
48 KiB

  1. // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs)
  2. //
  3. // Copyright (c) 1985-2000 Microsoft Corporation
  4. //
  5. // This file is part of the Microsoft Research IPv6 Network Protocol Stack.
  6. // You should have received a copy of the Microsoft End-User License Agreement
  7. // for this software along with this release; see the file "license.txt".
  8. // If not, please see http://www.research.microsoft.com/msripv6/license.htm,
  9. // or write to Microsoft Research, One Microsoft Way, Redmond, WA 98052-6399.
  10. //
  11. // Abstract:
  12. //
  13. // Internet Control Message Protocol for Internet Protocol Version 6.
  14. // See RFC 1885 for details.
  15. //
  16. #include "oscfg.h"
  17. #include "ndis.h"
  18. #include "ip6imp.h"
  19. #include "ip6def.h"
  20. #include "route.h"
  21. #include "icmp.h"
  22. #include "ntddip6.h"
  23. #include "neighbor.h"
  24. #include "mld.h"
  25. #include "security.h"
  26. //
  27. // Ping support. We have a list of EchoControl blocks, one per outstanding
  28. // echo request message. Incoming echo replies are matched to requests via
  29. // a unique sequence number.
  30. //
  31. KSPIN_LOCK ICMPv6EchoLock;
  32. EchoControl *ICMPv6OutstandingEchos;
  33. long ICMPv6EchoSeq; // Protected with interlocked operations.
  34. //
  35. // Statistics kept for netstat and MIBs.
  36. //
  37. ICMPv6Stats ICMPv6InStats;
  38. ICMPv6Stats ICMPv6OutStats;
  39. //* ICMPv6Init - Initialize ICMPv6.
  40. //
  41. // Set the starting values of various things.
  42. //
  43. void
  44. ICMPv6Init(void)
  45. {
  46. //
  47. // Initialize in-kernel ping support.
  48. //
  49. ICMPv6OutstandingEchos = NULL;
  50. ICMPv6EchoSeq = 0;
  51. KeInitializeSpinLock(&ICMPv6EchoLock);
  52. //
  53. // Initialize Multicast Listener Discovery protocol.
  54. //
  55. MLDInit();
  56. }
  57. //* ICMPv6Send - Low-level send routine for ICMPv6 packets.
  58. //
  59. // Common ICMPv6 message transmission functionality is performed here.
  60. // The message is expected to be completely formed (with the exception
  61. // of the checksum) when this routine is called.
  62. //
  63. // Used for all ICMP packets, except for Neighbor Discovery.
  64. //
  65. void
  66. ICMPv6Send(
  67. RouteCacheEntry *RCE, // RCE to send on
  68. PNDIS_PACKET Packet, // Packet to send.
  69. uint IPv6Offset, // Offset to IPv6 header in packet.
  70. uint ICMPv6Offset, // Offset to ICMPv6 header in packet.
  71. IPv6Header UNALIGNED *IP, // Pointer to IPv6 header.
  72. uint PayloadLength, // Length of IPv6 payload in bytes.
  73. ICMPv6Header UNALIGNED *ICMP) // Pointer to ICMPv6 header.
  74. {
  75. uint ChecksumDataLength;
  76. ICMPv6OutStats.icmps_msgs++;
  77. //
  78. // Calculate the ICMPv6 checksum. It covers the entire ICMPv6 message
  79. // starting with the ICMPv6 header, plus the IPv6 pseudo-header.
  80. //
  81. // Recalculate the payload length to exclude any option headers.
  82. //
  83. ChecksumDataLength = PayloadLength -
  84. (ICMPv6Offset - IPv6Offset) + sizeof(IPv6Header);
  85. ICMP->Checksum = 0;
  86. ICMP->Checksum = ChecksumPacket(Packet, ICMPv6Offset, NULL,
  87. ChecksumDataLength,
  88. AlignAddr(&IP->Source),
  89. AlignAddr(&IP->Dest),
  90. IP_PROTOCOL_ICMPv6);
  91. if (ICMP->Checksum == 0) {
  92. //
  93. // ChecksumPacket failed, so abort the transmission.
  94. //
  95. ICMPv6OutStats.icmps_errors++;
  96. IPv6SendComplete(NULL, Packet, IP_NO_RESOURCES);
  97. return;
  98. }
  99. ICMPv6OutStats.icmps_typecount[ICMP->Type]++;
  100. //
  101. // Hand the packet down to IP for transmission.
  102. //
  103. IPv6Send(Packet, IPv6Offset, IP, PayloadLength, RCE, 0,
  104. IP_PROTOCOL_ICMPv6, 0, 0);
  105. }
  106. //* ICMPv6SendEchoReply - Send an Echo Reply message.
  107. //
  108. // Basically what we do here is slap an ICMPv6 header on the front
  109. // of the invoking packet and send it back where it came from.
  110. //
  111. void
  112. ICMPv6SendEchoReply(
  113. IPv6Packet *Packet) // Packet handed to us by ICMPv6Receive.
  114. {
  115. NDIS_STATUS NdisStatus;
  116. PNDIS_PACKET ReplyPacket;
  117. uint Offset;
  118. uchar *Mem;
  119. uint MemLen;
  120. uint ICMPLength;
  121. uint DataLength;
  122. IPv6Header UNALIGNED *ReplyIP;
  123. ICMPv6Header UNALIGNED *ReplyICMP;
  124. const IPv6Addr *Dest;
  125. IP_STATUS Status;
  126. RouteCacheEntry *RCE;
  127. //
  128. // Take our reply's destination address from the source address
  129. // of the incoming packet.
  130. //
  131. // Note that the specs specifically say that we're not to reverse
  132. // the path on source routed packets. Just reply directly.
  133. //
  134. // IPv6HeaderReceive should protect us from replying to most forms
  135. // of bogus addresses. We ASSERT this in checked builds.
  136. //
  137. Dest = Packet->SrcAddr;
  138. ASSERT(!IsInvalidSourceAddress(Dest));
  139. //
  140. // Get the reply route to the destination.
  141. // Under normal circumstances, the reply will go out
  142. // the incoming interface. RouteToDestination
  143. // will figure out the appropriate ScopeId.
  144. //
  145. Status = RouteToDestination(Dest, 0, Packet->NTEorIF,
  146. RTD_FLAG_NORMAL, &RCE);
  147. if (Status != IP_SUCCESS) {
  148. //
  149. // No route - drop the packet.
  150. //
  151. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INTERNAL_ERROR,
  152. "ICMPv6SendEchoReply - no route: %x\n", Status));
  153. return;
  154. }
  155. //
  156. // Calculate the length of the ICMP header
  157. // and how much data we will include following the ICMP header.
  158. //
  159. ICMPLength = sizeof(ICMPv6Header);
  160. DataLength = Packet->TotalSize;
  161. Offset = RCE->NCE->IF->LinkHeaderSize;
  162. MemLen = Offset + sizeof(IPv6Header) + ICMPLength + DataLength;
  163. //
  164. // Allocate the reply packet.
  165. //
  166. NdisStatus = IPv6AllocatePacket(MemLen, &ReplyPacket, &Mem);
  167. if (NdisStatus != NDIS_STATUS_SUCCESS) {
  168. ReleaseRCE(RCE);
  169. return;
  170. }
  171. //
  172. // Prepare IP header of reply packet.
  173. //
  174. ReplyIP = (IPv6Header UNALIGNED *)(Mem + Offset);
  175. ReplyIP->VersClassFlow = IP_VERSION;
  176. ReplyIP->NextHeader = IP_PROTOCOL_ICMPv6;
  177. ReplyIP->HopLimit = (uchar)RCE->NCE->IF->CurHopLimit;
  178. //
  179. // Take our reply's source address from the receiving NTE,
  180. // or use the best source address for this destination
  181. // if we don't have a receiving NTE.
  182. //
  183. ReplyIP->Source = (IsNTE(Packet->NTEorIF) ?
  184. CastToNTE(Packet->NTEorIF) : RCE->NTE)
  185. ->Address;
  186. ReplyIP->Dest = *Dest;
  187. //
  188. // Prepare ICMP header.
  189. //
  190. // REVIEW: Do this in ICMPv6Send?
  191. //
  192. ReplyICMP = (ICMPv6Header UNALIGNED *)(ReplyIP + 1);
  193. ReplyICMP->Type = ICMPv6_ECHO_REPLY;
  194. ReplyICMP->Code = 0;
  195. // ReplyICMP->Checksum - ICMPv6Send will calculate.
  196. //
  197. // Copy incoming packet data to outgoing.
  198. //
  199. CopyPacketToBuffer((uchar *)(ReplyICMP + 1), Packet, DataLength,
  200. Packet->Position);
  201. ICMPv6Send(RCE, ReplyPacket, Offset,
  202. Offset + sizeof(IPv6Header), ReplyIP,
  203. ICMPLength + DataLength, ReplyICMP);
  204. ReleaseRCE(RCE);
  205. }
  206. //* ICMPv6CheckError
  207. //
  208. // Check if a packet is an ICMP error message.
  209. // This is a "best effort" check, given that
  210. // the packet may well have syntactical errors.
  211. //
  212. // We return FALSE if we can't tell.
  213. //
  214. int
  215. ICMPv6CheckError(IPv6Packet *Packet, uint NextHeader)
  216. {
  217. for (;;) {
  218. uint HdrLen;
  219. switch (NextHeader) {
  220. case IP_PROTOCOL_HOP_BY_HOP:
  221. case IP_PROTOCOL_DEST_OPTS:
  222. case IP_PROTOCOL_ROUTING: {
  223. ExtensionHeader *Hdr;
  224. if (! PacketPullup(Packet, sizeof *Hdr,
  225. __builtin_alignof(ExtensionHeader), 0)) {
  226. //
  227. // Pullup failed. We can't continue parsing.
  228. //
  229. return FALSE;
  230. }
  231. Hdr = (ExtensionHeader *) Packet->Data;
  232. HdrLen = (Hdr->HeaderExtLength + 1) * EXT_LEN_UNIT;
  233. //
  234. // REVIEW - We don't actually want to look at the remaining
  235. // data in the extension header. Perhaps use PositionPacketAt?
  236. //
  237. if (! PacketPullup(Packet, HdrLen, 1, 0)) {
  238. //
  239. // Pullup failed. We can't continue parsing.
  240. //
  241. return FALSE;
  242. }
  243. NextHeader = Hdr->NextHeader;
  244. break;
  245. }
  246. case IP_PROTOCOL_FRAGMENT: {
  247. FragmentHeader UNALIGNED *Hdr;
  248. if (! PacketPullup(Packet, sizeof *Hdr, 1, 0)) {
  249. //
  250. // Pullup failed. We can't continue parsing.
  251. //
  252. return FALSE;
  253. }
  254. Hdr = (FragmentHeader UNALIGNED *) Packet->Data;
  255. //
  256. // We can only continue parsing if this is the first fragment.
  257. //
  258. if ((Hdr->OffsetFlag & FRAGMENT_OFFSET_MASK) != 0)
  259. return FALSE;
  260. HdrLen = sizeof *Hdr;
  261. NextHeader = Hdr->NextHeader;
  262. break;
  263. }
  264. case IP_PROTOCOL_ICMPv6: {
  265. ICMPv6Header *Hdr;
  266. if (! PacketPullup(Packet, sizeof *Hdr,
  267. __builtin_alignof(ICMPv6Header), 0)) {
  268. //
  269. // Pullup failed. We can't continue parsing.
  270. //
  271. return FALSE;
  272. }
  273. //
  274. // This is an ICMPv6 message, so we can check
  275. // to see if it is an error message.
  276. // We treat Redirects as errors here.
  277. //
  278. Hdr = (ICMPv6Header *) Packet->Data;
  279. return (ICMPv6_ERROR_TYPE(Hdr->Type) ||
  280. (Hdr->Type == ICMPv6_REDIRECT));
  281. }
  282. default:
  283. return FALSE;
  284. }
  285. //
  286. // Move past this extension header.
  287. //
  288. AdjustPacketParams(Packet, HdrLen);
  289. }
  290. }
  291. //* ICMPv6RateLimit
  292. //
  293. // Returns TRUE if an ICMP error should NOT be sent to this destination
  294. // because of rate-limiting.
  295. //
  296. int
  297. ICMPv6RateLimit(RouteCacheEntry *RCE)
  298. {
  299. uint Now = IPv6TickCount;
  300. //
  301. // This arithmetic will handle wraps of the IPv6 tick counter.
  302. //
  303. if ((uint)(Now - RCE->LastError) < ICMP_MIN_ERROR_INTERVAL)
  304. return TRUE;
  305. RCE->LastError = Now;
  306. return FALSE;
  307. }
  308. //* ICMPv6SendError - Generate an error in response to an incoming packet.
  309. //
  310. // Send an ICMPv6 message of the given Type and Code to the source of the
  311. // offending/invoking packet. The reply includes as much of the incoming
  312. // packet as will fit inside the minimal IPv6 MTU.
  313. //
  314. // Basically what we do here is slap an ICMPv6 header on the front
  315. // of the invoking packet and send it back where it came from.
  316. //
  317. // REVIEW - Much of the code looks like ICMPv6SendEchoReply.
  318. // Could it be shared?
  319. //
  320. // The current position in the Packet must be at a header boundary.
  321. // The NextHeader parameter specifies the type of header following.
  322. // This information is used to parse the remainder of the invoking Packet,
  323. // to see if it is an ICMP error. We MUST avoid sending an error
  324. // in response to an error. NextHeader may be IP_PROTOCOL_NONE.
  325. //
  326. // The MulticastOverride parameter allows override of another check.
  327. // Normally we MUST avoid sending an error in response to a packet
  328. // sent to a multicast destination. But there are a couple exceptions.
  329. //
  330. void
  331. ICMPv6SendError(
  332. IPv6Packet *Packet, // Offending/Invoking packet.
  333. uchar ICMPType, // ICMP error type.
  334. uchar ICMPCode, // ICMP error code.
  335. ulong ErrorParameter, // Parameter for error message.
  336. uint NextHeader, // Type of hdr following in Packet.
  337. int MulticastOverride) // Allow replies to mcast packets?
  338. {
  339. NDIS_STATUS NdisStatus;
  340. PNDIS_PACKET ReplyPacket;
  341. uint Offset;
  342. uchar *Mem;
  343. uint MemLen;
  344. uint ICMPLength;
  345. uint DataLength;
  346. IPv6Header UNALIGNED *ReplyIP;
  347. ICMPv6Header UNALIGNED *ReplyICMP;
  348. const IPv6Addr *Dest;
  349. IP_STATUS Status;
  350. RouteCacheEntry *RCE;
  351. //
  352. // We must not send an ICMP error message
  353. // as a result of an ICMP error.
  354. //
  355. if ((Packet->Flags & PACKET_ICMP_ERROR) ||
  356. ICMPv6CheckError(Packet, NextHeader)) {
  357. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_NET_ERROR,
  358. "ICMPv6SendError: no reply to error\n"));
  359. return;
  360. }
  361. //
  362. // We must not send an ICMP error message as a result
  363. // of receiving any kind of multicast or broadcast.
  364. // There are a couple exceptions so we have MulticastOverride.
  365. //
  366. if (IsMulticast(AlignAddr(&Packet->IP->Dest)) ||
  367. (Packet->Flags & PACKET_NOT_LINK_UNICAST)) {
  368. if (!MulticastOverride) {
  369. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_NET_ERROR,
  370. "ICMPv6SendError: no reply to broadcast/multicast\n"));
  371. return;
  372. }
  373. }
  374. //
  375. // Take our reply's destination address from the source address
  376. // of the incoming packet.
  377. //
  378. // Note that the specs specifically say that we're not to reverse
  379. // the path on source routed packets. Just reply directly.
  380. //
  381. // IPv6HeaderReceive should protect us from replying to most forms
  382. // of bogus addresses. We ASSERT this in checked builds.
  383. //
  384. Dest = Packet->SrcAddr;
  385. ASSERT(!IsInvalidSourceAddress(Dest));
  386. //
  387. // Get the reply route to the destination.
  388. // Under normal circumstances, the reply will go out
  389. // the incoming interface. RouteToDestination
  390. // will figure out the appropriate ScopeId.
  391. //
  392. Status = RouteToDestination(Dest, 0, Packet->NTEorIF,
  393. RTD_FLAG_NORMAL, &RCE);
  394. if (Status != IP_SUCCESS) {
  395. //
  396. // No route - drop the packet.
  397. //
  398. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_INTERNAL_ERROR,
  399. "ICMPv6SendError - no route: %x\n", Status));
  400. return;
  401. }
  402. //
  403. // We must rate-limit ICMP error messages.
  404. //
  405. if (ICMPv6RateLimit(RCE)) {
  406. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_NET_ERROR,
  407. "ICMPv6SendError - rate limit %s\n",
  408. FormatV6Address(&RCE->Destination)));
  409. ReleaseRCE(RCE);
  410. return;
  411. }
  412. //
  413. // Calculate the length of the ICMP header
  414. // and how much data we will include following the ICMP header.
  415. // Include space for an error value after the header proper.
  416. //
  417. ICMPLength = sizeof(ICMPv6Header) + sizeof(uint);
  418. //
  419. // We want to include data from the IP header on.
  420. //
  421. DataLength = Packet->TotalSize +
  422. (Packet->Position - Packet->IPPosition);
  423. //
  424. // But limit the error packet size.
  425. //
  426. if (DataLength > ICMPv6_ERROR_MAX_DATA_LEN)
  427. DataLength = ICMPv6_ERROR_MAX_DATA_LEN;
  428. //
  429. // Calculate buffer length.
  430. //
  431. Offset = RCE->NCE->IF->LinkHeaderSize;
  432. MemLen = Offset + sizeof(IPv6Header) + ICMPLength + DataLength;
  433. ASSERT(MemLen - Offset <= IPv6_MINIMUM_MTU);
  434. //
  435. // Allocate the reply packet.
  436. //
  437. NdisStatus = IPv6AllocatePacket(MemLen, &ReplyPacket, &Mem);
  438. if (NdisStatus != NDIS_STATUS_SUCCESS) {
  439. ReleaseRCE(RCE);
  440. return;
  441. }
  442. //
  443. // Prepare IP header of reply packet.
  444. //
  445. ReplyIP = (IPv6Header UNALIGNED *)(Mem + Offset);
  446. ReplyIP->VersClassFlow = IP_VERSION;
  447. ReplyIP->NextHeader = IP_PROTOCOL_ICMPv6;
  448. ReplyIP->HopLimit = (uchar)RCE->NCE->IF->CurHopLimit;
  449. //
  450. // Take our reply's source address from the receiving NTE,
  451. // or use the best source address for this destination
  452. // if we don't have a receiving NTE.
  453. //
  454. ReplyIP->Source = (IsNTE(Packet->NTEorIF) ?
  455. CastToNTE(Packet->NTEorIF) : RCE->NTE)
  456. ->Address;
  457. ReplyIP->Dest = *Dest;
  458. //
  459. // Prepare ICMP header.
  460. //
  461. // REVIEW: Do this in ICMPv6Send?
  462. //
  463. ReplyICMP = (ICMPv6Header UNALIGNED *)(ReplyIP + 1);
  464. ReplyICMP->Type = ICMPType;
  465. ReplyICMP->Code = ICMPCode;
  466. // ReplyICMP->Checksum - ICMPv6Send will calculate.
  467. //
  468. // ICMP Error Messages have a 32-bit field (content of which
  469. // varies depending upon the error type) following the ICMP header.
  470. //
  471. *(ulong UNALIGNED *)(ReplyICMP + 1) = net_long(ErrorParameter);
  472. //
  473. // Copy invoking packet (from IPv6 header onward) to outgoing.
  474. //
  475. CopyPacketToBuffer((uchar *)(ReplyICMP + 1) + sizeof(ErrorParameter),
  476. Packet, DataLength, Packet->IPPosition);
  477. ICMPv6Send(RCE, ReplyPacket, Offset,
  478. Offset + sizeof(IPv6Header), ReplyIP,
  479. ICMPLength + DataLength, ReplyICMP);
  480. ReleaseRCE(RCE);
  481. }
  482. //* ICMPv6ProcessTunnelError
  483. //
  484. // Called when we receive an ICMPv4 error and there is insufficient
  485. // information to translate to an ICMPv6 error. We make a best effort
  486. // to complete outstanding echo requests that were sent to the IPv4
  487. // address that was the original IPv4 tunnel destination.
  488. //
  489. void
  490. ICMPv6ProcessTunnelError(
  491. IPAddr V4Dest, // Destination of our tunneled packet.
  492. IPv6Addr *V6Src, // Address to use as the source of the error.
  493. uint ScopeId, // Scope-id of V6Src.
  494. IP_STATUS Status) // Status of the response.
  495. {
  496. EchoControl *This, **PrevPtr;
  497. EchoControl *List = NULL;
  498. KIRQL OldIrql;
  499. //
  500. // Find the EchoControl blocks on our list of outstanding echoes that
  501. // have a matching IPv4 destination and call their completion function.
  502. // We do not have sufficient information to identify a unique request.
  503. //
  504. KeAcquireSpinLock(&ICMPv6EchoLock, &OldIrql);
  505. for (This = ICMPv6OutstandingEchos, PrevPtr = &ICMPv6OutstandingEchos;
  506. This != NULL; This = This->Next) {
  507. if (This->V4Dest == V4Dest) {
  508. //
  509. // Found matching control block. Extract it from the list
  510. // and put it on our own list.
  511. //
  512. *PrevPtr = This->Next;
  513. This->Next = List;
  514. List = This;
  515. break;
  516. }
  517. PrevPtr = &This->Next;
  518. }
  519. KeReleaseSpinLock(&ICMPv6EchoLock, OldIrql);
  520. while ((This = List) != NULL) {
  521. //
  522. // Remove this request from our list.
  523. //
  524. List = This->Next;
  525. //
  526. // Call OS-specific completion routine.
  527. //
  528. (*This->CompleteRoutine)(This, Status,
  529. V6Src, ScopeId,
  530. NULL, 0);
  531. }
  532. }
  533. //* ICMPv6ProcessEchoReply
  534. //
  535. // Called either when an echo reply arrives, or
  536. // a hop-count-exceeded error responding to an echo request arrives.
  537. //
  538. // Looks up the echo request structure and completes
  539. // the echo request operation.
  540. //
  541. // Note that the echo reply payload data must be contiguous.
  542. // Callers should use PacketPullup if necessary.
  543. //
  544. void
  545. ICMPv6ProcessEchoReply(
  546. ulong Seq, // Echo sequence number.
  547. IP_STATUS Status, // Status of the response.
  548. IPv6Packet *Packet, // Echo reply packet.
  549. void *Current, // Pointer to the buffered data area.
  550. uint PayloadLength) // Size of remaining payload data.
  551. {
  552. EchoControl *This, **PrevPtr;
  553. KIRQL OldIrql;
  554. uint ICMPPosition;
  555. //
  556. // Find the EchoControl block on our list of outstanding echoes that
  557. // has a matching sequence number and call it's completion function.
  558. //
  559. KeAcquireSpinLock(&ICMPv6EchoLock, &OldIrql);
  560. for (This = ICMPv6OutstandingEchos, PrevPtr = &ICMPv6OutstandingEchos;
  561. This != NULL; This = This->Next) {
  562. if (This->Seq == Seq) {
  563. //
  564. // Found matching control block. Extract it from list.
  565. //
  566. *PrevPtr = This->Next;
  567. break;
  568. }
  569. PrevPtr = &This->Next;
  570. }
  571. KeReleaseSpinLock(&ICMPv6EchoLock, OldIrql);
  572. //
  573. // Check to see if we ran off the end of the outstanding echoes list.
  574. //
  575. if (This == NULL) {
  576. //
  577. // We received a response with a sequence number that doesn't match
  578. // one of the echo requests we still have outstanding. Drop it.
  579. //
  580. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_BAD_PACKET,
  581. "ICMPv6ProcessEchoReply: Received echo response "
  582. "with bogus/expired sequence number 0x%x\n", Seq));
  583. if (Current != NULL) {
  584. //
  585. // If this is a normal Echo Reply (not a error message sent in
  586. // response to one of our Echo Replies) first see if any raw
  587. // receivers want to look at it.
  588. //
  589. ICMPPosition = Packet->Position - sizeof(ICMPv6Header);
  590. PositionPacketAt(Packet, ICMPPosition);
  591. (void) RawReceive(Packet, IP_PROTOCOL_ICMPv6);
  592. }
  593. return;
  594. }
  595. //
  596. // Call OS-specific completion routine.
  597. //
  598. (*This->CompleteRoutine)(This, Status,
  599. Packet->SrcAddr,
  600. DetermineScopeId(Packet->SrcAddr,
  601. Packet->NTEorIF->IF),
  602. Current, PayloadLength);
  603. }
  604. //* ICMPv6EchoReplyReceive - Receive a reply to an earlier echo of our's.
  605. //
  606. // Called by ICMPv6Receive when an echo reply message arrives.
  607. //
  608. // REVIEW: Should we also verify the receiving NTE is the same as the one
  609. // REVIEW: we sent on?
  610. //
  611. void
  612. ICMPv6EchoReplyReceive(IPv6Packet *Packet)
  613. {
  614. ulong Seq;
  615. //
  616. // The next four bytes should consist of a two byte Identifier field
  617. // and a two byte Sequence Number. We just treat the whole thing as
  618. // a four byte sequence number. Make sure these bytes are contiguous.
  619. //
  620. if (! PacketPullup(Packet, sizeof Seq, 1, 0)) {
  621. // Pullup failed.
  622. if (Packet->TotalSize < sizeof(Seq)) {
  623. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_BAD_PACKET,
  624. "ICMPv6: Received small Echo Reply %u\n",
  625. Packet->TotalSize));
  626. ICMPv6SendError(Packet,
  627. ICMPv6_PARAMETER_PROBLEM,
  628. ICMPv6_ERRONEOUS_HEADER_FIELD,
  629. FIELD_OFFSET(IPv6Header, PayloadLength),
  630. IP_PROTOCOL_NONE, FALSE);
  631. }
  632. return; // Drop packet.
  633. }
  634. //
  635. // We're received a reply message to one of our echo requests.
  636. // Extract its sequence number so that we can identify it.
  637. //
  638. Seq = net_long(*(ulong UNALIGNED *)Packet->Data);
  639. AdjustPacketParams(Packet, sizeof Seq);
  640. //
  641. // REVIEW: The ICMPv6ProcessEchoReply interface expects a contiguous data
  642. // REVIEW: region for the rest of the packet. This requires us to
  643. // REVIEW: pullup the remainder of the packet here. Fix this someday.
  644. //
  645. if (! PacketPullup(Packet, Packet->TotalSize, 1, 0)) {
  646. // Pullup failed.
  647. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_NTOS_ERROR,
  648. "ICMPv6: Couldn't pullup echo data\n"));
  649. return; // Drop packet.
  650. }
  651. ICMPv6ProcessEchoReply(Seq, IP_SUCCESS, Packet,
  652. Packet->Data, Packet->TotalSize);
  653. }
  654. //* ICMPv6ErrorReceive - Generic ICMPv6 error processing.
  655. //
  656. // Called by ICMPv6Receive when an error message arrives.
  657. // Returns FALSE if we were unable to process it for some reason.
  658. //
  659. int
  660. ICMPv6ErrorReceive(
  661. IPv6Packet *Packet, // Packet handed to us by ICMPv6Receive.
  662. ICMPv6Header UNALIGNED *ICMP) // ICMP Header.
  663. {
  664. ulong Parameter;
  665. IP_STATUS Status;
  666. StatusArg StatArg;
  667. IPv6Header UNALIGNED *InvokingIP;
  668. ProtoControlRecvProc *Handler = NULL;
  669. uchar NextHeader;
  670. int Handled = TRUE;
  671. //
  672. // First mark the packet as an ICMP error.
  673. // This will inhibit any generation of ICMP errors
  674. // as a result of this packet.
  675. //
  676. Packet->Flags |= PACKET_ICMP_ERROR;
  677. //
  678. // All ICMPv6 error messages consist of the base ICMPv6 header,
  679. // followed by a 32 bit type-specific field, followed by as much
  680. // of the invoking packet as fit without causing this ICMPv6 packet
  681. // to exceed 576 octets.
  682. //
  683. // We already consumed the base ICMPv6 header back in ICMPv6Receive.
  684. // Pull out the 32 bit type-specific field in case the upper layer's
  685. // ControlReceive routine cares about it.
  686. //
  687. if (! PacketPullup(Packet, sizeof Parameter, 1, 0)) {
  688. // Pullup failed.
  689. if (Packet->TotalSize < sizeof Parameter)
  690. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_BAD_PACKET,
  691. "ICMPv6ErrorReceive: "
  692. "Packet too small to contain error field\n"));
  693. return FALSE; // Drop packet.
  694. }
  695. Parameter = *(ulong UNALIGNED *)Packet->Data;
  696. AdjustPacketParams(Packet, sizeof Parameter);
  697. //
  698. // Next up should be the IPv6 header of the invoking packet.
  699. //
  700. if (! PacketPullup(Packet, sizeof *InvokingIP,
  701. __builtin_alignof(IPv6Addr), 0)) {
  702. // Pullup failed.
  703. if (Packet->TotalSize < sizeof *InvokingIP)
  704. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_BAD_PACKET,
  705. "ICMPv6ErrorReceive (from %s): "
  706. "Packet too small to contain IPv6 "
  707. "header from invoking packet\n",
  708. FormatV6Address(AlignAddr(&Packet->IP->Source))));
  709. return FALSE; // Drop packet.
  710. }
  711. InvokingIP = (IPv6Header UNALIGNED *)Packet->Data;
  712. AdjustPacketParams(Packet, sizeof *InvokingIP);
  713. //
  714. // First we perform any specific processing of the error,
  715. // and convert the error type/code to a status value.
  716. //
  717. switch (ICMP->Type) {
  718. case ICMPv6_DESTINATION_UNREACHABLE:
  719. switch (ICMP->Code) {
  720. case ICMPv6_NO_ROUTE_TO_DESTINATION:
  721. Status = IP_DEST_NO_ROUTE;
  722. break;
  723. case ICMPv6_COMMUNICATION_PROHIBITED:
  724. Status = IP_DEST_PROHIBITED;
  725. break;
  726. case ICMPv6_SCOPE_MISMATCH:
  727. Status = IP_DEST_SCOPE_MISMATCH;
  728. break;
  729. case ICMPv6_ADDRESS_UNREACHABLE:
  730. Status = IP_DEST_ADDR_UNREACHABLE;
  731. break;
  732. case ICMPv6_PORT_UNREACHABLE:
  733. Status = IP_DEST_PORT_UNREACHABLE;
  734. break;
  735. default:
  736. Status = IP_DEST_UNREACHABLE;
  737. break;
  738. }
  739. break;
  740. case ICMPv6_PACKET_TOO_BIG: {
  741. uint PMTU;
  742. //
  743. // Packet Too Big messages contain the bottleneck MTU value.
  744. // Update the path MTU in the route cache.
  745. // Change Parameter value to indicate whether PMTU changed.
  746. //
  747. PMTU = net_long(Parameter);
  748. Parameter = UpdatePathMTU(Packet->NTEorIF->IF,
  749. AlignAddr(&InvokingIP->Dest), PMTU);
  750. Status = IP_PACKET_TOO_BIG;
  751. break;
  752. }
  753. case ICMPv6_TIME_EXCEEDED:
  754. switch (ICMP->Code) {
  755. case ICMPv6_HOP_LIMIT_EXCEEDED:
  756. Status = IP_HOP_LIMIT_EXCEEDED;
  757. break;
  758. case ICMPv6_REASSEMBLY_TIME_EXCEEDED:
  759. Status = IP_REASSEMBLY_TIME_EXCEEDED;
  760. break;
  761. default:
  762. Status = IP_TIME_EXCEEDED;
  763. break;
  764. }
  765. break;
  766. case ICMPv6_PARAMETER_PROBLEM:
  767. switch (ICMP->Code) {
  768. case ICMPv6_ERRONEOUS_HEADER_FIELD:
  769. Status = IP_BAD_HEADER;
  770. break;
  771. case ICMPv6_UNRECOGNIZED_NEXT_HEADER:
  772. Status = IP_UNRECOGNIZED_NEXT_HEADER;
  773. break;
  774. case ICMPv6_UNRECOGNIZED_OPTION:
  775. Status = IP_BAD_OPTION;
  776. break;
  777. default:
  778. Status = IP_PARAMETER_PROBLEM;
  779. break;
  780. }
  781. break;
  782. default:
  783. //
  784. // We don't understand this error type.
  785. //
  786. Status = IP_ICMP_ERROR;
  787. Handled = FALSE;
  788. break;
  789. }
  790. //
  791. // Deliver ICMP Error to higher layers. This is a MUST, even if we
  792. // don't recognize the specific error message.
  793. //
  794. // Iteratively switch out to the handler for each successive next header
  795. // until we reach a handler that reports no more headers follow it.
  796. //
  797. NextHeader = InvokingIP->NextHeader;
  798. while (NextHeader != IP_PROTOCOL_NONE) {
  799. //
  800. // Current header indicates that another header follows.
  801. // See if we have a handler for it.
  802. //
  803. Handler = ProtocolSwitchTable[NextHeader].ControlReceive;
  804. if (Handler == NULL) {
  805. //
  806. // If we don't have a handler for this header type,
  807. // we just drop the packet.
  808. //
  809. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_BAD_PACKET,
  810. "IPv6ErrorReceive: No handler for NextHeader type %u.\n",
  811. NextHeader));
  812. break;
  813. }
  814. StatArg.Status = Status;
  815. StatArg.Arg = Parameter;
  816. StatArg.IP = InvokingIP;
  817. NextHeader = (*Handler)(Packet, &StatArg);
  818. }
  819. return Handled;
  820. }
  821. //* ICMPv6ControlReceive - handler for ICMPv6 control messages.
  822. //
  823. // This routine is called if we receive an ICMPv6 error message that
  824. // was generated by some remote site as a result of receiving an ICMPv6
  825. // packet from us.
  826. //
  827. uchar
  828. ICMPv6ControlReceive(
  829. IPv6Packet *Packet, // Packet handed to us by ICMPv6Receive.
  830. StatusArg *StatArg) // ICMP Error Code, etc.
  831. {
  832. ICMPv6Header *InvokingICMP;
  833. ulong Seq;
  834. //
  835. // The next thing in the packet should be the ICMP header of the
  836. // original packet which invoked this error.
  837. //
  838. if (! PacketPullup(Packet, sizeof *InvokingICMP,
  839. __builtin_alignof(ICMPv6Header), 0)) {
  840. // Pullup failed.
  841. if (Packet->TotalSize < sizeof *InvokingICMP)
  842. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_BAD_PACKET,
  843. "ICMPv6: Packet too small to contain ICMPv6 header "
  844. "from invoking packet\n"));
  845. return IP_PROTOCOL_NONE; // Drop packet.
  846. }
  847. InvokingICMP = (ICMPv6Header *)Packet->Data;
  848. AdjustPacketParams(Packet, sizeof *InvokingICMP);
  849. //
  850. // All we currently handle is errors caused by echo requests.
  851. //
  852. if ((InvokingICMP->Type != ICMPv6_ECHO_REQUEST) ||
  853. (InvokingICMP->Code != 0))
  854. return IP_PROTOCOL_NONE; // Drop packet.
  855. //
  856. // The next four bytes should consist of a two byte Identifier field
  857. // and a two byte Sequence Number. We just treat the whole thing as
  858. // a four byte sequence number. Make sure these bytes are contiguous.
  859. //
  860. if (! PacketPullup(Packet, sizeof Seq, 1, 0)) {
  861. // Pullup failed.
  862. if (Packet->TotalSize < sizeof Seq)
  863. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_BAD_PACKET,
  864. "ICMPv6: Packet too small to contain ICMPv6 header "
  865. "from invoking packet\n"));
  866. return IP_PROTOCOL_NONE; // Drop packet.
  867. }
  868. //
  869. // Extract the sequence number so that we can identify
  870. // the matching echo request.
  871. //
  872. Seq = net_long(*(ulong UNALIGNED *)Packet->Data);
  873. AdjustPacketParams(Packet, sizeof Seq);
  874. //
  875. // Complete the corresponding echo request with an error.
  876. //
  877. ICMPv6ProcessEchoReply(Seq, StatArg->Status, Packet,
  878. NULL, 0);
  879. return IP_PROTOCOL_NONE; // Done with packet.
  880. }
  881. //* ICMPv6Receive - Receive an incoming ICMPv6 packet.
  882. //
  883. // This is the routine called by IPv6 when it receives a complete IPv6
  884. // packet with a Next Header value of 58.
  885. //
  886. uchar
  887. ICMPv6Receive(
  888. IPv6Packet *Packet) // Packet handed to us by IPv6Receive.
  889. {
  890. ICMPv6Header *ICMP;
  891. ushort Checksum;
  892. uint ICMPPosition;
  893. ICMPv6InStats.icmps_msgs++;
  894. //
  895. // Verify IPSec was performed.
  896. //
  897. if (InboundSecurityCheck(Packet, IP_PROTOCOL_ICMPv6, 0, 0,
  898. Packet->NTEorIF->IF) != TRUE) {
  899. //
  900. // No policy was found or the policy indicated to drop the packet.
  901. //
  902. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_NET_ERROR,
  903. "ICMPv6: IPSec lookup failed\n"));
  904. ICMPv6InStats.icmps_errors++;
  905. return IP_PROTOCOL_NONE; // Drop packet.
  906. }
  907. //
  908. // Verify that we have enough contiguous data to overlay a ICMPv6Header
  909. // structure on the incoming packet. Then do so.
  910. //
  911. if (! PacketPullup(Packet, sizeof *ICMP,
  912. __builtin_alignof(ICMPv6Header), 0)) {
  913. // Pullup failed.
  914. ICMPv6InStats.icmps_errors++;
  915. if (Packet->TotalSize < sizeof *ICMP) {
  916. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_BAD_PACKET,
  917. "ICMPv6: Packet too small to contain ICMP header\n"));
  918. ICMPv6SendError(Packet,
  919. ICMPv6_PARAMETER_PROBLEM,
  920. ICMPv6_ERRONEOUS_HEADER_FIELD,
  921. FIELD_OFFSET(IPv6Header, PayloadLength),
  922. IP_PROTOCOL_NONE, FALSE);
  923. }
  924. return IP_PROTOCOL_NONE; // Drop packet.
  925. }
  926. ICMP = (ICMPv6Header *)Packet->Data;
  927. ICMPPosition = Packet->Position;
  928. //
  929. // Verify checksum.
  930. //
  931. Checksum = ChecksumPacket(Packet->NdisPacket, Packet->Position,
  932. Packet->FlatData, Packet->TotalSize,
  933. Packet->SrcAddr, AlignAddr(&Packet->IP->Dest),
  934. IP_PROTOCOL_ICMPv6);
  935. if (Checksum != 0xffff) {
  936. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_NET_ERROR,
  937. "ICMPv6: Checksum failed %0x\n", Checksum));
  938. ICMPv6InStats.icmps_errors++;
  939. return IP_PROTOCOL_NONE; // Drop packet.
  940. }
  941. //
  942. // Skip over base ICMP header.
  943. //
  944. AdjustPacketParams(Packet, sizeof *ICMP);
  945. //
  946. // Ignore Neighbor Discovery packets
  947. // if the interface is so configured.
  948. // (Pseudo-interfaces don't do Neighbor Discovery.)
  949. //
  950. if (!(Packet->NTEorIF->IF->Flags & IF_FLAG_NEIGHBOR_DISCOVERS)) {
  951. if ((ICMP->Type == ICMPv6_NEIGHBOR_SOLICIT) ||
  952. (ICMP->Type == ICMPv6_NEIGHBOR_ADVERT)) {
  953. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_BAD_PACKET,
  954. "ICMPv6Receive: ND on pseudo-interface\n"));
  955. ICMPv6InStats.icmps_errors++;
  956. return IP_PROTOCOL_NONE; // Drop packet.
  957. }
  958. }
  959. //
  960. // Ignore Router Discovery packets
  961. // if the interface is so configured.
  962. //
  963. if (!(Packet->NTEorIF->IF->Flags & IF_FLAG_ROUTER_DISCOVERS)) {
  964. if ((ICMP->Type == ICMPv6_ROUTER_SOLICIT) ||
  965. (ICMP->Type == ICMPv6_ROUTER_ADVERT) ||
  966. (ICMP->Type == ICMPv6_REDIRECT)) {
  967. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_BAD_PACKET,
  968. "ICMPv6Receive: RD on pseudo-interface\n"));
  969. ICMPv6InStats.icmps_errors++;
  970. return IP_PROTOCOL_NONE; // Drop packet.
  971. }
  972. }
  973. ICMPv6InStats.icmps_typecount[ICMP->Type]++;
  974. //
  975. // We have a separate routine to handle error messages.
  976. //
  977. if (ICMPv6_ERROR_TYPE(ICMP->Type)) {
  978. if (!ICMPv6ErrorReceive(Packet, ICMP))
  979. goto unrecognized;
  980. return IP_PROTOCOL_NONE;
  981. }
  982. //
  983. // Handle specific informational message types.
  984. // Just use a switch statement for now. If this is later deemed to be
  985. // too inefficient, we can change it to use a type switch table instead.
  986. //
  987. switch(ICMP->Type) {
  988. case ICMPv6_ECHO_REQUEST:
  989. ICMPv6SendEchoReply(Packet);
  990. break;
  991. case ICMPv6_ECHO_REPLY:
  992. ICMPv6EchoReplyReceive(Packet);
  993. break;
  994. case ICMPv6_MULTICAST_LISTENER_QUERY:
  995. MLDQueryReceive(Packet);
  996. break;
  997. case ICMPv6_MULTICAST_LISTENER_REPORT:
  998. MLDReportReceive(Packet);
  999. break;
  1000. case ICMPv6_MULTICAST_LISTENER_DONE:
  1001. break;
  1002. // Following are all Neighbor Discovery messages.
  1003. case ICMPv6_ROUTER_SOLICIT:
  1004. RouterSolicitReceive(Packet, ICMP);
  1005. break;
  1006. case ICMPv6_ROUTER_ADVERT:
  1007. RouterAdvertReceive(Packet, ICMP);
  1008. break;
  1009. case ICMPv6_NEIGHBOR_SOLICIT:
  1010. NeighborSolicitReceive(Packet, ICMP);
  1011. break;
  1012. case ICMPv6_NEIGHBOR_ADVERT:
  1013. NeighborAdvertReceive(Packet, ICMP);
  1014. break;
  1015. case ICMPv6_REDIRECT:
  1016. RedirectReceive(Packet, ICMP);
  1017. break;
  1018. default:
  1019. //
  1020. // Don't recognize the specific message type.
  1021. // This is an unknown informational message.
  1022. // We MUST silently discard it.
  1023. //
  1024. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_BAD_PACKET,
  1025. "ICMPv6: Received unknown informational message"
  1026. "(%u/%u) from %s\n", ICMP->Type, ICMP->Code,
  1027. FormatV6Address(AlignAddr(&Packet->IP->Source))));
  1028. //
  1029. // But first see if any raw receivers want to look at it.
  1030. // NOTE: We don't get any feedback from raw receivers,
  1031. // NOTE: so we can't tell if any of them knew this type.
  1032. //
  1033. unrecognized:
  1034. PositionPacketAt(Packet, ICMPPosition);
  1035. (void) RawReceive(Packet, IP_PROTOCOL_ICMPv6);
  1036. break;
  1037. }
  1038. return IP_PROTOCOL_NONE;
  1039. }
  1040. //* ICMPv6EchoRequest - Common dispatch routine for echo requests.
  1041. //
  1042. // This is the routine called by the OS-specific code on behalf of a user
  1043. // to issue an echo request. Validate the request, place control block
  1044. // on list of outstanding echo requests, and send echo request message.
  1045. //
  1046. void
  1047. ICMPv6EchoRequest(
  1048. void *InputBuffer, // Pointer to an ICMPV6_ECHO_REQUEST structure.
  1049. uint InputBufferLength, // Size in bytes of the InputBuffer.
  1050. EchoControl *ControlBlock, // Pointer to an EchoControl structure.
  1051. EchoRtn Callback) // Called when request responds or times out.
  1052. {
  1053. NetTableEntry *NTE = NULL;
  1054. PICMPV6_ECHO_REQUEST RequestBuffer;
  1055. KIRQL OldIrql;
  1056. IP_STATUS Status;
  1057. ulong Seq;
  1058. NDIS_STATUS NdisStatus;
  1059. PNDIS_PACKET Packet;
  1060. uint Offset;
  1061. uchar *Mem;
  1062. uint MemLen;
  1063. IPv6Header UNALIGNED *IP;
  1064. ICMPv6Header UNALIGNED *ICMP;
  1065. void *Data;
  1066. uint DataSize;
  1067. uint RtHdrSize;
  1068. RouteCacheEntry *RCE = NULL;
  1069. const IPv6Addr *FinalDest, *FirstDest;
  1070. const IPv6Addr *DstAddress, *SrcAddress;
  1071. uint DstScopeId, SrcScopeId;
  1072. ICMPv6OutStats.icmps_msgs++;
  1073. RequestBuffer = (PICMPV6_ECHO_REQUEST) InputBuffer;
  1074. //
  1075. // Validate the request.
  1076. //
  1077. if (InputBufferLength < sizeof *RequestBuffer) {
  1078. Status = IP_BUF_TOO_SMALL;
  1079. goto common_echo_exit;
  1080. }
  1081. Data = RequestBuffer + 1;
  1082. DataSize = InputBufferLength - sizeof *RequestBuffer;
  1083. //
  1084. // Extract address information from the TDI addresses
  1085. // in the request.
  1086. //
  1087. DstAddress = (const IPv6Addr *) RequestBuffer->DstAddress.sin6_addr;
  1088. DstScopeId = RequestBuffer->DstAddress.sin6_scope_id;
  1089. SrcAddress = (const IPv6Addr *) RequestBuffer->SrcAddress.sin6_addr;
  1090. SrcScopeId = RequestBuffer->SrcAddress.sin6_scope_id;
  1091. //
  1092. // Determine which NTE will send the request,
  1093. // if the user has specified a source address.
  1094. //
  1095. if (! IsUnspecified(SrcAddress)) {
  1096. //
  1097. // Convert the source address to an NTE.
  1098. //
  1099. NTE = FindNetworkWithAddress(SrcAddress, SrcScopeId);
  1100. if (NTE == NULL) {
  1101. Status = IP_BAD_ROUTE;
  1102. goto common_echo_exit;
  1103. }
  1104. Status = RouteToDestination(DstAddress, DstScopeId,
  1105. CastFromNTE(NTE),
  1106. RTD_FLAG_NORMAL, &RCE);
  1107. if (Status != IP_SUCCESS)
  1108. goto common_echo_exit;
  1109. } else {
  1110. //
  1111. // Get the source address from the outgoing interface.
  1112. //
  1113. Status = RouteToDestination(DstAddress, DstScopeId,
  1114. NULL,
  1115. RTD_FLAG_NORMAL, &RCE);
  1116. if (Status != IP_SUCCESS)
  1117. goto common_echo_exit;
  1118. NTE = RCE->NTE;
  1119. AddRefNTE(NTE);
  1120. }
  1121. //
  1122. // Should we use a routing header to send
  1123. // a "round-trip" echo request to ourself?
  1124. //
  1125. if (RequestBuffer->Flags & ICMPV6_ECHO_REQUEST_FLAG_REVERSE) {
  1126. //
  1127. // Use a routing header.
  1128. //
  1129. FinalDest = &NTE->Address;
  1130. FirstDest = DstAddress;
  1131. RtHdrSize = sizeof(IPv6RoutingHeader) + sizeof(IPv6Addr);
  1132. }
  1133. else {
  1134. //
  1135. // No routing header.
  1136. //
  1137. FinalDest = FirstDest = DstAddress;
  1138. RtHdrSize = 0;
  1139. }
  1140. //
  1141. // Allocate the Echo Request packet.
  1142. //
  1143. Offset = RCE->NCE->IF->LinkHeaderSize;
  1144. MemLen = Offset + sizeof(IPv6Header) + RtHdrSize + sizeof(ICMPv6Header) +
  1145. sizeof Seq + DataSize;
  1146. NdisStatus = IPv6AllocatePacket(MemLen, &Packet, &Mem);
  1147. if (NdisStatus != NDIS_STATUS_SUCCESS) {
  1148. Status = IP_NO_RESOURCES;
  1149. goto common_echo_exit;
  1150. }
  1151. //
  1152. // Prepare IP header of Echo Request packet.
  1153. //
  1154. IP = (IPv6Header UNALIGNED *)(Mem + Offset);
  1155. IP->VersClassFlow = IP_VERSION;
  1156. IP->NextHeader = IP_PROTOCOL_ICMPv6;
  1157. IP->Source = NTE->Address;
  1158. IP->Dest = *FirstDest;
  1159. IP->HopLimit = RequestBuffer->TTL;
  1160. if (IP->HopLimit == 0)
  1161. IP->HopLimit = (uchar)RCE->NCE->IF->CurHopLimit;
  1162. //
  1163. // Prepare the routing header.
  1164. // The packet will travel to the destination and then
  1165. // be routed back to the source.
  1166. //
  1167. if (RtHdrSize != 0) {
  1168. IPv6RoutingHeader *RtHdr = (IPv6RoutingHeader *)(IP + 1);
  1169. IP->NextHeader = IP_PROTOCOL_ROUTING;
  1170. RtHdr->NextHeader = IP_PROTOCOL_ICMPv6;
  1171. RtHdr->HeaderExtLength = 2;
  1172. RtHdr->RoutingType = 0;
  1173. RtHdr->SegmentsLeft = 1;
  1174. RtlZeroMemory(&RtHdr->Reserved, sizeof RtHdr->Reserved);
  1175. ((IPv6Addr *)(RtHdr + 1))[0] = *FinalDest;
  1176. }
  1177. //
  1178. // Prepare ICMP header.
  1179. //
  1180. ICMP = (ICMPv6Header UNALIGNED *)
  1181. ((uchar *)IP + sizeof(IPv6Header) + RtHdrSize);
  1182. ICMP->Type = ICMPv6_ECHO_REQUEST;
  1183. ICMP->Code = 0;
  1184. ICMP->Checksum = 0; // Calculated below.
  1185. //
  1186. // Insert Echo sequence number. Technically, this is 16 bits of
  1187. // "Identifier" and 16 bits of "Sequence Number", but we just treat
  1188. // the whole thing as one 32 bit sequence number field.
  1189. //
  1190. Seq = InterlockedIncrement(&ICMPv6EchoSeq);
  1191. Mem = (uchar *)(ICMP + 1);
  1192. *(ulong UNALIGNED *)Mem = net_long(Seq);
  1193. Mem += sizeof(ulong);
  1194. //
  1195. // Copy the user data into the packet.
  1196. //
  1197. RtlCopyMemory(Mem, Data, DataSize);
  1198. //
  1199. // We calculate the checksum here, because
  1200. // of routing header complications -
  1201. // we need to use the final destination.
  1202. //
  1203. ICMP->Checksum = ChecksumPacket(
  1204. NULL, 0, (uchar *)ICMP, sizeof(ICMPv6Header) + sizeof Seq + DataSize,
  1205. AlignAddr(&IP->Source), FinalDest, IP_PROTOCOL_ICMPv6);
  1206. if (ICMP->Checksum == 0) {
  1207. //
  1208. // ChecksumPacket failed, so abort the transmission.
  1209. //
  1210. IPv6FreePacket(Packet);
  1211. Status = IP_NO_RESOURCES;
  1212. goto common_echo_exit;
  1213. }
  1214. //
  1215. // If this Echo Request is being tunneled to an IPv4 destination,
  1216. // remember the IPv4 destination address. We use this later
  1217. // if we receive an ICMPv4 error with insufficient information
  1218. // to translate to an ICMPv6 error.
  1219. //
  1220. ControlBlock->V4Dest = GetV4Destination(RCE);
  1221. //
  1222. // Prepare the control block and link it onto the list.
  1223. // Once we've unlocked the list, the control block might
  1224. // be completed at any time. Hence it's very important
  1225. // that we not access RequestBuffer after this point.
  1226. // Also we can not return a failure code. To clean up the
  1227. // outstanding request properly, we must use ICMPv6ProcessEchoReply.
  1228. //
  1229. ControlBlock->TimeoutTimer = ConvertMillisToTicks(RequestBuffer->Timeout);
  1230. ControlBlock->CompleteRoutine = Callback;
  1231. ControlBlock->Seq = Seq;
  1232. if (ControlBlock->TimeoutTimer == 0) {
  1233. IPv6FreePacket(Packet);
  1234. Status = IP_REQ_TIMED_OUT;
  1235. goto common_echo_exit;
  1236. }
  1237. KeAcquireSpinLock(&ICMPv6EchoLock, &OldIrql);
  1238. ControlBlock->Next = ICMPv6OutstandingEchos;
  1239. ICMPv6OutstandingEchos = ControlBlock;
  1240. KeReleaseSpinLock(&ICMPv6EchoLock, OldIrql);
  1241. ICMPv6OutStats.icmps_typecount[ICMPv6_ECHO_REQUEST]++;
  1242. //
  1243. // Hand the packet down to IP for transmission.
  1244. // We can't use ICMPv6Send
  1245. // because of routing header complications.
  1246. //
  1247. IPv6Send(Packet, Offset, IP,
  1248. RtHdrSize + sizeof(ICMPv6Header) + sizeof Seq + DataSize,
  1249. RCE, 0, IP_PROTOCOL_ICMPv6, 0, 0);
  1250. common_echo_cleanup:
  1251. if (RCE != NULL)
  1252. ReleaseRCE(RCE);
  1253. if (NTE != NULL)
  1254. ReleaseNTE(NTE);
  1255. return;
  1256. common_echo_exit:
  1257. //
  1258. // Complete the echo request with an error,
  1259. // before it has been placed on our outstanding echoes list.
  1260. //
  1261. ICMPv6OutStats.icmps_errors++;
  1262. (*Callback)(ControlBlock, Status, &UnspecifiedAddr, 0, NULL, 0);
  1263. goto common_echo_cleanup;
  1264. } // ICMPv6EchoRequest
  1265. //* ICMPv6EchoComplete - Common completion routine for echo requests.
  1266. //
  1267. // This is the routine is called by the OS-specific code to process an
  1268. // ICMP echo response.
  1269. //
  1270. NTSTATUS
  1271. ICMPv6EchoComplete(
  1272. EchoControl *ControlBlock, // ControlBlock of completed request.
  1273. IP_STATUS Status, // Status of the reply.
  1274. const IPv6Addr *Address, // Source of the reply.
  1275. uint ScopeId, // Scope of the reply.
  1276. void *Data, // Reply data (may be NULL).
  1277. uint DataSize, // Amount of reply data.
  1278. ULONG_PTR *BytesReturned) // Total user bytes returned.
  1279. {
  1280. PICMPV6_ECHO_REPLY ReplyBuffer;
  1281. LARGE_INTEGER Now, Freq;
  1282. //
  1283. // Sanity check our reply buffer length.
  1284. //
  1285. if (ControlBlock->ReplyBufLen < sizeof *ReplyBuffer) {
  1286. *BytesReturned = 0;
  1287. return STATUS_BUFFER_TOO_SMALL;
  1288. }
  1289. ReplyBuffer = (PICMPV6_ECHO_REPLY) ControlBlock->ReplyBuf;
  1290. //
  1291. // Fill in fields to return.
  1292. //
  1293. ReplyBuffer->Address.sin6_port = 0;
  1294. ReplyBuffer->Address.sin6_flowinfo = 0;
  1295. RtlCopyMemory(ReplyBuffer->Address.sin6_addr, Address, sizeof *Address);
  1296. ReplyBuffer->Address.sin6_scope_id = ScopeId;
  1297. ReplyBuffer->Status = Status;
  1298. //
  1299. // Return the elapsed time in milliseconds.
  1300. //
  1301. Now = KeQueryPerformanceCounter(&Freq);
  1302. ReplyBuffer->RoundTripTime = (uint)
  1303. ((1000 * (Now.QuadPart - ControlBlock->WhenIssued.QuadPart)) /
  1304. Freq.QuadPart);
  1305. //
  1306. // Verify we have enough space in the reply buffer for the reply data.
  1307. //
  1308. if (ControlBlock->ReplyBufLen < sizeof *ReplyBuffer + DataSize) {
  1309. *BytesReturned = sizeof *ReplyBuffer;
  1310. return STATUS_BUFFER_TOO_SMALL;
  1311. }
  1312. //
  1313. // Copy the reply data to follow the reply buffer.
  1314. //
  1315. RtlCopyMemory(ReplyBuffer + 1, Data, DataSize);
  1316. *BytesReturned = sizeof *ReplyBuffer + DataSize;
  1317. return STATUS_SUCCESS;
  1318. } // ICMPv6EchoComplete
  1319. //* ICMPv6EchoTimeout - expire aging unanswered echo requests.
  1320. //
  1321. // IPv6Timeout calls this routine whenever it thinks we might have
  1322. // echo requests outstanding.
  1323. //
  1324. // Callable from DPC context, not from thread context.
  1325. // Called with no locks held.
  1326. //
  1327. void
  1328. ICMPv6EchoTimeout(void)
  1329. {
  1330. EchoControl *This, **PrevPtr, *TimedOut;
  1331. TimedOut = NULL;
  1332. //
  1333. // Grab the outstanding echo list lock and run through the list looking
  1334. // for requests that have timed out.
  1335. //
  1336. KeAcquireSpinLockAtDpcLevel(&ICMPv6EchoLock);
  1337. for (This = ICMPv6OutstandingEchos, PrevPtr = &ICMPv6OutstandingEchos;
  1338. This != (EchoControl *)NULL; This = This->Next) {
  1339. if (This->TimeoutTimer != 0) {
  1340. //
  1341. // Timer is running. Decrement and check for expiration.
  1342. //
  1343. if (--This->TimeoutTimer == 0) {
  1344. //
  1345. // This echo request has been sent and timed out without
  1346. // being answered. Move it to our timed out list.
  1347. //
  1348. *PrevPtr = This->Next;
  1349. This->Next = TimedOut;
  1350. TimedOut = This;
  1351. } else {
  1352. PrevPtr = &This->Next;
  1353. }
  1354. }
  1355. }
  1356. KeReleaseSpinLockFromDpcLevel(&ICMPv6EchoLock);
  1357. //
  1358. // Run through the list of timed out echoes, calling the completion
  1359. // routine on each. The completion routine is responsible for
  1360. // freeing the EchoControl block structure.
  1361. //
  1362. while (TimedOut != NULL) {
  1363. This = TimedOut;
  1364. TimedOut = This->Next;
  1365. KdPrintEx((DPFLTR_TCPIP6_ID, DPFLTR_NET_ERROR,
  1366. "ICMPv6EchoTimeout: seq number 0x%x timed out\n", This->Seq));
  1367. (*This->CompleteRoutine)(This, IP_REQ_TIMED_OUT,
  1368. &UnspecifiedAddr, 0, NULL, 0);
  1369. }
  1370. }