sys/netinet/ip_icmp.h

/*-
 * Copyright (c) 1982, 1986, 1993
 *      The Regents of the University of California.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 4. Neither the name of the University nor the names of its contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 *      @(#)ip_icmp.h   8.1 (Berkeley) 6/10/93
 * $MidnightBSD$
 */

#ifndef _NETINET_IP_ICMP_H_
#define _NETINET_IP_ICMP_H_

/*
 * Interface Control Message Protocol Definitions.
 * Per RFC 792, September 1981.
 */

/*
 * Internal of an ICMP Router Advertisement
 */
struct icmp_ra_addr {
        u_int32_t ira_addr;
        u_int32_t ira_preference;
};

/*
 * Structure of an icmp header.
 */
struct icmphdr {
        u_char  icmp_type;              /* type of message, see below */
        u_char  icmp_code;              /* type sub code */
        u_short icmp_cksum;             /* ones complement cksum of struct */
};

/*
 * Structure of an icmp packet.
 *
 * XXX: should start with a struct icmphdr.
 */
struct icmp {
        u_char  icmp_type;              /* type of message, see below */
        u_char  icmp_code;              /* type sub code */
        u_short icmp_cksum;             /* ones complement cksum of struct */
        union {
                u_char ih_pptr;                 /* ICMP_PARAMPROB */
                struct in_addr ih_gwaddr;       /* ICMP_REDIRECT */
                struct ih_idseq {
                        uint16_t        icd_id; /* network format */
                        uint16_t        icd_seq; /* network format */
                } ih_idseq;
                int ih_void;

                /* ICMP_UNREACH_NEEDFRAG -- Path MTU Discovery (RFC1191) */
                struct ih_pmtu {
                        uint16_t ipm_void;      /* network format */
                        uint16_t ipm_nextmtu;   /* network format */
                } ih_pmtu;

                struct ih_rtradv {
                        u_char irt_num_addrs;
                        u_char irt_wpa;
                        u_int16_t irt_lifetime;
                } ih_rtradv;
        } icmp_hun;
#define icmp_pptr       icmp_hun.ih_pptr
#define icmp_gwaddr     icmp_hun.ih_gwaddr
#define icmp_id         icmp_hun.ih_idseq.icd_id
#define icmp_seq        icmp_hun.ih_idseq.icd_seq
#define icmp_void       icmp_hun.ih_void
#define icmp_pmvoid     icmp_hun.ih_pmtu.ipm_void
#define icmp_nextmtu    icmp_hun.ih_pmtu.ipm_nextmtu
#define icmp_num_addrs  icmp_hun.ih_rtradv.irt_num_addrs
#define icmp_wpa        icmp_hun.ih_rtradv.irt_wpa
#define icmp_lifetime   icmp_hun.ih_rtradv.irt_lifetime
        union {
                struct id_ts {                  /* ICMP Timestamp */
                        /*
                         * The next 3 fields are in network format,
                         * milliseconds since 00:00 GMT
                         */
                        uint32_t its_otime;     /* Originate */
                        uint32_t its_rtime;     /* Receive */
                        uint32_t its_ttime;     /* Transmit */
                } id_ts;
                struct id_ip  {
                        struct ip idi_ip;
                        /* options and then 64 bits of data */
                } id_ip;
                struct icmp_ra_addr id_radv;
                u_int32_t id_mask;
                char    id_data[1];
        } icmp_dun;
#define icmp_otime      icmp_dun.id_ts.its_otime
#define icmp_rtime      icmp_dun.id_ts.its_rtime
#define icmp_ttime      icmp_dun.id_ts.its_ttime
#define icmp_ip         icmp_dun.id_ip.idi_ip
#define icmp_radv       icmp_dun.id_radv
#define icmp_mask       icmp_dun.id_mask
#define icmp_data       icmp_dun.id_data
};

/*
 * Lower bounds on packet lengths for various types.
 * For the error advice packets must first insure that the
 * packet is large enough to contain the returned ip header.
 * Only then can we do the check to see if 64 bits of packet
 * data have been returned, since we need to check the returned
 * ip header length.
 */
#define ICMP_MINLEN     8                               /* abs minimum */
#define ICMP_TSLEN      (8 + 3 * sizeof (uint32_t))     /* timestamp */
#define ICMP_MASKLEN    12                              /* address mask */
#define ICMP_ADVLENMIN  (8 + sizeof (struct ip) + 8)    /* min */
#define ICMP_ADVLEN(p)  (8 + ((p)->icmp_ip.ip_hl << 2) + 8)
        /* N.B.: must separately check that ip_hl >= 5 */

/*
 * Definition of type and code field values.
 */
#define ICMP_ECHOREPLY          0               /* echo reply */
#define ICMP_UNREACH            3               /* dest unreachable, codes: */
#define         ICMP_UNREACH_NET        0               /* bad net */
#define         ICMP_UNREACH_HOST       1               /* bad host */
#define         ICMP_UNREACH_PROTOCOL   2               /* bad protocol */
#define         ICMP_UNREACH_PORT       3               /* bad port */
#define         ICMP_UNREACH_NEEDFRAG   4               /* IP_DF caused drop */
#define         ICMP_UNREACH_SRCFAIL    5               /* src route failed */
#define         ICMP_UNREACH_NET_UNKNOWN 6              /* unknown net */
#define         ICMP_UNREACH_HOST_UNKNOWN 7             /* unknown host */
#define         ICMP_UNREACH_ISOLATED   8               /* src host isolated */
#define         ICMP_UNREACH_NET_PROHIB 9               /* prohibited access */
#define         ICMP_UNREACH_HOST_PROHIB 10             /* ditto */
#define         ICMP_UNREACH_TOSNET     11              /* bad tos for net */
#define         ICMP_UNREACH_TOSHOST    12              /* bad tos for host */
#define         ICMP_UNREACH_FILTER_PROHIB 13           /* admin prohib */
#define         ICMP_UNREACH_HOST_PRECEDENCE 14         /* host prec vio. */
#define         ICMP_UNREACH_PRECEDENCE_CUTOFF 15       /* prec cutoff */
#define ICMP_SOURCEQUENCH       4               /* packet lost, slow down */
#define ICMP_REDIRECT           5               /* shorter route, codes: */
#define         ICMP_REDIRECT_NET       0               /* for network */
#define         ICMP_REDIRECT_HOST      1               /* for host */
#define         ICMP_REDIRECT_TOSNET    2               /* for tos and net */
#define         ICMP_REDIRECT_TOSHOST   3               /* for tos and host */
#define ICMP_ALTHOSTADDR        6               /* alternate host address */
#define ICMP_ECHO               8               /* echo service */
#define ICMP_ROUTERADVERT       9               /* router advertisement */
#define         ICMP_ROUTERADVERT_NORMAL                0       /* normal advertisement */
#define         ICMP_ROUTERADVERT_NOROUTE_COMMON        16      /* selective routing */
#define ICMP_ROUTERSOLICIT      10              /* router solicitation */
#define ICMP_TIMXCEED           11              /* time exceeded, code: */
#define         ICMP_TIMXCEED_INTRANS   0               /* ttl==0 in transit */
#define         ICMP_TIMXCEED_REASS     1               /* ttl==0 in reass */
#define ICMP_PARAMPROB          12              /* ip header bad */
#define         ICMP_PARAMPROB_ERRATPTR 0               /* error at param ptr */
#define         ICMP_PARAMPROB_OPTABSENT 1              /* req. opt. absent */
#define         ICMP_PARAMPROB_LENGTH 2                 /* bad length */
#define ICMP_TSTAMP             13              /* timestamp request */
#define ICMP_TSTAMPREPLY        14              /* timestamp reply */
#define ICMP_IREQ               15              /* information request */
#define ICMP_IREQREPLY          16              /* information reply */
#define ICMP_MASKREQ            17              /* address mask request */
#define ICMP_MASKREPLY          18              /* address mask reply */
#define ICMP_TRACEROUTE         30              /* traceroute */
#define ICMP_DATACONVERR        31              /* data conversion error */
#define ICMP_MOBILE_REDIRECT    32              /* mobile host redirect */
#define ICMP_IPV6_WHEREAREYOU   33              /* IPv6 where-are-you */
#define ICMP_IPV6_IAMHERE       34              /* IPv6 i-am-here */
#define ICMP_MOBILE_REGREQUEST  35              /* mobile registration req */
#define ICMP_MOBILE_REGREPLY    36              /* mobile registration reply */
#define ICMP_SKIP               39              /* SKIP */
#define ICMP_PHOTURIS           40              /* Photuris */
#define         ICMP_PHOTURIS_UNKNOWN_INDEX     1       /* unknown sec index */
#define         ICMP_PHOTURIS_AUTH_FAILED       2       /* auth failed */
#define         ICMP_PHOTURIS_DECRYPT_FAILED    3       /* decrypt failed */

#define ICMP_MAXTYPE            40

#define ICMP_INFOTYPE(type) \
        ((type) == ICMP_ECHOREPLY || (type) == ICMP_ECHO || \
        (type) == ICMP_ROUTERADVERT || (type) == ICMP_ROUTERSOLICIT || \
        (type) == ICMP_TSTAMP || (type) == ICMP_TSTAMPREPLY || \
        (type) == ICMP_IREQ || (type) == ICMP_IREQREPLY || \
        (type) == ICMP_MASKREQ || (type) == ICMP_MASKREPLY)

#ifdef _KERNEL
void    icmp_error(struct mbuf *, int, int, uint32_t, int);
void    icmp_input(struct mbuf *, int);
int     ip_next_mtu(int, int);
#endif

#endif
Revision:	6714
Committed:	Thu Jul 10 12:22:47 2014 UTC (9 years, 9 months ago) by laffer1
Content type:	text/plain
File size:	8292 byte(s)
Log Message:	MidnightBSD 0.4-RELEASE-p13 Fix a vulnerability in the control message API. A buffer is not properly cleared.
#	Content
1	/*-
2	* Copyright (c) 1982, 1986, 1993
3	* The Regents of the University of California. All rights reserved.
4	*
5	* Redistribution and use in source and binary forms, with or without
6	* modification, are permitted provided that the following conditions
7	* are met:
8	* 1. Redistributions of source code must retain the above copyright
9	* notice, this list of conditions and the following disclaimer.
10	* 2. Redistributions in binary form must reproduce the above copyright
11	* notice, this list of conditions and the following disclaimer in the
12	* documentation and/or other materials provided with the distribution.
13	* 4. Neither the name of the University nor the names of its contributors
14	* may be used to endorse or promote products derived from this software
15	* without specific prior written permission.
16	*
17	* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
18	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20	* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
21	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27	* SUCH DAMAGE.
28	*
29	* @(#)ip_icmp.h 8.1 (Berkeley) 6/10/93
30	* $MidnightBSD$
31	*/
32
33	#ifndef _NETINET_IP_ICMP_H_
34	#define _NETINET_IP_ICMP_H_
35
36	/*
37	* Interface Control Message Protocol Definitions.
38	* Per RFC 792, September 1981.
39	*/
40
41	/*
42	* Internal of an ICMP Router Advertisement
43	*/
44	struct icmp_ra_addr {
45	u_int32_t ira_addr;
46	u_int32_t ira_preference;
47	};
48
49	/*
50	* Structure of an icmp header.
51	*/
52	struct icmphdr {
53	u_char icmp_type; /* type of message, see below */
54	u_char icmp_code; /* type sub code */
55	u_short icmp_cksum; /* ones complement cksum of struct */
56	};
57
58	/*
59	* Structure of an icmp packet.
60	*
61	* XXX: should start with a struct icmphdr.
62	*/
63	struct icmp {
64	u_char icmp_type; /* type of message, see below */
65	u_char icmp_code; /* type sub code */
66	u_short icmp_cksum; /* ones complement cksum of struct */
67	union {
68	u_char ih_pptr; /* ICMP_PARAMPROB */
69	struct in_addr ih_gwaddr; /* ICMP_REDIRECT */
70	struct ih_idseq {
71	uint16_t icd_id; /* network format */
72	uint16_t icd_seq; /* network format */
73	} ih_idseq;
74	int ih_void;
75
76	/* ICMP_UNREACH_NEEDFRAG -- Path MTU Discovery (RFC1191) */
77	struct ih_pmtu {
78	uint16_t ipm_void; /* network format */
79	uint16_t ipm_nextmtu; /* network format */
80	} ih_pmtu;
81
82	struct ih_rtradv {
83	u_char irt_num_addrs;
84	u_char irt_wpa;
85	u_int16_t irt_lifetime;
86	} ih_rtradv;
87	} icmp_hun;
88	#define icmp_pptr icmp_hun.ih_pptr
89	#define icmp_gwaddr icmp_hun.ih_gwaddr
90	#define icmp_id icmp_hun.ih_idseq.icd_id
91	#define icmp_seq icmp_hun.ih_idseq.icd_seq
92	#define icmp_void icmp_hun.ih_void
93	#define icmp_pmvoid icmp_hun.ih_pmtu.ipm_void
94	#define icmp_nextmtu icmp_hun.ih_pmtu.ipm_nextmtu
95	#define icmp_num_addrs icmp_hun.ih_rtradv.irt_num_addrs
96	#define icmp_wpa icmp_hun.ih_rtradv.irt_wpa
97	#define icmp_lifetime icmp_hun.ih_rtradv.irt_lifetime
98	union {
99	struct id_ts { /* ICMP Timestamp */
100	/*
101	* The next 3 fields are in network format,
102	* milliseconds since 00:00 GMT
103	*/
104	uint32_t its_otime; /* Originate */
105	uint32_t its_rtime; /* Receive */
106	uint32_t its_ttime; /* Transmit */
107	} id_ts;
108	struct id_ip {
109	struct ip idi_ip;
110	/* options and then 64 bits of data */
111	} id_ip;
112	struct icmp_ra_addr id_radv;
113	u_int32_t id_mask;
114	char id_data[1];
115	} icmp_dun;
116	#define icmp_otime icmp_dun.id_ts.its_otime
117	#define icmp_rtime icmp_dun.id_ts.its_rtime
118	#define icmp_ttime icmp_dun.id_ts.its_ttime
119	#define icmp_ip icmp_dun.id_ip.idi_ip
120	#define icmp_radv icmp_dun.id_radv
121	#define icmp_mask icmp_dun.id_mask
122	#define icmp_data icmp_dun.id_data
123	};
124
125	/*
126	* Lower bounds on packet lengths for various types.
127	* For the error advice packets must first insure that the
128	* packet is large enough to contain the returned ip header.
129	* Only then can we do the check to see if 64 bits of packet
130	* data have been returned, since we need to check the returned
131	* ip header length.
132	*/
133	#define ICMP_MINLEN 8 /* abs minimum */
134	#define ICMP_TSLEN (8 + 3 * sizeof (uint32_t)) /* timestamp */
135	#define ICMP_MASKLEN 12 /* address mask */
136	#define ICMP_ADVLENMIN (8 + sizeof (struct ip) + 8) /* min */
137	#define ICMP_ADVLEN(p) (8 + ((p)->icmp_ip.ip_hl << 2) + 8)
138	/* N.B.: must separately check that ip_hl >= 5 */
139
140	/*
141	* Definition of type and code field values.
142	*/
143	#define ICMP_ECHOREPLY 0 /* echo reply */
144	#define ICMP_UNREACH 3 /* dest unreachable, codes: */
145	#define ICMP_UNREACH_NET 0 /* bad net */
146	#define ICMP_UNREACH_HOST 1 /* bad host */
147	#define ICMP_UNREACH_PROTOCOL 2 /* bad protocol */
148	#define ICMP_UNREACH_PORT 3 /* bad port */
149	#define ICMP_UNREACH_NEEDFRAG 4 /* IP_DF caused drop */
150	#define ICMP_UNREACH_SRCFAIL 5 /* src route failed */
151	#define ICMP_UNREACH_NET_UNKNOWN 6 /* unknown net */
152	#define ICMP_UNREACH_HOST_UNKNOWN 7 /* unknown host */
153	#define ICMP_UNREACH_ISOLATED 8 /* src host isolated */
154	#define ICMP_UNREACH_NET_PROHIB 9 /* prohibited access */
155	#define ICMP_UNREACH_HOST_PROHIB 10 /* ditto */
156	#define ICMP_UNREACH_TOSNET 11 /* bad tos for net */
157	#define ICMP_UNREACH_TOSHOST 12 /* bad tos for host */
158	#define ICMP_UNREACH_FILTER_PROHIB 13 /* admin prohib */
159	#define ICMP_UNREACH_HOST_PRECEDENCE 14 /* host prec vio. */
160	#define ICMP_UNREACH_PRECEDENCE_CUTOFF 15 /* prec cutoff */
161	#define ICMP_SOURCEQUENCH 4 /* packet lost, slow down */
162	#define ICMP_REDIRECT 5 /* shorter route, codes: */
163	#define ICMP_REDIRECT_NET 0 /* for network */
164	#define ICMP_REDIRECT_HOST 1 /* for host */
165	#define ICMP_REDIRECT_TOSNET 2 /* for tos and net */
166	#define ICMP_REDIRECT_TOSHOST 3 /* for tos and host */
167	#define ICMP_ALTHOSTADDR 6 /* alternate host address */
168	#define ICMP_ECHO 8 /* echo service */
169	#define ICMP_ROUTERADVERT 9 /* router advertisement */
170	#define ICMP_ROUTERADVERT_NORMAL 0 /* normal advertisement */
171	#define ICMP_ROUTERADVERT_NOROUTE_COMMON 16 /* selective routing */
172	#define ICMP_ROUTERSOLICIT 10 /* router solicitation */
173	#define ICMP_TIMXCEED 11 /* time exceeded, code: */
174	#define ICMP_TIMXCEED_INTRANS 0 /* ttl==0 in transit */
175	#define ICMP_TIMXCEED_REASS 1 /* ttl==0 in reass */
176	#define ICMP_PARAMPROB 12 /* ip header bad */
177	#define ICMP_PARAMPROB_ERRATPTR 0 /* error at param ptr */
178	#define ICMP_PARAMPROB_OPTABSENT 1 /* req. opt. absent */
179	#define ICMP_PARAMPROB_LENGTH 2 /* bad length */
180	#define ICMP_TSTAMP 13 /* timestamp request */
181	#define ICMP_TSTAMPREPLY 14 /* timestamp reply */
182	#define ICMP_IREQ 15 /* information request */
183	#define ICMP_IREQREPLY 16 /* information reply */
184	#define ICMP_MASKREQ 17 /* address mask request */
185	#define ICMP_MASKREPLY 18 /* address mask reply */
186	#define ICMP_TRACEROUTE 30 /* traceroute */
187	#define ICMP_DATACONVERR 31 /* data conversion error */
188	#define ICMP_MOBILE_REDIRECT 32 /* mobile host redirect */
189	#define ICMP_IPV6_WHEREAREYOU 33 /* IPv6 where-are-you */
190	#define ICMP_IPV6_IAMHERE 34 /* IPv6 i-am-here */
191	#define ICMP_MOBILE_REGREQUEST 35 /* mobile registration req */
192	#define ICMP_MOBILE_REGREPLY 36 /* mobile registration reply */
193	#define ICMP_SKIP 39 /* SKIP */
194	#define ICMP_PHOTURIS 40 /* Photuris */
195	#define ICMP_PHOTURIS_UNKNOWN_INDEX 1 /* unknown sec index */
196	#define ICMP_PHOTURIS_AUTH_FAILED 2 /* auth failed */
197	#define ICMP_PHOTURIS_DECRYPT_FAILED 3 /* decrypt failed */
198
199	#define ICMP_MAXTYPE 40
200
201	#define ICMP_INFOTYPE(type) \
202	((type) == ICMP_ECHOREPLY \|\| (type) == ICMP_ECHO \|\| \
203	(type) == ICMP_ROUTERADVERT \|\| (type) == ICMP_ROUTERSOLICIT \|\| \
204	(type) == ICMP_TSTAMP \|\| (type) == ICMP_TSTAMPREPLY \|\| \
205	(type) == ICMP_IREQ \|\| (type) == ICMP_IREQREPLY \|\| \
206	(type) == ICMP_MASKREQ \|\| (type) == ICMP_MASKREPLY)
207
208	#ifdef _KERNEL
209	void icmp_error(struct mbuf *, int, int, uint32_t, int);
210	void icmp_input(struct mbuf *, int);
211	int ip_next_mtu(int, int);
212	#endif
213
214	#endif