linux内核协议栈 icmp 报文收发流程_linux kernel icmp

目录

1 ICMP报文接收

1.1  icmp_rcv() 实现

1.2 type类型对应处理函数定义 icmp_pointers[NR_ICMP_TYPES + 1]

1.3 处理 ping 请求处理 icmp_echo()

1.4 时间戳请求处理 icmp_timestamp()

1.5 Unreach 数据处理 icmp_unreach()

1.5.1 调用传输层接口差错报文处理 icmp_socket_deliver()

1.6 redirect 数据处理 icmp_redirect()

1.7 ICMP报文应答 icmp_reply()

1.7.1 速率控制函数 icmpv4_xrlim_allow()

1.7.2 数据发送 icmp_push_reply()

2 ICMP报文发送

2.1 icmp_send() 实现

---

1 ICMP报文接收

1.1  icmp_rcv() 实现

在ip层判断是icmp报文之后，会调用 icmp_rcv() 来处理 icmp 类型的报文

1. 对数据包进行合理性检查
2. 根据icmp的类型，分类处理

/*
 *	Deal with incoming ICMP packets.
 */
int icmp_rcv(struct sk_buff *skb)
{
	struct icmphdr *icmph;
	struct rtable *rt = skb_rtable(skb);
	struct net *net = dev_net(rt->dst.dev);
	// 基于策略的高扩展性的网络安全架构，对于这个内核子架构不清楚此处分析不了，跳过。
	if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) {
		struct sec_path *sp = skb_sec_path(skb);
		int nh;
 
		if (!(sp && sp->xvec[sp->len - 1]->props.flags &
				 XFRM_STATE_ICMP))
			goto drop;
 
		if (!pskb_may_pull(skb, sizeof(*icmph) + sizeof(struct iphdr)))
			goto drop;
 
		nh = skb_network_offset(skb);
		skb_set_network_header(skb, sizeof(*icmph));
 
		if (!xfrm4_policy_check_reverse(NULL, XFRM_POLICY_IN, skb))
			goto drop;
 
		skb_set_network_header(skb, nh);
	}
 
	ICMP_INC_STATS_BH(net, ICMP_MIB_INMSGS);
	
	//验证校验和信息
	switch (skb->ip_summed) {
	case CHECKSUM_COMPLETE:
		if (!csum_fold(skb->csum))
			break;
		/* fall through */
	case CHECKSUM_NONE:
		skb->csum = 0;
		if (__skb_checksum_complete(skb))
			goto csum_error;
	}
 
	if (!pskb_pull(skb, sizeof(*icmph)))
		goto error;
	
	//获取icmp头部
	icmph = icmp_hdr(skb);
 
	ICMPMSGIN_INC_STATS_BH(net, icmph->type);
	/*
	 *	18 is the highest 'known' ICMP type. Anything else is a mystery
	 *
	 *	RFC 1122: 3.2.2  Unknown ICMP messages types MUST be silently
	 *		  discarded.
	 */
	 //type类型错误直接丢掉
	if (icmph->type > NR_ICMP_TYPES)
		goto error;
 
 
	/*
	 *	Parse the ICMP message
	 */
	
	//判断是否丢弃掉多播类型的icmp数据包	
	//只处理echo、timestamp、address_mask_request、address_mask_reply类型的多播icmp数据包
	if (rt->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST)) {
		/*
		 *	RFC 1122: 3.2.2.6 An ICMP_ECHO to broadcast MAY be
		 *	  silently ignored (we let user decide with a sysctl).
		 *	RFC 1122: 3.2.2.8 An ICMP_TIMESTAMP MAY be silently
		 *	  discarded if to broadcast/multicast.
		 */
		if ((icmph->type == ICMP_ECHO ||
		     icmph->type == ICMP_TIMESTAMP) &&
		    net->ipv4.sysctl_icmp_echo_ignore_broadcasts) {
			goto error;
		}
		if (icmph->type != ICMP_ECHO &&
		    icmph->type != ICMP_TIMESTAMP &&
		    icmph->type != ICMP_ADDRESS &&
		    icmph->type != ICMP_ADDRESSREPLY) {
			goto error;
		}
	}
	//根据icmp数据包类型，调用相应的处理函数
	icmp_pointers[icmph->type].handler(skb);
 
drop:
	kfree_skb(skb);
	return 0;
csum_error:
	ICMP_INC_STATS_BH(net, ICMP_MIB_CSUMERRORS);
error:
	ICMP_INC_STATS_BH(net, ICMP_MIB_INERRORS);
	goto drop;
}

1.2 type类型对应处理函数定义 icmp_pointers[NR_ICMP_TYPES + 1]

static const struct icmp_control icmp_pointers[NR_ICMP_TYPES + 1] = {
	[ICMP_ECHOREPLY] = {
		.handler = ping_rcv,
	},
	[1] = {
		.handler = icmp_discard,
		.error = 1,
	},
	[2] = {
		.handler = icmp_discard,
		.error = 1,
	},
	[ICMP_DEST_UNREACH] = {
		.handler = icmp_unreach,
		.error = 1,
	},
	[ICMP_SOURCE_QUENCH] = {
		.handler = icmp_unreach,
		.error = 1,
	},
	[ICMP_REDIRECT] = {
		.handler = icmp_redirect,
		.error = 1,
	},
	[6] = {
		.handler = icmp_discard,
		.error = 1,
	},
	[7] = {
		.handler = icmp_discard,
		.error = 1,
	},
	[ICMP_ECHO] = {
		.handler = icmp_echo,
	},
	[9] = {
		.handler = icmp_discard,
		.error = 1,
	},
	[10] = {
		.handler = icmp_discard,
		.error = 1,
	},
	[ICMP_TIME_EXCEEDED] = {
		.handler = icmp_unreach,
		.error = 1,
	},
	[ICMP_PARAMETERPROB] = {
		.handler = icmp_unreach,
		.error = 1,
	},
	[ICMP_TIMESTAMP] = {
		.handler = icmp_timestamp,
	},
	[ICMP_TIMESTAMPREPLY] = {
		.handler = icmp_discard,
	},
	[ICMP_INFO_REQUEST] = {
		.handler = icmp_discard,
	},
	[ICMP_INFO_REPLY] = {
		.handler = icmp_discard,
	},
	[ICMP_ADDRESS] = {
		.handler = icmp_discard,
	},
	[ICMP_ADDRESSREPLY] = {
		.handler = icmp_discard,
	},
};

1.3 处理 ping 请求处理 icmp_echo()

该函数用于处理远端的ping请求报文，即收到type=8的 icmp 报文，核心步骤如下：

1. 将 icmp 的 type 设置为 ICMP_ECHOREPLY(0)
2. 调用 icmp_reply() 将该数据包发送出去。

/*
 *	Handle ICMP_ECHO ("ping") requests.
 *
 *	RFC 1122: 3.2.2.6 MUST have an echo server that answers ICMP echo
 *		  requests.
 *	RFC 1122: 3.2.2.6 Data received in the ICMP_ECHO request MUST be
 *		  included in the reply.
 *	RFC 1812: 4.3.3.6 SHOULD have a config option for silently ignoring
 *		  echo requests, MUST have default=NOT.
 *	See also WRT handling of options once they are done and working.
 */
 
static void icmp_echo(struct sk_buff *skb)
{
	struct net *net;
 
	net = dev_net(skb_dst(skb)->dev);
	if (!net->ipv4.sysctl_icmp_echo_ignore_all) {
		struct icmp_bxm icmp_param;
 
		icmp_param.data.icmph	   = *icmp_hdr(skb);
		icmp_param.data.icmph.type = ICMP_ECHOREPLY;
		icmp_param.skb		   = skb;
		icmp_param.offset	   = 0;
		icmp_param.data_len	   = skb->len;
		icmp_param.head_len	   = sizeof(struct icmphdr);
		icmp_reply(&icmp_param, skb);
	}
}

1.4 时间戳请求处理 icmp_timestamp()

收到远端发送的时间戳请求报文，即 type=13 的 icmp 报文，核心步骤如下：

1. 获取当前时间戳
2. 将 icmp 的 type 设置为 ICMP_TIMESTAMPREPLY(14)
3. 调用 icmp_reply() 将该数据包发送出去。

/*
 *	Handle ICMP Timestamp requests.
 *	RFC 1122: 3.2.2.8 MAY implement ICMP timestamp requests.
 *		  SHOULD be in the kernel for minimum random latency.
 *		  MUST be accurate to a few minutes.
 *		  MUST be updated at least at 15Hz.
 */
static void icmp_timestamp(struct sk_buff *skb)
{
	struct timespec tv;
	struct icmp_bxm icmp_param;
	/*
	 *	Too short.
	 */
	if (skb->len < 4)
		goto out_err;
 
	/*
	 *	Fill in the current time as ms since midnight UT:
	 */
	getnstimeofday(&tv);
	icmp_param.data.times[1] = htonl((tv.tv_sec % 86400) * MSEC_PER_SEC +
					 tv.tv_nsec / NSEC_PER_MSEC);
	icmp_param.data.times[2] = icmp_param.data.times[1];
	if (skb_copy_bits(skb, 0, &icmp_param.data.times[0], 4))
		BUG();
	icmp_param.data.icmph	   = *icmp_hdr(skb);
	icmp_param.data.icmph.type = ICMP_TIMESTAMPREPLY;
	icmp_param.data.icmph.code = 0;
	icmp_param.skb		   = skb;
	icmp_param.offset	   = 0;
	icmp_param.data_len	   = 0;
	icmp_param.head_len	   = sizeof(struct icmphdr) + 12;
	icmp_reply(&icmp_param, skb);
out:
	return;
out_err:
	ICMP_INC_STATS_BH(dev_net(skb_dst(skb)->dev), ICMP_MIB_INERRORS);
	goto out;
}

1.5 Unreach 数据处理 icmp_unreach()

收到远端发过来的报文不可达信息，即type=3的 icmp 报文。当然，如果收到 type=4（ICMP_SOURCE_QUENCH）、type=14（ICMP_TIMESTAMPREPLY）的报文也调用该接口处理，icmp_unreach()核心逻辑就是根据icmp中有效载荷数据的值，调用传输层的错误处理函数进行处理。

/*
 *	Handle ICMP_DEST_UNREACH, ICMP_TIME_EXCEED, and ICMP_SOURCE_QUENCH.
 */
 
static void icmp_unreach(struct sk_buff *skb)
{
	const struct iphdr *iph;
	struct icmphdr *icmph;
	struct net *net;
	u32 info = 0;
 
	net = dev_net(skb_dst(skb)->dev);
 
	/*
	 *	Incomplete header ?
	 * 	Only checks for the IP header, there should be an
	 *	additional check for longer headers in upper levels.
	 */
 
	if (!pskb_may_pull(skb, sizeof(struct iphdr)))
		goto out_err;
	
	//获取icmp首部
	icmph = icmp_hdr(skb);
	iph   = (const struct iphdr *)skb->data;
	
	//判断ip首部是否完整
	if (iph->ihl < 5) /* Mangled header, drop. */
		goto out_err;
	/*仅处理type类型为3或者12的数据包
       1、当类型为3时，仅处理code为frag needed的报文
           a)当系统不支持pmtu时，丢弃该数据包
           b)当系统支持pmtu时，调用ip_rt_frag_needed修改pmtu的值
       2、当type类型为12时，则通过icmph->un.gateway获取出错偏移值(相对于数据包)
    */
	if (icmph->type == ICMP_DEST_UNREACH) {
		switch (icmph->code & 15) {
		case ICMP_NET_UNREACH:
		case ICMP_HOST_UNREACH:
		case ICMP_PROT_UNREACH:
		case ICMP_PORT_UNREACH:
			break;
		case ICMP_FRAG_NEEDED:
			if (ipv4_config.no_pmtu_disc) {
				LIMIT_NETDEBUG(KERN_INFO pr_fmt("%pI4: fragmentation needed and DF set\n"),
					       &iph->daddr);
			} else {
				info = ntohs(icmph->un.frag.mtu);
				if (!info)
					goto out;
			}
			break;
		case ICMP_SR_FAILED:
			LIMIT_NETDEBUG(KERN_INFO pr_fmt("%pI4: Source Route Failed\n"),
				       &iph->daddr);
			break;
		default:
			break;
		}
		if (icmph->code > NR_ICMP_UNREACH)
			goto out;
	} else if (icmph->type == ICMP_PARAMETERPROB)
		info = ntohl(icmph->un.gateway) >> 24;
 
	/*
	 *	Throw it at our lower layers
	 *
	 *	RFC 1122: 3.2.2 MUST extract the protocol ID from the passed
	 *		  header.
	 *	RFC 1122: 3.2.2.1 MUST pass ICMP unreach messages to the
	 *		  transport layer.
	 *	RFC 1122: 3.2.2.2 MUST pass ICMP time expired messages to
	 *		  transport layer.
	 */
 
	/*
	 *	Check the other end isn't violating RFC 1122. Some routers send
	 *	bogus responses to broadcast frames. If you see this message
	 *	first check your netmask matches at both ends, if it does then
	 *	get the other vendor to fix their kit.
	 */
	//对于目的地址是广播的icmp数据包，且需要忽略时，则打印错误并忽略该数据包
	if (!net->ipv4.sysctl_icmp_ignore_bogus_error_responses &&
	    inet_addr_type(net, iph->daddr) == RTN_BROADCAST) {
		net_warn_ratelimited("%pI4 sent an invalid ICMP type %u, code %u error to a broadcast: %pI4 on %s\n",
				     &ip_hdr(skb)->saddr,
				     icmph->type, icmph->code,
				     &iph->daddr, skb->dev->name);
		goto out;
	}
 
	icmp_socket_deliver(skb, info);
 
out:
	return;
out_err:
	ICMP_INC_STATS_BH(net, ICMP_MIB_INERRORS);
	goto out;
}

1.5.1 调用传输层接口差错报文处理 icmp_socket_deliver()

static void icmp_socket_deliver(struct sk_buff *skb, u32 info)
{
	//此时的iph，是icmp有效载荷中的ip头部信息，在icmp_rcv中已经将skb->data指向icmp报文的有效载荷部分了
	const struct iphdr *iph = (const struct iphdr *) skb->data;
	const struct net_protocol *ipprot;
	//获取传输层协议值
	int protocol = iph->protocol;
 
	/* Checkin full IP header plus 8 bytes of protocol to
	 * avoid additional coding at protocol handlers.
	 */
	/*检测icmp报文中有效载荷部分内容长度是否大于等于ip头部信息加上8字节
      在发送icmp差错报文时，会将icmp数据部分的值设置为ip头部信息+ ip有效载荷的前8个字节，
      这样就可以判断是传输层的那个应用数据发送出错*/
	if (!pskb_may_pull(skb, iph->ihl * 4 + 8))
		return;
		
	//首先调用raw_icmp_error，将差错信息发送给感兴趣的raw socket
	raw_icmp_error(skb, protocol, info);
 
	rcu_read_lock();
	//根据protocol值，查找符合条件的4层接收处理hash数组inet_protos，
    //调用其错误处理函数进行后续处理
	ipprot = rcu_dereference(inet_protos[protocol]);
	if (ipprot && ipprot->err_handler)
		ipprot->err_handler(skb, info);
	rcu_read_unlock();
}

1.6 redirect 数据处理 icmp_redirect()

收到远端发过来的报文不可达信息，即type=5的 icmp 报文，函数如下：

/*
 *	Handle ICMP_REDIRECT.
 */
 
static bool icmp_redirect(struct sk_buff *skb)
{
	if (skb->len < sizeof(struct iphdr)) {
		__ICMP_INC_STATS(dev_net(skb->dev), ICMP_MIB_INERRORS);
		return false;
	}
 
	if (!pskb_may_pull(skb, sizeof(struct iphdr))) {
		/* there aught to be a stat */
		return false;
	}
 
	icmp_socket_deliver(skb, ntohl(icmp_hdr(skb)->un.gateway));
	return true;
}

1.7 ICMP报文应答 icmp_reply()

在前面介绍icmp echo的应对以及icmp timestamp的应答时，函数都是调用icmp_reply发送数据的，该函数核心功能如下：

1. 查找路由，若查找失败，直接返回；查找成功执行第二步
2. 调用速率限制函数 icmpv4_xrlim_allow() 进行速率限制，当允许发送时，执行第三步，否则返回
3. 调用 icmp_push_reply() 发送数据

/*
 *	Driving logic for building and sending ICMP messages.
 */
 
static void icmp_reply(struct icmp_bxm *icmp_param, struct sk_buff *skb)
{
	struct ipcm_cookie ipc;
	struct rtable *rt = skb_rtable(skb);
	struct net *net = dev_net(rt->dst.dev);
	struct flowi4 fl4;
	struct sock *sk;
	struct inet_sock *inet;
	__be32 daddr, saddr;
 
	if (ip_options_echo(&icmp_param->replyopts.opt.opt, skb))
		return;
 
	sk = icmp_xmit_lock(net);
	if (sk == NULL)
		return;
	inet = inet_sk(sk);
 
	icmp_param->data.icmph.checksum = 0;
 
	inet->tos = ip_hdr(skb)->tos;
	daddr = ipc.addr = ip_hdr(skb)->saddr;
	saddr = fib_compute_spec_dst(skb);
	ipc.opt = NULL;
	ipc.tx_flags = 0;
	if (icmp_param->replyopts.opt.opt.optlen) {
		ipc.opt = &icmp_param->replyopts.opt;
		if (ipc.opt->opt.srr)
			daddr = icmp_param->replyopts.opt.opt.faddr;
	}
	memset(&fl4, 0, sizeof(fl4));
	fl4.daddr = daddr;
	fl4.saddr = saddr;
	fl4.flowi4_tos = RT_TOS(ip_hdr(skb)->tos);
	fl4.flowi4_proto = IPPROTO_ICMP;
	security_skb_classify_flow(skb, flowi4_to_flowi(&fl4));
	rt = ip_route_output_key(net, &fl4);
	if (IS_ERR(rt))
		goto out_unlock;
	if (icmpv4_xrlim_allow(net, rt, &fl4, icmp_param->data.icmph.type,
			       icmp_param->data.icmph.code))
		icmp_push_reply(icmp_param, &fl4, &ipc, &rt);
	ip_rt_put(rt);
out_unlock:
	icmp_xmit_unlock(sk);
}

1.7.1 速率控制函数 icmpv4_xrlim_allow()

功能：判断是否允许发送数据，允许发送则直接返回true不进行限速，否则，调用 inet_peer_xrlim_allow() 进行限速判断

1.  对于不支持的icmp type类型，返回允许发送
2.  对于type类型为ICMP_DEST_UNREACH code为ICMP_FRAG_NEEDED的数据包，允许发送
3. 对于目的设备为回环设备的，返回允许发送
4. 对于其他类型的icmp报文，只有 ipv4.sysctl_icmp_ratemask 中对应位为1的数据包才会进行限速，对于其他类型的数据包，直接返回允许发送（即不限速）

/*
 *	Send an ICMP frame.
 */
 
static inline bool icmpv4_xrlim_allow(struct net *net, struct rtable *rt,
				      struct flowi4 *fl4, int type, int code)
{
	struct dst_entry *dst = &rt->dst;
	bool rc = true;
 
	if (type > NR_ICMP_TYPES)
		goto out;
 
	/* Don't limit PMTU discovery. */
	if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED)
		goto out;
 
	/* No rate limit on loopback */
	if (dst->dev && (dst->dev->flags&IFF_LOOPBACK))
		goto out;
 
	/* Limit if icmp type is enabled in ratemask. */
	if ((1 << type) & net->ipv4.sysctl_icmp_ratemask) {
		struct inet_peer *peer = inet_getpeer_v4(net->ipv4.peers, fl4->daddr, 1);
		rc = inet_peer_xrlim_allow(peer,
					   net->ipv4.sysctl_icmp_ratelimit);
		if (peer)
			inet_putpeer(peer);
	}
out:
	return rc;
}

1.7.2 数据发送 icmp_push_reply()

该函数是将 icmp 报文数据写入到 ip 层队列中，准备发送。

1. 调用 ip_append_data()，将数据缓存起来
2. 调用 ip_flush_pending_frames() 将数据直接发送出去

static void icmp_push_reply(struct icmp_bxm *icmp_param,
			    struct flowi4 *fl4,
			    struct ipcm_cookie *ipc, struct rtable **rt)
{
	struct sock *sk;
	struct sk_buff *skb;
 
    //获取当前执行CPU 所有的sock，主要用于发送ICMP数据包
	sk = icmp_sk(dev_net((*rt)->dst.dev));
    /*调用ip_append_data，将要发送的数据缓存到sk->sk_write_queue
      并调用ip_push_pending_frames，将数据发送出去*/
	if (ip_append_data(sk, fl4, icmp_glue_bits, icmp_param,
			   icmp_param->data_len+icmp_param->head_len,
			   icmp_param->head_len,
			   ipc, rt, MSG_DONTWAIT) < 0) {
		ICMP_INC_STATS_BH(sock_net(sk), ICMP_MIB_OUTERRORS);
		ip_flush_pending_frames(sk);
	} else if ((skb = skb_peek(&sk->sk_write_queue)) != NULL) {
		struct icmphdr *icmph = icmp_hdr(skb);
		__wsum csum = 0;
		struct sk_buff *skb1;
 
		skb_queue_walk(&sk->sk_write_queue, skb1) {
			csum = csum_add(csum, skb1->csum);
		}
		csum = csum_partial_copy_nocheck((void *)&icmp_param->data,
						 (char *)icmph,
						 icmp_param->head_len, csum);
		icmph->checksum = csum_fold(csum);
		skb->ip_summed = CHECKSUM_NONE;
		ip_push_pending_frames(sk, fl4);
	}
}

2 ICMP报文发送

2.1 icmp_send() 实现

对于由与入口数据包处理失败等操作时，上层协议会调用 icmp_send 发送数据（udp在收到一个没有监听端口的报文时会调用该函数发送端口不可达信息，接口:__udp4_lib_rcv()），该函数发送一个icmp error 数据包，核心逻辑如下：
不能发送icmp error 数据包的条件:

1. 对于入口数据包是多播的数据包(硬件或者ip地址为多播地址)，不发送 icmp error 数据包
2. 对于入口数据包有分段的，仅对首个分段的入口数据包，发送 icmp error 数据包
3. 入口数据包本身是icmp error类型的，不发送针对该入口数据包的 icmp error 

若入口数据包不满足上述条件，则需要发送针对该数据包的 icmp error 类型数据

1. 查找路由
2. 当路由查找成功后，则会调用 icmp_push_reply() 将数据发送出去

/*
 *	Send an ICMP message in response to a situation
 *
 *	RFC 1122: 3.2.2	MUST send at least the IP header and 8 bytes of header.
 *		  MAY send more (we do).
 *			MUST NOT change this header information.
 *			MUST NOT reply to a multicast/broadcast IP address.
 *			MUST NOT reply to a multicast/broadcast MAC address.
 *			MUST reply to only the first fragment.
 */
 
void icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info)
{
	struct iphdr *iph;
	int room;
	struct icmp_bxm icmp_param;
	struct rtable *rt = skb_rtable(skb_in);
	struct ipcm_cookie ipc;
	struct flowi4 fl4;
	__be32 saddr;
	u8  tos;
	struct net *net;
	struct sock *sk;
 
	if (!rt)
		goto out;
	net = dev_net(rt->dst.dev);
 
	/*
	 *	Find the original header. It is expected to be valid, of course.
	 *	Check this, icmp_send is called from the most obscure devices
	 *	sometimes.
	 */
	iph = ip_hdr(skb_in);
	//对sk_buff做合理性检查，保证ipheader在sk_buff->head与sk_buff->tail之间的范围内
	if ((u8 *)iph < skb_in->head ||
	    (skb_in->network_header + sizeof(*iph)) > skb_in->tail)
		goto out;
 
	/*
	 *	No replies to physical multicast/broadcast
	 */
	//判断入口数据包的数据链路层的地址是否是广播或组播地址，若是则退出  
	if (skb_in->pkt_type != PACKET_HOST)
		goto out;
 
	/*
	 *	Now check at the protocol level
	 */
	//检查入口数据包是否广播、组播数据 
	if (rt->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST))
		goto out;
 
	/*
	 *	Only reply to fragment 0. We byte re-order the constant
	 *	mask for efficiency.
	 */
	//对于IP分段数据，仅对首个分段数据包发送ICMP错误信息 
	if (iph->frag_off & htons(IP_OFFSET))
		goto out;
 
	/*
	 *	If we send an ICMP error to an ICMP error a mess would result..
	 */
	//判断接收的数据包是否是一个ICMP 错误信息数据包，若是则不对该数据包回复ICMP错误信息 
	if (icmp_pointers[type].error) {
		/*
		 *	We are an error, check if we are replying to an
		 *	ICMP error
		 */
		if (iph->protocol == IPPROTO_ICMP) {
			u8 _inner_type, *itp;
 
			itp = skb_header_pointer(skb_in,
						 skb_network_header(skb_in) +
						 (iph->ihl << 2) +
						 offsetof(struct icmphdr,
							  type) -
						 skb_in->data,
						 sizeof(_inner_type),
						 &_inner_type);
			if (itp == NULL)
				goto out;
 
			/*
			 *	Assume any unknown ICMP type is an error. This
			 *	isn't specified by the RFC, but think about it..
			 */
			if (*itp > NR_ICMP_TYPES ||
			    icmp_pointers[*itp].error)
				goto out;
		}
	}
	
	//关闭软中断，并为该socket添加自旋锁，确保同一时刻只有一个icmp报文被发送出去
	sk = icmp_xmit_lock(net);
	if (sk == NULL)
		return;
 
	/*
	 *	Construct source address and options.
	 */
	/*
	 *对于目的地址为本地的入口数据包，则将本地地址作为icmp包的源ip地址
	 *对于目的地址非本地的入口数据包，则根据 sysctl_icmp_errors_use_inbound_ifaddr 
	  的值来设置源ip地址
	*/
	saddr = iph->daddr;
	if (!(rt->rt_flags & RTCF_LOCAL)) {
		struct net_device *dev = NULL;
 
		rcu_read_lock();
		if (rt_is_input_route(rt) &&
		    net->ipv4.sysctl_icmp_errors_use_inbound_ifaddr)
			dev = dev_get_by_index_rcu(net, inet_iif(skb_in));
 
		if (dev)
			saddr = inet_select_addr(dev, 0, RT_SCOPE_LINK);
		else
			saddr = 0;
		rcu_read_unlock();
	}
	
	//设置tos值
	tos = icmp_pointers[type].error ? ((iph->tos & IPTOS_TOS_MASK) |
					   IPTOS_PREC_INTERNETCONTROL) :
					  iph->tos;
 
	if (ip_options_echo(&icmp_param.replyopts.opt.opt, skb_in))
		goto out_unlock;
 
 
	/*
	 *	Prepare data for ICMP header.
	 */
	
	//设置icmp的头部信息
	icmp_param.data.icmph.type	 = type;
	icmp_param.data.icmph.code	 = code;
	icmp_param.data.icmph.un.gateway = info;
	icmp_param.data.icmph.checksum	 = 0;
	icmp_param.skb	  = skb_in;
	icmp_param.offset = skb_network_offset(skb_in);
	inet_sk(sk)->tos = tos;
	ipc.addr = iph->saddr;
	ipc.opt = &icmp_param.replyopts.opt;
	ipc.tx_flags = 0;
	//获取路由
	rt = icmp_route_lookup(net, &fl4, skb_in, iph, saddr, tos,
			       type, code, &icmp_param);
	if (IS_ERR(rt))
		goto out_unlock;
	//限速
	if (!icmpv4_xrlim_allow(net, rt, &fl4, type, code))
		goto ende;
 
	/* RFC says return as much as we can without exceeding 576 bytes. */
 
	room = dst_mtu(&rt->dst);
	if (room > 576)
		room = 576;
	room -= sizeof(struct iphdr) + icmp_param.replyopts.opt.opt.optlen;
	room -= sizeof(struct icmphdr);
 
	icmp_param.data_len = skb_in->len - icmp_param.offset;
	if (icmp_param.data_len > room)
		icmp_param.data_len = room;
	icmp_param.head_len = sizeof(struct icmphdr);
	//发送icmp报文
	icmp_push_reply(&icmp_param, &fl4, &ipc, &rt);
ende:
	ip_rt_put(rt);
out_unlock:
	icmp_xmit_unlock(sk);
out:;
}
EXPORT_SYMBOL(icmp_send);