Loading...
1/*
2 * Neighbour Discovery for IPv6
3 * Linux INET6 implementation
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 * Mike Shaver <shaver@ingenia.com>
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version
12 * 2 of the License, or (at your option) any later version.
13 */
14
15/*
16 * Changes:
17 *
18 * Pierre Ynard : export userland ND options
19 * through netlink (RDNSS support)
20 * Lars Fenneberg : fixed MTU setting on receipt
21 * of an RA.
22 * Janos Farkas : kmalloc failure checks
23 * Alexey Kuznetsov : state machine reworked
24 * and moved to net/core.
25 * Pekka Savola : RFC2461 validation
26 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly
27 */
28
29/* Set to 3 to get tracing... */
30#define ND_DEBUG 1
31
32#define ND_PRINTK(fmt, args...) do { if (net_ratelimit()) { printk(fmt, ## args); } } while(0)
33#define ND_NOPRINTK(x...) do { ; } while(0)
34#define ND_PRINTK0 ND_PRINTK
35#define ND_PRINTK1 ND_NOPRINTK
36#define ND_PRINTK2 ND_NOPRINTK
37#define ND_PRINTK3 ND_NOPRINTK
38#if ND_DEBUG >= 1
39#undef ND_PRINTK1
40#define ND_PRINTK1 ND_PRINTK
41#endif
42#if ND_DEBUG >= 2
43#undef ND_PRINTK2
44#define ND_PRINTK2 ND_PRINTK
45#endif
46#if ND_DEBUG >= 3
47#undef ND_PRINTK3
48#define ND_PRINTK3 ND_PRINTK
49#endif
50
51#include <linux/module.h>
52#include <linux/errno.h>
53#include <linux/types.h>
54#include <linux/socket.h>
55#include <linux/sockios.h>
56#include <linux/sched.h>
57#include <linux/net.h>
58#include <linux/in6.h>
59#include <linux/route.h>
60#include <linux/init.h>
61#include <linux/rcupdate.h>
62#include <linux/slab.h>
63#ifdef CONFIG_SYSCTL
64#include <linux/sysctl.h>
65#endif
66
67#include <linux/if_addr.h>
68#include <linux/if_arp.h>
69#include <linux/ipv6.h>
70#include <linux/icmpv6.h>
71#include <linux/jhash.h>
72
73#include <net/sock.h>
74#include <net/snmp.h>
75
76#include <net/ipv6.h>
77#include <net/protocol.h>
78#include <net/ndisc.h>
79#include <net/ip6_route.h>
80#include <net/addrconf.h>
81#include <net/icmp.h>
82
83#include <net/netlink.h>
84#include <linux/rtnetlink.h>
85
86#include <net/flow.h>
87#include <net/ip6_checksum.h>
88#include <net/inet_common.h>
89#include <linux/proc_fs.h>
90
91#include <linux/netfilter.h>
92#include <linux/netfilter_ipv6.h>
93
94static u32 ndisc_hash(const void *pkey,
95 const struct net_device *dev,
96 __u32 rnd);
97static int ndisc_constructor(struct neighbour *neigh);
98static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
99static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
100static int pndisc_constructor(struct pneigh_entry *n);
101static void pndisc_destructor(struct pneigh_entry *n);
102static void pndisc_redo(struct sk_buff *skb);
103
104static const struct neigh_ops ndisc_generic_ops = {
105 .family = AF_INET6,
106 .solicit = ndisc_solicit,
107 .error_report = ndisc_error_report,
108 .output = neigh_resolve_output,
109 .connected_output = neigh_connected_output,
110};
111
112static const struct neigh_ops ndisc_hh_ops = {
113 .family = AF_INET6,
114 .solicit = ndisc_solicit,
115 .error_report = ndisc_error_report,
116 .output = neigh_resolve_output,
117 .connected_output = neigh_resolve_output,
118};
119
120
121static const struct neigh_ops ndisc_direct_ops = {
122 .family = AF_INET6,
123 .output = neigh_direct_output,
124 .connected_output = neigh_direct_output,
125};
126
127struct neigh_table nd_tbl = {
128 .family = AF_INET6,
129 .entry_size = sizeof(struct neighbour) + sizeof(struct in6_addr),
130 .key_len = sizeof(struct in6_addr),
131 .hash = ndisc_hash,
132 .constructor = ndisc_constructor,
133 .pconstructor = pndisc_constructor,
134 .pdestructor = pndisc_destructor,
135 .proxy_redo = pndisc_redo,
136 .id = "ndisc_cache",
137 .parms = {
138 .tbl = &nd_tbl,
139 .base_reachable_time = ND_REACHABLE_TIME,
140 .retrans_time = ND_RETRANS_TIMER,
141 .gc_staletime = 60 * HZ,
142 .reachable_time = ND_REACHABLE_TIME,
143 .delay_probe_time = 5 * HZ,
144 .queue_len = 3,
145 .ucast_probes = 3,
146 .mcast_probes = 3,
147 .anycast_delay = 1 * HZ,
148 .proxy_delay = (8 * HZ) / 10,
149 .proxy_qlen = 64,
150 },
151 .gc_interval = 30 * HZ,
152 .gc_thresh1 = 128,
153 .gc_thresh2 = 512,
154 .gc_thresh3 = 1024,
155};
156
157/* ND options */
158struct ndisc_options {
159 struct nd_opt_hdr *nd_opt_array[__ND_OPT_ARRAY_MAX];
160#ifdef CONFIG_IPV6_ROUTE_INFO
161 struct nd_opt_hdr *nd_opts_ri;
162 struct nd_opt_hdr *nd_opts_ri_end;
163#endif
164 struct nd_opt_hdr *nd_useropts;
165 struct nd_opt_hdr *nd_useropts_end;
166};
167
168#define nd_opts_src_lladdr nd_opt_array[ND_OPT_SOURCE_LL_ADDR]
169#define nd_opts_tgt_lladdr nd_opt_array[ND_OPT_TARGET_LL_ADDR]
170#define nd_opts_pi nd_opt_array[ND_OPT_PREFIX_INFO]
171#define nd_opts_pi_end nd_opt_array[__ND_OPT_PREFIX_INFO_END]
172#define nd_opts_rh nd_opt_array[ND_OPT_REDIRECT_HDR]
173#define nd_opts_mtu nd_opt_array[ND_OPT_MTU]
174
175#define NDISC_OPT_SPACE(len) (((len)+2+7)&~7)
176
177/*
178 * Return the padding between the option length and the start of the
179 * link addr. Currently only IP-over-InfiniBand needs this, although
180 * if RFC 3831 IPv6-over-Fibre Channel is ever implemented it may
181 * also need a pad of 2.
182 */
183static int ndisc_addr_option_pad(unsigned short type)
184{
185 switch (type) {
186 case ARPHRD_INFINIBAND: return 2;
187 default: return 0;
188 }
189}
190
191static inline int ndisc_opt_addr_space(struct net_device *dev)
192{
193 return NDISC_OPT_SPACE(dev->addr_len + ndisc_addr_option_pad(dev->type));
194}
195
196static u8 *ndisc_fill_addr_option(u8 *opt, int type, void *data, int data_len,
197 unsigned short addr_type)
198{
199 int space = NDISC_OPT_SPACE(data_len);
200 int pad = ndisc_addr_option_pad(addr_type);
201
202 opt[0] = type;
203 opt[1] = space>>3;
204
205 memset(opt + 2, 0, pad);
206 opt += pad;
207 space -= pad;
208
209 memcpy(opt+2, data, data_len);
210 data_len += 2;
211 opt += data_len;
212 if ((space -= data_len) > 0)
213 memset(opt, 0, space);
214 return opt + space;
215}
216
217static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
218 struct nd_opt_hdr *end)
219{
220 int type;
221 if (!cur || !end || cur >= end)
222 return NULL;
223 type = cur->nd_opt_type;
224 do {
225 cur = ((void *)cur) + (cur->nd_opt_len << 3);
226 } while(cur < end && cur->nd_opt_type != type);
227 return cur <= end && cur->nd_opt_type == type ? cur : NULL;
228}
229
230static inline int ndisc_is_useropt(struct nd_opt_hdr *opt)
231{
232 return opt->nd_opt_type == ND_OPT_RDNSS;
233}
234
235static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur,
236 struct nd_opt_hdr *end)
237{
238 if (!cur || !end || cur >= end)
239 return NULL;
240 do {
241 cur = ((void *)cur) + (cur->nd_opt_len << 3);
242 } while(cur < end && !ndisc_is_useropt(cur));
243 return cur <= end && ndisc_is_useropt(cur) ? cur : NULL;
244}
245
246static struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
247 struct ndisc_options *ndopts)
248{
249 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
250
251 if (!nd_opt || opt_len < 0 || !ndopts)
252 return NULL;
253 memset(ndopts, 0, sizeof(*ndopts));
254 while (opt_len) {
255 int l;
256 if (opt_len < sizeof(struct nd_opt_hdr))
257 return NULL;
258 l = nd_opt->nd_opt_len << 3;
259 if (opt_len < l || l == 0)
260 return NULL;
261 switch (nd_opt->nd_opt_type) {
262 case ND_OPT_SOURCE_LL_ADDR:
263 case ND_OPT_TARGET_LL_ADDR:
264 case ND_OPT_MTU:
265 case ND_OPT_REDIRECT_HDR:
266 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
267 ND_PRINTK2(KERN_WARNING
268 "%s(): duplicated ND6 option found: type=%d\n",
269 __func__,
270 nd_opt->nd_opt_type);
271 } else {
272 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
273 }
274 break;
275 case ND_OPT_PREFIX_INFO:
276 ndopts->nd_opts_pi_end = nd_opt;
277 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
278 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
279 break;
280#ifdef CONFIG_IPV6_ROUTE_INFO
281 case ND_OPT_ROUTE_INFO:
282 ndopts->nd_opts_ri_end = nd_opt;
283 if (!ndopts->nd_opts_ri)
284 ndopts->nd_opts_ri = nd_opt;
285 break;
286#endif
287 default:
288 if (ndisc_is_useropt(nd_opt)) {
289 ndopts->nd_useropts_end = nd_opt;
290 if (!ndopts->nd_useropts)
291 ndopts->nd_useropts = nd_opt;
292 } else {
293 /*
294 * Unknown options must be silently ignored,
295 * to accommodate future extension to the
296 * protocol.
297 */
298 ND_PRINTK2(KERN_NOTICE
299 "%s(): ignored unsupported option; type=%d, len=%d\n",
300 __func__,
301 nd_opt->nd_opt_type, nd_opt->nd_opt_len);
302 }
303 }
304 opt_len -= l;
305 nd_opt = ((void *)nd_opt) + l;
306 }
307 return ndopts;
308}
309
310static inline u8 *ndisc_opt_addr_data(struct nd_opt_hdr *p,
311 struct net_device *dev)
312{
313 u8 *lladdr = (u8 *)(p + 1);
314 int lladdrlen = p->nd_opt_len << 3;
315 int prepad = ndisc_addr_option_pad(dev->type);
316 if (lladdrlen != NDISC_OPT_SPACE(dev->addr_len + prepad))
317 return NULL;
318 return lladdr + prepad;
319}
320
321int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
322{
323 switch (dev->type) {
324 case ARPHRD_ETHER:
325 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */
326 case ARPHRD_FDDI:
327 ipv6_eth_mc_map(addr, buf);
328 return 0;
329 case ARPHRD_IEEE802_TR:
330 ipv6_tr_mc_map(addr,buf);
331 return 0;
332 case ARPHRD_ARCNET:
333 ipv6_arcnet_mc_map(addr, buf);
334 return 0;
335 case ARPHRD_INFINIBAND:
336 ipv6_ib_mc_map(addr, dev->broadcast, buf);
337 return 0;
338 case ARPHRD_IPGRE:
339 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
340 default:
341 if (dir) {
342 memcpy(buf, dev->broadcast, dev->addr_len);
343 return 0;
344 }
345 }
346 return -EINVAL;
347}
348
349EXPORT_SYMBOL(ndisc_mc_map);
350
351static u32 ndisc_hash(const void *pkey,
352 const struct net_device *dev,
353 __u32 hash_rnd)
354{
355 const u32 *p32 = pkey;
356 u32 addr_hash, i;
357
358 addr_hash = 0;
359 for (i = 0; i < (sizeof(struct in6_addr) / sizeof(u32)); i++)
360 addr_hash ^= *p32++;
361
362 return jhash_2words(addr_hash, dev->ifindex, hash_rnd);
363}
364
365static int ndisc_constructor(struct neighbour *neigh)
366{
367 struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key;
368 struct net_device *dev = neigh->dev;
369 struct inet6_dev *in6_dev;
370 struct neigh_parms *parms;
371 int is_multicast = ipv6_addr_is_multicast(addr);
372
373 rcu_read_lock();
374 in6_dev = in6_dev_get(dev);
375 if (in6_dev == NULL) {
376 rcu_read_unlock();
377 return -EINVAL;
378 }
379
380 parms = in6_dev->nd_parms;
381 __neigh_parms_put(neigh->parms);
382 neigh->parms = neigh_parms_clone(parms);
383 rcu_read_unlock();
384
385 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
386 if (!dev->header_ops) {
387 neigh->nud_state = NUD_NOARP;
388 neigh->ops = &ndisc_direct_ops;
389 neigh->output = neigh_direct_output;
390 } else {
391 if (is_multicast) {
392 neigh->nud_state = NUD_NOARP;
393 ndisc_mc_map(addr, neigh->ha, dev, 1);
394 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
395 neigh->nud_state = NUD_NOARP;
396 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
397 if (dev->flags&IFF_LOOPBACK)
398 neigh->type = RTN_LOCAL;
399 } else if (dev->flags&IFF_POINTOPOINT) {
400 neigh->nud_state = NUD_NOARP;
401 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
402 }
403 if (dev->header_ops->cache)
404 neigh->ops = &ndisc_hh_ops;
405 else
406 neigh->ops = &ndisc_generic_ops;
407 if (neigh->nud_state&NUD_VALID)
408 neigh->output = neigh->ops->connected_output;
409 else
410 neigh->output = neigh->ops->output;
411 }
412 in6_dev_put(in6_dev);
413 return 0;
414}
415
416static int pndisc_constructor(struct pneigh_entry *n)
417{
418 struct in6_addr *addr = (struct in6_addr*)&n->key;
419 struct in6_addr maddr;
420 struct net_device *dev = n->dev;
421
422 if (dev == NULL || __in6_dev_get(dev) == NULL)
423 return -EINVAL;
424 addrconf_addr_solict_mult(addr, &maddr);
425 ipv6_dev_mc_inc(dev, &maddr);
426 return 0;
427}
428
429static void pndisc_destructor(struct pneigh_entry *n)
430{
431 struct in6_addr *addr = (struct in6_addr*)&n->key;
432 struct in6_addr maddr;
433 struct net_device *dev = n->dev;
434
435 if (dev == NULL || __in6_dev_get(dev) == NULL)
436 return;
437 addrconf_addr_solict_mult(addr, &maddr);
438 ipv6_dev_mc_dec(dev, &maddr);
439}
440
441struct sk_buff *ndisc_build_skb(struct net_device *dev,
442 const struct in6_addr *daddr,
443 const struct in6_addr *saddr,
444 struct icmp6hdr *icmp6h,
445 const struct in6_addr *target,
446 int llinfo)
447{
448 struct net *net = dev_net(dev);
449 struct sock *sk = net->ipv6.ndisc_sk;
450 struct sk_buff *skb;
451 struct icmp6hdr *hdr;
452 int len;
453 int err;
454 u8 *opt;
455
456 if (!dev->addr_len)
457 llinfo = 0;
458
459 len = sizeof(struct icmp6hdr) + (target ? sizeof(*target) : 0);
460 if (llinfo)
461 len += ndisc_opt_addr_space(dev);
462
463 skb = sock_alloc_send_skb(sk,
464 (MAX_HEADER + sizeof(struct ipv6hdr) +
465 len + LL_ALLOCATED_SPACE(dev)),
466 1, &err);
467 if (!skb) {
468 ND_PRINTK0(KERN_ERR
469 "ICMPv6 ND: %s() failed to allocate an skb, err=%d.\n",
470 __func__, err);
471 return NULL;
472 }
473
474 skb_reserve(skb, LL_RESERVED_SPACE(dev));
475 ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len);
476
477 skb->transport_header = skb->tail;
478 skb_put(skb, len);
479
480 hdr = (struct icmp6hdr *)skb_transport_header(skb);
481 memcpy(hdr, icmp6h, sizeof(*hdr));
482
483 opt = skb_transport_header(skb) + sizeof(struct icmp6hdr);
484 if (target) {
485 ipv6_addr_copy((struct in6_addr *)opt, target);
486 opt += sizeof(*target);
487 }
488
489 if (llinfo)
490 ndisc_fill_addr_option(opt, llinfo, dev->dev_addr,
491 dev->addr_len, dev->type);
492
493 hdr->icmp6_cksum = csum_ipv6_magic(saddr, daddr, len,
494 IPPROTO_ICMPV6,
495 csum_partial(hdr,
496 len, 0));
497
498 return skb;
499}
500
501EXPORT_SYMBOL(ndisc_build_skb);
502
503void ndisc_send_skb(struct sk_buff *skb,
504 struct net_device *dev,
505 struct neighbour *neigh,
506 const struct in6_addr *daddr,
507 const struct in6_addr *saddr,
508 struct icmp6hdr *icmp6h)
509{
510 struct flowi6 fl6;
511 struct dst_entry *dst;
512 struct net *net = dev_net(dev);
513 struct sock *sk = net->ipv6.ndisc_sk;
514 struct inet6_dev *idev;
515 int err;
516 u8 type;
517
518 type = icmp6h->icmp6_type;
519
520 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, dev->ifindex);
521
522 dst = icmp6_dst_alloc(dev, neigh, daddr);
523 if (!dst) {
524 kfree_skb(skb);
525 return;
526 }
527
528 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
529 if (IS_ERR(dst)) {
530 kfree_skb(skb);
531 return;
532 }
533
534 skb_dst_set(skb, dst);
535
536 idev = in6_dev_get(dst->dev);
537 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
538
539 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev,
540 dst_output);
541 if (!err) {
542 ICMP6MSGOUT_INC_STATS(net, idev, type);
543 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
544 }
545
546 if (likely(idev != NULL))
547 in6_dev_put(idev);
548}
549
550EXPORT_SYMBOL(ndisc_send_skb);
551
552/*
553 * Send a Neighbour Discover packet
554 */
555static void __ndisc_send(struct net_device *dev,
556 struct neighbour *neigh,
557 const struct in6_addr *daddr,
558 const struct in6_addr *saddr,
559 struct icmp6hdr *icmp6h, const struct in6_addr *target,
560 int llinfo)
561{
562 struct sk_buff *skb;
563
564 skb = ndisc_build_skb(dev, daddr, saddr, icmp6h, target, llinfo);
565 if (!skb)
566 return;
567
568 ndisc_send_skb(skb, dev, neigh, daddr, saddr, icmp6h);
569}
570
571static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
572 const struct in6_addr *daddr,
573 const struct in6_addr *solicited_addr,
574 int router, int solicited, int override, int inc_opt)
575{
576 struct in6_addr tmpaddr;
577 struct inet6_ifaddr *ifp;
578 const struct in6_addr *src_addr;
579 struct icmp6hdr icmp6h = {
580 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
581 };
582
583 /* for anycast or proxy, solicited_addr != src_addr */
584 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
585 if (ifp) {
586 src_addr = solicited_addr;
587 if (ifp->flags & IFA_F_OPTIMISTIC)
588 override = 0;
589 inc_opt |= ifp->idev->cnf.force_tllao;
590 in6_ifa_put(ifp);
591 } else {
592 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
593 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
594 &tmpaddr))
595 return;
596 src_addr = &tmpaddr;
597 }
598
599 icmp6h.icmp6_router = router;
600 icmp6h.icmp6_solicited = solicited;
601 icmp6h.icmp6_override = override;
602
603 __ndisc_send(dev, neigh, daddr, src_addr,
604 &icmp6h, solicited_addr,
605 inc_opt ? ND_OPT_TARGET_LL_ADDR : 0);
606}
607
608static void ndisc_send_unsol_na(struct net_device *dev)
609{
610 struct inet6_dev *idev;
611 struct inet6_ifaddr *ifa;
612 struct in6_addr mcaddr;
613
614 idev = in6_dev_get(dev);
615 if (!idev)
616 return;
617
618 read_lock_bh(&idev->lock);
619 list_for_each_entry(ifa, &idev->addr_list, if_list) {
620 addrconf_addr_solict_mult(&ifa->addr, &mcaddr);
621 ndisc_send_na(dev, NULL, &mcaddr, &ifa->addr,
622 /*router=*/ !!idev->cnf.forwarding,
623 /*solicited=*/ false, /*override=*/ true,
624 /*inc_opt=*/ true);
625 }
626 read_unlock_bh(&idev->lock);
627
628 in6_dev_put(idev);
629}
630
631void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh,
632 const struct in6_addr *solicit,
633 const struct in6_addr *daddr, const struct in6_addr *saddr)
634{
635 struct in6_addr addr_buf;
636 struct icmp6hdr icmp6h = {
637 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
638 };
639
640 if (saddr == NULL) {
641 if (ipv6_get_lladdr(dev, &addr_buf,
642 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
643 return;
644 saddr = &addr_buf;
645 }
646
647 __ndisc_send(dev, neigh, daddr, saddr,
648 &icmp6h, solicit,
649 !ipv6_addr_any(saddr) ? ND_OPT_SOURCE_LL_ADDR : 0);
650}
651
652void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
653 const struct in6_addr *daddr)
654{
655 struct icmp6hdr icmp6h = {
656 .icmp6_type = NDISC_ROUTER_SOLICITATION,
657 };
658 int send_sllao = dev->addr_len;
659
660#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
661 /*
662 * According to section 2.2 of RFC 4429, we must not
663 * send router solicitations with a sllao from
664 * optimistic addresses, but we may send the solicitation
665 * if we don't include the sllao. So here we check
666 * if our address is optimistic, and if so, we
667 * suppress the inclusion of the sllao.
668 */
669 if (send_sllao) {
670 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
671 dev, 1);
672 if (ifp) {
673 if (ifp->flags & IFA_F_OPTIMISTIC) {
674 send_sllao = 0;
675 }
676 in6_ifa_put(ifp);
677 } else {
678 send_sllao = 0;
679 }
680 }
681#endif
682 __ndisc_send(dev, NULL, daddr, saddr,
683 &icmp6h, NULL,
684 send_sllao ? ND_OPT_SOURCE_LL_ADDR : 0);
685}
686
687
688static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
689{
690 /*
691 * "The sender MUST return an ICMP
692 * destination unreachable"
693 */
694 dst_link_failure(skb);
695 kfree_skb(skb);
696}
697
698/* Called with locked neigh: either read or both */
699
700static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
701{
702 struct in6_addr *saddr = NULL;
703 struct in6_addr mcaddr;
704 struct net_device *dev = neigh->dev;
705 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
706 int probes = atomic_read(&neigh->probes);
707
708 if (skb && ipv6_chk_addr(dev_net(dev), &ipv6_hdr(skb)->saddr, dev, 1))
709 saddr = &ipv6_hdr(skb)->saddr;
710
711 if ((probes -= neigh->parms->ucast_probes) < 0) {
712 if (!(neigh->nud_state & NUD_VALID)) {
713 ND_PRINTK1(KERN_DEBUG "%s(): trying to ucast probe in NUD_INVALID: %pI6\n",
714 __func__, target);
715 }
716 ndisc_send_ns(dev, neigh, target, target, saddr);
717 } else if ((probes -= neigh->parms->app_probes) < 0) {
718#ifdef CONFIG_ARPD
719 neigh_app_ns(neigh);
720#endif
721 } else {
722 addrconf_addr_solict_mult(target, &mcaddr);
723 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr);
724 }
725}
726
727static int pndisc_is_router(const void *pkey,
728 struct net_device *dev)
729{
730 struct pneigh_entry *n;
731 int ret = -1;
732
733 read_lock_bh(&nd_tbl.lock);
734 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
735 if (n)
736 ret = !!(n->flags & NTF_ROUTER);
737 read_unlock_bh(&nd_tbl.lock);
738
739 return ret;
740}
741
742static void ndisc_recv_ns(struct sk_buff *skb)
743{
744 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
745 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
746 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
747 u8 *lladdr = NULL;
748 u32 ndoptlen = skb->tail - (skb->transport_header +
749 offsetof(struct nd_msg, opt));
750 struct ndisc_options ndopts;
751 struct net_device *dev = skb->dev;
752 struct inet6_ifaddr *ifp;
753 struct inet6_dev *idev = NULL;
754 struct neighbour *neigh;
755 int dad = ipv6_addr_any(saddr);
756 int inc;
757 int is_router = -1;
758
759 if (ipv6_addr_is_multicast(&msg->target)) {
760 ND_PRINTK2(KERN_WARNING
761 "ICMPv6 NS: multicast target address");
762 return;
763 }
764
765 /*
766 * RFC2461 7.1.1:
767 * DAD has to be destined for solicited node multicast address.
768 */
769 if (dad &&
770 !(daddr->s6_addr32[0] == htonl(0xff020000) &&
771 daddr->s6_addr32[1] == htonl(0x00000000) &&
772 daddr->s6_addr32[2] == htonl(0x00000001) &&
773 daddr->s6_addr [12] == 0xff )) {
774 ND_PRINTK2(KERN_WARNING
775 "ICMPv6 NS: bad DAD packet (wrong destination)\n");
776 return;
777 }
778
779 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
780 ND_PRINTK2(KERN_WARNING
781 "ICMPv6 NS: invalid ND options\n");
782 return;
783 }
784
785 if (ndopts.nd_opts_src_lladdr) {
786 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
787 if (!lladdr) {
788 ND_PRINTK2(KERN_WARNING
789 "ICMPv6 NS: invalid link-layer address length\n");
790 return;
791 }
792
793 /* RFC2461 7.1.1:
794 * If the IP source address is the unspecified address,
795 * there MUST NOT be source link-layer address option
796 * in the message.
797 */
798 if (dad) {
799 ND_PRINTK2(KERN_WARNING
800 "ICMPv6 NS: bad DAD packet (link-layer address option)\n");
801 return;
802 }
803 }
804
805 inc = ipv6_addr_is_multicast(daddr);
806
807 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
808 if (ifp) {
809
810 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
811 if (dad) {
812 if (dev->type == ARPHRD_IEEE802_TR) {
813 const unsigned char *sadr;
814 sadr = skb_mac_header(skb);
815 if (((sadr[8] ^ dev->dev_addr[0]) & 0x7f) == 0 &&
816 sadr[9] == dev->dev_addr[1] &&
817 sadr[10] == dev->dev_addr[2] &&
818 sadr[11] == dev->dev_addr[3] &&
819 sadr[12] == dev->dev_addr[4] &&
820 sadr[13] == dev->dev_addr[5]) {
821 /* looped-back to us */
822 goto out;
823 }
824 }
825
826 /*
827 * We are colliding with another node
828 * who is doing DAD
829 * so fail our DAD process
830 */
831 addrconf_dad_failure(ifp);
832 return;
833 } else {
834 /*
835 * This is not a dad solicitation.
836 * If we are an optimistic node,
837 * we should respond.
838 * Otherwise, we should ignore it.
839 */
840 if (!(ifp->flags & IFA_F_OPTIMISTIC))
841 goto out;
842 }
843 }
844
845 idev = ifp->idev;
846 } else {
847 struct net *net = dev_net(dev);
848
849 idev = in6_dev_get(dev);
850 if (!idev) {
851 /* XXX: count this drop? */
852 return;
853 }
854
855 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
856 (idev->cnf.forwarding &&
857 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
858 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
859 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
860 skb->pkt_type != PACKET_HOST &&
861 inc != 0 &&
862 idev->nd_parms->proxy_delay != 0) {
863 /*
864 * for anycast or proxy,
865 * sender should delay its response
866 * by a random time between 0 and
867 * MAX_ANYCAST_DELAY_TIME seconds.
868 * (RFC2461) -- yoshfuji
869 */
870 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
871 if (n)
872 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
873 goto out;
874 }
875 } else
876 goto out;
877 }
878
879 if (is_router < 0)
880 is_router = !!idev->cnf.forwarding;
881
882 if (dad) {
883 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &msg->target,
884 is_router, 0, (ifp != NULL), 1);
885 goto out;
886 }
887
888 if (inc)
889 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
890 else
891 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
892
893 /*
894 * update / create cache entry
895 * for the source address
896 */
897 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
898 !inc || lladdr || !dev->addr_len);
899 if (neigh)
900 neigh_update(neigh, lladdr, NUD_STALE,
901 NEIGH_UPDATE_F_WEAK_OVERRIDE|
902 NEIGH_UPDATE_F_OVERRIDE);
903 if (neigh || !dev->header_ops) {
904 ndisc_send_na(dev, neigh, saddr, &msg->target,
905 is_router,
906 1, (ifp != NULL && inc), inc);
907 if (neigh)
908 neigh_release(neigh);
909 }
910
911out:
912 if (ifp)
913 in6_ifa_put(ifp);
914 else
915 in6_dev_put(idev);
916}
917
918static void ndisc_recv_na(struct sk_buff *skb)
919{
920 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
921 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
922 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
923 u8 *lladdr = NULL;
924 u32 ndoptlen = skb->tail - (skb->transport_header +
925 offsetof(struct nd_msg, opt));
926 struct ndisc_options ndopts;
927 struct net_device *dev = skb->dev;
928 struct inet6_ifaddr *ifp;
929 struct neighbour *neigh;
930
931 if (skb->len < sizeof(struct nd_msg)) {
932 ND_PRINTK2(KERN_WARNING
933 "ICMPv6 NA: packet too short\n");
934 return;
935 }
936
937 if (ipv6_addr_is_multicast(&msg->target)) {
938 ND_PRINTK2(KERN_WARNING
939 "ICMPv6 NA: target address is multicast.\n");
940 return;
941 }
942
943 if (ipv6_addr_is_multicast(daddr) &&
944 msg->icmph.icmp6_solicited) {
945 ND_PRINTK2(KERN_WARNING
946 "ICMPv6 NA: solicited NA is multicasted.\n");
947 return;
948 }
949
950 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
951 ND_PRINTK2(KERN_WARNING
952 "ICMPv6 NS: invalid ND option\n");
953 return;
954 }
955 if (ndopts.nd_opts_tgt_lladdr) {
956 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
957 if (!lladdr) {
958 ND_PRINTK2(KERN_WARNING
959 "ICMPv6 NA: invalid link-layer address length\n");
960 return;
961 }
962 }
963 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
964 if (ifp) {
965 if (skb->pkt_type != PACKET_LOOPBACK
966 && (ifp->flags & IFA_F_TENTATIVE)) {
967 addrconf_dad_failure(ifp);
968 return;
969 }
970 /* What should we make now? The advertisement
971 is invalid, but ndisc specs say nothing
972 about it. It could be misconfiguration, or
973 an smart proxy agent tries to help us :-)
974
975 We should not print the error if NA has been
976 received from loopback - it is just our own
977 unsolicited advertisement.
978 */
979 if (skb->pkt_type != PACKET_LOOPBACK)
980 ND_PRINTK1(KERN_WARNING
981 "ICMPv6 NA: someone advertises our address %pI6 on %s!\n",
982 &ifp->addr, ifp->idev->dev->name);
983 in6_ifa_put(ifp);
984 return;
985 }
986 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
987
988 if (neigh) {
989 u8 old_flags = neigh->flags;
990 struct net *net = dev_net(dev);
991
992 if (neigh->nud_state & NUD_FAILED)
993 goto out;
994
995 /*
996 * Don't update the neighbor cache entry on a proxy NA from
997 * ourselves because either the proxied node is off link or it
998 * has already sent a NA to us.
999 */
1000 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
1001 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
1002 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
1003 /* XXX: idev->cnf.prixy_ndp */
1004 goto out;
1005 }
1006
1007 neigh_update(neigh, lladdr,
1008 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
1009 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1010 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
1011 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1012 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0));
1013
1014 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
1015 /*
1016 * Change: router to host
1017 */
1018 struct rt6_info *rt;
1019 rt = rt6_get_dflt_router(saddr, dev);
1020 if (rt)
1021 ip6_del_rt(rt);
1022 }
1023
1024out:
1025 neigh_release(neigh);
1026 }
1027}
1028
1029static void ndisc_recv_rs(struct sk_buff *skb)
1030{
1031 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
1032 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
1033 struct neighbour *neigh;
1034 struct inet6_dev *idev;
1035 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
1036 struct ndisc_options ndopts;
1037 u8 *lladdr = NULL;
1038
1039 if (skb->len < sizeof(*rs_msg))
1040 return;
1041
1042 idev = in6_dev_get(skb->dev);
1043 if (!idev) {
1044 if (net_ratelimit())
1045 ND_PRINTK1("ICMP6 RS: can't find in6 device\n");
1046 return;
1047 }
1048
1049 /* Don't accept RS if we're not in router mode */
1050 if (!idev->cnf.forwarding)
1051 goto out;
1052
1053 /*
1054 * Don't update NCE if src = ::;
1055 * this implies that the source node has no ip address assigned yet.
1056 */
1057 if (ipv6_addr_any(saddr))
1058 goto out;
1059
1060 /* Parse ND options */
1061 if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) {
1062 if (net_ratelimit())
1063 ND_PRINTK2("ICMP6 NS: invalid ND option, ignored\n");
1064 goto out;
1065 }
1066
1067 if (ndopts.nd_opts_src_lladdr) {
1068 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1069 skb->dev);
1070 if (!lladdr)
1071 goto out;
1072 }
1073
1074 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1075 if (neigh) {
1076 neigh_update(neigh, lladdr, NUD_STALE,
1077 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1078 NEIGH_UPDATE_F_OVERRIDE|
1079 NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
1080 neigh_release(neigh);
1081 }
1082out:
1083 in6_dev_put(idev);
1084}
1085
1086static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1087{
1088 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1089 struct sk_buff *skb;
1090 struct nlmsghdr *nlh;
1091 struct nduseroptmsg *ndmsg;
1092 struct net *net = dev_net(ra->dev);
1093 int err;
1094 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1095 + (opt->nd_opt_len << 3));
1096 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1097
1098 skb = nlmsg_new(msg_size, GFP_ATOMIC);
1099 if (skb == NULL) {
1100 err = -ENOBUFS;
1101 goto errout;
1102 }
1103
1104 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1105 if (nlh == NULL) {
1106 goto nla_put_failure;
1107 }
1108
1109 ndmsg = nlmsg_data(nlh);
1110 ndmsg->nduseropt_family = AF_INET6;
1111 ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1112 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1113 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1114 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1115
1116 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1117
1118 NLA_PUT(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr),
1119 &ipv6_hdr(ra)->saddr);
1120 nlmsg_end(skb, nlh);
1121
1122 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1123 return;
1124
1125nla_put_failure:
1126 nlmsg_free(skb);
1127 err = -EMSGSIZE;
1128errout:
1129 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1130}
1131
1132static inline int accept_ra(struct inet6_dev *in6_dev)
1133{
1134 /*
1135 * If forwarding is enabled, RA are not accepted unless the special
1136 * hybrid mode (accept_ra=2) is enabled.
1137 */
1138 if (in6_dev->cnf.forwarding && in6_dev->cnf.accept_ra < 2)
1139 return 0;
1140
1141 return in6_dev->cnf.accept_ra;
1142}
1143
1144static void ndisc_router_discovery(struct sk_buff *skb)
1145{
1146 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1147 struct neighbour *neigh = NULL;
1148 struct inet6_dev *in6_dev;
1149 struct rt6_info *rt = NULL;
1150 int lifetime;
1151 struct ndisc_options ndopts;
1152 int optlen;
1153 unsigned int pref = 0;
1154
1155 __u8 * opt = (__u8 *)(ra_msg + 1);
1156
1157 optlen = (skb->tail - skb->transport_header) - sizeof(struct ra_msg);
1158
1159 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1160 ND_PRINTK2(KERN_WARNING
1161 "ICMPv6 RA: source address is not link-local.\n");
1162 return;
1163 }
1164 if (optlen < 0) {
1165 ND_PRINTK2(KERN_WARNING
1166 "ICMPv6 RA: packet too short\n");
1167 return;
1168 }
1169
1170#ifdef CONFIG_IPV6_NDISC_NODETYPE
1171 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1172 ND_PRINTK2(KERN_WARNING
1173 "ICMPv6 RA: from host or unauthorized router\n");
1174 return;
1175 }
1176#endif
1177
1178 /*
1179 * set the RA_RECV flag in the interface
1180 */
1181
1182 in6_dev = in6_dev_get(skb->dev);
1183 if (in6_dev == NULL) {
1184 ND_PRINTK0(KERN_ERR
1185 "ICMPv6 RA: can't find inet6 device for %s.\n",
1186 skb->dev->name);
1187 return;
1188 }
1189
1190 if (!ndisc_parse_options(opt, optlen, &ndopts)) {
1191 in6_dev_put(in6_dev);
1192 ND_PRINTK2(KERN_WARNING
1193 "ICMP6 RA: invalid ND options\n");
1194 return;
1195 }
1196
1197 if (!accept_ra(in6_dev))
1198 goto skip_linkparms;
1199
1200#ifdef CONFIG_IPV6_NDISC_NODETYPE
1201 /* skip link-specific parameters from interior routers */
1202 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1203 goto skip_linkparms;
1204#endif
1205
1206 if (in6_dev->if_flags & IF_RS_SENT) {
1207 /*
1208 * flag that an RA was received after an RS was sent
1209 * out on this interface.
1210 */
1211 in6_dev->if_flags |= IF_RA_RCVD;
1212 }
1213
1214 /*
1215 * Remember the managed/otherconf flags from most recently
1216 * received RA message (RFC 2462) -- yoshfuji
1217 */
1218 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1219 IF_RA_OTHERCONF)) |
1220 (ra_msg->icmph.icmp6_addrconf_managed ?
1221 IF_RA_MANAGED : 0) |
1222 (ra_msg->icmph.icmp6_addrconf_other ?
1223 IF_RA_OTHERCONF : 0);
1224
1225 if (!in6_dev->cnf.accept_ra_defrtr)
1226 goto skip_defrtr;
1227
1228 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1229
1230#ifdef CONFIG_IPV6_ROUTER_PREF
1231 pref = ra_msg->icmph.icmp6_router_pref;
1232 /* 10b is handled as if it were 00b (medium) */
1233 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1234 !in6_dev->cnf.accept_ra_rtr_pref)
1235 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1236#endif
1237
1238 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1239
1240 if (rt)
1241 neigh = dst_get_neighbour(&rt->dst);
1242
1243 if (rt && lifetime == 0) {
1244 neigh_clone(neigh);
1245 ip6_del_rt(rt);
1246 rt = NULL;
1247 }
1248
1249 if (rt == NULL && lifetime) {
1250 ND_PRINTK3(KERN_DEBUG
1251 "ICMPv6 RA: adding default router.\n");
1252
1253 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
1254 if (rt == NULL) {
1255 ND_PRINTK0(KERN_ERR
1256 "ICMPv6 RA: %s() failed to add default route.\n",
1257 __func__);
1258 in6_dev_put(in6_dev);
1259 return;
1260 }
1261
1262 neigh = dst_get_neighbour(&rt->dst);
1263 if (neigh == NULL) {
1264 ND_PRINTK0(KERN_ERR
1265 "ICMPv6 RA: %s() got default router without neighbour.\n",
1266 __func__);
1267 dst_release(&rt->dst);
1268 in6_dev_put(in6_dev);
1269 return;
1270 }
1271 neigh->flags |= NTF_ROUTER;
1272 } else if (rt) {
1273 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1274 }
1275
1276 if (rt)
1277 rt->rt6i_expires = jiffies + (HZ * lifetime);
1278
1279 if (ra_msg->icmph.icmp6_hop_limit) {
1280 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1281 if (rt)
1282 dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
1283 ra_msg->icmph.icmp6_hop_limit);
1284 }
1285
1286skip_defrtr:
1287
1288 /*
1289 * Update Reachable Time and Retrans Timer
1290 */
1291
1292 if (in6_dev->nd_parms) {
1293 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1294
1295 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1296 rtime = (rtime*HZ)/1000;
1297 if (rtime < HZ/10)
1298 rtime = HZ/10;
1299 in6_dev->nd_parms->retrans_time = rtime;
1300 in6_dev->tstamp = jiffies;
1301 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1302 }
1303
1304 rtime = ntohl(ra_msg->reachable_time);
1305 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1306 rtime = (rtime*HZ)/1000;
1307
1308 if (rtime < HZ/10)
1309 rtime = HZ/10;
1310
1311 if (rtime != in6_dev->nd_parms->base_reachable_time) {
1312 in6_dev->nd_parms->base_reachable_time = rtime;
1313 in6_dev->nd_parms->gc_staletime = 3 * rtime;
1314 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1315 in6_dev->tstamp = jiffies;
1316 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1317 }
1318 }
1319 }
1320
1321skip_linkparms:
1322
1323 /*
1324 * Process options.
1325 */
1326
1327 if (!neigh)
1328 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1329 skb->dev, 1);
1330 if (neigh) {
1331 u8 *lladdr = NULL;
1332 if (ndopts.nd_opts_src_lladdr) {
1333 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1334 skb->dev);
1335 if (!lladdr) {
1336 ND_PRINTK2(KERN_WARNING
1337 "ICMPv6 RA: invalid link-layer address length\n");
1338 goto out;
1339 }
1340 }
1341 neigh_update(neigh, lladdr, NUD_STALE,
1342 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1343 NEIGH_UPDATE_F_OVERRIDE|
1344 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1345 NEIGH_UPDATE_F_ISROUTER);
1346 }
1347
1348 if (!accept_ra(in6_dev))
1349 goto out;
1350
1351#ifdef CONFIG_IPV6_ROUTE_INFO
1352 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1353 struct nd_opt_hdr *p;
1354 for (p = ndopts.nd_opts_ri;
1355 p;
1356 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1357 struct route_info *ri = (struct route_info *)p;
1358#ifdef CONFIG_IPV6_NDISC_NODETYPE
1359 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1360 ri->prefix_len == 0)
1361 continue;
1362#endif
1363 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1364 continue;
1365 rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3,
1366 &ipv6_hdr(skb)->saddr);
1367 }
1368 }
1369#endif
1370
1371#ifdef CONFIG_IPV6_NDISC_NODETYPE
1372 /* skip link-specific ndopts from interior routers */
1373 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1374 goto out;
1375#endif
1376
1377 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1378 struct nd_opt_hdr *p;
1379 for (p = ndopts.nd_opts_pi;
1380 p;
1381 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1382 addrconf_prefix_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3);
1383 }
1384 }
1385
1386 if (ndopts.nd_opts_mtu) {
1387 __be32 n;
1388 u32 mtu;
1389
1390 memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1391 mtu = ntohl(n);
1392
1393 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1394 ND_PRINTK2(KERN_WARNING
1395 "ICMPv6 RA: invalid mtu: %d\n",
1396 mtu);
1397 } else if (in6_dev->cnf.mtu6 != mtu) {
1398 in6_dev->cnf.mtu6 = mtu;
1399
1400 if (rt)
1401 dst_metric_set(&rt->dst, RTAX_MTU, mtu);
1402
1403 rt6_mtu_change(skb->dev, mtu);
1404 }
1405 }
1406
1407 if (ndopts.nd_useropts) {
1408 struct nd_opt_hdr *p;
1409 for (p = ndopts.nd_useropts;
1410 p;
1411 p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) {
1412 ndisc_ra_useropt(skb, p);
1413 }
1414 }
1415
1416 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1417 ND_PRINTK2(KERN_WARNING
1418 "ICMPv6 RA: invalid RA options");
1419 }
1420out:
1421 if (rt)
1422 dst_release(&rt->dst);
1423 else if (neigh)
1424 neigh_release(neigh);
1425 in6_dev_put(in6_dev);
1426}
1427
1428static void ndisc_redirect_rcv(struct sk_buff *skb)
1429{
1430 struct inet6_dev *in6_dev;
1431 struct icmp6hdr *icmph;
1432 const struct in6_addr *dest;
1433 const struct in6_addr *target; /* new first hop to destination */
1434 struct neighbour *neigh;
1435 int on_link = 0;
1436 struct ndisc_options ndopts;
1437 int optlen;
1438 u8 *lladdr = NULL;
1439
1440#ifdef CONFIG_IPV6_NDISC_NODETYPE
1441 switch (skb->ndisc_nodetype) {
1442 case NDISC_NODETYPE_HOST:
1443 case NDISC_NODETYPE_NODEFAULT:
1444 ND_PRINTK2(KERN_WARNING
1445 "ICMPv6 Redirect: from host or unauthorized router\n");
1446 return;
1447 }
1448#endif
1449
1450 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1451 ND_PRINTK2(KERN_WARNING
1452 "ICMPv6 Redirect: source address is not link-local.\n");
1453 return;
1454 }
1455
1456 optlen = skb->tail - skb->transport_header;
1457 optlen -= sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1458
1459 if (optlen < 0) {
1460 ND_PRINTK2(KERN_WARNING
1461 "ICMPv6 Redirect: packet too short\n");
1462 return;
1463 }
1464
1465 icmph = icmp6_hdr(skb);
1466 target = (const struct in6_addr *) (icmph + 1);
1467 dest = target + 1;
1468
1469 if (ipv6_addr_is_multicast(dest)) {
1470 ND_PRINTK2(KERN_WARNING
1471 "ICMPv6 Redirect: destination address is multicast.\n");
1472 return;
1473 }
1474
1475 if (ipv6_addr_equal(dest, target)) {
1476 on_link = 1;
1477 } else if (ipv6_addr_type(target) !=
1478 (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1479 ND_PRINTK2(KERN_WARNING
1480 "ICMPv6 Redirect: target address is not link-local unicast.\n");
1481 return;
1482 }
1483
1484 in6_dev = in6_dev_get(skb->dev);
1485 if (!in6_dev)
1486 return;
1487 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects) {
1488 in6_dev_put(in6_dev);
1489 return;
1490 }
1491
1492 /* RFC2461 8.1:
1493 * The IP source address of the Redirect MUST be the same as the current
1494 * first-hop router for the specified ICMP Destination Address.
1495 */
1496
1497 if (!ndisc_parse_options((u8*)(dest + 1), optlen, &ndopts)) {
1498 ND_PRINTK2(KERN_WARNING
1499 "ICMPv6 Redirect: invalid ND options\n");
1500 in6_dev_put(in6_dev);
1501 return;
1502 }
1503 if (ndopts.nd_opts_tgt_lladdr) {
1504 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr,
1505 skb->dev);
1506 if (!lladdr) {
1507 ND_PRINTK2(KERN_WARNING
1508 "ICMPv6 Redirect: invalid link-layer address length\n");
1509 in6_dev_put(in6_dev);
1510 return;
1511 }
1512 }
1513
1514 neigh = __neigh_lookup(&nd_tbl, target, skb->dev, 1);
1515 if (neigh) {
1516 rt6_redirect(dest, &ipv6_hdr(skb)->daddr,
1517 &ipv6_hdr(skb)->saddr, neigh, lladdr,
1518 on_link);
1519 neigh_release(neigh);
1520 }
1521 in6_dev_put(in6_dev);
1522}
1523
1524void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh,
1525 const struct in6_addr *target)
1526{
1527 struct net_device *dev = skb->dev;
1528 struct net *net = dev_net(dev);
1529 struct sock *sk = net->ipv6.ndisc_sk;
1530 int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1531 struct sk_buff *buff;
1532 struct icmp6hdr *icmph;
1533 struct in6_addr saddr_buf;
1534 struct in6_addr *addrp;
1535 struct rt6_info *rt;
1536 struct dst_entry *dst;
1537 struct inet6_dev *idev;
1538 struct flowi6 fl6;
1539 u8 *opt;
1540 int rd_len;
1541 int err;
1542 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL;
1543
1544 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1545 ND_PRINTK2(KERN_WARNING
1546 "ICMPv6 Redirect: no link-local address on %s\n",
1547 dev->name);
1548 return;
1549 }
1550
1551 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1552 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1553 ND_PRINTK2(KERN_WARNING
1554 "ICMPv6 Redirect: target address is not link-local unicast.\n");
1555 return;
1556 }
1557
1558 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1559 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1560
1561 dst = ip6_route_output(net, NULL, &fl6);
1562 if (dst == NULL)
1563 return;
1564
1565 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1566 if (IS_ERR(dst))
1567 return;
1568
1569 rt = (struct rt6_info *) dst;
1570
1571 if (rt->rt6i_flags & RTF_GATEWAY) {
1572 ND_PRINTK2(KERN_WARNING
1573 "ICMPv6 Redirect: destination is not a neighbour.\n");
1574 goto release;
1575 }
1576 if (!rt->rt6i_peer)
1577 rt6_bind_peer(rt, 1);
1578 if (inet_peer_xrlim_allow(rt->rt6i_peer, 1*HZ))
1579 goto release;
1580
1581 if (dev->addr_len) {
1582 read_lock_bh(&neigh->lock);
1583 if (neigh->nud_state & NUD_VALID) {
1584 memcpy(ha_buf, neigh->ha, dev->addr_len);
1585 read_unlock_bh(&neigh->lock);
1586 ha = ha_buf;
1587 len += ndisc_opt_addr_space(dev);
1588 } else
1589 read_unlock_bh(&neigh->lock);
1590 }
1591
1592 rd_len = min_t(unsigned int,
1593 IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8);
1594 rd_len &= ~0x7;
1595 len += rd_len;
1596
1597 buff = sock_alloc_send_skb(sk,
1598 (MAX_HEADER + sizeof(struct ipv6hdr) +
1599 len + LL_ALLOCATED_SPACE(dev)),
1600 1, &err);
1601 if (buff == NULL) {
1602 ND_PRINTK0(KERN_ERR
1603 "ICMPv6 Redirect: %s() failed to allocate an skb, err=%d.\n",
1604 __func__, err);
1605 goto release;
1606 }
1607
1608 skb_reserve(buff, LL_RESERVED_SPACE(dev));
1609 ip6_nd_hdr(sk, buff, dev, &saddr_buf, &ipv6_hdr(skb)->saddr,
1610 IPPROTO_ICMPV6, len);
1611
1612 skb_set_transport_header(buff, skb_tail_pointer(buff) - buff->data);
1613 skb_put(buff, len);
1614 icmph = icmp6_hdr(buff);
1615
1616 memset(icmph, 0, sizeof(struct icmp6hdr));
1617 icmph->icmp6_type = NDISC_REDIRECT;
1618
1619 /*
1620 * copy target and destination addresses
1621 */
1622
1623 addrp = (struct in6_addr *)(icmph + 1);
1624 ipv6_addr_copy(addrp, target);
1625 addrp++;
1626 ipv6_addr_copy(addrp, &ipv6_hdr(skb)->daddr);
1627
1628 opt = (u8*) (addrp + 1);
1629
1630 /*
1631 * include target_address option
1632 */
1633
1634 if (ha)
1635 opt = ndisc_fill_addr_option(opt, ND_OPT_TARGET_LL_ADDR, ha,
1636 dev->addr_len, dev->type);
1637
1638 /*
1639 * build redirect option and copy skb over to the new packet.
1640 */
1641
1642 memset(opt, 0, 8);
1643 *(opt++) = ND_OPT_REDIRECT_HDR;
1644 *(opt++) = (rd_len >> 3);
1645 opt += 6;
1646
1647 memcpy(opt, ipv6_hdr(skb), rd_len - 8);
1648
1649 icmph->icmp6_cksum = csum_ipv6_magic(&saddr_buf, &ipv6_hdr(skb)->saddr,
1650 len, IPPROTO_ICMPV6,
1651 csum_partial(icmph, len, 0));
1652
1653 skb_dst_set(buff, dst);
1654 idev = in6_dev_get(dst->dev);
1655 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
1656 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, buff, NULL, dst->dev,
1657 dst_output);
1658 if (!err) {
1659 ICMP6MSGOUT_INC_STATS(net, idev, NDISC_REDIRECT);
1660 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
1661 }
1662
1663 if (likely(idev != NULL))
1664 in6_dev_put(idev);
1665 return;
1666
1667release:
1668 dst_release(dst);
1669}
1670
1671static void pndisc_redo(struct sk_buff *skb)
1672{
1673 ndisc_recv_ns(skb);
1674 kfree_skb(skb);
1675}
1676
1677int ndisc_rcv(struct sk_buff *skb)
1678{
1679 struct nd_msg *msg;
1680
1681 if (!pskb_may_pull(skb, skb->len))
1682 return 0;
1683
1684 msg = (struct nd_msg *)skb_transport_header(skb);
1685
1686 __skb_push(skb, skb->data - skb_transport_header(skb));
1687
1688 if (ipv6_hdr(skb)->hop_limit != 255) {
1689 ND_PRINTK2(KERN_WARNING
1690 "ICMPv6 NDISC: invalid hop-limit: %d\n",
1691 ipv6_hdr(skb)->hop_limit);
1692 return 0;
1693 }
1694
1695 if (msg->icmph.icmp6_code != 0) {
1696 ND_PRINTK2(KERN_WARNING
1697 "ICMPv6 NDISC: invalid ICMPv6 code: %d\n",
1698 msg->icmph.icmp6_code);
1699 return 0;
1700 }
1701
1702 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1703
1704 switch (msg->icmph.icmp6_type) {
1705 case NDISC_NEIGHBOUR_SOLICITATION:
1706 ndisc_recv_ns(skb);
1707 break;
1708
1709 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1710 ndisc_recv_na(skb);
1711 break;
1712
1713 case NDISC_ROUTER_SOLICITATION:
1714 ndisc_recv_rs(skb);
1715 break;
1716
1717 case NDISC_ROUTER_ADVERTISEMENT:
1718 ndisc_router_discovery(skb);
1719 break;
1720
1721 case NDISC_REDIRECT:
1722 ndisc_redirect_rcv(skb);
1723 break;
1724 }
1725
1726 return 0;
1727}
1728
1729static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1730{
1731 struct net_device *dev = ptr;
1732 struct net *net = dev_net(dev);
1733
1734 switch (event) {
1735 case NETDEV_CHANGEADDR:
1736 neigh_changeaddr(&nd_tbl, dev);
1737 fib6_run_gc(~0UL, net);
1738 break;
1739 case NETDEV_DOWN:
1740 neigh_ifdown(&nd_tbl, dev);
1741 fib6_run_gc(~0UL, net);
1742 break;
1743 case NETDEV_NOTIFY_PEERS:
1744 ndisc_send_unsol_na(dev);
1745 break;
1746 default:
1747 break;
1748 }
1749
1750 return NOTIFY_DONE;
1751}
1752
1753static struct notifier_block ndisc_netdev_notifier = {
1754 .notifier_call = ndisc_netdev_event,
1755};
1756
1757#ifdef CONFIG_SYSCTL
1758static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1759 const char *func, const char *dev_name)
1760{
1761 static char warncomm[TASK_COMM_LEN];
1762 static int warned;
1763 if (strcmp(warncomm, current->comm) && warned < 5) {
1764 strcpy(warncomm, current->comm);
1765 printk(KERN_WARNING
1766 "process `%s' is using deprecated sysctl (%s) "
1767 "net.ipv6.neigh.%s.%s; "
1768 "Use net.ipv6.neigh.%s.%s_ms "
1769 "instead.\n",
1770 warncomm, func,
1771 dev_name, ctl->procname,
1772 dev_name, ctl->procname);
1773 warned++;
1774 }
1775}
1776
1777int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
1778{
1779 struct net_device *dev = ctl->extra1;
1780 struct inet6_dev *idev;
1781 int ret;
1782
1783 if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1784 (strcmp(ctl->procname, "base_reachable_time") == 0))
1785 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1786
1787 if (strcmp(ctl->procname, "retrans_time") == 0)
1788 ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
1789
1790 else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1791 ret = proc_dointvec_jiffies(ctl, write,
1792 buffer, lenp, ppos);
1793
1794 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1795 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1796 ret = proc_dointvec_ms_jiffies(ctl, write,
1797 buffer, lenp, ppos);
1798 else
1799 ret = -1;
1800
1801 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1802 if (ctl->data == &idev->nd_parms->base_reachable_time)
1803 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time);
1804 idev->tstamp = jiffies;
1805 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1806 in6_dev_put(idev);
1807 }
1808 return ret;
1809}
1810
1811
1812#endif
1813
1814static int __net_init ndisc_net_init(struct net *net)
1815{
1816 struct ipv6_pinfo *np;
1817 struct sock *sk;
1818 int err;
1819
1820 err = inet_ctl_sock_create(&sk, PF_INET6,
1821 SOCK_RAW, IPPROTO_ICMPV6, net);
1822 if (err < 0) {
1823 ND_PRINTK0(KERN_ERR
1824 "ICMPv6 NDISC: Failed to initialize the control socket (err %d).\n",
1825 err);
1826 return err;
1827 }
1828
1829 net->ipv6.ndisc_sk = sk;
1830
1831 np = inet6_sk(sk);
1832 np->hop_limit = 255;
1833 /* Do not loopback ndisc messages */
1834 np->mc_loop = 0;
1835
1836 return 0;
1837}
1838
1839static void __net_exit ndisc_net_exit(struct net *net)
1840{
1841 inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1842}
1843
1844static struct pernet_operations ndisc_net_ops = {
1845 .init = ndisc_net_init,
1846 .exit = ndisc_net_exit,
1847};
1848
1849int __init ndisc_init(void)
1850{
1851 int err;
1852
1853 err = register_pernet_subsys(&ndisc_net_ops);
1854 if (err)
1855 return err;
1856 /*
1857 * Initialize the neighbour table
1858 */
1859 neigh_table_init(&nd_tbl);
1860
1861#ifdef CONFIG_SYSCTL
1862 err = neigh_sysctl_register(NULL, &nd_tbl.parms, "ipv6",
1863 &ndisc_ifinfo_sysctl_change);
1864 if (err)
1865 goto out_unregister_pernet;
1866#endif
1867 err = register_netdevice_notifier(&ndisc_netdev_notifier);
1868 if (err)
1869 goto out_unregister_sysctl;
1870out:
1871 return err;
1872
1873out_unregister_sysctl:
1874#ifdef CONFIG_SYSCTL
1875 neigh_sysctl_unregister(&nd_tbl.parms);
1876out_unregister_pernet:
1877#endif
1878 unregister_pernet_subsys(&ndisc_net_ops);
1879 goto out;
1880}
1881
1882void ndisc_cleanup(void)
1883{
1884 unregister_netdevice_notifier(&ndisc_netdev_notifier);
1885#ifdef CONFIG_SYSCTL
1886 neigh_sysctl_unregister(&nd_tbl.parms);
1887#endif
1888 neigh_table_clear(&nd_tbl);
1889 unregister_pernet_subsys(&ndisc_net_ops);
1890}
1/*
2 * Neighbour Discovery for IPv6
3 * Linux INET6 implementation
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 * Mike Shaver <shaver@ingenia.com>
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version
12 * 2 of the License, or (at your option) any later version.
13 */
14
15/*
16 * Changes:
17 *
18 * Alexey I. Froloff : RFC6106 (DNSSL) support
19 * Pierre Ynard : export userland ND options
20 * through netlink (RDNSS support)
21 * Lars Fenneberg : fixed MTU setting on receipt
22 * of an RA.
23 * Janos Farkas : kmalloc failure checks
24 * Alexey Kuznetsov : state machine reworked
25 * and moved to net/core.
26 * Pekka Savola : RFC2461 validation
27 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly
28 */
29
30#define pr_fmt(fmt) "ICMPv6: " fmt
31
32#include <linux/module.h>
33#include <linux/errno.h>
34#include <linux/types.h>
35#include <linux/socket.h>
36#include <linux/sockios.h>
37#include <linux/sched.h>
38#include <linux/net.h>
39#include <linux/in6.h>
40#include <linux/route.h>
41#include <linux/init.h>
42#include <linux/rcupdate.h>
43#include <linux/slab.h>
44#ifdef CONFIG_SYSCTL
45#include <linux/sysctl.h>
46#endif
47
48#include <linux/if_addr.h>
49#include <linux/if_arp.h>
50#include <linux/ipv6.h>
51#include <linux/icmpv6.h>
52#include <linux/jhash.h>
53
54#include <net/sock.h>
55#include <net/snmp.h>
56
57#include <net/ipv6.h>
58#include <net/protocol.h>
59#include <net/ndisc.h>
60#include <net/ip6_route.h>
61#include <net/addrconf.h>
62#include <net/icmp.h>
63
64#include <net/netlink.h>
65#include <linux/rtnetlink.h>
66
67#include <net/flow.h>
68#include <net/ip6_checksum.h>
69#include <net/inet_common.h>
70#include <linux/proc_fs.h>
71
72#include <linux/netfilter.h>
73#include <linux/netfilter_ipv6.h>
74
75/* Set to 3 to get tracing... */
76#define ND_DEBUG 1
77
78#define ND_PRINTK(val, level, fmt, ...) \
79do { \
80 if (val <= ND_DEBUG) \
81 net_##level##_ratelimited(fmt, ##__VA_ARGS__); \
82} while (0)
83
84static u32 ndisc_hash(const void *pkey,
85 const struct net_device *dev,
86 __u32 *hash_rnd);
87static int ndisc_constructor(struct neighbour *neigh);
88static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
89static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
90static int pndisc_constructor(struct pneigh_entry *n);
91static void pndisc_destructor(struct pneigh_entry *n);
92static void pndisc_redo(struct sk_buff *skb);
93
94static const struct neigh_ops ndisc_generic_ops = {
95 .family = AF_INET6,
96 .solicit = ndisc_solicit,
97 .error_report = ndisc_error_report,
98 .output = neigh_resolve_output,
99 .connected_output = neigh_connected_output,
100};
101
102static const struct neigh_ops ndisc_hh_ops = {
103 .family = AF_INET6,
104 .solicit = ndisc_solicit,
105 .error_report = ndisc_error_report,
106 .output = neigh_resolve_output,
107 .connected_output = neigh_resolve_output,
108};
109
110
111static const struct neigh_ops ndisc_direct_ops = {
112 .family = AF_INET6,
113 .output = neigh_direct_output,
114 .connected_output = neigh_direct_output,
115};
116
117struct neigh_table nd_tbl = {
118 .family = AF_INET6,
119 .key_len = sizeof(struct in6_addr),
120 .hash = ndisc_hash,
121 .constructor = ndisc_constructor,
122 .pconstructor = pndisc_constructor,
123 .pdestructor = pndisc_destructor,
124 .proxy_redo = pndisc_redo,
125 .id = "ndisc_cache",
126 .parms = {
127 .tbl = &nd_tbl,
128 .base_reachable_time = ND_REACHABLE_TIME,
129 .retrans_time = ND_RETRANS_TIMER,
130 .gc_staletime = 60 * HZ,
131 .reachable_time = ND_REACHABLE_TIME,
132 .delay_probe_time = 5 * HZ,
133 .queue_len_bytes = 64*1024,
134 .ucast_probes = 3,
135 .mcast_probes = 3,
136 .anycast_delay = 1 * HZ,
137 .proxy_delay = (8 * HZ) / 10,
138 .proxy_qlen = 64,
139 },
140 .gc_interval = 30 * HZ,
141 .gc_thresh1 = 128,
142 .gc_thresh2 = 512,
143 .gc_thresh3 = 1024,
144};
145
146/* ND options */
147struct ndisc_options {
148 struct nd_opt_hdr *nd_opt_array[__ND_OPT_ARRAY_MAX];
149#ifdef CONFIG_IPV6_ROUTE_INFO
150 struct nd_opt_hdr *nd_opts_ri;
151 struct nd_opt_hdr *nd_opts_ri_end;
152#endif
153 struct nd_opt_hdr *nd_useropts;
154 struct nd_opt_hdr *nd_useropts_end;
155};
156
157#define nd_opts_src_lladdr nd_opt_array[ND_OPT_SOURCE_LL_ADDR]
158#define nd_opts_tgt_lladdr nd_opt_array[ND_OPT_TARGET_LL_ADDR]
159#define nd_opts_pi nd_opt_array[ND_OPT_PREFIX_INFO]
160#define nd_opts_pi_end nd_opt_array[__ND_OPT_PREFIX_INFO_END]
161#define nd_opts_rh nd_opt_array[ND_OPT_REDIRECT_HDR]
162#define nd_opts_mtu nd_opt_array[ND_OPT_MTU]
163
164#define NDISC_OPT_SPACE(len) (((len)+2+7)&~7)
165
166/*
167 * Return the padding between the option length and the start of the
168 * link addr. Currently only IP-over-InfiniBand needs this, although
169 * if RFC 3831 IPv6-over-Fibre Channel is ever implemented it may
170 * also need a pad of 2.
171 */
172static int ndisc_addr_option_pad(unsigned short type)
173{
174 switch (type) {
175 case ARPHRD_INFINIBAND: return 2;
176 default: return 0;
177 }
178}
179
180static inline int ndisc_opt_addr_space(struct net_device *dev)
181{
182 return NDISC_OPT_SPACE(dev->addr_len + ndisc_addr_option_pad(dev->type));
183}
184
185static u8 *ndisc_fill_addr_option(u8 *opt, int type, void *data, int data_len,
186 unsigned short addr_type)
187{
188 int space = NDISC_OPT_SPACE(data_len);
189 int pad = ndisc_addr_option_pad(addr_type);
190
191 opt[0] = type;
192 opt[1] = space>>3;
193
194 memset(opt + 2, 0, pad);
195 opt += pad;
196 space -= pad;
197
198 memcpy(opt+2, data, data_len);
199 data_len += 2;
200 opt += data_len;
201 if ((space -= data_len) > 0)
202 memset(opt, 0, space);
203 return opt + space;
204}
205
206static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
207 struct nd_opt_hdr *end)
208{
209 int type;
210 if (!cur || !end || cur >= end)
211 return NULL;
212 type = cur->nd_opt_type;
213 do {
214 cur = ((void *)cur) + (cur->nd_opt_len << 3);
215 } while(cur < end && cur->nd_opt_type != type);
216 return cur <= end && cur->nd_opt_type == type ? cur : NULL;
217}
218
219static inline int ndisc_is_useropt(struct nd_opt_hdr *opt)
220{
221 return opt->nd_opt_type == ND_OPT_RDNSS ||
222 opt->nd_opt_type == ND_OPT_DNSSL;
223}
224
225static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur,
226 struct nd_opt_hdr *end)
227{
228 if (!cur || !end || cur >= end)
229 return NULL;
230 do {
231 cur = ((void *)cur) + (cur->nd_opt_len << 3);
232 } while(cur < end && !ndisc_is_useropt(cur));
233 return cur <= end && ndisc_is_useropt(cur) ? cur : NULL;
234}
235
236static struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
237 struct ndisc_options *ndopts)
238{
239 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
240
241 if (!nd_opt || opt_len < 0 || !ndopts)
242 return NULL;
243 memset(ndopts, 0, sizeof(*ndopts));
244 while (opt_len) {
245 int l;
246 if (opt_len < sizeof(struct nd_opt_hdr))
247 return NULL;
248 l = nd_opt->nd_opt_len << 3;
249 if (opt_len < l || l == 0)
250 return NULL;
251 switch (nd_opt->nd_opt_type) {
252 case ND_OPT_SOURCE_LL_ADDR:
253 case ND_OPT_TARGET_LL_ADDR:
254 case ND_OPT_MTU:
255 case ND_OPT_REDIRECT_HDR:
256 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
257 ND_PRINTK(2, warn,
258 "%s: duplicated ND6 option found: type=%d\n",
259 __func__, nd_opt->nd_opt_type);
260 } else {
261 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
262 }
263 break;
264 case ND_OPT_PREFIX_INFO:
265 ndopts->nd_opts_pi_end = nd_opt;
266 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
267 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
268 break;
269#ifdef CONFIG_IPV6_ROUTE_INFO
270 case ND_OPT_ROUTE_INFO:
271 ndopts->nd_opts_ri_end = nd_opt;
272 if (!ndopts->nd_opts_ri)
273 ndopts->nd_opts_ri = nd_opt;
274 break;
275#endif
276 default:
277 if (ndisc_is_useropt(nd_opt)) {
278 ndopts->nd_useropts_end = nd_opt;
279 if (!ndopts->nd_useropts)
280 ndopts->nd_useropts = nd_opt;
281 } else {
282 /*
283 * Unknown options must be silently ignored,
284 * to accommodate future extension to the
285 * protocol.
286 */
287 ND_PRINTK(2, notice,
288 "%s: ignored unsupported option; type=%d, len=%d\n",
289 __func__,
290 nd_opt->nd_opt_type,
291 nd_opt->nd_opt_len);
292 }
293 }
294 opt_len -= l;
295 nd_opt = ((void *)nd_opt) + l;
296 }
297 return ndopts;
298}
299
300static inline u8 *ndisc_opt_addr_data(struct nd_opt_hdr *p,
301 struct net_device *dev)
302{
303 u8 *lladdr = (u8 *)(p + 1);
304 int lladdrlen = p->nd_opt_len << 3;
305 int prepad = ndisc_addr_option_pad(dev->type);
306 if (lladdrlen != NDISC_OPT_SPACE(dev->addr_len + prepad))
307 return NULL;
308 return lladdr + prepad;
309}
310
311int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
312{
313 switch (dev->type) {
314 case ARPHRD_ETHER:
315 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */
316 case ARPHRD_FDDI:
317 ipv6_eth_mc_map(addr, buf);
318 return 0;
319 case ARPHRD_ARCNET:
320 ipv6_arcnet_mc_map(addr, buf);
321 return 0;
322 case ARPHRD_INFINIBAND:
323 ipv6_ib_mc_map(addr, dev->broadcast, buf);
324 return 0;
325 case ARPHRD_IPGRE:
326 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
327 default:
328 if (dir) {
329 memcpy(buf, dev->broadcast, dev->addr_len);
330 return 0;
331 }
332 }
333 return -EINVAL;
334}
335
336EXPORT_SYMBOL(ndisc_mc_map);
337
338static u32 ndisc_hash(const void *pkey,
339 const struct net_device *dev,
340 __u32 *hash_rnd)
341{
342 return ndisc_hashfn(pkey, dev, hash_rnd);
343}
344
345static int ndisc_constructor(struct neighbour *neigh)
346{
347 struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key;
348 struct net_device *dev = neigh->dev;
349 struct inet6_dev *in6_dev;
350 struct neigh_parms *parms;
351 bool is_multicast = ipv6_addr_is_multicast(addr);
352
353 in6_dev = in6_dev_get(dev);
354 if (in6_dev == NULL) {
355 return -EINVAL;
356 }
357
358 parms = in6_dev->nd_parms;
359 __neigh_parms_put(neigh->parms);
360 neigh->parms = neigh_parms_clone(parms);
361
362 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
363 if (!dev->header_ops) {
364 neigh->nud_state = NUD_NOARP;
365 neigh->ops = &ndisc_direct_ops;
366 neigh->output = neigh_direct_output;
367 } else {
368 if (is_multicast) {
369 neigh->nud_state = NUD_NOARP;
370 ndisc_mc_map(addr, neigh->ha, dev, 1);
371 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
372 neigh->nud_state = NUD_NOARP;
373 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
374 if (dev->flags&IFF_LOOPBACK)
375 neigh->type = RTN_LOCAL;
376 } else if (dev->flags&IFF_POINTOPOINT) {
377 neigh->nud_state = NUD_NOARP;
378 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
379 }
380 if (dev->header_ops->cache)
381 neigh->ops = &ndisc_hh_ops;
382 else
383 neigh->ops = &ndisc_generic_ops;
384 if (neigh->nud_state&NUD_VALID)
385 neigh->output = neigh->ops->connected_output;
386 else
387 neigh->output = neigh->ops->output;
388 }
389 in6_dev_put(in6_dev);
390 return 0;
391}
392
393static int pndisc_constructor(struct pneigh_entry *n)
394{
395 struct in6_addr *addr = (struct in6_addr*)&n->key;
396 struct in6_addr maddr;
397 struct net_device *dev = n->dev;
398
399 if (dev == NULL || __in6_dev_get(dev) == NULL)
400 return -EINVAL;
401 addrconf_addr_solict_mult(addr, &maddr);
402 ipv6_dev_mc_inc(dev, &maddr);
403 return 0;
404}
405
406static void pndisc_destructor(struct pneigh_entry *n)
407{
408 struct in6_addr *addr = (struct in6_addr*)&n->key;
409 struct in6_addr maddr;
410 struct net_device *dev = n->dev;
411
412 if (dev == NULL || __in6_dev_get(dev) == NULL)
413 return;
414 addrconf_addr_solict_mult(addr, &maddr);
415 ipv6_dev_mc_dec(dev, &maddr);
416}
417
418struct sk_buff *ndisc_build_skb(struct net_device *dev,
419 const struct in6_addr *daddr,
420 const struct in6_addr *saddr,
421 struct icmp6hdr *icmp6h,
422 const struct in6_addr *target,
423 int llinfo)
424{
425 struct net *net = dev_net(dev);
426 struct sock *sk = net->ipv6.ndisc_sk;
427 struct sk_buff *skb;
428 struct icmp6hdr *hdr;
429 int hlen = LL_RESERVED_SPACE(dev);
430 int tlen = dev->needed_tailroom;
431 int len;
432 int err;
433 u8 *opt;
434
435 if (!dev->addr_len)
436 llinfo = 0;
437
438 len = sizeof(struct icmp6hdr) + (target ? sizeof(*target) : 0);
439 if (llinfo)
440 len += ndisc_opt_addr_space(dev);
441
442 skb = sock_alloc_send_skb(sk,
443 (MAX_HEADER + sizeof(struct ipv6hdr) +
444 len + hlen + tlen),
445 1, &err);
446 if (!skb) {
447 ND_PRINTK(0, err, "ND: %s failed to allocate an skb, err=%d\n",
448 __func__, err);
449 return NULL;
450 }
451
452 skb_reserve(skb, hlen);
453 ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len);
454
455 skb->transport_header = skb->tail;
456 skb_put(skb, len);
457
458 hdr = (struct icmp6hdr *)skb_transport_header(skb);
459 memcpy(hdr, icmp6h, sizeof(*hdr));
460
461 opt = skb_transport_header(skb) + sizeof(struct icmp6hdr);
462 if (target) {
463 *(struct in6_addr *)opt = *target;
464 opt += sizeof(*target);
465 }
466
467 if (llinfo)
468 ndisc_fill_addr_option(opt, llinfo, dev->dev_addr,
469 dev->addr_len, dev->type);
470
471 hdr->icmp6_cksum = csum_ipv6_magic(saddr, daddr, len,
472 IPPROTO_ICMPV6,
473 csum_partial(hdr,
474 len, 0));
475
476 return skb;
477}
478
479EXPORT_SYMBOL(ndisc_build_skb);
480
481void ndisc_send_skb(struct sk_buff *skb,
482 struct net_device *dev,
483 struct neighbour *neigh,
484 const struct in6_addr *daddr,
485 const struct in6_addr *saddr,
486 struct icmp6hdr *icmp6h)
487{
488 struct flowi6 fl6;
489 struct dst_entry *dst;
490 struct net *net = dev_net(dev);
491 struct sock *sk = net->ipv6.ndisc_sk;
492 struct inet6_dev *idev;
493 int err;
494 u8 type;
495
496 type = icmp6h->icmp6_type;
497
498 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, dev->ifindex);
499 dst = icmp6_dst_alloc(dev, neigh, &fl6);
500 if (IS_ERR(dst)) {
501 kfree_skb(skb);
502 return;
503 }
504
505 skb_dst_set(skb, dst);
506
507 rcu_read_lock();
508 idev = __in6_dev_get(dst->dev);
509 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
510
511 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev,
512 dst_output);
513 if (!err) {
514 ICMP6MSGOUT_INC_STATS(net, idev, type);
515 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
516 }
517
518 rcu_read_unlock();
519}
520
521EXPORT_SYMBOL(ndisc_send_skb);
522
523/*
524 * Send a Neighbour Discover packet
525 */
526static void __ndisc_send(struct net_device *dev,
527 struct neighbour *neigh,
528 const struct in6_addr *daddr,
529 const struct in6_addr *saddr,
530 struct icmp6hdr *icmp6h, const struct in6_addr *target,
531 int llinfo)
532{
533 struct sk_buff *skb;
534
535 skb = ndisc_build_skb(dev, daddr, saddr, icmp6h, target, llinfo);
536 if (!skb)
537 return;
538
539 ndisc_send_skb(skb, dev, neigh, daddr, saddr, icmp6h);
540}
541
542static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
543 const struct in6_addr *daddr,
544 const struct in6_addr *solicited_addr,
545 int router, int solicited, int override, int inc_opt)
546{
547 struct in6_addr tmpaddr;
548 struct inet6_ifaddr *ifp;
549 const struct in6_addr *src_addr;
550 struct icmp6hdr icmp6h = {
551 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
552 };
553
554 /* for anycast or proxy, solicited_addr != src_addr */
555 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
556 if (ifp) {
557 src_addr = solicited_addr;
558 if (ifp->flags & IFA_F_OPTIMISTIC)
559 override = 0;
560 inc_opt |= ifp->idev->cnf.force_tllao;
561 in6_ifa_put(ifp);
562 } else {
563 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
564 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
565 &tmpaddr))
566 return;
567 src_addr = &tmpaddr;
568 }
569
570 icmp6h.icmp6_router = router;
571 icmp6h.icmp6_solicited = solicited;
572 icmp6h.icmp6_override = override;
573
574 __ndisc_send(dev, neigh, daddr, src_addr,
575 &icmp6h, solicited_addr,
576 inc_opt ? ND_OPT_TARGET_LL_ADDR : 0);
577}
578
579static void ndisc_send_unsol_na(struct net_device *dev)
580{
581 struct inet6_dev *idev;
582 struct inet6_ifaddr *ifa;
583 struct in6_addr mcaddr;
584
585 idev = in6_dev_get(dev);
586 if (!idev)
587 return;
588
589 read_lock_bh(&idev->lock);
590 list_for_each_entry(ifa, &idev->addr_list, if_list) {
591 addrconf_addr_solict_mult(&ifa->addr, &mcaddr);
592 ndisc_send_na(dev, NULL, &mcaddr, &ifa->addr,
593 /*router=*/ !!idev->cnf.forwarding,
594 /*solicited=*/ false, /*override=*/ true,
595 /*inc_opt=*/ true);
596 }
597 read_unlock_bh(&idev->lock);
598
599 in6_dev_put(idev);
600}
601
602void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh,
603 const struct in6_addr *solicit,
604 const struct in6_addr *daddr, const struct in6_addr *saddr)
605{
606 struct in6_addr addr_buf;
607 struct icmp6hdr icmp6h = {
608 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
609 };
610
611 if (saddr == NULL) {
612 if (ipv6_get_lladdr(dev, &addr_buf,
613 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
614 return;
615 saddr = &addr_buf;
616 }
617
618 __ndisc_send(dev, neigh, daddr, saddr,
619 &icmp6h, solicit,
620 !ipv6_addr_any(saddr) ? ND_OPT_SOURCE_LL_ADDR : 0);
621}
622
623void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
624 const struct in6_addr *daddr)
625{
626 struct icmp6hdr icmp6h = {
627 .icmp6_type = NDISC_ROUTER_SOLICITATION,
628 };
629 int send_sllao = dev->addr_len;
630
631#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
632 /*
633 * According to section 2.2 of RFC 4429, we must not
634 * send router solicitations with a sllao from
635 * optimistic addresses, but we may send the solicitation
636 * if we don't include the sllao. So here we check
637 * if our address is optimistic, and if so, we
638 * suppress the inclusion of the sllao.
639 */
640 if (send_sllao) {
641 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
642 dev, 1);
643 if (ifp) {
644 if (ifp->flags & IFA_F_OPTIMISTIC) {
645 send_sllao = 0;
646 }
647 in6_ifa_put(ifp);
648 } else {
649 send_sllao = 0;
650 }
651 }
652#endif
653 __ndisc_send(dev, NULL, daddr, saddr,
654 &icmp6h, NULL,
655 send_sllao ? ND_OPT_SOURCE_LL_ADDR : 0);
656}
657
658
659static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
660{
661 /*
662 * "The sender MUST return an ICMP
663 * destination unreachable"
664 */
665 dst_link_failure(skb);
666 kfree_skb(skb);
667}
668
669/* Called with locked neigh: either read or both */
670
671static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
672{
673 struct in6_addr *saddr = NULL;
674 struct in6_addr mcaddr;
675 struct net_device *dev = neigh->dev;
676 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
677 int probes = atomic_read(&neigh->probes);
678
679 if (skb && ipv6_chk_addr(dev_net(dev), &ipv6_hdr(skb)->saddr, dev, 1))
680 saddr = &ipv6_hdr(skb)->saddr;
681
682 if ((probes -= neigh->parms->ucast_probes) < 0) {
683 if (!(neigh->nud_state & NUD_VALID)) {
684 ND_PRINTK(1, dbg,
685 "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
686 __func__, target);
687 }
688 ndisc_send_ns(dev, neigh, target, target, saddr);
689 } else if ((probes -= neigh->parms->app_probes) < 0) {
690#ifdef CONFIG_ARPD
691 neigh_app_ns(neigh);
692#endif
693 } else {
694 addrconf_addr_solict_mult(target, &mcaddr);
695 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr);
696 }
697}
698
699static int pndisc_is_router(const void *pkey,
700 struct net_device *dev)
701{
702 struct pneigh_entry *n;
703 int ret = -1;
704
705 read_lock_bh(&nd_tbl.lock);
706 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
707 if (n)
708 ret = !!(n->flags & NTF_ROUTER);
709 read_unlock_bh(&nd_tbl.lock);
710
711 return ret;
712}
713
714static void ndisc_recv_ns(struct sk_buff *skb)
715{
716 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
717 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
718 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
719 u8 *lladdr = NULL;
720 u32 ndoptlen = skb->tail - (skb->transport_header +
721 offsetof(struct nd_msg, opt));
722 struct ndisc_options ndopts;
723 struct net_device *dev = skb->dev;
724 struct inet6_ifaddr *ifp;
725 struct inet6_dev *idev = NULL;
726 struct neighbour *neigh;
727 int dad = ipv6_addr_any(saddr);
728 bool inc;
729 int is_router = -1;
730
731 if (ipv6_addr_is_multicast(&msg->target)) {
732 ND_PRINTK(2, warn, "NS: multicast target address\n");
733 return;
734 }
735
736 /*
737 * RFC2461 7.1.1:
738 * DAD has to be destined for solicited node multicast address.
739 */
740 if (dad &&
741 !(daddr->s6_addr32[0] == htonl(0xff020000) &&
742 daddr->s6_addr32[1] == htonl(0x00000000) &&
743 daddr->s6_addr32[2] == htonl(0x00000001) &&
744 daddr->s6_addr [12] == 0xff )) {
745 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
746 return;
747 }
748
749 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
750 ND_PRINTK(2, warn, "NS: invalid ND options\n");
751 return;
752 }
753
754 if (ndopts.nd_opts_src_lladdr) {
755 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
756 if (!lladdr) {
757 ND_PRINTK(2, warn,
758 "NS: invalid link-layer address length\n");
759 return;
760 }
761
762 /* RFC2461 7.1.1:
763 * If the IP source address is the unspecified address,
764 * there MUST NOT be source link-layer address option
765 * in the message.
766 */
767 if (dad) {
768 ND_PRINTK(2, warn,
769 "NS: bad DAD packet (link-layer address option)\n");
770 return;
771 }
772 }
773
774 inc = ipv6_addr_is_multicast(daddr);
775
776 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
777 if (ifp) {
778
779 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
780 if (dad) {
781 /*
782 * We are colliding with another node
783 * who is doing DAD
784 * so fail our DAD process
785 */
786 addrconf_dad_failure(ifp);
787 return;
788 } else {
789 /*
790 * This is not a dad solicitation.
791 * If we are an optimistic node,
792 * we should respond.
793 * Otherwise, we should ignore it.
794 */
795 if (!(ifp->flags & IFA_F_OPTIMISTIC))
796 goto out;
797 }
798 }
799
800 idev = ifp->idev;
801 } else {
802 struct net *net = dev_net(dev);
803
804 idev = in6_dev_get(dev);
805 if (!idev) {
806 /* XXX: count this drop? */
807 return;
808 }
809
810 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
811 (idev->cnf.forwarding &&
812 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
813 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
814 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
815 skb->pkt_type != PACKET_HOST &&
816 inc != 0 &&
817 idev->nd_parms->proxy_delay != 0) {
818 /*
819 * for anycast or proxy,
820 * sender should delay its response
821 * by a random time between 0 and
822 * MAX_ANYCAST_DELAY_TIME seconds.
823 * (RFC2461) -- yoshfuji
824 */
825 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
826 if (n)
827 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
828 goto out;
829 }
830 } else
831 goto out;
832 }
833
834 if (is_router < 0)
835 is_router = !!idev->cnf.forwarding;
836
837 if (dad) {
838 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &msg->target,
839 is_router, 0, (ifp != NULL), 1);
840 goto out;
841 }
842
843 if (inc)
844 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
845 else
846 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
847
848 /*
849 * update / create cache entry
850 * for the source address
851 */
852 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
853 !inc || lladdr || !dev->addr_len);
854 if (neigh)
855 neigh_update(neigh, lladdr, NUD_STALE,
856 NEIGH_UPDATE_F_WEAK_OVERRIDE|
857 NEIGH_UPDATE_F_OVERRIDE);
858 if (neigh || !dev->header_ops) {
859 ndisc_send_na(dev, neigh, saddr, &msg->target,
860 is_router,
861 1, (ifp != NULL && inc), inc);
862 if (neigh)
863 neigh_release(neigh);
864 }
865
866out:
867 if (ifp)
868 in6_ifa_put(ifp);
869 else
870 in6_dev_put(idev);
871}
872
873static void ndisc_recv_na(struct sk_buff *skb)
874{
875 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
876 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
877 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
878 u8 *lladdr = NULL;
879 u32 ndoptlen = skb->tail - (skb->transport_header +
880 offsetof(struct nd_msg, opt));
881 struct ndisc_options ndopts;
882 struct net_device *dev = skb->dev;
883 struct inet6_ifaddr *ifp;
884 struct neighbour *neigh;
885
886 if (skb->len < sizeof(struct nd_msg)) {
887 ND_PRINTK(2, warn, "NA: packet too short\n");
888 return;
889 }
890
891 if (ipv6_addr_is_multicast(&msg->target)) {
892 ND_PRINTK(2, warn, "NA: target address is multicast\n");
893 return;
894 }
895
896 if (ipv6_addr_is_multicast(daddr) &&
897 msg->icmph.icmp6_solicited) {
898 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
899 return;
900 }
901
902 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
903 ND_PRINTK(2, warn, "NS: invalid ND option\n");
904 return;
905 }
906 if (ndopts.nd_opts_tgt_lladdr) {
907 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
908 if (!lladdr) {
909 ND_PRINTK(2, warn,
910 "NA: invalid link-layer address length\n");
911 return;
912 }
913 }
914 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
915 if (ifp) {
916 if (skb->pkt_type != PACKET_LOOPBACK
917 && (ifp->flags & IFA_F_TENTATIVE)) {
918 addrconf_dad_failure(ifp);
919 return;
920 }
921 /* What should we make now? The advertisement
922 is invalid, but ndisc specs say nothing
923 about it. It could be misconfiguration, or
924 an smart proxy agent tries to help us :-)
925
926 We should not print the error if NA has been
927 received from loopback - it is just our own
928 unsolicited advertisement.
929 */
930 if (skb->pkt_type != PACKET_LOOPBACK)
931 ND_PRINTK(1, warn,
932 "NA: someone advertises our address %pI6 on %s!\n",
933 &ifp->addr, ifp->idev->dev->name);
934 in6_ifa_put(ifp);
935 return;
936 }
937 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
938
939 if (neigh) {
940 u8 old_flags = neigh->flags;
941 struct net *net = dev_net(dev);
942
943 if (neigh->nud_state & NUD_FAILED)
944 goto out;
945
946 /*
947 * Don't update the neighbor cache entry on a proxy NA from
948 * ourselves because either the proxied node is off link or it
949 * has already sent a NA to us.
950 */
951 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
952 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
953 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
954 /* XXX: idev->cnf.prixy_ndp */
955 goto out;
956 }
957
958 neigh_update(neigh, lladdr,
959 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
960 NEIGH_UPDATE_F_WEAK_OVERRIDE|
961 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
962 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
963 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0));
964
965 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
966 /*
967 * Change: router to host
968 */
969 struct rt6_info *rt;
970 rt = rt6_get_dflt_router(saddr, dev);
971 if (rt)
972 ip6_del_rt(rt);
973 }
974
975out:
976 neigh_release(neigh);
977 }
978}
979
980static void ndisc_recv_rs(struct sk_buff *skb)
981{
982 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
983 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
984 struct neighbour *neigh;
985 struct inet6_dev *idev;
986 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
987 struct ndisc_options ndopts;
988 u8 *lladdr = NULL;
989
990 if (skb->len < sizeof(*rs_msg))
991 return;
992
993 idev = __in6_dev_get(skb->dev);
994 if (!idev) {
995 ND_PRINTK(1, err, "RS: can't find in6 device\n");
996 return;
997 }
998
999 /* Don't accept RS if we're not in router mode */
1000 if (!idev->cnf.forwarding)
1001 goto out;
1002
1003 /*
1004 * Don't update NCE if src = ::;
1005 * this implies that the source node has no ip address assigned yet.
1006 */
1007 if (ipv6_addr_any(saddr))
1008 goto out;
1009
1010 /* Parse ND options */
1011 if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) {
1012 ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n");
1013 goto out;
1014 }
1015
1016 if (ndopts.nd_opts_src_lladdr) {
1017 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1018 skb->dev);
1019 if (!lladdr)
1020 goto out;
1021 }
1022
1023 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1024 if (neigh) {
1025 neigh_update(neigh, lladdr, NUD_STALE,
1026 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1027 NEIGH_UPDATE_F_OVERRIDE|
1028 NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
1029 neigh_release(neigh);
1030 }
1031out:
1032 return;
1033}
1034
1035static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1036{
1037 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1038 struct sk_buff *skb;
1039 struct nlmsghdr *nlh;
1040 struct nduseroptmsg *ndmsg;
1041 struct net *net = dev_net(ra->dev);
1042 int err;
1043 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1044 + (opt->nd_opt_len << 3));
1045 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1046
1047 skb = nlmsg_new(msg_size, GFP_ATOMIC);
1048 if (skb == NULL) {
1049 err = -ENOBUFS;
1050 goto errout;
1051 }
1052
1053 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1054 if (nlh == NULL) {
1055 goto nla_put_failure;
1056 }
1057
1058 ndmsg = nlmsg_data(nlh);
1059 ndmsg->nduseropt_family = AF_INET6;
1060 ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1061 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1062 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1063 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1064
1065 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1066
1067 if (nla_put(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr),
1068 &ipv6_hdr(ra)->saddr))
1069 goto nla_put_failure;
1070 nlmsg_end(skb, nlh);
1071
1072 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1073 return;
1074
1075nla_put_failure:
1076 nlmsg_free(skb);
1077 err = -EMSGSIZE;
1078errout:
1079 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1080}
1081
1082static inline int accept_ra(struct inet6_dev *in6_dev)
1083{
1084 /*
1085 * If forwarding is enabled, RA are not accepted unless the special
1086 * hybrid mode (accept_ra=2) is enabled.
1087 */
1088 if (in6_dev->cnf.forwarding && in6_dev->cnf.accept_ra < 2)
1089 return 0;
1090
1091 return in6_dev->cnf.accept_ra;
1092}
1093
1094static void ndisc_router_discovery(struct sk_buff *skb)
1095{
1096 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1097 struct neighbour *neigh = NULL;
1098 struct inet6_dev *in6_dev;
1099 struct rt6_info *rt = NULL;
1100 int lifetime;
1101 struct ndisc_options ndopts;
1102 int optlen;
1103 unsigned int pref = 0;
1104
1105 __u8 * opt = (__u8 *)(ra_msg + 1);
1106
1107 optlen = (skb->tail - skb->transport_header) - sizeof(struct ra_msg);
1108
1109 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1110 ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1111 return;
1112 }
1113 if (optlen < 0) {
1114 ND_PRINTK(2, warn, "RA: packet too short\n");
1115 return;
1116 }
1117
1118#ifdef CONFIG_IPV6_NDISC_NODETYPE
1119 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1120 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
1121 return;
1122 }
1123#endif
1124
1125 /*
1126 * set the RA_RECV flag in the interface
1127 */
1128
1129 in6_dev = __in6_dev_get(skb->dev);
1130 if (in6_dev == NULL) {
1131 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1132 skb->dev->name);
1133 return;
1134 }
1135
1136 if (!ndisc_parse_options(opt, optlen, &ndopts)) {
1137 ND_PRINTK(2, warn, "RA: invalid ND options\n");
1138 return;
1139 }
1140
1141 if (!accept_ra(in6_dev))
1142 goto skip_linkparms;
1143
1144#ifdef CONFIG_IPV6_NDISC_NODETYPE
1145 /* skip link-specific parameters from interior routers */
1146 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1147 goto skip_linkparms;
1148#endif
1149
1150 if (in6_dev->if_flags & IF_RS_SENT) {
1151 /*
1152 * flag that an RA was received after an RS was sent
1153 * out on this interface.
1154 */
1155 in6_dev->if_flags |= IF_RA_RCVD;
1156 }
1157
1158 /*
1159 * Remember the managed/otherconf flags from most recently
1160 * received RA message (RFC 2462) -- yoshfuji
1161 */
1162 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1163 IF_RA_OTHERCONF)) |
1164 (ra_msg->icmph.icmp6_addrconf_managed ?
1165 IF_RA_MANAGED : 0) |
1166 (ra_msg->icmph.icmp6_addrconf_other ?
1167 IF_RA_OTHERCONF : 0);
1168
1169 if (!in6_dev->cnf.accept_ra_defrtr)
1170 goto skip_defrtr;
1171
1172 if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0))
1173 goto skip_defrtr;
1174
1175 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1176
1177#ifdef CONFIG_IPV6_ROUTER_PREF
1178 pref = ra_msg->icmph.icmp6_router_pref;
1179 /* 10b is handled as if it were 00b (medium) */
1180 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1181 !in6_dev->cnf.accept_ra_rtr_pref)
1182 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1183#endif
1184
1185 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1186
1187 if (rt) {
1188 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1189 if (!neigh) {
1190 ND_PRINTK(0, err,
1191 "RA: %s got default router without neighbour\n",
1192 __func__);
1193 dst_release(&rt->dst);
1194 return;
1195 }
1196 }
1197 if (rt && lifetime == 0) {
1198 ip6_del_rt(rt);
1199 rt = NULL;
1200 }
1201
1202 if (rt == NULL && lifetime) {
1203 ND_PRINTK(3, dbg, "RA: adding default router\n");
1204
1205 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
1206 if (rt == NULL) {
1207 ND_PRINTK(0, err,
1208 "RA: %s failed to add default route\n",
1209 __func__);
1210 return;
1211 }
1212
1213 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1214 if (neigh == NULL) {
1215 ND_PRINTK(0, err,
1216 "RA: %s got default router without neighbour\n",
1217 __func__);
1218 dst_release(&rt->dst);
1219 return;
1220 }
1221 neigh->flags |= NTF_ROUTER;
1222 } else if (rt) {
1223 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1224 }
1225
1226 if (rt)
1227 rt6_set_expires(rt, jiffies + (HZ * lifetime));
1228 if (ra_msg->icmph.icmp6_hop_limit) {
1229 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1230 if (rt)
1231 dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
1232 ra_msg->icmph.icmp6_hop_limit);
1233 }
1234
1235skip_defrtr:
1236
1237 /*
1238 * Update Reachable Time and Retrans Timer
1239 */
1240
1241 if (in6_dev->nd_parms) {
1242 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1243
1244 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1245 rtime = (rtime*HZ)/1000;
1246 if (rtime < HZ/10)
1247 rtime = HZ/10;
1248 in6_dev->nd_parms->retrans_time = rtime;
1249 in6_dev->tstamp = jiffies;
1250 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1251 }
1252
1253 rtime = ntohl(ra_msg->reachable_time);
1254 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1255 rtime = (rtime*HZ)/1000;
1256
1257 if (rtime < HZ/10)
1258 rtime = HZ/10;
1259
1260 if (rtime != in6_dev->nd_parms->base_reachable_time) {
1261 in6_dev->nd_parms->base_reachable_time = rtime;
1262 in6_dev->nd_parms->gc_staletime = 3 * rtime;
1263 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1264 in6_dev->tstamp = jiffies;
1265 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1266 }
1267 }
1268 }
1269
1270skip_linkparms:
1271
1272 /*
1273 * Process options.
1274 */
1275
1276 if (!neigh)
1277 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1278 skb->dev, 1);
1279 if (neigh) {
1280 u8 *lladdr = NULL;
1281 if (ndopts.nd_opts_src_lladdr) {
1282 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1283 skb->dev);
1284 if (!lladdr) {
1285 ND_PRINTK(2, warn,
1286 "RA: invalid link-layer address length\n");
1287 goto out;
1288 }
1289 }
1290 neigh_update(neigh, lladdr, NUD_STALE,
1291 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1292 NEIGH_UPDATE_F_OVERRIDE|
1293 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1294 NEIGH_UPDATE_F_ISROUTER);
1295 }
1296
1297 if (!accept_ra(in6_dev))
1298 goto out;
1299
1300#ifdef CONFIG_IPV6_ROUTE_INFO
1301 if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0))
1302 goto skip_routeinfo;
1303
1304 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1305 struct nd_opt_hdr *p;
1306 for (p = ndopts.nd_opts_ri;
1307 p;
1308 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1309 struct route_info *ri = (struct route_info *)p;
1310#ifdef CONFIG_IPV6_NDISC_NODETYPE
1311 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1312 ri->prefix_len == 0)
1313 continue;
1314#endif
1315 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1316 continue;
1317 rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3,
1318 &ipv6_hdr(skb)->saddr);
1319 }
1320 }
1321
1322skip_routeinfo:
1323#endif
1324
1325#ifdef CONFIG_IPV6_NDISC_NODETYPE
1326 /* skip link-specific ndopts from interior routers */
1327 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1328 goto out;
1329#endif
1330
1331 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1332 struct nd_opt_hdr *p;
1333 for (p = ndopts.nd_opts_pi;
1334 p;
1335 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1336 addrconf_prefix_rcv(skb->dev, (u8 *)p,
1337 (p->nd_opt_len) << 3,
1338 ndopts.nd_opts_src_lladdr != NULL);
1339 }
1340 }
1341
1342 if (ndopts.nd_opts_mtu) {
1343 __be32 n;
1344 u32 mtu;
1345
1346 memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1347 mtu = ntohl(n);
1348
1349 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1350 ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1351 } else if (in6_dev->cnf.mtu6 != mtu) {
1352 in6_dev->cnf.mtu6 = mtu;
1353
1354 if (rt)
1355 dst_metric_set(&rt->dst, RTAX_MTU, mtu);
1356
1357 rt6_mtu_change(skb->dev, mtu);
1358 }
1359 }
1360
1361 if (ndopts.nd_useropts) {
1362 struct nd_opt_hdr *p;
1363 for (p = ndopts.nd_useropts;
1364 p;
1365 p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) {
1366 ndisc_ra_useropt(skb, p);
1367 }
1368 }
1369
1370 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1371 ND_PRINTK(2, warn, "RA: invalid RA options\n");
1372 }
1373out:
1374 if (rt)
1375 dst_release(&rt->dst);
1376 if (neigh)
1377 neigh_release(neigh);
1378}
1379
1380static void ndisc_redirect_rcv(struct sk_buff *skb)
1381{
1382 struct inet6_dev *in6_dev;
1383 struct icmp6hdr *icmph;
1384 const struct in6_addr *dest;
1385 const struct in6_addr *target; /* new first hop to destination */
1386 struct neighbour *neigh;
1387 int on_link = 0;
1388 struct ndisc_options ndopts;
1389 int optlen;
1390 u8 *lladdr = NULL;
1391
1392#ifdef CONFIG_IPV6_NDISC_NODETYPE
1393 switch (skb->ndisc_nodetype) {
1394 case NDISC_NODETYPE_HOST:
1395 case NDISC_NODETYPE_NODEFAULT:
1396 ND_PRINTK(2, warn,
1397 "Redirect: from host or unauthorized router\n");
1398 return;
1399 }
1400#endif
1401
1402 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1403 ND_PRINTK(2, warn,
1404 "Redirect: source address is not link-local\n");
1405 return;
1406 }
1407
1408 optlen = skb->tail - skb->transport_header;
1409 optlen -= sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1410
1411 if (optlen < 0) {
1412 ND_PRINTK(2, warn, "Redirect: packet too short\n");
1413 return;
1414 }
1415
1416 icmph = icmp6_hdr(skb);
1417 target = (const struct in6_addr *) (icmph + 1);
1418 dest = target + 1;
1419
1420 if (ipv6_addr_is_multicast(dest)) {
1421 ND_PRINTK(2, warn,
1422 "Redirect: destination address is multicast\n");
1423 return;
1424 }
1425
1426 if (ipv6_addr_equal(dest, target)) {
1427 on_link = 1;
1428 } else if (ipv6_addr_type(target) !=
1429 (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1430 ND_PRINTK(2, warn,
1431 "Redirect: target address is not link-local unicast\n");
1432 return;
1433 }
1434
1435 in6_dev = __in6_dev_get(skb->dev);
1436 if (!in6_dev)
1437 return;
1438 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects)
1439 return;
1440
1441 /* RFC2461 8.1:
1442 * The IP source address of the Redirect MUST be the same as the current
1443 * first-hop router for the specified ICMP Destination Address.
1444 */
1445
1446 if (!ndisc_parse_options((u8*)(dest + 1), optlen, &ndopts)) {
1447 ND_PRINTK(2, warn, "Redirect: invalid ND options\n");
1448 return;
1449 }
1450 if (ndopts.nd_opts_tgt_lladdr) {
1451 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr,
1452 skb->dev);
1453 if (!lladdr) {
1454 ND_PRINTK(2, warn,
1455 "Redirect: invalid link-layer address length\n");
1456 return;
1457 }
1458 }
1459
1460 neigh = __neigh_lookup(&nd_tbl, target, skb->dev, 1);
1461 if (neigh) {
1462 rt6_redirect(dest, &ipv6_hdr(skb)->daddr,
1463 &ipv6_hdr(skb)->saddr, neigh, lladdr,
1464 on_link);
1465 neigh_release(neigh);
1466 }
1467}
1468
1469void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1470{
1471 struct net_device *dev = skb->dev;
1472 struct net *net = dev_net(dev);
1473 struct sock *sk = net->ipv6.ndisc_sk;
1474 int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1475 struct sk_buff *buff;
1476 struct icmp6hdr *icmph;
1477 struct in6_addr saddr_buf;
1478 struct in6_addr *addrp;
1479 struct rt6_info *rt;
1480 struct dst_entry *dst;
1481 struct inet6_dev *idev;
1482 struct flowi6 fl6;
1483 u8 *opt;
1484 int hlen, tlen;
1485 int rd_len;
1486 int err;
1487 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL;
1488
1489 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1490 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1491 dev->name);
1492 return;
1493 }
1494
1495 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1496 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1497 ND_PRINTK(2, warn,
1498 "Redirect: target address is not link-local unicast\n");
1499 return;
1500 }
1501
1502 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1503 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1504
1505 dst = ip6_route_output(net, NULL, &fl6);
1506 if (dst->error) {
1507 dst_release(dst);
1508 return;
1509 }
1510 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1511 if (IS_ERR(dst))
1512 return;
1513
1514 rt = (struct rt6_info *) dst;
1515
1516 if (rt->rt6i_flags & RTF_GATEWAY) {
1517 ND_PRINTK(2, warn,
1518 "Redirect: destination is not a neighbour\n");
1519 goto release;
1520 }
1521 if (!rt->rt6i_peer)
1522 rt6_bind_peer(rt, 1);
1523 if (!inet_peer_xrlim_allow(rt->rt6i_peer, 1*HZ))
1524 goto release;
1525
1526 if (dev->addr_len) {
1527 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1528 if (!neigh) {
1529 ND_PRINTK(2, warn,
1530 "Redirect: no neigh for target address\n");
1531 goto release;
1532 }
1533
1534 read_lock_bh(&neigh->lock);
1535 if (neigh->nud_state & NUD_VALID) {
1536 memcpy(ha_buf, neigh->ha, dev->addr_len);
1537 read_unlock_bh(&neigh->lock);
1538 ha = ha_buf;
1539 len += ndisc_opt_addr_space(dev);
1540 } else
1541 read_unlock_bh(&neigh->lock);
1542
1543 neigh_release(neigh);
1544 }
1545
1546 rd_len = min_t(unsigned int,
1547 IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8);
1548 rd_len &= ~0x7;
1549 len += rd_len;
1550
1551 hlen = LL_RESERVED_SPACE(dev);
1552 tlen = dev->needed_tailroom;
1553 buff = sock_alloc_send_skb(sk,
1554 (MAX_HEADER + sizeof(struct ipv6hdr) +
1555 len + hlen + tlen),
1556 1, &err);
1557 if (buff == NULL) {
1558 ND_PRINTK(0, err,
1559 "Redirect: %s failed to allocate an skb, err=%d\n",
1560 __func__, err);
1561 goto release;
1562 }
1563
1564 skb_reserve(buff, hlen);
1565 ip6_nd_hdr(sk, buff, dev, &saddr_buf, &ipv6_hdr(skb)->saddr,
1566 IPPROTO_ICMPV6, len);
1567
1568 skb_set_transport_header(buff, skb_tail_pointer(buff) - buff->data);
1569 skb_put(buff, len);
1570 icmph = icmp6_hdr(buff);
1571
1572 memset(icmph, 0, sizeof(struct icmp6hdr));
1573 icmph->icmp6_type = NDISC_REDIRECT;
1574
1575 /*
1576 * copy target and destination addresses
1577 */
1578
1579 addrp = (struct in6_addr *)(icmph + 1);
1580 *addrp = *target;
1581 addrp++;
1582 *addrp = ipv6_hdr(skb)->daddr;
1583
1584 opt = (u8*) (addrp + 1);
1585
1586 /*
1587 * include target_address option
1588 */
1589
1590 if (ha)
1591 opt = ndisc_fill_addr_option(opt, ND_OPT_TARGET_LL_ADDR, ha,
1592 dev->addr_len, dev->type);
1593
1594 /*
1595 * build redirect option and copy skb over to the new packet.
1596 */
1597
1598 memset(opt, 0, 8);
1599 *(opt++) = ND_OPT_REDIRECT_HDR;
1600 *(opt++) = (rd_len >> 3);
1601 opt += 6;
1602
1603 memcpy(opt, ipv6_hdr(skb), rd_len - 8);
1604
1605 icmph->icmp6_cksum = csum_ipv6_magic(&saddr_buf, &ipv6_hdr(skb)->saddr,
1606 len, IPPROTO_ICMPV6,
1607 csum_partial(icmph, len, 0));
1608
1609 skb_dst_set(buff, dst);
1610 rcu_read_lock();
1611 idev = __in6_dev_get(dst->dev);
1612 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
1613 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, buff, NULL, dst->dev,
1614 dst_output);
1615 if (!err) {
1616 ICMP6MSGOUT_INC_STATS(net, idev, NDISC_REDIRECT);
1617 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
1618 }
1619
1620 rcu_read_unlock();
1621 return;
1622
1623release:
1624 dst_release(dst);
1625}
1626
1627static void pndisc_redo(struct sk_buff *skb)
1628{
1629 ndisc_recv_ns(skb);
1630 kfree_skb(skb);
1631}
1632
1633int ndisc_rcv(struct sk_buff *skb)
1634{
1635 struct nd_msg *msg;
1636
1637 if (!pskb_may_pull(skb, skb->len))
1638 return 0;
1639
1640 msg = (struct nd_msg *)skb_transport_header(skb);
1641
1642 __skb_push(skb, skb->data - skb_transport_header(skb));
1643
1644 if (ipv6_hdr(skb)->hop_limit != 255) {
1645 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1646 ipv6_hdr(skb)->hop_limit);
1647 return 0;
1648 }
1649
1650 if (msg->icmph.icmp6_code != 0) {
1651 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1652 msg->icmph.icmp6_code);
1653 return 0;
1654 }
1655
1656 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1657
1658 switch (msg->icmph.icmp6_type) {
1659 case NDISC_NEIGHBOUR_SOLICITATION:
1660 ndisc_recv_ns(skb);
1661 break;
1662
1663 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1664 ndisc_recv_na(skb);
1665 break;
1666
1667 case NDISC_ROUTER_SOLICITATION:
1668 ndisc_recv_rs(skb);
1669 break;
1670
1671 case NDISC_ROUTER_ADVERTISEMENT:
1672 ndisc_router_discovery(skb);
1673 break;
1674
1675 case NDISC_REDIRECT:
1676 ndisc_redirect_rcv(skb);
1677 break;
1678 }
1679
1680 return 0;
1681}
1682
1683static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1684{
1685 struct net_device *dev = ptr;
1686 struct net *net = dev_net(dev);
1687
1688 switch (event) {
1689 case NETDEV_CHANGEADDR:
1690 neigh_changeaddr(&nd_tbl, dev);
1691 fib6_run_gc(~0UL, net);
1692 break;
1693 case NETDEV_DOWN:
1694 neigh_ifdown(&nd_tbl, dev);
1695 fib6_run_gc(~0UL, net);
1696 break;
1697 case NETDEV_NOTIFY_PEERS:
1698 ndisc_send_unsol_na(dev);
1699 break;
1700 default:
1701 break;
1702 }
1703
1704 return NOTIFY_DONE;
1705}
1706
1707static struct notifier_block ndisc_netdev_notifier = {
1708 .notifier_call = ndisc_netdev_event,
1709};
1710
1711#ifdef CONFIG_SYSCTL
1712static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1713 const char *func, const char *dev_name)
1714{
1715 static char warncomm[TASK_COMM_LEN];
1716 static int warned;
1717 if (strcmp(warncomm, current->comm) && warned < 5) {
1718 strcpy(warncomm, current->comm);
1719 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1720 warncomm, func,
1721 dev_name, ctl->procname,
1722 dev_name, ctl->procname);
1723 warned++;
1724 }
1725}
1726
1727int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
1728{
1729 struct net_device *dev = ctl->extra1;
1730 struct inet6_dev *idev;
1731 int ret;
1732
1733 if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1734 (strcmp(ctl->procname, "base_reachable_time") == 0))
1735 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1736
1737 if (strcmp(ctl->procname, "retrans_time") == 0)
1738 ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
1739
1740 else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1741 ret = proc_dointvec_jiffies(ctl, write,
1742 buffer, lenp, ppos);
1743
1744 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1745 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1746 ret = proc_dointvec_ms_jiffies(ctl, write,
1747 buffer, lenp, ppos);
1748 else
1749 ret = -1;
1750
1751 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1752 if (ctl->data == &idev->nd_parms->base_reachable_time)
1753 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time);
1754 idev->tstamp = jiffies;
1755 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1756 in6_dev_put(idev);
1757 }
1758 return ret;
1759}
1760
1761
1762#endif
1763
1764static int __net_init ndisc_net_init(struct net *net)
1765{
1766 struct ipv6_pinfo *np;
1767 struct sock *sk;
1768 int err;
1769
1770 err = inet_ctl_sock_create(&sk, PF_INET6,
1771 SOCK_RAW, IPPROTO_ICMPV6, net);
1772 if (err < 0) {
1773 ND_PRINTK(0, err,
1774 "NDISC: Failed to initialize the control socket (err %d)\n",
1775 err);
1776 return err;
1777 }
1778
1779 net->ipv6.ndisc_sk = sk;
1780
1781 np = inet6_sk(sk);
1782 np->hop_limit = 255;
1783 /* Do not loopback ndisc messages */
1784 np->mc_loop = 0;
1785
1786 return 0;
1787}
1788
1789static void __net_exit ndisc_net_exit(struct net *net)
1790{
1791 inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1792}
1793
1794static struct pernet_operations ndisc_net_ops = {
1795 .init = ndisc_net_init,
1796 .exit = ndisc_net_exit,
1797};
1798
1799int __init ndisc_init(void)
1800{
1801 int err;
1802
1803 err = register_pernet_subsys(&ndisc_net_ops);
1804 if (err)
1805 return err;
1806 /*
1807 * Initialize the neighbour table
1808 */
1809 neigh_table_init(&nd_tbl);
1810
1811#ifdef CONFIG_SYSCTL
1812 err = neigh_sysctl_register(NULL, &nd_tbl.parms, "ipv6",
1813 &ndisc_ifinfo_sysctl_change);
1814 if (err)
1815 goto out_unregister_pernet;
1816#endif
1817 err = register_netdevice_notifier(&ndisc_netdev_notifier);
1818 if (err)
1819 goto out_unregister_sysctl;
1820out:
1821 return err;
1822
1823out_unregister_sysctl:
1824#ifdef CONFIG_SYSCTL
1825 neigh_sysctl_unregister(&nd_tbl.parms);
1826out_unregister_pernet:
1827#endif
1828 unregister_pernet_subsys(&ndisc_net_ops);
1829 goto out;
1830}
1831
1832void ndisc_cleanup(void)
1833{
1834 unregister_netdevice_notifier(&ndisc_netdev_notifier);
1835#ifdef CONFIG_SYSCTL
1836 neigh_sysctl_unregister(&nd_tbl.parms);
1837#endif
1838 neigh_table_clear(&nd_tbl);
1839 unregister_pernet_subsys(&ndisc_net_ops);
1840}