Loading...
1/*
2 * Neighbour Discovery for IPv6
3 * Linux INET6 implementation
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 * Mike Shaver <shaver@ingenia.com>
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version
12 * 2 of the License, or (at your option) any later version.
13 */
14
15/*
16 * Changes:
17 *
18 * Alexey I. Froloff : RFC6106 (DNSSL) support
19 * Pierre Ynard : export userland ND options
20 * through netlink (RDNSS support)
21 * Lars Fenneberg : fixed MTU setting on receipt
22 * of an RA.
23 * Janos Farkas : kmalloc failure checks
24 * Alexey Kuznetsov : state machine reworked
25 * and moved to net/core.
26 * Pekka Savola : RFC2461 validation
27 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly
28 */
29
30#define pr_fmt(fmt) "ICMPv6: " fmt
31
32#include <linux/module.h>
33#include <linux/errno.h>
34#include <linux/types.h>
35#include <linux/socket.h>
36#include <linux/sockios.h>
37#include <linux/sched.h>
38#include <linux/net.h>
39#include <linux/in6.h>
40#include <linux/route.h>
41#include <linux/init.h>
42#include <linux/rcupdate.h>
43#include <linux/slab.h>
44#ifdef CONFIG_SYSCTL
45#include <linux/sysctl.h>
46#endif
47
48#include <linux/if_addr.h>
49#include <linux/if_arp.h>
50#include <linux/ipv6.h>
51#include <linux/icmpv6.h>
52#include <linux/jhash.h>
53
54#include <net/sock.h>
55#include <net/snmp.h>
56
57#include <net/ipv6.h>
58#include <net/protocol.h>
59#include <net/ndisc.h>
60#include <net/ip6_route.h>
61#include <net/addrconf.h>
62#include <net/icmp.h>
63
64#include <net/netlink.h>
65#include <linux/rtnetlink.h>
66
67#include <net/flow.h>
68#include <net/ip6_checksum.h>
69#include <net/inet_common.h>
70#include <linux/proc_fs.h>
71
72#include <linux/netfilter.h>
73#include <linux/netfilter_ipv6.h>
74
75/* Set to 3 to get tracing... */
76#define ND_DEBUG 1
77
78#define ND_PRINTK(val, level, fmt, ...) \
79do { \
80 if (val <= ND_DEBUG) \
81 net_##level##_ratelimited(fmt, ##__VA_ARGS__); \
82} while (0)
83
84static u32 ndisc_hash(const void *pkey,
85 const struct net_device *dev,
86 __u32 *hash_rnd);
87static int ndisc_constructor(struct neighbour *neigh);
88static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
89static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
90static int pndisc_constructor(struct pneigh_entry *n);
91static void pndisc_destructor(struct pneigh_entry *n);
92static void pndisc_redo(struct sk_buff *skb);
93
94static const struct neigh_ops ndisc_generic_ops = {
95 .family = AF_INET6,
96 .solicit = ndisc_solicit,
97 .error_report = ndisc_error_report,
98 .output = neigh_resolve_output,
99 .connected_output = neigh_connected_output,
100};
101
102static const struct neigh_ops ndisc_hh_ops = {
103 .family = AF_INET6,
104 .solicit = ndisc_solicit,
105 .error_report = ndisc_error_report,
106 .output = neigh_resolve_output,
107 .connected_output = neigh_resolve_output,
108};
109
110
111static const struct neigh_ops ndisc_direct_ops = {
112 .family = AF_INET6,
113 .output = neigh_direct_output,
114 .connected_output = neigh_direct_output,
115};
116
117struct neigh_table nd_tbl = {
118 .family = AF_INET6,
119 .key_len = sizeof(struct in6_addr),
120 .hash = ndisc_hash,
121 .constructor = ndisc_constructor,
122 .pconstructor = pndisc_constructor,
123 .pdestructor = pndisc_destructor,
124 .proxy_redo = pndisc_redo,
125 .id = "ndisc_cache",
126 .parms = {
127 .tbl = &nd_tbl,
128 .base_reachable_time = ND_REACHABLE_TIME,
129 .retrans_time = ND_RETRANS_TIMER,
130 .gc_staletime = 60 * HZ,
131 .reachable_time = ND_REACHABLE_TIME,
132 .delay_probe_time = 5 * HZ,
133 .queue_len_bytes = 64*1024,
134 .ucast_probes = 3,
135 .mcast_probes = 3,
136 .anycast_delay = 1 * HZ,
137 .proxy_delay = (8 * HZ) / 10,
138 .proxy_qlen = 64,
139 },
140 .gc_interval = 30 * HZ,
141 .gc_thresh1 = 128,
142 .gc_thresh2 = 512,
143 .gc_thresh3 = 1024,
144};
145
146/* ND options */
147struct ndisc_options {
148 struct nd_opt_hdr *nd_opt_array[__ND_OPT_ARRAY_MAX];
149#ifdef CONFIG_IPV6_ROUTE_INFO
150 struct nd_opt_hdr *nd_opts_ri;
151 struct nd_opt_hdr *nd_opts_ri_end;
152#endif
153 struct nd_opt_hdr *nd_useropts;
154 struct nd_opt_hdr *nd_useropts_end;
155};
156
157#define nd_opts_src_lladdr nd_opt_array[ND_OPT_SOURCE_LL_ADDR]
158#define nd_opts_tgt_lladdr nd_opt_array[ND_OPT_TARGET_LL_ADDR]
159#define nd_opts_pi nd_opt_array[ND_OPT_PREFIX_INFO]
160#define nd_opts_pi_end nd_opt_array[__ND_OPT_PREFIX_INFO_END]
161#define nd_opts_rh nd_opt_array[ND_OPT_REDIRECT_HDR]
162#define nd_opts_mtu nd_opt_array[ND_OPT_MTU]
163
164#define NDISC_OPT_SPACE(len) (((len)+2+7)&~7)
165
166/*
167 * Return the padding between the option length and the start of the
168 * link addr. Currently only IP-over-InfiniBand needs this, although
169 * if RFC 3831 IPv6-over-Fibre Channel is ever implemented it may
170 * also need a pad of 2.
171 */
172static int ndisc_addr_option_pad(unsigned short type)
173{
174 switch (type) {
175 case ARPHRD_INFINIBAND: return 2;
176 default: return 0;
177 }
178}
179
180static inline int ndisc_opt_addr_space(struct net_device *dev)
181{
182 return NDISC_OPT_SPACE(dev->addr_len + ndisc_addr_option_pad(dev->type));
183}
184
185static u8 *ndisc_fill_addr_option(u8 *opt, int type, void *data, int data_len,
186 unsigned short addr_type)
187{
188 int space = NDISC_OPT_SPACE(data_len);
189 int pad = ndisc_addr_option_pad(addr_type);
190
191 opt[0] = type;
192 opt[1] = space>>3;
193
194 memset(opt + 2, 0, pad);
195 opt += pad;
196 space -= pad;
197
198 memcpy(opt+2, data, data_len);
199 data_len += 2;
200 opt += data_len;
201 if ((space -= data_len) > 0)
202 memset(opt, 0, space);
203 return opt + space;
204}
205
206static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
207 struct nd_opt_hdr *end)
208{
209 int type;
210 if (!cur || !end || cur >= end)
211 return NULL;
212 type = cur->nd_opt_type;
213 do {
214 cur = ((void *)cur) + (cur->nd_opt_len << 3);
215 } while(cur < end && cur->nd_opt_type != type);
216 return cur <= end && cur->nd_opt_type == type ? cur : NULL;
217}
218
219static inline int ndisc_is_useropt(struct nd_opt_hdr *opt)
220{
221 return opt->nd_opt_type == ND_OPT_RDNSS ||
222 opt->nd_opt_type == ND_OPT_DNSSL;
223}
224
225static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur,
226 struct nd_opt_hdr *end)
227{
228 if (!cur || !end || cur >= end)
229 return NULL;
230 do {
231 cur = ((void *)cur) + (cur->nd_opt_len << 3);
232 } while(cur < end && !ndisc_is_useropt(cur));
233 return cur <= end && ndisc_is_useropt(cur) ? cur : NULL;
234}
235
236static struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
237 struct ndisc_options *ndopts)
238{
239 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
240
241 if (!nd_opt || opt_len < 0 || !ndopts)
242 return NULL;
243 memset(ndopts, 0, sizeof(*ndopts));
244 while (opt_len) {
245 int l;
246 if (opt_len < sizeof(struct nd_opt_hdr))
247 return NULL;
248 l = nd_opt->nd_opt_len << 3;
249 if (opt_len < l || l == 0)
250 return NULL;
251 switch (nd_opt->nd_opt_type) {
252 case ND_OPT_SOURCE_LL_ADDR:
253 case ND_OPT_TARGET_LL_ADDR:
254 case ND_OPT_MTU:
255 case ND_OPT_REDIRECT_HDR:
256 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
257 ND_PRINTK(2, warn,
258 "%s: duplicated ND6 option found: type=%d\n",
259 __func__, nd_opt->nd_opt_type);
260 } else {
261 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
262 }
263 break;
264 case ND_OPT_PREFIX_INFO:
265 ndopts->nd_opts_pi_end = nd_opt;
266 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
267 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
268 break;
269#ifdef CONFIG_IPV6_ROUTE_INFO
270 case ND_OPT_ROUTE_INFO:
271 ndopts->nd_opts_ri_end = nd_opt;
272 if (!ndopts->nd_opts_ri)
273 ndopts->nd_opts_ri = nd_opt;
274 break;
275#endif
276 default:
277 if (ndisc_is_useropt(nd_opt)) {
278 ndopts->nd_useropts_end = nd_opt;
279 if (!ndopts->nd_useropts)
280 ndopts->nd_useropts = nd_opt;
281 } else {
282 /*
283 * Unknown options must be silently ignored,
284 * to accommodate future extension to the
285 * protocol.
286 */
287 ND_PRINTK(2, notice,
288 "%s: ignored unsupported option; type=%d, len=%d\n",
289 __func__,
290 nd_opt->nd_opt_type,
291 nd_opt->nd_opt_len);
292 }
293 }
294 opt_len -= l;
295 nd_opt = ((void *)nd_opt) + l;
296 }
297 return ndopts;
298}
299
300static inline u8 *ndisc_opt_addr_data(struct nd_opt_hdr *p,
301 struct net_device *dev)
302{
303 u8 *lladdr = (u8 *)(p + 1);
304 int lladdrlen = p->nd_opt_len << 3;
305 int prepad = ndisc_addr_option_pad(dev->type);
306 if (lladdrlen != NDISC_OPT_SPACE(dev->addr_len + prepad))
307 return NULL;
308 return lladdr + prepad;
309}
310
311int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
312{
313 switch (dev->type) {
314 case ARPHRD_ETHER:
315 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */
316 case ARPHRD_FDDI:
317 ipv6_eth_mc_map(addr, buf);
318 return 0;
319 case ARPHRD_ARCNET:
320 ipv6_arcnet_mc_map(addr, buf);
321 return 0;
322 case ARPHRD_INFINIBAND:
323 ipv6_ib_mc_map(addr, dev->broadcast, buf);
324 return 0;
325 case ARPHRD_IPGRE:
326 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
327 default:
328 if (dir) {
329 memcpy(buf, dev->broadcast, dev->addr_len);
330 return 0;
331 }
332 }
333 return -EINVAL;
334}
335
336EXPORT_SYMBOL(ndisc_mc_map);
337
338static u32 ndisc_hash(const void *pkey,
339 const struct net_device *dev,
340 __u32 *hash_rnd)
341{
342 return ndisc_hashfn(pkey, dev, hash_rnd);
343}
344
345static int ndisc_constructor(struct neighbour *neigh)
346{
347 struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key;
348 struct net_device *dev = neigh->dev;
349 struct inet6_dev *in6_dev;
350 struct neigh_parms *parms;
351 bool is_multicast = ipv6_addr_is_multicast(addr);
352
353 in6_dev = in6_dev_get(dev);
354 if (in6_dev == NULL) {
355 return -EINVAL;
356 }
357
358 parms = in6_dev->nd_parms;
359 __neigh_parms_put(neigh->parms);
360 neigh->parms = neigh_parms_clone(parms);
361
362 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
363 if (!dev->header_ops) {
364 neigh->nud_state = NUD_NOARP;
365 neigh->ops = &ndisc_direct_ops;
366 neigh->output = neigh_direct_output;
367 } else {
368 if (is_multicast) {
369 neigh->nud_state = NUD_NOARP;
370 ndisc_mc_map(addr, neigh->ha, dev, 1);
371 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
372 neigh->nud_state = NUD_NOARP;
373 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
374 if (dev->flags&IFF_LOOPBACK)
375 neigh->type = RTN_LOCAL;
376 } else if (dev->flags&IFF_POINTOPOINT) {
377 neigh->nud_state = NUD_NOARP;
378 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
379 }
380 if (dev->header_ops->cache)
381 neigh->ops = &ndisc_hh_ops;
382 else
383 neigh->ops = &ndisc_generic_ops;
384 if (neigh->nud_state&NUD_VALID)
385 neigh->output = neigh->ops->connected_output;
386 else
387 neigh->output = neigh->ops->output;
388 }
389 in6_dev_put(in6_dev);
390 return 0;
391}
392
393static int pndisc_constructor(struct pneigh_entry *n)
394{
395 struct in6_addr *addr = (struct in6_addr*)&n->key;
396 struct in6_addr maddr;
397 struct net_device *dev = n->dev;
398
399 if (dev == NULL || __in6_dev_get(dev) == NULL)
400 return -EINVAL;
401 addrconf_addr_solict_mult(addr, &maddr);
402 ipv6_dev_mc_inc(dev, &maddr);
403 return 0;
404}
405
406static void pndisc_destructor(struct pneigh_entry *n)
407{
408 struct in6_addr *addr = (struct in6_addr*)&n->key;
409 struct in6_addr maddr;
410 struct net_device *dev = n->dev;
411
412 if (dev == NULL || __in6_dev_get(dev) == NULL)
413 return;
414 addrconf_addr_solict_mult(addr, &maddr);
415 ipv6_dev_mc_dec(dev, &maddr);
416}
417
418struct sk_buff *ndisc_build_skb(struct net_device *dev,
419 const struct in6_addr *daddr,
420 const struct in6_addr *saddr,
421 struct icmp6hdr *icmp6h,
422 const struct in6_addr *target,
423 int llinfo)
424{
425 struct net *net = dev_net(dev);
426 struct sock *sk = net->ipv6.ndisc_sk;
427 struct sk_buff *skb;
428 struct icmp6hdr *hdr;
429 int hlen = LL_RESERVED_SPACE(dev);
430 int tlen = dev->needed_tailroom;
431 int len;
432 int err;
433 u8 *opt;
434
435 if (!dev->addr_len)
436 llinfo = 0;
437
438 len = sizeof(struct icmp6hdr) + (target ? sizeof(*target) : 0);
439 if (llinfo)
440 len += ndisc_opt_addr_space(dev);
441
442 skb = sock_alloc_send_skb(sk,
443 (MAX_HEADER + sizeof(struct ipv6hdr) +
444 len + hlen + tlen),
445 1, &err);
446 if (!skb) {
447 ND_PRINTK(0, err, "ND: %s failed to allocate an skb, err=%d\n",
448 __func__, err);
449 return NULL;
450 }
451
452 skb_reserve(skb, hlen);
453 ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len);
454
455 skb->transport_header = skb->tail;
456 skb_put(skb, len);
457
458 hdr = (struct icmp6hdr *)skb_transport_header(skb);
459 memcpy(hdr, icmp6h, sizeof(*hdr));
460
461 opt = skb_transport_header(skb) + sizeof(struct icmp6hdr);
462 if (target) {
463 *(struct in6_addr *)opt = *target;
464 opt += sizeof(*target);
465 }
466
467 if (llinfo)
468 ndisc_fill_addr_option(opt, llinfo, dev->dev_addr,
469 dev->addr_len, dev->type);
470
471 hdr->icmp6_cksum = csum_ipv6_magic(saddr, daddr, len,
472 IPPROTO_ICMPV6,
473 csum_partial(hdr,
474 len, 0));
475
476 return skb;
477}
478
479EXPORT_SYMBOL(ndisc_build_skb);
480
481void ndisc_send_skb(struct sk_buff *skb,
482 struct net_device *dev,
483 struct neighbour *neigh,
484 const struct in6_addr *daddr,
485 const struct in6_addr *saddr,
486 struct icmp6hdr *icmp6h)
487{
488 struct flowi6 fl6;
489 struct dst_entry *dst;
490 struct net *net = dev_net(dev);
491 struct sock *sk = net->ipv6.ndisc_sk;
492 struct inet6_dev *idev;
493 int err;
494 u8 type;
495
496 type = icmp6h->icmp6_type;
497
498 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, dev->ifindex);
499 dst = icmp6_dst_alloc(dev, neigh, &fl6);
500 if (IS_ERR(dst)) {
501 kfree_skb(skb);
502 return;
503 }
504
505 skb_dst_set(skb, dst);
506
507 rcu_read_lock();
508 idev = __in6_dev_get(dst->dev);
509 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
510
511 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev,
512 dst_output);
513 if (!err) {
514 ICMP6MSGOUT_INC_STATS(net, idev, type);
515 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
516 }
517
518 rcu_read_unlock();
519}
520
521EXPORT_SYMBOL(ndisc_send_skb);
522
523/*
524 * Send a Neighbour Discover packet
525 */
526static void __ndisc_send(struct net_device *dev,
527 struct neighbour *neigh,
528 const struct in6_addr *daddr,
529 const struct in6_addr *saddr,
530 struct icmp6hdr *icmp6h, const struct in6_addr *target,
531 int llinfo)
532{
533 struct sk_buff *skb;
534
535 skb = ndisc_build_skb(dev, daddr, saddr, icmp6h, target, llinfo);
536 if (!skb)
537 return;
538
539 ndisc_send_skb(skb, dev, neigh, daddr, saddr, icmp6h);
540}
541
542static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
543 const struct in6_addr *daddr,
544 const struct in6_addr *solicited_addr,
545 int router, int solicited, int override, int inc_opt)
546{
547 struct in6_addr tmpaddr;
548 struct inet6_ifaddr *ifp;
549 const struct in6_addr *src_addr;
550 struct icmp6hdr icmp6h = {
551 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
552 };
553
554 /* for anycast or proxy, solicited_addr != src_addr */
555 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
556 if (ifp) {
557 src_addr = solicited_addr;
558 if (ifp->flags & IFA_F_OPTIMISTIC)
559 override = 0;
560 inc_opt |= ifp->idev->cnf.force_tllao;
561 in6_ifa_put(ifp);
562 } else {
563 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
564 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
565 &tmpaddr))
566 return;
567 src_addr = &tmpaddr;
568 }
569
570 icmp6h.icmp6_router = router;
571 icmp6h.icmp6_solicited = solicited;
572 icmp6h.icmp6_override = override;
573
574 __ndisc_send(dev, neigh, daddr, src_addr,
575 &icmp6h, solicited_addr,
576 inc_opt ? ND_OPT_TARGET_LL_ADDR : 0);
577}
578
579static void ndisc_send_unsol_na(struct net_device *dev)
580{
581 struct inet6_dev *idev;
582 struct inet6_ifaddr *ifa;
583 struct in6_addr mcaddr;
584
585 idev = in6_dev_get(dev);
586 if (!idev)
587 return;
588
589 read_lock_bh(&idev->lock);
590 list_for_each_entry(ifa, &idev->addr_list, if_list) {
591 addrconf_addr_solict_mult(&ifa->addr, &mcaddr);
592 ndisc_send_na(dev, NULL, &mcaddr, &ifa->addr,
593 /*router=*/ !!idev->cnf.forwarding,
594 /*solicited=*/ false, /*override=*/ true,
595 /*inc_opt=*/ true);
596 }
597 read_unlock_bh(&idev->lock);
598
599 in6_dev_put(idev);
600}
601
602void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh,
603 const struct in6_addr *solicit,
604 const struct in6_addr *daddr, const struct in6_addr *saddr)
605{
606 struct in6_addr addr_buf;
607 struct icmp6hdr icmp6h = {
608 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
609 };
610
611 if (saddr == NULL) {
612 if (ipv6_get_lladdr(dev, &addr_buf,
613 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
614 return;
615 saddr = &addr_buf;
616 }
617
618 __ndisc_send(dev, neigh, daddr, saddr,
619 &icmp6h, solicit,
620 !ipv6_addr_any(saddr) ? ND_OPT_SOURCE_LL_ADDR : 0);
621}
622
623void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
624 const struct in6_addr *daddr)
625{
626 struct icmp6hdr icmp6h = {
627 .icmp6_type = NDISC_ROUTER_SOLICITATION,
628 };
629 int send_sllao = dev->addr_len;
630
631#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
632 /*
633 * According to section 2.2 of RFC 4429, we must not
634 * send router solicitations with a sllao from
635 * optimistic addresses, but we may send the solicitation
636 * if we don't include the sllao. So here we check
637 * if our address is optimistic, and if so, we
638 * suppress the inclusion of the sllao.
639 */
640 if (send_sllao) {
641 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
642 dev, 1);
643 if (ifp) {
644 if (ifp->flags & IFA_F_OPTIMISTIC) {
645 send_sllao = 0;
646 }
647 in6_ifa_put(ifp);
648 } else {
649 send_sllao = 0;
650 }
651 }
652#endif
653 __ndisc_send(dev, NULL, daddr, saddr,
654 &icmp6h, NULL,
655 send_sllao ? ND_OPT_SOURCE_LL_ADDR : 0);
656}
657
658
659static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
660{
661 /*
662 * "The sender MUST return an ICMP
663 * destination unreachable"
664 */
665 dst_link_failure(skb);
666 kfree_skb(skb);
667}
668
669/* Called with locked neigh: either read or both */
670
671static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
672{
673 struct in6_addr *saddr = NULL;
674 struct in6_addr mcaddr;
675 struct net_device *dev = neigh->dev;
676 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
677 int probes = atomic_read(&neigh->probes);
678
679 if (skb && ipv6_chk_addr(dev_net(dev), &ipv6_hdr(skb)->saddr, dev, 1))
680 saddr = &ipv6_hdr(skb)->saddr;
681
682 if ((probes -= neigh->parms->ucast_probes) < 0) {
683 if (!(neigh->nud_state & NUD_VALID)) {
684 ND_PRINTK(1, dbg,
685 "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
686 __func__, target);
687 }
688 ndisc_send_ns(dev, neigh, target, target, saddr);
689 } else if ((probes -= neigh->parms->app_probes) < 0) {
690#ifdef CONFIG_ARPD
691 neigh_app_ns(neigh);
692#endif
693 } else {
694 addrconf_addr_solict_mult(target, &mcaddr);
695 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr);
696 }
697}
698
699static int pndisc_is_router(const void *pkey,
700 struct net_device *dev)
701{
702 struct pneigh_entry *n;
703 int ret = -1;
704
705 read_lock_bh(&nd_tbl.lock);
706 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
707 if (n)
708 ret = !!(n->flags & NTF_ROUTER);
709 read_unlock_bh(&nd_tbl.lock);
710
711 return ret;
712}
713
714static void ndisc_recv_ns(struct sk_buff *skb)
715{
716 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
717 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
718 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
719 u8 *lladdr = NULL;
720 u32 ndoptlen = skb->tail - (skb->transport_header +
721 offsetof(struct nd_msg, opt));
722 struct ndisc_options ndopts;
723 struct net_device *dev = skb->dev;
724 struct inet6_ifaddr *ifp;
725 struct inet6_dev *idev = NULL;
726 struct neighbour *neigh;
727 int dad = ipv6_addr_any(saddr);
728 bool inc;
729 int is_router = -1;
730
731 if (ipv6_addr_is_multicast(&msg->target)) {
732 ND_PRINTK(2, warn, "NS: multicast target address\n");
733 return;
734 }
735
736 /*
737 * RFC2461 7.1.1:
738 * DAD has to be destined for solicited node multicast address.
739 */
740 if (dad &&
741 !(daddr->s6_addr32[0] == htonl(0xff020000) &&
742 daddr->s6_addr32[1] == htonl(0x00000000) &&
743 daddr->s6_addr32[2] == htonl(0x00000001) &&
744 daddr->s6_addr [12] == 0xff )) {
745 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
746 return;
747 }
748
749 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
750 ND_PRINTK(2, warn, "NS: invalid ND options\n");
751 return;
752 }
753
754 if (ndopts.nd_opts_src_lladdr) {
755 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
756 if (!lladdr) {
757 ND_PRINTK(2, warn,
758 "NS: invalid link-layer address length\n");
759 return;
760 }
761
762 /* RFC2461 7.1.1:
763 * If the IP source address is the unspecified address,
764 * there MUST NOT be source link-layer address option
765 * in the message.
766 */
767 if (dad) {
768 ND_PRINTK(2, warn,
769 "NS: bad DAD packet (link-layer address option)\n");
770 return;
771 }
772 }
773
774 inc = ipv6_addr_is_multicast(daddr);
775
776 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
777 if (ifp) {
778
779 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
780 if (dad) {
781 /*
782 * We are colliding with another node
783 * who is doing DAD
784 * so fail our DAD process
785 */
786 addrconf_dad_failure(ifp);
787 return;
788 } else {
789 /*
790 * This is not a dad solicitation.
791 * If we are an optimistic node,
792 * we should respond.
793 * Otherwise, we should ignore it.
794 */
795 if (!(ifp->flags & IFA_F_OPTIMISTIC))
796 goto out;
797 }
798 }
799
800 idev = ifp->idev;
801 } else {
802 struct net *net = dev_net(dev);
803
804 idev = in6_dev_get(dev);
805 if (!idev) {
806 /* XXX: count this drop? */
807 return;
808 }
809
810 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
811 (idev->cnf.forwarding &&
812 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
813 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
814 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
815 skb->pkt_type != PACKET_HOST &&
816 inc != 0 &&
817 idev->nd_parms->proxy_delay != 0) {
818 /*
819 * for anycast or proxy,
820 * sender should delay its response
821 * by a random time between 0 and
822 * MAX_ANYCAST_DELAY_TIME seconds.
823 * (RFC2461) -- yoshfuji
824 */
825 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
826 if (n)
827 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
828 goto out;
829 }
830 } else
831 goto out;
832 }
833
834 if (is_router < 0)
835 is_router = !!idev->cnf.forwarding;
836
837 if (dad) {
838 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &msg->target,
839 is_router, 0, (ifp != NULL), 1);
840 goto out;
841 }
842
843 if (inc)
844 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
845 else
846 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
847
848 /*
849 * update / create cache entry
850 * for the source address
851 */
852 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
853 !inc || lladdr || !dev->addr_len);
854 if (neigh)
855 neigh_update(neigh, lladdr, NUD_STALE,
856 NEIGH_UPDATE_F_WEAK_OVERRIDE|
857 NEIGH_UPDATE_F_OVERRIDE);
858 if (neigh || !dev->header_ops) {
859 ndisc_send_na(dev, neigh, saddr, &msg->target,
860 is_router,
861 1, (ifp != NULL && inc), inc);
862 if (neigh)
863 neigh_release(neigh);
864 }
865
866out:
867 if (ifp)
868 in6_ifa_put(ifp);
869 else
870 in6_dev_put(idev);
871}
872
873static void ndisc_recv_na(struct sk_buff *skb)
874{
875 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
876 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
877 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
878 u8 *lladdr = NULL;
879 u32 ndoptlen = skb->tail - (skb->transport_header +
880 offsetof(struct nd_msg, opt));
881 struct ndisc_options ndopts;
882 struct net_device *dev = skb->dev;
883 struct inet6_ifaddr *ifp;
884 struct neighbour *neigh;
885
886 if (skb->len < sizeof(struct nd_msg)) {
887 ND_PRINTK(2, warn, "NA: packet too short\n");
888 return;
889 }
890
891 if (ipv6_addr_is_multicast(&msg->target)) {
892 ND_PRINTK(2, warn, "NA: target address is multicast\n");
893 return;
894 }
895
896 if (ipv6_addr_is_multicast(daddr) &&
897 msg->icmph.icmp6_solicited) {
898 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
899 return;
900 }
901
902 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
903 ND_PRINTK(2, warn, "NS: invalid ND option\n");
904 return;
905 }
906 if (ndopts.nd_opts_tgt_lladdr) {
907 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
908 if (!lladdr) {
909 ND_PRINTK(2, warn,
910 "NA: invalid link-layer address length\n");
911 return;
912 }
913 }
914 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
915 if (ifp) {
916 if (skb->pkt_type != PACKET_LOOPBACK
917 && (ifp->flags & IFA_F_TENTATIVE)) {
918 addrconf_dad_failure(ifp);
919 return;
920 }
921 /* What should we make now? The advertisement
922 is invalid, but ndisc specs say nothing
923 about it. It could be misconfiguration, or
924 an smart proxy agent tries to help us :-)
925
926 We should not print the error if NA has been
927 received from loopback - it is just our own
928 unsolicited advertisement.
929 */
930 if (skb->pkt_type != PACKET_LOOPBACK)
931 ND_PRINTK(1, warn,
932 "NA: someone advertises our address %pI6 on %s!\n",
933 &ifp->addr, ifp->idev->dev->name);
934 in6_ifa_put(ifp);
935 return;
936 }
937 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
938
939 if (neigh) {
940 u8 old_flags = neigh->flags;
941 struct net *net = dev_net(dev);
942
943 if (neigh->nud_state & NUD_FAILED)
944 goto out;
945
946 /*
947 * Don't update the neighbor cache entry on a proxy NA from
948 * ourselves because either the proxied node is off link or it
949 * has already sent a NA to us.
950 */
951 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
952 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
953 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
954 /* XXX: idev->cnf.prixy_ndp */
955 goto out;
956 }
957
958 neigh_update(neigh, lladdr,
959 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
960 NEIGH_UPDATE_F_WEAK_OVERRIDE|
961 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
962 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
963 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0));
964
965 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
966 /*
967 * Change: router to host
968 */
969 struct rt6_info *rt;
970 rt = rt6_get_dflt_router(saddr, dev);
971 if (rt)
972 ip6_del_rt(rt);
973 }
974
975out:
976 neigh_release(neigh);
977 }
978}
979
980static void ndisc_recv_rs(struct sk_buff *skb)
981{
982 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
983 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
984 struct neighbour *neigh;
985 struct inet6_dev *idev;
986 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
987 struct ndisc_options ndopts;
988 u8 *lladdr = NULL;
989
990 if (skb->len < sizeof(*rs_msg))
991 return;
992
993 idev = __in6_dev_get(skb->dev);
994 if (!idev) {
995 ND_PRINTK(1, err, "RS: can't find in6 device\n");
996 return;
997 }
998
999 /* Don't accept RS if we're not in router mode */
1000 if (!idev->cnf.forwarding)
1001 goto out;
1002
1003 /*
1004 * Don't update NCE if src = ::;
1005 * this implies that the source node has no ip address assigned yet.
1006 */
1007 if (ipv6_addr_any(saddr))
1008 goto out;
1009
1010 /* Parse ND options */
1011 if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) {
1012 ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n");
1013 goto out;
1014 }
1015
1016 if (ndopts.nd_opts_src_lladdr) {
1017 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1018 skb->dev);
1019 if (!lladdr)
1020 goto out;
1021 }
1022
1023 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1024 if (neigh) {
1025 neigh_update(neigh, lladdr, NUD_STALE,
1026 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1027 NEIGH_UPDATE_F_OVERRIDE|
1028 NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
1029 neigh_release(neigh);
1030 }
1031out:
1032 return;
1033}
1034
1035static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1036{
1037 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1038 struct sk_buff *skb;
1039 struct nlmsghdr *nlh;
1040 struct nduseroptmsg *ndmsg;
1041 struct net *net = dev_net(ra->dev);
1042 int err;
1043 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1044 + (opt->nd_opt_len << 3));
1045 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1046
1047 skb = nlmsg_new(msg_size, GFP_ATOMIC);
1048 if (skb == NULL) {
1049 err = -ENOBUFS;
1050 goto errout;
1051 }
1052
1053 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1054 if (nlh == NULL) {
1055 goto nla_put_failure;
1056 }
1057
1058 ndmsg = nlmsg_data(nlh);
1059 ndmsg->nduseropt_family = AF_INET6;
1060 ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1061 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1062 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1063 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1064
1065 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1066
1067 if (nla_put(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr),
1068 &ipv6_hdr(ra)->saddr))
1069 goto nla_put_failure;
1070 nlmsg_end(skb, nlh);
1071
1072 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1073 return;
1074
1075nla_put_failure:
1076 nlmsg_free(skb);
1077 err = -EMSGSIZE;
1078errout:
1079 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1080}
1081
1082static inline int accept_ra(struct inet6_dev *in6_dev)
1083{
1084 /*
1085 * If forwarding is enabled, RA are not accepted unless the special
1086 * hybrid mode (accept_ra=2) is enabled.
1087 */
1088 if (in6_dev->cnf.forwarding && in6_dev->cnf.accept_ra < 2)
1089 return 0;
1090
1091 return in6_dev->cnf.accept_ra;
1092}
1093
1094static void ndisc_router_discovery(struct sk_buff *skb)
1095{
1096 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1097 struct neighbour *neigh = NULL;
1098 struct inet6_dev *in6_dev;
1099 struct rt6_info *rt = NULL;
1100 int lifetime;
1101 struct ndisc_options ndopts;
1102 int optlen;
1103 unsigned int pref = 0;
1104
1105 __u8 * opt = (__u8 *)(ra_msg + 1);
1106
1107 optlen = (skb->tail - skb->transport_header) - sizeof(struct ra_msg);
1108
1109 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1110 ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1111 return;
1112 }
1113 if (optlen < 0) {
1114 ND_PRINTK(2, warn, "RA: packet too short\n");
1115 return;
1116 }
1117
1118#ifdef CONFIG_IPV6_NDISC_NODETYPE
1119 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1120 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
1121 return;
1122 }
1123#endif
1124
1125 /*
1126 * set the RA_RECV flag in the interface
1127 */
1128
1129 in6_dev = __in6_dev_get(skb->dev);
1130 if (in6_dev == NULL) {
1131 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1132 skb->dev->name);
1133 return;
1134 }
1135
1136 if (!ndisc_parse_options(opt, optlen, &ndopts)) {
1137 ND_PRINTK(2, warn, "RA: invalid ND options\n");
1138 return;
1139 }
1140
1141 if (!accept_ra(in6_dev))
1142 goto skip_linkparms;
1143
1144#ifdef CONFIG_IPV6_NDISC_NODETYPE
1145 /* skip link-specific parameters from interior routers */
1146 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1147 goto skip_linkparms;
1148#endif
1149
1150 if (in6_dev->if_flags & IF_RS_SENT) {
1151 /*
1152 * flag that an RA was received after an RS was sent
1153 * out on this interface.
1154 */
1155 in6_dev->if_flags |= IF_RA_RCVD;
1156 }
1157
1158 /*
1159 * Remember the managed/otherconf flags from most recently
1160 * received RA message (RFC 2462) -- yoshfuji
1161 */
1162 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1163 IF_RA_OTHERCONF)) |
1164 (ra_msg->icmph.icmp6_addrconf_managed ?
1165 IF_RA_MANAGED : 0) |
1166 (ra_msg->icmph.icmp6_addrconf_other ?
1167 IF_RA_OTHERCONF : 0);
1168
1169 if (!in6_dev->cnf.accept_ra_defrtr)
1170 goto skip_defrtr;
1171
1172 if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0))
1173 goto skip_defrtr;
1174
1175 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1176
1177#ifdef CONFIG_IPV6_ROUTER_PREF
1178 pref = ra_msg->icmph.icmp6_router_pref;
1179 /* 10b is handled as if it were 00b (medium) */
1180 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1181 !in6_dev->cnf.accept_ra_rtr_pref)
1182 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1183#endif
1184
1185 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1186
1187 if (rt) {
1188 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1189 if (!neigh) {
1190 ND_PRINTK(0, err,
1191 "RA: %s got default router without neighbour\n",
1192 __func__);
1193 dst_release(&rt->dst);
1194 return;
1195 }
1196 }
1197 if (rt && lifetime == 0) {
1198 ip6_del_rt(rt);
1199 rt = NULL;
1200 }
1201
1202 if (rt == NULL && lifetime) {
1203 ND_PRINTK(3, dbg, "RA: adding default router\n");
1204
1205 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
1206 if (rt == NULL) {
1207 ND_PRINTK(0, err,
1208 "RA: %s failed to add default route\n",
1209 __func__);
1210 return;
1211 }
1212
1213 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1214 if (neigh == NULL) {
1215 ND_PRINTK(0, err,
1216 "RA: %s got default router without neighbour\n",
1217 __func__);
1218 dst_release(&rt->dst);
1219 return;
1220 }
1221 neigh->flags |= NTF_ROUTER;
1222 } else if (rt) {
1223 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1224 }
1225
1226 if (rt)
1227 rt6_set_expires(rt, jiffies + (HZ * lifetime));
1228 if (ra_msg->icmph.icmp6_hop_limit) {
1229 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1230 if (rt)
1231 dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
1232 ra_msg->icmph.icmp6_hop_limit);
1233 }
1234
1235skip_defrtr:
1236
1237 /*
1238 * Update Reachable Time and Retrans Timer
1239 */
1240
1241 if (in6_dev->nd_parms) {
1242 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1243
1244 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1245 rtime = (rtime*HZ)/1000;
1246 if (rtime < HZ/10)
1247 rtime = HZ/10;
1248 in6_dev->nd_parms->retrans_time = rtime;
1249 in6_dev->tstamp = jiffies;
1250 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1251 }
1252
1253 rtime = ntohl(ra_msg->reachable_time);
1254 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1255 rtime = (rtime*HZ)/1000;
1256
1257 if (rtime < HZ/10)
1258 rtime = HZ/10;
1259
1260 if (rtime != in6_dev->nd_parms->base_reachable_time) {
1261 in6_dev->nd_parms->base_reachable_time = rtime;
1262 in6_dev->nd_parms->gc_staletime = 3 * rtime;
1263 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1264 in6_dev->tstamp = jiffies;
1265 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1266 }
1267 }
1268 }
1269
1270skip_linkparms:
1271
1272 /*
1273 * Process options.
1274 */
1275
1276 if (!neigh)
1277 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1278 skb->dev, 1);
1279 if (neigh) {
1280 u8 *lladdr = NULL;
1281 if (ndopts.nd_opts_src_lladdr) {
1282 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1283 skb->dev);
1284 if (!lladdr) {
1285 ND_PRINTK(2, warn,
1286 "RA: invalid link-layer address length\n");
1287 goto out;
1288 }
1289 }
1290 neigh_update(neigh, lladdr, NUD_STALE,
1291 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1292 NEIGH_UPDATE_F_OVERRIDE|
1293 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1294 NEIGH_UPDATE_F_ISROUTER);
1295 }
1296
1297 if (!accept_ra(in6_dev))
1298 goto out;
1299
1300#ifdef CONFIG_IPV6_ROUTE_INFO
1301 if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0))
1302 goto skip_routeinfo;
1303
1304 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1305 struct nd_opt_hdr *p;
1306 for (p = ndopts.nd_opts_ri;
1307 p;
1308 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1309 struct route_info *ri = (struct route_info *)p;
1310#ifdef CONFIG_IPV6_NDISC_NODETYPE
1311 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1312 ri->prefix_len == 0)
1313 continue;
1314#endif
1315 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1316 continue;
1317 rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3,
1318 &ipv6_hdr(skb)->saddr);
1319 }
1320 }
1321
1322skip_routeinfo:
1323#endif
1324
1325#ifdef CONFIG_IPV6_NDISC_NODETYPE
1326 /* skip link-specific ndopts from interior routers */
1327 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1328 goto out;
1329#endif
1330
1331 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1332 struct nd_opt_hdr *p;
1333 for (p = ndopts.nd_opts_pi;
1334 p;
1335 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1336 addrconf_prefix_rcv(skb->dev, (u8 *)p,
1337 (p->nd_opt_len) << 3,
1338 ndopts.nd_opts_src_lladdr != NULL);
1339 }
1340 }
1341
1342 if (ndopts.nd_opts_mtu) {
1343 __be32 n;
1344 u32 mtu;
1345
1346 memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1347 mtu = ntohl(n);
1348
1349 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1350 ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1351 } else if (in6_dev->cnf.mtu6 != mtu) {
1352 in6_dev->cnf.mtu6 = mtu;
1353
1354 if (rt)
1355 dst_metric_set(&rt->dst, RTAX_MTU, mtu);
1356
1357 rt6_mtu_change(skb->dev, mtu);
1358 }
1359 }
1360
1361 if (ndopts.nd_useropts) {
1362 struct nd_opt_hdr *p;
1363 for (p = ndopts.nd_useropts;
1364 p;
1365 p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) {
1366 ndisc_ra_useropt(skb, p);
1367 }
1368 }
1369
1370 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1371 ND_PRINTK(2, warn, "RA: invalid RA options\n");
1372 }
1373out:
1374 if (rt)
1375 dst_release(&rt->dst);
1376 if (neigh)
1377 neigh_release(neigh);
1378}
1379
1380static void ndisc_redirect_rcv(struct sk_buff *skb)
1381{
1382 struct inet6_dev *in6_dev;
1383 struct icmp6hdr *icmph;
1384 const struct in6_addr *dest;
1385 const struct in6_addr *target; /* new first hop to destination */
1386 struct neighbour *neigh;
1387 int on_link = 0;
1388 struct ndisc_options ndopts;
1389 int optlen;
1390 u8 *lladdr = NULL;
1391
1392#ifdef CONFIG_IPV6_NDISC_NODETYPE
1393 switch (skb->ndisc_nodetype) {
1394 case NDISC_NODETYPE_HOST:
1395 case NDISC_NODETYPE_NODEFAULT:
1396 ND_PRINTK(2, warn,
1397 "Redirect: from host or unauthorized router\n");
1398 return;
1399 }
1400#endif
1401
1402 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1403 ND_PRINTK(2, warn,
1404 "Redirect: source address is not link-local\n");
1405 return;
1406 }
1407
1408 optlen = skb->tail - skb->transport_header;
1409 optlen -= sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1410
1411 if (optlen < 0) {
1412 ND_PRINTK(2, warn, "Redirect: packet too short\n");
1413 return;
1414 }
1415
1416 icmph = icmp6_hdr(skb);
1417 target = (const struct in6_addr *) (icmph + 1);
1418 dest = target + 1;
1419
1420 if (ipv6_addr_is_multicast(dest)) {
1421 ND_PRINTK(2, warn,
1422 "Redirect: destination address is multicast\n");
1423 return;
1424 }
1425
1426 if (ipv6_addr_equal(dest, target)) {
1427 on_link = 1;
1428 } else if (ipv6_addr_type(target) !=
1429 (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1430 ND_PRINTK(2, warn,
1431 "Redirect: target address is not link-local unicast\n");
1432 return;
1433 }
1434
1435 in6_dev = __in6_dev_get(skb->dev);
1436 if (!in6_dev)
1437 return;
1438 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects)
1439 return;
1440
1441 /* RFC2461 8.1:
1442 * The IP source address of the Redirect MUST be the same as the current
1443 * first-hop router for the specified ICMP Destination Address.
1444 */
1445
1446 if (!ndisc_parse_options((u8*)(dest + 1), optlen, &ndopts)) {
1447 ND_PRINTK(2, warn, "Redirect: invalid ND options\n");
1448 return;
1449 }
1450 if (ndopts.nd_opts_tgt_lladdr) {
1451 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr,
1452 skb->dev);
1453 if (!lladdr) {
1454 ND_PRINTK(2, warn,
1455 "Redirect: invalid link-layer address length\n");
1456 return;
1457 }
1458 }
1459
1460 neigh = __neigh_lookup(&nd_tbl, target, skb->dev, 1);
1461 if (neigh) {
1462 rt6_redirect(dest, &ipv6_hdr(skb)->daddr,
1463 &ipv6_hdr(skb)->saddr, neigh, lladdr,
1464 on_link);
1465 neigh_release(neigh);
1466 }
1467}
1468
1469void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1470{
1471 struct net_device *dev = skb->dev;
1472 struct net *net = dev_net(dev);
1473 struct sock *sk = net->ipv6.ndisc_sk;
1474 int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1475 struct sk_buff *buff;
1476 struct icmp6hdr *icmph;
1477 struct in6_addr saddr_buf;
1478 struct in6_addr *addrp;
1479 struct rt6_info *rt;
1480 struct dst_entry *dst;
1481 struct inet6_dev *idev;
1482 struct flowi6 fl6;
1483 u8 *opt;
1484 int hlen, tlen;
1485 int rd_len;
1486 int err;
1487 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL;
1488
1489 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1490 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1491 dev->name);
1492 return;
1493 }
1494
1495 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1496 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1497 ND_PRINTK(2, warn,
1498 "Redirect: target address is not link-local unicast\n");
1499 return;
1500 }
1501
1502 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1503 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1504
1505 dst = ip6_route_output(net, NULL, &fl6);
1506 if (dst->error) {
1507 dst_release(dst);
1508 return;
1509 }
1510 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1511 if (IS_ERR(dst))
1512 return;
1513
1514 rt = (struct rt6_info *) dst;
1515
1516 if (rt->rt6i_flags & RTF_GATEWAY) {
1517 ND_PRINTK(2, warn,
1518 "Redirect: destination is not a neighbour\n");
1519 goto release;
1520 }
1521 if (!rt->rt6i_peer)
1522 rt6_bind_peer(rt, 1);
1523 if (!inet_peer_xrlim_allow(rt->rt6i_peer, 1*HZ))
1524 goto release;
1525
1526 if (dev->addr_len) {
1527 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1528 if (!neigh) {
1529 ND_PRINTK(2, warn,
1530 "Redirect: no neigh for target address\n");
1531 goto release;
1532 }
1533
1534 read_lock_bh(&neigh->lock);
1535 if (neigh->nud_state & NUD_VALID) {
1536 memcpy(ha_buf, neigh->ha, dev->addr_len);
1537 read_unlock_bh(&neigh->lock);
1538 ha = ha_buf;
1539 len += ndisc_opt_addr_space(dev);
1540 } else
1541 read_unlock_bh(&neigh->lock);
1542
1543 neigh_release(neigh);
1544 }
1545
1546 rd_len = min_t(unsigned int,
1547 IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8);
1548 rd_len &= ~0x7;
1549 len += rd_len;
1550
1551 hlen = LL_RESERVED_SPACE(dev);
1552 tlen = dev->needed_tailroom;
1553 buff = sock_alloc_send_skb(sk,
1554 (MAX_HEADER + sizeof(struct ipv6hdr) +
1555 len + hlen + tlen),
1556 1, &err);
1557 if (buff == NULL) {
1558 ND_PRINTK(0, err,
1559 "Redirect: %s failed to allocate an skb, err=%d\n",
1560 __func__, err);
1561 goto release;
1562 }
1563
1564 skb_reserve(buff, hlen);
1565 ip6_nd_hdr(sk, buff, dev, &saddr_buf, &ipv6_hdr(skb)->saddr,
1566 IPPROTO_ICMPV6, len);
1567
1568 skb_set_transport_header(buff, skb_tail_pointer(buff) - buff->data);
1569 skb_put(buff, len);
1570 icmph = icmp6_hdr(buff);
1571
1572 memset(icmph, 0, sizeof(struct icmp6hdr));
1573 icmph->icmp6_type = NDISC_REDIRECT;
1574
1575 /*
1576 * copy target and destination addresses
1577 */
1578
1579 addrp = (struct in6_addr *)(icmph + 1);
1580 *addrp = *target;
1581 addrp++;
1582 *addrp = ipv6_hdr(skb)->daddr;
1583
1584 opt = (u8*) (addrp + 1);
1585
1586 /*
1587 * include target_address option
1588 */
1589
1590 if (ha)
1591 opt = ndisc_fill_addr_option(opt, ND_OPT_TARGET_LL_ADDR, ha,
1592 dev->addr_len, dev->type);
1593
1594 /*
1595 * build redirect option and copy skb over to the new packet.
1596 */
1597
1598 memset(opt, 0, 8);
1599 *(opt++) = ND_OPT_REDIRECT_HDR;
1600 *(opt++) = (rd_len >> 3);
1601 opt += 6;
1602
1603 memcpy(opt, ipv6_hdr(skb), rd_len - 8);
1604
1605 icmph->icmp6_cksum = csum_ipv6_magic(&saddr_buf, &ipv6_hdr(skb)->saddr,
1606 len, IPPROTO_ICMPV6,
1607 csum_partial(icmph, len, 0));
1608
1609 skb_dst_set(buff, dst);
1610 rcu_read_lock();
1611 idev = __in6_dev_get(dst->dev);
1612 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
1613 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, buff, NULL, dst->dev,
1614 dst_output);
1615 if (!err) {
1616 ICMP6MSGOUT_INC_STATS(net, idev, NDISC_REDIRECT);
1617 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
1618 }
1619
1620 rcu_read_unlock();
1621 return;
1622
1623release:
1624 dst_release(dst);
1625}
1626
1627static void pndisc_redo(struct sk_buff *skb)
1628{
1629 ndisc_recv_ns(skb);
1630 kfree_skb(skb);
1631}
1632
1633int ndisc_rcv(struct sk_buff *skb)
1634{
1635 struct nd_msg *msg;
1636
1637 if (!pskb_may_pull(skb, skb->len))
1638 return 0;
1639
1640 msg = (struct nd_msg *)skb_transport_header(skb);
1641
1642 __skb_push(skb, skb->data - skb_transport_header(skb));
1643
1644 if (ipv6_hdr(skb)->hop_limit != 255) {
1645 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1646 ipv6_hdr(skb)->hop_limit);
1647 return 0;
1648 }
1649
1650 if (msg->icmph.icmp6_code != 0) {
1651 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1652 msg->icmph.icmp6_code);
1653 return 0;
1654 }
1655
1656 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1657
1658 switch (msg->icmph.icmp6_type) {
1659 case NDISC_NEIGHBOUR_SOLICITATION:
1660 ndisc_recv_ns(skb);
1661 break;
1662
1663 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1664 ndisc_recv_na(skb);
1665 break;
1666
1667 case NDISC_ROUTER_SOLICITATION:
1668 ndisc_recv_rs(skb);
1669 break;
1670
1671 case NDISC_ROUTER_ADVERTISEMENT:
1672 ndisc_router_discovery(skb);
1673 break;
1674
1675 case NDISC_REDIRECT:
1676 ndisc_redirect_rcv(skb);
1677 break;
1678 }
1679
1680 return 0;
1681}
1682
1683static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1684{
1685 struct net_device *dev = ptr;
1686 struct net *net = dev_net(dev);
1687
1688 switch (event) {
1689 case NETDEV_CHANGEADDR:
1690 neigh_changeaddr(&nd_tbl, dev);
1691 fib6_run_gc(~0UL, net);
1692 break;
1693 case NETDEV_DOWN:
1694 neigh_ifdown(&nd_tbl, dev);
1695 fib6_run_gc(~0UL, net);
1696 break;
1697 case NETDEV_NOTIFY_PEERS:
1698 ndisc_send_unsol_na(dev);
1699 break;
1700 default:
1701 break;
1702 }
1703
1704 return NOTIFY_DONE;
1705}
1706
1707static struct notifier_block ndisc_netdev_notifier = {
1708 .notifier_call = ndisc_netdev_event,
1709};
1710
1711#ifdef CONFIG_SYSCTL
1712static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1713 const char *func, const char *dev_name)
1714{
1715 static char warncomm[TASK_COMM_LEN];
1716 static int warned;
1717 if (strcmp(warncomm, current->comm) && warned < 5) {
1718 strcpy(warncomm, current->comm);
1719 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1720 warncomm, func,
1721 dev_name, ctl->procname,
1722 dev_name, ctl->procname);
1723 warned++;
1724 }
1725}
1726
1727int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
1728{
1729 struct net_device *dev = ctl->extra1;
1730 struct inet6_dev *idev;
1731 int ret;
1732
1733 if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1734 (strcmp(ctl->procname, "base_reachable_time") == 0))
1735 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1736
1737 if (strcmp(ctl->procname, "retrans_time") == 0)
1738 ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
1739
1740 else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1741 ret = proc_dointvec_jiffies(ctl, write,
1742 buffer, lenp, ppos);
1743
1744 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1745 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1746 ret = proc_dointvec_ms_jiffies(ctl, write,
1747 buffer, lenp, ppos);
1748 else
1749 ret = -1;
1750
1751 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1752 if (ctl->data == &idev->nd_parms->base_reachable_time)
1753 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time);
1754 idev->tstamp = jiffies;
1755 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1756 in6_dev_put(idev);
1757 }
1758 return ret;
1759}
1760
1761
1762#endif
1763
1764static int __net_init ndisc_net_init(struct net *net)
1765{
1766 struct ipv6_pinfo *np;
1767 struct sock *sk;
1768 int err;
1769
1770 err = inet_ctl_sock_create(&sk, PF_INET6,
1771 SOCK_RAW, IPPROTO_ICMPV6, net);
1772 if (err < 0) {
1773 ND_PRINTK(0, err,
1774 "NDISC: Failed to initialize the control socket (err %d)\n",
1775 err);
1776 return err;
1777 }
1778
1779 net->ipv6.ndisc_sk = sk;
1780
1781 np = inet6_sk(sk);
1782 np->hop_limit = 255;
1783 /* Do not loopback ndisc messages */
1784 np->mc_loop = 0;
1785
1786 return 0;
1787}
1788
1789static void __net_exit ndisc_net_exit(struct net *net)
1790{
1791 inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1792}
1793
1794static struct pernet_operations ndisc_net_ops = {
1795 .init = ndisc_net_init,
1796 .exit = ndisc_net_exit,
1797};
1798
1799int __init ndisc_init(void)
1800{
1801 int err;
1802
1803 err = register_pernet_subsys(&ndisc_net_ops);
1804 if (err)
1805 return err;
1806 /*
1807 * Initialize the neighbour table
1808 */
1809 neigh_table_init(&nd_tbl);
1810
1811#ifdef CONFIG_SYSCTL
1812 err = neigh_sysctl_register(NULL, &nd_tbl.parms, "ipv6",
1813 &ndisc_ifinfo_sysctl_change);
1814 if (err)
1815 goto out_unregister_pernet;
1816#endif
1817 err = register_netdevice_notifier(&ndisc_netdev_notifier);
1818 if (err)
1819 goto out_unregister_sysctl;
1820out:
1821 return err;
1822
1823out_unregister_sysctl:
1824#ifdef CONFIG_SYSCTL
1825 neigh_sysctl_unregister(&nd_tbl.parms);
1826out_unregister_pernet:
1827#endif
1828 unregister_pernet_subsys(&ndisc_net_ops);
1829 goto out;
1830}
1831
1832void ndisc_cleanup(void)
1833{
1834 unregister_netdevice_notifier(&ndisc_netdev_notifier);
1835#ifdef CONFIG_SYSCTL
1836 neigh_sysctl_unregister(&nd_tbl.parms);
1837#endif
1838 neigh_table_clear(&nd_tbl);
1839 unregister_pernet_subsys(&ndisc_net_ops);
1840}
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * Neighbour Discovery for IPv6
4 * Linux INET6 implementation
5 *
6 * Authors:
7 * Pedro Roque <roque@di.fc.ul.pt>
8 * Mike Shaver <shaver@ingenia.com>
9 */
10
11/*
12 * Changes:
13 *
14 * Alexey I. Froloff : RFC6106 (DNSSL) support
15 * Pierre Ynard : export userland ND options
16 * through netlink (RDNSS support)
17 * Lars Fenneberg : fixed MTU setting on receipt
18 * of an RA.
19 * Janos Farkas : kmalloc failure checks
20 * Alexey Kuznetsov : state machine reworked
21 * and moved to net/core.
22 * Pekka Savola : RFC2461 validation
23 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly
24 */
25
26#define pr_fmt(fmt) "ICMPv6: " fmt
27
28#include <linux/module.h>
29#include <linux/errno.h>
30#include <linux/types.h>
31#include <linux/socket.h>
32#include <linux/sockios.h>
33#include <linux/sched.h>
34#include <linux/net.h>
35#include <linux/in6.h>
36#include <linux/route.h>
37#include <linux/init.h>
38#include <linux/rcupdate.h>
39#include <linux/slab.h>
40#ifdef CONFIG_SYSCTL
41#include <linux/sysctl.h>
42#endif
43
44#include <linux/if_addr.h>
45#include <linux/if_ether.h>
46#include <linux/if_arp.h>
47#include <linux/ipv6.h>
48#include <linux/icmpv6.h>
49#include <linux/jhash.h>
50
51#include <net/sock.h>
52#include <net/snmp.h>
53
54#include <net/ipv6.h>
55#include <net/protocol.h>
56#include <net/ndisc.h>
57#include <net/ip6_route.h>
58#include <net/addrconf.h>
59#include <net/icmp.h>
60
61#include <net/netlink.h>
62#include <linux/rtnetlink.h>
63
64#include <net/flow.h>
65#include <net/ip6_checksum.h>
66#include <net/inet_common.h>
67#include <linux/proc_fs.h>
68
69#include <linux/netfilter.h>
70#include <linux/netfilter_ipv6.h>
71
72static u32 ndisc_hash(const void *pkey,
73 const struct net_device *dev,
74 __u32 *hash_rnd);
75static bool ndisc_key_eq(const struct neighbour *neigh, const void *pkey);
76static bool ndisc_allow_add(const struct net_device *dev,
77 struct netlink_ext_ack *extack);
78static int ndisc_constructor(struct neighbour *neigh);
79static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
80static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
81static int pndisc_constructor(struct pneigh_entry *n);
82static void pndisc_destructor(struct pneigh_entry *n);
83static void pndisc_redo(struct sk_buff *skb);
84
85static const struct neigh_ops ndisc_generic_ops = {
86 .family = AF_INET6,
87 .solicit = ndisc_solicit,
88 .error_report = ndisc_error_report,
89 .output = neigh_resolve_output,
90 .connected_output = neigh_connected_output,
91};
92
93static const struct neigh_ops ndisc_hh_ops = {
94 .family = AF_INET6,
95 .solicit = ndisc_solicit,
96 .error_report = ndisc_error_report,
97 .output = neigh_resolve_output,
98 .connected_output = neigh_resolve_output,
99};
100
101
102static const struct neigh_ops ndisc_direct_ops = {
103 .family = AF_INET6,
104 .output = neigh_direct_output,
105 .connected_output = neigh_direct_output,
106};
107
108struct neigh_table nd_tbl = {
109 .family = AF_INET6,
110 .key_len = sizeof(struct in6_addr),
111 .protocol = cpu_to_be16(ETH_P_IPV6),
112 .hash = ndisc_hash,
113 .key_eq = ndisc_key_eq,
114 .constructor = ndisc_constructor,
115 .pconstructor = pndisc_constructor,
116 .pdestructor = pndisc_destructor,
117 .proxy_redo = pndisc_redo,
118 .allow_add = ndisc_allow_add,
119 .id = "ndisc_cache",
120 .parms = {
121 .tbl = &nd_tbl,
122 .reachable_time = ND_REACHABLE_TIME,
123 .data = {
124 [NEIGH_VAR_MCAST_PROBES] = 3,
125 [NEIGH_VAR_UCAST_PROBES] = 3,
126 [NEIGH_VAR_RETRANS_TIME] = ND_RETRANS_TIMER,
127 [NEIGH_VAR_BASE_REACHABLE_TIME] = ND_REACHABLE_TIME,
128 [NEIGH_VAR_DELAY_PROBE_TIME] = 5 * HZ,
129 [NEIGH_VAR_GC_STALETIME] = 60 * HZ,
130 [NEIGH_VAR_QUEUE_LEN_BYTES] = SK_WMEM_MAX,
131 [NEIGH_VAR_PROXY_QLEN] = 64,
132 [NEIGH_VAR_ANYCAST_DELAY] = 1 * HZ,
133 [NEIGH_VAR_PROXY_DELAY] = (8 * HZ) / 10,
134 },
135 },
136 .gc_interval = 30 * HZ,
137 .gc_thresh1 = 128,
138 .gc_thresh2 = 512,
139 .gc_thresh3 = 1024,
140};
141EXPORT_SYMBOL_GPL(nd_tbl);
142
143void __ndisc_fill_addr_option(struct sk_buff *skb, int type, void *data,
144 int data_len, int pad)
145{
146 int space = __ndisc_opt_addr_space(data_len, pad);
147 u8 *opt = skb_put(skb, space);
148
149 opt[0] = type;
150 opt[1] = space>>3;
151
152 memset(opt + 2, 0, pad);
153 opt += pad;
154 space -= pad;
155
156 memcpy(opt+2, data, data_len);
157 data_len += 2;
158 opt += data_len;
159 space -= data_len;
160 if (space > 0)
161 memset(opt, 0, space);
162}
163EXPORT_SYMBOL_GPL(__ndisc_fill_addr_option);
164
165static inline void ndisc_fill_addr_option(struct sk_buff *skb, int type,
166 void *data, u8 icmp6_type)
167{
168 __ndisc_fill_addr_option(skb, type, data, skb->dev->addr_len,
169 ndisc_addr_option_pad(skb->dev->type));
170 ndisc_ops_fill_addr_option(skb->dev, skb, icmp6_type);
171}
172
173static inline void ndisc_fill_redirect_addr_option(struct sk_buff *skb,
174 void *ha,
175 const u8 *ops_data)
176{
177 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR, ha, NDISC_REDIRECT);
178 ndisc_ops_fill_redirect_addr_option(skb->dev, skb, ops_data);
179}
180
181static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
182 struct nd_opt_hdr *end)
183{
184 int type;
185 if (!cur || !end || cur >= end)
186 return NULL;
187 type = cur->nd_opt_type;
188 do {
189 cur = ((void *)cur) + (cur->nd_opt_len << 3);
190 } while (cur < end && cur->nd_opt_type != type);
191 return cur <= end && cur->nd_opt_type == type ? cur : NULL;
192}
193
194static inline int ndisc_is_useropt(const struct net_device *dev,
195 struct nd_opt_hdr *opt)
196{
197 return opt->nd_opt_type == ND_OPT_RDNSS ||
198 opt->nd_opt_type == ND_OPT_DNSSL ||
199 opt->nd_opt_type == ND_OPT_CAPTIVE_PORTAL ||
200 ndisc_ops_is_useropt(dev, opt->nd_opt_type);
201}
202
203static struct nd_opt_hdr *ndisc_next_useropt(const struct net_device *dev,
204 struct nd_opt_hdr *cur,
205 struct nd_opt_hdr *end)
206{
207 if (!cur || !end || cur >= end)
208 return NULL;
209 do {
210 cur = ((void *)cur) + (cur->nd_opt_len << 3);
211 } while (cur < end && !ndisc_is_useropt(dev, cur));
212 return cur <= end && ndisc_is_useropt(dev, cur) ? cur : NULL;
213}
214
215struct ndisc_options *ndisc_parse_options(const struct net_device *dev,
216 u8 *opt, int opt_len,
217 struct ndisc_options *ndopts)
218{
219 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
220
221 if (!nd_opt || opt_len < 0 || !ndopts)
222 return NULL;
223 memset(ndopts, 0, sizeof(*ndopts));
224 while (opt_len) {
225 int l;
226 if (opt_len < sizeof(struct nd_opt_hdr))
227 return NULL;
228 l = nd_opt->nd_opt_len << 3;
229 if (opt_len < l || l == 0)
230 return NULL;
231 if (ndisc_ops_parse_options(dev, nd_opt, ndopts))
232 goto next_opt;
233 switch (nd_opt->nd_opt_type) {
234 case ND_OPT_SOURCE_LL_ADDR:
235 case ND_OPT_TARGET_LL_ADDR:
236 case ND_OPT_MTU:
237 case ND_OPT_NONCE:
238 case ND_OPT_REDIRECT_HDR:
239 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
240 ND_PRINTK(2, warn,
241 "%s: duplicated ND6 option found: type=%d\n",
242 __func__, nd_opt->nd_opt_type);
243 } else {
244 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
245 }
246 break;
247 case ND_OPT_PREFIX_INFO:
248 ndopts->nd_opts_pi_end = nd_opt;
249 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
250 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
251 break;
252#ifdef CONFIG_IPV6_ROUTE_INFO
253 case ND_OPT_ROUTE_INFO:
254 ndopts->nd_opts_ri_end = nd_opt;
255 if (!ndopts->nd_opts_ri)
256 ndopts->nd_opts_ri = nd_opt;
257 break;
258#endif
259 default:
260 if (ndisc_is_useropt(dev, nd_opt)) {
261 ndopts->nd_useropts_end = nd_opt;
262 if (!ndopts->nd_useropts)
263 ndopts->nd_useropts = nd_opt;
264 } else {
265 /*
266 * Unknown options must be silently ignored,
267 * to accommodate future extension to the
268 * protocol.
269 */
270 ND_PRINTK(2, notice,
271 "%s: ignored unsupported option; type=%d, len=%d\n",
272 __func__,
273 nd_opt->nd_opt_type,
274 nd_opt->nd_opt_len);
275 }
276 }
277next_opt:
278 opt_len -= l;
279 nd_opt = ((void *)nd_opt) + l;
280 }
281 return ndopts;
282}
283
284int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
285{
286 switch (dev->type) {
287 case ARPHRD_ETHER:
288 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */
289 case ARPHRD_FDDI:
290 ipv6_eth_mc_map(addr, buf);
291 return 0;
292 case ARPHRD_ARCNET:
293 ipv6_arcnet_mc_map(addr, buf);
294 return 0;
295 case ARPHRD_INFINIBAND:
296 ipv6_ib_mc_map(addr, dev->broadcast, buf);
297 return 0;
298 case ARPHRD_IPGRE:
299 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
300 default:
301 if (dir) {
302 memcpy(buf, dev->broadcast, dev->addr_len);
303 return 0;
304 }
305 }
306 return -EINVAL;
307}
308EXPORT_SYMBOL(ndisc_mc_map);
309
310static u32 ndisc_hash(const void *pkey,
311 const struct net_device *dev,
312 __u32 *hash_rnd)
313{
314 return ndisc_hashfn(pkey, dev, hash_rnd);
315}
316
317static bool ndisc_key_eq(const struct neighbour *n, const void *pkey)
318{
319 return neigh_key_eq128(n, pkey);
320}
321
322static int ndisc_constructor(struct neighbour *neigh)
323{
324 struct in6_addr *addr = (struct in6_addr *)&neigh->primary_key;
325 struct net_device *dev = neigh->dev;
326 struct inet6_dev *in6_dev;
327 struct neigh_parms *parms;
328 bool is_multicast = ipv6_addr_is_multicast(addr);
329
330 in6_dev = in6_dev_get(dev);
331 if (!in6_dev) {
332 return -EINVAL;
333 }
334
335 parms = in6_dev->nd_parms;
336 __neigh_parms_put(neigh->parms);
337 neigh->parms = neigh_parms_clone(parms);
338
339 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
340 if (!dev->header_ops) {
341 neigh->nud_state = NUD_NOARP;
342 neigh->ops = &ndisc_direct_ops;
343 neigh->output = neigh_direct_output;
344 } else {
345 if (is_multicast) {
346 neigh->nud_state = NUD_NOARP;
347 ndisc_mc_map(addr, neigh->ha, dev, 1);
348 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
349 neigh->nud_state = NUD_NOARP;
350 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
351 if (dev->flags&IFF_LOOPBACK)
352 neigh->type = RTN_LOCAL;
353 } else if (dev->flags&IFF_POINTOPOINT) {
354 neigh->nud_state = NUD_NOARP;
355 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
356 }
357 if (dev->header_ops->cache)
358 neigh->ops = &ndisc_hh_ops;
359 else
360 neigh->ops = &ndisc_generic_ops;
361 if (neigh->nud_state&NUD_VALID)
362 neigh->output = neigh->ops->connected_output;
363 else
364 neigh->output = neigh->ops->output;
365 }
366 in6_dev_put(in6_dev);
367 return 0;
368}
369
370static int pndisc_constructor(struct pneigh_entry *n)
371{
372 struct in6_addr *addr = (struct in6_addr *)&n->key;
373 struct in6_addr maddr;
374 struct net_device *dev = n->dev;
375
376 if (!dev || !__in6_dev_get(dev))
377 return -EINVAL;
378 addrconf_addr_solict_mult(addr, &maddr);
379 ipv6_dev_mc_inc(dev, &maddr);
380 return 0;
381}
382
383static void pndisc_destructor(struct pneigh_entry *n)
384{
385 struct in6_addr *addr = (struct in6_addr *)&n->key;
386 struct in6_addr maddr;
387 struct net_device *dev = n->dev;
388
389 if (!dev || !__in6_dev_get(dev))
390 return;
391 addrconf_addr_solict_mult(addr, &maddr);
392 ipv6_dev_mc_dec(dev, &maddr);
393}
394
395/* called with rtnl held */
396static bool ndisc_allow_add(const struct net_device *dev,
397 struct netlink_ext_ack *extack)
398{
399 struct inet6_dev *idev = __in6_dev_get(dev);
400
401 if (!idev || idev->cnf.disable_ipv6) {
402 NL_SET_ERR_MSG(extack, "IPv6 is disabled on this device");
403 return false;
404 }
405
406 return true;
407}
408
409static struct sk_buff *ndisc_alloc_skb(struct net_device *dev,
410 int len)
411{
412 int hlen = LL_RESERVED_SPACE(dev);
413 int tlen = dev->needed_tailroom;
414 struct sock *sk = dev_net(dev)->ipv6.ndisc_sk;
415 struct sk_buff *skb;
416
417 skb = alloc_skb(hlen + sizeof(struct ipv6hdr) + len + tlen, GFP_ATOMIC);
418 if (!skb) {
419 ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb\n",
420 __func__);
421 return NULL;
422 }
423
424 skb->protocol = htons(ETH_P_IPV6);
425 skb->dev = dev;
426
427 skb_reserve(skb, hlen + sizeof(struct ipv6hdr));
428 skb_reset_transport_header(skb);
429
430 /* Manually assign socket ownership as we avoid calling
431 * sock_alloc_send_pskb() to bypass wmem buffer limits
432 */
433 skb_set_owner_w(skb, sk);
434
435 return skb;
436}
437
438static void ip6_nd_hdr(struct sk_buff *skb,
439 const struct in6_addr *saddr,
440 const struct in6_addr *daddr,
441 int hop_limit, int len)
442{
443 struct ipv6hdr *hdr;
444 struct inet6_dev *idev;
445 unsigned tclass;
446
447 rcu_read_lock();
448 idev = __in6_dev_get(skb->dev);
449 tclass = idev ? idev->cnf.ndisc_tclass : 0;
450 rcu_read_unlock();
451
452 skb_push(skb, sizeof(*hdr));
453 skb_reset_network_header(skb);
454 hdr = ipv6_hdr(skb);
455
456 ip6_flow_hdr(hdr, tclass, 0);
457
458 hdr->payload_len = htons(len);
459 hdr->nexthdr = IPPROTO_ICMPV6;
460 hdr->hop_limit = hop_limit;
461
462 hdr->saddr = *saddr;
463 hdr->daddr = *daddr;
464}
465
466static void ndisc_send_skb(struct sk_buff *skb,
467 const struct in6_addr *daddr,
468 const struct in6_addr *saddr)
469{
470 struct dst_entry *dst = skb_dst(skb);
471 struct net *net = dev_net(skb->dev);
472 struct sock *sk = net->ipv6.ndisc_sk;
473 struct inet6_dev *idev;
474 int err;
475 struct icmp6hdr *icmp6h = icmp6_hdr(skb);
476 u8 type;
477
478 type = icmp6h->icmp6_type;
479
480 if (!dst) {
481 struct flowi6 fl6;
482 int oif = skb->dev->ifindex;
483
484 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, oif);
485 dst = icmp6_dst_alloc(skb->dev, &fl6);
486 if (IS_ERR(dst)) {
487 kfree_skb(skb);
488 return;
489 }
490
491 skb_dst_set(skb, dst);
492 }
493
494 icmp6h->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len,
495 IPPROTO_ICMPV6,
496 csum_partial(icmp6h,
497 skb->len, 0));
498
499 ip6_nd_hdr(skb, saddr, daddr, inet6_sk(sk)->hop_limit, skb->len);
500
501 rcu_read_lock();
502 idev = __in6_dev_get(dst->dev);
503 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
504
505 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT,
506 net, sk, skb, NULL, dst->dev,
507 dst_output);
508 if (!err) {
509 ICMP6MSGOUT_INC_STATS(net, idev, type);
510 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
511 }
512
513 rcu_read_unlock();
514}
515
516void ndisc_send_na(struct net_device *dev, const struct in6_addr *daddr,
517 const struct in6_addr *solicited_addr,
518 bool router, bool solicited, bool override, bool inc_opt)
519{
520 struct sk_buff *skb;
521 struct in6_addr tmpaddr;
522 struct inet6_ifaddr *ifp;
523 const struct in6_addr *src_addr;
524 struct nd_msg *msg;
525 int optlen = 0;
526
527 /* for anycast or proxy, solicited_addr != src_addr */
528 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
529 if (ifp) {
530 src_addr = solicited_addr;
531 if (ifp->flags & IFA_F_OPTIMISTIC)
532 override = false;
533 inc_opt |= ifp->idev->cnf.force_tllao;
534 in6_ifa_put(ifp);
535 } else {
536 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
537 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
538 &tmpaddr))
539 return;
540 src_addr = &tmpaddr;
541 }
542
543 if (!dev->addr_len)
544 inc_opt = false;
545 if (inc_opt)
546 optlen += ndisc_opt_addr_space(dev,
547 NDISC_NEIGHBOUR_ADVERTISEMENT);
548
549 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
550 if (!skb)
551 return;
552
553 msg = skb_put(skb, sizeof(*msg));
554 *msg = (struct nd_msg) {
555 .icmph = {
556 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
557 .icmp6_router = router,
558 .icmp6_solicited = solicited,
559 .icmp6_override = override,
560 },
561 .target = *solicited_addr,
562 };
563
564 if (inc_opt)
565 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR,
566 dev->dev_addr,
567 NDISC_NEIGHBOUR_ADVERTISEMENT);
568
569 ndisc_send_skb(skb, daddr, src_addr);
570}
571
572static void ndisc_send_unsol_na(struct net_device *dev)
573{
574 struct inet6_dev *idev;
575 struct inet6_ifaddr *ifa;
576
577 idev = in6_dev_get(dev);
578 if (!idev)
579 return;
580
581 read_lock_bh(&idev->lock);
582 list_for_each_entry(ifa, &idev->addr_list, if_list) {
583 /* skip tentative addresses until dad completes */
584 if (ifa->flags & IFA_F_TENTATIVE &&
585 !(ifa->flags & IFA_F_OPTIMISTIC))
586 continue;
587
588 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &ifa->addr,
589 /*router=*/ !!idev->cnf.forwarding,
590 /*solicited=*/ false, /*override=*/ true,
591 /*inc_opt=*/ true);
592 }
593 read_unlock_bh(&idev->lock);
594
595 in6_dev_put(idev);
596}
597
598void ndisc_send_ns(struct net_device *dev, const struct in6_addr *solicit,
599 const struct in6_addr *daddr, const struct in6_addr *saddr,
600 u64 nonce)
601{
602 struct sk_buff *skb;
603 struct in6_addr addr_buf;
604 int inc_opt = dev->addr_len;
605 int optlen = 0;
606 struct nd_msg *msg;
607
608 if (!saddr) {
609 if (ipv6_get_lladdr(dev, &addr_buf,
610 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
611 return;
612 saddr = &addr_buf;
613 }
614
615 if (ipv6_addr_any(saddr))
616 inc_opt = false;
617 if (inc_opt)
618 optlen += ndisc_opt_addr_space(dev,
619 NDISC_NEIGHBOUR_SOLICITATION);
620 if (nonce != 0)
621 optlen += 8;
622
623 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
624 if (!skb)
625 return;
626
627 msg = skb_put(skb, sizeof(*msg));
628 *msg = (struct nd_msg) {
629 .icmph = {
630 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
631 },
632 .target = *solicit,
633 };
634
635 if (inc_opt)
636 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
637 dev->dev_addr,
638 NDISC_NEIGHBOUR_SOLICITATION);
639 if (nonce != 0) {
640 u8 *opt = skb_put(skb, 8);
641
642 opt[0] = ND_OPT_NONCE;
643 opt[1] = 8 >> 3;
644 memcpy(opt + 2, &nonce, 6);
645 }
646
647 ndisc_send_skb(skb, daddr, saddr);
648}
649
650void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
651 const struct in6_addr *daddr)
652{
653 struct sk_buff *skb;
654 struct rs_msg *msg;
655 int send_sllao = dev->addr_len;
656 int optlen = 0;
657
658#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
659 /*
660 * According to section 2.2 of RFC 4429, we must not
661 * send router solicitations with a sllao from
662 * optimistic addresses, but we may send the solicitation
663 * if we don't include the sllao. So here we check
664 * if our address is optimistic, and if so, we
665 * suppress the inclusion of the sllao.
666 */
667 if (send_sllao) {
668 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
669 dev, 1);
670 if (ifp) {
671 if (ifp->flags & IFA_F_OPTIMISTIC) {
672 send_sllao = 0;
673 }
674 in6_ifa_put(ifp);
675 } else {
676 send_sllao = 0;
677 }
678 }
679#endif
680 if (send_sllao)
681 optlen += ndisc_opt_addr_space(dev, NDISC_ROUTER_SOLICITATION);
682
683 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
684 if (!skb)
685 return;
686
687 msg = skb_put(skb, sizeof(*msg));
688 *msg = (struct rs_msg) {
689 .icmph = {
690 .icmp6_type = NDISC_ROUTER_SOLICITATION,
691 },
692 };
693
694 if (send_sllao)
695 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
696 dev->dev_addr,
697 NDISC_ROUTER_SOLICITATION);
698
699 ndisc_send_skb(skb, daddr, saddr);
700}
701
702
703static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
704{
705 /*
706 * "The sender MUST return an ICMP
707 * destination unreachable"
708 */
709 dst_link_failure(skb);
710 kfree_skb(skb);
711}
712
713/* Called with locked neigh: either read or both */
714
715static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
716{
717 struct in6_addr *saddr = NULL;
718 struct in6_addr mcaddr;
719 struct net_device *dev = neigh->dev;
720 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
721 int probes = atomic_read(&neigh->probes);
722
723 if (skb && ipv6_chk_addr_and_flags(dev_net(dev), &ipv6_hdr(skb)->saddr,
724 dev, false, 1,
725 IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))
726 saddr = &ipv6_hdr(skb)->saddr;
727 probes -= NEIGH_VAR(neigh->parms, UCAST_PROBES);
728 if (probes < 0) {
729 if (!(neigh->nud_state & NUD_VALID)) {
730 ND_PRINTK(1, dbg,
731 "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
732 __func__, target);
733 }
734 ndisc_send_ns(dev, target, target, saddr, 0);
735 } else if ((probes -= NEIGH_VAR(neigh->parms, APP_PROBES)) < 0) {
736 neigh_app_ns(neigh);
737 } else {
738 addrconf_addr_solict_mult(target, &mcaddr);
739 ndisc_send_ns(dev, target, &mcaddr, saddr, 0);
740 }
741}
742
743static int pndisc_is_router(const void *pkey,
744 struct net_device *dev)
745{
746 struct pneigh_entry *n;
747 int ret = -1;
748
749 read_lock_bh(&nd_tbl.lock);
750 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
751 if (n)
752 ret = !!(n->flags & NTF_ROUTER);
753 read_unlock_bh(&nd_tbl.lock);
754
755 return ret;
756}
757
758void ndisc_update(const struct net_device *dev, struct neighbour *neigh,
759 const u8 *lladdr, u8 new, u32 flags, u8 icmp6_type,
760 struct ndisc_options *ndopts)
761{
762 neigh_update(neigh, lladdr, new, flags, 0);
763 /* report ndisc ops about neighbour update */
764 ndisc_ops_update(dev, neigh, flags, icmp6_type, ndopts);
765}
766
767static void ndisc_recv_ns(struct sk_buff *skb)
768{
769 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
770 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
771 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
772 u8 *lladdr = NULL;
773 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
774 offsetof(struct nd_msg, opt));
775 struct ndisc_options ndopts;
776 struct net_device *dev = skb->dev;
777 struct inet6_ifaddr *ifp;
778 struct inet6_dev *idev = NULL;
779 struct neighbour *neigh;
780 int dad = ipv6_addr_any(saddr);
781 bool inc;
782 int is_router = -1;
783 u64 nonce = 0;
784
785 if (skb->len < sizeof(struct nd_msg)) {
786 ND_PRINTK(2, warn, "NS: packet too short\n");
787 return;
788 }
789
790 if (ipv6_addr_is_multicast(&msg->target)) {
791 ND_PRINTK(2, warn, "NS: multicast target address\n");
792 return;
793 }
794
795 /*
796 * RFC2461 7.1.1:
797 * DAD has to be destined for solicited node multicast address.
798 */
799 if (dad && !ipv6_addr_is_solict_mult(daddr)) {
800 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
801 return;
802 }
803
804 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
805 ND_PRINTK(2, warn, "NS: invalid ND options\n");
806 return;
807 }
808
809 if (ndopts.nd_opts_src_lladdr) {
810 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
811 if (!lladdr) {
812 ND_PRINTK(2, warn,
813 "NS: invalid link-layer address length\n");
814 return;
815 }
816
817 /* RFC2461 7.1.1:
818 * If the IP source address is the unspecified address,
819 * there MUST NOT be source link-layer address option
820 * in the message.
821 */
822 if (dad) {
823 ND_PRINTK(2, warn,
824 "NS: bad DAD packet (link-layer address option)\n");
825 return;
826 }
827 }
828 if (ndopts.nd_opts_nonce && ndopts.nd_opts_nonce->nd_opt_len == 1)
829 memcpy(&nonce, (u8 *)(ndopts.nd_opts_nonce + 1), 6);
830
831 inc = ipv6_addr_is_multicast(daddr);
832
833 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
834 if (ifp) {
835have_ifp:
836 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
837 if (dad) {
838 if (nonce != 0 && ifp->dad_nonce == nonce) {
839 u8 *np = (u8 *)&nonce;
840 /* Matching nonce if looped back */
841 ND_PRINTK(2, notice,
842 "%s: IPv6 DAD loopback for address %pI6c nonce %pM ignored\n",
843 ifp->idev->dev->name,
844 &ifp->addr, np);
845 goto out;
846 }
847 /*
848 * We are colliding with another node
849 * who is doing DAD
850 * so fail our DAD process
851 */
852 addrconf_dad_failure(skb, ifp);
853 return;
854 } else {
855 /*
856 * This is not a dad solicitation.
857 * If we are an optimistic node,
858 * we should respond.
859 * Otherwise, we should ignore it.
860 */
861 if (!(ifp->flags & IFA_F_OPTIMISTIC))
862 goto out;
863 }
864 }
865
866 idev = ifp->idev;
867 } else {
868 struct net *net = dev_net(dev);
869
870 /* perhaps an address on the master device */
871 if (netif_is_l3_slave(dev)) {
872 struct net_device *mdev;
873
874 mdev = netdev_master_upper_dev_get_rcu(dev);
875 if (mdev) {
876 ifp = ipv6_get_ifaddr(net, &msg->target, mdev, 1);
877 if (ifp)
878 goto have_ifp;
879 }
880 }
881
882 idev = in6_dev_get(dev);
883 if (!idev) {
884 /* XXX: count this drop? */
885 return;
886 }
887
888 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
889 (idev->cnf.forwarding &&
890 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
891 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
892 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
893 skb->pkt_type != PACKET_HOST &&
894 inc &&
895 NEIGH_VAR(idev->nd_parms, PROXY_DELAY) != 0) {
896 /*
897 * for anycast or proxy,
898 * sender should delay its response
899 * by a random time between 0 and
900 * MAX_ANYCAST_DELAY_TIME seconds.
901 * (RFC2461) -- yoshfuji
902 */
903 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
904 if (n)
905 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
906 goto out;
907 }
908 } else
909 goto out;
910 }
911
912 if (is_router < 0)
913 is_router = idev->cnf.forwarding;
914
915 if (dad) {
916 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &msg->target,
917 !!is_router, false, (ifp != NULL), true);
918 goto out;
919 }
920
921 if (inc)
922 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
923 else
924 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
925
926 /*
927 * update / create cache entry
928 * for the source address
929 */
930 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
931 !inc || lladdr || !dev->addr_len);
932 if (neigh)
933 ndisc_update(dev, neigh, lladdr, NUD_STALE,
934 NEIGH_UPDATE_F_WEAK_OVERRIDE|
935 NEIGH_UPDATE_F_OVERRIDE,
936 NDISC_NEIGHBOUR_SOLICITATION, &ndopts);
937 if (neigh || !dev->header_ops) {
938 ndisc_send_na(dev, saddr, &msg->target, !!is_router,
939 true, (ifp != NULL && inc), inc);
940 if (neigh)
941 neigh_release(neigh);
942 }
943
944out:
945 if (ifp)
946 in6_ifa_put(ifp);
947 else
948 in6_dev_put(idev);
949}
950
951static void ndisc_recv_na(struct sk_buff *skb)
952{
953 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
954 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
955 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
956 u8 *lladdr = NULL;
957 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
958 offsetof(struct nd_msg, opt));
959 struct ndisc_options ndopts;
960 struct net_device *dev = skb->dev;
961 struct inet6_dev *idev = __in6_dev_get(dev);
962 struct inet6_ifaddr *ifp;
963 struct neighbour *neigh;
964
965 if (skb->len < sizeof(struct nd_msg)) {
966 ND_PRINTK(2, warn, "NA: packet too short\n");
967 return;
968 }
969
970 if (ipv6_addr_is_multicast(&msg->target)) {
971 ND_PRINTK(2, warn, "NA: target address is multicast\n");
972 return;
973 }
974
975 if (ipv6_addr_is_multicast(daddr) &&
976 msg->icmph.icmp6_solicited) {
977 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
978 return;
979 }
980
981 /* For some 802.11 wireless deployments (and possibly other networks),
982 * there will be a NA proxy and unsolicitd packets are attacks
983 * and thus should not be accepted.
984 */
985 if (!msg->icmph.icmp6_solicited && idev &&
986 idev->cnf.drop_unsolicited_na)
987 return;
988
989 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
990 ND_PRINTK(2, warn, "NS: invalid ND option\n");
991 return;
992 }
993 if (ndopts.nd_opts_tgt_lladdr) {
994 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
995 if (!lladdr) {
996 ND_PRINTK(2, warn,
997 "NA: invalid link-layer address length\n");
998 return;
999 }
1000 }
1001 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
1002 if (ifp) {
1003 if (skb->pkt_type != PACKET_LOOPBACK
1004 && (ifp->flags & IFA_F_TENTATIVE)) {
1005 addrconf_dad_failure(skb, ifp);
1006 return;
1007 }
1008 /* What should we make now? The advertisement
1009 is invalid, but ndisc specs say nothing
1010 about it. It could be misconfiguration, or
1011 an smart proxy agent tries to help us :-)
1012
1013 We should not print the error if NA has been
1014 received from loopback - it is just our own
1015 unsolicited advertisement.
1016 */
1017 if (skb->pkt_type != PACKET_LOOPBACK)
1018 ND_PRINTK(1, warn,
1019 "NA: %pM advertised our address %pI6c on %s!\n",
1020 eth_hdr(skb)->h_source, &ifp->addr, ifp->idev->dev->name);
1021 in6_ifa_put(ifp);
1022 return;
1023 }
1024 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
1025
1026 if (neigh) {
1027 u8 old_flags = neigh->flags;
1028 struct net *net = dev_net(dev);
1029
1030 if (neigh->nud_state & NUD_FAILED)
1031 goto out;
1032
1033 /*
1034 * Don't update the neighbor cache entry on a proxy NA from
1035 * ourselves because either the proxied node is off link or it
1036 * has already sent a NA to us.
1037 */
1038 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
1039 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
1040 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
1041 /* XXX: idev->cnf.proxy_ndp */
1042 goto out;
1043 }
1044
1045 ndisc_update(dev, neigh, lladdr,
1046 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
1047 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1048 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
1049 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1050 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0),
1051 NDISC_NEIGHBOUR_ADVERTISEMENT, &ndopts);
1052
1053 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
1054 /*
1055 * Change: router to host
1056 */
1057 rt6_clean_tohost(dev_net(dev), saddr);
1058 }
1059
1060out:
1061 neigh_release(neigh);
1062 }
1063}
1064
1065static void ndisc_recv_rs(struct sk_buff *skb)
1066{
1067 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
1068 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
1069 struct neighbour *neigh;
1070 struct inet6_dev *idev;
1071 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
1072 struct ndisc_options ndopts;
1073 u8 *lladdr = NULL;
1074
1075 if (skb->len < sizeof(*rs_msg))
1076 return;
1077
1078 idev = __in6_dev_get(skb->dev);
1079 if (!idev) {
1080 ND_PRINTK(1, err, "RS: can't find in6 device\n");
1081 return;
1082 }
1083
1084 /* Don't accept RS if we're not in router mode */
1085 if (!idev->cnf.forwarding)
1086 goto out;
1087
1088 /*
1089 * Don't update NCE if src = ::;
1090 * this implies that the source node has no ip address assigned yet.
1091 */
1092 if (ipv6_addr_any(saddr))
1093 goto out;
1094
1095 /* Parse ND options */
1096 if (!ndisc_parse_options(skb->dev, rs_msg->opt, ndoptlen, &ndopts)) {
1097 ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n");
1098 goto out;
1099 }
1100
1101 if (ndopts.nd_opts_src_lladdr) {
1102 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1103 skb->dev);
1104 if (!lladdr)
1105 goto out;
1106 }
1107
1108 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1109 if (neigh) {
1110 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1111 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1112 NEIGH_UPDATE_F_OVERRIDE|
1113 NEIGH_UPDATE_F_OVERRIDE_ISROUTER,
1114 NDISC_ROUTER_SOLICITATION, &ndopts);
1115 neigh_release(neigh);
1116 }
1117out:
1118 return;
1119}
1120
1121static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1122{
1123 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1124 struct sk_buff *skb;
1125 struct nlmsghdr *nlh;
1126 struct nduseroptmsg *ndmsg;
1127 struct net *net = dev_net(ra->dev);
1128 int err;
1129 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1130 + (opt->nd_opt_len << 3));
1131 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1132
1133 skb = nlmsg_new(msg_size, GFP_ATOMIC);
1134 if (!skb) {
1135 err = -ENOBUFS;
1136 goto errout;
1137 }
1138
1139 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1140 if (!nlh) {
1141 goto nla_put_failure;
1142 }
1143
1144 ndmsg = nlmsg_data(nlh);
1145 ndmsg->nduseropt_family = AF_INET6;
1146 ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1147 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1148 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1149 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1150
1151 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1152
1153 if (nla_put_in6_addr(skb, NDUSEROPT_SRCADDR, &ipv6_hdr(ra)->saddr))
1154 goto nla_put_failure;
1155 nlmsg_end(skb, nlh);
1156
1157 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1158 return;
1159
1160nla_put_failure:
1161 nlmsg_free(skb);
1162 err = -EMSGSIZE;
1163errout:
1164 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1165}
1166
1167static void ndisc_router_discovery(struct sk_buff *skb)
1168{
1169 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1170 struct neighbour *neigh = NULL;
1171 struct inet6_dev *in6_dev;
1172 struct fib6_info *rt = NULL;
1173 struct net *net;
1174 int lifetime;
1175 struct ndisc_options ndopts;
1176 int optlen;
1177 unsigned int pref = 0;
1178 __u32 old_if_flags;
1179 bool send_ifinfo_notify = false;
1180
1181 __u8 *opt = (__u8 *)(ra_msg + 1);
1182
1183 optlen = (skb_tail_pointer(skb) - skb_transport_header(skb)) -
1184 sizeof(struct ra_msg);
1185
1186 ND_PRINTK(2, info,
1187 "RA: %s, dev: %s\n",
1188 __func__, skb->dev->name);
1189 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1190 ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1191 return;
1192 }
1193 if (optlen < 0) {
1194 ND_PRINTK(2, warn, "RA: packet too short\n");
1195 return;
1196 }
1197
1198#ifdef CONFIG_IPV6_NDISC_NODETYPE
1199 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1200 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
1201 return;
1202 }
1203#endif
1204
1205 /*
1206 * set the RA_RECV flag in the interface
1207 */
1208
1209 in6_dev = __in6_dev_get(skb->dev);
1210 if (!in6_dev) {
1211 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1212 skb->dev->name);
1213 return;
1214 }
1215
1216 if (!ndisc_parse_options(skb->dev, opt, optlen, &ndopts)) {
1217 ND_PRINTK(2, warn, "RA: invalid ND options\n");
1218 return;
1219 }
1220
1221 if (!ipv6_accept_ra(in6_dev)) {
1222 ND_PRINTK(2, info,
1223 "RA: %s, did not accept ra for dev: %s\n",
1224 __func__, skb->dev->name);
1225 goto skip_linkparms;
1226 }
1227
1228#ifdef CONFIG_IPV6_NDISC_NODETYPE
1229 /* skip link-specific parameters from interior routers */
1230 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1231 ND_PRINTK(2, info,
1232 "RA: %s, nodetype is NODEFAULT, dev: %s\n",
1233 __func__, skb->dev->name);
1234 goto skip_linkparms;
1235 }
1236#endif
1237
1238 if (in6_dev->if_flags & IF_RS_SENT) {
1239 /*
1240 * flag that an RA was received after an RS was sent
1241 * out on this interface.
1242 */
1243 in6_dev->if_flags |= IF_RA_RCVD;
1244 }
1245
1246 /*
1247 * Remember the managed/otherconf flags from most recently
1248 * received RA message (RFC 2462) -- yoshfuji
1249 */
1250 old_if_flags = in6_dev->if_flags;
1251 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1252 IF_RA_OTHERCONF)) |
1253 (ra_msg->icmph.icmp6_addrconf_managed ?
1254 IF_RA_MANAGED : 0) |
1255 (ra_msg->icmph.icmp6_addrconf_other ?
1256 IF_RA_OTHERCONF : 0);
1257
1258 if (old_if_flags != in6_dev->if_flags)
1259 send_ifinfo_notify = true;
1260
1261 if (!in6_dev->cnf.accept_ra_defrtr) {
1262 ND_PRINTK(2, info,
1263 "RA: %s, defrtr is false for dev: %s\n",
1264 __func__, skb->dev->name);
1265 goto skip_defrtr;
1266 }
1267
1268 /* Do not accept RA with source-addr found on local machine unless
1269 * accept_ra_from_local is set to true.
1270 */
1271 net = dev_net(in6_dev->dev);
1272 if (!in6_dev->cnf.accept_ra_from_local &&
1273 ipv6_chk_addr(net, &ipv6_hdr(skb)->saddr, in6_dev->dev, 0)) {
1274 ND_PRINTK(2, info,
1275 "RA from local address detected on dev: %s: default router ignored\n",
1276 skb->dev->name);
1277 goto skip_defrtr;
1278 }
1279
1280 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1281
1282#ifdef CONFIG_IPV6_ROUTER_PREF
1283 pref = ra_msg->icmph.icmp6_router_pref;
1284 /* 10b is handled as if it were 00b (medium) */
1285 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1286 !in6_dev->cnf.accept_ra_rtr_pref)
1287 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1288#endif
1289 /* routes added from RAs do not use nexthop objects */
1290 rt = rt6_get_dflt_router(net, &ipv6_hdr(skb)->saddr, skb->dev);
1291 if (rt) {
1292 neigh = ip6_neigh_lookup(&rt->fib6_nh->fib_nh_gw6,
1293 rt->fib6_nh->fib_nh_dev, NULL,
1294 &ipv6_hdr(skb)->saddr);
1295 if (!neigh) {
1296 ND_PRINTK(0, err,
1297 "RA: %s got default router without neighbour\n",
1298 __func__);
1299 fib6_info_release(rt);
1300 return;
1301 }
1302 }
1303 if (rt && lifetime == 0) {
1304 ip6_del_rt(net, rt);
1305 rt = NULL;
1306 }
1307
1308 ND_PRINTK(3, info, "RA: rt: %p lifetime: %d, for dev: %s\n",
1309 rt, lifetime, skb->dev->name);
1310 if (!rt && lifetime) {
1311 ND_PRINTK(3, info, "RA: adding default router\n");
1312
1313 rt = rt6_add_dflt_router(net, &ipv6_hdr(skb)->saddr,
1314 skb->dev, pref);
1315 if (!rt) {
1316 ND_PRINTK(0, err,
1317 "RA: %s failed to add default route\n",
1318 __func__);
1319 return;
1320 }
1321
1322 neigh = ip6_neigh_lookup(&rt->fib6_nh->fib_nh_gw6,
1323 rt->fib6_nh->fib_nh_dev, NULL,
1324 &ipv6_hdr(skb)->saddr);
1325 if (!neigh) {
1326 ND_PRINTK(0, err,
1327 "RA: %s got default router without neighbour\n",
1328 __func__);
1329 fib6_info_release(rt);
1330 return;
1331 }
1332 neigh->flags |= NTF_ROUTER;
1333 } else if (rt) {
1334 rt->fib6_flags = (rt->fib6_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1335 }
1336
1337 if (rt)
1338 fib6_set_expires(rt, jiffies + (HZ * lifetime));
1339 if (in6_dev->cnf.accept_ra_min_hop_limit < 256 &&
1340 ra_msg->icmph.icmp6_hop_limit) {
1341 if (in6_dev->cnf.accept_ra_min_hop_limit <= ra_msg->icmph.icmp6_hop_limit) {
1342 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1343 fib6_metric_set(rt, RTAX_HOPLIMIT,
1344 ra_msg->icmph.icmp6_hop_limit);
1345 } else {
1346 ND_PRINTK(2, warn, "RA: Got route advertisement with lower hop_limit than minimum\n");
1347 }
1348 }
1349
1350skip_defrtr:
1351
1352 /*
1353 * Update Reachable Time and Retrans Timer
1354 */
1355
1356 if (in6_dev->nd_parms) {
1357 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1358
1359 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1360 rtime = (rtime*HZ)/1000;
1361 if (rtime < HZ/10)
1362 rtime = HZ/10;
1363 NEIGH_VAR_SET(in6_dev->nd_parms, RETRANS_TIME, rtime);
1364 in6_dev->tstamp = jiffies;
1365 send_ifinfo_notify = true;
1366 }
1367
1368 rtime = ntohl(ra_msg->reachable_time);
1369 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1370 rtime = (rtime*HZ)/1000;
1371
1372 if (rtime < HZ/10)
1373 rtime = HZ/10;
1374
1375 if (rtime != NEIGH_VAR(in6_dev->nd_parms, BASE_REACHABLE_TIME)) {
1376 NEIGH_VAR_SET(in6_dev->nd_parms,
1377 BASE_REACHABLE_TIME, rtime);
1378 NEIGH_VAR_SET(in6_dev->nd_parms,
1379 GC_STALETIME, 3 * rtime);
1380 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1381 in6_dev->tstamp = jiffies;
1382 send_ifinfo_notify = true;
1383 }
1384 }
1385 }
1386
1387 /*
1388 * Send a notify if RA changed managed/otherconf flags or timer settings
1389 */
1390 if (send_ifinfo_notify)
1391 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1392
1393skip_linkparms:
1394
1395 /*
1396 * Process options.
1397 */
1398
1399 if (!neigh)
1400 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1401 skb->dev, 1);
1402 if (neigh) {
1403 u8 *lladdr = NULL;
1404 if (ndopts.nd_opts_src_lladdr) {
1405 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1406 skb->dev);
1407 if (!lladdr) {
1408 ND_PRINTK(2, warn,
1409 "RA: invalid link-layer address length\n");
1410 goto out;
1411 }
1412 }
1413 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1414 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1415 NEIGH_UPDATE_F_OVERRIDE|
1416 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1417 NEIGH_UPDATE_F_ISROUTER,
1418 NDISC_ROUTER_ADVERTISEMENT, &ndopts);
1419 }
1420
1421 if (!ipv6_accept_ra(in6_dev)) {
1422 ND_PRINTK(2, info,
1423 "RA: %s, accept_ra is false for dev: %s\n",
1424 __func__, skb->dev->name);
1425 goto out;
1426 }
1427
1428#ifdef CONFIG_IPV6_ROUTE_INFO
1429 if (!in6_dev->cnf.accept_ra_from_local &&
1430 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
1431 in6_dev->dev, 0)) {
1432 ND_PRINTK(2, info,
1433 "RA from local address detected on dev: %s: router info ignored.\n",
1434 skb->dev->name);
1435 goto skip_routeinfo;
1436 }
1437
1438 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1439 struct nd_opt_hdr *p;
1440 for (p = ndopts.nd_opts_ri;
1441 p;
1442 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1443 struct route_info *ri = (struct route_info *)p;
1444#ifdef CONFIG_IPV6_NDISC_NODETYPE
1445 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1446 ri->prefix_len == 0)
1447 continue;
1448#endif
1449 if (ri->prefix_len == 0 &&
1450 !in6_dev->cnf.accept_ra_defrtr)
1451 continue;
1452 if (ri->prefix_len < in6_dev->cnf.accept_ra_rt_info_min_plen)
1453 continue;
1454 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1455 continue;
1456 rt6_route_rcv(skb->dev, (u8 *)p, (p->nd_opt_len) << 3,
1457 &ipv6_hdr(skb)->saddr);
1458 }
1459 }
1460
1461skip_routeinfo:
1462#endif
1463
1464#ifdef CONFIG_IPV6_NDISC_NODETYPE
1465 /* skip link-specific ndopts from interior routers */
1466 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1467 ND_PRINTK(2, info,
1468 "RA: %s, nodetype is NODEFAULT (interior routes), dev: %s\n",
1469 __func__, skb->dev->name);
1470 goto out;
1471 }
1472#endif
1473
1474 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1475 struct nd_opt_hdr *p;
1476 for (p = ndopts.nd_opts_pi;
1477 p;
1478 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1479 addrconf_prefix_rcv(skb->dev, (u8 *)p,
1480 (p->nd_opt_len) << 3,
1481 ndopts.nd_opts_src_lladdr != NULL);
1482 }
1483 }
1484
1485 if (ndopts.nd_opts_mtu && in6_dev->cnf.accept_ra_mtu) {
1486 __be32 n;
1487 u32 mtu;
1488
1489 memcpy(&n, ((u8 *)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1490 mtu = ntohl(n);
1491
1492 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1493 ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1494 } else if (in6_dev->cnf.mtu6 != mtu) {
1495 in6_dev->cnf.mtu6 = mtu;
1496 fib6_metric_set(rt, RTAX_MTU, mtu);
1497 rt6_mtu_change(skb->dev, mtu);
1498 }
1499 }
1500
1501 if (ndopts.nd_useropts) {
1502 struct nd_opt_hdr *p;
1503 for (p = ndopts.nd_useropts;
1504 p;
1505 p = ndisc_next_useropt(skb->dev, p,
1506 ndopts.nd_useropts_end)) {
1507 ndisc_ra_useropt(skb, p);
1508 }
1509 }
1510
1511 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1512 ND_PRINTK(2, warn, "RA: invalid RA options\n");
1513 }
1514out:
1515 fib6_info_release(rt);
1516 if (neigh)
1517 neigh_release(neigh);
1518}
1519
1520static void ndisc_redirect_rcv(struct sk_buff *skb)
1521{
1522 u8 *hdr;
1523 struct ndisc_options ndopts;
1524 struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb);
1525 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
1526 offsetof(struct rd_msg, opt));
1527
1528#ifdef CONFIG_IPV6_NDISC_NODETYPE
1529 switch (skb->ndisc_nodetype) {
1530 case NDISC_NODETYPE_HOST:
1531 case NDISC_NODETYPE_NODEFAULT:
1532 ND_PRINTK(2, warn,
1533 "Redirect: from host or unauthorized router\n");
1534 return;
1535 }
1536#endif
1537
1538 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1539 ND_PRINTK(2, warn,
1540 "Redirect: source address is not link-local\n");
1541 return;
1542 }
1543
1544 if (!ndisc_parse_options(skb->dev, msg->opt, ndoptlen, &ndopts))
1545 return;
1546
1547 if (!ndopts.nd_opts_rh) {
1548 ip6_redirect_no_header(skb, dev_net(skb->dev),
1549 skb->dev->ifindex);
1550 return;
1551 }
1552
1553 hdr = (u8 *)ndopts.nd_opts_rh;
1554 hdr += 8;
1555 if (!pskb_pull(skb, hdr - skb_transport_header(skb)))
1556 return;
1557
1558 icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1559}
1560
1561static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb,
1562 struct sk_buff *orig_skb,
1563 int rd_len)
1564{
1565 u8 *opt = skb_put(skb, rd_len);
1566
1567 memset(opt, 0, 8);
1568 *(opt++) = ND_OPT_REDIRECT_HDR;
1569 *(opt++) = (rd_len >> 3);
1570 opt += 6;
1571
1572 skb_copy_bits(orig_skb, skb_network_offset(orig_skb), opt,
1573 rd_len - 8);
1574}
1575
1576void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1577{
1578 struct net_device *dev = skb->dev;
1579 struct net *net = dev_net(dev);
1580 struct sock *sk = net->ipv6.ndisc_sk;
1581 int optlen = 0;
1582 struct inet_peer *peer;
1583 struct sk_buff *buff;
1584 struct rd_msg *msg;
1585 struct in6_addr saddr_buf;
1586 struct rt6_info *rt;
1587 struct dst_entry *dst;
1588 struct flowi6 fl6;
1589 int rd_len;
1590 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL,
1591 ops_data_buf[NDISC_OPS_REDIRECT_DATA_SPACE], *ops_data = NULL;
1592 bool ret;
1593
1594 if (netif_is_l3_master(skb->dev)) {
1595 dev = __dev_get_by_index(dev_net(skb->dev), IPCB(skb)->iif);
1596 if (!dev)
1597 return;
1598 }
1599
1600 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1601 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1602 dev->name);
1603 return;
1604 }
1605
1606 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1607 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1608 ND_PRINTK(2, warn,
1609 "Redirect: target address is not link-local unicast\n");
1610 return;
1611 }
1612
1613 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1614 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1615
1616 dst = ip6_route_output(net, NULL, &fl6);
1617 if (dst->error) {
1618 dst_release(dst);
1619 return;
1620 }
1621 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1622 if (IS_ERR(dst))
1623 return;
1624
1625 rt = (struct rt6_info *) dst;
1626
1627 if (rt->rt6i_flags & RTF_GATEWAY) {
1628 ND_PRINTK(2, warn,
1629 "Redirect: destination is not a neighbour\n");
1630 goto release;
1631 }
1632 peer = inet_getpeer_v6(net->ipv6.peers, &ipv6_hdr(skb)->saddr, 1);
1633 ret = inet_peer_xrlim_allow(peer, 1*HZ);
1634 if (peer)
1635 inet_putpeer(peer);
1636 if (!ret)
1637 goto release;
1638
1639 if (dev->addr_len) {
1640 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1641 if (!neigh) {
1642 ND_PRINTK(2, warn,
1643 "Redirect: no neigh for target address\n");
1644 goto release;
1645 }
1646
1647 read_lock_bh(&neigh->lock);
1648 if (neigh->nud_state & NUD_VALID) {
1649 memcpy(ha_buf, neigh->ha, dev->addr_len);
1650 read_unlock_bh(&neigh->lock);
1651 ha = ha_buf;
1652 optlen += ndisc_redirect_opt_addr_space(dev, neigh,
1653 ops_data_buf,
1654 &ops_data);
1655 } else
1656 read_unlock_bh(&neigh->lock);
1657
1658 neigh_release(neigh);
1659 }
1660
1661 rd_len = min_t(unsigned int,
1662 IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen,
1663 skb->len + 8);
1664 rd_len &= ~0x7;
1665 optlen += rd_len;
1666
1667 buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
1668 if (!buff)
1669 goto release;
1670
1671 msg = skb_put(buff, sizeof(*msg));
1672 *msg = (struct rd_msg) {
1673 .icmph = {
1674 .icmp6_type = NDISC_REDIRECT,
1675 },
1676 .target = *target,
1677 .dest = ipv6_hdr(skb)->daddr,
1678 };
1679
1680 /*
1681 * include target_address option
1682 */
1683
1684 if (ha)
1685 ndisc_fill_redirect_addr_option(buff, ha, ops_data);
1686
1687 /*
1688 * build redirect option and copy skb over to the new packet.
1689 */
1690
1691 if (rd_len)
1692 ndisc_fill_redirect_hdr_option(buff, skb, rd_len);
1693
1694 skb_dst_set(buff, dst);
1695 ndisc_send_skb(buff, &ipv6_hdr(skb)->saddr, &saddr_buf);
1696 return;
1697
1698release:
1699 dst_release(dst);
1700}
1701
1702static void pndisc_redo(struct sk_buff *skb)
1703{
1704 ndisc_recv_ns(skb);
1705 kfree_skb(skb);
1706}
1707
1708static bool ndisc_suppress_frag_ndisc(struct sk_buff *skb)
1709{
1710 struct inet6_dev *idev = __in6_dev_get(skb->dev);
1711
1712 if (!idev)
1713 return true;
1714 if (IP6CB(skb)->flags & IP6SKB_FRAGMENTED &&
1715 idev->cnf.suppress_frag_ndisc) {
1716 net_warn_ratelimited("Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.\n");
1717 return true;
1718 }
1719 return false;
1720}
1721
1722int ndisc_rcv(struct sk_buff *skb)
1723{
1724 struct nd_msg *msg;
1725
1726 if (ndisc_suppress_frag_ndisc(skb))
1727 return 0;
1728
1729 if (skb_linearize(skb))
1730 return 0;
1731
1732 msg = (struct nd_msg *)skb_transport_header(skb);
1733
1734 __skb_push(skb, skb->data - skb_transport_header(skb));
1735
1736 if (ipv6_hdr(skb)->hop_limit != 255) {
1737 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1738 ipv6_hdr(skb)->hop_limit);
1739 return 0;
1740 }
1741
1742 if (msg->icmph.icmp6_code != 0) {
1743 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1744 msg->icmph.icmp6_code);
1745 return 0;
1746 }
1747
1748 switch (msg->icmph.icmp6_type) {
1749 case NDISC_NEIGHBOUR_SOLICITATION:
1750 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1751 ndisc_recv_ns(skb);
1752 break;
1753
1754 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1755 ndisc_recv_na(skb);
1756 break;
1757
1758 case NDISC_ROUTER_SOLICITATION:
1759 ndisc_recv_rs(skb);
1760 break;
1761
1762 case NDISC_ROUTER_ADVERTISEMENT:
1763 ndisc_router_discovery(skb);
1764 break;
1765
1766 case NDISC_REDIRECT:
1767 ndisc_redirect_rcv(skb);
1768 break;
1769 }
1770
1771 return 0;
1772}
1773
1774static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1775{
1776 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1777 struct netdev_notifier_change_info *change_info;
1778 struct net *net = dev_net(dev);
1779 struct inet6_dev *idev;
1780
1781 switch (event) {
1782 case NETDEV_CHANGEADDR:
1783 neigh_changeaddr(&nd_tbl, dev);
1784 fib6_run_gc(0, net, false);
1785 /* fallthrough */
1786 case NETDEV_UP:
1787 idev = in6_dev_get(dev);
1788 if (!idev)
1789 break;
1790 if (idev->cnf.ndisc_notify ||
1791 net->ipv6.devconf_all->ndisc_notify)
1792 ndisc_send_unsol_na(dev);
1793 in6_dev_put(idev);
1794 break;
1795 case NETDEV_CHANGE:
1796 change_info = ptr;
1797 if (change_info->flags_changed & IFF_NOARP)
1798 neigh_changeaddr(&nd_tbl, dev);
1799 if (!netif_carrier_ok(dev))
1800 neigh_carrier_down(&nd_tbl, dev);
1801 break;
1802 case NETDEV_DOWN:
1803 neigh_ifdown(&nd_tbl, dev);
1804 fib6_run_gc(0, net, false);
1805 break;
1806 case NETDEV_NOTIFY_PEERS:
1807 ndisc_send_unsol_na(dev);
1808 break;
1809 default:
1810 break;
1811 }
1812
1813 return NOTIFY_DONE;
1814}
1815
1816static struct notifier_block ndisc_netdev_notifier = {
1817 .notifier_call = ndisc_netdev_event,
1818 .priority = ADDRCONF_NOTIFY_PRIORITY - 5,
1819};
1820
1821#ifdef CONFIG_SYSCTL
1822static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1823 const char *func, const char *dev_name)
1824{
1825 static char warncomm[TASK_COMM_LEN];
1826 static int warned;
1827 if (strcmp(warncomm, current->comm) && warned < 5) {
1828 strcpy(warncomm, current->comm);
1829 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1830 warncomm, func,
1831 dev_name, ctl->procname,
1832 dev_name, ctl->procname);
1833 warned++;
1834 }
1835}
1836
1837int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
1838{
1839 struct net_device *dev = ctl->extra1;
1840 struct inet6_dev *idev;
1841 int ret;
1842
1843 if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1844 (strcmp(ctl->procname, "base_reachable_time") == 0))
1845 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1846
1847 if (strcmp(ctl->procname, "retrans_time") == 0)
1848 ret = neigh_proc_dointvec(ctl, write, buffer, lenp, ppos);
1849
1850 else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1851 ret = neigh_proc_dointvec_jiffies(ctl, write,
1852 buffer, lenp, ppos);
1853
1854 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1855 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1856 ret = neigh_proc_dointvec_ms_jiffies(ctl, write,
1857 buffer, lenp, ppos);
1858 else
1859 ret = -1;
1860
1861 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1862 if (ctl->data == &NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME))
1863 idev->nd_parms->reachable_time =
1864 neigh_rand_reach_time(NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME));
1865 idev->tstamp = jiffies;
1866 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1867 in6_dev_put(idev);
1868 }
1869 return ret;
1870}
1871
1872
1873#endif
1874
1875static int __net_init ndisc_net_init(struct net *net)
1876{
1877 struct ipv6_pinfo *np;
1878 struct sock *sk;
1879 int err;
1880
1881 err = inet_ctl_sock_create(&sk, PF_INET6,
1882 SOCK_RAW, IPPROTO_ICMPV6, net);
1883 if (err < 0) {
1884 ND_PRINTK(0, err,
1885 "NDISC: Failed to initialize the control socket (err %d)\n",
1886 err);
1887 return err;
1888 }
1889
1890 net->ipv6.ndisc_sk = sk;
1891
1892 np = inet6_sk(sk);
1893 np->hop_limit = 255;
1894 /* Do not loopback ndisc messages */
1895 np->mc_loop = 0;
1896
1897 return 0;
1898}
1899
1900static void __net_exit ndisc_net_exit(struct net *net)
1901{
1902 inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1903}
1904
1905static struct pernet_operations ndisc_net_ops = {
1906 .init = ndisc_net_init,
1907 .exit = ndisc_net_exit,
1908};
1909
1910int __init ndisc_init(void)
1911{
1912 int err;
1913
1914 err = register_pernet_subsys(&ndisc_net_ops);
1915 if (err)
1916 return err;
1917 /*
1918 * Initialize the neighbour table
1919 */
1920 neigh_table_init(NEIGH_ND_TABLE, &nd_tbl);
1921
1922#ifdef CONFIG_SYSCTL
1923 err = neigh_sysctl_register(NULL, &nd_tbl.parms,
1924 ndisc_ifinfo_sysctl_change);
1925 if (err)
1926 goto out_unregister_pernet;
1927out:
1928#endif
1929 return err;
1930
1931#ifdef CONFIG_SYSCTL
1932out_unregister_pernet:
1933 unregister_pernet_subsys(&ndisc_net_ops);
1934 goto out;
1935#endif
1936}
1937
1938int __init ndisc_late_init(void)
1939{
1940 return register_netdevice_notifier(&ndisc_netdev_notifier);
1941}
1942
1943void ndisc_late_cleanup(void)
1944{
1945 unregister_netdevice_notifier(&ndisc_netdev_notifier);
1946}
1947
1948void ndisc_cleanup(void)
1949{
1950#ifdef CONFIG_SYSCTL
1951 neigh_sysctl_unregister(&nd_tbl.parms);
1952#endif
1953 neigh_table_clear(NEIGH_ND_TABLE, &nd_tbl);
1954 unregister_pernet_subsys(&ndisc_net_ops);
1955}