Loading...
1/*
2 * Neighbour Discovery for IPv6
3 * Linux INET6 implementation
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 * Mike Shaver <shaver@ingenia.com>
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version
12 * 2 of the License, or (at your option) any later version.
13 */
14
15/*
16 * Changes:
17 *
18 * Alexey I. Froloff : RFC6106 (DNSSL) support
19 * Pierre Ynard : export userland ND options
20 * through netlink (RDNSS support)
21 * Lars Fenneberg : fixed MTU setting on receipt
22 * of an RA.
23 * Janos Farkas : kmalloc failure checks
24 * Alexey Kuznetsov : state machine reworked
25 * and moved to net/core.
26 * Pekka Savola : RFC2461 validation
27 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly
28 */
29
30#define pr_fmt(fmt) "ICMPv6: " fmt
31
32#include <linux/module.h>
33#include <linux/errno.h>
34#include <linux/types.h>
35#include <linux/socket.h>
36#include <linux/sockios.h>
37#include <linux/sched.h>
38#include <linux/net.h>
39#include <linux/in6.h>
40#include <linux/route.h>
41#include <linux/init.h>
42#include <linux/rcupdate.h>
43#include <linux/slab.h>
44#ifdef CONFIG_SYSCTL
45#include <linux/sysctl.h>
46#endif
47
48#include <linux/if_addr.h>
49#include <linux/if_ether.h>
50#include <linux/if_arp.h>
51#include <linux/ipv6.h>
52#include <linux/icmpv6.h>
53#include <linux/jhash.h>
54
55#include <net/sock.h>
56#include <net/snmp.h>
57
58#include <net/ipv6.h>
59#include <net/protocol.h>
60#include <net/ndisc.h>
61#include <net/ip6_route.h>
62#include <net/addrconf.h>
63#include <net/icmp.h>
64
65#include <net/netlink.h>
66#include <linux/rtnetlink.h>
67
68#include <net/flow.h>
69#include <net/ip6_checksum.h>
70#include <net/inet_common.h>
71#include <linux/proc_fs.h>
72
73#include <linux/netfilter.h>
74#include <linux/netfilter_ipv6.h>
75
76static u32 ndisc_hash(const void *pkey,
77 const struct net_device *dev,
78 __u32 *hash_rnd);
79static bool ndisc_key_eq(const struct neighbour *neigh, const void *pkey);
80static int ndisc_constructor(struct neighbour *neigh);
81static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
82static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
83static int pndisc_constructor(struct pneigh_entry *n);
84static void pndisc_destructor(struct pneigh_entry *n);
85static void pndisc_redo(struct sk_buff *skb);
86
87static const struct neigh_ops ndisc_generic_ops = {
88 .family = AF_INET6,
89 .solicit = ndisc_solicit,
90 .error_report = ndisc_error_report,
91 .output = neigh_resolve_output,
92 .connected_output = neigh_connected_output,
93};
94
95static const struct neigh_ops ndisc_hh_ops = {
96 .family = AF_INET6,
97 .solicit = ndisc_solicit,
98 .error_report = ndisc_error_report,
99 .output = neigh_resolve_output,
100 .connected_output = neigh_resolve_output,
101};
102
103
104static const struct neigh_ops ndisc_direct_ops = {
105 .family = AF_INET6,
106 .output = neigh_direct_output,
107 .connected_output = neigh_direct_output,
108};
109
110struct neigh_table nd_tbl = {
111 .family = AF_INET6,
112 .key_len = sizeof(struct in6_addr),
113 .protocol = cpu_to_be16(ETH_P_IPV6),
114 .hash = ndisc_hash,
115 .key_eq = ndisc_key_eq,
116 .constructor = ndisc_constructor,
117 .pconstructor = pndisc_constructor,
118 .pdestructor = pndisc_destructor,
119 .proxy_redo = pndisc_redo,
120 .id = "ndisc_cache",
121 .parms = {
122 .tbl = &nd_tbl,
123 .reachable_time = ND_REACHABLE_TIME,
124 .data = {
125 [NEIGH_VAR_MCAST_PROBES] = 3,
126 [NEIGH_VAR_UCAST_PROBES] = 3,
127 [NEIGH_VAR_RETRANS_TIME] = ND_RETRANS_TIMER,
128 [NEIGH_VAR_BASE_REACHABLE_TIME] = ND_REACHABLE_TIME,
129 [NEIGH_VAR_DELAY_PROBE_TIME] = 5 * HZ,
130 [NEIGH_VAR_GC_STALETIME] = 60 * HZ,
131 [NEIGH_VAR_QUEUE_LEN_BYTES] = SK_WMEM_MAX,
132 [NEIGH_VAR_PROXY_QLEN] = 64,
133 [NEIGH_VAR_ANYCAST_DELAY] = 1 * HZ,
134 [NEIGH_VAR_PROXY_DELAY] = (8 * HZ) / 10,
135 },
136 },
137 .gc_interval = 30 * HZ,
138 .gc_thresh1 = 128,
139 .gc_thresh2 = 512,
140 .gc_thresh3 = 1024,
141};
142EXPORT_SYMBOL_GPL(nd_tbl);
143
144void __ndisc_fill_addr_option(struct sk_buff *skb, int type, void *data,
145 int data_len, int pad)
146{
147 int space = __ndisc_opt_addr_space(data_len, pad);
148 u8 *opt = skb_put(skb, space);
149
150 opt[0] = type;
151 opt[1] = space>>3;
152
153 memset(opt + 2, 0, pad);
154 opt += pad;
155 space -= pad;
156
157 memcpy(opt+2, data, data_len);
158 data_len += 2;
159 opt += data_len;
160 space -= data_len;
161 if (space > 0)
162 memset(opt, 0, space);
163}
164EXPORT_SYMBOL_GPL(__ndisc_fill_addr_option);
165
166static inline void ndisc_fill_addr_option(struct sk_buff *skb, int type,
167 void *data, u8 icmp6_type)
168{
169 __ndisc_fill_addr_option(skb, type, data, skb->dev->addr_len,
170 ndisc_addr_option_pad(skb->dev->type));
171 ndisc_ops_fill_addr_option(skb->dev, skb, icmp6_type);
172}
173
174static inline void ndisc_fill_redirect_addr_option(struct sk_buff *skb,
175 void *ha,
176 const u8 *ops_data)
177{
178 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR, ha, NDISC_REDIRECT);
179 ndisc_ops_fill_redirect_addr_option(skb->dev, skb, ops_data);
180}
181
182static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
183 struct nd_opt_hdr *end)
184{
185 int type;
186 if (!cur || !end || cur >= end)
187 return NULL;
188 type = cur->nd_opt_type;
189 do {
190 cur = ((void *)cur) + (cur->nd_opt_len << 3);
191 } while (cur < end && cur->nd_opt_type != type);
192 return cur <= end && cur->nd_opt_type == type ? cur : NULL;
193}
194
195static inline int ndisc_is_useropt(const struct net_device *dev,
196 struct nd_opt_hdr *opt)
197{
198 return opt->nd_opt_type == ND_OPT_RDNSS ||
199 opt->nd_opt_type == ND_OPT_DNSSL ||
200 ndisc_ops_is_useropt(dev, opt->nd_opt_type);
201}
202
203static struct nd_opt_hdr *ndisc_next_useropt(const struct net_device *dev,
204 struct nd_opt_hdr *cur,
205 struct nd_opt_hdr *end)
206{
207 if (!cur || !end || cur >= end)
208 return NULL;
209 do {
210 cur = ((void *)cur) + (cur->nd_opt_len << 3);
211 } while (cur < end && !ndisc_is_useropt(dev, cur));
212 return cur <= end && ndisc_is_useropt(dev, cur) ? cur : NULL;
213}
214
215struct ndisc_options *ndisc_parse_options(const struct net_device *dev,
216 u8 *opt, int opt_len,
217 struct ndisc_options *ndopts)
218{
219 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
220
221 if (!nd_opt || opt_len < 0 || !ndopts)
222 return NULL;
223 memset(ndopts, 0, sizeof(*ndopts));
224 while (opt_len) {
225 int l;
226 if (opt_len < sizeof(struct nd_opt_hdr))
227 return NULL;
228 l = nd_opt->nd_opt_len << 3;
229 if (opt_len < l || l == 0)
230 return NULL;
231 if (ndisc_ops_parse_options(dev, nd_opt, ndopts))
232 goto next_opt;
233 switch (nd_opt->nd_opt_type) {
234 case ND_OPT_SOURCE_LL_ADDR:
235 case ND_OPT_TARGET_LL_ADDR:
236 case ND_OPT_MTU:
237 case ND_OPT_NONCE:
238 case ND_OPT_REDIRECT_HDR:
239 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
240 ND_PRINTK(2, warn,
241 "%s: duplicated ND6 option found: type=%d\n",
242 __func__, nd_opt->nd_opt_type);
243 } else {
244 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
245 }
246 break;
247 case ND_OPT_PREFIX_INFO:
248 ndopts->nd_opts_pi_end = nd_opt;
249 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
250 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
251 break;
252#ifdef CONFIG_IPV6_ROUTE_INFO
253 case ND_OPT_ROUTE_INFO:
254 ndopts->nd_opts_ri_end = nd_opt;
255 if (!ndopts->nd_opts_ri)
256 ndopts->nd_opts_ri = nd_opt;
257 break;
258#endif
259 default:
260 if (ndisc_is_useropt(dev, nd_opt)) {
261 ndopts->nd_useropts_end = nd_opt;
262 if (!ndopts->nd_useropts)
263 ndopts->nd_useropts = nd_opt;
264 } else {
265 /*
266 * Unknown options must be silently ignored,
267 * to accommodate future extension to the
268 * protocol.
269 */
270 ND_PRINTK(2, notice,
271 "%s: ignored unsupported option; type=%d, len=%d\n",
272 __func__,
273 nd_opt->nd_opt_type,
274 nd_opt->nd_opt_len);
275 }
276 }
277next_opt:
278 opt_len -= l;
279 nd_opt = ((void *)nd_opt) + l;
280 }
281 return ndopts;
282}
283
284int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
285{
286 switch (dev->type) {
287 case ARPHRD_ETHER:
288 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */
289 case ARPHRD_FDDI:
290 ipv6_eth_mc_map(addr, buf);
291 return 0;
292 case ARPHRD_ARCNET:
293 ipv6_arcnet_mc_map(addr, buf);
294 return 0;
295 case ARPHRD_INFINIBAND:
296 ipv6_ib_mc_map(addr, dev->broadcast, buf);
297 return 0;
298 case ARPHRD_IPGRE:
299 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
300 default:
301 if (dir) {
302 memcpy(buf, dev->broadcast, dev->addr_len);
303 return 0;
304 }
305 }
306 return -EINVAL;
307}
308EXPORT_SYMBOL(ndisc_mc_map);
309
310static u32 ndisc_hash(const void *pkey,
311 const struct net_device *dev,
312 __u32 *hash_rnd)
313{
314 return ndisc_hashfn(pkey, dev, hash_rnd);
315}
316
317static bool ndisc_key_eq(const struct neighbour *n, const void *pkey)
318{
319 return neigh_key_eq128(n, pkey);
320}
321
322static int ndisc_constructor(struct neighbour *neigh)
323{
324 struct in6_addr *addr = (struct in6_addr *)&neigh->primary_key;
325 struct net_device *dev = neigh->dev;
326 struct inet6_dev *in6_dev;
327 struct neigh_parms *parms;
328 bool is_multicast = ipv6_addr_is_multicast(addr);
329
330 in6_dev = in6_dev_get(dev);
331 if (!in6_dev) {
332 return -EINVAL;
333 }
334
335 parms = in6_dev->nd_parms;
336 __neigh_parms_put(neigh->parms);
337 neigh->parms = neigh_parms_clone(parms);
338
339 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
340 if (!dev->header_ops) {
341 neigh->nud_state = NUD_NOARP;
342 neigh->ops = &ndisc_direct_ops;
343 neigh->output = neigh_direct_output;
344 } else {
345 if (is_multicast) {
346 neigh->nud_state = NUD_NOARP;
347 ndisc_mc_map(addr, neigh->ha, dev, 1);
348 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
349 neigh->nud_state = NUD_NOARP;
350 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
351 if (dev->flags&IFF_LOOPBACK)
352 neigh->type = RTN_LOCAL;
353 } else if (dev->flags&IFF_POINTOPOINT) {
354 neigh->nud_state = NUD_NOARP;
355 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
356 }
357 if (dev->header_ops->cache)
358 neigh->ops = &ndisc_hh_ops;
359 else
360 neigh->ops = &ndisc_generic_ops;
361 if (neigh->nud_state&NUD_VALID)
362 neigh->output = neigh->ops->connected_output;
363 else
364 neigh->output = neigh->ops->output;
365 }
366 in6_dev_put(in6_dev);
367 return 0;
368}
369
370static int pndisc_constructor(struct pneigh_entry *n)
371{
372 struct in6_addr *addr = (struct in6_addr *)&n->key;
373 struct in6_addr maddr;
374 struct net_device *dev = n->dev;
375
376 if (!dev || !__in6_dev_get(dev))
377 return -EINVAL;
378 addrconf_addr_solict_mult(addr, &maddr);
379 ipv6_dev_mc_inc(dev, &maddr);
380 return 0;
381}
382
383static void pndisc_destructor(struct pneigh_entry *n)
384{
385 struct in6_addr *addr = (struct in6_addr *)&n->key;
386 struct in6_addr maddr;
387 struct net_device *dev = n->dev;
388
389 if (!dev || !__in6_dev_get(dev))
390 return;
391 addrconf_addr_solict_mult(addr, &maddr);
392 ipv6_dev_mc_dec(dev, &maddr);
393}
394
395static struct sk_buff *ndisc_alloc_skb(struct net_device *dev,
396 int len)
397{
398 int hlen = LL_RESERVED_SPACE(dev);
399 int tlen = dev->needed_tailroom;
400 struct sock *sk = dev_net(dev)->ipv6.ndisc_sk;
401 struct sk_buff *skb;
402
403 skb = alloc_skb(hlen + sizeof(struct ipv6hdr) + len + tlen, GFP_ATOMIC);
404 if (!skb) {
405 ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb\n",
406 __func__);
407 return NULL;
408 }
409
410 skb->protocol = htons(ETH_P_IPV6);
411 skb->dev = dev;
412
413 skb_reserve(skb, hlen + sizeof(struct ipv6hdr));
414 skb_reset_transport_header(skb);
415
416 /* Manually assign socket ownership as we avoid calling
417 * sock_alloc_send_pskb() to bypass wmem buffer limits
418 */
419 skb_set_owner_w(skb, sk);
420
421 return skb;
422}
423
424static void ip6_nd_hdr(struct sk_buff *skb,
425 const struct in6_addr *saddr,
426 const struct in6_addr *daddr,
427 int hop_limit, int len)
428{
429 struct ipv6hdr *hdr;
430 struct inet6_dev *idev;
431 unsigned tclass;
432
433 rcu_read_lock();
434 idev = __in6_dev_get(skb->dev);
435 tclass = idev ? idev->cnf.ndisc_tclass : 0;
436 rcu_read_unlock();
437
438 skb_push(skb, sizeof(*hdr));
439 skb_reset_network_header(skb);
440 hdr = ipv6_hdr(skb);
441
442 ip6_flow_hdr(hdr, tclass, 0);
443
444 hdr->payload_len = htons(len);
445 hdr->nexthdr = IPPROTO_ICMPV6;
446 hdr->hop_limit = hop_limit;
447
448 hdr->saddr = *saddr;
449 hdr->daddr = *daddr;
450}
451
452static void ndisc_send_skb(struct sk_buff *skb,
453 const struct in6_addr *daddr,
454 const struct in6_addr *saddr)
455{
456 struct dst_entry *dst = skb_dst(skb);
457 struct net *net = dev_net(skb->dev);
458 struct sock *sk = net->ipv6.ndisc_sk;
459 struct inet6_dev *idev;
460 int err;
461 struct icmp6hdr *icmp6h = icmp6_hdr(skb);
462 u8 type;
463
464 type = icmp6h->icmp6_type;
465
466 if (!dst) {
467 struct flowi6 fl6;
468 int oif = skb->dev->ifindex;
469
470 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, oif);
471 dst = icmp6_dst_alloc(skb->dev, &fl6);
472 if (IS_ERR(dst)) {
473 kfree_skb(skb);
474 return;
475 }
476
477 skb_dst_set(skb, dst);
478 }
479
480 icmp6h->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len,
481 IPPROTO_ICMPV6,
482 csum_partial(icmp6h,
483 skb->len, 0));
484
485 ip6_nd_hdr(skb, saddr, daddr, inet6_sk(sk)->hop_limit, skb->len);
486
487 rcu_read_lock();
488 idev = __in6_dev_get(dst->dev);
489 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
490
491 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT,
492 net, sk, skb, NULL, dst->dev,
493 dst_output);
494 if (!err) {
495 ICMP6MSGOUT_INC_STATS(net, idev, type);
496 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
497 }
498
499 rcu_read_unlock();
500}
501
502void ndisc_send_na(struct net_device *dev, const struct in6_addr *daddr,
503 const struct in6_addr *solicited_addr,
504 bool router, bool solicited, bool override, bool inc_opt)
505{
506 struct sk_buff *skb;
507 struct in6_addr tmpaddr;
508 struct inet6_ifaddr *ifp;
509 const struct in6_addr *src_addr;
510 struct nd_msg *msg;
511 int optlen = 0;
512
513 /* for anycast or proxy, solicited_addr != src_addr */
514 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
515 if (ifp) {
516 src_addr = solicited_addr;
517 if (ifp->flags & IFA_F_OPTIMISTIC)
518 override = false;
519 inc_opt |= ifp->idev->cnf.force_tllao;
520 in6_ifa_put(ifp);
521 } else {
522 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
523 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
524 &tmpaddr))
525 return;
526 src_addr = &tmpaddr;
527 }
528
529 if (!dev->addr_len)
530 inc_opt = false;
531 if (inc_opt)
532 optlen += ndisc_opt_addr_space(dev,
533 NDISC_NEIGHBOUR_ADVERTISEMENT);
534
535 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
536 if (!skb)
537 return;
538
539 msg = skb_put(skb, sizeof(*msg));
540 *msg = (struct nd_msg) {
541 .icmph = {
542 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
543 .icmp6_router = router,
544 .icmp6_solicited = solicited,
545 .icmp6_override = override,
546 },
547 .target = *solicited_addr,
548 };
549
550 if (inc_opt)
551 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR,
552 dev->dev_addr,
553 NDISC_NEIGHBOUR_ADVERTISEMENT);
554
555 ndisc_send_skb(skb, daddr, src_addr);
556}
557
558static void ndisc_send_unsol_na(struct net_device *dev)
559{
560 struct inet6_dev *idev;
561 struct inet6_ifaddr *ifa;
562
563 idev = in6_dev_get(dev);
564 if (!idev)
565 return;
566
567 read_lock_bh(&idev->lock);
568 list_for_each_entry(ifa, &idev->addr_list, if_list) {
569 /* skip tentative addresses until dad completes */
570 if (ifa->flags & IFA_F_TENTATIVE &&
571 !(ifa->flags & IFA_F_OPTIMISTIC))
572 continue;
573
574 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &ifa->addr,
575 /*router=*/ !!idev->cnf.forwarding,
576 /*solicited=*/ false, /*override=*/ true,
577 /*inc_opt=*/ true);
578 }
579 read_unlock_bh(&idev->lock);
580
581 in6_dev_put(idev);
582}
583
584void ndisc_send_ns(struct net_device *dev, const struct in6_addr *solicit,
585 const struct in6_addr *daddr, const struct in6_addr *saddr,
586 u64 nonce)
587{
588 struct sk_buff *skb;
589 struct in6_addr addr_buf;
590 int inc_opt = dev->addr_len;
591 int optlen = 0;
592 struct nd_msg *msg;
593
594 if (!saddr) {
595 if (ipv6_get_lladdr(dev, &addr_buf,
596 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
597 return;
598 saddr = &addr_buf;
599 }
600
601 if (ipv6_addr_any(saddr))
602 inc_opt = false;
603 if (inc_opt)
604 optlen += ndisc_opt_addr_space(dev,
605 NDISC_NEIGHBOUR_SOLICITATION);
606 if (nonce != 0)
607 optlen += 8;
608
609 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
610 if (!skb)
611 return;
612
613 msg = skb_put(skb, sizeof(*msg));
614 *msg = (struct nd_msg) {
615 .icmph = {
616 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
617 },
618 .target = *solicit,
619 };
620
621 if (inc_opt)
622 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
623 dev->dev_addr,
624 NDISC_NEIGHBOUR_SOLICITATION);
625 if (nonce != 0) {
626 u8 *opt = skb_put(skb, 8);
627
628 opt[0] = ND_OPT_NONCE;
629 opt[1] = 8 >> 3;
630 memcpy(opt + 2, &nonce, 6);
631 }
632
633 ndisc_send_skb(skb, daddr, saddr);
634}
635
636void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
637 const struct in6_addr *daddr)
638{
639 struct sk_buff *skb;
640 struct rs_msg *msg;
641 int send_sllao = dev->addr_len;
642 int optlen = 0;
643
644#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
645 /*
646 * According to section 2.2 of RFC 4429, we must not
647 * send router solicitations with a sllao from
648 * optimistic addresses, but we may send the solicitation
649 * if we don't include the sllao. So here we check
650 * if our address is optimistic, and if so, we
651 * suppress the inclusion of the sllao.
652 */
653 if (send_sllao) {
654 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
655 dev, 1);
656 if (ifp) {
657 if (ifp->flags & IFA_F_OPTIMISTIC) {
658 send_sllao = 0;
659 }
660 in6_ifa_put(ifp);
661 } else {
662 send_sllao = 0;
663 }
664 }
665#endif
666 if (send_sllao)
667 optlen += ndisc_opt_addr_space(dev, NDISC_ROUTER_SOLICITATION);
668
669 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
670 if (!skb)
671 return;
672
673 msg = skb_put(skb, sizeof(*msg));
674 *msg = (struct rs_msg) {
675 .icmph = {
676 .icmp6_type = NDISC_ROUTER_SOLICITATION,
677 },
678 };
679
680 if (send_sllao)
681 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
682 dev->dev_addr,
683 NDISC_ROUTER_SOLICITATION);
684
685 ndisc_send_skb(skb, daddr, saddr);
686}
687
688
689static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
690{
691 /*
692 * "The sender MUST return an ICMP
693 * destination unreachable"
694 */
695 dst_link_failure(skb);
696 kfree_skb(skb);
697}
698
699/* Called with locked neigh: either read or both */
700
701static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
702{
703 struct in6_addr *saddr = NULL;
704 struct in6_addr mcaddr;
705 struct net_device *dev = neigh->dev;
706 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
707 int probes = atomic_read(&neigh->probes);
708
709 if (skb && ipv6_chk_addr_and_flags(dev_net(dev), &ipv6_hdr(skb)->saddr,
710 dev, false, 1,
711 IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))
712 saddr = &ipv6_hdr(skb)->saddr;
713 probes -= NEIGH_VAR(neigh->parms, UCAST_PROBES);
714 if (probes < 0) {
715 if (!(neigh->nud_state & NUD_VALID)) {
716 ND_PRINTK(1, dbg,
717 "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
718 __func__, target);
719 }
720 ndisc_send_ns(dev, target, target, saddr, 0);
721 } else if ((probes -= NEIGH_VAR(neigh->parms, APP_PROBES)) < 0) {
722 neigh_app_ns(neigh);
723 } else {
724 addrconf_addr_solict_mult(target, &mcaddr);
725 ndisc_send_ns(dev, target, &mcaddr, saddr, 0);
726 }
727}
728
729static int pndisc_is_router(const void *pkey,
730 struct net_device *dev)
731{
732 struct pneigh_entry *n;
733 int ret = -1;
734
735 read_lock_bh(&nd_tbl.lock);
736 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
737 if (n)
738 ret = !!(n->flags & NTF_ROUTER);
739 read_unlock_bh(&nd_tbl.lock);
740
741 return ret;
742}
743
744void ndisc_update(const struct net_device *dev, struct neighbour *neigh,
745 const u8 *lladdr, u8 new, u32 flags, u8 icmp6_type,
746 struct ndisc_options *ndopts)
747{
748 neigh_update(neigh, lladdr, new, flags, 0);
749 /* report ndisc ops about neighbour update */
750 ndisc_ops_update(dev, neigh, flags, icmp6_type, ndopts);
751}
752
753static void ndisc_recv_ns(struct sk_buff *skb)
754{
755 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
756 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
757 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
758 u8 *lladdr = NULL;
759 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
760 offsetof(struct nd_msg, opt));
761 struct ndisc_options ndopts;
762 struct net_device *dev = skb->dev;
763 struct inet6_ifaddr *ifp;
764 struct inet6_dev *idev = NULL;
765 struct neighbour *neigh;
766 int dad = ipv6_addr_any(saddr);
767 bool inc;
768 int is_router = -1;
769 u64 nonce = 0;
770
771 if (skb->len < sizeof(struct nd_msg)) {
772 ND_PRINTK(2, warn, "NS: packet too short\n");
773 return;
774 }
775
776 if (ipv6_addr_is_multicast(&msg->target)) {
777 ND_PRINTK(2, warn, "NS: multicast target address\n");
778 return;
779 }
780
781 /*
782 * RFC2461 7.1.1:
783 * DAD has to be destined for solicited node multicast address.
784 */
785 if (dad && !ipv6_addr_is_solict_mult(daddr)) {
786 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
787 return;
788 }
789
790 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
791 ND_PRINTK(2, warn, "NS: invalid ND options\n");
792 return;
793 }
794
795 if (ndopts.nd_opts_src_lladdr) {
796 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
797 if (!lladdr) {
798 ND_PRINTK(2, warn,
799 "NS: invalid link-layer address length\n");
800 return;
801 }
802
803 /* RFC2461 7.1.1:
804 * If the IP source address is the unspecified address,
805 * there MUST NOT be source link-layer address option
806 * in the message.
807 */
808 if (dad) {
809 ND_PRINTK(2, warn,
810 "NS: bad DAD packet (link-layer address option)\n");
811 return;
812 }
813 }
814 if (ndopts.nd_opts_nonce)
815 memcpy(&nonce, (u8 *)(ndopts.nd_opts_nonce + 1), 6);
816
817 inc = ipv6_addr_is_multicast(daddr);
818
819 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
820 if (ifp) {
821have_ifp:
822 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
823 if (dad) {
824 if (nonce != 0 && ifp->dad_nonce == nonce) {
825 u8 *np = (u8 *)&nonce;
826 /* Matching nonce if looped back */
827 ND_PRINTK(2, notice,
828 "%s: IPv6 DAD loopback for address %pI6c nonce %pM ignored\n",
829 ifp->idev->dev->name,
830 &ifp->addr, np);
831 goto out;
832 }
833 /*
834 * We are colliding with another node
835 * who is doing DAD
836 * so fail our DAD process
837 */
838 addrconf_dad_failure(skb, ifp);
839 return;
840 } else {
841 /*
842 * This is not a dad solicitation.
843 * If we are an optimistic node,
844 * we should respond.
845 * Otherwise, we should ignore it.
846 */
847 if (!(ifp->flags & IFA_F_OPTIMISTIC))
848 goto out;
849 }
850 }
851
852 idev = ifp->idev;
853 } else {
854 struct net *net = dev_net(dev);
855
856 /* perhaps an address on the master device */
857 if (netif_is_l3_slave(dev)) {
858 struct net_device *mdev;
859
860 mdev = netdev_master_upper_dev_get_rcu(dev);
861 if (mdev) {
862 ifp = ipv6_get_ifaddr(net, &msg->target, mdev, 1);
863 if (ifp)
864 goto have_ifp;
865 }
866 }
867
868 idev = in6_dev_get(dev);
869 if (!idev) {
870 /* XXX: count this drop? */
871 return;
872 }
873
874 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
875 (idev->cnf.forwarding &&
876 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
877 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
878 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
879 skb->pkt_type != PACKET_HOST &&
880 inc &&
881 NEIGH_VAR(idev->nd_parms, PROXY_DELAY) != 0) {
882 /*
883 * for anycast or proxy,
884 * sender should delay its response
885 * by a random time between 0 and
886 * MAX_ANYCAST_DELAY_TIME seconds.
887 * (RFC2461) -- yoshfuji
888 */
889 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
890 if (n)
891 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
892 goto out;
893 }
894 } else
895 goto out;
896 }
897
898 if (is_router < 0)
899 is_router = idev->cnf.forwarding;
900
901 if (dad) {
902 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &msg->target,
903 !!is_router, false, (ifp != NULL), true);
904 goto out;
905 }
906
907 if (inc)
908 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
909 else
910 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
911
912 /*
913 * update / create cache entry
914 * for the source address
915 */
916 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
917 !inc || lladdr || !dev->addr_len);
918 if (neigh)
919 ndisc_update(dev, neigh, lladdr, NUD_STALE,
920 NEIGH_UPDATE_F_WEAK_OVERRIDE|
921 NEIGH_UPDATE_F_OVERRIDE,
922 NDISC_NEIGHBOUR_SOLICITATION, &ndopts);
923 if (neigh || !dev->header_ops) {
924 ndisc_send_na(dev, saddr, &msg->target, !!is_router,
925 true, (ifp != NULL && inc), inc);
926 if (neigh)
927 neigh_release(neigh);
928 }
929
930out:
931 if (ifp)
932 in6_ifa_put(ifp);
933 else
934 in6_dev_put(idev);
935}
936
937static void ndisc_recv_na(struct sk_buff *skb)
938{
939 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
940 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
941 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
942 u8 *lladdr = NULL;
943 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
944 offsetof(struct nd_msg, opt));
945 struct ndisc_options ndopts;
946 struct net_device *dev = skb->dev;
947 struct inet6_dev *idev = __in6_dev_get(dev);
948 struct inet6_ifaddr *ifp;
949 struct neighbour *neigh;
950
951 if (skb->len < sizeof(struct nd_msg)) {
952 ND_PRINTK(2, warn, "NA: packet too short\n");
953 return;
954 }
955
956 if (ipv6_addr_is_multicast(&msg->target)) {
957 ND_PRINTK(2, warn, "NA: target address is multicast\n");
958 return;
959 }
960
961 if (ipv6_addr_is_multicast(daddr) &&
962 msg->icmph.icmp6_solicited) {
963 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
964 return;
965 }
966
967 /* For some 802.11 wireless deployments (and possibly other networks),
968 * there will be a NA proxy and unsolicitd packets are attacks
969 * and thus should not be accepted.
970 */
971 if (!msg->icmph.icmp6_solicited && idev &&
972 idev->cnf.drop_unsolicited_na)
973 return;
974
975 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
976 ND_PRINTK(2, warn, "NS: invalid ND option\n");
977 return;
978 }
979 if (ndopts.nd_opts_tgt_lladdr) {
980 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
981 if (!lladdr) {
982 ND_PRINTK(2, warn,
983 "NA: invalid link-layer address length\n");
984 return;
985 }
986 }
987 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
988 if (ifp) {
989 if (skb->pkt_type != PACKET_LOOPBACK
990 && (ifp->flags & IFA_F_TENTATIVE)) {
991 addrconf_dad_failure(skb, ifp);
992 return;
993 }
994 /* What should we make now? The advertisement
995 is invalid, but ndisc specs say nothing
996 about it. It could be misconfiguration, or
997 an smart proxy agent tries to help us :-)
998
999 We should not print the error if NA has been
1000 received from loopback - it is just our own
1001 unsolicited advertisement.
1002 */
1003 if (skb->pkt_type != PACKET_LOOPBACK)
1004 ND_PRINTK(1, warn,
1005 "NA: %pM advertised our address %pI6c on %s!\n",
1006 eth_hdr(skb)->h_source, &ifp->addr, ifp->idev->dev->name);
1007 in6_ifa_put(ifp);
1008 return;
1009 }
1010 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
1011
1012 if (neigh) {
1013 u8 old_flags = neigh->flags;
1014 struct net *net = dev_net(dev);
1015
1016 if (neigh->nud_state & NUD_FAILED)
1017 goto out;
1018
1019 /*
1020 * Don't update the neighbor cache entry on a proxy NA from
1021 * ourselves because either the proxied node is off link or it
1022 * has already sent a NA to us.
1023 */
1024 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
1025 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
1026 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
1027 /* XXX: idev->cnf.proxy_ndp */
1028 goto out;
1029 }
1030
1031 ndisc_update(dev, neigh, lladdr,
1032 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
1033 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1034 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
1035 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1036 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0),
1037 NDISC_NEIGHBOUR_ADVERTISEMENT, &ndopts);
1038
1039 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
1040 /*
1041 * Change: router to host
1042 */
1043 rt6_clean_tohost(dev_net(dev), saddr);
1044 }
1045
1046out:
1047 neigh_release(neigh);
1048 }
1049}
1050
1051static void ndisc_recv_rs(struct sk_buff *skb)
1052{
1053 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
1054 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
1055 struct neighbour *neigh;
1056 struct inet6_dev *idev;
1057 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
1058 struct ndisc_options ndopts;
1059 u8 *lladdr = NULL;
1060
1061 if (skb->len < sizeof(*rs_msg))
1062 return;
1063
1064 idev = __in6_dev_get(skb->dev);
1065 if (!idev) {
1066 ND_PRINTK(1, err, "RS: can't find in6 device\n");
1067 return;
1068 }
1069
1070 /* Don't accept RS if we're not in router mode */
1071 if (!idev->cnf.forwarding)
1072 goto out;
1073
1074 /*
1075 * Don't update NCE if src = ::;
1076 * this implies that the source node has no ip address assigned yet.
1077 */
1078 if (ipv6_addr_any(saddr))
1079 goto out;
1080
1081 /* Parse ND options */
1082 if (!ndisc_parse_options(skb->dev, rs_msg->opt, ndoptlen, &ndopts)) {
1083 ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n");
1084 goto out;
1085 }
1086
1087 if (ndopts.nd_opts_src_lladdr) {
1088 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1089 skb->dev);
1090 if (!lladdr)
1091 goto out;
1092 }
1093
1094 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1095 if (neigh) {
1096 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1097 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1098 NEIGH_UPDATE_F_OVERRIDE|
1099 NEIGH_UPDATE_F_OVERRIDE_ISROUTER,
1100 NDISC_ROUTER_SOLICITATION, &ndopts);
1101 neigh_release(neigh);
1102 }
1103out:
1104 return;
1105}
1106
1107static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1108{
1109 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1110 struct sk_buff *skb;
1111 struct nlmsghdr *nlh;
1112 struct nduseroptmsg *ndmsg;
1113 struct net *net = dev_net(ra->dev);
1114 int err;
1115 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1116 + (opt->nd_opt_len << 3));
1117 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1118
1119 skb = nlmsg_new(msg_size, GFP_ATOMIC);
1120 if (!skb) {
1121 err = -ENOBUFS;
1122 goto errout;
1123 }
1124
1125 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1126 if (!nlh) {
1127 goto nla_put_failure;
1128 }
1129
1130 ndmsg = nlmsg_data(nlh);
1131 ndmsg->nduseropt_family = AF_INET6;
1132 ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1133 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1134 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1135 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1136
1137 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1138
1139 if (nla_put_in6_addr(skb, NDUSEROPT_SRCADDR, &ipv6_hdr(ra)->saddr))
1140 goto nla_put_failure;
1141 nlmsg_end(skb, nlh);
1142
1143 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1144 return;
1145
1146nla_put_failure:
1147 nlmsg_free(skb);
1148 err = -EMSGSIZE;
1149errout:
1150 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1151}
1152
1153static void ndisc_router_discovery(struct sk_buff *skb)
1154{
1155 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1156 struct neighbour *neigh = NULL;
1157 struct inet6_dev *in6_dev;
1158 struct rt6_info *rt = NULL;
1159 int lifetime;
1160 struct ndisc_options ndopts;
1161 int optlen;
1162 unsigned int pref = 0;
1163 __u32 old_if_flags;
1164 bool send_ifinfo_notify = false;
1165
1166 __u8 *opt = (__u8 *)(ra_msg + 1);
1167
1168 optlen = (skb_tail_pointer(skb) - skb_transport_header(skb)) -
1169 sizeof(struct ra_msg);
1170
1171 ND_PRINTK(2, info,
1172 "RA: %s, dev: %s\n",
1173 __func__, skb->dev->name);
1174 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1175 ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1176 return;
1177 }
1178 if (optlen < 0) {
1179 ND_PRINTK(2, warn, "RA: packet too short\n");
1180 return;
1181 }
1182
1183#ifdef CONFIG_IPV6_NDISC_NODETYPE
1184 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1185 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
1186 return;
1187 }
1188#endif
1189
1190 /*
1191 * set the RA_RECV flag in the interface
1192 */
1193
1194 in6_dev = __in6_dev_get(skb->dev);
1195 if (!in6_dev) {
1196 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1197 skb->dev->name);
1198 return;
1199 }
1200
1201 if (!ndisc_parse_options(skb->dev, opt, optlen, &ndopts)) {
1202 ND_PRINTK(2, warn, "RA: invalid ND options\n");
1203 return;
1204 }
1205
1206 if (!ipv6_accept_ra(in6_dev)) {
1207 ND_PRINTK(2, info,
1208 "RA: %s, did not accept ra for dev: %s\n",
1209 __func__, skb->dev->name);
1210 goto skip_linkparms;
1211 }
1212
1213#ifdef CONFIG_IPV6_NDISC_NODETYPE
1214 /* skip link-specific parameters from interior routers */
1215 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1216 ND_PRINTK(2, info,
1217 "RA: %s, nodetype is NODEFAULT, dev: %s\n",
1218 __func__, skb->dev->name);
1219 goto skip_linkparms;
1220 }
1221#endif
1222
1223 if (in6_dev->if_flags & IF_RS_SENT) {
1224 /*
1225 * flag that an RA was received after an RS was sent
1226 * out on this interface.
1227 */
1228 in6_dev->if_flags |= IF_RA_RCVD;
1229 }
1230
1231 /*
1232 * Remember the managed/otherconf flags from most recently
1233 * received RA message (RFC 2462) -- yoshfuji
1234 */
1235 old_if_flags = in6_dev->if_flags;
1236 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1237 IF_RA_OTHERCONF)) |
1238 (ra_msg->icmph.icmp6_addrconf_managed ?
1239 IF_RA_MANAGED : 0) |
1240 (ra_msg->icmph.icmp6_addrconf_other ?
1241 IF_RA_OTHERCONF : 0);
1242
1243 if (old_if_flags != in6_dev->if_flags)
1244 send_ifinfo_notify = true;
1245
1246 if (!in6_dev->cnf.accept_ra_defrtr) {
1247 ND_PRINTK(2, info,
1248 "RA: %s, defrtr is false for dev: %s\n",
1249 __func__, skb->dev->name);
1250 goto skip_defrtr;
1251 }
1252
1253 /* Do not accept RA with source-addr found on local machine unless
1254 * accept_ra_from_local is set to true.
1255 */
1256 if (!in6_dev->cnf.accept_ra_from_local &&
1257 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
1258 in6_dev->dev, 0)) {
1259 ND_PRINTK(2, info,
1260 "RA from local address detected on dev: %s: default router ignored\n",
1261 skb->dev->name);
1262 goto skip_defrtr;
1263 }
1264
1265 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1266
1267#ifdef CONFIG_IPV6_ROUTER_PREF
1268 pref = ra_msg->icmph.icmp6_router_pref;
1269 /* 10b is handled as if it were 00b (medium) */
1270 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1271 !in6_dev->cnf.accept_ra_rtr_pref)
1272 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1273#endif
1274
1275 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1276
1277 if (rt) {
1278 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1279 if (!neigh) {
1280 ND_PRINTK(0, err,
1281 "RA: %s got default router without neighbour\n",
1282 __func__);
1283 ip6_rt_put(rt);
1284 return;
1285 }
1286 }
1287 if (rt && lifetime == 0) {
1288 ip6_del_rt(rt);
1289 rt = NULL;
1290 }
1291
1292 ND_PRINTK(3, info, "RA: rt: %p lifetime: %d, for dev: %s\n",
1293 rt, lifetime, skb->dev->name);
1294 if (!rt && lifetime) {
1295 ND_PRINTK(3, info, "RA: adding default router\n");
1296
1297 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
1298 if (!rt) {
1299 ND_PRINTK(0, err,
1300 "RA: %s failed to add default route\n",
1301 __func__);
1302 return;
1303 }
1304
1305 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1306 if (!neigh) {
1307 ND_PRINTK(0, err,
1308 "RA: %s got default router without neighbour\n",
1309 __func__);
1310 ip6_rt_put(rt);
1311 return;
1312 }
1313 neigh->flags |= NTF_ROUTER;
1314 } else if (rt) {
1315 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1316 }
1317
1318 if (rt)
1319 rt6_set_expires(rt, jiffies + (HZ * lifetime));
1320 if (in6_dev->cnf.accept_ra_min_hop_limit < 256 &&
1321 ra_msg->icmph.icmp6_hop_limit) {
1322 if (in6_dev->cnf.accept_ra_min_hop_limit <= ra_msg->icmph.icmp6_hop_limit) {
1323 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1324 if (rt)
1325 dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
1326 ra_msg->icmph.icmp6_hop_limit);
1327 } else {
1328 ND_PRINTK(2, warn, "RA: Got route advertisement with lower hop_limit than minimum\n");
1329 }
1330 }
1331
1332skip_defrtr:
1333
1334 /*
1335 * Update Reachable Time and Retrans Timer
1336 */
1337
1338 if (in6_dev->nd_parms) {
1339 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1340
1341 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1342 rtime = (rtime*HZ)/1000;
1343 if (rtime < HZ/10)
1344 rtime = HZ/10;
1345 NEIGH_VAR_SET(in6_dev->nd_parms, RETRANS_TIME, rtime);
1346 in6_dev->tstamp = jiffies;
1347 send_ifinfo_notify = true;
1348 }
1349
1350 rtime = ntohl(ra_msg->reachable_time);
1351 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1352 rtime = (rtime*HZ)/1000;
1353
1354 if (rtime < HZ/10)
1355 rtime = HZ/10;
1356
1357 if (rtime != NEIGH_VAR(in6_dev->nd_parms, BASE_REACHABLE_TIME)) {
1358 NEIGH_VAR_SET(in6_dev->nd_parms,
1359 BASE_REACHABLE_TIME, rtime);
1360 NEIGH_VAR_SET(in6_dev->nd_parms,
1361 GC_STALETIME, 3 * rtime);
1362 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1363 in6_dev->tstamp = jiffies;
1364 send_ifinfo_notify = true;
1365 }
1366 }
1367 }
1368
1369 /*
1370 * Send a notify if RA changed managed/otherconf flags or timer settings
1371 */
1372 if (send_ifinfo_notify)
1373 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1374
1375skip_linkparms:
1376
1377 /*
1378 * Process options.
1379 */
1380
1381 if (!neigh)
1382 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1383 skb->dev, 1);
1384 if (neigh) {
1385 u8 *lladdr = NULL;
1386 if (ndopts.nd_opts_src_lladdr) {
1387 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1388 skb->dev);
1389 if (!lladdr) {
1390 ND_PRINTK(2, warn,
1391 "RA: invalid link-layer address length\n");
1392 goto out;
1393 }
1394 }
1395 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1396 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1397 NEIGH_UPDATE_F_OVERRIDE|
1398 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1399 NEIGH_UPDATE_F_ISROUTER,
1400 NDISC_ROUTER_ADVERTISEMENT, &ndopts);
1401 }
1402
1403 if (!ipv6_accept_ra(in6_dev)) {
1404 ND_PRINTK(2, info,
1405 "RA: %s, accept_ra is false for dev: %s\n",
1406 __func__, skb->dev->name);
1407 goto out;
1408 }
1409
1410#ifdef CONFIG_IPV6_ROUTE_INFO
1411 if (!in6_dev->cnf.accept_ra_from_local &&
1412 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
1413 in6_dev->dev, 0)) {
1414 ND_PRINTK(2, info,
1415 "RA from local address detected on dev: %s: router info ignored.\n",
1416 skb->dev->name);
1417 goto skip_routeinfo;
1418 }
1419
1420 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1421 struct nd_opt_hdr *p;
1422 for (p = ndopts.nd_opts_ri;
1423 p;
1424 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1425 struct route_info *ri = (struct route_info *)p;
1426#ifdef CONFIG_IPV6_NDISC_NODETYPE
1427 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1428 ri->prefix_len == 0)
1429 continue;
1430#endif
1431 if (ri->prefix_len == 0 &&
1432 !in6_dev->cnf.accept_ra_defrtr)
1433 continue;
1434 if (ri->prefix_len < in6_dev->cnf.accept_ra_rt_info_min_plen)
1435 continue;
1436 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1437 continue;
1438 rt6_route_rcv(skb->dev, (u8 *)p, (p->nd_opt_len) << 3,
1439 &ipv6_hdr(skb)->saddr);
1440 }
1441 }
1442
1443skip_routeinfo:
1444#endif
1445
1446#ifdef CONFIG_IPV6_NDISC_NODETYPE
1447 /* skip link-specific ndopts from interior routers */
1448 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1449 ND_PRINTK(2, info,
1450 "RA: %s, nodetype is NODEFAULT (interior routes), dev: %s\n",
1451 __func__, skb->dev->name);
1452 goto out;
1453 }
1454#endif
1455
1456 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1457 struct nd_opt_hdr *p;
1458 for (p = ndopts.nd_opts_pi;
1459 p;
1460 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1461 addrconf_prefix_rcv(skb->dev, (u8 *)p,
1462 (p->nd_opt_len) << 3,
1463 ndopts.nd_opts_src_lladdr != NULL);
1464 }
1465 }
1466
1467 if (ndopts.nd_opts_mtu && in6_dev->cnf.accept_ra_mtu) {
1468 __be32 n;
1469 u32 mtu;
1470
1471 memcpy(&n, ((u8 *)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1472 mtu = ntohl(n);
1473
1474 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1475 ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1476 } else if (in6_dev->cnf.mtu6 != mtu) {
1477 in6_dev->cnf.mtu6 = mtu;
1478
1479 if (rt)
1480 dst_metric_set(&rt->dst, RTAX_MTU, mtu);
1481
1482 rt6_mtu_change(skb->dev, mtu);
1483 }
1484 }
1485
1486 if (ndopts.nd_useropts) {
1487 struct nd_opt_hdr *p;
1488 for (p = ndopts.nd_useropts;
1489 p;
1490 p = ndisc_next_useropt(skb->dev, p,
1491 ndopts.nd_useropts_end)) {
1492 ndisc_ra_useropt(skb, p);
1493 }
1494 }
1495
1496 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1497 ND_PRINTK(2, warn, "RA: invalid RA options\n");
1498 }
1499out:
1500 ip6_rt_put(rt);
1501 if (neigh)
1502 neigh_release(neigh);
1503}
1504
1505static void ndisc_redirect_rcv(struct sk_buff *skb)
1506{
1507 u8 *hdr;
1508 struct ndisc_options ndopts;
1509 struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb);
1510 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
1511 offsetof(struct rd_msg, opt));
1512
1513#ifdef CONFIG_IPV6_NDISC_NODETYPE
1514 switch (skb->ndisc_nodetype) {
1515 case NDISC_NODETYPE_HOST:
1516 case NDISC_NODETYPE_NODEFAULT:
1517 ND_PRINTK(2, warn,
1518 "Redirect: from host or unauthorized router\n");
1519 return;
1520 }
1521#endif
1522
1523 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1524 ND_PRINTK(2, warn,
1525 "Redirect: source address is not link-local\n");
1526 return;
1527 }
1528
1529 if (!ndisc_parse_options(skb->dev, msg->opt, ndoptlen, &ndopts))
1530 return;
1531
1532 if (!ndopts.nd_opts_rh) {
1533 ip6_redirect_no_header(skb, dev_net(skb->dev),
1534 skb->dev->ifindex, 0);
1535 return;
1536 }
1537
1538 hdr = (u8 *)ndopts.nd_opts_rh;
1539 hdr += 8;
1540 if (!pskb_pull(skb, hdr - skb_transport_header(skb)))
1541 return;
1542
1543 icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1544}
1545
1546static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb,
1547 struct sk_buff *orig_skb,
1548 int rd_len)
1549{
1550 u8 *opt = skb_put(skb, rd_len);
1551
1552 memset(opt, 0, 8);
1553 *(opt++) = ND_OPT_REDIRECT_HDR;
1554 *(opt++) = (rd_len >> 3);
1555 opt += 6;
1556
1557 skb_copy_bits(orig_skb, skb_network_offset(orig_skb), opt,
1558 rd_len - 8);
1559}
1560
1561void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1562{
1563 struct net_device *dev = skb->dev;
1564 struct net *net = dev_net(dev);
1565 struct sock *sk = net->ipv6.ndisc_sk;
1566 int optlen = 0;
1567 struct inet_peer *peer;
1568 struct sk_buff *buff;
1569 struct rd_msg *msg;
1570 struct in6_addr saddr_buf;
1571 struct rt6_info *rt;
1572 struct dst_entry *dst;
1573 struct flowi6 fl6;
1574 int rd_len;
1575 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL,
1576 ops_data_buf[NDISC_OPS_REDIRECT_DATA_SPACE], *ops_data = NULL;
1577 bool ret;
1578
1579 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1580 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1581 dev->name);
1582 return;
1583 }
1584
1585 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1586 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1587 ND_PRINTK(2, warn,
1588 "Redirect: target address is not link-local unicast\n");
1589 return;
1590 }
1591
1592 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1593 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1594
1595 dst = ip6_route_output(net, NULL, &fl6);
1596 if (dst->error) {
1597 dst_release(dst);
1598 return;
1599 }
1600 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1601 if (IS_ERR(dst))
1602 return;
1603
1604 rt = (struct rt6_info *) dst;
1605
1606 if (rt->rt6i_flags & RTF_GATEWAY) {
1607 ND_PRINTK(2, warn,
1608 "Redirect: destination is not a neighbour\n");
1609 goto release;
1610 }
1611 peer = inet_getpeer_v6(net->ipv6.peers, &ipv6_hdr(skb)->saddr, 1);
1612 ret = inet_peer_xrlim_allow(peer, 1*HZ);
1613 if (peer)
1614 inet_putpeer(peer);
1615 if (!ret)
1616 goto release;
1617
1618 if (dev->addr_len) {
1619 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1620 if (!neigh) {
1621 ND_PRINTK(2, warn,
1622 "Redirect: no neigh for target address\n");
1623 goto release;
1624 }
1625
1626 read_lock_bh(&neigh->lock);
1627 if (neigh->nud_state & NUD_VALID) {
1628 memcpy(ha_buf, neigh->ha, dev->addr_len);
1629 read_unlock_bh(&neigh->lock);
1630 ha = ha_buf;
1631 optlen += ndisc_redirect_opt_addr_space(dev, neigh,
1632 ops_data_buf,
1633 &ops_data);
1634 } else
1635 read_unlock_bh(&neigh->lock);
1636
1637 neigh_release(neigh);
1638 }
1639
1640 rd_len = min_t(unsigned int,
1641 IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen,
1642 skb->len + 8);
1643 rd_len &= ~0x7;
1644 optlen += rd_len;
1645
1646 buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
1647 if (!buff)
1648 goto release;
1649
1650 msg = skb_put(buff, sizeof(*msg));
1651 *msg = (struct rd_msg) {
1652 .icmph = {
1653 .icmp6_type = NDISC_REDIRECT,
1654 },
1655 .target = *target,
1656 .dest = ipv6_hdr(skb)->daddr,
1657 };
1658
1659 /*
1660 * include target_address option
1661 */
1662
1663 if (ha)
1664 ndisc_fill_redirect_addr_option(buff, ha, ops_data);
1665
1666 /*
1667 * build redirect option and copy skb over to the new packet.
1668 */
1669
1670 if (rd_len)
1671 ndisc_fill_redirect_hdr_option(buff, skb, rd_len);
1672
1673 skb_dst_set(buff, dst);
1674 ndisc_send_skb(buff, &ipv6_hdr(skb)->saddr, &saddr_buf);
1675 return;
1676
1677release:
1678 dst_release(dst);
1679}
1680
1681static void pndisc_redo(struct sk_buff *skb)
1682{
1683 ndisc_recv_ns(skb);
1684 kfree_skb(skb);
1685}
1686
1687static bool ndisc_suppress_frag_ndisc(struct sk_buff *skb)
1688{
1689 struct inet6_dev *idev = __in6_dev_get(skb->dev);
1690
1691 if (!idev)
1692 return true;
1693 if (IP6CB(skb)->flags & IP6SKB_FRAGMENTED &&
1694 idev->cnf.suppress_frag_ndisc) {
1695 net_warn_ratelimited("Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.\n");
1696 return true;
1697 }
1698 return false;
1699}
1700
1701int ndisc_rcv(struct sk_buff *skb)
1702{
1703 struct nd_msg *msg;
1704
1705 if (ndisc_suppress_frag_ndisc(skb))
1706 return 0;
1707
1708 if (skb_linearize(skb))
1709 return 0;
1710
1711 msg = (struct nd_msg *)skb_transport_header(skb);
1712
1713 __skb_push(skb, skb->data - skb_transport_header(skb));
1714
1715 if (ipv6_hdr(skb)->hop_limit != 255) {
1716 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1717 ipv6_hdr(skb)->hop_limit);
1718 return 0;
1719 }
1720
1721 if (msg->icmph.icmp6_code != 0) {
1722 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1723 msg->icmph.icmp6_code);
1724 return 0;
1725 }
1726
1727 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1728
1729 switch (msg->icmph.icmp6_type) {
1730 case NDISC_NEIGHBOUR_SOLICITATION:
1731 ndisc_recv_ns(skb);
1732 break;
1733
1734 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1735 ndisc_recv_na(skb);
1736 break;
1737
1738 case NDISC_ROUTER_SOLICITATION:
1739 ndisc_recv_rs(skb);
1740 break;
1741
1742 case NDISC_ROUTER_ADVERTISEMENT:
1743 ndisc_router_discovery(skb);
1744 break;
1745
1746 case NDISC_REDIRECT:
1747 ndisc_redirect_rcv(skb);
1748 break;
1749 }
1750
1751 return 0;
1752}
1753
1754static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1755{
1756 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1757 struct netdev_notifier_change_info *change_info;
1758 struct net *net = dev_net(dev);
1759 struct inet6_dev *idev;
1760
1761 switch (event) {
1762 case NETDEV_CHANGEADDR:
1763 neigh_changeaddr(&nd_tbl, dev);
1764 fib6_run_gc(0, net, false);
1765 /* fallthrough */
1766 case NETDEV_UP:
1767 idev = in6_dev_get(dev);
1768 if (!idev)
1769 break;
1770 if (idev->cnf.ndisc_notify ||
1771 net->ipv6.devconf_all->ndisc_notify)
1772 ndisc_send_unsol_na(dev);
1773 in6_dev_put(idev);
1774 break;
1775 case NETDEV_CHANGE:
1776 change_info = ptr;
1777 if (change_info->flags_changed & IFF_NOARP)
1778 neigh_changeaddr(&nd_tbl, dev);
1779 break;
1780 case NETDEV_DOWN:
1781 neigh_ifdown(&nd_tbl, dev);
1782 fib6_run_gc(0, net, false);
1783 break;
1784 case NETDEV_NOTIFY_PEERS:
1785 ndisc_send_unsol_na(dev);
1786 break;
1787 default:
1788 break;
1789 }
1790
1791 return NOTIFY_DONE;
1792}
1793
1794static struct notifier_block ndisc_netdev_notifier = {
1795 .notifier_call = ndisc_netdev_event,
1796 .priority = ADDRCONF_NOTIFY_PRIORITY - 5,
1797};
1798
1799#ifdef CONFIG_SYSCTL
1800static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1801 const char *func, const char *dev_name)
1802{
1803 static char warncomm[TASK_COMM_LEN];
1804 static int warned;
1805 if (strcmp(warncomm, current->comm) && warned < 5) {
1806 strcpy(warncomm, current->comm);
1807 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1808 warncomm, func,
1809 dev_name, ctl->procname,
1810 dev_name, ctl->procname);
1811 warned++;
1812 }
1813}
1814
1815int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
1816{
1817 struct net_device *dev = ctl->extra1;
1818 struct inet6_dev *idev;
1819 int ret;
1820
1821 if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1822 (strcmp(ctl->procname, "base_reachable_time") == 0))
1823 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1824
1825 if (strcmp(ctl->procname, "retrans_time") == 0)
1826 ret = neigh_proc_dointvec(ctl, write, buffer, lenp, ppos);
1827
1828 else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1829 ret = neigh_proc_dointvec_jiffies(ctl, write,
1830 buffer, lenp, ppos);
1831
1832 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1833 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1834 ret = neigh_proc_dointvec_ms_jiffies(ctl, write,
1835 buffer, lenp, ppos);
1836 else
1837 ret = -1;
1838
1839 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1840 if (ctl->data == &NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME))
1841 idev->nd_parms->reachable_time =
1842 neigh_rand_reach_time(NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME));
1843 idev->tstamp = jiffies;
1844 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1845 in6_dev_put(idev);
1846 }
1847 return ret;
1848}
1849
1850
1851#endif
1852
1853static int __net_init ndisc_net_init(struct net *net)
1854{
1855 struct ipv6_pinfo *np;
1856 struct sock *sk;
1857 int err;
1858
1859 err = inet_ctl_sock_create(&sk, PF_INET6,
1860 SOCK_RAW, IPPROTO_ICMPV6, net);
1861 if (err < 0) {
1862 ND_PRINTK(0, err,
1863 "NDISC: Failed to initialize the control socket (err %d)\n",
1864 err);
1865 return err;
1866 }
1867
1868 net->ipv6.ndisc_sk = sk;
1869
1870 np = inet6_sk(sk);
1871 np->hop_limit = 255;
1872 /* Do not loopback ndisc messages */
1873 np->mc_loop = 0;
1874
1875 return 0;
1876}
1877
1878static void __net_exit ndisc_net_exit(struct net *net)
1879{
1880 inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1881}
1882
1883static struct pernet_operations ndisc_net_ops = {
1884 .init = ndisc_net_init,
1885 .exit = ndisc_net_exit,
1886};
1887
1888int __init ndisc_init(void)
1889{
1890 int err;
1891
1892 err = register_pernet_subsys(&ndisc_net_ops);
1893 if (err)
1894 return err;
1895 /*
1896 * Initialize the neighbour table
1897 */
1898 neigh_table_init(NEIGH_ND_TABLE, &nd_tbl);
1899
1900#ifdef CONFIG_SYSCTL
1901 err = neigh_sysctl_register(NULL, &nd_tbl.parms,
1902 ndisc_ifinfo_sysctl_change);
1903 if (err)
1904 goto out_unregister_pernet;
1905out:
1906#endif
1907 return err;
1908
1909#ifdef CONFIG_SYSCTL
1910out_unregister_pernet:
1911 unregister_pernet_subsys(&ndisc_net_ops);
1912 goto out;
1913#endif
1914}
1915
1916int __init ndisc_late_init(void)
1917{
1918 return register_netdevice_notifier(&ndisc_netdev_notifier);
1919}
1920
1921void ndisc_late_cleanup(void)
1922{
1923 unregister_netdevice_notifier(&ndisc_netdev_notifier);
1924}
1925
1926void ndisc_cleanup(void)
1927{
1928#ifdef CONFIG_SYSCTL
1929 neigh_sysctl_unregister(&nd_tbl.parms);
1930#endif
1931 neigh_table_clear(NEIGH_ND_TABLE, &nd_tbl);
1932 unregister_pernet_subsys(&ndisc_net_ops);
1933}
1/*
2 * Neighbour Discovery for IPv6
3 * Linux INET6 implementation
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 * Mike Shaver <shaver@ingenia.com>
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version
12 * 2 of the License, or (at your option) any later version.
13 */
14
15/*
16 * Changes:
17 *
18 * Alexey I. Froloff : RFC6106 (DNSSL) support
19 * Pierre Ynard : export userland ND options
20 * through netlink (RDNSS support)
21 * Lars Fenneberg : fixed MTU setting on receipt
22 * of an RA.
23 * Janos Farkas : kmalloc failure checks
24 * Alexey Kuznetsov : state machine reworked
25 * and moved to net/core.
26 * Pekka Savola : RFC2461 validation
27 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly
28 */
29
30#define pr_fmt(fmt) "ICMPv6: " fmt
31
32#include <linux/module.h>
33#include <linux/errno.h>
34#include <linux/types.h>
35#include <linux/socket.h>
36#include <linux/sockios.h>
37#include <linux/sched.h>
38#include <linux/net.h>
39#include <linux/in6.h>
40#include <linux/route.h>
41#include <linux/init.h>
42#include <linux/rcupdate.h>
43#include <linux/slab.h>
44#ifdef CONFIG_SYSCTL
45#include <linux/sysctl.h>
46#endif
47
48#include <linux/if_addr.h>
49#include <linux/if_arp.h>
50#include <linux/ipv6.h>
51#include <linux/icmpv6.h>
52#include <linux/jhash.h>
53
54#include <net/sock.h>
55#include <net/snmp.h>
56
57#include <net/ipv6.h>
58#include <net/protocol.h>
59#include <net/ndisc.h>
60#include <net/ip6_route.h>
61#include <net/addrconf.h>
62#include <net/icmp.h>
63
64#include <net/netlink.h>
65#include <linux/rtnetlink.h>
66
67#include <net/flow.h>
68#include <net/ip6_checksum.h>
69#include <net/inet_common.h>
70#include <linux/proc_fs.h>
71
72#include <linux/netfilter.h>
73#include <linux/netfilter_ipv6.h>
74
75static u32 ndisc_hash(const void *pkey,
76 const struct net_device *dev,
77 __u32 *hash_rnd);
78static bool ndisc_key_eq(const struct neighbour *neigh, const void *pkey);
79static int ndisc_constructor(struct neighbour *neigh);
80static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
81static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
82static int pndisc_constructor(struct pneigh_entry *n);
83static void pndisc_destructor(struct pneigh_entry *n);
84static void pndisc_redo(struct sk_buff *skb);
85
86static const struct neigh_ops ndisc_generic_ops = {
87 .family = AF_INET6,
88 .solicit = ndisc_solicit,
89 .error_report = ndisc_error_report,
90 .output = neigh_resolve_output,
91 .connected_output = neigh_connected_output,
92};
93
94static const struct neigh_ops ndisc_hh_ops = {
95 .family = AF_INET6,
96 .solicit = ndisc_solicit,
97 .error_report = ndisc_error_report,
98 .output = neigh_resolve_output,
99 .connected_output = neigh_resolve_output,
100};
101
102
103static const struct neigh_ops ndisc_direct_ops = {
104 .family = AF_INET6,
105 .output = neigh_direct_output,
106 .connected_output = neigh_direct_output,
107};
108
109struct neigh_table nd_tbl = {
110 .family = AF_INET6,
111 .key_len = sizeof(struct in6_addr),
112 .protocol = cpu_to_be16(ETH_P_IPV6),
113 .hash = ndisc_hash,
114 .key_eq = ndisc_key_eq,
115 .constructor = ndisc_constructor,
116 .pconstructor = pndisc_constructor,
117 .pdestructor = pndisc_destructor,
118 .proxy_redo = pndisc_redo,
119 .id = "ndisc_cache",
120 .parms = {
121 .tbl = &nd_tbl,
122 .reachable_time = ND_REACHABLE_TIME,
123 .data = {
124 [NEIGH_VAR_MCAST_PROBES] = 3,
125 [NEIGH_VAR_UCAST_PROBES] = 3,
126 [NEIGH_VAR_RETRANS_TIME] = ND_RETRANS_TIMER,
127 [NEIGH_VAR_BASE_REACHABLE_TIME] = ND_REACHABLE_TIME,
128 [NEIGH_VAR_DELAY_PROBE_TIME] = 5 * HZ,
129 [NEIGH_VAR_GC_STALETIME] = 60 * HZ,
130 [NEIGH_VAR_QUEUE_LEN_BYTES] = 64 * 1024,
131 [NEIGH_VAR_PROXY_QLEN] = 64,
132 [NEIGH_VAR_ANYCAST_DELAY] = 1 * HZ,
133 [NEIGH_VAR_PROXY_DELAY] = (8 * HZ) / 10,
134 },
135 },
136 .gc_interval = 30 * HZ,
137 .gc_thresh1 = 128,
138 .gc_thresh2 = 512,
139 .gc_thresh3 = 1024,
140};
141EXPORT_SYMBOL_GPL(nd_tbl);
142
143void __ndisc_fill_addr_option(struct sk_buff *skb, int type, void *data,
144 int data_len, int pad)
145{
146 int space = __ndisc_opt_addr_space(data_len, pad);
147 u8 *opt = skb_put(skb, space);
148
149 opt[0] = type;
150 opt[1] = space>>3;
151
152 memset(opt + 2, 0, pad);
153 opt += pad;
154 space -= pad;
155
156 memcpy(opt+2, data, data_len);
157 data_len += 2;
158 opt += data_len;
159 space -= data_len;
160 if (space > 0)
161 memset(opt, 0, space);
162}
163EXPORT_SYMBOL_GPL(__ndisc_fill_addr_option);
164
165static inline void ndisc_fill_addr_option(struct sk_buff *skb, int type,
166 void *data, u8 icmp6_type)
167{
168 __ndisc_fill_addr_option(skb, type, data, skb->dev->addr_len,
169 ndisc_addr_option_pad(skb->dev->type));
170 ndisc_ops_fill_addr_option(skb->dev, skb, icmp6_type);
171}
172
173static inline void ndisc_fill_redirect_addr_option(struct sk_buff *skb,
174 void *ha,
175 const u8 *ops_data)
176{
177 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR, ha, NDISC_REDIRECT);
178 ndisc_ops_fill_redirect_addr_option(skb->dev, skb, ops_data);
179}
180
181static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
182 struct nd_opt_hdr *end)
183{
184 int type;
185 if (!cur || !end || cur >= end)
186 return NULL;
187 type = cur->nd_opt_type;
188 do {
189 cur = ((void *)cur) + (cur->nd_opt_len << 3);
190 } while (cur < end && cur->nd_opt_type != type);
191 return cur <= end && cur->nd_opt_type == type ? cur : NULL;
192}
193
194static inline int ndisc_is_useropt(const struct net_device *dev,
195 struct nd_opt_hdr *opt)
196{
197 return opt->nd_opt_type == ND_OPT_RDNSS ||
198 opt->nd_opt_type == ND_OPT_DNSSL ||
199 ndisc_ops_is_useropt(dev, opt->nd_opt_type);
200}
201
202static struct nd_opt_hdr *ndisc_next_useropt(const struct net_device *dev,
203 struct nd_opt_hdr *cur,
204 struct nd_opt_hdr *end)
205{
206 if (!cur || !end || cur >= end)
207 return NULL;
208 do {
209 cur = ((void *)cur) + (cur->nd_opt_len << 3);
210 } while (cur < end && !ndisc_is_useropt(dev, cur));
211 return cur <= end && ndisc_is_useropt(dev, cur) ? cur : NULL;
212}
213
214struct ndisc_options *ndisc_parse_options(const struct net_device *dev,
215 u8 *opt, int opt_len,
216 struct ndisc_options *ndopts)
217{
218 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
219
220 if (!nd_opt || opt_len < 0 || !ndopts)
221 return NULL;
222 memset(ndopts, 0, sizeof(*ndopts));
223 while (opt_len) {
224 int l;
225 if (opt_len < sizeof(struct nd_opt_hdr))
226 return NULL;
227 l = nd_opt->nd_opt_len << 3;
228 if (opt_len < l || l == 0)
229 return NULL;
230 if (ndisc_ops_parse_options(dev, nd_opt, ndopts))
231 goto next_opt;
232 switch (nd_opt->nd_opt_type) {
233 case ND_OPT_SOURCE_LL_ADDR:
234 case ND_OPT_TARGET_LL_ADDR:
235 case ND_OPT_MTU:
236 case ND_OPT_NONCE:
237 case ND_OPT_REDIRECT_HDR:
238 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
239 ND_PRINTK(2, warn,
240 "%s: duplicated ND6 option found: type=%d\n",
241 __func__, nd_opt->nd_opt_type);
242 } else {
243 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
244 }
245 break;
246 case ND_OPT_PREFIX_INFO:
247 ndopts->nd_opts_pi_end = nd_opt;
248 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
249 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
250 break;
251#ifdef CONFIG_IPV6_ROUTE_INFO
252 case ND_OPT_ROUTE_INFO:
253 ndopts->nd_opts_ri_end = nd_opt;
254 if (!ndopts->nd_opts_ri)
255 ndopts->nd_opts_ri = nd_opt;
256 break;
257#endif
258 default:
259 if (ndisc_is_useropt(dev, nd_opt)) {
260 ndopts->nd_useropts_end = nd_opt;
261 if (!ndopts->nd_useropts)
262 ndopts->nd_useropts = nd_opt;
263 } else {
264 /*
265 * Unknown options must be silently ignored,
266 * to accommodate future extension to the
267 * protocol.
268 */
269 ND_PRINTK(2, notice,
270 "%s: ignored unsupported option; type=%d, len=%d\n",
271 __func__,
272 nd_opt->nd_opt_type,
273 nd_opt->nd_opt_len);
274 }
275 }
276next_opt:
277 opt_len -= l;
278 nd_opt = ((void *)nd_opt) + l;
279 }
280 return ndopts;
281}
282
283int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
284{
285 switch (dev->type) {
286 case ARPHRD_ETHER:
287 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */
288 case ARPHRD_FDDI:
289 ipv6_eth_mc_map(addr, buf);
290 return 0;
291 case ARPHRD_ARCNET:
292 ipv6_arcnet_mc_map(addr, buf);
293 return 0;
294 case ARPHRD_INFINIBAND:
295 ipv6_ib_mc_map(addr, dev->broadcast, buf);
296 return 0;
297 case ARPHRD_IPGRE:
298 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
299 default:
300 if (dir) {
301 memcpy(buf, dev->broadcast, dev->addr_len);
302 return 0;
303 }
304 }
305 return -EINVAL;
306}
307EXPORT_SYMBOL(ndisc_mc_map);
308
309static u32 ndisc_hash(const void *pkey,
310 const struct net_device *dev,
311 __u32 *hash_rnd)
312{
313 return ndisc_hashfn(pkey, dev, hash_rnd);
314}
315
316static bool ndisc_key_eq(const struct neighbour *n, const void *pkey)
317{
318 return neigh_key_eq128(n, pkey);
319}
320
321static int ndisc_constructor(struct neighbour *neigh)
322{
323 struct in6_addr *addr = (struct in6_addr *)&neigh->primary_key;
324 struct net_device *dev = neigh->dev;
325 struct inet6_dev *in6_dev;
326 struct neigh_parms *parms;
327 bool is_multicast = ipv6_addr_is_multicast(addr);
328
329 in6_dev = in6_dev_get(dev);
330 if (!in6_dev) {
331 return -EINVAL;
332 }
333
334 parms = in6_dev->nd_parms;
335 __neigh_parms_put(neigh->parms);
336 neigh->parms = neigh_parms_clone(parms);
337
338 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
339 if (!dev->header_ops) {
340 neigh->nud_state = NUD_NOARP;
341 neigh->ops = &ndisc_direct_ops;
342 neigh->output = neigh_direct_output;
343 } else {
344 if (is_multicast) {
345 neigh->nud_state = NUD_NOARP;
346 ndisc_mc_map(addr, neigh->ha, dev, 1);
347 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
348 neigh->nud_state = NUD_NOARP;
349 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
350 if (dev->flags&IFF_LOOPBACK)
351 neigh->type = RTN_LOCAL;
352 } else if (dev->flags&IFF_POINTOPOINT) {
353 neigh->nud_state = NUD_NOARP;
354 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
355 }
356 if (dev->header_ops->cache)
357 neigh->ops = &ndisc_hh_ops;
358 else
359 neigh->ops = &ndisc_generic_ops;
360 if (neigh->nud_state&NUD_VALID)
361 neigh->output = neigh->ops->connected_output;
362 else
363 neigh->output = neigh->ops->output;
364 }
365 in6_dev_put(in6_dev);
366 return 0;
367}
368
369static int pndisc_constructor(struct pneigh_entry *n)
370{
371 struct in6_addr *addr = (struct in6_addr *)&n->key;
372 struct in6_addr maddr;
373 struct net_device *dev = n->dev;
374
375 if (!dev || !__in6_dev_get(dev))
376 return -EINVAL;
377 addrconf_addr_solict_mult(addr, &maddr);
378 ipv6_dev_mc_inc(dev, &maddr);
379 return 0;
380}
381
382static void pndisc_destructor(struct pneigh_entry *n)
383{
384 struct in6_addr *addr = (struct in6_addr *)&n->key;
385 struct in6_addr maddr;
386 struct net_device *dev = n->dev;
387
388 if (!dev || !__in6_dev_get(dev))
389 return;
390 addrconf_addr_solict_mult(addr, &maddr);
391 ipv6_dev_mc_dec(dev, &maddr);
392}
393
394static struct sk_buff *ndisc_alloc_skb(struct net_device *dev,
395 int len)
396{
397 int hlen = LL_RESERVED_SPACE(dev);
398 int tlen = dev->needed_tailroom;
399 struct sock *sk = dev_net(dev)->ipv6.ndisc_sk;
400 struct sk_buff *skb;
401
402 skb = alloc_skb(hlen + sizeof(struct ipv6hdr) + len + tlen, GFP_ATOMIC);
403 if (!skb) {
404 ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb\n",
405 __func__);
406 return NULL;
407 }
408
409 skb->protocol = htons(ETH_P_IPV6);
410 skb->dev = dev;
411
412 skb_reserve(skb, hlen + sizeof(struct ipv6hdr));
413 skb_reset_transport_header(skb);
414
415 /* Manually assign socket ownership as we avoid calling
416 * sock_alloc_send_pskb() to bypass wmem buffer limits
417 */
418 skb_set_owner_w(skb, sk);
419
420 return skb;
421}
422
423static void ip6_nd_hdr(struct sk_buff *skb,
424 const struct in6_addr *saddr,
425 const struct in6_addr *daddr,
426 int hop_limit, int len)
427{
428 struct ipv6hdr *hdr;
429
430 skb_push(skb, sizeof(*hdr));
431 skb_reset_network_header(skb);
432 hdr = ipv6_hdr(skb);
433
434 ip6_flow_hdr(hdr, 0, 0);
435
436 hdr->payload_len = htons(len);
437 hdr->nexthdr = IPPROTO_ICMPV6;
438 hdr->hop_limit = hop_limit;
439
440 hdr->saddr = *saddr;
441 hdr->daddr = *daddr;
442}
443
444static void ndisc_send_skb(struct sk_buff *skb,
445 const struct in6_addr *daddr,
446 const struct in6_addr *saddr)
447{
448 struct dst_entry *dst = skb_dst(skb);
449 struct net *net = dev_net(skb->dev);
450 struct sock *sk = net->ipv6.ndisc_sk;
451 struct inet6_dev *idev;
452 int err;
453 struct icmp6hdr *icmp6h = icmp6_hdr(skb);
454 u8 type;
455
456 type = icmp6h->icmp6_type;
457
458 if (!dst) {
459 struct flowi6 fl6;
460 int oif = skb->dev->ifindex;
461
462 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, oif);
463 dst = icmp6_dst_alloc(skb->dev, &fl6);
464 if (IS_ERR(dst)) {
465 kfree_skb(skb);
466 return;
467 }
468
469 skb_dst_set(skb, dst);
470 }
471
472 icmp6h->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len,
473 IPPROTO_ICMPV6,
474 csum_partial(icmp6h,
475 skb->len, 0));
476
477 ip6_nd_hdr(skb, saddr, daddr, inet6_sk(sk)->hop_limit, skb->len);
478
479 rcu_read_lock();
480 idev = __in6_dev_get(dst->dev);
481 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
482
483 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT,
484 net, sk, skb, NULL, dst->dev,
485 dst_output);
486 if (!err) {
487 ICMP6MSGOUT_INC_STATS(net, idev, type);
488 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
489 }
490
491 rcu_read_unlock();
492}
493
494void ndisc_send_na(struct net_device *dev, const struct in6_addr *daddr,
495 const struct in6_addr *solicited_addr,
496 bool router, bool solicited, bool override, bool inc_opt)
497{
498 struct sk_buff *skb;
499 struct in6_addr tmpaddr;
500 struct inet6_ifaddr *ifp;
501 const struct in6_addr *src_addr;
502 struct nd_msg *msg;
503 int optlen = 0;
504
505 /* for anycast or proxy, solicited_addr != src_addr */
506 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
507 if (ifp) {
508 src_addr = solicited_addr;
509 if (ifp->flags & IFA_F_OPTIMISTIC)
510 override = false;
511 inc_opt |= ifp->idev->cnf.force_tllao;
512 in6_ifa_put(ifp);
513 } else {
514 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
515 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
516 &tmpaddr))
517 return;
518 src_addr = &tmpaddr;
519 }
520
521 if (!dev->addr_len)
522 inc_opt = 0;
523 if (inc_opt)
524 optlen += ndisc_opt_addr_space(dev,
525 NDISC_NEIGHBOUR_ADVERTISEMENT);
526
527 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
528 if (!skb)
529 return;
530
531 msg = (struct nd_msg *)skb_put(skb, sizeof(*msg));
532 *msg = (struct nd_msg) {
533 .icmph = {
534 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
535 .icmp6_router = router,
536 .icmp6_solicited = solicited,
537 .icmp6_override = override,
538 },
539 .target = *solicited_addr,
540 };
541
542 if (inc_opt)
543 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR,
544 dev->dev_addr,
545 NDISC_NEIGHBOUR_ADVERTISEMENT);
546
547 ndisc_send_skb(skb, daddr, src_addr);
548}
549
550static void ndisc_send_unsol_na(struct net_device *dev)
551{
552 struct inet6_dev *idev;
553 struct inet6_ifaddr *ifa;
554
555 idev = in6_dev_get(dev);
556 if (!idev)
557 return;
558
559 read_lock_bh(&idev->lock);
560 list_for_each_entry(ifa, &idev->addr_list, if_list) {
561 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &ifa->addr,
562 /*router=*/ !!idev->cnf.forwarding,
563 /*solicited=*/ false, /*override=*/ true,
564 /*inc_opt=*/ true);
565 }
566 read_unlock_bh(&idev->lock);
567
568 in6_dev_put(idev);
569}
570
571void ndisc_send_ns(struct net_device *dev, const struct in6_addr *solicit,
572 const struct in6_addr *daddr, const struct in6_addr *saddr,
573 u64 nonce)
574{
575 struct sk_buff *skb;
576 struct in6_addr addr_buf;
577 int inc_opt = dev->addr_len;
578 int optlen = 0;
579 struct nd_msg *msg;
580
581 if (!saddr) {
582 if (ipv6_get_lladdr(dev, &addr_buf,
583 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
584 return;
585 saddr = &addr_buf;
586 }
587
588 if (ipv6_addr_any(saddr))
589 inc_opt = false;
590 if (inc_opt)
591 optlen += ndisc_opt_addr_space(dev,
592 NDISC_NEIGHBOUR_SOLICITATION);
593 if (nonce != 0)
594 optlen += 8;
595
596 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
597 if (!skb)
598 return;
599
600 msg = (struct nd_msg *)skb_put(skb, sizeof(*msg));
601 *msg = (struct nd_msg) {
602 .icmph = {
603 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
604 },
605 .target = *solicit,
606 };
607
608 if (inc_opt)
609 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
610 dev->dev_addr,
611 NDISC_NEIGHBOUR_SOLICITATION);
612 if (nonce != 0) {
613 u8 *opt = skb_put(skb, 8);
614
615 opt[0] = ND_OPT_NONCE;
616 opt[1] = 8 >> 3;
617 memcpy(opt + 2, &nonce, 6);
618 }
619
620 ndisc_send_skb(skb, daddr, saddr);
621}
622
623void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
624 const struct in6_addr *daddr)
625{
626 struct sk_buff *skb;
627 struct rs_msg *msg;
628 int send_sllao = dev->addr_len;
629 int optlen = 0;
630
631#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
632 /*
633 * According to section 2.2 of RFC 4429, we must not
634 * send router solicitations with a sllao from
635 * optimistic addresses, but we may send the solicitation
636 * if we don't include the sllao. So here we check
637 * if our address is optimistic, and if so, we
638 * suppress the inclusion of the sllao.
639 */
640 if (send_sllao) {
641 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
642 dev, 1);
643 if (ifp) {
644 if (ifp->flags & IFA_F_OPTIMISTIC) {
645 send_sllao = 0;
646 }
647 in6_ifa_put(ifp);
648 } else {
649 send_sllao = 0;
650 }
651 }
652#endif
653 if (send_sllao)
654 optlen += ndisc_opt_addr_space(dev, NDISC_ROUTER_SOLICITATION);
655
656 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
657 if (!skb)
658 return;
659
660 msg = (struct rs_msg *)skb_put(skb, sizeof(*msg));
661 *msg = (struct rs_msg) {
662 .icmph = {
663 .icmp6_type = NDISC_ROUTER_SOLICITATION,
664 },
665 };
666
667 if (send_sllao)
668 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
669 dev->dev_addr,
670 NDISC_ROUTER_SOLICITATION);
671
672 ndisc_send_skb(skb, daddr, saddr);
673}
674
675
676static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
677{
678 /*
679 * "The sender MUST return an ICMP
680 * destination unreachable"
681 */
682 dst_link_failure(skb);
683 kfree_skb(skb);
684}
685
686/* Called with locked neigh: either read or both */
687
688static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
689{
690 struct in6_addr *saddr = NULL;
691 struct in6_addr mcaddr;
692 struct net_device *dev = neigh->dev;
693 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
694 int probes = atomic_read(&neigh->probes);
695
696 if (skb && ipv6_chk_addr_and_flags(dev_net(dev), &ipv6_hdr(skb)->saddr,
697 dev, 1,
698 IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))
699 saddr = &ipv6_hdr(skb)->saddr;
700 probes -= NEIGH_VAR(neigh->parms, UCAST_PROBES);
701 if (probes < 0) {
702 if (!(neigh->nud_state & NUD_VALID)) {
703 ND_PRINTK(1, dbg,
704 "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
705 __func__, target);
706 }
707 ndisc_send_ns(dev, target, target, saddr, 0);
708 } else if ((probes -= NEIGH_VAR(neigh->parms, APP_PROBES)) < 0) {
709 neigh_app_ns(neigh);
710 } else {
711 addrconf_addr_solict_mult(target, &mcaddr);
712 ndisc_send_ns(dev, target, &mcaddr, saddr, 0);
713 }
714}
715
716static int pndisc_is_router(const void *pkey,
717 struct net_device *dev)
718{
719 struct pneigh_entry *n;
720 int ret = -1;
721
722 read_lock_bh(&nd_tbl.lock);
723 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
724 if (n)
725 ret = !!(n->flags & NTF_ROUTER);
726 read_unlock_bh(&nd_tbl.lock);
727
728 return ret;
729}
730
731void ndisc_update(const struct net_device *dev, struct neighbour *neigh,
732 const u8 *lladdr, u8 new, u32 flags, u8 icmp6_type,
733 struct ndisc_options *ndopts)
734{
735 neigh_update(neigh, lladdr, new, flags);
736 /* report ndisc ops about neighbour update */
737 ndisc_ops_update(dev, neigh, flags, icmp6_type, ndopts);
738}
739
740static void ndisc_recv_ns(struct sk_buff *skb)
741{
742 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
743 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
744 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
745 u8 *lladdr = NULL;
746 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
747 offsetof(struct nd_msg, opt));
748 struct ndisc_options ndopts;
749 struct net_device *dev = skb->dev;
750 struct inet6_ifaddr *ifp;
751 struct inet6_dev *idev = NULL;
752 struct neighbour *neigh;
753 int dad = ipv6_addr_any(saddr);
754 bool inc;
755 int is_router = -1;
756 u64 nonce = 0;
757
758 if (skb->len < sizeof(struct nd_msg)) {
759 ND_PRINTK(2, warn, "NS: packet too short\n");
760 return;
761 }
762
763 if (ipv6_addr_is_multicast(&msg->target)) {
764 ND_PRINTK(2, warn, "NS: multicast target address\n");
765 return;
766 }
767
768 /*
769 * RFC2461 7.1.1:
770 * DAD has to be destined for solicited node multicast address.
771 */
772 if (dad && !ipv6_addr_is_solict_mult(daddr)) {
773 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
774 return;
775 }
776
777 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
778 ND_PRINTK(2, warn, "NS: invalid ND options\n");
779 return;
780 }
781
782 if (ndopts.nd_opts_src_lladdr) {
783 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
784 if (!lladdr) {
785 ND_PRINTK(2, warn,
786 "NS: invalid link-layer address length\n");
787 return;
788 }
789
790 /* RFC2461 7.1.1:
791 * If the IP source address is the unspecified address,
792 * there MUST NOT be source link-layer address option
793 * in the message.
794 */
795 if (dad) {
796 ND_PRINTK(2, warn,
797 "NS: bad DAD packet (link-layer address option)\n");
798 return;
799 }
800 }
801 if (ndopts.nd_opts_nonce)
802 memcpy(&nonce, (u8 *)(ndopts.nd_opts_nonce + 1), 6);
803
804 inc = ipv6_addr_is_multicast(daddr);
805
806 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
807 if (ifp) {
808have_ifp:
809 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
810 if (dad) {
811 if (nonce != 0 && ifp->dad_nonce == nonce) {
812 u8 *np = (u8 *)&nonce;
813 /* Matching nonce if looped back */
814 ND_PRINTK(2, notice,
815 "%s: IPv6 DAD loopback for address %pI6c nonce %pM ignored\n",
816 ifp->idev->dev->name,
817 &ifp->addr, np);
818 goto out;
819 }
820 /*
821 * We are colliding with another node
822 * who is doing DAD
823 * so fail our DAD process
824 */
825 addrconf_dad_failure(ifp);
826 return;
827 } else {
828 /*
829 * This is not a dad solicitation.
830 * If we are an optimistic node,
831 * we should respond.
832 * Otherwise, we should ignore it.
833 */
834 if (!(ifp->flags & IFA_F_OPTIMISTIC))
835 goto out;
836 }
837 }
838
839 idev = ifp->idev;
840 } else {
841 struct net *net = dev_net(dev);
842
843 /* perhaps an address on the master device */
844 if (netif_is_l3_slave(dev)) {
845 struct net_device *mdev;
846
847 mdev = netdev_master_upper_dev_get_rcu(dev);
848 if (mdev) {
849 ifp = ipv6_get_ifaddr(net, &msg->target, mdev, 1);
850 if (ifp)
851 goto have_ifp;
852 }
853 }
854
855 idev = in6_dev_get(dev);
856 if (!idev) {
857 /* XXX: count this drop? */
858 return;
859 }
860
861 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
862 (idev->cnf.forwarding &&
863 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
864 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
865 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
866 skb->pkt_type != PACKET_HOST &&
867 inc &&
868 NEIGH_VAR(idev->nd_parms, PROXY_DELAY) != 0) {
869 /*
870 * for anycast or proxy,
871 * sender should delay its response
872 * by a random time between 0 and
873 * MAX_ANYCAST_DELAY_TIME seconds.
874 * (RFC2461) -- yoshfuji
875 */
876 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
877 if (n)
878 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
879 goto out;
880 }
881 } else
882 goto out;
883 }
884
885 if (is_router < 0)
886 is_router = idev->cnf.forwarding;
887
888 if (dad) {
889 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &msg->target,
890 !!is_router, false, (ifp != NULL), true);
891 goto out;
892 }
893
894 if (inc)
895 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
896 else
897 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
898
899 /*
900 * update / create cache entry
901 * for the source address
902 */
903 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
904 !inc || lladdr || !dev->addr_len);
905 if (neigh)
906 ndisc_update(dev, neigh, lladdr, NUD_STALE,
907 NEIGH_UPDATE_F_WEAK_OVERRIDE|
908 NEIGH_UPDATE_F_OVERRIDE,
909 NDISC_NEIGHBOUR_SOLICITATION, &ndopts);
910 if (neigh || !dev->header_ops) {
911 ndisc_send_na(dev, saddr, &msg->target, !!is_router,
912 true, (ifp != NULL && inc), inc);
913 if (neigh)
914 neigh_release(neigh);
915 }
916
917out:
918 if (ifp)
919 in6_ifa_put(ifp);
920 else
921 in6_dev_put(idev);
922}
923
924static void ndisc_recv_na(struct sk_buff *skb)
925{
926 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
927 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
928 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
929 u8 *lladdr = NULL;
930 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
931 offsetof(struct nd_msg, opt));
932 struct ndisc_options ndopts;
933 struct net_device *dev = skb->dev;
934 struct inet6_dev *idev = __in6_dev_get(dev);
935 struct inet6_ifaddr *ifp;
936 struct neighbour *neigh;
937
938 if (skb->len < sizeof(struct nd_msg)) {
939 ND_PRINTK(2, warn, "NA: packet too short\n");
940 return;
941 }
942
943 if (ipv6_addr_is_multicast(&msg->target)) {
944 ND_PRINTK(2, warn, "NA: target address is multicast\n");
945 return;
946 }
947
948 if (ipv6_addr_is_multicast(daddr) &&
949 msg->icmph.icmp6_solicited) {
950 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
951 return;
952 }
953
954 /* For some 802.11 wireless deployments (and possibly other networks),
955 * there will be a NA proxy and unsolicitd packets are attacks
956 * and thus should not be accepted.
957 */
958 if (!msg->icmph.icmp6_solicited && idev &&
959 idev->cnf.drop_unsolicited_na)
960 return;
961
962 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
963 ND_PRINTK(2, warn, "NS: invalid ND option\n");
964 return;
965 }
966 if (ndopts.nd_opts_tgt_lladdr) {
967 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
968 if (!lladdr) {
969 ND_PRINTK(2, warn,
970 "NA: invalid link-layer address length\n");
971 return;
972 }
973 }
974 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
975 if (ifp) {
976 if (skb->pkt_type != PACKET_LOOPBACK
977 && (ifp->flags & IFA_F_TENTATIVE)) {
978 addrconf_dad_failure(ifp);
979 return;
980 }
981 /* What should we make now? The advertisement
982 is invalid, but ndisc specs say nothing
983 about it. It could be misconfiguration, or
984 an smart proxy agent tries to help us :-)
985
986 We should not print the error if NA has been
987 received from loopback - it is just our own
988 unsolicited advertisement.
989 */
990 if (skb->pkt_type != PACKET_LOOPBACK)
991 ND_PRINTK(1, warn,
992 "NA: someone advertises our address %pI6 on %s!\n",
993 &ifp->addr, ifp->idev->dev->name);
994 in6_ifa_put(ifp);
995 return;
996 }
997 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
998
999 if (neigh) {
1000 u8 old_flags = neigh->flags;
1001 struct net *net = dev_net(dev);
1002
1003 if (neigh->nud_state & NUD_FAILED)
1004 goto out;
1005
1006 /*
1007 * Don't update the neighbor cache entry on a proxy NA from
1008 * ourselves because either the proxied node is off link or it
1009 * has already sent a NA to us.
1010 */
1011 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
1012 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
1013 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
1014 /* XXX: idev->cnf.proxy_ndp */
1015 goto out;
1016 }
1017
1018 ndisc_update(dev, neigh, lladdr,
1019 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
1020 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1021 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
1022 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1023 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0),
1024 NDISC_NEIGHBOUR_ADVERTISEMENT, &ndopts);
1025
1026 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
1027 /*
1028 * Change: router to host
1029 */
1030 rt6_clean_tohost(dev_net(dev), saddr);
1031 }
1032
1033out:
1034 neigh_release(neigh);
1035 }
1036}
1037
1038static void ndisc_recv_rs(struct sk_buff *skb)
1039{
1040 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
1041 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
1042 struct neighbour *neigh;
1043 struct inet6_dev *idev;
1044 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
1045 struct ndisc_options ndopts;
1046 u8 *lladdr = NULL;
1047
1048 if (skb->len < sizeof(*rs_msg))
1049 return;
1050
1051 idev = __in6_dev_get(skb->dev);
1052 if (!idev) {
1053 ND_PRINTK(1, err, "RS: can't find in6 device\n");
1054 return;
1055 }
1056
1057 /* Don't accept RS if we're not in router mode */
1058 if (!idev->cnf.forwarding)
1059 goto out;
1060
1061 /*
1062 * Don't update NCE if src = ::;
1063 * this implies that the source node has no ip address assigned yet.
1064 */
1065 if (ipv6_addr_any(saddr))
1066 goto out;
1067
1068 /* Parse ND options */
1069 if (!ndisc_parse_options(skb->dev, rs_msg->opt, ndoptlen, &ndopts)) {
1070 ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n");
1071 goto out;
1072 }
1073
1074 if (ndopts.nd_opts_src_lladdr) {
1075 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1076 skb->dev);
1077 if (!lladdr)
1078 goto out;
1079 }
1080
1081 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1082 if (neigh) {
1083 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1084 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1085 NEIGH_UPDATE_F_OVERRIDE|
1086 NEIGH_UPDATE_F_OVERRIDE_ISROUTER,
1087 NDISC_ROUTER_SOLICITATION, &ndopts);
1088 neigh_release(neigh);
1089 }
1090out:
1091 return;
1092}
1093
1094static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1095{
1096 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1097 struct sk_buff *skb;
1098 struct nlmsghdr *nlh;
1099 struct nduseroptmsg *ndmsg;
1100 struct net *net = dev_net(ra->dev);
1101 int err;
1102 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1103 + (opt->nd_opt_len << 3));
1104 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1105
1106 skb = nlmsg_new(msg_size, GFP_ATOMIC);
1107 if (!skb) {
1108 err = -ENOBUFS;
1109 goto errout;
1110 }
1111
1112 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1113 if (!nlh) {
1114 goto nla_put_failure;
1115 }
1116
1117 ndmsg = nlmsg_data(nlh);
1118 ndmsg->nduseropt_family = AF_INET6;
1119 ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1120 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1121 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1122 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1123
1124 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1125
1126 if (nla_put_in6_addr(skb, NDUSEROPT_SRCADDR, &ipv6_hdr(ra)->saddr))
1127 goto nla_put_failure;
1128 nlmsg_end(skb, nlh);
1129
1130 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1131 return;
1132
1133nla_put_failure:
1134 nlmsg_free(skb);
1135 err = -EMSGSIZE;
1136errout:
1137 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1138}
1139
1140static void ndisc_router_discovery(struct sk_buff *skb)
1141{
1142 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1143 struct neighbour *neigh = NULL;
1144 struct inet6_dev *in6_dev;
1145 struct rt6_info *rt = NULL;
1146 int lifetime;
1147 struct ndisc_options ndopts;
1148 int optlen;
1149 unsigned int pref = 0;
1150 __u32 old_if_flags;
1151 bool send_ifinfo_notify = false;
1152
1153 __u8 *opt = (__u8 *)(ra_msg + 1);
1154
1155 optlen = (skb_tail_pointer(skb) - skb_transport_header(skb)) -
1156 sizeof(struct ra_msg);
1157
1158 ND_PRINTK(2, info,
1159 "RA: %s, dev: %s\n",
1160 __func__, skb->dev->name);
1161 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1162 ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1163 return;
1164 }
1165 if (optlen < 0) {
1166 ND_PRINTK(2, warn, "RA: packet too short\n");
1167 return;
1168 }
1169
1170#ifdef CONFIG_IPV6_NDISC_NODETYPE
1171 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1172 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
1173 return;
1174 }
1175#endif
1176
1177 /*
1178 * set the RA_RECV flag in the interface
1179 */
1180
1181 in6_dev = __in6_dev_get(skb->dev);
1182 if (!in6_dev) {
1183 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1184 skb->dev->name);
1185 return;
1186 }
1187
1188 if (!ndisc_parse_options(skb->dev, opt, optlen, &ndopts)) {
1189 ND_PRINTK(2, warn, "RA: invalid ND options\n");
1190 return;
1191 }
1192
1193 if (!ipv6_accept_ra(in6_dev)) {
1194 ND_PRINTK(2, info,
1195 "RA: %s, did not accept ra for dev: %s\n",
1196 __func__, skb->dev->name);
1197 goto skip_linkparms;
1198 }
1199
1200#ifdef CONFIG_IPV6_NDISC_NODETYPE
1201 /* skip link-specific parameters from interior routers */
1202 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1203 ND_PRINTK(2, info,
1204 "RA: %s, nodetype is NODEFAULT, dev: %s\n",
1205 __func__, skb->dev->name);
1206 goto skip_linkparms;
1207 }
1208#endif
1209
1210 if (in6_dev->if_flags & IF_RS_SENT) {
1211 /*
1212 * flag that an RA was received after an RS was sent
1213 * out on this interface.
1214 */
1215 in6_dev->if_flags |= IF_RA_RCVD;
1216 }
1217
1218 /*
1219 * Remember the managed/otherconf flags from most recently
1220 * received RA message (RFC 2462) -- yoshfuji
1221 */
1222 old_if_flags = in6_dev->if_flags;
1223 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1224 IF_RA_OTHERCONF)) |
1225 (ra_msg->icmph.icmp6_addrconf_managed ?
1226 IF_RA_MANAGED : 0) |
1227 (ra_msg->icmph.icmp6_addrconf_other ?
1228 IF_RA_OTHERCONF : 0);
1229
1230 if (old_if_flags != in6_dev->if_flags)
1231 send_ifinfo_notify = true;
1232
1233 if (!in6_dev->cnf.accept_ra_defrtr) {
1234 ND_PRINTK(2, info,
1235 "RA: %s, defrtr is false for dev: %s\n",
1236 __func__, skb->dev->name);
1237 goto skip_defrtr;
1238 }
1239
1240 /* Do not accept RA with source-addr found on local machine unless
1241 * accept_ra_from_local is set to true.
1242 */
1243 if (!in6_dev->cnf.accept_ra_from_local &&
1244 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
1245 in6_dev->dev, 0)) {
1246 ND_PRINTK(2, info,
1247 "RA from local address detected on dev: %s: default router ignored\n",
1248 skb->dev->name);
1249 goto skip_defrtr;
1250 }
1251
1252 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1253
1254#ifdef CONFIG_IPV6_ROUTER_PREF
1255 pref = ra_msg->icmph.icmp6_router_pref;
1256 /* 10b is handled as if it were 00b (medium) */
1257 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1258 !in6_dev->cnf.accept_ra_rtr_pref)
1259 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1260#endif
1261
1262 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1263
1264 if (rt) {
1265 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1266 if (!neigh) {
1267 ND_PRINTK(0, err,
1268 "RA: %s got default router without neighbour\n",
1269 __func__);
1270 ip6_rt_put(rt);
1271 return;
1272 }
1273 }
1274 if (rt && lifetime == 0) {
1275 ip6_del_rt(rt);
1276 rt = NULL;
1277 }
1278
1279 ND_PRINTK(3, info, "RA: rt: %p lifetime: %d, for dev: %s\n",
1280 rt, lifetime, skb->dev->name);
1281 if (!rt && lifetime) {
1282 ND_PRINTK(3, info, "RA: adding default router\n");
1283
1284 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
1285 if (!rt) {
1286 ND_PRINTK(0, err,
1287 "RA: %s failed to add default route\n",
1288 __func__);
1289 return;
1290 }
1291
1292 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1293 if (!neigh) {
1294 ND_PRINTK(0, err,
1295 "RA: %s got default router without neighbour\n",
1296 __func__);
1297 ip6_rt_put(rt);
1298 return;
1299 }
1300 neigh->flags |= NTF_ROUTER;
1301 } else if (rt) {
1302 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1303 }
1304
1305 if (rt)
1306 rt6_set_expires(rt, jiffies + (HZ * lifetime));
1307 if (in6_dev->cnf.accept_ra_min_hop_limit < 256 &&
1308 ra_msg->icmph.icmp6_hop_limit) {
1309 if (in6_dev->cnf.accept_ra_min_hop_limit <= ra_msg->icmph.icmp6_hop_limit) {
1310 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1311 if (rt)
1312 dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
1313 ra_msg->icmph.icmp6_hop_limit);
1314 } else {
1315 ND_PRINTK(2, warn, "RA: Got route advertisement with lower hop_limit than minimum\n");
1316 }
1317 }
1318
1319skip_defrtr:
1320
1321 /*
1322 * Update Reachable Time and Retrans Timer
1323 */
1324
1325 if (in6_dev->nd_parms) {
1326 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1327
1328 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1329 rtime = (rtime*HZ)/1000;
1330 if (rtime < HZ/10)
1331 rtime = HZ/10;
1332 NEIGH_VAR_SET(in6_dev->nd_parms, RETRANS_TIME, rtime);
1333 in6_dev->tstamp = jiffies;
1334 send_ifinfo_notify = true;
1335 }
1336
1337 rtime = ntohl(ra_msg->reachable_time);
1338 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1339 rtime = (rtime*HZ)/1000;
1340
1341 if (rtime < HZ/10)
1342 rtime = HZ/10;
1343
1344 if (rtime != NEIGH_VAR(in6_dev->nd_parms, BASE_REACHABLE_TIME)) {
1345 NEIGH_VAR_SET(in6_dev->nd_parms,
1346 BASE_REACHABLE_TIME, rtime);
1347 NEIGH_VAR_SET(in6_dev->nd_parms,
1348 GC_STALETIME, 3 * rtime);
1349 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1350 in6_dev->tstamp = jiffies;
1351 send_ifinfo_notify = true;
1352 }
1353 }
1354 }
1355
1356 /*
1357 * Send a notify if RA changed managed/otherconf flags or timer settings
1358 */
1359 if (send_ifinfo_notify)
1360 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1361
1362skip_linkparms:
1363
1364 /*
1365 * Process options.
1366 */
1367
1368 if (!neigh)
1369 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1370 skb->dev, 1);
1371 if (neigh) {
1372 u8 *lladdr = NULL;
1373 if (ndopts.nd_opts_src_lladdr) {
1374 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1375 skb->dev);
1376 if (!lladdr) {
1377 ND_PRINTK(2, warn,
1378 "RA: invalid link-layer address length\n");
1379 goto out;
1380 }
1381 }
1382 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1383 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1384 NEIGH_UPDATE_F_OVERRIDE|
1385 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1386 NEIGH_UPDATE_F_ISROUTER,
1387 NDISC_ROUTER_ADVERTISEMENT, &ndopts);
1388 }
1389
1390 if (!ipv6_accept_ra(in6_dev)) {
1391 ND_PRINTK(2, info,
1392 "RA: %s, accept_ra is false for dev: %s\n",
1393 __func__, skb->dev->name);
1394 goto out;
1395 }
1396
1397#ifdef CONFIG_IPV6_ROUTE_INFO
1398 if (!in6_dev->cnf.accept_ra_from_local &&
1399 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
1400 in6_dev->dev, 0)) {
1401 ND_PRINTK(2, info,
1402 "RA from local address detected on dev: %s: router info ignored.\n",
1403 skb->dev->name);
1404 goto skip_routeinfo;
1405 }
1406
1407 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1408 struct nd_opt_hdr *p;
1409 for (p = ndopts.nd_opts_ri;
1410 p;
1411 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1412 struct route_info *ri = (struct route_info *)p;
1413#ifdef CONFIG_IPV6_NDISC_NODETYPE
1414 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1415 ri->prefix_len == 0)
1416 continue;
1417#endif
1418 if (ri->prefix_len == 0 &&
1419 !in6_dev->cnf.accept_ra_defrtr)
1420 continue;
1421 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1422 continue;
1423 rt6_route_rcv(skb->dev, (u8 *)p, (p->nd_opt_len) << 3,
1424 &ipv6_hdr(skb)->saddr);
1425 }
1426 }
1427
1428skip_routeinfo:
1429#endif
1430
1431#ifdef CONFIG_IPV6_NDISC_NODETYPE
1432 /* skip link-specific ndopts from interior routers */
1433 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1434 ND_PRINTK(2, info,
1435 "RA: %s, nodetype is NODEFAULT (interior routes), dev: %s\n",
1436 __func__, skb->dev->name);
1437 goto out;
1438 }
1439#endif
1440
1441 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1442 struct nd_opt_hdr *p;
1443 for (p = ndopts.nd_opts_pi;
1444 p;
1445 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1446 addrconf_prefix_rcv(skb->dev, (u8 *)p,
1447 (p->nd_opt_len) << 3,
1448 ndopts.nd_opts_src_lladdr != NULL);
1449 }
1450 }
1451
1452 if (ndopts.nd_opts_mtu && in6_dev->cnf.accept_ra_mtu) {
1453 __be32 n;
1454 u32 mtu;
1455
1456 memcpy(&n, ((u8 *)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1457 mtu = ntohl(n);
1458
1459 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1460 ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1461 } else if (in6_dev->cnf.mtu6 != mtu) {
1462 in6_dev->cnf.mtu6 = mtu;
1463
1464 if (rt)
1465 dst_metric_set(&rt->dst, RTAX_MTU, mtu);
1466
1467 rt6_mtu_change(skb->dev, mtu);
1468 }
1469 }
1470
1471 if (ndopts.nd_useropts) {
1472 struct nd_opt_hdr *p;
1473 for (p = ndopts.nd_useropts;
1474 p;
1475 p = ndisc_next_useropt(skb->dev, p,
1476 ndopts.nd_useropts_end)) {
1477 ndisc_ra_useropt(skb, p);
1478 }
1479 }
1480
1481 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1482 ND_PRINTK(2, warn, "RA: invalid RA options\n");
1483 }
1484out:
1485 ip6_rt_put(rt);
1486 if (neigh)
1487 neigh_release(neigh);
1488}
1489
1490static void ndisc_redirect_rcv(struct sk_buff *skb)
1491{
1492 u8 *hdr;
1493 struct ndisc_options ndopts;
1494 struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb);
1495 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
1496 offsetof(struct rd_msg, opt));
1497
1498#ifdef CONFIG_IPV6_NDISC_NODETYPE
1499 switch (skb->ndisc_nodetype) {
1500 case NDISC_NODETYPE_HOST:
1501 case NDISC_NODETYPE_NODEFAULT:
1502 ND_PRINTK(2, warn,
1503 "Redirect: from host or unauthorized router\n");
1504 return;
1505 }
1506#endif
1507
1508 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1509 ND_PRINTK(2, warn,
1510 "Redirect: source address is not link-local\n");
1511 return;
1512 }
1513
1514 if (!ndisc_parse_options(skb->dev, msg->opt, ndoptlen, &ndopts))
1515 return;
1516
1517 if (!ndopts.nd_opts_rh) {
1518 ip6_redirect_no_header(skb, dev_net(skb->dev),
1519 skb->dev->ifindex, 0);
1520 return;
1521 }
1522
1523 hdr = (u8 *)ndopts.nd_opts_rh;
1524 hdr += 8;
1525 if (!pskb_pull(skb, hdr - skb_transport_header(skb)))
1526 return;
1527
1528 icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1529}
1530
1531static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb,
1532 struct sk_buff *orig_skb,
1533 int rd_len)
1534{
1535 u8 *opt = skb_put(skb, rd_len);
1536
1537 memset(opt, 0, 8);
1538 *(opt++) = ND_OPT_REDIRECT_HDR;
1539 *(opt++) = (rd_len >> 3);
1540 opt += 6;
1541
1542 memcpy(opt, ipv6_hdr(orig_skb), rd_len - 8);
1543}
1544
1545void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1546{
1547 struct net_device *dev = skb->dev;
1548 struct net *net = dev_net(dev);
1549 struct sock *sk = net->ipv6.ndisc_sk;
1550 int optlen = 0;
1551 struct inet_peer *peer;
1552 struct sk_buff *buff;
1553 struct rd_msg *msg;
1554 struct in6_addr saddr_buf;
1555 struct rt6_info *rt;
1556 struct dst_entry *dst;
1557 struct flowi6 fl6;
1558 int rd_len;
1559 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL,
1560 ops_data_buf[NDISC_OPS_REDIRECT_DATA_SPACE], *ops_data = NULL;
1561 bool ret;
1562
1563 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1564 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1565 dev->name);
1566 return;
1567 }
1568
1569 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1570 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1571 ND_PRINTK(2, warn,
1572 "Redirect: target address is not link-local unicast\n");
1573 return;
1574 }
1575
1576 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1577 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1578
1579 dst = ip6_route_output(net, NULL, &fl6);
1580 if (dst->error) {
1581 dst_release(dst);
1582 return;
1583 }
1584 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1585 if (IS_ERR(dst))
1586 return;
1587
1588 rt = (struct rt6_info *) dst;
1589
1590 if (rt->rt6i_flags & RTF_GATEWAY) {
1591 ND_PRINTK(2, warn,
1592 "Redirect: destination is not a neighbour\n");
1593 goto release;
1594 }
1595 peer = inet_getpeer_v6(net->ipv6.peers, &ipv6_hdr(skb)->saddr, 1);
1596 ret = inet_peer_xrlim_allow(peer, 1*HZ);
1597 if (peer)
1598 inet_putpeer(peer);
1599 if (!ret)
1600 goto release;
1601
1602 if (dev->addr_len) {
1603 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1604 if (!neigh) {
1605 ND_PRINTK(2, warn,
1606 "Redirect: no neigh for target address\n");
1607 goto release;
1608 }
1609
1610 read_lock_bh(&neigh->lock);
1611 if (neigh->nud_state & NUD_VALID) {
1612 memcpy(ha_buf, neigh->ha, dev->addr_len);
1613 read_unlock_bh(&neigh->lock);
1614 ha = ha_buf;
1615 optlen += ndisc_redirect_opt_addr_space(dev, neigh,
1616 ops_data_buf,
1617 &ops_data);
1618 } else
1619 read_unlock_bh(&neigh->lock);
1620
1621 neigh_release(neigh);
1622 }
1623
1624 rd_len = min_t(unsigned int,
1625 IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen,
1626 skb->len + 8);
1627 rd_len &= ~0x7;
1628 optlen += rd_len;
1629
1630 buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
1631 if (!buff)
1632 goto release;
1633
1634 msg = (struct rd_msg *)skb_put(buff, sizeof(*msg));
1635 *msg = (struct rd_msg) {
1636 .icmph = {
1637 .icmp6_type = NDISC_REDIRECT,
1638 },
1639 .target = *target,
1640 .dest = ipv6_hdr(skb)->daddr,
1641 };
1642
1643 /*
1644 * include target_address option
1645 */
1646
1647 if (ha)
1648 ndisc_fill_redirect_addr_option(buff, ha, ops_data);
1649
1650 /*
1651 * build redirect option and copy skb over to the new packet.
1652 */
1653
1654 if (rd_len)
1655 ndisc_fill_redirect_hdr_option(buff, skb, rd_len);
1656
1657 skb_dst_set(buff, dst);
1658 ndisc_send_skb(buff, &ipv6_hdr(skb)->saddr, &saddr_buf);
1659 return;
1660
1661release:
1662 dst_release(dst);
1663}
1664
1665static void pndisc_redo(struct sk_buff *skb)
1666{
1667 ndisc_recv_ns(skb);
1668 kfree_skb(skb);
1669}
1670
1671static bool ndisc_suppress_frag_ndisc(struct sk_buff *skb)
1672{
1673 struct inet6_dev *idev = __in6_dev_get(skb->dev);
1674
1675 if (!idev)
1676 return true;
1677 if (IP6CB(skb)->flags & IP6SKB_FRAGMENTED &&
1678 idev->cnf.suppress_frag_ndisc) {
1679 net_warn_ratelimited("Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.\n");
1680 return true;
1681 }
1682 return false;
1683}
1684
1685int ndisc_rcv(struct sk_buff *skb)
1686{
1687 struct nd_msg *msg;
1688
1689 if (ndisc_suppress_frag_ndisc(skb))
1690 return 0;
1691
1692 if (skb_linearize(skb))
1693 return 0;
1694
1695 msg = (struct nd_msg *)skb_transport_header(skb);
1696
1697 __skb_push(skb, skb->data - skb_transport_header(skb));
1698
1699 if (ipv6_hdr(skb)->hop_limit != 255) {
1700 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1701 ipv6_hdr(skb)->hop_limit);
1702 return 0;
1703 }
1704
1705 if (msg->icmph.icmp6_code != 0) {
1706 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1707 msg->icmph.icmp6_code);
1708 return 0;
1709 }
1710
1711 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1712
1713 switch (msg->icmph.icmp6_type) {
1714 case NDISC_NEIGHBOUR_SOLICITATION:
1715 ndisc_recv_ns(skb);
1716 break;
1717
1718 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1719 ndisc_recv_na(skb);
1720 break;
1721
1722 case NDISC_ROUTER_SOLICITATION:
1723 ndisc_recv_rs(skb);
1724 break;
1725
1726 case NDISC_ROUTER_ADVERTISEMENT:
1727 ndisc_router_discovery(skb);
1728 break;
1729
1730 case NDISC_REDIRECT:
1731 ndisc_redirect_rcv(skb);
1732 break;
1733 }
1734
1735 return 0;
1736}
1737
1738static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1739{
1740 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1741 struct netdev_notifier_change_info *change_info;
1742 struct net *net = dev_net(dev);
1743 struct inet6_dev *idev;
1744
1745 switch (event) {
1746 case NETDEV_CHANGEADDR:
1747 neigh_changeaddr(&nd_tbl, dev);
1748 fib6_run_gc(0, net, false);
1749 idev = in6_dev_get(dev);
1750 if (!idev)
1751 break;
1752 if (idev->cnf.ndisc_notify)
1753 ndisc_send_unsol_na(dev);
1754 in6_dev_put(idev);
1755 break;
1756 case NETDEV_CHANGE:
1757 change_info = ptr;
1758 if (change_info->flags_changed & IFF_NOARP)
1759 neigh_changeaddr(&nd_tbl, dev);
1760 break;
1761 case NETDEV_DOWN:
1762 neigh_ifdown(&nd_tbl, dev);
1763 fib6_run_gc(0, net, false);
1764 break;
1765 case NETDEV_NOTIFY_PEERS:
1766 ndisc_send_unsol_na(dev);
1767 break;
1768 default:
1769 break;
1770 }
1771
1772 return NOTIFY_DONE;
1773}
1774
1775static struct notifier_block ndisc_netdev_notifier = {
1776 .notifier_call = ndisc_netdev_event,
1777};
1778
1779#ifdef CONFIG_SYSCTL
1780static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1781 const char *func, const char *dev_name)
1782{
1783 static char warncomm[TASK_COMM_LEN];
1784 static int warned;
1785 if (strcmp(warncomm, current->comm) && warned < 5) {
1786 strcpy(warncomm, current->comm);
1787 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1788 warncomm, func,
1789 dev_name, ctl->procname,
1790 dev_name, ctl->procname);
1791 warned++;
1792 }
1793}
1794
1795int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
1796{
1797 struct net_device *dev = ctl->extra1;
1798 struct inet6_dev *idev;
1799 int ret;
1800
1801 if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1802 (strcmp(ctl->procname, "base_reachable_time") == 0))
1803 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1804
1805 if (strcmp(ctl->procname, "retrans_time") == 0)
1806 ret = neigh_proc_dointvec(ctl, write, buffer, lenp, ppos);
1807
1808 else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1809 ret = neigh_proc_dointvec_jiffies(ctl, write,
1810 buffer, lenp, ppos);
1811
1812 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1813 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1814 ret = neigh_proc_dointvec_ms_jiffies(ctl, write,
1815 buffer, lenp, ppos);
1816 else
1817 ret = -1;
1818
1819 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1820 if (ctl->data == &NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME))
1821 idev->nd_parms->reachable_time =
1822 neigh_rand_reach_time(NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME));
1823 idev->tstamp = jiffies;
1824 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1825 in6_dev_put(idev);
1826 }
1827 return ret;
1828}
1829
1830
1831#endif
1832
1833static int __net_init ndisc_net_init(struct net *net)
1834{
1835 struct ipv6_pinfo *np;
1836 struct sock *sk;
1837 int err;
1838
1839 err = inet_ctl_sock_create(&sk, PF_INET6,
1840 SOCK_RAW, IPPROTO_ICMPV6, net);
1841 if (err < 0) {
1842 ND_PRINTK(0, err,
1843 "NDISC: Failed to initialize the control socket (err %d)\n",
1844 err);
1845 return err;
1846 }
1847
1848 net->ipv6.ndisc_sk = sk;
1849
1850 np = inet6_sk(sk);
1851 np->hop_limit = 255;
1852 /* Do not loopback ndisc messages */
1853 np->mc_loop = 0;
1854
1855 return 0;
1856}
1857
1858static void __net_exit ndisc_net_exit(struct net *net)
1859{
1860 inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1861}
1862
1863static struct pernet_operations ndisc_net_ops = {
1864 .init = ndisc_net_init,
1865 .exit = ndisc_net_exit,
1866};
1867
1868int __init ndisc_init(void)
1869{
1870 int err;
1871
1872 err = register_pernet_subsys(&ndisc_net_ops);
1873 if (err)
1874 return err;
1875 /*
1876 * Initialize the neighbour table
1877 */
1878 neigh_table_init(NEIGH_ND_TABLE, &nd_tbl);
1879
1880#ifdef CONFIG_SYSCTL
1881 err = neigh_sysctl_register(NULL, &nd_tbl.parms,
1882 ndisc_ifinfo_sysctl_change);
1883 if (err)
1884 goto out_unregister_pernet;
1885out:
1886#endif
1887 return err;
1888
1889#ifdef CONFIG_SYSCTL
1890out_unregister_pernet:
1891 unregister_pernet_subsys(&ndisc_net_ops);
1892 goto out;
1893#endif
1894}
1895
1896int __init ndisc_late_init(void)
1897{
1898 return register_netdevice_notifier(&ndisc_netdev_notifier);
1899}
1900
1901void ndisc_late_cleanup(void)
1902{
1903 unregister_netdevice_notifier(&ndisc_netdev_notifier);
1904}
1905
1906void ndisc_cleanup(void)
1907{
1908#ifdef CONFIG_SYSCTL
1909 neigh_sysctl_unregister(&nd_tbl.parms);
1910#endif
1911 neigh_table_clear(NEIGH_ND_TABLE, &nd_tbl);
1912 unregister_pernet_subsys(&ndisc_net_ops);
1913}