Loading...
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * Neighbour Discovery for IPv6
4 * Linux INET6 implementation
5 *
6 * Authors:
7 * Pedro Roque <roque@di.fc.ul.pt>
8 * Mike Shaver <shaver@ingenia.com>
9 */
10
11/*
12 * Changes:
13 *
14 * Alexey I. Froloff : RFC6106 (DNSSL) support
15 * Pierre Ynard : export userland ND options
16 * through netlink (RDNSS support)
17 * Lars Fenneberg : fixed MTU setting on receipt
18 * of an RA.
19 * Janos Farkas : kmalloc failure checks
20 * Alexey Kuznetsov : state machine reworked
21 * and moved to net/core.
22 * Pekka Savola : RFC2461 validation
23 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly
24 */
25
26#define pr_fmt(fmt) "ICMPv6: " fmt
27
28#include <linux/module.h>
29#include <linux/errno.h>
30#include <linux/types.h>
31#include <linux/socket.h>
32#include <linux/sockios.h>
33#include <linux/sched.h>
34#include <linux/net.h>
35#include <linux/in6.h>
36#include <linux/route.h>
37#include <linux/init.h>
38#include <linux/rcupdate.h>
39#include <linux/slab.h>
40#ifdef CONFIG_SYSCTL
41#include <linux/sysctl.h>
42#endif
43
44#include <linux/if_addr.h>
45#include <linux/if_ether.h>
46#include <linux/if_arp.h>
47#include <linux/ipv6.h>
48#include <linux/icmpv6.h>
49#include <linux/jhash.h>
50
51#include <net/sock.h>
52#include <net/snmp.h>
53
54#include <net/ipv6.h>
55#include <net/protocol.h>
56#include <net/ndisc.h>
57#include <net/ip6_route.h>
58#include <net/addrconf.h>
59#include <net/icmp.h>
60
61#include <net/netlink.h>
62#include <linux/rtnetlink.h>
63
64#include <net/flow.h>
65#include <net/ip6_checksum.h>
66#include <net/inet_common.h>
67#include <linux/proc_fs.h>
68
69#include <linux/netfilter.h>
70#include <linux/netfilter_ipv6.h>
71
72static u32 ndisc_hash(const void *pkey,
73 const struct net_device *dev,
74 __u32 *hash_rnd);
75static bool ndisc_key_eq(const struct neighbour *neigh, const void *pkey);
76static bool ndisc_allow_add(const struct net_device *dev,
77 struct netlink_ext_ack *extack);
78static int ndisc_constructor(struct neighbour *neigh);
79static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
80static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
81static int pndisc_constructor(struct pneigh_entry *n);
82static void pndisc_destructor(struct pneigh_entry *n);
83static void pndisc_redo(struct sk_buff *skb);
84static int ndisc_is_multicast(const void *pkey);
85
86static const struct neigh_ops ndisc_generic_ops = {
87 .family = AF_INET6,
88 .solicit = ndisc_solicit,
89 .error_report = ndisc_error_report,
90 .output = neigh_resolve_output,
91 .connected_output = neigh_connected_output,
92};
93
94static const struct neigh_ops ndisc_hh_ops = {
95 .family = AF_INET6,
96 .solicit = ndisc_solicit,
97 .error_report = ndisc_error_report,
98 .output = neigh_resolve_output,
99 .connected_output = neigh_resolve_output,
100};
101
102
103static const struct neigh_ops ndisc_direct_ops = {
104 .family = AF_INET6,
105 .output = neigh_direct_output,
106 .connected_output = neigh_direct_output,
107};
108
109struct neigh_table nd_tbl = {
110 .family = AF_INET6,
111 .key_len = sizeof(struct in6_addr),
112 .protocol = cpu_to_be16(ETH_P_IPV6),
113 .hash = ndisc_hash,
114 .key_eq = ndisc_key_eq,
115 .constructor = ndisc_constructor,
116 .pconstructor = pndisc_constructor,
117 .pdestructor = pndisc_destructor,
118 .proxy_redo = pndisc_redo,
119 .is_multicast = ndisc_is_multicast,
120 .allow_add = ndisc_allow_add,
121 .id = "ndisc_cache",
122 .parms = {
123 .tbl = &nd_tbl,
124 .reachable_time = ND_REACHABLE_TIME,
125 .data = {
126 [NEIGH_VAR_MCAST_PROBES] = 3,
127 [NEIGH_VAR_UCAST_PROBES] = 3,
128 [NEIGH_VAR_RETRANS_TIME] = ND_RETRANS_TIMER,
129 [NEIGH_VAR_BASE_REACHABLE_TIME] = ND_REACHABLE_TIME,
130 [NEIGH_VAR_DELAY_PROBE_TIME] = 5 * HZ,
131 [NEIGH_VAR_GC_STALETIME] = 60 * HZ,
132 [NEIGH_VAR_QUEUE_LEN_BYTES] = SK_WMEM_MAX,
133 [NEIGH_VAR_PROXY_QLEN] = 64,
134 [NEIGH_VAR_ANYCAST_DELAY] = 1 * HZ,
135 [NEIGH_VAR_PROXY_DELAY] = (8 * HZ) / 10,
136 },
137 },
138 .gc_interval = 30 * HZ,
139 .gc_thresh1 = 128,
140 .gc_thresh2 = 512,
141 .gc_thresh3 = 1024,
142};
143EXPORT_SYMBOL_GPL(nd_tbl);
144
145void __ndisc_fill_addr_option(struct sk_buff *skb, int type, void *data,
146 int data_len, int pad)
147{
148 int space = __ndisc_opt_addr_space(data_len, pad);
149 u8 *opt = skb_put(skb, space);
150
151 opt[0] = type;
152 opt[1] = space>>3;
153
154 memset(opt + 2, 0, pad);
155 opt += pad;
156 space -= pad;
157
158 memcpy(opt+2, data, data_len);
159 data_len += 2;
160 opt += data_len;
161 space -= data_len;
162 if (space > 0)
163 memset(opt, 0, space);
164}
165EXPORT_SYMBOL_GPL(__ndisc_fill_addr_option);
166
167static inline void ndisc_fill_addr_option(struct sk_buff *skb, int type,
168 void *data, u8 icmp6_type)
169{
170 __ndisc_fill_addr_option(skb, type, data, skb->dev->addr_len,
171 ndisc_addr_option_pad(skb->dev->type));
172 ndisc_ops_fill_addr_option(skb->dev, skb, icmp6_type);
173}
174
175static inline void ndisc_fill_redirect_addr_option(struct sk_buff *skb,
176 void *ha,
177 const u8 *ops_data)
178{
179 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR, ha, NDISC_REDIRECT);
180 ndisc_ops_fill_redirect_addr_option(skb->dev, skb, ops_data);
181}
182
183static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
184 struct nd_opt_hdr *end)
185{
186 int type;
187 if (!cur || !end || cur >= end)
188 return NULL;
189 type = cur->nd_opt_type;
190 do {
191 cur = ((void *)cur) + (cur->nd_opt_len << 3);
192 } while (cur < end && cur->nd_opt_type != type);
193 return cur <= end && cur->nd_opt_type == type ? cur : NULL;
194}
195
196static inline int ndisc_is_useropt(const struct net_device *dev,
197 struct nd_opt_hdr *opt)
198{
199 return opt->nd_opt_type == ND_OPT_RDNSS ||
200 opt->nd_opt_type == ND_OPT_DNSSL ||
201 opt->nd_opt_type == ND_OPT_CAPTIVE_PORTAL ||
202 opt->nd_opt_type == ND_OPT_PREF64 ||
203 ndisc_ops_is_useropt(dev, opt->nd_opt_type);
204}
205
206static struct nd_opt_hdr *ndisc_next_useropt(const struct net_device *dev,
207 struct nd_opt_hdr *cur,
208 struct nd_opt_hdr *end)
209{
210 if (!cur || !end || cur >= end)
211 return NULL;
212 do {
213 cur = ((void *)cur) + (cur->nd_opt_len << 3);
214 } while (cur < end && !ndisc_is_useropt(dev, cur));
215 return cur <= end && ndisc_is_useropt(dev, cur) ? cur : NULL;
216}
217
218struct ndisc_options *ndisc_parse_options(const struct net_device *dev,
219 u8 *opt, int opt_len,
220 struct ndisc_options *ndopts)
221{
222 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
223
224 if (!nd_opt || opt_len < 0 || !ndopts)
225 return NULL;
226 memset(ndopts, 0, sizeof(*ndopts));
227 while (opt_len) {
228 int l;
229 if (opt_len < sizeof(struct nd_opt_hdr))
230 return NULL;
231 l = nd_opt->nd_opt_len << 3;
232 if (opt_len < l || l == 0)
233 return NULL;
234 if (ndisc_ops_parse_options(dev, nd_opt, ndopts))
235 goto next_opt;
236 switch (nd_opt->nd_opt_type) {
237 case ND_OPT_SOURCE_LL_ADDR:
238 case ND_OPT_TARGET_LL_ADDR:
239 case ND_OPT_MTU:
240 case ND_OPT_NONCE:
241 case ND_OPT_REDIRECT_HDR:
242 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
243 ND_PRINTK(2, warn,
244 "%s: duplicated ND6 option found: type=%d\n",
245 __func__, nd_opt->nd_opt_type);
246 } else {
247 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
248 }
249 break;
250 case ND_OPT_PREFIX_INFO:
251 ndopts->nd_opts_pi_end = nd_opt;
252 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
253 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
254 break;
255#ifdef CONFIG_IPV6_ROUTE_INFO
256 case ND_OPT_ROUTE_INFO:
257 ndopts->nd_opts_ri_end = nd_opt;
258 if (!ndopts->nd_opts_ri)
259 ndopts->nd_opts_ri = nd_opt;
260 break;
261#endif
262 default:
263 if (ndisc_is_useropt(dev, nd_opt)) {
264 ndopts->nd_useropts_end = nd_opt;
265 if (!ndopts->nd_useropts)
266 ndopts->nd_useropts = nd_opt;
267 } else {
268 /*
269 * Unknown options must be silently ignored,
270 * to accommodate future extension to the
271 * protocol.
272 */
273 ND_PRINTK(2, notice,
274 "%s: ignored unsupported option; type=%d, len=%d\n",
275 __func__,
276 nd_opt->nd_opt_type,
277 nd_opt->nd_opt_len);
278 }
279 }
280next_opt:
281 opt_len -= l;
282 nd_opt = ((void *)nd_opt) + l;
283 }
284 return ndopts;
285}
286
287int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
288{
289 switch (dev->type) {
290 case ARPHRD_ETHER:
291 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */
292 case ARPHRD_FDDI:
293 ipv6_eth_mc_map(addr, buf);
294 return 0;
295 case ARPHRD_ARCNET:
296 ipv6_arcnet_mc_map(addr, buf);
297 return 0;
298 case ARPHRD_INFINIBAND:
299 ipv6_ib_mc_map(addr, dev->broadcast, buf);
300 return 0;
301 case ARPHRD_IPGRE:
302 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
303 default:
304 if (dir) {
305 memcpy(buf, dev->broadcast, dev->addr_len);
306 return 0;
307 }
308 }
309 return -EINVAL;
310}
311EXPORT_SYMBOL(ndisc_mc_map);
312
313static u32 ndisc_hash(const void *pkey,
314 const struct net_device *dev,
315 __u32 *hash_rnd)
316{
317 return ndisc_hashfn(pkey, dev, hash_rnd);
318}
319
320static bool ndisc_key_eq(const struct neighbour *n, const void *pkey)
321{
322 return neigh_key_eq128(n, pkey);
323}
324
325static int ndisc_constructor(struct neighbour *neigh)
326{
327 struct in6_addr *addr = (struct in6_addr *)&neigh->primary_key;
328 struct net_device *dev = neigh->dev;
329 struct inet6_dev *in6_dev;
330 struct neigh_parms *parms;
331 bool is_multicast = ipv6_addr_is_multicast(addr);
332
333 in6_dev = in6_dev_get(dev);
334 if (!in6_dev) {
335 return -EINVAL;
336 }
337
338 parms = in6_dev->nd_parms;
339 __neigh_parms_put(neigh->parms);
340 neigh->parms = neigh_parms_clone(parms);
341
342 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
343 if (!dev->header_ops) {
344 neigh->nud_state = NUD_NOARP;
345 neigh->ops = &ndisc_direct_ops;
346 neigh->output = neigh_direct_output;
347 } else {
348 if (is_multicast) {
349 neigh->nud_state = NUD_NOARP;
350 ndisc_mc_map(addr, neigh->ha, dev, 1);
351 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
352 neigh->nud_state = NUD_NOARP;
353 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
354 if (dev->flags&IFF_LOOPBACK)
355 neigh->type = RTN_LOCAL;
356 } else if (dev->flags&IFF_POINTOPOINT) {
357 neigh->nud_state = NUD_NOARP;
358 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
359 }
360 if (dev->header_ops->cache)
361 neigh->ops = &ndisc_hh_ops;
362 else
363 neigh->ops = &ndisc_generic_ops;
364 if (neigh->nud_state&NUD_VALID)
365 neigh->output = neigh->ops->connected_output;
366 else
367 neigh->output = neigh->ops->output;
368 }
369 in6_dev_put(in6_dev);
370 return 0;
371}
372
373static int pndisc_constructor(struct pneigh_entry *n)
374{
375 struct in6_addr *addr = (struct in6_addr *)&n->key;
376 struct in6_addr maddr;
377 struct net_device *dev = n->dev;
378
379 if (!dev || !__in6_dev_get(dev))
380 return -EINVAL;
381 addrconf_addr_solict_mult(addr, &maddr);
382 ipv6_dev_mc_inc(dev, &maddr);
383 return 0;
384}
385
386static void pndisc_destructor(struct pneigh_entry *n)
387{
388 struct in6_addr *addr = (struct in6_addr *)&n->key;
389 struct in6_addr maddr;
390 struct net_device *dev = n->dev;
391
392 if (!dev || !__in6_dev_get(dev))
393 return;
394 addrconf_addr_solict_mult(addr, &maddr);
395 ipv6_dev_mc_dec(dev, &maddr);
396}
397
398/* called with rtnl held */
399static bool ndisc_allow_add(const struct net_device *dev,
400 struct netlink_ext_ack *extack)
401{
402 struct inet6_dev *idev = __in6_dev_get(dev);
403
404 if (!idev || idev->cnf.disable_ipv6) {
405 NL_SET_ERR_MSG(extack, "IPv6 is disabled on this device");
406 return false;
407 }
408
409 return true;
410}
411
412static struct sk_buff *ndisc_alloc_skb(struct net_device *dev,
413 int len)
414{
415 int hlen = LL_RESERVED_SPACE(dev);
416 int tlen = dev->needed_tailroom;
417 struct sock *sk = dev_net(dev)->ipv6.ndisc_sk;
418 struct sk_buff *skb;
419
420 skb = alloc_skb(hlen + sizeof(struct ipv6hdr) + len + tlen, GFP_ATOMIC);
421 if (!skb) {
422 ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb\n",
423 __func__);
424 return NULL;
425 }
426
427 skb->protocol = htons(ETH_P_IPV6);
428 skb->dev = dev;
429
430 skb_reserve(skb, hlen + sizeof(struct ipv6hdr));
431 skb_reset_transport_header(skb);
432
433 /* Manually assign socket ownership as we avoid calling
434 * sock_alloc_send_pskb() to bypass wmem buffer limits
435 */
436 skb_set_owner_w(skb, sk);
437
438 return skb;
439}
440
441static void ip6_nd_hdr(struct sk_buff *skb,
442 const struct in6_addr *saddr,
443 const struct in6_addr *daddr,
444 int hop_limit, int len)
445{
446 struct ipv6hdr *hdr;
447 struct inet6_dev *idev;
448 unsigned tclass;
449
450 rcu_read_lock();
451 idev = __in6_dev_get(skb->dev);
452 tclass = idev ? idev->cnf.ndisc_tclass : 0;
453 rcu_read_unlock();
454
455 skb_push(skb, sizeof(*hdr));
456 skb_reset_network_header(skb);
457 hdr = ipv6_hdr(skb);
458
459 ip6_flow_hdr(hdr, tclass, 0);
460
461 hdr->payload_len = htons(len);
462 hdr->nexthdr = IPPROTO_ICMPV6;
463 hdr->hop_limit = hop_limit;
464
465 hdr->saddr = *saddr;
466 hdr->daddr = *daddr;
467}
468
469static void ndisc_send_skb(struct sk_buff *skb,
470 const struct in6_addr *daddr,
471 const struct in6_addr *saddr)
472{
473 struct dst_entry *dst = skb_dst(skb);
474 struct net *net = dev_net(skb->dev);
475 struct sock *sk = net->ipv6.ndisc_sk;
476 struct inet6_dev *idev;
477 int err;
478 struct icmp6hdr *icmp6h = icmp6_hdr(skb);
479 u8 type;
480
481 type = icmp6h->icmp6_type;
482
483 if (!dst) {
484 struct flowi6 fl6;
485 int oif = skb->dev->ifindex;
486
487 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, oif);
488 dst = icmp6_dst_alloc(skb->dev, &fl6);
489 if (IS_ERR(dst)) {
490 kfree_skb(skb);
491 return;
492 }
493
494 skb_dst_set(skb, dst);
495 }
496
497 icmp6h->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len,
498 IPPROTO_ICMPV6,
499 csum_partial(icmp6h,
500 skb->len, 0));
501
502 ip6_nd_hdr(skb, saddr, daddr, inet6_sk(sk)->hop_limit, skb->len);
503
504 rcu_read_lock();
505 idev = __in6_dev_get(dst->dev);
506 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
507
508 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT,
509 net, sk, skb, NULL, dst->dev,
510 dst_output);
511 if (!err) {
512 ICMP6MSGOUT_INC_STATS(net, idev, type);
513 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
514 }
515
516 rcu_read_unlock();
517}
518
519void ndisc_send_na(struct net_device *dev, const struct in6_addr *daddr,
520 const struct in6_addr *solicited_addr,
521 bool router, bool solicited, bool override, bool inc_opt)
522{
523 struct sk_buff *skb;
524 struct in6_addr tmpaddr;
525 struct inet6_ifaddr *ifp;
526 const struct in6_addr *src_addr;
527 struct nd_msg *msg;
528 int optlen = 0;
529
530 /* for anycast or proxy, solicited_addr != src_addr */
531 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
532 if (ifp) {
533 src_addr = solicited_addr;
534 if (ifp->flags & IFA_F_OPTIMISTIC)
535 override = false;
536 inc_opt |= ifp->idev->cnf.force_tllao;
537 in6_ifa_put(ifp);
538 } else {
539 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
540 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
541 &tmpaddr))
542 return;
543 src_addr = &tmpaddr;
544 }
545
546 if (!dev->addr_len)
547 inc_opt = false;
548 if (inc_opt)
549 optlen += ndisc_opt_addr_space(dev,
550 NDISC_NEIGHBOUR_ADVERTISEMENT);
551
552 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
553 if (!skb)
554 return;
555
556 msg = skb_put(skb, sizeof(*msg));
557 *msg = (struct nd_msg) {
558 .icmph = {
559 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
560 .icmp6_router = router,
561 .icmp6_solicited = solicited,
562 .icmp6_override = override,
563 },
564 .target = *solicited_addr,
565 };
566
567 if (inc_opt)
568 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR,
569 dev->dev_addr,
570 NDISC_NEIGHBOUR_ADVERTISEMENT);
571
572 ndisc_send_skb(skb, daddr, src_addr);
573}
574
575static void ndisc_send_unsol_na(struct net_device *dev)
576{
577 struct inet6_dev *idev;
578 struct inet6_ifaddr *ifa;
579
580 idev = in6_dev_get(dev);
581 if (!idev)
582 return;
583
584 read_lock_bh(&idev->lock);
585 list_for_each_entry(ifa, &idev->addr_list, if_list) {
586 /* skip tentative addresses until dad completes */
587 if (ifa->flags & IFA_F_TENTATIVE &&
588 !(ifa->flags & IFA_F_OPTIMISTIC))
589 continue;
590
591 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &ifa->addr,
592 /*router=*/ !!idev->cnf.forwarding,
593 /*solicited=*/ false, /*override=*/ true,
594 /*inc_opt=*/ true);
595 }
596 read_unlock_bh(&idev->lock);
597
598 in6_dev_put(idev);
599}
600
601void ndisc_send_ns(struct net_device *dev, const struct in6_addr *solicit,
602 const struct in6_addr *daddr, const struct in6_addr *saddr,
603 u64 nonce)
604{
605 struct sk_buff *skb;
606 struct in6_addr addr_buf;
607 int inc_opt = dev->addr_len;
608 int optlen = 0;
609 struct nd_msg *msg;
610
611 if (!saddr) {
612 if (ipv6_get_lladdr(dev, &addr_buf,
613 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
614 return;
615 saddr = &addr_buf;
616 }
617
618 if (ipv6_addr_any(saddr))
619 inc_opt = false;
620 if (inc_opt)
621 optlen += ndisc_opt_addr_space(dev,
622 NDISC_NEIGHBOUR_SOLICITATION);
623 if (nonce != 0)
624 optlen += 8;
625
626 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
627 if (!skb)
628 return;
629
630 msg = skb_put(skb, sizeof(*msg));
631 *msg = (struct nd_msg) {
632 .icmph = {
633 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
634 },
635 .target = *solicit,
636 };
637
638 if (inc_opt)
639 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
640 dev->dev_addr,
641 NDISC_NEIGHBOUR_SOLICITATION);
642 if (nonce != 0) {
643 u8 *opt = skb_put(skb, 8);
644
645 opt[0] = ND_OPT_NONCE;
646 opt[1] = 8 >> 3;
647 memcpy(opt + 2, &nonce, 6);
648 }
649
650 ndisc_send_skb(skb, daddr, saddr);
651}
652
653void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
654 const struct in6_addr *daddr)
655{
656 struct sk_buff *skb;
657 struct rs_msg *msg;
658 int send_sllao = dev->addr_len;
659 int optlen = 0;
660
661#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
662 /*
663 * According to section 2.2 of RFC 4429, we must not
664 * send router solicitations with a sllao from
665 * optimistic addresses, but we may send the solicitation
666 * if we don't include the sllao. So here we check
667 * if our address is optimistic, and if so, we
668 * suppress the inclusion of the sllao.
669 */
670 if (send_sllao) {
671 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
672 dev, 1);
673 if (ifp) {
674 if (ifp->flags & IFA_F_OPTIMISTIC) {
675 send_sllao = 0;
676 }
677 in6_ifa_put(ifp);
678 } else {
679 send_sllao = 0;
680 }
681 }
682#endif
683 if (send_sllao)
684 optlen += ndisc_opt_addr_space(dev, NDISC_ROUTER_SOLICITATION);
685
686 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
687 if (!skb)
688 return;
689
690 msg = skb_put(skb, sizeof(*msg));
691 *msg = (struct rs_msg) {
692 .icmph = {
693 .icmp6_type = NDISC_ROUTER_SOLICITATION,
694 },
695 };
696
697 if (send_sllao)
698 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
699 dev->dev_addr,
700 NDISC_ROUTER_SOLICITATION);
701
702 ndisc_send_skb(skb, daddr, saddr);
703}
704
705
706static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
707{
708 /*
709 * "The sender MUST return an ICMP
710 * destination unreachable"
711 */
712 dst_link_failure(skb);
713 kfree_skb(skb);
714}
715
716/* Called with locked neigh: either read or both */
717
718static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
719{
720 struct in6_addr *saddr = NULL;
721 struct in6_addr mcaddr;
722 struct net_device *dev = neigh->dev;
723 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
724 int probes = atomic_read(&neigh->probes);
725
726 if (skb && ipv6_chk_addr_and_flags(dev_net(dev), &ipv6_hdr(skb)->saddr,
727 dev, false, 1,
728 IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))
729 saddr = &ipv6_hdr(skb)->saddr;
730 probes -= NEIGH_VAR(neigh->parms, UCAST_PROBES);
731 if (probes < 0) {
732 if (!(neigh->nud_state & NUD_VALID)) {
733 ND_PRINTK(1, dbg,
734 "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
735 __func__, target);
736 }
737 ndisc_send_ns(dev, target, target, saddr, 0);
738 } else if ((probes -= NEIGH_VAR(neigh->parms, APP_PROBES)) < 0) {
739 neigh_app_ns(neigh);
740 } else {
741 addrconf_addr_solict_mult(target, &mcaddr);
742 ndisc_send_ns(dev, target, &mcaddr, saddr, 0);
743 }
744}
745
746static int pndisc_is_router(const void *pkey,
747 struct net_device *dev)
748{
749 struct pneigh_entry *n;
750 int ret = -1;
751
752 read_lock_bh(&nd_tbl.lock);
753 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
754 if (n)
755 ret = !!(n->flags & NTF_ROUTER);
756 read_unlock_bh(&nd_tbl.lock);
757
758 return ret;
759}
760
761void ndisc_update(const struct net_device *dev, struct neighbour *neigh,
762 const u8 *lladdr, u8 new, u32 flags, u8 icmp6_type,
763 struct ndisc_options *ndopts)
764{
765 neigh_update(neigh, lladdr, new, flags, 0);
766 /* report ndisc ops about neighbour update */
767 ndisc_ops_update(dev, neigh, flags, icmp6_type, ndopts);
768}
769
770static void ndisc_recv_ns(struct sk_buff *skb)
771{
772 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
773 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
774 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
775 u8 *lladdr = NULL;
776 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
777 offsetof(struct nd_msg, opt));
778 struct ndisc_options ndopts;
779 struct net_device *dev = skb->dev;
780 struct inet6_ifaddr *ifp;
781 struct inet6_dev *idev = NULL;
782 struct neighbour *neigh;
783 int dad = ipv6_addr_any(saddr);
784 bool inc;
785 int is_router = -1;
786 u64 nonce = 0;
787
788 if (skb->len < sizeof(struct nd_msg)) {
789 ND_PRINTK(2, warn, "NS: packet too short\n");
790 return;
791 }
792
793 if (ipv6_addr_is_multicast(&msg->target)) {
794 ND_PRINTK(2, warn, "NS: multicast target address\n");
795 return;
796 }
797
798 /*
799 * RFC2461 7.1.1:
800 * DAD has to be destined for solicited node multicast address.
801 */
802 if (dad && !ipv6_addr_is_solict_mult(daddr)) {
803 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
804 return;
805 }
806
807 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
808 ND_PRINTK(2, warn, "NS: invalid ND options\n");
809 return;
810 }
811
812 if (ndopts.nd_opts_src_lladdr) {
813 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
814 if (!lladdr) {
815 ND_PRINTK(2, warn,
816 "NS: invalid link-layer address length\n");
817 return;
818 }
819
820 /* RFC2461 7.1.1:
821 * If the IP source address is the unspecified address,
822 * there MUST NOT be source link-layer address option
823 * in the message.
824 */
825 if (dad) {
826 ND_PRINTK(2, warn,
827 "NS: bad DAD packet (link-layer address option)\n");
828 return;
829 }
830 }
831 if (ndopts.nd_opts_nonce && ndopts.nd_opts_nonce->nd_opt_len == 1)
832 memcpy(&nonce, (u8 *)(ndopts.nd_opts_nonce + 1), 6);
833
834 inc = ipv6_addr_is_multicast(daddr);
835
836 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
837 if (ifp) {
838have_ifp:
839 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
840 if (dad) {
841 if (nonce != 0 && ifp->dad_nonce == nonce) {
842 u8 *np = (u8 *)&nonce;
843 /* Matching nonce if looped back */
844 ND_PRINTK(2, notice,
845 "%s: IPv6 DAD loopback for address %pI6c nonce %pM ignored\n",
846 ifp->idev->dev->name,
847 &ifp->addr, np);
848 goto out;
849 }
850 /*
851 * We are colliding with another node
852 * who is doing DAD
853 * so fail our DAD process
854 */
855 addrconf_dad_failure(skb, ifp);
856 return;
857 } else {
858 /*
859 * This is not a dad solicitation.
860 * If we are an optimistic node,
861 * we should respond.
862 * Otherwise, we should ignore it.
863 */
864 if (!(ifp->flags & IFA_F_OPTIMISTIC))
865 goto out;
866 }
867 }
868
869 idev = ifp->idev;
870 } else {
871 struct net *net = dev_net(dev);
872
873 /* perhaps an address on the master device */
874 if (netif_is_l3_slave(dev)) {
875 struct net_device *mdev;
876
877 mdev = netdev_master_upper_dev_get_rcu(dev);
878 if (mdev) {
879 ifp = ipv6_get_ifaddr(net, &msg->target, mdev, 1);
880 if (ifp)
881 goto have_ifp;
882 }
883 }
884
885 idev = in6_dev_get(dev);
886 if (!idev) {
887 /* XXX: count this drop? */
888 return;
889 }
890
891 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
892 (idev->cnf.forwarding &&
893 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
894 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
895 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
896 skb->pkt_type != PACKET_HOST &&
897 inc &&
898 NEIGH_VAR(idev->nd_parms, PROXY_DELAY) != 0) {
899 /*
900 * for anycast or proxy,
901 * sender should delay its response
902 * by a random time between 0 and
903 * MAX_ANYCAST_DELAY_TIME seconds.
904 * (RFC2461) -- yoshfuji
905 */
906 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
907 if (n)
908 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
909 goto out;
910 }
911 } else
912 goto out;
913 }
914
915 if (is_router < 0)
916 is_router = idev->cnf.forwarding;
917
918 if (dad) {
919 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &msg->target,
920 !!is_router, false, (ifp != NULL), true);
921 goto out;
922 }
923
924 if (inc)
925 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
926 else
927 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
928
929 /*
930 * update / create cache entry
931 * for the source address
932 */
933 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
934 !inc || lladdr || !dev->addr_len);
935 if (neigh)
936 ndisc_update(dev, neigh, lladdr, NUD_STALE,
937 NEIGH_UPDATE_F_WEAK_OVERRIDE|
938 NEIGH_UPDATE_F_OVERRIDE,
939 NDISC_NEIGHBOUR_SOLICITATION, &ndopts);
940 if (neigh || !dev->header_ops) {
941 ndisc_send_na(dev, saddr, &msg->target, !!is_router,
942 true, (ifp != NULL && inc), inc);
943 if (neigh)
944 neigh_release(neigh);
945 }
946
947out:
948 if (ifp)
949 in6_ifa_put(ifp);
950 else
951 in6_dev_put(idev);
952}
953
954static void ndisc_recv_na(struct sk_buff *skb)
955{
956 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
957 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
958 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
959 u8 *lladdr = NULL;
960 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
961 offsetof(struct nd_msg, opt));
962 struct ndisc_options ndopts;
963 struct net_device *dev = skb->dev;
964 struct inet6_dev *idev = __in6_dev_get(dev);
965 struct inet6_ifaddr *ifp;
966 struct neighbour *neigh;
967
968 if (skb->len < sizeof(struct nd_msg)) {
969 ND_PRINTK(2, warn, "NA: packet too short\n");
970 return;
971 }
972
973 if (ipv6_addr_is_multicast(&msg->target)) {
974 ND_PRINTK(2, warn, "NA: target address is multicast\n");
975 return;
976 }
977
978 if (ipv6_addr_is_multicast(daddr) &&
979 msg->icmph.icmp6_solicited) {
980 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
981 return;
982 }
983
984 /* For some 802.11 wireless deployments (and possibly other networks),
985 * there will be a NA proxy and unsolicitd packets are attacks
986 * and thus should not be accepted.
987 */
988 if (!msg->icmph.icmp6_solicited && idev &&
989 idev->cnf.drop_unsolicited_na)
990 return;
991
992 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
993 ND_PRINTK(2, warn, "NS: invalid ND option\n");
994 return;
995 }
996 if (ndopts.nd_opts_tgt_lladdr) {
997 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
998 if (!lladdr) {
999 ND_PRINTK(2, warn,
1000 "NA: invalid link-layer address length\n");
1001 return;
1002 }
1003 }
1004 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
1005 if (ifp) {
1006 if (skb->pkt_type != PACKET_LOOPBACK
1007 && (ifp->flags & IFA_F_TENTATIVE)) {
1008 addrconf_dad_failure(skb, ifp);
1009 return;
1010 }
1011 /* What should we make now? The advertisement
1012 is invalid, but ndisc specs say nothing
1013 about it. It could be misconfiguration, or
1014 an smart proxy agent tries to help us :-)
1015
1016 We should not print the error if NA has been
1017 received from loopback - it is just our own
1018 unsolicited advertisement.
1019 */
1020 if (skb->pkt_type != PACKET_LOOPBACK)
1021 ND_PRINTK(1, warn,
1022 "NA: %pM advertised our address %pI6c on %s!\n",
1023 eth_hdr(skb)->h_source, &ifp->addr, ifp->idev->dev->name);
1024 in6_ifa_put(ifp);
1025 return;
1026 }
1027 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
1028
1029 if (neigh) {
1030 u8 old_flags = neigh->flags;
1031 struct net *net = dev_net(dev);
1032
1033 if (neigh->nud_state & NUD_FAILED)
1034 goto out;
1035
1036 /*
1037 * Don't update the neighbor cache entry on a proxy NA from
1038 * ourselves because either the proxied node is off link or it
1039 * has already sent a NA to us.
1040 */
1041 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
1042 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
1043 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
1044 /* XXX: idev->cnf.proxy_ndp */
1045 goto out;
1046 }
1047
1048 ndisc_update(dev, neigh, lladdr,
1049 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
1050 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1051 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
1052 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1053 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0),
1054 NDISC_NEIGHBOUR_ADVERTISEMENT, &ndopts);
1055
1056 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
1057 /*
1058 * Change: router to host
1059 */
1060 rt6_clean_tohost(dev_net(dev), saddr);
1061 }
1062
1063out:
1064 neigh_release(neigh);
1065 }
1066}
1067
1068static void ndisc_recv_rs(struct sk_buff *skb)
1069{
1070 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
1071 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
1072 struct neighbour *neigh;
1073 struct inet6_dev *idev;
1074 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
1075 struct ndisc_options ndopts;
1076 u8 *lladdr = NULL;
1077
1078 if (skb->len < sizeof(*rs_msg))
1079 return;
1080
1081 idev = __in6_dev_get(skb->dev);
1082 if (!idev) {
1083 ND_PRINTK(1, err, "RS: can't find in6 device\n");
1084 return;
1085 }
1086
1087 /* Don't accept RS if we're not in router mode */
1088 if (!idev->cnf.forwarding)
1089 goto out;
1090
1091 /*
1092 * Don't update NCE if src = ::;
1093 * this implies that the source node has no ip address assigned yet.
1094 */
1095 if (ipv6_addr_any(saddr))
1096 goto out;
1097
1098 /* Parse ND options */
1099 if (!ndisc_parse_options(skb->dev, rs_msg->opt, ndoptlen, &ndopts)) {
1100 ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n");
1101 goto out;
1102 }
1103
1104 if (ndopts.nd_opts_src_lladdr) {
1105 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1106 skb->dev);
1107 if (!lladdr)
1108 goto out;
1109 }
1110
1111 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1112 if (neigh) {
1113 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1114 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1115 NEIGH_UPDATE_F_OVERRIDE|
1116 NEIGH_UPDATE_F_OVERRIDE_ISROUTER,
1117 NDISC_ROUTER_SOLICITATION, &ndopts);
1118 neigh_release(neigh);
1119 }
1120out:
1121 return;
1122}
1123
1124static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1125{
1126 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1127 struct sk_buff *skb;
1128 struct nlmsghdr *nlh;
1129 struct nduseroptmsg *ndmsg;
1130 struct net *net = dev_net(ra->dev);
1131 int err;
1132 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1133 + (opt->nd_opt_len << 3));
1134 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1135
1136 skb = nlmsg_new(msg_size, GFP_ATOMIC);
1137 if (!skb) {
1138 err = -ENOBUFS;
1139 goto errout;
1140 }
1141
1142 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1143 if (!nlh) {
1144 goto nla_put_failure;
1145 }
1146
1147 ndmsg = nlmsg_data(nlh);
1148 ndmsg->nduseropt_family = AF_INET6;
1149 ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1150 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1151 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1152 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1153
1154 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1155
1156 if (nla_put_in6_addr(skb, NDUSEROPT_SRCADDR, &ipv6_hdr(ra)->saddr))
1157 goto nla_put_failure;
1158 nlmsg_end(skb, nlh);
1159
1160 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1161 return;
1162
1163nla_put_failure:
1164 nlmsg_free(skb);
1165 err = -EMSGSIZE;
1166errout:
1167 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1168}
1169
1170static void ndisc_router_discovery(struct sk_buff *skb)
1171{
1172 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1173 struct neighbour *neigh = NULL;
1174 struct inet6_dev *in6_dev;
1175 struct fib6_info *rt = NULL;
1176 u32 defrtr_usr_metric;
1177 struct net *net;
1178 int lifetime;
1179 struct ndisc_options ndopts;
1180 int optlen;
1181 unsigned int pref = 0;
1182 __u32 old_if_flags;
1183 bool send_ifinfo_notify = false;
1184
1185 __u8 *opt = (__u8 *)(ra_msg + 1);
1186
1187 optlen = (skb_tail_pointer(skb) - skb_transport_header(skb)) -
1188 sizeof(struct ra_msg);
1189
1190 ND_PRINTK(2, info,
1191 "RA: %s, dev: %s\n",
1192 __func__, skb->dev->name);
1193 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1194 ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1195 return;
1196 }
1197 if (optlen < 0) {
1198 ND_PRINTK(2, warn, "RA: packet too short\n");
1199 return;
1200 }
1201
1202#ifdef CONFIG_IPV6_NDISC_NODETYPE
1203 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1204 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
1205 return;
1206 }
1207#endif
1208
1209 /*
1210 * set the RA_RECV flag in the interface
1211 */
1212
1213 in6_dev = __in6_dev_get(skb->dev);
1214 if (!in6_dev) {
1215 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1216 skb->dev->name);
1217 return;
1218 }
1219
1220 if (!ndisc_parse_options(skb->dev, opt, optlen, &ndopts)) {
1221 ND_PRINTK(2, warn, "RA: invalid ND options\n");
1222 return;
1223 }
1224
1225 if (!ipv6_accept_ra(in6_dev)) {
1226 ND_PRINTK(2, info,
1227 "RA: %s, did not accept ra for dev: %s\n",
1228 __func__, skb->dev->name);
1229 goto skip_linkparms;
1230 }
1231
1232#ifdef CONFIG_IPV6_NDISC_NODETYPE
1233 /* skip link-specific parameters from interior routers */
1234 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1235 ND_PRINTK(2, info,
1236 "RA: %s, nodetype is NODEFAULT, dev: %s\n",
1237 __func__, skb->dev->name);
1238 goto skip_linkparms;
1239 }
1240#endif
1241
1242 if (in6_dev->if_flags & IF_RS_SENT) {
1243 /*
1244 * flag that an RA was received after an RS was sent
1245 * out on this interface.
1246 */
1247 in6_dev->if_flags |= IF_RA_RCVD;
1248 }
1249
1250 /*
1251 * Remember the managed/otherconf flags from most recently
1252 * received RA message (RFC 2462) -- yoshfuji
1253 */
1254 old_if_flags = in6_dev->if_flags;
1255 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1256 IF_RA_OTHERCONF)) |
1257 (ra_msg->icmph.icmp6_addrconf_managed ?
1258 IF_RA_MANAGED : 0) |
1259 (ra_msg->icmph.icmp6_addrconf_other ?
1260 IF_RA_OTHERCONF : 0);
1261
1262 if (old_if_flags != in6_dev->if_flags)
1263 send_ifinfo_notify = true;
1264
1265 if (!in6_dev->cnf.accept_ra_defrtr) {
1266 ND_PRINTK(2, info,
1267 "RA: %s, defrtr is false for dev: %s\n",
1268 __func__, skb->dev->name);
1269 goto skip_defrtr;
1270 }
1271
1272 /* Do not accept RA with source-addr found on local machine unless
1273 * accept_ra_from_local is set to true.
1274 */
1275 net = dev_net(in6_dev->dev);
1276 if (!in6_dev->cnf.accept_ra_from_local &&
1277 ipv6_chk_addr(net, &ipv6_hdr(skb)->saddr, in6_dev->dev, 0)) {
1278 ND_PRINTK(2, info,
1279 "RA from local address detected on dev: %s: default router ignored\n",
1280 skb->dev->name);
1281 goto skip_defrtr;
1282 }
1283
1284 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1285
1286#ifdef CONFIG_IPV6_ROUTER_PREF
1287 pref = ra_msg->icmph.icmp6_router_pref;
1288 /* 10b is handled as if it were 00b (medium) */
1289 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1290 !in6_dev->cnf.accept_ra_rtr_pref)
1291 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1292#endif
1293 /* routes added from RAs do not use nexthop objects */
1294 rt = rt6_get_dflt_router(net, &ipv6_hdr(skb)->saddr, skb->dev);
1295 if (rt) {
1296 neigh = ip6_neigh_lookup(&rt->fib6_nh->fib_nh_gw6,
1297 rt->fib6_nh->fib_nh_dev, NULL,
1298 &ipv6_hdr(skb)->saddr);
1299 if (!neigh) {
1300 ND_PRINTK(0, err,
1301 "RA: %s got default router without neighbour\n",
1302 __func__);
1303 fib6_info_release(rt);
1304 return;
1305 }
1306 }
1307 /* Set default route metric as specified by user */
1308 defrtr_usr_metric = in6_dev->cnf.ra_defrtr_metric;
1309 /* delete the route if lifetime is 0 or if metric needs change */
1310 if (rt && (lifetime == 0 || rt->fib6_metric != defrtr_usr_metric)) {
1311 ip6_del_rt(net, rt, false);
1312 rt = NULL;
1313 }
1314
1315 ND_PRINTK(3, info, "RA: rt: %p lifetime: %d, metric: %d, for dev: %s\n",
1316 rt, lifetime, defrtr_usr_metric, skb->dev->name);
1317 if (!rt && lifetime) {
1318 ND_PRINTK(3, info, "RA: adding default router\n");
1319
1320 rt = rt6_add_dflt_router(net, &ipv6_hdr(skb)->saddr,
1321 skb->dev, pref, defrtr_usr_metric);
1322 if (!rt) {
1323 ND_PRINTK(0, err,
1324 "RA: %s failed to add default route\n",
1325 __func__);
1326 return;
1327 }
1328
1329 neigh = ip6_neigh_lookup(&rt->fib6_nh->fib_nh_gw6,
1330 rt->fib6_nh->fib_nh_dev, NULL,
1331 &ipv6_hdr(skb)->saddr);
1332 if (!neigh) {
1333 ND_PRINTK(0, err,
1334 "RA: %s got default router without neighbour\n",
1335 __func__);
1336 fib6_info_release(rt);
1337 return;
1338 }
1339 neigh->flags |= NTF_ROUTER;
1340 } else if (rt) {
1341 rt->fib6_flags = (rt->fib6_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1342 }
1343
1344 if (rt)
1345 fib6_set_expires(rt, jiffies + (HZ * lifetime));
1346 if (in6_dev->cnf.accept_ra_min_hop_limit < 256 &&
1347 ra_msg->icmph.icmp6_hop_limit) {
1348 if (in6_dev->cnf.accept_ra_min_hop_limit <= ra_msg->icmph.icmp6_hop_limit) {
1349 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1350 fib6_metric_set(rt, RTAX_HOPLIMIT,
1351 ra_msg->icmph.icmp6_hop_limit);
1352 } else {
1353 ND_PRINTK(2, warn, "RA: Got route advertisement with lower hop_limit than minimum\n");
1354 }
1355 }
1356
1357skip_defrtr:
1358
1359 /*
1360 * Update Reachable Time and Retrans Timer
1361 */
1362
1363 if (in6_dev->nd_parms) {
1364 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1365
1366 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1367 rtime = (rtime*HZ)/1000;
1368 if (rtime < HZ/100)
1369 rtime = HZ/100;
1370 NEIGH_VAR_SET(in6_dev->nd_parms, RETRANS_TIME, rtime);
1371 in6_dev->tstamp = jiffies;
1372 send_ifinfo_notify = true;
1373 }
1374
1375 rtime = ntohl(ra_msg->reachable_time);
1376 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1377 rtime = (rtime*HZ)/1000;
1378
1379 if (rtime < HZ/10)
1380 rtime = HZ/10;
1381
1382 if (rtime != NEIGH_VAR(in6_dev->nd_parms, BASE_REACHABLE_TIME)) {
1383 NEIGH_VAR_SET(in6_dev->nd_parms,
1384 BASE_REACHABLE_TIME, rtime);
1385 NEIGH_VAR_SET(in6_dev->nd_parms,
1386 GC_STALETIME, 3 * rtime);
1387 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1388 in6_dev->tstamp = jiffies;
1389 send_ifinfo_notify = true;
1390 }
1391 }
1392 }
1393
1394 /*
1395 * Send a notify if RA changed managed/otherconf flags or timer settings
1396 */
1397 if (send_ifinfo_notify)
1398 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1399
1400skip_linkparms:
1401
1402 /*
1403 * Process options.
1404 */
1405
1406 if (!neigh)
1407 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1408 skb->dev, 1);
1409 if (neigh) {
1410 u8 *lladdr = NULL;
1411 if (ndopts.nd_opts_src_lladdr) {
1412 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1413 skb->dev);
1414 if (!lladdr) {
1415 ND_PRINTK(2, warn,
1416 "RA: invalid link-layer address length\n");
1417 goto out;
1418 }
1419 }
1420 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1421 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1422 NEIGH_UPDATE_F_OVERRIDE|
1423 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1424 NEIGH_UPDATE_F_ISROUTER,
1425 NDISC_ROUTER_ADVERTISEMENT, &ndopts);
1426 }
1427
1428 if (!ipv6_accept_ra(in6_dev)) {
1429 ND_PRINTK(2, info,
1430 "RA: %s, accept_ra is false for dev: %s\n",
1431 __func__, skb->dev->name);
1432 goto out;
1433 }
1434
1435#ifdef CONFIG_IPV6_ROUTE_INFO
1436 if (!in6_dev->cnf.accept_ra_from_local &&
1437 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
1438 in6_dev->dev, 0)) {
1439 ND_PRINTK(2, info,
1440 "RA from local address detected on dev: %s: router info ignored.\n",
1441 skb->dev->name);
1442 goto skip_routeinfo;
1443 }
1444
1445 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1446 struct nd_opt_hdr *p;
1447 for (p = ndopts.nd_opts_ri;
1448 p;
1449 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1450 struct route_info *ri = (struct route_info *)p;
1451#ifdef CONFIG_IPV6_NDISC_NODETYPE
1452 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1453 ri->prefix_len == 0)
1454 continue;
1455#endif
1456 if (ri->prefix_len == 0 &&
1457 !in6_dev->cnf.accept_ra_defrtr)
1458 continue;
1459 if (ri->prefix_len < in6_dev->cnf.accept_ra_rt_info_min_plen)
1460 continue;
1461 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1462 continue;
1463 rt6_route_rcv(skb->dev, (u8 *)p, (p->nd_opt_len) << 3,
1464 &ipv6_hdr(skb)->saddr);
1465 }
1466 }
1467
1468skip_routeinfo:
1469#endif
1470
1471#ifdef CONFIG_IPV6_NDISC_NODETYPE
1472 /* skip link-specific ndopts from interior routers */
1473 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1474 ND_PRINTK(2, info,
1475 "RA: %s, nodetype is NODEFAULT (interior routes), dev: %s\n",
1476 __func__, skb->dev->name);
1477 goto out;
1478 }
1479#endif
1480
1481 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1482 struct nd_opt_hdr *p;
1483 for (p = ndopts.nd_opts_pi;
1484 p;
1485 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1486 addrconf_prefix_rcv(skb->dev, (u8 *)p,
1487 (p->nd_opt_len) << 3,
1488 ndopts.nd_opts_src_lladdr != NULL);
1489 }
1490 }
1491
1492 if (ndopts.nd_opts_mtu && in6_dev->cnf.accept_ra_mtu) {
1493 __be32 n;
1494 u32 mtu;
1495
1496 memcpy(&n, ((u8 *)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1497 mtu = ntohl(n);
1498
1499 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1500 ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1501 } else if (in6_dev->cnf.mtu6 != mtu) {
1502 in6_dev->cnf.mtu6 = mtu;
1503 fib6_metric_set(rt, RTAX_MTU, mtu);
1504 rt6_mtu_change(skb->dev, mtu);
1505 }
1506 }
1507
1508 if (ndopts.nd_useropts) {
1509 struct nd_opt_hdr *p;
1510 for (p = ndopts.nd_useropts;
1511 p;
1512 p = ndisc_next_useropt(skb->dev, p,
1513 ndopts.nd_useropts_end)) {
1514 ndisc_ra_useropt(skb, p);
1515 }
1516 }
1517
1518 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1519 ND_PRINTK(2, warn, "RA: invalid RA options\n");
1520 }
1521out:
1522 fib6_info_release(rt);
1523 if (neigh)
1524 neigh_release(neigh);
1525}
1526
1527static void ndisc_redirect_rcv(struct sk_buff *skb)
1528{
1529 u8 *hdr;
1530 struct ndisc_options ndopts;
1531 struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb);
1532 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
1533 offsetof(struct rd_msg, opt));
1534
1535#ifdef CONFIG_IPV6_NDISC_NODETYPE
1536 switch (skb->ndisc_nodetype) {
1537 case NDISC_NODETYPE_HOST:
1538 case NDISC_NODETYPE_NODEFAULT:
1539 ND_PRINTK(2, warn,
1540 "Redirect: from host or unauthorized router\n");
1541 return;
1542 }
1543#endif
1544
1545 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1546 ND_PRINTK(2, warn,
1547 "Redirect: source address is not link-local\n");
1548 return;
1549 }
1550
1551 if (!ndisc_parse_options(skb->dev, msg->opt, ndoptlen, &ndopts))
1552 return;
1553
1554 if (!ndopts.nd_opts_rh) {
1555 ip6_redirect_no_header(skb, dev_net(skb->dev),
1556 skb->dev->ifindex);
1557 return;
1558 }
1559
1560 hdr = (u8 *)ndopts.nd_opts_rh;
1561 hdr += 8;
1562 if (!pskb_pull(skb, hdr - skb_transport_header(skb)))
1563 return;
1564
1565 icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1566}
1567
1568static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb,
1569 struct sk_buff *orig_skb,
1570 int rd_len)
1571{
1572 u8 *opt = skb_put(skb, rd_len);
1573
1574 memset(opt, 0, 8);
1575 *(opt++) = ND_OPT_REDIRECT_HDR;
1576 *(opt++) = (rd_len >> 3);
1577 opt += 6;
1578
1579 skb_copy_bits(orig_skb, skb_network_offset(orig_skb), opt,
1580 rd_len - 8);
1581}
1582
1583void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1584{
1585 struct net_device *dev = skb->dev;
1586 struct net *net = dev_net(dev);
1587 struct sock *sk = net->ipv6.ndisc_sk;
1588 int optlen = 0;
1589 struct inet_peer *peer;
1590 struct sk_buff *buff;
1591 struct rd_msg *msg;
1592 struct in6_addr saddr_buf;
1593 struct rt6_info *rt;
1594 struct dst_entry *dst;
1595 struct flowi6 fl6;
1596 int rd_len;
1597 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL,
1598 ops_data_buf[NDISC_OPS_REDIRECT_DATA_SPACE], *ops_data = NULL;
1599 bool ret;
1600
1601 if (netif_is_l3_master(skb->dev)) {
1602 dev = __dev_get_by_index(dev_net(skb->dev), IPCB(skb)->iif);
1603 if (!dev)
1604 return;
1605 }
1606
1607 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1608 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1609 dev->name);
1610 return;
1611 }
1612
1613 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1614 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1615 ND_PRINTK(2, warn,
1616 "Redirect: target address is not link-local unicast\n");
1617 return;
1618 }
1619
1620 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1621 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1622
1623 dst = ip6_route_output(net, NULL, &fl6);
1624 if (dst->error) {
1625 dst_release(dst);
1626 return;
1627 }
1628 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1629 if (IS_ERR(dst))
1630 return;
1631
1632 rt = (struct rt6_info *) dst;
1633
1634 if (rt->rt6i_flags & RTF_GATEWAY) {
1635 ND_PRINTK(2, warn,
1636 "Redirect: destination is not a neighbour\n");
1637 goto release;
1638 }
1639 peer = inet_getpeer_v6(net->ipv6.peers, &ipv6_hdr(skb)->saddr, 1);
1640 ret = inet_peer_xrlim_allow(peer, 1*HZ);
1641 if (peer)
1642 inet_putpeer(peer);
1643 if (!ret)
1644 goto release;
1645
1646 if (dev->addr_len) {
1647 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1648 if (!neigh) {
1649 ND_PRINTK(2, warn,
1650 "Redirect: no neigh for target address\n");
1651 goto release;
1652 }
1653
1654 read_lock_bh(&neigh->lock);
1655 if (neigh->nud_state & NUD_VALID) {
1656 memcpy(ha_buf, neigh->ha, dev->addr_len);
1657 read_unlock_bh(&neigh->lock);
1658 ha = ha_buf;
1659 optlen += ndisc_redirect_opt_addr_space(dev, neigh,
1660 ops_data_buf,
1661 &ops_data);
1662 } else
1663 read_unlock_bh(&neigh->lock);
1664
1665 neigh_release(neigh);
1666 }
1667
1668 rd_len = min_t(unsigned int,
1669 IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen,
1670 skb->len + 8);
1671 rd_len &= ~0x7;
1672 optlen += rd_len;
1673
1674 buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
1675 if (!buff)
1676 goto release;
1677
1678 msg = skb_put(buff, sizeof(*msg));
1679 *msg = (struct rd_msg) {
1680 .icmph = {
1681 .icmp6_type = NDISC_REDIRECT,
1682 },
1683 .target = *target,
1684 .dest = ipv6_hdr(skb)->daddr,
1685 };
1686
1687 /*
1688 * include target_address option
1689 */
1690
1691 if (ha)
1692 ndisc_fill_redirect_addr_option(buff, ha, ops_data);
1693
1694 /*
1695 * build redirect option and copy skb over to the new packet.
1696 */
1697
1698 if (rd_len)
1699 ndisc_fill_redirect_hdr_option(buff, skb, rd_len);
1700
1701 skb_dst_set(buff, dst);
1702 ndisc_send_skb(buff, &ipv6_hdr(skb)->saddr, &saddr_buf);
1703 return;
1704
1705release:
1706 dst_release(dst);
1707}
1708
1709static void pndisc_redo(struct sk_buff *skb)
1710{
1711 ndisc_recv_ns(skb);
1712 kfree_skb(skb);
1713}
1714
1715static int ndisc_is_multicast(const void *pkey)
1716{
1717 return ipv6_addr_is_multicast((struct in6_addr *)pkey);
1718}
1719
1720static bool ndisc_suppress_frag_ndisc(struct sk_buff *skb)
1721{
1722 struct inet6_dev *idev = __in6_dev_get(skb->dev);
1723
1724 if (!idev)
1725 return true;
1726 if (IP6CB(skb)->flags & IP6SKB_FRAGMENTED &&
1727 idev->cnf.suppress_frag_ndisc) {
1728 net_warn_ratelimited("Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.\n");
1729 return true;
1730 }
1731 return false;
1732}
1733
1734int ndisc_rcv(struct sk_buff *skb)
1735{
1736 struct nd_msg *msg;
1737
1738 if (ndisc_suppress_frag_ndisc(skb))
1739 return 0;
1740
1741 if (skb_linearize(skb))
1742 return 0;
1743
1744 msg = (struct nd_msg *)skb_transport_header(skb);
1745
1746 __skb_push(skb, skb->data - skb_transport_header(skb));
1747
1748 if (ipv6_hdr(skb)->hop_limit != 255) {
1749 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1750 ipv6_hdr(skb)->hop_limit);
1751 return 0;
1752 }
1753
1754 if (msg->icmph.icmp6_code != 0) {
1755 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1756 msg->icmph.icmp6_code);
1757 return 0;
1758 }
1759
1760 switch (msg->icmph.icmp6_type) {
1761 case NDISC_NEIGHBOUR_SOLICITATION:
1762 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1763 ndisc_recv_ns(skb);
1764 break;
1765
1766 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1767 ndisc_recv_na(skb);
1768 break;
1769
1770 case NDISC_ROUTER_SOLICITATION:
1771 ndisc_recv_rs(skb);
1772 break;
1773
1774 case NDISC_ROUTER_ADVERTISEMENT:
1775 ndisc_router_discovery(skb);
1776 break;
1777
1778 case NDISC_REDIRECT:
1779 ndisc_redirect_rcv(skb);
1780 break;
1781 }
1782
1783 return 0;
1784}
1785
1786static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1787{
1788 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1789 struct netdev_notifier_change_info *change_info;
1790 struct net *net = dev_net(dev);
1791 struct inet6_dev *idev;
1792
1793 switch (event) {
1794 case NETDEV_CHANGEADDR:
1795 neigh_changeaddr(&nd_tbl, dev);
1796 fib6_run_gc(0, net, false);
1797 fallthrough;
1798 case NETDEV_UP:
1799 idev = in6_dev_get(dev);
1800 if (!idev)
1801 break;
1802 if (idev->cnf.ndisc_notify ||
1803 net->ipv6.devconf_all->ndisc_notify)
1804 ndisc_send_unsol_na(dev);
1805 in6_dev_put(idev);
1806 break;
1807 case NETDEV_CHANGE:
1808 change_info = ptr;
1809 if (change_info->flags_changed & IFF_NOARP)
1810 neigh_changeaddr(&nd_tbl, dev);
1811 if (!netif_carrier_ok(dev))
1812 neigh_carrier_down(&nd_tbl, dev);
1813 break;
1814 case NETDEV_DOWN:
1815 neigh_ifdown(&nd_tbl, dev);
1816 fib6_run_gc(0, net, false);
1817 break;
1818 case NETDEV_NOTIFY_PEERS:
1819 ndisc_send_unsol_na(dev);
1820 break;
1821 default:
1822 break;
1823 }
1824
1825 return NOTIFY_DONE;
1826}
1827
1828static struct notifier_block ndisc_netdev_notifier = {
1829 .notifier_call = ndisc_netdev_event,
1830 .priority = ADDRCONF_NOTIFY_PRIORITY - 5,
1831};
1832
1833#ifdef CONFIG_SYSCTL
1834static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1835 const char *func, const char *dev_name)
1836{
1837 static char warncomm[TASK_COMM_LEN];
1838 static int warned;
1839 if (strcmp(warncomm, current->comm) && warned < 5) {
1840 strcpy(warncomm, current->comm);
1841 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1842 warncomm, func,
1843 dev_name, ctl->procname,
1844 dev_name, ctl->procname);
1845 warned++;
1846 }
1847}
1848
1849int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void *buffer,
1850 size_t *lenp, loff_t *ppos)
1851{
1852 struct net_device *dev = ctl->extra1;
1853 struct inet6_dev *idev;
1854 int ret;
1855
1856 if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1857 (strcmp(ctl->procname, "base_reachable_time") == 0))
1858 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1859
1860 if (strcmp(ctl->procname, "retrans_time") == 0)
1861 ret = neigh_proc_dointvec(ctl, write, buffer, lenp, ppos);
1862
1863 else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1864 ret = neigh_proc_dointvec_jiffies(ctl, write,
1865 buffer, lenp, ppos);
1866
1867 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1868 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1869 ret = neigh_proc_dointvec_ms_jiffies(ctl, write,
1870 buffer, lenp, ppos);
1871 else
1872 ret = -1;
1873
1874 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1875 if (ctl->data == &NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME))
1876 idev->nd_parms->reachable_time =
1877 neigh_rand_reach_time(NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME));
1878 idev->tstamp = jiffies;
1879 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1880 in6_dev_put(idev);
1881 }
1882 return ret;
1883}
1884
1885
1886#endif
1887
1888static int __net_init ndisc_net_init(struct net *net)
1889{
1890 struct ipv6_pinfo *np;
1891 struct sock *sk;
1892 int err;
1893
1894 err = inet_ctl_sock_create(&sk, PF_INET6,
1895 SOCK_RAW, IPPROTO_ICMPV6, net);
1896 if (err < 0) {
1897 ND_PRINTK(0, err,
1898 "NDISC: Failed to initialize the control socket (err %d)\n",
1899 err);
1900 return err;
1901 }
1902
1903 net->ipv6.ndisc_sk = sk;
1904
1905 np = inet6_sk(sk);
1906 np->hop_limit = 255;
1907 /* Do not loopback ndisc messages */
1908 np->mc_loop = 0;
1909
1910 return 0;
1911}
1912
1913static void __net_exit ndisc_net_exit(struct net *net)
1914{
1915 inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1916}
1917
1918static struct pernet_operations ndisc_net_ops = {
1919 .init = ndisc_net_init,
1920 .exit = ndisc_net_exit,
1921};
1922
1923int __init ndisc_init(void)
1924{
1925 int err;
1926
1927 err = register_pernet_subsys(&ndisc_net_ops);
1928 if (err)
1929 return err;
1930 /*
1931 * Initialize the neighbour table
1932 */
1933 neigh_table_init(NEIGH_ND_TABLE, &nd_tbl);
1934
1935#ifdef CONFIG_SYSCTL
1936 err = neigh_sysctl_register(NULL, &nd_tbl.parms,
1937 ndisc_ifinfo_sysctl_change);
1938 if (err)
1939 goto out_unregister_pernet;
1940out:
1941#endif
1942 return err;
1943
1944#ifdef CONFIG_SYSCTL
1945out_unregister_pernet:
1946 unregister_pernet_subsys(&ndisc_net_ops);
1947 goto out;
1948#endif
1949}
1950
1951int __init ndisc_late_init(void)
1952{
1953 return register_netdevice_notifier(&ndisc_netdev_notifier);
1954}
1955
1956void ndisc_late_cleanup(void)
1957{
1958 unregister_netdevice_notifier(&ndisc_netdev_notifier);
1959}
1960
1961void ndisc_cleanup(void)
1962{
1963#ifdef CONFIG_SYSCTL
1964 neigh_sysctl_unregister(&nd_tbl.parms);
1965#endif
1966 neigh_table_clear(NEIGH_ND_TABLE, &nd_tbl);
1967 unregister_pernet_subsys(&ndisc_net_ops);
1968}
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * Neighbour Discovery for IPv6
4 * Linux INET6 implementation
5 *
6 * Authors:
7 * Pedro Roque <roque@di.fc.ul.pt>
8 * Mike Shaver <shaver@ingenia.com>
9 */
10
11/*
12 * Changes:
13 *
14 * Alexey I. Froloff : RFC6106 (DNSSL) support
15 * Pierre Ynard : export userland ND options
16 * through netlink (RDNSS support)
17 * Lars Fenneberg : fixed MTU setting on receipt
18 * of an RA.
19 * Janos Farkas : kmalloc failure checks
20 * Alexey Kuznetsov : state machine reworked
21 * and moved to net/core.
22 * Pekka Savola : RFC2461 validation
23 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly
24 */
25
26#define pr_fmt(fmt) "ICMPv6: " fmt
27
28#include <linux/module.h>
29#include <linux/errno.h>
30#include <linux/types.h>
31#include <linux/socket.h>
32#include <linux/sockios.h>
33#include <linux/sched.h>
34#include <linux/net.h>
35#include <linux/in6.h>
36#include <linux/route.h>
37#include <linux/init.h>
38#include <linux/rcupdate.h>
39#include <linux/slab.h>
40#ifdef CONFIG_SYSCTL
41#include <linux/sysctl.h>
42#endif
43
44#include <linux/if_addr.h>
45#include <linux/if_ether.h>
46#include <linux/if_arp.h>
47#include <linux/ipv6.h>
48#include <linux/icmpv6.h>
49#include <linux/jhash.h>
50
51#include <net/sock.h>
52#include <net/snmp.h>
53
54#include <net/ipv6.h>
55#include <net/protocol.h>
56#include <net/ndisc.h>
57#include <net/ip6_route.h>
58#include <net/addrconf.h>
59#include <net/icmp.h>
60
61#include <net/netlink.h>
62#include <linux/rtnetlink.h>
63
64#include <net/flow.h>
65#include <net/ip6_checksum.h>
66#include <net/inet_common.h>
67#include <linux/proc_fs.h>
68
69#include <linux/netfilter.h>
70#include <linux/netfilter_ipv6.h>
71
72static u32 ndisc_hash(const void *pkey,
73 const struct net_device *dev,
74 __u32 *hash_rnd);
75static bool ndisc_key_eq(const struct neighbour *neigh, const void *pkey);
76static bool ndisc_allow_add(const struct net_device *dev,
77 struct netlink_ext_ack *extack);
78static int ndisc_constructor(struct neighbour *neigh);
79static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
80static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
81static int pndisc_constructor(struct pneigh_entry *n);
82static void pndisc_destructor(struct pneigh_entry *n);
83static void pndisc_redo(struct sk_buff *skb);
84static int ndisc_is_multicast(const void *pkey);
85
86static const struct neigh_ops ndisc_generic_ops = {
87 .family = AF_INET6,
88 .solicit = ndisc_solicit,
89 .error_report = ndisc_error_report,
90 .output = neigh_resolve_output,
91 .connected_output = neigh_connected_output,
92};
93
94static const struct neigh_ops ndisc_hh_ops = {
95 .family = AF_INET6,
96 .solicit = ndisc_solicit,
97 .error_report = ndisc_error_report,
98 .output = neigh_resolve_output,
99 .connected_output = neigh_resolve_output,
100};
101
102
103static const struct neigh_ops ndisc_direct_ops = {
104 .family = AF_INET6,
105 .output = neigh_direct_output,
106 .connected_output = neigh_direct_output,
107};
108
109struct neigh_table nd_tbl = {
110 .family = AF_INET6,
111 .key_len = sizeof(struct in6_addr),
112 .protocol = cpu_to_be16(ETH_P_IPV6),
113 .hash = ndisc_hash,
114 .key_eq = ndisc_key_eq,
115 .constructor = ndisc_constructor,
116 .pconstructor = pndisc_constructor,
117 .pdestructor = pndisc_destructor,
118 .proxy_redo = pndisc_redo,
119 .is_multicast = ndisc_is_multicast,
120 .allow_add = ndisc_allow_add,
121 .id = "ndisc_cache",
122 .parms = {
123 .tbl = &nd_tbl,
124 .reachable_time = ND_REACHABLE_TIME,
125 .data = {
126 [NEIGH_VAR_MCAST_PROBES] = 3,
127 [NEIGH_VAR_UCAST_PROBES] = 3,
128 [NEIGH_VAR_RETRANS_TIME] = ND_RETRANS_TIMER,
129 [NEIGH_VAR_BASE_REACHABLE_TIME] = ND_REACHABLE_TIME,
130 [NEIGH_VAR_DELAY_PROBE_TIME] = 5 * HZ,
131 [NEIGH_VAR_INTERVAL_PROBE_TIME_MS] = 5 * HZ,
132 [NEIGH_VAR_GC_STALETIME] = 60 * HZ,
133 [NEIGH_VAR_QUEUE_LEN_BYTES] = SK_WMEM_MAX,
134 [NEIGH_VAR_PROXY_QLEN] = 64,
135 [NEIGH_VAR_ANYCAST_DELAY] = 1 * HZ,
136 [NEIGH_VAR_PROXY_DELAY] = (8 * HZ) / 10,
137 },
138 },
139 .gc_interval = 30 * HZ,
140 .gc_thresh1 = 128,
141 .gc_thresh2 = 512,
142 .gc_thresh3 = 1024,
143};
144EXPORT_SYMBOL_GPL(nd_tbl);
145
146void __ndisc_fill_addr_option(struct sk_buff *skb, int type, const void *data,
147 int data_len, int pad)
148{
149 int space = __ndisc_opt_addr_space(data_len, pad);
150 u8 *opt = skb_put(skb, space);
151
152 opt[0] = type;
153 opt[1] = space>>3;
154
155 memset(opt + 2, 0, pad);
156 opt += pad;
157 space -= pad;
158
159 memcpy(opt+2, data, data_len);
160 data_len += 2;
161 opt += data_len;
162 space -= data_len;
163 if (space > 0)
164 memset(opt, 0, space);
165}
166EXPORT_SYMBOL_GPL(__ndisc_fill_addr_option);
167
168static inline void ndisc_fill_addr_option(struct sk_buff *skb, int type,
169 const void *data, u8 icmp6_type)
170{
171 __ndisc_fill_addr_option(skb, type, data, skb->dev->addr_len,
172 ndisc_addr_option_pad(skb->dev->type));
173 ndisc_ops_fill_addr_option(skb->dev, skb, icmp6_type);
174}
175
176static inline void ndisc_fill_redirect_addr_option(struct sk_buff *skb,
177 void *ha,
178 const u8 *ops_data)
179{
180 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR, ha, NDISC_REDIRECT);
181 ndisc_ops_fill_redirect_addr_option(skb->dev, skb, ops_data);
182}
183
184static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
185 struct nd_opt_hdr *end)
186{
187 int type;
188 if (!cur || !end || cur >= end)
189 return NULL;
190 type = cur->nd_opt_type;
191 do {
192 cur = ((void *)cur) + (cur->nd_opt_len << 3);
193 } while (cur < end && cur->nd_opt_type != type);
194 return cur <= end && cur->nd_opt_type == type ? cur : NULL;
195}
196
197static inline int ndisc_is_useropt(const struct net_device *dev,
198 struct nd_opt_hdr *opt)
199{
200 return opt->nd_opt_type == ND_OPT_RDNSS ||
201 opt->nd_opt_type == ND_OPT_DNSSL ||
202 opt->nd_opt_type == ND_OPT_CAPTIVE_PORTAL ||
203 opt->nd_opt_type == ND_OPT_PREF64 ||
204 ndisc_ops_is_useropt(dev, opt->nd_opt_type);
205}
206
207static struct nd_opt_hdr *ndisc_next_useropt(const struct net_device *dev,
208 struct nd_opt_hdr *cur,
209 struct nd_opt_hdr *end)
210{
211 if (!cur || !end || cur >= end)
212 return NULL;
213 do {
214 cur = ((void *)cur) + (cur->nd_opt_len << 3);
215 } while (cur < end && !ndisc_is_useropt(dev, cur));
216 return cur <= end && ndisc_is_useropt(dev, cur) ? cur : NULL;
217}
218
219struct ndisc_options *ndisc_parse_options(const struct net_device *dev,
220 u8 *opt, int opt_len,
221 struct ndisc_options *ndopts)
222{
223 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
224
225 if (!nd_opt || opt_len < 0 || !ndopts)
226 return NULL;
227 memset(ndopts, 0, sizeof(*ndopts));
228 while (opt_len) {
229 int l;
230 if (opt_len < sizeof(struct nd_opt_hdr))
231 return NULL;
232 l = nd_opt->nd_opt_len << 3;
233 if (opt_len < l || l == 0)
234 return NULL;
235 if (ndisc_ops_parse_options(dev, nd_opt, ndopts))
236 goto next_opt;
237 switch (nd_opt->nd_opt_type) {
238 case ND_OPT_SOURCE_LL_ADDR:
239 case ND_OPT_TARGET_LL_ADDR:
240 case ND_OPT_MTU:
241 case ND_OPT_NONCE:
242 case ND_OPT_REDIRECT_HDR:
243 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
244 ND_PRINTK(2, warn,
245 "%s: duplicated ND6 option found: type=%d\n",
246 __func__, nd_opt->nd_opt_type);
247 } else {
248 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
249 }
250 break;
251 case ND_OPT_PREFIX_INFO:
252 ndopts->nd_opts_pi_end = nd_opt;
253 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
254 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
255 break;
256#ifdef CONFIG_IPV6_ROUTE_INFO
257 case ND_OPT_ROUTE_INFO:
258 ndopts->nd_opts_ri_end = nd_opt;
259 if (!ndopts->nd_opts_ri)
260 ndopts->nd_opts_ri = nd_opt;
261 break;
262#endif
263 default:
264 if (ndisc_is_useropt(dev, nd_opt)) {
265 ndopts->nd_useropts_end = nd_opt;
266 if (!ndopts->nd_useropts)
267 ndopts->nd_useropts = nd_opt;
268 } else {
269 /*
270 * Unknown options must be silently ignored,
271 * to accommodate future extension to the
272 * protocol.
273 */
274 ND_PRINTK(2, notice,
275 "%s: ignored unsupported option; type=%d, len=%d\n",
276 __func__,
277 nd_opt->nd_opt_type,
278 nd_opt->nd_opt_len);
279 }
280 }
281next_opt:
282 opt_len -= l;
283 nd_opt = ((void *)nd_opt) + l;
284 }
285 return ndopts;
286}
287
288int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
289{
290 switch (dev->type) {
291 case ARPHRD_ETHER:
292 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */
293 case ARPHRD_FDDI:
294 ipv6_eth_mc_map(addr, buf);
295 return 0;
296 case ARPHRD_ARCNET:
297 ipv6_arcnet_mc_map(addr, buf);
298 return 0;
299 case ARPHRD_INFINIBAND:
300 ipv6_ib_mc_map(addr, dev->broadcast, buf);
301 return 0;
302 case ARPHRD_IPGRE:
303 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
304 default:
305 if (dir) {
306 memcpy(buf, dev->broadcast, dev->addr_len);
307 return 0;
308 }
309 }
310 return -EINVAL;
311}
312EXPORT_SYMBOL(ndisc_mc_map);
313
314static u32 ndisc_hash(const void *pkey,
315 const struct net_device *dev,
316 __u32 *hash_rnd)
317{
318 return ndisc_hashfn(pkey, dev, hash_rnd);
319}
320
321static bool ndisc_key_eq(const struct neighbour *n, const void *pkey)
322{
323 return neigh_key_eq128(n, pkey);
324}
325
326static int ndisc_constructor(struct neighbour *neigh)
327{
328 struct in6_addr *addr = (struct in6_addr *)&neigh->primary_key;
329 struct net_device *dev = neigh->dev;
330 struct inet6_dev *in6_dev;
331 struct neigh_parms *parms;
332 bool is_multicast = ipv6_addr_is_multicast(addr);
333
334 in6_dev = in6_dev_get(dev);
335 if (!in6_dev) {
336 return -EINVAL;
337 }
338
339 parms = in6_dev->nd_parms;
340 __neigh_parms_put(neigh->parms);
341 neigh->parms = neigh_parms_clone(parms);
342
343 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
344 if (!dev->header_ops) {
345 neigh->nud_state = NUD_NOARP;
346 neigh->ops = &ndisc_direct_ops;
347 neigh->output = neigh_direct_output;
348 } else {
349 if (is_multicast) {
350 neigh->nud_state = NUD_NOARP;
351 ndisc_mc_map(addr, neigh->ha, dev, 1);
352 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
353 neigh->nud_state = NUD_NOARP;
354 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
355 if (dev->flags&IFF_LOOPBACK)
356 neigh->type = RTN_LOCAL;
357 } else if (dev->flags&IFF_POINTOPOINT) {
358 neigh->nud_state = NUD_NOARP;
359 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
360 }
361 if (dev->header_ops->cache)
362 neigh->ops = &ndisc_hh_ops;
363 else
364 neigh->ops = &ndisc_generic_ops;
365 if (neigh->nud_state&NUD_VALID)
366 neigh->output = neigh->ops->connected_output;
367 else
368 neigh->output = neigh->ops->output;
369 }
370 in6_dev_put(in6_dev);
371 return 0;
372}
373
374static int pndisc_constructor(struct pneigh_entry *n)
375{
376 struct in6_addr *addr = (struct in6_addr *)&n->key;
377 struct in6_addr maddr;
378 struct net_device *dev = n->dev;
379
380 if (!dev || !__in6_dev_get(dev))
381 return -EINVAL;
382 addrconf_addr_solict_mult(addr, &maddr);
383 ipv6_dev_mc_inc(dev, &maddr);
384 return 0;
385}
386
387static void pndisc_destructor(struct pneigh_entry *n)
388{
389 struct in6_addr *addr = (struct in6_addr *)&n->key;
390 struct in6_addr maddr;
391 struct net_device *dev = n->dev;
392
393 if (!dev || !__in6_dev_get(dev))
394 return;
395 addrconf_addr_solict_mult(addr, &maddr);
396 ipv6_dev_mc_dec(dev, &maddr);
397}
398
399/* called with rtnl held */
400static bool ndisc_allow_add(const struct net_device *dev,
401 struct netlink_ext_ack *extack)
402{
403 struct inet6_dev *idev = __in6_dev_get(dev);
404
405 if (!idev || idev->cnf.disable_ipv6) {
406 NL_SET_ERR_MSG(extack, "IPv6 is disabled on this device");
407 return false;
408 }
409
410 return true;
411}
412
413static struct sk_buff *ndisc_alloc_skb(struct net_device *dev,
414 int len)
415{
416 int hlen = LL_RESERVED_SPACE(dev);
417 int tlen = dev->needed_tailroom;
418 struct sock *sk = dev_net(dev)->ipv6.ndisc_sk;
419 struct sk_buff *skb;
420
421 skb = alloc_skb(hlen + sizeof(struct ipv6hdr) + len + tlen, GFP_ATOMIC);
422 if (!skb) {
423 ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb\n",
424 __func__);
425 return NULL;
426 }
427
428 skb->protocol = htons(ETH_P_IPV6);
429 skb->dev = dev;
430
431 skb_reserve(skb, hlen + sizeof(struct ipv6hdr));
432 skb_reset_transport_header(skb);
433
434 /* Manually assign socket ownership as we avoid calling
435 * sock_alloc_send_pskb() to bypass wmem buffer limits
436 */
437 skb_set_owner_w(skb, sk);
438
439 return skb;
440}
441
442static void ip6_nd_hdr(struct sk_buff *skb,
443 const struct in6_addr *saddr,
444 const struct in6_addr *daddr,
445 int hop_limit, int len)
446{
447 struct ipv6hdr *hdr;
448 struct inet6_dev *idev;
449 unsigned tclass;
450
451 rcu_read_lock();
452 idev = __in6_dev_get(skb->dev);
453 tclass = idev ? idev->cnf.ndisc_tclass : 0;
454 rcu_read_unlock();
455
456 skb_push(skb, sizeof(*hdr));
457 skb_reset_network_header(skb);
458 hdr = ipv6_hdr(skb);
459
460 ip6_flow_hdr(hdr, tclass, 0);
461
462 hdr->payload_len = htons(len);
463 hdr->nexthdr = IPPROTO_ICMPV6;
464 hdr->hop_limit = hop_limit;
465
466 hdr->saddr = *saddr;
467 hdr->daddr = *daddr;
468}
469
470void ndisc_send_skb(struct sk_buff *skb, const struct in6_addr *daddr,
471 const struct in6_addr *saddr)
472{
473 struct dst_entry *dst = skb_dst(skb);
474 struct net *net = dev_net(skb->dev);
475 struct sock *sk = net->ipv6.ndisc_sk;
476 struct inet6_dev *idev;
477 int err;
478 struct icmp6hdr *icmp6h = icmp6_hdr(skb);
479 u8 type;
480
481 type = icmp6h->icmp6_type;
482
483 if (!dst) {
484 struct flowi6 fl6;
485 int oif = skb->dev->ifindex;
486
487 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, oif);
488 dst = icmp6_dst_alloc(skb->dev, &fl6);
489 if (IS_ERR(dst)) {
490 kfree_skb(skb);
491 return;
492 }
493
494 skb_dst_set(skb, dst);
495 }
496
497 icmp6h->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len,
498 IPPROTO_ICMPV6,
499 csum_partial(icmp6h,
500 skb->len, 0));
501
502 ip6_nd_hdr(skb, saddr, daddr, inet6_sk(sk)->hop_limit, skb->len);
503
504 rcu_read_lock();
505 idev = __in6_dev_get(dst->dev);
506 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
507
508 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT,
509 net, sk, skb, NULL, dst->dev,
510 dst_output);
511 if (!err) {
512 ICMP6MSGOUT_INC_STATS(net, idev, type);
513 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
514 }
515
516 rcu_read_unlock();
517}
518EXPORT_SYMBOL(ndisc_send_skb);
519
520void ndisc_send_na(struct net_device *dev, const struct in6_addr *daddr,
521 const struct in6_addr *solicited_addr,
522 bool router, bool solicited, bool override, bool inc_opt)
523{
524 struct sk_buff *skb;
525 struct in6_addr tmpaddr;
526 struct inet6_ifaddr *ifp;
527 const struct in6_addr *src_addr;
528 struct nd_msg *msg;
529 int optlen = 0;
530
531 /* for anycast or proxy, solicited_addr != src_addr */
532 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
533 if (ifp) {
534 src_addr = solicited_addr;
535 if (ifp->flags & IFA_F_OPTIMISTIC)
536 override = false;
537 inc_opt |= ifp->idev->cnf.force_tllao;
538 in6_ifa_put(ifp);
539 } else {
540 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
541 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
542 &tmpaddr))
543 return;
544 src_addr = &tmpaddr;
545 }
546
547 if (!dev->addr_len)
548 inc_opt = false;
549 if (inc_opt)
550 optlen += ndisc_opt_addr_space(dev,
551 NDISC_NEIGHBOUR_ADVERTISEMENT);
552
553 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
554 if (!skb)
555 return;
556
557 msg = skb_put(skb, sizeof(*msg));
558 *msg = (struct nd_msg) {
559 .icmph = {
560 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
561 .icmp6_router = router,
562 .icmp6_solicited = solicited,
563 .icmp6_override = override,
564 },
565 .target = *solicited_addr,
566 };
567
568 if (inc_opt)
569 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR,
570 dev->dev_addr,
571 NDISC_NEIGHBOUR_ADVERTISEMENT);
572
573 ndisc_send_skb(skb, daddr, src_addr);
574}
575
576static void ndisc_send_unsol_na(struct net_device *dev)
577{
578 struct inet6_dev *idev;
579 struct inet6_ifaddr *ifa;
580
581 idev = in6_dev_get(dev);
582 if (!idev)
583 return;
584
585 read_lock_bh(&idev->lock);
586 list_for_each_entry(ifa, &idev->addr_list, if_list) {
587 /* skip tentative addresses until dad completes */
588 if (ifa->flags & IFA_F_TENTATIVE &&
589 !(ifa->flags & IFA_F_OPTIMISTIC))
590 continue;
591
592 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &ifa->addr,
593 /*router=*/ !!idev->cnf.forwarding,
594 /*solicited=*/ false, /*override=*/ true,
595 /*inc_opt=*/ true);
596 }
597 read_unlock_bh(&idev->lock);
598
599 in6_dev_put(idev);
600}
601
602struct sk_buff *ndisc_ns_create(struct net_device *dev, const struct in6_addr *solicit,
603 const struct in6_addr *saddr, u64 nonce)
604{
605 int inc_opt = dev->addr_len;
606 struct sk_buff *skb;
607 struct nd_msg *msg;
608 int optlen = 0;
609
610 if (!saddr)
611 return NULL;
612
613 if (ipv6_addr_any(saddr))
614 inc_opt = false;
615 if (inc_opt)
616 optlen += ndisc_opt_addr_space(dev,
617 NDISC_NEIGHBOUR_SOLICITATION);
618 if (nonce != 0)
619 optlen += 8;
620
621 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
622 if (!skb)
623 return NULL;
624
625 msg = skb_put(skb, sizeof(*msg));
626 *msg = (struct nd_msg) {
627 .icmph = {
628 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
629 },
630 .target = *solicit,
631 };
632
633 if (inc_opt)
634 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
635 dev->dev_addr,
636 NDISC_NEIGHBOUR_SOLICITATION);
637 if (nonce != 0) {
638 u8 *opt = skb_put(skb, 8);
639
640 opt[0] = ND_OPT_NONCE;
641 opt[1] = 8 >> 3;
642 memcpy(opt + 2, &nonce, 6);
643 }
644
645 return skb;
646}
647EXPORT_SYMBOL(ndisc_ns_create);
648
649void ndisc_send_ns(struct net_device *dev, const struct in6_addr *solicit,
650 const struct in6_addr *daddr, const struct in6_addr *saddr,
651 u64 nonce)
652{
653 struct in6_addr addr_buf;
654 struct sk_buff *skb;
655
656 if (!saddr) {
657 if (ipv6_get_lladdr(dev, &addr_buf,
658 (IFA_F_TENTATIVE | IFA_F_OPTIMISTIC)))
659 return;
660 saddr = &addr_buf;
661 }
662
663 skb = ndisc_ns_create(dev, solicit, saddr, nonce);
664
665 if (skb)
666 ndisc_send_skb(skb, daddr, saddr);
667}
668
669void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
670 const struct in6_addr *daddr)
671{
672 struct sk_buff *skb;
673 struct rs_msg *msg;
674 int send_sllao = dev->addr_len;
675 int optlen = 0;
676
677#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
678 /*
679 * According to section 2.2 of RFC 4429, we must not
680 * send router solicitations with a sllao from
681 * optimistic addresses, but we may send the solicitation
682 * if we don't include the sllao. So here we check
683 * if our address is optimistic, and if so, we
684 * suppress the inclusion of the sllao.
685 */
686 if (send_sllao) {
687 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
688 dev, 1);
689 if (ifp) {
690 if (ifp->flags & IFA_F_OPTIMISTIC) {
691 send_sllao = 0;
692 }
693 in6_ifa_put(ifp);
694 } else {
695 send_sllao = 0;
696 }
697 }
698#endif
699 if (send_sllao)
700 optlen += ndisc_opt_addr_space(dev, NDISC_ROUTER_SOLICITATION);
701
702 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
703 if (!skb)
704 return;
705
706 msg = skb_put(skb, sizeof(*msg));
707 *msg = (struct rs_msg) {
708 .icmph = {
709 .icmp6_type = NDISC_ROUTER_SOLICITATION,
710 },
711 };
712
713 if (send_sllao)
714 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
715 dev->dev_addr,
716 NDISC_ROUTER_SOLICITATION);
717
718 ndisc_send_skb(skb, daddr, saddr);
719}
720
721
722static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
723{
724 /*
725 * "The sender MUST return an ICMP
726 * destination unreachable"
727 */
728 dst_link_failure(skb);
729 kfree_skb(skb);
730}
731
732/* Called with locked neigh: either read or both */
733
734static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
735{
736 struct in6_addr *saddr = NULL;
737 struct in6_addr mcaddr;
738 struct net_device *dev = neigh->dev;
739 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
740 int probes = atomic_read(&neigh->probes);
741
742 if (skb && ipv6_chk_addr_and_flags(dev_net(dev), &ipv6_hdr(skb)->saddr,
743 dev, false, 1,
744 IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))
745 saddr = &ipv6_hdr(skb)->saddr;
746 probes -= NEIGH_VAR(neigh->parms, UCAST_PROBES);
747 if (probes < 0) {
748 if (!(neigh->nud_state & NUD_VALID)) {
749 ND_PRINTK(1, dbg,
750 "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
751 __func__, target);
752 }
753 ndisc_send_ns(dev, target, target, saddr, 0);
754 } else if ((probes -= NEIGH_VAR(neigh->parms, APP_PROBES)) < 0) {
755 neigh_app_ns(neigh);
756 } else {
757 addrconf_addr_solict_mult(target, &mcaddr);
758 ndisc_send_ns(dev, target, &mcaddr, saddr, 0);
759 }
760}
761
762static int pndisc_is_router(const void *pkey,
763 struct net_device *dev)
764{
765 struct pneigh_entry *n;
766 int ret = -1;
767
768 read_lock_bh(&nd_tbl.lock);
769 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
770 if (n)
771 ret = !!(n->flags & NTF_ROUTER);
772 read_unlock_bh(&nd_tbl.lock);
773
774 return ret;
775}
776
777void ndisc_update(const struct net_device *dev, struct neighbour *neigh,
778 const u8 *lladdr, u8 new, u32 flags, u8 icmp6_type,
779 struct ndisc_options *ndopts)
780{
781 neigh_update(neigh, lladdr, new, flags, 0);
782 /* report ndisc ops about neighbour update */
783 ndisc_ops_update(dev, neigh, flags, icmp6_type, ndopts);
784}
785
786static void ndisc_recv_ns(struct sk_buff *skb)
787{
788 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
789 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
790 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
791 u8 *lladdr = NULL;
792 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
793 offsetof(struct nd_msg, opt));
794 struct ndisc_options ndopts;
795 struct net_device *dev = skb->dev;
796 struct inet6_ifaddr *ifp;
797 struct inet6_dev *idev = NULL;
798 struct neighbour *neigh;
799 int dad = ipv6_addr_any(saddr);
800 bool inc;
801 int is_router = -1;
802 u64 nonce = 0;
803
804 if (skb->len < sizeof(struct nd_msg)) {
805 ND_PRINTK(2, warn, "NS: packet too short\n");
806 return;
807 }
808
809 if (ipv6_addr_is_multicast(&msg->target)) {
810 ND_PRINTK(2, warn, "NS: multicast target address\n");
811 return;
812 }
813
814 /*
815 * RFC2461 7.1.1:
816 * DAD has to be destined for solicited node multicast address.
817 */
818 if (dad && !ipv6_addr_is_solict_mult(daddr)) {
819 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
820 return;
821 }
822
823 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
824 ND_PRINTK(2, warn, "NS: invalid ND options\n");
825 return;
826 }
827
828 if (ndopts.nd_opts_src_lladdr) {
829 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
830 if (!lladdr) {
831 ND_PRINTK(2, warn,
832 "NS: invalid link-layer address length\n");
833 return;
834 }
835
836 /* RFC2461 7.1.1:
837 * If the IP source address is the unspecified address,
838 * there MUST NOT be source link-layer address option
839 * in the message.
840 */
841 if (dad) {
842 ND_PRINTK(2, warn,
843 "NS: bad DAD packet (link-layer address option)\n");
844 return;
845 }
846 }
847 if (ndopts.nd_opts_nonce && ndopts.nd_opts_nonce->nd_opt_len == 1)
848 memcpy(&nonce, (u8 *)(ndopts.nd_opts_nonce + 1), 6);
849
850 inc = ipv6_addr_is_multicast(daddr);
851
852 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
853 if (ifp) {
854have_ifp:
855 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
856 if (dad) {
857 if (nonce != 0 && ifp->dad_nonce == nonce) {
858 u8 *np = (u8 *)&nonce;
859 /* Matching nonce if looped back */
860 ND_PRINTK(2, notice,
861 "%s: IPv6 DAD loopback for address %pI6c nonce %pM ignored\n",
862 ifp->idev->dev->name,
863 &ifp->addr, np);
864 goto out;
865 }
866 /*
867 * We are colliding with another node
868 * who is doing DAD
869 * so fail our DAD process
870 */
871 addrconf_dad_failure(skb, ifp);
872 return;
873 } else {
874 /*
875 * This is not a dad solicitation.
876 * If we are an optimistic node,
877 * we should respond.
878 * Otherwise, we should ignore it.
879 */
880 if (!(ifp->flags & IFA_F_OPTIMISTIC))
881 goto out;
882 }
883 }
884
885 idev = ifp->idev;
886 } else {
887 struct net *net = dev_net(dev);
888
889 /* perhaps an address on the master device */
890 if (netif_is_l3_slave(dev)) {
891 struct net_device *mdev;
892
893 mdev = netdev_master_upper_dev_get_rcu(dev);
894 if (mdev) {
895 ifp = ipv6_get_ifaddr(net, &msg->target, mdev, 1);
896 if (ifp)
897 goto have_ifp;
898 }
899 }
900
901 idev = in6_dev_get(dev);
902 if (!idev) {
903 /* XXX: count this drop? */
904 return;
905 }
906
907 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
908 (idev->cnf.forwarding &&
909 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
910 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
911 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
912 skb->pkt_type != PACKET_HOST &&
913 inc &&
914 NEIGH_VAR(idev->nd_parms, PROXY_DELAY) != 0) {
915 /*
916 * for anycast or proxy,
917 * sender should delay its response
918 * by a random time between 0 and
919 * MAX_ANYCAST_DELAY_TIME seconds.
920 * (RFC2461) -- yoshfuji
921 */
922 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
923 if (n)
924 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
925 goto out;
926 }
927 } else
928 goto out;
929 }
930
931 if (is_router < 0)
932 is_router = idev->cnf.forwarding;
933
934 if (dad) {
935 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &msg->target,
936 !!is_router, false, (ifp != NULL), true);
937 goto out;
938 }
939
940 if (inc)
941 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
942 else
943 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
944
945 /*
946 * update / create cache entry
947 * for the source address
948 */
949 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
950 !inc || lladdr || !dev->addr_len);
951 if (neigh)
952 ndisc_update(dev, neigh, lladdr, NUD_STALE,
953 NEIGH_UPDATE_F_WEAK_OVERRIDE|
954 NEIGH_UPDATE_F_OVERRIDE,
955 NDISC_NEIGHBOUR_SOLICITATION, &ndopts);
956 if (neigh || !dev->header_ops) {
957 ndisc_send_na(dev, saddr, &msg->target, !!is_router,
958 true, (ifp != NULL && inc), inc);
959 if (neigh)
960 neigh_release(neigh);
961 }
962
963out:
964 if (ifp)
965 in6_ifa_put(ifp);
966 else
967 in6_dev_put(idev);
968}
969
970static int accept_untracked_na(struct net_device *dev, struct in6_addr *saddr)
971{
972 struct inet6_dev *idev = __in6_dev_get(dev);
973
974 switch (idev->cnf.accept_untracked_na) {
975 case 0: /* Don't accept untracked na (absent in neighbor cache) */
976 return 0;
977 case 1: /* Create new entries from na if currently untracked */
978 return 1;
979 case 2: /* Create new entries from untracked na only if saddr is in the
980 * same subnet as an address configured on the interface that
981 * received the na
982 */
983 return !!ipv6_chk_prefix(saddr, dev);
984 default:
985 return 0;
986 }
987}
988
989static void ndisc_recv_na(struct sk_buff *skb)
990{
991 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
992 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
993 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
994 u8 *lladdr = NULL;
995 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
996 offsetof(struct nd_msg, opt));
997 struct ndisc_options ndopts;
998 struct net_device *dev = skb->dev;
999 struct inet6_dev *idev = __in6_dev_get(dev);
1000 struct inet6_ifaddr *ifp;
1001 struct neighbour *neigh;
1002 u8 new_state;
1003
1004 if (skb->len < sizeof(struct nd_msg)) {
1005 ND_PRINTK(2, warn, "NA: packet too short\n");
1006 return;
1007 }
1008
1009 if (ipv6_addr_is_multicast(&msg->target)) {
1010 ND_PRINTK(2, warn, "NA: target address is multicast\n");
1011 return;
1012 }
1013
1014 if (ipv6_addr_is_multicast(daddr) &&
1015 msg->icmph.icmp6_solicited) {
1016 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
1017 return;
1018 }
1019
1020 /* For some 802.11 wireless deployments (and possibly other networks),
1021 * there will be a NA proxy and unsolicitd packets are attacks
1022 * and thus should not be accepted.
1023 * drop_unsolicited_na takes precedence over accept_untracked_na
1024 */
1025 if (!msg->icmph.icmp6_solicited && idev &&
1026 idev->cnf.drop_unsolicited_na)
1027 return;
1028
1029 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
1030 ND_PRINTK(2, warn, "NS: invalid ND option\n");
1031 return;
1032 }
1033 if (ndopts.nd_opts_tgt_lladdr) {
1034 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
1035 if (!lladdr) {
1036 ND_PRINTK(2, warn,
1037 "NA: invalid link-layer address length\n");
1038 return;
1039 }
1040 }
1041 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
1042 if (ifp) {
1043 if (skb->pkt_type != PACKET_LOOPBACK
1044 && (ifp->flags & IFA_F_TENTATIVE)) {
1045 addrconf_dad_failure(skb, ifp);
1046 return;
1047 }
1048 /* What should we make now? The advertisement
1049 is invalid, but ndisc specs say nothing
1050 about it. It could be misconfiguration, or
1051 an smart proxy agent tries to help us :-)
1052
1053 We should not print the error if NA has been
1054 received from loopback - it is just our own
1055 unsolicited advertisement.
1056 */
1057 if (skb->pkt_type != PACKET_LOOPBACK)
1058 ND_PRINTK(1, warn,
1059 "NA: %pM advertised our address %pI6c on %s!\n",
1060 eth_hdr(skb)->h_source, &ifp->addr, ifp->idev->dev->name);
1061 in6_ifa_put(ifp);
1062 return;
1063 }
1064
1065 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
1066
1067 /* RFC 9131 updates original Neighbour Discovery RFC 4861.
1068 * NAs with Target LL Address option without a corresponding
1069 * entry in the neighbour cache can now create a STALE neighbour
1070 * cache entry on routers.
1071 *
1072 * entry accept fwding solicited behaviour
1073 * ------- ------ ------ --------- ----------------------
1074 * present X X 0 Set state to STALE
1075 * present X X 1 Set state to REACHABLE
1076 * absent 0 X X Do nothing
1077 * absent 1 0 X Do nothing
1078 * absent 1 1 X Add a new STALE entry
1079 *
1080 * Note that we don't do a (daddr == all-routers-mcast) check.
1081 */
1082 new_state = msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE;
1083 if (!neigh && lladdr && idev && idev->cnf.forwarding) {
1084 if (accept_untracked_na(dev, saddr)) {
1085 neigh = neigh_create(&nd_tbl, &msg->target, dev);
1086 new_state = NUD_STALE;
1087 }
1088 }
1089
1090 if (neigh && !IS_ERR(neigh)) {
1091 u8 old_flags = neigh->flags;
1092 struct net *net = dev_net(dev);
1093
1094 if (neigh->nud_state & NUD_FAILED)
1095 goto out;
1096
1097 /*
1098 * Don't update the neighbor cache entry on a proxy NA from
1099 * ourselves because either the proxied node is off link or it
1100 * has already sent a NA to us.
1101 */
1102 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
1103 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
1104 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
1105 /* XXX: idev->cnf.proxy_ndp */
1106 goto out;
1107 }
1108
1109 ndisc_update(dev, neigh, lladdr,
1110 new_state,
1111 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1112 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
1113 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1114 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0),
1115 NDISC_NEIGHBOUR_ADVERTISEMENT, &ndopts);
1116
1117 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
1118 /*
1119 * Change: router to host
1120 */
1121 rt6_clean_tohost(dev_net(dev), saddr);
1122 }
1123
1124out:
1125 neigh_release(neigh);
1126 }
1127}
1128
1129static void ndisc_recv_rs(struct sk_buff *skb)
1130{
1131 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
1132 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
1133 struct neighbour *neigh;
1134 struct inet6_dev *idev;
1135 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
1136 struct ndisc_options ndopts;
1137 u8 *lladdr = NULL;
1138
1139 if (skb->len < sizeof(*rs_msg))
1140 return;
1141
1142 idev = __in6_dev_get(skb->dev);
1143 if (!idev) {
1144 ND_PRINTK(1, err, "RS: can't find in6 device\n");
1145 return;
1146 }
1147
1148 /* Don't accept RS if we're not in router mode */
1149 if (!idev->cnf.forwarding)
1150 goto out;
1151
1152 /*
1153 * Don't update NCE if src = ::;
1154 * this implies that the source node has no ip address assigned yet.
1155 */
1156 if (ipv6_addr_any(saddr))
1157 goto out;
1158
1159 /* Parse ND options */
1160 if (!ndisc_parse_options(skb->dev, rs_msg->opt, ndoptlen, &ndopts)) {
1161 ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n");
1162 goto out;
1163 }
1164
1165 if (ndopts.nd_opts_src_lladdr) {
1166 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1167 skb->dev);
1168 if (!lladdr)
1169 goto out;
1170 }
1171
1172 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1173 if (neigh) {
1174 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1175 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1176 NEIGH_UPDATE_F_OVERRIDE|
1177 NEIGH_UPDATE_F_OVERRIDE_ISROUTER,
1178 NDISC_ROUTER_SOLICITATION, &ndopts);
1179 neigh_release(neigh);
1180 }
1181out:
1182 return;
1183}
1184
1185static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1186{
1187 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1188 struct sk_buff *skb;
1189 struct nlmsghdr *nlh;
1190 struct nduseroptmsg *ndmsg;
1191 struct net *net = dev_net(ra->dev);
1192 int err;
1193 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1194 + (opt->nd_opt_len << 3));
1195 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1196
1197 skb = nlmsg_new(msg_size, GFP_ATOMIC);
1198 if (!skb) {
1199 err = -ENOBUFS;
1200 goto errout;
1201 }
1202
1203 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1204 if (!nlh) {
1205 goto nla_put_failure;
1206 }
1207
1208 ndmsg = nlmsg_data(nlh);
1209 ndmsg->nduseropt_family = AF_INET6;
1210 ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1211 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1212 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1213 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1214
1215 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1216
1217 if (nla_put_in6_addr(skb, NDUSEROPT_SRCADDR, &ipv6_hdr(ra)->saddr))
1218 goto nla_put_failure;
1219 nlmsg_end(skb, nlh);
1220
1221 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1222 return;
1223
1224nla_put_failure:
1225 nlmsg_free(skb);
1226 err = -EMSGSIZE;
1227errout:
1228 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1229}
1230
1231static void ndisc_router_discovery(struct sk_buff *skb)
1232{
1233 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1234 struct neighbour *neigh = NULL;
1235 struct inet6_dev *in6_dev;
1236 struct fib6_info *rt = NULL;
1237 u32 defrtr_usr_metric;
1238 struct net *net;
1239 int lifetime;
1240 struct ndisc_options ndopts;
1241 int optlen;
1242 unsigned int pref = 0;
1243 __u32 old_if_flags;
1244 bool send_ifinfo_notify = false;
1245
1246 __u8 *opt = (__u8 *)(ra_msg + 1);
1247
1248 optlen = (skb_tail_pointer(skb) - skb_transport_header(skb)) -
1249 sizeof(struct ra_msg);
1250
1251 ND_PRINTK(2, info,
1252 "RA: %s, dev: %s\n",
1253 __func__, skb->dev->name);
1254 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1255 ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1256 return;
1257 }
1258 if (optlen < 0) {
1259 ND_PRINTK(2, warn, "RA: packet too short\n");
1260 return;
1261 }
1262
1263#ifdef CONFIG_IPV6_NDISC_NODETYPE
1264 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1265 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
1266 return;
1267 }
1268#endif
1269
1270 /*
1271 * set the RA_RECV flag in the interface
1272 */
1273
1274 in6_dev = __in6_dev_get(skb->dev);
1275 if (!in6_dev) {
1276 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1277 skb->dev->name);
1278 return;
1279 }
1280
1281 if (!ndisc_parse_options(skb->dev, opt, optlen, &ndopts)) {
1282 ND_PRINTK(2, warn, "RA: invalid ND options\n");
1283 return;
1284 }
1285
1286 if (!ipv6_accept_ra(in6_dev)) {
1287 ND_PRINTK(2, info,
1288 "RA: %s, did not accept ra for dev: %s\n",
1289 __func__, skb->dev->name);
1290 goto skip_linkparms;
1291 }
1292
1293#ifdef CONFIG_IPV6_NDISC_NODETYPE
1294 /* skip link-specific parameters from interior routers */
1295 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1296 ND_PRINTK(2, info,
1297 "RA: %s, nodetype is NODEFAULT, dev: %s\n",
1298 __func__, skb->dev->name);
1299 goto skip_linkparms;
1300 }
1301#endif
1302
1303 if (in6_dev->if_flags & IF_RS_SENT) {
1304 /*
1305 * flag that an RA was received after an RS was sent
1306 * out on this interface.
1307 */
1308 in6_dev->if_flags |= IF_RA_RCVD;
1309 }
1310
1311 /*
1312 * Remember the managed/otherconf flags from most recently
1313 * received RA message (RFC 2462) -- yoshfuji
1314 */
1315 old_if_flags = in6_dev->if_flags;
1316 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1317 IF_RA_OTHERCONF)) |
1318 (ra_msg->icmph.icmp6_addrconf_managed ?
1319 IF_RA_MANAGED : 0) |
1320 (ra_msg->icmph.icmp6_addrconf_other ?
1321 IF_RA_OTHERCONF : 0);
1322
1323 if (old_if_flags != in6_dev->if_flags)
1324 send_ifinfo_notify = true;
1325
1326 if (!in6_dev->cnf.accept_ra_defrtr) {
1327 ND_PRINTK(2, info,
1328 "RA: %s, defrtr is false for dev: %s\n",
1329 __func__, skb->dev->name);
1330 goto skip_defrtr;
1331 }
1332
1333 /* Do not accept RA with source-addr found on local machine unless
1334 * accept_ra_from_local is set to true.
1335 */
1336 net = dev_net(in6_dev->dev);
1337 if (!in6_dev->cnf.accept_ra_from_local &&
1338 ipv6_chk_addr(net, &ipv6_hdr(skb)->saddr, in6_dev->dev, 0)) {
1339 ND_PRINTK(2, info,
1340 "RA from local address detected on dev: %s: default router ignored\n",
1341 skb->dev->name);
1342 goto skip_defrtr;
1343 }
1344
1345 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1346
1347#ifdef CONFIG_IPV6_ROUTER_PREF
1348 pref = ra_msg->icmph.icmp6_router_pref;
1349 /* 10b is handled as if it were 00b (medium) */
1350 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1351 !in6_dev->cnf.accept_ra_rtr_pref)
1352 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1353#endif
1354 /* routes added from RAs do not use nexthop objects */
1355 rt = rt6_get_dflt_router(net, &ipv6_hdr(skb)->saddr, skb->dev);
1356 if (rt) {
1357 neigh = ip6_neigh_lookup(&rt->fib6_nh->fib_nh_gw6,
1358 rt->fib6_nh->fib_nh_dev, NULL,
1359 &ipv6_hdr(skb)->saddr);
1360 if (!neigh) {
1361 ND_PRINTK(0, err,
1362 "RA: %s got default router without neighbour\n",
1363 __func__);
1364 fib6_info_release(rt);
1365 return;
1366 }
1367 }
1368 /* Set default route metric as specified by user */
1369 defrtr_usr_metric = in6_dev->cnf.ra_defrtr_metric;
1370 /* delete the route if lifetime is 0 or if metric needs change */
1371 if (rt && (lifetime == 0 || rt->fib6_metric != defrtr_usr_metric)) {
1372 ip6_del_rt(net, rt, false);
1373 rt = NULL;
1374 }
1375
1376 ND_PRINTK(3, info, "RA: rt: %p lifetime: %d, metric: %d, for dev: %s\n",
1377 rt, lifetime, defrtr_usr_metric, skb->dev->name);
1378 if (!rt && lifetime) {
1379 ND_PRINTK(3, info, "RA: adding default router\n");
1380
1381 if (neigh)
1382 neigh_release(neigh);
1383
1384 rt = rt6_add_dflt_router(net, &ipv6_hdr(skb)->saddr,
1385 skb->dev, pref, defrtr_usr_metric);
1386 if (!rt) {
1387 ND_PRINTK(0, err,
1388 "RA: %s failed to add default route\n",
1389 __func__);
1390 return;
1391 }
1392
1393 neigh = ip6_neigh_lookup(&rt->fib6_nh->fib_nh_gw6,
1394 rt->fib6_nh->fib_nh_dev, NULL,
1395 &ipv6_hdr(skb)->saddr);
1396 if (!neigh) {
1397 ND_PRINTK(0, err,
1398 "RA: %s got default router without neighbour\n",
1399 __func__);
1400 fib6_info_release(rt);
1401 return;
1402 }
1403 neigh->flags |= NTF_ROUTER;
1404 } else if (rt && IPV6_EXTRACT_PREF(rt->fib6_flags) != pref) {
1405 struct nl_info nlinfo = {
1406 .nl_net = net,
1407 };
1408 rt->fib6_flags = (rt->fib6_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1409 inet6_rt_notify(RTM_NEWROUTE, rt, &nlinfo, NLM_F_REPLACE);
1410 }
1411
1412 if (rt)
1413 fib6_set_expires(rt, jiffies + (HZ * lifetime));
1414 if (in6_dev->cnf.accept_ra_min_hop_limit < 256 &&
1415 ra_msg->icmph.icmp6_hop_limit) {
1416 if (in6_dev->cnf.accept_ra_min_hop_limit <= ra_msg->icmph.icmp6_hop_limit) {
1417 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1418 fib6_metric_set(rt, RTAX_HOPLIMIT,
1419 ra_msg->icmph.icmp6_hop_limit);
1420 } else {
1421 ND_PRINTK(2, warn, "RA: Got route advertisement with lower hop_limit than minimum\n");
1422 }
1423 }
1424
1425skip_defrtr:
1426
1427 /*
1428 * Update Reachable Time and Retrans Timer
1429 */
1430
1431 if (in6_dev->nd_parms) {
1432 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1433
1434 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1435 rtime = (rtime*HZ)/1000;
1436 if (rtime < HZ/100)
1437 rtime = HZ/100;
1438 NEIGH_VAR_SET(in6_dev->nd_parms, RETRANS_TIME, rtime);
1439 in6_dev->tstamp = jiffies;
1440 send_ifinfo_notify = true;
1441 }
1442
1443 rtime = ntohl(ra_msg->reachable_time);
1444 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1445 rtime = (rtime*HZ)/1000;
1446
1447 if (rtime < HZ/10)
1448 rtime = HZ/10;
1449
1450 if (rtime != NEIGH_VAR(in6_dev->nd_parms, BASE_REACHABLE_TIME)) {
1451 NEIGH_VAR_SET(in6_dev->nd_parms,
1452 BASE_REACHABLE_TIME, rtime);
1453 NEIGH_VAR_SET(in6_dev->nd_parms,
1454 GC_STALETIME, 3 * rtime);
1455 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1456 in6_dev->tstamp = jiffies;
1457 send_ifinfo_notify = true;
1458 }
1459 }
1460 }
1461
1462skip_linkparms:
1463
1464 /*
1465 * Process options.
1466 */
1467
1468 if (!neigh)
1469 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1470 skb->dev, 1);
1471 if (neigh) {
1472 u8 *lladdr = NULL;
1473 if (ndopts.nd_opts_src_lladdr) {
1474 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1475 skb->dev);
1476 if (!lladdr) {
1477 ND_PRINTK(2, warn,
1478 "RA: invalid link-layer address length\n");
1479 goto out;
1480 }
1481 }
1482 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1483 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1484 NEIGH_UPDATE_F_OVERRIDE|
1485 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1486 NEIGH_UPDATE_F_ISROUTER,
1487 NDISC_ROUTER_ADVERTISEMENT, &ndopts);
1488 }
1489
1490 if (!ipv6_accept_ra(in6_dev)) {
1491 ND_PRINTK(2, info,
1492 "RA: %s, accept_ra is false for dev: %s\n",
1493 __func__, skb->dev->name);
1494 goto out;
1495 }
1496
1497#ifdef CONFIG_IPV6_ROUTE_INFO
1498 if (!in6_dev->cnf.accept_ra_from_local &&
1499 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
1500 in6_dev->dev, 0)) {
1501 ND_PRINTK(2, info,
1502 "RA from local address detected on dev: %s: router info ignored.\n",
1503 skb->dev->name);
1504 goto skip_routeinfo;
1505 }
1506
1507 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1508 struct nd_opt_hdr *p;
1509 for (p = ndopts.nd_opts_ri;
1510 p;
1511 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1512 struct route_info *ri = (struct route_info *)p;
1513#ifdef CONFIG_IPV6_NDISC_NODETYPE
1514 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1515 ri->prefix_len == 0)
1516 continue;
1517#endif
1518 if (ri->prefix_len == 0 &&
1519 !in6_dev->cnf.accept_ra_defrtr)
1520 continue;
1521 if (ri->prefix_len < in6_dev->cnf.accept_ra_rt_info_min_plen)
1522 continue;
1523 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1524 continue;
1525 rt6_route_rcv(skb->dev, (u8 *)p, (p->nd_opt_len) << 3,
1526 &ipv6_hdr(skb)->saddr);
1527 }
1528 }
1529
1530skip_routeinfo:
1531#endif
1532
1533#ifdef CONFIG_IPV6_NDISC_NODETYPE
1534 /* skip link-specific ndopts from interior routers */
1535 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1536 ND_PRINTK(2, info,
1537 "RA: %s, nodetype is NODEFAULT (interior routes), dev: %s\n",
1538 __func__, skb->dev->name);
1539 goto out;
1540 }
1541#endif
1542
1543 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1544 struct nd_opt_hdr *p;
1545 for (p = ndopts.nd_opts_pi;
1546 p;
1547 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1548 addrconf_prefix_rcv(skb->dev, (u8 *)p,
1549 (p->nd_opt_len) << 3,
1550 ndopts.nd_opts_src_lladdr != NULL);
1551 }
1552 }
1553
1554 if (ndopts.nd_opts_mtu && in6_dev->cnf.accept_ra_mtu) {
1555 __be32 n;
1556 u32 mtu;
1557
1558 memcpy(&n, ((u8 *)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1559 mtu = ntohl(n);
1560
1561 if (in6_dev->ra_mtu != mtu) {
1562 in6_dev->ra_mtu = mtu;
1563 send_ifinfo_notify = true;
1564 }
1565
1566 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1567 ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1568 } else if (in6_dev->cnf.mtu6 != mtu) {
1569 in6_dev->cnf.mtu6 = mtu;
1570 fib6_metric_set(rt, RTAX_MTU, mtu);
1571 rt6_mtu_change(skb->dev, mtu);
1572 }
1573 }
1574
1575 if (ndopts.nd_useropts) {
1576 struct nd_opt_hdr *p;
1577 for (p = ndopts.nd_useropts;
1578 p;
1579 p = ndisc_next_useropt(skb->dev, p,
1580 ndopts.nd_useropts_end)) {
1581 ndisc_ra_useropt(skb, p);
1582 }
1583 }
1584
1585 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1586 ND_PRINTK(2, warn, "RA: invalid RA options\n");
1587 }
1588out:
1589 /* Send a notify if RA changed managed/otherconf flags or
1590 * timer settings or ra_mtu value
1591 */
1592 if (send_ifinfo_notify)
1593 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1594
1595 fib6_info_release(rt);
1596 if (neigh)
1597 neigh_release(neigh);
1598}
1599
1600static void ndisc_redirect_rcv(struct sk_buff *skb)
1601{
1602 u8 *hdr;
1603 struct ndisc_options ndopts;
1604 struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb);
1605 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
1606 offsetof(struct rd_msg, opt));
1607
1608#ifdef CONFIG_IPV6_NDISC_NODETYPE
1609 switch (skb->ndisc_nodetype) {
1610 case NDISC_NODETYPE_HOST:
1611 case NDISC_NODETYPE_NODEFAULT:
1612 ND_PRINTK(2, warn,
1613 "Redirect: from host or unauthorized router\n");
1614 return;
1615 }
1616#endif
1617
1618 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1619 ND_PRINTK(2, warn,
1620 "Redirect: source address is not link-local\n");
1621 return;
1622 }
1623
1624 if (!ndisc_parse_options(skb->dev, msg->opt, ndoptlen, &ndopts))
1625 return;
1626
1627 if (!ndopts.nd_opts_rh) {
1628 ip6_redirect_no_header(skb, dev_net(skb->dev),
1629 skb->dev->ifindex);
1630 return;
1631 }
1632
1633 hdr = (u8 *)ndopts.nd_opts_rh;
1634 hdr += 8;
1635 if (!pskb_pull(skb, hdr - skb_transport_header(skb)))
1636 return;
1637
1638 icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1639}
1640
1641static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb,
1642 struct sk_buff *orig_skb,
1643 int rd_len)
1644{
1645 u8 *opt = skb_put(skb, rd_len);
1646
1647 memset(opt, 0, 8);
1648 *(opt++) = ND_OPT_REDIRECT_HDR;
1649 *(opt++) = (rd_len >> 3);
1650 opt += 6;
1651
1652 skb_copy_bits(orig_skb, skb_network_offset(orig_skb), opt,
1653 rd_len - 8);
1654}
1655
1656void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1657{
1658 struct net_device *dev = skb->dev;
1659 struct net *net = dev_net(dev);
1660 struct sock *sk = net->ipv6.ndisc_sk;
1661 int optlen = 0;
1662 struct inet_peer *peer;
1663 struct sk_buff *buff;
1664 struct rd_msg *msg;
1665 struct in6_addr saddr_buf;
1666 struct rt6_info *rt;
1667 struct dst_entry *dst;
1668 struct flowi6 fl6;
1669 int rd_len;
1670 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL,
1671 ops_data_buf[NDISC_OPS_REDIRECT_DATA_SPACE], *ops_data = NULL;
1672 bool ret;
1673
1674 if (netif_is_l3_master(skb->dev)) {
1675 dev = __dev_get_by_index(dev_net(skb->dev), IPCB(skb)->iif);
1676 if (!dev)
1677 return;
1678 }
1679
1680 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1681 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1682 dev->name);
1683 return;
1684 }
1685
1686 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1687 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1688 ND_PRINTK(2, warn,
1689 "Redirect: target address is not link-local unicast\n");
1690 return;
1691 }
1692
1693 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1694 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1695
1696 dst = ip6_route_output(net, NULL, &fl6);
1697 if (dst->error) {
1698 dst_release(dst);
1699 return;
1700 }
1701 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1702 if (IS_ERR(dst))
1703 return;
1704
1705 rt = (struct rt6_info *) dst;
1706
1707 if (rt->rt6i_flags & RTF_GATEWAY) {
1708 ND_PRINTK(2, warn,
1709 "Redirect: destination is not a neighbour\n");
1710 goto release;
1711 }
1712 peer = inet_getpeer_v6(net->ipv6.peers, &ipv6_hdr(skb)->saddr, 1);
1713 ret = inet_peer_xrlim_allow(peer, 1*HZ);
1714 if (peer)
1715 inet_putpeer(peer);
1716 if (!ret)
1717 goto release;
1718
1719 if (dev->addr_len) {
1720 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1721 if (!neigh) {
1722 ND_PRINTK(2, warn,
1723 "Redirect: no neigh for target address\n");
1724 goto release;
1725 }
1726
1727 read_lock_bh(&neigh->lock);
1728 if (neigh->nud_state & NUD_VALID) {
1729 memcpy(ha_buf, neigh->ha, dev->addr_len);
1730 read_unlock_bh(&neigh->lock);
1731 ha = ha_buf;
1732 optlen += ndisc_redirect_opt_addr_space(dev, neigh,
1733 ops_data_buf,
1734 &ops_data);
1735 } else
1736 read_unlock_bh(&neigh->lock);
1737
1738 neigh_release(neigh);
1739 }
1740
1741 rd_len = min_t(unsigned int,
1742 IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen,
1743 skb->len + 8);
1744 rd_len &= ~0x7;
1745 optlen += rd_len;
1746
1747 buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
1748 if (!buff)
1749 goto release;
1750
1751 msg = skb_put(buff, sizeof(*msg));
1752 *msg = (struct rd_msg) {
1753 .icmph = {
1754 .icmp6_type = NDISC_REDIRECT,
1755 },
1756 .target = *target,
1757 .dest = ipv6_hdr(skb)->daddr,
1758 };
1759
1760 /*
1761 * include target_address option
1762 */
1763
1764 if (ha)
1765 ndisc_fill_redirect_addr_option(buff, ha, ops_data);
1766
1767 /*
1768 * build redirect option and copy skb over to the new packet.
1769 */
1770
1771 if (rd_len)
1772 ndisc_fill_redirect_hdr_option(buff, skb, rd_len);
1773
1774 skb_dst_set(buff, dst);
1775 ndisc_send_skb(buff, &ipv6_hdr(skb)->saddr, &saddr_buf);
1776 return;
1777
1778release:
1779 dst_release(dst);
1780}
1781
1782static void pndisc_redo(struct sk_buff *skb)
1783{
1784 ndisc_recv_ns(skb);
1785 kfree_skb(skb);
1786}
1787
1788static int ndisc_is_multicast(const void *pkey)
1789{
1790 return ipv6_addr_is_multicast((struct in6_addr *)pkey);
1791}
1792
1793static bool ndisc_suppress_frag_ndisc(struct sk_buff *skb)
1794{
1795 struct inet6_dev *idev = __in6_dev_get(skb->dev);
1796
1797 if (!idev)
1798 return true;
1799 if (IP6CB(skb)->flags & IP6SKB_FRAGMENTED &&
1800 idev->cnf.suppress_frag_ndisc) {
1801 net_warn_ratelimited("Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.\n");
1802 return true;
1803 }
1804 return false;
1805}
1806
1807int ndisc_rcv(struct sk_buff *skb)
1808{
1809 struct nd_msg *msg;
1810
1811 if (ndisc_suppress_frag_ndisc(skb))
1812 return 0;
1813
1814 if (skb_linearize(skb))
1815 return 0;
1816
1817 msg = (struct nd_msg *)skb_transport_header(skb);
1818
1819 __skb_push(skb, skb->data - skb_transport_header(skb));
1820
1821 if (ipv6_hdr(skb)->hop_limit != 255) {
1822 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1823 ipv6_hdr(skb)->hop_limit);
1824 return 0;
1825 }
1826
1827 if (msg->icmph.icmp6_code != 0) {
1828 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1829 msg->icmph.icmp6_code);
1830 return 0;
1831 }
1832
1833 switch (msg->icmph.icmp6_type) {
1834 case NDISC_NEIGHBOUR_SOLICITATION:
1835 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1836 ndisc_recv_ns(skb);
1837 break;
1838
1839 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1840 ndisc_recv_na(skb);
1841 break;
1842
1843 case NDISC_ROUTER_SOLICITATION:
1844 ndisc_recv_rs(skb);
1845 break;
1846
1847 case NDISC_ROUTER_ADVERTISEMENT:
1848 ndisc_router_discovery(skb);
1849 break;
1850
1851 case NDISC_REDIRECT:
1852 ndisc_redirect_rcv(skb);
1853 break;
1854 }
1855
1856 return 0;
1857}
1858
1859static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1860{
1861 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1862 struct netdev_notifier_change_info *change_info;
1863 struct net *net = dev_net(dev);
1864 struct inet6_dev *idev;
1865 bool evict_nocarrier;
1866
1867 switch (event) {
1868 case NETDEV_CHANGEADDR:
1869 neigh_changeaddr(&nd_tbl, dev);
1870 fib6_run_gc(0, net, false);
1871 fallthrough;
1872 case NETDEV_UP:
1873 idev = in6_dev_get(dev);
1874 if (!idev)
1875 break;
1876 if (idev->cnf.ndisc_notify ||
1877 net->ipv6.devconf_all->ndisc_notify)
1878 ndisc_send_unsol_na(dev);
1879 in6_dev_put(idev);
1880 break;
1881 case NETDEV_CHANGE:
1882 idev = in6_dev_get(dev);
1883 if (!idev)
1884 evict_nocarrier = true;
1885 else {
1886 evict_nocarrier = idev->cnf.ndisc_evict_nocarrier &&
1887 net->ipv6.devconf_all->ndisc_evict_nocarrier;
1888 in6_dev_put(idev);
1889 }
1890
1891 change_info = ptr;
1892 if (change_info->flags_changed & IFF_NOARP)
1893 neigh_changeaddr(&nd_tbl, dev);
1894 if (evict_nocarrier && !netif_carrier_ok(dev))
1895 neigh_carrier_down(&nd_tbl, dev);
1896 break;
1897 case NETDEV_DOWN:
1898 neigh_ifdown(&nd_tbl, dev);
1899 fib6_run_gc(0, net, false);
1900 break;
1901 case NETDEV_NOTIFY_PEERS:
1902 ndisc_send_unsol_na(dev);
1903 break;
1904 default:
1905 break;
1906 }
1907
1908 return NOTIFY_DONE;
1909}
1910
1911static struct notifier_block ndisc_netdev_notifier = {
1912 .notifier_call = ndisc_netdev_event,
1913 .priority = ADDRCONF_NOTIFY_PRIORITY - 5,
1914};
1915
1916#ifdef CONFIG_SYSCTL
1917static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1918 const char *func, const char *dev_name)
1919{
1920 static char warncomm[TASK_COMM_LEN];
1921 static int warned;
1922 if (strcmp(warncomm, current->comm) && warned < 5) {
1923 strcpy(warncomm, current->comm);
1924 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1925 warncomm, func,
1926 dev_name, ctl->procname,
1927 dev_name, ctl->procname);
1928 warned++;
1929 }
1930}
1931
1932int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void *buffer,
1933 size_t *lenp, loff_t *ppos)
1934{
1935 struct net_device *dev = ctl->extra1;
1936 struct inet6_dev *idev;
1937 int ret;
1938
1939 if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1940 (strcmp(ctl->procname, "base_reachable_time") == 0))
1941 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1942
1943 if (strcmp(ctl->procname, "retrans_time") == 0)
1944 ret = neigh_proc_dointvec(ctl, write, buffer, lenp, ppos);
1945
1946 else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1947 ret = neigh_proc_dointvec_jiffies(ctl, write,
1948 buffer, lenp, ppos);
1949
1950 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1951 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1952 ret = neigh_proc_dointvec_ms_jiffies(ctl, write,
1953 buffer, lenp, ppos);
1954 else
1955 ret = -1;
1956
1957 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1958 if (ctl->data == &NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME))
1959 idev->nd_parms->reachable_time =
1960 neigh_rand_reach_time(NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME));
1961 idev->tstamp = jiffies;
1962 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1963 in6_dev_put(idev);
1964 }
1965 return ret;
1966}
1967
1968
1969#endif
1970
1971static int __net_init ndisc_net_init(struct net *net)
1972{
1973 struct ipv6_pinfo *np;
1974 struct sock *sk;
1975 int err;
1976
1977 err = inet_ctl_sock_create(&sk, PF_INET6,
1978 SOCK_RAW, IPPROTO_ICMPV6, net);
1979 if (err < 0) {
1980 ND_PRINTK(0, err,
1981 "NDISC: Failed to initialize the control socket (err %d)\n",
1982 err);
1983 return err;
1984 }
1985
1986 net->ipv6.ndisc_sk = sk;
1987
1988 np = inet6_sk(sk);
1989 np->hop_limit = 255;
1990 /* Do not loopback ndisc messages */
1991 np->mc_loop = 0;
1992
1993 return 0;
1994}
1995
1996static void __net_exit ndisc_net_exit(struct net *net)
1997{
1998 inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1999}
2000
2001static struct pernet_operations ndisc_net_ops = {
2002 .init = ndisc_net_init,
2003 .exit = ndisc_net_exit,
2004};
2005
2006int __init ndisc_init(void)
2007{
2008 int err;
2009
2010 err = register_pernet_subsys(&ndisc_net_ops);
2011 if (err)
2012 return err;
2013 /*
2014 * Initialize the neighbour table
2015 */
2016 neigh_table_init(NEIGH_ND_TABLE, &nd_tbl);
2017
2018#ifdef CONFIG_SYSCTL
2019 err = neigh_sysctl_register(NULL, &nd_tbl.parms,
2020 ndisc_ifinfo_sysctl_change);
2021 if (err)
2022 goto out_unregister_pernet;
2023out:
2024#endif
2025 return err;
2026
2027#ifdef CONFIG_SYSCTL
2028out_unregister_pernet:
2029 unregister_pernet_subsys(&ndisc_net_ops);
2030 goto out;
2031#endif
2032}
2033
2034int __init ndisc_late_init(void)
2035{
2036 return register_netdevice_notifier(&ndisc_netdev_notifier);
2037}
2038
2039void ndisc_late_cleanup(void)
2040{
2041 unregister_netdevice_notifier(&ndisc_netdev_notifier);
2042}
2043
2044void ndisc_cleanup(void)
2045{
2046#ifdef CONFIG_SYSCTL
2047 neigh_sysctl_unregister(&nd_tbl.parms);
2048#endif
2049 neigh_table_clear(NEIGH_ND_TABLE, &nd_tbl);
2050 unregister_pernet_subsys(&ndisc_net_ops);
2051}