Loading...
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * Neighbour Discovery for IPv6
4 * Linux INET6 implementation
5 *
6 * Authors:
7 * Pedro Roque <roque@di.fc.ul.pt>
8 * Mike Shaver <shaver@ingenia.com>
9 */
10
11/*
12 * Changes:
13 *
14 * Alexey I. Froloff : RFC6106 (DNSSL) support
15 * Pierre Ynard : export userland ND options
16 * through netlink (RDNSS support)
17 * Lars Fenneberg : fixed MTU setting on receipt
18 * of an RA.
19 * Janos Farkas : kmalloc failure checks
20 * Alexey Kuznetsov : state machine reworked
21 * and moved to net/core.
22 * Pekka Savola : RFC2461 validation
23 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly
24 */
25
26#define pr_fmt(fmt) "ICMPv6: " fmt
27
28#include <linux/module.h>
29#include <linux/errno.h>
30#include <linux/types.h>
31#include <linux/socket.h>
32#include <linux/sockios.h>
33#include <linux/sched.h>
34#include <linux/net.h>
35#include <linux/in6.h>
36#include <linux/route.h>
37#include <linux/init.h>
38#include <linux/rcupdate.h>
39#include <linux/slab.h>
40#ifdef CONFIG_SYSCTL
41#include <linux/sysctl.h>
42#endif
43
44#include <linux/if_addr.h>
45#include <linux/if_ether.h>
46#include <linux/if_arp.h>
47#include <linux/ipv6.h>
48#include <linux/icmpv6.h>
49#include <linux/jhash.h>
50
51#include <net/sock.h>
52#include <net/snmp.h>
53
54#include <net/ipv6.h>
55#include <net/protocol.h>
56#include <net/ndisc.h>
57#include <net/ip6_route.h>
58#include <net/addrconf.h>
59#include <net/icmp.h>
60
61#include <net/netlink.h>
62#include <linux/rtnetlink.h>
63
64#include <net/flow.h>
65#include <net/ip6_checksum.h>
66#include <net/inet_common.h>
67#include <linux/proc_fs.h>
68
69#include <linux/netfilter.h>
70#include <linux/netfilter_ipv6.h>
71
72static u32 ndisc_hash(const void *pkey,
73 const struct net_device *dev,
74 __u32 *hash_rnd);
75static bool ndisc_key_eq(const struct neighbour *neigh, const void *pkey);
76static bool ndisc_allow_add(const struct net_device *dev,
77 struct netlink_ext_ack *extack);
78static int ndisc_constructor(struct neighbour *neigh);
79static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
80static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
81static int pndisc_constructor(struct pneigh_entry *n);
82static void pndisc_destructor(struct pneigh_entry *n);
83static void pndisc_redo(struct sk_buff *skb);
84static int ndisc_is_multicast(const void *pkey);
85
86static const struct neigh_ops ndisc_generic_ops = {
87 .family = AF_INET6,
88 .solicit = ndisc_solicit,
89 .error_report = ndisc_error_report,
90 .output = neigh_resolve_output,
91 .connected_output = neigh_connected_output,
92};
93
94static const struct neigh_ops ndisc_hh_ops = {
95 .family = AF_INET6,
96 .solicit = ndisc_solicit,
97 .error_report = ndisc_error_report,
98 .output = neigh_resolve_output,
99 .connected_output = neigh_resolve_output,
100};
101
102
103static const struct neigh_ops ndisc_direct_ops = {
104 .family = AF_INET6,
105 .output = neigh_direct_output,
106 .connected_output = neigh_direct_output,
107};
108
109struct neigh_table nd_tbl = {
110 .family = AF_INET6,
111 .key_len = sizeof(struct in6_addr),
112 .protocol = cpu_to_be16(ETH_P_IPV6),
113 .hash = ndisc_hash,
114 .key_eq = ndisc_key_eq,
115 .constructor = ndisc_constructor,
116 .pconstructor = pndisc_constructor,
117 .pdestructor = pndisc_destructor,
118 .proxy_redo = pndisc_redo,
119 .is_multicast = ndisc_is_multicast,
120 .allow_add = ndisc_allow_add,
121 .id = "ndisc_cache",
122 .parms = {
123 .tbl = &nd_tbl,
124 .reachable_time = ND_REACHABLE_TIME,
125 .data = {
126 [NEIGH_VAR_MCAST_PROBES] = 3,
127 [NEIGH_VAR_UCAST_PROBES] = 3,
128 [NEIGH_VAR_RETRANS_TIME] = ND_RETRANS_TIMER,
129 [NEIGH_VAR_BASE_REACHABLE_TIME] = ND_REACHABLE_TIME,
130 [NEIGH_VAR_DELAY_PROBE_TIME] = 5 * HZ,
131 [NEIGH_VAR_INTERVAL_PROBE_TIME_MS] = 5 * HZ,
132 [NEIGH_VAR_GC_STALETIME] = 60 * HZ,
133 [NEIGH_VAR_QUEUE_LEN_BYTES] = SK_WMEM_MAX,
134 [NEIGH_VAR_PROXY_QLEN] = 64,
135 [NEIGH_VAR_ANYCAST_DELAY] = 1 * HZ,
136 [NEIGH_VAR_PROXY_DELAY] = (8 * HZ) / 10,
137 },
138 },
139 .gc_interval = 30 * HZ,
140 .gc_thresh1 = 128,
141 .gc_thresh2 = 512,
142 .gc_thresh3 = 1024,
143};
144EXPORT_SYMBOL_GPL(nd_tbl);
145
146void __ndisc_fill_addr_option(struct sk_buff *skb, int type, const void *data,
147 int data_len, int pad)
148{
149 int space = __ndisc_opt_addr_space(data_len, pad);
150 u8 *opt = skb_put(skb, space);
151
152 opt[0] = type;
153 opt[1] = space>>3;
154
155 memset(opt + 2, 0, pad);
156 opt += pad;
157 space -= pad;
158
159 memcpy(opt+2, data, data_len);
160 data_len += 2;
161 opt += data_len;
162 space -= data_len;
163 if (space > 0)
164 memset(opt, 0, space);
165}
166EXPORT_SYMBOL_GPL(__ndisc_fill_addr_option);
167
168static inline void ndisc_fill_addr_option(struct sk_buff *skb, int type,
169 const void *data, u8 icmp6_type)
170{
171 __ndisc_fill_addr_option(skb, type, data, skb->dev->addr_len,
172 ndisc_addr_option_pad(skb->dev->type));
173 ndisc_ops_fill_addr_option(skb->dev, skb, icmp6_type);
174}
175
176static inline void ndisc_fill_redirect_addr_option(struct sk_buff *skb,
177 void *ha,
178 const u8 *ops_data)
179{
180 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR, ha, NDISC_REDIRECT);
181 ndisc_ops_fill_redirect_addr_option(skb->dev, skb, ops_data);
182}
183
184static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
185 struct nd_opt_hdr *end)
186{
187 int type;
188 if (!cur || !end || cur >= end)
189 return NULL;
190 type = cur->nd_opt_type;
191 do {
192 cur = ((void *)cur) + (cur->nd_opt_len << 3);
193 } while (cur < end && cur->nd_opt_type != type);
194 return cur <= end && cur->nd_opt_type == type ? cur : NULL;
195}
196
197static inline int ndisc_is_useropt(const struct net_device *dev,
198 struct nd_opt_hdr *opt)
199{
200 return opt->nd_opt_type == ND_OPT_PREFIX_INFO ||
201 opt->nd_opt_type == ND_OPT_RDNSS ||
202 opt->nd_opt_type == ND_OPT_DNSSL ||
203 opt->nd_opt_type == ND_OPT_6CO ||
204 opt->nd_opt_type == ND_OPT_CAPTIVE_PORTAL ||
205 opt->nd_opt_type == ND_OPT_PREF64;
206}
207
208static struct nd_opt_hdr *ndisc_next_useropt(const struct net_device *dev,
209 struct nd_opt_hdr *cur,
210 struct nd_opt_hdr *end)
211{
212 if (!cur || !end || cur >= end)
213 return NULL;
214 do {
215 cur = ((void *)cur) + (cur->nd_opt_len << 3);
216 } while (cur < end && !ndisc_is_useropt(dev, cur));
217 return cur <= end && ndisc_is_useropt(dev, cur) ? cur : NULL;
218}
219
220struct ndisc_options *ndisc_parse_options(const struct net_device *dev,
221 u8 *opt, int opt_len,
222 struct ndisc_options *ndopts)
223{
224 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
225
226 if (!nd_opt || opt_len < 0 || !ndopts)
227 return NULL;
228 memset(ndopts, 0, sizeof(*ndopts));
229 while (opt_len) {
230 bool unknown = false;
231 int l;
232 if (opt_len < sizeof(struct nd_opt_hdr))
233 return NULL;
234 l = nd_opt->nd_opt_len << 3;
235 if (opt_len < l || l == 0)
236 return NULL;
237 if (ndisc_ops_parse_options(dev, nd_opt, ndopts))
238 goto next_opt;
239 switch (nd_opt->nd_opt_type) {
240 case ND_OPT_SOURCE_LL_ADDR:
241 case ND_OPT_TARGET_LL_ADDR:
242 case ND_OPT_MTU:
243 case ND_OPT_NONCE:
244 case ND_OPT_REDIRECT_HDR:
245 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
246 ND_PRINTK(2, warn,
247 "%s: duplicated ND6 option found: type=%d\n",
248 __func__, nd_opt->nd_opt_type);
249 } else {
250 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
251 }
252 break;
253 case ND_OPT_PREFIX_INFO:
254 ndopts->nd_opts_pi_end = nd_opt;
255 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
256 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
257 break;
258#ifdef CONFIG_IPV6_ROUTE_INFO
259 case ND_OPT_ROUTE_INFO:
260 ndopts->nd_opts_ri_end = nd_opt;
261 if (!ndopts->nd_opts_ri)
262 ndopts->nd_opts_ri = nd_opt;
263 break;
264#endif
265 default:
266 unknown = true;
267 }
268 if (ndisc_is_useropt(dev, nd_opt)) {
269 ndopts->nd_useropts_end = nd_opt;
270 if (!ndopts->nd_useropts)
271 ndopts->nd_useropts = nd_opt;
272 } else if (unknown) {
273 /*
274 * Unknown options must be silently ignored,
275 * to accommodate future extension to the
276 * protocol.
277 */
278 ND_PRINTK(2, notice,
279 "%s: ignored unsupported option; type=%d, len=%d\n",
280 __func__,
281 nd_opt->nd_opt_type,
282 nd_opt->nd_opt_len);
283 }
284next_opt:
285 opt_len -= l;
286 nd_opt = ((void *)nd_opt) + l;
287 }
288 return ndopts;
289}
290
291int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
292{
293 switch (dev->type) {
294 case ARPHRD_ETHER:
295 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */
296 case ARPHRD_FDDI:
297 ipv6_eth_mc_map(addr, buf);
298 return 0;
299 case ARPHRD_ARCNET:
300 ipv6_arcnet_mc_map(addr, buf);
301 return 0;
302 case ARPHRD_INFINIBAND:
303 ipv6_ib_mc_map(addr, dev->broadcast, buf);
304 return 0;
305 case ARPHRD_IPGRE:
306 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
307 default:
308 if (dir) {
309 memcpy(buf, dev->broadcast, dev->addr_len);
310 return 0;
311 }
312 }
313 return -EINVAL;
314}
315EXPORT_SYMBOL(ndisc_mc_map);
316
317static u32 ndisc_hash(const void *pkey,
318 const struct net_device *dev,
319 __u32 *hash_rnd)
320{
321 return ndisc_hashfn(pkey, dev, hash_rnd);
322}
323
324static bool ndisc_key_eq(const struct neighbour *n, const void *pkey)
325{
326 return neigh_key_eq128(n, pkey);
327}
328
329static int ndisc_constructor(struct neighbour *neigh)
330{
331 struct in6_addr *addr = (struct in6_addr *)&neigh->primary_key;
332 struct net_device *dev = neigh->dev;
333 struct inet6_dev *in6_dev;
334 struct neigh_parms *parms;
335 bool is_multicast = ipv6_addr_is_multicast(addr);
336
337 in6_dev = in6_dev_get(dev);
338 if (!in6_dev) {
339 return -EINVAL;
340 }
341
342 parms = in6_dev->nd_parms;
343 __neigh_parms_put(neigh->parms);
344 neigh->parms = neigh_parms_clone(parms);
345
346 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
347 if (!dev->header_ops) {
348 neigh->nud_state = NUD_NOARP;
349 neigh->ops = &ndisc_direct_ops;
350 neigh->output = neigh_direct_output;
351 } else {
352 if (is_multicast) {
353 neigh->nud_state = NUD_NOARP;
354 ndisc_mc_map(addr, neigh->ha, dev, 1);
355 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
356 neigh->nud_state = NUD_NOARP;
357 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
358 if (dev->flags&IFF_LOOPBACK)
359 neigh->type = RTN_LOCAL;
360 } else if (dev->flags&IFF_POINTOPOINT) {
361 neigh->nud_state = NUD_NOARP;
362 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
363 }
364 if (dev->header_ops->cache)
365 neigh->ops = &ndisc_hh_ops;
366 else
367 neigh->ops = &ndisc_generic_ops;
368 if (neigh->nud_state&NUD_VALID)
369 neigh->output = neigh->ops->connected_output;
370 else
371 neigh->output = neigh->ops->output;
372 }
373 in6_dev_put(in6_dev);
374 return 0;
375}
376
377static int pndisc_constructor(struct pneigh_entry *n)
378{
379 struct in6_addr *addr = (struct in6_addr *)&n->key;
380 struct in6_addr maddr;
381 struct net_device *dev = n->dev;
382
383 if (!dev || !__in6_dev_get(dev))
384 return -EINVAL;
385 addrconf_addr_solict_mult(addr, &maddr);
386 ipv6_dev_mc_inc(dev, &maddr);
387 return 0;
388}
389
390static void pndisc_destructor(struct pneigh_entry *n)
391{
392 struct in6_addr *addr = (struct in6_addr *)&n->key;
393 struct in6_addr maddr;
394 struct net_device *dev = n->dev;
395
396 if (!dev || !__in6_dev_get(dev))
397 return;
398 addrconf_addr_solict_mult(addr, &maddr);
399 ipv6_dev_mc_dec(dev, &maddr);
400}
401
402/* called with rtnl held */
403static bool ndisc_allow_add(const struct net_device *dev,
404 struct netlink_ext_ack *extack)
405{
406 struct inet6_dev *idev = __in6_dev_get(dev);
407
408 if (!idev || idev->cnf.disable_ipv6) {
409 NL_SET_ERR_MSG(extack, "IPv6 is disabled on this device");
410 return false;
411 }
412
413 return true;
414}
415
416static struct sk_buff *ndisc_alloc_skb(struct net_device *dev,
417 int len)
418{
419 int hlen = LL_RESERVED_SPACE(dev);
420 int tlen = dev->needed_tailroom;
421 struct sk_buff *skb;
422
423 skb = alloc_skb(hlen + sizeof(struct ipv6hdr) + len + tlen, GFP_ATOMIC);
424 if (!skb)
425 return NULL;
426
427 skb->protocol = htons(ETH_P_IPV6);
428 skb->dev = dev;
429
430 skb_reserve(skb, hlen + sizeof(struct ipv6hdr));
431 skb_reset_transport_header(skb);
432
433 /* Manually assign socket ownership as we avoid calling
434 * sock_alloc_send_pskb() to bypass wmem buffer limits
435 */
436 rcu_read_lock();
437 skb_set_owner_w(skb, dev_net_rcu(dev)->ipv6.ndisc_sk);
438 rcu_read_unlock();
439
440 return skb;
441}
442
443static void ip6_nd_hdr(struct sk_buff *skb,
444 const struct in6_addr *saddr,
445 const struct in6_addr *daddr,
446 int hop_limit, int len)
447{
448 struct ipv6hdr *hdr;
449 struct inet6_dev *idev;
450 unsigned tclass;
451
452 rcu_read_lock();
453 idev = __in6_dev_get(skb->dev);
454 tclass = idev ? READ_ONCE(idev->cnf.ndisc_tclass) : 0;
455 rcu_read_unlock();
456
457 skb_push(skb, sizeof(*hdr));
458 skb_reset_network_header(skb);
459 hdr = ipv6_hdr(skb);
460
461 ip6_flow_hdr(hdr, tclass, 0);
462
463 hdr->payload_len = htons(len);
464 hdr->nexthdr = IPPROTO_ICMPV6;
465 hdr->hop_limit = hop_limit;
466
467 hdr->saddr = *saddr;
468 hdr->daddr = *daddr;
469}
470
471void ndisc_send_skb(struct sk_buff *skb, const struct in6_addr *daddr,
472 const struct in6_addr *saddr)
473{
474 struct icmp6hdr *icmp6h = icmp6_hdr(skb);
475 struct dst_entry *dst = skb_dst(skb);
476 struct inet6_dev *idev;
477 struct net *net;
478 struct sock *sk;
479 int err;
480 u8 type;
481
482 type = icmp6h->icmp6_type;
483
484 rcu_read_lock();
485
486 net = dev_net_rcu(skb->dev);
487 sk = net->ipv6.ndisc_sk;
488 if (!dst) {
489 struct flowi6 fl6;
490 int oif = skb->dev->ifindex;
491
492 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, oif);
493 dst = icmp6_dst_alloc(skb->dev, &fl6);
494 if (IS_ERR(dst)) {
495 rcu_read_unlock();
496 kfree_skb(skb);
497 return;
498 }
499
500 skb_dst_set(skb, dst);
501 }
502
503 icmp6h->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len,
504 IPPROTO_ICMPV6,
505 csum_partial(icmp6h,
506 skb->len, 0));
507
508 ip6_nd_hdr(skb, saddr, daddr, READ_ONCE(inet6_sk(sk)->hop_limit), skb->len);
509
510 idev = __in6_dev_get(dst->dev);
511 IP6_INC_STATS(net, idev, IPSTATS_MIB_OUTREQUESTS);
512
513 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT,
514 net, sk, skb, NULL, dst->dev,
515 dst_output);
516 if (!err) {
517 ICMP6MSGOUT_INC_STATS(net, idev, type);
518 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
519 }
520
521 rcu_read_unlock();
522}
523EXPORT_SYMBOL(ndisc_send_skb);
524
525void ndisc_send_na(struct net_device *dev, const struct in6_addr *daddr,
526 const struct in6_addr *solicited_addr,
527 bool router, bool solicited, bool override, bool inc_opt)
528{
529 struct sk_buff *skb;
530 struct in6_addr tmpaddr;
531 struct inet6_ifaddr *ifp;
532 const struct in6_addr *src_addr;
533 struct nd_msg *msg;
534 int optlen = 0;
535
536 /* for anycast or proxy, solicited_addr != src_addr */
537 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
538 if (ifp) {
539 src_addr = solicited_addr;
540 if (ifp->flags & IFA_F_OPTIMISTIC)
541 override = false;
542 inc_opt |= READ_ONCE(ifp->idev->cnf.force_tllao);
543 in6_ifa_put(ifp);
544 } else {
545 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
546 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
547 &tmpaddr))
548 return;
549 src_addr = &tmpaddr;
550 }
551
552 if (!dev->addr_len)
553 inc_opt = false;
554 if (inc_opt)
555 optlen += ndisc_opt_addr_space(dev,
556 NDISC_NEIGHBOUR_ADVERTISEMENT);
557
558 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
559 if (!skb)
560 return;
561
562 msg = skb_put(skb, sizeof(*msg));
563 *msg = (struct nd_msg) {
564 .icmph = {
565 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
566 .icmp6_router = router,
567 .icmp6_solicited = solicited,
568 .icmp6_override = override,
569 },
570 .target = *solicited_addr,
571 };
572
573 if (inc_opt)
574 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR,
575 dev->dev_addr,
576 NDISC_NEIGHBOUR_ADVERTISEMENT);
577
578 ndisc_send_skb(skb, daddr, src_addr);
579}
580
581static void ndisc_send_unsol_na(struct net_device *dev)
582{
583 struct inet6_dev *idev;
584 struct inet6_ifaddr *ifa;
585
586 idev = in6_dev_get(dev);
587 if (!idev)
588 return;
589
590 read_lock_bh(&idev->lock);
591 list_for_each_entry(ifa, &idev->addr_list, if_list) {
592 /* skip tentative addresses until dad completes */
593 if (ifa->flags & IFA_F_TENTATIVE &&
594 !(ifa->flags & IFA_F_OPTIMISTIC))
595 continue;
596
597 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &ifa->addr,
598 /*router=*/ !!idev->cnf.forwarding,
599 /*solicited=*/ false, /*override=*/ true,
600 /*inc_opt=*/ true);
601 }
602 read_unlock_bh(&idev->lock);
603
604 in6_dev_put(idev);
605}
606
607struct sk_buff *ndisc_ns_create(struct net_device *dev, const struct in6_addr *solicit,
608 const struct in6_addr *saddr, u64 nonce)
609{
610 int inc_opt = dev->addr_len;
611 struct sk_buff *skb;
612 struct nd_msg *msg;
613 int optlen = 0;
614
615 if (!saddr)
616 return NULL;
617
618 if (ipv6_addr_any(saddr))
619 inc_opt = false;
620 if (inc_opt)
621 optlen += ndisc_opt_addr_space(dev,
622 NDISC_NEIGHBOUR_SOLICITATION);
623 if (nonce != 0)
624 optlen += 8;
625
626 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
627 if (!skb)
628 return NULL;
629
630 msg = skb_put(skb, sizeof(*msg));
631 *msg = (struct nd_msg) {
632 .icmph = {
633 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
634 },
635 .target = *solicit,
636 };
637
638 if (inc_opt)
639 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
640 dev->dev_addr,
641 NDISC_NEIGHBOUR_SOLICITATION);
642 if (nonce != 0) {
643 u8 *opt = skb_put(skb, 8);
644
645 opt[0] = ND_OPT_NONCE;
646 opt[1] = 8 >> 3;
647 memcpy(opt + 2, &nonce, 6);
648 }
649
650 return skb;
651}
652EXPORT_SYMBOL(ndisc_ns_create);
653
654void ndisc_send_ns(struct net_device *dev, const struct in6_addr *solicit,
655 const struct in6_addr *daddr, const struct in6_addr *saddr,
656 u64 nonce)
657{
658 struct in6_addr addr_buf;
659 struct sk_buff *skb;
660
661 if (!saddr) {
662 if (ipv6_get_lladdr(dev, &addr_buf,
663 (IFA_F_TENTATIVE | IFA_F_OPTIMISTIC)))
664 return;
665 saddr = &addr_buf;
666 }
667
668 skb = ndisc_ns_create(dev, solicit, saddr, nonce);
669
670 if (skb)
671 ndisc_send_skb(skb, daddr, saddr);
672}
673
674void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
675 const struct in6_addr *daddr)
676{
677 struct sk_buff *skb;
678 struct rs_msg *msg;
679 int send_sllao = dev->addr_len;
680 int optlen = 0;
681
682#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
683 /*
684 * According to section 2.2 of RFC 4429, we must not
685 * send router solicitations with a sllao from
686 * optimistic addresses, but we may send the solicitation
687 * if we don't include the sllao. So here we check
688 * if our address is optimistic, and if so, we
689 * suppress the inclusion of the sllao.
690 */
691 if (send_sllao) {
692 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
693 dev, 1);
694 if (ifp) {
695 if (ifp->flags & IFA_F_OPTIMISTIC) {
696 send_sllao = 0;
697 }
698 in6_ifa_put(ifp);
699 } else {
700 send_sllao = 0;
701 }
702 }
703#endif
704 if (send_sllao)
705 optlen += ndisc_opt_addr_space(dev, NDISC_ROUTER_SOLICITATION);
706
707 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
708 if (!skb)
709 return;
710
711 msg = skb_put(skb, sizeof(*msg));
712 *msg = (struct rs_msg) {
713 .icmph = {
714 .icmp6_type = NDISC_ROUTER_SOLICITATION,
715 },
716 };
717
718 if (send_sllao)
719 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
720 dev->dev_addr,
721 NDISC_ROUTER_SOLICITATION);
722
723 ndisc_send_skb(skb, daddr, saddr);
724}
725
726
727static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
728{
729 /*
730 * "The sender MUST return an ICMP
731 * destination unreachable"
732 */
733 dst_link_failure(skb);
734 kfree_skb(skb);
735}
736
737/* Called with locked neigh: either read or both */
738
739static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
740{
741 struct in6_addr *saddr = NULL;
742 struct in6_addr mcaddr;
743 struct net_device *dev = neigh->dev;
744 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
745 int probes = atomic_read(&neigh->probes);
746
747 if (skb && ipv6_chk_addr_and_flags(dev_net(dev), &ipv6_hdr(skb)->saddr,
748 dev, false, 1,
749 IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))
750 saddr = &ipv6_hdr(skb)->saddr;
751 probes -= NEIGH_VAR(neigh->parms, UCAST_PROBES);
752 if (probes < 0) {
753 if (!(READ_ONCE(neigh->nud_state) & NUD_VALID)) {
754 ND_PRINTK(1, dbg,
755 "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
756 __func__, target);
757 }
758 ndisc_send_ns(dev, target, target, saddr, 0);
759 } else if ((probes -= NEIGH_VAR(neigh->parms, APP_PROBES)) < 0) {
760 neigh_app_ns(neigh);
761 } else {
762 addrconf_addr_solict_mult(target, &mcaddr);
763 ndisc_send_ns(dev, target, &mcaddr, saddr, 0);
764 }
765}
766
767static int pndisc_is_router(const void *pkey,
768 struct net_device *dev)
769{
770 struct pneigh_entry *n;
771 int ret = -1;
772
773 read_lock_bh(&nd_tbl.lock);
774 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
775 if (n)
776 ret = !!(n->flags & NTF_ROUTER);
777 read_unlock_bh(&nd_tbl.lock);
778
779 return ret;
780}
781
782void ndisc_update(const struct net_device *dev, struct neighbour *neigh,
783 const u8 *lladdr, u8 new, u32 flags, u8 icmp6_type,
784 struct ndisc_options *ndopts)
785{
786 neigh_update(neigh, lladdr, new, flags, 0);
787 /* report ndisc ops about neighbour update */
788 ndisc_ops_update(dev, neigh, flags, icmp6_type, ndopts);
789}
790
791static enum skb_drop_reason ndisc_recv_ns(struct sk_buff *skb)
792{
793 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
794 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
795 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
796 u8 *lladdr = NULL;
797 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
798 offsetof(struct nd_msg, opt));
799 struct ndisc_options ndopts;
800 struct net_device *dev = skb->dev;
801 struct inet6_ifaddr *ifp;
802 struct inet6_dev *idev = NULL;
803 struct neighbour *neigh;
804 int dad = ipv6_addr_any(saddr);
805 int is_router = -1;
806 SKB_DR(reason);
807 u64 nonce = 0;
808 bool inc;
809
810 if (skb->len < sizeof(struct nd_msg))
811 return SKB_DROP_REASON_PKT_TOO_SMALL;
812
813 if (ipv6_addr_is_multicast(&msg->target)) {
814 ND_PRINTK(2, warn, "NS: multicast target address\n");
815 return reason;
816 }
817
818 /*
819 * RFC2461 7.1.1:
820 * DAD has to be destined for solicited node multicast address.
821 */
822 if (dad && !ipv6_addr_is_solict_mult(daddr)) {
823 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
824 return reason;
825 }
826
827 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts))
828 return SKB_DROP_REASON_IPV6_NDISC_BAD_OPTIONS;
829
830 if (ndopts.nd_opts_src_lladdr) {
831 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
832 if (!lladdr) {
833 ND_PRINTK(2, warn,
834 "NS: invalid link-layer address length\n");
835 return reason;
836 }
837
838 /* RFC2461 7.1.1:
839 * If the IP source address is the unspecified address,
840 * there MUST NOT be source link-layer address option
841 * in the message.
842 */
843 if (dad) {
844 ND_PRINTK(2, warn,
845 "NS: bad DAD packet (link-layer address option)\n");
846 return reason;
847 }
848 }
849 if (ndopts.nd_opts_nonce && ndopts.nd_opts_nonce->nd_opt_len == 1)
850 memcpy(&nonce, (u8 *)(ndopts.nd_opts_nonce + 1), 6);
851
852 inc = ipv6_addr_is_multicast(daddr);
853
854 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
855 if (ifp) {
856have_ifp:
857 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
858 if (dad) {
859 if (nonce != 0 && ifp->dad_nonce == nonce) {
860 u8 *np = (u8 *)&nonce;
861 /* Matching nonce if looped back */
862 ND_PRINTK(2, notice,
863 "%s: IPv6 DAD loopback for address %pI6c nonce %pM ignored\n",
864 ifp->idev->dev->name,
865 &ifp->addr, np);
866 goto out;
867 }
868 /*
869 * We are colliding with another node
870 * who is doing DAD
871 * so fail our DAD process
872 */
873 addrconf_dad_failure(skb, ifp);
874 return reason;
875 } else {
876 /*
877 * This is not a dad solicitation.
878 * If we are an optimistic node,
879 * we should respond.
880 * Otherwise, we should ignore it.
881 */
882 if (!(ifp->flags & IFA_F_OPTIMISTIC))
883 goto out;
884 }
885 }
886
887 idev = ifp->idev;
888 } else {
889 struct net *net = dev_net(dev);
890
891 /* perhaps an address on the master device */
892 if (netif_is_l3_slave(dev)) {
893 struct net_device *mdev;
894
895 mdev = netdev_master_upper_dev_get_rcu(dev);
896 if (mdev) {
897 ifp = ipv6_get_ifaddr(net, &msg->target, mdev, 1);
898 if (ifp)
899 goto have_ifp;
900 }
901 }
902
903 idev = in6_dev_get(dev);
904 if (!idev) {
905 /* XXX: count this drop? */
906 return reason;
907 }
908
909 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
910 (READ_ONCE(idev->cnf.forwarding) &&
911 (READ_ONCE(net->ipv6.devconf_all->proxy_ndp) ||
912 READ_ONCE(idev->cnf.proxy_ndp)) &&
913 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
914 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
915 skb->pkt_type != PACKET_HOST &&
916 inc &&
917 NEIGH_VAR(idev->nd_parms, PROXY_DELAY) != 0) {
918 /*
919 * for anycast or proxy,
920 * sender should delay its response
921 * by a random time between 0 and
922 * MAX_ANYCAST_DELAY_TIME seconds.
923 * (RFC2461) -- yoshfuji
924 */
925 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
926 if (n)
927 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
928 goto out;
929 }
930 } else {
931 SKB_DR_SET(reason, IPV6_NDISC_NS_OTHERHOST);
932 goto out;
933 }
934 }
935
936 if (is_router < 0)
937 is_router = READ_ONCE(idev->cnf.forwarding);
938
939 if (dad) {
940 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &msg->target,
941 !!is_router, false, (ifp != NULL), true);
942 goto out;
943 }
944
945 if (inc)
946 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
947 else
948 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
949
950 /*
951 * update / create cache entry
952 * for the source address
953 */
954 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
955 !inc || lladdr || !dev->addr_len);
956 if (neigh)
957 ndisc_update(dev, neigh, lladdr, NUD_STALE,
958 NEIGH_UPDATE_F_WEAK_OVERRIDE|
959 NEIGH_UPDATE_F_OVERRIDE,
960 NDISC_NEIGHBOUR_SOLICITATION, &ndopts);
961 if (neigh || !dev->header_ops) {
962 ndisc_send_na(dev, saddr, &msg->target, !!is_router,
963 true, (ifp != NULL && inc), inc);
964 if (neigh)
965 neigh_release(neigh);
966 reason = SKB_CONSUMED;
967 }
968
969out:
970 if (ifp)
971 in6_ifa_put(ifp);
972 else
973 in6_dev_put(idev);
974 return reason;
975}
976
977static int accept_untracked_na(struct net_device *dev, struct in6_addr *saddr)
978{
979 struct inet6_dev *idev = __in6_dev_get(dev);
980
981 switch (READ_ONCE(idev->cnf.accept_untracked_na)) {
982 case 0: /* Don't accept untracked na (absent in neighbor cache) */
983 return 0;
984 case 1: /* Create new entries from na if currently untracked */
985 return 1;
986 case 2: /* Create new entries from untracked na only if saddr is in the
987 * same subnet as an address configured on the interface that
988 * received the na
989 */
990 return !!ipv6_chk_prefix(saddr, dev);
991 default:
992 return 0;
993 }
994}
995
996static enum skb_drop_reason ndisc_recv_na(struct sk_buff *skb)
997{
998 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
999 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
1000 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
1001 u8 *lladdr = NULL;
1002 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
1003 offsetof(struct nd_msg, opt));
1004 struct ndisc_options ndopts;
1005 struct net_device *dev = skb->dev;
1006 struct inet6_dev *idev = __in6_dev_get(dev);
1007 struct inet6_ifaddr *ifp;
1008 struct neighbour *neigh;
1009 SKB_DR(reason);
1010 u8 new_state;
1011
1012 if (skb->len < sizeof(struct nd_msg))
1013 return SKB_DROP_REASON_PKT_TOO_SMALL;
1014
1015 if (ipv6_addr_is_multicast(&msg->target)) {
1016 ND_PRINTK(2, warn, "NA: target address is multicast\n");
1017 return reason;
1018 }
1019
1020 if (ipv6_addr_is_multicast(daddr) &&
1021 msg->icmph.icmp6_solicited) {
1022 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
1023 return reason;
1024 }
1025
1026 /* For some 802.11 wireless deployments (and possibly other networks),
1027 * there will be a NA proxy and unsolicitd packets are attacks
1028 * and thus should not be accepted.
1029 * drop_unsolicited_na takes precedence over accept_untracked_na
1030 */
1031 if (!msg->icmph.icmp6_solicited && idev &&
1032 READ_ONCE(idev->cnf.drop_unsolicited_na))
1033 return reason;
1034
1035 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts))
1036 return SKB_DROP_REASON_IPV6_NDISC_BAD_OPTIONS;
1037
1038 if (ndopts.nd_opts_tgt_lladdr) {
1039 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
1040 if (!lladdr) {
1041 ND_PRINTK(2, warn,
1042 "NA: invalid link-layer address length\n");
1043 return reason;
1044 }
1045 }
1046 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
1047 if (ifp) {
1048 if (skb->pkt_type != PACKET_LOOPBACK
1049 && (ifp->flags & IFA_F_TENTATIVE)) {
1050 addrconf_dad_failure(skb, ifp);
1051 return reason;
1052 }
1053 /* What should we make now? The advertisement
1054 is invalid, but ndisc specs say nothing
1055 about it. It could be misconfiguration, or
1056 an smart proxy agent tries to help us :-)
1057
1058 We should not print the error if NA has been
1059 received from loopback - it is just our own
1060 unsolicited advertisement.
1061 */
1062 if (skb->pkt_type != PACKET_LOOPBACK)
1063 ND_PRINTK(1, warn,
1064 "NA: %pM advertised our address %pI6c on %s!\n",
1065 eth_hdr(skb)->h_source, &ifp->addr, ifp->idev->dev->name);
1066 in6_ifa_put(ifp);
1067 return reason;
1068 }
1069
1070 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
1071
1072 /* RFC 9131 updates original Neighbour Discovery RFC 4861.
1073 * NAs with Target LL Address option without a corresponding
1074 * entry in the neighbour cache can now create a STALE neighbour
1075 * cache entry on routers.
1076 *
1077 * entry accept fwding solicited behaviour
1078 * ------- ------ ------ --------- ----------------------
1079 * present X X 0 Set state to STALE
1080 * present X X 1 Set state to REACHABLE
1081 * absent 0 X X Do nothing
1082 * absent 1 0 X Do nothing
1083 * absent 1 1 X Add a new STALE entry
1084 *
1085 * Note that we don't do a (daddr == all-routers-mcast) check.
1086 */
1087 new_state = msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE;
1088 if (!neigh && lladdr && idev && READ_ONCE(idev->cnf.forwarding)) {
1089 if (accept_untracked_na(dev, saddr)) {
1090 neigh = neigh_create(&nd_tbl, &msg->target, dev);
1091 new_state = NUD_STALE;
1092 }
1093 }
1094
1095 if (neigh && !IS_ERR(neigh)) {
1096 u8 old_flags = neigh->flags;
1097 struct net *net = dev_net(dev);
1098
1099 if (READ_ONCE(neigh->nud_state) & NUD_FAILED)
1100 goto out;
1101
1102 /*
1103 * Don't update the neighbor cache entry on a proxy NA from
1104 * ourselves because either the proxied node is off link or it
1105 * has already sent a NA to us.
1106 */
1107 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
1108 READ_ONCE(net->ipv6.devconf_all->forwarding) &&
1109 READ_ONCE(net->ipv6.devconf_all->proxy_ndp) &&
1110 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
1111 /* XXX: idev->cnf.proxy_ndp */
1112 goto out;
1113 }
1114
1115 ndisc_update(dev, neigh, lladdr,
1116 new_state,
1117 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1118 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
1119 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1120 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0),
1121 NDISC_NEIGHBOUR_ADVERTISEMENT, &ndopts);
1122
1123 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
1124 /*
1125 * Change: router to host
1126 */
1127 rt6_clean_tohost(dev_net(dev), saddr);
1128 }
1129 reason = SKB_CONSUMED;
1130out:
1131 neigh_release(neigh);
1132 }
1133 return reason;
1134}
1135
1136static enum skb_drop_reason ndisc_recv_rs(struct sk_buff *skb)
1137{
1138 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
1139 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
1140 struct neighbour *neigh;
1141 struct inet6_dev *idev;
1142 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
1143 struct ndisc_options ndopts;
1144 u8 *lladdr = NULL;
1145 SKB_DR(reason);
1146
1147 if (skb->len < sizeof(*rs_msg))
1148 return SKB_DROP_REASON_PKT_TOO_SMALL;
1149
1150 idev = __in6_dev_get(skb->dev);
1151 if (!idev) {
1152 ND_PRINTK(1, err, "RS: can't find in6 device\n");
1153 return reason;
1154 }
1155
1156 /* Don't accept RS if we're not in router mode */
1157 if (!READ_ONCE(idev->cnf.forwarding))
1158 goto out;
1159
1160 /*
1161 * Don't update NCE if src = ::;
1162 * this implies that the source node has no ip address assigned yet.
1163 */
1164 if (ipv6_addr_any(saddr))
1165 goto out;
1166
1167 /* Parse ND options */
1168 if (!ndisc_parse_options(skb->dev, rs_msg->opt, ndoptlen, &ndopts))
1169 return SKB_DROP_REASON_IPV6_NDISC_BAD_OPTIONS;
1170
1171 if (ndopts.nd_opts_src_lladdr) {
1172 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1173 skb->dev);
1174 if (!lladdr)
1175 goto out;
1176 }
1177
1178 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1179 if (neigh) {
1180 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1181 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1182 NEIGH_UPDATE_F_OVERRIDE|
1183 NEIGH_UPDATE_F_OVERRIDE_ISROUTER,
1184 NDISC_ROUTER_SOLICITATION, &ndopts);
1185 neigh_release(neigh);
1186 reason = SKB_CONSUMED;
1187 }
1188out:
1189 return reason;
1190}
1191
1192static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1193{
1194 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1195 struct sk_buff *skb;
1196 struct nlmsghdr *nlh;
1197 struct nduseroptmsg *ndmsg;
1198 struct net *net = dev_net(ra->dev);
1199 int err;
1200 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1201 + (opt->nd_opt_len << 3));
1202 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1203
1204 skb = nlmsg_new(msg_size, GFP_ATOMIC);
1205 if (!skb) {
1206 err = -ENOBUFS;
1207 goto errout;
1208 }
1209
1210 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1211 if (!nlh) {
1212 goto nla_put_failure;
1213 }
1214
1215 ndmsg = nlmsg_data(nlh);
1216 ndmsg->nduseropt_family = AF_INET6;
1217 ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1218 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1219 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1220 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1221
1222 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1223
1224 if (nla_put_in6_addr(skb, NDUSEROPT_SRCADDR, &ipv6_hdr(ra)->saddr))
1225 goto nla_put_failure;
1226 nlmsg_end(skb, nlh);
1227
1228 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1229 return;
1230
1231nla_put_failure:
1232 nlmsg_free(skb);
1233 err = -EMSGSIZE;
1234errout:
1235 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1236}
1237
1238static enum skb_drop_reason ndisc_router_discovery(struct sk_buff *skb)
1239{
1240 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1241 bool send_ifinfo_notify = false;
1242 struct neighbour *neigh = NULL;
1243 struct ndisc_options ndopts;
1244 struct fib6_info *rt = NULL;
1245 struct inet6_dev *in6_dev;
1246 struct fib6_table *table;
1247 u32 defrtr_usr_metric;
1248 unsigned int pref = 0;
1249 __u32 old_if_flags;
1250 struct net *net;
1251 SKB_DR(reason);
1252 int lifetime;
1253 int optlen;
1254
1255 __u8 *opt = (__u8 *)(ra_msg + 1);
1256
1257 optlen = (skb_tail_pointer(skb) - skb_transport_header(skb)) -
1258 sizeof(struct ra_msg);
1259
1260 ND_PRINTK(2, info,
1261 "RA: %s, dev: %s\n",
1262 __func__, skb->dev->name);
1263 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1264 ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1265 return reason;
1266 }
1267 if (optlen < 0)
1268 return SKB_DROP_REASON_PKT_TOO_SMALL;
1269
1270#ifdef CONFIG_IPV6_NDISC_NODETYPE
1271 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1272 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
1273 return reason;
1274 }
1275#endif
1276
1277 in6_dev = __in6_dev_get(skb->dev);
1278 if (!in6_dev) {
1279 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1280 skb->dev->name);
1281 return reason;
1282 }
1283
1284 if (!ndisc_parse_options(skb->dev, opt, optlen, &ndopts))
1285 return SKB_DROP_REASON_IPV6_NDISC_BAD_OPTIONS;
1286
1287 if (!ipv6_accept_ra(in6_dev)) {
1288 ND_PRINTK(2, info,
1289 "RA: %s, did not accept ra for dev: %s\n",
1290 __func__, skb->dev->name);
1291 goto skip_linkparms;
1292 }
1293
1294#ifdef CONFIG_IPV6_NDISC_NODETYPE
1295 /* skip link-specific parameters from interior routers */
1296 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1297 ND_PRINTK(2, info,
1298 "RA: %s, nodetype is NODEFAULT, dev: %s\n",
1299 __func__, skb->dev->name);
1300 goto skip_linkparms;
1301 }
1302#endif
1303
1304 if (in6_dev->if_flags & IF_RS_SENT) {
1305 /*
1306 * flag that an RA was received after an RS was sent
1307 * out on this interface.
1308 */
1309 in6_dev->if_flags |= IF_RA_RCVD;
1310 }
1311
1312 /*
1313 * Remember the managed/otherconf flags from most recently
1314 * received RA message (RFC 2462) -- yoshfuji
1315 */
1316 old_if_flags = in6_dev->if_flags;
1317 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1318 IF_RA_OTHERCONF)) |
1319 (ra_msg->icmph.icmp6_addrconf_managed ?
1320 IF_RA_MANAGED : 0) |
1321 (ra_msg->icmph.icmp6_addrconf_other ?
1322 IF_RA_OTHERCONF : 0);
1323
1324 if (old_if_flags != in6_dev->if_flags)
1325 send_ifinfo_notify = true;
1326
1327 if (!READ_ONCE(in6_dev->cnf.accept_ra_defrtr)) {
1328 ND_PRINTK(2, info,
1329 "RA: %s, defrtr is false for dev: %s\n",
1330 __func__, skb->dev->name);
1331 goto skip_defrtr;
1332 }
1333
1334 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1335 if (lifetime != 0 &&
1336 lifetime < READ_ONCE(in6_dev->cnf.accept_ra_min_lft)) {
1337 ND_PRINTK(2, info,
1338 "RA: router lifetime (%ds) is too short: %s\n",
1339 lifetime, skb->dev->name);
1340 goto skip_defrtr;
1341 }
1342
1343 /* Do not accept RA with source-addr found on local machine unless
1344 * accept_ra_from_local is set to true.
1345 */
1346 net = dev_net(in6_dev->dev);
1347 if (!READ_ONCE(in6_dev->cnf.accept_ra_from_local) &&
1348 ipv6_chk_addr(net, &ipv6_hdr(skb)->saddr, in6_dev->dev, 0)) {
1349 ND_PRINTK(2, info,
1350 "RA from local address detected on dev: %s: default router ignored\n",
1351 skb->dev->name);
1352 goto skip_defrtr;
1353 }
1354
1355#ifdef CONFIG_IPV6_ROUTER_PREF
1356 pref = ra_msg->icmph.icmp6_router_pref;
1357 /* 10b is handled as if it were 00b (medium) */
1358 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1359 !READ_ONCE(in6_dev->cnf.accept_ra_rtr_pref))
1360 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1361#endif
1362 /* routes added from RAs do not use nexthop objects */
1363 rt = rt6_get_dflt_router(net, &ipv6_hdr(skb)->saddr, skb->dev);
1364 if (rt) {
1365 neigh = ip6_neigh_lookup(&rt->fib6_nh->fib_nh_gw6,
1366 rt->fib6_nh->fib_nh_dev, NULL,
1367 &ipv6_hdr(skb)->saddr);
1368 if (!neigh) {
1369 ND_PRINTK(0, err,
1370 "RA: %s got default router without neighbour\n",
1371 __func__);
1372 fib6_info_release(rt);
1373 return reason;
1374 }
1375 }
1376 /* Set default route metric as specified by user */
1377 defrtr_usr_metric = in6_dev->cnf.ra_defrtr_metric;
1378 /* delete the route if lifetime is 0 or if metric needs change */
1379 if (rt && (lifetime == 0 || rt->fib6_metric != defrtr_usr_metric)) {
1380 ip6_del_rt(net, rt, false);
1381 rt = NULL;
1382 }
1383
1384 ND_PRINTK(3, info, "RA: rt: %p lifetime: %d, metric: %d, for dev: %s\n",
1385 rt, lifetime, defrtr_usr_metric, skb->dev->name);
1386 if (!rt && lifetime) {
1387 ND_PRINTK(3, info, "RA: adding default router\n");
1388
1389 if (neigh)
1390 neigh_release(neigh);
1391
1392 rt = rt6_add_dflt_router(net, &ipv6_hdr(skb)->saddr,
1393 skb->dev, pref, defrtr_usr_metric,
1394 lifetime);
1395 if (!rt) {
1396 ND_PRINTK(0, err,
1397 "RA: %s failed to add default route\n",
1398 __func__);
1399 return reason;
1400 }
1401
1402 neigh = ip6_neigh_lookup(&rt->fib6_nh->fib_nh_gw6,
1403 rt->fib6_nh->fib_nh_dev, NULL,
1404 &ipv6_hdr(skb)->saddr);
1405 if (!neigh) {
1406 ND_PRINTK(0, err,
1407 "RA: %s got default router without neighbour\n",
1408 __func__);
1409 fib6_info_release(rt);
1410 return reason;
1411 }
1412 neigh->flags |= NTF_ROUTER;
1413 } else if (rt && IPV6_EXTRACT_PREF(rt->fib6_flags) != pref) {
1414 struct nl_info nlinfo = {
1415 .nl_net = net,
1416 };
1417 rt->fib6_flags = (rt->fib6_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1418 inet6_rt_notify(RTM_NEWROUTE, rt, &nlinfo, NLM_F_REPLACE);
1419 }
1420
1421 if (rt) {
1422 table = rt->fib6_table;
1423 spin_lock_bh(&table->tb6_lock);
1424
1425 fib6_set_expires(rt, jiffies + (HZ * lifetime));
1426 fib6_add_gc_list(rt);
1427
1428 spin_unlock_bh(&table->tb6_lock);
1429 }
1430 if (READ_ONCE(in6_dev->cnf.accept_ra_min_hop_limit) < 256 &&
1431 ra_msg->icmph.icmp6_hop_limit) {
1432 if (READ_ONCE(in6_dev->cnf.accept_ra_min_hop_limit) <=
1433 ra_msg->icmph.icmp6_hop_limit) {
1434 WRITE_ONCE(in6_dev->cnf.hop_limit,
1435 ra_msg->icmph.icmp6_hop_limit);
1436 fib6_metric_set(rt, RTAX_HOPLIMIT,
1437 ra_msg->icmph.icmp6_hop_limit);
1438 } else {
1439 ND_PRINTK(2, warn, "RA: Got route advertisement with lower hop_limit than minimum\n");
1440 }
1441 }
1442
1443skip_defrtr:
1444
1445 /*
1446 * Update Reachable Time and Retrans Timer
1447 */
1448
1449 if (in6_dev->nd_parms) {
1450 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1451
1452 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1453 rtime = (rtime*HZ)/1000;
1454 if (rtime < HZ/100)
1455 rtime = HZ/100;
1456 NEIGH_VAR_SET(in6_dev->nd_parms, RETRANS_TIME, rtime);
1457 in6_dev->tstamp = jiffies;
1458 send_ifinfo_notify = true;
1459 }
1460
1461 rtime = ntohl(ra_msg->reachable_time);
1462 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1463 rtime = (rtime*HZ)/1000;
1464
1465 if (rtime < HZ/10)
1466 rtime = HZ/10;
1467
1468 if (rtime != NEIGH_VAR(in6_dev->nd_parms, BASE_REACHABLE_TIME)) {
1469 NEIGH_VAR_SET(in6_dev->nd_parms,
1470 BASE_REACHABLE_TIME, rtime);
1471 NEIGH_VAR_SET(in6_dev->nd_parms,
1472 GC_STALETIME, 3 * rtime);
1473 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1474 in6_dev->tstamp = jiffies;
1475 send_ifinfo_notify = true;
1476 }
1477 }
1478 }
1479
1480skip_linkparms:
1481
1482 /*
1483 * Process options.
1484 */
1485
1486 if (!neigh)
1487 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1488 skb->dev, 1);
1489 if (neigh) {
1490 u8 *lladdr = NULL;
1491 if (ndopts.nd_opts_src_lladdr) {
1492 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1493 skb->dev);
1494 if (!lladdr) {
1495 ND_PRINTK(2, warn,
1496 "RA: invalid link-layer address length\n");
1497 goto out;
1498 }
1499 }
1500 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1501 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1502 NEIGH_UPDATE_F_OVERRIDE|
1503 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1504 NEIGH_UPDATE_F_ISROUTER,
1505 NDISC_ROUTER_ADVERTISEMENT, &ndopts);
1506 reason = SKB_CONSUMED;
1507 }
1508
1509 if (!ipv6_accept_ra(in6_dev)) {
1510 ND_PRINTK(2, info,
1511 "RA: %s, accept_ra is false for dev: %s\n",
1512 __func__, skb->dev->name);
1513 goto out;
1514 }
1515
1516#ifdef CONFIG_IPV6_ROUTE_INFO
1517 if (!READ_ONCE(in6_dev->cnf.accept_ra_from_local) &&
1518 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
1519 in6_dev->dev, 0)) {
1520 ND_PRINTK(2, info,
1521 "RA from local address detected on dev: %s: router info ignored.\n",
1522 skb->dev->name);
1523 goto skip_routeinfo;
1524 }
1525
1526 if (READ_ONCE(in6_dev->cnf.accept_ra_rtr_pref) && ndopts.nd_opts_ri) {
1527 struct nd_opt_hdr *p;
1528 for (p = ndopts.nd_opts_ri;
1529 p;
1530 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1531 struct route_info *ri = (struct route_info *)p;
1532#ifdef CONFIG_IPV6_NDISC_NODETYPE
1533 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1534 ri->prefix_len == 0)
1535 continue;
1536#endif
1537 if (ri->prefix_len == 0 &&
1538 !READ_ONCE(in6_dev->cnf.accept_ra_defrtr))
1539 continue;
1540 if (ri->lifetime != 0 &&
1541 ntohl(ri->lifetime) < READ_ONCE(in6_dev->cnf.accept_ra_min_lft))
1542 continue;
1543 if (ri->prefix_len < READ_ONCE(in6_dev->cnf.accept_ra_rt_info_min_plen))
1544 continue;
1545 if (ri->prefix_len > READ_ONCE(in6_dev->cnf.accept_ra_rt_info_max_plen))
1546 continue;
1547 rt6_route_rcv(skb->dev, (u8 *)p, (p->nd_opt_len) << 3,
1548 &ipv6_hdr(skb)->saddr);
1549 }
1550 }
1551
1552skip_routeinfo:
1553#endif
1554
1555#ifdef CONFIG_IPV6_NDISC_NODETYPE
1556 /* skip link-specific ndopts from interior routers */
1557 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1558 ND_PRINTK(2, info,
1559 "RA: %s, nodetype is NODEFAULT (interior routes), dev: %s\n",
1560 __func__, skb->dev->name);
1561 goto out;
1562 }
1563#endif
1564
1565 if (READ_ONCE(in6_dev->cnf.accept_ra_pinfo) && ndopts.nd_opts_pi) {
1566 struct nd_opt_hdr *p;
1567 for (p = ndopts.nd_opts_pi;
1568 p;
1569 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1570 addrconf_prefix_rcv(skb->dev, (u8 *)p,
1571 (p->nd_opt_len) << 3,
1572 ndopts.nd_opts_src_lladdr != NULL);
1573 }
1574 }
1575
1576 if (ndopts.nd_opts_mtu && READ_ONCE(in6_dev->cnf.accept_ra_mtu)) {
1577 __be32 n;
1578 u32 mtu;
1579
1580 memcpy(&n, ((u8 *)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1581 mtu = ntohl(n);
1582
1583 if (in6_dev->ra_mtu != mtu) {
1584 in6_dev->ra_mtu = mtu;
1585 send_ifinfo_notify = true;
1586 }
1587
1588 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1589 ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1590 } else if (READ_ONCE(in6_dev->cnf.mtu6) != mtu) {
1591 WRITE_ONCE(in6_dev->cnf.mtu6, mtu);
1592 fib6_metric_set(rt, RTAX_MTU, mtu);
1593 rt6_mtu_change(skb->dev, mtu);
1594 }
1595 }
1596
1597 if (ndopts.nd_useropts) {
1598 struct nd_opt_hdr *p;
1599 for (p = ndopts.nd_useropts;
1600 p;
1601 p = ndisc_next_useropt(skb->dev, p,
1602 ndopts.nd_useropts_end)) {
1603 ndisc_ra_useropt(skb, p);
1604 }
1605 }
1606
1607 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1608 ND_PRINTK(2, warn, "RA: invalid RA options\n");
1609 }
1610out:
1611 /* Send a notify if RA changed managed/otherconf flags or
1612 * timer settings or ra_mtu value
1613 */
1614 if (send_ifinfo_notify)
1615 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1616
1617 fib6_info_release(rt);
1618 if (neigh)
1619 neigh_release(neigh);
1620 return reason;
1621}
1622
1623static enum skb_drop_reason ndisc_redirect_rcv(struct sk_buff *skb)
1624{
1625 struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb);
1626 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
1627 offsetof(struct rd_msg, opt));
1628 struct ndisc_options ndopts;
1629 SKB_DR(reason);
1630 u8 *hdr;
1631
1632#ifdef CONFIG_IPV6_NDISC_NODETYPE
1633 switch (skb->ndisc_nodetype) {
1634 case NDISC_NODETYPE_HOST:
1635 case NDISC_NODETYPE_NODEFAULT:
1636 ND_PRINTK(2, warn,
1637 "Redirect: from host or unauthorized router\n");
1638 return reason;
1639 }
1640#endif
1641
1642 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1643 ND_PRINTK(2, warn,
1644 "Redirect: source address is not link-local\n");
1645 return reason;
1646 }
1647
1648 if (!ndisc_parse_options(skb->dev, msg->opt, ndoptlen, &ndopts))
1649 return SKB_DROP_REASON_IPV6_NDISC_BAD_OPTIONS;
1650
1651 if (!ndopts.nd_opts_rh) {
1652 ip6_redirect_no_header(skb, dev_net(skb->dev),
1653 skb->dev->ifindex);
1654 return reason;
1655 }
1656
1657 hdr = (u8 *)ndopts.nd_opts_rh;
1658 hdr += 8;
1659 if (!pskb_pull(skb, hdr - skb_transport_header(skb)))
1660 return SKB_DROP_REASON_PKT_TOO_SMALL;
1661
1662 return icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1663}
1664
1665static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb,
1666 struct sk_buff *orig_skb,
1667 int rd_len)
1668{
1669 u8 *opt = skb_put(skb, rd_len);
1670
1671 memset(opt, 0, 8);
1672 *(opt++) = ND_OPT_REDIRECT_HDR;
1673 *(opt++) = (rd_len >> 3);
1674 opt += 6;
1675
1676 skb_copy_bits(orig_skb, skb_network_offset(orig_skb), opt,
1677 rd_len - 8);
1678}
1679
1680void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1681{
1682 struct net_device *dev = skb->dev;
1683 struct net *net = dev_net(dev);
1684 struct sock *sk = net->ipv6.ndisc_sk;
1685 int optlen = 0;
1686 struct inet_peer *peer;
1687 struct sk_buff *buff;
1688 struct rd_msg *msg;
1689 struct in6_addr saddr_buf;
1690 struct rt6_info *rt;
1691 struct dst_entry *dst;
1692 struct flowi6 fl6;
1693 int rd_len;
1694 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL,
1695 ops_data_buf[NDISC_OPS_REDIRECT_DATA_SPACE], *ops_data = NULL;
1696 bool ret;
1697
1698 if (netif_is_l3_master(skb->dev)) {
1699 dev = dev_get_by_index_rcu(dev_net(skb->dev), IPCB(skb)->iif);
1700 if (!dev)
1701 return;
1702 }
1703
1704 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1705 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1706 dev->name);
1707 return;
1708 }
1709
1710 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1711 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1712 ND_PRINTK(2, warn,
1713 "Redirect: target address is not link-local unicast\n");
1714 return;
1715 }
1716
1717 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1718 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1719
1720 dst = ip6_route_output(net, NULL, &fl6);
1721 if (dst->error) {
1722 dst_release(dst);
1723 return;
1724 }
1725 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1726 if (IS_ERR(dst))
1727 return;
1728
1729 rt = dst_rt6_info(dst);
1730
1731 if (rt->rt6i_flags & RTF_GATEWAY) {
1732 ND_PRINTK(2, warn,
1733 "Redirect: destination is not a neighbour\n");
1734 goto release;
1735 }
1736
1737 rcu_read_lock();
1738 peer = inet_getpeer_v6(net->ipv6.peers, &ipv6_hdr(skb)->saddr);
1739 ret = inet_peer_xrlim_allow(peer, 1*HZ);
1740 rcu_read_unlock();
1741
1742 if (!ret)
1743 goto release;
1744
1745 if (dev->addr_len) {
1746 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1747 if (!neigh) {
1748 ND_PRINTK(2, warn,
1749 "Redirect: no neigh for target address\n");
1750 goto release;
1751 }
1752
1753 read_lock_bh(&neigh->lock);
1754 if (neigh->nud_state & NUD_VALID) {
1755 memcpy(ha_buf, neigh->ha, dev->addr_len);
1756 read_unlock_bh(&neigh->lock);
1757 ha = ha_buf;
1758 optlen += ndisc_redirect_opt_addr_space(dev, neigh,
1759 ops_data_buf,
1760 &ops_data);
1761 } else
1762 read_unlock_bh(&neigh->lock);
1763
1764 neigh_release(neigh);
1765 }
1766
1767 rd_len = min_t(unsigned int,
1768 IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen,
1769 skb->len + 8);
1770 rd_len &= ~0x7;
1771 optlen += rd_len;
1772
1773 buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
1774 if (!buff)
1775 goto release;
1776
1777 msg = skb_put(buff, sizeof(*msg));
1778 *msg = (struct rd_msg) {
1779 .icmph = {
1780 .icmp6_type = NDISC_REDIRECT,
1781 },
1782 .target = *target,
1783 .dest = ipv6_hdr(skb)->daddr,
1784 };
1785
1786 /*
1787 * include target_address option
1788 */
1789
1790 if (ha)
1791 ndisc_fill_redirect_addr_option(buff, ha, ops_data);
1792
1793 /*
1794 * build redirect option and copy skb over to the new packet.
1795 */
1796
1797 if (rd_len)
1798 ndisc_fill_redirect_hdr_option(buff, skb, rd_len);
1799
1800 skb_dst_set(buff, dst);
1801 ndisc_send_skb(buff, &ipv6_hdr(skb)->saddr, &saddr_buf);
1802 return;
1803
1804release:
1805 dst_release(dst);
1806}
1807
1808static void pndisc_redo(struct sk_buff *skb)
1809{
1810 enum skb_drop_reason reason = ndisc_recv_ns(skb);
1811
1812 kfree_skb_reason(skb, reason);
1813}
1814
1815static int ndisc_is_multicast(const void *pkey)
1816{
1817 return ipv6_addr_is_multicast((struct in6_addr *)pkey);
1818}
1819
1820static bool ndisc_suppress_frag_ndisc(struct sk_buff *skb)
1821{
1822 struct inet6_dev *idev = __in6_dev_get(skb->dev);
1823
1824 if (!idev)
1825 return true;
1826 if (IP6CB(skb)->flags & IP6SKB_FRAGMENTED &&
1827 READ_ONCE(idev->cnf.suppress_frag_ndisc)) {
1828 net_warn_ratelimited("Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.\n");
1829 return true;
1830 }
1831 return false;
1832}
1833
1834enum skb_drop_reason ndisc_rcv(struct sk_buff *skb)
1835{
1836 struct nd_msg *msg;
1837 SKB_DR(reason);
1838
1839 if (ndisc_suppress_frag_ndisc(skb))
1840 return SKB_DROP_REASON_IPV6_NDISC_FRAG;
1841
1842 if (skb_linearize(skb))
1843 return SKB_DROP_REASON_NOMEM;
1844
1845 msg = (struct nd_msg *)skb_transport_header(skb);
1846
1847 __skb_push(skb, skb->data - skb_transport_header(skb));
1848
1849 if (ipv6_hdr(skb)->hop_limit != 255) {
1850 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1851 ipv6_hdr(skb)->hop_limit);
1852 return SKB_DROP_REASON_IPV6_NDISC_HOP_LIMIT;
1853 }
1854
1855 if (msg->icmph.icmp6_code != 0) {
1856 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1857 msg->icmph.icmp6_code);
1858 return SKB_DROP_REASON_IPV6_NDISC_BAD_CODE;
1859 }
1860
1861 switch (msg->icmph.icmp6_type) {
1862 case NDISC_NEIGHBOUR_SOLICITATION:
1863 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1864 reason = ndisc_recv_ns(skb);
1865 break;
1866
1867 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1868 reason = ndisc_recv_na(skb);
1869 break;
1870
1871 case NDISC_ROUTER_SOLICITATION:
1872 reason = ndisc_recv_rs(skb);
1873 break;
1874
1875 case NDISC_ROUTER_ADVERTISEMENT:
1876 reason = ndisc_router_discovery(skb);
1877 break;
1878
1879 case NDISC_REDIRECT:
1880 reason = ndisc_redirect_rcv(skb);
1881 break;
1882 }
1883
1884 return reason;
1885}
1886
1887static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1888{
1889 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1890 struct netdev_notifier_change_info *change_info;
1891 struct net *net = dev_net(dev);
1892 struct inet6_dev *idev;
1893 bool evict_nocarrier;
1894
1895 switch (event) {
1896 case NETDEV_CHANGEADDR:
1897 neigh_changeaddr(&nd_tbl, dev);
1898 fib6_run_gc(0, net, false);
1899 fallthrough;
1900 case NETDEV_UP:
1901 idev = in6_dev_get(dev);
1902 if (!idev)
1903 break;
1904 if (READ_ONCE(idev->cnf.ndisc_notify) ||
1905 READ_ONCE(net->ipv6.devconf_all->ndisc_notify))
1906 ndisc_send_unsol_na(dev);
1907 in6_dev_put(idev);
1908 break;
1909 case NETDEV_CHANGE:
1910 idev = in6_dev_get(dev);
1911 if (!idev)
1912 evict_nocarrier = true;
1913 else {
1914 evict_nocarrier = READ_ONCE(idev->cnf.ndisc_evict_nocarrier) &&
1915 READ_ONCE(net->ipv6.devconf_all->ndisc_evict_nocarrier);
1916 in6_dev_put(idev);
1917 }
1918
1919 change_info = ptr;
1920 if (change_info->flags_changed & IFF_NOARP)
1921 neigh_changeaddr(&nd_tbl, dev);
1922 if (evict_nocarrier && !netif_carrier_ok(dev))
1923 neigh_carrier_down(&nd_tbl, dev);
1924 break;
1925 case NETDEV_DOWN:
1926 neigh_ifdown(&nd_tbl, dev);
1927 fib6_run_gc(0, net, false);
1928 break;
1929 case NETDEV_NOTIFY_PEERS:
1930 ndisc_send_unsol_na(dev);
1931 break;
1932 default:
1933 break;
1934 }
1935
1936 return NOTIFY_DONE;
1937}
1938
1939static struct notifier_block ndisc_netdev_notifier = {
1940 .notifier_call = ndisc_netdev_event,
1941 .priority = ADDRCONF_NOTIFY_PRIORITY - 5,
1942};
1943
1944#ifdef CONFIG_SYSCTL
1945static void ndisc_warn_deprecated_sysctl(const struct ctl_table *ctl,
1946 const char *func, const char *dev_name)
1947{
1948 static char warncomm[TASK_COMM_LEN];
1949 static int warned;
1950 if (strcmp(warncomm, current->comm) && warned < 5) {
1951 strscpy(warncomm, current->comm);
1952 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1953 warncomm, func,
1954 dev_name, ctl->procname,
1955 dev_name, ctl->procname);
1956 warned++;
1957 }
1958}
1959
1960int ndisc_ifinfo_sysctl_change(const struct ctl_table *ctl, int write, void *buffer,
1961 size_t *lenp, loff_t *ppos)
1962{
1963 struct net_device *dev = ctl->extra1;
1964 struct inet6_dev *idev;
1965 int ret;
1966
1967 if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1968 (strcmp(ctl->procname, "base_reachable_time") == 0))
1969 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1970
1971 if (strcmp(ctl->procname, "retrans_time") == 0)
1972 ret = neigh_proc_dointvec(ctl, write, buffer, lenp, ppos);
1973
1974 else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1975 ret = neigh_proc_dointvec_jiffies(ctl, write,
1976 buffer, lenp, ppos);
1977
1978 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1979 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1980 ret = neigh_proc_dointvec_ms_jiffies(ctl, write,
1981 buffer, lenp, ppos);
1982 else
1983 ret = -1;
1984
1985 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1986 if (ctl->data == &NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME))
1987 idev->nd_parms->reachable_time =
1988 neigh_rand_reach_time(NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME));
1989 WRITE_ONCE(idev->tstamp, jiffies);
1990 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1991 in6_dev_put(idev);
1992 }
1993 return ret;
1994}
1995
1996
1997#endif
1998
1999static int __net_init ndisc_net_init(struct net *net)
2000{
2001 struct ipv6_pinfo *np;
2002 struct sock *sk;
2003 int err;
2004
2005 err = inet_ctl_sock_create(&sk, PF_INET6,
2006 SOCK_RAW, IPPROTO_ICMPV6, net);
2007 if (err < 0) {
2008 ND_PRINTK(0, err,
2009 "NDISC: Failed to initialize the control socket (err %d)\n",
2010 err);
2011 return err;
2012 }
2013
2014 net->ipv6.ndisc_sk = sk;
2015
2016 np = inet6_sk(sk);
2017 np->hop_limit = 255;
2018 /* Do not loopback ndisc messages */
2019 inet6_clear_bit(MC6_LOOP, sk);
2020
2021 return 0;
2022}
2023
2024static void __net_exit ndisc_net_exit(struct net *net)
2025{
2026 inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
2027}
2028
2029static struct pernet_operations ndisc_net_ops = {
2030 .init = ndisc_net_init,
2031 .exit = ndisc_net_exit,
2032};
2033
2034int __init ndisc_init(void)
2035{
2036 int err;
2037
2038 err = register_pernet_subsys(&ndisc_net_ops);
2039 if (err)
2040 return err;
2041 /*
2042 * Initialize the neighbour table
2043 */
2044 neigh_table_init(NEIGH_ND_TABLE, &nd_tbl);
2045
2046#ifdef CONFIG_SYSCTL
2047 err = neigh_sysctl_register(NULL, &nd_tbl.parms,
2048 ndisc_ifinfo_sysctl_change);
2049 if (err)
2050 goto out_unregister_pernet;
2051out:
2052#endif
2053 return err;
2054
2055#ifdef CONFIG_SYSCTL
2056out_unregister_pernet:
2057 unregister_pernet_subsys(&ndisc_net_ops);
2058 goto out;
2059#endif
2060}
2061
2062int __init ndisc_late_init(void)
2063{
2064 return register_netdevice_notifier(&ndisc_netdev_notifier);
2065}
2066
2067void ndisc_late_cleanup(void)
2068{
2069 unregister_netdevice_notifier(&ndisc_netdev_notifier);
2070}
2071
2072void ndisc_cleanup(void)
2073{
2074#ifdef CONFIG_SYSCTL
2075 neigh_sysctl_unregister(&nd_tbl.parms);
2076#endif
2077 neigh_table_clear(NEIGH_ND_TABLE, &nd_tbl);
2078 unregister_pernet_subsys(&ndisc_net_ops);
2079}
1/*
2 * Neighbour Discovery for IPv6
3 * Linux INET6 implementation
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 * Mike Shaver <shaver@ingenia.com>
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version
12 * 2 of the License, or (at your option) any later version.
13 */
14
15/*
16 * Changes:
17 *
18 * Alexey I. Froloff : RFC6106 (DNSSL) support
19 * Pierre Ynard : export userland ND options
20 * through netlink (RDNSS support)
21 * Lars Fenneberg : fixed MTU setting on receipt
22 * of an RA.
23 * Janos Farkas : kmalloc failure checks
24 * Alexey Kuznetsov : state machine reworked
25 * and moved to net/core.
26 * Pekka Savola : RFC2461 validation
27 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly
28 */
29
30#define pr_fmt(fmt) "ICMPv6: " fmt
31
32#include <linux/module.h>
33#include <linux/errno.h>
34#include <linux/types.h>
35#include <linux/socket.h>
36#include <linux/sockios.h>
37#include <linux/sched.h>
38#include <linux/net.h>
39#include <linux/in6.h>
40#include <linux/route.h>
41#include <linux/init.h>
42#include <linux/rcupdate.h>
43#include <linux/slab.h>
44#ifdef CONFIG_SYSCTL
45#include <linux/sysctl.h>
46#endif
47
48#include <linux/if_addr.h>
49#include <linux/if_arp.h>
50#include <linux/ipv6.h>
51#include <linux/icmpv6.h>
52#include <linux/jhash.h>
53
54#include <net/sock.h>
55#include <net/snmp.h>
56
57#include <net/ipv6.h>
58#include <net/protocol.h>
59#include <net/ndisc.h>
60#include <net/ip6_route.h>
61#include <net/addrconf.h>
62#include <net/icmp.h>
63
64#include <net/netlink.h>
65#include <linux/rtnetlink.h>
66
67#include <net/flow.h>
68#include <net/ip6_checksum.h>
69#include <net/inet_common.h>
70#include <linux/proc_fs.h>
71
72#include <linux/netfilter.h>
73#include <linux/netfilter_ipv6.h>
74
75static u32 ndisc_hash(const void *pkey,
76 const struct net_device *dev,
77 __u32 *hash_rnd);
78static bool ndisc_key_eq(const struct neighbour *neigh, const void *pkey);
79static int ndisc_constructor(struct neighbour *neigh);
80static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
81static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
82static int pndisc_constructor(struct pneigh_entry *n);
83static void pndisc_destructor(struct pneigh_entry *n);
84static void pndisc_redo(struct sk_buff *skb);
85
86static const struct neigh_ops ndisc_generic_ops = {
87 .family = AF_INET6,
88 .solicit = ndisc_solicit,
89 .error_report = ndisc_error_report,
90 .output = neigh_resolve_output,
91 .connected_output = neigh_connected_output,
92};
93
94static const struct neigh_ops ndisc_hh_ops = {
95 .family = AF_INET6,
96 .solicit = ndisc_solicit,
97 .error_report = ndisc_error_report,
98 .output = neigh_resolve_output,
99 .connected_output = neigh_resolve_output,
100};
101
102
103static const struct neigh_ops ndisc_direct_ops = {
104 .family = AF_INET6,
105 .output = neigh_direct_output,
106 .connected_output = neigh_direct_output,
107};
108
109struct neigh_table nd_tbl = {
110 .family = AF_INET6,
111 .key_len = sizeof(struct in6_addr),
112 .protocol = cpu_to_be16(ETH_P_IPV6),
113 .hash = ndisc_hash,
114 .key_eq = ndisc_key_eq,
115 .constructor = ndisc_constructor,
116 .pconstructor = pndisc_constructor,
117 .pdestructor = pndisc_destructor,
118 .proxy_redo = pndisc_redo,
119 .id = "ndisc_cache",
120 .parms = {
121 .tbl = &nd_tbl,
122 .reachable_time = ND_REACHABLE_TIME,
123 .data = {
124 [NEIGH_VAR_MCAST_PROBES] = 3,
125 [NEIGH_VAR_UCAST_PROBES] = 3,
126 [NEIGH_VAR_RETRANS_TIME] = ND_RETRANS_TIMER,
127 [NEIGH_VAR_BASE_REACHABLE_TIME] = ND_REACHABLE_TIME,
128 [NEIGH_VAR_DELAY_PROBE_TIME] = 5 * HZ,
129 [NEIGH_VAR_GC_STALETIME] = 60 * HZ,
130 [NEIGH_VAR_QUEUE_LEN_BYTES] = 64 * 1024,
131 [NEIGH_VAR_PROXY_QLEN] = 64,
132 [NEIGH_VAR_ANYCAST_DELAY] = 1 * HZ,
133 [NEIGH_VAR_PROXY_DELAY] = (8 * HZ) / 10,
134 },
135 },
136 .gc_interval = 30 * HZ,
137 .gc_thresh1 = 128,
138 .gc_thresh2 = 512,
139 .gc_thresh3 = 1024,
140};
141EXPORT_SYMBOL_GPL(nd_tbl);
142
143void __ndisc_fill_addr_option(struct sk_buff *skb, int type, void *data,
144 int data_len, int pad)
145{
146 int space = __ndisc_opt_addr_space(data_len, pad);
147 u8 *opt = skb_put(skb, space);
148
149 opt[0] = type;
150 opt[1] = space>>3;
151
152 memset(opt + 2, 0, pad);
153 opt += pad;
154 space -= pad;
155
156 memcpy(opt+2, data, data_len);
157 data_len += 2;
158 opt += data_len;
159 space -= data_len;
160 if (space > 0)
161 memset(opt, 0, space);
162}
163EXPORT_SYMBOL_GPL(__ndisc_fill_addr_option);
164
165static inline void ndisc_fill_addr_option(struct sk_buff *skb, int type,
166 void *data, u8 icmp6_type)
167{
168 __ndisc_fill_addr_option(skb, type, data, skb->dev->addr_len,
169 ndisc_addr_option_pad(skb->dev->type));
170 ndisc_ops_fill_addr_option(skb->dev, skb, icmp6_type);
171}
172
173static inline void ndisc_fill_redirect_addr_option(struct sk_buff *skb,
174 void *ha,
175 const u8 *ops_data)
176{
177 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR, ha, NDISC_REDIRECT);
178 ndisc_ops_fill_redirect_addr_option(skb->dev, skb, ops_data);
179}
180
181static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
182 struct nd_opt_hdr *end)
183{
184 int type;
185 if (!cur || !end || cur >= end)
186 return NULL;
187 type = cur->nd_opt_type;
188 do {
189 cur = ((void *)cur) + (cur->nd_opt_len << 3);
190 } while (cur < end && cur->nd_opt_type != type);
191 return cur <= end && cur->nd_opt_type == type ? cur : NULL;
192}
193
194static inline int ndisc_is_useropt(const struct net_device *dev,
195 struct nd_opt_hdr *opt)
196{
197 return opt->nd_opt_type == ND_OPT_RDNSS ||
198 opt->nd_opt_type == ND_OPT_DNSSL ||
199 ndisc_ops_is_useropt(dev, opt->nd_opt_type);
200}
201
202static struct nd_opt_hdr *ndisc_next_useropt(const struct net_device *dev,
203 struct nd_opt_hdr *cur,
204 struct nd_opt_hdr *end)
205{
206 if (!cur || !end || cur >= end)
207 return NULL;
208 do {
209 cur = ((void *)cur) + (cur->nd_opt_len << 3);
210 } while (cur < end && !ndisc_is_useropt(dev, cur));
211 return cur <= end && ndisc_is_useropt(dev, cur) ? cur : NULL;
212}
213
214struct ndisc_options *ndisc_parse_options(const struct net_device *dev,
215 u8 *opt, int opt_len,
216 struct ndisc_options *ndopts)
217{
218 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
219
220 if (!nd_opt || opt_len < 0 || !ndopts)
221 return NULL;
222 memset(ndopts, 0, sizeof(*ndopts));
223 while (opt_len) {
224 int l;
225 if (opt_len < sizeof(struct nd_opt_hdr))
226 return NULL;
227 l = nd_opt->nd_opt_len << 3;
228 if (opt_len < l || l == 0)
229 return NULL;
230 if (ndisc_ops_parse_options(dev, nd_opt, ndopts))
231 goto next_opt;
232 switch (nd_opt->nd_opt_type) {
233 case ND_OPT_SOURCE_LL_ADDR:
234 case ND_OPT_TARGET_LL_ADDR:
235 case ND_OPT_MTU:
236 case ND_OPT_NONCE:
237 case ND_OPT_REDIRECT_HDR:
238 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
239 ND_PRINTK(2, warn,
240 "%s: duplicated ND6 option found: type=%d\n",
241 __func__, nd_opt->nd_opt_type);
242 } else {
243 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
244 }
245 break;
246 case ND_OPT_PREFIX_INFO:
247 ndopts->nd_opts_pi_end = nd_opt;
248 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
249 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
250 break;
251#ifdef CONFIG_IPV6_ROUTE_INFO
252 case ND_OPT_ROUTE_INFO:
253 ndopts->nd_opts_ri_end = nd_opt;
254 if (!ndopts->nd_opts_ri)
255 ndopts->nd_opts_ri = nd_opt;
256 break;
257#endif
258 default:
259 if (ndisc_is_useropt(dev, nd_opt)) {
260 ndopts->nd_useropts_end = nd_opt;
261 if (!ndopts->nd_useropts)
262 ndopts->nd_useropts = nd_opt;
263 } else {
264 /*
265 * Unknown options must be silently ignored,
266 * to accommodate future extension to the
267 * protocol.
268 */
269 ND_PRINTK(2, notice,
270 "%s: ignored unsupported option; type=%d, len=%d\n",
271 __func__,
272 nd_opt->nd_opt_type,
273 nd_opt->nd_opt_len);
274 }
275 }
276next_opt:
277 opt_len -= l;
278 nd_opt = ((void *)nd_opt) + l;
279 }
280 return ndopts;
281}
282
283int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
284{
285 switch (dev->type) {
286 case ARPHRD_ETHER:
287 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */
288 case ARPHRD_FDDI:
289 ipv6_eth_mc_map(addr, buf);
290 return 0;
291 case ARPHRD_ARCNET:
292 ipv6_arcnet_mc_map(addr, buf);
293 return 0;
294 case ARPHRD_INFINIBAND:
295 ipv6_ib_mc_map(addr, dev->broadcast, buf);
296 return 0;
297 case ARPHRD_IPGRE:
298 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
299 default:
300 if (dir) {
301 memcpy(buf, dev->broadcast, dev->addr_len);
302 return 0;
303 }
304 }
305 return -EINVAL;
306}
307EXPORT_SYMBOL(ndisc_mc_map);
308
309static u32 ndisc_hash(const void *pkey,
310 const struct net_device *dev,
311 __u32 *hash_rnd)
312{
313 return ndisc_hashfn(pkey, dev, hash_rnd);
314}
315
316static bool ndisc_key_eq(const struct neighbour *n, const void *pkey)
317{
318 return neigh_key_eq128(n, pkey);
319}
320
321static int ndisc_constructor(struct neighbour *neigh)
322{
323 struct in6_addr *addr = (struct in6_addr *)&neigh->primary_key;
324 struct net_device *dev = neigh->dev;
325 struct inet6_dev *in6_dev;
326 struct neigh_parms *parms;
327 bool is_multicast = ipv6_addr_is_multicast(addr);
328
329 in6_dev = in6_dev_get(dev);
330 if (!in6_dev) {
331 return -EINVAL;
332 }
333
334 parms = in6_dev->nd_parms;
335 __neigh_parms_put(neigh->parms);
336 neigh->parms = neigh_parms_clone(parms);
337
338 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
339 if (!dev->header_ops) {
340 neigh->nud_state = NUD_NOARP;
341 neigh->ops = &ndisc_direct_ops;
342 neigh->output = neigh_direct_output;
343 } else {
344 if (is_multicast) {
345 neigh->nud_state = NUD_NOARP;
346 ndisc_mc_map(addr, neigh->ha, dev, 1);
347 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
348 neigh->nud_state = NUD_NOARP;
349 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
350 if (dev->flags&IFF_LOOPBACK)
351 neigh->type = RTN_LOCAL;
352 } else if (dev->flags&IFF_POINTOPOINT) {
353 neigh->nud_state = NUD_NOARP;
354 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
355 }
356 if (dev->header_ops->cache)
357 neigh->ops = &ndisc_hh_ops;
358 else
359 neigh->ops = &ndisc_generic_ops;
360 if (neigh->nud_state&NUD_VALID)
361 neigh->output = neigh->ops->connected_output;
362 else
363 neigh->output = neigh->ops->output;
364 }
365 in6_dev_put(in6_dev);
366 return 0;
367}
368
369static int pndisc_constructor(struct pneigh_entry *n)
370{
371 struct in6_addr *addr = (struct in6_addr *)&n->key;
372 struct in6_addr maddr;
373 struct net_device *dev = n->dev;
374
375 if (!dev || !__in6_dev_get(dev))
376 return -EINVAL;
377 addrconf_addr_solict_mult(addr, &maddr);
378 ipv6_dev_mc_inc(dev, &maddr);
379 return 0;
380}
381
382static void pndisc_destructor(struct pneigh_entry *n)
383{
384 struct in6_addr *addr = (struct in6_addr *)&n->key;
385 struct in6_addr maddr;
386 struct net_device *dev = n->dev;
387
388 if (!dev || !__in6_dev_get(dev))
389 return;
390 addrconf_addr_solict_mult(addr, &maddr);
391 ipv6_dev_mc_dec(dev, &maddr);
392}
393
394static struct sk_buff *ndisc_alloc_skb(struct net_device *dev,
395 int len)
396{
397 int hlen = LL_RESERVED_SPACE(dev);
398 int tlen = dev->needed_tailroom;
399 struct sock *sk = dev_net(dev)->ipv6.ndisc_sk;
400 struct sk_buff *skb;
401
402 skb = alloc_skb(hlen + sizeof(struct ipv6hdr) + len + tlen, GFP_ATOMIC);
403 if (!skb) {
404 ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb\n",
405 __func__);
406 return NULL;
407 }
408
409 skb->protocol = htons(ETH_P_IPV6);
410 skb->dev = dev;
411
412 skb_reserve(skb, hlen + sizeof(struct ipv6hdr));
413 skb_reset_transport_header(skb);
414
415 /* Manually assign socket ownership as we avoid calling
416 * sock_alloc_send_pskb() to bypass wmem buffer limits
417 */
418 skb_set_owner_w(skb, sk);
419
420 return skb;
421}
422
423static void ip6_nd_hdr(struct sk_buff *skb,
424 const struct in6_addr *saddr,
425 const struct in6_addr *daddr,
426 int hop_limit, int len)
427{
428 struct ipv6hdr *hdr;
429
430 skb_push(skb, sizeof(*hdr));
431 skb_reset_network_header(skb);
432 hdr = ipv6_hdr(skb);
433
434 ip6_flow_hdr(hdr, 0, 0);
435
436 hdr->payload_len = htons(len);
437 hdr->nexthdr = IPPROTO_ICMPV6;
438 hdr->hop_limit = hop_limit;
439
440 hdr->saddr = *saddr;
441 hdr->daddr = *daddr;
442}
443
444static void ndisc_send_skb(struct sk_buff *skb,
445 const struct in6_addr *daddr,
446 const struct in6_addr *saddr)
447{
448 struct dst_entry *dst = skb_dst(skb);
449 struct net *net = dev_net(skb->dev);
450 struct sock *sk = net->ipv6.ndisc_sk;
451 struct inet6_dev *idev;
452 int err;
453 struct icmp6hdr *icmp6h = icmp6_hdr(skb);
454 u8 type;
455
456 type = icmp6h->icmp6_type;
457
458 if (!dst) {
459 struct flowi6 fl6;
460 int oif = skb->dev->ifindex;
461
462 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, oif);
463 dst = icmp6_dst_alloc(skb->dev, &fl6);
464 if (IS_ERR(dst)) {
465 kfree_skb(skb);
466 return;
467 }
468
469 skb_dst_set(skb, dst);
470 }
471
472 icmp6h->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len,
473 IPPROTO_ICMPV6,
474 csum_partial(icmp6h,
475 skb->len, 0));
476
477 ip6_nd_hdr(skb, saddr, daddr, inet6_sk(sk)->hop_limit, skb->len);
478
479 rcu_read_lock();
480 idev = __in6_dev_get(dst->dev);
481 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
482
483 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT,
484 net, sk, skb, NULL, dst->dev,
485 dst_output);
486 if (!err) {
487 ICMP6MSGOUT_INC_STATS(net, idev, type);
488 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
489 }
490
491 rcu_read_unlock();
492}
493
494void ndisc_send_na(struct net_device *dev, const struct in6_addr *daddr,
495 const struct in6_addr *solicited_addr,
496 bool router, bool solicited, bool override, bool inc_opt)
497{
498 struct sk_buff *skb;
499 struct in6_addr tmpaddr;
500 struct inet6_ifaddr *ifp;
501 const struct in6_addr *src_addr;
502 struct nd_msg *msg;
503 int optlen = 0;
504
505 /* for anycast or proxy, solicited_addr != src_addr */
506 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
507 if (ifp) {
508 src_addr = solicited_addr;
509 if (ifp->flags & IFA_F_OPTIMISTIC)
510 override = false;
511 inc_opt |= ifp->idev->cnf.force_tllao;
512 in6_ifa_put(ifp);
513 } else {
514 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
515 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
516 &tmpaddr))
517 return;
518 src_addr = &tmpaddr;
519 }
520
521 if (!dev->addr_len)
522 inc_opt = 0;
523 if (inc_opt)
524 optlen += ndisc_opt_addr_space(dev,
525 NDISC_NEIGHBOUR_ADVERTISEMENT);
526
527 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
528 if (!skb)
529 return;
530
531 msg = (struct nd_msg *)skb_put(skb, sizeof(*msg));
532 *msg = (struct nd_msg) {
533 .icmph = {
534 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
535 .icmp6_router = router,
536 .icmp6_solicited = solicited,
537 .icmp6_override = override,
538 },
539 .target = *solicited_addr,
540 };
541
542 if (inc_opt)
543 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR,
544 dev->dev_addr,
545 NDISC_NEIGHBOUR_ADVERTISEMENT);
546
547 ndisc_send_skb(skb, daddr, src_addr);
548}
549
550static void ndisc_send_unsol_na(struct net_device *dev)
551{
552 struct inet6_dev *idev;
553 struct inet6_ifaddr *ifa;
554
555 idev = in6_dev_get(dev);
556 if (!idev)
557 return;
558
559 read_lock_bh(&idev->lock);
560 list_for_each_entry(ifa, &idev->addr_list, if_list) {
561 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &ifa->addr,
562 /*router=*/ !!idev->cnf.forwarding,
563 /*solicited=*/ false, /*override=*/ true,
564 /*inc_opt=*/ true);
565 }
566 read_unlock_bh(&idev->lock);
567
568 in6_dev_put(idev);
569}
570
571void ndisc_send_ns(struct net_device *dev, const struct in6_addr *solicit,
572 const struct in6_addr *daddr, const struct in6_addr *saddr,
573 u64 nonce)
574{
575 struct sk_buff *skb;
576 struct in6_addr addr_buf;
577 int inc_opt = dev->addr_len;
578 int optlen = 0;
579 struct nd_msg *msg;
580
581 if (!saddr) {
582 if (ipv6_get_lladdr(dev, &addr_buf,
583 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
584 return;
585 saddr = &addr_buf;
586 }
587
588 if (ipv6_addr_any(saddr))
589 inc_opt = false;
590 if (inc_opt)
591 optlen += ndisc_opt_addr_space(dev,
592 NDISC_NEIGHBOUR_SOLICITATION);
593 if (nonce != 0)
594 optlen += 8;
595
596 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
597 if (!skb)
598 return;
599
600 msg = (struct nd_msg *)skb_put(skb, sizeof(*msg));
601 *msg = (struct nd_msg) {
602 .icmph = {
603 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
604 },
605 .target = *solicit,
606 };
607
608 if (inc_opt)
609 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
610 dev->dev_addr,
611 NDISC_NEIGHBOUR_SOLICITATION);
612 if (nonce != 0) {
613 u8 *opt = skb_put(skb, 8);
614
615 opt[0] = ND_OPT_NONCE;
616 opt[1] = 8 >> 3;
617 memcpy(opt + 2, &nonce, 6);
618 }
619
620 ndisc_send_skb(skb, daddr, saddr);
621}
622
623void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
624 const struct in6_addr *daddr)
625{
626 struct sk_buff *skb;
627 struct rs_msg *msg;
628 int send_sllao = dev->addr_len;
629 int optlen = 0;
630
631#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
632 /*
633 * According to section 2.2 of RFC 4429, we must not
634 * send router solicitations with a sllao from
635 * optimistic addresses, but we may send the solicitation
636 * if we don't include the sllao. So here we check
637 * if our address is optimistic, and if so, we
638 * suppress the inclusion of the sllao.
639 */
640 if (send_sllao) {
641 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
642 dev, 1);
643 if (ifp) {
644 if (ifp->flags & IFA_F_OPTIMISTIC) {
645 send_sllao = 0;
646 }
647 in6_ifa_put(ifp);
648 } else {
649 send_sllao = 0;
650 }
651 }
652#endif
653 if (send_sllao)
654 optlen += ndisc_opt_addr_space(dev, NDISC_ROUTER_SOLICITATION);
655
656 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
657 if (!skb)
658 return;
659
660 msg = (struct rs_msg *)skb_put(skb, sizeof(*msg));
661 *msg = (struct rs_msg) {
662 .icmph = {
663 .icmp6_type = NDISC_ROUTER_SOLICITATION,
664 },
665 };
666
667 if (send_sllao)
668 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
669 dev->dev_addr,
670 NDISC_ROUTER_SOLICITATION);
671
672 ndisc_send_skb(skb, daddr, saddr);
673}
674
675
676static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
677{
678 /*
679 * "The sender MUST return an ICMP
680 * destination unreachable"
681 */
682 dst_link_failure(skb);
683 kfree_skb(skb);
684}
685
686/* Called with locked neigh: either read or both */
687
688static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
689{
690 struct in6_addr *saddr = NULL;
691 struct in6_addr mcaddr;
692 struct net_device *dev = neigh->dev;
693 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
694 int probes = atomic_read(&neigh->probes);
695
696 if (skb && ipv6_chk_addr_and_flags(dev_net(dev), &ipv6_hdr(skb)->saddr,
697 dev, 1,
698 IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))
699 saddr = &ipv6_hdr(skb)->saddr;
700 probes -= NEIGH_VAR(neigh->parms, UCAST_PROBES);
701 if (probes < 0) {
702 if (!(neigh->nud_state & NUD_VALID)) {
703 ND_PRINTK(1, dbg,
704 "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
705 __func__, target);
706 }
707 ndisc_send_ns(dev, target, target, saddr, 0);
708 } else if ((probes -= NEIGH_VAR(neigh->parms, APP_PROBES)) < 0) {
709 neigh_app_ns(neigh);
710 } else {
711 addrconf_addr_solict_mult(target, &mcaddr);
712 ndisc_send_ns(dev, target, &mcaddr, saddr, 0);
713 }
714}
715
716static int pndisc_is_router(const void *pkey,
717 struct net_device *dev)
718{
719 struct pneigh_entry *n;
720 int ret = -1;
721
722 read_lock_bh(&nd_tbl.lock);
723 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
724 if (n)
725 ret = !!(n->flags & NTF_ROUTER);
726 read_unlock_bh(&nd_tbl.lock);
727
728 return ret;
729}
730
731void ndisc_update(const struct net_device *dev, struct neighbour *neigh,
732 const u8 *lladdr, u8 new, u32 flags, u8 icmp6_type,
733 struct ndisc_options *ndopts)
734{
735 neigh_update(neigh, lladdr, new, flags);
736 /* report ndisc ops about neighbour update */
737 ndisc_ops_update(dev, neigh, flags, icmp6_type, ndopts);
738}
739
740static void ndisc_recv_ns(struct sk_buff *skb)
741{
742 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
743 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
744 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
745 u8 *lladdr = NULL;
746 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
747 offsetof(struct nd_msg, opt));
748 struct ndisc_options ndopts;
749 struct net_device *dev = skb->dev;
750 struct inet6_ifaddr *ifp;
751 struct inet6_dev *idev = NULL;
752 struct neighbour *neigh;
753 int dad = ipv6_addr_any(saddr);
754 bool inc;
755 int is_router = -1;
756 u64 nonce = 0;
757
758 if (skb->len < sizeof(struct nd_msg)) {
759 ND_PRINTK(2, warn, "NS: packet too short\n");
760 return;
761 }
762
763 if (ipv6_addr_is_multicast(&msg->target)) {
764 ND_PRINTK(2, warn, "NS: multicast target address\n");
765 return;
766 }
767
768 /*
769 * RFC2461 7.1.1:
770 * DAD has to be destined for solicited node multicast address.
771 */
772 if (dad && !ipv6_addr_is_solict_mult(daddr)) {
773 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
774 return;
775 }
776
777 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
778 ND_PRINTK(2, warn, "NS: invalid ND options\n");
779 return;
780 }
781
782 if (ndopts.nd_opts_src_lladdr) {
783 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
784 if (!lladdr) {
785 ND_PRINTK(2, warn,
786 "NS: invalid link-layer address length\n");
787 return;
788 }
789
790 /* RFC2461 7.1.1:
791 * If the IP source address is the unspecified address,
792 * there MUST NOT be source link-layer address option
793 * in the message.
794 */
795 if (dad) {
796 ND_PRINTK(2, warn,
797 "NS: bad DAD packet (link-layer address option)\n");
798 return;
799 }
800 }
801 if (ndopts.nd_opts_nonce)
802 memcpy(&nonce, (u8 *)(ndopts.nd_opts_nonce + 1), 6);
803
804 inc = ipv6_addr_is_multicast(daddr);
805
806 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
807 if (ifp) {
808have_ifp:
809 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
810 if (dad) {
811 if (nonce != 0 && ifp->dad_nonce == nonce) {
812 u8 *np = (u8 *)&nonce;
813 /* Matching nonce if looped back */
814 ND_PRINTK(2, notice,
815 "%s: IPv6 DAD loopback for address %pI6c nonce %pM ignored\n",
816 ifp->idev->dev->name,
817 &ifp->addr, np);
818 goto out;
819 }
820 /*
821 * We are colliding with another node
822 * who is doing DAD
823 * so fail our DAD process
824 */
825 addrconf_dad_failure(ifp);
826 return;
827 } else {
828 /*
829 * This is not a dad solicitation.
830 * If we are an optimistic node,
831 * we should respond.
832 * Otherwise, we should ignore it.
833 */
834 if (!(ifp->flags & IFA_F_OPTIMISTIC))
835 goto out;
836 }
837 }
838
839 idev = ifp->idev;
840 } else {
841 struct net *net = dev_net(dev);
842
843 /* perhaps an address on the master device */
844 if (netif_is_l3_slave(dev)) {
845 struct net_device *mdev;
846
847 mdev = netdev_master_upper_dev_get_rcu(dev);
848 if (mdev) {
849 ifp = ipv6_get_ifaddr(net, &msg->target, mdev, 1);
850 if (ifp)
851 goto have_ifp;
852 }
853 }
854
855 idev = in6_dev_get(dev);
856 if (!idev) {
857 /* XXX: count this drop? */
858 return;
859 }
860
861 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
862 (idev->cnf.forwarding &&
863 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
864 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
865 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
866 skb->pkt_type != PACKET_HOST &&
867 inc &&
868 NEIGH_VAR(idev->nd_parms, PROXY_DELAY) != 0) {
869 /*
870 * for anycast or proxy,
871 * sender should delay its response
872 * by a random time between 0 and
873 * MAX_ANYCAST_DELAY_TIME seconds.
874 * (RFC2461) -- yoshfuji
875 */
876 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
877 if (n)
878 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
879 goto out;
880 }
881 } else
882 goto out;
883 }
884
885 if (is_router < 0)
886 is_router = idev->cnf.forwarding;
887
888 if (dad) {
889 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &msg->target,
890 !!is_router, false, (ifp != NULL), true);
891 goto out;
892 }
893
894 if (inc)
895 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
896 else
897 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
898
899 /*
900 * update / create cache entry
901 * for the source address
902 */
903 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
904 !inc || lladdr || !dev->addr_len);
905 if (neigh)
906 ndisc_update(dev, neigh, lladdr, NUD_STALE,
907 NEIGH_UPDATE_F_WEAK_OVERRIDE|
908 NEIGH_UPDATE_F_OVERRIDE,
909 NDISC_NEIGHBOUR_SOLICITATION, &ndopts);
910 if (neigh || !dev->header_ops) {
911 ndisc_send_na(dev, saddr, &msg->target, !!is_router,
912 true, (ifp != NULL && inc), inc);
913 if (neigh)
914 neigh_release(neigh);
915 }
916
917out:
918 if (ifp)
919 in6_ifa_put(ifp);
920 else
921 in6_dev_put(idev);
922}
923
924static void ndisc_recv_na(struct sk_buff *skb)
925{
926 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
927 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
928 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
929 u8 *lladdr = NULL;
930 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
931 offsetof(struct nd_msg, opt));
932 struct ndisc_options ndopts;
933 struct net_device *dev = skb->dev;
934 struct inet6_dev *idev = __in6_dev_get(dev);
935 struct inet6_ifaddr *ifp;
936 struct neighbour *neigh;
937
938 if (skb->len < sizeof(struct nd_msg)) {
939 ND_PRINTK(2, warn, "NA: packet too short\n");
940 return;
941 }
942
943 if (ipv6_addr_is_multicast(&msg->target)) {
944 ND_PRINTK(2, warn, "NA: target address is multicast\n");
945 return;
946 }
947
948 if (ipv6_addr_is_multicast(daddr) &&
949 msg->icmph.icmp6_solicited) {
950 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
951 return;
952 }
953
954 /* For some 802.11 wireless deployments (and possibly other networks),
955 * there will be a NA proxy and unsolicitd packets are attacks
956 * and thus should not be accepted.
957 */
958 if (!msg->icmph.icmp6_solicited && idev &&
959 idev->cnf.drop_unsolicited_na)
960 return;
961
962 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
963 ND_PRINTK(2, warn, "NS: invalid ND option\n");
964 return;
965 }
966 if (ndopts.nd_opts_tgt_lladdr) {
967 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
968 if (!lladdr) {
969 ND_PRINTK(2, warn,
970 "NA: invalid link-layer address length\n");
971 return;
972 }
973 }
974 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
975 if (ifp) {
976 if (skb->pkt_type != PACKET_LOOPBACK
977 && (ifp->flags & IFA_F_TENTATIVE)) {
978 addrconf_dad_failure(ifp);
979 return;
980 }
981 /* What should we make now? The advertisement
982 is invalid, but ndisc specs say nothing
983 about it. It could be misconfiguration, or
984 an smart proxy agent tries to help us :-)
985
986 We should not print the error if NA has been
987 received from loopback - it is just our own
988 unsolicited advertisement.
989 */
990 if (skb->pkt_type != PACKET_LOOPBACK)
991 ND_PRINTK(1, warn,
992 "NA: someone advertises our address %pI6 on %s!\n",
993 &ifp->addr, ifp->idev->dev->name);
994 in6_ifa_put(ifp);
995 return;
996 }
997 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
998
999 if (neigh) {
1000 u8 old_flags = neigh->flags;
1001 struct net *net = dev_net(dev);
1002
1003 if (neigh->nud_state & NUD_FAILED)
1004 goto out;
1005
1006 /*
1007 * Don't update the neighbor cache entry on a proxy NA from
1008 * ourselves because either the proxied node is off link or it
1009 * has already sent a NA to us.
1010 */
1011 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
1012 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
1013 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
1014 /* XXX: idev->cnf.proxy_ndp */
1015 goto out;
1016 }
1017
1018 ndisc_update(dev, neigh, lladdr,
1019 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
1020 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1021 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
1022 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1023 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0),
1024 NDISC_NEIGHBOUR_ADVERTISEMENT, &ndopts);
1025
1026 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
1027 /*
1028 * Change: router to host
1029 */
1030 rt6_clean_tohost(dev_net(dev), saddr);
1031 }
1032
1033out:
1034 neigh_release(neigh);
1035 }
1036}
1037
1038static void ndisc_recv_rs(struct sk_buff *skb)
1039{
1040 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
1041 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
1042 struct neighbour *neigh;
1043 struct inet6_dev *idev;
1044 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
1045 struct ndisc_options ndopts;
1046 u8 *lladdr = NULL;
1047
1048 if (skb->len < sizeof(*rs_msg))
1049 return;
1050
1051 idev = __in6_dev_get(skb->dev);
1052 if (!idev) {
1053 ND_PRINTK(1, err, "RS: can't find in6 device\n");
1054 return;
1055 }
1056
1057 /* Don't accept RS if we're not in router mode */
1058 if (!idev->cnf.forwarding)
1059 goto out;
1060
1061 /*
1062 * Don't update NCE if src = ::;
1063 * this implies that the source node has no ip address assigned yet.
1064 */
1065 if (ipv6_addr_any(saddr))
1066 goto out;
1067
1068 /* Parse ND options */
1069 if (!ndisc_parse_options(skb->dev, rs_msg->opt, ndoptlen, &ndopts)) {
1070 ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n");
1071 goto out;
1072 }
1073
1074 if (ndopts.nd_opts_src_lladdr) {
1075 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1076 skb->dev);
1077 if (!lladdr)
1078 goto out;
1079 }
1080
1081 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1082 if (neigh) {
1083 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1084 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1085 NEIGH_UPDATE_F_OVERRIDE|
1086 NEIGH_UPDATE_F_OVERRIDE_ISROUTER,
1087 NDISC_ROUTER_SOLICITATION, &ndopts);
1088 neigh_release(neigh);
1089 }
1090out:
1091 return;
1092}
1093
1094static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1095{
1096 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1097 struct sk_buff *skb;
1098 struct nlmsghdr *nlh;
1099 struct nduseroptmsg *ndmsg;
1100 struct net *net = dev_net(ra->dev);
1101 int err;
1102 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1103 + (opt->nd_opt_len << 3));
1104 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1105
1106 skb = nlmsg_new(msg_size, GFP_ATOMIC);
1107 if (!skb) {
1108 err = -ENOBUFS;
1109 goto errout;
1110 }
1111
1112 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1113 if (!nlh) {
1114 goto nla_put_failure;
1115 }
1116
1117 ndmsg = nlmsg_data(nlh);
1118 ndmsg->nduseropt_family = AF_INET6;
1119 ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1120 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1121 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1122 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1123
1124 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1125
1126 if (nla_put_in6_addr(skb, NDUSEROPT_SRCADDR, &ipv6_hdr(ra)->saddr))
1127 goto nla_put_failure;
1128 nlmsg_end(skb, nlh);
1129
1130 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1131 return;
1132
1133nla_put_failure:
1134 nlmsg_free(skb);
1135 err = -EMSGSIZE;
1136errout:
1137 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1138}
1139
1140static void ndisc_router_discovery(struct sk_buff *skb)
1141{
1142 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1143 struct neighbour *neigh = NULL;
1144 struct inet6_dev *in6_dev;
1145 struct rt6_info *rt = NULL;
1146 int lifetime;
1147 struct ndisc_options ndopts;
1148 int optlen;
1149 unsigned int pref = 0;
1150 __u32 old_if_flags;
1151 bool send_ifinfo_notify = false;
1152
1153 __u8 *opt = (__u8 *)(ra_msg + 1);
1154
1155 optlen = (skb_tail_pointer(skb) - skb_transport_header(skb)) -
1156 sizeof(struct ra_msg);
1157
1158 ND_PRINTK(2, info,
1159 "RA: %s, dev: %s\n",
1160 __func__, skb->dev->name);
1161 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1162 ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1163 return;
1164 }
1165 if (optlen < 0) {
1166 ND_PRINTK(2, warn, "RA: packet too short\n");
1167 return;
1168 }
1169
1170#ifdef CONFIG_IPV6_NDISC_NODETYPE
1171 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1172 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
1173 return;
1174 }
1175#endif
1176
1177 /*
1178 * set the RA_RECV flag in the interface
1179 */
1180
1181 in6_dev = __in6_dev_get(skb->dev);
1182 if (!in6_dev) {
1183 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1184 skb->dev->name);
1185 return;
1186 }
1187
1188 if (!ndisc_parse_options(skb->dev, opt, optlen, &ndopts)) {
1189 ND_PRINTK(2, warn, "RA: invalid ND options\n");
1190 return;
1191 }
1192
1193 if (!ipv6_accept_ra(in6_dev)) {
1194 ND_PRINTK(2, info,
1195 "RA: %s, did not accept ra for dev: %s\n",
1196 __func__, skb->dev->name);
1197 goto skip_linkparms;
1198 }
1199
1200#ifdef CONFIG_IPV6_NDISC_NODETYPE
1201 /* skip link-specific parameters from interior routers */
1202 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1203 ND_PRINTK(2, info,
1204 "RA: %s, nodetype is NODEFAULT, dev: %s\n",
1205 __func__, skb->dev->name);
1206 goto skip_linkparms;
1207 }
1208#endif
1209
1210 if (in6_dev->if_flags & IF_RS_SENT) {
1211 /*
1212 * flag that an RA was received after an RS was sent
1213 * out on this interface.
1214 */
1215 in6_dev->if_flags |= IF_RA_RCVD;
1216 }
1217
1218 /*
1219 * Remember the managed/otherconf flags from most recently
1220 * received RA message (RFC 2462) -- yoshfuji
1221 */
1222 old_if_flags = in6_dev->if_flags;
1223 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1224 IF_RA_OTHERCONF)) |
1225 (ra_msg->icmph.icmp6_addrconf_managed ?
1226 IF_RA_MANAGED : 0) |
1227 (ra_msg->icmph.icmp6_addrconf_other ?
1228 IF_RA_OTHERCONF : 0);
1229
1230 if (old_if_flags != in6_dev->if_flags)
1231 send_ifinfo_notify = true;
1232
1233 if (!in6_dev->cnf.accept_ra_defrtr) {
1234 ND_PRINTK(2, info,
1235 "RA: %s, defrtr is false for dev: %s\n",
1236 __func__, skb->dev->name);
1237 goto skip_defrtr;
1238 }
1239
1240 /* Do not accept RA with source-addr found on local machine unless
1241 * accept_ra_from_local is set to true.
1242 */
1243 if (!in6_dev->cnf.accept_ra_from_local &&
1244 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
1245 in6_dev->dev, 0)) {
1246 ND_PRINTK(2, info,
1247 "RA from local address detected on dev: %s: default router ignored\n",
1248 skb->dev->name);
1249 goto skip_defrtr;
1250 }
1251
1252 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1253
1254#ifdef CONFIG_IPV6_ROUTER_PREF
1255 pref = ra_msg->icmph.icmp6_router_pref;
1256 /* 10b is handled as if it were 00b (medium) */
1257 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1258 !in6_dev->cnf.accept_ra_rtr_pref)
1259 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1260#endif
1261
1262 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1263
1264 if (rt) {
1265 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1266 if (!neigh) {
1267 ND_PRINTK(0, err,
1268 "RA: %s got default router without neighbour\n",
1269 __func__);
1270 ip6_rt_put(rt);
1271 return;
1272 }
1273 }
1274 if (rt && lifetime == 0) {
1275 ip6_del_rt(rt);
1276 rt = NULL;
1277 }
1278
1279 ND_PRINTK(3, info, "RA: rt: %p lifetime: %d, for dev: %s\n",
1280 rt, lifetime, skb->dev->name);
1281 if (!rt && lifetime) {
1282 ND_PRINTK(3, info, "RA: adding default router\n");
1283
1284 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
1285 if (!rt) {
1286 ND_PRINTK(0, err,
1287 "RA: %s failed to add default route\n",
1288 __func__);
1289 return;
1290 }
1291
1292 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1293 if (!neigh) {
1294 ND_PRINTK(0, err,
1295 "RA: %s got default router without neighbour\n",
1296 __func__);
1297 ip6_rt_put(rt);
1298 return;
1299 }
1300 neigh->flags |= NTF_ROUTER;
1301 } else if (rt) {
1302 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1303 }
1304
1305 if (rt)
1306 rt6_set_expires(rt, jiffies + (HZ * lifetime));
1307 if (in6_dev->cnf.accept_ra_min_hop_limit < 256 &&
1308 ra_msg->icmph.icmp6_hop_limit) {
1309 if (in6_dev->cnf.accept_ra_min_hop_limit <= ra_msg->icmph.icmp6_hop_limit) {
1310 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1311 if (rt)
1312 dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
1313 ra_msg->icmph.icmp6_hop_limit);
1314 } else {
1315 ND_PRINTK(2, warn, "RA: Got route advertisement with lower hop_limit than minimum\n");
1316 }
1317 }
1318
1319skip_defrtr:
1320
1321 /*
1322 * Update Reachable Time and Retrans Timer
1323 */
1324
1325 if (in6_dev->nd_parms) {
1326 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1327
1328 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1329 rtime = (rtime*HZ)/1000;
1330 if (rtime < HZ/10)
1331 rtime = HZ/10;
1332 NEIGH_VAR_SET(in6_dev->nd_parms, RETRANS_TIME, rtime);
1333 in6_dev->tstamp = jiffies;
1334 send_ifinfo_notify = true;
1335 }
1336
1337 rtime = ntohl(ra_msg->reachable_time);
1338 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1339 rtime = (rtime*HZ)/1000;
1340
1341 if (rtime < HZ/10)
1342 rtime = HZ/10;
1343
1344 if (rtime != NEIGH_VAR(in6_dev->nd_parms, BASE_REACHABLE_TIME)) {
1345 NEIGH_VAR_SET(in6_dev->nd_parms,
1346 BASE_REACHABLE_TIME, rtime);
1347 NEIGH_VAR_SET(in6_dev->nd_parms,
1348 GC_STALETIME, 3 * rtime);
1349 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1350 in6_dev->tstamp = jiffies;
1351 send_ifinfo_notify = true;
1352 }
1353 }
1354 }
1355
1356 /*
1357 * Send a notify if RA changed managed/otherconf flags or timer settings
1358 */
1359 if (send_ifinfo_notify)
1360 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1361
1362skip_linkparms:
1363
1364 /*
1365 * Process options.
1366 */
1367
1368 if (!neigh)
1369 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1370 skb->dev, 1);
1371 if (neigh) {
1372 u8 *lladdr = NULL;
1373 if (ndopts.nd_opts_src_lladdr) {
1374 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1375 skb->dev);
1376 if (!lladdr) {
1377 ND_PRINTK(2, warn,
1378 "RA: invalid link-layer address length\n");
1379 goto out;
1380 }
1381 }
1382 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1383 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1384 NEIGH_UPDATE_F_OVERRIDE|
1385 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1386 NEIGH_UPDATE_F_ISROUTER,
1387 NDISC_ROUTER_ADVERTISEMENT, &ndopts);
1388 }
1389
1390 if (!ipv6_accept_ra(in6_dev)) {
1391 ND_PRINTK(2, info,
1392 "RA: %s, accept_ra is false for dev: %s\n",
1393 __func__, skb->dev->name);
1394 goto out;
1395 }
1396
1397#ifdef CONFIG_IPV6_ROUTE_INFO
1398 if (!in6_dev->cnf.accept_ra_from_local &&
1399 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
1400 in6_dev->dev, 0)) {
1401 ND_PRINTK(2, info,
1402 "RA from local address detected on dev: %s: router info ignored.\n",
1403 skb->dev->name);
1404 goto skip_routeinfo;
1405 }
1406
1407 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1408 struct nd_opt_hdr *p;
1409 for (p = ndopts.nd_opts_ri;
1410 p;
1411 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1412 struct route_info *ri = (struct route_info *)p;
1413#ifdef CONFIG_IPV6_NDISC_NODETYPE
1414 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1415 ri->prefix_len == 0)
1416 continue;
1417#endif
1418 if (ri->prefix_len == 0 &&
1419 !in6_dev->cnf.accept_ra_defrtr)
1420 continue;
1421 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1422 continue;
1423 rt6_route_rcv(skb->dev, (u8 *)p, (p->nd_opt_len) << 3,
1424 &ipv6_hdr(skb)->saddr);
1425 }
1426 }
1427
1428skip_routeinfo:
1429#endif
1430
1431#ifdef CONFIG_IPV6_NDISC_NODETYPE
1432 /* skip link-specific ndopts from interior routers */
1433 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1434 ND_PRINTK(2, info,
1435 "RA: %s, nodetype is NODEFAULT (interior routes), dev: %s\n",
1436 __func__, skb->dev->name);
1437 goto out;
1438 }
1439#endif
1440
1441 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1442 struct nd_opt_hdr *p;
1443 for (p = ndopts.nd_opts_pi;
1444 p;
1445 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1446 addrconf_prefix_rcv(skb->dev, (u8 *)p,
1447 (p->nd_opt_len) << 3,
1448 ndopts.nd_opts_src_lladdr != NULL);
1449 }
1450 }
1451
1452 if (ndopts.nd_opts_mtu && in6_dev->cnf.accept_ra_mtu) {
1453 __be32 n;
1454 u32 mtu;
1455
1456 memcpy(&n, ((u8 *)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1457 mtu = ntohl(n);
1458
1459 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1460 ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1461 } else if (in6_dev->cnf.mtu6 != mtu) {
1462 in6_dev->cnf.mtu6 = mtu;
1463
1464 if (rt)
1465 dst_metric_set(&rt->dst, RTAX_MTU, mtu);
1466
1467 rt6_mtu_change(skb->dev, mtu);
1468 }
1469 }
1470
1471 if (ndopts.nd_useropts) {
1472 struct nd_opt_hdr *p;
1473 for (p = ndopts.nd_useropts;
1474 p;
1475 p = ndisc_next_useropt(skb->dev, p,
1476 ndopts.nd_useropts_end)) {
1477 ndisc_ra_useropt(skb, p);
1478 }
1479 }
1480
1481 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1482 ND_PRINTK(2, warn, "RA: invalid RA options\n");
1483 }
1484out:
1485 ip6_rt_put(rt);
1486 if (neigh)
1487 neigh_release(neigh);
1488}
1489
1490static void ndisc_redirect_rcv(struct sk_buff *skb)
1491{
1492 u8 *hdr;
1493 struct ndisc_options ndopts;
1494 struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb);
1495 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
1496 offsetof(struct rd_msg, opt));
1497
1498#ifdef CONFIG_IPV6_NDISC_NODETYPE
1499 switch (skb->ndisc_nodetype) {
1500 case NDISC_NODETYPE_HOST:
1501 case NDISC_NODETYPE_NODEFAULT:
1502 ND_PRINTK(2, warn,
1503 "Redirect: from host or unauthorized router\n");
1504 return;
1505 }
1506#endif
1507
1508 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1509 ND_PRINTK(2, warn,
1510 "Redirect: source address is not link-local\n");
1511 return;
1512 }
1513
1514 if (!ndisc_parse_options(skb->dev, msg->opt, ndoptlen, &ndopts))
1515 return;
1516
1517 if (!ndopts.nd_opts_rh) {
1518 ip6_redirect_no_header(skb, dev_net(skb->dev),
1519 skb->dev->ifindex, 0);
1520 return;
1521 }
1522
1523 hdr = (u8 *)ndopts.nd_opts_rh;
1524 hdr += 8;
1525 if (!pskb_pull(skb, hdr - skb_transport_header(skb)))
1526 return;
1527
1528 icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1529}
1530
1531static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb,
1532 struct sk_buff *orig_skb,
1533 int rd_len)
1534{
1535 u8 *opt = skb_put(skb, rd_len);
1536
1537 memset(opt, 0, 8);
1538 *(opt++) = ND_OPT_REDIRECT_HDR;
1539 *(opt++) = (rd_len >> 3);
1540 opt += 6;
1541
1542 memcpy(opt, ipv6_hdr(orig_skb), rd_len - 8);
1543}
1544
1545void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1546{
1547 struct net_device *dev = skb->dev;
1548 struct net *net = dev_net(dev);
1549 struct sock *sk = net->ipv6.ndisc_sk;
1550 int optlen = 0;
1551 struct inet_peer *peer;
1552 struct sk_buff *buff;
1553 struct rd_msg *msg;
1554 struct in6_addr saddr_buf;
1555 struct rt6_info *rt;
1556 struct dst_entry *dst;
1557 struct flowi6 fl6;
1558 int rd_len;
1559 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL,
1560 ops_data_buf[NDISC_OPS_REDIRECT_DATA_SPACE], *ops_data = NULL;
1561 bool ret;
1562
1563 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1564 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1565 dev->name);
1566 return;
1567 }
1568
1569 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1570 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1571 ND_PRINTK(2, warn,
1572 "Redirect: target address is not link-local unicast\n");
1573 return;
1574 }
1575
1576 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1577 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1578
1579 dst = ip6_route_output(net, NULL, &fl6);
1580 if (dst->error) {
1581 dst_release(dst);
1582 return;
1583 }
1584 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1585 if (IS_ERR(dst))
1586 return;
1587
1588 rt = (struct rt6_info *) dst;
1589
1590 if (rt->rt6i_flags & RTF_GATEWAY) {
1591 ND_PRINTK(2, warn,
1592 "Redirect: destination is not a neighbour\n");
1593 goto release;
1594 }
1595 peer = inet_getpeer_v6(net->ipv6.peers, &ipv6_hdr(skb)->saddr, 1);
1596 ret = inet_peer_xrlim_allow(peer, 1*HZ);
1597 if (peer)
1598 inet_putpeer(peer);
1599 if (!ret)
1600 goto release;
1601
1602 if (dev->addr_len) {
1603 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1604 if (!neigh) {
1605 ND_PRINTK(2, warn,
1606 "Redirect: no neigh for target address\n");
1607 goto release;
1608 }
1609
1610 read_lock_bh(&neigh->lock);
1611 if (neigh->nud_state & NUD_VALID) {
1612 memcpy(ha_buf, neigh->ha, dev->addr_len);
1613 read_unlock_bh(&neigh->lock);
1614 ha = ha_buf;
1615 optlen += ndisc_redirect_opt_addr_space(dev, neigh,
1616 ops_data_buf,
1617 &ops_data);
1618 } else
1619 read_unlock_bh(&neigh->lock);
1620
1621 neigh_release(neigh);
1622 }
1623
1624 rd_len = min_t(unsigned int,
1625 IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen,
1626 skb->len + 8);
1627 rd_len &= ~0x7;
1628 optlen += rd_len;
1629
1630 buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
1631 if (!buff)
1632 goto release;
1633
1634 msg = (struct rd_msg *)skb_put(buff, sizeof(*msg));
1635 *msg = (struct rd_msg) {
1636 .icmph = {
1637 .icmp6_type = NDISC_REDIRECT,
1638 },
1639 .target = *target,
1640 .dest = ipv6_hdr(skb)->daddr,
1641 };
1642
1643 /*
1644 * include target_address option
1645 */
1646
1647 if (ha)
1648 ndisc_fill_redirect_addr_option(buff, ha, ops_data);
1649
1650 /*
1651 * build redirect option and copy skb over to the new packet.
1652 */
1653
1654 if (rd_len)
1655 ndisc_fill_redirect_hdr_option(buff, skb, rd_len);
1656
1657 skb_dst_set(buff, dst);
1658 ndisc_send_skb(buff, &ipv6_hdr(skb)->saddr, &saddr_buf);
1659 return;
1660
1661release:
1662 dst_release(dst);
1663}
1664
1665static void pndisc_redo(struct sk_buff *skb)
1666{
1667 ndisc_recv_ns(skb);
1668 kfree_skb(skb);
1669}
1670
1671static bool ndisc_suppress_frag_ndisc(struct sk_buff *skb)
1672{
1673 struct inet6_dev *idev = __in6_dev_get(skb->dev);
1674
1675 if (!idev)
1676 return true;
1677 if (IP6CB(skb)->flags & IP6SKB_FRAGMENTED &&
1678 idev->cnf.suppress_frag_ndisc) {
1679 net_warn_ratelimited("Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.\n");
1680 return true;
1681 }
1682 return false;
1683}
1684
1685int ndisc_rcv(struct sk_buff *skb)
1686{
1687 struct nd_msg *msg;
1688
1689 if (ndisc_suppress_frag_ndisc(skb))
1690 return 0;
1691
1692 if (skb_linearize(skb))
1693 return 0;
1694
1695 msg = (struct nd_msg *)skb_transport_header(skb);
1696
1697 __skb_push(skb, skb->data - skb_transport_header(skb));
1698
1699 if (ipv6_hdr(skb)->hop_limit != 255) {
1700 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1701 ipv6_hdr(skb)->hop_limit);
1702 return 0;
1703 }
1704
1705 if (msg->icmph.icmp6_code != 0) {
1706 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1707 msg->icmph.icmp6_code);
1708 return 0;
1709 }
1710
1711 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1712
1713 switch (msg->icmph.icmp6_type) {
1714 case NDISC_NEIGHBOUR_SOLICITATION:
1715 ndisc_recv_ns(skb);
1716 break;
1717
1718 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1719 ndisc_recv_na(skb);
1720 break;
1721
1722 case NDISC_ROUTER_SOLICITATION:
1723 ndisc_recv_rs(skb);
1724 break;
1725
1726 case NDISC_ROUTER_ADVERTISEMENT:
1727 ndisc_router_discovery(skb);
1728 break;
1729
1730 case NDISC_REDIRECT:
1731 ndisc_redirect_rcv(skb);
1732 break;
1733 }
1734
1735 return 0;
1736}
1737
1738static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1739{
1740 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1741 struct netdev_notifier_change_info *change_info;
1742 struct net *net = dev_net(dev);
1743 struct inet6_dev *idev;
1744
1745 switch (event) {
1746 case NETDEV_CHANGEADDR:
1747 neigh_changeaddr(&nd_tbl, dev);
1748 fib6_run_gc(0, net, false);
1749 idev = in6_dev_get(dev);
1750 if (!idev)
1751 break;
1752 if (idev->cnf.ndisc_notify)
1753 ndisc_send_unsol_na(dev);
1754 in6_dev_put(idev);
1755 break;
1756 case NETDEV_CHANGE:
1757 change_info = ptr;
1758 if (change_info->flags_changed & IFF_NOARP)
1759 neigh_changeaddr(&nd_tbl, dev);
1760 break;
1761 case NETDEV_DOWN:
1762 neigh_ifdown(&nd_tbl, dev);
1763 fib6_run_gc(0, net, false);
1764 break;
1765 case NETDEV_NOTIFY_PEERS:
1766 ndisc_send_unsol_na(dev);
1767 break;
1768 default:
1769 break;
1770 }
1771
1772 return NOTIFY_DONE;
1773}
1774
1775static struct notifier_block ndisc_netdev_notifier = {
1776 .notifier_call = ndisc_netdev_event,
1777};
1778
1779#ifdef CONFIG_SYSCTL
1780static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1781 const char *func, const char *dev_name)
1782{
1783 static char warncomm[TASK_COMM_LEN];
1784 static int warned;
1785 if (strcmp(warncomm, current->comm) && warned < 5) {
1786 strcpy(warncomm, current->comm);
1787 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1788 warncomm, func,
1789 dev_name, ctl->procname,
1790 dev_name, ctl->procname);
1791 warned++;
1792 }
1793}
1794
1795int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
1796{
1797 struct net_device *dev = ctl->extra1;
1798 struct inet6_dev *idev;
1799 int ret;
1800
1801 if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1802 (strcmp(ctl->procname, "base_reachable_time") == 0))
1803 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1804
1805 if (strcmp(ctl->procname, "retrans_time") == 0)
1806 ret = neigh_proc_dointvec(ctl, write, buffer, lenp, ppos);
1807
1808 else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1809 ret = neigh_proc_dointvec_jiffies(ctl, write,
1810 buffer, lenp, ppos);
1811
1812 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1813 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1814 ret = neigh_proc_dointvec_ms_jiffies(ctl, write,
1815 buffer, lenp, ppos);
1816 else
1817 ret = -1;
1818
1819 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1820 if (ctl->data == &NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME))
1821 idev->nd_parms->reachable_time =
1822 neigh_rand_reach_time(NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME));
1823 idev->tstamp = jiffies;
1824 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1825 in6_dev_put(idev);
1826 }
1827 return ret;
1828}
1829
1830
1831#endif
1832
1833static int __net_init ndisc_net_init(struct net *net)
1834{
1835 struct ipv6_pinfo *np;
1836 struct sock *sk;
1837 int err;
1838
1839 err = inet_ctl_sock_create(&sk, PF_INET6,
1840 SOCK_RAW, IPPROTO_ICMPV6, net);
1841 if (err < 0) {
1842 ND_PRINTK(0, err,
1843 "NDISC: Failed to initialize the control socket (err %d)\n",
1844 err);
1845 return err;
1846 }
1847
1848 net->ipv6.ndisc_sk = sk;
1849
1850 np = inet6_sk(sk);
1851 np->hop_limit = 255;
1852 /* Do not loopback ndisc messages */
1853 np->mc_loop = 0;
1854
1855 return 0;
1856}
1857
1858static void __net_exit ndisc_net_exit(struct net *net)
1859{
1860 inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1861}
1862
1863static struct pernet_operations ndisc_net_ops = {
1864 .init = ndisc_net_init,
1865 .exit = ndisc_net_exit,
1866};
1867
1868int __init ndisc_init(void)
1869{
1870 int err;
1871
1872 err = register_pernet_subsys(&ndisc_net_ops);
1873 if (err)
1874 return err;
1875 /*
1876 * Initialize the neighbour table
1877 */
1878 neigh_table_init(NEIGH_ND_TABLE, &nd_tbl);
1879
1880#ifdef CONFIG_SYSCTL
1881 err = neigh_sysctl_register(NULL, &nd_tbl.parms,
1882 ndisc_ifinfo_sysctl_change);
1883 if (err)
1884 goto out_unregister_pernet;
1885out:
1886#endif
1887 return err;
1888
1889#ifdef CONFIG_SYSCTL
1890out_unregister_pernet:
1891 unregister_pernet_subsys(&ndisc_net_ops);
1892 goto out;
1893#endif
1894}
1895
1896int __init ndisc_late_init(void)
1897{
1898 return register_netdevice_notifier(&ndisc_netdev_notifier);
1899}
1900
1901void ndisc_late_cleanup(void)
1902{
1903 unregister_netdevice_notifier(&ndisc_netdev_notifier);
1904}
1905
1906void ndisc_cleanup(void)
1907{
1908#ifdef CONFIG_SYSCTL
1909 neigh_sysctl_unregister(&nd_tbl.parms);
1910#endif
1911 neigh_table_clear(NEIGH_ND_TABLE, &nd_tbl);
1912 unregister_pernet_subsys(&ndisc_net_ops);
1913}