Loading...
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * Neighbour Discovery for IPv6
4 * Linux INET6 implementation
5 *
6 * Authors:
7 * Pedro Roque <roque@di.fc.ul.pt>
8 * Mike Shaver <shaver@ingenia.com>
9 */
10
11/*
12 * Changes:
13 *
14 * Alexey I. Froloff : RFC6106 (DNSSL) support
15 * Pierre Ynard : export userland ND options
16 * through netlink (RDNSS support)
17 * Lars Fenneberg : fixed MTU setting on receipt
18 * of an RA.
19 * Janos Farkas : kmalloc failure checks
20 * Alexey Kuznetsov : state machine reworked
21 * and moved to net/core.
22 * Pekka Savola : RFC2461 validation
23 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly
24 */
25
26#define pr_fmt(fmt) "ICMPv6: " fmt
27
28#include <linux/module.h>
29#include <linux/errno.h>
30#include <linux/types.h>
31#include <linux/socket.h>
32#include <linux/sockios.h>
33#include <linux/sched.h>
34#include <linux/net.h>
35#include <linux/in6.h>
36#include <linux/route.h>
37#include <linux/init.h>
38#include <linux/rcupdate.h>
39#include <linux/slab.h>
40#ifdef CONFIG_SYSCTL
41#include <linux/sysctl.h>
42#endif
43
44#include <linux/if_addr.h>
45#include <linux/if_ether.h>
46#include <linux/if_arp.h>
47#include <linux/ipv6.h>
48#include <linux/icmpv6.h>
49#include <linux/jhash.h>
50
51#include <net/sock.h>
52#include <net/snmp.h>
53
54#include <net/ipv6.h>
55#include <net/protocol.h>
56#include <net/ndisc.h>
57#include <net/ip6_route.h>
58#include <net/addrconf.h>
59#include <net/icmp.h>
60
61#include <net/netlink.h>
62#include <linux/rtnetlink.h>
63
64#include <net/flow.h>
65#include <net/ip6_checksum.h>
66#include <net/inet_common.h>
67#include <linux/proc_fs.h>
68
69#include <linux/netfilter.h>
70#include <linux/netfilter_ipv6.h>
71
72static u32 ndisc_hash(const void *pkey,
73 const struct net_device *dev,
74 __u32 *hash_rnd);
75static bool ndisc_key_eq(const struct neighbour *neigh, const void *pkey);
76static bool ndisc_allow_add(const struct net_device *dev,
77 struct netlink_ext_ack *extack);
78static int ndisc_constructor(struct neighbour *neigh);
79static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
80static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
81static int pndisc_constructor(struct pneigh_entry *n);
82static void pndisc_destructor(struct pneigh_entry *n);
83static void pndisc_redo(struct sk_buff *skb);
84static int ndisc_is_multicast(const void *pkey);
85
86static const struct neigh_ops ndisc_generic_ops = {
87 .family = AF_INET6,
88 .solicit = ndisc_solicit,
89 .error_report = ndisc_error_report,
90 .output = neigh_resolve_output,
91 .connected_output = neigh_connected_output,
92};
93
94static const struct neigh_ops ndisc_hh_ops = {
95 .family = AF_INET6,
96 .solicit = ndisc_solicit,
97 .error_report = ndisc_error_report,
98 .output = neigh_resolve_output,
99 .connected_output = neigh_resolve_output,
100};
101
102
103static const struct neigh_ops ndisc_direct_ops = {
104 .family = AF_INET6,
105 .output = neigh_direct_output,
106 .connected_output = neigh_direct_output,
107};
108
109struct neigh_table nd_tbl = {
110 .family = AF_INET6,
111 .key_len = sizeof(struct in6_addr),
112 .protocol = cpu_to_be16(ETH_P_IPV6),
113 .hash = ndisc_hash,
114 .key_eq = ndisc_key_eq,
115 .constructor = ndisc_constructor,
116 .pconstructor = pndisc_constructor,
117 .pdestructor = pndisc_destructor,
118 .proxy_redo = pndisc_redo,
119 .is_multicast = ndisc_is_multicast,
120 .allow_add = ndisc_allow_add,
121 .id = "ndisc_cache",
122 .parms = {
123 .tbl = &nd_tbl,
124 .reachable_time = ND_REACHABLE_TIME,
125 .data = {
126 [NEIGH_VAR_MCAST_PROBES] = 3,
127 [NEIGH_VAR_UCAST_PROBES] = 3,
128 [NEIGH_VAR_RETRANS_TIME] = ND_RETRANS_TIMER,
129 [NEIGH_VAR_BASE_REACHABLE_TIME] = ND_REACHABLE_TIME,
130 [NEIGH_VAR_DELAY_PROBE_TIME] = 5 * HZ,
131 [NEIGH_VAR_INTERVAL_PROBE_TIME_MS] = 5 * HZ,
132 [NEIGH_VAR_GC_STALETIME] = 60 * HZ,
133 [NEIGH_VAR_QUEUE_LEN_BYTES] = SK_WMEM_MAX,
134 [NEIGH_VAR_PROXY_QLEN] = 64,
135 [NEIGH_VAR_ANYCAST_DELAY] = 1 * HZ,
136 [NEIGH_VAR_PROXY_DELAY] = (8 * HZ) / 10,
137 },
138 },
139 .gc_interval = 30 * HZ,
140 .gc_thresh1 = 128,
141 .gc_thresh2 = 512,
142 .gc_thresh3 = 1024,
143};
144EXPORT_SYMBOL_GPL(nd_tbl);
145
146void __ndisc_fill_addr_option(struct sk_buff *skb, int type, const void *data,
147 int data_len, int pad)
148{
149 int space = __ndisc_opt_addr_space(data_len, pad);
150 u8 *opt = skb_put(skb, space);
151
152 opt[0] = type;
153 opt[1] = space>>3;
154
155 memset(opt + 2, 0, pad);
156 opt += pad;
157 space -= pad;
158
159 memcpy(opt+2, data, data_len);
160 data_len += 2;
161 opt += data_len;
162 space -= data_len;
163 if (space > 0)
164 memset(opt, 0, space);
165}
166EXPORT_SYMBOL_GPL(__ndisc_fill_addr_option);
167
168static inline void ndisc_fill_addr_option(struct sk_buff *skb, int type,
169 const void *data, u8 icmp6_type)
170{
171 __ndisc_fill_addr_option(skb, type, data, skb->dev->addr_len,
172 ndisc_addr_option_pad(skb->dev->type));
173 ndisc_ops_fill_addr_option(skb->dev, skb, icmp6_type);
174}
175
176static inline void ndisc_fill_redirect_addr_option(struct sk_buff *skb,
177 void *ha,
178 const u8 *ops_data)
179{
180 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR, ha, NDISC_REDIRECT);
181 ndisc_ops_fill_redirect_addr_option(skb->dev, skb, ops_data);
182}
183
184static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
185 struct nd_opt_hdr *end)
186{
187 int type;
188 if (!cur || !end || cur >= end)
189 return NULL;
190 type = cur->nd_opt_type;
191 do {
192 cur = ((void *)cur) + (cur->nd_opt_len << 3);
193 } while (cur < end && cur->nd_opt_type != type);
194 return cur <= end && cur->nd_opt_type == type ? cur : NULL;
195}
196
197static inline int ndisc_is_useropt(const struct net_device *dev,
198 struct nd_opt_hdr *opt)
199{
200 return opt->nd_opt_type == ND_OPT_PREFIX_INFO ||
201 opt->nd_opt_type == ND_OPT_RDNSS ||
202 opt->nd_opt_type == ND_OPT_DNSSL ||
203 opt->nd_opt_type == ND_OPT_CAPTIVE_PORTAL ||
204 opt->nd_opt_type == ND_OPT_PREF64 ||
205 ndisc_ops_is_useropt(dev, opt->nd_opt_type);
206}
207
208static struct nd_opt_hdr *ndisc_next_useropt(const struct net_device *dev,
209 struct nd_opt_hdr *cur,
210 struct nd_opt_hdr *end)
211{
212 if (!cur || !end || cur >= end)
213 return NULL;
214 do {
215 cur = ((void *)cur) + (cur->nd_opt_len << 3);
216 } while (cur < end && !ndisc_is_useropt(dev, cur));
217 return cur <= end && ndisc_is_useropt(dev, cur) ? cur : NULL;
218}
219
220struct ndisc_options *ndisc_parse_options(const struct net_device *dev,
221 u8 *opt, int opt_len,
222 struct ndisc_options *ndopts)
223{
224 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
225
226 if (!nd_opt || opt_len < 0 || !ndopts)
227 return NULL;
228 memset(ndopts, 0, sizeof(*ndopts));
229 while (opt_len) {
230 int l;
231 if (opt_len < sizeof(struct nd_opt_hdr))
232 return NULL;
233 l = nd_opt->nd_opt_len << 3;
234 if (opt_len < l || l == 0)
235 return NULL;
236 if (ndisc_ops_parse_options(dev, nd_opt, ndopts))
237 goto next_opt;
238 switch (nd_opt->nd_opt_type) {
239 case ND_OPT_SOURCE_LL_ADDR:
240 case ND_OPT_TARGET_LL_ADDR:
241 case ND_OPT_MTU:
242 case ND_OPT_NONCE:
243 case ND_OPT_REDIRECT_HDR:
244 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
245 ND_PRINTK(2, warn,
246 "%s: duplicated ND6 option found: type=%d\n",
247 __func__, nd_opt->nd_opt_type);
248 } else {
249 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
250 }
251 break;
252 case ND_OPT_PREFIX_INFO:
253 ndopts->nd_opts_pi_end = nd_opt;
254 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
255 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
256 break;
257#ifdef CONFIG_IPV6_ROUTE_INFO
258 case ND_OPT_ROUTE_INFO:
259 ndopts->nd_opts_ri_end = nd_opt;
260 if (!ndopts->nd_opts_ri)
261 ndopts->nd_opts_ri = nd_opt;
262 break;
263#endif
264 default:
265 if (ndisc_is_useropt(dev, nd_opt)) {
266 ndopts->nd_useropts_end = nd_opt;
267 if (!ndopts->nd_useropts)
268 ndopts->nd_useropts = nd_opt;
269 } else {
270 /*
271 * Unknown options must be silently ignored,
272 * to accommodate future extension to the
273 * protocol.
274 */
275 ND_PRINTK(2, notice,
276 "%s: ignored unsupported option; type=%d, len=%d\n",
277 __func__,
278 nd_opt->nd_opt_type,
279 nd_opt->nd_opt_len);
280 }
281 }
282next_opt:
283 opt_len -= l;
284 nd_opt = ((void *)nd_opt) + l;
285 }
286 return ndopts;
287}
288
289int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
290{
291 switch (dev->type) {
292 case ARPHRD_ETHER:
293 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */
294 case ARPHRD_FDDI:
295 ipv6_eth_mc_map(addr, buf);
296 return 0;
297 case ARPHRD_ARCNET:
298 ipv6_arcnet_mc_map(addr, buf);
299 return 0;
300 case ARPHRD_INFINIBAND:
301 ipv6_ib_mc_map(addr, dev->broadcast, buf);
302 return 0;
303 case ARPHRD_IPGRE:
304 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
305 default:
306 if (dir) {
307 memcpy(buf, dev->broadcast, dev->addr_len);
308 return 0;
309 }
310 }
311 return -EINVAL;
312}
313EXPORT_SYMBOL(ndisc_mc_map);
314
315static u32 ndisc_hash(const void *pkey,
316 const struct net_device *dev,
317 __u32 *hash_rnd)
318{
319 return ndisc_hashfn(pkey, dev, hash_rnd);
320}
321
322static bool ndisc_key_eq(const struct neighbour *n, const void *pkey)
323{
324 return neigh_key_eq128(n, pkey);
325}
326
327static int ndisc_constructor(struct neighbour *neigh)
328{
329 struct in6_addr *addr = (struct in6_addr *)&neigh->primary_key;
330 struct net_device *dev = neigh->dev;
331 struct inet6_dev *in6_dev;
332 struct neigh_parms *parms;
333 bool is_multicast = ipv6_addr_is_multicast(addr);
334
335 in6_dev = in6_dev_get(dev);
336 if (!in6_dev) {
337 return -EINVAL;
338 }
339
340 parms = in6_dev->nd_parms;
341 __neigh_parms_put(neigh->parms);
342 neigh->parms = neigh_parms_clone(parms);
343
344 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
345 if (!dev->header_ops) {
346 neigh->nud_state = NUD_NOARP;
347 neigh->ops = &ndisc_direct_ops;
348 neigh->output = neigh_direct_output;
349 } else {
350 if (is_multicast) {
351 neigh->nud_state = NUD_NOARP;
352 ndisc_mc_map(addr, neigh->ha, dev, 1);
353 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
354 neigh->nud_state = NUD_NOARP;
355 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
356 if (dev->flags&IFF_LOOPBACK)
357 neigh->type = RTN_LOCAL;
358 } else if (dev->flags&IFF_POINTOPOINT) {
359 neigh->nud_state = NUD_NOARP;
360 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
361 }
362 if (dev->header_ops->cache)
363 neigh->ops = &ndisc_hh_ops;
364 else
365 neigh->ops = &ndisc_generic_ops;
366 if (neigh->nud_state&NUD_VALID)
367 neigh->output = neigh->ops->connected_output;
368 else
369 neigh->output = neigh->ops->output;
370 }
371 in6_dev_put(in6_dev);
372 return 0;
373}
374
375static int pndisc_constructor(struct pneigh_entry *n)
376{
377 struct in6_addr *addr = (struct in6_addr *)&n->key;
378 struct in6_addr maddr;
379 struct net_device *dev = n->dev;
380
381 if (!dev || !__in6_dev_get(dev))
382 return -EINVAL;
383 addrconf_addr_solict_mult(addr, &maddr);
384 ipv6_dev_mc_inc(dev, &maddr);
385 return 0;
386}
387
388static void pndisc_destructor(struct pneigh_entry *n)
389{
390 struct in6_addr *addr = (struct in6_addr *)&n->key;
391 struct in6_addr maddr;
392 struct net_device *dev = n->dev;
393
394 if (!dev || !__in6_dev_get(dev))
395 return;
396 addrconf_addr_solict_mult(addr, &maddr);
397 ipv6_dev_mc_dec(dev, &maddr);
398}
399
400/* called with rtnl held */
401static bool ndisc_allow_add(const struct net_device *dev,
402 struct netlink_ext_ack *extack)
403{
404 struct inet6_dev *idev = __in6_dev_get(dev);
405
406 if (!idev || idev->cnf.disable_ipv6) {
407 NL_SET_ERR_MSG(extack, "IPv6 is disabled on this device");
408 return false;
409 }
410
411 return true;
412}
413
414static struct sk_buff *ndisc_alloc_skb(struct net_device *dev,
415 int len)
416{
417 int hlen = LL_RESERVED_SPACE(dev);
418 int tlen = dev->needed_tailroom;
419 struct sock *sk = dev_net(dev)->ipv6.ndisc_sk;
420 struct sk_buff *skb;
421
422 skb = alloc_skb(hlen + sizeof(struct ipv6hdr) + len + tlen, GFP_ATOMIC);
423 if (!skb) {
424 ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb\n",
425 __func__);
426 return NULL;
427 }
428
429 skb->protocol = htons(ETH_P_IPV6);
430 skb->dev = dev;
431
432 skb_reserve(skb, hlen + sizeof(struct ipv6hdr));
433 skb_reset_transport_header(skb);
434
435 /* Manually assign socket ownership as we avoid calling
436 * sock_alloc_send_pskb() to bypass wmem buffer limits
437 */
438 skb_set_owner_w(skb, sk);
439
440 return skb;
441}
442
443static void ip6_nd_hdr(struct sk_buff *skb,
444 const struct in6_addr *saddr,
445 const struct in6_addr *daddr,
446 int hop_limit, int len)
447{
448 struct ipv6hdr *hdr;
449 struct inet6_dev *idev;
450 unsigned tclass;
451
452 rcu_read_lock();
453 idev = __in6_dev_get(skb->dev);
454 tclass = idev ? idev->cnf.ndisc_tclass : 0;
455 rcu_read_unlock();
456
457 skb_push(skb, sizeof(*hdr));
458 skb_reset_network_header(skb);
459 hdr = ipv6_hdr(skb);
460
461 ip6_flow_hdr(hdr, tclass, 0);
462
463 hdr->payload_len = htons(len);
464 hdr->nexthdr = IPPROTO_ICMPV6;
465 hdr->hop_limit = hop_limit;
466
467 hdr->saddr = *saddr;
468 hdr->daddr = *daddr;
469}
470
471void ndisc_send_skb(struct sk_buff *skb, const struct in6_addr *daddr,
472 const struct in6_addr *saddr)
473{
474 struct dst_entry *dst = skb_dst(skb);
475 struct net *net = dev_net(skb->dev);
476 struct sock *sk = net->ipv6.ndisc_sk;
477 struct inet6_dev *idev;
478 int err;
479 struct icmp6hdr *icmp6h = icmp6_hdr(skb);
480 u8 type;
481
482 type = icmp6h->icmp6_type;
483
484 if (!dst) {
485 struct flowi6 fl6;
486 int oif = skb->dev->ifindex;
487
488 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, oif);
489 dst = icmp6_dst_alloc(skb->dev, &fl6);
490 if (IS_ERR(dst)) {
491 kfree_skb(skb);
492 return;
493 }
494
495 skb_dst_set(skb, dst);
496 }
497
498 icmp6h->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len,
499 IPPROTO_ICMPV6,
500 csum_partial(icmp6h,
501 skb->len, 0));
502
503 ip6_nd_hdr(skb, saddr, daddr, READ_ONCE(inet6_sk(sk)->hop_limit), skb->len);
504
505 rcu_read_lock();
506 idev = __in6_dev_get(dst->dev);
507 IP6_INC_STATS(net, idev, IPSTATS_MIB_OUTREQUESTS);
508
509 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT,
510 net, sk, skb, NULL, dst->dev,
511 dst_output);
512 if (!err) {
513 ICMP6MSGOUT_INC_STATS(net, idev, type);
514 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
515 }
516
517 rcu_read_unlock();
518}
519EXPORT_SYMBOL(ndisc_send_skb);
520
521void ndisc_send_na(struct net_device *dev, const struct in6_addr *daddr,
522 const struct in6_addr *solicited_addr,
523 bool router, bool solicited, bool override, bool inc_opt)
524{
525 struct sk_buff *skb;
526 struct in6_addr tmpaddr;
527 struct inet6_ifaddr *ifp;
528 const struct in6_addr *src_addr;
529 struct nd_msg *msg;
530 int optlen = 0;
531
532 /* for anycast or proxy, solicited_addr != src_addr */
533 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
534 if (ifp) {
535 src_addr = solicited_addr;
536 if (ifp->flags & IFA_F_OPTIMISTIC)
537 override = false;
538 inc_opt |= ifp->idev->cnf.force_tllao;
539 in6_ifa_put(ifp);
540 } else {
541 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
542 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
543 &tmpaddr))
544 return;
545 src_addr = &tmpaddr;
546 }
547
548 if (!dev->addr_len)
549 inc_opt = false;
550 if (inc_opt)
551 optlen += ndisc_opt_addr_space(dev,
552 NDISC_NEIGHBOUR_ADVERTISEMENT);
553
554 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
555 if (!skb)
556 return;
557
558 msg = skb_put(skb, sizeof(*msg));
559 *msg = (struct nd_msg) {
560 .icmph = {
561 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
562 .icmp6_router = router,
563 .icmp6_solicited = solicited,
564 .icmp6_override = override,
565 },
566 .target = *solicited_addr,
567 };
568
569 if (inc_opt)
570 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR,
571 dev->dev_addr,
572 NDISC_NEIGHBOUR_ADVERTISEMENT);
573
574 ndisc_send_skb(skb, daddr, src_addr);
575}
576
577static void ndisc_send_unsol_na(struct net_device *dev)
578{
579 struct inet6_dev *idev;
580 struct inet6_ifaddr *ifa;
581
582 idev = in6_dev_get(dev);
583 if (!idev)
584 return;
585
586 read_lock_bh(&idev->lock);
587 list_for_each_entry(ifa, &idev->addr_list, if_list) {
588 /* skip tentative addresses until dad completes */
589 if (ifa->flags & IFA_F_TENTATIVE &&
590 !(ifa->flags & IFA_F_OPTIMISTIC))
591 continue;
592
593 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &ifa->addr,
594 /*router=*/ !!idev->cnf.forwarding,
595 /*solicited=*/ false, /*override=*/ true,
596 /*inc_opt=*/ true);
597 }
598 read_unlock_bh(&idev->lock);
599
600 in6_dev_put(idev);
601}
602
603struct sk_buff *ndisc_ns_create(struct net_device *dev, const struct in6_addr *solicit,
604 const struct in6_addr *saddr, u64 nonce)
605{
606 int inc_opt = dev->addr_len;
607 struct sk_buff *skb;
608 struct nd_msg *msg;
609 int optlen = 0;
610
611 if (!saddr)
612 return NULL;
613
614 if (ipv6_addr_any(saddr))
615 inc_opt = false;
616 if (inc_opt)
617 optlen += ndisc_opt_addr_space(dev,
618 NDISC_NEIGHBOUR_SOLICITATION);
619 if (nonce != 0)
620 optlen += 8;
621
622 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
623 if (!skb)
624 return NULL;
625
626 msg = skb_put(skb, sizeof(*msg));
627 *msg = (struct nd_msg) {
628 .icmph = {
629 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
630 },
631 .target = *solicit,
632 };
633
634 if (inc_opt)
635 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
636 dev->dev_addr,
637 NDISC_NEIGHBOUR_SOLICITATION);
638 if (nonce != 0) {
639 u8 *opt = skb_put(skb, 8);
640
641 opt[0] = ND_OPT_NONCE;
642 opt[1] = 8 >> 3;
643 memcpy(opt + 2, &nonce, 6);
644 }
645
646 return skb;
647}
648EXPORT_SYMBOL(ndisc_ns_create);
649
650void ndisc_send_ns(struct net_device *dev, const struct in6_addr *solicit,
651 const struct in6_addr *daddr, const struct in6_addr *saddr,
652 u64 nonce)
653{
654 struct in6_addr addr_buf;
655 struct sk_buff *skb;
656
657 if (!saddr) {
658 if (ipv6_get_lladdr(dev, &addr_buf,
659 (IFA_F_TENTATIVE | IFA_F_OPTIMISTIC)))
660 return;
661 saddr = &addr_buf;
662 }
663
664 skb = ndisc_ns_create(dev, solicit, saddr, nonce);
665
666 if (skb)
667 ndisc_send_skb(skb, daddr, saddr);
668}
669
670void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
671 const struct in6_addr *daddr)
672{
673 struct sk_buff *skb;
674 struct rs_msg *msg;
675 int send_sllao = dev->addr_len;
676 int optlen = 0;
677
678#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
679 /*
680 * According to section 2.2 of RFC 4429, we must not
681 * send router solicitations with a sllao from
682 * optimistic addresses, but we may send the solicitation
683 * if we don't include the sllao. So here we check
684 * if our address is optimistic, and if so, we
685 * suppress the inclusion of the sllao.
686 */
687 if (send_sllao) {
688 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
689 dev, 1);
690 if (ifp) {
691 if (ifp->flags & IFA_F_OPTIMISTIC) {
692 send_sllao = 0;
693 }
694 in6_ifa_put(ifp);
695 } else {
696 send_sllao = 0;
697 }
698 }
699#endif
700 if (send_sllao)
701 optlen += ndisc_opt_addr_space(dev, NDISC_ROUTER_SOLICITATION);
702
703 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
704 if (!skb)
705 return;
706
707 msg = skb_put(skb, sizeof(*msg));
708 *msg = (struct rs_msg) {
709 .icmph = {
710 .icmp6_type = NDISC_ROUTER_SOLICITATION,
711 },
712 };
713
714 if (send_sllao)
715 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
716 dev->dev_addr,
717 NDISC_ROUTER_SOLICITATION);
718
719 ndisc_send_skb(skb, daddr, saddr);
720}
721
722
723static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
724{
725 /*
726 * "The sender MUST return an ICMP
727 * destination unreachable"
728 */
729 dst_link_failure(skb);
730 kfree_skb(skb);
731}
732
733/* Called with locked neigh: either read or both */
734
735static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
736{
737 struct in6_addr *saddr = NULL;
738 struct in6_addr mcaddr;
739 struct net_device *dev = neigh->dev;
740 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
741 int probes = atomic_read(&neigh->probes);
742
743 if (skb && ipv6_chk_addr_and_flags(dev_net(dev), &ipv6_hdr(skb)->saddr,
744 dev, false, 1,
745 IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))
746 saddr = &ipv6_hdr(skb)->saddr;
747 probes -= NEIGH_VAR(neigh->parms, UCAST_PROBES);
748 if (probes < 0) {
749 if (!(READ_ONCE(neigh->nud_state) & NUD_VALID)) {
750 ND_PRINTK(1, dbg,
751 "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
752 __func__, target);
753 }
754 ndisc_send_ns(dev, target, target, saddr, 0);
755 } else if ((probes -= NEIGH_VAR(neigh->parms, APP_PROBES)) < 0) {
756 neigh_app_ns(neigh);
757 } else {
758 addrconf_addr_solict_mult(target, &mcaddr);
759 ndisc_send_ns(dev, target, &mcaddr, saddr, 0);
760 }
761}
762
763static int pndisc_is_router(const void *pkey,
764 struct net_device *dev)
765{
766 struct pneigh_entry *n;
767 int ret = -1;
768
769 read_lock_bh(&nd_tbl.lock);
770 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
771 if (n)
772 ret = !!(n->flags & NTF_ROUTER);
773 read_unlock_bh(&nd_tbl.lock);
774
775 return ret;
776}
777
778void ndisc_update(const struct net_device *dev, struct neighbour *neigh,
779 const u8 *lladdr, u8 new, u32 flags, u8 icmp6_type,
780 struct ndisc_options *ndopts)
781{
782 neigh_update(neigh, lladdr, new, flags, 0);
783 /* report ndisc ops about neighbour update */
784 ndisc_ops_update(dev, neigh, flags, icmp6_type, ndopts);
785}
786
787static enum skb_drop_reason ndisc_recv_ns(struct sk_buff *skb)
788{
789 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
790 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
791 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
792 u8 *lladdr = NULL;
793 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
794 offsetof(struct nd_msg, opt));
795 struct ndisc_options ndopts;
796 struct net_device *dev = skb->dev;
797 struct inet6_ifaddr *ifp;
798 struct inet6_dev *idev = NULL;
799 struct neighbour *neigh;
800 int dad = ipv6_addr_any(saddr);
801 int is_router = -1;
802 SKB_DR(reason);
803 u64 nonce = 0;
804 bool inc;
805
806 if (skb->len < sizeof(struct nd_msg))
807 return SKB_DROP_REASON_PKT_TOO_SMALL;
808
809 if (ipv6_addr_is_multicast(&msg->target)) {
810 ND_PRINTK(2, warn, "NS: multicast target address\n");
811 return reason;
812 }
813
814 /*
815 * RFC2461 7.1.1:
816 * DAD has to be destined for solicited node multicast address.
817 */
818 if (dad && !ipv6_addr_is_solict_mult(daddr)) {
819 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
820 return reason;
821 }
822
823 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts))
824 return SKB_DROP_REASON_IPV6_NDISC_BAD_OPTIONS;
825
826 if (ndopts.nd_opts_src_lladdr) {
827 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
828 if (!lladdr) {
829 ND_PRINTK(2, warn,
830 "NS: invalid link-layer address length\n");
831 return reason;
832 }
833
834 /* RFC2461 7.1.1:
835 * If the IP source address is the unspecified address,
836 * there MUST NOT be source link-layer address option
837 * in the message.
838 */
839 if (dad) {
840 ND_PRINTK(2, warn,
841 "NS: bad DAD packet (link-layer address option)\n");
842 return reason;
843 }
844 }
845 if (ndopts.nd_opts_nonce && ndopts.nd_opts_nonce->nd_opt_len == 1)
846 memcpy(&nonce, (u8 *)(ndopts.nd_opts_nonce + 1), 6);
847
848 inc = ipv6_addr_is_multicast(daddr);
849
850 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
851 if (ifp) {
852have_ifp:
853 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
854 if (dad) {
855 if (nonce != 0 && ifp->dad_nonce == nonce) {
856 u8 *np = (u8 *)&nonce;
857 /* Matching nonce if looped back */
858 ND_PRINTK(2, notice,
859 "%s: IPv6 DAD loopback for address %pI6c nonce %pM ignored\n",
860 ifp->idev->dev->name,
861 &ifp->addr, np);
862 goto out;
863 }
864 /*
865 * We are colliding with another node
866 * who is doing DAD
867 * so fail our DAD process
868 */
869 addrconf_dad_failure(skb, ifp);
870 return reason;
871 } else {
872 /*
873 * This is not a dad solicitation.
874 * If we are an optimistic node,
875 * we should respond.
876 * Otherwise, we should ignore it.
877 */
878 if (!(ifp->flags & IFA_F_OPTIMISTIC))
879 goto out;
880 }
881 }
882
883 idev = ifp->idev;
884 } else {
885 struct net *net = dev_net(dev);
886
887 /* perhaps an address on the master device */
888 if (netif_is_l3_slave(dev)) {
889 struct net_device *mdev;
890
891 mdev = netdev_master_upper_dev_get_rcu(dev);
892 if (mdev) {
893 ifp = ipv6_get_ifaddr(net, &msg->target, mdev, 1);
894 if (ifp)
895 goto have_ifp;
896 }
897 }
898
899 idev = in6_dev_get(dev);
900 if (!idev) {
901 /* XXX: count this drop? */
902 return reason;
903 }
904
905 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
906 (idev->cnf.forwarding &&
907 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
908 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
909 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
910 skb->pkt_type != PACKET_HOST &&
911 inc &&
912 NEIGH_VAR(idev->nd_parms, PROXY_DELAY) != 0) {
913 /*
914 * for anycast or proxy,
915 * sender should delay its response
916 * by a random time between 0 and
917 * MAX_ANYCAST_DELAY_TIME seconds.
918 * (RFC2461) -- yoshfuji
919 */
920 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
921 if (n)
922 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
923 goto out;
924 }
925 } else {
926 SKB_DR_SET(reason, IPV6_NDISC_NS_OTHERHOST);
927 goto out;
928 }
929 }
930
931 if (is_router < 0)
932 is_router = idev->cnf.forwarding;
933
934 if (dad) {
935 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &msg->target,
936 !!is_router, false, (ifp != NULL), true);
937 goto out;
938 }
939
940 if (inc)
941 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
942 else
943 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
944
945 /*
946 * update / create cache entry
947 * for the source address
948 */
949 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
950 !inc || lladdr || !dev->addr_len);
951 if (neigh)
952 ndisc_update(dev, neigh, lladdr, NUD_STALE,
953 NEIGH_UPDATE_F_WEAK_OVERRIDE|
954 NEIGH_UPDATE_F_OVERRIDE,
955 NDISC_NEIGHBOUR_SOLICITATION, &ndopts);
956 if (neigh || !dev->header_ops) {
957 ndisc_send_na(dev, saddr, &msg->target, !!is_router,
958 true, (ifp != NULL && inc), inc);
959 if (neigh)
960 neigh_release(neigh);
961 reason = SKB_CONSUMED;
962 }
963
964out:
965 if (ifp)
966 in6_ifa_put(ifp);
967 else
968 in6_dev_put(idev);
969 return reason;
970}
971
972static int accept_untracked_na(struct net_device *dev, struct in6_addr *saddr)
973{
974 struct inet6_dev *idev = __in6_dev_get(dev);
975
976 switch (idev->cnf.accept_untracked_na) {
977 case 0: /* Don't accept untracked na (absent in neighbor cache) */
978 return 0;
979 case 1: /* Create new entries from na if currently untracked */
980 return 1;
981 case 2: /* Create new entries from untracked na only if saddr is in the
982 * same subnet as an address configured on the interface that
983 * received the na
984 */
985 return !!ipv6_chk_prefix(saddr, dev);
986 default:
987 return 0;
988 }
989}
990
991static enum skb_drop_reason ndisc_recv_na(struct sk_buff *skb)
992{
993 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
994 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
995 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
996 u8 *lladdr = NULL;
997 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
998 offsetof(struct nd_msg, opt));
999 struct ndisc_options ndopts;
1000 struct net_device *dev = skb->dev;
1001 struct inet6_dev *idev = __in6_dev_get(dev);
1002 struct inet6_ifaddr *ifp;
1003 struct neighbour *neigh;
1004 SKB_DR(reason);
1005 u8 new_state;
1006
1007 if (skb->len < sizeof(struct nd_msg))
1008 return SKB_DROP_REASON_PKT_TOO_SMALL;
1009
1010 if (ipv6_addr_is_multicast(&msg->target)) {
1011 ND_PRINTK(2, warn, "NA: target address is multicast\n");
1012 return reason;
1013 }
1014
1015 if (ipv6_addr_is_multicast(daddr) &&
1016 msg->icmph.icmp6_solicited) {
1017 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
1018 return reason;
1019 }
1020
1021 /* For some 802.11 wireless deployments (and possibly other networks),
1022 * there will be a NA proxy and unsolicitd packets are attacks
1023 * and thus should not be accepted.
1024 * drop_unsolicited_na takes precedence over accept_untracked_na
1025 */
1026 if (!msg->icmph.icmp6_solicited && idev &&
1027 idev->cnf.drop_unsolicited_na)
1028 return reason;
1029
1030 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts))
1031 return SKB_DROP_REASON_IPV6_NDISC_BAD_OPTIONS;
1032
1033 if (ndopts.nd_opts_tgt_lladdr) {
1034 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
1035 if (!lladdr) {
1036 ND_PRINTK(2, warn,
1037 "NA: invalid link-layer address length\n");
1038 return reason;
1039 }
1040 }
1041 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
1042 if (ifp) {
1043 if (skb->pkt_type != PACKET_LOOPBACK
1044 && (ifp->flags & IFA_F_TENTATIVE)) {
1045 addrconf_dad_failure(skb, ifp);
1046 return reason;
1047 }
1048 /* What should we make now? The advertisement
1049 is invalid, but ndisc specs say nothing
1050 about it. It could be misconfiguration, or
1051 an smart proxy agent tries to help us :-)
1052
1053 We should not print the error if NA has been
1054 received from loopback - it is just our own
1055 unsolicited advertisement.
1056 */
1057 if (skb->pkt_type != PACKET_LOOPBACK)
1058 ND_PRINTK(1, warn,
1059 "NA: %pM advertised our address %pI6c on %s!\n",
1060 eth_hdr(skb)->h_source, &ifp->addr, ifp->idev->dev->name);
1061 in6_ifa_put(ifp);
1062 return reason;
1063 }
1064
1065 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
1066
1067 /* RFC 9131 updates original Neighbour Discovery RFC 4861.
1068 * NAs with Target LL Address option without a corresponding
1069 * entry in the neighbour cache can now create a STALE neighbour
1070 * cache entry on routers.
1071 *
1072 * entry accept fwding solicited behaviour
1073 * ------- ------ ------ --------- ----------------------
1074 * present X X 0 Set state to STALE
1075 * present X X 1 Set state to REACHABLE
1076 * absent 0 X X Do nothing
1077 * absent 1 0 X Do nothing
1078 * absent 1 1 X Add a new STALE entry
1079 *
1080 * Note that we don't do a (daddr == all-routers-mcast) check.
1081 */
1082 new_state = msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE;
1083 if (!neigh && lladdr && idev && idev->cnf.forwarding) {
1084 if (accept_untracked_na(dev, saddr)) {
1085 neigh = neigh_create(&nd_tbl, &msg->target, dev);
1086 new_state = NUD_STALE;
1087 }
1088 }
1089
1090 if (neigh && !IS_ERR(neigh)) {
1091 u8 old_flags = neigh->flags;
1092 struct net *net = dev_net(dev);
1093
1094 if (READ_ONCE(neigh->nud_state) & NUD_FAILED)
1095 goto out;
1096
1097 /*
1098 * Don't update the neighbor cache entry on a proxy NA from
1099 * ourselves because either the proxied node is off link or it
1100 * has already sent a NA to us.
1101 */
1102 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
1103 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
1104 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
1105 /* XXX: idev->cnf.proxy_ndp */
1106 goto out;
1107 }
1108
1109 ndisc_update(dev, neigh, lladdr,
1110 new_state,
1111 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1112 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
1113 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1114 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0),
1115 NDISC_NEIGHBOUR_ADVERTISEMENT, &ndopts);
1116
1117 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
1118 /*
1119 * Change: router to host
1120 */
1121 rt6_clean_tohost(dev_net(dev), saddr);
1122 }
1123 reason = SKB_CONSUMED;
1124out:
1125 neigh_release(neigh);
1126 }
1127 return reason;
1128}
1129
1130static enum skb_drop_reason ndisc_recv_rs(struct sk_buff *skb)
1131{
1132 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
1133 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
1134 struct neighbour *neigh;
1135 struct inet6_dev *idev;
1136 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
1137 struct ndisc_options ndopts;
1138 u8 *lladdr = NULL;
1139 SKB_DR(reason);
1140
1141 if (skb->len < sizeof(*rs_msg))
1142 return SKB_DROP_REASON_PKT_TOO_SMALL;
1143
1144 idev = __in6_dev_get(skb->dev);
1145 if (!idev) {
1146 ND_PRINTK(1, err, "RS: can't find in6 device\n");
1147 return reason;
1148 }
1149
1150 /* Don't accept RS if we're not in router mode */
1151 if (!idev->cnf.forwarding)
1152 goto out;
1153
1154 /*
1155 * Don't update NCE if src = ::;
1156 * this implies that the source node has no ip address assigned yet.
1157 */
1158 if (ipv6_addr_any(saddr))
1159 goto out;
1160
1161 /* Parse ND options */
1162 if (!ndisc_parse_options(skb->dev, rs_msg->opt, ndoptlen, &ndopts))
1163 return SKB_DROP_REASON_IPV6_NDISC_BAD_OPTIONS;
1164
1165 if (ndopts.nd_opts_src_lladdr) {
1166 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1167 skb->dev);
1168 if (!lladdr)
1169 goto out;
1170 }
1171
1172 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1173 if (neigh) {
1174 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1175 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1176 NEIGH_UPDATE_F_OVERRIDE|
1177 NEIGH_UPDATE_F_OVERRIDE_ISROUTER,
1178 NDISC_ROUTER_SOLICITATION, &ndopts);
1179 neigh_release(neigh);
1180 reason = SKB_CONSUMED;
1181 }
1182out:
1183 return reason;
1184}
1185
1186static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1187{
1188 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1189 struct sk_buff *skb;
1190 struct nlmsghdr *nlh;
1191 struct nduseroptmsg *ndmsg;
1192 struct net *net = dev_net(ra->dev);
1193 int err;
1194 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1195 + (opt->nd_opt_len << 3));
1196 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1197
1198 skb = nlmsg_new(msg_size, GFP_ATOMIC);
1199 if (!skb) {
1200 err = -ENOBUFS;
1201 goto errout;
1202 }
1203
1204 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1205 if (!nlh) {
1206 goto nla_put_failure;
1207 }
1208
1209 ndmsg = nlmsg_data(nlh);
1210 ndmsg->nduseropt_family = AF_INET6;
1211 ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1212 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1213 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1214 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1215
1216 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1217
1218 if (nla_put_in6_addr(skb, NDUSEROPT_SRCADDR, &ipv6_hdr(ra)->saddr))
1219 goto nla_put_failure;
1220 nlmsg_end(skb, nlh);
1221
1222 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1223 return;
1224
1225nla_put_failure:
1226 nlmsg_free(skb);
1227 err = -EMSGSIZE;
1228errout:
1229 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1230}
1231
1232static enum skb_drop_reason ndisc_router_discovery(struct sk_buff *skb)
1233{
1234 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1235 bool send_ifinfo_notify = false;
1236 struct neighbour *neigh = NULL;
1237 struct ndisc_options ndopts;
1238 struct fib6_info *rt = NULL;
1239 struct inet6_dev *in6_dev;
1240 u32 defrtr_usr_metric;
1241 unsigned int pref = 0;
1242 __u32 old_if_flags;
1243 struct net *net;
1244 SKB_DR(reason);
1245 int lifetime;
1246 int optlen;
1247
1248 __u8 *opt = (__u8 *)(ra_msg + 1);
1249
1250 optlen = (skb_tail_pointer(skb) - skb_transport_header(skb)) -
1251 sizeof(struct ra_msg);
1252
1253 ND_PRINTK(2, info,
1254 "RA: %s, dev: %s\n",
1255 __func__, skb->dev->name);
1256 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1257 ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1258 return reason;
1259 }
1260 if (optlen < 0)
1261 return SKB_DROP_REASON_PKT_TOO_SMALL;
1262
1263#ifdef CONFIG_IPV6_NDISC_NODETYPE
1264 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1265 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
1266 return reason;
1267 }
1268#endif
1269
1270 in6_dev = __in6_dev_get(skb->dev);
1271 if (!in6_dev) {
1272 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1273 skb->dev->name);
1274 return reason;
1275 }
1276
1277 if (!ndisc_parse_options(skb->dev, opt, optlen, &ndopts))
1278 return SKB_DROP_REASON_IPV6_NDISC_BAD_OPTIONS;
1279
1280 if (!ipv6_accept_ra(in6_dev)) {
1281 ND_PRINTK(2, info,
1282 "RA: %s, did not accept ra for dev: %s\n",
1283 __func__, skb->dev->name);
1284 goto skip_linkparms;
1285 }
1286
1287#ifdef CONFIG_IPV6_NDISC_NODETYPE
1288 /* skip link-specific parameters from interior routers */
1289 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1290 ND_PRINTK(2, info,
1291 "RA: %s, nodetype is NODEFAULT, dev: %s\n",
1292 __func__, skb->dev->name);
1293 goto skip_linkparms;
1294 }
1295#endif
1296
1297 if (in6_dev->if_flags & IF_RS_SENT) {
1298 /*
1299 * flag that an RA was received after an RS was sent
1300 * out on this interface.
1301 */
1302 in6_dev->if_flags |= IF_RA_RCVD;
1303 }
1304
1305 /*
1306 * Remember the managed/otherconf flags from most recently
1307 * received RA message (RFC 2462) -- yoshfuji
1308 */
1309 old_if_flags = in6_dev->if_flags;
1310 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1311 IF_RA_OTHERCONF)) |
1312 (ra_msg->icmph.icmp6_addrconf_managed ?
1313 IF_RA_MANAGED : 0) |
1314 (ra_msg->icmph.icmp6_addrconf_other ?
1315 IF_RA_OTHERCONF : 0);
1316
1317 if (old_if_flags != in6_dev->if_flags)
1318 send_ifinfo_notify = true;
1319
1320 if (!in6_dev->cnf.accept_ra_defrtr) {
1321 ND_PRINTK(2, info,
1322 "RA: %s, defrtr is false for dev: %s\n",
1323 __func__, skb->dev->name);
1324 goto skip_defrtr;
1325 }
1326
1327 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1328 if (lifetime != 0 && lifetime < in6_dev->cnf.accept_ra_min_lft) {
1329 ND_PRINTK(2, info,
1330 "RA: router lifetime (%ds) is too short: %s\n",
1331 lifetime, skb->dev->name);
1332 goto skip_defrtr;
1333 }
1334
1335 /* Do not accept RA with source-addr found on local machine unless
1336 * accept_ra_from_local is set to true.
1337 */
1338 net = dev_net(in6_dev->dev);
1339 if (!in6_dev->cnf.accept_ra_from_local &&
1340 ipv6_chk_addr(net, &ipv6_hdr(skb)->saddr, in6_dev->dev, 0)) {
1341 ND_PRINTK(2, info,
1342 "RA from local address detected on dev: %s: default router ignored\n",
1343 skb->dev->name);
1344 goto skip_defrtr;
1345 }
1346
1347#ifdef CONFIG_IPV6_ROUTER_PREF
1348 pref = ra_msg->icmph.icmp6_router_pref;
1349 /* 10b is handled as if it were 00b (medium) */
1350 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1351 !in6_dev->cnf.accept_ra_rtr_pref)
1352 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1353#endif
1354 /* routes added from RAs do not use nexthop objects */
1355 rt = rt6_get_dflt_router(net, &ipv6_hdr(skb)->saddr, skb->dev);
1356 if (rt) {
1357 neigh = ip6_neigh_lookup(&rt->fib6_nh->fib_nh_gw6,
1358 rt->fib6_nh->fib_nh_dev, NULL,
1359 &ipv6_hdr(skb)->saddr);
1360 if (!neigh) {
1361 ND_PRINTK(0, err,
1362 "RA: %s got default router without neighbour\n",
1363 __func__);
1364 fib6_info_release(rt);
1365 return reason;
1366 }
1367 }
1368 /* Set default route metric as specified by user */
1369 defrtr_usr_metric = in6_dev->cnf.ra_defrtr_metric;
1370 /* delete the route if lifetime is 0 or if metric needs change */
1371 if (rt && (lifetime == 0 || rt->fib6_metric != defrtr_usr_metric)) {
1372 ip6_del_rt(net, rt, false);
1373 rt = NULL;
1374 }
1375
1376 ND_PRINTK(3, info, "RA: rt: %p lifetime: %d, metric: %d, for dev: %s\n",
1377 rt, lifetime, defrtr_usr_metric, skb->dev->name);
1378 if (!rt && lifetime) {
1379 ND_PRINTK(3, info, "RA: adding default router\n");
1380
1381 if (neigh)
1382 neigh_release(neigh);
1383
1384 rt = rt6_add_dflt_router(net, &ipv6_hdr(skb)->saddr,
1385 skb->dev, pref, defrtr_usr_metric);
1386 if (!rt) {
1387 ND_PRINTK(0, err,
1388 "RA: %s failed to add default route\n",
1389 __func__);
1390 return reason;
1391 }
1392
1393 neigh = ip6_neigh_lookup(&rt->fib6_nh->fib_nh_gw6,
1394 rt->fib6_nh->fib_nh_dev, NULL,
1395 &ipv6_hdr(skb)->saddr);
1396 if (!neigh) {
1397 ND_PRINTK(0, err,
1398 "RA: %s got default router without neighbour\n",
1399 __func__);
1400 fib6_info_release(rt);
1401 return reason;
1402 }
1403 neigh->flags |= NTF_ROUTER;
1404 } else if (rt && IPV6_EXTRACT_PREF(rt->fib6_flags) != pref) {
1405 struct nl_info nlinfo = {
1406 .nl_net = net,
1407 };
1408 rt->fib6_flags = (rt->fib6_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1409 inet6_rt_notify(RTM_NEWROUTE, rt, &nlinfo, NLM_F_REPLACE);
1410 }
1411
1412 if (rt)
1413 fib6_set_expires(rt, jiffies + (HZ * lifetime));
1414 if (in6_dev->cnf.accept_ra_min_hop_limit < 256 &&
1415 ra_msg->icmph.icmp6_hop_limit) {
1416 if (in6_dev->cnf.accept_ra_min_hop_limit <= ra_msg->icmph.icmp6_hop_limit) {
1417 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1418 fib6_metric_set(rt, RTAX_HOPLIMIT,
1419 ra_msg->icmph.icmp6_hop_limit);
1420 } else {
1421 ND_PRINTK(2, warn, "RA: Got route advertisement with lower hop_limit than minimum\n");
1422 }
1423 }
1424
1425skip_defrtr:
1426
1427 /*
1428 * Update Reachable Time and Retrans Timer
1429 */
1430
1431 if (in6_dev->nd_parms) {
1432 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1433
1434 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1435 rtime = (rtime*HZ)/1000;
1436 if (rtime < HZ/100)
1437 rtime = HZ/100;
1438 NEIGH_VAR_SET(in6_dev->nd_parms, RETRANS_TIME, rtime);
1439 in6_dev->tstamp = jiffies;
1440 send_ifinfo_notify = true;
1441 }
1442
1443 rtime = ntohl(ra_msg->reachable_time);
1444 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1445 rtime = (rtime*HZ)/1000;
1446
1447 if (rtime < HZ/10)
1448 rtime = HZ/10;
1449
1450 if (rtime != NEIGH_VAR(in6_dev->nd_parms, BASE_REACHABLE_TIME)) {
1451 NEIGH_VAR_SET(in6_dev->nd_parms,
1452 BASE_REACHABLE_TIME, rtime);
1453 NEIGH_VAR_SET(in6_dev->nd_parms,
1454 GC_STALETIME, 3 * rtime);
1455 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1456 in6_dev->tstamp = jiffies;
1457 send_ifinfo_notify = true;
1458 }
1459 }
1460 }
1461
1462skip_linkparms:
1463
1464 /*
1465 * Process options.
1466 */
1467
1468 if (!neigh)
1469 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1470 skb->dev, 1);
1471 if (neigh) {
1472 u8 *lladdr = NULL;
1473 if (ndopts.nd_opts_src_lladdr) {
1474 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1475 skb->dev);
1476 if (!lladdr) {
1477 ND_PRINTK(2, warn,
1478 "RA: invalid link-layer address length\n");
1479 goto out;
1480 }
1481 }
1482 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1483 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1484 NEIGH_UPDATE_F_OVERRIDE|
1485 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1486 NEIGH_UPDATE_F_ISROUTER,
1487 NDISC_ROUTER_ADVERTISEMENT, &ndopts);
1488 reason = SKB_CONSUMED;
1489 }
1490
1491 if (!ipv6_accept_ra(in6_dev)) {
1492 ND_PRINTK(2, info,
1493 "RA: %s, accept_ra is false for dev: %s\n",
1494 __func__, skb->dev->name);
1495 goto out;
1496 }
1497
1498#ifdef CONFIG_IPV6_ROUTE_INFO
1499 if (!in6_dev->cnf.accept_ra_from_local &&
1500 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
1501 in6_dev->dev, 0)) {
1502 ND_PRINTK(2, info,
1503 "RA from local address detected on dev: %s: router info ignored.\n",
1504 skb->dev->name);
1505 goto skip_routeinfo;
1506 }
1507
1508 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1509 struct nd_opt_hdr *p;
1510 for (p = ndopts.nd_opts_ri;
1511 p;
1512 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1513 struct route_info *ri = (struct route_info *)p;
1514#ifdef CONFIG_IPV6_NDISC_NODETYPE
1515 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1516 ri->prefix_len == 0)
1517 continue;
1518#endif
1519 if (ri->prefix_len == 0 &&
1520 !in6_dev->cnf.accept_ra_defrtr)
1521 continue;
1522 if (ri->lifetime != 0 &&
1523 ntohl(ri->lifetime) < in6_dev->cnf.accept_ra_min_lft)
1524 continue;
1525 if (ri->prefix_len < in6_dev->cnf.accept_ra_rt_info_min_plen)
1526 continue;
1527 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1528 continue;
1529 rt6_route_rcv(skb->dev, (u8 *)p, (p->nd_opt_len) << 3,
1530 &ipv6_hdr(skb)->saddr);
1531 }
1532 }
1533
1534skip_routeinfo:
1535#endif
1536
1537#ifdef CONFIG_IPV6_NDISC_NODETYPE
1538 /* skip link-specific ndopts from interior routers */
1539 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1540 ND_PRINTK(2, info,
1541 "RA: %s, nodetype is NODEFAULT (interior routes), dev: %s\n",
1542 __func__, skb->dev->name);
1543 goto out;
1544 }
1545#endif
1546
1547 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1548 struct nd_opt_hdr *p;
1549 for (p = ndopts.nd_opts_pi;
1550 p;
1551 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1552 addrconf_prefix_rcv(skb->dev, (u8 *)p,
1553 (p->nd_opt_len) << 3,
1554 ndopts.nd_opts_src_lladdr != NULL);
1555 }
1556 }
1557
1558 if (ndopts.nd_opts_mtu && in6_dev->cnf.accept_ra_mtu) {
1559 __be32 n;
1560 u32 mtu;
1561
1562 memcpy(&n, ((u8 *)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1563 mtu = ntohl(n);
1564
1565 if (in6_dev->ra_mtu != mtu) {
1566 in6_dev->ra_mtu = mtu;
1567 send_ifinfo_notify = true;
1568 }
1569
1570 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1571 ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1572 } else if (in6_dev->cnf.mtu6 != mtu) {
1573 in6_dev->cnf.mtu6 = mtu;
1574 fib6_metric_set(rt, RTAX_MTU, mtu);
1575 rt6_mtu_change(skb->dev, mtu);
1576 }
1577 }
1578
1579 if (ndopts.nd_useropts) {
1580 struct nd_opt_hdr *p;
1581 for (p = ndopts.nd_useropts;
1582 p;
1583 p = ndisc_next_useropt(skb->dev, p,
1584 ndopts.nd_useropts_end)) {
1585 ndisc_ra_useropt(skb, p);
1586 }
1587 }
1588
1589 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1590 ND_PRINTK(2, warn, "RA: invalid RA options\n");
1591 }
1592out:
1593 /* Send a notify if RA changed managed/otherconf flags or
1594 * timer settings or ra_mtu value
1595 */
1596 if (send_ifinfo_notify)
1597 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1598
1599 fib6_info_release(rt);
1600 if (neigh)
1601 neigh_release(neigh);
1602 return reason;
1603}
1604
1605static enum skb_drop_reason ndisc_redirect_rcv(struct sk_buff *skb)
1606{
1607 struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb);
1608 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
1609 offsetof(struct rd_msg, opt));
1610 struct ndisc_options ndopts;
1611 SKB_DR(reason);
1612 u8 *hdr;
1613
1614#ifdef CONFIG_IPV6_NDISC_NODETYPE
1615 switch (skb->ndisc_nodetype) {
1616 case NDISC_NODETYPE_HOST:
1617 case NDISC_NODETYPE_NODEFAULT:
1618 ND_PRINTK(2, warn,
1619 "Redirect: from host or unauthorized router\n");
1620 return reason;
1621 }
1622#endif
1623
1624 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1625 ND_PRINTK(2, warn,
1626 "Redirect: source address is not link-local\n");
1627 return reason;
1628 }
1629
1630 if (!ndisc_parse_options(skb->dev, msg->opt, ndoptlen, &ndopts))
1631 return SKB_DROP_REASON_IPV6_NDISC_BAD_OPTIONS;
1632
1633 if (!ndopts.nd_opts_rh) {
1634 ip6_redirect_no_header(skb, dev_net(skb->dev),
1635 skb->dev->ifindex);
1636 return reason;
1637 }
1638
1639 hdr = (u8 *)ndopts.nd_opts_rh;
1640 hdr += 8;
1641 if (!pskb_pull(skb, hdr - skb_transport_header(skb)))
1642 return SKB_DROP_REASON_PKT_TOO_SMALL;
1643
1644 return icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1645}
1646
1647static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb,
1648 struct sk_buff *orig_skb,
1649 int rd_len)
1650{
1651 u8 *opt = skb_put(skb, rd_len);
1652
1653 memset(opt, 0, 8);
1654 *(opt++) = ND_OPT_REDIRECT_HDR;
1655 *(opt++) = (rd_len >> 3);
1656 opt += 6;
1657
1658 skb_copy_bits(orig_skb, skb_network_offset(orig_skb), opt,
1659 rd_len - 8);
1660}
1661
1662void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1663{
1664 struct net_device *dev = skb->dev;
1665 struct net *net = dev_net(dev);
1666 struct sock *sk = net->ipv6.ndisc_sk;
1667 int optlen = 0;
1668 struct inet_peer *peer;
1669 struct sk_buff *buff;
1670 struct rd_msg *msg;
1671 struct in6_addr saddr_buf;
1672 struct rt6_info *rt;
1673 struct dst_entry *dst;
1674 struct flowi6 fl6;
1675 int rd_len;
1676 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL,
1677 ops_data_buf[NDISC_OPS_REDIRECT_DATA_SPACE], *ops_data = NULL;
1678 bool ret;
1679
1680 if (netif_is_l3_master(skb->dev)) {
1681 dev = __dev_get_by_index(dev_net(skb->dev), IPCB(skb)->iif);
1682 if (!dev)
1683 return;
1684 }
1685
1686 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1687 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1688 dev->name);
1689 return;
1690 }
1691
1692 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1693 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1694 ND_PRINTK(2, warn,
1695 "Redirect: target address is not link-local unicast\n");
1696 return;
1697 }
1698
1699 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1700 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1701
1702 dst = ip6_route_output(net, NULL, &fl6);
1703 if (dst->error) {
1704 dst_release(dst);
1705 return;
1706 }
1707 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1708 if (IS_ERR(dst))
1709 return;
1710
1711 rt = (struct rt6_info *) dst;
1712
1713 if (rt->rt6i_flags & RTF_GATEWAY) {
1714 ND_PRINTK(2, warn,
1715 "Redirect: destination is not a neighbour\n");
1716 goto release;
1717 }
1718 peer = inet_getpeer_v6(net->ipv6.peers, &ipv6_hdr(skb)->saddr, 1);
1719 ret = inet_peer_xrlim_allow(peer, 1*HZ);
1720 if (peer)
1721 inet_putpeer(peer);
1722 if (!ret)
1723 goto release;
1724
1725 if (dev->addr_len) {
1726 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1727 if (!neigh) {
1728 ND_PRINTK(2, warn,
1729 "Redirect: no neigh for target address\n");
1730 goto release;
1731 }
1732
1733 read_lock_bh(&neigh->lock);
1734 if (neigh->nud_state & NUD_VALID) {
1735 memcpy(ha_buf, neigh->ha, dev->addr_len);
1736 read_unlock_bh(&neigh->lock);
1737 ha = ha_buf;
1738 optlen += ndisc_redirect_opt_addr_space(dev, neigh,
1739 ops_data_buf,
1740 &ops_data);
1741 } else
1742 read_unlock_bh(&neigh->lock);
1743
1744 neigh_release(neigh);
1745 }
1746
1747 rd_len = min_t(unsigned int,
1748 IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen,
1749 skb->len + 8);
1750 rd_len &= ~0x7;
1751 optlen += rd_len;
1752
1753 buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
1754 if (!buff)
1755 goto release;
1756
1757 msg = skb_put(buff, sizeof(*msg));
1758 *msg = (struct rd_msg) {
1759 .icmph = {
1760 .icmp6_type = NDISC_REDIRECT,
1761 },
1762 .target = *target,
1763 .dest = ipv6_hdr(skb)->daddr,
1764 };
1765
1766 /*
1767 * include target_address option
1768 */
1769
1770 if (ha)
1771 ndisc_fill_redirect_addr_option(buff, ha, ops_data);
1772
1773 /*
1774 * build redirect option and copy skb over to the new packet.
1775 */
1776
1777 if (rd_len)
1778 ndisc_fill_redirect_hdr_option(buff, skb, rd_len);
1779
1780 skb_dst_set(buff, dst);
1781 ndisc_send_skb(buff, &ipv6_hdr(skb)->saddr, &saddr_buf);
1782 return;
1783
1784release:
1785 dst_release(dst);
1786}
1787
1788static void pndisc_redo(struct sk_buff *skb)
1789{
1790 enum skb_drop_reason reason = ndisc_recv_ns(skb);
1791
1792 kfree_skb_reason(skb, reason);
1793}
1794
1795static int ndisc_is_multicast(const void *pkey)
1796{
1797 return ipv6_addr_is_multicast((struct in6_addr *)pkey);
1798}
1799
1800static bool ndisc_suppress_frag_ndisc(struct sk_buff *skb)
1801{
1802 struct inet6_dev *idev = __in6_dev_get(skb->dev);
1803
1804 if (!idev)
1805 return true;
1806 if (IP6CB(skb)->flags & IP6SKB_FRAGMENTED &&
1807 idev->cnf.suppress_frag_ndisc) {
1808 net_warn_ratelimited("Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.\n");
1809 return true;
1810 }
1811 return false;
1812}
1813
1814enum skb_drop_reason ndisc_rcv(struct sk_buff *skb)
1815{
1816 struct nd_msg *msg;
1817 SKB_DR(reason);
1818
1819 if (ndisc_suppress_frag_ndisc(skb))
1820 return SKB_DROP_REASON_IPV6_NDISC_FRAG;
1821
1822 if (skb_linearize(skb))
1823 return SKB_DROP_REASON_NOMEM;
1824
1825 msg = (struct nd_msg *)skb_transport_header(skb);
1826
1827 __skb_push(skb, skb->data - skb_transport_header(skb));
1828
1829 if (ipv6_hdr(skb)->hop_limit != 255) {
1830 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1831 ipv6_hdr(skb)->hop_limit);
1832 return SKB_DROP_REASON_IPV6_NDISC_HOP_LIMIT;
1833 }
1834
1835 if (msg->icmph.icmp6_code != 0) {
1836 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1837 msg->icmph.icmp6_code);
1838 return SKB_DROP_REASON_IPV6_NDISC_BAD_CODE;
1839 }
1840
1841 switch (msg->icmph.icmp6_type) {
1842 case NDISC_NEIGHBOUR_SOLICITATION:
1843 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1844 reason = ndisc_recv_ns(skb);
1845 break;
1846
1847 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1848 reason = ndisc_recv_na(skb);
1849 break;
1850
1851 case NDISC_ROUTER_SOLICITATION:
1852 reason = ndisc_recv_rs(skb);
1853 break;
1854
1855 case NDISC_ROUTER_ADVERTISEMENT:
1856 reason = ndisc_router_discovery(skb);
1857 break;
1858
1859 case NDISC_REDIRECT:
1860 reason = ndisc_redirect_rcv(skb);
1861 break;
1862 }
1863
1864 return reason;
1865}
1866
1867static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1868{
1869 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1870 struct netdev_notifier_change_info *change_info;
1871 struct net *net = dev_net(dev);
1872 struct inet6_dev *idev;
1873 bool evict_nocarrier;
1874
1875 switch (event) {
1876 case NETDEV_CHANGEADDR:
1877 neigh_changeaddr(&nd_tbl, dev);
1878 fib6_run_gc(0, net, false);
1879 fallthrough;
1880 case NETDEV_UP:
1881 idev = in6_dev_get(dev);
1882 if (!idev)
1883 break;
1884 if (idev->cnf.ndisc_notify ||
1885 net->ipv6.devconf_all->ndisc_notify)
1886 ndisc_send_unsol_na(dev);
1887 in6_dev_put(idev);
1888 break;
1889 case NETDEV_CHANGE:
1890 idev = in6_dev_get(dev);
1891 if (!idev)
1892 evict_nocarrier = true;
1893 else {
1894 evict_nocarrier = idev->cnf.ndisc_evict_nocarrier &&
1895 net->ipv6.devconf_all->ndisc_evict_nocarrier;
1896 in6_dev_put(idev);
1897 }
1898
1899 change_info = ptr;
1900 if (change_info->flags_changed & IFF_NOARP)
1901 neigh_changeaddr(&nd_tbl, dev);
1902 if (evict_nocarrier && !netif_carrier_ok(dev))
1903 neigh_carrier_down(&nd_tbl, dev);
1904 break;
1905 case NETDEV_DOWN:
1906 neigh_ifdown(&nd_tbl, dev);
1907 fib6_run_gc(0, net, false);
1908 break;
1909 case NETDEV_NOTIFY_PEERS:
1910 ndisc_send_unsol_na(dev);
1911 break;
1912 default:
1913 break;
1914 }
1915
1916 return NOTIFY_DONE;
1917}
1918
1919static struct notifier_block ndisc_netdev_notifier = {
1920 .notifier_call = ndisc_netdev_event,
1921 .priority = ADDRCONF_NOTIFY_PRIORITY - 5,
1922};
1923
1924#ifdef CONFIG_SYSCTL
1925static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1926 const char *func, const char *dev_name)
1927{
1928 static char warncomm[TASK_COMM_LEN];
1929 static int warned;
1930 if (strcmp(warncomm, current->comm) && warned < 5) {
1931 strcpy(warncomm, current->comm);
1932 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1933 warncomm, func,
1934 dev_name, ctl->procname,
1935 dev_name, ctl->procname);
1936 warned++;
1937 }
1938}
1939
1940int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void *buffer,
1941 size_t *lenp, loff_t *ppos)
1942{
1943 struct net_device *dev = ctl->extra1;
1944 struct inet6_dev *idev;
1945 int ret;
1946
1947 if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1948 (strcmp(ctl->procname, "base_reachable_time") == 0))
1949 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1950
1951 if (strcmp(ctl->procname, "retrans_time") == 0)
1952 ret = neigh_proc_dointvec(ctl, write, buffer, lenp, ppos);
1953
1954 else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1955 ret = neigh_proc_dointvec_jiffies(ctl, write,
1956 buffer, lenp, ppos);
1957
1958 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1959 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1960 ret = neigh_proc_dointvec_ms_jiffies(ctl, write,
1961 buffer, lenp, ppos);
1962 else
1963 ret = -1;
1964
1965 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1966 if (ctl->data == &NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME))
1967 idev->nd_parms->reachable_time =
1968 neigh_rand_reach_time(NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME));
1969 idev->tstamp = jiffies;
1970 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1971 in6_dev_put(idev);
1972 }
1973 return ret;
1974}
1975
1976
1977#endif
1978
1979static int __net_init ndisc_net_init(struct net *net)
1980{
1981 struct ipv6_pinfo *np;
1982 struct sock *sk;
1983 int err;
1984
1985 err = inet_ctl_sock_create(&sk, PF_INET6,
1986 SOCK_RAW, IPPROTO_ICMPV6, net);
1987 if (err < 0) {
1988 ND_PRINTK(0, err,
1989 "NDISC: Failed to initialize the control socket (err %d)\n",
1990 err);
1991 return err;
1992 }
1993
1994 net->ipv6.ndisc_sk = sk;
1995
1996 np = inet6_sk(sk);
1997 np->hop_limit = 255;
1998 /* Do not loopback ndisc messages */
1999 inet6_clear_bit(MC6_LOOP, sk);
2000
2001 return 0;
2002}
2003
2004static void __net_exit ndisc_net_exit(struct net *net)
2005{
2006 inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
2007}
2008
2009static struct pernet_operations ndisc_net_ops = {
2010 .init = ndisc_net_init,
2011 .exit = ndisc_net_exit,
2012};
2013
2014int __init ndisc_init(void)
2015{
2016 int err;
2017
2018 err = register_pernet_subsys(&ndisc_net_ops);
2019 if (err)
2020 return err;
2021 /*
2022 * Initialize the neighbour table
2023 */
2024 neigh_table_init(NEIGH_ND_TABLE, &nd_tbl);
2025
2026#ifdef CONFIG_SYSCTL
2027 err = neigh_sysctl_register(NULL, &nd_tbl.parms,
2028 ndisc_ifinfo_sysctl_change);
2029 if (err)
2030 goto out_unregister_pernet;
2031out:
2032#endif
2033 return err;
2034
2035#ifdef CONFIG_SYSCTL
2036out_unregister_pernet:
2037 unregister_pernet_subsys(&ndisc_net_ops);
2038 goto out;
2039#endif
2040}
2041
2042int __init ndisc_late_init(void)
2043{
2044 return register_netdevice_notifier(&ndisc_netdev_notifier);
2045}
2046
2047void ndisc_late_cleanup(void)
2048{
2049 unregister_netdevice_notifier(&ndisc_netdev_notifier);
2050}
2051
2052void ndisc_cleanup(void)
2053{
2054#ifdef CONFIG_SYSCTL
2055 neigh_sysctl_unregister(&nd_tbl.parms);
2056#endif
2057 neigh_table_clear(NEIGH_ND_TABLE, &nd_tbl);
2058 unregister_pernet_subsys(&ndisc_net_ops);
2059}
1/*
2 * Neighbour Discovery for IPv6
3 * Linux INET6 implementation
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 * Mike Shaver <shaver@ingenia.com>
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version
12 * 2 of the License, or (at your option) any later version.
13 */
14
15/*
16 * Changes:
17 *
18 * Alexey I. Froloff : RFC6106 (DNSSL) support
19 * Pierre Ynard : export userland ND options
20 * through netlink (RDNSS support)
21 * Lars Fenneberg : fixed MTU setting on receipt
22 * of an RA.
23 * Janos Farkas : kmalloc failure checks
24 * Alexey Kuznetsov : state machine reworked
25 * and moved to net/core.
26 * Pekka Savola : RFC2461 validation
27 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly
28 */
29
30#define pr_fmt(fmt) "ICMPv6: " fmt
31
32#include <linux/module.h>
33#include <linux/errno.h>
34#include <linux/types.h>
35#include <linux/socket.h>
36#include <linux/sockios.h>
37#include <linux/sched.h>
38#include <linux/net.h>
39#include <linux/in6.h>
40#include <linux/route.h>
41#include <linux/init.h>
42#include <linux/rcupdate.h>
43#include <linux/slab.h>
44#ifdef CONFIG_SYSCTL
45#include <linux/sysctl.h>
46#endif
47
48#include <linux/if_addr.h>
49#include <linux/if_arp.h>
50#include <linux/ipv6.h>
51#include <linux/icmpv6.h>
52#include <linux/jhash.h>
53
54#include <net/sock.h>
55#include <net/snmp.h>
56
57#include <net/ipv6.h>
58#include <net/protocol.h>
59#include <net/ndisc.h>
60#include <net/ip6_route.h>
61#include <net/addrconf.h>
62#include <net/icmp.h>
63
64#include <net/netlink.h>
65#include <linux/rtnetlink.h>
66
67#include <net/flow.h>
68#include <net/ip6_checksum.h>
69#include <net/inet_common.h>
70#include <net/l3mdev.h>
71#include <linux/proc_fs.h>
72
73#include <linux/netfilter.h>
74#include <linux/netfilter_ipv6.h>
75
76/* Set to 3 to get tracing... */
77#define ND_DEBUG 1
78
79#define ND_PRINTK(val, level, fmt, ...) \
80do { \
81 if (val <= ND_DEBUG) \
82 net_##level##_ratelimited(fmt, ##__VA_ARGS__); \
83} while (0)
84
85static u32 ndisc_hash(const void *pkey,
86 const struct net_device *dev,
87 __u32 *hash_rnd);
88static bool ndisc_key_eq(const struct neighbour *neigh, const void *pkey);
89static int ndisc_constructor(struct neighbour *neigh);
90static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
91static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
92static int pndisc_constructor(struct pneigh_entry *n);
93static void pndisc_destructor(struct pneigh_entry *n);
94static void pndisc_redo(struct sk_buff *skb);
95
96static const struct neigh_ops ndisc_generic_ops = {
97 .family = AF_INET6,
98 .solicit = ndisc_solicit,
99 .error_report = ndisc_error_report,
100 .output = neigh_resolve_output,
101 .connected_output = neigh_connected_output,
102};
103
104static const struct neigh_ops ndisc_hh_ops = {
105 .family = AF_INET6,
106 .solicit = ndisc_solicit,
107 .error_report = ndisc_error_report,
108 .output = neigh_resolve_output,
109 .connected_output = neigh_resolve_output,
110};
111
112
113static const struct neigh_ops ndisc_direct_ops = {
114 .family = AF_INET6,
115 .output = neigh_direct_output,
116 .connected_output = neigh_direct_output,
117};
118
119struct neigh_table nd_tbl = {
120 .family = AF_INET6,
121 .key_len = sizeof(struct in6_addr),
122 .protocol = cpu_to_be16(ETH_P_IPV6),
123 .hash = ndisc_hash,
124 .key_eq = ndisc_key_eq,
125 .constructor = ndisc_constructor,
126 .pconstructor = pndisc_constructor,
127 .pdestructor = pndisc_destructor,
128 .proxy_redo = pndisc_redo,
129 .id = "ndisc_cache",
130 .parms = {
131 .tbl = &nd_tbl,
132 .reachable_time = ND_REACHABLE_TIME,
133 .data = {
134 [NEIGH_VAR_MCAST_PROBES] = 3,
135 [NEIGH_VAR_UCAST_PROBES] = 3,
136 [NEIGH_VAR_RETRANS_TIME] = ND_RETRANS_TIMER,
137 [NEIGH_VAR_BASE_REACHABLE_TIME] = ND_REACHABLE_TIME,
138 [NEIGH_VAR_DELAY_PROBE_TIME] = 5 * HZ,
139 [NEIGH_VAR_GC_STALETIME] = 60 * HZ,
140 [NEIGH_VAR_QUEUE_LEN_BYTES] = 64 * 1024,
141 [NEIGH_VAR_PROXY_QLEN] = 64,
142 [NEIGH_VAR_ANYCAST_DELAY] = 1 * HZ,
143 [NEIGH_VAR_PROXY_DELAY] = (8 * HZ) / 10,
144 },
145 },
146 .gc_interval = 30 * HZ,
147 .gc_thresh1 = 128,
148 .gc_thresh2 = 512,
149 .gc_thresh3 = 1024,
150};
151EXPORT_SYMBOL_GPL(nd_tbl);
152
153static void ndisc_fill_addr_option(struct sk_buff *skb, int type, void *data)
154{
155 int pad = ndisc_addr_option_pad(skb->dev->type);
156 int data_len = skb->dev->addr_len;
157 int space = ndisc_opt_addr_space(skb->dev);
158 u8 *opt = skb_put(skb, space);
159
160 opt[0] = type;
161 opt[1] = space>>3;
162
163 memset(opt + 2, 0, pad);
164 opt += pad;
165 space -= pad;
166
167 memcpy(opt+2, data, data_len);
168 data_len += 2;
169 opt += data_len;
170 space -= data_len;
171 if (space > 0)
172 memset(opt, 0, space);
173}
174
175static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
176 struct nd_opt_hdr *end)
177{
178 int type;
179 if (!cur || !end || cur >= end)
180 return NULL;
181 type = cur->nd_opt_type;
182 do {
183 cur = ((void *)cur) + (cur->nd_opt_len << 3);
184 } while (cur < end && cur->nd_opt_type != type);
185 return cur <= end && cur->nd_opt_type == type ? cur : NULL;
186}
187
188static inline int ndisc_is_useropt(struct nd_opt_hdr *opt)
189{
190 return opt->nd_opt_type == ND_OPT_RDNSS ||
191 opt->nd_opt_type == ND_OPT_DNSSL;
192}
193
194static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur,
195 struct nd_opt_hdr *end)
196{
197 if (!cur || !end || cur >= end)
198 return NULL;
199 do {
200 cur = ((void *)cur) + (cur->nd_opt_len << 3);
201 } while (cur < end && !ndisc_is_useropt(cur));
202 return cur <= end && ndisc_is_useropt(cur) ? cur : NULL;
203}
204
205struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
206 struct ndisc_options *ndopts)
207{
208 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
209
210 if (!nd_opt || opt_len < 0 || !ndopts)
211 return NULL;
212 memset(ndopts, 0, sizeof(*ndopts));
213 while (opt_len) {
214 int l;
215 if (opt_len < sizeof(struct nd_opt_hdr))
216 return NULL;
217 l = nd_opt->nd_opt_len << 3;
218 if (opt_len < l || l == 0)
219 return NULL;
220 switch (nd_opt->nd_opt_type) {
221 case ND_OPT_SOURCE_LL_ADDR:
222 case ND_OPT_TARGET_LL_ADDR:
223 case ND_OPT_MTU:
224 case ND_OPT_REDIRECT_HDR:
225 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
226 ND_PRINTK(2, warn,
227 "%s: duplicated ND6 option found: type=%d\n",
228 __func__, nd_opt->nd_opt_type);
229 } else {
230 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
231 }
232 break;
233 case ND_OPT_PREFIX_INFO:
234 ndopts->nd_opts_pi_end = nd_opt;
235 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
236 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
237 break;
238#ifdef CONFIG_IPV6_ROUTE_INFO
239 case ND_OPT_ROUTE_INFO:
240 ndopts->nd_opts_ri_end = nd_opt;
241 if (!ndopts->nd_opts_ri)
242 ndopts->nd_opts_ri = nd_opt;
243 break;
244#endif
245 default:
246 if (ndisc_is_useropt(nd_opt)) {
247 ndopts->nd_useropts_end = nd_opt;
248 if (!ndopts->nd_useropts)
249 ndopts->nd_useropts = nd_opt;
250 } else {
251 /*
252 * Unknown options must be silently ignored,
253 * to accommodate future extension to the
254 * protocol.
255 */
256 ND_PRINTK(2, notice,
257 "%s: ignored unsupported option; type=%d, len=%d\n",
258 __func__,
259 nd_opt->nd_opt_type,
260 nd_opt->nd_opt_len);
261 }
262 }
263 opt_len -= l;
264 nd_opt = ((void *)nd_opt) + l;
265 }
266 return ndopts;
267}
268
269int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
270{
271 switch (dev->type) {
272 case ARPHRD_ETHER:
273 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */
274 case ARPHRD_FDDI:
275 ipv6_eth_mc_map(addr, buf);
276 return 0;
277 case ARPHRD_ARCNET:
278 ipv6_arcnet_mc_map(addr, buf);
279 return 0;
280 case ARPHRD_INFINIBAND:
281 ipv6_ib_mc_map(addr, dev->broadcast, buf);
282 return 0;
283 case ARPHRD_IPGRE:
284 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
285 default:
286 if (dir) {
287 memcpy(buf, dev->broadcast, dev->addr_len);
288 return 0;
289 }
290 }
291 return -EINVAL;
292}
293EXPORT_SYMBOL(ndisc_mc_map);
294
295static u32 ndisc_hash(const void *pkey,
296 const struct net_device *dev,
297 __u32 *hash_rnd)
298{
299 return ndisc_hashfn(pkey, dev, hash_rnd);
300}
301
302static bool ndisc_key_eq(const struct neighbour *n, const void *pkey)
303{
304 return neigh_key_eq128(n, pkey);
305}
306
307static int ndisc_constructor(struct neighbour *neigh)
308{
309 struct in6_addr *addr = (struct in6_addr *)&neigh->primary_key;
310 struct net_device *dev = neigh->dev;
311 struct inet6_dev *in6_dev;
312 struct neigh_parms *parms;
313 bool is_multicast = ipv6_addr_is_multicast(addr);
314
315 in6_dev = in6_dev_get(dev);
316 if (!in6_dev) {
317 return -EINVAL;
318 }
319
320 parms = in6_dev->nd_parms;
321 __neigh_parms_put(neigh->parms);
322 neigh->parms = neigh_parms_clone(parms);
323
324 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
325 if (!dev->header_ops) {
326 neigh->nud_state = NUD_NOARP;
327 neigh->ops = &ndisc_direct_ops;
328 neigh->output = neigh_direct_output;
329 } else {
330 if (is_multicast) {
331 neigh->nud_state = NUD_NOARP;
332 ndisc_mc_map(addr, neigh->ha, dev, 1);
333 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
334 neigh->nud_state = NUD_NOARP;
335 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
336 if (dev->flags&IFF_LOOPBACK)
337 neigh->type = RTN_LOCAL;
338 } else if (dev->flags&IFF_POINTOPOINT) {
339 neigh->nud_state = NUD_NOARP;
340 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
341 }
342 if (dev->header_ops->cache)
343 neigh->ops = &ndisc_hh_ops;
344 else
345 neigh->ops = &ndisc_generic_ops;
346 if (neigh->nud_state&NUD_VALID)
347 neigh->output = neigh->ops->connected_output;
348 else
349 neigh->output = neigh->ops->output;
350 }
351 in6_dev_put(in6_dev);
352 return 0;
353}
354
355static int pndisc_constructor(struct pneigh_entry *n)
356{
357 struct in6_addr *addr = (struct in6_addr *)&n->key;
358 struct in6_addr maddr;
359 struct net_device *dev = n->dev;
360
361 if (!dev || !__in6_dev_get(dev))
362 return -EINVAL;
363 addrconf_addr_solict_mult(addr, &maddr);
364 ipv6_dev_mc_inc(dev, &maddr);
365 return 0;
366}
367
368static void pndisc_destructor(struct pneigh_entry *n)
369{
370 struct in6_addr *addr = (struct in6_addr *)&n->key;
371 struct in6_addr maddr;
372 struct net_device *dev = n->dev;
373
374 if (!dev || !__in6_dev_get(dev))
375 return;
376 addrconf_addr_solict_mult(addr, &maddr);
377 ipv6_dev_mc_dec(dev, &maddr);
378}
379
380static struct sk_buff *ndisc_alloc_skb(struct net_device *dev,
381 int len)
382{
383 int hlen = LL_RESERVED_SPACE(dev);
384 int tlen = dev->needed_tailroom;
385 struct sock *sk = dev_net(dev)->ipv6.ndisc_sk;
386 struct sk_buff *skb;
387
388 skb = alloc_skb(hlen + sizeof(struct ipv6hdr) + len + tlen, GFP_ATOMIC);
389 if (!skb) {
390 ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb\n",
391 __func__);
392 return NULL;
393 }
394
395 skb->protocol = htons(ETH_P_IPV6);
396 skb->dev = dev;
397
398 skb_reserve(skb, hlen + sizeof(struct ipv6hdr));
399 skb_reset_transport_header(skb);
400
401 /* Manually assign socket ownership as we avoid calling
402 * sock_alloc_send_pskb() to bypass wmem buffer limits
403 */
404 skb_set_owner_w(skb, sk);
405
406 return skb;
407}
408
409static void ip6_nd_hdr(struct sk_buff *skb,
410 const struct in6_addr *saddr,
411 const struct in6_addr *daddr,
412 int hop_limit, int len)
413{
414 struct ipv6hdr *hdr;
415
416 skb_push(skb, sizeof(*hdr));
417 skb_reset_network_header(skb);
418 hdr = ipv6_hdr(skb);
419
420 ip6_flow_hdr(hdr, 0, 0);
421
422 hdr->payload_len = htons(len);
423 hdr->nexthdr = IPPROTO_ICMPV6;
424 hdr->hop_limit = hop_limit;
425
426 hdr->saddr = *saddr;
427 hdr->daddr = *daddr;
428}
429
430static void ndisc_send_skb(struct sk_buff *skb,
431 const struct in6_addr *daddr,
432 const struct in6_addr *saddr)
433{
434 struct dst_entry *dst = skb_dst(skb);
435 struct net *net = dev_net(skb->dev);
436 struct sock *sk = net->ipv6.ndisc_sk;
437 struct inet6_dev *idev;
438 int err;
439 struct icmp6hdr *icmp6h = icmp6_hdr(skb);
440 u8 type;
441
442 type = icmp6h->icmp6_type;
443
444 if (!dst) {
445 struct flowi6 fl6;
446 int oif = l3mdev_fib_oif(skb->dev);
447
448 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, oif);
449 if (oif != skb->dev->ifindex)
450 fl6.flowi6_flags |= FLOWI_FLAG_L3MDEV_SRC;
451 dst = icmp6_dst_alloc(skb->dev, &fl6);
452 if (IS_ERR(dst)) {
453 kfree_skb(skb);
454 return;
455 }
456
457 skb_dst_set(skb, dst);
458 }
459
460 icmp6h->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len,
461 IPPROTO_ICMPV6,
462 csum_partial(icmp6h,
463 skb->len, 0));
464
465 ip6_nd_hdr(skb, saddr, daddr, inet6_sk(sk)->hop_limit, skb->len);
466
467 rcu_read_lock();
468 idev = __in6_dev_get(dst->dev);
469 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
470
471 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT,
472 net, sk, skb, NULL, dst->dev,
473 dst_output);
474 if (!err) {
475 ICMP6MSGOUT_INC_STATS(net, idev, type);
476 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
477 }
478
479 rcu_read_unlock();
480}
481
482void ndisc_send_na(struct net_device *dev, const struct in6_addr *daddr,
483 const struct in6_addr *solicited_addr,
484 bool router, bool solicited, bool override, bool inc_opt)
485{
486 struct sk_buff *skb;
487 struct in6_addr tmpaddr;
488 struct inet6_ifaddr *ifp;
489 const struct in6_addr *src_addr;
490 struct nd_msg *msg;
491 int optlen = 0;
492
493 /* for anycast or proxy, solicited_addr != src_addr */
494 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
495 if (ifp) {
496 src_addr = solicited_addr;
497 if (ifp->flags & IFA_F_OPTIMISTIC)
498 override = false;
499 inc_opt |= ifp->idev->cnf.force_tllao;
500 in6_ifa_put(ifp);
501 } else {
502 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
503 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
504 &tmpaddr))
505 return;
506 src_addr = &tmpaddr;
507 }
508
509 if (!dev->addr_len)
510 inc_opt = 0;
511 if (inc_opt)
512 optlen += ndisc_opt_addr_space(dev);
513
514 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
515 if (!skb)
516 return;
517
518 msg = (struct nd_msg *)skb_put(skb, sizeof(*msg));
519 *msg = (struct nd_msg) {
520 .icmph = {
521 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
522 .icmp6_router = router,
523 .icmp6_solicited = solicited,
524 .icmp6_override = override,
525 },
526 .target = *solicited_addr,
527 };
528
529 if (inc_opt)
530 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR,
531 dev->dev_addr);
532
533
534 ndisc_send_skb(skb, daddr, src_addr);
535}
536
537static void ndisc_send_unsol_na(struct net_device *dev)
538{
539 struct inet6_dev *idev;
540 struct inet6_ifaddr *ifa;
541
542 idev = in6_dev_get(dev);
543 if (!idev)
544 return;
545
546 read_lock_bh(&idev->lock);
547 list_for_each_entry(ifa, &idev->addr_list, if_list) {
548 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &ifa->addr,
549 /*router=*/ !!idev->cnf.forwarding,
550 /*solicited=*/ false, /*override=*/ true,
551 /*inc_opt=*/ true);
552 }
553 read_unlock_bh(&idev->lock);
554
555 in6_dev_put(idev);
556}
557
558void ndisc_send_ns(struct net_device *dev, const struct in6_addr *solicit,
559 const struct in6_addr *daddr, const struct in6_addr *saddr)
560{
561 struct sk_buff *skb;
562 struct in6_addr addr_buf;
563 int inc_opt = dev->addr_len;
564 int optlen = 0;
565 struct nd_msg *msg;
566
567 if (!saddr) {
568 if (ipv6_get_lladdr(dev, &addr_buf,
569 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
570 return;
571 saddr = &addr_buf;
572 }
573
574 if (ipv6_addr_any(saddr))
575 inc_opt = false;
576 if (inc_opt)
577 optlen += ndisc_opt_addr_space(dev);
578
579 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
580 if (!skb)
581 return;
582
583 msg = (struct nd_msg *)skb_put(skb, sizeof(*msg));
584 *msg = (struct nd_msg) {
585 .icmph = {
586 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
587 },
588 .target = *solicit,
589 };
590
591 if (inc_opt)
592 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
593 dev->dev_addr);
594
595 ndisc_send_skb(skb, daddr, saddr);
596}
597
598void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
599 const struct in6_addr *daddr)
600{
601 struct sk_buff *skb;
602 struct rs_msg *msg;
603 int send_sllao = dev->addr_len;
604 int optlen = 0;
605
606#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
607 /*
608 * According to section 2.2 of RFC 4429, we must not
609 * send router solicitations with a sllao from
610 * optimistic addresses, but we may send the solicitation
611 * if we don't include the sllao. So here we check
612 * if our address is optimistic, and if so, we
613 * suppress the inclusion of the sllao.
614 */
615 if (send_sllao) {
616 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
617 dev, 1);
618 if (ifp) {
619 if (ifp->flags & IFA_F_OPTIMISTIC) {
620 send_sllao = 0;
621 }
622 in6_ifa_put(ifp);
623 } else {
624 send_sllao = 0;
625 }
626 }
627#endif
628 if (send_sllao)
629 optlen += ndisc_opt_addr_space(dev);
630
631 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
632 if (!skb)
633 return;
634
635 msg = (struct rs_msg *)skb_put(skb, sizeof(*msg));
636 *msg = (struct rs_msg) {
637 .icmph = {
638 .icmp6_type = NDISC_ROUTER_SOLICITATION,
639 },
640 };
641
642 if (send_sllao)
643 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
644 dev->dev_addr);
645
646 ndisc_send_skb(skb, daddr, saddr);
647}
648
649
650static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
651{
652 /*
653 * "The sender MUST return an ICMP
654 * destination unreachable"
655 */
656 dst_link_failure(skb);
657 kfree_skb(skb);
658}
659
660/* Called with locked neigh: either read or both */
661
662static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
663{
664 struct in6_addr *saddr = NULL;
665 struct in6_addr mcaddr;
666 struct net_device *dev = neigh->dev;
667 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
668 int probes = atomic_read(&neigh->probes);
669
670 if (skb && ipv6_chk_addr_and_flags(dev_net(dev), &ipv6_hdr(skb)->saddr,
671 dev, 1,
672 IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))
673 saddr = &ipv6_hdr(skb)->saddr;
674 probes -= NEIGH_VAR(neigh->parms, UCAST_PROBES);
675 if (probes < 0) {
676 if (!(neigh->nud_state & NUD_VALID)) {
677 ND_PRINTK(1, dbg,
678 "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
679 __func__, target);
680 }
681 ndisc_send_ns(dev, target, target, saddr);
682 } else if ((probes -= NEIGH_VAR(neigh->parms, APP_PROBES)) < 0) {
683 neigh_app_ns(neigh);
684 } else {
685 addrconf_addr_solict_mult(target, &mcaddr);
686 ndisc_send_ns(dev, target, &mcaddr, saddr);
687 }
688}
689
690static int pndisc_is_router(const void *pkey,
691 struct net_device *dev)
692{
693 struct pneigh_entry *n;
694 int ret = -1;
695
696 read_lock_bh(&nd_tbl.lock);
697 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
698 if (n)
699 ret = !!(n->flags & NTF_ROUTER);
700 read_unlock_bh(&nd_tbl.lock);
701
702 return ret;
703}
704
705static void ndisc_recv_ns(struct sk_buff *skb)
706{
707 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
708 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
709 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
710 u8 *lladdr = NULL;
711 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
712 offsetof(struct nd_msg, opt));
713 struct ndisc_options ndopts;
714 struct net_device *dev = skb->dev;
715 struct inet6_ifaddr *ifp;
716 struct inet6_dev *idev = NULL;
717 struct neighbour *neigh;
718 int dad = ipv6_addr_any(saddr);
719 bool inc;
720 int is_router = -1;
721
722 if (skb->len < sizeof(struct nd_msg)) {
723 ND_PRINTK(2, warn, "NS: packet too short\n");
724 return;
725 }
726
727 if (ipv6_addr_is_multicast(&msg->target)) {
728 ND_PRINTK(2, warn, "NS: multicast target address\n");
729 return;
730 }
731
732 /*
733 * RFC2461 7.1.1:
734 * DAD has to be destined for solicited node multicast address.
735 */
736 if (dad && !ipv6_addr_is_solict_mult(daddr)) {
737 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
738 return;
739 }
740
741 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
742 ND_PRINTK(2, warn, "NS: invalid ND options\n");
743 return;
744 }
745
746 if (ndopts.nd_opts_src_lladdr) {
747 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
748 if (!lladdr) {
749 ND_PRINTK(2, warn,
750 "NS: invalid link-layer address length\n");
751 return;
752 }
753
754 /* RFC2461 7.1.1:
755 * If the IP source address is the unspecified address,
756 * there MUST NOT be source link-layer address option
757 * in the message.
758 */
759 if (dad) {
760 ND_PRINTK(2, warn,
761 "NS: bad DAD packet (link-layer address option)\n");
762 return;
763 }
764 }
765
766 inc = ipv6_addr_is_multicast(daddr);
767
768 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
769 if (ifp) {
770have_ifp:
771 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
772 if (dad) {
773 /*
774 * We are colliding with another node
775 * who is doing DAD
776 * so fail our DAD process
777 */
778 addrconf_dad_failure(ifp);
779 return;
780 } else {
781 /*
782 * This is not a dad solicitation.
783 * If we are an optimistic node,
784 * we should respond.
785 * Otherwise, we should ignore it.
786 */
787 if (!(ifp->flags & IFA_F_OPTIMISTIC))
788 goto out;
789 }
790 }
791
792 idev = ifp->idev;
793 } else {
794 struct net *net = dev_net(dev);
795
796 /* perhaps an address on the master device */
797 if (netif_is_l3_slave(dev)) {
798 struct net_device *mdev;
799
800 mdev = netdev_master_upper_dev_get_rcu(dev);
801 if (mdev) {
802 ifp = ipv6_get_ifaddr(net, &msg->target, mdev, 1);
803 if (ifp)
804 goto have_ifp;
805 }
806 }
807
808 idev = in6_dev_get(dev);
809 if (!idev) {
810 /* XXX: count this drop? */
811 return;
812 }
813
814 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
815 (idev->cnf.forwarding &&
816 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
817 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
818 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
819 skb->pkt_type != PACKET_HOST &&
820 inc &&
821 NEIGH_VAR(idev->nd_parms, PROXY_DELAY) != 0) {
822 /*
823 * for anycast or proxy,
824 * sender should delay its response
825 * by a random time between 0 and
826 * MAX_ANYCAST_DELAY_TIME seconds.
827 * (RFC2461) -- yoshfuji
828 */
829 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
830 if (n)
831 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
832 goto out;
833 }
834 } else
835 goto out;
836 }
837
838 if (is_router < 0)
839 is_router = idev->cnf.forwarding;
840
841 if (dad) {
842 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &msg->target,
843 !!is_router, false, (ifp != NULL), true);
844 goto out;
845 }
846
847 if (inc)
848 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
849 else
850 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
851
852 /*
853 * update / create cache entry
854 * for the source address
855 */
856 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
857 !inc || lladdr || !dev->addr_len);
858 if (neigh)
859 neigh_update(neigh, lladdr, NUD_STALE,
860 NEIGH_UPDATE_F_WEAK_OVERRIDE|
861 NEIGH_UPDATE_F_OVERRIDE);
862 if (neigh || !dev->header_ops) {
863 ndisc_send_na(dev, saddr, &msg->target, !!is_router,
864 true, (ifp != NULL && inc), inc);
865 if (neigh)
866 neigh_release(neigh);
867 }
868
869out:
870 if (ifp)
871 in6_ifa_put(ifp);
872 else
873 in6_dev_put(idev);
874}
875
876static void ndisc_recv_na(struct sk_buff *skb)
877{
878 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
879 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
880 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
881 u8 *lladdr = NULL;
882 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
883 offsetof(struct nd_msg, opt));
884 struct ndisc_options ndopts;
885 struct net_device *dev = skb->dev;
886 struct inet6_dev *idev = __in6_dev_get(dev);
887 struct inet6_ifaddr *ifp;
888 struct neighbour *neigh;
889
890 if (skb->len < sizeof(struct nd_msg)) {
891 ND_PRINTK(2, warn, "NA: packet too short\n");
892 return;
893 }
894
895 if (ipv6_addr_is_multicast(&msg->target)) {
896 ND_PRINTK(2, warn, "NA: target address is multicast\n");
897 return;
898 }
899
900 if (ipv6_addr_is_multicast(daddr) &&
901 msg->icmph.icmp6_solicited) {
902 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
903 return;
904 }
905
906 /* For some 802.11 wireless deployments (and possibly other networks),
907 * there will be a NA proxy and unsolicitd packets are attacks
908 * and thus should not be accepted.
909 */
910 if (!msg->icmph.icmp6_solicited && idev &&
911 idev->cnf.drop_unsolicited_na)
912 return;
913
914 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
915 ND_PRINTK(2, warn, "NS: invalid ND option\n");
916 return;
917 }
918 if (ndopts.nd_opts_tgt_lladdr) {
919 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
920 if (!lladdr) {
921 ND_PRINTK(2, warn,
922 "NA: invalid link-layer address length\n");
923 return;
924 }
925 }
926 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
927 if (ifp) {
928 if (skb->pkt_type != PACKET_LOOPBACK
929 && (ifp->flags & IFA_F_TENTATIVE)) {
930 addrconf_dad_failure(ifp);
931 return;
932 }
933 /* What should we make now? The advertisement
934 is invalid, but ndisc specs say nothing
935 about it. It could be misconfiguration, or
936 an smart proxy agent tries to help us :-)
937
938 We should not print the error if NA has been
939 received from loopback - it is just our own
940 unsolicited advertisement.
941 */
942 if (skb->pkt_type != PACKET_LOOPBACK)
943 ND_PRINTK(1, warn,
944 "NA: someone advertises our address %pI6 on %s!\n",
945 &ifp->addr, ifp->idev->dev->name);
946 in6_ifa_put(ifp);
947 return;
948 }
949 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
950
951 if (neigh) {
952 u8 old_flags = neigh->flags;
953 struct net *net = dev_net(dev);
954
955 if (neigh->nud_state & NUD_FAILED)
956 goto out;
957
958 /*
959 * Don't update the neighbor cache entry on a proxy NA from
960 * ourselves because either the proxied node is off link or it
961 * has already sent a NA to us.
962 */
963 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
964 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
965 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
966 /* XXX: idev->cnf.proxy_ndp */
967 goto out;
968 }
969
970 neigh_update(neigh, lladdr,
971 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
972 NEIGH_UPDATE_F_WEAK_OVERRIDE|
973 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
974 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
975 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0));
976
977 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
978 /*
979 * Change: router to host
980 */
981 rt6_clean_tohost(dev_net(dev), saddr);
982 }
983
984out:
985 neigh_release(neigh);
986 }
987}
988
989static void ndisc_recv_rs(struct sk_buff *skb)
990{
991 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
992 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
993 struct neighbour *neigh;
994 struct inet6_dev *idev;
995 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
996 struct ndisc_options ndopts;
997 u8 *lladdr = NULL;
998
999 if (skb->len < sizeof(*rs_msg))
1000 return;
1001
1002 idev = __in6_dev_get(skb->dev);
1003 if (!idev) {
1004 ND_PRINTK(1, err, "RS: can't find in6 device\n");
1005 return;
1006 }
1007
1008 /* Don't accept RS if we're not in router mode */
1009 if (!idev->cnf.forwarding)
1010 goto out;
1011
1012 /*
1013 * Don't update NCE if src = ::;
1014 * this implies that the source node has no ip address assigned yet.
1015 */
1016 if (ipv6_addr_any(saddr))
1017 goto out;
1018
1019 /* Parse ND options */
1020 if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) {
1021 ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n");
1022 goto out;
1023 }
1024
1025 if (ndopts.nd_opts_src_lladdr) {
1026 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1027 skb->dev);
1028 if (!lladdr)
1029 goto out;
1030 }
1031
1032 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1033 if (neigh) {
1034 neigh_update(neigh, lladdr, NUD_STALE,
1035 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1036 NEIGH_UPDATE_F_OVERRIDE|
1037 NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
1038 neigh_release(neigh);
1039 }
1040out:
1041 return;
1042}
1043
1044static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1045{
1046 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1047 struct sk_buff *skb;
1048 struct nlmsghdr *nlh;
1049 struct nduseroptmsg *ndmsg;
1050 struct net *net = dev_net(ra->dev);
1051 int err;
1052 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1053 + (opt->nd_opt_len << 3));
1054 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1055
1056 skb = nlmsg_new(msg_size, GFP_ATOMIC);
1057 if (!skb) {
1058 err = -ENOBUFS;
1059 goto errout;
1060 }
1061
1062 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1063 if (!nlh) {
1064 goto nla_put_failure;
1065 }
1066
1067 ndmsg = nlmsg_data(nlh);
1068 ndmsg->nduseropt_family = AF_INET6;
1069 ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1070 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1071 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1072 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1073
1074 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1075
1076 if (nla_put_in6_addr(skb, NDUSEROPT_SRCADDR, &ipv6_hdr(ra)->saddr))
1077 goto nla_put_failure;
1078 nlmsg_end(skb, nlh);
1079
1080 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1081 return;
1082
1083nla_put_failure:
1084 nlmsg_free(skb);
1085 err = -EMSGSIZE;
1086errout:
1087 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1088}
1089
1090static void ndisc_router_discovery(struct sk_buff *skb)
1091{
1092 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1093 struct neighbour *neigh = NULL;
1094 struct inet6_dev *in6_dev;
1095 struct rt6_info *rt = NULL;
1096 int lifetime;
1097 struct ndisc_options ndopts;
1098 int optlen;
1099 unsigned int pref = 0;
1100 __u32 old_if_flags;
1101 bool send_ifinfo_notify = false;
1102
1103 __u8 *opt = (__u8 *)(ra_msg + 1);
1104
1105 optlen = (skb_tail_pointer(skb) - skb_transport_header(skb)) -
1106 sizeof(struct ra_msg);
1107
1108 ND_PRINTK(2, info,
1109 "RA: %s, dev: %s\n",
1110 __func__, skb->dev->name);
1111 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1112 ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1113 return;
1114 }
1115 if (optlen < 0) {
1116 ND_PRINTK(2, warn, "RA: packet too short\n");
1117 return;
1118 }
1119
1120#ifdef CONFIG_IPV6_NDISC_NODETYPE
1121 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1122 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
1123 return;
1124 }
1125#endif
1126
1127 /*
1128 * set the RA_RECV flag in the interface
1129 */
1130
1131 in6_dev = __in6_dev_get(skb->dev);
1132 if (!in6_dev) {
1133 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1134 skb->dev->name);
1135 return;
1136 }
1137
1138 if (!ndisc_parse_options(opt, optlen, &ndopts)) {
1139 ND_PRINTK(2, warn, "RA: invalid ND options\n");
1140 return;
1141 }
1142
1143 if (!ipv6_accept_ra(in6_dev)) {
1144 ND_PRINTK(2, info,
1145 "RA: %s, did not accept ra for dev: %s\n",
1146 __func__, skb->dev->name);
1147 goto skip_linkparms;
1148 }
1149
1150#ifdef CONFIG_IPV6_NDISC_NODETYPE
1151 /* skip link-specific parameters from interior routers */
1152 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1153 ND_PRINTK(2, info,
1154 "RA: %s, nodetype is NODEFAULT, dev: %s\n",
1155 __func__, skb->dev->name);
1156 goto skip_linkparms;
1157 }
1158#endif
1159
1160 if (in6_dev->if_flags & IF_RS_SENT) {
1161 /*
1162 * flag that an RA was received after an RS was sent
1163 * out on this interface.
1164 */
1165 in6_dev->if_flags |= IF_RA_RCVD;
1166 }
1167
1168 /*
1169 * Remember the managed/otherconf flags from most recently
1170 * received RA message (RFC 2462) -- yoshfuji
1171 */
1172 old_if_flags = in6_dev->if_flags;
1173 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1174 IF_RA_OTHERCONF)) |
1175 (ra_msg->icmph.icmp6_addrconf_managed ?
1176 IF_RA_MANAGED : 0) |
1177 (ra_msg->icmph.icmp6_addrconf_other ?
1178 IF_RA_OTHERCONF : 0);
1179
1180 if (old_if_flags != in6_dev->if_flags)
1181 send_ifinfo_notify = true;
1182
1183 if (!in6_dev->cnf.accept_ra_defrtr) {
1184 ND_PRINTK(2, info,
1185 "RA: %s, defrtr is false for dev: %s\n",
1186 __func__, skb->dev->name);
1187 goto skip_defrtr;
1188 }
1189
1190 /* Do not accept RA with source-addr found on local machine unless
1191 * accept_ra_from_local is set to true.
1192 */
1193 if (!in6_dev->cnf.accept_ra_from_local &&
1194 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
1195 in6_dev->dev, 0)) {
1196 ND_PRINTK(2, info,
1197 "RA from local address detected on dev: %s: default router ignored\n",
1198 skb->dev->name);
1199 goto skip_defrtr;
1200 }
1201
1202 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1203
1204#ifdef CONFIG_IPV6_ROUTER_PREF
1205 pref = ra_msg->icmph.icmp6_router_pref;
1206 /* 10b is handled as if it were 00b (medium) */
1207 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1208 !in6_dev->cnf.accept_ra_rtr_pref)
1209 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1210#endif
1211
1212 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1213
1214 if (rt) {
1215 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1216 if (!neigh) {
1217 ND_PRINTK(0, err,
1218 "RA: %s got default router without neighbour\n",
1219 __func__);
1220 ip6_rt_put(rt);
1221 return;
1222 }
1223 }
1224 if (rt && lifetime == 0) {
1225 ip6_del_rt(rt);
1226 rt = NULL;
1227 }
1228
1229 ND_PRINTK(3, info, "RA: rt: %p lifetime: %d, for dev: %s\n",
1230 rt, lifetime, skb->dev->name);
1231 if (!rt && lifetime) {
1232 ND_PRINTK(3, info, "RA: adding default router\n");
1233
1234 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
1235 if (!rt) {
1236 ND_PRINTK(0, err,
1237 "RA: %s failed to add default route\n",
1238 __func__);
1239 return;
1240 }
1241
1242 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1243 if (!neigh) {
1244 ND_PRINTK(0, err,
1245 "RA: %s got default router without neighbour\n",
1246 __func__);
1247 ip6_rt_put(rt);
1248 return;
1249 }
1250 neigh->flags |= NTF_ROUTER;
1251 } else if (rt) {
1252 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1253 }
1254
1255 if (rt)
1256 rt6_set_expires(rt, jiffies + (HZ * lifetime));
1257 if (in6_dev->cnf.accept_ra_min_hop_limit < 256 &&
1258 ra_msg->icmph.icmp6_hop_limit) {
1259 if (in6_dev->cnf.accept_ra_min_hop_limit <= ra_msg->icmph.icmp6_hop_limit) {
1260 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1261 if (rt)
1262 dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
1263 ra_msg->icmph.icmp6_hop_limit);
1264 } else {
1265 ND_PRINTK(2, warn, "RA: Got route advertisement with lower hop_limit than minimum\n");
1266 }
1267 }
1268
1269skip_defrtr:
1270
1271 /*
1272 * Update Reachable Time and Retrans Timer
1273 */
1274
1275 if (in6_dev->nd_parms) {
1276 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1277
1278 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1279 rtime = (rtime*HZ)/1000;
1280 if (rtime < HZ/10)
1281 rtime = HZ/10;
1282 NEIGH_VAR_SET(in6_dev->nd_parms, RETRANS_TIME, rtime);
1283 in6_dev->tstamp = jiffies;
1284 send_ifinfo_notify = true;
1285 }
1286
1287 rtime = ntohl(ra_msg->reachable_time);
1288 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1289 rtime = (rtime*HZ)/1000;
1290
1291 if (rtime < HZ/10)
1292 rtime = HZ/10;
1293
1294 if (rtime != NEIGH_VAR(in6_dev->nd_parms, BASE_REACHABLE_TIME)) {
1295 NEIGH_VAR_SET(in6_dev->nd_parms,
1296 BASE_REACHABLE_TIME, rtime);
1297 NEIGH_VAR_SET(in6_dev->nd_parms,
1298 GC_STALETIME, 3 * rtime);
1299 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1300 in6_dev->tstamp = jiffies;
1301 send_ifinfo_notify = true;
1302 }
1303 }
1304 }
1305
1306 /*
1307 * Send a notify if RA changed managed/otherconf flags or timer settings
1308 */
1309 if (send_ifinfo_notify)
1310 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1311
1312skip_linkparms:
1313
1314 /*
1315 * Process options.
1316 */
1317
1318 if (!neigh)
1319 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1320 skb->dev, 1);
1321 if (neigh) {
1322 u8 *lladdr = NULL;
1323 if (ndopts.nd_opts_src_lladdr) {
1324 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1325 skb->dev);
1326 if (!lladdr) {
1327 ND_PRINTK(2, warn,
1328 "RA: invalid link-layer address length\n");
1329 goto out;
1330 }
1331 }
1332 neigh_update(neigh, lladdr, NUD_STALE,
1333 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1334 NEIGH_UPDATE_F_OVERRIDE|
1335 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1336 NEIGH_UPDATE_F_ISROUTER);
1337 }
1338
1339 if (!ipv6_accept_ra(in6_dev)) {
1340 ND_PRINTK(2, info,
1341 "RA: %s, accept_ra is false for dev: %s\n",
1342 __func__, skb->dev->name);
1343 goto out;
1344 }
1345
1346#ifdef CONFIG_IPV6_ROUTE_INFO
1347 if (!in6_dev->cnf.accept_ra_from_local &&
1348 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
1349 in6_dev->dev, 0)) {
1350 ND_PRINTK(2, info,
1351 "RA from local address detected on dev: %s: router info ignored.\n",
1352 skb->dev->name);
1353 goto skip_routeinfo;
1354 }
1355
1356 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1357 struct nd_opt_hdr *p;
1358 for (p = ndopts.nd_opts_ri;
1359 p;
1360 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1361 struct route_info *ri = (struct route_info *)p;
1362#ifdef CONFIG_IPV6_NDISC_NODETYPE
1363 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1364 ri->prefix_len == 0)
1365 continue;
1366#endif
1367 if (ri->prefix_len == 0 &&
1368 !in6_dev->cnf.accept_ra_defrtr)
1369 continue;
1370 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1371 continue;
1372 rt6_route_rcv(skb->dev, (u8 *)p, (p->nd_opt_len) << 3,
1373 &ipv6_hdr(skb)->saddr);
1374 }
1375 }
1376
1377skip_routeinfo:
1378#endif
1379
1380#ifdef CONFIG_IPV6_NDISC_NODETYPE
1381 /* skip link-specific ndopts from interior routers */
1382 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1383 ND_PRINTK(2, info,
1384 "RA: %s, nodetype is NODEFAULT (interior routes), dev: %s\n",
1385 __func__, skb->dev->name);
1386 goto out;
1387 }
1388#endif
1389
1390 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1391 struct nd_opt_hdr *p;
1392 for (p = ndopts.nd_opts_pi;
1393 p;
1394 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1395 addrconf_prefix_rcv(skb->dev, (u8 *)p,
1396 (p->nd_opt_len) << 3,
1397 ndopts.nd_opts_src_lladdr != NULL);
1398 }
1399 }
1400
1401 if (ndopts.nd_opts_mtu && in6_dev->cnf.accept_ra_mtu) {
1402 __be32 n;
1403 u32 mtu;
1404
1405 memcpy(&n, ((u8 *)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1406 mtu = ntohl(n);
1407
1408 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1409 ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1410 } else if (in6_dev->cnf.mtu6 != mtu) {
1411 in6_dev->cnf.mtu6 = mtu;
1412
1413 if (rt)
1414 dst_metric_set(&rt->dst, RTAX_MTU, mtu);
1415
1416 rt6_mtu_change(skb->dev, mtu);
1417 }
1418 }
1419
1420 if (ndopts.nd_useropts) {
1421 struct nd_opt_hdr *p;
1422 for (p = ndopts.nd_useropts;
1423 p;
1424 p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) {
1425 ndisc_ra_useropt(skb, p);
1426 }
1427 }
1428
1429 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1430 ND_PRINTK(2, warn, "RA: invalid RA options\n");
1431 }
1432out:
1433 ip6_rt_put(rt);
1434 if (neigh)
1435 neigh_release(neigh);
1436}
1437
1438static void ndisc_redirect_rcv(struct sk_buff *skb)
1439{
1440 u8 *hdr;
1441 struct ndisc_options ndopts;
1442 struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb);
1443 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
1444 offsetof(struct rd_msg, opt));
1445
1446#ifdef CONFIG_IPV6_NDISC_NODETYPE
1447 switch (skb->ndisc_nodetype) {
1448 case NDISC_NODETYPE_HOST:
1449 case NDISC_NODETYPE_NODEFAULT:
1450 ND_PRINTK(2, warn,
1451 "Redirect: from host or unauthorized router\n");
1452 return;
1453 }
1454#endif
1455
1456 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1457 ND_PRINTK(2, warn,
1458 "Redirect: source address is not link-local\n");
1459 return;
1460 }
1461
1462 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts))
1463 return;
1464
1465 if (!ndopts.nd_opts_rh) {
1466 ip6_redirect_no_header(skb, dev_net(skb->dev),
1467 skb->dev->ifindex, 0);
1468 return;
1469 }
1470
1471 hdr = (u8 *)ndopts.nd_opts_rh;
1472 hdr += 8;
1473 if (!pskb_pull(skb, hdr - skb_transport_header(skb)))
1474 return;
1475
1476 icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1477}
1478
1479static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb,
1480 struct sk_buff *orig_skb,
1481 int rd_len)
1482{
1483 u8 *opt = skb_put(skb, rd_len);
1484
1485 memset(opt, 0, 8);
1486 *(opt++) = ND_OPT_REDIRECT_HDR;
1487 *(opt++) = (rd_len >> 3);
1488 opt += 6;
1489
1490 memcpy(opt, ipv6_hdr(orig_skb), rd_len - 8);
1491}
1492
1493void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1494{
1495 struct net_device *dev = skb->dev;
1496 struct net *net = dev_net(dev);
1497 struct sock *sk = net->ipv6.ndisc_sk;
1498 int optlen = 0;
1499 struct inet_peer *peer;
1500 struct sk_buff *buff;
1501 struct rd_msg *msg;
1502 struct in6_addr saddr_buf;
1503 struct rt6_info *rt;
1504 struct dst_entry *dst;
1505 struct flowi6 fl6;
1506 int rd_len;
1507 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL;
1508 int oif = l3mdev_fib_oif(dev);
1509 bool ret;
1510
1511 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1512 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1513 dev->name);
1514 return;
1515 }
1516
1517 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1518 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1519 ND_PRINTK(2, warn,
1520 "Redirect: target address is not link-local unicast\n");
1521 return;
1522 }
1523
1524 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1525 &saddr_buf, &ipv6_hdr(skb)->saddr, oif);
1526
1527 if (oif != skb->dev->ifindex)
1528 fl6.flowi6_flags |= FLOWI_FLAG_L3MDEV_SRC;
1529
1530 dst = ip6_route_output(net, NULL, &fl6);
1531 if (dst->error) {
1532 dst_release(dst);
1533 return;
1534 }
1535 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1536 if (IS_ERR(dst))
1537 return;
1538
1539 rt = (struct rt6_info *) dst;
1540
1541 if (rt->rt6i_flags & RTF_GATEWAY) {
1542 ND_PRINTK(2, warn,
1543 "Redirect: destination is not a neighbour\n");
1544 goto release;
1545 }
1546 peer = inet_getpeer_v6(net->ipv6.peers, &ipv6_hdr(skb)->saddr, 1);
1547 ret = inet_peer_xrlim_allow(peer, 1*HZ);
1548 if (peer)
1549 inet_putpeer(peer);
1550 if (!ret)
1551 goto release;
1552
1553 if (dev->addr_len) {
1554 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1555 if (!neigh) {
1556 ND_PRINTK(2, warn,
1557 "Redirect: no neigh for target address\n");
1558 goto release;
1559 }
1560
1561 read_lock_bh(&neigh->lock);
1562 if (neigh->nud_state & NUD_VALID) {
1563 memcpy(ha_buf, neigh->ha, dev->addr_len);
1564 read_unlock_bh(&neigh->lock);
1565 ha = ha_buf;
1566 optlen += ndisc_opt_addr_space(dev);
1567 } else
1568 read_unlock_bh(&neigh->lock);
1569
1570 neigh_release(neigh);
1571 }
1572
1573 rd_len = min_t(unsigned int,
1574 IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen,
1575 skb->len + 8);
1576 rd_len &= ~0x7;
1577 optlen += rd_len;
1578
1579 buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
1580 if (!buff)
1581 goto release;
1582
1583 msg = (struct rd_msg *)skb_put(buff, sizeof(*msg));
1584 *msg = (struct rd_msg) {
1585 .icmph = {
1586 .icmp6_type = NDISC_REDIRECT,
1587 },
1588 .target = *target,
1589 .dest = ipv6_hdr(skb)->daddr,
1590 };
1591
1592 /*
1593 * include target_address option
1594 */
1595
1596 if (ha)
1597 ndisc_fill_addr_option(buff, ND_OPT_TARGET_LL_ADDR, ha);
1598
1599 /*
1600 * build redirect option and copy skb over to the new packet.
1601 */
1602
1603 if (rd_len)
1604 ndisc_fill_redirect_hdr_option(buff, skb, rd_len);
1605
1606 skb_dst_set(buff, dst);
1607 ndisc_send_skb(buff, &ipv6_hdr(skb)->saddr, &saddr_buf);
1608 return;
1609
1610release:
1611 dst_release(dst);
1612}
1613
1614static void pndisc_redo(struct sk_buff *skb)
1615{
1616 ndisc_recv_ns(skb);
1617 kfree_skb(skb);
1618}
1619
1620static bool ndisc_suppress_frag_ndisc(struct sk_buff *skb)
1621{
1622 struct inet6_dev *idev = __in6_dev_get(skb->dev);
1623
1624 if (!idev)
1625 return true;
1626 if (IP6CB(skb)->flags & IP6SKB_FRAGMENTED &&
1627 idev->cnf.suppress_frag_ndisc) {
1628 net_warn_ratelimited("Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.\n");
1629 return true;
1630 }
1631 return false;
1632}
1633
1634int ndisc_rcv(struct sk_buff *skb)
1635{
1636 struct nd_msg *msg;
1637
1638 if (ndisc_suppress_frag_ndisc(skb))
1639 return 0;
1640
1641 if (skb_linearize(skb))
1642 return 0;
1643
1644 msg = (struct nd_msg *)skb_transport_header(skb);
1645
1646 __skb_push(skb, skb->data - skb_transport_header(skb));
1647
1648 if (ipv6_hdr(skb)->hop_limit != 255) {
1649 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1650 ipv6_hdr(skb)->hop_limit);
1651 return 0;
1652 }
1653
1654 if (msg->icmph.icmp6_code != 0) {
1655 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1656 msg->icmph.icmp6_code);
1657 return 0;
1658 }
1659
1660 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1661
1662 switch (msg->icmph.icmp6_type) {
1663 case NDISC_NEIGHBOUR_SOLICITATION:
1664 ndisc_recv_ns(skb);
1665 break;
1666
1667 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1668 ndisc_recv_na(skb);
1669 break;
1670
1671 case NDISC_ROUTER_SOLICITATION:
1672 ndisc_recv_rs(skb);
1673 break;
1674
1675 case NDISC_ROUTER_ADVERTISEMENT:
1676 ndisc_router_discovery(skb);
1677 break;
1678
1679 case NDISC_REDIRECT:
1680 ndisc_redirect_rcv(skb);
1681 break;
1682 }
1683
1684 return 0;
1685}
1686
1687static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1688{
1689 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1690 struct netdev_notifier_change_info *change_info;
1691 struct net *net = dev_net(dev);
1692 struct inet6_dev *idev;
1693
1694 switch (event) {
1695 case NETDEV_CHANGEADDR:
1696 neigh_changeaddr(&nd_tbl, dev);
1697 fib6_run_gc(0, net, false);
1698 idev = in6_dev_get(dev);
1699 if (!idev)
1700 break;
1701 if (idev->cnf.ndisc_notify)
1702 ndisc_send_unsol_na(dev);
1703 in6_dev_put(idev);
1704 break;
1705 case NETDEV_CHANGE:
1706 change_info = ptr;
1707 if (change_info->flags_changed & IFF_NOARP)
1708 neigh_changeaddr(&nd_tbl, dev);
1709 break;
1710 case NETDEV_DOWN:
1711 neigh_ifdown(&nd_tbl, dev);
1712 fib6_run_gc(0, net, false);
1713 break;
1714 case NETDEV_NOTIFY_PEERS:
1715 ndisc_send_unsol_na(dev);
1716 break;
1717 default:
1718 break;
1719 }
1720
1721 return NOTIFY_DONE;
1722}
1723
1724static struct notifier_block ndisc_netdev_notifier = {
1725 .notifier_call = ndisc_netdev_event,
1726};
1727
1728#ifdef CONFIG_SYSCTL
1729static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1730 const char *func, const char *dev_name)
1731{
1732 static char warncomm[TASK_COMM_LEN];
1733 static int warned;
1734 if (strcmp(warncomm, current->comm) && warned < 5) {
1735 strcpy(warncomm, current->comm);
1736 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1737 warncomm, func,
1738 dev_name, ctl->procname,
1739 dev_name, ctl->procname);
1740 warned++;
1741 }
1742}
1743
1744int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
1745{
1746 struct net_device *dev = ctl->extra1;
1747 struct inet6_dev *idev;
1748 int ret;
1749
1750 if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1751 (strcmp(ctl->procname, "base_reachable_time") == 0))
1752 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1753
1754 if (strcmp(ctl->procname, "retrans_time") == 0)
1755 ret = neigh_proc_dointvec(ctl, write, buffer, lenp, ppos);
1756
1757 else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1758 ret = neigh_proc_dointvec_jiffies(ctl, write,
1759 buffer, lenp, ppos);
1760
1761 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1762 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1763 ret = neigh_proc_dointvec_ms_jiffies(ctl, write,
1764 buffer, lenp, ppos);
1765 else
1766 ret = -1;
1767
1768 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1769 if (ctl->data == &NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME))
1770 idev->nd_parms->reachable_time =
1771 neigh_rand_reach_time(NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME));
1772 idev->tstamp = jiffies;
1773 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1774 in6_dev_put(idev);
1775 }
1776 return ret;
1777}
1778
1779
1780#endif
1781
1782static int __net_init ndisc_net_init(struct net *net)
1783{
1784 struct ipv6_pinfo *np;
1785 struct sock *sk;
1786 int err;
1787
1788 err = inet_ctl_sock_create(&sk, PF_INET6,
1789 SOCK_RAW, IPPROTO_ICMPV6, net);
1790 if (err < 0) {
1791 ND_PRINTK(0, err,
1792 "NDISC: Failed to initialize the control socket (err %d)\n",
1793 err);
1794 return err;
1795 }
1796
1797 net->ipv6.ndisc_sk = sk;
1798
1799 np = inet6_sk(sk);
1800 np->hop_limit = 255;
1801 /* Do not loopback ndisc messages */
1802 np->mc_loop = 0;
1803
1804 return 0;
1805}
1806
1807static void __net_exit ndisc_net_exit(struct net *net)
1808{
1809 inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1810}
1811
1812static struct pernet_operations ndisc_net_ops = {
1813 .init = ndisc_net_init,
1814 .exit = ndisc_net_exit,
1815};
1816
1817int __init ndisc_init(void)
1818{
1819 int err;
1820
1821 err = register_pernet_subsys(&ndisc_net_ops);
1822 if (err)
1823 return err;
1824 /*
1825 * Initialize the neighbour table
1826 */
1827 neigh_table_init(NEIGH_ND_TABLE, &nd_tbl);
1828
1829#ifdef CONFIG_SYSCTL
1830 err = neigh_sysctl_register(NULL, &nd_tbl.parms,
1831 ndisc_ifinfo_sysctl_change);
1832 if (err)
1833 goto out_unregister_pernet;
1834out:
1835#endif
1836 return err;
1837
1838#ifdef CONFIG_SYSCTL
1839out_unregister_pernet:
1840 unregister_pernet_subsys(&ndisc_net_ops);
1841 goto out;
1842#endif
1843}
1844
1845int __init ndisc_late_init(void)
1846{
1847 return register_netdevice_notifier(&ndisc_netdev_notifier);
1848}
1849
1850void ndisc_late_cleanup(void)
1851{
1852 unregister_netdevice_notifier(&ndisc_netdev_notifier);
1853}
1854
1855void ndisc_cleanup(void)
1856{
1857#ifdef CONFIG_SYSCTL
1858 neigh_sysctl_unregister(&nd_tbl.parms);
1859#endif
1860 neigh_table_clear(NEIGH_ND_TABLE, &nd_tbl);
1861 unregister_pernet_subsys(&ndisc_net_ops);
1862}