Loading...
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * Neighbour Discovery for IPv6
4 * Linux INET6 implementation
5 *
6 * Authors:
7 * Pedro Roque <roque@di.fc.ul.pt>
8 * Mike Shaver <shaver@ingenia.com>
9 */
10
11/*
12 * Changes:
13 *
14 * Alexey I. Froloff : RFC6106 (DNSSL) support
15 * Pierre Ynard : export userland ND options
16 * through netlink (RDNSS support)
17 * Lars Fenneberg : fixed MTU setting on receipt
18 * of an RA.
19 * Janos Farkas : kmalloc failure checks
20 * Alexey Kuznetsov : state machine reworked
21 * and moved to net/core.
22 * Pekka Savola : RFC2461 validation
23 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly
24 */
25
26#define pr_fmt(fmt) "ICMPv6: " fmt
27
28#include <linux/module.h>
29#include <linux/errno.h>
30#include <linux/types.h>
31#include <linux/socket.h>
32#include <linux/sockios.h>
33#include <linux/sched.h>
34#include <linux/net.h>
35#include <linux/in6.h>
36#include <linux/route.h>
37#include <linux/init.h>
38#include <linux/rcupdate.h>
39#include <linux/slab.h>
40#ifdef CONFIG_SYSCTL
41#include <linux/sysctl.h>
42#endif
43
44#include <linux/if_addr.h>
45#include <linux/if_ether.h>
46#include <linux/if_arp.h>
47#include <linux/ipv6.h>
48#include <linux/icmpv6.h>
49#include <linux/jhash.h>
50
51#include <net/sock.h>
52#include <net/snmp.h>
53
54#include <net/ipv6.h>
55#include <net/protocol.h>
56#include <net/ndisc.h>
57#include <net/ip6_route.h>
58#include <net/addrconf.h>
59#include <net/icmp.h>
60
61#include <net/netlink.h>
62#include <linux/rtnetlink.h>
63
64#include <net/flow.h>
65#include <net/ip6_checksum.h>
66#include <net/inet_common.h>
67#include <linux/proc_fs.h>
68
69#include <linux/netfilter.h>
70#include <linux/netfilter_ipv6.h>
71
72static u32 ndisc_hash(const void *pkey,
73 const struct net_device *dev,
74 __u32 *hash_rnd);
75static bool ndisc_key_eq(const struct neighbour *neigh, const void *pkey);
76static bool ndisc_allow_add(const struct net_device *dev,
77 struct netlink_ext_ack *extack);
78static int ndisc_constructor(struct neighbour *neigh);
79static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
80static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
81static int pndisc_constructor(struct pneigh_entry *n);
82static void pndisc_destructor(struct pneigh_entry *n);
83static void pndisc_redo(struct sk_buff *skb);
84static int ndisc_is_multicast(const void *pkey);
85
86static const struct neigh_ops ndisc_generic_ops = {
87 .family = AF_INET6,
88 .solicit = ndisc_solicit,
89 .error_report = ndisc_error_report,
90 .output = neigh_resolve_output,
91 .connected_output = neigh_connected_output,
92};
93
94static const struct neigh_ops ndisc_hh_ops = {
95 .family = AF_INET6,
96 .solicit = ndisc_solicit,
97 .error_report = ndisc_error_report,
98 .output = neigh_resolve_output,
99 .connected_output = neigh_resolve_output,
100};
101
102
103static const struct neigh_ops ndisc_direct_ops = {
104 .family = AF_INET6,
105 .output = neigh_direct_output,
106 .connected_output = neigh_direct_output,
107};
108
109struct neigh_table nd_tbl = {
110 .family = AF_INET6,
111 .key_len = sizeof(struct in6_addr),
112 .protocol = cpu_to_be16(ETH_P_IPV6),
113 .hash = ndisc_hash,
114 .key_eq = ndisc_key_eq,
115 .constructor = ndisc_constructor,
116 .pconstructor = pndisc_constructor,
117 .pdestructor = pndisc_destructor,
118 .proxy_redo = pndisc_redo,
119 .is_multicast = ndisc_is_multicast,
120 .allow_add = ndisc_allow_add,
121 .id = "ndisc_cache",
122 .parms = {
123 .tbl = &nd_tbl,
124 .reachable_time = ND_REACHABLE_TIME,
125 .data = {
126 [NEIGH_VAR_MCAST_PROBES] = 3,
127 [NEIGH_VAR_UCAST_PROBES] = 3,
128 [NEIGH_VAR_RETRANS_TIME] = ND_RETRANS_TIMER,
129 [NEIGH_VAR_BASE_REACHABLE_TIME] = ND_REACHABLE_TIME,
130 [NEIGH_VAR_DELAY_PROBE_TIME] = 5 * HZ,
131 [NEIGH_VAR_INTERVAL_PROBE_TIME_MS] = 5 * HZ,
132 [NEIGH_VAR_GC_STALETIME] = 60 * HZ,
133 [NEIGH_VAR_QUEUE_LEN_BYTES] = SK_WMEM_MAX,
134 [NEIGH_VAR_PROXY_QLEN] = 64,
135 [NEIGH_VAR_ANYCAST_DELAY] = 1 * HZ,
136 [NEIGH_VAR_PROXY_DELAY] = (8 * HZ) / 10,
137 },
138 },
139 .gc_interval = 30 * HZ,
140 .gc_thresh1 = 128,
141 .gc_thresh2 = 512,
142 .gc_thresh3 = 1024,
143};
144EXPORT_SYMBOL_GPL(nd_tbl);
145
146void __ndisc_fill_addr_option(struct sk_buff *skb, int type, const void *data,
147 int data_len, int pad)
148{
149 int space = __ndisc_opt_addr_space(data_len, pad);
150 u8 *opt = skb_put(skb, space);
151
152 opt[0] = type;
153 opt[1] = space>>3;
154
155 memset(opt + 2, 0, pad);
156 opt += pad;
157 space -= pad;
158
159 memcpy(opt+2, data, data_len);
160 data_len += 2;
161 opt += data_len;
162 space -= data_len;
163 if (space > 0)
164 memset(opt, 0, space);
165}
166EXPORT_SYMBOL_GPL(__ndisc_fill_addr_option);
167
168static inline void ndisc_fill_addr_option(struct sk_buff *skb, int type,
169 const void *data, u8 icmp6_type)
170{
171 __ndisc_fill_addr_option(skb, type, data, skb->dev->addr_len,
172 ndisc_addr_option_pad(skb->dev->type));
173 ndisc_ops_fill_addr_option(skb->dev, skb, icmp6_type);
174}
175
176static inline void ndisc_fill_redirect_addr_option(struct sk_buff *skb,
177 void *ha,
178 const u8 *ops_data)
179{
180 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR, ha, NDISC_REDIRECT);
181 ndisc_ops_fill_redirect_addr_option(skb->dev, skb, ops_data);
182}
183
184static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
185 struct nd_opt_hdr *end)
186{
187 int type;
188 if (!cur || !end || cur >= end)
189 return NULL;
190 type = cur->nd_opt_type;
191 do {
192 cur = ((void *)cur) + (cur->nd_opt_len << 3);
193 } while (cur < end && cur->nd_opt_type != type);
194 return cur <= end && cur->nd_opt_type == type ? cur : NULL;
195}
196
197static inline int ndisc_is_useropt(const struct net_device *dev,
198 struct nd_opt_hdr *opt)
199{
200 return opt->nd_opt_type == ND_OPT_PREFIX_INFO ||
201 opt->nd_opt_type == ND_OPT_RDNSS ||
202 opt->nd_opt_type == ND_OPT_DNSSL ||
203 opt->nd_opt_type == ND_OPT_CAPTIVE_PORTAL ||
204 opt->nd_opt_type == ND_OPT_PREF64 ||
205 ndisc_ops_is_useropt(dev, opt->nd_opt_type);
206}
207
208static struct nd_opt_hdr *ndisc_next_useropt(const struct net_device *dev,
209 struct nd_opt_hdr *cur,
210 struct nd_opt_hdr *end)
211{
212 if (!cur || !end || cur >= end)
213 return NULL;
214 do {
215 cur = ((void *)cur) + (cur->nd_opt_len << 3);
216 } while (cur < end && !ndisc_is_useropt(dev, cur));
217 return cur <= end && ndisc_is_useropt(dev, cur) ? cur : NULL;
218}
219
220struct ndisc_options *ndisc_parse_options(const struct net_device *dev,
221 u8 *opt, int opt_len,
222 struct ndisc_options *ndopts)
223{
224 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
225
226 if (!nd_opt || opt_len < 0 || !ndopts)
227 return NULL;
228 memset(ndopts, 0, sizeof(*ndopts));
229 while (opt_len) {
230 int l;
231 if (opt_len < sizeof(struct nd_opt_hdr))
232 return NULL;
233 l = nd_opt->nd_opt_len << 3;
234 if (opt_len < l || l == 0)
235 return NULL;
236 if (ndisc_ops_parse_options(dev, nd_opt, ndopts))
237 goto next_opt;
238 switch (nd_opt->nd_opt_type) {
239 case ND_OPT_SOURCE_LL_ADDR:
240 case ND_OPT_TARGET_LL_ADDR:
241 case ND_OPT_MTU:
242 case ND_OPT_NONCE:
243 case ND_OPT_REDIRECT_HDR:
244 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
245 ND_PRINTK(2, warn,
246 "%s: duplicated ND6 option found: type=%d\n",
247 __func__, nd_opt->nd_opt_type);
248 } else {
249 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
250 }
251 break;
252 case ND_OPT_PREFIX_INFO:
253 ndopts->nd_opts_pi_end = nd_opt;
254 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
255 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
256 break;
257#ifdef CONFIG_IPV6_ROUTE_INFO
258 case ND_OPT_ROUTE_INFO:
259 ndopts->nd_opts_ri_end = nd_opt;
260 if (!ndopts->nd_opts_ri)
261 ndopts->nd_opts_ri = nd_opt;
262 break;
263#endif
264 default:
265 if (ndisc_is_useropt(dev, nd_opt)) {
266 ndopts->nd_useropts_end = nd_opt;
267 if (!ndopts->nd_useropts)
268 ndopts->nd_useropts = nd_opt;
269 } else {
270 /*
271 * Unknown options must be silently ignored,
272 * to accommodate future extension to the
273 * protocol.
274 */
275 ND_PRINTK(2, notice,
276 "%s: ignored unsupported option; type=%d, len=%d\n",
277 __func__,
278 nd_opt->nd_opt_type,
279 nd_opt->nd_opt_len);
280 }
281 }
282next_opt:
283 opt_len -= l;
284 nd_opt = ((void *)nd_opt) + l;
285 }
286 return ndopts;
287}
288
289int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
290{
291 switch (dev->type) {
292 case ARPHRD_ETHER:
293 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */
294 case ARPHRD_FDDI:
295 ipv6_eth_mc_map(addr, buf);
296 return 0;
297 case ARPHRD_ARCNET:
298 ipv6_arcnet_mc_map(addr, buf);
299 return 0;
300 case ARPHRD_INFINIBAND:
301 ipv6_ib_mc_map(addr, dev->broadcast, buf);
302 return 0;
303 case ARPHRD_IPGRE:
304 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
305 default:
306 if (dir) {
307 memcpy(buf, dev->broadcast, dev->addr_len);
308 return 0;
309 }
310 }
311 return -EINVAL;
312}
313EXPORT_SYMBOL(ndisc_mc_map);
314
315static u32 ndisc_hash(const void *pkey,
316 const struct net_device *dev,
317 __u32 *hash_rnd)
318{
319 return ndisc_hashfn(pkey, dev, hash_rnd);
320}
321
322static bool ndisc_key_eq(const struct neighbour *n, const void *pkey)
323{
324 return neigh_key_eq128(n, pkey);
325}
326
327static int ndisc_constructor(struct neighbour *neigh)
328{
329 struct in6_addr *addr = (struct in6_addr *)&neigh->primary_key;
330 struct net_device *dev = neigh->dev;
331 struct inet6_dev *in6_dev;
332 struct neigh_parms *parms;
333 bool is_multicast = ipv6_addr_is_multicast(addr);
334
335 in6_dev = in6_dev_get(dev);
336 if (!in6_dev) {
337 return -EINVAL;
338 }
339
340 parms = in6_dev->nd_parms;
341 __neigh_parms_put(neigh->parms);
342 neigh->parms = neigh_parms_clone(parms);
343
344 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
345 if (!dev->header_ops) {
346 neigh->nud_state = NUD_NOARP;
347 neigh->ops = &ndisc_direct_ops;
348 neigh->output = neigh_direct_output;
349 } else {
350 if (is_multicast) {
351 neigh->nud_state = NUD_NOARP;
352 ndisc_mc_map(addr, neigh->ha, dev, 1);
353 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
354 neigh->nud_state = NUD_NOARP;
355 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
356 if (dev->flags&IFF_LOOPBACK)
357 neigh->type = RTN_LOCAL;
358 } else if (dev->flags&IFF_POINTOPOINT) {
359 neigh->nud_state = NUD_NOARP;
360 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
361 }
362 if (dev->header_ops->cache)
363 neigh->ops = &ndisc_hh_ops;
364 else
365 neigh->ops = &ndisc_generic_ops;
366 if (neigh->nud_state&NUD_VALID)
367 neigh->output = neigh->ops->connected_output;
368 else
369 neigh->output = neigh->ops->output;
370 }
371 in6_dev_put(in6_dev);
372 return 0;
373}
374
375static int pndisc_constructor(struct pneigh_entry *n)
376{
377 struct in6_addr *addr = (struct in6_addr *)&n->key;
378 struct in6_addr maddr;
379 struct net_device *dev = n->dev;
380
381 if (!dev || !__in6_dev_get(dev))
382 return -EINVAL;
383 addrconf_addr_solict_mult(addr, &maddr);
384 ipv6_dev_mc_inc(dev, &maddr);
385 return 0;
386}
387
388static void pndisc_destructor(struct pneigh_entry *n)
389{
390 struct in6_addr *addr = (struct in6_addr *)&n->key;
391 struct in6_addr maddr;
392 struct net_device *dev = n->dev;
393
394 if (!dev || !__in6_dev_get(dev))
395 return;
396 addrconf_addr_solict_mult(addr, &maddr);
397 ipv6_dev_mc_dec(dev, &maddr);
398}
399
400/* called with rtnl held */
401static bool ndisc_allow_add(const struct net_device *dev,
402 struct netlink_ext_ack *extack)
403{
404 struct inet6_dev *idev = __in6_dev_get(dev);
405
406 if (!idev || idev->cnf.disable_ipv6) {
407 NL_SET_ERR_MSG(extack, "IPv6 is disabled on this device");
408 return false;
409 }
410
411 return true;
412}
413
414static struct sk_buff *ndisc_alloc_skb(struct net_device *dev,
415 int len)
416{
417 int hlen = LL_RESERVED_SPACE(dev);
418 int tlen = dev->needed_tailroom;
419 struct sock *sk = dev_net(dev)->ipv6.ndisc_sk;
420 struct sk_buff *skb;
421
422 skb = alloc_skb(hlen + sizeof(struct ipv6hdr) + len + tlen, GFP_ATOMIC);
423 if (!skb) {
424 ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb\n",
425 __func__);
426 return NULL;
427 }
428
429 skb->protocol = htons(ETH_P_IPV6);
430 skb->dev = dev;
431
432 skb_reserve(skb, hlen + sizeof(struct ipv6hdr));
433 skb_reset_transport_header(skb);
434
435 /* Manually assign socket ownership as we avoid calling
436 * sock_alloc_send_pskb() to bypass wmem buffer limits
437 */
438 skb_set_owner_w(skb, sk);
439
440 return skb;
441}
442
443static void ip6_nd_hdr(struct sk_buff *skb,
444 const struct in6_addr *saddr,
445 const struct in6_addr *daddr,
446 int hop_limit, int len)
447{
448 struct ipv6hdr *hdr;
449 struct inet6_dev *idev;
450 unsigned tclass;
451
452 rcu_read_lock();
453 idev = __in6_dev_get(skb->dev);
454 tclass = idev ? READ_ONCE(idev->cnf.ndisc_tclass) : 0;
455 rcu_read_unlock();
456
457 skb_push(skb, sizeof(*hdr));
458 skb_reset_network_header(skb);
459 hdr = ipv6_hdr(skb);
460
461 ip6_flow_hdr(hdr, tclass, 0);
462
463 hdr->payload_len = htons(len);
464 hdr->nexthdr = IPPROTO_ICMPV6;
465 hdr->hop_limit = hop_limit;
466
467 hdr->saddr = *saddr;
468 hdr->daddr = *daddr;
469}
470
471void ndisc_send_skb(struct sk_buff *skb, const struct in6_addr *daddr,
472 const struct in6_addr *saddr)
473{
474 struct dst_entry *dst = skb_dst(skb);
475 struct net *net = dev_net(skb->dev);
476 struct sock *sk = net->ipv6.ndisc_sk;
477 struct inet6_dev *idev;
478 int err;
479 struct icmp6hdr *icmp6h = icmp6_hdr(skb);
480 u8 type;
481
482 type = icmp6h->icmp6_type;
483
484 if (!dst) {
485 struct flowi6 fl6;
486 int oif = skb->dev->ifindex;
487
488 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, oif);
489 dst = icmp6_dst_alloc(skb->dev, &fl6);
490 if (IS_ERR(dst)) {
491 kfree_skb(skb);
492 return;
493 }
494
495 skb_dst_set(skb, dst);
496 }
497
498 icmp6h->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len,
499 IPPROTO_ICMPV6,
500 csum_partial(icmp6h,
501 skb->len, 0));
502
503 ip6_nd_hdr(skb, saddr, daddr, READ_ONCE(inet6_sk(sk)->hop_limit), skb->len);
504
505 rcu_read_lock();
506 idev = __in6_dev_get(dst->dev);
507 IP6_INC_STATS(net, idev, IPSTATS_MIB_OUTREQUESTS);
508
509 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT,
510 net, sk, skb, NULL, dst->dev,
511 dst_output);
512 if (!err) {
513 ICMP6MSGOUT_INC_STATS(net, idev, type);
514 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
515 }
516
517 rcu_read_unlock();
518}
519EXPORT_SYMBOL(ndisc_send_skb);
520
521void ndisc_send_na(struct net_device *dev, const struct in6_addr *daddr,
522 const struct in6_addr *solicited_addr,
523 bool router, bool solicited, bool override, bool inc_opt)
524{
525 struct sk_buff *skb;
526 struct in6_addr tmpaddr;
527 struct inet6_ifaddr *ifp;
528 const struct in6_addr *src_addr;
529 struct nd_msg *msg;
530 int optlen = 0;
531
532 /* for anycast or proxy, solicited_addr != src_addr */
533 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
534 if (ifp) {
535 src_addr = solicited_addr;
536 if (ifp->flags & IFA_F_OPTIMISTIC)
537 override = false;
538 inc_opt |= READ_ONCE(ifp->idev->cnf.force_tllao);
539 in6_ifa_put(ifp);
540 } else {
541 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
542 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
543 &tmpaddr))
544 return;
545 src_addr = &tmpaddr;
546 }
547
548 if (!dev->addr_len)
549 inc_opt = false;
550 if (inc_opt)
551 optlen += ndisc_opt_addr_space(dev,
552 NDISC_NEIGHBOUR_ADVERTISEMENT);
553
554 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
555 if (!skb)
556 return;
557
558 msg = skb_put(skb, sizeof(*msg));
559 *msg = (struct nd_msg) {
560 .icmph = {
561 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
562 .icmp6_router = router,
563 .icmp6_solicited = solicited,
564 .icmp6_override = override,
565 },
566 .target = *solicited_addr,
567 };
568
569 if (inc_opt)
570 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR,
571 dev->dev_addr,
572 NDISC_NEIGHBOUR_ADVERTISEMENT);
573
574 ndisc_send_skb(skb, daddr, src_addr);
575}
576
577static void ndisc_send_unsol_na(struct net_device *dev)
578{
579 struct inet6_dev *idev;
580 struct inet6_ifaddr *ifa;
581
582 idev = in6_dev_get(dev);
583 if (!idev)
584 return;
585
586 read_lock_bh(&idev->lock);
587 list_for_each_entry(ifa, &idev->addr_list, if_list) {
588 /* skip tentative addresses until dad completes */
589 if (ifa->flags & IFA_F_TENTATIVE &&
590 !(ifa->flags & IFA_F_OPTIMISTIC))
591 continue;
592
593 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &ifa->addr,
594 /*router=*/ !!idev->cnf.forwarding,
595 /*solicited=*/ false, /*override=*/ true,
596 /*inc_opt=*/ true);
597 }
598 read_unlock_bh(&idev->lock);
599
600 in6_dev_put(idev);
601}
602
603struct sk_buff *ndisc_ns_create(struct net_device *dev, const struct in6_addr *solicit,
604 const struct in6_addr *saddr, u64 nonce)
605{
606 int inc_opt = dev->addr_len;
607 struct sk_buff *skb;
608 struct nd_msg *msg;
609 int optlen = 0;
610
611 if (!saddr)
612 return NULL;
613
614 if (ipv6_addr_any(saddr))
615 inc_opt = false;
616 if (inc_opt)
617 optlen += ndisc_opt_addr_space(dev,
618 NDISC_NEIGHBOUR_SOLICITATION);
619 if (nonce != 0)
620 optlen += 8;
621
622 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
623 if (!skb)
624 return NULL;
625
626 msg = skb_put(skb, sizeof(*msg));
627 *msg = (struct nd_msg) {
628 .icmph = {
629 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
630 },
631 .target = *solicit,
632 };
633
634 if (inc_opt)
635 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
636 dev->dev_addr,
637 NDISC_NEIGHBOUR_SOLICITATION);
638 if (nonce != 0) {
639 u8 *opt = skb_put(skb, 8);
640
641 opt[0] = ND_OPT_NONCE;
642 opt[1] = 8 >> 3;
643 memcpy(opt + 2, &nonce, 6);
644 }
645
646 return skb;
647}
648EXPORT_SYMBOL(ndisc_ns_create);
649
650void ndisc_send_ns(struct net_device *dev, const struct in6_addr *solicit,
651 const struct in6_addr *daddr, const struct in6_addr *saddr,
652 u64 nonce)
653{
654 struct in6_addr addr_buf;
655 struct sk_buff *skb;
656
657 if (!saddr) {
658 if (ipv6_get_lladdr(dev, &addr_buf,
659 (IFA_F_TENTATIVE | IFA_F_OPTIMISTIC)))
660 return;
661 saddr = &addr_buf;
662 }
663
664 skb = ndisc_ns_create(dev, solicit, saddr, nonce);
665
666 if (skb)
667 ndisc_send_skb(skb, daddr, saddr);
668}
669
670void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
671 const struct in6_addr *daddr)
672{
673 struct sk_buff *skb;
674 struct rs_msg *msg;
675 int send_sllao = dev->addr_len;
676 int optlen = 0;
677
678#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
679 /*
680 * According to section 2.2 of RFC 4429, we must not
681 * send router solicitations with a sllao from
682 * optimistic addresses, but we may send the solicitation
683 * if we don't include the sllao. So here we check
684 * if our address is optimistic, and if so, we
685 * suppress the inclusion of the sllao.
686 */
687 if (send_sllao) {
688 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
689 dev, 1);
690 if (ifp) {
691 if (ifp->flags & IFA_F_OPTIMISTIC) {
692 send_sllao = 0;
693 }
694 in6_ifa_put(ifp);
695 } else {
696 send_sllao = 0;
697 }
698 }
699#endif
700 if (send_sllao)
701 optlen += ndisc_opt_addr_space(dev, NDISC_ROUTER_SOLICITATION);
702
703 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
704 if (!skb)
705 return;
706
707 msg = skb_put(skb, sizeof(*msg));
708 *msg = (struct rs_msg) {
709 .icmph = {
710 .icmp6_type = NDISC_ROUTER_SOLICITATION,
711 },
712 };
713
714 if (send_sllao)
715 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
716 dev->dev_addr,
717 NDISC_ROUTER_SOLICITATION);
718
719 ndisc_send_skb(skb, daddr, saddr);
720}
721
722
723static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
724{
725 /*
726 * "The sender MUST return an ICMP
727 * destination unreachable"
728 */
729 dst_link_failure(skb);
730 kfree_skb(skb);
731}
732
733/* Called with locked neigh: either read or both */
734
735static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
736{
737 struct in6_addr *saddr = NULL;
738 struct in6_addr mcaddr;
739 struct net_device *dev = neigh->dev;
740 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
741 int probes = atomic_read(&neigh->probes);
742
743 if (skb && ipv6_chk_addr_and_flags(dev_net(dev), &ipv6_hdr(skb)->saddr,
744 dev, false, 1,
745 IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))
746 saddr = &ipv6_hdr(skb)->saddr;
747 probes -= NEIGH_VAR(neigh->parms, UCAST_PROBES);
748 if (probes < 0) {
749 if (!(READ_ONCE(neigh->nud_state) & NUD_VALID)) {
750 ND_PRINTK(1, dbg,
751 "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
752 __func__, target);
753 }
754 ndisc_send_ns(dev, target, target, saddr, 0);
755 } else if ((probes -= NEIGH_VAR(neigh->parms, APP_PROBES)) < 0) {
756 neigh_app_ns(neigh);
757 } else {
758 addrconf_addr_solict_mult(target, &mcaddr);
759 ndisc_send_ns(dev, target, &mcaddr, saddr, 0);
760 }
761}
762
763static int pndisc_is_router(const void *pkey,
764 struct net_device *dev)
765{
766 struct pneigh_entry *n;
767 int ret = -1;
768
769 read_lock_bh(&nd_tbl.lock);
770 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
771 if (n)
772 ret = !!(n->flags & NTF_ROUTER);
773 read_unlock_bh(&nd_tbl.lock);
774
775 return ret;
776}
777
778void ndisc_update(const struct net_device *dev, struct neighbour *neigh,
779 const u8 *lladdr, u8 new, u32 flags, u8 icmp6_type,
780 struct ndisc_options *ndopts)
781{
782 neigh_update(neigh, lladdr, new, flags, 0);
783 /* report ndisc ops about neighbour update */
784 ndisc_ops_update(dev, neigh, flags, icmp6_type, ndopts);
785}
786
787static enum skb_drop_reason ndisc_recv_ns(struct sk_buff *skb)
788{
789 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
790 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
791 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
792 u8 *lladdr = NULL;
793 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
794 offsetof(struct nd_msg, opt));
795 struct ndisc_options ndopts;
796 struct net_device *dev = skb->dev;
797 struct inet6_ifaddr *ifp;
798 struct inet6_dev *idev = NULL;
799 struct neighbour *neigh;
800 int dad = ipv6_addr_any(saddr);
801 int is_router = -1;
802 SKB_DR(reason);
803 u64 nonce = 0;
804 bool inc;
805
806 if (skb->len < sizeof(struct nd_msg))
807 return SKB_DROP_REASON_PKT_TOO_SMALL;
808
809 if (ipv6_addr_is_multicast(&msg->target)) {
810 ND_PRINTK(2, warn, "NS: multicast target address\n");
811 return reason;
812 }
813
814 /*
815 * RFC2461 7.1.1:
816 * DAD has to be destined for solicited node multicast address.
817 */
818 if (dad && !ipv6_addr_is_solict_mult(daddr)) {
819 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
820 return reason;
821 }
822
823 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts))
824 return SKB_DROP_REASON_IPV6_NDISC_BAD_OPTIONS;
825
826 if (ndopts.nd_opts_src_lladdr) {
827 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
828 if (!lladdr) {
829 ND_PRINTK(2, warn,
830 "NS: invalid link-layer address length\n");
831 return reason;
832 }
833
834 /* RFC2461 7.1.1:
835 * If the IP source address is the unspecified address,
836 * there MUST NOT be source link-layer address option
837 * in the message.
838 */
839 if (dad) {
840 ND_PRINTK(2, warn,
841 "NS: bad DAD packet (link-layer address option)\n");
842 return reason;
843 }
844 }
845 if (ndopts.nd_opts_nonce && ndopts.nd_opts_nonce->nd_opt_len == 1)
846 memcpy(&nonce, (u8 *)(ndopts.nd_opts_nonce + 1), 6);
847
848 inc = ipv6_addr_is_multicast(daddr);
849
850 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
851 if (ifp) {
852have_ifp:
853 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
854 if (dad) {
855 if (nonce != 0 && ifp->dad_nonce == nonce) {
856 u8 *np = (u8 *)&nonce;
857 /* Matching nonce if looped back */
858 ND_PRINTK(2, notice,
859 "%s: IPv6 DAD loopback for address %pI6c nonce %pM ignored\n",
860 ifp->idev->dev->name,
861 &ifp->addr, np);
862 goto out;
863 }
864 /*
865 * We are colliding with another node
866 * who is doing DAD
867 * so fail our DAD process
868 */
869 addrconf_dad_failure(skb, ifp);
870 return reason;
871 } else {
872 /*
873 * This is not a dad solicitation.
874 * If we are an optimistic node,
875 * we should respond.
876 * Otherwise, we should ignore it.
877 */
878 if (!(ifp->flags & IFA_F_OPTIMISTIC))
879 goto out;
880 }
881 }
882
883 idev = ifp->idev;
884 } else {
885 struct net *net = dev_net(dev);
886
887 /* perhaps an address on the master device */
888 if (netif_is_l3_slave(dev)) {
889 struct net_device *mdev;
890
891 mdev = netdev_master_upper_dev_get_rcu(dev);
892 if (mdev) {
893 ifp = ipv6_get_ifaddr(net, &msg->target, mdev, 1);
894 if (ifp)
895 goto have_ifp;
896 }
897 }
898
899 idev = in6_dev_get(dev);
900 if (!idev) {
901 /* XXX: count this drop? */
902 return reason;
903 }
904
905 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
906 (READ_ONCE(idev->cnf.forwarding) &&
907 (READ_ONCE(net->ipv6.devconf_all->proxy_ndp) ||
908 READ_ONCE(idev->cnf.proxy_ndp)) &&
909 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
910 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
911 skb->pkt_type != PACKET_HOST &&
912 inc &&
913 NEIGH_VAR(idev->nd_parms, PROXY_DELAY) != 0) {
914 /*
915 * for anycast or proxy,
916 * sender should delay its response
917 * by a random time between 0 and
918 * MAX_ANYCAST_DELAY_TIME seconds.
919 * (RFC2461) -- yoshfuji
920 */
921 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
922 if (n)
923 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
924 goto out;
925 }
926 } else {
927 SKB_DR_SET(reason, IPV6_NDISC_NS_OTHERHOST);
928 goto out;
929 }
930 }
931
932 if (is_router < 0)
933 is_router = READ_ONCE(idev->cnf.forwarding);
934
935 if (dad) {
936 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &msg->target,
937 !!is_router, false, (ifp != NULL), true);
938 goto out;
939 }
940
941 if (inc)
942 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
943 else
944 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
945
946 /*
947 * update / create cache entry
948 * for the source address
949 */
950 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
951 !inc || lladdr || !dev->addr_len);
952 if (neigh)
953 ndisc_update(dev, neigh, lladdr, NUD_STALE,
954 NEIGH_UPDATE_F_WEAK_OVERRIDE|
955 NEIGH_UPDATE_F_OVERRIDE,
956 NDISC_NEIGHBOUR_SOLICITATION, &ndopts);
957 if (neigh || !dev->header_ops) {
958 ndisc_send_na(dev, saddr, &msg->target, !!is_router,
959 true, (ifp != NULL && inc), inc);
960 if (neigh)
961 neigh_release(neigh);
962 reason = SKB_CONSUMED;
963 }
964
965out:
966 if (ifp)
967 in6_ifa_put(ifp);
968 else
969 in6_dev_put(idev);
970 return reason;
971}
972
973static int accept_untracked_na(struct net_device *dev, struct in6_addr *saddr)
974{
975 struct inet6_dev *idev = __in6_dev_get(dev);
976
977 switch (READ_ONCE(idev->cnf.accept_untracked_na)) {
978 case 0: /* Don't accept untracked na (absent in neighbor cache) */
979 return 0;
980 case 1: /* Create new entries from na if currently untracked */
981 return 1;
982 case 2: /* Create new entries from untracked na only if saddr is in the
983 * same subnet as an address configured on the interface that
984 * received the na
985 */
986 return !!ipv6_chk_prefix(saddr, dev);
987 default:
988 return 0;
989 }
990}
991
992static enum skb_drop_reason ndisc_recv_na(struct sk_buff *skb)
993{
994 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
995 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
996 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
997 u8 *lladdr = NULL;
998 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
999 offsetof(struct nd_msg, opt));
1000 struct ndisc_options ndopts;
1001 struct net_device *dev = skb->dev;
1002 struct inet6_dev *idev = __in6_dev_get(dev);
1003 struct inet6_ifaddr *ifp;
1004 struct neighbour *neigh;
1005 SKB_DR(reason);
1006 u8 new_state;
1007
1008 if (skb->len < sizeof(struct nd_msg))
1009 return SKB_DROP_REASON_PKT_TOO_SMALL;
1010
1011 if (ipv6_addr_is_multicast(&msg->target)) {
1012 ND_PRINTK(2, warn, "NA: target address is multicast\n");
1013 return reason;
1014 }
1015
1016 if (ipv6_addr_is_multicast(daddr) &&
1017 msg->icmph.icmp6_solicited) {
1018 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
1019 return reason;
1020 }
1021
1022 /* For some 802.11 wireless deployments (and possibly other networks),
1023 * there will be a NA proxy and unsolicitd packets are attacks
1024 * and thus should not be accepted.
1025 * drop_unsolicited_na takes precedence over accept_untracked_na
1026 */
1027 if (!msg->icmph.icmp6_solicited && idev &&
1028 READ_ONCE(idev->cnf.drop_unsolicited_na))
1029 return reason;
1030
1031 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts))
1032 return SKB_DROP_REASON_IPV6_NDISC_BAD_OPTIONS;
1033
1034 if (ndopts.nd_opts_tgt_lladdr) {
1035 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
1036 if (!lladdr) {
1037 ND_PRINTK(2, warn,
1038 "NA: invalid link-layer address length\n");
1039 return reason;
1040 }
1041 }
1042 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
1043 if (ifp) {
1044 if (skb->pkt_type != PACKET_LOOPBACK
1045 && (ifp->flags & IFA_F_TENTATIVE)) {
1046 addrconf_dad_failure(skb, ifp);
1047 return reason;
1048 }
1049 /* What should we make now? The advertisement
1050 is invalid, but ndisc specs say nothing
1051 about it. It could be misconfiguration, or
1052 an smart proxy agent tries to help us :-)
1053
1054 We should not print the error if NA has been
1055 received from loopback - it is just our own
1056 unsolicited advertisement.
1057 */
1058 if (skb->pkt_type != PACKET_LOOPBACK)
1059 ND_PRINTK(1, warn,
1060 "NA: %pM advertised our address %pI6c on %s!\n",
1061 eth_hdr(skb)->h_source, &ifp->addr, ifp->idev->dev->name);
1062 in6_ifa_put(ifp);
1063 return reason;
1064 }
1065
1066 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
1067
1068 /* RFC 9131 updates original Neighbour Discovery RFC 4861.
1069 * NAs with Target LL Address option without a corresponding
1070 * entry in the neighbour cache can now create a STALE neighbour
1071 * cache entry on routers.
1072 *
1073 * entry accept fwding solicited behaviour
1074 * ------- ------ ------ --------- ----------------------
1075 * present X X 0 Set state to STALE
1076 * present X X 1 Set state to REACHABLE
1077 * absent 0 X X Do nothing
1078 * absent 1 0 X Do nothing
1079 * absent 1 1 X Add a new STALE entry
1080 *
1081 * Note that we don't do a (daddr == all-routers-mcast) check.
1082 */
1083 new_state = msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE;
1084 if (!neigh && lladdr && idev && READ_ONCE(idev->cnf.forwarding)) {
1085 if (accept_untracked_na(dev, saddr)) {
1086 neigh = neigh_create(&nd_tbl, &msg->target, dev);
1087 new_state = NUD_STALE;
1088 }
1089 }
1090
1091 if (neigh && !IS_ERR(neigh)) {
1092 u8 old_flags = neigh->flags;
1093 struct net *net = dev_net(dev);
1094
1095 if (READ_ONCE(neigh->nud_state) & NUD_FAILED)
1096 goto out;
1097
1098 /*
1099 * Don't update the neighbor cache entry on a proxy NA from
1100 * ourselves because either the proxied node is off link or it
1101 * has already sent a NA to us.
1102 */
1103 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
1104 READ_ONCE(net->ipv6.devconf_all->forwarding) &&
1105 READ_ONCE(net->ipv6.devconf_all->proxy_ndp) &&
1106 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
1107 /* XXX: idev->cnf.proxy_ndp */
1108 goto out;
1109 }
1110
1111 ndisc_update(dev, neigh, lladdr,
1112 new_state,
1113 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1114 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
1115 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1116 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0),
1117 NDISC_NEIGHBOUR_ADVERTISEMENT, &ndopts);
1118
1119 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
1120 /*
1121 * Change: router to host
1122 */
1123 rt6_clean_tohost(dev_net(dev), saddr);
1124 }
1125 reason = SKB_CONSUMED;
1126out:
1127 neigh_release(neigh);
1128 }
1129 return reason;
1130}
1131
1132static enum skb_drop_reason ndisc_recv_rs(struct sk_buff *skb)
1133{
1134 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
1135 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
1136 struct neighbour *neigh;
1137 struct inet6_dev *idev;
1138 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
1139 struct ndisc_options ndopts;
1140 u8 *lladdr = NULL;
1141 SKB_DR(reason);
1142
1143 if (skb->len < sizeof(*rs_msg))
1144 return SKB_DROP_REASON_PKT_TOO_SMALL;
1145
1146 idev = __in6_dev_get(skb->dev);
1147 if (!idev) {
1148 ND_PRINTK(1, err, "RS: can't find in6 device\n");
1149 return reason;
1150 }
1151
1152 /* Don't accept RS if we're not in router mode */
1153 if (!READ_ONCE(idev->cnf.forwarding))
1154 goto out;
1155
1156 /*
1157 * Don't update NCE if src = ::;
1158 * this implies that the source node has no ip address assigned yet.
1159 */
1160 if (ipv6_addr_any(saddr))
1161 goto out;
1162
1163 /* Parse ND options */
1164 if (!ndisc_parse_options(skb->dev, rs_msg->opt, ndoptlen, &ndopts))
1165 return SKB_DROP_REASON_IPV6_NDISC_BAD_OPTIONS;
1166
1167 if (ndopts.nd_opts_src_lladdr) {
1168 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1169 skb->dev);
1170 if (!lladdr)
1171 goto out;
1172 }
1173
1174 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1175 if (neigh) {
1176 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1177 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1178 NEIGH_UPDATE_F_OVERRIDE|
1179 NEIGH_UPDATE_F_OVERRIDE_ISROUTER,
1180 NDISC_ROUTER_SOLICITATION, &ndopts);
1181 neigh_release(neigh);
1182 reason = SKB_CONSUMED;
1183 }
1184out:
1185 return reason;
1186}
1187
1188static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1189{
1190 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1191 struct sk_buff *skb;
1192 struct nlmsghdr *nlh;
1193 struct nduseroptmsg *ndmsg;
1194 struct net *net = dev_net(ra->dev);
1195 int err;
1196 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1197 + (opt->nd_opt_len << 3));
1198 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1199
1200 skb = nlmsg_new(msg_size, GFP_ATOMIC);
1201 if (!skb) {
1202 err = -ENOBUFS;
1203 goto errout;
1204 }
1205
1206 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1207 if (!nlh) {
1208 goto nla_put_failure;
1209 }
1210
1211 ndmsg = nlmsg_data(nlh);
1212 ndmsg->nduseropt_family = AF_INET6;
1213 ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1214 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1215 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1216 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1217
1218 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1219
1220 if (nla_put_in6_addr(skb, NDUSEROPT_SRCADDR, &ipv6_hdr(ra)->saddr))
1221 goto nla_put_failure;
1222 nlmsg_end(skb, nlh);
1223
1224 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1225 return;
1226
1227nla_put_failure:
1228 nlmsg_free(skb);
1229 err = -EMSGSIZE;
1230errout:
1231 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1232}
1233
1234static enum skb_drop_reason ndisc_router_discovery(struct sk_buff *skb)
1235{
1236 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1237 bool send_ifinfo_notify = false;
1238 struct neighbour *neigh = NULL;
1239 struct ndisc_options ndopts;
1240 struct fib6_info *rt = NULL;
1241 struct inet6_dev *in6_dev;
1242 struct fib6_table *table;
1243 u32 defrtr_usr_metric;
1244 unsigned int pref = 0;
1245 __u32 old_if_flags;
1246 struct net *net;
1247 SKB_DR(reason);
1248 int lifetime;
1249 int optlen;
1250
1251 __u8 *opt = (__u8 *)(ra_msg + 1);
1252
1253 optlen = (skb_tail_pointer(skb) - skb_transport_header(skb)) -
1254 sizeof(struct ra_msg);
1255
1256 ND_PRINTK(2, info,
1257 "RA: %s, dev: %s\n",
1258 __func__, skb->dev->name);
1259 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1260 ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1261 return reason;
1262 }
1263 if (optlen < 0)
1264 return SKB_DROP_REASON_PKT_TOO_SMALL;
1265
1266#ifdef CONFIG_IPV6_NDISC_NODETYPE
1267 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1268 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
1269 return reason;
1270 }
1271#endif
1272
1273 in6_dev = __in6_dev_get(skb->dev);
1274 if (!in6_dev) {
1275 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1276 skb->dev->name);
1277 return reason;
1278 }
1279
1280 if (!ndisc_parse_options(skb->dev, opt, optlen, &ndopts))
1281 return SKB_DROP_REASON_IPV6_NDISC_BAD_OPTIONS;
1282
1283 if (!ipv6_accept_ra(in6_dev)) {
1284 ND_PRINTK(2, info,
1285 "RA: %s, did not accept ra for dev: %s\n",
1286 __func__, skb->dev->name);
1287 goto skip_linkparms;
1288 }
1289
1290#ifdef CONFIG_IPV6_NDISC_NODETYPE
1291 /* skip link-specific parameters from interior routers */
1292 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1293 ND_PRINTK(2, info,
1294 "RA: %s, nodetype is NODEFAULT, dev: %s\n",
1295 __func__, skb->dev->name);
1296 goto skip_linkparms;
1297 }
1298#endif
1299
1300 if (in6_dev->if_flags & IF_RS_SENT) {
1301 /*
1302 * flag that an RA was received after an RS was sent
1303 * out on this interface.
1304 */
1305 in6_dev->if_flags |= IF_RA_RCVD;
1306 }
1307
1308 /*
1309 * Remember the managed/otherconf flags from most recently
1310 * received RA message (RFC 2462) -- yoshfuji
1311 */
1312 old_if_flags = in6_dev->if_flags;
1313 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1314 IF_RA_OTHERCONF)) |
1315 (ra_msg->icmph.icmp6_addrconf_managed ?
1316 IF_RA_MANAGED : 0) |
1317 (ra_msg->icmph.icmp6_addrconf_other ?
1318 IF_RA_OTHERCONF : 0);
1319
1320 if (old_if_flags != in6_dev->if_flags)
1321 send_ifinfo_notify = true;
1322
1323 if (!READ_ONCE(in6_dev->cnf.accept_ra_defrtr)) {
1324 ND_PRINTK(2, info,
1325 "RA: %s, defrtr is false for dev: %s\n",
1326 __func__, skb->dev->name);
1327 goto skip_defrtr;
1328 }
1329
1330 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1331 if (lifetime != 0 &&
1332 lifetime < READ_ONCE(in6_dev->cnf.accept_ra_min_lft)) {
1333 ND_PRINTK(2, info,
1334 "RA: router lifetime (%ds) is too short: %s\n",
1335 lifetime, skb->dev->name);
1336 goto skip_defrtr;
1337 }
1338
1339 /* Do not accept RA with source-addr found on local machine unless
1340 * accept_ra_from_local is set to true.
1341 */
1342 net = dev_net(in6_dev->dev);
1343 if (!READ_ONCE(in6_dev->cnf.accept_ra_from_local) &&
1344 ipv6_chk_addr(net, &ipv6_hdr(skb)->saddr, in6_dev->dev, 0)) {
1345 ND_PRINTK(2, info,
1346 "RA from local address detected on dev: %s: default router ignored\n",
1347 skb->dev->name);
1348 goto skip_defrtr;
1349 }
1350
1351#ifdef CONFIG_IPV6_ROUTER_PREF
1352 pref = ra_msg->icmph.icmp6_router_pref;
1353 /* 10b is handled as if it were 00b (medium) */
1354 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1355 !READ_ONCE(in6_dev->cnf.accept_ra_rtr_pref))
1356 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1357#endif
1358 /* routes added from RAs do not use nexthop objects */
1359 rt = rt6_get_dflt_router(net, &ipv6_hdr(skb)->saddr, skb->dev);
1360 if (rt) {
1361 neigh = ip6_neigh_lookup(&rt->fib6_nh->fib_nh_gw6,
1362 rt->fib6_nh->fib_nh_dev, NULL,
1363 &ipv6_hdr(skb)->saddr);
1364 if (!neigh) {
1365 ND_PRINTK(0, err,
1366 "RA: %s got default router without neighbour\n",
1367 __func__);
1368 fib6_info_release(rt);
1369 return reason;
1370 }
1371 }
1372 /* Set default route metric as specified by user */
1373 defrtr_usr_metric = in6_dev->cnf.ra_defrtr_metric;
1374 /* delete the route if lifetime is 0 or if metric needs change */
1375 if (rt && (lifetime == 0 || rt->fib6_metric != defrtr_usr_metric)) {
1376 ip6_del_rt(net, rt, false);
1377 rt = NULL;
1378 }
1379
1380 ND_PRINTK(3, info, "RA: rt: %p lifetime: %d, metric: %d, for dev: %s\n",
1381 rt, lifetime, defrtr_usr_metric, skb->dev->name);
1382 if (!rt && lifetime) {
1383 ND_PRINTK(3, info, "RA: adding default router\n");
1384
1385 if (neigh)
1386 neigh_release(neigh);
1387
1388 rt = rt6_add_dflt_router(net, &ipv6_hdr(skb)->saddr,
1389 skb->dev, pref, defrtr_usr_metric,
1390 lifetime);
1391 if (!rt) {
1392 ND_PRINTK(0, err,
1393 "RA: %s failed to add default route\n",
1394 __func__);
1395 return reason;
1396 }
1397
1398 neigh = ip6_neigh_lookup(&rt->fib6_nh->fib_nh_gw6,
1399 rt->fib6_nh->fib_nh_dev, NULL,
1400 &ipv6_hdr(skb)->saddr);
1401 if (!neigh) {
1402 ND_PRINTK(0, err,
1403 "RA: %s got default router without neighbour\n",
1404 __func__);
1405 fib6_info_release(rt);
1406 return reason;
1407 }
1408 neigh->flags |= NTF_ROUTER;
1409 } else if (rt && IPV6_EXTRACT_PREF(rt->fib6_flags) != pref) {
1410 struct nl_info nlinfo = {
1411 .nl_net = net,
1412 };
1413 rt->fib6_flags = (rt->fib6_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1414 inet6_rt_notify(RTM_NEWROUTE, rt, &nlinfo, NLM_F_REPLACE);
1415 }
1416
1417 if (rt) {
1418 table = rt->fib6_table;
1419 spin_lock_bh(&table->tb6_lock);
1420
1421 fib6_set_expires(rt, jiffies + (HZ * lifetime));
1422 fib6_add_gc_list(rt);
1423
1424 spin_unlock_bh(&table->tb6_lock);
1425 }
1426 if (READ_ONCE(in6_dev->cnf.accept_ra_min_hop_limit) < 256 &&
1427 ra_msg->icmph.icmp6_hop_limit) {
1428 if (READ_ONCE(in6_dev->cnf.accept_ra_min_hop_limit) <=
1429 ra_msg->icmph.icmp6_hop_limit) {
1430 WRITE_ONCE(in6_dev->cnf.hop_limit,
1431 ra_msg->icmph.icmp6_hop_limit);
1432 fib6_metric_set(rt, RTAX_HOPLIMIT,
1433 ra_msg->icmph.icmp6_hop_limit);
1434 } else {
1435 ND_PRINTK(2, warn, "RA: Got route advertisement with lower hop_limit than minimum\n");
1436 }
1437 }
1438
1439skip_defrtr:
1440
1441 /*
1442 * Update Reachable Time and Retrans Timer
1443 */
1444
1445 if (in6_dev->nd_parms) {
1446 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1447
1448 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1449 rtime = (rtime*HZ)/1000;
1450 if (rtime < HZ/100)
1451 rtime = HZ/100;
1452 NEIGH_VAR_SET(in6_dev->nd_parms, RETRANS_TIME, rtime);
1453 in6_dev->tstamp = jiffies;
1454 send_ifinfo_notify = true;
1455 }
1456
1457 rtime = ntohl(ra_msg->reachable_time);
1458 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1459 rtime = (rtime*HZ)/1000;
1460
1461 if (rtime < HZ/10)
1462 rtime = HZ/10;
1463
1464 if (rtime != NEIGH_VAR(in6_dev->nd_parms, BASE_REACHABLE_TIME)) {
1465 NEIGH_VAR_SET(in6_dev->nd_parms,
1466 BASE_REACHABLE_TIME, rtime);
1467 NEIGH_VAR_SET(in6_dev->nd_parms,
1468 GC_STALETIME, 3 * rtime);
1469 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1470 in6_dev->tstamp = jiffies;
1471 send_ifinfo_notify = true;
1472 }
1473 }
1474 }
1475
1476skip_linkparms:
1477
1478 /*
1479 * Process options.
1480 */
1481
1482 if (!neigh)
1483 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1484 skb->dev, 1);
1485 if (neigh) {
1486 u8 *lladdr = NULL;
1487 if (ndopts.nd_opts_src_lladdr) {
1488 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1489 skb->dev);
1490 if (!lladdr) {
1491 ND_PRINTK(2, warn,
1492 "RA: invalid link-layer address length\n");
1493 goto out;
1494 }
1495 }
1496 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1497 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1498 NEIGH_UPDATE_F_OVERRIDE|
1499 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1500 NEIGH_UPDATE_F_ISROUTER,
1501 NDISC_ROUTER_ADVERTISEMENT, &ndopts);
1502 reason = SKB_CONSUMED;
1503 }
1504
1505 if (!ipv6_accept_ra(in6_dev)) {
1506 ND_PRINTK(2, info,
1507 "RA: %s, accept_ra is false for dev: %s\n",
1508 __func__, skb->dev->name);
1509 goto out;
1510 }
1511
1512#ifdef CONFIG_IPV6_ROUTE_INFO
1513 if (!READ_ONCE(in6_dev->cnf.accept_ra_from_local) &&
1514 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
1515 in6_dev->dev, 0)) {
1516 ND_PRINTK(2, info,
1517 "RA from local address detected on dev: %s: router info ignored.\n",
1518 skb->dev->name);
1519 goto skip_routeinfo;
1520 }
1521
1522 if (READ_ONCE(in6_dev->cnf.accept_ra_rtr_pref) && ndopts.nd_opts_ri) {
1523 struct nd_opt_hdr *p;
1524 for (p = ndopts.nd_opts_ri;
1525 p;
1526 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1527 struct route_info *ri = (struct route_info *)p;
1528#ifdef CONFIG_IPV6_NDISC_NODETYPE
1529 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1530 ri->prefix_len == 0)
1531 continue;
1532#endif
1533 if (ri->prefix_len == 0 &&
1534 !READ_ONCE(in6_dev->cnf.accept_ra_defrtr))
1535 continue;
1536 if (ri->lifetime != 0 &&
1537 ntohl(ri->lifetime) < READ_ONCE(in6_dev->cnf.accept_ra_min_lft))
1538 continue;
1539 if (ri->prefix_len < READ_ONCE(in6_dev->cnf.accept_ra_rt_info_min_plen))
1540 continue;
1541 if (ri->prefix_len > READ_ONCE(in6_dev->cnf.accept_ra_rt_info_max_plen))
1542 continue;
1543 rt6_route_rcv(skb->dev, (u8 *)p, (p->nd_opt_len) << 3,
1544 &ipv6_hdr(skb)->saddr);
1545 }
1546 }
1547
1548skip_routeinfo:
1549#endif
1550
1551#ifdef CONFIG_IPV6_NDISC_NODETYPE
1552 /* skip link-specific ndopts from interior routers */
1553 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1554 ND_PRINTK(2, info,
1555 "RA: %s, nodetype is NODEFAULT (interior routes), dev: %s\n",
1556 __func__, skb->dev->name);
1557 goto out;
1558 }
1559#endif
1560
1561 if (READ_ONCE(in6_dev->cnf.accept_ra_pinfo) && ndopts.nd_opts_pi) {
1562 struct nd_opt_hdr *p;
1563 for (p = ndopts.nd_opts_pi;
1564 p;
1565 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1566 addrconf_prefix_rcv(skb->dev, (u8 *)p,
1567 (p->nd_opt_len) << 3,
1568 ndopts.nd_opts_src_lladdr != NULL);
1569 }
1570 }
1571
1572 if (ndopts.nd_opts_mtu && READ_ONCE(in6_dev->cnf.accept_ra_mtu)) {
1573 __be32 n;
1574 u32 mtu;
1575
1576 memcpy(&n, ((u8 *)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1577 mtu = ntohl(n);
1578
1579 if (in6_dev->ra_mtu != mtu) {
1580 in6_dev->ra_mtu = mtu;
1581 send_ifinfo_notify = true;
1582 }
1583
1584 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1585 ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1586 } else if (READ_ONCE(in6_dev->cnf.mtu6) != mtu) {
1587 WRITE_ONCE(in6_dev->cnf.mtu6, mtu);
1588 fib6_metric_set(rt, RTAX_MTU, mtu);
1589 rt6_mtu_change(skb->dev, mtu);
1590 }
1591 }
1592
1593 if (ndopts.nd_useropts) {
1594 struct nd_opt_hdr *p;
1595 for (p = ndopts.nd_useropts;
1596 p;
1597 p = ndisc_next_useropt(skb->dev, p,
1598 ndopts.nd_useropts_end)) {
1599 ndisc_ra_useropt(skb, p);
1600 }
1601 }
1602
1603 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1604 ND_PRINTK(2, warn, "RA: invalid RA options\n");
1605 }
1606out:
1607 /* Send a notify if RA changed managed/otherconf flags or
1608 * timer settings or ra_mtu value
1609 */
1610 if (send_ifinfo_notify)
1611 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1612
1613 fib6_info_release(rt);
1614 if (neigh)
1615 neigh_release(neigh);
1616 return reason;
1617}
1618
1619static enum skb_drop_reason ndisc_redirect_rcv(struct sk_buff *skb)
1620{
1621 struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb);
1622 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
1623 offsetof(struct rd_msg, opt));
1624 struct ndisc_options ndopts;
1625 SKB_DR(reason);
1626 u8 *hdr;
1627
1628#ifdef CONFIG_IPV6_NDISC_NODETYPE
1629 switch (skb->ndisc_nodetype) {
1630 case NDISC_NODETYPE_HOST:
1631 case NDISC_NODETYPE_NODEFAULT:
1632 ND_PRINTK(2, warn,
1633 "Redirect: from host or unauthorized router\n");
1634 return reason;
1635 }
1636#endif
1637
1638 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1639 ND_PRINTK(2, warn,
1640 "Redirect: source address is not link-local\n");
1641 return reason;
1642 }
1643
1644 if (!ndisc_parse_options(skb->dev, msg->opt, ndoptlen, &ndopts))
1645 return SKB_DROP_REASON_IPV6_NDISC_BAD_OPTIONS;
1646
1647 if (!ndopts.nd_opts_rh) {
1648 ip6_redirect_no_header(skb, dev_net(skb->dev),
1649 skb->dev->ifindex);
1650 return reason;
1651 }
1652
1653 hdr = (u8 *)ndopts.nd_opts_rh;
1654 hdr += 8;
1655 if (!pskb_pull(skb, hdr - skb_transport_header(skb)))
1656 return SKB_DROP_REASON_PKT_TOO_SMALL;
1657
1658 return icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1659}
1660
1661static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb,
1662 struct sk_buff *orig_skb,
1663 int rd_len)
1664{
1665 u8 *opt = skb_put(skb, rd_len);
1666
1667 memset(opt, 0, 8);
1668 *(opt++) = ND_OPT_REDIRECT_HDR;
1669 *(opt++) = (rd_len >> 3);
1670 opt += 6;
1671
1672 skb_copy_bits(orig_skb, skb_network_offset(orig_skb), opt,
1673 rd_len - 8);
1674}
1675
1676void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1677{
1678 struct net_device *dev = skb->dev;
1679 struct net *net = dev_net(dev);
1680 struct sock *sk = net->ipv6.ndisc_sk;
1681 int optlen = 0;
1682 struct inet_peer *peer;
1683 struct sk_buff *buff;
1684 struct rd_msg *msg;
1685 struct in6_addr saddr_buf;
1686 struct rt6_info *rt;
1687 struct dst_entry *dst;
1688 struct flowi6 fl6;
1689 int rd_len;
1690 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL,
1691 ops_data_buf[NDISC_OPS_REDIRECT_DATA_SPACE], *ops_data = NULL;
1692 bool ret;
1693
1694 if (netif_is_l3_master(skb->dev)) {
1695 dev = __dev_get_by_index(dev_net(skb->dev), IPCB(skb)->iif);
1696 if (!dev)
1697 return;
1698 }
1699
1700 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1701 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1702 dev->name);
1703 return;
1704 }
1705
1706 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1707 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1708 ND_PRINTK(2, warn,
1709 "Redirect: target address is not link-local unicast\n");
1710 return;
1711 }
1712
1713 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1714 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1715
1716 dst = ip6_route_output(net, NULL, &fl6);
1717 if (dst->error) {
1718 dst_release(dst);
1719 return;
1720 }
1721 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1722 if (IS_ERR(dst))
1723 return;
1724
1725 rt = dst_rt6_info(dst);
1726
1727 if (rt->rt6i_flags & RTF_GATEWAY) {
1728 ND_PRINTK(2, warn,
1729 "Redirect: destination is not a neighbour\n");
1730 goto release;
1731 }
1732 peer = inet_getpeer_v6(net->ipv6.peers, &ipv6_hdr(skb)->saddr, 1);
1733 ret = inet_peer_xrlim_allow(peer, 1*HZ);
1734 if (peer)
1735 inet_putpeer(peer);
1736 if (!ret)
1737 goto release;
1738
1739 if (dev->addr_len) {
1740 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1741 if (!neigh) {
1742 ND_PRINTK(2, warn,
1743 "Redirect: no neigh for target address\n");
1744 goto release;
1745 }
1746
1747 read_lock_bh(&neigh->lock);
1748 if (neigh->nud_state & NUD_VALID) {
1749 memcpy(ha_buf, neigh->ha, dev->addr_len);
1750 read_unlock_bh(&neigh->lock);
1751 ha = ha_buf;
1752 optlen += ndisc_redirect_opt_addr_space(dev, neigh,
1753 ops_data_buf,
1754 &ops_data);
1755 } else
1756 read_unlock_bh(&neigh->lock);
1757
1758 neigh_release(neigh);
1759 }
1760
1761 rd_len = min_t(unsigned int,
1762 IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen,
1763 skb->len + 8);
1764 rd_len &= ~0x7;
1765 optlen += rd_len;
1766
1767 buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
1768 if (!buff)
1769 goto release;
1770
1771 msg = skb_put(buff, sizeof(*msg));
1772 *msg = (struct rd_msg) {
1773 .icmph = {
1774 .icmp6_type = NDISC_REDIRECT,
1775 },
1776 .target = *target,
1777 .dest = ipv6_hdr(skb)->daddr,
1778 };
1779
1780 /*
1781 * include target_address option
1782 */
1783
1784 if (ha)
1785 ndisc_fill_redirect_addr_option(buff, ha, ops_data);
1786
1787 /*
1788 * build redirect option and copy skb over to the new packet.
1789 */
1790
1791 if (rd_len)
1792 ndisc_fill_redirect_hdr_option(buff, skb, rd_len);
1793
1794 skb_dst_set(buff, dst);
1795 ndisc_send_skb(buff, &ipv6_hdr(skb)->saddr, &saddr_buf);
1796 return;
1797
1798release:
1799 dst_release(dst);
1800}
1801
1802static void pndisc_redo(struct sk_buff *skb)
1803{
1804 enum skb_drop_reason reason = ndisc_recv_ns(skb);
1805
1806 kfree_skb_reason(skb, reason);
1807}
1808
1809static int ndisc_is_multicast(const void *pkey)
1810{
1811 return ipv6_addr_is_multicast((struct in6_addr *)pkey);
1812}
1813
1814static bool ndisc_suppress_frag_ndisc(struct sk_buff *skb)
1815{
1816 struct inet6_dev *idev = __in6_dev_get(skb->dev);
1817
1818 if (!idev)
1819 return true;
1820 if (IP6CB(skb)->flags & IP6SKB_FRAGMENTED &&
1821 READ_ONCE(idev->cnf.suppress_frag_ndisc)) {
1822 net_warn_ratelimited("Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.\n");
1823 return true;
1824 }
1825 return false;
1826}
1827
1828enum skb_drop_reason ndisc_rcv(struct sk_buff *skb)
1829{
1830 struct nd_msg *msg;
1831 SKB_DR(reason);
1832
1833 if (ndisc_suppress_frag_ndisc(skb))
1834 return SKB_DROP_REASON_IPV6_NDISC_FRAG;
1835
1836 if (skb_linearize(skb))
1837 return SKB_DROP_REASON_NOMEM;
1838
1839 msg = (struct nd_msg *)skb_transport_header(skb);
1840
1841 __skb_push(skb, skb->data - skb_transport_header(skb));
1842
1843 if (ipv6_hdr(skb)->hop_limit != 255) {
1844 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1845 ipv6_hdr(skb)->hop_limit);
1846 return SKB_DROP_REASON_IPV6_NDISC_HOP_LIMIT;
1847 }
1848
1849 if (msg->icmph.icmp6_code != 0) {
1850 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1851 msg->icmph.icmp6_code);
1852 return SKB_DROP_REASON_IPV6_NDISC_BAD_CODE;
1853 }
1854
1855 switch (msg->icmph.icmp6_type) {
1856 case NDISC_NEIGHBOUR_SOLICITATION:
1857 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1858 reason = ndisc_recv_ns(skb);
1859 break;
1860
1861 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1862 reason = ndisc_recv_na(skb);
1863 break;
1864
1865 case NDISC_ROUTER_SOLICITATION:
1866 reason = ndisc_recv_rs(skb);
1867 break;
1868
1869 case NDISC_ROUTER_ADVERTISEMENT:
1870 reason = ndisc_router_discovery(skb);
1871 break;
1872
1873 case NDISC_REDIRECT:
1874 reason = ndisc_redirect_rcv(skb);
1875 break;
1876 }
1877
1878 return reason;
1879}
1880
1881static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1882{
1883 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1884 struct netdev_notifier_change_info *change_info;
1885 struct net *net = dev_net(dev);
1886 struct inet6_dev *idev;
1887 bool evict_nocarrier;
1888
1889 switch (event) {
1890 case NETDEV_CHANGEADDR:
1891 neigh_changeaddr(&nd_tbl, dev);
1892 fib6_run_gc(0, net, false);
1893 fallthrough;
1894 case NETDEV_UP:
1895 idev = in6_dev_get(dev);
1896 if (!idev)
1897 break;
1898 if (READ_ONCE(idev->cnf.ndisc_notify) ||
1899 READ_ONCE(net->ipv6.devconf_all->ndisc_notify))
1900 ndisc_send_unsol_na(dev);
1901 in6_dev_put(idev);
1902 break;
1903 case NETDEV_CHANGE:
1904 idev = in6_dev_get(dev);
1905 if (!idev)
1906 evict_nocarrier = true;
1907 else {
1908 evict_nocarrier = READ_ONCE(idev->cnf.ndisc_evict_nocarrier) &&
1909 READ_ONCE(net->ipv6.devconf_all->ndisc_evict_nocarrier);
1910 in6_dev_put(idev);
1911 }
1912
1913 change_info = ptr;
1914 if (change_info->flags_changed & IFF_NOARP)
1915 neigh_changeaddr(&nd_tbl, dev);
1916 if (evict_nocarrier && !netif_carrier_ok(dev))
1917 neigh_carrier_down(&nd_tbl, dev);
1918 break;
1919 case NETDEV_DOWN:
1920 neigh_ifdown(&nd_tbl, dev);
1921 fib6_run_gc(0, net, false);
1922 break;
1923 case NETDEV_NOTIFY_PEERS:
1924 ndisc_send_unsol_na(dev);
1925 break;
1926 default:
1927 break;
1928 }
1929
1930 return NOTIFY_DONE;
1931}
1932
1933static struct notifier_block ndisc_netdev_notifier = {
1934 .notifier_call = ndisc_netdev_event,
1935 .priority = ADDRCONF_NOTIFY_PRIORITY - 5,
1936};
1937
1938#ifdef CONFIG_SYSCTL
1939static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1940 const char *func, const char *dev_name)
1941{
1942 static char warncomm[TASK_COMM_LEN];
1943 static int warned;
1944 if (strcmp(warncomm, current->comm) && warned < 5) {
1945 strcpy(warncomm, current->comm);
1946 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1947 warncomm, func,
1948 dev_name, ctl->procname,
1949 dev_name, ctl->procname);
1950 warned++;
1951 }
1952}
1953
1954int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void *buffer,
1955 size_t *lenp, loff_t *ppos)
1956{
1957 struct net_device *dev = ctl->extra1;
1958 struct inet6_dev *idev;
1959 int ret;
1960
1961 if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1962 (strcmp(ctl->procname, "base_reachable_time") == 0))
1963 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1964
1965 if (strcmp(ctl->procname, "retrans_time") == 0)
1966 ret = neigh_proc_dointvec(ctl, write, buffer, lenp, ppos);
1967
1968 else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1969 ret = neigh_proc_dointvec_jiffies(ctl, write,
1970 buffer, lenp, ppos);
1971
1972 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1973 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1974 ret = neigh_proc_dointvec_ms_jiffies(ctl, write,
1975 buffer, lenp, ppos);
1976 else
1977 ret = -1;
1978
1979 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1980 if (ctl->data == &NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME))
1981 idev->nd_parms->reachable_time =
1982 neigh_rand_reach_time(NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME));
1983 WRITE_ONCE(idev->tstamp, jiffies);
1984 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1985 in6_dev_put(idev);
1986 }
1987 return ret;
1988}
1989
1990
1991#endif
1992
1993static int __net_init ndisc_net_init(struct net *net)
1994{
1995 struct ipv6_pinfo *np;
1996 struct sock *sk;
1997 int err;
1998
1999 err = inet_ctl_sock_create(&sk, PF_INET6,
2000 SOCK_RAW, IPPROTO_ICMPV6, net);
2001 if (err < 0) {
2002 ND_PRINTK(0, err,
2003 "NDISC: Failed to initialize the control socket (err %d)\n",
2004 err);
2005 return err;
2006 }
2007
2008 net->ipv6.ndisc_sk = sk;
2009
2010 np = inet6_sk(sk);
2011 np->hop_limit = 255;
2012 /* Do not loopback ndisc messages */
2013 inet6_clear_bit(MC6_LOOP, sk);
2014
2015 return 0;
2016}
2017
2018static void __net_exit ndisc_net_exit(struct net *net)
2019{
2020 inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
2021}
2022
2023static struct pernet_operations ndisc_net_ops = {
2024 .init = ndisc_net_init,
2025 .exit = ndisc_net_exit,
2026};
2027
2028int __init ndisc_init(void)
2029{
2030 int err;
2031
2032 err = register_pernet_subsys(&ndisc_net_ops);
2033 if (err)
2034 return err;
2035 /*
2036 * Initialize the neighbour table
2037 */
2038 neigh_table_init(NEIGH_ND_TABLE, &nd_tbl);
2039
2040#ifdef CONFIG_SYSCTL
2041 err = neigh_sysctl_register(NULL, &nd_tbl.parms,
2042 ndisc_ifinfo_sysctl_change);
2043 if (err)
2044 goto out_unregister_pernet;
2045out:
2046#endif
2047 return err;
2048
2049#ifdef CONFIG_SYSCTL
2050out_unregister_pernet:
2051 unregister_pernet_subsys(&ndisc_net_ops);
2052 goto out;
2053#endif
2054}
2055
2056int __init ndisc_late_init(void)
2057{
2058 return register_netdevice_notifier(&ndisc_netdev_notifier);
2059}
2060
2061void ndisc_late_cleanup(void)
2062{
2063 unregister_netdevice_notifier(&ndisc_netdev_notifier);
2064}
2065
2066void ndisc_cleanup(void)
2067{
2068#ifdef CONFIG_SYSCTL
2069 neigh_sysctl_unregister(&nd_tbl.parms);
2070#endif
2071 neigh_table_clear(NEIGH_ND_TABLE, &nd_tbl);
2072 unregister_pernet_subsys(&ndisc_net_ops);
2073}
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * Neighbour Discovery for IPv6
4 * Linux INET6 implementation
5 *
6 * Authors:
7 * Pedro Roque <roque@di.fc.ul.pt>
8 * Mike Shaver <shaver@ingenia.com>
9 */
10
11/*
12 * Changes:
13 *
14 * Alexey I. Froloff : RFC6106 (DNSSL) support
15 * Pierre Ynard : export userland ND options
16 * through netlink (RDNSS support)
17 * Lars Fenneberg : fixed MTU setting on receipt
18 * of an RA.
19 * Janos Farkas : kmalloc failure checks
20 * Alexey Kuznetsov : state machine reworked
21 * and moved to net/core.
22 * Pekka Savola : RFC2461 validation
23 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly
24 */
25
26#define pr_fmt(fmt) "ICMPv6: " fmt
27
28#include <linux/module.h>
29#include <linux/errno.h>
30#include <linux/types.h>
31#include <linux/socket.h>
32#include <linux/sockios.h>
33#include <linux/sched.h>
34#include <linux/net.h>
35#include <linux/in6.h>
36#include <linux/route.h>
37#include <linux/init.h>
38#include <linux/rcupdate.h>
39#include <linux/slab.h>
40#ifdef CONFIG_SYSCTL
41#include <linux/sysctl.h>
42#endif
43
44#include <linux/if_addr.h>
45#include <linux/if_ether.h>
46#include <linux/if_arp.h>
47#include <linux/ipv6.h>
48#include <linux/icmpv6.h>
49#include <linux/jhash.h>
50
51#include <net/sock.h>
52#include <net/snmp.h>
53
54#include <net/ipv6.h>
55#include <net/protocol.h>
56#include <net/ndisc.h>
57#include <net/ip6_route.h>
58#include <net/addrconf.h>
59#include <net/icmp.h>
60
61#include <net/netlink.h>
62#include <linux/rtnetlink.h>
63
64#include <net/flow.h>
65#include <net/ip6_checksum.h>
66#include <net/inet_common.h>
67#include <linux/proc_fs.h>
68
69#include <linux/netfilter.h>
70#include <linux/netfilter_ipv6.h>
71
72static u32 ndisc_hash(const void *pkey,
73 const struct net_device *dev,
74 __u32 *hash_rnd);
75static bool ndisc_key_eq(const struct neighbour *neigh, const void *pkey);
76static bool ndisc_allow_add(const struct net_device *dev,
77 struct netlink_ext_ack *extack);
78static int ndisc_constructor(struct neighbour *neigh);
79static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
80static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
81static int pndisc_constructor(struct pneigh_entry *n);
82static void pndisc_destructor(struct pneigh_entry *n);
83static void pndisc_redo(struct sk_buff *skb);
84
85static const struct neigh_ops ndisc_generic_ops = {
86 .family = AF_INET6,
87 .solicit = ndisc_solicit,
88 .error_report = ndisc_error_report,
89 .output = neigh_resolve_output,
90 .connected_output = neigh_connected_output,
91};
92
93static const struct neigh_ops ndisc_hh_ops = {
94 .family = AF_INET6,
95 .solicit = ndisc_solicit,
96 .error_report = ndisc_error_report,
97 .output = neigh_resolve_output,
98 .connected_output = neigh_resolve_output,
99};
100
101
102static const struct neigh_ops ndisc_direct_ops = {
103 .family = AF_INET6,
104 .output = neigh_direct_output,
105 .connected_output = neigh_direct_output,
106};
107
108struct neigh_table nd_tbl = {
109 .family = AF_INET6,
110 .key_len = sizeof(struct in6_addr),
111 .protocol = cpu_to_be16(ETH_P_IPV6),
112 .hash = ndisc_hash,
113 .key_eq = ndisc_key_eq,
114 .constructor = ndisc_constructor,
115 .pconstructor = pndisc_constructor,
116 .pdestructor = pndisc_destructor,
117 .proxy_redo = pndisc_redo,
118 .allow_add = ndisc_allow_add,
119 .id = "ndisc_cache",
120 .parms = {
121 .tbl = &nd_tbl,
122 .reachable_time = ND_REACHABLE_TIME,
123 .data = {
124 [NEIGH_VAR_MCAST_PROBES] = 3,
125 [NEIGH_VAR_UCAST_PROBES] = 3,
126 [NEIGH_VAR_RETRANS_TIME] = ND_RETRANS_TIMER,
127 [NEIGH_VAR_BASE_REACHABLE_TIME] = ND_REACHABLE_TIME,
128 [NEIGH_VAR_DELAY_PROBE_TIME] = 5 * HZ,
129 [NEIGH_VAR_GC_STALETIME] = 60 * HZ,
130 [NEIGH_VAR_QUEUE_LEN_BYTES] = SK_WMEM_MAX,
131 [NEIGH_VAR_PROXY_QLEN] = 64,
132 [NEIGH_VAR_ANYCAST_DELAY] = 1 * HZ,
133 [NEIGH_VAR_PROXY_DELAY] = (8 * HZ) / 10,
134 },
135 },
136 .gc_interval = 30 * HZ,
137 .gc_thresh1 = 128,
138 .gc_thresh2 = 512,
139 .gc_thresh3 = 1024,
140};
141EXPORT_SYMBOL_GPL(nd_tbl);
142
143void __ndisc_fill_addr_option(struct sk_buff *skb, int type, void *data,
144 int data_len, int pad)
145{
146 int space = __ndisc_opt_addr_space(data_len, pad);
147 u8 *opt = skb_put(skb, space);
148
149 opt[0] = type;
150 opt[1] = space>>3;
151
152 memset(opt + 2, 0, pad);
153 opt += pad;
154 space -= pad;
155
156 memcpy(opt+2, data, data_len);
157 data_len += 2;
158 opt += data_len;
159 space -= data_len;
160 if (space > 0)
161 memset(opt, 0, space);
162}
163EXPORT_SYMBOL_GPL(__ndisc_fill_addr_option);
164
165static inline void ndisc_fill_addr_option(struct sk_buff *skb, int type,
166 void *data, u8 icmp6_type)
167{
168 __ndisc_fill_addr_option(skb, type, data, skb->dev->addr_len,
169 ndisc_addr_option_pad(skb->dev->type));
170 ndisc_ops_fill_addr_option(skb->dev, skb, icmp6_type);
171}
172
173static inline void ndisc_fill_redirect_addr_option(struct sk_buff *skb,
174 void *ha,
175 const u8 *ops_data)
176{
177 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR, ha, NDISC_REDIRECT);
178 ndisc_ops_fill_redirect_addr_option(skb->dev, skb, ops_data);
179}
180
181static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
182 struct nd_opt_hdr *end)
183{
184 int type;
185 if (!cur || !end || cur >= end)
186 return NULL;
187 type = cur->nd_opt_type;
188 do {
189 cur = ((void *)cur) + (cur->nd_opt_len << 3);
190 } while (cur < end && cur->nd_opt_type != type);
191 return cur <= end && cur->nd_opt_type == type ? cur : NULL;
192}
193
194static inline int ndisc_is_useropt(const struct net_device *dev,
195 struct nd_opt_hdr *opt)
196{
197 return opt->nd_opt_type == ND_OPT_RDNSS ||
198 opt->nd_opt_type == ND_OPT_DNSSL ||
199 opt->nd_opt_type == ND_OPT_CAPTIVE_PORTAL ||
200 opt->nd_opt_type == ND_OPT_PREF64 ||
201 ndisc_ops_is_useropt(dev, opt->nd_opt_type);
202}
203
204static struct nd_opt_hdr *ndisc_next_useropt(const struct net_device *dev,
205 struct nd_opt_hdr *cur,
206 struct nd_opt_hdr *end)
207{
208 if (!cur || !end || cur >= end)
209 return NULL;
210 do {
211 cur = ((void *)cur) + (cur->nd_opt_len << 3);
212 } while (cur < end && !ndisc_is_useropt(dev, cur));
213 return cur <= end && ndisc_is_useropt(dev, cur) ? cur : NULL;
214}
215
216struct ndisc_options *ndisc_parse_options(const struct net_device *dev,
217 u8 *opt, int opt_len,
218 struct ndisc_options *ndopts)
219{
220 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
221
222 if (!nd_opt || opt_len < 0 || !ndopts)
223 return NULL;
224 memset(ndopts, 0, sizeof(*ndopts));
225 while (opt_len) {
226 int l;
227 if (opt_len < sizeof(struct nd_opt_hdr))
228 return NULL;
229 l = nd_opt->nd_opt_len << 3;
230 if (opt_len < l || l == 0)
231 return NULL;
232 if (ndisc_ops_parse_options(dev, nd_opt, ndopts))
233 goto next_opt;
234 switch (nd_opt->nd_opt_type) {
235 case ND_OPT_SOURCE_LL_ADDR:
236 case ND_OPT_TARGET_LL_ADDR:
237 case ND_OPT_MTU:
238 case ND_OPT_NONCE:
239 case ND_OPT_REDIRECT_HDR:
240 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
241 ND_PRINTK(2, warn,
242 "%s: duplicated ND6 option found: type=%d\n",
243 __func__, nd_opt->nd_opt_type);
244 } else {
245 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
246 }
247 break;
248 case ND_OPT_PREFIX_INFO:
249 ndopts->nd_opts_pi_end = nd_opt;
250 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
251 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
252 break;
253#ifdef CONFIG_IPV6_ROUTE_INFO
254 case ND_OPT_ROUTE_INFO:
255 ndopts->nd_opts_ri_end = nd_opt;
256 if (!ndopts->nd_opts_ri)
257 ndopts->nd_opts_ri = nd_opt;
258 break;
259#endif
260 default:
261 if (ndisc_is_useropt(dev, nd_opt)) {
262 ndopts->nd_useropts_end = nd_opt;
263 if (!ndopts->nd_useropts)
264 ndopts->nd_useropts = nd_opt;
265 } else {
266 /*
267 * Unknown options must be silently ignored,
268 * to accommodate future extension to the
269 * protocol.
270 */
271 ND_PRINTK(2, notice,
272 "%s: ignored unsupported option; type=%d, len=%d\n",
273 __func__,
274 nd_opt->nd_opt_type,
275 nd_opt->nd_opt_len);
276 }
277 }
278next_opt:
279 opt_len -= l;
280 nd_opt = ((void *)nd_opt) + l;
281 }
282 return ndopts;
283}
284
285int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
286{
287 switch (dev->type) {
288 case ARPHRD_ETHER:
289 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */
290 case ARPHRD_FDDI:
291 ipv6_eth_mc_map(addr, buf);
292 return 0;
293 case ARPHRD_ARCNET:
294 ipv6_arcnet_mc_map(addr, buf);
295 return 0;
296 case ARPHRD_INFINIBAND:
297 ipv6_ib_mc_map(addr, dev->broadcast, buf);
298 return 0;
299 case ARPHRD_IPGRE:
300 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
301 default:
302 if (dir) {
303 memcpy(buf, dev->broadcast, dev->addr_len);
304 return 0;
305 }
306 }
307 return -EINVAL;
308}
309EXPORT_SYMBOL(ndisc_mc_map);
310
311static u32 ndisc_hash(const void *pkey,
312 const struct net_device *dev,
313 __u32 *hash_rnd)
314{
315 return ndisc_hashfn(pkey, dev, hash_rnd);
316}
317
318static bool ndisc_key_eq(const struct neighbour *n, const void *pkey)
319{
320 return neigh_key_eq128(n, pkey);
321}
322
323static int ndisc_constructor(struct neighbour *neigh)
324{
325 struct in6_addr *addr = (struct in6_addr *)&neigh->primary_key;
326 struct net_device *dev = neigh->dev;
327 struct inet6_dev *in6_dev;
328 struct neigh_parms *parms;
329 bool is_multicast = ipv6_addr_is_multicast(addr);
330
331 in6_dev = in6_dev_get(dev);
332 if (!in6_dev) {
333 return -EINVAL;
334 }
335
336 parms = in6_dev->nd_parms;
337 __neigh_parms_put(neigh->parms);
338 neigh->parms = neigh_parms_clone(parms);
339
340 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
341 if (!dev->header_ops) {
342 neigh->nud_state = NUD_NOARP;
343 neigh->ops = &ndisc_direct_ops;
344 neigh->output = neigh_direct_output;
345 } else {
346 if (is_multicast) {
347 neigh->nud_state = NUD_NOARP;
348 ndisc_mc_map(addr, neigh->ha, dev, 1);
349 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
350 neigh->nud_state = NUD_NOARP;
351 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
352 if (dev->flags&IFF_LOOPBACK)
353 neigh->type = RTN_LOCAL;
354 } else if (dev->flags&IFF_POINTOPOINT) {
355 neigh->nud_state = NUD_NOARP;
356 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
357 }
358 if (dev->header_ops->cache)
359 neigh->ops = &ndisc_hh_ops;
360 else
361 neigh->ops = &ndisc_generic_ops;
362 if (neigh->nud_state&NUD_VALID)
363 neigh->output = neigh->ops->connected_output;
364 else
365 neigh->output = neigh->ops->output;
366 }
367 in6_dev_put(in6_dev);
368 return 0;
369}
370
371static int pndisc_constructor(struct pneigh_entry *n)
372{
373 struct in6_addr *addr = (struct in6_addr *)&n->key;
374 struct in6_addr maddr;
375 struct net_device *dev = n->dev;
376
377 if (!dev || !__in6_dev_get(dev))
378 return -EINVAL;
379 addrconf_addr_solict_mult(addr, &maddr);
380 ipv6_dev_mc_inc(dev, &maddr);
381 return 0;
382}
383
384static void pndisc_destructor(struct pneigh_entry *n)
385{
386 struct in6_addr *addr = (struct in6_addr *)&n->key;
387 struct in6_addr maddr;
388 struct net_device *dev = n->dev;
389
390 if (!dev || !__in6_dev_get(dev))
391 return;
392 addrconf_addr_solict_mult(addr, &maddr);
393 ipv6_dev_mc_dec(dev, &maddr);
394}
395
396/* called with rtnl held */
397static bool ndisc_allow_add(const struct net_device *dev,
398 struct netlink_ext_ack *extack)
399{
400 struct inet6_dev *idev = __in6_dev_get(dev);
401
402 if (!idev || idev->cnf.disable_ipv6) {
403 NL_SET_ERR_MSG(extack, "IPv6 is disabled on this device");
404 return false;
405 }
406
407 return true;
408}
409
410static struct sk_buff *ndisc_alloc_skb(struct net_device *dev,
411 int len)
412{
413 int hlen = LL_RESERVED_SPACE(dev);
414 int tlen = dev->needed_tailroom;
415 struct sock *sk = dev_net(dev)->ipv6.ndisc_sk;
416 struct sk_buff *skb;
417
418 skb = alloc_skb(hlen + sizeof(struct ipv6hdr) + len + tlen, GFP_ATOMIC);
419 if (!skb) {
420 ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb\n",
421 __func__);
422 return NULL;
423 }
424
425 skb->protocol = htons(ETH_P_IPV6);
426 skb->dev = dev;
427
428 skb_reserve(skb, hlen + sizeof(struct ipv6hdr));
429 skb_reset_transport_header(skb);
430
431 /* Manually assign socket ownership as we avoid calling
432 * sock_alloc_send_pskb() to bypass wmem buffer limits
433 */
434 skb_set_owner_w(skb, sk);
435
436 return skb;
437}
438
439static void ip6_nd_hdr(struct sk_buff *skb,
440 const struct in6_addr *saddr,
441 const struct in6_addr *daddr,
442 int hop_limit, int len)
443{
444 struct ipv6hdr *hdr;
445 struct inet6_dev *idev;
446 unsigned tclass;
447
448 rcu_read_lock();
449 idev = __in6_dev_get(skb->dev);
450 tclass = idev ? idev->cnf.ndisc_tclass : 0;
451 rcu_read_unlock();
452
453 skb_push(skb, sizeof(*hdr));
454 skb_reset_network_header(skb);
455 hdr = ipv6_hdr(skb);
456
457 ip6_flow_hdr(hdr, tclass, 0);
458
459 hdr->payload_len = htons(len);
460 hdr->nexthdr = IPPROTO_ICMPV6;
461 hdr->hop_limit = hop_limit;
462
463 hdr->saddr = *saddr;
464 hdr->daddr = *daddr;
465}
466
467static void ndisc_send_skb(struct sk_buff *skb,
468 const struct in6_addr *daddr,
469 const struct in6_addr *saddr)
470{
471 struct dst_entry *dst = skb_dst(skb);
472 struct net *net = dev_net(skb->dev);
473 struct sock *sk = net->ipv6.ndisc_sk;
474 struct inet6_dev *idev;
475 int err;
476 struct icmp6hdr *icmp6h = icmp6_hdr(skb);
477 u8 type;
478
479 type = icmp6h->icmp6_type;
480
481 if (!dst) {
482 struct flowi6 fl6;
483 int oif = skb->dev->ifindex;
484
485 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, oif);
486 dst = icmp6_dst_alloc(skb->dev, &fl6);
487 if (IS_ERR(dst)) {
488 kfree_skb(skb);
489 return;
490 }
491
492 skb_dst_set(skb, dst);
493 }
494
495 icmp6h->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len,
496 IPPROTO_ICMPV6,
497 csum_partial(icmp6h,
498 skb->len, 0));
499
500 ip6_nd_hdr(skb, saddr, daddr, inet6_sk(sk)->hop_limit, skb->len);
501
502 rcu_read_lock();
503 idev = __in6_dev_get(dst->dev);
504 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
505
506 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT,
507 net, sk, skb, NULL, dst->dev,
508 dst_output);
509 if (!err) {
510 ICMP6MSGOUT_INC_STATS(net, idev, type);
511 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
512 }
513
514 rcu_read_unlock();
515}
516
517void ndisc_send_na(struct net_device *dev, const struct in6_addr *daddr,
518 const struct in6_addr *solicited_addr,
519 bool router, bool solicited, bool override, bool inc_opt)
520{
521 struct sk_buff *skb;
522 struct in6_addr tmpaddr;
523 struct inet6_ifaddr *ifp;
524 const struct in6_addr *src_addr;
525 struct nd_msg *msg;
526 int optlen = 0;
527
528 /* for anycast or proxy, solicited_addr != src_addr */
529 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
530 if (ifp) {
531 src_addr = solicited_addr;
532 if (ifp->flags & IFA_F_OPTIMISTIC)
533 override = false;
534 inc_opt |= ifp->idev->cnf.force_tllao;
535 in6_ifa_put(ifp);
536 } else {
537 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
538 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
539 &tmpaddr))
540 return;
541 src_addr = &tmpaddr;
542 }
543
544 if (!dev->addr_len)
545 inc_opt = false;
546 if (inc_opt)
547 optlen += ndisc_opt_addr_space(dev,
548 NDISC_NEIGHBOUR_ADVERTISEMENT);
549
550 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
551 if (!skb)
552 return;
553
554 msg = skb_put(skb, sizeof(*msg));
555 *msg = (struct nd_msg) {
556 .icmph = {
557 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
558 .icmp6_router = router,
559 .icmp6_solicited = solicited,
560 .icmp6_override = override,
561 },
562 .target = *solicited_addr,
563 };
564
565 if (inc_opt)
566 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR,
567 dev->dev_addr,
568 NDISC_NEIGHBOUR_ADVERTISEMENT);
569
570 ndisc_send_skb(skb, daddr, src_addr);
571}
572
573static void ndisc_send_unsol_na(struct net_device *dev)
574{
575 struct inet6_dev *idev;
576 struct inet6_ifaddr *ifa;
577
578 idev = in6_dev_get(dev);
579 if (!idev)
580 return;
581
582 read_lock_bh(&idev->lock);
583 list_for_each_entry(ifa, &idev->addr_list, if_list) {
584 /* skip tentative addresses until dad completes */
585 if (ifa->flags & IFA_F_TENTATIVE &&
586 !(ifa->flags & IFA_F_OPTIMISTIC))
587 continue;
588
589 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &ifa->addr,
590 /*router=*/ !!idev->cnf.forwarding,
591 /*solicited=*/ false, /*override=*/ true,
592 /*inc_opt=*/ true);
593 }
594 read_unlock_bh(&idev->lock);
595
596 in6_dev_put(idev);
597}
598
599void ndisc_send_ns(struct net_device *dev, const struct in6_addr *solicit,
600 const struct in6_addr *daddr, const struct in6_addr *saddr,
601 u64 nonce)
602{
603 struct sk_buff *skb;
604 struct in6_addr addr_buf;
605 int inc_opt = dev->addr_len;
606 int optlen = 0;
607 struct nd_msg *msg;
608
609 if (!saddr) {
610 if (ipv6_get_lladdr(dev, &addr_buf,
611 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
612 return;
613 saddr = &addr_buf;
614 }
615
616 if (ipv6_addr_any(saddr))
617 inc_opt = false;
618 if (inc_opt)
619 optlen += ndisc_opt_addr_space(dev,
620 NDISC_NEIGHBOUR_SOLICITATION);
621 if (nonce != 0)
622 optlen += 8;
623
624 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
625 if (!skb)
626 return;
627
628 msg = skb_put(skb, sizeof(*msg));
629 *msg = (struct nd_msg) {
630 .icmph = {
631 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
632 },
633 .target = *solicit,
634 };
635
636 if (inc_opt)
637 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
638 dev->dev_addr,
639 NDISC_NEIGHBOUR_SOLICITATION);
640 if (nonce != 0) {
641 u8 *opt = skb_put(skb, 8);
642
643 opt[0] = ND_OPT_NONCE;
644 opt[1] = 8 >> 3;
645 memcpy(opt + 2, &nonce, 6);
646 }
647
648 ndisc_send_skb(skb, daddr, saddr);
649}
650
651void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
652 const struct in6_addr *daddr)
653{
654 struct sk_buff *skb;
655 struct rs_msg *msg;
656 int send_sllao = dev->addr_len;
657 int optlen = 0;
658
659#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
660 /*
661 * According to section 2.2 of RFC 4429, we must not
662 * send router solicitations with a sllao from
663 * optimistic addresses, but we may send the solicitation
664 * if we don't include the sllao. So here we check
665 * if our address is optimistic, and if so, we
666 * suppress the inclusion of the sllao.
667 */
668 if (send_sllao) {
669 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
670 dev, 1);
671 if (ifp) {
672 if (ifp->flags & IFA_F_OPTIMISTIC) {
673 send_sllao = 0;
674 }
675 in6_ifa_put(ifp);
676 } else {
677 send_sllao = 0;
678 }
679 }
680#endif
681 if (send_sllao)
682 optlen += ndisc_opt_addr_space(dev, NDISC_ROUTER_SOLICITATION);
683
684 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
685 if (!skb)
686 return;
687
688 msg = skb_put(skb, sizeof(*msg));
689 *msg = (struct rs_msg) {
690 .icmph = {
691 .icmp6_type = NDISC_ROUTER_SOLICITATION,
692 },
693 };
694
695 if (send_sllao)
696 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
697 dev->dev_addr,
698 NDISC_ROUTER_SOLICITATION);
699
700 ndisc_send_skb(skb, daddr, saddr);
701}
702
703
704static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
705{
706 /*
707 * "The sender MUST return an ICMP
708 * destination unreachable"
709 */
710 dst_link_failure(skb);
711 kfree_skb(skb);
712}
713
714/* Called with locked neigh: either read or both */
715
716static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
717{
718 struct in6_addr *saddr = NULL;
719 struct in6_addr mcaddr;
720 struct net_device *dev = neigh->dev;
721 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
722 int probes = atomic_read(&neigh->probes);
723
724 if (skb && ipv6_chk_addr_and_flags(dev_net(dev), &ipv6_hdr(skb)->saddr,
725 dev, false, 1,
726 IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))
727 saddr = &ipv6_hdr(skb)->saddr;
728 probes -= NEIGH_VAR(neigh->parms, UCAST_PROBES);
729 if (probes < 0) {
730 if (!(neigh->nud_state & NUD_VALID)) {
731 ND_PRINTK(1, dbg,
732 "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
733 __func__, target);
734 }
735 ndisc_send_ns(dev, target, target, saddr, 0);
736 } else if ((probes -= NEIGH_VAR(neigh->parms, APP_PROBES)) < 0) {
737 neigh_app_ns(neigh);
738 } else {
739 addrconf_addr_solict_mult(target, &mcaddr);
740 ndisc_send_ns(dev, target, &mcaddr, saddr, 0);
741 }
742}
743
744static int pndisc_is_router(const void *pkey,
745 struct net_device *dev)
746{
747 struct pneigh_entry *n;
748 int ret = -1;
749
750 read_lock_bh(&nd_tbl.lock);
751 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
752 if (n)
753 ret = !!(n->flags & NTF_ROUTER);
754 read_unlock_bh(&nd_tbl.lock);
755
756 return ret;
757}
758
759void ndisc_update(const struct net_device *dev, struct neighbour *neigh,
760 const u8 *lladdr, u8 new, u32 flags, u8 icmp6_type,
761 struct ndisc_options *ndopts)
762{
763 neigh_update(neigh, lladdr, new, flags, 0);
764 /* report ndisc ops about neighbour update */
765 ndisc_ops_update(dev, neigh, flags, icmp6_type, ndopts);
766}
767
768static void ndisc_recv_ns(struct sk_buff *skb)
769{
770 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
771 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
772 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
773 u8 *lladdr = NULL;
774 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
775 offsetof(struct nd_msg, opt));
776 struct ndisc_options ndopts;
777 struct net_device *dev = skb->dev;
778 struct inet6_ifaddr *ifp;
779 struct inet6_dev *idev = NULL;
780 struct neighbour *neigh;
781 int dad = ipv6_addr_any(saddr);
782 bool inc;
783 int is_router = -1;
784 u64 nonce = 0;
785
786 if (skb->len < sizeof(struct nd_msg)) {
787 ND_PRINTK(2, warn, "NS: packet too short\n");
788 return;
789 }
790
791 if (ipv6_addr_is_multicast(&msg->target)) {
792 ND_PRINTK(2, warn, "NS: multicast target address\n");
793 return;
794 }
795
796 /*
797 * RFC2461 7.1.1:
798 * DAD has to be destined for solicited node multicast address.
799 */
800 if (dad && !ipv6_addr_is_solict_mult(daddr)) {
801 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
802 return;
803 }
804
805 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
806 ND_PRINTK(2, warn, "NS: invalid ND options\n");
807 return;
808 }
809
810 if (ndopts.nd_opts_src_lladdr) {
811 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
812 if (!lladdr) {
813 ND_PRINTK(2, warn,
814 "NS: invalid link-layer address length\n");
815 return;
816 }
817
818 /* RFC2461 7.1.1:
819 * If the IP source address is the unspecified address,
820 * there MUST NOT be source link-layer address option
821 * in the message.
822 */
823 if (dad) {
824 ND_PRINTK(2, warn,
825 "NS: bad DAD packet (link-layer address option)\n");
826 return;
827 }
828 }
829 if (ndopts.nd_opts_nonce && ndopts.nd_opts_nonce->nd_opt_len == 1)
830 memcpy(&nonce, (u8 *)(ndopts.nd_opts_nonce + 1), 6);
831
832 inc = ipv6_addr_is_multicast(daddr);
833
834 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
835 if (ifp) {
836have_ifp:
837 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
838 if (dad) {
839 if (nonce != 0 && ifp->dad_nonce == nonce) {
840 u8 *np = (u8 *)&nonce;
841 /* Matching nonce if looped back */
842 ND_PRINTK(2, notice,
843 "%s: IPv6 DAD loopback for address %pI6c nonce %pM ignored\n",
844 ifp->idev->dev->name,
845 &ifp->addr, np);
846 goto out;
847 }
848 /*
849 * We are colliding with another node
850 * who is doing DAD
851 * so fail our DAD process
852 */
853 addrconf_dad_failure(skb, ifp);
854 return;
855 } else {
856 /*
857 * This is not a dad solicitation.
858 * If we are an optimistic node,
859 * we should respond.
860 * Otherwise, we should ignore it.
861 */
862 if (!(ifp->flags & IFA_F_OPTIMISTIC))
863 goto out;
864 }
865 }
866
867 idev = ifp->idev;
868 } else {
869 struct net *net = dev_net(dev);
870
871 /* perhaps an address on the master device */
872 if (netif_is_l3_slave(dev)) {
873 struct net_device *mdev;
874
875 mdev = netdev_master_upper_dev_get_rcu(dev);
876 if (mdev) {
877 ifp = ipv6_get_ifaddr(net, &msg->target, mdev, 1);
878 if (ifp)
879 goto have_ifp;
880 }
881 }
882
883 idev = in6_dev_get(dev);
884 if (!idev) {
885 /* XXX: count this drop? */
886 return;
887 }
888
889 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
890 (idev->cnf.forwarding &&
891 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
892 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
893 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
894 skb->pkt_type != PACKET_HOST &&
895 inc &&
896 NEIGH_VAR(idev->nd_parms, PROXY_DELAY) != 0) {
897 /*
898 * for anycast or proxy,
899 * sender should delay its response
900 * by a random time between 0 and
901 * MAX_ANYCAST_DELAY_TIME seconds.
902 * (RFC2461) -- yoshfuji
903 */
904 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
905 if (n)
906 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
907 goto out;
908 }
909 } else
910 goto out;
911 }
912
913 if (is_router < 0)
914 is_router = idev->cnf.forwarding;
915
916 if (dad) {
917 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &msg->target,
918 !!is_router, false, (ifp != NULL), true);
919 goto out;
920 }
921
922 if (inc)
923 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
924 else
925 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
926
927 /*
928 * update / create cache entry
929 * for the source address
930 */
931 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
932 !inc || lladdr || !dev->addr_len);
933 if (neigh)
934 ndisc_update(dev, neigh, lladdr, NUD_STALE,
935 NEIGH_UPDATE_F_WEAK_OVERRIDE|
936 NEIGH_UPDATE_F_OVERRIDE,
937 NDISC_NEIGHBOUR_SOLICITATION, &ndopts);
938 if (neigh || !dev->header_ops) {
939 ndisc_send_na(dev, saddr, &msg->target, !!is_router,
940 true, (ifp != NULL && inc), inc);
941 if (neigh)
942 neigh_release(neigh);
943 }
944
945out:
946 if (ifp)
947 in6_ifa_put(ifp);
948 else
949 in6_dev_put(idev);
950}
951
952static void ndisc_recv_na(struct sk_buff *skb)
953{
954 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
955 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
956 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
957 u8 *lladdr = NULL;
958 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
959 offsetof(struct nd_msg, opt));
960 struct ndisc_options ndopts;
961 struct net_device *dev = skb->dev;
962 struct inet6_dev *idev = __in6_dev_get(dev);
963 struct inet6_ifaddr *ifp;
964 struct neighbour *neigh;
965
966 if (skb->len < sizeof(struct nd_msg)) {
967 ND_PRINTK(2, warn, "NA: packet too short\n");
968 return;
969 }
970
971 if (ipv6_addr_is_multicast(&msg->target)) {
972 ND_PRINTK(2, warn, "NA: target address is multicast\n");
973 return;
974 }
975
976 if (ipv6_addr_is_multicast(daddr) &&
977 msg->icmph.icmp6_solicited) {
978 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
979 return;
980 }
981
982 /* For some 802.11 wireless deployments (and possibly other networks),
983 * there will be a NA proxy and unsolicitd packets are attacks
984 * and thus should not be accepted.
985 */
986 if (!msg->icmph.icmp6_solicited && idev &&
987 idev->cnf.drop_unsolicited_na)
988 return;
989
990 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
991 ND_PRINTK(2, warn, "NS: invalid ND option\n");
992 return;
993 }
994 if (ndopts.nd_opts_tgt_lladdr) {
995 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
996 if (!lladdr) {
997 ND_PRINTK(2, warn,
998 "NA: invalid link-layer address length\n");
999 return;
1000 }
1001 }
1002 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
1003 if (ifp) {
1004 if (skb->pkt_type != PACKET_LOOPBACK
1005 && (ifp->flags & IFA_F_TENTATIVE)) {
1006 addrconf_dad_failure(skb, ifp);
1007 return;
1008 }
1009 /* What should we make now? The advertisement
1010 is invalid, but ndisc specs say nothing
1011 about it. It could be misconfiguration, or
1012 an smart proxy agent tries to help us :-)
1013
1014 We should not print the error if NA has been
1015 received from loopback - it is just our own
1016 unsolicited advertisement.
1017 */
1018 if (skb->pkt_type != PACKET_LOOPBACK)
1019 ND_PRINTK(1, warn,
1020 "NA: %pM advertised our address %pI6c on %s!\n",
1021 eth_hdr(skb)->h_source, &ifp->addr, ifp->idev->dev->name);
1022 in6_ifa_put(ifp);
1023 return;
1024 }
1025 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
1026
1027 if (neigh) {
1028 u8 old_flags = neigh->flags;
1029 struct net *net = dev_net(dev);
1030
1031 if (neigh->nud_state & NUD_FAILED)
1032 goto out;
1033
1034 /*
1035 * Don't update the neighbor cache entry on a proxy NA from
1036 * ourselves because either the proxied node is off link or it
1037 * has already sent a NA to us.
1038 */
1039 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
1040 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
1041 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
1042 /* XXX: idev->cnf.proxy_ndp */
1043 goto out;
1044 }
1045
1046 ndisc_update(dev, neigh, lladdr,
1047 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
1048 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1049 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
1050 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1051 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0),
1052 NDISC_NEIGHBOUR_ADVERTISEMENT, &ndopts);
1053
1054 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
1055 /*
1056 * Change: router to host
1057 */
1058 rt6_clean_tohost(dev_net(dev), saddr);
1059 }
1060
1061out:
1062 neigh_release(neigh);
1063 }
1064}
1065
1066static void ndisc_recv_rs(struct sk_buff *skb)
1067{
1068 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
1069 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
1070 struct neighbour *neigh;
1071 struct inet6_dev *idev;
1072 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
1073 struct ndisc_options ndopts;
1074 u8 *lladdr = NULL;
1075
1076 if (skb->len < sizeof(*rs_msg))
1077 return;
1078
1079 idev = __in6_dev_get(skb->dev);
1080 if (!idev) {
1081 ND_PRINTK(1, err, "RS: can't find in6 device\n");
1082 return;
1083 }
1084
1085 /* Don't accept RS if we're not in router mode */
1086 if (!idev->cnf.forwarding)
1087 goto out;
1088
1089 /*
1090 * Don't update NCE if src = ::;
1091 * this implies that the source node has no ip address assigned yet.
1092 */
1093 if (ipv6_addr_any(saddr))
1094 goto out;
1095
1096 /* Parse ND options */
1097 if (!ndisc_parse_options(skb->dev, rs_msg->opt, ndoptlen, &ndopts)) {
1098 ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n");
1099 goto out;
1100 }
1101
1102 if (ndopts.nd_opts_src_lladdr) {
1103 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1104 skb->dev);
1105 if (!lladdr)
1106 goto out;
1107 }
1108
1109 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1110 if (neigh) {
1111 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1112 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1113 NEIGH_UPDATE_F_OVERRIDE|
1114 NEIGH_UPDATE_F_OVERRIDE_ISROUTER,
1115 NDISC_ROUTER_SOLICITATION, &ndopts);
1116 neigh_release(neigh);
1117 }
1118out:
1119 return;
1120}
1121
1122static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1123{
1124 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1125 struct sk_buff *skb;
1126 struct nlmsghdr *nlh;
1127 struct nduseroptmsg *ndmsg;
1128 struct net *net = dev_net(ra->dev);
1129 int err;
1130 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1131 + (opt->nd_opt_len << 3));
1132 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1133
1134 skb = nlmsg_new(msg_size, GFP_ATOMIC);
1135 if (!skb) {
1136 err = -ENOBUFS;
1137 goto errout;
1138 }
1139
1140 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1141 if (!nlh) {
1142 goto nla_put_failure;
1143 }
1144
1145 ndmsg = nlmsg_data(nlh);
1146 ndmsg->nduseropt_family = AF_INET6;
1147 ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1148 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1149 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1150 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1151
1152 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1153
1154 if (nla_put_in6_addr(skb, NDUSEROPT_SRCADDR, &ipv6_hdr(ra)->saddr))
1155 goto nla_put_failure;
1156 nlmsg_end(skb, nlh);
1157
1158 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1159 return;
1160
1161nla_put_failure:
1162 nlmsg_free(skb);
1163 err = -EMSGSIZE;
1164errout:
1165 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1166}
1167
1168static void ndisc_router_discovery(struct sk_buff *skb)
1169{
1170 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1171 struct neighbour *neigh = NULL;
1172 struct inet6_dev *in6_dev;
1173 struct fib6_info *rt = NULL;
1174 struct net *net;
1175 int lifetime;
1176 struct ndisc_options ndopts;
1177 int optlen;
1178 unsigned int pref = 0;
1179 __u32 old_if_flags;
1180 bool send_ifinfo_notify = false;
1181
1182 __u8 *opt = (__u8 *)(ra_msg + 1);
1183
1184 optlen = (skb_tail_pointer(skb) - skb_transport_header(skb)) -
1185 sizeof(struct ra_msg);
1186
1187 ND_PRINTK(2, info,
1188 "RA: %s, dev: %s\n",
1189 __func__, skb->dev->name);
1190 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1191 ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1192 return;
1193 }
1194 if (optlen < 0) {
1195 ND_PRINTK(2, warn, "RA: packet too short\n");
1196 return;
1197 }
1198
1199#ifdef CONFIG_IPV6_NDISC_NODETYPE
1200 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1201 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
1202 return;
1203 }
1204#endif
1205
1206 /*
1207 * set the RA_RECV flag in the interface
1208 */
1209
1210 in6_dev = __in6_dev_get(skb->dev);
1211 if (!in6_dev) {
1212 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1213 skb->dev->name);
1214 return;
1215 }
1216
1217 if (!ndisc_parse_options(skb->dev, opt, optlen, &ndopts)) {
1218 ND_PRINTK(2, warn, "RA: invalid ND options\n");
1219 return;
1220 }
1221
1222 if (!ipv6_accept_ra(in6_dev)) {
1223 ND_PRINTK(2, info,
1224 "RA: %s, did not accept ra for dev: %s\n",
1225 __func__, skb->dev->name);
1226 goto skip_linkparms;
1227 }
1228
1229#ifdef CONFIG_IPV6_NDISC_NODETYPE
1230 /* skip link-specific parameters from interior routers */
1231 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1232 ND_PRINTK(2, info,
1233 "RA: %s, nodetype is NODEFAULT, dev: %s\n",
1234 __func__, skb->dev->name);
1235 goto skip_linkparms;
1236 }
1237#endif
1238
1239 if (in6_dev->if_flags & IF_RS_SENT) {
1240 /*
1241 * flag that an RA was received after an RS was sent
1242 * out on this interface.
1243 */
1244 in6_dev->if_flags |= IF_RA_RCVD;
1245 }
1246
1247 /*
1248 * Remember the managed/otherconf flags from most recently
1249 * received RA message (RFC 2462) -- yoshfuji
1250 */
1251 old_if_flags = in6_dev->if_flags;
1252 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1253 IF_RA_OTHERCONF)) |
1254 (ra_msg->icmph.icmp6_addrconf_managed ?
1255 IF_RA_MANAGED : 0) |
1256 (ra_msg->icmph.icmp6_addrconf_other ?
1257 IF_RA_OTHERCONF : 0);
1258
1259 if (old_if_flags != in6_dev->if_flags)
1260 send_ifinfo_notify = true;
1261
1262 if (!in6_dev->cnf.accept_ra_defrtr) {
1263 ND_PRINTK(2, info,
1264 "RA: %s, defrtr is false for dev: %s\n",
1265 __func__, skb->dev->name);
1266 goto skip_defrtr;
1267 }
1268
1269 /* Do not accept RA with source-addr found on local machine unless
1270 * accept_ra_from_local is set to true.
1271 */
1272 net = dev_net(in6_dev->dev);
1273 if (!in6_dev->cnf.accept_ra_from_local &&
1274 ipv6_chk_addr(net, &ipv6_hdr(skb)->saddr, in6_dev->dev, 0)) {
1275 ND_PRINTK(2, info,
1276 "RA from local address detected on dev: %s: default router ignored\n",
1277 skb->dev->name);
1278 goto skip_defrtr;
1279 }
1280
1281 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1282
1283#ifdef CONFIG_IPV6_ROUTER_PREF
1284 pref = ra_msg->icmph.icmp6_router_pref;
1285 /* 10b is handled as if it were 00b (medium) */
1286 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1287 !in6_dev->cnf.accept_ra_rtr_pref)
1288 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1289#endif
1290 /* routes added from RAs do not use nexthop objects */
1291 rt = rt6_get_dflt_router(net, &ipv6_hdr(skb)->saddr, skb->dev);
1292 if (rt) {
1293 neigh = ip6_neigh_lookup(&rt->fib6_nh->fib_nh_gw6,
1294 rt->fib6_nh->fib_nh_dev, NULL,
1295 &ipv6_hdr(skb)->saddr);
1296 if (!neigh) {
1297 ND_PRINTK(0, err,
1298 "RA: %s got default router without neighbour\n",
1299 __func__);
1300 fib6_info_release(rt);
1301 return;
1302 }
1303 }
1304 if (rt && lifetime == 0) {
1305 ip6_del_rt(net, rt, false);
1306 rt = NULL;
1307 }
1308
1309 ND_PRINTK(3, info, "RA: rt: %p lifetime: %d, for dev: %s\n",
1310 rt, lifetime, skb->dev->name);
1311 if (!rt && lifetime) {
1312 ND_PRINTK(3, info, "RA: adding default router\n");
1313
1314 rt = rt6_add_dflt_router(net, &ipv6_hdr(skb)->saddr,
1315 skb->dev, pref);
1316 if (!rt) {
1317 ND_PRINTK(0, err,
1318 "RA: %s failed to add default route\n",
1319 __func__);
1320 return;
1321 }
1322
1323 neigh = ip6_neigh_lookup(&rt->fib6_nh->fib_nh_gw6,
1324 rt->fib6_nh->fib_nh_dev, NULL,
1325 &ipv6_hdr(skb)->saddr);
1326 if (!neigh) {
1327 ND_PRINTK(0, err,
1328 "RA: %s got default router without neighbour\n",
1329 __func__);
1330 fib6_info_release(rt);
1331 return;
1332 }
1333 neigh->flags |= NTF_ROUTER;
1334 } else if (rt) {
1335 rt->fib6_flags = (rt->fib6_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1336 }
1337
1338 if (rt)
1339 fib6_set_expires(rt, jiffies + (HZ * lifetime));
1340 if (in6_dev->cnf.accept_ra_min_hop_limit < 256 &&
1341 ra_msg->icmph.icmp6_hop_limit) {
1342 if (in6_dev->cnf.accept_ra_min_hop_limit <= ra_msg->icmph.icmp6_hop_limit) {
1343 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1344 fib6_metric_set(rt, RTAX_HOPLIMIT,
1345 ra_msg->icmph.icmp6_hop_limit);
1346 } else {
1347 ND_PRINTK(2, warn, "RA: Got route advertisement with lower hop_limit than minimum\n");
1348 }
1349 }
1350
1351skip_defrtr:
1352
1353 /*
1354 * Update Reachable Time and Retrans Timer
1355 */
1356
1357 if (in6_dev->nd_parms) {
1358 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1359
1360 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1361 rtime = (rtime*HZ)/1000;
1362 if (rtime < HZ/100)
1363 rtime = HZ/100;
1364 NEIGH_VAR_SET(in6_dev->nd_parms, RETRANS_TIME, rtime);
1365 in6_dev->tstamp = jiffies;
1366 send_ifinfo_notify = true;
1367 }
1368
1369 rtime = ntohl(ra_msg->reachable_time);
1370 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1371 rtime = (rtime*HZ)/1000;
1372
1373 if (rtime < HZ/10)
1374 rtime = HZ/10;
1375
1376 if (rtime != NEIGH_VAR(in6_dev->nd_parms, BASE_REACHABLE_TIME)) {
1377 NEIGH_VAR_SET(in6_dev->nd_parms,
1378 BASE_REACHABLE_TIME, rtime);
1379 NEIGH_VAR_SET(in6_dev->nd_parms,
1380 GC_STALETIME, 3 * rtime);
1381 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1382 in6_dev->tstamp = jiffies;
1383 send_ifinfo_notify = true;
1384 }
1385 }
1386 }
1387
1388 /*
1389 * Send a notify if RA changed managed/otherconf flags or timer settings
1390 */
1391 if (send_ifinfo_notify)
1392 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1393
1394skip_linkparms:
1395
1396 /*
1397 * Process options.
1398 */
1399
1400 if (!neigh)
1401 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1402 skb->dev, 1);
1403 if (neigh) {
1404 u8 *lladdr = NULL;
1405 if (ndopts.nd_opts_src_lladdr) {
1406 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1407 skb->dev);
1408 if (!lladdr) {
1409 ND_PRINTK(2, warn,
1410 "RA: invalid link-layer address length\n");
1411 goto out;
1412 }
1413 }
1414 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1415 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1416 NEIGH_UPDATE_F_OVERRIDE|
1417 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1418 NEIGH_UPDATE_F_ISROUTER,
1419 NDISC_ROUTER_ADVERTISEMENT, &ndopts);
1420 }
1421
1422 if (!ipv6_accept_ra(in6_dev)) {
1423 ND_PRINTK(2, info,
1424 "RA: %s, accept_ra is false for dev: %s\n",
1425 __func__, skb->dev->name);
1426 goto out;
1427 }
1428
1429#ifdef CONFIG_IPV6_ROUTE_INFO
1430 if (!in6_dev->cnf.accept_ra_from_local &&
1431 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
1432 in6_dev->dev, 0)) {
1433 ND_PRINTK(2, info,
1434 "RA from local address detected on dev: %s: router info ignored.\n",
1435 skb->dev->name);
1436 goto skip_routeinfo;
1437 }
1438
1439 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1440 struct nd_opt_hdr *p;
1441 for (p = ndopts.nd_opts_ri;
1442 p;
1443 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1444 struct route_info *ri = (struct route_info *)p;
1445#ifdef CONFIG_IPV6_NDISC_NODETYPE
1446 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1447 ri->prefix_len == 0)
1448 continue;
1449#endif
1450 if (ri->prefix_len == 0 &&
1451 !in6_dev->cnf.accept_ra_defrtr)
1452 continue;
1453 if (ri->prefix_len < in6_dev->cnf.accept_ra_rt_info_min_plen)
1454 continue;
1455 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1456 continue;
1457 rt6_route_rcv(skb->dev, (u8 *)p, (p->nd_opt_len) << 3,
1458 &ipv6_hdr(skb)->saddr);
1459 }
1460 }
1461
1462skip_routeinfo:
1463#endif
1464
1465#ifdef CONFIG_IPV6_NDISC_NODETYPE
1466 /* skip link-specific ndopts from interior routers */
1467 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1468 ND_PRINTK(2, info,
1469 "RA: %s, nodetype is NODEFAULT (interior routes), dev: %s\n",
1470 __func__, skb->dev->name);
1471 goto out;
1472 }
1473#endif
1474
1475 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1476 struct nd_opt_hdr *p;
1477 for (p = ndopts.nd_opts_pi;
1478 p;
1479 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1480 addrconf_prefix_rcv(skb->dev, (u8 *)p,
1481 (p->nd_opt_len) << 3,
1482 ndopts.nd_opts_src_lladdr != NULL);
1483 }
1484 }
1485
1486 if (ndopts.nd_opts_mtu && in6_dev->cnf.accept_ra_mtu) {
1487 __be32 n;
1488 u32 mtu;
1489
1490 memcpy(&n, ((u8 *)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1491 mtu = ntohl(n);
1492
1493 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1494 ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1495 } else if (in6_dev->cnf.mtu6 != mtu) {
1496 in6_dev->cnf.mtu6 = mtu;
1497 fib6_metric_set(rt, RTAX_MTU, mtu);
1498 rt6_mtu_change(skb->dev, mtu);
1499 }
1500 }
1501
1502 if (ndopts.nd_useropts) {
1503 struct nd_opt_hdr *p;
1504 for (p = ndopts.nd_useropts;
1505 p;
1506 p = ndisc_next_useropt(skb->dev, p,
1507 ndopts.nd_useropts_end)) {
1508 ndisc_ra_useropt(skb, p);
1509 }
1510 }
1511
1512 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1513 ND_PRINTK(2, warn, "RA: invalid RA options\n");
1514 }
1515out:
1516 fib6_info_release(rt);
1517 if (neigh)
1518 neigh_release(neigh);
1519}
1520
1521static void ndisc_redirect_rcv(struct sk_buff *skb)
1522{
1523 u8 *hdr;
1524 struct ndisc_options ndopts;
1525 struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb);
1526 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
1527 offsetof(struct rd_msg, opt));
1528
1529#ifdef CONFIG_IPV6_NDISC_NODETYPE
1530 switch (skb->ndisc_nodetype) {
1531 case NDISC_NODETYPE_HOST:
1532 case NDISC_NODETYPE_NODEFAULT:
1533 ND_PRINTK(2, warn,
1534 "Redirect: from host or unauthorized router\n");
1535 return;
1536 }
1537#endif
1538
1539 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1540 ND_PRINTK(2, warn,
1541 "Redirect: source address is not link-local\n");
1542 return;
1543 }
1544
1545 if (!ndisc_parse_options(skb->dev, msg->opt, ndoptlen, &ndopts))
1546 return;
1547
1548 if (!ndopts.nd_opts_rh) {
1549 ip6_redirect_no_header(skb, dev_net(skb->dev),
1550 skb->dev->ifindex);
1551 return;
1552 }
1553
1554 hdr = (u8 *)ndopts.nd_opts_rh;
1555 hdr += 8;
1556 if (!pskb_pull(skb, hdr - skb_transport_header(skb)))
1557 return;
1558
1559 icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1560}
1561
1562static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb,
1563 struct sk_buff *orig_skb,
1564 int rd_len)
1565{
1566 u8 *opt = skb_put(skb, rd_len);
1567
1568 memset(opt, 0, 8);
1569 *(opt++) = ND_OPT_REDIRECT_HDR;
1570 *(opt++) = (rd_len >> 3);
1571 opt += 6;
1572
1573 skb_copy_bits(orig_skb, skb_network_offset(orig_skb), opt,
1574 rd_len - 8);
1575}
1576
1577void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1578{
1579 struct net_device *dev = skb->dev;
1580 struct net *net = dev_net(dev);
1581 struct sock *sk = net->ipv6.ndisc_sk;
1582 int optlen = 0;
1583 struct inet_peer *peer;
1584 struct sk_buff *buff;
1585 struct rd_msg *msg;
1586 struct in6_addr saddr_buf;
1587 struct rt6_info *rt;
1588 struct dst_entry *dst;
1589 struct flowi6 fl6;
1590 int rd_len;
1591 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL,
1592 ops_data_buf[NDISC_OPS_REDIRECT_DATA_SPACE], *ops_data = NULL;
1593 bool ret;
1594
1595 if (netif_is_l3_master(skb->dev)) {
1596 dev = __dev_get_by_index(dev_net(skb->dev), IPCB(skb)->iif);
1597 if (!dev)
1598 return;
1599 }
1600
1601 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1602 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1603 dev->name);
1604 return;
1605 }
1606
1607 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1608 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1609 ND_PRINTK(2, warn,
1610 "Redirect: target address is not link-local unicast\n");
1611 return;
1612 }
1613
1614 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1615 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1616
1617 dst = ip6_route_output(net, NULL, &fl6);
1618 if (dst->error) {
1619 dst_release(dst);
1620 return;
1621 }
1622 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1623 if (IS_ERR(dst))
1624 return;
1625
1626 rt = (struct rt6_info *) dst;
1627
1628 if (rt->rt6i_flags & RTF_GATEWAY) {
1629 ND_PRINTK(2, warn,
1630 "Redirect: destination is not a neighbour\n");
1631 goto release;
1632 }
1633 peer = inet_getpeer_v6(net->ipv6.peers, &ipv6_hdr(skb)->saddr, 1);
1634 ret = inet_peer_xrlim_allow(peer, 1*HZ);
1635 if (peer)
1636 inet_putpeer(peer);
1637 if (!ret)
1638 goto release;
1639
1640 if (dev->addr_len) {
1641 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1642 if (!neigh) {
1643 ND_PRINTK(2, warn,
1644 "Redirect: no neigh for target address\n");
1645 goto release;
1646 }
1647
1648 read_lock_bh(&neigh->lock);
1649 if (neigh->nud_state & NUD_VALID) {
1650 memcpy(ha_buf, neigh->ha, dev->addr_len);
1651 read_unlock_bh(&neigh->lock);
1652 ha = ha_buf;
1653 optlen += ndisc_redirect_opt_addr_space(dev, neigh,
1654 ops_data_buf,
1655 &ops_data);
1656 } else
1657 read_unlock_bh(&neigh->lock);
1658
1659 neigh_release(neigh);
1660 }
1661
1662 rd_len = min_t(unsigned int,
1663 IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen,
1664 skb->len + 8);
1665 rd_len &= ~0x7;
1666 optlen += rd_len;
1667
1668 buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
1669 if (!buff)
1670 goto release;
1671
1672 msg = skb_put(buff, sizeof(*msg));
1673 *msg = (struct rd_msg) {
1674 .icmph = {
1675 .icmp6_type = NDISC_REDIRECT,
1676 },
1677 .target = *target,
1678 .dest = ipv6_hdr(skb)->daddr,
1679 };
1680
1681 /*
1682 * include target_address option
1683 */
1684
1685 if (ha)
1686 ndisc_fill_redirect_addr_option(buff, ha, ops_data);
1687
1688 /*
1689 * build redirect option and copy skb over to the new packet.
1690 */
1691
1692 if (rd_len)
1693 ndisc_fill_redirect_hdr_option(buff, skb, rd_len);
1694
1695 skb_dst_set(buff, dst);
1696 ndisc_send_skb(buff, &ipv6_hdr(skb)->saddr, &saddr_buf);
1697 return;
1698
1699release:
1700 dst_release(dst);
1701}
1702
1703static void pndisc_redo(struct sk_buff *skb)
1704{
1705 ndisc_recv_ns(skb);
1706 kfree_skb(skb);
1707}
1708
1709static bool ndisc_suppress_frag_ndisc(struct sk_buff *skb)
1710{
1711 struct inet6_dev *idev = __in6_dev_get(skb->dev);
1712
1713 if (!idev)
1714 return true;
1715 if (IP6CB(skb)->flags & IP6SKB_FRAGMENTED &&
1716 idev->cnf.suppress_frag_ndisc) {
1717 net_warn_ratelimited("Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.\n");
1718 return true;
1719 }
1720 return false;
1721}
1722
1723int ndisc_rcv(struct sk_buff *skb)
1724{
1725 struct nd_msg *msg;
1726
1727 if (ndisc_suppress_frag_ndisc(skb))
1728 return 0;
1729
1730 if (skb_linearize(skb))
1731 return 0;
1732
1733 msg = (struct nd_msg *)skb_transport_header(skb);
1734
1735 __skb_push(skb, skb->data - skb_transport_header(skb));
1736
1737 if (ipv6_hdr(skb)->hop_limit != 255) {
1738 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1739 ipv6_hdr(skb)->hop_limit);
1740 return 0;
1741 }
1742
1743 if (msg->icmph.icmp6_code != 0) {
1744 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1745 msg->icmph.icmp6_code);
1746 return 0;
1747 }
1748
1749 switch (msg->icmph.icmp6_type) {
1750 case NDISC_NEIGHBOUR_SOLICITATION:
1751 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1752 ndisc_recv_ns(skb);
1753 break;
1754
1755 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1756 ndisc_recv_na(skb);
1757 break;
1758
1759 case NDISC_ROUTER_SOLICITATION:
1760 ndisc_recv_rs(skb);
1761 break;
1762
1763 case NDISC_ROUTER_ADVERTISEMENT:
1764 ndisc_router_discovery(skb);
1765 break;
1766
1767 case NDISC_REDIRECT:
1768 ndisc_redirect_rcv(skb);
1769 break;
1770 }
1771
1772 return 0;
1773}
1774
1775static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1776{
1777 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1778 struct netdev_notifier_change_info *change_info;
1779 struct net *net = dev_net(dev);
1780 struct inet6_dev *idev;
1781
1782 switch (event) {
1783 case NETDEV_CHANGEADDR:
1784 neigh_changeaddr(&nd_tbl, dev);
1785 fib6_run_gc(0, net, false);
1786 fallthrough;
1787 case NETDEV_UP:
1788 idev = in6_dev_get(dev);
1789 if (!idev)
1790 break;
1791 if (idev->cnf.ndisc_notify ||
1792 net->ipv6.devconf_all->ndisc_notify)
1793 ndisc_send_unsol_na(dev);
1794 in6_dev_put(idev);
1795 break;
1796 case NETDEV_CHANGE:
1797 change_info = ptr;
1798 if (change_info->flags_changed & IFF_NOARP)
1799 neigh_changeaddr(&nd_tbl, dev);
1800 if (!netif_carrier_ok(dev))
1801 neigh_carrier_down(&nd_tbl, dev);
1802 break;
1803 case NETDEV_DOWN:
1804 neigh_ifdown(&nd_tbl, dev);
1805 fib6_run_gc(0, net, false);
1806 break;
1807 case NETDEV_NOTIFY_PEERS:
1808 ndisc_send_unsol_na(dev);
1809 break;
1810 default:
1811 break;
1812 }
1813
1814 return NOTIFY_DONE;
1815}
1816
1817static struct notifier_block ndisc_netdev_notifier = {
1818 .notifier_call = ndisc_netdev_event,
1819 .priority = ADDRCONF_NOTIFY_PRIORITY - 5,
1820};
1821
1822#ifdef CONFIG_SYSCTL
1823static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1824 const char *func, const char *dev_name)
1825{
1826 static char warncomm[TASK_COMM_LEN];
1827 static int warned;
1828 if (strcmp(warncomm, current->comm) && warned < 5) {
1829 strcpy(warncomm, current->comm);
1830 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1831 warncomm, func,
1832 dev_name, ctl->procname,
1833 dev_name, ctl->procname);
1834 warned++;
1835 }
1836}
1837
1838int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void *buffer,
1839 size_t *lenp, loff_t *ppos)
1840{
1841 struct net_device *dev = ctl->extra1;
1842 struct inet6_dev *idev;
1843 int ret;
1844
1845 if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1846 (strcmp(ctl->procname, "base_reachable_time") == 0))
1847 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1848
1849 if (strcmp(ctl->procname, "retrans_time") == 0)
1850 ret = neigh_proc_dointvec(ctl, write, buffer, lenp, ppos);
1851
1852 else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1853 ret = neigh_proc_dointvec_jiffies(ctl, write,
1854 buffer, lenp, ppos);
1855
1856 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1857 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1858 ret = neigh_proc_dointvec_ms_jiffies(ctl, write,
1859 buffer, lenp, ppos);
1860 else
1861 ret = -1;
1862
1863 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1864 if (ctl->data == &NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME))
1865 idev->nd_parms->reachable_time =
1866 neigh_rand_reach_time(NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME));
1867 idev->tstamp = jiffies;
1868 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1869 in6_dev_put(idev);
1870 }
1871 return ret;
1872}
1873
1874
1875#endif
1876
1877static int __net_init ndisc_net_init(struct net *net)
1878{
1879 struct ipv6_pinfo *np;
1880 struct sock *sk;
1881 int err;
1882
1883 err = inet_ctl_sock_create(&sk, PF_INET6,
1884 SOCK_RAW, IPPROTO_ICMPV6, net);
1885 if (err < 0) {
1886 ND_PRINTK(0, err,
1887 "NDISC: Failed to initialize the control socket (err %d)\n",
1888 err);
1889 return err;
1890 }
1891
1892 net->ipv6.ndisc_sk = sk;
1893
1894 np = inet6_sk(sk);
1895 np->hop_limit = 255;
1896 /* Do not loopback ndisc messages */
1897 np->mc_loop = 0;
1898
1899 return 0;
1900}
1901
1902static void __net_exit ndisc_net_exit(struct net *net)
1903{
1904 inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1905}
1906
1907static struct pernet_operations ndisc_net_ops = {
1908 .init = ndisc_net_init,
1909 .exit = ndisc_net_exit,
1910};
1911
1912int __init ndisc_init(void)
1913{
1914 int err;
1915
1916 err = register_pernet_subsys(&ndisc_net_ops);
1917 if (err)
1918 return err;
1919 /*
1920 * Initialize the neighbour table
1921 */
1922 neigh_table_init(NEIGH_ND_TABLE, &nd_tbl);
1923
1924#ifdef CONFIG_SYSCTL
1925 err = neigh_sysctl_register(NULL, &nd_tbl.parms,
1926 ndisc_ifinfo_sysctl_change);
1927 if (err)
1928 goto out_unregister_pernet;
1929out:
1930#endif
1931 return err;
1932
1933#ifdef CONFIG_SYSCTL
1934out_unregister_pernet:
1935 unregister_pernet_subsys(&ndisc_net_ops);
1936 goto out;
1937#endif
1938}
1939
1940int __init ndisc_late_init(void)
1941{
1942 return register_netdevice_notifier(&ndisc_netdev_notifier);
1943}
1944
1945void ndisc_late_cleanup(void)
1946{
1947 unregister_netdevice_notifier(&ndisc_netdev_notifier);
1948}
1949
1950void ndisc_cleanup(void)
1951{
1952#ifdef CONFIG_SYSCTL
1953 neigh_sysctl_unregister(&nd_tbl.parms);
1954#endif
1955 neigh_table_clear(NEIGH_ND_TABLE, &nd_tbl);
1956 unregister_pernet_subsys(&ndisc_net_ops);
1957}