1 /*
2 * Neighbour Discovery for IPv6
3 * Linux INET6 implementation
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 * Mike Shaver <shaver@ingenia.com>
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version
12 * 2 of the License, or (at your option) any later version.
13 */
14
15 /*
16 * Changes:
17 *
18 * Alexey I. Froloff : RFC6106 (DNSSL) support
19 * Pierre Ynard : export userland ND options
20 * through netlink (RDNSS support)
21 * Lars Fenneberg : fixed MTU setting on receipt
22 * of an RA.
23 * Janos Farkas : kmalloc failure checks
24 * Alexey Kuznetsov : state machine reworked
25 * and moved to net/core.
26 * Pekka Savola : RFC2461 validation
27 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly
28 */
29
30 #define pr_fmt(fmt) "ICMPv6: " fmt
31
32 #include <linux/module.h>
33 #include <linux/errno.h>
34 #include <linux/types.h>
35 #include <linux/socket.h>
36 #include <linux/sockios.h>
37 #include <linux/sched.h>
38 #include <linux/net.h>
39 #include <linux/in6.h>
40 #include <linux/route.h>
41 #include <linux/init.h>
42 #include <linux/rcupdate.h>
43 #include <linux/slab.h>
44 #ifdef CONFIG_SYSCTL
45 #include <linux/sysctl.h>
46 #endif
47
48 #include <linux/if_addr.h>
49 #include <linux/if_arp.h>
50 #include <linux/ipv6.h>
51 #include <linux/icmpv6.h>
52 #include <linux/jhash.h>
53
54 #include <net/sock.h>
55 #include <net/snmp.h>
56
57 #include <net/ipv6.h>
58 #include <net/protocol.h>
59 #include <net/ndisc.h>
60 #include <net/ip6_route.h>
61 #include <net/addrconf.h>
62 #include <net/icmp.h>
63
64 #include <net/netlink.h>
65 #include <linux/rtnetlink.h>
66
67 #include <net/flow.h>
68 #include <net/ip6_checksum.h>
69 #include <net/inet_common.h>
70 #include <linux/proc_fs.h>
71
72 #include <linux/netfilter.h>
73 #include <linux/netfilter_ipv6.h>
74
75 /* Set to 3 to get tracing... */
76 #define ND_DEBUG 1
77
78 #define ND_PRINTK(val, level, fmt, ...) \
79 do { \
80 if (val <= ND_DEBUG) \
81 net_##level##_ratelimited(fmt, ##__VA_ARGS__); \
82 } while (0)
83
84 static u32 ndisc_hash(const void *pkey,
85 const struct net_device *dev,
86 __u32 *hash_rnd);
87 static int ndisc_constructor(struct neighbour *neigh);
88 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
89 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
90 static int pndisc_constructor(struct pneigh_entry *n);
91 static void pndisc_destructor(struct pneigh_entry *n);
92 static void pndisc_redo(struct sk_buff *skb);
93
94 static const struct neigh_ops ndisc_generic_ops = {
95 .family = AF_INET6,
96 .solicit = ndisc_solicit,
97 .error_report = ndisc_error_report,
98 .output = neigh_resolve_output,
99 .connected_output = neigh_connected_output,
100 };
101
102 static const struct neigh_ops ndisc_hh_ops = {
103 .family = AF_INET6,
104 .solicit = ndisc_solicit,
105 .error_report = ndisc_error_report,
106 .output = neigh_resolve_output,
107 .connected_output = neigh_resolve_output,
108 };
109
110
111 static const struct neigh_ops ndisc_direct_ops = {
112 .family = AF_INET6,
113 .output = neigh_direct_output,
114 .connected_output = neigh_direct_output,
115 };
116
117 struct neigh_table nd_tbl = {
118 .family = AF_INET6,
119 .key_len = sizeof(struct in6_addr),
120 .hash = ndisc_hash,
121 .constructor = ndisc_constructor,
122 .pconstructor = pndisc_constructor,
123 .pdestructor = pndisc_destructor,
124 .proxy_redo = pndisc_redo,
125 .id = "ndisc_cache",
126 .parms = {
127 .tbl = &nd_tbl,
128 .base_reachable_time = ND_REACHABLE_TIME,
129 .retrans_time = ND_RETRANS_TIMER,
130 .gc_staletime = 60 * HZ,
131 .reachable_time = ND_REACHABLE_TIME,
132 .delay_probe_time = 5 * HZ,
133 .queue_len_bytes = 64*1024,
134 .ucast_probes = 3,
135 .mcast_probes = 3,
136 .anycast_delay = 1 * HZ,
137 .proxy_delay = (8 * HZ) / 10,
138 .proxy_qlen = 64,
139 },
140 .gc_interval = 30 * HZ,
141 .gc_thresh1 = 128,
142 .gc_thresh2 = 512,
143 .gc_thresh3 = 1024,
144 };
145
146 static void ndisc_fill_addr_option(struct sk_buff *skb, int type, void *data)
147 {
148 int pad = ndisc_addr_option_pad(skb->dev->type);
149 int data_len = skb->dev->addr_len;
150 int space = ndisc_opt_addr_space(skb->dev);
151 u8 *opt = skb_put(skb, space);
152
153 opt[0] = type;
154 opt[1] = space>>3;
155
156 memset(opt + 2, 0, pad);
157 opt += pad;
158 space -= pad;
159
160 memcpy(opt+2, data, data_len);
161 data_len += 2;
162 opt += data_len;
163 if ((space -= data_len) > 0)
164 memset(opt, 0, space);
165 }
166
167 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
168 struct nd_opt_hdr *end)
169 {
170 int type;
171 if (!cur || !end || cur >= end)
172 return NULL;
173 type = cur->nd_opt_type;
174 do {
175 cur = ((void *)cur) + (cur->nd_opt_len << 3);
176 } while(cur < end && cur->nd_opt_type != type);
177 return cur <= end && cur->nd_opt_type == type ? cur : NULL;
178 }
179
180 static inline int ndisc_is_useropt(struct nd_opt_hdr *opt)
181 {
182 return opt->nd_opt_type == ND_OPT_RDNSS ||
183 opt->nd_opt_type == ND_OPT_DNSSL;
184 }
185
186 static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur,
187 struct nd_opt_hdr *end)
188 {
189 if (!cur || !end || cur >= end)
190 return NULL;
191 do {
192 cur = ((void *)cur) + (cur->nd_opt_len << 3);
193 } while(cur < end && !ndisc_is_useropt(cur));
194 return cur <= end && ndisc_is_useropt(cur) ? cur : NULL;
195 }
196
197 struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
198 struct ndisc_options *ndopts)
199 {
200 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
201
202 if (!nd_opt || opt_len < 0 || !ndopts)
203 return NULL;
204 memset(ndopts, 0, sizeof(*ndopts));
205 while (opt_len) {
206 int l;
207 if (opt_len < sizeof(struct nd_opt_hdr))
208 return NULL;
209 l = nd_opt->nd_opt_len << 3;
210 if (opt_len < l || l == 0)
211 return NULL;
212 switch (nd_opt->nd_opt_type) {
213 case ND_OPT_SOURCE_LL_ADDR:
214 case ND_OPT_TARGET_LL_ADDR:
215 case ND_OPT_MTU:
216 case ND_OPT_REDIRECT_HDR:
217 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
218 ND_PRINTK(2, warn,
219 "%s: duplicated ND6 option found: type=%d\n",
220 __func__, nd_opt->nd_opt_type);
221 } else {
222 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
223 }
224 break;
225 case ND_OPT_PREFIX_INFO:
226 ndopts->nd_opts_pi_end = nd_opt;
227 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
228 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
229 break;
230 #ifdef CONFIG_IPV6_ROUTE_INFO
231 case ND_OPT_ROUTE_INFO:
232 ndopts->nd_opts_ri_end = nd_opt;
233 if (!ndopts->nd_opts_ri)
234 ndopts->nd_opts_ri = nd_opt;
235 break;
236 #endif
237 default:
238 if (ndisc_is_useropt(nd_opt)) {
239 ndopts->nd_useropts_end = nd_opt;
240 if (!ndopts->nd_useropts)
241 ndopts->nd_useropts = nd_opt;
242 } else {
243 /*
244 * Unknown options must be silently ignored,
245 * to accommodate future extension to the
246 * protocol.
247 */
248 ND_PRINTK(2, notice,
249 "%s: ignored unsupported option; type=%d, len=%d\n",
250 __func__,
251 nd_opt->nd_opt_type,
252 nd_opt->nd_opt_len);
253 }
254 }
255 opt_len -= l;
256 nd_opt = ((void *)nd_opt) + l;
257 }
258 return ndopts;
259 }
260
261 int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
262 {
263 switch (dev->type) {
264 case ARPHRD_ETHER:
265 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */
266 case ARPHRD_FDDI:
267 ipv6_eth_mc_map(addr, buf);
268 return 0;
269 case ARPHRD_ARCNET:
270 ipv6_arcnet_mc_map(addr, buf);
271 return 0;
272 case ARPHRD_INFINIBAND:
273 ipv6_ib_mc_map(addr, dev->broadcast, buf);
274 return 0;
275 case ARPHRD_IPGRE:
276 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
277 default:
278 if (dir) {
279 memcpy(buf, dev->broadcast, dev->addr_len);
280 return 0;
281 }
282 }
283 return -EINVAL;
284 }
285
286 EXPORT_SYMBOL(ndisc_mc_map);
287
288 static u32 ndisc_hash(const void *pkey,
289 const struct net_device *dev,
290 __u32 *hash_rnd)
291 {
292 return ndisc_hashfn(pkey, dev, hash_rnd);
293 }
294
295 static int ndisc_constructor(struct neighbour *neigh)
296 {
297 struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key;
298 struct net_device *dev = neigh->dev;
299 struct inet6_dev *in6_dev;
300 struct neigh_parms *parms;
301 bool is_multicast = ipv6_addr_is_multicast(addr);
302
303 in6_dev = in6_dev_get(dev);
304 if (in6_dev == NULL) {
305 return -EINVAL;
306 }
307
308 parms = in6_dev->nd_parms;
309 __neigh_parms_put(neigh->parms);
310 neigh->parms = neigh_parms_clone(parms);
311
312 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
313 if (!dev->header_ops) {
314 neigh->nud_state = NUD_NOARP;
315 neigh->ops = &ndisc_direct_ops;
316 neigh->output = neigh_direct_output;
317 } else {
318 if (is_multicast) {
319 neigh->nud_state = NUD_NOARP;
320 ndisc_mc_map(addr, neigh->ha, dev, 1);
321 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
322 neigh->nud_state = NUD_NOARP;
323 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
324 if (dev->flags&IFF_LOOPBACK)
325 neigh->type = RTN_LOCAL;
326 } else if (dev->flags&IFF_POINTOPOINT) {
327 neigh->nud_state = NUD_NOARP;
328 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
329 }
330 if (dev->header_ops->cache)
331 neigh->ops = &ndisc_hh_ops;
332 else
333 neigh->ops = &ndisc_generic_ops;
334 if (neigh->nud_state&NUD_VALID)
335 neigh->output = neigh->ops->connected_output;
336 else
337 neigh->output = neigh->ops->output;
338 }
339 in6_dev_put(in6_dev);
340 return 0;
341 }
342
343 static int pndisc_constructor(struct pneigh_entry *n)
344 {
345 struct in6_addr *addr = (struct in6_addr*)&n->key;
346 struct in6_addr maddr;
347 struct net_device *dev = n->dev;
348
349 if (dev == NULL || __in6_dev_get(dev) == NULL)
350 return -EINVAL;
351 addrconf_addr_solict_mult(addr, &maddr);
352 ipv6_dev_mc_inc(dev, &maddr);
353 return 0;
354 }
355
356 static void pndisc_destructor(struct pneigh_entry *n)
357 {
358 struct in6_addr *addr = (struct in6_addr*)&n->key;
359 struct in6_addr maddr;
360 struct net_device *dev = n->dev;
361
362 if (dev == NULL || __in6_dev_get(dev) == NULL)
363 return;
364 addrconf_addr_solict_mult(addr, &maddr);
365 ipv6_dev_mc_dec(dev, &maddr);
366 }
367
368 static struct sk_buff *ndisc_alloc_skb(struct net_device *dev,
369 int len)
370 {
371 int hlen = LL_RESERVED_SPACE(dev);
372 int tlen = dev->needed_tailroom;
373 struct sock *sk = dev_net(dev)->ipv6.ndisc_sk;
374 struct sk_buff *skb;
375
376 skb = alloc_skb(hlen + sizeof(struct ipv6hdr) + len + tlen, GFP_ATOMIC);
377 if (!skb) {
378 ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb\n",
379 __func__);
380 return NULL;
381 }
382
383 skb->protocol = htons(ETH_P_IPV6);
384 skb->dev = dev;
385
386 skb_reserve(skb, hlen + sizeof(struct ipv6hdr));
387 skb_reset_transport_header(skb);
388
389 /* Manually assign socket ownership as we avoid calling
390 * sock_alloc_send_pskb() to bypass wmem buffer limits
391 */
392 skb_set_owner_w(skb, sk);
393
394 return skb;
395 }
396
397 static void ip6_nd_hdr(struct sk_buff *skb,
398 const struct in6_addr *saddr,
399 const struct in6_addr *daddr,
400 int hop_limit, int len)
401 {
402 struct ipv6hdr *hdr;
403
404 skb_push(skb, sizeof(*hdr));
405 skb_reset_network_header(skb);
406 hdr = ipv6_hdr(skb);
407
408 ip6_flow_hdr(hdr, 0, 0);
409
410 hdr->payload_len = htons(len);
411 hdr->nexthdr = IPPROTO_ICMPV6;
412 hdr->hop_limit = hop_limit;
413
414 hdr->saddr = *saddr;
415 hdr->daddr = *daddr;
416 }
417
418 static void ndisc_send_skb(struct sk_buff *skb,
419 const struct in6_addr *daddr,
420 const struct in6_addr *saddr)
421 {
422 struct dst_entry *dst = skb_dst(skb);
423 struct net *net = dev_net(skb->dev);
424 struct sock *sk = net->ipv6.ndisc_sk;
425 struct inet6_dev *idev;
426 int err;
427 struct icmp6hdr *icmp6h = icmp6_hdr(skb);
428 u8 type;
429
430 type = icmp6h->icmp6_type;
431
432 if (!dst) {
433 struct sock *sk = net->ipv6.ndisc_sk;
434 struct flowi6 fl6;
435
436 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, skb->dev->ifindex);
437 dst = icmp6_dst_alloc(skb->dev, &fl6);
438 if (IS_ERR(dst)) {
439 kfree_skb(skb);
440 return;
441 }
442
443 skb_dst_set(skb, dst);
444 }
445
446 icmp6h->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len,
447 IPPROTO_ICMPV6,
448 csum_partial(icmp6h,
449 skb->len, 0));
450
451 ip6_nd_hdr(skb, saddr, daddr, inet6_sk(sk)->hop_limit, skb->len);
452
453 rcu_read_lock();
454 idev = __in6_dev_get(dst->dev);
455 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
456
457 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev,
458 dst_output);
459 if (!err) {
460 ICMP6MSGOUT_INC_STATS(net, idev, type);
461 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
462 }
463
464 rcu_read_unlock();
465 }
466
467 static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
468 const struct in6_addr *daddr,
469 const struct in6_addr *solicited_addr,
470 bool router, bool solicited, bool override, bool inc_opt)
471 {
472 struct sk_buff *skb;
473 struct in6_addr tmpaddr;
474 struct inet6_ifaddr *ifp;
475 const struct in6_addr *src_addr;
476 struct nd_msg *msg;
477 int optlen = 0;
478
479 /* for anycast or proxy, solicited_addr != src_addr */
480 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
481 if (ifp) {
482 src_addr = solicited_addr;
483 if (ifp->flags & IFA_F_OPTIMISTIC)
484 override = 0;
485 inc_opt |= ifp->idev->cnf.force_tllao;
486 in6_ifa_put(ifp);
487 } else {
488 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
489 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
490 &tmpaddr))
491 return;
492 src_addr = &tmpaddr;
493 }
494
495 if (!dev->addr_len)
496 inc_opt = 0;
497 if (inc_opt)
498 optlen += ndisc_opt_addr_space(dev);
499
500 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
501 if (!skb)
502 return;
503
504 msg = (struct nd_msg *)skb_put(skb, sizeof(*msg));
505 *msg = (struct nd_msg) {
506 .icmph = {
507 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
508 .icmp6_router = router,
509 .icmp6_solicited = solicited,
510 .icmp6_override = override,
511 },
512 .target = *solicited_addr,
513 };
514
515 if (inc_opt)
516 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR,
517 dev->dev_addr);
518
519
520 ndisc_send_skb(skb, daddr, src_addr);
521 }
522
523 static void ndisc_send_unsol_na(struct net_device *dev)
524 {
525 struct inet6_dev *idev;
526 struct inet6_ifaddr *ifa;
527
528 idev = in6_dev_get(dev);
529 if (!idev)
530 return;
531
532 read_lock_bh(&idev->lock);
533 list_for_each_entry(ifa, &idev->addr_list, if_list) {
534 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &ifa->addr,
535 /*router=*/ !!idev->cnf.forwarding,
536 /*solicited=*/ false, /*override=*/ true,
537 /*inc_opt=*/ true);
538 }
539 read_unlock_bh(&idev->lock);
540
541 in6_dev_put(idev);
542 }
543
544 void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh,
545 const struct in6_addr *solicit,
546 const struct in6_addr *daddr, const struct in6_addr *saddr)
547 {
548 struct sk_buff *skb;
549 struct in6_addr addr_buf;
550 int inc_opt = dev->addr_len;
551 int optlen = 0;
552 struct nd_msg *msg;
553
554 if (saddr == NULL) {
555 if (ipv6_get_lladdr(dev, &addr_buf,
556 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
557 return;
558 saddr = &addr_buf;
559 }
560
561 if (ipv6_addr_any(saddr))
562 inc_opt = 0;
563 if (inc_opt)
564 optlen += ndisc_opt_addr_space(dev);
565
566 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
567 if (!skb)
568 return;
569
570 msg = (struct nd_msg *)skb_put(skb, sizeof(*msg));
571 *msg = (struct nd_msg) {
572 .icmph = {
573 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
574 },
575 .target = *solicit,
576 };
577
578 if (inc_opt)
579 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
580 dev->dev_addr);
581
582 ndisc_send_skb(skb, daddr, saddr);
583 }
584
585 void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
586 const struct in6_addr *daddr)
587 {
588 struct sk_buff *skb;
589 struct rs_msg *msg;
590 int send_sllao = dev->addr_len;
591 int optlen = 0;
592
593 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
594 /*
595 * According to section 2.2 of RFC 4429, we must not
596 * send router solicitations with a sllao from
597 * optimistic addresses, but we may send the solicitation
598 * if we don't include the sllao. So here we check
599 * if our address is optimistic, and if so, we
600 * suppress the inclusion of the sllao.
601 */
602 if (send_sllao) {
603 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
604 dev, 1);
605 if (ifp) {
606 if (ifp->flags & IFA_F_OPTIMISTIC) {
607 send_sllao = 0;
608 }
609 in6_ifa_put(ifp);
610 } else {
611 send_sllao = 0;
612 }
613 }
614 #endif
615 if (send_sllao)
616 optlen += ndisc_opt_addr_space(dev);
617
618 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
619 if (!skb)
620 return;
621
622 msg = (struct rs_msg *)skb_put(skb, sizeof(*msg));
623 *msg = (struct rs_msg) {
624 .icmph = {
625 .icmp6_type = NDISC_ROUTER_SOLICITATION,
626 },
627 };
628
629 if (send_sllao)
630 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
631 dev->dev_addr);
632
633 ndisc_send_skb(skb, daddr, saddr);
634 }
635
636
637 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
638 {
639 /*
640 * "The sender MUST return an ICMP
641 * destination unreachable"
642 */
643 dst_link_failure(skb);
644 kfree_skb(skb);
645 }
646
647 /* Called with locked neigh: either read or both */
648
649 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
650 {
651 struct in6_addr *saddr = NULL;
652 struct in6_addr mcaddr;
653 struct net_device *dev = neigh->dev;
654 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
655 int probes = atomic_read(&neigh->probes);
656
657 if (skb && ipv6_chk_addr(dev_net(dev), &ipv6_hdr(skb)->saddr, dev, 1))
658 saddr = &ipv6_hdr(skb)->saddr;
659
660 if ((probes -= neigh->parms->ucast_probes) < 0) {
661 if (!(neigh->nud_state & NUD_VALID)) {
662 ND_PRINTK(1, dbg,
663 "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
664 __func__, target);
665 }
666 ndisc_send_ns(dev, neigh, target, target, saddr);
667 } else if ((probes -= neigh->parms->app_probes) < 0) {
668 #ifdef CONFIG_ARPD
669 neigh_app_ns(neigh);
670 #endif
671 } else {
672 addrconf_addr_solict_mult(target, &mcaddr);
673 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr);
674 }
675 }
676
677 static int pndisc_is_router(const void *pkey,
678 struct net_device *dev)
679 {
680 struct pneigh_entry *n;
681 int ret = -1;
682
683 read_lock_bh(&nd_tbl.lock);
684 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
685 if (n)
686 ret = !!(n->flags & NTF_ROUTER);
687 read_unlock_bh(&nd_tbl.lock);
688
689 return ret;
690 }
691
692 static void ndisc_recv_ns(struct sk_buff *skb)
693 {
694 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
695 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
696 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
697 u8 *lladdr = NULL;
698 u32 ndoptlen = skb->tail - (skb->transport_header +
699 offsetof(struct nd_msg, opt));
700 struct ndisc_options ndopts;
701 struct net_device *dev = skb->dev;
702 struct inet6_ifaddr *ifp;
703 struct inet6_dev *idev = NULL;
704 struct neighbour *neigh;
705 int dad = ipv6_addr_any(saddr);
706 bool inc;
707 int is_router = -1;
708
709 if (skb->len < sizeof(struct nd_msg)) {
710 ND_PRINTK(2, warn, "NS: packet too short\n");
711 return;
712 }
713
714 if (ipv6_addr_is_multicast(&msg->target)) {
715 ND_PRINTK(2, warn, "NS: multicast target address\n");
716 return;
717 }
718
719 /*
720 * RFC2461 7.1.1:
721 * DAD has to be destined for solicited node multicast address.
722 */
723 if (dad && !ipv6_addr_is_solict_mult(daddr)) {
724 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
725 return;
726 }
727
728 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
729 ND_PRINTK(2, warn, "NS: invalid ND options\n");
730 return;
731 }
732
733 if (ndopts.nd_opts_src_lladdr) {
734 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
735 if (!lladdr) {
736 ND_PRINTK(2, warn,
737 "NS: invalid link-layer address length\n");
738 return;
739 }
740
741 /* RFC2461 7.1.1:
742 * If the IP source address is the unspecified address,
743 * there MUST NOT be source link-layer address option
744 * in the message.
745 */
746 if (dad) {
747 ND_PRINTK(2, warn,
748 "NS: bad DAD packet (link-layer address option)\n");
749 return;
750 }
751 }
752
753 inc = ipv6_addr_is_multicast(daddr);
754
755 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
756 if (ifp) {
757
758 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
759 if (dad) {
760 /*
761 * We are colliding with another node
762 * who is doing DAD
763 * so fail our DAD process
764 */
765 addrconf_dad_failure(ifp);
766 return;
767 } else {
768 /*
769 * This is not a dad solicitation.
770 * If we are an optimistic node,
771 * we should respond.
772 * Otherwise, we should ignore it.
773 */
774 if (!(ifp->flags & IFA_F_OPTIMISTIC))
775 goto out;
776 }
777 }
778
779 idev = ifp->idev;
780 } else {
781 struct net *net = dev_net(dev);
782
783 idev = in6_dev_get(dev);
784 if (!idev) {
785 /* XXX: count this drop? */
786 return;
787 }
788
789 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
790 (idev->cnf.forwarding &&
791 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
792 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
793 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
794 skb->pkt_type != PACKET_HOST &&
795 inc != 0 &&
796 idev->nd_parms->proxy_delay != 0) {
797 /*
798 * for anycast or proxy,
799 * sender should delay its response
800 * by a random time between 0 and
801 * MAX_ANYCAST_DELAY_TIME seconds.
802 * (RFC2461) -- yoshfuji
803 */
804 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
805 if (n)
806 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
807 goto out;
808 }
809 } else
810 goto out;
811 }
812
813 if (is_router < 0)
814 is_router = idev->cnf.forwarding;
815
816 if (dad) {
817 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &msg->target,
818 !!is_router, false, (ifp != NULL), true);
819 goto out;
820 }
821
822 if (inc)
823 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
824 else
825 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
826
827 /*
828 * update / create cache entry
829 * for the source address
830 */
831 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
832 !inc || lladdr || !dev->addr_len);
833 if (neigh)
834 neigh_update(neigh, lladdr, NUD_STALE,
835 NEIGH_UPDATE_F_WEAK_OVERRIDE|
836 NEIGH_UPDATE_F_OVERRIDE);
837 if (neigh || !dev->header_ops) {
838 ndisc_send_na(dev, neigh, saddr, &msg->target,
839 !!is_router,
840 true, (ifp != NULL && inc), inc);
841 if (neigh)
842 neigh_release(neigh);
843 }
844
845 out:
846 if (ifp)
847 in6_ifa_put(ifp);
848 else
849 in6_dev_put(idev);
850 }
851
852 static void ndisc_recv_na(struct sk_buff *skb)
853 {
854 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
855 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
856 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
857 u8 *lladdr = NULL;
858 u32 ndoptlen = skb->tail - (skb->transport_header +
859 offsetof(struct nd_msg, opt));
860 struct ndisc_options ndopts;
861 struct net_device *dev = skb->dev;
862 struct inet6_ifaddr *ifp;
863 struct neighbour *neigh;
864
865 if (skb->len < sizeof(struct nd_msg)) {
866 ND_PRINTK(2, warn, "NA: packet too short\n");
867 return;
868 }
869
870 if (ipv6_addr_is_multicast(&msg->target)) {
871 ND_PRINTK(2, warn, "NA: target address is multicast\n");
872 return;
873 }
874
875 if (ipv6_addr_is_multicast(daddr) &&
876 msg->icmph.icmp6_solicited) {
877 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
878 return;
879 }
880
881 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
882 ND_PRINTK(2, warn, "NS: invalid ND option\n");
883 return;
884 }
885 if (ndopts.nd_opts_tgt_lladdr) {
886 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
887 if (!lladdr) {
888 ND_PRINTK(2, warn,
889 "NA: invalid link-layer address length\n");
890 return;
891 }
892 }
893 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
894 if (ifp) {
895 if (skb->pkt_type != PACKET_LOOPBACK
896 && (ifp->flags & IFA_F_TENTATIVE)) {
897 addrconf_dad_failure(ifp);
898 return;
899 }
900 /* What should we make now? The advertisement
901 is invalid, but ndisc specs say nothing
902 about it. It could be misconfiguration, or
903 an smart proxy agent tries to help us :-)
904
905 We should not print the error if NA has been
906 received from loopback - it is just our own
907 unsolicited advertisement.
908 */
909 if (skb->pkt_type != PACKET_LOOPBACK)
910 ND_PRINTK(1, warn,
911 "NA: someone advertises our address %pI6 on %s!\n",
912 &ifp->addr, ifp->idev->dev->name);
913 in6_ifa_put(ifp);
914 return;
915 }
916 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
917
918 if (neigh) {
919 u8 old_flags = neigh->flags;
920 struct net *net = dev_net(dev);
921
922 if (neigh->nud_state & NUD_FAILED)
923 goto out;
924
925 /*
926 * Don't update the neighbor cache entry on a proxy NA from
927 * ourselves because either the proxied node is off link or it
928 * has already sent a NA to us.
929 */
930 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
931 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
932 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
933 /* XXX: idev->cnf.proxy_ndp */
934 goto out;
935 }
936
937 neigh_update(neigh, lladdr,
938 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
939 NEIGH_UPDATE_F_WEAK_OVERRIDE|
940 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
941 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
942 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0));
943
944 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
945 /*
946 * Change: router to host
947 */
948 struct rt6_info *rt;
949 rt = rt6_get_dflt_router(saddr, dev);
950 if (rt)
951 ip6_del_rt(rt);
952 }
953
954 out:
955 neigh_release(neigh);
956 }
957 }
958
959 static void ndisc_recv_rs(struct sk_buff *skb)
960 {
961 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
962 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
963 struct neighbour *neigh;
964 struct inet6_dev *idev;
965 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
966 struct ndisc_options ndopts;
967 u8 *lladdr = NULL;
968
969 if (skb->len < sizeof(*rs_msg))
970 return;
971
972 idev = __in6_dev_get(skb->dev);
973 if (!idev) {
974 ND_PRINTK(1, err, "RS: can't find in6 device\n");
975 return;
976 }
977
978 /* Don't accept RS if we're not in router mode */
979 if (!idev->cnf.forwarding)
980 goto out;
981
982 /*
983 * Don't update NCE if src = ::;
984 * this implies that the source node has no ip address assigned yet.
985 */
986 if (ipv6_addr_any(saddr))
987 goto out;
988
989 /* Parse ND options */
990 if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) {
991 ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n");
992 goto out;
993 }
994
995 if (ndopts.nd_opts_src_lladdr) {
996 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
997 skb->dev);
998 if (!lladdr)
999 goto out;
1000 }
1001
1002 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1003 if (neigh) {
1004 neigh_update(neigh, lladdr, NUD_STALE,
1005 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1006 NEIGH_UPDATE_F_OVERRIDE|
1007 NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
1008 neigh_release(neigh);
1009 }
1010 out:
1011 return;
1012 }
1013
1014 static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1015 {
1016 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1017 struct sk_buff *skb;
1018 struct nlmsghdr *nlh;
1019 struct nduseroptmsg *ndmsg;
1020 struct net *net = dev_net(ra->dev);
1021 int err;
1022 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1023 + (opt->nd_opt_len << 3));
1024 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1025
1026 skb = nlmsg_new(msg_size, GFP_ATOMIC);
1027 if (skb == NULL) {
1028 err = -ENOBUFS;
1029 goto errout;
1030 }
1031
1032 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1033 if (nlh == NULL) {
1034 goto nla_put_failure;
1035 }
1036
1037 ndmsg = nlmsg_data(nlh);
1038 ndmsg->nduseropt_family = AF_INET6;
1039 ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1040 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1041 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1042 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1043
1044 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1045
1046 if (nla_put(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr),
1047 &ipv6_hdr(ra)->saddr))
1048 goto nla_put_failure;
1049 nlmsg_end(skb, nlh);
1050
1051 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1052 return;
1053
1054 nla_put_failure:
1055 nlmsg_free(skb);
1056 err = -EMSGSIZE;
1057 errout:
1058 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1059 }
1060
1061 static void ndisc_router_discovery(struct sk_buff *skb)
1062 {
1063 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1064 struct neighbour *neigh = NULL;
1065 struct inet6_dev *in6_dev;
1066 struct rt6_info *rt = NULL;
1067 int lifetime;
1068 struct ndisc_options ndopts;
1069 int optlen;
1070 unsigned int pref = 0;
1071
1072 __u8 * opt = (__u8 *)(ra_msg + 1);
1073
1074 optlen = (skb->tail - skb->transport_header) - sizeof(struct ra_msg);
1075
1076 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1077 ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1078 return;
1079 }
1080 if (optlen < 0) {
1081 ND_PRINTK(2, warn, "RA: packet too short\n");
1082 return;
1083 }
1084
1085 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1086 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1087 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
1088 return;
1089 }
1090 #endif
1091
1092 /*
1093 * set the RA_RECV flag in the interface
1094 */
1095
1096 in6_dev = __in6_dev_get(skb->dev);
1097 if (in6_dev == NULL) {
1098 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1099 skb->dev->name);
1100 return;
1101 }
1102
1103 if (!ndisc_parse_options(opt, optlen, &ndopts)) {
1104 ND_PRINTK(2, warn, "RA: invalid ND options\n");
1105 return;
1106 }
1107
1108 if (!ipv6_accept_ra(in6_dev))
1109 goto skip_linkparms;
1110
1111 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1112 /* skip link-specific parameters from interior routers */
1113 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1114 goto skip_linkparms;
1115 #endif
1116
1117 if (in6_dev->if_flags & IF_RS_SENT) {
1118 /*
1119 * flag that an RA was received after an RS was sent
1120 * out on this interface.
1121 */
1122 in6_dev->if_flags |= IF_RA_RCVD;
1123 }
1124
1125 /*
1126 * Remember the managed/otherconf flags from most recently
1127 * received RA message (RFC 2462) -- yoshfuji
1128 */
1129 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1130 IF_RA_OTHERCONF)) |
1131 (ra_msg->icmph.icmp6_addrconf_managed ?
1132 IF_RA_MANAGED : 0) |
1133 (ra_msg->icmph.icmp6_addrconf_other ?
1134 IF_RA_OTHERCONF : 0);
1135
1136 if (!in6_dev->cnf.accept_ra_defrtr)
1137 goto skip_defrtr;
1138
1139 if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0))
1140 goto skip_defrtr;
1141
1142 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1143
1144 #ifdef CONFIG_IPV6_ROUTER_PREF
1145 pref = ra_msg->icmph.icmp6_router_pref;
1146 /* 10b is handled as if it were 00b (medium) */
1147 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1148 !in6_dev->cnf.accept_ra_rtr_pref)
1149 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1150 #endif
1151
1152 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1153
1154 if (rt) {
1155 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1156 if (!neigh) {
1157 ND_PRINTK(0, err,
1158 "RA: %s got default router without neighbour\n",
1159 __func__);
1160 ip6_rt_put(rt);
1161 return;
1162 }
1163 }
1164 if (rt && lifetime == 0) {
1165 ip6_del_rt(rt);
1166 rt = NULL;
1167 }
1168
1169 if (rt == NULL && lifetime) {
1170 ND_PRINTK(3, dbg, "RA: adding default router\n");
1171
1172 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
1173 if (rt == NULL) {
1174 ND_PRINTK(0, err,
1175 "RA: %s failed to add default route\n",
1176 __func__);
1177 return;
1178 }
1179
1180 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1181 if (neigh == NULL) {
1182 ND_PRINTK(0, err,
1183 "RA: %s got default router without neighbour\n",
1184 __func__);
1185 ip6_rt_put(rt);
1186 return;
1187 }
1188 neigh->flags |= NTF_ROUTER;
1189 } else if (rt) {
1190 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1191 }
1192
1193 if (rt)
1194 rt6_set_expires(rt, jiffies + (HZ * lifetime));
1195 if (ra_msg->icmph.icmp6_hop_limit) {
1196 /* Only set hop_limit on the interface if it is higher than
1197 * the current hop_limit.
1198 */
1199 if (in6_dev->cnf.hop_limit < ra_msg->icmph.icmp6_hop_limit) {
1200 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1201 } else {
1202 ND_PRINTK(2, warn, "RA: Got route advertisement with lower hop_limit than current\n");
1203 }
1204 if (rt)
1205 dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
1206 ra_msg->icmph.icmp6_hop_limit);
1207 }
1208
1209 skip_defrtr:
1210
1211 /*
1212 * Update Reachable Time and Retrans Timer
1213 */
1214
1215 if (in6_dev->nd_parms) {
1216 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1217
1218 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1219 rtime = (rtime*HZ)/1000;
1220 if (rtime < HZ/10)
1221 rtime = HZ/10;
1222 in6_dev->nd_parms->retrans_time = rtime;
1223 in6_dev->tstamp = jiffies;
1224 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1225 }
1226
1227 rtime = ntohl(ra_msg->reachable_time);
1228 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1229 rtime = (rtime*HZ)/1000;
1230
1231 if (rtime < HZ/10)
1232 rtime = HZ/10;
1233
1234 if (rtime != in6_dev->nd_parms->base_reachable_time) {
1235 in6_dev->nd_parms->base_reachable_time = rtime;
1236 in6_dev->nd_parms->gc_staletime = 3 * rtime;
1237 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1238 in6_dev->tstamp = jiffies;
1239 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1240 }
1241 }
1242 }
1243
1244 skip_linkparms:
1245
1246 /*
1247 * Process options.
1248 */
1249
1250 if (!neigh)
1251 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1252 skb->dev, 1);
1253 if (neigh) {
1254 u8 *lladdr = NULL;
1255 if (ndopts.nd_opts_src_lladdr) {
1256 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1257 skb->dev);
1258 if (!lladdr) {
1259 ND_PRINTK(2, warn,
1260 "RA: invalid link-layer address length\n");
1261 goto out;
1262 }
1263 }
1264 neigh_update(neigh, lladdr, NUD_STALE,
1265 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1266 NEIGH_UPDATE_F_OVERRIDE|
1267 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1268 NEIGH_UPDATE_F_ISROUTER);
1269 }
1270
1271 if (!ipv6_accept_ra(in6_dev))
1272 goto out;
1273
1274 #ifdef CONFIG_IPV6_ROUTE_INFO
1275 if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0))
1276 goto skip_routeinfo;
1277
1278 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1279 struct nd_opt_hdr *p;
1280 for (p = ndopts.nd_opts_ri;
1281 p;
1282 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1283 struct route_info *ri = (struct route_info *)p;
1284 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1285 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1286 ri->prefix_len == 0)
1287 continue;
1288 #endif
1289 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1290 continue;
1291 rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3,
1292 &ipv6_hdr(skb)->saddr);
1293 }
1294 }
1295
1296 skip_routeinfo:
1297 #endif
1298
1299 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1300 /* skip link-specific ndopts from interior routers */
1301 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1302 goto out;
1303 #endif
1304
1305 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1306 struct nd_opt_hdr *p;
1307 for (p = ndopts.nd_opts_pi;
1308 p;
1309 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1310 addrconf_prefix_rcv(skb->dev, (u8 *)p,
1311 (p->nd_opt_len) << 3,
1312 ndopts.nd_opts_src_lladdr != NULL);
1313 }
1314 }
1315
1316 if (ndopts.nd_opts_mtu) {
1317 __be32 n;
1318 u32 mtu;
1319
1320 memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1321 mtu = ntohl(n);
1322
1323 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1324 ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1325 } else if (in6_dev->cnf.mtu6 != mtu) {
1326 in6_dev->cnf.mtu6 = mtu;
1327
1328 if (rt)
1329 dst_metric_set(&rt->dst, RTAX_MTU, mtu);
1330
1331 rt6_mtu_change(skb->dev, mtu);
1332 }
1333 }
1334
1335 if (ndopts.nd_useropts) {
1336 struct nd_opt_hdr *p;
1337 for (p = ndopts.nd_useropts;
1338 p;
1339 p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) {
1340 ndisc_ra_useropt(skb, p);
1341 }
1342 }
1343
1344 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1345 ND_PRINTK(2, warn, "RA: invalid RA options\n");
1346 }
1347 out:
1348 ip6_rt_put(rt);
1349 if (neigh)
1350 neigh_release(neigh);
1351 }
1352
1353 static void ndisc_redirect_rcv(struct sk_buff *skb)
1354 {
1355 u8 *hdr;
1356 struct ndisc_options ndopts;
1357 struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb);
1358 u32 ndoptlen = skb->tail - (skb->transport_header +
1359 offsetof(struct rd_msg, opt));
1360
1361 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1362 switch (skb->ndisc_nodetype) {
1363 case NDISC_NODETYPE_HOST:
1364 case NDISC_NODETYPE_NODEFAULT:
1365 ND_PRINTK(2, warn,
1366 "Redirect: from host or unauthorized router\n");
1367 return;
1368 }
1369 #endif
1370
1371 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1372 ND_PRINTK(2, warn,
1373 "Redirect: source address is not link-local\n");
1374 return;
1375 }
1376
1377 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts))
1378 return;
1379
1380 if (!ndopts.nd_opts_rh)
1381 return;
1382
1383 hdr = (u8 *)ndopts.nd_opts_rh;
1384 hdr += 8;
1385 if (!pskb_pull(skb, hdr - skb_transport_header(skb)))
1386 return;
1387
1388 icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1389 }
1390
1391 static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb,
1392 struct sk_buff *orig_skb,
1393 int rd_len)
1394 {
1395 u8 *opt = skb_put(skb, rd_len);
1396
1397 memset(opt, 0, 8);
1398 *(opt++) = ND_OPT_REDIRECT_HDR;
1399 *(opt++) = (rd_len >> 3);
1400 opt += 6;
1401
1402 memcpy(opt, ipv6_hdr(orig_skb), rd_len - 8);
1403 }
1404
1405 void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1406 {
1407 struct net_device *dev = skb->dev;
1408 struct net *net = dev_net(dev);
1409 struct sock *sk = net->ipv6.ndisc_sk;
1410 int optlen = 0;
1411 struct inet_peer *peer;
1412 struct sk_buff *buff;
1413 struct rd_msg *msg;
1414 struct in6_addr saddr_buf;
1415 struct rt6_info *rt;
1416 struct dst_entry *dst;
1417 struct flowi6 fl6;
1418 int rd_len;
1419 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL;
1420 bool ret;
1421
1422 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1423 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1424 dev->name);
1425 return;
1426 }
1427
1428 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1429 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1430 ND_PRINTK(2, warn,
1431 "Redirect: target address is not link-local unicast\n");
1432 return;
1433 }
1434
1435 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1436 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1437
1438 dst = ip6_route_output(net, NULL, &fl6);
1439 if (dst->error) {
1440 dst_release(dst);
1441 return;
1442 }
1443 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1444 if (IS_ERR(dst))
1445 return;
1446
1447 rt = (struct rt6_info *) dst;
1448
1449 if (rt->rt6i_flags & RTF_GATEWAY) {
1450 ND_PRINTK(2, warn,
1451 "Redirect: destination is not a neighbour\n");
1452 goto release;
1453 }
1454 peer = inet_getpeer_v6(net->ipv6.peers, &rt->rt6i_dst.addr, 1);
1455 ret = inet_peer_xrlim_allow(peer, 1*HZ);
1456 if (peer)
1457 inet_putpeer(peer);
1458 if (!ret)
1459 goto release;
1460
1461 if (dev->addr_len) {
1462 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1463 if (!neigh) {
1464 ND_PRINTK(2, warn,
1465 "Redirect: no neigh for target address\n");
1466 goto release;
1467 }
1468
1469 read_lock_bh(&neigh->lock);
1470 if (neigh->nud_state & NUD_VALID) {
1471 memcpy(ha_buf, neigh->ha, dev->addr_len);
1472 read_unlock_bh(&neigh->lock);
1473 ha = ha_buf;
1474 optlen += ndisc_opt_addr_space(dev);
1475 } else
1476 read_unlock_bh(&neigh->lock);
1477
1478 neigh_release(neigh);
1479 }
1480
1481 rd_len = min_t(unsigned int,
1482 IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen,
1483 skb->len + 8);
1484 rd_len &= ~0x7;
1485 optlen += rd_len;
1486
1487 buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
1488 if (!buff)
1489 goto release;
1490
1491 msg = (struct rd_msg *)skb_put(buff, sizeof(*msg));
1492 *msg = (struct rd_msg) {
1493 .icmph = {
1494 .icmp6_type = NDISC_REDIRECT,
1495 },
1496 .target = *target,
1497 .dest = ipv6_hdr(skb)->daddr,
1498 };
1499
1500 /*
1501 * include target_address option
1502 */
1503
1504 if (ha)
1505 ndisc_fill_addr_option(buff, ND_OPT_TARGET_LL_ADDR, ha);
1506
1507 /*
1508 * build redirect option and copy skb over to the new packet.
1509 */
1510
1511 if (rd_len)
1512 ndisc_fill_redirect_hdr_option(buff, skb, rd_len);
1513
1514 skb_dst_set(buff, dst);
1515 ndisc_send_skb(buff, &ipv6_hdr(skb)->saddr, &saddr_buf);
1516 return;
1517
1518 release:
1519 dst_release(dst);
1520 }
1521
1522 static void pndisc_redo(struct sk_buff *skb)
1523 {
1524 ndisc_recv_ns(skb);
1525 kfree_skb(skb);
1526 }
1527
1528 int ndisc_rcv(struct sk_buff *skb)
1529 {
1530 struct nd_msg *msg;
1531
1532 if (skb_linearize(skb))
1533 return 0;
1534
1535 msg = (struct nd_msg *)skb_transport_header(skb);
1536
1537 __skb_push(skb, skb->data - skb_transport_header(skb));
1538
1539 if (ipv6_hdr(skb)->hop_limit != 255) {
1540 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1541 ipv6_hdr(skb)->hop_limit);
1542 return 0;
1543 }
1544
1545 if (msg->icmph.icmp6_code != 0) {
1546 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1547 msg->icmph.icmp6_code);
1548 return 0;
1549 }
1550
1551 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1552
1553 switch (msg->icmph.icmp6_type) {
1554 case NDISC_NEIGHBOUR_SOLICITATION:
1555 ndisc_recv_ns(skb);
1556 break;
1557
1558 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1559 ndisc_recv_na(skb);
1560 break;
1561
1562 case NDISC_ROUTER_SOLICITATION:
1563 ndisc_recv_rs(skb);
1564 break;
1565
1566 case NDISC_ROUTER_ADVERTISEMENT:
1567 ndisc_router_discovery(skb);
1568 break;
1569
1570 case NDISC_REDIRECT:
1571 ndisc_redirect_rcv(skb);
1572 break;
1573 }
1574
1575 return 0;
1576 }
1577
1578 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1579 {
1580 struct net_device *dev = ptr;
1581 struct net *net = dev_net(dev);
1582 struct inet6_dev *idev;
1583
1584 switch (event) {
1585 case NETDEV_CHANGEADDR:
1586 neigh_changeaddr(&nd_tbl, dev);
1587 fib6_run_gc(0, net, false);
1588 idev = in6_dev_get(dev);
1589 if (!idev)
1590 break;
1591 if (idev->cnf.ndisc_notify)
1592 ndisc_send_unsol_na(dev);
1593 in6_dev_put(idev);
1594 break;
1595 case NETDEV_DOWN:
1596 neigh_ifdown(&nd_tbl, dev);
1597 fib6_run_gc(0, net, false);
1598 break;
1599 case NETDEV_NOTIFY_PEERS:
1600 ndisc_send_unsol_na(dev);
1601 break;
1602 default:
1603 break;
1604 }
1605
1606 return NOTIFY_DONE;
1607 }
1608
1609 static struct notifier_block ndisc_netdev_notifier = {
1610 .notifier_call = ndisc_netdev_event,
1611 };
1612
1613 #ifdef CONFIG_SYSCTL
1614 static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1615 const char *func, const char *dev_name)
1616 {
1617 static char warncomm[TASK_COMM_LEN];
1618 static int warned;
1619 if (strcmp(warncomm, current->comm) && warned < 5) {
1620 strcpy(warncomm, current->comm);
1621 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1622 warncomm, func,
1623 dev_name, ctl->procname,
1624 dev_name, ctl->procname);
1625 warned++;
1626 }
1627 }
1628
1629 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
1630 {
1631 struct net_device *dev = ctl->extra1;
1632 struct inet6_dev *idev;
1633 int ret;
1634
1635 if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1636 (strcmp(ctl->procname, "base_reachable_time") == 0))
1637 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1638
1639 if (strcmp(ctl->procname, "retrans_time") == 0)
1640 ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
1641
1642 else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1643 ret = proc_dointvec_jiffies(ctl, write,
1644 buffer, lenp, ppos);
1645
1646 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1647 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1648 ret = proc_dointvec_ms_jiffies(ctl, write,
1649 buffer, lenp, ppos);
1650 else
1651 ret = -1;
1652
1653 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1654 if (ctl->data == &idev->nd_parms->base_reachable_time)
1655 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time);
1656 idev->tstamp = jiffies;
1657 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1658 in6_dev_put(idev);
1659 }
1660 return ret;
1661 }
1662
1663
1664 #endif
1665
1666 static int __net_init ndisc_net_init(struct net *net)
1667 {
1668 struct ipv6_pinfo *np;
1669 struct sock *sk;
1670 int err;
1671
1672 err = inet_ctl_sock_create(&sk, PF_INET6,
1673 SOCK_RAW, IPPROTO_ICMPV6, net);
1674 if (err < 0) {
1675 ND_PRINTK(0, err,
1676 "NDISC: Failed to initialize the control socket (err %d)\n",
1677 err);
1678 return err;
1679 }
1680
1681 net->ipv6.ndisc_sk = sk;
1682
1683 np = inet6_sk(sk);
1684 np->hop_limit = 255;
1685 /* Do not loopback ndisc messages */
1686 np->mc_loop = 0;
1687
1688 return 0;
1689 }
1690
1691 static void __net_exit ndisc_net_exit(struct net *net)
1692 {
1693 inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1694 }
1695
1696 static struct pernet_operations ndisc_net_ops = {
1697 .init = ndisc_net_init,
1698 .exit = ndisc_net_exit,
1699 };
1700
1701 int __init ndisc_init(void)
1702 {
1703 int err;
1704
1705 err = register_pernet_subsys(&ndisc_net_ops);
1706 if (err)
1707 return err;
1708 /*
1709 * Initialize the neighbour table
1710 */
1711 neigh_table_init(&nd_tbl);
1712
1713 #ifdef CONFIG_SYSCTL
1714 err = neigh_sysctl_register(NULL, &nd_tbl.parms, "ipv6",
1715 &ndisc_ifinfo_sysctl_change);
1716 if (err)
1717 goto out_unregister_pernet;
1718 #endif
1719 out:
1720 return err;
1721
1722 #ifdef CONFIG_SYSCTL
1723 out_unregister_pernet:
1724 unregister_pernet_subsys(&ndisc_net_ops);
1725 goto out;
1726 #endif
1727 }
1728
1729 int __init ndisc_late_init(void)
1730 {
1731 return register_netdevice_notifier(&ndisc_netdev_notifier);
1732 }
1733
1734 void ndisc_late_cleanup(void)
1735 {
1736 unregister_netdevice_notifier(&ndisc_netdev_notifier);
1737 }
1738
1739 void ndisc_cleanup(void)
1740 {
1741 #ifdef CONFIG_SYSCTL
1742 neigh_sysctl_unregister(&nd_tbl.parms);
1743 #endif
1744 neigh_table_clear(&nd_tbl);
1745 unregister_pernet_subsys(&ndisc_net_ops);
1746 }
1747
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.