~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/net/ipv6/ndisc.c

Version: ~ [ linux-5.15-rc5 ] ~ [ linux-5.14.11 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.72 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.152 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.210 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.250 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.286 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.288 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.18.140 ] ~ [ linux-3.16.85 ] ~ [ linux-3.14.79 ] ~ [ linux-3.12.74 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /*
  2  *      Neighbour Discovery for IPv6
  3  *      Linux INET6 implementation
  4  *
  5  *      Authors:
  6  *      Pedro Roque             <roque@di.fc.ul.pt>
  7  *      Mike Shaver             <shaver@ingenia.com>
  8  *
  9  *      This program is free software; you can redistribute it and/or
 10  *      modify it under the terms of the GNU General Public License
 11  *      as published by the Free Software Foundation; either version
 12  *      2 of the License, or (at your option) any later version.
 13  */
 14 
 15 /*
 16  *      Changes:
 17  *
 18  *      Alexey I. Froloff               :       RFC6106 (DNSSL) support
 19  *      Pierre Ynard                    :       export userland ND options
 20  *                                              through netlink (RDNSS support)
 21  *      Lars Fenneberg                  :       fixed MTU setting on receipt
 22  *                                              of an RA.
 23  *      Janos Farkas                    :       kmalloc failure checks
 24  *      Alexey Kuznetsov                :       state machine reworked
 25  *                                              and moved to net/core.
 26  *      Pekka Savola                    :       RFC2461 validation
 27  *      YOSHIFUJI Hideaki @USAGI        :       Verify ND options properly
 28  */
 29 
 30 #define pr_fmt(fmt) "ICMPv6: " fmt
 31 
 32 #include <linux/module.h>
 33 #include <linux/errno.h>
 34 #include <linux/types.h>
 35 #include <linux/socket.h>
 36 #include <linux/sockios.h>
 37 #include <linux/sched.h>
 38 #include <linux/net.h>
 39 #include <linux/in6.h>
 40 #include <linux/route.h>
 41 #include <linux/init.h>
 42 #include <linux/rcupdate.h>
 43 #include <linux/slab.h>
 44 #ifdef CONFIG_SYSCTL
 45 #include <linux/sysctl.h>
 46 #endif
 47 
 48 #include <linux/if_addr.h>
 49 #include <linux/if_arp.h>
 50 #include <linux/ipv6.h>
 51 #include <linux/icmpv6.h>
 52 #include <linux/jhash.h>
 53 
 54 #include <net/sock.h>
 55 #include <net/snmp.h>
 56 
 57 #include <net/ipv6.h>
 58 #include <net/protocol.h>
 59 #include <net/ndisc.h>
 60 #include <net/ip6_route.h>
 61 #include <net/addrconf.h>
 62 #include <net/icmp.h>
 63 
 64 #include <net/netlink.h>
 65 #include <linux/rtnetlink.h>
 66 
 67 #include <net/flow.h>
 68 #include <net/ip6_checksum.h>
 69 #include <net/inet_common.h>
 70 #include <linux/proc_fs.h>
 71 
 72 #include <linux/netfilter.h>
 73 #include <linux/netfilter_ipv6.h>
 74 
 75 /* Set to 3 to get tracing... */
 76 #define ND_DEBUG 1
 77 
 78 #define ND_PRINTK(val, level, fmt, ...)                         \
 79 do {                                                            \
 80         if (val <= ND_DEBUG)                                    \
 81                 net_##level##_ratelimited(fmt, ##__VA_ARGS__);  \
 82 } while (0)
 83 
 84 static u32 ndisc_hash(const void *pkey,
 85                       const struct net_device *dev,
 86                       __u32 *hash_rnd);
 87 static int ndisc_constructor(struct neighbour *neigh);
 88 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
 89 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
 90 static int pndisc_constructor(struct pneigh_entry *n);
 91 static void pndisc_destructor(struct pneigh_entry *n);
 92 static void pndisc_redo(struct sk_buff *skb);
 93 
 94 static const struct neigh_ops ndisc_generic_ops = {
 95         .family =               AF_INET6,
 96         .solicit =              ndisc_solicit,
 97         .error_report =         ndisc_error_report,
 98         .output =               neigh_resolve_output,
 99         .connected_output =     neigh_connected_output,
100 };
101 
102 static const struct neigh_ops ndisc_hh_ops = {
103         .family =               AF_INET6,
104         .solicit =              ndisc_solicit,
105         .error_report =         ndisc_error_report,
106         .output =               neigh_resolve_output,
107         .connected_output =     neigh_resolve_output,
108 };
109 
110 
111 static const struct neigh_ops ndisc_direct_ops = {
112         .family =               AF_INET6,
113         .output =               neigh_direct_output,
114         .connected_output =     neigh_direct_output,
115 };
116 
117 struct neigh_table nd_tbl = {
118         .family =       AF_INET6,
119         .key_len =      sizeof(struct in6_addr),
120         .hash =         ndisc_hash,
121         .constructor =  ndisc_constructor,
122         .pconstructor = pndisc_constructor,
123         .pdestructor =  pndisc_destructor,
124         .proxy_redo =   pndisc_redo,
125         .id =           "ndisc_cache",
126         .parms = {
127                 .tbl                    = &nd_tbl,
128                 .base_reachable_time    = ND_REACHABLE_TIME,
129                 .retrans_time           = ND_RETRANS_TIMER,
130                 .gc_staletime           = 60 * HZ,
131                 .reachable_time         = ND_REACHABLE_TIME,
132                 .delay_probe_time       = 5 * HZ,
133                 .queue_len_bytes        = 64*1024,
134                 .ucast_probes           = 3,
135                 .mcast_probes           = 3,
136                 .anycast_delay          = 1 * HZ,
137                 .proxy_delay            = (8 * HZ) / 10,
138                 .proxy_qlen             = 64,
139         },
140         .gc_interval =    30 * HZ,
141         .gc_thresh1 =    128,
142         .gc_thresh2 =    512,
143         .gc_thresh3 =   1024,
144 };
145 
146 static void ndisc_fill_addr_option(struct sk_buff *skb, int type, void *data)
147 {
148         int pad   = ndisc_addr_option_pad(skb->dev->type);
149         int data_len = skb->dev->addr_len;
150         int space = ndisc_opt_addr_space(skb->dev);
151         u8 *opt = skb_put(skb, space);
152 
153         opt[0] = type;
154         opt[1] = space>>3;
155 
156         memset(opt + 2, 0, pad);
157         opt   += pad;
158         space -= pad;
159 
160         memcpy(opt+2, data, data_len);
161         data_len += 2;
162         opt += data_len;
163         if ((space -= data_len) > 0)
164                 memset(opt, 0, space);
165 }
166 
167 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
168                                             struct nd_opt_hdr *end)
169 {
170         int type;
171         if (!cur || !end || cur >= end)
172                 return NULL;
173         type = cur->nd_opt_type;
174         do {
175                 cur = ((void *)cur) + (cur->nd_opt_len << 3);
176         } while(cur < end && cur->nd_opt_type != type);
177         return cur <= end && cur->nd_opt_type == type ? cur : NULL;
178 }
179 
180 static inline int ndisc_is_useropt(struct nd_opt_hdr *opt)
181 {
182         return opt->nd_opt_type == ND_OPT_RDNSS ||
183                 opt->nd_opt_type == ND_OPT_DNSSL;
184 }
185 
186 static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur,
187                                              struct nd_opt_hdr *end)
188 {
189         if (!cur || !end || cur >= end)
190                 return NULL;
191         do {
192                 cur = ((void *)cur) + (cur->nd_opt_len << 3);
193         } while(cur < end && !ndisc_is_useropt(cur));
194         return cur <= end && ndisc_is_useropt(cur) ? cur : NULL;
195 }
196 
197 struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
198                                           struct ndisc_options *ndopts)
199 {
200         struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
201 
202         if (!nd_opt || opt_len < 0 || !ndopts)
203                 return NULL;
204         memset(ndopts, 0, sizeof(*ndopts));
205         while (opt_len) {
206                 int l;
207                 if (opt_len < sizeof(struct nd_opt_hdr))
208                         return NULL;
209                 l = nd_opt->nd_opt_len << 3;
210                 if (opt_len < l || l == 0)
211                         return NULL;
212                 switch (nd_opt->nd_opt_type) {
213                 case ND_OPT_SOURCE_LL_ADDR:
214                 case ND_OPT_TARGET_LL_ADDR:
215                 case ND_OPT_MTU:
216                 case ND_OPT_REDIRECT_HDR:
217                         if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
218                                 ND_PRINTK(2, warn,
219                                           "%s: duplicated ND6 option found: type=%d\n",
220                                           __func__, nd_opt->nd_opt_type);
221                         } else {
222                                 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
223                         }
224                         break;
225                 case ND_OPT_PREFIX_INFO:
226                         ndopts->nd_opts_pi_end = nd_opt;
227                         if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
228                                 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
229                         break;
230 #ifdef CONFIG_IPV6_ROUTE_INFO
231                 case ND_OPT_ROUTE_INFO:
232                         ndopts->nd_opts_ri_end = nd_opt;
233                         if (!ndopts->nd_opts_ri)
234                                 ndopts->nd_opts_ri = nd_opt;
235                         break;
236 #endif
237                 default:
238                         if (ndisc_is_useropt(nd_opt)) {
239                                 ndopts->nd_useropts_end = nd_opt;
240                                 if (!ndopts->nd_useropts)
241                                         ndopts->nd_useropts = nd_opt;
242                         } else {
243                                 /*
244                                  * Unknown options must be silently ignored,
245                                  * to accommodate future extension to the
246                                  * protocol.
247                                  */
248                                 ND_PRINTK(2, notice,
249                                           "%s: ignored unsupported option; type=%d, len=%d\n",
250                                           __func__,
251                                           nd_opt->nd_opt_type,
252                                           nd_opt->nd_opt_len);
253                         }
254                 }
255                 opt_len -= l;
256                 nd_opt = ((void *)nd_opt) + l;
257         }
258         return ndopts;
259 }
260 
261 int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
262 {
263         switch (dev->type) {
264         case ARPHRD_ETHER:
265         case ARPHRD_IEEE802:    /* Not sure. Check it later. --ANK */
266         case ARPHRD_FDDI:
267                 ipv6_eth_mc_map(addr, buf);
268                 return 0;
269         case ARPHRD_ARCNET:
270                 ipv6_arcnet_mc_map(addr, buf);
271                 return 0;
272         case ARPHRD_INFINIBAND:
273                 ipv6_ib_mc_map(addr, dev->broadcast, buf);
274                 return 0;
275         case ARPHRD_IPGRE:
276                 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
277         default:
278                 if (dir) {
279                         memcpy(buf, dev->broadcast, dev->addr_len);
280                         return 0;
281                 }
282         }
283         return -EINVAL;
284 }
285 
286 EXPORT_SYMBOL(ndisc_mc_map);
287 
288 static u32 ndisc_hash(const void *pkey,
289                       const struct net_device *dev,
290                       __u32 *hash_rnd)
291 {
292         return ndisc_hashfn(pkey, dev, hash_rnd);
293 }
294 
295 static int ndisc_constructor(struct neighbour *neigh)
296 {
297         struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key;
298         struct net_device *dev = neigh->dev;
299         struct inet6_dev *in6_dev;
300         struct neigh_parms *parms;
301         bool is_multicast = ipv6_addr_is_multicast(addr);
302 
303         in6_dev = in6_dev_get(dev);
304         if (in6_dev == NULL) {
305                 return -EINVAL;
306         }
307 
308         parms = in6_dev->nd_parms;
309         __neigh_parms_put(neigh->parms);
310         neigh->parms = neigh_parms_clone(parms);
311 
312         neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
313         if (!dev->header_ops) {
314                 neigh->nud_state = NUD_NOARP;
315                 neigh->ops = &ndisc_direct_ops;
316                 neigh->output = neigh_direct_output;
317         } else {
318                 if (is_multicast) {
319                         neigh->nud_state = NUD_NOARP;
320                         ndisc_mc_map(addr, neigh->ha, dev, 1);
321                 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
322                         neigh->nud_state = NUD_NOARP;
323                         memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
324                         if (dev->flags&IFF_LOOPBACK)
325                                 neigh->type = RTN_LOCAL;
326                 } else if (dev->flags&IFF_POINTOPOINT) {
327                         neigh->nud_state = NUD_NOARP;
328                         memcpy(neigh->ha, dev->broadcast, dev->addr_len);
329                 }
330                 if (dev->header_ops->cache)
331                         neigh->ops = &ndisc_hh_ops;
332                 else
333                         neigh->ops = &ndisc_generic_ops;
334                 if (neigh->nud_state&NUD_VALID)
335                         neigh->output = neigh->ops->connected_output;
336                 else
337                         neigh->output = neigh->ops->output;
338         }
339         in6_dev_put(in6_dev);
340         return 0;
341 }
342 
343 static int pndisc_constructor(struct pneigh_entry *n)
344 {
345         struct in6_addr *addr = (struct in6_addr*)&n->key;
346         struct in6_addr maddr;
347         struct net_device *dev = n->dev;
348 
349         if (dev == NULL || __in6_dev_get(dev) == NULL)
350                 return -EINVAL;
351         addrconf_addr_solict_mult(addr, &maddr);
352         ipv6_dev_mc_inc(dev, &maddr);
353         return 0;
354 }
355 
356 static void pndisc_destructor(struct pneigh_entry *n)
357 {
358         struct in6_addr *addr = (struct in6_addr*)&n->key;
359         struct in6_addr maddr;
360         struct net_device *dev = n->dev;
361 
362         if (dev == NULL || __in6_dev_get(dev) == NULL)
363                 return;
364         addrconf_addr_solict_mult(addr, &maddr);
365         ipv6_dev_mc_dec(dev, &maddr);
366 }
367 
368 static struct sk_buff *ndisc_alloc_skb(struct net_device *dev,
369                                        int len)
370 {
371         int hlen = LL_RESERVED_SPACE(dev);
372         int tlen = dev->needed_tailroom;
373         struct sock *sk = dev_net(dev)->ipv6.ndisc_sk;
374         struct sk_buff *skb;
375 
376         skb = alloc_skb(hlen + sizeof(struct ipv6hdr) + len + tlen, GFP_ATOMIC);
377         if (!skb) {
378                 ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb\n",
379                           __func__);
380                 return NULL;
381         }
382 
383         skb->protocol = htons(ETH_P_IPV6);
384         skb->dev = dev;
385 
386         skb_reserve(skb, hlen + sizeof(struct ipv6hdr));
387         skb_reset_transport_header(skb);
388 
389         /* Manually assign socket ownership as we avoid calling
390          * sock_alloc_send_pskb() to bypass wmem buffer limits
391          */
392         skb_set_owner_w(skb, sk);
393 
394         return skb;
395 }
396 
397 static void ip6_nd_hdr(struct sk_buff *skb,
398                        const struct in6_addr *saddr,
399                        const struct in6_addr *daddr,
400                        int hop_limit, int len)
401 {
402         struct ipv6hdr *hdr;
403 
404         skb_push(skb, sizeof(*hdr));
405         skb_reset_network_header(skb);
406         hdr = ipv6_hdr(skb);
407 
408         ip6_flow_hdr(hdr, 0, 0);
409 
410         hdr->payload_len = htons(len);
411         hdr->nexthdr = IPPROTO_ICMPV6;
412         hdr->hop_limit = hop_limit;
413 
414         hdr->saddr = *saddr;
415         hdr->daddr = *daddr;
416 }
417 
418 static void ndisc_send_skb(struct sk_buff *skb,
419                            const struct in6_addr *daddr,
420                            const struct in6_addr *saddr)
421 {
422         struct dst_entry *dst = skb_dst(skb);
423         struct net *net = dev_net(skb->dev);
424         struct sock *sk = net->ipv6.ndisc_sk;
425         struct inet6_dev *idev;
426         int err;
427         struct icmp6hdr *icmp6h = icmp6_hdr(skb);
428         u8 type;
429 
430         type = icmp6h->icmp6_type;
431 
432         if (!dst) {
433                 struct flowi6 fl6;
434 
435                 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, skb->dev->ifindex);
436                 dst = icmp6_dst_alloc(skb->dev, &fl6);
437                 if (IS_ERR(dst)) {
438                         kfree_skb(skb);
439                         return;
440                 }
441 
442                 skb_dst_set(skb, dst);
443         }
444 
445         icmp6h->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len,
446                                               IPPROTO_ICMPV6,
447                                               csum_partial(icmp6h,
448                                                            skb->len, 0));
449 
450         ip6_nd_hdr(skb, saddr, daddr, inet6_sk(sk)->hop_limit, skb->len);
451 
452         rcu_read_lock();
453         idev = __in6_dev_get(dst->dev);
454         IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
455 
456         err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev,
457                       dst_output);
458         if (!err) {
459                 ICMP6MSGOUT_INC_STATS(net, idev, type);
460                 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
461         }
462 
463         rcu_read_unlock();
464 }
465 
466 void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
467                    const struct in6_addr *daddr,
468                    const struct in6_addr *solicited_addr,
469                    bool router, bool solicited, bool override, bool inc_opt)
470 {
471         struct sk_buff *skb;
472         struct in6_addr tmpaddr;
473         struct inet6_ifaddr *ifp;
474         const struct in6_addr *src_addr;
475         struct nd_msg *msg;
476         int optlen = 0;
477 
478         /* for anycast or proxy, solicited_addr != src_addr */
479         ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
480         if (ifp) {
481                 src_addr = solicited_addr;
482                 if (ifp->flags & IFA_F_OPTIMISTIC)
483                         override = false;
484                 inc_opt |= ifp->idev->cnf.force_tllao;
485                 in6_ifa_put(ifp);
486         } else {
487                 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
488                                        inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
489                                        &tmpaddr))
490                         return;
491                 src_addr = &tmpaddr;
492         }
493 
494         if (!dev->addr_len)
495                 inc_opt = 0;
496         if (inc_opt)
497                 optlen += ndisc_opt_addr_space(dev);
498 
499         skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
500         if (!skb)
501                 return;
502 
503         msg = (struct nd_msg *)skb_put(skb, sizeof(*msg));
504         *msg = (struct nd_msg) {
505                 .icmph = {
506                         .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
507                         .icmp6_router = router,
508                         .icmp6_solicited = solicited,
509                         .icmp6_override = override,
510                 },
511                 .target = *solicited_addr,
512         };
513 
514         if (inc_opt)
515                 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR,
516                                        dev->dev_addr);
517 
518 
519         ndisc_send_skb(skb, daddr, src_addr);
520 }
521 
522 static void ndisc_send_unsol_na(struct net_device *dev)
523 {
524         struct inet6_dev *idev;
525         struct inet6_ifaddr *ifa;
526 
527         idev = in6_dev_get(dev);
528         if (!idev)
529                 return;
530 
531         read_lock_bh(&idev->lock);
532         list_for_each_entry(ifa, &idev->addr_list, if_list) {
533                 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &ifa->addr,
534                               /*router=*/ !!idev->cnf.forwarding,
535                               /*solicited=*/ false, /*override=*/ true,
536                               /*inc_opt=*/ true);
537         }
538         read_unlock_bh(&idev->lock);
539 
540         in6_dev_put(idev);
541 }
542 
543 void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh,
544                    const struct in6_addr *solicit,
545                    const struct in6_addr *daddr, const struct in6_addr *saddr)
546 {
547         struct sk_buff *skb;
548         struct in6_addr addr_buf;
549         int inc_opt = dev->addr_len;
550         int optlen = 0;
551         struct nd_msg *msg;
552 
553         if (saddr == NULL) {
554                 if (ipv6_get_lladdr(dev, &addr_buf,
555                                    (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
556                         return;
557                 saddr = &addr_buf;
558         }
559 
560         if (ipv6_addr_any(saddr))
561                 inc_opt = false;
562         if (inc_opt)
563                 optlen += ndisc_opt_addr_space(dev);
564 
565         skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
566         if (!skb)
567                 return;
568 
569         msg = (struct nd_msg *)skb_put(skb, sizeof(*msg));
570         *msg = (struct nd_msg) {
571                 .icmph = {
572                         .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
573                 },
574                 .target = *solicit,
575         };
576 
577         if (inc_opt)
578                 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
579                                        dev->dev_addr);
580 
581         ndisc_send_skb(skb, daddr, saddr);
582 }
583 
584 void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
585                    const struct in6_addr *daddr)
586 {
587         struct sk_buff *skb;
588         struct rs_msg *msg;
589         int send_sllao = dev->addr_len;
590         int optlen = 0;
591 
592 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
593         /*
594          * According to section 2.2 of RFC 4429, we must not
595          * send router solicitations with a sllao from
596          * optimistic addresses, but we may send the solicitation
597          * if we don't include the sllao.  So here we check
598          * if our address is optimistic, and if so, we
599          * suppress the inclusion of the sllao.
600          */
601         if (send_sllao) {
602                 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
603                                                            dev, 1);
604                 if (ifp) {
605                         if (ifp->flags & IFA_F_OPTIMISTIC)  {
606                                 send_sllao = 0;
607                         }
608                         in6_ifa_put(ifp);
609                 } else {
610                         send_sllao = 0;
611                 }
612         }
613 #endif
614         if (send_sllao)
615                 optlen += ndisc_opt_addr_space(dev);
616 
617         skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
618         if (!skb)
619                 return;
620 
621         msg = (struct rs_msg *)skb_put(skb, sizeof(*msg));
622         *msg = (struct rs_msg) {
623                 .icmph = {
624                         .icmp6_type = NDISC_ROUTER_SOLICITATION,
625                 },
626         };
627 
628         if (send_sllao)
629                 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
630                                        dev->dev_addr);
631 
632         ndisc_send_skb(skb, daddr, saddr);
633 }
634 
635 
636 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
637 {
638         /*
639          *      "The sender MUST return an ICMP
640          *       destination unreachable"
641          */
642         dst_link_failure(skb);
643         kfree_skb(skb);
644 }
645 
646 /* Called with locked neigh: either read or both */
647 
648 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
649 {
650         struct in6_addr *saddr = NULL;
651         struct in6_addr mcaddr;
652         struct net_device *dev = neigh->dev;
653         struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
654         int probes = atomic_read(&neigh->probes);
655 
656         if (skb && ipv6_chk_addr(dev_net(dev), &ipv6_hdr(skb)->saddr, dev, 1))
657                 saddr = &ipv6_hdr(skb)->saddr;
658 
659         if ((probes -= neigh->parms->ucast_probes) < 0) {
660                 if (!(neigh->nud_state & NUD_VALID)) {
661                         ND_PRINTK(1, dbg,
662                                   "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
663                                   __func__, target);
664                 }
665                 ndisc_send_ns(dev, neigh, target, target, saddr);
666         } else if ((probes -= neigh->parms->app_probes) < 0) {
667                 neigh_app_ns(neigh);
668         } else {
669                 addrconf_addr_solict_mult(target, &mcaddr);
670                 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr);
671         }
672 }
673 
674 static int pndisc_is_router(const void *pkey,
675                             struct net_device *dev)
676 {
677         struct pneigh_entry *n;
678         int ret = -1;
679 
680         read_lock_bh(&nd_tbl.lock);
681         n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
682         if (n)
683                 ret = !!(n->flags & NTF_ROUTER);
684         read_unlock_bh(&nd_tbl.lock);
685 
686         return ret;
687 }
688 
689 static void ndisc_recv_ns(struct sk_buff *skb)
690 {
691         struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
692         const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
693         const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
694         u8 *lladdr = NULL;
695         u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
696                                     offsetof(struct nd_msg, opt));
697         struct ndisc_options ndopts;
698         struct net_device *dev = skb->dev;
699         struct inet6_ifaddr *ifp;
700         struct inet6_dev *idev = NULL;
701         struct neighbour *neigh;
702         int dad = ipv6_addr_any(saddr);
703         bool inc;
704         int is_router = -1;
705 
706         if (skb->len < sizeof(struct nd_msg)) {
707                 ND_PRINTK(2, warn, "NS: packet too short\n");
708                 return;
709         }
710 
711         if (ipv6_addr_is_multicast(&msg->target)) {
712                 ND_PRINTK(2, warn, "NS: multicast target address\n");
713                 return;
714         }
715 
716         /*
717          * RFC2461 7.1.1:
718          * DAD has to be destined for solicited node multicast address.
719          */
720         if (dad && !ipv6_addr_is_solict_mult(daddr)) {
721                 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
722                 return;
723         }
724 
725         if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
726                 ND_PRINTK(2, warn, "NS: invalid ND options\n");
727                 return;
728         }
729 
730         if (ndopts.nd_opts_src_lladdr) {
731                 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
732                 if (!lladdr) {
733                         ND_PRINTK(2, warn,
734                                   "NS: invalid link-layer address length\n");
735                         return;
736                 }
737 
738                 /* RFC2461 7.1.1:
739                  *      If the IP source address is the unspecified address,
740                  *      there MUST NOT be source link-layer address option
741                  *      in the message.
742                  */
743                 if (dad) {
744                         ND_PRINTK(2, warn,
745                                   "NS: bad DAD packet (link-layer address option)\n");
746                         return;
747                 }
748         }
749 
750         inc = ipv6_addr_is_multicast(daddr);
751 
752         ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
753         if (ifp) {
754 
755                 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
756                         if (dad) {
757                                 /*
758                                  * We are colliding with another node
759                                  * who is doing DAD
760                                  * so fail our DAD process
761                                  */
762                                 addrconf_dad_failure(ifp);
763                                 return;
764                         } else {
765                                 /*
766                                  * This is not a dad solicitation.
767                                  * If we are an optimistic node,
768                                  * we should respond.
769                                  * Otherwise, we should ignore it.
770                                  */
771                                 if (!(ifp->flags & IFA_F_OPTIMISTIC))
772                                         goto out;
773                         }
774                 }
775 
776                 idev = ifp->idev;
777         } else {
778                 struct net *net = dev_net(dev);
779 
780                 idev = in6_dev_get(dev);
781                 if (!idev) {
782                         /* XXX: count this drop? */
783                         return;
784                 }
785 
786                 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
787                     (idev->cnf.forwarding &&
788                      (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
789                      (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
790                         if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
791                             skb->pkt_type != PACKET_HOST &&
792                             inc &&
793                             idev->nd_parms->proxy_delay != 0) {
794                                 /*
795                                  * for anycast or proxy,
796                                  * sender should delay its response
797                                  * by a random time between 0 and
798                                  * MAX_ANYCAST_DELAY_TIME seconds.
799                                  * (RFC2461) -- yoshfuji
800                                  */
801                                 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
802                                 if (n)
803                                         pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
804                                 goto out;
805                         }
806                 } else
807                         goto out;
808         }
809 
810         if (is_router < 0)
811                 is_router = idev->cnf.forwarding;
812 
813         if (dad) {
814                 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &msg->target,
815                               !!is_router, false, (ifp != NULL), true);
816                 goto out;
817         }
818 
819         if (inc)
820                 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
821         else
822                 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
823 
824         /*
825          *      update / create cache entry
826          *      for the source address
827          */
828         neigh = __neigh_lookup(&nd_tbl, saddr, dev,
829                                !inc || lladdr || !dev->addr_len);
830         if (neigh)
831                 neigh_update(neigh, lladdr, NUD_STALE,
832                              NEIGH_UPDATE_F_WEAK_OVERRIDE|
833                              NEIGH_UPDATE_F_OVERRIDE);
834         if (neigh || !dev->header_ops) {
835                 ndisc_send_na(dev, neigh, saddr, &msg->target,
836                               !!is_router,
837                               true, (ifp != NULL && inc), inc);
838                 if (neigh)
839                         neigh_release(neigh);
840         }
841 
842 out:
843         if (ifp)
844                 in6_ifa_put(ifp);
845         else
846                 in6_dev_put(idev);
847 }
848 
849 static void ndisc_recv_na(struct sk_buff *skb)
850 {
851         struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
852         const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
853         const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
854         u8 *lladdr = NULL;
855         u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
856                                     offsetof(struct nd_msg, opt));
857         struct ndisc_options ndopts;
858         struct net_device *dev = skb->dev;
859         struct inet6_ifaddr *ifp;
860         struct neighbour *neigh;
861 
862         if (skb->len < sizeof(struct nd_msg)) {
863                 ND_PRINTK(2, warn, "NA: packet too short\n");
864                 return;
865         }
866 
867         if (ipv6_addr_is_multicast(&msg->target)) {
868                 ND_PRINTK(2, warn, "NA: target address is multicast\n");
869                 return;
870         }
871 
872         if (ipv6_addr_is_multicast(daddr) &&
873             msg->icmph.icmp6_solicited) {
874                 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
875                 return;
876         }
877 
878         if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
879                 ND_PRINTK(2, warn, "NS: invalid ND option\n");
880                 return;
881         }
882         if (ndopts.nd_opts_tgt_lladdr) {
883                 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
884                 if (!lladdr) {
885                         ND_PRINTK(2, warn,
886                                   "NA: invalid link-layer address length\n");
887                         return;
888                 }
889         }
890         ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
891         if (ifp) {
892                 if (skb->pkt_type != PACKET_LOOPBACK
893                     && (ifp->flags & IFA_F_TENTATIVE)) {
894                                 addrconf_dad_failure(ifp);
895                                 return;
896                 }
897                 /* What should we make now? The advertisement
898                    is invalid, but ndisc specs say nothing
899                    about it. It could be misconfiguration, or
900                    an smart proxy agent tries to help us :-)
901 
902                    We should not print the error if NA has been
903                    received from loopback - it is just our own
904                    unsolicited advertisement.
905                  */
906                 if (skb->pkt_type != PACKET_LOOPBACK)
907                         ND_PRINTK(1, warn,
908                                   "NA: someone advertises our address %pI6 on %s!\n",
909                                   &ifp->addr, ifp->idev->dev->name);
910                 in6_ifa_put(ifp);
911                 return;
912         }
913         neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
914 
915         if (neigh) {
916                 u8 old_flags = neigh->flags;
917                 struct net *net = dev_net(dev);
918 
919                 if (neigh->nud_state & NUD_FAILED)
920                         goto out;
921 
922                 /*
923                  * Don't update the neighbor cache entry on a proxy NA from
924                  * ourselves because either the proxied node is off link or it
925                  * has already sent a NA to us.
926                  */
927                 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
928                     net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
929                     pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
930                         /* XXX: idev->cnf.proxy_ndp */
931                         goto out;
932                 }
933 
934                 neigh_update(neigh, lladdr,
935                              msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
936                              NEIGH_UPDATE_F_WEAK_OVERRIDE|
937                              (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
938                              NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
939                              (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0));
940 
941                 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
942                         /*
943                          * Change: router to host
944                          */
945                         struct rt6_info *rt;
946                         rt = rt6_get_dflt_router(saddr, dev);
947                         if (rt)
948                                 ip6_del_rt(rt);
949                 }
950 
951 out:
952                 neigh_release(neigh);
953         }
954 }
955 
956 static void ndisc_recv_rs(struct sk_buff *skb)
957 {
958         struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
959         unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
960         struct neighbour *neigh;
961         struct inet6_dev *idev;
962         const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
963         struct ndisc_options ndopts;
964         u8 *lladdr = NULL;
965 
966         if (skb->len < sizeof(*rs_msg))
967                 return;
968 
969         idev = __in6_dev_get(skb->dev);
970         if (!idev) {
971                 ND_PRINTK(1, err, "RS: can't find in6 device\n");
972                 return;
973         }
974 
975         /* Don't accept RS if we're not in router mode */
976         if (!idev->cnf.forwarding)
977                 goto out;
978 
979         /*
980          * Don't update NCE if src = ::;
981          * this implies that the source node has no ip address assigned yet.
982          */
983         if (ipv6_addr_any(saddr))
984                 goto out;
985 
986         /* Parse ND options */
987         if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) {
988                 ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n");
989                 goto out;
990         }
991 
992         if (ndopts.nd_opts_src_lladdr) {
993                 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
994                                              skb->dev);
995                 if (!lladdr)
996                         goto out;
997         }
998 
999         neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1000         if (neigh) {
1001                 neigh_update(neigh, lladdr, NUD_STALE,
1002                              NEIGH_UPDATE_F_WEAK_OVERRIDE|
1003                              NEIGH_UPDATE_F_OVERRIDE|
1004                              NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
1005                 neigh_release(neigh);
1006         }
1007 out:
1008         return;
1009 }
1010 
1011 static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1012 {
1013         struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1014         struct sk_buff *skb;
1015         struct nlmsghdr *nlh;
1016         struct nduseroptmsg *ndmsg;
1017         struct net *net = dev_net(ra->dev);
1018         int err;
1019         int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1020                                     + (opt->nd_opt_len << 3));
1021         size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1022 
1023         skb = nlmsg_new(msg_size, GFP_ATOMIC);
1024         if (skb == NULL) {
1025                 err = -ENOBUFS;
1026                 goto errout;
1027         }
1028 
1029         nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1030         if (nlh == NULL) {
1031                 goto nla_put_failure;
1032         }
1033 
1034         ndmsg = nlmsg_data(nlh);
1035         ndmsg->nduseropt_family = AF_INET6;
1036         ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1037         ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1038         ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1039         ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1040 
1041         memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1042 
1043         if (nla_put(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr),
1044                     &ipv6_hdr(ra)->saddr))
1045                 goto nla_put_failure;
1046         nlmsg_end(skb, nlh);
1047 
1048         rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1049         return;
1050 
1051 nla_put_failure:
1052         nlmsg_free(skb);
1053         err = -EMSGSIZE;
1054 errout:
1055         rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1056 }
1057 
1058 static void ndisc_router_discovery(struct sk_buff *skb)
1059 {
1060         struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1061         struct neighbour *neigh = NULL;
1062         struct inet6_dev *in6_dev;
1063         struct rt6_info *rt = NULL;
1064         int lifetime;
1065         struct ndisc_options ndopts;
1066         int optlen;
1067         unsigned int pref = 0;
1068 
1069         __u8 * opt = (__u8 *)(ra_msg + 1);
1070 
1071         optlen = (skb_tail_pointer(skb) - skb_transport_header(skb)) -
1072                 sizeof(struct ra_msg);
1073 
1074         if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1075                 ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1076                 return;
1077         }
1078         if (optlen < 0) {
1079                 ND_PRINTK(2, warn, "RA: packet too short\n");
1080                 return;
1081         }
1082 
1083 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1084         if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1085                 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
1086                 return;
1087         }
1088 #endif
1089 
1090         /*
1091          *      set the RA_RECV flag in the interface
1092          */
1093 
1094         in6_dev = __in6_dev_get(skb->dev);
1095         if (in6_dev == NULL) {
1096                 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1097                           skb->dev->name);
1098                 return;
1099         }
1100 
1101         if (!ndisc_parse_options(opt, optlen, &ndopts)) {
1102                 ND_PRINTK(2, warn, "RA: invalid ND options\n");
1103                 return;
1104         }
1105 
1106         if (!ipv6_accept_ra(in6_dev))
1107                 goto skip_linkparms;
1108 
1109 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1110         /* skip link-specific parameters from interior routers */
1111         if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1112                 goto skip_linkparms;
1113 #endif
1114 
1115         if (in6_dev->if_flags & IF_RS_SENT) {
1116                 /*
1117                  *      flag that an RA was received after an RS was sent
1118                  *      out on this interface.
1119                  */
1120                 in6_dev->if_flags |= IF_RA_RCVD;
1121         }
1122 
1123         /*
1124          * Remember the managed/otherconf flags from most recently
1125          * received RA message (RFC 2462) -- yoshfuji
1126          */
1127         in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1128                                 IF_RA_OTHERCONF)) |
1129                                 (ra_msg->icmph.icmp6_addrconf_managed ?
1130                                         IF_RA_MANAGED : 0) |
1131                                 (ra_msg->icmph.icmp6_addrconf_other ?
1132                                         IF_RA_OTHERCONF : 0);
1133 
1134         if (!in6_dev->cnf.accept_ra_defrtr)
1135                 goto skip_defrtr;
1136 
1137         if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0))
1138                 goto skip_defrtr;
1139 
1140         lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1141 
1142 #ifdef CONFIG_IPV6_ROUTER_PREF
1143         pref = ra_msg->icmph.icmp6_router_pref;
1144         /* 10b is handled as if it were 00b (medium) */
1145         if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1146             !in6_dev->cnf.accept_ra_rtr_pref)
1147                 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1148 #endif
1149 
1150         rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1151 
1152         if (rt) {
1153                 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1154                 if (!neigh) {
1155                         ND_PRINTK(0, err,
1156                                   "RA: %s got default router without neighbour\n",
1157                                   __func__);
1158                         ip6_rt_put(rt);
1159                         return;
1160                 }
1161         }
1162         if (rt && lifetime == 0) {
1163                 ip6_del_rt(rt);
1164                 rt = NULL;
1165         }
1166 
1167         if (rt == NULL && lifetime) {
1168                 ND_PRINTK(3, dbg, "RA: adding default router\n");
1169 
1170                 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
1171                 if (rt == NULL) {
1172                         ND_PRINTK(0, err,
1173                                   "RA: %s failed to add default route\n",
1174                                   __func__);
1175                         return;
1176                 }
1177 
1178                 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1179                 if (neigh == NULL) {
1180                         ND_PRINTK(0, err,
1181                                   "RA: %s got default router without neighbour\n",
1182                                   __func__);
1183                         ip6_rt_put(rt);
1184                         return;
1185                 }
1186                 neigh->flags |= NTF_ROUTER;
1187         } else if (rt) {
1188                 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1189         }
1190 
1191         if (rt)
1192                 rt6_set_expires(rt, jiffies + (HZ * lifetime));
1193         if (in6_dev->cnf.accept_ra_min_hop_limit < 256 &&
1194             ra_msg->icmph.icmp6_hop_limit) {
1195                 if (in6_dev->cnf.accept_ra_min_hop_limit <= ra_msg->icmph.icmp6_hop_limit) {
1196                         in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1197                         if (rt)
1198                                 dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
1199                                                ra_msg->icmph.icmp6_hop_limit);
1200                 } else {
1201                         ND_PRINTK(2, warn, "RA: Got route advertisement with lower hop_limit than minimum\n");
1202                 }
1203         }
1204 
1205 skip_defrtr:
1206 
1207         /*
1208          *      Update Reachable Time and Retrans Timer
1209          */
1210 
1211         if (in6_dev->nd_parms) {
1212                 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1213 
1214                 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1215                         rtime = (rtime*HZ)/1000;
1216                         if (rtime < HZ/10)
1217                                 rtime = HZ/10;
1218                         in6_dev->nd_parms->retrans_time = rtime;
1219                         in6_dev->tstamp = jiffies;
1220                         inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1221                 }
1222 
1223                 rtime = ntohl(ra_msg->reachable_time);
1224                 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1225                         rtime = (rtime*HZ)/1000;
1226 
1227                         if (rtime < HZ/10)
1228                                 rtime = HZ/10;
1229 
1230                         if (rtime != in6_dev->nd_parms->base_reachable_time) {
1231                                 in6_dev->nd_parms->base_reachable_time = rtime;
1232                                 in6_dev->nd_parms->gc_staletime = 3 * rtime;
1233                                 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1234                                 in6_dev->tstamp = jiffies;
1235                                 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1236                         }
1237                 }
1238         }
1239 
1240 skip_linkparms:
1241 
1242         /*
1243          *      Process options.
1244          */
1245 
1246         if (!neigh)
1247                 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1248                                        skb->dev, 1);
1249         if (neigh) {
1250                 u8 *lladdr = NULL;
1251                 if (ndopts.nd_opts_src_lladdr) {
1252                         lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1253                                                      skb->dev);
1254                         if (!lladdr) {
1255                                 ND_PRINTK(2, warn,
1256                                           "RA: invalid link-layer address length\n");
1257                                 goto out;
1258                         }
1259                 }
1260                 neigh_update(neigh, lladdr, NUD_STALE,
1261                              NEIGH_UPDATE_F_WEAK_OVERRIDE|
1262                              NEIGH_UPDATE_F_OVERRIDE|
1263                              NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1264                              NEIGH_UPDATE_F_ISROUTER);
1265         }
1266 
1267         if (!ipv6_accept_ra(in6_dev))
1268                 goto out;
1269 
1270 #ifdef CONFIG_IPV6_ROUTE_INFO
1271         if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0))
1272                 goto skip_routeinfo;
1273 
1274         if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1275                 struct nd_opt_hdr *p;
1276                 for (p = ndopts.nd_opts_ri;
1277                      p;
1278                      p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1279                         struct route_info *ri = (struct route_info *)p;
1280 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1281                         if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1282                             ri->prefix_len == 0)
1283                                 continue;
1284 #endif
1285                         if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1286                                 continue;
1287                         rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3,
1288                                       &ipv6_hdr(skb)->saddr);
1289                 }
1290         }
1291 
1292 skip_routeinfo:
1293 #endif
1294 
1295 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1296         /* skip link-specific ndopts from interior routers */
1297         if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1298                 goto out;
1299 #endif
1300 
1301         if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1302                 struct nd_opt_hdr *p;
1303                 for (p = ndopts.nd_opts_pi;
1304                      p;
1305                      p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1306                         addrconf_prefix_rcv(skb->dev, (u8 *)p,
1307                                             (p->nd_opt_len) << 3,
1308                                             ndopts.nd_opts_src_lladdr != NULL);
1309                 }
1310         }
1311 
1312         if (ndopts.nd_opts_mtu) {
1313                 __be32 n;
1314                 u32 mtu;
1315 
1316                 memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1317                 mtu = ntohl(n);
1318 
1319                 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1320                         ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1321                 } else if (in6_dev->cnf.mtu6 != mtu) {
1322                         in6_dev->cnf.mtu6 = mtu;
1323 
1324                         if (rt)
1325                                 dst_metric_set(&rt->dst, RTAX_MTU, mtu);
1326 
1327                         rt6_mtu_change(skb->dev, mtu);
1328                 }
1329         }
1330 
1331         if (ndopts.nd_useropts) {
1332                 struct nd_opt_hdr *p;
1333                 for (p = ndopts.nd_useropts;
1334                      p;
1335                      p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) {
1336                         ndisc_ra_useropt(skb, p);
1337                 }
1338         }
1339 
1340         if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1341                 ND_PRINTK(2, warn, "RA: invalid RA options\n");
1342         }
1343 out:
1344         ip6_rt_put(rt);
1345         if (neigh)
1346                 neigh_release(neigh);
1347 }
1348 
1349 static void ndisc_redirect_rcv(struct sk_buff *skb)
1350 {
1351         u8 *hdr;
1352         struct ndisc_options ndopts;
1353         struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb);
1354         u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
1355                                     offsetof(struct rd_msg, opt));
1356 
1357 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1358         switch (skb->ndisc_nodetype) {
1359         case NDISC_NODETYPE_HOST:
1360         case NDISC_NODETYPE_NODEFAULT:
1361                 ND_PRINTK(2, warn,
1362                           "Redirect: from host or unauthorized router\n");
1363                 return;
1364         }
1365 #endif
1366 
1367         if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1368                 ND_PRINTK(2, warn,
1369                           "Redirect: source address is not link-local\n");
1370                 return;
1371         }
1372 
1373         if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts))
1374                 return;
1375 
1376         if (!ndopts.nd_opts_rh) {
1377                 ip6_redirect_no_header(skb, dev_net(skb->dev),
1378                                         skb->dev->ifindex, 0);
1379                 return;
1380         }
1381 
1382         hdr = (u8 *)ndopts.nd_opts_rh;
1383         hdr += 8;
1384         if (!pskb_pull(skb, hdr - skb_transport_header(skb)))
1385                 return;
1386 
1387         icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1388 }
1389 
1390 static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb,
1391                                            struct sk_buff *orig_skb,
1392                                            int rd_len)
1393 {
1394         u8 *opt = skb_put(skb, rd_len);
1395 
1396         memset(opt, 0, 8);
1397         *(opt++) = ND_OPT_REDIRECT_HDR;
1398         *(opt++) = (rd_len >> 3);
1399         opt += 6;
1400 
1401         memcpy(opt, ipv6_hdr(orig_skb), rd_len - 8);
1402 }
1403 
1404 void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1405 {
1406         struct net_device *dev = skb->dev;
1407         struct net *net = dev_net(dev);
1408         struct sock *sk = net->ipv6.ndisc_sk;
1409         int optlen = 0;
1410         struct inet_peer *peer;
1411         struct sk_buff *buff;
1412         struct rd_msg *msg;
1413         struct in6_addr saddr_buf;
1414         struct rt6_info *rt;
1415         struct dst_entry *dst;
1416         struct flowi6 fl6;
1417         int rd_len;
1418         u8 ha_buf[MAX_ADDR_LEN], *ha = NULL;
1419         bool ret;
1420 
1421         if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1422                 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1423                           dev->name);
1424                 return;
1425         }
1426 
1427         if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1428             ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1429                 ND_PRINTK(2, warn,
1430                           "Redirect: target address is not link-local unicast\n");
1431                 return;
1432         }
1433 
1434         icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1435                          &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1436 
1437         dst = ip6_route_output(net, NULL, &fl6);
1438         if (dst->error) {
1439                 dst_release(dst);
1440                 return;
1441         }
1442         dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1443         if (IS_ERR(dst))
1444                 return;
1445 
1446         rt = (struct rt6_info *) dst;
1447 
1448         if (rt->rt6i_flags & RTF_GATEWAY) {
1449                 ND_PRINTK(2, warn,
1450                           "Redirect: destination is not a neighbour\n");
1451                 goto release;
1452         }
1453         peer = inet_getpeer_v6(net->ipv6.peers, &rt->rt6i_dst.addr, 1);
1454         ret = inet_peer_xrlim_allow(peer, 1*HZ);
1455         if (peer)
1456                 inet_putpeer(peer);
1457         if (!ret)
1458                 goto release;
1459 
1460         if (dev->addr_len) {
1461                 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1462                 if (!neigh) {
1463                         ND_PRINTK(2, warn,
1464                                   "Redirect: no neigh for target address\n");
1465                         goto release;
1466                 }
1467 
1468                 read_lock_bh(&neigh->lock);
1469                 if (neigh->nud_state & NUD_VALID) {
1470                         memcpy(ha_buf, neigh->ha, dev->addr_len);
1471                         read_unlock_bh(&neigh->lock);
1472                         ha = ha_buf;
1473                         optlen += ndisc_opt_addr_space(dev);
1474                 } else
1475                         read_unlock_bh(&neigh->lock);
1476 
1477                 neigh_release(neigh);
1478         }
1479 
1480         rd_len = min_t(unsigned int,
1481                        IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen,
1482                        skb->len + 8);
1483         rd_len &= ~0x7;
1484         optlen += rd_len;
1485 
1486         buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
1487         if (!buff)
1488                 goto release;
1489 
1490         msg = (struct rd_msg *)skb_put(buff, sizeof(*msg));
1491         *msg = (struct rd_msg) {
1492                 .icmph = {
1493                         .icmp6_type = NDISC_REDIRECT,
1494                 },
1495                 .target = *target,
1496                 .dest = ipv6_hdr(skb)->daddr,
1497         };
1498 
1499         /*
1500          *      include target_address option
1501          */
1502 
1503         if (ha)
1504                 ndisc_fill_addr_option(buff, ND_OPT_TARGET_LL_ADDR, ha);
1505 
1506         /*
1507          *      build redirect option and copy skb over to the new packet.
1508          */
1509 
1510         if (rd_len)
1511                 ndisc_fill_redirect_hdr_option(buff, skb, rd_len);
1512 
1513         skb_dst_set(buff, dst);
1514         ndisc_send_skb(buff, &ipv6_hdr(skb)->saddr, &saddr_buf);
1515         return;
1516 
1517 release:
1518         dst_release(dst);
1519 }
1520 
1521 static void pndisc_redo(struct sk_buff *skb)
1522 {
1523         ndisc_recv_ns(skb);
1524         kfree_skb(skb);
1525 }
1526 
1527 static bool ndisc_suppress_frag_ndisc(struct sk_buff *skb)
1528 {
1529         struct inet6_dev *idev = __in6_dev_get(skb->dev);
1530 
1531         if (!idev)
1532                 return true;
1533         if (IP6CB(skb)->flags & IP6SKB_FRAGMENTED &&
1534             idev->cnf.suppress_frag_ndisc) {
1535                 net_warn_ratelimited("Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.\n");
1536                 return true;
1537         }
1538         return false;
1539 }
1540 
1541 int ndisc_rcv(struct sk_buff *skb)
1542 {
1543         struct nd_msg *msg;
1544 
1545         if (ndisc_suppress_frag_ndisc(skb))
1546                 return 0;
1547 
1548         if (skb_linearize(skb))
1549                 return 0;
1550 
1551         msg = (struct nd_msg *)skb_transport_header(skb);
1552 
1553         __skb_push(skb, skb->data - skb_transport_header(skb));
1554 
1555         if (ipv6_hdr(skb)->hop_limit != 255) {
1556                 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1557                           ipv6_hdr(skb)->hop_limit);
1558                 return 0;
1559         }
1560 
1561         if (msg->icmph.icmp6_code != 0) {
1562                 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1563                           msg->icmph.icmp6_code);
1564                 return 0;
1565         }
1566 
1567         memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1568 
1569         switch (msg->icmph.icmp6_type) {
1570         case NDISC_NEIGHBOUR_SOLICITATION:
1571                 ndisc_recv_ns(skb);
1572                 break;
1573 
1574         case NDISC_NEIGHBOUR_ADVERTISEMENT:
1575                 ndisc_recv_na(skb);
1576                 break;
1577 
1578         case NDISC_ROUTER_SOLICITATION:
1579                 ndisc_recv_rs(skb);
1580                 break;
1581 
1582         case NDISC_ROUTER_ADVERTISEMENT:
1583                 ndisc_router_discovery(skb);
1584                 break;
1585 
1586         case NDISC_REDIRECT:
1587                 ndisc_redirect_rcv(skb);
1588                 break;
1589         }
1590 
1591         return 0;
1592 }
1593 
1594 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1595 {
1596         struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1597         struct net *net = dev_net(dev);
1598         struct inet6_dev *idev;
1599 
1600         switch (event) {
1601         case NETDEV_CHANGEADDR:
1602                 neigh_changeaddr(&nd_tbl, dev);
1603                 fib6_run_gc(0, net, false);
1604                 idev = in6_dev_get(dev);
1605                 if (!idev)
1606                         break;
1607                 if (idev->cnf.ndisc_notify)
1608                         ndisc_send_unsol_na(dev);
1609                 in6_dev_put(idev);
1610                 break;
1611         case NETDEV_DOWN:
1612                 neigh_ifdown(&nd_tbl, dev);
1613                 fib6_run_gc(0, net, false);
1614                 break;
1615         case NETDEV_NOTIFY_PEERS:
1616                 ndisc_send_unsol_na(dev);
1617                 break;
1618         default:
1619                 break;
1620         }
1621 
1622         return NOTIFY_DONE;
1623 }
1624 
1625 static struct notifier_block ndisc_netdev_notifier = {
1626         .notifier_call = ndisc_netdev_event,
1627 };
1628 
1629 #ifdef CONFIG_SYSCTL
1630 static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1631                                          const char *func, const char *dev_name)
1632 {
1633         static char warncomm[TASK_COMM_LEN];
1634         static int warned;
1635         if (strcmp(warncomm, current->comm) && warned < 5) {
1636                 strcpy(warncomm, current->comm);
1637                 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1638                         warncomm, func,
1639                         dev_name, ctl->procname,
1640                         dev_name, ctl->procname);
1641                 warned++;
1642         }
1643 }
1644 
1645 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
1646 {
1647         struct net_device *dev = ctl->extra1;
1648         struct inet6_dev *idev;
1649         int ret;
1650 
1651         if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1652             (strcmp(ctl->procname, "base_reachable_time") == 0))
1653                 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1654 
1655         if (strcmp(ctl->procname, "retrans_time") == 0)
1656                 ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
1657 
1658         else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1659                 ret = proc_dointvec_jiffies(ctl, write,
1660                                             buffer, lenp, ppos);
1661 
1662         else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1663                  (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1664                 ret = proc_dointvec_ms_jiffies(ctl, write,
1665                                                buffer, lenp, ppos);
1666         else
1667                 ret = -1;
1668 
1669         if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1670                 if (ctl->data == &idev->nd_parms->base_reachable_time)
1671                         idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time);
1672                 idev->tstamp = jiffies;
1673                 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1674                 in6_dev_put(idev);
1675         }
1676         return ret;
1677 }
1678 
1679 
1680 #endif
1681 
1682 static int __net_init ndisc_net_init(struct net *net)
1683 {
1684         struct ipv6_pinfo *np;
1685         struct sock *sk;
1686         int err;
1687 
1688         err = inet_ctl_sock_create(&sk, PF_INET6,
1689                                    SOCK_RAW, IPPROTO_ICMPV6, net);
1690         if (err < 0) {
1691                 ND_PRINTK(0, err,
1692                           "NDISC: Failed to initialize the control socket (err %d)\n",
1693                           err);
1694                 return err;
1695         }
1696 
1697         net->ipv6.ndisc_sk = sk;
1698 
1699         np = inet6_sk(sk);
1700         np->hop_limit = 255;
1701         /* Do not loopback ndisc messages */
1702         np->mc_loop = 0;
1703 
1704         return 0;
1705 }
1706 
1707 static void __net_exit ndisc_net_exit(struct net *net)
1708 {
1709         inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1710 }
1711 
1712 static struct pernet_operations ndisc_net_ops = {
1713         .init = ndisc_net_init,
1714         .exit = ndisc_net_exit,
1715 };
1716 
1717 int __init ndisc_init(void)
1718 {
1719         int err;
1720 
1721         err = register_pernet_subsys(&ndisc_net_ops);
1722         if (err)
1723                 return err;
1724         /*
1725          * Initialize the neighbour table
1726          */
1727         neigh_table_init(&nd_tbl);
1728 
1729 #ifdef CONFIG_SYSCTL
1730         err = neigh_sysctl_register(NULL, &nd_tbl.parms, "ipv6",
1731                                     &ndisc_ifinfo_sysctl_change);
1732         if (err)
1733                 goto out_unregister_pernet;
1734 #endif
1735 out:
1736         return err;
1737 
1738 #ifdef CONFIG_SYSCTL
1739 out_unregister_pernet:
1740         unregister_pernet_subsys(&ndisc_net_ops);
1741         goto out;
1742 #endif
1743 }
1744 
1745 int __init ndisc_late_init(void)
1746 {
1747         return register_netdevice_notifier(&ndisc_netdev_notifier);
1748 }
1749 
1750 void ndisc_late_cleanup(void)
1751 {
1752         unregister_netdevice_notifier(&ndisc_netdev_notifier);
1753 }
1754 
1755 void ndisc_cleanup(void)
1756 {
1757 #ifdef CONFIG_SYSCTL
1758         neigh_sysctl_unregister(&nd_tbl.parms);
1759 #endif
1760         neigh_table_clear(&nd_tbl);
1761         unregister_pernet_subsys(&ndisc_net_ops);
1762 }
1763 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp