projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge tag 'trace-seq-buf-3.19' of git://git.kernel.org/pub/scm/linux/kernel/git/roste...
[deliverable/linux.git] / net / ipv6 / ndisc.c
1 /*
2 * Neighbour Discovery for IPv6
3 * Linux INET6 implementation
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 * Mike Shaver <shaver@ingenia.com>
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version
12 * 2 of the License, or (at your option) any later version.
13 */
14
15 /*
16 * Changes:
17 *
18 * Alexey I. Froloff : RFC6106 (DNSSL) support
19 * Pierre Ynard : export userland ND options
20 * through netlink (RDNSS support)
21 * Lars Fenneberg : fixed MTU setting on receipt
22 * of an RA.
23 * Janos Farkas : kmalloc failure checks
24 * Alexey Kuznetsov : state machine reworked
25 * and moved to net/core.
26 * Pekka Savola : RFC2461 validation
27 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly
28 */
29
30 #define pr_fmt(fmt) "ICMPv6: " fmt
31
32 #include <linux/module.h>
33 #include <linux/errno.h>
34 #include <linux/types.h>
35 #include <linux/socket.h>
36 #include <linux/sockios.h>
37 #include <linux/sched.h>
38 #include <linux/net.h>
39 #include <linux/in6.h>
40 #include <linux/route.h>
41 #include <linux/init.h>
42 #include <linux/rcupdate.h>
43 #include <linux/slab.h>
44 #ifdef CONFIG_SYSCTL
45 #include <linux/sysctl.h>
46 #endif
47
48 #include <linux/if_addr.h>
49 #include <linux/if_arp.h>
50 #include <linux/ipv6.h>
51 #include <linux/icmpv6.h>
52 #include <linux/jhash.h>
53
54 #include <net/sock.h>
55 #include <net/snmp.h>
56
57 #include <net/ipv6.h>
58 #include <net/protocol.h>
59 #include <net/ndisc.h>
60 #include <net/ip6_route.h>
61 #include <net/addrconf.h>
62 #include <net/icmp.h>
63
64 #include <net/netlink.h>
65 #include <linux/rtnetlink.h>
66
67 #include <net/flow.h>
68 #include <net/ip6_checksum.h>
69 #include <net/inet_common.h>
70 #include <linux/proc_fs.h>
71
72 #include <linux/netfilter.h>
73 #include <linux/netfilter_ipv6.h>
74
75 /* Set to 3 to get tracing... */
76 #define ND_DEBUG 1
77
78 #define ND_PRINTK(val, level, fmt, ...) \
79 do { \
80 if (val <= ND_DEBUG) \
81 net_##level##_ratelimited(fmt, ##__VA_ARGS__); \
82 } while (0)
83
84 static u32 ndisc_hash(const void *pkey,
85 const struct net_device *dev,
86 __u32 *hash_rnd);
87 static int ndisc_constructor(struct neighbour *neigh);
88 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
89 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
90 static int pndisc_constructor(struct pneigh_entry *n);
91 static void pndisc_destructor(struct pneigh_entry *n);
92 static void pndisc_redo(struct sk_buff *skb);
93
94 static const struct neigh_ops ndisc_generic_ops = {
95 .family = AF_INET6,
96 .solicit = ndisc_solicit,
97 .error_report = ndisc_error_report,
98 .output = neigh_resolve_output,
99 .connected_output = neigh_connected_output,
100 };
101
102 static const struct neigh_ops ndisc_hh_ops = {
103 .family = AF_INET6,
104 .solicit = ndisc_solicit,
105 .error_report = ndisc_error_report,
106 .output = neigh_resolve_output,
107 .connected_output = neigh_resolve_output,
108 };
109
110
111 static const struct neigh_ops ndisc_direct_ops = {
112 .family = AF_INET6,
113 .output = neigh_direct_output,
114 .connected_output = neigh_direct_output,
115 };
116
117 struct neigh_table nd_tbl = {
118 .family = AF_INET6,
119 .key_len = sizeof(struct in6_addr),
120 .hash = ndisc_hash,
121 .constructor = ndisc_constructor,
122 .pconstructor = pndisc_constructor,
123 .pdestructor = pndisc_destructor,
124 .proxy_redo = pndisc_redo,
125 .id = "ndisc_cache",
126 .parms = {
127 .tbl = &nd_tbl,
128 .reachable_time = ND_REACHABLE_TIME,
129 .data = {
130 [NEIGH_VAR_MCAST_PROBES] = 3,
131 [NEIGH_VAR_UCAST_PROBES] = 3,
132 [NEIGH_VAR_RETRANS_TIME] = ND_RETRANS_TIMER,
133 [NEIGH_VAR_BASE_REACHABLE_TIME] = ND_REACHABLE_TIME,
134 [NEIGH_VAR_DELAY_PROBE_TIME] = 5 * HZ,
135 [NEIGH_VAR_GC_STALETIME] = 60 * HZ,
136 [NEIGH_VAR_QUEUE_LEN_BYTES] = 64 * 1024,
137 [NEIGH_VAR_PROXY_QLEN] = 64,
138 [NEIGH_VAR_ANYCAST_DELAY] = 1 * HZ,
139 [NEIGH_VAR_PROXY_DELAY] = (8 * HZ) / 10,
140 },
141 },
142 .gc_interval = 30 * HZ,
143 .gc_thresh1 = 128,
144 .gc_thresh2 = 512,
145 .gc_thresh3 = 1024,
146 };
147
148 static void ndisc_fill_addr_option(struct sk_buff *skb, int type, void *data)
149 {
150 int pad = ndisc_addr_option_pad(skb->dev->type);
151 int data_len = skb->dev->addr_len;
152 int space = ndisc_opt_addr_space(skb->dev);
153 u8 *opt = skb_put(skb, space);
154
155 opt[0] = type;
156 opt[1] = space>>3;
157
158 memset(opt + 2, 0, pad);
159 opt += pad;
160 space -= pad;
161
162 memcpy(opt+2, data, data_len);
163 data_len += 2;
164 opt += data_len;
165 if ((space -= data_len) > 0)
166 memset(opt, 0, space);
167 }
168
169 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
170 struct nd_opt_hdr *end)
171 {
172 int type;
173 if (!cur || !end || cur >= end)
174 return NULL;
175 type = cur->nd_opt_type;
176 do {
177 cur = ((void *)cur) + (cur->nd_opt_len << 3);
178 } while (cur < end && cur->nd_opt_type != type);
179 return cur <= end && cur->nd_opt_type == type ? cur : NULL;
180 }
181
182 static inline int ndisc_is_useropt(struct nd_opt_hdr *opt)
183 {
184 return opt->nd_opt_type == ND_OPT_RDNSS ||
185 opt->nd_opt_type == ND_OPT_DNSSL;
186 }
187
188 static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur,
189 struct nd_opt_hdr *end)
190 {
191 if (!cur || !end || cur >= end)
192 return NULL;
193 do {
194 cur = ((void *)cur) + (cur->nd_opt_len << 3);
195 } while (cur < end && !ndisc_is_useropt(cur));
196 return cur <= end && ndisc_is_useropt(cur) ? cur : NULL;
197 }
198
199 struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
200 struct ndisc_options *ndopts)
201 {
202 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
203
204 if (!nd_opt || opt_len < 0 || !ndopts)
205 return NULL;
206 memset(ndopts, 0, sizeof(*ndopts));
207 while (opt_len) {
208 int l;
209 if (opt_len < sizeof(struct nd_opt_hdr))
210 return NULL;
211 l = nd_opt->nd_opt_len << 3;
212 if (opt_len < l || l == 0)
213 return NULL;
214 switch (nd_opt->nd_opt_type) {
215 case ND_OPT_SOURCE_LL_ADDR:
216 case ND_OPT_TARGET_LL_ADDR:
217 case ND_OPT_MTU:
218 case ND_OPT_REDIRECT_HDR:
219 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
220 ND_PRINTK(2, warn,
221 "%s: duplicated ND6 option found: type=%d\n",
222 __func__, nd_opt->nd_opt_type);
223 } else {
224 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
225 }
226 break;
227 case ND_OPT_PREFIX_INFO:
228 ndopts->nd_opts_pi_end = nd_opt;
229 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
230 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
231 break;
232 #ifdef CONFIG_IPV6_ROUTE_INFO
233 case ND_OPT_ROUTE_INFO:
234 ndopts->nd_opts_ri_end = nd_opt;
235 if (!ndopts->nd_opts_ri)
236 ndopts->nd_opts_ri = nd_opt;
237 break;
238 #endif
239 default:
240 if (ndisc_is_useropt(nd_opt)) {
241 ndopts->nd_useropts_end = nd_opt;
242 if (!ndopts->nd_useropts)
243 ndopts->nd_useropts = nd_opt;
244 } else {
245 /*
246 * Unknown options must be silently ignored,
247 * to accommodate future extension to the
248 * protocol.
249 */
250 ND_PRINTK(2, notice,
251 "%s: ignored unsupported option; type=%d, len=%d\n",
252 __func__,
253 nd_opt->nd_opt_type,
254 nd_opt->nd_opt_len);
255 }
256 }
257 opt_len -= l;
258 nd_opt = ((void *)nd_opt) + l;
259 }
260 return ndopts;
261 }
262
263 int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
264 {
265 switch (dev->type) {
266 case ARPHRD_ETHER:
267 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */
268 case ARPHRD_FDDI:
269 ipv6_eth_mc_map(addr, buf);
270 return 0;
271 case ARPHRD_ARCNET:
272 ipv6_arcnet_mc_map(addr, buf);
273 return 0;
274 case ARPHRD_INFINIBAND:
275 ipv6_ib_mc_map(addr, dev->broadcast, buf);
276 return 0;
277 case ARPHRD_IPGRE:
278 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
279 default:
280 if (dir) {
281 memcpy(buf, dev->broadcast, dev->addr_len);
282 return 0;
283 }
284 }
285 return -EINVAL;
286 }
287 EXPORT_SYMBOL(ndisc_mc_map);
288
289 static u32 ndisc_hash(const void *pkey,
290 const struct net_device *dev,
291 __u32 *hash_rnd)
292 {
293 return ndisc_hashfn(pkey, dev, hash_rnd);
294 }
295
296 static int ndisc_constructor(struct neighbour *neigh)
297 {
298 struct in6_addr *addr = (struct in6_addr *)&neigh->primary_key;
299 struct net_device *dev = neigh->dev;
300 struct inet6_dev *in6_dev;
301 struct neigh_parms *parms;
302 bool is_multicast = ipv6_addr_is_multicast(addr);
303
304 in6_dev = in6_dev_get(dev);
305 if (in6_dev == NULL) {
306 return -EINVAL;
307 }
308
309 parms = in6_dev->nd_parms;
310 __neigh_parms_put(neigh->parms);
311 neigh->parms = neigh_parms_clone(parms);
312
313 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
314 if (!dev->header_ops) {
315 neigh->nud_state = NUD_NOARP;
316 neigh->ops = &ndisc_direct_ops;
317 neigh->output = neigh_direct_output;
318 } else {
319 if (is_multicast) {
320 neigh->nud_state = NUD_NOARP;
321 ndisc_mc_map(addr, neigh->ha, dev, 1);
322 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
323 neigh->nud_state = NUD_NOARP;
324 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
325 if (dev->flags&IFF_LOOPBACK)
326 neigh->type = RTN_LOCAL;
327 } else if (dev->flags&IFF_POINTOPOINT) {
328 neigh->nud_state = NUD_NOARP;
329 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
330 }
331 if (dev->header_ops->cache)
332 neigh->ops = &ndisc_hh_ops;
333 else
334 neigh->ops = &ndisc_generic_ops;
335 if (neigh->nud_state&NUD_VALID)
336 neigh->output = neigh->ops->connected_output;
337 else
338 neigh->output = neigh->ops->output;
339 }
340 in6_dev_put(in6_dev);
341 return 0;
342 }
343
344 static int pndisc_constructor(struct pneigh_entry *n)
345 {
346 struct in6_addr *addr = (struct in6_addr *)&n->key;
347 struct in6_addr maddr;
348 struct net_device *dev = n->dev;
349
350 if (dev == NULL || __in6_dev_get(dev) == NULL)
351 return -EINVAL;
352 addrconf_addr_solict_mult(addr, &maddr);
353 ipv6_dev_mc_inc(dev, &maddr);
354 return 0;
355 }
356
357 static void pndisc_destructor(struct pneigh_entry *n)
358 {
359 struct in6_addr *addr = (struct in6_addr *)&n->key;
360 struct in6_addr maddr;
361 struct net_device *dev = n->dev;
362
363 if (dev == NULL || __in6_dev_get(dev) == NULL)
364 return;
365 addrconf_addr_solict_mult(addr, &maddr);
366 ipv6_dev_mc_dec(dev, &maddr);
367 }
368
369 static struct sk_buff *ndisc_alloc_skb(struct net_device *dev,
370 int len)
371 {
372 int hlen = LL_RESERVED_SPACE(dev);
373 int tlen = dev->needed_tailroom;
374 struct sock *sk = dev_net(dev)->ipv6.ndisc_sk;
375 struct sk_buff *skb;
376
377 skb = alloc_skb(hlen + sizeof(struct ipv6hdr) + len + tlen, GFP_ATOMIC);
378 if (!skb) {
379 ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb\n",
380 __func__);
381 return NULL;
382 }
383
384 skb->protocol = htons(ETH_P_IPV6);
385 skb->dev = dev;
386
387 skb_reserve(skb, hlen + sizeof(struct ipv6hdr));
388 skb_reset_transport_header(skb);
389
390 /* Manually assign socket ownership as we avoid calling
391 * sock_alloc_send_pskb() to bypass wmem buffer limits
392 */
393 skb_set_owner_w(skb, sk);
394
395 return skb;
396 }
397
398 static void ip6_nd_hdr(struct sk_buff *skb,
399 const struct in6_addr *saddr,
400 const struct in6_addr *daddr,
401 int hop_limit, int len)
402 {
403 struct ipv6hdr *hdr;
404
405 skb_push(skb, sizeof(*hdr));
406 skb_reset_network_header(skb);
407 hdr = ipv6_hdr(skb);
408
409 ip6_flow_hdr(hdr, 0, 0);
410
411 hdr->payload_len = htons(len);
412 hdr->nexthdr = IPPROTO_ICMPV6;
413 hdr->hop_limit = hop_limit;
414
415 hdr->saddr = *saddr;
416 hdr->daddr = *daddr;
417 }
418
419 static void ndisc_send_skb(struct sk_buff *skb,
420 const struct in6_addr *daddr,
421 const struct in6_addr *saddr)
422 {
423 struct dst_entry *dst = skb_dst(skb);
424 struct net *net = dev_net(skb->dev);
425 struct sock *sk = net->ipv6.ndisc_sk;
426 struct inet6_dev *idev;
427 int err;
428 struct icmp6hdr *icmp6h = icmp6_hdr(skb);
429 u8 type;
430
431 type = icmp6h->icmp6_type;
432
433 if (!dst) {
434 struct flowi6 fl6;
435
436 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, skb->dev->ifindex);
437 dst = icmp6_dst_alloc(skb->dev, &fl6);
438 if (IS_ERR(dst)) {
439 kfree_skb(skb);
440 return;
441 }
442
443 skb_dst_set(skb, dst);
444 }
445
446 icmp6h->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len,
447 IPPROTO_ICMPV6,
448 csum_partial(icmp6h,
449 skb->len, 0));
450
451 ip6_nd_hdr(skb, saddr, daddr, inet6_sk(sk)->hop_limit, skb->len);
452
453 rcu_read_lock();
454 idev = __in6_dev_get(dst->dev);
455 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
456
457 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev,
458 dst_output);
459 if (!err) {
460 ICMP6MSGOUT_INC_STATS(net, idev, type);
461 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
462 }
463
464 rcu_read_unlock();
465 }
466
467 void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
468 const struct in6_addr *daddr,
469 const struct in6_addr *solicited_addr,
470 bool router, bool solicited, bool override, bool inc_opt)
471 {
472 struct sk_buff *skb;
473 struct in6_addr tmpaddr;
474 struct inet6_ifaddr *ifp;
475 const struct in6_addr *src_addr;
476 struct nd_msg *msg;
477 int optlen = 0;
478
479 /* for anycast or proxy, solicited_addr != src_addr */
480 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
481 if (ifp) {
482 src_addr = solicited_addr;
483 if (ifp->flags & IFA_F_OPTIMISTIC)
484 override = false;
485 inc_opt |= ifp->idev->cnf.force_tllao;
486 in6_ifa_put(ifp);
487 } else {
488 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
489 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
490 &tmpaddr))
491 return;
492 src_addr = &tmpaddr;
493 }
494
495 if (!dev->addr_len)
496 inc_opt = 0;
497 if (inc_opt)
498 optlen += ndisc_opt_addr_space(dev);
499
500 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
501 if (!skb)
502 return;
503
504 msg = (struct nd_msg *)skb_put(skb, sizeof(*msg));
505 *msg = (struct nd_msg) {
506 .icmph = {
507 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
508 .icmp6_router = router,
509 .icmp6_solicited = solicited,
510 .icmp6_override = override,
511 },
512 .target = *solicited_addr,
513 };
514
515 if (inc_opt)
516 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR,
517 dev->dev_addr);
518
519
520 ndisc_send_skb(skb, daddr, src_addr);
521 }
522
523 static void ndisc_send_unsol_na(struct net_device *dev)
524 {
525 struct inet6_dev *idev;
526 struct inet6_ifaddr *ifa;
527
528 idev = in6_dev_get(dev);
529 if (!idev)
530 return;
531
532 read_lock_bh(&idev->lock);
533 list_for_each_entry(ifa, &idev->addr_list, if_list) {
534 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &ifa->addr,
535 /*router=*/ !!idev->cnf.forwarding,
536 /*solicited=*/ false, /*override=*/ true,
537 /*inc_opt=*/ true);
538 }
539 read_unlock_bh(&idev->lock);
540
541 in6_dev_put(idev);
542 }
543
544 void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh,
545 const struct in6_addr *solicit,
546 const struct in6_addr *daddr, const struct in6_addr *saddr)
547 {
548 struct sk_buff *skb;
549 struct in6_addr addr_buf;
550 int inc_opt = dev->addr_len;
551 int optlen = 0;
552 struct nd_msg *msg;
553
554 if (saddr == NULL) {
555 if (ipv6_get_lladdr(dev, &addr_buf,
556 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
557 return;
558 saddr = &addr_buf;
559 }
560
561 if (ipv6_addr_any(saddr))
562 inc_opt = false;
563 if (inc_opt)
564 optlen += ndisc_opt_addr_space(dev);
565
566 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
567 if (!skb)
568 return;
569
570 msg = (struct nd_msg *)skb_put(skb, sizeof(*msg));
571 *msg = (struct nd_msg) {
572 .icmph = {
573 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
574 },
575 .target = *solicit,
576 };
577
578 if (inc_opt)
579 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
580 dev->dev_addr);
581
582 ndisc_send_skb(skb, daddr, saddr);
583 }
584
585 void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
586 const struct in6_addr *daddr)
587 {
588 struct sk_buff *skb;
589 struct rs_msg *msg;
590 int send_sllao = dev->addr_len;
591 int optlen = 0;
592
593 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
594 /*
595 * According to section 2.2 of RFC 4429, we must not
596 * send router solicitations with a sllao from
597 * optimistic addresses, but we may send the solicitation
598 * if we don't include the sllao. So here we check
599 * if our address is optimistic, and if so, we
600 * suppress the inclusion of the sllao.
601 */
602 if (send_sllao) {
603 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
604 dev, 1);
605 if (ifp) {
606 if (ifp->flags & IFA_F_OPTIMISTIC) {
607 send_sllao = 0;
608 }
609 in6_ifa_put(ifp);
610 } else {
611 send_sllao = 0;
612 }
613 }
614 #endif
615 if (send_sllao)
616 optlen += ndisc_opt_addr_space(dev);
617
618 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
619 if (!skb)
620 return;
621
622 msg = (struct rs_msg *)skb_put(skb, sizeof(*msg));
623 *msg = (struct rs_msg) {
624 .icmph = {
625 .icmp6_type = NDISC_ROUTER_SOLICITATION,
626 },
627 };
628
629 if (send_sllao)
630 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
631 dev->dev_addr);
632
633 ndisc_send_skb(skb, daddr, saddr);
634 }
635
636
637 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
638 {
639 /*
640 * "The sender MUST return an ICMP
641 * destination unreachable"
642 */
643 dst_link_failure(skb);
644 kfree_skb(skb);
645 }
646
647 /* Called with locked neigh: either read or both */
648
649 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
650 {
651 struct in6_addr *saddr = NULL;
652 struct in6_addr mcaddr;
653 struct net_device *dev = neigh->dev;
654 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
655 int probes = atomic_read(&neigh->probes);
656
657 if (skb && ipv6_chk_addr(dev_net(dev), &ipv6_hdr(skb)->saddr, dev, 1))
658 saddr = &ipv6_hdr(skb)->saddr;
659
660 if ((probes -= NEIGH_VAR(neigh->parms, UCAST_PROBES)) < 0) {
661 if (!(neigh->nud_state & NUD_VALID)) {
662 ND_PRINTK(1, dbg,
663 "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
664 __func__, target);
665 }
666 ndisc_send_ns(dev, neigh, target, target, saddr);
667 } else if ((probes -= NEIGH_VAR(neigh->parms, APP_PROBES)) < 0) {
668 neigh_app_ns(neigh);
669 } else {
670 addrconf_addr_solict_mult(target, &mcaddr);
671 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr);
672 }
673 }
674
675 static int pndisc_is_router(const void *pkey,
676 struct net_device *dev)
677 {
678 struct pneigh_entry *n;
679 int ret = -1;
680
681 read_lock_bh(&nd_tbl.lock);
682 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
683 if (n)
684 ret = !!(n->flags & NTF_ROUTER);
685 read_unlock_bh(&nd_tbl.lock);
686
687 return ret;
688 }
689
690 static void ndisc_recv_ns(struct sk_buff *skb)
691 {
692 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
693 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
694 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
695 u8 *lladdr = NULL;
696 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
697 offsetof(struct nd_msg, opt));
698 struct ndisc_options ndopts;
699 struct net_device *dev = skb->dev;
700 struct inet6_ifaddr *ifp;
701 struct inet6_dev *idev = NULL;
702 struct neighbour *neigh;
703 int dad = ipv6_addr_any(saddr);
704 bool inc;
705 int is_router = -1;
706
707 if (skb->len < sizeof(struct nd_msg)) {
708 ND_PRINTK(2, warn, "NS: packet too short\n");
709 return;
710 }
711
712 if (ipv6_addr_is_multicast(&msg->target)) {
713 ND_PRINTK(2, warn, "NS: multicast target address\n");
714 return;
715 }
716
717 /*
718 * RFC2461 7.1.1:
719 * DAD has to be destined for solicited node multicast address.
720 */
721 if (dad && !ipv6_addr_is_solict_mult(daddr)) {
722 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
723 return;
724 }
725
726 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
727 ND_PRINTK(2, warn, "NS: invalid ND options\n");
728 return;
729 }
730
731 if (ndopts.nd_opts_src_lladdr) {
732 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
733 if (!lladdr) {
734 ND_PRINTK(2, warn,
735 "NS: invalid link-layer address length\n");
736 return;
737 }
738
739 /* RFC2461 7.1.1:
740 * If the IP source address is the unspecified address,
741 * there MUST NOT be source link-layer address option
742 * in the message.
743 */
744 if (dad) {
745 ND_PRINTK(2, warn,
746 "NS: bad DAD packet (link-layer address option)\n");
747 return;
748 }
749 }
750
751 inc = ipv6_addr_is_multicast(daddr);
752
753 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
754 if (ifp) {
755
756 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
757 if (dad) {
758 /*
759 * We are colliding with another node
760 * who is doing DAD
761 * so fail our DAD process
762 */
763 addrconf_dad_failure(ifp);
764 return;
765 } else {
766 /*
767 * This is not a dad solicitation.
768 * If we are an optimistic node,
769 * we should respond.
770 * Otherwise, we should ignore it.
771 */
772 if (!(ifp->flags & IFA_F_OPTIMISTIC))
773 goto out;
774 }
775 }
776
777 idev = ifp->idev;
778 } else {
779 struct net *net = dev_net(dev);
780
781 idev = in6_dev_get(dev);
782 if (!idev) {
783 /* XXX: count this drop? */
784 return;
785 }
786
787 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
788 (idev->cnf.forwarding &&
789 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
790 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
791 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
792 skb->pkt_type != PACKET_HOST &&
793 inc &&
794 NEIGH_VAR(idev->nd_parms, PROXY_DELAY) != 0) {
795 /*
796 * for anycast or proxy,
797 * sender should delay its response
798 * by a random time between 0 and
799 * MAX_ANYCAST_DELAY_TIME seconds.
800 * (RFC2461) -- yoshfuji
801 */
802 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
803 if (n)
804 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
805 goto out;
806 }
807 } else
808 goto out;
809 }
810
811 if (is_router < 0)
812 is_router = idev->cnf.forwarding;
813
814 if (dad) {
815 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &msg->target,
816 !!is_router, false, (ifp != NULL), true);
817 goto out;
818 }
819
820 if (inc)
821 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
822 else
823 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
824
825 /*
826 * update / create cache entry
827 * for the source address
828 */
829 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
830 !inc || lladdr || !dev->addr_len);
831 if (neigh)
832 neigh_update(neigh, lladdr, NUD_STALE,
833 NEIGH_UPDATE_F_WEAK_OVERRIDE|
834 NEIGH_UPDATE_F_OVERRIDE);
835 if (neigh || !dev->header_ops) {
836 ndisc_send_na(dev, neigh, saddr, &msg->target,
837 !!is_router,
838 true, (ifp != NULL && inc), inc);
839 if (neigh)
840 neigh_release(neigh);
841 }
842
843 out:
844 if (ifp)
845 in6_ifa_put(ifp);
846 else
847 in6_dev_put(idev);
848 }
849
850 static void ndisc_recv_na(struct sk_buff *skb)
851 {
852 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
853 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
854 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
855 u8 *lladdr = NULL;
856 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
857 offsetof(struct nd_msg, opt));
858 struct ndisc_options ndopts;
859 struct net_device *dev = skb->dev;
860 struct inet6_ifaddr *ifp;
861 struct neighbour *neigh;
862
863 if (skb->len < sizeof(struct nd_msg)) {
864 ND_PRINTK(2, warn, "NA: packet too short\n");
865 return;
866 }
867
868 if (ipv6_addr_is_multicast(&msg->target)) {
869 ND_PRINTK(2, warn, "NA: target address is multicast\n");
870 return;
871 }
872
873 if (ipv6_addr_is_multicast(daddr) &&
874 msg->icmph.icmp6_solicited) {
875 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
876 return;
877 }
878
879 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
880 ND_PRINTK(2, warn, "NS: invalid ND option\n");
881 return;
882 }
883 if (ndopts.nd_opts_tgt_lladdr) {
884 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
885 if (!lladdr) {
886 ND_PRINTK(2, warn,
887 "NA: invalid link-layer address length\n");
888 return;
889 }
890 }
891 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
892 if (ifp) {
893 if (skb->pkt_type != PACKET_LOOPBACK
894 && (ifp->flags & IFA_F_TENTATIVE)) {
895 addrconf_dad_failure(ifp);
896 return;
897 }
898 /* What should we make now? The advertisement
899 is invalid, but ndisc specs say nothing
900 about it. It could be misconfiguration, or
901 an smart proxy agent tries to help us :-)
902
903 We should not print the error if NA has been
904 received from loopback - it is just our own
905 unsolicited advertisement.
906 */
907 if (skb->pkt_type != PACKET_LOOPBACK)
908 ND_PRINTK(1, warn,
909 "NA: someone advertises our address %pI6 on %s!\n",
910 &ifp->addr, ifp->idev->dev->name);
911 in6_ifa_put(ifp);
912 return;
913 }
914 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
915
916 if (neigh) {
917 u8 old_flags = neigh->flags;
918 struct net *net = dev_net(dev);
919
920 if (neigh->nud_state & NUD_FAILED)
921 goto out;
922
923 /*
924 * Don't update the neighbor cache entry on a proxy NA from
925 * ourselves because either the proxied node is off link or it
926 * has already sent a NA to us.
927 */
928 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
929 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
930 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
931 /* XXX: idev->cnf.proxy_ndp */
932 goto out;
933 }
934
935 neigh_update(neigh, lladdr,
936 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
937 NEIGH_UPDATE_F_WEAK_OVERRIDE|
938 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
939 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
940 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0));
941
942 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
943 /*
944 * Change: router to host
945 */
946 rt6_clean_tohost(dev_net(dev), saddr);
947 }
948
949 out:
950 neigh_release(neigh);
951 }
952 }
953
954 static void ndisc_recv_rs(struct sk_buff *skb)
955 {
956 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
957 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
958 struct neighbour *neigh;
959 struct inet6_dev *idev;
960 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
961 struct ndisc_options ndopts;
962 u8 *lladdr = NULL;
963
964 if (skb->len < sizeof(*rs_msg))
965 return;
966
967 idev = __in6_dev_get(skb->dev);
968 if (!idev) {
969 ND_PRINTK(1, err, "RS: can't find in6 device\n");
970 return;
971 }
972
973 /* Don't accept RS if we're not in router mode */
974 if (!idev->cnf.forwarding)
975 goto out;
976
977 /*
978 * Don't update NCE if src = ::;
979 * this implies that the source node has no ip address assigned yet.
980 */
981 if (ipv6_addr_any(saddr))
982 goto out;
983
984 /* Parse ND options */
985 if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) {
986 ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n");
987 goto out;
988 }
989
990 if (ndopts.nd_opts_src_lladdr) {
991 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
992 skb->dev);
993 if (!lladdr)
994 goto out;
995 }
996
997 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
998 if (neigh) {
999 neigh_update(neigh, lladdr, NUD_STALE,
1000 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1001 NEIGH_UPDATE_F_OVERRIDE|
1002 NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
1003 neigh_release(neigh);
1004 }
1005 out:
1006 return;
1007 }
1008
1009 static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1010 {
1011 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1012 struct sk_buff *skb;
1013 struct nlmsghdr *nlh;
1014 struct nduseroptmsg *ndmsg;
1015 struct net *net = dev_net(ra->dev);
1016 int err;
1017 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1018 + (opt->nd_opt_len << 3));
1019 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1020
1021 skb = nlmsg_new(msg_size, GFP_ATOMIC);
1022 if (skb == NULL) {
1023 err = -ENOBUFS;
1024 goto errout;
1025 }
1026
1027 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1028 if (nlh == NULL) {
1029 goto nla_put_failure;
1030 }
1031
1032 ndmsg = nlmsg_data(nlh);
1033 ndmsg->nduseropt_family = AF_INET6;
1034 ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1035 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1036 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1037 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1038
1039 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1040
1041 if (nla_put(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr),
1042 &ipv6_hdr(ra)->saddr))
1043 goto nla_put_failure;
1044 nlmsg_end(skb, nlh);
1045
1046 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1047 return;
1048
1049 nla_put_failure:
1050 nlmsg_free(skb);
1051 err = -EMSGSIZE;
1052 errout:
1053 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1054 }
1055
1056 static void ndisc_router_discovery(struct sk_buff *skb)
1057 {
1058 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1059 struct neighbour *neigh = NULL;
1060 struct inet6_dev *in6_dev;
1061 struct rt6_info *rt = NULL;
1062 int lifetime;
1063 struct ndisc_options ndopts;
1064 int optlen;
1065 unsigned int pref = 0;
1066
1067 __u8 *opt = (__u8 *)(ra_msg + 1);
1068
1069 optlen = (skb_tail_pointer(skb) - skb_transport_header(skb)) -
1070 sizeof(struct ra_msg);
1071
1072 ND_PRINTK(2, info,
1073 "RA: %s, dev: %s\n",
1074 __func__, skb->dev->name);
1075 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1076 ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1077 return;
1078 }
1079 if (optlen < 0) {
1080 ND_PRINTK(2, warn, "RA: packet too short\n");
1081 return;
1082 }
1083
1084 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1085 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1086 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
1087 return;
1088 }
1089 #endif
1090
1091 /*
1092 * set the RA_RECV flag in the interface
1093 */
1094
1095 in6_dev = __in6_dev_get(skb->dev);
1096 if (in6_dev == NULL) {
1097 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1098 skb->dev->name);
1099 return;
1100 }
1101
1102 if (!ndisc_parse_options(opt, optlen, &ndopts)) {
1103 ND_PRINTK(2, warn, "RA: invalid ND options\n");
1104 return;
1105 }
1106
1107 if (!ipv6_accept_ra(in6_dev)) {
1108 ND_PRINTK(2, info,
1109 "RA: %s, did not accept ra for dev: %s\n",
1110 __func__, skb->dev->name);
1111 goto skip_linkparms;
1112 }
1113
1114 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1115 /* skip link-specific parameters from interior routers */
1116 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1117 ND_PRINTK(2, info,
1118 "RA: %s, nodetype is NODEFAULT, dev: %s\n",
1119 __func__, skb->dev->name);
1120 goto skip_linkparms;
1121 }
1122 #endif
1123
1124 if (in6_dev->if_flags & IF_RS_SENT) {
1125 /*
1126 * flag that an RA was received after an RS was sent
1127 * out on this interface.
1128 */
1129 in6_dev->if_flags |= IF_RA_RCVD;
1130 }
1131
1132 /*
1133 * Remember the managed/otherconf flags from most recently
1134 * received RA message (RFC 2462) -- yoshfuji
1135 */
1136 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1137 IF_RA_OTHERCONF)) |
1138 (ra_msg->icmph.icmp6_addrconf_managed ?
1139 IF_RA_MANAGED : 0) |
1140 (ra_msg->icmph.icmp6_addrconf_other ?
1141 IF_RA_OTHERCONF : 0);
1142
1143 if (!in6_dev->cnf.accept_ra_defrtr) {
1144 ND_PRINTK(2, info,
1145 "RA: %s, defrtr is false for dev: %s\n",
1146 __func__, skb->dev->name);
1147 goto skip_defrtr;
1148 }
1149
1150 /* Do not accept RA with source-addr found on local machine unless
1151 * accept_ra_from_local is set to true.
1152 */
1153 if (!in6_dev->cnf.accept_ra_from_local &&
1154 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
1155 NULL, 0)) {
1156 ND_PRINTK(2, info,
1157 "RA from local address detected on dev: %s: default router ignored\n",
1158 skb->dev->name);
1159 goto skip_defrtr;
1160 }
1161
1162 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1163
1164 #ifdef CONFIG_IPV6_ROUTER_PREF
1165 pref = ra_msg->icmph.icmp6_router_pref;
1166 /* 10b is handled as if it were 00b (medium) */
1167 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1168 !in6_dev->cnf.accept_ra_rtr_pref)
1169 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1170 #endif
1171
1172 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1173
1174 if (rt) {
1175 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1176 if (!neigh) {
1177 ND_PRINTK(0, err,
1178 "RA: %s got default router without neighbour\n",
1179 __func__);
1180 ip6_rt_put(rt);
1181 return;
1182 }
1183 }
1184 if (rt && lifetime == 0) {
1185 ip6_del_rt(rt);
1186 rt = NULL;
1187 }
1188
1189 ND_PRINTK(3, info, "RA: rt: %p lifetime: %d, for dev: %s\n",
1190 rt, lifetime, skb->dev->name);
1191 if (rt == NULL && lifetime) {
1192 ND_PRINTK(3, info, "RA: adding default router\n");
1193
1194 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
1195 if (rt == NULL) {
1196 ND_PRINTK(0, err,
1197 "RA: %s failed to add default route\n",
1198 __func__);
1199 return;
1200 }
1201
1202 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1203 if (neigh == NULL) {
1204 ND_PRINTK(0, err,
1205 "RA: %s got default router without neighbour\n",
1206 __func__);
1207 ip6_rt_put(rt);
1208 return;
1209 }
1210 neigh->flags |= NTF_ROUTER;
1211 } else if (rt) {
1212 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1213 }
1214
1215 if (rt)
1216 rt6_set_expires(rt, jiffies + (HZ * lifetime));
1217 if (ra_msg->icmph.icmp6_hop_limit) {
1218 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1219 if (rt)
1220 dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
1221 ra_msg->icmph.icmp6_hop_limit);
1222 }
1223
1224 skip_defrtr:
1225
1226 /*
1227 * Update Reachable Time and Retrans Timer
1228 */
1229
1230 if (in6_dev->nd_parms) {
1231 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1232
1233 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1234 rtime = (rtime*HZ)/1000;
1235 if (rtime < HZ/10)
1236 rtime = HZ/10;
1237 NEIGH_VAR_SET(in6_dev->nd_parms, RETRANS_TIME, rtime);
1238 in6_dev->tstamp = jiffies;
1239 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1240 }
1241
1242 rtime = ntohl(ra_msg->reachable_time);
1243 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1244 rtime = (rtime*HZ)/1000;
1245
1246 if (rtime < HZ/10)
1247 rtime = HZ/10;
1248
1249 if (rtime != NEIGH_VAR(in6_dev->nd_parms, BASE_REACHABLE_TIME)) {
1250 NEIGH_VAR_SET(in6_dev->nd_parms,
1251 BASE_REACHABLE_TIME, rtime);
1252 NEIGH_VAR_SET(in6_dev->nd_parms,
1253 GC_STALETIME, 3 * rtime);
1254 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1255 in6_dev->tstamp = jiffies;
1256 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1257 }
1258 }
1259 }
1260
1261 skip_linkparms:
1262
1263 /*
1264 * Process options.
1265 */
1266
1267 if (!neigh)
1268 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1269 skb->dev, 1);
1270 if (neigh) {
1271 u8 *lladdr = NULL;
1272 if (ndopts.nd_opts_src_lladdr) {
1273 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1274 skb->dev);
1275 if (!lladdr) {
1276 ND_PRINTK(2, warn,
1277 "RA: invalid link-layer address length\n");
1278 goto out;
1279 }
1280 }
1281 neigh_update(neigh, lladdr, NUD_STALE,
1282 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1283 NEIGH_UPDATE_F_OVERRIDE|
1284 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1285 NEIGH_UPDATE_F_ISROUTER);
1286 }
1287
1288 if (!ipv6_accept_ra(in6_dev)) {
1289 ND_PRINTK(2, info,
1290 "RA: %s, accept_ra is false for dev: %s\n",
1291 __func__, skb->dev->name);
1292 goto out;
1293 }
1294
1295 #ifdef CONFIG_IPV6_ROUTE_INFO
1296 if (!in6_dev->cnf.accept_ra_from_local &&
1297 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
1298 NULL, 0)) {
1299 ND_PRINTK(2, info,
1300 "RA from local address detected on dev: %s: router info ignored.\n",
1301 skb->dev->name);
1302 goto skip_routeinfo;
1303 }
1304
1305 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1306 struct nd_opt_hdr *p;
1307 for (p = ndopts.nd_opts_ri;
1308 p;
1309 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1310 struct route_info *ri = (struct route_info *)p;
1311 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1312 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1313 ri->prefix_len == 0)
1314 continue;
1315 #endif
1316 if (ri->prefix_len == 0 &&
1317 !in6_dev->cnf.accept_ra_defrtr)
1318 continue;
1319 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1320 continue;
1321 rt6_route_rcv(skb->dev, (u8 *)p, (p->nd_opt_len) << 3,
1322 &ipv6_hdr(skb)->saddr);
1323 }
1324 }
1325
1326 skip_routeinfo:
1327 #endif
1328
1329 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1330 /* skip link-specific ndopts from interior routers */
1331 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1332 ND_PRINTK(2, info,
1333 "RA: %s, nodetype is NODEFAULT (interior routes), dev: %s\n",
1334 __func__, skb->dev->name);
1335 goto out;
1336 }
1337 #endif
1338
1339 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1340 struct nd_opt_hdr *p;
1341 for (p = ndopts.nd_opts_pi;
1342 p;
1343 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1344 addrconf_prefix_rcv(skb->dev, (u8 *)p,
1345 (p->nd_opt_len) << 3,
1346 ndopts.nd_opts_src_lladdr != NULL);
1347 }
1348 }
1349
1350 if (ndopts.nd_opts_mtu) {
1351 __be32 n;
1352 u32 mtu;
1353
1354 memcpy(&n, ((u8 *)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1355 mtu = ntohl(n);
1356
1357 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1358 ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1359 } else if (in6_dev->cnf.mtu6 != mtu) {
1360 in6_dev->cnf.mtu6 = mtu;
1361
1362 if (rt)
1363 dst_metric_set(&rt->dst, RTAX_MTU, mtu);
1364
1365 rt6_mtu_change(skb->dev, mtu);
1366 }
1367 }
1368
1369 if (ndopts.nd_useropts) {
1370 struct nd_opt_hdr *p;
1371 for (p = ndopts.nd_useropts;
1372 p;
1373 p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) {
1374 ndisc_ra_useropt(skb, p);
1375 }
1376 }
1377
1378 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1379 ND_PRINTK(2, warn, "RA: invalid RA options\n");
1380 }
1381 out:
1382 ip6_rt_put(rt);
1383 if (neigh)
1384 neigh_release(neigh);
1385 }
1386
1387 static void ndisc_redirect_rcv(struct sk_buff *skb)
1388 {
1389 u8 *hdr;
1390 struct ndisc_options ndopts;
1391 struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb);
1392 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
1393 offsetof(struct rd_msg, opt));
1394
1395 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1396 switch (skb->ndisc_nodetype) {
1397 case NDISC_NODETYPE_HOST:
1398 case NDISC_NODETYPE_NODEFAULT:
1399 ND_PRINTK(2, warn,
1400 "Redirect: from host or unauthorized router\n");
1401 return;
1402 }
1403 #endif
1404
1405 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1406 ND_PRINTK(2, warn,
1407 "Redirect: source address is not link-local\n");
1408 return;
1409 }
1410
1411 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts))
1412 return;
1413
1414 if (!ndopts.nd_opts_rh) {
1415 ip6_redirect_no_header(skb, dev_net(skb->dev),
1416 skb->dev->ifindex, 0);
1417 return;
1418 }
1419
1420 hdr = (u8 *)ndopts.nd_opts_rh;
1421 hdr += 8;
1422 if (!pskb_pull(skb, hdr - skb_transport_header(skb)))
1423 return;
1424
1425 icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1426 }
1427
1428 static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb,
1429 struct sk_buff *orig_skb,
1430 int rd_len)
1431 {
1432 u8 *opt = skb_put(skb, rd_len);
1433
1434 memset(opt, 0, 8);
1435 *(opt++) = ND_OPT_REDIRECT_HDR;
1436 *(opt++) = (rd_len >> 3);
1437 opt += 6;
1438
1439 memcpy(opt, ipv6_hdr(orig_skb), rd_len - 8);
1440 }
1441
1442 void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1443 {
1444 struct net_device *dev = skb->dev;
1445 struct net *net = dev_net(dev);
1446 struct sock *sk = net->ipv6.ndisc_sk;
1447 int optlen = 0;
1448 struct inet_peer *peer;
1449 struct sk_buff *buff;
1450 struct rd_msg *msg;
1451 struct in6_addr saddr_buf;
1452 struct rt6_info *rt;
1453 struct dst_entry *dst;
1454 struct flowi6 fl6;
1455 int rd_len;
1456 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL;
1457 bool ret;
1458
1459 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1460 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1461 dev->name);
1462 return;
1463 }
1464
1465 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1466 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1467 ND_PRINTK(2, warn,
1468 "Redirect: target address is not link-local unicast\n");
1469 return;
1470 }
1471
1472 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1473 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1474
1475 dst = ip6_route_output(net, NULL, &fl6);
1476 if (dst->error) {
1477 dst_release(dst);
1478 return;
1479 }
1480 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1481 if (IS_ERR(dst))
1482 return;
1483
1484 rt = (struct rt6_info *) dst;
1485
1486 if (rt->rt6i_flags & RTF_GATEWAY) {
1487 ND_PRINTK(2, warn,
1488 "Redirect: destination is not a neighbour\n");
1489 goto release;
1490 }
1491 peer = inet_getpeer_v6(net->ipv6.peers, &rt->rt6i_dst.addr, 1);
1492 ret = inet_peer_xrlim_allow(peer, 1*HZ);
1493 if (peer)
1494 inet_putpeer(peer);
1495 if (!ret)
1496 goto release;
1497
1498 if (dev->addr_len) {
1499 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1500 if (!neigh) {
1501 ND_PRINTK(2, warn,
1502 "Redirect: no neigh for target address\n");
1503 goto release;
1504 }
1505
1506 read_lock_bh(&neigh->lock);
1507 if (neigh->nud_state & NUD_VALID) {
1508 memcpy(ha_buf, neigh->ha, dev->addr_len);
1509 read_unlock_bh(&neigh->lock);
1510 ha = ha_buf;
1511 optlen += ndisc_opt_addr_space(dev);
1512 } else
1513 read_unlock_bh(&neigh->lock);
1514
1515 neigh_release(neigh);
1516 }
1517
1518 rd_len = min_t(unsigned int,
1519 IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen,
1520 skb->len + 8);
1521 rd_len &= ~0x7;
1522 optlen += rd_len;
1523
1524 buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
1525 if (!buff)
1526 goto release;
1527
1528 msg = (struct rd_msg *)skb_put(buff, sizeof(*msg));
1529 *msg = (struct rd_msg) {
1530 .icmph = {
1531 .icmp6_type = NDISC_REDIRECT,
1532 },
1533 .target = *target,
1534 .dest = ipv6_hdr(skb)->daddr,
1535 };
1536
1537 /*
1538 * include target_address option
1539 */
1540
1541 if (ha)
1542 ndisc_fill_addr_option(buff, ND_OPT_TARGET_LL_ADDR, ha);
1543
1544 /*
1545 * build redirect option and copy skb over to the new packet.
1546 */
1547
1548 if (rd_len)
1549 ndisc_fill_redirect_hdr_option(buff, skb, rd_len);
1550
1551 skb_dst_set(buff, dst);
1552 ndisc_send_skb(buff, &ipv6_hdr(skb)->saddr, &saddr_buf);
1553 return;
1554
1555 release:
1556 dst_release(dst);
1557 }
1558
1559 static void pndisc_redo(struct sk_buff *skb)
1560 {
1561 ndisc_recv_ns(skb);
1562 kfree_skb(skb);
1563 }
1564
1565 static bool ndisc_suppress_frag_ndisc(struct sk_buff *skb)
1566 {
1567 struct inet6_dev *idev = __in6_dev_get(skb->dev);
1568
1569 if (!idev)
1570 return true;
1571 if (IP6CB(skb)->flags & IP6SKB_FRAGMENTED &&
1572 idev->cnf.suppress_frag_ndisc) {
1573 net_warn_ratelimited("Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.\n");
1574 return true;
1575 }
1576 return false;
1577 }
1578
1579 int ndisc_rcv(struct sk_buff *skb)
1580 {
1581 struct nd_msg *msg;
1582
1583 if (ndisc_suppress_frag_ndisc(skb))
1584 return 0;
1585
1586 if (skb_linearize(skb))
1587 return 0;
1588
1589 msg = (struct nd_msg *)skb_transport_header(skb);
1590
1591 __skb_push(skb, skb->data - skb_transport_header(skb));
1592
1593 if (ipv6_hdr(skb)->hop_limit != 255) {
1594 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1595 ipv6_hdr(skb)->hop_limit);
1596 return 0;
1597 }
1598
1599 if (msg->icmph.icmp6_code != 0) {
1600 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1601 msg->icmph.icmp6_code);
1602 return 0;
1603 }
1604
1605 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1606
1607 switch (msg->icmph.icmp6_type) {
1608 case NDISC_NEIGHBOUR_SOLICITATION:
1609 ndisc_recv_ns(skb);
1610 break;
1611
1612 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1613 ndisc_recv_na(skb);
1614 break;
1615
1616 case NDISC_ROUTER_SOLICITATION:
1617 ndisc_recv_rs(skb);
1618 break;
1619
1620 case NDISC_ROUTER_ADVERTISEMENT:
1621 ndisc_router_discovery(skb);
1622 break;
1623
1624 case NDISC_REDIRECT:
1625 ndisc_redirect_rcv(skb);
1626 break;
1627 }
1628
1629 return 0;
1630 }
1631
1632 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1633 {
1634 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1635 struct net *net = dev_net(dev);
1636 struct inet6_dev *idev;
1637
1638 switch (event) {
1639 case NETDEV_CHANGEADDR:
1640 neigh_changeaddr(&nd_tbl, dev);
1641 fib6_run_gc(0, net, false);
1642 idev = in6_dev_get(dev);
1643 if (!idev)
1644 break;
1645 if (idev->cnf.ndisc_notify)
1646 ndisc_send_unsol_na(dev);
1647 in6_dev_put(idev);
1648 break;
1649 case NETDEV_DOWN:
1650 neigh_ifdown(&nd_tbl, dev);
1651 fib6_run_gc(0, net, false);
1652 break;
1653 case NETDEV_NOTIFY_PEERS:
1654 ndisc_send_unsol_na(dev);
1655 break;
1656 default:
1657 break;
1658 }
1659
1660 return NOTIFY_DONE;
1661 }
1662
1663 static struct notifier_block ndisc_netdev_notifier = {
1664 .notifier_call = ndisc_netdev_event,
1665 };
1666
1667 #ifdef CONFIG_SYSCTL
1668 static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1669 const char *func, const char *dev_name)
1670 {
1671 static char warncomm[TASK_COMM_LEN];
1672 static int warned;
1673 if (strcmp(warncomm, current->comm) && warned < 5) {
1674 strcpy(warncomm, current->comm);
1675 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1676 warncomm, func,
1677 dev_name, ctl->procname,
1678 dev_name, ctl->procname);
1679 warned++;
1680 }
1681 }
1682
1683 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
1684 {
1685 struct net_device *dev = ctl->extra1;
1686 struct inet6_dev *idev;
1687 int ret;
1688
1689 if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1690 (strcmp(ctl->procname, "base_reachable_time") == 0))
1691 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1692
1693 if (strcmp(ctl->procname, "retrans_time") == 0)
1694 ret = neigh_proc_dointvec(ctl, write, buffer, lenp, ppos);
1695
1696 else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1697 ret = neigh_proc_dointvec_jiffies(ctl, write,
1698 buffer, lenp, ppos);
1699
1700 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1701 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1702 ret = neigh_proc_dointvec_ms_jiffies(ctl, write,
1703 buffer, lenp, ppos);
1704 else
1705 ret = -1;
1706
1707 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1708 if (ctl->data == &NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME))
1709 idev->nd_parms->reachable_time =
1710 neigh_rand_reach_time(NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME));
1711 idev->tstamp = jiffies;
1712 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1713 in6_dev_put(idev);
1714 }
1715 return ret;
1716 }
1717
1718
1719 #endif
1720
1721 static int __net_init ndisc_net_init(struct net *net)
1722 {
1723 struct ipv6_pinfo *np;
1724 struct sock *sk;
1725 int err;
1726
1727 err = inet_ctl_sock_create(&sk, PF_INET6,
1728 SOCK_RAW, IPPROTO_ICMPV6, net);
1729 if (err < 0) {
1730 ND_PRINTK(0, err,
1731 "NDISC: Failed to initialize the control socket (err %d)\n",
1732 err);
1733 return err;
1734 }
1735
1736 net->ipv6.ndisc_sk = sk;
1737
1738 np = inet6_sk(sk);
1739 np->hop_limit = 255;
1740 /* Do not loopback ndisc messages */
1741 np->mc_loop = 0;
1742
1743 return 0;
1744 }
1745
1746 static void __net_exit ndisc_net_exit(struct net *net)
1747 {
1748 inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1749 }
1750
1751 static struct pernet_operations ndisc_net_ops = {
1752 .init = ndisc_net_init,
1753 .exit = ndisc_net_exit,
1754 };
1755
1756 int __init ndisc_init(void)
1757 {
1758 int err;
1759
1760 err = register_pernet_subsys(&ndisc_net_ops);
1761 if (err)
1762 return err;
1763 /*
1764 * Initialize the neighbour table
1765 */
1766 neigh_table_init(&nd_tbl);
1767
1768 #ifdef CONFIG_SYSCTL
1769 err = neigh_sysctl_register(NULL, &nd_tbl.parms,
1770 ndisc_ifinfo_sysctl_change);
1771 if (err)
1772 goto out_unregister_pernet;
1773 out:
1774 #endif
1775 return err;
1776
1777 #ifdef CONFIG_SYSCTL
1778 out_unregister_pernet:
1779 unregister_pernet_subsys(&ndisc_net_ops);
1780 goto out;
1781 #endif
1782 }
1783
1784 int __init ndisc_late_init(void)
1785 {
1786 return register_netdevice_notifier(&ndisc_netdev_notifier);
1787 }
1788
1789 void ndisc_late_cleanup(void)
1790 {
1791 unregister_netdevice_notifier(&ndisc_netdev_notifier);
1792 }
1793
1794 void ndisc_cleanup(void)
1795 {
1796 #ifdef CONFIG_SYSCTL
1797 neigh_sysctl_unregister(&nd_tbl.parms);
1798 #endif
1799 neigh_table_clear(&nd_tbl);
1800 unregister_pernet_subsys(&ndisc_net_ops);
1801 }
Linux kernel - Deliverables
This page took 0.108361 seconds and 5 git commands to generate.