linux/net/ipv6/ndisc.c
<<
>>
Prefs
   1/*
   2 *      Neighbour Discovery for IPv6
   3 *      Linux INET6 implementation
   4 *
   5 *      Authors:
   6 *      Pedro Roque             <roque@di.fc.ul.pt>
   7 *      Mike Shaver             <shaver@ingenia.com>
   8 *
   9 *      This program is free software; you can redistribute it and/or
  10 *      modify it under the terms of the GNU General Public License
  11 *      as published by the Free Software Foundation; either version
  12 *      2 of the License, or (at your option) any later version.
  13 */
  14
  15/*
  16 *      Changes:
  17 *
  18 *      Alexey I. Froloff               :       RFC6106 (DNSSL) support
  19 *      Pierre Ynard                    :       export userland ND options
  20 *                                              through netlink (RDNSS support)
  21 *      Lars Fenneberg                  :       fixed MTU setting on receipt
  22 *                                              of an RA.
  23 *      Janos Farkas                    :       kmalloc failure checks
  24 *      Alexey Kuznetsov                :       state machine reworked
  25 *                                              and moved to net/core.
  26 *      Pekka Savola                    :       RFC2461 validation
  27 *      YOSHIFUJI Hideaki @USAGI        :       Verify ND options properly
  28 */
  29
  30#define pr_fmt(fmt) "ICMPv6: " fmt
  31
  32#include <linux/module.h>
  33#include <linux/errno.h>
  34#include <linux/types.h>
  35#include <linux/socket.h>
  36#include <linux/sockios.h>
  37#include <linux/sched.h>
  38#include <linux/net.h>
  39#include <linux/in6.h>
  40#include <linux/route.h>
  41#include <linux/init.h>
  42#include <linux/rcupdate.h>
  43#include <linux/slab.h>
  44#ifdef CONFIG_SYSCTL
  45#include <linux/sysctl.h>
  46#endif
  47
  48#include <linux/if_addr.h>
  49#include <linux/if_arp.h>
  50#include <linux/ipv6.h>
  51#include <linux/icmpv6.h>
  52#include <linux/jhash.h>
  53
  54#include <net/sock.h>
  55#include <net/snmp.h>
  56
  57#include <net/ipv6.h>
  58#include <net/protocol.h>
  59#include <net/ndisc.h>
  60#include <net/ip6_route.h>
  61#include <net/addrconf.h>
  62#include <net/icmp.h>
  63
  64#include <net/netlink.h>
  65#include <linux/rtnetlink.h>
  66
  67#include <net/flow.h>
  68#include <net/ip6_checksum.h>
  69#include <net/inet_common.h>
  70#include <linux/proc_fs.h>
  71
  72#include <linux/netfilter.h>
  73#include <linux/netfilter_ipv6.h>
  74
  75/* Set to 3 to get tracing... */
  76#define ND_DEBUG 1
  77
  78#define ND_PRINTK(val, level, fmt, ...)                         \
  79do {                                                            \
  80        if (val <= ND_DEBUG)                                    \
  81                net_##level##_ratelimited(fmt, ##__VA_ARGS__);  \
  82} while (0)
  83
  84static u32 ndisc_hash(const void *pkey,
  85                      const struct net_device *dev,
  86                      __u32 *hash_rnd);
  87static int ndisc_constructor(struct neighbour *neigh);
  88static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
  89static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
  90static int pndisc_constructor(struct pneigh_entry *n);
  91static void pndisc_destructor(struct pneigh_entry *n);
  92static void pndisc_redo(struct sk_buff *skb);
  93
  94static const struct neigh_ops ndisc_generic_ops = {
  95        .family =               AF_INET6,
  96        .solicit =              ndisc_solicit,
  97        .error_report =         ndisc_error_report,
  98        .output =               neigh_resolve_output,
  99        .connected_output =     neigh_connected_output,
 100};
 101
 102static const struct neigh_ops ndisc_hh_ops = {
 103        .family =               AF_INET6,
 104        .solicit =              ndisc_solicit,
 105        .error_report =         ndisc_error_report,
 106        .output =               neigh_resolve_output,
 107        .connected_output =     neigh_resolve_output,
 108};
 109
 110
 111static const struct neigh_ops ndisc_direct_ops = {
 112        .family =               AF_INET6,
 113        .output =               neigh_direct_output,
 114        .connected_output =     neigh_direct_output,
 115};
 116
 117struct neigh_table nd_tbl = {
 118        .family =       AF_INET6,
 119        .key_len =      sizeof(struct in6_addr),
 120        .hash =         ndisc_hash,
 121        .constructor =  ndisc_constructor,
 122        .pconstructor = pndisc_constructor,
 123        .pdestructor =  pndisc_destructor,
 124        .proxy_redo =   pndisc_redo,
 125        .id =           "ndisc_cache",
 126        .parms = {
 127                .tbl                    = &nd_tbl,
 128                .base_reachable_time    = ND_REACHABLE_TIME,
 129                .retrans_time           = ND_RETRANS_TIMER,
 130                .gc_staletime           = 60 * HZ,
 131                .reachable_time         = ND_REACHABLE_TIME,
 132                .delay_probe_time       = 5 * HZ,
 133                .queue_len_bytes        = 64*1024,
 134                .ucast_probes           = 3,
 135                .mcast_probes           = 3,
 136                .anycast_delay          = 1 * HZ,
 137                .proxy_delay            = (8 * HZ) / 10,
 138                .proxy_qlen             = 64,
 139        },
 140        .gc_interval =    30 * HZ,
 141        .gc_thresh1 =    128,
 142        .gc_thresh2 =    512,
 143        .gc_thresh3 =   1024,
 144};
 145
 146static inline int ndisc_opt_addr_space(struct net_device *dev)
 147{
 148        return NDISC_OPT_SPACE(dev->addr_len + ndisc_addr_option_pad(dev->type));
 149}
 150
 151static u8 *ndisc_fill_addr_option(u8 *opt, int type, void *data, int data_len,
 152                                  unsigned short addr_type)
 153{
 154        int space = NDISC_OPT_SPACE(data_len);
 155        int pad   = ndisc_addr_option_pad(addr_type);
 156
 157        opt[0] = type;
 158        opt[1] = space>>3;
 159
 160        memset(opt + 2, 0, pad);
 161        opt   += pad;
 162        space -= pad;
 163
 164        memcpy(opt+2, data, data_len);
 165        data_len += 2;
 166        opt += data_len;
 167        if ((space -= data_len) > 0)
 168                memset(opt, 0, space);
 169        return opt + space;
 170}
 171
 172static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
 173                                            struct nd_opt_hdr *end)
 174{
 175        int type;
 176        if (!cur || !end || cur >= end)
 177                return NULL;
 178        type = cur->nd_opt_type;
 179        do {
 180                cur = ((void *)cur) + (cur->nd_opt_len << 3);
 181        } while(cur < end && cur->nd_opt_type != type);
 182        return cur <= end && cur->nd_opt_type == type ? cur : NULL;
 183}
 184
 185static inline int ndisc_is_useropt(struct nd_opt_hdr *opt)
 186{
 187        return opt->nd_opt_type == ND_OPT_RDNSS ||
 188                opt->nd_opt_type == ND_OPT_DNSSL;
 189}
 190
 191static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur,
 192                                             struct nd_opt_hdr *end)
 193{
 194        if (!cur || !end || cur >= end)
 195                return NULL;
 196        do {
 197                cur = ((void *)cur) + (cur->nd_opt_len << 3);
 198        } while(cur < end && !ndisc_is_useropt(cur));
 199        return cur <= end && ndisc_is_useropt(cur) ? cur : NULL;
 200}
 201
 202struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
 203                                          struct ndisc_options *ndopts)
 204{
 205        struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
 206
 207        if (!nd_opt || opt_len < 0 || !ndopts)
 208                return NULL;
 209        memset(ndopts, 0, sizeof(*ndopts));
 210        while (opt_len) {
 211                int l;
 212                if (opt_len < sizeof(struct nd_opt_hdr))
 213                        return NULL;
 214                l = nd_opt->nd_opt_len << 3;
 215                if (opt_len < l || l == 0)
 216                        return NULL;
 217                switch (nd_opt->nd_opt_type) {
 218                case ND_OPT_SOURCE_LL_ADDR:
 219                case ND_OPT_TARGET_LL_ADDR:
 220                case ND_OPT_MTU:
 221                case ND_OPT_REDIRECT_HDR:
 222                        if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
 223                                ND_PRINTK(2, warn,
 224                                          "%s: duplicated ND6 option found: type=%d\n",
 225                                          __func__, nd_opt->nd_opt_type);
 226                        } else {
 227                                ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
 228                        }
 229                        break;
 230                case ND_OPT_PREFIX_INFO:
 231                        ndopts->nd_opts_pi_end = nd_opt;
 232                        if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
 233                                ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
 234                        break;
 235#ifdef CONFIG_IPV6_ROUTE_INFO
 236                case ND_OPT_ROUTE_INFO:
 237                        ndopts->nd_opts_ri_end = nd_opt;
 238                        if (!ndopts->nd_opts_ri)
 239                                ndopts->nd_opts_ri = nd_opt;
 240                        break;
 241#endif
 242                default:
 243                        if (ndisc_is_useropt(nd_opt)) {
 244                                ndopts->nd_useropts_end = nd_opt;
 245                                if (!ndopts->nd_useropts)
 246                                        ndopts->nd_useropts = nd_opt;
 247                        } else {
 248                                /*
 249                                 * Unknown options must be silently ignored,
 250                                 * to accommodate future extension to the
 251                                 * protocol.
 252                                 */
 253                                ND_PRINTK(2, notice,
 254                                          "%s: ignored unsupported option; type=%d, len=%d\n",
 255                                          __func__,
 256                                          nd_opt->nd_opt_type,
 257                                          nd_opt->nd_opt_len);
 258                        }
 259                }
 260                opt_len -= l;
 261                nd_opt = ((void *)nd_opt) + l;
 262        }
 263        return ndopts;
 264}
 265
 266int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
 267{
 268        switch (dev->type) {
 269        case ARPHRD_ETHER:
 270        case ARPHRD_IEEE802:    /* Not sure. Check it later. --ANK */
 271        case ARPHRD_FDDI:
 272                ipv6_eth_mc_map(addr, buf);
 273                return 0;
 274        case ARPHRD_ARCNET:
 275                ipv6_arcnet_mc_map(addr, buf);
 276                return 0;
 277        case ARPHRD_INFINIBAND:
 278                ipv6_ib_mc_map(addr, dev->broadcast, buf);
 279                return 0;
 280        case ARPHRD_IPGRE:
 281                return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
 282        default:
 283                if (dir) {
 284                        memcpy(buf, dev->broadcast, dev->addr_len);
 285                        return 0;
 286                }
 287        }
 288        return -EINVAL;
 289}
 290
 291EXPORT_SYMBOL(ndisc_mc_map);
 292
 293static u32 ndisc_hash(const void *pkey,
 294                      const struct net_device *dev,
 295                      __u32 *hash_rnd)
 296{
 297        return ndisc_hashfn(pkey, dev, hash_rnd);
 298}
 299
 300static int ndisc_constructor(struct neighbour *neigh)
 301{
 302        struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key;
 303        struct net_device *dev = neigh->dev;
 304        struct inet6_dev *in6_dev;
 305        struct neigh_parms *parms;
 306        bool is_multicast = ipv6_addr_is_multicast(addr);
 307
 308        in6_dev = in6_dev_get(dev);
 309        if (in6_dev == NULL) {
 310                return -EINVAL;
 311        }
 312
 313        parms = in6_dev->nd_parms;
 314        __neigh_parms_put(neigh->parms);
 315        neigh->parms = neigh_parms_clone(parms);
 316
 317        neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
 318        if (!dev->header_ops) {
 319                neigh->nud_state = NUD_NOARP;
 320                neigh->ops = &ndisc_direct_ops;
 321                neigh->output = neigh_direct_output;
 322        } else {
 323                if (is_multicast) {
 324                        neigh->nud_state = NUD_NOARP;
 325                        ndisc_mc_map(addr, neigh->ha, dev, 1);
 326                } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
 327                        neigh->nud_state = NUD_NOARP;
 328                        memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
 329                        if (dev->flags&IFF_LOOPBACK)
 330                                neigh->type = RTN_LOCAL;
 331                } else if (dev->flags&IFF_POINTOPOINT) {
 332                        neigh->nud_state = NUD_NOARP;
 333                        memcpy(neigh->ha, dev->broadcast, dev->addr_len);
 334                }
 335                if (dev->header_ops->cache)
 336                        neigh->ops = &ndisc_hh_ops;
 337                else
 338                        neigh->ops = &ndisc_generic_ops;
 339                if (neigh->nud_state&NUD_VALID)
 340                        neigh->output = neigh->ops->connected_output;
 341                else
 342                        neigh->output = neigh->ops->output;
 343        }
 344        in6_dev_put(in6_dev);
 345        return 0;
 346}
 347
 348static int pndisc_constructor(struct pneigh_entry *n)
 349{
 350        struct in6_addr *addr = (struct in6_addr*)&n->key;
 351        struct in6_addr maddr;
 352        struct net_device *dev = n->dev;
 353
 354        if (dev == NULL || __in6_dev_get(dev) == NULL)
 355                return -EINVAL;
 356        addrconf_addr_solict_mult(addr, &maddr);
 357        ipv6_dev_mc_inc(dev, &maddr);
 358        return 0;
 359}
 360
 361static void pndisc_destructor(struct pneigh_entry *n)
 362{
 363        struct in6_addr *addr = (struct in6_addr*)&n->key;
 364        struct in6_addr maddr;
 365        struct net_device *dev = n->dev;
 366
 367        if (dev == NULL || __in6_dev_get(dev) == NULL)
 368                return;
 369        addrconf_addr_solict_mult(addr, &maddr);
 370        ipv6_dev_mc_dec(dev, &maddr);
 371}
 372
 373struct sk_buff *ndisc_build_skb(struct net_device *dev,
 374                                const struct in6_addr *daddr,
 375                                const struct in6_addr *saddr,
 376                                struct icmp6hdr *icmp6h,
 377                                const struct in6_addr *target,
 378                                int llinfo)
 379{
 380        struct net *net = dev_net(dev);
 381        struct sock *sk = net->ipv6.ndisc_sk;
 382        struct sk_buff *skb;
 383        struct icmp6hdr *hdr;
 384        int hlen = LL_RESERVED_SPACE(dev);
 385        int tlen = dev->needed_tailroom;
 386        int len;
 387        int err;
 388        u8 *opt;
 389
 390        if (!dev->addr_len)
 391                llinfo = 0;
 392
 393        len = sizeof(struct icmp6hdr) + (target ? sizeof(*target) : 0);
 394        if (llinfo)
 395                len += ndisc_opt_addr_space(dev);
 396
 397        skb = sock_alloc_send_skb(sk,
 398                                  (MAX_HEADER + sizeof(struct ipv6hdr) +
 399                                   len + hlen + tlen),
 400                                  1, &err);
 401        if (!skb) {
 402                ND_PRINTK(0, err, "ND: %s failed to allocate an skb, err=%d\n",
 403                          __func__, err);
 404                return NULL;
 405        }
 406
 407        skb_reserve(skb, hlen);
 408        ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len);
 409
 410        skb->transport_header = skb->tail;
 411        skb_put(skb, len);
 412
 413        hdr = (struct icmp6hdr *)skb_transport_header(skb);
 414        memcpy(hdr, icmp6h, sizeof(*hdr));
 415
 416        opt = skb_transport_header(skb) + sizeof(struct icmp6hdr);
 417        if (target) {
 418                *(struct in6_addr *)opt = *target;
 419                opt += sizeof(*target);
 420        }
 421
 422        if (llinfo)
 423                ndisc_fill_addr_option(opt, llinfo, dev->dev_addr,
 424                                       dev->addr_len, dev->type);
 425
 426        hdr->icmp6_cksum = csum_ipv6_magic(saddr, daddr, len,
 427                                           IPPROTO_ICMPV6,
 428                                           csum_partial(hdr,
 429                                                        len, 0));
 430
 431        return skb;
 432}
 433
 434EXPORT_SYMBOL(ndisc_build_skb);
 435
 436void ndisc_send_skb(struct sk_buff *skb,
 437                    struct net_device *dev,
 438                    struct neighbour *neigh,
 439                    const struct in6_addr *daddr,
 440                    const struct in6_addr *saddr,
 441                    struct icmp6hdr *icmp6h)
 442{
 443        struct flowi6 fl6;
 444        struct dst_entry *dst;
 445        struct net *net = dev_net(dev);
 446        struct sock *sk = net->ipv6.ndisc_sk;
 447        struct inet6_dev *idev;
 448        int err;
 449        u8 type;
 450
 451        type = icmp6h->icmp6_type;
 452
 453        icmpv6_flow_init(sk, &fl6, type, saddr, daddr, dev->ifindex);
 454        dst = icmp6_dst_alloc(dev, neigh, &fl6);
 455        if (IS_ERR(dst)) {
 456                kfree_skb(skb);
 457                return;
 458        }
 459
 460        skb_dst_set(skb, dst);
 461
 462        rcu_read_lock();
 463        idev = __in6_dev_get(dst->dev);
 464        IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
 465
 466        err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev,
 467                      dst_output);
 468        if (!err) {
 469                ICMP6MSGOUT_INC_STATS(net, idev, type);
 470                ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
 471        }
 472
 473        rcu_read_unlock();
 474}
 475
 476EXPORT_SYMBOL(ndisc_send_skb);
 477
 478/*
 479 *      Send a Neighbour Discover packet
 480 */
 481static void __ndisc_send(struct net_device *dev,
 482                         struct neighbour *neigh,
 483                         const struct in6_addr *daddr,
 484                         const struct in6_addr *saddr,
 485                         struct icmp6hdr *icmp6h, const struct in6_addr *target,
 486                         int llinfo)
 487{
 488        struct sk_buff *skb;
 489
 490        skb = ndisc_build_skb(dev, daddr, saddr, icmp6h, target, llinfo);
 491        if (!skb)
 492                return;
 493
 494        ndisc_send_skb(skb, dev, neigh, daddr, saddr, icmp6h);
 495}
 496
 497static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
 498                          const struct in6_addr *daddr,
 499                          const struct in6_addr *solicited_addr,
 500                          int router, int solicited, int override, int inc_opt)
 501{
 502        struct in6_addr tmpaddr;
 503        struct inet6_ifaddr *ifp;
 504        const struct in6_addr *src_addr;
 505        struct icmp6hdr icmp6h = {
 506                .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
 507        };
 508
 509        /* for anycast or proxy, solicited_addr != src_addr */
 510        ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
 511        if (ifp) {
 512                src_addr = solicited_addr;
 513                if (ifp->flags & IFA_F_OPTIMISTIC)
 514                        override = 0;
 515                inc_opt |= ifp->idev->cnf.force_tllao;
 516                in6_ifa_put(ifp);
 517        } else {
 518                if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
 519                                       inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
 520                                       &tmpaddr))
 521                        return;
 522                src_addr = &tmpaddr;
 523        }
 524
 525        icmp6h.icmp6_router = router;
 526        icmp6h.icmp6_solicited = solicited;
 527        icmp6h.icmp6_override = override;
 528
 529        __ndisc_send(dev, neigh, daddr, src_addr,
 530                     &icmp6h, solicited_addr,
 531                     inc_opt ? ND_OPT_TARGET_LL_ADDR : 0);
 532}
 533
 534static void ndisc_send_unsol_na(struct net_device *dev)
 535{
 536        struct inet6_dev *idev;
 537        struct inet6_ifaddr *ifa;
 538        struct in6_addr mcaddr;
 539
 540        idev = in6_dev_get(dev);
 541        if (!idev)
 542                return;
 543
 544        read_lock_bh(&idev->lock);
 545        list_for_each_entry(ifa, &idev->addr_list, if_list) {
 546                addrconf_addr_solict_mult(&ifa->addr, &mcaddr);
 547                ndisc_send_na(dev, NULL, &mcaddr, &ifa->addr,
 548                              /*router=*/ !!idev->cnf.forwarding,
 549                              /*solicited=*/ false, /*override=*/ true,
 550                              /*inc_opt=*/ true);
 551        }
 552        read_unlock_bh(&idev->lock);
 553
 554        in6_dev_put(idev);
 555}
 556
 557void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh,
 558                   const struct in6_addr *solicit,
 559                   const struct in6_addr *daddr, const struct in6_addr *saddr)
 560{
 561        struct in6_addr addr_buf;
 562        struct icmp6hdr icmp6h = {
 563                .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
 564        };
 565
 566        if (saddr == NULL) {
 567                if (ipv6_get_lladdr(dev, &addr_buf,
 568                                   (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
 569                        return;
 570                saddr = &addr_buf;
 571        }
 572
 573        __ndisc_send(dev, neigh, daddr, saddr,
 574                     &icmp6h, solicit,
 575                     !ipv6_addr_any(saddr) ? ND_OPT_SOURCE_LL_ADDR : 0);
 576}
 577
 578void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
 579                   const struct in6_addr *daddr)
 580{
 581        struct icmp6hdr icmp6h = {
 582                .icmp6_type = NDISC_ROUTER_SOLICITATION,
 583        };
 584        int send_sllao = dev->addr_len;
 585
 586#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
 587        /*
 588         * According to section 2.2 of RFC 4429, we must not
 589         * send router solicitations with a sllao from
 590         * optimistic addresses, but we may send the solicitation
 591         * if we don't include the sllao.  So here we check
 592         * if our address is optimistic, and if so, we
 593         * suppress the inclusion of the sllao.
 594         */
 595        if (send_sllao) {
 596                struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
 597                                                           dev, 1);
 598                if (ifp) {
 599                        if (ifp->flags & IFA_F_OPTIMISTIC)  {
 600                                send_sllao = 0;
 601                        }
 602                        in6_ifa_put(ifp);
 603                } else {
 604                        send_sllao = 0;
 605                }
 606        }
 607#endif
 608        __ndisc_send(dev, NULL, daddr, saddr,
 609                     &icmp6h, NULL,
 610                     send_sllao ? ND_OPT_SOURCE_LL_ADDR : 0);
 611}
 612
 613
 614static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
 615{
 616        /*
 617         *      "The sender MUST return an ICMP
 618         *       destination unreachable"
 619         */
 620        dst_link_failure(skb);
 621        kfree_skb(skb);
 622}
 623
 624/* Called with locked neigh: either read or both */
 625
 626static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
 627{
 628        struct in6_addr *saddr = NULL;
 629        struct in6_addr mcaddr;
 630        struct net_device *dev = neigh->dev;
 631        struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
 632        int probes = atomic_read(&neigh->probes);
 633
 634        if (skb && ipv6_chk_addr(dev_net(dev), &ipv6_hdr(skb)->saddr, dev, 1))
 635                saddr = &ipv6_hdr(skb)->saddr;
 636
 637        if ((probes -= neigh->parms->ucast_probes) < 0) {
 638                if (!(neigh->nud_state & NUD_VALID)) {
 639                        ND_PRINTK(1, dbg,
 640                                  "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
 641                                  __func__, target);
 642                }
 643                ndisc_send_ns(dev, neigh, target, target, saddr);
 644        } else if ((probes -= neigh->parms->app_probes) < 0) {
 645#ifdef CONFIG_ARPD
 646                neigh_app_ns(neigh);
 647#endif
 648        } else {
 649                addrconf_addr_solict_mult(target, &mcaddr);
 650                ndisc_send_ns(dev, NULL, target, &mcaddr, saddr);
 651        }
 652}
 653
 654static int pndisc_is_router(const void *pkey,
 655                            struct net_device *dev)
 656{
 657        struct pneigh_entry *n;
 658        int ret = -1;
 659
 660        read_lock_bh(&nd_tbl.lock);
 661        n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
 662        if (n)
 663                ret = !!(n->flags & NTF_ROUTER);
 664        read_unlock_bh(&nd_tbl.lock);
 665
 666        return ret;
 667}
 668
 669static void ndisc_recv_ns(struct sk_buff *skb)
 670{
 671        struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
 672        const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
 673        const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
 674        u8 *lladdr = NULL;
 675        u32 ndoptlen = skb->tail - (skb->transport_header +
 676                                    offsetof(struct nd_msg, opt));
 677        struct ndisc_options ndopts;
 678        struct net_device *dev = skb->dev;
 679        struct inet6_ifaddr *ifp;
 680        struct inet6_dev *idev = NULL;
 681        struct neighbour *neigh;
 682        int dad = ipv6_addr_any(saddr);
 683        bool inc;
 684        int is_router = -1;
 685
 686        if (ipv6_addr_is_multicast(&msg->target)) {
 687                ND_PRINTK(2, warn, "NS: multicast target address\n");
 688                return;
 689        }
 690
 691        /*
 692         * RFC2461 7.1.1:
 693         * DAD has to be destined for solicited node multicast address.
 694         */
 695        if (dad &&
 696            !(daddr->s6_addr32[0] == htonl(0xff020000) &&
 697              daddr->s6_addr32[1] == htonl(0x00000000) &&
 698              daddr->s6_addr32[2] == htonl(0x00000001) &&
 699              daddr->s6_addr [12] == 0xff )) {
 700                ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
 701                return;
 702        }
 703
 704        if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
 705                ND_PRINTK(2, warn, "NS: invalid ND options\n");
 706                return;
 707        }
 708
 709        if (ndopts.nd_opts_src_lladdr) {
 710                lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
 711                if (!lladdr) {
 712                        ND_PRINTK(2, warn,
 713                                  "NS: invalid link-layer address length\n");
 714                        return;
 715                }
 716
 717                /* RFC2461 7.1.1:
 718                 *      If the IP source address is the unspecified address,
 719                 *      there MUST NOT be source link-layer address option
 720                 *      in the message.
 721                 */
 722                if (dad) {
 723                        ND_PRINTK(2, warn,
 724                                  "NS: bad DAD packet (link-layer address option)\n");
 725                        return;
 726                }
 727        }
 728
 729        inc = ipv6_addr_is_multicast(daddr);
 730
 731        ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
 732        if (ifp) {
 733
 734                if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
 735                        if (dad) {
 736                                /*
 737                                 * We are colliding with another node
 738                                 * who is doing DAD
 739                                 * so fail our DAD process
 740                                 */
 741                                addrconf_dad_failure(ifp);
 742                                return;
 743                        } else {
 744                                /*
 745                                 * This is not a dad solicitation.
 746                                 * If we are an optimistic node,
 747                                 * we should respond.
 748                                 * Otherwise, we should ignore it.
 749                                 */
 750                                if (!(ifp->flags & IFA_F_OPTIMISTIC))
 751                                        goto out;
 752                        }
 753                }
 754
 755                idev = ifp->idev;
 756        } else {
 757                struct net *net = dev_net(dev);
 758
 759                idev = in6_dev_get(dev);
 760                if (!idev) {
 761                        /* XXX: count this drop? */
 762                        return;
 763                }
 764
 765                if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
 766                    (idev->cnf.forwarding &&
 767                     (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
 768                     (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
 769                        if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
 770                            skb->pkt_type != PACKET_HOST &&
 771                            inc != 0 &&
 772                            idev->nd_parms->proxy_delay != 0) {
 773                                /*
 774                                 * for anycast or proxy,
 775                                 * sender should delay its response
 776                                 * by a random time between 0 and
 777                                 * MAX_ANYCAST_DELAY_TIME seconds.
 778                                 * (RFC2461) -- yoshfuji
 779                                 */
 780                                struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
 781                                if (n)
 782                                        pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
 783                                goto out;
 784                        }
 785                } else
 786                        goto out;
 787        }
 788
 789        if (is_router < 0)
 790                is_router = !!idev->cnf.forwarding;
 791
 792        if (dad) {
 793                ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &msg->target,
 794                              is_router, 0, (ifp != NULL), 1);
 795                goto out;
 796        }
 797
 798        if (inc)
 799                NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
 800        else
 801                NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
 802
 803        /*
 804         *      update / create cache entry
 805         *      for the source address
 806         */
 807        neigh = __neigh_lookup(&nd_tbl, saddr, dev,
 808                               !inc || lladdr || !dev->addr_len);
 809        if (neigh)
 810                neigh_update(neigh, lladdr, NUD_STALE,
 811                             NEIGH_UPDATE_F_WEAK_OVERRIDE|
 812                             NEIGH_UPDATE_F_OVERRIDE);
 813        if (neigh || !dev->header_ops) {
 814                ndisc_send_na(dev, neigh, saddr, &msg->target,
 815                              is_router,
 816                              1, (ifp != NULL && inc), inc);
 817                if (neigh)
 818                        neigh_release(neigh);
 819        }
 820
 821out:
 822        if (ifp)
 823                in6_ifa_put(ifp);
 824        else
 825                in6_dev_put(idev);
 826}
 827
 828static void ndisc_recv_na(struct sk_buff *skb)
 829{
 830        struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
 831        const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
 832        const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
 833        u8 *lladdr = NULL;
 834        u32 ndoptlen = skb->tail - (skb->transport_header +
 835                                    offsetof(struct nd_msg, opt));
 836        struct ndisc_options ndopts;
 837        struct net_device *dev = skb->dev;
 838        struct inet6_ifaddr *ifp;
 839        struct neighbour *neigh;
 840
 841        if (skb->len < sizeof(struct nd_msg)) {
 842                ND_PRINTK(2, warn, "NA: packet too short\n");
 843                return;
 844        }
 845
 846        if (ipv6_addr_is_multicast(&msg->target)) {
 847                ND_PRINTK(2, warn, "NA: target address is multicast\n");
 848                return;
 849        }
 850
 851        if (ipv6_addr_is_multicast(daddr) &&
 852            msg->icmph.icmp6_solicited) {
 853                ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
 854                return;
 855        }
 856
 857        if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
 858                ND_PRINTK(2, warn, "NS: invalid ND option\n");
 859                return;
 860        }
 861        if (ndopts.nd_opts_tgt_lladdr) {
 862                lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
 863                if (!lladdr) {
 864                        ND_PRINTK(2, warn,
 865                                  "NA: invalid link-layer address length\n");
 866                        return;
 867                }
 868        }
 869        ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
 870        if (ifp) {
 871                if (skb->pkt_type != PACKET_LOOPBACK
 872                    && (ifp->flags & IFA_F_TENTATIVE)) {
 873                                addrconf_dad_failure(ifp);
 874                                return;
 875                }
 876                /* What should we make now? The advertisement
 877                   is invalid, but ndisc specs say nothing
 878                   about it. It could be misconfiguration, or
 879                   an smart proxy agent tries to help us :-)
 880
 881                   We should not print the error if NA has been
 882                   received from loopback - it is just our own
 883                   unsolicited advertisement.
 884                 */
 885                if (skb->pkt_type != PACKET_LOOPBACK)
 886                        ND_PRINTK(1, warn,
 887                                  "NA: someone advertises our address %pI6 on %s!\n",
 888                                  &ifp->addr, ifp->idev->dev->name);
 889                in6_ifa_put(ifp);
 890                return;
 891        }
 892        neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
 893
 894        if (neigh) {
 895                u8 old_flags = neigh->flags;
 896                struct net *net = dev_net(dev);
 897
 898                if (neigh->nud_state & NUD_FAILED)
 899                        goto out;
 900
 901                /*
 902                 * Don't update the neighbor cache entry on a proxy NA from
 903                 * ourselves because either the proxied node is off link or it
 904                 * has already sent a NA to us.
 905                 */
 906                if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
 907                    net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
 908                    pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
 909                        /* XXX: idev->cnf.prixy_ndp */
 910                        goto out;
 911                }
 912
 913                neigh_update(neigh, lladdr,
 914                             msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
 915                             NEIGH_UPDATE_F_WEAK_OVERRIDE|
 916                             (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
 917                             NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
 918                             (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0));
 919
 920                if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
 921                        /*
 922                         * Change: router to host
 923                         */
 924                        struct rt6_info *rt;
 925                        rt = rt6_get_dflt_router(saddr, dev);
 926                        if (rt)
 927                                ip6_del_rt(rt);
 928                }
 929
 930out:
 931                neigh_release(neigh);
 932        }
 933}
 934
 935static void ndisc_recv_rs(struct sk_buff *skb)
 936{
 937        struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
 938        unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
 939        struct neighbour *neigh;
 940        struct inet6_dev *idev;
 941        const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
 942        struct ndisc_options ndopts;
 943        u8 *lladdr = NULL;
 944
 945        if (skb->len < sizeof(*rs_msg))
 946                return;
 947
 948        idev = __in6_dev_get(skb->dev);
 949        if (!idev) {
 950                ND_PRINTK(1, err, "RS: can't find in6 device\n");
 951                return;
 952        }
 953
 954        /* Don't accept RS if we're not in router mode */
 955        if (!idev->cnf.forwarding)
 956                goto out;
 957
 958        /*
 959         * Don't update NCE if src = ::;
 960         * this implies that the source node has no ip address assigned yet.
 961         */
 962        if (ipv6_addr_any(saddr))
 963                goto out;
 964
 965        /* Parse ND options */
 966        if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) {
 967                ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n");
 968                goto out;
 969        }
 970
 971        if (ndopts.nd_opts_src_lladdr) {
 972                lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
 973                                             skb->dev);
 974                if (!lladdr)
 975                        goto out;
 976        }
 977
 978        neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
 979        if (neigh) {
 980                neigh_update(neigh, lladdr, NUD_STALE,
 981                             NEIGH_UPDATE_F_WEAK_OVERRIDE|
 982                             NEIGH_UPDATE_F_OVERRIDE|
 983                             NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
 984                neigh_release(neigh);
 985        }
 986out:
 987        return;
 988}
 989
 990static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
 991{
 992        struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
 993        struct sk_buff *skb;
 994        struct nlmsghdr *nlh;
 995        struct nduseroptmsg *ndmsg;
 996        struct net *net = dev_net(ra->dev);
 997        int err;
 998        int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
 999                                    + (opt->nd_opt_len << 3));
1000        size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1001
1002        skb = nlmsg_new(msg_size, GFP_ATOMIC);
1003        if (skb == NULL) {
1004                err = -ENOBUFS;
1005                goto errout;
1006        }
1007
1008        nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1009        if (nlh == NULL) {
1010                goto nla_put_failure;
1011        }
1012
1013        ndmsg = nlmsg_data(nlh);
1014        ndmsg->nduseropt_family = AF_INET6;
1015        ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1016        ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1017        ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1018        ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1019
1020        memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1021
1022        if (nla_put(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr),
1023                    &ipv6_hdr(ra)->saddr))
1024                goto nla_put_failure;
1025        nlmsg_end(skb, nlh);
1026
1027        rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1028        return;
1029
1030nla_put_failure:
1031        nlmsg_free(skb);
1032        err = -EMSGSIZE;
1033errout:
1034        rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1035}
1036
1037static inline int accept_ra(struct inet6_dev *in6_dev)
1038{
1039        /*
1040         * If forwarding is enabled, RA are not accepted unless the special
1041         * hybrid mode (accept_ra=2) is enabled.
1042         */
1043        if (in6_dev->cnf.forwarding && in6_dev->cnf.accept_ra < 2)
1044                return 0;
1045
1046        return in6_dev->cnf.accept_ra;
1047}
1048
1049static void ndisc_router_discovery(struct sk_buff *skb)
1050{
1051        struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1052        struct neighbour *neigh = NULL;
1053        struct inet6_dev *in6_dev;
1054        struct rt6_info *rt = NULL;
1055        int lifetime;
1056        struct ndisc_options ndopts;
1057        int optlen;
1058        unsigned int pref = 0;
1059
1060        __u8 * opt = (__u8 *)(ra_msg + 1);
1061
1062        optlen = (skb->tail - skb->transport_header) - sizeof(struct ra_msg);
1063
1064        if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1065                ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1066                return;
1067        }
1068        if (optlen < 0) {
1069                ND_PRINTK(2, warn, "RA: packet too short\n");
1070                return;
1071        }
1072
1073#ifdef CONFIG_IPV6_NDISC_NODETYPE
1074        if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1075                ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
1076                return;
1077        }
1078#endif
1079
1080        /*
1081         *      set the RA_RECV flag in the interface
1082         */
1083
1084        in6_dev = __in6_dev_get(skb->dev);
1085        if (in6_dev == NULL) {
1086                ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1087                          skb->dev->name);
1088                return;
1089        }
1090
1091        if (!ndisc_parse_options(opt, optlen, &ndopts)) {
1092                ND_PRINTK(2, warn, "RA: invalid ND options\n");
1093                return;
1094        }
1095
1096        if (!accept_ra(in6_dev))
1097                goto skip_linkparms;
1098
1099#ifdef CONFIG_IPV6_NDISC_NODETYPE
1100        /* skip link-specific parameters from interior routers */
1101        if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1102                goto skip_linkparms;
1103#endif
1104
1105        if (in6_dev->if_flags & IF_RS_SENT) {
1106                /*
1107                 *      flag that an RA was received after an RS was sent
1108                 *      out on this interface.
1109                 */
1110                in6_dev->if_flags |= IF_RA_RCVD;
1111        }
1112
1113        /*
1114         * Remember the managed/otherconf flags from most recently
1115         * received RA message (RFC 2462) -- yoshfuji
1116         */
1117        in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1118                                IF_RA_OTHERCONF)) |
1119                                (ra_msg->icmph.icmp6_addrconf_managed ?
1120                                        IF_RA_MANAGED : 0) |
1121                                (ra_msg->icmph.icmp6_addrconf_other ?
1122                                        IF_RA_OTHERCONF : 0);
1123
1124        if (!in6_dev->cnf.accept_ra_defrtr)
1125                goto skip_defrtr;
1126
1127        if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0))
1128                goto skip_defrtr;
1129
1130        lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1131
1132#ifdef CONFIG_IPV6_ROUTER_PREF
1133        pref = ra_msg->icmph.icmp6_router_pref;
1134        /* 10b is handled as if it were 00b (medium) */
1135        if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1136            !in6_dev->cnf.accept_ra_rtr_pref)
1137                pref = ICMPV6_ROUTER_PREF_MEDIUM;
1138#endif
1139
1140        rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1141
1142        if (rt) {
1143                neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1144                if (!neigh) {
1145                        ND_PRINTK(0, err,
1146                                  "RA: %s got default router without neighbour\n",
1147                                  __func__);
1148                        dst_release(&rt->dst);
1149                        return;
1150                }
1151        }
1152        if (rt && lifetime == 0) {
1153                ip6_del_rt(rt);
1154                rt = NULL;
1155        }
1156
1157        if (rt == NULL && lifetime) {
1158                ND_PRINTK(3, dbg, "RA: adding default router\n");
1159
1160                rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
1161                if (rt == NULL) {
1162                        ND_PRINTK(0, err,
1163                                  "RA: %s failed to add default route\n",
1164                                  __func__);
1165                        return;
1166                }
1167
1168                neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1169                if (neigh == NULL) {
1170                        ND_PRINTK(0, err,
1171                                  "RA: %s got default router without neighbour\n",
1172                                  __func__);
1173                        dst_release(&rt->dst);
1174                        return;
1175                }
1176                neigh->flags |= NTF_ROUTER;
1177        } else if (rt) {
1178                rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1179        }
1180
1181        if (rt)
1182                rt6_set_expires(rt, jiffies + (HZ * lifetime));
1183        if (ra_msg->icmph.icmp6_hop_limit) {
1184                in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1185                if (rt)
1186                        dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
1187                                       ra_msg->icmph.icmp6_hop_limit);
1188        }
1189
1190skip_defrtr:
1191
1192        /*
1193         *      Update Reachable Time and Retrans Timer
1194         */
1195
1196        if (in6_dev->nd_parms) {
1197                unsigned long rtime = ntohl(ra_msg->retrans_timer);
1198
1199                if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1200                        rtime = (rtime*HZ)/1000;
1201                        if (rtime < HZ/10)
1202                                rtime = HZ/10;
1203                        in6_dev->nd_parms->retrans_time = rtime;
1204                        in6_dev->tstamp = jiffies;
1205                        inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1206                }
1207
1208                rtime = ntohl(ra_msg->reachable_time);
1209                if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1210                        rtime = (rtime*HZ)/1000;
1211
1212                        if (rtime < HZ/10)
1213                                rtime = HZ/10;
1214
1215                        if (rtime != in6_dev->nd_parms->base_reachable_time) {
1216                                in6_dev->nd_parms->base_reachable_time = rtime;
1217                                in6_dev->nd_parms->gc_staletime = 3 * rtime;
1218                                in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1219                                in6_dev->tstamp = jiffies;
1220                                inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1221                        }
1222                }
1223        }
1224
1225skip_linkparms:
1226
1227        /*
1228         *      Process options.
1229         */
1230
1231        if (!neigh)
1232                neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1233                                       skb->dev, 1);
1234        if (neigh) {
1235                u8 *lladdr = NULL;
1236                if (ndopts.nd_opts_src_lladdr) {
1237                        lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1238                                                     skb->dev);
1239                        if (!lladdr) {
1240                                ND_PRINTK(2, warn,
1241                                          "RA: invalid link-layer address length\n");
1242                                goto out;
1243                        }
1244                }
1245                neigh_update(neigh, lladdr, NUD_STALE,
1246                             NEIGH_UPDATE_F_WEAK_OVERRIDE|
1247                             NEIGH_UPDATE_F_OVERRIDE|
1248                             NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1249                             NEIGH_UPDATE_F_ISROUTER);
1250        }
1251
1252        if (!accept_ra(in6_dev))
1253                goto out;
1254
1255#ifdef CONFIG_IPV6_ROUTE_INFO
1256        if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0))
1257                goto skip_routeinfo;
1258
1259        if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1260                struct nd_opt_hdr *p;
1261                for (p = ndopts.nd_opts_ri;
1262                     p;
1263                     p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1264                        struct route_info *ri = (struct route_info *)p;
1265#ifdef CONFIG_IPV6_NDISC_NODETYPE
1266                        if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1267                            ri->prefix_len == 0)
1268                                continue;
1269#endif
1270                        if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1271                                continue;
1272                        rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3,
1273                                      &ipv6_hdr(skb)->saddr);
1274                }
1275        }
1276
1277skip_routeinfo:
1278#endif
1279
1280#ifdef CONFIG_IPV6_NDISC_NODETYPE
1281        /* skip link-specific ndopts from interior routers */
1282        if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1283                goto out;
1284#endif
1285
1286        if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1287                struct nd_opt_hdr *p;
1288                for (p = ndopts.nd_opts_pi;
1289                     p;
1290                     p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1291                        addrconf_prefix_rcv(skb->dev, (u8 *)p,
1292                                            (p->nd_opt_len) << 3,
1293                                            ndopts.nd_opts_src_lladdr != NULL);
1294                }
1295        }
1296
1297        if (ndopts.nd_opts_mtu) {
1298                __be32 n;
1299                u32 mtu;
1300
1301                memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1302                mtu = ntohl(n);
1303
1304                if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1305                        ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1306                } else if (in6_dev->cnf.mtu6 != mtu) {
1307                        in6_dev->cnf.mtu6 = mtu;
1308
1309                        if (rt)
1310                                dst_metric_set(&rt->dst, RTAX_MTU, mtu);
1311
1312                        rt6_mtu_change(skb->dev, mtu);
1313                }
1314        }
1315
1316        if (ndopts.nd_useropts) {
1317                struct nd_opt_hdr *p;
1318                for (p = ndopts.nd_useropts;
1319                     p;
1320                     p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) {
1321                        ndisc_ra_useropt(skb, p);
1322                }
1323        }
1324
1325        if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1326                ND_PRINTK(2, warn, "RA: invalid RA options\n");
1327        }
1328out:
1329        if (rt)
1330                dst_release(&rt->dst);
1331        if (neigh)
1332                neigh_release(neigh);
1333}
1334
1335static void ndisc_redirect_rcv(struct sk_buff *skb)
1336{
1337#ifdef CONFIG_IPV6_NDISC_NODETYPE
1338        switch (skb->ndisc_nodetype) {
1339        case NDISC_NODETYPE_HOST:
1340        case NDISC_NODETYPE_NODEFAULT:
1341                ND_PRINTK(2, warn,
1342                          "Redirect: from host or unauthorized router\n");
1343                return;
1344        }
1345#endif
1346
1347        if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1348                ND_PRINTK(2, warn,
1349                          "Redirect: source address is not link-local\n");
1350                return;
1351        }
1352
1353        icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1354}
1355
1356void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1357{
1358        struct net_device *dev = skb->dev;
1359        struct net *net = dev_net(dev);
1360        struct sock *sk = net->ipv6.ndisc_sk;
1361        int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1362        struct inet_peer *peer;
1363        struct sk_buff *buff;
1364        struct icmp6hdr *icmph;
1365        struct in6_addr saddr_buf;
1366        struct in6_addr *addrp;
1367        struct rt6_info *rt;
1368        struct dst_entry *dst;
1369        struct inet6_dev *idev;
1370        struct flowi6 fl6;
1371        u8 *opt;
1372        int hlen, tlen;
1373        int rd_len;
1374        int err;
1375        u8 ha_buf[MAX_ADDR_LEN], *ha = NULL;
1376        bool ret;
1377
1378        if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1379                ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1380                          dev->name);
1381                return;
1382        }
1383
1384        if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1385            ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1386                ND_PRINTK(2, warn,
1387                          "Redirect: target address is not link-local unicast\n");
1388                return;
1389        }
1390
1391        icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1392                         &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1393
1394        dst = ip6_route_output(net, NULL, &fl6);
1395        if (dst->error) {
1396                dst_release(dst);
1397                return;
1398        }
1399        dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1400        if (IS_ERR(dst))
1401                return;
1402
1403        rt = (struct rt6_info *) dst;
1404
1405        if (rt->rt6i_flags & RTF_GATEWAY) {
1406                ND_PRINTK(2, warn,
1407                          "Redirect: destination is not a neighbour\n");
1408                goto release;
1409        }
1410        peer = inet_getpeer_v6(net->ipv6.peers, &rt->rt6i_dst.addr, 1);
1411        ret = inet_peer_xrlim_allow(peer, 1*HZ);
1412        if (peer)
1413                inet_putpeer(peer);
1414        if (!ret)
1415                goto release;
1416
1417        if (dev->addr_len) {
1418                struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1419                if (!neigh) {
1420                        ND_PRINTK(2, warn,
1421                                  "Redirect: no neigh for target address\n");
1422                        goto release;
1423                }
1424
1425                read_lock_bh(&neigh->lock);
1426                if (neigh->nud_state & NUD_VALID) {
1427                        memcpy(ha_buf, neigh->ha, dev->addr_len);
1428                        read_unlock_bh(&neigh->lock);
1429                        ha = ha_buf;
1430                        len += ndisc_opt_addr_space(dev);
1431                } else
1432                        read_unlock_bh(&neigh->lock);
1433
1434                neigh_release(neigh);
1435        }
1436
1437        rd_len = min_t(unsigned int,
1438                     IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8);
1439        rd_len &= ~0x7;
1440        len += rd_len;
1441
1442        hlen = LL_RESERVED_SPACE(dev);
1443        tlen = dev->needed_tailroom;
1444        buff = sock_alloc_send_skb(sk,
1445                                   (MAX_HEADER + sizeof(struct ipv6hdr) +
1446                                    len + hlen + tlen),
1447                                   1, &err);
1448        if (buff == NULL) {
1449                ND_PRINTK(0, err,
1450                          "Redirect: %s failed to allocate an skb, err=%d\n",
1451                          __func__, err);
1452                goto release;
1453        }
1454
1455        skb_reserve(buff, hlen);
1456        ip6_nd_hdr(sk, buff, dev, &saddr_buf, &ipv6_hdr(skb)->saddr,
1457                   IPPROTO_ICMPV6, len);
1458
1459        skb_set_transport_header(buff, skb_tail_pointer(buff) - buff->data);
1460        skb_put(buff, len);
1461        icmph = icmp6_hdr(buff);
1462
1463        memset(icmph, 0, sizeof(struct icmp6hdr));
1464        icmph->icmp6_type = NDISC_REDIRECT;
1465
1466        /*
1467         *      copy target and destination addresses
1468         */
1469
1470        addrp = (struct in6_addr *)(icmph + 1);
1471        *addrp = *target;
1472        addrp++;
1473        *addrp = ipv6_hdr(skb)->daddr;
1474
1475        opt = (u8*) (addrp + 1);
1476
1477        /*
1478         *      include target_address option
1479         */
1480
1481        if (ha)
1482                opt = ndisc_fill_addr_option(opt, ND_OPT_TARGET_LL_ADDR, ha,
1483                                             dev->addr_len, dev->type);
1484
1485        /*
1486         *      build redirect option and copy skb over to the new packet.
1487         */
1488
1489        memset(opt, 0, 8);
1490        *(opt++) = ND_OPT_REDIRECT_HDR;
1491        *(opt++) = (rd_len >> 3);
1492        opt += 6;
1493
1494        memcpy(opt, ipv6_hdr(skb), rd_len - 8);
1495
1496        icmph->icmp6_cksum = csum_ipv6_magic(&saddr_buf, &ipv6_hdr(skb)->saddr,
1497                                             len, IPPROTO_ICMPV6,
1498                                             csum_partial(icmph, len, 0));
1499
1500        skb_dst_set(buff, dst);
1501        rcu_read_lock();
1502        idev = __in6_dev_get(dst->dev);
1503        IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
1504        err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, buff, NULL, dst->dev,
1505                      dst_output);
1506        if (!err) {
1507                ICMP6MSGOUT_INC_STATS(net, idev, NDISC_REDIRECT);
1508                ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
1509        }
1510
1511        rcu_read_unlock();
1512        return;
1513
1514release:
1515        dst_release(dst);
1516}
1517
1518static void pndisc_redo(struct sk_buff *skb)
1519{
1520        ndisc_recv_ns(skb);
1521        kfree_skb(skb);
1522}
1523
1524int ndisc_rcv(struct sk_buff *skb)
1525{
1526        struct nd_msg *msg;
1527
1528        if (!pskb_may_pull(skb, skb->len))
1529                return 0;
1530
1531        msg = (struct nd_msg *)skb_transport_header(skb);
1532
1533        __skb_push(skb, skb->data - skb_transport_header(skb));
1534
1535        if (ipv6_hdr(skb)->hop_limit != 255) {
1536                ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1537                          ipv6_hdr(skb)->hop_limit);
1538                return 0;
1539        }
1540
1541        if (msg->icmph.icmp6_code != 0) {
1542                ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1543                          msg->icmph.icmp6_code);
1544                return 0;
1545        }
1546
1547        memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1548
1549        switch (msg->icmph.icmp6_type) {
1550        case NDISC_NEIGHBOUR_SOLICITATION:
1551                ndisc_recv_ns(skb);
1552                break;
1553
1554        case NDISC_NEIGHBOUR_ADVERTISEMENT:
1555                ndisc_recv_na(skb);
1556                break;
1557
1558        case NDISC_ROUTER_SOLICITATION:
1559                ndisc_recv_rs(skb);
1560                break;
1561
1562        case NDISC_ROUTER_ADVERTISEMENT:
1563                ndisc_router_discovery(skb);
1564                break;
1565
1566        case NDISC_REDIRECT:
1567                ndisc_redirect_rcv(skb);
1568                break;
1569        }
1570
1571        return 0;
1572}
1573
1574static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1575{
1576        struct net_device *dev = ptr;
1577        struct net *net = dev_net(dev);
1578
1579        switch (event) {
1580        case NETDEV_CHANGEADDR:
1581                neigh_changeaddr(&nd_tbl, dev);
1582                fib6_run_gc(~0UL, net);
1583                break;
1584        case NETDEV_DOWN:
1585                neigh_ifdown(&nd_tbl, dev);
1586                fib6_run_gc(~0UL, net);
1587                break;
1588        case NETDEV_NOTIFY_PEERS:
1589                ndisc_send_unsol_na(dev);
1590                break;
1591        default:
1592                break;
1593        }
1594
1595        return NOTIFY_DONE;
1596}
1597
1598static struct notifier_block ndisc_netdev_notifier = {
1599        .notifier_call = ndisc_netdev_event,
1600};
1601
1602#ifdef CONFIG_SYSCTL
1603static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1604                                         const char *func, const char *dev_name)
1605{
1606        static char warncomm[TASK_COMM_LEN];
1607        static int warned;
1608        if (strcmp(warncomm, current->comm) && warned < 5) {
1609                strcpy(warncomm, current->comm);
1610                pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1611                        warncomm, func,
1612                        dev_name, ctl->procname,
1613                        dev_name, ctl->procname);
1614                warned++;
1615        }
1616}
1617
1618int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
1619{
1620        struct net_device *dev = ctl->extra1;
1621        struct inet6_dev *idev;
1622        int ret;
1623
1624        if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1625            (strcmp(ctl->procname, "base_reachable_time") == 0))
1626                ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1627
1628        if (strcmp(ctl->procname, "retrans_time") == 0)
1629                ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
1630
1631        else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1632                ret = proc_dointvec_jiffies(ctl, write,
1633                                            buffer, lenp, ppos);
1634
1635        else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1636                 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1637                ret = proc_dointvec_ms_jiffies(ctl, write,
1638                                               buffer, lenp, ppos);
1639        else
1640                ret = -1;
1641
1642        if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1643                if (ctl->data == &idev->nd_parms->base_reachable_time)
1644                        idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time);
1645                idev->tstamp = jiffies;
1646                inet6_ifinfo_notify(RTM_NEWLINK, idev);
1647                in6_dev_put(idev);
1648        }
1649        return ret;
1650}
1651
1652
1653#endif
1654
1655static int __net_init ndisc_net_init(struct net *net)
1656{
1657        struct ipv6_pinfo *np;
1658        struct sock *sk;
1659        int err;
1660
1661        err = inet_ctl_sock_create(&sk, PF_INET6,
1662                                   SOCK_RAW, IPPROTO_ICMPV6, net);
1663        if (err < 0) {
1664                ND_PRINTK(0, err,
1665                          "NDISC: Failed to initialize the control socket (err %d)\n",
1666                          err);
1667                return err;
1668        }
1669
1670        net->ipv6.ndisc_sk = sk;
1671
1672        np = inet6_sk(sk);
1673        np->hop_limit = 255;
1674        /* Do not loopback ndisc messages */
1675        np->mc_loop = 0;
1676
1677        return 0;
1678}
1679
1680static void __net_exit ndisc_net_exit(struct net *net)
1681{
1682        inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1683}
1684
1685static struct pernet_operations ndisc_net_ops = {
1686        .init = ndisc_net_init,
1687        .exit = ndisc_net_exit,
1688};
1689
1690int __init ndisc_init(void)
1691{
1692        int err;
1693
1694        err = register_pernet_subsys(&ndisc_net_ops);
1695        if (err)
1696                return err;
1697        /*
1698         * Initialize the neighbour table
1699         */
1700        neigh_table_init(&nd_tbl);
1701
1702#ifdef CONFIG_SYSCTL
1703        err = neigh_sysctl_register(NULL, &nd_tbl.parms, "ipv6",
1704                                    &ndisc_ifinfo_sysctl_change);
1705        if (err)
1706                goto out_unregister_pernet;
1707#endif
1708        err = register_netdevice_notifier(&ndisc_netdev_notifier);
1709        if (err)
1710                goto out_unregister_sysctl;
1711out:
1712        return err;
1713
1714out_unregister_sysctl:
1715#ifdef CONFIG_SYSCTL
1716        neigh_sysctl_unregister(&nd_tbl.parms);
1717out_unregister_pernet:
1718#endif
1719        unregister_pernet_subsys(&ndisc_net_ops);
1720        goto out;
1721}
1722
1723void ndisc_cleanup(void)
1724{
1725        unregister_netdevice_notifier(&ndisc_netdev_notifier);
1726#ifdef CONFIG_SYSCTL
1727        neigh_sysctl_unregister(&nd_tbl.parms);
1728#endif
1729        neigh_table_clear(&nd_tbl);
1730        unregister_pernet_subsys(&ndisc_net_ops);
1731}
1732
lxr.linux.no kindly hosted by Redpill Linpro AS, provider of Linux consulting and operations services since 1995.