linux/net/ipv6/ndisc.c
<<
>>
Prefs
   1/*
   2 *      Neighbour Discovery for IPv6
   3 *      Linux INET6 implementation
   4 *
   5 *      Authors:
   6 *      Pedro Roque             <roque@di.fc.ul.pt>
   7 *      Mike Shaver             <shaver@ingenia.com>
   8 *
   9 *      This program is free software; you can redistribute it and/or
  10 *      modify it under the terms of the GNU General Public License
  11 *      as published by the Free Software Foundation; either version
  12 *      2 of the License, or (at your option) any later version.
  13 */
  14
  15/*
  16 *      Changes:
  17 *
  18 *      Alexey I. Froloff               :       RFC6106 (DNSSL) support
  19 *      Pierre Ynard                    :       export userland ND options
  20 *                                              through netlink (RDNSS support)
  21 *      Lars Fenneberg                  :       fixed MTU setting on receipt
  22 *                                              of an RA.
  23 *      Janos Farkas                    :       kmalloc failure checks
  24 *      Alexey Kuznetsov                :       state machine reworked
  25 *                                              and moved to net/core.
  26 *      Pekka Savola                    :       RFC2461 validation
  27 *      YOSHIFUJI Hideaki @USAGI        :       Verify ND options properly
  28 */
  29
  30#define pr_fmt(fmt) "ICMPv6: " fmt
  31
  32#include <linux/module.h>
  33#include <linux/errno.h>
  34#include <linux/types.h>
  35#include <linux/socket.h>
  36#include <linux/sockios.h>
  37#include <linux/sched.h>
  38#include <linux/net.h>
  39#include <linux/in6.h>
  40#include <linux/route.h>
  41#include <linux/init.h>
  42#include <linux/rcupdate.h>
  43#include <linux/slab.h>
  44#ifdef CONFIG_SYSCTL
  45#include <linux/sysctl.h>
  46#endif
  47
  48#include <linux/if_addr.h>
  49#include <linux/if_arp.h>
  50#include <linux/ipv6.h>
  51#include <linux/icmpv6.h>
  52#include <linux/jhash.h>
  53
  54#include <net/sock.h>
  55#include <net/snmp.h>
  56
  57#include <net/ipv6.h>
  58#include <net/protocol.h>
  59#include <net/ndisc.h>
  60#include <net/ip6_route.h>
  61#include <net/addrconf.h>
  62#include <net/icmp.h>
  63
  64#include <net/netlink.h>
  65#include <linux/rtnetlink.h>
  66
  67#include <net/flow.h>
  68#include <net/ip6_checksum.h>
  69#include <net/inet_common.h>
  70#include <linux/proc_fs.h>
  71
  72#include <linux/netfilter.h>
  73#include <linux/netfilter_ipv6.h>
  74
  75/* Set to 3 to get tracing... */
  76#define ND_DEBUG 1
  77
  78#define ND_PRINTK(val, level, fmt, ...)                         \
  79do {                                                            \
  80        if (val <= ND_DEBUG)                                    \
  81                net_##level##_ratelimited(fmt, ##__VA_ARGS__);  \
  82} while (0)
  83
  84static u32 ndisc_hash(const void *pkey,
  85                      const struct net_device *dev,
  86                      __u32 *hash_rnd);
  87static int ndisc_constructor(struct neighbour *neigh);
  88static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
  89static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
  90static int pndisc_constructor(struct pneigh_entry *n);
  91static void pndisc_destructor(struct pneigh_entry *n);
  92static void pndisc_redo(struct sk_buff *skb);
  93
  94static const struct neigh_ops ndisc_generic_ops = {
  95        .family =               AF_INET6,
  96        .solicit =              ndisc_solicit,
  97        .error_report =         ndisc_error_report,
  98        .output =               neigh_resolve_output,
  99        .connected_output =     neigh_connected_output,
 100};
 101
 102static const struct neigh_ops ndisc_hh_ops = {
 103        .family =               AF_INET6,
 104        .solicit =              ndisc_solicit,
 105        .error_report =         ndisc_error_report,
 106        .output =               neigh_resolve_output,
 107        .connected_output =     neigh_resolve_output,
 108};
 109
 110
 111static const struct neigh_ops ndisc_direct_ops = {
 112        .family =               AF_INET6,
 113        .output =               neigh_direct_output,
 114        .connected_output =     neigh_direct_output,
 115};
 116
 117struct neigh_table nd_tbl = {
 118        .family =       AF_INET6,
 119        .key_len =      sizeof(struct in6_addr),
 120        .hash =         ndisc_hash,
 121        .constructor =  ndisc_constructor,
 122        .pconstructor = pndisc_constructor,
 123        .pdestructor =  pndisc_destructor,
 124        .proxy_redo =   pndisc_redo,
 125        .id =           "ndisc_cache",
 126        .parms = {
 127                .tbl                    = &nd_tbl,
 128                .base_reachable_time    = ND_REACHABLE_TIME,
 129                .retrans_time           = ND_RETRANS_TIMER,
 130                .gc_staletime           = 60 * HZ,
 131                .reachable_time         = ND_REACHABLE_TIME,
 132                .delay_probe_time       = 5 * HZ,
 133                .queue_len_bytes        = 64*1024,
 134                .ucast_probes           = 3,
 135                .mcast_probes           = 3,
 136                .anycast_delay          = 1 * HZ,
 137                .proxy_delay            = (8 * HZ) / 10,
 138                .proxy_qlen             = 64,
 139        },
 140        .gc_interval =    30 * HZ,
 141        .gc_thresh1 =    128,
 142        .gc_thresh2 =    512,
 143        .gc_thresh3 =   1024,
 144};
 145
 146static inline int ndisc_opt_addr_space(struct net_device *dev)
 147{
 148        return NDISC_OPT_SPACE(dev->addr_len + ndisc_addr_option_pad(dev->type));
 149}
 150
 151static u8 *ndisc_fill_addr_option(u8 *opt, int type, void *data, int data_len,
 152                                  unsigned short addr_type)
 153{
 154        int space = NDISC_OPT_SPACE(data_len);
 155        int pad   = ndisc_addr_option_pad(addr_type);
 156
 157        opt[0] = type;
 158        opt[1] = space>>3;
 159
 160        memset(opt + 2, 0, pad);
 161        opt   += pad;
 162        space -= pad;
 163
 164        memcpy(opt+2, data, data_len);
 165        data_len += 2;
 166        opt += data_len;
 167        if ((space -= data_len) > 0)
 168                memset(opt, 0, space);
 169        return opt + space;
 170}
 171
 172static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
 173                                            struct nd_opt_hdr *end)
 174{
 175        int type;
 176        if (!cur || !end || cur >= end)
 177                return NULL;
 178        type = cur->nd_opt_type;
 179        do {
 180                cur = ((void *)cur) + (cur->nd_opt_len << 3);
 181        } while(cur < end && cur->nd_opt_type != type);
 182        return cur <= end && cur->nd_opt_type == type ? cur : NULL;
 183}
 184
 185static inline int ndisc_is_useropt(struct nd_opt_hdr *opt)
 186{
 187        return opt->nd_opt_type == ND_OPT_RDNSS ||
 188                opt->nd_opt_type == ND_OPT_DNSSL;
 189}
 190
 191static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur,
 192                                             struct nd_opt_hdr *end)
 193{
 194        if (!cur || !end || cur >= end)
 195                return NULL;
 196        do {
 197                cur = ((void *)cur) + (cur->nd_opt_len << 3);
 198        } while(cur < end && !ndisc_is_useropt(cur));
 199        return cur <= end && ndisc_is_useropt(cur) ? cur : NULL;
 200}
 201
 202struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
 203                                          struct ndisc_options *ndopts)
 204{
 205        struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
 206
 207        if (!nd_opt || opt_len < 0 || !ndopts)
 208                return NULL;
 209        memset(ndopts, 0, sizeof(*ndopts));
 210        while (opt_len) {
 211                int l;
 212                if (opt_len < sizeof(struct nd_opt_hdr))
 213                        return NULL;
 214                l = nd_opt->nd_opt_len << 3;
 215                if (opt_len < l || l == 0)
 216                        return NULL;
 217                switch (nd_opt->nd_opt_type) {
 218                case ND_OPT_SOURCE_LL_ADDR:
 219                case ND_OPT_TARGET_LL_ADDR:
 220                case ND_OPT_MTU:
 221                case ND_OPT_REDIRECT_HDR:
 222                        if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
 223                                ND_PRINTK(2, warn,
 224                                          "%s: duplicated ND6 option found: type=%d\n",
 225                                          __func__, nd_opt->nd_opt_type);
 226                        } else {
 227                                ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
 228                        }
 229                        break;
 230                case ND_OPT_PREFIX_INFO:
 231                        ndopts->nd_opts_pi_end = nd_opt;
 232                        if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
 233                                ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
 234                        break;
 235#ifdef CONFIG_IPV6_ROUTE_INFO
 236                case ND_OPT_ROUTE_INFO:
 237                        ndopts->nd_opts_ri_end = nd_opt;
 238                        if (!ndopts->nd_opts_ri)
 239                                ndopts->nd_opts_ri = nd_opt;
 240                        break;
 241#endif
 242                default:
 243                        if (ndisc_is_useropt(nd_opt)) {
 244                                ndopts->nd_useropts_end = nd_opt;
 245                                if (!ndopts->nd_useropts)
 246                                        ndopts->nd_useropts = nd_opt;
 247                        } else {
 248                                /*
 249                                 * Unknown options must be silently ignored,
 250                                 * to accommodate future extension to the
 251                                 * protocol.
 252                                 */
 253                                ND_PRINTK(2, notice,
 254                                          "%s: ignored unsupported option; type=%d, len=%d\n",
 255                                          __func__,
 256                                          nd_opt->nd_opt_type,
 257                                          nd_opt->nd_opt_len);
 258                        }
 259                }
 260                opt_len -= l;
 261                nd_opt = ((void *)nd_opt) + l;
 262        }
 263        return ndopts;
 264}
 265
 266int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
 267{
 268        switch (dev->type) {
 269        case ARPHRD_ETHER:
 270        case ARPHRD_IEEE802:    /* Not sure. Check it later. --ANK */
 271        case ARPHRD_FDDI:
 272                ipv6_eth_mc_map(addr, buf);
 273                return 0;
 274        case ARPHRD_ARCNET:
 275                ipv6_arcnet_mc_map(addr, buf);
 276                return 0;
 277        case ARPHRD_INFINIBAND:
 278                ipv6_ib_mc_map(addr, dev->broadcast, buf);
 279                return 0;
 280        case ARPHRD_IPGRE:
 281                return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
 282        default:
 283                if (dir) {
 284                        memcpy(buf, dev->broadcast, dev->addr_len);
 285                        return 0;
 286                }
 287        }
 288        return -EINVAL;
 289}
 290
 291EXPORT_SYMBOL(ndisc_mc_map);
 292
 293static u32 ndisc_hash(const void *pkey,
 294                      const struct net_device *dev,
 295                      __u32 *hash_rnd)
 296{
 297        return ndisc_hashfn(pkey, dev, hash_rnd);
 298}
 299
 300static int ndisc_constructor(struct neighbour *neigh)
 301{
 302        struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key;
 303        struct net_device *dev = neigh->dev;
 304        struct inet6_dev *in6_dev;
 305        struct neigh_parms *parms;
 306        bool is_multicast = ipv6_addr_is_multicast(addr);
 307
 308        in6_dev = in6_dev_get(dev);
 309        if (in6_dev == NULL) {
 310                return -EINVAL;
 311        }
 312
 313        parms = in6_dev->nd_parms;
 314        __neigh_parms_put(neigh->parms);
 315        neigh->parms = neigh_parms_clone(parms);
 316
 317        neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
 318        if (!dev->header_ops) {
 319                neigh->nud_state = NUD_NOARP;
 320                neigh->ops = &ndisc_direct_ops;
 321                neigh->output = neigh_direct_output;
 322        } else {
 323                if (is_multicast) {
 324                        neigh->nud_state = NUD_NOARP;
 325                        ndisc_mc_map(addr, neigh->ha, dev, 1);
 326                } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
 327                        neigh->nud_state = NUD_NOARP;
 328                        memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
 329                        if (dev->flags&IFF_LOOPBACK)
 330                                neigh->type = RTN_LOCAL;
 331                } else if (dev->flags&IFF_POINTOPOINT) {
 332                        neigh->nud_state = NUD_NOARP;
 333                        memcpy(neigh->ha, dev->broadcast, dev->addr_len);
 334                }
 335                if (dev->header_ops->cache)
 336                        neigh->ops = &ndisc_hh_ops;
 337                else
 338                        neigh->ops = &ndisc_generic_ops;
 339                if (neigh->nud_state&NUD_VALID)
 340                        neigh->output = neigh->ops->connected_output;
 341                else
 342                        neigh->output = neigh->ops->output;
 343        }
 344        in6_dev_put(in6_dev);
 345        return 0;
 346}
 347
 348static int pndisc_constructor(struct pneigh_entry *n)
 349{
 350        struct in6_addr *addr = (struct in6_addr*)&n->key;
 351        struct in6_addr maddr;
 352        struct net_device *dev = n->dev;
 353
 354        if (dev == NULL || __in6_dev_get(dev) == NULL)
 355                return -EINVAL;
 356        addrconf_addr_solict_mult(addr, &maddr);
 357        ipv6_dev_mc_inc(dev, &maddr);
 358        return 0;
 359}
 360
 361static void pndisc_destructor(struct pneigh_entry *n)
 362{
 363        struct in6_addr *addr = (struct in6_addr*)&n->key;
 364        struct in6_addr maddr;
 365        struct net_device *dev = n->dev;
 366
 367        if (dev == NULL || __in6_dev_get(dev) == NULL)
 368                return;
 369        addrconf_addr_solict_mult(addr, &maddr);
 370        ipv6_dev_mc_dec(dev, &maddr);
 371}
 372
 373struct sk_buff *ndisc_build_skb(struct net_device *dev,
 374                                const struct in6_addr *daddr,
 375                                const struct in6_addr *saddr,
 376                                struct icmp6hdr *icmp6h,
 377                                const struct in6_addr *target,
 378                                int llinfo)
 379{
 380        struct net *net = dev_net(dev);
 381        struct sock *sk = net->ipv6.ndisc_sk;
 382        struct sk_buff *skb;
 383        struct icmp6hdr *hdr;
 384        int hlen = LL_RESERVED_SPACE(dev);
 385        int tlen = dev->needed_tailroom;
 386        int len;
 387        int err;
 388        u8 *opt;
 389
 390        if (!dev->addr_len)
 391                llinfo = 0;
 392
 393        len = sizeof(struct icmp6hdr) + (target ? sizeof(*target) : 0);
 394        if (llinfo)
 395                len += ndisc_opt_addr_space(dev);
 396
 397        skb = sock_alloc_send_skb(sk,
 398                                  (MAX_HEADER + sizeof(struct ipv6hdr) +
 399                                   len + hlen + tlen),
 400                                  1, &err);
 401        if (!skb) {
 402                ND_PRINTK(0, err, "ND: %s failed to allocate an skb, err=%d\n",
 403                          __func__, err);
 404                return NULL;
 405        }
 406
 407        skb_reserve(skb, hlen);
 408        ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len);
 409
 410        skb->transport_header = skb->tail;
 411        skb_put(skb, len);
 412
 413        hdr = (struct icmp6hdr *)skb_transport_header(skb);
 414        memcpy(hdr, icmp6h, sizeof(*hdr));
 415
 416        opt = skb_transport_header(skb) + sizeof(struct icmp6hdr);
 417        if (target) {
 418                *(struct in6_addr *)opt = *target;
 419                opt += sizeof(*target);
 420        }
 421
 422        if (llinfo)
 423                ndisc_fill_addr_option(opt, llinfo, dev->dev_addr,
 424                                       dev->addr_len, dev->type);
 425
 426        hdr->icmp6_cksum = csum_ipv6_magic(saddr, daddr, len,
 427                                           IPPROTO_ICMPV6,
 428                                           csum_partial(hdr,
 429                                                        len, 0));
 430
 431        return skb;
 432}
 433
 434EXPORT_SYMBOL(ndisc_build_skb);
 435
 436void ndisc_send_skb(struct sk_buff *skb,
 437                    struct net_device *dev,
 438                    struct neighbour *neigh,
 439                    const struct in6_addr *daddr,
 440                    const struct in6_addr *saddr,
 441                    struct icmp6hdr *icmp6h)
 442{
 443        struct flowi6 fl6;
 444        struct dst_entry *dst;
 445        struct net *net = dev_net(dev);
 446        struct sock *sk = net->ipv6.ndisc_sk;
 447        struct inet6_dev *idev;
 448        int err;
 449        u8 type;
 450
 451        type = icmp6h->icmp6_type;
 452
 453        icmpv6_flow_init(sk, &fl6, type, saddr, daddr, dev->ifindex);
 454        dst = icmp6_dst_alloc(dev, neigh, &fl6);
 455        if (IS_ERR(dst)) {
 456                kfree_skb(skb);
 457                return;
 458        }
 459
 460        skb_dst_set(skb, dst);
 461
 462        rcu_read_lock();
 463        idev = __in6_dev_get(dst->dev);
 464        IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
 465
 466        err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev,
 467                      dst_output);
 468        if (!err) {
 469                ICMP6MSGOUT_INC_STATS(net, idev, type);
 470                ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
 471        }
 472
 473        rcu_read_unlock();
 474}
 475
 476EXPORT_SYMBOL(ndisc_send_skb);
 477
 478/*
 479 *      Send a Neighbour Discover packet
 480 */
 481static void __ndisc_send(struct net_device *dev,
 482                         struct neighbour *neigh,
 483                         const struct in6_addr *daddr,
 484                         const struct in6_addr *saddr,
 485                         struct icmp6hdr *icmp6h, const struct in6_addr *target,
 486                         int llinfo)
 487{
 488        struct sk_buff *skb;
 489
 490        skb = ndisc_build_skb(dev, daddr, saddr, icmp6h, target, llinfo);
 491        if (!skb)
 492                return;
 493
 494        ndisc_send_skb(skb, dev, neigh, daddr, saddr, icmp6h);
 495}
 496
 497static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
 498                          const struct in6_addr *daddr,
 499                          const struct in6_addr *solicited_addr,
 500                          int router, int solicited, int override, int inc_opt)
 501{
 502        struct in6_addr tmpaddr;
 503        struct inet6_ifaddr *ifp;
 504        const struct in6_addr *src_addr;
 505        struct icmp6hdr icmp6h = {
 506                .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
 507        };
 508
 509        /* for anycast or proxy, solicited_addr != src_addr */
 510        ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
 511        if (ifp) {
 512                src_addr = solicited_addr;
 513                if (ifp->flags & IFA_F_OPTIMISTIC)
 514                        override = 0;
 515                inc_opt |= ifp->idev->cnf.force_tllao;
 516                in6_ifa_put(ifp);
 517        } else {
 518                if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
 519                                       inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
 520                                       &tmpaddr))
 521                        return;
 522                src_addr = &tmpaddr;
 523        }
 524
 525        icmp6h.icmp6_router = router;
 526        icmp6h.icmp6_solicited = solicited;
 527        icmp6h.icmp6_override = override;
 528
 529        __ndisc_send(dev, neigh, daddr, src_addr,
 530                     &icmp6h, solicited_addr,
 531                     inc_opt ? ND_OPT_TARGET_LL_ADDR : 0);
 532}
 533
 534static void ndisc_send_unsol_na(struct net_device *dev)
 535{
 536        struct inet6_dev *idev;
 537        struct inet6_ifaddr *ifa;
 538        struct in6_addr mcaddr = IN6ADDR_LINKLOCAL_ALLNODES_INIT;
 539
 540        idev = in6_dev_get(dev);
 541        if (!idev)
 542                return;
 543
 544        read_lock_bh(&idev->lock);
 545        list_for_each_entry(ifa, &idev->addr_list, if_list) {
 546                ndisc_send_na(dev, NULL, &mcaddr, &ifa->addr,
 547                              /*router=*/ !!idev->cnf.forwarding,
 548                              /*solicited=*/ false, /*override=*/ true,
 549                              /*inc_opt=*/ true);
 550        }
 551        read_unlock_bh(&idev->lock);
 552
 553        in6_dev_put(idev);
 554}
 555
 556void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh,
 557                   const struct in6_addr *solicit,
 558                   const struct in6_addr *daddr, const struct in6_addr *saddr)
 559{
 560        struct in6_addr addr_buf;
 561        struct icmp6hdr icmp6h = {
 562                .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
 563        };
 564
 565        if (saddr == NULL) {
 566                if (ipv6_get_lladdr(dev, &addr_buf,
 567                                   (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
 568                        return;
 569                saddr = &addr_buf;
 570        }
 571
 572        __ndisc_send(dev, neigh, daddr, saddr,
 573                     &icmp6h, solicit,
 574                     !ipv6_addr_any(saddr) ? ND_OPT_SOURCE_LL_ADDR : 0);
 575}
 576
 577void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
 578                   const struct in6_addr *daddr)
 579{
 580        struct icmp6hdr icmp6h = {
 581                .icmp6_type = NDISC_ROUTER_SOLICITATION,
 582        };
 583        int send_sllao = dev->addr_len;
 584
 585#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
 586        /*
 587         * According to section 2.2 of RFC 4429, we must not
 588         * send router solicitations with a sllao from
 589         * optimistic addresses, but we may send the solicitation
 590         * if we don't include the sllao.  So here we check
 591         * if our address is optimistic, and if so, we
 592         * suppress the inclusion of the sllao.
 593         */
 594        if (send_sllao) {
 595                struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
 596                                                           dev, 1);
 597                if (ifp) {
 598                        if (ifp->flags & IFA_F_OPTIMISTIC)  {
 599                                send_sllao = 0;
 600                        }
 601                        in6_ifa_put(ifp);
 602                } else {
 603                        send_sllao = 0;
 604                }
 605        }
 606#endif
 607        __ndisc_send(dev, NULL, daddr, saddr,
 608                     &icmp6h, NULL,
 609                     send_sllao ? ND_OPT_SOURCE_LL_ADDR : 0);
 610}
 611
 612
 613static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
 614{
 615        /*
 616         *      "The sender MUST return an ICMP
 617         *       destination unreachable"
 618         */
 619        dst_link_failure(skb);
 620        kfree_skb(skb);
 621}
 622
 623/* Called with locked neigh: either read or both */
 624
 625static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
 626{
 627        struct in6_addr *saddr = NULL;
 628        struct in6_addr mcaddr;
 629        struct net_device *dev = neigh->dev;
 630        struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
 631        int probes = atomic_read(&neigh->probes);
 632
 633        if (skb && ipv6_chk_addr(dev_net(dev), &ipv6_hdr(skb)->saddr, dev, 1))
 634                saddr = &ipv6_hdr(skb)->saddr;
 635
 636        if ((probes -= neigh->parms->ucast_probes) < 0) {
 637                if (!(neigh->nud_state & NUD_VALID)) {
 638                        ND_PRINTK(1, dbg,
 639                                  "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
 640                                  __func__, target);
 641                }
 642                ndisc_send_ns(dev, neigh, target, target, saddr);
 643        } else if ((probes -= neigh->parms->app_probes) < 0) {
 644#ifdef CONFIG_ARPD
 645                neigh_app_ns(neigh);
 646#endif
 647        } else {
 648                addrconf_addr_solict_mult(target, &mcaddr);
 649                ndisc_send_ns(dev, NULL, target, &mcaddr, saddr);
 650        }
 651}
 652
 653static int pndisc_is_router(const void *pkey,
 654                            struct net_device *dev)
 655{
 656        struct pneigh_entry *n;
 657        int ret = -1;
 658
 659        read_lock_bh(&nd_tbl.lock);
 660        n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
 661        if (n)
 662                ret = !!(n->flags & NTF_ROUTER);
 663        read_unlock_bh(&nd_tbl.lock);
 664
 665        return ret;
 666}
 667
 668static void ndisc_recv_ns(struct sk_buff *skb)
 669{
 670        struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
 671        const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
 672        const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
 673        u8 *lladdr = NULL;
 674        u32 ndoptlen = skb->tail - (skb->transport_header +
 675                                    offsetof(struct nd_msg, opt));
 676        struct ndisc_options ndopts;
 677        struct net_device *dev = skb->dev;
 678        struct inet6_ifaddr *ifp;
 679        struct inet6_dev *idev = NULL;
 680        struct neighbour *neigh;
 681        int dad = ipv6_addr_any(saddr);
 682        bool inc;
 683        int is_router = -1;
 684
 685        if (ipv6_addr_is_multicast(&msg->target)) {
 686                ND_PRINTK(2, warn, "NS: multicast target address\n");
 687                return;
 688        }
 689
 690        /*
 691         * RFC2461 7.1.1:
 692         * DAD has to be destined for solicited node multicast address.
 693         */
 694        if (dad &&
 695            !(daddr->s6_addr32[0] == htonl(0xff020000) &&
 696              daddr->s6_addr32[1] == htonl(0x00000000) &&
 697              daddr->s6_addr32[2] == htonl(0x00000001) &&
 698              daddr->s6_addr [12] == 0xff )) {
 699                ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
 700                return;
 701        }
 702
 703        if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
 704                ND_PRINTK(2, warn, "NS: invalid ND options\n");
 705                return;
 706        }
 707
 708        if (ndopts.nd_opts_src_lladdr) {
 709                lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
 710                if (!lladdr) {
 711                        ND_PRINTK(2, warn,
 712                                  "NS: invalid link-layer address length\n");
 713                        return;
 714                }
 715
 716                /* RFC2461 7.1.1:
 717                 *      If the IP source address is the unspecified address,
 718                 *      there MUST NOT be source link-layer address option
 719                 *      in the message.
 720                 */
 721                if (dad) {
 722                        ND_PRINTK(2, warn,
 723                                  "NS: bad DAD packet (link-layer address option)\n");
 724                        return;
 725                }
 726        }
 727
 728        inc = ipv6_addr_is_multicast(daddr);
 729
 730        ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
 731        if (ifp) {
 732
 733                if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
 734                        if (dad) {
 735                                /*
 736                                 * We are colliding with another node
 737                                 * who is doing DAD
 738                                 * so fail our DAD process
 739                                 */
 740                                addrconf_dad_failure(ifp);
 741                                return;
 742                        } else {
 743                                /*
 744                                 * This is not a dad solicitation.
 745                                 * If we are an optimistic node,
 746                                 * we should respond.
 747                                 * Otherwise, we should ignore it.
 748                                 */
 749                                if (!(ifp->flags & IFA_F_OPTIMISTIC))
 750                                        goto out;
 751                        }
 752                }
 753
 754                idev = ifp->idev;
 755        } else {
 756                struct net *net = dev_net(dev);
 757
 758                idev = in6_dev_get(dev);
 759                if (!idev) {
 760                        /* XXX: count this drop? */
 761                        return;
 762                }
 763
 764                if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
 765                    (idev->cnf.forwarding &&
 766                     (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
 767                     (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
 768                        if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
 769                            skb->pkt_type != PACKET_HOST &&
 770                            inc != 0 &&
 771                            idev->nd_parms->proxy_delay != 0) {
 772                                /*
 773                                 * for anycast or proxy,
 774                                 * sender should delay its response
 775                                 * by a random time between 0 and
 776                                 * MAX_ANYCAST_DELAY_TIME seconds.
 777                                 * (RFC2461) -- yoshfuji
 778                                 */
 779                                struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
 780                                if (n)
 781                                        pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
 782                                goto out;
 783                        }
 784                } else
 785                        goto out;
 786        }
 787
 788        if (is_router < 0)
 789                is_router = !!idev->cnf.forwarding;
 790
 791        if (dad) {
 792                ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &msg->target,
 793                              is_router, 0, (ifp != NULL), 1);
 794                goto out;
 795        }
 796
 797        if (inc)
 798                NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
 799        else
 800                NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
 801
 802        /*
 803         *      update / create cache entry
 804         *      for the source address
 805         */
 806        neigh = __neigh_lookup(&nd_tbl, saddr, dev,
 807                               !inc || lladdr || !dev->addr_len);
 808        if (neigh)
 809                neigh_update(neigh, lladdr, NUD_STALE,
 810                             NEIGH_UPDATE_F_WEAK_OVERRIDE|
 811                             NEIGH_UPDATE_F_OVERRIDE);
 812        if (neigh || !dev->header_ops) {
 813                ndisc_send_na(dev, neigh, saddr, &msg->target,
 814                              is_router,
 815                              1, (ifp != NULL && inc), inc);
 816                if (neigh)
 817                        neigh_release(neigh);
 818        }
 819
 820out:
 821        if (ifp)
 822                in6_ifa_put(ifp);
 823        else
 824                in6_dev_put(idev);
 825}
 826
 827static void ndisc_recv_na(struct sk_buff *skb)
 828{
 829        struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
 830        const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
 831        const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
 832        u8 *lladdr = NULL;
 833        u32 ndoptlen = skb->tail - (skb->transport_header +
 834                                    offsetof(struct nd_msg, opt));
 835        struct ndisc_options ndopts;
 836        struct net_device *dev = skb->dev;
 837        struct inet6_ifaddr *ifp;
 838        struct neighbour *neigh;
 839
 840        if (skb->len < sizeof(struct nd_msg)) {
 841                ND_PRINTK(2, warn, "NA: packet too short\n");
 842                return;
 843        }
 844
 845        if (ipv6_addr_is_multicast(&msg->target)) {
 846                ND_PRINTK(2, warn, "NA: target address is multicast\n");
 847                return;
 848        }
 849
 850        if (ipv6_addr_is_multicast(daddr) &&
 851            msg->icmph.icmp6_solicited) {
 852                ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
 853                return;
 854        }
 855
 856        if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
 857                ND_PRINTK(2, warn, "NS: invalid ND option\n");
 858                return;
 859        }
 860        if (ndopts.nd_opts_tgt_lladdr) {
 861                lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
 862                if (!lladdr) {
 863                        ND_PRINTK(2, warn,
 864                                  "NA: invalid link-layer address length\n");
 865                        return;
 866                }
 867        }
 868        ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
 869        if (ifp) {
 870                if (skb->pkt_type != PACKET_LOOPBACK
 871                    && (ifp->flags & IFA_F_TENTATIVE)) {
 872                                addrconf_dad_failure(ifp);
 873                                return;
 874                }
 875                /* What should we make now? The advertisement
 876                   is invalid, but ndisc specs say nothing
 877                   about it. It could be misconfiguration, or
 878                   an smart proxy agent tries to help us :-)
 879
 880                   We should not print the error if NA has been
 881                   received from loopback - it is just our own
 882                   unsolicited advertisement.
 883                 */
 884                if (skb->pkt_type != PACKET_LOOPBACK)
 885                        ND_PRINTK(1, warn,
 886                                  "NA: someone advertises our address %pI6 on %s!\n",
 887                                  &ifp->addr, ifp->idev->dev->name);
 888                in6_ifa_put(ifp);
 889                return;
 890        }
 891        neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
 892
 893        if (neigh) {
 894                u8 old_flags = neigh->flags;
 895                struct net *net = dev_net(dev);
 896
 897                if (neigh->nud_state & NUD_FAILED)
 898                        goto out;
 899
 900                /*
 901                 * Don't update the neighbor cache entry on a proxy NA from
 902                 * ourselves because either the proxied node is off link or it
 903                 * has already sent a NA to us.
 904                 */
 905                if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
 906                    net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
 907                    pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
 908                        /* XXX: idev->cnf.prixy_ndp */
 909                        goto out;
 910                }
 911
 912                neigh_update(neigh, lladdr,
 913                             msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
 914                             NEIGH_UPDATE_F_WEAK_OVERRIDE|
 915                             (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
 916                             NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
 917                             (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0));
 918
 919                if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
 920                        /*
 921                         * Change: router to host
 922                         */
 923                        struct rt6_info *rt;
 924                        rt = rt6_get_dflt_router(saddr, dev);
 925                        if (rt)
 926                                ip6_del_rt(rt);
 927                }
 928
 929out:
 930                neigh_release(neigh);
 931        }
 932}
 933
 934static void ndisc_recv_rs(struct sk_buff *skb)
 935{
 936        struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
 937        unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
 938        struct neighbour *neigh;
 939        struct inet6_dev *idev;
 940        const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
 941        struct ndisc_options ndopts;
 942        u8 *lladdr = NULL;
 943
 944        if (skb->len < sizeof(*rs_msg))
 945                return;
 946
 947        idev = __in6_dev_get(skb->dev);
 948        if (!idev) {
 949                ND_PRINTK(1, err, "RS: can't find in6 device\n");
 950                return;
 951        }
 952
 953        /* Don't accept RS if we're not in router mode */
 954        if (!idev->cnf.forwarding)
 955                goto out;
 956
 957        /*
 958         * Don't update NCE if src = ::;
 959         * this implies that the source node has no ip address assigned yet.
 960         */
 961        if (ipv6_addr_any(saddr))
 962                goto out;
 963
 964        /* Parse ND options */
 965        if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) {
 966                ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n");
 967                goto out;
 968        }
 969
 970        if (ndopts.nd_opts_src_lladdr) {
 971                lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
 972                                             skb->dev);
 973                if (!lladdr)
 974                        goto out;
 975        }
 976
 977        neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
 978        if (neigh) {
 979                neigh_update(neigh, lladdr, NUD_STALE,
 980                             NEIGH_UPDATE_F_WEAK_OVERRIDE|
 981                             NEIGH_UPDATE_F_OVERRIDE|
 982                             NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
 983                neigh_release(neigh);
 984        }
 985out:
 986        return;
 987}
 988
 989static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
 990{
 991        struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
 992        struct sk_buff *skb;
 993        struct nlmsghdr *nlh;
 994        struct nduseroptmsg *ndmsg;
 995        struct net *net = dev_net(ra->dev);
 996        int err;
 997        int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
 998                                    + (opt->nd_opt_len << 3));
 999        size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1000
1001        skb = nlmsg_new(msg_size, GFP_ATOMIC);
1002        if (skb == NULL) {
1003                err = -ENOBUFS;
1004                goto errout;
1005        }
1006
1007        nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1008        if (nlh == NULL) {
1009                goto nla_put_failure;
1010        }
1011
1012        ndmsg = nlmsg_data(nlh);
1013        ndmsg->nduseropt_family = AF_INET6;
1014        ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1015        ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1016        ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1017        ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1018
1019        memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1020
1021        if (nla_put(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr),
1022                    &ipv6_hdr(ra)->saddr))
1023                goto nla_put_failure;
1024        nlmsg_end(skb, nlh);
1025
1026        rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1027        return;
1028
1029nla_put_failure:
1030        nlmsg_free(skb);
1031        err = -EMSGSIZE;
1032errout:
1033        rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1034}
1035
1036static inline int accept_ra(struct inet6_dev *in6_dev)
1037{
1038        /*
1039         * If forwarding is enabled, RA are not accepted unless the special
1040         * hybrid mode (accept_ra=2) is enabled.
1041         */
1042        if (in6_dev->cnf.forwarding && in6_dev->cnf.accept_ra < 2)
1043                return 0;
1044
1045        return in6_dev->cnf.accept_ra;
1046}
1047
1048static void ndisc_router_discovery(struct sk_buff *skb)
1049{
1050        struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1051        struct neighbour *neigh = NULL;
1052        struct inet6_dev *in6_dev;
1053        struct rt6_info *rt = NULL;
1054        int lifetime;
1055        struct ndisc_options ndopts;
1056        int optlen;
1057        unsigned int pref = 0;
1058
1059        __u8 * opt = (__u8 *)(ra_msg + 1);
1060
1061        optlen = (skb->tail - skb->transport_header) - sizeof(struct ra_msg);
1062
1063        if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1064                ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1065                return;
1066        }
1067        if (optlen < 0) {
1068                ND_PRINTK(2, warn, "RA: packet too short\n");
1069                return;
1070        }
1071
1072#ifdef CONFIG_IPV6_NDISC_NODETYPE
1073        if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1074                ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
1075                return;
1076        }
1077#endif
1078
1079        /*
1080         *      set the RA_RECV flag in the interface
1081         */
1082
1083        in6_dev = __in6_dev_get(skb->dev);
1084        if (in6_dev == NULL) {
1085                ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1086                          skb->dev->name);
1087                return;
1088        }
1089
1090        if (!ndisc_parse_options(opt, optlen, &ndopts)) {
1091                ND_PRINTK(2, warn, "RA: invalid ND options\n");
1092                return;
1093        }
1094
1095        if (!accept_ra(in6_dev))
1096                goto skip_linkparms;
1097
1098#ifdef CONFIG_IPV6_NDISC_NODETYPE
1099        /* skip link-specific parameters from interior routers */
1100        if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1101                goto skip_linkparms;
1102#endif
1103
1104        if (in6_dev->if_flags & IF_RS_SENT) {
1105                /*
1106                 *      flag that an RA was received after an RS was sent
1107                 *      out on this interface.
1108                 */
1109                in6_dev->if_flags |= IF_RA_RCVD;
1110        }
1111
1112        /*
1113         * Remember the managed/otherconf flags from most recently
1114         * received RA message (RFC 2462) -- yoshfuji
1115         */
1116        in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1117                                IF_RA_OTHERCONF)) |
1118                                (ra_msg->icmph.icmp6_addrconf_managed ?
1119                                        IF_RA_MANAGED : 0) |
1120                                (ra_msg->icmph.icmp6_addrconf_other ?
1121                                        IF_RA_OTHERCONF : 0);
1122
1123        if (!in6_dev->cnf.accept_ra_defrtr)
1124                goto skip_defrtr;
1125
1126        if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0))
1127                goto skip_defrtr;
1128
1129        lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1130
1131#ifdef CONFIG_IPV6_ROUTER_PREF
1132        pref = ra_msg->icmph.icmp6_router_pref;
1133        /* 10b is handled as if it were 00b (medium) */
1134        if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1135            !in6_dev->cnf.accept_ra_rtr_pref)
1136                pref = ICMPV6_ROUTER_PREF_MEDIUM;
1137#endif
1138
1139        rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1140
1141        if (rt) {
1142                neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1143                if (!neigh) {
1144                        ND_PRINTK(0, err,
1145                                  "RA: %s got default router without neighbour\n",
1146                                  __func__);
1147                        dst_release(&rt->dst);
1148                        return;
1149                }
1150        }
1151        if (rt && lifetime == 0) {
1152                ip6_del_rt(rt);
1153                rt = NULL;
1154        }
1155
1156        if (rt == NULL && lifetime) {
1157                ND_PRINTK(3, dbg, "RA: adding default router\n");
1158
1159                rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
1160                if (rt == NULL) {
1161                        ND_PRINTK(0, err,
1162                                  "RA: %s failed to add default route\n",
1163                                  __func__);
1164                        return;
1165                }
1166
1167                neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1168                if (neigh == NULL) {
1169                        ND_PRINTK(0, err,
1170                                  "RA: %s got default router without neighbour\n",
1171                                  __func__);
1172                        dst_release(&rt->dst);
1173                        return;
1174                }
1175                neigh->flags |= NTF_ROUTER;
1176        } else if (rt) {
1177                rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1178        }
1179
1180        if (rt)
1181                rt6_set_expires(rt, jiffies + (HZ * lifetime));
1182        if (ra_msg->icmph.icmp6_hop_limit) {
1183                in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1184                if (rt)
1185                        dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
1186                                       ra_msg->icmph.icmp6_hop_limit);
1187        }
1188
1189skip_defrtr:
1190
1191        /*
1192         *      Update Reachable Time and Retrans Timer
1193         */
1194
1195        if (in6_dev->nd_parms) {
1196                unsigned long rtime = ntohl(ra_msg->retrans_timer);
1197
1198                if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1199                        rtime = (rtime*HZ)/1000;
1200                        if (rtime < HZ/10)
1201                                rtime = HZ/10;
1202                        in6_dev->nd_parms->retrans_time = rtime;
1203                        in6_dev->tstamp = jiffies;
1204                        inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1205                }
1206
1207                rtime = ntohl(ra_msg->reachable_time);
1208                if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1209                        rtime = (rtime*HZ)/1000;
1210
1211                        if (rtime < HZ/10)
1212                                rtime = HZ/10;
1213
1214                        if (rtime != in6_dev->nd_parms->base_reachable_time) {
1215                                in6_dev->nd_parms->base_reachable_time = rtime;
1216                                in6_dev->nd_parms->gc_staletime = 3 * rtime;
1217                                in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1218                                in6_dev->tstamp = jiffies;
1219                                inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1220                        }
1221                }
1222        }
1223
1224skip_linkparms:
1225
1226        /*
1227         *      Process options.
1228         */
1229
1230        if (!neigh)
1231                neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1232                                       skb->dev, 1);
1233        if (neigh) {
1234                u8 *lladdr = NULL;
1235                if (ndopts.nd_opts_src_lladdr) {
1236                        lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1237                                                     skb->dev);
1238                        if (!lladdr) {
1239                                ND_PRINTK(2, warn,
1240                                          "RA: invalid link-layer address length\n");
1241                                goto out;
1242                        }
1243                }
1244                neigh_update(neigh, lladdr, NUD_STALE,
1245                             NEIGH_UPDATE_F_WEAK_OVERRIDE|
1246                             NEIGH_UPDATE_F_OVERRIDE|
1247                             NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1248                             NEIGH_UPDATE_F_ISROUTER);
1249        }
1250
1251        if (!accept_ra(in6_dev))
1252                goto out;
1253
1254#ifdef CONFIG_IPV6_ROUTE_INFO
1255        if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0))
1256                goto skip_routeinfo;
1257
1258        if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1259                struct nd_opt_hdr *p;
1260                for (p = ndopts.nd_opts_ri;
1261                     p;
1262                     p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1263                        struct route_info *ri = (struct route_info *)p;
1264#ifdef CONFIG_IPV6_NDISC_NODETYPE
1265                        if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1266                            ri->prefix_len == 0)
1267                                continue;
1268#endif
1269                        if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1270                                continue;
1271                        rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3,
1272                                      &ipv6_hdr(skb)->saddr);
1273                }
1274        }
1275
1276skip_routeinfo:
1277#endif
1278
1279#ifdef CONFIG_IPV6_NDISC_NODETYPE
1280        /* skip link-specific ndopts from interior routers */
1281        if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1282                goto out;
1283#endif
1284
1285        if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1286                struct nd_opt_hdr *p;
1287                for (p = ndopts.nd_opts_pi;
1288                     p;
1289                     p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1290                        addrconf_prefix_rcv(skb->dev, (u8 *)p,
1291                                            (p->nd_opt_len) << 3,
1292                                            ndopts.nd_opts_src_lladdr != NULL);
1293                }
1294        }
1295
1296        if (ndopts.nd_opts_mtu) {
1297                __be32 n;
1298                u32 mtu;
1299
1300                memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1301                mtu = ntohl(n);
1302
1303                if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1304                        ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1305                } else if (in6_dev->cnf.mtu6 != mtu) {
1306                        in6_dev->cnf.mtu6 = mtu;
1307
1308                        if (rt)
1309                                dst_metric_set(&rt->dst, RTAX_MTU, mtu);
1310
1311                        rt6_mtu_change(skb->dev, mtu);
1312                }
1313        }
1314
1315        if (ndopts.nd_useropts) {
1316                struct nd_opt_hdr *p;
1317                for (p = ndopts.nd_useropts;
1318                     p;
1319                     p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) {
1320                        ndisc_ra_useropt(skb, p);
1321                }
1322        }
1323
1324        if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1325                ND_PRINTK(2, warn, "RA: invalid RA options\n");
1326        }
1327out:
1328        if (rt)
1329                dst_release(&rt->dst);
1330        if (neigh)
1331                neigh_release(neigh);
1332}
1333
1334static void ndisc_redirect_rcv(struct sk_buff *skb)
1335{
1336#ifdef CONFIG_IPV6_NDISC_NODETYPE
1337        switch (skb->ndisc_nodetype) {
1338        case NDISC_NODETYPE_HOST:
1339        case NDISC_NODETYPE_NODEFAULT:
1340                ND_PRINTK(2, warn,
1341                          "Redirect: from host or unauthorized router\n");
1342                return;
1343        }
1344#endif
1345
1346        if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1347                ND_PRINTK(2, warn,
1348                          "Redirect: source address is not link-local\n");
1349                return;
1350        }
1351
1352        icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1353}
1354
1355void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1356{
1357        struct net_device *dev = skb->dev;
1358        struct net *net = dev_net(dev);
1359        struct sock *sk = net->ipv6.ndisc_sk;
1360        int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1361        struct inet_peer *peer;
1362        struct sk_buff *buff;
1363        struct icmp6hdr *icmph;
1364        struct in6_addr saddr_buf;
1365        struct in6_addr *addrp;
1366        struct rt6_info *rt;
1367        struct dst_entry *dst;
1368        struct inet6_dev *idev;
1369        struct flowi6 fl6;
1370        u8 *opt;
1371        int hlen, tlen;
1372        int rd_len;
1373        int err;
1374        u8 ha_buf[MAX_ADDR_LEN], *ha = NULL;
1375        bool ret;
1376
1377        if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1378                ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1379                          dev->name);
1380                return;
1381        }
1382
1383        if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1384            ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1385                ND_PRINTK(2, warn,
1386                          "Redirect: target address is not link-local unicast\n");
1387                return;
1388        }
1389
1390        icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1391                         &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1392
1393        dst = ip6_route_output(net, NULL, &fl6);
1394        if (dst->error) {
1395                dst_release(dst);
1396                return;
1397        }
1398        dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1399        if (IS_ERR(dst))
1400                return;
1401
1402        rt = (struct rt6_info *) dst;
1403
1404        if (rt->rt6i_flags & RTF_GATEWAY) {
1405                ND_PRINTK(2, warn,
1406                          "Redirect: destination is not a neighbour\n");
1407                goto release;
1408        }
1409        peer = inet_getpeer_v6(net->ipv6.peers, &rt->rt6i_dst.addr, 1);
1410        ret = inet_peer_xrlim_allow(peer, 1*HZ);
1411        if (peer)
1412                inet_putpeer(peer);
1413        if (!ret)
1414                goto release;
1415
1416        if (dev->addr_len) {
1417                struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1418                if (!neigh) {
1419                        ND_PRINTK(2, warn,
1420                                  "Redirect: no neigh for target address\n");
1421                        goto release;
1422                }
1423
1424                read_lock_bh(&neigh->lock);
1425                if (neigh->nud_state & NUD_VALID) {
1426                        memcpy(ha_buf, neigh->ha, dev->addr_len);
1427                        read_unlock_bh(&neigh->lock);
1428                        ha = ha_buf;
1429                        len += ndisc_opt_addr_space(dev);
1430                } else
1431                        read_unlock_bh(&neigh->lock);
1432
1433                neigh_release(neigh);
1434        }
1435
1436        rd_len = min_t(unsigned int,
1437                     IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8);
1438        rd_len &= ~0x7;
1439        len += rd_len;
1440
1441        hlen = LL_RESERVED_SPACE(dev);
1442        tlen = dev->needed_tailroom;
1443        buff = sock_alloc_send_skb(sk,
1444                                   (MAX_HEADER + sizeof(struct ipv6hdr) +
1445                                    len + hlen + tlen),
1446                                   1, &err);
1447        if (buff == NULL) {
1448                ND_PRINTK(0, err,
1449                          "Redirect: %s failed to allocate an skb, err=%d\n",
1450                          __func__, err);
1451                goto release;
1452        }
1453
1454        skb_reserve(buff, hlen);
1455        ip6_nd_hdr(sk, buff, dev, &saddr_buf, &ipv6_hdr(skb)->saddr,
1456                   IPPROTO_ICMPV6, len);
1457
1458        skb_set_transport_header(buff, skb_tail_pointer(buff) - buff->data);
1459        skb_put(buff, len);
1460        icmph = icmp6_hdr(buff);
1461
1462        memset(icmph, 0, sizeof(struct icmp6hdr));
1463        icmph->icmp6_type = NDISC_REDIRECT;
1464
1465        /*
1466         *      copy target and destination addresses
1467         */
1468
1469        addrp = (struct in6_addr *)(icmph + 1);
1470        *addrp = *target;
1471        addrp++;
1472        *addrp = ipv6_hdr(skb)->daddr;
1473
1474        opt = (u8*) (addrp + 1);
1475
1476        /*
1477         *      include target_address option
1478         */
1479
1480        if (ha)
1481                opt = ndisc_fill_addr_option(opt, ND_OPT_TARGET_LL_ADDR, ha,
1482                                             dev->addr_len, dev->type);
1483
1484        /*
1485         *      build redirect option and copy skb over to the new packet.
1486         */
1487
1488        memset(opt, 0, 8);
1489        *(opt++) = ND_OPT_REDIRECT_HDR;
1490        *(opt++) = (rd_len >> 3);
1491        opt += 6;
1492
1493        memcpy(opt, ipv6_hdr(skb), rd_len - 8);
1494
1495        icmph->icmp6_cksum = csum_ipv6_magic(&saddr_buf, &ipv6_hdr(skb)->saddr,
1496                                             len, IPPROTO_ICMPV6,
1497                                             csum_partial(icmph, len, 0));
1498
1499        skb_dst_set(buff, dst);
1500        rcu_read_lock();
1501        idev = __in6_dev_get(dst->dev);
1502        IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
1503        err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, buff, NULL, dst->dev,
1504                      dst_output);
1505        if (!err) {
1506                ICMP6MSGOUT_INC_STATS(net, idev, NDISC_REDIRECT);
1507                ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
1508        }
1509
1510        rcu_read_unlock();
1511        return;
1512
1513release:
1514        dst_release(dst);
1515}
1516
1517static void pndisc_redo(struct sk_buff *skb)
1518{
1519        ndisc_recv_ns(skb);
1520        kfree_skb(skb);
1521}
1522
1523int ndisc_rcv(struct sk_buff *skb)
1524{
1525        struct nd_msg *msg;
1526
1527        if (!pskb_may_pull(skb, skb->len))
1528                return 0;
1529
1530        msg = (struct nd_msg *)skb_transport_header(skb);
1531
1532        __skb_push(skb, skb->data - skb_transport_header(skb));
1533
1534        if (ipv6_hdr(skb)->hop_limit != 255) {
1535                ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1536                          ipv6_hdr(skb)->hop_limit);
1537                return 0;
1538        }
1539
1540        if (msg->icmph.icmp6_code != 0) {
1541                ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1542                          msg->icmph.icmp6_code);
1543                return 0;
1544        }
1545
1546        memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1547
1548        switch (msg->icmph.icmp6_type) {
1549        case NDISC_NEIGHBOUR_SOLICITATION:
1550                ndisc_recv_ns(skb);
1551                break;
1552
1553        case NDISC_NEIGHBOUR_ADVERTISEMENT:
1554                ndisc_recv_na(skb);
1555                break;
1556
1557        case NDISC_ROUTER_SOLICITATION:
1558                ndisc_recv_rs(skb);
1559                break;
1560
1561        case NDISC_ROUTER_ADVERTISEMENT:
1562                ndisc_router_discovery(skb);
1563                break;
1564
1565        case NDISC_REDIRECT:
1566                ndisc_redirect_rcv(skb);
1567                break;
1568        }
1569
1570        return 0;
1571}
1572
1573static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1574{
1575        struct net_device *dev = ptr;
1576        struct net *net = dev_net(dev);
1577
1578        switch (event) {
1579        case NETDEV_CHANGEADDR:
1580                neigh_changeaddr(&nd_tbl, dev);
1581                fib6_run_gc(~0UL, net);
1582                break;
1583        case NETDEV_DOWN:
1584                neigh_ifdown(&nd_tbl, dev);
1585                fib6_run_gc(~0UL, net);
1586                break;
1587        case NETDEV_NOTIFY_PEERS:
1588                ndisc_send_unsol_na(dev);
1589                break;
1590        default:
1591                break;
1592        }
1593
1594        return NOTIFY_DONE;
1595}
1596
1597static struct notifier_block ndisc_netdev_notifier = {
1598        .notifier_call = ndisc_netdev_event,
1599};
1600
1601#ifdef CONFIG_SYSCTL
1602static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1603                                         const char *func, const char *dev_name)
1604{
1605        static char warncomm[TASK_COMM_LEN];
1606        static int warned;
1607        if (strcmp(warncomm, current->comm) && warned < 5) {
1608                strcpy(warncomm, current->comm);
1609                pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1610                        warncomm, func,
1611                        dev_name, ctl->procname,
1612                        dev_name, ctl->procname);
1613                warned++;
1614        }
1615}
1616
1617int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
1618{
1619        struct net_device *dev = ctl->extra1;
1620        struct inet6_dev *idev;
1621        int ret;
1622
1623        if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1624            (strcmp(ctl->procname, "base_reachable_time") == 0))
1625                ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1626
1627        if (strcmp(ctl->procname, "retrans_time") == 0)
1628                ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
1629
1630        else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1631                ret = proc_dointvec_jiffies(ctl, write,
1632                                            buffer, lenp, ppos);
1633
1634        else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1635                 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1636                ret = proc_dointvec_ms_jiffies(ctl, write,
1637                                               buffer, lenp, ppos);
1638        else
1639                ret = -1;
1640
1641        if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1642                if (ctl->data == &idev->nd_parms->base_reachable_time)
1643                        idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time);
1644                idev->tstamp = jiffies;
1645                inet6_ifinfo_notify(RTM_NEWLINK, idev);
1646                in6_dev_put(idev);
1647        }
1648        return ret;
1649}
1650
1651
1652#endif
1653
1654static int __net_init ndisc_net_init(struct net *net)
1655{
1656        struct ipv6_pinfo *np;
1657        struct sock *sk;
1658        int err;
1659
1660        err = inet_ctl_sock_create(&sk, PF_INET6,
1661                                   SOCK_RAW, IPPROTO_ICMPV6, net);
1662        if (err < 0) {
1663                ND_PRINTK(0, err,
1664                          "NDISC: Failed to initialize the control socket (err %d)\n",
1665                          err);
1666                return err;
1667        }
1668
1669        net->ipv6.ndisc_sk = sk;
1670
1671        np = inet6_sk(sk);
1672        np->hop_limit = 255;
1673        /* Do not loopback ndisc messages */
1674        np->mc_loop = 0;
1675
1676        return 0;
1677}
1678
1679static void __net_exit ndisc_net_exit(struct net *net)
1680{
1681        inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1682}
1683
1684static struct pernet_operations ndisc_net_ops = {
1685        .init = ndisc_net_init,
1686        .exit = ndisc_net_exit,
1687};
1688
1689int __init ndisc_init(void)
1690{
1691        int err;
1692
1693        err = register_pernet_subsys(&ndisc_net_ops);
1694        if (err)
1695                return err;
1696        /*
1697         * Initialize the neighbour table
1698         */
1699        neigh_table_init(&nd_tbl);
1700
1701#ifdef CONFIG_SYSCTL
1702        err = neigh_sysctl_register(NULL, &nd_tbl.parms, "ipv6",
1703                                    &ndisc_ifinfo_sysctl_change);
1704        if (err)
1705                goto out_unregister_pernet;
1706#endif
1707        err = register_netdevice_notifier(&ndisc_netdev_notifier);
1708        if (err)
1709                goto out_unregister_sysctl;
1710out:
1711        return err;
1712
1713out_unregister_sysctl:
1714#ifdef CONFIG_SYSCTL
1715        neigh_sysctl_unregister(&nd_tbl.parms);
1716out_unregister_pernet:
1717#endif
1718        unregister_pernet_subsys(&ndisc_net_ops);
1719        goto out;
1720}
1721
1722void ndisc_cleanup(void)
1723{
1724        unregister_netdevice_notifier(&ndisc_netdev_notifier);
1725#ifdef CONFIG_SYSCTL
1726        neigh_sysctl_unregister(&nd_tbl.parms);
1727#endif
1728        neigh_table_clear(&nd_tbl);
1729        unregister_pernet_subsys(&ndisc_net_ops);
1730}
1731
lxr.linux.no kindly hosted by Redpill Linpro AS, provider of Linux consulting and operations services since 1995.