1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30#define pr_fmt(fmt) "ICMPv6: " fmt
31
32#include <linux/module.h>
33#include <linux/errno.h>
34#include <linux/types.h>
35#include <linux/socket.h>
36#include <linux/sockios.h>
37#include <linux/sched.h>
38#include <linux/net.h>
39#include <linux/in6.h>
40#include <linux/route.h>
41#include <linux/init.h>
42#include <linux/rcupdate.h>
43#include <linux/slab.h>
44#ifdef CONFIG_SYSCTL
45#include <linux/sysctl.h>
46#endif
47
48#include <linux/if_addr.h>
49#include <linux/if_arp.h>
50#include <linux/ipv6.h>
51#include <linux/icmpv6.h>
52#include <linux/jhash.h>
53
54#include <net/sock.h>
55#include <net/snmp.h>
56
57#include <net/ipv6.h>
58#include <net/protocol.h>
59#include <net/ndisc.h>
60#include <net/ip6_route.h>
61#include <net/addrconf.h>
62#include <net/icmp.h>
63
64#include <net/netlink.h>
65#include <linux/rtnetlink.h>
66
67#include <net/flow.h>
68#include <net/ip6_checksum.h>
69#include <net/inet_common.h>
70#include <linux/proc_fs.h>
71
72#include <linux/netfilter.h>
73#include <linux/netfilter_ipv6.h>
74
75
76#define ND_DEBUG 1
77
78#define ND_PRINTK(val, level, fmt, ...) \
79do { \
80 if (val <= ND_DEBUG) \
81 net_##level##_ratelimited(fmt, ##__VA_ARGS__); \
82} while (0)
83
84static u32 ndisc_hash(const void *pkey,
85 const struct net_device *dev,
86 __u32 *hash_rnd);
87static int ndisc_constructor(struct neighbour *neigh);
88static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
89static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
90static int pndisc_constructor(struct pneigh_entry *n);
91static void pndisc_destructor(struct pneigh_entry *n);
92static void pndisc_redo(struct sk_buff *skb);
93
94static const struct neigh_ops ndisc_generic_ops = {
95 .family = AF_INET6,
96 .solicit = ndisc_solicit,
97 .error_report = ndisc_error_report,
98 .output = neigh_resolve_output,
99 .connected_output = neigh_connected_output,
100};
101
102static const struct neigh_ops ndisc_hh_ops = {
103 .family = AF_INET6,
104 .solicit = ndisc_solicit,
105 .error_report = ndisc_error_report,
106 .output = neigh_resolve_output,
107 .connected_output = neigh_resolve_output,
108};
109
110
111static const struct neigh_ops ndisc_direct_ops = {
112 .family = AF_INET6,
113 .output = neigh_direct_output,
114 .connected_output = neigh_direct_output,
115};
116
117struct neigh_table nd_tbl = {
118 .family = AF_INET6,
119 .key_len = sizeof(struct in6_addr),
120 .hash = ndisc_hash,
121 .constructor = ndisc_constructor,
122 .pconstructor = pndisc_constructor,
123 .pdestructor = pndisc_destructor,
124 .proxy_redo = pndisc_redo,
125 .id = "ndisc_cache",
126 .parms = {
127 .tbl = &nd_tbl,
128 .base_reachable_time = ND_REACHABLE_TIME,
129 .retrans_time = ND_RETRANS_TIMER,
130 .gc_staletime = 60 * HZ,
131 .reachable_time = ND_REACHABLE_TIME,
132 .delay_probe_time = 5 * HZ,
133 .queue_len_bytes = 64*1024,
134 .ucast_probes = 3,
135 .mcast_probes = 3,
136 .anycast_delay = 1 * HZ,
137 .proxy_delay = (8 * HZ) / 10,
138 .proxy_qlen = 64,
139 },
140 .gc_interval = 30 * HZ,
141 .gc_thresh1 = 128,
142 .gc_thresh2 = 512,
143 .gc_thresh3 = 1024,
144};
145
146static inline int ndisc_opt_addr_space(struct net_device *dev)
147{
148 return NDISC_OPT_SPACE(dev->addr_len + ndisc_addr_option_pad(dev->type));
149}
150
151static u8 *ndisc_fill_addr_option(u8 *opt, int type, void *data, int data_len,
152 unsigned short addr_type)
153{
154 int space = NDISC_OPT_SPACE(data_len);
155 int pad = ndisc_addr_option_pad(addr_type);
156
157 opt[0] = type;
158 opt[1] = space>>3;
159
160 memset(opt + 2, 0, pad);
161 opt += pad;
162 space -= pad;
163
164 memcpy(opt+2, data, data_len);
165 data_len += 2;
166 opt += data_len;
167 if ((space -= data_len) > 0)
168 memset(opt, 0, space);
169 return opt + space;
170}
171
172static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
173 struct nd_opt_hdr *end)
174{
175 int type;
176 if (!cur || !end || cur >= end)
177 return NULL;
178 type = cur->nd_opt_type;
179 do {
180 cur = ((void *)cur) + (cur->nd_opt_len << 3);
181 } while(cur < end && cur->nd_opt_type != type);
182 return cur <= end && cur->nd_opt_type == type ? cur : NULL;
183}
184
185static inline int ndisc_is_useropt(struct nd_opt_hdr *opt)
186{
187 return opt->nd_opt_type == ND_OPT_RDNSS ||
188 opt->nd_opt_type == ND_OPT_DNSSL;
189}
190
191static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur,
192 struct nd_opt_hdr *end)
193{
194 if (!cur || !end || cur >= end)
195 return NULL;
196 do {
197 cur = ((void *)cur) + (cur->nd_opt_len << 3);
198 } while(cur < end && !ndisc_is_useropt(cur));
199 return cur <= end && ndisc_is_useropt(cur) ? cur : NULL;
200}
201
202struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
203 struct ndisc_options *ndopts)
204{
205 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
206
207 if (!nd_opt || opt_len < 0 || !ndopts)
208 return NULL;
209 memset(ndopts, 0, sizeof(*ndopts));
210 while (opt_len) {
211 int l;
212 if (opt_len < sizeof(struct nd_opt_hdr))
213 return NULL;
214 l = nd_opt->nd_opt_len << 3;
215 if (opt_len < l || l == 0)
216 return NULL;
217 switch (nd_opt->nd_opt_type) {
218 case ND_OPT_SOURCE_LL_ADDR:
219 case ND_OPT_TARGET_LL_ADDR:
220 case ND_OPT_MTU:
221 case ND_OPT_REDIRECT_HDR:
222 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
223 ND_PRINTK(2, warn,
224 "%s: duplicated ND6 option found: type=%d\n",
225 __func__, nd_opt->nd_opt_type);
226 } else {
227 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
228 }
229 break;
230 case ND_OPT_PREFIX_INFO:
231 ndopts->nd_opts_pi_end = nd_opt;
232 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
233 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
234 break;
235#ifdef CONFIG_IPV6_ROUTE_INFO
236 case ND_OPT_ROUTE_INFO:
237 ndopts->nd_opts_ri_end = nd_opt;
238 if (!ndopts->nd_opts_ri)
239 ndopts->nd_opts_ri = nd_opt;
240 break;
241#endif
242 default:
243 if (ndisc_is_useropt(nd_opt)) {
244 ndopts->nd_useropts_end = nd_opt;
245 if (!ndopts->nd_useropts)
246 ndopts->nd_useropts = nd_opt;
247 } else {
248
249
250
251
252
253 ND_PRINTK(2, notice,
254 "%s: ignored unsupported option; type=%d, len=%d\n",
255 __func__,
256 nd_opt->nd_opt_type,
257 nd_opt->nd_opt_len);
258 }
259 }
260 opt_len -= l;
261 nd_opt = ((void *)nd_opt) + l;
262 }
263 return ndopts;
264}
265
266int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
267{
268 switch (dev->type) {
269 case ARPHRD_ETHER:
270 case ARPHRD_IEEE802:
271 case ARPHRD_FDDI:
272 ipv6_eth_mc_map(addr, buf);
273 return 0;
274 case ARPHRD_ARCNET:
275 ipv6_arcnet_mc_map(addr, buf);
276 return 0;
277 case ARPHRD_INFINIBAND:
278 ipv6_ib_mc_map(addr, dev->broadcast, buf);
279 return 0;
280 case ARPHRD_IPGRE:
281 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
282 default:
283 if (dir) {
284 memcpy(buf, dev->broadcast, dev->addr_len);
285 return 0;
286 }
287 }
288 return -EINVAL;
289}
290
291EXPORT_SYMBOL(ndisc_mc_map);
292
293static u32 ndisc_hash(const void *pkey,
294 const struct net_device *dev,
295 __u32 *hash_rnd)
296{
297 return ndisc_hashfn(pkey, dev, hash_rnd);
298}
299
300static int ndisc_constructor(struct neighbour *neigh)
301{
302 struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key;
303 struct net_device *dev = neigh->dev;
304 struct inet6_dev *in6_dev;
305 struct neigh_parms *parms;
306 bool is_multicast = ipv6_addr_is_multicast(addr);
307
308 in6_dev = in6_dev_get(dev);
309 if (in6_dev == NULL) {
310 return -EINVAL;
311 }
312
313 parms = in6_dev->nd_parms;
314 __neigh_parms_put(neigh->parms);
315 neigh->parms = neigh_parms_clone(parms);
316
317 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
318 if (!dev->header_ops) {
319 neigh->nud_state = NUD_NOARP;
320 neigh->ops = &ndisc_direct_ops;
321 neigh->output = neigh_direct_output;
322 } else {
323 if (is_multicast) {
324 neigh->nud_state = NUD_NOARP;
325 ndisc_mc_map(addr, neigh->ha, dev, 1);
326 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
327 neigh->nud_state = NUD_NOARP;
328 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
329 if (dev->flags&IFF_LOOPBACK)
330 neigh->type = RTN_LOCAL;
331 } else if (dev->flags&IFF_POINTOPOINT) {
332 neigh->nud_state = NUD_NOARP;
333 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
334 }
335 if (dev->header_ops->cache)
336 neigh->ops = &ndisc_hh_ops;
337 else
338 neigh->ops = &ndisc_generic_ops;
339 if (neigh->nud_state&NUD_VALID)
340 neigh->output = neigh->ops->connected_output;
341 else
342 neigh->output = neigh->ops->output;
343 }
344 in6_dev_put(in6_dev);
345 return 0;
346}
347
348static int pndisc_constructor(struct pneigh_entry *n)
349{
350 struct in6_addr *addr = (struct in6_addr*)&n->key;
351 struct in6_addr maddr;
352 struct net_device *dev = n->dev;
353
354 if (dev == NULL || __in6_dev_get(dev) == NULL)
355 return -EINVAL;
356 addrconf_addr_solict_mult(addr, &maddr);
357 ipv6_dev_mc_inc(dev, &maddr);
358 return 0;
359}
360
361static void pndisc_destructor(struct pneigh_entry *n)
362{
363 struct in6_addr *addr = (struct in6_addr*)&n->key;
364 struct in6_addr maddr;
365 struct net_device *dev = n->dev;
366
367 if (dev == NULL || __in6_dev_get(dev) == NULL)
368 return;
369 addrconf_addr_solict_mult(addr, &maddr);
370 ipv6_dev_mc_dec(dev, &maddr);
371}
372
373struct sk_buff *ndisc_build_skb(struct net_device *dev,
374 const struct in6_addr *daddr,
375 const struct in6_addr *saddr,
376 struct icmp6hdr *icmp6h,
377 const struct in6_addr *target,
378 int llinfo)
379{
380 struct net *net = dev_net(dev);
381 struct sock *sk = net->ipv6.ndisc_sk;
382 struct sk_buff *skb;
383 struct icmp6hdr *hdr;
384 int hlen = LL_RESERVED_SPACE(dev);
385 int tlen = dev->needed_tailroom;
386 int len;
387 int err;
388 u8 *opt;
389
390 if (!dev->addr_len)
391 llinfo = 0;
392
393 len = sizeof(struct icmp6hdr) + (target ? sizeof(*target) : 0);
394 if (llinfo)
395 len += ndisc_opt_addr_space(dev);
396
397 skb = sock_alloc_send_skb(sk,
398 (MAX_HEADER + sizeof(struct ipv6hdr) +
399 len + hlen + tlen),
400 1, &err);
401 if (!skb) {
402 ND_PRINTK(0, err, "ND: %s failed to allocate an skb, err=%d\n",
403 __func__, err);
404 return NULL;
405 }
406
407 skb_reserve(skb, hlen);
408 ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len);
409
410 skb->transport_header = skb->tail;
411 skb_put(skb, len);
412
413 hdr = (struct icmp6hdr *)skb_transport_header(skb);
414 memcpy(hdr, icmp6h, sizeof(*hdr));
415
416 opt = skb_transport_header(skb) + sizeof(struct icmp6hdr);
417 if (target) {
418 *(struct in6_addr *)opt = *target;
419 opt += sizeof(*target);
420 }
421
422 if (llinfo)
423 ndisc_fill_addr_option(opt, llinfo, dev->dev_addr,
424 dev->addr_len, dev->type);
425
426 hdr->icmp6_cksum = csum_ipv6_magic(saddr, daddr, len,
427 IPPROTO_ICMPV6,
428 csum_partial(hdr,
429 len, 0));
430
431 return skb;
432}
433
434EXPORT_SYMBOL(ndisc_build_skb);
435
436void ndisc_send_skb(struct sk_buff *skb,
437 struct net_device *dev,
438 struct neighbour *neigh,
439 const struct in6_addr *daddr,
440 const struct in6_addr *saddr,
441 struct icmp6hdr *icmp6h)
442{
443 struct flowi6 fl6;
444 struct dst_entry *dst;
445 struct net *net = dev_net(dev);
446 struct sock *sk = net->ipv6.ndisc_sk;
447 struct inet6_dev *idev;
448 int err;
449 u8 type;
450
451 type = icmp6h->icmp6_type;
452
453 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, dev->ifindex);
454 dst = icmp6_dst_alloc(dev, neigh, &fl6);
455 if (IS_ERR(dst)) {
456 kfree_skb(skb);
457 return;
458 }
459
460 skb_dst_set(skb, dst);
461
462 rcu_read_lock();
463 idev = __in6_dev_get(dst->dev);
464 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
465
466 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev,
467 dst_output);
468 if (!err) {
469 ICMP6MSGOUT_INC_STATS(net, idev, type);
470 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
471 }
472
473 rcu_read_unlock();
474}
475
476EXPORT_SYMBOL(ndisc_send_skb);
477
478
479
480
481static void __ndisc_send(struct net_device *dev,
482 struct neighbour *neigh,
483 const struct in6_addr *daddr,
484 const struct in6_addr *saddr,
485 struct icmp6hdr *icmp6h, const struct in6_addr *target,
486 int llinfo)
487{
488 struct sk_buff *skb;
489
490 skb = ndisc_build_skb(dev, daddr, saddr, icmp6h, target, llinfo);
491 if (!skb)
492 return;
493
494 ndisc_send_skb(skb, dev, neigh, daddr, saddr, icmp6h);
495}
496
497static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
498 const struct in6_addr *daddr,
499 const struct in6_addr *solicited_addr,
500 int router, int solicited, int override, int inc_opt)
501{
502 struct in6_addr tmpaddr;
503 struct inet6_ifaddr *ifp;
504 const struct in6_addr *src_addr;
505 struct icmp6hdr icmp6h = {
506 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
507 };
508
509
510 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
511 if (ifp) {
512 src_addr = solicited_addr;
513 if (ifp->flags & IFA_F_OPTIMISTIC)
514 override = 0;
515 inc_opt |= ifp->idev->cnf.force_tllao;
516 in6_ifa_put(ifp);
517 } else {
518 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
519 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
520 &tmpaddr))
521 return;
522 src_addr = &tmpaddr;
523 }
524
525 icmp6h.icmp6_router = router;
526 icmp6h.icmp6_solicited = solicited;
527 icmp6h.icmp6_override = override;
528
529 __ndisc_send(dev, neigh, daddr, src_addr,
530 &icmp6h, solicited_addr,
531 inc_opt ? ND_OPT_TARGET_LL_ADDR : 0);
532}
533
534static void ndisc_send_unsol_na(struct net_device *dev)
535{
536 struct inet6_dev *idev;
537 struct inet6_ifaddr *ifa;
538 struct in6_addr mcaddr = IN6ADDR_LINKLOCAL_ALLNODES_INIT;
539
540 idev = in6_dev_get(dev);
541 if (!idev)
542 return;
543
544 read_lock_bh(&idev->lock);
545 list_for_each_entry(ifa, &idev->addr_list, if_list) {
546 ndisc_send_na(dev, NULL, &mcaddr, &ifa->addr,
547 !!idev->cnf.forwarding,
548 false, true,
549 true);
550 }
551 read_unlock_bh(&idev->lock);
552
553 in6_dev_put(idev);
554}
555
556void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh,
557 const struct in6_addr *solicit,
558 const struct in6_addr *daddr, const struct in6_addr *saddr)
559{
560 struct in6_addr addr_buf;
561 struct icmp6hdr icmp6h = {
562 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
563 };
564
565 if (saddr == NULL) {
566 if (ipv6_get_lladdr(dev, &addr_buf,
567 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
568 return;
569 saddr = &addr_buf;
570 }
571
572 __ndisc_send(dev, neigh, daddr, saddr,
573 &icmp6h, solicit,
574 !ipv6_addr_any(saddr) ? ND_OPT_SOURCE_LL_ADDR : 0);
575}
576
577void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
578 const struct in6_addr *daddr)
579{
580 struct icmp6hdr icmp6h = {
581 .icmp6_type = NDISC_ROUTER_SOLICITATION,
582 };
583 int send_sllao = dev->addr_len;
584
585#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
586
587
588
589
590
591
592
593
594 if (send_sllao) {
595 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
596 dev, 1);
597 if (ifp) {
598 if (ifp->flags & IFA_F_OPTIMISTIC) {
599 send_sllao = 0;
600 }
601 in6_ifa_put(ifp);
602 } else {
603 send_sllao = 0;
604 }
605 }
606#endif
607 __ndisc_send(dev, NULL, daddr, saddr,
608 &icmp6h, NULL,
609 send_sllao ? ND_OPT_SOURCE_LL_ADDR : 0);
610}
611
612
613static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
614{
615
616
617
618
619 dst_link_failure(skb);
620 kfree_skb(skb);
621}
622
623
624
625static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
626{
627 struct in6_addr *saddr = NULL;
628 struct in6_addr mcaddr;
629 struct net_device *dev = neigh->dev;
630 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
631 int probes = atomic_read(&neigh->probes);
632
633 if (skb && ipv6_chk_addr(dev_net(dev), &ipv6_hdr(skb)->saddr, dev, 1))
634 saddr = &ipv6_hdr(skb)->saddr;
635
636 if ((probes -= neigh->parms->ucast_probes) < 0) {
637 if (!(neigh->nud_state & NUD_VALID)) {
638 ND_PRINTK(1, dbg,
639 "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
640 __func__, target);
641 }
642 ndisc_send_ns(dev, neigh, target, target, saddr);
643 } else if ((probes -= neigh->parms->app_probes) < 0) {
644#ifdef CONFIG_ARPD
645 neigh_app_ns(neigh);
646#endif
647 } else {
648 addrconf_addr_solict_mult(target, &mcaddr);
649 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr);
650 }
651}
652
653static int pndisc_is_router(const void *pkey,
654 struct net_device *dev)
655{
656 struct pneigh_entry *n;
657 int ret = -1;
658
659 read_lock_bh(&nd_tbl.lock);
660 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
661 if (n)
662 ret = !!(n->flags & NTF_ROUTER);
663 read_unlock_bh(&nd_tbl.lock);
664
665 return ret;
666}
667
668static void ndisc_recv_ns(struct sk_buff *skb)
669{
670 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
671 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
672 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
673 u8 *lladdr = NULL;
674 u32 ndoptlen = skb->tail - (skb->transport_header +
675 offsetof(struct nd_msg, opt));
676 struct ndisc_options ndopts;
677 struct net_device *dev = skb->dev;
678 struct inet6_ifaddr *ifp;
679 struct inet6_dev *idev = NULL;
680 struct neighbour *neigh;
681 int dad = ipv6_addr_any(saddr);
682 bool inc;
683 int is_router = -1;
684
685 if (ipv6_addr_is_multicast(&msg->target)) {
686 ND_PRINTK(2, warn, "NS: multicast target address\n");
687 return;
688 }
689
690
691
692
693
694 if (dad &&
695 !(daddr->s6_addr32[0] == htonl(0xff020000) &&
696 daddr->s6_addr32[1] == htonl(0x00000000) &&
697 daddr->s6_addr32[2] == htonl(0x00000001) &&
698 daddr->s6_addr [12] == 0xff )) {
699 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
700 return;
701 }
702
703 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
704 ND_PRINTK(2, warn, "NS: invalid ND options\n");
705 return;
706 }
707
708 if (ndopts.nd_opts_src_lladdr) {
709 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
710 if (!lladdr) {
711 ND_PRINTK(2, warn,
712 "NS: invalid link-layer address length\n");
713 return;
714 }
715
716
717
718
719
720
721 if (dad) {
722 ND_PRINTK(2, warn,
723 "NS: bad DAD packet (link-layer address option)\n");
724 return;
725 }
726 }
727
728 inc = ipv6_addr_is_multicast(daddr);
729
730 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
731 if (ifp) {
732
733 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
734 if (dad) {
735
736
737
738
739
740 addrconf_dad_failure(ifp);
741 return;
742 } else {
743
744
745
746
747
748
749 if (!(ifp->flags & IFA_F_OPTIMISTIC))
750 goto out;
751 }
752 }
753
754 idev = ifp->idev;
755 } else {
756 struct net *net = dev_net(dev);
757
758 idev = in6_dev_get(dev);
759 if (!idev) {
760
761 return;
762 }
763
764 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
765 (idev->cnf.forwarding &&
766 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
767 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
768 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
769 skb->pkt_type != PACKET_HOST &&
770 inc != 0 &&
771 idev->nd_parms->proxy_delay != 0) {
772
773
774
775
776
777
778
779 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
780 if (n)
781 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
782 goto out;
783 }
784 } else
785 goto out;
786 }
787
788 if (is_router < 0)
789 is_router = !!idev->cnf.forwarding;
790
791 if (dad) {
792 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &msg->target,
793 is_router, 0, (ifp != NULL), 1);
794 goto out;
795 }
796
797 if (inc)
798 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
799 else
800 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
801
802
803
804
805
806 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
807 !inc || lladdr || !dev->addr_len);
808 if (neigh)
809 neigh_update(neigh, lladdr, NUD_STALE,
810 NEIGH_UPDATE_F_WEAK_OVERRIDE|
811 NEIGH_UPDATE_F_OVERRIDE);
812 if (neigh || !dev->header_ops) {
813 ndisc_send_na(dev, neigh, saddr, &msg->target,
814 is_router,
815 1, (ifp != NULL && inc), inc);
816 if (neigh)
817 neigh_release(neigh);
818 }
819
820out:
821 if (ifp)
822 in6_ifa_put(ifp);
823 else
824 in6_dev_put(idev);
825}
826
827static void ndisc_recv_na(struct sk_buff *skb)
828{
829 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
830 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
831 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
832 u8 *lladdr = NULL;
833 u32 ndoptlen = skb->tail - (skb->transport_header +
834 offsetof(struct nd_msg, opt));
835 struct ndisc_options ndopts;
836 struct net_device *dev = skb->dev;
837 struct inet6_ifaddr *ifp;
838 struct neighbour *neigh;
839
840 if (skb->len < sizeof(struct nd_msg)) {
841 ND_PRINTK(2, warn, "NA: packet too short\n");
842 return;
843 }
844
845 if (ipv6_addr_is_multicast(&msg->target)) {
846 ND_PRINTK(2, warn, "NA: target address is multicast\n");
847 return;
848 }
849
850 if (ipv6_addr_is_multicast(daddr) &&
851 msg->icmph.icmp6_solicited) {
852 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
853 return;
854 }
855
856 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
857 ND_PRINTK(2, warn, "NS: invalid ND option\n");
858 return;
859 }
860 if (ndopts.nd_opts_tgt_lladdr) {
861 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
862 if (!lladdr) {
863 ND_PRINTK(2, warn,
864 "NA: invalid link-layer address length\n");
865 return;
866 }
867 }
868 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
869 if (ifp) {
870 if (skb->pkt_type != PACKET_LOOPBACK
871 && (ifp->flags & IFA_F_TENTATIVE)) {
872 addrconf_dad_failure(ifp);
873 return;
874 }
875
876
877
878
879
880
881
882
883
884 if (skb->pkt_type != PACKET_LOOPBACK)
885 ND_PRINTK(1, warn,
886 "NA: someone advertises our address %pI6 on %s!\n",
887 &ifp->addr, ifp->idev->dev->name);
888 in6_ifa_put(ifp);
889 return;
890 }
891 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
892
893 if (neigh) {
894 u8 old_flags = neigh->flags;
895 struct net *net = dev_net(dev);
896
897 if (neigh->nud_state & NUD_FAILED)
898 goto out;
899
900
901
902
903
904
905 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
906 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
907 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
908
909 goto out;
910 }
911
912 neigh_update(neigh, lladdr,
913 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
914 NEIGH_UPDATE_F_WEAK_OVERRIDE|
915 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
916 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
917 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0));
918
919 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
920
921
922
923 struct rt6_info *rt;
924 rt = rt6_get_dflt_router(saddr, dev);
925 if (rt)
926 ip6_del_rt(rt);
927 }
928
929out:
930 neigh_release(neigh);
931 }
932}
933
934static void ndisc_recv_rs(struct sk_buff *skb)
935{
936 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
937 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
938 struct neighbour *neigh;
939 struct inet6_dev *idev;
940 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
941 struct ndisc_options ndopts;
942 u8 *lladdr = NULL;
943
944 if (skb->len < sizeof(*rs_msg))
945 return;
946
947 idev = __in6_dev_get(skb->dev);
948 if (!idev) {
949 ND_PRINTK(1, err, "RS: can't find in6 device\n");
950 return;
951 }
952
953
954 if (!idev->cnf.forwarding)
955 goto out;
956
957
958
959
960
961 if (ipv6_addr_any(saddr))
962 goto out;
963
964
965 if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) {
966 ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n");
967 goto out;
968 }
969
970 if (ndopts.nd_opts_src_lladdr) {
971 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
972 skb->dev);
973 if (!lladdr)
974 goto out;
975 }
976
977 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
978 if (neigh) {
979 neigh_update(neigh, lladdr, NUD_STALE,
980 NEIGH_UPDATE_F_WEAK_OVERRIDE|
981 NEIGH_UPDATE_F_OVERRIDE|
982 NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
983 neigh_release(neigh);
984 }
985out:
986 return;
987}
988
989static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
990{
991 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
992 struct sk_buff *skb;
993 struct nlmsghdr *nlh;
994 struct nduseroptmsg *ndmsg;
995 struct net *net = dev_net(ra->dev);
996 int err;
997 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
998 + (opt->nd_opt_len << 3));
999 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1000
1001 skb = nlmsg_new(msg_size, GFP_ATOMIC);
1002 if (skb == NULL) {
1003 err = -ENOBUFS;
1004 goto errout;
1005 }
1006
1007 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1008 if (nlh == NULL) {
1009 goto nla_put_failure;
1010 }
1011
1012 ndmsg = nlmsg_data(nlh);
1013 ndmsg->nduseropt_family = AF_INET6;
1014 ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1015 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1016 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1017 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1018
1019 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1020
1021 if (nla_put(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr),
1022 &ipv6_hdr(ra)->saddr))
1023 goto nla_put_failure;
1024 nlmsg_end(skb, nlh);
1025
1026 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1027 return;
1028
1029nla_put_failure:
1030 nlmsg_free(skb);
1031 err = -EMSGSIZE;
1032errout:
1033 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1034}
1035
1036static inline int accept_ra(struct inet6_dev *in6_dev)
1037{
1038
1039
1040
1041
1042 if (in6_dev->cnf.forwarding && in6_dev->cnf.accept_ra < 2)
1043 return 0;
1044
1045 return in6_dev->cnf.accept_ra;
1046}
1047
1048static void ndisc_router_discovery(struct sk_buff *skb)
1049{
1050 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1051 struct neighbour *neigh = NULL;
1052 struct inet6_dev *in6_dev;
1053 struct rt6_info *rt = NULL;
1054 int lifetime;
1055 struct ndisc_options ndopts;
1056 int optlen;
1057 unsigned int pref = 0;
1058
1059 __u8 * opt = (__u8 *)(ra_msg + 1);
1060
1061 optlen = (skb->tail - skb->transport_header) - sizeof(struct ra_msg);
1062
1063 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1064 ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1065 return;
1066 }
1067 if (optlen < 0) {
1068 ND_PRINTK(2, warn, "RA: packet too short\n");
1069 return;
1070 }
1071
1072#ifdef CONFIG_IPV6_NDISC_NODETYPE
1073 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1074 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
1075 return;
1076 }
1077#endif
1078
1079
1080
1081
1082
1083 in6_dev = __in6_dev_get(skb->dev);
1084 if (in6_dev == NULL) {
1085 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1086 skb->dev->name);
1087 return;
1088 }
1089
1090 if (!ndisc_parse_options(opt, optlen, &ndopts)) {
1091 ND_PRINTK(2, warn, "RA: invalid ND options\n");
1092 return;
1093 }
1094
1095 if (!accept_ra(in6_dev))
1096 goto skip_linkparms;
1097
1098#ifdef CONFIG_IPV6_NDISC_NODETYPE
1099
1100 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1101 goto skip_linkparms;
1102#endif
1103
1104 if (in6_dev->if_flags & IF_RS_SENT) {
1105
1106
1107
1108
1109 in6_dev->if_flags |= IF_RA_RCVD;
1110 }
1111
1112
1113
1114
1115
1116 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1117 IF_RA_OTHERCONF)) |
1118 (ra_msg->icmph.icmp6_addrconf_managed ?
1119 IF_RA_MANAGED : 0) |
1120 (ra_msg->icmph.icmp6_addrconf_other ?
1121 IF_RA_OTHERCONF : 0);
1122
1123 if (!in6_dev->cnf.accept_ra_defrtr)
1124 goto skip_defrtr;
1125
1126 if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0))
1127 goto skip_defrtr;
1128
1129 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1130
1131#ifdef CONFIG_IPV6_ROUTER_PREF
1132 pref = ra_msg->icmph.icmp6_router_pref;
1133
1134 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1135 !in6_dev->cnf.accept_ra_rtr_pref)
1136 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1137#endif
1138
1139 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1140
1141 if (rt) {
1142 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1143 if (!neigh) {
1144 ND_PRINTK(0, err,
1145 "RA: %s got default router without neighbour\n",
1146 __func__);
1147 dst_release(&rt->dst);
1148 return;
1149 }
1150 }
1151 if (rt && lifetime == 0) {
1152 ip6_del_rt(rt);
1153 rt = NULL;
1154 }
1155
1156 if (rt == NULL && lifetime) {
1157 ND_PRINTK(3, dbg, "RA: adding default router\n");
1158
1159 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
1160 if (rt == NULL) {
1161 ND_PRINTK(0, err,
1162 "RA: %s failed to add default route\n",
1163 __func__);
1164 return;
1165 }
1166
1167 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1168 if (neigh == NULL) {
1169 ND_PRINTK(0, err,
1170 "RA: %s got default router without neighbour\n",
1171 __func__);
1172 dst_release(&rt->dst);
1173 return;
1174 }
1175 neigh->flags |= NTF_ROUTER;
1176 } else if (rt) {
1177 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1178 }
1179
1180 if (rt)
1181 rt6_set_expires(rt, jiffies + (HZ * lifetime));
1182 if (ra_msg->icmph.icmp6_hop_limit) {
1183 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1184 if (rt)
1185 dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
1186 ra_msg->icmph.icmp6_hop_limit);
1187 }
1188
1189skip_defrtr:
1190
1191
1192
1193
1194
1195 if (in6_dev->nd_parms) {
1196 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1197
1198 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1199 rtime = (rtime*HZ)/1000;
1200 if (rtime < HZ/10)
1201 rtime = HZ/10;
1202 in6_dev->nd_parms->retrans_time = rtime;
1203 in6_dev->tstamp = jiffies;
1204 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1205 }
1206
1207 rtime = ntohl(ra_msg->reachable_time);
1208 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1209 rtime = (rtime*HZ)/1000;
1210
1211 if (rtime < HZ/10)
1212 rtime = HZ/10;
1213
1214 if (rtime != in6_dev->nd_parms->base_reachable_time) {
1215 in6_dev->nd_parms->base_reachable_time = rtime;
1216 in6_dev->nd_parms->gc_staletime = 3 * rtime;
1217 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1218 in6_dev->tstamp = jiffies;
1219 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1220 }
1221 }
1222 }
1223
1224skip_linkparms:
1225
1226
1227
1228
1229
1230 if (!neigh)
1231 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1232 skb->dev, 1);
1233 if (neigh) {
1234 u8 *lladdr = NULL;
1235 if (ndopts.nd_opts_src_lladdr) {
1236 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1237 skb->dev);
1238 if (!lladdr) {
1239 ND_PRINTK(2, warn,
1240 "RA: invalid link-layer address length\n");
1241 goto out;
1242 }
1243 }
1244 neigh_update(neigh, lladdr, NUD_STALE,
1245 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1246 NEIGH_UPDATE_F_OVERRIDE|
1247 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1248 NEIGH_UPDATE_F_ISROUTER);
1249 }
1250
1251 if (!accept_ra(in6_dev))
1252 goto out;
1253
1254#ifdef CONFIG_IPV6_ROUTE_INFO
1255 if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0))
1256 goto skip_routeinfo;
1257
1258 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1259 struct nd_opt_hdr *p;
1260 for (p = ndopts.nd_opts_ri;
1261 p;
1262 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1263 struct route_info *ri = (struct route_info *)p;
1264#ifdef CONFIG_IPV6_NDISC_NODETYPE
1265 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1266 ri->prefix_len == 0)
1267 continue;
1268#endif
1269 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1270 continue;
1271 rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3,
1272 &ipv6_hdr(skb)->saddr);
1273 }
1274 }
1275
1276skip_routeinfo:
1277#endif
1278
1279#ifdef CONFIG_IPV6_NDISC_NODETYPE
1280
1281 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1282 goto out;
1283#endif
1284
1285 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1286 struct nd_opt_hdr *p;
1287 for (p = ndopts.nd_opts_pi;
1288 p;
1289 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1290 addrconf_prefix_rcv(skb->dev, (u8 *)p,
1291 (p->nd_opt_len) << 3,
1292 ndopts.nd_opts_src_lladdr != NULL);
1293 }
1294 }
1295
1296 if (ndopts.nd_opts_mtu) {
1297 __be32 n;
1298 u32 mtu;
1299
1300 memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1301 mtu = ntohl(n);
1302
1303 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1304 ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1305 } else if (in6_dev->cnf.mtu6 != mtu) {
1306 in6_dev->cnf.mtu6 = mtu;
1307
1308 if (rt)
1309 dst_metric_set(&rt->dst, RTAX_MTU, mtu);
1310
1311 rt6_mtu_change(skb->dev, mtu);
1312 }
1313 }
1314
1315 if (ndopts.nd_useropts) {
1316 struct nd_opt_hdr *p;
1317 for (p = ndopts.nd_useropts;
1318 p;
1319 p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) {
1320 ndisc_ra_useropt(skb, p);
1321 }
1322 }
1323
1324 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1325 ND_PRINTK(2, warn, "RA: invalid RA options\n");
1326 }
1327out:
1328 if (rt)
1329 dst_release(&rt->dst);
1330 if (neigh)
1331 neigh_release(neigh);
1332}
1333
1334static void ndisc_redirect_rcv(struct sk_buff *skb)
1335{
1336 u8 *hdr;
1337 struct ndisc_options ndopts;
1338 struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb);
1339 u32 ndoptlen = skb->tail - (skb->transport_header +
1340 offsetof(struct rd_msg, opt));
1341
1342#ifdef CONFIG_IPV6_NDISC_NODETYPE
1343 switch (skb->ndisc_nodetype) {
1344 case NDISC_NODETYPE_HOST:
1345 case NDISC_NODETYPE_NODEFAULT:
1346 ND_PRINTK(2, warn,
1347 "Redirect: from host or unauthorized router\n");
1348 return;
1349 }
1350#endif
1351
1352 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1353 ND_PRINTK(2, warn,
1354 "Redirect: source address is not link-local\n");
1355 return;
1356 }
1357
1358 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts))
1359 return;
1360
1361 if (!ndopts.nd_opts_rh)
1362 return;
1363
1364 hdr = (u8 *)ndopts.nd_opts_rh;
1365 hdr += 8;
1366 if (!pskb_pull(skb, hdr - skb_transport_header(skb)))
1367 return;
1368
1369 icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1370}
1371
1372void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1373{
1374 struct net_device *dev = skb->dev;
1375 struct net *net = dev_net(dev);
1376 struct sock *sk = net->ipv6.ndisc_sk;
1377 int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1378 struct inet_peer *peer;
1379 struct sk_buff *buff;
1380 struct icmp6hdr *icmph;
1381 struct in6_addr saddr_buf;
1382 struct in6_addr *addrp;
1383 struct rt6_info *rt;
1384 struct dst_entry *dst;
1385 struct inet6_dev *idev;
1386 struct flowi6 fl6;
1387 u8 *opt;
1388 int hlen, tlen;
1389 int rd_len;
1390 int err;
1391 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL;
1392 bool ret;
1393
1394 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1395 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1396 dev->name);
1397 return;
1398 }
1399
1400 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1401 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1402 ND_PRINTK(2, warn,
1403 "Redirect: target address is not link-local unicast\n");
1404 return;
1405 }
1406
1407 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1408 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1409
1410 dst = ip6_route_output(net, NULL, &fl6);
1411 if (dst->error) {
1412 dst_release(dst);
1413 return;
1414 }
1415 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1416 if (IS_ERR(dst))
1417 return;
1418
1419 rt = (struct rt6_info *) dst;
1420
1421 if (rt->rt6i_flags & RTF_GATEWAY) {
1422 ND_PRINTK(2, warn,
1423 "Redirect: destination is not a neighbour\n");
1424 goto release;
1425 }
1426 peer = inet_getpeer_v6(net->ipv6.peers, &rt->rt6i_dst.addr, 1);
1427 ret = inet_peer_xrlim_allow(peer, 1*HZ);
1428 if (peer)
1429 inet_putpeer(peer);
1430 if (!ret)
1431 goto release;
1432
1433 if (dev->addr_len) {
1434 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1435 if (!neigh) {
1436 ND_PRINTK(2, warn,
1437 "Redirect: no neigh for target address\n");
1438 goto release;
1439 }
1440
1441 read_lock_bh(&neigh->lock);
1442 if (neigh->nud_state & NUD_VALID) {
1443 memcpy(ha_buf, neigh->ha, dev->addr_len);
1444 read_unlock_bh(&neigh->lock);
1445 ha = ha_buf;
1446 len += ndisc_opt_addr_space(dev);
1447 } else
1448 read_unlock_bh(&neigh->lock);
1449
1450 neigh_release(neigh);
1451 }
1452
1453 rd_len = min_t(unsigned int,
1454 IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8);
1455 rd_len &= ~0x7;
1456 len += rd_len;
1457
1458 hlen = LL_RESERVED_SPACE(dev);
1459 tlen = dev->needed_tailroom;
1460 buff = sock_alloc_send_skb(sk,
1461 (MAX_HEADER + sizeof(struct ipv6hdr) +
1462 len + hlen + tlen),
1463 1, &err);
1464 if (buff == NULL) {
1465 ND_PRINTK(0, err,
1466 "Redirect: %s failed to allocate an skb, err=%d\n",
1467 __func__, err);
1468 goto release;
1469 }
1470
1471 skb_reserve(buff, hlen);
1472 ip6_nd_hdr(sk, buff, dev, &saddr_buf, &ipv6_hdr(skb)->saddr,
1473 IPPROTO_ICMPV6, len);
1474
1475 skb_set_transport_header(buff, skb_tail_pointer(buff) - buff->data);
1476 skb_put(buff, len);
1477 icmph = icmp6_hdr(buff);
1478
1479 memset(icmph, 0, sizeof(struct icmp6hdr));
1480 icmph->icmp6_type = NDISC_REDIRECT;
1481
1482
1483
1484
1485
1486 addrp = (struct in6_addr *)(icmph + 1);
1487 *addrp = *target;
1488 addrp++;
1489 *addrp = ipv6_hdr(skb)->daddr;
1490
1491 opt = (u8*) (addrp + 1);
1492
1493
1494
1495
1496
1497 if (ha)
1498 opt = ndisc_fill_addr_option(opt, ND_OPT_TARGET_LL_ADDR, ha,
1499 dev->addr_len, dev->type);
1500
1501
1502
1503
1504
1505 memset(opt, 0, 8);
1506 *(opt++) = ND_OPT_REDIRECT_HDR;
1507 *(opt++) = (rd_len >> 3);
1508 opt += 6;
1509
1510 memcpy(opt, ipv6_hdr(skb), rd_len - 8);
1511
1512 icmph->icmp6_cksum = csum_ipv6_magic(&saddr_buf, &ipv6_hdr(skb)->saddr,
1513 len, IPPROTO_ICMPV6,
1514 csum_partial(icmph, len, 0));
1515
1516 skb_dst_set(buff, dst);
1517 rcu_read_lock();
1518 idev = __in6_dev_get(dst->dev);
1519 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
1520 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, buff, NULL, dst->dev,
1521 dst_output);
1522 if (!err) {
1523 ICMP6MSGOUT_INC_STATS(net, idev, NDISC_REDIRECT);
1524 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
1525 }
1526
1527 rcu_read_unlock();
1528 return;
1529
1530release:
1531 dst_release(dst);
1532}
1533
1534static void pndisc_redo(struct sk_buff *skb)
1535{
1536 ndisc_recv_ns(skb);
1537 kfree_skb(skb);
1538}
1539
1540int ndisc_rcv(struct sk_buff *skb)
1541{
1542 struct nd_msg *msg;
1543
1544 if (!pskb_may_pull(skb, skb->len))
1545 return 0;
1546
1547 msg = (struct nd_msg *)skb_transport_header(skb);
1548
1549 __skb_push(skb, skb->data - skb_transport_header(skb));
1550
1551 if (ipv6_hdr(skb)->hop_limit != 255) {
1552 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1553 ipv6_hdr(skb)->hop_limit);
1554 return 0;
1555 }
1556
1557 if (msg->icmph.icmp6_code != 0) {
1558 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1559 msg->icmph.icmp6_code);
1560 return 0;
1561 }
1562
1563 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1564
1565 switch (msg->icmph.icmp6_type) {
1566 case NDISC_NEIGHBOUR_SOLICITATION:
1567 ndisc_recv_ns(skb);
1568 break;
1569
1570 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1571 ndisc_recv_na(skb);
1572 break;
1573
1574 case NDISC_ROUTER_SOLICITATION:
1575 ndisc_recv_rs(skb);
1576 break;
1577
1578 case NDISC_ROUTER_ADVERTISEMENT:
1579 ndisc_router_discovery(skb);
1580 break;
1581
1582 case NDISC_REDIRECT:
1583 ndisc_redirect_rcv(skb);
1584 break;
1585 }
1586
1587 return 0;
1588}
1589
1590static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1591{
1592 struct net_device *dev = ptr;
1593 struct net *net = dev_net(dev);
1594
1595 switch (event) {
1596 case NETDEV_CHANGEADDR:
1597 neigh_changeaddr(&nd_tbl, dev);
1598 fib6_run_gc(~0UL, net);
1599 break;
1600 case NETDEV_DOWN:
1601 neigh_ifdown(&nd_tbl, dev);
1602 fib6_run_gc(~0UL, net);
1603 break;
1604 case NETDEV_NOTIFY_PEERS:
1605 ndisc_send_unsol_na(dev);
1606 break;
1607 default:
1608 break;
1609 }
1610
1611 return NOTIFY_DONE;
1612}
1613
1614static struct notifier_block ndisc_netdev_notifier = {
1615 .notifier_call = ndisc_netdev_event,
1616};
1617
1618#ifdef CONFIG_SYSCTL
1619static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1620 const char *func, const char *dev_name)
1621{
1622 static char warncomm[TASK_COMM_LEN];
1623 static int warned;
1624 if (strcmp(warncomm, current->comm) && warned < 5) {
1625 strcpy(warncomm, current->comm);
1626 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1627 warncomm, func,
1628 dev_name, ctl->procname,
1629 dev_name, ctl->procname);
1630 warned++;
1631 }
1632}
1633
1634int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
1635{
1636 struct net_device *dev = ctl->extra1;
1637 struct inet6_dev *idev;
1638 int ret;
1639
1640 if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1641 (strcmp(ctl->procname, "base_reachable_time") == 0))
1642 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1643
1644 if (strcmp(ctl->procname, "retrans_time") == 0)
1645 ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
1646
1647 else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1648 ret = proc_dointvec_jiffies(ctl, write,
1649 buffer, lenp, ppos);
1650
1651 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1652 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1653 ret = proc_dointvec_ms_jiffies(ctl, write,
1654 buffer, lenp, ppos);
1655 else
1656 ret = -1;
1657
1658 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1659 if (ctl->data == &idev->nd_parms->base_reachable_time)
1660 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time);
1661 idev->tstamp = jiffies;
1662 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1663 in6_dev_put(idev);
1664 }
1665 return ret;
1666}
1667
1668
1669#endif
1670
1671static int __net_init ndisc_net_init(struct net *net)
1672{
1673 struct ipv6_pinfo *np;
1674 struct sock *sk;
1675 int err;
1676
1677 err = inet_ctl_sock_create(&sk, PF_INET6,
1678 SOCK_RAW, IPPROTO_ICMPV6, net);
1679 if (err < 0) {
1680 ND_PRINTK(0, err,
1681 "NDISC: Failed to initialize the control socket (err %d)\n",
1682 err);
1683 return err;
1684 }
1685
1686 net->ipv6.ndisc_sk = sk;
1687
1688 np = inet6_sk(sk);
1689 np->hop_limit = 255;
1690
1691 np->mc_loop = 0;
1692
1693 return 0;
1694}
1695
1696static void __net_exit ndisc_net_exit(struct net *net)
1697{
1698 inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1699}
1700
1701static struct pernet_operations ndisc_net_ops = {
1702 .init = ndisc_net_init,
1703 .exit = ndisc_net_exit,
1704};
1705
1706int __init ndisc_init(void)
1707{
1708 int err;
1709
1710 err = register_pernet_subsys(&ndisc_net_ops);
1711 if (err)
1712 return err;
1713
1714
1715
1716 neigh_table_init(&nd_tbl);
1717
1718#ifdef CONFIG_SYSCTL
1719 err = neigh_sysctl_register(NULL, &nd_tbl.parms, "ipv6",
1720 &ndisc_ifinfo_sysctl_change);
1721 if (err)
1722 goto out_unregister_pernet;
1723#endif
1724 err = register_netdevice_notifier(&ndisc_netdev_notifier);
1725 if (err)
1726 goto out_unregister_sysctl;
1727out:
1728 return err;
1729
1730out_unregister_sysctl:
1731#ifdef CONFIG_SYSCTL
1732 neigh_sysctl_unregister(&nd_tbl.parms);
1733out_unregister_pernet:
1734#endif
1735 unregister_pernet_subsys(&ndisc_net_ops);
1736 goto out;
1737}
1738
1739void ndisc_cleanup(void)
1740{
1741 unregister_netdevice_notifier(&ndisc_netdev_notifier);
1742#ifdef CONFIG_SYSCTL
1743 neigh_sysctl_unregister(&nd_tbl.parms);
1744#endif
1745 neigh_table_clear(&nd_tbl);
1746 unregister_pernet_subsys(&ndisc_net_ops);
1747}
1748
