linux/net/ipv6/ndisc.c
<<
>>
Prefs
   1/*
   2 *      Neighbour Discovery for IPv6
   3 *      Linux INET6 implementation
   4 *
   5 *      Authors:
   6 *      Pedro Roque             <roque@di.fc.ul.pt>
   7 *      Mike Shaver             <shaver@ingenia.com>
   8 *
   9 *      This program is free software; you can redistribute it and/or
  10 *      modify it under the terms of the GNU General Public License
  11 *      as published by the Free Software Foundation; either version
  12 *      2 of the License, or (at your option) any later version.
  13 */
  14
  15/*
  16 *      Changes:
  17 *
  18 *      Alexey I. Froloff               :       RFC6106 (DNSSL) support
  19 *      Pierre Ynard                    :       export userland ND options
  20 *                                              through netlink (RDNSS support)
  21 *      Lars Fenneberg                  :       fixed MTU setting on receipt
  22 *                                              of an RA.
  23 *      Janos Farkas                    :       kmalloc failure checks
  24 *      Alexey Kuznetsov                :       state machine reworked
  25 *                                              and moved to net/core.
  26 *      Pekka Savola                    :       RFC2461 validation
  27 *      YOSHIFUJI Hideaki @USAGI        :       Verify ND options properly
  28 */
  29
  30#define pr_fmt(fmt) "ICMPv6: " fmt
  31
  32#include <linux/module.h>
  33#include <linux/errno.h>
  34#include <linux/types.h>
  35#include <linux/socket.h>
  36#include <linux/sockios.h>
  37#include <linux/sched.h>
  38#include <linux/net.h>
  39#include <linux/in6.h>
  40#include <linux/route.h>
  41#include <linux/init.h>
  42#include <linux/rcupdate.h>
  43#include <linux/slab.h>
  44#ifdef CONFIG_SYSCTL
  45#include <linux/sysctl.h>
  46#endif
  47
  48#include <linux/if_addr.h>
  49#include <linux/if_arp.h>
  50#include <linux/ipv6.h>
  51#include <linux/icmpv6.h>
  52#include <linux/jhash.h>
  53
  54#include <net/sock.h>
  55#include <net/snmp.h>
  56
  57#include <net/ipv6.h>
  58#include <net/protocol.h>
  59#include <net/ndisc.h>
  60#include <net/ip6_route.h>
  61#include <net/addrconf.h>
  62#include <net/icmp.h>
  63
  64#include <net/netlink.h>
  65#include <linux/rtnetlink.h>
  66
  67#include <net/flow.h>
  68#include <net/ip6_checksum.h>
  69#include <net/inet_common.h>
  70#include <linux/proc_fs.h>
  71
  72#include <linux/netfilter.h>
  73#include <linux/netfilter_ipv6.h>
  74
  75/* Set to 3 to get tracing... */
  76#define ND_DEBUG 1
  77
  78#define ND_PRINTK(val, level, fmt, ...)                         \
  79do {                                                            \
  80        if (val <= ND_DEBUG)                                    \
  81                net_##level##_ratelimited(fmt, ##__VA_ARGS__);  \
  82} while (0)
  83
  84static u32 ndisc_hash(const void *pkey,
  85                      const struct net_device *dev,
  86                      __u32 *hash_rnd);
  87static int ndisc_constructor(struct neighbour *neigh);
  88static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
  89static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
  90static int pndisc_constructor(struct pneigh_entry *n);
  91static void pndisc_destructor(struct pneigh_entry *n);
  92static void pndisc_redo(struct sk_buff *skb);
  93
  94static const struct neigh_ops ndisc_generic_ops = {
  95        .family =               AF_INET6,
  96        .solicit =              ndisc_solicit,
  97        .error_report =         ndisc_error_report,
  98        .output =               neigh_resolve_output,
  99        .connected_output =     neigh_connected_output,
 100};
 101
 102static const struct neigh_ops ndisc_hh_ops = {
 103        .family =               AF_INET6,
 104        .solicit =              ndisc_solicit,
 105        .error_report =         ndisc_error_report,
 106        .output =               neigh_resolve_output,
 107        .connected_output =     neigh_resolve_output,
 108};
 109
 110
 111static const struct neigh_ops ndisc_direct_ops = {
 112        .family =               AF_INET6,
 113        .output =               neigh_direct_output,
 114        .connected_output =     neigh_direct_output,
 115};
 116
 117struct neigh_table nd_tbl = {
 118        .family =       AF_INET6,
 119        .key_len =      sizeof(struct in6_addr),
 120        .hash =         ndisc_hash,
 121        .constructor =  ndisc_constructor,
 122        .pconstructor = pndisc_constructor,
 123        .pdestructor =  pndisc_destructor,
 124        .proxy_redo =   pndisc_redo,
 125        .id =           "ndisc_cache",
 126        .parms = {
 127                .tbl                    = &nd_tbl,
 128                .base_reachable_time    = ND_REACHABLE_TIME,
 129                .retrans_time           = ND_RETRANS_TIMER,
 130                .gc_staletime           = 60 * HZ,
 131                .reachable_time         = ND_REACHABLE_TIME,
 132                .delay_probe_time       = 5 * HZ,
 133                .queue_len_bytes        = 64*1024,
 134                .ucast_probes           = 3,
 135                .mcast_probes           = 3,
 136                .anycast_delay          = 1 * HZ,
 137                .proxy_delay            = (8 * HZ) / 10,
 138                .proxy_qlen             = 64,
 139        },
 140        .gc_interval =    30 * HZ,
 141        .gc_thresh1 =    128,
 142        .gc_thresh2 =    512,
 143        .gc_thresh3 =   1024,
 144};
 145
 146static inline int ndisc_opt_addr_space(struct net_device *dev)
 147{
 148        return NDISC_OPT_SPACE(dev->addr_len + ndisc_addr_option_pad(dev->type));
 149}
 150
 151static u8 *ndisc_fill_addr_option(u8 *opt, int type, void *data, int data_len,
 152                                  unsigned short addr_type)
 153{
 154        int space = NDISC_OPT_SPACE(data_len);
 155        int pad   = ndisc_addr_option_pad(addr_type);
 156
 157        opt[0] = type;
 158        opt[1] = space>>3;
 159
 160        memset(opt + 2, 0, pad);
 161        opt   += pad;
 162        space -= pad;
 163
 164        memcpy(opt+2, data, data_len);
 165        data_len += 2;
 166        opt += data_len;
 167        if ((space -= data_len) > 0)
 168                memset(opt, 0, space);
 169        return opt + space;
 170}
 171
 172static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
 173                                            struct nd_opt_hdr *end)
 174{
 175        int type;
 176        if (!cur || !end || cur >= end)
 177                return NULL;
 178        type = cur->nd_opt_type;
 179        do {
 180                cur = ((void *)cur) + (cur->nd_opt_len << 3);
 181        } while(cur < end && cur->nd_opt_type != type);
 182        return cur <= end && cur->nd_opt_type == type ? cur : NULL;
 183}
 184
 185static inline int ndisc_is_useropt(struct nd_opt_hdr *opt)
 186{
 187        return opt->nd_opt_type == ND_OPT_RDNSS ||
 188                opt->nd_opt_type == ND_OPT_DNSSL;
 189}
 190
 191static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur,
 192                                             struct nd_opt_hdr *end)
 193{
 194        if (!cur || !end || cur >= end)
 195                return NULL;
 196        do {
 197                cur = ((void *)cur) + (cur->nd_opt_len << 3);
 198        } while(cur < end && !ndisc_is_useropt(cur));
 199        return cur <= end && ndisc_is_useropt(cur) ? cur : NULL;
 200}
 201
 202struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
 203                                          struct ndisc_options *ndopts)
 204{
 205        struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
 206
 207        if (!nd_opt || opt_len < 0 || !ndopts)
 208                return NULL;
 209        memset(ndopts, 0, sizeof(*ndopts));
 210        while (opt_len) {
 211                int l;
 212                if (opt_len < sizeof(struct nd_opt_hdr))
 213                        return NULL;
 214                l = nd_opt->nd_opt_len << 3;
 215                if (opt_len < l || l == 0)
 216                        return NULL;
 217                switch (nd_opt->nd_opt_type) {
 218                case ND_OPT_SOURCE_LL_ADDR:
 219                case ND_OPT_TARGET_LL_ADDR:
 220                case ND_OPT_MTU:
 221                case ND_OPT_REDIRECT_HDR:
 222                        if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
 223                                ND_PRINTK(2, warn,
 224                                          "%s: duplicated ND6 option found: type=%d\n",
 225                                          __func__, nd_opt->nd_opt_type);
 226                        } else {
 227                                ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
 228                        }
 229                        break;
 230                case ND_OPT_PREFIX_INFO:
 231                        ndopts->nd_opts_pi_end = nd_opt;
 232                        if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
 233                                ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
 234                        break;
 235#ifdef CONFIG_IPV6_ROUTE_INFO
 236                case ND_OPT_ROUTE_INFO:
 237                        ndopts->nd_opts_ri_end = nd_opt;
 238                        if (!ndopts->nd_opts_ri)
 239                                ndopts->nd_opts_ri = nd_opt;
 240                        break;
 241#endif
 242                default:
 243                        if (ndisc_is_useropt(nd_opt)) {
 244                                ndopts->nd_useropts_end = nd_opt;
 245                                if (!ndopts->nd_useropts)
 246                                        ndopts->nd_useropts = nd_opt;
 247                        } else {
 248                                /*
 249                                 * Unknown options must be silently ignored,
 250                                 * to accommodate future extension to the
 251                                 * protocol.
 252                                 */
 253                                ND_PRINTK(2, notice,
 254                                          "%s: ignored unsupported option; type=%d, len=%d\n",
 255                                          __func__,
 256                                          nd_opt->nd_opt_type,
 257                                          nd_opt->nd_opt_len);
 258                        }
 259                }
 260                opt_len -= l;
 261                nd_opt = ((void *)nd_opt) + l;
 262        }
 263        return ndopts;
 264}
 265
 266int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
 267{
 268        switch (dev->type) {
 269        case ARPHRD_ETHER:
 270        case ARPHRD_IEEE802:    /* Not sure. Check it later. --ANK */
 271        case ARPHRD_FDDI:
 272                ipv6_eth_mc_map(addr, buf);
 273                return 0;
 274        case ARPHRD_ARCNET:
 275                ipv6_arcnet_mc_map(addr, buf);
 276                return 0;
 277        case ARPHRD_INFINIBAND:
 278                ipv6_ib_mc_map(addr, dev->broadcast, buf);
 279                return 0;
 280        case ARPHRD_IPGRE:
 281                return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
 282        default:
 283                if (dir) {
 284                        memcpy(buf, dev->broadcast, dev->addr_len);
 285                        return 0;
 286                }
 287        }
 288        return -EINVAL;
 289}
 290
 291EXPORT_SYMBOL(ndisc_mc_map);
 292
 293static u32 ndisc_hash(const void *pkey,
 294                      const struct net_device *dev,
 295                      __u32 *hash_rnd)
 296{
 297        return ndisc_hashfn(pkey, dev, hash_rnd);
 298}
 299
 300static int ndisc_constructor(struct neighbour *neigh)
 301{
 302        struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key;
 303        struct net_device *dev = neigh->dev;
 304        struct inet6_dev *in6_dev;
 305        struct neigh_parms *parms;
 306        bool is_multicast = ipv6_addr_is_multicast(addr);
 307
 308        in6_dev = in6_dev_get(dev);
 309        if (in6_dev == NULL) {
 310                return -EINVAL;
 311        }
 312
 313        parms = in6_dev->nd_parms;
 314        __neigh_parms_put(neigh->parms);
 315        neigh->parms = neigh_parms_clone(parms);
 316
 317        neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
 318        if (!dev->header_ops) {
 319                neigh->nud_state = NUD_NOARP;
 320                neigh->ops = &ndisc_direct_ops;
 321                neigh->output = neigh_direct_output;
 322        } else {
 323                if (is_multicast) {
 324                        neigh->nud_state = NUD_NOARP;
 325                        ndisc_mc_map(addr, neigh->ha, dev, 1);
 326                } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
 327                        neigh->nud_state = NUD_NOARP;
 328                        memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
 329                        if (dev->flags&IFF_LOOPBACK)
 330                                neigh->type = RTN_LOCAL;
 331                } else if (dev->flags&IFF_POINTOPOINT) {
 332                        neigh->nud_state = NUD_NOARP;
 333                        memcpy(neigh->ha, dev->broadcast, dev->addr_len);
 334                }
 335                if (dev->header_ops->cache)
 336                        neigh->ops = &ndisc_hh_ops;
 337                else
 338                        neigh->ops = &ndisc_generic_ops;
 339                if (neigh->nud_state&NUD_VALID)
 340                        neigh->output = neigh->ops->connected_output;
 341                else
 342                        neigh->output = neigh->ops->output;
 343        }
 344        in6_dev_put(in6_dev);
 345        return 0;
 346}
 347
 348static int pndisc_constructor(struct pneigh_entry *n)
 349{
 350        struct in6_addr *addr = (struct in6_addr*)&n->key;
 351        struct in6_addr maddr;
 352        struct net_device *dev = n->dev;
 353
 354        if (dev == NULL || __in6_dev_get(dev) == NULL)
 355                return -EINVAL;
 356        addrconf_addr_solict_mult(addr, &maddr);
 357        ipv6_dev_mc_inc(dev, &maddr);
 358        return 0;
 359}
 360
 361static void pndisc_destructor(struct pneigh_entry *n)
 362{
 363        struct in6_addr *addr = (struct in6_addr*)&n->key;
 364        struct in6_addr maddr;
 365        struct net_device *dev = n->dev;
 366
 367        if (dev == NULL || __in6_dev_get(dev) == NULL)
 368                return;
 369        addrconf_addr_solict_mult(addr, &maddr);
 370        ipv6_dev_mc_dec(dev, &maddr);
 371}
 372
 373struct sk_buff *ndisc_build_skb(struct net_device *dev,
 374                                const struct in6_addr *daddr,
 375                                const struct in6_addr *saddr,
 376                                struct icmp6hdr *icmp6h,
 377                                const struct in6_addr *target,
 378                                int llinfo)
 379{
 380        struct net *net = dev_net(dev);
 381        struct sock *sk = net->ipv6.ndisc_sk;
 382        struct sk_buff *skb;
 383        struct icmp6hdr *hdr;
 384        int hlen = LL_RESERVED_SPACE(dev);
 385        int tlen = dev->needed_tailroom;
 386        int len;
 387        int err;
 388        u8 *opt;
 389
 390        if (!dev->addr_len)
 391                llinfo = 0;
 392
 393        len = sizeof(struct icmp6hdr) + (target ? sizeof(*target) : 0);
 394        if (llinfo)
 395                len += ndisc_opt_addr_space(dev);
 396
 397        skb = sock_alloc_send_skb(sk,
 398                                  (MAX_HEADER + sizeof(struct ipv6hdr) +
 399                                   len + hlen + tlen),
 400                                  1, &err);
 401        if (!skb) {
 402                ND_PRINTK(0, err, "ND: %s failed to allocate an skb, err=%d\n",
 403                          __func__, err);
 404                return NULL;
 405        }
 406
 407        skb_reserve(skb, hlen);
 408        ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len);
 409
 410        skb->transport_header = skb->tail;
 411        skb_put(skb, len);
 412
 413        hdr = (struct icmp6hdr *)skb_transport_header(skb);
 414        memcpy(hdr, icmp6h, sizeof(*hdr));
 415
 416        opt = skb_transport_header(skb) + sizeof(struct icmp6hdr);
 417        if (target) {
 418                *(struct in6_addr *)opt = *target;
 419                opt += sizeof(*target);
 420        }
 421
 422        if (llinfo)
 423                ndisc_fill_addr_option(opt, llinfo, dev->dev_addr,
 424                                       dev->addr_len, dev->type);
 425
 426        hdr->icmp6_cksum = csum_ipv6_magic(saddr, daddr, len,
 427                                           IPPROTO_ICMPV6,
 428                                           csum_partial(hdr,
 429                                                        len, 0));
 430
 431        return skb;
 432}
 433
 434EXPORT_SYMBOL(ndisc_build_skb);
 435
 436void ndisc_send_skb(struct sk_buff *skb,
 437                    struct net_device *dev,
 438                    struct neighbour *neigh,
 439                    const struct in6_addr *daddr,
 440                    const struct in6_addr *saddr,
 441                    struct icmp6hdr *icmp6h)
 442{
 443        struct flowi6 fl6;
 444        struct dst_entry *dst;
 445        struct net *net = dev_net(dev);
 446        struct sock *sk = net->ipv6.ndisc_sk;
 447        struct inet6_dev *idev;
 448        int err;
 449        u8 type;
 450
 451        type = icmp6h->icmp6_type;
 452
 453        icmpv6_flow_init(sk, &fl6, type, saddr, daddr, dev->ifindex);
 454        dst = icmp6_dst_alloc(dev, neigh, &fl6);
 455        if (IS_ERR(dst)) {
 456                kfree_skb(skb);
 457                return;
 458        }
 459
 460        skb_dst_set(skb, dst);
 461
 462        rcu_read_lock();
 463        idev = __in6_dev_get(dst->dev);
 464        IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
 465
 466        err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev,
 467                      dst_output);
 468        if (!err) {
 469                ICMP6MSGOUT_INC_STATS(net, idev, type);
 470                ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
 471        }
 472
 473        rcu_read_unlock();
 474}
 475
 476EXPORT_SYMBOL(ndisc_send_skb);
 477
 478/*
 479 *      Send a Neighbour Discover packet
 480 */
 481static void __ndisc_send(struct net_device *dev,
 482                         struct neighbour *neigh,
 483                         const struct in6_addr *daddr,
 484                         const struct in6_addr *saddr,
 485                         struct icmp6hdr *icmp6h, const struct in6_addr *target,
 486                         int llinfo)
 487{
 488        struct sk_buff *skb;
 489
 490        skb = ndisc_build_skb(dev, daddr, saddr, icmp6h, target, llinfo);
 491        if (!skb)
 492                return;
 493
 494        ndisc_send_skb(skb, dev, neigh, daddr, saddr, icmp6h);
 495}
 496
 497static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
 498                          const struct in6_addr *daddr,
 499                          const struct in6_addr *solicited_addr,
 500                          int router, int solicited, int override, int inc_opt)
 501{
 502        struct in6_addr tmpaddr;
 503        struct inet6_ifaddr *ifp;
 504        const struct in6_addr *src_addr;
 505        struct icmp6hdr icmp6h = {
 506                .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
 507        };
 508
 509        /* for anycast or proxy, solicited_addr != src_addr */
 510        ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
 511        if (ifp) {
 512                src_addr = solicited_addr;
 513                if (ifp->flags & IFA_F_OPTIMISTIC)
 514                        override = 0;
 515                inc_opt |= ifp->idev->cnf.force_tllao;
 516                in6_ifa_put(ifp);
 517        } else {
 518                if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
 519                                       inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
 520                                       &tmpaddr))
 521                        return;
 522                src_addr = &tmpaddr;
 523        }
 524
 525        icmp6h.icmp6_router = router;
 526        icmp6h.icmp6_solicited = solicited;
 527        icmp6h.icmp6_override = override;
 528
 529        __ndisc_send(dev, neigh, daddr, src_addr,
 530                     &icmp6h, solicited_addr,
 531                     inc_opt ? ND_OPT_TARGET_LL_ADDR : 0);
 532}
 533
 534static void ndisc_send_unsol_na(struct net_device *dev)
 535{
 536        struct inet6_dev *idev;
 537        struct inet6_ifaddr *ifa;
 538        struct in6_addr mcaddr = IN6ADDR_LINKLOCAL_ALLNODES_INIT;
 539
 540        idev = in6_dev_get(dev);
 541        if (!idev)
 542                return;
 543
 544        read_lock_bh(&idev->lock);
 545        list_for_each_entry(ifa, &idev->addr_list, if_list) {
 546                ndisc_send_na(dev, NULL, &mcaddr, &ifa->addr,
 547                              /*router=*/ !!idev->cnf.forwarding,
 548                              /*solicited=*/ false, /*override=*/ true,
 549                              /*inc_opt=*/ true);
 550        }
 551        read_unlock_bh(&idev->lock);
 552
 553        in6_dev_put(idev);
 554}
 555
 556void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh,
 557                   const struct in6_addr *solicit,
 558                   const struct in6_addr *daddr, const struct in6_addr *saddr)
 559{
 560        struct in6_addr addr_buf;
 561        struct icmp6hdr icmp6h = {
 562                .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
 563        };
 564
 565        if (saddr == NULL) {
 566                if (ipv6_get_lladdr(dev, &addr_buf,
 567                                   (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
 568                        return;
 569                saddr = &addr_buf;
 570        }
 571
 572        __ndisc_send(dev, neigh, daddr, saddr,
 573                     &icmp6h, solicit,
 574                     !ipv6_addr_any(saddr) ? ND_OPT_SOURCE_LL_ADDR : 0);
 575}
 576
 577void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
 578                   const struct in6_addr *daddr)
 579{
 580        struct icmp6hdr icmp6h = {
 581                .icmp6_type = NDISC_ROUTER_SOLICITATION,
 582        };
 583        int send_sllao = dev->addr_len;
 584
 585#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
 586        /*
 587         * According to section 2.2 of RFC 4429, we must not
 588         * send router solicitations with a sllao from
 589         * optimistic addresses, but we may send the solicitation
 590         * if we don't include the sllao.  So here we check
 591         * if our address is optimistic, and if so, we
 592         * suppress the inclusion of the sllao.
 593         */
 594        if (send_sllao) {
 595                struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
 596                                                           dev, 1);
 597                if (ifp) {
 598                        if (ifp->flags & IFA_F_OPTIMISTIC)  {
 599                                send_sllao = 0;
 600                        }
 601                        in6_ifa_put(ifp);
 602                } else {
 603                        send_sllao = 0;
 604                }
 605        }
 606#endif
 607        __ndisc_send(dev, NULL, daddr, saddr,
 608                     &icmp6h, NULL,
 609                     send_sllao ? ND_OPT_SOURCE_LL_ADDR : 0);
 610}
 611
 612
 613static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
 614{
 615        /*
 616         *      "The sender MUST return an ICMP
 617         *       destination unreachable"
 618         */
 619        dst_link_failure(skb);
 620        kfree_skb(skb);
 621}
 622
 623/* Called with locked neigh: either read or both */
 624
 625static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
 626{
 627        struct in6_addr *saddr = NULL;
 628        struct in6_addr mcaddr;
 629        struct net_device *dev = neigh->dev;
 630        struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
 631        int probes = atomic_read(&neigh->probes);
 632
 633        if (skb && ipv6_chk_addr(dev_net(dev), &ipv6_hdr(skb)->saddr, dev, 1))
 634                saddr = &ipv6_hdr(skb)->saddr;
 635
 636        if ((probes -= neigh->parms->ucast_probes) < 0) {
 637                if (!(neigh->nud_state & NUD_VALID)) {
 638                        ND_PRINTK(1, dbg,
 639                                  "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
 640                                  __func__, target);
 641                }
 642                ndisc_send_ns(dev, neigh, target, target, saddr);
 643        } else if ((probes -= neigh->parms->app_probes) < 0) {
 644#ifdef CONFIG_ARPD
 645                neigh_app_ns(neigh);
 646#endif
 647        } else {
 648                addrconf_addr_solict_mult(target, &mcaddr);
 649                ndisc_send_ns(dev, NULL, target, &mcaddr, saddr);
 650        }
 651}
 652
 653static int pndisc_is_router(const void *pkey,
 654                            struct net_device *dev)
 655{
 656        struct pneigh_entry *n;
 657        int ret = -1;
 658
 659        read_lock_bh(&nd_tbl.lock);
 660        n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
 661        if (n)
 662                ret = !!(n->flags & NTF_ROUTER);
 663        read_unlock_bh(&nd_tbl.lock);
 664
 665        return ret;
 666}
 667
 668static void ndisc_recv_ns(struct sk_buff *skb)
 669{
 670        struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
 671        const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
 672        const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
 673        u8 *lladdr = NULL;
 674        u32 ndoptlen = skb->tail - (skb->transport_header +
 675                                    offsetof(struct nd_msg, opt));
 676        struct ndisc_options ndopts;
 677        struct net_device *dev = skb->dev;
 678        struct inet6_ifaddr *ifp;
 679        struct inet6_dev *idev = NULL;
 680        struct neighbour *neigh;
 681        int dad = ipv6_addr_any(saddr);
 682        bool inc;
 683        int is_router = -1;
 684
 685        if (ipv6_addr_is_multicast(&msg->target)) {
 686                ND_PRINTK(2, warn, "NS: multicast target address\n");
 687                return;
 688        }
 689
 690        /*
 691         * RFC2461 7.1.1:
 692         * DAD has to be destined for solicited node multicast address.
 693         */
 694        if (dad &&
 695            !(daddr->s6_addr32[0] == htonl(0xff020000) &&
 696              daddr->s6_addr32[1] == htonl(0x00000000) &&
 697              daddr->s6_addr32[2] == htonl(0x00000001) &&
 698              daddr->s6_addr [12] == 0xff )) {
 699                ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
 700                return;
 701        }
 702
 703        if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
 704                ND_PRINTK(2, warn, "NS: invalid ND options\n");
 705                return;
 706        }
 707
 708        if (ndopts.nd_opts_src_lladdr) {
 709                lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
 710                if (!lladdr) {
 711                        ND_PRINTK(2, warn,
 712                                  "NS: invalid link-layer address length\n");
 713                        return;
 714                }
 715
 716                /* RFC2461 7.1.1:
 717                 *      If the IP source address is the unspecified address,
 718                 *      there MUST NOT be source link-layer address option
 719                 *      in the message.
 720                 */
 721                if (dad) {
 722                        ND_PRINTK(2, warn,
 723                                  "NS: bad DAD packet (link-layer address option)\n");
 724                        return;
 725                }
 726        }
 727
 728        inc = ipv6_addr_is_multicast(daddr);
 729
 730        ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
 731        if (ifp) {
 732
 733                if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
 734                        if (dad) {
 735                                /*
 736                                 * We are colliding with another node
 737                                 * who is doing DAD
 738                                 * so fail our DAD process
 739                                 */
 740                                addrconf_dad_failure(ifp);
 741                                return;
 742                        } else {
 743                                /*
 744                                 * This is not a dad solicitation.
 745                                 * If we are an optimistic node,
 746                                 * we should respond.
 747                                 * Otherwise, we should ignore it.
 748                                 */
 749                                if (!(ifp->flags & IFA_F_OPTIMISTIC))
 750                                        goto out;
 751                        }
 752                }
 753
 754                idev = ifp->idev;
 755        } else {
 756                struct net *net = dev_net(dev);
 757
 758                idev = in6_dev_get(dev);
 759                if (!idev) {
 760                        /* XXX: count this drop? */
 761                        return;
 762                }
 763
 764                if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
 765                    (idev->cnf.forwarding &&
 766                     (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
 767                     (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
 768                        if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
 769                            skb->pkt_type != PACKET_HOST &&
 770                            inc != 0 &&
 771                            idev->nd_parms->proxy_delay != 0) {
 772                                /*
 773                                 * for anycast or proxy,
 774                                 * sender should delay its response
 775                                 * by a random time between 0 and
 776                                 * MAX_ANYCAST_DELAY_TIME seconds.
 777                                 * (RFC2461) -- yoshfuji
 778                                 */
 779                                struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
 780                                if (n)
 781                                        pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
 782                                goto out;
 783                        }
 784                } else
 785                        goto out;
 786        }
 787
 788        if (is_router < 0)
 789                is_router = !!idev->cnf.forwarding;
 790
 791        if (dad) {
 792                ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &msg->target,
 793                              is_router, 0, (ifp != NULL), 1);
 794                goto out;
 795        }
 796
 797        if (inc)
 798                NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
 799        else
 800                NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
 801
 802        /*
 803         *      update / create cache entry
 804         *      for the source address
 805         */
 806        neigh = __neigh_lookup(&nd_tbl, saddr, dev,
 807                               !inc || lladdr || !dev->addr_len);
 808        if (neigh)
 809                neigh_update(neigh, lladdr, NUD_STALE,
 810                             NEIGH_UPDATE_F_WEAK_OVERRIDE|
 811                             NEIGH_UPDATE_F_OVERRIDE);
 812        if (neigh || !dev->header_ops) {
 813                ndisc_send_na(dev, neigh, saddr, &msg->target,
 814                              is_router,
 815                              1, (ifp != NULL && inc), inc);
 816                if (neigh)
 817                        neigh_release(neigh);
 818        }
 819
 820out:
 821        if (ifp)
 822                in6_ifa_put(ifp);
 823        else
 824                in6_dev_put(idev);
 825}
 826
 827static void ndisc_recv_na(struct sk_buff *skb)
 828{
 829        struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
 830        const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
 831        const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
 832        u8 *lladdr = NULL;
 833        u32 ndoptlen = skb->tail - (skb->transport_header +
 834                                    offsetof(struct nd_msg, opt));
 835        struct ndisc_options ndopts;
 836        struct net_device *dev = skb->dev;
 837        struct inet6_ifaddr *ifp;
 838        struct neighbour *neigh;
 839
 840        if (skb->len < sizeof(struct nd_msg)) {
 841                ND_PRINTK(2, warn, "NA: packet too short\n");
 842                return;
 843        }
 844
 845        if (ipv6_addr_is_multicast(&msg->target)) {
 846                ND_PRINTK(2, warn, "NA: target address is multicast\n");
 847                return;
 848        }
 849
 850        if (ipv6_addr_is_multicast(daddr) &&
 851            msg->icmph.icmp6_solicited) {
 852                ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
 853                return;
 854        }
 855
 856        if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
 857                ND_PRINTK(2, warn, "NS: invalid ND option\n");
 858                return;
 859        }
 860        if (ndopts.nd_opts_tgt_lladdr) {
 861                lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
 862                if (!lladdr) {
 863                        ND_PRINTK(2, warn,
 864                                  "NA: invalid link-layer address length\n");
 865                        return;
 866                }
 867        }
 868        ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
 869        if (ifp) {
 870                if (skb->pkt_type != PACKET_LOOPBACK
 871                    && (ifp->flags & IFA_F_TENTATIVE)) {
 872                                addrconf_dad_failure(ifp);
 873                                return;
 874                }
 875                /* What should we make now? The advertisement
 876                   is invalid, but ndisc specs say nothing
 877                   about it. It could be misconfiguration, or
 878                   an smart proxy agent tries to help us :-)
 879
 880                   We should not print the error if NA has been
 881                   received from loopback - it is just our own
 882                   unsolicited advertisement.
 883                 */
 884                if (skb->pkt_type != PACKET_LOOPBACK)
 885                        ND_PRINTK(1, warn,
 886                                  "NA: someone advertises our address %pI6 on %s!\n",
 887                                  &ifp->addr, ifp->idev->dev->name);
 888                in6_ifa_put(ifp);
 889                return;
 890        }
 891        neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
 892
 893        if (neigh) {
 894                u8 old_flags = neigh->flags;
 895                struct net *net = dev_net(dev);
 896
 897                if (neigh->nud_state & NUD_FAILED)
 898                        goto out;
 899
 900                /*
 901                 * Don't update the neighbor cache entry on a proxy NA from
 902                 * ourselves because either the proxied node is off link or it
 903                 * has already sent a NA to us.
 904                 */
 905                if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
 906                    net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
 907                    pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
 908                        /* XXX: idev->cnf.prixy_ndp */
 909                        goto out;
 910                }
 911
 912                neigh_update(neigh, lladdr,
 913                             msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
 914                             NEIGH_UPDATE_F_WEAK_OVERRIDE|
 915                             (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
 916                             NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
 917                             (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0));
 918
 919                if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
 920                        /*
 921                         * Change: router to host
 922                         */
 923                        struct rt6_info *rt;
 924                        rt = rt6_get_dflt_router(saddr, dev);
 925                        if (rt)
 926                                ip6_del_rt(rt);
 927                }
 928
 929out:
 930                neigh_release(neigh);
 931        }
 932}
 933
 934static void ndisc_recv_rs(struct sk_buff *skb)
 935{
 936        struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
 937        unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
 938        struct neighbour *neigh;
 939        struct inet6_dev *idev;
 940        const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
 941        struct ndisc_options ndopts;
 942        u8 *lladdr = NULL;
 943
 944        if (skb->len < sizeof(*rs_msg))
 945                return;
 946
 947        idev = __in6_dev_get(skb->dev);
 948        if (!idev) {
 949                ND_PRINTK(1, err, "RS: can't find in6 device\n");
 950                return;
 951        }
 952
 953        /* Don't accept RS if we're not in router mode */
 954        if (!idev->cnf.forwarding)
 955                goto out;
 956
 957        /*
 958         * Don't update NCE if src = ::;
 959         * this implies that the source node has no ip address assigned yet.
 960         */
 961        if (ipv6_addr_any(saddr))
 962                goto out;
 963
 964        /* Parse ND options */
 965        if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) {
 966                ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n");
 967                goto out;
 968        }
 969
 970        if (ndopts.nd_opts_src_lladdr) {
 971                lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
 972                                             skb->dev);
 973                if (!lladdr)
 974                        goto out;
 975        }
 976
 977        neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
 978        if (neigh) {
 979                neigh_update(neigh, lladdr, NUD_STALE,
 980                             NEIGH_UPDATE_F_WEAK_OVERRIDE|
 981                             NEIGH_UPDATE_F_OVERRIDE|
 982                             NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
 983                neigh_release(neigh);
 984        }
 985out:
 986        return;
 987}
 988
 989static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
 990{
 991        struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
 992        struct sk_buff *skb;
 993        struct nlmsghdr *nlh;
 994        struct nduseroptmsg *ndmsg;
 995        struct net *net = dev_net(ra->dev);
 996        int err;
 997        int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
 998                                    + (opt->nd_opt_len << 3));
 999        size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1000
1001        skb = nlmsg_new(msg_size, GFP_ATOMIC);
1002        if (skb == NULL) {
1003                err = -ENOBUFS;
1004                goto errout;
1005        }
1006
1007        nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1008        if (nlh == NULL) {
1009                goto nla_put_failure;
1010        }
1011
1012        ndmsg = nlmsg_data(nlh);
1013        ndmsg->nduseropt_family = AF_INET6;
1014        ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1015        ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1016        ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1017        ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1018
1019        memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1020
1021        if (nla_put(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr),
1022                    &ipv6_hdr(ra)->saddr))
1023                goto nla_put_failure;
1024        nlmsg_end(skb, nlh);
1025
1026        rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1027        return;
1028
1029nla_put_failure:
1030        nlmsg_free(skb);
1031        err = -EMSGSIZE;
1032errout:
1033        rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1034}
1035
1036static inline int accept_ra(struct inet6_dev *in6_dev)
1037{
1038        /*
1039         * If forwarding is enabled, RA are not accepted unless the special
1040         * hybrid mode (accept_ra=2) is enabled.
1041         */
1042        if (in6_dev->cnf.forwarding && in6_dev->cnf.accept_ra < 2)
1043                return 0;
1044
1045        return in6_dev->cnf.accept_ra;
1046}
1047
1048static void ndisc_router_discovery(struct sk_buff *skb)
1049{
1050        struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1051        struct neighbour *neigh = NULL;
1052        struct inet6_dev *in6_dev;
1053        struct rt6_info *rt = NULL;
1054        int lifetime;
1055        struct ndisc_options ndopts;
1056        int optlen;
1057        unsigned int pref = 0;
1058
1059        __u8 * opt = (__u8 *)(ra_msg + 1);
1060
1061        optlen = (skb->tail - skb->transport_header) - sizeof(struct ra_msg);
1062
1063        if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1064                ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1065                return;
1066        }
1067        if (optlen < 0) {
1068                ND_PRINTK(2, warn, "RA: packet too short\n");
1069                return;
1070        }
1071
1072#ifdef CONFIG_IPV6_NDISC_NODETYPE
1073        if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1074                ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
1075                return;
1076        }
1077#endif
1078
1079        /*
1080         *      set the RA_RECV flag in the interface
1081         */
1082
1083        in6_dev = __in6_dev_get(skb->dev);
1084        if (in6_dev == NULL) {
1085                ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1086                          skb->dev->name);
1087                return;
1088        }
1089
1090        if (!ndisc_parse_options(opt, optlen, &ndopts)) {
1091                ND_PRINTK(2, warn, "RA: invalid ND options\n");
1092                return;
1093        }
1094
1095        if (!accept_ra(in6_dev))
1096                goto skip_linkparms;
1097
1098#ifdef CONFIG_IPV6_NDISC_NODETYPE
1099        /* skip link-specific parameters from interior routers */
1100        if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1101                goto skip_linkparms;
1102#endif
1103
1104        if (in6_dev->if_flags & IF_RS_SENT) {
1105                /*
1106                 *      flag that an RA was received after an RS was sent
1107                 *      out on this interface.
1108                 */
1109                in6_dev->if_flags |= IF_RA_RCVD;
1110        }
1111
1112        /*
1113         * Remember the managed/otherconf flags from most recently
1114         * received RA message (RFC 2462) -- yoshfuji
1115         */
1116        in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1117                                IF_RA_OTHERCONF)) |
1118                                (ra_msg->icmph.icmp6_addrconf_managed ?
1119                                        IF_RA_MANAGED : 0) |
1120                                (ra_msg->icmph.icmp6_addrconf_other ?
1121                                        IF_RA_OTHERCONF : 0);
1122
1123        if (!in6_dev->cnf.accept_ra_defrtr)
1124                goto skip_defrtr;
1125
1126        if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0))
1127                goto skip_defrtr;
1128
1129        lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1130
1131#ifdef CONFIG_IPV6_ROUTER_PREF
1132        pref = ra_msg->icmph.icmp6_router_pref;
1133        /* 10b is handled as if it were 00b (medium) */
1134        if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1135            !in6_dev->cnf.accept_ra_rtr_pref)
1136                pref = ICMPV6_ROUTER_PREF_MEDIUM;
1137#endif
1138
1139        rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1140
1141        if (rt) {
1142                neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1143                if (!neigh) {
1144                        ND_PRINTK(0, err,
1145                                  "RA: %s got default router without neighbour\n",
1146                                  __func__);
1147                        dst_release(&rt->dst);
1148                        return;
1149                }
1150        }
1151        if (rt && lifetime == 0) {
1152                ip6_del_rt(rt);
1153                rt = NULL;
1154        }
1155
1156        if (rt == NULL && lifetime) {
1157                ND_PRINTK(3, dbg, "RA: adding default router\n");
1158
1159                rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
1160                if (rt == NULL) {
1161                        ND_PRINTK(0, err,
1162                                  "RA: %s failed to add default route\n",
1163                                  __func__);
1164                        return;
1165                }
1166
1167                neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1168                if (neigh == NULL) {
1169                        ND_PRINTK(0, err,
1170                                  "RA: %s got default router without neighbour\n",
1171                                  __func__);
1172                        dst_release(&rt->dst);
1173                        return;
1174                }
1175                neigh->flags |= NTF_ROUTER;
1176        } else if (rt) {
1177                rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1178        }
1179
1180        if (rt)
1181                rt6_set_expires(rt, jiffies + (HZ * lifetime));
1182        if (ra_msg->icmph.icmp6_hop_limit) {
1183                in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1184                if (rt)
1185                        dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
1186                                       ra_msg->icmph.icmp6_hop_limit);
1187        }
1188
1189skip_defrtr:
1190
1191        /*
1192         *      Update Reachable Time and Retrans Timer
1193         */
1194
1195        if (in6_dev->nd_parms) {
1196                unsigned long rtime = ntohl(ra_msg->retrans_timer);
1197
1198                if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1199                        rtime = (rtime*HZ)/1000;
1200                        if (rtime < HZ/10)
1201                                rtime = HZ/10;
1202                        in6_dev->nd_parms->retrans_time = rtime;
1203                        in6_dev->tstamp = jiffies;
1204                        inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1205                }
1206
1207                rtime = ntohl(ra_msg->reachable_time);
1208                if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1209                        rtime = (rtime*HZ)/1000;
1210
1211                        if (rtime < HZ/10)
1212                                rtime = HZ/10;
1213
1214                        if (rtime != in6_dev->nd_parms->base_reachable_time) {
1215                                in6_dev->nd_parms->base_reachable_time = rtime;
1216                                in6_dev->nd_parms->gc_staletime = 3 * rtime;
1217                                in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1218                                in6_dev->tstamp = jiffies;
1219                                inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1220                        }
1221                }
1222        }
1223
1224skip_linkparms:
1225
1226        /*
1227         *      Process options.
1228         */
1229
1230        if (!neigh)
1231                neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1232                                       skb->dev, 1);
1233        if (neigh) {
1234                u8 *lladdr = NULL;
1235                if (ndopts.nd_opts_src_lladdr) {
1236                        lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1237                                                     skb->dev);
1238                        if (!lladdr) {
1239                                ND_PRINTK(2, warn,
1240                                          "RA: invalid link-layer address length\n");
1241                                goto out;
1242                        }
1243                }
1244                neigh_update(neigh, lladdr, NUD_STALE,
1245                             NEIGH_UPDATE_F_WEAK_OVERRIDE|
1246                             NEIGH_UPDATE_F_OVERRIDE|
1247                             NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1248                             NEIGH_UPDATE_F_ISROUTER);
1249        }
1250
1251        if (!accept_ra(in6_dev))
1252                goto out;
1253
1254#ifdef CONFIG_IPV6_ROUTE_INFO
1255        if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0))
1256                goto skip_routeinfo;
1257
1258        if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1259                struct nd_opt_hdr *p;
1260                for (p = ndopts.nd_opts_ri;
1261                     p;
1262                     p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1263                        struct route_info *ri = (struct route_info *)p;
1264#ifdef CONFIG_IPV6_NDISC_NODETYPE
1265                        if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1266                            ri->prefix_len == 0)
1267                                continue;
1268#endif
1269                        if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1270                                continue;
1271                        rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3,
1272                                      &ipv6_hdr(skb)->saddr);
1273                }
1274        }
1275
1276skip_routeinfo:
1277#endif
1278
1279#ifdef CONFIG_IPV6_NDISC_NODETYPE
1280        /* skip link-specific ndopts from interior routers */
1281        if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1282                goto out;
1283#endif
1284
1285        if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1286                struct nd_opt_hdr *p;
1287                for (p = ndopts.nd_opts_pi;
1288                     p;
1289                     p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1290                        addrconf_prefix_rcv(skb->dev, (u8 *)p,
1291                                            (p->nd_opt_len) << 3,
1292                                            ndopts.nd_opts_src_lladdr != NULL);
1293                }
1294        }
1295
1296        if (ndopts.nd_opts_mtu) {
1297                __be32 n;
1298                u32 mtu;
1299
1300                memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1301                mtu = ntohl(n);
1302
1303                if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1304                        ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1305                } else if (in6_dev->cnf.mtu6 != mtu) {
1306                        in6_dev->cnf.mtu6 = mtu;
1307
1308                        if (rt)
1309                                dst_metric_set(&rt->dst, RTAX_MTU, mtu);
1310
1311                        rt6_mtu_change(skb->dev, mtu);
1312                }
1313        }
1314
1315        if (ndopts.nd_useropts) {
1316                struct nd_opt_hdr *p;
1317                for (p = ndopts.nd_useropts;
1318                     p;
1319                     p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) {
1320                        ndisc_ra_useropt(skb, p);
1321                }
1322        }
1323
1324        if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1325                ND_PRINTK(2, warn, "RA: invalid RA options\n");
1326        }
1327out:
1328        if (rt)
1329                dst_release(&rt->dst);
1330        if (neigh)
1331                neigh_release(neigh);
1332}
1333
1334static void ndisc_redirect_rcv(struct sk_buff *skb)
1335{
1336        u8 *hdr;
1337        struct ndisc_options ndopts;
1338        struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb);
1339        u32 ndoptlen = skb->tail - (skb->transport_header +
1340                                    offsetof(struct rd_msg, opt));
1341
1342#ifdef CONFIG_IPV6_NDISC_NODETYPE
1343        switch (skb->ndisc_nodetype) {
1344        case NDISC_NODETYPE_HOST:
1345        case NDISC_NODETYPE_NODEFAULT:
1346                ND_PRINTK(2, warn,
1347                          "Redirect: from host or unauthorized router\n");
1348                return;
1349        }
1350#endif
1351
1352        if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1353                ND_PRINTK(2, warn,
1354                          "Redirect: source address is not link-local\n");
1355                return;
1356        }
1357
1358        if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts))
1359                return;
1360
1361        if (!ndopts.nd_opts_rh)
1362                return;
1363
1364        hdr = (u8 *)ndopts.nd_opts_rh;
1365        hdr += 8;
1366        if (!pskb_pull(skb, hdr - skb_transport_header(skb)))
1367                return;
1368
1369        icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1370}
1371
1372void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1373{
1374        struct net_device *dev = skb->dev;
1375        struct net *net = dev_net(dev);
1376        struct sock *sk = net->ipv6.ndisc_sk;
1377        int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1378        struct inet_peer *peer;
1379        struct sk_buff *buff;
1380        struct icmp6hdr *icmph;
1381        struct in6_addr saddr_buf;
1382        struct in6_addr *addrp;
1383        struct rt6_info *rt;
1384        struct dst_entry *dst;
1385        struct inet6_dev *idev;
1386        struct flowi6 fl6;
1387        u8 *opt;
1388        int hlen, tlen;
1389        int rd_len;
1390        int err;
1391        u8 ha_buf[MAX_ADDR_LEN], *ha = NULL;
1392        bool ret;
1393
1394        if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1395                ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1396                          dev->name);
1397                return;
1398        }
1399
1400        if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1401            ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1402                ND_PRINTK(2, warn,
1403                          "Redirect: target address is not link-local unicast\n");
1404                return;
1405        }
1406
1407        icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1408                         &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1409
1410        dst = ip6_route_output(net, NULL, &fl6);
1411        if (dst->error) {
1412                dst_release(dst);
1413                return;
1414        }
1415        dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1416        if (IS_ERR(dst))
1417                return;
1418
1419        rt = (struct rt6_info *) dst;
1420
1421        if (rt->rt6i_flags & RTF_GATEWAY) {
1422                ND_PRINTK(2, warn,
1423                          "Redirect: destination is not a neighbour\n");
1424                goto release;
1425        }
1426        peer = inet_getpeer_v6(net->ipv6.peers, &rt->rt6i_dst.addr, 1);
1427        ret = inet_peer_xrlim_allow(peer, 1*HZ);
1428        if (peer)
1429                inet_putpeer(peer);
1430        if (!ret)
1431                goto release;
1432
1433        if (dev->addr_len) {
1434                struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1435                if (!neigh) {
1436                        ND_PRINTK(2, warn,
1437                                  "Redirect: no neigh for target address\n");
1438                        goto release;
1439                }
1440
1441                read_lock_bh(&neigh->lock);
1442                if (neigh->nud_state & NUD_VALID) {
1443                        memcpy(ha_buf, neigh->ha, dev->addr_len);
1444                        read_unlock_bh(&neigh->lock);
1445                        ha = ha_buf;
1446                        len += ndisc_opt_addr_space(dev);
1447                } else
1448                        read_unlock_bh(&neigh->lock);
1449
1450                neigh_release(neigh);
1451        }
1452
1453        rd_len = min_t(unsigned int,
1454                     IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8);
1455        rd_len &= ~0x7;
1456        len += rd_len;
1457
1458        hlen = LL_RESERVED_SPACE(dev);
1459        tlen = dev->needed_tailroom;
1460        buff = sock_alloc_send_skb(sk,
1461                                   (MAX_HEADER + sizeof(struct ipv6hdr) +
1462                                    len + hlen + tlen),
1463                                   1, &err);
1464        if (buff == NULL) {
1465                ND_PRINTK(0, err,
1466                          "Redirect: %s failed to allocate an skb, err=%d\n",
1467                          __func__, err);
1468                goto release;
1469        }
1470
1471        skb_reserve(buff, hlen);
1472        ip6_nd_hdr(sk, buff, dev, &saddr_buf, &ipv6_hdr(skb)->saddr,
1473                   IPPROTO_ICMPV6, len);
1474
1475        skb_set_transport_header(buff, skb_tail_pointer(buff) - buff->data);
1476        skb_put(buff, len);
1477        icmph = icmp6_hdr(buff);
1478
1479        memset(icmph, 0, sizeof(struct icmp6hdr));
1480        icmph->icmp6_type = NDISC_REDIRECT;
1481
1482        /*
1483         *      copy target and destination addresses
1484         */
1485
1486        addrp = (struct in6_addr *)(icmph + 1);
1487        *addrp = *target;
1488        addrp++;
1489        *addrp = ipv6_hdr(skb)->daddr;
1490
1491        opt = (u8*) (addrp + 1);
1492
1493        /*
1494         *      include target_address option
1495         */
1496
1497        if (ha)
1498                opt = ndisc_fill_addr_option(opt, ND_OPT_TARGET_LL_ADDR, ha,
1499                                             dev->addr_len, dev->type);
1500
1501        /*
1502         *      build redirect option and copy skb over to the new packet.
1503         */
1504
1505        memset(opt, 0, 8);
1506        *(opt++) = ND_OPT_REDIRECT_HDR;
1507        *(opt++) = (rd_len >> 3);
1508        opt += 6;
1509
1510        memcpy(opt, ipv6_hdr(skb), rd_len - 8);
1511
1512        icmph->icmp6_cksum = csum_ipv6_magic(&saddr_buf, &ipv6_hdr(skb)->saddr,
1513                                             len, IPPROTO_ICMPV6,
1514                                             csum_partial(icmph, len, 0));
1515
1516        skb_dst_set(buff, dst);
1517        rcu_read_lock();
1518        idev = __in6_dev_get(dst->dev);
1519        IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
1520        err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, buff, NULL, dst->dev,
1521                      dst_output);
1522        if (!err) {
1523                ICMP6MSGOUT_INC_STATS(net, idev, NDISC_REDIRECT);
1524                ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
1525        }
1526
1527        rcu_read_unlock();
1528        return;
1529
1530release:
1531        dst_release(dst);
1532}
1533
1534static void pndisc_redo(struct sk_buff *skb)
1535{
1536        ndisc_recv_ns(skb);
1537        kfree_skb(skb);
1538}
1539
1540int ndisc_rcv(struct sk_buff *skb)
1541{
1542        struct nd_msg *msg;
1543
1544        if (!pskb_may_pull(skb, skb->len))
1545                return 0;
1546
1547        msg = (struct nd_msg *)skb_transport_header(skb);
1548
1549        __skb_push(skb, skb->data - skb_transport_header(skb));
1550
1551        if (ipv6_hdr(skb)->hop_limit != 255) {
1552                ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1553                          ipv6_hdr(skb)->hop_limit);
1554                return 0;
1555        }
1556
1557        if (msg->icmph.icmp6_code != 0) {
1558                ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1559                          msg->icmph.icmp6_code);
1560                return 0;
1561        }
1562
1563        memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1564
1565        switch (msg->icmph.icmp6_type) {
1566        case NDISC_NEIGHBOUR_SOLICITATION:
1567                ndisc_recv_ns(skb);
1568                break;
1569
1570        case NDISC_NEIGHBOUR_ADVERTISEMENT:
1571                ndisc_recv_na(skb);
1572                break;
1573
1574        case NDISC_ROUTER_SOLICITATION:
1575                ndisc_recv_rs(skb);
1576                break;
1577
1578        case NDISC_ROUTER_ADVERTISEMENT:
1579                ndisc_router_discovery(skb);
1580                break;
1581
1582        case NDISC_REDIRECT:
1583                ndisc_redirect_rcv(skb);
1584                break;
1585        }
1586
1587        return 0;
1588}
1589
1590static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1591{
1592        struct net_device *dev = ptr;
1593        struct net *net = dev_net(dev);
1594
1595        switch (event) {
1596        case NETDEV_CHANGEADDR:
1597                neigh_changeaddr(&nd_tbl, dev);
1598                fib6_run_gc(~0UL, net);
1599                break;
1600        case NETDEV_DOWN:
1601                neigh_ifdown(&nd_tbl, dev);
1602                fib6_run_gc(~0UL, net);
1603                break;
1604        case NETDEV_NOTIFY_PEERS:
1605                ndisc_send_unsol_na(dev);
1606                break;
1607        default:
1608                break;
1609        }
1610
1611        return NOTIFY_DONE;
1612}
1613
1614static struct notifier_block ndisc_netdev_notifier = {
1615        .notifier_call = ndisc_netdev_event,
1616};
1617
1618#ifdef CONFIG_SYSCTL
1619static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1620                                         const char *func, const char *dev_name)
1621{
1622        static char warncomm[TASK_COMM_LEN];
1623        static int warned;
1624        if (strcmp(warncomm, current->comm) && warned < 5) {
1625                strcpy(warncomm, current->comm);
1626                pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1627                        warncomm, func,
1628                        dev_name, ctl->procname,
1629                        dev_name, ctl->procname);
1630                warned++;
1631        }
1632}
1633
1634int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
1635{
1636        struct net_device *dev = ctl->extra1;
1637        struct inet6_dev *idev;
1638        int ret;
1639
1640        if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1641            (strcmp(ctl->procname, "base_reachable_time") == 0))
1642                ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1643
1644        if (strcmp(ctl->procname, "retrans_time") == 0)
1645                ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
1646
1647        else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1648                ret = proc_dointvec_jiffies(ctl, write,
1649                                            buffer, lenp, ppos);
1650
1651        else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1652                 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1653                ret = proc_dointvec_ms_jiffies(ctl, write,
1654                                               buffer, lenp, ppos);
1655        else
1656                ret = -1;
1657
1658        if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1659                if (ctl->data == &idev->nd_parms->base_reachable_time)
1660                        idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time);
1661                idev->tstamp = jiffies;
1662                inet6_ifinfo_notify(RTM_NEWLINK, idev);
1663                in6_dev_put(idev);
1664        }
1665        return ret;
1666}
1667
1668
1669#endif
1670
1671static int __net_init ndisc_net_init(struct net *net)
1672{
1673        struct ipv6_pinfo *np;
1674        struct sock *sk;
1675        int err;
1676
1677        err = inet_ctl_sock_create(&sk, PF_INET6,
1678                                   SOCK_RAW, IPPROTO_ICMPV6, net);
1679        if (err < 0) {
1680                ND_PRINTK(0, err,
1681                          "NDISC: Failed to initialize the control socket (err %d)\n",
1682                          err);
1683                return err;
1684        }
1685
1686        net->ipv6.ndisc_sk = sk;
1687
1688        np = inet6_sk(sk);
1689        np->hop_limit = 255;
1690        /* Do not loopback ndisc messages */
1691        np->mc_loop = 0;
1692
1693        return 0;
1694}
1695
1696static void __net_exit ndisc_net_exit(struct net *net)
1697{
1698        inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1699}
1700
1701static struct pernet_operations ndisc_net_ops = {
1702        .init = ndisc_net_init,
1703        .exit = ndisc_net_exit,
1704};
1705
1706int __init ndisc_init(void)
1707{
1708        int err;
1709
1710        err = register_pernet_subsys(&ndisc_net_ops);
1711        if (err)
1712                return err;
1713        /*
1714         * Initialize the neighbour table
1715         */
1716        neigh_table_init(&nd_tbl);
1717
1718#ifdef CONFIG_SYSCTL
1719        err = neigh_sysctl_register(NULL, &nd_tbl.parms, "ipv6",
1720                                    &ndisc_ifinfo_sysctl_change);
1721        if (err)
1722                goto out_unregister_pernet;
1723#endif
1724        err = register_netdevice_notifier(&ndisc_netdev_notifier);
1725        if (err)
1726                goto out_unregister_sysctl;
1727out:
1728        return err;
1729
1730out_unregister_sysctl:
1731#ifdef CONFIG_SYSCTL
1732        neigh_sysctl_unregister(&nd_tbl.parms);
1733out_unregister_pernet:
1734#endif
1735        unregister_pernet_subsys(&ndisc_net_ops);
1736        goto out;
1737}
1738
1739void ndisc_cleanup(void)
1740{
1741        unregister_netdevice_notifier(&ndisc_netdev_notifier);
1742#ifdef CONFIG_SYSCTL
1743        neigh_sysctl_unregister(&nd_tbl.parms);
1744#endif
1745        neigh_table_clear(&nd_tbl);
1746        unregister_pernet_subsys(&ndisc_net_ops);
1747}
1748
lxr.linux.no kindly hosted by Redpill Linpro AS, provider of Linux consulting and operations services since 1995.