1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30#define ND_DEBUG 1
31
32#define ND_PRINTK(fmt, args...) do { if (net_ratelimit()) { printk(fmt, ## args); } } while(0)
33#define ND_NOPRINTK(x...) do { ; } while(0)
34#define ND_PRINTK0 ND_PRINTK
35#define ND_PRINTK1 ND_NOPRINTK
36#define ND_PRINTK2 ND_NOPRINTK
37#define ND_PRINTK3 ND_NOPRINTK
38#if ND_DEBUG >= 1
39#undef ND_PRINTK1
40#define ND_PRINTK1 ND_PRINTK
41#endif
42#if ND_DEBUG >= 2
43#undef ND_PRINTK2
44#define ND_PRINTK2 ND_PRINTK
45#endif
46#if ND_DEBUG >= 3
47#undef ND_PRINTK3
48#define ND_PRINTK3 ND_PRINTK
49#endif
50
51#include <linux/module.h>
52#include <linux/errno.h>
53#include <linux/types.h>
54#include <linux/socket.h>
55#include <linux/sockios.h>
56#include <linux/sched.h>
57#include <linux/net.h>
58#include <linux/in6.h>
59#include <linux/route.h>
60#include <linux/init.h>
61#include <linux/rcupdate.h>
62#ifdef CONFIG_SYSCTL
63#include <linux/sysctl.h>
64#endif
65
66#include <linux/if_addr.h>
67#include <linux/if_arp.h>
68#include <linux/ipv6.h>
69#include <linux/icmpv6.h>
70#include <linux/jhash.h>
71
72#include <net/sock.h>
73#include <net/snmp.h>
74
75#include <net/ipv6.h>
76#include <net/protocol.h>
77#include <net/ndisc.h>
78#include <net/ip6_route.h>
79#include <net/addrconf.h>
80#include <net/icmp.h>
81
82#include <net/netlink.h>
83#include <linux/rtnetlink.h>
84
85#include <net/flow.h>
86#include <net/ip6_checksum.h>
87#include <linux/proc_fs.h>
88
89#include <linux/netfilter.h>
90#include <linux/netfilter_ipv6.h>
91
92static struct socket *ndisc_socket;
93
94static u32 ndisc_hash(const void *pkey, const struct net_device *dev);
95static int ndisc_constructor(struct neighbour *neigh);
96static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
97static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
98static int pndisc_constructor(struct pneigh_entry *n);
99static void pndisc_destructor(struct pneigh_entry *n);
100static void pndisc_redo(struct sk_buff *skb);
101
102static struct neigh_ops ndisc_generic_ops = {
103 .family = AF_INET6,
104 .solicit = ndisc_solicit,
105 .error_report = ndisc_error_report,
106 .output = neigh_resolve_output,
107 .connected_output = neigh_connected_output,
108 .hh_output = dev_queue_xmit,
109 .queue_xmit = dev_queue_xmit,
110};
111
112static struct neigh_ops ndisc_hh_ops = {
113 .family = AF_INET6,
114 .solicit = ndisc_solicit,
115 .error_report = ndisc_error_report,
116 .output = neigh_resolve_output,
117 .connected_output = neigh_resolve_output,
118 .hh_output = dev_queue_xmit,
119 .queue_xmit = dev_queue_xmit,
120};
121
122
123static struct neigh_ops ndisc_direct_ops = {
124 .family = AF_INET6,
125 .output = dev_queue_xmit,
126 .connected_output = dev_queue_xmit,
127 .hh_output = dev_queue_xmit,
128 .queue_xmit = dev_queue_xmit,
129};
130
131struct neigh_table nd_tbl = {
132 .family = AF_INET6,
133 .entry_size = sizeof(struct neighbour) + sizeof(struct in6_addr),
134 .key_len = sizeof(struct in6_addr),
135 .hash = ndisc_hash,
136 .constructor = ndisc_constructor,
137 .pconstructor = pndisc_constructor,
138 .pdestructor = pndisc_destructor,
139 .proxy_redo = pndisc_redo,
140 .id = "ndisc_cache",
141 .parms = {
142 .tbl = &nd_tbl,
143 .base_reachable_time = 30 * HZ,
144 .retrans_time = 1 * HZ,
145 .gc_staletime = 60 * HZ,
146 .reachable_time = 30 * HZ,
147 .delay_probe_time = 5 * HZ,
148 .queue_len = 3,
149 .ucast_probes = 3,
150 .mcast_probes = 3,
151 .anycast_delay = 1 * HZ,
152 .proxy_delay = (8 * HZ) / 10,
153 .proxy_qlen = 64,
154 },
155 .gc_interval = 30 * HZ,
156 .gc_thresh1 = 128,
157 .gc_thresh2 = 512,
158 .gc_thresh3 = 1024,
159};
160
161
162struct ndisc_options {
163 struct nd_opt_hdr *nd_opt_array[__ND_OPT_ARRAY_MAX];
164#ifdef CONFIG_IPV6_ROUTE_INFO
165 struct nd_opt_hdr *nd_opts_ri;
166 struct nd_opt_hdr *nd_opts_ri_end;
167#endif
168 struct nd_opt_hdr *nd_useropts;
169 struct nd_opt_hdr *nd_useropts_end;
170};
171
172#define nd_opts_src_lladdr nd_opt_array[ND_OPT_SOURCE_LL_ADDR]
173#define nd_opts_tgt_lladdr nd_opt_array[ND_OPT_TARGET_LL_ADDR]
174#define nd_opts_pi nd_opt_array[ND_OPT_PREFIX_INFO]
175#define nd_opts_pi_end nd_opt_array[__ND_OPT_PREFIX_INFO_END]
176#define nd_opts_rh nd_opt_array[ND_OPT_REDIRECT_HDR]
177#define nd_opts_mtu nd_opt_array[ND_OPT_MTU]
178
179#define NDISC_OPT_SPACE(len) (((len)+2+7)&~7)
180
181
182
183
184
185
186
187static int ndisc_addr_option_pad(unsigned short type)
188{
189 switch (type) {
190 case ARPHRD_INFINIBAND: return 2;
191 default: return 0;
192 }
193}
194
195static inline int ndisc_opt_addr_space(struct net_device *dev)
196{
197 return NDISC_OPT_SPACE(dev->addr_len + ndisc_addr_option_pad(dev->type));
198}
199
200static u8 *ndisc_fill_addr_option(u8 *opt, int type, void *data, int data_len,
201 unsigned short addr_type)
202{
203 int space = NDISC_OPT_SPACE(data_len);
204 int pad = ndisc_addr_option_pad(addr_type);
205
206 opt[0] = type;
207 opt[1] = space>>3;
208
209 memset(opt + 2, 0, pad);
210 opt += pad;
211 space -= pad;
212
213 memcpy(opt+2, data, data_len);
214 data_len += 2;
215 opt += data_len;
216 if ((space -= data_len) > 0)
217 memset(opt, 0, space);
218 return opt + space;
219}
220
221static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
222 struct nd_opt_hdr *end)
223{
224 int type;
225 if (!cur || !end || cur >= end)
226 return NULL;
227 type = cur->nd_opt_type;
228 do {
229 cur = ((void *)cur) + (cur->nd_opt_len << 3);
230 } while(cur < end && cur->nd_opt_type != type);
231 return (cur <= end && cur->nd_opt_type == type ? cur : NULL);
232}
233
234static inline int ndisc_is_useropt(struct nd_opt_hdr *opt)
235{
236 return (opt->nd_opt_type == ND_OPT_RDNSS);
237}
238
239static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur,
240 struct nd_opt_hdr *end)
241{
242 if (!cur || !end || cur >= end)
243 return NULL;
244 do {
245 cur = ((void *)cur) + (cur->nd_opt_len << 3);
246 } while(cur < end && !ndisc_is_useropt(cur));
247 return (cur <= end && ndisc_is_useropt(cur) ? cur : NULL);
248}
249
250static struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
251 struct ndisc_options *ndopts)
252{
253 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
254
255 if (!nd_opt || opt_len < 0 || !ndopts)
256 return NULL;
257 memset(ndopts, 0, sizeof(*ndopts));
258 while (opt_len) {
259 int l;
260 if (opt_len < sizeof(struct nd_opt_hdr))
261 return NULL;
262 l = nd_opt->nd_opt_len << 3;
263 if (opt_len < l || l == 0)
264 return NULL;
265 switch (nd_opt->nd_opt_type) {
266 case ND_OPT_SOURCE_LL_ADDR:
267 case ND_OPT_TARGET_LL_ADDR:
268 case ND_OPT_MTU:
269 case ND_OPT_REDIRECT_HDR:
270 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
271 ND_PRINTK2(KERN_WARNING
272 "%s(): duplicated ND6 option found: type=%d\n",
273 __FUNCTION__,
274 nd_opt->nd_opt_type);
275 } else {
276 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
277 }
278 break;
279 case ND_OPT_PREFIX_INFO:
280 ndopts->nd_opts_pi_end = nd_opt;
281 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
282 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
283 break;
284#ifdef CONFIG_IPV6_ROUTE_INFO
285 case ND_OPT_ROUTE_INFO:
286 ndopts->nd_opts_ri_end = nd_opt;
287 if (!ndopts->nd_opts_ri)
288 ndopts->nd_opts_ri = nd_opt;
289 break;
290#endif
291 default:
292 if (ndisc_is_useropt(nd_opt)) {
293 ndopts->nd_useropts_end = nd_opt;
294 if (!ndopts->nd_useropts)
295 ndopts->nd_useropts = nd_opt;
296 } else {
297
298
299
300
301
302 ND_PRINTK2(KERN_NOTICE
303 "%s(): ignored unsupported option; type=%d, len=%d\n",
304 __FUNCTION__,
305 nd_opt->nd_opt_type, nd_opt->nd_opt_len);
306 }
307 }
308 opt_len -= l;
309 nd_opt = ((void *)nd_opt) + l;
310 }
311 return ndopts;
312}
313
314static inline u8 *ndisc_opt_addr_data(struct nd_opt_hdr *p,
315 struct net_device *dev)
316{
317 u8 *lladdr = (u8 *)(p + 1);
318 int lladdrlen = p->nd_opt_len << 3;
319 int prepad = ndisc_addr_option_pad(dev->type);
320 if (lladdrlen != NDISC_OPT_SPACE(dev->addr_len + prepad))
321 return NULL;
322 return (lladdr + prepad);
323}
324
325int ndisc_mc_map(struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
326{
327 switch (dev->type) {
328 case ARPHRD_ETHER:
329 case ARPHRD_IEEE802:
330 case ARPHRD_FDDI:
331 ipv6_eth_mc_map(addr, buf);
332 return 0;
333 case ARPHRD_IEEE802_TR:
334 ipv6_tr_mc_map(addr,buf);
335 return 0;
336 case ARPHRD_ARCNET:
337 ipv6_arcnet_mc_map(addr, buf);
338 return 0;
339 case ARPHRD_INFINIBAND:
340 ipv6_ib_mc_map(addr, buf);
341 return 0;
342 default:
343 if (dir) {
344 memcpy(buf, dev->broadcast, dev->addr_len);
345 return 0;
346 }
347 }
348 return -EINVAL;
349}
350
351EXPORT_SYMBOL(ndisc_mc_map);
352
353static u32 ndisc_hash(const void *pkey, const struct net_device *dev)
354{
355 const u32 *p32 = pkey;
356 u32 addr_hash, i;
357
358 addr_hash = 0;
359 for (i = 0; i < (sizeof(struct in6_addr) / sizeof(u32)); i++)
360 addr_hash ^= *p32++;
361
362 return jhash_2words(addr_hash, dev->ifindex, nd_tbl.hash_rnd);
363}
364
365static int ndisc_constructor(struct neighbour *neigh)
366{
367 struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key;
368 struct net_device *dev = neigh->dev;
369 struct inet6_dev *in6_dev;
370 struct neigh_parms *parms;
371 int is_multicast = ipv6_addr_is_multicast(addr);
372
373 rcu_read_lock();
374 in6_dev = in6_dev_get(dev);
375 if (in6_dev == NULL) {
376 rcu_read_unlock();
377 return -EINVAL;
378 }
379
380 parms = in6_dev->nd_parms;
381 __neigh_parms_put(neigh->parms);
382 neigh->parms = neigh_parms_clone(parms);
383 rcu_read_unlock();
384
385 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
386 if (!dev->header_ops) {
387 neigh->nud_state = NUD_NOARP;
388 neigh->ops = &ndisc_direct_ops;
389 neigh->output = neigh->ops->queue_xmit;
390 } else {
391 if (is_multicast) {
392 neigh->nud_state = NUD_NOARP;
393 ndisc_mc_map(addr, neigh->ha, dev, 1);
394 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
395 neigh->nud_state = NUD_NOARP;
396 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
397 if (dev->flags&IFF_LOOPBACK)
398 neigh->type = RTN_LOCAL;
399 } else if (dev->flags&IFF_POINTOPOINT) {
400 neigh->nud_state = NUD_NOARP;
401 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
402 }
403 if (dev->header_ops->cache)
404 neigh->ops = &ndisc_hh_ops;
405 else
406 neigh->ops = &ndisc_generic_ops;
407 if (neigh->nud_state&NUD_VALID)
408 neigh->output = neigh->ops->connected_output;
409 else
410 neigh->output = neigh->ops->output;
411 }
412 in6_dev_put(in6_dev);
413 return 0;
414}
415
416static int pndisc_constructor(struct pneigh_entry *n)
417{
418 struct in6_addr *addr = (struct in6_addr*)&n->key;
419 struct in6_addr maddr;
420 struct net_device *dev = n->dev;
421
422 if (dev == NULL || __in6_dev_get(dev) == NULL)
423 return -EINVAL;
424 addrconf_addr_solict_mult(addr, &maddr);
425 ipv6_dev_mc_inc(dev, &maddr);
426 return 0;
427}
428
429static void pndisc_destructor(struct pneigh_entry *n)
430{
431 struct in6_addr *addr = (struct in6_addr*)&n->key;
432 struct in6_addr maddr;
433 struct net_device *dev = n->dev;
434
435 if (dev == NULL || __in6_dev_get(dev) == NULL)
436 return;
437 addrconf_addr_solict_mult(addr, &maddr);
438 ipv6_dev_mc_dec(dev, &maddr);
439}
440
441
442
443
444
445static inline void ndisc_flow_init(struct flowi *fl, u8 type,
446 struct in6_addr *saddr, struct in6_addr *daddr,
447 int oif)
448{
449 memset(fl, 0, sizeof(*fl));
450 ipv6_addr_copy(&fl->fl6_src, saddr);
451 ipv6_addr_copy(&fl->fl6_dst, daddr);
452 fl->proto = IPPROTO_ICMPV6;
453 fl->fl_icmp_type = type;
454 fl->fl_icmp_code = 0;
455 fl->oif = oif;
456 security_sk_classify_flow(ndisc_socket->sk, fl);
457}
458
459static void __ndisc_send(struct net_device *dev,
460 struct neighbour *neigh,
461 struct in6_addr *daddr, struct in6_addr *saddr,
462 struct icmp6hdr *icmp6h, struct in6_addr *target,
463 int llinfo)
464{
465 struct flowi fl;
466 struct dst_entry *dst;
467 struct sock *sk = ndisc_socket->sk;
468 struct sk_buff *skb;
469 struct icmp6hdr *hdr;
470 struct inet6_dev *idev;
471 int len;
472 int err;
473 u8 *opt, type;
474
475 type = icmp6h->icmp6_type;
476
477 ndisc_flow_init(&fl, type, saddr, daddr,
478 dev->ifindex);
479
480 dst = ndisc_dst_alloc(dev, neigh, daddr, ip6_output);
481 if (!dst)
482 return;
483
484 err = xfrm_lookup(&dst, &fl, NULL, 0);
485 if (err < 0)
486 return;
487
488 if (!dev->addr_len)
489 llinfo = 0;
490
491 len = sizeof(struct icmp6hdr) + (target ? sizeof(*target) : 0);
492 if (llinfo)
493 len += ndisc_opt_addr_space(dev);
494
495 skb = sock_alloc_send_skb(sk,
496 (MAX_HEADER + sizeof(struct ipv6hdr) +
497 len + LL_RESERVED_SPACE(dev)),
498 1, &err);
499 if (!skb) {
500 ND_PRINTK0(KERN_ERR
501 "ICMPv6 ND: %s() failed to allocate an skb.\n",
502 __FUNCTION__);
503 dst_release(dst);
504 return;
505 }
506
507 skb_reserve(skb, LL_RESERVED_SPACE(dev));
508 ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len);
509
510 skb->transport_header = skb->tail;
511 skb_put(skb, len);
512
513 hdr = (struct icmp6hdr *)skb_transport_header(skb);
514 memcpy(hdr, icmp6h, sizeof(*hdr));
515
516 opt = skb_transport_header(skb) + sizeof(struct icmp6hdr);
517 if (target) {
518 ipv6_addr_copy((struct in6_addr *)opt, target);
519 opt += sizeof(*target);
520 }
521
522 if (llinfo)
523 ndisc_fill_addr_option(opt, llinfo, dev->dev_addr,
524 dev->addr_len, dev->type);
525
526 hdr->icmp6_cksum = csum_ipv6_magic(saddr, daddr, len,
527 IPPROTO_ICMPV6,
528 csum_partial((__u8 *) hdr,
529 len, 0));
530
531 skb->dst = dst;
532
533 idev = in6_dev_get(dst->dev);
534 IP6_INC_STATS(idev, IPSTATS_MIB_OUTREQUESTS);
535
536 err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, dst_output);
537 if (!err) {
538 ICMP6MSGOUT_INC_STATS(idev, type);
539 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS);
540 }
541
542 if (likely(idev != NULL))
543 in6_dev_put(idev);
544}
545
546static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
547 struct in6_addr *daddr, struct in6_addr *solicited_addr,
548 int router, int solicited, int override, int inc_opt)
549{
550 struct in6_addr tmpaddr;
551 struct inet6_ifaddr *ifp;
552 struct in6_addr *src_addr;
553 struct icmp6hdr icmp6h = {
554 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
555 };
556
557
558 ifp = ipv6_get_ifaddr(solicited_addr, dev, 1);
559 if (ifp) {
560 src_addr = solicited_addr;
561 if (ifp->flags & IFA_F_OPTIMISTIC)
562 override = 0;
563 in6_ifa_put(ifp);
564 } else {
565 if (ipv6_dev_get_saddr(dev, daddr, &tmpaddr))
566 return;
567 src_addr = &tmpaddr;
568 }
569
570 icmp6h.icmp6_router = router;
571 icmp6h.icmp6_solicited = solicited;
572 icmp6h.icmp6_override = override;
573
574 __ndisc_send(dev, neigh, daddr, src_addr,
575 &icmp6h, solicited_addr,
576 inc_opt ? ND_OPT_TARGET_LL_ADDR : 0);
577}
578
579void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh,
580 struct in6_addr *solicit,
581 struct in6_addr *daddr, struct in6_addr *saddr)
582{
583 struct in6_addr addr_buf;
584 struct icmp6hdr icmp6h = {
585 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
586 };
587
588 if (saddr == NULL) {
589 if (ipv6_get_lladdr(dev, &addr_buf,
590 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
591 return;
592 saddr = &addr_buf;
593 }
594
595 __ndisc_send(dev, neigh, daddr, saddr,
596 &icmp6h, solicit,
597 !ipv6_addr_any(saddr) ? ND_OPT_SOURCE_LL_ADDR : 0);
598}
599
600void ndisc_send_rs(struct net_device *dev, struct in6_addr *saddr,
601 struct in6_addr *daddr)
602{
603 struct icmp6hdr icmp6h = {
604 .icmp6_type = NDISC_ROUTER_SOLICITATION,
605 };
606 int send_sllao = dev->addr_len;
607
608#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
609
610
611
612
613
614
615
616
617 if (send_sllao) {
618 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(saddr, dev, 1);
619 if (ifp) {
620 if (ifp->flags & IFA_F_OPTIMISTIC) {
621 send_sllao = 0;
622 }
623 in6_ifa_put(ifp);
624 } else {
625 send_sllao = 0;
626 }
627 }
628#endif
629 __ndisc_send(dev, NULL, daddr, saddr,
630 &icmp6h, NULL,
631 send_sllao ? ND_OPT_SOURCE_LL_ADDR : 0);
632}
633
634
635static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
636{
637
638
639
640
641 dst_link_failure(skb);
642 kfree_skb(skb);
643}
644
645
646
647static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
648{
649 struct in6_addr *saddr = NULL;
650 struct in6_addr mcaddr;
651 struct net_device *dev = neigh->dev;
652 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
653 int probes = atomic_read(&neigh->probes);
654
655 if (skb && ipv6_chk_addr(&ipv6_hdr(skb)->saddr, dev, 1))
656 saddr = &ipv6_hdr(skb)->saddr;
657
658 if ((probes -= neigh->parms->ucast_probes) < 0) {
659 if (!(neigh->nud_state & NUD_VALID)) {
660 ND_PRINTK1(KERN_DEBUG
661 "%s(): trying to ucast probe in NUD_INVALID: "
662 NIP6_FMT "\n",
663 __FUNCTION__,
664 NIP6(*target));
665 }
666 ndisc_send_ns(dev, neigh, target, target, saddr);
667 } else if ((probes -= neigh->parms->app_probes) < 0) {
668#ifdef CONFIG_ARPD
669 neigh_app_ns(neigh);
670#endif
671 } else {
672 addrconf_addr_solict_mult(target, &mcaddr);
673 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr);
674 }
675}
676
677static void ndisc_recv_ns(struct sk_buff *skb)
678{
679 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
680 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
681 struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
682 u8 *lladdr = NULL;
683 u32 ndoptlen = skb->tail - (skb->transport_header +
684 offsetof(struct nd_msg, opt));
685 struct ndisc_options ndopts;
686 struct net_device *dev = skb->dev;
687 struct inet6_ifaddr *ifp;
688 struct inet6_dev *idev = NULL;
689 struct neighbour *neigh;
690 struct pneigh_entry *pneigh = NULL;
691 int dad = ipv6_addr_any(saddr);
692 int inc;
693 int is_router;
694
695 if (ipv6_addr_is_multicast(&msg->target)) {
696 ND_PRINTK2(KERN_WARNING
697 "ICMPv6 NS: multicast target address");
698 return;
699 }
700
701
702
703
704
705 if (dad &&
706 !(daddr->s6_addr32[0] == htonl(0xff020000) &&
707 daddr->s6_addr32[1] == htonl(0x00000000) &&
708 daddr->s6_addr32[2] == htonl(0x00000001) &&
709 daddr->s6_addr [12] == 0xff )) {
710 ND_PRINTK2(KERN_WARNING
711 "ICMPv6 NS: bad DAD packet (wrong destination)\n");
712 return;
713 }
714
715 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
716 ND_PRINTK2(KERN_WARNING
717 "ICMPv6 NS: invalid ND options\n");
718 return;
719 }
720
721 if (ndopts.nd_opts_src_lladdr) {
722 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
723 if (!lladdr) {
724 ND_PRINTK2(KERN_WARNING
725 "ICMPv6 NS: invalid link-layer address length\n");
726 return;
727 }
728
729
730
731
732
733
734 if (dad) {
735 ND_PRINTK2(KERN_WARNING
736 "ICMPv6 NS: bad DAD packet (link-layer address option)\n");
737 return;
738 }
739 }
740
741 inc = ipv6_addr_is_multicast(daddr);
742
743 if ((ifp = ipv6_get_ifaddr(&msg->target, dev, 1)) != NULL) {
744
745 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
746 if (dad) {
747 if (dev->type == ARPHRD_IEEE802_TR) {
748 const unsigned char *sadr;
749 sadr = skb_mac_header(skb);
750 if (((sadr[8] ^ dev->dev_addr[0]) & 0x7f) == 0 &&
751 sadr[9] == dev->dev_addr[1] &&
752 sadr[10] == dev->dev_addr[2] &&
753 sadr[11] == dev->dev_addr[3] &&
754 sadr[12] == dev->dev_addr[4] &&
755 sadr[13] == dev->dev_addr[5]) {
756
757 goto out;
758 }
759 }
760
761
762
763
764
765
766 addrconf_dad_failure(ifp);
767 return;
768 } else {
769
770
771
772
773
774
775 if (!(ifp->flags & IFA_F_OPTIMISTIC))
776 goto out;
777 }
778 }
779
780 idev = ifp->idev;
781 } else {
782 idev = in6_dev_get(dev);
783 if (!idev) {
784
785 return;
786 }
787
788 if (ipv6_chk_acast_addr(dev, &msg->target) ||
789 (idev->cnf.forwarding &&
790 (ipv6_devconf.proxy_ndp || idev->cnf.proxy_ndp) &&
791 (pneigh = pneigh_lookup(&nd_tbl,
792 &msg->target, dev, 0)) != NULL)) {
793 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
794 skb->pkt_type != PACKET_HOST &&
795 inc != 0 &&
796 idev->nd_parms->proxy_delay != 0) {
797
798
799
800
801
802
803
804 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
805 if (n)
806 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
807 goto out;
808 }
809 } else
810 goto out;
811 }
812
813 is_router = !!(pneigh ? pneigh->flags & NTF_ROUTER : idev->cnf.forwarding);
814
815 if (dad) {
816 struct in6_addr maddr;
817
818 ipv6_addr_all_nodes(&maddr);
819 ndisc_send_na(dev, NULL, &maddr, &msg->target,
820 is_router, 0, (ifp != NULL), 1);
821 goto out;
822 }
823
824 if (inc)
825 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
826 else
827 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
828
829
830
831
832
833 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
834 !inc || lladdr || !dev->addr_len);
835 if (neigh)
836 neigh_update(neigh, lladdr, NUD_STALE,
837 NEIGH_UPDATE_F_WEAK_OVERRIDE|
838 NEIGH_UPDATE_F_OVERRIDE);
839 if (neigh || !dev->header_ops) {
840 ndisc_send_na(dev, neigh, saddr, &msg->target,
841 is_router,
842 1, (ifp != NULL && inc), inc);
843 if (neigh)
844 neigh_release(neigh);
845 }
846
847out:
848 if (ifp)
849 in6_ifa_put(ifp);
850 else
851 in6_dev_put(idev);
852
853 return;
854}
855
856static void ndisc_recv_na(struct sk_buff *skb)
857{
858 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
859 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
860 struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
861 u8 *lladdr = NULL;
862 u32 ndoptlen = skb->tail - (skb->transport_header +
863 offsetof(struct nd_msg, opt));
864 struct ndisc_options ndopts;
865 struct net_device *dev = skb->dev;
866 struct inet6_ifaddr *ifp;
867 struct neighbour *neigh;
868
869 if (skb->len < sizeof(struct nd_msg)) {
870 ND_PRINTK2(KERN_WARNING
871 "ICMPv6 NA: packet too short\n");
872 return;
873 }
874
875 if (ipv6_addr_is_multicast(&msg->target)) {
876 ND_PRINTK2(KERN_WARNING
877 "ICMPv6 NA: target address is multicast.\n");
878 return;
879 }
880
881 if (ipv6_addr_is_multicast(daddr) &&
882 msg->icmph.icmp6_solicited) {
883 ND_PRINTK2(KERN_WARNING
884 "ICMPv6 NA: solicited NA is multicasted.\n");
885 return;
886 }
887
888 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
889 ND_PRINTK2(KERN_WARNING
890 "ICMPv6 NS: invalid ND option\n");
891 return;
892 }
893 if (ndopts.nd_opts_tgt_lladdr) {
894 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
895 if (!lladdr) {
896 ND_PRINTK2(KERN_WARNING
897 "ICMPv6 NA: invalid link-layer address length\n");
898 return;
899 }
900 }
901 if ((ifp = ipv6_get_ifaddr(&msg->target, dev, 1))) {
902 if (ifp->flags & IFA_F_TENTATIVE) {
903 addrconf_dad_failure(ifp);
904 return;
905 }
906
907
908
909
910
911 ND_PRINTK1(KERN_WARNING
912 "ICMPv6 NA: someone advertises our address on %s!\n",
913 ifp->idev->dev->name);
914 in6_ifa_put(ifp);
915 return;
916 }
917 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
918
919 if (neigh) {
920 u8 old_flags = neigh->flags;
921
922 if (neigh->nud_state & NUD_FAILED)
923 goto out;
924
925
926
927
928
929
930 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
931 ipv6_devconf.forwarding && ipv6_devconf.proxy_ndp &&
932 pneigh_lookup(&nd_tbl, &msg->target, dev, 0)) {
933
934 goto out;
935 }
936
937 neigh_update(neigh, lladdr,
938 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
939 NEIGH_UPDATE_F_WEAK_OVERRIDE|
940 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
941 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
942 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0));
943
944 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
945
946
947
948 struct rt6_info *rt;
949 rt = rt6_get_dflt_router(saddr, dev);
950 if (rt)
951 ip6_del_rt(rt);
952 }
953
954out:
955 neigh_release(neigh);
956 }
957}
958
959static void ndisc_recv_rs(struct sk_buff *skb)
960{
961 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
962 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
963 struct neighbour *neigh;
964 struct inet6_dev *idev;
965 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
966 struct ndisc_options ndopts;
967 u8 *lladdr = NULL;
968
969 if (skb->len < sizeof(*rs_msg))
970 return;
971
972 idev = in6_dev_get(skb->dev);
973 if (!idev) {
974 if (net_ratelimit())
975 ND_PRINTK1("ICMP6 RS: can't find in6 device\n");
976 return;
977 }
978
979
980 if (!idev->cnf.forwarding)
981 goto out;
982
983
984
985
986
987 if (ipv6_addr_any(saddr))
988 goto out;
989
990
991 if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) {
992 if (net_ratelimit())
993 ND_PRINTK2("ICMP6 NS: invalid ND option, ignored\n");
994 goto out;
995 }
996
997 if (ndopts.nd_opts_src_lladdr) {
998 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
999 skb->dev);
1000 if (!lladdr)
1001 goto out;
1002 }
1003
1004 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1005 if (neigh) {
1006 neigh_update(neigh, lladdr, NUD_STALE,
1007 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1008 NEIGH_UPDATE_F_OVERRIDE|
1009 NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
1010 neigh_release(neigh);
1011 }
1012out:
1013 in6_dev_put(idev);
1014}
1015
1016static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1017{
1018 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1019 struct sk_buff *skb;
1020 struct nlmsghdr *nlh;
1021 struct nduseroptmsg *ndmsg;
1022 int err;
1023 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1024 + (opt->nd_opt_len << 3));
1025 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1026
1027 skb = nlmsg_new(msg_size, GFP_ATOMIC);
1028 if (skb == NULL) {
1029 err = -ENOBUFS;
1030 goto errout;
1031 }
1032
1033 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1034 if (nlh == NULL) {
1035 goto nla_put_failure;
1036 }
1037
1038 ndmsg = nlmsg_data(nlh);
1039 ndmsg->nduseropt_family = AF_INET6;
1040 ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1041 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1042 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1043 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1044
1045 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1046
1047 NLA_PUT(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr),
1048 &ipv6_hdr(ra)->saddr);
1049 nlmsg_end(skb, nlh);
1050
1051 err = rtnl_notify(skb, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1052 if (err < 0)
1053 goto errout;
1054
1055 return;
1056
1057nla_put_failure:
1058 nlmsg_free(skb);
1059 err = -EMSGSIZE;
1060errout:
1061 rtnl_set_sk_err(RTNLGRP_ND_USEROPT, err);
1062}
1063
1064static void ndisc_router_discovery(struct sk_buff *skb)
1065{
1066 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1067 struct neighbour *neigh = NULL;
1068 struct inet6_dev *in6_dev;
1069 struct rt6_info *rt = NULL;
1070 int lifetime;
1071 struct ndisc_options ndopts;
1072 int optlen;
1073 unsigned int pref = 0;
1074
1075 __u8 * opt = (__u8 *)(ra_msg + 1);
1076
1077 optlen = (skb->tail - skb->transport_header) - sizeof(struct ra_msg);
1078
1079 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1080 ND_PRINTK2(KERN_WARNING
1081 "ICMPv6 RA: source address is not link-local.\n");
1082 return;
1083 }
1084 if (optlen < 0) {
1085 ND_PRINTK2(KERN_WARNING
1086 "ICMPv6 RA: packet too short\n");
1087 return;
1088 }
1089
1090
1091
1092
1093
1094 in6_dev = in6_dev_get(skb->dev);
1095 if (in6_dev == NULL) {
1096 ND_PRINTK0(KERN_ERR
1097 "ICMPv6 RA: can't find inet6 device for %s.\n",
1098 skb->dev->name);
1099 return;
1100 }
1101 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_ra) {
1102 in6_dev_put(in6_dev);
1103 return;
1104 }
1105
1106 if (!ndisc_parse_options(opt, optlen, &ndopts)) {
1107 in6_dev_put(in6_dev);
1108 ND_PRINTK2(KERN_WARNING
1109 "ICMP6 RA: invalid ND options\n");
1110 return;
1111 }
1112
1113 if (in6_dev->if_flags & IF_RS_SENT) {
1114
1115
1116
1117
1118 in6_dev->if_flags |= IF_RA_RCVD;
1119 }
1120
1121
1122
1123
1124
1125 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1126 IF_RA_OTHERCONF)) |
1127 (ra_msg->icmph.icmp6_addrconf_managed ?
1128 IF_RA_MANAGED : 0) |
1129 (ra_msg->icmph.icmp6_addrconf_other ?
1130 IF_RA_OTHERCONF : 0);
1131
1132 if (!in6_dev->cnf.accept_ra_defrtr)
1133 goto skip_defrtr;
1134
1135 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1136
1137#ifdef CONFIG_IPV6_ROUTER_PREF
1138 pref = ra_msg->icmph.icmp6_router_pref;
1139
1140 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1141 !in6_dev->cnf.accept_ra_rtr_pref)
1142 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1143#endif
1144
1145 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1146
1147 if (rt)
1148 neigh = rt->rt6i_nexthop;
1149
1150 if (rt && lifetime == 0) {
1151 neigh_clone(neigh);
1152 ip6_del_rt(rt);
1153 rt = NULL;
1154 }
1155
1156 if (rt == NULL && lifetime) {
1157 ND_PRINTK3(KERN_DEBUG
1158 "ICMPv6 RA: adding default router.\n");
1159
1160 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
1161 if (rt == NULL) {
1162 ND_PRINTK0(KERN_ERR
1163 "ICMPv6 RA: %s() failed to add default route.\n",
1164 __FUNCTION__);
1165 in6_dev_put(in6_dev);
1166 return;
1167 }
1168
1169 neigh = rt->rt6i_nexthop;
1170 if (neigh == NULL) {
1171 ND_PRINTK0(KERN_ERR
1172 "ICMPv6 RA: %s() got default router without neighbour.\n",
1173 __FUNCTION__);
1174 dst_release(&rt->u.dst);
1175 in6_dev_put(in6_dev);
1176 return;
1177 }
1178 neigh->flags |= NTF_ROUTER;
1179 } else if (rt) {
1180 rt->rt6i_flags |= (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1181 }
1182
1183 if (rt)
1184 rt->rt6i_expires = jiffies + (HZ * lifetime);
1185
1186 if (ra_msg->icmph.icmp6_hop_limit) {
1187 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1188 if (rt)
1189 rt->u.dst.metrics[RTAX_HOPLIMIT-1] = ra_msg->icmph.icmp6_hop_limit;
1190 }
1191
1192skip_defrtr:
1193
1194
1195
1196
1197
1198 if (in6_dev->nd_parms) {
1199 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1200
1201 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1202 rtime = (rtime*HZ)/1000;
1203 if (rtime < HZ/10)
1204 rtime = HZ/10;
1205 in6_dev->nd_parms->retrans_time = rtime;
1206 in6_dev->tstamp = jiffies;
1207 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1208 }
1209
1210 rtime = ntohl(ra_msg->reachable_time);
1211 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1212 rtime = (rtime*HZ)/1000;
1213
1214 if (rtime < HZ/10)
1215 rtime = HZ/10;
1216
1217 if (rtime != in6_dev->nd_parms->base_reachable_time) {
1218 in6_dev->nd_parms->base_reachable_time = rtime;
1219 in6_dev->nd_parms->gc_staletime = 3 * rtime;
1220 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1221 in6_dev->tstamp = jiffies;
1222 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1223 }
1224 }
1225 }
1226
1227
1228
1229
1230
1231 if (!neigh)
1232 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1233 skb->dev, 1);
1234 if (neigh) {
1235 u8 *lladdr = NULL;
1236 if (ndopts.nd_opts_src_lladdr) {
1237 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1238 skb->dev);
1239 if (!lladdr) {
1240 ND_PRINTK2(KERN_WARNING
1241 "ICMPv6 RA: invalid link-layer address length\n");
1242 goto out;
1243 }
1244 }
1245 neigh_update(neigh, lladdr, NUD_STALE,
1246 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1247 NEIGH_UPDATE_F_OVERRIDE|
1248 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1249 NEIGH_UPDATE_F_ISROUTER);
1250 }
1251
1252#ifdef CONFIG_IPV6_ROUTE_INFO
1253 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1254 struct nd_opt_hdr *p;
1255 for (p = ndopts.nd_opts_ri;
1256 p;
1257 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1258 if (((struct route_info *)p)->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1259 continue;
1260 rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3,
1261 &ipv6_hdr(skb)->saddr);
1262 }
1263 }
1264#endif
1265
1266 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1267 struct nd_opt_hdr *p;
1268 for (p = ndopts.nd_opts_pi;
1269 p;
1270 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1271 addrconf_prefix_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3);
1272 }
1273 }
1274
1275 if (ndopts.nd_opts_mtu) {
1276 __be32 n;
1277 u32 mtu;
1278
1279 memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1280 mtu = ntohl(n);
1281
1282 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1283 ND_PRINTK2(KERN_WARNING
1284 "ICMPv6 RA: invalid mtu: %d\n",
1285 mtu);
1286 } else if (in6_dev->cnf.mtu6 != mtu) {
1287 in6_dev->cnf.mtu6 = mtu;
1288
1289 if (rt)
1290 rt->u.dst.metrics[RTAX_MTU-1] = mtu;
1291
1292 rt6_mtu_change(skb->dev, mtu);
1293 }
1294 }
1295
1296 if (ndopts.nd_useropts) {
1297 struct nd_opt_hdr *opt;
1298 for (opt = ndopts.nd_useropts;
1299 opt;
1300 opt = ndisc_next_useropt(opt, ndopts.nd_useropts_end)) {
1301 ndisc_ra_useropt(skb, opt);
1302 }
1303 }
1304
1305 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1306 ND_PRINTK2(KERN_WARNING
1307 "ICMPv6 RA: invalid RA options");
1308 }
1309out:
1310 if (rt)
1311 dst_release(&rt->u.dst);
1312 else if (neigh)
1313 neigh_release(neigh);
1314 in6_dev_put(in6_dev);
1315}
1316
1317static void ndisc_redirect_rcv(struct sk_buff *skb)
1318{
1319 struct inet6_dev *in6_dev;
1320 struct icmp6hdr *icmph;
1321 struct in6_addr *dest;
1322 struct in6_addr *target;
1323 struct neighbour *neigh;
1324 int on_link = 0;
1325 struct ndisc_options ndopts;
1326 int optlen;
1327 u8 *lladdr = NULL;
1328
1329 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1330 ND_PRINTK2(KERN_WARNING
1331 "ICMPv6 Redirect: source address is not link-local.\n");
1332 return;
1333 }
1334
1335 optlen = skb->tail - skb->transport_header;
1336 optlen -= sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1337
1338 if (optlen < 0) {
1339 ND_PRINTK2(KERN_WARNING
1340 "ICMPv6 Redirect: packet too short\n");
1341 return;
1342 }
1343
1344 icmph = icmp6_hdr(skb);
1345 target = (struct in6_addr *) (icmph + 1);
1346 dest = target + 1;
1347
1348 if (ipv6_addr_is_multicast(dest)) {
1349 ND_PRINTK2(KERN_WARNING
1350 "ICMPv6 Redirect: destination address is multicast.\n");
1351 return;
1352 }
1353
1354 if (ipv6_addr_equal(dest, target)) {
1355 on_link = 1;
1356 } else if (ipv6_addr_type(target) !=
1357 (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1358 ND_PRINTK2(KERN_WARNING
1359 "ICMPv6 Redirect: target address is not link-local unicast.\n");
1360 return;
1361 }
1362
1363 in6_dev = in6_dev_get(skb->dev);
1364 if (!in6_dev)
1365 return;
1366 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects) {
1367 in6_dev_put(in6_dev);
1368 return;
1369 }
1370
1371
1372
1373
1374
1375
1376 if (!ndisc_parse_options((u8*)(dest + 1), optlen, &ndopts)) {
1377 ND_PRINTK2(KERN_WARNING
1378 "ICMPv6 Redirect: invalid ND options\n");
1379 in6_dev_put(in6_dev);
1380 return;
1381 }
1382 if (ndopts.nd_opts_tgt_lladdr) {
1383 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr,
1384 skb->dev);
1385 if (!lladdr) {
1386 ND_PRINTK2(KERN_WARNING
1387 "ICMPv6 Redirect: invalid link-layer address length\n");
1388 in6_dev_put(in6_dev);
1389 return;
1390 }
1391 }
1392
1393 neigh = __neigh_lookup(&nd_tbl, target, skb->dev, 1);
1394 if (neigh) {
1395 rt6_redirect(dest, &ipv6_hdr(skb)->daddr,
1396 &ipv6_hdr(skb)->saddr, neigh, lladdr,
1397 on_link);
1398 neigh_release(neigh);
1399 }
1400 in6_dev_put(in6_dev);
1401}
1402
1403void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh,
1404 struct in6_addr *target)
1405{
1406 struct sock *sk = ndisc_socket->sk;
1407 int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1408 struct sk_buff *buff;
1409 struct icmp6hdr *icmph;
1410 struct in6_addr saddr_buf;
1411 struct in6_addr *addrp;
1412 struct net_device *dev;
1413 struct rt6_info *rt;
1414 struct dst_entry *dst;
1415 struct inet6_dev *idev;
1416 struct flowi fl;
1417 u8 *opt;
1418 int rd_len;
1419 int err;
1420 int hlen;
1421 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL;
1422
1423 dev = skb->dev;
1424
1425 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1426 ND_PRINTK2(KERN_WARNING
1427 "ICMPv6 Redirect: no link-local address on %s\n",
1428 dev->name);
1429 return;
1430 }
1431
1432 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1433 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1434 ND_PRINTK2(KERN_WARNING
1435 "ICMPv6 Redirect: target address is not link-local unicast.\n");
1436 return;
1437 }
1438
1439 ndisc_flow_init(&fl, NDISC_REDIRECT, &saddr_buf, &ipv6_hdr(skb)->saddr,
1440 dev->ifindex);
1441
1442 dst = ip6_route_output(NULL, &fl);
1443 if (dst == NULL)
1444 return;
1445
1446 err = xfrm_lookup(&dst, &fl, NULL, 0);
1447 if (err)
1448 return;
1449
1450 rt = (struct rt6_info *) dst;
1451
1452 if (rt->rt6i_flags & RTF_GATEWAY) {
1453 ND_PRINTK2(KERN_WARNING
1454 "ICMPv6 Redirect: destination is not a neighbour.\n");
1455 dst_release(dst);
1456 return;
1457 }
1458 if (!xrlim_allow(dst, 1*HZ)) {
1459 dst_release(dst);
1460 return;
1461 }
1462
1463 if (dev->addr_len) {
1464 read_lock_bh(&neigh->lock);
1465 if (neigh->nud_state & NUD_VALID) {
1466 memcpy(ha_buf, neigh->ha, dev->addr_len);
1467 read_unlock_bh(&neigh->lock);
1468 ha = ha_buf;
1469 len += ndisc_opt_addr_space(dev);
1470 } else
1471 read_unlock_bh(&neigh->lock);
1472 }
1473
1474 rd_len = min_t(unsigned int,
1475 IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8);
1476 rd_len &= ~0x7;
1477 len += rd_len;
1478
1479 buff = sock_alloc_send_skb(sk,
1480 (MAX_HEADER + sizeof(struct ipv6hdr) +
1481 len + LL_RESERVED_SPACE(dev)),
1482 1, &err);
1483 if (buff == NULL) {
1484 ND_PRINTK0(KERN_ERR
1485 "ICMPv6 Redirect: %s() failed to allocate an skb.\n",
1486 __FUNCTION__);
1487 dst_release(dst);
1488 return;
1489 }
1490
1491 hlen = 0;
1492
1493 skb_reserve(buff, LL_RESERVED_SPACE(dev));
1494 ip6_nd_hdr(sk, buff, dev, &saddr_buf, &ipv6_hdr(skb)->saddr,
1495 IPPROTO_ICMPV6, len);
1496
1497 skb_set_transport_header(buff, skb_tail_pointer(buff) - buff->data);
1498 skb_put(buff, len);
1499 icmph = icmp6_hdr(buff);
1500
1501 memset(icmph, 0, sizeof(struct icmp6hdr));
1502 icmph->icmp6_type = NDISC_REDIRECT;
1503
1504
1505
1506
1507
1508 addrp = (struct in6_addr *)(icmph + 1);
1509 ipv6_addr_copy(addrp, target);
1510 addrp++;
1511 ipv6_addr_copy(addrp, &ipv6_hdr(skb)->daddr);
1512
1513 opt = (u8*) (addrp + 1);
1514
1515
1516
1517
1518
1519 if (ha)
1520 opt = ndisc_fill_addr_option(opt, ND_OPT_TARGET_LL_ADDR, ha,
1521 dev->addr_len, dev->type);
1522
1523
1524
1525
1526
1527 memset(opt, 0, 8);
1528 *(opt++) = ND_OPT_REDIRECT_HDR;
1529 *(opt++) = (rd_len >> 3);
1530 opt += 6;
1531
1532 memcpy(opt, ipv6_hdr(skb), rd_len - 8);
1533
1534 icmph->icmp6_cksum = csum_ipv6_magic(&saddr_buf, &ipv6_hdr(skb)->saddr,
1535 len, IPPROTO_ICMPV6,
1536 csum_partial((u8 *) icmph, len, 0));
1537
1538 buff->dst = dst;
1539 idev = in6_dev_get(dst->dev);
1540 IP6_INC_STATS(idev, IPSTATS_MIB_OUTREQUESTS);
1541 err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, buff, NULL, dst->dev, dst_output);
1542 if (!err) {
1543 ICMP6MSGOUT_INC_STATS(idev, NDISC_REDIRECT);
1544 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS);
1545 }
1546
1547 if (likely(idev != NULL))
1548 in6_dev_put(idev);
1549}
1550
1551static void pndisc_redo(struct sk_buff *skb)
1552{
1553 ndisc_recv_ns(skb);
1554 kfree_skb(skb);
1555}
1556
1557int ndisc_rcv(struct sk_buff *skb)
1558{
1559 struct nd_msg *msg;
1560
1561 if (!pskb_may_pull(skb, skb->len))
1562 return 0;
1563
1564 msg = (struct nd_msg *)skb_transport_header(skb);
1565
1566 __skb_push(skb, skb->data - skb_transport_header(skb));
1567
1568 if (ipv6_hdr(skb)->hop_limit != 255) {
1569 ND_PRINTK2(KERN_WARNING
1570 "ICMPv6 NDISC: invalid hop-limit: %d\n",
1571 ipv6_hdr(skb)->hop_limit);
1572 return 0;
1573 }
1574
1575 if (msg->icmph.icmp6_code != 0) {
1576 ND_PRINTK2(KERN_WARNING
1577 "ICMPv6 NDISC: invalid ICMPv6 code: %d\n",
1578 msg->icmph.icmp6_code);
1579 return 0;
1580 }
1581
1582 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1583
1584 switch (msg->icmph.icmp6_type) {
1585 case NDISC_NEIGHBOUR_SOLICITATION:
1586 ndisc_recv_ns(skb);
1587 break;
1588
1589 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1590 ndisc_recv_na(skb);
1591 break;
1592
1593 case NDISC_ROUTER_SOLICITATION:
1594 ndisc_recv_rs(skb);
1595 break;
1596
1597 case NDISC_ROUTER_ADVERTISEMENT:
1598 ndisc_router_discovery(skb);
1599 break;
1600
1601 case NDISC_REDIRECT:
1602 ndisc_redirect_rcv(skb);
1603 break;
1604 }
1605
1606 return 0;
1607}
1608
1609static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1610{
1611 struct net_device *dev = ptr;
1612
1613 if (dev->nd_net != &init_net)
1614 return NOTIFY_DONE;
1615
1616 switch (event) {
1617 case NETDEV_CHANGEADDR:
1618 neigh_changeaddr(&nd_tbl, dev);
1619 fib6_run_gc(~0UL);
1620 break;
1621 case NETDEV_DOWN:
1622 neigh_ifdown(&nd_tbl, dev);
1623 fib6_run_gc(~0UL);
1624 break;
1625 default:
1626 break;
1627 }
1628
1629 return NOTIFY_DONE;
1630}
1631
1632static struct notifier_block ndisc_netdev_notifier = {
1633 .notifier_call = ndisc_netdev_event,
1634};
1635
1636#ifdef CONFIG_SYSCTL
1637static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1638 const char *func, const char *dev_name)
1639{
1640 static char warncomm[TASK_COMM_LEN];
1641 static int warned;
1642 if (strcmp(warncomm, current->comm) && warned < 5) {
1643 strcpy(warncomm, current->comm);
1644 printk(KERN_WARNING
1645 "process `%s' is using deprecated sysctl (%s) "
1646 "net.ipv6.neigh.%s.%s; "
1647 "Use net.ipv6.neigh.%s.%s_ms "
1648 "instead.\n",
1649 warncomm, func,
1650 dev_name, ctl->procname,
1651 dev_name, ctl->procname);
1652 warned++;
1653 }
1654}
1655
1656int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, struct file * filp, void __user *buffer, size_t *lenp, loff_t *ppos)
1657{
1658 struct net_device *dev = ctl->extra1;
1659 struct inet6_dev *idev;
1660 int ret;
1661
1662 if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1663 (strcmp(ctl->procname, "base_reachable_time") == 0))
1664 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1665
1666 if (strcmp(ctl->procname, "retrans_time") == 0)
1667 ret = proc_dointvec(ctl, write, filp, buffer, lenp, ppos);
1668
1669 else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1670 ret = proc_dointvec_jiffies(ctl, write,
1671 filp, buffer, lenp, ppos);
1672
1673 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1674 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1675 ret = proc_dointvec_ms_jiffies(ctl, write,
1676 filp, buffer, lenp, ppos);
1677 else
1678 ret = -1;
1679
1680 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1681 if (ctl->data == &idev->nd_parms->base_reachable_time)
1682 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time);
1683 idev->tstamp = jiffies;
1684 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1685 in6_dev_put(idev);
1686 }
1687 return ret;
1688}
1689
1690static int ndisc_ifinfo_sysctl_strategy(ctl_table *ctl, int __user *name,
1691 int nlen, void __user *oldval,
1692 size_t __user *oldlenp,
1693 void __user *newval, size_t newlen)
1694{
1695 struct net_device *dev = ctl->extra1;
1696 struct inet6_dev *idev;
1697 int ret;
1698
1699 if (ctl->ctl_name == NET_NEIGH_RETRANS_TIME ||
1700 ctl->ctl_name == NET_NEIGH_REACHABLE_TIME)
1701 ndisc_warn_deprecated_sysctl(ctl, "procfs", dev ? dev->name : "default");
1702
1703 switch (ctl->ctl_name) {
1704 case NET_NEIGH_REACHABLE_TIME:
1705 ret = sysctl_jiffies(ctl, name, nlen,
1706 oldval, oldlenp, newval, newlen);
1707 break;
1708 case NET_NEIGH_RETRANS_TIME_MS:
1709 case NET_NEIGH_REACHABLE_TIME_MS:
1710 ret = sysctl_ms_jiffies(ctl, name, nlen,
1711 oldval, oldlenp, newval, newlen);
1712 break;
1713 default:
1714 ret = 0;
1715 }
1716
1717 if (newval && newlen && ret > 0 &&
1718 dev && (idev = in6_dev_get(dev)) != NULL) {
1719 if (ctl->ctl_name == NET_NEIGH_REACHABLE_TIME ||
1720 ctl->ctl_name == NET_NEIGH_REACHABLE_TIME_MS)
1721 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time);
1722 idev->tstamp = jiffies;
1723 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1724 in6_dev_put(idev);
1725 }
1726
1727 return ret;
1728}
1729
1730#endif
1731
1732int __init ndisc_init(struct net_proto_family *ops)
1733{
1734 struct ipv6_pinfo *np;
1735 struct sock *sk;
1736 int err;
1737
1738 err = sock_create_kern(PF_INET6, SOCK_RAW, IPPROTO_ICMPV6, &ndisc_socket);
1739 if (err < 0) {
1740 ND_PRINTK0(KERN_ERR
1741 "ICMPv6 NDISC: Failed to initialize the control socket (err %d).\n",
1742 err);
1743 ndisc_socket = NULL;
1744 return err;
1745 }
1746
1747 sk = ndisc_socket->sk;
1748 np = inet6_sk(sk);
1749 sk->sk_allocation = GFP_ATOMIC;
1750 np->hop_limit = 255;
1751
1752 np->mc_loop = 0;
1753 sk->sk_prot->unhash(sk);
1754
1755
1756
1757
1758
1759 neigh_table_init(&nd_tbl);
1760
1761#ifdef CONFIG_SYSCTL
1762 neigh_sysctl_register(NULL, &nd_tbl.parms, NET_IPV6, NET_IPV6_NEIGH,
1763 "ipv6",
1764 &ndisc_ifinfo_sysctl_change,
1765 &ndisc_ifinfo_sysctl_strategy);
1766#endif
1767
1768 register_netdevice_notifier(&ndisc_netdev_notifier);
1769 return 0;
1770}
1771
1772void ndisc_cleanup(void)
1773{
1774 unregister_netdevice_notifier(&ndisc_netdev_notifier);
1775#ifdef CONFIG_SYSCTL
1776 neigh_sysctl_unregister(&nd_tbl.parms);
1777#endif
1778 neigh_table_clear(&nd_tbl);
1779 sock_release(ndisc_socket);
1780 ndisc_socket = NULL;
1781}
1782
