1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30#define ND_DEBUG 1
31
32#define ND_PRINTK(fmt, args...) do { if (net_ratelimit()) { printk(fmt, ## args); } } while(0)
33#define ND_NOPRINTK(x...) do { ; } while(0)
34#define ND_PRINTK0 ND_PRINTK
35#define ND_PRINTK1 ND_NOPRINTK
36#define ND_PRINTK2 ND_NOPRINTK
37#define ND_PRINTK3 ND_NOPRINTK
38#if ND_DEBUG >= 1
39#undef ND_PRINTK1
40#define ND_PRINTK1 ND_PRINTK
41#endif
42#if ND_DEBUG >= 2
43#undef ND_PRINTK2
44#define ND_PRINTK2 ND_PRINTK
45#endif
46#if ND_DEBUG >= 3
47#undef ND_PRINTK3
48#define ND_PRINTK3 ND_PRINTK
49#endif
50
51#include <linux/module.h>
52#include <linux/errno.h>
53#include <linux/types.h>
54#include <linux/socket.h>
55#include <linux/sockios.h>
56#include <linux/sched.h>
57#include <linux/net.h>
58#include <linux/in6.h>
59#include <linux/route.h>
60#include <linux/init.h>
61#include <linux/rcupdate.h>
62#include <linux/slab.h>
63#ifdef CONFIG_SYSCTL
64#include <linux/sysctl.h>
65#endif
66
67#include <linux/if_addr.h>
68#include <linux/if_arp.h>
69#include <linux/ipv6.h>
70#include <linux/icmpv6.h>
71#include <linux/jhash.h>
72
73#include <net/sock.h>
74#include <net/snmp.h>
75
76#include <net/ipv6.h>
77#include <net/protocol.h>
78#include <net/ndisc.h>
79#include <net/ip6_route.h>
80#include <net/addrconf.h>
81#include <net/icmp.h>
82
83#include <net/netlink.h>
84#include <linux/rtnetlink.h>
85
86#include <net/flow.h>
87#include <net/ip6_checksum.h>
88#include <net/inet_common.h>
89#include <linux/proc_fs.h>
90
91#include <linux/netfilter.h>
92#include <linux/netfilter_ipv6.h>
93
94static u32 ndisc_hash(const void *pkey,
95 const struct net_device *dev,
96 __u32 *hash_rnd);
97static int ndisc_constructor(struct neighbour *neigh);
98static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
99static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
100static int pndisc_constructor(struct pneigh_entry *n);
101static void pndisc_destructor(struct pneigh_entry *n);
102static void pndisc_redo(struct sk_buff *skb);
103
104static const struct neigh_ops ndisc_generic_ops = {
105 .family = AF_INET6,
106 .solicit = ndisc_solicit,
107 .error_report = ndisc_error_report,
108 .output = neigh_resolve_output,
109 .connected_output = neigh_connected_output,
110};
111
112static const struct neigh_ops ndisc_hh_ops = {
113 .family = AF_INET6,
114 .solicit = ndisc_solicit,
115 .error_report = ndisc_error_report,
116 .output = neigh_resolve_output,
117 .connected_output = neigh_resolve_output,
118};
119
120
121static const struct neigh_ops ndisc_direct_ops = {
122 .family = AF_INET6,
123 .output = neigh_direct_output,
124 .connected_output = neigh_direct_output,
125};
126
127struct neigh_table nd_tbl = {
128 .family = AF_INET6,
129 .key_len = sizeof(struct in6_addr),
130 .hash = ndisc_hash,
131 .constructor = ndisc_constructor,
132 .pconstructor = pndisc_constructor,
133 .pdestructor = pndisc_destructor,
134 .proxy_redo = pndisc_redo,
135 .id = "ndisc_cache",
136 .parms = {
137 .tbl = &nd_tbl,
138 .base_reachable_time = ND_REACHABLE_TIME,
139 .retrans_time = ND_RETRANS_TIMER,
140 .gc_staletime = 60 * HZ,
141 .reachable_time = ND_REACHABLE_TIME,
142 .delay_probe_time = 5 * HZ,
143 .queue_len_bytes = 64*1024,
144 .ucast_probes = 3,
145 .mcast_probes = 3,
146 .anycast_delay = 1 * HZ,
147 .proxy_delay = (8 * HZ) / 10,
148 .proxy_qlen = 64,
149 },
150 .gc_interval = 30 * HZ,
151 .gc_thresh1 = 128,
152 .gc_thresh2 = 512,
153 .gc_thresh3 = 1024,
154};
155
156
157struct ndisc_options {
158 struct nd_opt_hdr *nd_opt_array[__ND_OPT_ARRAY_MAX];
159#ifdef CONFIG_IPV6_ROUTE_INFO
160 struct nd_opt_hdr *nd_opts_ri;
161 struct nd_opt_hdr *nd_opts_ri_end;
162#endif
163 struct nd_opt_hdr *nd_useropts;
164 struct nd_opt_hdr *nd_useropts_end;
165};
166
167#define nd_opts_src_lladdr nd_opt_array[ND_OPT_SOURCE_LL_ADDR]
168#define nd_opts_tgt_lladdr nd_opt_array[ND_OPT_TARGET_LL_ADDR]
169#define nd_opts_pi nd_opt_array[ND_OPT_PREFIX_INFO]
170#define nd_opts_pi_end nd_opt_array[__ND_OPT_PREFIX_INFO_END]
171#define nd_opts_rh nd_opt_array[ND_OPT_REDIRECT_HDR]
172#define nd_opts_mtu nd_opt_array[ND_OPT_MTU]
173
174#define NDISC_OPT_SPACE(len) (((len)+2+7)&~7)
175
176
177
178
179
180
181
182static int ndisc_addr_option_pad(unsigned short type)
183{
184 switch (type) {
185 case ARPHRD_INFINIBAND: return 2;
186 default: return 0;
187 }
188}
189
190static inline int ndisc_opt_addr_space(struct net_device *dev)
191{
192 return NDISC_OPT_SPACE(dev->addr_len + ndisc_addr_option_pad(dev->type));
193}
194
195static u8 *ndisc_fill_addr_option(u8 *opt, int type, void *data, int data_len,
196 unsigned short addr_type)
197{
198 int space = NDISC_OPT_SPACE(data_len);
199 int pad = ndisc_addr_option_pad(addr_type);
200
201 opt[0] = type;
202 opt[1] = space>>3;
203
204 memset(opt + 2, 0, pad);
205 opt += pad;
206 space -= pad;
207
208 memcpy(opt+2, data, data_len);
209 data_len += 2;
210 opt += data_len;
211 if ((space -= data_len) > 0)
212 memset(opt, 0, space);
213 return opt + space;
214}
215
216static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
217 struct nd_opt_hdr *end)
218{
219 int type;
220 if (!cur || !end || cur >= end)
221 return NULL;
222 type = cur->nd_opt_type;
223 do {
224 cur = ((void *)cur) + (cur->nd_opt_len << 3);
225 } while(cur < end && cur->nd_opt_type != type);
226 return cur <= end && cur->nd_opt_type == type ? cur : NULL;
227}
228
229static inline int ndisc_is_useropt(struct nd_opt_hdr *opt)
230{
231 return opt->nd_opt_type == ND_OPT_RDNSS;
232}
233
234static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur,
235 struct nd_opt_hdr *end)
236{
237 if (!cur || !end || cur >= end)
238 return NULL;
239 do {
240 cur = ((void *)cur) + (cur->nd_opt_len << 3);
241 } while(cur < end && !ndisc_is_useropt(cur));
242 return cur <= end && ndisc_is_useropt(cur) ? cur : NULL;
243}
244
245static struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
246 struct ndisc_options *ndopts)
247{
248 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
249
250 if (!nd_opt || opt_len < 0 || !ndopts)
251 return NULL;
252 memset(ndopts, 0, sizeof(*ndopts));
253 while (opt_len) {
254 int l;
255 if (opt_len < sizeof(struct nd_opt_hdr))
256 return NULL;
257 l = nd_opt->nd_opt_len << 3;
258 if (opt_len < l || l == 0)
259 return NULL;
260 switch (nd_opt->nd_opt_type) {
261 case ND_OPT_SOURCE_LL_ADDR:
262 case ND_OPT_TARGET_LL_ADDR:
263 case ND_OPT_MTU:
264 case ND_OPT_REDIRECT_HDR:
265 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
266 ND_PRINTK2(KERN_WARNING
267 "%s(): duplicated ND6 option found: type=%d\n",
268 __func__,
269 nd_opt->nd_opt_type);
270 } else {
271 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
272 }
273 break;
274 case ND_OPT_PREFIX_INFO:
275 ndopts->nd_opts_pi_end = nd_opt;
276 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
277 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
278 break;
279#ifdef CONFIG_IPV6_ROUTE_INFO
280 case ND_OPT_ROUTE_INFO:
281 ndopts->nd_opts_ri_end = nd_opt;
282 if (!ndopts->nd_opts_ri)
283 ndopts->nd_opts_ri = nd_opt;
284 break;
285#endif
286 default:
287 if (ndisc_is_useropt(nd_opt)) {
288 ndopts->nd_useropts_end = nd_opt;
289 if (!ndopts->nd_useropts)
290 ndopts->nd_useropts = nd_opt;
291 } else {
292
293
294
295
296
297 ND_PRINTK2(KERN_NOTICE
298 "%s(): ignored unsupported option; type=%d, len=%d\n",
299 __func__,
300 nd_opt->nd_opt_type, nd_opt->nd_opt_len);
301 }
302 }
303 opt_len -= l;
304 nd_opt = ((void *)nd_opt) + l;
305 }
306 return ndopts;
307}
308
309static inline u8 *ndisc_opt_addr_data(struct nd_opt_hdr *p,
310 struct net_device *dev)
311{
312 u8 *lladdr = (u8 *)(p + 1);
313 int lladdrlen = p->nd_opt_len << 3;
314 int prepad = ndisc_addr_option_pad(dev->type);
315 if (lladdrlen != NDISC_OPT_SPACE(dev->addr_len + prepad))
316 return NULL;
317 return lladdr + prepad;
318}
319
320int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
321{
322 switch (dev->type) {
323 case ARPHRD_ETHER:
324 case ARPHRD_IEEE802:
325 case ARPHRD_FDDI:
326 ipv6_eth_mc_map(addr, buf);
327 return 0;
328 case ARPHRD_IEEE802_TR:
329 ipv6_tr_mc_map(addr,buf);
330 return 0;
331 case ARPHRD_ARCNET:
332 ipv6_arcnet_mc_map(addr, buf);
333 return 0;
334 case ARPHRD_INFINIBAND:
335 ipv6_ib_mc_map(addr, dev->broadcast, buf);
336 return 0;
337 case ARPHRD_IPGRE:
338 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
339 default:
340 if (dir) {
341 memcpy(buf, dev->broadcast, dev->addr_len);
342 return 0;
343 }
344 }
345 return -EINVAL;
346}
347
348EXPORT_SYMBOL(ndisc_mc_map);
349
350static u32 ndisc_hash(const void *pkey,
351 const struct net_device *dev,
352 __u32 *hash_rnd)
353{
354 return ndisc_hashfn(pkey, dev, hash_rnd);
355}
356
357static int ndisc_constructor(struct neighbour *neigh)
358{
359 struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key;
360 struct net_device *dev = neigh->dev;
361 struct inet6_dev *in6_dev;
362 struct neigh_parms *parms;
363 int is_multicast = ipv6_addr_is_multicast(addr);
364
365 in6_dev = in6_dev_get(dev);
366 if (in6_dev == NULL) {
367 return -EINVAL;
368 }
369
370 parms = in6_dev->nd_parms;
371 __neigh_parms_put(neigh->parms);
372 neigh->parms = neigh_parms_clone(parms);
373
374 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
375 if (!dev->header_ops) {
376 neigh->nud_state = NUD_NOARP;
377 neigh->ops = &ndisc_direct_ops;
378 neigh->output = neigh_direct_output;
379 } else {
380 if (is_multicast) {
381 neigh->nud_state = NUD_NOARP;
382 ndisc_mc_map(addr, neigh->ha, dev, 1);
383 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
384 neigh->nud_state = NUD_NOARP;
385 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
386 if (dev->flags&IFF_LOOPBACK)
387 neigh->type = RTN_LOCAL;
388 } else if (dev->flags&IFF_POINTOPOINT) {
389 neigh->nud_state = NUD_NOARP;
390 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
391 }
392 if (dev->header_ops->cache)
393 neigh->ops = &ndisc_hh_ops;
394 else
395 neigh->ops = &ndisc_generic_ops;
396 if (neigh->nud_state&NUD_VALID)
397 neigh->output = neigh->ops->connected_output;
398 else
399 neigh->output = neigh->ops->output;
400 }
401 in6_dev_put(in6_dev);
402 return 0;
403}
404
405static int pndisc_constructor(struct pneigh_entry *n)
406{
407 struct in6_addr *addr = (struct in6_addr*)&n->key;
408 struct in6_addr maddr;
409 struct net_device *dev = n->dev;
410
411 if (dev == NULL || __in6_dev_get(dev) == NULL)
412 return -EINVAL;
413 addrconf_addr_solict_mult(addr, &maddr);
414 ipv6_dev_mc_inc(dev, &maddr);
415 return 0;
416}
417
418static void pndisc_destructor(struct pneigh_entry *n)
419{
420 struct in6_addr *addr = (struct in6_addr*)&n->key;
421 struct in6_addr maddr;
422 struct net_device *dev = n->dev;
423
424 if (dev == NULL || __in6_dev_get(dev) == NULL)
425 return;
426 addrconf_addr_solict_mult(addr, &maddr);
427 ipv6_dev_mc_dec(dev, &maddr);
428}
429
430struct sk_buff *ndisc_build_skb(struct net_device *dev,
431 const struct in6_addr *daddr,
432 const struct in6_addr *saddr,
433 struct icmp6hdr *icmp6h,
434 const struct in6_addr *target,
435 int llinfo)
436{
437 struct net *net = dev_net(dev);
438 struct sock *sk = net->ipv6.ndisc_sk;
439 struct sk_buff *skb;
440 struct icmp6hdr *hdr;
441 int hlen = LL_RESERVED_SPACE(dev);
442 int tlen = dev->needed_tailroom;
443 int len;
444 int err;
445 u8 *opt;
446
447 if (!dev->addr_len)
448 llinfo = 0;
449
450 len = sizeof(struct icmp6hdr) + (target ? sizeof(*target) : 0);
451 if (llinfo)
452 len += ndisc_opt_addr_space(dev);
453
454 skb = sock_alloc_send_skb(sk,
455 (MAX_HEADER + sizeof(struct ipv6hdr) +
456 len + hlen + tlen),
457 1, &err);
458 if (!skb) {
459 ND_PRINTK0(KERN_ERR
460 "ICMPv6 ND: %s() failed to allocate an skb, err=%d.\n",
461 __func__, err);
462 return NULL;
463 }
464
465 skb_reserve(skb, hlen);
466 ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len);
467
468 skb->transport_header = skb->tail;
469 skb_put(skb, len);
470
471 hdr = (struct icmp6hdr *)skb_transport_header(skb);
472 memcpy(hdr, icmp6h, sizeof(*hdr));
473
474 opt = skb_transport_header(skb) + sizeof(struct icmp6hdr);
475 if (target) {
476 *(struct in6_addr *)opt = *target;
477 opt += sizeof(*target);
478 }
479
480 if (llinfo)
481 ndisc_fill_addr_option(opt, llinfo, dev->dev_addr,
482 dev->addr_len, dev->type);
483
484 hdr->icmp6_cksum = csum_ipv6_magic(saddr, daddr, len,
485 IPPROTO_ICMPV6,
486 csum_partial(hdr,
487 len, 0));
488
489 return skb;
490}
491
492EXPORT_SYMBOL(ndisc_build_skb);
493
494void ndisc_send_skb(struct sk_buff *skb,
495 struct net_device *dev,
496 struct neighbour *neigh,
497 const struct in6_addr *daddr,
498 const struct in6_addr *saddr,
499 struct icmp6hdr *icmp6h)
500{
501 struct flowi6 fl6;
502 struct dst_entry *dst;
503 struct net *net = dev_net(dev);
504 struct sock *sk = net->ipv6.ndisc_sk;
505 struct inet6_dev *idev;
506 int err;
507 u8 type;
508
509 type = icmp6h->icmp6_type;
510
511 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, dev->ifindex);
512 dst = icmp6_dst_alloc(dev, neigh, &fl6);
513 if (IS_ERR(dst)) {
514 kfree_skb(skb);
515 return;
516 }
517
518 skb_dst_set(skb, dst);
519
520 rcu_read_lock();
521 idev = __in6_dev_get(dst->dev);
522 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
523
524 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev,
525 dst_output);
526 if (!err) {
527 ICMP6MSGOUT_INC_STATS(net, idev, type);
528 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
529 }
530
531 rcu_read_unlock();
532}
533
534EXPORT_SYMBOL(ndisc_send_skb);
535
536
537
538
539static void __ndisc_send(struct net_device *dev,
540 struct neighbour *neigh,
541 const struct in6_addr *daddr,
542 const struct in6_addr *saddr,
543 struct icmp6hdr *icmp6h, const struct in6_addr *target,
544 int llinfo)
545{
546 struct sk_buff *skb;
547
548 skb = ndisc_build_skb(dev, daddr, saddr, icmp6h, target, llinfo);
549 if (!skb)
550 return;
551
552 ndisc_send_skb(skb, dev, neigh, daddr, saddr, icmp6h);
553}
554
555static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
556 const struct in6_addr *daddr,
557 const struct in6_addr *solicited_addr,
558 int router, int solicited, int override, int inc_opt)
559{
560 struct in6_addr tmpaddr;
561 struct inet6_ifaddr *ifp;
562 const struct in6_addr *src_addr;
563 struct icmp6hdr icmp6h = {
564 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
565 };
566
567
568 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
569 if (ifp) {
570 src_addr = solicited_addr;
571 if (ifp->flags & IFA_F_OPTIMISTIC)
572 override = 0;
573 inc_opt |= ifp->idev->cnf.force_tllao;
574 in6_ifa_put(ifp);
575 } else {
576 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
577 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
578 &tmpaddr))
579 return;
580 src_addr = &tmpaddr;
581 }
582
583 icmp6h.icmp6_router = router;
584 icmp6h.icmp6_solicited = solicited;
585 icmp6h.icmp6_override = override;
586
587 __ndisc_send(dev, neigh, daddr, src_addr,
588 &icmp6h, solicited_addr,
589 inc_opt ? ND_OPT_TARGET_LL_ADDR : 0);
590}
591
592static void ndisc_send_unsol_na(struct net_device *dev)
593{
594 struct inet6_dev *idev;
595 struct inet6_ifaddr *ifa;
596 struct in6_addr mcaddr;
597
598 idev = in6_dev_get(dev);
599 if (!idev)
600 return;
601
602 read_lock_bh(&idev->lock);
603 list_for_each_entry(ifa, &idev->addr_list, if_list) {
604 addrconf_addr_solict_mult(&ifa->addr, &mcaddr);
605 ndisc_send_na(dev, NULL, &mcaddr, &ifa->addr,
606 !!idev->cnf.forwarding,
607 false, true,
608 true);
609 }
610 read_unlock_bh(&idev->lock);
611
612 in6_dev_put(idev);
613}
614
615void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh,
616 const struct in6_addr *solicit,
617 const struct in6_addr *daddr, const struct in6_addr *saddr)
618{
619 struct in6_addr addr_buf;
620 struct icmp6hdr icmp6h = {
621 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
622 };
623
624 if (saddr == NULL) {
625 if (ipv6_get_lladdr(dev, &addr_buf,
626 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
627 return;
628 saddr = &addr_buf;
629 }
630
631 __ndisc_send(dev, neigh, daddr, saddr,
632 &icmp6h, solicit,
633 !ipv6_addr_any(saddr) ? ND_OPT_SOURCE_LL_ADDR : 0);
634}
635
636void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
637 const struct in6_addr *daddr)
638{
639 struct icmp6hdr icmp6h = {
640 .icmp6_type = NDISC_ROUTER_SOLICITATION,
641 };
642 int send_sllao = dev->addr_len;
643
644#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
645
646
647
648
649
650
651
652
653 if (send_sllao) {
654 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
655 dev, 1);
656 if (ifp) {
657 if (ifp->flags & IFA_F_OPTIMISTIC) {
658 send_sllao = 0;
659 }
660 in6_ifa_put(ifp);
661 } else {
662 send_sllao = 0;
663 }
664 }
665#endif
666 __ndisc_send(dev, NULL, daddr, saddr,
667 &icmp6h, NULL,
668 send_sllao ? ND_OPT_SOURCE_LL_ADDR : 0);
669}
670
671
672static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
673{
674
675
676
677
678 dst_link_failure(skb);
679 kfree_skb(skb);
680}
681
682
683
684static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
685{
686 struct in6_addr *saddr = NULL;
687 struct in6_addr mcaddr;
688 struct net_device *dev = neigh->dev;
689 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
690 int probes = atomic_read(&neigh->probes);
691
692 if (skb && ipv6_chk_addr(dev_net(dev), &ipv6_hdr(skb)->saddr, dev, 1))
693 saddr = &ipv6_hdr(skb)->saddr;
694
695 if ((probes -= neigh->parms->ucast_probes) < 0) {
696 if (!(neigh->nud_state & NUD_VALID)) {
697 ND_PRINTK1(KERN_DEBUG "%s(): trying to ucast probe in NUD_INVALID: %pI6\n",
698 __func__, target);
699 }
700 ndisc_send_ns(dev, neigh, target, target, saddr);
701 } else if ((probes -= neigh->parms->app_probes) < 0) {
702#ifdef CONFIG_ARPD
703 neigh_app_ns(neigh);
704#endif
705 } else {
706 addrconf_addr_solict_mult(target, &mcaddr);
707 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr);
708 }
709}
710
711static int pndisc_is_router(const void *pkey,
712 struct net_device *dev)
713{
714 struct pneigh_entry *n;
715 int ret = -1;
716
717 read_lock_bh(&nd_tbl.lock);
718 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
719 if (n)
720 ret = !!(n->flags & NTF_ROUTER);
721 read_unlock_bh(&nd_tbl.lock);
722
723 return ret;
724}
725
726static void ndisc_recv_ns(struct sk_buff *skb)
727{
728 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
729 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
730 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
731 u8 *lladdr = NULL;
732 u32 ndoptlen = skb->tail - (skb->transport_header +
733 offsetof(struct nd_msg, opt));
734 struct ndisc_options ndopts;
735 struct net_device *dev = skb->dev;
736 struct inet6_ifaddr *ifp;
737 struct inet6_dev *idev = NULL;
738 struct neighbour *neigh;
739 int dad = ipv6_addr_any(saddr);
740 int inc;
741 int is_router = -1;
742
743 if (ipv6_addr_is_multicast(&msg->target)) {
744 ND_PRINTK2(KERN_WARNING
745 "ICMPv6 NS: multicast target address");
746 return;
747 }
748
749
750
751
752
753 if (dad &&
754 !(daddr->s6_addr32[0] == htonl(0xff020000) &&
755 daddr->s6_addr32[1] == htonl(0x00000000) &&
756 daddr->s6_addr32[2] == htonl(0x00000001) &&
757 daddr->s6_addr [12] == 0xff )) {
758 ND_PRINTK2(KERN_WARNING
759 "ICMPv6 NS: bad DAD packet (wrong destination)\n");
760 return;
761 }
762
763 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
764 ND_PRINTK2(KERN_WARNING
765 "ICMPv6 NS: invalid ND options\n");
766 return;
767 }
768
769 if (ndopts.nd_opts_src_lladdr) {
770 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
771 if (!lladdr) {
772 ND_PRINTK2(KERN_WARNING
773 "ICMPv6 NS: invalid link-layer address length\n");
774 return;
775 }
776
777
778
779
780
781
782 if (dad) {
783 ND_PRINTK2(KERN_WARNING
784 "ICMPv6 NS: bad DAD packet (link-layer address option)\n");
785 return;
786 }
787 }
788
789 inc = ipv6_addr_is_multicast(daddr);
790
791 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
792 if (ifp) {
793
794 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
795 if (dad) {
796 if (dev->type == ARPHRD_IEEE802_TR) {
797 const unsigned char *sadr;
798 sadr = skb_mac_header(skb);
799 if (((sadr[8] ^ dev->dev_addr[0]) & 0x7f) == 0 &&
800 sadr[9] == dev->dev_addr[1] &&
801 sadr[10] == dev->dev_addr[2] &&
802 sadr[11] == dev->dev_addr[3] &&
803 sadr[12] == dev->dev_addr[4] &&
804 sadr[13] == dev->dev_addr[5]) {
805
806 goto out;
807 }
808 }
809
810
811
812
813
814
815 addrconf_dad_failure(ifp);
816 return;
817 } else {
818
819
820
821
822
823
824 if (!(ifp->flags & IFA_F_OPTIMISTIC))
825 goto out;
826 }
827 }
828
829 idev = ifp->idev;
830 } else {
831 struct net *net = dev_net(dev);
832
833 idev = in6_dev_get(dev);
834 if (!idev) {
835
836 return;
837 }
838
839 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
840 (idev->cnf.forwarding &&
841 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
842 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
843 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
844 skb->pkt_type != PACKET_HOST &&
845 inc != 0 &&
846 idev->nd_parms->proxy_delay != 0) {
847
848
849
850
851
852
853
854 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
855 if (n)
856 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
857 goto out;
858 }
859 } else
860 goto out;
861 }
862
863 if (is_router < 0)
864 is_router = !!idev->cnf.forwarding;
865
866 if (dad) {
867 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &msg->target,
868 is_router, 0, (ifp != NULL), 1);
869 goto out;
870 }
871
872 if (inc)
873 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
874 else
875 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
876
877
878
879
880
881 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
882 !inc || lladdr || !dev->addr_len);
883 if (neigh)
884 neigh_update(neigh, lladdr, NUD_STALE,
885 NEIGH_UPDATE_F_WEAK_OVERRIDE|
886 NEIGH_UPDATE_F_OVERRIDE);
887 if (neigh || !dev->header_ops) {
888 ndisc_send_na(dev, neigh, saddr, &msg->target,
889 is_router,
890 1, (ifp != NULL && inc), inc);
891 if (neigh)
892 neigh_release(neigh);
893 }
894
895out:
896 if (ifp)
897 in6_ifa_put(ifp);
898 else
899 in6_dev_put(idev);
900}
901
902static void ndisc_recv_na(struct sk_buff *skb)
903{
904 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
905 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
906 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
907 u8 *lladdr = NULL;
908 u32 ndoptlen = skb->tail - (skb->transport_header +
909 offsetof(struct nd_msg, opt));
910 struct ndisc_options ndopts;
911 struct net_device *dev = skb->dev;
912 struct inet6_ifaddr *ifp;
913 struct neighbour *neigh;
914
915 if (skb->len < sizeof(struct nd_msg)) {
916 ND_PRINTK2(KERN_WARNING
917 "ICMPv6 NA: packet too short\n");
918 return;
919 }
920
921 if (ipv6_addr_is_multicast(&msg->target)) {
922 ND_PRINTK2(KERN_WARNING
923 "ICMPv6 NA: target address is multicast.\n");
924 return;
925 }
926
927 if (ipv6_addr_is_multicast(daddr) &&
928 msg->icmph.icmp6_solicited) {
929 ND_PRINTK2(KERN_WARNING
930 "ICMPv6 NA: solicited NA is multicasted.\n");
931 return;
932 }
933
934 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
935 ND_PRINTK2(KERN_WARNING
936 "ICMPv6 NS: invalid ND option\n");
937 return;
938 }
939 if (ndopts.nd_opts_tgt_lladdr) {
940 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
941 if (!lladdr) {
942 ND_PRINTK2(KERN_WARNING
943 "ICMPv6 NA: invalid link-layer address length\n");
944 return;
945 }
946 }
947 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
948 if (ifp) {
949 if (skb->pkt_type != PACKET_LOOPBACK
950 && (ifp->flags & IFA_F_TENTATIVE)) {
951 addrconf_dad_failure(ifp);
952 return;
953 }
954
955
956
957
958
959
960
961
962
963 if (skb->pkt_type != PACKET_LOOPBACK)
964 ND_PRINTK1(KERN_WARNING
965 "ICMPv6 NA: someone advertises our address %pI6 on %s!\n",
966 &ifp->addr, ifp->idev->dev->name);
967 in6_ifa_put(ifp);
968 return;
969 }
970 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
971
972 if (neigh) {
973 u8 old_flags = neigh->flags;
974 struct net *net = dev_net(dev);
975
976 if (neigh->nud_state & NUD_FAILED)
977 goto out;
978
979
980
981
982
983
984 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
985 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
986 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
987
988 goto out;
989 }
990
991 neigh_update(neigh, lladdr,
992 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
993 NEIGH_UPDATE_F_WEAK_OVERRIDE|
994 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
995 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
996 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0));
997
998 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
999
1000
1001
1002 struct rt6_info *rt;
1003 rt = rt6_get_dflt_router(saddr, dev);
1004 if (rt)
1005 ip6_del_rt(rt);
1006 }
1007
1008out:
1009 neigh_release(neigh);
1010 }
1011}
1012
1013static void ndisc_recv_rs(struct sk_buff *skb)
1014{
1015 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
1016 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
1017 struct neighbour *neigh;
1018 struct inet6_dev *idev;
1019 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
1020 struct ndisc_options ndopts;
1021 u8 *lladdr = NULL;
1022
1023 if (skb->len < sizeof(*rs_msg))
1024 return;
1025
1026 idev = __in6_dev_get(skb->dev);
1027 if (!idev) {
1028 if (net_ratelimit())
1029 ND_PRINTK1("ICMP6 RS: can't find in6 device\n");
1030 return;
1031 }
1032
1033
1034 if (!idev->cnf.forwarding)
1035 goto out;
1036
1037
1038
1039
1040
1041 if (ipv6_addr_any(saddr))
1042 goto out;
1043
1044
1045 if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) {
1046 if (net_ratelimit())
1047 ND_PRINTK2("ICMP6 NS: invalid ND option, ignored\n");
1048 goto out;
1049 }
1050
1051 if (ndopts.nd_opts_src_lladdr) {
1052 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1053 skb->dev);
1054 if (!lladdr)
1055 goto out;
1056 }
1057
1058 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1059 if (neigh) {
1060 neigh_update(neigh, lladdr, NUD_STALE,
1061 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1062 NEIGH_UPDATE_F_OVERRIDE|
1063 NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
1064 neigh_release(neigh);
1065 }
1066out:
1067 return;
1068}
1069
1070static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1071{
1072 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1073 struct sk_buff *skb;
1074 struct nlmsghdr *nlh;
1075 struct nduseroptmsg *ndmsg;
1076 struct net *net = dev_net(ra->dev);
1077 int err;
1078 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1079 + (opt->nd_opt_len << 3));
1080 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1081
1082 skb = nlmsg_new(msg_size, GFP_ATOMIC);
1083 if (skb == NULL) {
1084 err = -ENOBUFS;
1085 goto errout;
1086 }
1087
1088 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1089 if (nlh == NULL) {
1090 goto nla_put_failure;
1091 }
1092
1093 ndmsg = nlmsg_data(nlh);
1094 ndmsg->nduseropt_family = AF_INET6;
1095 ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1096 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1097 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1098 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1099
1100 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1101
1102 NLA_PUT(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr),
1103 &ipv6_hdr(ra)->saddr);
1104 nlmsg_end(skb, nlh);
1105
1106 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1107 return;
1108
1109nla_put_failure:
1110 nlmsg_free(skb);
1111 err = -EMSGSIZE;
1112errout:
1113 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1114}
1115
1116static inline int accept_ra(struct inet6_dev *in6_dev)
1117{
1118
1119
1120
1121
1122 if (in6_dev->cnf.forwarding && in6_dev->cnf.accept_ra < 2)
1123 return 0;
1124
1125 return in6_dev->cnf.accept_ra;
1126}
1127
1128static void ndisc_router_discovery(struct sk_buff *skb)
1129{
1130 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1131 struct neighbour *neigh = NULL;
1132 struct inet6_dev *in6_dev;
1133 struct rt6_info *rt = NULL;
1134 int lifetime;
1135 struct ndisc_options ndopts;
1136 int optlen;
1137 unsigned int pref = 0;
1138
1139 __u8 * opt = (__u8 *)(ra_msg + 1);
1140
1141 optlen = (skb->tail - skb->transport_header) - sizeof(struct ra_msg);
1142
1143 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1144 ND_PRINTK2(KERN_WARNING
1145 "ICMPv6 RA: source address is not link-local.\n");
1146 return;
1147 }
1148 if (optlen < 0) {
1149 ND_PRINTK2(KERN_WARNING
1150 "ICMPv6 RA: packet too short\n");
1151 return;
1152 }
1153
1154#ifdef CONFIG_IPV6_NDISC_NODETYPE
1155 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1156 ND_PRINTK2(KERN_WARNING
1157 "ICMPv6 RA: from host or unauthorized router\n");
1158 return;
1159 }
1160#endif
1161
1162
1163
1164
1165
1166 in6_dev = __in6_dev_get(skb->dev);
1167 if (in6_dev == NULL) {
1168 ND_PRINTK0(KERN_ERR
1169 "ICMPv6 RA: can't find inet6 device for %s.\n",
1170 skb->dev->name);
1171 return;
1172 }
1173
1174 if (!ndisc_parse_options(opt, optlen, &ndopts)) {
1175 ND_PRINTK2(KERN_WARNING
1176 "ICMP6 RA: invalid ND options\n");
1177 return;
1178 }
1179
1180 if (!accept_ra(in6_dev))
1181 goto skip_linkparms;
1182
1183#ifdef CONFIG_IPV6_NDISC_NODETYPE
1184
1185 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1186 goto skip_linkparms;
1187#endif
1188
1189 if (in6_dev->if_flags & IF_RS_SENT) {
1190
1191
1192
1193
1194 in6_dev->if_flags |= IF_RA_RCVD;
1195 }
1196
1197
1198
1199
1200
1201 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1202 IF_RA_OTHERCONF)) |
1203 (ra_msg->icmph.icmp6_addrconf_managed ?
1204 IF_RA_MANAGED : 0) |
1205 (ra_msg->icmph.icmp6_addrconf_other ?
1206 IF_RA_OTHERCONF : 0);
1207
1208 if (!in6_dev->cnf.accept_ra_defrtr)
1209 goto skip_defrtr;
1210
1211 if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0))
1212 goto skip_defrtr;
1213
1214 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1215
1216#ifdef CONFIG_IPV6_ROUTER_PREF
1217 pref = ra_msg->icmph.icmp6_router_pref;
1218
1219 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1220 !in6_dev->cnf.accept_ra_rtr_pref)
1221 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1222#endif
1223
1224 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1225
1226 if (rt)
1227 neigh = dst_get_neighbour_noref(&rt->dst);
1228
1229 if (rt && lifetime == 0) {
1230 neigh_clone(neigh);
1231 ip6_del_rt(rt);
1232 rt = NULL;
1233 }
1234
1235 if (rt == NULL && lifetime) {
1236 ND_PRINTK3(KERN_DEBUG
1237 "ICMPv6 RA: adding default router.\n");
1238
1239 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
1240 if (rt == NULL) {
1241 ND_PRINTK0(KERN_ERR
1242 "ICMPv6 RA: %s() failed to add default route.\n",
1243 __func__);
1244 return;
1245 }
1246
1247 neigh = dst_get_neighbour_noref(&rt->dst);
1248 if (neigh == NULL) {
1249 ND_PRINTK0(KERN_ERR
1250 "ICMPv6 RA: %s() got default router without neighbour.\n",
1251 __func__);
1252 dst_release(&rt->dst);
1253 return;
1254 }
1255 neigh->flags |= NTF_ROUTER;
1256 } else if (rt) {
1257 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1258 }
1259
1260 if (rt)
1261 rt->dst.expires = jiffies + (HZ * lifetime);
1262
1263 if (ra_msg->icmph.icmp6_hop_limit) {
1264 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1265 if (rt)
1266 dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
1267 ra_msg->icmph.icmp6_hop_limit);
1268 }
1269
1270skip_defrtr:
1271
1272
1273
1274
1275
1276 if (in6_dev->nd_parms) {
1277 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1278
1279 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1280 rtime = (rtime*HZ)/1000;
1281 if (rtime < HZ/10)
1282 rtime = HZ/10;
1283 in6_dev->nd_parms->retrans_time = rtime;
1284 in6_dev->tstamp = jiffies;
1285 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1286 }
1287
1288 rtime = ntohl(ra_msg->reachable_time);
1289 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1290 rtime = (rtime*HZ)/1000;
1291
1292 if (rtime < HZ/10)
1293 rtime = HZ/10;
1294
1295 if (rtime != in6_dev->nd_parms->base_reachable_time) {
1296 in6_dev->nd_parms->base_reachable_time = rtime;
1297 in6_dev->nd_parms->gc_staletime = 3 * rtime;
1298 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1299 in6_dev->tstamp = jiffies;
1300 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1301 }
1302 }
1303 }
1304
1305skip_linkparms:
1306
1307
1308
1309
1310
1311 if (!neigh)
1312 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1313 skb->dev, 1);
1314 if (neigh) {
1315 u8 *lladdr = NULL;
1316 if (ndopts.nd_opts_src_lladdr) {
1317 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1318 skb->dev);
1319 if (!lladdr) {
1320 ND_PRINTK2(KERN_WARNING
1321 "ICMPv6 RA: invalid link-layer address length\n");
1322 goto out;
1323 }
1324 }
1325 neigh_update(neigh, lladdr, NUD_STALE,
1326 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1327 NEIGH_UPDATE_F_OVERRIDE|
1328 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1329 NEIGH_UPDATE_F_ISROUTER);
1330 }
1331
1332 if (!accept_ra(in6_dev))
1333 goto out;
1334
1335#ifdef CONFIG_IPV6_ROUTE_INFO
1336 if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0))
1337 goto skip_routeinfo;
1338
1339 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1340 struct nd_opt_hdr *p;
1341 for (p = ndopts.nd_opts_ri;
1342 p;
1343 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1344 struct route_info *ri = (struct route_info *)p;
1345#ifdef CONFIG_IPV6_NDISC_NODETYPE
1346 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1347 ri->prefix_len == 0)
1348 continue;
1349#endif
1350 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1351 continue;
1352 rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3,
1353 &ipv6_hdr(skb)->saddr);
1354 }
1355 }
1356
1357skip_routeinfo:
1358#endif
1359
1360#ifdef CONFIG_IPV6_NDISC_NODETYPE
1361
1362 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1363 goto out;
1364#endif
1365
1366 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1367 struct nd_opt_hdr *p;
1368 for (p = ndopts.nd_opts_pi;
1369 p;
1370 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1371 addrconf_prefix_rcv(skb->dev, (u8 *)p,
1372 (p->nd_opt_len) << 3,
1373 ndopts.nd_opts_src_lladdr != NULL);
1374 }
1375 }
1376
1377 if (ndopts.nd_opts_mtu) {
1378 __be32 n;
1379 u32 mtu;
1380
1381 memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1382 mtu = ntohl(n);
1383
1384 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1385 ND_PRINTK2(KERN_WARNING
1386 "ICMPv6 RA: invalid mtu: %d\n",
1387 mtu);
1388 } else if (in6_dev->cnf.mtu6 != mtu) {
1389 in6_dev->cnf.mtu6 = mtu;
1390
1391 if (rt)
1392 dst_metric_set(&rt->dst, RTAX_MTU, mtu);
1393
1394 rt6_mtu_change(skb->dev, mtu);
1395 }
1396 }
1397
1398 if (ndopts.nd_useropts) {
1399 struct nd_opt_hdr *p;
1400 for (p = ndopts.nd_useropts;
1401 p;
1402 p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) {
1403 ndisc_ra_useropt(skb, p);
1404 }
1405 }
1406
1407 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1408 ND_PRINTK2(KERN_WARNING
1409 "ICMPv6 RA: invalid RA options");
1410 }
1411out:
1412 if (rt)
1413 dst_release(&rt->dst);
1414 else if (neigh)
1415 neigh_release(neigh);
1416}
1417
1418static void ndisc_redirect_rcv(struct sk_buff *skb)
1419{
1420 struct inet6_dev *in6_dev;
1421 struct icmp6hdr *icmph;
1422 const struct in6_addr *dest;
1423 const struct in6_addr *target;
1424 struct neighbour *neigh;
1425 int on_link = 0;
1426 struct ndisc_options ndopts;
1427 int optlen;
1428 u8 *lladdr = NULL;
1429
1430#ifdef CONFIG_IPV6_NDISC_NODETYPE
1431 switch (skb->ndisc_nodetype) {
1432 case NDISC_NODETYPE_HOST:
1433 case NDISC_NODETYPE_NODEFAULT:
1434 ND_PRINTK2(KERN_WARNING
1435 "ICMPv6 Redirect: from host or unauthorized router\n");
1436 return;
1437 }
1438#endif
1439
1440 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1441 ND_PRINTK2(KERN_WARNING
1442 "ICMPv6 Redirect: source address is not link-local.\n");
1443 return;
1444 }
1445
1446 optlen = skb->tail - skb->transport_header;
1447 optlen -= sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1448
1449 if (optlen < 0) {
1450 ND_PRINTK2(KERN_WARNING
1451 "ICMPv6 Redirect: packet too short\n");
1452 return;
1453 }
1454
1455 icmph = icmp6_hdr(skb);
1456 target = (const struct in6_addr *) (icmph + 1);
1457 dest = target + 1;
1458
1459 if (ipv6_addr_is_multicast(dest)) {
1460 ND_PRINTK2(KERN_WARNING
1461 "ICMPv6 Redirect: destination address is multicast.\n");
1462 return;
1463 }
1464
1465 if (ipv6_addr_equal(dest, target)) {
1466 on_link = 1;
1467 } else if (ipv6_addr_type(target) !=
1468 (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1469 ND_PRINTK2(KERN_WARNING
1470 "ICMPv6 Redirect: target address is not link-local unicast.\n");
1471 return;
1472 }
1473
1474 in6_dev = __in6_dev_get(skb->dev);
1475 if (!in6_dev)
1476 return;
1477 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects)
1478 return;
1479
1480
1481
1482
1483
1484
1485 if (!ndisc_parse_options((u8*)(dest + 1), optlen, &ndopts)) {
1486 ND_PRINTK2(KERN_WARNING
1487 "ICMPv6 Redirect: invalid ND options\n");
1488 return;
1489 }
1490 if (ndopts.nd_opts_tgt_lladdr) {
1491 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr,
1492 skb->dev);
1493 if (!lladdr) {
1494 ND_PRINTK2(KERN_WARNING
1495 "ICMPv6 Redirect: invalid link-layer address length\n");
1496 return;
1497 }
1498 }
1499
1500 neigh = __neigh_lookup(&nd_tbl, target, skb->dev, 1);
1501 if (neigh) {
1502 rt6_redirect(dest, &ipv6_hdr(skb)->daddr,
1503 &ipv6_hdr(skb)->saddr, neigh, lladdr,
1504 on_link);
1505 neigh_release(neigh);
1506 }
1507}
1508
1509void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh,
1510 const struct in6_addr *target)
1511{
1512 struct net_device *dev = skb->dev;
1513 struct net *net = dev_net(dev);
1514 struct sock *sk = net->ipv6.ndisc_sk;
1515 int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1516 struct sk_buff *buff;
1517 struct icmp6hdr *icmph;
1518 struct in6_addr saddr_buf;
1519 struct in6_addr *addrp;
1520 struct rt6_info *rt;
1521 struct dst_entry *dst;
1522 struct inet6_dev *idev;
1523 struct flowi6 fl6;
1524 u8 *opt;
1525 int hlen, tlen;
1526 int rd_len;
1527 int err;
1528 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL;
1529
1530 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1531 ND_PRINTK2(KERN_WARNING
1532 "ICMPv6 Redirect: no link-local address on %s\n",
1533 dev->name);
1534 return;
1535 }
1536
1537 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1538 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1539 ND_PRINTK2(KERN_WARNING
1540 "ICMPv6 Redirect: target address is not link-local unicast.\n");
1541 return;
1542 }
1543
1544 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1545 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1546
1547 dst = ip6_route_output(net, NULL, &fl6);
1548 if (dst->error) {
1549 dst_release(dst);
1550 return;
1551 }
1552 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1553 if (IS_ERR(dst))
1554 return;
1555
1556 rt = (struct rt6_info *) dst;
1557
1558 if (rt->rt6i_flags & RTF_GATEWAY) {
1559 ND_PRINTK2(KERN_WARNING
1560 "ICMPv6 Redirect: destination is not a neighbour.\n");
1561 goto release;
1562 }
1563 if (!rt->rt6i_peer)
1564 rt6_bind_peer(rt, 1);
1565 if (!inet_peer_xrlim_allow(rt->rt6i_peer, 1*HZ))
1566 goto release;
1567
1568 if (dev->addr_len) {
1569 read_lock_bh(&neigh->lock);
1570 if (neigh->nud_state & NUD_VALID) {
1571 memcpy(ha_buf, neigh->ha, dev->addr_len);
1572 read_unlock_bh(&neigh->lock);
1573 ha = ha_buf;
1574 len += ndisc_opt_addr_space(dev);
1575 } else
1576 read_unlock_bh(&neigh->lock);
1577 }
1578
1579 rd_len = min_t(unsigned int,
1580 IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8);
1581 rd_len &= ~0x7;
1582 len += rd_len;
1583
1584 hlen = LL_RESERVED_SPACE(dev);
1585 tlen = dev->needed_tailroom;
1586 buff = sock_alloc_send_skb(sk,
1587 (MAX_HEADER + sizeof(struct ipv6hdr) +
1588 len + hlen + tlen),
1589 1, &err);
1590 if (buff == NULL) {
1591 ND_PRINTK0(KERN_ERR
1592 "ICMPv6 Redirect: %s() failed to allocate an skb, err=%d.\n",
1593 __func__, err);
1594 goto release;
1595 }
1596
1597 skb_reserve(buff, hlen);
1598 ip6_nd_hdr(sk, buff, dev, &saddr_buf, &ipv6_hdr(skb)->saddr,
1599 IPPROTO_ICMPV6, len);
1600
1601 skb_set_transport_header(buff, skb_tail_pointer(buff) - buff->data);
1602 skb_put(buff, len);
1603 icmph = icmp6_hdr(buff);
1604
1605 memset(icmph, 0, sizeof(struct icmp6hdr));
1606 icmph->icmp6_type = NDISC_REDIRECT;
1607
1608
1609
1610
1611
1612 addrp = (struct in6_addr *)(icmph + 1);
1613 *addrp = *target;
1614 addrp++;
1615 *addrp = ipv6_hdr(skb)->daddr;
1616
1617 opt = (u8*) (addrp + 1);
1618
1619
1620
1621
1622
1623 if (ha)
1624 opt = ndisc_fill_addr_option(opt, ND_OPT_TARGET_LL_ADDR, ha,
1625 dev->addr_len, dev->type);
1626
1627
1628
1629
1630
1631 memset(opt, 0, 8);
1632 *(opt++) = ND_OPT_REDIRECT_HDR;
1633 *(opt++) = (rd_len >> 3);
1634 opt += 6;
1635
1636 memcpy(opt, ipv6_hdr(skb), rd_len - 8);
1637
1638 icmph->icmp6_cksum = csum_ipv6_magic(&saddr_buf, &ipv6_hdr(skb)->saddr,
1639 len, IPPROTO_ICMPV6,
1640 csum_partial(icmph, len, 0));
1641
1642 skb_dst_set(buff, dst);
1643 rcu_read_lock();
1644 idev = __in6_dev_get(dst->dev);
1645 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
1646 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, buff, NULL, dst->dev,
1647 dst_output);
1648 if (!err) {
1649 ICMP6MSGOUT_INC_STATS(net, idev, NDISC_REDIRECT);
1650 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
1651 }
1652
1653 rcu_read_unlock();
1654 return;
1655
1656release:
1657 dst_release(dst);
1658}
1659
1660static void pndisc_redo(struct sk_buff *skb)
1661{
1662 ndisc_recv_ns(skb);
1663 kfree_skb(skb);
1664}
1665
1666int ndisc_rcv(struct sk_buff *skb)
1667{
1668 struct nd_msg *msg;
1669
1670 if (!pskb_may_pull(skb, skb->len))
1671 return 0;
1672
1673 msg = (struct nd_msg *)skb_transport_header(skb);
1674
1675 __skb_push(skb, skb->data - skb_transport_header(skb));
1676
1677 if (ipv6_hdr(skb)->hop_limit != 255) {
1678 ND_PRINTK2(KERN_WARNING
1679 "ICMPv6 NDISC: invalid hop-limit: %d\n",
1680 ipv6_hdr(skb)->hop_limit);
1681 return 0;
1682 }
1683
1684 if (msg->icmph.icmp6_code != 0) {
1685 ND_PRINTK2(KERN_WARNING
1686 "ICMPv6 NDISC: invalid ICMPv6 code: %d\n",
1687 msg->icmph.icmp6_code);
1688 return 0;
1689 }
1690
1691 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1692
1693 switch (msg->icmph.icmp6_type) {
1694 case NDISC_NEIGHBOUR_SOLICITATION:
1695 ndisc_recv_ns(skb);
1696 break;
1697
1698 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1699 ndisc_recv_na(skb);
1700 break;
1701
1702 case NDISC_ROUTER_SOLICITATION:
1703 ndisc_recv_rs(skb);
1704 break;
1705
1706 case NDISC_ROUTER_ADVERTISEMENT:
1707 ndisc_router_discovery(skb);
1708 break;
1709
1710 case NDISC_REDIRECT:
1711 ndisc_redirect_rcv(skb);
1712 break;
1713 }
1714
1715 return 0;
1716}
1717
1718static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1719{
1720 struct net_device *dev = ptr;
1721 struct net *net = dev_net(dev);
1722
1723 switch (event) {
1724 case NETDEV_CHANGEADDR:
1725 neigh_changeaddr(&nd_tbl, dev);
1726 fib6_run_gc(~0UL, net);
1727 break;
1728 case NETDEV_DOWN:
1729 neigh_ifdown(&nd_tbl, dev);
1730 fib6_run_gc(~0UL, net);
1731 break;
1732 case NETDEV_NOTIFY_PEERS:
1733 ndisc_send_unsol_na(dev);
1734 break;
1735 default:
1736 break;
1737 }
1738
1739 return NOTIFY_DONE;
1740}
1741
1742static struct notifier_block ndisc_netdev_notifier = {
1743 .notifier_call = ndisc_netdev_event,
1744};
1745
1746#ifdef CONFIG_SYSCTL
1747static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1748 const char *func, const char *dev_name)
1749{
1750 static char warncomm[TASK_COMM_LEN];
1751 static int warned;
1752 if (strcmp(warncomm, current->comm) && warned < 5) {
1753 strcpy(warncomm, current->comm);
1754 printk(KERN_WARNING
1755 "process `%s' is using deprecated sysctl (%s) "
1756 "net.ipv6.neigh.%s.%s; "
1757 "Use net.ipv6.neigh.%s.%s_ms "
1758 "instead.\n",
1759 warncomm, func,
1760 dev_name, ctl->procname,
1761 dev_name, ctl->procname);
1762 warned++;
1763 }
1764}
1765
1766int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
1767{
1768 struct net_device *dev = ctl->extra1;
1769 struct inet6_dev *idev;
1770 int ret;
1771
1772 if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1773 (strcmp(ctl->procname, "base_reachable_time") == 0))
1774 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1775
1776 if (strcmp(ctl->procname, "retrans_time") == 0)
1777 ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
1778
1779 else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1780 ret = proc_dointvec_jiffies(ctl, write,
1781 buffer, lenp, ppos);
1782
1783 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1784 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1785 ret = proc_dointvec_ms_jiffies(ctl, write,
1786 buffer, lenp, ppos);
1787 else
1788 ret = -1;
1789
1790 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1791 if (ctl->data == &idev->nd_parms->base_reachable_time)
1792 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time);
1793 idev->tstamp = jiffies;
1794 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1795 in6_dev_put(idev);
1796 }
1797 return ret;
1798}
1799
1800
1801#endif
1802
1803static int __net_init ndisc_net_init(struct net *net)
1804{
1805 struct ipv6_pinfo *np;
1806 struct sock *sk;
1807 int err;
1808
1809 err = inet_ctl_sock_create(&sk, PF_INET6,
1810 SOCK_RAW, IPPROTO_ICMPV6, net);
1811 if (err < 0) {
1812 ND_PRINTK0(KERN_ERR
1813 "ICMPv6 NDISC: Failed to initialize the control socket (err %d).\n",
1814 err);
1815 return err;
1816 }
1817
1818 net->ipv6.ndisc_sk = sk;
1819
1820 np = inet6_sk(sk);
1821 np->hop_limit = 255;
1822
1823 np->mc_loop = 0;
1824
1825 return 0;
1826}
1827
1828static void __net_exit ndisc_net_exit(struct net *net)
1829{
1830 inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1831}
1832
1833static struct pernet_operations ndisc_net_ops = {
1834 .init = ndisc_net_init,
1835 .exit = ndisc_net_exit,
1836};
1837
1838int __init ndisc_init(void)
1839{
1840 int err;
1841
1842 err = register_pernet_subsys(&ndisc_net_ops);
1843 if (err)
1844 return err;
1845
1846
1847
1848 neigh_table_init(&nd_tbl);
1849
1850#ifdef CONFIG_SYSCTL
1851 err = neigh_sysctl_register(NULL, &nd_tbl.parms, "ipv6",
1852 &ndisc_ifinfo_sysctl_change);
1853 if (err)
1854 goto out_unregister_pernet;
1855#endif
1856 err = register_netdevice_notifier(&ndisc_netdev_notifier);
1857 if (err)
1858 goto out_unregister_sysctl;
1859out:
1860 return err;
1861
1862out_unregister_sysctl:
1863#ifdef CONFIG_SYSCTL
1864 neigh_sysctl_unregister(&nd_tbl.parms);
1865out_unregister_pernet:
1866#endif
1867 unregister_pernet_subsys(&ndisc_net_ops);
1868 goto out;
1869}
1870
1871void ndisc_cleanup(void)
1872{
1873 unregister_netdevice_notifier(&ndisc_netdev_notifier);
1874#ifdef CONFIG_SYSCTL
1875 neigh_sysctl_unregister(&nd_tbl.parms);
1876#endif
1877 neigh_table_clear(&nd_tbl);
1878 unregister_pernet_subsys(&ndisc_net_ops);
1879}
1880
