projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
ipv6: Introduce ipv6_addr_is_solict_mult() to check Solicited Node Multicast Addresses.
[deliverable/linux.git] / net / ipv6 / ndisc.c
1 /*
2 * Neighbour Discovery for IPv6
3 * Linux INET6 implementation
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 * Mike Shaver <shaver@ingenia.com>
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version
12 * 2 of the License, or (at your option) any later version.
13 */
14
15 /*
16 * Changes:
17 *
18 * Alexey I. Froloff : RFC6106 (DNSSL) support
19 * Pierre Ynard : export userland ND options
20 * through netlink (RDNSS support)
21 * Lars Fenneberg : fixed MTU setting on receipt
22 * of an RA.
23 * Janos Farkas : kmalloc failure checks
24 * Alexey Kuznetsov : state machine reworked
25 * and moved to net/core.
26 * Pekka Savola : RFC2461 validation
27 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly
28 */
29
30 #define pr_fmt(fmt) "ICMPv6: " fmt
31
32 #include <linux/module.h>
33 #include <linux/errno.h>
34 #include <linux/types.h>
35 #include <linux/socket.h>
36 #include <linux/sockios.h>
37 #include <linux/sched.h>
38 #include <linux/net.h>
39 #include <linux/in6.h>
40 #include <linux/route.h>
41 #include <linux/init.h>
42 #include <linux/rcupdate.h>
43 #include <linux/slab.h>
44 #ifdef CONFIG_SYSCTL
45 #include <linux/sysctl.h>
46 #endif
47
48 #include <linux/if_addr.h>
49 #include <linux/if_arp.h>
50 #include <linux/ipv6.h>
51 #include <linux/icmpv6.h>
52 #include <linux/jhash.h>
53
54 #include <net/sock.h>
55 #include <net/snmp.h>
56
57 #include <net/ipv6.h>
58 #include <net/protocol.h>
59 #include <net/ndisc.h>
60 #include <net/ip6_route.h>
61 #include <net/addrconf.h>
62 #include <net/icmp.h>
63
64 #include <net/netlink.h>
65 #include <linux/rtnetlink.h>
66
67 #include <net/flow.h>
68 #include <net/ip6_checksum.h>
69 #include <net/inet_common.h>
70 #include <linux/proc_fs.h>
71
72 #include <linux/netfilter.h>
73 #include <linux/netfilter_ipv6.h>
74
75 /* Set to 3 to get tracing... */
76 #define ND_DEBUG 1
77
78 #define ND_PRINTK(val, level, fmt, ...) \
79 do { \
80 if (val <= ND_DEBUG) \
81 net_##level##_ratelimited(fmt, ##__VA_ARGS__); \
82 } while (0)
83
84 static u32 ndisc_hash(const void *pkey,
85 const struct net_device *dev,
86 __u32 *hash_rnd);
87 static int ndisc_constructor(struct neighbour *neigh);
88 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
89 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
90 static int pndisc_constructor(struct pneigh_entry *n);
91 static void pndisc_destructor(struct pneigh_entry *n);
92 static void pndisc_redo(struct sk_buff *skb);
93
94 static const struct neigh_ops ndisc_generic_ops = {
95 .family = AF_INET6,
96 .solicit = ndisc_solicit,
97 .error_report = ndisc_error_report,
98 .output = neigh_resolve_output,
99 .connected_output = neigh_connected_output,
100 };
101
102 static const struct neigh_ops ndisc_hh_ops = {
103 .family = AF_INET6,
104 .solicit = ndisc_solicit,
105 .error_report = ndisc_error_report,
106 .output = neigh_resolve_output,
107 .connected_output = neigh_resolve_output,
108 };
109
110
111 static const struct neigh_ops ndisc_direct_ops = {
112 .family = AF_INET6,
113 .output = neigh_direct_output,
114 .connected_output = neigh_direct_output,
115 };
116
117 struct neigh_table nd_tbl = {
118 .family = AF_INET6,
119 .key_len = sizeof(struct in6_addr),
120 .hash = ndisc_hash,
121 .constructor = ndisc_constructor,
122 .pconstructor = pndisc_constructor,
123 .pdestructor = pndisc_destructor,
124 .proxy_redo = pndisc_redo,
125 .id = "ndisc_cache",
126 .parms = {
127 .tbl = &nd_tbl,
128 .base_reachable_time = ND_REACHABLE_TIME,
129 .retrans_time = ND_RETRANS_TIMER,
130 .gc_staletime = 60 * HZ,
131 .reachable_time = ND_REACHABLE_TIME,
132 .delay_probe_time = 5 * HZ,
133 .queue_len_bytes = 64*1024,
134 .ucast_probes = 3,
135 .mcast_probes = 3,
136 .anycast_delay = 1 * HZ,
137 .proxy_delay = (8 * HZ) / 10,
138 .proxy_qlen = 64,
139 },
140 .gc_interval = 30 * HZ,
141 .gc_thresh1 = 128,
142 .gc_thresh2 = 512,
143 .gc_thresh3 = 1024,
144 };
145
146 static inline int ndisc_opt_addr_space(struct net_device *dev)
147 {
148 return NDISC_OPT_SPACE(dev->addr_len + ndisc_addr_option_pad(dev->type));
149 }
150
151 static u8 *ndisc_fill_addr_option(u8 *opt, int type, void *data, int data_len,
152 unsigned short addr_type)
153 {
154 int pad = ndisc_addr_option_pad(addr_type);
155 int space = NDISC_OPT_SPACE(data_len + pad);
156
157 opt[0] = type;
158 opt[1] = space>>3;
159
160 memset(opt + 2, 0, pad);
161 opt += pad;
162 space -= pad;
163
164 memcpy(opt+2, data, data_len);
165 data_len += 2;
166 opt += data_len;
167 if ((space -= data_len) > 0)
168 memset(opt, 0, space);
169 return opt + space;
170 }
171
172 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
173 struct nd_opt_hdr *end)
174 {
175 int type;
176 if (!cur || !end || cur >= end)
177 return NULL;
178 type = cur->nd_opt_type;
179 do {
180 cur = ((void *)cur) + (cur->nd_opt_len << 3);
181 } while(cur < end && cur->nd_opt_type != type);
182 return cur <= end && cur->nd_opt_type == type ? cur : NULL;
183 }
184
185 static inline int ndisc_is_useropt(struct nd_opt_hdr *opt)
186 {
187 return opt->nd_opt_type == ND_OPT_RDNSS ||
188 opt->nd_opt_type == ND_OPT_DNSSL;
189 }
190
191 static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur,
192 struct nd_opt_hdr *end)
193 {
194 if (!cur || !end || cur >= end)
195 return NULL;
196 do {
197 cur = ((void *)cur) + (cur->nd_opt_len << 3);
198 } while(cur < end && !ndisc_is_useropt(cur));
199 return cur <= end && ndisc_is_useropt(cur) ? cur : NULL;
200 }
201
202 struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
203 struct ndisc_options *ndopts)
204 {
205 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
206
207 if (!nd_opt || opt_len < 0 || !ndopts)
208 return NULL;
209 memset(ndopts, 0, sizeof(*ndopts));
210 while (opt_len) {
211 int l;
212 if (opt_len < sizeof(struct nd_opt_hdr))
213 return NULL;
214 l = nd_opt->nd_opt_len << 3;
215 if (opt_len < l || l == 0)
216 return NULL;
217 switch (nd_opt->nd_opt_type) {
218 case ND_OPT_SOURCE_LL_ADDR:
219 case ND_OPT_TARGET_LL_ADDR:
220 case ND_OPT_MTU:
221 case ND_OPT_REDIRECT_HDR:
222 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
223 ND_PRINTK(2, warn,
224 "%s: duplicated ND6 option found: type=%d\n",
225 __func__, nd_opt->nd_opt_type);
226 } else {
227 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
228 }
229 break;
230 case ND_OPT_PREFIX_INFO:
231 ndopts->nd_opts_pi_end = nd_opt;
232 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
233 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
234 break;
235 #ifdef CONFIG_IPV6_ROUTE_INFO
236 case ND_OPT_ROUTE_INFO:
237 ndopts->nd_opts_ri_end = nd_opt;
238 if (!ndopts->nd_opts_ri)
239 ndopts->nd_opts_ri = nd_opt;
240 break;
241 #endif
242 default:
243 if (ndisc_is_useropt(nd_opt)) {
244 ndopts->nd_useropts_end = nd_opt;
245 if (!ndopts->nd_useropts)
246 ndopts->nd_useropts = nd_opt;
247 } else {
248 /*
249 * Unknown options must be silently ignored,
250 * to accommodate future extension to the
251 * protocol.
252 */
253 ND_PRINTK(2, notice,
254 "%s: ignored unsupported option; type=%d, len=%d\n",
255 __func__,
256 nd_opt->nd_opt_type,
257 nd_opt->nd_opt_len);
258 }
259 }
260 opt_len -= l;
261 nd_opt = ((void *)nd_opt) + l;
262 }
263 return ndopts;
264 }
265
266 int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
267 {
268 switch (dev->type) {
269 case ARPHRD_ETHER:
270 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */
271 case ARPHRD_FDDI:
272 ipv6_eth_mc_map(addr, buf);
273 return 0;
274 case ARPHRD_ARCNET:
275 ipv6_arcnet_mc_map(addr, buf);
276 return 0;
277 case ARPHRD_INFINIBAND:
278 ipv6_ib_mc_map(addr, dev->broadcast, buf);
279 return 0;
280 case ARPHRD_IPGRE:
281 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
282 default:
283 if (dir) {
284 memcpy(buf, dev->broadcast, dev->addr_len);
285 return 0;
286 }
287 }
288 return -EINVAL;
289 }
290
291 EXPORT_SYMBOL(ndisc_mc_map);
292
293 static u32 ndisc_hash(const void *pkey,
294 const struct net_device *dev,
295 __u32 *hash_rnd)
296 {
297 return ndisc_hashfn(pkey, dev, hash_rnd);
298 }
299
300 static int ndisc_constructor(struct neighbour *neigh)
301 {
302 struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key;
303 struct net_device *dev = neigh->dev;
304 struct inet6_dev *in6_dev;
305 struct neigh_parms *parms;
306 bool is_multicast = ipv6_addr_is_multicast(addr);
307
308 in6_dev = in6_dev_get(dev);
309 if (in6_dev == NULL) {
310 return -EINVAL;
311 }
312
313 parms = in6_dev->nd_parms;
314 __neigh_parms_put(neigh->parms);
315 neigh->parms = neigh_parms_clone(parms);
316
317 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
318 if (!dev->header_ops) {
319 neigh->nud_state = NUD_NOARP;
320 neigh->ops = &ndisc_direct_ops;
321 neigh->output = neigh_direct_output;
322 } else {
323 if (is_multicast) {
324 neigh->nud_state = NUD_NOARP;
325 ndisc_mc_map(addr, neigh->ha, dev, 1);
326 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
327 neigh->nud_state = NUD_NOARP;
328 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
329 if (dev->flags&IFF_LOOPBACK)
330 neigh->type = RTN_LOCAL;
331 } else if (dev->flags&IFF_POINTOPOINT) {
332 neigh->nud_state = NUD_NOARP;
333 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
334 }
335 if (dev->header_ops->cache)
336 neigh->ops = &ndisc_hh_ops;
337 else
338 neigh->ops = &ndisc_generic_ops;
339 if (neigh->nud_state&NUD_VALID)
340 neigh->output = neigh->ops->connected_output;
341 else
342 neigh->output = neigh->ops->output;
343 }
344 in6_dev_put(in6_dev);
345 return 0;
346 }
347
348 static int pndisc_constructor(struct pneigh_entry *n)
349 {
350 struct in6_addr *addr = (struct in6_addr*)&n->key;
351 struct in6_addr maddr;
352 struct net_device *dev = n->dev;
353
354 if (dev == NULL || __in6_dev_get(dev) == NULL)
355 return -EINVAL;
356 addrconf_addr_solict_mult(addr, &maddr);
357 ipv6_dev_mc_inc(dev, &maddr);
358 return 0;
359 }
360
361 static void pndisc_destructor(struct pneigh_entry *n)
362 {
363 struct in6_addr *addr = (struct in6_addr*)&n->key;
364 struct in6_addr maddr;
365 struct net_device *dev = n->dev;
366
367 if (dev == NULL || __in6_dev_get(dev) == NULL)
368 return;
369 addrconf_addr_solict_mult(addr, &maddr);
370 ipv6_dev_mc_dec(dev, &maddr);
371 }
372
373 static struct sk_buff *ndisc_build_skb(struct net_device *dev,
374 const struct in6_addr *daddr,
375 const struct in6_addr *saddr,
376 struct icmp6hdr *icmp6h,
377 const struct in6_addr *target,
378 int llinfo)
379 {
380 struct net *net = dev_net(dev);
381 struct sock *sk = net->ipv6.ndisc_sk;
382 struct sk_buff *skb;
383 struct icmp6hdr *hdr;
384 int hlen = LL_RESERVED_SPACE(dev);
385 int tlen = dev->needed_tailroom;
386 int len;
387 int err;
388 u8 *opt;
389
390 if (!dev->addr_len)
391 llinfo = 0;
392
393 len = sizeof(struct icmp6hdr) + (target ? sizeof(*target) : 0);
394 if (llinfo)
395 len += ndisc_opt_addr_space(dev);
396
397 skb = sock_alloc_send_skb(sk,
398 (sizeof(struct ipv6hdr) +
399 len + hlen + tlen),
400 1, &err);
401 if (!skb) {
402 ND_PRINTK(0, err, "ND: %s failed to allocate an skb, err=%d\n",
403 __func__, err);
404 return NULL;
405 }
406
407 skb_reserve(skb, hlen);
408 ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len);
409
410 skb->transport_header = skb->tail;
411 skb_put(skb, len);
412
413 hdr = (struct icmp6hdr *)skb_transport_header(skb);
414 memcpy(hdr, icmp6h, sizeof(*hdr));
415
416 opt = skb_transport_header(skb) + sizeof(struct icmp6hdr);
417 if (target) {
418 *(struct in6_addr *)opt = *target;
419 opt += sizeof(*target);
420 }
421
422 if (llinfo)
423 ndisc_fill_addr_option(opt, llinfo, dev->dev_addr,
424 dev->addr_len, dev->type);
425
426 hdr->icmp6_cksum = csum_ipv6_magic(saddr, daddr, len,
427 IPPROTO_ICMPV6,
428 csum_partial(hdr,
429 len, 0));
430
431 return skb;
432 }
433
434 static void ndisc_send_skb(struct sk_buff *skb, struct net_device *dev,
435 const struct in6_addr *daddr,
436 const struct in6_addr *saddr,
437 struct icmp6hdr *icmp6h)
438 {
439 struct flowi6 fl6;
440 struct dst_entry *dst;
441 struct net *net = dev_net(dev);
442 struct sock *sk = net->ipv6.ndisc_sk;
443 struct inet6_dev *idev;
444 int err;
445 u8 type;
446
447 type = icmp6h->icmp6_type;
448
449 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, dev->ifindex);
450 dst = icmp6_dst_alloc(dev, &fl6);
451 if (IS_ERR(dst)) {
452 kfree_skb(skb);
453 return;
454 }
455
456 skb_dst_set(skb, dst);
457
458 rcu_read_lock();
459 idev = __in6_dev_get(dst->dev);
460 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
461
462 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev,
463 dst_output);
464 if (!err) {
465 ICMP6MSGOUT_INC_STATS(net, idev, type);
466 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
467 }
468
469 rcu_read_unlock();
470 }
471
472 /*
473 * Send a Neighbour Discover packet
474 */
475 static void __ndisc_send(struct net_device *dev,
476 const struct in6_addr *daddr,
477 const struct in6_addr *saddr,
478 struct icmp6hdr *icmp6h, const struct in6_addr *target,
479 int llinfo)
480 {
481 struct sk_buff *skb;
482
483 skb = ndisc_build_skb(dev, daddr, saddr, icmp6h, target, llinfo);
484 if (!skb)
485 return;
486
487 ndisc_send_skb(skb, dev, daddr, saddr, icmp6h);
488 }
489
490 static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
491 const struct in6_addr *daddr,
492 const struct in6_addr *solicited_addr,
493 int router, int solicited, int override, int inc_opt)
494 {
495 struct in6_addr tmpaddr;
496 struct inet6_ifaddr *ifp;
497 const struct in6_addr *src_addr;
498 struct icmp6hdr icmp6h = {
499 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
500 };
501
502 /* for anycast or proxy, solicited_addr != src_addr */
503 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
504 if (ifp) {
505 src_addr = solicited_addr;
506 if (ifp->flags & IFA_F_OPTIMISTIC)
507 override = 0;
508 inc_opt |= ifp->idev->cnf.force_tllao;
509 in6_ifa_put(ifp);
510 } else {
511 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
512 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
513 &tmpaddr))
514 return;
515 src_addr = &tmpaddr;
516 }
517
518 icmp6h.icmp6_router = router;
519 icmp6h.icmp6_solicited = solicited;
520 icmp6h.icmp6_override = override;
521
522 __ndisc_send(dev, daddr, src_addr, &icmp6h, solicited_addr,
523 inc_opt ? ND_OPT_TARGET_LL_ADDR : 0);
524 }
525
526 static void ndisc_send_unsol_na(struct net_device *dev)
527 {
528 struct inet6_dev *idev;
529 struct inet6_ifaddr *ifa;
530
531 idev = in6_dev_get(dev);
532 if (!idev)
533 return;
534
535 read_lock_bh(&idev->lock);
536 list_for_each_entry(ifa, &idev->addr_list, if_list) {
537 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &ifa->addr,
538 /*router=*/ !!idev->cnf.forwarding,
539 /*solicited=*/ false, /*override=*/ true,
540 /*inc_opt=*/ true);
541 }
542 read_unlock_bh(&idev->lock);
543
544 in6_dev_put(idev);
545 }
546
547 void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh,
548 const struct in6_addr *solicit,
549 const struct in6_addr *daddr, const struct in6_addr *saddr)
550 {
551 struct in6_addr addr_buf;
552 struct icmp6hdr icmp6h = {
553 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
554 };
555
556 if (saddr == NULL) {
557 if (ipv6_get_lladdr(dev, &addr_buf,
558 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
559 return;
560 saddr = &addr_buf;
561 }
562
563 __ndisc_send(dev, daddr, saddr, &icmp6h, solicit,
564 !ipv6_addr_any(saddr) ? ND_OPT_SOURCE_LL_ADDR : 0);
565 }
566
567 void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
568 const struct in6_addr *daddr)
569 {
570 struct icmp6hdr icmp6h = {
571 .icmp6_type = NDISC_ROUTER_SOLICITATION,
572 };
573 int send_sllao = dev->addr_len;
574
575 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
576 /*
577 * According to section 2.2 of RFC 4429, we must not
578 * send router solicitations with a sllao from
579 * optimistic addresses, but we may send the solicitation
580 * if we don't include the sllao. So here we check
581 * if our address is optimistic, and if so, we
582 * suppress the inclusion of the sllao.
583 */
584 if (send_sllao) {
585 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
586 dev, 1);
587 if (ifp) {
588 if (ifp->flags & IFA_F_OPTIMISTIC) {
589 send_sllao = 0;
590 }
591 in6_ifa_put(ifp);
592 } else {
593 send_sllao = 0;
594 }
595 }
596 #endif
597 __ndisc_send(dev, daddr, saddr, &icmp6h, NULL,
598 send_sllao ? ND_OPT_SOURCE_LL_ADDR : 0);
599 }
600
601
602 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
603 {
604 /*
605 * "The sender MUST return an ICMP
606 * destination unreachable"
607 */
608 dst_link_failure(skb);
609 kfree_skb(skb);
610 }
611
612 /* Called with locked neigh: either read or both */
613
614 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
615 {
616 struct in6_addr *saddr = NULL;
617 struct in6_addr mcaddr;
618 struct net_device *dev = neigh->dev;
619 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
620 int probes = atomic_read(&neigh->probes);
621
622 if (skb && ipv6_chk_addr(dev_net(dev), &ipv6_hdr(skb)->saddr, dev, 1))
623 saddr = &ipv6_hdr(skb)->saddr;
624
625 if ((probes -= neigh->parms->ucast_probes) < 0) {
626 if (!(neigh->nud_state & NUD_VALID)) {
627 ND_PRINTK(1, dbg,
628 "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
629 __func__, target);
630 }
631 ndisc_send_ns(dev, neigh, target, target, saddr);
632 } else if ((probes -= neigh->parms->app_probes) < 0) {
633 #ifdef CONFIG_ARPD
634 neigh_app_ns(neigh);
635 #endif
636 } else {
637 addrconf_addr_solict_mult(target, &mcaddr);
638 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr);
639 }
640 }
641
642 static int pndisc_is_router(const void *pkey,
643 struct net_device *dev)
644 {
645 struct pneigh_entry *n;
646 int ret = -1;
647
648 read_lock_bh(&nd_tbl.lock);
649 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
650 if (n)
651 ret = !!(n->flags & NTF_ROUTER);
652 read_unlock_bh(&nd_tbl.lock);
653
654 return ret;
655 }
656
657 static void ndisc_recv_ns(struct sk_buff *skb)
658 {
659 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
660 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
661 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
662 u8 *lladdr = NULL;
663 u32 ndoptlen = skb->tail - (skb->transport_header +
664 offsetof(struct nd_msg, opt));
665 struct ndisc_options ndopts;
666 struct net_device *dev = skb->dev;
667 struct inet6_ifaddr *ifp;
668 struct inet6_dev *idev = NULL;
669 struct neighbour *neigh;
670 int dad = ipv6_addr_any(saddr);
671 bool inc;
672 int is_router = -1;
673
674 if (skb->len < sizeof(struct nd_msg)) {
675 ND_PRINTK(2, warn, "NS: packet too short\n");
676 return;
677 }
678
679 if (ipv6_addr_is_multicast(&msg->target)) {
680 ND_PRINTK(2, warn, "NS: multicast target address\n");
681 return;
682 }
683
684 /*
685 * RFC2461 7.1.1:
686 * DAD has to be destined for solicited node multicast address.
687 */
688 if (dad && !ipv6_addr_is_solict_mult(daddr)) {
689 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
690 return;
691 }
692
693 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
694 ND_PRINTK(2, warn, "NS: invalid ND options\n");
695 return;
696 }
697
698 if (ndopts.nd_opts_src_lladdr) {
699 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
700 if (!lladdr) {
701 ND_PRINTK(2, warn,
702 "NS: invalid link-layer address length\n");
703 return;
704 }
705
706 /* RFC2461 7.1.1:
707 * If the IP source address is the unspecified address,
708 * there MUST NOT be source link-layer address option
709 * in the message.
710 */
711 if (dad) {
712 ND_PRINTK(2, warn,
713 "NS: bad DAD packet (link-layer address option)\n");
714 return;
715 }
716 }
717
718 inc = ipv6_addr_is_multicast(daddr);
719
720 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
721 if (ifp) {
722
723 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
724 if (dad) {
725 /*
726 * We are colliding with another node
727 * who is doing DAD
728 * so fail our DAD process
729 */
730 addrconf_dad_failure(ifp);
731 return;
732 } else {
733 /*
734 * This is not a dad solicitation.
735 * If we are an optimistic node,
736 * we should respond.
737 * Otherwise, we should ignore it.
738 */
739 if (!(ifp->flags & IFA_F_OPTIMISTIC))
740 goto out;
741 }
742 }
743
744 idev = ifp->idev;
745 } else {
746 struct net *net = dev_net(dev);
747
748 idev = in6_dev_get(dev);
749 if (!idev) {
750 /* XXX: count this drop? */
751 return;
752 }
753
754 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
755 (idev->cnf.forwarding &&
756 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
757 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
758 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
759 skb->pkt_type != PACKET_HOST &&
760 inc != 0 &&
761 idev->nd_parms->proxy_delay != 0) {
762 /*
763 * for anycast or proxy,
764 * sender should delay its response
765 * by a random time between 0 and
766 * MAX_ANYCAST_DELAY_TIME seconds.
767 * (RFC2461) -- yoshfuji
768 */
769 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
770 if (n)
771 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
772 goto out;
773 }
774 } else
775 goto out;
776 }
777
778 if (is_router < 0)
779 is_router = !!idev->cnf.forwarding;
780
781 if (dad) {
782 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &msg->target,
783 is_router, 0, (ifp != NULL), 1);
784 goto out;
785 }
786
787 if (inc)
788 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
789 else
790 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
791
792 /*
793 * update / create cache entry
794 * for the source address
795 */
796 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
797 !inc || lladdr || !dev->addr_len);
798 if (neigh)
799 neigh_update(neigh, lladdr, NUD_STALE,
800 NEIGH_UPDATE_F_WEAK_OVERRIDE|
801 NEIGH_UPDATE_F_OVERRIDE);
802 if (neigh || !dev->header_ops) {
803 ndisc_send_na(dev, neigh, saddr, &msg->target,
804 is_router,
805 1, (ifp != NULL && inc), inc);
806 if (neigh)
807 neigh_release(neigh);
808 }
809
810 out:
811 if (ifp)
812 in6_ifa_put(ifp);
813 else
814 in6_dev_put(idev);
815 }
816
817 static void ndisc_recv_na(struct sk_buff *skb)
818 {
819 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
820 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
821 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
822 u8 *lladdr = NULL;
823 u32 ndoptlen = skb->tail - (skb->transport_header +
824 offsetof(struct nd_msg, opt));
825 struct ndisc_options ndopts;
826 struct net_device *dev = skb->dev;
827 struct inet6_ifaddr *ifp;
828 struct neighbour *neigh;
829
830 if (skb->len < sizeof(struct nd_msg)) {
831 ND_PRINTK(2, warn, "NA: packet too short\n");
832 return;
833 }
834
835 if (ipv6_addr_is_multicast(&msg->target)) {
836 ND_PRINTK(2, warn, "NA: target address is multicast\n");
837 return;
838 }
839
840 if (ipv6_addr_is_multicast(daddr) &&
841 msg->icmph.icmp6_solicited) {
842 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
843 return;
844 }
845
846 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
847 ND_PRINTK(2, warn, "NS: invalid ND option\n");
848 return;
849 }
850 if (ndopts.nd_opts_tgt_lladdr) {
851 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
852 if (!lladdr) {
853 ND_PRINTK(2, warn,
854 "NA: invalid link-layer address length\n");
855 return;
856 }
857 }
858 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
859 if (ifp) {
860 if (skb->pkt_type != PACKET_LOOPBACK
861 && (ifp->flags & IFA_F_TENTATIVE)) {
862 addrconf_dad_failure(ifp);
863 return;
864 }
865 /* What should we make now? The advertisement
866 is invalid, but ndisc specs say nothing
867 about it. It could be misconfiguration, or
868 an smart proxy agent tries to help us :-)
869
870 We should not print the error if NA has been
871 received from loopback - it is just our own
872 unsolicited advertisement.
873 */
874 if (skb->pkt_type != PACKET_LOOPBACK)
875 ND_PRINTK(1, warn,
876 "NA: someone advertises our address %pI6 on %s!\n",
877 &ifp->addr, ifp->idev->dev->name);
878 in6_ifa_put(ifp);
879 return;
880 }
881 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
882
883 if (neigh) {
884 u8 old_flags = neigh->flags;
885 struct net *net = dev_net(dev);
886
887 if (neigh->nud_state & NUD_FAILED)
888 goto out;
889
890 /*
891 * Don't update the neighbor cache entry on a proxy NA from
892 * ourselves because either the proxied node is off link or it
893 * has already sent a NA to us.
894 */
895 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
896 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
897 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
898 /* XXX: idev->cnf.proxy_ndp */
899 goto out;
900 }
901
902 neigh_update(neigh, lladdr,
903 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
904 NEIGH_UPDATE_F_WEAK_OVERRIDE|
905 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
906 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
907 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0));
908
909 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
910 /*
911 * Change: router to host
912 */
913 struct rt6_info *rt;
914 rt = rt6_get_dflt_router(saddr, dev);
915 if (rt)
916 ip6_del_rt(rt);
917 }
918
919 out:
920 neigh_release(neigh);
921 }
922 }
923
924 static void ndisc_recv_rs(struct sk_buff *skb)
925 {
926 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
927 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
928 struct neighbour *neigh;
929 struct inet6_dev *idev;
930 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
931 struct ndisc_options ndopts;
932 u8 *lladdr = NULL;
933
934 if (skb->len < sizeof(*rs_msg))
935 return;
936
937 idev = __in6_dev_get(skb->dev);
938 if (!idev) {
939 ND_PRINTK(1, err, "RS: can't find in6 device\n");
940 return;
941 }
942
943 /* Don't accept RS if we're not in router mode */
944 if (!idev->cnf.forwarding)
945 goto out;
946
947 /*
948 * Don't update NCE if src = ::;
949 * this implies that the source node has no ip address assigned yet.
950 */
951 if (ipv6_addr_any(saddr))
952 goto out;
953
954 /* Parse ND options */
955 if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) {
956 ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n");
957 goto out;
958 }
959
960 if (ndopts.nd_opts_src_lladdr) {
961 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
962 skb->dev);
963 if (!lladdr)
964 goto out;
965 }
966
967 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
968 if (neigh) {
969 neigh_update(neigh, lladdr, NUD_STALE,
970 NEIGH_UPDATE_F_WEAK_OVERRIDE|
971 NEIGH_UPDATE_F_OVERRIDE|
972 NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
973 neigh_release(neigh);
974 }
975 out:
976 return;
977 }
978
979 static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
980 {
981 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
982 struct sk_buff *skb;
983 struct nlmsghdr *nlh;
984 struct nduseroptmsg *ndmsg;
985 struct net *net = dev_net(ra->dev);
986 int err;
987 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
988 + (opt->nd_opt_len << 3));
989 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
990
991 skb = nlmsg_new(msg_size, GFP_ATOMIC);
992 if (skb == NULL) {
993 err = -ENOBUFS;
994 goto errout;
995 }
996
997 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
998 if (nlh == NULL) {
999 goto nla_put_failure;
1000 }
1001
1002 ndmsg = nlmsg_data(nlh);
1003 ndmsg->nduseropt_family = AF_INET6;
1004 ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1005 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1006 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1007 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1008
1009 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1010
1011 if (nla_put(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr),
1012 &ipv6_hdr(ra)->saddr))
1013 goto nla_put_failure;
1014 nlmsg_end(skb, nlh);
1015
1016 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1017 return;
1018
1019 nla_put_failure:
1020 nlmsg_free(skb);
1021 err = -EMSGSIZE;
1022 errout:
1023 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1024 }
1025
1026 static void ndisc_router_discovery(struct sk_buff *skb)
1027 {
1028 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1029 struct neighbour *neigh = NULL;
1030 struct inet6_dev *in6_dev;
1031 struct rt6_info *rt = NULL;
1032 int lifetime;
1033 struct ndisc_options ndopts;
1034 int optlen;
1035 unsigned int pref = 0;
1036
1037 __u8 * opt = (__u8 *)(ra_msg + 1);
1038
1039 optlen = (skb->tail - skb->transport_header) - sizeof(struct ra_msg);
1040
1041 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1042 ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1043 return;
1044 }
1045 if (optlen < 0) {
1046 ND_PRINTK(2, warn, "RA: packet too short\n");
1047 return;
1048 }
1049
1050 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1051 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1052 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
1053 return;
1054 }
1055 #endif
1056
1057 /*
1058 * set the RA_RECV flag in the interface
1059 */
1060
1061 in6_dev = __in6_dev_get(skb->dev);
1062 if (in6_dev == NULL) {
1063 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1064 skb->dev->name);
1065 return;
1066 }
1067
1068 if (!ndisc_parse_options(opt, optlen, &ndopts)) {
1069 ND_PRINTK(2, warn, "RA: invalid ND options\n");
1070 return;
1071 }
1072
1073 if (!ipv6_accept_ra(in6_dev))
1074 goto skip_linkparms;
1075
1076 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1077 /* skip link-specific parameters from interior routers */
1078 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1079 goto skip_linkparms;
1080 #endif
1081
1082 if (in6_dev->if_flags & IF_RS_SENT) {
1083 /*
1084 * flag that an RA was received after an RS was sent
1085 * out on this interface.
1086 */
1087 in6_dev->if_flags |= IF_RA_RCVD;
1088 }
1089
1090 /*
1091 * Remember the managed/otherconf flags from most recently
1092 * received RA message (RFC 2462) -- yoshfuji
1093 */
1094 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1095 IF_RA_OTHERCONF)) |
1096 (ra_msg->icmph.icmp6_addrconf_managed ?
1097 IF_RA_MANAGED : 0) |
1098 (ra_msg->icmph.icmp6_addrconf_other ?
1099 IF_RA_OTHERCONF : 0);
1100
1101 if (!in6_dev->cnf.accept_ra_defrtr)
1102 goto skip_defrtr;
1103
1104 if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0))
1105 goto skip_defrtr;
1106
1107 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1108
1109 #ifdef CONFIG_IPV6_ROUTER_PREF
1110 pref = ra_msg->icmph.icmp6_router_pref;
1111 /* 10b is handled as if it were 00b (medium) */
1112 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1113 !in6_dev->cnf.accept_ra_rtr_pref)
1114 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1115 #endif
1116
1117 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1118
1119 if (rt) {
1120 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1121 if (!neigh) {
1122 ND_PRINTK(0, err,
1123 "RA: %s got default router without neighbour\n",
1124 __func__);
1125 ip6_rt_put(rt);
1126 return;
1127 }
1128 }
1129 if (rt && lifetime == 0) {
1130 ip6_del_rt(rt);
1131 rt = NULL;
1132 }
1133
1134 if (rt == NULL && lifetime) {
1135 ND_PRINTK(3, dbg, "RA: adding default router\n");
1136
1137 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
1138 if (rt == NULL) {
1139 ND_PRINTK(0, err,
1140 "RA: %s failed to add default route\n",
1141 __func__);
1142 return;
1143 }
1144
1145 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1146 if (neigh == NULL) {
1147 ND_PRINTK(0, err,
1148 "RA: %s got default router without neighbour\n",
1149 __func__);
1150 ip6_rt_put(rt);
1151 return;
1152 }
1153 neigh->flags |= NTF_ROUTER;
1154 } else if (rt) {
1155 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1156 }
1157
1158 if (rt)
1159 rt6_set_expires(rt, jiffies + (HZ * lifetime));
1160 if (ra_msg->icmph.icmp6_hop_limit) {
1161 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1162 if (rt)
1163 dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
1164 ra_msg->icmph.icmp6_hop_limit);
1165 }
1166
1167 skip_defrtr:
1168
1169 /*
1170 * Update Reachable Time and Retrans Timer
1171 */
1172
1173 if (in6_dev->nd_parms) {
1174 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1175
1176 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1177 rtime = (rtime*HZ)/1000;
1178 if (rtime < HZ/10)
1179 rtime = HZ/10;
1180 in6_dev->nd_parms->retrans_time = rtime;
1181 in6_dev->tstamp = jiffies;
1182 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1183 }
1184
1185 rtime = ntohl(ra_msg->reachable_time);
1186 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1187 rtime = (rtime*HZ)/1000;
1188
1189 if (rtime < HZ/10)
1190 rtime = HZ/10;
1191
1192 if (rtime != in6_dev->nd_parms->base_reachable_time) {
1193 in6_dev->nd_parms->base_reachable_time = rtime;
1194 in6_dev->nd_parms->gc_staletime = 3 * rtime;
1195 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1196 in6_dev->tstamp = jiffies;
1197 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1198 }
1199 }
1200 }
1201
1202 skip_linkparms:
1203
1204 /*
1205 * Process options.
1206 */
1207
1208 if (!neigh)
1209 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1210 skb->dev, 1);
1211 if (neigh) {
1212 u8 *lladdr = NULL;
1213 if (ndopts.nd_opts_src_lladdr) {
1214 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1215 skb->dev);
1216 if (!lladdr) {
1217 ND_PRINTK(2, warn,
1218 "RA: invalid link-layer address length\n");
1219 goto out;
1220 }
1221 }
1222 neigh_update(neigh, lladdr, NUD_STALE,
1223 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1224 NEIGH_UPDATE_F_OVERRIDE|
1225 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1226 NEIGH_UPDATE_F_ISROUTER);
1227 }
1228
1229 if (!ipv6_accept_ra(in6_dev))
1230 goto out;
1231
1232 #ifdef CONFIG_IPV6_ROUTE_INFO
1233 if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0))
1234 goto skip_routeinfo;
1235
1236 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1237 struct nd_opt_hdr *p;
1238 for (p = ndopts.nd_opts_ri;
1239 p;
1240 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1241 struct route_info *ri = (struct route_info *)p;
1242 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1243 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1244 ri->prefix_len == 0)
1245 continue;
1246 #endif
1247 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1248 continue;
1249 rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3,
1250 &ipv6_hdr(skb)->saddr);
1251 }
1252 }
1253
1254 skip_routeinfo:
1255 #endif
1256
1257 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1258 /* skip link-specific ndopts from interior routers */
1259 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1260 goto out;
1261 #endif
1262
1263 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1264 struct nd_opt_hdr *p;
1265 for (p = ndopts.nd_opts_pi;
1266 p;
1267 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1268 addrconf_prefix_rcv(skb->dev, (u8 *)p,
1269 (p->nd_opt_len) << 3,
1270 ndopts.nd_opts_src_lladdr != NULL);
1271 }
1272 }
1273
1274 if (ndopts.nd_opts_mtu) {
1275 __be32 n;
1276 u32 mtu;
1277
1278 memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1279 mtu = ntohl(n);
1280
1281 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1282 ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1283 } else if (in6_dev->cnf.mtu6 != mtu) {
1284 in6_dev->cnf.mtu6 = mtu;
1285
1286 if (rt)
1287 dst_metric_set(&rt->dst, RTAX_MTU, mtu);
1288
1289 rt6_mtu_change(skb->dev, mtu);
1290 }
1291 }
1292
1293 if (ndopts.nd_useropts) {
1294 struct nd_opt_hdr *p;
1295 for (p = ndopts.nd_useropts;
1296 p;
1297 p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) {
1298 ndisc_ra_useropt(skb, p);
1299 }
1300 }
1301
1302 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1303 ND_PRINTK(2, warn, "RA: invalid RA options\n");
1304 }
1305 out:
1306 ip6_rt_put(rt);
1307 if (neigh)
1308 neigh_release(neigh);
1309 }
1310
1311 static void ndisc_redirect_rcv(struct sk_buff *skb)
1312 {
1313 u8 *hdr;
1314 struct ndisc_options ndopts;
1315 struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb);
1316 u32 ndoptlen = skb->tail - (skb->transport_header +
1317 offsetof(struct rd_msg, opt));
1318
1319 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1320 switch (skb->ndisc_nodetype) {
1321 case NDISC_NODETYPE_HOST:
1322 case NDISC_NODETYPE_NODEFAULT:
1323 ND_PRINTK(2, warn,
1324 "Redirect: from host or unauthorized router\n");
1325 return;
1326 }
1327 #endif
1328
1329 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1330 ND_PRINTK(2, warn,
1331 "Redirect: source address is not link-local\n");
1332 return;
1333 }
1334
1335 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts))
1336 return;
1337
1338 if (!ndopts.nd_opts_rh)
1339 return;
1340
1341 hdr = (u8 *)ndopts.nd_opts_rh;
1342 hdr += 8;
1343 if (!pskb_pull(skb, hdr - skb_transport_header(skb)))
1344 return;
1345
1346 icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1347 }
1348
1349 void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1350 {
1351 struct net_device *dev = skb->dev;
1352 struct net *net = dev_net(dev);
1353 struct sock *sk = net->ipv6.ndisc_sk;
1354 int len = sizeof(struct rd_msg);
1355 struct inet_peer *peer;
1356 struct sk_buff *buff;
1357 struct rd_msg *msg;
1358 struct in6_addr saddr_buf;
1359 struct rt6_info *rt;
1360 struct dst_entry *dst;
1361 struct inet6_dev *idev;
1362 struct flowi6 fl6;
1363 u8 *opt;
1364 int hlen, tlen;
1365 int rd_len;
1366 int err;
1367 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL;
1368 bool ret;
1369
1370 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1371 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1372 dev->name);
1373 return;
1374 }
1375
1376 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1377 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1378 ND_PRINTK(2, warn,
1379 "Redirect: target address is not link-local unicast\n");
1380 return;
1381 }
1382
1383 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1384 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1385
1386 dst = ip6_route_output(net, NULL, &fl6);
1387 if (dst->error) {
1388 dst_release(dst);
1389 return;
1390 }
1391 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1392 if (IS_ERR(dst))
1393 return;
1394
1395 rt = (struct rt6_info *) dst;
1396
1397 if (rt->rt6i_flags & RTF_GATEWAY) {
1398 ND_PRINTK(2, warn,
1399 "Redirect: destination is not a neighbour\n");
1400 goto release;
1401 }
1402 peer = inet_getpeer_v6(net->ipv6.peers, &rt->rt6i_dst.addr, 1);
1403 ret = inet_peer_xrlim_allow(peer, 1*HZ);
1404 if (peer)
1405 inet_putpeer(peer);
1406 if (!ret)
1407 goto release;
1408
1409 if (dev->addr_len) {
1410 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1411 if (!neigh) {
1412 ND_PRINTK(2, warn,
1413 "Redirect: no neigh for target address\n");
1414 goto release;
1415 }
1416
1417 read_lock_bh(&neigh->lock);
1418 if (neigh->nud_state & NUD_VALID) {
1419 memcpy(ha_buf, neigh->ha, dev->addr_len);
1420 read_unlock_bh(&neigh->lock);
1421 ha = ha_buf;
1422 len += ndisc_opt_addr_space(dev);
1423 } else
1424 read_unlock_bh(&neigh->lock);
1425
1426 neigh_release(neigh);
1427 }
1428
1429 rd_len = min_t(unsigned int,
1430 IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8);
1431 rd_len &= ~0x7;
1432 len += rd_len;
1433
1434 hlen = LL_RESERVED_SPACE(dev);
1435 tlen = dev->needed_tailroom;
1436 buff = sock_alloc_send_skb(sk,
1437 (sizeof(struct ipv6hdr) +
1438 len + hlen + tlen),
1439 1, &err);
1440 if (buff == NULL) {
1441 ND_PRINTK(0, err,
1442 "Redirect: %s failed to allocate an skb, err=%d\n",
1443 __func__, err);
1444 goto release;
1445 }
1446
1447 skb_reserve(buff, hlen);
1448 ip6_nd_hdr(sk, buff, dev, &saddr_buf, &ipv6_hdr(skb)->saddr,
1449 IPPROTO_ICMPV6, len);
1450
1451 skb_set_transport_header(buff, skb_tail_pointer(buff) - buff->data);
1452 skb_put(buff, len);
1453 msg = (struct rd_msg *)icmp6_hdr(buff);
1454
1455 memset(&msg->icmph, 0, sizeof(struct icmp6hdr));
1456 msg->icmph.icmp6_type = NDISC_REDIRECT;
1457
1458 /*
1459 * copy target and destination addresses
1460 */
1461
1462 msg->target = *target;
1463 msg->dest = ipv6_hdr(skb)->daddr;
1464
1465 opt = msg->opt;
1466
1467 /*
1468 * include target_address option
1469 */
1470
1471 if (ha)
1472 opt = ndisc_fill_addr_option(opt, ND_OPT_TARGET_LL_ADDR, ha,
1473 dev->addr_len, dev->type);
1474
1475 /*
1476 * build redirect option and copy skb over to the new packet.
1477 */
1478
1479 memset(opt, 0, 8);
1480 *(opt++) = ND_OPT_REDIRECT_HDR;
1481 *(opt++) = (rd_len >> 3);
1482 opt += 6;
1483
1484 memcpy(opt, ipv6_hdr(skb), rd_len - 8);
1485
1486 msg->icmph.icmp6_cksum = csum_ipv6_magic(&saddr_buf, &ipv6_hdr(skb)->saddr,
1487 len, IPPROTO_ICMPV6,
1488 csum_partial(msg, len, 0));
1489
1490 skb_dst_set(buff, dst);
1491 rcu_read_lock();
1492 idev = __in6_dev_get(dst->dev);
1493 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
1494 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, buff, NULL, dst->dev,
1495 dst_output);
1496 if (!err) {
1497 ICMP6MSGOUT_INC_STATS(net, idev, NDISC_REDIRECT);
1498 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
1499 }
1500
1501 rcu_read_unlock();
1502 return;
1503
1504 release:
1505 dst_release(dst);
1506 }
1507
1508 static void pndisc_redo(struct sk_buff *skb)
1509 {
1510 ndisc_recv_ns(skb);
1511 kfree_skb(skb);
1512 }
1513
1514 int ndisc_rcv(struct sk_buff *skb)
1515 {
1516 struct nd_msg *msg;
1517
1518 if (!pskb_may_pull(skb, skb->len))
1519 return 0;
1520
1521 msg = (struct nd_msg *)skb_transport_header(skb);
1522
1523 __skb_push(skb, skb->data - skb_transport_header(skb));
1524
1525 if (ipv6_hdr(skb)->hop_limit != 255) {
1526 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1527 ipv6_hdr(skb)->hop_limit);
1528 return 0;
1529 }
1530
1531 if (msg->icmph.icmp6_code != 0) {
1532 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1533 msg->icmph.icmp6_code);
1534 return 0;
1535 }
1536
1537 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1538
1539 switch (msg->icmph.icmp6_type) {
1540 case NDISC_NEIGHBOUR_SOLICITATION:
1541 ndisc_recv_ns(skb);
1542 break;
1543
1544 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1545 ndisc_recv_na(skb);
1546 break;
1547
1548 case NDISC_ROUTER_SOLICITATION:
1549 ndisc_recv_rs(skb);
1550 break;
1551
1552 case NDISC_ROUTER_ADVERTISEMENT:
1553 ndisc_router_discovery(skb);
1554 break;
1555
1556 case NDISC_REDIRECT:
1557 ndisc_redirect_rcv(skb);
1558 break;
1559 }
1560
1561 return 0;
1562 }
1563
1564 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1565 {
1566 struct net_device *dev = ptr;
1567 struct net *net = dev_net(dev);
1568 struct inet6_dev *idev;
1569
1570 switch (event) {
1571 case NETDEV_CHANGEADDR:
1572 neigh_changeaddr(&nd_tbl, dev);
1573 fib6_run_gc(~0UL, net);
1574 idev = in6_dev_get(dev);
1575 if (!idev)
1576 break;
1577 if (idev->cnf.ndisc_notify)
1578 ndisc_send_unsol_na(dev);
1579 in6_dev_put(idev);
1580 break;
1581 case NETDEV_DOWN:
1582 neigh_ifdown(&nd_tbl, dev);
1583 fib6_run_gc(~0UL, net);
1584 break;
1585 case NETDEV_NOTIFY_PEERS:
1586 ndisc_send_unsol_na(dev);
1587 break;
1588 default:
1589 break;
1590 }
1591
1592 return NOTIFY_DONE;
1593 }
1594
1595 static struct notifier_block ndisc_netdev_notifier = {
1596 .notifier_call = ndisc_netdev_event,
1597 };
1598
1599 #ifdef CONFIG_SYSCTL
1600 static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1601 const char *func, const char *dev_name)
1602 {
1603 static char warncomm[TASK_COMM_LEN];
1604 static int warned;
1605 if (strcmp(warncomm, current->comm) && warned < 5) {
1606 strcpy(warncomm, current->comm);
1607 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1608 warncomm, func,
1609 dev_name, ctl->procname,
1610 dev_name, ctl->procname);
1611 warned++;
1612 }
1613 }
1614
1615 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
1616 {
1617 struct net_device *dev = ctl->extra1;
1618 struct inet6_dev *idev;
1619 int ret;
1620
1621 if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1622 (strcmp(ctl->procname, "base_reachable_time") == 0))
1623 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1624
1625 if (strcmp(ctl->procname, "retrans_time") == 0)
1626 ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
1627
1628 else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1629 ret = proc_dointvec_jiffies(ctl, write,
1630 buffer, lenp, ppos);
1631
1632 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1633 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1634 ret = proc_dointvec_ms_jiffies(ctl, write,
1635 buffer, lenp, ppos);
1636 else
1637 ret = -1;
1638
1639 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1640 if (ctl->data == &idev->nd_parms->base_reachable_time)
1641 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time);
1642 idev->tstamp = jiffies;
1643 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1644 in6_dev_put(idev);
1645 }
1646 return ret;
1647 }
1648
1649
1650 #endif
1651
1652 static int __net_init ndisc_net_init(struct net *net)
1653 {
1654 struct ipv6_pinfo *np;
1655 struct sock *sk;
1656 int err;
1657
1658 err = inet_ctl_sock_create(&sk, PF_INET6,
1659 SOCK_RAW, IPPROTO_ICMPV6, net);
1660 if (err < 0) {
1661 ND_PRINTK(0, err,
1662 "NDISC: Failed to initialize the control socket (err %d)\n",
1663 err);
1664 return err;
1665 }
1666
1667 net->ipv6.ndisc_sk = sk;
1668
1669 np = inet6_sk(sk);
1670 np->hop_limit = 255;
1671 /* Do not loopback ndisc messages */
1672 np->mc_loop = 0;
1673
1674 return 0;
1675 }
1676
1677 static void __net_exit ndisc_net_exit(struct net *net)
1678 {
1679 inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1680 }
1681
1682 static struct pernet_operations ndisc_net_ops = {
1683 .init = ndisc_net_init,
1684 .exit = ndisc_net_exit,
1685 };
1686
1687 int __init ndisc_init(void)
1688 {
1689 int err;
1690
1691 err = register_pernet_subsys(&ndisc_net_ops);
1692 if (err)
1693 return err;
1694 /*
1695 * Initialize the neighbour table
1696 */
1697 neigh_table_init(&nd_tbl);
1698
1699 #ifdef CONFIG_SYSCTL
1700 err = neigh_sysctl_register(NULL, &nd_tbl.parms, "ipv6",
1701 &ndisc_ifinfo_sysctl_change);
1702 if (err)
1703 goto out_unregister_pernet;
1704 #endif
1705 err = register_netdevice_notifier(&ndisc_netdev_notifier);
1706 if (err)
1707 goto out_unregister_sysctl;
1708 out:
1709 return err;
1710
1711 out_unregister_sysctl:
1712 #ifdef CONFIG_SYSCTL
1713 neigh_sysctl_unregister(&nd_tbl.parms);
1714 out_unregister_pernet:
1715 #endif
1716 unregister_pernet_subsys(&ndisc_net_ops);
1717 goto out;
1718 }
1719
1720 void ndisc_cleanup(void)
1721 {
1722 unregister_netdevice_notifier(&ndisc_netdev_notifier);
1723 #ifdef CONFIG_SYSCTL
1724 neigh_sysctl_unregister(&nd_tbl.parms);
1725 #endif
1726 neigh_table_clear(&nd_tbl);
1727 unregister_pernet_subsys(&ndisc_net_ops);
1728 }
Linux kernel - Deliverables
This page took 0.150579 seconds and 6 git commands to generate.