ndisc.c revision 305d552accae6afb859c493ebc7d98ca3371dae2
1/* 2 * Neighbour Discovery for IPv6 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * Mike Shaver <shaver@ingenia.com> 8 * 9 * This program is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU General Public License 11 * as published by the Free Software Foundation; either version 12 * 2 of the License, or (at your option) any later version. 13 */ 14 15/* 16 * Changes: 17 * 18 * Pierre Ynard : export userland ND options 19 * through netlink (RDNSS support) 20 * Lars Fenneberg : fixed MTU setting on receipt 21 * of an RA. 22 * Janos Farkas : kmalloc failure checks 23 * Alexey Kuznetsov : state machine reworked 24 * and moved to net/core. 25 * Pekka Savola : RFC2461 validation 26 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly 27 */ 28 29/* Set to 3 to get tracing... */ 30#define ND_DEBUG 1 31 32#define ND_PRINTK(fmt, args...) do { if (net_ratelimit()) { printk(fmt, ## args); } } while(0) 33#define ND_NOPRINTK(x...) do { ; } while(0) 34#define ND_PRINTK0 ND_PRINTK 35#define ND_PRINTK1 ND_NOPRINTK 36#define ND_PRINTK2 ND_NOPRINTK 37#define ND_PRINTK3 ND_NOPRINTK 38#if ND_DEBUG >= 1 39#undef ND_PRINTK1 40#define ND_PRINTK1 ND_PRINTK 41#endif 42#if ND_DEBUG >= 2 43#undef ND_PRINTK2 44#define ND_PRINTK2 ND_PRINTK 45#endif 46#if ND_DEBUG >= 3 47#undef ND_PRINTK3 48#define ND_PRINTK3 ND_PRINTK 49#endif 50 51#include <linux/module.h> 52#include <linux/errno.h> 53#include <linux/types.h> 54#include <linux/socket.h> 55#include <linux/sockios.h> 56#include <linux/sched.h> 57#include <linux/net.h> 58#include <linux/in6.h> 59#include <linux/route.h> 60#include <linux/init.h> 61#include <linux/rcupdate.h> 62#ifdef CONFIG_SYSCTL 63#include <linux/sysctl.h> 64#endif 65 66#include <linux/if_addr.h> 67#include <linux/if_arp.h> 68#include <linux/ipv6.h> 69#include <linux/icmpv6.h> 70#include <linux/jhash.h> 71 72#include <net/sock.h> 73#include <net/snmp.h> 74 75#include <net/ipv6.h> 76#include <net/protocol.h> 77#include <net/ndisc.h> 78#include <net/ip6_route.h> 79#include <net/addrconf.h> 80#include <net/icmp.h> 81 82#include <net/netlink.h> 83#include <linux/rtnetlink.h> 84 85#include <net/flow.h> 86#include <net/ip6_checksum.h> 87#include <net/inet_common.h> 88#include <linux/proc_fs.h> 89 90#include <linux/netfilter.h> 91#include <linux/netfilter_ipv6.h> 92 93static u32 ndisc_hash(const void *pkey, const struct net_device *dev); 94static int ndisc_constructor(struct neighbour *neigh); 95static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb); 96static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb); 97static int pndisc_constructor(struct pneigh_entry *n); 98static void pndisc_destructor(struct pneigh_entry *n); 99static void pndisc_redo(struct sk_buff *skb); 100 101static struct neigh_ops ndisc_generic_ops = { 102 .family = AF_INET6, 103 .solicit = ndisc_solicit, 104 .error_report = ndisc_error_report, 105 .output = neigh_resolve_output, 106 .connected_output = neigh_connected_output, 107 .hh_output = dev_queue_xmit, 108 .queue_xmit = dev_queue_xmit, 109}; 110 111static struct neigh_ops ndisc_hh_ops = { 112 .family = AF_INET6, 113 .solicit = ndisc_solicit, 114 .error_report = ndisc_error_report, 115 .output = neigh_resolve_output, 116 .connected_output = neigh_resolve_output, 117 .hh_output = dev_queue_xmit, 118 .queue_xmit = dev_queue_xmit, 119}; 120 121 122static struct neigh_ops ndisc_direct_ops = { 123 .family = AF_INET6, 124 .output = dev_queue_xmit, 125 .connected_output = dev_queue_xmit, 126 .hh_output = dev_queue_xmit, 127 .queue_xmit = dev_queue_xmit, 128}; 129 130struct neigh_table nd_tbl = { 131 .family = AF_INET6, 132 .entry_size = sizeof(struct neighbour) + sizeof(struct in6_addr), 133 .key_len = sizeof(struct in6_addr), 134 .hash = ndisc_hash, 135 .constructor = ndisc_constructor, 136 .pconstructor = pndisc_constructor, 137 .pdestructor = pndisc_destructor, 138 .proxy_redo = pndisc_redo, 139 .id = "ndisc_cache", 140 .parms = { 141 .tbl = &nd_tbl, 142 .base_reachable_time = 30 * HZ, 143 .retrans_time = 1 * HZ, 144 .gc_staletime = 60 * HZ, 145 .reachable_time = 30 * HZ, 146 .delay_probe_time = 5 * HZ, 147 .queue_len = 3, 148 .ucast_probes = 3, 149 .mcast_probes = 3, 150 .anycast_delay = 1 * HZ, 151 .proxy_delay = (8 * HZ) / 10, 152 .proxy_qlen = 64, 153 }, 154 .gc_interval = 30 * HZ, 155 .gc_thresh1 = 128, 156 .gc_thresh2 = 512, 157 .gc_thresh3 = 1024, 158}; 159 160/* ND options */ 161struct ndisc_options { 162 struct nd_opt_hdr *nd_opt_array[__ND_OPT_ARRAY_MAX]; 163#ifdef CONFIG_IPV6_ROUTE_INFO 164 struct nd_opt_hdr *nd_opts_ri; 165 struct nd_opt_hdr *nd_opts_ri_end; 166#endif 167 struct nd_opt_hdr *nd_useropts; 168 struct nd_opt_hdr *nd_useropts_end; 169}; 170 171#define nd_opts_src_lladdr nd_opt_array[ND_OPT_SOURCE_LL_ADDR] 172#define nd_opts_tgt_lladdr nd_opt_array[ND_OPT_TARGET_LL_ADDR] 173#define nd_opts_pi nd_opt_array[ND_OPT_PREFIX_INFO] 174#define nd_opts_pi_end nd_opt_array[__ND_OPT_PREFIX_INFO_END] 175#define nd_opts_rh nd_opt_array[ND_OPT_REDIRECT_HDR] 176#define nd_opts_mtu nd_opt_array[ND_OPT_MTU] 177 178#define NDISC_OPT_SPACE(len) (((len)+2+7)&~7) 179 180/* 181 * Return the padding between the option length and the start of the 182 * link addr. Currently only IP-over-InfiniBand needs this, although 183 * if RFC 3831 IPv6-over-Fibre Channel is ever implemented it may 184 * also need a pad of 2. 185 */ 186static int ndisc_addr_option_pad(unsigned short type) 187{ 188 switch (type) { 189 case ARPHRD_INFINIBAND: return 2; 190 default: return 0; 191 } 192} 193 194static inline int ndisc_opt_addr_space(struct net_device *dev) 195{ 196 return NDISC_OPT_SPACE(dev->addr_len + ndisc_addr_option_pad(dev->type)); 197} 198 199static u8 *ndisc_fill_addr_option(u8 *opt, int type, void *data, int data_len, 200 unsigned short addr_type) 201{ 202 int space = NDISC_OPT_SPACE(data_len); 203 int pad = ndisc_addr_option_pad(addr_type); 204 205 opt[0] = type; 206 opt[1] = space>>3; 207 208 memset(opt + 2, 0, pad); 209 opt += pad; 210 space -= pad; 211 212 memcpy(opt+2, data, data_len); 213 data_len += 2; 214 opt += data_len; 215 if ((space -= data_len) > 0) 216 memset(opt, 0, space); 217 return opt + space; 218} 219 220static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur, 221 struct nd_opt_hdr *end) 222{ 223 int type; 224 if (!cur || !end || cur >= end) 225 return NULL; 226 type = cur->nd_opt_type; 227 do { 228 cur = ((void *)cur) + (cur->nd_opt_len << 3); 229 } while(cur < end && cur->nd_opt_type != type); 230 return (cur <= end && cur->nd_opt_type == type ? cur : NULL); 231} 232 233static inline int ndisc_is_useropt(struct nd_opt_hdr *opt) 234{ 235 return (opt->nd_opt_type == ND_OPT_RDNSS); 236} 237 238static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur, 239 struct nd_opt_hdr *end) 240{ 241 if (!cur || !end || cur >= end) 242 return NULL; 243 do { 244 cur = ((void *)cur) + (cur->nd_opt_len << 3); 245 } while(cur < end && !ndisc_is_useropt(cur)); 246 return (cur <= end && ndisc_is_useropt(cur) ? cur : NULL); 247} 248 249static struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len, 250 struct ndisc_options *ndopts) 251{ 252 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt; 253 254 if (!nd_opt || opt_len < 0 || !ndopts) 255 return NULL; 256 memset(ndopts, 0, sizeof(*ndopts)); 257 while (opt_len) { 258 int l; 259 if (opt_len < sizeof(struct nd_opt_hdr)) 260 return NULL; 261 l = nd_opt->nd_opt_len << 3; 262 if (opt_len < l || l == 0) 263 return NULL; 264 switch (nd_opt->nd_opt_type) { 265 case ND_OPT_SOURCE_LL_ADDR: 266 case ND_OPT_TARGET_LL_ADDR: 267 case ND_OPT_MTU: 268 case ND_OPT_REDIRECT_HDR: 269 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) { 270 ND_PRINTK2(KERN_WARNING 271 "%s(): duplicated ND6 option found: type=%d\n", 272 __func__, 273 nd_opt->nd_opt_type); 274 } else { 275 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 276 } 277 break; 278 case ND_OPT_PREFIX_INFO: 279 ndopts->nd_opts_pi_end = nd_opt; 280 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type]) 281 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 282 break; 283#ifdef CONFIG_IPV6_ROUTE_INFO 284 case ND_OPT_ROUTE_INFO: 285 ndopts->nd_opts_ri_end = nd_opt; 286 if (!ndopts->nd_opts_ri) 287 ndopts->nd_opts_ri = nd_opt; 288 break; 289#endif 290 default: 291 if (ndisc_is_useropt(nd_opt)) { 292 ndopts->nd_useropts_end = nd_opt; 293 if (!ndopts->nd_useropts) 294 ndopts->nd_useropts = nd_opt; 295 } else { 296 /* 297 * Unknown options must be silently ignored, 298 * to accommodate future extension to the 299 * protocol. 300 */ 301 ND_PRINTK2(KERN_NOTICE 302 "%s(): ignored unsupported option; type=%d, len=%d\n", 303 __func__, 304 nd_opt->nd_opt_type, nd_opt->nd_opt_len); 305 } 306 } 307 opt_len -= l; 308 nd_opt = ((void *)nd_opt) + l; 309 } 310 return ndopts; 311} 312 313static inline u8 *ndisc_opt_addr_data(struct nd_opt_hdr *p, 314 struct net_device *dev) 315{ 316 u8 *lladdr = (u8 *)(p + 1); 317 int lladdrlen = p->nd_opt_len << 3; 318 int prepad = ndisc_addr_option_pad(dev->type); 319 if (lladdrlen != NDISC_OPT_SPACE(dev->addr_len + prepad)) 320 return NULL; 321 return (lladdr + prepad); 322} 323 324int ndisc_mc_map(struct in6_addr *addr, char *buf, struct net_device *dev, int dir) 325{ 326 switch (dev->type) { 327 case ARPHRD_ETHER: 328 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */ 329 case ARPHRD_FDDI: 330 ipv6_eth_mc_map(addr, buf); 331 return 0; 332 case ARPHRD_IEEE802_TR: 333 ipv6_tr_mc_map(addr,buf); 334 return 0; 335 case ARPHRD_ARCNET: 336 ipv6_arcnet_mc_map(addr, buf); 337 return 0; 338 case ARPHRD_INFINIBAND: 339 ipv6_ib_mc_map(addr, dev->broadcast, buf); 340 return 0; 341 default: 342 if (dir) { 343 memcpy(buf, dev->broadcast, dev->addr_len); 344 return 0; 345 } 346 } 347 return -EINVAL; 348} 349 350EXPORT_SYMBOL(ndisc_mc_map); 351 352static u32 ndisc_hash(const void *pkey, const struct net_device *dev) 353{ 354 const u32 *p32 = pkey; 355 u32 addr_hash, i; 356 357 addr_hash = 0; 358 for (i = 0; i < (sizeof(struct in6_addr) / sizeof(u32)); i++) 359 addr_hash ^= *p32++; 360 361 return jhash_2words(addr_hash, dev->ifindex, nd_tbl.hash_rnd); 362} 363 364static int ndisc_constructor(struct neighbour *neigh) 365{ 366 struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key; 367 struct net_device *dev = neigh->dev; 368 struct inet6_dev *in6_dev; 369 struct neigh_parms *parms; 370 int is_multicast = ipv6_addr_is_multicast(addr); 371 372 rcu_read_lock(); 373 in6_dev = in6_dev_get(dev); 374 if (in6_dev == NULL) { 375 rcu_read_unlock(); 376 return -EINVAL; 377 } 378 379 parms = in6_dev->nd_parms; 380 __neigh_parms_put(neigh->parms); 381 neigh->parms = neigh_parms_clone(parms); 382 rcu_read_unlock(); 383 384 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST; 385 if (!dev->header_ops) { 386 neigh->nud_state = NUD_NOARP; 387 neigh->ops = &ndisc_direct_ops; 388 neigh->output = neigh->ops->queue_xmit; 389 } else { 390 if (is_multicast) { 391 neigh->nud_state = NUD_NOARP; 392 ndisc_mc_map(addr, neigh->ha, dev, 1); 393 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) { 394 neigh->nud_state = NUD_NOARP; 395 memcpy(neigh->ha, dev->dev_addr, dev->addr_len); 396 if (dev->flags&IFF_LOOPBACK) 397 neigh->type = RTN_LOCAL; 398 } else if (dev->flags&IFF_POINTOPOINT) { 399 neigh->nud_state = NUD_NOARP; 400 memcpy(neigh->ha, dev->broadcast, dev->addr_len); 401 } 402 if (dev->header_ops->cache) 403 neigh->ops = &ndisc_hh_ops; 404 else 405 neigh->ops = &ndisc_generic_ops; 406 if (neigh->nud_state&NUD_VALID) 407 neigh->output = neigh->ops->connected_output; 408 else 409 neigh->output = neigh->ops->output; 410 } 411 in6_dev_put(in6_dev); 412 return 0; 413} 414 415static int pndisc_constructor(struct pneigh_entry *n) 416{ 417 struct in6_addr *addr = (struct in6_addr*)&n->key; 418 struct in6_addr maddr; 419 struct net_device *dev = n->dev; 420 421 if (dev == NULL || __in6_dev_get(dev) == NULL) 422 return -EINVAL; 423 addrconf_addr_solict_mult(addr, &maddr); 424 ipv6_dev_mc_inc(dev, &maddr); 425 return 0; 426} 427 428static void pndisc_destructor(struct pneigh_entry *n) 429{ 430 struct in6_addr *addr = (struct in6_addr*)&n->key; 431 struct in6_addr maddr; 432 struct net_device *dev = n->dev; 433 434 if (dev == NULL || __in6_dev_get(dev) == NULL) 435 return; 436 addrconf_addr_solict_mult(addr, &maddr); 437 ipv6_dev_mc_dec(dev, &maddr); 438} 439 440struct sk_buff *ndisc_build_skb(struct net_device *dev, 441 const struct in6_addr *daddr, 442 const struct in6_addr *saddr, 443 struct icmp6hdr *icmp6h, 444 const struct in6_addr *target, 445 int llinfo) 446{ 447 struct net *net = dev_net(dev); 448 struct sock *sk = net->ipv6.ndisc_sk; 449 struct sk_buff *skb; 450 struct icmp6hdr *hdr; 451 int len; 452 int err; 453 u8 *opt; 454 455 if (!dev->addr_len) 456 llinfo = 0; 457 458 len = sizeof(struct icmp6hdr) + (target ? sizeof(*target) : 0); 459 if (llinfo) 460 len += ndisc_opt_addr_space(dev); 461 462 skb = sock_alloc_send_skb(sk, 463 (MAX_HEADER + sizeof(struct ipv6hdr) + 464 len + LL_ALLOCATED_SPACE(dev)), 465 1, &err); 466 if (!skb) { 467 ND_PRINTK0(KERN_ERR 468 "ICMPv6 ND: %s() failed to allocate an skb.\n", 469 __func__); 470 return NULL; 471 } 472 473 skb_reserve(skb, LL_RESERVED_SPACE(dev)); 474 ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len); 475 476 skb->transport_header = skb->tail; 477 skb_put(skb, len); 478 479 hdr = (struct icmp6hdr *)skb_transport_header(skb); 480 memcpy(hdr, icmp6h, sizeof(*hdr)); 481 482 opt = skb_transport_header(skb) + sizeof(struct icmp6hdr); 483 if (target) { 484 ipv6_addr_copy((struct in6_addr *)opt, target); 485 opt += sizeof(*target); 486 } 487 488 if (llinfo) 489 ndisc_fill_addr_option(opt, llinfo, dev->dev_addr, 490 dev->addr_len, dev->type); 491 492 hdr->icmp6_cksum = csum_ipv6_magic(saddr, daddr, len, 493 IPPROTO_ICMPV6, 494 csum_partial((__u8 *) hdr, 495 len, 0)); 496 497 return skb; 498} 499 500EXPORT_SYMBOL(ndisc_build_skb); 501 502void ndisc_send_skb(struct sk_buff *skb, 503 struct net_device *dev, 504 struct neighbour *neigh, 505 const struct in6_addr *daddr, 506 const struct in6_addr *saddr, 507 struct icmp6hdr *icmp6h) 508{ 509 struct flowi fl; 510 struct dst_entry *dst; 511 struct net *net = dev_net(dev); 512 struct sock *sk = net->ipv6.ndisc_sk; 513 struct inet6_dev *idev; 514 int err; 515 u8 type; 516 517 type = icmp6h->icmp6_type; 518 519 icmpv6_flow_init(sk, &fl, type, saddr, daddr, dev->ifindex); 520 521 dst = icmp6_dst_alloc(dev, neigh, daddr); 522 if (!dst) { 523 kfree_skb(skb); 524 return; 525 } 526 527 err = xfrm_lookup(&dst, &fl, NULL, 0); 528 if (err < 0) { 529 kfree_skb(skb); 530 return; 531 } 532 533 skb->dst = dst; 534 535 idev = in6_dev_get(dst->dev); 536 IP6_INC_STATS(net, idev, IPSTATS_MIB_OUTREQUESTS); 537 538 err = NF_HOOK(PF_INET6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev, 539 dst_output); 540 if (!err) { 541 ICMP6MSGOUT_INC_STATS(net, idev, type); 542 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS); 543 } 544 545 if (likely(idev != NULL)) 546 in6_dev_put(idev); 547} 548 549EXPORT_SYMBOL(ndisc_send_skb); 550 551/* 552 * Send a Neighbour Discover packet 553 */ 554static void __ndisc_send(struct net_device *dev, 555 struct neighbour *neigh, 556 const struct in6_addr *daddr, 557 const struct in6_addr *saddr, 558 struct icmp6hdr *icmp6h, const struct in6_addr *target, 559 int llinfo) 560{ 561 struct sk_buff *skb; 562 563 skb = ndisc_build_skb(dev, daddr, saddr, icmp6h, target, llinfo); 564 if (!skb) 565 return; 566 567 ndisc_send_skb(skb, dev, neigh, daddr, saddr, icmp6h); 568} 569 570static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh, 571 const struct in6_addr *daddr, 572 const struct in6_addr *solicited_addr, 573 int router, int solicited, int override, int inc_opt) 574{ 575 struct in6_addr tmpaddr; 576 struct inet6_ifaddr *ifp; 577 const struct in6_addr *src_addr; 578 struct icmp6hdr icmp6h = { 579 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT, 580 }; 581 582 /* for anycast or proxy, solicited_addr != src_addr */ 583 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1); 584 if (ifp) { 585 src_addr = solicited_addr; 586 if (ifp->flags & IFA_F_OPTIMISTIC) 587 override = 0; 588 in6_ifa_put(ifp); 589 } else { 590 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr, 591 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs, 592 &tmpaddr)) 593 return; 594 src_addr = &tmpaddr; 595 } 596 597 icmp6h.icmp6_router = router; 598 icmp6h.icmp6_solicited = solicited; 599 icmp6h.icmp6_override = override; 600 601 __ndisc_send(dev, neigh, daddr, src_addr, 602 &icmp6h, solicited_addr, 603 inc_opt ? ND_OPT_TARGET_LL_ADDR : 0); 604} 605 606void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh, 607 const struct in6_addr *solicit, 608 const struct in6_addr *daddr, const struct in6_addr *saddr) 609{ 610 struct in6_addr addr_buf; 611 struct icmp6hdr icmp6h = { 612 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION, 613 }; 614 615 if (saddr == NULL) { 616 if (ipv6_get_lladdr(dev, &addr_buf, 617 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))) 618 return; 619 saddr = &addr_buf; 620 } 621 622 __ndisc_send(dev, neigh, daddr, saddr, 623 &icmp6h, solicit, 624 !ipv6_addr_any(saddr) ? ND_OPT_SOURCE_LL_ADDR : 0); 625} 626 627void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr, 628 const struct in6_addr *daddr) 629{ 630 struct icmp6hdr icmp6h = { 631 .icmp6_type = NDISC_ROUTER_SOLICITATION, 632 }; 633 int send_sllao = dev->addr_len; 634 635#ifdef CONFIG_IPV6_OPTIMISTIC_DAD 636 /* 637 * According to section 2.2 of RFC 4429, we must not 638 * send router solicitations with a sllao from 639 * optimistic addresses, but we may send the solicitation 640 * if we don't include the sllao. So here we check 641 * if our address is optimistic, and if so, we 642 * suppress the inclusion of the sllao. 643 */ 644 if (send_sllao) { 645 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr, 646 dev, 1); 647 if (ifp) { 648 if (ifp->flags & IFA_F_OPTIMISTIC) { 649 send_sllao = 0; 650 } 651 in6_ifa_put(ifp); 652 } else { 653 send_sllao = 0; 654 } 655 } 656#endif 657 __ndisc_send(dev, NULL, daddr, saddr, 658 &icmp6h, NULL, 659 send_sllao ? ND_OPT_SOURCE_LL_ADDR : 0); 660} 661 662 663static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb) 664{ 665 /* 666 * "The sender MUST return an ICMP 667 * destination unreachable" 668 */ 669 dst_link_failure(skb); 670 kfree_skb(skb); 671} 672 673/* Called with locked neigh: either read or both */ 674 675static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb) 676{ 677 struct in6_addr *saddr = NULL; 678 struct in6_addr mcaddr; 679 struct net_device *dev = neigh->dev; 680 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key; 681 int probes = atomic_read(&neigh->probes); 682 683 if (skb && ipv6_chk_addr(dev_net(dev), &ipv6_hdr(skb)->saddr, dev, 1)) 684 saddr = &ipv6_hdr(skb)->saddr; 685 686 if ((probes -= neigh->parms->ucast_probes) < 0) { 687 if (!(neigh->nud_state & NUD_VALID)) { 688 ND_PRINTK1(KERN_DEBUG "%s(): trying to ucast probe in NUD_INVALID: %pI6\n", 689 __func__, target); 690 } 691 ndisc_send_ns(dev, neigh, target, target, saddr); 692 } else if ((probes -= neigh->parms->app_probes) < 0) { 693#ifdef CONFIG_ARPD 694 neigh_app_ns(neigh); 695#endif 696 } else { 697 addrconf_addr_solict_mult(target, &mcaddr); 698 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr); 699 } 700} 701 702static int pndisc_is_router(const void *pkey, 703 struct net_device *dev) 704{ 705 struct pneigh_entry *n; 706 int ret = -1; 707 708 read_lock_bh(&nd_tbl.lock); 709 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev); 710 if (n) 711 ret = !!(n->flags & NTF_ROUTER); 712 read_unlock_bh(&nd_tbl.lock); 713 714 return ret; 715} 716 717static void ndisc_recv_ns(struct sk_buff *skb) 718{ 719 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb); 720 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 721 struct in6_addr *daddr = &ipv6_hdr(skb)->daddr; 722 u8 *lladdr = NULL; 723 u32 ndoptlen = skb->tail - (skb->transport_header + 724 offsetof(struct nd_msg, opt)); 725 struct ndisc_options ndopts; 726 struct net_device *dev = skb->dev; 727 struct inet6_ifaddr *ifp; 728 struct inet6_dev *idev = NULL; 729 struct neighbour *neigh; 730 int dad = ipv6_addr_any(saddr); 731 int inc; 732 int is_router = -1; 733 734 if (ipv6_addr_is_multicast(&msg->target)) { 735 ND_PRINTK2(KERN_WARNING 736 "ICMPv6 NS: multicast target address"); 737 return; 738 } 739 740 /* 741 * RFC2461 7.1.1: 742 * DAD has to be destined for solicited node multicast address. 743 */ 744 if (dad && 745 !(daddr->s6_addr32[0] == htonl(0xff020000) && 746 daddr->s6_addr32[1] == htonl(0x00000000) && 747 daddr->s6_addr32[2] == htonl(0x00000001) && 748 daddr->s6_addr [12] == 0xff )) { 749 ND_PRINTK2(KERN_WARNING 750 "ICMPv6 NS: bad DAD packet (wrong destination)\n"); 751 return; 752 } 753 754 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) { 755 ND_PRINTK2(KERN_WARNING 756 "ICMPv6 NS: invalid ND options\n"); 757 return; 758 } 759 760 if (ndopts.nd_opts_src_lladdr) { 761 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev); 762 if (!lladdr) { 763 ND_PRINTK2(KERN_WARNING 764 "ICMPv6 NS: invalid link-layer address length\n"); 765 return; 766 } 767 768 /* RFC2461 7.1.1: 769 * If the IP source address is the unspecified address, 770 * there MUST NOT be source link-layer address option 771 * in the message. 772 */ 773 if (dad) { 774 ND_PRINTK2(KERN_WARNING 775 "ICMPv6 NS: bad DAD packet (link-layer address option)\n"); 776 return; 777 } 778 } 779 780 inc = ipv6_addr_is_multicast(daddr); 781 782 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1); 783 if (ifp) { 784 785 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) { 786 if (dad) { 787 if (dev->type == ARPHRD_IEEE802_TR) { 788 const unsigned char *sadr; 789 sadr = skb_mac_header(skb); 790 if (((sadr[8] ^ dev->dev_addr[0]) & 0x7f) == 0 && 791 sadr[9] == dev->dev_addr[1] && 792 sadr[10] == dev->dev_addr[2] && 793 sadr[11] == dev->dev_addr[3] && 794 sadr[12] == dev->dev_addr[4] && 795 sadr[13] == dev->dev_addr[5]) { 796 /* looped-back to us */ 797 goto out; 798 } 799 } 800 801 /* 802 * We are colliding with another node 803 * who is doing DAD 804 * so fail our DAD process 805 */ 806 addrconf_dad_failure(ifp); 807 return; 808 } else { 809 /* 810 * This is not a dad solicitation. 811 * If we are an optimistic node, 812 * we should respond. 813 * Otherwise, we should ignore it. 814 */ 815 if (!(ifp->flags & IFA_F_OPTIMISTIC)) 816 goto out; 817 } 818 } 819 820 idev = ifp->idev; 821 } else { 822 struct net *net = dev_net(dev); 823 824 idev = in6_dev_get(dev); 825 if (!idev) { 826 /* XXX: count this drop? */ 827 return; 828 } 829 830 if (ipv6_chk_acast_addr(net, dev, &msg->target) || 831 (idev->cnf.forwarding && 832 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) && 833 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) { 834 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) && 835 skb->pkt_type != PACKET_HOST && 836 inc != 0 && 837 idev->nd_parms->proxy_delay != 0) { 838 /* 839 * for anycast or proxy, 840 * sender should delay its response 841 * by a random time between 0 and 842 * MAX_ANYCAST_DELAY_TIME seconds. 843 * (RFC2461) -- yoshfuji 844 */ 845 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC); 846 if (n) 847 pneigh_enqueue(&nd_tbl, idev->nd_parms, n); 848 goto out; 849 } 850 } else 851 goto out; 852 } 853 854 if (is_router < 0) 855 is_router = !!idev->cnf.forwarding; 856 857 if (dad) { 858 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &msg->target, 859 is_router, 0, (ifp != NULL), 1); 860 goto out; 861 } 862 863 if (inc) 864 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast); 865 else 866 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast); 867 868 /* 869 * update / create cache entry 870 * for the source address 871 */ 872 neigh = __neigh_lookup(&nd_tbl, saddr, dev, 873 !inc || lladdr || !dev->addr_len); 874 if (neigh) 875 neigh_update(neigh, lladdr, NUD_STALE, 876 NEIGH_UPDATE_F_WEAK_OVERRIDE| 877 NEIGH_UPDATE_F_OVERRIDE); 878 if (neigh || !dev->header_ops) { 879 ndisc_send_na(dev, neigh, saddr, &msg->target, 880 is_router, 881 1, (ifp != NULL && inc), inc); 882 if (neigh) 883 neigh_release(neigh); 884 } 885 886out: 887 if (ifp) 888 in6_ifa_put(ifp); 889 else 890 in6_dev_put(idev); 891 892 return; 893} 894 895static void ndisc_recv_na(struct sk_buff *skb) 896{ 897 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb); 898 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 899 struct in6_addr *daddr = &ipv6_hdr(skb)->daddr; 900 u8 *lladdr = NULL; 901 u32 ndoptlen = skb->tail - (skb->transport_header + 902 offsetof(struct nd_msg, opt)); 903 struct ndisc_options ndopts; 904 struct net_device *dev = skb->dev; 905 struct inet6_ifaddr *ifp; 906 struct neighbour *neigh; 907 908 if (skb->len < sizeof(struct nd_msg)) { 909 ND_PRINTK2(KERN_WARNING 910 "ICMPv6 NA: packet too short\n"); 911 return; 912 } 913 914 if (ipv6_addr_is_multicast(&msg->target)) { 915 ND_PRINTK2(KERN_WARNING 916 "ICMPv6 NA: target address is multicast.\n"); 917 return; 918 } 919 920 if (ipv6_addr_is_multicast(daddr) && 921 msg->icmph.icmp6_solicited) { 922 ND_PRINTK2(KERN_WARNING 923 "ICMPv6 NA: solicited NA is multicasted.\n"); 924 return; 925 } 926 927 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) { 928 ND_PRINTK2(KERN_WARNING 929 "ICMPv6 NS: invalid ND option\n"); 930 return; 931 } 932 if (ndopts.nd_opts_tgt_lladdr) { 933 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev); 934 if (!lladdr) { 935 ND_PRINTK2(KERN_WARNING 936 "ICMPv6 NA: invalid link-layer address length\n"); 937 return; 938 } 939 } 940 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1); 941 if (ifp) { 942 if (ifp->flags & IFA_F_TENTATIVE) { 943 addrconf_dad_failure(ifp); 944 return; 945 } 946 /* What should we make now? The advertisement 947 is invalid, but ndisc specs say nothing 948 about it. It could be misconfiguration, or 949 an smart proxy agent tries to help us :-) 950 */ 951 ND_PRINTK1(KERN_WARNING 952 "ICMPv6 NA: someone advertises our address on %s!\n", 953 ifp->idev->dev->name); 954 in6_ifa_put(ifp); 955 return; 956 } 957 neigh = neigh_lookup(&nd_tbl, &msg->target, dev); 958 959 if (neigh) { 960 u8 old_flags = neigh->flags; 961 struct net *net = dev_net(dev); 962 963 if (neigh->nud_state & NUD_FAILED) 964 goto out; 965 966 /* 967 * Don't update the neighbor cache entry on a proxy NA from 968 * ourselves because either the proxied node is off link or it 969 * has already sent a NA to us. 970 */ 971 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) && 972 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp && 973 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) { 974 /* XXX: idev->cnf.prixy_ndp */ 975 goto out; 976 } 977 978 neigh_update(neigh, lladdr, 979 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE, 980 NEIGH_UPDATE_F_WEAK_OVERRIDE| 981 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)| 982 NEIGH_UPDATE_F_OVERRIDE_ISROUTER| 983 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0)); 984 985 if ((old_flags & ~neigh->flags) & NTF_ROUTER) { 986 /* 987 * Change: router to host 988 */ 989 struct rt6_info *rt; 990 rt = rt6_get_dflt_router(saddr, dev); 991 if (rt) 992 ip6_del_rt(rt); 993 } 994 995out: 996 neigh_release(neigh); 997 } 998} 999 1000static void ndisc_recv_rs(struct sk_buff *skb) 1001{ 1002 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb); 1003 unsigned long ndoptlen = skb->len - sizeof(*rs_msg); 1004 struct neighbour *neigh; 1005 struct inet6_dev *idev; 1006 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 1007 struct ndisc_options ndopts; 1008 u8 *lladdr = NULL; 1009 1010 if (skb->len < sizeof(*rs_msg)) 1011 return; 1012 1013 idev = in6_dev_get(skb->dev); 1014 if (!idev) { 1015 if (net_ratelimit()) 1016 ND_PRINTK1("ICMP6 RS: can't find in6 device\n"); 1017 return; 1018 } 1019 1020 /* Don't accept RS if we're not in router mode */ 1021 if (!idev->cnf.forwarding) 1022 goto out; 1023 1024 /* 1025 * Don't update NCE if src = ::; 1026 * this implies that the source node has no ip address assigned yet. 1027 */ 1028 if (ipv6_addr_any(saddr)) 1029 goto out; 1030 1031 /* Parse ND options */ 1032 if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) { 1033 if (net_ratelimit()) 1034 ND_PRINTK2("ICMP6 NS: invalid ND option, ignored\n"); 1035 goto out; 1036 } 1037 1038 if (ndopts.nd_opts_src_lladdr) { 1039 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, 1040 skb->dev); 1041 if (!lladdr) 1042 goto out; 1043 } 1044 1045 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1); 1046 if (neigh) { 1047 neigh_update(neigh, lladdr, NUD_STALE, 1048 NEIGH_UPDATE_F_WEAK_OVERRIDE| 1049 NEIGH_UPDATE_F_OVERRIDE| 1050 NEIGH_UPDATE_F_OVERRIDE_ISROUTER); 1051 neigh_release(neigh); 1052 } 1053out: 1054 in6_dev_put(idev); 1055} 1056 1057static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt) 1058{ 1059 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra); 1060 struct sk_buff *skb; 1061 struct nlmsghdr *nlh; 1062 struct nduseroptmsg *ndmsg; 1063 struct net *net = dev_net(ra->dev); 1064 int err; 1065 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg) 1066 + (opt->nd_opt_len << 3)); 1067 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr)); 1068 1069 skb = nlmsg_new(msg_size, GFP_ATOMIC); 1070 if (skb == NULL) { 1071 err = -ENOBUFS; 1072 goto errout; 1073 } 1074 1075 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0); 1076 if (nlh == NULL) { 1077 goto nla_put_failure; 1078 } 1079 1080 ndmsg = nlmsg_data(nlh); 1081 ndmsg->nduseropt_family = AF_INET6; 1082 ndmsg->nduseropt_ifindex = ra->dev->ifindex; 1083 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type; 1084 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code; 1085 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3; 1086 1087 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3); 1088 1089 NLA_PUT(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr), 1090 &ipv6_hdr(ra)->saddr); 1091 nlmsg_end(skb, nlh); 1092 1093 err = rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, 1094 GFP_ATOMIC); 1095 if (err < 0) 1096 goto errout; 1097 1098 return; 1099 1100nla_put_failure: 1101 nlmsg_free(skb); 1102 err = -EMSGSIZE; 1103errout: 1104 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err); 1105} 1106 1107static void ndisc_router_discovery(struct sk_buff *skb) 1108{ 1109 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb); 1110 struct neighbour *neigh = NULL; 1111 struct inet6_dev *in6_dev; 1112 struct rt6_info *rt = NULL; 1113 int lifetime; 1114 struct ndisc_options ndopts; 1115 int optlen; 1116 unsigned int pref = 0; 1117 1118 __u8 * opt = (__u8 *)(ra_msg + 1); 1119 1120 optlen = (skb->tail - skb->transport_header) - sizeof(struct ra_msg); 1121 1122 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) { 1123 ND_PRINTK2(KERN_WARNING 1124 "ICMPv6 RA: source address is not link-local.\n"); 1125 return; 1126 } 1127 if (optlen < 0) { 1128 ND_PRINTK2(KERN_WARNING 1129 "ICMPv6 RA: packet too short\n"); 1130 return; 1131 } 1132 1133#ifdef CONFIG_IPV6_NDISC_NODETYPE 1134 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) { 1135 ND_PRINTK2(KERN_WARNING 1136 "ICMPv6 RA: from host or unauthorized router\n"); 1137 return; 1138 } 1139#endif 1140 1141 /* 1142 * set the RA_RECV flag in the interface 1143 */ 1144 1145 in6_dev = in6_dev_get(skb->dev); 1146 if (in6_dev == NULL) { 1147 ND_PRINTK0(KERN_ERR 1148 "ICMPv6 RA: can't find inet6 device for %s.\n", 1149 skb->dev->name); 1150 return; 1151 } 1152 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_ra) { 1153 in6_dev_put(in6_dev); 1154 return; 1155 } 1156 1157 if (!ndisc_parse_options(opt, optlen, &ndopts)) { 1158 in6_dev_put(in6_dev); 1159 ND_PRINTK2(KERN_WARNING 1160 "ICMP6 RA: invalid ND options\n"); 1161 return; 1162 } 1163 1164#ifdef CONFIG_IPV6_NDISC_NODETYPE 1165 /* skip link-specific parameters from interior routers */ 1166 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) 1167 goto skip_linkparms; 1168#endif 1169 1170 if (in6_dev->if_flags & IF_RS_SENT) { 1171 /* 1172 * flag that an RA was received after an RS was sent 1173 * out on this interface. 1174 */ 1175 in6_dev->if_flags |= IF_RA_RCVD; 1176 } 1177 1178 /* 1179 * Remember the managed/otherconf flags from most recently 1180 * received RA message (RFC 2462) -- yoshfuji 1181 */ 1182 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED | 1183 IF_RA_OTHERCONF)) | 1184 (ra_msg->icmph.icmp6_addrconf_managed ? 1185 IF_RA_MANAGED : 0) | 1186 (ra_msg->icmph.icmp6_addrconf_other ? 1187 IF_RA_OTHERCONF : 0); 1188 1189 if (!in6_dev->cnf.accept_ra_defrtr) 1190 goto skip_defrtr; 1191 1192 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime); 1193 1194#ifdef CONFIG_IPV6_ROUTER_PREF 1195 pref = ra_msg->icmph.icmp6_router_pref; 1196 /* 10b is handled as if it were 00b (medium) */ 1197 if (pref == ICMPV6_ROUTER_PREF_INVALID || 1198 !in6_dev->cnf.accept_ra_rtr_pref) 1199 pref = ICMPV6_ROUTER_PREF_MEDIUM; 1200#endif 1201 1202 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev); 1203 1204 if (rt) 1205 neigh = rt->rt6i_nexthop; 1206 1207 if (rt && lifetime == 0) { 1208 neigh_clone(neigh); 1209 ip6_del_rt(rt); 1210 rt = NULL; 1211 } 1212 1213 if (rt == NULL && lifetime) { 1214 ND_PRINTK3(KERN_DEBUG 1215 "ICMPv6 RA: adding default router.\n"); 1216 1217 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref); 1218 if (rt == NULL) { 1219 ND_PRINTK0(KERN_ERR 1220 "ICMPv6 RA: %s() failed to add default route.\n", 1221 __func__); 1222 in6_dev_put(in6_dev); 1223 return; 1224 } 1225 1226 neigh = rt->rt6i_nexthop; 1227 if (neigh == NULL) { 1228 ND_PRINTK0(KERN_ERR 1229 "ICMPv6 RA: %s() got default router without neighbour.\n", 1230 __func__); 1231 dst_release(&rt->u.dst); 1232 in6_dev_put(in6_dev); 1233 return; 1234 } 1235 neigh->flags |= NTF_ROUTER; 1236 } else if (rt) { 1237 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref); 1238 } 1239 1240 if (rt) 1241 rt->rt6i_expires = jiffies + (HZ * lifetime); 1242 1243 if (ra_msg->icmph.icmp6_hop_limit) { 1244 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit; 1245 if (rt) 1246 rt->u.dst.metrics[RTAX_HOPLIMIT-1] = ra_msg->icmph.icmp6_hop_limit; 1247 } 1248 1249skip_defrtr: 1250 1251 /* 1252 * Update Reachable Time and Retrans Timer 1253 */ 1254 1255 if (in6_dev->nd_parms) { 1256 unsigned long rtime = ntohl(ra_msg->retrans_timer); 1257 1258 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) { 1259 rtime = (rtime*HZ)/1000; 1260 if (rtime < HZ/10) 1261 rtime = HZ/10; 1262 in6_dev->nd_parms->retrans_time = rtime; 1263 in6_dev->tstamp = jiffies; 1264 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev); 1265 } 1266 1267 rtime = ntohl(ra_msg->reachable_time); 1268 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) { 1269 rtime = (rtime*HZ)/1000; 1270 1271 if (rtime < HZ/10) 1272 rtime = HZ/10; 1273 1274 if (rtime != in6_dev->nd_parms->base_reachable_time) { 1275 in6_dev->nd_parms->base_reachable_time = rtime; 1276 in6_dev->nd_parms->gc_staletime = 3 * rtime; 1277 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime); 1278 in6_dev->tstamp = jiffies; 1279 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev); 1280 } 1281 } 1282 } 1283 1284#ifdef CONFIG_IPV6_NDISC_NODETYPE 1285skip_linkparms: 1286#endif 1287 1288 /* 1289 * Process options. 1290 */ 1291 1292 if (!neigh) 1293 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr, 1294 skb->dev, 1); 1295 if (neigh) { 1296 u8 *lladdr = NULL; 1297 if (ndopts.nd_opts_src_lladdr) { 1298 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, 1299 skb->dev); 1300 if (!lladdr) { 1301 ND_PRINTK2(KERN_WARNING 1302 "ICMPv6 RA: invalid link-layer address length\n"); 1303 goto out; 1304 } 1305 } 1306 neigh_update(neigh, lladdr, NUD_STALE, 1307 NEIGH_UPDATE_F_WEAK_OVERRIDE| 1308 NEIGH_UPDATE_F_OVERRIDE| 1309 NEIGH_UPDATE_F_OVERRIDE_ISROUTER| 1310 NEIGH_UPDATE_F_ISROUTER); 1311 } 1312 1313#ifdef CONFIG_IPV6_ROUTE_INFO 1314 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) { 1315 struct nd_opt_hdr *p; 1316 for (p = ndopts.nd_opts_ri; 1317 p; 1318 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) { 1319 struct route_info *ri = (struct route_info *)p; 1320#ifdef CONFIG_IPV6_NDISC_NODETYPE 1321 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT && 1322 ri->prefix_len == 0) 1323 continue; 1324#endif 1325 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen) 1326 continue; 1327 rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3, 1328 &ipv6_hdr(skb)->saddr); 1329 } 1330 } 1331#endif 1332 1333#ifdef CONFIG_IPV6_NDISC_NODETYPE 1334 /* skip link-specific ndopts from interior routers */ 1335 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) 1336 goto out; 1337#endif 1338 1339 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) { 1340 struct nd_opt_hdr *p; 1341 for (p = ndopts.nd_opts_pi; 1342 p; 1343 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) { 1344 addrconf_prefix_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3); 1345 } 1346 } 1347 1348 if (ndopts.nd_opts_mtu) { 1349 __be32 n; 1350 u32 mtu; 1351 1352 memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu)); 1353 mtu = ntohl(n); 1354 1355 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) { 1356 ND_PRINTK2(KERN_WARNING 1357 "ICMPv6 RA: invalid mtu: %d\n", 1358 mtu); 1359 } else if (in6_dev->cnf.mtu6 != mtu) { 1360 in6_dev->cnf.mtu6 = mtu; 1361 1362 if (rt) 1363 rt->u.dst.metrics[RTAX_MTU-1] = mtu; 1364 1365 rt6_mtu_change(skb->dev, mtu); 1366 } 1367 } 1368 1369 if (ndopts.nd_useropts) { 1370 struct nd_opt_hdr *p; 1371 for (p = ndopts.nd_useropts; 1372 p; 1373 p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) { 1374 ndisc_ra_useropt(skb, p); 1375 } 1376 } 1377 1378 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) { 1379 ND_PRINTK2(KERN_WARNING 1380 "ICMPv6 RA: invalid RA options"); 1381 } 1382out: 1383 if (rt) 1384 dst_release(&rt->u.dst); 1385 else if (neigh) 1386 neigh_release(neigh); 1387 in6_dev_put(in6_dev); 1388} 1389 1390static void ndisc_redirect_rcv(struct sk_buff *skb) 1391{ 1392 struct inet6_dev *in6_dev; 1393 struct icmp6hdr *icmph; 1394 struct in6_addr *dest; 1395 struct in6_addr *target; /* new first hop to destination */ 1396 struct neighbour *neigh; 1397 int on_link = 0; 1398 struct ndisc_options ndopts; 1399 int optlen; 1400 u8 *lladdr = NULL; 1401 1402#ifdef CONFIG_IPV6_NDISC_NODETYPE 1403 switch (skb->ndisc_nodetype) { 1404 case NDISC_NODETYPE_HOST: 1405 case NDISC_NODETYPE_NODEFAULT: 1406 ND_PRINTK2(KERN_WARNING 1407 "ICMPv6 Redirect: from host or unauthorized router\n"); 1408 return; 1409 } 1410#endif 1411 1412 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) { 1413 ND_PRINTK2(KERN_WARNING 1414 "ICMPv6 Redirect: source address is not link-local.\n"); 1415 return; 1416 } 1417 1418 optlen = skb->tail - skb->transport_header; 1419 optlen -= sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr); 1420 1421 if (optlen < 0) { 1422 ND_PRINTK2(KERN_WARNING 1423 "ICMPv6 Redirect: packet too short\n"); 1424 return; 1425 } 1426 1427 icmph = icmp6_hdr(skb); 1428 target = (struct in6_addr *) (icmph + 1); 1429 dest = target + 1; 1430 1431 if (ipv6_addr_is_multicast(dest)) { 1432 ND_PRINTK2(KERN_WARNING 1433 "ICMPv6 Redirect: destination address is multicast.\n"); 1434 return; 1435 } 1436 1437 if (ipv6_addr_equal(dest, target)) { 1438 on_link = 1; 1439 } else if (ipv6_addr_type(target) != 1440 (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) { 1441 ND_PRINTK2(KERN_WARNING 1442 "ICMPv6 Redirect: target address is not link-local unicast.\n"); 1443 return; 1444 } 1445 1446 in6_dev = in6_dev_get(skb->dev); 1447 if (!in6_dev) 1448 return; 1449 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects) { 1450 in6_dev_put(in6_dev); 1451 return; 1452 } 1453 1454 /* RFC2461 8.1: 1455 * The IP source address of the Redirect MUST be the same as the current 1456 * first-hop router for the specified ICMP Destination Address. 1457 */ 1458 1459 if (!ndisc_parse_options((u8*)(dest + 1), optlen, &ndopts)) { 1460 ND_PRINTK2(KERN_WARNING 1461 "ICMPv6 Redirect: invalid ND options\n"); 1462 in6_dev_put(in6_dev); 1463 return; 1464 } 1465 if (ndopts.nd_opts_tgt_lladdr) { 1466 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, 1467 skb->dev); 1468 if (!lladdr) { 1469 ND_PRINTK2(KERN_WARNING 1470 "ICMPv6 Redirect: invalid link-layer address length\n"); 1471 in6_dev_put(in6_dev); 1472 return; 1473 } 1474 } 1475 1476 neigh = __neigh_lookup(&nd_tbl, target, skb->dev, 1); 1477 if (neigh) { 1478 rt6_redirect(dest, &ipv6_hdr(skb)->daddr, 1479 &ipv6_hdr(skb)->saddr, neigh, lladdr, 1480 on_link); 1481 neigh_release(neigh); 1482 } 1483 in6_dev_put(in6_dev); 1484} 1485 1486void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh, 1487 const struct in6_addr *target) 1488{ 1489 struct net_device *dev = skb->dev; 1490 struct net *net = dev_net(dev); 1491 struct sock *sk = net->ipv6.ndisc_sk; 1492 int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr); 1493 struct sk_buff *buff; 1494 struct icmp6hdr *icmph; 1495 struct in6_addr saddr_buf; 1496 struct in6_addr *addrp; 1497 struct rt6_info *rt; 1498 struct dst_entry *dst; 1499 struct inet6_dev *idev; 1500 struct flowi fl; 1501 u8 *opt; 1502 int rd_len; 1503 int err; 1504 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL; 1505 1506 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) { 1507 ND_PRINTK2(KERN_WARNING 1508 "ICMPv6 Redirect: no link-local address on %s\n", 1509 dev->name); 1510 return; 1511 } 1512 1513 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) && 1514 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) { 1515 ND_PRINTK2(KERN_WARNING 1516 "ICMPv6 Redirect: target address is not link-local unicast.\n"); 1517 return; 1518 } 1519 1520 icmpv6_flow_init(sk, &fl, NDISC_REDIRECT, 1521 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex); 1522 1523 dst = ip6_route_output(net, NULL, &fl); 1524 if (dst == NULL) 1525 return; 1526 1527 err = xfrm_lookup(&dst, &fl, NULL, 0); 1528 if (err) 1529 return; 1530 1531 rt = (struct rt6_info *) dst; 1532 1533 if (rt->rt6i_flags & RTF_GATEWAY) { 1534 ND_PRINTK2(KERN_WARNING 1535 "ICMPv6 Redirect: destination is not a neighbour.\n"); 1536 dst_release(dst); 1537 return; 1538 } 1539 if (!xrlim_allow(dst, 1*HZ)) { 1540 dst_release(dst); 1541 return; 1542 } 1543 1544 if (dev->addr_len) { 1545 read_lock_bh(&neigh->lock); 1546 if (neigh->nud_state & NUD_VALID) { 1547 memcpy(ha_buf, neigh->ha, dev->addr_len); 1548 read_unlock_bh(&neigh->lock); 1549 ha = ha_buf; 1550 len += ndisc_opt_addr_space(dev); 1551 } else 1552 read_unlock_bh(&neigh->lock); 1553 } 1554 1555 rd_len = min_t(unsigned int, 1556 IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8); 1557 rd_len &= ~0x7; 1558 len += rd_len; 1559 1560 buff = sock_alloc_send_skb(sk, 1561 (MAX_HEADER + sizeof(struct ipv6hdr) + 1562 len + LL_ALLOCATED_SPACE(dev)), 1563 1, &err); 1564 if (buff == NULL) { 1565 ND_PRINTK0(KERN_ERR 1566 "ICMPv6 Redirect: %s() failed to allocate an skb.\n", 1567 __func__); 1568 dst_release(dst); 1569 return; 1570 } 1571 1572 skb_reserve(buff, LL_RESERVED_SPACE(dev)); 1573 ip6_nd_hdr(sk, buff, dev, &saddr_buf, &ipv6_hdr(skb)->saddr, 1574 IPPROTO_ICMPV6, len); 1575 1576 skb_set_transport_header(buff, skb_tail_pointer(buff) - buff->data); 1577 skb_put(buff, len); 1578 icmph = icmp6_hdr(buff); 1579 1580 memset(icmph, 0, sizeof(struct icmp6hdr)); 1581 icmph->icmp6_type = NDISC_REDIRECT; 1582 1583 /* 1584 * copy target and destination addresses 1585 */ 1586 1587 addrp = (struct in6_addr *)(icmph + 1); 1588 ipv6_addr_copy(addrp, target); 1589 addrp++; 1590 ipv6_addr_copy(addrp, &ipv6_hdr(skb)->daddr); 1591 1592 opt = (u8*) (addrp + 1); 1593 1594 /* 1595 * include target_address option 1596 */ 1597 1598 if (ha) 1599 opt = ndisc_fill_addr_option(opt, ND_OPT_TARGET_LL_ADDR, ha, 1600 dev->addr_len, dev->type); 1601 1602 /* 1603 * build redirect option and copy skb over to the new packet. 1604 */ 1605 1606 memset(opt, 0, 8); 1607 *(opt++) = ND_OPT_REDIRECT_HDR; 1608 *(opt++) = (rd_len >> 3); 1609 opt += 6; 1610 1611 memcpy(opt, ipv6_hdr(skb), rd_len - 8); 1612 1613 icmph->icmp6_cksum = csum_ipv6_magic(&saddr_buf, &ipv6_hdr(skb)->saddr, 1614 len, IPPROTO_ICMPV6, 1615 csum_partial((u8 *) icmph, len, 0)); 1616 1617 buff->dst = dst; 1618 idev = in6_dev_get(dst->dev); 1619 IP6_INC_STATS(net, idev, IPSTATS_MIB_OUTREQUESTS); 1620 err = NF_HOOK(PF_INET6, NF_INET_LOCAL_OUT, buff, NULL, dst->dev, 1621 dst_output); 1622 if (!err) { 1623 ICMP6MSGOUT_INC_STATS(net, idev, NDISC_REDIRECT); 1624 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS); 1625 } 1626 1627 if (likely(idev != NULL)) 1628 in6_dev_put(idev); 1629} 1630 1631static void pndisc_redo(struct sk_buff *skb) 1632{ 1633 ndisc_recv_ns(skb); 1634 kfree_skb(skb); 1635} 1636 1637int ndisc_rcv(struct sk_buff *skb) 1638{ 1639 struct nd_msg *msg; 1640 1641 if (!pskb_may_pull(skb, skb->len)) 1642 return 0; 1643 1644 msg = (struct nd_msg *)skb_transport_header(skb); 1645 1646 __skb_push(skb, skb->data - skb_transport_header(skb)); 1647 1648 if (ipv6_hdr(skb)->hop_limit != 255) { 1649 ND_PRINTK2(KERN_WARNING 1650 "ICMPv6 NDISC: invalid hop-limit: %d\n", 1651 ipv6_hdr(skb)->hop_limit); 1652 return 0; 1653 } 1654 1655 if (msg->icmph.icmp6_code != 0) { 1656 ND_PRINTK2(KERN_WARNING 1657 "ICMPv6 NDISC: invalid ICMPv6 code: %d\n", 1658 msg->icmph.icmp6_code); 1659 return 0; 1660 } 1661 1662 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb)); 1663 1664 switch (msg->icmph.icmp6_type) { 1665 case NDISC_NEIGHBOUR_SOLICITATION: 1666 ndisc_recv_ns(skb); 1667 break; 1668 1669 case NDISC_NEIGHBOUR_ADVERTISEMENT: 1670 ndisc_recv_na(skb); 1671 break; 1672 1673 case NDISC_ROUTER_SOLICITATION: 1674 ndisc_recv_rs(skb); 1675 break; 1676 1677 case NDISC_ROUTER_ADVERTISEMENT: 1678 ndisc_router_discovery(skb); 1679 break; 1680 1681 case NDISC_REDIRECT: 1682 ndisc_redirect_rcv(skb); 1683 break; 1684 } 1685 1686 return 0; 1687} 1688 1689static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr) 1690{ 1691 struct net_device *dev = ptr; 1692 struct net *net = dev_net(dev); 1693 1694 switch (event) { 1695 case NETDEV_CHANGEADDR: 1696 neigh_changeaddr(&nd_tbl, dev); 1697 fib6_run_gc(~0UL, net); 1698 break; 1699 case NETDEV_DOWN: 1700 neigh_ifdown(&nd_tbl, dev); 1701 fib6_run_gc(~0UL, net); 1702 break; 1703 default: 1704 break; 1705 } 1706 1707 return NOTIFY_DONE; 1708} 1709 1710static struct notifier_block ndisc_netdev_notifier = { 1711 .notifier_call = ndisc_netdev_event, 1712}; 1713 1714#ifdef CONFIG_SYSCTL 1715static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl, 1716 const char *func, const char *dev_name) 1717{ 1718 static char warncomm[TASK_COMM_LEN]; 1719 static int warned; 1720 if (strcmp(warncomm, current->comm) && warned < 5) { 1721 strcpy(warncomm, current->comm); 1722 printk(KERN_WARNING 1723 "process `%s' is using deprecated sysctl (%s) " 1724 "net.ipv6.neigh.%s.%s; " 1725 "Use net.ipv6.neigh.%s.%s_ms " 1726 "instead.\n", 1727 warncomm, func, 1728 dev_name, ctl->procname, 1729 dev_name, ctl->procname); 1730 warned++; 1731 } 1732} 1733 1734int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, struct file * filp, void __user *buffer, size_t *lenp, loff_t *ppos) 1735{ 1736 struct net_device *dev = ctl->extra1; 1737 struct inet6_dev *idev; 1738 int ret; 1739 1740 if ((strcmp(ctl->procname, "retrans_time") == 0) || 1741 (strcmp(ctl->procname, "base_reachable_time") == 0)) 1742 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default"); 1743 1744 if (strcmp(ctl->procname, "retrans_time") == 0) 1745 ret = proc_dointvec(ctl, write, filp, buffer, lenp, ppos); 1746 1747 else if (strcmp(ctl->procname, "base_reachable_time") == 0) 1748 ret = proc_dointvec_jiffies(ctl, write, 1749 filp, buffer, lenp, ppos); 1750 1751 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) || 1752 (strcmp(ctl->procname, "base_reachable_time_ms") == 0)) 1753 ret = proc_dointvec_ms_jiffies(ctl, write, 1754 filp, buffer, lenp, ppos); 1755 else 1756 ret = -1; 1757 1758 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) { 1759 if (ctl->data == &idev->nd_parms->base_reachable_time) 1760 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time); 1761 idev->tstamp = jiffies; 1762 inet6_ifinfo_notify(RTM_NEWLINK, idev); 1763 in6_dev_put(idev); 1764 } 1765 return ret; 1766} 1767 1768int ndisc_ifinfo_sysctl_strategy(ctl_table *ctl, 1769 void __user *oldval, size_t __user *oldlenp, 1770 void __user *newval, size_t newlen) 1771{ 1772 struct net_device *dev = ctl->extra1; 1773 struct inet6_dev *idev; 1774 int ret; 1775 1776 if (ctl->ctl_name == NET_NEIGH_RETRANS_TIME || 1777 ctl->ctl_name == NET_NEIGH_REACHABLE_TIME) 1778 ndisc_warn_deprecated_sysctl(ctl, "procfs", dev ? dev->name : "default"); 1779 1780 switch (ctl->ctl_name) { 1781 case NET_NEIGH_REACHABLE_TIME: 1782 ret = sysctl_jiffies(ctl, oldval, oldlenp, newval, newlen); 1783 break; 1784 case NET_NEIGH_RETRANS_TIME_MS: 1785 case NET_NEIGH_REACHABLE_TIME_MS: 1786 ret = sysctl_ms_jiffies(ctl, oldval, oldlenp, newval, newlen); 1787 break; 1788 default: 1789 ret = 0; 1790 } 1791 1792 if (newval && newlen && ret > 0 && 1793 dev && (idev = in6_dev_get(dev)) != NULL) { 1794 if (ctl->ctl_name == NET_NEIGH_REACHABLE_TIME || 1795 ctl->ctl_name == NET_NEIGH_REACHABLE_TIME_MS) 1796 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time); 1797 idev->tstamp = jiffies; 1798 inet6_ifinfo_notify(RTM_NEWLINK, idev); 1799 in6_dev_put(idev); 1800 } 1801 1802 return ret; 1803} 1804 1805#endif 1806 1807static int ndisc_net_init(struct net *net) 1808{ 1809 struct ipv6_pinfo *np; 1810 struct sock *sk; 1811 int err; 1812 1813 err = inet_ctl_sock_create(&sk, PF_INET6, 1814 SOCK_RAW, IPPROTO_ICMPV6, net); 1815 if (err < 0) { 1816 ND_PRINTK0(KERN_ERR 1817 "ICMPv6 NDISC: Failed to initialize the control socket (err %d).\n", 1818 err); 1819 return err; 1820 } 1821 1822 net->ipv6.ndisc_sk = sk; 1823 1824 np = inet6_sk(sk); 1825 np->hop_limit = 255; 1826 /* Do not loopback ndisc messages */ 1827 np->mc_loop = 0; 1828 1829 return 0; 1830} 1831 1832static void ndisc_net_exit(struct net *net) 1833{ 1834 inet_ctl_sock_destroy(net->ipv6.ndisc_sk); 1835} 1836 1837static struct pernet_operations ndisc_net_ops = { 1838 .init = ndisc_net_init, 1839 .exit = ndisc_net_exit, 1840}; 1841 1842int __init ndisc_init(void) 1843{ 1844 int err; 1845 1846 err = register_pernet_subsys(&ndisc_net_ops); 1847 if (err) 1848 return err; 1849 /* 1850 * Initialize the neighbour table 1851 */ 1852 neigh_table_init(&nd_tbl); 1853 1854#ifdef CONFIG_SYSCTL 1855 err = neigh_sysctl_register(NULL, &nd_tbl.parms, NET_IPV6, 1856 NET_IPV6_NEIGH, "ipv6", 1857 &ndisc_ifinfo_sysctl_change, 1858 &ndisc_ifinfo_sysctl_strategy); 1859 if (err) 1860 goto out_unregister_pernet; 1861#endif 1862 err = register_netdevice_notifier(&ndisc_netdev_notifier); 1863 if (err) 1864 goto out_unregister_sysctl; 1865out: 1866 return err; 1867 1868out_unregister_sysctl: 1869#ifdef CONFIG_SYSCTL 1870 neigh_sysctl_unregister(&nd_tbl.parms); 1871out_unregister_pernet: 1872#endif 1873 unregister_pernet_subsys(&ndisc_net_ops); 1874 goto out; 1875} 1876 1877void ndisc_cleanup(void) 1878{ 1879 unregister_netdevice_notifier(&ndisc_netdev_notifier); 1880#ifdef CONFIG_SYSCTL 1881 neigh_sysctl_unregister(&nd_tbl.parms); 1882#endif 1883 neigh_table_clear(&nd_tbl); 1884 unregister_pernet_subsys(&ndisc_net_ops); 1885} 1886