ndisc.c revision 4c9483b2fb5d2548c3cc1fe03cdd4484ceeb5d1c
1/* 2 * Neighbour Discovery for IPv6 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * Mike Shaver <shaver@ingenia.com> 8 * 9 * This program is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU General Public License 11 * as published by the Free Software Foundation; either version 12 * 2 of the License, or (at your option) any later version. 13 */ 14 15/* 16 * Changes: 17 * 18 * Pierre Ynard : export userland ND options 19 * through netlink (RDNSS support) 20 * Lars Fenneberg : fixed MTU setting on receipt 21 * of an RA. 22 * Janos Farkas : kmalloc failure checks 23 * Alexey Kuznetsov : state machine reworked 24 * and moved to net/core. 25 * Pekka Savola : RFC2461 validation 26 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly 27 */ 28 29/* Set to 3 to get tracing... */ 30#define ND_DEBUG 1 31 32#define ND_PRINTK(fmt, args...) do { if (net_ratelimit()) { printk(fmt, ## args); } } while(0) 33#define ND_NOPRINTK(x...) do { ; } while(0) 34#define ND_PRINTK0 ND_PRINTK 35#define ND_PRINTK1 ND_NOPRINTK 36#define ND_PRINTK2 ND_NOPRINTK 37#define ND_PRINTK3 ND_NOPRINTK 38#if ND_DEBUG >= 1 39#undef ND_PRINTK1 40#define ND_PRINTK1 ND_PRINTK 41#endif 42#if ND_DEBUG >= 2 43#undef ND_PRINTK2 44#define ND_PRINTK2 ND_PRINTK 45#endif 46#if ND_DEBUG >= 3 47#undef ND_PRINTK3 48#define ND_PRINTK3 ND_PRINTK 49#endif 50 51#include <linux/module.h> 52#include <linux/errno.h> 53#include <linux/types.h> 54#include <linux/socket.h> 55#include <linux/sockios.h> 56#include <linux/sched.h> 57#include <linux/net.h> 58#include <linux/in6.h> 59#include <linux/route.h> 60#include <linux/init.h> 61#include <linux/rcupdate.h> 62#include <linux/slab.h> 63#ifdef CONFIG_SYSCTL 64#include <linux/sysctl.h> 65#endif 66 67#include <linux/if_addr.h> 68#include <linux/if_arp.h> 69#include <linux/ipv6.h> 70#include <linux/icmpv6.h> 71#include <linux/jhash.h> 72 73#include <net/sock.h> 74#include <net/snmp.h> 75 76#include <net/ipv6.h> 77#include <net/protocol.h> 78#include <net/ndisc.h> 79#include <net/ip6_route.h> 80#include <net/addrconf.h> 81#include <net/icmp.h> 82 83#include <net/netlink.h> 84#include <linux/rtnetlink.h> 85 86#include <net/flow.h> 87#include <net/ip6_checksum.h> 88#include <net/inet_common.h> 89#include <linux/proc_fs.h> 90 91#include <linux/netfilter.h> 92#include <linux/netfilter_ipv6.h> 93 94static u32 ndisc_hash(const void *pkey, 95 const struct net_device *dev, 96 __u32 rnd); 97static int ndisc_constructor(struct neighbour *neigh); 98static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb); 99static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb); 100static int pndisc_constructor(struct pneigh_entry *n); 101static void pndisc_destructor(struct pneigh_entry *n); 102static void pndisc_redo(struct sk_buff *skb); 103 104static const struct neigh_ops ndisc_generic_ops = { 105 .family = AF_INET6, 106 .solicit = ndisc_solicit, 107 .error_report = ndisc_error_report, 108 .output = neigh_resolve_output, 109 .connected_output = neigh_connected_output, 110 .hh_output = dev_queue_xmit, 111 .queue_xmit = dev_queue_xmit, 112}; 113 114static const struct neigh_ops ndisc_hh_ops = { 115 .family = AF_INET6, 116 .solicit = ndisc_solicit, 117 .error_report = ndisc_error_report, 118 .output = neigh_resolve_output, 119 .connected_output = neigh_resolve_output, 120 .hh_output = dev_queue_xmit, 121 .queue_xmit = dev_queue_xmit, 122}; 123 124 125static const struct neigh_ops ndisc_direct_ops = { 126 .family = AF_INET6, 127 .output = dev_queue_xmit, 128 .connected_output = dev_queue_xmit, 129 .hh_output = dev_queue_xmit, 130 .queue_xmit = dev_queue_xmit, 131}; 132 133struct neigh_table nd_tbl = { 134 .family = AF_INET6, 135 .entry_size = sizeof(struct neighbour) + sizeof(struct in6_addr), 136 .key_len = sizeof(struct in6_addr), 137 .hash = ndisc_hash, 138 .constructor = ndisc_constructor, 139 .pconstructor = pndisc_constructor, 140 .pdestructor = pndisc_destructor, 141 .proxy_redo = pndisc_redo, 142 .id = "ndisc_cache", 143 .parms = { 144 .tbl = &nd_tbl, 145 .base_reachable_time = ND_REACHABLE_TIME, 146 .retrans_time = ND_RETRANS_TIMER, 147 .gc_staletime = 60 * HZ, 148 .reachable_time = ND_REACHABLE_TIME, 149 .delay_probe_time = 5 * HZ, 150 .queue_len = 3, 151 .ucast_probes = 3, 152 .mcast_probes = 3, 153 .anycast_delay = 1 * HZ, 154 .proxy_delay = (8 * HZ) / 10, 155 .proxy_qlen = 64, 156 }, 157 .gc_interval = 30 * HZ, 158 .gc_thresh1 = 128, 159 .gc_thresh2 = 512, 160 .gc_thresh3 = 1024, 161}; 162 163/* ND options */ 164struct ndisc_options { 165 struct nd_opt_hdr *nd_opt_array[__ND_OPT_ARRAY_MAX]; 166#ifdef CONFIG_IPV6_ROUTE_INFO 167 struct nd_opt_hdr *nd_opts_ri; 168 struct nd_opt_hdr *nd_opts_ri_end; 169#endif 170 struct nd_opt_hdr *nd_useropts; 171 struct nd_opt_hdr *nd_useropts_end; 172}; 173 174#define nd_opts_src_lladdr nd_opt_array[ND_OPT_SOURCE_LL_ADDR] 175#define nd_opts_tgt_lladdr nd_opt_array[ND_OPT_TARGET_LL_ADDR] 176#define nd_opts_pi nd_opt_array[ND_OPT_PREFIX_INFO] 177#define nd_opts_pi_end nd_opt_array[__ND_OPT_PREFIX_INFO_END] 178#define nd_opts_rh nd_opt_array[ND_OPT_REDIRECT_HDR] 179#define nd_opts_mtu nd_opt_array[ND_OPT_MTU] 180 181#define NDISC_OPT_SPACE(len) (((len)+2+7)&~7) 182 183/* 184 * Return the padding between the option length and the start of the 185 * link addr. Currently only IP-over-InfiniBand needs this, although 186 * if RFC 3831 IPv6-over-Fibre Channel is ever implemented it may 187 * also need a pad of 2. 188 */ 189static int ndisc_addr_option_pad(unsigned short type) 190{ 191 switch (type) { 192 case ARPHRD_INFINIBAND: return 2; 193 default: return 0; 194 } 195} 196 197static inline int ndisc_opt_addr_space(struct net_device *dev) 198{ 199 return NDISC_OPT_SPACE(dev->addr_len + ndisc_addr_option_pad(dev->type)); 200} 201 202static u8 *ndisc_fill_addr_option(u8 *opt, int type, void *data, int data_len, 203 unsigned short addr_type) 204{ 205 int space = NDISC_OPT_SPACE(data_len); 206 int pad = ndisc_addr_option_pad(addr_type); 207 208 opt[0] = type; 209 opt[1] = space>>3; 210 211 memset(opt + 2, 0, pad); 212 opt += pad; 213 space -= pad; 214 215 memcpy(opt+2, data, data_len); 216 data_len += 2; 217 opt += data_len; 218 if ((space -= data_len) > 0) 219 memset(opt, 0, space); 220 return opt + space; 221} 222 223static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur, 224 struct nd_opt_hdr *end) 225{ 226 int type; 227 if (!cur || !end || cur >= end) 228 return NULL; 229 type = cur->nd_opt_type; 230 do { 231 cur = ((void *)cur) + (cur->nd_opt_len << 3); 232 } while(cur < end && cur->nd_opt_type != type); 233 return cur <= end && cur->nd_opt_type == type ? cur : NULL; 234} 235 236static inline int ndisc_is_useropt(struct nd_opt_hdr *opt) 237{ 238 return opt->nd_opt_type == ND_OPT_RDNSS; 239} 240 241static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur, 242 struct nd_opt_hdr *end) 243{ 244 if (!cur || !end || cur >= end) 245 return NULL; 246 do { 247 cur = ((void *)cur) + (cur->nd_opt_len << 3); 248 } while(cur < end && !ndisc_is_useropt(cur)); 249 return cur <= end && ndisc_is_useropt(cur) ? cur : NULL; 250} 251 252static struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len, 253 struct ndisc_options *ndopts) 254{ 255 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt; 256 257 if (!nd_opt || opt_len < 0 || !ndopts) 258 return NULL; 259 memset(ndopts, 0, sizeof(*ndopts)); 260 while (opt_len) { 261 int l; 262 if (opt_len < sizeof(struct nd_opt_hdr)) 263 return NULL; 264 l = nd_opt->nd_opt_len << 3; 265 if (opt_len < l || l == 0) 266 return NULL; 267 switch (nd_opt->nd_opt_type) { 268 case ND_OPT_SOURCE_LL_ADDR: 269 case ND_OPT_TARGET_LL_ADDR: 270 case ND_OPT_MTU: 271 case ND_OPT_REDIRECT_HDR: 272 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) { 273 ND_PRINTK2(KERN_WARNING 274 "%s(): duplicated ND6 option found: type=%d\n", 275 __func__, 276 nd_opt->nd_opt_type); 277 } else { 278 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 279 } 280 break; 281 case ND_OPT_PREFIX_INFO: 282 ndopts->nd_opts_pi_end = nd_opt; 283 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type]) 284 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 285 break; 286#ifdef CONFIG_IPV6_ROUTE_INFO 287 case ND_OPT_ROUTE_INFO: 288 ndopts->nd_opts_ri_end = nd_opt; 289 if (!ndopts->nd_opts_ri) 290 ndopts->nd_opts_ri = nd_opt; 291 break; 292#endif 293 default: 294 if (ndisc_is_useropt(nd_opt)) { 295 ndopts->nd_useropts_end = nd_opt; 296 if (!ndopts->nd_useropts) 297 ndopts->nd_useropts = nd_opt; 298 } else { 299 /* 300 * Unknown options must be silently ignored, 301 * to accommodate future extension to the 302 * protocol. 303 */ 304 ND_PRINTK2(KERN_NOTICE 305 "%s(): ignored unsupported option; type=%d, len=%d\n", 306 __func__, 307 nd_opt->nd_opt_type, nd_opt->nd_opt_len); 308 } 309 } 310 opt_len -= l; 311 nd_opt = ((void *)nd_opt) + l; 312 } 313 return ndopts; 314} 315 316static inline u8 *ndisc_opt_addr_data(struct nd_opt_hdr *p, 317 struct net_device *dev) 318{ 319 u8 *lladdr = (u8 *)(p + 1); 320 int lladdrlen = p->nd_opt_len << 3; 321 int prepad = ndisc_addr_option_pad(dev->type); 322 if (lladdrlen != NDISC_OPT_SPACE(dev->addr_len + prepad)) 323 return NULL; 324 return lladdr + prepad; 325} 326 327int ndisc_mc_map(struct in6_addr *addr, char *buf, struct net_device *dev, int dir) 328{ 329 switch (dev->type) { 330 case ARPHRD_ETHER: 331 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */ 332 case ARPHRD_FDDI: 333 ipv6_eth_mc_map(addr, buf); 334 return 0; 335 case ARPHRD_IEEE802_TR: 336 ipv6_tr_mc_map(addr,buf); 337 return 0; 338 case ARPHRD_ARCNET: 339 ipv6_arcnet_mc_map(addr, buf); 340 return 0; 341 case ARPHRD_INFINIBAND: 342 ipv6_ib_mc_map(addr, dev->broadcast, buf); 343 return 0; 344 default: 345 if (dir) { 346 memcpy(buf, dev->broadcast, dev->addr_len); 347 return 0; 348 } 349 } 350 return -EINVAL; 351} 352 353EXPORT_SYMBOL(ndisc_mc_map); 354 355static u32 ndisc_hash(const void *pkey, 356 const struct net_device *dev, 357 __u32 hash_rnd) 358{ 359 const u32 *p32 = pkey; 360 u32 addr_hash, i; 361 362 addr_hash = 0; 363 for (i = 0; i < (sizeof(struct in6_addr) / sizeof(u32)); i++) 364 addr_hash ^= *p32++; 365 366 return jhash_2words(addr_hash, dev->ifindex, hash_rnd); 367} 368 369static int ndisc_constructor(struct neighbour *neigh) 370{ 371 struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key; 372 struct net_device *dev = neigh->dev; 373 struct inet6_dev *in6_dev; 374 struct neigh_parms *parms; 375 int is_multicast = ipv6_addr_is_multicast(addr); 376 377 rcu_read_lock(); 378 in6_dev = in6_dev_get(dev); 379 if (in6_dev == NULL) { 380 rcu_read_unlock(); 381 return -EINVAL; 382 } 383 384 parms = in6_dev->nd_parms; 385 __neigh_parms_put(neigh->parms); 386 neigh->parms = neigh_parms_clone(parms); 387 rcu_read_unlock(); 388 389 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST; 390 if (!dev->header_ops) { 391 neigh->nud_state = NUD_NOARP; 392 neigh->ops = &ndisc_direct_ops; 393 neigh->output = neigh->ops->queue_xmit; 394 } else { 395 if (is_multicast) { 396 neigh->nud_state = NUD_NOARP; 397 ndisc_mc_map(addr, neigh->ha, dev, 1); 398 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) { 399 neigh->nud_state = NUD_NOARP; 400 memcpy(neigh->ha, dev->dev_addr, dev->addr_len); 401 if (dev->flags&IFF_LOOPBACK) 402 neigh->type = RTN_LOCAL; 403 } else if (dev->flags&IFF_POINTOPOINT) { 404 neigh->nud_state = NUD_NOARP; 405 memcpy(neigh->ha, dev->broadcast, dev->addr_len); 406 } 407 if (dev->header_ops->cache) 408 neigh->ops = &ndisc_hh_ops; 409 else 410 neigh->ops = &ndisc_generic_ops; 411 if (neigh->nud_state&NUD_VALID) 412 neigh->output = neigh->ops->connected_output; 413 else 414 neigh->output = neigh->ops->output; 415 } 416 in6_dev_put(in6_dev); 417 return 0; 418} 419 420static int pndisc_constructor(struct pneigh_entry *n) 421{ 422 struct in6_addr *addr = (struct in6_addr*)&n->key; 423 struct in6_addr maddr; 424 struct net_device *dev = n->dev; 425 426 if (dev == NULL || __in6_dev_get(dev) == NULL) 427 return -EINVAL; 428 addrconf_addr_solict_mult(addr, &maddr); 429 ipv6_dev_mc_inc(dev, &maddr); 430 return 0; 431} 432 433static void pndisc_destructor(struct pneigh_entry *n) 434{ 435 struct in6_addr *addr = (struct in6_addr*)&n->key; 436 struct in6_addr maddr; 437 struct net_device *dev = n->dev; 438 439 if (dev == NULL || __in6_dev_get(dev) == NULL) 440 return; 441 addrconf_addr_solict_mult(addr, &maddr); 442 ipv6_dev_mc_dec(dev, &maddr); 443} 444 445struct sk_buff *ndisc_build_skb(struct net_device *dev, 446 const struct in6_addr *daddr, 447 const struct in6_addr *saddr, 448 struct icmp6hdr *icmp6h, 449 const struct in6_addr *target, 450 int llinfo) 451{ 452 struct net *net = dev_net(dev); 453 struct sock *sk = net->ipv6.ndisc_sk; 454 struct sk_buff *skb; 455 struct icmp6hdr *hdr; 456 int len; 457 int err; 458 u8 *opt; 459 460 if (!dev->addr_len) 461 llinfo = 0; 462 463 len = sizeof(struct icmp6hdr) + (target ? sizeof(*target) : 0); 464 if (llinfo) 465 len += ndisc_opt_addr_space(dev); 466 467 skb = sock_alloc_send_skb(sk, 468 (MAX_HEADER + sizeof(struct ipv6hdr) + 469 len + LL_ALLOCATED_SPACE(dev)), 470 1, &err); 471 if (!skb) { 472 ND_PRINTK0(KERN_ERR 473 "ICMPv6 ND: %s() failed to allocate an skb, err=%d.\n", 474 __func__, err); 475 return NULL; 476 } 477 478 skb_reserve(skb, LL_RESERVED_SPACE(dev)); 479 ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len); 480 481 skb->transport_header = skb->tail; 482 skb_put(skb, len); 483 484 hdr = (struct icmp6hdr *)skb_transport_header(skb); 485 memcpy(hdr, icmp6h, sizeof(*hdr)); 486 487 opt = skb_transport_header(skb) + sizeof(struct icmp6hdr); 488 if (target) { 489 ipv6_addr_copy((struct in6_addr *)opt, target); 490 opt += sizeof(*target); 491 } 492 493 if (llinfo) 494 ndisc_fill_addr_option(opt, llinfo, dev->dev_addr, 495 dev->addr_len, dev->type); 496 497 hdr->icmp6_cksum = csum_ipv6_magic(saddr, daddr, len, 498 IPPROTO_ICMPV6, 499 csum_partial(hdr, 500 len, 0)); 501 502 return skb; 503} 504 505EXPORT_SYMBOL(ndisc_build_skb); 506 507void ndisc_send_skb(struct sk_buff *skb, 508 struct net_device *dev, 509 struct neighbour *neigh, 510 const struct in6_addr *daddr, 511 const struct in6_addr *saddr, 512 struct icmp6hdr *icmp6h) 513{ 514 struct flowi6 fl6; 515 struct dst_entry *dst; 516 struct net *net = dev_net(dev); 517 struct sock *sk = net->ipv6.ndisc_sk; 518 struct inet6_dev *idev; 519 int err; 520 u8 type; 521 522 type = icmp6h->icmp6_type; 523 524 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, dev->ifindex); 525 526 dst = icmp6_dst_alloc(dev, neigh, daddr); 527 if (!dst) { 528 kfree_skb(skb); 529 return; 530 } 531 532 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0); 533 if (IS_ERR(dst)) { 534 kfree_skb(skb); 535 return; 536 } 537 538 skb_dst_set(skb, dst); 539 540 idev = in6_dev_get(dst->dev); 541 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len); 542 543 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev, 544 dst_output); 545 if (!err) { 546 ICMP6MSGOUT_INC_STATS(net, idev, type); 547 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS); 548 } 549 550 if (likely(idev != NULL)) 551 in6_dev_put(idev); 552} 553 554EXPORT_SYMBOL(ndisc_send_skb); 555 556/* 557 * Send a Neighbour Discover packet 558 */ 559static void __ndisc_send(struct net_device *dev, 560 struct neighbour *neigh, 561 const struct in6_addr *daddr, 562 const struct in6_addr *saddr, 563 struct icmp6hdr *icmp6h, const struct in6_addr *target, 564 int llinfo) 565{ 566 struct sk_buff *skb; 567 568 skb = ndisc_build_skb(dev, daddr, saddr, icmp6h, target, llinfo); 569 if (!skb) 570 return; 571 572 ndisc_send_skb(skb, dev, neigh, daddr, saddr, icmp6h); 573} 574 575static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh, 576 const struct in6_addr *daddr, 577 const struct in6_addr *solicited_addr, 578 int router, int solicited, int override, int inc_opt) 579{ 580 struct in6_addr tmpaddr; 581 struct inet6_ifaddr *ifp; 582 const struct in6_addr *src_addr; 583 struct icmp6hdr icmp6h = { 584 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT, 585 }; 586 587 /* for anycast or proxy, solicited_addr != src_addr */ 588 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1); 589 if (ifp) { 590 src_addr = solicited_addr; 591 if (ifp->flags & IFA_F_OPTIMISTIC) 592 override = 0; 593 inc_opt |= ifp->idev->cnf.force_tllao; 594 in6_ifa_put(ifp); 595 } else { 596 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr, 597 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs, 598 &tmpaddr)) 599 return; 600 src_addr = &tmpaddr; 601 } 602 603 icmp6h.icmp6_router = router; 604 icmp6h.icmp6_solicited = solicited; 605 icmp6h.icmp6_override = override; 606 607 __ndisc_send(dev, neigh, daddr, src_addr, 608 &icmp6h, solicited_addr, 609 inc_opt ? ND_OPT_TARGET_LL_ADDR : 0); 610} 611 612void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh, 613 const struct in6_addr *solicit, 614 const struct in6_addr *daddr, const struct in6_addr *saddr) 615{ 616 struct in6_addr addr_buf; 617 struct icmp6hdr icmp6h = { 618 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION, 619 }; 620 621 if (saddr == NULL) { 622 if (ipv6_get_lladdr(dev, &addr_buf, 623 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))) 624 return; 625 saddr = &addr_buf; 626 } 627 628 __ndisc_send(dev, neigh, daddr, saddr, 629 &icmp6h, solicit, 630 !ipv6_addr_any(saddr) ? ND_OPT_SOURCE_LL_ADDR : 0); 631} 632 633void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr, 634 const struct in6_addr *daddr) 635{ 636 struct icmp6hdr icmp6h = { 637 .icmp6_type = NDISC_ROUTER_SOLICITATION, 638 }; 639 int send_sllao = dev->addr_len; 640 641#ifdef CONFIG_IPV6_OPTIMISTIC_DAD 642 /* 643 * According to section 2.2 of RFC 4429, we must not 644 * send router solicitations with a sllao from 645 * optimistic addresses, but we may send the solicitation 646 * if we don't include the sllao. So here we check 647 * if our address is optimistic, and if so, we 648 * suppress the inclusion of the sllao. 649 */ 650 if (send_sllao) { 651 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr, 652 dev, 1); 653 if (ifp) { 654 if (ifp->flags & IFA_F_OPTIMISTIC) { 655 send_sllao = 0; 656 } 657 in6_ifa_put(ifp); 658 } else { 659 send_sllao = 0; 660 } 661 } 662#endif 663 __ndisc_send(dev, NULL, daddr, saddr, 664 &icmp6h, NULL, 665 send_sllao ? ND_OPT_SOURCE_LL_ADDR : 0); 666} 667 668 669static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb) 670{ 671 /* 672 * "The sender MUST return an ICMP 673 * destination unreachable" 674 */ 675 dst_link_failure(skb); 676 kfree_skb(skb); 677} 678 679/* Called with locked neigh: either read or both */ 680 681static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb) 682{ 683 struct in6_addr *saddr = NULL; 684 struct in6_addr mcaddr; 685 struct net_device *dev = neigh->dev; 686 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key; 687 int probes = atomic_read(&neigh->probes); 688 689 if (skb && ipv6_chk_addr(dev_net(dev), &ipv6_hdr(skb)->saddr, dev, 1)) 690 saddr = &ipv6_hdr(skb)->saddr; 691 692 if ((probes -= neigh->parms->ucast_probes) < 0) { 693 if (!(neigh->nud_state & NUD_VALID)) { 694 ND_PRINTK1(KERN_DEBUG "%s(): trying to ucast probe in NUD_INVALID: %pI6\n", 695 __func__, target); 696 } 697 ndisc_send_ns(dev, neigh, target, target, saddr); 698 } else if ((probes -= neigh->parms->app_probes) < 0) { 699#ifdef CONFIG_ARPD 700 neigh_app_ns(neigh); 701#endif 702 } else { 703 addrconf_addr_solict_mult(target, &mcaddr); 704 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr); 705 } 706} 707 708static int pndisc_is_router(const void *pkey, 709 struct net_device *dev) 710{ 711 struct pneigh_entry *n; 712 int ret = -1; 713 714 read_lock_bh(&nd_tbl.lock); 715 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev); 716 if (n) 717 ret = !!(n->flags & NTF_ROUTER); 718 read_unlock_bh(&nd_tbl.lock); 719 720 return ret; 721} 722 723static void ndisc_recv_ns(struct sk_buff *skb) 724{ 725 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb); 726 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 727 struct in6_addr *daddr = &ipv6_hdr(skb)->daddr; 728 u8 *lladdr = NULL; 729 u32 ndoptlen = skb->tail - (skb->transport_header + 730 offsetof(struct nd_msg, opt)); 731 struct ndisc_options ndopts; 732 struct net_device *dev = skb->dev; 733 struct inet6_ifaddr *ifp; 734 struct inet6_dev *idev = NULL; 735 struct neighbour *neigh; 736 int dad = ipv6_addr_any(saddr); 737 int inc; 738 int is_router = -1; 739 740 if (ipv6_addr_is_multicast(&msg->target)) { 741 ND_PRINTK2(KERN_WARNING 742 "ICMPv6 NS: multicast target address"); 743 return; 744 } 745 746 /* 747 * RFC2461 7.1.1: 748 * DAD has to be destined for solicited node multicast address. 749 */ 750 if (dad && 751 !(daddr->s6_addr32[0] == htonl(0xff020000) && 752 daddr->s6_addr32[1] == htonl(0x00000000) && 753 daddr->s6_addr32[2] == htonl(0x00000001) && 754 daddr->s6_addr [12] == 0xff )) { 755 ND_PRINTK2(KERN_WARNING 756 "ICMPv6 NS: bad DAD packet (wrong destination)\n"); 757 return; 758 } 759 760 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) { 761 ND_PRINTK2(KERN_WARNING 762 "ICMPv6 NS: invalid ND options\n"); 763 return; 764 } 765 766 if (ndopts.nd_opts_src_lladdr) { 767 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev); 768 if (!lladdr) { 769 ND_PRINTK2(KERN_WARNING 770 "ICMPv6 NS: invalid link-layer address length\n"); 771 return; 772 } 773 774 /* RFC2461 7.1.1: 775 * If the IP source address is the unspecified address, 776 * there MUST NOT be source link-layer address option 777 * in the message. 778 */ 779 if (dad) { 780 ND_PRINTK2(KERN_WARNING 781 "ICMPv6 NS: bad DAD packet (link-layer address option)\n"); 782 return; 783 } 784 } 785 786 inc = ipv6_addr_is_multicast(daddr); 787 788 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1); 789 if (ifp) { 790 791 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) { 792 if (dad) { 793 if (dev->type == ARPHRD_IEEE802_TR) { 794 const unsigned char *sadr; 795 sadr = skb_mac_header(skb); 796 if (((sadr[8] ^ dev->dev_addr[0]) & 0x7f) == 0 && 797 sadr[9] == dev->dev_addr[1] && 798 sadr[10] == dev->dev_addr[2] && 799 sadr[11] == dev->dev_addr[3] && 800 sadr[12] == dev->dev_addr[4] && 801 sadr[13] == dev->dev_addr[5]) { 802 /* looped-back to us */ 803 goto out; 804 } 805 } 806 807 /* 808 * We are colliding with another node 809 * who is doing DAD 810 * so fail our DAD process 811 */ 812 addrconf_dad_failure(ifp); 813 return; 814 } else { 815 /* 816 * This is not a dad solicitation. 817 * If we are an optimistic node, 818 * we should respond. 819 * Otherwise, we should ignore it. 820 */ 821 if (!(ifp->flags & IFA_F_OPTIMISTIC)) 822 goto out; 823 } 824 } 825 826 idev = ifp->idev; 827 } else { 828 struct net *net = dev_net(dev); 829 830 idev = in6_dev_get(dev); 831 if (!idev) { 832 /* XXX: count this drop? */ 833 return; 834 } 835 836 if (ipv6_chk_acast_addr(net, dev, &msg->target) || 837 (idev->cnf.forwarding && 838 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) && 839 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) { 840 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) && 841 skb->pkt_type != PACKET_HOST && 842 inc != 0 && 843 idev->nd_parms->proxy_delay != 0) { 844 /* 845 * for anycast or proxy, 846 * sender should delay its response 847 * by a random time between 0 and 848 * MAX_ANYCAST_DELAY_TIME seconds. 849 * (RFC2461) -- yoshfuji 850 */ 851 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC); 852 if (n) 853 pneigh_enqueue(&nd_tbl, idev->nd_parms, n); 854 goto out; 855 } 856 } else 857 goto out; 858 } 859 860 if (is_router < 0) 861 is_router = !!idev->cnf.forwarding; 862 863 if (dad) { 864 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &msg->target, 865 is_router, 0, (ifp != NULL), 1); 866 goto out; 867 } 868 869 if (inc) 870 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast); 871 else 872 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast); 873 874 /* 875 * update / create cache entry 876 * for the source address 877 */ 878 neigh = __neigh_lookup(&nd_tbl, saddr, dev, 879 !inc || lladdr || !dev->addr_len); 880 if (neigh) 881 neigh_update(neigh, lladdr, NUD_STALE, 882 NEIGH_UPDATE_F_WEAK_OVERRIDE| 883 NEIGH_UPDATE_F_OVERRIDE); 884 if (neigh || !dev->header_ops) { 885 ndisc_send_na(dev, neigh, saddr, &msg->target, 886 is_router, 887 1, (ifp != NULL && inc), inc); 888 if (neigh) 889 neigh_release(neigh); 890 } 891 892out: 893 if (ifp) 894 in6_ifa_put(ifp); 895 else 896 in6_dev_put(idev); 897} 898 899static void ndisc_recv_na(struct sk_buff *skb) 900{ 901 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb); 902 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 903 struct in6_addr *daddr = &ipv6_hdr(skb)->daddr; 904 u8 *lladdr = NULL; 905 u32 ndoptlen = skb->tail - (skb->transport_header + 906 offsetof(struct nd_msg, opt)); 907 struct ndisc_options ndopts; 908 struct net_device *dev = skb->dev; 909 struct inet6_ifaddr *ifp; 910 struct neighbour *neigh; 911 912 if (skb->len < sizeof(struct nd_msg)) { 913 ND_PRINTK2(KERN_WARNING 914 "ICMPv6 NA: packet too short\n"); 915 return; 916 } 917 918 if (ipv6_addr_is_multicast(&msg->target)) { 919 ND_PRINTK2(KERN_WARNING 920 "ICMPv6 NA: target address is multicast.\n"); 921 return; 922 } 923 924 if (ipv6_addr_is_multicast(daddr) && 925 msg->icmph.icmp6_solicited) { 926 ND_PRINTK2(KERN_WARNING 927 "ICMPv6 NA: solicited NA is multicasted.\n"); 928 return; 929 } 930 931 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) { 932 ND_PRINTK2(KERN_WARNING 933 "ICMPv6 NS: invalid ND option\n"); 934 return; 935 } 936 if (ndopts.nd_opts_tgt_lladdr) { 937 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev); 938 if (!lladdr) { 939 ND_PRINTK2(KERN_WARNING 940 "ICMPv6 NA: invalid link-layer address length\n"); 941 return; 942 } 943 } 944 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1); 945 if (ifp) { 946 if (ifp->flags & IFA_F_TENTATIVE) { 947 addrconf_dad_failure(ifp); 948 return; 949 } 950 /* What should we make now? The advertisement 951 is invalid, but ndisc specs say nothing 952 about it. It could be misconfiguration, or 953 an smart proxy agent tries to help us :-) 954 955 We should not print the error if NA has been 956 received from loopback - it is just our own 957 unsolicited advertisement. 958 */ 959 if (skb->pkt_type != PACKET_LOOPBACK) 960 ND_PRINTK1(KERN_WARNING 961 "ICMPv6 NA: someone advertises our address %pI6 on %s!\n", 962 &ifp->addr, ifp->idev->dev->name); 963 in6_ifa_put(ifp); 964 return; 965 } 966 neigh = neigh_lookup(&nd_tbl, &msg->target, dev); 967 968 if (neigh) { 969 u8 old_flags = neigh->flags; 970 struct net *net = dev_net(dev); 971 972 if (neigh->nud_state & NUD_FAILED) 973 goto out; 974 975 /* 976 * Don't update the neighbor cache entry on a proxy NA from 977 * ourselves because either the proxied node is off link or it 978 * has already sent a NA to us. 979 */ 980 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) && 981 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp && 982 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) { 983 /* XXX: idev->cnf.prixy_ndp */ 984 goto out; 985 } 986 987 neigh_update(neigh, lladdr, 988 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE, 989 NEIGH_UPDATE_F_WEAK_OVERRIDE| 990 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)| 991 NEIGH_UPDATE_F_OVERRIDE_ISROUTER| 992 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0)); 993 994 if ((old_flags & ~neigh->flags) & NTF_ROUTER) { 995 /* 996 * Change: router to host 997 */ 998 struct rt6_info *rt; 999 rt = rt6_get_dflt_router(saddr, dev); 1000 if (rt) 1001 ip6_del_rt(rt); 1002 } 1003 1004out: 1005 neigh_release(neigh); 1006 } 1007} 1008 1009static void ndisc_recv_rs(struct sk_buff *skb) 1010{ 1011 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb); 1012 unsigned long ndoptlen = skb->len - sizeof(*rs_msg); 1013 struct neighbour *neigh; 1014 struct inet6_dev *idev; 1015 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 1016 struct ndisc_options ndopts; 1017 u8 *lladdr = NULL; 1018 1019 if (skb->len < sizeof(*rs_msg)) 1020 return; 1021 1022 idev = in6_dev_get(skb->dev); 1023 if (!idev) { 1024 if (net_ratelimit()) 1025 ND_PRINTK1("ICMP6 RS: can't find in6 device\n"); 1026 return; 1027 } 1028 1029 /* Don't accept RS if we're not in router mode */ 1030 if (!idev->cnf.forwarding) 1031 goto out; 1032 1033 /* 1034 * Don't update NCE if src = ::; 1035 * this implies that the source node has no ip address assigned yet. 1036 */ 1037 if (ipv6_addr_any(saddr)) 1038 goto out; 1039 1040 /* Parse ND options */ 1041 if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) { 1042 if (net_ratelimit()) 1043 ND_PRINTK2("ICMP6 NS: invalid ND option, ignored\n"); 1044 goto out; 1045 } 1046 1047 if (ndopts.nd_opts_src_lladdr) { 1048 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, 1049 skb->dev); 1050 if (!lladdr) 1051 goto out; 1052 } 1053 1054 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1); 1055 if (neigh) { 1056 neigh_update(neigh, lladdr, NUD_STALE, 1057 NEIGH_UPDATE_F_WEAK_OVERRIDE| 1058 NEIGH_UPDATE_F_OVERRIDE| 1059 NEIGH_UPDATE_F_OVERRIDE_ISROUTER); 1060 neigh_release(neigh); 1061 } 1062out: 1063 in6_dev_put(idev); 1064} 1065 1066static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt) 1067{ 1068 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra); 1069 struct sk_buff *skb; 1070 struct nlmsghdr *nlh; 1071 struct nduseroptmsg *ndmsg; 1072 struct net *net = dev_net(ra->dev); 1073 int err; 1074 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg) 1075 + (opt->nd_opt_len << 3)); 1076 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr)); 1077 1078 skb = nlmsg_new(msg_size, GFP_ATOMIC); 1079 if (skb == NULL) { 1080 err = -ENOBUFS; 1081 goto errout; 1082 } 1083 1084 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0); 1085 if (nlh == NULL) { 1086 goto nla_put_failure; 1087 } 1088 1089 ndmsg = nlmsg_data(nlh); 1090 ndmsg->nduseropt_family = AF_INET6; 1091 ndmsg->nduseropt_ifindex = ra->dev->ifindex; 1092 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type; 1093 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code; 1094 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3; 1095 1096 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3); 1097 1098 NLA_PUT(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr), 1099 &ipv6_hdr(ra)->saddr); 1100 nlmsg_end(skb, nlh); 1101 1102 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC); 1103 return; 1104 1105nla_put_failure: 1106 nlmsg_free(skb); 1107 err = -EMSGSIZE; 1108errout: 1109 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err); 1110} 1111 1112static inline int accept_ra(struct inet6_dev *in6_dev) 1113{ 1114 /* 1115 * If forwarding is enabled, RA are not accepted unless the special 1116 * hybrid mode (accept_ra=2) is enabled. 1117 */ 1118 if (in6_dev->cnf.forwarding && in6_dev->cnf.accept_ra < 2) 1119 return 0; 1120 1121 return in6_dev->cnf.accept_ra; 1122} 1123 1124static void ndisc_router_discovery(struct sk_buff *skb) 1125{ 1126 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb); 1127 struct neighbour *neigh = NULL; 1128 struct inet6_dev *in6_dev; 1129 struct rt6_info *rt = NULL; 1130 int lifetime; 1131 struct ndisc_options ndopts; 1132 int optlen; 1133 unsigned int pref = 0; 1134 1135 __u8 * opt = (__u8 *)(ra_msg + 1); 1136 1137 optlen = (skb->tail - skb->transport_header) - sizeof(struct ra_msg); 1138 1139 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) { 1140 ND_PRINTK2(KERN_WARNING 1141 "ICMPv6 RA: source address is not link-local.\n"); 1142 return; 1143 } 1144 if (optlen < 0) { 1145 ND_PRINTK2(KERN_WARNING 1146 "ICMPv6 RA: packet too short\n"); 1147 return; 1148 } 1149 1150#ifdef CONFIG_IPV6_NDISC_NODETYPE 1151 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) { 1152 ND_PRINTK2(KERN_WARNING 1153 "ICMPv6 RA: from host or unauthorized router\n"); 1154 return; 1155 } 1156#endif 1157 1158 /* 1159 * set the RA_RECV flag in the interface 1160 */ 1161 1162 in6_dev = in6_dev_get(skb->dev); 1163 if (in6_dev == NULL) { 1164 ND_PRINTK0(KERN_ERR 1165 "ICMPv6 RA: can't find inet6 device for %s.\n", 1166 skb->dev->name); 1167 return; 1168 } 1169 1170 if (!ndisc_parse_options(opt, optlen, &ndopts)) { 1171 in6_dev_put(in6_dev); 1172 ND_PRINTK2(KERN_WARNING 1173 "ICMP6 RA: invalid ND options\n"); 1174 return; 1175 } 1176 1177 if (!accept_ra(in6_dev)) 1178 goto skip_linkparms; 1179 1180#ifdef CONFIG_IPV6_NDISC_NODETYPE 1181 /* skip link-specific parameters from interior routers */ 1182 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) 1183 goto skip_linkparms; 1184#endif 1185 1186 if (in6_dev->if_flags & IF_RS_SENT) { 1187 /* 1188 * flag that an RA was received after an RS was sent 1189 * out on this interface. 1190 */ 1191 in6_dev->if_flags |= IF_RA_RCVD; 1192 } 1193 1194 /* 1195 * Remember the managed/otherconf flags from most recently 1196 * received RA message (RFC 2462) -- yoshfuji 1197 */ 1198 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED | 1199 IF_RA_OTHERCONF)) | 1200 (ra_msg->icmph.icmp6_addrconf_managed ? 1201 IF_RA_MANAGED : 0) | 1202 (ra_msg->icmph.icmp6_addrconf_other ? 1203 IF_RA_OTHERCONF : 0); 1204 1205 if (!in6_dev->cnf.accept_ra_defrtr) 1206 goto skip_defrtr; 1207 1208 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime); 1209 1210#ifdef CONFIG_IPV6_ROUTER_PREF 1211 pref = ra_msg->icmph.icmp6_router_pref; 1212 /* 10b is handled as if it were 00b (medium) */ 1213 if (pref == ICMPV6_ROUTER_PREF_INVALID || 1214 !in6_dev->cnf.accept_ra_rtr_pref) 1215 pref = ICMPV6_ROUTER_PREF_MEDIUM; 1216#endif 1217 1218 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev); 1219 1220 if (rt) 1221 neigh = rt->rt6i_nexthop; 1222 1223 if (rt && lifetime == 0) { 1224 neigh_clone(neigh); 1225 ip6_del_rt(rt); 1226 rt = NULL; 1227 } 1228 1229 if (rt == NULL && lifetime) { 1230 ND_PRINTK3(KERN_DEBUG 1231 "ICMPv6 RA: adding default router.\n"); 1232 1233 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref); 1234 if (rt == NULL) { 1235 ND_PRINTK0(KERN_ERR 1236 "ICMPv6 RA: %s() failed to add default route.\n", 1237 __func__); 1238 in6_dev_put(in6_dev); 1239 return; 1240 } 1241 1242 neigh = rt->rt6i_nexthop; 1243 if (neigh == NULL) { 1244 ND_PRINTK0(KERN_ERR 1245 "ICMPv6 RA: %s() got default router without neighbour.\n", 1246 __func__); 1247 dst_release(&rt->dst); 1248 in6_dev_put(in6_dev); 1249 return; 1250 } 1251 neigh->flags |= NTF_ROUTER; 1252 } else if (rt) { 1253 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref); 1254 } 1255 1256 if (rt) 1257 rt->rt6i_expires = jiffies + (HZ * lifetime); 1258 1259 if (ra_msg->icmph.icmp6_hop_limit) { 1260 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit; 1261 if (rt) 1262 dst_metric_set(&rt->dst, RTAX_HOPLIMIT, 1263 ra_msg->icmph.icmp6_hop_limit); 1264 } 1265 1266skip_defrtr: 1267 1268 /* 1269 * Update Reachable Time and Retrans Timer 1270 */ 1271 1272 if (in6_dev->nd_parms) { 1273 unsigned long rtime = ntohl(ra_msg->retrans_timer); 1274 1275 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) { 1276 rtime = (rtime*HZ)/1000; 1277 if (rtime < HZ/10) 1278 rtime = HZ/10; 1279 in6_dev->nd_parms->retrans_time = rtime; 1280 in6_dev->tstamp = jiffies; 1281 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev); 1282 } 1283 1284 rtime = ntohl(ra_msg->reachable_time); 1285 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) { 1286 rtime = (rtime*HZ)/1000; 1287 1288 if (rtime < HZ/10) 1289 rtime = HZ/10; 1290 1291 if (rtime != in6_dev->nd_parms->base_reachable_time) { 1292 in6_dev->nd_parms->base_reachable_time = rtime; 1293 in6_dev->nd_parms->gc_staletime = 3 * rtime; 1294 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime); 1295 in6_dev->tstamp = jiffies; 1296 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev); 1297 } 1298 } 1299 } 1300 1301skip_linkparms: 1302 1303 /* 1304 * Process options. 1305 */ 1306 1307 if (!neigh) 1308 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr, 1309 skb->dev, 1); 1310 if (neigh) { 1311 u8 *lladdr = NULL; 1312 if (ndopts.nd_opts_src_lladdr) { 1313 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, 1314 skb->dev); 1315 if (!lladdr) { 1316 ND_PRINTK2(KERN_WARNING 1317 "ICMPv6 RA: invalid link-layer address length\n"); 1318 goto out; 1319 } 1320 } 1321 neigh_update(neigh, lladdr, NUD_STALE, 1322 NEIGH_UPDATE_F_WEAK_OVERRIDE| 1323 NEIGH_UPDATE_F_OVERRIDE| 1324 NEIGH_UPDATE_F_OVERRIDE_ISROUTER| 1325 NEIGH_UPDATE_F_ISROUTER); 1326 } 1327 1328 if (!accept_ra(in6_dev)) 1329 goto out; 1330 1331#ifdef CONFIG_IPV6_ROUTE_INFO 1332 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) { 1333 struct nd_opt_hdr *p; 1334 for (p = ndopts.nd_opts_ri; 1335 p; 1336 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) { 1337 struct route_info *ri = (struct route_info *)p; 1338#ifdef CONFIG_IPV6_NDISC_NODETYPE 1339 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT && 1340 ri->prefix_len == 0) 1341 continue; 1342#endif 1343 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen) 1344 continue; 1345 rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3, 1346 &ipv6_hdr(skb)->saddr); 1347 } 1348 } 1349#endif 1350 1351#ifdef CONFIG_IPV6_NDISC_NODETYPE 1352 /* skip link-specific ndopts from interior routers */ 1353 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) 1354 goto out; 1355#endif 1356 1357 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) { 1358 struct nd_opt_hdr *p; 1359 for (p = ndopts.nd_opts_pi; 1360 p; 1361 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) { 1362 addrconf_prefix_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3); 1363 } 1364 } 1365 1366 if (ndopts.nd_opts_mtu) { 1367 __be32 n; 1368 u32 mtu; 1369 1370 memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu)); 1371 mtu = ntohl(n); 1372 1373 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) { 1374 ND_PRINTK2(KERN_WARNING 1375 "ICMPv6 RA: invalid mtu: %d\n", 1376 mtu); 1377 } else if (in6_dev->cnf.mtu6 != mtu) { 1378 in6_dev->cnf.mtu6 = mtu; 1379 1380 if (rt) 1381 dst_metric_set(&rt->dst, RTAX_MTU, mtu); 1382 1383 rt6_mtu_change(skb->dev, mtu); 1384 } 1385 } 1386 1387 if (ndopts.nd_useropts) { 1388 struct nd_opt_hdr *p; 1389 for (p = ndopts.nd_useropts; 1390 p; 1391 p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) { 1392 ndisc_ra_useropt(skb, p); 1393 } 1394 } 1395 1396 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) { 1397 ND_PRINTK2(KERN_WARNING 1398 "ICMPv6 RA: invalid RA options"); 1399 } 1400out: 1401 if (rt) 1402 dst_release(&rt->dst); 1403 else if (neigh) 1404 neigh_release(neigh); 1405 in6_dev_put(in6_dev); 1406} 1407 1408static void ndisc_redirect_rcv(struct sk_buff *skb) 1409{ 1410 struct inet6_dev *in6_dev; 1411 struct icmp6hdr *icmph; 1412 struct in6_addr *dest; 1413 struct in6_addr *target; /* new first hop to destination */ 1414 struct neighbour *neigh; 1415 int on_link = 0; 1416 struct ndisc_options ndopts; 1417 int optlen; 1418 u8 *lladdr = NULL; 1419 1420#ifdef CONFIG_IPV6_NDISC_NODETYPE 1421 switch (skb->ndisc_nodetype) { 1422 case NDISC_NODETYPE_HOST: 1423 case NDISC_NODETYPE_NODEFAULT: 1424 ND_PRINTK2(KERN_WARNING 1425 "ICMPv6 Redirect: from host or unauthorized router\n"); 1426 return; 1427 } 1428#endif 1429 1430 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) { 1431 ND_PRINTK2(KERN_WARNING 1432 "ICMPv6 Redirect: source address is not link-local.\n"); 1433 return; 1434 } 1435 1436 optlen = skb->tail - skb->transport_header; 1437 optlen -= sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr); 1438 1439 if (optlen < 0) { 1440 ND_PRINTK2(KERN_WARNING 1441 "ICMPv6 Redirect: packet too short\n"); 1442 return; 1443 } 1444 1445 icmph = icmp6_hdr(skb); 1446 target = (struct in6_addr *) (icmph + 1); 1447 dest = target + 1; 1448 1449 if (ipv6_addr_is_multicast(dest)) { 1450 ND_PRINTK2(KERN_WARNING 1451 "ICMPv6 Redirect: destination address is multicast.\n"); 1452 return; 1453 } 1454 1455 if (ipv6_addr_equal(dest, target)) { 1456 on_link = 1; 1457 } else if (ipv6_addr_type(target) != 1458 (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) { 1459 ND_PRINTK2(KERN_WARNING 1460 "ICMPv6 Redirect: target address is not link-local unicast.\n"); 1461 return; 1462 } 1463 1464 in6_dev = in6_dev_get(skb->dev); 1465 if (!in6_dev) 1466 return; 1467 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects) { 1468 in6_dev_put(in6_dev); 1469 return; 1470 } 1471 1472 /* RFC2461 8.1: 1473 * The IP source address of the Redirect MUST be the same as the current 1474 * first-hop router for the specified ICMP Destination Address. 1475 */ 1476 1477 if (!ndisc_parse_options((u8*)(dest + 1), optlen, &ndopts)) { 1478 ND_PRINTK2(KERN_WARNING 1479 "ICMPv6 Redirect: invalid ND options\n"); 1480 in6_dev_put(in6_dev); 1481 return; 1482 } 1483 if (ndopts.nd_opts_tgt_lladdr) { 1484 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, 1485 skb->dev); 1486 if (!lladdr) { 1487 ND_PRINTK2(KERN_WARNING 1488 "ICMPv6 Redirect: invalid link-layer address length\n"); 1489 in6_dev_put(in6_dev); 1490 return; 1491 } 1492 } 1493 1494 neigh = __neigh_lookup(&nd_tbl, target, skb->dev, 1); 1495 if (neigh) { 1496 rt6_redirect(dest, &ipv6_hdr(skb)->daddr, 1497 &ipv6_hdr(skb)->saddr, neigh, lladdr, 1498 on_link); 1499 neigh_release(neigh); 1500 } 1501 in6_dev_put(in6_dev); 1502} 1503 1504void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh, 1505 const struct in6_addr *target) 1506{ 1507 struct net_device *dev = skb->dev; 1508 struct net *net = dev_net(dev); 1509 struct sock *sk = net->ipv6.ndisc_sk; 1510 int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr); 1511 struct sk_buff *buff; 1512 struct icmp6hdr *icmph; 1513 struct in6_addr saddr_buf; 1514 struct in6_addr *addrp; 1515 struct rt6_info *rt; 1516 struct dst_entry *dst; 1517 struct inet6_dev *idev; 1518 struct flowi6 fl6; 1519 u8 *opt; 1520 int rd_len; 1521 int err; 1522 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL; 1523 1524 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) { 1525 ND_PRINTK2(KERN_WARNING 1526 "ICMPv6 Redirect: no link-local address on %s\n", 1527 dev->name); 1528 return; 1529 } 1530 1531 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) && 1532 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) { 1533 ND_PRINTK2(KERN_WARNING 1534 "ICMPv6 Redirect: target address is not link-local unicast.\n"); 1535 return; 1536 } 1537 1538 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT, 1539 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex); 1540 1541 dst = ip6_route_output(net, NULL, &fl6); 1542 if (dst == NULL) 1543 return; 1544 1545 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0); 1546 if (IS_ERR(dst)) 1547 return; 1548 1549 rt = (struct rt6_info *) dst; 1550 1551 if (rt->rt6i_flags & RTF_GATEWAY) { 1552 ND_PRINTK2(KERN_WARNING 1553 "ICMPv6 Redirect: destination is not a neighbour.\n"); 1554 goto release; 1555 } 1556 if (!rt->rt6i_peer) 1557 rt6_bind_peer(rt, 1); 1558 if (inet_peer_xrlim_allow(rt->rt6i_peer, 1*HZ)) 1559 goto release; 1560 1561 if (dev->addr_len) { 1562 read_lock_bh(&neigh->lock); 1563 if (neigh->nud_state & NUD_VALID) { 1564 memcpy(ha_buf, neigh->ha, dev->addr_len); 1565 read_unlock_bh(&neigh->lock); 1566 ha = ha_buf; 1567 len += ndisc_opt_addr_space(dev); 1568 } else 1569 read_unlock_bh(&neigh->lock); 1570 } 1571 1572 rd_len = min_t(unsigned int, 1573 IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8); 1574 rd_len &= ~0x7; 1575 len += rd_len; 1576 1577 buff = sock_alloc_send_skb(sk, 1578 (MAX_HEADER + sizeof(struct ipv6hdr) + 1579 len + LL_ALLOCATED_SPACE(dev)), 1580 1, &err); 1581 if (buff == NULL) { 1582 ND_PRINTK0(KERN_ERR 1583 "ICMPv6 Redirect: %s() failed to allocate an skb, err=%d.\n", 1584 __func__, err); 1585 goto release; 1586 } 1587 1588 skb_reserve(buff, LL_RESERVED_SPACE(dev)); 1589 ip6_nd_hdr(sk, buff, dev, &saddr_buf, &ipv6_hdr(skb)->saddr, 1590 IPPROTO_ICMPV6, len); 1591 1592 skb_set_transport_header(buff, skb_tail_pointer(buff) - buff->data); 1593 skb_put(buff, len); 1594 icmph = icmp6_hdr(buff); 1595 1596 memset(icmph, 0, sizeof(struct icmp6hdr)); 1597 icmph->icmp6_type = NDISC_REDIRECT; 1598 1599 /* 1600 * copy target and destination addresses 1601 */ 1602 1603 addrp = (struct in6_addr *)(icmph + 1); 1604 ipv6_addr_copy(addrp, target); 1605 addrp++; 1606 ipv6_addr_copy(addrp, &ipv6_hdr(skb)->daddr); 1607 1608 opt = (u8*) (addrp + 1); 1609 1610 /* 1611 * include target_address option 1612 */ 1613 1614 if (ha) 1615 opt = ndisc_fill_addr_option(opt, ND_OPT_TARGET_LL_ADDR, ha, 1616 dev->addr_len, dev->type); 1617 1618 /* 1619 * build redirect option and copy skb over to the new packet. 1620 */ 1621 1622 memset(opt, 0, 8); 1623 *(opt++) = ND_OPT_REDIRECT_HDR; 1624 *(opt++) = (rd_len >> 3); 1625 opt += 6; 1626 1627 memcpy(opt, ipv6_hdr(skb), rd_len - 8); 1628 1629 icmph->icmp6_cksum = csum_ipv6_magic(&saddr_buf, &ipv6_hdr(skb)->saddr, 1630 len, IPPROTO_ICMPV6, 1631 csum_partial(icmph, len, 0)); 1632 1633 skb_dst_set(buff, dst); 1634 idev = in6_dev_get(dst->dev); 1635 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len); 1636 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, buff, NULL, dst->dev, 1637 dst_output); 1638 if (!err) { 1639 ICMP6MSGOUT_INC_STATS(net, idev, NDISC_REDIRECT); 1640 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS); 1641 } 1642 1643 if (likely(idev != NULL)) 1644 in6_dev_put(idev); 1645 return; 1646 1647release: 1648 dst_release(dst); 1649} 1650 1651static void pndisc_redo(struct sk_buff *skb) 1652{ 1653 ndisc_recv_ns(skb); 1654 kfree_skb(skb); 1655} 1656 1657int ndisc_rcv(struct sk_buff *skb) 1658{ 1659 struct nd_msg *msg; 1660 1661 if (!pskb_may_pull(skb, skb->len)) 1662 return 0; 1663 1664 msg = (struct nd_msg *)skb_transport_header(skb); 1665 1666 __skb_push(skb, skb->data - skb_transport_header(skb)); 1667 1668 if (ipv6_hdr(skb)->hop_limit != 255) { 1669 ND_PRINTK2(KERN_WARNING 1670 "ICMPv6 NDISC: invalid hop-limit: %d\n", 1671 ipv6_hdr(skb)->hop_limit); 1672 return 0; 1673 } 1674 1675 if (msg->icmph.icmp6_code != 0) { 1676 ND_PRINTK2(KERN_WARNING 1677 "ICMPv6 NDISC: invalid ICMPv6 code: %d\n", 1678 msg->icmph.icmp6_code); 1679 return 0; 1680 } 1681 1682 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb)); 1683 1684 switch (msg->icmph.icmp6_type) { 1685 case NDISC_NEIGHBOUR_SOLICITATION: 1686 ndisc_recv_ns(skb); 1687 break; 1688 1689 case NDISC_NEIGHBOUR_ADVERTISEMENT: 1690 ndisc_recv_na(skb); 1691 break; 1692 1693 case NDISC_ROUTER_SOLICITATION: 1694 ndisc_recv_rs(skb); 1695 break; 1696 1697 case NDISC_ROUTER_ADVERTISEMENT: 1698 ndisc_router_discovery(skb); 1699 break; 1700 1701 case NDISC_REDIRECT: 1702 ndisc_redirect_rcv(skb); 1703 break; 1704 } 1705 1706 return 0; 1707} 1708 1709static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr) 1710{ 1711 struct net_device *dev = ptr; 1712 struct net *net = dev_net(dev); 1713 1714 switch (event) { 1715 case NETDEV_CHANGEADDR: 1716 neigh_changeaddr(&nd_tbl, dev); 1717 fib6_run_gc(~0UL, net); 1718 break; 1719 case NETDEV_DOWN: 1720 neigh_ifdown(&nd_tbl, dev); 1721 fib6_run_gc(~0UL, net); 1722 break; 1723 default: 1724 break; 1725 } 1726 1727 return NOTIFY_DONE; 1728} 1729 1730static struct notifier_block ndisc_netdev_notifier = { 1731 .notifier_call = ndisc_netdev_event, 1732}; 1733 1734#ifdef CONFIG_SYSCTL 1735static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl, 1736 const char *func, const char *dev_name) 1737{ 1738 static char warncomm[TASK_COMM_LEN]; 1739 static int warned; 1740 if (strcmp(warncomm, current->comm) && warned < 5) { 1741 strcpy(warncomm, current->comm); 1742 printk(KERN_WARNING 1743 "process `%s' is using deprecated sysctl (%s) " 1744 "net.ipv6.neigh.%s.%s; " 1745 "Use net.ipv6.neigh.%s.%s_ms " 1746 "instead.\n", 1747 warncomm, func, 1748 dev_name, ctl->procname, 1749 dev_name, ctl->procname); 1750 warned++; 1751 } 1752} 1753 1754int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos) 1755{ 1756 struct net_device *dev = ctl->extra1; 1757 struct inet6_dev *idev; 1758 int ret; 1759 1760 if ((strcmp(ctl->procname, "retrans_time") == 0) || 1761 (strcmp(ctl->procname, "base_reachable_time") == 0)) 1762 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default"); 1763 1764 if (strcmp(ctl->procname, "retrans_time") == 0) 1765 ret = proc_dointvec(ctl, write, buffer, lenp, ppos); 1766 1767 else if (strcmp(ctl->procname, "base_reachable_time") == 0) 1768 ret = proc_dointvec_jiffies(ctl, write, 1769 buffer, lenp, ppos); 1770 1771 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) || 1772 (strcmp(ctl->procname, "base_reachable_time_ms") == 0)) 1773 ret = proc_dointvec_ms_jiffies(ctl, write, 1774 buffer, lenp, ppos); 1775 else 1776 ret = -1; 1777 1778 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) { 1779 if (ctl->data == &idev->nd_parms->base_reachable_time) 1780 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time); 1781 idev->tstamp = jiffies; 1782 inet6_ifinfo_notify(RTM_NEWLINK, idev); 1783 in6_dev_put(idev); 1784 } 1785 return ret; 1786} 1787 1788 1789#endif 1790 1791static int __net_init ndisc_net_init(struct net *net) 1792{ 1793 struct ipv6_pinfo *np; 1794 struct sock *sk; 1795 int err; 1796 1797 err = inet_ctl_sock_create(&sk, PF_INET6, 1798 SOCK_RAW, IPPROTO_ICMPV6, net); 1799 if (err < 0) { 1800 ND_PRINTK0(KERN_ERR 1801 "ICMPv6 NDISC: Failed to initialize the control socket (err %d).\n", 1802 err); 1803 return err; 1804 } 1805 1806 net->ipv6.ndisc_sk = sk; 1807 1808 np = inet6_sk(sk); 1809 np->hop_limit = 255; 1810 /* Do not loopback ndisc messages */ 1811 np->mc_loop = 0; 1812 1813 return 0; 1814} 1815 1816static void __net_exit ndisc_net_exit(struct net *net) 1817{ 1818 inet_ctl_sock_destroy(net->ipv6.ndisc_sk); 1819} 1820 1821static struct pernet_operations ndisc_net_ops = { 1822 .init = ndisc_net_init, 1823 .exit = ndisc_net_exit, 1824}; 1825 1826int __init ndisc_init(void) 1827{ 1828 int err; 1829 1830 err = register_pernet_subsys(&ndisc_net_ops); 1831 if (err) 1832 return err; 1833 /* 1834 * Initialize the neighbour table 1835 */ 1836 neigh_table_init(&nd_tbl); 1837 1838#ifdef CONFIG_SYSCTL 1839 err = neigh_sysctl_register(NULL, &nd_tbl.parms, "ipv6", 1840 &ndisc_ifinfo_sysctl_change); 1841 if (err) 1842 goto out_unregister_pernet; 1843#endif 1844 err = register_netdevice_notifier(&ndisc_netdev_notifier); 1845 if (err) 1846 goto out_unregister_sysctl; 1847out: 1848 return err; 1849 1850out_unregister_sysctl: 1851#ifdef CONFIG_SYSCTL 1852 neigh_sysctl_unregister(&nd_tbl.parms); 1853out_unregister_pernet: 1854#endif 1855 unregister_pernet_subsys(&ndisc_net_ops); 1856 goto out; 1857} 1858 1859void ndisc_cleanup(void) 1860{ 1861 unregister_netdevice_notifier(&ndisc_netdev_notifier); 1862#ifdef CONFIG_SYSCTL 1863 neigh_sysctl_unregister(&nd_tbl.parms); 1864#endif 1865 neigh_table_clear(&nd_tbl); 1866 unregister_pernet_subsys(&ndisc_net_ops); 1867} 1868