ndisc.c revision 54716e3beb0ab20c49471348dfe399a71bfc8fd3
1/* 2 * Neighbour Discovery for IPv6 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * Mike Shaver <shaver@ingenia.com> 8 * 9 * This program is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU General Public License 11 * as published by the Free Software Foundation; either version 12 * 2 of the License, or (at your option) any later version. 13 */ 14 15/* 16 * Changes: 17 * 18 * Pierre Ynard : export userland ND options 19 * through netlink (RDNSS support) 20 * Lars Fenneberg : fixed MTU setting on receipt 21 * of an RA. 22 * Janos Farkas : kmalloc failure checks 23 * Alexey Kuznetsov : state machine reworked 24 * and moved to net/core. 25 * Pekka Savola : RFC2461 validation 26 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly 27 */ 28 29/* Set to 3 to get tracing... */ 30#define ND_DEBUG 1 31 32#define ND_PRINTK(fmt, args...) do { if (net_ratelimit()) { printk(fmt, ## args); } } while(0) 33#define ND_NOPRINTK(x...) do { ; } while(0) 34#define ND_PRINTK0 ND_PRINTK 35#define ND_PRINTK1 ND_NOPRINTK 36#define ND_PRINTK2 ND_NOPRINTK 37#define ND_PRINTK3 ND_NOPRINTK 38#if ND_DEBUG >= 1 39#undef ND_PRINTK1 40#define ND_PRINTK1 ND_PRINTK 41#endif 42#if ND_DEBUG >= 2 43#undef ND_PRINTK2 44#define ND_PRINTK2 ND_PRINTK 45#endif 46#if ND_DEBUG >= 3 47#undef ND_PRINTK3 48#define ND_PRINTK3 ND_PRINTK 49#endif 50 51#include <linux/module.h> 52#include <linux/errno.h> 53#include <linux/types.h> 54#include <linux/socket.h> 55#include <linux/sockios.h> 56#include <linux/sched.h> 57#include <linux/net.h> 58#include <linux/in6.h> 59#include <linux/route.h> 60#include <linux/init.h> 61#include <linux/rcupdate.h> 62#ifdef CONFIG_SYSCTL 63#include <linux/sysctl.h> 64#endif 65 66#include <linux/if_addr.h> 67#include <linux/if_arp.h> 68#include <linux/ipv6.h> 69#include <linux/icmpv6.h> 70#include <linux/jhash.h> 71 72#include <net/sock.h> 73#include <net/snmp.h> 74 75#include <net/ipv6.h> 76#include <net/protocol.h> 77#include <net/ndisc.h> 78#include <net/ip6_route.h> 79#include <net/addrconf.h> 80#include <net/icmp.h> 81 82#include <net/netlink.h> 83#include <linux/rtnetlink.h> 84 85#include <net/flow.h> 86#include <net/ip6_checksum.h> 87#include <net/inet_common.h> 88#include <linux/proc_fs.h> 89 90#include <linux/netfilter.h> 91#include <linux/netfilter_ipv6.h> 92 93static u32 ndisc_hash(const void *pkey, const struct net_device *dev); 94static int ndisc_constructor(struct neighbour *neigh); 95static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb); 96static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb); 97static int pndisc_constructor(struct pneigh_entry *n); 98static void pndisc_destructor(struct pneigh_entry *n); 99static void pndisc_redo(struct sk_buff *skb); 100 101static const struct neigh_ops ndisc_generic_ops = { 102 .family = AF_INET6, 103 .solicit = ndisc_solicit, 104 .error_report = ndisc_error_report, 105 .output = neigh_resolve_output, 106 .connected_output = neigh_connected_output, 107 .hh_output = dev_queue_xmit, 108 .queue_xmit = dev_queue_xmit, 109}; 110 111static const struct neigh_ops ndisc_hh_ops = { 112 .family = AF_INET6, 113 .solicit = ndisc_solicit, 114 .error_report = ndisc_error_report, 115 .output = neigh_resolve_output, 116 .connected_output = neigh_resolve_output, 117 .hh_output = dev_queue_xmit, 118 .queue_xmit = dev_queue_xmit, 119}; 120 121 122static const struct neigh_ops ndisc_direct_ops = { 123 .family = AF_INET6, 124 .output = dev_queue_xmit, 125 .connected_output = dev_queue_xmit, 126 .hh_output = dev_queue_xmit, 127 .queue_xmit = dev_queue_xmit, 128}; 129 130struct neigh_table nd_tbl = { 131 .family = AF_INET6, 132 .entry_size = sizeof(struct neighbour) + sizeof(struct in6_addr), 133 .key_len = sizeof(struct in6_addr), 134 .hash = ndisc_hash, 135 .constructor = ndisc_constructor, 136 .pconstructor = pndisc_constructor, 137 .pdestructor = pndisc_destructor, 138 .proxy_redo = pndisc_redo, 139 .id = "ndisc_cache", 140 .parms = { 141 .tbl = &nd_tbl, 142 .base_reachable_time = 30 * HZ, 143 .retrans_time = 1 * HZ, 144 .gc_staletime = 60 * HZ, 145 .reachable_time = 30 * HZ, 146 .delay_probe_time = 5 * HZ, 147 .queue_len = 3, 148 .ucast_probes = 3, 149 .mcast_probes = 3, 150 .anycast_delay = 1 * HZ, 151 .proxy_delay = (8 * HZ) / 10, 152 .proxy_qlen = 64, 153 }, 154 .gc_interval = 30 * HZ, 155 .gc_thresh1 = 128, 156 .gc_thresh2 = 512, 157 .gc_thresh3 = 1024, 158}; 159 160/* ND options */ 161struct ndisc_options { 162 struct nd_opt_hdr *nd_opt_array[__ND_OPT_ARRAY_MAX]; 163#ifdef CONFIG_IPV6_ROUTE_INFO 164 struct nd_opt_hdr *nd_opts_ri; 165 struct nd_opt_hdr *nd_opts_ri_end; 166#endif 167 struct nd_opt_hdr *nd_useropts; 168 struct nd_opt_hdr *nd_useropts_end; 169}; 170 171#define nd_opts_src_lladdr nd_opt_array[ND_OPT_SOURCE_LL_ADDR] 172#define nd_opts_tgt_lladdr nd_opt_array[ND_OPT_TARGET_LL_ADDR] 173#define nd_opts_pi nd_opt_array[ND_OPT_PREFIX_INFO] 174#define nd_opts_pi_end nd_opt_array[__ND_OPT_PREFIX_INFO_END] 175#define nd_opts_rh nd_opt_array[ND_OPT_REDIRECT_HDR] 176#define nd_opts_mtu nd_opt_array[ND_OPT_MTU] 177 178#define NDISC_OPT_SPACE(len) (((len)+2+7)&~7) 179 180/* 181 * Return the padding between the option length and the start of the 182 * link addr. Currently only IP-over-InfiniBand needs this, although 183 * if RFC 3831 IPv6-over-Fibre Channel is ever implemented it may 184 * also need a pad of 2. 185 */ 186static int ndisc_addr_option_pad(unsigned short type) 187{ 188 switch (type) { 189 case ARPHRD_INFINIBAND: return 2; 190 default: return 0; 191 } 192} 193 194static inline int ndisc_opt_addr_space(struct net_device *dev) 195{ 196 return NDISC_OPT_SPACE(dev->addr_len + ndisc_addr_option_pad(dev->type)); 197} 198 199static u8 *ndisc_fill_addr_option(u8 *opt, int type, void *data, int data_len, 200 unsigned short addr_type) 201{ 202 int space = NDISC_OPT_SPACE(data_len); 203 int pad = ndisc_addr_option_pad(addr_type); 204 205 opt[0] = type; 206 opt[1] = space>>3; 207 208 memset(opt + 2, 0, pad); 209 opt += pad; 210 space -= pad; 211 212 memcpy(opt+2, data, data_len); 213 data_len += 2; 214 opt += data_len; 215 if ((space -= data_len) > 0) 216 memset(opt, 0, space); 217 return opt + space; 218} 219 220static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur, 221 struct nd_opt_hdr *end) 222{ 223 int type; 224 if (!cur || !end || cur >= end) 225 return NULL; 226 type = cur->nd_opt_type; 227 do { 228 cur = ((void *)cur) + (cur->nd_opt_len << 3); 229 } while(cur < end && cur->nd_opt_type != type); 230 return (cur <= end && cur->nd_opt_type == type ? cur : NULL); 231} 232 233static inline int ndisc_is_useropt(struct nd_opt_hdr *opt) 234{ 235 return (opt->nd_opt_type == ND_OPT_RDNSS); 236} 237 238static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur, 239 struct nd_opt_hdr *end) 240{ 241 if (!cur || !end || cur >= end) 242 return NULL; 243 do { 244 cur = ((void *)cur) + (cur->nd_opt_len << 3); 245 } while(cur < end && !ndisc_is_useropt(cur)); 246 return (cur <= end && ndisc_is_useropt(cur) ? cur : NULL); 247} 248 249static struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len, 250 struct ndisc_options *ndopts) 251{ 252 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt; 253 254 if (!nd_opt || opt_len < 0 || !ndopts) 255 return NULL; 256 memset(ndopts, 0, sizeof(*ndopts)); 257 while (opt_len) { 258 int l; 259 if (opt_len < sizeof(struct nd_opt_hdr)) 260 return NULL; 261 l = nd_opt->nd_opt_len << 3; 262 if (opt_len < l || l == 0) 263 return NULL; 264 switch (nd_opt->nd_opt_type) { 265 case ND_OPT_SOURCE_LL_ADDR: 266 case ND_OPT_TARGET_LL_ADDR: 267 case ND_OPT_MTU: 268 case ND_OPT_REDIRECT_HDR: 269 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) { 270 ND_PRINTK2(KERN_WARNING 271 "%s(): duplicated ND6 option found: type=%d\n", 272 __func__, 273 nd_opt->nd_opt_type); 274 } else { 275 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 276 } 277 break; 278 case ND_OPT_PREFIX_INFO: 279 ndopts->nd_opts_pi_end = nd_opt; 280 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type]) 281 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 282 break; 283#ifdef CONFIG_IPV6_ROUTE_INFO 284 case ND_OPT_ROUTE_INFO: 285 ndopts->nd_opts_ri_end = nd_opt; 286 if (!ndopts->nd_opts_ri) 287 ndopts->nd_opts_ri = nd_opt; 288 break; 289#endif 290 default: 291 if (ndisc_is_useropt(nd_opt)) { 292 ndopts->nd_useropts_end = nd_opt; 293 if (!ndopts->nd_useropts) 294 ndopts->nd_useropts = nd_opt; 295 } else { 296 /* 297 * Unknown options must be silently ignored, 298 * to accommodate future extension to the 299 * protocol. 300 */ 301 ND_PRINTK2(KERN_NOTICE 302 "%s(): ignored unsupported option; type=%d, len=%d\n", 303 __func__, 304 nd_opt->nd_opt_type, nd_opt->nd_opt_len); 305 } 306 } 307 opt_len -= l; 308 nd_opt = ((void *)nd_opt) + l; 309 } 310 return ndopts; 311} 312 313static inline u8 *ndisc_opt_addr_data(struct nd_opt_hdr *p, 314 struct net_device *dev) 315{ 316 u8 *lladdr = (u8 *)(p + 1); 317 int lladdrlen = p->nd_opt_len << 3; 318 int prepad = ndisc_addr_option_pad(dev->type); 319 if (lladdrlen != NDISC_OPT_SPACE(dev->addr_len + prepad)) 320 return NULL; 321 return (lladdr + prepad); 322} 323 324int ndisc_mc_map(struct in6_addr *addr, char *buf, struct net_device *dev, int dir) 325{ 326 switch (dev->type) { 327 case ARPHRD_ETHER: 328 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */ 329 case ARPHRD_FDDI: 330 ipv6_eth_mc_map(addr, buf); 331 return 0; 332 case ARPHRD_IEEE802_TR: 333 ipv6_tr_mc_map(addr,buf); 334 return 0; 335 case ARPHRD_ARCNET: 336 ipv6_arcnet_mc_map(addr, buf); 337 return 0; 338 case ARPHRD_INFINIBAND: 339 ipv6_ib_mc_map(addr, dev->broadcast, buf); 340 return 0; 341 default: 342 if (dir) { 343 memcpy(buf, dev->broadcast, dev->addr_len); 344 return 0; 345 } 346 } 347 return -EINVAL; 348} 349 350EXPORT_SYMBOL(ndisc_mc_map); 351 352static u32 ndisc_hash(const void *pkey, const struct net_device *dev) 353{ 354 const u32 *p32 = pkey; 355 u32 addr_hash, i; 356 357 addr_hash = 0; 358 for (i = 0; i < (sizeof(struct in6_addr) / sizeof(u32)); i++) 359 addr_hash ^= *p32++; 360 361 return jhash_2words(addr_hash, dev->ifindex, nd_tbl.hash_rnd); 362} 363 364static int ndisc_constructor(struct neighbour *neigh) 365{ 366 struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key; 367 struct net_device *dev = neigh->dev; 368 struct inet6_dev *in6_dev; 369 struct neigh_parms *parms; 370 int is_multicast = ipv6_addr_is_multicast(addr); 371 372 rcu_read_lock(); 373 in6_dev = in6_dev_get(dev); 374 if (in6_dev == NULL) { 375 rcu_read_unlock(); 376 return -EINVAL; 377 } 378 379 parms = in6_dev->nd_parms; 380 __neigh_parms_put(neigh->parms); 381 neigh->parms = neigh_parms_clone(parms); 382 rcu_read_unlock(); 383 384 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST; 385 if (!dev->header_ops) { 386 neigh->nud_state = NUD_NOARP; 387 neigh->ops = &ndisc_direct_ops; 388 neigh->output = neigh->ops->queue_xmit; 389 } else { 390 if (is_multicast) { 391 neigh->nud_state = NUD_NOARP; 392 ndisc_mc_map(addr, neigh->ha, dev, 1); 393 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) { 394 neigh->nud_state = NUD_NOARP; 395 memcpy(neigh->ha, dev->dev_addr, dev->addr_len); 396 if (dev->flags&IFF_LOOPBACK) 397 neigh->type = RTN_LOCAL; 398 } else if (dev->flags&IFF_POINTOPOINT) { 399 neigh->nud_state = NUD_NOARP; 400 memcpy(neigh->ha, dev->broadcast, dev->addr_len); 401 } 402 if (dev->header_ops->cache) 403 neigh->ops = &ndisc_hh_ops; 404 else 405 neigh->ops = &ndisc_generic_ops; 406 if (neigh->nud_state&NUD_VALID) 407 neigh->output = neigh->ops->connected_output; 408 else 409 neigh->output = neigh->ops->output; 410 } 411 in6_dev_put(in6_dev); 412 return 0; 413} 414 415static int pndisc_constructor(struct pneigh_entry *n) 416{ 417 struct in6_addr *addr = (struct in6_addr*)&n->key; 418 struct in6_addr maddr; 419 struct net_device *dev = n->dev; 420 421 if (dev == NULL || __in6_dev_get(dev) == NULL) 422 return -EINVAL; 423 addrconf_addr_solict_mult(addr, &maddr); 424 ipv6_dev_mc_inc(dev, &maddr); 425 return 0; 426} 427 428static void pndisc_destructor(struct pneigh_entry *n) 429{ 430 struct in6_addr *addr = (struct in6_addr*)&n->key; 431 struct in6_addr maddr; 432 struct net_device *dev = n->dev; 433 434 if (dev == NULL || __in6_dev_get(dev) == NULL) 435 return; 436 addrconf_addr_solict_mult(addr, &maddr); 437 ipv6_dev_mc_dec(dev, &maddr); 438} 439 440struct sk_buff *ndisc_build_skb(struct net_device *dev, 441 const struct in6_addr *daddr, 442 const struct in6_addr *saddr, 443 struct icmp6hdr *icmp6h, 444 const struct in6_addr *target, 445 int llinfo) 446{ 447 struct net *net = dev_net(dev); 448 struct sock *sk = net->ipv6.ndisc_sk; 449 struct sk_buff *skb; 450 struct icmp6hdr *hdr; 451 int len; 452 int err; 453 u8 *opt; 454 455 if (!dev->addr_len) 456 llinfo = 0; 457 458 len = sizeof(struct icmp6hdr) + (target ? sizeof(*target) : 0); 459 if (llinfo) 460 len += ndisc_opt_addr_space(dev); 461 462 skb = sock_alloc_send_skb(sk, 463 (MAX_HEADER + sizeof(struct ipv6hdr) + 464 len + LL_ALLOCATED_SPACE(dev)), 465 1, &err); 466 if (!skb) { 467 ND_PRINTK0(KERN_ERR 468 "ICMPv6 ND: %s() failed to allocate an skb, err=%d.\n", 469 __func__, err); 470 return NULL; 471 } 472 473 skb_reserve(skb, LL_RESERVED_SPACE(dev)); 474 ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len); 475 476 skb->transport_header = skb->tail; 477 skb_put(skb, len); 478 479 hdr = (struct icmp6hdr *)skb_transport_header(skb); 480 memcpy(hdr, icmp6h, sizeof(*hdr)); 481 482 opt = skb_transport_header(skb) + sizeof(struct icmp6hdr); 483 if (target) { 484 ipv6_addr_copy((struct in6_addr *)opt, target); 485 opt += sizeof(*target); 486 } 487 488 if (llinfo) 489 ndisc_fill_addr_option(opt, llinfo, dev->dev_addr, 490 dev->addr_len, dev->type); 491 492 hdr->icmp6_cksum = csum_ipv6_magic(saddr, daddr, len, 493 IPPROTO_ICMPV6, 494 csum_partial(hdr, 495 len, 0)); 496 497 return skb; 498} 499 500EXPORT_SYMBOL(ndisc_build_skb); 501 502void ndisc_send_skb(struct sk_buff *skb, 503 struct net_device *dev, 504 struct neighbour *neigh, 505 const struct in6_addr *daddr, 506 const struct in6_addr *saddr, 507 struct icmp6hdr *icmp6h) 508{ 509 struct flowi fl; 510 struct dst_entry *dst; 511 struct net *net = dev_net(dev); 512 struct sock *sk = net->ipv6.ndisc_sk; 513 struct inet6_dev *idev; 514 int err; 515 u8 type; 516 517 type = icmp6h->icmp6_type; 518 519 icmpv6_flow_init(sk, &fl, type, saddr, daddr, dev->ifindex); 520 521 dst = icmp6_dst_alloc(dev, neigh, daddr); 522 if (!dst) { 523 kfree_skb(skb); 524 return; 525 } 526 527 err = xfrm_lookup(net, &dst, &fl, NULL, 0); 528 if (err < 0) { 529 kfree_skb(skb); 530 return; 531 } 532 533 skb_dst_set(skb, dst); 534 535 idev = in6_dev_get(dst->dev); 536 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len); 537 538 err = NF_HOOK(PF_INET6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev, 539 dst_output); 540 if (!err) { 541 ICMP6MSGOUT_INC_STATS(net, idev, type); 542 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS); 543 } 544 545 if (likely(idev != NULL)) 546 in6_dev_put(idev); 547} 548 549EXPORT_SYMBOL(ndisc_send_skb); 550 551/* 552 * Send a Neighbour Discover packet 553 */ 554static void __ndisc_send(struct net_device *dev, 555 struct neighbour *neigh, 556 const struct in6_addr *daddr, 557 const struct in6_addr *saddr, 558 struct icmp6hdr *icmp6h, const struct in6_addr *target, 559 int llinfo) 560{ 561 struct sk_buff *skb; 562 563 skb = ndisc_build_skb(dev, daddr, saddr, icmp6h, target, llinfo); 564 if (!skb) 565 return; 566 567 ndisc_send_skb(skb, dev, neigh, daddr, saddr, icmp6h); 568} 569 570static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh, 571 const struct in6_addr *daddr, 572 const struct in6_addr *solicited_addr, 573 int router, int solicited, int override, int inc_opt) 574{ 575 struct in6_addr tmpaddr; 576 struct inet6_ifaddr *ifp; 577 const struct in6_addr *src_addr; 578 struct icmp6hdr icmp6h = { 579 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT, 580 }; 581 582 /* for anycast or proxy, solicited_addr != src_addr */ 583 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1); 584 if (ifp) { 585 src_addr = solicited_addr; 586 if (ifp->flags & IFA_F_OPTIMISTIC) 587 override = 0; 588 in6_ifa_put(ifp); 589 } else { 590 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr, 591 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs, 592 &tmpaddr)) 593 return; 594 src_addr = &tmpaddr; 595 } 596 597 icmp6h.icmp6_router = router; 598 icmp6h.icmp6_solicited = solicited; 599 icmp6h.icmp6_override = override; 600 601 inc_opt |= ifp->idev->cnf.force_tllao; 602 __ndisc_send(dev, neigh, daddr, src_addr, 603 &icmp6h, solicited_addr, 604 inc_opt ? ND_OPT_TARGET_LL_ADDR : 0); 605} 606 607void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh, 608 const struct in6_addr *solicit, 609 const struct in6_addr *daddr, const struct in6_addr *saddr) 610{ 611 struct in6_addr addr_buf; 612 struct icmp6hdr icmp6h = { 613 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION, 614 }; 615 616 if (saddr == NULL) { 617 if (ipv6_get_lladdr(dev, &addr_buf, 618 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))) 619 return; 620 saddr = &addr_buf; 621 } 622 623 __ndisc_send(dev, neigh, daddr, saddr, 624 &icmp6h, solicit, 625 !ipv6_addr_any(saddr) ? ND_OPT_SOURCE_LL_ADDR : 0); 626} 627 628void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr, 629 const struct in6_addr *daddr) 630{ 631 struct icmp6hdr icmp6h = { 632 .icmp6_type = NDISC_ROUTER_SOLICITATION, 633 }; 634 int send_sllao = dev->addr_len; 635 636#ifdef CONFIG_IPV6_OPTIMISTIC_DAD 637 /* 638 * According to section 2.2 of RFC 4429, we must not 639 * send router solicitations with a sllao from 640 * optimistic addresses, but we may send the solicitation 641 * if we don't include the sllao. So here we check 642 * if our address is optimistic, and if so, we 643 * suppress the inclusion of the sllao. 644 */ 645 if (send_sllao) { 646 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr, 647 dev, 1); 648 if (ifp) { 649 if (ifp->flags & IFA_F_OPTIMISTIC) { 650 send_sllao = 0; 651 } 652 in6_ifa_put(ifp); 653 } else { 654 send_sllao = 0; 655 } 656 } 657#endif 658 __ndisc_send(dev, NULL, daddr, saddr, 659 &icmp6h, NULL, 660 send_sllao ? ND_OPT_SOURCE_LL_ADDR : 0); 661} 662 663 664static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb) 665{ 666 /* 667 * "The sender MUST return an ICMP 668 * destination unreachable" 669 */ 670 dst_link_failure(skb); 671 kfree_skb(skb); 672} 673 674/* Called with locked neigh: either read or both */ 675 676static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb) 677{ 678 struct in6_addr *saddr = NULL; 679 struct in6_addr mcaddr; 680 struct net_device *dev = neigh->dev; 681 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key; 682 int probes = atomic_read(&neigh->probes); 683 684 if (skb && ipv6_chk_addr(dev_net(dev), &ipv6_hdr(skb)->saddr, dev, 1)) 685 saddr = &ipv6_hdr(skb)->saddr; 686 687 if ((probes -= neigh->parms->ucast_probes) < 0) { 688 if (!(neigh->nud_state & NUD_VALID)) { 689 ND_PRINTK1(KERN_DEBUG "%s(): trying to ucast probe in NUD_INVALID: %pI6\n", 690 __func__, target); 691 } 692 ndisc_send_ns(dev, neigh, target, target, saddr); 693 } else if ((probes -= neigh->parms->app_probes) < 0) { 694#ifdef CONFIG_ARPD 695 neigh_app_ns(neigh); 696#endif 697 } else { 698 addrconf_addr_solict_mult(target, &mcaddr); 699 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr); 700 } 701} 702 703static int pndisc_is_router(const void *pkey, 704 struct net_device *dev) 705{ 706 struct pneigh_entry *n; 707 int ret = -1; 708 709 read_lock_bh(&nd_tbl.lock); 710 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev); 711 if (n) 712 ret = !!(n->flags & NTF_ROUTER); 713 read_unlock_bh(&nd_tbl.lock); 714 715 return ret; 716} 717 718static void ndisc_recv_ns(struct sk_buff *skb) 719{ 720 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb); 721 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 722 struct in6_addr *daddr = &ipv6_hdr(skb)->daddr; 723 u8 *lladdr = NULL; 724 u32 ndoptlen = skb->tail - (skb->transport_header + 725 offsetof(struct nd_msg, opt)); 726 struct ndisc_options ndopts; 727 struct net_device *dev = skb->dev; 728 struct inet6_ifaddr *ifp; 729 struct inet6_dev *idev = NULL; 730 struct neighbour *neigh; 731 int dad = ipv6_addr_any(saddr); 732 int inc; 733 int is_router = -1; 734 735 if (ipv6_addr_is_multicast(&msg->target)) { 736 ND_PRINTK2(KERN_WARNING 737 "ICMPv6 NS: multicast target address"); 738 return; 739 } 740 741 /* 742 * RFC2461 7.1.1: 743 * DAD has to be destined for solicited node multicast address. 744 */ 745 if (dad && 746 !(daddr->s6_addr32[0] == htonl(0xff020000) && 747 daddr->s6_addr32[1] == htonl(0x00000000) && 748 daddr->s6_addr32[2] == htonl(0x00000001) && 749 daddr->s6_addr [12] == 0xff )) { 750 ND_PRINTK2(KERN_WARNING 751 "ICMPv6 NS: bad DAD packet (wrong destination)\n"); 752 return; 753 } 754 755 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) { 756 ND_PRINTK2(KERN_WARNING 757 "ICMPv6 NS: invalid ND options\n"); 758 return; 759 } 760 761 if (ndopts.nd_opts_src_lladdr) { 762 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev); 763 if (!lladdr) { 764 ND_PRINTK2(KERN_WARNING 765 "ICMPv6 NS: invalid link-layer address length\n"); 766 return; 767 } 768 769 /* RFC2461 7.1.1: 770 * If the IP source address is the unspecified address, 771 * there MUST NOT be source link-layer address option 772 * in the message. 773 */ 774 if (dad) { 775 ND_PRINTK2(KERN_WARNING 776 "ICMPv6 NS: bad DAD packet (link-layer address option)\n"); 777 return; 778 } 779 } 780 781 inc = ipv6_addr_is_multicast(daddr); 782 783 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1); 784 if (ifp) { 785 786 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) { 787 if (dad) { 788 if (dev->type == ARPHRD_IEEE802_TR) { 789 const unsigned char *sadr; 790 sadr = skb_mac_header(skb); 791 if (((sadr[8] ^ dev->dev_addr[0]) & 0x7f) == 0 && 792 sadr[9] == dev->dev_addr[1] && 793 sadr[10] == dev->dev_addr[2] && 794 sadr[11] == dev->dev_addr[3] && 795 sadr[12] == dev->dev_addr[4] && 796 sadr[13] == dev->dev_addr[5]) { 797 /* looped-back to us */ 798 goto out; 799 } 800 } 801 802 /* 803 * We are colliding with another node 804 * who is doing DAD 805 * so fail our DAD process 806 */ 807 addrconf_dad_failure(ifp); 808 return; 809 } else { 810 /* 811 * This is not a dad solicitation. 812 * If we are an optimistic node, 813 * we should respond. 814 * Otherwise, we should ignore it. 815 */ 816 if (!(ifp->flags & IFA_F_OPTIMISTIC)) 817 goto out; 818 } 819 } 820 821 idev = ifp->idev; 822 } else { 823 struct net *net = dev_net(dev); 824 825 idev = in6_dev_get(dev); 826 if (!idev) { 827 /* XXX: count this drop? */ 828 return; 829 } 830 831 if (ipv6_chk_acast_addr(net, dev, &msg->target) || 832 (idev->cnf.forwarding && 833 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) && 834 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) { 835 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) && 836 skb->pkt_type != PACKET_HOST && 837 inc != 0 && 838 idev->nd_parms->proxy_delay != 0) { 839 /* 840 * for anycast or proxy, 841 * sender should delay its response 842 * by a random time between 0 and 843 * MAX_ANYCAST_DELAY_TIME seconds. 844 * (RFC2461) -- yoshfuji 845 */ 846 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC); 847 if (n) 848 pneigh_enqueue(&nd_tbl, idev->nd_parms, n); 849 goto out; 850 } 851 } else 852 goto out; 853 } 854 855 if (is_router < 0) 856 is_router = !!idev->cnf.forwarding; 857 858 if (dad) { 859 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &msg->target, 860 is_router, 0, (ifp != NULL), 1); 861 goto out; 862 } 863 864 if (inc) 865 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast); 866 else 867 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast); 868 869 /* 870 * update / create cache entry 871 * for the source address 872 */ 873 neigh = __neigh_lookup(&nd_tbl, saddr, dev, 874 !inc || lladdr || !dev->addr_len); 875 if (neigh) 876 neigh_update(neigh, lladdr, NUD_STALE, 877 NEIGH_UPDATE_F_WEAK_OVERRIDE| 878 NEIGH_UPDATE_F_OVERRIDE); 879 if (neigh || !dev->header_ops) { 880 ndisc_send_na(dev, neigh, saddr, &msg->target, 881 is_router, 882 1, (ifp != NULL && inc), inc); 883 if (neigh) 884 neigh_release(neigh); 885 } 886 887out: 888 if (ifp) 889 in6_ifa_put(ifp); 890 else 891 in6_dev_put(idev); 892 893 return; 894} 895 896static void ndisc_recv_na(struct sk_buff *skb) 897{ 898 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb); 899 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 900 struct in6_addr *daddr = &ipv6_hdr(skb)->daddr; 901 u8 *lladdr = NULL; 902 u32 ndoptlen = skb->tail - (skb->transport_header + 903 offsetof(struct nd_msg, opt)); 904 struct ndisc_options ndopts; 905 struct net_device *dev = skb->dev; 906 struct inet6_ifaddr *ifp; 907 struct neighbour *neigh; 908 909 if (skb->len < sizeof(struct nd_msg)) { 910 ND_PRINTK2(KERN_WARNING 911 "ICMPv6 NA: packet too short\n"); 912 return; 913 } 914 915 if (ipv6_addr_is_multicast(&msg->target)) { 916 ND_PRINTK2(KERN_WARNING 917 "ICMPv6 NA: target address is multicast.\n"); 918 return; 919 } 920 921 if (ipv6_addr_is_multicast(daddr) && 922 msg->icmph.icmp6_solicited) { 923 ND_PRINTK2(KERN_WARNING 924 "ICMPv6 NA: solicited NA is multicasted.\n"); 925 return; 926 } 927 928 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) { 929 ND_PRINTK2(KERN_WARNING 930 "ICMPv6 NS: invalid ND option\n"); 931 return; 932 } 933 if (ndopts.nd_opts_tgt_lladdr) { 934 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev); 935 if (!lladdr) { 936 ND_PRINTK2(KERN_WARNING 937 "ICMPv6 NA: invalid link-layer address length\n"); 938 return; 939 } 940 } 941 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1); 942 if (ifp) { 943 if (ifp->flags & IFA_F_TENTATIVE) { 944 addrconf_dad_failure(ifp); 945 return; 946 } 947 /* What should we make now? The advertisement 948 is invalid, but ndisc specs say nothing 949 about it. It could be misconfiguration, or 950 an smart proxy agent tries to help us :-) 951 952 We should not print the error if NA has been 953 received from loopback - it is just our own 954 unsolicited advertisement. 955 */ 956 if (skb->pkt_type != PACKET_LOOPBACK) 957 ND_PRINTK1(KERN_WARNING 958 "ICMPv6 NA: someone advertises our address %pI6 on %s!\n", 959 &ifp->addr, ifp->idev->dev->name); 960 in6_ifa_put(ifp); 961 return; 962 } 963 neigh = neigh_lookup(&nd_tbl, &msg->target, dev); 964 965 if (neigh) { 966 u8 old_flags = neigh->flags; 967 struct net *net = dev_net(dev); 968 969 if (neigh->nud_state & NUD_FAILED) 970 goto out; 971 972 /* 973 * Don't update the neighbor cache entry on a proxy NA from 974 * ourselves because either the proxied node is off link or it 975 * has already sent a NA to us. 976 */ 977 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) && 978 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp && 979 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) { 980 /* XXX: idev->cnf.prixy_ndp */ 981 goto out; 982 } 983 984 neigh_update(neigh, lladdr, 985 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE, 986 NEIGH_UPDATE_F_WEAK_OVERRIDE| 987 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)| 988 NEIGH_UPDATE_F_OVERRIDE_ISROUTER| 989 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0)); 990 991 if ((old_flags & ~neigh->flags) & NTF_ROUTER) { 992 /* 993 * Change: router to host 994 */ 995 struct rt6_info *rt; 996 rt = rt6_get_dflt_router(saddr, dev); 997 if (rt) 998 ip6_del_rt(rt); 999 } 1000 1001out: 1002 neigh_release(neigh); 1003 } 1004} 1005 1006static void ndisc_recv_rs(struct sk_buff *skb) 1007{ 1008 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb); 1009 unsigned long ndoptlen = skb->len - sizeof(*rs_msg); 1010 struct neighbour *neigh; 1011 struct inet6_dev *idev; 1012 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 1013 struct ndisc_options ndopts; 1014 u8 *lladdr = NULL; 1015 1016 if (skb->len < sizeof(*rs_msg)) 1017 return; 1018 1019 idev = in6_dev_get(skb->dev); 1020 if (!idev) { 1021 if (net_ratelimit()) 1022 ND_PRINTK1("ICMP6 RS: can't find in6 device\n"); 1023 return; 1024 } 1025 1026 /* Don't accept RS if we're not in router mode */ 1027 if (!idev->cnf.forwarding) 1028 goto out; 1029 1030 /* 1031 * Don't update NCE if src = ::; 1032 * this implies that the source node has no ip address assigned yet. 1033 */ 1034 if (ipv6_addr_any(saddr)) 1035 goto out; 1036 1037 /* Parse ND options */ 1038 if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) { 1039 if (net_ratelimit()) 1040 ND_PRINTK2("ICMP6 NS: invalid ND option, ignored\n"); 1041 goto out; 1042 } 1043 1044 if (ndopts.nd_opts_src_lladdr) { 1045 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, 1046 skb->dev); 1047 if (!lladdr) 1048 goto out; 1049 } 1050 1051 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1); 1052 if (neigh) { 1053 neigh_update(neigh, lladdr, NUD_STALE, 1054 NEIGH_UPDATE_F_WEAK_OVERRIDE| 1055 NEIGH_UPDATE_F_OVERRIDE| 1056 NEIGH_UPDATE_F_OVERRIDE_ISROUTER); 1057 neigh_release(neigh); 1058 } 1059out: 1060 in6_dev_put(idev); 1061} 1062 1063static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt) 1064{ 1065 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra); 1066 struct sk_buff *skb; 1067 struct nlmsghdr *nlh; 1068 struct nduseroptmsg *ndmsg; 1069 struct net *net = dev_net(ra->dev); 1070 int err; 1071 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg) 1072 + (opt->nd_opt_len << 3)); 1073 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr)); 1074 1075 skb = nlmsg_new(msg_size, GFP_ATOMIC); 1076 if (skb == NULL) { 1077 err = -ENOBUFS; 1078 goto errout; 1079 } 1080 1081 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0); 1082 if (nlh == NULL) { 1083 goto nla_put_failure; 1084 } 1085 1086 ndmsg = nlmsg_data(nlh); 1087 ndmsg->nduseropt_family = AF_INET6; 1088 ndmsg->nduseropt_ifindex = ra->dev->ifindex; 1089 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type; 1090 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code; 1091 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3; 1092 1093 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3); 1094 1095 NLA_PUT(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr), 1096 &ipv6_hdr(ra)->saddr); 1097 nlmsg_end(skb, nlh); 1098 1099 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC); 1100 return; 1101 1102nla_put_failure: 1103 nlmsg_free(skb); 1104 err = -EMSGSIZE; 1105errout: 1106 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err); 1107} 1108 1109static void ndisc_router_discovery(struct sk_buff *skb) 1110{ 1111 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb); 1112 struct neighbour *neigh = NULL; 1113 struct inet6_dev *in6_dev; 1114 struct rt6_info *rt = NULL; 1115 int lifetime; 1116 struct ndisc_options ndopts; 1117 int optlen; 1118 unsigned int pref = 0; 1119 1120 __u8 * opt = (__u8 *)(ra_msg + 1); 1121 1122 optlen = (skb->tail - skb->transport_header) - sizeof(struct ra_msg); 1123 1124 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) { 1125 ND_PRINTK2(KERN_WARNING 1126 "ICMPv6 RA: source address is not link-local.\n"); 1127 return; 1128 } 1129 if (optlen < 0) { 1130 ND_PRINTK2(KERN_WARNING 1131 "ICMPv6 RA: packet too short\n"); 1132 return; 1133 } 1134 1135#ifdef CONFIG_IPV6_NDISC_NODETYPE 1136 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) { 1137 ND_PRINTK2(KERN_WARNING 1138 "ICMPv6 RA: from host or unauthorized router\n"); 1139 return; 1140 } 1141#endif 1142 1143 /* 1144 * set the RA_RECV flag in the interface 1145 */ 1146 1147 in6_dev = in6_dev_get(skb->dev); 1148 if (in6_dev == NULL) { 1149 ND_PRINTK0(KERN_ERR 1150 "ICMPv6 RA: can't find inet6 device for %s.\n", 1151 skb->dev->name); 1152 return; 1153 } 1154 1155 if (!ndisc_parse_options(opt, optlen, &ndopts)) { 1156 in6_dev_put(in6_dev); 1157 ND_PRINTK2(KERN_WARNING 1158 "ICMP6 RA: invalid ND options\n"); 1159 return; 1160 } 1161 1162 /* skip route and link configuration on routers */ 1163 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_ra) 1164 goto skip_linkparms; 1165 1166#ifdef CONFIG_IPV6_NDISC_NODETYPE 1167 /* skip link-specific parameters from interior routers */ 1168 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) 1169 goto skip_linkparms; 1170#endif 1171 1172 if (in6_dev->if_flags & IF_RS_SENT) { 1173 /* 1174 * flag that an RA was received after an RS was sent 1175 * out on this interface. 1176 */ 1177 in6_dev->if_flags |= IF_RA_RCVD; 1178 } 1179 1180 /* 1181 * Remember the managed/otherconf flags from most recently 1182 * received RA message (RFC 2462) -- yoshfuji 1183 */ 1184 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED | 1185 IF_RA_OTHERCONF)) | 1186 (ra_msg->icmph.icmp6_addrconf_managed ? 1187 IF_RA_MANAGED : 0) | 1188 (ra_msg->icmph.icmp6_addrconf_other ? 1189 IF_RA_OTHERCONF : 0); 1190 1191 if (!in6_dev->cnf.accept_ra_defrtr) 1192 goto skip_defrtr; 1193 1194 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime); 1195 1196#ifdef CONFIG_IPV6_ROUTER_PREF 1197 pref = ra_msg->icmph.icmp6_router_pref; 1198 /* 10b is handled as if it were 00b (medium) */ 1199 if (pref == ICMPV6_ROUTER_PREF_INVALID || 1200 !in6_dev->cnf.accept_ra_rtr_pref) 1201 pref = ICMPV6_ROUTER_PREF_MEDIUM; 1202#endif 1203 1204 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev); 1205 1206 if (rt) 1207 neigh = rt->rt6i_nexthop; 1208 1209 if (rt && lifetime == 0) { 1210 neigh_clone(neigh); 1211 ip6_del_rt(rt); 1212 rt = NULL; 1213 } 1214 1215 if (rt == NULL && lifetime) { 1216 ND_PRINTK3(KERN_DEBUG 1217 "ICMPv6 RA: adding default router.\n"); 1218 1219 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref); 1220 if (rt == NULL) { 1221 ND_PRINTK0(KERN_ERR 1222 "ICMPv6 RA: %s() failed to add default route.\n", 1223 __func__); 1224 in6_dev_put(in6_dev); 1225 return; 1226 } 1227 1228 neigh = rt->rt6i_nexthop; 1229 if (neigh == NULL) { 1230 ND_PRINTK0(KERN_ERR 1231 "ICMPv6 RA: %s() got default router without neighbour.\n", 1232 __func__); 1233 dst_release(&rt->u.dst); 1234 in6_dev_put(in6_dev); 1235 return; 1236 } 1237 neigh->flags |= NTF_ROUTER; 1238 } else if (rt) { 1239 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref); 1240 } 1241 1242 if (rt) 1243 rt->rt6i_expires = jiffies + (HZ * lifetime); 1244 1245 if (ra_msg->icmph.icmp6_hop_limit) { 1246 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit; 1247 if (rt) 1248 rt->u.dst.metrics[RTAX_HOPLIMIT-1] = ra_msg->icmph.icmp6_hop_limit; 1249 } 1250 1251skip_defrtr: 1252 1253 /* 1254 * Update Reachable Time and Retrans Timer 1255 */ 1256 1257 if (in6_dev->nd_parms) { 1258 unsigned long rtime = ntohl(ra_msg->retrans_timer); 1259 1260 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) { 1261 rtime = (rtime*HZ)/1000; 1262 if (rtime < HZ/10) 1263 rtime = HZ/10; 1264 in6_dev->nd_parms->retrans_time = rtime; 1265 in6_dev->tstamp = jiffies; 1266 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev); 1267 } 1268 1269 rtime = ntohl(ra_msg->reachable_time); 1270 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) { 1271 rtime = (rtime*HZ)/1000; 1272 1273 if (rtime < HZ/10) 1274 rtime = HZ/10; 1275 1276 if (rtime != in6_dev->nd_parms->base_reachable_time) { 1277 in6_dev->nd_parms->base_reachable_time = rtime; 1278 in6_dev->nd_parms->gc_staletime = 3 * rtime; 1279 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime); 1280 in6_dev->tstamp = jiffies; 1281 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev); 1282 } 1283 } 1284 } 1285 1286skip_linkparms: 1287 1288 /* 1289 * Process options. 1290 */ 1291 1292 if (!neigh) 1293 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr, 1294 skb->dev, 1); 1295 if (neigh) { 1296 u8 *lladdr = NULL; 1297 if (ndopts.nd_opts_src_lladdr) { 1298 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, 1299 skb->dev); 1300 if (!lladdr) { 1301 ND_PRINTK2(KERN_WARNING 1302 "ICMPv6 RA: invalid link-layer address length\n"); 1303 goto out; 1304 } 1305 } 1306 neigh_update(neigh, lladdr, NUD_STALE, 1307 NEIGH_UPDATE_F_WEAK_OVERRIDE| 1308 NEIGH_UPDATE_F_OVERRIDE| 1309 NEIGH_UPDATE_F_OVERRIDE_ISROUTER| 1310 NEIGH_UPDATE_F_ISROUTER); 1311 } 1312 1313 /* skip route and link configuration on routers */ 1314 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_ra) 1315 goto out; 1316 1317#ifdef CONFIG_IPV6_ROUTE_INFO 1318 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) { 1319 struct nd_opt_hdr *p; 1320 for (p = ndopts.nd_opts_ri; 1321 p; 1322 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) { 1323 struct route_info *ri = (struct route_info *)p; 1324#ifdef CONFIG_IPV6_NDISC_NODETYPE 1325 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT && 1326 ri->prefix_len == 0) 1327 continue; 1328#endif 1329 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen) 1330 continue; 1331 rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3, 1332 &ipv6_hdr(skb)->saddr); 1333 } 1334 } 1335#endif 1336 1337#ifdef CONFIG_IPV6_NDISC_NODETYPE 1338 /* skip link-specific ndopts from interior routers */ 1339 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) 1340 goto out; 1341#endif 1342 1343 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) { 1344 struct nd_opt_hdr *p; 1345 for (p = ndopts.nd_opts_pi; 1346 p; 1347 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) { 1348 addrconf_prefix_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3); 1349 } 1350 } 1351 1352 if (ndopts.nd_opts_mtu) { 1353 __be32 n; 1354 u32 mtu; 1355 1356 memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu)); 1357 mtu = ntohl(n); 1358 1359 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) { 1360 ND_PRINTK2(KERN_WARNING 1361 "ICMPv6 RA: invalid mtu: %d\n", 1362 mtu); 1363 } else if (in6_dev->cnf.mtu6 != mtu) { 1364 in6_dev->cnf.mtu6 = mtu; 1365 1366 if (rt) 1367 rt->u.dst.metrics[RTAX_MTU-1] = mtu; 1368 1369 rt6_mtu_change(skb->dev, mtu); 1370 } 1371 } 1372 1373 if (ndopts.nd_useropts) { 1374 struct nd_opt_hdr *p; 1375 for (p = ndopts.nd_useropts; 1376 p; 1377 p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) { 1378 ndisc_ra_useropt(skb, p); 1379 } 1380 } 1381 1382 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) { 1383 ND_PRINTK2(KERN_WARNING 1384 "ICMPv6 RA: invalid RA options"); 1385 } 1386out: 1387 if (rt) 1388 dst_release(&rt->u.dst); 1389 else if (neigh) 1390 neigh_release(neigh); 1391 in6_dev_put(in6_dev); 1392} 1393 1394static void ndisc_redirect_rcv(struct sk_buff *skb) 1395{ 1396 struct inet6_dev *in6_dev; 1397 struct icmp6hdr *icmph; 1398 struct in6_addr *dest; 1399 struct in6_addr *target; /* new first hop to destination */ 1400 struct neighbour *neigh; 1401 int on_link = 0; 1402 struct ndisc_options ndopts; 1403 int optlen; 1404 u8 *lladdr = NULL; 1405 1406#ifdef CONFIG_IPV6_NDISC_NODETYPE 1407 switch (skb->ndisc_nodetype) { 1408 case NDISC_NODETYPE_HOST: 1409 case NDISC_NODETYPE_NODEFAULT: 1410 ND_PRINTK2(KERN_WARNING 1411 "ICMPv6 Redirect: from host or unauthorized router\n"); 1412 return; 1413 } 1414#endif 1415 1416 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) { 1417 ND_PRINTK2(KERN_WARNING 1418 "ICMPv6 Redirect: source address is not link-local.\n"); 1419 return; 1420 } 1421 1422 optlen = skb->tail - skb->transport_header; 1423 optlen -= sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr); 1424 1425 if (optlen < 0) { 1426 ND_PRINTK2(KERN_WARNING 1427 "ICMPv6 Redirect: packet too short\n"); 1428 return; 1429 } 1430 1431 icmph = icmp6_hdr(skb); 1432 target = (struct in6_addr *) (icmph + 1); 1433 dest = target + 1; 1434 1435 if (ipv6_addr_is_multicast(dest)) { 1436 ND_PRINTK2(KERN_WARNING 1437 "ICMPv6 Redirect: destination address is multicast.\n"); 1438 return; 1439 } 1440 1441 if (ipv6_addr_equal(dest, target)) { 1442 on_link = 1; 1443 } else if (ipv6_addr_type(target) != 1444 (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) { 1445 ND_PRINTK2(KERN_WARNING 1446 "ICMPv6 Redirect: target address is not link-local unicast.\n"); 1447 return; 1448 } 1449 1450 in6_dev = in6_dev_get(skb->dev); 1451 if (!in6_dev) 1452 return; 1453 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects) { 1454 in6_dev_put(in6_dev); 1455 return; 1456 } 1457 1458 /* RFC2461 8.1: 1459 * The IP source address of the Redirect MUST be the same as the current 1460 * first-hop router for the specified ICMP Destination Address. 1461 */ 1462 1463 if (!ndisc_parse_options((u8*)(dest + 1), optlen, &ndopts)) { 1464 ND_PRINTK2(KERN_WARNING 1465 "ICMPv6 Redirect: invalid ND options\n"); 1466 in6_dev_put(in6_dev); 1467 return; 1468 } 1469 if (ndopts.nd_opts_tgt_lladdr) { 1470 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, 1471 skb->dev); 1472 if (!lladdr) { 1473 ND_PRINTK2(KERN_WARNING 1474 "ICMPv6 Redirect: invalid link-layer address length\n"); 1475 in6_dev_put(in6_dev); 1476 return; 1477 } 1478 } 1479 1480 neigh = __neigh_lookup(&nd_tbl, target, skb->dev, 1); 1481 if (neigh) { 1482 rt6_redirect(dest, &ipv6_hdr(skb)->daddr, 1483 &ipv6_hdr(skb)->saddr, neigh, lladdr, 1484 on_link); 1485 neigh_release(neigh); 1486 } 1487 in6_dev_put(in6_dev); 1488} 1489 1490void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh, 1491 const struct in6_addr *target) 1492{ 1493 struct net_device *dev = skb->dev; 1494 struct net *net = dev_net(dev); 1495 struct sock *sk = net->ipv6.ndisc_sk; 1496 int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr); 1497 struct sk_buff *buff; 1498 struct icmp6hdr *icmph; 1499 struct in6_addr saddr_buf; 1500 struct in6_addr *addrp; 1501 struct rt6_info *rt; 1502 struct dst_entry *dst; 1503 struct inet6_dev *idev; 1504 struct flowi fl; 1505 u8 *opt; 1506 int rd_len; 1507 int err; 1508 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL; 1509 1510 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) { 1511 ND_PRINTK2(KERN_WARNING 1512 "ICMPv6 Redirect: no link-local address on %s\n", 1513 dev->name); 1514 return; 1515 } 1516 1517 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) && 1518 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) { 1519 ND_PRINTK2(KERN_WARNING 1520 "ICMPv6 Redirect: target address is not link-local unicast.\n"); 1521 return; 1522 } 1523 1524 icmpv6_flow_init(sk, &fl, NDISC_REDIRECT, 1525 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex); 1526 1527 dst = ip6_route_output(net, NULL, &fl); 1528 if (dst == NULL) 1529 return; 1530 1531 err = xfrm_lookup(net, &dst, &fl, NULL, 0); 1532 if (err) 1533 return; 1534 1535 rt = (struct rt6_info *) dst; 1536 1537 if (rt->rt6i_flags & RTF_GATEWAY) { 1538 ND_PRINTK2(KERN_WARNING 1539 "ICMPv6 Redirect: destination is not a neighbour.\n"); 1540 goto release; 1541 } 1542 if (!xrlim_allow(dst, 1*HZ)) 1543 goto release; 1544 1545 if (dev->addr_len) { 1546 read_lock_bh(&neigh->lock); 1547 if (neigh->nud_state & NUD_VALID) { 1548 memcpy(ha_buf, neigh->ha, dev->addr_len); 1549 read_unlock_bh(&neigh->lock); 1550 ha = ha_buf; 1551 len += ndisc_opt_addr_space(dev); 1552 } else 1553 read_unlock_bh(&neigh->lock); 1554 } 1555 1556 rd_len = min_t(unsigned int, 1557 IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8); 1558 rd_len &= ~0x7; 1559 len += rd_len; 1560 1561 buff = sock_alloc_send_skb(sk, 1562 (MAX_HEADER + sizeof(struct ipv6hdr) + 1563 len + LL_ALLOCATED_SPACE(dev)), 1564 1, &err); 1565 if (buff == NULL) { 1566 ND_PRINTK0(KERN_ERR 1567 "ICMPv6 Redirect: %s() failed to allocate an skb, err=%d.\n", 1568 __func__, err); 1569 goto release; 1570 } 1571 1572 skb_reserve(buff, LL_RESERVED_SPACE(dev)); 1573 ip6_nd_hdr(sk, buff, dev, &saddr_buf, &ipv6_hdr(skb)->saddr, 1574 IPPROTO_ICMPV6, len); 1575 1576 skb_set_transport_header(buff, skb_tail_pointer(buff) - buff->data); 1577 skb_put(buff, len); 1578 icmph = icmp6_hdr(buff); 1579 1580 memset(icmph, 0, sizeof(struct icmp6hdr)); 1581 icmph->icmp6_type = NDISC_REDIRECT; 1582 1583 /* 1584 * copy target and destination addresses 1585 */ 1586 1587 addrp = (struct in6_addr *)(icmph + 1); 1588 ipv6_addr_copy(addrp, target); 1589 addrp++; 1590 ipv6_addr_copy(addrp, &ipv6_hdr(skb)->daddr); 1591 1592 opt = (u8*) (addrp + 1); 1593 1594 /* 1595 * include target_address option 1596 */ 1597 1598 if (ha) 1599 opt = ndisc_fill_addr_option(opt, ND_OPT_TARGET_LL_ADDR, ha, 1600 dev->addr_len, dev->type); 1601 1602 /* 1603 * build redirect option and copy skb over to the new packet. 1604 */ 1605 1606 memset(opt, 0, 8); 1607 *(opt++) = ND_OPT_REDIRECT_HDR; 1608 *(opt++) = (rd_len >> 3); 1609 opt += 6; 1610 1611 memcpy(opt, ipv6_hdr(skb), rd_len - 8); 1612 1613 icmph->icmp6_cksum = csum_ipv6_magic(&saddr_buf, &ipv6_hdr(skb)->saddr, 1614 len, IPPROTO_ICMPV6, 1615 csum_partial(icmph, len, 0)); 1616 1617 skb_dst_set(buff, dst); 1618 idev = in6_dev_get(dst->dev); 1619 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len); 1620 err = NF_HOOK(PF_INET6, NF_INET_LOCAL_OUT, buff, NULL, dst->dev, 1621 dst_output); 1622 if (!err) { 1623 ICMP6MSGOUT_INC_STATS(net, idev, NDISC_REDIRECT); 1624 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS); 1625 } 1626 1627 if (likely(idev != NULL)) 1628 in6_dev_put(idev); 1629 return; 1630 1631release: 1632 dst_release(dst); 1633} 1634 1635static void pndisc_redo(struct sk_buff *skb) 1636{ 1637 ndisc_recv_ns(skb); 1638 kfree_skb(skb); 1639} 1640 1641int ndisc_rcv(struct sk_buff *skb) 1642{ 1643 struct nd_msg *msg; 1644 1645 if (!pskb_may_pull(skb, skb->len)) 1646 return 0; 1647 1648 msg = (struct nd_msg *)skb_transport_header(skb); 1649 1650 __skb_push(skb, skb->data - skb_transport_header(skb)); 1651 1652 if (ipv6_hdr(skb)->hop_limit != 255) { 1653 ND_PRINTK2(KERN_WARNING 1654 "ICMPv6 NDISC: invalid hop-limit: %d\n", 1655 ipv6_hdr(skb)->hop_limit); 1656 return 0; 1657 } 1658 1659 if (msg->icmph.icmp6_code != 0) { 1660 ND_PRINTK2(KERN_WARNING 1661 "ICMPv6 NDISC: invalid ICMPv6 code: %d\n", 1662 msg->icmph.icmp6_code); 1663 return 0; 1664 } 1665 1666 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb)); 1667 1668 switch (msg->icmph.icmp6_type) { 1669 case NDISC_NEIGHBOUR_SOLICITATION: 1670 ndisc_recv_ns(skb); 1671 break; 1672 1673 case NDISC_NEIGHBOUR_ADVERTISEMENT: 1674 ndisc_recv_na(skb); 1675 break; 1676 1677 case NDISC_ROUTER_SOLICITATION: 1678 ndisc_recv_rs(skb); 1679 break; 1680 1681 case NDISC_ROUTER_ADVERTISEMENT: 1682 ndisc_router_discovery(skb); 1683 break; 1684 1685 case NDISC_REDIRECT: 1686 ndisc_redirect_rcv(skb); 1687 break; 1688 } 1689 1690 return 0; 1691} 1692 1693static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr) 1694{ 1695 struct net_device *dev = ptr; 1696 struct net *net = dev_net(dev); 1697 1698 switch (event) { 1699 case NETDEV_CHANGEADDR: 1700 neigh_changeaddr(&nd_tbl, dev); 1701 fib6_run_gc(~0UL, net); 1702 break; 1703 case NETDEV_DOWN: 1704 neigh_ifdown(&nd_tbl, dev); 1705 fib6_run_gc(~0UL, net); 1706 break; 1707 default: 1708 break; 1709 } 1710 1711 return NOTIFY_DONE; 1712} 1713 1714static struct notifier_block ndisc_netdev_notifier = { 1715 .notifier_call = ndisc_netdev_event, 1716}; 1717 1718#ifdef CONFIG_SYSCTL 1719static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl, 1720 const char *func, const char *dev_name) 1721{ 1722 static char warncomm[TASK_COMM_LEN]; 1723 static int warned; 1724 if (strcmp(warncomm, current->comm) && warned < 5) { 1725 strcpy(warncomm, current->comm); 1726 printk(KERN_WARNING 1727 "process `%s' is using deprecated sysctl (%s) " 1728 "net.ipv6.neigh.%s.%s; " 1729 "Use net.ipv6.neigh.%s.%s_ms " 1730 "instead.\n", 1731 warncomm, func, 1732 dev_name, ctl->procname, 1733 dev_name, ctl->procname); 1734 warned++; 1735 } 1736} 1737 1738int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos) 1739{ 1740 struct net_device *dev = ctl->extra1; 1741 struct inet6_dev *idev; 1742 int ret; 1743 1744 if ((strcmp(ctl->procname, "retrans_time") == 0) || 1745 (strcmp(ctl->procname, "base_reachable_time") == 0)) 1746 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default"); 1747 1748 if (strcmp(ctl->procname, "retrans_time") == 0) 1749 ret = proc_dointvec(ctl, write, buffer, lenp, ppos); 1750 1751 else if (strcmp(ctl->procname, "base_reachable_time") == 0) 1752 ret = proc_dointvec_jiffies(ctl, write, 1753 buffer, lenp, ppos); 1754 1755 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) || 1756 (strcmp(ctl->procname, "base_reachable_time_ms") == 0)) 1757 ret = proc_dointvec_ms_jiffies(ctl, write, 1758 buffer, lenp, ppos); 1759 else 1760 ret = -1; 1761 1762 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) { 1763 if (ctl->data == &idev->nd_parms->base_reachable_time) 1764 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time); 1765 idev->tstamp = jiffies; 1766 inet6_ifinfo_notify(RTM_NEWLINK, idev); 1767 in6_dev_put(idev); 1768 } 1769 return ret; 1770} 1771 1772 1773#endif 1774 1775static int __net_init ndisc_net_init(struct net *net) 1776{ 1777 struct ipv6_pinfo *np; 1778 struct sock *sk; 1779 int err; 1780 1781 err = inet_ctl_sock_create(&sk, PF_INET6, 1782 SOCK_RAW, IPPROTO_ICMPV6, net); 1783 if (err < 0) { 1784 ND_PRINTK0(KERN_ERR 1785 "ICMPv6 NDISC: Failed to initialize the control socket (err %d).\n", 1786 err); 1787 return err; 1788 } 1789 1790 net->ipv6.ndisc_sk = sk; 1791 1792 np = inet6_sk(sk); 1793 np->hop_limit = 255; 1794 /* Do not loopback ndisc messages */ 1795 np->mc_loop = 0; 1796 1797 return 0; 1798} 1799 1800static void __net_exit ndisc_net_exit(struct net *net) 1801{ 1802 inet_ctl_sock_destroy(net->ipv6.ndisc_sk); 1803} 1804 1805static struct pernet_operations ndisc_net_ops = { 1806 .init = ndisc_net_init, 1807 .exit = ndisc_net_exit, 1808}; 1809 1810int __init ndisc_init(void) 1811{ 1812 int err; 1813 1814 err = register_pernet_subsys(&ndisc_net_ops); 1815 if (err) 1816 return err; 1817 /* 1818 * Initialize the neighbour table 1819 */ 1820 neigh_table_init(&nd_tbl); 1821 1822#ifdef CONFIG_SYSCTL 1823 err = neigh_sysctl_register(NULL, &nd_tbl.parms, "ipv6", 1824 &ndisc_ifinfo_sysctl_change); 1825 if (err) 1826 goto out_unregister_pernet; 1827#endif 1828 err = register_netdevice_notifier(&ndisc_netdev_notifier); 1829 if (err) 1830 goto out_unregister_sysctl; 1831out: 1832 return err; 1833 1834out_unregister_sysctl: 1835#ifdef CONFIG_SYSCTL 1836 neigh_sysctl_unregister(&nd_tbl.parms); 1837out_unregister_pernet: 1838#endif 1839 unregister_pernet_subsys(&ndisc_net_ops); 1840 goto out; 1841} 1842 1843void ndisc_cleanup(void) 1844{ 1845 unregister_netdevice_notifier(&ndisc_netdev_notifier); 1846#ifdef CONFIG_SYSCTL 1847 neigh_sysctl_unregister(&nd_tbl.parms); 1848#endif 1849 neigh_table_clear(&nd_tbl); 1850 unregister_pernet_subsys(&ndisc_net_ops); 1851} 1852