ndisc.c revision 5f5a0115635bf678d267cbc72169a718e8724d03
1/* 2 * Neighbour Discovery for IPv6 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * Mike Shaver <shaver@ingenia.com> 8 * 9 * This program is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU General Public License 11 * as published by the Free Software Foundation; either version 12 * 2 of the License, or (at your option) any later version. 13 */ 14 15/* 16 * Changes: 17 * 18 * Alexey I. Froloff : RFC6106 (DNSSL) support 19 * Pierre Ynard : export userland ND options 20 * through netlink (RDNSS support) 21 * Lars Fenneberg : fixed MTU setting on receipt 22 * of an RA. 23 * Janos Farkas : kmalloc failure checks 24 * Alexey Kuznetsov : state machine reworked 25 * and moved to net/core. 26 * Pekka Savola : RFC2461 validation 27 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly 28 */ 29 30#define pr_fmt(fmt) "ICMPv6: " fmt 31 32#include <linux/module.h> 33#include <linux/errno.h> 34#include <linux/types.h> 35#include <linux/socket.h> 36#include <linux/sockios.h> 37#include <linux/sched.h> 38#include <linux/net.h> 39#include <linux/in6.h> 40#include <linux/route.h> 41#include <linux/init.h> 42#include <linux/rcupdate.h> 43#include <linux/slab.h> 44#ifdef CONFIG_SYSCTL 45#include <linux/sysctl.h> 46#endif 47 48#include <linux/if_addr.h> 49#include <linux/if_arp.h> 50#include <linux/ipv6.h> 51#include <linux/icmpv6.h> 52#include <linux/jhash.h> 53 54#include <net/sock.h> 55#include <net/snmp.h> 56 57#include <net/ipv6.h> 58#include <net/protocol.h> 59#include <net/ndisc.h> 60#include <net/ip6_route.h> 61#include <net/addrconf.h> 62#include <net/icmp.h> 63 64#include <net/netlink.h> 65#include <linux/rtnetlink.h> 66 67#include <net/flow.h> 68#include <net/ip6_checksum.h> 69#include <net/inet_common.h> 70#include <linux/proc_fs.h> 71 72#include <linux/netfilter.h> 73#include <linux/netfilter_ipv6.h> 74 75/* Set to 3 to get tracing... */ 76#define ND_DEBUG 1 77 78#define ND_PRINTK(val, level, fmt, ...) \ 79do { \ 80 if (val <= ND_DEBUG) \ 81 net_##level##_ratelimited(fmt, ##__VA_ARGS__); \ 82} while (0) 83 84static u32 ndisc_hash(const void *pkey, 85 const struct net_device *dev, 86 __u32 *hash_rnd); 87static int ndisc_constructor(struct neighbour *neigh); 88static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb); 89static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb); 90static int pndisc_constructor(struct pneigh_entry *n); 91static void pndisc_destructor(struct pneigh_entry *n); 92static void pndisc_redo(struct sk_buff *skb); 93 94static const struct neigh_ops ndisc_generic_ops = { 95 .family = AF_INET6, 96 .solicit = ndisc_solicit, 97 .error_report = ndisc_error_report, 98 .output = neigh_resolve_output, 99 .connected_output = neigh_connected_output, 100}; 101 102static const struct neigh_ops ndisc_hh_ops = { 103 .family = AF_INET6, 104 .solicit = ndisc_solicit, 105 .error_report = ndisc_error_report, 106 .output = neigh_resolve_output, 107 .connected_output = neigh_resolve_output, 108}; 109 110 111static const struct neigh_ops ndisc_direct_ops = { 112 .family = AF_INET6, 113 .output = neigh_direct_output, 114 .connected_output = neigh_direct_output, 115}; 116 117struct neigh_table nd_tbl = { 118 .family = AF_INET6, 119 .key_len = sizeof(struct in6_addr), 120 .hash = ndisc_hash, 121 .constructor = ndisc_constructor, 122 .pconstructor = pndisc_constructor, 123 .pdestructor = pndisc_destructor, 124 .proxy_redo = pndisc_redo, 125 .id = "ndisc_cache", 126 .parms = { 127 .tbl = &nd_tbl, 128 .base_reachable_time = ND_REACHABLE_TIME, 129 .retrans_time = ND_RETRANS_TIMER, 130 .gc_staletime = 60 * HZ, 131 .reachable_time = ND_REACHABLE_TIME, 132 .delay_probe_time = 5 * HZ, 133 .queue_len_bytes = 64*1024, 134 .ucast_probes = 3, 135 .mcast_probes = 3, 136 .anycast_delay = 1 * HZ, 137 .proxy_delay = (8 * HZ) / 10, 138 .proxy_qlen = 64, 139 }, 140 .gc_interval = 30 * HZ, 141 .gc_thresh1 = 128, 142 .gc_thresh2 = 512, 143 .gc_thresh3 = 1024, 144}; 145 146static void ndisc_fill_addr_option(struct sk_buff *skb, int type, void *data) 147{ 148 int pad = ndisc_addr_option_pad(skb->dev->type); 149 int data_len = skb->dev->addr_len; 150 int space = ndisc_opt_addr_space(skb->dev); 151 u8 *opt = skb_put(skb, space); 152 153 opt[0] = type; 154 opt[1] = space>>3; 155 156 memset(opt + 2, 0, pad); 157 opt += pad; 158 space -= pad; 159 160 memcpy(opt+2, data, data_len); 161 data_len += 2; 162 opt += data_len; 163 if ((space -= data_len) > 0) 164 memset(opt, 0, space); 165} 166 167static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur, 168 struct nd_opt_hdr *end) 169{ 170 int type; 171 if (!cur || !end || cur >= end) 172 return NULL; 173 type = cur->nd_opt_type; 174 do { 175 cur = ((void *)cur) + (cur->nd_opt_len << 3); 176 } while(cur < end && cur->nd_opt_type != type); 177 return cur <= end && cur->nd_opt_type == type ? cur : NULL; 178} 179 180static inline int ndisc_is_useropt(struct nd_opt_hdr *opt) 181{ 182 return opt->nd_opt_type == ND_OPT_RDNSS || 183 opt->nd_opt_type == ND_OPT_DNSSL; 184} 185 186static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur, 187 struct nd_opt_hdr *end) 188{ 189 if (!cur || !end || cur >= end) 190 return NULL; 191 do { 192 cur = ((void *)cur) + (cur->nd_opt_len << 3); 193 } while(cur < end && !ndisc_is_useropt(cur)); 194 return cur <= end && ndisc_is_useropt(cur) ? cur : NULL; 195} 196 197struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len, 198 struct ndisc_options *ndopts) 199{ 200 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt; 201 202 if (!nd_opt || opt_len < 0 || !ndopts) 203 return NULL; 204 memset(ndopts, 0, sizeof(*ndopts)); 205 while (opt_len) { 206 int l; 207 if (opt_len < sizeof(struct nd_opt_hdr)) 208 return NULL; 209 l = nd_opt->nd_opt_len << 3; 210 if (opt_len < l || l == 0) 211 return NULL; 212 switch (nd_opt->nd_opt_type) { 213 case ND_OPT_SOURCE_LL_ADDR: 214 case ND_OPT_TARGET_LL_ADDR: 215 case ND_OPT_MTU: 216 case ND_OPT_REDIRECT_HDR: 217 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) { 218 ND_PRINTK(2, warn, 219 "%s: duplicated ND6 option found: type=%d\n", 220 __func__, nd_opt->nd_opt_type); 221 } else { 222 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 223 } 224 break; 225 case ND_OPT_PREFIX_INFO: 226 ndopts->nd_opts_pi_end = nd_opt; 227 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type]) 228 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 229 break; 230#ifdef CONFIG_IPV6_ROUTE_INFO 231 case ND_OPT_ROUTE_INFO: 232 ndopts->nd_opts_ri_end = nd_opt; 233 if (!ndopts->nd_opts_ri) 234 ndopts->nd_opts_ri = nd_opt; 235 break; 236#endif 237 default: 238 if (ndisc_is_useropt(nd_opt)) { 239 ndopts->nd_useropts_end = nd_opt; 240 if (!ndopts->nd_useropts) 241 ndopts->nd_useropts = nd_opt; 242 } else { 243 /* 244 * Unknown options must be silently ignored, 245 * to accommodate future extension to the 246 * protocol. 247 */ 248 ND_PRINTK(2, notice, 249 "%s: ignored unsupported option; type=%d, len=%d\n", 250 __func__, 251 nd_opt->nd_opt_type, 252 nd_opt->nd_opt_len); 253 } 254 } 255 opt_len -= l; 256 nd_opt = ((void *)nd_opt) + l; 257 } 258 return ndopts; 259} 260 261int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir) 262{ 263 switch (dev->type) { 264 case ARPHRD_ETHER: 265 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */ 266 case ARPHRD_FDDI: 267 ipv6_eth_mc_map(addr, buf); 268 return 0; 269 case ARPHRD_ARCNET: 270 ipv6_arcnet_mc_map(addr, buf); 271 return 0; 272 case ARPHRD_INFINIBAND: 273 ipv6_ib_mc_map(addr, dev->broadcast, buf); 274 return 0; 275 case ARPHRD_IPGRE: 276 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf); 277 default: 278 if (dir) { 279 memcpy(buf, dev->broadcast, dev->addr_len); 280 return 0; 281 } 282 } 283 return -EINVAL; 284} 285 286EXPORT_SYMBOL(ndisc_mc_map); 287 288static u32 ndisc_hash(const void *pkey, 289 const struct net_device *dev, 290 __u32 *hash_rnd) 291{ 292 return ndisc_hashfn(pkey, dev, hash_rnd); 293} 294 295static int ndisc_constructor(struct neighbour *neigh) 296{ 297 struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key; 298 struct net_device *dev = neigh->dev; 299 struct inet6_dev *in6_dev; 300 struct neigh_parms *parms; 301 bool is_multicast = ipv6_addr_is_multicast(addr); 302 303 in6_dev = in6_dev_get(dev); 304 if (in6_dev == NULL) { 305 return -EINVAL; 306 } 307 308 parms = in6_dev->nd_parms; 309 __neigh_parms_put(neigh->parms); 310 neigh->parms = neigh_parms_clone(parms); 311 312 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST; 313 if (!dev->header_ops) { 314 neigh->nud_state = NUD_NOARP; 315 neigh->ops = &ndisc_direct_ops; 316 neigh->output = neigh_direct_output; 317 } else { 318 if (is_multicast) { 319 neigh->nud_state = NUD_NOARP; 320 ndisc_mc_map(addr, neigh->ha, dev, 1); 321 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) { 322 neigh->nud_state = NUD_NOARP; 323 memcpy(neigh->ha, dev->dev_addr, dev->addr_len); 324 if (dev->flags&IFF_LOOPBACK) 325 neigh->type = RTN_LOCAL; 326 } else if (dev->flags&IFF_POINTOPOINT) { 327 neigh->nud_state = NUD_NOARP; 328 memcpy(neigh->ha, dev->broadcast, dev->addr_len); 329 } 330 if (dev->header_ops->cache) 331 neigh->ops = &ndisc_hh_ops; 332 else 333 neigh->ops = &ndisc_generic_ops; 334 if (neigh->nud_state&NUD_VALID) 335 neigh->output = neigh->ops->connected_output; 336 else 337 neigh->output = neigh->ops->output; 338 } 339 in6_dev_put(in6_dev); 340 return 0; 341} 342 343static int pndisc_constructor(struct pneigh_entry *n) 344{ 345 struct in6_addr *addr = (struct in6_addr*)&n->key; 346 struct in6_addr maddr; 347 struct net_device *dev = n->dev; 348 349 if (dev == NULL || __in6_dev_get(dev) == NULL) 350 return -EINVAL; 351 addrconf_addr_solict_mult(addr, &maddr); 352 ipv6_dev_mc_inc(dev, &maddr); 353 return 0; 354} 355 356static void pndisc_destructor(struct pneigh_entry *n) 357{ 358 struct in6_addr *addr = (struct in6_addr*)&n->key; 359 struct in6_addr maddr; 360 struct net_device *dev = n->dev; 361 362 if (dev == NULL || __in6_dev_get(dev) == NULL) 363 return; 364 addrconf_addr_solict_mult(addr, &maddr); 365 ipv6_dev_mc_dec(dev, &maddr); 366} 367 368static struct sk_buff *ndisc_alloc_skb(struct net_device *dev, 369 int len) 370{ 371 int hlen = LL_RESERVED_SPACE(dev); 372 int tlen = dev->needed_tailroom; 373 struct sock *sk = dev_net(dev)->ipv6.ndisc_sk; 374 struct sk_buff *skb; 375 int err; 376 377 skb = sock_alloc_send_skb(sk, 378 hlen + sizeof(struct ipv6hdr) + len + tlen, 379 1, &err); 380 if (!skb) { 381 ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb, err=%d\n", 382 __func__, err); 383 return NULL; 384 } 385 386 skb->protocol = htons(ETH_P_IPV6); 387 skb->dev = dev; 388 389 skb_reserve(skb, hlen + sizeof(struct ipv6hdr)); 390 skb_reset_transport_header(skb); 391 392 return skb; 393} 394 395static void ip6_nd_hdr(struct sk_buff *skb, 396 const struct in6_addr *saddr, 397 const struct in6_addr *daddr, 398 int hop_limit, int len) 399{ 400 struct ipv6hdr *hdr; 401 402 skb_push(skb, sizeof(*hdr)); 403 skb_reset_network_header(skb); 404 hdr = ipv6_hdr(skb); 405 406 ip6_flow_hdr(hdr, 0, 0); 407 408 hdr->payload_len = htons(len); 409 hdr->nexthdr = IPPROTO_ICMPV6; 410 hdr->hop_limit = hop_limit; 411 412 hdr->saddr = *saddr; 413 hdr->daddr = *daddr; 414} 415 416static struct sk_buff *ndisc_build_skb(struct net_device *dev, 417 const struct in6_addr *daddr, 418 const struct in6_addr *saddr, 419 struct icmp6hdr *icmp6h, 420 const struct in6_addr *target, 421 int llinfo) 422{ 423 struct net *net = dev_net(dev); 424 struct sock *sk = net->ipv6.ndisc_sk; 425 struct sk_buff *skb; 426 struct icmp6hdr *hdr; 427 int len; 428 int optlen = 0; 429 u8 *opt; 430 431 if (!dev->addr_len) 432 llinfo = 0; 433 434 len = sizeof(struct icmp6hdr) + (target ? sizeof(*target) : 0); 435 if (llinfo) 436 optlen += ndisc_opt_addr_space(dev); 437 438 skb = ndisc_alloc_skb(dev, len + optlen); 439 if (!skb) 440 return NULL; 441 442 skb_put(skb, len); 443 444 hdr = (struct icmp6hdr *)skb_transport_header(skb); 445 memcpy(hdr, icmp6h, sizeof(*hdr)); 446 447 opt = skb_transport_header(skb) + sizeof(struct icmp6hdr); 448 if (target) { 449 *(struct in6_addr *)opt = *target; 450 opt += sizeof(*target); 451 } 452 453 if (llinfo) 454 ndisc_fill_addr_option(skb, llinfo, dev->dev_addr); 455 456 hdr->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len, 457 IPPROTO_ICMPV6, 458 csum_partial(hdr, 459 skb->len, 0)); 460 461 ip6_nd_hdr(skb, saddr, daddr, inet6_sk(sk)->hop_limit, skb->len); 462 463 return skb; 464} 465 466static void ndisc_send_skb(struct sk_buff *skb, 467 const struct in6_addr *daddr, 468 const struct in6_addr *saddr, 469 struct icmp6hdr *icmp6h) 470{ 471 struct flowi6 fl6; 472 struct dst_entry *dst; 473 struct net *net = dev_net(skb->dev); 474 struct sock *sk = net->ipv6.ndisc_sk; 475 struct inet6_dev *idev; 476 int err; 477 u8 type; 478 479 type = icmp6h->icmp6_type; 480 481 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, skb->dev->ifindex); 482 dst = icmp6_dst_alloc(skb->dev, &fl6); 483 if (IS_ERR(dst)) { 484 kfree_skb(skb); 485 return; 486 } 487 488 skb_dst_set(skb, dst); 489 490 rcu_read_lock(); 491 idev = __in6_dev_get(dst->dev); 492 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len); 493 494 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev, 495 dst_output); 496 if (!err) { 497 ICMP6MSGOUT_INC_STATS(net, idev, type); 498 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS); 499 } 500 501 rcu_read_unlock(); 502} 503 504/* 505 * Send a Neighbour Discover packet 506 */ 507static void __ndisc_send(struct net_device *dev, 508 const struct in6_addr *daddr, 509 const struct in6_addr *saddr, 510 struct icmp6hdr *icmp6h, const struct in6_addr *target, 511 int llinfo) 512{ 513 struct sk_buff *skb; 514 515 skb = ndisc_build_skb(dev, daddr, saddr, icmp6h, target, llinfo); 516 if (!skb) 517 return; 518 519 ndisc_send_skb(skb, daddr, saddr, icmp6h); 520} 521 522static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh, 523 const struct in6_addr *daddr, 524 const struct in6_addr *solicited_addr, 525 bool router, bool solicited, bool override, bool inc_opt) 526{ 527 struct in6_addr tmpaddr; 528 struct inet6_ifaddr *ifp; 529 const struct in6_addr *src_addr; 530 struct icmp6hdr icmp6h = { 531 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT, 532 }; 533 534 /* for anycast or proxy, solicited_addr != src_addr */ 535 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1); 536 if (ifp) { 537 src_addr = solicited_addr; 538 if (ifp->flags & IFA_F_OPTIMISTIC) 539 override = 0; 540 inc_opt |= ifp->idev->cnf.force_tllao; 541 in6_ifa_put(ifp); 542 } else { 543 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr, 544 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs, 545 &tmpaddr)) 546 return; 547 src_addr = &tmpaddr; 548 } 549 550 icmp6h.icmp6_router = router; 551 icmp6h.icmp6_solicited = solicited; 552 icmp6h.icmp6_override = override; 553 554 __ndisc_send(dev, daddr, src_addr, &icmp6h, solicited_addr, 555 inc_opt ? ND_OPT_TARGET_LL_ADDR : 0); 556} 557 558static void ndisc_send_unsol_na(struct net_device *dev) 559{ 560 struct inet6_dev *idev; 561 struct inet6_ifaddr *ifa; 562 563 idev = in6_dev_get(dev); 564 if (!idev) 565 return; 566 567 read_lock_bh(&idev->lock); 568 list_for_each_entry(ifa, &idev->addr_list, if_list) { 569 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &ifa->addr, 570 /*router=*/ !!idev->cnf.forwarding, 571 /*solicited=*/ false, /*override=*/ true, 572 /*inc_opt=*/ true); 573 } 574 read_unlock_bh(&idev->lock); 575 576 in6_dev_put(idev); 577} 578 579void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh, 580 const struct in6_addr *solicit, 581 const struct in6_addr *daddr, const struct in6_addr *saddr) 582{ 583 struct in6_addr addr_buf; 584 struct icmp6hdr icmp6h = { 585 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION, 586 }; 587 588 if (saddr == NULL) { 589 if (ipv6_get_lladdr(dev, &addr_buf, 590 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))) 591 return; 592 saddr = &addr_buf; 593 } 594 595 __ndisc_send(dev, daddr, saddr, &icmp6h, solicit, 596 !ipv6_addr_any(saddr) ? ND_OPT_SOURCE_LL_ADDR : 0); 597} 598 599void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr, 600 const struct in6_addr *daddr) 601{ 602 struct icmp6hdr icmp6h = { 603 .icmp6_type = NDISC_ROUTER_SOLICITATION, 604 }; 605 int send_sllao = dev->addr_len; 606 607#ifdef CONFIG_IPV6_OPTIMISTIC_DAD 608 /* 609 * According to section 2.2 of RFC 4429, we must not 610 * send router solicitations with a sllao from 611 * optimistic addresses, but we may send the solicitation 612 * if we don't include the sllao. So here we check 613 * if our address is optimistic, and if so, we 614 * suppress the inclusion of the sllao. 615 */ 616 if (send_sllao) { 617 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr, 618 dev, 1); 619 if (ifp) { 620 if (ifp->flags & IFA_F_OPTIMISTIC) { 621 send_sllao = 0; 622 } 623 in6_ifa_put(ifp); 624 } else { 625 send_sllao = 0; 626 } 627 } 628#endif 629 __ndisc_send(dev, daddr, saddr, &icmp6h, NULL, 630 send_sllao ? ND_OPT_SOURCE_LL_ADDR : 0); 631} 632 633 634static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb) 635{ 636 /* 637 * "The sender MUST return an ICMP 638 * destination unreachable" 639 */ 640 dst_link_failure(skb); 641 kfree_skb(skb); 642} 643 644/* Called with locked neigh: either read or both */ 645 646static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb) 647{ 648 struct in6_addr *saddr = NULL; 649 struct in6_addr mcaddr; 650 struct net_device *dev = neigh->dev; 651 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key; 652 int probes = atomic_read(&neigh->probes); 653 654 if (skb && ipv6_chk_addr(dev_net(dev), &ipv6_hdr(skb)->saddr, dev, 1)) 655 saddr = &ipv6_hdr(skb)->saddr; 656 657 if ((probes -= neigh->parms->ucast_probes) < 0) { 658 if (!(neigh->nud_state & NUD_VALID)) { 659 ND_PRINTK(1, dbg, 660 "%s: trying to ucast probe in NUD_INVALID: %pI6\n", 661 __func__, target); 662 } 663 ndisc_send_ns(dev, neigh, target, target, saddr); 664 } else if ((probes -= neigh->parms->app_probes) < 0) { 665#ifdef CONFIG_ARPD 666 neigh_app_ns(neigh); 667#endif 668 } else { 669 addrconf_addr_solict_mult(target, &mcaddr); 670 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr); 671 } 672} 673 674static int pndisc_is_router(const void *pkey, 675 struct net_device *dev) 676{ 677 struct pneigh_entry *n; 678 int ret = -1; 679 680 read_lock_bh(&nd_tbl.lock); 681 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev); 682 if (n) 683 ret = !!(n->flags & NTF_ROUTER); 684 read_unlock_bh(&nd_tbl.lock); 685 686 return ret; 687} 688 689static void ndisc_recv_ns(struct sk_buff *skb) 690{ 691 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb); 692 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 693 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr; 694 u8 *lladdr = NULL; 695 u32 ndoptlen = skb->tail - (skb->transport_header + 696 offsetof(struct nd_msg, opt)); 697 struct ndisc_options ndopts; 698 struct net_device *dev = skb->dev; 699 struct inet6_ifaddr *ifp; 700 struct inet6_dev *idev = NULL; 701 struct neighbour *neigh; 702 int dad = ipv6_addr_any(saddr); 703 bool inc; 704 int is_router = -1; 705 706 if (skb->len < sizeof(struct nd_msg)) { 707 ND_PRINTK(2, warn, "NS: packet too short\n"); 708 return; 709 } 710 711 if (ipv6_addr_is_multicast(&msg->target)) { 712 ND_PRINTK(2, warn, "NS: multicast target address\n"); 713 return; 714 } 715 716 /* 717 * RFC2461 7.1.1: 718 * DAD has to be destined for solicited node multicast address. 719 */ 720 if (dad && !ipv6_addr_is_solict_mult(daddr)) { 721 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n"); 722 return; 723 } 724 725 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) { 726 ND_PRINTK(2, warn, "NS: invalid ND options\n"); 727 return; 728 } 729 730 if (ndopts.nd_opts_src_lladdr) { 731 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev); 732 if (!lladdr) { 733 ND_PRINTK(2, warn, 734 "NS: invalid link-layer address length\n"); 735 return; 736 } 737 738 /* RFC2461 7.1.1: 739 * If the IP source address is the unspecified address, 740 * there MUST NOT be source link-layer address option 741 * in the message. 742 */ 743 if (dad) { 744 ND_PRINTK(2, warn, 745 "NS: bad DAD packet (link-layer address option)\n"); 746 return; 747 } 748 } 749 750 inc = ipv6_addr_is_multicast(daddr); 751 752 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1); 753 if (ifp) { 754 755 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) { 756 if (dad) { 757 /* 758 * We are colliding with another node 759 * who is doing DAD 760 * so fail our DAD process 761 */ 762 addrconf_dad_failure(ifp); 763 return; 764 } else { 765 /* 766 * This is not a dad solicitation. 767 * If we are an optimistic node, 768 * we should respond. 769 * Otherwise, we should ignore it. 770 */ 771 if (!(ifp->flags & IFA_F_OPTIMISTIC)) 772 goto out; 773 } 774 } 775 776 idev = ifp->idev; 777 } else { 778 struct net *net = dev_net(dev); 779 780 idev = in6_dev_get(dev); 781 if (!idev) { 782 /* XXX: count this drop? */ 783 return; 784 } 785 786 if (ipv6_chk_acast_addr(net, dev, &msg->target) || 787 (idev->cnf.forwarding && 788 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) && 789 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) { 790 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) && 791 skb->pkt_type != PACKET_HOST && 792 inc != 0 && 793 idev->nd_parms->proxy_delay != 0) { 794 /* 795 * for anycast or proxy, 796 * sender should delay its response 797 * by a random time between 0 and 798 * MAX_ANYCAST_DELAY_TIME seconds. 799 * (RFC2461) -- yoshfuji 800 */ 801 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC); 802 if (n) 803 pneigh_enqueue(&nd_tbl, idev->nd_parms, n); 804 goto out; 805 } 806 } else 807 goto out; 808 } 809 810 if (is_router < 0) 811 is_router = idev->cnf.forwarding; 812 813 if (dad) { 814 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &msg->target, 815 !!is_router, false, (ifp != NULL), true); 816 goto out; 817 } 818 819 if (inc) 820 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast); 821 else 822 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast); 823 824 /* 825 * update / create cache entry 826 * for the source address 827 */ 828 neigh = __neigh_lookup(&nd_tbl, saddr, dev, 829 !inc || lladdr || !dev->addr_len); 830 if (neigh) 831 neigh_update(neigh, lladdr, NUD_STALE, 832 NEIGH_UPDATE_F_WEAK_OVERRIDE| 833 NEIGH_UPDATE_F_OVERRIDE); 834 if (neigh || !dev->header_ops) { 835 ndisc_send_na(dev, neigh, saddr, &msg->target, 836 !!is_router, 837 true, (ifp != NULL && inc), inc); 838 if (neigh) 839 neigh_release(neigh); 840 } 841 842out: 843 if (ifp) 844 in6_ifa_put(ifp); 845 else 846 in6_dev_put(idev); 847} 848 849static void ndisc_recv_na(struct sk_buff *skb) 850{ 851 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb); 852 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 853 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr; 854 u8 *lladdr = NULL; 855 u32 ndoptlen = skb->tail - (skb->transport_header + 856 offsetof(struct nd_msg, opt)); 857 struct ndisc_options ndopts; 858 struct net_device *dev = skb->dev; 859 struct inet6_ifaddr *ifp; 860 struct neighbour *neigh; 861 862 if (skb->len < sizeof(struct nd_msg)) { 863 ND_PRINTK(2, warn, "NA: packet too short\n"); 864 return; 865 } 866 867 if (ipv6_addr_is_multicast(&msg->target)) { 868 ND_PRINTK(2, warn, "NA: target address is multicast\n"); 869 return; 870 } 871 872 if (ipv6_addr_is_multicast(daddr) && 873 msg->icmph.icmp6_solicited) { 874 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n"); 875 return; 876 } 877 878 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) { 879 ND_PRINTK(2, warn, "NS: invalid ND option\n"); 880 return; 881 } 882 if (ndopts.nd_opts_tgt_lladdr) { 883 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev); 884 if (!lladdr) { 885 ND_PRINTK(2, warn, 886 "NA: invalid link-layer address length\n"); 887 return; 888 } 889 } 890 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1); 891 if (ifp) { 892 if (skb->pkt_type != PACKET_LOOPBACK 893 && (ifp->flags & IFA_F_TENTATIVE)) { 894 addrconf_dad_failure(ifp); 895 return; 896 } 897 /* What should we make now? The advertisement 898 is invalid, but ndisc specs say nothing 899 about it. It could be misconfiguration, or 900 an smart proxy agent tries to help us :-) 901 902 We should not print the error if NA has been 903 received from loopback - it is just our own 904 unsolicited advertisement. 905 */ 906 if (skb->pkt_type != PACKET_LOOPBACK) 907 ND_PRINTK(1, warn, 908 "NA: someone advertises our address %pI6 on %s!\n", 909 &ifp->addr, ifp->idev->dev->name); 910 in6_ifa_put(ifp); 911 return; 912 } 913 neigh = neigh_lookup(&nd_tbl, &msg->target, dev); 914 915 if (neigh) { 916 u8 old_flags = neigh->flags; 917 struct net *net = dev_net(dev); 918 919 if (neigh->nud_state & NUD_FAILED) 920 goto out; 921 922 /* 923 * Don't update the neighbor cache entry on a proxy NA from 924 * ourselves because either the proxied node is off link or it 925 * has already sent a NA to us. 926 */ 927 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) && 928 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp && 929 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) { 930 /* XXX: idev->cnf.proxy_ndp */ 931 goto out; 932 } 933 934 neigh_update(neigh, lladdr, 935 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE, 936 NEIGH_UPDATE_F_WEAK_OVERRIDE| 937 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)| 938 NEIGH_UPDATE_F_OVERRIDE_ISROUTER| 939 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0)); 940 941 if ((old_flags & ~neigh->flags) & NTF_ROUTER) { 942 /* 943 * Change: router to host 944 */ 945 struct rt6_info *rt; 946 rt = rt6_get_dflt_router(saddr, dev); 947 if (rt) 948 ip6_del_rt(rt); 949 } 950 951out: 952 neigh_release(neigh); 953 } 954} 955 956static void ndisc_recv_rs(struct sk_buff *skb) 957{ 958 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb); 959 unsigned long ndoptlen = skb->len - sizeof(*rs_msg); 960 struct neighbour *neigh; 961 struct inet6_dev *idev; 962 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 963 struct ndisc_options ndopts; 964 u8 *lladdr = NULL; 965 966 if (skb->len < sizeof(*rs_msg)) 967 return; 968 969 idev = __in6_dev_get(skb->dev); 970 if (!idev) { 971 ND_PRINTK(1, err, "RS: can't find in6 device\n"); 972 return; 973 } 974 975 /* Don't accept RS if we're not in router mode */ 976 if (!idev->cnf.forwarding) 977 goto out; 978 979 /* 980 * Don't update NCE if src = ::; 981 * this implies that the source node has no ip address assigned yet. 982 */ 983 if (ipv6_addr_any(saddr)) 984 goto out; 985 986 /* Parse ND options */ 987 if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) { 988 ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n"); 989 goto out; 990 } 991 992 if (ndopts.nd_opts_src_lladdr) { 993 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, 994 skb->dev); 995 if (!lladdr) 996 goto out; 997 } 998 999 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1); 1000 if (neigh) { 1001 neigh_update(neigh, lladdr, NUD_STALE, 1002 NEIGH_UPDATE_F_WEAK_OVERRIDE| 1003 NEIGH_UPDATE_F_OVERRIDE| 1004 NEIGH_UPDATE_F_OVERRIDE_ISROUTER); 1005 neigh_release(neigh); 1006 } 1007out: 1008 return; 1009} 1010 1011static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt) 1012{ 1013 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra); 1014 struct sk_buff *skb; 1015 struct nlmsghdr *nlh; 1016 struct nduseroptmsg *ndmsg; 1017 struct net *net = dev_net(ra->dev); 1018 int err; 1019 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg) 1020 + (opt->nd_opt_len << 3)); 1021 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr)); 1022 1023 skb = nlmsg_new(msg_size, GFP_ATOMIC); 1024 if (skb == NULL) { 1025 err = -ENOBUFS; 1026 goto errout; 1027 } 1028 1029 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0); 1030 if (nlh == NULL) { 1031 goto nla_put_failure; 1032 } 1033 1034 ndmsg = nlmsg_data(nlh); 1035 ndmsg->nduseropt_family = AF_INET6; 1036 ndmsg->nduseropt_ifindex = ra->dev->ifindex; 1037 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type; 1038 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code; 1039 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3; 1040 1041 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3); 1042 1043 if (nla_put(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr), 1044 &ipv6_hdr(ra)->saddr)) 1045 goto nla_put_failure; 1046 nlmsg_end(skb, nlh); 1047 1048 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC); 1049 return; 1050 1051nla_put_failure: 1052 nlmsg_free(skb); 1053 err = -EMSGSIZE; 1054errout: 1055 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err); 1056} 1057 1058static void ndisc_router_discovery(struct sk_buff *skb) 1059{ 1060 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb); 1061 struct neighbour *neigh = NULL; 1062 struct inet6_dev *in6_dev; 1063 struct rt6_info *rt = NULL; 1064 int lifetime; 1065 struct ndisc_options ndopts; 1066 int optlen; 1067 unsigned int pref = 0; 1068 1069 __u8 * opt = (__u8 *)(ra_msg + 1); 1070 1071 optlen = (skb->tail - skb->transport_header) - sizeof(struct ra_msg); 1072 1073 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) { 1074 ND_PRINTK(2, warn, "RA: source address is not link-local\n"); 1075 return; 1076 } 1077 if (optlen < 0) { 1078 ND_PRINTK(2, warn, "RA: packet too short\n"); 1079 return; 1080 } 1081 1082#ifdef CONFIG_IPV6_NDISC_NODETYPE 1083 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) { 1084 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n"); 1085 return; 1086 } 1087#endif 1088 1089 /* 1090 * set the RA_RECV flag in the interface 1091 */ 1092 1093 in6_dev = __in6_dev_get(skb->dev); 1094 if (in6_dev == NULL) { 1095 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n", 1096 skb->dev->name); 1097 return; 1098 } 1099 1100 if (!ndisc_parse_options(opt, optlen, &ndopts)) { 1101 ND_PRINTK(2, warn, "RA: invalid ND options\n"); 1102 return; 1103 } 1104 1105 if (!ipv6_accept_ra(in6_dev)) 1106 goto skip_linkparms; 1107 1108#ifdef CONFIG_IPV6_NDISC_NODETYPE 1109 /* skip link-specific parameters from interior routers */ 1110 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) 1111 goto skip_linkparms; 1112#endif 1113 1114 if (in6_dev->if_flags & IF_RS_SENT) { 1115 /* 1116 * flag that an RA was received after an RS was sent 1117 * out on this interface. 1118 */ 1119 in6_dev->if_flags |= IF_RA_RCVD; 1120 } 1121 1122 /* 1123 * Remember the managed/otherconf flags from most recently 1124 * received RA message (RFC 2462) -- yoshfuji 1125 */ 1126 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED | 1127 IF_RA_OTHERCONF)) | 1128 (ra_msg->icmph.icmp6_addrconf_managed ? 1129 IF_RA_MANAGED : 0) | 1130 (ra_msg->icmph.icmp6_addrconf_other ? 1131 IF_RA_OTHERCONF : 0); 1132 1133 if (!in6_dev->cnf.accept_ra_defrtr) 1134 goto skip_defrtr; 1135 1136 if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0)) 1137 goto skip_defrtr; 1138 1139 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime); 1140 1141#ifdef CONFIG_IPV6_ROUTER_PREF 1142 pref = ra_msg->icmph.icmp6_router_pref; 1143 /* 10b is handled as if it were 00b (medium) */ 1144 if (pref == ICMPV6_ROUTER_PREF_INVALID || 1145 !in6_dev->cnf.accept_ra_rtr_pref) 1146 pref = ICMPV6_ROUTER_PREF_MEDIUM; 1147#endif 1148 1149 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev); 1150 1151 if (rt) { 1152 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr); 1153 if (!neigh) { 1154 ND_PRINTK(0, err, 1155 "RA: %s got default router without neighbour\n", 1156 __func__); 1157 ip6_rt_put(rt); 1158 return; 1159 } 1160 } 1161 if (rt && lifetime == 0) { 1162 ip6_del_rt(rt); 1163 rt = NULL; 1164 } 1165 1166 if (rt == NULL && lifetime) { 1167 ND_PRINTK(3, dbg, "RA: adding default router\n"); 1168 1169 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref); 1170 if (rt == NULL) { 1171 ND_PRINTK(0, err, 1172 "RA: %s failed to add default route\n", 1173 __func__); 1174 return; 1175 } 1176 1177 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr); 1178 if (neigh == NULL) { 1179 ND_PRINTK(0, err, 1180 "RA: %s got default router without neighbour\n", 1181 __func__); 1182 ip6_rt_put(rt); 1183 return; 1184 } 1185 neigh->flags |= NTF_ROUTER; 1186 } else if (rt) { 1187 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref); 1188 } 1189 1190 if (rt) 1191 rt6_set_expires(rt, jiffies + (HZ * lifetime)); 1192 if (ra_msg->icmph.icmp6_hop_limit) { 1193 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit; 1194 if (rt) 1195 dst_metric_set(&rt->dst, RTAX_HOPLIMIT, 1196 ra_msg->icmph.icmp6_hop_limit); 1197 } 1198 1199skip_defrtr: 1200 1201 /* 1202 * Update Reachable Time and Retrans Timer 1203 */ 1204 1205 if (in6_dev->nd_parms) { 1206 unsigned long rtime = ntohl(ra_msg->retrans_timer); 1207 1208 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) { 1209 rtime = (rtime*HZ)/1000; 1210 if (rtime < HZ/10) 1211 rtime = HZ/10; 1212 in6_dev->nd_parms->retrans_time = rtime; 1213 in6_dev->tstamp = jiffies; 1214 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev); 1215 } 1216 1217 rtime = ntohl(ra_msg->reachable_time); 1218 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) { 1219 rtime = (rtime*HZ)/1000; 1220 1221 if (rtime < HZ/10) 1222 rtime = HZ/10; 1223 1224 if (rtime != in6_dev->nd_parms->base_reachable_time) { 1225 in6_dev->nd_parms->base_reachable_time = rtime; 1226 in6_dev->nd_parms->gc_staletime = 3 * rtime; 1227 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime); 1228 in6_dev->tstamp = jiffies; 1229 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev); 1230 } 1231 } 1232 } 1233 1234skip_linkparms: 1235 1236 /* 1237 * Process options. 1238 */ 1239 1240 if (!neigh) 1241 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr, 1242 skb->dev, 1); 1243 if (neigh) { 1244 u8 *lladdr = NULL; 1245 if (ndopts.nd_opts_src_lladdr) { 1246 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, 1247 skb->dev); 1248 if (!lladdr) { 1249 ND_PRINTK(2, warn, 1250 "RA: invalid link-layer address length\n"); 1251 goto out; 1252 } 1253 } 1254 neigh_update(neigh, lladdr, NUD_STALE, 1255 NEIGH_UPDATE_F_WEAK_OVERRIDE| 1256 NEIGH_UPDATE_F_OVERRIDE| 1257 NEIGH_UPDATE_F_OVERRIDE_ISROUTER| 1258 NEIGH_UPDATE_F_ISROUTER); 1259 } 1260 1261 if (!ipv6_accept_ra(in6_dev)) 1262 goto out; 1263 1264#ifdef CONFIG_IPV6_ROUTE_INFO 1265 if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0)) 1266 goto skip_routeinfo; 1267 1268 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) { 1269 struct nd_opt_hdr *p; 1270 for (p = ndopts.nd_opts_ri; 1271 p; 1272 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) { 1273 struct route_info *ri = (struct route_info *)p; 1274#ifdef CONFIG_IPV6_NDISC_NODETYPE 1275 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT && 1276 ri->prefix_len == 0) 1277 continue; 1278#endif 1279 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen) 1280 continue; 1281 rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3, 1282 &ipv6_hdr(skb)->saddr); 1283 } 1284 } 1285 1286skip_routeinfo: 1287#endif 1288 1289#ifdef CONFIG_IPV6_NDISC_NODETYPE 1290 /* skip link-specific ndopts from interior routers */ 1291 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) 1292 goto out; 1293#endif 1294 1295 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) { 1296 struct nd_opt_hdr *p; 1297 for (p = ndopts.nd_opts_pi; 1298 p; 1299 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) { 1300 addrconf_prefix_rcv(skb->dev, (u8 *)p, 1301 (p->nd_opt_len) << 3, 1302 ndopts.nd_opts_src_lladdr != NULL); 1303 } 1304 } 1305 1306 if (ndopts.nd_opts_mtu) { 1307 __be32 n; 1308 u32 mtu; 1309 1310 memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu)); 1311 mtu = ntohl(n); 1312 1313 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) { 1314 ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu); 1315 } else if (in6_dev->cnf.mtu6 != mtu) { 1316 in6_dev->cnf.mtu6 = mtu; 1317 1318 if (rt) 1319 dst_metric_set(&rt->dst, RTAX_MTU, mtu); 1320 1321 rt6_mtu_change(skb->dev, mtu); 1322 } 1323 } 1324 1325 if (ndopts.nd_useropts) { 1326 struct nd_opt_hdr *p; 1327 for (p = ndopts.nd_useropts; 1328 p; 1329 p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) { 1330 ndisc_ra_useropt(skb, p); 1331 } 1332 } 1333 1334 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) { 1335 ND_PRINTK(2, warn, "RA: invalid RA options\n"); 1336 } 1337out: 1338 ip6_rt_put(rt); 1339 if (neigh) 1340 neigh_release(neigh); 1341} 1342 1343static void ndisc_redirect_rcv(struct sk_buff *skb) 1344{ 1345 u8 *hdr; 1346 struct ndisc_options ndopts; 1347 struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb); 1348 u32 ndoptlen = skb->tail - (skb->transport_header + 1349 offsetof(struct rd_msg, opt)); 1350 1351#ifdef CONFIG_IPV6_NDISC_NODETYPE 1352 switch (skb->ndisc_nodetype) { 1353 case NDISC_NODETYPE_HOST: 1354 case NDISC_NODETYPE_NODEFAULT: 1355 ND_PRINTK(2, warn, 1356 "Redirect: from host or unauthorized router\n"); 1357 return; 1358 } 1359#endif 1360 1361 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) { 1362 ND_PRINTK(2, warn, 1363 "Redirect: source address is not link-local\n"); 1364 return; 1365 } 1366 1367 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) 1368 return; 1369 1370 if (!ndopts.nd_opts_rh) 1371 return; 1372 1373 hdr = (u8 *)ndopts.nd_opts_rh; 1374 hdr += 8; 1375 if (!pskb_pull(skb, hdr - skb_transport_header(skb))) 1376 return; 1377 1378 icmpv6_notify(skb, NDISC_REDIRECT, 0, 0); 1379} 1380 1381static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb, 1382 struct sk_buff *orig_skb, 1383 int rd_len) 1384{ 1385 u8 *opt = skb_put(skb, rd_len); 1386 1387 memset(opt, 0, 8); 1388 *(opt++) = ND_OPT_REDIRECT_HDR; 1389 *(opt++) = (rd_len >> 3); 1390 opt += 6; 1391 1392 memcpy(opt, ipv6_hdr(orig_skb), rd_len - 8); 1393} 1394 1395void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target) 1396{ 1397 struct net_device *dev = skb->dev; 1398 struct net *net = dev_net(dev); 1399 struct sock *sk = net->ipv6.ndisc_sk; 1400 int optlen = 0; 1401 struct inet_peer *peer; 1402 struct sk_buff *buff; 1403 struct rd_msg *msg; 1404 struct in6_addr saddr_buf; 1405 struct rt6_info *rt; 1406 struct dst_entry *dst; 1407 struct inet6_dev *idev; 1408 struct flowi6 fl6; 1409 int rd_len; 1410 int err; 1411 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL; 1412 bool ret; 1413 1414 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) { 1415 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n", 1416 dev->name); 1417 return; 1418 } 1419 1420 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) && 1421 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) { 1422 ND_PRINTK(2, warn, 1423 "Redirect: target address is not link-local unicast\n"); 1424 return; 1425 } 1426 1427 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT, 1428 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex); 1429 1430 dst = ip6_route_output(net, NULL, &fl6); 1431 if (dst->error) { 1432 dst_release(dst); 1433 return; 1434 } 1435 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0); 1436 if (IS_ERR(dst)) 1437 return; 1438 1439 rt = (struct rt6_info *) dst; 1440 1441 if (rt->rt6i_flags & RTF_GATEWAY) { 1442 ND_PRINTK(2, warn, 1443 "Redirect: destination is not a neighbour\n"); 1444 goto release; 1445 } 1446 peer = inet_getpeer_v6(net->ipv6.peers, &rt->rt6i_dst.addr, 1); 1447 ret = inet_peer_xrlim_allow(peer, 1*HZ); 1448 if (peer) 1449 inet_putpeer(peer); 1450 if (!ret) 1451 goto release; 1452 1453 if (dev->addr_len) { 1454 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target); 1455 if (!neigh) { 1456 ND_PRINTK(2, warn, 1457 "Redirect: no neigh for target address\n"); 1458 goto release; 1459 } 1460 1461 read_lock_bh(&neigh->lock); 1462 if (neigh->nud_state & NUD_VALID) { 1463 memcpy(ha_buf, neigh->ha, dev->addr_len); 1464 read_unlock_bh(&neigh->lock); 1465 ha = ha_buf; 1466 optlen += ndisc_opt_addr_space(dev); 1467 } else 1468 read_unlock_bh(&neigh->lock); 1469 1470 neigh_release(neigh); 1471 } 1472 1473 rd_len = min_t(unsigned int, 1474 IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen, 1475 skb->len + 8); 1476 rd_len &= ~0x7; 1477 optlen += rd_len; 1478 1479 buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen); 1480 if (!buff) 1481 goto release; 1482 1483 skb_put(buff, sizeof(*msg)); 1484 msg = (struct rd_msg *)icmp6_hdr(buff); 1485 1486 memset(&msg->icmph, 0, sizeof(struct icmp6hdr)); 1487 msg->icmph.icmp6_type = NDISC_REDIRECT; 1488 1489 /* 1490 * copy target and destination addresses 1491 */ 1492 1493 msg->target = *target; 1494 msg->dest = ipv6_hdr(skb)->daddr; 1495 1496 /* 1497 * include target_address option 1498 */ 1499 1500 if (ha) 1501 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR, ha); 1502 1503 /* 1504 * build redirect option and copy skb over to the new packet. 1505 */ 1506 1507 if (rd_len) 1508 ndisc_fill_redirect_hdr_option(buff, skb, rd_len); 1509 1510 msg->icmph.icmp6_cksum = csum_ipv6_magic(&saddr_buf, &ipv6_hdr(skb)->saddr, 1511 buff->len, IPPROTO_ICMPV6, 1512 csum_partial(msg, buff->len, 0)); 1513 1514 ip6_nd_hdr(buff, &saddr_buf, &ipv6_hdr(skb)->saddr, 1515 inet6_sk(sk)->hop_limit, buff->len); 1516 1517 skb_dst_set(buff, dst); 1518 rcu_read_lock(); 1519 idev = __in6_dev_get(dst->dev); 1520 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len); 1521 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, buff, NULL, dst->dev, 1522 dst_output); 1523 if (!err) { 1524 ICMP6MSGOUT_INC_STATS(net, idev, NDISC_REDIRECT); 1525 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS); 1526 } 1527 1528 rcu_read_unlock(); 1529 return; 1530 1531release: 1532 dst_release(dst); 1533} 1534 1535static void pndisc_redo(struct sk_buff *skb) 1536{ 1537 ndisc_recv_ns(skb); 1538 kfree_skb(skb); 1539} 1540 1541int ndisc_rcv(struct sk_buff *skb) 1542{ 1543 struct nd_msg *msg; 1544 1545 if (skb_linearize(skb)) 1546 return 0; 1547 1548 msg = (struct nd_msg *)skb_transport_header(skb); 1549 1550 __skb_push(skb, skb->data - skb_transport_header(skb)); 1551 1552 if (ipv6_hdr(skb)->hop_limit != 255) { 1553 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n", 1554 ipv6_hdr(skb)->hop_limit); 1555 return 0; 1556 } 1557 1558 if (msg->icmph.icmp6_code != 0) { 1559 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n", 1560 msg->icmph.icmp6_code); 1561 return 0; 1562 } 1563 1564 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb)); 1565 1566 switch (msg->icmph.icmp6_type) { 1567 case NDISC_NEIGHBOUR_SOLICITATION: 1568 ndisc_recv_ns(skb); 1569 break; 1570 1571 case NDISC_NEIGHBOUR_ADVERTISEMENT: 1572 ndisc_recv_na(skb); 1573 break; 1574 1575 case NDISC_ROUTER_SOLICITATION: 1576 ndisc_recv_rs(skb); 1577 break; 1578 1579 case NDISC_ROUTER_ADVERTISEMENT: 1580 ndisc_router_discovery(skb); 1581 break; 1582 1583 case NDISC_REDIRECT: 1584 ndisc_redirect_rcv(skb); 1585 break; 1586 } 1587 1588 return 0; 1589} 1590 1591static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr) 1592{ 1593 struct net_device *dev = ptr; 1594 struct net *net = dev_net(dev); 1595 struct inet6_dev *idev; 1596 1597 switch (event) { 1598 case NETDEV_CHANGEADDR: 1599 neigh_changeaddr(&nd_tbl, dev); 1600 fib6_run_gc(~0UL, net); 1601 idev = in6_dev_get(dev); 1602 if (!idev) 1603 break; 1604 if (idev->cnf.ndisc_notify) 1605 ndisc_send_unsol_na(dev); 1606 in6_dev_put(idev); 1607 break; 1608 case NETDEV_DOWN: 1609 neigh_ifdown(&nd_tbl, dev); 1610 fib6_run_gc(~0UL, net); 1611 break; 1612 case NETDEV_NOTIFY_PEERS: 1613 ndisc_send_unsol_na(dev); 1614 break; 1615 default: 1616 break; 1617 } 1618 1619 return NOTIFY_DONE; 1620} 1621 1622static struct notifier_block ndisc_netdev_notifier = { 1623 .notifier_call = ndisc_netdev_event, 1624}; 1625 1626#ifdef CONFIG_SYSCTL 1627static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl, 1628 const char *func, const char *dev_name) 1629{ 1630 static char warncomm[TASK_COMM_LEN]; 1631 static int warned; 1632 if (strcmp(warncomm, current->comm) && warned < 5) { 1633 strcpy(warncomm, current->comm); 1634 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n", 1635 warncomm, func, 1636 dev_name, ctl->procname, 1637 dev_name, ctl->procname); 1638 warned++; 1639 } 1640} 1641 1642int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos) 1643{ 1644 struct net_device *dev = ctl->extra1; 1645 struct inet6_dev *idev; 1646 int ret; 1647 1648 if ((strcmp(ctl->procname, "retrans_time") == 0) || 1649 (strcmp(ctl->procname, "base_reachable_time") == 0)) 1650 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default"); 1651 1652 if (strcmp(ctl->procname, "retrans_time") == 0) 1653 ret = proc_dointvec(ctl, write, buffer, lenp, ppos); 1654 1655 else if (strcmp(ctl->procname, "base_reachable_time") == 0) 1656 ret = proc_dointvec_jiffies(ctl, write, 1657 buffer, lenp, ppos); 1658 1659 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) || 1660 (strcmp(ctl->procname, "base_reachable_time_ms") == 0)) 1661 ret = proc_dointvec_ms_jiffies(ctl, write, 1662 buffer, lenp, ppos); 1663 else 1664 ret = -1; 1665 1666 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) { 1667 if (ctl->data == &idev->nd_parms->base_reachable_time) 1668 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time); 1669 idev->tstamp = jiffies; 1670 inet6_ifinfo_notify(RTM_NEWLINK, idev); 1671 in6_dev_put(idev); 1672 } 1673 return ret; 1674} 1675 1676 1677#endif 1678 1679static int __net_init ndisc_net_init(struct net *net) 1680{ 1681 struct ipv6_pinfo *np; 1682 struct sock *sk; 1683 int err; 1684 1685 err = inet_ctl_sock_create(&sk, PF_INET6, 1686 SOCK_RAW, IPPROTO_ICMPV6, net); 1687 if (err < 0) { 1688 ND_PRINTK(0, err, 1689 "NDISC: Failed to initialize the control socket (err %d)\n", 1690 err); 1691 return err; 1692 } 1693 1694 net->ipv6.ndisc_sk = sk; 1695 1696 np = inet6_sk(sk); 1697 np->hop_limit = 255; 1698 /* Do not loopback ndisc messages */ 1699 np->mc_loop = 0; 1700 1701 return 0; 1702} 1703 1704static void __net_exit ndisc_net_exit(struct net *net) 1705{ 1706 inet_ctl_sock_destroy(net->ipv6.ndisc_sk); 1707} 1708 1709static struct pernet_operations ndisc_net_ops = { 1710 .init = ndisc_net_init, 1711 .exit = ndisc_net_exit, 1712}; 1713 1714int __init ndisc_init(void) 1715{ 1716 int err; 1717 1718 err = register_pernet_subsys(&ndisc_net_ops); 1719 if (err) 1720 return err; 1721 /* 1722 * Initialize the neighbour table 1723 */ 1724 neigh_table_init(&nd_tbl); 1725 1726#ifdef CONFIG_SYSCTL 1727 err = neigh_sysctl_register(NULL, &nd_tbl.parms, "ipv6", 1728 &ndisc_ifinfo_sysctl_change); 1729 if (err) 1730 goto out_unregister_pernet; 1731#endif 1732 err = register_netdevice_notifier(&ndisc_netdev_notifier); 1733 if (err) 1734 goto out_unregister_sysctl; 1735out: 1736 return err; 1737 1738out_unregister_sysctl: 1739#ifdef CONFIG_SYSCTL 1740 neigh_sysctl_unregister(&nd_tbl.parms); 1741out_unregister_pernet: 1742#endif 1743 unregister_pernet_subsys(&ndisc_net_ops); 1744 goto out; 1745} 1746 1747void ndisc_cleanup(void) 1748{ 1749 unregister_netdevice_notifier(&ndisc_netdev_notifier); 1750#ifdef CONFIG_SYSCTL 1751 neigh_sysctl_unregister(&nd_tbl.parms); 1752#endif 1753 neigh_table_clear(&nd_tbl); 1754 unregister_pernet_subsys(&ndisc_net_ops); 1755} 1756