ndisc.c revision 62dd93181aaa1d5a501a9cebcb254f44b8a48af7
1/* 2 * Neighbour Discovery for IPv6 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * Mike Shaver <shaver@ingenia.com> 8 * 9 * This program is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU General Public License 11 * as published by the Free Software Foundation; either version 12 * 2 of the License, or (at your option) any later version. 13 */ 14 15/* 16 * Changes: 17 * 18 * Lars Fenneberg : fixed MTU setting on receipt 19 * of an RA. 20 * 21 * Janos Farkas : kmalloc failure checks 22 * Alexey Kuznetsov : state machine reworked 23 * and moved to net/core. 24 * Pekka Savola : RFC2461 validation 25 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly 26 */ 27 28/* Set to 3 to get tracing... */ 29#define ND_DEBUG 1 30 31#define ND_PRINTK(fmt, args...) do { if (net_ratelimit()) { printk(fmt, ## args); } } while(0) 32#define ND_NOPRINTK(x...) do { ; } while(0) 33#define ND_PRINTK0 ND_PRINTK 34#define ND_PRINTK1 ND_NOPRINTK 35#define ND_PRINTK2 ND_NOPRINTK 36#define ND_PRINTK3 ND_NOPRINTK 37#if ND_DEBUG >= 1 38#undef ND_PRINTK1 39#define ND_PRINTK1 ND_PRINTK 40#endif 41#if ND_DEBUG >= 2 42#undef ND_PRINTK2 43#define ND_PRINTK2 ND_PRINTK 44#endif 45#if ND_DEBUG >= 3 46#undef ND_PRINTK3 47#define ND_PRINTK3 ND_PRINTK 48#endif 49 50#include <linux/module.h> 51#include <linux/errno.h> 52#include <linux/types.h> 53#include <linux/socket.h> 54#include <linux/sockios.h> 55#include <linux/sched.h> 56#include <linux/net.h> 57#include <linux/in6.h> 58#include <linux/route.h> 59#include <linux/init.h> 60#include <linux/rcupdate.h> 61#ifdef CONFIG_SYSCTL 62#include <linux/sysctl.h> 63#endif 64 65#include <linux/if_addr.h> 66#include <linux/if_arp.h> 67#include <linux/ipv6.h> 68#include <linux/icmpv6.h> 69#include <linux/jhash.h> 70 71#include <net/sock.h> 72#include <net/snmp.h> 73 74#include <net/ipv6.h> 75#include <net/protocol.h> 76#include <net/ndisc.h> 77#include <net/ip6_route.h> 78#include <net/addrconf.h> 79#include <net/icmp.h> 80 81#include <net/flow.h> 82#include <net/ip6_checksum.h> 83#include <linux/proc_fs.h> 84 85#include <linux/netfilter.h> 86#include <linux/netfilter_ipv6.h> 87 88static struct socket *ndisc_socket; 89 90static u32 ndisc_hash(const void *pkey, const struct net_device *dev); 91static int ndisc_constructor(struct neighbour *neigh); 92static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb); 93static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb); 94static int pndisc_constructor(struct pneigh_entry *n); 95static void pndisc_destructor(struct pneigh_entry *n); 96static void pndisc_redo(struct sk_buff *skb); 97 98static struct neigh_ops ndisc_generic_ops = { 99 .family = AF_INET6, 100 .solicit = ndisc_solicit, 101 .error_report = ndisc_error_report, 102 .output = neigh_resolve_output, 103 .connected_output = neigh_connected_output, 104 .hh_output = dev_queue_xmit, 105 .queue_xmit = dev_queue_xmit, 106}; 107 108static struct neigh_ops ndisc_hh_ops = { 109 .family = AF_INET6, 110 .solicit = ndisc_solicit, 111 .error_report = ndisc_error_report, 112 .output = neigh_resolve_output, 113 .connected_output = neigh_resolve_output, 114 .hh_output = dev_queue_xmit, 115 .queue_xmit = dev_queue_xmit, 116}; 117 118 119static struct neigh_ops ndisc_direct_ops = { 120 .family = AF_INET6, 121 .output = dev_queue_xmit, 122 .connected_output = dev_queue_xmit, 123 .hh_output = dev_queue_xmit, 124 .queue_xmit = dev_queue_xmit, 125}; 126 127struct neigh_table nd_tbl = { 128 .family = AF_INET6, 129 .entry_size = sizeof(struct neighbour) + sizeof(struct in6_addr), 130 .key_len = sizeof(struct in6_addr), 131 .hash = ndisc_hash, 132 .constructor = ndisc_constructor, 133 .pconstructor = pndisc_constructor, 134 .pdestructor = pndisc_destructor, 135 .proxy_redo = pndisc_redo, 136 .id = "ndisc_cache", 137 .parms = { 138 .tbl = &nd_tbl, 139 .base_reachable_time = 30 * HZ, 140 .retrans_time = 1 * HZ, 141 .gc_staletime = 60 * HZ, 142 .reachable_time = 30 * HZ, 143 .delay_probe_time = 5 * HZ, 144 .queue_len = 3, 145 .ucast_probes = 3, 146 .mcast_probes = 3, 147 .anycast_delay = 1 * HZ, 148 .proxy_delay = (8 * HZ) / 10, 149 .proxy_qlen = 64, 150 }, 151 .gc_interval = 30 * HZ, 152 .gc_thresh1 = 128, 153 .gc_thresh2 = 512, 154 .gc_thresh3 = 1024, 155}; 156 157/* ND options */ 158struct ndisc_options { 159 struct nd_opt_hdr *nd_opt_array[__ND_OPT_ARRAY_MAX]; 160#ifdef CONFIG_IPV6_ROUTE_INFO 161 struct nd_opt_hdr *nd_opts_ri; 162 struct nd_opt_hdr *nd_opts_ri_end; 163#endif 164}; 165 166#define nd_opts_src_lladdr nd_opt_array[ND_OPT_SOURCE_LL_ADDR] 167#define nd_opts_tgt_lladdr nd_opt_array[ND_OPT_TARGET_LL_ADDR] 168#define nd_opts_pi nd_opt_array[ND_OPT_PREFIX_INFO] 169#define nd_opts_pi_end nd_opt_array[__ND_OPT_PREFIX_INFO_END] 170#define nd_opts_rh nd_opt_array[ND_OPT_REDIRECT_HDR] 171#define nd_opts_mtu nd_opt_array[ND_OPT_MTU] 172 173#define NDISC_OPT_SPACE(len) (((len)+2+7)&~7) 174 175/* 176 * Return the padding between the option length and the start of the 177 * link addr. Currently only IP-over-InfiniBand needs this, although 178 * if RFC 3831 IPv6-over-Fibre Channel is ever implemented it may 179 * also need a pad of 2. 180 */ 181static int ndisc_addr_option_pad(unsigned short type) 182{ 183 switch (type) { 184 case ARPHRD_INFINIBAND: return 2; 185 default: return 0; 186 } 187} 188 189static inline int ndisc_opt_addr_space(struct net_device *dev) 190{ 191 return NDISC_OPT_SPACE(dev->addr_len + ndisc_addr_option_pad(dev->type)); 192} 193 194static u8 *ndisc_fill_addr_option(u8 *opt, int type, void *data, int data_len, 195 unsigned short addr_type) 196{ 197 int space = NDISC_OPT_SPACE(data_len); 198 int pad = ndisc_addr_option_pad(addr_type); 199 200 opt[0] = type; 201 opt[1] = space>>3; 202 203 memset(opt + 2, 0, pad); 204 opt += pad; 205 space -= pad; 206 207 memcpy(opt+2, data, data_len); 208 data_len += 2; 209 opt += data_len; 210 if ((space -= data_len) > 0) 211 memset(opt, 0, space); 212 return opt + space; 213} 214 215static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur, 216 struct nd_opt_hdr *end) 217{ 218 int type; 219 if (!cur || !end || cur >= end) 220 return NULL; 221 type = cur->nd_opt_type; 222 do { 223 cur = ((void *)cur) + (cur->nd_opt_len << 3); 224 } while(cur < end && cur->nd_opt_type != type); 225 return (cur <= end && cur->nd_opt_type == type ? cur : NULL); 226} 227 228static struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len, 229 struct ndisc_options *ndopts) 230{ 231 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt; 232 233 if (!nd_opt || opt_len < 0 || !ndopts) 234 return NULL; 235 memset(ndopts, 0, sizeof(*ndopts)); 236 while (opt_len) { 237 int l; 238 if (opt_len < sizeof(struct nd_opt_hdr)) 239 return NULL; 240 l = nd_opt->nd_opt_len << 3; 241 if (opt_len < l || l == 0) 242 return NULL; 243 switch (nd_opt->nd_opt_type) { 244 case ND_OPT_SOURCE_LL_ADDR: 245 case ND_OPT_TARGET_LL_ADDR: 246 case ND_OPT_MTU: 247 case ND_OPT_REDIRECT_HDR: 248 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) { 249 ND_PRINTK2(KERN_WARNING 250 "%s(): duplicated ND6 option found: type=%d\n", 251 __FUNCTION__, 252 nd_opt->nd_opt_type); 253 } else { 254 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 255 } 256 break; 257 case ND_OPT_PREFIX_INFO: 258 ndopts->nd_opts_pi_end = nd_opt; 259 if (ndopts->nd_opt_array[nd_opt->nd_opt_type] == 0) 260 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 261 break; 262#ifdef CONFIG_IPV6_ROUTE_INFO 263 case ND_OPT_ROUTE_INFO: 264 ndopts->nd_opts_ri_end = nd_opt; 265 if (!ndopts->nd_opts_ri) 266 ndopts->nd_opts_ri = nd_opt; 267 break; 268#endif 269 default: 270 /* 271 * Unknown options must be silently ignored, 272 * to accommodate future extension to the protocol. 273 */ 274 ND_PRINTK2(KERN_NOTICE 275 "%s(): ignored unsupported option; type=%d, len=%d\n", 276 __FUNCTION__, 277 nd_opt->nd_opt_type, nd_opt->nd_opt_len); 278 } 279 opt_len -= l; 280 nd_opt = ((void *)nd_opt) + l; 281 } 282 return ndopts; 283} 284 285static inline u8 *ndisc_opt_addr_data(struct nd_opt_hdr *p, 286 struct net_device *dev) 287{ 288 u8 *lladdr = (u8 *)(p + 1); 289 int lladdrlen = p->nd_opt_len << 3; 290 int prepad = ndisc_addr_option_pad(dev->type); 291 if (lladdrlen != NDISC_OPT_SPACE(dev->addr_len + prepad)) 292 return NULL; 293 return (lladdr + prepad); 294} 295 296int ndisc_mc_map(struct in6_addr *addr, char *buf, struct net_device *dev, int dir) 297{ 298 switch (dev->type) { 299 case ARPHRD_ETHER: 300 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */ 301 case ARPHRD_FDDI: 302 ipv6_eth_mc_map(addr, buf); 303 return 0; 304 case ARPHRD_IEEE802_TR: 305 ipv6_tr_mc_map(addr,buf); 306 return 0; 307 case ARPHRD_ARCNET: 308 ipv6_arcnet_mc_map(addr, buf); 309 return 0; 310 case ARPHRD_INFINIBAND: 311 ipv6_ib_mc_map(addr, buf); 312 return 0; 313 default: 314 if (dir) { 315 memcpy(buf, dev->broadcast, dev->addr_len); 316 return 0; 317 } 318 } 319 return -EINVAL; 320} 321 322static u32 ndisc_hash(const void *pkey, const struct net_device *dev) 323{ 324 const u32 *p32 = pkey; 325 u32 addr_hash, i; 326 327 addr_hash = 0; 328 for (i = 0; i < (sizeof(struct in6_addr) / sizeof(u32)); i++) 329 addr_hash ^= *p32++; 330 331 return jhash_2words(addr_hash, dev->ifindex, nd_tbl.hash_rnd); 332} 333 334static int ndisc_constructor(struct neighbour *neigh) 335{ 336 struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key; 337 struct net_device *dev = neigh->dev; 338 struct inet6_dev *in6_dev; 339 struct neigh_parms *parms; 340 int is_multicast = ipv6_addr_is_multicast(addr); 341 342 rcu_read_lock(); 343 in6_dev = in6_dev_get(dev); 344 if (in6_dev == NULL) { 345 rcu_read_unlock(); 346 return -EINVAL; 347 } 348 349 parms = in6_dev->nd_parms; 350 __neigh_parms_put(neigh->parms); 351 neigh->parms = neigh_parms_clone(parms); 352 rcu_read_unlock(); 353 354 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST; 355 if (dev->hard_header == NULL) { 356 neigh->nud_state = NUD_NOARP; 357 neigh->ops = &ndisc_direct_ops; 358 neigh->output = neigh->ops->queue_xmit; 359 } else { 360 if (is_multicast) { 361 neigh->nud_state = NUD_NOARP; 362 ndisc_mc_map(addr, neigh->ha, dev, 1); 363 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) { 364 neigh->nud_state = NUD_NOARP; 365 memcpy(neigh->ha, dev->dev_addr, dev->addr_len); 366 if (dev->flags&IFF_LOOPBACK) 367 neigh->type = RTN_LOCAL; 368 } else if (dev->flags&IFF_POINTOPOINT) { 369 neigh->nud_state = NUD_NOARP; 370 memcpy(neigh->ha, dev->broadcast, dev->addr_len); 371 } 372 if (dev->hard_header_cache) 373 neigh->ops = &ndisc_hh_ops; 374 else 375 neigh->ops = &ndisc_generic_ops; 376 if (neigh->nud_state&NUD_VALID) 377 neigh->output = neigh->ops->connected_output; 378 else 379 neigh->output = neigh->ops->output; 380 } 381 in6_dev_put(in6_dev); 382 return 0; 383} 384 385static int pndisc_constructor(struct pneigh_entry *n) 386{ 387 struct in6_addr *addr = (struct in6_addr*)&n->key; 388 struct in6_addr maddr; 389 struct net_device *dev = n->dev; 390 391 if (dev == NULL || __in6_dev_get(dev) == NULL) 392 return -EINVAL; 393 addrconf_addr_solict_mult(addr, &maddr); 394 ipv6_dev_mc_inc(dev, &maddr); 395 return 0; 396} 397 398static void pndisc_destructor(struct pneigh_entry *n) 399{ 400 struct in6_addr *addr = (struct in6_addr*)&n->key; 401 struct in6_addr maddr; 402 struct net_device *dev = n->dev; 403 404 if (dev == NULL || __in6_dev_get(dev) == NULL) 405 return; 406 addrconf_addr_solict_mult(addr, &maddr); 407 ipv6_dev_mc_dec(dev, &maddr); 408} 409 410/* 411 * Send a Neighbour Advertisement 412 */ 413 414static inline void ndisc_flow_init(struct flowi *fl, u8 type, 415 struct in6_addr *saddr, struct in6_addr *daddr, 416 int oif) 417{ 418 memset(fl, 0, sizeof(*fl)); 419 ipv6_addr_copy(&fl->fl6_src, saddr); 420 ipv6_addr_copy(&fl->fl6_dst, daddr); 421 fl->proto = IPPROTO_ICMPV6; 422 fl->fl_icmp_type = type; 423 fl->fl_icmp_code = 0; 424 fl->oif = oif; 425 security_sk_classify_flow(ndisc_socket->sk, fl); 426} 427 428static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh, 429 struct in6_addr *daddr, struct in6_addr *solicited_addr, 430 int router, int solicited, int override, int inc_opt) 431{ 432 struct in6_addr tmpaddr; 433 struct inet6_ifaddr *ifp; 434 struct inet6_dev *idev; 435 struct flowi fl; 436 struct dst_entry* dst; 437 struct sock *sk = ndisc_socket->sk; 438 struct in6_addr *src_addr; 439 struct nd_msg *msg; 440 int len; 441 struct sk_buff *skb; 442 int err; 443 444 len = sizeof(struct icmp6hdr) + sizeof(struct in6_addr); 445 446 /* for anycast or proxy, solicited_addr != src_addr */ 447 ifp = ipv6_get_ifaddr(solicited_addr, dev, 1); 448 if (ifp) { 449 src_addr = solicited_addr; 450 in6_ifa_put(ifp); 451 } else { 452 if (ipv6_dev_get_saddr(dev, daddr, &tmpaddr)) 453 return; 454 src_addr = &tmpaddr; 455 } 456 457 ndisc_flow_init(&fl, NDISC_NEIGHBOUR_ADVERTISEMENT, src_addr, daddr, 458 dev->ifindex); 459 460 dst = ndisc_dst_alloc(dev, neigh, daddr, ip6_output); 461 if (!dst) 462 return; 463 464 err = xfrm_lookup(&dst, &fl, NULL, 0); 465 if (err < 0) 466 return; 467 468 if (inc_opt) { 469 if (dev->addr_len) 470 len += ndisc_opt_addr_space(dev); 471 else 472 inc_opt = 0; 473 } 474 475 skb = sock_alloc_send_skb(sk, MAX_HEADER + len + LL_RESERVED_SPACE(dev), 476 1, &err); 477 478 if (skb == NULL) { 479 ND_PRINTK0(KERN_ERR 480 "ICMPv6 NA: %s() failed to allocate an skb.\n", 481 __FUNCTION__); 482 dst_release(dst); 483 return; 484 } 485 486 skb_reserve(skb, LL_RESERVED_SPACE(dev)); 487 ip6_nd_hdr(sk, skb, dev, src_addr, daddr, IPPROTO_ICMPV6, len); 488 489 msg = (struct nd_msg *)skb_put(skb, len); 490 skb->h.raw = (unsigned char*)msg; 491 492 msg->icmph.icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT; 493 msg->icmph.icmp6_code = 0; 494 msg->icmph.icmp6_cksum = 0; 495 496 msg->icmph.icmp6_unused = 0; 497 msg->icmph.icmp6_router = router; 498 msg->icmph.icmp6_solicited = solicited; 499 msg->icmph.icmp6_override = !!override; 500 501 /* Set the target address. */ 502 ipv6_addr_copy(&msg->target, solicited_addr); 503 504 if (inc_opt) 505 ndisc_fill_addr_option(msg->opt, ND_OPT_TARGET_LL_ADDR, dev->dev_addr, 506 dev->addr_len, dev->type); 507 508 /* checksum */ 509 msg->icmph.icmp6_cksum = csum_ipv6_magic(src_addr, daddr, len, 510 IPPROTO_ICMPV6, 511 csum_partial((__u8 *) msg, 512 len, 0)); 513 514 skb->dst = dst; 515 idev = in6_dev_get(dst->dev); 516 IP6_INC_STATS(IPSTATS_MIB_OUTREQUESTS); 517 err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, dst_output); 518 if (!err) { 519 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTNEIGHBORADVERTISEMENTS); 520 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS); 521 } 522 523 if (likely(idev != NULL)) 524 in6_dev_put(idev); 525} 526 527void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh, 528 struct in6_addr *solicit, 529 struct in6_addr *daddr, struct in6_addr *saddr) 530{ 531 struct flowi fl; 532 struct dst_entry* dst; 533 struct inet6_dev *idev; 534 struct sock *sk = ndisc_socket->sk; 535 struct sk_buff *skb; 536 struct nd_msg *msg; 537 struct in6_addr addr_buf; 538 int len; 539 int err; 540 int send_llinfo; 541 542 if (saddr == NULL) { 543 if (ipv6_get_lladdr(dev, &addr_buf)) 544 return; 545 saddr = &addr_buf; 546 } 547 548 ndisc_flow_init(&fl, NDISC_NEIGHBOUR_SOLICITATION, saddr, daddr, 549 dev->ifindex); 550 551 dst = ndisc_dst_alloc(dev, neigh, daddr, ip6_output); 552 if (!dst) 553 return; 554 555 err = xfrm_lookup(&dst, &fl, NULL, 0); 556 if (err < 0) 557 return; 558 559 len = sizeof(struct icmp6hdr) + sizeof(struct in6_addr); 560 send_llinfo = dev->addr_len && !ipv6_addr_any(saddr); 561 if (send_llinfo) 562 len += ndisc_opt_addr_space(dev); 563 564 skb = sock_alloc_send_skb(sk, MAX_HEADER + len + LL_RESERVED_SPACE(dev), 565 1, &err); 566 if (skb == NULL) { 567 ND_PRINTK0(KERN_ERR 568 "ICMPv6 NA: %s() failed to allocate an skb.\n", 569 __FUNCTION__); 570 dst_release(dst); 571 return; 572 } 573 574 skb_reserve(skb, LL_RESERVED_SPACE(dev)); 575 ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len); 576 577 msg = (struct nd_msg *)skb_put(skb, len); 578 skb->h.raw = (unsigned char*)msg; 579 msg->icmph.icmp6_type = NDISC_NEIGHBOUR_SOLICITATION; 580 msg->icmph.icmp6_code = 0; 581 msg->icmph.icmp6_cksum = 0; 582 msg->icmph.icmp6_unused = 0; 583 584 /* Set the target address. */ 585 ipv6_addr_copy(&msg->target, solicit); 586 587 if (send_llinfo) 588 ndisc_fill_addr_option(msg->opt, ND_OPT_SOURCE_LL_ADDR, dev->dev_addr, 589 dev->addr_len, dev->type); 590 591 /* checksum */ 592 msg->icmph.icmp6_cksum = csum_ipv6_magic(&skb->nh.ipv6h->saddr, 593 daddr, len, 594 IPPROTO_ICMPV6, 595 csum_partial((__u8 *) msg, 596 len, 0)); 597 /* send it! */ 598 skb->dst = dst; 599 idev = in6_dev_get(dst->dev); 600 IP6_INC_STATS(IPSTATS_MIB_OUTREQUESTS); 601 err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, dst_output); 602 if (!err) { 603 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTNEIGHBORSOLICITS); 604 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS); 605 } 606 607 if (likely(idev != NULL)) 608 in6_dev_put(idev); 609} 610 611void ndisc_send_rs(struct net_device *dev, struct in6_addr *saddr, 612 struct in6_addr *daddr) 613{ 614 struct flowi fl; 615 struct dst_entry* dst; 616 struct inet6_dev *idev; 617 struct sock *sk = ndisc_socket->sk; 618 struct sk_buff *skb; 619 struct icmp6hdr *hdr; 620 __u8 * opt; 621 int len; 622 int err; 623 624 ndisc_flow_init(&fl, NDISC_ROUTER_SOLICITATION, saddr, daddr, 625 dev->ifindex); 626 627 dst = ndisc_dst_alloc(dev, NULL, daddr, ip6_output); 628 if (!dst) 629 return; 630 631 err = xfrm_lookup(&dst, &fl, NULL, 0); 632 if (err < 0) 633 return; 634 635 len = sizeof(struct icmp6hdr); 636 if (dev->addr_len) 637 len += ndisc_opt_addr_space(dev); 638 639 skb = sock_alloc_send_skb(sk, MAX_HEADER + len + LL_RESERVED_SPACE(dev), 640 1, &err); 641 if (skb == NULL) { 642 ND_PRINTK0(KERN_ERR 643 "ICMPv6 RS: %s() failed to allocate an skb.\n", 644 __FUNCTION__); 645 dst_release(dst); 646 return; 647 } 648 649 skb_reserve(skb, LL_RESERVED_SPACE(dev)); 650 ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len); 651 652 hdr = (struct icmp6hdr *)skb_put(skb, len); 653 skb->h.raw = (unsigned char*)hdr; 654 hdr->icmp6_type = NDISC_ROUTER_SOLICITATION; 655 hdr->icmp6_code = 0; 656 hdr->icmp6_cksum = 0; 657 hdr->icmp6_unused = 0; 658 659 opt = (u8*) (hdr + 1); 660 661 if (dev->addr_len) 662 ndisc_fill_addr_option(opt, ND_OPT_SOURCE_LL_ADDR, dev->dev_addr, 663 dev->addr_len, dev->type); 664 665 /* checksum */ 666 hdr->icmp6_cksum = csum_ipv6_magic(&skb->nh.ipv6h->saddr, daddr, len, 667 IPPROTO_ICMPV6, 668 csum_partial((__u8 *) hdr, len, 0)); 669 670 /* send it! */ 671 skb->dst = dst; 672 idev = in6_dev_get(dst->dev); 673 IP6_INC_STATS(IPSTATS_MIB_OUTREQUESTS); 674 err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, dst_output); 675 if (!err) { 676 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTROUTERSOLICITS); 677 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS); 678 } 679 680 if (likely(idev != NULL)) 681 in6_dev_put(idev); 682} 683 684 685static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb) 686{ 687 /* 688 * "The sender MUST return an ICMP 689 * destination unreachable" 690 */ 691 dst_link_failure(skb); 692 kfree_skb(skb); 693} 694 695/* Called with locked neigh: either read or both */ 696 697static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb) 698{ 699 struct in6_addr *saddr = NULL; 700 struct in6_addr mcaddr; 701 struct net_device *dev = neigh->dev; 702 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key; 703 int probes = atomic_read(&neigh->probes); 704 705 if (skb && ipv6_chk_addr(&skb->nh.ipv6h->saddr, dev, 1)) 706 saddr = &skb->nh.ipv6h->saddr; 707 708 if ((probes -= neigh->parms->ucast_probes) < 0) { 709 if (!(neigh->nud_state & NUD_VALID)) { 710 ND_PRINTK1(KERN_DEBUG 711 "%s(): trying to ucast probe in NUD_INVALID: " 712 NIP6_FMT "\n", 713 __FUNCTION__, 714 NIP6(*target)); 715 } 716 ndisc_send_ns(dev, neigh, target, target, saddr); 717 } else if ((probes -= neigh->parms->app_probes) < 0) { 718#ifdef CONFIG_ARPD 719 neigh_app_ns(neigh); 720#endif 721 } else { 722 addrconf_addr_solict_mult(target, &mcaddr); 723 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr); 724 } 725} 726 727static void ndisc_recv_ns(struct sk_buff *skb) 728{ 729 struct nd_msg *msg = (struct nd_msg *)skb->h.raw; 730 struct in6_addr *saddr = &skb->nh.ipv6h->saddr; 731 struct in6_addr *daddr = &skb->nh.ipv6h->daddr; 732 u8 *lladdr = NULL; 733 u32 ndoptlen = skb->tail - msg->opt; 734 struct ndisc_options ndopts; 735 struct net_device *dev = skb->dev; 736 struct inet6_ifaddr *ifp; 737 struct inet6_dev *idev = NULL; 738 struct neighbour *neigh; 739 struct pneigh_entry *pneigh = NULL; 740 int dad = ipv6_addr_any(saddr); 741 int inc; 742 int is_router; 743 744 if (ipv6_addr_is_multicast(&msg->target)) { 745 ND_PRINTK2(KERN_WARNING 746 "ICMPv6 NS: multicast target address"); 747 return; 748 } 749 750 /* 751 * RFC2461 7.1.1: 752 * DAD has to be destined for solicited node multicast address. 753 */ 754 if (dad && 755 !(daddr->s6_addr32[0] == htonl(0xff020000) && 756 daddr->s6_addr32[1] == htonl(0x00000000) && 757 daddr->s6_addr32[2] == htonl(0x00000001) && 758 daddr->s6_addr [12] == 0xff )) { 759 ND_PRINTK2(KERN_WARNING 760 "ICMPv6 NS: bad DAD packet (wrong destination)\n"); 761 return; 762 } 763 764 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) { 765 ND_PRINTK2(KERN_WARNING 766 "ICMPv6 NS: invalid ND options\n"); 767 return; 768 } 769 770 if (ndopts.nd_opts_src_lladdr) { 771 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev); 772 if (!lladdr) { 773 ND_PRINTK2(KERN_WARNING 774 "ICMPv6 NS: invalid link-layer address length\n"); 775 return; 776 } 777 778 /* RFC2461 7.1.1: 779 * If the IP source address is the unspecified address, 780 * there MUST NOT be source link-layer address option 781 * in the message. 782 */ 783 if (dad) { 784 ND_PRINTK2(KERN_WARNING 785 "ICMPv6 NS: bad DAD packet (link-layer address option)\n"); 786 return; 787 } 788 } 789 790 inc = ipv6_addr_is_multicast(daddr); 791 792 if ((ifp = ipv6_get_ifaddr(&msg->target, dev, 1)) != NULL) { 793 if (ifp->flags & IFA_F_TENTATIVE) { 794 /* Address is tentative. If the source 795 is unspecified address, it is someone 796 does DAD, otherwise we ignore solicitations 797 until DAD timer expires. 798 */ 799 if (!dad) 800 goto out; 801 if (dev->type == ARPHRD_IEEE802_TR) { 802 unsigned char *sadr = skb->mac.raw; 803 if (((sadr[8] ^ dev->dev_addr[0]) & 0x7f) == 0 && 804 sadr[9] == dev->dev_addr[1] && 805 sadr[10] == dev->dev_addr[2] && 806 sadr[11] == dev->dev_addr[3] && 807 sadr[12] == dev->dev_addr[4] && 808 sadr[13] == dev->dev_addr[5]) { 809 /* looped-back to us */ 810 goto out; 811 } 812 } 813 addrconf_dad_failure(ifp); 814 return; 815 } 816 817 idev = ifp->idev; 818 } else { 819 idev = in6_dev_get(dev); 820 if (!idev) { 821 /* XXX: count this drop? */ 822 return; 823 } 824 825 if (ipv6_chk_acast_addr(dev, &msg->target) || 826 (idev->cnf.forwarding && 827 (pneigh = pneigh_lookup(&nd_tbl, 828 &msg->target, dev, 0)) != NULL)) { 829 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) && 830 skb->pkt_type != PACKET_HOST && 831 inc != 0 && 832 idev->nd_parms->proxy_delay != 0) { 833 /* 834 * for anycast or proxy, 835 * sender should delay its response 836 * by a random time between 0 and 837 * MAX_ANYCAST_DELAY_TIME seconds. 838 * (RFC2461) -- yoshfuji 839 */ 840 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC); 841 if (n) 842 pneigh_enqueue(&nd_tbl, idev->nd_parms, n); 843 goto out; 844 } 845 } else 846 goto out; 847 } 848 849 if (pneigh) 850 is_router = pneigh->flags & NTF_ROUTER; 851 else 852 is_router = idev->cnf.forwarding; 853 854 if (dad) { 855 struct in6_addr maddr; 856 857 ipv6_addr_all_nodes(&maddr); 858 ndisc_send_na(dev, NULL, &maddr, &msg->target, 859 is_router, 0, (ifp != NULL), 1); 860 goto out; 861 } 862 863 if (inc) 864 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast); 865 else 866 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast); 867 868 /* 869 * update / create cache entry 870 * for the source address 871 */ 872 neigh = __neigh_lookup(&nd_tbl, saddr, dev, 873 !inc || lladdr || !dev->addr_len); 874 if (neigh) 875 neigh_update(neigh, lladdr, NUD_STALE, 876 NEIGH_UPDATE_F_WEAK_OVERRIDE| 877 NEIGH_UPDATE_F_OVERRIDE); 878 if (neigh || !dev->hard_header) { 879 ndisc_send_na(dev, neigh, saddr, &msg->target, 880 is_router, 881 1, (ifp != NULL && inc), inc); 882 if (neigh) 883 neigh_release(neigh); 884 } 885 886out: 887 if (ifp) 888 in6_ifa_put(ifp); 889 else 890 in6_dev_put(idev); 891 892 return; 893} 894 895static void ndisc_recv_na(struct sk_buff *skb) 896{ 897 struct nd_msg *msg = (struct nd_msg *)skb->h.raw; 898 struct in6_addr *saddr = &skb->nh.ipv6h->saddr; 899 struct in6_addr *daddr = &skb->nh.ipv6h->daddr; 900 u8 *lladdr = NULL; 901 u32 ndoptlen = skb->tail - msg->opt; 902 struct ndisc_options ndopts; 903 struct net_device *dev = skb->dev; 904 struct inet6_ifaddr *ifp; 905 struct neighbour *neigh; 906 907 if (skb->len < sizeof(struct nd_msg)) { 908 ND_PRINTK2(KERN_WARNING 909 "ICMPv6 NA: packet too short\n"); 910 return; 911 } 912 913 if (ipv6_addr_is_multicast(&msg->target)) { 914 ND_PRINTK2(KERN_WARNING 915 "ICMPv6 NA: target address is multicast.\n"); 916 return; 917 } 918 919 if (ipv6_addr_is_multicast(daddr) && 920 msg->icmph.icmp6_solicited) { 921 ND_PRINTK2(KERN_WARNING 922 "ICMPv6 NA: solicited NA is multicasted.\n"); 923 return; 924 } 925 926 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) { 927 ND_PRINTK2(KERN_WARNING 928 "ICMPv6 NS: invalid ND option\n"); 929 return; 930 } 931 if (ndopts.nd_opts_tgt_lladdr) { 932 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev); 933 if (!lladdr) { 934 ND_PRINTK2(KERN_WARNING 935 "ICMPv6 NA: invalid link-layer address length\n"); 936 return; 937 } 938 } 939 if ((ifp = ipv6_get_ifaddr(&msg->target, dev, 1))) { 940 if (ifp->flags & IFA_F_TENTATIVE) { 941 addrconf_dad_failure(ifp); 942 return; 943 } 944 /* What should we make now? The advertisement 945 is invalid, but ndisc specs say nothing 946 about it. It could be misconfiguration, or 947 an smart proxy agent tries to help us :-) 948 */ 949 ND_PRINTK1(KERN_WARNING 950 "ICMPv6 NA: someone advertises our address on %s!\n", 951 ifp->idev->dev->name); 952 in6_ifa_put(ifp); 953 return; 954 } 955 neigh = neigh_lookup(&nd_tbl, &msg->target, dev); 956 957 if (neigh) { 958 u8 old_flags = neigh->flags; 959 960 if (neigh->nud_state & NUD_FAILED) 961 goto out; 962 963 /* 964 * Don't update the neighbor cache entry on a proxy NA from 965 * ourselves because either the proxied node is off link or it 966 * has already sent a NA to us. 967 */ 968 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) && 969 pneigh_lookup(&nd_tbl, &msg->target, dev, 0)) 970 goto out; 971 972 neigh_update(neigh, lladdr, 973 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE, 974 NEIGH_UPDATE_F_WEAK_OVERRIDE| 975 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)| 976 NEIGH_UPDATE_F_OVERRIDE_ISROUTER| 977 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0)); 978 979 if ((old_flags & ~neigh->flags) & NTF_ROUTER) { 980 /* 981 * Change: router to host 982 */ 983 struct rt6_info *rt; 984 rt = rt6_get_dflt_router(saddr, dev); 985 if (rt) 986 ip6_del_rt(rt); 987 } 988 989out: 990 neigh_release(neigh); 991 } 992} 993 994static void ndisc_recv_rs(struct sk_buff *skb) 995{ 996 struct rs_msg *rs_msg = (struct rs_msg *) skb->h.raw; 997 unsigned long ndoptlen = skb->len - sizeof(*rs_msg); 998 struct neighbour *neigh; 999 struct inet6_dev *idev; 1000 struct in6_addr *saddr = &skb->nh.ipv6h->saddr; 1001 struct ndisc_options ndopts; 1002 u8 *lladdr = NULL; 1003 1004 if (skb->len < sizeof(*rs_msg)) 1005 return; 1006 1007 idev = in6_dev_get(skb->dev); 1008 if (!idev) { 1009 if (net_ratelimit()) 1010 ND_PRINTK1("ICMP6 RS: can't find in6 device\n"); 1011 return; 1012 } 1013 1014 /* Don't accept RS if we're not in router mode */ 1015 if (!idev->cnf.forwarding) 1016 goto out; 1017 1018 /* 1019 * Don't update NCE if src = ::; 1020 * this implies that the source node has no ip address assigned yet. 1021 */ 1022 if (ipv6_addr_any(saddr)) 1023 goto out; 1024 1025 /* Parse ND options */ 1026 if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) { 1027 if (net_ratelimit()) 1028 ND_PRINTK2("ICMP6 NS: invalid ND option, ignored\n"); 1029 goto out; 1030 } 1031 1032 if (ndopts.nd_opts_src_lladdr) { 1033 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, 1034 skb->dev); 1035 if (!lladdr) 1036 goto out; 1037 } 1038 1039 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1); 1040 if (neigh) { 1041 neigh_update(neigh, lladdr, NUD_STALE, 1042 NEIGH_UPDATE_F_WEAK_OVERRIDE| 1043 NEIGH_UPDATE_F_OVERRIDE| 1044 NEIGH_UPDATE_F_OVERRIDE_ISROUTER); 1045 neigh_release(neigh); 1046 } 1047out: 1048 in6_dev_put(idev); 1049} 1050 1051static void ndisc_router_discovery(struct sk_buff *skb) 1052{ 1053 struct ra_msg *ra_msg = (struct ra_msg *) skb->h.raw; 1054 struct neighbour *neigh = NULL; 1055 struct inet6_dev *in6_dev; 1056 struct rt6_info *rt = NULL; 1057 int lifetime; 1058 struct ndisc_options ndopts; 1059 int optlen; 1060 unsigned int pref = 0; 1061 1062 __u8 * opt = (__u8 *)(ra_msg + 1); 1063 1064 optlen = (skb->tail - skb->h.raw) - sizeof(struct ra_msg); 1065 1066 if (!(ipv6_addr_type(&skb->nh.ipv6h->saddr) & IPV6_ADDR_LINKLOCAL)) { 1067 ND_PRINTK2(KERN_WARNING 1068 "ICMPv6 RA: source address is not link-local.\n"); 1069 return; 1070 } 1071 if (optlen < 0) { 1072 ND_PRINTK2(KERN_WARNING 1073 "ICMPv6 RA: packet too short\n"); 1074 return; 1075 } 1076 1077 /* 1078 * set the RA_RECV flag in the interface 1079 */ 1080 1081 in6_dev = in6_dev_get(skb->dev); 1082 if (in6_dev == NULL) { 1083 ND_PRINTK0(KERN_ERR 1084 "ICMPv6 RA: can't find inet6 device for %s.\n", 1085 skb->dev->name); 1086 return; 1087 } 1088 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_ra) { 1089 in6_dev_put(in6_dev); 1090 return; 1091 } 1092 1093 if (!ndisc_parse_options(opt, optlen, &ndopts)) { 1094 in6_dev_put(in6_dev); 1095 ND_PRINTK2(KERN_WARNING 1096 "ICMP6 RA: invalid ND options\n"); 1097 return; 1098 } 1099 1100 if (in6_dev->if_flags & IF_RS_SENT) { 1101 /* 1102 * flag that an RA was received after an RS was sent 1103 * out on this interface. 1104 */ 1105 in6_dev->if_flags |= IF_RA_RCVD; 1106 } 1107 1108 /* 1109 * Remember the managed/otherconf flags from most recently 1110 * received RA message (RFC 2462) -- yoshfuji 1111 */ 1112 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED | 1113 IF_RA_OTHERCONF)) | 1114 (ra_msg->icmph.icmp6_addrconf_managed ? 1115 IF_RA_MANAGED : 0) | 1116 (ra_msg->icmph.icmp6_addrconf_other ? 1117 IF_RA_OTHERCONF : 0); 1118 1119 if (!in6_dev->cnf.accept_ra_defrtr) 1120 goto skip_defrtr; 1121 1122 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime); 1123 1124#ifdef CONFIG_IPV6_ROUTER_PREF 1125 pref = ra_msg->icmph.icmp6_router_pref; 1126 /* 10b is handled as if it were 00b (medium) */ 1127 if (pref == ICMPV6_ROUTER_PREF_INVALID || 1128 in6_dev->cnf.accept_ra_rtr_pref) 1129 pref = ICMPV6_ROUTER_PREF_MEDIUM; 1130#endif 1131 1132 rt = rt6_get_dflt_router(&skb->nh.ipv6h->saddr, skb->dev); 1133 1134 if (rt) 1135 neigh = rt->rt6i_nexthop; 1136 1137 if (rt && lifetime == 0) { 1138 neigh_clone(neigh); 1139 ip6_del_rt(rt); 1140 rt = NULL; 1141 } 1142 1143 if (rt == NULL && lifetime) { 1144 ND_PRINTK3(KERN_DEBUG 1145 "ICMPv6 RA: adding default router.\n"); 1146 1147 rt = rt6_add_dflt_router(&skb->nh.ipv6h->saddr, skb->dev, pref); 1148 if (rt == NULL) { 1149 ND_PRINTK0(KERN_ERR 1150 "ICMPv6 RA: %s() failed to add default route.\n", 1151 __FUNCTION__); 1152 in6_dev_put(in6_dev); 1153 return; 1154 } 1155 1156 neigh = rt->rt6i_nexthop; 1157 if (neigh == NULL) { 1158 ND_PRINTK0(KERN_ERR 1159 "ICMPv6 RA: %s() got default router without neighbour.\n", 1160 __FUNCTION__); 1161 dst_release(&rt->u.dst); 1162 in6_dev_put(in6_dev); 1163 return; 1164 } 1165 neigh->flags |= NTF_ROUTER; 1166 } else if (rt) { 1167 rt->rt6i_flags |= (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref); 1168 } 1169 1170 if (rt) 1171 rt->rt6i_expires = jiffies + (HZ * lifetime); 1172 1173 if (ra_msg->icmph.icmp6_hop_limit) { 1174 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit; 1175 if (rt) 1176 rt->u.dst.metrics[RTAX_HOPLIMIT-1] = ra_msg->icmph.icmp6_hop_limit; 1177 } 1178 1179skip_defrtr: 1180 1181 /* 1182 * Update Reachable Time and Retrans Timer 1183 */ 1184 1185 if (in6_dev->nd_parms) { 1186 unsigned long rtime = ntohl(ra_msg->retrans_timer); 1187 1188 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) { 1189 rtime = (rtime*HZ)/1000; 1190 if (rtime < HZ/10) 1191 rtime = HZ/10; 1192 in6_dev->nd_parms->retrans_time = rtime; 1193 in6_dev->tstamp = jiffies; 1194 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev); 1195 } 1196 1197 rtime = ntohl(ra_msg->reachable_time); 1198 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) { 1199 rtime = (rtime*HZ)/1000; 1200 1201 if (rtime < HZ/10) 1202 rtime = HZ/10; 1203 1204 if (rtime != in6_dev->nd_parms->base_reachable_time) { 1205 in6_dev->nd_parms->base_reachable_time = rtime; 1206 in6_dev->nd_parms->gc_staletime = 3 * rtime; 1207 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime); 1208 in6_dev->tstamp = jiffies; 1209 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev); 1210 } 1211 } 1212 } 1213 1214 /* 1215 * Process options. 1216 */ 1217 1218 if (!neigh) 1219 neigh = __neigh_lookup(&nd_tbl, &skb->nh.ipv6h->saddr, 1220 skb->dev, 1); 1221 if (neigh) { 1222 u8 *lladdr = NULL; 1223 if (ndopts.nd_opts_src_lladdr) { 1224 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, 1225 skb->dev); 1226 if (!lladdr) { 1227 ND_PRINTK2(KERN_WARNING 1228 "ICMPv6 RA: invalid link-layer address length\n"); 1229 goto out; 1230 } 1231 } 1232 neigh_update(neigh, lladdr, NUD_STALE, 1233 NEIGH_UPDATE_F_WEAK_OVERRIDE| 1234 NEIGH_UPDATE_F_OVERRIDE| 1235 NEIGH_UPDATE_F_OVERRIDE_ISROUTER| 1236 NEIGH_UPDATE_F_ISROUTER); 1237 } 1238 1239#ifdef CONFIG_IPV6_ROUTE_INFO 1240 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) { 1241 struct nd_opt_hdr *p; 1242 for (p = ndopts.nd_opts_ri; 1243 p; 1244 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) { 1245 if (((struct route_info *)p)->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen) 1246 continue; 1247 rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3, 1248 &skb->nh.ipv6h->saddr); 1249 } 1250 } 1251#endif 1252 1253 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) { 1254 struct nd_opt_hdr *p; 1255 for (p = ndopts.nd_opts_pi; 1256 p; 1257 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) { 1258 addrconf_prefix_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3); 1259 } 1260 } 1261 1262 if (ndopts.nd_opts_mtu) { 1263 u32 mtu; 1264 1265 memcpy(&mtu, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu)); 1266 mtu = ntohl(mtu); 1267 1268 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) { 1269 ND_PRINTK2(KERN_WARNING 1270 "ICMPv6 RA: invalid mtu: %d\n", 1271 mtu); 1272 } else if (in6_dev->cnf.mtu6 != mtu) { 1273 in6_dev->cnf.mtu6 = mtu; 1274 1275 if (rt) 1276 rt->u.dst.metrics[RTAX_MTU-1] = mtu; 1277 1278 rt6_mtu_change(skb->dev, mtu); 1279 } 1280 } 1281 1282 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) { 1283 ND_PRINTK2(KERN_WARNING 1284 "ICMPv6 RA: invalid RA options"); 1285 } 1286out: 1287 if (rt) 1288 dst_release(&rt->u.dst); 1289 else if (neigh) 1290 neigh_release(neigh); 1291 in6_dev_put(in6_dev); 1292} 1293 1294static void ndisc_redirect_rcv(struct sk_buff *skb) 1295{ 1296 struct inet6_dev *in6_dev; 1297 struct icmp6hdr *icmph; 1298 struct in6_addr *dest; 1299 struct in6_addr *target; /* new first hop to destination */ 1300 struct neighbour *neigh; 1301 int on_link = 0; 1302 struct ndisc_options ndopts; 1303 int optlen; 1304 u8 *lladdr = NULL; 1305 1306 if (!(ipv6_addr_type(&skb->nh.ipv6h->saddr) & IPV6_ADDR_LINKLOCAL)) { 1307 ND_PRINTK2(KERN_WARNING 1308 "ICMPv6 Redirect: source address is not link-local.\n"); 1309 return; 1310 } 1311 1312 optlen = skb->tail - skb->h.raw; 1313 optlen -= sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr); 1314 1315 if (optlen < 0) { 1316 ND_PRINTK2(KERN_WARNING 1317 "ICMPv6 Redirect: packet too short\n"); 1318 return; 1319 } 1320 1321 icmph = (struct icmp6hdr *) skb->h.raw; 1322 target = (struct in6_addr *) (icmph + 1); 1323 dest = target + 1; 1324 1325 if (ipv6_addr_is_multicast(dest)) { 1326 ND_PRINTK2(KERN_WARNING 1327 "ICMPv6 Redirect: destination address is multicast.\n"); 1328 return; 1329 } 1330 1331 if (ipv6_addr_equal(dest, target)) { 1332 on_link = 1; 1333 } else if (!(ipv6_addr_type(target) & IPV6_ADDR_LINKLOCAL)) { 1334 ND_PRINTK2(KERN_WARNING 1335 "ICMPv6 Redirect: target address is not link-local.\n"); 1336 return; 1337 } 1338 1339 in6_dev = in6_dev_get(skb->dev); 1340 if (!in6_dev) 1341 return; 1342 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects) { 1343 in6_dev_put(in6_dev); 1344 return; 1345 } 1346 1347 /* RFC2461 8.1: 1348 * The IP source address of the Redirect MUST be the same as the current 1349 * first-hop router for the specified ICMP Destination Address. 1350 */ 1351 1352 if (!ndisc_parse_options((u8*)(dest + 1), optlen, &ndopts)) { 1353 ND_PRINTK2(KERN_WARNING 1354 "ICMPv6 Redirect: invalid ND options\n"); 1355 in6_dev_put(in6_dev); 1356 return; 1357 } 1358 if (ndopts.nd_opts_tgt_lladdr) { 1359 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, 1360 skb->dev); 1361 if (!lladdr) { 1362 ND_PRINTK2(KERN_WARNING 1363 "ICMPv6 Redirect: invalid link-layer address length\n"); 1364 in6_dev_put(in6_dev); 1365 return; 1366 } 1367 } 1368 1369 neigh = __neigh_lookup(&nd_tbl, target, skb->dev, 1); 1370 if (neigh) { 1371 rt6_redirect(dest, &skb->nh.ipv6h->daddr, 1372 &skb->nh.ipv6h->saddr, neigh, lladdr, 1373 on_link); 1374 neigh_release(neigh); 1375 } 1376 in6_dev_put(in6_dev); 1377} 1378 1379void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh, 1380 struct in6_addr *target) 1381{ 1382 struct sock *sk = ndisc_socket->sk; 1383 int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr); 1384 struct sk_buff *buff; 1385 struct icmp6hdr *icmph; 1386 struct in6_addr saddr_buf; 1387 struct in6_addr *addrp; 1388 struct net_device *dev; 1389 struct rt6_info *rt; 1390 struct dst_entry *dst; 1391 struct inet6_dev *idev; 1392 struct flowi fl; 1393 u8 *opt; 1394 int rd_len; 1395 int err; 1396 int hlen; 1397 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL; 1398 1399 dev = skb->dev; 1400 1401 if (ipv6_get_lladdr(dev, &saddr_buf)) { 1402 ND_PRINTK2(KERN_WARNING 1403 "ICMPv6 Redirect: no link-local address on %s\n", 1404 dev->name); 1405 return; 1406 } 1407 1408 ndisc_flow_init(&fl, NDISC_REDIRECT, &saddr_buf, &skb->nh.ipv6h->saddr, 1409 dev->ifindex); 1410 1411 dst = ip6_route_output(NULL, &fl); 1412 if (dst == NULL) 1413 return; 1414 1415 err = xfrm_lookup(&dst, &fl, NULL, 0); 1416 if (err) 1417 return; 1418 1419 rt = (struct rt6_info *) dst; 1420 1421 if (rt->rt6i_flags & RTF_GATEWAY) { 1422 ND_PRINTK2(KERN_WARNING 1423 "ICMPv6 Redirect: destination is not a neighbour.\n"); 1424 dst_release(dst); 1425 return; 1426 } 1427 if (!xrlim_allow(dst, 1*HZ)) { 1428 dst_release(dst); 1429 return; 1430 } 1431 1432 if (dev->addr_len) { 1433 read_lock_bh(&neigh->lock); 1434 if (neigh->nud_state & NUD_VALID) { 1435 memcpy(ha_buf, neigh->ha, dev->addr_len); 1436 read_unlock_bh(&neigh->lock); 1437 ha = ha_buf; 1438 len += ndisc_opt_addr_space(dev); 1439 } else 1440 read_unlock_bh(&neigh->lock); 1441 } 1442 1443 rd_len = min_t(unsigned int, 1444 IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8); 1445 rd_len &= ~0x7; 1446 len += rd_len; 1447 1448 buff = sock_alloc_send_skb(sk, MAX_HEADER + len + LL_RESERVED_SPACE(dev), 1449 1, &err); 1450 if (buff == NULL) { 1451 ND_PRINTK0(KERN_ERR 1452 "ICMPv6 Redirect: %s() failed to allocate an skb.\n", 1453 __FUNCTION__); 1454 dst_release(dst); 1455 return; 1456 } 1457 1458 hlen = 0; 1459 1460 skb_reserve(buff, LL_RESERVED_SPACE(dev)); 1461 ip6_nd_hdr(sk, buff, dev, &saddr_buf, &skb->nh.ipv6h->saddr, 1462 IPPROTO_ICMPV6, len); 1463 1464 icmph = (struct icmp6hdr *)skb_put(buff, len); 1465 buff->h.raw = (unsigned char*)icmph; 1466 1467 memset(icmph, 0, sizeof(struct icmp6hdr)); 1468 icmph->icmp6_type = NDISC_REDIRECT; 1469 1470 /* 1471 * copy target and destination addresses 1472 */ 1473 1474 addrp = (struct in6_addr *)(icmph + 1); 1475 ipv6_addr_copy(addrp, target); 1476 addrp++; 1477 ipv6_addr_copy(addrp, &skb->nh.ipv6h->daddr); 1478 1479 opt = (u8*) (addrp + 1); 1480 1481 /* 1482 * include target_address option 1483 */ 1484 1485 if (ha) 1486 opt = ndisc_fill_addr_option(opt, ND_OPT_TARGET_LL_ADDR, ha, 1487 dev->addr_len, dev->type); 1488 1489 /* 1490 * build redirect option and copy skb over to the new packet. 1491 */ 1492 1493 memset(opt, 0, 8); 1494 *(opt++) = ND_OPT_REDIRECT_HDR; 1495 *(opt++) = (rd_len >> 3); 1496 opt += 6; 1497 1498 memcpy(opt, skb->nh.ipv6h, rd_len - 8); 1499 1500 icmph->icmp6_cksum = csum_ipv6_magic(&saddr_buf, &skb->nh.ipv6h->saddr, 1501 len, IPPROTO_ICMPV6, 1502 csum_partial((u8 *) icmph, len, 0)); 1503 1504 buff->dst = dst; 1505 idev = in6_dev_get(dst->dev); 1506 IP6_INC_STATS(IPSTATS_MIB_OUTREQUESTS); 1507 err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, buff, NULL, dst->dev, dst_output); 1508 if (!err) { 1509 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTREDIRECTS); 1510 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS); 1511 } 1512 1513 if (likely(idev != NULL)) 1514 in6_dev_put(idev); 1515} 1516 1517static void pndisc_redo(struct sk_buff *skb) 1518{ 1519 ndisc_recv_ns(skb); 1520 kfree_skb(skb); 1521} 1522 1523int ndisc_rcv(struct sk_buff *skb) 1524{ 1525 struct nd_msg *msg; 1526 1527 if (!pskb_may_pull(skb, skb->len)) 1528 return 0; 1529 1530 msg = (struct nd_msg *) skb->h.raw; 1531 1532 __skb_push(skb, skb->data-skb->h.raw); 1533 1534 if (skb->nh.ipv6h->hop_limit != 255) { 1535 ND_PRINTK2(KERN_WARNING 1536 "ICMPv6 NDISC: invalid hop-limit: %d\n", 1537 skb->nh.ipv6h->hop_limit); 1538 return 0; 1539 } 1540 1541 if (msg->icmph.icmp6_code != 0) { 1542 ND_PRINTK2(KERN_WARNING 1543 "ICMPv6 NDISC: invalid ICMPv6 code: %d\n", 1544 msg->icmph.icmp6_code); 1545 return 0; 1546 } 1547 1548 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb)); 1549 1550 switch (msg->icmph.icmp6_type) { 1551 case NDISC_NEIGHBOUR_SOLICITATION: 1552 ndisc_recv_ns(skb); 1553 break; 1554 1555 case NDISC_NEIGHBOUR_ADVERTISEMENT: 1556 ndisc_recv_na(skb); 1557 break; 1558 1559 case NDISC_ROUTER_SOLICITATION: 1560 ndisc_recv_rs(skb); 1561 break; 1562 1563 case NDISC_ROUTER_ADVERTISEMENT: 1564 ndisc_router_discovery(skb); 1565 break; 1566 1567 case NDISC_REDIRECT: 1568 ndisc_redirect_rcv(skb); 1569 break; 1570 }; 1571 1572 return 0; 1573} 1574 1575static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr) 1576{ 1577 struct net_device *dev = ptr; 1578 1579 switch (event) { 1580 case NETDEV_CHANGEADDR: 1581 neigh_changeaddr(&nd_tbl, dev); 1582 fib6_run_gc(~0UL); 1583 break; 1584 case NETDEV_DOWN: 1585 neigh_ifdown(&nd_tbl, dev); 1586 fib6_run_gc(~0UL); 1587 break; 1588 default: 1589 break; 1590 } 1591 1592 return NOTIFY_DONE; 1593} 1594 1595static struct notifier_block ndisc_netdev_notifier = { 1596 .notifier_call = ndisc_netdev_event, 1597}; 1598 1599#ifdef CONFIG_SYSCTL 1600static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl, 1601 const char *func, const char *dev_name) 1602{ 1603 static char warncomm[TASK_COMM_LEN]; 1604 static int warned; 1605 if (strcmp(warncomm, current->comm) && warned < 5) { 1606 strcpy(warncomm, current->comm); 1607 printk(KERN_WARNING 1608 "process `%s' is using deprecated sysctl (%s) " 1609 "net.ipv6.neigh.%s.%s; " 1610 "Use net.ipv6.neigh.%s.%s_ms " 1611 "instead.\n", 1612 warncomm, func, 1613 dev_name, ctl->procname, 1614 dev_name, ctl->procname); 1615 warned++; 1616 } 1617} 1618 1619int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, struct file * filp, void __user *buffer, size_t *lenp, loff_t *ppos) 1620{ 1621 struct net_device *dev = ctl->extra1; 1622 struct inet6_dev *idev; 1623 int ret; 1624 1625 if (ctl->ctl_name == NET_NEIGH_RETRANS_TIME || 1626 ctl->ctl_name == NET_NEIGH_REACHABLE_TIME) 1627 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default"); 1628 1629 switch (ctl->ctl_name) { 1630 case NET_NEIGH_RETRANS_TIME: 1631 ret = proc_dointvec(ctl, write, filp, buffer, lenp, ppos); 1632 break; 1633 case NET_NEIGH_REACHABLE_TIME: 1634 ret = proc_dointvec_jiffies(ctl, write, 1635 filp, buffer, lenp, ppos); 1636 break; 1637 case NET_NEIGH_RETRANS_TIME_MS: 1638 case NET_NEIGH_REACHABLE_TIME_MS: 1639 ret = proc_dointvec_ms_jiffies(ctl, write, 1640 filp, buffer, lenp, ppos); 1641 break; 1642 default: 1643 ret = -1; 1644 } 1645 1646 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) { 1647 if (ctl->ctl_name == NET_NEIGH_REACHABLE_TIME || 1648 ctl->ctl_name == NET_NEIGH_REACHABLE_TIME_MS) 1649 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time); 1650 idev->tstamp = jiffies; 1651 inet6_ifinfo_notify(RTM_NEWLINK, idev); 1652 in6_dev_put(idev); 1653 } 1654 return ret; 1655} 1656 1657static int ndisc_ifinfo_sysctl_strategy(ctl_table *ctl, int __user *name, 1658 int nlen, void __user *oldval, 1659 size_t __user *oldlenp, 1660 void __user *newval, size_t newlen, 1661 void **context) 1662{ 1663 struct net_device *dev = ctl->extra1; 1664 struct inet6_dev *idev; 1665 int ret; 1666 1667 if (ctl->ctl_name == NET_NEIGH_RETRANS_TIME || 1668 ctl->ctl_name == NET_NEIGH_REACHABLE_TIME) 1669 ndisc_warn_deprecated_sysctl(ctl, "procfs", dev ? dev->name : "default"); 1670 1671 switch (ctl->ctl_name) { 1672 case NET_NEIGH_REACHABLE_TIME: 1673 ret = sysctl_jiffies(ctl, name, nlen, 1674 oldval, oldlenp, newval, newlen, 1675 context); 1676 break; 1677 case NET_NEIGH_RETRANS_TIME_MS: 1678 case NET_NEIGH_REACHABLE_TIME_MS: 1679 ret = sysctl_ms_jiffies(ctl, name, nlen, 1680 oldval, oldlenp, newval, newlen, 1681 context); 1682 break; 1683 default: 1684 ret = 0; 1685 } 1686 1687 if (newval && newlen && ret > 0 && 1688 dev && (idev = in6_dev_get(dev)) != NULL) { 1689 if (ctl->ctl_name == NET_NEIGH_REACHABLE_TIME || 1690 ctl->ctl_name == NET_NEIGH_REACHABLE_TIME_MS) 1691 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time); 1692 idev->tstamp = jiffies; 1693 inet6_ifinfo_notify(RTM_NEWLINK, idev); 1694 in6_dev_put(idev); 1695 } 1696 1697 return ret; 1698} 1699 1700#endif 1701 1702int __init ndisc_init(struct net_proto_family *ops) 1703{ 1704 struct ipv6_pinfo *np; 1705 struct sock *sk; 1706 int err; 1707 1708 err = sock_create_kern(PF_INET6, SOCK_RAW, IPPROTO_ICMPV6, &ndisc_socket); 1709 if (err < 0) { 1710 ND_PRINTK0(KERN_ERR 1711 "ICMPv6 NDISC: Failed to initialize the control socket (err %d).\n", 1712 err); 1713 ndisc_socket = NULL; /* For safety. */ 1714 return err; 1715 } 1716 1717 sk = ndisc_socket->sk; 1718 np = inet6_sk(sk); 1719 sk->sk_allocation = GFP_ATOMIC; 1720 np->hop_limit = 255; 1721 /* Do not loopback ndisc messages */ 1722 np->mc_loop = 0; 1723 sk->sk_prot->unhash(sk); 1724 1725 /* 1726 * Initialize the neighbour table 1727 */ 1728 1729 neigh_table_init(&nd_tbl); 1730 1731#ifdef CONFIG_SYSCTL 1732 neigh_sysctl_register(NULL, &nd_tbl.parms, NET_IPV6, NET_IPV6_NEIGH, 1733 "ipv6", 1734 &ndisc_ifinfo_sysctl_change, 1735 &ndisc_ifinfo_sysctl_strategy); 1736#endif 1737 1738 register_netdevice_notifier(&ndisc_netdev_notifier); 1739 return 0; 1740} 1741 1742void ndisc_cleanup(void) 1743{ 1744#ifdef CONFIG_SYSCTL 1745 neigh_sysctl_unregister(&nd_tbl.parms); 1746#endif 1747 neigh_table_clear(&nd_tbl); 1748 sock_release(ndisc_socket); 1749 ndisc_socket = NULL; /* For safety. */ 1750} 1751