ndisc.c revision 8ceb9f4421983a8036855fc2510e3109a799e4c1
1/* 2 * Neighbour Discovery for IPv6 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * Mike Shaver <shaver@ingenia.com> 8 * 9 * This program is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU General Public License 11 * as published by the Free Software Foundation; either version 12 * 2 of the License, or (at your option) any later version. 13 */ 14 15/* 16 * Changes: 17 * 18 * Alexey I. Froloff : RFC6106 (DNSSL) support 19 * Pierre Ynard : export userland ND options 20 * through netlink (RDNSS support) 21 * Lars Fenneberg : fixed MTU setting on receipt 22 * of an RA. 23 * Janos Farkas : kmalloc failure checks 24 * Alexey Kuznetsov : state machine reworked 25 * and moved to net/core. 26 * Pekka Savola : RFC2461 validation 27 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly 28 */ 29 30#define pr_fmt(fmt) "ICMPv6: " fmt 31 32#include <linux/module.h> 33#include <linux/errno.h> 34#include <linux/types.h> 35#include <linux/socket.h> 36#include <linux/sockios.h> 37#include <linux/sched.h> 38#include <linux/net.h> 39#include <linux/in6.h> 40#include <linux/route.h> 41#include <linux/init.h> 42#include <linux/rcupdate.h> 43#include <linux/slab.h> 44#ifdef CONFIG_SYSCTL 45#include <linux/sysctl.h> 46#endif 47 48#include <linux/if_addr.h> 49#include <linux/if_arp.h> 50#include <linux/ipv6.h> 51#include <linux/icmpv6.h> 52#include <linux/jhash.h> 53 54#include <net/sock.h> 55#include <net/snmp.h> 56 57#include <net/ipv6.h> 58#include <net/protocol.h> 59#include <net/ndisc.h> 60#include <net/ip6_route.h> 61#include <net/addrconf.h> 62#include <net/icmp.h> 63 64#include <net/netlink.h> 65#include <linux/rtnetlink.h> 66 67#include <net/flow.h> 68#include <net/ip6_checksum.h> 69#include <net/inet_common.h> 70#include <linux/proc_fs.h> 71 72#include <linux/netfilter.h> 73#include <linux/netfilter_ipv6.h> 74 75/* Set to 3 to get tracing... */ 76#define ND_DEBUG 1 77 78#define ND_PRINTK(val, level, fmt, ...) \ 79do { \ 80 if (val <= ND_DEBUG) \ 81 net_##level##_ratelimited(fmt, ##__VA_ARGS__); \ 82} while (0) 83 84static u32 ndisc_hash(const void *pkey, 85 const struct net_device *dev, 86 __u32 *hash_rnd); 87static int ndisc_constructor(struct neighbour *neigh); 88static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb); 89static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb); 90static int pndisc_constructor(struct pneigh_entry *n); 91static void pndisc_destructor(struct pneigh_entry *n); 92static void pndisc_redo(struct sk_buff *skb); 93 94static const struct neigh_ops ndisc_generic_ops = { 95 .family = AF_INET6, 96 .solicit = ndisc_solicit, 97 .error_report = ndisc_error_report, 98 .output = neigh_resolve_output, 99 .connected_output = neigh_connected_output, 100}; 101 102static const struct neigh_ops ndisc_hh_ops = { 103 .family = AF_INET6, 104 .solicit = ndisc_solicit, 105 .error_report = ndisc_error_report, 106 .output = neigh_resolve_output, 107 .connected_output = neigh_resolve_output, 108}; 109 110 111static const struct neigh_ops ndisc_direct_ops = { 112 .family = AF_INET6, 113 .output = neigh_direct_output, 114 .connected_output = neigh_direct_output, 115}; 116 117struct neigh_table nd_tbl = { 118 .family = AF_INET6, 119 .key_len = sizeof(struct in6_addr), 120 .hash = ndisc_hash, 121 .constructor = ndisc_constructor, 122 .pconstructor = pndisc_constructor, 123 .pdestructor = pndisc_destructor, 124 .proxy_redo = pndisc_redo, 125 .id = "ndisc_cache", 126 .parms = { 127 .tbl = &nd_tbl, 128 .reachable_time = ND_REACHABLE_TIME, 129 .data = { 130 [NEIGH_VAR_MCAST_PROBES] = 3, 131 [NEIGH_VAR_UCAST_PROBES] = 3, 132 [NEIGH_VAR_RETRANS_TIME] = ND_RETRANS_TIMER, 133 [NEIGH_VAR_BASE_REACHABLE_TIME] = ND_REACHABLE_TIME, 134 [NEIGH_VAR_DELAY_PROBE_TIME] = 5 * HZ, 135 [NEIGH_VAR_GC_STALETIME] = 60 * HZ, 136 [NEIGH_VAR_QUEUE_LEN_BYTES] = 64 * 1024, 137 [NEIGH_VAR_PROXY_QLEN] = 64, 138 [NEIGH_VAR_ANYCAST_DELAY] = 1 * HZ, 139 [NEIGH_VAR_PROXY_DELAY] = (8 * HZ) / 10, 140 }, 141 }, 142 .gc_interval = 30 * HZ, 143 .gc_thresh1 = 128, 144 .gc_thresh2 = 512, 145 .gc_thresh3 = 1024, 146}; 147 148static void ndisc_fill_addr_option(struct sk_buff *skb, int type, void *data) 149{ 150 int pad = ndisc_addr_option_pad(skb->dev->type); 151 int data_len = skb->dev->addr_len; 152 int space = ndisc_opt_addr_space(skb->dev); 153 u8 *opt = skb_put(skb, space); 154 155 opt[0] = type; 156 opt[1] = space>>3; 157 158 memset(opt + 2, 0, pad); 159 opt += pad; 160 space -= pad; 161 162 memcpy(opt+2, data, data_len); 163 data_len += 2; 164 opt += data_len; 165 if ((space -= data_len) > 0) 166 memset(opt, 0, space); 167} 168 169static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur, 170 struct nd_opt_hdr *end) 171{ 172 int type; 173 if (!cur || !end || cur >= end) 174 return NULL; 175 type = cur->nd_opt_type; 176 do { 177 cur = ((void *)cur) + (cur->nd_opt_len << 3); 178 } while (cur < end && cur->nd_opt_type != type); 179 return cur <= end && cur->nd_opt_type == type ? cur : NULL; 180} 181 182static inline int ndisc_is_useropt(struct nd_opt_hdr *opt) 183{ 184 return opt->nd_opt_type == ND_OPT_RDNSS || 185 opt->nd_opt_type == ND_OPT_DNSSL; 186} 187 188static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur, 189 struct nd_opt_hdr *end) 190{ 191 if (!cur || !end || cur >= end) 192 return NULL; 193 do { 194 cur = ((void *)cur) + (cur->nd_opt_len << 3); 195 } while (cur < end && !ndisc_is_useropt(cur)); 196 return cur <= end && ndisc_is_useropt(cur) ? cur : NULL; 197} 198 199struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len, 200 struct ndisc_options *ndopts) 201{ 202 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt; 203 204 if (!nd_opt || opt_len < 0 || !ndopts) 205 return NULL; 206 memset(ndopts, 0, sizeof(*ndopts)); 207 while (opt_len) { 208 int l; 209 if (opt_len < sizeof(struct nd_opt_hdr)) 210 return NULL; 211 l = nd_opt->nd_opt_len << 3; 212 if (opt_len < l || l == 0) 213 return NULL; 214 switch (nd_opt->nd_opt_type) { 215 case ND_OPT_SOURCE_LL_ADDR: 216 case ND_OPT_TARGET_LL_ADDR: 217 case ND_OPT_MTU: 218 case ND_OPT_REDIRECT_HDR: 219 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) { 220 ND_PRINTK(2, warn, 221 "%s: duplicated ND6 option found: type=%d\n", 222 __func__, nd_opt->nd_opt_type); 223 } else { 224 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 225 } 226 break; 227 case ND_OPT_PREFIX_INFO: 228 ndopts->nd_opts_pi_end = nd_opt; 229 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type]) 230 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 231 break; 232#ifdef CONFIG_IPV6_ROUTE_INFO 233 case ND_OPT_ROUTE_INFO: 234 ndopts->nd_opts_ri_end = nd_opt; 235 if (!ndopts->nd_opts_ri) 236 ndopts->nd_opts_ri = nd_opt; 237 break; 238#endif 239 default: 240 if (ndisc_is_useropt(nd_opt)) { 241 ndopts->nd_useropts_end = nd_opt; 242 if (!ndopts->nd_useropts) 243 ndopts->nd_useropts = nd_opt; 244 } else { 245 /* 246 * Unknown options must be silently ignored, 247 * to accommodate future extension to the 248 * protocol. 249 */ 250 ND_PRINTK(2, notice, 251 "%s: ignored unsupported option; type=%d, len=%d\n", 252 __func__, 253 nd_opt->nd_opt_type, 254 nd_opt->nd_opt_len); 255 } 256 } 257 opt_len -= l; 258 nd_opt = ((void *)nd_opt) + l; 259 } 260 return ndopts; 261} 262 263int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir) 264{ 265 switch (dev->type) { 266 case ARPHRD_ETHER: 267 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */ 268 case ARPHRD_FDDI: 269 ipv6_eth_mc_map(addr, buf); 270 return 0; 271 case ARPHRD_ARCNET: 272 ipv6_arcnet_mc_map(addr, buf); 273 return 0; 274 case ARPHRD_INFINIBAND: 275 ipv6_ib_mc_map(addr, dev->broadcast, buf); 276 return 0; 277 case ARPHRD_IPGRE: 278 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf); 279 default: 280 if (dir) { 281 memcpy(buf, dev->broadcast, dev->addr_len); 282 return 0; 283 } 284 } 285 return -EINVAL; 286} 287EXPORT_SYMBOL(ndisc_mc_map); 288 289static u32 ndisc_hash(const void *pkey, 290 const struct net_device *dev, 291 __u32 *hash_rnd) 292{ 293 return ndisc_hashfn(pkey, dev, hash_rnd); 294} 295 296static int ndisc_constructor(struct neighbour *neigh) 297{ 298 struct in6_addr *addr = (struct in6_addr *)&neigh->primary_key; 299 struct net_device *dev = neigh->dev; 300 struct inet6_dev *in6_dev; 301 struct neigh_parms *parms; 302 bool is_multicast = ipv6_addr_is_multicast(addr); 303 304 in6_dev = in6_dev_get(dev); 305 if (in6_dev == NULL) { 306 return -EINVAL; 307 } 308 309 parms = in6_dev->nd_parms; 310 __neigh_parms_put(neigh->parms); 311 neigh->parms = neigh_parms_clone(parms); 312 313 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST; 314 if (!dev->header_ops) { 315 neigh->nud_state = NUD_NOARP; 316 neigh->ops = &ndisc_direct_ops; 317 neigh->output = neigh_direct_output; 318 } else { 319 if (is_multicast) { 320 neigh->nud_state = NUD_NOARP; 321 ndisc_mc_map(addr, neigh->ha, dev, 1); 322 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) { 323 neigh->nud_state = NUD_NOARP; 324 memcpy(neigh->ha, dev->dev_addr, dev->addr_len); 325 if (dev->flags&IFF_LOOPBACK) 326 neigh->type = RTN_LOCAL; 327 } else if (dev->flags&IFF_POINTOPOINT) { 328 neigh->nud_state = NUD_NOARP; 329 memcpy(neigh->ha, dev->broadcast, dev->addr_len); 330 } 331 if (dev->header_ops->cache) 332 neigh->ops = &ndisc_hh_ops; 333 else 334 neigh->ops = &ndisc_generic_ops; 335 if (neigh->nud_state&NUD_VALID) 336 neigh->output = neigh->ops->connected_output; 337 else 338 neigh->output = neigh->ops->output; 339 } 340 in6_dev_put(in6_dev); 341 return 0; 342} 343 344static int pndisc_constructor(struct pneigh_entry *n) 345{ 346 struct in6_addr *addr = (struct in6_addr *)&n->key; 347 struct in6_addr maddr; 348 struct net_device *dev = n->dev; 349 350 if (dev == NULL || __in6_dev_get(dev) == NULL) 351 return -EINVAL; 352 addrconf_addr_solict_mult(addr, &maddr); 353 ipv6_dev_mc_inc(dev, &maddr); 354 return 0; 355} 356 357static void pndisc_destructor(struct pneigh_entry *n) 358{ 359 struct in6_addr *addr = (struct in6_addr *)&n->key; 360 struct in6_addr maddr; 361 struct net_device *dev = n->dev; 362 363 if (dev == NULL || __in6_dev_get(dev) == NULL) 364 return; 365 addrconf_addr_solict_mult(addr, &maddr); 366 ipv6_dev_mc_dec(dev, &maddr); 367} 368 369static struct sk_buff *ndisc_alloc_skb(struct net_device *dev, 370 int len) 371{ 372 int hlen = LL_RESERVED_SPACE(dev); 373 int tlen = dev->needed_tailroom; 374 struct sock *sk = dev_net(dev)->ipv6.ndisc_sk; 375 struct sk_buff *skb; 376 377 skb = alloc_skb(hlen + sizeof(struct ipv6hdr) + len + tlen, GFP_ATOMIC); 378 if (!skb) { 379 ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb\n", 380 __func__); 381 return NULL; 382 } 383 384 skb->protocol = htons(ETH_P_IPV6); 385 skb->dev = dev; 386 387 skb_reserve(skb, hlen + sizeof(struct ipv6hdr)); 388 skb_reset_transport_header(skb); 389 390 /* Manually assign socket ownership as we avoid calling 391 * sock_alloc_send_pskb() to bypass wmem buffer limits 392 */ 393 skb_set_owner_w(skb, sk); 394 395 return skb; 396} 397 398static void ip6_nd_hdr(struct sk_buff *skb, 399 const struct in6_addr *saddr, 400 const struct in6_addr *daddr, 401 int hop_limit, int len) 402{ 403 struct ipv6hdr *hdr; 404 405 skb_push(skb, sizeof(*hdr)); 406 skb_reset_network_header(skb); 407 hdr = ipv6_hdr(skb); 408 409 ip6_flow_hdr(hdr, 0, 0); 410 411 hdr->payload_len = htons(len); 412 hdr->nexthdr = IPPROTO_ICMPV6; 413 hdr->hop_limit = hop_limit; 414 415 hdr->saddr = *saddr; 416 hdr->daddr = *daddr; 417} 418 419static void ndisc_send_skb(struct sk_buff *skb, 420 const struct in6_addr *daddr, 421 const struct in6_addr *saddr) 422{ 423 struct dst_entry *dst = skb_dst(skb); 424 struct net *net = dev_net(skb->dev); 425 struct sock *sk = net->ipv6.ndisc_sk; 426 struct inet6_dev *idev; 427 int err; 428 struct icmp6hdr *icmp6h = icmp6_hdr(skb); 429 u8 type; 430 431 type = icmp6h->icmp6_type; 432 433 if (!dst) { 434 struct flowi6 fl6; 435 436 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, skb->dev->ifindex); 437 dst = icmp6_dst_alloc(skb->dev, &fl6); 438 if (IS_ERR(dst)) { 439 kfree_skb(skb); 440 return; 441 } 442 443 skb_dst_set(skb, dst); 444 } 445 446 icmp6h->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len, 447 IPPROTO_ICMPV6, 448 csum_partial(icmp6h, 449 skb->len, 0)); 450 451 ip6_nd_hdr(skb, saddr, daddr, inet6_sk(sk)->hop_limit, skb->len); 452 453 rcu_read_lock(); 454 idev = __in6_dev_get(dst->dev); 455 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len); 456 457 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev, 458 dst_output); 459 if (!err) { 460 ICMP6MSGOUT_INC_STATS(net, idev, type); 461 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS); 462 } 463 464 rcu_read_unlock(); 465} 466 467void ndisc_send_na(struct net_device *dev, struct neighbour *neigh, 468 const struct in6_addr *daddr, 469 const struct in6_addr *solicited_addr, 470 bool router, bool solicited, bool override, bool inc_opt) 471{ 472 struct sk_buff *skb; 473 struct in6_addr tmpaddr; 474 struct inet6_ifaddr *ifp; 475 const struct in6_addr *src_addr; 476 struct nd_msg *msg; 477 int optlen = 0; 478 479 /* for anycast or proxy, solicited_addr != src_addr */ 480 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1); 481 if (ifp) { 482 src_addr = solicited_addr; 483 if (ifp->flags & IFA_F_OPTIMISTIC) 484 override = false; 485 inc_opt |= ifp->idev->cnf.force_tllao; 486 in6_ifa_put(ifp); 487 } else { 488 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr, 489 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs, 490 &tmpaddr)) 491 return; 492 src_addr = &tmpaddr; 493 } 494 495 if (!dev->addr_len) 496 inc_opt = 0; 497 if (inc_opt) 498 optlen += ndisc_opt_addr_space(dev); 499 500 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen); 501 if (!skb) 502 return; 503 504 msg = (struct nd_msg *)skb_put(skb, sizeof(*msg)); 505 *msg = (struct nd_msg) { 506 .icmph = { 507 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT, 508 .icmp6_router = router, 509 .icmp6_solicited = solicited, 510 .icmp6_override = override, 511 }, 512 .target = *solicited_addr, 513 }; 514 515 if (inc_opt) 516 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR, 517 dev->dev_addr); 518 519 520 ndisc_send_skb(skb, daddr, src_addr); 521} 522 523static void ndisc_send_unsol_na(struct net_device *dev) 524{ 525 struct inet6_dev *idev; 526 struct inet6_ifaddr *ifa; 527 528 idev = in6_dev_get(dev); 529 if (!idev) 530 return; 531 532 read_lock_bh(&idev->lock); 533 list_for_each_entry(ifa, &idev->addr_list, if_list) { 534 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &ifa->addr, 535 /*router=*/ !!idev->cnf.forwarding, 536 /*solicited=*/ false, /*override=*/ true, 537 /*inc_opt=*/ true); 538 } 539 read_unlock_bh(&idev->lock); 540 541 in6_dev_put(idev); 542} 543 544void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh, 545 const struct in6_addr *solicit, 546 const struct in6_addr *daddr, const struct in6_addr *saddr) 547{ 548 struct sk_buff *skb; 549 struct in6_addr addr_buf; 550 int inc_opt = dev->addr_len; 551 int optlen = 0; 552 struct nd_msg *msg; 553 554 if (saddr == NULL) { 555 if (ipv6_get_lladdr(dev, &addr_buf, 556 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))) 557 return; 558 saddr = &addr_buf; 559 } 560 561 if (ipv6_addr_any(saddr)) 562 inc_opt = false; 563 if (inc_opt) 564 optlen += ndisc_opt_addr_space(dev); 565 566 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen); 567 if (!skb) 568 return; 569 570 msg = (struct nd_msg *)skb_put(skb, sizeof(*msg)); 571 *msg = (struct nd_msg) { 572 .icmph = { 573 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION, 574 }, 575 .target = *solicit, 576 }; 577 578 if (inc_opt) 579 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR, 580 dev->dev_addr); 581 582 ndisc_send_skb(skb, daddr, saddr); 583} 584 585void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr, 586 const struct in6_addr *daddr) 587{ 588 struct sk_buff *skb; 589 struct rs_msg *msg; 590 int send_sllao = dev->addr_len; 591 int optlen = 0; 592 593#ifdef CONFIG_IPV6_OPTIMISTIC_DAD 594 /* 595 * According to section 2.2 of RFC 4429, we must not 596 * send router solicitations with a sllao from 597 * optimistic addresses, but we may send the solicitation 598 * if we don't include the sllao. So here we check 599 * if our address is optimistic, and if so, we 600 * suppress the inclusion of the sllao. 601 */ 602 if (send_sllao) { 603 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr, 604 dev, 1); 605 if (ifp) { 606 if (ifp->flags & IFA_F_OPTIMISTIC) { 607 send_sllao = 0; 608 } 609 in6_ifa_put(ifp); 610 } else { 611 send_sllao = 0; 612 } 613 } 614#endif 615 if (send_sllao) 616 optlen += ndisc_opt_addr_space(dev); 617 618 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen); 619 if (!skb) 620 return; 621 622 msg = (struct rs_msg *)skb_put(skb, sizeof(*msg)); 623 *msg = (struct rs_msg) { 624 .icmph = { 625 .icmp6_type = NDISC_ROUTER_SOLICITATION, 626 }, 627 }; 628 629 if (send_sllao) 630 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR, 631 dev->dev_addr); 632 633 ndisc_send_skb(skb, daddr, saddr); 634} 635 636 637static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb) 638{ 639 /* 640 * "The sender MUST return an ICMP 641 * destination unreachable" 642 */ 643 dst_link_failure(skb); 644 kfree_skb(skb); 645} 646 647/* Called with locked neigh: either read or both */ 648 649static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb) 650{ 651 struct in6_addr *saddr = NULL; 652 struct in6_addr mcaddr; 653 struct net_device *dev = neigh->dev; 654 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key; 655 int probes = atomic_read(&neigh->probes); 656 657 if (skb && ipv6_chk_addr_and_flags(dev_net(dev), &ipv6_hdr(skb)->saddr, 658 dev, 1, 659 IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) 660 saddr = &ipv6_hdr(skb)->saddr; 661 662 if ((probes -= NEIGH_VAR(neigh->parms, UCAST_PROBES)) < 0) { 663 if (!(neigh->nud_state & NUD_VALID)) { 664 ND_PRINTK(1, dbg, 665 "%s: trying to ucast probe in NUD_INVALID: %pI6\n", 666 __func__, target); 667 } 668 ndisc_send_ns(dev, neigh, target, target, saddr); 669 } else if ((probes -= NEIGH_VAR(neigh->parms, APP_PROBES)) < 0) { 670 neigh_app_ns(neigh); 671 } else { 672 addrconf_addr_solict_mult(target, &mcaddr); 673 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr); 674 } 675} 676 677static int pndisc_is_router(const void *pkey, 678 struct net_device *dev) 679{ 680 struct pneigh_entry *n; 681 int ret = -1; 682 683 read_lock_bh(&nd_tbl.lock); 684 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev); 685 if (n) 686 ret = !!(n->flags & NTF_ROUTER); 687 read_unlock_bh(&nd_tbl.lock); 688 689 return ret; 690} 691 692static void ndisc_recv_ns(struct sk_buff *skb) 693{ 694 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb); 695 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 696 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr; 697 u8 *lladdr = NULL; 698 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) + 699 offsetof(struct nd_msg, opt)); 700 struct ndisc_options ndopts; 701 struct net_device *dev = skb->dev; 702 struct inet6_ifaddr *ifp; 703 struct inet6_dev *idev = NULL; 704 struct neighbour *neigh; 705 int dad = ipv6_addr_any(saddr); 706 bool inc; 707 int is_router = -1; 708 709 if (skb->len < sizeof(struct nd_msg)) { 710 ND_PRINTK(2, warn, "NS: packet too short\n"); 711 return; 712 } 713 714 if (ipv6_addr_is_multicast(&msg->target)) { 715 ND_PRINTK(2, warn, "NS: multicast target address\n"); 716 return; 717 } 718 719 /* 720 * RFC2461 7.1.1: 721 * DAD has to be destined for solicited node multicast address. 722 */ 723 if (dad && !ipv6_addr_is_solict_mult(daddr)) { 724 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n"); 725 return; 726 } 727 728 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) { 729 ND_PRINTK(2, warn, "NS: invalid ND options\n"); 730 return; 731 } 732 733 if (ndopts.nd_opts_src_lladdr) { 734 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev); 735 if (!lladdr) { 736 ND_PRINTK(2, warn, 737 "NS: invalid link-layer address length\n"); 738 return; 739 } 740 741 /* RFC2461 7.1.1: 742 * If the IP source address is the unspecified address, 743 * there MUST NOT be source link-layer address option 744 * in the message. 745 */ 746 if (dad) { 747 ND_PRINTK(2, warn, 748 "NS: bad DAD packet (link-layer address option)\n"); 749 return; 750 } 751 } 752 753 inc = ipv6_addr_is_multicast(daddr); 754 755 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1); 756 if (ifp) { 757 758 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) { 759 if (dad) { 760 /* 761 * We are colliding with another node 762 * who is doing DAD 763 * so fail our DAD process 764 */ 765 addrconf_dad_failure(ifp); 766 return; 767 } else { 768 /* 769 * This is not a dad solicitation. 770 * If we are an optimistic node, 771 * we should respond. 772 * Otherwise, we should ignore it. 773 */ 774 if (!(ifp->flags & IFA_F_OPTIMISTIC)) 775 goto out; 776 } 777 } 778 779 idev = ifp->idev; 780 } else { 781 struct net *net = dev_net(dev); 782 783 idev = in6_dev_get(dev); 784 if (!idev) { 785 /* XXX: count this drop? */ 786 return; 787 } 788 789 if (ipv6_chk_acast_addr(net, dev, &msg->target) || 790 (idev->cnf.forwarding && 791 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) && 792 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) { 793 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) && 794 skb->pkt_type != PACKET_HOST && 795 inc && 796 NEIGH_VAR(idev->nd_parms, PROXY_DELAY) != 0) { 797 /* 798 * for anycast or proxy, 799 * sender should delay its response 800 * by a random time between 0 and 801 * MAX_ANYCAST_DELAY_TIME seconds. 802 * (RFC2461) -- yoshfuji 803 */ 804 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC); 805 if (n) 806 pneigh_enqueue(&nd_tbl, idev->nd_parms, n); 807 goto out; 808 } 809 } else 810 goto out; 811 } 812 813 if (is_router < 0) 814 is_router = idev->cnf.forwarding; 815 816 if (dad) { 817 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &msg->target, 818 !!is_router, false, (ifp != NULL), true); 819 goto out; 820 } 821 822 if (inc) 823 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast); 824 else 825 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast); 826 827 /* 828 * update / create cache entry 829 * for the source address 830 */ 831 neigh = __neigh_lookup(&nd_tbl, saddr, dev, 832 !inc || lladdr || !dev->addr_len); 833 if (neigh) 834 neigh_update(neigh, lladdr, NUD_STALE, 835 NEIGH_UPDATE_F_WEAK_OVERRIDE| 836 NEIGH_UPDATE_F_OVERRIDE); 837 if (neigh || !dev->header_ops) { 838 ndisc_send_na(dev, neigh, saddr, &msg->target, 839 !!is_router, 840 true, (ifp != NULL && inc), inc); 841 if (neigh) 842 neigh_release(neigh); 843 } 844 845out: 846 if (ifp) 847 in6_ifa_put(ifp); 848 else 849 in6_dev_put(idev); 850} 851 852static void ndisc_recv_na(struct sk_buff *skb) 853{ 854 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb); 855 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 856 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr; 857 u8 *lladdr = NULL; 858 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) + 859 offsetof(struct nd_msg, opt)); 860 struct ndisc_options ndopts; 861 struct net_device *dev = skb->dev; 862 struct inet6_ifaddr *ifp; 863 struct neighbour *neigh; 864 865 if (skb->len < sizeof(struct nd_msg)) { 866 ND_PRINTK(2, warn, "NA: packet too short\n"); 867 return; 868 } 869 870 if (ipv6_addr_is_multicast(&msg->target)) { 871 ND_PRINTK(2, warn, "NA: target address is multicast\n"); 872 return; 873 } 874 875 if (ipv6_addr_is_multicast(daddr) && 876 msg->icmph.icmp6_solicited) { 877 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n"); 878 return; 879 } 880 881 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) { 882 ND_PRINTK(2, warn, "NS: invalid ND option\n"); 883 return; 884 } 885 if (ndopts.nd_opts_tgt_lladdr) { 886 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev); 887 if (!lladdr) { 888 ND_PRINTK(2, warn, 889 "NA: invalid link-layer address length\n"); 890 return; 891 } 892 } 893 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1); 894 if (ifp) { 895 if (skb->pkt_type != PACKET_LOOPBACK 896 && (ifp->flags & IFA_F_TENTATIVE)) { 897 addrconf_dad_failure(ifp); 898 return; 899 } 900 /* What should we make now? The advertisement 901 is invalid, but ndisc specs say nothing 902 about it. It could be misconfiguration, or 903 an smart proxy agent tries to help us :-) 904 905 We should not print the error if NA has been 906 received from loopback - it is just our own 907 unsolicited advertisement. 908 */ 909 if (skb->pkt_type != PACKET_LOOPBACK) 910 ND_PRINTK(1, warn, 911 "NA: someone advertises our address %pI6 on %s!\n", 912 &ifp->addr, ifp->idev->dev->name); 913 in6_ifa_put(ifp); 914 return; 915 } 916 neigh = neigh_lookup(&nd_tbl, &msg->target, dev); 917 918 if (neigh) { 919 u8 old_flags = neigh->flags; 920 struct net *net = dev_net(dev); 921 922 if (neigh->nud_state & NUD_FAILED) 923 goto out; 924 925 /* 926 * Don't update the neighbor cache entry on a proxy NA from 927 * ourselves because either the proxied node is off link or it 928 * has already sent a NA to us. 929 */ 930 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) && 931 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp && 932 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) { 933 /* XXX: idev->cnf.proxy_ndp */ 934 goto out; 935 } 936 937 neigh_update(neigh, lladdr, 938 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE, 939 NEIGH_UPDATE_F_WEAK_OVERRIDE| 940 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)| 941 NEIGH_UPDATE_F_OVERRIDE_ISROUTER| 942 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0)); 943 944 if ((old_flags & ~neigh->flags) & NTF_ROUTER) { 945 /* 946 * Change: router to host 947 */ 948 rt6_clean_tohost(dev_net(dev), saddr); 949 } 950 951out: 952 neigh_release(neigh); 953 } 954} 955 956static void ndisc_recv_rs(struct sk_buff *skb) 957{ 958 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb); 959 unsigned long ndoptlen = skb->len - sizeof(*rs_msg); 960 struct neighbour *neigh; 961 struct inet6_dev *idev; 962 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 963 struct ndisc_options ndopts; 964 u8 *lladdr = NULL; 965 966 if (skb->len < sizeof(*rs_msg)) 967 return; 968 969 idev = __in6_dev_get(skb->dev); 970 if (!idev) { 971 ND_PRINTK(1, err, "RS: can't find in6 device\n"); 972 return; 973 } 974 975 /* Don't accept RS if we're not in router mode */ 976 if (!idev->cnf.forwarding) 977 goto out; 978 979 /* 980 * Don't update NCE if src = ::; 981 * this implies that the source node has no ip address assigned yet. 982 */ 983 if (ipv6_addr_any(saddr)) 984 goto out; 985 986 /* Parse ND options */ 987 if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) { 988 ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n"); 989 goto out; 990 } 991 992 if (ndopts.nd_opts_src_lladdr) { 993 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, 994 skb->dev); 995 if (!lladdr) 996 goto out; 997 } 998 999 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1); 1000 if (neigh) { 1001 neigh_update(neigh, lladdr, NUD_STALE, 1002 NEIGH_UPDATE_F_WEAK_OVERRIDE| 1003 NEIGH_UPDATE_F_OVERRIDE| 1004 NEIGH_UPDATE_F_OVERRIDE_ISROUTER); 1005 neigh_release(neigh); 1006 } 1007out: 1008 return; 1009} 1010 1011static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt) 1012{ 1013 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra); 1014 struct sk_buff *skb; 1015 struct nlmsghdr *nlh; 1016 struct nduseroptmsg *ndmsg; 1017 struct net *net = dev_net(ra->dev); 1018 int err; 1019 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg) 1020 + (opt->nd_opt_len << 3)); 1021 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr)); 1022 1023 skb = nlmsg_new(msg_size, GFP_ATOMIC); 1024 if (skb == NULL) { 1025 err = -ENOBUFS; 1026 goto errout; 1027 } 1028 1029 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0); 1030 if (nlh == NULL) { 1031 goto nla_put_failure; 1032 } 1033 1034 ndmsg = nlmsg_data(nlh); 1035 ndmsg->nduseropt_family = AF_INET6; 1036 ndmsg->nduseropt_ifindex = ra->dev->ifindex; 1037 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type; 1038 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code; 1039 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3; 1040 1041 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3); 1042 1043 if (nla_put(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr), 1044 &ipv6_hdr(ra)->saddr)) 1045 goto nla_put_failure; 1046 nlmsg_end(skb, nlh); 1047 1048 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC); 1049 return; 1050 1051nla_put_failure: 1052 nlmsg_free(skb); 1053 err = -EMSGSIZE; 1054errout: 1055 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err); 1056} 1057 1058static void ndisc_router_discovery(struct sk_buff *skb) 1059{ 1060 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb); 1061 struct neighbour *neigh = NULL; 1062 struct inet6_dev *in6_dev; 1063 struct rt6_info *rt = NULL; 1064 int lifetime; 1065 struct ndisc_options ndopts; 1066 int optlen; 1067 unsigned int pref = 0; 1068 1069 __u8 *opt = (__u8 *)(ra_msg + 1); 1070 1071 optlen = (skb_tail_pointer(skb) - skb_transport_header(skb)) - 1072 sizeof(struct ra_msg); 1073 1074 ND_PRINTK(2, info, 1075 "RA: %s, dev: %s\n", 1076 __func__, skb->dev->name); 1077 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) { 1078 ND_PRINTK(2, warn, "RA: source address is not link-local\n"); 1079 return; 1080 } 1081 if (optlen < 0) { 1082 ND_PRINTK(2, warn, "RA: packet too short\n"); 1083 return; 1084 } 1085 1086#ifdef CONFIG_IPV6_NDISC_NODETYPE 1087 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) { 1088 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n"); 1089 return; 1090 } 1091#endif 1092 1093 /* 1094 * set the RA_RECV flag in the interface 1095 */ 1096 1097 in6_dev = __in6_dev_get(skb->dev); 1098 if (in6_dev == NULL) { 1099 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n", 1100 skb->dev->name); 1101 return; 1102 } 1103 1104 if (!ndisc_parse_options(opt, optlen, &ndopts)) { 1105 ND_PRINTK(2, warn, "RA: invalid ND options\n"); 1106 return; 1107 } 1108 1109 if (!ipv6_accept_ra(in6_dev)) { 1110 ND_PRINTK(2, info, 1111 "RA: %s, did not accept ra for dev: %s\n", 1112 __func__, skb->dev->name); 1113 goto skip_linkparms; 1114 } 1115 1116#ifdef CONFIG_IPV6_NDISC_NODETYPE 1117 /* skip link-specific parameters from interior routers */ 1118 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) { 1119 ND_PRINTK(2, info, 1120 "RA: %s, nodetype is NODEFAULT, dev: %s\n", 1121 __func__, skb->dev->name); 1122 goto skip_linkparms; 1123 } 1124#endif 1125 1126 if (in6_dev->if_flags & IF_RS_SENT) { 1127 /* 1128 * flag that an RA was received after an RS was sent 1129 * out on this interface. 1130 */ 1131 in6_dev->if_flags |= IF_RA_RCVD; 1132 } 1133 1134 /* 1135 * Remember the managed/otherconf flags from most recently 1136 * received RA message (RFC 2462) -- yoshfuji 1137 */ 1138 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED | 1139 IF_RA_OTHERCONF)) | 1140 (ra_msg->icmph.icmp6_addrconf_managed ? 1141 IF_RA_MANAGED : 0) | 1142 (ra_msg->icmph.icmp6_addrconf_other ? 1143 IF_RA_OTHERCONF : 0); 1144 1145 if (!in6_dev->cnf.accept_ra_defrtr) { 1146 ND_PRINTK(2, info, 1147 "RA: %s, defrtr is false for dev: %s\n", 1148 __func__, skb->dev->name); 1149 goto skip_defrtr; 1150 } 1151 1152 /* Do not accept RA with source-addr found on local machine unless 1153 * accept_ra_from_local is set to true. 1154 */ 1155 if (!in6_dev->cnf.accept_ra_from_local && 1156 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, 1157 NULL, 0)) { 1158 ND_PRINTK(2, info, 1159 "RA from local address detected on dev: %s: default router ignored\n", 1160 skb->dev->name); 1161 goto skip_defrtr; 1162 } 1163 1164 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime); 1165 1166#ifdef CONFIG_IPV6_ROUTER_PREF 1167 pref = ra_msg->icmph.icmp6_router_pref; 1168 /* 10b is handled as if it were 00b (medium) */ 1169 if (pref == ICMPV6_ROUTER_PREF_INVALID || 1170 !in6_dev->cnf.accept_ra_rtr_pref) 1171 pref = ICMPV6_ROUTER_PREF_MEDIUM; 1172#endif 1173 1174 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev); 1175 1176 if (rt) { 1177 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr); 1178 if (!neigh) { 1179 ND_PRINTK(0, err, 1180 "RA: %s got default router without neighbour\n", 1181 __func__); 1182 ip6_rt_put(rt); 1183 return; 1184 } 1185 } 1186 if (rt && lifetime == 0) { 1187 ip6_del_rt(rt); 1188 rt = NULL; 1189 } 1190 1191 ND_PRINTK(3, info, "RA: rt: %p lifetime: %d, for dev: %s\n", 1192 rt, lifetime, skb->dev->name); 1193 if (rt == NULL && lifetime) { 1194 ND_PRINTK(3, info, "RA: adding default router\n"); 1195 1196 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref); 1197 if (rt == NULL) { 1198 ND_PRINTK(0, err, 1199 "RA: %s failed to add default route\n", 1200 __func__); 1201 return; 1202 } 1203 1204 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr); 1205 if (neigh == NULL) { 1206 ND_PRINTK(0, err, 1207 "RA: %s got default router without neighbour\n", 1208 __func__); 1209 ip6_rt_put(rt); 1210 return; 1211 } 1212 neigh->flags |= NTF_ROUTER; 1213 } else if (rt) { 1214 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref); 1215 } 1216 1217 if (rt) 1218 rt6_set_expires(rt, jiffies + (HZ * lifetime)); 1219 if (ra_msg->icmph.icmp6_hop_limit) { 1220 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit; 1221 if (rt) 1222 dst_metric_set(&rt->dst, RTAX_HOPLIMIT, 1223 ra_msg->icmph.icmp6_hop_limit); 1224 } 1225 1226skip_defrtr: 1227 1228 /* 1229 * Update Reachable Time and Retrans Timer 1230 */ 1231 1232 if (in6_dev->nd_parms) { 1233 unsigned long rtime = ntohl(ra_msg->retrans_timer); 1234 1235 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) { 1236 rtime = (rtime*HZ)/1000; 1237 if (rtime < HZ/10) 1238 rtime = HZ/10; 1239 NEIGH_VAR_SET(in6_dev->nd_parms, RETRANS_TIME, rtime); 1240 in6_dev->tstamp = jiffies; 1241 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev); 1242 } 1243 1244 rtime = ntohl(ra_msg->reachable_time); 1245 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) { 1246 rtime = (rtime*HZ)/1000; 1247 1248 if (rtime < HZ/10) 1249 rtime = HZ/10; 1250 1251 if (rtime != NEIGH_VAR(in6_dev->nd_parms, BASE_REACHABLE_TIME)) { 1252 NEIGH_VAR_SET(in6_dev->nd_parms, 1253 BASE_REACHABLE_TIME, rtime); 1254 NEIGH_VAR_SET(in6_dev->nd_parms, 1255 GC_STALETIME, 3 * rtime); 1256 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime); 1257 in6_dev->tstamp = jiffies; 1258 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev); 1259 } 1260 } 1261 } 1262 1263skip_linkparms: 1264 1265 /* 1266 * Process options. 1267 */ 1268 1269 if (!neigh) 1270 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr, 1271 skb->dev, 1); 1272 if (neigh) { 1273 u8 *lladdr = NULL; 1274 if (ndopts.nd_opts_src_lladdr) { 1275 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, 1276 skb->dev); 1277 if (!lladdr) { 1278 ND_PRINTK(2, warn, 1279 "RA: invalid link-layer address length\n"); 1280 goto out; 1281 } 1282 } 1283 neigh_update(neigh, lladdr, NUD_STALE, 1284 NEIGH_UPDATE_F_WEAK_OVERRIDE| 1285 NEIGH_UPDATE_F_OVERRIDE| 1286 NEIGH_UPDATE_F_OVERRIDE_ISROUTER| 1287 NEIGH_UPDATE_F_ISROUTER); 1288 } 1289 1290 if (!ipv6_accept_ra(in6_dev)) { 1291 ND_PRINTK(2, info, 1292 "RA: %s, accept_ra is false for dev: %s\n", 1293 __func__, skb->dev->name); 1294 goto out; 1295 } 1296 1297#ifdef CONFIG_IPV6_ROUTE_INFO 1298 if (!in6_dev->cnf.accept_ra_from_local && 1299 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, 1300 NULL, 0)) { 1301 ND_PRINTK(2, info, 1302 "RA from local address detected on dev: %s: router info ignored.\n", 1303 skb->dev->name); 1304 goto skip_routeinfo; 1305 } 1306 1307 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) { 1308 struct nd_opt_hdr *p; 1309 for (p = ndopts.nd_opts_ri; 1310 p; 1311 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) { 1312 struct route_info *ri = (struct route_info *)p; 1313#ifdef CONFIG_IPV6_NDISC_NODETYPE 1314 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT && 1315 ri->prefix_len == 0) 1316 continue; 1317#endif 1318 if (ri->prefix_len == 0 && 1319 !in6_dev->cnf.accept_ra_defrtr) 1320 continue; 1321 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen) 1322 continue; 1323 rt6_route_rcv(skb->dev, (u8 *)p, (p->nd_opt_len) << 3, 1324 &ipv6_hdr(skb)->saddr); 1325 } 1326 } 1327 1328skip_routeinfo: 1329#endif 1330 1331#ifdef CONFIG_IPV6_NDISC_NODETYPE 1332 /* skip link-specific ndopts from interior routers */ 1333 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) { 1334 ND_PRINTK(2, info, 1335 "RA: %s, nodetype is NODEFAULT (interior routes), dev: %s\n", 1336 __func__, skb->dev->name); 1337 goto out; 1338 } 1339#endif 1340 1341 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) { 1342 struct nd_opt_hdr *p; 1343 for (p = ndopts.nd_opts_pi; 1344 p; 1345 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) { 1346 addrconf_prefix_rcv(skb->dev, (u8 *)p, 1347 (p->nd_opt_len) << 3, 1348 ndopts.nd_opts_src_lladdr != NULL); 1349 } 1350 } 1351 1352 if (ndopts.nd_opts_mtu) { 1353 __be32 n; 1354 u32 mtu; 1355 1356 memcpy(&n, ((u8 *)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu)); 1357 mtu = ntohl(n); 1358 1359 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) { 1360 ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu); 1361 } else if (in6_dev->cnf.mtu6 != mtu) { 1362 in6_dev->cnf.mtu6 = mtu; 1363 1364 if (rt) 1365 dst_metric_set(&rt->dst, RTAX_MTU, mtu); 1366 1367 rt6_mtu_change(skb->dev, mtu); 1368 } 1369 } 1370 1371 if (ndopts.nd_useropts) { 1372 struct nd_opt_hdr *p; 1373 for (p = ndopts.nd_useropts; 1374 p; 1375 p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) { 1376 ndisc_ra_useropt(skb, p); 1377 } 1378 } 1379 1380 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) { 1381 ND_PRINTK(2, warn, "RA: invalid RA options\n"); 1382 } 1383out: 1384 ip6_rt_put(rt); 1385 if (neigh) 1386 neigh_release(neigh); 1387} 1388 1389static void ndisc_redirect_rcv(struct sk_buff *skb) 1390{ 1391 u8 *hdr; 1392 struct ndisc_options ndopts; 1393 struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb); 1394 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) + 1395 offsetof(struct rd_msg, opt)); 1396 1397#ifdef CONFIG_IPV6_NDISC_NODETYPE 1398 switch (skb->ndisc_nodetype) { 1399 case NDISC_NODETYPE_HOST: 1400 case NDISC_NODETYPE_NODEFAULT: 1401 ND_PRINTK(2, warn, 1402 "Redirect: from host or unauthorized router\n"); 1403 return; 1404 } 1405#endif 1406 1407 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) { 1408 ND_PRINTK(2, warn, 1409 "Redirect: source address is not link-local\n"); 1410 return; 1411 } 1412 1413 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) 1414 return; 1415 1416 if (!ndopts.nd_opts_rh) { 1417 ip6_redirect_no_header(skb, dev_net(skb->dev), 1418 skb->dev->ifindex, 0); 1419 return; 1420 } 1421 1422 hdr = (u8 *)ndopts.nd_opts_rh; 1423 hdr += 8; 1424 if (!pskb_pull(skb, hdr - skb_transport_header(skb))) 1425 return; 1426 1427 icmpv6_notify(skb, NDISC_REDIRECT, 0, 0); 1428} 1429 1430static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb, 1431 struct sk_buff *orig_skb, 1432 int rd_len) 1433{ 1434 u8 *opt = skb_put(skb, rd_len); 1435 1436 memset(opt, 0, 8); 1437 *(opt++) = ND_OPT_REDIRECT_HDR; 1438 *(opt++) = (rd_len >> 3); 1439 opt += 6; 1440 1441 memcpy(opt, ipv6_hdr(orig_skb), rd_len - 8); 1442} 1443 1444void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target) 1445{ 1446 struct net_device *dev = skb->dev; 1447 struct net *net = dev_net(dev); 1448 struct sock *sk = net->ipv6.ndisc_sk; 1449 int optlen = 0; 1450 struct inet_peer *peer; 1451 struct sk_buff *buff; 1452 struct rd_msg *msg; 1453 struct in6_addr saddr_buf; 1454 struct rt6_info *rt; 1455 struct dst_entry *dst; 1456 struct flowi6 fl6; 1457 int rd_len; 1458 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL; 1459 bool ret; 1460 1461 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) { 1462 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n", 1463 dev->name); 1464 return; 1465 } 1466 1467 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) && 1468 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) { 1469 ND_PRINTK(2, warn, 1470 "Redirect: target address is not link-local unicast\n"); 1471 return; 1472 } 1473 1474 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT, 1475 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex); 1476 1477 dst = ip6_route_output(net, NULL, &fl6); 1478 if (dst->error) { 1479 dst_release(dst); 1480 return; 1481 } 1482 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0); 1483 if (IS_ERR(dst)) 1484 return; 1485 1486 rt = (struct rt6_info *) dst; 1487 1488 if (rt->rt6i_flags & RTF_GATEWAY) { 1489 ND_PRINTK(2, warn, 1490 "Redirect: destination is not a neighbour\n"); 1491 goto release; 1492 } 1493 peer = inet_getpeer_v6(net->ipv6.peers, &rt->rt6i_dst.addr, 1); 1494 ret = inet_peer_xrlim_allow(peer, 1*HZ); 1495 if (peer) 1496 inet_putpeer(peer); 1497 if (!ret) 1498 goto release; 1499 1500 if (dev->addr_len) { 1501 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target); 1502 if (!neigh) { 1503 ND_PRINTK(2, warn, 1504 "Redirect: no neigh for target address\n"); 1505 goto release; 1506 } 1507 1508 read_lock_bh(&neigh->lock); 1509 if (neigh->nud_state & NUD_VALID) { 1510 memcpy(ha_buf, neigh->ha, dev->addr_len); 1511 read_unlock_bh(&neigh->lock); 1512 ha = ha_buf; 1513 optlen += ndisc_opt_addr_space(dev); 1514 } else 1515 read_unlock_bh(&neigh->lock); 1516 1517 neigh_release(neigh); 1518 } 1519 1520 rd_len = min_t(unsigned int, 1521 IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen, 1522 skb->len + 8); 1523 rd_len &= ~0x7; 1524 optlen += rd_len; 1525 1526 buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen); 1527 if (!buff) 1528 goto release; 1529 1530 msg = (struct rd_msg *)skb_put(buff, sizeof(*msg)); 1531 *msg = (struct rd_msg) { 1532 .icmph = { 1533 .icmp6_type = NDISC_REDIRECT, 1534 }, 1535 .target = *target, 1536 .dest = ipv6_hdr(skb)->daddr, 1537 }; 1538 1539 /* 1540 * include target_address option 1541 */ 1542 1543 if (ha) 1544 ndisc_fill_addr_option(buff, ND_OPT_TARGET_LL_ADDR, ha); 1545 1546 /* 1547 * build redirect option and copy skb over to the new packet. 1548 */ 1549 1550 if (rd_len) 1551 ndisc_fill_redirect_hdr_option(buff, skb, rd_len); 1552 1553 skb_dst_set(buff, dst); 1554 ndisc_send_skb(buff, &ipv6_hdr(skb)->saddr, &saddr_buf); 1555 return; 1556 1557release: 1558 dst_release(dst); 1559} 1560 1561static void pndisc_redo(struct sk_buff *skb) 1562{ 1563 ndisc_recv_ns(skb); 1564 kfree_skb(skb); 1565} 1566 1567static bool ndisc_suppress_frag_ndisc(struct sk_buff *skb) 1568{ 1569 struct inet6_dev *idev = __in6_dev_get(skb->dev); 1570 1571 if (!idev) 1572 return true; 1573 if (IP6CB(skb)->flags & IP6SKB_FRAGMENTED && 1574 idev->cnf.suppress_frag_ndisc) { 1575 net_warn_ratelimited("Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.\n"); 1576 return true; 1577 } 1578 return false; 1579} 1580 1581int ndisc_rcv(struct sk_buff *skb) 1582{ 1583 struct nd_msg *msg; 1584 1585 if (ndisc_suppress_frag_ndisc(skb)) 1586 return 0; 1587 1588 if (skb_linearize(skb)) 1589 return 0; 1590 1591 msg = (struct nd_msg *)skb_transport_header(skb); 1592 1593 __skb_push(skb, skb->data - skb_transport_header(skb)); 1594 1595 if (ipv6_hdr(skb)->hop_limit != 255) { 1596 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n", 1597 ipv6_hdr(skb)->hop_limit); 1598 return 0; 1599 } 1600 1601 if (msg->icmph.icmp6_code != 0) { 1602 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n", 1603 msg->icmph.icmp6_code); 1604 return 0; 1605 } 1606 1607 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb)); 1608 1609 switch (msg->icmph.icmp6_type) { 1610 case NDISC_NEIGHBOUR_SOLICITATION: 1611 ndisc_recv_ns(skb); 1612 break; 1613 1614 case NDISC_NEIGHBOUR_ADVERTISEMENT: 1615 ndisc_recv_na(skb); 1616 break; 1617 1618 case NDISC_ROUTER_SOLICITATION: 1619 ndisc_recv_rs(skb); 1620 break; 1621 1622 case NDISC_ROUTER_ADVERTISEMENT: 1623 ndisc_router_discovery(skb); 1624 break; 1625 1626 case NDISC_REDIRECT: 1627 ndisc_redirect_rcv(skb); 1628 break; 1629 } 1630 1631 return 0; 1632} 1633 1634static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr) 1635{ 1636 struct net_device *dev = netdev_notifier_info_to_dev(ptr); 1637 struct net *net = dev_net(dev); 1638 struct inet6_dev *idev; 1639 1640 switch (event) { 1641 case NETDEV_CHANGEADDR: 1642 neigh_changeaddr(&nd_tbl, dev); 1643 fib6_run_gc(0, net, false); 1644 idev = in6_dev_get(dev); 1645 if (!idev) 1646 break; 1647 if (idev->cnf.ndisc_notify) 1648 ndisc_send_unsol_na(dev); 1649 in6_dev_put(idev); 1650 break; 1651 case NETDEV_DOWN: 1652 neigh_ifdown(&nd_tbl, dev); 1653 fib6_run_gc(0, net, false); 1654 break; 1655 case NETDEV_NOTIFY_PEERS: 1656 ndisc_send_unsol_na(dev); 1657 break; 1658 default: 1659 break; 1660 } 1661 1662 return NOTIFY_DONE; 1663} 1664 1665static struct notifier_block ndisc_netdev_notifier = { 1666 .notifier_call = ndisc_netdev_event, 1667}; 1668 1669#ifdef CONFIG_SYSCTL 1670static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl, 1671 const char *func, const char *dev_name) 1672{ 1673 static char warncomm[TASK_COMM_LEN]; 1674 static int warned; 1675 if (strcmp(warncomm, current->comm) && warned < 5) { 1676 strcpy(warncomm, current->comm); 1677 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n", 1678 warncomm, func, 1679 dev_name, ctl->procname, 1680 dev_name, ctl->procname); 1681 warned++; 1682 } 1683} 1684 1685int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos) 1686{ 1687 struct net_device *dev = ctl->extra1; 1688 struct inet6_dev *idev; 1689 int ret; 1690 1691 if ((strcmp(ctl->procname, "retrans_time") == 0) || 1692 (strcmp(ctl->procname, "base_reachable_time") == 0)) 1693 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default"); 1694 1695 if (strcmp(ctl->procname, "retrans_time") == 0) 1696 ret = neigh_proc_dointvec(ctl, write, buffer, lenp, ppos); 1697 1698 else if (strcmp(ctl->procname, "base_reachable_time") == 0) 1699 ret = neigh_proc_dointvec_jiffies(ctl, write, 1700 buffer, lenp, ppos); 1701 1702 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) || 1703 (strcmp(ctl->procname, "base_reachable_time_ms") == 0)) 1704 ret = neigh_proc_dointvec_ms_jiffies(ctl, write, 1705 buffer, lenp, ppos); 1706 else 1707 ret = -1; 1708 1709 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) { 1710 if (ctl->data == &NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME)) 1711 idev->nd_parms->reachable_time = 1712 neigh_rand_reach_time(NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME)); 1713 idev->tstamp = jiffies; 1714 inet6_ifinfo_notify(RTM_NEWLINK, idev); 1715 in6_dev_put(idev); 1716 } 1717 return ret; 1718} 1719 1720 1721#endif 1722 1723static int __net_init ndisc_net_init(struct net *net) 1724{ 1725 struct ipv6_pinfo *np; 1726 struct sock *sk; 1727 int err; 1728 1729 err = inet_ctl_sock_create(&sk, PF_INET6, 1730 SOCK_RAW, IPPROTO_ICMPV6, net); 1731 if (err < 0) { 1732 ND_PRINTK(0, err, 1733 "NDISC: Failed to initialize the control socket (err %d)\n", 1734 err); 1735 return err; 1736 } 1737 1738 net->ipv6.ndisc_sk = sk; 1739 1740 np = inet6_sk(sk); 1741 np->hop_limit = 255; 1742 /* Do not loopback ndisc messages */ 1743 np->mc_loop = 0; 1744 1745 return 0; 1746} 1747 1748static void __net_exit ndisc_net_exit(struct net *net) 1749{ 1750 inet_ctl_sock_destroy(net->ipv6.ndisc_sk); 1751} 1752 1753static struct pernet_operations ndisc_net_ops = { 1754 .init = ndisc_net_init, 1755 .exit = ndisc_net_exit, 1756}; 1757 1758int __init ndisc_init(void) 1759{ 1760 int err; 1761 1762 err = register_pernet_subsys(&ndisc_net_ops); 1763 if (err) 1764 return err; 1765 /* 1766 * Initialize the neighbour table 1767 */ 1768 neigh_table_init(&nd_tbl); 1769 1770#ifdef CONFIG_SYSCTL 1771 err = neigh_sysctl_register(NULL, &nd_tbl.parms, 1772 ndisc_ifinfo_sysctl_change); 1773 if (err) 1774 goto out_unregister_pernet; 1775out: 1776#endif 1777 return err; 1778 1779#ifdef CONFIG_SYSCTL 1780out_unregister_pernet: 1781 unregister_pernet_subsys(&ndisc_net_ops); 1782 goto out; 1783#endif 1784} 1785 1786int __init ndisc_late_init(void) 1787{ 1788 return register_netdevice_notifier(&ndisc_netdev_notifier); 1789} 1790 1791void ndisc_late_cleanup(void) 1792{ 1793 unregister_netdevice_notifier(&ndisc_netdev_notifier); 1794} 1795 1796void ndisc_cleanup(void) 1797{ 1798#ifdef CONFIG_SYSCTL 1799 neigh_sysctl_unregister(&nd_tbl.parms); 1800#endif 1801 neigh_table_clear(&nd_tbl); 1802 unregister_pernet_subsys(&ndisc_net_ops); 1803} 1804