ndisc.c revision a02cec2155fbea457eca8881870fd2de1a4c4c76
1/* 2 * Neighbour Discovery for IPv6 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * Mike Shaver <shaver@ingenia.com> 8 * 9 * This program is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU General Public License 11 * as published by the Free Software Foundation; either version 12 * 2 of the License, or (at your option) any later version. 13 */ 14 15/* 16 * Changes: 17 * 18 * Pierre Ynard : export userland ND options 19 * through netlink (RDNSS support) 20 * Lars Fenneberg : fixed MTU setting on receipt 21 * of an RA. 22 * Janos Farkas : kmalloc failure checks 23 * Alexey Kuznetsov : state machine reworked 24 * and moved to net/core. 25 * Pekka Savola : RFC2461 validation 26 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly 27 */ 28 29/* Set to 3 to get tracing... */ 30#define ND_DEBUG 1 31 32#define ND_PRINTK(fmt, args...) do { if (net_ratelimit()) { printk(fmt, ## args); } } while(0) 33#define ND_NOPRINTK(x...) do { ; } while(0) 34#define ND_PRINTK0 ND_PRINTK 35#define ND_PRINTK1 ND_NOPRINTK 36#define ND_PRINTK2 ND_NOPRINTK 37#define ND_PRINTK3 ND_NOPRINTK 38#if ND_DEBUG >= 1 39#undef ND_PRINTK1 40#define ND_PRINTK1 ND_PRINTK 41#endif 42#if ND_DEBUG >= 2 43#undef ND_PRINTK2 44#define ND_PRINTK2 ND_PRINTK 45#endif 46#if ND_DEBUG >= 3 47#undef ND_PRINTK3 48#define ND_PRINTK3 ND_PRINTK 49#endif 50 51#include <linux/module.h> 52#include <linux/errno.h> 53#include <linux/types.h> 54#include <linux/socket.h> 55#include <linux/sockios.h> 56#include <linux/sched.h> 57#include <linux/net.h> 58#include <linux/in6.h> 59#include <linux/route.h> 60#include <linux/init.h> 61#include <linux/rcupdate.h> 62#include <linux/slab.h> 63#ifdef CONFIG_SYSCTL 64#include <linux/sysctl.h> 65#endif 66 67#include <linux/if_addr.h> 68#include <linux/if_arp.h> 69#include <linux/ipv6.h> 70#include <linux/icmpv6.h> 71#include <linux/jhash.h> 72 73#include <net/sock.h> 74#include <net/snmp.h> 75 76#include <net/ipv6.h> 77#include <net/protocol.h> 78#include <net/ndisc.h> 79#include <net/ip6_route.h> 80#include <net/addrconf.h> 81#include <net/icmp.h> 82 83#include <net/netlink.h> 84#include <linux/rtnetlink.h> 85 86#include <net/flow.h> 87#include <net/ip6_checksum.h> 88#include <net/inet_common.h> 89#include <linux/proc_fs.h> 90 91#include <linux/netfilter.h> 92#include <linux/netfilter_ipv6.h> 93 94static u32 ndisc_hash(const void *pkey, const struct net_device *dev); 95static int ndisc_constructor(struct neighbour *neigh); 96static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb); 97static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb); 98static int pndisc_constructor(struct pneigh_entry *n); 99static void pndisc_destructor(struct pneigh_entry *n); 100static void pndisc_redo(struct sk_buff *skb); 101 102static const struct neigh_ops ndisc_generic_ops = { 103 .family = AF_INET6, 104 .solicit = ndisc_solicit, 105 .error_report = ndisc_error_report, 106 .output = neigh_resolve_output, 107 .connected_output = neigh_connected_output, 108 .hh_output = dev_queue_xmit, 109 .queue_xmit = dev_queue_xmit, 110}; 111 112static const struct neigh_ops ndisc_hh_ops = { 113 .family = AF_INET6, 114 .solicit = ndisc_solicit, 115 .error_report = ndisc_error_report, 116 .output = neigh_resolve_output, 117 .connected_output = neigh_resolve_output, 118 .hh_output = dev_queue_xmit, 119 .queue_xmit = dev_queue_xmit, 120}; 121 122 123static const struct neigh_ops ndisc_direct_ops = { 124 .family = AF_INET6, 125 .output = dev_queue_xmit, 126 .connected_output = dev_queue_xmit, 127 .hh_output = dev_queue_xmit, 128 .queue_xmit = dev_queue_xmit, 129}; 130 131struct neigh_table nd_tbl = { 132 .family = AF_INET6, 133 .entry_size = sizeof(struct neighbour) + sizeof(struct in6_addr), 134 .key_len = sizeof(struct in6_addr), 135 .hash = ndisc_hash, 136 .constructor = ndisc_constructor, 137 .pconstructor = pndisc_constructor, 138 .pdestructor = pndisc_destructor, 139 .proxy_redo = pndisc_redo, 140 .id = "ndisc_cache", 141 .parms = { 142 .tbl = &nd_tbl, 143 .base_reachable_time = 30 * HZ, 144 .retrans_time = 1 * HZ, 145 .gc_staletime = 60 * HZ, 146 .reachable_time = 30 * HZ, 147 .delay_probe_time = 5 * HZ, 148 .queue_len = 3, 149 .ucast_probes = 3, 150 .mcast_probes = 3, 151 .anycast_delay = 1 * HZ, 152 .proxy_delay = (8 * HZ) / 10, 153 .proxy_qlen = 64, 154 }, 155 .gc_interval = 30 * HZ, 156 .gc_thresh1 = 128, 157 .gc_thresh2 = 512, 158 .gc_thresh3 = 1024, 159}; 160 161/* ND options */ 162struct ndisc_options { 163 struct nd_opt_hdr *nd_opt_array[__ND_OPT_ARRAY_MAX]; 164#ifdef CONFIG_IPV6_ROUTE_INFO 165 struct nd_opt_hdr *nd_opts_ri; 166 struct nd_opt_hdr *nd_opts_ri_end; 167#endif 168 struct nd_opt_hdr *nd_useropts; 169 struct nd_opt_hdr *nd_useropts_end; 170}; 171 172#define nd_opts_src_lladdr nd_opt_array[ND_OPT_SOURCE_LL_ADDR] 173#define nd_opts_tgt_lladdr nd_opt_array[ND_OPT_TARGET_LL_ADDR] 174#define nd_opts_pi nd_opt_array[ND_OPT_PREFIX_INFO] 175#define nd_opts_pi_end nd_opt_array[__ND_OPT_PREFIX_INFO_END] 176#define nd_opts_rh nd_opt_array[ND_OPT_REDIRECT_HDR] 177#define nd_opts_mtu nd_opt_array[ND_OPT_MTU] 178 179#define NDISC_OPT_SPACE(len) (((len)+2+7)&~7) 180 181/* 182 * Return the padding between the option length and the start of the 183 * link addr. Currently only IP-over-InfiniBand needs this, although 184 * if RFC 3831 IPv6-over-Fibre Channel is ever implemented it may 185 * also need a pad of 2. 186 */ 187static int ndisc_addr_option_pad(unsigned short type) 188{ 189 switch (type) { 190 case ARPHRD_INFINIBAND: return 2; 191 default: return 0; 192 } 193} 194 195static inline int ndisc_opt_addr_space(struct net_device *dev) 196{ 197 return NDISC_OPT_SPACE(dev->addr_len + ndisc_addr_option_pad(dev->type)); 198} 199 200static u8 *ndisc_fill_addr_option(u8 *opt, int type, void *data, int data_len, 201 unsigned short addr_type) 202{ 203 int space = NDISC_OPT_SPACE(data_len); 204 int pad = ndisc_addr_option_pad(addr_type); 205 206 opt[0] = type; 207 opt[1] = space>>3; 208 209 memset(opt + 2, 0, pad); 210 opt += pad; 211 space -= pad; 212 213 memcpy(opt+2, data, data_len); 214 data_len += 2; 215 opt += data_len; 216 if ((space -= data_len) > 0) 217 memset(opt, 0, space); 218 return opt + space; 219} 220 221static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur, 222 struct nd_opt_hdr *end) 223{ 224 int type; 225 if (!cur || !end || cur >= end) 226 return NULL; 227 type = cur->nd_opt_type; 228 do { 229 cur = ((void *)cur) + (cur->nd_opt_len << 3); 230 } while(cur < end && cur->nd_opt_type != type); 231 return cur <= end && cur->nd_opt_type == type ? cur : NULL; 232} 233 234static inline int ndisc_is_useropt(struct nd_opt_hdr *opt) 235{ 236 return opt->nd_opt_type == ND_OPT_RDNSS; 237} 238 239static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur, 240 struct nd_opt_hdr *end) 241{ 242 if (!cur || !end || cur >= end) 243 return NULL; 244 do { 245 cur = ((void *)cur) + (cur->nd_opt_len << 3); 246 } while(cur < end && !ndisc_is_useropt(cur)); 247 return cur <= end && ndisc_is_useropt(cur) ? cur : NULL; 248} 249 250static struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len, 251 struct ndisc_options *ndopts) 252{ 253 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt; 254 255 if (!nd_opt || opt_len < 0 || !ndopts) 256 return NULL; 257 memset(ndopts, 0, sizeof(*ndopts)); 258 while (opt_len) { 259 int l; 260 if (opt_len < sizeof(struct nd_opt_hdr)) 261 return NULL; 262 l = nd_opt->nd_opt_len << 3; 263 if (opt_len < l || l == 0) 264 return NULL; 265 switch (nd_opt->nd_opt_type) { 266 case ND_OPT_SOURCE_LL_ADDR: 267 case ND_OPT_TARGET_LL_ADDR: 268 case ND_OPT_MTU: 269 case ND_OPT_REDIRECT_HDR: 270 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) { 271 ND_PRINTK2(KERN_WARNING 272 "%s(): duplicated ND6 option found: type=%d\n", 273 __func__, 274 nd_opt->nd_opt_type); 275 } else { 276 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 277 } 278 break; 279 case ND_OPT_PREFIX_INFO: 280 ndopts->nd_opts_pi_end = nd_opt; 281 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type]) 282 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 283 break; 284#ifdef CONFIG_IPV6_ROUTE_INFO 285 case ND_OPT_ROUTE_INFO: 286 ndopts->nd_opts_ri_end = nd_opt; 287 if (!ndopts->nd_opts_ri) 288 ndopts->nd_opts_ri = nd_opt; 289 break; 290#endif 291 default: 292 if (ndisc_is_useropt(nd_opt)) { 293 ndopts->nd_useropts_end = nd_opt; 294 if (!ndopts->nd_useropts) 295 ndopts->nd_useropts = nd_opt; 296 } else { 297 /* 298 * Unknown options must be silently ignored, 299 * to accommodate future extension to the 300 * protocol. 301 */ 302 ND_PRINTK2(KERN_NOTICE 303 "%s(): ignored unsupported option; type=%d, len=%d\n", 304 __func__, 305 nd_opt->nd_opt_type, nd_opt->nd_opt_len); 306 } 307 } 308 opt_len -= l; 309 nd_opt = ((void *)nd_opt) + l; 310 } 311 return ndopts; 312} 313 314static inline u8 *ndisc_opt_addr_data(struct nd_opt_hdr *p, 315 struct net_device *dev) 316{ 317 u8 *lladdr = (u8 *)(p + 1); 318 int lladdrlen = p->nd_opt_len << 3; 319 int prepad = ndisc_addr_option_pad(dev->type); 320 if (lladdrlen != NDISC_OPT_SPACE(dev->addr_len + prepad)) 321 return NULL; 322 return lladdr + prepad; 323} 324 325int ndisc_mc_map(struct in6_addr *addr, char *buf, struct net_device *dev, int dir) 326{ 327 switch (dev->type) { 328 case ARPHRD_ETHER: 329 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */ 330 case ARPHRD_FDDI: 331 ipv6_eth_mc_map(addr, buf); 332 return 0; 333 case ARPHRD_IEEE802_TR: 334 ipv6_tr_mc_map(addr,buf); 335 return 0; 336 case ARPHRD_ARCNET: 337 ipv6_arcnet_mc_map(addr, buf); 338 return 0; 339 case ARPHRD_INFINIBAND: 340 ipv6_ib_mc_map(addr, dev->broadcast, buf); 341 return 0; 342 default: 343 if (dir) { 344 memcpy(buf, dev->broadcast, dev->addr_len); 345 return 0; 346 } 347 } 348 return -EINVAL; 349} 350 351EXPORT_SYMBOL(ndisc_mc_map); 352 353static u32 ndisc_hash(const void *pkey, const struct net_device *dev) 354{ 355 const u32 *p32 = pkey; 356 u32 addr_hash, i; 357 358 addr_hash = 0; 359 for (i = 0; i < (sizeof(struct in6_addr) / sizeof(u32)); i++) 360 addr_hash ^= *p32++; 361 362 return jhash_2words(addr_hash, dev->ifindex, nd_tbl.hash_rnd); 363} 364 365static int ndisc_constructor(struct neighbour *neigh) 366{ 367 struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key; 368 struct net_device *dev = neigh->dev; 369 struct inet6_dev *in6_dev; 370 struct neigh_parms *parms; 371 int is_multicast = ipv6_addr_is_multicast(addr); 372 373 rcu_read_lock(); 374 in6_dev = in6_dev_get(dev); 375 if (in6_dev == NULL) { 376 rcu_read_unlock(); 377 return -EINVAL; 378 } 379 380 parms = in6_dev->nd_parms; 381 __neigh_parms_put(neigh->parms); 382 neigh->parms = neigh_parms_clone(parms); 383 rcu_read_unlock(); 384 385 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST; 386 if (!dev->header_ops) { 387 neigh->nud_state = NUD_NOARP; 388 neigh->ops = &ndisc_direct_ops; 389 neigh->output = neigh->ops->queue_xmit; 390 } else { 391 if (is_multicast) { 392 neigh->nud_state = NUD_NOARP; 393 ndisc_mc_map(addr, neigh->ha, dev, 1); 394 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) { 395 neigh->nud_state = NUD_NOARP; 396 memcpy(neigh->ha, dev->dev_addr, dev->addr_len); 397 if (dev->flags&IFF_LOOPBACK) 398 neigh->type = RTN_LOCAL; 399 } else if (dev->flags&IFF_POINTOPOINT) { 400 neigh->nud_state = NUD_NOARP; 401 memcpy(neigh->ha, dev->broadcast, dev->addr_len); 402 } 403 if (dev->header_ops->cache) 404 neigh->ops = &ndisc_hh_ops; 405 else 406 neigh->ops = &ndisc_generic_ops; 407 if (neigh->nud_state&NUD_VALID) 408 neigh->output = neigh->ops->connected_output; 409 else 410 neigh->output = neigh->ops->output; 411 } 412 in6_dev_put(in6_dev); 413 return 0; 414} 415 416static int pndisc_constructor(struct pneigh_entry *n) 417{ 418 struct in6_addr *addr = (struct in6_addr*)&n->key; 419 struct in6_addr maddr; 420 struct net_device *dev = n->dev; 421 422 if (dev == NULL || __in6_dev_get(dev) == NULL) 423 return -EINVAL; 424 addrconf_addr_solict_mult(addr, &maddr); 425 ipv6_dev_mc_inc(dev, &maddr); 426 return 0; 427} 428 429static void pndisc_destructor(struct pneigh_entry *n) 430{ 431 struct in6_addr *addr = (struct in6_addr*)&n->key; 432 struct in6_addr maddr; 433 struct net_device *dev = n->dev; 434 435 if (dev == NULL || __in6_dev_get(dev) == NULL) 436 return; 437 addrconf_addr_solict_mult(addr, &maddr); 438 ipv6_dev_mc_dec(dev, &maddr); 439} 440 441struct sk_buff *ndisc_build_skb(struct net_device *dev, 442 const struct in6_addr *daddr, 443 const struct in6_addr *saddr, 444 struct icmp6hdr *icmp6h, 445 const struct in6_addr *target, 446 int llinfo) 447{ 448 struct net *net = dev_net(dev); 449 struct sock *sk = net->ipv6.ndisc_sk; 450 struct sk_buff *skb; 451 struct icmp6hdr *hdr; 452 int len; 453 int err; 454 u8 *opt; 455 456 if (!dev->addr_len) 457 llinfo = 0; 458 459 len = sizeof(struct icmp6hdr) + (target ? sizeof(*target) : 0); 460 if (llinfo) 461 len += ndisc_opt_addr_space(dev); 462 463 skb = sock_alloc_send_skb(sk, 464 (MAX_HEADER + sizeof(struct ipv6hdr) + 465 len + LL_ALLOCATED_SPACE(dev)), 466 1, &err); 467 if (!skb) { 468 ND_PRINTK0(KERN_ERR 469 "ICMPv6 ND: %s() failed to allocate an skb, err=%d.\n", 470 __func__, err); 471 return NULL; 472 } 473 474 skb_reserve(skb, LL_RESERVED_SPACE(dev)); 475 ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len); 476 477 skb->transport_header = skb->tail; 478 skb_put(skb, len); 479 480 hdr = (struct icmp6hdr *)skb_transport_header(skb); 481 memcpy(hdr, icmp6h, sizeof(*hdr)); 482 483 opt = skb_transport_header(skb) + sizeof(struct icmp6hdr); 484 if (target) { 485 ipv6_addr_copy((struct in6_addr *)opt, target); 486 opt += sizeof(*target); 487 } 488 489 if (llinfo) 490 ndisc_fill_addr_option(opt, llinfo, dev->dev_addr, 491 dev->addr_len, dev->type); 492 493 hdr->icmp6_cksum = csum_ipv6_magic(saddr, daddr, len, 494 IPPROTO_ICMPV6, 495 csum_partial(hdr, 496 len, 0)); 497 498 return skb; 499} 500 501EXPORT_SYMBOL(ndisc_build_skb); 502 503void ndisc_send_skb(struct sk_buff *skb, 504 struct net_device *dev, 505 struct neighbour *neigh, 506 const struct in6_addr *daddr, 507 const struct in6_addr *saddr, 508 struct icmp6hdr *icmp6h) 509{ 510 struct flowi fl; 511 struct dst_entry *dst; 512 struct net *net = dev_net(dev); 513 struct sock *sk = net->ipv6.ndisc_sk; 514 struct inet6_dev *idev; 515 int err; 516 u8 type; 517 518 type = icmp6h->icmp6_type; 519 520 icmpv6_flow_init(sk, &fl, type, saddr, daddr, dev->ifindex); 521 522 dst = icmp6_dst_alloc(dev, neigh, daddr); 523 if (!dst) { 524 kfree_skb(skb); 525 return; 526 } 527 528 err = xfrm_lookup(net, &dst, &fl, NULL, 0); 529 if (err < 0) { 530 kfree_skb(skb); 531 return; 532 } 533 534 skb_dst_set(skb, dst); 535 536 idev = in6_dev_get(dst->dev); 537 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len); 538 539 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev, 540 dst_output); 541 if (!err) { 542 ICMP6MSGOUT_INC_STATS(net, idev, type); 543 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS); 544 } 545 546 if (likely(idev != NULL)) 547 in6_dev_put(idev); 548} 549 550EXPORT_SYMBOL(ndisc_send_skb); 551 552/* 553 * Send a Neighbour Discover packet 554 */ 555static void __ndisc_send(struct net_device *dev, 556 struct neighbour *neigh, 557 const struct in6_addr *daddr, 558 const struct in6_addr *saddr, 559 struct icmp6hdr *icmp6h, const struct in6_addr *target, 560 int llinfo) 561{ 562 struct sk_buff *skb; 563 564 skb = ndisc_build_skb(dev, daddr, saddr, icmp6h, target, llinfo); 565 if (!skb) 566 return; 567 568 ndisc_send_skb(skb, dev, neigh, daddr, saddr, icmp6h); 569} 570 571static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh, 572 const struct in6_addr *daddr, 573 const struct in6_addr *solicited_addr, 574 int router, int solicited, int override, int inc_opt) 575{ 576 struct in6_addr tmpaddr; 577 struct inet6_ifaddr *ifp; 578 const struct in6_addr *src_addr; 579 struct icmp6hdr icmp6h = { 580 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT, 581 }; 582 583 /* for anycast or proxy, solicited_addr != src_addr */ 584 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1); 585 if (ifp) { 586 src_addr = solicited_addr; 587 if (ifp->flags & IFA_F_OPTIMISTIC) 588 override = 0; 589 inc_opt |= ifp->idev->cnf.force_tllao; 590 in6_ifa_put(ifp); 591 } else { 592 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr, 593 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs, 594 &tmpaddr)) 595 return; 596 src_addr = &tmpaddr; 597 } 598 599 icmp6h.icmp6_router = router; 600 icmp6h.icmp6_solicited = solicited; 601 icmp6h.icmp6_override = override; 602 603 __ndisc_send(dev, neigh, daddr, src_addr, 604 &icmp6h, solicited_addr, 605 inc_opt ? ND_OPT_TARGET_LL_ADDR : 0); 606} 607 608void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh, 609 const struct in6_addr *solicit, 610 const struct in6_addr *daddr, const struct in6_addr *saddr) 611{ 612 struct in6_addr addr_buf; 613 struct icmp6hdr icmp6h = { 614 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION, 615 }; 616 617 if (saddr == NULL) { 618 if (ipv6_get_lladdr(dev, &addr_buf, 619 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))) 620 return; 621 saddr = &addr_buf; 622 } 623 624 __ndisc_send(dev, neigh, daddr, saddr, 625 &icmp6h, solicit, 626 !ipv6_addr_any(saddr) ? ND_OPT_SOURCE_LL_ADDR : 0); 627} 628 629void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr, 630 const struct in6_addr *daddr) 631{ 632 struct icmp6hdr icmp6h = { 633 .icmp6_type = NDISC_ROUTER_SOLICITATION, 634 }; 635 int send_sllao = dev->addr_len; 636 637#ifdef CONFIG_IPV6_OPTIMISTIC_DAD 638 /* 639 * According to section 2.2 of RFC 4429, we must not 640 * send router solicitations with a sllao from 641 * optimistic addresses, but we may send the solicitation 642 * if we don't include the sllao. So here we check 643 * if our address is optimistic, and if so, we 644 * suppress the inclusion of the sllao. 645 */ 646 if (send_sllao) { 647 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr, 648 dev, 1); 649 if (ifp) { 650 if (ifp->flags & IFA_F_OPTIMISTIC) { 651 send_sllao = 0; 652 } 653 in6_ifa_put(ifp); 654 } else { 655 send_sllao = 0; 656 } 657 } 658#endif 659 __ndisc_send(dev, NULL, daddr, saddr, 660 &icmp6h, NULL, 661 send_sllao ? ND_OPT_SOURCE_LL_ADDR : 0); 662} 663 664 665static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb) 666{ 667 /* 668 * "The sender MUST return an ICMP 669 * destination unreachable" 670 */ 671 dst_link_failure(skb); 672 kfree_skb(skb); 673} 674 675/* Called with locked neigh: either read or both */ 676 677static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb) 678{ 679 struct in6_addr *saddr = NULL; 680 struct in6_addr mcaddr; 681 struct net_device *dev = neigh->dev; 682 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key; 683 int probes = atomic_read(&neigh->probes); 684 685 if (skb && ipv6_chk_addr(dev_net(dev), &ipv6_hdr(skb)->saddr, dev, 1)) 686 saddr = &ipv6_hdr(skb)->saddr; 687 688 if ((probes -= neigh->parms->ucast_probes) < 0) { 689 if (!(neigh->nud_state & NUD_VALID)) { 690 ND_PRINTK1(KERN_DEBUG "%s(): trying to ucast probe in NUD_INVALID: %pI6\n", 691 __func__, target); 692 } 693 ndisc_send_ns(dev, neigh, target, target, saddr); 694 } else if ((probes -= neigh->parms->app_probes) < 0) { 695#ifdef CONFIG_ARPD 696 neigh_app_ns(neigh); 697#endif 698 } else { 699 addrconf_addr_solict_mult(target, &mcaddr); 700 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr); 701 } 702} 703 704static int pndisc_is_router(const void *pkey, 705 struct net_device *dev) 706{ 707 struct pneigh_entry *n; 708 int ret = -1; 709 710 read_lock_bh(&nd_tbl.lock); 711 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev); 712 if (n) 713 ret = !!(n->flags & NTF_ROUTER); 714 read_unlock_bh(&nd_tbl.lock); 715 716 return ret; 717} 718 719static void ndisc_recv_ns(struct sk_buff *skb) 720{ 721 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb); 722 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 723 struct in6_addr *daddr = &ipv6_hdr(skb)->daddr; 724 u8 *lladdr = NULL; 725 u32 ndoptlen = skb->tail - (skb->transport_header + 726 offsetof(struct nd_msg, opt)); 727 struct ndisc_options ndopts; 728 struct net_device *dev = skb->dev; 729 struct inet6_ifaddr *ifp; 730 struct inet6_dev *idev = NULL; 731 struct neighbour *neigh; 732 int dad = ipv6_addr_any(saddr); 733 int inc; 734 int is_router = -1; 735 736 if (ipv6_addr_is_multicast(&msg->target)) { 737 ND_PRINTK2(KERN_WARNING 738 "ICMPv6 NS: multicast target address"); 739 return; 740 } 741 742 /* 743 * RFC2461 7.1.1: 744 * DAD has to be destined for solicited node multicast address. 745 */ 746 if (dad && 747 !(daddr->s6_addr32[0] == htonl(0xff020000) && 748 daddr->s6_addr32[1] == htonl(0x00000000) && 749 daddr->s6_addr32[2] == htonl(0x00000001) && 750 daddr->s6_addr [12] == 0xff )) { 751 ND_PRINTK2(KERN_WARNING 752 "ICMPv6 NS: bad DAD packet (wrong destination)\n"); 753 return; 754 } 755 756 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) { 757 ND_PRINTK2(KERN_WARNING 758 "ICMPv6 NS: invalid ND options\n"); 759 return; 760 } 761 762 if (ndopts.nd_opts_src_lladdr) { 763 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev); 764 if (!lladdr) { 765 ND_PRINTK2(KERN_WARNING 766 "ICMPv6 NS: invalid link-layer address length\n"); 767 return; 768 } 769 770 /* RFC2461 7.1.1: 771 * If the IP source address is the unspecified address, 772 * there MUST NOT be source link-layer address option 773 * in the message. 774 */ 775 if (dad) { 776 ND_PRINTK2(KERN_WARNING 777 "ICMPv6 NS: bad DAD packet (link-layer address option)\n"); 778 return; 779 } 780 } 781 782 inc = ipv6_addr_is_multicast(daddr); 783 784 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1); 785 if (ifp) { 786 787 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) { 788 if (dad) { 789 if (dev->type == ARPHRD_IEEE802_TR) { 790 const unsigned char *sadr; 791 sadr = skb_mac_header(skb); 792 if (((sadr[8] ^ dev->dev_addr[0]) & 0x7f) == 0 && 793 sadr[9] == dev->dev_addr[1] && 794 sadr[10] == dev->dev_addr[2] && 795 sadr[11] == dev->dev_addr[3] && 796 sadr[12] == dev->dev_addr[4] && 797 sadr[13] == dev->dev_addr[5]) { 798 /* looped-back to us */ 799 goto out; 800 } 801 } 802 803 /* 804 * We are colliding with another node 805 * who is doing DAD 806 * so fail our DAD process 807 */ 808 addrconf_dad_failure(ifp); 809 return; 810 } else { 811 /* 812 * This is not a dad solicitation. 813 * If we are an optimistic node, 814 * we should respond. 815 * Otherwise, we should ignore it. 816 */ 817 if (!(ifp->flags & IFA_F_OPTIMISTIC)) 818 goto out; 819 } 820 } 821 822 idev = ifp->idev; 823 } else { 824 struct net *net = dev_net(dev); 825 826 idev = in6_dev_get(dev); 827 if (!idev) { 828 /* XXX: count this drop? */ 829 return; 830 } 831 832 if (ipv6_chk_acast_addr(net, dev, &msg->target) || 833 (idev->cnf.forwarding && 834 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) && 835 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) { 836 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) && 837 skb->pkt_type != PACKET_HOST && 838 inc != 0 && 839 idev->nd_parms->proxy_delay != 0) { 840 /* 841 * for anycast or proxy, 842 * sender should delay its response 843 * by a random time between 0 and 844 * MAX_ANYCAST_DELAY_TIME seconds. 845 * (RFC2461) -- yoshfuji 846 */ 847 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC); 848 if (n) 849 pneigh_enqueue(&nd_tbl, idev->nd_parms, n); 850 goto out; 851 } 852 } else 853 goto out; 854 } 855 856 if (is_router < 0) 857 is_router = !!idev->cnf.forwarding; 858 859 if (dad) { 860 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &msg->target, 861 is_router, 0, (ifp != NULL), 1); 862 goto out; 863 } 864 865 if (inc) 866 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast); 867 else 868 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast); 869 870 /* 871 * update / create cache entry 872 * for the source address 873 */ 874 neigh = __neigh_lookup(&nd_tbl, saddr, dev, 875 !inc || lladdr || !dev->addr_len); 876 if (neigh) 877 neigh_update(neigh, lladdr, NUD_STALE, 878 NEIGH_UPDATE_F_WEAK_OVERRIDE| 879 NEIGH_UPDATE_F_OVERRIDE); 880 if (neigh || !dev->header_ops) { 881 ndisc_send_na(dev, neigh, saddr, &msg->target, 882 is_router, 883 1, (ifp != NULL && inc), inc); 884 if (neigh) 885 neigh_release(neigh); 886 } 887 888out: 889 if (ifp) 890 in6_ifa_put(ifp); 891 else 892 in6_dev_put(idev); 893} 894 895static void ndisc_recv_na(struct sk_buff *skb) 896{ 897 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb); 898 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 899 struct in6_addr *daddr = &ipv6_hdr(skb)->daddr; 900 u8 *lladdr = NULL; 901 u32 ndoptlen = skb->tail - (skb->transport_header + 902 offsetof(struct nd_msg, opt)); 903 struct ndisc_options ndopts; 904 struct net_device *dev = skb->dev; 905 struct inet6_ifaddr *ifp; 906 struct neighbour *neigh; 907 908 if (skb->len < sizeof(struct nd_msg)) { 909 ND_PRINTK2(KERN_WARNING 910 "ICMPv6 NA: packet too short\n"); 911 return; 912 } 913 914 if (ipv6_addr_is_multicast(&msg->target)) { 915 ND_PRINTK2(KERN_WARNING 916 "ICMPv6 NA: target address is multicast.\n"); 917 return; 918 } 919 920 if (ipv6_addr_is_multicast(daddr) && 921 msg->icmph.icmp6_solicited) { 922 ND_PRINTK2(KERN_WARNING 923 "ICMPv6 NA: solicited NA is multicasted.\n"); 924 return; 925 } 926 927 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) { 928 ND_PRINTK2(KERN_WARNING 929 "ICMPv6 NS: invalid ND option\n"); 930 return; 931 } 932 if (ndopts.nd_opts_tgt_lladdr) { 933 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev); 934 if (!lladdr) { 935 ND_PRINTK2(KERN_WARNING 936 "ICMPv6 NA: invalid link-layer address length\n"); 937 return; 938 } 939 } 940 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1); 941 if (ifp) { 942 if (ifp->flags & IFA_F_TENTATIVE) { 943 addrconf_dad_failure(ifp); 944 return; 945 } 946 /* What should we make now? The advertisement 947 is invalid, but ndisc specs say nothing 948 about it. It could be misconfiguration, or 949 an smart proxy agent tries to help us :-) 950 951 We should not print the error if NA has been 952 received from loopback - it is just our own 953 unsolicited advertisement. 954 */ 955 if (skb->pkt_type != PACKET_LOOPBACK) 956 ND_PRINTK1(KERN_WARNING 957 "ICMPv6 NA: someone advertises our address %pI6 on %s!\n", 958 &ifp->addr, ifp->idev->dev->name); 959 in6_ifa_put(ifp); 960 return; 961 } 962 neigh = neigh_lookup(&nd_tbl, &msg->target, dev); 963 964 if (neigh) { 965 u8 old_flags = neigh->flags; 966 struct net *net = dev_net(dev); 967 968 if (neigh->nud_state & NUD_FAILED) 969 goto out; 970 971 /* 972 * Don't update the neighbor cache entry on a proxy NA from 973 * ourselves because either the proxied node is off link or it 974 * has already sent a NA to us. 975 */ 976 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) && 977 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp && 978 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) { 979 /* XXX: idev->cnf.prixy_ndp */ 980 goto out; 981 } 982 983 neigh_update(neigh, lladdr, 984 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE, 985 NEIGH_UPDATE_F_WEAK_OVERRIDE| 986 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)| 987 NEIGH_UPDATE_F_OVERRIDE_ISROUTER| 988 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0)); 989 990 if ((old_flags & ~neigh->flags) & NTF_ROUTER) { 991 /* 992 * Change: router to host 993 */ 994 struct rt6_info *rt; 995 rt = rt6_get_dflt_router(saddr, dev); 996 if (rt) 997 ip6_del_rt(rt); 998 } 999 1000out: 1001 neigh_release(neigh); 1002 } 1003} 1004 1005static void ndisc_recv_rs(struct sk_buff *skb) 1006{ 1007 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb); 1008 unsigned long ndoptlen = skb->len - sizeof(*rs_msg); 1009 struct neighbour *neigh; 1010 struct inet6_dev *idev; 1011 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 1012 struct ndisc_options ndopts; 1013 u8 *lladdr = NULL; 1014 1015 if (skb->len < sizeof(*rs_msg)) 1016 return; 1017 1018 idev = in6_dev_get(skb->dev); 1019 if (!idev) { 1020 if (net_ratelimit()) 1021 ND_PRINTK1("ICMP6 RS: can't find in6 device\n"); 1022 return; 1023 } 1024 1025 /* Don't accept RS if we're not in router mode */ 1026 if (!idev->cnf.forwarding) 1027 goto out; 1028 1029 /* 1030 * Don't update NCE if src = ::; 1031 * this implies that the source node has no ip address assigned yet. 1032 */ 1033 if (ipv6_addr_any(saddr)) 1034 goto out; 1035 1036 /* Parse ND options */ 1037 if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) { 1038 if (net_ratelimit()) 1039 ND_PRINTK2("ICMP6 NS: invalid ND option, ignored\n"); 1040 goto out; 1041 } 1042 1043 if (ndopts.nd_opts_src_lladdr) { 1044 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, 1045 skb->dev); 1046 if (!lladdr) 1047 goto out; 1048 } 1049 1050 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1); 1051 if (neigh) { 1052 neigh_update(neigh, lladdr, NUD_STALE, 1053 NEIGH_UPDATE_F_WEAK_OVERRIDE| 1054 NEIGH_UPDATE_F_OVERRIDE| 1055 NEIGH_UPDATE_F_OVERRIDE_ISROUTER); 1056 neigh_release(neigh); 1057 } 1058out: 1059 in6_dev_put(idev); 1060} 1061 1062static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt) 1063{ 1064 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra); 1065 struct sk_buff *skb; 1066 struct nlmsghdr *nlh; 1067 struct nduseroptmsg *ndmsg; 1068 struct net *net = dev_net(ra->dev); 1069 int err; 1070 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg) 1071 + (opt->nd_opt_len << 3)); 1072 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr)); 1073 1074 skb = nlmsg_new(msg_size, GFP_ATOMIC); 1075 if (skb == NULL) { 1076 err = -ENOBUFS; 1077 goto errout; 1078 } 1079 1080 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0); 1081 if (nlh == NULL) { 1082 goto nla_put_failure; 1083 } 1084 1085 ndmsg = nlmsg_data(nlh); 1086 ndmsg->nduseropt_family = AF_INET6; 1087 ndmsg->nduseropt_ifindex = ra->dev->ifindex; 1088 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type; 1089 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code; 1090 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3; 1091 1092 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3); 1093 1094 NLA_PUT(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr), 1095 &ipv6_hdr(ra)->saddr); 1096 nlmsg_end(skb, nlh); 1097 1098 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC); 1099 return; 1100 1101nla_put_failure: 1102 nlmsg_free(skb); 1103 err = -EMSGSIZE; 1104errout: 1105 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err); 1106} 1107 1108static inline int accept_ra(struct inet6_dev *in6_dev) 1109{ 1110 /* 1111 * If forwarding is enabled, RA are not accepted unless the special 1112 * hybrid mode (accept_ra=2) is enabled. 1113 */ 1114 if (in6_dev->cnf.forwarding && in6_dev->cnf.accept_ra < 2) 1115 return 0; 1116 1117 return in6_dev->cnf.accept_ra; 1118} 1119 1120static void ndisc_router_discovery(struct sk_buff *skb) 1121{ 1122 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb); 1123 struct neighbour *neigh = NULL; 1124 struct inet6_dev *in6_dev; 1125 struct rt6_info *rt = NULL; 1126 int lifetime; 1127 struct ndisc_options ndopts; 1128 int optlen; 1129 unsigned int pref = 0; 1130 1131 __u8 * opt = (__u8 *)(ra_msg + 1); 1132 1133 optlen = (skb->tail - skb->transport_header) - sizeof(struct ra_msg); 1134 1135 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) { 1136 ND_PRINTK2(KERN_WARNING 1137 "ICMPv6 RA: source address is not link-local.\n"); 1138 return; 1139 } 1140 if (optlen < 0) { 1141 ND_PRINTK2(KERN_WARNING 1142 "ICMPv6 RA: packet too short\n"); 1143 return; 1144 } 1145 1146#ifdef CONFIG_IPV6_NDISC_NODETYPE 1147 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) { 1148 ND_PRINTK2(KERN_WARNING 1149 "ICMPv6 RA: from host or unauthorized router\n"); 1150 return; 1151 } 1152#endif 1153 1154 /* 1155 * set the RA_RECV flag in the interface 1156 */ 1157 1158 in6_dev = in6_dev_get(skb->dev); 1159 if (in6_dev == NULL) { 1160 ND_PRINTK0(KERN_ERR 1161 "ICMPv6 RA: can't find inet6 device for %s.\n", 1162 skb->dev->name); 1163 return; 1164 } 1165 1166 if (!ndisc_parse_options(opt, optlen, &ndopts)) { 1167 in6_dev_put(in6_dev); 1168 ND_PRINTK2(KERN_WARNING 1169 "ICMP6 RA: invalid ND options\n"); 1170 return; 1171 } 1172 1173 if (!accept_ra(in6_dev)) 1174 goto skip_linkparms; 1175 1176#ifdef CONFIG_IPV6_NDISC_NODETYPE 1177 /* skip link-specific parameters from interior routers */ 1178 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) 1179 goto skip_linkparms; 1180#endif 1181 1182 if (in6_dev->if_flags & IF_RS_SENT) { 1183 /* 1184 * flag that an RA was received after an RS was sent 1185 * out on this interface. 1186 */ 1187 in6_dev->if_flags |= IF_RA_RCVD; 1188 } 1189 1190 /* 1191 * Remember the managed/otherconf flags from most recently 1192 * received RA message (RFC 2462) -- yoshfuji 1193 */ 1194 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED | 1195 IF_RA_OTHERCONF)) | 1196 (ra_msg->icmph.icmp6_addrconf_managed ? 1197 IF_RA_MANAGED : 0) | 1198 (ra_msg->icmph.icmp6_addrconf_other ? 1199 IF_RA_OTHERCONF : 0); 1200 1201 if (!in6_dev->cnf.accept_ra_defrtr) 1202 goto skip_defrtr; 1203 1204 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime); 1205 1206#ifdef CONFIG_IPV6_ROUTER_PREF 1207 pref = ra_msg->icmph.icmp6_router_pref; 1208 /* 10b is handled as if it were 00b (medium) */ 1209 if (pref == ICMPV6_ROUTER_PREF_INVALID || 1210 !in6_dev->cnf.accept_ra_rtr_pref) 1211 pref = ICMPV6_ROUTER_PREF_MEDIUM; 1212#endif 1213 1214 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev); 1215 1216 if (rt) 1217 neigh = rt->rt6i_nexthop; 1218 1219 if (rt && lifetime == 0) { 1220 neigh_clone(neigh); 1221 ip6_del_rt(rt); 1222 rt = NULL; 1223 } 1224 1225 if (rt == NULL && lifetime) { 1226 ND_PRINTK3(KERN_DEBUG 1227 "ICMPv6 RA: adding default router.\n"); 1228 1229 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref); 1230 if (rt == NULL) { 1231 ND_PRINTK0(KERN_ERR 1232 "ICMPv6 RA: %s() failed to add default route.\n", 1233 __func__); 1234 in6_dev_put(in6_dev); 1235 return; 1236 } 1237 1238 neigh = rt->rt6i_nexthop; 1239 if (neigh == NULL) { 1240 ND_PRINTK0(KERN_ERR 1241 "ICMPv6 RA: %s() got default router without neighbour.\n", 1242 __func__); 1243 dst_release(&rt->dst); 1244 in6_dev_put(in6_dev); 1245 return; 1246 } 1247 neigh->flags |= NTF_ROUTER; 1248 } else if (rt) { 1249 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref); 1250 } 1251 1252 if (rt) 1253 rt->rt6i_expires = jiffies + (HZ * lifetime); 1254 1255 if (ra_msg->icmph.icmp6_hop_limit) { 1256 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit; 1257 if (rt) 1258 rt->dst.metrics[RTAX_HOPLIMIT-1] = ra_msg->icmph.icmp6_hop_limit; 1259 } 1260 1261skip_defrtr: 1262 1263 /* 1264 * Update Reachable Time and Retrans Timer 1265 */ 1266 1267 if (in6_dev->nd_parms) { 1268 unsigned long rtime = ntohl(ra_msg->retrans_timer); 1269 1270 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) { 1271 rtime = (rtime*HZ)/1000; 1272 if (rtime < HZ/10) 1273 rtime = HZ/10; 1274 in6_dev->nd_parms->retrans_time = rtime; 1275 in6_dev->tstamp = jiffies; 1276 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev); 1277 } 1278 1279 rtime = ntohl(ra_msg->reachable_time); 1280 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) { 1281 rtime = (rtime*HZ)/1000; 1282 1283 if (rtime < HZ/10) 1284 rtime = HZ/10; 1285 1286 if (rtime != in6_dev->nd_parms->base_reachable_time) { 1287 in6_dev->nd_parms->base_reachable_time = rtime; 1288 in6_dev->nd_parms->gc_staletime = 3 * rtime; 1289 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime); 1290 in6_dev->tstamp = jiffies; 1291 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev); 1292 } 1293 } 1294 } 1295 1296skip_linkparms: 1297 1298 /* 1299 * Process options. 1300 */ 1301 1302 if (!neigh) 1303 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr, 1304 skb->dev, 1); 1305 if (neigh) { 1306 u8 *lladdr = NULL; 1307 if (ndopts.nd_opts_src_lladdr) { 1308 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, 1309 skb->dev); 1310 if (!lladdr) { 1311 ND_PRINTK2(KERN_WARNING 1312 "ICMPv6 RA: invalid link-layer address length\n"); 1313 goto out; 1314 } 1315 } 1316 neigh_update(neigh, lladdr, NUD_STALE, 1317 NEIGH_UPDATE_F_WEAK_OVERRIDE| 1318 NEIGH_UPDATE_F_OVERRIDE| 1319 NEIGH_UPDATE_F_OVERRIDE_ISROUTER| 1320 NEIGH_UPDATE_F_ISROUTER); 1321 } 1322 1323 if (!accept_ra(in6_dev)) 1324 goto out; 1325 1326#ifdef CONFIG_IPV6_ROUTE_INFO 1327 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) { 1328 struct nd_opt_hdr *p; 1329 for (p = ndopts.nd_opts_ri; 1330 p; 1331 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) { 1332 struct route_info *ri = (struct route_info *)p; 1333#ifdef CONFIG_IPV6_NDISC_NODETYPE 1334 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT && 1335 ri->prefix_len == 0) 1336 continue; 1337#endif 1338 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen) 1339 continue; 1340 rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3, 1341 &ipv6_hdr(skb)->saddr); 1342 } 1343 } 1344#endif 1345 1346#ifdef CONFIG_IPV6_NDISC_NODETYPE 1347 /* skip link-specific ndopts from interior routers */ 1348 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) 1349 goto out; 1350#endif 1351 1352 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) { 1353 struct nd_opt_hdr *p; 1354 for (p = ndopts.nd_opts_pi; 1355 p; 1356 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) { 1357 addrconf_prefix_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3); 1358 } 1359 } 1360 1361 if (ndopts.nd_opts_mtu) { 1362 __be32 n; 1363 u32 mtu; 1364 1365 memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu)); 1366 mtu = ntohl(n); 1367 1368 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) { 1369 ND_PRINTK2(KERN_WARNING 1370 "ICMPv6 RA: invalid mtu: %d\n", 1371 mtu); 1372 } else if (in6_dev->cnf.mtu6 != mtu) { 1373 in6_dev->cnf.mtu6 = mtu; 1374 1375 if (rt) 1376 rt->dst.metrics[RTAX_MTU-1] = mtu; 1377 1378 rt6_mtu_change(skb->dev, mtu); 1379 } 1380 } 1381 1382 if (ndopts.nd_useropts) { 1383 struct nd_opt_hdr *p; 1384 for (p = ndopts.nd_useropts; 1385 p; 1386 p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) { 1387 ndisc_ra_useropt(skb, p); 1388 } 1389 } 1390 1391 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) { 1392 ND_PRINTK2(KERN_WARNING 1393 "ICMPv6 RA: invalid RA options"); 1394 } 1395out: 1396 if (rt) 1397 dst_release(&rt->dst); 1398 else if (neigh) 1399 neigh_release(neigh); 1400 in6_dev_put(in6_dev); 1401} 1402 1403static void ndisc_redirect_rcv(struct sk_buff *skb) 1404{ 1405 struct inet6_dev *in6_dev; 1406 struct icmp6hdr *icmph; 1407 struct in6_addr *dest; 1408 struct in6_addr *target; /* new first hop to destination */ 1409 struct neighbour *neigh; 1410 int on_link = 0; 1411 struct ndisc_options ndopts; 1412 int optlen; 1413 u8 *lladdr = NULL; 1414 1415#ifdef CONFIG_IPV6_NDISC_NODETYPE 1416 switch (skb->ndisc_nodetype) { 1417 case NDISC_NODETYPE_HOST: 1418 case NDISC_NODETYPE_NODEFAULT: 1419 ND_PRINTK2(KERN_WARNING 1420 "ICMPv6 Redirect: from host or unauthorized router\n"); 1421 return; 1422 } 1423#endif 1424 1425 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) { 1426 ND_PRINTK2(KERN_WARNING 1427 "ICMPv6 Redirect: source address is not link-local.\n"); 1428 return; 1429 } 1430 1431 optlen = skb->tail - skb->transport_header; 1432 optlen -= sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr); 1433 1434 if (optlen < 0) { 1435 ND_PRINTK2(KERN_WARNING 1436 "ICMPv6 Redirect: packet too short\n"); 1437 return; 1438 } 1439 1440 icmph = icmp6_hdr(skb); 1441 target = (struct in6_addr *) (icmph + 1); 1442 dest = target + 1; 1443 1444 if (ipv6_addr_is_multicast(dest)) { 1445 ND_PRINTK2(KERN_WARNING 1446 "ICMPv6 Redirect: destination address is multicast.\n"); 1447 return; 1448 } 1449 1450 if (ipv6_addr_equal(dest, target)) { 1451 on_link = 1; 1452 } else if (ipv6_addr_type(target) != 1453 (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) { 1454 ND_PRINTK2(KERN_WARNING 1455 "ICMPv6 Redirect: target address is not link-local unicast.\n"); 1456 return; 1457 } 1458 1459 in6_dev = in6_dev_get(skb->dev); 1460 if (!in6_dev) 1461 return; 1462 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects) { 1463 in6_dev_put(in6_dev); 1464 return; 1465 } 1466 1467 /* RFC2461 8.1: 1468 * The IP source address of the Redirect MUST be the same as the current 1469 * first-hop router for the specified ICMP Destination Address. 1470 */ 1471 1472 if (!ndisc_parse_options((u8*)(dest + 1), optlen, &ndopts)) { 1473 ND_PRINTK2(KERN_WARNING 1474 "ICMPv6 Redirect: invalid ND options\n"); 1475 in6_dev_put(in6_dev); 1476 return; 1477 } 1478 if (ndopts.nd_opts_tgt_lladdr) { 1479 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, 1480 skb->dev); 1481 if (!lladdr) { 1482 ND_PRINTK2(KERN_WARNING 1483 "ICMPv6 Redirect: invalid link-layer address length\n"); 1484 in6_dev_put(in6_dev); 1485 return; 1486 } 1487 } 1488 1489 neigh = __neigh_lookup(&nd_tbl, target, skb->dev, 1); 1490 if (neigh) { 1491 rt6_redirect(dest, &ipv6_hdr(skb)->daddr, 1492 &ipv6_hdr(skb)->saddr, neigh, lladdr, 1493 on_link); 1494 neigh_release(neigh); 1495 } 1496 in6_dev_put(in6_dev); 1497} 1498 1499void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh, 1500 const struct in6_addr *target) 1501{ 1502 struct net_device *dev = skb->dev; 1503 struct net *net = dev_net(dev); 1504 struct sock *sk = net->ipv6.ndisc_sk; 1505 int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr); 1506 struct sk_buff *buff; 1507 struct icmp6hdr *icmph; 1508 struct in6_addr saddr_buf; 1509 struct in6_addr *addrp; 1510 struct rt6_info *rt; 1511 struct dst_entry *dst; 1512 struct inet6_dev *idev; 1513 struct flowi fl; 1514 u8 *opt; 1515 int rd_len; 1516 int err; 1517 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL; 1518 1519 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) { 1520 ND_PRINTK2(KERN_WARNING 1521 "ICMPv6 Redirect: no link-local address on %s\n", 1522 dev->name); 1523 return; 1524 } 1525 1526 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) && 1527 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) { 1528 ND_PRINTK2(KERN_WARNING 1529 "ICMPv6 Redirect: target address is not link-local unicast.\n"); 1530 return; 1531 } 1532 1533 icmpv6_flow_init(sk, &fl, NDISC_REDIRECT, 1534 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex); 1535 1536 dst = ip6_route_output(net, NULL, &fl); 1537 if (dst == NULL) 1538 return; 1539 1540 err = xfrm_lookup(net, &dst, &fl, NULL, 0); 1541 if (err) 1542 return; 1543 1544 rt = (struct rt6_info *) dst; 1545 1546 if (rt->rt6i_flags & RTF_GATEWAY) { 1547 ND_PRINTK2(KERN_WARNING 1548 "ICMPv6 Redirect: destination is not a neighbour.\n"); 1549 goto release; 1550 } 1551 if (!xrlim_allow(dst, 1*HZ)) 1552 goto release; 1553 1554 if (dev->addr_len) { 1555 read_lock_bh(&neigh->lock); 1556 if (neigh->nud_state & NUD_VALID) { 1557 memcpy(ha_buf, neigh->ha, dev->addr_len); 1558 read_unlock_bh(&neigh->lock); 1559 ha = ha_buf; 1560 len += ndisc_opt_addr_space(dev); 1561 } else 1562 read_unlock_bh(&neigh->lock); 1563 } 1564 1565 rd_len = min_t(unsigned int, 1566 IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8); 1567 rd_len &= ~0x7; 1568 len += rd_len; 1569 1570 buff = sock_alloc_send_skb(sk, 1571 (MAX_HEADER + sizeof(struct ipv6hdr) + 1572 len + LL_ALLOCATED_SPACE(dev)), 1573 1, &err); 1574 if (buff == NULL) { 1575 ND_PRINTK0(KERN_ERR 1576 "ICMPv6 Redirect: %s() failed to allocate an skb, err=%d.\n", 1577 __func__, err); 1578 goto release; 1579 } 1580 1581 skb_reserve(buff, LL_RESERVED_SPACE(dev)); 1582 ip6_nd_hdr(sk, buff, dev, &saddr_buf, &ipv6_hdr(skb)->saddr, 1583 IPPROTO_ICMPV6, len); 1584 1585 skb_set_transport_header(buff, skb_tail_pointer(buff) - buff->data); 1586 skb_put(buff, len); 1587 icmph = icmp6_hdr(buff); 1588 1589 memset(icmph, 0, sizeof(struct icmp6hdr)); 1590 icmph->icmp6_type = NDISC_REDIRECT; 1591 1592 /* 1593 * copy target and destination addresses 1594 */ 1595 1596 addrp = (struct in6_addr *)(icmph + 1); 1597 ipv6_addr_copy(addrp, target); 1598 addrp++; 1599 ipv6_addr_copy(addrp, &ipv6_hdr(skb)->daddr); 1600 1601 opt = (u8*) (addrp + 1); 1602 1603 /* 1604 * include target_address option 1605 */ 1606 1607 if (ha) 1608 opt = ndisc_fill_addr_option(opt, ND_OPT_TARGET_LL_ADDR, ha, 1609 dev->addr_len, dev->type); 1610 1611 /* 1612 * build redirect option and copy skb over to the new packet. 1613 */ 1614 1615 memset(opt, 0, 8); 1616 *(opt++) = ND_OPT_REDIRECT_HDR; 1617 *(opt++) = (rd_len >> 3); 1618 opt += 6; 1619 1620 memcpy(opt, ipv6_hdr(skb), rd_len - 8); 1621 1622 icmph->icmp6_cksum = csum_ipv6_magic(&saddr_buf, &ipv6_hdr(skb)->saddr, 1623 len, IPPROTO_ICMPV6, 1624 csum_partial(icmph, len, 0)); 1625 1626 skb_dst_set(buff, dst); 1627 idev = in6_dev_get(dst->dev); 1628 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len); 1629 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, buff, NULL, dst->dev, 1630 dst_output); 1631 if (!err) { 1632 ICMP6MSGOUT_INC_STATS(net, idev, NDISC_REDIRECT); 1633 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS); 1634 } 1635 1636 if (likely(idev != NULL)) 1637 in6_dev_put(idev); 1638 return; 1639 1640release: 1641 dst_release(dst); 1642} 1643 1644static void pndisc_redo(struct sk_buff *skb) 1645{ 1646 ndisc_recv_ns(skb); 1647 kfree_skb(skb); 1648} 1649 1650int ndisc_rcv(struct sk_buff *skb) 1651{ 1652 struct nd_msg *msg; 1653 1654 if (!pskb_may_pull(skb, skb->len)) 1655 return 0; 1656 1657 msg = (struct nd_msg *)skb_transport_header(skb); 1658 1659 __skb_push(skb, skb->data - skb_transport_header(skb)); 1660 1661 if (ipv6_hdr(skb)->hop_limit != 255) { 1662 ND_PRINTK2(KERN_WARNING 1663 "ICMPv6 NDISC: invalid hop-limit: %d\n", 1664 ipv6_hdr(skb)->hop_limit); 1665 return 0; 1666 } 1667 1668 if (msg->icmph.icmp6_code != 0) { 1669 ND_PRINTK2(KERN_WARNING 1670 "ICMPv6 NDISC: invalid ICMPv6 code: %d\n", 1671 msg->icmph.icmp6_code); 1672 return 0; 1673 } 1674 1675 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb)); 1676 1677 switch (msg->icmph.icmp6_type) { 1678 case NDISC_NEIGHBOUR_SOLICITATION: 1679 ndisc_recv_ns(skb); 1680 break; 1681 1682 case NDISC_NEIGHBOUR_ADVERTISEMENT: 1683 ndisc_recv_na(skb); 1684 break; 1685 1686 case NDISC_ROUTER_SOLICITATION: 1687 ndisc_recv_rs(skb); 1688 break; 1689 1690 case NDISC_ROUTER_ADVERTISEMENT: 1691 ndisc_router_discovery(skb); 1692 break; 1693 1694 case NDISC_REDIRECT: 1695 ndisc_redirect_rcv(skb); 1696 break; 1697 } 1698 1699 return 0; 1700} 1701 1702static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr) 1703{ 1704 struct net_device *dev = ptr; 1705 struct net *net = dev_net(dev); 1706 1707 switch (event) { 1708 case NETDEV_CHANGEADDR: 1709 neigh_changeaddr(&nd_tbl, dev); 1710 fib6_run_gc(~0UL, net); 1711 break; 1712 case NETDEV_DOWN: 1713 neigh_ifdown(&nd_tbl, dev); 1714 fib6_run_gc(~0UL, net); 1715 break; 1716 default: 1717 break; 1718 } 1719 1720 return NOTIFY_DONE; 1721} 1722 1723static struct notifier_block ndisc_netdev_notifier = { 1724 .notifier_call = ndisc_netdev_event, 1725}; 1726 1727#ifdef CONFIG_SYSCTL 1728static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl, 1729 const char *func, const char *dev_name) 1730{ 1731 static char warncomm[TASK_COMM_LEN]; 1732 static int warned; 1733 if (strcmp(warncomm, current->comm) && warned < 5) { 1734 strcpy(warncomm, current->comm); 1735 printk(KERN_WARNING 1736 "process `%s' is using deprecated sysctl (%s) " 1737 "net.ipv6.neigh.%s.%s; " 1738 "Use net.ipv6.neigh.%s.%s_ms " 1739 "instead.\n", 1740 warncomm, func, 1741 dev_name, ctl->procname, 1742 dev_name, ctl->procname); 1743 warned++; 1744 } 1745} 1746 1747int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos) 1748{ 1749 struct net_device *dev = ctl->extra1; 1750 struct inet6_dev *idev; 1751 int ret; 1752 1753 if ((strcmp(ctl->procname, "retrans_time") == 0) || 1754 (strcmp(ctl->procname, "base_reachable_time") == 0)) 1755 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default"); 1756 1757 if (strcmp(ctl->procname, "retrans_time") == 0) 1758 ret = proc_dointvec(ctl, write, buffer, lenp, ppos); 1759 1760 else if (strcmp(ctl->procname, "base_reachable_time") == 0) 1761 ret = proc_dointvec_jiffies(ctl, write, 1762 buffer, lenp, ppos); 1763 1764 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) || 1765 (strcmp(ctl->procname, "base_reachable_time_ms") == 0)) 1766 ret = proc_dointvec_ms_jiffies(ctl, write, 1767 buffer, lenp, ppos); 1768 else 1769 ret = -1; 1770 1771 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) { 1772 if (ctl->data == &idev->nd_parms->base_reachable_time) 1773 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time); 1774 idev->tstamp = jiffies; 1775 inet6_ifinfo_notify(RTM_NEWLINK, idev); 1776 in6_dev_put(idev); 1777 } 1778 return ret; 1779} 1780 1781 1782#endif 1783 1784static int __net_init ndisc_net_init(struct net *net) 1785{ 1786 struct ipv6_pinfo *np; 1787 struct sock *sk; 1788 int err; 1789 1790 err = inet_ctl_sock_create(&sk, PF_INET6, 1791 SOCK_RAW, IPPROTO_ICMPV6, net); 1792 if (err < 0) { 1793 ND_PRINTK0(KERN_ERR 1794 "ICMPv6 NDISC: Failed to initialize the control socket (err %d).\n", 1795 err); 1796 return err; 1797 } 1798 1799 net->ipv6.ndisc_sk = sk; 1800 1801 np = inet6_sk(sk); 1802 np->hop_limit = 255; 1803 /* Do not loopback ndisc messages */ 1804 np->mc_loop = 0; 1805 1806 return 0; 1807} 1808 1809static void __net_exit ndisc_net_exit(struct net *net) 1810{ 1811 inet_ctl_sock_destroy(net->ipv6.ndisc_sk); 1812} 1813 1814static struct pernet_operations ndisc_net_ops = { 1815 .init = ndisc_net_init, 1816 .exit = ndisc_net_exit, 1817}; 1818 1819int __init ndisc_init(void) 1820{ 1821 int err; 1822 1823 err = register_pernet_subsys(&ndisc_net_ops); 1824 if (err) 1825 return err; 1826 /* 1827 * Initialize the neighbour table 1828 */ 1829 neigh_table_init(&nd_tbl); 1830 1831#ifdef CONFIG_SYSCTL 1832 err = neigh_sysctl_register(NULL, &nd_tbl.parms, "ipv6", 1833 &ndisc_ifinfo_sysctl_change); 1834 if (err) 1835 goto out_unregister_pernet; 1836#endif 1837 err = register_netdevice_notifier(&ndisc_netdev_notifier); 1838 if (err) 1839 goto out_unregister_sysctl; 1840out: 1841 return err; 1842 1843out_unregister_sysctl: 1844#ifdef CONFIG_SYSCTL 1845 neigh_sysctl_unregister(&nd_tbl.parms); 1846out_unregister_pernet: 1847#endif 1848 unregister_pernet_subsys(&ndisc_net_ops); 1849 goto out; 1850} 1851 1852void ndisc_cleanup(void) 1853{ 1854 unregister_netdevice_notifier(&ndisc_netdev_notifier); 1855#ifdef CONFIG_SYSCTL 1856 neigh_sysctl_unregister(&nd_tbl.parms); 1857#endif 1858 neigh_table_clear(&nd_tbl); 1859 unregister_pernet_subsys(&ndisc_net_ops); 1860} 1861