ndisc.c revision ad246c992bea6d33c6421ba1f03e2b405792adf9
1/* 2 * Neighbour Discovery for IPv6 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * Mike Shaver <shaver@ingenia.com> 8 * 9 * This program is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU General Public License 11 * as published by the Free Software Foundation; either version 12 * 2 of the License, or (at your option) any later version. 13 */ 14 15/* 16 * Changes: 17 * 18 * Pierre Ynard : export userland ND options 19 * through netlink (RDNSS support) 20 * Lars Fenneberg : fixed MTU setting on receipt 21 * of an RA. 22 * Janos Farkas : kmalloc failure checks 23 * Alexey Kuznetsov : state machine reworked 24 * and moved to net/core. 25 * Pekka Savola : RFC2461 validation 26 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly 27 */ 28 29/* Set to 3 to get tracing... */ 30#define ND_DEBUG 1 31 32#define ND_PRINTK(fmt, args...) do { if (net_ratelimit()) { printk(fmt, ## args); } } while(0) 33#define ND_NOPRINTK(x...) do { ; } while(0) 34#define ND_PRINTK0 ND_PRINTK 35#define ND_PRINTK1 ND_NOPRINTK 36#define ND_PRINTK2 ND_NOPRINTK 37#define ND_PRINTK3 ND_NOPRINTK 38#if ND_DEBUG >= 1 39#undef ND_PRINTK1 40#define ND_PRINTK1 ND_PRINTK 41#endif 42#if ND_DEBUG >= 2 43#undef ND_PRINTK2 44#define ND_PRINTK2 ND_PRINTK 45#endif 46#if ND_DEBUG >= 3 47#undef ND_PRINTK3 48#define ND_PRINTK3 ND_PRINTK 49#endif 50 51#include <linux/module.h> 52#include <linux/errno.h> 53#include <linux/types.h> 54#include <linux/socket.h> 55#include <linux/sockios.h> 56#include <linux/sched.h> 57#include <linux/net.h> 58#include <linux/in6.h> 59#include <linux/route.h> 60#include <linux/init.h> 61#include <linux/rcupdate.h> 62#include <linux/slab.h> 63#ifdef CONFIG_SYSCTL 64#include <linux/sysctl.h> 65#endif 66 67#include <linux/if_addr.h> 68#include <linux/if_arp.h> 69#include <linux/ipv6.h> 70#include <linux/icmpv6.h> 71#include <linux/jhash.h> 72 73#include <net/sock.h> 74#include <net/snmp.h> 75 76#include <net/ipv6.h> 77#include <net/protocol.h> 78#include <net/ndisc.h> 79#include <net/ip6_route.h> 80#include <net/addrconf.h> 81#include <net/icmp.h> 82 83#include <net/netlink.h> 84#include <linux/rtnetlink.h> 85 86#include <net/flow.h> 87#include <net/ip6_checksum.h> 88#include <net/inet_common.h> 89#include <linux/proc_fs.h> 90 91#include <linux/netfilter.h> 92#include <linux/netfilter_ipv6.h> 93 94static u32 ndisc_hash(const void *pkey, 95 const struct net_device *dev, 96 __u32 rnd); 97static int ndisc_constructor(struct neighbour *neigh); 98static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb); 99static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb); 100static int pndisc_constructor(struct pneigh_entry *n); 101static void pndisc_destructor(struct pneigh_entry *n); 102static void pndisc_redo(struct sk_buff *skb); 103 104static const struct neigh_ops ndisc_generic_ops = { 105 .family = AF_INET6, 106 .solicit = ndisc_solicit, 107 .error_report = ndisc_error_report, 108 .output = neigh_resolve_output, 109 .connected_output = neigh_connected_output, 110 .hh_output = dev_queue_xmit, 111 .queue_xmit = dev_queue_xmit, 112}; 113 114static const struct neigh_ops ndisc_hh_ops = { 115 .family = AF_INET6, 116 .solicit = ndisc_solicit, 117 .error_report = ndisc_error_report, 118 .output = neigh_resolve_output, 119 .connected_output = neigh_resolve_output, 120 .hh_output = dev_queue_xmit, 121 .queue_xmit = dev_queue_xmit, 122}; 123 124 125static const struct neigh_ops ndisc_direct_ops = { 126 .family = AF_INET6, 127 .output = dev_queue_xmit, 128 .connected_output = dev_queue_xmit, 129 .hh_output = dev_queue_xmit, 130 .queue_xmit = dev_queue_xmit, 131}; 132 133struct neigh_table nd_tbl = { 134 .family = AF_INET6, 135 .entry_size = sizeof(struct neighbour) + sizeof(struct in6_addr), 136 .key_len = sizeof(struct in6_addr), 137 .hash = ndisc_hash, 138 .constructor = ndisc_constructor, 139 .pconstructor = pndisc_constructor, 140 .pdestructor = pndisc_destructor, 141 .proxy_redo = pndisc_redo, 142 .id = "ndisc_cache", 143 .parms = { 144 .tbl = &nd_tbl, 145 .base_reachable_time = ND_REACHABLE_TIME, 146 .retrans_time = ND_RETRANS_TIMER, 147 .gc_staletime = 60 * HZ, 148 .reachable_time = ND_REACHABLE_TIME, 149 .delay_probe_time = 5 * HZ, 150 .queue_len = 3, 151 .ucast_probes = 3, 152 .mcast_probes = 3, 153 .anycast_delay = 1 * HZ, 154 .proxy_delay = (8 * HZ) / 10, 155 .proxy_qlen = 64, 156 }, 157 .gc_interval = 30 * HZ, 158 .gc_thresh1 = 128, 159 .gc_thresh2 = 512, 160 .gc_thresh3 = 1024, 161}; 162 163/* ND options */ 164struct ndisc_options { 165 struct nd_opt_hdr *nd_opt_array[__ND_OPT_ARRAY_MAX]; 166#ifdef CONFIG_IPV6_ROUTE_INFO 167 struct nd_opt_hdr *nd_opts_ri; 168 struct nd_opt_hdr *nd_opts_ri_end; 169#endif 170 struct nd_opt_hdr *nd_useropts; 171 struct nd_opt_hdr *nd_useropts_end; 172}; 173 174#define nd_opts_src_lladdr nd_opt_array[ND_OPT_SOURCE_LL_ADDR] 175#define nd_opts_tgt_lladdr nd_opt_array[ND_OPT_TARGET_LL_ADDR] 176#define nd_opts_pi nd_opt_array[ND_OPT_PREFIX_INFO] 177#define nd_opts_pi_end nd_opt_array[__ND_OPT_PREFIX_INFO_END] 178#define nd_opts_rh nd_opt_array[ND_OPT_REDIRECT_HDR] 179#define nd_opts_mtu nd_opt_array[ND_OPT_MTU] 180 181#define NDISC_OPT_SPACE(len) (((len)+2+7)&~7) 182 183/* 184 * Return the padding between the option length and the start of the 185 * link addr. Currently only IP-over-InfiniBand needs this, although 186 * if RFC 3831 IPv6-over-Fibre Channel is ever implemented it may 187 * also need a pad of 2. 188 */ 189static int ndisc_addr_option_pad(unsigned short type) 190{ 191 switch (type) { 192 case ARPHRD_INFINIBAND: return 2; 193 default: return 0; 194 } 195} 196 197static inline int ndisc_opt_addr_space(struct net_device *dev) 198{ 199 return NDISC_OPT_SPACE(dev->addr_len + ndisc_addr_option_pad(dev->type)); 200} 201 202static u8 *ndisc_fill_addr_option(u8 *opt, int type, void *data, int data_len, 203 unsigned short addr_type) 204{ 205 int space = NDISC_OPT_SPACE(data_len); 206 int pad = ndisc_addr_option_pad(addr_type); 207 208 opt[0] = type; 209 opt[1] = space>>3; 210 211 memset(opt + 2, 0, pad); 212 opt += pad; 213 space -= pad; 214 215 memcpy(opt+2, data, data_len); 216 data_len += 2; 217 opt += data_len; 218 if ((space -= data_len) > 0) 219 memset(opt, 0, space); 220 return opt + space; 221} 222 223static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur, 224 struct nd_opt_hdr *end) 225{ 226 int type; 227 if (!cur || !end || cur >= end) 228 return NULL; 229 type = cur->nd_opt_type; 230 do { 231 cur = ((void *)cur) + (cur->nd_opt_len << 3); 232 } while(cur < end && cur->nd_opt_type != type); 233 return cur <= end && cur->nd_opt_type == type ? cur : NULL; 234} 235 236static inline int ndisc_is_useropt(struct nd_opt_hdr *opt) 237{ 238 return opt->nd_opt_type == ND_OPT_RDNSS; 239} 240 241static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur, 242 struct nd_opt_hdr *end) 243{ 244 if (!cur || !end || cur >= end) 245 return NULL; 246 do { 247 cur = ((void *)cur) + (cur->nd_opt_len << 3); 248 } while(cur < end && !ndisc_is_useropt(cur)); 249 return cur <= end && ndisc_is_useropt(cur) ? cur : NULL; 250} 251 252static struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len, 253 struct ndisc_options *ndopts) 254{ 255 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt; 256 257 if (!nd_opt || opt_len < 0 || !ndopts) 258 return NULL; 259 memset(ndopts, 0, sizeof(*ndopts)); 260 while (opt_len) { 261 int l; 262 if (opt_len < sizeof(struct nd_opt_hdr)) 263 return NULL; 264 l = nd_opt->nd_opt_len << 3; 265 if (opt_len < l || l == 0) 266 return NULL; 267 switch (nd_opt->nd_opt_type) { 268 case ND_OPT_SOURCE_LL_ADDR: 269 case ND_OPT_TARGET_LL_ADDR: 270 case ND_OPT_MTU: 271 case ND_OPT_REDIRECT_HDR: 272 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) { 273 ND_PRINTK2(KERN_WARNING 274 "%s(): duplicated ND6 option found: type=%d\n", 275 __func__, 276 nd_opt->nd_opt_type); 277 } else { 278 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 279 } 280 break; 281 case ND_OPT_PREFIX_INFO: 282 ndopts->nd_opts_pi_end = nd_opt; 283 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type]) 284 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 285 break; 286#ifdef CONFIG_IPV6_ROUTE_INFO 287 case ND_OPT_ROUTE_INFO: 288 ndopts->nd_opts_ri_end = nd_opt; 289 if (!ndopts->nd_opts_ri) 290 ndopts->nd_opts_ri = nd_opt; 291 break; 292#endif 293 default: 294 if (ndisc_is_useropt(nd_opt)) { 295 ndopts->nd_useropts_end = nd_opt; 296 if (!ndopts->nd_useropts) 297 ndopts->nd_useropts = nd_opt; 298 } else { 299 /* 300 * Unknown options must be silently ignored, 301 * to accommodate future extension to the 302 * protocol. 303 */ 304 ND_PRINTK2(KERN_NOTICE 305 "%s(): ignored unsupported option; type=%d, len=%d\n", 306 __func__, 307 nd_opt->nd_opt_type, nd_opt->nd_opt_len); 308 } 309 } 310 opt_len -= l; 311 nd_opt = ((void *)nd_opt) + l; 312 } 313 return ndopts; 314} 315 316static inline u8 *ndisc_opt_addr_data(struct nd_opt_hdr *p, 317 struct net_device *dev) 318{ 319 u8 *lladdr = (u8 *)(p + 1); 320 int lladdrlen = p->nd_opt_len << 3; 321 int prepad = ndisc_addr_option_pad(dev->type); 322 if (lladdrlen != NDISC_OPT_SPACE(dev->addr_len + prepad)) 323 return NULL; 324 return lladdr + prepad; 325} 326 327int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir) 328{ 329 switch (dev->type) { 330 case ARPHRD_ETHER: 331 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */ 332 case ARPHRD_FDDI: 333 ipv6_eth_mc_map(addr, buf); 334 return 0; 335 case ARPHRD_IEEE802_TR: 336 ipv6_tr_mc_map(addr,buf); 337 return 0; 338 case ARPHRD_ARCNET: 339 ipv6_arcnet_mc_map(addr, buf); 340 return 0; 341 case ARPHRD_INFINIBAND: 342 ipv6_ib_mc_map(addr, dev->broadcast, buf); 343 return 0; 344 case ARPHRD_IPGRE: 345 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf); 346 default: 347 if (dir) { 348 memcpy(buf, dev->broadcast, dev->addr_len); 349 return 0; 350 } 351 } 352 return -EINVAL; 353} 354 355EXPORT_SYMBOL(ndisc_mc_map); 356 357static u32 ndisc_hash(const void *pkey, 358 const struct net_device *dev, 359 __u32 hash_rnd) 360{ 361 const u32 *p32 = pkey; 362 u32 addr_hash, i; 363 364 addr_hash = 0; 365 for (i = 0; i < (sizeof(struct in6_addr) / sizeof(u32)); i++) 366 addr_hash ^= *p32++; 367 368 return jhash_2words(addr_hash, dev->ifindex, hash_rnd); 369} 370 371static int ndisc_constructor(struct neighbour *neigh) 372{ 373 struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key; 374 struct net_device *dev = neigh->dev; 375 struct inet6_dev *in6_dev; 376 struct neigh_parms *parms; 377 int is_multicast = ipv6_addr_is_multicast(addr); 378 379 rcu_read_lock(); 380 in6_dev = in6_dev_get(dev); 381 if (in6_dev == NULL) { 382 rcu_read_unlock(); 383 return -EINVAL; 384 } 385 386 parms = in6_dev->nd_parms; 387 __neigh_parms_put(neigh->parms); 388 neigh->parms = neigh_parms_clone(parms); 389 rcu_read_unlock(); 390 391 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST; 392 if (!dev->header_ops) { 393 neigh->nud_state = NUD_NOARP; 394 neigh->ops = &ndisc_direct_ops; 395 neigh->output = neigh->ops->queue_xmit; 396 } else { 397 if (is_multicast) { 398 neigh->nud_state = NUD_NOARP; 399 ndisc_mc_map(addr, neigh->ha, dev, 1); 400 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) { 401 neigh->nud_state = NUD_NOARP; 402 memcpy(neigh->ha, dev->dev_addr, dev->addr_len); 403 if (dev->flags&IFF_LOOPBACK) 404 neigh->type = RTN_LOCAL; 405 } else if (dev->flags&IFF_POINTOPOINT) { 406 neigh->nud_state = NUD_NOARP; 407 memcpy(neigh->ha, dev->broadcast, dev->addr_len); 408 } 409 if (dev->header_ops->cache) 410 neigh->ops = &ndisc_hh_ops; 411 else 412 neigh->ops = &ndisc_generic_ops; 413 if (neigh->nud_state&NUD_VALID) 414 neigh->output = neigh->ops->connected_output; 415 else 416 neigh->output = neigh->ops->output; 417 } 418 in6_dev_put(in6_dev); 419 return 0; 420} 421 422static int pndisc_constructor(struct pneigh_entry *n) 423{ 424 struct in6_addr *addr = (struct in6_addr*)&n->key; 425 struct in6_addr maddr; 426 struct net_device *dev = n->dev; 427 428 if (dev == NULL || __in6_dev_get(dev) == NULL) 429 return -EINVAL; 430 addrconf_addr_solict_mult(addr, &maddr); 431 ipv6_dev_mc_inc(dev, &maddr); 432 return 0; 433} 434 435static void pndisc_destructor(struct pneigh_entry *n) 436{ 437 struct in6_addr *addr = (struct in6_addr*)&n->key; 438 struct in6_addr maddr; 439 struct net_device *dev = n->dev; 440 441 if (dev == NULL || __in6_dev_get(dev) == NULL) 442 return; 443 addrconf_addr_solict_mult(addr, &maddr); 444 ipv6_dev_mc_dec(dev, &maddr); 445} 446 447struct sk_buff *ndisc_build_skb(struct net_device *dev, 448 const struct in6_addr *daddr, 449 const struct in6_addr *saddr, 450 struct icmp6hdr *icmp6h, 451 const struct in6_addr *target, 452 int llinfo) 453{ 454 struct net *net = dev_net(dev); 455 struct sock *sk = net->ipv6.ndisc_sk; 456 struct sk_buff *skb; 457 struct icmp6hdr *hdr; 458 int len; 459 int err; 460 u8 *opt; 461 462 if (!dev->addr_len) 463 llinfo = 0; 464 465 len = sizeof(struct icmp6hdr) + (target ? sizeof(*target) : 0); 466 if (llinfo) 467 len += ndisc_opt_addr_space(dev); 468 469 skb = sock_alloc_send_skb(sk, 470 (MAX_HEADER + sizeof(struct ipv6hdr) + 471 len + LL_ALLOCATED_SPACE(dev)), 472 1, &err); 473 if (!skb) { 474 ND_PRINTK0(KERN_ERR 475 "ICMPv6 ND: %s() failed to allocate an skb, err=%d.\n", 476 __func__, err); 477 return NULL; 478 } 479 480 skb_reserve(skb, LL_RESERVED_SPACE(dev)); 481 ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len); 482 483 skb->transport_header = skb->tail; 484 skb_put(skb, len); 485 486 hdr = (struct icmp6hdr *)skb_transport_header(skb); 487 memcpy(hdr, icmp6h, sizeof(*hdr)); 488 489 opt = skb_transport_header(skb) + sizeof(struct icmp6hdr); 490 if (target) { 491 ipv6_addr_copy((struct in6_addr *)opt, target); 492 opt += sizeof(*target); 493 } 494 495 if (llinfo) 496 ndisc_fill_addr_option(opt, llinfo, dev->dev_addr, 497 dev->addr_len, dev->type); 498 499 hdr->icmp6_cksum = csum_ipv6_magic(saddr, daddr, len, 500 IPPROTO_ICMPV6, 501 csum_partial(hdr, 502 len, 0)); 503 504 return skb; 505} 506 507EXPORT_SYMBOL(ndisc_build_skb); 508 509void ndisc_send_skb(struct sk_buff *skb, 510 struct net_device *dev, 511 struct neighbour *neigh, 512 const struct in6_addr *daddr, 513 const struct in6_addr *saddr, 514 struct icmp6hdr *icmp6h) 515{ 516 struct flowi6 fl6; 517 struct dst_entry *dst; 518 struct net *net = dev_net(dev); 519 struct sock *sk = net->ipv6.ndisc_sk; 520 struct inet6_dev *idev; 521 int err; 522 u8 type; 523 524 type = icmp6h->icmp6_type; 525 526 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, dev->ifindex); 527 528 dst = icmp6_dst_alloc(dev, neigh, daddr); 529 if (!dst) { 530 kfree_skb(skb); 531 return; 532 } 533 534 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0); 535 if (IS_ERR(dst)) { 536 kfree_skb(skb); 537 return; 538 } 539 540 skb_dst_set(skb, dst); 541 542 idev = in6_dev_get(dst->dev); 543 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len); 544 545 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev, 546 dst_output); 547 if (!err) { 548 ICMP6MSGOUT_INC_STATS(net, idev, type); 549 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS); 550 } 551 552 if (likely(idev != NULL)) 553 in6_dev_put(idev); 554} 555 556EXPORT_SYMBOL(ndisc_send_skb); 557 558/* 559 * Send a Neighbour Discover packet 560 */ 561static void __ndisc_send(struct net_device *dev, 562 struct neighbour *neigh, 563 const struct in6_addr *daddr, 564 const struct in6_addr *saddr, 565 struct icmp6hdr *icmp6h, const struct in6_addr *target, 566 int llinfo) 567{ 568 struct sk_buff *skb; 569 570 skb = ndisc_build_skb(dev, daddr, saddr, icmp6h, target, llinfo); 571 if (!skb) 572 return; 573 574 ndisc_send_skb(skb, dev, neigh, daddr, saddr, icmp6h); 575} 576 577static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh, 578 const struct in6_addr *daddr, 579 const struct in6_addr *solicited_addr, 580 int router, int solicited, int override, int inc_opt) 581{ 582 struct in6_addr tmpaddr; 583 struct inet6_ifaddr *ifp; 584 const struct in6_addr *src_addr; 585 struct icmp6hdr icmp6h = { 586 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT, 587 }; 588 589 /* for anycast or proxy, solicited_addr != src_addr */ 590 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1); 591 if (ifp) { 592 src_addr = solicited_addr; 593 if (ifp->flags & IFA_F_OPTIMISTIC) 594 override = 0; 595 inc_opt |= ifp->idev->cnf.force_tllao; 596 in6_ifa_put(ifp); 597 } else { 598 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr, 599 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs, 600 &tmpaddr)) 601 return; 602 src_addr = &tmpaddr; 603 } 604 605 icmp6h.icmp6_router = router; 606 icmp6h.icmp6_solicited = solicited; 607 icmp6h.icmp6_override = override; 608 609 __ndisc_send(dev, neigh, daddr, src_addr, 610 &icmp6h, solicited_addr, 611 inc_opt ? ND_OPT_TARGET_LL_ADDR : 0); 612} 613 614static void ndisc_send_unsol_na(struct net_device *dev) 615{ 616 struct inet6_dev *idev; 617 struct inet6_ifaddr *ifa; 618 struct in6_addr mcaddr; 619 620 idev = in6_dev_get(dev); 621 if (!idev) 622 return; 623 624 read_lock_bh(&idev->lock); 625 list_for_each_entry(ifa, &idev->addr_list, if_list) { 626 addrconf_addr_solict_mult(&ifa->addr, &mcaddr); 627 ndisc_send_na(dev, NULL, &mcaddr, &ifa->addr, 628 /*router=*/ !!idev->cnf.forwarding, 629 /*solicited=*/ false, /*override=*/ true, 630 /*inc_opt=*/ true); 631 } 632 read_unlock_bh(&idev->lock); 633 634 in6_dev_put(idev); 635} 636 637void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh, 638 const struct in6_addr *solicit, 639 const struct in6_addr *daddr, const struct in6_addr *saddr) 640{ 641 struct in6_addr addr_buf; 642 struct icmp6hdr icmp6h = { 643 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION, 644 }; 645 646 if (saddr == NULL) { 647 if (ipv6_get_lladdr(dev, &addr_buf, 648 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))) 649 return; 650 saddr = &addr_buf; 651 } 652 653 __ndisc_send(dev, neigh, daddr, saddr, 654 &icmp6h, solicit, 655 !ipv6_addr_any(saddr) ? ND_OPT_SOURCE_LL_ADDR : 0); 656} 657 658void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr, 659 const struct in6_addr *daddr) 660{ 661 struct icmp6hdr icmp6h = { 662 .icmp6_type = NDISC_ROUTER_SOLICITATION, 663 }; 664 int send_sllao = dev->addr_len; 665 666#ifdef CONFIG_IPV6_OPTIMISTIC_DAD 667 /* 668 * According to section 2.2 of RFC 4429, we must not 669 * send router solicitations with a sllao from 670 * optimistic addresses, but we may send the solicitation 671 * if we don't include the sllao. So here we check 672 * if our address is optimistic, and if so, we 673 * suppress the inclusion of the sllao. 674 */ 675 if (send_sllao) { 676 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr, 677 dev, 1); 678 if (ifp) { 679 if (ifp->flags & IFA_F_OPTIMISTIC) { 680 send_sllao = 0; 681 } 682 in6_ifa_put(ifp); 683 } else { 684 send_sllao = 0; 685 } 686 } 687#endif 688 __ndisc_send(dev, NULL, daddr, saddr, 689 &icmp6h, NULL, 690 send_sllao ? ND_OPT_SOURCE_LL_ADDR : 0); 691} 692 693 694static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb) 695{ 696 /* 697 * "The sender MUST return an ICMP 698 * destination unreachable" 699 */ 700 dst_link_failure(skb); 701 kfree_skb(skb); 702} 703 704/* Called with locked neigh: either read or both */ 705 706static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb) 707{ 708 struct in6_addr *saddr = NULL; 709 struct in6_addr mcaddr; 710 struct net_device *dev = neigh->dev; 711 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key; 712 int probes = atomic_read(&neigh->probes); 713 714 if (skb && ipv6_chk_addr(dev_net(dev), &ipv6_hdr(skb)->saddr, dev, 1)) 715 saddr = &ipv6_hdr(skb)->saddr; 716 717 if ((probes -= neigh->parms->ucast_probes) < 0) { 718 if (!(neigh->nud_state & NUD_VALID)) { 719 ND_PRINTK1(KERN_DEBUG "%s(): trying to ucast probe in NUD_INVALID: %pI6\n", 720 __func__, target); 721 } 722 ndisc_send_ns(dev, neigh, target, target, saddr); 723 } else if ((probes -= neigh->parms->app_probes) < 0) { 724#ifdef CONFIG_ARPD 725 neigh_app_ns(neigh); 726#endif 727 } else { 728 addrconf_addr_solict_mult(target, &mcaddr); 729 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr); 730 } 731} 732 733static int pndisc_is_router(const void *pkey, 734 struct net_device *dev) 735{ 736 struct pneigh_entry *n; 737 int ret = -1; 738 739 read_lock_bh(&nd_tbl.lock); 740 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev); 741 if (n) 742 ret = !!(n->flags & NTF_ROUTER); 743 read_unlock_bh(&nd_tbl.lock); 744 745 return ret; 746} 747 748static void ndisc_recv_ns(struct sk_buff *skb) 749{ 750 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb); 751 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 752 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr; 753 u8 *lladdr = NULL; 754 u32 ndoptlen = skb->tail - (skb->transport_header + 755 offsetof(struct nd_msg, opt)); 756 struct ndisc_options ndopts; 757 struct net_device *dev = skb->dev; 758 struct inet6_ifaddr *ifp; 759 struct inet6_dev *idev = NULL; 760 struct neighbour *neigh; 761 int dad = ipv6_addr_any(saddr); 762 int inc; 763 int is_router = -1; 764 765 if (ipv6_addr_is_multicast(&msg->target)) { 766 ND_PRINTK2(KERN_WARNING 767 "ICMPv6 NS: multicast target address"); 768 return; 769 } 770 771 /* 772 * RFC2461 7.1.1: 773 * DAD has to be destined for solicited node multicast address. 774 */ 775 if (dad && 776 !(daddr->s6_addr32[0] == htonl(0xff020000) && 777 daddr->s6_addr32[1] == htonl(0x00000000) && 778 daddr->s6_addr32[2] == htonl(0x00000001) && 779 daddr->s6_addr [12] == 0xff )) { 780 ND_PRINTK2(KERN_WARNING 781 "ICMPv6 NS: bad DAD packet (wrong destination)\n"); 782 return; 783 } 784 785 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) { 786 ND_PRINTK2(KERN_WARNING 787 "ICMPv6 NS: invalid ND options\n"); 788 return; 789 } 790 791 if (ndopts.nd_opts_src_lladdr) { 792 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev); 793 if (!lladdr) { 794 ND_PRINTK2(KERN_WARNING 795 "ICMPv6 NS: invalid link-layer address length\n"); 796 return; 797 } 798 799 /* RFC2461 7.1.1: 800 * If the IP source address is the unspecified address, 801 * there MUST NOT be source link-layer address option 802 * in the message. 803 */ 804 if (dad) { 805 ND_PRINTK2(KERN_WARNING 806 "ICMPv6 NS: bad DAD packet (link-layer address option)\n"); 807 return; 808 } 809 } 810 811 inc = ipv6_addr_is_multicast(daddr); 812 813 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1); 814 if (ifp) { 815 816 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) { 817 if (dad) { 818 if (dev->type == ARPHRD_IEEE802_TR) { 819 const unsigned char *sadr; 820 sadr = skb_mac_header(skb); 821 if (((sadr[8] ^ dev->dev_addr[0]) & 0x7f) == 0 && 822 sadr[9] == dev->dev_addr[1] && 823 sadr[10] == dev->dev_addr[2] && 824 sadr[11] == dev->dev_addr[3] && 825 sadr[12] == dev->dev_addr[4] && 826 sadr[13] == dev->dev_addr[5]) { 827 /* looped-back to us */ 828 goto out; 829 } 830 } 831 832 /* 833 * We are colliding with another node 834 * who is doing DAD 835 * so fail our DAD process 836 */ 837 addrconf_dad_failure(ifp); 838 return; 839 } else { 840 /* 841 * This is not a dad solicitation. 842 * If we are an optimistic node, 843 * we should respond. 844 * Otherwise, we should ignore it. 845 */ 846 if (!(ifp->flags & IFA_F_OPTIMISTIC)) 847 goto out; 848 } 849 } 850 851 idev = ifp->idev; 852 } else { 853 struct net *net = dev_net(dev); 854 855 idev = in6_dev_get(dev); 856 if (!idev) { 857 /* XXX: count this drop? */ 858 return; 859 } 860 861 if (ipv6_chk_acast_addr(net, dev, &msg->target) || 862 (idev->cnf.forwarding && 863 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) && 864 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) { 865 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) && 866 skb->pkt_type != PACKET_HOST && 867 inc != 0 && 868 idev->nd_parms->proxy_delay != 0) { 869 /* 870 * for anycast or proxy, 871 * sender should delay its response 872 * by a random time between 0 and 873 * MAX_ANYCAST_DELAY_TIME seconds. 874 * (RFC2461) -- yoshfuji 875 */ 876 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC); 877 if (n) 878 pneigh_enqueue(&nd_tbl, idev->nd_parms, n); 879 goto out; 880 } 881 } else 882 goto out; 883 } 884 885 if (is_router < 0) 886 is_router = !!idev->cnf.forwarding; 887 888 if (dad) { 889 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &msg->target, 890 is_router, 0, (ifp != NULL), 1); 891 goto out; 892 } 893 894 if (inc) 895 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast); 896 else 897 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast); 898 899 /* 900 * update / create cache entry 901 * for the source address 902 */ 903 neigh = __neigh_lookup(&nd_tbl, saddr, dev, 904 !inc || lladdr || !dev->addr_len); 905 if (neigh) 906 neigh_update(neigh, lladdr, NUD_STALE, 907 NEIGH_UPDATE_F_WEAK_OVERRIDE| 908 NEIGH_UPDATE_F_OVERRIDE); 909 if (neigh || !dev->header_ops) { 910 ndisc_send_na(dev, neigh, saddr, &msg->target, 911 is_router, 912 1, (ifp != NULL && inc), inc); 913 if (neigh) 914 neigh_release(neigh); 915 } 916 917out: 918 if (ifp) 919 in6_ifa_put(ifp); 920 else 921 in6_dev_put(idev); 922} 923 924static void ndisc_recv_na(struct sk_buff *skb) 925{ 926 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb); 927 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 928 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr; 929 u8 *lladdr = NULL; 930 u32 ndoptlen = skb->tail - (skb->transport_header + 931 offsetof(struct nd_msg, opt)); 932 struct ndisc_options ndopts; 933 struct net_device *dev = skb->dev; 934 struct inet6_ifaddr *ifp; 935 struct neighbour *neigh; 936 937 if (skb->len < sizeof(struct nd_msg)) { 938 ND_PRINTK2(KERN_WARNING 939 "ICMPv6 NA: packet too short\n"); 940 return; 941 } 942 943 if (ipv6_addr_is_multicast(&msg->target)) { 944 ND_PRINTK2(KERN_WARNING 945 "ICMPv6 NA: target address is multicast.\n"); 946 return; 947 } 948 949 if (ipv6_addr_is_multicast(daddr) && 950 msg->icmph.icmp6_solicited) { 951 ND_PRINTK2(KERN_WARNING 952 "ICMPv6 NA: solicited NA is multicasted.\n"); 953 return; 954 } 955 956 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) { 957 ND_PRINTK2(KERN_WARNING 958 "ICMPv6 NS: invalid ND option\n"); 959 return; 960 } 961 if (ndopts.nd_opts_tgt_lladdr) { 962 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev); 963 if (!lladdr) { 964 ND_PRINTK2(KERN_WARNING 965 "ICMPv6 NA: invalid link-layer address length\n"); 966 return; 967 } 968 } 969 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1); 970 if (ifp) { 971 if (skb->pkt_type != PACKET_LOOPBACK 972 && (ifp->flags & IFA_F_TENTATIVE)) { 973 addrconf_dad_failure(ifp); 974 return; 975 } 976 /* What should we make now? The advertisement 977 is invalid, but ndisc specs say nothing 978 about it. It could be misconfiguration, or 979 an smart proxy agent tries to help us :-) 980 981 We should not print the error if NA has been 982 received from loopback - it is just our own 983 unsolicited advertisement. 984 */ 985 if (skb->pkt_type != PACKET_LOOPBACK) 986 ND_PRINTK1(KERN_WARNING 987 "ICMPv6 NA: someone advertises our address %pI6 on %s!\n", 988 &ifp->addr, ifp->idev->dev->name); 989 in6_ifa_put(ifp); 990 return; 991 } 992 neigh = neigh_lookup(&nd_tbl, &msg->target, dev); 993 994 if (neigh) { 995 u8 old_flags = neigh->flags; 996 struct net *net = dev_net(dev); 997 998 if (neigh->nud_state & NUD_FAILED) 999 goto out; 1000 1001 /* 1002 * Don't update the neighbor cache entry on a proxy NA from 1003 * ourselves because either the proxied node is off link or it 1004 * has already sent a NA to us. 1005 */ 1006 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) && 1007 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp && 1008 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) { 1009 /* XXX: idev->cnf.prixy_ndp */ 1010 goto out; 1011 } 1012 1013 neigh_update(neigh, lladdr, 1014 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE, 1015 NEIGH_UPDATE_F_WEAK_OVERRIDE| 1016 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)| 1017 NEIGH_UPDATE_F_OVERRIDE_ISROUTER| 1018 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0)); 1019 1020 if ((old_flags & ~neigh->flags) & NTF_ROUTER) { 1021 /* 1022 * Change: router to host 1023 */ 1024 struct rt6_info *rt; 1025 rt = rt6_get_dflt_router(saddr, dev); 1026 if (rt) 1027 ip6_del_rt(rt); 1028 } 1029 1030out: 1031 neigh_release(neigh); 1032 } 1033} 1034 1035static void ndisc_recv_rs(struct sk_buff *skb) 1036{ 1037 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb); 1038 unsigned long ndoptlen = skb->len - sizeof(*rs_msg); 1039 struct neighbour *neigh; 1040 struct inet6_dev *idev; 1041 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 1042 struct ndisc_options ndopts; 1043 u8 *lladdr = NULL; 1044 1045 if (skb->len < sizeof(*rs_msg)) 1046 return; 1047 1048 idev = in6_dev_get(skb->dev); 1049 if (!idev) { 1050 if (net_ratelimit()) 1051 ND_PRINTK1("ICMP6 RS: can't find in6 device\n"); 1052 return; 1053 } 1054 1055 /* Don't accept RS if we're not in router mode */ 1056 if (!idev->cnf.forwarding) 1057 goto out; 1058 1059 /* 1060 * Don't update NCE if src = ::; 1061 * this implies that the source node has no ip address assigned yet. 1062 */ 1063 if (ipv6_addr_any(saddr)) 1064 goto out; 1065 1066 /* Parse ND options */ 1067 if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) { 1068 if (net_ratelimit()) 1069 ND_PRINTK2("ICMP6 NS: invalid ND option, ignored\n"); 1070 goto out; 1071 } 1072 1073 if (ndopts.nd_opts_src_lladdr) { 1074 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, 1075 skb->dev); 1076 if (!lladdr) 1077 goto out; 1078 } 1079 1080 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1); 1081 if (neigh) { 1082 neigh_update(neigh, lladdr, NUD_STALE, 1083 NEIGH_UPDATE_F_WEAK_OVERRIDE| 1084 NEIGH_UPDATE_F_OVERRIDE| 1085 NEIGH_UPDATE_F_OVERRIDE_ISROUTER); 1086 neigh_release(neigh); 1087 } 1088out: 1089 in6_dev_put(idev); 1090} 1091 1092static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt) 1093{ 1094 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra); 1095 struct sk_buff *skb; 1096 struct nlmsghdr *nlh; 1097 struct nduseroptmsg *ndmsg; 1098 struct net *net = dev_net(ra->dev); 1099 int err; 1100 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg) 1101 + (opt->nd_opt_len << 3)); 1102 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr)); 1103 1104 skb = nlmsg_new(msg_size, GFP_ATOMIC); 1105 if (skb == NULL) { 1106 err = -ENOBUFS; 1107 goto errout; 1108 } 1109 1110 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0); 1111 if (nlh == NULL) { 1112 goto nla_put_failure; 1113 } 1114 1115 ndmsg = nlmsg_data(nlh); 1116 ndmsg->nduseropt_family = AF_INET6; 1117 ndmsg->nduseropt_ifindex = ra->dev->ifindex; 1118 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type; 1119 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code; 1120 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3; 1121 1122 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3); 1123 1124 NLA_PUT(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr), 1125 &ipv6_hdr(ra)->saddr); 1126 nlmsg_end(skb, nlh); 1127 1128 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC); 1129 return; 1130 1131nla_put_failure: 1132 nlmsg_free(skb); 1133 err = -EMSGSIZE; 1134errout: 1135 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err); 1136} 1137 1138static inline int accept_ra(struct inet6_dev *in6_dev) 1139{ 1140 /* 1141 * If forwarding is enabled, RA are not accepted unless the special 1142 * hybrid mode (accept_ra=2) is enabled. 1143 */ 1144 if (in6_dev->cnf.forwarding && in6_dev->cnf.accept_ra < 2) 1145 return 0; 1146 1147 return in6_dev->cnf.accept_ra; 1148} 1149 1150static void ndisc_router_discovery(struct sk_buff *skb) 1151{ 1152 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb); 1153 struct neighbour *neigh = NULL; 1154 struct inet6_dev *in6_dev; 1155 struct rt6_info *rt = NULL; 1156 int lifetime; 1157 struct ndisc_options ndopts; 1158 int optlen; 1159 unsigned int pref = 0; 1160 1161 __u8 * opt = (__u8 *)(ra_msg + 1); 1162 1163 optlen = (skb->tail - skb->transport_header) - sizeof(struct ra_msg); 1164 1165 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) { 1166 ND_PRINTK2(KERN_WARNING 1167 "ICMPv6 RA: source address is not link-local.\n"); 1168 return; 1169 } 1170 if (optlen < 0) { 1171 ND_PRINTK2(KERN_WARNING 1172 "ICMPv6 RA: packet too short\n"); 1173 return; 1174 } 1175 1176#ifdef CONFIG_IPV6_NDISC_NODETYPE 1177 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) { 1178 ND_PRINTK2(KERN_WARNING 1179 "ICMPv6 RA: from host or unauthorized router\n"); 1180 return; 1181 } 1182#endif 1183 1184 /* 1185 * set the RA_RECV flag in the interface 1186 */ 1187 1188 in6_dev = in6_dev_get(skb->dev); 1189 if (in6_dev == NULL) { 1190 ND_PRINTK0(KERN_ERR 1191 "ICMPv6 RA: can't find inet6 device for %s.\n", 1192 skb->dev->name); 1193 return; 1194 } 1195 1196 if (!ndisc_parse_options(opt, optlen, &ndopts)) { 1197 in6_dev_put(in6_dev); 1198 ND_PRINTK2(KERN_WARNING 1199 "ICMP6 RA: invalid ND options\n"); 1200 return; 1201 } 1202 1203 if (!accept_ra(in6_dev)) 1204 goto skip_linkparms; 1205 1206#ifdef CONFIG_IPV6_NDISC_NODETYPE 1207 /* skip link-specific parameters from interior routers */ 1208 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) 1209 goto skip_linkparms; 1210#endif 1211 1212 if (in6_dev->if_flags & IF_RS_SENT) { 1213 /* 1214 * flag that an RA was received after an RS was sent 1215 * out on this interface. 1216 */ 1217 in6_dev->if_flags |= IF_RA_RCVD; 1218 } 1219 1220 /* 1221 * Remember the managed/otherconf flags from most recently 1222 * received RA message (RFC 2462) -- yoshfuji 1223 */ 1224 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED | 1225 IF_RA_OTHERCONF)) | 1226 (ra_msg->icmph.icmp6_addrconf_managed ? 1227 IF_RA_MANAGED : 0) | 1228 (ra_msg->icmph.icmp6_addrconf_other ? 1229 IF_RA_OTHERCONF : 0); 1230 1231 if (!in6_dev->cnf.accept_ra_defrtr) 1232 goto skip_defrtr; 1233 1234 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime); 1235 1236#ifdef CONFIG_IPV6_ROUTER_PREF 1237 pref = ra_msg->icmph.icmp6_router_pref; 1238 /* 10b is handled as if it were 00b (medium) */ 1239 if (pref == ICMPV6_ROUTER_PREF_INVALID || 1240 !in6_dev->cnf.accept_ra_rtr_pref) 1241 pref = ICMPV6_ROUTER_PREF_MEDIUM; 1242#endif 1243 1244 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev); 1245 1246 if (rt) 1247 neigh = rt->rt6i_nexthop; 1248 1249 if (rt && lifetime == 0) { 1250 neigh_clone(neigh); 1251 ip6_del_rt(rt); 1252 rt = NULL; 1253 } 1254 1255 if (rt == NULL && lifetime) { 1256 ND_PRINTK3(KERN_DEBUG 1257 "ICMPv6 RA: adding default router.\n"); 1258 1259 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref); 1260 if (rt == NULL) { 1261 ND_PRINTK0(KERN_ERR 1262 "ICMPv6 RA: %s() failed to add default route.\n", 1263 __func__); 1264 in6_dev_put(in6_dev); 1265 return; 1266 } 1267 1268 neigh = rt->rt6i_nexthop; 1269 if (neigh == NULL) { 1270 ND_PRINTK0(KERN_ERR 1271 "ICMPv6 RA: %s() got default router without neighbour.\n", 1272 __func__); 1273 dst_release(&rt->dst); 1274 in6_dev_put(in6_dev); 1275 return; 1276 } 1277 neigh->flags |= NTF_ROUTER; 1278 } else if (rt) { 1279 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref); 1280 } 1281 1282 if (rt) 1283 rt->rt6i_expires = jiffies + (HZ * lifetime); 1284 1285 if (ra_msg->icmph.icmp6_hop_limit) { 1286 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit; 1287 if (rt) 1288 dst_metric_set(&rt->dst, RTAX_HOPLIMIT, 1289 ra_msg->icmph.icmp6_hop_limit); 1290 } 1291 1292skip_defrtr: 1293 1294 /* 1295 * Update Reachable Time and Retrans Timer 1296 */ 1297 1298 if (in6_dev->nd_parms) { 1299 unsigned long rtime = ntohl(ra_msg->retrans_timer); 1300 1301 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) { 1302 rtime = (rtime*HZ)/1000; 1303 if (rtime < HZ/10) 1304 rtime = HZ/10; 1305 in6_dev->nd_parms->retrans_time = rtime; 1306 in6_dev->tstamp = jiffies; 1307 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev); 1308 } 1309 1310 rtime = ntohl(ra_msg->reachable_time); 1311 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) { 1312 rtime = (rtime*HZ)/1000; 1313 1314 if (rtime < HZ/10) 1315 rtime = HZ/10; 1316 1317 if (rtime != in6_dev->nd_parms->base_reachable_time) { 1318 in6_dev->nd_parms->base_reachable_time = rtime; 1319 in6_dev->nd_parms->gc_staletime = 3 * rtime; 1320 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime); 1321 in6_dev->tstamp = jiffies; 1322 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev); 1323 } 1324 } 1325 } 1326 1327skip_linkparms: 1328 1329 /* 1330 * Process options. 1331 */ 1332 1333 if (!neigh) 1334 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr, 1335 skb->dev, 1); 1336 if (neigh) { 1337 u8 *lladdr = NULL; 1338 if (ndopts.nd_opts_src_lladdr) { 1339 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, 1340 skb->dev); 1341 if (!lladdr) { 1342 ND_PRINTK2(KERN_WARNING 1343 "ICMPv6 RA: invalid link-layer address length\n"); 1344 goto out; 1345 } 1346 } 1347 neigh_update(neigh, lladdr, NUD_STALE, 1348 NEIGH_UPDATE_F_WEAK_OVERRIDE| 1349 NEIGH_UPDATE_F_OVERRIDE| 1350 NEIGH_UPDATE_F_OVERRIDE_ISROUTER| 1351 NEIGH_UPDATE_F_ISROUTER); 1352 } 1353 1354 if (!accept_ra(in6_dev)) 1355 goto out; 1356 1357#ifdef CONFIG_IPV6_ROUTE_INFO 1358 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) { 1359 struct nd_opt_hdr *p; 1360 for (p = ndopts.nd_opts_ri; 1361 p; 1362 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) { 1363 struct route_info *ri = (struct route_info *)p; 1364#ifdef CONFIG_IPV6_NDISC_NODETYPE 1365 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT && 1366 ri->prefix_len == 0) 1367 continue; 1368#endif 1369 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen) 1370 continue; 1371 rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3, 1372 &ipv6_hdr(skb)->saddr); 1373 } 1374 } 1375#endif 1376 1377#ifdef CONFIG_IPV6_NDISC_NODETYPE 1378 /* skip link-specific ndopts from interior routers */ 1379 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) 1380 goto out; 1381#endif 1382 1383 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) { 1384 struct nd_opt_hdr *p; 1385 for (p = ndopts.nd_opts_pi; 1386 p; 1387 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) { 1388 addrconf_prefix_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3); 1389 } 1390 } 1391 1392 if (ndopts.nd_opts_mtu) { 1393 __be32 n; 1394 u32 mtu; 1395 1396 memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu)); 1397 mtu = ntohl(n); 1398 1399 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) { 1400 ND_PRINTK2(KERN_WARNING 1401 "ICMPv6 RA: invalid mtu: %d\n", 1402 mtu); 1403 } else if (in6_dev->cnf.mtu6 != mtu) { 1404 in6_dev->cnf.mtu6 = mtu; 1405 1406 if (rt) 1407 dst_metric_set(&rt->dst, RTAX_MTU, mtu); 1408 1409 rt6_mtu_change(skb->dev, mtu); 1410 } 1411 } 1412 1413 if (ndopts.nd_useropts) { 1414 struct nd_opt_hdr *p; 1415 for (p = ndopts.nd_useropts; 1416 p; 1417 p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) { 1418 ndisc_ra_useropt(skb, p); 1419 } 1420 } 1421 1422 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) { 1423 ND_PRINTK2(KERN_WARNING 1424 "ICMPv6 RA: invalid RA options"); 1425 } 1426out: 1427 if (rt) 1428 dst_release(&rt->dst); 1429 else if (neigh) 1430 neigh_release(neigh); 1431 in6_dev_put(in6_dev); 1432} 1433 1434static void ndisc_redirect_rcv(struct sk_buff *skb) 1435{ 1436 struct inet6_dev *in6_dev; 1437 struct icmp6hdr *icmph; 1438 const struct in6_addr *dest; 1439 const struct in6_addr *target; /* new first hop to destination */ 1440 struct neighbour *neigh; 1441 int on_link = 0; 1442 struct ndisc_options ndopts; 1443 int optlen; 1444 u8 *lladdr = NULL; 1445 1446#ifdef CONFIG_IPV6_NDISC_NODETYPE 1447 switch (skb->ndisc_nodetype) { 1448 case NDISC_NODETYPE_HOST: 1449 case NDISC_NODETYPE_NODEFAULT: 1450 ND_PRINTK2(KERN_WARNING 1451 "ICMPv6 Redirect: from host or unauthorized router\n"); 1452 return; 1453 } 1454#endif 1455 1456 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) { 1457 ND_PRINTK2(KERN_WARNING 1458 "ICMPv6 Redirect: source address is not link-local.\n"); 1459 return; 1460 } 1461 1462 optlen = skb->tail - skb->transport_header; 1463 optlen -= sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr); 1464 1465 if (optlen < 0) { 1466 ND_PRINTK2(KERN_WARNING 1467 "ICMPv6 Redirect: packet too short\n"); 1468 return; 1469 } 1470 1471 icmph = icmp6_hdr(skb); 1472 target = (const struct in6_addr *) (icmph + 1); 1473 dest = target + 1; 1474 1475 if (ipv6_addr_is_multicast(dest)) { 1476 ND_PRINTK2(KERN_WARNING 1477 "ICMPv6 Redirect: destination address is multicast.\n"); 1478 return; 1479 } 1480 1481 if (ipv6_addr_equal(dest, target)) { 1482 on_link = 1; 1483 } else if (ipv6_addr_type(target) != 1484 (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) { 1485 ND_PRINTK2(KERN_WARNING 1486 "ICMPv6 Redirect: target address is not link-local unicast.\n"); 1487 return; 1488 } 1489 1490 in6_dev = in6_dev_get(skb->dev); 1491 if (!in6_dev) 1492 return; 1493 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects) { 1494 in6_dev_put(in6_dev); 1495 return; 1496 } 1497 1498 /* RFC2461 8.1: 1499 * The IP source address of the Redirect MUST be the same as the current 1500 * first-hop router for the specified ICMP Destination Address. 1501 */ 1502 1503 if (!ndisc_parse_options((u8*)(dest + 1), optlen, &ndopts)) { 1504 ND_PRINTK2(KERN_WARNING 1505 "ICMPv6 Redirect: invalid ND options\n"); 1506 in6_dev_put(in6_dev); 1507 return; 1508 } 1509 if (ndopts.nd_opts_tgt_lladdr) { 1510 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, 1511 skb->dev); 1512 if (!lladdr) { 1513 ND_PRINTK2(KERN_WARNING 1514 "ICMPv6 Redirect: invalid link-layer address length\n"); 1515 in6_dev_put(in6_dev); 1516 return; 1517 } 1518 } 1519 1520 neigh = __neigh_lookup(&nd_tbl, target, skb->dev, 1); 1521 if (neigh) { 1522 rt6_redirect(dest, &ipv6_hdr(skb)->daddr, 1523 &ipv6_hdr(skb)->saddr, neigh, lladdr, 1524 on_link); 1525 neigh_release(neigh); 1526 } 1527 in6_dev_put(in6_dev); 1528} 1529 1530void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh, 1531 const struct in6_addr *target) 1532{ 1533 struct net_device *dev = skb->dev; 1534 struct net *net = dev_net(dev); 1535 struct sock *sk = net->ipv6.ndisc_sk; 1536 int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr); 1537 struct sk_buff *buff; 1538 struct icmp6hdr *icmph; 1539 struct in6_addr saddr_buf; 1540 struct in6_addr *addrp; 1541 struct rt6_info *rt; 1542 struct dst_entry *dst; 1543 struct inet6_dev *idev; 1544 struct flowi6 fl6; 1545 u8 *opt; 1546 int rd_len; 1547 int err; 1548 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL; 1549 1550 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) { 1551 ND_PRINTK2(KERN_WARNING 1552 "ICMPv6 Redirect: no link-local address on %s\n", 1553 dev->name); 1554 return; 1555 } 1556 1557 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) && 1558 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) { 1559 ND_PRINTK2(KERN_WARNING 1560 "ICMPv6 Redirect: target address is not link-local unicast.\n"); 1561 return; 1562 } 1563 1564 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT, 1565 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex); 1566 1567 dst = ip6_route_output(net, NULL, &fl6); 1568 if (dst == NULL) 1569 return; 1570 1571 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0); 1572 if (IS_ERR(dst)) 1573 return; 1574 1575 rt = (struct rt6_info *) dst; 1576 1577 if (rt->rt6i_flags & RTF_GATEWAY) { 1578 ND_PRINTK2(KERN_WARNING 1579 "ICMPv6 Redirect: destination is not a neighbour.\n"); 1580 goto release; 1581 } 1582 if (!rt->rt6i_peer) 1583 rt6_bind_peer(rt, 1); 1584 if (inet_peer_xrlim_allow(rt->rt6i_peer, 1*HZ)) 1585 goto release; 1586 1587 if (dev->addr_len) { 1588 read_lock_bh(&neigh->lock); 1589 if (neigh->nud_state & NUD_VALID) { 1590 memcpy(ha_buf, neigh->ha, dev->addr_len); 1591 read_unlock_bh(&neigh->lock); 1592 ha = ha_buf; 1593 len += ndisc_opt_addr_space(dev); 1594 } else 1595 read_unlock_bh(&neigh->lock); 1596 } 1597 1598 rd_len = min_t(unsigned int, 1599 IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8); 1600 rd_len &= ~0x7; 1601 len += rd_len; 1602 1603 buff = sock_alloc_send_skb(sk, 1604 (MAX_HEADER + sizeof(struct ipv6hdr) + 1605 len + LL_ALLOCATED_SPACE(dev)), 1606 1, &err); 1607 if (buff == NULL) { 1608 ND_PRINTK0(KERN_ERR 1609 "ICMPv6 Redirect: %s() failed to allocate an skb, err=%d.\n", 1610 __func__, err); 1611 goto release; 1612 } 1613 1614 skb_reserve(buff, LL_RESERVED_SPACE(dev)); 1615 ip6_nd_hdr(sk, buff, dev, &saddr_buf, &ipv6_hdr(skb)->saddr, 1616 IPPROTO_ICMPV6, len); 1617 1618 skb_set_transport_header(buff, skb_tail_pointer(buff) - buff->data); 1619 skb_put(buff, len); 1620 icmph = icmp6_hdr(buff); 1621 1622 memset(icmph, 0, sizeof(struct icmp6hdr)); 1623 icmph->icmp6_type = NDISC_REDIRECT; 1624 1625 /* 1626 * copy target and destination addresses 1627 */ 1628 1629 addrp = (struct in6_addr *)(icmph + 1); 1630 ipv6_addr_copy(addrp, target); 1631 addrp++; 1632 ipv6_addr_copy(addrp, &ipv6_hdr(skb)->daddr); 1633 1634 opt = (u8*) (addrp + 1); 1635 1636 /* 1637 * include target_address option 1638 */ 1639 1640 if (ha) 1641 opt = ndisc_fill_addr_option(opt, ND_OPT_TARGET_LL_ADDR, ha, 1642 dev->addr_len, dev->type); 1643 1644 /* 1645 * build redirect option and copy skb over to the new packet. 1646 */ 1647 1648 memset(opt, 0, 8); 1649 *(opt++) = ND_OPT_REDIRECT_HDR; 1650 *(opt++) = (rd_len >> 3); 1651 opt += 6; 1652 1653 memcpy(opt, ipv6_hdr(skb), rd_len - 8); 1654 1655 icmph->icmp6_cksum = csum_ipv6_magic(&saddr_buf, &ipv6_hdr(skb)->saddr, 1656 len, IPPROTO_ICMPV6, 1657 csum_partial(icmph, len, 0)); 1658 1659 skb_dst_set(buff, dst); 1660 idev = in6_dev_get(dst->dev); 1661 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len); 1662 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, buff, NULL, dst->dev, 1663 dst_output); 1664 if (!err) { 1665 ICMP6MSGOUT_INC_STATS(net, idev, NDISC_REDIRECT); 1666 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS); 1667 } 1668 1669 if (likely(idev != NULL)) 1670 in6_dev_put(idev); 1671 return; 1672 1673release: 1674 dst_release(dst); 1675} 1676 1677static void pndisc_redo(struct sk_buff *skb) 1678{ 1679 ndisc_recv_ns(skb); 1680 kfree_skb(skb); 1681} 1682 1683int ndisc_rcv(struct sk_buff *skb) 1684{ 1685 struct nd_msg *msg; 1686 1687 if (!pskb_may_pull(skb, skb->len)) 1688 return 0; 1689 1690 msg = (struct nd_msg *)skb_transport_header(skb); 1691 1692 __skb_push(skb, skb->data - skb_transport_header(skb)); 1693 1694 if (ipv6_hdr(skb)->hop_limit != 255) { 1695 ND_PRINTK2(KERN_WARNING 1696 "ICMPv6 NDISC: invalid hop-limit: %d\n", 1697 ipv6_hdr(skb)->hop_limit); 1698 return 0; 1699 } 1700 1701 if (msg->icmph.icmp6_code != 0) { 1702 ND_PRINTK2(KERN_WARNING 1703 "ICMPv6 NDISC: invalid ICMPv6 code: %d\n", 1704 msg->icmph.icmp6_code); 1705 return 0; 1706 } 1707 1708 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb)); 1709 1710 switch (msg->icmph.icmp6_type) { 1711 case NDISC_NEIGHBOUR_SOLICITATION: 1712 ndisc_recv_ns(skb); 1713 break; 1714 1715 case NDISC_NEIGHBOUR_ADVERTISEMENT: 1716 ndisc_recv_na(skb); 1717 break; 1718 1719 case NDISC_ROUTER_SOLICITATION: 1720 ndisc_recv_rs(skb); 1721 break; 1722 1723 case NDISC_ROUTER_ADVERTISEMENT: 1724 ndisc_router_discovery(skb); 1725 break; 1726 1727 case NDISC_REDIRECT: 1728 ndisc_redirect_rcv(skb); 1729 break; 1730 } 1731 1732 return 0; 1733} 1734 1735static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr) 1736{ 1737 struct net_device *dev = ptr; 1738 struct net *net = dev_net(dev); 1739 1740 switch (event) { 1741 case NETDEV_CHANGEADDR: 1742 neigh_changeaddr(&nd_tbl, dev); 1743 fib6_run_gc(~0UL, net); 1744 break; 1745 case NETDEV_DOWN: 1746 neigh_ifdown(&nd_tbl, dev); 1747 fib6_run_gc(~0UL, net); 1748 break; 1749 case NETDEV_NOTIFY_PEERS: 1750 ndisc_send_unsol_na(dev); 1751 break; 1752 default: 1753 break; 1754 } 1755 1756 return NOTIFY_DONE; 1757} 1758 1759static struct notifier_block ndisc_netdev_notifier = { 1760 .notifier_call = ndisc_netdev_event, 1761}; 1762 1763#ifdef CONFIG_SYSCTL 1764static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl, 1765 const char *func, const char *dev_name) 1766{ 1767 static char warncomm[TASK_COMM_LEN]; 1768 static int warned; 1769 if (strcmp(warncomm, current->comm) && warned < 5) { 1770 strcpy(warncomm, current->comm); 1771 printk(KERN_WARNING 1772 "process `%s' is using deprecated sysctl (%s) " 1773 "net.ipv6.neigh.%s.%s; " 1774 "Use net.ipv6.neigh.%s.%s_ms " 1775 "instead.\n", 1776 warncomm, func, 1777 dev_name, ctl->procname, 1778 dev_name, ctl->procname); 1779 warned++; 1780 } 1781} 1782 1783int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos) 1784{ 1785 struct net_device *dev = ctl->extra1; 1786 struct inet6_dev *idev; 1787 int ret; 1788 1789 if ((strcmp(ctl->procname, "retrans_time") == 0) || 1790 (strcmp(ctl->procname, "base_reachable_time") == 0)) 1791 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default"); 1792 1793 if (strcmp(ctl->procname, "retrans_time") == 0) 1794 ret = proc_dointvec(ctl, write, buffer, lenp, ppos); 1795 1796 else if (strcmp(ctl->procname, "base_reachable_time") == 0) 1797 ret = proc_dointvec_jiffies(ctl, write, 1798 buffer, lenp, ppos); 1799 1800 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) || 1801 (strcmp(ctl->procname, "base_reachable_time_ms") == 0)) 1802 ret = proc_dointvec_ms_jiffies(ctl, write, 1803 buffer, lenp, ppos); 1804 else 1805 ret = -1; 1806 1807 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) { 1808 if (ctl->data == &idev->nd_parms->base_reachable_time) 1809 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time); 1810 idev->tstamp = jiffies; 1811 inet6_ifinfo_notify(RTM_NEWLINK, idev); 1812 in6_dev_put(idev); 1813 } 1814 return ret; 1815} 1816 1817 1818#endif 1819 1820static int __net_init ndisc_net_init(struct net *net) 1821{ 1822 struct ipv6_pinfo *np; 1823 struct sock *sk; 1824 int err; 1825 1826 err = inet_ctl_sock_create(&sk, PF_INET6, 1827 SOCK_RAW, IPPROTO_ICMPV6, net); 1828 if (err < 0) { 1829 ND_PRINTK0(KERN_ERR 1830 "ICMPv6 NDISC: Failed to initialize the control socket (err %d).\n", 1831 err); 1832 return err; 1833 } 1834 1835 net->ipv6.ndisc_sk = sk; 1836 1837 np = inet6_sk(sk); 1838 np->hop_limit = 255; 1839 /* Do not loopback ndisc messages */ 1840 np->mc_loop = 0; 1841 1842 return 0; 1843} 1844 1845static void __net_exit ndisc_net_exit(struct net *net) 1846{ 1847 inet_ctl_sock_destroy(net->ipv6.ndisc_sk); 1848} 1849 1850static struct pernet_operations ndisc_net_ops = { 1851 .init = ndisc_net_init, 1852 .exit = ndisc_net_exit, 1853}; 1854 1855int __init ndisc_init(void) 1856{ 1857 int err; 1858 1859 err = register_pernet_subsys(&ndisc_net_ops); 1860 if (err) 1861 return err; 1862 /* 1863 * Initialize the neighbour table 1864 */ 1865 neigh_table_init(&nd_tbl); 1866 1867#ifdef CONFIG_SYSCTL 1868 err = neigh_sysctl_register(NULL, &nd_tbl.parms, "ipv6", 1869 &ndisc_ifinfo_sysctl_change); 1870 if (err) 1871 goto out_unregister_pernet; 1872#endif 1873 err = register_netdevice_notifier(&ndisc_netdev_notifier); 1874 if (err) 1875 goto out_unregister_sysctl; 1876out: 1877 return err; 1878 1879out_unregister_sysctl: 1880#ifdef CONFIG_SYSCTL 1881 neigh_sysctl_unregister(&nd_tbl.parms); 1882out_unregister_pernet: 1883#endif 1884 unregister_pernet_subsys(&ndisc_net_ops); 1885 goto out; 1886} 1887 1888void ndisc_cleanup(void) 1889{ 1890 unregister_netdevice_notifier(&ndisc_netdev_notifier); 1891#ifdef CONFIG_SYSCTL 1892 neigh_sysctl_unregister(&nd_tbl.parms); 1893#endif 1894 neigh_table_clear(&nd_tbl); 1895 unregister_pernet_subsys(&ndisc_net_ops); 1896} 1897