ndisc.c revision adf30907d63893e4208dfe3f5c88ae12bc2f25d5
1/* 2 * Neighbour Discovery for IPv6 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * Mike Shaver <shaver@ingenia.com> 8 * 9 * This program is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU General Public License 11 * as published by the Free Software Foundation; either version 12 * 2 of the License, or (at your option) any later version. 13 */ 14 15/* 16 * Changes: 17 * 18 * Pierre Ynard : export userland ND options 19 * through netlink (RDNSS support) 20 * Lars Fenneberg : fixed MTU setting on receipt 21 * of an RA. 22 * Janos Farkas : kmalloc failure checks 23 * Alexey Kuznetsov : state machine reworked 24 * and moved to net/core. 25 * Pekka Savola : RFC2461 validation 26 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly 27 */ 28 29/* Set to 3 to get tracing... */ 30#define ND_DEBUG 1 31 32#define ND_PRINTK(fmt, args...) do { if (net_ratelimit()) { printk(fmt, ## args); } } while(0) 33#define ND_NOPRINTK(x...) do { ; } while(0) 34#define ND_PRINTK0 ND_PRINTK 35#define ND_PRINTK1 ND_NOPRINTK 36#define ND_PRINTK2 ND_NOPRINTK 37#define ND_PRINTK3 ND_NOPRINTK 38#if ND_DEBUG >= 1 39#undef ND_PRINTK1 40#define ND_PRINTK1 ND_PRINTK 41#endif 42#if ND_DEBUG >= 2 43#undef ND_PRINTK2 44#define ND_PRINTK2 ND_PRINTK 45#endif 46#if ND_DEBUG >= 3 47#undef ND_PRINTK3 48#define ND_PRINTK3 ND_PRINTK 49#endif 50 51#include <linux/module.h> 52#include <linux/errno.h> 53#include <linux/types.h> 54#include <linux/socket.h> 55#include <linux/sockios.h> 56#include <linux/sched.h> 57#include <linux/net.h> 58#include <linux/in6.h> 59#include <linux/route.h> 60#include <linux/init.h> 61#include <linux/rcupdate.h> 62#ifdef CONFIG_SYSCTL 63#include <linux/sysctl.h> 64#endif 65 66#include <linux/if_addr.h> 67#include <linux/if_arp.h> 68#include <linux/ipv6.h> 69#include <linux/icmpv6.h> 70#include <linux/jhash.h> 71 72#include <net/sock.h> 73#include <net/snmp.h> 74 75#include <net/ipv6.h> 76#include <net/protocol.h> 77#include <net/ndisc.h> 78#include <net/ip6_route.h> 79#include <net/addrconf.h> 80#include <net/icmp.h> 81 82#include <net/netlink.h> 83#include <linux/rtnetlink.h> 84 85#include <net/flow.h> 86#include <net/ip6_checksum.h> 87#include <net/inet_common.h> 88#include <linux/proc_fs.h> 89 90#include <linux/netfilter.h> 91#include <linux/netfilter_ipv6.h> 92 93static u32 ndisc_hash(const void *pkey, const struct net_device *dev); 94static int ndisc_constructor(struct neighbour *neigh); 95static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb); 96static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb); 97static int pndisc_constructor(struct pneigh_entry *n); 98static void pndisc_destructor(struct pneigh_entry *n); 99static void pndisc_redo(struct sk_buff *skb); 100 101static struct neigh_ops ndisc_generic_ops = { 102 .family = AF_INET6, 103 .solicit = ndisc_solicit, 104 .error_report = ndisc_error_report, 105 .output = neigh_resolve_output, 106 .connected_output = neigh_connected_output, 107 .hh_output = dev_queue_xmit, 108 .queue_xmit = dev_queue_xmit, 109}; 110 111static struct neigh_ops ndisc_hh_ops = { 112 .family = AF_INET6, 113 .solicit = ndisc_solicit, 114 .error_report = ndisc_error_report, 115 .output = neigh_resolve_output, 116 .connected_output = neigh_resolve_output, 117 .hh_output = dev_queue_xmit, 118 .queue_xmit = dev_queue_xmit, 119}; 120 121 122static struct neigh_ops ndisc_direct_ops = { 123 .family = AF_INET6, 124 .output = dev_queue_xmit, 125 .connected_output = dev_queue_xmit, 126 .hh_output = dev_queue_xmit, 127 .queue_xmit = dev_queue_xmit, 128}; 129 130struct neigh_table nd_tbl = { 131 .family = AF_INET6, 132 .entry_size = sizeof(struct neighbour) + sizeof(struct in6_addr), 133 .key_len = sizeof(struct in6_addr), 134 .hash = ndisc_hash, 135 .constructor = ndisc_constructor, 136 .pconstructor = pndisc_constructor, 137 .pdestructor = pndisc_destructor, 138 .proxy_redo = pndisc_redo, 139 .id = "ndisc_cache", 140 .parms = { 141 .tbl = &nd_tbl, 142 .base_reachable_time = 30 * HZ, 143 .retrans_time = 1 * HZ, 144 .gc_staletime = 60 * HZ, 145 .reachable_time = 30 * HZ, 146 .delay_probe_time = 5 * HZ, 147 .queue_len = 3, 148 .ucast_probes = 3, 149 .mcast_probes = 3, 150 .anycast_delay = 1 * HZ, 151 .proxy_delay = (8 * HZ) / 10, 152 .proxy_qlen = 64, 153 }, 154 .gc_interval = 30 * HZ, 155 .gc_thresh1 = 128, 156 .gc_thresh2 = 512, 157 .gc_thresh3 = 1024, 158}; 159 160/* ND options */ 161struct ndisc_options { 162 struct nd_opt_hdr *nd_opt_array[__ND_OPT_ARRAY_MAX]; 163#ifdef CONFIG_IPV6_ROUTE_INFO 164 struct nd_opt_hdr *nd_opts_ri; 165 struct nd_opt_hdr *nd_opts_ri_end; 166#endif 167 struct nd_opt_hdr *nd_useropts; 168 struct nd_opt_hdr *nd_useropts_end; 169}; 170 171#define nd_opts_src_lladdr nd_opt_array[ND_OPT_SOURCE_LL_ADDR] 172#define nd_opts_tgt_lladdr nd_opt_array[ND_OPT_TARGET_LL_ADDR] 173#define nd_opts_pi nd_opt_array[ND_OPT_PREFIX_INFO] 174#define nd_opts_pi_end nd_opt_array[__ND_OPT_PREFIX_INFO_END] 175#define nd_opts_rh nd_opt_array[ND_OPT_REDIRECT_HDR] 176#define nd_opts_mtu nd_opt_array[ND_OPT_MTU] 177 178#define NDISC_OPT_SPACE(len) (((len)+2+7)&~7) 179 180/* 181 * Return the padding between the option length and the start of the 182 * link addr. Currently only IP-over-InfiniBand needs this, although 183 * if RFC 3831 IPv6-over-Fibre Channel is ever implemented it may 184 * also need a pad of 2. 185 */ 186static int ndisc_addr_option_pad(unsigned short type) 187{ 188 switch (type) { 189 case ARPHRD_INFINIBAND: return 2; 190 default: return 0; 191 } 192} 193 194static inline int ndisc_opt_addr_space(struct net_device *dev) 195{ 196 return NDISC_OPT_SPACE(dev->addr_len + ndisc_addr_option_pad(dev->type)); 197} 198 199static u8 *ndisc_fill_addr_option(u8 *opt, int type, void *data, int data_len, 200 unsigned short addr_type) 201{ 202 int space = NDISC_OPT_SPACE(data_len); 203 int pad = ndisc_addr_option_pad(addr_type); 204 205 opt[0] = type; 206 opt[1] = space>>3; 207 208 memset(opt + 2, 0, pad); 209 opt += pad; 210 space -= pad; 211 212 memcpy(opt+2, data, data_len); 213 data_len += 2; 214 opt += data_len; 215 if ((space -= data_len) > 0) 216 memset(opt, 0, space); 217 return opt + space; 218} 219 220static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur, 221 struct nd_opt_hdr *end) 222{ 223 int type; 224 if (!cur || !end || cur >= end) 225 return NULL; 226 type = cur->nd_opt_type; 227 do { 228 cur = ((void *)cur) + (cur->nd_opt_len << 3); 229 } while(cur < end && cur->nd_opt_type != type); 230 return (cur <= end && cur->nd_opt_type == type ? cur : NULL); 231} 232 233static inline int ndisc_is_useropt(struct nd_opt_hdr *opt) 234{ 235 return (opt->nd_opt_type == ND_OPT_RDNSS); 236} 237 238static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur, 239 struct nd_opt_hdr *end) 240{ 241 if (!cur || !end || cur >= end) 242 return NULL; 243 do { 244 cur = ((void *)cur) + (cur->nd_opt_len << 3); 245 } while(cur < end && !ndisc_is_useropt(cur)); 246 return (cur <= end && ndisc_is_useropt(cur) ? cur : NULL); 247} 248 249static struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len, 250 struct ndisc_options *ndopts) 251{ 252 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt; 253 254 if (!nd_opt || opt_len < 0 || !ndopts) 255 return NULL; 256 memset(ndopts, 0, sizeof(*ndopts)); 257 while (opt_len) { 258 int l; 259 if (opt_len < sizeof(struct nd_opt_hdr)) 260 return NULL; 261 l = nd_opt->nd_opt_len << 3; 262 if (opt_len < l || l == 0) 263 return NULL; 264 switch (nd_opt->nd_opt_type) { 265 case ND_OPT_SOURCE_LL_ADDR: 266 case ND_OPT_TARGET_LL_ADDR: 267 case ND_OPT_MTU: 268 case ND_OPT_REDIRECT_HDR: 269 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) { 270 ND_PRINTK2(KERN_WARNING 271 "%s(): duplicated ND6 option found: type=%d\n", 272 __func__, 273 nd_opt->nd_opt_type); 274 } else { 275 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 276 } 277 break; 278 case ND_OPT_PREFIX_INFO: 279 ndopts->nd_opts_pi_end = nd_opt; 280 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type]) 281 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 282 break; 283#ifdef CONFIG_IPV6_ROUTE_INFO 284 case ND_OPT_ROUTE_INFO: 285 ndopts->nd_opts_ri_end = nd_opt; 286 if (!ndopts->nd_opts_ri) 287 ndopts->nd_opts_ri = nd_opt; 288 break; 289#endif 290 default: 291 if (ndisc_is_useropt(nd_opt)) { 292 ndopts->nd_useropts_end = nd_opt; 293 if (!ndopts->nd_useropts) 294 ndopts->nd_useropts = nd_opt; 295 } else { 296 /* 297 * Unknown options must be silently ignored, 298 * to accommodate future extension to the 299 * protocol. 300 */ 301 ND_PRINTK2(KERN_NOTICE 302 "%s(): ignored unsupported option; type=%d, len=%d\n", 303 __func__, 304 nd_opt->nd_opt_type, nd_opt->nd_opt_len); 305 } 306 } 307 opt_len -= l; 308 nd_opt = ((void *)nd_opt) + l; 309 } 310 return ndopts; 311} 312 313static inline u8 *ndisc_opt_addr_data(struct nd_opt_hdr *p, 314 struct net_device *dev) 315{ 316 u8 *lladdr = (u8 *)(p + 1); 317 int lladdrlen = p->nd_opt_len << 3; 318 int prepad = ndisc_addr_option_pad(dev->type); 319 if (lladdrlen != NDISC_OPT_SPACE(dev->addr_len + prepad)) 320 return NULL; 321 return (lladdr + prepad); 322} 323 324int ndisc_mc_map(struct in6_addr *addr, char *buf, struct net_device *dev, int dir) 325{ 326 switch (dev->type) { 327 case ARPHRD_ETHER: 328 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */ 329 case ARPHRD_FDDI: 330 ipv6_eth_mc_map(addr, buf); 331 return 0; 332 case ARPHRD_IEEE802_TR: 333 ipv6_tr_mc_map(addr,buf); 334 return 0; 335 case ARPHRD_ARCNET: 336 ipv6_arcnet_mc_map(addr, buf); 337 return 0; 338 case ARPHRD_INFINIBAND: 339 ipv6_ib_mc_map(addr, dev->broadcast, buf); 340 return 0; 341 default: 342 if (dir) { 343 memcpy(buf, dev->broadcast, dev->addr_len); 344 return 0; 345 } 346 } 347 return -EINVAL; 348} 349 350EXPORT_SYMBOL(ndisc_mc_map); 351 352static u32 ndisc_hash(const void *pkey, const struct net_device *dev) 353{ 354 const u32 *p32 = pkey; 355 u32 addr_hash, i; 356 357 addr_hash = 0; 358 for (i = 0; i < (sizeof(struct in6_addr) / sizeof(u32)); i++) 359 addr_hash ^= *p32++; 360 361 return jhash_2words(addr_hash, dev->ifindex, nd_tbl.hash_rnd); 362} 363 364static int ndisc_constructor(struct neighbour *neigh) 365{ 366 struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key; 367 struct net_device *dev = neigh->dev; 368 struct inet6_dev *in6_dev; 369 struct neigh_parms *parms; 370 int is_multicast = ipv6_addr_is_multicast(addr); 371 372 rcu_read_lock(); 373 in6_dev = in6_dev_get(dev); 374 if (in6_dev == NULL) { 375 rcu_read_unlock(); 376 return -EINVAL; 377 } 378 379 parms = in6_dev->nd_parms; 380 __neigh_parms_put(neigh->parms); 381 neigh->parms = neigh_parms_clone(parms); 382 rcu_read_unlock(); 383 384 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST; 385 if (!dev->header_ops) { 386 neigh->nud_state = NUD_NOARP; 387 neigh->ops = &ndisc_direct_ops; 388 neigh->output = neigh->ops->queue_xmit; 389 } else { 390 if (is_multicast) { 391 neigh->nud_state = NUD_NOARP; 392 ndisc_mc_map(addr, neigh->ha, dev, 1); 393 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) { 394 neigh->nud_state = NUD_NOARP; 395 memcpy(neigh->ha, dev->dev_addr, dev->addr_len); 396 if (dev->flags&IFF_LOOPBACK) 397 neigh->type = RTN_LOCAL; 398 } else if (dev->flags&IFF_POINTOPOINT) { 399 neigh->nud_state = NUD_NOARP; 400 memcpy(neigh->ha, dev->broadcast, dev->addr_len); 401 } 402 if (dev->header_ops->cache) 403 neigh->ops = &ndisc_hh_ops; 404 else 405 neigh->ops = &ndisc_generic_ops; 406 if (neigh->nud_state&NUD_VALID) 407 neigh->output = neigh->ops->connected_output; 408 else 409 neigh->output = neigh->ops->output; 410 } 411 in6_dev_put(in6_dev); 412 return 0; 413} 414 415static int pndisc_constructor(struct pneigh_entry *n) 416{ 417 struct in6_addr *addr = (struct in6_addr*)&n->key; 418 struct in6_addr maddr; 419 struct net_device *dev = n->dev; 420 421 if (dev == NULL || __in6_dev_get(dev) == NULL) 422 return -EINVAL; 423 addrconf_addr_solict_mult(addr, &maddr); 424 ipv6_dev_mc_inc(dev, &maddr); 425 return 0; 426} 427 428static void pndisc_destructor(struct pneigh_entry *n) 429{ 430 struct in6_addr *addr = (struct in6_addr*)&n->key; 431 struct in6_addr maddr; 432 struct net_device *dev = n->dev; 433 434 if (dev == NULL || __in6_dev_get(dev) == NULL) 435 return; 436 addrconf_addr_solict_mult(addr, &maddr); 437 ipv6_dev_mc_dec(dev, &maddr); 438} 439 440struct sk_buff *ndisc_build_skb(struct net_device *dev, 441 const struct in6_addr *daddr, 442 const struct in6_addr *saddr, 443 struct icmp6hdr *icmp6h, 444 const struct in6_addr *target, 445 int llinfo) 446{ 447 struct net *net = dev_net(dev); 448 struct sock *sk = net->ipv6.ndisc_sk; 449 struct sk_buff *skb; 450 struct icmp6hdr *hdr; 451 int len; 452 int err; 453 u8 *opt; 454 455 if (!dev->addr_len) 456 llinfo = 0; 457 458 len = sizeof(struct icmp6hdr) + (target ? sizeof(*target) : 0); 459 if (llinfo) 460 len += ndisc_opt_addr_space(dev); 461 462 skb = sock_alloc_send_skb(sk, 463 (MAX_HEADER + sizeof(struct ipv6hdr) + 464 len + LL_ALLOCATED_SPACE(dev)), 465 1, &err); 466 if (!skb) { 467 ND_PRINTK0(KERN_ERR 468 "ICMPv6 ND: %s() failed to allocate an skb, err=%d.\n", 469 __func__, err); 470 return NULL; 471 } 472 473 skb_reserve(skb, LL_RESERVED_SPACE(dev)); 474 ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len); 475 476 skb->transport_header = skb->tail; 477 skb_put(skb, len); 478 479 hdr = (struct icmp6hdr *)skb_transport_header(skb); 480 memcpy(hdr, icmp6h, sizeof(*hdr)); 481 482 opt = skb_transport_header(skb) + sizeof(struct icmp6hdr); 483 if (target) { 484 ipv6_addr_copy((struct in6_addr *)opt, target); 485 opt += sizeof(*target); 486 } 487 488 if (llinfo) 489 ndisc_fill_addr_option(opt, llinfo, dev->dev_addr, 490 dev->addr_len, dev->type); 491 492 hdr->icmp6_cksum = csum_ipv6_magic(saddr, daddr, len, 493 IPPROTO_ICMPV6, 494 csum_partial(hdr, 495 len, 0)); 496 497 return skb; 498} 499 500EXPORT_SYMBOL(ndisc_build_skb); 501 502void ndisc_send_skb(struct sk_buff *skb, 503 struct net_device *dev, 504 struct neighbour *neigh, 505 const struct in6_addr *daddr, 506 const struct in6_addr *saddr, 507 struct icmp6hdr *icmp6h) 508{ 509 struct flowi fl; 510 struct dst_entry *dst; 511 struct net *net = dev_net(dev); 512 struct sock *sk = net->ipv6.ndisc_sk; 513 struct inet6_dev *idev; 514 int err; 515 u8 type; 516 517 type = icmp6h->icmp6_type; 518 519 icmpv6_flow_init(sk, &fl, type, saddr, daddr, dev->ifindex); 520 521 dst = icmp6_dst_alloc(dev, neigh, daddr); 522 if (!dst) { 523 kfree_skb(skb); 524 return; 525 } 526 527 err = xfrm_lookup(net, &dst, &fl, NULL, 0); 528 if (err < 0) { 529 kfree_skb(skb); 530 return; 531 } 532 533 skb_dst_set(skb, dst); 534 535 idev = in6_dev_get(dst->dev); 536 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len); 537 538 err = NF_HOOK(PF_INET6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev, 539 dst_output); 540 if (!err) { 541 ICMP6MSGOUT_INC_STATS(net, idev, type); 542 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS); 543 } 544 545 if (likely(idev != NULL)) 546 in6_dev_put(idev); 547} 548 549EXPORT_SYMBOL(ndisc_send_skb); 550 551/* 552 * Send a Neighbour Discover packet 553 */ 554static void __ndisc_send(struct net_device *dev, 555 struct neighbour *neigh, 556 const struct in6_addr *daddr, 557 const struct in6_addr *saddr, 558 struct icmp6hdr *icmp6h, const struct in6_addr *target, 559 int llinfo) 560{ 561 struct sk_buff *skb; 562 563 skb = ndisc_build_skb(dev, daddr, saddr, icmp6h, target, llinfo); 564 if (!skb) 565 return; 566 567 ndisc_send_skb(skb, dev, neigh, daddr, saddr, icmp6h); 568} 569 570static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh, 571 const struct in6_addr *daddr, 572 const struct in6_addr *solicited_addr, 573 int router, int solicited, int override, int inc_opt) 574{ 575 struct in6_addr tmpaddr; 576 struct inet6_ifaddr *ifp; 577 const struct in6_addr *src_addr; 578 struct icmp6hdr icmp6h = { 579 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT, 580 }; 581 582 /* for anycast or proxy, solicited_addr != src_addr */ 583 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1); 584 if (ifp) { 585 src_addr = solicited_addr; 586 if (ifp->flags & IFA_F_OPTIMISTIC) 587 override = 0; 588 in6_ifa_put(ifp); 589 } else { 590 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr, 591 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs, 592 &tmpaddr)) 593 return; 594 src_addr = &tmpaddr; 595 } 596 597 icmp6h.icmp6_router = router; 598 icmp6h.icmp6_solicited = solicited; 599 icmp6h.icmp6_override = override; 600 601 __ndisc_send(dev, neigh, daddr, src_addr, 602 &icmp6h, solicited_addr, 603 inc_opt ? ND_OPT_TARGET_LL_ADDR : 0); 604} 605 606void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh, 607 const struct in6_addr *solicit, 608 const struct in6_addr *daddr, const struct in6_addr *saddr) 609{ 610 struct in6_addr addr_buf; 611 struct icmp6hdr icmp6h = { 612 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION, 613 }; 614 615 if (saddr == NULL) { 616 if (ipv6_get_lladdr(dev, &addr_buf, 617 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))) 618 return; 619 saddr = &addr_buf; 620 } 621 622 __ndisc_send(dev, neigh, daddr, saddr, 623 &icmp6h, solicit, 624 !ipv6_addr_any(saddr) ? ND_OPT_SOURCE_LL_ADDR : 0); 625} 626 627void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr, 628 const struct in6_addr *daddr) 629{ 630 struct icmp6hdr icmp6h = { 631 .icmp6_type = NDISC_ROUTER_SOLICITATION, 632 }; 633 int send_sllao = dev->addr_len; 634 635#ifdef CONFIG_IPV6_OPTIMISTIC_DAD 636 /* 637 * According to section 2.2 of RFC 4429, we must not 638 * send router solicitations with a sllao from 639 * optimistic addresses, but we may send the solicitation 640 * if we don't include the sllao. So here we check 641 * if our address is optimistic, and if so, we 642 * suppress the inclusion of the sllao. 643 */ 644 if (send_sllao) { 645 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr, 646 dev, 1); 647 if (ifp) { 648 if (ifp->flags & IFA_F_OPTIMISTIC) { 649 send_sllao = 0; 650 } 651 in6_ifa_put(ifp); 652 } else { 653 send_sllao = 0; 654 } 655 } 656#endif 657 __ndisc_send(dev, NULL, daddr, saddr, 658 &icmp6h, NULL, 659 send_sllao ? ND_OPT_SOURCE_LL_ADDR : 0); 660} 661EXPORT_SYMBOL(ndisc_send_rs); 662 663 664static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb) 665{ 666 /* 667 * "The sender MUST return an ICMP 668 * destination unreachable" 669 */ 670 dst_link_failure(skb); 671 kfree_skb(skb); 672} 673 674/* Called with locked neigh: either read or both */ 675 676static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb) 677{ 678 struct in6_addr *saddr = NULL; 679 struct in6_addr mcaddr; 680 struct net_device *dev = neigh->dev; 681 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key; 682 int probes = atomic_read(&neigh->probes); 683 684 if (skb && ipv6_chk_addr(dev_net(dev), &ipv6_hdr(skb)->saddr, dev, 1)) 685 saddr = &ipv6_hdr(skb)->saddr; 686 687 if ((probes -= neigh->parms->ucast_probes) < 0) { 688 if (!(neigh->nud_state & NUD_VALID)) { 689 ND_PRINTK1(KERN_DEBUG "%s(): trying to ucast probe in NUD_INVALID: %pI6\n", 690 __func__, target); 691 } 692 ndisc_send_ns(dev, neigh, target, target, saddr); 693 } else if ((probes -= neigh->parms->app_probes) < 0) { 694#ifdef CONFIG_ARPD 695 neigh_app_ns(neigh); 696#endif 697 } else { 698 addrconf_addr_solict_mult(target, &mcaddr); 699 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr); 700 } 701} 702 703static int pndisc_is_router(const void *pkey, 704 struct net_device *dev) 705{ 706 struct pneigh_entry *n; 707 int ret = -1; 708 709 read_lock_bh(&nd_tbl.lock); 710 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev); 711 if (n) 712 ret = !!(n->flags & NTF_ROUTER); 713 read_unlock_bh(&nd_tbl.lock); 714 715 return ret; 716} 717 718static void ndisc_recv_ns(struct sk_buff *skb) 719{ 720 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb); 721 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 722 struct in6_addr *daddr = &ipv6_hdr(skb)->daddr; 723 u8 *lladdr = NULL; 724 u32 ndoptlen = skb->tail - (skb->transport_header + 725 offsetof(struct nd_msg, opt)); 726 struct ndisc_options ndopts; 727 struct net_device *dev = skb->dev; 728 struct inet6_ifaddr *ifp; 729 struct inet6_dev *idev = NULL; 730 struct neighbour *neigh; 731 int dad = ipv6_addr_any(saddr); 732 int inc; 733 int is_router = -1; 734 735 if (ipv6_addr_is_multicast(&msg->target)) { 736 ND_PRINTK2(KERN_WARNING 737 "ICMPv6 NS: multicast target address"); 738 return; 739 } 740 741 /* 742 * RFC2461 7.1.1: 743 * DAD has to be destined for solicited node multicast address. 744 */ 745 if (dad && 746 !(daddr->s6_addr32[0] == htonl(0xff020000) && 747 daddr->s6_addr32[1] == htonl(0x00000000) && 748 daddr->s6_addr32[2] == htonl(0x00000001) && 749 daddr->s6_addr [12] == 0xff )) { 750 ND_PRINTK2(KERN_WARNING 751 "ICMPv6 NS: bad DAD packet (wrong destination)\n"); 752 return; 753 } 754 755 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) { 756 ND_PRINTK2(KERN_WARNING 757 "ICMPv6 NS: invalid ND options\n"); 758 return; 759 } 760 761 if (ndopts.nd_opts_src_lladdr) { 762 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev); 763 if (!lladdr) { 764 ND_PRINTK2(KERN_WARNING 765 "ICMPv6 NS: invalid link-layer address length\n"); 766 return; 767 } 768 769 /* RFC2461 7.1.1: 770 * If the IP source address is the unspecified address, 771 * there MUST NOT be source link-layer address option 772 * in the message. 773 */ 774 if (dad) { 775 ND_PRINTK2(KERN_WARNING 776 "ICMPv6 NS: bad DAD packet (link-layer address option)\n"); 777 return; 778 } 779 } 780 781 inc = ipv6_addr_is_multicast(daddr); 782 783 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1); 784 if (ifp) { 785 786 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) { 787 if (dad) { 788 if (dev->type == ARPHRD_IEEE802_TR) { 789 const unsigned char *sadr; 790 sadr = skb_mac_header(skb); 791 if (((sadr[8] ^ dev->dev_addr[0]) & 0x7f) == 0 && 792 sadr[9] == dev->dev_addr[1] && 793 sadr[10] == dev->dev_addr[2] && 794 sadr[11] == dev->dev_addr[3] && 795 sadr[12] == dev->dev_addr[4] && 796 sadr[13] == dev->dev_addr[5]) { 797 /* looped-back to us */ 798 goto out; 799 } 800 } 801 802 /* 803 * We are colliding with another node 804 * who is doing DAD 805 * so fail our DAD process 806 */ 807 addrconf_dad_failure(ifp); 808 return; 809 } else { 810 /* 811 * This is not a dad solicitation. 812 * If we are an optimistic node, 813 * we should respond. 814 * Otherwise, we should ignore it. 815 */ 816 if (!(ifp->flags & IFA_F_OPTIMISTIC)) 817 goto out; 818 } 819 } 820 821 idev = ifp->idev; 822 } else { 823 struct net *net = dev_net(dev); 824 825 idev = in6_dev_get(dev); 826 if (!idev) { 827 /* XXX: count this drop? */ 828 return; 829 } 830 831 if (ipv6_chk_acast_addr(net, dev, &msg->target) || 832 (idev->cnf.forwarding && 833 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) && 834 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) { 835 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) && 836 skb->pkt_type != PACKET_HOST && 837 inc != 0 && 838 idev->nd_parms->proxy_delay != 0) { 839 /* 840 * for anycast or proxy, 841 * sender should delay its response 842 * by a random time between 0 and 843 * MAX_ANYCAST_DELAY_TIME seconds. 844 * (RFC2461) -- yoshfuji 845 */ 846 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC); 847 if (n) 848 pneigh_enqueue(&nd_tbl, idev->nd_parms, n); 849 goto out; 850 } 851 } else 852 goto out; 853 } 854 855 if (is_router < 0) 856 is_router = !!idev->cnf.forwarding; 857 858 if (dad) { 859 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &msg->target, 860 is_router, 0, (ifp != NULL), 1); 861 goto out; 862 } 863 864 if (inc) 865 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast); 866 else 867 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast); 868 869 /* 870 * update / create cache entry 871 * for the source address 872 */ 873 neigh = __neigh_lookup(&nd_tbl, saddr, dev, 874 !inc || lladdr || !dev->addr_len); 875 if (neigh) 876 neigh_update(neigh, lladdr, NUD_STALE, 877 NEIGH_UPDATE_F_WEAK_OVERRIDE| 878 NEIGH_UPDATE_F_OVERRIDE); 879 if (neigh || !dev->header_ops) { 880 ndisc_send_na(dev, neigh, saddr, &msg->target, 881 is_router, 882 1, (ifp != NULL && inc), inc); 883 if (neigh) 884 neigh_release(neigh); 885 } 886 887out: 888 if (ifp) 889 in6_ifa_put(ifp); 890 else 891 in6_dev_put(idev); 892 893 return; 894} 895 896static void ndisc_recv_na(struct sk_buff *skb) 897{ 898 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb); 899 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 900 struct in6_addr *daddr = &ipv6_hdr(skb)->daddr; 901 u8 *lladdr = NULL; 902 u32 ndoptlen = skb->tail - (skb->transport_header + 903 offsetof(struct nd_msg, opt)); 904 struct ndisc_options ndopts; 905 struct net_device *dev = skb->dev; 906 struct inet6_ifaddr *ifp; 907 struct neighbour *neigh; 908 909 if (skb->len < sizeof(struct nd_msg)) { 910 ND_PRINTK2(KERN_WARNING 911 "ICMPv6 NA: packet too short\n"); 912 return; 913 } 914 915 if (ipv6_addr_is_multicast(&msg->target)) { 916 ND_PRINTK2(KERN_WARNING 917 "ICMPv6 NA: target address is multicast.\n"); 918 return; 919 } 920 921 if (ipv6_addr_is_multicast(daddr) && 922 msg->icmph.icmp6_solicited) { 923 ND_PRINTK2(KERN_WARNING 924 "ICMPv6 NA: solicited NA is multicasted.\n"); 925 return; 926 } 927 928 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) { 929 ND_PRINTK2(KERN_WARNING 930 "ICMPv6 NS: invalid ND option\n"); 931 return; 932 } 933 if (ndopts.nd_opts_tgt_lladdr) { 934 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev); 935 if (!lladdr) { 936 ND_PRINTK2(KERN_WARNING 937 "ICMPv6 NA: invalid link-layer address length\n"); 938 return; 939 } 940 } 941 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1); 942 if (ifp) { 943 if (ifp->flags & IFA_F_TENTATIVE) { 944 addrconf_dad_failure(ifp); 945 return; 946 } 947 /* What should we make now? The advertisement 948 is invalid, but ndisc specs say nothing 949 about it. It could be misconfiguration, or 950 an smart proxy agent tries to help us :-) 951 952 We should not print the error if NA has been 953 received from loopback - it is just our own 954 unsolicited advertisement. 955 */ 956 if (skb->pkt_type != PACKET_LOOPBACK) 957 ND_PRINTK1(KERN_WARNING 958 "ICMPv6 NA: someone advertises our address on %s!\n", 959 ifp->idev->dev->name); 960 in6_ifa_put(ifp); 961 return; 962 } 963 neigh = neigh_lookup(&nd_tbl, &msg->target, dev); 964 965 if (neigh) { 966 u8 old_flags = neigh->flags; 967 struct net *net = dev_net(dev); 968 969 if (neigh->nud_state & NUD_FAILED) 970 goto out; 971 972 /* 973 * Don't update the neighbor cache entry on a proxy NA from 974 * ourselves because either the proxied node is off link or it 975 * has already sent a NA to us. 976 */ 977 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) && 978 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp && 979 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) { 980 /* XXX: idev->cnf.prixy_ndp */ 981 goto out; 982 } 983 984 neigh_update(neigh, lladdr, 985 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE, 986 NEIGH_UPDATE_F_WEAK_OVERRIDE| 987 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)| 988 NEIGH_UPDATE_F_OVERRIDE_ISROUTER| 989 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0)); 990 991 if ((old_flags & ~neigh->flags) & NTF_ROUTER) { 992 /* 993 * Change: router to host 994 */ 995 struct rt6_info *rt; 996 rt = rt6_get_dflt_router(saddr, dev); 997 if (rt) 998 ip6_del_rt(rt); 999 } 1000 1001out: 1002 neigh_release(neigh); 1003 } 1004} 1005 1006static void ndisc_recv_rs(struct sk_buff *skb) 1007{ 1008 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb); 1009 unsigned long ndoptlen = skb->len - sizeof(*rs_msg); 1010 struct neighbour *neigh; 1011 struct inet6_dev *idev; 1012 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 1013 struct ndisc_options ndopts; 1014 u8 *lladdr = NULL; 1015 1016 if (skb->len < sizeof(*rs_msg)) 1017 return; 1018 1019 idev = in6_dev_get(skb->dev); 1020 if (!idev) { 1021 if (net_ratelimit()) 1022 ND_PRINTK1("ICMP6 RS: can't find in6 device\n"); 1023 return; 1024 } 1025 1026 /* Don't accept RS if we're not in router mode */ 1027 if (!idev->cnf.forwarding) 1028 goto out; 1029 1030 /* 1031 * Don't update NCE if src = ::; 1032 * this implies that the source node has no ip address assigned yet. 1033 */ 1034 if (ipv6_addr_any(saddr)) 1035 goto out; 1036 1037 /* Parse ND options */ 1038 if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) { 1039 if (net_ratelimit()) 1040 ND_PRINTK2("ICMP6 NS: invalid ND option, ignored\n"); 1041 goto out; 1042 } 1043 1044 if (ndopts.nd_opts_src_lladdr) { 1045 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, 1046 skb->dev); 1047 if (!lladdr) 1048 goto out; 1049 } 1050 1051 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1); 1052 if (neigh) { 1053 neigh_update(neigh, lladdr, NUD_STALE, 1054 NEIGH_UPDATE_F_WEAK_OVERRIDE| 1055 NEIGH_UPDATE_F_OVERRIDE| 1056 NEIGH_UPDATE_F_OVERRIDE_ISROUTER); 1057 neigh_release(neigh); 1058 } 1059out: 1060 in6_dev_put(idev); 1061} 1062 1063static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt) 1064{ 1065 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra); 1066 struct sk_buff *skb; 1067 struct nlmsghdr *nlh; 1068 struct nduseroptmsg *ndmsg; 1069 struct net *net = dev_net(ra->dev); 1070 int err; 1071 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg) 1072 + (opt->nd_opt_len << 3)); 1073 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr)); 1074 1075 skb = nlmsg_new(msg_size, GFP_ATOMIC); 1076 if (skb == NULL) { 1077 err = -ENOBUFS; 1078 goto errout; 1079 } 1080 1081 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0); 1082 if (nlh == NULL) { 1083 goto nla_put_failure; 1084 } 1085 1086 ndmsg = nlmsg_data(nlh); 1087 ndmsg->nduseropt_family = AF_INET6; 1088 ndmsg->nduseropt_ifindex = ra->dev->ifindex; 1089 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type; 1090 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code; 1091 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3; 1092 1093 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3); 1094 1095 NLA_PUT(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr), 1096 &ipv6_hdr(ra)->saddr); 1097 nlmsg_end(skb, nlh); 1098 1099 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC); 1100 return; 1101 1102nla_put_failure: 1103 nlmsg_free(skb); 1104 err = -EMSGSIZE; 1105errout: 1106 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err); 1107} 1108 1109static void ndisc_router_discovery(struct sk_buff *skb) 1110{ 1111 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb); 1112 struct neighbour *neigh = NULL; 1113 struct inet6_dev *in6_dev; 1114 struct rt6_info *rt = NULL; 1115 int lifetime; 1116 struct ndisc_options ndopts; 1117 int optlen; 1118 unsigned int pref = 0; 1119 1120 __u8 * opt = (__u8 *)(ra_msg + 1); 1121 1122 optlen = (skb->tail - skb->transport_header) - sizeof(struct ra_msg); 1123 1124 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) { 1125 ND_PRINTK2(KERN_WARNING 1126 "ICMPv6 RA: source address is not link-local.\n"); 1127 return; 1128 } 1129 if (optlen < 0) { 1130 ND_PRINTK2(KERN_WARNING 1131 "ICMPv6 RA: packet too short\n"); 1132 return; 1133 } 1134 1135#ifdef CONFIG_IPV6_NDISC_NODETYPE 1136 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) { 1137 ND_PRINTK2(KERN_WARNING 1138 "ICMPv6 RA: from host or unauthorized router\n"); 1139 return; 1140 } 1141#endif 1142 1143 /* 1144 * set the RA_RECV flag in the interface 1145 */ 1146 1147 in6_dev = in6_dev_get(skb->dev); 1148 if (in6_dev == NULL) { 1149 ND_PRINTK0(KERN_ERR 1150 "ICMPv6 RA: can't find inet6 device for %s.\n", 1151 skb->dev->name); 1152 return; 1153 } 1154 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_ra) { 1155 in6_dev_put(in6_dev); 1156 return; 1157 } 1158 1159 if (!ndisc_parse_options(opt, optlen, &ndopts)) { 1160 in6_dev_put(in6_dev); 1161 ND_PRINTK2(KERN_WARNING 1162 "ICMP6 RA: invalid ND options\n"); 1163 return; 1164 } 1165 1166#ifdef CONFIG_IPV6_NDISC_NODETYPE 1167 /* skip link-specific parameters from interior routers */ 1168 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) 1169 goto skip_linkparms; 1170#endif 1171 1172 if (in6_dev->if_flags & IF_RS_SENT) { 1173 /* 1174 * flag that an RA was received after an RS was sent 1175 * out on this interface. 1176 */ 1177 in6_dev->if_flags |= IF_RA_RCVD; 1178 } 1179 1180 /* 1181 * Remember the managed/otherconf flags from most recently 1182 * received RA message (RFC 2462) -- yoshfuji 1183 */ 1184 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED | 1185 IF_RA_OTHERCONF)) | 1186 (ra_msg->icmph.icmp6_addrconf_managed ? 1187 IF_RA_MANAGED : 0) | 1188 (ra_msg->icmph.icmp6_addrconf_other ? 1189 IF_RA_OTHERCONF : 0); 1190 1191 if (!in6_dev->cnf.accept_ra_defrtr) 1192 goto skip_defrtr; 1193 1194 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime); 1195 1196#ifdef CONFIG_IPV6_ROUTER_PREF 1197 pref = ra_msg->icmph.icmp6_router_pref; 1198 /* 10b is handled as if it were 00b (medium) */ 1199 if (pref == ICMPV6_ROUTER_PREF_INVALID || 1200 !in6_dev->cnf.accept_ra_rtr_pref) 1201 pref = ICMPV6_ROUTER_PREF_MEDIUM; 1202#endif 1203 1204 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev); 1205 1206 if (rt) 1207 neigh = rt->rt6i_nexthop; 1208 1209 if (rt && lifetime == 0) { 1210 neigh_clone(neigh); 1211 ip6_del_rt(rt); 1212 rt = NULL; 1213 } 1214 1215 if (rt == NULL && lifetime) { 1216 ND_PRINTK3(KERN_DEBUG 1217 "ICMPv6 RA: adding default router.\n"); 1218 1219 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref); 1220 if (rt == NULL) { 1221 ND_PRINTK0(KERN_ERR 1222 "ICMPv6 RA: %s() failed to add default route.\n", 1223 __func__); 1224 in6_dev_put(in6_dev); 1225 return; 1226 } 1227 1228 neigh = rt->rt6i_nexthop; 1229 if (neigh == NULL) { 1230 ND_PRINTK0(KERN_ERR 1231 "ICMPv6 RA: %s() got default router without neighbour.\n", 1232 __func__); 1233 dst_release(&rt->u.dst); 1234 in6_dev_put(in6_dev); 1235 return; 1236 } 1237 neigh->flags |= NTF_ROUTER; 1238 } else if (rt) { 1239 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref); 1240 } 1241 1242 if (rt) 1243 rt->rt6i_expires = jiffies + (HZ * lifetime); 1244 1245 if (ra_msg->icmph.icmp6_hop_limit) { 1246 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit; 1247 if (rt) 1248 rt->u.dst.metrics[RTAX_HOPLIMIT-1] = ra_msg->icmph.icmp6_hop_limit; 1249 } 1250 1251skip_defrtr: 1252 1253 /* 1254 * Update Reachable Time and Retrans Timer 1255 */ 1256 1257 if (in6_dev->nd_parms) { 1258 unsigned long rtime = ntohl(ra_msg->retrans_timer); 1259 1260 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) { 1261 rtime = (rtime*HZ)/1000; 1262 if (rtime < HZ/10) 1263 rtime = HZ/10; 1264 in6_dev->nd_parms->retrans_time = rtime; 1265 in6_dev->tstamp = jiffies; 1266 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev); 1267 } 1268 1269 rtime = ntohl(ra_msg->reachable_time); 1270 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) { 1271 rtime = (rtime*HZ)/1000; 1272 1273 if (rtime < HZ/10) 1274 rtime = HZ/10; 1275 1276 if (rtime != in6_dev->nd_parms->base_reachable_time) { 1277 in6_dev->nd_parms->base_reachable_time = rtime; 1278 in6_dev->nd_parms->gc_staletime = 3 * rtime; 1279 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime); 1280 in6_dev->tstamp = jiffies; 1281 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev); 1282 } 1283 } 1284 } 1285 1286#ifdef CONFIG_IPV6_NDISC_NODETYPE 1287skip_linkparms: 1288#endif 1289 1290 /* 1291 * Process options. 1292 */ 1293 1294 if (!neigh) 1295 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr, 1296 skb->dev, 1); 1297 if (neigh) { 1298 u8 *lladdr = NULL; 1299 if (ndopts.nd_opts_src_lladdr) { 1300 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, 1301 skb->dev); 1302 if (!lladdr) { 1303 ND_PRINTK2(KERN_WARNING 1304 "ICMPv6 RA: invalid link-layer address length\n"); 1305 goto out; 1306 } 1307 } 1308 neigh_update(neigh, lladdr, NUD_STALE, 1309 NEIGH_UPDATE_F_WEAK_OVERRIDE| 1310 NEIGH_UPDATE_F_OVERRIDE| 1311 NEIGH_UPDATE_F_OVERRIDE_ISROUTER| 1312 NEIGH_UPDATE_F_ISROUTER); 1313 } 1314 1315#ifdef CONFIG_IPV6_ROUTE_INFO 1316 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) { 1317 struct nd_opt_hdr *p; 1318 for (p = ndopts.nd_opts_ri; 1319 p; 1320 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) { 1321 struct route_info *ri = (struct route_info *)p; 1322#ifdef CONFIG_IPV6_NDISC_NODETYPE 1323 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT && 1324 ri->prefix_len == 0) 1325 continue; 1326#endif 1327 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen) 1328 continue; 1329 rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3, 1330 &ipv6_hdr(skb)->saddr); 1331 } 1332 } 1333#endif 1334 1335#ifdef CONFIG_IPV6_NDISC_NODETYPE 1336 /* skip link-specific ndopts from interior routers */ 1337 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) 1338 goto out; 1339#endif 1340 1341 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) { 1342 struct nd_opt_hdr *p; 1343 for (p = ndopts.nd_opts_pi; 1344 p; 1345 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) { 1346 addrconf_prefix_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3); 1347 } 1348 } 1349 1350 if (ndopts.nd_opts_mtu) { 1351 __be32 n; 1352 u32 mtu; 1353 1354 memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu)); 1355 mtu = ntohl(n); 1356 1357 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) { 1358 ND_PRINTK2(KERN_WARNING 1359 "ICMPv6 RA: invalid mtu: %d\n", 1360 mtu); 1361 } else if (in6_dev->cnf.mtu6 != mtu) { 1362 in6_dev->cnf.mtu6 = mtu; 1363 1364 if (rt) 1365 rt->u.dst.metrics[RTAX_MTU-1] = mtu; 1366 1367 rt6_mtu_change(skb->dev, mtu); 1368 } 1369 } 1370 1371 if (ndopts.nd_useropts) { 1372 struct nd_opt_hdr *p; 1373 for (p = ndopts.nd_useropts; 1374 p; 1375 p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) { 1376 ndisc_ra_useropt(skb, p); 1377 } 1378 } 1379 1380 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) { 1381 ND_PRINTK2(KERN_WARNING 1382 "ICMPv6 RA: invalid RA options"); 1383 } 1384out: 1385 if (rt) 1386 dst_release(&rt->u.dst); 1387 else if (neigh) 1388 neigh_release(neigh); 1389 in6_dev_put(in6_dev); 1390} 1391 1392static void ndisc_redirect_rcv(struct sk_buff *skb) 1393{ 1394 struct inet6_dev *in6_dev; 1395 struct icmp6hdr *icmph; 1396 struct in6_addr *dest; 1397 struct in6_addr *target; /* new first hop to destination */ 1398 struct neighbour *neigh; 1399 int on_link = 0; 1400 struct ndisc_options ndopts; 1401 int optlen; 1402 u8 *lladdr = NULL; 1403 1404#ifdef CONFIG_IPV6_NDISC_NODETYPE 1405 switch (skb->ndisc_nodetype) { 1406 case NDISC_NODETYPE_HOST: 1407 case NDISC_NODETYPE_NODEFAULT: 1408 ND_PRINTK2(KERN_WARNING 1409 "ICMPv6 Redirect: from host or unauthorized router\n"); 1410 return; 1411 } 1412#endif 1413 1414 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) { 1415 ND_PRINTK2(KERN_WARNING 1416 "ICMPv6 Redirect: source address is not link-local.\n"); 1417 return; 1418 } 1419 1420 optlen = skb->tail - skb->transport_header; 1421 optlen -= sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr); 1422 1423 if (optlen < 0) { 1424 ND_PRINTK2(KERN_WARNING 1425 "ICMPv6 Redirect: packet too short\n"); 1426 return; 1427 } 1428 1429 icmph = icmp6_hdr(skb); 1430 target = (struct in6_addr *) (icmph + 1); 1431 dest = target + 1; 1432 1433 if (ipv6_addr_is_multicast(dest)) { 1434 ND_PRINTK2(KERN_WARNING 1435 "ICMPv6 Redirect: destination address is multicast.\n"); 1436 return; 1437 } 1438 1439 if (ipv6_addr_equal(dest, target)) { 1440 on_link = 1; 1441 } else if (ipv6_addr_type(target) != 1442 (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) { 1443 ND_PRINTK2(KERN_WARNING 1444 "ICMPv6 Redirect: target address is not link-local unicast.\n"); 1445 return; 1446 } 1447 1448 in6_dev = in6_dev_get(skb->dev); 1449 if (!in6_dev) 1450 return; 1451 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects) { 1452 in6_dev_put(in6_dev); 1453 return; 1454 } 1455 1456 /* RFC2461 8.1: 1457 * The IP source address of the Redirect MUST be the same as the current 1458 * first-hop router for the specified ICMP Destination Address. 1459 */ 1460 1461 if (!ndisc_parse_options((u8*)(dest + 1), optlen, &ndopts)) { 1462 ND_PRINTK2(KERN_WARNING 1463 "ICMPv6 Redirect: invalid ND options\n"); 1464 in6_dev_put(in6_dev); 1465 return; 1466 } 1467 if (ndopts.nd_opts_tgt_lladdr) { 1468 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, 1469 skb->dev); 1470 if (!lladdr) { 1471 ND_PRINTK2(KERN_WARNING 1472 "ICMPv6 Redirect: invalid link-layer address length\n"); 1473 in6_dev_put(in6_dev); 1474 return; 1475 } 1476 } 1477 1478 neigh = __neigh_lookup(&nd_tbl, target, skb->dev, 1); 1479 if (neigh) { 1480 rt6_redirect(dest, &ipv6_hdr(skb)->daddr, 1481 &ipv6_hdr(skb)->saddr, neigh, lladdr, 1482 on_link); 1483 neigh_release(neigh); 1484 } 1485 in6_dev_put(in6_dev); 1486} 1487 1488void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh, 1489 const struct in6_addr *target) 1490{ 1491 struct net_device *dev = skb->dev; 1492 struct net *net = dev_net(dev); 1493 struct sock *sk = net->ipv6.ndisc_sk; 1494 int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr); 1495 struct sk_buff *buff; 1496 struct icmp6hdr *icmph; 1497 struct in6_addr saddr_buf; 1498 struct in6_addr *addrp; 1499 struct rt6_info *rt; 1500 struct dst_entry *dst; 1501 struct inet6_dev *idev; 1502 struct flowi fl; 1503 u8 *opt; 1504 int rd_len; 1505 int err; 1506 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL; 1507 1508 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) { 1509 ND_PRINTK2(KERN_WARNING 1510 "ICMPv6 Redirect: no link-local address on %s\n", 1511 dev->name); 1512 return; 1513 } 1514 1515 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) && 1516 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) { 1517 ND_PRINTK2(KERN_WARNING 1518 "ICMPv6 Redirect: target address is not link-local unicast.\n"); 1519 return; 1520 } 1521 1522 icmpv6_flow_init(sk, &fl, NDISC_REDIRECT, 1523 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex); 1524 1525 dst = ip6_route_output(net, NULL, &fl); 1526 if (dst == NULL) 1527 return; 1528 1529 err = xfrm_lookup(net, &dst, &fl, NULL, 0); 1530 if (err) 1531 return; 1532 1533 rt = (struct rt6_info *) dst; 1534 1535 if (rt->rt6i_flags & RTF_GATEWAY) { 1536 ND_PRINTK2(KERN_WARNING 1537 "ICMPv6 Redirect: destination is not a neighbour.\n"); 1538 goto release; 1539 } 1540 if (!xrlim_allow(dst, 1*HZ)) 1541 goto release; 1542 1543 if (dev->addr_len) { 1544 read_lock_bh(&neigh->lock); 1545 if (neigh->nud_state & NUD_VALID) { 1546 memcpy(ha_buf, neigh->ha, dev->addr_len); 1547 read_unlock_bh(&neigh->lock); 1548 ha = ha_buf; 1549 len += ndisc_opt_addr_space(dev); 1550 } else 1551 read_unlock_bh(&neigh->lock); 1552 } 1553 1554 rd_len = min_t(unsigned int, 1555 IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8); 1556 rd_len &= ~0x7; 1557 len += rd_len; 1558 1559 buff = sock_alloc_send_skb(sk, 1560 (MAX_HEADER + sizeof(struct ipv6hdr) + 1561 len + LL_ALLOCATED_SPACE(dev)), 1562 1, &err); 1563 if (buff == NULL) { 1564 ND_PRINTK0(KERN_ERR 1565 "ICMPv6 Redirect: %s() failed to allocate an skb, err=%d.\n", 1566 __func__, err); 1567 goto release; 1568 } 1569 1570 skb_reserve(buff, LL_RESERVED_SPACE(dev)); 1571 ip6_nd_hdr(sk, buff, dev, &saddr_buf, &ipv6_hdr(skb)->saddr, 1572 IPPROTO_ICMPV6, len); 1573 1574 skb_set_transport_header(buff, skb_tail_pointer(buff) - buff->data); 1575 skb_put(buff, len); 1576 icmph = icmp6_hdr(buff); 1577 1578 memset(icmph, 0, sizeof(struct icmp6hdr)); 1579 icmph->icmp6_type = NDISC_REDIRECT; 1580 1581 /* 1582 * copy target and destination addresses 1583 */ 1584 1585 addrp = (struct in6_addr *)(icmph + 1); 1586 ipv6_addr_copy(addrp, target); 1587 addrp++; 1588 ipv6_addr_copy(addrp, &ipv6_hdr(skb)->daddr); 1589 1590 opt = (u8*) (addrp + 1); 1591 1592 /* 1593 * include target_address option 1594 */ 1595 1596 if (ha) 1597 opt = ndisc_fill_addr_option(opt, ND_OPT_TARGET_LL_ADDR, ha, 1598 dev->addr_len, dev->type); 1599 1600 /* 1601 * build redirect option and copy skb over to the new packet. 1602 */ 1603 1604 memset(opt, 0, 8); 1605 *(opt++) = ND_OPT_REDIRECT_HDR; 1606 *(opt++) = (rd_len >> 3); 1607 opt += 6; 1608 1609 memcpy(opt, ipv6_hdr(skb), rd_len - 8); 1610 1611 icmph->icmp6_cksum = csum_ipv6_magic(&saddr_buf, &ipv6_hdr(skb)->saddr, 1612 len, IPPROTO_ICMPV6, 1613 csum_partial(icmph, len, 0)); 1614 1615 skb_dst_set(buff, dst); 1616 idev = in6_dev_get(dst->dev); 1617 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len); 1618 err = NF_HOOK(PF_INET6, NF_INET_LOCAL_OUT, buff, NULL, dst->dev, 1619 dst_output); 1620 if (!err) { 1621 ICMP6MSGOUT_INC_STATS(net, idev, NDISC_REDIRECT); 1622 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS); 1623 } 1624 1625 if (likely(idev != NULL)) 1626 in6_dev_put(idev); 1627 return; 1628 1629release: 1630 dst_release(dst); 1631} 1632 1633static void pndisc_redo(struct sk_buff *skb) 1634{ 1635 ndisc_recv_ns(skb); 1636 kfree_skb(skb); 1637} 1638 1639int ndisc_rcv(struct sk_buff *skb) 1640{ 1641 struct nd_msg *msg; 1642 1643 if (!pskb_may_pull(skb, skb->len)) 1644 return 0; 1645 1646 msg = (struct nd_msg *)skb_transport_header(skb); 1647 1648 __skb_push(skb, skb->data - skb_transport_header(skb)); 1649 1650 if (ipv6_hdr(skb)->hop_limit != 255) { 1651 ND_PRINTK2(KERN_WARNING 1652 "ICMPv6 NDISC: invalid hop-limit: %d\n", 1653 ipv6_hdr(skb)->hop_limit); 1654 return 0; 1655 } 1656 1657 if (msg->icmph.icmp6_code != 0) { 1658 ND_PRINTK2(KERN_WARNING 1659 "ICMPv6 NDISC: invalid ICMPv6 code: %d\n", 1660 msg->icmph.icmp6_code); 1661 return 0; 1662 } 1663 1664 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb)); 1665 1666 switch (msg->icmph.icmp6_type) { 1667 case NDISC_NEIGHBOUR_SOLICITATION: 1668 ndisc_recv_ns(skb); 1669 break; 1670 1671 case NDISC_NEIGHBOUR_ADVERTISEMENT: 1672 ndisc_recv_na(skb); 1673 break; 1674 1675 case NDISC_ROUTER_SOLICITATION: 1676 ndisc_recv_rs(skb); 1677 break; 1678 1679 case NDISC_ROUTER_ADVERTISEMENT: 1680 ndisc_router_discovery(skb); 1681 break; 1682 1683 case NDISC_REDIRECT: 1684 ndisc_redirect_rcv(skb); 1685 break; 1686 } 1687 1688 return 0; 1689} 1690 1691static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr) 1692{ 1693 struct net_device *dev = ptr; 1694 struct net *net = dev_net(dev); 1695 1696 switch (event) { 1697 case NETDEV_CHANGEADDR: 1698 neigh_changeaddr(&nd_tbl, dev); 1699 fib6_run_gc(~0UL, net); 1700 break; 1701 case NETDEV_DOWN: 1702 neigh_ifdown(&nd_tbl, dev); 1703 fib6_run_gc(~0UL, net); 1704 break; 1705 default: 1706 break; 1707 } 1708 1709 return NOTIFY_DONE; 1710} 1711 1712static struct notifier_block ndisc_netdev_notifier = { 1713 .notifier_call = ndisc_netdev_event, 1714}; 1715 1716#ifdef CONFIG_SYSCTL 1717static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl, 1718 const char *func, const char *dev_name) 1719{ 1720 static char warncomm[TASK_COMM_LEN]; 1721 static int warned; 1722 if (strcmp(warncomm, current->comm) && warned < 5) { 1723 strcpy(warncomm, current->comm); 1724 printk(KERN_WARNING 1725 "process `%s' is using deprecated sysctl (%s) " 1726 "net.ipv6.neigh.%s.%s; " 1727 "Use net.ipv6.neigh.%s.%s_ms " 1728 "instead.\n", 1729 warncomm, func, 1730 dev_name, ctl->procname, 1731 dev_name, ctl->procname); 1732 warned++; 1733 } 1734} 1735 1736int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, struct file * filp, void __user *buffer, size_t *lenp, loff_t *ppos) 1737{ 1738 struct net_device *dev = ctl->extra1; 1739 struct inet6_dev *idev; 1740 int ret; 1741 1742 if ((strcmp(ctl->procname, "retrans_time") == 0) || 1743 (strcmp(ctl->procname, "base_reachable_time") == 0)) 1744 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default"); 1745 1746 if (strcmp(ctl->procname, "retrans_time") == 0) 1747 ret = proc_dointvec(ctl, write, filp, buffer, lenp, ppos); 1748 1749 else if (strcmp(ctl->procname, "base_reachable_time") == 0) 1750 ret = proc_dointvec_jiffies(ctl, write, 1751 filp, buffer, lenp, ppos); 1752 1753 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) || 1754 (strcmp(ctl->procname, "base_reachable_time_ms") == 0)) 1755 ret = proc_dointvec_ms_jiffies(ctl, write, 1756 filp, buffer, lenp, ppos); 1757 else 1758 ret = -1; 1759 1760 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) { 1761 if (ctl->data == &idev->nd_parms->base_reachable_time) 1762 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time); 1763 idev->tstamp = jiffies; 1764 inet6_ifinfo_notify(RTM_NEWLINK, idev); 1765 in6_dev_put(idev); 1766 } 1767 return ret; 1768} 1769 1770int ndisc_ifinfo_sysctl_strategy(ctl_table *ctl, 1771 void __user *oldval, size_t __user *oldlenp, 1772 void __user *newval, size_t newlen) 1773{ 1774 struct net_device *dev = ctl->extra1; 1775 struct inet6_dev *idev; 1776 int ret; 1777 1778 if (ctl->ctl_name == NET_NEIGH_RETRANS_TIME || 1779 ctl->ctl_name == NET_NEIGH_REACHABLE_TIME) 1780 ndisc_warn_deprecated_sysctl(ctl, "procfs", dev ? dev->name : "default"); 1781 1782 switch (ctl->ctl_name) { 1783 case NET_NEIGH_REACHABLE_TIME: 1784 ret = sysctl_jiffies(ctl, oldval, oldlenp, newval, newlen); 1785 break; 1786 case NET_NEIGH_RETRANS_TIME_MS: 1787 case NET_NEIGH_REACHABLE_TIME_MS: 1788 ret = sysctl_ms_jiffies(ctl, oldval, oldlenp, newval, newlen); 1789 break; 1790 default: 1791 ret = 0; 1792 } 1793 1794 if (newval && newlen && ret > 0 && 1795 dev && (idev = in6_dev_get(dev)) != NULL) { 1796 if (ctl->ctl_name == NET_NEIGH_REACHABLE_TIME || 1797 ctl->ctl_name == NET_NEIGH_REACHABLE_TIME_MS) 1798 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time); 1799 idev->tstamp = jiffies; 1800 inet6_ifinfo_notify(RTM_NEWLINK, idev); 1801 in6_dev_put(idev); 1802 } 1803 1804 return ret; 1805} 1806 1807#endif 1808 1809static int ndisc_net_init(struct net *net) 1810{ 1811 struct ipv6_pinfo *np; 1812 struct sock *sk; 1813 int err; 1814 1815 err = inet_ctl_sock_create(&sk, PF_INET6, 1816 SOCK_RAW, IPPROTO_ICMPV6, net); 1817 if (err < 0) { 1818 ND_PRINTK0(KERN_ERR 1819 "ICMPv6 NDISC: Failed to initialize the control socket (err %d).\n", 1820 err); 1821 return err; 1822 } 1823 1824 net->ipv6.ndisc_sk = sk; 1825 1826 np = inet6_sk(sk); 1827 np->hop_limit = 255; 1828 /* Do not loopback ndisc messages */ 1829 np->mc_loop = 0; 1830 1831 return 0; 1832} 1833 1834static void ndisc_net_exit(struct net *net) 1835{ 1836 inet_ctl_sock_destroy(net->ipv6.ndisc_sk); 1837} 1838 1839static struct pernet_operations ndisc_net_ops = { 1840 .init = ndisc_net_init, 1841 .exit = ndisc_net_exit, 1842}; 1843 1844int __init ndisc_init(void) 1845{ 1846 int err; 1847 1848 err = register_pernet_subsys(&ndisc_net_ops); 1849 if (err) 1850 return err; 1851 /* 1852 * Initialize the neighbour table 1853 */ 1854 neigh_table_init(&nd_tbl); 1855 1856#ifdef CONFIG_SYSCTL 1857 err = neigh_sysctl_register(NULL, &nd_tbl.parms, NET_IPV6, 1858 NET_IPV6_NEIGH, "ipv6", 1859 &ndisc_ifinfo_sysctl_change, 1860 &ndisc_ifinfo_sysctl_strategy); 1861 if (err) 1862 goto out_unregister_pernet; 1863#endif 1864 err = register_netdevice_notifier(&ndisc_netdev_notifier); 1865 if (err) 1866 goto out_unregister_sysctl; 1867out: 1868 return err; 1869 1870out_unregister_sysctl: 1871#ifdef CONFIG_SYSCTL 1872 neigh_sysctl_unregister(&nd_tbl.parms); 1873out_unregister_pernet: 1874#endif 1875 unregister_pernet_subsys(&ndisc_net_ops); 1876 goto out; 1877} 1878 1879void ndisc_cleanup(void) 1880{ 1881 unregister_netdevice_notifier(&ndisc_netdev_notifier); 1882#ifdef CONFIG_SYSCTL 1883 neigh_sysctl_unregister(&nd_tbl.parms); 1884#endif 1885 neigh_table_clear(&nd_tbl); 1886 unregister_pernet_subsys(&ndisc_net_ops); 1887} 1888