ndisc.c revision af9a997629488ba5f92dc3d76e1ec51fcd759c5d
1/* 2 * Neighbour Discovery for IPv6 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * Mike Shaver <shaver@ingenia.com> 8 * 9 * This program is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU General Public License 11 * as published by the Free Software Foundation; either version 12 * 2 of the License, or (at your option) any later version. 13 */ 14 15/* 16 * Changes: 17 * 18 * Alexey I. Froloff : RFC6106 (DNSSL) support 19 * Pierre Ynard : export userland ND options 20 * through netlink (RDNSS support) 21 * Lars Fenneberg : fixed MTU setting on receipt 22 * of an RA. 23 * Janos Farkas : kmalloc failure checks 24 * Alexey Kuznetsov : state machine reworked 25 * and moved to net/core. 26 * Pekka Savola : RFC2461 validation 27 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly 28 */ 29 30#define pr_fmt(fmt) "ICMPv6: " fmt 31 32#include <linux/module.h> 33#include <linux/errno.h> 34#include <linux/types.h> 35#include <linux/socket.h> 36#include <linux/sockios.h> 37#include <linux/sched.h> 38#include <linux/net.h> 39#include <linux/in6.h> 40#include <linux/route.h> 41#include <linux/init.h> 42#include <linux/rcupdate.h> 43#include <linux/slab.h> 44#ifdef CONFIG_SYSCTL 45#include <linux/sysctl.h> 46#endif 47 48#include <linux/if_addr.h> 49#include <linux/if_arp.h> 50#include <linux/ipv6.h> 51#include <linux/icmpv6.h> 52#include <linux/jhash.h> 53 54#include <net/sock.h> 55#include <net/snmp.h> 56 57#include <net/ipv6.h> 58#include <net/protocol.h> 59#include <net/ndisc.h> 60#include <net/ip6_route.h> 61#include <net/addrconf.h> 62#include <net/icmp.h> 63 64#include <net/netlink.h> 65#include <linux/rtnetlink.h> 66 67#include <net/flow.h> 68#include <net/ip6_checksum.h> 69#include <net/inet_common.h> 70#include <linux/proc_fs.h> 71 72#include <linux/netfilter.h> 73#include <linux/netfilter_ipv6.h> 74 75/* Set to 3 to get tracing... */ 76#define ND_DEBUG 1 77 78#define ND_PRINTK(val, level, fmt, ...) \ 79do { \ 80 if (val <= ND_DEBUG) \ 81 net_##level##_ratelimited(fmt, ##__VA_ARGS__); \ 82} while (0) 83 84static u32 ndisc_hash(const void *pkey, 85 const struct net_device *dev, 86 __u32 *hash_rnd); 87static int ndisc_constructor(struct neighbour *neigh); 88static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb); 89static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb); 90static int pndisc_constructor(struct pneigh_entry *n); 91static void pndisc_destructor(struct pneigh_entry *n); 92static void pndisc_redo(struct sk_buff *skb); 93 94static const struct neigh_ops ndisc_generic_ops = { 95 .family = AF_INET6, 96 .solicit = ndisc_solicit, 97 .error_report = ndisc_error_report, 98 .output = neigh_resolve_output, 99 .connected_output = neigh_connected_output, 100}; 101 102static const struct neigh_ops ndisc_hh_ops = { 103 .family = AF_INET6, 104 .solicit = ndisc_solicit, 105 .error_report = ndisc_error_report, 106 .output = neigh_resolve_output, 107 .connected_output = neigh_resolve_output, 108}; 109 110 111static const struct neigh_ops ndisc_direct_ops = { 112 .family = AF_INET6, 113 .output = neigh_direct_output, 114 .connected_output = neigh_direct_output, 115}; 116 117struct neigh_table nd_tbl = { 118 .family = AF_INET6, 119 .key_len = sizeof(struct in6_addr), 120 .hash = ndisc_hash, 121 .constructor = ndisc_constructor, 122 .pconstructor = pndisc_constructor, 123 .pdestructor = pndisc_destructor, 124 .proxy_redo = pndisc_redo, 125 .id = "ndisc_cache", 126 .parms = { 127 .tbl = &nd_tbl, 128 .base_reachable_time = ND_REACHABLE_TIME, 129 .retrans_time = ND_RETRANS_TIMER, 130 .gc_staletime = 60 * HZ, 131 .reachable_time = ND_REACHABLE_TIME, 132 .delay_probe_time = 5 * HZ, 133 .queue_len_bytes = 64*1024, 134 .ucast_probes = 3, 135 .mcast_probes = 3, 136 .anycast_delay = 1 * HZ, 137 .proxy_delay = (8 * HZ) / 10, 138 .proxy_qlen = 64, 139 }, 140 .gc_interval = 30 * HZ, 141 .gc_thresh1 = 128, 142 .gc_thresh2 = 512, 143 .gc_thresh3 = 1024, 144}; 145 146static u8 *ndisc_fill_addr_option(u8 *opt, int type, void *data, 147 struct net_device *dev) 148{ 149 int pad = ndisc_addr_option_pad(dev->type); 150 int data_len = dev->addr_len; 151 int space = ndisc_opt_addr_space(dev); 152 153 opt[0] = type; 154 opt[1] = space>>3; 155 156 memset(opt + 2, 0, pad); 157 opt += pad; 158 space -= pad; 159 160 memcpy(opt+2, data, data_len); 161 data_len += 2; 162 opt += data_len; 163 if ((space -= data_len) > 0) 164 memset(opt, 0, space); 165 return opt + space; 166} 167 168static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur, 169 struct nd_opt_hdr *end) 170{ 171 int type; 172 if (!cur || !end || cur >= end) 173 return NULL; 174 type = cur->nd_opt_type; 175 do { 176 cur = ((void *)cur) + (cur->nd_opt_len << 3); 177 } while(cur < end && cur->nd_opt_type != type); 178 return cur <= end && cur->nd_opt_type == type ? cur : NULL; 179} 180 181static inline int ndisc_is_useropt(struct nd_opt_hdr *opt) 182{ 183 return opt->nd_opt_type == ND_OPT_RDNSS || 184 opt->nd_opt_type == ND_OPT_DNSSL; 185} 186 187static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur, 188 struct nd_opt_hdr *end) 189{ 190 if (!cur || !end || cur >= end) 191 return NULL; 192 do { 193 cur = ((void *)cur) + (cur->nd_opt_len << 3); 194 } while(cur < end && !ndisc_is_useropt(cur)); 195 return cur <= end && ndisc_is_useropt(cur) ? cur : NULL; 196} 197 198struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len, 199 struct ndisc_options *ndopts) 200{ 201 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt; 202 203 if (!nd_opt || opt_len < 0 || !ndopts) 204 return NULL; 205 memset(ndopts, 0, sizeof(*ndopts)); 206 while (opt_len) { 207 int l; 208 if (opt_len < sizeof(struct nd_opt_hdr)) 209 return NULL; 210 l = nd_opt->nd_opt_len << 3; 211 if (opt_len < l || l == 0) 212 return NULL; 213 switch (nd_opt->nd_opt_type) { 214 case ND_OPT_SOURCE_LL_ADDR: 215 case ND_OPT_TARGET_LL_ADDR: 216 case ND_OPT_MTU: 217 case ND_OPT_REDIRECT_HDR: 218 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) { 219 ND_PRINTK(2, warn, 220 "%s: duplicated ND6 option found: type=%d\n", 221 __func__, nd_opt->nd_opt_type); 222 } else { 223 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 224 } 225 break; 226 case ND_OPT_PREFIX_INFO: 227 ndopts->nd_opts_pi_end = nd_opt; 228 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type]) 229 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 230 break; 231#ifdef CONFIG_IPV6_ROUTE_INFO 232 case ND_OPT_ROUTE_INFO: 233 ndopts->nd_opts_ri_end = nd_opt; 234 if (!ndopts->nd_opts_ri) 235 ndopts->nd_opts_ri = nd_opt; 236 break; 237#endif 238 default: 239 if (ndisc_is_useropt(nd_opt)) { 240 ndopts->nd_useropts_end = nd_opt; 241 if (!ndopts->nd_useropts) 242 ndopts->nd_useropts = nd_opt; 243 } else { 244 /* 245 * Unknown options must be silently ignored, 246 * to accommodate future extension to the 247 * protocol. 248 */ 249 ND_PRINTK(2, notice, 250 "%s: ignored unsupported option; type=%d, len=%d\n", 251 __func__, 252 nd_opt->nd_opt_type, 253 nd_opt->nd_opt_len); 254 } 255 } 256 opt_len -= l; 257 nd_opt = ((void *)nd_opt) + l; 258 } 259 return ndopts; 260} 261 262int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir) 263{ 264 switch (dev->type) { 265 case ARPHRD_ETHER: 266 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */ 267 case ARPHRD_FDDI: 268 ipv6_eth_mc_map(addr, buf); 269 return 0; 270 case ARPHRD_ARCNET: 271 ipv6_arcnet_mc_map(addr, buf); 272 return 0; 273 case ARPHRD_INFINIBAND: 274 ipv6_ib_mc_map(addr, dev->broadcast, buf); 275 return 0; 276 case ARPHRD_IPGRE: 277 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf); 278 default: 279 if (dir) { 280 memcpy(buf, dev->broadcast, dev->addr_len); 281 return 0; 282 } 283 } 284 return -EINVAL; 285} 286 287EXPORT_SYMBOL(ndisc_mc_map); 288 289static u32 ndisc_hash(const void *pkey, 290 const struct net_device *dev, 291 __u32 *hash_rnd) 292{ 293 return ndisc_hashfn(pkey, dev, hash_rnd); 294} 295 296static int ndisc_constructor(struct neighbour *neigh) 297{ 298 struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key; 299 struct net_device *dev = neigh->dev; 300 struct inet6_dev *in6_dev; 301 struct neigh_parms *parms; 302 bool is_multicast = ipv6_addr_is_multicast(addr); 303 304 in6_dev = in6_dev_get(dev); 305 if (in6_dev == NULL) { 306 return -EINVAL; 307 } 308 309 parms = in6_dev->nd_parms; 310 __neigh_parms_put(neigh->parms); 311 neigh->parms = neigh_parms_clone(parms); 312 313 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST; 314 if (!dev->header_ops) { 315 neigh->nud_state = NUD_NOARP; 316 neigh->ops = &ndisc_direct_ops; 317 neigh->output = neigh_direct_output; 318 } else { 319 if (is_multicast) { 320 neigh->nud_state = NUD_NOARP; 321 ndisc_mc_map(addr, neigh->ha, dev, 1); 322 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) { 323 neigh->nud_state = NUD_NOARP; 324 memcpy(neigh->ha, dev->dev_addr, dev->addr_len); 325 if (dev->flags&IFF_LOOPBACK) 326 neigh->type = RTN_LOCAL; 327 } else if (dev->flags&IFF_POINTOPOINT) { 328 neigh->nud_state = NUD_NOARP; 329 memcpy(neigh->ha, dev->broadcast, dev->addr_len); 330 } 331 if (dev->header_ops->cache) 332 neigh->ops = &ndisc_hh_ops; 333 else 334 neigh->ops = &ndisc_generic_ops; 335 if (neigh->nud_state&NUD_VALID) 336 neigh->output = neigh->ops->connected_output; 337 else 338 neigh->output = neigh->ops->output; 339 } 340 in6_dev_put(in6_dev); 341 return 0; 342} 343 344static int pndisc_constructor(struct pneigh_entry *n) 345{ 346 struct in6_addr *addr = (struct in6_addr*)&n->key; 347 struct in6_addr maddr; 348 struct net_device *dev = n->dev; 349 350 if (dev == NULL || __in6_dev_get(dev) == NULL) 351 return -EINVAL; 352 addrconf_addr_solict_mult(addr, &maddr); 353 ipv6_dev_mc_inc(dev, &maddr); 354 return 0; 355} 356 357static void pndisc_destructor(struct pneigh_entry *n) 358{ 359 struct in6_addr *addr = (struct in6_addr*)&n->key; 360 struct in6_addr maddr; 361 struct net_device *dev = n->dev; 362 363 if (dev == NULL || __in6_dev_get(dev) == NULL) 364 return; 365 addrconf_addr_solict_mult(addr, &maddr); 366 ipv6_dev_mc_dec(dev, &maddr); 367} 368 369static struct sk_buff *ndisc_alloc_skb(struct net_device *dev, 370 int len) 371{ 372 int hlen = LL_RESERVED_SPACE(dev); 373 int tlen = dev->needed_tailroom; 374 struct sock *sk = dev_net(dev)->ipv6.ndisc_sk; 375 struct sk_buff *skb; 376 int err; 377 378 skb = sock_alloc_send_skb(sk, 379 hlen + sizeof(struct ipv6hdr) + len + tlen, 380 1, &err); 381 if (!skb) { 382 ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb, err=%d\n", 383 __func__, err); 384 return NULL; 385 } 386 387 skb->protocol = htons(ETH_P_IPV6); 388 skb->dev = dev; 389 390 skb_reserve(skb, hlen); 391 392 return skb; 393} 394 395static void ip6_nd_hdr(struct sk_buff *skb, 396 const struct in6_addr *saddr, 397 const struct in6_addr *daddr, 398 int hop_limit, int len) 399{ 400 struct ipv6hdr *hdr; 401 402 skb_reset_network_header(skb); 403 skb_put(skb, sizeof(struct ipv6hdr)); 404 hdr = ipv6_hdr(skb); 405 406 ip6_flow_hdr(hdr, 0, 0); 407 408 hdr->payload_len = htons(len); 409 hdr->nexthdr = IPPROTO_ICMPV6; 410 hdr->hop_limit = hop_limit; 411 412 hdr->saddr = *saddr; 413 hdr->daddr = *daddr; 414} 415 416static struct sk_buff *ndisc_build_skb(struct net_device *dev, 417 const struct in6_addr *daddr, 418 const struct in6_addr *saddr, 419 struct icmp6hdr *icmp6h, 420 const struct in6_addr *target, 421 int llinfo) 422{ 423 struct net *net = dev_net(dev); 424 struct sock *sk = net->ipv6.ndisc_sk; 425 struct sk_buff *skb; 426 struct icmp6hdr *hdr; 427 int len; 428 u8 *opt; 429 430 if (!dev->addr_len) 431 llinfo = 0; 432 433 len = sizeof(struct icmp6hdr) + (target ? sizeof(*target) : 0); 434 if (llinfo) 435 len += ndisc_opt_addr_space(dev); 436 437 skb = ndisc_alloc_skb(dev, len); 438 if (!skb) 439 return NULL; 440 441 ip6_nd_hdr(skb, saddr, daddr, inet6_sk(sk)->hop_limit, len); 442 443 skb->transport_header = skb->tail; 444 skb_put(skb, len); 445 446 hdr = (struct icmp6hdr *)skb_transport_header(skb); 447 memcpy(hdr, icmp6h, sizeof(*hdr)); 448 449 opt = skb_transport_header(skb) + sizeof(struct icmp6hdr); 450 if (target) { 451 *(struct in6_addr *)opt = *target; 452 opt += sizeof(*target); 453 } 454 455 if (llinfo) 456 ndisc_fill_addr_option(opt, llinfo, dev->dev_addr, dev); 457 458 hdr->icmp6_cksum = csum_ipv6_magic(saddr, daddr, len, 459 IPPROTO_ICMPV6, 460 csum_partial(hdr, 461 len, 0)); 462 463 return skb; 464} 465 466static void ndisc_send_skb(struct sk_buff *skb, 467 const struct in6_addr *daddr, 468 const struct in6_addr *saddr, 469 struct icmp6hdr *icmp6h) 470{ 471 struct flowi6 fl6; 472 struct dst_entry *dst; 473 struct net *net = dev_net(skb->dev); 474 struct sock *sk = net->ipv6.ndisc_sk; 475 struct inet6_dev *idev; 476 int err; 477 u8 type; 478 479 type = icmp6h->icmp6_type; 480 481 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, skb->dev->ifindex); 482 dst = icmp6_dst_alloc(skb->dev, &fl6); 483 if (IS_ERR(dst)) { 484 kfree_skb(skb); 485 return; 486 } 487 488 skb_dst_set(skb, dst); 489 490 rcu_read_lock(); 491 idev = __in6_dev_get(dst->dev); 492 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len); 493 494 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev, 495 dst_output); 496 if (!err) { 497 ICMP6MSGOUT_INC_STATS(net, idev, type); 498 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS); 499 } 500 501 rcu_read_unlock(); 502} 503 504/* 505 * Send a Neighbour Discover packet 506 */ 507static void __ndisc_send(struct net_device *dev, 508 const struct in6_addr *daddr, 509 const struct in6_addr *saddr, 510 struct icmp6hdr *icmp6h, const struct in6_addr *target, 511 int llinfo) 512{ 513 struct sk_buff *skb; 514 515 skb = ndisc_build_skb(dev, daddr, saddr, icmp6h, target, llinfo); 516 if (!skb) 517 return; 518 519 ndisc_send_skb(skb, daddr, saddr, icmp6h); 520} 521 522static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh, 523 const struct in6_addr *daddr, 524 const struct in6_addr *solicited_addr, 525 bool router, bool solicited, bool override, bool inc_opt) 526{ 527 struct in6_addr tmpaddr; 528 struct inet6_ifaddr *ifp; 529 const struct in6_addr *src_addr; 530 struct icmp6hdr icmp6h = { 531 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT, 532 }; 533 534 /* for anycast or proxy, solicited_addr != src_addr */ 535 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1); 536 if (ifp) { 537 src_addr = solicited_addr; 538 if (ifp->flags & IFA_F_OPTIMISTIC) 539 override = 0; 540 inc_opt |= ifp->idev->cnf.force_tllao; 541 in6_ifa_put(ifp); 542 } else { 543 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr, 544 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs, 545 &tmpaddr)) 546 return; 547 src_addr = &tmpaddr; 548 } 549 550 icmp6h.icmp6_router = router; 551 icmp6h.icmp6_solicited = solicited; 552 icmp6h.icmp6_override = override; 553 554 __ndisc_send(dev, daddr, src_addr, &icmp6h, solicited_addr, 555 inc_opt ? ND_OPT_TARGET_LL_ADDR : 0); 556} 557 558static void ndisc_send_unsol_na(struct net_device *dev) 559{ 560 struct inet6_dev *idev; 561 struct inet6_ifaddr *ifa; 562 563 idev = in6_dev_get(dev); 564 if (!idev) 565 return; 566 567 read_lock_bh(&idev->lock); 568 list_for_each_entry(ifa, &idev->addr_list, if_list) { 569 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &ifa->addr, 570 /*router=*/ !!idev->cnf.forwarding, 571 /*solicited=*/ false, /*override=*/ true, 572 /*inc_opt=*/ true); 573 } 574 read_unlock_bh(&idev->lock); 575 576 in6_dev_put(idev); 577} 578 579void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh, 580 const struct in6_addr *solicit, 581 const struct in6_addr *daddr, const struct in6_addr *saddr) 582{ 583 struct in6_addr addr_buf; 584 struct icmp6hdr icmp6h = { 585 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION, 586 }; 587 588 if (saddr == NULL) { 589 if (ipv6_get_lladdr(dev, &addr_buf, 590 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))) 591 return; 592 saddr = &addr_buf; 593 } 594 595 __ndisc_send(dev, daddr, saddr, &icmp6h, solicit, 596 !ipv6_addr_any(saddr) ? ND_OPT_SOURCE_LL_ADDR : 0); 597} 598 599void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr, 600 const struct in6_addr *daddr) 601{ 602 struct icmp6hdr icmp6h = { 603 .icmp6_type = NDISC_ROUTER_SOLICITATION, 604 }; 605 int send_sllao = dev->addr_len; 606 607#ifdef CONFIG_IPV6_OPTIMISTIC_DAD 608 /* 609 * According to section 2.2 of RFC 4429, we must not 610 * send router solicitations with a sllao from 611 * optimistic addresses, but we may send the solicitation 612 * if we don't include the sllao. So here we check 613 * if our address is optimistic, and if so, we 614 * suppress the inclusion of the sllao. 615 */ 616 if (send_sllao) { 617 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr, 618 dev, 1); 619 if (ifp) { 620 if (ifp->flags & IFA_F_OPTIMISTIC) { 621 send_sllao = 0; 622 } 623 in6_ifa_put(ifp); 624 } else { 625 send_sllao = 0; 626 } 627 } 628#endif 629 __ndisc_send(dev, daddr, saddr, &icmp6h, NULL, 630 send_sllao ? ND_OPT_SOURCE_LL_ADDR : 0); 631} 632 633 634static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb) 635{ 636 /* 637 * "The sender MUST return an ICMP 638 * destination unreachable" 639 */ 640 dst_link_failure(skb); 641 kfree_skb(skb); 642} 643 644/* Called with locked neigh: either read or both */ 645 646static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb) 647{ 648 struct in6_addr *saddr = NULL; 649 struct in6_addr mcaddr; 650 struct net_device *dev = neigh->dev; 651 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key; 652 int probes = atomic_read(&neigh->probes); 653 654 if (skb && ipv6_chk_addr(dev_net(dev), &ipv6_hdr(skb)->saddr, dev, 1)) 655 saddr = &ipv6_hdr(skb)->saddr; 656 657 if ((probes -= neigh->parms->ucast_probes) < 0) { 658 if (!(neigh->nud_state & NUD_VALID)) { 659 ND_PRINTK(1, dbg, 660 "%s: trying to ucast probe in NUD_INVALID: %pI6\n", 661 __func__, target); 662 } 663 ndisc_send_ns(dev, neigh, target, target, saddr); 664 } else if ((probes -= neigh->parms->app_probes) < 0) { 665#ifdef CONFIG_ARPD 666 neigh_app_ns(neigh); 667#endif 668 } else { 669 addrconf_addr_solict_mult(target, &mcaddr); 670 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr); 671 } 672} 673 674static int pndisc_is_router(const void *pkey, 675 struct net_device *dev) 676{ 677 struct pneigh_entry *n; 678 int ret = -1; 679 680 read_lock_bh(&nd_tbl.lock); 681 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev); 682 if (n) 683 ret = !!(n->flags & NTF_ROUTER); 684 read_unlock_bh(&nd_tbl.lock); 685 686 return ret; 687} 688 689static void ndisc_recv_ns(struct sk_buff *skb) 690{ 691 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb); 692 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 693 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr; 694 u8 *lladdr = NULL; 695 u32 ndoptlen = skb->tail - (skb->transport_header + 696 offsetof(struct nd_msg, opt)); 697 struct ndisc_options ndopts; 698 struct net_device *dev = skb->dev; 699 struct inet6_ifaddr *ifp; 700 struct inet6_dev *idev = NULL; 701 struct neighbour *neigh; 702 int dad = ipv6_addr_any(saddr); 703 bool inc; 704 int is_router = -1; 705 706 if (skb->len < sizeof(struct nd_msg)) { 707 ND_PRINTK(2, warn, "NS: packet too short\n"); 708 return; 709 } 710 711 if (ipv6_addr_is_multicast(&msg->target)) { 712 ND_PRINTK(2, warn, "NS: multicast target address\n"); 713 return; 714 } 715 716 /* 717 * RFC2461 7.1.1: 718 * DAD has to be destined for solicited node multicast address. 719 */ 720 if (dad && !ipv6_addr_is_solict_mult(daddr)) { 721 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n"); 722 return; 723 } 724 725 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) { 726 ND_PRINTK(2, warn, "NS: invalid ND options\n"); 727 return; 728 } 729 730 if (ndopts.nd_opts_src_lladdr) { 731 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev); 732 if (!lladdr) { 733 ND_PRINTK(2, warn, 734 "NS: invalid link-layer address length\n"); 735 return; 736 } 737 738 /* RFC2461 7.1.1: 739 * If the IP source address is the unspecified address, 740 * there MUST NOT be source link-layer address option 741 * in the message. 742 */ 743 if (dad) { 744 ND_PRINTK(2, warn, 745 "NS: bad DAD packet (link-layer address option)\n"); 746 return; 747 } 748 } 749 750 inc = ipv6_addr_is_multicast(daddr); 751 752 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1); 753 if (ifp) { 754 755 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) { 756 if (dad) { 757 /* 758 * We are colliding with another node 759 * who is doing DAD 760 * so fail our DAD process 761 */ 762 addrconf_dad_failure(ifp); 763 return; 764 } else { 765 /* 766 * This is not a dad solicitation. 767 * If we are an optimistic node, 768 * we should respond. 769 * Otherwise, we should ignore it. 770 */ 771 if (!(ifp->flags & IFA_F_OPTIMISTIC)) 772 goto out; 773 } 774 } 775 776 idev = ifp->idev; 777 } else { 778 struct net *net = dev_net(dev); 779 780 idev = in6_dev_get(dev); 781 if (!idev) { 782 /* XXX: count this drop? */ 783 return; 784 } 785 786 if (ipv6_chk_acast_addr(net, dev, &msg->target) || 787 (idev->cnf.forwarding && 788 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) && 789 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) { 790 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) && 791 skb->pkt_type != PACKET_HOST && 792 inc != 0 && 793 idev->nd_parms->proxy_delay != 0) { 794 /* 795 * for anycast or proxy, 796 * sender should delay its response 797 * by a random time between 0 and 798 * MAX_ANYCAST_DELAY_TIME seconds. 799 * (RFC2461) -- yoshfuji 800 */ 801 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC); 802 if (n) 803 pneigh_enqueue(&nd_tbl, idev->nd_parms, n); 804 goto out; 805 } 806 } else 807 goto out; 808 } 809 810 if (is_router < 0) 811 is_router = idev->cnf.forwarding; 812 813 if (dad) { 814 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &msg->target, 815 !!is_router, false, (ifp != NULL), true); 816 goto out; 817 } 818 819 if (inc) 820 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast); 821 else 822 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast); 823 824 /* 825 * update / create cache entry 826 * for the source address 827 */ 828 neigh = __neigh_lookup(&nd_tbl, saddr, dev, 829 !inc || lladdr || !dev->addr_len); 830 if (neigh) 831 neigh_update(neigh, lladdr, NUD_STALE, 832 NEIGH_UPDATE_F_WEAK_OVERRIDE| 833 NEIGH_UPDATE_F_OVERRIDE); 834 if (neigh || !dev->header_ops) { 835 ndisc_send_na(dev, neigh, saddr, &msg->target, 836 !!is_router, 837 true, (ifp != NULL && inc), inc); 838 if (neigh) 839 neigh_release(neigh); 840 } 841 842out: 843 if (ifp) 844 in6_ifa_put(ifp); 845 else 846 in6_dev_put(idev); 847} 848 849static void ndisc_recv_na(struct sk_buff *skb) 850{ 851 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb); 852 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 853 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr; 854 u8 *lladdr = NULL; 855 u32 ndoptlen = skb->tail - (skb->transport_header + 856 offsetof(struct nd_msg, opt)); 857 struct ndisc_options ndopts; 858 struct net_device *dev = skb->dev; 859 struct inet6_ifaddr *ifp; 860 struct neighbour *neigh; 861 862 if (skb->len < sizeof(struct nd_msg)) { 863 ND_PRINTK(2, warn, "NA: packet too short\n"); 864 return; 865 } 866 867 if (ipv6_addr_is_multicast(&msg->target)) { 868 ND_PRINTK(2, warn, "NA: target address is multicast\n"); 869 return; 870 } 871 872 if (ipv6_addr_is_multicast(daddr) && 873 msg->icmph.icmp6_solicited) { 874 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n"); 875 return; 876 } 877 878 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) { 879 ND_PRINTK(2, warn, "NS: invalid ND option\n"); 880 return; 881 } 882 if (ndopts.nd_opts_tgt_lladdr) { 883 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev); 884 if (!lladdr) { 885 ND_PRINTK(2, warn, 886 "NA: invalid link-layer address length\n"); 887 return; 888 } 889 } 890 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1); 891 if (ifp) { 892 if (skb->pkt_type != PACKET_LOOPBACK 893 && (ifp->flags & IFA_F_TENTATIVE)) { 894 addrconf_dad_failure(ifp); 895 return; 896 } 897 /* What should we make now? The advertisement 898 is invalid, but ndisc specs say nothing 899 about it. It could be misconfiguration, or 900 an smart proxy agent tries to help us :-) 901 902 We should not print the error if NA has been 903 received from loopback - it is just our own 904 unsolicited advertisement. 905 */ 906 if (skb->pkt_type != PACKET_LOOPBACK) 907 ND_PRINTK(1, warn, 908 "NA: someone advertises our address %pI6 on %s!\n", 909 &ifp->addr, ifp->idev->dev->name); 910 in6_ifa_put(ifp); 911 return; 912 } 913 neigh = neigh_lookup(&nd_tbl, &msg->target, dev); 914 915 if (neigh) { 916 u8 old_flags = neigh->flags; 917 struct net *net = dev_net(dev); 918 919 if (neigh->nud_state & NUD_FAILED) 920 goto out; 921 922 /* 923 * Don't update the neighbor cache entry on a proxy NA from 924 * ourselves because either the proxied node is off link or it 925 * has already sent a NA to us. 926 */ 927 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) && 928 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp && 929 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) { 930 /* XXX: idev->cnf.proxy_ndp */ 931 goto out; 932 } 933 934 neigh_update(neigh, lladdr, 935 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE, 936 NEIGH_UPDATE_F_WEAK_OVERRIDE| 937 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)| 938 NEIGH_UPDATE_F_OVERRIDE_ISROUTER| 939 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0)); 940 941 if ((old_flags & ~neigh->flags) & NTF_ROUTER) { 942 /* 943 * Change: router to host 944 */ 945 struct rt6_info *rt; 946 rt = rt6_get_dflt_router(saddr, dev); 947 if (rt) 948 ip6_del_rt(rt); 949 } 950 951out: 952 neigh_release(neigh); 953 } 954} 955 956static void ndisc_recv_rs(struct sk_buff *skb) 957{ 958 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb); 959 unsigned long ndoptlen = skb->len - sizeof(*rs_msg); 960 struct neighbour *neigh; 961 struct inet6_dev *idev; 962 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 963 struct ndisc_options ndopts; 964 u8 *lladdr = NULL; 965 966 if (skb->len < sizeof(*rs_msg)) 967 return; 968 969 idev = __in6_dev_get(skb->dev); 970 if (!idev) { 971 ND_PRINTK(1, err, "RS: can't find in6 device\n"); 972 return; 973 } 974 975 /* Don't accept RS if we're not in router mode */ 976 if (!idev->cnf.forwarding) 977 goto out; 978 979 /* 980 * Don't update NCE if src = ::; 981 * this implies that the source node has no ip address assigned yet. 982 */ 983 if (ipv6_addr_any(saddr)) 984 goto out; 985 986 /* Parse ND options */ 987 if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) { 988 ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n"); 989 goto out; 990 } 991 992 if (ndopts.nd_opts_src_lladdr) { 993 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, 994 skb->dev); 995 if (!lladdr) 996 goto out; 997 } 998 999 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1); 1000 if (neigh) { 1001 neigh_update(neigh, lladdr, NUD_STALE, 1002 NEIGH_UPDATE_F_WEAK_OVERRIDE| 1003 NEIGH_UPDATE_F_OVERRIDE| 1004 NEIGH_UPDATE_F_OVERRIDE_ISROUTER); 1005 neigh_release(neigh); 1006 } 1007out: 1008 return; 1009} 1010 1011static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt) 1012{ 1013 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra); 1014 struct sk_buff *skb; 1015 struct nlmsghdr *nlh; 1016 struct nduseroptmsg *ndmsg; 1017 struct net *net = dev_net(ra->dev); 1018 int err; 1019 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg) 1020 + (opt->nd_opt_len << 3)); 1021 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr)); 1022 1023 skb = nlmsg_new(msg_size, GFP_ATOMIC); 1024 if (skb == NULL) { 1025 err = -ENOBUFS; 1026 goto errout; 1027 } 1028 1029 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0); 1030 if (nlh == NULL) { 1031 goto nla_put_failure; 1032 } 1033 1034 ndmsg = nlmsg_data(nlh); 1035 ndmsg->nduseropt_family = AF_INET6; 1036 ndmsg->nduseropt_ifindex = ra->dev->ifindex; 1037 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type; 1038 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code; 1039 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3; 1040 1041 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3); 1042 1043 if (nla_put(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr), 1044 &ipv6_hdr(ra)->saddr)) 1045 goto nla_put_failure; 1046 nlmsg_end(skb, nlh); 1047 1048 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC); 1049 return; 1050 1051nla_put_failure: 1052 nlmsg_free(skb); 1053 err = -EMSGSIZE; 1054errout: 1055 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err); 1056} 1057 1058static void ndisc_router_discovery(struct sk_buff *skb) 1059{ 1060 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb); 1061 struct neighbour *neigh = NULL; 1062 struct inet6_dev *in6_dev; 1063 struct rt6_info *rt = NULL; 1064 int lifetime; 1065 struct ndisc_options ndopts; 1066 int optlen; 1067 unsigned int pref = 0; 1068 1069 __u8 * opt = (__u8 *)(ra_msg + 1); 1070 1071 optlen = (skb->tail - skb->transport_header) - sizeof(struct ra_msg); 1072 1073 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) { 1074 ND_PRINTK(2, warn, "RA: source address is not link-local\n"); 1075 return; 1076 } 1077 if (optlen < 0) { 1078 ND_PRINTK(2, warn, "RA: packet too short\n"); 1079 return; 1080 } 1081 1082#ifdef CONFIG_IPV6_NDISC_NODETYPE 1083 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) { 1084 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n"); 1085 return; 1086 } 1087#endif 1088 1089 /* 1090 * set the RA_RECV flag in the interface 1091 */ 1092 1093 in6_dev = __in6_dev_get(skb->dev); 1094 if (in6_dev == NULL) { 1095 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n", 1096 skb->dev->name); 1097 return; 1098 } 1099 1100 if (!ndisc_parse_options(opt, optlen, &ndopts)) { 1101 ND_PRINTK(2, warn, "RA: invalid ND options\n"); 1102 return; 1103 } 1104 1105 if (!ipv6_accept_ra(in6_dev)) 1106 goto skip_linkparms; 1107 1108#ifdef CONFIG_IPV6_NDISC_NODETYPE 1109 /* skip link-specific parameters from interior routers */ 1110 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) 1111 goto skip_linkparms; 1112#endif 1113 1114 if (in6_dev->if_flags & IF_RS_SENT) { 1115 /* 1116 * flag that an RA was received after an RS was sent 1117 * out on this interface. 1118 */ 1119 in6_dev->if_flags |= IF_RA_RCVD; 1120 } 1121 1122 /* 1123 * Remember the managed/otherconf flags from most recently 1124 * received RA message (RFC 2462) -- yoshfuji 1125 */ 1126 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED | 1127 IF_RA_OTHERCONF)) | 1128 (ra_msg->icmph.icmp6_addrconf_managed ? 1129 IF_RA_MANAGED : 0) | 1130 (ra_msg->icmph.icmp6_addrconf_other ? 1131 IF_RA_OTHERCONF : 0); 1132 1133 if (!in6_dev->cnf.accept_ra_defrtr) 1134 goto skip_defrtr; 1135 1136 if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0)) 1137 goto skip_defrtr; 1138 1139 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime); 1140 1141#ifdef CONFIG_IPV6_ROUTER_PREF 1142 pref = ra_msg->icmph.icmp6_router_pref; 1143 /* 10b is handled as if it were 00b (medium) */ 1144 if (pref == ICMPV6_ROUTER_PREF_INVALID || 1145 !in6_dev->cnf.accept_ra_rtr_pref) 1146 pref = ICMPV6_ROUTER_PREF_MEDIUM; 1147#endif 1148 1149 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev); 1150 1151 if (rt) { 1152 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr); 1153 if (!neigh) { 1154 ND_PRINTK(0, err, 1155 "RA: %s got default router without neighbour\n", 1156 __func__); 1157 ip6_rt_put(rt); 1158 return; 1159 } 1160 } 1161 if (rt && lifetime == 0) { 1162 ip6_del_rt(rt); 1163 rt = NULL; 1164 } 1165 1166 if (rt == NULL && lifetime) { 1167 ND_PRINTK(3, dbg, "RA: adding default router\n"); 1168 1169 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref); 1170 if (rt == NULL) { 1171 ND_PRINTK(0, err, 1172 "RA: %s failed to add default route\n", 1173 __func__); 1174 return; 1175 } 1176 1177 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr); 1178 if (neigh == NULL) { 1179 ND_PRINTK(0, err, 1180 "RA: %s got default router without neighbour\n", 1181 __func__); 1182 ip6_rt_put(rt); 1183 return; 1184 } 1185 neigh->flags |= NTF_ROUTER; 1186 } else if (rt) { 1187 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref); 1188 } 1189 1190 if (rt) 1191 rt6_set_expires(rt, jiffies + (HZ * lifetime)); 1192 if (ra_msg->icmph.icmp6_hop_limit) { 1193 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit; 1194 if (rt) 1195 dst_metric_set(&rt->dst, RTAX_HOPLIMIT, 1196 ra_msg->icmph.icmp6_hop_limit); 1197 } 1198 1199skip_defrtr: 1200 1201 /* 1202 * Update Reachable Time and Retrans Timer 1203 */ 1204 1205 if (in6_dev->nd_parms) { 1206 unsigned long rtime = ntohl(ra_msg->retrans_timer); 1207 1208 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) { 1209 rtime = (rtime*HZ)/1000; 1210 if (rtime < HZ/10) 1211 rtime = HZ/10; 1212 in6_dev->nd_parms->retrans_time = rtime; 1213 in6_dev->tstamp = jiffies; 1214 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev); 1215 } 1216 1217 rtime = ntohl(ra_msg->reachable_time); 1218 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) { 1219 rtime = (rtime*HZ)/1000; 1220 1221 if (rtime < HZ/10) 1222 rtime = HZ/10; 1223 1224 if (rtime != in6_dev->nd_parms->base_reachable_time) { 1225 in6_dev->nd_parms->base_reachable_time = rtime; 1226 in6_dev->nd_parms->gc_staletime = 3 * rtime; 1227 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime); 1228 in6_dev->tstamp = jiffies; 1229 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev); 1230 } 1231 } 1232 } 1233 1234skip_linkparms: 1235 1236 /* 1237 * Process options. 1238 */ 1239 1240 if (!neigh) 1241 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr, 1242 skb->dev, 1); 1243 if (neigh) { 1244 u8 *lladdr = NULL; 1245 if (ndopts.nd_opts_src_lladdr) { 1246 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, 1247 skb->dev); 1248 if (!lladdr) { 1249 ND_PRINTK(2, warn, 1250 "RA: invalid link-layer address length\n"); 1251 goto out; 1252 } 1253 } 1254 neigh_update(neigh, lladdr, NUD_STALE, 1255 NEIGH_UPDATE_F_WEAK_OVERRIDE| 1256 NEIGH_UPDATE_F_OVERRIDE| 1257 NEIGH_UPDATE_F_OVERRIDE_ISROUTER| 1258 NEIGH_UPDATE_F_ISROUTER); 1259 } 1260 1261 if (!ipv6_accept_ra(in6_dev)) 1262 goto out; 1263 1264#ifdef CONFIG_IPV6_ROUTE_INFO 1265 if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0)) 1266 goto skip_routeinfo; 1267 1268 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) { 1269 struct nd_opt_hdr *p; 1270 for (p = ndopts.nd_opts_ri; 1271 p; 1272 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) { 1273 struct route_info *ri = (struct route_info *)p; 1274#ifdef CONFIG_IPV6_NDISC_NODETYPE 1275 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT && 1276 ri->prefix_len == 0) 1277 continue; 1278#endif 1279 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen) 1280 continue; 1281 rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3, 1282 &ipv6_hdr(skb)->saddr); 1283 } 1284 } 1285 1286skip_routeinfo: 1287#endif 1288 1289#ifdef CONFIG_IPV6_NDISC_NODETYPE 1290 /* skip link-specific ndopts from interior routers */ 1291 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) 1292 goto out; 1293#endif 1294 1295 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) { 1296 struct nd_opt_hdr *p; 1297 for (p = ndopts.nd_opts_pi; 1298 p; 1299 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) { 1300 addrconf_prefix_rcv(skb->dev, (u8 *)p, 1301 (p->nd_opt_len) << 3, 1302 ndopts.nd_opts_src_lladdr != NULL); 1303 } 1304 } 1305 1306 if (ndopts.nd_opts_mtu) { 1307 __be32 n; 1308 u32 mtu; 1309 1310 memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu)); 1311 mtu = ntohl(n); 1312 1313 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) { 1314 ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu); 1315 } else if (in6_dev->cnf.mtu6 != mtu) { 1316 in6_dev->cnf.mtu6 = mtu; 1317 1318 if (rt) 1319 dst_metric_set(&rt->dst, RTAX_MTU, mtu); 1320 1321 rt6_mtu_change(skb->dev, mtu); 1322 } 1323 } 1324 1325 if (ndopts.nd_useropts) { 1326 struct nd_opt_hdr *p; 1327 for (p = ndopts.nd_useropts; 1328 p; 1329 p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) { 1330 ndisc_ra_useropt(skb, p); 1331 } 1332 } 1333 1334 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) { 1335 ND_PRINTK(2, warn, "RA: invalid RA options\n"); 1336 } 1337out: 1338 ip6_rt_put(rt); 1339 if (neigh) 1340 neigh_release(neigh); 1341} 1342 1343static void ndisc_redirect_rcv(struct sk_buff *skb) 1344{ 1345 u8 *hdr; 1346 struct ndisc_options ndopts; 1347 struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb); 1348 u32 ndoptlen = skb->tail - (skb->transport_header + 1349 offsetof(struct rd_msg, opt)); 1350 1351#ifdef CONFIG_IPV6_NDISC_NODETYPE 1352 switch (skb->ndisc_nodetype) { 1353 case NDISC_NODETYPE_HOST: 1354 case NDISC_NODETYPE_NODEFAULT: 1355 ND_PRINTK(2, warn, 1356 "Redirect: from host or unauthorized router\n"); 1357 return; 1358 } 1359#endif 1360 1361 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) { 1362 ND_PRINTK(2, warn, 1363 "Redirect: source address is not link-local\n"); 1364 return; 1365 } 1366 1367 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) 1368 return; 1369 1370 if (!ndopts.nd_opts_rh) 1371 return; 1372 1373 hdr = (u8 *)ndopts.nd_opts_rh; 1374 hdr += 8; 1375 if (!pskb_pull(skb, hdr - skb_transport_header(skb))) 1376 return; 1377 1378 icmpv6_notify(skb, NDISC_REDIRECT, 0, 0); 1379} 1380 1381static u8 *ndisc_fill_redirect_hdr_option(u8 *opt, struct sk_buff *orig_skb, 1382 int rd_len) 1383{ 1384 memset(opt, 0, 8); 1385 *(opt++) = ND_OPT_REDIRECT_HDR; 1386 *(opt++) = (rd_len >> 3); 1387 opt += 6; 1388 1389 memcpy(opt, ipv6_hdr(orig_skb), rd_len - 8); 1390 1391 return opt + rd_len - 8; 1392} 1393 1394void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target) 1395{ 1396 struct net_device *dev = skb->dev; 1397 struct net *net = dev_net(dev); 1398 struct sock *sk = net->ipv6.ndisc_sk; 1399 int len = sizeof(struct rd_msg); 1400 struct inet_peer *peer; 1401 struct sk_buff *buff; 1402 struct rd_msg *msg; 1403 struct in6_addr saddr_buf; 1404 struct rt6_info *rt; 1405 struct dst_entry *dst; 1406 struct inet6_dev *idev; 1407 struct flowi6 fl6; 1408 u8 *opt; 1409 int rd_len; 1410 int err; 1411 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL; 1412 bool ret; 1413 1414 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) { 1415 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n", 1416 dev->name); 1417 return; 1418 } 1419 1420 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) && 1421 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) { 1422 ND_PRINTK(2, warn, 1423 "Redirect: target address is not link-local unicast\n"); 1424 return; 1425 } 1426 1427 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT, 1428 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex); 1429 1430 dst = ip6_route_output(net, NULL, &fl6); 1431 if (dst->error) { 1432 dst_release(dst); 1433 return; 1434 } 1435 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0); 1436 if (IS_ERR(dst)) 1437 return; 1438 1439 rt = (struct rt6_info *) dst; 1440 1441 if (rt->rt6i_flags & RTF_GATEWAY) { 1442 ND_PRINTK(2, warn, 1443 "Redirect: destination is not a neighbour\n"); 1444 goto release; 1445 } 1446 peer = inet_getpeer_v6(net->ipv6.peers, &rt->rt6i_dst.addr, 1); 1447 ret = inet_peer_xrlim_allow(peer, 1*HZ); 1448 if (peer) 1449 inet_putpeer(peer); 1450 if (!ret) 1451 goto release; 1452 1453 if (dev->addr_len) { 1454 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target); 1455 if (!neigh) { 1456 ND_PRINTK(2, warn, 1457 "Redirect: no neigh for target address\n"); 1458 goto release; 1459 } 1460 1461 read_lock_bh(&neigh->lock); 1462 if (neigh->nud_state & NUD_VALID) { 1463 memcpy(ha_buf, neigh->ha, dev->addr_len); 1464 read_unlock_bh(&neigh->lock); 1465 ha = ha_buf; 1466 len += ndisc_opt_addr_space(dev); 1467 } else 1468 read_unlock_bh(&neigh->lock); 1469 1470 neigh_release(neigh); 1471 } 1472 1473 rd_len = min_t(unsigned int, 1474 IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8); 1475 rd_len &= ~0x7; 1476 len += rd_len; 1477 1478 buff = ndisc_alloc_skb(dev, len); 1479 if (!buff) 1480 goto release; 1481 1482 ip6_nd_hdr(buff, &saddr_buf, &ipv6_hdr(skb)->saddr, 1483 inet6_sk(sk)->hop_limit, len); 1484 1485 skb_set_transport_header(buff, skb_tail_pointer(buff) - buff->data); 1486 skb_put(buff, len); 1487 msg = (struct rd_msg *)icmp6_hdr(buff); 1488 1489 memset(&msg->icmph, 0, sizeof(struct icmp6hdr)); 1490 msg->icmph.icmp6_type = NDISC_REDIRECT; 1491 1492 /* 1493 * copy target and destination addresses 1494 */ 1495 1496 msg->target = *target; 1497 msg->dest = ipv6_hdr(skb)->daddr; 1498 1499 opt = msg->opt; 1500 1501 /* 1502 * include target_address option 1503 */ 1504 1505 if (ha) 1506 opt = ndisc_fill_addr_option(opt, ND_OPT_TARGET_LL_ADDR, ha, dev); 1507 1508 /* 1509 * build redirect option and copy skb over to the new packet. 1510 */ 1511 1512 if (rd_len) 1513 opt = ndisc_fill_redirect_hdr_option(opt, skb, rd_len); 1514 1515 msg->icmph.icmp6_cksum = csum_ipv6_magic(&saddr_buf, &ipv6_hdr(skb)->saddr, 1516 len, IPPROTO_ICMPV6, 1517 csum_partial(msg, len, 0)); 1518 1519 skb_dst_set(buff, dst); 1520 rcu_read_lock(); 1521 idev = __in6_dev_get(dst->dev); 1522 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len); 1523 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, buff, NULL, dst->dev, 1524 dst_output); 1525 if (!err) { 1526 ICMP6MSGOUT_INC_STATS(net, idev, NDISC_REDIRECT); 1527 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS); 1528 } 1529 1530 rcu_read_unlock(); 1531 return; 1532 1533release: 1534 dst_release(dst); 1535} 1536 1537static void pndisc_redo(struct sk_buff *skb) 1538{ 1539 ndisc_recv_ns(skb); 1540 kfree_skb(skb); 1541} 1542 1543int ndisc_rcv(struct sk_buff *skb) 1544{ 1545 struct nd_msg *msg; 1546 1547 if (skb_linearize(skb)) 1548 return 0; 1549 1550 msg = (struct nd_msg *)skb_transport_header(skb); 1551 1552 __skb_push(skb, skb->data - skb_transport_header(skb)); 1553 1554 if (ipv6_hdr(skb)->hop_limit != 255) { 1555 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n", 1556 ipv6_hdr(skb)->hop_limit); 1557 return 0; 1558 } 1559 1560 if (msg->icmph.icmp6_code != 0) { 1561 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n", 1562 msg->icmph.icmp6_code); 1563 return 0; 1564 } 1565 1566 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb)); 1567 1568 switch (msg->icmph.icmp6_type) { 1569 case NDISC_NEIGHBOUR_SOLICITATION: 1570 ndisc_recv_ns(skb); 1571 break; 1572 1573 case NDISC_NEIGHBOUR_ADVERTISEMENT: 1574 ndisc_recv_na(skb); 1575 break; 1576 1577 case NDISC_ROUTER_SOLICITATION: 1578 ndisc_recv_rs(skb); 1579 break; 1580 1581 case NDISC_ROUTER_ADVERTISEMENT: 1582 ndisc_router_discovery(skb); 1583 break; 1584 1585 case NDISC_REDIRECT: 1586 ndisc_redirect_rcv(skb); 1587 break; 1588 } 1589 1590 return 0; 1591} 1592 1593static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr) 1594{ 1595 struct net_device *dev = ptr; 1596 struct net *net = dev_net(dev); 1597 struct inet6_dev *idev; 1598 1599 switch (event) { 1600 case NETDEV_CHANGEADDR: 1601 neigh_changeaddr(&nd_tbl, dev); 1602 fib6_run_gc(~0UL, net); 1603 idev = in6_dev_get(dev); 1604 if (!idev) 1605 break; 1606 if (idev->cnf.ndisc_notify) 1607 ndisc_send_unsol_na(dev); 1608 in6_dev_put(idev); 1609 break; 1610 case NETDEV_DOWN: 1611 neigh_ifdown(&nd_tbl, dev); 1612 fib6_run_gc(~0UL, net); 1613 break; 1614 case NETDEV_NOTIFY_PEERS: 1615 ndisc_send_unsol_na(dev); 1616 break; 1617 default: 1618 break; 1619 } 1620 1621 return NOTIFY_DONE; 1622} 1623 1624static struct notifier_block ndisc_netdev_notifier = { 1625 .notifier_call = ndisc_netdev_event, 1626}; 1627 1628#ifdef CONFIG_SYSCTL 1629static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl, 1630 const char *func, const char *dev_name) 1631{ 1632 static char warncomm[TASK_COMM_LEN]; 1633 static int warned; 1634 if (strcmp(warncomm, current->comm) && warned < 5) { 1635 strcpy(warncomm, current->comm); 1636 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n", 1637 warncomm, func, 1638 dev_name, ctl->procname, 1639 dev_name, ctl->procname); 1640 warned++; 1641 } 1642} 1643 1644int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos) 1645{ 1646 struct net_device *dev = ctl->extra1; 1647 struct inet6_dev *idev; 1648 int ret; 1649 1650 if ((strcmp(ctl->procname, "retrans_time") == 0) || 1651 (strcmp(ctl->procname, "base_reachable_time") == 0)) 1652 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default"); 1653 1654 if (strcmp(ctl->procname, "retrans_time") == 0) 1655 ret = proc_dointvec(ctl, write, buffer, lenp, ppos); 1656 1657 else if (strcmp(ctl->procname, "base_reachable_time") == 0) 1658 ret = proc_dointvec_jiffies(ctl, write, 1659 buffer, lenp, ppos); 1660 1661 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) || 1662 (strcmp(ctl->procname, "base_reachable_time_ms") == 0)) 1663 ret = proc_dointvec_ms_jiffies(ctl, write, 1664 buffer, lenp, ppos); 1665 else 1666 ret = -1; 1667 1668 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) { 1669 if (ctl->data == &idev->nd_parms->base_reachable_time) 1670 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time); 1671 idev->tstamp = jiffies; 1672 inet6_ifinfo_notify(RTM_NEWLINK, idev); 1673 in6_dev_put(idev); 1674 } 1675 return ret; 1676} 1677 1678 1679#endif 1680 1681static int __net_init ndisc_net_init(struct net *net) 1682{ 1683 struct ipv6_pinfo *np; 1684 struct sock *sk; 1685 int err; 1686 1687 err = inet_ctl_sock_create(&sk, PF_INET6, 1688 SOCK_RAW, IPPROTO_ICMPV6, net); 1689 if (err < 0) { 1690 ND_PRINTK(0, err, 1691 "NDISC: Failed to initialize the control socket (err %d)\n", 1692 err); 1693 return err; 1694 } 1695 1696 net->ipv6.ndisc_sk = sk; 1697 1698 np = inet6_sk(sk); 1699 np->hop_limit = 255; 1700 /* Do not loopback ndisc messages */ 1701 np->mc_loop = 0; 1702 1703 return 0; 1704} 1705 1706static void __net_exit ndisc_net_exit(struct net *net) 1707{ 1708 inet_ctl_sock_destroy(net->ipv6.ndisc_sk); 1709} 1710 1711static struct pernet_operations ndisc_net_ops = { 1712 .init = ndisc_net_init, 1713 .exit = ndisc_net_exit, 1714}; 1715 1716int __init ndisc_init(void) 1717{ 1718 int err; 1719 1720 err = register_pernet_subsys(&ndisc_net_ops); 1721 if (err) 1722 return err; 1723 /* 1724 * Initialize the neighbour table 1725 */ 1726 neigh_table_init(&nd_tbl); 1727 1728#ifdef CONFIG_SYSCTL 1729 err = neigh_sysctl_register(NULL, &nd_tbl.parms, "ipv6", 1730 &ndisc_ifinfo_sysctl_change); 1731 if (err) 1732 goto out_unregister_pernet; 1733#endif 1734 err = register_netdevice_notifier(&ndisc_netdev_notifier); 1735 if (err) 1736 goto out_unregister_sysctl; 1737out: 1738 return err; 1739 1740out_unregister_sysctl: 1741#ifdef CONFIG_SYSCTL 1742 neigh_sysctl_unregister(&nd_tbl.parms); 1743out_unregister_pernet: 1744#endif 1745 unregister_pernet_subsys(&ndisc_net_ops); 1746 goto out; 1747} 1748 1749void ndisc_cleanup(void) 1750{ 1751 unregister_netdevice_notifier(&ndisc_netdev_notifier); 1752#ifdef CONFIG_SYSCTL 1753 neigh_sysctl_unregister(&nd_tbl.parms); 1754#endif 1755 neigh_table_clear(&nd_tbl); 1756 unregister_pernet_subsys(&ndisc_net_ops); 1757} 1758