ndisc.c revision b800c3b966bcf004bd8592293a49ed5cb7ea67a9
1/* 2 * Neighbour Discovery for IPv6 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * Mike Shaver <shaver@ingenia.com> 8 * 9 * This program is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU General Public License 11 * as published by the Free Software Foundation; either version 12 * 2 of the License, or (at your option) any later version. 13 */ 14 15/* 16 * Changes: 17 * 18 * Alexey I. Froloff : RFC6106 (DNSSL) support 19 * Pierre Ynard : export userland ND options 20 * through netlink (RDNSS support) 21 * Lars Fenneberg : fixed MTU setting on receipt 22 * of an RA. 23 * Janos Farkas : kmalloc failure checks 24 * Alexey Kuznetsov : state machine reworked 25 * and moved to net/core. 26 * Pekka Savola : RFC2461 validation 27 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly 28 */ 29 30#define pr_fmt(fmt) "ICMPv6: " fmt 31 32#include <linux/module.h> 33#include <linux/errno.h> 34#include <linux/types.h> 35#include <linux/socket.h> 36#include <linux/sockios.h> 37#include <linux/sched.h> 38#include <linux/net.h> 39#include <linux/in6.h> 40#include <linux/route.h> 41#include <linux/init.h> 42#include <linux/rcupdate.h> 43#include <linux/slab.h> 44#ifdef CONFIG_SYSCTL 45#include <linux/sysctl.h> 46#endif 47 48#include <linux/if_addr.h> 49#include <linux/if_arp.h> 50#include <linux/ipv6.h> 51#include <linux/icmpv6.h> 52#include <linux/jhash.h> 53 54#include <net/sock.h> 55#include <net/snmp.h> 56 57#include <net/ipv6.h> 58#include <net/protocol.h> 59#include <net/ndisc.h> 60#include <net/ip6_route.h> 61#include <net/addrconf.h> 62#include <net/icmp.h> 63 64#include <net/netlink.h> 65#include <linux/rtnetlink.h> 66 67#include <net/flow.h> 68#include <net/ip6_checksum.h> 69#include <net/inet_common.h> 70#include <linux/proc_fs.h> 71 72#include <linux/netfilter.h> 73#include <linux/netfilter_ipv6.h> 74 75/* Set to 3 to get tracing... */ 76#define ND_DEBUG 1 77 78#define ND_PRINTK(val, level, fmt, ...) \ 79do { \ 80 if (val <= ND_DEBUG) \ 81 net_##level##_ratelimited(fmt, ##__VA_ARGS__); \ 82} while (0) 83 84static u32 ndisc_hash(const void *pkey, 85 const struct net_device *dev, 86 __u32 *hash_rnd); 87static int ndisc_constructor(struct neighbour *neigh); 88static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb); 89static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb); 90static int pndisc_constructor(struct pneigh_entry *n); 91static void pndisc_destructor(struct pneigh_entry *n); 92static void pndisc_redo(struct sk_buff *skb); 93 94static const struct neigh_ops ndisc_generic_ops = { 95 .family = AF_INET6, 96 .solicit = ndisc_solicit, 97 .error_report = ndisc_error_report, 98 .output = neigh_resolve_output, 99 .connected_output = neigh_connected_output, 100}; 101 102static const struct neigh_ops ndisc_hh_ops = { 103 .family = AF_INET6, 104 .solicit = ndisc_solicit, 105 .error_report = ndisc_error_report, 106 .output = neigh_resolve_output, 107 .connected_output = neigh_resolve_output, 108}; 109 110 111static const struct neigh_ops ndisc_direct_ops = { 112 .family = AF_INET6, 113 .output = neigh_direct_output, 114 .connected_output = neigh_direct_output, 115}; 116 117struct neigh_table nd_tbl = { 118 .family = AF_INET6, 119 .key_len = sizeof(struct in6_addr), 120 .hash = ndisc_hash, 121 .constructor = ndisc_constructor, 122 .pconstructor = pndisc_constructor, 123 .pdestructor = pndisc_destructor, 124 .proxy_redo = pndisc_redo, 125 .id = "ndisc_cache", 126 .parms = { 127 .tbl = &nd_tbl, 128 .base_reachable_time = ND_REACHABLE_TIME, 129 .retrans_time = ND_RETRANS_TIMER, 130 .gc_staletime = 60 * HZ, 131 .reachable_time = ND_REACHABLE_TIME, 132 .delay_probe_time = 5 * HZ, 133 .queue_len_bytes = 64*1024, 134 .ucast_probes = 3, 135 .mcast_probes = 3, 136 .anycast_delay = 1 * HZ, 137 .proxy_delay = (8 * HZ) / 10, 138 .proxy_qlen = 64, 139 }, 140 .gc_interval = 30 * HZ, 141 .gc_thresh1 = 128, 142 .gc_thresh2 = 512, 143 .gc_thresh3 = 1024, 144}; 145 146static void ndisc_fill_addr_option(struct sk_buff *skb, int type, void *data) 147{ 148 int pad = ndisc_addr_option_pad(skb->dev->type); 149 int data_len = skb->dev->addr_len; 150 int space = ndisc_opt_addr_space(skb->dev); 151 u8 *opt = skb_put(skb, space); 152 153 opt[0] = type; 154 opt[1] = space>>3; 155 156 memset(opt + 2, 0, pad); 157 opt += pad; 158 space -= pad; 159 160 memcpy(opt+2, data, data_len); 161 data_len += 2; 162 opt += data_len; 163 if ((space -= data_len) > 0) 164 memset(opt, 0, space); 165} 166 167static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur, 168 struct nd_opt_hdr *end) 169{ 170 int type; 171 if (!cur || !end || cur >= end) 172 return NULL; 173 type = cur->nd_opt_type; 174 do { 175 cur = ((void *)cur) + (cur->nd_opt_len << 3); 176 } while(cur < end && cur->nd_opt_type != type); 177 return cur <= end && cur->nd_opt_type == type ? cur : NULL; 178} 179 180static inline int ndisc_is_useropt(struct nd_opt_hdr *opt) 181{ 182 return opt->nd_opt_type == ND_OPT_RDNSS || 183 opt->nd_opt_type == ND_OPT_DNSSL; 184} 185 186static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur, 187 struct nd_opt_hdr *end) 188{ 189 if (!cur || !end || cur >= end) 190 return NULL; 191 do { 192 cur = ((void *)cur) + (cur->nd_opt_len << 3); 193 } while(cur < end && !ndisc_is_useropt(cur)); 194 return cur <= end && ndisc_is_useropt(cur) ? cur : NULL; 195} 196 197struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len, 198 struct ndisc_options *ndopts) 199{ 200 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt; 201 202 if (!nd_opt || opt_len < 0 || !ndopts) 203 return NULL; 204 memset(ndopts, 0, sizeof(*ndopts)); 205 while (opt_len) { 206 int l; 207 if (opt_len < sizeof(struct nd_opt_hdr)) 208 return NULL; 209 l = nd_opt->nd_opt_len << 3; 210 if (opt_len < l || l == 0) 211 return NULL; 212 switch (nd_opt->nd_opt_type) { 213 case ND_OPT_SOURCE_LL_ADDR: 214 case ND_OPT_TARGET_LL_ADDR: 215 case ND_OPT_MTU: 216 case ND_OPT_REDIRECT_HDR: 217 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) { 218 ND_PRINTK(2, warn, 219 "%s: duplicated ND6 option found: type=%d\n", 220 __func__, nd_opt->nd_opt_type); 221 } else { 222 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 223 } 224 break; 225 case ND_OPT_PREFIX_INFO: 226 ndopts->nd_opts_pi_end = nd_opt; 227 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type]) 228 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 229 break; 230#ifdef CONFIG_IPV6_ROUTE_INFO 231 case ND_OPT_ROUTE_INFO: 232 ndopts->nd_opts_ri_end = nd_opt; 233 if (!ndopts->nd_opts_ri) 234 ndopts->nd_opts_ri = nd_opt; 235 break; 236#endif 237 default: 238 if (ndisc_is_useropt(nd_opt)) { 239 ndopts->nd_useropts_end = nd_opt; 240 if (!ndopts->nd_useropts) 241 ndopts->nd_useropts = nd_opt; 242 } else { 243 /* 244 * Unknown options must be silently ignored, 245 * to accommodate future extension to the 246 * protocol. 247 */ 248 ND_PRINTK(2, notice, 249 "%s: ignored unsupported option; type=%d, len=%d\n", 250 __func__, 251 nd_opt->nd_opt_type, 252 nd_opt->nd_opt_len); 253 } 254 } 255 opt_len -= l; 256 nd_opt = ((void *)nd_opt) + l; 257 } 258 return ndopts; 259} 260 261int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir) 262{ 263 switch (dev->type) { 264 case ARPHRD_ETHER: 265 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */ 266 case ARPHRD_FDDI: 267 ipv6_eth_mc_map(addr, buf); 268 return 0; 269 case ARPHRD_ARCNET: 270 ipv6_arcnet_mc_map(addr, buf); 271 return 0; 272 case ARPHRD_INFINIBAND: 273 ipv6_ib_mc_map(addr, dev->broadcast, buf); 274 return 0; 275 case ARPHRD_IPGRE: 276 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf); 277 default: 278 if (dir) { 279 memcpy(buf, dev->broadcast, dev->addr_len); 280 return 0; 281 } 282 } 283 return -EINVAL; 284} 285 286EXPORT_SYMBOL(ndisc_mc_map); 287 288static u32 ndisc_hash(const void *pkey, 289 const struct net_device *dev, 290 __u32 *hash_rnd) 291{ 292 return ndisc_hashfn(pkey, dev, hash_rnd); 293} 294 295static int ndisc_constructor(struct neighbour *neigh) 296{ 297 struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key; 298 struct net_device *dev = neigh->dev; 299 struct inet6_dev *in6_dev; 300 struct neigh_parms *parms; 301 bool is_multicast = ipv6_addr_is_multicast(addr); 302 303 in6_dev = in6_dev_get(dev); 304 if (in6_dev == NULL) { 305 return -EINVAL; 306 } 307 308 parms = in6_dev->nd_parms; 309 __neigh_parms_put(neigh->parms); 310 neigh->parms = neigh_parms_clone(parms); 311 312 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST; 313 if (!dev->header_ops) { 314 neigh->nud_state = NUD_NOARP; 315 neigh->ops = &ndisc_direct_ops; 316 neigh->output = neigh_direct_output; 317 } else { 318 if (is_multicast) { 319 neigh->nud_state = NUD_NOARP; 320 ndisc_mc_map(addr, neigh->ha, dev, 1); 321 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) { 322 neigh->nud_state = NUD_NOARP; 323 memcpy(neigh->ha, dev->dev_addr, dev->addr_len); 324 if (dev->flags&IFF_LOOPBACK) 325 neigh->type = RTN_LOCAL; 326 } else if (dev->flags&IFF_POINTOPOINT) { 327 neigh->nud_state = NUD_NOARP; 328 memcpy(neigh->ha, dev->broadcast, dev->addr_len); 329 } 330 if (dev->header_ops->cache) 331 neigh->ops = &ndisc_hh_ops; 332 else 333 neigh->ops = &ndisc_generic_ops; 334 if (neigh->nud_state&NUD_VALID) 335 neigh->output = neigh->ops->connected_output; 336 else 337 neigh->output = neigh->ops->output; 338 } 339 in6_dev_put(in6_dev); 340 return 0; 341} 342 343static int pndisc_constructor(struct pneigh_entry *n) 344{ 345 struct in6_addr *addr = (struct in6_addr*)&n->key; 346 struct in6_addr maddr; 347 struct net_device *dev = n->dev; 348 349 if (dev == NULL || __in6_dev_get(dev) == NULL) 350 return -EINVAL; 351 addrconf_addr_solict_mult(addr, &maddr); 352 ipv6_dev_mc_inc(dev, &maddr); 353 return 0; 354} 355 356static void pndisc_destructor(struct pneigh_entry *n) 357{ 358 struct in6_addr *addr = (struct in6_addr*)&n->key; 359 struct in6_addr maddr; 360 struct net_device *dev = n->dev; 361 362 if (dev == NULL || __in6_dev_get(dev) == NULL) 363 return; 364 addrconf_addr_solict_mult(addr, &maddr); 365 ipv6_dev_mc_dec(dev, &maddr); 366} 367 368static struct sk_buff *ndisc_alloc_skb(struct net_device *dev, 369 int len) 370{ 371 int hlen = LL_RESERVED_SPACE(dev); 372 int tlen = dev->needed_tailroom; 373 struct sock *sk = dev_net(dev)->ipv6.ndisc_sk; 374 struct sk_buff *skb; 375 int err; 376 377 skb = sock_alloc_send_skb(sk, 378 hlen + sizeof(struct ipv6hdr) + len + tlen, 379 1, &err); 380 if (!skb) { 381 ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb, err=%d\n", 382 __func__, err); 383 return NULL; 384 } 385 386 skb->protocol = htons(ETH_P_IPV6); 387 skb->dev = dev; 388 389 skb_reserve(skb, hlen + sizeof(struct ipv6hdr)); 390 skb_reset_transport_header(skb); 391 392 return skb; 393} 394 395static void ip6_nd_hdr(struct sk_buff *skb, 396 const struct in6_addr *saddr, 397 const struct in6_addr *daddr, 398 int hop_limit, int len) 399{ 400 struct ipv6hdr *hdr; 401 402 skb_push(skb, sizeof(*hdr)); 403 skb_reset_network_header(skb); 404 hdr = ipv6_hdr(skb); 405 406 ip6_flow_hdr(hdr, 0, 0); 407 408 hdr->payload_len = htons(len); 409 hdr->nexthdr = IPPROTO_ICMPV6; 410 hdr->hop_limit = hop_limit; 411 412 hdr->saddr = *saddr; 413 hdr->daddr = *daddr; 414} 415 416static void ndisc_send_skb(struct sk_buff *skb, 417 const struct in6_addr *daddr, 418 const struct in6_addr *saddr) 419{ 420 struct dst_entry *dst = skb_dst(skb); 421 struct net *net = dev_net(skb->dev); 422 struct sock *sk = net->ipv6.ndisc_sk; 423 struct inet6_dev *idev; 424 int err; 425 struct icmp6hdr *icmp6h = icmp6_hdr(skb); 426 u8 type; 427 428 type = icmp6h->icmp6_type; 429 430 if (!dst) { 431 struct sock *sk = net->ipv6.ndisc_sk; 432 struct flowi6 fl6; 433 434 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, skb->dev->ifindex); 435 dst = icmp6_dst_alloc(skb->dev, &fl6); 436 if (IS_ERR(dst)) { 437 kfree_skb(skb); 438 return; 439 } 440 441 skb_dst_set(skb, dst); 442 } 443 444 icmp6h->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len, 445 IPPROTO_ICMPV6, 446 csum_partial(icmp6h, 447 skb->len, 0)); 448 449 ip6_nd_hdr(skb, saddr, daddr, inet6_sk(sk)->hop_limit, skb->len); 450 451 rcu_read_lock(); 452 idev = __in6_dev_get(dst->dev); 453 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len); 454 455 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev, 456 dst_output); 457 if (!err) { 458 ICMP6MSGOUT_INC_STATS(net, idev, type); 459 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS); 460 } 461 462 rcu_read_unlock(); 463} 464 465static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh, 466 const struct in6_addr *daddr, 467 const struct in6_addr *solicited_addr, 468 bool router, bool solicited, bool override, bool inc_opt) 469{ 470 struct sk_buff *skb; 471 struct in6_addr tmpaddr; 472 struct inet6_ifaddr *ifp; 473 const struct in6_addr *src_addr; 474 struct nd_msg *msg; 475 int optlen = 0; 476 477 /* for anycast or proxy, solicited_addr != src_addr */ 478 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1); 479 if (ifp) { 480 src_addr = solicited_addr; 481 if (ifp->flags & IFA_F_OPTIMISTIC) 482 override = false; 483 inc_opt |= ifp->idev->cnf.force_tllao; 484 in6_ifa_put(ifp); 485 } else { 486 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr, 487 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs, 488 &tmpaddr)) 489 return; 490 src_addr = &tmpaddr; 491 } 492 493 if (!dev->addr_len) 494 inc_opt = 0; 495 if (inc_opt) 496 optlen += ndisc_opt_addr_space(dev); 497 498 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen); 499 if (!skb) 500 return; 501 502 msg = (struct nd_msg *)skb_put(skb, sizeof(*msg)); 503 *msg = (struct nd_msg) { 504 .icmph = { 505 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT, 506 .icmp6_router = router, 507 .icmp6_solicited = solicited, 508 .icmp6_override = override, 509 }, 510 .target = *solicited_addr, 511 }; 512 513 if (inc_opt) 514 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR, 515 dev->dev_addr); 516 517 518 ndisc_send_skb(skb, daddr, src_addr); 519} 520 521static void ndisc_send_unsol_na(struct net_device *dev) 522{ 523 struct inet6_dev *idev; 524 struct inet6_ifaddr *ifa; 525 526 idev = in6_dev_get(dev); 527 if (!idev) 528 return; 529 530 read_lock_bh(&idev->lock); 531 list_for_each_entry(ifa, &idev->addr_list, if_list) { 532 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &ifa->addr, 533 /*router=*/ !!idev->cnf.forwarding, 534 /*solicited=*/ false, /*override=*/ true, 535 /*inc_opt=*/ true); 536 } 537 read_unlock_bh(&idev->lock); 538 539 in6_dev_put(idev); 540} 541 542void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh, 543 const struct in6_addr *solicit, 544 const struct in6_addr *daddr, const struct in6_addr *saddr) 545{ 546 struct sk_buff *skb; 547 struct in6_addr addr_buf; 548 int inc_opt = dev->addr_len; 549 int optlen = 0; 550 struct nd_msg *msg; 551 552 if (saddr == NULL) { 553 if (ipv6_get_lladdr(dev, &addr_buf, 554 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))) 555 return; 556 saddr = &addr_buf; 557 } 558 559 if (ipv6_addr_any(saddr)) 560 inc_opt = false; 561 if (inc_opt) 562 optlen += ndisc_opt_addr_space(dev); 563 564 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen); 565 if (!skb) 566 return; 567 568 msg = (struct nd_msg *)skb_put(skb, sizeof(*msg)); 569 *msg = (struct nd_msg) { 570 .icmph = { 571 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION, 572 }, 573 .target = *solicit, 574 }; 575 576 if (inc_opt) 577 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR, 578 dev->dev_addr); 579 580 ndisc_send_skb(skb, daddr, saddr); 581} 582 583void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr, 584 const struct in6_addr *daddr) 585{ 586 struct sk_buff *skb; 587 struct rs_msg *msg; 588 int send_sllao = dev->addr_len; 589 int optlen = 0; 590 591#ifdef CONFIG_IPV6_OPTIMISTIC_DAD 592 /* 593 * According to section 2.2 of RFC 4429, we must not 594 * send router solicitations with a sllao from 595 * optimistic addresses, but we may send the solicitation 596 * if we don't include the sllao. So here we check 597 * if our address is optimistic, and if so, we 598 * suppress the inclusion of the sllao. 599 */ 600 if (send_sllao) { 601 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr, 602 dev, 1); 603 if (ifp) { 604 if (ifp->flags & IFA_F_OPTIMISTIC) { 605 send_sllao = 0; 606 } 607 in6_ifa_put(ifp); 608 } else { 609 send_sllao = 0; 610 } 611 } 612#endif 613 if (send_sllao) 614 optlen += ndisc_opt_addr_space(dev); 615 616 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen); 617 if (!skb) 618 return; 619 620 msg = (struct rs_msg *)skb_put(skb, sizeof(*msg)); 621 *msg = (struct rs_msg) { 622 .icmph = { 623 .icmp6_type = NDISC_ROUTER_SOLICITATION, 624 }, 625 }; 626 627 if (send_sllao) 628 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR, 629 dev->dev_addr); 630 631 ndisc_send_skb(skb, daddr, saddr); 632} 633 634 635static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb) 636{ 637 /* 638 * "The sender MUST return an ICMP 639 * destination unreachable" 640 */ 641 dst_link_failure(skb); 642 kfree_skb(skb); 643} 644 645/* Called with locked neigh: either read or both */ 646 647static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb) 648{ 649 struct in6_addr *saddr = NULL; 650 struct in6_addr mcaddr; 651 struct net_device *dev = neigh->dev; 652 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key; 653 int probes = atomic_read(&neigh->probes); 654 655 if (skb && ipv6_chk_addr(dev_net(dev), &ipv6_hdr(skb)->saddr, dev, 1)) 656 saddr = &ipv6_hdr(skb)->saddr; 657 658 if ((probes -= neigh->parms->ucast_probes) < 0) { 659 if (!(neigh->nud_state & NUD_VALID)) { 660 ND_PRINTK(1, dbg, 661 "%s: trying to ucast probe in NUD_INVALID: %pI6\n", 662 __func__, target); 663 } 664 ndisc_send_ns(dev, neigh, target, target, saddr); 665 } else if ((probes -= neigh->parms->app_probes) < 0) { 666#ifdef CONFIG_ARPD 667 neigh_app_ns(neigh); 668#endif 669 } else { 670 addrconf_addr_solict_mult(target, &mcaddr); 671 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr); 672 } 673} 674 675static int pndisc_is_router(const void *pkey, 676 struct net_device *dev) 677{ 678 struct pneigh_entry *n; 679 int ret = -1; 680 681 read_lock_bh(&nd_tbl.lock); 682 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev); 683 if (n) 684 ret = !!(n->flags & NTF_ROUTER); 685 read_unlock_bh(&nd_tbl.lock); 686 687 return ret; 688} 689 690static void ndisc_recv_ns(struct sk_buff *skb) 691{ 692 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb); 693 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 694 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr; 695 u8 *lladdr = NULL; 696 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) + 697 offsetof(struct nd_msg, opt)); 698 struct ndisc_options ndopts; 699 struct net_device *dev = skb->dev; 700 struct inet6_ifaddr *ifp; 701 struct inet6_dev *idev = NULL; 702 struct neighbour *neigh; 703 int dad = ipv6_addr_any(saddr); 704 bool inc; 705 int is_router = -1; 706 707 if (skb->len < sizeof(struct nd_msg)) { 708 ND_PRINTK(2, warn, "NS: packet too short\n"); 709 return; 710 } 711 712 if (ipv6_addr_is_multicast(&msg->target)) { 713 ND_PRINTK(2, warn, "NS: multicast target address\n"); 714 return; 715 } 716 717 /* 718 * RFC2461 7.1.1: 719 * DAD has to be destined for solicited node multicast address. 720 */ 721 if (dad && !ipv6_addr_is_solict_mult(daddr)) { 722 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n"); 723 return; 724 } 725 726 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) { 727 ND_PRINTK(2, warn, "NS: invalid ND options\n"); 728 return; 729 } 730 731 if (ndopts.nd_opts_src_lladdr) { 732 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev); 733 if (!lladdr) { 734 ND_PRINTK(2, warn, 735 "NS: invalid link-layer address length\n"); 736 return; 737 } 738 739 /* RFC2461 7.1.1: 740 * If the IP source address is the unspecified address, 741 * there MUST NOT be source link-layer address option 742 * in the message. 743 */ 744 if (dad) { 745 ND_PRINTK(2, warn, 746 "NS: bad DAD packet (link-layer address option)\n"); 747 return; 748 } 749 } 750 751 inc = ipv6_addr_is_multicast(daddr); 752 753 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1); 754 if (ifp) { 755 756 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) { 757 if (dad) { 758 /* 759 * We are colliding with another node 760 * who is doing DAD 761 * so fail our DAD process 762 */ 763 addrconf_dad_failure(ifp); 764 return; 765 } else { 766 /* 767 * This is not a dad solicitation. 768 * If we are an optimistic node, 769 * we should respond. 770 * Otherwise, we should ignore it. 771 */ 772 if (!(ifp->flags & IFA_F_OPTIMISTIC)) 773 goto out; 774 } 775 } 776 777 idev = ifp->idev; 778 } else { 779 struct net *net = dev_net(dev); 780 781 idev = in6_dev_get(dev); 782 if (!idev) { 783 /* XXX: count this drop? */ 784 return; 785 } 786 787 if (ipv6_chk_acast_addr(net, dev, &msg->target) || 788 (idev->cnf.forwarding && 789 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) && 790 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) { 791 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) && 792 skb->pkt_type != PACKET_HOST && 793 inc && 794 idev->nd_parms->proxy_delay != 0) { 795 /* 796 * for anycast or proxy, 797 * sender should delay its response 798 * by a random time between 0 and 799 * MAX_ANYCAST_DELAY_TIME seconds. 800 * (RFC2461) -- yoshfuji 801 */ 802 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC); 803 if (n) 804 pneigh_enqueue(&nd_tbl, idev->nd_parms, n); 805 goto out; 806 } 807 } else 808 goto out; 809 } 810 811 if (is_router < 0) 812 is_router = idev->cnf.forwarding; 813 814 if (dad) { 815 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &msg->target, 816 !!is_router, false, (ifp != NULL), true); 817 goto out; 818 } 819 820 if (inc) 821 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast); 822 else 823 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast); 824 825 /* 826 * update / create cache entry 827 * for the source address 828 */ 829 neigh = __neigh_lookup(&nd_tbl, saddr, dev, 830 !inc || lladdr || !dev->addr_len); 831 if (neigh) 832 neigh_update(neigh, lladdr, NUD_STALE, 833 NEIGH_UPDATE_F_WEAK_OVERRIDE| 834 NEIGH_UPDATE_F_OVERRIDE); 835 if (neigh || !dev->header_ops) { 836 ndisc_send_na(dev, neigh, saddr, &msg->target, 837 !!is_router, 838 true, (ifp != NULL && inc), inc); 839 if (neigh) 840 neigh_release(neigh); 841 } 842 843out: 844 if (ifp) 845 in6_ifa_put(ifp); 846 else 847 in6_dev_put(idev); 848} 849 850static void ndisc_recv_na(struct sk_buff *skb) 851{ 852 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb); 853 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 854 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr; 855 u8 *lladdr = NULL; 856 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) + 857 offsetof(struct nd_msg, opt)); 858 struct ndisc_options ndopts; 859 struct net_device *dev = skb->dev; 860 struct inet6_ifaddr *ifp; 861 struct neighbour *neigh; 862 863 if (skb->len < sizeof(struct nd_msg)) { 864 ND_PRINTK(2, warn, "NA: packet too short\n"); 865 return; 866 } 867 868 if (ipv6_addr_is_multicast(&msg->target)) { 869 ND_PRINTK(2, warn, "NA: target address is multicast\n"); 870 return; 871 } 872 873 if (ipv6_addr_is_multicast(daddr) && 874 msg->icmph.icmp6_solicited) { 875 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n"); 876 return; 877 } 878 879 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) { 880 ND_PRINTK(2, warn, "NS: invalid ND option\n"); 881 return; 882 } 883 if (ndopts.nd_opts_tgt_lladdr) { 884 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev); 885 if (!lladdr) { 886 ND_PRINTK(2, warn, 887 "NA: invalid link-layer address length\n"); 888 return; 889 } 890 } 891 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1); 892 if (ifp) { 893 if (skb->pkt_type != PACKET_LOOPBACK 894 && (ifp->flags & IFA_F_TENTATIVE)) { 895 addrconf_dad_failure(ifp); 896 return; 897 } 898 /* What should we make now? The advertisement 899 is invalid, but ndisc specs say nothing 900 about it. It could be misconfiguration, or 901 an smart proxy agent tries to help us :-) 902 903 We should not print the error if NA has been 904 received from loopback - it is just our own 905 unsolicited advertisement. 906 */ 907 if (skb->pkt_type != PACKET_LOOPBACK) 908 ND_PRINTK(1, warn, 909 "NA: someone advertises our address %pI6 on %s!\n", 910 &ifp->addr, ifp->idev->dev->name); 911 in6_ifa_put(ifp); 912 return; 913 } 914 neigh = neigh_lookup(&nd_tbl, &msg->target, dev); 915 916 if (neigh) { 917 u8 old_flags = neigh->flags; 918 struct net *net = dev_net(dev); 919 920 if (neigh->nud_state & NUD_FAILED) 921 goto out; 922 923 /* 924 * Don't update the neighbor cache entry on a proxy NA from 925 * ourselves because either the proxied node is off link or it 926 * has already sent a NA to us. 927 */ 928 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) && 929 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp && 930 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) { 931 /* XXX: idev->cnf.proxy_ndp */ 932 goto out; 933 } 934 935 neigh_update(neigh, lladdr, 936 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE, 937 NEIGH_UPDATE_F_WEAK_OVERRIDE| 938 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)| 939 NEIGH_UPDATE_F_OVERRIDE_ISROUTER| 940 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0)); 941 942 if ((old_flags & ~neigh->flags) & NTF_ROUTER) { 943 /* 944 * Change: router to host 945 */ 946 struct rt6_info *rt; 947 rt = rt6_get_dflt_router(saddr, dev); 948 if (rt) 949 ip6_del_rt(rt); 950 } 951 952out: 953 neigh_release(neigh); 954 } 955} 956 957static void ndisc_recv_rs(struct sk_buff *skb) 958{ 959 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb); 960 unsigned long ndoptlen = skb->len - sizeof(*rs_msg); 961 struct neighbour *neigh; 962 struct inet6_dev *idev; 963 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 964 struct ndisc_options ndopts; 965 u8 *lladdr = NULL; 966 967 if (skb->len < sizeof(*rs_msg)) 968 return; 969 970 idev = __in6_dev_get(skb->dev); 971 if (!idev) { 972 ND_PRINTK(1, err, "RS: can't find in6 device\n"); 973 return; 974 } 975 976 /* Don't accept RS if we're not in router mode */ 977 if (!idev->cnf.forwarding) 978 goto out; 979 980 /* 981 * Don't update NCE if src = ::; 982 * this implies that the source node has no ip address assigned yet. 983 */ 984 if (ipv6_addr_any(saddr)) 985 goto out; 986 987 /* Parse ND options */ 988 if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) { 989 ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n"); 990 goto out; 991 } 992 993 if (ndopts.nd_opts_src_lladdr) { 994 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, 995 skb->dev); 996 if (!lladdr) 997 goto out; 998 } 999 1000 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1); 1001 if (neigh) { 1002 neigh_update(neigh, lladdr, NUD_STALE, 1003 NEIGH_UPDATE_F_WEAK_OVERRIDE| 1004 NEIGH_UPDATE_F_OVERRIDE| 1005 NEIGH_UPDATE_F_OVERRIDE_ISROUTER); 1006 neigh_release(neigh); 1007 } 1008out: 1009 return; 1010} 1011 1012static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt) 1013{ 1014 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra); 1015 struct sk_buff *skb; 1016 struct nlmsghdr *nlh; 1017 struct nduseroptmsg *ndmsg; 1018 struct net *net = dev_net(ra->dev); 1019 int err; 1020 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg) 1021 + (opt->nd_opt_len << 3)); 1022 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr)); 1023 1024 skb = nlmsg_new(msg_size, GFP_ATOMIC); 1025 if (skb == NULL) { 1026 err = -ENOBUFS; 1027 goto errout; 1028 } 1029 1030 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0); 1031 if (nlh == NULL) { 1032 goto nla_put_failure; 1033 } 1034 1035 ndmsg = nlmsg_data(nlh); 1036 ndmsg->nduseropt_family = AF_INET6; 1037 ndmsg->nduseropt_ifindex = ra->dev->ifindex; 1038 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type; 1039 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code; 1040 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3; 1041 1042 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3); 1043 1044 if (nla_put(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr), 1045 &ipv6_hdr(ra)->saddr)) 1046 goto nla_put_failure; 1047 nlmsg_end(skb, nlh); 1048 1049 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC); 1050 return; 1051 1052nla_put_failure: 1053 nlmsg_free(skb); 1054 err = -EMSGSIZE; 1055errout: 1056 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err); 1057} 1058 1059static void ndisc_router_discovery(struct sk_buff *skb) 1060{ 1061 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb); 1062 struct neighbour *neigh = NULL; 1063 struct inet6_dev *in6_dev; 1064 struct rt6_info *rt = NULL; 1065 int lifetime; 1066 struct ndisc_options ndopts; 1067 int optlen; 1068 unsigned int pref = 0; 1069 1070 __u8 * opt = (__u8 *)(ra_msg + 1); 1071 1072 optlen = (skb_tail_pointer(skb) - skb_transport_header(skb)) - 1073 sizeof(struct ra_msg); 1074 1075 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) { 1076 ND_PRINTK(2, warn, "RA: source address is not link-local\n"); 1077 return; 1078 } 1079 if (optlen < 0) { 1080 ND_PRINTK(2, warn, "RA: packet too short\n"); 1081 return; 1082 } 1083 1084#ifdef CONFIG_IPV6_NDISC_NODETYPE 1085 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) { 1086 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n"); 1087 return; 1088 } 1089#endif 1090 1091 /* 1092 * set the RA_RECV flag in the interface 1093 */ 1094 1095 in6_dev = __in6_dev_get(skb->dev); 1096 if (in6_dev == NULL) { 1097 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n", 1098 skb->dev->name); 1099 return; 1100 } 1101 1102 if (!ndisc_parse_options(opt, optlen, &ndopts)) { 1103 ND_PRINTK(2, warn, "RA: invalid ND options\n"); 1104 return; 1105 } 1106 1107 if (!ipv6_accept_ra(in6_dev)) 1108 goto skip_linkparms; 1109 1110#ifdef CONFIG_IPV6_NDISC_NODETYPE 1111 /* skip link-specific parameters from interior routers */ 1112 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) 1113 goto skip_linkparms; 1114#endif 1115 1116 if (in6_dev->if_flags & IF_RS_SENT) { 1117 /* 1118 * flag that an RA was received after an RS was sent 1119 * out on this interface. 1120 */ 1121 in6_dev->if_flags |= IF_RA_RCVD; 1122 } 1123 1124 /* 1125 * Remember the managed/otherconf flags from most recently 1126 * received RA message (RFC 2462) -- yoshfuji 1127 */ 1128 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED | 1129 IF_RA_OTHERCONF)) | 1130 (ra_msg->icmph.icmp6_addrconf_managed ? 1131 IF_RA_MANAGED : 0) | 1132 (ra_msg->icmph.icmp6_addrconf_other ? 1133 IF_RA_OTHERCONF : 0); 1134 1135 if (!in6_dev->cnf.accept_ra_defrtr) 1136 goto skip_defrtr; 1137 1138 if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0)) 1139 goto skip_defrtr; 1140 1141 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime); 1142 1143#ifdef CONFIG_IPV6_ROUTER_PREF 1144 pref = ra_msg->icmph.icmp6_router_pref; 1145 /* 10b is handled as if it were 00b (medium) */ 1146 if (pref == ICMPV6_ROUTER_PREF_INVALID || 1147 !in6_dev->cnf.accept_ra_rtr_pref) 1148 pref = ICMPV6_ROUTER_PREF_MEDIUM; 1149#endif 1150 1151 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev); 1152 1153 if (rt) { 1154 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr); 1155 if (!neigh) { 1156 ND_PRINTK(0, err, 1157 "RA: %s got default router without neighbour\n", 1158 __func__); 1159 ip6_rt_put(rt); 1160 return; 1161 } 1162 } 1163 if (rt && lifetime == 0) { 1164 ip6_del_rt(rt); 1165 rt = NULL; 1166 } 1167 1168 if (rt == NULL && lifetime) { 1169 ND_PRINTK(3, dbg, "RA: adding default router\n"); 1170 1171 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref); 1172 if (rt == NULL) { 1173 ND_PRINTK(0, err, 1174 "RA: %s failed to add default route\n", 1175 __func__); 1176 return; 1177 } 1178 1179 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr); 1180 if (neigh == NULL) { 1181 ND_PRINTK(0, err, 1182 "RA: %s got default router without neighbour\n", 1183 __func__); 1184 ip6_rt_put(rt); 1185 return; 1186 } 1187 neigh->flags |= NTF_ROUTER; 1188 } else if (rt) { 1189 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref); 1190 } 1191 1192 if (rt) 1193 rt6_set_expires(rt, jiffies + (HZ * lifetime)); 1194 if (ra_msg->icmph.icmp6_hop_limit) { 1195 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit; 1196 if (rt) 1197 dst_metric_set(&rt->dst, RTAX_HOPLIMIT, 1198 ra_msg->icmph.icmp6_hop_limit); 1199 } 1200 1201skip_defrtr: 1202 1203 /* 1204 * Update Reachable Time and Retrans Timer 1205 */ 1206 1207 if (in6_dev->nd_parms) { 1208 unsigned long rtime = ntohl(ra_msg->retrans_timer); 1209 1210 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) { 1211 rtime = (rtime*HZ)/1000; 1212 if (rtime < HZ/10) 1213 rtime = HZ/10; 1214 in6_dev->nd_parms->retrans_time = rtime; 1215 in6_dev->tstamp = jiffies; 1216 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev); 1217 } 1218 1219 rtime = ntohl(ra_msg->reachable_time); 1220 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) { 1221 rtime = (rtime*HZ)/1000; 1222 1223 if (rtime < HZ/10) 1224 rtime = HZ/10; 1225 1226 if (rtime != in6_dev->nd_parms->base_reachable_time) { 1227 in6_dev->nd_parms->base_reachable_time = rtime; 1228 in6_dev->nd_parms->gc_staletime = 3 * rtime; 1229 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime); 1230 in6_dev->tstamp = jiffies; 1231 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev); 1232 } 1233 } 1234 } 1235 1236skip_linkparms: 1237 1238 /* 1239 * Process options. 1240 */ 1241 1242 if (!neigh) 1243 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr, 1244 skb->dev, 1); 1245 if (neigh) { 1246 u8 *lladdr = NULL; 1247 if (ndopts.nd_opts_src_lladdr) { 1248 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, 1249 skb->dev); 1250 if (!lladdr) { 1251 ND_PRINTK(2, warn, 1252 "RA: invalid link-layer address length\n"); 1253 goto out; 1254 } 1255 } 1256 neigh_update(neigh, lladdr, NUD_STALE, 1257 NEIGH_UPDATE_F_WEAK_OVERRIDE| 1258 NEIGH_UPDATE_F_OVERRIDE| 1259 NEIGH_UPDATE_F_OVERRIDE_ISROUTER| 1260 NEIGH_UPDATE_F_ISROUTER); 1261 } 1262 1263 if (!ipv6_accept_ra(in6_dev)) 1264 goto out; 1265 1266#ifdef CONFIG_IPV6_ROUTE_INFO 1267 if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0)) 1268 goto skip_routeinfo; 1269 1270 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) { 1271 struct nd_opt_hdr *p; 1272 for (p = ndopts.nd_opts_ri; 1273 p; 1274 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) { 1275 struct route_info *ri = (struct route_info *)p; 1276#ifdef CONFIG_IPV6_NDISC_NODETYPE 1277 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT && 1278 ri->prefix_len == 0) 1279 continue; 1280#endif 1281 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen) 1282 continue; 1283 rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3, 1284 &ipv6_hdr(skb)->saddr); 1285 } 1286 } 1287 1288skip_routeinfo: 1289#endif 1290 1291#ifdef CONFIG_IPV6_NDISC_NODETYPE 1292 /* skip link-specific ndopts from interior routers */ 1293 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) 1294 goto out; 1295#endif 1296 1297 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) { 1298 struct nd_opt_hdr *p; 1299 for (p = ndopts.nd_opts_pi; 1300 p; 1301 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) { 1302 addrconf_prefix_rcv(skb->dev, (u8 *)p, 1303 (p->nd_opt_len) << 3, 1304 ndopts.nd_opts_src_lladdr != NULL); 1305 } 1306 } 1307 1308 if (ndopts.nd_opts_mtu) { 1309 __be32 n; 1310 u32 mtu; 1311 1312 memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu)); 1313 mtu = ntohl(n); 1314 1315 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) { 1316 ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu); 1317 } else if (in6_dev->cnf.mtu6 != mtu) { 1318 in6_dev->cnf.mtu6 = mtu; 1319 1320 if (rt) 1321 dst_metric_set(&rt->dst, RTAX_MTU, mtu); 1322 1323 rt6_mtu_change(skb->dev, mtu); 1324 } 1325 } 1326 1327 if (ndopts.nd_useropts) { 1328 struct nd_opt_hdr *p; 1329 for (p = ndopts.nd_useropts; 1330 p; 1331 p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) { 1332 ndisc_ra_useropt(skb, p); 1333 } 1334 } 1335 1336 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) { 1337 ND_PRINTK(2, warn, "RA: invalid RA options\n"); 1338 } 1339out: 1340 ip6_rt_put(rt); 1341 if (neigh) 1342 neigh_release(neigh); 1343} 1344 1345static void ndisc_redirect_rcv(struct sk_buff *skb) 1346{ 1347 u8 *hdr; 1348 struct ndisc_options ndopts; 1349 struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb); 1350 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) + 1351 offsetof(struct rd_msg, opt)); 1352 1353#ifdef CONFIG_IPV6_NDISC_NODETYPE 1354 switch (skb->ndisc_nodetype) { 1355 case NDISC_NODETYPE_HOST: 1356 case NDISC_NODETYPE_NODEFAULT: 1357 ND_PRINTK(2, warn, 1358 "Redirect: from host or unauthorized router\n"); 1359 return; 1360 } 1361#endif 1362 1363 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) { 1364 ND_PRINTK(2, warn, 1365 "Redirect: source address is not link-local\n"); 1366 return; 1367 } 1368 1369 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) 1370 return; 1371 1372 if (!ndopts.nd_opts_rh) { 1373 ip6_redirect_no_header(skb, dev_net(skb->dev), 0, 0); 1374 return; 1375 } 1376 1377 hdr = (u8 *)ndopts.nd_opts_rh; 1378 hdr += 8; 1379 if (!pskb_pull(skb, hdr - skb_transport_header(skb))) 1380 return; 1381 1382 icmpv6_notify(skb, NDISC_REDIRECT, 0, 0); 1383} 1384 1385static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb, 1386 struct sk_buff *orig_skb, 1387 int rd_len) 1388{ 1389 u8 *opt = skb_put(skb, rd_len); 1390 1391 memset(opt, 0, 8); 1392 *(opt++) = ND_OPT_REDIRECT_HDR; 1393 *(opt++) = (rd_len >> 3); 1394 opt += 6; 1395 1396 memcpy(opt, ipv6_hdr(orig_skb), rd_len - 8); 1397} 1398 1399void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target) 1400{ 1401 struct net_device *dev = skb->dev; 1402 struct net *net = dev_net(dev); 1403 struct sock *sk = net->ipv6.ndisc_sk; 1404 int optlen = 0; 1405 struct inet_peer *peer; 1406 struct sk_buff *buff; 1407 struct rd_msg *msg; 1408 struct in6_addr saddr_buf; 1409 struct rt6_info *rt; 1410 struct dst_entry *dst; 1411 struct flowi6 fl6; 1412 int rd_len; 1413 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL; 1414 bool ret; 1415 1416 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) { 1417 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n", 1418 dev->name); 1419 return; 1420 } 1421 1422 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) && 1423 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) { 1424 ND_PRINTK(2, warn, 1425 "Redirect: target address is not link-local unicast\n"); 1426 return; 1427 } 1428 1429 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT, 1430 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex); 1431 1432 dst = ip6_route_output(net, NULL, &fl6); 1433 if (dst->error) { 1434 dst_release(dst); 1435 return; 1436 } 1437 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0); 1438 if (IS_ERR(dst)) 1439 return; 1440 1441 rt = (struct rt6_info *) dst; 1442 1443 if (rt->rt6i_flags & RTF_GATEWAY) { 1444 ND_PRINTK(2, warn, 1445 "Redirect: destination is not a neighbour\n"); 1446 goto release; 1447 } 1448 peer = inet_getpeer_v6(net->ipv6.peers, &rt->rt6i_dst.addr, 1); 1449 ret = inet_peer_xrlim_allow(peer, 1*HZ); 1450 if (peer) 1451 inet_putpeer(peer); 1452 if (!ret) 1453 goto release; 1454 1455 if (dev->addr_len) { 1456 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target); 1457 if (!neigh) { 1458 ND_PRINTK(2, warn, 1459 "Redirect: no neigh for target address\n"); 1460 goto release; 1461 } 1462 1463 read_lock_bh(&neigh->lock); 1464 if (neigh->nud_state & NUD_VALID) { 1465 memcpy(ha_buf, neigh->ha, dev->addr_len); 1466 read_unlock_bh(&neigh->lock); 1467 ha = ha_buf; 1468 optlen += ndisc_opt_addr_space(dev); 1469 } else 1470 read_unlock_bh(&neigh->lock); 1471 1472 neigh_release(neigh); 1473 } 1474 1475 rd_len = min_t(unsigned int, 1476 IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen, 1477 skb->len + 8); 1478 rd_len &= ~0x7; 1479 optlen += rd_len; 1480 1481 buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen); 1482 if (!buff) 1483 goto release; 1484 1485 msg = (struct rd_msg *)skb_put(buff, sizeof(*msg)); 1486 *msg = (struct rd_msg) { 1487 .icmph = { 1488 .icmp6_type = NDISC_REDIRECT, 1489 }, 1490 .target = *target, 1491 .dest = ipv6_hdr(skb)->daddr, 1492 }; 1493 1494 /* 1495 * include target_address option 1496 */ 1497 1498 if (ha) 1499 ndisc_fill_addr_option(buff, ND_OPT_TARGET_LL_ADDR, ha); 1500 1501 /* 1502 * build redirect option and copy skb over to the new packet. 1503 */ 1504 1505 if (rd_len) 1506 ndisc_fill_redirect_hdr_option(buff, skb, rd_len); 1507 1508 skb_dst_set(buff, dst); 1509 ndisc_send_skb(buff, &ipv6_hdr(skb)->saddr, &saddr_buf); 1510 return; 1511 1512release: 1513 dst_release(dst); 1514} 1515 1516static void pndisc_redo(struct sk_buff *skb) 1517{ 1518 ndisc_recv_ns(skb); 1519 kfree_skb(skb); 1520} 1521 1522static bool ndisc_suppress_frag_ndisc(struct sk_buff *skb) 1523{ 1524 struct inet6_dev *idev = __in6_dev_get(skb->dev); 1525 1526 if (!idev) 1527 return true; 1528 if (IP6CB(skb)->flags & IP6SKB_FRAGMENTED && 1529 idev->cnf.suppress_frag_ndisc) { 1530 net_warn_ratelimited("Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.\n"); 1531 return true; 1532 } 1533 return false; 1534} 1535 1536int ndisc_rcv(struct sk_buff *skb) 1537{ 1538 struct nd_msg *msg; 1539 1540 if (ndisc_suppress_frag_ndisc(skb)) 1541 return 0; 1542 1543 if (skb_linearize(skb)) 1544 return 0; 1545 1546 msg = (struct nd_msg *)skb_transport_header(skb); 1547 1548 __skb_push(skb, skb->data - skb_transport_header(skb)); 1549 1550 if (ipv6_hdr(skb)->hop_limit != 255) { 1551 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n", 1552 ipv6_hdr(skb)->hop_limit); 1553 return 0; 1554 } 1555 1556 if (msg->icmph.icmp6_code != 0) { 1557 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n", 1558 msg->icmph.icmp6_code); 1559 return 0; 1560 } 1561 1562 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb)); 1563 1564 switch (msg->icmph.icmp6_type) { 1565 case NDISC_NEIGHBOUR_SOLICITATION: 1566 ndisc_recv_ns(skb); 1567 break; 1568 1569 case NDISC_NEIGHBOUR_ADVERTISEMENT: 1570 ndisc_recv_na(skb); 1571 break; 1572 1573 case NDISC_ROUTER_SOLICITATION: 1574 ndisc_recv_rs(skb); 1575 break; 1576 1577 case NDISC_ROUTER_ADVERTISEMENT: 1578 ndisc_router_discovery(skb); 1579 break; 1580 1581 case NDISC_REDIRECT: 1582 ndisc_redirect_rcv(skb); 1583 break; 1584 } 1585 1586 return 0; 1587} 1588 1589static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr) 1590{ 1591 struct net_device *dev = netdev_notifier_info_to_dev(ptr); 1592 struct net *net = dev_net(dev); 1593 struct inet6_dev *idev; 1594 1595 switch (event) { 1596 case NETDEV_CHANGEADDR: 1597 neigh_changeaddr(&nd_tbl, dev); 1598 fib6_run_gc(0, net, false); 1599 idev = in6_dev_get(dev); 1600 if (!idev) 1601 break; 1602 if (idev->cnf.ndisc_notify) 1603 ndisc_send_unsol_na(dev); 1604 in6_dev_put(idev); 1605 break; 1606 case NETDEV_DOWN: 1607 neigh_ifdown(&nd_tbl, dev); 1608 fib6_run_gc(0, net, false); 1609 break; 1610 case NETDEV_NOTIFY_PEERS: 1611 ndisc_send_unsol_na(dev); 1612 break; 1613 default: 1614 break; 1615 } 1616 1617 return NOTIFY_DONE; 1618} 1619 1620static struct notifier_block ndisc_netdev_notifier = { 1621 .notifier_call = ndisc_netdev_event, 1622}; 1623 1624#ifdef CONFIG_SYSCTL 1625static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl, 1626 const char *func, const char *dev_name) 1627{ 1628 static char warncomm[TASK_COMM_LEN]; 1629 static int warned; 1630 if (strcmp(warncomm, current->comm) && warned < 5) { 1631 strcpy(warncomm, current->comm); 1632 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n", 1633 warncomm, func, 1634 dev_name, ctl->procname, 1635 dev_name, ctl->procname); 1636 warned++; 1637 } 1638} 1639 1640int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos) 1641{ 1642 struct net_device *dev = ctl->extra1; 1643 struct inet6_dev *idev; 1644 int ret; 1645 1646 if ((strcmp(ctl->procname, "retrans_time") == 0) || 1647 (strcmp(ctl->procname, "base_reachable_time") == 0)) 1648 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default"); 1649 1650 if (strcmp(ctl->procname, "retrans_time") == 0) 1651 ret = proc_dointvec(ctl, write, buffer, lenp, ppos); 1652 1653 else if (strcmp(ctl->procname, "base_reachable_time") == 0) 1654 ret = proc_dointvec_jiffies(ctl, write, 1655 buffer, lenp, ppos); 1656 1657 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) || 1658 (strcmp(ctl->procname, "base_reachable_time_ms") == 0)) 1659 ret = proc_dointvec_ms_jiffies(ctl, write, 1660 buffer, lenp, ppos); 1661 else 1662 ret = -1; 1663 1664 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) { 1665 if (ctl->data == &idev->nd_parms->base_reachable_time) 1666 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time); 1667 idev->tstamp = jiffies; 1668 inet6_ifinfo_notify(RTM_NEWLINK, idev); 1669 in6_dev_put(idev); 1670 } 1671 return ret; 1672} 1673 1674 1675#endif 1676 1677static int __net_init ndisc_net_init(struct net *net) 1678{ 1679 struct ipv6_pinfo *np; 1680 struct sock *sk; 1681 int err; 1682 1683 err = inet_ctl_sock_create(&sk, PF_INET6, 1684 SOCK_RAW, IPPROTO_ICMPV6, net); 1685 if (err < 0) { 1686 ND_PRINTK(0, err, 1687 "NDISC: Failed to initialize the control socket (err %d)\n", 1688 err); 1689 return err; 1690 } 1691 1692 net->ipv6.ndisc_sk = sk; 1693 1694 np = inet6_sk(sk); 1695 np->hop_limit = 255; 1696 /* Do not loopback ndisc messages */ 1697 np->mc_loop = 0; 1698 1699 return 0; 1700} 1701 1702static void __net_exit ndisc_net_exit(struct net *net) 1703{ 1704 inet_ctl_sock_destroy(net->ipv6.ndisc_sk); 1705} 1706 1707static struct pernet_operations ndisc_net_ops = { 1708 .init = ndisc_net_init, 1709 .exit = ndisc_net_exit, 1710}; 1711 1712int __init ndisc_init(void) 1713{ 1714 int err; 1715 1716 err = register_pernet_subsys(&ndisc_net_ops); 1717 if (err) 1718 return err; 1719 /* 1720 * Initialize the neighbour table 1721 */ 1722 neigh_table_init(&nd_tbl); 1723 1724#ifdef CONFIG_SYSCTL 1725 err = neigh_sysctl_register(NULL, &nd_tbl.parms, "ipv6", 1726 &ndisc_ifinfo_sysctl_change); 1727 if (err) 1728 goto out_unregister_pernet; 1729#endif 1730 err = register_netdevice_notifier(&ndisc_netdev_notifier); 1731 if (err) 1732 goto out_unregister_sysctl; 1733out: 1734 return err; 1735 1736out_unregister_sysctl: 1737#ifdef CONFIG_SYSCTL 1738 neigh_sysctl_unregister(&nd_tbl.parms); 1739out_unregister_pernet: 1740#endif 1741 unregister_pernet_subsys(&ndisc_net_ops); 1742 goto out; 1743} 1744 1745void ndisc_cleanup(void) 1746{ 1747 unregister_netdevice_notifier(&ndisc_netdev_notifier); 1748#ifdef CONFIG_SYSCTL 1749 neigh_sysctl_unregister(&nd_tbl.parms); 1750#endif 1751 neigh_table_clear(&nd_tbl); 1752 unregister_pernet_subsys(&ndisc_net_ops); 1753} 1754