ndisc.c revision d1f8297a96b0d70f17704296a6666468f2087ce6
1/* 2 * Neighbour Discovery for IPv6 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * Mike Shaver <shaver@ingenia.com> 8 * 9 * This program is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU General Public License 11 * as published by the Free Software Foundation; either version 12 * 2 of the License, or (at your option) any later version. 13 */ 14 15/* 16 * Changes: 17 * 18 * Pierre Ynard : export userland ND options 19 * through netlink (RDNSS support) 20 * Lars Fenneberg : fixed MTU setting on receipt 21 * of an RA. 22 * Janos Farkas : kmalloc failure checks 23 * Alexey Kuznetsov : state machine reworked 24 * and moved to net/core. 25 * Pekka Savola : RFC2461 validation 26 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly 27 */ 28 29/* Set to 3 to get tracing... */ 30#define ND_DEBUG 1 31 32#define ND_PRINTK(fmt, args...) do { if (net_ratelimit()) { printk(fmt, ## args); } } while(0) 33#define ND_NOPRINTK(x...) do { ; } while(0) 34#define ND_PRINTK0 ND_PRINTK 35#define ND_PRINTK1 ND_NOPRINTK 36#define ND_PRINTK2 ND_NOPRINTK 37#define ND_PRINTK3 ND_NOPRINTK 38#if ND_DEBUG >= 1 39#undef ND_PRINTK1 40#define ND_PRINTK1 ND_PRINTK 41#endif 42#if ND_DEBUG >= 2 43#undef ND_PRINTK2 44#define ND_PRINTK2 ND_PRINTK 45#endif 46#if ND_DEBUG >= 3 47#undef ND_PRINTK3 48#define ND_PRINTK3 ND_PRINTK 49#endif 50 51#include <linux/module.h> 52#include <linux/errno.h> 53#include <linux/types.h> 54#include <linux/socket.h> 55#include <linux/sockios.h> 56#include <linux/sched.h> 57#include <linux/net.h> 58#include <linux/in6.h> 59#include <linux/route.h> 60#include <linux/init.h> 61#include <linux/rcupdate.h> 62#ifdef CONFIG_SYSCTL 63#include <linux/sysctl.h> 64#endif 65 66#include <linux/if_addr.h> 67#include <linux/if_arp.h> 68#include <linux/ipv6.h> 69#include <linux/icmpv6.h> 70#include <linux/jhash.h> 71 72#include <net/sock.h> 73#include <net/snmp.h> 74 75#include <net/ipv6.h> 76#include <net/protocol.h> 77#include <net/ndisc.h> 78#include <net/ip6_route.h> 79#include <net/addrconf.h> 80#include <net/icmp.h> 81 82#include <net/netlink.h> 83#include <linux/rtnetlink.h> 84 85#include <net/flow.h> 86#include <net/ip6_checksum.h> 87#include <net/inet_common.h> 88#include <linux/proc_fs.h> 89 90#include <linux/netfilter.h> 91#include <linux/netfilter_ipv6.h> 92 93static u32 ndisc_hash(const void *pkey, const struct net_device *dev); 94static int ndisc_constructor(struct neighbour *neigh); 95static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb); 96static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb); 97static int pndisc_constructor(struct pneigh_entry *n); 98static void pndisc_destructor(struct pneigh_entry *n); 99static void pndisc_redo(struct sk_buff *skb); 100 101static const struct neigh_ops ndisc_generic_ops = { 102 .family = AF_INET6, 103 .solicit = ndisc_solicit, 104 .error_report = ndisc_error_report, 105 .output = neigh_resolve_output, 106 .connected_output = neigh_connected_output, 107 .hh_output = dev_queue_xmit, 108 .queue_xmit = dev_queue_xmit, 109}; 110 111static const struct neigh_ops ndisc_hh_ops = { 112 .family = AF_INET6, 113 .solicit = ndisc_solicit, 114 .error_report = ndisc_error_report, 115 .output = neigh_resolve_output, 116 .connected_output = neigh_resolve_output, 117 .hh_output = dev_queue_xmit, 118 .queue_xmit = dev_queue_xmit, 119}; 120 121 122static const struct neigh_ops ndisc_direct_ops = { 123 .family = AF_INET6, 124 .output = dev_queue_xmit, 125 .connected_output = dev_queue_xmit, 126 .hh_output = dev_queue_xmit, 127 .queue_xmit = dev_queue_xmit, 128}; 129 130struct neigh_table nd_tbl = { 131 .family = AF_INET6, 132 .entry_size = sizeof(struct neighbour) + sizeof(struct in6_addr), 133 .key_len = sizeof(struct in6_addr), 134 .hash = ndisc_hash, 135 .constructor = ndisc_constructor, 136 .pconstructor = pndisc_constructor, 137 .pdestructor = pndisc_destructor, 138 .proxy_redo = pndisc_redo, 139 .id = "ndisc_cache", 140 .parms = { 141 .tbl = &nd_tbl, 142 .base_reachable_time = 30 * HZ, 143 .retrans_time = 1 * HZ, 144 .gc_staletime = 60 * HZ, 145 .reachable_time = 30 * HZ, 146 .delay_probe_time = 5 * HZ, 147 .queue_len = 3, 148 .ucast_probes = 3, 149 .mcast_probes = 3, 150 .anycast_delay = 1 * HZ, 151 .proxy_delay = (8 * HZ) / 10, 152 .proxy_qlen = 64, 153 }, 154 .gc_interval = 30 * HZ, 155 .gc_thresh1 = 128, 156 .gc_thresh2 = 512, 157 .gc_thresh3 = 1024, 158}; 159 160/* ND options */ 161struct ndisc_options { 162 struct nd_opt_hdr *nd_opt_array[__ND_OPT_ARRAY_MAX]; 163#ifdef CONFIG_IPV6_ROUTE_INFO 164 struct nd_opt_hdr *nd_opts_ri; 165 struct nd_opt_hdr *nd_opts_ri_end; 166#endif 167 struct nd_opt_hdr *nd_useropts; 168 struct nd_opt_hdr *nd_useropts_end; 169}; 170 171#define nd_opts_src_lladdr nd_opt_array[ND_OPT_SOURCE_LL_ADDR] 172#define nd_opts_tgt_lladdr nd_opt_array[ND_OPT_TARGET_LL_ADDR] 173#define nd_opts_pi nd_opt_array[ND_OPT_PREFIX_INFO] 174#define nd_opts_pi_end nd_opt_array[__ND_OPT_PREFIX_INFO_END] 175#define nd_opts_rh nd_opt_array[ND_OPT_REDIRECT_HDR] 176#define nd_opts_mtu nd_opt_array[ND_OPT_MTU] 177 178#define NDISC_OPT_SPACE(len) (((len)+2+7)&~7) 179 180/* 181 * Return the padding between the option length and the start of the 182 * link addr. Currently only IP-over-InfiniBand needs this, although 183 * if RFC 3831 IPv6-over-Fibre Channel is ever implemented it may 184 * also need a pad of 2. 185 */ 186static int ndisc_addr_option_pad(unsigned short type) 187{ 188 switch (type) { 189 case ARPHRD_INFINIBAND: return 2; 190 default: return 0; 191 } 192} 193 194static inline int ndisc_opt_addr_space(struct net_device *dev) 195{ 196 return NDISC_OPT_SPACE(dev->addr_len + ndisc_addr_option_pad(dev->type)); 197} 198 199static u8 *ndisc_fill_addr_option(u8 *opt, int type, void *data, int data_len, 200 unsigned short addr_type) 201{ 202 int space = NDISC_OPT_SPACE(data_len); 203 int pad = ndisc_addr_option_pad(addr_type); 204 205 opt[0] = type; 206 opt[1] = space>>3; 207 208 memset(opt + 2, 0, pad); 209 opt += pad; 210 space -= pad; 211 212 memcpy(opt+2, data, data_len); 213 data_len += 2; 214 opt += data_len; 215 if ((space -= data_len) > 0) 216 memset(opt, 0, space); 217 return opt + space; 218} 219 220static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur, 221 struct nd_opt_hdr *end) 222{ 223 int type; 224 if (!cur || !end || cur >= end) 225 return NULL; 226 type = cur->nd_opt_type; 227 do { 228 cur = ((void *)cur) + (cur->nd_opt_len << 3); 229 } while(cur < end && cur->nd_opt_type != type); 230 return (cur <= end && cur->nd_opt_type == type ? cur : NULL); 231} 232 233static inline int ndisc_is_useropt(struct nd_opt_hdr *opt) 234{ 235 return (opt->nd_opt_type == ND_OPT_RDNSS); 236} 237 238static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur, 239 struct nd_opt_hdr *end) 240{ 241 if (!cur || !end || cur >= end) 242 return NULL; 243 do { 244 cur = ((void *)cur) + (cur->nd_opt_len << 3); 245 } while(cur < end && !ndisc_is_useropt(cur)); 246 return (cur <= end && ndisc_is_useropt(cur) ? cur : NULL); 247} 248 249static struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len, 250 struct ndisc_options *ndopts) 251{ 252 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt; 253 254 if (!nd_opt || opt_len < 0 || !ndopts) 255 return NULL; 256 memset(ndopts, 0, sizeof(*ndopts)); 257 while (opt_len) { 258 int l; 259 if (opt_len < sizeof(struct nd_opt_hdr)) 260 return NULL; 261 l = nd_opt->nd_opt_len << 3; 262 if (opt_len < l || l == 0) 263 return NULL; 264 switch (nd_opt->nd_opt_type) { 265 case ND_OPT_SOURCE_LL_ADDR: 266 case ND_OPT_TARGET_LL_ADDR: 267 case ND_OPT_MTU: 268 case ND_OPT_REDIRECT_HDR: 269 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) { 270 ND_PRINTK2(KERN_WARNING 271 "%s(): duplicated ND6 option found: type=%d\n", 272 __func__, 273 nd_opt->nd_opt_type); 274 } else { 275 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 276 } 277 break; 278 case ND_OPT_PREFIX_INFO: 279 ndopts->nd_opts_pi_end = nd_opt; 280 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type]) 281 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 282 break; 283#ifdef CONFIG_IPV6_ROUTE_INFO 284 case ND_OPT_ROUTE_INFO: 285 ndopts->nd_opts_ri_end = nd_opt; 286 if (!ndopts->nd_opts_ri) 287 ndopts->nd_opts_ri = nd_opt; 288 break; 289#endif 290 default: 291 if (ndisc_is_useropt(nd_opt)) { 292 ndopts->nd_useropts_end = nd_opt; 293 if (!ndopts->nd_useropts) 294 ndopts->nd_useropts = nd_opt; 295 } else { 296 /* 297 * Unknown options must be silently ignored, 298 * to accommodate future extension to the 299 * protocol. 300 */ 301 ND_PRINTK2(KERN_NOTICE 302 "%s(): ignored unsupported option; type=%d, len=%d\n", 303 __func__, 304 nd_opt->nd_opt_type, nd_opt->nd_opt_len); 305 } 306 } 307 opt_len -= l; 308 nd_opt = ((void *)nd_opt) + l; 309 } 310 return ndopts; 311} 312 313static inline u8 *ndisc_opt_addr_data(struct nd_opt_hdr *p, 314 struct net_device *dev) 315{ 316 u8 *lladdr = (u8 *)(p + 1); 317 int lladdrlen = p->nd_opt_len << 3; 318 int prepad = ndisc_addr_option_pad(dev->type); 319 if (lladdrlen != NDISC_OPT_SPACE(dev->addr_len + prepad)) 320 return NULL; 321 return (lladdr + prepad); 322} 323 324int ndisc_mc_map(struct in6_addr *addr, char *buf, struct net_device *dev, int dir) 325{ 326 switch (dev->type) { 327 case ARPHRD_ETHER: 328 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */ 329 case ARPHRD_FDDI: 330 ipv6_eth_mc_map(addr, buf); 331 return 0; 332 case ARPHRD_IEEE802_TR: 333 ipv6_tr_mc_map(addr,buf); 334 return 0; 335 case ARPHRD_ARCNET: 336 ipv6_arcnet_mc_map(addr, buf); 337 return 0; 338 case ARPHRD_INFINIBAND: 339 ipv6_ib_mc_map(addr, dev->broadcast, buf); 340 return 0; 341 default: 342 if (dir) { 343 memcpy(buf, dev->broadcast, dev->addr_len); 344 return 0; 345 } 346 } 347 return -EINVAL; 348} 349 350EXPORT_SYMBOL(ndisc_mc_map); 351 352static u32 ndisc_hash(const void *pkey, const struct net_device *dev) 353{ 354 const u32 *p32 = pkey; 355 u32 addr_hash, i; 356 357 addr_hash = 0; 358 for (i = 0; i < (sizeof(struct in6_addr) / sizeof(u32)); i++) 359 addr_hash ^= *p32++; 360 361 return jhash_2words(addr_hash, dev->ifindex, nd_tbl.hash_rnd); 362} 363 364static int ndisc_constructor(struct neighbour *neigh) 365{ 366 struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key; 367 struct net_device *dev = neigh->dev; 368 struct inet6_dev *in6_dev; 369 struct neigh_parms *parms; 370 int is_multicast = ipv6_addr_is_multicast(addr); 371 372 rcu_read_lock(); 373 in6_dev = in6_dev_get(dev); 374 if (in6_dev == NULL) { 375 rcu_read_unlock(); 376 return -EINVAL; 377 } 378 379 parms = in6_dev->nd_parms; 380 __neigh_parms_put(neigh->parms); 381 neigh->parms = neigh_parms_clone(parms); 382 rcu_read_unlock(); 383 384 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST; 385 if (!dev->header_ops) { 386 neigh->nud_state = NUD_NOARP; 387 neigh->ops = &ndisc_direct_ops; 388 neigh->output = neigh->ops->queue_xmit; 389 } else { 390 if (is_multicast) { 391 neigh->nud_state = NUD_NOARP; 392 ndisc_mc_map(addr, neigh->ha, dev, 1); 393 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) { 394 neigh->nud_state = NUD_NOARP; 395 memcpy(neigh->ha, dev->dev_addr, dev->addr_len); 396 if (dev->flags&IFF_LOOPBACK) 397 neigh->type = RTN_LOCAL; 398 } else if (dev->flags&IFF_POINTOPOINT) { 399 neigh->nud_state = NUD_NOARP; 400 memcpy(neigh->ha, dev->broadcast, dev->addr_len); 401 } 402 if (dev->header_ops->cache) 403 neigh->ops = &ndisc_hh_ops; 404 else 405 neigh->ops = &ndisc_generic_ops; 406 if (neigh->nud_state&NUD_VALID) 407 neigh->output = neigh->ops->connected_output; 408 else 409 neigh->output = neigh->ops->output; 410 } 411 in6_dev_put(in6_dev); 412 return 0; 413} 414 415static int pndisc_constructor(struct pneigh_entry *n) 416{ 417 struct in6_addr *addr = (struct in6_addr*)&n->key; 418 struct in6_addr maddr; 419 struct net_device *dev = n->dev; 420 421 if (dev == NULL || __in6_dev_get(dev) == NULL) 422 return -EINVAL; 423 addrconf_addr_solict_mult(addr, &maddr); 424 ipv6_dev_mc_inc(dev, &maddr); 425 return 0; 426} 427 428static void pndisc_destructor(struct pneigh_entry *n) 429{ 430 struct in6_addr *addr = (struct in6_addr*)&n->key; 431 struct in6_addr maddr; 432 struct net_device *dev = n->dev; 433 434 if (dev == NULL || __in6_dev_get(dev) == NULL) 435 return; 436 addrconf_addr_solict_mult(addr, &maddr); 437 ipv6_dev_mc_dec(dev, &maddr); 438} 439 440struct sk_buff *ndisc_build_skb(struct net_device *dev, 441 const struct in6_addr *daddr, 442 const struct in6_addr *saddr, 443 struct icmp6hdr *icmp6h, 444 const struct in6_addr *target, 445 int llinfo) 446{ 447 struct net *net = dev_net(dev); 448 struct sock *sk = net->ipv6.ndisc_sk; 449 struct sk_buff *skb; 450 struct icmp6hdr *hdr; 451 int len; 452 int err; 453 u8 *opt; 454 455 if (!dev->addr_len) 456 llinfo = 0; 457 458 len = sizeof(struct icmp6hdr) + (target ? sizeof(*target) : 0); 459 if (llinfo) 460 len += ndisc_opt_addr_space(dev); 461 462 skb = sock_alloc_send_skb(sk, 463 (MAX_HEADER + sizeof(struct ipv6hdr) + 464 len + LL_ALLOCATED_SPACE(dev)), 465 1, &err); 466 if (!skb) { 467 ND_PRINTK0(KERN_ERR 468 "ICMPv6 ND: %s() failed to allocate an skb, err=%d.\n", 469 __func__, err); 470 return NULL; 471 } 472 473 skb_reserve(skb, LL_RESERVED_SPACE(dev)); 474 ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len); 475 476 skb->transport_header = skb->tail; 477 skb_put(skb, len); 478 479 hdr = (struct icmp6hdr *)skb_transport_header(skb); 480 memcpy(hdr, icmp6h, sizeof(*hdr)); 481 482 opt = skb_transport_header(skb) + sizeof(struct icmp6hdr); 483 if (target) { 484 ipv6_addr_copy((struct in6_addr *)opt, target); 485 opt += sizeof(*target); 486 } 487 488 if (llinfo) 489 ndisc_fill_addr_option(opt, llinfo, dev->dev_addr, 490 dev->addr_len, dev->type); 491 492 hdr->icmp6_cksum = csum_ipv6_magic(saddr, daddr, len, 493 IPPROTO_ICMPV6, 494 csum_partial(hdr, 495 len, 0)); 496 497 return skb; 498} 499 500EXPORT_SYMBOL(ndisc_build_skb); 501 502void ndisc_send_skb(struct sk_buff *skb, 503 struct net_device *dev, 504 struct neighbour *neigh, 505 const struct in6_addr *daddr, 506 const struct in6_addr *saddr, 507 struct icmp6hdr *icmp6h) 508{ 509 struct flowi fl; 510 struct dst_entry *dst; 511 struct net *net = dev_net(dev); 512 struct sock *sk = net->ipv6.ndisc_sk; 513 struct inet6_dev *idev; 514 int err; 515 u8 type; 516 517 type = icmp6h->icmp6_type; 518 519 icmpv6_flow_init(sk, &fl, type, saddr, daddr, dev->ifindex); 520 521 dst = icmp6_dst_alloc(dev, neigh, daddr); 522 if (!dst) { 523 kfree_skb(skb); 524 return; 525 } 526 527 err = xfrm_lookup(net, &dst, &fl, NULL, 0); 528 if (err < 0) { 529 kfree_skb(skb); 530 return; 531 } 532 533 skb_dst_set(skb, dst); 534 535 idev = in6_dev_get(dst->dev); 536 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len); 537 538 err = NF_HOOK(PF_INET6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev, 539 dst_output); 540 if (!err) { 541 ICMP6MSGOUT_INC_STATS(net, idev, type); 542 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS); 543 } 544 545 if (likely(idev != NULL)) 546 in6_dev_put(idev); 547} 548 549EXPORT_SYMBOL(ndisc_send_skb); 550 551/* 552 * Send a Neighbour Discover packet 553 */ 554static void __ndisc_send(struct net_device *dev, 555 struct neighbour *neigh, 556 const struct in6_addr *daddr, 557 const struct in6_addr *saddr, 558 struct icmp6hdr *icmp6h, const struct in6_addr *target, 559 int llinfo) 560{ 561 struct sk_buff *skb; 562 563 skb = ndisc_build_skb(dev, daddr, saddr, icmp6h, target, llinfo); 564 if (!skb) 565 return; 566 567 ndisc_send_skb(skb, dev, neigh, daddr, saddr, icmp6h); 568} 569 570static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh, 571 const struct in6_addr *daddr, 572 const struct in6_addr *solicited_addr, 573 int router, int solicited, int override, int inc_opt) 574{ 575 struct in6_addr tmpaddr; 576 struct inet6_ifaddr *ifp; 577 const struct in6_addr *src_addr; 578 struct icmp6hdr icmp6h = { 579 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT, 580 }; 581 582 /* for anycast or proxy, solicited_addr != src_addr */ 583 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1); 584 if (ifp) { 585 src_addr = solicited_addr; 586 if (ifp->flags & IFA_F_OPTIMISTIC) 587 override = 0; 588 in6_ifa_put(ifp); 589 } else { 590 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr, 591 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs, 592 &tmpaddr)) 593 return; 594 src_addr = &tmpaddr; 595 } 596 597 icmp6h.icmp6_router = router; 598 icmp6h.icmp6_solicited = solicited; 599 icmp6h.icmp6_override = override; 600 601 __ndisc_send(dev, neigh, daddr, src_addr, 602 &icmp6h, solicited_addr, 603 inc_opt ? ND_OPT_TARGET_LL_ADDR : 0); 604} 605 606void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh, 607 const struct in6_addr *solicit, 608 const struct in6_addr *daddr, const struct in6_addr *saddr) 609{ 610 struct in6_addr addr_buf; 611 struct icmp6hdr icmp6h = { 612 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION, 613 }; 614 615 if (saddr == NULL) { 616 if (ipv6_get_lladdr(dev, &addr_buf, 617 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))) 618 return; 619 saddr = &addr_buf; 620 } 621 622 __ndisc_send(dev, neigh, daddr, saddr, 623 &icmp6h, solicit, 624 !ipv6_addr_any(saddr) ? ND_OPT_SOURCE_LL_ADDR : 0); 625} 626 627void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr, 628 const struct in6_addr *daddr) 629{ 630 struct icmp6hdr icmp6h = { 631 .icmp6_type = NDISC_ROUTER_SOLICITATION, 632 }; 633 int send_sllao = dev->addr_len; 634 635#ifdef CONFIG_IPV6_OPTIMISTIC_DAD 636 /* 637 * According to section 2.2 of RFC 4429, we must not 638 * send router solicitations with a sllao from 639 * optimistic addresses, but we may send the solicitation 640 * if we don't include the sllao. So here we check 641 * if our address is optimistic, and if so, we 642 * suppress the inclusion of the sllao. 643 */ 644 if (send_sllao) { 645 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr, 646 dev, 1); 647 if (ifp) { 648 if (ifp->flags & IFA_F_OPTIMISTIC) { 649 send_sllao = 0; 650 } 651 in6_ifa_put(ifp); 652 } else { 653 send_sllao = 0; 654 } 655 } 656#endif 657 __ndisc_send(dev, NULL, daddr, saddr, 658 &icmp6h, NULL, 659 send_sllao ? ND_OPT_SOURCE_LL_ADDR : 0); 660} 661 662 663static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb) 664{ 665 /* 666 * "The sender MUST return an ICMP 667 * destination unreachable" 668 */ 669 dst_link_failure(skb); 670 kfree_skb(skb); 671} 672 673/* Called with locked neigh: either read or both */ 674 675static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb) 676{ 677 struct in6_addr *saddr = NULL; 678 struct in6_addr mcaddr; 679 struct net_device *dev = neigh->dev; 680 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key; 681 int probes = atomic_read(&neigh->probes); 682 683 if (skb && ipv6_chk_addr(dev_net(dev), &ipv6_hdr(skb)->saddr, dev, 1)) 684 saddr = &ipv6_hdr(skb)->saddr; 685 686 if ((probes -= neigh->parms->ucast_probes) < 0) { 687 if (!(neigh->nud_state & NUD_VALID)) { 688 ND_PRINTK1(KERN_DEBUG "%s(): trying to ucast probe in NUD_INVALID: %pI6\n", 689 __func__, target); 690 } 691 ndisc_send_ns(dev, neigh, target, target, saddr); 692 } else if ((probes -= neigh->parms->app_probes) < 0) { 693#ifdef CONFIG_ARPD 694 neigh_app_ns(neigh); 695#endif 696 } else { 697 addrconf_addr_solict_mult(target, &mcaddr); 698 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr); 699 } 700} 701 702static int pndisc_is_router(const void *pkey, 703 struct net_device *dev) 704{ 705 struct pneigh_entry *n; 706 int ret = -1; 707 708 read_lock_bh(&nd_tbl.lock); 709 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev); 710 if (n) 711 ret = !!(n->flags & NTF_ROUTER); 712 read_unlock_bh(&nd_tbl.lock); 713 714 return ret; 715} 716 717static void ndisc_recv_ns(struct sk_buff *skb) 718{ 719 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb); 720 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 721 struct in6_addr *daddr = &ipv6_hdr(skb)->daddr; 722 u8 *lladdr = NULL; 723 u32 ndoptlen = skb->tail - (skb->transport_header + 724 offsetof(struct nd_msg, opt)); 725 struct ndisc_options ndopts; 726 struct net_device *dev = skb->dev; 727 struct inet6_ifaddr *ifp; 728 struct inet6_dev *idev = NULL; 729 struct neighbour *neigh; 730 int dad = ipv6_addr_any(saddr); 731 int inc; 732 int is_router = -1; 733 734 if (ipv6_addr_is_multicast(&msg->target)) { 735 ND_PRINTK2(KERN_WARNING 736 "ICMPv6 NS: multicast target address"); 737 return; 738 } 739 740 /* 741 * RFC2461 7.1.1: 742 * DAD has to be destined for solicited node multicast address. 743 */ 744 if (dad && 745 !(daddr->s6_addr32[0] == htonl(0xff020000) && 746 daddr->s6_addr32[1] == htonl(0x00000000) && 747 daddr->s6_addr32[2] == htonl(0x00000001) && 748 daddr->s6_addr [12] == 0xff )) { 749 ND_PRINTK2(KERN_WARNING 750 "ICMPv6 NS: bad DAD packet (wrong destination)\n"); 751 return; 752 } 753 754 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) { 755 ND_PRINTK2(KERN_WARNING 756 "ICMPv6 NS: invalid ND options\n"); 757 return; 758 } 759 760 if (ndopts.nd_opts_src_lladdr) { 761 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev); 762 if (!lladdr) { 763 ND_PRINTK2(KERN_WARNING 764 "ICMPv6 NS: invalid link-layer address length\n"); 765 return; 766 } 767 768 /* RFC2461 7.1.1: 769 * If the IP source address is the unspecified address, 770 * there MUST NOT be source link-layer address option 771 * in the message. 772 */ 773 if (dad) { 774 ND_PRINTK2(KERN_WARNING 775 "ICMPv6 NS: bad DAD packet (link-layer address option)\n"); 776 return; 777 } 778 } 779 780 inc = ipv6_addr_is_multicast(daddr); 781 782 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1); 783 if (ifp) { 784 785 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) { 786 if (dad) { 787 if (dev->type == ARPHRD_IEEE802_TR) { 788 const unsigned char *sadr; 789 sadr = skb_mac_header(skb); 790 if (((sadr[8] ^ dev->dev_addr[0]) & 0x7f) == 0 && 791 sadr[9] == dev->dev_addr[1] && 792 sadr[10] == dev->dev_addr[2] && 793 sadr[11] == dev->dev_addr[3] && 794 sadr[12] == dev->dev_addr[4] && 795 sadr[13] == dev->dev_addr[5]) { 796 /* looped-back to us */ 797 goto out; 798 } 799 } 800 801 /* 802 * We are colliding with another node 803 * who is doing DAD 804 * so fail our DAD process 805 */ 806 addrconf_dad_failure(ifp); 807 return; 808 } else { 809 /* 810 * This is not a dad solicitation. 811 * If we are an optimistic node, 812 * we should respond. 813 * Otherwise, we should ignore it. 814 */ 815 if (!(ifp->flags & IFA_F_OPTIMISTIC)) 816 goto out; 817 } 818 } 819 820 idev = ifp->idev; 821 } else { 822 struct net *net = dev_net(dev); 823 824 idev = in6_dev_get(dev); 825 if (!idev) { 826 /* XXX: count this drop? */ 827 return; 828 } 829 830 if (ipv6_chk_acast_addr(net, dev, &msg->target) || 831 (idev->cnf.forwarding && 832 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) && 833 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) { 834 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) && 835 skb->pkt_type != PACKET_HOST && 836 inc != 0 && 837 idev->nd_parms->proxy_delay != 0) { 838 /* 839 * for anycast or proxy, 840 * sender should delay its response 841 * by a random time between 0 and 842 * MAX_ANYCAST_DELAY_TIME seconds. 843 * (RFC2461) -- yoshfuji 844 */ 845 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC); 846 if (n) 847 pneigh_enqueue(&nd_tbl, idev->nd_parms, n); 848 goto out; 849 } 850 } else 851 goto out; 852 } 853 854 if (is_router < 0) 855 is_router = !!idev->cnf.forwarding; 856 857 if (dad) { 858 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &msg->target, 859 is_router, 0, (ifp != NULL), 1); 860 goto out; 861 } 862 863 if (inc) 864 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast); 865 else 866 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast); 867 868 /* 869 * update / create cache entry 870 * for the source address 871 */ 872 neigh = __neigh_lookup(&nd_tbl, saddr, dev, 873 !inc || lladdr || !dev->addr_len); 874 if (neigh) 875 neigh_update(neigh, lladdr, NUD_STALE, 876 NEIGH_UPDATE_F_WEAK_OVERRIDE| 877 NEIGH_UPDATE_F_OVERRIDE); 878 if (neigh || !dev->header_ops) { 879 ndisc_send_na(dev, neigh, saddr, &msg->target, 880 is_router, 881 1, (ifp != NULL && inc), inc); 882 if (neigh) 883 neigh_release(neigh); 884 } 885 886out: 887 if (ifp) 888 in6_ifa_put(ifp); 889 else 890 in6_dev_put(idev); 891 892 return; 893} 894 895static void ndisc_recv_na(struct sk_buff *skb) 896{ 897 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb); 898 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 899 struct in6_addr *daddr = &ipv6_hdr(skb)->daddr; 900 u8 *lladdr = NULL; 901 u32 ndoptlen = skb->tail - (skb->transport_header + 902 offsetof(struct nd_msg, opt)); 903 struct ndisc_options ndopts; 904 struct net_device *dev = skb->dev; 905 struct inet6_ifaddr *ifp; 906 struct neighbour *neigh; 907 908 if (skb->len < sizeof(struct nd_msg)) { 909 ND_PRINTK2(KERN_WARNING 910 "ICMPv6 NA: packet too short\n"); 911 return; 912 } 913 914 if (ipv6_addr_is_multicast(&msg->target)) { 915 ND_PRINTK2(KERN_WARNING 916 "ICMPv6 NA: target address is multicast.\n"); 917 return; 918 } 919 920 if (ipv6_addr_is_multicast(daddr) && 921 msg->icmph.icmp6_solicited) { 922 ND_PRINTK2(KERN_WARNING 923 "ICMPv6 NA: solicited NA is multicasted.\n"); 924 return; 925 } 926 927 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) { 928 ND_PRINTK2(KERN_WARNING 929 "ICMPv6 NS: invalid ND option\n"); 930 return; 931 } 932 if (ndopts.nd_opts_tgt_lladdr) { 933 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev); 934 if (!lladdr) { 935 ND_PRINTK2(KERN_WARNING 936 "ICMPv6 NA: invalid link-layer address length\n"); 937 return; 938 } 939 } 940 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1); 941 if (ifp) { 942 if (ifp->flags & IFA_F_TENTATIVE) { 943 addrconf_dad_failure(ifp); 944 return; 945 } 946 /* What should we make now? The advertisement 947 is invalid, but ndisc specs say nothing 948 about it. It could be misconfiguration, or 949 an smart proxy agent tries to help us :-) 950 951 We should not print the error if NA has been 952 received from loopback - it is just our own 953 unsolicited advertisement. 954 */ 955 if (skb->pkt_type != PACKET_LOOPBACK) 956 ND_PRINTK1(KERN_WARNING 957 "ICMPv6 NA: someone advertises our address %pI6 on %s!\n", 958 &ifp->addr, ifp->idev->dev->name); 959 in6_ifa_put(ifp); 960 return; 961 } 962 neigh = neigh_lookup(&nd_tbl, &msg->target, dev); 963 964 if (neigh) { 965 u8 old_flags = neigh->flags; 966 struct net *net = dev_net(dev); 967 968 if (neigh->nud_state & NUD_FAILED) 969 goto out; 970 971 /* 972 * Don't update the neighbor cache entry on a proxy NA from 973 * ourselves because either the proxied node is off link or it 974 * has already sent a NA to us. 975 */ 976 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) && 977 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp && 978 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) { 979 /* XXX: idev->cnf.prixy_ndp */ 980 goto out; 981 } 982 983 neigh_update(neigh, lladdr, 984 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE, 985 NEIGH_UPDATE_F_WEAK_OVERRIDE| 986 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)| 987 NEIGH_UPDATE_F_OVERRIDE_ISROUTER| 988 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0)); 989 990 if ((old_flags & ~neigh->flags) & NTF_ROUTER) { 991 /* 992 * Change: router to host 993 */ 994 struct rt6_info *rt; 995 rt = rt6_get_dflt_router(saddr, dev); 996 if (rt) 997 ip6_del_rt(rt); 998 } 999 1000out: 1001 neigh_release(neigh); 1002 } 1003} 1004 1005static void ndisc_recv_rs(struct sk_buff *skb) 1006{ 1007 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb); 1008 unsigned long ndoptlen = skb->len - sizeof(*rs_msg); 1009 struct neighbour *neigh; 1010 struct inet6_dev *idev; 1011 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 1012 struct ndisc_options ndopts; 1013 u8 *lladdr = NULL; 1014 1015 if (skb->len < sizeof(*rs_msg)) 1016 return; 1017 1018 idev = in6_dev_get(skb->dev); 1019 if (!idev) { 1020 if (net_ratelimit()) 1021 ND_PRINTK1("ICMP6 RS: can't find in6 device\n"); 1022 return; 1023 } 1024 1025 /* Don't accept RS if we're not in router mode */ 1026 if (!idev->cnf.forwarding) 1027 goto out; 1028 1029 /* 1030 * Don't update NCE if src = ::; 1031 * this implies that the source node has no ip address assigned yet. 1032 */ 1033 if (ipv6_addr_any(saddr)) 1034 goto out; 1035 1036 /* Parse ND options */ 1037 if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) { 1038 if (net_ratelimit()) 1039 ND_PRINTK2("ICMP6 NS: invalid ND option, ignored\n"); 1040 goto out; 1041 } 1042 1043 if (ndopts.nd_opts_src_lladdr) { 1044 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, 1045 skb->dev); 1046 if (!lladdr) 1047 goto out; 1048 } 1049 1050 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1); 1051 if (neigh) { 1052 neigh_update(neigh, lladdr, NUD_STALE, 1053 NEIGH_UPDATE_F_WEAK_OVERRIDE| 1054 NEIGH_UPDATE_F_OVERRIDE| 1055 NEIGH_UPDATE_F_OVERRIDE_ISROUTER); 1056 neigh_release(neigh); 1057 } 1058out: 1059 in6_dev_put(idev); 1060} 1061 1062static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt) 1063{ 1064 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra); 1065 struct sk_buff *skb; 1066 struct nlmsghdr *nlh; 1067 struct nduseroptmsg *ndmsg; 1068 struct net *net = dev_net(ra->dev); 1069 int err; 1070 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg) 1071 + (opt->nd_opt_len << 3)); 1072 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr)); 1073 1074 skb = nlmsg_new(msg_size, GFP_ATOMIC); 1075 if (skb == NULL) { 1076 err = -ENOBUFS; 1077 goto errout; 1078 } 1079 1080 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0); 1081 if (nlh == NULL) { 1082 goto nla_put_failure; 1083 } 1084 1085 ndmsg = nlmsg_data(nlh); 1086 ndmsg->nduseropt_family = AF_INET6; 1087 ndmsg->nduseropt_ifindex = ra->dev->ifindex; 1088 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type; 1089 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code; 1090 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3; 1091 1092 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3); 1093 1094 NLA_PUT(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr), 1095 &ipv6_hdr(ra)->saddr); 1096 nlmsg_end(skb, nlh); 1097 1098 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC); 1099 return; 1100 1101nla_put_failure: 1102 nlmsg_free(skb); 1103 err = -EMSGSIZE; 1104errout: 1105 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err); 1106} 1107 1108static void ndisc_router_discovery(struct sk_buff *skb) 1109{ 1110 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb); 1111 struct neighbour *neigh = NULL; 1112 struct inet6_dev *in6_dev; 1113 struct rt6_info *rt = NULL; 1114 int lifetime; 1115 struct ndisc_options ndopts; 1116 int optlen; 1117 unsigned int pref = 0; 1118 1119 __u8 * opt = (__u8 *)(ra_msg + 1); 1120 1121 optlen = (skb->tail - skb->transport_header) - sizeof(struct ra_msg); 1122 1123 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) { 1124 ND_PRINTK2(KERN_WARNING 1125 "ICMPv6 RA: source address is not link-local.\n"); 1126 return; 1127 } 1128 if (optlen < 0) { 1129 ND_PRINTK2(KERN_WARNING 1130 "ICMPv6 RA: packet too short\n"); 1131 return; 1132 } 1133 1134#ifdef CONFIG_IPV6_NDISC_NODETYPE 1135 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) { 1136 ND_PRINTK2(KERN_WARNING 1137 "ICMPv6 RA: from host or unauthorized router\n"); 1138 return; 1139 } 1140#endif 1141 1142 /* 1143 * set the RA_RECV flag in the interface 1144 */ 1145 1146 in6_dev = in6_dev_get(skb->dev); 1147 if (in6_dev == NULL) { 1148 ND_PRINTK0(KERN_ERR 1149 "ICMPv6 RA: can't find inet6 device for %s.\n", 1150 skb->dev->name); 1151 return; 1152 } 1153 1154 if (!ndisc_parse_options(opt, optlen, &ndopts)) { 1155 in6_dev_put(in6_dev); 1156 ND_PRINTK2(KERN_WARNING 1157 "ICMP6 RA: invalid ND options\n"); 1158 return; 1159 } 1160 1161 /* skip route and link configuration on routers */ 1162 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_ra) 1163 goto skip_linkparms; 1164 1165#ifdef CONFIG_IPV6_NDISC_NODETYPE 1166 /* skip link-specific parameters from interior routers */ 1167 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) 1168 goto skip_linkparms; 1169#endif 1170 1171 if (in6_dev->if_flags & IF_RS_SENT) { 1172 /* 1173 * flag that an RA was received after an RS was sent 1174 * out on this interface. 1175 */ 1176 in6_dev->if_flags |= IF_RA_RCVD; 1177 } 1178 1179 /* 1180 * Remember the managed/otherconf flags from most recently 1181 * received RA message (RFC 2462) -- yoshfuji 1182 */ 1183 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED | 1184 IF_RA_OTHERCONF)) | 1185 (ra_msg->icmph.icmp6_addrconf_managed ? 1186 IF_RA_MANAGED : 0) | 1187 (ra_msg->icmph.icmp6_addrconf_other ? 1188 IF_RA_OTHERCONF : 0); 1189 1190 if (!in6_dev->cnf.accept_ra_defrtr) 1191 goto skip_defrtr; 1192 1193 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime); 1194 1195#ifdef CONFIG_IPV6_ROUTER_PREF 1196 pref = ra_msg->icmph.icmp6_router_pref; 1197 /* 10b is handled as if it were 00b (medium) */ 1198 if (pref == ICMPV6_ROUTER_PREF_INVALID || 1199 !in6_dev->cnf.accept_ra_rtr_pref) 1200 pref = ICMPV6_ROUTER_PREF_MEDIUM; 1201#endif 1202 1203 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev); 1204 1205 if (rt) 1206 neigh = rt->rt6i_nexthop; 1207 1208 if (rt && lifetime == 0) { 1209 neigh_clone(neigh); 1210 ip6_del_rt(rt); 1211 rt = NULL; 1212 } 1213 1214 if (rt == NULL && lifetime) { 1215 ND_PRINTK3(KERN_DEBUG 1216 "ICMPv6 RA: adding default router.\n"); 1217 1218 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref); 1219 if (rt == NULL) { 1220 ND_PRINTK0(KERN_ERR 1221 "ICMPv6 RA: %s() failed to add default route.\n", 1222 __func__); 1223 in6_dev_put(in6_dev); 1224 return; 1225 } 1226 1227 neigh = rt->rt6i_nexthop; 1228 if (neigh == NULL) { 1229 ND_PRINTK0(KERN_ERR 1230 "ICMPv6 RA: %s() got default router without neighbour.\n", 1231 __func__); 1232 dst_release(&rt->u.dst); 1233 in6_dev_put(in6_dev); 1234 return; 1235 } 1236 neigh->flags |= NTF_ROUTER; 1237 } else if (rt) { 1238 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref); 1239 } 1240 1241 if (rt) 1242 rt->rt6i_expires = jiffies + (HZ * lifetime); 1243 1244 if (ra_msg->icmph.icmp6_hop_limit) { 1245 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit; 1246 if (rt) 1247 rt->u.dst.metrics[RTAX_HOPLIMIT-1] = ra_msg->icmph.icmp6_hop_limit; 1248 } 1249 1250skip_defrtr: 1251 1252 /* 1253 * Update Reachable Time and Retrans Timer 1254 */ 1255 1256 if (in6_dev->nd_parms) { 1257 unsigned long rtime = ntohl(ra_msg->retrans_timer); 1258 1259 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) { 1260 rtime = (rtime*HZ)/1000; 1261 if (rtime < HZ/10) 1262 rtime = HZ/10; 1263 in6_dev->nd_parms->retrans_time = rtime; 1264 in6_dev->tstamp = jiffies; 1265 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev); 1266 } 1267 1268 rtime = ntohl(ra_msg->reachable_time); 1269 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) { 1270 rtime = (rtime*HZ)/1000; 1271 1272 if (rtime < HZ/10) 1273 rtime = HZ/10; 1274 1275 if (rtime != in6_dev->nd_parms->base_reachable_time) { 1276 in6_dev->nd_parms->base_reachable_time = rtime; 1277 in6_dev->nd_parms->gc_staletime = 3 * rtime; 1278 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime); 1279 in6_dev->tstamp = jiffies; 1280 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev); 1281 } 1282 } 1283 } 1284 1285skip_linkparms: 1286 1287 /* 1288 * Process options. 1289 */ 1290 1291 if (!neigh) 1292 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr, 1293 skb->dev, 1); 1294 if (neigh) { 1295 u8 *lladdr = NULL; 1296 if (ndopts.nd_opts_src_lladdr) { 1297 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, 1298 skb->dev); 1299 if (!lladdr) { 1300 ND_PRINTK2(KERN_WARNING 1301 "ICMPv6 RA: invalid link-layer address length\n"); 1302 goto out; 1303 } 1304 } 1305 neigh_update(neigh, lladdr, NUD_STALE, 1306 NEIGH_UPDATE_F_WEAK_OVERRIDE| 1307 NEIGH_UPDATE_F_OVERRIDE| 1308 NEIGH_UPDATE_F_OVERRIDE_ISROUTER| 1309 NEIGH_UPDATE_F_ISROUTER); 1310 } 1311 1312 /* skip route and link configuration on routers */ 1313 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_ra) 1314 goto out; 1315 1316#ifdef CONFIG_IPV6_ROUTE_INFO 1317 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) { 1318 struct nd_opt_hdr *p; 1319 for (p = ndopts.nd_opts_ri; 1320 p; 1321 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) { 1322 struct route_info *ri = (struct route_info *)p; 1323#ifdef CONFIG_IPV6_NDISC_NODETYPE 1324 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT && 1325 ri->prefix_len == 0) 1326 continue; 1327#endif 1328 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen) 1329 continue; 1330 rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3, 1331 &ipv6_hdr(skb)->saddr); 1332 } 1333 } 1334#endif 1335 1336#ifdef CONFIG_IPV6_NDISC_NODETYPE 1337 /* skip link-specific ndopts from interior routers */ 1338 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) 1339 goto out; 1340#endif 1341 1342 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) { 1343 struct nd_opt_hdr *p; 1344 for (p = ndopts.nd_opts_pi; 1345 p; 1346 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) { 1347 addrconf_prefix_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3); 1348 } 1349 } 1350 1351 if (ndopts.nd_opts_mtu) { 1352 __be32 n; 1353 u32 mtu; 1354 1355 memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu)); 1356 mtu = ntohl(n); 1357 1358 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) { 1359 ND_PRINTK2(KERN_WARNING 1360 "ICMPv6 RA: invalid mtu: %d\n", 1361 mtu); 1362 } else if (in6_dev->cnf.mtu6 != mtu) { 1363 in6_dev->cnf.mtu6 = mtu; 1364 1365 if (rt) 1366 rt->u.dst.metrics[RTAX_MTU-1] = mtu; 1367 1368 rt6_mtu_change(skb->dev, mtu); 1369 } 1370 } 1371 1372 if (ndopts.nd_useropts) { 1373 struct nd_opt_hdr *p; 1374 for (p = ndopts.nd_useropts; 1375 p; 1376 p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) { 1377 ndisc_ra_useropt(skb, p); 1378 } 1379 } 1380 1381 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) { 1382 ND_PRINTK2(KERN_WARNING 1383 "ICMPv6 RA: invalid RA options"); 1384 } 1385out: 1386 if (rt) 1387 dst_release(&rt->u.dst); 1388 else if (neigh) 1389 neigh_release(neigh); 1390 in6_dev_put(in6_dev); 1391} 1392 1393static void ndisc_redirect_rcv(struct sk_buff *skb) 1394{ 1395 struct inet6_dev *in6_dev; 1396 struct icmp6hdr *icmph; 1397 struct in6_addr *dest; 1398 struct in6_addr *target; /* new first hop to destination */ 1399 struct neighbour *neigh; 1400 int on_link = 0; 1401 struct ndisc_options ndopts; 1402 int optlen; 1403 u8 *lladdr = NULL; 1404 1405#ifdef CONFIG_IPV6_NDISC_NODETYPE 1406 switch (skb->ndisc_nodetype) { 1407 case NDISC_NODETYPE_HOST: 1408 case NDISC_NODETYPE_NODEFAULT: 1409 ND_PRINTK2(KERN_WARNING 1410 "ICMPv6 Redirect: from host or unauthorized router\n"); 1411 return; 1412 } 1413#endif 1414 1415 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) { 1416 ND_PRINTK2(KERN_WARNING 1417 "ICMPv6 Redirect: source address is not link-local.\n"); 1418 return; 1419 } 1420 1421 optlen = skb->tail - skb->transport_header; 1422 optlen -= sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr); 1423 1424 if (optlen < 0) { 1425 ND_PRINTK2(KERN_WARNING 1426 "ICMPv6 Redirect: packet too short\n"); 1427 return; 1428 } 1429 1430 icmph = icmp6_hdr(skb); 1431 target = (struct in6_addr *) (icmph + 1); 1432 dest = target + 1; 1433 1434 if (ipv6_addr_is_multicast(dest)) { 1435 ND_PRINTK2(KERN_WARNING 1436 "ICMPv6 Redirect: destination address is multicast.\n"); 1437 return; 1438 } 1439 1440 if (ipv6_addr_equal(dest, target)) { 1441 on_link = 1; 1442 } else if (ipv6_addr_type(target) != 1443 (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) { 1444 ND_PRINTK2(KERN_WARNING 1445 "ICMPv6 Redirect: target address is not link-local unicast.\n"); 1446 return; 1447 } 1448 1449 in6_dev = in6_dev_get(skb->dev); 1450 if (!in6_dev) 1451 return; 1452 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects) { 1453 in6_dev_put(in6_dev); 1454 return; 1455 } 1456 1457 /* RFC2461 8.1: 1458 * The IP source address of the Redirect MUST be the same as the current 1459 * first-hop router for the specified ICMP Destination Address. 1460 */ 1461 1462 if (!ndisc_parse_options((u8*)(dest + 1), optlen, &ndopts)) { 1463 ND_PRINTK2(KERN_WARNING 1464 "ICMPv6 Redirect: invalid ND options\n"); 1465 in6_dev_put(in6_dev); 1466 return; 1467 } 1468 if (ndopts.nd_opts_tgt_lladdr) { 1469 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, 1470 skb->dev); 1471 if (!lladdr) { 1472 ND_PRINTK2(KERN_WARNING 1473 "ICMPv6 Redirect: invalid link-layer address length\n"); 1474 in6_dev_put(in6_dev); 1475 return; 1476 } 1477 } 1478 1479 neigh = __neigh_lookup(&nd_tbl, target, skb->dev, 1); 1480 if (neigh) { 1481 rt6_redirect(dest, &ipv6_hdr(skb)->daddr, 1482 &ipv6_hdr(skb)->saddr, neigh, lladdr, 1483 on_link); 1484 neigh_release(neigh); 1485 } 1486 in6_dev_put(in6_dev); 1487} 1488 1489void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh, 1490 const struct in6_addr *target) 1491{ 1492 struct net_device *dev = skb->dev; 1493 struct net *net = dev_net(dev); 1494 struct sock *sk = net->ipv6.ndisc_sk; 1495 int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr); 1496 struct sk_buff *buff; 1497 struct icmp6hdr *icmph; 1498 struct in6_addr saddr_buf; 1499 struct in6_addr *addrp; 1500 struct rt6_info *rt; 1501 struct dst_entry *dst; 1502 struct inet6_dev *idev; 1503 struct flowi fl; 1504 u8 *opt; 1505 int rd_len; 1506 int err; 1507 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL; 1508 1509 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) { 1510 ND_PRINTK2(KERN_WARNING 1511 "ICMPv6 Redirect: no link-local address on %s\n", 1512 dev->name); 1513 return; 1514 } 1515 1516 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) && 1517 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) { 1518 ND_PRINTK2(KERN_WARNING 1519 "ICMPv6 Redirect: target address is not link-local unicast.\n"); 1520 return; 1521 } 1522 1523 icmpv6_flow_init(sk, &fl, NDISC_REDIRECT, 1524 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex); 1525 1526 dst = ip6_route_output(net, NULL, &fl); 1527 if (dst == NULL) 1528 return; 1529 1530 err = xfrm_lookup(net, &dst, &fl, NULL, 0); 1531 if (err) 1532 return; 1533 1534 rt = (struct rt6_info *) dst; 1535 1536 if (rt->rt6i_flags & RTF_GATEWAY) { 1537 ND_PRINTK2(KERN_WARNING 1538 "ICMPv6 Redirect: destination is not a neighbour.\n"); 1539 goto release; 1540 } 1541 if (!xrlim_allow(dst, 1*HZ)) 1542 goto release; 1543 1544 if (dev->addr_len) { 1545 read_lock_bh(&neigh->lock); 1546 if (neigh->nud_state & NUD_VALID) { 1547 memcpy(ha_buf, neigh->ha, dev->addr_len); 1548 read_unlock_bh(&neigh->lock); 1549 ha = ha_buf; 1550 len += ndisc_opt_addr_space(dev); 1551 } else 1552 read_unlock_bh(&neigh->lock); 1553 } 1554 1555 rd_len = min_t(unsigned int, 1556 IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8); 1557 rd_len &= ~0x7; 1558 len += rd_len; 1559 1560 buff = sock_alloc_send_skb(sk, 1561 (MAX_HEADER + sizeof(struct ipv6hdr) + 1562 len + LL_ALLOCATED_SPACE(dev)), 1563 1, &err); 1564 if (buff == NULL) { 1565 ND_PRINTK0(KERN_ERR 1566 "ICMPv6 Redirect: %s() failed to allocate an skb, err=%d.\n", 1567 __func__, err); 1568 goto release; 1569 } 1570 1571 skb_reserve(buff, LL_RESERVED_SPACE(dev)); 1572 ip6_nd_hdr(sk, buff, dev, &saddr_buf, &ipv6_hdr(skb)->saddr, 1573 IPPROTO_ICMPV6, len); 1574 1575 skb_set_transport_header(buff, skb_tail_pointer(buff) - buff->data); 1576 skb_put(buff, len); 1577 icmph = icmp6_hdr(buff); 1578 1579 memset(icmph, 0, sizeof(struct icmp6hdr)); 1580 icmph->icmp6_type = NDISC_REDIRECT; 1581 1582 /* 1583 * copy target and destination addresses 1584 */ 1585 1586 addrp = (struct in6_addr *)(icmph + 1); 1587 ipv6_addr_copy(addrp, target); 1588 addrp++; 1589 ipv6_addr_copy(addrp, &ipv6_hdr(skb)->daddr); 1590 1591 opt = (u8*) (addrp + 1); 1592 1593 /* 1594 * include target_address option 1595 */ 1596 1597 if (ha) 1598 opt = ndisc_fill_addr_option(opt, ND_OPT_TARGET_LL_ADDR, ha, 1599 dev->addr_len, dev->type); 1600 1601 /* 1602 * build redirect option and copy skb over to the new packet. 1603 */ 1604 1605 memset(opt, 0, 8); 1606 *(opt++) = ND_OPT_REDIRECT_HDR; 1607 *(opt++) = (rd_len >> 3); 1608 opt += 6; 1609 1610 memcpy(opt, ipv6_hdr(skb), rd_len - 8); 1611 1612 icmph->icmp6_cksum = csum_ipv6_magic(&saddr_buf, &ipv6_hdr(skb)->saddr, 1613 len, IPPROTO_ICMPV6, 1614 csum_partial(icmph, len, 0)); 1615 1616 skb_dst_set(buff, dst); 1617 idev = in6_dev_get(dst->dev); 1618 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len); 1619 err = NF_HOOK(PF_INET6, NF_INET_LOCAL_OUT, buff, NULL, dst->dev, 1620 dst_output); 1621 if (!err) { 1622 ICMP6MSGOUT_INC_STATS(net, idev, NDISC_REDIRECT); 1623 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS); 1624 } 1625 1626 if (likely(idev != NULL)) 1627 in6_dev_put(idev); 1628 return; 1629 1630release: 1631 dst_release(dst); 1632} 1633 1634static void pndisc_redo(struct sk_buff *skb) 1635{ 1636 ndisc_recv_ns(skb); 1637 kfree_skb(skb); 1638} 1639 1640int ndisc_rcv(struct sk_buff *skb) 1641{ 1642 struct nd_msg *msg; 1643 1644 if (!pskb_may_pull(skb, skb->len)) 1645 return 0; 1646 1647 msg = (struct nd_msg *)skb_transport_header(skb); 1648 1649 __skb_push(skb, skb->data - skb_transport_header(skb)); 1650 1651 if (ipv6_hdr(skb)->hop_limit != 255) { 1652 ND_PRINTK2(KERN_WARNING 1653 "ICMPv6 NDISC: invalid hop-limit: %d\n", 1654 ipv6_hdr(skb)->hop_limit); 1655 return 0; 1656 } 1657 1658 if (msg->icmph.icmp6_code != 0) { 1659 ND_PRINTK2(KERN_WARNING 1660 "ICMPv6 NDISC: invalid ICMPv6 code: %d\n", 1661 msg->icmph.icmp6_code); 1662 return 0; 1663 } 1664 1665 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb)); 1666 1667 switch (msg->icmph.icmp6_type) { 1668 case NDISC_NEIGHBOUR_SOLICITATION: 1669 ndisc_recv_ns(skb); 1670 break; 1671 1672 case NDISC_NEIGHBOUR_ADVERTISEMENT: 1673 ndisc_recv_na(skb); 1674 break; 1675 1676 case NDISC_ROUTER_SOLICITATION: 1677 ndisc_recv_rs(skb); 1678 break; 1679 1680 case NDISC_ROUTER_ADVERTISEMENT: 1681 ndisc_router_discovery(skb); 1682 break; 1683 1684 case NDISC_REDIRECT: 1685 ndisc_redirect_rcv(skb); 1686 break; 1687 } 1688 1689 return 0; 1690} 1691 1692static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr) 1693{ 1694 struct net_device *dev = ptr; 1695 struct net *net = dev_net(dev); 1696 1697 switch (event) { 1698 case NETDEV_CHANGEADDR: 1699 neigh_changeaddr(&nd_tbl, dev); 1700 fib6_run_gc(~0UL, net); 1701 break; 1702 case NETDEV_DOWN: 1703 neigh_ifdown(&nd_tbl, dev); 1704 fib6_run_gc(~0UL, net); 1705 break; 1706 default: 1707 break; 1708 } 1709 1710 return NOTIFY_DONE; 1711} 1712 1713static struct notifier_block ndisc_netdev_notifier = { 1714 .notifier_call = ndisc_netdev_event, 1715}; 1716 1717#ifdef CONFIG_SYSCTL 1718static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl, 1719 const char *func, const char *dev_name) 1720{ 1721 static char warncomm[TASK_COMM_LEN]; 1722 static int warned; 1723 if (strcmp(warncomm, current->comm) && warned < 5) { 1724 strcpy(warncomm, current->comm); 1725 printk(KERN_WARNING 1726 "process `%s' is using deprecated sysctl (%s) " 1727 "net.ipv6.neigh.%s.%s; " 1728 "Use net.ipv6.neigh.%s.%s_ms " 1729 "instead.\n", 1730 warncomm, func, 1731 dev_name, ctl->procname, 1732 dev_name, ctl->procname); 1733 warned++; 1734 } 1735} 1736 1737int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos) 1738{ 1739 struct net_device *dev = ctl->extra1; 1740 struct inet6_dev *idev; 1741 int ret; 1742 1743 if ((strcmp(ctl->procname, "retrans_time") == 0) || 1744 (strcmp(ctl->procname, "base_reachable_time") == 0)) 1745 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default"); 1746 1747 if (strcmp(ctl->procname, "retrans_time") == 0) 1748 ret = proc_dointvec(ctl, write, buffer, lenp, ppos); 1749 1750 else if (strcmp(ctl->procname, "base_reachable_time") == 0) 1751 ret = proc_dointvec_jiffies(ctl, write, 1752 buffer, lenp, ppos); 1753 1754 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) || 1755 (strcmp(ctl->procname, "base_reachable_time_ms") == 0)) 1756 ret = proc_dointvec_ms_jiffies(ctl, write, 1757 buffer, lenp, ppos); 1758 else 1759 ret = -1; 1760 1761 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) { 1762 if (ctl->data == &idev->nd_parms->base_reachable_time) 1763 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time); 1764 idev->tstamp = jiffies; 1765 inet6_ifinfo_notify(RTM_NEWLINK, idev); 1766 in6_dev_put(idev); 1767 } 1768 return ret; 1769} 1770 1771int ndisc_ifinfo_sysctl_strategy(ctl_table *ctl, 1772 void __user *oldval, size_t __user *oldlenp, 1773 void __user *newval, size_t newlen) 1774{ 1775 struct net_device *dev = ctl->extra1; 1776 struct inet6_dev *idev; 1777 int ret; 1778 1779 if (ctl->ctl_name == NET_NEIGH_RETRANS_TIME || 1780 ctl->ctl_name == NET_NEIGH_REACHABLE_TIME) 1781 ndisc_warn_deprecated_sysctl(ctl, "procfs", dev ? dev->name : "default"); 1782 1783 switch (ctl->ctl_name) { 1784 case NET_NEIGH_REACHABLE_TIME: 1785 ret = sysctl_jiffies(ctl, oldval, oldlenp, newval, newlen); 1786 break; 1787 case NET_NEIGH_RETRANS_TIME_MS: 1788 case NET_NEIGH_REACHABLE_TIME_MS: 1789 ret = sysctl_ms_jiffies(ctl, oldval, oldlenp, newval, newlen); 1790 break; 1791 default: 1792 ret = 0; 1793 } 1794 1795 if (newval && newlen && ret > 0 && 1796 dev && (idev = in6_dev_get(dev)) != NULL) { 1797 if (ctl->ctl_name == NET_NEIGH_REACHABLE_TIME || 1798 ctl->ctl_name == NET_NEIGH_REACHABLE_TIME_MS) 1799 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time); 1800 idev->tstamp = jiffies; 1801 inet6_ifinfo_notify(RTM_NEWLINK, idev); 1802 in6_dev_put(idev); 1803 } 1804 1805 return ret; 1806} 1807 1808#endif 1809 1810static int ndisc_net_init(struct net *net) 1811{ 1812 struct ipv6_pinfo *np; 1813 struct sock *sk; 1814 int err; 1815 1816 err = inet_ctl_sock_create(&sk, PF_INET6, 1817 SOCK_RAW, IPPROTO_ICMPV6, net); 1818 if (err < 0) { 1819 ND_PRINTK0(KERN_ERR 1820 "ICMPv6 NDISC: Failed to initialize the control socket (err %d).\n", 1821 err); 1822 return err; 1823 } 1824 1825 net->ipv6.ndisc_sk = sk; 1826 1827 np = inet6_sk(sk); 1828 np->hop_limit = 255; 1829 /* Do not loopback ndisc messages */ 1830 np->mc_loop = 0; 1831 1832 return 0; 1833} 1834 1835static void ndisc_net_exit(struct net *net) 1836{ 1837 inet_ctl_sock_destroy(net->ipv6.ndisc_sk); 1838} 1839 1840static struct pernet_operations ndisc_net_ops = { 1841 .init = ndisc_net_init, 1842 .exit = ndisc_net_exit, 1843}; 1844 1845int __init ndisc_init(void) 1846{ 1847 int err; 1848 1849 err = register_pernet_subsys(&ndisc_net_ops); 1850 if (err) 1851 return err; 1852 /* 1853 * Initialize the neighbour table 1854 */ 1855 neigh_table_init(&nd_tbl); 1856 1857#ifdef CONFIG_SYSCTL 1858 err = neigh_sysctl_register(NULL, &nd_tbl.parms, NET_IPV6, 1859 NET_IPV6_NEIGH, "ipv6", 1860 &ndisc_ifinfo_sysctl_change, 1861 &ndisc_ifinfo_sysctl_strategy); 1862 if (err) 1863 goto out_unregister_pernet; 1864#endif 1865 err = register_netdevice_notifier(&ndisc_netdev_notifier); 1866 if (err) 1867 goto out_unregister_sysctl; 1868out: 1869 return err; 1870 1871out_unregister_sysctl: 1872#ifdef CONFIG_SYSCTL 1873 neigh_sysctl_unregister(&nd_tbl.parms); 1874out_unregister_pernet: 1875#endif 1876 unregister_pernet_subsys(&ndisc_net_ops); 1877 goto out; 1878} 1879 1880void ndisc_cleanup(void) 1881{ 1882 unregister_netdevice_notifier(&ndisc_netdev_notifier); 1883#ifdef CONFIG_SYSCTL 1884 neigh_sysctl_unregister(&nd_tbl.parms); 1885#endif 1886 neigh_table_clear(&nd_tbl); 1887 unregister_pernet_subsys(&ndisc_net_ops); 1888} 1889