ndisc.c revision f32138319ca6541e65f95f8e17c9cc88ac1baf94
1/* 2 * Neighbour Discovery for IPv6 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * Mike Shaver <shaver@ingenia.com> 8 * 9 * This program is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU General Public License 11 * as published by the Free Software Foundation; either version 12 * 2 of the License, or (at your option) any later version. 13 */ 14 15/* 16 * Changes: 17 * 18 * Alexey I. Froloff : RFC6106 (DNSSL) support 19 * Pierre Ynard : export userland ND options 20 * through netlink (RDNSS support) 21 * Lars Fenneberg : fixed MTU setting on receipt 22 * of an RA. 23 * Janos Farkas : kmalloc failure checks 24 * Alexey Kuznetsov : state machine reworked 25 * and moved to net/core. 26 * Pekka Savola : RFC2461 validation 27 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly 28 */ 29 30/* Set to 3 to get tracing... */ 31#define ND_DEBUG 1 32 33#define ND_PRINTK(fmt, args...) do { if (net_ratelimit()) { printk(fmt, ## args); } } while(0) 34#define ND_NOPRINTK(x...) do { ; } while(0) 35#define ND_PRINTK0 ND_PRINTK 36#define ND_PRINTK1 ND_NOPRINTK 37#define ND_PRINTK2 ND_NOPRINTK 38#define ND_PRINTK3 ND_NOPRINTK 39#if ND_DEBUG >= 1 40#undef ND_PRINTK1 41#define ND_PRINTK1 ND_PRINTK 42#endif 43#if ND_DEBUG >= 2 44#undef ND_PRINTK2 45#define ND_PRINTK2 ND_PRINTK 46#endif 47#if ND_DEBUG >= 3 48#undef ND_PRINTK3 49#define ND_PRINTK3 ND_PRINTK 50#endif 51 52#include <linux/module.h> 53#include <linux/errno.h> 54#include <linux/types.h> 55#include <linux/socket.h> 56#include <linux/sockios.h> 57#include <linux/sched.h> 58#include <linux/net.h> 59#include <linux/in6.h> 60#include <linux/route.h> 61#include <linux/init.h> 62#include <linux/rcupdate.h> 63#include <linux/slab.h> 64#ifdef CONFIG_SYSCTL 65#include <linux/sysctl.h> 66#endif 67 68#include <linux/if_addr.h> 69#include <linux/if_arp.h> 70#include <linux/ipv6.h> 71#include <linux/icmpv6.h> 72#include <linux/jhash.h> 73 74#include <net/sock.h> 75#include <net/snmp.h> 76 77#include <net/ipv6.h> 78#include <net/protocol.h> 79#include <net/ndisc.h> 80#include <net/ip6_route.h> 81#include <net/addrconf.h> 82#include <net/icmp.h> 83 84#include <net/netlink.h> 85#include <linux/rtnetlink.h> 86 87#include <net/flow.h> 88#include <net/ip6_checksum.h> 89#include <net/inet_common.h> 90#include <linux/proc_fs.h> 91 92#include <linux/netfilter.h> 93#include <linux/netfilter_ipv6.h> 94 95static u32 ndisc_hash(const void *pkey, 96 const struct net_device *dev, 97 __u32 *hash_rnd); 98static int ndisc_constructor(struct neighbour *neigh); 99static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb); 100static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb); 101static int pndisc_constructor(struct pneigh_entry *n); 102static void pndisc_destructor(struct pneigh_entry *n); 103static void pndisc_redo(struct sk_buff *skb); 104 105static const struct neigh_ops ndisc_generic_ops = { 106 .family = AF_INET6, 107 .solicit = ndisc_solicit, 108 .error_report = ndisc_error_report, 109 .output = neigh_resolve_output, 110 .connected_output = neigh_connected_output, 111}; 112 113static const struct neigh_ops ndisc_hh_ops = { 114 .family = AF_INET6, 115 .solicit = ndisc_solicit, 116 .error_report = ndisc_error_report, 117 .output = neigh_resolve_output, 118 .connected_output = neigh_resolve_output, 119}; 120 121 122static const struct neigh_ops ndisc_direct_ops = { 123 .family = AF_INET6, 124 .output = neigh_direct_output, 125 .connected_output = neigh_direct_output, 126}; 127 128struct neigh_table nd_tbl = { 129 .family = AF_INET6, 130 .key_len = sizeof(struct in6_addr), 131 .hash = ndisc_hash, 132 .constructor = ndisc_constructor, 133 .pconstructor = pndisc_constructor, 134 .pdestructor = pndisc_destructor, 135 .proxy_redo = pndisc_redo, 136 .id = "ndisc_cache", 137 .parms = { 138 .tbl = &nd_tbl, 139 .base_reachable_time = ND_REACHABLE_TIME, 140 .retrans_time = ND_RETRANS_TIMER, 141 .gc_staletime = 60 * HZ, 142 .reachable_time = ND_REACHABLE_TIME, 143 .delay_probe_time = 5 * HZ, 144 .queue_len_bytes = 64*1024, 145 .ucast_probes = 3, 146 .mcast_probes = 3, 147 .anycast_delay = 1 * HZ, 148 .proxy_delay = (8 * HZ) / 10, 149 .proxy_qlen = 64, 150 }, 151 .gc_interval = 30 * HZ, 152 .gc_thresh1 = 128, 153 .gc_thresh2 = 512, 154 .gc_thresh3 = 1024, 155}; 156 157/* ND options */ 158struct ndisc_options { 159 struct nd_opt_hdr *nd_opt_array[__ND_OPT_ARRAY_MAX]; 160#ifdef CONFIG_IPV6_ROUTE_INFO 161 struct nd_opt_hdr *nd_opts_ri; 162 struct nd_opt_hdr *nd_opts_ri_end; 163#endif 164 struct nd_opt_hdr *nd_useropts; 165 struct nd_opt_hdr *nd_useropts_end; 166}; 167 168#define nd_opts_src_lladdr nd_opt_array[ND_OPT_SOURCE_LL_ADDR] 169#define nd_opts_tgt_lladdr nd_opt_array[ND_OPT_TARGET_LL_ADDR] 170#define nd_opts_pi nd_opt_array[ND_OPT_PREFIX_INFO] 171#define nd_opts_pi_end nd_opt_array[__ND_OPT_PREFIX_INFO_END] 172#define nd_opts_rh nd_opt_array[ND_OPT_REDIRECT_HDR] 173#define nd_opts_mtu nd_opt_array[ND_OPT_MTU] 174 175#define NDISC_OPT_SPACE(len) (((len)+2+7)&~7) 176 177/* 178 * Return the padding between the option length and the start of the 179 * link addr. Currently only IP-over-InfiniBand needs this, although 180 * if RFC 3831 IPv6-over-Fibre Channel is ever implemented it may 181 * also need a pad of 2. 182 */ 183static int ndisc_addr_option_pad(unsigned short type) 184{ 185 switch (type) { 186 case ARPHRD_INFINIBAND: return 2; 187 default: return 0; 188 } 189} 190 191static inline int ndisc_opt_addr_space(struct net_device *dev) 192{ 193 return NDISC_OPT_SPACE(dev->addr_len + ndisc_addr_option_pad(dev->type)); 194} 195 196static u8 *ndisc_fill_addr_option(u8 *opt, int type, void *data, int data_len, 197 unsigned short addr_type) 198{ 199 int space = NDISC_OPT_SPACE(data_len); 200 int pad = ndisc_addr_option_pad(addr_type); 201 202 opt[0] = type; 203 opt[1] = space>>3; 204 205 memset(opt + 2, 0, pad); 206 opt += pad; 207 space -= pad; 208 209 memcpy(opt+2, data, data_len); 210 data_len += 2; 211 opt += data_len; 212 if ((space -= data_len) > 0) 213 memset(opt, 0, space); 214 return opt + space; 215} 216 217static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur, 218 struct nd_opt_hdr *end) 219{ 220 int type; 221 if (!cur || !end || cur >= end) 222 return NULL; 223 type = cur->nd_opt_type; 224 do { 225 cur = ((void *)cur) + (cur->nd_opt_len << 3); 226 } while(cur < end && cur->nd_opt_type != type); 227 return cur <= end && cur->nd_opt_type == type ? cur : NULL; 228} 229 230static inline int ndisc_is_useropt(struct nd_opt_hdr *opt) 231{ 232 return opt->nd_opt_type == ND_OPT_RDNSS || 233 opt->nd_opt_type == ND_OPT_DNSSL; 234} 235 236static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur, 237 struct nd_opt_hdr *end) 238{ 239 if (!cur || !end || cur >= end) 240 return NULL; 241 do { 242 cur = ((void *)cur) + (cur->nd_opt_len << 3); 243 } while(cur < end && !ndisc_is_useropt(cur)); 244 return cur <= end && ndisc_is_useropt(cur) ? cur : NULL; 245} 246 247static struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len, 248 struct ndisc_options *ndopts) 249{ 250 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt; 251 252 if (!nd_opt || opt_len < 0 || !ndopts) 253 return NULL; 254 memset(ndopts, 0, sizeof(*ndopts)); 255 while (opt_len) { 256 int l; 257 if (opt_len < sizeof(struct nd_opt_hdr)) 258 return NULL; 259 l = nd_opt->nd_opt_len << 3; 260 if (opt_len < l || l == 0) 261 return NULL; 262 switch (nd_opt->nd_opt_type) { 263 case ND_OPT_SOURCE_LL_ADDR: 264 case ND_OPT_TARGET_LL_ADDR: 265 case ND_OPT_MTU: 266 case ND_OPT_REDIRECT_HDR: 267 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) { 268 ND_PRINTK2(KERN_WARNING 269 "%s: duplicated ND6 option found: type=%d\n", 270 __func__, 271 nd_opt->nd_opt_type); 272 } else { 273 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 274 } 275 break; 276 case ND_OPT_PREFIX_INFO: 277 ndopts->nd_opts_pi_end = nd_opt; 278 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type]) 279 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 280 break; 281#ifdef CONFIG_IPV6_ROUTE_INFO 282 case ND_OPT_ROUTE_INFO: 283 ndopts->nd_opts_ri_end = nd_opt; 284 if (!ndopts->nd_opts_ri) 285 ndopts->nd_opts_ri = nd_opt; 286 break; 287#endif 288 default: 289 if (ndisc_is_useropt(nd_opt)) { 290 ndopts->nd_useropts_end = nd_opt; 291 if (!ndopts->nd_useropts) 292 ndopts->nd_useropts = nd_opt; 293 } else { 294 /* 295 * Unknown options must be silently ignored, 296 * to accommodate future extension to the 297 * protocol. 298 */ 299 ND_PRINTK2(KERN_NOTICE 300 "%s: ignored unsupported option; type=%d, len=%d\n", 301 __func__, 302 nd_opt->nd_opt_type, nd_opt->nd_opt_len); 303 } 304 } 305 opt_len -= l; 306 nd_opt = ((void *)nd_opt) + l; 307 } 308 return ndopts; 309} 310 311static inline u8 *ndisc_opt_addr_data(struct nd_opt_hdr *p, 312 struct net_device *dev) 313{ 314 u8 *lladdr = (u8 *)(p + 1); 315 int lladdrlen = p->nd_opt_len << 3; 316 int prepad = ndisc_addr_option_pad(dev->type); 317 if (lladdrlen != NDISC_OPT_SPACE(dev->addr_len + prepad)) 318 return NULL; 319 return lladdr + prepad; 320} 321 322int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir) 323{ 324 switch (dev->type) { 325 case ARPHRD_ETHER: 326 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */ 327 case ARPHRD_FDDI: 328 ipv6_eth_mc_map(addr, buf); 329 return 0; 330 case ARPHRD_IEEE802_TR: 331 ipv6_tr_mc_map(addr,buf); 332 return 0; 333 case ARPHRD_ARCNET: 334 ipv6_arcnet_mc_map(addr, buf); 335 return 0; 336 case ARPHRD_INFINIBAND: 337 ipv6_ib_mc_map(addr, dev->broadcast, buf); 338 return 0; 339 case ARPHRD_IPGRE: 340 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf); 341 default: 342 if (dir) { 343 memcpy(buf, dev->broadcast, dev->addr_len); 344 return 0; 345 } 346 } 347 return -EINVAL; 348} 349 350EXPORT_SYMBOL(ndisc_mc_map); 351 352static u32 ndisc_hash(const void *pkey, 353 const struct net_device *dev, 354 __u32 *hash_rnd) 355{ 356 return ndisc_hashfn(pkey, dev, hash_rnd); 357} 358 359static int ndisc_constructor(struct neighbour *neigh) 360{ 361 struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key; 362 struct net_device *dev = neigh->dev; 363 struct inet6_dev *in6_dev; 364 struct neigh_parms *parms; 365 int is_multicast = ipv6_addr_is_multicast(addr); 366 367 in6_dev = in6_dev_get(dev); 368 if (in6_dev == NULL) { 369 return -EINVAL; 370 } 371 372 parms = in6_dev->nd_parms; 373 __neigh_parms_put(neigh->parms); 374 neigh->parms = neigh_parms_clone(parms); 375 376 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST; 377 if (!dev->header_ops) { 378 neigh->nud_state = NUD_NOARP; 379 neigh->ops = &ndisc_direct_ops; 380 neigh->output = neigh_direct_output; 381 } else { 382 if (is_multicast) { 383 neigh->nud_state = NUD_NOARP; 384 ndisc_mc_map(addr, neigh->ha, dev, 1); 385 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) { 386 neigh->nud_state = NUD_NOARP; 387 memcpy(neigh->ha, dev->dev_addr, dev->addr_len); 388 if (dev->flags&IFF_LOOPBACK) 389 neigh->type = RTN_LOCAL; 390 } else if (dev->flags&IFF_POINTOPOINT) { 391 neigh->nud_state = NUD_NOARP; 392 memcpy(neigh->ha, dev->broadcast, dev->addr_len); 393 } 394 if (dev->header_ops->cache) 395 neigh->ops = &ndisc_hh_ops; 396 else 397 neigh->ops = &ndisc_generic_ops; 398 if (neigh->nud_state&NUD_VALID) 399 neigh->output = neigh->ops->connected_output; 400 else 401 neigh->output = neigh->ops->output; 402 } 403 in6_dev_put(in6_dev); 404 return 0; 405} 406 407static int pndisc_constructor(struct pneigh_entry *n) 408{ 409 struct in6_addr *addr = (struct in6_addr*)&n->key; 410 struct in6_addr maddr; 411 struct net_device *dev = n->dev; 412 413 if (dev == NULL || __in6_dev_get(dev) == NULL) 414 return -EINVAL; 415 addrconf_addr_solict_mult(addr, &maddr); 416 ipv6_dev_mc_inc(dev, &maddr); 417 return 0; 418} 419 420static void pndisc_destructor(struct pneigh_entry *n) 421{ 422 struct in6_addr *addr = (struct in6_addr*)&n->key; 423 struct in6_addr maddr; 424 struct net_device *dev = n->dev; 425 426 if (dev == NULL || __in6_dev_get(dev) == NULL) 427 return; 428 addrconf_addr_solict_mult(addr, &maddr); 429 ipv6_dev_mc_dec(dev, &maddr); 430} 431 432struct sk_buff *ndisc_build_skb(struct net_device *dev, 433 const struct in6_addr *daddr, 434 const struct in6_addr *saddr, 435 struct icmp6hdr *icmp6h, 436 const struct in6_addr *target, 437 int llinfo) 438{ 439 struct net *net = dev_net(dev); 440 struct sock *sk = net->ipv6.ndisc_sk; 441 struct sk_buff *skb; 442 struct icmp6hdr *hdr; 443 int hlen = LL_RESERVED_SPACE(dev); 444 int tlen = dev->needed_tailroom; 445 int len; 446 int err; 447 u8 *opt; 448 449 if (!dev->addr_len) 450 llinfo = 0; 451 452 len = sizeof(struct icmp6hdr) + (target ? sizeof(*target) : 0); 453 if (llinfo) 454 len += ndisc_opt_addr_space(dev); 455 456 skb = sock_alloc_send_skb(sk, 457 (MAX_HEADER + sizeof(struct ipv6hdr) + 458 len + hlen + tlen), 459 1, &err); 460 if (!skb) { 461 ND_PRINTK0(KERN_ERR 462 "ICMPv6 ND: %s failed to allocate an skb, err=%d.\n", 463 __func__, err); 464 return NULL; 465 } 466 467 skb_reserve(skb, hlen); 468 ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len); 469 470 skb->transport_header = skb->tail; 471 skb_put(skb, len); 472 473 hdr = (struct icmp6hdr *)skb_transport_header(skb); 474 memcpy(hdr, icmp6h, sizeof(*hdr)); 475 476 opt = skb_transport_header(skb) + sizeof(struct icmp6hdr); 477 if (target) { 478 *(struct in6_addr *)opt = *target; 479 opt += sizeof(*target); 480 } 481 482 if (llinfo) 483 ndisc_fill_addr_option(opt, llinfo, dev->dev_addr, 484 dev->addr_len, dev->type); 485 486 hdr->icmp6_cksum = csum_ipv6_magic(saddr, daddr, len, 487 IPPROTO_ICMPV6, 488 csum_partial(hdr, 489 len, 0)); 490 491 return skb; 492} 493 494EXPORT_SYMBOL(ndisc_build_skb); 495 496void ndisc_send_skb(struct sk_buff *skb, 497 struct net_device *dev, 498 struct neighbour *neigh, 499 const struct in6_addr *daddr, 500 const struct in6_addr *saddr, 501 struct icmp6hdr *icmp6h) 502{ 503 struct flowi6 fl6; 504 struct dst_entry *dst; 505 struct net *net = dev_net(dev); 506 struct sock *sk = net->ipv6.ndisc_sk; 507 struct inet6_dev *idev; 508 int err; 509 u8 type; 510 511 type = icmp6h->icmp6_type; 512 513 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, dev->ifindex); 514 dst = icmp6_dst_alloc(dev, neigh, &fl6); 515 if (IS_ERR(dst)) { 516 kfree_skb(skb); 517 return; 518 } 519 520 skb_dst_set(skb, dst); 521 522 rcu_read_lock(); 523 idev = __in6_dev_get(dst->dev); 524 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len); 525 526 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev, 527 dst_output); 528 if (!err) { 529 ICMP6MSGOUT_INC_STATS(net, idev, type); 530 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS); 531 } 532 533 rcu_read_unlock(); 534} 535 536EXPORT_SYMBOL(ndisc_send_skb); 537 538/* 539 * Send a Neighbour Discover packet 540 */ 541static void __ndisc_send(struct net_device *dev, 542 struct neighbour *neigh, 543 const struct in6_addr *daddr, 544 const struct in6_addr *saddr, 545 struct icmp6hdr *icmp6h, const struct in6_addr *target, 546 int llinfo) 547{ 548 struct sk_buff *skb; 549 550 skb = ndisc_build_skb(dev, daddr, saddr, icmp6h, target, llinfo); 551 if (!skb) 552 return; 553 554 ndisc_send_skb(skb, dev, neigh, daddr, saddr, icmp6h); 555} 556 557static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh, 558 const struct in6_addr *daddr, 559 const struct in6_addr *solicited_addr, 560 int router, int solicited, int override, int inc_opt) 561{ 562 struct in6_addr tmpaddr; 563 struct inet6_ifaddr *ifp; 564 const struct in6_addr *src_addr; 565 struct icmp6hdr icmp6h = { 566 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT, 567 }; 568 569 /* for anycast or proxy, solicited_addr != src_addr */ 570 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1); 571 if (ifp) { 572 src_addr = solicited_addr; 573 if (ifp->flags & IFA_F_OPTIMISTIC) 574 override = 0; 575 inc_opt |= ifp->idev->cnf.force_tllao; 576 in6_ifa_put(ifp); 577 } else { 578 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr, 579 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs, 580 &tmpaddr)) 581 return; 582 src_addr = &tmpaddr; 583 } 584 585 icmp6h.icmp6_router = router; 586 icmp6h.icmp6_solicited = solicited; 587 icmp6h.icmp6_override = override; 588 589 __ndisc_send(dev, neigh, daddr, src_addr, 590 &icmp6h, solicited_addr, 591 inc_opt ? ND_OPT_TARGET_LL_ADDR : 0); 592} 593 594static void ndisc_send_unsol_na(struct net_device *dev) 595{ 596 struct inet6_dev *idev; 597 struct inet6_ifaddr *ifa; 598 struct in6_addr mcaddr; 599 600 idev = in6_dev_get(dev); 601 if (!idev) 602 return; 603 604 read_lock_bh(&idev->lock); 605 list_for_each_entry(ifa, &idev->addr_list, if_list) { 606 addrconf_addr_solict_mult(&ifa->addr, &mcaddr); 607 ndisc_send_na(dev, NULL, &mcaddr, &ifa->addr, 608 /*router=*/ !!idev->cnf.forwarding, 609 /*solicited=*/ false, /*override=*/ true, 610 /*inc_opt=*/ true); 611 } 612 read_unlock_bh(&idev->lock); 613 614 in6_dev_put(idev); 615} 616 617void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh, 618 const struct in6_addr *solicit, 619 const struct in6_addr *daddr, const struct in6_addr *saddr) 620{ 621 struct in6_addr addr_buf; 622 struct icmp6hdr icmp6h = { 623 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION, 624 }; 625 626 if (saddr == NULL) { 627 if (ipv6_get_lladdr(dev, &addr_buf, 628 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))) 629 return; 630 saddr = &addr_buf; 631 } 632 633 __ndisc_send(dev, neigh, daddr, saddr, 634 &icmp6h, solicit, 635 !ipv6_addr_any(saddr) ? ND_OPT_SOURCE_LL_ADDR : 0); 636} 637 638void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr, 639 const struct in6_addr *daddr) 640{ 641 struct icmp6hdr icmp6h = { 642 .icmp6_type = NDISC_ROUTER_SOLICITATION, 643 }; 644 int send_sllao = dev->addr_len; 645 646#ifdef CONFIG_IPV6_OPTIMISTIC_DAD 647 /* 648 * According to section 2.2 of RFC 4429, we must not 649 * send router solicitations with a sllao from 650 * optimistic addresses, but we may send the solicitation 651 * if we don't include the sllao. So here we check 652 * if our address is optimistic, and if so, we 653 * suppress the inclusion of the sllao. 654 */ 655 if (send_sllao) { 656 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr, 657 dev, 1); 658 if (ifp) { 659 if (ifp->flags & IFA_F_OPTIMISTIC) { 660 send_sllao = 0; 661 } 662 in6_ifa_put(ifp); 663 } else { 664 send_sllao = 0; 665 } 666 } 667#endif 668 __ndisc_send(dev, NULL, daddr, saddr, 669 &icmp6h, NULL, 670 send_sllao ? ND_OPT_SOURCE_LL_ADDR : 0); 671} 672 673 674static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb) 675{ 676 /* 677 * "The sender MUST return an ICMP 678 * destination unreachable" 679 */ 680 dst_link_failure(skb); 681 kfree_skb(skb); 682} 683 684/* Called with locked neigh: either read or both */ 685 686static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb) 687{ 688 struct in6_addr *saddr = NULL; 689 struct in6_addr mcaddr; 690 struct net_device *dev = neigh->dev; 691 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key; 692 int probes = atomic_read(&neigh->probes); 693 694 if (skb && ipv6_chk_addr(dev_net(dev), &ipv6_hdr(skb)->saddr, dev, 1)) 695 saddr = &ipv6_hdr(skb)->saddr; 696 697 if ((probes -= neigh->parms->ucast_probes) < 0) { 698 if (!(neigh->nud_state & NUD_VALID)) { 699 ND_PRINTK1(KERN_DEBUG "%s: trying to ucast probe in NUD_INVALID: %pI6\n", 700 __func__, target); 701 } 702 ndisc_send_ns(dev, neigh, target, target, saddr); 703 } else if ((probes -= neigh->parms->app_probes) < 0) { 704#ifdef CONFIG_ARPD 705 neigh_app_ns(neigh); 706#endif 707 } else { 708 addrconf_addr_solict_mult(target, &mcaddr); 709 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr); 710 } 711} 712 713static int pndisc_is_router(const void *pkey, 714 struct net_device *dev) 715{ 716 struct pneigh_entry *n; 717 int ret = -1; 718 719 read_lock_bh(&nd_tbl.lock); 720 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev); 721 if (n) 722 ret = !!(n->flags & NTF_ROUTER); 723 read_unlock_bh(&nd_tbl.lock); 724 725 return ret; 726} 727 728static void ndisc_recv_ns(struct sk_buff *skb) 729{ 730 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb); 731 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 732 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr; 733 u8 *lladdr = NULL; 734 u32 ndoptlen = skb->tail - (skb->transport_header + 735 offsetof(struct nd_msg, opt)); 736 struct ndisc_options ndopts; 737 struct net_device *dev = skb->dev; 738 struct inet6_ifaddr *ifp; 739 struct inet6_dev *idev = NULL; 740 struct neighbour *neigh; 741 int dad = ipv6_addr_any(saddr); 742 int inc; 743 int is_router = -1; 744 745 if (ipv6_addr_is_multicast(&msg->target)) { 746 ND_PRINTK2(KERN_WARNING 747 "ICMPv6 NS: multicast target address"); 748 return; 749 } 750 751 /* 752 * RFC2461 7.1.1: 753 * DAD has to be destined for solicited node multicast address. 754 */ 755 if (dad && 756 !(daddr->s6_addr32[0] == htonl(0xff020000) && 757 daddr->s6_addr32[1] == htonl(0x00000000) && 758 daddr->s6_addr32[2] == htonl(0x00000001) && 759 daddr->s6_addr [12] == 0xff )) { 760 ND_PRINTK2(KERN_WARNING 761 "ICMPv6 NS: bad DAD packet (wrong destination)\n"); 762 return; 763 } 764 765 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) { 766 ND_PRINTK2(KERN_WARNING 767 "ICMPv6 NS: invalid ND options\n"); 768 return; 769 } 770 771 if (ndopts.nd_opts_src_lladdr) { 772 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev); 773 if (!lladdr) { 774 ND_PRINTK2(KERN_WARNING 775 "ICMPv6 NS: invalid link-layer address length\n"); 776 return; 777 } 778 779 /* RFC2461 7.1.1: 780 * If the IP source address is the unspecified address, 781 * there MUST NOT be source link-layer address option 782 * in the message. 783 */ 784 if (dad) { 785 ND_PRINTK2(KERN_WARNING 786 "ICMPv6 NS: bad DAD packet (link-layer address option)\n"); 787 return; 788 } 789 } 790 791 inc = ipv6_addr_is_multicast(daddr); 792 793 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1); 794 if (ifp) { 795 796 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) { 797 if (dad) { 798 if (dev->type == ARPHRD_IEEE802_TR) { 799 const unsigned char *sadr; 800 sadr = skb_mac_header(skb); 801 if (((sadr[8] ^ dev->dev_addr[0]) & 0x7f) == 0 && 802 sadr[9] == dev->dev_addr[1] && 803 sadr[10] == dev->dev_addr[2] && 804 sadr[11] == dev->dev_addr[3] && 805 sadr[12] == dev->dev_addr[4] && 806 sadr[13] == dev->dev_addr[5]) { 807 /* looped-back to us */ 808 goto out; 809 } 810 } 811 812 /* 813 * We are colliding with another node 814 * who is doing DAD 815 * so fail our DAD process 816 */ 817 addrconf_dad_failure(ifp); 818 return; 819 } else { 820 /* 821 * This is not a dad solicitation. 822 * If we are an optimistic node, 823 * we should respond. 824 * Otherwise, we should ignore it. 825 */ 826 if (!(ifp->flags & IFA_F_OPTIMISTIC)) 827 goto out; 828 } 829 } 830 831 idev = ifp->idev; 832 } else { 833 struct net *net = dev_net(dev); 834 835 idev = in6_dev_get(dev); 836 if (!idev) { 837 /* XXX: count this drop? */ 838 return; 839 } 840 841 if (ipv6_chk_acast_addr(net, dev, &msg->target) || 842 (idev->cnf.forwarding && 843 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) && 844 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) { 845 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) && 846 skb->pkt_type != PACKET_HOST && 847 inc != 0 && 848 idev->nd_parms->proxy_delay != 0) { 849 /* 850 * for anycast or proxy, 851 * sender should delay its response 852 * by a random time between 0 and 853 * MAX_ANYCAST_DELAY_TIME seconds. 854 * (RFC2461) -- yoshfuji 855 */ 856 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC); 857 if (n) 858 pneigh_enqueue(&nd_tbl, idev->nd_parms, n); 859 goto out; 860 } 861 } else 862 goto out; 863 } 864 865 if (is_router < 0) 866 is_router = !!idev->cnf.forwarding; 867 868 if (dad) { 869 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &msg->target, 870 is_router, 0, (ifp != NULL), 1); 871 goto out; 872 } 873 874 if (inc) 875 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast); 876 else 877 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast); 878 879 /* 880 * update / create cache entry 881 * for the source address 882 */ 883 neigh = __neigh_lookup(&nd_tbl, saddr, dev, 884 !inc || lladdr || !dev->addr_len); 885 if (neigh) 886 neigh_update(neigh, lladdr, NUD_STALE, 887 NEIGH_UPDATE_F_WEAK_OVERRIDE| 888 NEIGH_UPDATE_F_OVERRIDE); 889 if (neigh || !dev->header_ops) { 890 ndisc_send_na(dev, neigh, saddr, &msg->target, 891 is_router, 892 1, (ifp != NULL && inc), inc); 893 if (neigh) 894 neigh_release(neigh); 895 } 896 897out: 898 if (ifp) 899 in6_ifa_put(ifp); 900 else 901 in6_dev_put(idev); 902} 903 904static void ndisc_recv_na(struct sk_buff *skb) 905{ 906 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb); 907 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 908 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr; 909 u8 *lladdr = NULL; 910 u32 ndoptlen = skb->tail - (skb->transport_header + 911 offsetof(struct nd_msg, opt)); 912 struct ndisc_options ndopts; 913 struct net_device *dev = skb->dev; 914 struct inet6_ifaddr *ifp; 915 struct neighbour *neigh; 916 917 if (skb->len < sizeof(struct nd_msg)) { 918 ND_PRINTK2(KERN_WARNING 919 "ICMPv6 NA: packet too short\n"); 920 return; 921 } 922 923 if (ipv6_addr_is_multicast(&msg->target)) { 924 ND_PRINTK2(KERN_WARNING 925 "ICMPv6 NA: target address is multicast.\n"); 926 return; 927 } 928 929 if (ipv6_addr_is_multicast(daddr) && 930 msg->icmph.icmp6_solicited) { 931 ND_PRINTK2(KERN_WARNING 932 "ICMPv6 NA: solicited NA is multicasted.\n"); 933 return; 934 } 935 936 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) { 937 ND_PRINTK2(KERN_WARNING 938 "ICMPv6 NS: invalid ND option\n"); 939 return; 940 } 941 if (ndopts.nd_opts_tgt_lladdr) { 942 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev); 943 if (!lladdr) { 944 ND_PRINTK2(KERN_WARNING 945 "ICMPv6 NA: invalid link-layer address length\n"); 946 return; 947 } 948 } 949 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1); 950 if (ifp) { 951 if (skb->pkt_type != PACKET_LOOPBACK 952 && (ifp->flags & IFA_F_TENTATIVE)) { 953 addrconf_dad_failure(ifp); 954 return; 955 } 956 /* What should we make now? The advertisement 957 is invalid, but ndisc specs say nothing 958 about it. It could be misconfiguration, or 959 an smart proxy agent tries to help us :-) 960 961 We should not print the error if NA has been 962 received from loopback - it is just our own 963 unsolicited advertisement. 964 */ 965 if (skb->pkt_type != PACKET_LOOPBACK) 966 ND_PRINTK1(KERN_WARNING 967 "ICMPv6 NA: someone advertises our address %pI6 on %s!\n", 968 &ifp->addr, ifp->idev->dev->name); 969 in6_ifa_put(ifp); 970 return; 971 } 972 neigh = neigh_lookup(&nd_tbl, &msg->target, dev); 973 974 if (neigh) { 975 u8 old_flags = neigh->flags; 976 struct net *net = dev_net(dev); 977 978 if (neigh->nud_state & NUD_FAILED) 979 goto out; 980 981 /* 982 * Don't update the neighbor cache entry on a proxy NA from 983 * ourselves because either the proxied node is off link or it 984 * has already sent a NA to us. 985 */ 986 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) && 987 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp && 988 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) { 989 /* XXX: idev->cnf.prixy_ndp */ 990 goto out; 991 } 992 993 neigh_update(neigh, lladdr, 994 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE, 995 NEIGH_UPDATE_F_WEAK_OVERRIDE| 996 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)| 997 NEIGH_UPDATE_F_OVERRIDE_ISROUTER| 998 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0)); 999 1000 if ((old_flags & ~neigh->flags) & NTF_ROUTER) { 1001 /* 1002 * Change: router to host 1003 */ 1004 struct rt6_info *rt; 1005 rt = rt6_get_dflt_router(saddr, dev); 1006 if (rt) 1007 ip6_del_rt(rt); 1008 } 1009 1010out: 1011 neigh_release(neigh); 1012 } 1013} 1014 1015static void ndisc_recv_rs(struct sk_buff *skb) 1016{ 1017 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb); 1018 unsigned long ndoptlen = skb->len - sizeof(*rs_msg); 1019 struct neighbour *neigh; 1020 struct inet6_dev *idev; 1021 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 1022 struct ndisc_options ndopts; 1023 u8 *lladdr = NULL; 1024 1025 if (skb->len < sizeof(*rs_msg)) 1026 return; 1027 1028 idev = __in6_dev_get(skb->dev); 1029 if (!idev) { 1030 if (net_ratelimit()) 1031 ND_PRINTK1("ICMP6 RS: can't find in6 device\n"); 1032 return; 1033 } 1034 1035 /* Don't accept RS if we're not in router mode */ 1036 if (!idev->cnf.forwarding) 1037 goto out; 1038 1039 /* 1040 * Don't update NCE if src = ::; 1041 * this implies that the source node has no ip address assigned yet. 1042 */ 1043 if (ipv6_addr_any(saddr)) 1044 goto out; 1045 1046 /* Parse ND options */ 1047 if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) { 1048 if (net_ratelimit()) 1049 ND_PRINTK2("ICMP6 NS: invalid ND option, ignored\n"); 1050 goto out; 1051 } 1052 1053 if (ndopts.nd_opts_src_lladdr) { 1054 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, 1055 skb->dev); 1056 if (!lladdr) 1057 goto out; 1058 } 1059 1060 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1); 1061 if (neigh) { 1062 neigh_update(neigh, lladdr, NUD_STALE, 1063 NEIGH_UPDATE_F_WEAK_OVERRIDE| 1064 NEIGH_UPDATE_F_OVERRIDE| 1065 NEIGH_UPDATE_F_OVERRIDE_ISROUTER); 1066 neigh_release(neigh); 1067 } 1068out: 1069 return; 1070} 1071 1072static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt) 1073{ 1074 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra); 1075 struct sk_buff *skb; 1076 struct nlmsghdr *nlh; 1077 struct nduseroptmsg *ndmsg; 1078 struct net *net = dev_net(ra->dev); 1079 int err; 1080 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg) 1081 + (opt->nd_opt_len << 3)); 1082 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr)); 1083 1084 skb = nlmsg_new(msg_size, GFP_ATOMIC); 1085 if (skb == NULL) { 1086 err = -ENOBUFS; 1087 goto errout; 1088 } 1089 1090 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0); 1091 if (nlh == NULL) { 1092 goto nla_put_failure; 1093 } 1094 1095 ndmsg = nlmsg_data(nlh); 1096 ndmsg->nduseropt_family = AF_INET6; 1097 ndmsg->nduseropt_ifindex = ra->dev->ifindex; 1098 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type; 1099 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code; 1100 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3; 1101 1102 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3); 1103 1104 if (nla_put(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr), 1105 &ipv6_hdr(ra)->saddr)) 1106 goto nla_put_failure; 1107 nlmsg_end(skb, nlh); 1108 1109 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC); 1110 return; 1111 1112nla_put_failure: 1113 nlmsg_free(skb); 1114 err = -EMSGSIZE; 1115errout: 1116 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err); 1117} 1118 1119static inline int accept_ra(struct inet6_dev *in6_dev) 1120{ 1121 /* 1122 * If forwarding is enabled, RA are not accepted unless the special 1123 * hybrid mode (accept_ra=2) is enabled. 1124 */ 1125 if (in6_dev->cnf.forwarding && in6_dev->cnf.accept_ra < 2) 1126 return 0; 1127 1128 return in6_dev->cnf.accept_ra; 1129} 1130 1131static void ndisc_router_discovery(struct sk_buff *skb) 1132{ 1133 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb); 1134 struct neighbour *neigh = NULL; 1135 struct inet6_dev *in6_dev; 1136 struct rt6_info *rt = NULL; 1137 int lifetime; 1138 struct ndisc_options ndopts; 1139 int optlen; 1140 unsigned int pref = 0; 1141 1142 __u8 * opt = (__u8 *)(ra_msg + 1); 1143 1144 optlen = (skb->tail - skb->transport_header) - sizeof(struct ra_msg); 1145 1146 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) { 1147 ND_PRINTK2(KERN_WARNING 1148 "ICMPv6 RA: source address is not link-local.\n"); 1149 return; 1150 } 1151 if (optlen < 0) { 1152 ND_PRINTK2(KERN_WARNING 1153 "ICMPv6 RA: packet too short\n"); 1154 return; 1155 } 1156 1157#ifdef CONFIG_IPV6_NDISC_NODETYPE 1158 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) { 1159 ND_PRINTK2(KERN_WARNING 1160 "ICMPv6 RA: from host or unauthorized router\n"); 1161 return; 1162 } 1163#endif 1164 1165 /* 1166 * set the RA_RECV flag in the interface 1167 */ 1168 1169 in6_dev = __in6_dev_get(skb->dev); 1170 if (in6_dev == NULL) { 1171 ND_PRINTK0(KERN_ERR 1172 "ICMPv6 RA: can't find inet6 device for %s.\n", 1173 skb->dev->name); 1174 return; 1175 } 1176 1177 if (!ndisc_parse_options(opt, optlen, &ndopts)) { 1178 ND_PRINTK2(KERN_WARNING 1179 "ICMP6 RA: invalid ND options\n"); 1180 return; 1181 } 1182 1183 if (!accept_ra(in6_dev)) 1184 goto skip_linkparms; 1185 1186#ifdef CONFIG_IPV6_NDISC_NODETYPE 1187 /* skip link-specific parameters from interior routers */ 1188 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) 1189 goto skip_linkparms; 1190#endif 1191 1192 if (in6_dev->if_flags & IF_RS_SENT) { 1193 /* 1194 * flag that an RA was received after an RS was sent 1195 * out on this interface. 1196 */ 1197 in6_dev->if_flags |= IF_RA_RCVD; 1198 } 1199 1200 /* 1201 * Remember the managed/otherconf flags from most recently 1202 * received RA message (RFC 2462) -- yoshfuji 1203 */ 1204 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED | 1205 IF_RA_OTHERCONF)) | 1206 (ra_msg->icmph.icmp6_addrconf_managed ? 1207 IF_RA_MANAGED : 0) | 1208 (ra_msg->icmph.icmp6_addrconf_other ? 1209 IF_RA_OTHERCONF : 0); 1210 1211 if (!in6_dev->cnf.accept_ra_defrtr) 1212 goto skip_defrtr; 1213 1214 if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0)) 1215 goto skip_defrtr; 1216 1217 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime); 1218 1219#ifdef CONFIG_IPV6_ROUTER_PREF 1220 pref = ra_msg->icmph.icmp6_router_pref; 1221 /* 10b is handled as if it were 00b (medium) */ 1222 if (pref == ICMPV6_ROUTER_PREF_INVALID || 1223 !in6_dev->cnf.accept_ra_rtr_pref) 1224 pref = ICMPV6_ROUTER_PREF_MEDIUM; 1225#endif 1226 1227 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev); 1228 1229 if (rt) { 1230 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr); 1231 if (!neigh) { 1232 ND_PRINTK0(KERN_ERR 1233 "ICMPv6 RA: %s got default router without neighbour.\n", 1234 __func__); 1235 dst_release(&rt->dst); 1236 return; 1237 } 1238 } 1239 if (rt && lifetime == 0) { 1240 ip6_del_rt(rt); 1241 rt = NULL; 1242 } 1243 1244 if (rt == NULL && lifetime) { 1245 ND_PRINTK3(KERN_DEBUG 1246 "ICMPv6 RA: adding default router.\n"); 1247 1248 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref); 1249 if (rt == NULL) { 1250 ND_PRINTK0(KERN_ERR 1251 "ICMPv6 RA: %s failed to add default route.\n", 1252 __func__); 1253 return; 1254 } 1255 1256 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr); 1257 if (neigh == NULL) { 1258 ND_PRINTK0(KERN_ERR 1259 "ICMPv6 RA: %s got default router without neighbour.\n", 1260 __func__); 1261 dst_release(&rt->dst); 1262 return; 1263 } 1264 neigh->flags |= NTF_ROUTER; 1265 } else if (rt) { 1266 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref); 1267 } 1268 1269 if (rt) 1270 rt6_set_expires(rt, jiffies + (HZ * lifetime)); 1271 if (ra_msg->icmph.icmp6_hop_limit) { 1272 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit; 1273 if (rt) 1274 dst_metric_set(&rt->dst, RTAX_HOPLIMIT, 1275 ra_msg->icmph.icmp6_hop_limit); 1276 } 1277 1278skip_defrtr: 1279 1280 /* 1281 * Update Reachable Time and Retrans Timer 1282 */ 1283 1284 if (in6_dev->nd_parms) { 1285 unsigned long rtime = ntohl(ra_msg->retrans_timer); 1286 1287 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) { 1288 rtime = (rtime*HZ)/1000; 1289 if (rtime < HZ/10) 1290 rtime = HZ/10; 1291 in6_dev->nd_parms->retrans_time = rtime; 1292 in6_dev->tstamp = jiffies; 1293 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev); 1294 } 1295 1296 rtime = ntohl(ra_msg->reachable_time); 1297 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) { 1298 rtime = (rtime*HZ)/1000; 1299 1300 if (rtime < HZ/10) 1301 rtime = HZ/10; 1302 1303 if (rtime != in6_dev->nd_parms->base_reachable_time) { 1304 in6_dev->nd_parms->base_reachable_time = rtime; 1305 in6_dev->nd_parms->gc_staletime = 3 * rtime; 1306 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime); 1307 in6_dev->tstamp = jiffies; 1308 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev); 1309 } 1310 } 1311 } 1312 1313skip_linkparms: 1314 1315 /* 1316 * Process options. 1317 */ 1318 1319 if (!neigh) 1320 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr, 1321 skb->dev, 1); 1322 if (neigh) { 1323 u8 *lladdr = NULL; 1324 if (ndopts.nd_opts_src_lladdr) { 1325 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, 1326 skb->dev); 1327 if (!lladdr) { 1328 ND_PRINTK2(KERN_WARNING 1329 "ICMPv6 RA: invalid link-layer address length\n"); 1330 goto out; 1331 } 1332 } 1333 neigh_update(neigh, lladdr, NUD_STALE, 1334 NEIGH_UPDATE_F_WEAK_OVERRIDE| 1335 NEIGH_UPDATE_F_OVERRIDE| 1336 NEIGH_UPDATE_F_OVERRIDE_ISROUTER| 1337 NEIGH_UPDATE_F_ISROUTER); 1338 } 1339 1340 if (!accept_ra(in6_dev)) 1341 goto out; 1342 1343#ifdef CONFIG_IPV6_ROUTE_INFO 1344 if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0)) 1345 goto skip_routeinfo; 1346 1347 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) { 1348 struct nd_opt_hdr *p; 1349 for (p = ndopts.nd_opts_ri; 1350 p; 1351 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) { 1352 struct route_info *ri = (struct route_info *)p; 1353#ifdef CONFIG_IPV6_NDISC_NODETYPE 1354 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT && 1355 ri->prefix_len == 0) 1356 continue; 1357#endif 1358 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen) 1359 continue; 1360 rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3, 1361 &ipv6_hdr(skb)->saddr); 1362 } 1363 } 1364 1365skip_routeinfo: 1366#endif 1367 1368#ifdef CONFIG_IPV6_NDISC_NODETYPE 1369 /* skip link-specific ndopts from interior routers */ 1370 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) 1371 goto out; 1372#endif 1373 1374 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) { 1375 struct nd_opt_hdr *p; 1376 for (p = ndopts.nd_opts_pi; 1377 p; 1378 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) { 1379 addrconf_prefix_rcv(skb->dev, (u8 *)p, 1380 (p->nd_opt_len) << 3, 1381 ndopts.nd_opts_src_lladdr != NULL); 1382 } 1383 } 1384 1385 if (ndopts.nd_opts_mtu) { 1386 __be32 n; 1387 u32 mtu; 1388 1389 memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu)); 1390 mtu = ntohl(n); 1391 1392 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) { 1393 ND_PRINTK2(KERN_WARNING 1394 "ICMPv6 RA: invalid mtu: %d\n", 1395 mtu); 1396 } else if (in6_dev->cnf.mtu6 != mtu) { 1397 in6_dev->cnf.mtu6 = mtu; 1398 1399 if (rt) 1400 dst_metric_set(&rt->dst, RTAX_MTU, mtu); 1401 1402 rt6_mtu_change(skb->dev, mtu); 1403 } 1404 } 1405 1406 if (ndopts.nd_useropts) { 1407 struct nd_opt_hdr *p; 1408 for (p = ndopts.nd_useropts; 1409 p; 1410 p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) { 1411 ndisc_ra_useropt(skb, p); 1412 } 1413 } 1414 1415 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) { 1416 ND_PRINTK2(KERN_WARNING 1417 "ICMPv6 RA: invalid RA options"); 1418 } 1419out: 1420 if (rt) 1421 dst_release(&rt->dst); 1422 if (neigh) 1423 neigh_release(neigh); 1424} 1425 1426static void ndisc_redirect_rcv(struct sk_buff *skb) 1427{ 1428 struct inet6_dev *in6_dev; 1429 struct icmp6hdr *icmph; 1430 const struct in6_addr *dest; 1431 const struct in6_addr *target; /* new first hop to destination */ 1432 struct neighbour *neigh; 1433 int on_link = 0; 1434 struct ndisc_options ndopts; 1435 int optlen; 1436 u8 *lladdr = NULL; 1437 1438#ifdef CONFIG_IPV6_NDISC_NODETYPE 1439 switch (skb->ndisc_nodetype) { 1440 case NDISC_NODETYPE_HOST: 1441 case NDISC_NODETYPE_NODEFAULT: 1442 ND_PRINTK2(KERN_WARNING 1443 "ICMPv6 Redirect: from host or unauthorized router\n"); 1444 return; 1445 } 1446#endif 1447 1448 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) { 1449 ND_PRINTK2(KERN_WARNING 1450 "ICMPv6 Redirect: source address is not link-local.\n"); 1451 return; 1452 } 1453 1454 optlen = skb->tail - skb->transport_header; 1455 optlen -= sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr); 1456 1457 if (optlen < 0) { 1458 ND_PRINTK2(KERN_WARNING 1459 "ICMPv6 Redirect: packet too short\n"); 1460 return; 1461 } 1462 1463 icmph = icmp6_hdr(skb); 1464 target = (const struct in6_addr *) (icmph + 1); 1465 dest = target + 1; 1466 1467 if (ipv6_addr_is_multicast(dest)) { 1468 ND_PRINTK2(KERN_WARNING 1469 "ICMPv6 Redirect: destination address is multicast.\n"); 1470 return; 1471 } 1472 1473 if (ipv6_addr_equal(dest, target)) { 1474 on_link = 1; 1475 } else if (ipv6_addr_type(target) != 1476 (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) { 1477 ND_PRINTK2(KERN_WARNING 1478 "ICMPv6 Redirect: target address is not link-local unicast.\n"); 1479 return; 1480 } 1481 1482 in6_dev = __in6_dev_get(skb->dev); 1483 if (!in6_dev) 1484 return; 1485 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects) 1486 return; 1487 1488 /* RFC2461 8.1: 1489 * The IP source address of the Redirect MUST be the same as the current 1490 * first-hop router for the specified ICMP Destination Address. 1491 */ 1492 1493 if (!ndisc_parse_options((u8*)(dest + 1), optlen, &ndopts)) { 1494 ND_PRINTK2(KERN_WARNING 1495 "ICMPv6 Redirect: invalid ND options\n"); 1496 return; 1497 } 1498 if (ndopts.nd_opts_tgt_lladdr) { 1499 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, 1500 skb->dev); 1501 if (!lladdr) { 1502 ND_PRINTK2(KERN_WARNING 1503 "ICMPv6 Redirect: invalid link-layer address length\n"); 1504 return; 1505 } 1506 } 1507 1508 neigh = __neigh_lookup(&nd_tbl, target, skb->dev, 1); 1509 if (neigh) { 1510 rt6_redirect(dest, &ipv6_hdr(skb)->daddr, 1511 &ipv6_hdr(skb)->saddr, neigh, lladdr, 1512 on_link); 1513 neigh_release(neigh); 1514 } 1515} 1516 1517void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target) 1518{ 1519 struct net_device *dev = skb->dev; 1520 struct net *net = dev_net(dev); 1521 struct sock *sk = net->ipv6.ndisc_sk; 1522 int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr); 1523 struct sk_buff *buff; 1524 struct icmp6hdr *icmph; 1525 struct in6_addr saddr_buf; 1526 struct in6_addr *addrp; 1527 struct rt6_info *rt; 1528 struct dst_entry *dst; 1529 struct inet6_dev *idev; 1530 struct flowi6 fl6; 1531 u8 *opt; 1532 int hlen, tlen; 1533 int rd_len; 1534 int err; 1535 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL; 1536 1537 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) { 1538 ND_PRINTK2(KERN_WARNING 1539 "ICMPv6 Redirect: no link-local address on %s\n", 1540 dev->name); 1541 return; 1542 } 1543 1544 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) && 1545 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) { 1546 ND_PRINTK2(KERN_WARNING 1547 "ICMPv6 Redirect: target address is not link-local unicast.\n"); 1548 return; 1549 } 1550 1551 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT, 1552 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex); 1553 1554 dst = ip6_route_output(net, NULL, &fl6); 1555 if (dst->error) { 1556 dst_release(dst); 1557 return; 1558 } 1559 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0); 1560 if (IS_ERR(dst)) 1561 return; 1562 1563 rt = (struct rt6_info *) dst; 1564 1565 if (rt->rt6i_flags & RTF_GATEWAY) { 1566 ND_PRINTK2(KERN_WARNING 1567 "ICMPv6 Redirect: destination is not a neighbour.\n"); 1568 goto release; 1569 } 1570 if (!rt->rt6i_peer) 1571 rt6_bind_peer(rt, 1); 1572 if (!inet_peer_xrlim_allow(rt->rt6i_peer, 1*HZ)) 1573 goto release; 1574 1575 if (dev->addr_len) { 1576 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target); 1577 if (!neigh) { 1578 ND_PRINTK2(KERN_WARNING 1579 "ICMPv6 Redirect: no neigh for target address\n"); 1580 goto release; 1581 } 1582 1583 read_lock_bh(&neigh->lock); 1584 if (neigh->nud_state & NUD_VALID) { 1585 memcpy(ha_buf, neigh->ha, dev->addr_len); 1586 read_unlock_bh(&neigh->lock); 1587 ha = ha_buf; 1588 len += ndisc_opt_addr_space(dev); 1589 } else 1590 read_unlock_bh(&neigh->lock); 1591 1592 neigh_release(neigh); 1593 } 1594 1595 rd_len = min_t(unsigned int, 1596 IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8); 1597 rd_len &= ~0x7; 1598 len += rd_len; 1599 1600 hlen = LL_RESERVED_SPACE(dev); 1601 tlen = dev->needed_tailroom; 1602 buff = sock_alloc_send_skb(sk, 1603 (MAX_HEADER + sizeof(struct ipv6hdr) + 1604 len + hlen + tlen), 1605 1, &err); 1606 if (buff == NULL) { 1607 ND_PRINTK0(KERN_ERR 1608 "ICMPv6 Redirect: %s failed to allocate an skb, err=%d.\n", 1609 __func__, err); 1610 goto release; 1611 } 1612 1613 skb_reserve(buff, hlen); 1614 ip6_nd_hdr(sk, buff, dev, &saddr_buf, &ipv6_hdr(skb)->saddr, 1615 IPPROTO_ICMPV6, len); 1616 1617 skb_set_transport_header(buff, skb_tail_pointer(buff) - buff->data); 1618 skb_put(buff, len); 1619 icmph = icmp6_hdr(buff); 1620 1621 memset(icmph, 0, sizeof(struct icmp6hdr)); 1622 icmph->icmp6_type = NDISC_REDIRECT; 1623 1624 /* 1625 * copy target and destination addresses 1626 */ 1627 1628 addrp = (struct in6_addr *)(icmph + 1); 1629 *addrp = *target; 1630 addrp++; 1631 *addrp = ipv6_hdr(skb)->daddr; 1632 1633 opt = (u8*) (addrp + 1); 1634 1635 /* 1636 * include target_address option 1637 */ 1638 1639 if (ha) 1640 opt = ndisc_fill_addr_option(opt, ND_OPT_TARGET_LL_ADDR, ha, 1641 dev->addr_len, dev->type); 1642 1643 /* 1644 * build redirect option and copy skb over to the new packet. 1645 */ 1646 1647 memset(opt, 0, 8); 1648 *(opt++) = ND_OPT_REDIRECT_HDR; 1649 *(opt++) = (rd_len >> 3); 1650 opt += 6; 1651 1652 memcpy(opt, ipv6_hdr(skb), rd_len - 8); 1653 1654 icmph->icmp6_cksum = csum_ipv6_magic(&saddr_buf, &ipv6_hdr(skb)->saddr, 1655 len, IPPROTO_ICMPV6, 1656 csum_partial(icmph, len, 0)); 1657 1658 skb_dst_set(buff, dst); 1659 rcu_read_lock(); 1660 idev = __in6_dev_get(dst->dev); 1661 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len); 1662 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, buff, NULL, dst->dev, 1663 dst_output); 1664 if (!err) { 1665 ICMP6MSGOUT_INC_STATS(net, idev, NDISC_REDIRECT); 1666 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS); 1667 } 1668 1669 rcu_read_unlock(); 1670 return; 1671 1672release: 1673 dst_release(dst); 1674} 1675 1676static void pndisc_redo(struct sk_buff *skb) 1677{ 1678 ndisc_recv_ns(skb); 1679 kfree_skb(skb); 1680} 1681 1682int ndisc_rcv(struct sk_buff *skb) 1683{ 1684 struct nd_msg *msg; 1685 1686 if (!pskb_may_pull(skb, skb->len)) 1687 return 0; 1688 1689 msg = (struct nd_msg *)skb_transport_header(skb); 1690 1691 __skb_push(skb, skb->data - skb_transport_header(skb)); 1692 1693 if (ipv6_hdr(skb)->hop_limit != 255) { 1694 ND_PRINTK2(KERN_WARNING 1695 "ICMPv6 NDISC: invalid hop-limit: %d\n", 1696 ipv6_hdr(skb)->hop_limit); 1697 return 0; 1698 } 1699 1700 if (msg->icmph.icmp6_code != 0) { 1701 ND_PRINTK2(KERN_WARNING 1702 "ICMPv6 NDISC: invalid ICMPv6 code: %d\n", 1703 msg->icmph.icmp6_code); 1704 return 0; 1705 } 1706 1707 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb)); 1708 1709 switch (msg->icmph.icmp6_type) { 1710 case NDISC_NEIGHBOUR_SOLICITATION: 1711 ndisc_recv_ns(skb); 1712 break; 1713 1714 case NDISC_NEIGHBOUR_ADVERTISEMENT: 1715 ndisc_recv_na(skb); 1716 break; 1717 1718 case NDISC_ROUTER_SOLICITATION: 1719 ndisc_recv_rs(skb); 1720 break; 1721 1722 case NDISC_ROUTER_ADVERTISEMENT: 1723 ndisc_router_discovery(skb); 1724 break; 1725 1726 case NDISC_REDIRECT: 1727 ndisc_redirect_rcv(skb); 1728 break; 1729 } 1730 1731 return 0; 1732} 1733 1734static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr) 1735{ 1736 struct net_device *dev = ptr; 1737 struct net *net = dev_net(dev); 1738 1739 switch (event) { 1740 case NETDEV_CHANGEADDR: 1741 neigh_changeaddr(&nd_tbl, dev); 1742 fib6_run_gc(~0UL, net); 1743 break; 1744 case NETDEV_DOWN: 1745 neigh_ifdown(&nd_tbl, dev); 1746 fib6_run_gc(~0UL, net); 1747 break; 1748 case NETDEV_NOTIFY_PEERS: 1749 ndisc_send_unsol_na(dev); 1750 break; 1751 default: 1752 break; 1753 } 1754 1755 return NOTIFY_DONE; 1756} 1757 1758static struct notifier_block ndisc_netdev_notifier = { 1759 .notifier_call = ndisc_netdev_event, 1760}; 1761 1762#ifdef CONFIG_SYSCTL 1763static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl, 1764 const char *func, const char *dev_name) 1765{ 1766 static char warncomm[TASK_COMM_LEN]; 1767 static int warned; 1768 if (strcmp(warncomm, current->comm) && warned < 5) { 1769 strcpy(warncomm, current->comm); 1770 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n", 1771 warncomm, func, 1772 dev_name, ctl->procname, 1773 dev_name, ctl->procname); 1774 warned++; 1775 } 1776} 1777 1778int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos) 1779{ 1780 struct net_device *dev = ctl->extra1; 1781 struct inet6_dev *idev; 1782 int ret; 1783 1784 if ((strcmp(ctl->procname, "retrans_time") == 0) || 1785 (strcmp(ctl->procname, "base_reachable_time") == 0)) 1786 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default"); 1787 1788 if (strcmp(ctl->procname, "retrans_time") == 0) 1789 ret = proc_dointvec(ctl, write, buffer, lenp, ppos); 1790 1791 else if (strcmp(ctl->procname, "base_reachable_time") == 0) 1792 ret = proc_dointvec_jiffies(ctl, write, 1793 buffer, lenp, ppos); 1794 1795 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) || 1796 (strcmp(ctl->procname, "base_reachable_time_ms") == 0)) 1797 ret = proc_dointvec_ms_jiffies(ctl, write, 1798 buffer, lenp, ppos); 1799 else 1800 ret = -1; 1801 1802 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) { 1803 if (ctl->data == &idev->nd_parms->base_reachable_time) 1804 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time); 1805 idev->tstamp = jiffies; 1806 inet6_ifinfo_notify(RTM_NEWLINK, idev); 1807 in6_dev_put(idev); 1808 } 1809 return ret; 1810} 1811 1812 1813#endif 1814 1815static int __net_init ndisc_net_init(struct net *net) 1816{ 1817 struct ipv6_pinfo *np; 1818 struct sock *sk; 1819 int err; 1820 1821 err = inet_ctl_sock_create(&sk, PF_INET6, 1822 SOCK_RAW, IPPROTO_ICMPV6, net); 1823 if (err < 0) { 1824 ND_PRINTK0(KERN_ERR 1825 "ICMPv6 NDISC: Failed to initialize the control socket (err %d).\n", 1826 err); 1827 return err; 1828 } 1829 1830 net->ipv6.ndisc_sk = sk; 1831 1832 np = inet6_sk(sk); 1833 np->hop_limit = 255; 1834 /* Do not loopback ndisc messages */ 1835 np->mc_loop = 0; 1836 1837 return 0; 1838} 1839 1840static void __net_exit ndisc_net_exit(struct net *net) 1841{ 1842 inet_ctl_sock_destroy(net->ipv6.ndisc_sk); 1843} 1844 1845static struct pernet_operations ndisc_net_ops = { 1846 .init = ndisc_net_init, 1847 .exit = ndisc_net_exit, 1848}; 1849 1850int __init ndisc_init(void) 1851{ 1852 int err; 1853 1854 err = register_pernet_subsys(&ndisc_net_ops); 1855 if (err) 1856 return err; 1857 /* 1858 * Initialize the neighbour table 1859 */ 1860 neigh_table_init(&nd_tbl); 1861 1862#ifdef CONFIG_SYSCTL 1863 err = neigh_sysctl_register(NULL, &nd_tbl.parms, "ipv6", 1864 &ndisc_ifinfo_sysctl_change); 1865 if (err) 1866 goto out_unregister_pernet; 1867#endif 1868 err = register_netdevice_notifier(&ndisc_netdev_notifier); 1869 if (err) 1870 goto out_unregister_sysctl; 1871out: 1872 return err; 1873 1874out_unregister_sysctl: 1875#ifdef CONFIG_SYSCTL 1876 neigh_sysctl_unregister(&nd_tbl.parms); 1877out_unregister_pernet: 1878#endif 1879 unregister_pernet_subsys(&ndisc_net_ops); 1880 goto out; 1881} 1882 1883void ndisc_cleanup(void) 1884{ 1885 unregister_netdevice_notifier(&ndisc_netdev_notifier); 1886#ifdef CONFIG_SYSCTL 1887 neigh_sysctl_unregister(&nd_tbl.parms); 1888#endif 1889 neigh_table_clear(&nd_tbl); 1890 unregister_pernet_subsys(&ndisc_net_ops); 1891} 1892