ndisc.c revision fc26d0abd5afd2b5268a7dbdbf8be1095ce5703e
1/* 2 * Neighbour Discovery for IPv6 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * Mike Shaver <shaver@ingenia.com> 8 * 9 * This program is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU General Public License 11 * as published by the Free Software Foundation; either version 12 * 2 of the License, or (at your option) any later version. 13 */ 14 15/* 16 * Changes: 17 * 18 * Lars Fenneberg : fixed MTU setting on receipt 19 * of an RA. 20 * 21 * Janos Farkas : kmalloc failure checks 22 * Alexey Kuznetsov : state machine reworked 23 * and moved to net/core. 24 * Pekka Savola : RFC2461 validation 25 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly 26 */ 27 28/* Set to 3 to get tracing... */ 29#define ND_DEBUG 1 30 31#define ND_PRINTK(fmt, args...) do { if (net_ratelimit()) { printk(fmt, ## args); } } while(0) 32#define ND_NOPRINTK(x...) do { ; } while(0) 33#define ND_PRINTK0 ND_PRINTK 34#define ND_PRINTK1 ND_NOPRINTK 35#define ND_PRINTK2 ND_NOPRINTK 36#define ND_PRINTK3 ND_NOPRINTK 37#if ND_DEBUG >= 1 38#undef ND_PRINTK1 39#define ND_PRINTK1 ND_PRINTK 40#endif 41#if ND_DEBUG >= 2 42#undef ND_PRINTK2 43#define ND_PRINTK2 ND_PRINTK 44#endif 45#if ND_DEBUG >= 3 46#undef ND_PRINTK3 47#define ND_PRINTK3 ND_PRINTK 48#endif 49 50#include <linux/module.h> 51#include <linux/errno.h> 52#include <linux/types.h> 53#include <linux/socket.h> 54#include <linux/sockios.h> 55#include <linux/sched.h> 56#include <linux/net.h> 57#include <linux/in6.h> 58#include <linux/route.h> 59#include <linux/init.h> 60#include <linux/rcupdate.h> 61#ifdef CONFIG_SYSCTL 62#include <linux/sysctl.h> 63#endif 64 65#include <linux/if_addr.h> 66#include <linux/if_arp.h> 67#include <linux/ipv6.h> 68#include <linux/icmpv6.h> 69#include <linux/jhash.h> 70 71#include <net/sock.h> 72#include <net/snmp.h> 73 74#include <net/ipv6.h> 75#include <net/protocol.h> 76#include <net/ndisc.h> 77#include <net/ip6_route.h> 78#include <net/addrconf.h> 79#include <net/icmp.h> 80 81#include <net/flow.h> 82#include <net/ip6_checksum.h> 83#include <linux/proc_fs.h> 84 85#include <linux/netfilter.h> 86#include <linux/netfilter_ipv6.h> 87 88static struct socket *ndisc_socket; 89 90static u32 ndisc_hash(const void *pkey, const struct net_device *dev); 91static int ndisc_constructor(struct neighbour *neigh); 92static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb); 93static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb); 94static int pndisc_constructor(struct pneigh_entry *n); 95static void pndisc_destructor(struct pneigh_entry *n); 96static void pndisc_redo(struct sk_buff *skb); 97 98static struct neigh_ops ndisc_generic_ops = { 99 .family = AF_INET6, 100 .solicit = ndisc_solicit, 101 .error_report = ndisc_error_report, 102 .output = neigh_resolve_output, 103 .connected_output = neigh_connected_output, 104 .hh_output = dev_queue_xmit, 105 .queue_xmit = dev_queue_xmit, 106}; 107 108static struct neigh_ops ndisc_hh_ops = { 109 .family = AF_INET6, 110 .solicit = ndisc_solicit, 111 .error_report = ndisc_error_report, 112 .output = neigh_resolve_output, 113 .connected_output = neigh_resolve_output, 114 .hh_output = dev_queue_xmit, 115 .queue_xmit = dev_queue_xmit, 116}; 117 118 119static struct neigh_ops ndisc_direct_ops = { 120 .family = AF_INET6, 121 .output = dev_queue_xmit, 122 .connected_output = dev_queue_xmit, 123 .hh_output = dev_queue_xmit, 124 .queue_xmit = dev_queue_xmit, 125}; 126 127struct neigh_table nd_tbl = { 128 .family = AF_INET6, 129 .entry_size = sizeof(struct neighbour) + sizeof(struct in6_addr), 130 .key_len = sizeof(struct in6_addr), 131 .hash = ndisc_hash, 132 .constructor = ndisc_constructor, 133 .pconstructor = pndisc_constructor, 134 .pdestructor = pndisc_destructor, 135 .proxy_redo = pndisc_redo, 136 .id = "ndisc_cache", 137 .parms = { 138 .tbl = &nd_tbl, 139 .base_reachable_time = 30 * HZ, 140 .retrans_time = 1 * HZ, 141 .gc_staletime = 60 * HZ, 142 .reachable_time = 30 * HZ, 143 .delay_probe_time = 5 * HZ, 144 .queue_len = 3, 145 .ucast_probes = 3, 146 .mcast_probes = 3, 147 .anycast_delay = 1 * HZ, 148 .proxy_delay = (8 * HZ) / 10, 149 .proxy_qlen = 64, 150 }, 151 .gc_interval = 30 * HZ, 152 .gc_thresh1 = 128, 153 .gc_thresh2 = 512, 154 .gc_thresh3 = 1024, 155}; 156 157/* ND options */ 158struct ndisc_options { 159 struct nd_opt_hdr *nd_opt_array[__ND_OPT_ARRAY_MAX]; 160#ifdef CONFIG_IPV6_ROUTE_INFO 161 struct nd_opt_hdr *nd_opts_ri; 162 struct nd_opt_hdr *nd_opts_ri_end; 163#endif 164}; 165 166#define nd_opts_src_lladdr nd_opt_array[ND_OPT_SOURCE_LL_ADDR] 167#define nd_opts_tgt_lladdr nd_opt_array[ND_OPT_TARGET_LL_ADDR] 168#define nd_opts_pi nd_opt_array[ND_OPT_PREFIX_INFO] 169#define nd_opts_pi_end nd_opt_array[__ND_OPT_PREFIX_INFO_END] 170#define nd_opts_rh nd_opt_array[ND_OPT_REDIRECT_HDR] 171#define nd_opts_mtu nd_opt_array[ND_OPT_MTU] 172 173#define NDISC_OPT_SPACE(len) (((len)+2+7)&~7) 174 175/* 176 * Return the padding between the option length and the start of the 177 * link addr. Currently only IP-over-InfiniBand needs this, although 178 * if RFC 3831 IPv6-over-Fibre Channel is ever implemented it may 179 * also need a pad of 2. 180 */ 181static int ndisc_addr_option_pad(unsigned short type) 182{ 183 switch (type) { 184 case ARPHRD_INFINIBAND: return 2; 185 default: return 0; 186 } 187} 188 189static inline int ndisc_opt_addr_space(struct net_device *dev) 190{ 191 return NDISC_OPT_SPACE(dev->addr_len + ndisc_addr_option_pad(dev->type)); 192} 193 194static u8 *ndisc_fill_addr_option(u8 *opt, int type, void *data, int data_len, 195 unsigned short addr_type) 196{ 197 int space = NDISC_OPT_SPACE(data_len); 198 int pad = ndisc_addr_option_pad(addr_type); 199 200 opt[0] = type; 201 opt[1] = space>>3; 202 203 memset(opt + 2, 0, pad); 204 opt += pad; 205 space -= pad; 206 207 memcpy(opt+2, data, data_len); 208 data_len += 2; 209 opt += data_len; 210 if ((space -= data_len) > 0) 211 memset(opt, 0, space); 212 return opt + space; 213} 214 215static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur, 216 struct nd_opt_hdr *end) 217{ 218 int type; 219 if (!cur || !end || cur >= end) 220 return NULL; 221 type = cur->nd_opt_type; 222 do { 223 cur = ((void *)cur) + (cur->nd_opt_len << 3); 224 } while(cur < end && cur->nd_opt_type != type); 225 return (cur <= end && cur->nd_opt_type == type ? cur : NULL); 226} 227 228static struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len, 229 struct ndisc_options *ndopts) 230{ 231 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt; 232 233 if (!nd_opt || opt_len < 0 || !ndopts) 234 return NULL; 235 memset(ndopts, 0, sizeof(*ndopts)); 236 while (opt_len) { 237 int l; 238 if (opt_len < sizeof(struct nd_opt_hdr)) 239 return NULL; 240 l = nd_opt->nd_opt_len << 3; 241 if (opt_len < l || l == 0) 242 return NULL; 243 switch (nd_opt->nd_opt_type) { 244 case ND_OPT_SOURCE_LL_ADDR: 245 case ND_OPT_TARGET_LL_ADDR: 246 case ND_OPT_MTU: 247 case ND_OPT_REDIRECT_HDR: 248 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) { 249 ND_PRINTK2(KERN_WARNING 250 "%s(): duplicated ND6 option found: type=%d\n", 251 __FUNCTION__, 252 nd_opt->nd_opt_type); 253 } else { 254 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 255 } 256 break; 257 case ND_OPT_PREFIX_INFO: 258 ndopts->nd_opts_pi_end = nd_opt; 259 if (ndopts->nd_opt_array[nd_opt->nd_opt_type] == 0) 260 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 261 break; 262#ifdef CONFIG_IPV6_ROUTE_INFO 263 case ND_OPT_ROUTE_INFO: 264 ndopts->nd_opts_ri_end = nd_opt; 265 if (!ndopts->nd_opts_ri) 266 ndopts->nd_opts_ri = nd_opt; 267 break; 268#endif 269 default: 270 /* 271 * Unknown options must be silently ignored, 272 * to accommodate future extension to the protocol. 273 */ 274 ND_PRINTK2(KERN_NOTICE 275 "%s(): ignored unsupported option; type=%d, len=%d\n", 276 __FUNCTION__, 277 nd_opt->nd_opt_type, nd_opt->nd_opt_len); 278 } 279 opt_len -= l; 280 nd_opt = ((void *)nd_opt) + l; 281 } 282 return ndopts; 283} 284 285static inline u8 *ndisc_opt_addr_data(struct nd_opt_hdr *p, 286 struct net_device *dev) 287{ 288 u8 *lladdr = (u8 *)(p + 1); 289 int lladdrlen = p->nd_opt_len << 3; 290 int prepad = ndisc_addr_option_pad(dev->type); 291 if (lladdrlen != NDISC_OPT_SPACE(dev->addr_len + prepad)) 292 return NULL; 293 return (lladdr + prepad); 294} 295 296int ndisc_mc_map(struct in6_addr *addr, char *buf, struct net_device *dev, int dir) 297{ 298 switch (dev->type) { 299 case ARPHRD_ETHER: 300 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */ 301 case ARPHRD_FDDI: 302 ipv6_eth_mc_map(addr, buf); 303 return 0; 304 case ARPHRD_IEEE802_TR: 305 ipv6_tr_mc_map(addr,buf); 306 return 0; 307 case ARPHRD_ARCNET: 308 ipv6_arcnet_mc_map(addr, buf); 309 return 0; 310 case ARPHRD_INFINIBAND: 311 ipv6_ib_mc_map(addr, buf); 312 return 0; 313 default: 314 if (dir) { 315 memcpy(buf, dev->broadcast, dev->addr_len); 316 return 0; 317 } 318 } 319 return -EINVAL; 320} 321 322static u32 ndisc_hash(const void *pkey, const struct net_device *dev) 323{ 324 const u32 *p32 = pkey; 325 u32 addr_hash, i; 326 327 addr_hash = 0; 328 for (i = 0; i < (sizeof(struct in6_addr) / sizeof(u32)); i++) 329 addr_hash ^= *p32++; 330 331 return jhash_2words(addr_hash, dev->ifindex, nd_tbl.hash_rnd); 332} 333 334static int ndisc_constructor(struct neighbour *neigh) 335{ 336 struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key; 337 struct net_device *dev = neigh->dev; 338 struct inet6_dev *in6_dev; 339 struct neigh_parms *parms; 340 int is_multicast = ipv6_addr_is_multicast(addr); 341 342 rcu_read_lock(); 343 in6_dev = in6_dev_get(dev); 344 if (in6_dev == NULL) { 345 rcu_read_unlock(); 346 return -EINVAL; 347 } 348 349 parms = in6_dev->nd_parms; 350 __neigh_parms_put(neigh->parms); 351 neigh->parms = neigh_parms_clone(parms); 352 rcu_read_unlock(); 353 354 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST; 355 if (dev->hard_header == NULL) { 356 neigh->nud_state = NUD_NOARP; 357 neigh->ops = &ndisc_direct_ops; 358 neigh->output = neigh->ops->queue_xmit; 359 } else { 360 if (is_multicast) { 361 neigh->nud_state = NUD_NOARP; 362 ndisc_mc_map(addr, neigh->ha, dev, 1); 363 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) { 364 neigh->nud_state = NUD_NOARP; 365 memcpy(neigh->ha, dev->dev_addr, dev->addr_len); 366 if (dev->flags&IFF_LOOPBACK) 367 neigh->type = RTN_LOCAL; 368 } else if (dev->flags&IFF_POINTOPOINT) { 369 neigh->nud_state = NUD_NOARP; 370 memcpy(neigh->ha, dev->broadcast, dev->addr_len); 371 } 372 if (dev->hard_header_cache) 373 neigh->ops = &ndisc_hh_ops; 374 else 375 neigh->ops = &ndisc_generic_ops; 376 if (neigh->nud_state&NUD_VALID) 377 neigh->output = neigh->ops->connected_output; 378 else 379 neigh->output = neigh->ops->output; 380 } 381 in6_dev_put(in6_dev); 382 return 0; 383} 384 385static int pndisc_constructor(struct pneigh_entry *n) 386{ 387 struct in6_addr *addr = (struct in6_addr*)&n->key; 388 struct in6_addr maddr; 389 struct net_device *dev = n->dev; 390 391 if (dev == NULL || __in6_dev_get(dev) == NULL) 392 return -EINVAL; 393 addrconf_addr_solict_mult(addr, &maddr); 394 ipv6_dev_mc_inc(dev, &maddr); 395 return 0; 396} 397 398static void pndisc_destructor(struct pneigh_entry *n) 399{ 400 struct in6_addr *addr = (struct in6_addr*)&n->key; 401 struct in6_addr maddr; 402 struct net_device *dev = n->dev; 403 404 if (dev == NULL || __in6_dev_get(dev) == NULL) 405 return; 406 addrconf_addr_solict_mult(addr, &maddr); 407 ipv6_dev_mc_dec(dev, &maddr); 408} 409 410/* 411 * Send a Neighbour Advertisement 412 */ 413 414static inline void ndisc_flow_init(struct flowi *fl, u8 type, 415 struct in6_addr *saddr, struct in6_addr *daddr, 416 int oif) 417{ 418 memset(fl, 0, sizeof(*fl)); 419 ipv6_addr_copy(&fl->fl6_src, saddr); 420 ipv6_addr_copy(&fl->fl6_dst, daddr); 421 fl->proto = IPPROTO_ICMPV6; 422 fl->fl_icmp_type = type; 423 fl->fl_icmp_code = 0; 424 fl->oif = oif; 425 security_sk_classify_flow(ndisc_socket->sk, fl); 426} 427 428static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh, 429 struct in6_addr *daddr, struct in6_addr *solicited_addr, 430 int router, int solicited, int override, int inc_opt) 431{ 432 struct in6_addr tmpaddr; 433 struct inet6_ifaddr *ifp; 434 struct inet6_dev *idev; 435 struct flowi fl; 436 struct dst_entry* dst; 437 struct sock *sk = ndisc_socket->sk; 438 struct in6_addr *src_addr; 439 struct nd_msg *msg; 440 int len; 441 struct sk_buff *skb; 442 int err; 443 444 len = sizeof(struct icmp6hdr) + sizeof(struct in6_addr); 445 446 /* for anycast or proxy, solicited_addr != src_addr */ 447 ifp = ipv6_get_ifaddr(solicited_addr, dev, 1); 448 if (ifp) { 449 src_addr = solicited_addr; 450 in6_ifa_put(ifp); 451 } else { 452 if (ipv6_dev_get_saddr(dev, daddr, &tmpaddr)) 453 return; 454 src_addr = &tmpaddr; 455 } 456 457 ndisc_flow_init(&fl, NDISC_NEIGHBOUR_ADVERTISEMENT, src_addr, daddr, 458 dev->ifindex); 459 460 dst = ndisc_dst_alloc(dev, neigh, daddr, ip6_output); 461 if (!dst) 462 return; 463 464 err = xfrm_lookup(&dst, &fl, NULL, 0); 465 if (err < 0) 466 return; 467 468 if (inc_opt) { 469 if (dev->addr_len) 470 len += ndisc_opt_addr_space(dev); 471 else 472 inc_opt = 0; 473 } 474 475 skb = sock_alloc_send_skb(sk, MAX_HEADER + len + LL_RESERVED_SPACE(dev), 476 1, &err); 477 478 if (skb == NULL) { 479 ND_PRINTK0(KERN_ERR 480 "ICMPv6 NA: %s() failed to allocate an skb.\n", 481 __FUNCTION__); 482 dst_release(dst); 483 return; 484 } 485 486 skb_reserve(skb, LL_RESERVED_SPACE(dev)); 487 ip6_nd_hdr(sk, skb, dev, src_addr, daddr, IPPROTO_ICMPV6, len); 488 489 msg = (struct nd_msg *)skb_put(skb, len); 490 skb->h.raw = (unsigned char*)msg; 491 492 msg->icmph.icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT; 493 msg->icmph.icmp6_code = 0; 494 msg->icmph.icmp6_cksum = 0; 495 496 msg->icmph.icmp6_unused = 0; 497 msg->icmph.icmp6_router = router; 498 msg->icmph.icmp6_solicited = solicited; 499 msg->icmph.icmp6_override = override; 500 501 /* Set the target address. */ 502 ipv6_addr_copy(&msg->target, solicited_addr); 503 504 if (inc_opt) 505 ndisc_fill_addr_option(msg->opt, ND_OPT_TARGET_LL_ADDR, dev->dev_addr, 506 dev->addr_len, dev->type); 507 508 /* checksum */ 509 msg->icmph.icmp6_cksum = csum_ipv6_magic(src_addr, daddr, len, 510 IPPROTO_ICMPV6, 511 csum_partial((__u8 *) msg, 512 len, 0)); 513 514 skb->dst = dst; 515 idev = in6_dev_get(dst->dev); 516 IP6_INC_STATS(IPSTATS_MIB_OUTREQUESTS); 517 err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, dst_output); 518 if (!err) { 519 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTNEIGHBORADVERTISEMENTS); 520 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS); 521 } 522 523 if (likely(idev != NULL)) 524 in6_dev_put(idev); 525} 526 527void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh, 528 struct in6_addr *solicit, 529 struct in6_addr *daddr, struct in6_addr *saddr) 530{ 531 struct flowi fl; 532 struct dst_entry* dst; 533 struct inet6_dev *idev; 534 struct sock *sk = ndisc_socket->sk; 535 struct sk_buff *skb; 536 struct nd_msg *msg; 537 struct in6_addr addr_buf; 538 int len; 539 int err; 540 int send_llinfo; 541 542 if (saddr == NULL) { 543 if (ipv6_get_lladdr(dev, &addr_buf)) 544 return; 545 saddr = &addr_buf; 546 } 547 548 ndisc_flow_init(&fl, NDISC_NEIGHBOUR_SOLICITATION, saddr, daddr, 549 dev->ifindex); 550 551 dst = ndisc_dst_alloc(dev, neigh, daddr, ip6_output); 552 if (!dst) 553 return; 554 555 err = xfrm_lookup(&dst, &fl, NULL, 0); 556 if (err < 0) 557 return; 558 559 len = sizeof(struct icmp6hdr) + sizeof(struct in6_addr); 560 send_llinfo = dev->addr_len && !ipv6_addr_any(saddr); 561 if (send_llinfo) 562 len += ndisc_opt_addr_space(dev); 563 564 skb = sock_alloc_send_skb(sk, MAX_HEADER + len + LL_RESERVED_SPACE(dev), 565 1, &err); 566 if (skb == NULL) { 567 ND_PRINTK0(KERN_ERR 568 "ICMPv6 NA: %s() failed to allocate an skb.\n", 569 __FUNCTION__); 570 dst_release(dst); 571 return; 572 } 573 574 skb_reserve(skb, LL_RESERVED_SPACE(dev)); 575 ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len); 576 577 msg = (struct nd_msg *)skb_put(skb, len); 578 skb->h.raw = (unsigned char*)msg; 579 msg->icmph.icmp6_type = NDISC_NEIGHBOUR_SOLICITATION; 580 msg->icmph.icmp6_code = 0; 581 msg->icmph.icmp6_cksum = 0; 582 msg->icmph.icmp6_unused = 0; 583 584 /* Set the target address. */ 585 ipv6_addr_copy(&msg->target, solicit); 586 587 if (send_llinfo) 588 ndisc_fill_addr_option(msg->opt, ND_OPT_SOURCE_LL_ADDR, dev->dev_addr, 589 dev->addr_len, dev->type); 590 591 /* checksum */ 592 msg->icmph.icmp6_cksum = csum_ipv6_magic(&skb->nh.ipv6h->saddr, 593 daddr, len, 594 IPPROTO_ICMPV6, 595 csum_partial((__u8 *) msg, 596 len, 0)); 597 /* send it! */ 598 skb->dst = dst; 599 idev = in6_dev_get(dst->dev); 600 IP6_INC_STATS(IPSTATS_MIB_OUTREQUESTS); 601 err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, dst_output); 602 if (!err) { 603 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTNEIGHBORSOLICITS); 604 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS); 605 } 606 607 if (likely(idev != NULL)) 608 in6_dev_put(idev); 609} 610 611void ndisc_send_rs(struct net_device *dev, struct in6_addr *saddr, 612 struct in6_addr *daddr) 613{ 614 struct flowi fl; 615 struct dst_entry* dst; 616 struct inet6_dev *idev; 617 struct sock *sk = ndisc_socket->sk; 618 struct sk_buff *skb; 619 struct icmp6hdr *hdr; 620 __u8 * opt; 621 int len; 622 int err; 623 624 ndisc_flow_init(&fl, NDISC_ROUTER_SOLICITATION, saddr, daddr, 625 dev->ifindex); 626 627 dst = ndisc_dst_alloc(dev, NULL, daddr, ip6_output); 628 if (!dst) 629 return; 630 631 err = xfrm_lookup(&dst, &fl, NULL, 0); 632 if (err < 0) 633 return; 634 635 len = sizeof(struct icmp6hdr); 636 if (dev->addr_len) 637 len += ndisc_opt_addr_space(dev); 638 639 skb = sock_alloc_send_skb(sk, MAX_HEADER + len + LL_RESERVED_SPACE(dev), 640 1, &err); 641 if (skb == NULL) { 642 ND_PRINTK0(KERN_ERR 643 "ICMPv6 RS: %s() failed to allocate an skb.\n", 644 __FUNCTION__); 645 dst_release(dst); 646 return; 647 } 648 649 skb_reserve(skb, LL_RESERVED_SPACE(dev)); 650 ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len); 651 652 hdr = (struct icmp6hdr *)skb_put(skb, len); 653 skb->h.raw = (unsigned char*)hdr; 654 hdr->icmp6_type = NDISC_ROUTER_SOLICITATION; 655 hdr->icmp6_code = 0; 656 hdr->icmp6_cksum = 0; 657 hdr->icmp6_unused = 0; 658 659 opt = (u8*) (hdr + 1); 660 661 if (dev->addr_len) 662 ndisc_fill_addr_option(opt, ND_OPT_SOURCE_LL_ADDR, dev->dev_addr, 663 dev->addr_len, dev->type); 664 665 /* checksum */ 666 hdr->icmp6_cksum = csum_ipv6_magic(&skb->nh.ipv6h->saddr, daddr, len, 667 IPPROTO_ICMPV6, 668 csum_partial((__u8 *) hdr, len, 0)); 669 670 /* send it! */ 671 skb->dst = dst; 672 idev = in6_dev_get(dst->dev); 673 IP6_INC_STATS(IPSTATS_MIB_OUTREQUESTS); 674 err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, dst_output); 675 if (!err) { 676 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTROUTERSOLICITS); 677 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS); 678 } 679 680 if (likely(idev != NULL)) 681 in6_dev_put(idev); 682} 683 684 685static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb) 686{ 687 /* 688 * "The sender MUST return an ICMP 689 * destination unreachable" 690 */ 691 dst_link_failure(skb); 692 kfree_skb(skb); 693} 694 695/* Called with locked neigh: either read or both */ 696 697static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb) 698{ 699 struct in6_addr *saddr = NULL; 700 struct in6_addr mcaddr; 701 struct net_device *dev = neigh->dev; 702 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key; 703 int probes = atomic_read(&neigh->probes); 704 705 if (skb && ipv6_chk_addr(&skb->nh.ipv6h->saddr, dev, 1)) 706 saddr = &skb->nh.ipv6h->saddr; 707 708 if ((probes -= neigh->parms->ucast_probes) < 0) { 709 if (!(neigh->nud_state & NUD_VALID)) { 710 ND_PRINTK1(KERN_DEBUG 711 "%s(): trying to ucast probe in NUD_INVALID: " 712 NIP6_FMT "\n", 713 __FUNCTION__, 714 NIP6(*target)); 715 } 716 ndisc_send_ns(dev, neigh, target, target, saddr); 717 } else if ((probes -= neigh->parms->app_probes) < 0) { 718#ifdef CONFIG_ARPD 719 neigh_app_ns(neigh); 720#endif 721 } else { 722 addrconf_addr_solict_mult(target, &mcaddr); 723 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr); 724 } 725} 726 727static void ndisc_recv_ns(struct sk_buff *skb) 728{ 729 struct nd_msg *msg = (struct nd_msg *)skb->h.raw; 730 struct in6_addr *saddr = &skb->nh.ipv6h->saddr; 731 struct in6_addr *daddr = &skb->nh.ipv6h->daddr; 732 u8 *lladdr = NULL; 733 u32 ndoptlen = skb->tail - msg->opt; 734 struct ndisc_options ndopts; 735 struct net_device *dev = skb->dev; 736 struct inet6_ifaddr *ifp; 737 struct inet6_dev *idev = NULL; 738 struct neighbour *neigh; 739 struct pneigh_entry *pneigh = NULL; 740 int dad = ipv6_addr_any(saddr); 741 int inc; 742 int is_router; 743 744 if (ipv6_addr_is_multicast(&msg->target)) { 745 ND_PRINTK2(KERN_WARNING 746 "ICMPv6 NS: multicast target address"); 747 return; 748 } 749 750 /* 751 * RFC2461 7.1.1: 752 * DAD has to be destined for solicited node multicast address. 753 */ 754 if (dad && 755 !(daddr->s6_addr32[0] == htonl(0xff020000) && 756 daddr->s6_addr32[1] == htonl(0x00000000) && 757 daddr->s6_addr32[2] == htonl(0x00000001) && 758 daddr->s6_addr [12] == 0xff )) { 759 ND_PRINTK2(KERN_WARNING 760 "ICMPv6 NS: bad DAD packet (wrong destination)\n"); 761 return; 762 } 763 764 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) { 765 ND_PRINTK2(KERN_WARNING 766 "ICMPv6 NS: invalid ND options\n"); 767 return; 768 } 769 770 if (ndopts.nd_opts_src_lladdr) { 771 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev); 772 if (!lladdr) { 773 ND_PRINTK2(KERN_WARNING 774 "ICMPv6 NS: invalid link-layer address length\n"); 775 return; 776 } 777 778 /* RFC2461 7.1.1: 779 * If the IP source address is the unspecified address, 780 * there MUST NOT be source link-layer address option 781 * in the message. 782 */ 783 if (dad) { 784 ND_PRINTK2(KERN_WARNING 785 "ICMPv6 NS: bad DAD packet (link-layer address option)\n"); 786 return; 787 } 788 } 789 790 inc = ipv6_addr_is_multicast(daddr); 791 792 if ((ifp = ipv6_get_ifaddr(&msg->target, dev, 1)) != NULL) { 793 if (ifp->flags & IFA_F_TENTATIVE) { 794 /* Address is tentative. If the source 795 is unspecified address, it is someone 796 does DAD, otherwise we ignore solicitations 797 until DAD timer expires. 798 */ 799 if (!dad) 800 goto out; 801 if (dev->type == ARPHRD_IEEE802_TR) { 802 unsigned char *sadr = skb->mac.raw; 803 if (((sadr[8] ^ dev->dev_addr[0]) & 0x7f) == 0 && 804 sadr[9] == dev->dev_addr[1] && 805 sadr[10] == dev->dev_addr[2] && 806 sadr[11] == dev->dev_addr[3] && 807 sadr[12] == dev->dev_addr[4] && 808 sadr[13] == dev->dev_addr[5]) { 809 /* looped-back to us */ 810 goto out; 811 } 812 } 813 addrconf_dad_failure(ifp); 814 return; 815 } 816 817 idev = ifp->idev; 818 } else { 819 idev = in6_dev_get(dev); 820 if (!idev) { 821 /* XXX: count this drop? */ 822 return; 823 } 824 825 if (ipv6_chk_acast_addr(dev, &msg->target) || 826 (idev->cnf.forwarding && 827 (ipv6_devconf.proxy_ndp || idev->cnf.proxy_ndp) && 828 (pneigh = pneigh_lookup(&nd_tbl, 829 &msg->target, dev, 0)) != NULL)) { 830 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) && 831 skb->pkt_type != PACKET_HOST && 832 inc != 0 && 833 idev->nd_parms->proxy_delay != 0) { 834 /* 835 * for anycast or proxy, 836 * sender should delay its response 837 * by a random time between 0 and 838 * MAX_ANYCAST_DELAY_TIME seconds. 839 * (RFC2461) -- yoshfuji 840 */ 841 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC); 842 if (n) 843 pneigh_enqueue(&nd_tbl, idev->nd_parms, n); 844 goto out; 845 } 846 } else 847 goto out; 848 } 849 850 is_router = !!(pneigh ? pneigh->flags & NTF_ROUTER : idev->cnf.forwarding); 851 852 if (dad) { 853 struct in6_addr maddr; 854 855 ipv6_addr_all_nodes(&maddr); 856 ndisc_send_na(dev, NULL, &maddr, &msg->target, 857 is_router, 0, (ifp != NULL), 1); 858 goto out; 859 } 860 861 if (inc) 862 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast); 863 else 864 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast); 865 866 /* 867 * update / create cache entry 868 * for the source address 869 */ 870 neigh = __neigh_lookup(&nd_tbl, saddr, dev, 871 !inc || lladdr || !dev->addr_len); 872 if (neigh) 873 neigh_update(neigh, lladdr, NUD_STALE, 874 NEIGH_UPDATE_F_WEAK_OVERRIDE| 875 NEIGH_UPDATE_F_OVERRIDE); 876 if (neigh || !dev->hard_header) { 877 ndisc_send_na(dev, neigh, saddr, &msg->target, 878 is_router, 879 1, (ifp != NULL && inc), inc); 880 if (neigh) 881 neigh_release(neigh); 882 } 883 884out: 885 if (ifp) 886 in6_ifa_put(ifp); 887 else 888 in6_dev_put(idev); 889 890 return; 891} 892 893static void ndisc_recv_na(struct sk_buff *skb) 894{ 895 struct nd_msg *msg = (struct nd_msg *)skb->h.raw; 896 struct in6_addr *saddr = &skb->nh.ipv6h->saddr; 897 struct in6_addr *daddr = &skb->nh.ipv6h->daddr; 898 u8 *lladdr = NULL; 899 u32 ndoptlen = skb->tail - msg->opt; 900 struct ndisc_options ndopts; 901 struct net_device *dev = skb->dev; 902 struct inet6_ifaddr *ifp; 903 struct neighbour *neigh; 904 905 if (skb->len < sizeof(struct nd_msg)) { 906 ND_PRINTK2(KERN_WARNING 907 "ICMPv6 NA: packet too short\n"); 908 return; 909 } 910 911 if (ipv6_addr_is_multicast(&msg->target)) { 912 ND_PRINTK2(KERN_WARNING 913 "ICMPv6 NA: target address is multicast.\n"); 914 return; 915 } 916 917 if (ipv6_addr_is_multicast(daddr) && 918 msg->icmph.icmp6_solicited) { 919 ND_PRINTK2(KERN_WARNING 920 "ICMPv6 NA: solicited NA is multicasted.\n"); 921 return; 922 } 923 924 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) { 925 ND_PRINTK2(KERN_WARNING 926 "ICMPv6 NS: invalid ND option\n"); 927 return; 928 } 929 if (ndopts.nd_opts_tgt_lladdr) { 930 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev); 931 if (!lladdr) { 932 ND_PRINTK2(KERN_WARNING 933 "ICMPv6 NA: invalid link-layer address length\n"); 934 return; 935 } 936 } 937 if ((ifp = ipv6_get_ifaddr(&msg->target, dev, 1))) { 938 if (ifp->flags & IFA_F_TENTATIVE) { 939 addrconf_dad_failure(ifp); 940 return; 941 } 942 /* What should we make now? The advertisement 943 is invalid, but ndisc specs say nothing 944 about it. It could be misconfiguration, or 945 an smart proxy agent tries to help us :-) 946 */ 947 ND_PRINTK1(KERN_WARNING 948 "ICMPv6 NA: someone advertises our address on %s!\n", 949 ifp->idev->dev->name); 950 in6_ifa_put(ifp); 951 return; 952 } 953 neigh = neigh_lookup(&nd_tbl, &msg->target, dev); 954 955 if (neigh) { 956 u8 old_flags = neigh->flags; 957 958 if (neigh->nud_state & NUD_FAILED) 959 goto out; 960 961 /* 962 * Don't update the neighbor cache entry on a proxy NA from 963 * ourselves because either the proxied node is off link or it 964 * has already sent a NA to us. 965 */ 966 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) && 967 ipv6_devconf.forwarding && ipv6_devconf.proxy_ndp && 968 pneigh_lookup(&nd_tbl, &msg->target, dev, 0)) { 969 /* XXX: idev->cnf.prixy_ndp */ 970 WARN_ON(skb->dst != NULL && 971 ((struct rt6_info *)skb->dst)->rt6i_idev); 972 goto out; 973 } 974 975 neigh_update(neigh, lladdr, 976 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE, 977 NEIGH_UPDATE_F_WEAK_OVERRIDE| 978 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)| 979 NEIGH_UPDATE_F_OVERRIDE_ISROUTER| 980 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0)); 981 982 if ((old_flags & ~neigh->flags) & NTF_ROUTER) { 983 /* 984 * Change: router to host 985 */ 986 struct rt6_info *rt; 987 rt = rt6_get_dflt_router(saddr, dev); 988 if (rt) 989 ip6_del_rt(rt); 990 } 991 992out: 993 neigh_release(neigh); 994 } 995} 996 997static void ndisc_recv_rs(struct sk_buff *skb) 998{ 999 struct rs_msg *rs_msg = (struct rs_msg *) skb->h.raw; 1000 unsigned long ndoptlen = skb->len - sizeof(*rs_msg); 1001 struct neighbour *neigh; 1002 struct inet6_dev *idev; 1003 struct in6_addr *saddr = &skb->nh.ipv6h->saddr; 1004 struct ndisc_options ndopts; 1005 u8 *lladdr = NULL; 1006 1007 if (skb->len < sizeof(*rs_msg)) 1008 return; 1009 1010 idev = in6_dev_get(skb->dev); 1011 if (!idev) { 1012 if (net_ratelimit()) 1013 ND_PRINTK1("ICMP6 RS: can't find in6 device\n"); 1014 return; 1015 } 1016 1017 /* Don't accept RS if we're not in router mode */ 1018 if (!idev->cnf.forwarding) 1019 goto out; 1020 1021 /* 1022 * Don't update NCE if src = ::; 1023 * this implies that the source node has no ip address assigned yet. 1024 */ 1025 if (ipv6_addr_any(saddr)) 1026 goto out; 1027 1028 /* Parse ND options */ 1029 if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) { 1030 if (net_ratelimit()) 1031 ND_PRINTK2("ICMP6 NS: invalid ND option, ignored\n"); 1032 goto out; 1033 } 1034 1035 if (ndopts.nd_opts_src_lladdr) { 1036 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, 1037 skb->dev); 1038 if (!lladdr) 1039 goto out; 1040 } 1041 1042 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1); 1043 if (neigh) { 1044 neigh_update(neigh, lladdr, NUD_STALE, 1045 NEIGH_UPDATE_F_WEAK_OVERRIDE| 1046 NEIGH_UPDATE_F_OVERRIDE| 1047 NEIGH_UPDATE_F_OVERRIDE_ISROUTER); 1048 neigh_release(neigh); 1049 } 1050out: 1051 in6_dev_put(idev); 1052} 1053 1054static void ndisc_router_discovery(struct sk_buff *skb) 1055{ 1056 struct ra_msg *ra_msg = (struct ra_msg *) skb->h.raw; 1057 struct neighbour *neigh = NULL; 1058 struct inet6_dev *in6_dev; 1059 struct rt6_info *rt = NULL; 1060 int lifetime; 1061 struct ndisc_options ndopts; 1062 int optlen; 1063 unsigned int pref = 0; 1064 1065 __u8 * opt = (__u8 *)(ra_msg + 1); 1066 1067 optlen = (skb->tail - skb->h.raw) - sizeof(struct ra_msg); 1068 1069 if (!(ipv6_addr_type(&skb->nh.ipv6h->saddr) & IPV6_ADDR_LINKLOCAL)) { 1070 ND_PRINTK2(KERN_WARNING 1071 "ICMPv6 RA: source address is not link-local.\n"); 1072 return; 1073 } 1074 if (optlen < 0) { 1075 ND_PRINTK2(KERN_WARNING 1076 "ICMPv6 RA: packet too short\n"); 1077 return; 1078 } 1079 1080 /* 1081 * set the RA_RECV flag in the interface 1082 */ 1083 1084 in6_dev = in6_dev_get(skb->dev); 1085 if (in6_dev == NULL) { 1086 ND_PRINTK0(KERN_ERR 1087 "ICMPv6 RA: can't find inet6 device for %s.\n", 1088 skb->dev->name); 1089 return; 1090 } 1091 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_ra) { 1092 in6_dev_put(in6_dev); 1093 return; 1094 } 1095 1096 if (!ndisc_parse_options(opt, optlen, &ndopts)) { 1097 in6_dev_put(in6_dev); 1098 ND_PRINTK2(KERN_WARNING 1099 "ICMP6 RA: invalid ND options\n"); 1100 return; 1101 } 1102 1103 if (in6_dev->if_flags & IF_RS_SENT) { 1104 /* 1105 * flag that an RA was received after an RS was sent 1106 * out on this interface. 1107 */ 1108 in6_dev->if_flags |= IF_RA_RCVD; 1109 } 1110 1111 /* 1112 * Remember the managed/otherconf flags from most recently 1113 * received RA message (RFC 2462) -- yoshfuji 1114 */ 1115 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED | 1116 IF_RA_OTHERCONF)) | 1117 (ra_msg->icmph.icmp6_addrconf_managed ? 1118 IF_RA_MANAGED : 0) | 1119 (ra_msg->icmph.icmp6_addrconf_other ? 1120 IF_RA_OTHERCONF : 0); 1121 1122 if (!in6_dev->cnf.accept_ra_defrtr) 1123 goto skip_defrtr; 1124 1125 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime); 1126 1127#ifdef CONFIG_IPV6_ROUTER_PREF 1128 pref = ra_msg->icmph.icmp6_router_pref; 1129 /* 10b is handled as if it were 00b (medium) */ 1130 if (pref == ICMPV6_ROUTER_PREF_INVALID || 1131 in6_dev->cnf.accept_ra_rtr_pref) 1132 pref = ICMPV6_ROUTER_PREF_MEDIUM; 1133#endif 1134 1135 rt = rt6_get_dflt_router(&skb->nh.ipv6h->saddr, skb->dev); 1136 1137 if (rt) 1138 neigh = rt->rt6i_nexthop; 1139 1140 if (rt && lifetime == 0) { 1141 neigh_clone(neigh); 1142 ip6_del_rt(rt); 1143 rt = NULL; 1144 } 1145 1146 if (rt == NULL && lifetime) { 1147 ND_PRINTK3(KERN_DEBUG 1148 "ICMPv6 RA: adding default router.\n"); 1149 1150 rt = rt6_add_dflt_router(&skb->nh.ipv6h->saddr, skb->dev, pref); 1151 if (rt == NULL) { 1152 ND_PRINTK0(KERN_ERR 1153 "ICMPv6 RA: %s() failed to add default route.\n", 1154 __FUNCTION__); 1155 in6_dev_put(in6_dev); 1156 return; 1157 } 1158 1159 neigh = rt->rt6i_nexthop; 1160 if (neigh == NULL) { 1161 ND_PRINTK0(KERN_ERR 1162 "ICMPv6 RA: %s() got default router without neighbour.\n", 1163 __FUNCTION__); 1164 dst_release(&rt->u.dst); 1165 in6_dev_put(in6_dev); 1166 return; 1167 } 1168 neigh->flags |= NTF_ROUTER; 1169 } else if (rt) { 1170 rt->rt6i_flags |= (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref); 1171 } 1172 1173 if (rt) 1174 rt->rt6i_expires = jiffies + (HZ * lifetime); 1175 1176 if (ra_msg->icmph.icmp6_hop_limit) { 1177 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit; 1178 if (rt) 1179 rt->u.dst.metrics[RTAX_HOPLIMIT-1] = ra_msg->icmph.icmp6_hop_limit; 1180 } 1181 1182skip_defrtr: 1183 1184 /* 1185 * Update Reachable Time and Retrans Timer 1186 */ 1187 1188 if (in6_dev->nd_parms) { 1189 unsigned long rtime = ntohl(ra_msg->retrans_timer); 1190 1191 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) { 1192 rtime = (rtime*HZ)/1000; 1193 if (rtime < HZ/10) 1194 rtime = HZ/10; 1195 in6_dev->nd_parms->retrans_time = rtime; 1196 in6_dev->tstamp = jiffies; 1197 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev); 1198 } 1199 1200 rtime = ntohl(ra_msg->reachable_time); 1201 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) { 1202 rtime = (rtime*HZ)/1000; 1203 1204 if (rtime < HZ/10) 1205 rtime = HZ/10; 1206 1207 if (rtime != in6_dev->nd_parms->base_reachable_time) { 1208 in6_dev->nd_parms->base_reachable_time = rtime; 1209 in6_dev->nd_parms->gc_staletime = 3 * rtime; 1210 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime); 1211 in6_dev->tstamp = jiffies; 1212 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev); 1213 } 1214 } 1215 } 1216 1217 /* 1218 * Process options. 1219 */ 1220 1221 if (!neigh) 1222 neigh = __neigh_lookup(&nd_tbl, &skb->nh.ipv6h->saddr, 1223 skb->dev, 1); 1224 if (neigh) { 1225 u8 *lladdr = NULL; 1226 if (ndopts.nd_opts_src_lladdr) { 1227 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, 1228 skb->dev); 1229 if (!lladdr) { 1230 ND_PRINTK2(KERN_WARNING 1231 "ICMPv6 RA: invalid link-layer address length\n"); 1232 goto out; 1233 } 1234 } 1235 neigh_update(neigh, lladdr, NUD_STALE, 1236 NEIGH_UPDATE_F_WEAK_OVERRIDE| 1237 NEIGH_UPDATE_F_OVERRIDE| 1238 NEIGH_UPDATE_F_OVERRIDE_ISROUTER| 1239 NEIGH_UPDATE_F_ISROUTER); 1240 } 1241 1242#ifdef CONFIG_IPV6_ROUTE_INFO 1243 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) { 1244 struct nd_opt_hdr *p; 1245 for (p = ndopts.nd_opts_ri; 1246 p; 1247 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) { 1248 if (((struct route_info *)p)->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen) 1249 continue; 1250 rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3, 1251 &skb->nh.ipv6h->saddr); 1252 } 1253 } 1254#endif 1255 1256 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) { 1257 struct nd_opt_hdr *p; 1258 for (p = ndopts.nd_opts_pi; 1259 p; 1260 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) { 1261 addrconf_prefix_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3); 1262 } 1263 } 1264 1265 if (ndopts.nd_opts_mtu) { 1266 u32 mtu; 1267 1268 memcpy(&mtu, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu)); 1269 mtu = ntohl(mtu); 1270 1271 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) { 1272 ND_PRINTK2(KERN_WARNING 1273 "ICMPv6 RA: invalid mtu: %d\n", 1274 mtu); 1275 } else if (in6_dev->cnf.mtu6 != mtu) { 1276 in6_dev->cnf.mtu6 = mtu; 1277 1278 if (rt) 1279 rt->u.dst.metrics[RTAX_MTU-1] = mtu; 1280 1281 rt6_mtu_change(skb->dev, mtu); 1282 } 1283 } 1284 1285 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) { 1286 ND_PRINTK2(KERN_WARNING 1287 "ICMPv6 RA: invalid RA options"); 1288 } 1289out: 1290 if (rt) 1291 dst_release(&rt->u.dst); 1292 else if (neigh) 1293 neigh_release(neigh); 1294 in6_dev_put(in6_dev); 1295} 1296 1297static void ndisc_redirect_rcv(struct sk_buff *skb) 1298{ 1299 struct inet6_dev *in6_dev; 1300 struct icmp6hdr *icmph; 1301 struct in6_addr *dest; 1302 struct in6_addr *target; /* new first hop to destination */ 1303 struct neighbour *neigh; 1304 int on_link = 0; 1305 struct ndisc_options ndopts; 1306 int optlen; 1307 u8 *lladdr = NULL; 1308 1309 if (!(ipv6_addr_type(&skb->nh.ipv6h->saddr) & IPV6_ADDR_LINKLOCAL)) { 1310 ND_PRINTK2(KERN_WARNING 1311 "ICMPv6 Redirect: source address is not link-local.\n"); 1312 return; 1313 } 1314 1315 optlen = skb->tail - skb->h.raw; 1316 optlen -= sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr); 1317 1318 if (optlen < 0) { 1319 ND_PRINTK2(KERN_WARNING 1320 "ICMPv6 Redirect: packet too short\n"); 1321 return; 1322 } 1323 1324 icmph = (struct icmp6hdr *) skb->h.raw; 1325 target = (struct in6_addr *) (icmph + 1); 1326 dest = target + 1; 1327 1328 if (ipv6_addr_is_multicast(dest)) { 1329 ND_PRINTK2(KERN_WARNING 1330 "ICMPv6 Redirect: destination address is multicast.\n"); 1331 return; 1332 } 1333 1334 if (ipv6_addr_equal(dest, target)) { 1335 on_link = 1; 1336 } else if (!(ipv6_addr_type(target) & IPV6_ADDR_LINKLOCAL)) { 1337 ND_PRINTK2(KERN_WARNING 1338 "ICMPv6 Redirect: target address is not link-local.\n"); 1339 return; 1340 } 1341 1342 in6_dev = in6_dev_get(skb->dev); 1343 if (!in6_dev) 1344 return; 1345 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects) { 1346 in6_dev_put(in6_dev); 1347 return; 1348 } 1349 1350 /* RFC2461 8.1: 1351 * The IP source address of the Redirect MUST be the same as the current 1352 * first-hop router for the specified ICMP Destination Address. 1353 */ 1354 1355 if (!ndisc_parse_options((u8*)(dest + 1), optlen, &ndopts)) { 1356 ND_PRINTK2(KERN_WARNING 1357 "ICMPv6 Redirect: invalid ND options\n"); 1358 in6_dev_put(in6_dev); 1359 return; 1360 } 1361 if (ndopts.nd_opts_tgt_lladdr) { 1362 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, 1363 skb->dev); 1364 if (!lladdr) { 1365 ND_PRINTK2(KERN_WARNING 1366 "ICMPv6 Redirect: invalid link-layer address length\n"); 1367 in6_dev_put(in6_dev); 1368 return; 1369 } 1370 } 1371 1372 neigh = __neigh_lookup(&nd_tbl, target, skb->dev, 1); 1373 if (neigh) { 1374 rt6_redirect(dest, &skb->nh.ipv6h->daddr, 1375 &skb->nh.ipv6h->saddr, neigh, lladdr, 1376 on_link); 1377 neigh_release(neigh); 1378 } 1379 in6_dev_put(in6_dev); 1380} 1381 1382void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh, 1383 struct in6_addr *target) 1384{ 1385 struct sock *sk = ndisc_socket->sk; 1386 int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr); 1387 struct sk_buff *buff; 1388 struct icmp6hdr *icmph; 1389 struct in6_addr saddr_buf; 1390 struct in6_addr *addrp; 1391 struct net_device *dev; 1392 struct rt6_info *rt; 1393 struct dst_entry *dst; 1394 struct inet6_dev *idev; 1395 struct flowi fl; 1396 u8 *opt; 1397 int rd_len; 1398 int err; 1399 int hlen; 1400 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL; 1401 1402 dev = skb->dev; 1403 1404 if (ipv6_get_lladdr(dev, &saddr_buf)) { 1405 ND_PRINTK2(KERN_WARNING 1406 "ICMPv6 Redirect: no link-local address on %s\n", 1407 dev->name); 1408 return; 1409 } 1410 1411 ndisc_flow_init(&fl, NDISC_REDIRECT, &saddr_buf, &skb->nh.ipv6h->saddr, 1412 dev->ifindex); 1413 1414 dst = ip6_route_output(NULL, &fl); 1415 if (dst == NULL) 1416 return; 1417 1418 err = xfrm_lookup(&dst, &fl, NULL, 0); 1419 if (err) 1420 return; 1421 1422 rt = (struct rt6_info *) dst; 1423 1424 if (rt->rt6i_flags & RTF_GATEWAY) { 1425 ND_PRINTK2(KERN_WARNING 1426 "ICMPv6 Redirect: destination is not a neighbour.\n"); 1427 dst_release(dst); 1428 return; 1429 } 1430 if (!xrlim_allow(dst, 1*HZ)) { 1431 dst_release(dst); 1432 return; 1433 } 1434 1435 if (dev->addr_len) { 1436 read_lock_bh(&neigh->lock); 1437 if (neigh->nud_state & NUD_VALID) { 1438 memcpy(ha_buf, neigh->ha, dev->addr_len); 1439 read_unlock_bh(&neigh->lock); 1440 ha = ha_buf; 1441 len += ndisc_opt_addr_space(dev); 1442 } else 1443 read_unlock_bh(&neigh->lock); 1444 } 1445 1446 rd_len = min_t(unsigned int, 1447 IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8); 1448 rd_len &= ~0x7; 1449 len += rd_len; 1450 1451 buff = sock_alloc_send_skb(sk, MAX_HEADER + len + LL_RESERVED_SPACE(dev), 1452 1, &err); 1453 if (buff == NULL) { 1454 ND_PRINTK0(KERN_ERR 1455 "ICMPv6 Redirect: %s() failed to allocate an skb.\n", 1456 __FUNCTION__); 1457 dst_release(dst); 1458 return; 1459 } 1460 1461 hlen = 0; 1462 1463 skb_reserve(buff, LL_RESERVED_SPACE(dev)); 1464 ip6_nd_hdr(sk, buff, dev, &saddr_buf, &skb->nh.ipv6h->saddr, 1465 IPPROTO_ICMPV6, len); 1466 1467 icmph = (struct icmp6hdr *)skb_put(buff, len); 1468 buff->h.raw = (unsigned char*)icmph; 1469 1470 memset(icmph, 0, sizeof(struct icmp6hdr)); 1471 icmph->icmp6_type = NDISC_REDIRECT; 1472 1473 /* 1474 * copy target and destination addresses 1475 */ 1476 1477 addrp = (struct in6_addr *)(icmph + 1); 1478 ipv6_addr_copy(addrp, target); 1479 addrp++; 1480 ipv6_addr_copy(addrp, &skb->nh.ipv6h->daddr); 1481 1482 opt = (u8*) (addrp + 1); 1483 1484 /* 1485 * include target_address option 1486 */ 1487 1488 if (ha) 1489 opt = ndisc_fill_addr_option(opt, ND_OPT_TARGET_LL_ADDR, ha, 1490 dev->addr_len, dev->type); 1491 1492 /* 1493 * build redirect option and copy skb over to the new packet. 1494 */ 1495 1496 memset(opt, 0, 8); 1497 *(opt++) = ND_OPT_REDIRECT_HDR; 1498 *(opt++) = (rd_len >> 3); 1499 opt += 6; 1500 1501 memcpy(opt, skb->nh.ipv6h, rd_len - 8); 1502 1503 icmph->icmp6_cksum = csum_ipv6_magic(&saddr_buf, &skb->nh.ipv6h->saddr, 1504 len, IPPROTO_ICMPV6, 1505 csum_partial((u8 *) icmph, len, 0)); 1506 1507 buff->dst = dst; 1508 idev = in6_dev_get(dst->dev); 1509 IP6_INC_STATS(IPSTATS_MIB_OUTREQUESTS); 1510 err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, buff, NULL, dst->dev, dst_output); 1511 if (!err) { 1512 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTREDIRECTS); 1513 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS); 1514 } 1515 1516 if (likely(idev != NULL)) 1517 in6_dev_put(idev); 1518} 1519 1520static void pndisc_redo(struct sk_buff *skb) 1521{ 1522 ndisc_recv_ns(skb); 1523 kfree_skb(skb); 1524} 1525 1526int ndisc_rcv(struct sk_buff *skb) 1527{ 1528 struct nd_msg *msg; 1529 1530 if (!pskb_may_pull(skb, skb->len)) 1531 return 0; 1532 1533 msg = (struct nd_msg *) skb->h.raw; 1534 1535 __skb_push(skb, skb->data-skb->h.raw); 1536 1537 if (skb->nh.ipv6h->hop_limit != 255) { 1538 ND_PRINTK2(KERN_WARNING 1539 "ICMPv6 NDISC: invalid hop-limit: %d\n", 1540 skb->nh.ipv6h->hop_limit); 1541 return 0; 1542 } 1543 1544 if (msg->icmph.icmp6_code != 0) { 1545 ND_PRINTK2(KERN_WARNING 1546 "ICMPv6 NDISC: invalid ICMPv6 code: %d\n", 1547 msg->icmph.icmp6_code); 1548 return 0; 1549 } 1550 1551 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb)); 1552 1553 switch (msg->icmph.icmp6_type) { 1554 case NDISC_NEIGHBOUR_SOLICITATION: 1555 ndisc_recv_ns(skb); 1556 break; 1557 1558 case NDISC_NEIGHBOUR_ADVERTISEMENT: 1559 ndisc_recv_na(skb); 1560 break; 1561 1562 case NDISC_ROUTER_SOLICITATION: 1563 ndisc_recv_rs(skb); 1564 break; 1565 1566 case NDISC_ROUTER_ADVERTISEMENT: 1567 ndisc_router_discovery(skb); 1568 break; 1569 1570 case NDISC_REDIRECT: 1571 ndisc_redirect_rcv(skb); 1572 break; 1573 }; 1574 1575 return 0; 1576} 1577 1578static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr) 1579{ 1580 struct net_device *dev = ptr; 1581 1582 switch (event) { 1583 case NETDEV_CHANGEADDR: 1584 neigh_changeaddr(&nd_tbl, dev); 1585 fib6_run_gc(~0UL); 1586 break; 1587 case NETDEV_DOWN: 1588 neigh_ifdown(&nd_tbl, dev); 1589 fib6_run_gc(~0UL); 1590 break; 1591 default: 1592 break; 1593 } 1594 1595 return NOTIFY_DONE; 1596} 1597 1598static struct notifier_block ndisc_netdev_notifier = { 1599 .notifier_call = ndisc_netdev_event, 1600}; 1601 1602#ifdef CONFIG_SYSCTL 1603static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl, 1604 const char *func, const char *dev_name) 1605{ 1606 static char warncomm[TASK_COMM_LEN]; 1607 static int warned; 1608 if (strcmp(warncomm, current->comm) && warned < 5) { 1609 strcpy(warncomm, current->comm); 1610 printk(KERN_WARNING 1611 "process `%s' is using deprecated sysctl (%s) " 1612 "net.ipv6.neigh.%s.%s; " 1613 "Use net.ipv6.neigh.%s.%s_ms " 1614 "instead.\n", 1615 warncomm, func, 1616 dev_name, ctl->procname, 1617 dev_name, ctl->procname); 1618 warned++; 1619 } 1620} 1621 1622int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, struct file * filp, void __user *buffer, size_t *lenp, loff_t *ppos) 1623{ 1624 struct net_device *dev = ctl->extra1; 1625 struct inet6_dev *idev; 1626 int ret; 1627 1628 if (ctl->ctl_name == NET_NEIGH_RETRANS_TIME || 1629 ctl->ctl_name == NET_NEIGH_REACHABLE_TIME) 1630 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default"); 1631 1632 switch (ctl->ctl_name) { 1633 case NET_NEIGH_RETRANS_TIME: 1634 ret = proc_dointvec(ctl, write, filp, buffer, lenp, ppos); 1635 break; 1636 case NET_NEIGH_REACHABLE_TIME: 1637 ret = proc_dointvec_jiffies(ctl, write, 1638 filp, buffer, lenp, ppos); 1639 break; 1640 case NET_NEIGH_RETRANS_TIME_MS: 1641 case NET_NEIGH_REACHABLE_TIME_MS: 1642 ret = proc_dointvec_ms_jiffies(ctl, write, 1643 filp, buffer, lenp, ppos); 1644 break; 1645 default: 1646 ret = -1; 1647 } 1648 1649 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) { 1650 if (ctl->ctl_name == NET_NEIGH_REACHABLE_TIME || 1651 ctl->ctl_name == NET_NEIGH_REACHABLE_TIME_MS) 1652 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time); 1653 idev->tstamp = jiffies; 1654 inet6_ifinfo_notify(RTM_NEWLINK, idev); 1655 in6_dev_put(idev); 1656 } 1657 return ret; 1658} 1659 1660static int ndisc_ifinfo_sysctl_strategy(ctl_table *ctl, int __user *name, 1661 int nlen, void __user *oldval, 1662 size_t __user *oldlenp, 1663 void __user *newval, size_t newlen, 1664 void **context) 1665{ 1666 struct net_device *dev = ctl->extra1; 1667 struct inet6_dev *idev; 1668 int ret; 1669 1670 if (ctl->ctl_name == NET_NEIGH_RETRANS_TIME || 1671 ctl->ctl_name == NET_NEIGH_REACHABLE_TIME) 1672 ndisc_warn_deprecated_sysctl(ctl, "procfs", dev ? dev->name : "default"); 1673 1674 switch (ctl->ctl_name) { 1675 case NET_NEIGH_REACHABLE_TIME: 1676 ret = sysctl_jiffies(ctl, name, nlen, 1677 oldval, oldlenp, newval, newlen, 1678 context); 1679 break; 1680 case NET_NEIGH_RETRANS_TIME_MS: 1681 case NET_NEIGH_REACHABLE_TIME_MS: 1682 ret = sysctl_ms_jiffies(ctl, name, nlen, 1683 oldval, oldlenp, newval, newlen, 1684 context); 1685 break; 1686 default: 1687 ret = 0; 1688 } 1689 1690 if (newval && newlen && ret > 0 && 1691 dev && (idev = in6_dev_get(dev)) != NULL) { 1692 if (ctl->ctl_name == NET_NEIGH_REACHABLE_TIME || 1693 ctl->ctl_name == NET_NEIGH_REACHABLE_TIME_MS) 1694 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time); 1695 idev->tstamp = jiffies; 1696 inet6_ifinfo_notify(RTM_NEWLINK, idev); 1697 in6_dev_put(idev); 1698 } 1699 1700 return ret; 1701} 1702 1703#endif 1704 1705int __init ndisc_init(struct net_proto_family *ops) 1706{ 1707 struct ipv6_pinfo *np; 1708 struct sock *sk; 1709 int err; 1710 1711 err = sock_create_kern(PF_INET6, SOCK_RAW, IPPROTO_ICMPV6, &ndisc_socket); 1712 if (err < 0) { 1713 ND_PRINTK0(KERN_ERR 1714 "ICMPv6 NDISC: Failed to initialize the control socket (err %d).\n", 1715 err); 1716 ndisc_socket = NULL; /* For safety. */ 1717 return err; 1718 } 1719 1720 sk = ndisc_socket->sk; 1721 np = inet6_sk(sk); 1722 sk->sk_allocation = GFP_ATOMIC; 1723 np->hop_limit = 255; 1724 /* Do not loopback ndisc messages */ 1725 np->mc_loop = 0; 1726 sk->sk_prot->unhash(sk); 1727 1728 /* 1729 * Initialize the neighbour table 1730 */ 1731 1732 neigh_table_init(&nd_tbl); 1733 1734#ifdef CONFIG_SYSCTL 1735 neigh_sysctl_register(NULL, &nd_tbl.parms, NET_IPV6, NET_IPV6_NEIGH, 1736 "ipv6", 1737 &ndisc_ifinfo_sysctl_change, 1738 &ndisc_ifinfo_sysctl_strategy); 1739#endif 1740 1741 register_netdevice_notifier(&ndisc_netdev_notifier); 1742 return 0; 1743} 1744 1745void ndisc_cleanup(void) 1746{ 1747#ifdef CONFIG_SYSCTL 1748 neigh_sysctl_unregister(&nd_tbl.parms); 1749#endif 1750 neigh_table_clear(&nd_tbl); 1751 sock_release(ndisc_socket); 1752 ndisc_socket = NULL; /* For safety. */ 1753} 1754