1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30#define ND_DEBUG 1
31
32#define ND_PRINTK(fmt, args...) do { if (net_ratelimit()) { printk(fmt, ## args); } } while(0)
33#define ND_NOPRINTK(x...) do { ; } while(0)
34#define ND_PRINTK0 ND_PRINTK
35#define ND_PRINTK1 ND_NOPRINTK
36#define ND_PRINTK2 ND_NOPRINTK
37#define ND_PRINTK3 ND_NOPRINTK
38#if ND_DEBUG >= 1
39#undef ND_PRINTK1
40#define ND_PRINTK1 ND_PRINTK
41#endif
42#if ND_DEBUG >= 2
43#undef ND_PRINTK2
44#define ND_PRINTK2 ND_PRINTK
45#endif
46#if ND_DEBUG >= 3
47#undef ND_PRINTK3
48#define ND_PRINTK3 ND_PRINTK
49#endif
50
51#include <linux/module.h>
52#include <linux/errno.h>
53#include <linux/types.h>
54#include <linux/socket.h>
55#include <linux/sockios.h>
56#include <linux/sched.h>
57#include <linux/net.h>
58#include <linux/in6.h>
59#include <linux/route.h>
60#include <linux/init.h>
61#include <linux/rcupdate.h>
62#ifdef CONFIG_SYSCTL
63#include <linux/sysctl.h>
64#endif
65
66#include <linux/if_addr.h>
67#include <linux/if_arp.h>
68#include <linux/ipv6.h>
69#include <linux/icmpv6.h>
70#include <linux/jhash.h>
71
72#include <net/sock.h>
73#include <net/snmp.h>
74
75#include <net/ipv6.h>
76#include <net/protocol.h>
77#include <net/ndisc.h>
78#include <net/ip6_route.h>
79#include <net/addrconf.h>
80#include <net/icmp.h>
81
82#include <net/netlink.h>
83#include <linux/rtnetlink.h>
84
85#include <net/flow.h>
86#include <net/ip6_checksum.h>
87#include <net/inet_common.h>
88#include <linux/proc_fs.h>
89
90#include <linux/netfilter.h>
91#include <linux/netfilter_ipv6.h>
92
93static u32 ndisc_hash(const void *pkey, const struct net_device *dev);
94static int ndisc_constructor(struct neighbour *neigh);
95static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
96static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
97static int pndisc_constructor(struct pneigh_entry *n);
98static void pndisc_destructor(struct pneigh_entry *n);
99static void pndisc_redo(struct sk_buff *skb);
100
101static const struct neigh_ops ndisc_generic_ops = {
102 .family = AF_INET6,
103 .solicit = ndisc_solicit,
104 .error_report = ndisc_error_report,
105 .output = neigh_resolve_output,
106 .connected_output = neigh_connected_output,
107 .hh_output = dev_queue_xmit,
108 .queue_xmit = dev_queue_xmit,
109};
110
111static const struct neigh_ops ndisc_hh_ops = {
112 .family = AF_INET6,
113 .solicit = ndisc_solicit,
114 .error_report = ndisc_error_report,
115 .output = neigh_resolve_output,
116 .connected_output = neigh_resolve_output,
117 .hh_output = dev_queue_xmit,
118 .queue_xmit = dev_queue_xmit,
119};
120
121
122static const struct neigh_ops ndisc_direct_ops = {
123 .family = AF_INET6,
124 .output = dev_queue_xmit,
125 .connected_output = dev_queue_xmit,
126 .hh_output = dev_queue_xmit,
127 .queue_xmit = dev_queue_xmit,
128};
129
130struct neigh_table nd_tbl = {
131 .family = AF_INET6,
132 .entry_size = sizeof(struct neighbour) + sizeof(struct in6_addr),
133 .key_len = sizeof(struct in6_addr),
134 .hash = ndisc_hash,
135 .constructor = ndisc_constructor,
136 .pconstructor = pndisc_constructor,
137 .pdestructor = pndisc_destructor,
138 .proxy_redo = pndisc_redo,
139 .id = "ndisc_cache",
140 .parms = {
141 .tbl = &nd_tbl,
142 .base_reachable_time = 30 * HZ,
143 .retrans_time = 1 * HZ,
144 .gc_staletime = 60 * HZ,
145 .reachable_time = 30 * HZ,
146 .delay_probe_time = 5 * HZ,
147 .queue_len = 3,
148 .ucast_probes = 3,
149 .mcast_probes = 3,
150 .anycast_delay = 1 * HZ,
151 .proxy_delay = (8 * HZ) / 10,
152 .proxy_qlen = 64,
153 },
154 .gc_interval = 30 * HZ,
155 .gc_thresh1 = 128,
156 .gc_thresh2 = 512,
157 .gc_thresh3 = 1024,
158};
159
160
161struct ndisc_options {
162 struct nd_opt_hdr *nd_opt_array[__ND_OPT_ARRAY_MAX];
163#ifdef CONFIG_IPV6_ROUTE_INFO
164 struct nd_opt_hdr *nd_opts_ri;
165 struct nd_opt_hdr *nd_opts_ri_end;
166#endif
167 struct nd_opt_hdr *nd_useropts;
168 struct nd_opt_hdr *nd_useropts_end;
169};
170
171#define nd_opts_src_lladdr nd_opt_array[ND_OPT_SOURCE_LL_ADDR]
172#define nd_opts_tgt_lladdr nd_opt_array[ND_OPT_TARGET_LL_ADDR]
173#define nd_opts_pi nd_opt_array[ND_OPT_PREFIX_INFO]
174#define nd_opts_pi_end nd_opt_array[__ND_OPT_PREFIX_INFO_END]
175#define nd_opts_rh nd_opt_array[ND_OPT_REDIRECT_HDR]
176#define nd_opts_mtu nd_opt_array[ND_OPT_MTU]
177
178#define NDISC_OPT_SPACE(len) (((len)+2+7)&~7)
179
180
181
182
183
184
185
186static int ndisc_addr_option_pad(unsigned short type)
187{
188 switch (type) {
189 case ARPHRD_INFINIBAND: return 2;
190 default: return 0;
191 }
192}
193
194static inline int ndisc_opt_addr_space(struct net_device *dev)
195{
196 return NDISC_OPT_SPACE(dev->addr_len + ndisc_addr_option_pad(dev->type));
197}
198
199static u8 *ndisc_fill_addr_option(u8 *opt, int type, void *data, int data_len,
200 unsigned short addr_type)
201{
202 int space = NDISC_OPT_SPACE(data_len);
203 int pad = ndisc_addr_option_pad(addr_type);
204
205 opt[0] = type;
206 opt[1] = space>>3;
207
208 memset(opt + 2, 0, pad);
209 opt += pad;
210 space -= pad;
211
212 memcpy(opt+2, data, data_len);
213 data_len += 2;
214 opt += data_len;
215 if ((space -= data_len) > 0)
216 memset(opt, 0, space);
217 return opt + space;
218}
219
220static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
221 struct nd_opt_hdr *end)
222{
223 int type;
224 if (!cur || !end || cur >= end)
225 return NULL;
226 type = cur->nd_opt_type;
227 do {
228 cur = ((void *)cur) + (cur->nd_opt_len << 3);
229 } while(cur < end && cur->nd_opt_type != type);
230 return (cur <= end && cur->nd_opt_type == type ? cur : NULL);
231}
232
233static inline int ndisc_is_useropt(struct nd_opt_hdr *opt)
234{
235 return (opt->nd_opt_type == ND_OPT_RDNSS);
236}
237
238static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur,
239 struct nd_opt_hdr *end)
240{
241 if (!cur || !end || cur >= end)
242 return NULL;
243 do {
244 cur = ((void *)cur) + (cur->nd_opt_len << 3);
245 } while(cur < end && !ndisc_is_useropt(cur));
246 return (cur <= end && ndisc_is_useropt(cur) ? cur : NULL);
247}
248
249static struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
250 struct ndisc_options *ndopts)
251{
252 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
253
254 if (!nd_opt || opt_len < 0 || !ndopts)
255 return NULL;
256 memset(ndopts, 0, sizeof(*ndopts));
257 while (opt_len) {
258 int l;
259 if (opt_len < sizeof(struct nd_opt_hdr))
260 return NULL;
261 l = nd_opt->nd_opt_len << 3;
262 if (opt_len < l || l == 0)
263 return NULL;
264 switch (nd_opt->nd_opt_type) {
265 case ND_OPT_SOURCE_LL_ADDR:
266 case ND_OPT_TARGET_LL_ADDR:
267 case ND_OPT_MTU:
268 case ND_OPT_REDIRECT_HDR:
269 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
270 ND_PRINTK2(KERN_WARNING
271 "%s(): duplicated ND6 option found: type=%d\n",
272 __func__,
273 nd_opt->nd_opt_type);
274 } else {
275 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
276 }
277 break;
278 case ND_OPT_PREFIX_INFO:
279 ndopts->nd_opts_pi_end = nd_opt;
280 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
281 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
282 break;
283#ifdef CONFIG_IPV6_ROUTE_INFO
284 case ND_OPT_ROUTE_INFO:
285 ndopts->nd_opts_ri_end = nd_opt;
286 if (!ndopts->nd_opts_ri)
287 ndopts->nd_opts_ri = nd_opt;
288 break;
289#endif
290 default:
291 if (ndisc_is_useropt(nd_opt)) {
292 ndopts->nd_useropts_end = nd_opt;
293 if (!ndopts->nd_useropts)
294 ndopts->nd_useropts = nd_opt;
295 } else {
296
297
298
299
300
301 ND_PRINTK2(KERN_NOTICE
302 "%s(): ignored unsupported option; type=%d, len=%d\n",
303 __func__,
304 nd_opt->nd_opt_type, nd_opt->nd_opt_len);
305 }
306 }
307 opt_len -= l;
308 nd_opt = ((void *)nd_opt) + l;
309 }
310 return ndopts;
311}
312
313static inline u8 *ndisc_opt_addr_data(struct nd_opt_hdr *p,
314 struct net_device *dev)
315{
316 u8 *lladdr = (u8 *)(p + 1);
317 int lladdrlen = p->nd_opt_len << 3;
318 int prepad = ndisc_addr_option_pad(dev->type);
319 if (lladdrlen != NDISC_OPT_SPACE(dev->addr_len + prepad))
320 return NULL;
321 return (lladdr + prepad);
322}
323
324int ndisc_mc_map(struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
325{
326 switch (dev->type) {
327 case ARPHRD_ETHER:
328 case ARPHRD_IEEE802:
329 case ARPHRD_FDDI:
330 ipv6_eth_mc_map(addr, buf);
331 return 0;
332 case ARPHRD_IEEE802_TR:
333 ipv6_tr_mc_map(addr,buf);
334 return 0;
335 case ARPHRD_ARCNET:
336 ipv6_arcnet_mc_map(addr, buf);
337 return 0;
338 case ARPHRD_INFINIBAND:
339 ipv6_ib_mc_map(addr, dev->broadcast, buf);
340 return 0;
341 default:
342 if (dir) {
343 memcpy(buf, dev->broadcast, dev->addr_len);
344 return 0;
345 }
346 }
347 return -EINVAL;
348}
349
350EXPORT_SYMBOL(ndisc_mc_map);
351
352static u32 ndisc_hash(const void *pkey, const struct net_device *dev)
353{
354 const u32 *p32 = pkey;
355 u32 addr_hash, i;
356
357 addr_hash = 0;
358 for (i = 0; i < (sizeof(struct in6_addr) / sizeof(u32)); i++)
359 addr_hash ^= *p32++;
360
361 return jhash_2words(addr_hash, dev->ifindex, nd_tbl.hash_rnd);
362}
363
364static int ndisc_constructor(struct neighbour *neigh)
365{
366 struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key;
367 struct net_device *dev = neigh->dev;
368 struct inet6_dev *in6_dev;
369 struct neigh_parms *parms;
370 int is_multicast = ipv6_addr_is_multicast(addr);
371
372 rcu_read_lock();
373 in6_dev = in6_dev_get(dev);
374 if (in6_dev == NULL) {
375 rcu_read_unlock();
376 return -EINVAL;
377 }
378
379 parms = in6_dev->nd_parms;
380 __neigh_parms_put(neigh->parms);
381 neigh->parms = neigh_parms_clone(parms);
382 rcu_read_unlock();
383
384 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
385 if (!dev->header_ops) {
386 neigh->nud_state = NUD_NOARP;
387 neigh->ops = &ndisc_direct_ops;
388 neigh->output = neigh->ops->queue_xmit;
389 } else {
390 if (is_multicast) {
391 neigh->nud_state = NUD_NOARP;
392 ndisc_mc_map(addr, neigh->ha, dev, 1);
393 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
394 neigh->nud_state = NUD_NOARP;
395 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
396 if (dev->flags&IFF_LOOPBACK)
397 neigh->type = RTN_LOCAL;
398 } else if (dev->flags&IFF_POINTOPOINT) {
399 neigh->nud_state = NUD_NOARP;
400 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
401 }
402 if (dev->header_ops->cache)
403 neigh->ops = &ndisc_hh_ops;
404 else
405 neigh->ops = &ndisc_generic_ops;
406 if (neigh->nud_state&NUD_VALID)
407 neigh->output = neigh->ops->connected_output;
408 else
409 neigh->output = neigh->ops->output;
410 }
411 in6_dev_put(in6_dev);
412 return 0;
413}
414
415static int pndisc_constructor(struct pneigh_entry *n)
416{
417 struct in6_addr *addr = (struct in6_addr*)&n->key;
418 struct in6_addr maddr;
419 struct net_device *dev = n->dev;
420
421 if (dev == NULL || __in6_dev_get(dev) == NULL)
422 return -EINVAL;
423 addrconf_addr_solict_mult(addr, &maddr);
424 ipv6_dev_mc_inc(dev, &maddr);
425 return 0;
426}
427
428static void pndisc_destructor(struct pneigh_entry *n)
429{
430 struct in6_addr *addr = (struct in6_addr*)&n->key;
431 struct in6_addr maddr;
432 struct net_device *dev = n->dev;
433
434 if (dev == NULL || __in6_dev_get(dev) == NULL)
435 return;
436 addrconf_addr_solict_mult(addr, &maddr);
437 ipv6_dev_mc_dec(dev, &maddr);
438}
439
440struct sk_buff *ndisc_build_skb(struct net_device *dev,
441 const struct in6_addr *daddr,
442 const struct in6_addr *saddr,
443 struct icmp6hdr *icmp6h,
444 const struct in6_addr *target,
445 int llinfo)
446{
447 struct net *net = dev_net(dev);
448 struct sock *sk = net->ipv6.ndisc_sk;
449 struct sk_buff *skb;
450 struct icmp6hdr *hdr;
451 int len;
452 int err;
453 u8 *opt;
454
455 if (!dev->addr_len)
456 llinfo = 0;
457
458 len = sizeof(struct icmp6hdr) + (target ? sizeof(*target) : 0);
459 if (llinfo)
460 len += ndisc_opt_addr_space(dev);
461
462 skb = sock_alloc_send_skb(sk,
463 (MAX_HEADER + sizeof(struct ipv6hdr) +
464 len + LL_ALLOCATED_SPACE(dev)),
465 1, &err);
466 if (!skb) {
467 ND_PRINTK0(KERN_ERR
468 "ICMPv6 ND: %s() failed to allocate an skb, err=%d.\n",
469 __func__, err);
470 return NULL;
471 }
472
473 skb_reserve(skb, LL_RESERVED_SPACE(dev));
474 ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len);
475
476 skb->transport_header = skb->tail;
477 skb_put(skb, len);
478
479 hdr = (struct icmp6hdr *)skb_transport_header(skb);
480 memcpy(hdr, icmp6h, sizeof(*hdr));
481
482 opt = skb_transport_header(skb) + sizeof(struct icmp6hdr);
483 if (target) {
484 ipv6_addr_copy((struct in6_addr *)opt, target);
485 opt += sizeof(*target);
486 }
487
488 if (llinfo)
489 ndisc_fill_addr_option(opt, llinfo, dev->dev_addr,
490 dev->addr_len, dev->type);
491
492 hdr->icmp6_cksum = csum_ipv6_magic(saddr, daddr, len,
493 IPPROTO_ICMPV6,
494 csum_partial(hdr,
495 len, 0));
496
497 return skb;
498}
499
500EXPORT_SYMBOL(ndisc_build_skb);
501
502void ndisc_send_skb(struct sk_buff *skb,
503 struct net_device *dev,
504 struct neighbour *neigh,
505 const struct in6_addr *daddr,
506 const struct in6_addr *saddr,
507 struct icmp6hdr *icmp6h)
508{
509 struct flowi fl;
510 struct dst_entry *dst;
511 struct net *net = dev_net(dev);
512 struct sock *sk = net->ipv6.ndisc_sk;
513 struct inet6_dev *idev;
514 int err;
515 u8 type;
516
517 type = icmp6h->icmp6_type;
518
519 icmpv6_flow_init(sk, &fl, type, saddr, daddr, dev->ifindex);
520
521 dst = icmp6_dst_alloc(dev, neigh, daddr);
522 if (!dst) {
523 kfree_skb(skb);
524 return;
525 }
526
527 err = xfrm_lookup(net, &dst, &fl, NULL, 0);
528 if (err < 0) {
529 kfree_skb(skb);
530 return;
531 }
532
533 skb_dst_set(skb, dst);
534
535 idev = in6_dev_get(dst->dev);
536 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
537
538 err = NF_HOOK(PF_INET6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev,
539 dst_output);
540 if (!err) {
541 ICMP6MSGOUT_INC_STATS(net, idev, type);
542 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
543 }
544
545 if (likely(idev != NULL))
546 in6_dev_put(idev);
547}
548
549EXPORT_SYMBOL(ndisc_send_skb);
550
551
552
553
554static void __ndisc_send(struct net_device *dev,
555 struct neighbour *neigh,
556 const struct in6_addr *daddr,
557 const struct in6_addr *saddr,
558 struct icmp6hdr *icmp6h, const struct in6_addr *target,
559 int llinfo)
560{
561 struct sk_buff *skb;
562
563 skb = ndisc_build_skb(dev, daddr, saddr, icmp6h, target, llinfo);
564 if (!skb)
565 return;
566
567 ndisc_send_skb(skb, dev, neigh, daddr, saddr, icmp6h);
568}
569
570static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
571 const struct in6_addr *daddr,
572 const struct in6_addr *solicited_addr,
573 int router, int solicited, int override, int inc_opt)
574{
575 struct in6_addr tmpaddr;
576 struct inet6_ifaddr *ifp;
577 const struct in6_addr *src_addr;
578 struct icmp6hdr icmp6h = {
579 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
580 };
581
582
583 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
584 if (ifp) {
585 src_addr = solicited_addr;
586 if (ifp->flags & IFA_F_OPTIMISTIC)
587 override = 0;
588 in6_ifa_put(ifp);
589 } else {
590 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
591 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
592 &tmpaddr))
593 return;
594 src_addr = &tmpaddr;
595 }
596
597 icmp6h.icmp6_router = router;
598 icmp6h.icmp6_solicited = solicited;
599 icmp6h.icmp6_override = override;
600
601 __ndisc_send(dev, neigh, daddr, src_addr,
602 &icmp6h, solicited_addr,
603 inc_opt ? ND_OPT_TARGET_LL_ADDR : 0);
604}
605
606void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh,
607 const struct in6_addr *solicit,
608 const struct in6_addr *daddr, const struct in6_addr *saddr)
609{
610 struct in6_addr addr_buf;
611 struct icmp6hdr icmp6h = {
612 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
613 };
614
615 if (saddr == NULL) {
616 if (ipv6_get_lladdr(dev, &addr_buf,
617 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
618 return;
619 saddr = &addr_buf;
620 }
621
622 __ndisc_send(dev, neigh, daddr, saddr,
623 &icmp6h, solicit,
624 !ipv6_addr_any(saddr) ? ND_OPT_SOURCE_LL_ADDR : 0);
625}
626
627void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
628 const struct in6_addr *daddr)
629{
630 struct icmp6hdr icmp6h = {
631 .icmp6_type = NDISC_ROUTER_SOLICITATION,
632 };
633 int send_sllao = dev->addr_len;
634
635#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
636
637
638
639
640
641
642
643
644 if (send_sllao) {
645 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
646 dev, 1);
647 if (ifp) {
648 if (ifp->flags & IFA_F_OPTIMISTIC) {
649 send_sllao = 0;
650 }
651 in6_ifa_put(ifp);
652 } else {
653 send_sllao = 0;
654 }
655 }
656#endif
657 __ndisc_send(dev, NULL, daddr, saddr,
658 &icmp6h, NULL,
659 send_sllao ? ND_OPT_SOURCE_LL_ADDR : 0);
660}
661
662
663static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
664{
665
666
667
668
669 dst_link_failure(skb);
670 kfree_skb(skb);
671}
672
673
674
675static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
676{
677 struct in6_addr *saddr = NULL;
678 struct in6_addr mcaddr;
679 struct net_device *dev = neigh->dev;
680 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
681 int probes = atomic_read(&neigh->probes);
682
683 if (skb && ipv6_chk_addr(dev_net(dev), &ipv6_hdr(skb)->saddr, dev, 1))
684 saddr = &ipv6_hdr(skb)->saddr;
685
686 if ((probes -= neigh->parms->ucast_probes) < 0) {
687 if (!(neigh->nud_state & NUD_VALID)) {
688 ND_PRINTK1(KERN_DEBUG "%s(): trying to ucast probe in NUD_INVALID: %pI6\n",
689 __func__, target);
690 }
691 ndisc_send_ns(dev, neigh, target, target, saddr);
692 } else if ((probes -= neigh->parms->app_probes) < 0) {
693#ifdef CONFIG_ARPD
694 neigh_app_ns(neigh);
695#endif
696 } else {
697 addrconf_addr_solict_mult(target, &mcaddr);
698 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr);
699 }
700}
701
702static int pndisc_is_router(const void *pkey,
703 struct net_device *dev)
704{
705 struct pneigh_entry *n;
706 int ret = -1;
707
708 read_lock_bh(&nd_tbl.lock);
709 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
710 if (n)
711 ret = !!(n->flags & NTF_ROUTER);
712 read_unlock_bh(&nd_tbl.lock);
713
714 return ret;
715}
716
717static void ndisc_recv_ns(struct sk_buff *skb)
718{
719 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
720 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
721 struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
722 u8 *lladdr = NULL;
723 u32 ndoptlen = skb->tail - (skb->transport_header +
724 offsetof(struct nd_msg, opt));
725 struct ndisc_options ndopts;
726 struct net_device *dev = skb->dev;
727 struct inet6_ifaddr *ifp;
728 struct inet6_dev *idev = NULL;
729 struct neighbour *neigh;
730 int dad = ipv6_addr_any(saddr);
731 int inc;
732 int is_router = -1;
733
734 if (ipv6_addr_is_multicast(&msg->target)) {
735 ND_PRINTK2(KERN_WARNING
736 "ICMPv6 NS: multicast target address");
737 return;
738 }
739
740
741
742
743
744 if (dad &&
745 !(daddr->s6_addr32[0] == htonl(0xff020000) &&
746 daddr->s6_addr32[1] == htonl(0x00000000) &&
747 daddr->s6_addr32[2] == htonl(0x00000001) &&
748 daddr->s6_addr [12] == 0xff )) {
749 ND_PRINTK2(KERN_WARNING
750 "ICMPv6 NS: bad DAD packet (wrong destination)\n");
751 return;
752 }
753
754 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
755 ND_PRINTK2(KERN_WARNING
756 "ICMPv6 NS: invalid ND options\n");
757 return;
758 }
759
760 if (ndopts.nd_opts_src_lladdr) {
761 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
762 if (!lladdr) {
763 ND_PRINTK2(KERN_WARNING
764 "ICMPv6 NS: invalid link-layer address length\n");
765 return;
766 }
767
768
769
770
771
772
773 if (dad) {
774 ND_PRINTK2(KERN_WARNING
775 "ICMPv6 NS: bad DAD packet (link-layer address option)\n");
776 return;
777 }
778 }
779
780 inc = ipv6_addr_is_multicast(daddr);
781
782 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
783 if (ifp) {
784
785 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
786 if (dad) {
787 if (dev->type == ARPHRD_IEEE802_TR) {
788 const unsigned char *sadr;
789 sadr = skb_mac_header(skb);
790 if (((sadr[8] ^ dev->dev_addr[0]) & 0x7f) == 0 &&
791 sadr[9] == dev->dev_addr[1] &&
792 sadr[10] == dev->dev_addr[2] &&
793 sadr[11] == dev->dev_addr[3] &&
794 sadr[12] == dev->dev_addr[4] &&
795 sadr[13] == dev->dev_addr[5]) {
796
797 goto out;
798 }
799 }
800
801
802
803
804
805
806 addrconf_dad_failure(ifp);
807 return;
808 } else {
809
810
811
812
813
814
815 if (!(ifp->flags & IFA_F_OPTIMISTIC))
816 goto out;
817 }
818 }
819
820 idev = ifp->idev;
821 } else {
822 struct net *net = dev_net(dev);
823
824 idev = in6_dev_get(dev);
825 if (!idev) {
826
827 return;
828 }
829
830 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
831 (idev->cnf.forwarding &&
832 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
833 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
834 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
835 skb->pkt_type != PACKET_HOST &&
836 inc != 0 &&
837 idev->nd_parms->proxy_delay != 0) {
838
839
840
841
842
843
844
845 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
846 if (n)
847 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
848 goto out;
849 }
850 } else
851 goto out;
852 }
853
854 if (is_router < 0)
855 is_router = !!idev->cnf.forwarding;
856
857 if (dad) {
858 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &msg->target,
859 is_router, 0, (ifp != NULL), 1);
860 goto out;
861 }
862
863 if (inc)
864 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
865 else
866 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
867
868
869
870
871
872 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
873 !inc || lladdr || !dev->addr_len);
874 if (neigh)
875 neigh_update(neigh, lladdr, NUD_STALE,
876 NEIGH_UPDATE_F_WEAK_OVERRIDE|
877 NEIGH_UPDATE_F_OVERRIDE);
878 if (neigh || !dev->header_ops) {
879 ndisc_send_na(dev, neigh, saddr, &msg->target,
880 is_router,
881 1, (ifp != NULL && inc), inc);
882 if (neigh)
883 neigh_release(neigh);
884 }
885
886out:
887 if (ifp)
888 in6_ifa_put(ifp);
889 else
890 in6_dev_put(idev);
891
892 return;
893}
894
895static void ndisc_recv_na(struct sk_buff *skb)
896{
897 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
898 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
899 struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
900 u8 *lladdr = NULL;
901 u32 ndoptlen = skb->tail - (skb->transport_header +
902 offsetof(struct nd_msg, opt));
903 struct ndisc_options ndopts;
904 struct net_device *dev = skb->dev;
905 struct inet6_ifaddr *ifp;
906 struct neighbour *neigh;
907
908 if (skb->len < sizeof(struct nd_msg)) {
909 ND_PRINTK2(KERN_WARNING
910 "ICMPv6 NA: packet too short\n");
911 return;
912 }
913
914 if (ipv6_addr_is_multicast(&msg->target)) {
915 ND_PRINTK2(KERN_WARNING
916 "ICMPv6 NA: target address is multicast.\n");
917 return;
918 }
919
920 if (ipv6_addr_is_multicast(daddr) &&
921 msg->icmph.icmp6_solicited) {
922 ND_PRINTK2(KERN_WARNING
923 "ICMPv6 NA: solicited NA is multicasted.\n");
924 return;
925 }
926
927 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
928 ND_PRINTK2(KERN_WARNING
929 "ICMPv6 NS: invalid ND option\n");
930 return;
931 }
932 if (ndopts.nd_opts_tgt_lladdr) {
933 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
934 if (!lladdr) {
935 ND_PRINTK2(KERN_WARNING
936 "ICMPv6 NA: invalid link-layer address length\n");
937 return;
938 }
939 }
940 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
941 if (ifp) {
942 if (ifp->flags & IFA_F_TENTATIVE) {
943 addrconf_dad_failure(ifp);
944 return;
945 }
946
947
948
949
950
951
952
953
954
955 if (skb->pkt_type != PACKET_LOOPBACK)
956 ND_PRINTK1(KERN_WARNING
957 "ICMPv6 NA: someone advertises our address %pI6 on %s!\n",
958 &ifp->addr, ifp->idev->dev->name);
959 in6_ifa_put(ifp);
960 return;
961 }
962 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
963
964 if (neigh) {
965 u8 old_flags = neigh->flags;
966 struct net *net = dev_net(dev);
967
968 if (neigh->nud_state & NUD_FAILED)
969 goto out;
970
971
972
973
974
975
976 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
977 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
978 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
979
980 goto out;
981 }
982
983 neigh_update(neigh, lladdr,
984 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
985 NEIGH_UPDATE_F_WEAK_OVERRIDE|
986 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
987 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
988 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0));
989
990 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
991
992
993
994 struct rt6_info *rt;
995 rt = rt6_get_dflt_router(saddr, dev);
996 if (rt)
997 ip6_del_rt(rt);
998 }
999
1000out:
1001 neigh_release(neigh);
1002 }
1003}
1004
1005static void ndisc_recv_rs(struct sk_buff *skb)
1006{
1007 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
1008 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
1009 struct neighbour *neigh;
1010 struct inet6_dev *idev;
1011 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
1012 struct ndisc_options ndopts;
1013 u8 *lladdr = NULL;
1014
1015 if (skb->len < sizeof(*rs_msg))
1016 return;
1017
1018 idev = in6_dev_get(skb->dev);
1019 if (!idev) {
1020 if (net_ratelimit())
1021 ND_PRINTK1("ICMP6 RS: can't find in6 device\n");
1022 return;
1023 }
1024
1025
1026 if (!idev->cnf.forwarding)
1027 goto out;
1028
1029
1030
1031
1032
1033 if (ipv6_addr_any(saddr))
1034 goto out;
1035
1036
1037 if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) {
1038 if (net_ratelimit())
1039 ND_PRINTK2("ICMP6 NS: invalid ND option, ignored\n");
1040 goto out;
1041 }
1042
1043 if (ndopts.nd_opts_src_lladdr) {
1044 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1045 skb->dev);
1046 if (!lladdr)
1047 goto out;
1048 }
1049
1050 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1051 if (neigh) {
1052 neigh_update(neigh, lladdr, NUD_STALE,
1053 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1054 NEIGH_UPDATE_F_OVERRIDE|
1055 NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
1056 neigh_release(neigh);
1057 }
1058out:
1059 in6_dev_put(idev);
1060}
1061
1062static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1063{
1064 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1065 struct sk_buff *skb;
1066 struct nlmsghdr *nlh;
1067 struct nduseroptmsg *ndmsg;
1068 struct net *net = dev_net(ra->dev);
1069 int err;
1070 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1071 + (opt->nd_opt_len << 3));
1072 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1073
1074 skb = nlmsg_new(msg_size, GFP_ATOMIC);
1075 if (skb == NULL) {
1076 err = -ENOBUFS;
1077 goto errout;
1078 }
1079
1080 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1081 if (nlh == NULL) {
1082 goto nla_put_failure;
1083 }
1084
1085 ndmsg = nlmsg_data(nlh);
1086 ndmsg->nduseropt_family = AF_INET6;
1087 ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1088 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1089 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1090 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1091
1092 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1093
1094 NLA_PUT(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr),
1095 &ipv6_hdr(ra)->saddr);
1096 nlmsg_end(skb, nlh);
1097
1098 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1099 return;
1100
1101nla_put_failure:
1102 nlmsg_free(skb);
1103 err = -EMSGSIZE;
1104errout:
1105 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1106}
1107
1108static void ndisc_router_discovery(struct sk_buff *skb)
1109{
1110 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1111 struct neighbour *neigh = NULL;
1112 struct inet6_dev *in6_dev;
1113 struct rt6_info *rt = NULL;
1114 int lifetime;
1115 struct ndisc_options ndopts;
1116 int optlen;
1117 unsigned int pref = 0;
1118
1119 __u8 * opt = (__u8 *)(ra_msg + 1);
1120
1121 optlen = (skb->tail - skb->transport_header) - sizeof(struct ra_msg);
1122
1123 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1124 ND_PRINTK2(KERN_WARNING
1125 "ICMPv6 RA: source address is not link-local.\n");
1126 return;
1127 }
1128 if (optlen < 0) {
1129 ND_PRINTK2(KERN_WARNING
1130 "ICMPv6 RA: packet too short\n");
1131 return;
1132 }
1133
1134#ifdef CONFIG_IPV6_NDISC_NODETYPE
1135 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1136 ND_PRINTK2(KERN_WARNING
1137 "ICMPv6 RA: from host or unauthorized router\n");
1138 return;
1139 }
1140#endif
1141
1142
1143
1144
1145
1146 in6_dev = in6_dev_get(skb->dev);
1147 if (in6_dev == NULL) {
1148 ND_PRINTK0(KERN_ERR
1149 "ICMPv6 RA: can't find inet6 device for %s.\n",
1150 skb->dev->name);
1151 return;
1152 }
1153
1154 if (!ndisc_parse_options(opt, optlen, &ndopts)) {
1155 in6_dev_put(in6_dev);
1156 ND_PRINTK2(KERN_WARNING
1157 "ICMP6 RA: invalid ND options\n");
1158 return;
1159 }
1160
1161
1162 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_ra)
1163 goto skip_linkparms;
1164
1165#ifdef CONFIG_IPV6_NDISC_NODETYPE
1166
1167 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1168 goto skip_linkparms;
1169#endif
1170
1171 if (in6_dev->if_flags & IF_RS_SENT) {
1172
1173
1174
1175
1176 in6_dev->if_flags |= IF_RA_RCVD;
1177 }
1178
1179
1180
1181
1182
1183 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1184 IF_RA_OTHERCONF)) |
1185 (ra_msg->icmph.icmp6_addrconf_managed ?
1186 IF_RA_MANAGED : 0) |
1187 (ra_msg->icmph.icmp6_addrconf_other ?
1188 IF_RA_OTHERCONF : 0);
1189
1190 if (!in6_dev->cnf.accept_ra_defrtr)
1191 goto skip_defrtr;
1192
1193 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1194
1195#ifdef CONFIG_IPV6_ROUTER_PREF
1196 pref = ra_msg->icmph.icmp6_router_pref;
1197
1198 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1199 !in6_dev->cnf.accept_ra_rtr_pref)
1200 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1201#endif
1202
1203 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1204
1205 if (rt)
1206 neigh = rt->rt6i_nexthop;
1207
1208 if (rt && lifetime == 0) {
1209 neigh_clone(neigh);
1210 ip6_del_rt(rt);
1211 rt = NULL;
1212 }
1213
1214 if (rt == NULL && lifetime) {
1215 ND_PRINTK3(KERN_DEBUG
1216 "ICMPv6 RA: adding default router.\n");
1217
1218 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
1219 if (rt == NULL) {
1220 ND_PRINTK0(KERN_ERR
1221 "ICMPv6 RA: %s() failed to add default route.\n",
1222 __func__);
1223 in6_dev_put(in6_dev);
1224 return;
1225 }
1226
1227 neigh = rt->rt6i_nexthop;
1228 if (neigh == NULL) {
1229 ND_PRINTK0(KERN_ERR
1230 "ICMPv6 RA: %s() got default router without neighbour.\n",
1231 __func__);
1232 dst_release(&rt->u.dst);
1233 in6_dev_put(in6_dev);
1234 return;
1235 }
1236 neigh->flags |= NTF_ROUTER;
1237 } else if (rt) {
1238 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1239 }
1240
1241 if (rt)
1242 rt->rt6i_expires = jiffies + (HZ * lifetime);
1243
1244 if (ra_msg->icmph.icmp6_hop_limit) {
1245 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1246 if (rt)
1247 rt->u.dst.metrics[RTAX_HOPLIMIT-1] = ra_msg->icmph.icmp6_hop_limit;
1248 }
1249
1250skip_defrtr:
1251
1252
1253
1254
1255
1256 if (in6_dev->nd_parms) {
1257 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1258
1259 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1260 rtime = (rtime*HZ)/1000;
1261 if (rtime < HZ/10)
1262 rtime = HZ/10;
1263 in6_dev->nd_parms->retrans_time = rtime;
1264 in6_dev->tstamp = jiffies;
1265 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1266 }
1267
1268 rtime = ntohl(ra_msg->reachable_time);
1269 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1270 rtime = (rtime*HZ)/1000;
1271
1272 if (rtime < HZ/10)
1273 rtime = HZ/10;
1274
1275 if (rtime != in6_dev->nd_parms->base_reachable_time) {
1276 in6_dev->nd_parms->base_reachable_time = rtime;
1277 in6_dev->nd_parms->gc_staletime = 3 * rtime;
1278 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1279 in6_dev->tstamp = jiffies;
1280 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1281 }
1282 }
1283 }
1284
1285skip_linkparms:
1286
1287
1288
1289
1290
1291 if (!neigh)
1292 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1293 skb->dev, 1);
1294 if (neigh) {
1295 u8 *lladdr = NULL;
1296 if (ndopts.nd_opts_src_lladdr) {
1297 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1298 skb->dev);
1299 if (!lladdr) {
1300 ND_PRINTK2(KERN_WARNING
1301 "ICMPv6 RA: invalid link-layer address length\n");
1302 goto out;
1303 }
1304 }
1305 neigh_update(neigh, lladdr, NUD_STALE,
1306 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1307 NEIGH_UPDATE_F_OVERRIDE|
1308 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1309 NEIGH_UPDATE_F_ISROUTER);
1310 }
1311
1312
1313 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_ra)
1314 goto out;
1315
1316#ifdef CONFIG_IPV6_ROUTE_INFO
1317 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1318 struct nd_opt_hdr *p;
1319 for (p = ndopts.nd_opts_ri;
1320 p;
1321 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1322 struct route_info *ri = (struct route_info *)p;
1323#ifdef CONFIG_IPV6_NDISC_NODETYPE
1324 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1325 ri->prefix_len == 0)
1326 continue;
1327#endif
1328 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1329 continue;
1330 rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3,
1331 &ipv6_hdr(skb)->saddr);
1332 }
1333 }
1334#endif
1335
1336#ifdef CONFIG_IPV6_NDISC_NODETYPE
1337
1338 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1339 goto out;
1340#endif
1341
1342 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1343 struct nd_opt_hdr *p;
1344 for (p = ndopts.nd_opts_pi;
1345 p;
1346 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1347 addrconf_prefix_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3);
1348 }
1349 }
1350
1351 if (ndopts.nd_opts_mtu) {
1352 __be32 n;
1353 u32 mtu;
1354
1355 memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1356 mtu = ntohl(n);
1357
1358 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1359 ND_PRINTK2(KERN_WARNING
1360 "ICMPv6 RA: invalid mtu: %d\n",
1361 mtu);
1362 } else if (in6_dev->cnf.mtu6 != mtu) {
1363 in6_dev->cnf.mtu6 = mtu;
1364
1365 if (rt)
1366 rt->u.dst.metrics[RTAX_MTU-1] = mtu;
1367
1368 rt6_mtu_change(skb->dev, mtu);
1369 }
1370 }
1371
1372 if (ndopts.nd_useropts) {
1373 struct nd_opt_hdr *p;
1374 for (p = ndopts.nd_useropts;
1375 p;
1376 p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) {
1377 ndisc_ra_useropt(skb, p);
1378 }
1379 }
1380
1381 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1382 ND_PRINTK2(KERN_WARNING
1383 "ICMPv6 RA: invalid RA options");
1384 }
1385out:
1386 if (rt)
1387 dst_release(&rt->u.dst);
1388 else if (neigh)
1389 neigh_release(neigh);
1390 in6_dev_put(in6_dev);
1391}
1392
1393static void ndisc_redirect_rcv(struct sk_buff *skb)
1394{
1395 struct inet6_dev *in6_dev;
1396 struct icmp6hdr *icmph;
1397 struct in6_addr *dest;
1398 struct in6_addr *target;
1399 struct neighbour *neigh;
1400 int on_link = 0;
1401 struct ndisc_options ndopts;
1402 int optlen;
1403 u8 *lladdr = NULL;
1404
1405#ifdef CONFIG_IPV6_NDISC_NODETYPE
1406 switch (skb->ndisc_nodetype) {
1407 case NDISC_NODETYPE_HOST:
1408 case NDISC_NODETYPE_NODEFAULT:
1409 ND_PRINTK2(KERN_WARNING
1410 "ICMPv6 Redirect: from host or unauthorized router\n");
1411 return;
1412 }
1413#endif
1414
1415 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1416 ND_PRINTK2(KERN_WARNING
1417 "ICMPv6 Redirect: source address is not link-local.\n");
1418 return;
1419 }
1420
1421 optlen = skb->tail - skb->transport_header;
1422 optlen -= sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1423
1424 if (optlen < 0) {
1425 ND_PRINTK2(KERN_WARNING
1426 "ICMPv6 Redirect: packet too short\n");
1427 return;
1428 }
1429
1430 icmph = icmp6_hdr(skb);
1431 target = (struct in6_addr *) (icmph + 1);
1432 dest = target + 1;
1433
1434 if (ipv6_addr_is_multicast(dest)) {
1435 ND_PRINTK2(KERN_WARNING
1436 "ICMPv6 Redirect: destination address is multicast.\n");
1437 return;
1438 }
1439
1440 if (ipv6_addr_equal(dest, target)) {
1441 on_link = 1;
1442 } else if (ipv6_addr_type(target) !=
1443 (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1444 ND_PRINTK2(KERN_WARNING
1445 "ICMPv6 Redirect: target address is not link-local unicast.\n");
1446 return;
1447 }
1448
1449 in6_dev = in6_dev_get(skb->dev);
1450 if (!in6_dev)
1451 return;
1452 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects) {
1453 in6_dev_put(in6_dev);
1454 return;
1455 }
1456
1457
1458
1459
1460
1461
1462 if (!ndisc_parse_options((u8*)(dest + 1), optlen, &ndopts)) {
1463 ND_PRINTK2(KERN_WARNING
1464 "ICMPv6 Redirect: invalid ND options\n");
1465 in6_dev_put(in6_dev);
1466 return;
1467 }
1468 if (ndopts.nd_opts_tgt_lladdr) {
1469 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr,
1470 skb->dev);
1471 if (!lladdr) {
1472 ND_PRINTK2(KERN_WARNING
1473 "ICMPv6 Redirect: invalid link-layer address length\n");
1474 in6_dev_put(in6_dev);
1475 return;
1476 }
1477 }
1478
1479 neigh = __neigh_lookup(&nd_tbl, target, skb->dev, 1);
1480 if (neigh) {
1481 rt6_redirect(dest, &ipv6_hdr(skb)->daddr,
1482 &ipv6_hdr(skb)->saddr, neigh, lladdr,
1483 on_link);
1484 neigh_release(neigh);
1485 }
1486 in6_dev_put(in6_dev);
1487}
1488
1489void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh,
1490 const struct in6_addr *target)
1491{
1492 struct net_device *dev = skb->dev;
1493 struct net *net = dev_net(dev);
1494 struct sock *sk = net->ipv6.ndisc_sk;
1495 int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1496 struct sk_buff *buff;
1497 struct icmp6hdr *icmph;
1498 struct in6_addr saddr_buf;
1499 struct in6_addr *addrp;
1500 struct rt6_info *rt;
1501 struct dst_entry *dst;
1502 struct inet6_dev *idev;
1503 struct flowi fl;
1504 u8 *opt;
1505 int rd_len;
1506 int err;
1507 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL;
1508
1509 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1510 ND_PRINTK2(KERN_WARNING
1511 "ICMPv6 Redirect: no link-local address on %s\n",
1512 dev->name);
1513 return;
1514 }
1515
1516 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1517 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1518 ND_PRINTK2(KERN_WARNING
1519 "ICMPv6 Redirect: target address is not link-local unicast.\n");
1520 return;
1521 }
1522
1523 icmpv6_flow_init(sk, &fl, NDISC_REDIRECT,
1524 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1525
1526 dst = ip6_route_output(net, NULL, &fl);
1527 if (dst == NULL)
1528 return;
1529
1530 err = xfrm_lookup(net, &dst, &fl, NULL, 0);
1531 if (err)
1532 return;
1533
1534 rt = (struct rt6_info *) dst;
1535
1536 if (rt->rt6i_flags & RTF_GATEWAY) {
1537 ND_PRINTK2(KERN_WARNING
1538 "ICMPv6 Redirect: destination is not a neighbour.\n");
1539 goto release;
1540 }
1541 if (!xrlim_allow(dst, 1*HZ))
1542 goto release;
1543
1544 if (dev->addr_len) {
1545 read_lock_bh(&neigh->lock);
1546 if (neigh->nud_state & NUD_VALID) {
1547 memcpy(ha_buf, neigh->ha, dev->addr_len);
1548 read_unlock_bh(&neigh->lock);
1549 ha = ha_buf;
1550 len += ndisc_opt_addr_space(dev);
1551 } else
1552 read_unlock_bh(&neigh->lock);
1553 }
1554
1555 rd_len = min_t(unsigned int,
1556 IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8);
1557 rd_len &= ~0x7;
1558 len += rd_len;
1559
1560 buff = sock_alloc_send_skb(sk,
1561 (MAX_HEADER + sizeof(struct ipv6hdr) +
1562 len + LL_ALLOCATED_SPACE(dev)),
1563 1, &err);
1564 if (buff == NULL) {
1565 ND_PRINTK0(KERN_ERR
1566 "ICMPv6 Redirect: %s() failed to allocate an skb, err=%d.\n",
1567 __func__, err);
1568 goto release;
1569 }
1570
1571 skb_reserve(buff, LL_RESERVED_SPACE(dev));
1572 ip6_nd_hdr(sk, buff, dev, &saddr_buf, &ipv6_hdr(skb)->saddr,
1573 IPPROTO_ICMPV6, len);
1574
1575 skb_set_transport_header(buff, skb_tail_pointer(buff) - buff->data);
1576 skb_put(buff, len);
1577 icmph = icmp6_hdr(buff);
1578
1579 memset(icmph, 0, sizeof(struct icmp6hdr));
1580 icmph->icmp6_type = NDISC_REDIRECT;
1581
1582
1583
1584
1585
1586 addrp = (struct in6_addr *)(icmph + 1);
1587 ipv6_addr_copy(addrp, target);
1588 addrp++;
1589 ipv6_addr_copy(addrp, &ipv6_hdr(skb)->daddr);
1590
1591 opt = (u8*) (addrp + 1);
1592
1593
1594
1595
1596
1597 if (ha)
1598 opt = ndisc_fill_addr_option(opt, ND_OPT_TARGET_LL_ADDR, ha,
1599 dev->addr_len, dev->type);
1600
1601
1602
1603
1604
1605 memset(opt, 0, 8);
1606 *(opt++) = ND_OPT_REDIRECT_HDR;
1607 *(opt++) = (rd_len >> 3);
1608 opt += 6;
1609
1610 memcpy(opt, ipv6_hdr(skb), rd_len - 8);
1611
1612 icmph->icmp6_cksum = csum_ipv6_magic(&saddr_buf, &ipv6_hdr(skb)->saddr,
1613 len, IPPROTO_ICMPV6,
1614 csum_partial(icmph, len, 0));
1615
1616 skb_dst_set(buff, dst);
1617 idev = in6_dev_get(dst->dev);
1618 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
1619 err = NF_HOOK(PF_INET6, NF_INET_LOCAL_OUT, buff, NULL, dst->dev,
1620 dst_output);
1621 if (!err) {
1622 ICMP6MSGOUT_INC_STATS(net, idev, NDISC_REDIRECT);
1623 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
1624 }
1625
1626 if (likely(idev != NULL))
1627 in6_dev_put(idev);
1628 return;
1629
1630release:
1631 dst_release(dst);
1632}
1633
1634static void pndisc_redo(struct sk_buff *skb)
1635{
1636 ndisc_recv_ns(skb);
1637 kfree_skb(skb);
1638}
1639
1640int ndisc_rcv(struct sk_buff *skb)
1641{
1642 struct nd_msg *msg;
1643
1644 if (!pskb_may_pull(skb, skb->len))
1645 return 0;
1646
1647 msg = (struct nd_msg *)skb_transport_header(skb);
1648
1649 __skb_push(skb, skb->data - skb_transport_header(skb));
1650
1651 if (ipv6_hdr(skb)->hop_limit != 255) {
1652 ND_PRINTK2(KERN_WARNING
1653 "ICMPv6 NDISC: invalid hop-limit: %d\n",
1654 ipv6_hdr(skb)->hop_limit);
1655 return 0;
1656 }
1657
1658 if (msg->icmph.icmp6_code != 0) {
1659 ND_PRINTK2(KERN_WARNING
1660 "ICMPv6 NDISC: invalid ICMPv6 code: %d\n",
1661 msg->icmph.icmp6_code);
1662 return 0;
1663 }
1664
1665 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1666
1667 switch (msg->icmph.icmp6_type) {
1668 case NDISC_NEIGHBOUR_SOLICITATION:
1669 ndisc_recv_ns(skb);
1670 break;
1671
1672 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1673 ndisc_recv_na(skb);
1674 break;
1675
1676 case NDISC_ROUTER_SOLICITATION:
1677 ndisc_recv_rs(skb);
1678 break;
1679
1680 case NDISC_ROUTER_ADVERTISEMENT:
1681 ndisc_router_discovery(skb);
1682 break;
1683
1684 case NDISC_REDIRECT:
1685 ndisc_redirect_rcv(skb);
1686 break;
1687 }
1688
1689 return 0;
1690}
1691
1692static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1693{
1694 struct net_device *dev = ptr;
1695 struct net *net = dev_net(dev);
1696
1697 switch (event) {
1698 case NETDEV_CHANGEADDR:
1699 neigh_changeaddr(&nd_tbl, dev);
1700 fib6_run_gc(~0UL, net);
1701 break;
1702 case NETDEV_DOWN:
1703 neigh_ifdown(&nd_tbl, dev);
1704 fib6_run_gc(~0UL, net);
1705 break;
1706 default:
1707 break;
1708 }
1709
1710 return NOTIFY_DONE;
1711}
1712
1713static struct notifier_block ndisc_netdev_notifier = {
1714 .notifier_call = ndisc_netdev_event,
1715};
1716
1717#ifdef CONFIG_SYSCTL
1718static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1719 const char *func, const char *dev_name)
1720{
1721 static char warncomm[TASK_COMM_LEN];
1722 static int warned;
1723 if (strcmp(warncomm, current->comm) && warned < 5) {
1724 strcpy(warncomm, current->comm);
1725 printk(KERN_WARNING
1726 "process `%s' is using deprecated sysctl (%s) "
1727 "net.ipv6.neigh.%s.%s; "
1728 "Use net.ipv6.neigh.%s.%s_ms "
1729 "instead.\n",
1730 warncomm, func,
1731 dev_name, ctl->procname,
1732 dev_name, ctl->procname);
1733 warned++;
1734 }
1735}
1736
1737int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
1738{
1739 struct net_device *dev = ctl->extra1;
1740 struct inet6_dev *idev;
1741 int ret;
1742
1743 if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1744 (strcmp(ctl->procname, "base_reachable_time") == 0))
1745 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1746
1747 if (strcmp(ctl->procname, "retrans_time") == 0)
1748 ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
1749
1750 else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1751 ret = proc_dointvec_jiffies(ctl, write,
1752 buffer, lenp, ppos);
1753
1754 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1755 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1756 ret = proc_dointvec_ms_jiffies(ctl, write,
1757 buffer, lenp, ppos);
1758 else
1759 ret = -1;
1760
1761 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1762 if (ctl->data == &idev->nd_parms->base_reachable_time)
1763 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time);
1764 idev->tstamp = jiffies;
1765 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1766 in6_dev_put(idev);
1767 }
1768 return ret;
1769}
1770
1771int ndisc_ifinfo_sysctl_strategy(ctl_table *ctl,
1772 void __user *oldval, size_t __user *oldlenp,
1773 void __user *newval, size_t newlen)
1774{
1775 struct net_device *dev = ctl->extra1;
1776 struct inet6_dev *idev;
1777 int ret;
1778
1779 if (ctl->ctl_name == NET_NEIGH_RETRANS_TIME ||
1780 ctl->ctl_name == NET_NEIGH_REACHABLE_TIME)
1781 ndisc_warn_deprecated_sysctl(ctl, "procfs", dev ? dev->name : "default");
1782
1783 switch (ctl->ctl_name) {
1784 case NET_NEIGH_REACHABLE_TIME:
1785 ret = sysctl_jiffies(ctl, oldval, oldlenp, newval, newlen);
1786 break;
1787 case NET_NEIGH_RETRANS_TIME_MS:
1788 case NET_NEIGH_REACHABLE_TIME_MS:
1789 ret = sysctl_ms_jiffies(ctl, oldval, oldlenp, newval, newlen);
1790 break;
1791 default:
1792 ret = 0;
1793 }
1794
1795 if (newval && newlen && ret > 0 &&
1796 dev && (idev = in6_dev_get(dev)) != NULL) {
1797 if (ctl->ctl_name == NET_NEIGH_REACHABLE_TIME ||
1798 ctl->ctl_name == NET_NEIGH_REACHABLE_TIME_MS)
1799 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time);
1800 idev->tstamp = jiffies;
1801 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1802 in6_dev_put(idev);
1803 }
1804
1805 return ret;
1806}
1807
1808#endif
1809
1810static int ndisc_net_init(struct net *net)
1811{
1812 struct ipv6_pinfo *np;
1813 struct sock *sk;
1814 int err;
1815
1816 err = inet_ctl_sock_create(&sk, PF_INET6,
1817 SOCK_RAW, IPPROTO_ICMPV6, net);
1818 if (err < 0) {
1819 ND_PRINTK0(KERN_ERR
1820 "ICMPv6 NDISC: Failed to initialize the control socket (err %d).\n",
1821 err);
1822 return err;
1823 }
1824
1825 net->ipv6.ndisc_sk = sk;
1826
1827 np = inet6_sk(sk);
1828 np->hop_limit = 255;
1829
1830 np->mc_loop = 0;
1831
1832 return 0;
1833}
1834
1835static void ndisc_net_exit(struct net *net)
1836{
1837 inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1838}
1839
1840static struct pernet_operations ndisc_net_ops = {
1841 .init = ndisc_net_init,
1842 .exit = ndisc_net_exit,
1843};
1844
1845int __init ndisc_init(void)
1846{
1847 int err;
1848
1849 err = register_pernet_subsys(&ndisc_net_ops);
1850 if (err)
1851 return err;
1852
1853
1854
1855 neigh_table_init(&nd_tbl);
1856
1857#ifdef CONFIG_SYSCTL
1858 err = neigh_sysctl_register(NULL, &nd_tbl.parms, NET_IPV6,
1859 NET_IPV6_NEIGH, "ipv6",
1860 &ndisc_ifinfo_sysctl_change,
1861 &ndisc_ifinfo_sysctl_strategy);
1862 if (err)
1863 goto out_unregister_pernet;
1864#endif
1865 err = register_netdevice_notifier(&ndisc_netdev_notifier);
1866 if (err)
1867 goto out_unregister_sysctl;
1868out:
1869 return err;
1870
1871out_unregister_sysctl:
1872#ifdef CONFIG_SYSCTL
1873 neigh_sysctl_unregister(&nd_tbl.parms);
1874out_unregister_pernet:
1875#endif
1876 unregister_pernet_subsys(&ndisc_net_ops);
1877 goto out;
1878}
1879
1880void ndisc_cleanup(void)
1881{
1882 unregister_netdevice_notifier(&ndisc_netdev_notifier);
1883#ifdef CONFIG_SYSCTL
1884 neigh_sysctl_unregister(&nd_tbl.parms);
1885#endif
1886 neigh_table_clear(&nd_tbl);
1887 unregister_pernet_subsys(&ndisc_net_ops);
1888}
1889