LXR linux/net/ipv6/ndisc.c

   1/*
   2 *      Neighbour Discovery for IPv6
   3 *      Linux INET6 implementation
   4 *
   5 *      Authors:
   6 *      Pedro Roque             <roque@di.fc.ul.pt>
   7 *      Mike Shaver             <shaver@ingenia.com>
   8 *
   9 *      This program is free software; you can redistribute it and/or
  10 *      modify it under the terms of the GNU General Public License
  11 *      as published by the Free Software Foundation; either version
  12 *      2 of the License, or (at your option) any later version.
  13 */
  14
  15/*
  16 *      Changes:
  17 *
  18 *      Alexey I. Froloff               :       RFC6106 (DNSSL) support
  19 *      Pierre Ynard                    :       export userland ND options
  20 *                                              through netlink (RDNSS support)
  21 *      Lars Fenneberg                  :       fixed MTU setting on receipt
  22 *                                              of an RA.
  23 *      Janos Farkas                    :       kmalloc failure checks
  24 *      Alexey Kuznetsov                :       state machine reworked
  25 *                                              and moved to net/core.
  26 *      Pekka Savola                    :       RFC2461 validation
  27 *      YOSHIFUJI Hideaki @USAGI        :       Verify ND options properly
  28 */
  29
  30#define pr_fmt(fmt) "ICMPv6: " fmt
  31
  32#include <linux/module.h>
  33#include <linux/errno.h>
  34#include <linux/types.h>
  35#include <linux/socket.h>
  36#include <linux/sockios.h>
  37#include <linux/sched.h>
  38#include <linux/net.h>
  39#include <linux/in6.h>
  40#include <linux/route.h>
  41#include <linux/init.h>
  42#include <linux/rcupdate.h>
  43#include <linux/slab.h>
  44#ifdef CONFIG_SYSCTL
  45#include <linux/sysctl.h>
  46#endif
  47
  48#include <linux/if_addr.h>
  49#include <linux/if_arp.h>
  50#include <linux/ipv6.h>
  51#include <linux/icmpv6.h>
  52#include <linux/jhash.h>
  53
  54#include <net/sock.h>
  55#include <net/snmp.h>
  56
  57#include <net/ipv6.h>
  58#include <net/protocol.h>
  59#include <net/ndisc.h>
  60#include <net/ip6_route.h>
  61#include <net/addrconf.h>
  62#include <net/icmp.h>
  63
  64#include <net/netlink.h>
  65#include <linux/rtnetlink.h>
  66
  67#include <net/flow.h>
  68#include <net/ip6_checksum.h>
  69#include <net/inet_common.h>
  70#include <linux/proc_fs.h>
  71
  72#include <linux/netfilter.h>
  73#include <linux/netfilter_ipv6.h>
  74
  75/* Set to 3 to get tracing... */
  76#define ND_DEBUG 1
  77
  78#define ND_PRINTK(val, level, fmt, ...)                         \
  79do {                                                            \
  80        if (val <= ND_DEBUG)                                    \
  81                net_##level##_ratelimited(fmt, ##__VA_ARGS__);  \
  82} while (0)
  83
  84static u32 ndisc_hash(const void *pkey,
  85                      const struct net_device *dev,
  86                      __u32 *hash_rnd);
  87static int ndisc_constructor(struct neighbour *neigh);
  88static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
  89static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
  90static int pndisc_constructor(struct pneigh_entry *n);
  91static void pndisc_destructor(struct pneigh_entry *n);
  92static void pndisc_redo(struct sk_buff *skb);
  93
  94static const struct neigh_ops ndisc_generic_ops = {
  95        .family =               AF_INET6,
  96        .solicit =              ndisc_solicit,
  97        .error_report =         ndisc_error_report,
  98        .output =               neigh_resolve_output,
  99        .connected_output =     neigh_connected_output,
 100};
 101
 102static const struct neigh_ops ndisc_hh_ops = {
 103        .family =               AF_INET6,
 104        .solicit =              ndisc_solicit,
 105        .error_report =         ndisc_error_report,
 106        .output =               neigh_resolve_output,
 107        .connected_output =     neigh_resolve_output,
 108};
 109
 110
 111static const struct neigh_ops ndisc_direct_ops = {
 112        .family =               AF_INET6,
 113        .output =               neigh_direct_output,
 114        .connected_output =     neigh_direct_output,
 115};
 116
 117struct neigh_table nd_tbl = {
 118        .family =       AF_INET6,
 119        .key_len =      sizeof(struct in6_addr),
 120        .hash =         ndisc_hash,
 121        .constructor =  ndisc_constructor,
 122        .pconstructor = pndisc_constructor,
 123        .pdestructor =  pndisc_destructor,
 124        .proxy_redo =   pndisc_redo,
 125        .id =           "ndisc_cache",
 126        .parms = {
 127                .tbl                    = &nd_tbl,
 128                .base_reachable_time    = ND_REACHABLE_TIME,
 129                .retrans_time           = ND_RETRANS_TIMER,
 130                .gc_staletime           = 60 * HZ,
 131                .reachable_time         = ND_REACHABLE_TIME,
 132                .delay_probe_time       = 5 * HZ,
 133                .queue_len_bytes        = 64*1024,
 134                .ucast_probes           = 3,
 135                .mcast_probes           = 3,
 136                .anycast_delay          = 1 * HZ,
 137                .proxy_delay            = (8 * HZ) / 10,
 138                .proxy_qlen             = 64,
 139        },
 140        .gc_interval =    30 * HZ,
 141        .gc_thresh1 =    128,
 142        .gc_thresh2 =    512,
 143        .gc_thresh3 =   1024,
 144};
 145
 146static void ndisc_fill_addr_option(struct sk_buff *skb, int type, void *data)
 147{
 148        int pad   = ndisc_addr_option_pad(skb->dev->type);
 149        int data_len = skb->dev->addr_len;
 150        int space = ndisc_opt_addr_space(skb->dev);
 151        u8 *opt = skb_put(skb, space);
 152
 153        opt[0] = type;
 154        opt[1] = space>>3;
 155
 156        memset(opt + 2, 0, pad);
 157        opt   += pad;
 158        space -= pad;
 159
 160        memcpy(opt+2, data, data_len);
 161        data_len += 2;
 162        opt += data_len;
 163        if ((space -= data_len) > 0)
 164                memset(opt, 0, space);
 165}
 166
 167static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
 168                                            struct nd_opt_hdr *end)
 169{
 170        int type;
 171        if (!cur || !end || cur >= end)
 172                return NULL;
 173        type = cur->nd_opt_type;
 174        do {
 175                cur = ((void *)cur) + (cur->nd_opt_len << 3);
 176        } while(cur < end && cur->nd_opt_type != type);
 177        return cur <= end && cur->nd_opt_type == type ? cur : NULL;
 178}
 179
 180static inline int ndisc_is_useropt(struct nd_opt_hdr *opt)
 181{
 182        return opt->nd_opt_type == ND_OPT_RDNSS ||
 183                opt->nd_opt_type == ND_OPT_DNSSL;
 184}
 185
 186static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur,
 187                                             struct nd_opt_hdr *end)
 188{
 189        if (!cur || !end || cur >= end)
 190                return NULL;
 191        do {
 192                cur = ((void *)cur) + (cur->nd_opt_len << 3);
 193        } while(cur < end && !ndisc_is_useropt(cur));
 194        return cur <= end && ndisc_is_useropt(cur) ? cur : NULL;
 195}
 196
 197struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
 198                                          struct ndisc_options *ndopts)
 199{
 200        struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
 201
 202        if (!nd_opt || opt_len < 0 || !ndopts)
 203                return NULL;
 204        memset(ndopts, 0, sizeof(*ndopts));
 205        while (opt_len) {
 206                int l;
 207                if (opt_len < sizeof(struct nd_opt_hdr))
 208                        return NULL;
 209                l = nd_opt->nd_opt_len << 3;
 210                if (opt_len < l || l == 0)
 211                        return NULL;
 212                switch (nd_opt->nd_opt_type) {
 213                case ND_OPT_SOURCE_LL_ADDR:
 214                case ND_OPT_TARGET_LL_ADDR:
 215                case ND_OPT_MTU:
 216                case ND_OPT_REDIRECT_HDR:
 217                        if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
 218                                ND_PRINTK(2, warn,
 219                                          "%s: duplicated ND6 option found: type=%d\n",
 220                                          __func__, nd_opt->nd_opt_type);
 221                        } else {
 222                                ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
 223                        }
 224                        break;
 225                case ND_OPT_PREFIX_INFO:
 226                        ndopts->nd_opts_pi_end = nd_opt;
 227                        if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
 228                                ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
 229                        break;
 230#ifdef CONFIG_IPV6_ROUTE_INFO
 231                case ND_OPT_ROUTE_INFO:
 232                        ndopts->nd_opts_ri_end = nd_opt;
 233                        if (!ndopts->nd_opts_ri)
 234                                ndopts->nd_opts_ri = nd_opt;
 235                        break;
 236#endif
 237                default:
 238                        if (ndisc_is_useropt(nd_opt)) {
 239                                ndopts->nd_useropts_end = nd_opt;
 240                                if (!ndopts->nd_useropts)
 241                                        ndopts->nd_useropts = nd_opt;
 242                        } else {
 243                                /*
 244                                 * Unknown options must be silently ignored,
 245                                 * to accommodate future extension to the
 246                                 * protocol.
 247                                 */
 248                                ND_PRINTK(2, notice,
 249                                          "%s: ignored unsupported option; type=%d, len=%d\n",
 250                                          __func__,
 251                                          nd_opt->nd_opt_type,
 252                                          nd_opt->nd_opt_len);
 253                        }
 254                }
 255                opt_len -= l;
 256                nd_opt = ((void *)nd_opt) + l;
 257        }
 258        return ndopts;
 259}
 260
 261int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
 262{
 263        switch (dev->type) {
 264        case ARPHRD_ETHER:
 265        case ARPHRD_IEEE802:    /* Not sure. Check it later. --ANK */
 266        case ARPHRD_FDDI:
 267                ipv6_eth_mc_map(addr, buf);
 268                return 0;
 269        case ARPHRD_ARCNET:
 270                ipv6_arcnet_mc_map(addr, buf);
 271                return 0;
 272        case ARPHRD_INFINIBAND:
 273                ipv6_ib_mc_map(addr, dev->broadcast, buf);
 274                return 0;
 275        case ARPHRD_IPGRE:
 276                return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
 277        default:
 278                if (dir) {
 279                        memcpy(buf, dev->broadcast, dev->addr_len);
 280                        return 0;
 281                }
 282        }
 283        return -EINVAL;
 284}
 285
 286EXPORT_SYMBOL(ndisc_mc_map);
 287
 288static u32 ndisc_hash(const void *pkey,
 289                      const struct net_device *dev,
 290                      __u32 *hash_rnd)
 291{
 292        return ndisc_hashfn(pkey, dev, hash_rnd);
 293}
 294
 295static int ndisc_constructor(struct neighbour *neigh)
 296{
 297        struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key;
 298        struct net_device *dev = neigh->dev;
 299        struct inet6_dev *in6_dev;
 300        struct neigh_parms *parms;
 301        bool is_multicast = ipv6_addr_is_multicast(addr);
 302
 303        in6_dev = in6_dev_get(dev);
 304        if (in6_dev == NULL) {
 305                return -EINVAL;
 306        }
 307
 308        parms = in6_dev->nd_parms;
 309        __neigh_parms_put(neigh->parms);
 310        neigh->parms = neigh_parms_clone(parms);
 311
 312        neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
 313        if (!dev->header_ops) {
 314                neigh->nud_state = NUD_NOARP;
 315                neigh->ops = &ndisc_direct_ops;
 316                neigh->output = neigh_direct_output;
 317        } else {
 318                if (is_multicast) {
 319                        neigh->nud_state = NUD_NOARP;
 320                        ndisc_mc_map(addr, neigh->ha, dev, 1);
 321                } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
 322                        neigh->nud_state = NUD_NOARP;
 323                        memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
 324                        if (dev->flags&IFF_LOOPBACK)
 325                                neigh->type = RTN_LOCAL;
 326                } else if (dev->flags&IFF_POINTOPOINT) {
 327                        neigh->nud_state = NUD_NOARP;
 328                        memcpy(neigh->ha, dev->broadcast, dev->addr_len);
 329                }
 330                if (dev->header_ops->cache)
 331                        neigh->ops = &ndisc_hh_ops;
 332                else
 333                        neigh->ops = &ndisc_generic_ops;
 334                if (neigh->nud_state&NUD_VALID)
 335                        neigh->output = neigh->ops->connected_output;
 336                else
 337                        neigh->output = neigh->ops->output;
 338        }
 339        in6_dev_put(in6_dev);
 340        return 0;
 341}
 342
 343static int pndisc_constructor(struct pneigh_entry *n)
 344{
 345        struct in6_addr *addr = (struct in6_addr*)&n->key;
 346        struct in6_addr maddr;
 347        struct net_device *dev = n->dev;
 348
 349        if (dev == NULL || __in6_dev_get(dev) == NULL)
 350                return -EINVAL;
 351        addrconf_addr_solict_mult(addr, &maddr);
 352        ipv6_dev_mc_inc(dev, &maddr);
 353        return 0;
 354}
 355
 356static void pndisc_destructor(struct pneigh_entry *n)
 357{
 358        struct in6_addr *addr = (struct in6_addr*)&n->key;
 359        struct in6_addr maddr;
 360        struct net_device *dev = n->dev;
 361
 362        if (dev == NULL || __in6_dev_get(dev) == NULL)
 363                return;
 364        addrconf_addr_solict_mult(addr, &maddr);
 365        ipv6_dev_mc_dec(dev, &maddr);
 366}
 367
 368static struct sk_buff *ndisc_alloc_skb(struct net_device *dev,
 369                                       int len)
 370{
 371        int hlen = LL_RESERVED_SPACE(dev);
 372        int tlen = dev->needed_tailroom;
 373        struct sock *sk = dev_net(dev)->ipv6.ndisc_sk;
 374        struct sk_buff *skb;
 375        int err;
 376
 377        skb = sock_alloc_send_skb(sk,
 378                                  hlen + sizeof(struct ipv6hdr) + len + tlen,
 379                                  1, &err);
 380        if (!skb) {
 381                ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb, err=%d\n",
 382                          __func__, err);
 383                return NULL;
 384        }
 385
 386        skb->protocol = htons(ETH_P_IPV6);
 387        skb->dev = dev;
 388
 389        skb_reserve(skb, hlen + sizeof(struct ipv6hdr));
 390        skb_reset_transport_header(skb);
 391
 392        return skb;
 393}
 394
 395static void ip6_nd_hdr(struct sk_buff *skb,
 396                       const struct in6_addr *saddr,
 397                       const struct in6_addr *daddr,
 398                       int hop_limit, int len)
 399{
 400        struct ipv6hdr *hdr;
 401
 402        skb_push(skb, sizeof(*hdr));
 403        skb_reset_network_header(skb);
 404        hdr = ipv6_hdr(skb);
 405
 406        ip6_flow_hdr(hdr, 0, 0);
 407
 408        hdr->payload_len = htons(len);
 409        hdr->nexthdr = IPPROTO_ICMPV6;
 410        hdr->hop_limit = hop_limit;
 411
 412        hdr->saddr = *saddr;
 413        hdr->daddr = *daddr;
 414}
 415
 416static void ndisc_send_skb(struct sk_buff *skb,
 417                           const struct in6_addr *daddr,
 418                           const struct in6_addr *saddr)
 419{
 420        struct dst_entry *dst = skb_dst(skb);
 421        struct net *net = dev_net(skb->dev);
 422        struct sock *sk = net->ipv6.ndisc_sk;
 423        struct inet6_dev *idev;
 424        int err;
 425        struct icmp6hdr *icmp6h = icmp6_hdr(skb);
 426        u8 type;
 427
 428        type = icmp6h->icmp6_type;
 429
 430        if (!dst) {
 431                struct sock *sk = net->ipv6.ndisc_sk;
 432                struct flowi6 fl6;
 433
 434                icmpv6_flow_init(sk, &fl6, type, saddr, daddr, skb->dev->ifindex);
 435                dst = icmp6_dst_alloc(skb->dev, &fl6);
 436                if (IS_ERR(dst)) {
 437                        kfree_skb(skb);
 438                        return;
 439                }
 440
 441                skb_dst_set(skb, dst);
 442        }
 443
 444        icmp6h->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len,
 445                                              IPPROTO_ICMPV6,
 446                                              csum_partial(icmp6h,
 447                                                           skb->len, 0));
 448
 449        ip6_nd_hdr(skb, saddr, daddr, inet6_sk(sk)->hop_limit, skb->len);
 450
 451        rcu_read_lock();
 452        idev = __in6_dev_get(dst->dev);
 453        IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
 454
 455        err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev,
 456                      dst_output);
 457        if (!err) {
 458                ICMP6MSGOUT_INC_STATS(net, idev, type);
 459                ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
 460        }
 461
 462        rcu_read_unlock();
 463}
 464
 465static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
 466                          const struct in6_addr *daddr,
 467                          const struct in6_addr *solicited_addr,
 468                          bool router, bool solicited, bool override, bool inc_opt)
 469{
 470        struct sk_buff *skb;
 471        struct in6_addr tmpaddr;
 472        struct inet6_ifaddr *ifp;
 473        const struct in6_addr *src_addr;
 474        struct nd_msg *msg;
 475        int optlen = 0;
 476
 477        /* for anycast or proxy, solicited_addr != src_addr */
 478        ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
 479        if (ifp) {
 480                src_addr = solicited_addr;
 481                if (ifp->flags & IFA_F_OPTIMISTIC)
 482                        override = 0;
 483                inc_opt |= ifp->idev->cnf.force_tllao;
 484                in6_ifa_put(ifp);
 485        } else {
 486                if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
 487                                       inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
 488                                       &tmpaddr))
 489                        return;
 490                src_addr = &tmpaddr;
 491        }
 492
 493        if (!dev->addr_len)
 494                inc_opt = 0;
 495        if (inc_opt)
 496                optlen += ndisc_opt_addr_space(dev);
 497
 498        skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
 499        if (!skb)
 500                return;
 501
 502        msg = (struct nd_msg *)skb_put(skb, sizeof(*msg));
 503        *msg = (struct nd_msg) {
 504                .icmph = {
 505                        .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
 506                        .icmp6_router = router,
 507                        .icmp6_solicited = solicited,
 508                        .icmp6_override = override,
 509                },
 510                .target = *solicited_addr,
 511        };
 512
 513        if (inc_opt)
 514                ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR,
 515                                       dev->dev_addr);
 516
 517
 518        ndisc_send_skb(skb, daddr, src_addr);
 519}
 520
 521static void ndisc_send_unsol_na(struct net_device *dev)
 522{
 523        struct inet6_dev *idev;
 524        struct inet6_ifaddr *ifa;
 525
 526        idev = in6_dev_get(dev);
 527        if (!idev)
 528                return;
 529
 530        read_lock_bh(&idev->lock);
 531        list_for_each_entry(ifa, &idev->addr_list, if_list) {
 532                ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &ifa->addr,
 533                              /*router=*/ !!idev->cnf.forwarding,
 534                              /*solicited=*/ false, /*override=*/ true,
 535                              /*inc_opt=*/ true);
 536        }
 537        read_unlock_bh(&idev->lock);
 538
 539        in6_dev_put(idev);
 540}
 541
 542void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh,
 543                   const struct in6_addr *solicit,
 544                   const struct in6_addr *daddr, const struct in6_addr *saddr)
 545{
 546        struct sk_buff *skb;
 547        struct in6_addr addr_buf;
 548        int inc_opt = dev->addr_len;
 549        int optlen = 0;
 550        struct nd_msg *msg;
 551
 552        if (saddr == NULL) {
 553                if (ipv6_get_lladdr(dev, &addr_buf,
 554                                   (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
 555                        return;
 556                saddr = &addr_buf;
 557        }
 558
 559        if (ipv6_addr_any(saddr))
 560                inc_opt = 0;
 561        if (inc_opt)
 562                optlen += ndisc_opt_addr_space(dev);
 563
 564        skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
 565        if (!skb)
 566                return;
 567
 568        msg = (struct nd_msg *)skb_put(skb, sizeof(*msg));
 569        *msg = (struct nd_msg) {
 570                .icmph = {
 571                        .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
 572                },
 573                .target = *solicit,
 574        };
 575
 576        if (inc_opt)
 577                ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
 578                                       dev->dev_addr);
 579
 580        ndisc_send_skb(skb, daddr, saddr);
 581}
 582
 583void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
 584                   const struct in6_addr *daddr)
 585{
 586        struct sk_buff *skb;
 587        struct rs_msg *msg;
 588        int send_sllao = dev->addr_len;
 589        int optlen = 0;
 590
 591#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
 592        /*
 593         * According to section 2.2 of RFC 4429, we must not
 594         * send router solicitations with a sllao from
 595         * optimistic addresses, but we may send the solicitation
 596         * if we don't include the sllao.  So here we check
 597         * if our address is optimistic, and if so, we
 598         * suppress the inclusion of the sllao.
 599         */
 600        if (send_sllao) {
 601                struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
 602                                                           dev, 1);
 603                if (ifp) {
 604                        if (ifp->flags & IFA_F_OPTIMISTIC)  {
 605                                send_sllao = 0;
 606                        }
 607                        in6_ifa_put(ifp);
 608                } else {
 609                        send_sllao = 0;
 610                }
 611        }
 612#endif
 613        if (send_sllao)
 614                optlen += ndisc_opt_addr_space(dev);
 615
 616        skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
 617        if (!skb)
 618                return;
 619
 620        msg = (struct rs_msg *)skb_put(skb, sizeof(*msg));
 621        *msg = (struct rs_msg) {
 622                .icmph = {
 623                        .icmp6_type = NDISC_ROUTER_SOLICITATION,
 624                },
 625        };
 626
 627        if (send_sllao)
 628                ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
 629                                       dev->dev_addr);
 630
 631        ndisc_send_skb(skb, daddr, saddr);
 632}
 633
 634
 635static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
 636{
 637        /*
 638         *      "The sender MUST return an ICMP
 639         *       destination unreachable"
 640         */
 641        dst_link_failure(skb);
 642        kfree_skb(skb);
 643}
 644
 645/* Called with locked neigh: either read or both */
 646
 647static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
 648{
 649        struct in6_addr *saddr = NULL;
 650        struct in6_addr mcaddr;
 651        struct net_device *dev = neigh->dev;
 652        struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
 653        int probes = atomic_read(&neigh->probes);
 654
 655        if (skb && ipv6_chk_addr(dev_net(dev), &ipv6_hdr(skb)->saddr, dev, 1))
 656                saddr = &ipv6_hdr(skb)->saddr;
 657
 658        if ((probes -= neigh->parms->ucast_probes) < 0) {
 659                if (!(neigh->nud_state & NUD_VALID)) {
 660                        ND_PRINTK(1, dbg,
 661                                  "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
 662                                  __func__, target);
 663                }
 664                ndisc_send_ns(dev, neigh, target, target, saddr);
 665        } else if ((probes -= neigh->parms->app_probes) < 0) {
 666#ifdef CONFIG_ARPD
 667                neigh_app_ns(neigh);
 668#endif
 669        } else {
 670                addrconf_addr_solict_mult(target, &mcaddr);
 671                ndisc_send_ns(dev, NULL, target, &mcaddr, saddr);
 672        }
 673}
 674
 675static int pndisc_is_router(const void *pkey,
 676                            struct net_device *dev)
 677{
 678        struct pneigh_entry *n;
 679        int ret = -1;
 680
 681        read_lock_bh(&nd_tbl.lock);
 682        n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
 683        if (n)
 684                ret = !!(n->flags & NTF_ROUTER);
 685        read_unlock_bh(&nd_tbl.lock);
 686
 687        return ret;
 688}
 689
 690static void ndisc_recv_ns(struct sk_buff *skb)
 691{
 692        struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
 693        const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
 694        const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
 695        u8 *lladdr = NULL;
 696        u32 ndoptlen = skb->tail - (skb->transport_header +
 697                                    offsetof(struct nd_msg, opt));
 698        struct ndisc_options ndopts;
 699        struct net_device *dev = skb->dev;
 700        struct inet6_ifaddr *ifp;
 701        struct inet6_dev *idev = NULL;
 702        struct neighbour *neigh;
 703        int dad = ipv6_addr_any(saddr);
 704        bool inc;
 705        int is_router = -1;
 706
 707        if (skb->len < sizeof(struct nd_msg)) {
 708                ND_PRINTK(2, warn, "NS: packet too short\n");
 709                return;
 710        }
 711
 712        if (ipv6_addr_is_multicast(&msg->target)) {
 713                ND_PRINTK(2, warn, "NS: multicast target address\n");
 714                return;
 715        }
 716
 717        /*
 718         * RFC2461 7.1.1:
 719         * DAD has to be destined for solicited node multicast address.
 720         */
 721        if (dad && !ipv6_addr_is_solict_mult(daddr)) {
 722                ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
 723                return;
 724        }
 725
 726        if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
 727                ND_PRINTK(2, warn, "NS: invalid ND options\n");
 728                return;
 729        }
 730
 731        if (ndopts.nd_opts_src_lladdr) {
 732                lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
 733                if (!lladdr) {
 734                        ND_PRINTK(2, warn,
 735                                  "NS: invalid link-layer address length\n");
 736                        return;
 737                }
 738
 739                /* RFC2461 7.1.1:
 740                 *      If the IP source address is the unspecified address,
 741                 *      there MUST NOT be source link-layer address option
 742                 *      in the message.
 743                 */
 744                if (dad) {
 745                        ND_PRINTK(2, warn,
 746                                  "NS: bad DAD packet (link-layer address option)\n");
 747                        return;
 748                }
 749        }
 750
 751        inc = ipv6_addr_is_multicast(daddr);
 752
 753        ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
 754        if (ifp) {
 755
 756                if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
 757                        if (dad) {
 758                                /*
 759                                 * We are colliding with another node
 760                                 * who is doing DAD
 761                                 * so fail our DAD process
 762                                 */
 763                                addrconf_dad_failure(ifp);
 764                                return;
 765                        } else {
 766                                /*
 767                                 * This is not a dad solicitation.
 768                                 * If we are an optimistic node,
 769                                 * we should respond.
 770                                 * Otherwise, we should ignore it.
 771                                 */
 772                                if (!(ifp->flags & IFA_F_OPTIMISTIC))
 773                                        goto out;
 774                        }
 775                }
 776
 777                idev = ifp->idev;
 778        } else {
 779                struct net *net = dev_net(dev);
 780
 781                idev = in6_dev_get(dev);
 782                if (!idev) {
 783                        /* XXX: count this drop? */
 784                        return;
 785                }
 786
 787                if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
 788                    (idev->cnf.forwarding &&
 789                     (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
 790                     (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
 791                        if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
 792                            skb->pkt_type != PACKET_HOST &&
 793                            inc != 0 &&
 794                            idev->nd_parms->proxy_delay != 0) {
 795                                /*
 796                                 * for anycast or proxy,
 797                                 * sender should delay its response
 798                                 * by a random time between 0 and
 799                                 * MAX_ANYCAST_DELAY_TIME seconds.
 800                                 * (RFC2461) -- yoshfuji
 801                                 */
 802                                struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
 803                                if (n)
 804                                        pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
 805                                goto out;
 806                        }
 807                } else
 808                        goto out;
 809        }
 810
 811        if (is_router < 0)
 812                is_router = idev->cnf.forwarding;
 813
 814        if (dad) {
 815                ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &msg->target,
 816                              !!is_router, false, (ifp != NULL), true);
 817                goto out;
 818        }
 819
 820        if (inc)
 821                NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
 822        else
 823                NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
 824
 825        /*
 826         *      update / create cache entry
 827         *      for the source address
 828         */
 829        neigh = __neigh_lookup(&nd_tbl, saddr, dev,
 830                               !inc || lladdr || !dev->addr_len);
 831        if (neigh)
 832                neigh_update(neigh, lladdr, NUD_STALE,
 833                             NEIGH_UPDATE_F_WEAK_OVERRIDE|
 834                             NEIGH_UPDATE_F_OVERRIDE);
 835        if (neigh || !dev->header_ops) {
 836                ndisc_send_na(dev, neigh, saddr, &msg->target,
 837                              !!is_router,
 838                              true, (ifp != NULL && inc), inc);
 839                if (neigh)
 840                        neigh_release(neigh);
 841        }
 842
 843out:
 844        if (ifp)
 845                in6_ifa_put(ifp);
 846        else
 847                in6_dev_put(idev);
 848}
 849
 850static void ndisc_recv_na(struct sk_buff *skb)
 851{
 852        struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
 853        const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
 854        const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
 855        u8 *lladdr = NULL;
 856        u32 ndoptlen = skb->tail - (skb->transport_header +
 857                                    offsetof(struct nd_msg, opt));
 858        struct ndisc_options ndopts;
 859        struct net_device *dev = skb->dev;
 860        struct inet6_ifaddr *ifp;
 861        struct neighbour *neigh;
 862
 863        if (skb->len < sizeof(struct nd_msg)) {
 864                ND_PRINTK(2, warn, "NA: packet too short\n");
 865                return;
 866        }
 867
 868        if (ipv6_addr_is_multicast(&msg->target)) {
 869                ND_PRINTK(2, warn, "NA: target address is multicast\n");
 870                return;
 871        }
 872
 873        if (ipv6_addr_is_multicast(daddr) &&
 874            msg->icmph.icmp6_solicited) {
 875                ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
 876                return;
 877        }
 878
 879        if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
 880                ND_PRINTK(2, warn, "NS: invalid ND option\n");
 881                return;
 882        }
 883        if (ndopts.nd_opts_tgt_lladdr) {
 884                lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
 885                if (!lladdr) {
 886                        ND_PRINTK(2, warn,
 887                                  "NA: invalid link-layer address length\n");
 888                        return;
 889                }
 890        }
 891        ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
 892        if (ifp) {
 893                if (skb->pkt_type != PACKET_LOOPBACK
 894                    && (ifp->flags & IFA_F_TENTATIVE)) {
 895                                addrconf_dad_failure(ifp);
 896                                return;
 897                }
 898                /* What should we make now? The advertisement
 899                   is invalid, but ndisc specs say nothing
 900                   about it. It could be misconfiguration, or
 901                   an smart proxy agent tries to help us :-)
 902
 903                   We should not print the error if NA has been
 904                   received from loopback - it is just our own
 905                   unsolicited advertisement.
 906                 */
 907                if (skb->pkt_type != PACKET_LOOPBACK)
 908                        ND_PRINTK(1, warn,
 909                                  "NA: someone advertises our address %pI6 on %s!\n",
 910                                  &ifp->addr, ifp->idev->dev->name);
 911                in6_ifa_put(ifp);
 912                return;
 913        }
 914        neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
 915
 916        if (neigh) {
 917                u8 old_flags = neigh->flags;
 918                struct net *net = dev_net(dev);
 919
 920                if (neigh->nud_state & NUD_FAILED)
 921                        goto out;
 922
 923                /*
 924                 * Don't update the neighbor cache entry on a proxy NA from
 925                 * ourselves because either the proxied node is off link or it
 926                 * has already sent a NA to us.
 927                 */
 928                if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
 929                    net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
 930                    pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
 931                        /* XXX: idev->cnf.proxy_ndp */
 932                        goto out;
 933                }
 934
 935                neigh_update(neigh, lladdr,
 936                             msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
 937                             NEIGH_UPDATE_F_WEAK_OVERRIDE|
 938                             (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
 939                             NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
 940                             (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0));
 941
 942                if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
 943                        /*
 944                         * Change: router to host
 945                         */
 946                        struct rt6_info *rt;
 947                        rt = rt6_get_dflt_router(saddr, dev);
 948                        if (rt)
 949                                ip6_del_rt(rt);
 950                }
 951
 952out:
 953                neigh_release(neigh);
 954        }
 955}
 956
 957static void ndisc_recv_rs(struct sk_buff *skb)
 958{
 959        struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
 960        unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
 961        struct neighbour *neigh;
 962        struct inet6_dev *idev;
 963        const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
 964        struct ndisc_options ndopts;
 965        u8 *lladdr = NULL;
 966
 967        if (skb->len < sizeof(*rs_msg))
 968                return;
 969
 970        idev = __in6_dev_get(skb->dev);
 971        if (!idev) {
 972                ND_PRINTK(1, err, "RS: can't find in6 device\n");
 973                return;
 974        }
 975
 976        /* Don't accept RS if we're not in router mode */
 977        if (!idev->cnf.forwarding)
 978                goto out;
 979
 980        /*
 981         * Don't update NCE if src = ::;
 982         * this implies that the source node has no ip address assigned yet.
 983         */
 984        if (ipv6_addr_any(saddr))
 985                goto out;
 986
 987        /* Parse ND options */
 988        if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) {
 989                ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n");
 990                goto out;
 991        }
 992
 993        if (ndopts.nd_opts_src_lladdr) {
 994                lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
 995                                             skb->dev);
 996                if (!lladdr)
 997                        goto out;
 998        }
 999
1000        neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);

1001        if (neigh) {
1002                neigh_update(neigh, lladdr, NUD_STALE,
1003                             NEIGH_UPDATE_F_WEAK_OVERRIDE|
1004                             NEIGH_UPDATE_F_OVERRIDE|
1005                             NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
1006                neigh_release(neigh);
1007        }
1008out:
1009        return;
1010}
1011
1012static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1013{
1014        struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1015        struct sk_buff *skb;
1016        struct nlmsghdr *nlh;
1017        struct nduseroptmsg *ndmsg;
1018        struct net *net = dev_net(ra->dev);
1019        int err;
1020        int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1021                                    + (opt->nd_opt_len << 3));
1022        size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1023
1024        skb = nlmsg_new(msg_size, GFP_ATOMIC);
1025        if (skb == NULL) {
1026                err = -ENOBUFS;
1027                goto errout;
1028        }
1029
1030        nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1031        if (nlh == NULL) {
1032                goto nla_put_failure;
1033        }
1034
1035        ndmsg = nlmsg_data(nlh);
1036        ndmsg->nduseropt_family = AF_INET6;
1037        ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1038        ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1039        ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1040        ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1041
1042        memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1043
1044        if (nla_put(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr),
1045                    &ipv6_hdr(ra)->saddr))
1046                goto nla_put_failure;
1047        nlmsg_end(skb, nlh);
1048
1049        rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1050        return;
1051
1052nla_put_failure:
1053        nlmsg_free(skb);
1054        err = -EMSGSIZE;
1055errout:
1056        rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1057}
1058
1059static void ndisc_router_discovery(struct sk_buff *skb)
1060{
1061        struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1062        struct neighbour *neigh = NULL;
1063        struct inet6_dev *in6_dev;
1064        struct rt6_info *rt = NULL;
1065        int lifetime;
1066        struct ndisc_options ndopts;
1067        int optlen;
1068        unsigned int pref = 0;
1069
1070        __u8 * opt = (__u8 *)(ra_msg + 1);
1071
1072        optlen = (skb->tail - skb->transport_header) - sizeof(struct ra_msg);
1073
1074        if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1075                ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1076                return;
1077        }
1078        if (optlen < 0) {
1079                ND_PRINTK(2, warn, "RA: packet too short\n");
1080                return;
1081        }
1082
1083#ifdef CONFIG_IPV6_NDISC_NODETYPE
1084        if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1085                ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
1086                return;
1087        }
1088#endif
1089
1090        /*
1091         *      set the RA_RECV flag in the interface
1092         */
1093
1094        in6_dev = __in6_dev_get(skb->dev);
1095        if (in6_dev == NULL) {
1096                ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1097                          skb->dev->name);
1098                return;
1099        }
1100
1101        if (!ndisc_parse_options(opt, optlen, &ndopts)) {
1102                ND_PRINTK(2, warn, "RA: invalid ND options\n");
1103                return;
1104        }
1105
1106        if (!ipv6_accept_ra(in6_dev))
1107                goto skip_linkparms;
1108
1109#ifdef CONFIG_IPV6_NDISC_NODETYPE
1110        /* skip link-specific parameters from interior routers */
1111        if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1112                goto skip_linkparms;
1113#endif
1114
1115        if (in6_dev->if_flags & IF_RS_SENT) {
1116                /*
1117                 *      flag that an RA was received after an RS was sent
1118                 *      out on this interface.
1119                 */
1120                in6_dev->if_flags |= IF_RA_RCVD;
1121        }
1122
1123        /*
1124         * Remember the managed/otherconf flags from most recently
1125         * received RA message (RFC 2462) -- yoshfuji
1126         */
1127        in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1128                                IF_RA_OTHERCONF)) |
1129                                (ra_msg->icmph.icmp6_addrconf_managed ?
1130                                        IF_RA_MANAGED : 0) |
1131                                (ra_msg->icmph.icmp6_addrconf_other ?
1132                                        IF_RA_OTHERCONF : 0);
1133
1134        if (!in6_dev->cnf.accept_ra_defrtr)
1135                goto skip_defrtr;
1136
1137        if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0))
1138                goto skip_defrtr;
1139
1140        lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1141
1142#ifdef CONFIG_IPV6_ROUTER_PREF
1143        pref = ra_msg->icmph.icmp6_router_pref;
1144        /* 10b is handled as if it were 00b (medium) */
1145        if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1146            !in6_dev->cnf.accept_ra_rtr_pref)
1147                pref = ICMPV6_ROUTER_PREF_MEDIUM;
1148#endif
1149
1150        rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1151
1152        if (rt) {
1153                neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1154                if (!neigh) {
1155                        ND_PRINTK(0, err,
1156                                  "RA: %s got default router without neighbour\n",
1157                                  __func__);
1158                        ip6_rt_put(rt);
1159                        return;
1160                }
1161        }
1162        if (rt && lifetime == 0) {
1163                ip6_del_rt(rt);
1164                rt = NULL;
1165        }
1166
1167        if (rt == NULL && lifetime) {
1168                ND_PRINTK(3, dbg, "RA: adding default router\n");
1169
1170                rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
1171                if (rt == NULL) {
1172                        ND_PRINTK(0, err,
1173                                  "RA: %s failed to add default route\n",
1174                                  __func__);
1175                        return;
1176                }
1177
1178                neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1179                if (neigh == NULL) {
1180                        ND_PRINTK(0, err,
1181                                  "RA: %s got default router without neighbour\n",
1182                                  __func__);
1183                        ip6_rt_put(rt);
1184                        return;
1185                }
1186                neigh->flags |= NTF_ROUTER;
1187        } else if (rt) {
1188                rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1189        }
1190
1191        if (rt)
1192                rt6_set_expires(rt, jiffies + (HZ * lifetime));
1193        if (ra_msg->icmph.icmp6_hop_limit) {
1194                in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1195                if (rt)
1196                        dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
1197                                       ra_msg->icmph.icmp6_hop_limit);
1198        }
1199
1200skip_defrtr:
1201
1202        /*
1203         *      Update Reachable Time and Retrans Timer
1204         */
1205
1206        if (in6_dev->nd_parms) {
1207                unsigned long rtime = ntohl(ra_msg->retrans_timer);
1208
1209                if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1210                        rtime = (rtime*HZ)/1000;
1211                        if (rtime < HZ/10)
1212                                rtime = HZ/10;
1213                        in6_dev->nd_parms->retrans_time = rtime;
1214                        in6_dev->tstamp = jiffies;
1215                        inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1216                }
1217
1218                rtime = ntohl(ra_msg->reachable_time);
1219                if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1220                        rtime = (rtime*HZ)/1000;
1221
1222                        if (rtime < HZ/10)
1223                                rtime = HZ/10;
1224
1225                        if (rtime != in6_dev->nd_parms->base_reachable_time) {
1226                                in6_dev->nd_parms->base_reachable_time = rtime;
1227                                in6_dev->nd_parms->gc_staletime = 3 * rtime;
1228                                in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1229                                in6_dev->tstamp = jiffies;
1230                                inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1231                        }
1232                }
1233        }
1234
1235skip_linkparms:
1236
1237        /*
1238         *      Process options.
1239         */
1240
1241        if (!neigh)
1242                neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1243                                       skb->dev, 1);
1244        if (neigh) {
1245                u8 *lladdr = NULL;
1246                if (ndopts.nd_opts_src_lladdr) {
1247                        lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1248                                                     skb->dev);
1249                        if (!lladdr) {
1250                                ND_PRINTK(2, warn,
1251                                          "RA: invalid link-layer address length\n");
1252                                goto out;
1253                        }
1254                }
1255                neigh_update(neigh, lladdr, NUD_STALE,
1256                             NEIGH_UPDATE_F_WEAK_OVERRIDE|
1257                             NEIGH_UPDATE_F_OVERRIDE|
1258                             NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1259                             NEIGH_UPDATE_F_ISROUTER);
1260        }
1261
1262        if (!ipv6_accept_ra(in6_dev))
1263                goto out;
1264
1265#ifdef CONFIG_IPV6_ROUTE_INFO
1266        if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0))
1267                goto skip_routeinfo;
1268
1269        if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1270                struct nd_opt_hdr *p;
1271                for (p = ndopts.nd_opts_ri;
1272                     p;
1273                     p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1274                        struct route_info *ri = (struct route_info *)p;
1275#ifdef CONFIG_IPV6_NDISC_NODETYPE
1276                        if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1277                            ri->prefix_len == 0)
1278                                continue;
1279#endif
1280                        if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1281                                continue;
1282                        rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3,
1283                                      &ipv6_hdr(skb)->saddr);
1284                }
1285        }
1286
1287skip_routeinfo:
1288#endif
1289
1290#ifdef CONFIG_IPV6_NDISC_NODETYPE
1291        /* skip link-specific ndopts from interior routers */
1292        if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1293                goto out;
1294#endif
1295
1296        if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1297                struct nd_opt_hdr *p;
1298                for (p = ndopts.nd_opts_pi;
1299                     p;
1300                     p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1301                        addrconf_prefix_rcv(skb->dev, (u8 *)p,
1302                                            (p->nd_opt_len) << 3,
1303                                            ndopts.nd_opts_src_lladdr != NULL);
1304                }
1305        }
1306
1307        if (ndopts.nd_opts_mtu) {
1308                __be32 n;
1309                u32 mtu;
1310
1311                memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1312                mtu = ntohl(n);
1313
1314                if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1315                        ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1316                } else if (in6_dev->cnf.mtu6 != mtu) {
1317                        in6_dev->cnf.mtu6 = mtu;
1318
1319                        if (rt)
1320                                dst_metric_set(&rt->dst, RTAX_MTU, mtu);
1321
1322                        rt6_mtu_change(skb->dev, mtu);
1323                }
1324        }
1325
1326        if (ndopts.nd_useropts) {
1327                struct nd_opt_hdr *p;
1328                for (p = ndopts.nd_useropts;
1329                     p;
1330                     p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) {
1331                        ndisc_ra_useropt(skb, p);
1332                }
1333        }
1334
1335        if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1336                ND_PRINTK(2, warn, "RA: invalid RA options\n");
1337        }
1338out:
1339        ip6_rt_put(rt);
1340        if (neigh)
1341                neigh_release(neigh);
1342}
1343
1344static void ndisc_redirect_rcv(struct sk_buff *skb)
1345{
1346        u8 *hdr;
1347        struct ndisc_options ndopts;
1348        struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb);
1349        u32 ndoptlen = skb->tail - (skb->transport_header +
1350                                    offsetof(struct rd_msg, opt));
1351
1352#ifdef CONFIG_IPV6_NDISC_NODETYPE
1353        switch (skb->ndisc_nodetype) {
1354        case NDISC_NODETYPE_HOST:
1355        case NDISC_NODETYPE_NODEFAULT:
1356                ND_PRINTK(2, warn,
1357                          "Redirect: from host or unauthorized router\n");
1358                return;
1359        }
1360#endif
1361
1362        if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1363                ND_PRINTK(2, warn,
1364                          "Redirect: source address is not link-local\n");
1365                return;
1366        }
1367
1368        if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts))
1369                return;
1370
1371        if (!ndopts.nd_opts_rh)
1372                return;
1373
1374        hdr = (u8 *)ndopts.nd_opts_rh;
1375        hdr += 8;
1376        if (!pskb_pull(skb, hdr - skb_transport_header(skb)))
1377                return;
1378
1379        icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1380}
1381
1382static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb,
1383                                           struct sk_buff *orig_skb,
1384                                           int rd_len)
1385{
1386        u8 *opt = skb_put(skb, rd_len);
1387
1388        memset(opt, 0, 8);
1389        *(opt++) = ND_OPT_REDIRECT_HDR;
1390        *(opt++) = (rd_len >> 3);
1391        opt += 6;
1392
1393        memcpy(opt, ipv6_hdr(orig_skb), rd_len - 8);
1394}
1395
1396void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1397{
1398        struct net_device *dev = skb->dev;
1399        struct net *net = dev_net(dev);
1400        struct sock *sk = net->ipv6.ndisc_sk;
1401        int optlen = 0;
1402        struct inet_peer *peer;
1403        struct sk_buff *buff;
1404        struct rd_msg *msg;
1405        struct in6_addr saddr_buf;
1406        struct rt6_info *rt;
1407        struct dst_entry *dst;
1408        struct flowi6 fl6;
1409        int rd_len;
1410        u8 ha_buf[MAX_ADDR_LEN], *ha = NULL;
1411        bool ret;
1412
1413        if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1414                ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1415                          dev->name);
1416                return;
1417        }
1418
1419        if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1420            ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1421                ND_PRINTK(2, warn,
1422                          "Redirect: target address is not link-local unicast\n");
1423                return;
1424        }
1425
1426        icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1427                         &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1428
1429        dst = ip6_route_output(net, NULL, &fl6);
1430        if (dst->error) {
1431                dst_release(dst);
1432                return;
1433        }
1434        dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1435        if (IS_ERR(dst))
1436                return;
1437
1438        rt = (struct rt6_info *) dst;
1439
1440        if (rt->rt6i_flags & RTF_GATEWAY) {
1441                ND_PRINTK(2, warn,
1442                          "Redirect: destination is not a neighbour\n");
1443                goto release;
1444        }
1445        peer = inet_getpeer_v6(net->ipv6.peers, &rt->rt6i_dst.addr, 1);
1446        ret = inet_peer_xrlim_allow(peer, 1*HZ);
1447        if (peer)
1448                inet_putpeer(peer);
1449        if (!ret)
1450                goto release;
1451
1452        if (dev->addr_len) {
1453                struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1454                if (!neigh) {
1455                        ND_PRINTK(2, warn,
1456                                  "Redirect: no neigh for target address\n");
1457                        goto release;
1458                }
1459
1460                read_lock_bh(&neigh->lock);
1461                if (neigh->nud_state & NUD_VALID) {
1462                        memcpy(ha_buf, neigh->ha, dev->addr_len);
1463                        read_unlock_bh(&neigh->lock);
1464                        ha = ha_buf;
1465                        optlen += ndisc_opt_addr_space(dev);
1466                } else
1467                        read_unlock_bh(&neigh->lock);
1468
1469                neigh_release(neigh);
1470        }
1471
1472        rd_len = min_t(unsigned int,
1473                       IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen,
1474                       skb->len + 8);
1475        rd_len &= ~0x7;
1476        optlen += rd_len;
1477
1478        buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
1479        if (!buff)
1480                goto release;
1481
1482        msg = (struct rd_msg *)skb_put(buff, sizeof(*msg));
1483        *msg = (struct rd_msg) {
1484                .icmph = {
1485                        .icmp6_type = NDISC_REDIRECT,
1486                },
1487                .target = *target,
1488                .dest = ipv6_hdr(skb)->daddr,
1489        };
1490
1491        /*
1492         *      include target_address option
1493         */
1494
1495        if (ha)
1496                ndisc_fill_addr_option(buff, ND_OPT_TARGET_LL_ADDR, ha);
1497
1498        /*
1499         *      build redirect option and copy skb over to the new packet.
1500         */
1501
1502        if (rd_len)
1503                ndisc_fill_redirect_hdr_option(buff, skb, rd_len);
1504
1505        skb_dst_set(buff, dst);
1506        ndisc_send_skb(buff, &ipv6_hdr(skb)->saddr, &saddr_buf);
1507        return;
1508
1509release:
1510        dst_release(dst);
1511}
1512
1513static void pndisc_redo(struct sk_buff *skb)
1514{
1515        ndisc_recv_ns(skb);
1516        kfree_skb(skb);
1517}
1518
1519int ndisc_rcv(struct sk_buff *skb)
1520{
1521        struct nd_msg *msg;
1522
1523        if (skb_linearize(skb))
1524                return 0;
1525
1526        msg = (struct nd_msg *)skb_transport_header(skb);
1527
1528        __skb_push(skb, skb->data - skb_transport_header(skb));
1529
1530        if (ipv6_hdr(skb)->hop_limit != 255) {
1531                ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1532                          ipv6_hdr(skb)->hop_limit);
1533                return 0;
1534        }
1535
1536        if (msg->icmph.icmp6_code != 0) {
1537                ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1538                          msg->icmph.icmp6_code);
1539                return 0;
1540        }
1541
1542        memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1543
1544        switch (msg->icmph.icmp6_type) {
1545        case NDISC_NEIGHBOUR_SOLICITATION:
1546                ndisc_recv_ns(skb);
1547                break;
1548
1549        case NDISC_NEIGHBOUR_ADVERTISEMENT:
1550                ndisc_recv_na(skb);
1551                break;
1552
1553        case NDISC_ROUTER_SOLICITATION:
1554                ndisc_recv_rs(skb);
1555                break;
1556
1557        case NDISC_ROUTER_ADVERTISEMENT:
1558                ndisc_router_discovery(skb);
1559                break;
1560
1561        case NDISC_REDIRECT:
1562                ndisc_redirect_rcv(skb);
1563                break;
1564        }
1565
1566        return 0;
1567}
1568
1569static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1570{
1571        struct net_device *dev = ptr;
1572        struct net *net = dev_net(dev);
1573        struct inet6_dev *idev;
1574
1575        switch (event) {
1576        case NETDEV_CHANGEADDR:
1577                neigh_changeaddr(&nd_tbl, dev);
1578                fib6_run_gc(~0UL, net);
1579                idev = in6_dev_get(dev);
1580                if (!idev)
1581                        break;
1582                if (idev->cnf.ndisc_notify)
1583                        ndisc_send_unsol_na(dev);
1584                in6_dev_put(idev);
1585                break;
1586        case NETDEV_DOWN:
1587                neigh_ifdown(&nd_tbl, dev);
1588                fib6_run_gc(~0UL, net);
1589                break;
1590        case NETDEV_NOTIFY_PEERS:
1591                ndisc_send_unsol_na(dev);
1592                break;
1593        default:
1594                break;
1595        }
1596
1597        return NOTIFY_DONE;
1598}
1599
1600static struct notifier_block ndisc_netdev_notifier = {
1601        .notifier_call = ndisc_netdev_event,
1602};
1603
1604#ifdef CONFIG_SYSCTL
1605static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1606                                         const char *func, const char *dev_name)
1607{
1608        static char warncomm[TASK_COMM_LEN];
1609        static int warned;
1610        if (strcmp(warncomm, current->comm) && warned < 5) {
1611                strcpy(warncomm, current->comm);
1612                pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1613                        warncomm, func,
1614                        dev_name, ctl->procname,
1615                        dev_name, ctl->procname);
1616                warned++;
1617        }
1618}
1619
1620int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
1621{
1622        struct net_device *dev = ctl->extra1;
1623        struct inet6_dev *idev;
1624        int ret;
1625
1626        if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1627            (strcmp(ctl->procname, "base_reachable_time") == 0))
1628                ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1629
1630        if (strcmp(ctl->procname, "retrans_time") == 0)
1631                ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
1632
1633        else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1634                ret = proc_dointvec_jiffies(ctl, write,
1635                                            buffer, lenp, ppos);
1636
1637        else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1638                 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1639                ret = proc_dointvec_ms_jiffies(ctl, write,
1640                                               buffer, lenp, ppos);
1641        else
1642                ret = -1;
1643
1644        if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1645                if (ctl->data == &idev->nd_parms->base_reachable_time)
1646                        idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time);
1647                idev->tstamp = jiffies;
1648                inet6_ifinfo_notify(RTM_NEWLINK, idev);
1649                in6_dev_put(idev);
1650        }
1651        return ret;
1652}
1653
1654
1655#endif
1656
1657static int __net_init ndisc_net_init(struct net *net)
1658{
1659        struct ipv6_pinfo *np;
1660        struct sock *sk;
1661        int err;
1662
1663        err = inet_ctl_sock_create(&sk, PF_INET6,
1664                                   SOCK_RAW, IPPROTO_ICMPV6, net);
1665        if (err < 0) {
1666                ND_PRINTK(0, err,
1667                          "NDISC: Failed to initialize the control socket (err %d)\n",
1668                          err);
1669                return err;
1670        }
1671
1672        net->ipv6.ndisc_sk = sk;
1673
1674        np = inet6_sk(sk);
1675        np->hop_limit = 255;
1676        /* Do not loopback ndisc messages */
1677        np->mc_loop = 0;
1678
1679        return 0;
1680}
1681
1682static void __net_exit ndisc_net_exit(struct net *net)
1683{
1684        inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1685}
1686
1687static struct pernet_operations ndisc_net_ops = {
1688        .init = ndisc_net_init,
1689        .exit = ndisc_net_exit,
1690};
1691
1692int __init ndisc_init(void)
1693{
1694        int err;
1695
1696        err = register_pernet_subsys(&ndisc_net_ops);
1697        if (err)
1698                return err;
1699        /*
1700         * Initialize the neighbour table
1701         */
1702        neigh_table_init(&nd_tbl);
1703
1704#ifdef CONFIG_SYSCTL
1705        err = neigh_sysctl_register(NULL, &nd_tbl.parms, "ipv6",
1706                                    &ndisc_ifinfo_sysctl_change);
1707        if (err)
1708                goto out_unregister_pernet;
1709#endif
1710        err = register_netdevice_notifier(&ndisc_netdev_notifier);
1711        if (err)
1712                goto out_unregister_sysctl;
1713out:
1714        return err;
1715
1716out_unregister_sysctl:
1717#ifdef CONFIG_SYSCTL
1718        neigh_sysctl_unregister(&nd_tbl.parms);
1719out_unregister_pernet:
1720#endif
1721        unregister_pernet_subsys(&ndisc_net_ops);
1722        goto out;
1723}
1724
1725void ndisc_cleanup(void)
1726{
1727        unregister_netdevice_notifier(&ndisc_netdev_notifier);
1728#ifdef CONFIG_SYSCTL
1729        neigh_sysctl_unregister(&nd_tbl.parms);
1730#endif
1731        neigh_table_clear(&nd_tbl);
1732        unregister_pernet_subsys(&ndisc_net_ops);
1733}
1734