LXR linux/net/ipv6/ndisc.c

   1/*
   2 *      Neighbour Discovery for IPv6
   3 *      Linux INET6 implementation
   4 *
   5 *      Authors:
   6 *      Pedro Roque             <roque@di.fc.ul.pt>
   7 *      Mike Shaver             <shaver@ingenia.com>
   8 *
   9 *      This program is free software; you can redistribute it and/or
  10 *      modify it under the terms of the GNU General Public License
  11 *      as published by the Free Software Foundation; either version
  12 *      2 of the License, or (at your option) any later version.
  13 */
  14
  15/*
  16 *      Changes:
  17 *
  18 *      Alexey I. Froloff               :       RFC6106 (DNSSL) support
  19 *      Pierre Ynard                    :       export userland ND options
  20 *                                              through netlink (RDNSS support)
  21 *      Lars Fenneberg                  :       fixed MTU setting on receipt
  22 *                                              of an RA.
  23 *      Janos Farkas                    :       kmalloc failure checks
  24 *      Alexey Kuznetsov                :       state machine reworked
  25 *                                              and moved to net/core.
  26 *      Pekka Savola                    :       RFC2461 validation
  27 *      YOSHIFUJI Hideaki @USAGI        :       Verify ND options properly
  28 */
  29
  30#define pr_fmt(fmt) "ICMPv6: " fmt
  31
  32#include <linux/module.h>
  33#include <linux/errno.h>
  34#include <linux/types.h>
  35#include <linux/socket.h>
  36#include <linux/sockios.h>
  37#include <linux/sched.h>
  38#include <linux/net.h>
  39#include <linux/in6.h>
  40#include <linux/route.h>
  41#include <linux/init.h>
  42#include <linux/rcupdate.h>
  43#include <linux/slab.h>
  44#ifdef CONFIG_SYSCTL
  45#include <linux/sysctl.h>
  46#endif
  47
  48#include <linux/if_addr.h>
  49#include <linux/if_arp.h>
  50#include <linux/ipv6.h>
  51#include <linux/icmpv6.h>
  52#include <linux/jhash.h>
  53
  54#include <net/sock.h>
  55#include <net/snmp.h>
  56
  57#include <net/ipv6.h>
  58#include <net/protocol.h>
  59#include <net/ndisc.h>
  60#include <net/ip6_route.h>
  61#include <net/addrconf.h>
  62#include <net/icmp.h>
  63
  64#include <net/netlink.h>
  65#include <linux/rtnetlink.h>
  66
  67#include <net/flow.h>
  68#include <net/ip6_checksum.h>
  69#include <net/inet_common.h>
  70#include <linux/proc_fs.h>
  71
  72#include <linux/netfilter.h>
  73#include <linux/netfilter_ipv6.h>
  74
  75/* Set to 3 to get tracing... */
  76#define ND_DEBUG 1
  77
  78#define ND_PRINTK(val, level, fmt, ...)                         \
  79do {                                                            \
  80        if (val <= ND_DEBUG)                                    \
  81                net_##level##_ratelimited(fmt, ##__VA_ARGS__);  \
  82} while (0)
  83
  84static u32 ndisc_hash(const void *pkey,
  85                      const struct net_device *dev,
  86                      __u32 *hash_rnd);
  87static int ndisc_constructor(struct neighbour *neigh);
  88static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
  89static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
  90static int pndisc_constructor(struct pneigh_entry *n);
  91static void pndisc_destructor(struct pneigh_entry *n);
  92static void pndisc_redo(struct sk_buff *skb);
  93
  94static const struct neigh_ops ndisc_generic_ops = {
  95        .family =               AF_INET6,
  96        .solicit =              ndisc_solicit,
  97        .error_report =         ndisc_error_report,
  98        .output =               neigh_resolve_output,
  99        .connected_output =     neigh_connected_output,
 100};
 101
 102static const struct neigh_ops ndisc_hh_ops = {
 103        .family =               AF_INET6,
 104        .solicit =              ndisc_solicit,
 105        .error_report =         ndisc_error_report,
 106        .output =               neigh_resolve_output,
 107        .connected_output =     neigh_resolve_output,
 108};
 109
 110
 111static const struct neigh_ops ndisc_direct_ops = {
 112        .family =               AF_INET6,
 113        .output =               neigh_direct_output,
 114        .connected_output =     neigh_direct_output,
 115};
 116
 117struct neigh_table nd_tbl = {
 118        .family =       AF_INET6,
 119        .key_len =      sizeof(struct in6_addr),
 120        .hash =         ndisc_hash,
 121        .constructor =  ndisc_constructor,
 122        .pconstructor = pndisc_constructor,
 123        .pdestructor =  pndisc_destructor,
 124        .proxy_redo =   pndisc_redo,
 125        .id =           "ndisc_cache",
 126        .parms = {
 127                .tbl                    = &nd_tbl,
 128                .base_reachable_time    = ND_REACHABLE_TIME,
 129                .retrans_time           = ND_RETRANS_TIMER,
 130                .gc_staletime           = 60 * HZ,
 131                .reachable_time         = ND_REACHABLE_TIME,
 132                .delay_probe_time       = 5 * HZ,
 133                .queue_len_bytes        = 64*1024,
 134                .ucast_probes           = 3,
 135                .mcast_probes           = 3,
 136                .anycast_delay          = 1 * HZ,
 137                .proxy_delay            = (8 * HZ) / 10,
 138                .proxy_qlen             = 64,
 139        },
 140        .gc_interval =    30 * HZ,
 141        .gc_thresh1 =    128,
 142        .gc_thresh2 =    512,
 143        .gc_thresh3 =   1024,
 144};
 145
 146static void ndisc_fill_addr_option(struct sk_buff *skb, int type, void *data)
 147{
 148        int pad   = ndisc_addr_option_pad(skb->dev->type);
 149        int data_len = skb->dev->addr_len;
 150        int space = ndisc_opt_addr_space(skb->dev);
 151        u8 *opt = skb_put(skb, space);
 152
 153        opt[0] = type;
 154        opt[1] = space>>3;
 155
 156        memset(opt + 2, 0, pad);
 157        opt   += pad;
 158        space -= pad;
 159
 160        memcpy(opt+2, data, data_len);
 161        data_len += 2;
 162        opt += data_len;
 163        if ((space -= data_len) > 0)
 164                memset(opt, 0, space);
 165}
 166
 167static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
 168                                            struct nd_opt_hdr *end)
 169{
 170        int type;
 171        if (!cur || !end || cur >= end)
 172                return NULL;
 173        type = cur->nd_opt_type;
 174        do {
 175                cur = ((void *)cur) + (cur->nd_opt_len << 3);
 176        } while(cur < end && cur->nd_opt_type != type);
 177        return cur <= end && cur->nd_opt_type == type ? cur : NULL;
 178}
 179
 180static inline int ndisc_is_useropt(struct nd_opt_hdr *opt)
 181{
 182        return opt->nd_opt_type == ND_OPT_RDNSS ||
 183                opt->nd_opt_type == ND_OPT_DNSSL;
 184}
 185
 186static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur,
 187                                             struct nd_opt_hdr *end)
 188{
 189        if (!cur || !end || cur >= end)
 190                return NULL;
 191        do {
 192                cur = ((void *)cur) + (cur->nd_opt_len << 3);
 193        } while(cur < end && !ndisc_is_useropt(cur));
 194        return cur <= end && ndisc_is_useropt(cur) ? cur : NULL;
 195}
 196
 197struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
 198                                          struct ndisc_options *ndopts)
 199{
 200        struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
 201
 202        if (!nd_opt || opt_len < 0 || !ndopts)
 203                return NULL;
 204        memset(ndopts, 0, sizeof(*ndopts));
 205        while (opt_len) {
 206                int l;
 207                if (opt_len < sizeof(struct nd_opt_hdr))
 208                        return NULL;
 209                l = nd_opt->nd_opt_len << 3;
 210                if (opt_len < l || l == 0)
 211                        return NULL;
 212                switch (nd_opt->nd_opt_type) {
 213                case ND_OPT_SOURCE_LL_ADDR:
 214                case ND_OPT_TARGET_LL_ADDR:
 215                case ND_OPT_MTU:
 216                case ND_OPT_REDIRECT_HDR:
 217                        if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
 218                                ND_PRINTK(2, warn,
 219                                          "%s: duplicated ND6 option found: type=%d\n",
 220                                          __func__, nd_opt->nd_opt_type);
 221                        } else {
 222                                ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
 223                        }
 224                        break;
 225                case ND_OPT_PREFIX_INFO:
 226                        ndopts->nd_opts_pi_end = nd_opt;
 227                        if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
 228                                ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
 229                        break;
 230#ifdef CONFIG_IPV6_ROUTE_INFO
 231                case ND_OPT_ROUTE_INFO:
 232                        ndopts->nd_opts_ri_end = nd_opt;
 233                        if (!ndopts->nd_opts_ri)
 234                                ndopts->nd_opts_ri = nd_opt;
 235                        break;
 236#endif
 237                default:
 238                        if (ndisc_is_useropt(nd_opt)) {
 239                                ndopts->nd_useropts_end = nd_opt;
 240                                if (!ndopts->nd_useropts)
 241                                        ndopts->nd_useropts = nd_opt;
 242                        } else {
 243                                /*
 244                                 * Unknown options must be silently ignored,
 245                                 * to accommodate future extension to the
 246                                 * protocol.
 247                                 */
 248                                ND_PRINTK(2, notice,
 249                                          "%s: ignored unsupported option; type=%d, len=%d\n",
 250                                          __func__,
 251                                          nd_opt->nd_opt_type,
 252                                          nd_opt->nd_opt_len);
 253                        }
 254                }
 255                opt_len -= l;
 256                nd_opt = ((void *)nd_opt) + l;
 257        }
 258        return ndopts;
 259}
 260
 261int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
 262{
 263        switch (dev->type) {
 264        case ARPHRD_ETHER:
 265        case ARPHRD_IEEE802:    /* Not sure. Check it later. --ANK */
 266        case ARPHRD_FDDI:
 267                ipv6_eth_mc_map(addr, buf);
 268                return 0;
 269        case ARPHRD_ARCNET:
 270                ipv6_arcnet_mc_map(addr, buf);
 271                return 0;
 272        case ARPHRD_INFINIBAND:
 273                ipv6_ib_mc_map(addr, dev->broadcast, buf);
 274                return 0;
 275        case ARPHRD_IPGRE:
 276                return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
 277        default:
 278                if (dir) {
 279                        memcpy(buf, dev->broadcast, dev->addr_len);
 280                        return 0;
 281                }
 282        }
 283        return -EINVAL;
 284}
 285
 286EXPORT_SYMBOL(ndisc_mc_map);
 287
 288static u32 ndisc_hash(const void *pkey,
 289                      const struct net_device *dev,
 290                      __u32 *hash_rnd)
 291{
 292        return ndisc_hashfn(pkey, dev, hash_rnd);
 293}
 294
 295static int ndisc_constructor(struct neighbour *neigh)
 296{
 297        struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key;
 298        struct net_device *dev = neigh->dev;
 299        struct inet6_dev *in6_dev;
 300        struct neigh_parms *parms;
 301        bool is_multicast = ipv6_addr_is_multicast(addr);
 302
 303        in6_dev = in6_dev_get(dev);
 304        if (in6_dev == NULL) {
 305                return -EINVAL;
 306        }
 307
 308        parms = in6_dev->nd_parms;
 309        __neigh_parms_put(neigh->parms);
 310        neigh->parms = neigh_parms_clone(parms);
 311
 312        neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
 313        if (!dev->header_ops) {
 314                neigh->nud_state = NUD_NOARP;
 315                neigh->ops = &ndisc_direct_ops;
 316                neigh->output = neigh_direct_output;
 317        } else {
 318                if (is_multicast) {
 319                        neigh->nud_state = NUD_NOARP;
 320                        ndisc_mc_map(addr, neigh->ha, dev, 1);
 321                } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
 322                        neigh->nud_state = NUD_NOARP;
 323                        memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
 324                        if (dev->flags&IFF_LOOPBACK)
 325                                neigh->type = RTN_LOCAL;
 326                } else if (dev->flags&IFF_POINTOPOINT) {
 327                        neigh->nud_state = NUD_NOARP;
 328                        memcpy(neigh->ha, dev->broadcast, dev->addr_len);
 329                }
 330                if (dev->header_ops->cache)
 331                        neigh->ops = &ndisc_hh_ops;
 332                else
 333                        neigh->ops = &ndisc_generic_ops;
 334                if (neigh->nud_state&NUD_VALID)
 335                        neigh->output = neigh->ops->connected_output;
 336                else
 337                        neigh->output = neigh->ops->output;
 338        }
 339        in6_dev_put(in6_dev);
 340        return 0;
 341}
 342
 343static int pndisc_constructor(struct pneigh_entry *n)
 344{
 345        struct in6_addr *addr = (struct in6_addr*)&n->key;
 346        struct in6_addr maddr;
 347        struct net_device *dev = n->dev;
 348
 349        if (dev == NULL || __in6_dev_get(dev) == NULL)
 350                return -EINVAL;
 351        addrconf_addr_solict_mult(addr, &maddr);
 352        ipv6_dev_mc_inc(dev, &maddr);
 353        return 0;
 354}
 355
 356static void pndisc_destructor(struct pneigh_entry *n)
 357{
 358        struct in6_addr *addr = (struct in6_addr*)&n->key;
 359        struct in6_addr maddr;
 360        struct net_device *dev = n->dev;
 361
 362        if (dev == NULL || __in6_dev_get(dev) == NULL)
 363                return;
 364        addrconf_addr_solict_mult(addr, &maddr);
 365        ipv6_dev_mc_dec(dev, &maddr);
 366}
 367
 368static struct sk_buff *ndisc_alloc_skb(struct net_device *dev,
 369                                       int len)
 370{
 371        int hlen = LL_RESERVED_SPACE(dev);
 372        int tlen = dev->needed_tailroom;
 373        struct sock *sk = dev_net(dev)->ipv6.ndisc_sk;
 374        struct sk_buff *skb;
 375        int err;
 376
 377        skb = sock_alloc_send_skb(sk,
 378                                  hlen + sizeof(struct ipv6hdr) + len + tlen,
 379                                  1, &err);
 380        if (!skb) {
 381                ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb, err=%d\n",
 382                          __func__, err);
 383                return NULL;
 384        }
 385
 386        skb->protocol = htons(ETH_P_IPV6);
 387        skb->dev = dev;
 388
 389        skb_reserve(skb, hlen + sizeof(struct ipv6hdr));
 390        skb_reset_transport_header(skb);
 391
 392        return skb;
 393}
 394
 395static void ip6_nd_hdr(struct sk_buff *skb,
 396                       const struct in6_addr *saddr,
 397                       const struct in6_addr *daddr,
 398                       int hop_limit, int len)
 399{
 400        struct ipv6hdr *hdr;
 401
 402        skb_push(skb, sizeof(*hdr));
 403        skb_reset_network_header(skb);
 404        hdr = ipv6_hdr(skb);
 405
 406        ip6_flow_hdr(hdr, 0, 0);
 407
 408        hdr->payload_len = htons(len);
 409        hdr->nexthdr = IPPROTO_ICMPV6;
 410        hdr->hop_limit = hop_limit;
 411
 412        hdr->saddr = *saddr;
 413        hdr->daddr = *daddr;
 414}
 415
 416static void ndisc_send_skb(struct sk_buff *skb,
 417                           const struct in6_addr *daddr,
 418                           const struct in6_addr *saddr)
 419{
 420        struct dst_entry *dst = skb_dst(skb);
 421        struct net *net = dev_net(skb->dev);
 422        struct sock *sk = net->ipv6.ndisc_sk;
 423        struct inet6_dev *idev;
 424        int err;
 425        struct icmp6hdr *icmp6h = icmp6_hdr(skb);
 426        u8 type;
 427
 428        type = icmp6h->icmp6_type;
 429
 430        if (!dst) {
 431                struct sock *sk = net->ipv6.ndisc_sk;
 432                struct flowi6 fl6;
 433
 434                icmpv6_flow_init(sk, &fl6, type, saddr, daddr, skb->dev->ifindex);
 435                dst = icmp6_dst_alloc(skb->dev, &fl6);
 436                if (IS_ERR(dst)) {
 437                        kfree_skb(skb);
 438                        return;
 439                }
 440
 441                skb_dst_set(skb, dst);
 442        }
 443
 444        icmp6h->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len,
 445                                              IPPROTO_ICMPV6,
 446                                              csum_partial(icmp6h,
 447                                                           skb->len, 0));
 448
 449        ip6_nd_hdr(skb, saddr, daddr, inet6_sk(sk)->hop_limit, skb->len);
 450
 451        rcu_read_lock();
 452        idev = __in6_dev_get(dst->dev);
 453        IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
 454
 455        err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev,
 456                      dst_output);
 457        if (!err) {
 458                ICMP6MSGOUT_INC_STATS(net, idev, type);
 459                ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
 460        }
 461
 462        rcu_read_unlock();
 463}
 464
 465static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
 466                          const struct in6_addr *daddr,
 467                          const struct in6_addr *solicited_addr,
 468                          bool router, bool solicited, bool override, bool inc_opt)
 469{
 470        struct sk_buff *skb;
 471        struct in6_addr tmpaddr;
 472        struct inet6_ifaddr *ifp;
 473        const struct in6_addr *src_addr;
 474        struct nd_msg *msg;
 475        int optlen = 0;
 476
 477        /* for anycast or proxy, solicited_addr != src_addr */
 478        ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
 479        if (ifp) {
 480                src_addr = solicited_addr;
 481                if (ifp->flags & IFA_F_OPTIMISTIC)
 482                        override = false;
 483                inc_opt |= ifp->idev->cnf.force_tllao;
 484                in6_ifa_put(ifp);
 485        } else {
 486                if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
 487                                       inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
 488                                       &tmpaddr))
 489                        return;
 490                src_addr = &tmpaddr;
 491        }
 492
 493        if (!dev->addr_len)
 494                inc_opt = 0;
 495        if (inc_opt)
 496                optlen += ndisc_opt_addr_space(dev);
 497
 498        skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
 499        if (!skb)
 500                return;
 501
 502        msg = (struct nd_msg *)skb_put(skb, sizeof(*msg));
 503        *msg = (struct nd_msg) {
 504                .icmph = {
 505                        .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
 506                        .icmp6_router = router,
 507                        .icmp6_solicited = solicited,
 508                        .icmp6_override = override,
 509                },
 510                .target = *solicited_addr,
 511        };
 512
 513        if (inc_opt)
 514                ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR,
 515                                       dev->dev_addr);
 516
 517
 518        ndisc_send_skb(skb, daddr, src_addr);
 519}
 520
 521static void ndisc_send_unsol_na(struct net_device *dev)
 522{
 523        struct inet6_dev *idev;
 524        struct inet6_ifaddr *ifa;
 525
 526        idev = in6_dev_get(dev);
 527        if (!idev)
 528                return;
 529
 530        read_lock_bh(&idev->lock);
 531        list_for_each_entry(ifa, &idev->addr_list, if_list) {
 532                ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &ifa->addr,
 533                              /*router=*/ !!idev->cnf.forwarding,
 534                              /*solicited=*/ false, /*override=*/ true,
 535                              /*inc_opt=*/ true);
 536        }
 537        read_unlock_bh(&idev->lock);
 538
 539        in6_dev_put(idev);
 540}
 541
 542void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh,
 543                   const struct in6_addr *solicit,
 544                   const struct in6_addr *daddr, const struct in6_addr *saddr)
 545{
 546        struct sk_buff *skb;
 547        struct in6_addr addr_buf;
 548        int inc_opt = dev->addr_len;
 549        int optlen = 0;
 550        struct nd_msg *msg;
 551
 552        if (saddr == NULL) {
 553                if (ipv6_get_lladdr(dev, &addr_buf,
 554                                   (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
 555                        return;
 556                saddr = &addr_buf;
 557        }
 558
 559        if (ipv6_addr_any(saddr))
 560                inc_opt = false;
 561        if (inc_opt)
 562                optlen += ndisc_opt_addr_space(dev);
 563
 564        skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
 565        if (!skb)
 566                return;
 567
 568        msg = (struct nd_msg *)skb_put(skb, sizeof(*msg));
 569        *msg = (struct nd_msg) {
 570                .icmph = {
 571                        .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
 572                },
 573                .target = *solicit,
 574        };
 575
 576        if (inc_opt)
 577                ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
 578                                       dev->dev_addr);
 579
 580        ndisc_send_skb(skb, daddr, saddr);
 581}
 582
 583void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
 584                   const struct in6_addr *daddr)
 585{
 586        struct sk_buff *skb;
 587        struct rs_msg *msg;
 588        int send_sllao = dev->addr_len;
 589        int optlen = 0;
 590
 591#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
 592        /*
 593         * According to section 2.2 of RFC 4429, we must not
 594         * send router solicitations with a sllao from
 595         * optimistic addresses, but we may send the solicitation
 596         * if we don't include the sllao.  So here we check
 597         * if our address is optimistic, and if so, we
 598         * suppress the inclusion of the sllao.
 599         */
 600        if (send_sllao) {
 601                struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
 602                                                           dev, 1);
 603                if (ifp) {
 604                        if (ifp->flags & IFA_F_OPTIMISTIC)  {
 605                                send_sllao = 0;
 606                        }
 607                        in6_ifa_put(ifp);
 608                } else {
 609                        send_sllao = 0;
 610                }
 611        }
 612#endif
 613        if (send_sllao)
 614                optlen += ndisc_opt_addr_space(dev);
 615
 616        skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
 617        if (!skb)
 618                return;
 619
 620        msg = (struct rs_msg *)skb_put(skb, sizeof(*msg));
 621        *msg = (struct rs_msg) {
 622                .icmph = {
 623                        .icmp6_type = NDISC_ROUTER_SOLICITATION,
 624                },
 625        };
 626
 627        if (send_sllao)
 628                ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
 629                                       dev->dev_addr);
 630
 631        ndisc_send_skb(skb, daddr, saddr);
 632}
 633
 634
 635static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
 636{
 637        /*
 638         *      "The sender MUST return an ICMP
 639         *       destination unreachable"
 640         */
 641        dst_link_failure(skb);
 642        kfree_skb(skb);
 643}
 644
 645/* Called with locked neigh: either read or both */
 646
 647static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
 648{
 649        struct in6_addr *saddr = NULL;
 650        struct in6_addr mcaddr;
 651        struct net_device *dev = neigh->dev;
 652        struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
 653        int probes = atomic_read(&neigh->probes);
 654
 655        if (skb && ipv6_chk_addr(dev_net(dev), &ipv6_hdr(skb)->saddr, dev, 1))
 656                saddr = &ipv6_hdr(skb)->saddr;
 657
 658        if ((probes -= neigh->parms->ucast_probes) < 0) {
 659                if (!(neigh->nud_state & NUD_VALID)) {
 660                        ND_PRINTK(1, dbg,
 661                                  "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
 662                                  __func__, target);
 663                }
 664                ndisc_send_ns(dev, neigh, target, target, saddr);
 665        } else if ((probes -= neigh->parms->app_probes) < 0) {
 666#ifdef CONFIG_ARPD
 667                neigh_app_ns(neigh);
 668#endif
 669        } else {
 670                addrconf_addr_solict_mult(target, &mcaddr);
 671                ndisc_send_ns(dev, NULL, target, &mcaddr, saddr);
 672        }
 673}
 674
 675static int pndisc_is_router(const void *pkey,
 676                            struct net_device *dev)
 677{
 678        struct pneigh_entry *n;
 679        int ret = -1;
 680
 681        read_lock_bh(&nd_tbl.lock);
 682        n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
 683        if (n)
 684                ret = !!(n->flags & NTF_ROUTER);
 685        read_unlock_bh(&nd_tbl.lock);
 686
 687        return ret;
 688}
 689
 690static void ndisc_recv_ns(struct sk_buff *skb)
 691{
 692        struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
 693        const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
 694        const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
 695        u8 *lladdr = NULL;
 696        u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
 697                                    offsetof(struct nd_msg, opt));
 698        struct ndisc_options ndopts;
 699        struct net_device *dev = skb->dev;
 700        struct inet6_ifaddr *ifp;
 701        struct inet6_dev *idev = NULL;
 702        struct neighbour *neigh;
 703        int dad = ipv6_addr_any(saddr);
 704        bool inc;
 705        int is_router = -1;
 706
 707        if (skb->len < sizeof(struct nd_msg)) {
 708                ND_PRINTK(2, warn, "NS: packet too short\n");
 709                return;
 710        }
 711
 712        if (ipv6_addr_is_multicast(&msg->target)) {
 713                ND_PRINTK(2, warn, "NS: multicast target address\n");
 714                return;
 715        }
 716
 717        /*
 718         * RFC2461 7.1.1:
 719         * DAD has to be destined for solicited node multicast address.
 720         */
 721        if (dad && !ipv6_addr_is_solict_mult(daddr)) {
 722                ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
 723                return;
 724        }
 725
 726        if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
 727                ND_PRINTK(2, warn, "NS: invalid ND options\n");
 728                return;
 729        }
 730
 731        if (ndopts.nd_opts_src_lladdr) {
 732                lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
 733                if (!lladdr) {
 734                        ND_PRINTK(2, warn,
 735                                  "NS: invalid link-layer address length\n");
 736                        return;
 737                }
 738
 739                /* RFC2461 7.1.1:
 740                 *      If the IP source address is the unspecified address,
 741                 *      there MUST NOT be source link-layer address option
 742                 *      in the message.
 743                 */
 744                if (dad) {
 745                        ND_PRINTK(2, warn,
 746                                  "NS: bad DAD packet (link-layer address option)\n");
 747                        return;
 748                }
 749        }
 750
 751        inc = ipv6_addr_is_multicast(daddr);
 752
 753        ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
 754        if (ifp) {
 755
 756                if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
 757                        if (dad) {
 758                                /*
 759                                 * We are colliding with another node
 760                                 * who is doing DAD
 761                                 * so fail our DAD process
 762                                 */
 763                                addrconf_dad_failure(ifp);
 764                                return;
 765                        } else {
 766                                /*
 767                                 * This is not a dad solicitation.
 768                                 * If we are an optimistic node,
 769                                 * we should respond.
 770                                 * Otherwise, we should ignore it.
 771                                 */
 772                                if (!(ifp->flags & IFA_F_OPTIMISTIC))
 773                                        goto out;
 774                        }
 775                }
 776
 777                idev = ifp->idev;
 778        } else {
 779                struct net *net = dev_net(dev);
 780
 781                idev = in6_dev_get(dev);
 782                if (!idev) {
 783                        /* XXX: count this drop? */
 784                        return;
 785                }
 786
 787                if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
 788                    (idev->cnf.forwarding &&
 789                     (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
 790                     (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
 791                        if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
 792                            skb->pkt_type != PACKET_HOST &&
 793                            inc &&
 794                            idev->nd_parms->proxy_delay != 0) {
 795                                /*
 796                                 * for anycast or proxy,
 797                                 * sender should delay its response
 798                                 * by a random time between 0 and
 799                                 * MAX_ANYCAST_DELAY_TIME seconds.
 800                                 * (RFC2461) -- yoshfuji
 801                                 */
 802                                struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
 803                                if (n)
 804                                        pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
 805                                goto out;
 806                        }
 807                } else
 808                        goto out;
 809        }
 810
 811        if (is_router < 0)
 812                is_router = idev->cnf.forwarding;
 813
 814        if (dad) {
 815                ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &msg->target,
 816                              !!is_router, false, (ifp != NULL), true);
 817                goto out;
 818        }
 819
 820        if (inc)
 821                NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
 822        else
 823                NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
 824
 825        /*
 826         *      update / create cache entry
 827         *      for the source address
 828         */
 829        neigh = __neigh_lookup(&nd_tbl, saddr, dev,
 830                               !inc || lladdr || !dev->addr_len);
 831        if (neigh)
 832                neigh_update(neigh, lladdr, NUD_STALE,
 833                             NEIGH_UPDATE_F_WEAK_OVERRIDE|
 834                             NEIGH_UPDATE_F_OVERRIDE);
 835        if (neigh || !dev->header_ops) {
 836                ndisc_send_na(dev, neigh, saddr, &msg->target,
 837                              !!is_router,
 838                              true, (ifp != NULL && inc), inc);
 839                if (neigh)
 840                        neigh_release(neigh);
 841        }
 842
 843out:
 844        if (ifp)
 845                in6_ifa_put(ifp);
 846        else
 847                in6_dev_put(idev);
 848}
 849
 850static void ndisc_recv_na(struct sk_buff *skb)
 851{
 852        struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
 853        const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
 854        const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
 855        u8 *lladdr = NULL;
 856        u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
 857                                    offsetof(struct nd_msg, opt));
 858        struct ndisc_options ndopts;
 859        struct net_device *dev = skb->dev;
 860        struct inet6_ifaddr *ifp;
 861        struct neighbour *neigh;
 862
 863        if (skb->len < sizeof(struct nd_msg)) {
 864                ND_PRINTK(2, warn, "NA: packet too short\n");
 865                return;
 866        }
 867
 868        if (ipv6_addr_is_multicast(&msg->target)) {
 869                ND_PRINTK(2, warn, "NA: target address is multicast\n");
 870                return;
 871        }
 872
 873        if (ipv6_addr_is_multicast(daddr) &&
 874            msg->icmph.icmp6_solicited) {
 875                ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
 876                return;
 877        }
 878
 879        if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
 880                ND_PRINTK(2, warn, "NS: invalid ND option\n");
 881                return;
 882        }
 883        if (ndopts.nd_opts_tgt_lladdr) {
 884                lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
 885                if (!lladdr) {
 886                        ND_PRINTK(2, warn,
 887                                  "NA: invalid link-layer address length\n");
 888                        return;
 889                }
 890        }
 891        ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
 892        if (ifp) {
 893                if (skb->pkt_type != PACKET_LOOPBACK
 894                    && (ifp->flags & IFA_F_TENTATIVE)) {
 895                                addrconf_dad_failure(ifp);
 896                                return;
 897                }
 898                /* What should we make now? The advertisement
 899                   is invalid, but ndisc specs say nothing
 900                   about it. It could be misconfiguration, or
 901                   an smart proxy agent tries to help us :-)
 902
 903                   We should not print the error if NA has been
 904                   received from loopback - it is just our own
 905                   unsolicited advertisement.
 906                 */
 907                if (skb->pkt_type != PACKET_LOOPBACK)
 908                        ND_PRINTK(1, warn,
 909                                  "NA: someone advertises our address %pI6 on %s!\n",
 910                                  &ifp->addr, ifp->idev->dev->name);
 911                in6_ifa_put(ifp);
 912                return;
 913        }
 914        neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
 915
 916        if (neigh) {
 917                u8 old_flags = neigh->flags;
 918                struct net *net = dev_net(dev);
 919
 920                if (neigh->nud_state & NUD_FAILED)
 921                        goto out;
 922
 923                /*
 924                 * Don't update the neighbor cache entry on a proxy NA from
 925                 * ourselves because either the proxied node is off link or it
 926                 * has already sent a NA to us.
 927                 */
 928                if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
 929                    net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
 930                    pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
 931                        /* XXX: idev->cnf.proxy_ndp */
 932                        goto out;
 933                }
 934
 935                neigh_update(neigh, lladdr,
 936                             msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
 937                             NEIGH_UPDATE_F_WEAK_OVERRIDE|
 938                             (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
 939                             NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
 940                             (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0));
 941
 942                if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
 943                        /*
 944                         * Change: router to host
 945                         */
 946                        struct rt6_info *rt;
 947                        rt = rt6_get_dflt_router(saddr, dev);
 948                        if (rt)
 949                                ip6_del_rt(rt);
 950                }
 951
 952out:
 953                neigh_release(neigh);
 954        }
 955}
 956
 957static void ndisc_recv_rs(struct sk_buff *skb)
 958{
 959        struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
 960        unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
 961        struct neighbour *neigh;
 962        struct inet6_dev *idev;
 963        const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
 964        struct ndisc_options ndopts;
 965        u8 *lladdr = NULL;
 966
 967        if (skb->len < sizeof(*rs_msg))
 968                return;
 969
 970        idev = __in6_dev_get(skb->dev);
 971        if (!idev) {
 972                ND_PRINTK(1, err, "RS: can't find in6 device\n");
 973                return;
 974        }
 975
 976        /* Don't accept RS if we're not in router mode */
 977        if (!idev->cnf.forwarding)
 978                goto out;
 979
 980        /*
 981         * Don't update NCE if src = ::;
 982         * this implies that the source node has no ip address assigned yet.
 983         */
 984        if (ipv6_addr_any(saddr))
 985                goto out;
 986
 987        /* Parse ND options */
 988        if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) {
 989                ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n");
 990                goto out;
 991        }
 992
 993        if (ndopts.nd_opts_src_lladdr) {
 994                lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
 995                                             skb->dev);
 996                if (!lladdr)
 997                        goto out;
 998        }
 999
1000        neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);

1001        if (neigh) {
1002                neigh_update(neigh, lladdr, NUD_STALE,
1003                             NEIGH_UPDATE_F_WEAK_OVERRIDE|
1004                             NEIGH_UPDATE_F_OVERRIDE|
1005                             NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
1006                neigh_release(neigh);
1007        }
1008out:
1009        return;
1010}
1011
1012static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1013{
1014        struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1015        struct sk_buff *skb;
1016        struct nlmsghdr *nlh;
1017        struct nduseroptmsg *ndmsg;
1018        struct net *net = dev_net(ra->dev);
1019        int err;
1020        int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1021                                    + (opt->nd_opt_len << 3));
1022        size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1023
1024        skb = nlmsg_new(msg_size, GFP_ATOMIC);
1025        if (skb == NULL) {
1026                err = -ENOBUFS;
1027                goto errout;
1028        }
1029
1030        nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1031        if (nlh == NULL) {
1032                goto nla_put_failure;
1033        }
1034
1035        ndmsg = nlmsg_data(nlh);
1036        ndmsg->nduseropt_family = AF_INET6;
1037        ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1038        ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1039        ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1040        ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1041
1042        memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1043
1044        if (nla_put(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr),
1045                    &ipv6_hdr(ra)->saddr))
1046                goto nla_put_failure;
1047        nlmsg_end(skb, nlh);
1048
1049        rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1050        return;
1051
1052nla_put_failure:
1053        nlmsg_free(skb);
1054        err = -EMSGSIZE;
1055errout:
1056        rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1057}
1058
1059static void ndisc_router_discovery(struct sk_buff *skb)
1060{
1061        struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1062        struct neighbour *neigh = NULL;
1063        struct inet6_dev *in6_dev;
1064        struct rt6_info *rt = NULL;
1065        int lifetime;
1066        struct ndisc_options ndopts;
1067        int optlen;
1068        unsigned int pref = 0;
1069
1070        __u8 * opt = (__u8 *)(ra_msg + 1);
1071
1072        optlen = (skb_tail_pointer(skb) - skb_transport_header(skb)) -
1073                sizeof(struct ra_msg);
1074
1075        if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1076                ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1077                return;
1078        }
1079        if (optlen < 0) {
1080                ND_PRINTK(2, warn, "RA: packet too short\n");
1081                return;
1082        }
1083
1084#ifdef CONFIG_IPV6_NDISC_NODETYPE
1085        if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1086                ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
1087                return;
1088        }
1089#endif
1090
1091        /*
1092         *      set the RA_RECV flag in the interface
1093         */
1094
1095        in6_dev = __in6_dev_get(skb->dev);
1096        if (in6_dev == NULL) {
1097                ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1098                          skb->dev->name);
1099                return;
1100        }
1101
1102        if (!ndisc_parse_options(opt, optlen, &ndopts)) {
1103                ND_PRINTK(2, warn, "RA: invalid ND options\n");
1104                return;
1105        }
1106
1107        if (!ipv6_accept_ra(in6_dev))
1108                goto skip_linkparms;
1109
1110#ifdef CONFIG_IPV6_NDISC_NODETYPE
1111        /* skip link-specific parameters from interior routers */
1112        if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1113                goto skip_linkparms;
1114#endif
1115
1116        if (in6_dev->if_flags & IF_RS_SENT) {
1117                /*
1118                 *      flag that an RA was received after an RS was sent
1119                 *      out on this interface.
1120                 */
1121                in6_dev->if_flags |= IF_RA_RCVD;
1122        }
1123
1124        /*
1125         * Remember the managed/otherconf flags from most recently
1126         * received RA message (RFC 2462) -- yoshfuji
1127         */
1128        in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1129                                IF_RA_OTHERCONF)) |
1130                                (ra_msg->icmph.icmp6_addrconf_managed ?
1131                                        IF_RA_MANAGED : 0) |
1132                                (ra_msg->icmph.icmp6_addrconf_other ?
1133                                        IF_RA_OTHERCONF : 0);
1134
1135        if (!in6_dev->cnf.accept_ra_defrtr)
1136                goto skip_defrtr;
1137
1138        if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0))
1139                goto skip_defrtr;
1140
1141        lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1142
1143#ifdef CONFIG_IPV6_ROUTER_PREF
1144        pref = ra_msg->icmph.icmp6_router_pref;
1145        /* 10b is handled as if it were 00b (medium) */
1146        if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1147            !in6_dev->cnf.accept_ra_rtr_pref)
1148                pref = ICMPV6_ROUTER_PREF_MEDIUM;
1149#endif
1150
1151        rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1152
1153        if (rt) {
1154                neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1155                if (!neigh) {
1156                        ND_PRINTK(0, err,
1157                                  "RA: %s got default router without neighbour\n",
1158                                  __func__);
1159                        ip6_rt_put(rt);
1160                        return;
1161                }
1162        }
1163        if (rt && lifetime == 0) {
1164                ip6_del_rt(rt);
1165                rt = NULL;
1166        }
1167
1168        if (rt == NULL && lifetime) {
1169                ND_PRINTK(3, dbg, "RA: adding default router\n");
1170
1171                rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
1172                if (rt == NULL) {
1173                        ND_PRINTK(0, err,
1174                                  "RA: %s failed to add default route\n",
1175                                  __func__);
1176                        return;
1177                }
1178
1179                neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1180                if (neigh == NULL) {
1181                        ND_PRINTK(0, err,
1182                                  "RA: %s got default router without neighbour\n",
1183                                  __func__);
1184                        ip6_rt_put(rt);
1185                        return;
1186                }
1187                neigh->flags |= NTF_ROUTER;
1188        } else if (rt) {
1189                rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1190        }
1191
1192        if (rt)
1193                rt6_set_expires(rt, jiffies + (HZ * lifetime));
1194        if (ra_msg->icmph.icmp6_hop_limit) {
1195                in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1196                if (rt)
1197                        dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
1198                                       ra_msg->icmph.icmp6_hop_limit);
1199        }
1200
1201skip_defrtr:
1202
1203        /*
1204         *      Update Reachable Time and Retrans Timer
1205         */
1206
1207        if (in6_dev->nd_parms) {
1208                unsigned long rtime = ntohl(ra_msg->retrans_timer);
1209
1210                if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1211                        rtime = (rtime*HZ)/1000;
1212                        if (rtime < HZ/10)
1213                                rtime = HZ/10;
1214                        in6_dev->nd_parms->retrans_time = rtime;
1215                        in6_dev->tstamp = jiffies;
1216                        inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1217                }
1218
1219                rtime = ntohl(ra_msg->reachable_time);
1220                if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1221                        rtime = (rtime*HZ)/1000;
1222
1223                        if (rtime < HZ/10)
1224                                rtime = HZ/10;
1225
1226                        if (rtime != in6_dev->nd_parms->base_reachable_time) {
1227                                in6_dev->nd_parms->base_reachable_time = rtime;
1228                                in6_dev->nd_parms->gc_staletime = 3 * rtime;
1229                                in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1230                                in6_dev->tstamp = jiffies;
1231                                inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1232                        }
1233                }
1234        }
1235
1236skip_linkparms:
1237
1238        /*
1239         *      Process options.
1240         */
1241
1242        if (!neigh)
1243                neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1244                                       skb->dev, 1);
1245        if (neigh) {
1246                u8 *lladdr = NULL;
1247                if (ndopts.nd_opts_src_lladdr) {
1248                        lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1249                                                     skb->dev);
1250                        if (!lladdr) {
1251                                ND_PRINTK(2, warn,
1252                                          "RA: invalid link-layer address length\n");
1253                                goto out;
1254                        }
1255                }
1256                neigh_update(neigh, lladdr, NUD_STALE,
1257                             NEIGH_UPDATE_F_WEAK_OVERRIDE|
1258                             NEIGH_UPDATE_F_OVERRIDE|
1259                             NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1260                             NEIGH_UPDATE_F_ISROUTER);
1261        }
1262
1263        if (!ipv6_accept_ra(in6_dev))
1264                goto out;
1265
1266#ifdef CONFIG_IPV6_ROUTE_INFO
1267        if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0))
1268                goto skip_routeinfo;
1269
1270        if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1271                struct nd_opt_hdr *p;
1272                for (p = ndopts.nd_opts_ri;
1273                     p;
1274                     p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1275                        struct route_info *ri = (struct route_info *)p;
1276#ifdef CONFIG_IPV6_NDISC_NODETYPE
1277                        if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1278                            ri->prefix_len == 0)
1279                                continue;
1280#endif
1281                        if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1282                                continue;
1283                        rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3,
1284                                      &ipv6_hdr(skb)->saddr);
1285                }
1286        }
1287
1288skip_routeinfo:
1289#endif
1290
1291#ifdef CONFIG_IPV6_NDISC_NODETYPE
1292        /* skip link-specific ndopts from interior routers */
1293        if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1294                goto out;
1295#endif
1296
1297        if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1298                struct nd_opt_hdr *p;
1299                for (p = ndopts.nd_opts_pi;
1300                     p;
1301                     p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1302                        addrconf_prefix_rcv(skb->dev, (u8 *)p,
1303                                            (p->nd_opt_len) << 3,
1304                                            ndopts.nd_opts_src_lladdr != NULL);
1305                }
1306        }
1307
1308        if (ndopts.nd_opts_mtu) {
1309                __be32 n;
1310                u32 mtu;
1311
1312                memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1313                mtu = ntohl(n);
1314
1315                if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1316                        ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1317                } else if (in6_dev->cnf.mtu6 != mtu) {
1318                        in6_dev->cnf.mtu6 = mtu;
1319
1320                        if (rt)
1321                                dst_metric_set(&rt->dst, RTAX_MTU, mtu);
1322
1323                        rt6_mtu_change(skb->dev, mtu);
1324                }
1325        }
1326
1327        if (ndopts.nd_useropts) {
1328                struct nd_opt_hdr *p;
1329                for (p = ndopts.nd_useropts;
1330                     p;
1331                     p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) {
1332                        ndisc_ra_useropt(skb, p);
1333                }
1334        }
1335
1336        if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1337                ND_PRINTK(2, warn, "RA: invalid RA options\n");
1338        }
1339out:
1340        ip6_rt_put(rt);
1341        if (neigh)
1342                neigh_release(neigh);
1343}
1344
1345static void ndisc_redirect_rcv(struct sk_buff *skb)
1346{
1347        u8 *hdr;
1348        struct ndisc_options ndopts;
1349        struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb);
1350        u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
1351                                    offsetof(struct rd_msg, opt));
1352
1353#ifdef CONFIG_IPV6_NDISC_NODETYPE
1354        switch (skb->ndisc_nodetype) {
1355        case NDISC_NODETYPE_HOST:
1356        case NDISC_NODETYPE_NODEFAULT:
1357                ND_PRINTK(2, warn,
1358                          "Redirect: from host or unauthorized router\n");
1359                return;
1360        }
1361#endif
1362
1363        if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1364                ND_PRINTK(2, warn,
1365                          "Redirect: source address is not link-local\n");
1366                return;
1367        }
1368
1369        if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts))
1370                return;
1371
1372        if (!ndopts.nd_opts_rh) {
1373                ip6_redirect_no_header(skb, dev_net(skb->dev), 0, 0);
1374                return;
1375        }
1376
1377        hdr = (u8 *)ndopts.nd_opts_rh;
1378        hdr += 8;
1379        if (!pskb_pull(skb, hdr - skb_transport_header(skb)))
1380                return;
1381
1382        icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1383}
1384
1385static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb,
1386                                           struct sk_buff *orig_skb,
1387                                           int rd_len)
1388{
1389        u8 *opt = skb_put(skb, rd_len);
1390
1391        memset(opt, 0, 8);
1392        *(opt++) = ND_OPT_REDIRECT_HDR;
1393        *(opt++) = (rd_len >> 3);
1394        opt += 6;
1395
1396        memcpy(opt, ipv6_hdr(orig_skb), rd_len - 8);
1397}
1398
1399void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1400{
1401        struct net_device *dev = skb->dev;
1402        struct net *net = dev_net(dev);
1403        struct sock *sk = net->ipv6.ndisc_sk;
1404        int optlen = 0;
1405        struct inet_peer *peer;
1406        struct sk_buff *buff;
1407        struct rd_msg *msg;
1408        struct in6_addr saddr_buf;
1409        struct rt6_info *rt;
1410        struct dst_entry *dst;
1411        struct flowi6 fl6;
1412        int rd_len;
1413        u8 ha_buf[MAX_ADDR_LEN], *ha = NULL;
1414        bool ret;
1415
1416        if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1417                ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1418                          dev->name);
1419                return;
1420        }
1421
1422        if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1423            ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1424                ND_PRINTK(2, warn,
1425                          "Redirect: target address is not link-local unicast\n");
1426                return;
1427        }
1428
1429        icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1430                         &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1431
1432        dst = ip6_route_output(net, NULL, &fl6);
1433        if (dst->error) {
1434                dst_release(dst);
1435                return;
1436        }
1437        dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1438        if (IS_ERR(dst))
1439                return;
1440
1441        rt = (struct rt6_info *) dst;
1442
1443        if (rt->rt6i_flags & RTF_GATEWAY) {
1444                ND_PRINTK(2, warn,
1445                          "Redirect: destination is not a neighbour\n");
1446                goto release;
1447        }
1448        peer = inet_getpeer_v6(net->ipv6.peers, &rt->rt6i_dst.addr, 1);
1449        ret = inet_peer_xrlim_allow(peer, 1*HZ);
1450        if (peer)
1451                inet_putpeer(peer);
1452        if (!ret)
1453                goto release;
1454
1455        if (dev->addr_len) {
1456                struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1457                if (!neigh) {
1458                        ND_PRINTK(2, warn,
1459                                  "Redirect: no neigh for target address\n");
1460                        goto release;
1461                }
1462
1463                read_lock_bh(&neigh->lock);
1464                if (neigh->nud_state & NUD_VALID) {
1465                        memcpy(ha_buf, neigh->ha, dev->addr_len);
1466                        read_unlock_bh(&neigh->lock);
1467                        ha = ha_buf;
1468                        optlen += ndisc_opt_addr_space(dev);
1469                } else
1470                        read_unlock_bh(&neigh->lock);
1471
1472                neigh_release(neigh);
1473        }
1474
1475        rd_len = min_t(unsigned int,
1476                       IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen,
1477                       skb->len + 8);
1478        rd_len &= ~0x7;
1479        optlen += rd_len;
1480
1481        buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
1482        if (!buff)
1483                goto release;
1484
1485        msg = (struct rd_msg *)skb_put(buff, sizeof(*msg));
1486        *msg = (struct rd_msg) {
1487                .icmph = {
1488                        .icmp6_type = NDISC_REDIRECT,
1489                },
1490                .target = *target,
1491                .dest = ipv6_hdr(skb)->daddr,
1492        };
1493
1494        /*
1495         *      include target_address option
1496         */
1497
1498        if (ha)
1499                ndisc_fill_addr_option(buff, ND_OPT_TARGET_LL_ADDR, ha);
1500
1501        /*
1502         *      build redirect option and copy skb over to the new packet.
1503         */
1504
1505        if (rd_len)
1506                ndisc_fill_redirect_hdr_option(buff, skb, rd_len);
1507
1508        skb_dst_set(buff, dst);
1509        ndisc_send_skb(buff, &ipv6_hdr(skb)->saddr, &saddr_buf);
1510        return;
1511
1512release:
1513        dst_release(dst);
1514}
1515
1516static void pndisc_redo(struct sk_buff *skb)
1517{
1518        ndisc_recv_ns(skb);
1519        kfree_skb(skb);
1520}
1521
1522int ndisc_rcv(struct sk_buff *skb)
1523{
1524        struct nd_msg *msg;
1525
1526        if (skb_linearize(skb))
1527                return 0;
1528
1529        msg = (struct nd_msg *)skb_transport_header(skb);
1530
1531        __skb_push(skb, skb->data - skb_transport_header(skb));
1532
1533        if (ipv6_hdr(skb)->hop_limit != 255) {
1534                ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1535                          ipv6_hdr(skb)->hop_limit);
1536                return 0;
1537        }
1538
1539        if (msg->icmph.icmp6_code != 0) {
1540                ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1541                          msg->icmph.icmp6_code);
1542                return 0;
1543        }
1544
1545        memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1546
1547        switch (msg->icmph.icmp6_type) {
1548        case NDISC_NEIGHBOUR_SOLICITATION:
1549                ndisc_recv_ns(skb);
1550                break;
1551
1552        case NDISC_NEIGHBOUR_ADVERTISEMENT:
1553                ndisc_recv_na(skb);
1554                break;
1555
1556        case NDISC_ROUTER_SOLICITATION:
1557                ndisc_recv_rs(skb);
1558                break;
1559
1560        case NDISC_ROUTER_ADVERTISEMENT:
1561                ndisc_router_discovery(skb);
1562                break;
1563
1564        case NDISC_REDIRECT:
1565                ndisc_redirect_rcv(skb);
1566                break;
1567        }
1568
1569        return 0;
1570}
1571
1572static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1573{
1574        struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1575        struct net *net = dev_net(dev);
1576        struct inet6_dev *idev;
1577
1578        switch (event) {
1579        case NETDEV_CHANGEADDR:
1580                neigh_changeaddr(&nd_tbl, dev);
1581                fib6_run_gc(0, net, false);
1582                idev = in6_dev_get(dev);
1583                if (!idev)
1584                        break;
1585                if (idev->cnf.ndisc_notify)
1586                        ndisc_send_unsol_na(dev);
1587                in6_dev_put(idev);
1588                break;
1589        case NETDEV_DOWN:
1590                neigh_ifdown(&nd_tbl, dev);
1591                fib6_run_gc(0, net, false);
1592                break;
1593        case NETDEV_NOTIFY_PEERS:
1594                ndisc_send_unsol_na(dev);
1595                break;
1596        default:
1597                break;
1598        }
1599
1600        return NOTIFY_DONE;
1601}
1602
1603static struct notifier_block ndisc_netdev_notifier = {
1604        .notifier_call = ndisc_netdev_event,
1605};
1606
1607#ifdef CONFIG_SYSCTL
1608static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1609                                         const char *func, const char *dev_name)
1610{
1611        static char warncomm[TASK_COMM_LEN];
1612        static int warned;
1613        if (strcmp(warncomm, current->comm) && warned < 5) {
1614                strcpy(warncomm, current->comm);
1615                pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1616                        warncomm, func,
1617                        dev_name, ctl->procname,
1618                        dev_name, ctl->procname);
1619                warned++;
1620        }
1621}
1622
1623int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
1624{
1625        struct net_device *dev = ctl->extra1;
1626        struct inet6_dev *idev;
1627        int ret;
1628
1629        if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1630            (strcmp(ctl->procname, "base_reachable_time") == 0))
1631                ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1632
1633        if (strcmp(ctl->procname, "retrans_time") == 0)
1634                ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
1635
1636        else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1637                ret = proc_dointvec_jiffies(ctl, write,
1638                                            buffer, lenp, ppos);
1639
1640        else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1641                 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1642                ret = proc_dointvec_ms_jiffies(ctl, write,
1643                                               buffer, lenp, ppos);
1644        else
1645                ret = -1;
1646
1647        if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1648                if (ctl->data == &idev->nd_parms->base_reachable_time)
1649                        idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time);
1650                idev->tstamp = jiffies;
1651                inet6_ifinfo_notify(RTM_NEWLINK, idev);
1652                in6_dev_put(idev);
1653        }
1654        return ret;
1655}
1656
1657
1658#endif
1659
1660static int __net_init ndisc_net_init(struct net *net)
1661{
1662        struct ipv6_pinfo *np;
1663        struct sock *sk;
1664        int err;
1665
1666        err = inet_ctl_sock_create(&sk, PF_INET6,
1667                                   SOCK_RAW, IPPROTO_ICMPV6, net);
1668        if (err < 0) {
1669                ND_PRINTK(0, err,
1670                          "NDISC: Failed to initialize the control socket (err %d)\n",
1671                          err);
1672                return err;
1673        }
1674
1675        net->ipv6.ndisc_sk = sk;
1676
1677        np = inet6_sk(sk);
1678        np->hop_limit = 255;
1679        /* Do not loopback ndisc messages */
1680        np->mc_loop = 0;
1681
1682        return 0;
1683}
1684
1685static void __net_exit ndisc_net_exit(struct net *net)
1686{
1687        inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1688}
1689
1690static struct pernet_operations ndisc_net_ops = {
1691        .init = ndisc_net_init,
1692        .exit = ndisc_net_exit,
1693};
1694
1695int __init ndisc_init(void)
1696{
1697        int err;
1698
1699        err = register_pernet_subsys(&ndisc_net_ops);
1700        if (err)
1701                return err;
1702        /*
1703         * Initialize the neighbour table
1704         */
1705        neigh_table_init(&nd_tbl);
1706
1707#ifdef CONFIG_SYSCTL
1708        err = neigh_sysctl_register(NULL, &nd_tbl.parms, "ipv6",
1709                                    &ndisc_ifinfo_sysctl_change);
1710        if (err)
1711                goto out_unregister_pernet;
1712#endif
1713        err = register_netdevice_notifier(&ndisc_netdev_notifier);
1714        if (err)
1715                goto out_unregister_sysctl;
1716out:
1717        return err;
1718
1719out_unregister_sysctl:
1720#ifdef CONFIG_SYSCTL
1721        neigh_sysctl_unregister(&nd_tbl.parms);
1722out_unregister_pernet:
1723#endif
1724        unregister_pernet_subsys(&ndisc_net_ops);
1725        goto out;
1726}
1727
1728void ndisc_cleanup(void)
1729{
1730        unregister_netdevice_notifier(&ndisc_netdev_notifier);
1731#ifdef CONFIG_SYSCTL
1732        neigh_sysctl_unregister(&nd_tbl.parms);
1733#endif
1734        neigh_table_clear(&nd_tbl);
1735        unregister_pernet_subsys(&ndisc_net_ops);
1736}
1737