1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30#define pr_fmt(fmt) "ICMPv6: " fmt
31
32#include <linux/module.h>
33#include <linux/errno.h>
34#include <linux/types.h>
35#include <linux/socket.h>
36#include <linux/sockios.h>
37#include <linux/sched.h>
38#include <linux/net.h>
39#include <linux/in6.h>
40#include <linux/route.h>
41#include <linux/init.h>
42#include <linux/rcupdate.h>
43#include <linux/slab.h>
44#ifdef CONFIG_SYSCTL
45#include <linux/sysctl.h>
46#endif
47
48#include <linux/if_addr.h>
49#include <linux/if_arp.h>
50#include <linux/ipv6.h>
51#include <linux/icmpv6.h>
52#include <linux/jhash.h>
53
54#include <net/sock.h>
55#include <net/snmp.h>
56
57#include <net/ipv6.h>
58#include <net/protocol.h>
59#include <net/ndisc.h>
60#include <net/ip6_route.h>
61#include <net/addrconf.h>
62#include <net/icmp.h>
63
64#include <net/netlink.h>
65#include <linux/rtnetlink.h>
66
67#include <net/flow.h>
68#include <net/ip6_checksum.h>
69#include <net/inet_common.h>
70#include <linux/proc_fs.h>
71
72#include <linux/netfilter.h>
73#include <linux/netfilter_ipv6.h>
74
75
76#define ND_DEBUG 1
77
78#define ND_PRINTK(val, level, fmt, ...) \
79do { \
80 if (val <= ND_DEBUG) \
81 net_##level##_ratelimited(fmt, ##__VA_ARGS__); \
82} while (0)
83
84static u32 ndisc_hash(const void *pkey,
85 const struct net_device *dev,
86 __u32 *hash_rnd);
87static int ndisc_constructor(struct neighbour *neigh);
88static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
89static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
90static int pndisc_constructor(struct pneigh_entry *n);
91static void pndisc_destructor(struct pneigh_entry *n);
92static void pndisc_redo(struct sk_buff *skb);
93
94static const struct neigh_ops ndisc_generic_ops = {
95 .family = AF_INET6,
96 .solicit = ndisc_solicit,
97 .error_report = ndisc_error_report,
98 .output = neigh_resolve_output,
99 .connected_output = neigh_connected_output,
100};
101
102static const struct neigh_ops ndisc_hh_ops = {
103 .family = AF_INET6,
104 .solicit = ndisc_solicit,
105 .error_report = ndisc_error_report,
106 .output = neigh_resolve_output,
107 .connected_output = neigh_resolve_output,
108};
109
110
111static const struct neigh_ops ndisc_direct_ops = {
112 .family = AF_INET6,
113 .output = neigh_direct_output,
114 .connected_output = neigh_direct_output,
115};
116
117struct neigh_table nd_tbl = {
118 .family = AF_INET6,
119 .key_len = sizeof(struct in6_addr),
120 .hash = ndisc_hash,
121 .constructor = ndisc_constructor,
122 .pconstructor = pndisc_constructor,
123 .pdestructor = pndisc_destructor,
124 .proxy_redo = pndisc_redo,
125 .id = "ndisc_cache",
126 .parms = {
127 .tbl = &nd_tbl,
128 .base_reachable_time = ND_REACHABLE_TIME,
129 .retrans_time = ND_RETRANS_TIMER,
130 .gc_staletime = 60 * HZ,
131 .reachable_time = ND_REACHABLE_TIME,
132 .delay_probe_time = 5 * HZ,
133 .queue_len_bytes = 64*1024,
134 .ucast_probes = 3,
135 .mcast_probes = 3,
136 .anycast_delay = 1 * HZ,
137 .proxy_delay = (8 * HZ) / 10,
138 .proxy_qlen = 64,
139 },
140 .gc_interval = 30 * HZ,
141 .gc_thresh1 = 128,
142 .gc_thresh2 = 512,
143 .gc_thresh3 = 1024,
144};
145
146static void ndisc_fill_addr_option(struct sk_buff *skb, int type, void *data)
147{
148 int pad = ndisc_addr_option_pad(skb->dev->type);
149 int data_len = skb->dev->addr_len;
150 int space = ndisc_opt_addr_space(skb->dev);
151 u8 *opt = skb_put(skb, space);
152
153 opt[0] = type;
154 opt[1] = space>>3;
155
156 memset(opt + 2, 0, pad);
157 opt += pad;
158 space -= pad;
159
160 memcpy(opt+2, data, data_len);
161 data_len += 2;
162 opt += data_len;
163 if ((space -= data_len) > 0)
164 memset(opt, 0, space);
165}
166
167static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
168 struct nd_opt_hdr *end)
169{
170 int type;
171 if (!cur || !end || cur >= end)
172 return NULL;
173 type = cur->nd_opt_type;
174 do {
175 cur = ((void *)cur) + (cur->nd_opt_len << 3);
176 } while(cur < end && cur->nd_opt_type != type);
177 return cur <= end && cur->nd_opt_type == type ? cur : NULL;
178}
179
180static inline int ndisc_is_useropt(struct nd_opt_hdr *opt)
181{
182 return opt->nd_opt_type == ND_OPT_RDNSS ||
183 opt->nd_opt_type == ND_OPT_DNSSL;
184}
185
186static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur,
187 struct nd_opt_hdr *end)
188{
189 if (!cur || !end || cur >= end)
190 return NULL;
191 do {
192 cur = ((void *)cur) + (cur->nd_opt_len << 3);
193 } while(cur < end && !ndisc_is_useropt(cur));
194 return cur <= end && ndisc_is_useropt(cur) ? cur : NULL;
195}
196
197struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
198 struct ndisc_options *ndopts)
199{
200 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
201
202 if (!nd_opt || opt_len < 0 || !ndopts)
203 return NULL;
204 memset(ndopts, 0, sizeof(*ndopts));
205 while (opt_len) {
206 int l;
207 if (opt_len < sizeof(struct nd_opt_hdr))
208 return NULL;
209 l = nd_opt->nd_opt_len << 3;
210 if (opt_len < l || l == 0)
211 return NULL;
212 switch (nd_opt->nd_opt_type) {
213 case ND_OPT_SOURCE_LL_ADDR:
214 case ND_OPT_TARGET_LL_ADDR:
215 case ND_OPT_MTU:
216 case ND_OPT_REDIRECT_HDR:
217 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
218 ND_PRINTK(2, warn,
219 "%s: duplicated ND6 option found: type=%d\n",
220 __func__, nd_opt->nd_opt_type);
221 } else {
222 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
223 }
224 break;
225 case ND_OPT_PREFIX_INFO:
226 ndopts->nd_opts_pi_end = nd_opt;
227 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
228 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
229 break;
230#ifdef CONFIG_IPV6_ROUTE_INFO
231 case ND_OPT_ROUTE_INFO:
232 ndopts->nd_opts_ri_end = nd_opt;
233 if (!ndopts->nd_opts_ri)
234 ndopts->nd_opts_ri = nd_opt;
235 break;
236#endif
237 default:
238 if (ndisc_is_useropt(nd_opt)) {
239 ndopts->nd_useropts_end = nd_opt;
240 if (!ndopts->nd_useropts)
241 ndopts->nd_useropts = nd_opt;
242 } else {
243
244
245
246
247
248 ND_PRINTK(2, notice,
249 "%s: ignored unsupported option; type=%d, len=%d\n",
250 __func__,
251 nd_opt->nd_opt_type,
252 nd_opt->nd_opt_len);
253 }
254 }
255 opt_len -= l;
256 nd_opt = ((void *)nd_opt) + l;
257 }
258 return ndopts;
259}
260
261int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
262{
263 switch (dev->type) {
264 case ARPHRD_ETHER:
265 case ARPHRD_IEEE802:
266 case ARPHRD_FDDI:
267 ipv6_eth_mc_map(addr, buf);
268 return 0;
269 case ARPHRD_ARCNET:
270 ipv6_arcnet_mc_map(addr, buf);
271 return 0;
272 case ARPHRD_INFINIBAND:
273 ipv6_ib_mc_map(addr, dev->broadcast, buf);
274 return 0;
275 case ARPHRD_IPGRE:
276 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
277 default:
278 if (dir) {
279 memcpy(buf, dev->broadcast, dev->addr_len);
280 return 0;
281 }
282 }
283 return -EINVAL;
284}
285
286EXPORT_SYMBOL(ndisc_mc_map);
287
288static u32 ndisc_hash(const void *pkey,
289 const struct net_device *dev,
290 __u32 *hash_rnd)
291{
292 return ndisc_hashfn(pkey, dev, hash_rnd);
293}
294
295static int ndisc_constructor(struct neighbour *neigh)
296{
297 struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key;
298 struct net_device *dev = neigh->dev;
299 struct inet6_dev *in6_dev;
300 struct neigh_parms *parms;
301 bool is_multicast = ipv6_addr_is_multicast(addr);
302
303 in6_dev = in6_dev_get(dev);
304 if (in6_dev == NULL) {
305 return -EINVAL;
306 }
307
308 parms = in6_dev->nd_parms;
309 __neigh_parms_put(neigh->parms);
310 neigh->parms = neigh_parms_clone(parms);
311
312 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
313 if (!dev->header_ops) {
314 neigh->nud_state = NUD_NOARP;
315 neigh->ops = &ndisc_direct_ops;
316 neigh->output = neigh_direct_output;
317 } else {
318 if (is_multicast) {
319 neigh->nud_state = NUD_NOARP;
320 ndisc_mc_map(addr, neigh->ha, dev, 1);
321 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
322 neigh->nud_state = NUD_NOARP;
323 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
324 if (dev->flags&IFF_LOOPBACK)
325 neigh->type = RTN_LOCAL;
326 } else if (dev->flags&IFF_POINTOPOINT) {
327 neigh->nud_state = NUD_NOARP;
328 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
329 }
330 if (dev->header_ops->cache)
331 neigh->ops = &ndisc_hh_ops;
332 else
333 neigh->ops = &ndisc_generic_ops;
334 if (neigh->nud_state&NUD_VALID)
335 neigh->output = neigh->ops->connected_output;
336 else
337 neigh->output = neigh->ops->output;
338 }
339 in6_dev_put(in6_dev);
340 return 0;
341}
342
343static int pndisc_constructor(struct pneigh_entry *n)
344{
345 struct in6_addr *addr = (struct in6_addr*)&n->key;
346 struct in6_addr maddr;
347 struct net_device *dev = n->dev;
348
349 if (dev == NULL || __in6_dev_get(dev) == NULL)
350 return -EINVAL;
351 addrconf_addr_solict_mult(addr, &maddr);
352 ipv6_dev_mc_inc(dev, &maddr);
353 return 0;
354}
355
356static void pndisc_destructor(struct pneigh_entry *n)
357{
358 struct in6_addr *addr = (struct in6_addr*)&n->key;
359 struct in6_addr maddr;
360 struct net_device *dev = n->dev;
361
362 if (dev == NULL || __in6_dev_get(dev) == NULL)
363 return;
364 addrconf_addr_solict_mult(addr, &maddr);
365 ipv6_dev_mc_dec(dev, &maddr);
366}
367
368static struct sk_buff *ndisc_alloc_skb(struct net_device *dev,
369 int len)
370{
371 int hlen = LL_RESERVED_SPACE(dev);
372 int tlen = dev->needed_tailroom;
373 struct sock *sk = dev_net(dev)->ipv6.ndisc_sk;
374 struct sk_buff *skb;
375
376 skb = alloc_skb(hlen + sizeof(struct ipv6hdr) + len + tlen, GFP_ATOMIC);
377 if (!skb) {
378 ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb\n",
379 __func__);
380 return NULL;
381 }
382
383 skb->protocol = htons(ETH_P_IPV6);
384 skb->dev = dev;
385
386 skb_reserve(skb, hlen + sizeof(struct ipv6hdr));
387 skb_reset_transport_header(skb);
388
389
390
391
392 skb_set_owner_w(skb, sk);
393
394 return skb;
395}
396
397static void ip6_nd_hdr(struct sk_buff *skb,
398 const struct in6_addr *saddr,
399 const struct in6_addr *daddr,
400 int hop_limit, int len)
401{
402 struct ipv6hdr *hdr;
403
404 skb_push(skb, sizeof(*hdr));
405 skb_reset_network_header(skb);
406 hdr = ipv6_hdr(skb);
407
408 ip6_flow_hdr(hdr, 0, 0);
409
410 hdr->payload_len = htons(len);
411 hdr->nexthdr = IPPROTO_ICMPV6;
412 hdr->hop_limit = hop_limit;
413
414 hdr->saddr = *saddr;
415 hdr->daddr = *daddr;
416}
417
418static void ndisc_send_skb(struct sk_buff *skb,
419 const struct in6_addr *daddr,
420 const struct in6_addr *saddr)
421{
422 struct dst_entry *dst = skb_dst(skb);
423 struct net *net = dev_net(skb->dev);
424 struct sock *sk = net->ipv6.ndisc_sk;
425 struct inet6_dev *idev;
426 int err;
427 struct icmp6hdr *icmp6h = icmp6_hdr(skb);
428 u8 type;
429
430 type = icmp6h->icmp6_type;
431
432 if (!dst) {
433 struct flowi6 fl6;
434
435 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, skb->dev->ifindex);
436 dst = icmp6_dst_alloc(skb->dev, &fl6);
437 if (IS_ERR(dst)) {
438 kfree_skb(skb);
439 return;
440 }
441
442 skb_dst_set(skb, dst);
443 }
444
445 icmp6h->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len,
446 IPPROTO_ICMPV6,
447 csum_partial(icmp6h,
448 skb->len, 0));
449
450 ip6_nd_hdr(skb, saddr, daddr, inet6_sk(sk)->hop_limit, skb->len);
451
452 rcu_read_lock();
453 idev = __in6_dev_get(dst->dev);
454 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
455
456 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev,
457 dst_output);
458 if (!err) {
459 ICMP6MSGOUT_INC_STATS(net, idev, type);
460 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
461 }
462
463 rcu_read_unlock();
464}
465
466void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
467 const struct in6_addr *daddr,
468 const struct in6_addr *solicited_addr,
469 bool router, bool solicited, bool override, bool inc_opt)
470{
471 struct sk_buff *skb;
472 struct in6_addr tmpaddr;
473 struct inet6_ifaddr *ifp;
474 const struct in6_addr *src_addr;
475 struct nd_msg *msg;
476 int optlen = 0;
477
478
479 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
480 if (ifp) {
481 src_addr = solicited_addr;
482 if (ifp->flags & IFA_F_OPTIMISTIC)
483 override = false;
484 inc_opt |= ifp->idev->cnf.force_tllao;
485 in6_ifa_put(ifp);
486 } else {
487 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
488 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
489 &tmpaddr))
490 return;
491 src_addr = &tmpaddr;
492 }
493
494 if (!dev->addr_len)
495 inc_opt = 0;
496 if (inc_opt)
497 optlen += ndisc_opt_addr_space(dev);
498
499 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
500 if (!skb)
501 return;
502
503 msg = (struct nd_msg *)skb_put(skb, sizeof(*msg));
504 *msg = (struct nd_msg) {
505 .icmph = {
506 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
507 .icmp6_router = router,
508 .icmp6_solicited = solicited,
509 .icmp6_override = override,
510 },
511 .target = *solicited_addr,
512 };
513
514 if (inc_opt)
515 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR,
516 dev->dev_addr);
517
518
519 ndisc_send_skb(skb, daddr, src_addr);
520}
521
522static void ndisc_send_unsol_na(struct net_device *dev)
523{
524 struct inet6_dev *idev;
525 struct inet6_ifaddr *ifa;
526
527 idev = in6_dev_get(dev);
528 if (!idev)
529 return;
530
531 read_lock_bh(&idev->lock);
532 list_for_each_entry(ifa, &idev->addr_list, if_list) {
533 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &ifa->addr,
534 !!idev->cnf.forwarding,
535 false, true,
536 true);
537 }
538 read_unlock_bh(&idev->lock);
539
540 in6_dev_put(idev);
541}
542
543void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh,
544 const struct in6_addr *solicit,
545 const struct in6_addr *daddr, const struct in6_addr *saddr)
546{
547 struct sk_buff *skb;
548 struct in6_addr addr_buf;
549 int inc_opt = dev->addr_len;
550 int optlen = 0;
551 struct nd_msg *msg;
552
553 if (saddr == NULL) {
554 if (ipv6_get_lladdr(dev, &addr_buf,
555 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
556 return;
557 saddr = &addr_buf;
558 }
559
560 if (ipv6_addr_any(saddr))
561 inc_opt = false;
562 if (inc_opt)
563 optlen += ndisc_opt_addr_space(dev);
564
565 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
566 if (!skb)
567 return;
568
569 msg = (struct nd_msg *)skb_put(skb, sizeof(*msg));
570 *msg = (struct nd_msg) {
571 .icmph = {
572 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
573 },
574 .target = *solicit,
575 };
576
577 if (inc_opt)
578 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
579 dev->dev_addr);
580
581 ndisc_send_skb(skb, daddr, saddr);
582}
583
584void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
585 const struct in6_addr *daddr)
586{
587 struct sk_buff *skb;
588 struct rs_msg *msg;
589 int send_sllao = dev->addr_len;
590 int optlen = 0;
591
592#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
593
594
595
596
597
598
599
600
601 if (send_sllao) {
602 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
603 dev, 1);
604 if (ifp) {
605 if (ifp->flags & IFA_F_OPTIMISTIC) {
606 send_sllao = 0;
607 }
608 in6_ifa_put(ifp);
609 } else {
610 send_sllao = 0;
611 }
612 }
613#endif
614 if (send_sllao)
615 optlen += ndisc_opt_addr_space(dev);
616
617 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
618 if (!skb)
619 return;
620
621 msg = (struct rs_msg *)skb_put(skb, sizeof(*msg));
622 *msg = (struct rs_msg) {
623 .icmph = {
624 .icmp6_type = NDISC_ROUTER_SOLICITATION,
625 },
626 };
627
628 if (send_sllao)
629 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
630 dev->dev_addr);
631
632 ndisc_send_skb(skb, daddr, saddr);
633}
634
635
636static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
637{
638
639
640
641
642 dst_link_failure(skb);
643 kfree_skb(skb);
644}
645
646
647
648static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
649{
650 struct in6_addr *saddr = NULL;
651 struct in6_addr mcaddr;
652 struct net_device *dev = neigh->dev;
653 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
654 int probes = atomic_read(&neigh->probes);
655
656 if (skb && ipv6_chk_addr(dev_net(dev), &ipv6_hdr(skb)->saddr, dev, 1))
657 saddr = &ipv6_hdr(skb)->saddr;
658
659 if ((probes -= neigh->parms->ucast_probes) < 0) {
660 if (!(neigh->nud_state & NUD_VALID)) {
661 ND_PRINTK(1, dbg,
662 "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
663 __func__, target);
664 }
665 ndisc_send_ns(dev, neigh, target, target, saddr);
666 } else if ((probes -= neigh->parms->app_probes) < 0) {
667 neigh_app_ns(neigh);
668 } else {
669 addrconf_addr_solict_mult(target, &mcaddr);
670 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr);
671 }
672}
673
674static int pndisc_is_router(const void *pkey,
675 struct net_device *dev)
676{
677 struct pneigh_entry *n;
678 int ret = -1;
679
680 read_lock_bh(&nd_tbl.lock);
681 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
682 if (n)
683 ret = !!(n->flags & NTF_ROUTER);
684 read_unlock_bh(&nd_tbl.lock);
685
686 return ret;
687}
688
689static void ndisc_recv_ns(struct sk_buff *skb)
690{
691 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
692 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
693 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
694 u8 *lladdr = NULL;
695 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
696 offsetof(struct nd_msg, opt));
697 struct ndisc_options ndopts;
698 struct net_device *dev = skb->dev;
699 struct inet6_ifaddr *ifp;
700 struct inet6_dev *idev = NULL;
701 struct neighbour *neigh;
702 int dad = ipv6_addr_any(saddr);
703 bool inc;
704 int is_router = -1;
705
706 if (skb->len < sizeof(struct nd_msg)) {
707 ND_PRINTK(2, warn, "NS: packet too short\n");
708 return;
709 }
710
711 if (ipv6_addr_is_multicast(&msg->target)) {
712 ND_PRINTK(2, warn, "NS: multicast target address\n");
713 return;
714 }
715
716
717
718
719
720 if (dad && !ipv6_addr_is_solict_mult(daddr)) {
721 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
722 return;
723 }
724
725 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
726 ND_PRINTK(2, warn, "NS: invalid ND options\n");
727 return;
728 }
729
730 if (ndopts.nd_opts_src_lladdr) {
731 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
732 if (!lladdr) {
733 ND_PRINTK(2, warn,
734 "NS: invalid link-layer address length\n");
735 return;
736 }
737
738
739
740
741
742
743 if (dad) {
744 ND_PRINTK(2, warn,
745 "NS: bad DAD packet (link-layer address option)\n");
746 return;
747 }
748 }
749
750 inc = ipv6_addr_is_multicast(daddr);
751
752 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
753 if (ifp) {
754
755 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
756 if (dad) {
757
758
759
760
761
762 addrconf_dad_failure(ifp);
763 return;
764 } else {
765
766
767
768
769
770
771 if (!(ifp->flags & IFA_F_OPTIMISTIC))
772 goto out;
773 }
774 }
775
776 idev = ifp->idev;
777 } else {
778 struct net *net = dev_net(dev);
779
780 idev = in6_dev_get(dev);
781 if (!idev) {
782
783 return;
784 }
785
786 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
787 (idev->cnf.forwarding &&
788 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
789 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
790 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
791 skb->pkt_type != PACKET_HOST &&
792 inc &&
793 idev->nd_parms->proxy_delay != 0) {
794
795
796
797
798
799
800
801 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
802 if (n)
803 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
804 goto out;
805 }
806 } else
807 goto out;
808 }
809
810 if (is_router < 0)
811 is_router = idev->cnf.forwarding;
812
813 if (dad) {
814 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &msg->target,
815 !!is_router, false, (ifp != NULL), true);
816 goto out;
817 }
818
819 if (inc)
820 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
821 else
822 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
823
824
825
826
827
828 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
829 !inc || lladdr || !dev->addr_len);
830 if (neigh)
831 neigh_update(neigh, lladdr, NUD_STALE,
832 NEIGH_UPDATE_F_WEAK_OVERRIDE|
833 NEIGH_UPDATE_F_OVERRIDE);
834 if (neigh || !dev->header_ops) {
835 ndisc_send_na(dev, neigh, saddr, &msg->target,
836 !!is_router,
837 true, (ifp != NULL && inc), inc);
838 if (neigh)
839 neigh_release(neigh);
840 }
841
842out:
843 if (ifp)
844 in6_ifa_put(ifp);
845 else
846 in6_dev_put(idev);
847}
848
849static void ndisc_recv_na(struct sk_buff *skb)
850{
851 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
852 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
853 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
854 u8 *lladdr = NULL;
855 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
856 offsetof(struct nd_msg, opt));
857 struct ndisc_options ndopts;
858 struct net_device *dev = skb->dev;
859 struct inet6_ifaddr *ifp;
860 struct neighbour *neigh;
861
862 if (skb->len < sizeof(struct nd_msg)) {
863 ND_PRINTK(2, warn, "NA: packet too short\n");
864 return;
865 }
866
867 if (ipv6_addr_is_multicast(&msg->target)) {
868 ND_PRINTK(2, warn, "NA: target address is multicast\n");
869 return;
870 }
871
872 if (ipv6_addr_is_multicast(daddr) &&
873 msg->icmph.icmp6_solicited) {
874 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
875 return;
876 }
877
878 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
879 ND_PRINTK(2, warn, "NS: invalid ND option\n");
880 return;
881 }
882 if (ndopts.nd_opts_tgt_lladdr) {
883 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
884 if (!lladdr) {
885 ND_PRINTK(2, warn,
886 "NA: invalid link-layer address length\n");
887 return;
888 }
889 }
890 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
891 if (ifp) {
892 if (skb->pkt_type != PACKET_LOOPBACK
893 && (ifp->flags & IFA_F_TENTATIVE)) {
894 addrconf_dad_failure(ifp);
895 return;
896 }
897
898
899
900
901
902
903
904
905
906 if (skb->pkt_type != PACKET_LOOPBACK)
907 ND_PRINTK(1, warn,
908 "NA: someone advertises our address %pI6 on %s!\n",
909 &ifp->addr, ifp->idev->dev->name);
910 in6_ifa_put(ifp);
911 return;
912 }
913 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
914
915 if (neigh) {
916 u8 old_flags = neigh->flags;
917 struct net *net = dev_net(dev);
918
919 if (neigh->nud_state & NUD_FAILED)
920 goto out;
921
922
923
924
925
926
927 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
928 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
929 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
930
931 goto out;
932 }
933
934 neigh_update(neigh, lladdr,
935 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
936 NEIGH_UPDATE_F_WEAK_OVERRIDE|
937 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
938 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
939 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0));
940
941 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
942
943
944
945 struct rt6_info *rt;
946 rt = rt6_get_dflt_router(saddr, dev);
947 if (rt)
948 ip6_del_rt(rt);
949 }
950
951out:
952 neigh_release(neigh);
953 }
954}
955
956static void ndisc_recv_rs(struct sk_buff *skb)
957{
958 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
959 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
960 struct neighbour *neigh;
961 struct inet6_dev *idev;
962 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
963 struct ndisc_options ndopts;
964 u8 *lladdr = NULL;
965
966 if (skb->len < sizeof(*rs_msg))
967 return;
968
969 idev = __in6_dev_get(skb->dev);
970 if (!idev) {
971 ND_PRINTK(1, err, "RS: can't find in6 device\n");
972 return;
973 }
974
975
976 if (!idev->cnf.forwarding)
977 goto out;
978
979
980
981
982
983 if (ipv6_addr_any(saddr))
984 goto out;
985
986
987 if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) {
988 ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n");
989 goto out;
990 }
991
992 if (ndopts.nd_opts_src_lladdr) {
993 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
994 skb->dev);
995 if (!lladdr)
996 goto out;
997 }
998
999 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1000 if (neigh) {
1001 neigh_update(neigh, lladdr, NUD_STALE,
1002 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1003 NEIGH_UPDATE_F_OVERRIDE|
1004 NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
1005 neigh_release(neigh);
1006 }
1007out:
1008 return;
1009}
1010
1011static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1012{
1013 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1014 struct sk_buff *skb;
1015 struct nlmsghdr *nlh;
1016 struct nduseroptmsg *ndmsg;
1017 struct net *net = dev_net(ra->dev);
1018 int err;
1019 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1020 + (opt->nd_opt_len << 3));
1021 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1022
1023 skb = nlmsg_new(msg_size, GFP_ATOMIC);
1024 if (skb == NULL) {
1025 err = -ENOBUFS;
1026 goto errout;
1027 }
1028
1029 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1030 if (nlh == NULL) {
1031 goto nla_put_failure;
1032 }
1033
1034 ndmsg = nlmsg_data(nlh);
1035 ndmsg->nduseropt_family = AF_INET6;
1036 ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1037 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1038 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1039 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1040
1041 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1042
1043 if (nla_put(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr),
1044 &ipv6_hdr(ra)->saddr))
1045 goto nla_put_failure;
1046 nlmsg_end(skb, nlh);
1047
1048 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1049 return;
1050
1051nla_put_failure:
1052 nlmsg_free(skb);
1053 err = -EMSGSIZE;
1054errout:
1055 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1056}
1057
1058static void ndisc_router_discovery(struct sk_buff *skb)
1059{
1060 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1061 struct neighbour *neigh = NULL;
1062 struct inet6_dev *in6_dev;
1063 struct rt6_info *rt = NULL;
1064 int lifetime;
1065 struct ndisc_options ndopts;
1066 int optlen;
1067 unsigned int pref = 0;
1068
1069 __u8 * opt = (__u8 *)(ra_msg + 1);
1070
1071 optlen = (skb_tail_pointer(skb) - skb_transport_header(skb)) -
1072 sizeof(struct ra_msg);
1073
1074 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1075 ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1076 return;
1077 }
1078 if (optlen < 0) {
1079 ND_PRINTK(2, warn, "RA: packet too short\n");
1080 return;
1081 }
1082
1083#ifdef CONFIG_IPV6_NDISC_NODETYPE
1084 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1085 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
1086 return;
1087 }
1088#endif
1089
1090
1091
1092
1093
1094 in6_dev = __in6_dev_get(skb->dev);
1095 if (in6_dev == NULL) {
1096 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1097 skb->dev->name);
1098 return;
1099 }
1100
1101 if (!ndisc_parse_options(opt, optlen, &ndopts)) {
1102 ND_PRINTK(2, warn, "RA: invalid ND options\n");
1103 return;
1104 }
1105
1106 if (!ipv6_accept_ra(in6_dev))
1107 goto skip_linkparms;
1108
1109#ifdef CONFIG_IPV6_NDISC_NODETYPE
1110
1111 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1112 goto skip_linkparms;
1113#endif
1114
1115 if (in6_dev->if_flags & IF_RS_SENT) {
1116
1117
1118
1119
1120 in6_dev->if_flags |= IF_RA_RCVD;
1121 }
1122
1123
1124
1125
1126
1127 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1128 IF_RA_OTHERCONF)) |
1129 (ra_msg->icmph.icmp6_addrconf_managed ?
1130 IF_RA_MANAGED : 0) |
1131 (ra_msg->icmph.icmp6_addrconf_other ?
1132 IF_RA_OTHERCONF : 0);
1133
1134 if (!in6_dev->cnf.accept_ra_defrtr)
1135 goto skip_defrtr;
1136
1137 if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0))
1138 goto skip_defrtr;
1139
1140 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1141
1142#ifdef CONFIG_IPV6_ROUTER_PREF
1143 pref = ra_msg->icmph.icmp6_router_pref;
1144
1145 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1146 !in6_dev->cnf.accept_ra_rtr_pref)
1147 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1148#endif
1149
1150 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1151
1152 if (rt) {
1153 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1154 if (!neigh) {
1155 ND_PRINTK(0, err,
1156 "RA: %s got default router without neighbour\n",
1157 __func__);
1158 ip6_rt_put(rt);
1159 return;
1160 }
1161 }
1162 if (rt && lifetime == 0) {
1163 ip6_del_rt(rt);
1164 rt = NULL;
1165 }
1166
1167 if (rt == NULL && lifetime) {
1168 ND_PRINTK(3, dbg, "RA: adding default router\n");
1169
1170 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
1171 if (rt == NULL) {
1172 ND_PRINTK(0, err,
1173 "RA: %s failed to add default route\n",
1174 __func__);
1175 return;
1176 }
1177
1178 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1179 if (neigh == NULL) {
1180 ND_PRINTK(0, err,
1181 "RA: %s got default router without neighbour\n",
1182 __func__);
1183 ip6_rt_put(rt);
1184 return;
1185 }
1186 neigh->flags |= NTF_ROUTER;
1187 } else if (rt) {
1188 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1189 }
1190
1191 if (rt)
1192 rt6_set_expires(rt, jiffies + (HZ * lifetime));
1193 if (ra_msg->icmph.icmp6_hop_limit) {
1194 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1195 if (rt)
1196 dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
1197 ra_msg->icmph.icmp6_hop_limit);
1198 }
1199
1200skip_defrtr:
1201
1202
1203
1204
1205
1206 if (in6_dev->nd_parms) {
1207 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1208
1209 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1210 rtime = (rtime*HZ)/1000;
1211 if (rtime < HZ/10)
1212 rtime = HZ/10;
1213 in6_dev->nd_parms->retrans_time = rtime;
1214 in6_dev->tstamp = jiffies;
1215 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1216 }
1217
1218 rtime = ntohl(ra_msg->reachable_time);
1219 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1220 rtime = (rtime*HZ)/1000;
1221
1222 if (rtime < HZ/10)
1223 rtime = HZ/10;
1224
1225 if (rtime != in6_dev->nd_parms->base_reachable_time) {
1226 in6_dev->nd_parms->base_reachable_time = rtime;
1227 in6_dev->nd_parms->gc_staletime = 3 * rtime;
1228 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1229 in6_dev->tstamp = jiffies;
1230 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1231 }
1232 }
1233 }
1234
1235skip_linkparms:
1236
1237
1238
1239
1240
1241 if (!neigh)
1242 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1243 skb->dev, 1);
1244 if (neigh) {
1245 u8 *lladdr = NULL;
1246 if (ndopts.nd_opts_src_lladdr) {
1247 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1248 skb->dev);
1249 if (!lladdr) {
1250 ND_PRINTK(2, warn,
1251 "RA: invalid link-layer address length\n");
1252 goto out;
1253 }
1254 }
1255 neigh_update(neigh, lladdr, NUD_STALE,
1256 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1257 NEIGH_UPDATE_F_OVERRIDE|
1258 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1259 NEIGH_UPDATE_F_ISROUTER);
1260 }
1261
1262 if (!ipv6_accept_ra(in6_dev))
1263 goto out;
1264
1265#ifdef CONFIG_IPV6_ROUTE_INFO
1266 if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0))
1267 goto skip_routeinfo;
1268
1269 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1270 struct nd_opt_hdr *p;
1271 for (p = ndopts.nd_opts_ri;
1272 p;
1273 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1274 struct route_info *ri = (struct route_info *)p;
1275#ifdef CONFIG_IPV6_NDISC_NODETYPE
1276 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1277 ri->prefix_len == 0)
1278 continue;
1279#endif
1280 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1281 continue;
1282 rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3,
1283 &ipv6_hdr(skb)->saddr);
1284 }
1285 }
1286
1287skip_routeinfo:
1288#endif
1289
1290#ifdef CONFIG_IPV6_NDISC_NODETYPE
1291
1292 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1293 goto out;
1294#endif
1295
1296 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1297 struct nd_opt_hdr *p;
1298 for (p = ndopts.nd_opts_pi;
1299 p;
1300 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1301 addrconf_prefix_rcv(skb->dev, (u8 *)p,
1302 (p->nd_opt_len) << 3,
1303 ndopts.nd_opts_src_lladdr != NULL);
1304 }
1305 }
1306
1307 if (ndopts.nd_opts_mtu) {
1308 __be32 n;
1309 u32 mtu;
1310
1311 memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1312 mtu = ntohl(n);
1313
1314 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1315 ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1316 } else if (in6_dev->cnf.mtu6 != mtu) {
1317 in6_dev->cnf.mtu6 = mtu;
1318
1319 if (rt)
1320 dst_metric_set(&rt->dst, RTAX_MTU, mtu);
1321
1322 rt6_mtu_change(skb->dev, mtu);
1323 }
1324 }
1325
1326 if (ndopts.nd_useropts) {
1327 struct nd_opt_hdr *p;
1328 for (p = ndopts.nd_useropts;
1329 p;
1330 p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) {
1331 ndisc_ra_useropt(skb, p);
1332 }
1333 }
1334
1335 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1336 ND_PRINTK(2, warn, "RA: invalid RA options\n");
1337 }
1338out:
1339 ip6_rt_put(rt);
1340 if (neigh)
1341 neigh_release(neigh);
1342}
1343
1344static void ndisc_redirect_rcv(struct sk_buff *skb)
1345{
1346 u8 *hdr;
1347 struct ndisc_options ndopts;
1348 struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb);
1349 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
1350 offsetof(struct rd_msg, opt));
1351
1352#ifdef CONFIG_IPV6_NDISC_NODETYPE
1353 switch (skb->ndisc_nodetype) {
1354 case NDISC_NODETYPE_HOST:
1355 case NDISC_NODETYPE_NODEFAULT:
1356 ND_PRINTK(2, warn,
1357 "Redirect: from host or unauthorized router\n");
1358 return;
1359 }
1360#endif
1361
1362 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1363 ND_PRINTK(2, warn,
1364 "Redirect: source address is not link-local\n");
1365 return;
1366 }
1367
1368 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts))
1369 return;
1370
1371 if (!ndopts.nd_opts_rh) {
1372 ip6_redirect_no_header(skb, dev_net(skb->dev),
1373 skb->dev->ifindex, 0);
1374 return;
1375 }
1376
1377 hdr = (u8 *)ndopts.nd_opts_rh;
1378 hdr += 8;
1379 if (!pskb_pull(skb, hdr - skb_transport_header(skb)))
1380 return;
1381
1382 icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1383}
1384
1385static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb,
1386 struct sk_buff *orig_skb,
1387 int rd_len)
1388{
1389 u8 *opt = skb_put(skb, rd_len);
1390
1391 memset(opt, 0, 8);
1392 *(opt++) = ND_OPT_REDIRECT_HDR;
1393 *(opt++) = (rd_len >> 3);
1394 opt += 6;
1395
1396 memcpy(opt, ipv6_hdr(orig_skb), rd_len - 8);
1397}
1398
1399void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1400{
1401 struct net_device *dev = skb->dev;
1402 struct net *net = dev_net(dev);
1403 struct sock *sk = net->ipv6.ndisc_sk;
1404 int optlen = 0;
1405 struct inet_peer *peer;
1406 struct sk_buff *buff;
1407 struct rd_msg *msg;
1408 struct in6_addr saddr_buf;
1409 struct rt6_info *rt;
1410 struct dst_entry *dst;
1411 struct flowi6 fl6;
1412 int rd_len;
1413 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL;
1414 bool ret;
1415
1416 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1417 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1418 dev->name);
1419 return;
1420 }
1421
1422 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1423 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1424 ND_PRINTK(2, warn,
1425 "Redirect: target address is not link-local unicast\n");
1426 return;
1427 }
1428
1429 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1430 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1431
1432 dst = ip6_route_output(net, NULL, &fl6);
1433 if (dst->error) {
1434 dst_release(dst);
1435 return;
1436 }
1437 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1438 if (IS_ERR(dst))
1439 return;
1440
1441 rt = (struct rt6_info *) dst;
1442
1443 if (rt->rt6i_flags & RTF_GATEWAY) {
1444 ND_PRINTK(2, warn,
1445 "Redirect: destination is not a neighbour\n");
1446 goto release;
1447 }
1448 peer = inet_getpeer_v6(net->ipv6.peers, &rt->rt6i_dst.addr, 1);
1449 ret = inet_peer_xrlim_allow(peer, 1*HZ);
1450 if (peer)
1451 inet_putpeer(peer);
1452 if (!ret)
1453 goto release;
1454
1455 if (dev->addr_len) {
1456 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1457 if (!neigh) {
1458 ND_PRINTK(2, warn,
1459 "Redirect: no neigh for target address\n");
1460 goto release;
1461 }
1462
1463 read_lock_bh(&neigh->lock);
1464 if (neigh->nud_state & NUD_VALID) {
1465 memcpy(ha_buf, neigh->ha, dev->addr_len);
1466 read_unlock_bh(&neigh->lock);
1467 ha = ha_buf;
1468 optlen += ndisc_opt_addr_space(dev);
1469 } else
1470 read_unlock_bh(&neigh->lock);
1471
1472 neigh_release(neigh);
1473 }
1474
1475 rd_len = min_t(unsigned int,
1476 IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen,
1477 skb->len + 8);
1478 rd_len &= ~0x7;
1479 optlen += rd_len;
1480
1481 buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
1482 if (!buff)
1483 goto release;
1484
1485 msg = (struct rd_msg *)skb_put(buff, sizeof(*msg));
1486 *msg = (struct rd_msg) {
1487 .icmph = {
1488 .icmp6_type = NDISC_REDIRECT,
1489 },
1490 .target = *target,
1491 .dest = ipv6_hdr(skb)->daddr,
1492 };
1493
1494
1495
1496
1497
1498 if (ha)
1499 ndisc_fill_addr_option(buff, ND_OPT_TARGET_LL_ADDR, ha);
1500
1501
1502
1503
1504
1505 if (rd_len)
1506 ndisc_fill_redirect_hdr_option(buff, skb, rd_len);
1507
1508 skb_dst_set(buff, dst);
1509 ndisc_send_skb(buff, &ipv6_hdr(skb)->saddr, &saddr_buf);
1510 return;
1511
1512release:
1513 dst_release(dst);
1514}
1515
1516static void pndisc_redo(struct sk_buff *skb)
1517{
1518 ndisc_recv_ns(skb);
1519 kfree_skb(skb);
1520}
1521
1522static bool ndisc_suppress_frag_ndisc(struct sk_buff *skb)
1523{
1524 struct inet6_dev *idev = __in6_dev_get(skb->dev);
1525
1526 if (!idev)
1527 return true;
1528 if (IP6CB(skb)->flags & IP6SKB_FRAGMENTED &&
1529 idev->cnf.suppress_frag_ndisc) {
1530 net_warn_ratelimited("Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.\n");
1531 return true;
1532 }
1533 return false;
1534}
1535
1536int ndisc_rcv(struct sk_buff *skb)
1537{
1538 struct nd_msg *msg;
1539
1540 if (ndisc_suppress_frag_ndisc(skb))
1541 return 0;
1542
1543 if (skb_linearize(skb))
1544 return 0;
1545
1546 msg = (struct nd_msg *)skb_transport_header(skb);
1547
1548 __skb_push(skb, skb->data - skb_transport_header(skb));
1549
1550 if (ipv6_hdr(skb)->hop_limit != 255) {
1551 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1552 ipv6_hdr(skb)->hop_limit);
1553 return 0;
1554 }
1555
1556 if (msg->icmph.icmp6_code != 0) {
1557 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1558 msg->icmph.icmp6_code);
1559 return 0;
1560 }
1561
1562 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1563
1564 switch (msg->icmph.icmp6_type) {
1565 case NDISC_NEIGHBOUR_SOLICITATION:
1566 ndisc_recv_ns(skb);
1567 break;
1568
1569 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1570 ndisc_recv_na(skb);
1571 break;
1572
1573 case NDISC_ROUTER_SOLICITATION:
1574 ndisc_recv_rs(skb);
1575 break;
1576
1577 case NDISC_ROUTER_ADVERTISEMENT:
1578 ndisc_router_discovery(skb);
1579 break;
1580
1581 case NDISC_REDIRECT:
1582 ndisc_redirect_rcv(skb);
1583 break;
1584 }
1585
1586 return 0;
1587}
1588
1589static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1590{
1591 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1592 struct net *net = dev_net(dev);
1593 struct inet6_dev *idev;
1594
1595 switch (event) {
1596 case NETDEV_CHANGEADDR:
1597 neigh_changeaddr(&nd_tbl, dev);
1598 fib6_run_gc(0, net, false);
1599 idev = in6_dev_get(dev);
1600 if (!idev)
1601 break;
1602 if (idev->cnf.ndisc_notify)
1603 ndisc_send_unsol_na(dev);
1604 in6_dev_put(idev);
1605 break;
1606 case NETDEV_DOWN:
1607 neigh_ifdown(&nd_tbl, dev);
1608 fib6_run_gc(0, net, false);
1609 break;
1610 case NETDEV_NOTIFY_PEERS:
1611 ndisc_send_unsol_na(dev);
1612 break;
1613 default:
1614 break;
1615 }
1616
1617 return NOTIFY_DONE;
1618}
1619
1620static struct notifier_block ndisc_netdev_notifier = {
1621 .notifier_call = ndisc_netdev_event,
1622};
1623
1624#ifdef CONFIG_SYSCTL
1625static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1626 const char *func, const char *dev_name)
1627{
1628 static char warncomm[TASK_COMM_LEN];
1629 static int warned;
1630 if (strcmp(warncomm, current->comm) && warned < 5) {
1631 strcpy(warncomm, current->comm);
1632 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1633 warncomm, func,
1634 dev_name, ctl->procname,
1635 dev_name, ctl->procname);
1636 warned++;
1637 }
1638}
1639
1640int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
1641{
1642 struct net_device *dev = ctl->extra1;
1643 struct inet6_dev *idev;
1644 int ret;
1645
1646 if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1647 (strcmp(ctl->procname, "base_reachable_time") == 0))
1648 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1649
1650 if (strcmp(ctl->procname, "retrans_time") == 0)
1651 ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
1652
1653 else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1654 ret = proc_dointvec_jiffies(ctl, write,
1655 buffer, lenp, ppos);
1656
1657 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1658 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1659 ret = proc_dointvec_ms_jiffies(ctl, write,
1660 buffer, lenp, ppos);
1661 else
1662 ret = -1;
1663
1664 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1665 if (ctl->data == &idev->nd_parms->base_reachable_time)
1666 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time);
1667 idev->tstamp = jiffies;
1668 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1669 in6_dev_put(idev);
1670 }
1671 return ret;
1672}
1673
1674
1675#endif
1676
1677static int __net_init ndisc_net_init(struct net *net)
1678{
1679 struct ipv6_pinfo *np;
1680 struct sock *sk;
1681 int err;
1682
1683 err = inet_ctl_sock_create(&sk, PF_INET6,
1684 SOCK_RAW, IPPROTO_ICMPV6, net);
1685 if (err < 0) {
1686 ND_PRINTK(0, err,
1687 "NDISC: Failed to initialize the control socket (err %d)\n",
1688 err);
1689 return err;
1690 }
1691
1692 net->ipv6.ndisc_sk = sk;
1693
1694 np = inet6_sk(sk);
1695 np->hop_limit = 255;
1696
1697 np->mc_loop = 0;
1698
1699 return 0;
1700}
1701
1702static void __net_exit ndisc_net_exit(struct net *net)
1703{
1704 inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1705}
1706
1707static struct pernet_operations ndisc_net_ops = {
1708 .init = ndisc_net_init,
1709 .exit = ndisc_net_exit,
1710};
1711
1712int __init ndisc_init(void)
1713{
1714 int err;
1715
1716 err = register_pernet_subsys(&ndisc_net_ops);
1717 if (err)
1718 return err;
1719
1720
1721
1722 neigh_table_init(&nd_tbl);
1723
1724#ifdef CONFIG_SYSCTL
1725 err = neigh_sysctl_register(NULL, &nd_tbl.parms, "ipv6",
1726 &ndisc_ifinfo_sysctl_change);
1727 if (err)
1728 goto out_unregister_pernet;
1729#endif
1730out:
1731 return err;
1732
1733#ifdef CONFIG_SYSCTL
1734out_unregister_pernet:
1735 unregister_pernet_subsys(&ndisc_net_ops);
1736 goto out;
1737#endif
1738}
1739
1740int __init ndisc_late_init(void)
1741{
1742 return register_netdevice_notifier(&ndisc_netdev_notifier);
1743}
1744
1745void ndisc_late_cleanup(void)
1746{
1747 unregister_netdevice_notifier(&ndisc_netdev_notifier);
1748}
1749
1750void ndisc_cleanup(void)
1751{
1752#ifdef CONFIG_SYSCTL
1753 neigh_sysctl_unregister(&nd_tbl.parms);
1754#endif
1755 neigh_table_clear(&nd_tbl);
1756 unregister_pernet_subsys(&ndisc_net_ops);
1757}
1758
