LXR linux/net/ipv6/ndisc.c

   1/*
   2 *      Neighbour Discovery for IPv6
   3 *      Linux INET6 implementation
   4 *
   5 *      Authors:
   6 *      Pedro Roque             <roque@di.fc.ul.pt>
   7 *      Mike Shaver             <shaver@ingenia.com>
   8 *
   9 *      This program is free software; you can redistribute it and/or
  10 *      modify it under the terms of the GNU General Public License
  11 *      as published by the Free Software Foundation; either version
  12 *      2 of the License, or (at your option) any later version.
  13 */
  14
  15/*
  16 *      Changes:
  17 *
  18 *      Alexey I. Froloff               :       RFC6106 (DNSSL) support
  19 *      Pierre Ynard                    :       export userland ND options
  20 *                                              through netlink (RDNSS support)
  21 *      Lars Fenneberg                  :       fixed MTU setting on receipt
  22 *                                              of an RA.
  23 *      Janos Farkas                    :       kmalloc failure checks
  24 *      Alexey Kuznetsov                :       state machine reworked
  25 *                                              and moved to net/core.
  26 *      Pekka Savola                    :       RFC2461 validation
  27 *      YOSHIFUJI Hideaki @USAGI        :       Verify ND options properly
  28 */
  29
  30#define pr_fmt(fmt) "ICMPv6: " fmt
  31
  32#include <linux/module.h>
  33#include <linux/errno.h>
  34#include <linux/types.h>
  35#include <linux/socket.h>
  36#include <linux/sockios.h>
  37#include <linux/sched.h>
  38#include <linux/net.h>
  39#include <linux/in6.h>
  40#include <linux/route.h>
  41#include <linux/init.h>
  42#include <linux/rcupdate.h>
  43#include <linux/slab.h>
  44#ifdef CONFIG_SYSCTL
  45#include <linux/sysctl.h>
  46#endif
  47
  48#include <linux/if_addr.h>
  49#include <linux/if_arp.h>
  50#include <linux/ipv6.h>
  51#include <linux/icmpv6.h>
  52#include <linux/jhash.h>
  53
  54#include <net/sock.h>
  55#include <net/snmp.h>
  56
  57#include <net/ipv6.h>
  58#include <net/protocol.h>
  59#include <net/ndisc.h>
  60#include <net/ip6_route.h>
  61#include <net/addrconf.h>
  62#include <net/icmp.h>
  63
  64#include <net/netlink.h>
  65#include <linux/rtnetlink.h>
  66
  67#include <net/flow.h>
  68#include <net/ip6_checksum.h>
  69#include <net/inet_common.h>
  70#include <linux/proc_fs.h>
  71
  72#include <linux/netfilter.h>
  73#include <linux/netfilter_ipv6.h>
  74
  75/* Set to 3 to get tracing... */
  76#define ND_DEBUG 1
  77
  78#define ND_PRINTK(val, level, fmt, ...)                         \
  79do {                                                            \
  80        if (val <= ND_DEBUG)                                    \
  81                net_##level##_ratelimited(fmt, ##__VA_ARGS__);  \
  82} while (0)
  83
  84static u32 ndisc_hash(const void *pkey,
  85                      const struct net_device *dev,
  86                      __u32 *hash_rnd);
  87static int ndisc_constructor(struct neighbour *neigh);
  88static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
  89static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
  90static int pndisc_constructor(struct pneigh_entry *n);
  91static void pndisc_destructor(struct pneigh_entry *n);
  92static void pndisc_redo(struct sk_buff *skb);
  93
  94static const struct neigh_ops ndisc_generic_ops = {
  95        .family =               AF_INET6,
  96        .solicit =              ndisc_solicit,
  97        .error_report =         ndisc_error_report,
  98        .output =               neigh_resolve_output,
  99        .connected_output =     neigh_connected_output,
 100};
 101
 102static const struct neigh_ops ndisc_hh_ops = {
 103        .family =               AF_INET6,
 104        .solicit =              ndisc_solicit,
 105        .error_report =         ndisc_error_report,
 106        .output =               neigh_resolve_output,
 107        .connected_output =     neigh_resolve_output,
 108};
 109
 110
 111static const struct neigh_ops ndisc_direct_ops = {
 112        .family =               AF_INET6,
 113        .output =               neigh_direct_output,
 114        .connected_output =     neigh_direct_output,
 115};
 116
 117struct neigh_table nd_tbl = {
 118        .family =       AF_INET6,
 119        .key_len =      sizeof(struct in6_addr),
 120        .hash =         ndisc_hash,
 121        .constructor =  ndisc_constructor,
 122        .pconstructor = pndisc_constructor,
 123        .pdestructor =  pndisc_destructor,
 124        .proxy_redo =   pndisc_redo,
 125        .id =           "ndisc_cache",
 126        .parms = {
 127                .tbl                    = &nd_tbl,
 128                .base_reachable_time    = ND_REACHABLE_TIME,
 129                .retrans_time           = ND_RETRANS_TIMER,
 130                .gc_staletime           = 60 * HZ,
 131                .reachable_time         = ND_REACHABLE_TIME,
 132                .delay_probe_time       = 5 * HZ,
 133                .queue_len_bytes        = 64*1024,
 134                .ucast_probes           = 3,
 135                .mcast_probes           = 3,
 136                .anycast_delay          = 1 * HZ,
 137                .proxy_delay            = (8 * HZ) / 10,
 138                .proxy_qlen             = 64,
 139        },
 140        .gc_interval =    30 * HZ,
 141        .gc_thresh1 =    128,
 142        .gc_thresh2 =    512,
 143        .gc_thresh3 =   1024,
 144};
 145
 146static void ndisc_fill_addr_option(struct sk_buff *skb, int type, void *data)
 147{
 148        int pad   = ndisc_addr_option_pad(skb->dev->type);
 149        int data_len = skb->dev->addr_len;
 150        int space = ndisc_opt_addr_space(skb->dev);
 151        u8 *opt = skb_put(skb, space);
 152
 153        opt[0] = type;
 154        opt[1] = space>>3;
 155
 156        memset(opt + 2, 0, pad);
 157        opt   += pad;
 158        space -= pad;
 159
 160        memcpy(opt+2, data, data_len);
 161        data_len += 2;
 162        opt += data_len;
 163        if ((space -= data_len) > 0)
 164                memset(opt, 0, space);
 165}
 166
 167static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
 168                                            struct nd_opt_hdr *end)
 169{
 170        int type;
 171        if (!cur || !end || cur >= end)
 172                return NULL;
 173        type = cur->nd_opt_type;
 174        do {
 175                cur = ((void *)cur) + (cur->nd_opt_len << 3);
 176        } while(cur < end && cur->nd_opt_type != type);
 177        return cur <= end && cur->nd_opt_type == type ? cur : NULL;
 178}
 179
 180static inline int ndisc_is_useropt(struct nd_opt_hdr *opt)
 181{
 182        return opt->nd_opt_type == ND_OPT_RDNSS ||
 183                opt->nd_opt_type == ND_OPT_DNSSL;
 184}
 185
 186static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur,
 187                                             struct nd_opt_hdr *end)
 188{
 189        if (!cur || !end || cur >= end)
 190                return NULL;
 191        do {
 192                cur = ((void *)cur) + (cur->nd_opt_len << 3);
 193        } while(cur < end && !ndisc_is_useropt(cur));
 194        return cur <= end && ndisc_is_useropt(cur) ? cur : NULL;
 195}
 196
 197struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
 198                                          struct ndisc_options *ndopts)
 199{
 200        struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
 201
 202        if (!nd_opt || opt_len < 0 || !ndopts)
 203                return NULL;
 204        memset(ndopts, 0, sizeof(*ndopts));
 205        while (opt_len) {
 206                int l;
 207                if (opt_len < sizeof(struct nd_opt_hdr))
 208                        return NULL;
 209                l = nd_opt->nd_opt_len << 3;
 210                if (opt_len < l || l == 0)
 211                        return NULL;
 212                switch (nd_opt->nd_opt_type) {
 213                case ND_OPT_SOURCE_LL_ADDR:
 214                case ND_OPT_TARGET_LL_ADDR:
 215                case ND_OPT_MTU:
 216                case ND_OPT_REDIRECT_HDR:
 217                        if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
 218                                ND_PRINTK(2, warn,
 219                                          "%s: duplicated ND6 option found: type=%d\n",
 220                                          __func__, nd_opt->nd_opt_type);
 221                        } else {
 222                                ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
 223                        }
 224                        break;
 225                case ND_OPT_PREFIX_INFO:
 226                        ndopts->nd_opts_pi_end = nd_opt;
 227                        if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
 228                                ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
 229                        break;
 230#ifdef CONFIG_IPV6_ROUTE_INFO
 231                case ND_OPT_ROUTE_INFO:
 232                        ndopts->nd_opts_ri_end = nd_opt;
 233                        if (!ndopts->nd_opts_ri)
 234                                ndopts->nd_opts_ri = nd_opt;
 235                        break;
 236#endif
 237                default:
 238                        if (ndisc_is_useropt(nd_opt)) {
 239                                ndopts->nd_useropts_end = nd_opt;
 240                                if (!ndopts->nd_useropts)
 241                                        ndopts->nd_useropts = nd_opt;
 242                        } else {
 243                                /*
 244                                 * Unknown options must be silently ignored,
 245                                 * to accommodate future extension to the
 246                                 * protocol.
 247                                 */
 248                                ND_PRINTK(2, notice,
 249                                          "%s: ignored unsupported option; type=%d, len=%d\n",
 250                                          __func__,
 251                                          nd_opt->nd_opt_type,
 252                                          nd_opt->nd_opt_len);
 253                        }
 254                }
 255                opt_len -= l;
 256                nd_opt = ((void *)nd_opt) + l;
 257        }
 258        return ndopts;
 259}
 260
 261int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
 262{
 263        switch (dev->type) {
 264        case ARPHRD_ETHER:
 265        case ARPHRD_IEEE802:    /* Not sure. Check it later. --ANK */
 266        case ARPHRD_FDDI:
 267                ipv6_eth_mc_map(addr, buf);
 268                return 0;
 269        case ARPHRD_ARCNET:
 270                ipv6_arcnet_mc_map(addr, buf);
 271                return 0;
 272        case ARPHRD_INFINIBAND:
 273                ipv6_ib_mc_map(addr, dev->broadcast, buf);
 274                return 0;
 275        case ARPHRD_IPGRE:
 276                return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
 277        default:
 278                if (dir) {
 279                        memcpy(buf, dev->broadcast, dev->addr_len);
 280                        return 0;
 281                }
 282        }
 283        return -EINVAL;
 284}
 285
 286EXPORT_SYMBOL(ndisc_mc_map);
 287
 288static u32 ndisc_hash(const void *pkey,
 289                      const struct net_device *dev,
 290                      __u32 *hash_rnd)
 291{
 292        return ndisc_hashfn(pkey, dev, hash_rnd);
 293}
 294
 295static int ndisc_constructor(struct neighbour *neigh)
 296{
 297        struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key;
 298        struct net_device *dev = neigh->dev;
 299        struct inet6_dev *in6_dev;
 300        struct neigh_parms *parms;
 301        bool is_multicast = ipv6_addr_is_multicast(addr);
 302
 303        in6_dev = in6_dev_get(dev);
 304        if (in6_dev == NULL) {
 305                return -EINVAL;
 306        }
 307
 308        parms = in6_dev->nd_parms;
 309        __neigh_parms_put(neigh->parms);
 310        neigh->parms = neigh_parms_clone(parms);
 311
 312        neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
 313        if (!dev->header_ops) {
 314                neigh->nud_state = NUD_NOARP;
 315                neigh->ops = &ndisc_direct_ops;
 316                neigh->output = neigh_direct_output;
 317        } else {
 318                if (is_multicast) {
 319                        neigh->nud_state = NUD_NOARP;
 320                        ndisc_mc_map(addr, neigh->ha, dev, 1);
 321                } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
 322                        neigh->nud_state = NUD_NOARP;
 323                        memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
 324                        if (dev->flags&IFF_LOOPBACK)
 325                                neigh->type = RTN_LOCAL;
 326                } else if (dev->flags&IFF_POINTOPOINT) {
 327                        neigh->nud_state = NUD_NOARP;
 328                        memcpy(neigh->ha, dev->broadcast, dev->addr_len);
 329                }
 330                if (dev->header_ops->cache)
 331                        neigh->ops = &ndisc_hh_ops;
 332                else
 333                        neigh->ops = &ndisc_generic_ops;
 334                if (neigh->nud_state&NUD_VALID)
 335                        neigh->output = neigh->ops->connected_output;
 336                else
 337                        neigh->output = neigh->ops->output;
 338        }
 339        in6_dev_put(in6_dev);
 340        return 0;
 341}
 342
 343static int pndisc_constructor(struct pneigh_entry *n)
 344{
 345        struct in6_addr *addr = (struct in6_addr*)&n->key;
 346        struct in6_addr maddr;
 347        struct net_device *dev = n->dev;
 348
 349        if (dev == NULL || __in6_dev_get(dev) == NULL)
 350                return -EINVAL;
 351        addrconf_addr_solict_mult(addr, &maddr);
 352        ipv6_dev_mc_inc(dev, &maddr);
 353        return 0;
 354}
 355
 356static void pndisc_destructor(struct pneigh_entry *n)
 357{
 358        struct in6_addr *addr = (struct in6_addr*)&n->key;
 359        struct in6_addr maddr;
 360        struct net_device *dev = n->dev;
 361
 362        if (dev == NULL || __in6_dev_get(dev) == NULL)
 363                return;
 364        addrconf_addr_solict_mult(addr, &maddr);
 365        ipv6_dev_mc_dec(dev, &maddr);
 366}
 367
 368static struct sk_buff *ndisc_alloc_skb(struct net_device *dev,
 369                                       int len)
 370{
 371        int hlen = LL_RESERVED_SPACE(dev);
 372        int tlen = dev->needed_tailroom;
 373        struct sock *sk = dev_net(dev)->ipv6.ndisc_sk;
 374        struct sk_buff *skb;
 375
 376        skb = alloc_skb(hlen + sizeof(struct ipv6hdr) + len + tlen, GFP_ATOMIC);
 377        if (!skb) {
 378                ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb\n",
 379                          __func__);
 380                return NULL;
 381        }
 382
 383        skb->protocol = htons(ETH_P_IPV6);
 384        skb->dev = dev;
 385
 386        skb_reserve(skb, hlen + sizeof(struct ipv6hdr));
 387        skb_reset_transport_header(skb);
 388
 389        /* Manually assign socket ownership as we avoid calling
 390         * sock_alloc_send_pskb() to bypass wmem buffer limits
 391         */
 392        skb_set_owner_w(skb, sk);
 393
 394        return skb;
 395}
 396
 397static void ip6_nd_hdr(struct sk_buff *skb,
 398                       const struct in6_addr *saddr,
 399                       const struct in6_addr *daddr,
 400                       int hop_limit, int len)
 401{
 402        struct ipv6hdr *hdr;
 403
 404        skb_push(skb, sizeof(*hdr));
 405        skb_reset_network_header(skb);
 406        hdr = ipv6_hdr(skb);
 407
 408        ip6_flow_hdr(hdr, 0, 0);
 409
 410        hdr->payload_len = htons(len);
 411        hdr->nexthdr = IPPROTO_ICMPV6;
 412        hdr->hop_limit = hop_limit;
 413
 414        hdr->saddr = *saddr;
 415        hdr->daddr = *daddr;
 416}
 417
 418static void ndisc_send_skb(struct sk_buff *skb,
 419                           const struct in6_addr *daddr,
 420                           const struct in6_addr *saddr)
 421{
 422        struct dst_entry *dst = skb_dst(skb);
 423        struct net *net = dev_net(skb->dev);
 424        struct sock *sk = net->ipv6.ndisc_sk;
 425        struct inet6_dev *idev;
 426        int err;
 427        struct icmp6hdr *icmp6h = icmp6_hdr(skb);
 428        u8 type;
 429
 430        type = icmp6h->icmp6_type;
 431
 432        if (!dst) {
 433                struct flowi6 fl6;
 434
 435                icmpv6_flow_init(sk, &fl6, type, saddr, daddr, skb->dev->ifindex);
 436                dst = icmp6_dst_alloc(skb->dev, &fl6);
 437                if (IS_ERR(dst)) {
 438                        kfree_skb(skb);
 439                        return;
 440                }
 441
 442                skb_dst_set(skb, dst);
 443        }
 444
 445        icmp6h->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len,
 446                                              IPPROTO_ICMPV6,
 447                                              csum_partial(icmp6h,
 448                                                           skb->len, 0));
 449
 450        ip6_nd_hdr(skb, saddr, daddr, inet6_sk(sk)->hop_limit, skb->len);
 451
 452        rcu_read_lock();
 453        idev = __in6_dev_get(dst->dev);
 454        IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
 455
 456        err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev,
 457                      dst_output);
 458        if (!err) {
 459                ICMP6MSGOUT_INC_STATS(net, idev, type);
 460                ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
 461        }
 462
 463        rcu_read_unlock();
 464}
 465
 466void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
 467                   const struct in6_addr *daddr,
 468                   const struct in6_addr *solicited_addr,
 469                   bool router, bool solicited, bool override, bool inc_opt)
 470{
 471        struct sk_buff *skb;
 472        struct in6_addr tmpaddr;
 473        struct inet6_ifaddr *ifp;
 474        const struct in6_addr *src_addr;
 475        struct nd_msg *msg;
 476        int optlen = 0;
 477
 478        /* for anycast or proxy, solicited_addr != src_addr */
 479        ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
 480        if (ifp) {
 481                src_addr = solicited_addr;
 482                if (ifp->flags & IFA_F_OPTIMISTIC)
 483                        override = false;
 484                inc_opt |= ifp->idev->cnf.force_tllao;
 485                in6_ifa_put(ifp);
 486        } else {
 487                if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
 488                                       inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
 489                                       &tmpaddr))
 490                        return;
 491                src_addr = &tmpaddr;
 492        }
 493
 494        if (!dev->addr_len)
 495                inc_opt = 0;
 496        if (inc_opt)
 497                optlen += ndisc_opt_addr_space(dev);
 498
 499        skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
 500        if (!skb)
 501                return;
 502
 503        msg = (struct nd_msg *)skb_put(skb, sizeof(*msg));
 504        *msg = (struct nd_msg) {
 505                .icmph = {
 506                        .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
 507                        .icmp6_router = router,
 508                        .icmp6_solicited = solicited,
 509                        .icmp6_override = override,
 510                },
 511                .target = *solicited_addr,
 512        };
 513
 514        if (inc_opt)
 515                ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR,
 516                                       dev->dev_addr);
 517
 518
 519        ndisc_send_skb(skb, daddr, src_addr);
 520}
 521
 522static void ndisc_send_unsol_na(struct net_device *dev)
 523{
 524        struct inet6_dev *idev;
 525        struct inet6_ifaddr *ifa;
 526
 527        idev = in6_dev_get(dev);
 528        if (!idev)
 529                return;
 530
 531        read_lock_bh(&idev->lock);
 532        list_for_each_entry(ifa, &idev->addr_list, if_list) {
 533                ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &ifa->addr,
 534                              /*router=*/ !!idev->cnf.forwarding,
 535                              /*solicited=*/ false, /*override=*/ true,
 536                              /*inc_opt=*/ true);
 537        }
 538        read_unlock_bh(&idev->lock);
 539
 540        in6_dev_put(idev);
 541}
 542
 543void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh,
 544                   const struct in6_addr *solicit,
 545                   const struct in6_addr *daddr, const struct in6_addr *saddr)
 546{
 547        struct sk_buff *skb;
 548        struct in6_addr addr_buf;
 549        int inc_opt = dev->addr_len;
 550        int optlen = 0;
 551        struct nd_msg *msg;
 552
 553        if (saddr == NULL) {
 554                if (ipv6_get_lladdr(dev, &addr_buf,
 555                                   (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
 556                        return;
 557                saddr = &addr_buf;
 558        }
 559
 560        if (ipv6_addr_any(saddr))
 561                inc_opt = false;
 562        if (inc_opt)
 563                optlen += ndisc_opt_addr_space(dev);
 564
 565        skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
 566        if (!skb)
 567                return;
 568
 569        msg = (struct nd_msg *)skb_put(skb, sizeof(*msg));
 570        *msg = (struct nd_msg) {
 571                .icmph = {
 572                        .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
 573                },
 574                .target = *solicit,
 575        };
 576
 577        if (inc_opt)
 578                ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
 579                                       dev->dev_addr);
 580
 581        ndisc_send_skb(skb, daddr, saddr);
 582}
 583
 584void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
 585                   const struct in6_addr *daddr)
 586{
 587        struct sk_buff *skb;
 588        struct rs_msg *msg;
 589        int send_sllao = dev->addr_len;
 590        int optlen = 0;
 591
 592#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
 593        /*
 594         * According to section 2.2 of RFC 4429, we must not
 595         * send router solicitations with a sllao from
 596         * optimistic addresses, but we may send the solicitation
 597         * if we don't include the sllao.  So here we check
 598         * if our address is optimistic, and if so, we
 599         * suppress the inclusion of the sllao.
 600         */
 601        if (send_sllao) {
 602                struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
 603                                                           dev, 1);
 604                if (ifp) {
 605                        if (ifp->flags & IFA_F_OPTIMISTIC)  {
 606                                send_sllao = 0;
 607                        }
 608                        in6_ifa_put(ifp);
 609                } else {
 610                        send_sllao = 0;
 611                }
 612        }
 613#endif
 614        if (send_sllao)
 615                optlen += ndisc_opt_addr_space(dev);
 616
 617        skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
 618        if (!skb)
 619                return;
 620
 621        msg = (struct rs_msg *)skb_put(skb, sizeof(*msg));
 622        *msg = (struct rs_msg) {
 623                .icmph = {
 624                        .icmp6_type = NDISC_ROUTER_SOLICITATION,
 625                },
 626        };
 627
 628        if (send_sllao)
 629                ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
 630                                       dev->dev_addr);
 631
 632        ndisc_send_skb(skb, daddr, saddr);
 633}
 634
 635
 636static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
 637{
 638        /*
 639         *      "The sender MUST return an ICMP
 640         *       destination unreachable"
 641         */
 642        dst_link_failure(skb);
 643        kfree_skb(skb);
 644}
 645
 646/* Called with locked neigh: either read or both */
 647
 648static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
 649{
 650        struct in6_addr *saddr = NULL;
 651        struct in6_addr mcaddr;
 652        struct net_device *dev = neigh->dev;
 653        struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
 654        int probes = atomic_read(&neigh->probes);
 655
 656        if (skb && ipv6_chk_addr(dev_net(dev), &ipv6_hdr(skb)->saddr, dev, 1))
 657                saddr = &ipv6_hdr(skb)->saddr;
 658
 659        if ((probes -= neigh->parms->ucast_probes) < 0) {
 660                if (!(neigh->nud_state & NUD_VALID)) {
 661                        ND_PRINTK(1, dbg,
 662                                  "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
 663                                  __func__, target);
 664                }
 665                ndisc_send_ns(dev, neigh, target, target, saddr);
 666        } else if ((probes -= neigh->parms->app_probes) < 0) {
 667                neigh_app_ns(neigh);
 668        } else {
 669                addrconf_addr_solict_mult(target, &mcaddr);
 670                ndisc_send_ns(dev, NULL, target, &mcaddr, saddr);
 671        }
 672}
 673
 674static int pndisc_is_router(const void *pkey,
 675                            struct net_device *dev)
 676{
 677        struct pneigh_entry *n;
 678        int ret = -1;
 679
 680        read_lock_bh(&nd_tbl.lock);
 681        n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
 682        if (n)
 683                ret = !!(n->flags & NTF_ROUTER);
 684        read_unlock_bh(&nd_tbl.lock);
 685
 686        return ret;
 687}
 688
 689static void ndisc_recv_ns(struct sk_buff *skb)
 690{
 691        struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
 692        const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
 693        const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
 694        u8 *lladdr = NULL;
 695        u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
 696                                    offsetof(struct nd_msg, opt));
 697        struct ndisc_options ndopts;
 698        struct net_device *dev = skb->dev;
 699        struct inet6_ifaddr *ifp;
 700        struct inet6_dev *idev = NULL;
 701        struct neighbour *neigh;
 702        int dad = ipv6_addr_any(saddr);
 703        bool inc;
 704        int is_router = -1;
 705
 706        if (skb->len < sizeof(struct nd_msg)) {
 707                ND_PRINTK(2, warn, "NS: packet too short\n");
 708                return;
 709        }
 710
 711        if (ipv6_addr_is_multicast(&msg->target)) {
 712                ND_PRINTK(2, warn, "NS: multicast target address\n");
 713                return;
 714        }
 715
 716        /*
 717         * RFC2461 7.1.1:
 718         * DAD has to be destined for solicited node multicast address.
 719         */
 720        if (dad && !ipv6_addr_is_solict_mult(daddr)) {
 721                ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
 722                return;
 723        }
 724
 725        if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
 726                ND_PRINTK(2, warn, "NS: invalid ND options\n");
 727                return;
 728        }
 729
 730        if (ndopts.nd_opts_src_lladdr) {
 731                lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
 732                if (!lladdr) {
 733                        ND_PRINTK(2, warn,
 734                                  "NS: invalid link-layer address length\n");
 735                        return;
 736                }
 737
 738                /* RFC2461 7.1.1:
 739                 *      If the IP source address is the unspecified address,
 740                 *      there MUST NOT be source link-layer address option
 741                 *      in the message.
 742                 */
 743                if (dad) {
 744                        ND_PRINTK(2, warn,
 745                                  "NS: bad DAD packet (link-layer address option)\n");
 746                        return;
 747                }
 748        }
 749
 750        inc = ipv6_addr_is_multicast(daddr);
 751
 752        ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
 753        if (ifp) {
 754
 755                if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
 756                        if (dad) {
 757                                /*
 758                                 * We are colliding with another node
 759                                 * who is doing DAD
 760                                 * so fail our DAD process
 761                                 */
 762                                addrconf_dad_failure(ifp);
 763                                return;
 764                        } else {
 765                                /*
 766                                 * This is not a dad solicitation.
 767                                 * If we are an optimistic node,
 768                                 * we should respond.
 769                                 * Otherwise, we should ignore it.
 770                                 */
 771                                if (!(ifp->flags & IFA_F_OPTIMISTIC))
 772                                        goto out;
 773                        }
 774                }
 775
 776                idev = ifp->idev;
 777        } else {
 778                struct net *net = dev_net(dev);
 779
 780                idev = in6_dev_get(dev);
 781                if (!idev) {
 782                        /* XXX: count this drop? */
 783                        return;
 784                }
 785
 786                if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
 787                    (idev->cnf.forwarding &&
 788                     (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
 789                     (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
 790                        if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
 791                            skb->pkt_type != PACKET_HOST &&
 792                            inc &&
 793                            idev->nd_parms->proxy_delay != 0) {
 794                                /*
 795                                 * for anycast or proxy,
 796                                 * sender should delay its response
 797                                 * by a random time between 0 and
 798                                 * MAX_ANYCAST_DELAY_TIME seconds.
 799                                 * (RFC2461) -- yoshfuji
 800                                 */
 801                                struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
 802                                if (n)
 803                                        pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
 804                                goto out;
 805                        }
 806                } else
 807                        goto out;
 808        }
 809
 810        if (is_router < 0)
 811                is_router = idev->cnf.forwarding;
 812
 813        if (dad) {
 814                ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &msg->target,
 815                              !!is_router, false, (ifp != NULL), true);
 816                goto out;
 817        }
 818
 819        if (inc)
 820                NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
 821        else
 822                NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
 823
 824        /*
 825         *      update / create cache entry
 826         *      for the source address
 827         */
 828        neigh = __neigh_lookup(&nd_tbl, saddr, dev,
 829                               !inc || lladdr || !dev->addr_len);
 830        if (neigh)
 831                neigh_update(neigh, lladdr, NUD_STALE,
 832                             NEIGH_UPDATE_F_WEAK_OVERRIDE|
 833                             NEIGH_UPDATE_F_OVERRIDE);
 834        if (neigh || !dev->header_ops) {
 835                ndisc_send_na(dev, neigh, saddr, &msg->target,
 836                              !!is_router,
 837                              true, (ifp != NULL && inc), inc);
 838                if (neigh)
 839                        neigh_release(neigh);
 840        }
 841
 842out:
 843        if (ifp)
 844                in6_ifa_put(ifp);
 845        else
 846                in6_dev_put(idev);
 847}
 848
 849static void ndisc_recv_na(struct sk_buff *skb)
 850{
 851        struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
 852        const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
 853        const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
 854        u8 *lladdr = NULL;
 855        u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
 856                                    offsetof(struct nd_msg, opt));
 857        struct ndisc_options ndopts;
 858        struct net_device *dev = skb->dev;
 859        struct inet6_ifaddr *ifp;
 860        struct neighbour *neigh;
 861
 862        if (skb->len < sizeof(struct nd_msg)) {
 863                ND_PRINTK(2, warn, "NA: packet too short\n");
 864                return;
 865        }
 866
 867        if (ipv6_addr_is_multicast(&msg->target)) {
 868                ND_PRINTK(2, warn, "NA: target address is multicast\n");
 869                return;
 870        }
 871
 872        if (ipv6_addr_is_multicast(daddr) &&
 873            msg->icmph.icmp6_solicited) {
 874                ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
 875                return;
 876        }
 877
 878        if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
 879                ND_PRINTK(2, warn, "NS: invalid ND option\n");
 880                return;
 881        }
 882        if (ndopts.nd_opts_tgt_lladdr) {
 883                lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
 884                if (!lladdr) {
 885                        ND_PRINTK(2, warn,
 886                                  "NA: invalid link-layer address length\n");
 887                        return;
 888                }
 889        }
 890        ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
 891        if (ifp) {
 892                if (skb->pkt_type != PACKET_LOOPBACK
 893                    && (ifp->flags & IFA_F_TENTATIVE)) {
 894                                addrconf_dad_failure(ifp);
 895                                return;
 896                }
 897                /* What should we make now? The advertisement
 898                   is invalid, but ndisc specs say nothing
 899                   about it. It could be misconfiguration, or
 900                   an smart proxy agent tries to help us :-)
 901
 902                   We should not print the error if NA has been
 903                   received from loopback - it is just our own
 904                   unsolicited advertisement.
 905                 */
 906                if (skb->pkt_type != PACKET_LOOPBACK)
 907                        ND_PRINTK(1, warn,
 908                                  "NA: someone advertises our address %pI6 on %s!\n",
 909                                  &ifp->addr, ifp->idev->dev->name);
 910                in6_ifa_put(ifp);
 911                return;
 912        }
 913        neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
 914
 915        if (neigh) {
 916                u8 old_flags = neigh->flags;
 917                struct net *net = dev_net(dev);
 918
 919                if (neigh->nud_state & NUD_FAILED)
 920                        goto out;
 921
 922                /*
 923                 * Don't update the neighbor cache entry on a proxy NA from
 924                 * ourselves because either the proxied node is off link or it
 925                 * has already sent a NA to us.
 926                 */
 927                if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
 928                    net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
 929                    pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
 930                        /* XXX: idev->cnf.proxy_ndp */
 931                        goto out;
 932                }
 933
 934                neigh_update(neigh, lladdr,
 935                             msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
 936                             NEIGH_UPDATE_F_WEAK_OVERRIDE|
 937                             (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
 938                             NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
 939                             (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0));
 940
 941                if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
 942                        /*
 943                         * Change: router to host
 944                         */
 945                        struct rt6_info *rt;
 946                        rt = rt6_get_dflt_router(saddr, dev);
 947                        if (rt)
 948                                ip6_del_rt(rt);
 949                }
 950
 951out:
 952                neigh_release(neigh);
 953        }
 954}
 955
 956static void ndisc_recv_rs(struct sk_buff *skb)
 957{
 958        struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
 959        unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
 960        struct neighbour *neigh;
 961        struct inet6_dev *idev;
 962        const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
 963        struct ndisc_options ndopts;
 964        u8 *lladdr = NULL;
 965
 966        if (skb->len < sizeof(*rs_msg))
 967                return;
 968
 969        idev = __in6_dev_get(skb->dev);
 970        if (!idev) {
 971                ND_PRINTK(1, err, "RS: can't find in6 device\n");
 972                return;
 973        }
 974
 975        /* Don't accept RS if we're not in router mode */
 976        if (!idev->cnf.forwarding)
 977                goto out;
 978
 979        /*
 980         * Don't update NCE if src = ::;
 981         * this implies that the source node has no ip address assigned yet.
 982         */
 983        if (ipv6_addr_any(saddr))
 984                goto out;
 985
 986        /* Parse ND options */
 987        if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) {
 988                ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n");
 989                goto out;
 990        }
 991
 992        if (ndopts.nd_opts_src_lladdr) {
 993                lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
 994                                             skb->dev);
 995                if (!lladdr)
 996                        goto out;
 997        }
 998
 999        neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1000        if (neigh) {

1001                neigh_update(neigh, lladdr, NUD_STALE,
1002                             NEIGH_UPDATE_F_WEAK_OVERRIDE|
1003                             NEIGH_UPDATE_F_OVERRIDE|
1004                             NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
1005                neigh_release(neigh);
1006        }
1007out:
1008        return;
1009}
1010
1011static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1012{
1013        struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1014        struct sk_buff *skb;
1015        struct nlmsghdr *nlh;
1016        struct nduseroptmsg *ndmsg;
1017        struct net *net = dev_net(ra->dev);
1018        int err;
1019        int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1020                                    + (opt->nd_opt_len << 3));
1021        size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1022
1023        skb = nlmsg_new(msg_size, GFP_ATOMIC);
1024        if (skb == NULL) {
1025                err = -ENOBUFS;
1026                goto errout;
1027        }
1028
1029        nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1030        if (nlh == NULL) {
1031                goto nla_put_failure;
1032        }
1033
1034        ndmsg = nlmsg_data(nlh);
1035        ndmsg->nduseropt_family = AF_INET6;
1036        ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1037        ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1038        ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1039        ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1040
1041        memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1042
1043        if (nla_put(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr),
1044                    &ipv6_hdr(ra)->saddr))
1045                goto nla_put_failure;
1046        nlmsg_end(skb, nlh);
1047
1048        rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1049        return;
1050
1051nla_put_failure:
1052        nlmsg_free(skb);
1053        err = -EMSGSIZE;
1054errout:
1055        rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1056}
1057
1058static void ndisc_router_discovery(struct sk_buff *skb)
1059{
1060        struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1061        struct neighbour *neigh = NULL;
1062        struct inet6_dev *in6_dev;
1063        struct rt6_info *rt = NULL;
1064        int lifetime;
1065        struct ndisc_options ndopts;
1066        int optlen;
1067        unsigned int pref = 0;
1068
1069        __u8 * opt = (__u8 *)(ra_msg + 1);
1070
1071        optlen = (skb_tail_pointer(skb) - skb_transport_header(skb)) -
1072                sizeof(struct ra_msg);
1073
1074        if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1075                ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1076                return;
1077        }
1078        if (optlen < 0) {
1079                ND_PRINTK(2, warn, "RA: packet too short\n");
1080                return;
1081        }
1082
1083#ifdef CONFIG_IPV6_NDISC_NODETYPE
1084        if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1085                ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
1086                return;
1087        }
1088#endif
1089
1090        /*
1091         *      set the RA_RECV flag in the interface
1092         */
1093
1094        in6_dev = __in6_dev_get(skb->dev);
1095        if (in6_dev == NULL) {
1096                ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1097                          skb->dev->name);
1098                return;
1099        }
1100
1101        if (!ndisc_parse_options(opt, optlen, &ndopts)) {
1102                ND_PRINTK(2, warn, "RA: invalid ND options\n");
1103                return;
1104        }
1105
1106        if (!ipv6_accept_ra(in6_dev))
1107                goto skip_linkparms;
1108
1109#ifdef CONFIG_IPV6_NDISC_NODETYPE
1110        /* skip link-specific parameters from interior routers */
1111        if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1112                goto skip_linkparms;
1113#endif
1114
1115        if (in6_dev->if_flags & IF_RS_SENT) {
1116                /*
1117                 *      flag that an RA was received after an RS was sent
1118                 *      out on this interface.
1119                 */
1120                in6_dev->if_flags |= IF_RA_RCVD;
1121        }
1122
1123        /*
1124         * Remember the managed/otherconf flags from most recently
1125         * received RA message (RFC 2462) -- yoshfuji
1126         */
1127        in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1128                                IF_RA_OTHERCONF)) |
1129                                (ra_msg->icmph.icmp6_addrconf_managed ?
1130                                        IF_RA_MANAGED : 0) |
1131                                (ra_msg->icmph.icmp6_addrconf_other ?
1132                                        IF_RA_OTHERCONF : 0);
1133
1134        if (!in6_dev->cnf.accept_ra_defrtr)
1135                goto skip_defrtr;
1136
1137        if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0))
1138                goto skip_defrtr;
1139
1140        lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1141
1142#ifdef CONFIG_IPV6_ROUTER_PREF
1143        pref = ra_msg->icmph.icmp6_router_pref;
1144        /* 10b is handled as if it were 00b (medium) */
1145        if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1146            !in6_dev->cnf.accept_ra_rtr_pref)
1147                pref = ICMPV6_ROUTER_PREF_MEDIUM;
1148#endif
1149
1150        rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1151
1152        if (rt) {
1153                neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1154                if (!neigh) {
1155                        ND_PRINTK(0, err,
1156                                  "RA: %s got default router without neighbour\n",
1157                                  __func__);
1158                        ip6_rt_put(rt);
1159                        return;
1160                }
1161        }
1162        if (rt && lifetime == 0) {
1163                ip6_del_rt(rt);
1164                rt = NULL;
1165        }
1166
1167        if (rt == NULL && lifetime) {
1168                ND_PRINTK(3, dbg, "RA: adding default router\n");
1169
1170                rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
1171                if (rt == NULL) {
1172                        ND_PRINTK(0, err,
1173                                  "RA: %s failed to add default route\n",
1174                                  __func__);
1175                        return;
1176                }
1177
1178                neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1179                if (neigh == NULL) {
1180                        ND_PRINTK(0, err,
1181                                  "RA: %s got default router without neighbour\n",
1182                                  __func__);
1183                        ip6_rt_put(rt);
1184                        return;
1185                }
1186                neigh->flags |= NTF_ROUTER;
1187        } else if (rt) {
1188                rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1189        }
1190
1191        if (rt)
1192                rt6_set_expires(rt, jiffies + (HZ * lifetime));
1193        if (ra_msg->icmph.icmp6_hop_limit) {
1194                in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1195                if (rt)
1196                        dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
1197                                       ra_msg->icmph.icmp6_hop_limit);
1198        }
1199
1200skip_defrtr:
1201
1202        /*
1203         *      Update Reachable Time and Retrans Timer
1204         */
1205
1206        if (in6_dev->nd_parms) {
1207                unsigned long rtime = ntohl(ra_msg->retrans_timer);
1208
1209                if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1210                        rtime = (rtime*HZ)/1000;
1211                        if (rtime < HZ/10)
1212                                rtime = HZ/10;
1213                        in6_dev->nd_parms->retrans_time = rtime;
1214                        in6_dev->tstamp = jiffies;
1215                        inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1216                }
1217
1218                rtime = ntohl(ra_msg->reachable_time);
1219                if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1220                        rtime = (rtime*HZ)/1000;
1221
1222                        if (rtime < HZ/10)
1223                                rtime = HZ/10;
1224
1225                        if (rtime != in6_dev->nd_parms->base_reachable_time) {
1226                                in6_dev->nd_parms->base_reachable_time = rtime;
1227                                in6_dev->nd_parms->gc_staletime = 3 * rtime;
1228                                in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1229                                in6_dev->tstamp = jiffies;
1230                                inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1231                        }
1232                }
1233        }
1234
1235skip_linkparms:
1236
1237        /*
1238         *      Process options.
1239         */
1240
1241        if (!neigh)
1242                neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1243                                       skb->dev, 1);
1244        if (neigh) {
1245                u8 *lladdr = NULL;
1246                if (ndopts.nd_opts_src_lladdr) {
1247                        lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1248                                                     skb->dev);
1249                        if (!lladdr) {
1250                                ND_PRINTK(2, warn,
1251                                          "RA: invalid link-layer address length\n");
1252                                goto out;
1253                        }
1254                }
1255                neigh_update(neigh, lladdr, NUD_STALE,
1256                             NEIGH_UPDATE_F_WEAK_OVERRIDE|
1257                             NEIGH_UPDATE_F_OVERRIDE|
1258                             NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1259                             NEIGH_UPDATE_F_ISROUTER);
1260        }
1261
1262        if (!ipv6_accept_ra(in6_dev))
1263                goto out;
1264
1265#ifdef CONFIG_IPV6_ROUTE_INFO
1266        if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0))
1267                goto skip_routeinfo;
1268
1269        if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1270                struct nd_opt_hdr *p;
1271                for (p = ndopts.nd_opts_ri;
1272                     p;
1273                     p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1274                        struct route_info *ri = (struct route_info *)p;
1275#ifdef CONFIG_IPV6_NDISC_NODETYPE
1276                        if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1277                            ri->prefix_len == 0)
1278                                continue;
1279#endif
1280                        if (ri->prefix_len == 0 &&
1281                            !in6_dev->cnf.accept_ra_defrtr)
1282                                continue;
1283                        if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1284                                continue;
1285                        rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3,
1286                                      &ipv6_hdr(skb)->saddr);
1287                }
1288        }
1289
1290skip_routeinfo:
1291#endif
1292
1293#ifdef CONFIG_IPV6_NDISC_NODETYPE
1294        /* skip link-specific ndopts from interior routers */
1295        if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1296                goto out;
1297#endif
1298
1299        if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1300                struct nd_opt_hdr *p;
1301                for (p = ndopts.nd_opts_pi;
1302                     p;
1303                     p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1304                        addrconf_prefix_rcv(skb->dev, (u8 *)p,
1305                                            (p->nd_opt_len) << 3,
1306                                            ndopts.nd_opts_src_lladdr != NULL);
1307                }
1308        }
1309
1310        if (ndopts.nd_opts_mtu) {
1311                __be32 n;
1312                u32 mtu;
1313
1314                memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1315                mtu = ntohl(n);
1316
1317                if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1318                        ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1319                } else if (in6_dev->cnf.mtu6 != mtu) {
1320                        in6_dev->cnf.mtu6 = mtu;
1321
1322                        if (rt)
1323                                dst_metric_set(&rt->dst, RTAX_MTU, mtu);
1324
1325                        rt6_mtu_change(skb->dev, mtu);
1326                }
1327        }
1328
1329        if (ndopts.nd_useropts) {
1330                struct nd_opt_hdr *p;
1331                for (p = ndopts.nd_useropts;
1332                     p;
1333                     p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) {
1334                        ndisc_ra_useropt(skb, p);
1335                }
1336        }
1337
1338        if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1339                ND_PRINTK(2, warn, "RA: invalid RA options\n");
1340        }
1341out:
1342        ip6_rt_put(rt);
1343        if (neigh)
1344                neigh_release(neigh);
1345}
1346
1347static void ndisc_redirect_rcv(struct sk_buff *skb)
1348{
1349        u8 *hdr;
1350        struct ndisc_options ndopts;
1351        struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb);
1352        u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
1353                                    offsetof(struct rd_msg, opt));
1354
1355#ifdef CONFIG_IPV6_NDISC_NODETYPE
1356        switch (skb->ndisc_nodetype) {
1357        case NDISC_NODETYPE_HOST:
1358        case NDISC_NODETYPE_NODEFAULT:
1359                ND_PRINTK(2, warn,
1360                          "Redirect: from host or unauthorized router\n");
1361                return;
1362        }
1363#endif
1364
1365        if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1366                ND_PRINTK(2, warn,
1367                          "Redirect: source address is not link-local\n");
1368                return;
1369        }
1370
1371        if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts))
1372                return;
1373
1374        if (!ndopts.nd_opts_rh) {
1375                ip6_redirect_no_header(skb, dev_net(skb->dev),
1376                                        skb->dev->ifindex, 0);
1377                return;
1378        }
1379
1380        hdr = (u8 *)ndopts.nd_opts_rh;
1381        hdr += 8;
1382        if (!pskb_pull(skb, hdr - skb_transport_header(skb)))
1383                return;
1384
1385        icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1386}
1387
1388static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb,
1389                                           struct sk_buff *orig_skb,
1390                                           int rd_len)
1391{
1392        u8 *opt = skb_put(skb, rd_len);
1393
1394        memset(opt, 0, 8);
1395        *(opt++) = ND_OPT_REDIRECT_HDR;
1396        *(opt++) = (rd_len >> 3);
1397        opt += 6;
1398
1399        memcpy(opt, ipv6_hdr(orig_skb), rd_len - 8);
1400}
1401
1402void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1403{
1404        struct net_device *dev = skb->dev;
1405        struct net *net = dev_net(dev);
1406        struct sock *sk = net->ipv6.ndisc_sk;
1407        int optlen = 0;
1408        struct inet_peer *peer;
1409        struct sk_buff *buff;
1410        struct rd_msg *msg;
1411        struct in6_addr saddr_buf;
1412        struct rt6_info *rt;
1413        struct dst_entry *dst;
1414        struct flowi6 fl6;
1415        int rd_len;
1416        u8 ha_buf[MAX_ADDR_LEN], *ha = NULL;
1417        bool ret;
1418
1419        if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1420                ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1421                          dev->name);
1422                return;
1423        }
1424
1425        if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1426            ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1427                ND_PRINTK(2, warn,
1428                          "Redirect: target address is not link-local unicast\n");
1429                return;
1430        }
1431
1432        icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1433                         &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1434
1435        dst = ip6_route_output(net, NULL, &fl6);
1436        if (dst->error) {
1437                dst_release(dst);
1438                return;
1439        }
1440        dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1441        if (IS_ERR(dst))
1442                return;
1443
1444        rt = (struct rt6_info *) dst;
1445
1446        if (rt->rt6i_flags & RTF_GATEWAY) {
1447                ND_PRINTK(2, warn,
1448                          "Redirect: destination is not a neighbour\n");
1449                goto release;
1450        }
1451        peer = inet_getpeer_v6(net->ipv6.peers, &rt->rt6i_dst.addr, 1);
1452        ret = inet_peer_xrlim_allow(peer, 1*HZ);
1453        if (peer)
1454                inet_putpeer(peer);
1455        if (!ret)
1456                goto release;
1457
1458        if (dev->addr_len) {
1459                struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1460                if (!neigh) {
1461                        ND_PRINTK(2, warn,
1462                                  "Redirect: no neigh for target address\n");
1463                        goto release;
1464                }
1465
1466                read_lock_bh(&neigh->lock);
1467                if (neigh->nud_state & NUD_VALID) {
1468                        memcpy(ha_buf, neigh->ha, dev->addr_len);
1469                        read_unlock_bh(&neigh->lock);
1470                        ha = ha_buf;
1471                        optlen += ndisc_opt_addr_space(dev);
1472                } else
1473                        read_unlock_bh(&neigh->lock);
1474
1475                neigh_release(neigh);
1476        }
1477
1478        rd_len = min_t(unsigned int,
1479                       IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen,
1480                       skb->len + 8);
1481        rd_len &= ~0x7;
1482        optlen += rd_len;
1483
1484        buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
1485        if (!buff)
1486                goto release;
1487
1488        msg = (struct rd_msg *)skb_put(buff, sizeof(*msg));
1489        *msg = (struct rd_msg) {
1490                .icmph = {
1491                        .icmp6_type = NDISC_REDIRECT,
1492                },
1493                .target = *target,
1494                .dest = ipv6_hdr(skb)->daddr,
1495        };
1496
1497        /*
1498         *      include target_address option
1499         */
1500
1501        if (ha)
1502                ndisc_fill_addr_option(buff, ND_OPT_TARGET_LL_ADDR, ha);
1503
1504        /*
1505         *      build redirect option and copy skb over to the new packet.
1506         */
1507
1508        if (rd_len)
1509                ndisc_fill_redirect_hdr_option(buff, skb, rd_len);
1510
1511        skb_dst_set(buff, dst);
1512        ndisc_send_skb(buff, &ipv6_hdr(skb)->saddr, &saddr_buf);
1513        return;
1514
1515release:
1516        dst_release(dst);
1517}
1518
1519static void pndisc_redo(struct sk_buff *skb)
1520{
1521        ndisc_recv_ns(skb);
1522        kfree_skb(skb);
1523}
1524
1525static bool ndisc_suppress_frag_ndisc(struct sk_buff *skb)
1526{
1527        struct inet6_dev *idev = __in6_dev_get(skb->dev);
1528
1529        if (!idev)
1530                return true;
1531        if (IP6CB(skb)->flags & IP6SKB_FRAGMENTED &&
1532            idev->cnf.suppress_frag_ndisc) {
1533                net_warn_ratelimited("Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.\n");
1534                return true;
1535        }
1536        return false;
1537}
1538
1539int ndisc_rcv(struct sk_buff *skb)
1540{
1541        struct nd_msg *msg;
1542
1543        if (ndisc_suppress_frag_ndisc(skb))
1544                return 0;
1545
1546        if (skb_linearize(skb))
1547                return 0;
1548
1549        msg = (struct nd_msg *)skb_transport_header(skb);
1550
1551        __skb_push(skb, skb->data - skb_transport_header(skb));
1552
1553        if (ipv6_hdr(skb)->hop_limit != 255) {
1554                ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1555                          ipv6_hdr(skb)->hop_limit);
1556                return 0;
1557        }
1558
1559        if (msg->icmph.icmp6_code != 0) {
1560                ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1561                          msg->icmph.icmp6_code);
1562                return 0;
1563        }
1564
1565        memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1566
1567        switch (msg->icmph.icmp6_type) {
1568        case NDISC_NEIGHBOUR_SOLICITATION:
1569                ndisc_recv_ns(skb);
1570                break;
1571
1572        case NDISC_NEIGHBOUR_ADVERTISEMENT:
1573                ndisc_recv_na(skb);
1574                break;
1575
1576        case NDISC_ROUTER_SOLICITATION:
1577                ndisc_recv_rs(skb);
1578                break;
1579
1580        case NDISC_ROUTER_ADVERTISEMENT:
1581                ndisc_router_discovery(skb);
1582                break;
1583
1584        case NDISC_REDIRECT:
1585                ndisc_redirect_rcv(skb);
1586                break;
1587        }
1588
1589        return 0;
1590}
1591
1592static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1593{
1594        struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1595        struct net *net = dev_net(dev);
1596        struct inet6_dev *idev;
1597
1598        switch (event) {
1599        case NETDEV_CHANGEADDR:
1600                neigh_changeaddr(&nd_tbl, dev);
1601                fib6_run_gc(0, net, false);
1602                idev = in6_dev_get(dev);
1603                if (!idev)
1604                        break;
1605                if (idev->cnf.ndisc_notify)
1606                        ndisc_send_unsol_na(dev);
1607                in6_dev_put(idev);
1608                break;
1609        case NETDEV_DOWN:
1610                neigh_ifdown(&nd_tbl, dev);
1611                fib6_run_gc(0, net, false);
1612                break;
1613        case NETDEV_NOTIFY_PEERS:
1614                ndisc_send_unsol_na(dev);
1615                break;
1616        default:
1617                break;
1618        }
1619
1620        return NOTIFY_DONE;
1621}
1622
1623static struct notifier_block ndisc_netdev_notifier = {
1624        .notifier_call = ndisc_netdev_event,
1625};
1626
1627#ifdef CONFIG_SYSCTL
1628static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1629                                         const char *func, const char *dev_name)
1630{
1631        static char warncomm[TASK_COMM_LEN];
1632        static int warned;
1633        if (strcmp(warncomm, current->comm) && warned < 5) {
1634                strcpy(warncomm, current->comm);
1635                pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1636                        warncomm, func,
1637                        dev_name, ctl->procname,
1638                        dev_name, ctl->procname);
1639                warned++;
1640        }
1641}
1642
1643int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
1644{
1645        struct net_device *dev = ctl->extra1;
1646        struct inet6_dev *idev;
1647        int ret;
1648
1649        if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1650            (strcmp(ctl->procname, "base_reachable_time") == 0))
1651                ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1652
1653        if (strcmp(ctl->procname, "retrans_time") == 0)
1654                ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
1655
1656        else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1657                ret = proc_dointvec_jiffies(ctl, write,
1658                                            buffer, lenp, ppos);
1659
1660        else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1661                 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1662                ret = proc_dointvec_ms_jiffies(ctl, write,
1663                                               buffer, lenp, ppos);
1664        else
1665                ret = -1;
1666
1667        if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1668                if (ctl->data == &idev->nd_parms->base_reachable_time)
1669                        idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time);
1670                idev->tstamp = jiffies;
1671                inet6_ifinfo_notify(RTM_NEWLINK, idev);
1672                in6_dev_put(idev);
1673        }
1674        return ret;
1675}
1676
1677
1678#endif
1679
1680static int __net_init ndisc_net_init(struct net *net)
1681{
1682        struct ipv6_pinfo *np;
1683        struct sock *sk;
1684        int err;
1685
1686        err = inet_ctl_sock_create(&sk, PF_INET6,
1687                                   SOCK_RAW, IPPROTO_ICMPV6, net);
1688        if (err < 0) {
1689                ND_PRINTK(0, err,
1690                          "NDISC: Failed to initialize the control socket (err %d)\n",
1691                          err);
1692                return err;
1693        }
1694
1695        net->ipv6.ndisc_sk = sk;
1696
1697        np = inet6_sk(sk);
1698        np->hop_limit = 255;
1699        /* Do not loopback ndisc messages */
1700        np->mc_loop = 0;
1701
1702        return 0;
1703}
1704
1705static void __net_exit ndisc_net_exit(struct net *net)
1706{
1707        inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1708}
1709
1710static struct pernet_operations ndisc_net_ops = {
1711        .init = ndisc_net_init,
1712        .exit = ndisc_net_exit,
1713};
1714
1715int __init ndisc_init(void)
1716{
1717        int err;
1718
1719        err = register_pernet_subsys(&ndisc_net_ops);
1720        if (err)
1721                return err;
1722        /*
1723         * Initialize the neighbour table
1724         */
1725        neigh_table_init(&nd_tbl);
1726
1727#ifdef CONFIG_SYSCTL
1728        err = neigh_sysctl_register(NULL, &nd_tbl.parms, "ipv6",
1729                                    &ndisc_ifinfo_sysctl_change);
1730        if (err)
1731                goto out_unregister_pernet;
1732out:
1733#endif
1734        return err;
1735
1736#ifdef CONFIG_SYSCTL
1737out_unregister_pernet:
1738        unregister_pernet_subsys(&ndisc_net_ops);
1739        goto out;
1740#endif
1741}
1742
1743int __init ndisc_late_init(void)
1744{
1745        return register_netdevice_notifier(&ndisc_netdev_notifier);
1746}
1747
1748void ndisc_late_cleanup(void)
1749{
1750        unregister_netdevice_notifier(&ndisc_netdev_notifier);
1751}
1752
1753void ndisc_cleanup(void)
1754{
1755#ifdef CONFIG_SYSCTL
1756        neigh_sysctl_unregister(&nd_tbl.parms);
1757#endif
1758        neigh_table_clear(&nd_tbl);
1759        unregister_pernet_subsys(&ndisc_net_ops);
1760}
1761