1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30#define pr_fmt(fmt) "ICMPv6: " fmt
31
32#include <linux/module.h>
33#include <linux/errno.h>
34#include <linux/types.h>
35#include <linux/socket.h>
36#include <linux/sockios.h>
37#include <linux/sched.h>
38#include <linux/net.h>
39#include <linux/in6.h>
40#include <linux/route.h>
41#include <linux/init.h>
42#include <linux/rcupdate.h>
43#include <linux/slab.h>
44#ifdef CONFIG_SYSCTL
45#include <linux/sysctl.h>
46#endif
47
48#include <linux/if_addr.h>
49#include <linux/if_arp.h>
50#include <linux/ipv6.h>
51#include <linux/icmpv6.h>
52#include <linux/jhash.h>
53
54#include <net/sock.h>
55#include <net/snmp.h>
56
57#include <net/ipv6.h>
58#include <net/protocol.h>
59#include <net/ndisc.h>
60#include <net/ip6_route.h>
61#include <net/addrconf.h>
62#include <net/icmp.h>
63
64#include <net/netlink.h>
65#include <linux/rtnetlink.h>
66
67#include <net/flow.h>
68#include <net/ip6_checksum.h>
69#include <net/inet_common.h>
70#include <linux/proc_fs.h>
71
72#include <linux/netfilter.h>
73#include <linux/netfilter_ipv6.h>
74
75
76#define ND_DEBUG 1
77
78#define ND_PRINTK(val, level, fmt, ...) \
79do { \
80 if (val <= ND_DEBUG) \
81 net_##level##_ratelimited(fmt, ##__VA_ARGS__); \
82} while (0)
83
84static u32 ndisc_hash(const void *pkey,
85 const struct net_device *dev,
86 __u32 *hash_rnd);
87static int ndisc_constructor(struct neighbour *neigh);
88static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
89static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
90static int pndisc_constructor(struct pneigh_entry *n);
91static void pndisc_destructor(struct pneigh_entry *n);
92static void pndisc_redo(struct sk_buff *skb);
93
94static const struct neigh_ops ndisc_generic_ops = {
95 .family = AF_INET6,
96 .solicit = ndisc_solicit,
97 .error_report = ndisc_error_report,
98 .output = neigh_resolve_output,
99 .connected_output = neigh_connected_output,
100};
101
102static const struct neigh_ops ndisc_hh_ops = {
103 .family = AF_INET6,
104 .solicit = ndisc_solicit,
105 .error_report = ndisc_error_report,
106 .output = neigh_resolve_output,
107 .connected_output = neigh_resolve_output,
108};
109
110
111static const struct neigh_ops ndisc_direct_ops = {
112 .family = AF_INET6,
113 .output = neigh_direct_output,
114 .connected_output = neigh_direct_output,
115};
116
117struct neigh_table nd_tbl = {
118 .family = AF_INET6,
119 .key_len = sizeof(struct in6_addr),
120 .hash = ndisc_hash,
121 .constructor = ndisc_constructor,
122 .pconstructor = pndisc_constructor,
123 .pdestructor = pndisc_destructor,
124 .proxy_redo = pndisc_redo,
125 .id = "ndisc_cache",
126 .parms = {
127 .tbl = &nd_tbl,
128 .reachable_time = ND_REACHABLE_TIME,
129 .data = {
130 [NEIGH_VAR_MCAST_PROBES] = 3,
131 [NEIGH_VAR_UCAST_PROBES] = 3,
132 [NEIGH_VAR_RETRANS_TIME] = ND_RETRANS_TIMER,
133 [NEIGH_VAR_BASE_REACHABLE_TIME] = ND_REACHABLE_TIME,
134 [NEIGH_VAR_DELAY_PROBE_TIME] = 5 * HZ,
135 [NEIGH_VAR_GC_STALETIME] = 60 * HZ,
136 [NEIGH_VAR_QUEUE_LEN_BYTES] = 64 * 1024,
137 [NEIGH_VAR_PROXY_QLEN] = 64,
138 [NEIGH_VAR_ANYCAST_DELAY] = 1 * HZ,
139 [NEIGH_VAR_PROXY_DELAY] = (8 * HZ) / 10,
140 },
141 },
142 .gc_interval = 30 * HZ,
143 .gc_thresh1 = 128,
144 .gc_thresh2 = 512,
145 .gc_thresh3 = 1024,
146};
147
148static void ndisc_fill_addr_option(struct sk_buff *skb, int type, void *data)
149{
150 int pad = ndisc_addr_option_pad(skb->dev->type);
151 int data_len = skb->dev->addr_len;
152 int space = ndisc_opt_addr_space(skb->dev);
153 u8 *opt = skb_put(skb, space);
154
155 opt[0] = type;
156 opt[1] = space>>3;
157
158 memset(opt + 2, 0, pad);
159 opt += pad;
160 space -= pad;
161
162 memcpy(opt+2, data, data_len);
163 data_len += 2;
164 opt += data_len;
165 if ((space -= data_len) > 0)
166 memset(opt, 0, space);
167}
168
169static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
170 struct nd_opt_hdr *end)
171{
172 int type;
173 if (!cur || !end || cur >= end)
174 return NULL;
175 type = cur->nd_opt_type;
176 do {
177 cur = ((void *)cur) + (cur->nd_opt_len << 3);
178 } while (cur < end && cur->nd_opt_type != type);
179 return cur <= end && cur->nd_opt_type == type ? cur : NULL;
180}
181
182static inline int ndisc_is_useropt(struct nd_opt_hdr *opt)
183{
184 return opt->nd_opt_type == ND_OPT_RDNSS ||
185 opt->nd_opt_type == ND_OPT_DNSSL;
186}
187
188static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur,
189 struct nd_opt_hdr *end)
190{
191 if (!cur || !end || cur >= end)
192 return NULL;
193 do {
194 cur = ((void *)cur) + (cur->nd_opt_len << 3);
195 } while (cur < end && !ndisc_is_useropt(cur));
196 return cur <= end && ndisc_is_useropt(cur) ? cur : NULL;
197}
198
199struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
200 struct ndisc_options *ndopts)
201{
202 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
203
204 if (!nd_opt || opt_len < 0 || !ndopts)
205 return NULL;
206 memset(ndopts, 0, sizeof(*ndopts));
207 while (opt_len) {
208 int l;
209 if (opt_len < sizeof(struct nd_opt_hdr))
210 return NULL;
211 l = nd_opt->nd_opt_len << 3;
212 if (opt_len < l || l == 0)
213 return NULL;
214 switch (nd_opt->nd_opt_type) {
215 case ND_OPT_SOURCE_LL_ADDR:
216 case ND_OPT_TARGET_LL_ADDR:
217 case ND_OPT_MTU:
218 case ND_OPT_REDIRECT_HDR:
219 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
220 ND_PRINTK(2, warn,
221 "%s: duplicated ND6 option found: type=%d\n",
222 __func__, nd_opt->nd_opt_type);
223 } else {
224 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
225 }
226 break;
227 case ND_OPT_PREFIX_INFO:
228 ndopts->nd_opts_pi_end = nd_opt;
229 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
230 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
231 break;
232#ifdef CONFIG_IPV6_ROUTE_INFO
233 case ND_OPT_ROUTE_INFO:
234 ndopts->nd_opts_ri_end = nd_opt;
235 if (!ndopts->nd_opts_ri)
236 ndopts->nd_opts_ri = nd_opt;
237 break;
238#endif
239 default:
240 if (ndisc_is_useropt(nd_opt)) {
241 ndopts->nd_useropts_end = nd_opt;
242 if (!ndopts->nd_useropts)
243 ndopts->nd_useropts = nd_opt;
244 } else {
245
246
247
248
249
250 ND_PRINTK(2, notice,
251 "%s: ignored unsupported option; type=%d, len=%d\n",
252 __func__,
253 nd_opt->nd_opt_type,
254 nd_opt->nd_opt_len);
255 }
256 }
257 opt_len -= l;
258 nd_opt = ((void *)nd_opt) + l;
259 }
260 return ndopts;
261}
262
263int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
264{
265 switch (dev->type) {
266 case ARPHRD_ETHER:
267 case ARPHRD_IEEE802:
268 case ARPHRD_FDDI:
269 ipv6_eth_mc_map(addr, buf);
270 return 0;
271 case ARPHRD_ARCNET:
272 ipv6_arcnet_mc_map(addr, buf);
273 return 0;
274 case ARPHRD_INFINIBAND:
275 ipv6_ib_mc_map(addr, dev->broadcast, buf);
276 return 0;
277 case ARPHRD_IPGRE:
278 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
279 default:
280 if (dir) {
281 memcpy(buf, dev->broadcast, dev->addr_len);
282 return 0;
283 }
284 }
285 return -EINVAL;
286}
287EXPORT_SYMBOL(ndisc_mc_map);
288
289static u32 ndisc_hash(const void *pkey,
290 const struct net_device *dev,
291 __u32 *hash_rnd)
292{
293 return ndisc_hashfn(pkey, dev, hash_rnd);
294}
295
296static int ndisc_constructor(struct neighbour *neigh)
297{
298 struct in6_addr *addr = (struct in6_addr *)&neigh->primary_key;
299 struct net_device *dev = neigh->dev;
300 struct inet6_dev *in6_dev;
301 struct neigh_parms *parms;
302 bool is_multicast = ipv6_addr_is_multicast(addr);
303
304 in6_dev = in6_dev_get(dev);
305 if (in6_dev == NULL) {
306 return -EINVAL;
307 }
308
309 parms = in6_dev->nd_parms;
310 __neigh_parms_put(neigh->parms);
311 neigh->parms = neigh_parms_clone(parms);
312
313 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
314 if (!dev->header_ops) {
315 neigh->nud_state = NUD_NOARP;
316 neigh->ops = &ndisc_direct_ops;
317 neigh->output = neigh_direct_output;
318 } else {
319 if (is_multicast) {
320 neigh->nud_state = NUD_NOARP;
321 ndisc_mc_map(addr, neigh->ha, dev, 1);
322 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
323 neigh->nud_state = NUD_NOARP;
324 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
325 if (dev->flags&IFF_LOOPBACK)
326 neigh->type = RTN_LOCAL;
327 } else if (dev->flags&IFF_POINTOPOINT) {
328 neigh->nud_state = NUD_NOARP;
329 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
330 }
331 if (dev->header_ops->cache)
332 neigh->ops = &ndisc_hh_ops;
333 else
334 neigh->ops = &ndisc_generic_ops;
335 if (neigh->nud_state&NUD_VALID)
336 neigh->output = neigh->ops->connected_output;
337 else
338 neigh->output = neigh->ops->output;
339 }
340 in6_dev_put(in6_dev);
341 return 0;
342}
343
344static int pndisc_constructor(struct pneigh_entry *n)
345{
346 struct in6_addr *addr = (struct in6_addr *)&n->key;
347 struct in6_addr maddr;
348 struct net_device *dev = n->dev;
349
350 if (dev == NULL || __in6_dev_get(dev) == NULL)
351 return -EINVAL;
352 addrconf_addr_solict_mult(addr, &maddr);
353 ipv6_dev_mc_inc(dev, &maddr);
354 return 0;
355}
356
357static void pndisc_destructor(struct pneigh_entry *n)
358{
359 struct in6_addr *addr = (struct in6_addr *)&n->key;
360 struct in6_addr maddr;
361 struct net_device *dev = n->dev;
362
363 if (dev == NULL || __in6_dev_get(dev) == NULL)
364 return;
365 addrconf_addr_solict_mult(addr, &maddr);
366 ipv6_dev_mc_dec(dev, &maddr);
367}
368
369static struct sk_buff *ndisc_alloc_skb(struct net_device *dev,
370 int len)
371{
372 int hlen = LL_RESERVED_SPACE(dev);
373 int tlen = dev->needed_tailroom;
374 struct sock *sk = dev_net(dev)->ipv6.ndisc_sk;
375 struct sk_buff *skb;
376
377 skb = alloc_skb(hlen + sizeof(struct ipv6hdr) + len + tlen, GFP_ATOMIC);
378 if (!skb) {
379 ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb\n",
380 __func__);
381 return NULL;
382 }
383
384 skb->protocol = htons(ETH_P_IPV6);
385 skb->dev = dev;
386
387 skb_reserve(skb, hlen + sizeof(struct ipv6hdr));
388 skb_reset_transport_header(skb);
389
390
391
392
393 skb_set_owner_w(skb, sk);
394
395 return skb;
396}
397
398static void ip6_nd_hdr(struct sk_buff *skb,
399 const struct in6_addr *saddr,
400 const struct in6_addr *daddr,
401 int hop_limit, int len)
402{
403 struct ipv6hdr *hdr;
404
405 skb_push(skb, sizeof(*hdr));
406 skb_reset_network_header(skb);
407 hdr = ipv6_hdr(skb);
408
409 ip6_flow_hdr(hdr, 0, 0);
410
411 hdr->payload_len = htons(len);
412 hdr->nexthdr = IPPROTO_ICMPV6;
413 hdr->hop_limit = hop_limit;
414
415 hdr->saddr = *saddr;
416 hdr->daddr = *daddr;
417}
418
419static void ndisc_send_skb(struct sk_buff *skb,
420 const struct in6_addr *daddr,
421 const struct in6_addr *saddr)
422{
423 struct dst_entry *dst = skb_dst(skb);
424 struct net *net = dev_net(skb->dev);
425 struct sock *sk = net->ipv6.ndisc_sk;
426 struct inet6_dev *idev;
427 int err;
428 struct icmp6hdr *icmp6h = icmp6_hdr(skb);
429 u8 type;
430
431 type = icmp6h->icmp6_type;
432
433 if (!dst) {
434 struct flowi6 fl6;
435
436 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, skb->dev->ifindex);
437 dst = icmp6_dst_alloc(skb->dev, &fl6);
438 if (IS_ERR(dst)) {
439 kfree_skb(skb);
440 return;
441 }
442
443 skb_dst_set(skb, dst);
444 }
445
446 icmp6h->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len,
447 IPPROTO_ICMPV6,
448 csum_partial(icmp6h,
449 skb->len, 0));
450
451 ip6_nd_hdr(skb, saddr, daddr, inet6_sk(sk)->hop_limit, skb->len);
452
453 rcu_read_lock();
454 idev = __in6_dev_get(dst->dev);
455 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
456
457 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev,
458 dst_output);
459 if (!err) {
460 ICMP6MSGOUT_INC_STATS(net, idev, type);
461 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
462 }
463
464 rcu_read_unlock();
465}
466
467void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
468 const struct in6_addr *daddr,
469 const struct in6_addr *solicited_addr,
470 bool router, bool solicited, bool override, bool inc_opt)
471{
472 struct sk_buff *skb;
473 struct in6_addr tmpaddr;
474 struct inet6_ifaddr *ifp;
475 const struct in6_addr *src_addr;
476 struct nd_msg *msg;
477 int optlen = 0;
478
479
480 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
481 if (ifp) {
482 src_addr = solicited_addr;
483 if (ifp->flags & IFA_F_OPTIMISTIC)
484 override = false;
485 inc_opt |= ifp->idev->cnf.force_tllao;
486 in6_ifa_put(ifp);
487 } else {
488 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
489 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
490 &tmpaddr))
491 return;
492 src_addr = &tmpaddr;
493 }
494
495 if (!dev->addr_len)
496 inc_opt = 0;
497 if (inc_opt)
498 optlen += ndisc_opt_addr_space(dev);
499
500 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
501 if (!skb)
502 return;
503
504 msg = (struct nd_msg *)skb_put(skb, sizeof(*msg));
505 *msg = (struct nd_msg) {
506 .icmph = {
507 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
508 .icmp6_router = router,
509 .icmp6_solicited = solicited,
510 .icmp6_override = override,
511 },
512 .target = *solicited_addr,
513 };
514
515 if (inc_opt)
516 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR,
517 dev->dev_addr);
518
519
520 ndisc_send_skb(skb, daddr, src_addr);
521}
522
523static void ndisc_send_unsol_na(struct net_device *dev)
524{
525 struct inet6_dev *idev;
526 struct inet6_ifaddr *ifa;
527
528 idev = in6_dev_get(dev);
529 if (!idev)
530 return;
531
532 read_lock_bh(&idev->lock);
533 list_for_each_entry(ifa, &idev->addr_list, if_list) {
534 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &ifa->addr,
535 !!idev->cnf.forwarding,
536 false, true,
537 true);
538 }
539 read_unlock_bh(&idev->lock);
540
541 in6_dev_put(idev);
542}
543
544void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh,
545 const struct in6_addr *solicit,
546 const struct in6_addr *daddr, const struct in6_addr *saddr)
547{
548 struct sk_buff *skb;
549 struct in6_addr addr_buf;
550 int inc_opt = dev->addr_len;
551 int optlen = 0;
552 struct nd_msg *msg;
553
554 if (saddr == NULL) {
555 if (ipv6_get_lladdr(dev, &addr_buf,
556 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
557 return;
558 saddr = &addr_buf;
559 }
560
561 if (ipv6_addr_any(saddr))
562 inc_opt = false;
563 if (inc_opt)
564 optlen += ndisc_opt_addr_space(dev);
565
566 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
567 if (!skb)
568 return;
569
570 msg = (struct nd_msg *)skb_put(skb, sizeof(*msg));
571 *msg = (struct nd_msg) {
572 .icmph = {
573 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
574 },
575 .target = *solicit,
576 };
577
578 if (inc_opt)
579 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
580 dev->dev_addr);
581
582 ndisc_send_skb(skb, daddr, saddr);
583}
584
585void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
586 const struct in6_addr *daddr)
587{
588 struct sk_buff *skb;
589 struct rs_msg *msg;
590 int send_sllao = dev->addr_len;
591 int optlen = 0;
592
593#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
594
595
596
597
598
599
600
601
602 if (send_sllao) {
603 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
604 dev, 1);
605 if (ifp) {
606 if (ifp->flags & IFA_F_OPTIMISTIC) {
607 send_sllao = 0;
608 }
609 in6_ifa_put(ifp);
610 } else {
611 send_sllao = 0;
612 }
613 }
614#endif
615 if (send_sllao)
616 optlen += ndisc_opt_addr_space(dev);
617
618 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
619 if (!skb)
620 return;
621
622 msg = (struct rs_msg *)skb_put(skb, sizeof(*msg));
623 *msg = (struct rs_msg) {
624 .icmph = {
625 .icmp6_type = NDISC_ROUTER_SOLICITATION,
626 },
627 };
628
629 if (send_sllao)
630 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
631 dev->dev_addr);
632
633 ndisc_send_skb(skb, daddr, saddr);
634}
635
636
637static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
638{
639
640
641
642
643 dst_link_failure(skb);
644 kfree_skb(skb);
645}
646
647
648
649static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
650{
651 struct in6_addr *saddr = NULL;
652 struct in6_addr mcaddr;
653 struct net_device *dev = neigh->dev;
654 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
655 int probes = atomic_read(&neigh->probes);
656
657 if (skb && ipv6_chk_addr(dev_net(dev), &ipv6_hdr(skb)->saddr, dev, 1))
658 saddr = &ipv6_hdr(skb)->saddr;
659
660 if ((probes -= NEIGH_VAR(neigh->parms, UCAST_PROBES)) < 0) {
661 if (!(neigh->nud_state & NUD_VALID)) {
662 ND_PRINTK(1, dbg,
663 "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
664 __func__, target);
665 }
666 ndisc_send_ns(dev, neigh, target, target, saddr);
667 } else if ((probes -= NEIGH_VAR(neigh->parms, APP_PROBES)) < 0) {
668 neigh_app_ns(neigh);
669 } else {
670 addrconf_addr_solict_mult(target, &mcaddr);
671 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr);
672 }
673}
674
675static int pndisc_is_router(const void *pkey,
676 struct net_device *dev)
677{
678 struct pneigh_entry *n;
679 int ret = -1;
680
681 read_lock_bh(&nd_tbl.lock);
682 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
683 if (n)
684 ret = !!(n->flags & NTF_ROUTER);
685 read_unlock_bh(&nd_tbl.lock);
686
687 return ret;
688}
689
690static void ndisc_recv_ns(struct sk_buff *skb)
691{
692 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
693 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
694 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
695 u8 *lladdr = NULL;
696 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
697 offsetof(struct nd_msg, opt));
698 struct ndisc_options ndopts;
699 struct net_device *dev = skb->dev;
700 struct inet6_ifaddr *ifp;
701 struct inet6_dev *idev = NULL;
702 struct neighbour *neigh;
703 int dad = ipv6_addr_any(saddr);
704 bool inc;
705 int is_router = -1;
706
707 if (skb->len < sizeof(struct nd_msg)) {
708 ND_PRINTK(2, warn, "NS: packet too short\n");
709 return;
710 }
711
712 if (ipv6_addr_is_multicast(&msg->target)) {
713 ND_PRINTK(2, warn, "NS: multicast target address\n");
714 return;
715 }
716
717
718
719
720
721 if (dad && !ipv6_addr_is_solict_mult(daddr)) {
722 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
723 return;
724 }
725
726 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
727 ND_PRINTK(2, warn, "NS: invalid ND options\n");
728 return;
729 }
730
731 if (ndopts.nd_opts_src_lladdr) {
732 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
733 if (!lladdr) {
734 ND_PRINTK(2, warn,
735 "NS: invalid link-layer address length\n");
736 return;
737 }
738
739
740
741
742
743
744 if (dad) {
745 ND_PRINTK(2, warn,
746 "NS: bad DAD packet (link-layer address option)\n");
747 return;
748 }
749 }
750
751 inc = ipv6_addr_is_multicast(daddr);
752
753 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
754 if (ifp) {
755
756 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
757 if (dad) {
758
759
760
761
762
763 addrconf_dad_failure(ifp);
764 return;
765 } else {
766
767
768
769
770
771
772 if (!(ifp->flags & IFA_F_OPTIMISTIC))
773 goto out;
774 }
775 }
776
777 idev = ifp->idev;
778 } else {
779 struct net *net = dev_net(dev);
780
781 idev = in6_dev_get(dev);
782 if (!idev) {
783
784 return;
785 }
786
787 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
788 (idev->cnf.forwarding &&
789 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
790 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
791 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
792 skb->pkt_type != PACKET_HOST &&
793 inc &&
794 NEIGH_VAR(idev->nd_parms, PROXY_DELAY) != 0) {
795
796
797
798
799
800
801
802 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
803 if (n)
804 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
805 goto out;
806 }
807 } else
808 goto out;
809 }
810
811 if (is_router < 0)
812 is_router = idev->cnf.forwarding;
813
814 if (dad) {
815 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &msg->target,
816 !!is_router, false, (ifp != NULL), true);
817 goto out;
818 }
819
820 if (inc)
821 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
822 else
823 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
824
825
826
827
828
829 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
830 !inc || lladdr || !dev->addr_len);
831 if (neigh)
832 neigh_update(neigh, lladdr, NUD_STALE,
833 NEIGH_UPDATE_F_WEAK_OVERRIDE|
834 NEIGH_UPDATE_F_OVERRIDE);
835 if (neigh || !dev->header_ops) {
836 ndisc_send_na(dev, neigh, saddr, &msg->target,
837 !!is_router,
838 true, (ifp != NULL && inc), inc);
839 if (neigh)
840 neigh_release(neigh);
841 }
842
843out:
844 if (ifp)
845 in6_ifa_put(ifp);
846 else
847 in6_dev_put(idev);
848}
849
850static void ndisc_recv_na(struct sk_buff *skb)
851{
852 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
853 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
854 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
855 u8 *lladdr = NULL;
856 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
857 offsetof(struct nd_msg, opt));
858 struct ndisc_options ndopts;
859 struct net_device *dev = skb->dev;
860 struct inet6_ifaddr *ifp;
861 struct neighbour *neigh;
862
863 if (skb->len < sizeof(struct nd_msg)) {
864 ND_PRINTK(2, warn, "NA: packet too short\n");
865 return;
866 }
867
868 if (ipv6_addr_is_multicast(&msg->target)) {
869 ND_PRINTK(2, warn, "NA: target address is multicast\n");
870 return;
871 }
872
873 if (ipv6_addr_is_multicast(daddr) &&
874 msg->icmph.icmp6_solicited) {
875 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
876 return;
877 }
878
879 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
880 ND_PRINTK(2, warn, "NS: invalid ND option\n");
881 return;
882 }
883 if (ndopts.nd_opts_tgt_lladdr) {
884 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
885 if (!lladdr) {
886 ND_PRINTK(2, warn,
887 "NA: invalid link-layer address length\n");
888 return;
889 }
890 }
891 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
892 if (ifp) {
893 if (skb->pkt_type != PACKET_LOOPBACK
894 && (ifp->flags & IFA_F_TENTATIVE)) {
895 addrconf_dad_failure(ifp);
896 return;
897 }
898
899
900
901
902
903
904
905
906
907 if (skb->pkt_type != PACKET_LOOPBACK)
908 ND_PRINTK(1, warn,
909 "NA: someone advertises our address %pI6 on %s!\n",
910 &ifp->addr, ifp->idev->dev->name);
911 in6_ifa_put(ifp);
912 return;
913 }
914 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
915
916 if (neigh) {
917 u8 old_flags = neigh->flags;
918 struct net *net = dev_net(dev);
919
920 if (neigh->nud_state & NUD_FAILED)
921 goto out;
922
923
924
925
926
927
928 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
929 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
930 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
931
932 goto out;
933 }
934
935 neigh_update(neigh, lladdr,
936 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
937 NEIGH_UPDATE_F_WEAK_OVERRIDE|
938 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
939 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
940 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0));
941
942 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
943
944
945
946 rt6_clean_tohost(dev_net(dev), saddr);
947 }
948
949out:
950 neigh_release(neigh);
951 }
952}
953
954static void ndisc_recv_rs(struct sk_buff *skb)
955{
956 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
957 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
958 struct neighbour *neigh;
959 struct inet6_dev *idev;
960 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
961 struct ndisc_options ndopts;
962 u8 *lladdr = NULL;
963
964 if (skb->len < sizeof(*rs_msg))
965 return;
966
967 idev = __in6_dev_get(skb->dev);
968 if (!idev) {
969 ND_PRINTK(1, err, "RS: can't find in6 device\n");
970 return;
971 }
972
973
974 if (!idev->cnf.forwarding)
975 goto out;
976
977
978
979
980
981 if (ipv6_addr_any(saddr))
982 goto out;
983
984
985 if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) {
986 ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n");
987 goto out;
988 }
989
990 if (ndopts.nd_opts_src_lladdr) {
991 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
992 skb->dev);
993 if (!lladdr)
994 goto out;
995 }
996
997 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
998 if (neigh) {
999 neigh_update(neigh, lladdr, NUD_STALE,
1000 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1001 NEIGH_UPDATE_F_OVERRIDE|
1002 NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
1003 neigh_release(neigh);
1004 }
1005out:
1006 return;
1007}
1008
1009static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1010{
1011 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1012 struct sk_buff *skb;
1013 struct nlmsghdr *nlh;
1014 struct nduseroptmsg *ndmsg;
1015 struct net *net = dev_net(ra->dev);
1016 int err;
1017 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1018 + (opt->nd_opt_len << 3));
1019 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1020
1021 skb = nlmsg_new(msg_size, GFP_ATOMIC);
1022 if (skb == NULL) {
1023 err = -ENOBUFS;
1024 goto errout;
1025 }
1026
1027 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1028 if (nlh == NULL) {
1029 goto nla_put_failure;
1030 }
1031
1032 ndmsg = nlmsg_data(nlh);
1033 ndmsg->nduseropt_family = AF_INET6;
1034 ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1035 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1036 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1037 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1038
1039 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1040
1041 if (nla_put(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr),
1042 &ipv6_hdr(ra)->saddr))
1043 goto nla_put_failure;
1044 nlmsg_end(skb, nlh);
1045
1046 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1047 return;
1048
1049nla_put_failure:
1050 nlmsg_free(skb);
1051 err = -EMSGSIZE;
1052errout:
1053 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1054}
1055
1056static void ndisc_router_discovery(struct sk_buff *skb)
1057{
1058 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1059 struct neighbour *neigh = NULL;
1060 struct inet6_dev *in6_dev;
1061 struct rt6_info *rt = NULL;
1062 int lifetime;
1063 struct ndisc_options ndopts;
1064 int optlen;
1065 unsigned int pref = 0;
1066
1067 __u8 *opt = (__u8 *)(ra_msg + 1);
1068
1069 optlen = (skb_tail_pointer(skb) - skb_transport_header(skb)) -
1070 sizeof(struct ra_msg);
1071
1072 ND_PRINTK(2, info,
1073 "RA: %s, dev: %s\n",
1074 __func__, skb->dev->name);
1075 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1076 ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1077 return;
1078 }
1079 if (optlen < 0) {
1080 ND_PRINTK(2, warn, "RA: packet too short\n");
1081 return;
1082 }
1083
1084#ifdef CONFIG_IPV6_NDISC_NODETYPE
1085 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1086 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
1087 return;
1088 }
1089#endif
1090
1091
1092
1093
1094
1095 in6_dev = __in6_dev_get(skb->dev);
1096 if (in6_dev == NULL) {
1097 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1098 skb->dev->name);
1099 return;
1100 }
1101
1102 if (!ndisc_parse_options(opt, optlen, &ndopts)) {
1103 ND_PRINTK(2, warn, "RA: invalid ND options\n");
1104 return;
1105 }
1106
1107 if (!ipv6_accept_ra(in6_dev)) {
1108 ND_PRINTK(2, info,
1109 "RA: %s, did not accept ra for dev: %s\n",
1110 __func__, skb->dev->name);
1111 goto skip_linkparms;
1112 }
1113
1114#ifdef CONFIG_IPV6_NDISC_NODETYPE
1115
1116 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1117 ND_PRINTK(2, info,
1118 "RA: %s, nodetype is NODEFAULT, dev: %s\n",
1119 __func__, skb->dev->name);
1120 goto skip_linkparms;
1121 }
1122#endif
1123
1124 if (in6_dev->if_flags & IF_RS_SENT) {
1125
1126
1127
1128
1129 in6_dev->if_flags |= IF_RA_RCVD;
1130 }
1131
1132
1133
1134
1135
1136 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1137 IF_RA_OTHERCONF)) |
1138 (ra_msg->icmph.icmp6_addrconf_managed ?
1139 IF_RA_MANAGED : 0) |
1140 (ra_msg->icmph.icmp6_addrconf_other ?
1141 IF_RA_OTHERCONF : 0);
1142
1143 if (!in6_dev->cnf.accept_ra_defrtr) {
1144 ND_PRINTK(2, info,
1145 "RA: %s, defrtr is false for dev: %s\n",
1146 __func__, skb->dev->name);
1147 goto skip_defrtr;
1148 }
1149
1150
1151
1152
1153 if (!in6_dev->cnf.accept_ra_from_local &&
1154 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
1155 NULL, 0)) {
1156 ND_PRINTK(2, info,
1157 "RA from local address detected on dev: %s: default router ignored\n",
1158 skb->dev->name);
1159 goto skip_defrtr;
1160 }
1161
1162 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1163
1164#ifdef CONFIG_IPV6_ROUTER_PREF
1165 pref = ra_msg->icmph.icmp6_router_pref;
1166
1167 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1168 !in6_dev->cnf.accept_ra_rtr_pref)
1169 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1170#endif
1171
1172 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1173
1174 if (rt) {
1175 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1176 if (!neigh) {
1177 ND_PRINTK(0, err,
1178 "RA: %s got default router without neighbour\n",
1179 __func__);
1180 ip6_rt_put(rt);
1181 return;
1182 }
1183 }
1184 if (rt && lifetime == 0) {
1185 ip6_del_rt(rt);
1186 rt = NULL;
1187 }
1188
1189 ND_PRINTK(3, info, "RA: rt: %p lifetime: %d, for dev: %s\n",
1190 rt, lifetime, skb->dev->name);
1191 if (rt == NULL && lifetime) {
1192 ND_PRINTK(3, info, "RA: adding default router\n");
1193
1194 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
1195 if (rt == NULL) {
1196 ND_PRINTK(0, err,
1197 "RA: %s failed to add default route\n",
1198 __func__);
1199 return;
1200 }
1201
1202 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1203 if (neigh == NULL) {
1204 ND_PRINTK(0, err,
1205 "RA: %s got default router without neighbour\n",
1206 __func__);
1207 ip6_rt_put(rt);
1208 return;
1209 }
1210 neigh->flags |= NTF_ROUTER;
1211 } else if (rt) {
1212 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1213 }
1214
1215 if (rt)
1216 rt6_set_expires(rt, jiffies + (HZ * lifetime));
1217 if (ra_msg->icmph.icmp6_hop_limit) {
1218 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1219 if (rt)
1220 dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
1221 ra_msg->icmph.icmp6_hop_limit);
1222 }
1223
1224skip_defrtr:
1225
1226
1227
1228
1229
1230 if (in6_dev->nd_parms) {
1231 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1232
1233 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1234 rtime = (rtime*HZ)/1000;
1235 if (rtime < HZ/10)
1236 rtime = HZ/10;
1237 NEIGH_VAR_SET(in6_dev->nd_parms, RETRANS_TIME, rtime);
1238 in6_dev->tstamp = jiffies;
1239 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1240 }
1241
1242 rtime = ntohl(ra_msg->reachable_time);
1243 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1244 rtime = (rtime*HZ)/1000;
1245
1246 if (rtime < HZ/10)
1247 rtime = HZ/10;
1248
1249 if (rtime != NEIGH_VAR(in6_dev->nd_parms, BASE_REACHABLE_TIME)) {
1250 NEIGH_VAR_SET(in6_dev->nd_parms,
1251 BASE_REACHABLE_TIME, rtime);
1252 NEIGH_VAR_SET(in6_dev->nd_parms,
1253 GC_STALETIME, 3 * rtime);
1254 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1255 in6_dev->tstamp = jiffies;
1256 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1257 }
1258 }
1259 }
1260
1261skip_linkparms:
1262
1263
1264
1265
1266
1267 if (!neigh)
1268 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1269 skb->dev, 1);
1270 if (neigh) {
1271 u8 *lladdr = NULL;
1272 if (ndopts.nd_opts_src_lladdr) {
1273 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1274 skb->dev);
1275 if (!lladdr) {
1276 ND_PRINTK(2, warn,
1277 "RA: invalid link-layer address length\n");
1278 goto out;
1279 }
1280 }
1281 neigh_update(neigh, lladdr, NUD_STALE,
1282 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1283 NEIGH_UPDATE_F_OVERRIDE|
1284 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1285 NEIGH_UPDATE_F_ISROUTER);
1286 }
1287
1288 if (!ipv6_accept_ra(in6_dev)) {
1289 ND_PRINTK(2, info,
1290 "RA: %s, accept_ra is false for dev: %s\n",
1291 __func__, skb->dev->name);
1292 goto out;
1293 }
1294
1295#ifdef CONFIG_IPV6_ROUTE_INFO
1296 if (!in6_dev->cnf.accept_ra_from_local &&
1297 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
1298 NULL, 0)) {
1299 ND_PRINTK(2, info,
1300 "RA from local address detected on dev: %s: router info ignored.\n",
1301 skb->dev->name);
1302 goto skip_routeinfo;
1303 }
1304
1305 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1306 struct nd_opt_hdr *p;
1307 for (p = ndopts.nd_opts_ri;
1308 p;
1309 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1310 struct route_info *ri = (struct route_info *)p;
1311#ifdef CONFIG_IPV6_NDISC_NODETYPE
1312 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1313 ri->prefix_len == 0)
1314 continue;
1315#endif
1316 if (ri->prefix_len == 0 &&
1317 !in6_dev->cnf.accept_ra_defrtr)
1318 continue;
1319 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1320 continue;
1321 rt6_route_rcv(skb->dev, (u8 *)p, (p->nd_opt_len) << 3,
1322 &ipv6_hdr(skb)->saddr);
1323 }
1324 }
1325
1326skip_routeinfo:
1327#endif
1328
1329#ifdef CONFIG_IPV6_NDISC_NODETYPE
1330
1331 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1332 ND_PRINTK(2, info,
1333 "RA: %s, nodetype is NODEFAULT (interior routes), dev: %s\n",
1334 __func__, skb->dev->name);
1335 goto out;
1336 }
1337#endif
1338
1339 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1340 struct nd_opt_hdr *p;
1341 for (p = ndopts.nd_opts_pi;
1342 p;
1343 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1344 addrconf_prefix_rcv(skb->dev, (u8 *)p,
1345 (p->nd_opt_len) << 3,
1346 ndopts.nd_opts_src_lladdr != NULL);
1347 }
1348 }
1349
1350 if (ndopts.nd_opts_mtu) {
1351 __be32 n;
1352 u32 mtu;
1353
1354 memcpy(&n, ((u8 *)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1355 mtu = ntohl(n);
1356
1357 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1358 ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1359 } else if (in6_dev->cnf.mtu6 != mtu) {
1360 in6_dev->cnf.mtu6 = mtu;
1361
1362 if (rt)
1363 dst_metric_set(&rt->dst, RTAX_MTU, mtu);
1364
1365 rt6_mtu_change(skb->dev, mtu);
1366 }
1367 }
1368
1369 if (ndopts.nd_useropts) {
1370 struct nd_opt_hdr *p;
1371 for (p = ndopts.nd_useropts;
1372 p;
1373 p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) {
1374 ndisc_ra_useropt(skb, p);
1375 }
1376 }
1377
1378 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1379 ND_PRINTK(2, warn, "RA: invalid RA options\n");
1380 }
1381out:
1382 ip6_rt_put(rt);
1383 if (neigh)
1384 neigh_release(neigh);
1385}
1386
1387static void ndisc_redirect_rcv(struct sk_buff *skb)
1388{
1389 u8 *hdr;
1390 struct ndisc_options ndopts;
1391 struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb);
1392 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
1393 offsetof(struct rd_msg, opt));
1394
1395#ifdef CONFIG_IPV6_NDISC_NODETYPE
1396 switch (skb->ndisc_nodetype) {
1397 case NDISC_NODETYPE_HOST:
1398 case NDISC_NODETYPE_NODEFAULT:
1399 ND_PRINTK(2, warn,
1400 "Redirect: from host or unauthorized router\n");
1401 return;
1402 }
1403#endif
1404
1405 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1406 ND_PRINTK(2, warn,
1407 "Redirect: source address is not link-local\n");
1408 return;
1409 }
1410
1411 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts))
1412 return;
1413
1414 if (!ndopts.nd_opts_rh) {
1415 ip6_redirect_no_header(skb, dev_net(skb->dev),
1416 skb->dev->ifindex, 0);
1417 return;
1418 }
1419
1420 hdr = (u8 *)ndopts.nd_opts_rh;
1421 hdr += 8;
1422 if (!pskb_pull(skb, hdr - skb_transport_header(skb)))
1423 return;
1424
1425 icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1426}
1427
1428static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb,
1429 struct sk_buff *orig_skb,
1430 int rd_len)
1431{
1432 u8 *opt = skb_put(skb, rd_len);
1433
1434 memset(opt, 0, 8);
1435 *(opt++) = ND_OPT_REDIRECT_HDR;
1436 *(opt++) = (rd_len >> 3);
1437 opt += 6;
1438
1439 memcpy(opt, ipv6_hdr(orig_skb), rd_len - 8);
1440}
1441
1442void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1443{
1444 struct net_device *dev = skb->dev;
1445 struct net *net = dev_net(dev);
1446 struct sock *sk = net->ipv6.ndisc_sk;
1447 int optlen = 0;
1448 struct inet_peer *peer;
1449 struct sk_buff *buff;
1450 struct rd_msg *msg;
1451 struct in6_addr saddr_buf;
1452 struct rt6_info *rt;
1453 struct dst_entry *dst;
1454 struct flowi6 fl6;
1455 int rd_len;
1456 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL;
1457 bool ret;
1458
1459 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1460 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1461 dev->name);
1462 return;
1463 }
1464
1465 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1466 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1467 ND_PRINTK(2, warn,
1468 "Redirect: target address is not link-local unicast\n");
1469 return;
1470 }
1471
1472 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1473 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1474
1475 dst = ip6_route_output(net, NULL, &fl6);
1476 if (dst->error) {
1477 dst_release(dst);
1478 return;
1479 }
1480 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1481 if (IS_ERR(dst))
1482 return;
1483
1484 rt = (struct rt6_info *) dst;
1485
1486 if (rt->rt6i_flags & RTF_GATEWAY) {
1487 ND_PRINTK(2, warn,
1488 "Redirect: destination is not a neighbour\n");
1489 goto release;
1490 }
1491 peer = inet_getpeer_v6(net->ipv6.peers, &rt->rt6i_dst.addr, 1);
1492 ret = inet_peer_xrlim_allow(peer, 1*HZ);
1493 if (peer)
1494 inet_putpeer(peer);
1495 if (!ret)
1496 goto release;
1497
1498 if (dev->addr_len) {
1499 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1500 if (!neigh) {
1501 ND_PRINTK(2, warn,
1502 "Redirect: no neigh for target address\n");
1503 goto release;
1504 }
1505
1506 read_lock_bh(&neigh->lock);
1507 if (neigh->nud_state & NUD_VALID) {
1508 memcpy(ha_buf, neigh->ha, dev->addr_len);
1509 read_unlock_bh(&neigh->lock);
1510 ha = ha_buf;
1511 optlen += ndisc_opt_addr_space(dev);
1512 } else
1513 read_unlock_bh(&neigh->lock);
1514
1515 neigh_release(neigh);
1516 }
1517
1518 rd_len = min_t(unsigned int,
1519 IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen,
1520 skb->len + 8);
1521 rd_len &= ~0x7;
1522 optlen += rd_len;
1523
1524 buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
1525 if (!buff)
1526 goto release;
1527
1528 msg = (struct rd_msg *)skb_put(buff, sizeof(*msg));
1529 *msg = (struct rd_msg) {
1530 .icmph = {
1531 .icmp6_type = NDISC_REDIRECT,
1532 },
1533 .target = *target,
1534 .dest = ipv6_hdr(skb)->daddr,
1535 };
1536
1537
1538
1539
1540
1541 if (ha)
1542 ndisc_fill_addr_option(buff, ND_OPT_TARGET_LL_ADDR, ha);
1543
1544
1545
1546
1547
1548 if (rd_len)
1549 ndisc_fill_redirect_hdr_option(buff, skb, rd_len);
1550
1551 skb_dst_set(buff, dst);
1552 ndisc_send_skb(buff, &ipv6_hdr(skb)->saddr, &saddr_buf);
1553 return;
1554
1555release:
1556 dst_release(dst);
1557}
1558
1559static void pndisc_redo(struct sk_buff *skb)
1560{
1561 ndisc_recv_ns(skb);
1562 kfree_skb(skb);
1563}
1564
1565static bool ndisc_suppress_frag_ndisc(struct sk_buff *skb)
1566{
1567 struct inet6_dev *idev = __in6_dev_get(skb->dev);
1568
1569 if (!idev)
1570 return true;
1571 if (IP6CB(skb)->flags & IP6SKB_FRAGMENTED &&
1572 idev->cnf.suppress_frag_ndisc) {
1573 net_warn_ratelimited("Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.\n");
1574 return true;
1575 }
1576 return false;
1577}
1578
1579int ndisc_rcv(struct sk_buff *skb)
1580{
1581 struct nd_msg *msg;
1582
1583 if (ndisc_suppress_frag_ndisc(skb))
1584 return 0;
1585
1586 if (skb_linearize(skb))
1587 return 0;
1588
1589 msg = (struct nd_msg *)skb_transport_header(skb);
1590
1591 __skb_push(skb, skb->data - skb_transport_header(skb));
1592
1593 if (ipv6_hdr(skb)->hop_limit != 255) {
1594 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1595 ipv6_hdr(skb)->hop_limit);
1596 return 0;
1597 }
1598
1599 if (msg->icmph.icmp6_code != 0) {
1600 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1601 msg->icmph.icmp6_code);
1602 return 0;
1603 }
1604
1605 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1606
1607 switch (msg->icmph.icmp6_type) {
1608 case NDISC_NEIGHBOUR_SOLICITATION:
1609 ndisc_recv_ns(skb);
1610 break;
1611
1612 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1613 ndisc_recv_na(skb);
1614 break;
1615
1616 case NDISC_ROUTER_SOLICITATION:
1617 ndisc_recv_rs(skb);
1618 break;
1619
1620 case NDISC_ROUTER_ADVERTISEMENT:
1621 ndisc_router_discovery(skb);
1622 break;
1623
1624 case NDISC_REDIRECT:
1625 ndisc_redirect_rcv(skb);
1626 break;
1627 }
1628
1629 return 0;
1630}
1631
1632static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1633{
1634 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1635 struct net *net = dev_net(dev);
1636 struct inet6_dev *idev;
1637
1638 switch (event) {
1639 case NETDEV_CHANGEADDR:
1640 neigh_changeaddr(&nd_tbl, dev);
1641 fib6_run_gc(0, net, false);
1642 idev = in6_dev_get(dev);
1643 if (!idev)
1644 break;
1645 if (idev->cnf.ndisc_notify)
1646 ndisc_send_unsol_na(dev);
1647 in6_dev_put(idev);
1648 break;
1649 case NETDEV_DOWN:
1650 neigh_ifdown(&nd_tbl, dev);
1651 fib6_run_gc(0, net, false);
1652 break;
1653 case NETDEV_NOTIFY_PEERS:
1654 ndisc_send_unsol_na(dev);
1655 break;
1656 default:
1657 break;
1658 }
1659
1660 return NOTIFY_DONE;
1661}
1662
1663static struct notifier_block ndisc_netdev_notifier = {
1664 .notifier_call = ndisc_netdev_event,
1665};
1666
1667#ifdef CONFIG_SYSCTL
1668static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1669 const char *func, const char *dev_name)
1670{
1671 static char warncomm[TASK_COMM_LEN];
1672 static int warned;
1673 if (strcmp(warncomm, current->comm) && warned < 5) {
1674 strcpy(warncomm, current->comm);
1675 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1676 warncomm, func,
1677 dev_name, ctl->procname,
1678 dev_name, ctl->procname);
1679 warned++;
1680 }
1681}
1682
1683int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
1684{
1685 struct net_device *dev = ctl->extra1;
1686 struct inet6_dev *idev;
1687 int ret;
1688
1689 if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1690 (strcmp(ctl->procname, "base_reachable_time") == 0))
1691 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1692
1693 if (strcmp(ctl->procname, "retrans_time") == 0)
1694 ret = neigh_proc_dointvec(ctl, write, buffer, lenp, ppos);
1695
1696 else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1697 ret = neigh_proc_dointvec_jiffies(ctl, write,
1698 buffer, lenp, ppos);
1699
1700 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1701 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1702 ret = neigh_proc_dointvec_ms_jiffies(ctl, write,
1703 buffer, lenp, ppos);
1704 else
1705 ret = -1;
1706
1707 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1708 if (ctl->data == &NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME))
1709 idev->nd_parms->reachable_time =
1710 neigh_rand_reach_time(NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME));
1711 idev->tstamp = jiffies;
1712 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1713 in6_dev_put(idev);
1714 }
1715 return ret;
1716}
1717
1718
1719#endif
1720
1721static int __net_init ndisc_net_init(struct net *net)
1722{
1723 struct ipv6_pinfo *np;
1724 struct sock *sk;
1725 int err;
1726
1727 err = inet_ctl_sock_create(&sk, PF_INET6,
1728 SOCK_RAW, IPPROTO_ICMPV6, net);
1729 if (err < 0) {
1730 ND_PRINTK(0, err,
1731 "NDISC: Failed to initialize the control socket (err %d)\n",
1732 err);
1733 return err;
1734 }
1735
1736 net->ipv6.ndisc_sk = sk;
1737
1738 np = inet6_sk(sk);
1739 np->hop_limit = 255;
1740
1741 np->mc_loop = 0;
1742
1743 return 0;
1744}
1745
1746static void __net_exit ndisc_net_exit(struct net *net)
1747{
1748 inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1749}
1750
1751static struct pernet_operations ndisc_net_ops = {
1752 .init = ndisc_net_init,
1753 .exit = ndisc_net_exit,
1754};
1755
1756int __init ndisc_init(void)
1757{
1758 int err;
1759
1760 err = register_pernet_subsys(&ndisc_net_ops);
1761 if (err)
1762 return err;
1763
1764
1765
1766 neigh_table_init(&nd_tbl);
1767
1768#ifdef CONFIG_SYSCTL
1769 err = neigh_sysctl_register(NULL, &nd_tbl.parms,
1770 ndisc_ifinfo_sysctl_change);
1771 if (err)
1772 goto out_unregister_pernet;
1773out:
1774#endif
1775 return err;
1776
1777#ifdef CONFIG_SYSCTL
1778out_unregister_pernet:
1779 unregister_pernet_subsys(&ndisc_net_ops);
1780 goto out;
1781#endif
1782}
1783
1784int __init ndisc_late_init(void)
1785{
1786 return register_netdevice_notifier(&ndisc_netdev_notifier);
1787}
1788
1789void ndisc_late_cleanup(void)
1790{
1791 unregister_netdevice_notifier(&ndisc_netdev_notifier);
1792}
1793
1794void ndisc_cleanup(void)
1795{
1796#ifdef CONFIG_SYSCTL
1797 neigh_sysctl_unregister(&nd_tbl.parms);
1798#endif
1799 neigh_table_clear(&nd_tbl);
1800 unregister_pernet_subsys(&ndisc_net_ops);
1801}
1802
