1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30#define pr_fmt(fmt) "ICMPv6: " fmt
31
32#include <linux/module.h>
33#include <linux/errno.h>
34#include <linux/types.h>
35#include <linux/socket.h>
36#include <linux/sockios.h>
37#include <linux/sched.h>
38#include <linux/net.h>
39#include <linux/in6.h>
40#include <linux/route.h>
41#include <linux/init.h>
42#include <linux/rcupdate.h>
43#include <linux/slab.h>
44#ifdef CONFIG_SYSCTL
45#include <linux/sysctl.h>
46#endif
47
48#include <linux/if_addr.h>
49#include <linux/if_arp.h>
50#include <linux/ipv6.h>
51#include <linux/icmpv6.h>
52#include <linux/jhash.h>
53
54#include <net/sock.h>
55#include <net/snmp.h>
56
57#include <net/ipv6.h>
58#include <net/protocol.h>
59#include <net/ndisc.h>
60#include <net/ip6_route.h>
61#include <net/addrconf.h>
62#include <net/icmp.h>
63
64#include <net/netlink.h>
65#include <linux/rtnetlink.h>
66
67#include <net/flow.h>
68#include <net/ip6_checksum.h>
69#include <net/inet_common.h>
70#include <linux/proc_fs.h>
71
72#include <linux/netfilter.h>
73#include <linux/netfilter_ipv6.h>
74
75
76#define ND_DEBUG 1
77
78#define ND_PRINTK(val, level, fmt, ...) \
79do { \
80 if (val <= ND_DEBUG) \
81 net_##level##_ratelimited(fmt, ##__VA_ARGS__); \
82} while (0)
83
84static u32 ndisc_hash(const void *pkey,
85 const struct net_device *dev,
86 __u32 *hash_rnd);
87static bool ndisc_key_eq(const struct neighbour *neigh, const void *pkey);
88static int ndisc_constructor(struct neighbour *neigh);
89static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
90static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
91static int pndisc_constructor(struct pneigh_entry *n);
92static void pndisc_destructor(struct pneigh_entry *n);
93static void pndisc_redo(struct sk_buff *skb);
94
95static const struct neigh_ops ndisc_generic_ops = {
96 .family = AF_INET6,
97 .solicit = ndisc_solicit,
98 .error_report = ndisc_error_report,
99 .output = neigh_resolve_output,
100 .connected_output = neigh_connected_output,
101};
102
103static const struct neigh_ops ndisc_hh_ops = {
104 .family = AF_INET6,
105 .solicit = ndisc_solicit,
106 .error_report = ndisc_error_report,
107 .output = neigh_resolve_output,
108 .connected_output = neigh_resolve_output,
109};
110
111
112static const struct neigh_ops ndisc_direct_ops = {
113 .family = AF_INET6,
114 .output = neigh_direct_output,
115 .connected_output = neigh_direct_output,
116};
117
118struct neigh_table nd_tbl = {
119 .family = AF_INET6,
120 .key_len = sizeof(struct in6_addr),
121 .protocol = cpu_to_be16(ETH_P_IPV6),
122 .hash = ndisc_hash,
123 .key_eq = ndisc_key_eq,
124 .constructor = ndisc_constructor,
125 .pconstructor = pndisc_constructor,
126 .pdestructor = pndisc_destructor,
127 .proxy_redo = pndisc_redo,
128 .id = "ndisc_cache",
129 .parms = {
130 .tbl = &nd_tbl,
131 .reachable_time = ND_REACHABLE_TIME,
132 .data = {
133 [NEIGH_VAR_MCAST_PROBES] = 3,
134 [NEIGH_VAR_UCAST_PROBES] = 3,
135 [NEIGH_VAR_RETRANS_TIME] = ND_RETRANS_TIMER,
136 [NEIGH_VAR_BASE_REACHABLE_TIME] = ND_REACHABLE_TIME,
137 [NEIGH_VAR_DELAY_PROBE_TIME] = 5 * HZ,
138 [NEIGH_VAR_GC_STALETIME] = 60 * HZ,
139 [NEIGH_VAR_QUEUE_LEN_BYTES] = 64 * 1024,
140 [NEIGH_VAR_PROXY_QLEN] = 64,
141 [NEIGH_VAR_ANYCAST_DELAY] = 1 * HZ,
142 [NEIGH_VAR_PROXY_DELAY] = (8 * HZ) / 10,
143 },
144 },
145 .gc_interval = 30 * HZ,
146 .gc_thresh1 = 128,
147 .gc_thresh2 = 512,
148 .gc_thresh3 = 1024,
149};
150
151static void ndisc_fill_addr_option(struct sk_buff *skb, int type, void *data)
152{
153 int pad = ndisc_addr_option_pad(skb->dev->type);
154 int data_len = skb->dev->addr_len;
155 int space = ndisc_opt_addr_space(skb->dev);
156 u8 *opt = skb_put(skb, space);
157
158 opt[0] = type;
159 opt[1] = space>>3;
160
161 memset(opt + 2, 0, pad);
162 opt += pad;
163 space -= pad;
164
165 memcpy(opt+2, data, data_len);
166 data_len += 2;
167 opt += data_len;
168 space -= data_len;
169 if (space > 0)
170 memset(opt, 0, space);
171}
172
173static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
174 struct nd_opt_hdr *end)
175{
176 int type;
177 if (!cur || !end || cur >= end)
178 return NULL;
179 type = cur->nd_opt_type;
180 do {
181 cur = ((void *)cur) + (cur->nd_opt_len << 3);
182 } while (cur < end && cur->nd_opt_type != type);
183 return cur <= end && cur->nd_opt_type == type ? cur : NULL;
184}
185
186static inline int ndisc_is_useropt(struct nd_opt_hdr *opt)
187{
188 return opt->nd_opt_type == ND_OPT_RDNSS ||
189 opt->nd_opt_type == ND_OPT_DNSSL;
190}
191
192static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur,
193 struct nd_opt_hdr *end)
194{
195 if (!cur || !end || cur >= end)
196 return NULL;
197 do {
198 cur = ((void *)cur) + (cur->nd_opt_len << 3);
199 } while (cur < end && !ndisc_is_useropt(cur));
200 return cur <= end && ndisc_is_useropt(cur) ? cur : NULL;
201}
202
203struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
204 struct ndisc_options *ndopts)
205{
206 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
207
208 if (!nd_opt || opt_len < 0 || !ndopts)
209 return NULL;
210 memset(ndopts, 0, sizeof(*ndopts));
211 while (opt_len) {
212 int l;
213 if (opt_len < sizeof(struct nd_opt_hdr))
214 return NULL;
215 l = nd_opt->nd_opt_len << 3;
216 if (opt_len < l || l == 0)
217 return NULL;
218 switch (nd_opt->nd_opt_type) {
219 case ND_OPT_SOURCE_LL_ADDR:
220 case ND_OPT_TARGET_LL_ADDR:
221 case ND_OPT_MTU:
222 case ND_OPT_REDIRECT_HDR:
223 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
224 ND_PRINTK(2, warn,
225 "%s: duplicated ND6 option found: type=%d\n",
226 __func__, nd_opt->nd_opt_type);
227 } else {
228 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
229 }
230 break;
231 case ND_OPT_PREFIX_INFO:
232 ndopts->nd_opts_pi_end = nd_opt;
233 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
234 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
235 break;
236#ifdef CONFIG_IPV6_ROUTE_INFO
237 case ND_OPT_ROUTE_INFO:
238 ndopts->nd_opts_ri_end = nd_opt;
239 if (!ndopts->nd_opts_ri)
240 ndopts->nd_opts_ri = nd_opt;
241 break;
242#endif
243 default:
244 if (ndisc_is_useropt(nd_opt)) {
245 ndopts->nd_useropts_end = nd_opt;
246 if (!ndopts->nd_useropts)
247 ndopts->nd_useropts = nd_opt;
248 } else {
249
250
251
252
253
254 ND_PRINTK(2, notice,
255 "%s: ignored unsupported option; type=%d, len=%d\n",
256 __func__,
257 nd_opt->nd_opt_type,
258 nd_opt->nd_opt_len);
259 }
260 }
261 opt_len -= l;
262 nd_opt = ((void *)nd_opt) + l;
263 }
264 return ndopts;
265}
266
267int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
268{
269 switch (dev->type) {
270 case ARPHRD_ETHER:
271 case ARPHRD_IEEE802:
272 case ARPHRD_FDDI:
273 ipv6_eth_mc_map(addr, buf);
274 return 0;
275 case ARPHRD_ARCNET:
276 ipv6_arcnet_mc_map(addr, buf);
277 return 0;
278 case ARPHRD_INFINIBAND:
279 ipv6_ib_mc_map(addr, dev->broadcast, buf);
280 return 0;
281 case ARPHRD_IPGRE:
282 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
283 default:
284 if (dir) {
285 memcpy(buf, dev->broadcast, dev->addr_len);
286 return 0;
287 }
288 }
289 return -EINVAL;
290}
291EXPORT_SYMBOL(ndisc_mc_map);
292
293static u32 ndisc_hash(const void *pkey,
294 const struct net_device *dev,
295 __u32 *hash_rnd)
296{
297 return ndisc_hashfn(pkey, dev, hash_rnd);
298}
299
300static bool ndisc_key_eq(const struct neighbour *n, const void *pkey)
301{
302 return neigh_key_eq128(n, pkey);
303}
304
305static int ndisc_constructor(struct neighbour *neigh)
306{
307 struct in6_addr *addr = (struct in6_addr *)&neigh->primary_key;
308 struct net_device *dev = neigh->dev;
309 struct inet6_dev *in6_dev;
310 struct neigh_parms *parms;
311 bool is_multicast = ipv6_addr_is_multicast(addr);
312
313 in6_dev = in6_dev_get(dev);
314 if (!in6_dev) {
315 return -EINVAL;
316 }
317
318 parms = in6_dev->nd_parms;
319 __neigh_parms_put(neigh->parms);
320 neigh->parms = neigh_parms_clone(parms);
321
322 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
323 if (!dev->header_ops) {
324 neigh->nud_state = NUD_NOARP;
325 neigh->ops = &ndisc_direct_ops;
326 neigh->output = neigh_direct_output;
327 } else {
328 if (is_multicast) {
329 neigh->nud_state = NUD_NOARP;
330 ndisc_mc_map(addr, neigh->ha, dev, 1);
331 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
332 neigh->nud_state = NUD_NOARP;
333 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
334 if (dev->flags&IFF_LOOPBACK)
335 neigh->type = RTN_LOCAL;
336 } else if (dev->flags&IFF_POINTOPOINT) {
337 neigh->nud_state = NUD_NOARP;
338 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
339 }
340 if (dev->header_ops->cache)
341 neigh->ops = &ndisc_hh_ops;
342 else
343 neigh->ops = &ndisc_generic_ops;
344 if (neigh->nud_state&NUD_VALID)
345 neigh->output = neigh->ops->connected_output;
346 else
347 neigh->output = neigh->ops->output;
348 }
349 in6_dev_put(in6_dev);
350 return 0;
351}
352
353static int pndisc_constructor(struct pneigh_entry *n)
354{
355 struct in6_addr *addr = (struct in6_addr *)&n->key;
356 struct in6_addr maddr;
357 struct net_device *dev = n->dev;
358
359 if (!dev || !__in6_dev_get(dev))
360 return -EINVAL;
361 addrconf_addr_solict_mult(addr, &maddr);
362 ipv6_dev_mc_inc(dev, &maddr);
363 return 0;
364}
365
366static void pndisc_destructor(struct pneigh_entry *n)
367{
368 struct in6_addr *addr = (struct in6_addr *)&n->key;
369 struct in6_addr maddr;
370 struct net_device *dev = n->dev;
371
372 if (!dev || !__in6_dev_get(dev))
373 return;
374 addrconf_addr_solict_mult(addr, &maddr);
375 ipv6_dev_mc_dec(dev, &maddr);
376}
377
378static struct sk_buff *ndisc_alloc_skb(struct net_device *dev,
379 int len)
380{
381 int hlen = LL_RESERVED_SPACE(dev);
382 int tlen = dev->needed_tailroom;
383 struct sock *sk = dev_net(dev)->ipv6.ndisc_sk;
384 struct sk_buff *skb;
385
386 skb = alloc_skb(hlen + sizeof(struct ipv6hdr) + len + tlen, GFP_ATOMIC);
387 if (!skb) {
388 ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb\n",
389 __func__);
390 return NULL;
391 }
392
393 skb->protocol = htons(ETH_P_IPV6);
394 skb->dev = dev;
395
396 skb_reserve(skb, hlen + sizeof(struct ipv6hdr));
397 skb_reset_transport_header(skb);
398
399
400
401
402 skb_set_owner_w(skb, sk);
403
404 return skb;
405}
406
407static void ip6_nd_hdr(struct sk_buff *skb,
408 const struct in6_addr *saddr,
409 const struct in6_addr *daddr,
410 int hop_limit, int len)
411{
412 struct ipv6hdr *hdr;
413
414 skb_push(skb, sizeof(*hdr));
415 skb_reset_network_header(skb);
416 hdr = ipv6_hdr(skb);
417
418 ip6_flow_hdr(hdr, 0, 0);
419
420 hdr->payload_len = htons(len);
421 hdr->nexthdr = IPPROTO_ICMPV6;
422 hdr->hop_limit = hop_limit;
423
424 hdr->saddr = *saddr;
425 hdr->daddr = *daddr;
426}
427
428static void ndisc_send_skb(struct sk_buff *skb,
429 const struct in6_addr *daddr,
430 const struct in6_addr *saddr)
431{
432 struct dst_entry *dst = skb_dst(skb);
433 struct net *net = dev_net(skb->dev);
434 struct sock *sk = net->ipv6.ndisc_sk;
435 struct inet6_dev *idev;
436 int err;
437 struct icmp6hdr *icmp6h = icmp6_hdr(skb);
438 u8 type;
439
440 type = icmp6h->icmp6_type;
441
442 if (!dst) {
443 struct flowi6 fl6;
444
445 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, skb->dev->ifindex);
446 dst = icmp6_dst_alloc(skb->dev, &fl6);
447 if (IS_ERR(dst)) {
448 kfree_skb(skb);
449 return;
450 }
451
452 skb_dst_set(skb, dst);
453 }
454
455 icmp6h->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len,
456 IPPROTO_ICMPV6,
457 csum_partial(icmp6h,
458 skb->len, 0));
459
460 ip6_nd_hdr(skb, saddr, daddr, inet6_sk(sk)->hop_limit, skb->len);
461
462 rcu_read_lock();
463 idev = __in6_dev_get(dst->dev);
464 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
465
466 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, sk, skb,
467 NULL, dst->dev,
468 dst_output_sk);
469 if (!err) {
470 ICMP6MSGOUT_INC_STATS(net, idev, type);
471 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
472 }
473
474 rcu_read_unlock();
475}
476
477void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
478 const struct in6_addr *daddr,
479 const struct in6_addr *solicited_addr,
480 bool router, bool solicited, bool override, bool inc_opt)
481{
482 struct sk_buff *skb;
483 struct in6_addr tmpaddr;
484 struct inet6_ifaddr *ifp;
485 const struct in6_addr *src_addr;
486 struct nd_msg *msg;
487 int optlen = 0;
488
489
490 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
491 if (ifp) {
492 src_addr = solicited_addr;
493 if (ifp->flags & IFA_F_OPTIMISTIC)
494 override = false;
495 inc_opt |= ifp->idev->cnf.force_tllao;
496 in6_ifa_put(ifp);
497 } else {
498 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
499 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
500 &tmpaddr))
501 return;
502 src_addr = &tmpaddr;
503 }
504
505 if (!dev->addr_len)
506 inc_opt = 0;
507 if (inc_opt)
508 optlen += ndisc_opt_addr_space(dev);
509
510 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
511 if (!skb)
512 return;
513
514 msg = (struct nd_msg *)skb_put(skb, sizeof(*msg));
515 *msg = (struct nd_msg) {
516 .icmph = {
517 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
518 .icmp6_router = router,
519 .icmp6_solicited = solicited,
520 .icmp6_override = override,
521 },
522 .target = *solicited_addr,
523 };
524
525 if (inc_opt)
526 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR,
527 dev->dev_addr);
528
529
530 ndisc_send_skb(skb, daddr, src_addr);
531}
532
533static void ndisc_send_unsol_na(struct net_device *dev)
534{
535 struct inet6_dev *idev;
536 struct inet6_ifaddr *ifa;
537
538 idev = in6_dev_get(dev);
539 if (!idev)
540 return;
541
542 read_lock_bh(&idev->lock);
543 list_for_each_entry(ifa, &idev->addr_list, if_list) {
544 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &ifa->addr,
545 !!idev->cnf.forwarding,
546 false, true,
547 true);
548 }
549 read_unlock_bh(&idev->lock);
550
551 in6_dev_put(idev);
552}
553
554void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh,
555 const struct in6_addr *solicit,
556 const struct in6_addr *daddr, const struct in6_addr *saddr)
557{
558 struct sk_buff *skb;
559 struct in6_addr addr_buf;
560 int inc_opt = dev->addr_len;
561 int optlen = 0;
562 struct nd_msg *msg;
563
564 if (!saddr) {
565 if (ipv6_get_lladdr(dev, &addr_buf,
566 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
567 return;
568 saddr = &addr_buf;
569 }
570
571 if (ipv6_addr_any(saddr))
572 inc_opt = false;
573 if (inc_opt)
574 optlen += ndisc_opt_addr_space(dev);
575
576 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
577 if (!skb)
578 return;
579
580 msg = (struct nd_msg *)skb_put(skb, sizeof(*msg));
581 *msg = (struct nd_msg) {
582 .icmph = {
583 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
584 },
585 .target = *solicit,
586 };
587
588 if (inc_opt)
589 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
590 dev->dev_addr);
591
592 ndisc_send_skb(skb, daddr, saddr);
593}
594
595void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
596 const struct in6_addr *daddr)
597{
598 struct sk_buff *skb;
599 struct rs_msg *msg;
600 int send_sllao = dev->addr_len;
601 int optlen = 0;
602
603#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
604
605
606
607
608
609
610
611
612 if (send_sllao) {
613 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
614 dev, 1);
615 if (ifp) {
616 if (ifp->flags & IFA_F_OPTIMISTIC) {
617 send_sllao = 0;
618 }
619 in6_ifa_put(ifp);
620 } else {
621 send_sllao = 0;
622 }
623 }
624#endif
625 if (send_sllao)
626 optlen += ndisc_opt_addr_space(dev);
627
628 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
629 if (!skb)
630 return;
631
632 msg = (struct rs_msg *)skb_put(skb, sizeof(*msg));
633 *msg = (struct rs_msg) {
634 .icmph = {
635 .icmp6_type = NDISC_ROUTER_SOLICITATION,
636 },
637 };
638
639 if (send_sllao)
640 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
641 dev->dev_addr);
642
643 ndisc_send_skb(skb, daddr, saddr);
644}
645
646
647static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
648{
649
650
651
652
653 dst_link_failure(skb);
654 kfree_skb(skb);
655}
656
657
658
659static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
660{
661 struct in6_addr *saddr = NULL;
662 struct in6_addr mcaddr;
663 struct net_device *dev = neigh->dev;
664 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
665 int probes = atomic_read(&neigh->probes);
666
667 if (skb && ipv6_chk_addr_and_flags(dev_net(dev), &ipv6_hdr(skb)->saddr,
668 dev, 1,
669 IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))
670 saddr = &ipv6_hdr(skb)->saddr;
671 probes -= NEIGH_VAR(neigh->parms, UCAST_PROBES);
672 if (probes < 0) {
673 if (!(neigh->nud_state & NUD_VALID)) {
674 ND_PRINTK(1, dbg,
675 "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
676 __func__, target);
677 }
678 ndisc_send_ns(dev, neigh, target, target, saddr);
679 } else if ((probes -= NEIGH_VAR(neigh->parms, APP_PROBES)) < 0) {
680 neigh_app_ns(neigh);
681 } else {
682 addrconf_addr_solict_mult(target, &mcaddr);
683 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr);
684 }
685}
686
687static int pndisc_is_router(const void *pkey,
688 struct net_device *dev)
689{
690 struct pneigh_entry *n;
691 int ret = -1;
692
693 read_lock_bh(&nd_tbl.lock);
694 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
695 if (n)
696 ret = !!(n->flags & NTF_ROUTER);
697 read_unlock_bh(&nd_tbl.lock);
698
699 return ret;
700}
701
702static void ndisc_recv_ns(struct sk_buff *skb)
703{
704 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
705 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
706 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
707 u8 *lladdr = NULL;
708 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
709 offsetof(struct nd_msg, opt));
710 struct ndisc_options ndopts;
711 struct net_device *dev = skb->dev;
712 struct inet6_ifaddr *ifp;
713 struct inet6_dev *idev = NULL;
714 struct neighbour *neigh;
715 int dad = ipv6_addr_any(saddr);
716 bool inc;
717 int is_router = -1;
718
719 if (skb->len < sizeof(struct nd_msg)) {
720 ND_PRINTK(2, warn, "NS: packet too short\n");
721 return;
722 }
723
724 if (ipv6_addr_is_multicast(&msg->target)) {
725 ND_PRINTK(2, warn, "NS: multicast target address\n");
726 return;
727 }
728
729
730
731
732
733 if (dad && !ipv6_addr_is_solict_mult(daddr)) {
734 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
735 return;
736 }
737
738 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
739 ND_PRINTK(2, warn, "NS: invalid ND options\n");
740 return;
741 }
742
743 if (ndopts.nd_opts_src_lladdr) {
744 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
745 if (!lladdr) {
746 ND_PRINTK(2, warn,
747 "NS: invalid link-layer address length\n");
748 return;
749 }
750
751
752
753
754
755
756 if (dad) {
757 ND_PRINTK(2, warn,
758 "NS: bad DAD packet (link-layer address option)\n");
759 return;
760 }
761 }
762
763 inc = ipv6_addr_is_multicast(daddr);
764
765 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
766 if (ifp) {
767
768 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
769 if (dad) {
770
771
772
773
774
775 addrconf_dad_failure(ifp);
776 return;
777 } else {
778
779
780
781
782
783
784 if (!(ifp->flags & IFA_F_OPTIMISTIC))
785 goto out;
786 }
787 }
788
789 idev = ifp->idev;
790 } else {
791 struct net *net = dev_net(dev);
792
793 idev = in6_dev_get(dev);
794 if (!idev) {
795
796 return;
797 }
798
799 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
800 (idev->cnf.forwarding &&
801 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
802 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
803 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
804 skb->pkt_type != PACKET_HOST &&
805 inc &&
806 NEIGH_VAR(idev->nd_parms, PROXY_DELAY) != 0) {
807
808
809
810
811
812
813
814 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
815 if (n)
816 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
817 goto out;
818 }
819 } else
820 goto out;
821 }
822
823 if (is_router < 0)
824 is_router = idev->cnf.forwarding;
825
826 if (dad) {
827 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &msg->target,
828 !!is_router, false, (ifp != NULL), true);
829 goto out;
830 }
831
832 if (inc)
833 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
834 else
835 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
836
837
838
839
840
841 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
842 !inc || lladdr || !dev->addr_len);
843 if (neigh)
844 neigh_update(neigh, lladdr, NUD_STALE,
845 NEIGH_UPDATE_F_WEAK_OVERRIDE|
846 NEIGH_UPDATE_F_OVERRIDE);
847 if (neigh || !dev->header_ops) {
848 ndisc_send_na(dev, neigh, saddr, &msg->target,
849 !!is_router,
850 true, (ifp != NULL && inc), inc);
851 if (neigh)
852 neigh_release(neigh);
853 }
854
855out:
856 if (ifp)
857 in6_ifa_put(ifp);
858 else
859 in6_dev_put(idev);
860}
861
862static void ndisc_recv_na(struct sk_buff *skb)
863{
864 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
865 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
866 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
867 u8 *lladdr = NULL;
868 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
869 offsetof(struct nd_msg, opt));
870 struct ndisc_options ndopts;
871 struct net_device *dev = skb->dev;
872 struct inet6_ifaddr *ifp;
873 struct neighbour *neigh;
874
875 if (skb->len < sizeof(struct nd_msg)) {
876 ND_PRINTK(2, warn, "NA: packet too short\n");
877 return;
878 }
879
880 if (ipv6_addr_is_multicast(&msg->target)) {
881 ND_PRINTK(2, warn, "NA: target address is multicast\n");
882 return;
883 }
884
885 if (ipv6_addr_is_multicast(daddr) &&
886 msg->icmph.icmp6_solicited) {
887 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
888 return;
889 }
890
891 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
892 ND_PRINTK(2, warn, "NS: invalid ND option\n");
893 return;
894 }
895 if (ndopts.nd_opts_tgt_lladdr) {
896 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
897 if (!lladdr) {
898 ND_PRINTK(2, warn,
899 "NA: invalid link-layer address length\n");
900 return;
901 }
902 }
903 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
904 if (ifp) {
905 if (skb->pkt_type != PACKET_LOOPBACK
906 && (ifp->flags & IFA_F_TENTATIVE)) {
907 addrconf_dad_failure(ifp);
908 return;
909 }
910
911
912
913
914
915
916
917
918
919 if (skb->pkt_type != PACKET_LOOPBACK)
920 ND_PRINTK(1, warn,
921 "NA: someone advertises our address %pI6 on %s!\n",
922 &ifp->addr, ifp->idev->dev->name);
923 in6_ifa_put(ifp);
924 return;
925 }
926 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
927
928 if (neigh) {
929 u8 old_flags = neigh->flags;
930 struct net *net = dev_net(dev);
931
932 if (neigh->nud_state & NUD_FAILED)
933 goto out;
934
935
936
937
938
939
940 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
941 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
942 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
943
944 goto out;
945 }
946
947 neigh_update(neigh, lladdr,
948 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
949 NEIGH_UPDATE_F_WEAK_OVERRIDE|
950 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
951 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
952 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0));
953
954 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
955
956
957
958 rt6_clean_tohost(dev_net(dev), saddr);
959 }
960
961out:
962 neigh_release(neigh);
963 }
964}
965
966static void ndisc_recv_rs(struct sk_buff *skb)
967{
968 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
969 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
970 struct neighbour *neigh;
971 struct inet6_dev *idev;
972 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
973 struct ndisc_options ndopts;
974 u8 *lladdr = NULL;
975
976 if (skb->len < sizeof(*rs_msg))
977 return;
978
979 idev = __in6_dev_get(skb->dev);
980 if (!idev) {
981 ND_PRINTK(1, err, "RS: can't find in6 device\n");
982 return;
983 }
984
985
986 if (!idev->cnf.forwarding)
987 goto out;
988
989
990
991
992
993 if (ipv6_addr_any(saddr))
994 goto out;
995
996
997 if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) {
998 ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n");
999 goto out;
1000 }
1001
1002 if (ndopts.nd_opts_src_lladdr) {
1003 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1004 skb->dev);
1005 if (!lladdr)
1006 goto out;
1007 }
1008
1009 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1010 if (neigh) {
1011 neigh_update(neigh, lladdr, NUD_STALE,
1012 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1013 NEIGH_UPDATE_F_OVERRIDE|
1014 NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
1015 neigh_release(neigh);
1016 }
1017out:
1018 return;
1019}
1020
1021static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1022{
1023 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1024 struct sk_buff *skb;
1025 struct nlmsghdr *nlh;
1026 struct nduseroptmsg *ndmsg;
1027 struct net *net = dev_net(ra->dev);
1028 int err;
1029 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1030 + (opt->nd_opt_len << 3));
1031 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1032
1033 skb = nlmsg_new(msg_size, GFP_ATOMIC);
1034 if (!skb) {
1035 err = -ENOBUFS;
1036 goto errout;
1037 }
1038
1039 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1040 if (!nlh) {
1041 goto nla_put_failure;
1042 }
1043
1044 ndmsg = nlmsg_data(nlh);
1045 ndmsg->nduseropt_family = AF_INET6;
1046 ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1047 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1048 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1049 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1050
1051 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1052
1053 if (nla_put_in6_addr(skb, NDUSEROPT_SRCADDR, &ipv6_hdr(ra)->saddr))
1054 goto nla_put_failure;
1055 nlmsg_end(skb, nlh);
1056
1057 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1058 return;
1059
1060nla_put_failure:
1061 nlmsg_free(skb);
1062 err = -EMSGSIZE;
1063errout:
1064 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1065}
1066
1067static void ndisc_router_discovery(struct sk_buff *skb)
1068{
1069 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1070 struct neighbour *neigh = NULL;
1071 struct inet6_dev *in6_dev;
1072 struct rt6_info *rt = NULL;
1073 int lifetime;
1074 struct ndisc_options ndopts;
1075 int optlen;
1076 unsigned int pref = 0;
1077
1078 __u8 *opt = (__u8 *)(ra_msg + 1);
1079
1080 optlen = (skb_tail_pointer(skb) - skb_transport_header(skb)) -
1081 sizeof(struct ra_msg);
1082
1083 ND_PRINTK(2, info,
1084 "RA: %s, dev: %s\n",
1085 __func__, skb->dev->name);
1086 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1087 ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1088 return;
1089 }
1090 if (optlen < 0) {
1091 ND_PRINTK(2, warn, "RA: packet too short\n");
1092 return;
1093 }
1094
1095#ifdef CONFIG_IPV6_NDISC_NODETYPE
1096 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1097 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
1098 return;
1099 }
1100#endif
1101
1102
1103
1104
1105
1106 in6_dev = __in6_dev_get(skb->dev);
1107 if (!in6_dev) {
1108 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1109 skb->dev->name);
1110 return;
1111 }
1112
1113 if (!ndisc_parse_options(opt, optlen, &ndopts)) {
1114 ND_PRINTK(2, warn, "RA: invalid ND options\n");
1115 return;
1116 }
1117
1118 if (!ipv6_accept_ra(in6_dev)) {
1119 ND_PRINTK(2, info,
1120 "RA: %s, did not accept ra for dev: %s\n",
1121 __func__, skb->dev->name);
1122 goto skip_linkparms;
1123 }
1124
1125#ifdef CONFIG_IPV6_NDISC_NODETYPE
1126
1127 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1128 ND_PRINTK(2, info,
1129 "RA: %s, nodetype is NODEFAULT, dev: %s\n",
1130 __func__, skb->dev->name);
1131 goto skip_linkparms;
1132 }
1133#endif
1134
1135 if (in6_dev->if_flags & IF_RS_SENT) {
1136
1137
1138
1139
1140 in6_dev->if_flags |= IF_RA_RCVD;
1141 }
1142
1143
1144
1145
1146
1147 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1148 IF_RA_OTHERCONF)) |
1149 (ra_msg->icmph.icmp6_addrconf_managed ?
1150 IF_RA_MANAGED : 0) |
1151 (ra_msg->icmph.icmp6_addrconf_other ?
1152 IF_RA_OTHERCONF : 0);
1153
1154 if (!in6_dev->cnf.accept_ra_defrtr) {
1155 ND_PRINTK(2, info,
1156 "RA: %s, defrtr is false for dev: %s\n",
1157 __func__, skb->dev->name);
1158 goto skip_defrtr;
1159 }
1160
1161
1162
1163
1164 if (!in6_dev->cnf.accept_ra_from_local &&
1165 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
1166 NULL, 0)) {
1167 ND_PRINTK(2, info,
1168 "RA from local address detected on dev: %s: default router ignored\n",
1169 skb->dev->name);
1170 goto skip_defrtr;
1171 }
1172
1173 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1174
1175#ifdef CONFIG_IPV6_ROUTER_PREF
1176 pref = ra_msg->icmph.icmp6_router_pref;
1177
1178 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1179 !in6_dev->cnf.accept_ra_rtr_pref)
1180 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1181#endif
1182
1183 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1184
1185 if (rt) {
1186 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1187 if (!neigh) {
1188 ND_PRINTK(0, err,
1189 "RA: %s got default router without neighbour\n",
1190 __func__);
1191 ip6_rt_put(rt);
1192 return;
1193 }
1194 }
1195 if (rt && lifetime == 0) {
1196 ip6_del_rt(rt);
1197 rt = NULL;
1198 }
1199
1200 ND_PRINTK(3, info, "RA: rt: %p lifetime: %d, for dev: %s\n",
1201 rt, lifetime, skb->dev->name);
1202 if (!rt && lifetime) {
1203 ND_PRINTK(3, info, "RA: adding default router\n");
1204
1205 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
1206 if (!rt) {
1207 ND_PRINTK(0, err,
1208 "RA: %s failed to add default route\n",
1209 __func__);
1210 return;
1211 }
1212
1213 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1214 if (!neigh) {
1215 ND_PRINTK(0, err,
1216 "RA: %s got default router without neighbour\n",
1217 __func__);
1218 ip6_rt_put(rt);
1219 return;
1220 }
1221 neigh->flags |= NTF_ROUTER;
1222 } else if (rt) {
1223 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1224 }
1225
1226 if (rt)
1227 rt6_set_expires(rt, jiffies + (HZ * lifetime));
1228 if (ra_msg->icmph.icmp6_hop_limit) {
1229
1230
1231
1232 if (in6_dev->cnf.hop_limit < ra_msg->icmph.icmp6_hop_limit) {
1233 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1234 } else {
1235 ND_PRINTK(2, warn, "RA: Got route advertisement with lower hop_limit than current\n");
1236 }
1237 if (rt)
1238 dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
1239 ra_msg->icmph.icmp6_hop_limit);
1240 }
1241
1242skip_defrtr:
1243
1244
1245
1246
1247
1248 if (in6_dev->nd_parms) {
1249 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1250
1251 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1252 rtime = (rtime*HZ)/1000;
1253 if (rtime < HZ/10)
1254 rtime = HZ/10;
1255 NEIGH_VAR_SET(in6_dev->nd_parms, RETRANS_TIME, rtime);
1256 in6_dev->tstamp = jiffies;
1257 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1258 }
1259
1260 rtime = ntohl(ra_msg->reachable_time);
1261 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1262 rtime = (rtime*HZ)/1000;
1263
1264 if (rtime < HZ/10)
1265 rtime = HZ/10;
1266
1267 if (rtime != NEIGH_VAR(in6_dev->nd_parms, BASE_REACHABLE_TIME)) {
1268 NEIGH_VAR_SET(in6_dev->nd_parms,
1269 BASE_REACHABLE_TIME, rtime);
1270 NEIGH_VAR_SET(in6_dev->nd_parms,
1271 GC_STALETIME, 3 * rtime);
1272 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1273 in6_dev->tstamp = jiffies;
1274 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1275 }
1276 }
1277 }
1278
1279skip_linkparms:
1280
1281
1282
1283
1284
1285 if (!neigh)
1286 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1287 skb->dev, 1);
1288 if (neigh) {
1289 u8 *lladdr = NULL;
1290 if (ndopts.nd_opts_src_lladdr) {
1291 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1292 skb->dev);
1293 if (!lladdr) {
1294 ND_PRINTK(2, warn,
1295 "RA: invalid link-layer address length\n");
1296 goto out;
1297 }
1298 }
1299 neigh_update(neigh, lladdr, NUD_STALE,
1300 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1301 NEIGH_UPDATE_F_OVERRIDE|
1302 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1303 NEIGH_UPDATE_F_ISROUTER);
1304 }
1305
1306 if (!ipv6_accept_ra(in6_dev)) {
1307 ND_PRINTK(2, info,
1308 "RA: %s, accept_ra is false for dev: %s\n",
1309 __func__, skb->dev->name);
1310 goto out;
1311 }
1312
1313#ifdef CONFIG_IPV6_ROUTE_INFO
1314 if (!in6_dev->cnf.accept_ra_from_local &&
1315 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
1316 NULL, 0)) {
1317 ND_PRINTK(2, info,
1318 "RA from local address detected on dev: %s: router info ignored.\n",
1319 skb->dev->name);
1320 goto skip_routeinfo;
1321 }
1322
1323 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1324 struct nd_opt_hdr *p;
1325 for (p = ndopts.nd_opts_ri;
1326 p;
1327 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1328 struct route_info *ri = (struct route_info *)p;
1329#ifdef CONFIG_IPV6_NDISC_NODETYPE
1330 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1331 ri->prefix_len == 0)
1332 continue;
1333#endif
1334 if (ri->prefix_len == 0 &&
1335 !in6_dev->cnf.accept_ra_defrtr)
1336 continue;
1337 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1338 continue;
1339 rt6_route_rcv(skb->dev, (u8 *)p, (p->nd_opt_len) << 3,
1340 &ipv6_hdr(skb)->saddr);
1341 }
1342 }
1343
1344skip_routeinfo:
1345#endif
1346
1347#ifdef CONFIG_IPV6_NDISC_NODETYPE
1348
1349 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1350 ND_PRINTK(2, info,
1351 "RA: %s, nodetype is NODEFAULT (interior routes), dev: %s\n",
1352 __func__, skb->dev->name);
1353 goto out;
1354 }
1355#endif
1356
1357 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1358 struct nd_opt_hdr *p;
1359 for (p = ndopts.nd_opts_pi;
1360 p;
1361 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1362 addrconf_prefix_rcv(skb->dev, (u8 *)p,
1363 (p->nd_opt_len) << 3,
1364 ndopts.nd_opts_src_lladdr != NULL);
1365 }
1366 }
1367
1368 if (ndopts.nd_opts_mtu && in6_dev->cnf.accept_ra_mtu) {
1369 __be32 n;
1370 u32 mtu;
1371
1372 memcpy(&n, ((u8 *)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1373 mtu = ntohl(n);
1374
1375 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1376 ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1377 } else if (in6_dev->cnf.mtu6 != mtu) {
1378 in6_dev->cnf.mtu6 = mtu;
1379
1380 if (rt)
1381 dst_metric_set(&rt->dst, RTAX_MTU, mtu);
1382
1383 rt6_mtu_change(skb->dev, mtu);
1384 }
1385 }
1386
1387 if (ndopts.nd_useropts) {
1388 struct nd_opt_hdr *p;
1389 for (p = ndopts.nd_useropts;
1390 p;
1391 p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) {
1392 ndisc_ra_useropt(skb, p);
1393 }
1394 }
1395
1396 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1397 ND_PRINTK(2, warn, "RA: invalid RA options\n");
1398 }
1399out:
1400 ip6_rt_put(rt);
1401 if (neigh)
1402 neigh_release(neigh);
1403}
1404
1405static void ndisc_redirect_rcv(struct sk_buff *skb)
1406{
1407 u8 *hdr;
1408 struct ndisc_options ndopts;
1409 struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb);
1410 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
1411 offsetof(struct rd_msg, opt));
1412
1413#ifdef CONFIG_IPV6_NDISC_NODETYPE
1414 switch (skb->ndisc_nodetype) {
1415 case NDISC_NODETYPE_HOST:
1416 case NDISC_NODETYPE_NODEFAULT:
1417 ND_PRINTK(2, warn,
1418 "Redirect: from host or unauthorized router\n");
1419 return;
1420 }
1421#endif
1422
1423 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1424 ND_PRINTK(2, warn,
1425 "Redirect: source address is not link-local\n");
1426 return;
1427 }
1428
1429 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts))
1430 return;
1431
1432 if (!ndopts.nd_opts_rh) {
1433 ip6_redirect_no_header(skb, dev_net(skb->dev),
1434 skb->dev->ifindex, 0);
1435 return;
1436 }
1437
1438 hdr = (u8 *)ndopts.nd_opts_rh;
1439 hdr += 8;
1440 if (!pskb_pull(skb, hdr - skb_transport_header(skb)))
1441 return;
1442
1443 icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1444}
1445
1446static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb,
1447 struct sk_buff *orig_skb,
1448 int rd_len)
1449{
1450 u8 *opt = skb_put(skb, rd_len);
1451
1452 memset(opt, 0, 8);
1453 *(opt++) = ND_OPT_REDIRECT_HDR;
1454 *(opt++) = (rd_len >> 3);
1455 opt += 6;
1456
1457 memcpy(opt, ipv6_hdr(orig_skb), rd_len - 8);
1458}
1459
1460void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1461{
1462 struct net_device *dev = skb->dev;
1463 struct net *net = dev_net(dev);
1464 struct sock *sk = net->ipv6.ndisc_sk;
1465 int optlen = 0;
1466 struct inet_peer *peer;
1467 struct sk_buff *buff;
1468 struct rd_msg *msg;
1469 struct in6_addr saddr_buf;
1470 struct rt6_info *rt;
1471 struct dst_entry *dst;
1472 struct flowi6 fl6;
1473 int rd_len;
1474 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL;
1475 bool ret;
1476
1477 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1478 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1479 dev->name);
1480 return;
1481 }
1482
1483 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1484 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1485 ND_PRINTK(2, warn,
1486 "Redirect: target address is not link-local unicast\n");
1487 return;
1488 }
1489
1490 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1491 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1492
1493 dst = ip6_route_output(net, NULL, &fl6);
1494 if (dst->error) {
1495 dst_release(dst);
1496 return;
1497 }
1498 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1499 if (IS_ERR(dst))
1500 return;
1501
1502 rt = (struct rt6_info *) dst;
1503
1504 if (rt->rt6i_flags & RTF_GATEWAY) {
1505 ND_PRINTK(2, warn,
1506 "Redirect: destination is not a neighbour\n");
1507 goto release;
1508 }
1509 peer = inet_getpeer_v6(net->ipv6.peers, &rt->rt6i_dst.addr, 1);
1510 ret = inet_peer_xrlim_allow(peer, 1*HZ);
1511 if (peer)
1512 inet_putpeer(peer);
1513 if (!ret)
1514 goto release;
1515
1516 if (dev->addr_len) {
1517 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1518 if (!neigh) {
1519 ND_PRINTK(2, warn,
1520 "Redirect: no neigh for target address\n");
1521 goto release;
1522 }
1523
1524 read_lock_bh(&neigh->lock);
1525 if (neigh->nud_state & NUD_VALID) {
1526 memcpy(ha_buf, neigh->ha, dev->addr_len);
1527 read_unlock_bh(&neigh->lock);
1528 ha = ha_buf;
1529 optlen += ndisc_opt_addr_space(dev);
1530 } else
1531 read_unlock_bh(&neigh->lock);
1532
1533 neigh_release(neigh);
1534 }
1535
1536 rd_len = min_t(unsigned int,
1537 IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen,
1538 skb->len + 8);
1539 rd_len &= ~0x7;
1540 optlen += rd_len;
1541
1542 buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
1543 if (!buff)
1544 goto release;
1545
1546 msg = (struct rd_msg *)skb_put(buff, sizeof(*msg));
1547 *msg = (struct rd_msg) {
1548 .icmph = {
1549 .icmp6_type = NDISC_REDIRECT,
1550 },
1551 .target = *target,
1552 .dest = ipv6_hdr(skb)->daddr,
1553 };
1554
1555
1556
1557
1558
1559 if (ha)
1560 ndisc_fill_addr_option(buff, ND_OPT_TARGET_LL_ADDR, ha);
1561
1562
1563
1564
1565
1566 if (rd_len)
1567 ndisc_fill_redirect_hdr_option(buff, skb, rd_len);
1568
1569 skb_dst_set(buff, dst);
1570 ndisc_send_skb(buff, &ipv6_hdr(skb)->saddr, &saddr_buf);
1571 return;
1572
1573release:
1574 dst_release(dst);
1575}
1576
1577static void pndisc_redo(struct sk_buff *skb)
1578{
1579 ndisc_recv_ns(skb);
1580 kfree_skb(skb);
1581}
1582
1583static bool ndisc_suppress_frag_ndisc(struct sk_buff *skb)
1584{
1585 struct inet6_dev *idev = __in6_dev_get(skb->dev);
1586
1587 if (!idev)
1588 return true;
1589 if (IP6CB(skb)->flags & IP6SKB_FRAGMENTED &&
1590 idev->cnf.suppress_frag_ndisc) {
1591 net_warn_ratelimited("Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.\n");
1592 return true;
1593 }
1594 return false;
1595}
1596
1597int ndisc_rcv(struct sk_buff *skb)
1598{
1599 struct nd_msg *msg;
1600
1601 if (ndisc_suppress_frag_ndisc(skb))
1602 return 0;
1603
1604 if (skb_linearize(skb))
1605 return 0;
1606
1607 msg = (struct nd_msg *)skb_transport_header(skb);
1608
1609 __skb_push(skb, skb->data - skb_transport_header(skb));
1610
1611 if (ipv6_hdr(skb)->hop_limit != 255) {
1612 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1613 ipv6_hdr(skb)->hop_limit);
1614 return 0;
1615 }
1616
1617 if (msg->icmph.icmp6_code != 0) {
1618 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1619 msg->icmph.icmp6_code);
1620 return 0;
1621 }
1622
1623 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1624
1625 switch (msg->icmph.icmp6_type) {
1626 case NDISC_NEIGHBOUR_SOLICITATION:
1627 ndisc_recv_ns(skb);
1628 break;
1629
1630 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1631 ndisc_recv_na(skb);
1632 break;
1633
1634 case NDISC_ROUTER_SOLICITATION:
1635 ndisc_recv_rs(skb);
1636 break;
1637
1638 case NDISC_ROUTER_ADVERTISEMENT:
1639 ndisc_router_discovery(skb);
1640 break;
1641
1642 case NDISC_REDIRECT:
1643 ndisc_redirect_rcv(skb);
1644 break;
1645 }
1646
1647 return 0;
1648}
1649
1650static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1651{
1652 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1653 struct net *net = dev_net(dev);
1654 struct inet6_dev *idev;
1655
1656 switch (event) {
1657 case NETDEV_CHANGEADDR:
1658 neigh_changeaddr(&nd_tbl, dev);
1659 fib6_run_gc(0, net, false);
1660 idev = in6_dev_get(dev);
1661 if (!idev)
1662 break;
1663 if (idev->cnf.ndisc_notify)
1664 ndisc_send_unsol_na(dev);
1665 in6_dev_put(idev);
1666 break;
1667 case NETDEV_DOWN:
1668 neigh_ifdown(&nd_tbl, dev);
1669 fib6_run_gc(0, net, false);
1670 break;
1671 case NETDEV_NOTIFY_PEERS:
1672 ndisc_send_unsol_na(dev);
1673 break;
1674 default:
1675 break;
1676 }
1677
1678 return NOTIFY_DONE;
1679}
1680
1681static struct notifier_block ndisc_netdev_notifier = {
1682 .notifier_call = ndisc_netdev_event,
1683};
1684
1685#ifdef CONFIG_SYSCTL
1686static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1687 const char *func, const char *dev_name)
1688{
1689 static char warncomm[TASK_COMM_LEN];
1690 static int warned;
1691 if (strcmp(warncomm, current->comm) && warned < 5) {
1692 strcpy(warncomm, current->comm);
1693 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1694 warncomm, func,
1695 dev_name, ctl->procname,
1696 dev_name, ctl->procname);
1697 warned++;
1698 }
1699}
1700
1701int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
1702{
1703 struct net_device *dev = ctl->extra1;
1704 struct inet6_dev *idev;
1705 int ret;
1706
1707 if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1708 (strcmp(ctl->procname, "base_reachable_time") == 0))
1709 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1710
1711 if (strcmp(ctl->procname, "retrans_time") == 0)
1712 ret = neigh_proc_dointvec(ctl, write, buffer, lenp, ppos);
1713
1714 else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1715 ret = neigh_proc_dointvec_jiffies(ctl, write,
1716 buffer, lenp, ppos);
1717
1718 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1719 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1720 ret = neigh_proc_dointvec_ms_jiffies(ctl, write,
1721 buffer, lenp, ppos);
1722 else
1723 ret = -1;
1724
1725 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1726 if (ctl->data == &NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME))
1727 idev->nd_parms->reachable_time =
1728 neigh_rand_reach_time(NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME));
1729 idev->tstamp = jiffies;
1730 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1731 in6_dev_put(idev);
1732 }
1733 return ret;
1734}
1735
1736
1737#endif
1738
1739static int __net_init ndisc_net_init(struct net *net)
1740{
1741 struct ipv6_pinfo *np;
1742 struct sock *sk;
1743 int err;
1744
1745 err = inet_ctl_sock_create(&sk, PF_INET6,
1746 SOCK_RAW, IPPROTO_ICMPV6, net);
1747 if (err < 0) {
1748 ND_PRINTK(0, err,
1749 "NDISC: Failed to initialize the control socket (err %d)\n",
1750 err);
1751 return err;
1752 }
1753
1754 net->ipv6.ndisc_sk = sk;
1755
1756 np = inet6_sk(sk);
1757 np->hop_limit = 255;
1758
1759 np->mc_loop = 0;
1760
1761 return 0;
1762}
1763
1764static void __net_exit ndisc_net_exit(struct net *net)
1765{
1766 inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1767}
1768
1769static struct pernet_operations ndisc_net_ops = {
1770 .init = ndisc_net_init,
1771 .exit = ndisc_net_exit,
1772};
1773
1774int __init ndisc_init(void)
1775{
1776 int err;
1777
1778 err = register_pernet_subsys(&ndisc_net_ops);
1779 if (err)
1780 return err;
1781
1782
1783
1784 neigh_table_init(NEIGH_ND_TABLE, &nd_tbl);
1785
1786#ifdef CONFIG_SYSCTL
1787 err = neigh_sysctl_register(NULL, &nd_tbl.parms,
1788 ndisc_ifinfo_sysctl_change);
1789 if (err)
1790 goto out_unregister_pernet;
1791out:
1792#endif
1793 return err;
1794
1795#ifdef CONFIG_SYSCTL
1796out_unregister_pernet:
1797 unregister_pernet_subsys(&ndisc_net_ops);
1798 goto out;
1799#endif
1800}
1801
1802int __init ndisc_late_init(void)
1803{
1804 return register_netdevice_notifier(&ndisc_netdev_notifier);
1805}
1806
1807void ndisc_late_cleanup(void)
1808{
1809 unregister_netdevice_notifier(&ndisc_netdev_notifier);
1810}
1811
1812void ndisc_cleanup(void)
1813{
1814#ifdef CONFIG_SYSCTL
1815 neigh_sysctl_unregister(&nd_tbl.parms);
1816#endif
1817 neigh_table_clear(NEIGH_ND_TABLE, &nd_tbl);
1818 unregister_pernet_subsys(&ndisc_net_ops);
1819}
1820
