1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30#define pr_fmt(fmt) "ICMPv6: " fmt
31
32#include <linux/module.h>
33#include <linux/errno.h>
34#include <linux/types.h>
35#include <linux/socket.h>
36#include <linux/sockios.h>
37#include <linux/sched.h>
38#include <linux/net.h>
39#include <linux/in6.h>
40#include <linux/route.h>
41#include <linux/init.h>
42#include <linux/rcupdate.h>
43#include <linux/slab.h>
44#ifdef CONFIG_SYSCTL
45#include <linux/sysctl.h>
46#endif
47
48#include <linux/if_addr.h>
49#include <linux/if_ether.h>
50#include <linux/if_arp.h>
51#include <linux/ipv6.h>
52#include <linux/icmpv6.h>
53#include <linux/jhash.h>
54
55#include <net/sock.h>
56#include <net/snmp.h>
57
58#include <net/ipv6.h>
59#include <net/protocol.h>
60#include <net/ndisc.h>
61#include <net/ip6_route.h>
62#include <net/addrconf.h>
63#include <net/icmp.h>
64
65#include <net/netlink.h>
66#include <linux/rtnetlink.h>
67
68#include <net/flow.h>
69#include <net/ip6_checksum.h>
70#include <net/inet_common.h>
71#include <linux/proc_fs.h>
72
73#include <linux/netfilter.h>
74#include <linux/netfilter_ipv6.h>
75
76static u32 ndisc_hash(const void *pkey,
77 const struct net_device *dev,
78 __u32 *hash_rnd);
79static bool ndisc_key_eq(const struct neighbour *neigh, const void *pkey);
80static int ndisc_constructor(struct neighbour *neigh);
81static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
82static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
83static int pndisc_constructor(struct pneigh_entry *n);
84static void pndisc_destructor(struct pneigh_entry *n);
85static void pndisc_redo(struct sk_buff *skb);
86
87static const struct neigh_ops ndisc_generic_ops = {
88 .family = AF_INET6,
89 .solicit = ndisc_solicit,
90 .error_report = ndisc_error_report,
91 .output = neigh_resolve_output,
92 .connected_output = neigh_connected_output,
93};
94
95static const struct neigh_ops ndisc_hh_ops = {
96 .family = AF_INET6,
97 .solicit = ndisc_solicit,
98 .error_report = ndisc_error_report,
99 .output = neigh_resolve_output,
100 .connected_output = neigh_resolve_output,
101};
102
103
104static const struct neigh_ops ndisc_direct_ops = {
105 .family = AF_INET6,
106 .output = neigh_direct_output,
107 .connected_output = neigh_direct_output,
108};
109
110struct neigh_table nd_tbl = {
111 .family = AF_INET6,
112 .key_len = sizeof(struct in6_addr),
113 .protocol = cpu_to_be16(ETH_P_IPV6),
114 .hash = ndisc_hash,
115 .key_eq = ndisc_key_eq,
116 .constructor = ndisc_constructor,
117 .pconstructor = pndisc_constructor,
118 .pdestructor = pndisc_destructor,
119 .proxy_redo = pndisc_redo,
120 .id = "ndisc_cache",
121 .parms = {
122 .tbl = &nd_tbl,
123 .reachable_time = ND_REACHABLE_TIME,
124 .data = {
125 [NEIGH_VAR_MCAST_PROBES] = 3,
126 [NEIGH_VAR_UCAST_PROBES] = 3,
127 [NEIGH_VAR_RETRANS_TIME] = ND_RETRANS_TIMER,
128 [NEIGH_VAR_BASE_REACHABLE_TIME] = ND_REACHABLE_TIME,
129 [NEIGH_VAR_DELAY_PROBE_TIME] = 5 * HZ,
130 [NEIGH_VAR_GC_STALETIME] = 60 * HZ,
131 [NEIGH_VAR_QUEUE_LEN_BYTES] = SK_WMEM_MAX,
132 [NEIGH_VAR_PROXY_QLEN] = 64,
133 [NEIGH_VAR_ANYCAST_DELAY] = 1 * HZ,
134 [NEIGH_VAR_PROXY_DELAY] = (8 * HZ) / 10,
135 },
136 },
137 .gc_interval = 30 * HZ,
138 .gc_thresh1 = 128,
139 .gc_thresh2 = 512,
140 .gc_thresh3 = 1024,
141};
142EXPORT_SYMBOL_GPL(nd_tbl);
143
144void __ndisc_fill_addr_option(struct sk_buff *skb, int type, void *data,
145 int data_len, int pad)
146{
147 int space = __ndisc_opt_addr_space(data_len, pad);
148 u8 *opt = skb_put(skb, space);
149
150 opt[0] = type;
151 opt[1] = space>>3;
152
153 memset(opt + 2, 0, pad);
154 opt += pad;
155 space -= pad;
156
157 memcpy(opt+2, data, data_len);
158 data_len += 2;
159 opt += data_len;
160 space -= data_len;
161 if (space > 0)
162 memset(opt, 0, space);
163}
164EXPORT_SYMBOL_GPL(__ndisc_fill_addr_option);
165
166static inline void ndisc_fill_addr_option(struct sk_buff *skb, int type,
167 void *data, u8 icmp6_type)
168{
169 __ndisc_fill_addr_option(skb, type, data, skb->dev->addr_len,
170 ndisc_addr_option_pad(skb->dev->type));
171 ndisc_ops_fill_addr_option(skb->dev, skb, icmp6_type);
172}
173
174static inline void ndisc_fill_redirect_addr_option(struct sk_buff *skb,
175 void *ha,
176 const u8 *ops_data)
177{
178 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR, ha, NDISC_REDIRECT);
179 ndisc_ops_fill_redirect_addr_option(skb->dev, skb, ops_data);
180}
181
182static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
183 struct nd_opt_hdr *end)
184{
185 int type;
186 if (!cur || !end || cur >= end)
187 return NULL;
188 type = cur->nd_opt_type;
189 do {
190 cur = ((void *)cur) + (cur->nd_opt_len << 3);
191 } while (cur < end && cur->nd_opt_type != type);
192 return cur <= end && cur->nd_opt_type == type ? cur : NULL;
193}
194
195static inline int ndisc_is_useropt(const struct net_device *dev,
196 struct nd_opt_hdr *opt)
197{
198 return opt->nd_opt_type == ND_OPT_RDNSS ||
199 opt->nd_opt_type == ND_OPT_DNSSL ||
200 ndisc_ops_is_useropt(dev, opt->nd_opt_type);
201}
202
203static struct nd_opt_hdr *ndisc_next_useropt(const struct net_device *dev,
204 struct nd_opt_hdr *cur,
205 struct nd_opt_hdr *end)
206{
207 if (!cur || !end || cur >= end)
208 return NULL;
209 do {
210 cur = ((void *)cur) + (cur->nd_opt_len << 3);
211 } while (cur < end && !ndisc_is_useropt(dev, cur));
212 return cur <= end && ndisc_is_useropt(dev, cur) ? cur : NULL;
213}
214
215struct ndisc_options *ndisc_parse_options(const struct net_device *dev,
216 u8 *opt, int opt_len,
217 struct ndisc_options *ndopts)
218{
219 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
220
221 if (!nd_opt || opt_len < 0 || !ndopts)
222 return NULL;
223 memset(ndopts, 0, sizeof(*ndopts));
224 while (opt_len) {
225 int l;
226 if (opt_len < sizeof(struct nd_opt_hdr))
227 return NULL;
228 l = nd_opt->nd_opt_len << 3;
229 if (opt_len < l || l == 0)
230 return NULL;
231 if (ndisc_ops_parse_options(dev, nd_opt, ndopts))
232 goto next_opt;
233 switch (nd_opt->nd_opt_type) {
234 case ND_OPT_SOURCE_LL_ADDR:
235 case ND_OPT_TARGET_LL_ADDR:
236 case ND_OPT_MTU:
237 case ND_OPT_NONCE:
238 case ND_OPT_REDIRECT_HDR:
239 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
240 ND_PRINTK(2, warn,
241 "%s: duplicated ND6 option found: type=%d\n",
242 __func__, nd_opt->nd_opt_type);
243 } else {
244 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
245 }
246 break;
247 case ND_OPT_PREFIX_INFO:
248 ndopts->nd_opts_pi_end = nd_opt;
249 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
250 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
251 break;
252#ifdef CONFIG_IPV6_ROUTE_INFO
253 case ND_OPT_ROUTE_INFO:
254 ndopts->nd_opts_ri_end = nd_opt;
255 if (!ndopts->nd_opts_ri)
256 ndopts->nd_opts_ri = nd_opt;
257 break;
258#endif
259 default:
260 if (ndisc_is_useropt(dev, nd_opt)) {
261 ndopts->nd_useropts_end = nd_opt;
262 if (!ndopts->nd_useropts)
263 ndopts->nd_useropts = nd_opt;
264 } else {
265
266
267
268
269
270 ND_PRINTK(2, notice,
271 "%s: ignored unsupported option; type=%d, len=%d\n",
272 __func__,
273 nd_opt->nd_opt_type,
274 nd_opt->nd_opt_len);
275 }
276 }
277next_opt:
278 opt_len -= l;
279 nd_opt = ((void *)nd_opt) + l;
280 }
281 return ndopts;
282}
283
284int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
285{
286 switch (dev->type) {
287 case ARPHRD_ETHER:
288 case ARPHRD_IEEE802:
289 case ARPHRD_FDDI:
290 ipv6_eth_mc_map(addr, buf);
291 return 0;
292 case ARPHRD_ARCNET:
293 ipv6_arcnet_mc_map(addr, buf);
294 return 0;
295 case ARPHRD_INFINIBAND:
296 ipv6_ib_mc_map(addr, dev->broadcast, buf);
297 return 0;
298 case ARPHRD_IPGRE:
299 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
300 default:
301 if (dir) {
302 memcpy(buf, dev->broadcast, dev->addr_len);
303 return 0;
304 }
305 }
306 return -EINVAL;
307}
308EXPORT_SYMBOL(ndisc_mc_map);
309
310static u32 ndisc_hash(const void *pkey,
311 const struct net_device *dev,
312 __u32 *hash_rnd)
313{
314 return ndisc_hashfn(pkey, dev, hash_rnd);
315}
316
317static bool ndisc_key_eq(const struct neighbour *n, const void *pkey)
318{
319 return neigh_key_eq128(n, pkey);
320}
321
322static int ndisc_constructor(struct neighbour *neigh)
323{
324 struct in6_addr *addr = (struct in6_addr *)&neigh->primary_key;
325 struct net_device *dev = neigh->dev;
326 struct inet6_dev *in6_dev;
327 struct neigh_parms *parms;
328 bool is_multicast = ipv6_addr_is_multicast(addr);
329
330 in6_dev = in6_dev_get(dev);
331 if (!in6_dev) {
332 return -EINVAL;
333 }
334
335 parms = in6_dev->nd_parms;
336 __neigh_parms_put(neigh->parms);
337 neigh->parms = neigh_parms_clone(parms);
338
339 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
340 if (!dev->header_ops) {
341 neigh->nud_state = NUD_NOARP;
342 neigh->ops = &ndisc_direct_ops;
343 neigh->output = neigh_direct_output;
344 } else {
345 if (is_multicast) {
346 neigh->nud_state = NUD_NOARP;
347 ndisc_mc_map(addr, neigh->ha, dev, 1);
348 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
349 neigh->nud_state = NUD_NOARP;
350 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
351 if (dev->flags&IFF_LOOPBACK)
352 neigh->type = RTN_LOCAL;
353 } else if (dev->flags&IFF_POINTOPOINT) {
354 neigh->nud_state = NUD_NOARP;
355 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
356 }
357 if (dev->header_ops->cache)
358 neigh->ops = &ndisc_hh_ops;
359 else
360 neigh->ops = &ndisc_generic_ops;
361 if (neigh->nud_state&NUD_VALID)
362 neigh->output = neigh->ops->connected_output;
363 else
364 neigh->output = neigh->ops->output;
365 }
366 in6_dev_put(in6_dev);
367 return 0;
368}
369
370static int pndisc_constructor(struct pneigh_entry *n)
371{
372 struct in6_addr *addr = (struct in6_addr *)&n->key;
373 struct in6_addr maddr;
374 struct net_device *dev = n->dev;
375
376 if (!dev || !__in6_dev_get(dev))
377 return -EINVAL;
378 addrconf_addr_solict_mult(addr, &maddr);
379 ipv6_dev_mc_inc(dev, &maddr);
380 return 0;
381}
382
383static void pndisc_destructor(struct pneigh_entry *n)
384{
385 struct in6_addr *addr = (struct in6_addr *)&n->key;
386 struct in6_addr maddr;
387 struct net_device *dev = n->dev;
388
389 if (!dev || !__in6_dev_get(dev))
390 return;
391 addrconf_addr_solict_mult(addr, &maddr);
392 ipv6_dev_mc_dec(dev, &maddr);
393}
394
395static struct sk_buff *ndisc_alloc_skb(struct net_device *dev,
396 int len)
397{
398 int hlen = LL_RESERVED_SPACE(dev);
399 int tlen = dev->needed_tailroom;
400 struct sock *sk = dev_net(dev)->ipv6.ndisc_sk;
401 struct sk_buff *skb;
402
403 skb = alloc_skb(hlen + sizeof(struct ipv6hdr) + len + tlen, GFP_ATOMIC);
404 if (!skb) {
405 ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb\n",
406 __func__);
407 return NULL;
408 }
409
410 skb->protocol = htons(ETH_P_IPV6);
411 skb->dev = dev;
412
413 skb_reserve(skb, hlen + sizeof(struct ipv6hdr));
414 skb_reset_transport_header(skb);
415
416
417
418
419 skb_set_owner_w(skb, sk);
420
421 return skb;
422}
423
424static void ip6_nd_hdr(struct sk_buff *skb,
425 const struct in6_addr *saddr,
426 const struct in6_addr *daddr,
427 int hop_limit, int len)
428{
429 struct ipv6hdr *hdr;
430 struct inet6_dev *idev;
431 unsigned tclass;
432
433 rcu_read_lock();
434 idev = __in6_dev_get(skb->dev);
435 tclass = idev ? idev->cnf.ndisc_tclass : 0;
436 rcu_read_unlock();
437
438 skb_push(skb, sizeof(*hdr));
439 skb_reset_network_header(skb);
440 hdr = ipv6_hdr(skb);
441
442 ip6_flow_hdr(hdr, tclass, 0);
443
444 hdr->payload_len = htons(len);
445 hdr->nexthdr = IPPROTO_ICMPV6;
446 hdr->hop_limit = hop_limit;
447
448 hdr->saddr = *saddr;
449 hdr->daddr = *daddr;
450}
451
452static void ndisc_send_skb(struct sk_buff *skb,
453 const struct in6_addr *daddr,
454 const struct in6_addr *saddr)
455{
456 struct dst_entry *dst = skb_dst(skb);
457 struct net *net = dev_net(skb->dev);
458 struct sock *sk = net->ipv6.ndisc_sk;
459 struct inet6_dev *idev;
460 int err;
461 struct icmp6hdr *icmp6h = icmp6_hdr(skb);
462 u8 type;
463
464 type = icmp6h->icmp6_type;
465
466 if (!dst) {
467 struct flowi6 fl6;
468 int oif = skb->dev->ifindex;
469
470 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, oif);
471 dst = icmp6_dst_alloc(skb->dev, &fl6);
472 if (IS_ERR(dst)) {
473 kfree_skb(skb);
474 return;
475 }
476
477 skb_dst_set(skb, dst);
478 }
479
480 icmp6h->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len,
481 IPPROTO_ICMPV6,
482 csum_partial(icmp6h,
483 skb->len, 0));
484
485 ip6_nd_hdr(skb, saddr, daddr, inet6_sk(sk)->hop_limit, skb->len);
486
487 rcu_read_lock();
488 idev = __in6_dev_get(dst->dev);
489 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
490
491 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT,
492 net, sk, skb, NULL, dst->dev,
493 dst_output);
494 if (!err) {
495 ICMP6MSGOUT_INC_STATS(net, idev, type);
496 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
497 }
498
499 rcu_read_unlock();
500}
501
502void ndisc_send_na(struct net_device *dev, const struct in6_addr *daddr,
503 const struct in6_addr *solicited_addr,
504 bool router, bool solicited, bool override, bool inc_opt)
505{
506 struct sk_buff *skb;
507 struct in6_addr tmpaddr;
508 struct inet6_ifaddr *ifp;
509 const struct in6_addr *src_addr;
510 struct nd_msg *msg;
511 int optlen = 0;
512
513
514 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
515 if (ifp) {
516 src_addr = solicited_addr;
517 if (ifp->flags & IFA_F_OPTIMISTIC)
518 override = false;
519 inc_opt |= ifp->idev->cnf.force_tllao;
520 in6_ifa_put(ifp);
521 } else {
522 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
523 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
524 &tmpaddr))
525 return;
526 src_addr = &tmpaddr;
527 }
528
529 if (!dev->addr_len)
530 inc_opt = false;
531 if (inc_opt)
532 optlen += ndisc_opt_addr_space(dev,
533 NDISC_NEIGHBOUR_ADVERTISEMENT);
534
535 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
536 if (!skb)
537 return;
538
539 msg = skb_put(skb, sizeof(*msg));
540 *msg = (struct nd_msg) {
541 .icmph = {
542 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
543 .icmp6_router = router,
544 .icmp6_solicited = solicited,
545 .icmp6_override = override,
546 },
547 .target = *solicited_addr,
548 };
549
550 if (inc_opt)
551 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR,
552 dev->dev_addr,
553 NDISC_NEIGHBOUR_ADVERTISEMENT);
554
555 ndisc_send_skb(skb, daddr, src_addr);
556}
557
558static void ndisc_send_unsol_na(struct net_device *dev)
559{
560 struct inet6_dev *idev;
561 struct inet6_ifaddr *ifa;
562
563 idev = in6_dev_get(dev);
564 if (!idev)
565 return;
566
567 read_lock_bh(&idev->lock);
568 list_for_each_entry(ifa, &idev->addr_list, if_list) {
569
570 if (ifa->flags & IFA_F_TENTATIVE &&
571 !(ifa->flags & IFA_F_OPTIMISTIC))
572 continue;
573
574 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &ifa->addr,
575 !!idev->cnf.forwarding,
576 false, true,
577 true);
578 }
579 read_unlock_bh(&idev->lock);
580
581 in6_dev_put(idev);
582}
583
584void ndisc_send_ns(struct net_device *dev, const struct in6_addr *solicit,
585 const struct in6_addr *daddr, const struct in6_addr *saddr,
586 u64 nonce)
587{
588 struct sk_buff *skb;
589 struct in6_addr addr_buf;
590 int inc_opt = dev->addr_len;
591 int optlen = 0;
592 struct nd_msg *msg;
593
594 if (!saddr) {
595 if (ipv6_get_lladdr(dev, &addr_buf,
596 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
597 return;
598 saddr = &addr_buf;
599 }
600
601 if (ipv6_addr_any(saddr))
602 inc_opt = false;
603 if (inc_opt)
604 optlen += ndisc_opt_addr_space(dev,
605 NDISC_NEIGHBOUR_SOLICITATION);
606 if (nonce != 0)
607 optlen += 8;
608
609 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
610 if (!skb)
611 return;
612
613 msg = skb_put(skb, sizeof(*msg));
614 *msg = (struct nd_msg) {
615 .icmph = {
616 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
617 },
618 .target = *solicit,
619 };
620
621 if (inc_opt)
622 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
623 dev->dev_addr,
624 NDISC_NEIGHBOUR_SOLICITATION);
625 if (nonce != 0) {
626 u8 *opt = skb_put(skb, 8);
627
628 opt[0] = ND_OPT_NONCE;
629 opt[1] = 8 >> 3;
630 memcpy(opt + 2, &nonce, 6);
631 }
632
633 ndisc_send_skb(skb, daddr, saddr);
634}
635
636void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
637 const struct in6_addr *daddr)
638{
639 struct sk_buff *skb;
640 struct rs_msg *msg;
641 int send_sllao = dev->addr_len;
642 int optlen = 0;
643
644#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
645
646
647
648
649
650
651
652
653 if (send_sllao) {
654 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
655 dev, 1);
656 if (ifp) {
657 if (ifp->flags & IFA_F_OPTIMISTIC) {
658 send_sllao = 0;
659 }
660 in6_ifa_put(ifp);
661 } else {
662 send_sllao = 0;
663 }
664 }
665#endif
666 if (send_sllao)
667 optlen += ndisc_opt_addr_space(dev, NDISC_ROUTER_SOLICITATION);
668
669 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
670 if (!skb)
671 return;
672
673 msg = skb_put(skb, sizeof(*msg));
674 *msg = (struct rs_msg) {
675 .icmph = {
676 .icmp6_type = NDISC_ROUTER_SOLICITATION,
677 },
678 };
679
680 if (send_sllao)
681 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
682 dev->dev_addr,
683 NDISC_ROUTER_SOLICITATION);
684
685 ndisc_send_skb(skb, daddr, saddr);
686}
687
688
689static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
690{
691
692
693
694
695 dst_link_failure(skb);
696 kfree_skb(skb);
697}
698
699
700
701static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
702{
703 struct in6_addr *saddr = NULL;
704 struct in6_addr mcaddr;
705 struct net_device *dev = neigh->dev;
706 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
707 int probes = atomic_read(&neigh->probes);
708
709 if (skb && ipv6_chk_addr_and_flags(dev_net(dev), &ipv6_hdr(skb)->saddr,
710 dev, false, 1,
711 IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))
712 saddr = &ipv6_hdr(skb)->saddr;
713 probes -= NEIGH_VAR(neigh->parms, UCAST_PROBES);
714 if (probes < 0) {
715 if (!(neigh->nud_state & NUD_VALID)) {
716 ND_PRINTK(1, dbg,
717 "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
718 __func__, target);
719 }
720 ndisc_send_ns(dev, target, target, saddr, 0);
721 } else if ((probes -= NEIGH_VAR(neigh->parms, APP_PROBES)) < 0) {
722 neigh_app_ns(neigh);
723 } else {
724 addrconf_addr_solict_mult(target, &mcaddr);
725 ndisc_send_ns(dev, target, &mcaddr, saddr, 0);
726 }
727}
728
729static int pndisc_is_router(const void *pkey,
730 struct net_device *dev)
731{
732 struct pneigh_entry *n;
733 int ret = -1;
734
735 read_lock_bh(&nd_tbl.lock);
736 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
737 if (n)
738 ret = !!(n->flags & NTF_ROUTER);
739 read_unlock_bh(&nd_tbl.lock);
740
741 return ret;
742}
743
744void ndisc_update(const struct net_device *dev, struct neighbour *neigh,
745 const u8 *lladdr, u8 new, u32 flags, u8 icmp6_type,
746 struct ndisc_options *ndopts)
747{
748 neigh_update(neigh, lladdr, new, flags, 0);
749
750 ndisc_ops_update(dev, neigh, flags, icmp6_type, ndopts);
751}
752
753static void ndisc_recv_ns(struct sk_buff *skb)
754{
755 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
756 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
757 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
758 u8 *lladdr = NULL;
759 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
760 offsetof(struct nd_msg, opt));
761 struct ndisc_options ndopts;
762 struct net_device *dev = skb->dev;
763 struct inet6_ifaddr *ifp;
764 struct inet6_dev *idev = NULL;
765 struct neighbour *neigh;
766 int dad = ipv6_addr_any(saddr);
767 bool inc;
768 int is_router = -1;
769 u64 nonce = 0;
770
771 if (skb->len < sizeof(struct nd_msg)) {
772 ND_PRINTK(2, warn, "NS: packet too short\n");
773 return;
774 }
775
776 if (ipv6_addr_is_multicast(&msg->target)) {
777 ND_PRINTK(2, warn, "NS: multicast target address\n");
778 return;
779 }
780
781
782
783
784
785 if (dad && !ipv6_addr_is_solict_mult(daddr)) {
786 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
787 return;
788 }
789
790 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
791 ND_PRINTK(2, warn, "NS: invalid ND options\n");
792 return;
793 }
794
795 if (ndopts.nd_opts_src_lladdr) {
796 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
797 if (!lladdr) {
798 ND_PRINTK(2, warn,
799 "NS: invalid link-layer address length\n");
800 return;
801 }
802
803
804
805
806
807
808 if (dad) {
809 ND_PRINTK(2, warn,
810 "NS: bad DAD packet (link-layer address option)\n");
811 return;
812 }
813 }
814 if (ndopts.nd_opts_nonce)
815 memcpy(&nonce, (u8 *)(ndopts.nd_opts_nonce + 1), 6);
816
817 inc = ipv6_addr_is_multicast(daddr);
818
819 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
820 if (ifp) {
821have_ifp:
822 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
823 if (dad) {
824 if (nonce != 0 && ifp->dad_nonce == nonce) {
825 u8 *np = (u8 *)&nonce;
826
827 ND_PRINTK(2, notice,
828 "%s: IPv6 DAD loopback for address %pI6c nonce %pM ignored\n",
829 ifp->idev->dev->name,
830 &ifp->addr, np);
831 goto out;
832 }
833
834
835
836
837
838 addrconf_dad_failure(skb, ifp);
839 return;
840 } else {
841
842
843
844
845
846
847 if (!(ifp->flags & IFA_F_OPTIMISTIC))
848 goto out;
849 }
850 }
851
852 idev = ifp->idev;
853 } else {
854 struct net *net = dev_net(dev);
855
856
857 if (netif_is_l3_slave(dev)) {
858 struct net_device *mdev;
859
860 mdev = netdev_master_upper_dev_get_rcu(dev);
861 if (mdev) {
862 ifp = ipv6_get_ifaddr(net, &msg->target, mdev, 1);
863 if (ifp)
864 goto have_ifp;
865 }
866 }
867
868 idev = in6_dev_get(dev);
869 if (!idev) {
870
871 return;
872 }
873
874 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
875 (idev->cnf.forwarding &&
876 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
877 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
878 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
879 skb->pkt_type != PACKET_HOST &&
880 inc &&
881 NEIGH_VAR(idev->nd_parms, PROXY_DELAY) != 0) {
882
883
884
885
886
887
888
889 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
890 if (n)
891 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
892 goto out;
893 }
894 } else
895 goto out;
896 }
897
898 if (is_router < 0)
899 is_router = idev->cnf.forwarding;
900
901 if (dad) {
902 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &msg->target,
903 !!is_router, false, (ifp != NULL), true);
904 goto out;
905 }
906
907 if (inc)
908 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
909 else
910 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
911
912
913
914
915
916 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
917 !inc || lladdr || !dev->addr_len);
918 if (neigh)
919 ndisc_update(dev, neigh, lladdr, NUD_STALE,
920 NEIGH_UPDATE_F_WEAK_OVERRIDE|
921 NEIGH_UPDATE_F_OVERRIDE,
922 NDISC_NEIGHBOUR_SOLICITATION, &ndopts);
923 if (neigh || !dev->header_ops) {
924 ndisc_send_na(dev, saddr, &msg->target, !!is_router,
925 true, (ifp != NULL && inc), inc);
926 if (neigh)
927 neigh_release(neigh);
928 }
929
930out:
931 if (ifp)
932 in6_ifa_put(ifp);
933 else
934 in6_dev_put(idev);
935}
936
937static void ndisc_recv_na(struct sk_buff *skb)
938{
939 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
940 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
941 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
942 u8 *lladdr = NULL;
943 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
944 offsetof(struct nd_msg, opt));
945 struct ndisc_options ndopts;
946 struct net_device *dev = skb->dev;
947 struct inet6_dev *idev = __in6_dev_get(dev);
948 struct inet6_ifaddr *ifp;
949 struct neighbour *neigh;
950
951 if (skb->len < sizeof(struct nd_msg)) {
952 ND_PRINTK(2, warn, "NA: packet too short\n");
953 return;
954 }
955
956 if (ipv6_addr_is_multicast(&msg->target)) {
957 ND_PRINTK(2, warn, "NA: target address is multicast\n");
958 return;
959 }
960
961 if (ipv6_addr_is_multicast(daddr) &&
962 msg->icmph.icmp6_solicited) {
963 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
964 return;
965 }
966
967
968
969
970
971 if (!msg->icmph.icmp6_solicited && idev &&
972 idev->cnf.drop_unsolicited_na)
973 return;
974
975 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
976 ND_PRINTK(2, warn, "NS: invalid ND option\n");
977 return;
978 }
979 if (ndopts.nd_opts_tgt_lladdr) {
980 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
981 if (!lladdr) {
982 ND_PRINTK(2, warn,
983 "NA: invalid link-layer address length\n");
984 return;
985 }
986 }
987 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
988 if (ifp) {
989 if (skb->pkt_type != PACKET_LOOPBACK
990 && (ifp->flags & IFA_F_TENTATIVE)) {
991 addrconf_dad_failure(skb, ifp);
992 return;
993 }
994
995
996
997
998
999
1000
1001
1002
1003 if (skb->pkt_type != PACKET_LOOPBACK)
1004 ND_PRINTK(1, warn,
1005 "NA: %pM advertised our address %pI6c on %s!\n",
1006 eth_hdr(skb)->h_source, &ifp->addr, ifp->idev->dev->name);
1007 in6_ifa_put(ifp);
1008 return;
1009 }
1010 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
1011
1012 if (neigh) {
1013 u8 old_flags = neigh->flags;
1014 struct net *net = dev_net(dev);
1015
1016 if (neigh->nud_state & NUD_FAILED)
1017 goto out;
1018
1019
1020
1021
1022
1023
1024 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
1025 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
1026 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
1027
1028 goto out;
1029 }
1030
1031 ndisc_update(dev, neigh, lladdr,
1032 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
1033 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1034 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
1035 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1036 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0),
1037 NDISC_NEIGHBOUR_ADVERTISEMENT, &ndopts);
1038
1039 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
1040
1041
1042
1043 rt6_clean_tohost(dev_net(dev), saddr);
1044 }
1045
1046out:
1047 neigh_release(neigh);
1048 }
1049}
1050
1051static void ndisc_recv_rs(struct sk_buff *skb)
1052{
1053 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
1054 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
1055 struct neighbour *neigh;
1056 struct inet6_dev *idev;
1057 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
1058 struct ndisc_options ndopts;
1059 u8 *lladdr = NULL;
1060
1061 if (skb->len < sizeof(*rs_msg))
1062 return;
1063
1064 idev = __in6_dev_get(skb->dev);
1065 if (!idev) {
1066 ND_PRINTK(1, err, "RS: can't find in6 device\n");
1067 return;
1068 }
1069
1070
1071 if (!idev->cnf.forwarding)
1072 goto out;
1073
1074
1075
1076
1077
1078 if (ipv6_addr_any(saddr))
1079 goto out;
1080
1081
1082 if (!ndisc_parse_options(skb->dev, rs_msg->opt, ndoptlen, &ndopts)) {
1083 ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n");
1084 goto out;
1085 }
1086
1087 if (ndopts.nd_opts_src_lladdr) {
1088 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1089 skb->dev);
1090 if (!lladdr)
1091 goto out;
1092 }
1093
1094 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1095 if (neigh) {
1096 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1097 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1098 NEIGH_UPDATE_F_OVERRIDE|
1099 NEIGH_UPDATE_F_OVERRIDE_ISROUTER,
1100 NDISC_ROUTER_SOLICITATION, &ndopts);
1101 neigh_release(neigh);
1102 }
1103out:
1104 return;
1105}
1106
1107static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1108{
1109 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1110 struct sk_buff *skb;
1111 struct nlmsghdr *nlh;
1112 struct nduseroptmsg *ndmsg;
1113 struct net *net = dev_net(ra->dev);
1114 int err;
1115 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1116 + (opt->nd_opt_len << 3));
1117 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1118
1119 skb = nlmsg_new(msg_size, GFP_ATOMIC);
1120 if (!skb) {
1121 err = -ENOBUFS;
1122 goto errout;
1123 }
1124
1125 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1126 if (!nlh) {
1127 goto nla_put_failure;
1128 }
1129
1130 ndmsg = nlmsg_data(nlh);
1131 ndmsg->nduseropt_family = AF_INET6;
1132 ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1133 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1134 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1135 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1136
1137 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1138
1139 if (nla_put_in6_addr(skb, NDUSEROPT_SRCADDR, &ipv6_hdr(ra)->saddr))
1140 goto nla_put_failure;
1141 nlmsg_end(skb, nlh);
1142
1143 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1144 return;
1145
1146nla_put_failure:
1147 nlmsg_free(skb);
1148 err = -EMSGSIZE;
1149errout:
1150 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1151}
1152
1153static void ndisc_router_discovery(struct sk_buff *skb)
1154{
1155 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1156 struct neighbour *neigh = NULL;
1157 struct inet6_dev *in6_dev;
1158 struct rt6_info *rt = NULL;
1159 int lifetime;
1160 struct ndisc_options ndopts;
1161 int optlen;
1162 unsigned int pref = 0;
1163 __u32 old_if_flags;
1164 bool send_ifinfo_notify = false;
1165
1166 __u8 *opt = (__u8 *)(ra_msg + 1);
1167
1168 optlen = (skb_tail_pointer(skb) - skb_transport_header(skb)) -
1169 sizeof(struct ra_msg);
1170
1171 ND_PRINTK(2, info,
1172 "RA: %s, dev: %s\n",
1173 __func__, skb->dev->name);
1174 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1175 ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1176 return;
1177 }
1178 if (optlen < 0) {
1179 ND_PRINTK(2, warn, "RA: packet too short\n");
1180 return;
1181 }
1182
1183#ifdef CONFIG_IPV6_NDISC_NODETYPE
1184 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1185 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
1186 return;
1187 }
1188#endif
1189
1190
1191
1192
1193
1194 in6_dev = __in6_dev_get(skb->dev);
1195 if (!in6_dev) {
1196 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1197 skb->dev->name);
1198 return;
1199 }
1200
1201 if (!ndisc_parse_options(skb->dev, opt, optlen, &ndopts)) {
1202 ND_PRINTK(2, warn, "RA: invalid ND options\n");
1203 return;
1204 }
1205
1206 if (!ipv6_accept_ra(in6_dev)) {
1207 ND_PRINTK(2, info,
1208 "RA: %s, did not accept ra for dev: %s\n",
1209 __func__, skb->dev->name);
1210 goto skip_linkparms;
1211 }
1212
1213#ifdef CONFIG_IPV6_NDISC_NODETYPE
1214
1215 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1216 ND_PRINTK(2, info,
1217 "RA: %s, nodetype is NODEFAULT, dev: %s\n",
1218 __func__, skb->dev->name);
1219 goto skip_linkparms;
1220 }
1221#endif
1222
1223 if (in6_dev->if_flags & IF_RS_SENT) {
1224
1225
1226
1227
1228 in6_dev->if_flags |= IF_RA_RCVD;
1229 }
1230
1231
1232
1233
1234
1235 old_if_flags = in6_dev->if_flags;
1236 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1237 IF_RA_OTHERCONF)) |
1238 (ra_msg->icmph.icmp6_addrconf_managed ?
1239 IF_RA_MANAGED : 0) |
1240 (ra_msg->icmph.icmp6_addrconf_other ?
1241 IF_RA_OTHERCONF : 0);
1242
1243 if (old_if_flags != in6_dev->if_flags)
1244 send_ifinfo_notify = true;
1245
1246 if (!in6_dev->cnf.accept_ra_defrtr) {
1247 ND_PRINTK(2, info,
1248 "RA: %s, defrtr is false for dev: %s\n",
1249 __func__, skb->dev->name);
1250 goto skip_defrtr;
1251 }
1252
1253
1254
1255
1256 if (!in6_dev->cnf.accept_ra_from_local &&
1257 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
1258 in6_dev->dev, 0)) {
1259 ND_PRINTK(2, info,
1260 "RA from local address detected on dev: %s: default router ignored\n",
1261 skb->dev->name);
1262 goto skip_defrtr;
1263 }
1264
1265 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1266
1267#ifdef CONFIG_IPV6_ROUTER_PREF
1268 pref = ra_msg->icmph.icmp6_router_pref;
1269
1270 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1271 !in6_dev->cnf.accept_ra_rtr_pref)
1272 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1273#endif
1274
1275 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1276
1277 if (rt) {
1278 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1279 if (!neigh) {
1280 ND_PRINTK(0, err,
1281 "RA: %s got default router without neighbour\n",
1282 __func__);
1283 ip6_rt_put(rt);
1284 return;
1285 }
1286 }
1287 if (rt && lifetime == 0) {
1288 ip6_del_rt(rt);
1289 rt = NULL;
1290 }
1291
1292 ND_PRINTK(3, info, "RA: rt: %p lifetime: %d, for dev: %s\n",
1293 rt, lifetime, skb->dev->name);
1294 if (!rt && lifetime) {
1295 ND_PRINTK(3, info, "RA: adding default router\n");
1296
1297 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
1298 if (!rt) {
1299 ND_PRINTK(0, err,
1300 "RA: %s failed to add default route\n",
1301 __func__);
1302 return;
1303 }
1304
1305 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1306 if (!neigh) {
1307 ND_PRINTK(0, err,
1308 "RA: %s got default router without neighbour\n",
1309 __func__);
1310 ip6_rt_put(rt);
1311 return;
1312 }
1313 neigh->flags |= NTF_ROUTER;
1314 } else if (rt) {
1315 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1316 }
1317
1318 if (rt)
1319 rt6_set_expires(rt, jiffies + (HZ * lifetime));
1320 if (in6_dev->cnf.accept_ra_min_hop_limit < 256 &&
1321 ra_msg->icmph.icmp6_hop_limit) {
1322 if (in6_dev->cnf.accept_ra_min_hop_limit <= ra_msg->icmph.icmp6_hop_limit) {
1323 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1324 if (rt)
1325 dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
1326 ra_msg->icmph.icmp6_hop_limit);
1327 } else {
1328 ND_PRINTK(2, warn, "RA: Got route advertisement with lower hop_limit than minimum\n");
1329 }
1330 }
1331
1332skip_defrtr:
1333
1334
1335
1336
1337
1338 if (in6_dev->nd_parms) {
1339 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1340
1341 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1342 rtime = (rtime*HZ)/1000;
1343 if (rtime < HZ/10)
1344 rtime = HZ/10;
1345 NEIGH_VAR_SET(in6_dev->nd_parms, RETRANS_TIME, rtime);
1346 in6_dev->tstamp = jiffies;
1347 send_ifinfo_notify = true;
1348 }
1349
1350 rtime = ntohl(ra_msg->reachable_time);
1351 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1352 rtime = (rtime*HZ)/1000;
1353
1354 if (rtime < HZ/10)
1355 rtime = HZ/10;
1356
1357 if (rtime != NEIGH_VAR(in6_dev->nd_parms, BASE_REACHABLE_TIME)) {
1358 NEIGH_VAR_SET(in6_dev->nd_parms,
1359 BASE_REACHABLE_TIME, rtime);
1360 NEIGH_VAR_SET(in6_dev->nd_parms,
1361 GC_STALETIME, 3 * rtime);
1362 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1363 in6_dev->tstamp = jiffies;
1364 send_ifinfo_notify = true;
1365 }
1366 }
1367 }
1368
1369
1370
1371
1372 if (send_ifinfo_notify)
1373 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1374
1375skip_linkparms:
1376
1377
1378
1379
1380
1381 if (!neigh)
1382 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1383 skb->dev, 1);
1384 if (neigh) {
1385 u8 *lladdr = NULL;
1386 if (ndopts.nd_opts_src_lladdr) {
1387 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1388 skb->dev);
1389 if (!lladdr) {
1390 ND_PRINTK(2, warn,
1391 "RA: invalid link-layer address length\n");
1392 goto out;
1393 }
1394 }
1395 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1396 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1397 NEIGH_UPDATE_F_OVERRIDE|
1398 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1399 NEIGH_UPDATE_F_ISROUTER,
1400 NDISC_ROUTER_ADVERTISEMENT, &ndopts);
1401 }
1402
1403 if (!ipv6_accept_ra(in6_dev)) {
1404 ND_PRINTK(2, info,
1405 "RA: %s, accept_ra is false for dev: %s\n",
1406 __func__, skb->dev->name);
1407 goto out;
1408 }
1409
1410#ifdef CONFIG_IPV6_ROUTE_INFO
1411 if (!in6_dev->cnf.accept_ra_from_local &&
1412 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
1413 in6_dev->dev, 0)) {
1414 ND_PRINTK(2, info,
1415 "RA from local address detected on dev: %s: router info ignored.\n",
1416 skb->dev->name);
1417 goto skip_routeinfo;
1418 }
1419
1420 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1421 struct nd_opt_hdr *p;
1422 for (p = ndopts.nd_opts_ri;
1423 p;
1424 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1425 struct route_info *ri = (struct route_info *)p;
1426#ifdef CONFIG_IPV6_NDISC_NODETYPE
1427 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1428 ri->prefix_len == 0)
1429 continue;
1430#endif
1431 if (ri->prefix_len == 0 &&
1432 !in6_dev->cnf.accept_ra_defrtr)
1433 continue;
1434 if (ri->prefix_len < in6_dev->cnf.accept_ra_rt_info_min_plen)
1435 continue;
1436 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1437 continue;
1438 rt6_route_rcv(skb->dev, (u8 *)p, (p->nd_opt_len) << 3,
1439 &ipv6_hdr(skb)->saddr);
1440 }
1441 }
1442
1443skip_routeinfo:
1444#endif
1445
1446#ifdef CONFIG_IPV6_NDISC_NODETYPE
1447
1448 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1449 ND_PRINTK(2, info,
1450 "RA: %s, nodetype is NODEFAULT (interior routes), dev: %s\n",
1451 __func__, skb->dev->name);
1452 goto out;
1453 }
1454#endif
1455
1456 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1457 struct nd_opt_hdr *p;
1458 for (p = ndopts.nd_opts_pi;
1459 p;
1460 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1461 addrconf_prefix_rcv(skb->dev, (u8 *)p,
1462 (p->nd_opt_len) << 3,
1463 ndopts.nd_opts_src_lladdr != NULL);
1464 }
1465 }
1466
1467 if (ndopts.nd_opts_mtu && in6_dev->cnf.accept_ra_mtu) {
1468 __be32 n;
1469 u32 mtu;
1470
1471 memcpy(&n, ((u8 *)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1472 mtu = ntohl(n);
1473
1474 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1475 ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1476 } else if (in6_dev->cnf.mtu6 != mtu) {
1477 in6_dev->cnf.mtu6 = mtu;
1478
1479 if (rt)
1480 dst_metric_set(&rt->dst, RTAX_MTU, mtu);
1481
1482 rt6_mtu_change(skb->dev, mtu);
1483 }
1484 }
1485
1486 if (ndopts.nd_useropts) {
1487 struct nd_opt_hdr *p;
1488 for (p = ndopts.nd_useropts;
1489 p;
1490 p = ndisc_next_useropt(skb->dev, p,
1491 ndopts.nd_useropts_end)) {
1492 ndisc_ra_useropt(skb, p);
1493 }
1494 }
1495
1496 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1497 ND_PRINTK(2, warn, "RA: invalid RA options\n");
1498 }
1499out:
1500 ip6_rt_put(rt);
1501 if (neigh)
1502 neigh_release(neigh);
1503}
1504
1505static void ndisc_redirect_rcv(struct sk_buff *skb)
1506{
1507 u8 *hdr;
1508 struct ndisc_options ndopts;
1509 struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb);
1510 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
1511 offsetof(struct rd_msg, opt));
1512
1513#ifdef CONFIG_IPV6_NDISC_NODETYPE
1514 switch (skb->ndisc_nodetype) {
1515 case NDISC_NODETYPE_HOST:
1516 case NDISC_NODETYPE_NODEFAULT:
1517 ND_PRINTK(2, warn,
1518 "Redirect: from host or unauthorized router\n");
1519 return;
1520 }
1521#endif
1522
1523 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1524 ND_PRINTK(2, warn,
1525 "Redirect: source address is not link-local\n");
1526 return;
1527 }
1528
1529 if (!ndisc_parse_options(skb->dev, msg->opt, ndoptlen, &ndopts))
1530 return;
1531
1532 if (!ndopts.nd_opts_rh) {
1533 ip6_redirect_no_header(skb, dev_net(skb->dev),
1534 skb->dev->ifindex, 0);
1535 return;
1536 }
1537
1538 hdr = (u8 *)ndopts.nd_opts_rh;
1539 hdr += 8;
1540 if (!pskb_pull(skb, hdr - skb_transport_header(skb)))
1541 return;
1542
1543 icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1544}
1545
1546static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb,
1547 struct sk_buff *orig_skb,
1548 int rd_len)
1549{
1550 u8 *opt = skb_put(skb, rd_len);
1551
1552 memset(opt, 0, 8);
1553 *(opt++) = ND_OPT_REDIRECT_HDR;
1554 *(opt++) = (rd_len >> 3);
1555 opt += 6;
1556
1557 skb_copy_bits(orig_skb, skb_network_offset(orig_skb), opt,
1558 rd_len - 8);
1559}
1560
1561void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1562{
1563 struct net_device *dev = skb->dev;
1564 struct net *net = dev_net(dev);
1565 struct sock *sk = net->ipv6.ndisc_sk;
1566 int optlen = 0;
1567 struct inet_peer *peer;
1568 struct sk_buff *buff;
1569 struct rd_msg *msg;
1570 struct in6_addr saddr_buf;
1571 struct rt6_info *rt;
1572 struct dst_entry *dst;
1573 struct flowi6 fl6;
1574 int rd_len;
1575 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL,
1576 ops_data_buf[NDISC_OPS_REDIRECT_DATA_SPACE], *ops_data = NULL;
1577 bool ret;
1578
1579 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1580 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1581 dev->name);
1582 return;
1583 }
1584
1585 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1586 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1587 ND_PRINTK(2, warn,
1588 "Redirect: target address is not link-local unicast\n");
1589 return;
1590 }
1591
1592 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1593 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1594
1595 dst = ip6_route_output(net, NULL, &fl6);
1596 if (dst->error) {
1597 dst_release(dst);
1598 return;
1599 }
1600 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1601 if (IS_ERR(dst))
1602 return;
1603
1604 rt = (struct rt6_info *) dst;
1605
1606 if (rt->rt6i_flags & RTF_GATEWAY) {
1607 ND_PRINTK(2, warn,
1608 "Redirect: destination is not a neighbour\n");
1609 goto release;
1610 }
1611 peer = inet_getpeer_v6(net->ipv6.peers, &ipv6_hdr(skb)->saddr, 1);
1612 ret = inet_peer_xrlim_allow(peer, 1*HZ);
1613 if (peer)
1614 inet_putpeer(peer);
1615 if (!ret)
1616 goto release;
1617
1618 if (dev->addr_len) {
1619 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1620 if (!neigh) {
1621 ND_PRINTK(2, warn,
1622 "Redirect: no neigh for target address\n");
1623 goto release;
1624 }
1625
1626 read_lock_bh(&neigh->lock);
1627 if (neigh->nud_state & NUD_VALID) {
1628 memcpy(ha_buf, neigh->ha, dev->addr_len);
1629 read_unlock_bh(&neigh->lock);
1630 ha = ha_buf;
1631 optlen += ndisc_redirect_opt_addr_space(dev, neigh,
1632 ops_data_buf,
1633 &ops_data);
1634 } else
1635 read_unlock_bh(&neigh->lock);
1636
1637 neigh_release(neigh);
1638 }
1639
1640 rd_len = min_t(unsigned int,
1641 IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen,
1642 skb->len + 8);
1643 rd_len &= ~0x7;
1644 optlen += rd_len;
1645
1646 buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
1647 if (!buff)
1648 goto release;
1649
1650 msg = skb_put(buff, sizeof(*msg));
1651 *msg = (struct rd_msg) {
1652 .icmph = {
1653 .icmp6_type = NDISC_REDIRECT,
1654 },
1655 .target = *target,
1656 .dest = ipv6_hdr(skb)->daddr,
1657 };
1658
1659
1660
1661
1662
1663 if (ha)
1664 ndisc_fill_redirect_addr_option(buff, ha, ops_data);
1665
1666
1667
1668
1669
1670 if (rd_len)
1671 ndisc_fill_redirect_hdr_option(buff, skb, rd_len);
1672
1673 skb_dst_set(buff, dst);
1674 ndisc_send_skb(buff, &ipv6_hdr(skb)->saddr, &saddr_buf);
1675 return;
1676
1677release:
1678 dst_release(dst);
1679}
1680
1681static void pndisc_redo(struct sk_buff *skb)
1682{
1683 ndisc_recv_ns(skb);
1684 kfree_skb(skb);
1685}
1686
1687static bool ndisc_suppress_frag_ndisc(struct sk_buff *skb)
1688{
1689 struct inet6_dev *idev = __in6_dev_get(skb->dev);
1690
1691 if (!idev)
1692 return true;
1693 if (IP6CB(skb)->flags & IP6SKB_FRAGMENTED &&
1694 idev->cnf.suppress_frag_ndisc) {
1695 net_warn_ratelimited("Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.\n");
1696 return true;
1697 }
1698 return false;
1699}
1700
1701int ndisc_rcv(struct sk_buff *skb)
1702{
1703 struct nd_msg *msg;
1704
1705 if (ndisc_suppress_frag_ndisc(skb))
1706 return 0;
1707
1708 if (skb_linearize(skb))
1709 return 0;
1710
1711 msg = (struct nd_msg *)skb_transport_header(skb);
1712
1713 __skb_push(skb, skb->data - skb_transport_header(skb));
1714
1715 if (ipv6_hdr(skb)->hop_limit != 255) {
1716 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1717 ipv6_hdr(skb)->hop_limit);
1718 return 0;
1719 }
1720
1721 if (msg->icmph.icmp6_code != 0) {
1722 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1723 msg->icmph.icmp6_code);
1724 return 0;
1725 }
1726
1727 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1728
1729 switch (msg->icmph.icmp6_type) {
1730 case NDISC_NEIGHBOUR_SOLICITATION:
1731 ndisc_recv_ns(skb);
1732 break;
1733
1734 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1735 ndisc_recv_na(skb);
1736 break;
1737
1738 case NDISC_ROUTER_SOLICITATION:
1739 ndisc_recv_rs(skb);
1740 break;
1741
1742 case NDISC_ROUTER_ADVERTISEMENT:
1743 ndisc_router_discovery(skb);
1744 break;
1745
1746 case NDISC_REDIRECT:
1747 ndisc_redirect_rcv(skb);
1748 break;
1749 }
1750
1751 return 0;
1752}
1753
1754static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1755{
1756 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1757 struct netdev_notifier_change_info *change_info;
1758 struct net *net = dev_net(dev);
1759 struct inet6_dev *idev;
1760
1761 switch (event) {
1762 case NETDEV_CHANGEADDR:
1763 neigh_changeaddr(&nd_tbl, dev);
1764 fib6_run_gc(0, net, false);
1765
1766 case NETDEV_UP:
1767 idev = in6_dev_get(dev);
1768 if (!idev)
1769 break;
1770 if (idev->cnf.ndisc_notify ||
1771 net->ipv6.devconf_all->ndisc_notify)
1772 ndisc_send_unsol_na(dev);
1773 in6_dev_put(idev);
1774 break;
1775 case NETDEV_CHANGE:
1776 change_info = ptr;
1777 if (change_info->flags_changed & IFF_NOARP)
1778 neigh_changeaddr(&nd_tbl, dev);
1779 break;
1780 case NETDEV_DOWN:
1781 neigh_ifdown(&nd_tbl, dev);
1782 fib6_run_gc(0, net, false);
1783 break;
1784 case NETDEV_NOTIFY_PEERS:
1785 ndisc_send_unsol_na(dev);
1786 break;
1787 default:
1788 break;
1789 }
1790
1791 return NOTIFY_DONE;
1792}
1793
1794static struct notifier_block ndisc_netdev_notifier = {
1795 .notifier_call = ndisc_netdev_event,
1796 .priority = ADDRCONF_NOTIFY_PRIORITY - 5,
1797};
1798
1799#ifdef CONFIG_SYSCTL
1800static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1801 const char *func, const char *dev_name)
1802{
1803 static char warncomm[TASK_COMM_LEN];
1804 static int warned;
1805 if (strcmp(warncomm, current->comm) && warned < 5) {
1806 strcpy(warncomm, current->comm);
1807 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1808 warncomm, func,
1809 dev_name, ctl->procname,
1810 dev_name, ctl->procname);
1811 warned++;
1812 }
1813}
1814
1815int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
1816{
1817 struct net_device *dev = ctl->extra1;
1818 struct inet6_dev *idev;
1819 int ret;
1820
1821 if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1822 (strcmp(ctl->procname, "base_reachable_time") == 0))
1823 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1824
1825 if (strcmp(ctl->procname, "retrans_time") == 0)
1826 ret = neigh_proc_dointvec(ctl, write, buffer, lenp, ppos);
1827
1828 else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1829 ret = neigh_proc_dointvec_jiffies(ctl, write,
1830 buffer, lenp, ppos);
1831
1832 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1833 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1834 ret = neigh_proc_dointvec_ms_jiffies(ctl, write,
1835 buffer, lenp, ppos);
1836 else
1837 ret = -1;
1838
1839 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1840 if (ctl->data == &NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME))
1841 idev->nd_parms->reachable_time =
1842 neigh_rand_reach_time(NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME));
1843 idev->tstamp = jiffies;
1844 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1845 in6_dev_put(idev);
1846 }
1847 return ret;
1848}
1849
1850
1851#endif
1852
1853static int __net_init ndisc_net_init(struct net *net)
1854{
1855 struct ipv6_pinfo *np;
1856 struct sock *sk;
1857 int err;
1858
1859 err = inet_ctl_sock_create(&sk, PF_INET6,
1860 SOCK_RAW, IPPROTO_ICMPV6, net);
1861 if (err < 0) {
1862 ND_PRINTK(0, err,
1863 "NDISC: Failed to initialize the control socket (err %d)\n",
1864 err);
1865 return err;
1866 }
1867
1868 net->ipv6.ndisc_sk = sk;
1869
1870 np = inet6_sk(sk);
1871 np->hop_limit = 255;
1872
1873 np->mc_loop = 0;
1874
1875 return 0;
1876}
1877
1878static void __net_exit ndisc_net_exit(struct net *net)
1879{
1880 inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1881}
1882
1883static struct pernet_operations ndisc_net_ops = {
1884 .init = ndisc_net_init,
1885 .exit = ndisc_net_exit,
1886};
1887
1888int __init ndisc_init(void)
1889{
1890 int err;
1891
1892 err = register_pernet_subsys(&ndisc_net_ops);
1893 if (err)
1894 return err;
1895
1896
1897
1898 neigh_table_init(NEIGH_ND_TABLE, &nd_tbl);
1899
1900#ifdef CONFIG_SYSCTL
1901 err = neigh_sysctl_register(NULL, &nd_tbl.parms,
1902 ndisc_ifinfo_sysctl_change);
1903 if (err)
1904 goto out_unregister_pernet;
1905out:
1906#endif
1907 return err;
1908
1909#ifdef CONFIG_SYSCTL
1910out_unregister_pernet:
1911 unregister_pernet_subsys(&ndisc_net_ops);
1912 goto out;
1913#endif
1914}
1915
1916int __init ndisc_late_init(void)
1917{
1918 return register_netdevice_notifier(&ndisc_netdev_notifier);
1919}
1920
1921void ndisc_late_cleanup(void)
1922{
1923 unregister_netdevice_notifier(&ndisc_netdev_notifier);
1924}
1925
1926void ndisc_cleanup(void)
1927{
1928#ifdef CONFIG_SYSCTL
1929 neigh_sysctl_unregister(&nd_tbl.parms);
1930#endif
1931 neigh_table_clear(NEIGH_ND_TABLE, &nd_tbl);
1932 unregister_pernet_subsys(&ndisc_net_ops);
1933}
1934
