1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30#define pr_fmt(fmt) "ICMPv6: " fmt
31
32#include <linux/module.h>
33#include <linux/errno.h>
34#include <linux/types.h>
35#include <linux/socket.h>
36#include <linux/sockios.h>
37#include <linux/sched.h>
38#include <linux/net.h>
39#include <linux/in6.h>
40#include <linux/route.h>
41#include <linux/init.h>
42#include <linux/rcupdate.h>
43#include <linux/slab.h>
44#ifdef CONFIG_SYSCTL
45#include <linux/sysctl.h>
46#endif
47
48#include <linux/if_addr.h>
49#include <linux/if_ether.h>
50#include <linux/if_arp.h>
51#include <linux/ipv6.h>
52#include <linux/icmpv6.h>
53#include <linux/jhash.h>
54
55#include <net/sock.h>
56#include <net/snmp.h>
57
58#include <net/ipv6.h>
59#include <net/protocol.h>
60#include <net/ndisc.h>
61#include <net/ip6_route.h>
62#include <net/addrconf.h>
63#include <net/icmp.h>
64
65#include <net/netlink.h>
66#include <linux/rtnetlink.h>
67
68#include <net/flow.h>
69#include <net/ip6_checksum.h>
70#include <net/inet_common.h>
71#include <linux/proc_fs.h>
72
73#include <linux/netfilter.h>
74#include <linux/netfilter_ipv6.h>
75
76static u32 ndisc_hash(const void *pkey,
77 const struct net_device *dev,
78 __u32 *hash_rnd);
79static bool ndisc_key_eq(const struct neighbour *neigh, const void *pkey);
80static int ndisc_constructor(struct neighbour *neigh);
81static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
82static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
83static int pndisc_constructor(struct pneigh_entry *n);
84static void pndisc_destructor(struct pneigh_entry *n);
85static void pndisc_redo(struct sk_buff *skb);
86
87static const struct neigh_ops ndisc_generic_ops = {
88 .family = AF_INET6,
89 .solicit = ndisc_solicit,
90 .error_report = ndisc_error_report,
91 .output = neigh_resolve_output,
92 .connected_output = neigh_connected_output,
93};
94
95static const struct neigh_ops ndisc_hh_ops = {
96 .family = AF_INET6,
97 .solicit = ndisc_solicit,
98 .error_report = ndisc_error_report,
99 .output = neigh_resolve_output,
100 .connected_output = neigh_resolve_output,
101};
102
103
104static const struct neigh_ops ndisc_direct_ops = {
105 .family = AF_INET6,
106 .output = neigh_direct_output,
107 .connected_output = neigh_direct_output,
108};
109
110struct neigh_table nd_tbl = {
111 .family = AF_INET6,
112 .key_len = sizeof(struct in6_addr),
113 .protocol = cpu_to_be16(ETH_P_IPV6),
114 .hash = ndisc_hash,
115 .key_eq = ndisc_key_eq,
116 .constructor = ndisc_constructor,
117 .pconstructor = pndisc_constructor,
118 .pdestructor = pndisc_destructor,
119 .proxy_redo = pndisc_redo,
120 .id = "ndisc_cache",
121 .parms = {
122 .tbl = &nd_tbl,
123 .reachable_time = ND_REACHABLE_TIME,
124 .data = {
125 [NEIGH_VAR_MCAST_PROBES] = 3,
126 [NEIGH_VAR_UCAST_PROBES] = 3,
127 [NEIGH_VAR_RETRANS_TIME] = ND_RETRANS_TIMER,
128 [NEIGH_VAR_BASE_REACHABLE_TIME] = ND_REACHABLE_TIME,
129 [NEIGH_VAR_DELAY_PROBE_TIME] = 5 * HZ,
130 [NEIGH_VAR_GC_STALETIME] = 60 * HZ,
131 [NEIGH_VAR_QUEUE_LEN_BYTES] = SK_WMEM_MAX,
132 [NEIGH_VAR_PROXY_QLEN] = 64,
133 [NEIGH_VAR_ANYCAST_DELAY] = 1 * HZ,
134 [NEIGH_VAR_PROXY_DELAY] = (8 * HZ) / 10,
135 },
136 },
137 .gc_interval = 30 * HZ,
138 .gc_thresh1 = 128,
139 .gc_thresh2 = 512,
140 .gc_thresh3 = 1024,
141};
142EXPORT_SYMBOL_GPL(nd_tbl);
143
144void __ndisc_fill_addr_option(struct sk_buff *skb, int type, void *data,
145 int data_len, int pad)
146{
147 int space = __ndisc_opt_addr_space(data_len, pad);
148 u8 *opt = skb_put(skb, space);
149
150 opt[0] = type;
151 opt[1] = space>>3;
152
153 memset(opt + 2, 0, pad);
154 opt += pad;
155 space -= pad;
156
157 memcpy(opt+2, data, data_len);
158 data_len += 2;
159 opt += data_len;
160 space -= data_len;
161 if (space > 0)
162 memset(opt, 0, space);
163}
164EXPORT_SYMBOL_GPL(__ndisc_fill_addr_option);
165
166static inline void ndisc_fill_addr_option(struct sk_buff *skb, int type,
167 void *data, u8 icmp6_type)
168{
169 __ndisc_fill_addr_option(skb, type, data, skb->dev->addr_len,
170 ndisc_addr_option_pad(skb->dev->type));
171 ndisc_ops_fill_addr_option(skb->dev, skb, icmp6_type);
172}
173
174static inline void ndisc_fill_redirect_addr_option(struct sk_buff *skb,
175 void *ha,
176 const u8 *ops_data)
177{
178 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR, ha, NDISC_REDIRECT);
179 ndisc_ops_fill_redirect_addr_option(skb->dev, skb, ops_data);
180}
181
182static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
183 struct nd_opt_hdr *end)
184{
185 int type;
186 if (!cur || !end || cur >= end)
187 return NULL;
188 type = cur->nd_opt_type;
189 do {
190 cur = ((void *)cur) + (cur->nd_opt_len << 3);
191 } while (cur < end && cur->nd_opt_type != type);
192 return cur <= end && cur->nd_opt_type == type ? cur : NULL;
193}
194
195static inline int ndisc_is_useropt(const struct net_device *dev,
196 struct nd_opt_hdr *opt)
197{
198 return opt->nd_opt_type == ND_OPT_RDNSS ||
199 opt->nd_opt_type == ND_OPT_DNSSL ||
200 ndisc_ops_is_useropt(dev, opt->nd_opt_type);
201}
202
203static struct nd_opt_hdr *ndisc_next_useropt(const struct net_device *dev,
204 struct nd_opt_hdr *cur,
205 struct nd_opt_hdr *end)
206{
207 if (!cur || !end || cur >= end)
208 return NULL;
209 do {
210 cur = ((void *)cur) + (cur->nd_opt_len << 3);
211 } while (cur < end && !ndisc_is_useropt(dev, cur));
212 return cur <= end && ndisc_is_useropt(dev, cur) ? cur : NULL;
213}
214
215struct ndisc_options *ndisc_parse_options(const struct net_device *dev,
216 u8 *opt, int opt_len,
217 struct ndisc_options *ndopts)
218{
219 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
220
221 if (!nd_opt || opt_len < 0 || !ndopts)
222 return NULL;
223 memset(ndopts, 0, sizeof(*ndopts));
224 while (opt_len) {
225 int l;
226 if (opt_len < sizeof(struct nd_opt_hdr))
227 return NULL;
228 l = nd_opt->nd_opt_len << 3;
229 if (opt_len < l || l == 0)
230 return NULL;
231 if (ndisc_ops_parse_options(dev, nd_opt, ndopts))
232 goto next_opt;
233 switch (nd_opt->nd_opt_type) {
234 case ND_OPT_SOURCE_LL_ADDR:
235 case ND_OPT_TARGET_LL_ADDR:
236 case ND_OPT_MTU:
237 case ND_OPT_NONCE:
238 case ND_OPT_REDIRECT_HDR:
239 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
240 ND_PRINTK(2, warn,
241 "%s: duplicated ND6 option found: type=%d\n",
242 __func__, nd_opt->nd_opt_type);
243 } else {
244 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
245 }
246 break;
247 case ND_OPT_PREFIX_INFO:
248 ndopts->nd_opts_pi_end = nd_opt;
249 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
250 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
251 break;
252#ifdef CONFIG_IPV6_ROUTE_INFO
253 case ND_OPT_ROUTE_INFO:
254 ndopts->nd_opts_ri_end = nd_opt;
255 if (!ndopts->nd_opts_ri)
256 ndopts->nd_opts_ri = nd_opt;
257 break;
258#endif
259 default:
260 if (ndisc_is_useropt(dev, nd_opt)) {
261 ndopts->nd_useropts_end = nd_opt;
262 if (!ndopts->nd_useropts)
263 ndopts->nd_useropts = nd_opt;
264 } else {
265
266
267
268
269
270 ND_PRINTK(2, notice,
271 "%s: ignored unsupported option; type=%d, len=%d\n",
272 __func__,
273 nd_opt->nd_opt_type,
274 nd_opt->nd_opt_len);
275 }
276 }
277next_opt:
278 opt_len -= l;
279 nd_opt = ((void *)nd_opt) + l;
280 }
281 return ndopts;
282}
283
284int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
285{
286 switch (dev->type) {
287 case ARPHRD_ETHER:
288 case ARPHRD_IEEE802:
289 case ARPHRD_FDDI:
290 ipv6_eth_mc_map(addr, buf);
291 return 0;
292 case ARPHRD_ARCNET:
293 ipv6_arcnet_mc_map(addr, buf);
294 return 0;
295 case ARPHRD_INFINIBAND:
296 ipv6_ib_mc_map(addr, dev->broadcast, buf);
297 return 0;
298 case ARPHRD_IPGRE:
299 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
300 default:
301 if (dir) {
302 memcpy(buf, dev->broadcast, dev->addr_len);
303 return 0;
304 }
305 }
306 return -EINVAL;
307}
308EXPORT_SYMBOL(ndisc_mc_map);
309
310static u32 ndisc_hash(const void *pkey,
311 const struct net_device *dev,
312 __u32 *hash_rnd)
313{
314 return ndisc_hashfn(pkey, dev, hash_rnd);
315}
316
317static bool ndisc_key_eq(const struct neighbour *n, const void *pkey)
318{
319 return neigh_key_eq128(n, pkey);
320}
321
322static int ndisc_constructor(struct neighbour *neigh)
323{
324 struct in6_addr *addr = (struct in6_addr *)&neigh->primary_key;
325 struct net_device *dev = neigh->dev;
326 struct inet6_dev *in6_dev;
327 struct neigh_parms *parms;
328 bool is_multicast = ipv6_addr_is_multicast(addr);
329
330 in6_dev = in6_dev_get(dev);
331 if (!in6_dev) {
332 return -EINVAL;
333 }
334
335 parms = in6_dev->nd_parms;
336 __neigh_parms_put(neigh->parms);
337 neigh->parms = neigh_parms_clone(parms);
338
339 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
340 if (!dev->header_ops) {
341 neigh->nud_state = NUD_NOARP;
342 neigh->ops = &ndisc_direct_ops;
343 neigh->output = neigh_direct_output;
344 } else {
345 if (is_multicast) {
346 neigh->nud_state = NUD_NOARP;
347 ndisc_mc_map(addr, neigh->ha, dev, 1);
348 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
349 neigh->nud_state = NUD_NOARP;
350 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
351 if (dev->flags&IFF_LOOPBACK)
352 neigh->type = RTN_LOCAL;
353 } else if (dev->flags&IFF_POINTOPOINT) {
354 neigh->nud_state = NUD_NOARP;
355 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
356 }
357 if (dev->header_ops->cache)
358 neigh->ops = &ndisc_hh_ops;
359 else
360 neigh->ops = &ndisc_generic_ops;
361 if (neigh->nud_state&NUD_VALID)
362 neigh->output = neigh->ops->connected_output;
363 else
364 neigh->output = neigh->ops->output;
365 }
366 in6_dev_put(in6_dev);
367 return 0;
368}
369
370static int pndisc_constructor(struct pneigh_entry *n)
371{
372 struct in6_addr *addr = (struct in6_addr *)&n->key;
373 struct in6_addr maddr;
374 struct net_device *dev = n->dev;
375
376 if (!dev || !__in6_dev_get(dev))
377 return -EINVAL;
378 addrconf_addr_solict_mult(addr, &maddr);
379 ipv6_dev_mc_inc(dev, &maddr);
380 return 0;
381}
382
383static void pndisc_destructor(struct pneigh_entry *n)
384{
385 struct in6_addr *addr = (struct in6_addr *)&n->key;
386 struct in6_addr maddr;
387 struct net_device *dev = n->dev;
388
389 if (!dev || !__in6_dev_get(dev))
390 return;
391 addrconf_addr_solict_mult(addr, &maddr);
392 ipv6_dev_mc_dec(dev, &maddr);
393}
394
395static struct sk_buff *ndisc_alloc_skb(struct net_device *dev,
396 int len)
397{
398 int hlen = LL_RESERVED_SPACE(dev);
399 int tlen = dev->needed_tailroom;
400 struct sock *sk = dev_net(dev)->ipv6.ndisc_sk;
401 struct sk_buff *skb;
402
403 skb = alloc_skb(hlen + sizeof(struct ipv6hdr) + len + tlen, GFP_ATOMIC);
404 if (!skb) {
405 ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb\n",
406 __func__);
407 return NULL;
408 }
409
410 skb->protocol = htons(ETH_P_IPV6);
411 skb->dev = dev;
412
413 skb_reserve(skb, hlen + sizeof(struct ipv6hdr));
414 skb_reset_transport_header(skb);
415
416
417
418
419 skb_set_owner_w(skb, sk);
420
421 return skb;
422}
423
424static void ip6_nd_hdr(struct sk_buff *skb,
425 const struct in6_addr *saddr,
426 const struct in6_addr *daddr,
427 int hop_limit, int len)
428{
429 struct ipv6hdr *hdr;
430 struct inet6_dev *idev;
431 unsigned tclass;
432
433 rcu_read_lock();
434 idev = __in6_dev_get(skb->dev);
435 tclass = idev ? idev->cnf.ndisc_tclass : 0;
436 rcu_read_unlock();
437
438 skb_push(skb, sizeof(*hdr));
439 skb_reset_network_header(skb);
440 hdr = ipv6_hdr(skb);
441
442 ip6_flow_hdr(hdr, tclass, 0);
443
444 hdr->payload_len = htons(len);
445 hdr->nexthdr = IPPROTO_ICMPV6;
446 hdr->hop_limit = hop_limit;
447
448 hdr->saddr = *saddr;
449 hdr->daddr = *daddr;
450}
451
452static void ndisc_send_skb(struct sk_buff *skb,
453 const struct in6_addr *daddr,
454 const struct in6_addr *saddr)
455{
456 struct dst_entry *dst = skb_dst(skb);
457 struct net *net = dev_net(skb->dev);
458 struct sock *sk = net->ipv6.ndisc_sk;
459 struct inet6_dev *idev;
460 int err;
461 struct icmp6hdr *icmp6h = icmp6_hdr(skb);
462 u8 type;
463
464 type = icmp6h->icmp6_type;
465
466 if (!dst) {
467 struct flowi6 fl6;
468 int oif = skb->dev->ifindex;
469
470 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, oif);
471 dst = icmp6_dst_alloc(skb->dev, &fl6);
472 if (IS_ERR(dst)) {
473 kfree_skb(skb);
474 return;
475 }
476
477 skb_dst_set(skb, dst);
478 }
479
480 icmp6h->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len,
481 IPPROTO_ICMPV6,
482 csum_partial(icmp6h,
483 skb->len, 0));
484
485 ip6_nd_hdr(skb, saddr, daddr, inet6_sk(sk)->hop_limit, skb->len);
486
487 rcu_read_lock();
488 idev = __in6_dev_get(dst->dev);
489 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
490
491 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT,
492 net, sk, skb, NULL, dst->dev,
493 dst_output);
494 if (!err) {
495 ICMP6MSGOUT_INC_STATS(net, idev, type);
496 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
497 }
498
499 rcu_read_unlock();
500}
501
502void ndisc_send_na(struct net_device *dev, const struct in6_addr *daddr,
503 const struct in6_addr *solicited_addr,
504 bool router, bool solicited, bool override, bool inc_opt)
505{
506 struct sk_buff *skb;
507 struct in6_addr tmpaddr;
508 struct inet6_ifaddr *ifp;
509 const struct in6_addr *src_addr;
510 struct nd_msg *msg;
511 int optlen = 0;
512
513
514 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
515 if (ifp) {
516 src_addr = solicited_addr;
517 if (ifp->flags & IFA_F_OPTIMISTIC)
518 override = false;
519 inc_opt |= ifp->idev->cnf.force_tllao;
520 in6_ifa_put(ifp);
521 } else {
522 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
523 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
524 &tmpaddr))
525 return;
526 src_addr = &tmpaddr;
527 }
528
529 if (!dev->addr_len)
530 inc_opt = false;
531 if (inc_opt)
532 optlen += ndisc_opt_addr_space(dev,
533 NDISC_NEIGHBOUR_ADVERTISEMENT);
534
535 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
536 if (!skb)
537 return;
538
539 msg = skb_put(skb, sizeof(*msg));
540 *msg = (struct nd_msg) {
541 .icmph = {
542 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
543 .icmp6_router = router,
544 .icmp6_solicited = solicited,
545 .icmp6_override = override,
546 },
547 .target = *solicited_addr,
548 };
549
550 if (inc_opt)
551 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR,
552 dev->dev_addr,
553 NDISC_NEIGHBOUR_ADVERTISEMENT);
554
555 ndisc_send_skb(skb, daddr, src_addr);
556}
557
558static void ndisc_send_unsol_na(struct net_device *dev)
559{
560 struct inet6_dev *idev;
561 struct inet6_ifaddr *ifa;
562
563 idev = in6_dev_get(dev);
564 if (!idev)
565 return;
566
567 read_lock_bh(&idev->lock);
568 list_for_each_entry(ifa, &idev->addr_list, if_list) {
569
570 if (ifa->flags & IFA_F_TENTATIVE &&
571 !(ifa->flags & IFA_F_OPTIMISTIC))
572 continue;
573
574 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &ifa->addr,
575 !!idev->cnf.forwarding,
576 false, true,
577 true);
578 }
579 read_unlock_bh(&idev->lock);
580
581 in6_dev_put(idev);
582}
583
584void ndisc_send_ns(struct net_device *dev, const struct in6_addr *solicit,
585 const struct in6_addr *daddr, const struct in6_addr *saddr,
586 u64 nonce)
587{
588 struct sk_buff *skb;
589 struct in6_addr addr_buf;
590 int inc_opt = dev->addr_len;
591 int optlen = 0;
592 struct nd_msg *msg;
593
594 if (!saddr) {
595 if (ipv6_get_lladdr(dev, &addr_buf,
596 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
597 return;
598 saddr = &addr_buf;
599 }
600
601 if (ipv6_addr_any(saddr))
602 inc_opt = false;
603 if (inc_opt)
604 optlen += ndisc_opt_addr_space(dev,
605 NDISC_NEIGHBOUR_SOLICITATION);
606 if (nonce != 0)
607 optlen += 8;
608
609 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
610 if (!skb)
611 return;
612
613 msg = skb_put(skb, sizeof(*msg));
614 *msg = (struct nd_msg) {
615 .icmph = {
616 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
617 },
618 .target = *solicit,
619 };
620
621 if (inc_opt)
622 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
623 dev->dev_addr,
624 NDISC_NEIGHBOUR_SOLICITATION);
625 if (nonce != 0) {
626 u8 *opt = skb_put(skb, 8);
627
628 opt[0] = ND_OPT_NONCE;
629 opt[1] = 8 >> 3;
630 memcpy(opt + 2, &nonce, 6);
631 }
632
633 ndisc_send_skb(skb, daddr, saddr);
634}
635
636void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
637 const struct in6_addr *daddr)
638{
639 struct sk_buff *skb;
640 struct rs_msg *msg;
641 int send_sllao = dev->addr_len;
642 int optlen = 0;
643
644#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
645
646
647
648
649
650
651
652
653 if (send_sllao) {
654 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
655 dev, 1);
656 if (ifp) {
657 if (ifp->flags & IFA_F_OPTIMISTIC) {
658 send_sllao = 0;
659 }
660 in6_ifa_put(ifp);
661 } else {
662 send_sllao = 0;
663 }
664 }
665#endif
666 if (send_sllao)
667 optlen += ndisc_opt_addr_space(dev, NDISC_ROUTER_SOLICITATION);
668
669 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
670 if (!skb)
671 return;
672
673 msg = skb_put(skb, sizeof(*msg));
674 *msg = (struct rs_msg) {
675 .icmph = {
676 .icmp6_type = NDISC_ROUTER_SOLICITATION,
677 },
678 };
679
680 if (send_sllao)
681 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
682 dev->dev_addr,
683 NDISC_ROUTER_SOLICITATION);
684
685 ndisc_send_skb(skb, daddr, saddr);
686}
687
688
689static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
690{
691
692
693
694
695 dst_link_failure(skb);
696 kfree_skb(skb);
697}
698
699
700
701static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
702{
703 struct in6_addr *saddr = NULL;
704 struct in6_addr mcaddr;
705 struct net_device *dev = neigh->dev;
706 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
707 int probes = atomic_read(&neigh->probes);
708
709 if (skb && ipv6_chk_addr_and_flags(dev_net(dev), &ipv6_hdr(skb)->saddr,
710 dev, false, 1,
711 IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))
712 saddr = &ipv6_hdr(skb)->saddr;
713 probes -= NEIGH_VAR(neigh->parms, UCAST_PROBES);
714 if (probes < 0) {
715 if (!(neigh->nud_state & NUD_VALID)) {
716 ND_PRINTK(1, dbg,
717 "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
718 __func__, target);
719 }
720 ndisc_send_ns(dev, target, target, saddr, 0);
721 } else if ((probes -= NEIGH_VAR(neigh->parms, APP_PROBES)) < 0) {
722 neigh_app_ns(neigh);
723 } else {
724 addrconf_addr_solict_mult(target, &mcaddr);
725 ndisc_send_ns(dev, target, &mcaddr, saddr, 0);
726 }
727}
728
729static int pndisc_is_router(const void *pkey,
730 struct net_device *dev)
731{
732 struct pneigh_entry *n;
733 int ret = -1;
734
735 read_lock_bh(&nd_tbl.lock);
736 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
737 if (n)
738 ret = !!(n->flags & NTF_ROUTER);
739 read_unlock_bh(&nd_tbl.lock);
740
741 return ret;
742}
743
744void ndisc_update(const struct net_device *dev, struct neighbour *neigh,
745 const u8 *lladdr, u8 new, u32 flags, u8 icmp6_type,
746 struct ndisc_options *ndopts)
747{
748 neigh_update(neigh, lladdr, new, flags, 0);
749
750 ndisc_ops_update(dev, neigh, flags, icmp6_type, ndopts);
751}
752
753static void ndisc_recv_ns(struct sk_buff *skb)
754{
755 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
756 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
757 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
758 u8 *lladdr = NULL;
759 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
760 offsetof(struct nd_msg, opt));
761 struct ndisc_options ndopts;
762 struct net_device *dev = skb->dev;
763 struct inet6_ifaddr *ifp;
764 struct inet6_dev *idev = NULL;
765 struct neighbour *neigh;
766 int dad = ipv6_addr_any(saddr);
767 bool inc;
768 int is_router = -1;
769 u64 nonce = 0;
770
771 if (skb->len < sizeof(struct nd_msg)) {
772 ND_PRINTK(2, warn, "NS: packet too short\n");
773 return;
774 }
775
776 if (ipv6_addr_is_multicast(&msg->target)) {
777 ND_PRINTK(2, warn, "NS: multicast target address\n");
778 return;
779 }
780
781
782
783
784
785 if (dad && !ipv6_addr_is_solict_mult(daddr)) {
786 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
787 return;
788 }
789
790 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
791 ND_PRINTK(2, warn, "NS: invalid ND options\n");
792 return;
793 }
794
795 if (ndopts.nd_opts_src_lladdr) {
796 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
797 if (!lladdr) {
798 ND_PRINTK(2, warn,
799 "NS: invalid link-layer address length\n");
800 return;
801 }
802
803
804
805
806
807
808 if (dad) {
809 ND_PRINTK(2, warn,
810 "NS: bad DAD packet (link-layer address option)\n");
811 return;
812 }
813 }
814 if (ndopts.nd_opts_nonce && ndopts.nd_opts_nonce->nd_opt_len == 1)
815 memcpy(&nonce, (u8 *)(ndopts.nd_opts_nonce + 1), 6);
816
817 inc = ipv6_addr_is_multicast(daddr);
818
819 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
820 if (ifp) {
821have_ifp:
822 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
823 if (dad) {
824 if (nonce != 0 && ifp->dad_nonce == nonce) {
825 u8 *np = (u8 *)&nonce;
826
827 ND_PRINTK(2, notice,
828 "%s: IPv6 DAD loopback for address %pI6c nonce %pM ignored\n",
829 ifp->idev->dev->name,
830 &ifp->addr, np);
831 goto out;
832 }
833
834
835
836
837
838 addrconf_dad_failure(skb, ifp);
839 return;
840 } else {
841
842
843
844
845
846
847 if (!(ifp->flags & IFA_F_OPTIMISTIC))
848 goto out;
849 }
850 }
851
852 idev = ifp->idev;
853 } else {
854 struct net *net = dev_net(dev);
855
856
857 if (netif_is_l3_slave(dev)) {
858 struct net_device *mdev;
859
860 mdev = netdev_master_upper_dev_get_rcu(dev);
861 if (mdev) {
862 ifp = ipv6_get_ifaddr(net, &msg->target, mdev, 1);
863 if (ifp)
864 goto have_ifp;
865 }
866 }
867
868 idev = in6_dev_get(dev);
869 if (!idev) {
870
871 return;
872 }
873
874 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
875 (idev->cnf.forwarding &&
876 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
877 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
878 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
879 skb->pkt_type != PACKET_HOST &&
880 inc &&
881 NEIGH_VAR(idev->nd_parms, PROXY_DELAY) != 0) {
882
883
884
885
886
887
888
889 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
890 if (n)
891 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
892 goto out;
893 }
894 } else
895 goto out;
896 }
897
898 if (is_router < 0)
899 is_router = idev->cnf.forwarding;
900
901 if (dad) {
902 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &msg->target,
903 !!is_router, false, (ifp != NULL), true);
904 goto out;
905 }
906
907 if (inc)
908 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
909 else
910 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
911
912
913
914
915
916 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
917 !inc || lladdr || !dev->addr_len);
918 if (neigh)
919 ndisc_update(dev, neigh, lladdr, NUD_STALE,
920 NEIGH_UPDATE_F_WEAK_OVERRIDE|
921 NEIGH_UPDATE_F_OVERRIDE,
922 NDISC_NEIGHBOUR_SOLICITATION, &ndopts);
923 if (neigh || !dev->header_ops) {
924 ndisc_send_na(dev, saddr, &msg->target, !!is_router,
925 true, (ifp != NULL && inc), inc);
926 if (neigh)
927 neigh_release(neigh);
928 }
929
930out:
931 if (ifp)
932 in6_ifa_put(ifp);
933 else
934 in6_dev_put(idev);
935}
936
937static void ndisc_recv_na(struct sk_buff *skb)
938{
939 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
940 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
941 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
942 u8 *lladdr = NULL;
943 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
944 offsetof(struct nd_msg, opt));
945 struct ndisc_options ndopts;
946 struct net_device *dev = skb->dev;
947 struct inet6_dev *idev = __in6_dev_get(dev);
948 struct inet6_ifaddr *ifp;
949 struct neighbour *neigh;
950
951 if (skb->len < sizeof(struct nd_msg)) {
952 ND_PRINTK(2, warn, "NA: packet too short\n");
953 return;
954 }
955
956 if (ipv6_addr_is_multicast(&msg->target)) {
957 ND_PRINTK(2, warn, "NA: target address is multicast\n");
958 return;
959 }
960
961 if (ipv6_addr_is_multicast(daddr) &&
962 msg->icmph.icmp6_solicited) {
963 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
964 return;
965 }
966
967
968
969
970
971 if (!msg->icmph.icmp6_solicited && idev &&
972 idev->cnf.drop_unsolicited_na)
973 return;
974
975 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
976 ND_PRINTK(2, warn, "NS: invalid ND option\n");
977 return;
978 }
979 if (ndopts.nd_opts_tgt_lladdr) {
980 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
981 if (!lladdr) {
982 ND_PRINTK(2, warn,
983 "NA: invalid link-layer address length\n");
984 return;
985 }
986 }
987 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
988 if (ifp) {
989 if (skb->pkt_type != PACKET_LOOPBACK
990 && (ifp->flags & IFA_F_TENTATIVE)) {
991 addrconf_dad_failure(skb, ifp);
992 return;
993 }
994
995
996
997
998
999
1000
1001
1002
1003 if (skb->pkt_type != PACKET_LOOPBACK)
1004 ND_PRINTK(1, warn,
1005 "NA: %pM advertised our address %pI6c on %s!\n",
1006 eth_hdr(skb)->h_source, &ifp->addr, ifp->idev->dev->name);
1007 in6_ifa_put(ifp);
1008 return;
1009 }
1010 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
1011
1012 if (neigh) {
1013 u8 old_flags = neigh->flags;
1014 struct net *net = dev_net(dev);
1015
1016 if (neigh->nud_state & NUD_FAILED)
1017 goto out;
1018
1019
1020
1021
1022
1023
1024 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
1025 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
1026 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
1027
1028 goto out;
1029 }
1030
1031 ndisc_update(dev, neigh, lladdr,
1032 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
1033 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1034 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
1035 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1036 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0),
1037 NDISC_NEIGHBOUR_ADVERTISEMENT, &ndopts);
1038
1039 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
1040
1041
1042
1043 rt6_clean_tohost(dev_net(dev), saddr);
1044 }
1045
1046out:
1047 neigh_release(neigh);
1048 }
1049}
1050
1051static void ndisc_recv_rs(struct sk_buff *skb)
1052{
1053 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
1054 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
1055 struct neighbour *neigh;
1056 struct inet6_dev *idev;
1057 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
1058 struct ndisc_options ndopts;
1059 u8 *lladdr = NULL;
1060
1061 if (skb->len < sizeof(*rs_msg))
1062 return;
1063
1064 idev = __in6_dev_get(skb->dev);
1065 if (!idev) {
1066 ND_PRINTK(1, err, "RS: can't find in6 device\n");
1067 return;
1068 }
1069
1070
1071 if (!idev->cnf.forwarding)
1072 goto out;
1073
1074
1075
1076
1077
1078 if (ipv6_addr_any(saddr))
1079 goto out;
1080
1081
1082 if (!ndisc_parse_options(skb->dev, rs_msg->opt, ndoptlen, &ndopts)) {
1083 ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n");
1084 goto out;
1085 }
1086
1087 if (ndopts.nd_opts_src_lladdr) {
1088 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1089 skb->dev);
1090 if (!lladdr)
1091 goto out;
1092 }
1093
1094 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1095 if (neigh) {
1096 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1097 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1098 NEIGH_UPDATE_F_OVERRIDE|
1099 NEIGH_UPDATE_F_OVERRIDE_ISROUTER,
1100 NDISC_ROUTER_SOLICITATION, &ndopts);
1101 neigh_release(neigh);
1102 }
1103out:
1104 return;
1105}
1106
1107static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1108{
1109 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1110 struct sk_buff *skb;
1111 struct nlmsghdr *nlh;
1112 struct nduseroptmsg *ndmsg;
1113 struct net *net = dev_net(ra->dev);
1114 int err;
1115 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1116 + (opt->nd_opt_len << 3));
1117 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1118
1119 skb = nlmsg_new(msg_size, GFP_ATOMIC);
1120 if (!skb) {
1121 err = -ENOBUFS;
1122 goto errout;
1123 }
1124
1125 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1126 if (!nlh) {
1127 goto nla_put_failure;
1128 }
1129
1130 ndmsg = nlmsg_data(nlh);
1131 ndmsg->nduseropt_family = AF_INET6;
1132 ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1133 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1134 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1135 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1136
1137 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1138
1139 if (nla_put_in6_addr(skb, NDUSEROPT_SRCADDR, &ipv6_hdr(ra)->saddr))
1140 goto nla_put_failure;
1141 nlmsg_end(skb, nlh);
1142
1143 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1144 return;
1145
1146nla_put_failure:
1147 nlmsg_free(skb);
1148 err = -EMSGSIZE;
1149errout:
1150 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1151}
1152
1153static void ndisc_router_discovery(struct sk_buff *skb)
1154{
1155 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1156 struct neighbour *neigh = NULL;
1157 struct inet6_dev *in6_dev;
1158 struct fib6_info *rt = NULL;
1159 struct net *net;
1160 int lifetime;
1161 struct ndisc_options ndopts;
1162 int optlen;
1163 unsigned int pref = 0;
1164 __u32 old_if_flags;
1165 bool send_ifinfo_notify = false;
1166
1167 __u8 *opt = (__u8 *)(ra_msg + 1);
1168
1169 optlen = (skb_tail_pointer(skb) - skb_transport_header(skb)) -
1170 sizeof(struct ra_msg);
1171
1172 ND_PRINTK(2, info,
1173 "RA: %s, dev: %s\n",
1174 __func__, skb->dev->name);
1175 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1176 ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1177 return;
1178 }
1179 if (optlen < 0) {
1180 ND_PRINTK(2, warn, "RA: packet too short\n");
1181 return;
1182 }
1183
1184#ifdef CONFIG_IPV6_NDISC_NODETYPE
1185 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1186 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
1187 return;
1188 }
1189#endif
1190
1191
1192
1193
1194
1195 in6_dev = __in6_dev_get(skb->dev);
1196 if (!in6_dev) {
1197 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1198 skb->dev->name);
1199 return;
1200 }
1201
1202 if (!ndisc_parse_options(skb->dev, opt, optlen, &ndopts)) {
1203 ND_PRINTK(2, warn, "RA: invalid ND options\n");
1204 return;
1205 }
1206
1207 if (!ipv6_accept_ra(in6_dev)) {
1208 ND_PRINTK(2, info,
1209 "RA: %s, did not accept ra for dev: %s\n",
1210 __func__, skb->dev->name);
1211 goto skip_linkparms;
1212 }
1213
1214#ifdef CONFIG_IPV6_NDISC_NODETYPE
1215
1216 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1217 ND_PRINTK(2, info,
1218 "RA: %s, nodetype is NODEFAULT, dev: %s\n",
1219 __func__, skb->dev->name);
1220 goto skip_linkparms;
1221 }
1222#endif
1223
1224 if (in6_dev->if_flags & IF_RS_SENT) {
1225
1226
1227
1228
1229 in6_dev->if_flags |= IF_RA_RCVD;
1230 }
1231
1232
1233
1234
1235
1236 old_if_flags = in6_dev->if_flags;
1237 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1238 IF_RA_OTHERCONF)) |
1239 (ra_msg->icmph.icmp6_addrconf_managed ?
1240 IF_RA_MANAGED : 0) |
1241 (ra_msg->icmph.icmp6_addrconf_other ?
1242 IF_RA_OTHERCONF : 0);
1243
1244 if (old_if_flags != in6_dev->if_flags)
1245 send_ifinfo_notify = true;
1246
1247 if (!in6_dev->cnf.accept_ra_defrtr) {
1248 ND_PRINTK(2, info,
1249 "RA: %s, defrtr is false for dev: %s\n",
1250 __func__, skb->dev->name);
1251 goto skip_defrtr;
1252 }
1253
1254
1255
1256
1257 net = dev_net(in6_dev->dev);
1258 if (!in6_dev->cnf.accept_ra_from_local &&
1259 ipv6_chk_addr(net, &ipv6_hdr(skb)->saddr, in6_dev->dev, 0)) {
1260 ND_PRINTK(2, info,
1261 "RA from local address detected on dev: %s: default router ignored\n",
1262 skb->dev->name);
1263 goto skip_defrtr;
1264 }
1265
1266 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1267
1268#ifdef CONFIG_IPV6_ROUTER_PREF
1269 pref = ra_msg->icmph.icmp6_router_pref;
1270
1271 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1272 !in6_dev->cnf.accept_ra_rtr_pref)
1273 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1274#endif
1275
1276 rt = rt6_get_dflt_router(net, &ipv6_hdr(skb)->saddr, skb->dev);
1277
1278 if (rt) {
1279 neigh = ip6_neigh_lookup(&rt->fib6_nh.nh_gw,
1280 rt->fib6_nh.nh_dev, NULL,
1281 &ipv6_hdr(skb)->saddr);
1282 if (!neigh) {
1283 ND_PRINTK(0, err,
1284 "RA: %s got default router without neighbour\n",
1285 __func__);
1286 fib6_info_release(rt);
1287 return;
1288 }
1289 }
1290 if (rt && lifetime == 0) {
1291 ip6_del_rt(net, rt);
1292 rt = NULL;
1293 }
1294
1295 ND_PRINTK(3, info, "RA: rt: %p lifetime: %d, for dev: %s\n",
1296 rt, lifetime, skb->dev->name);
1297 if (!rt && lifetime) {
1298 ND_PRINTK(3, info, "RA: adding default router\n");
1299
1300 rt = rt6_add_dflt_router(net, &ipv6_hdr(skb)->saddr,
1301 skb->dev, pref);
1302 if (!rt) {
1303 ND_PRINTK(0, err,
1304 "RA: %s failed to add default route\n",
1305 __func__);
1306 return;
1307 }
1308
1309 neigh = ip6_neigh_lookup(&rt->fib6_nh.nh_gw,
1310 rt->fib6_nh.nh_dev, NULL,
1311 &ipv6_hdr(skb)->saddr);
1312 if (!neigh) {
1313 ND_PRINTK(0, err,
1314 "RA: %s got default router without neighbour\n",
1315 __func__);
1316 fib6_info_release(rt);
1317 return;
1318 }
1319 neigh->flags |= NTF_ROUTER;
1320 } else if (rt) {
1321 rt->fib6_flags = (rt->fib6_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1322 }
1323
1324 if (rt)
1325 fib6_set_expires(rt, jiffies + (HZ * lifetime));
1326 if (in6_dev->cnf.accept_ra_min_hop_limit < 256 &&
1327 ra_msg->icmph.icmp6_hop_limit) {
1328 if (in6_dev->cnf.accept_ra_min_hop_limit <= ra_msg->icmph.icmp6_hop_limit) {
1329 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1330 fib6_metric_set(rt, RTAX_HOPLIMIT,
1331 ra_msg->icmph.icmp6_hop_limit);
1332 } else {
1333 ND_PRINTK(2, warn, "RA: Got route advertisement with lower hop_limit than minimum\n");
1334 }
1335 }
1336
1337skip_defrtr:
1338
1339
1340
1341
1342
1343 if (in6_dev->nd_parms) {
1344 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1345
1346 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1347 rtime = (rtime*HZ)/1000;
1348 if (rtime < HZ/10)
1349 rtime = HZ/10;
1350 NEIGH_VAR_SET(in6_dev->nd_parms, RETRANS_TIME, rtime);
1351 in6_dev->tstamp = jiffies;
1352 send_ifinfo_notify = true;
1353 }
1354
1355 rtime = ntohl(ra_msg->reachable_time);
1356 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1357 rtime = (rtime*HZ)/1000;
1358
1359 if (rtime < HZ/10)
1360 rtime = HZ/10;
1361
1362 if (rtime != NEIGH_VAR(in6_dev->nd_parms, BASE_REACHABLE_TIME)) {
1363 NEIGH_VAR_SET(in6_dev->nd_parms,
1364 BASE_REACHABLE_TIME, rtime);
1365 NEIGH_VAR_SET(in6_dev->nd_parms,
1366 GC_STALETIME, 3 * rtime);
1367 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1368 in6_dev->tstamp = jiffies;
1369 send_ifinfo_notify = true;
1370 }
1371 }
1372 }
1373
1374
1375
1376
1377 if (send_ifinfo_notify)
1378 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1379
1380skip_linkparms:
1381
1382
1383
1384
1385
1386 if (!neigh)
1387 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1388 skb->dev, 1);
1389 if (neigh) {
1390 u8 *lladdr = NULL;
1391 if (ndopts.nd_opts_src_lladdr) {
1392 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1393 skb->dev);
1394 if (!lladdr) {
1395 ND_PRINTK(2, warn,
1396 "RA: invalid link-layer address length\n");
1397 goto out;
1398 }
1399 }
1400 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1401 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1402 NEIGH_UPDATE_F_OVERRIDE|
1403 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1404 NEIGH_UPDATE_F_ISROUTER,
1405 NDISC_ROUTER_ADVERTISEMENT, &ndopts);
1406 }
1407
1408 if (!ipv6_accept_ra(in6_dev)) {
1409 ND_PRINTK(2, info,
1410 "RA: %s, accept_ra is false for dev: %s\n",
1411 __func__, skb->dev->name);
1412 goto out;
1413 }
1414
1415#ifdef CONFIG_IPV6_ROUTE_INFO
1416 if (!in6_dev->cnf.accept_ra_from_local &&
1417 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
1418 in6_dev->dev, 0)) {
1419 ND_PRINTK(2, info,
1420 "RA from local address detected on dev: %s: router info ignored.\n",
1421 skb->dev->name);
1422 goto skip_routeinfo;
1423 }
1424
1425 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1426 struct nd_opt_hdr *p;
1427 for (p = ndopts.nd_opts_ri;
1428 p;
1429 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1430 struct route_info *ri = (struct route_info *)p;
1431#ifdef CONFIG_IPV6_NDISC_NODETYPE
1432 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1433 ri->prefix_len == 0)
1434 continue;
1435#endif
1436 if (ri->prefix_len == 0 &&
1437 !in6_dev->cnf.accept_ra_defrtr)
1438 continue;
1439 if (ri->prefix_len < in6_dev->cnf.accept_ra_rt_info_min_plen)
1440 continue;
1441 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1442 continue;
1443 rt6_route_rcv(skb->dev, (u8 *)p, (p->nd_opt_len) << 3,
1444 &ipv6_hdr(skb)->saddr);
1445 }
1446 }
1447
1448skip_routeinfo:
1449#endif
1450
1451#ifdef CONFIG_IPV6_NDISC_NODETYPE
1452
1453 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1454 ND_PRINTK(2, info,
1455 "RA: %s, nodetype is NODEFAULT (interior routes), dev: %s\n",
1456 __func__, skb->dev->name);
1457 goto out;
1458 }
1459#endif
1460
1461 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1462 struct nd_opt_hdr *p;
1463 for (p = ndopts.nd_opts_pi;
1464 p;
1465 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1466 addrconf_prefix_rcv(skb->dev, (u8 *)p,
1467 (p->nd_opt_len) << 3,
1468 ndopts.nd_opts_src_lladdr != NULL);
1469 }
1470 }
1471
1472 if (ndopts.nd_opts_mtu && in6_dev->cnf.accept_ra_mtu) {
1473 __be32 n;
1474 u32 mtu;
1475
1476 memcpy(&n, ((u8 *)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1477 mtu = ntohl(n);
1478
1479 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1480 ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1481 } else if (in6_dev->cnf.mtu6 != mtu) {
1482 in6_dev->cnf.mtu6 = mtu;
1483 fib6_metric_set(rt, RTAX_MTU, mtu);
1484 rt6_mtu_change(skb->dev, mtu);
1485 }
1486 }
1487
1488 if (ndopts.nd_useropts) {
1489 struct nd_opt_hdr *p;
1490 for (p = ndopts.nd_useropts;
1491 p;
1492 p = ndisc_next_useropt(skb->dev, p,
1493 ndopts.nd_useropts_end)) {
1494 ndisc_ra_useropt(skb, p);
1495 }
1496 }
1497
1498 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1499 ND_PRINTK(2, warn, "RA: invalid RA options\n");
1500 }
1501out:
1502 fib6_info_release(rt);
1503 if (neigh)
1504 neigh_release(neigh);
1505}
1506
1507static void ndisc_redirect_rcv(struct sk_buff *skb)
1508{
1509 u8 *hdr;
1510 struct ndisc_options ndopts;
1511 struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb);
1512 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
1513 offsetof(struct rd_msg, opt));
1514
1515#ifdef CONFIG_IPV6_NDISC_NODETYPE
1516 switch (skb->ndisc_nodetype) {
1517 case NDISC_NODETYPE_HOST:
1518 case NDISC_NODETYPE_NODEFAULT:
1519 ND_PRINTK(2, warn,
1520 "Redirect: from host or unauthorized router\n");
1521 return;
1522 }
1523#endif
1524
1525 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1526 ND_PRINTK(2, warn,
1527 "Redirect: source address is not link-local\n");
1528 return;
1529 }
1530
1531 if (!ndisc_parse_options(skb->dev, msg->opt, ndoptlen, &ndopts))
1532 return;
1533
1534 if (!ndopts.nd_opts_rh) {
1535 ip6_redirect_no_header(skb, dev_net(skb->dev),
1536 skb->dev->ifindex);
1537 return;
1538 }
1539
1540 hdr = (u8 *)ndopts.nd_opts_rh;
1541 hdr += 8;
1542 if (!pskb_pull(skb, hdr - skb_transport_header(skb)))
1543 return;
1544
1545 icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1546}
1547
1548static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb,
1549 struct sk_buff *orig_skb,
1550 int rd_len)
1551{
1552 u8 *opt = skb_put(skb, rd_len);
1553
1554 memset(opt, 0, 8);
1555 *(opt++) = ND_OPT_REDIRECT_HDR;
1556 *(opt++) = (rd_len >> 3);
1557 opt += 6;
1558
1559 skb_copy_bits(orig_skb, skb_network_offset(orig_skb), opt,
1560 rd_len - 8);
1561}
1562
1563void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1564{
1565 struct net_device *dev = skb->dev;
1566 struct net *net = dev_net(dev);
1567 struct sock *sk = net->ipv6.ndisc_sk;
1568 int optlen = 0;
1569 struct inet_peer *peer;
1570 struct sk_buff *buff;
1571 struct rd_msg *msg;
1572 struct in6_addr saddr_buf;
1573 struct rt6_info *rt;
1574 struct dst_entry *dst;
1575 struct flowi6 fl6;
1576 int rd_len;
1577 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL,
1578 ops_data_buf[NDISC_OPS_REDIRECT_DATA_SPACE], *ops_data = NULL;
1579 bool ret;
1580
1581 if (netif_is_l3_master(skb->dev)) {
1582 dev = __dev_get_by_index(dev_net(skb->dev), IPCB(skb)->iif);
1583 if (!dev)
1584 return;
1585 }
1586
1587 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1588 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1589 dev->name);
1590 return;
1591 }
1592
1593 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1594 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1595 ND_PRINTK(2, warn,
1596 "Redirect: target address is not link-local unicast\n");
1597 return;
1598 }
1599
1600 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1601 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1602
1603 dst = ip6_route_output(net, NULL, &fl6);
1604 if (dst->error) {
1605 dst_release(dst);
1606 return;
1607 }
1608 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1609 if (IS_ERR(dst))
1610 return;
1611
1612 rt = (struct rt6_info *) dst;
1613
1614 if (rt->rt6i_flags & RTF_GATEWAY) {
1615 ND_PRINTK(2, warn,
1616 "Redirect: destination is not a neighbour\n");
1617 goto release;
1618 }
1619 peer = inet_getpeer_v6(net->ipv6.peers, &ipv6_hdr(skb)->saddr, 1);
1620 ret = inet_peer_xrlim_allow(peer, 1*HZ);
1621 if (peer)
1622 inet_putpeer(peer);
1623 if (!ret)
1624 goto release;
1625
1626 if (dev->addr_len) {
1627 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1628 if (!neigh) {
1629 ND_PRINTK(2, warn,
1630 "Redirect: no neigh for target address\n");
1631 goto release;
1632 }
1633
1634 read_lock_bh(&neigh->lock);
1635 if (neigh->nud_state & NUD_VALID) {
1636 memcpy(ha_buf, neigh->ha, dev->addr_len);
1637 read_unlock_bh(&neigh->lock);
1638 ha = ha_buf;
1639 optlen += ndisc_redirect_opt_addr_space(dev, neigh,
1640 ops_data_buf,
1641 &ops_data);
1642 } else
1643 read_unlock_bh(&neigh->lock);
1644
1645 neigh_release(neigh);
1646 }
1647
1648 rd_len = min_t(unsigned int,
1649 IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen,
1650 skb->len + 8);
1651 rd_len &= ~0x7;
1652 optlen += rd_len;
1653
1654 buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
1655 if (!buff)
1656 goto release;
1657
1658 msg = skb_put(buff, sizeof(*msg));
1659 *msg = (struct rd_msg) {
1660 .icmph = {
1661 .icmp6_type = NDISC_REDIRECT,
1662 },
1663 .target = *target,
1664 .dest = ipv6_hdr(skb)->daddr,
1665 };
1666
1667
1668
1669
1670
1671 if (ha)
1672 ndisc_fill_redirect_addr_option(buff, ha, ops_data);
1673
1674
1675
1676
1677
1678 if (rd_len)
1679 ndisc_fill_redirect_hdr_option(buff, skb, rd_len);
1680
1681 skb_dst_set(buff, dst);
1682 ndisc_send_skb(buff, &ipv6_hdr(skb)->saddr, &saddr_buf);
1683 return;
1684
1685release:
1686 dst_release(dst);
1687}
1688
1689static void pndisc_redo(struct sk_buff *skb)
1690{
1691 ndisc_recv_ns(skb);
1692 kfree_skb(skb);
1693}
1694
1695static bool ndisc_suppress_frag_ndisc(struct sk_buff *skb)
1696{
1697 struct inet6_dev *idev = __in6_dev_get(skb->dev);
1698
1699 if (!idev)
1700 return true;
1701 if (IP6CB(skb)->flags & IP6SKB_FRAGMENTED &&
1702 idev->cnf.suppress_frag_ndisc) {
1703 net_warn_ratelimited("Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.\n");
1704 return true;
1705 }
1706 return false;
1707}
1708
1709int ndisc_rcv(struct sk_buff *skb)
1710{
1711 struct nd_msg *msg;
1712
1713 if (ndisc_suppress_frag_ndisc(skb))
1714 return 0;
1715
1716 if (skb_linearize(skb))
1717 return 0;
1718
1719 msg = (struct nd_msg *)skb_transport_header(skb);
1720
1721 __skb_push(skb, skb->data - skb_transport_header(skb));
1722
1723 if (ipv6_hdr(skb)->hop_limit != 255) {
1724 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1725 ipv6_hdr(skb)->hop_limit);
1726 return 0;
1727 }
1728
1729 if (msg->icmph.icmp6_code != 0) {
1730 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1731 msg->icmph.icmp6_code);
1732 return 0;
1733 }
1734
1735 switch (msg->icmph.icmp6_type) {
1736 case NDISC_NEIGHBOUR_SOLICITATION:
1737 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1738 ndisc_recv_ns(skb);
1739 break;
1740
1741 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1742 ndisc_recv_na(skb);
1743 break;
1744
1745 case NDISC_ROUTER_SOLICITATION:
1746 ndisc_recv_rs(skb);
1747 break;
1748
1749 case NDISC_ROUTER_ADVERTISEMENT:
1750 ndisc_router_discovery(skb);
1751 break;
1752
1753 case NDISC_REDIRECT:
1754 ndisc_redirect_rcv(skb);
1755 break;
1756 }
1757
1758 return 0;
1759}
1760
1761static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1762{
1763 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1764 struct netdev_notifier_change_info *change_info;
1765 struct net *net = dev_net(dev);
1766 struct inet6_dev *idev;
1767
1768 switch (event) {
1769 case NETDEV_CHANGEADDR:
1770 neigh_changeaddr(&nd_tbl, dev);
1771 fib6_run_gc(0, net, false);
1772
1773 case NETDEV_UP:
1774 idev = in6_dev_get(dev);
1775 if (!idev)
1776 break;
1777 if (idev->cnf.ndisc_notify ||
1778 net->ipv6.devconf_all->ndisc_notify)
1779 ndisc_send_unsol_na(dev);
1780 in6_dev_put(idev);
1781 break;
1782 case NETDEV_CHANGE:
1783 change_info = ptr;
1784 if (change_info->flags_changed & IFF_NOARP)
1785 neigh_changeaddr(&nd_tbl, dev);
1786 if (!netif_carrier_ok(dev))
1787 neigh_carrier_down(&nd_tbl, dev);
1788 break;
1789 case NETDEV_DOWN:
1790 neigh_ifdown(&nd_tbl, dev);
1791 fib6_run_gc(0, net, false);
1792 break;
1793 case NETDEV_NOTIFY_PEERS:
1794 ndisc_send_unsol_na(dev);
1795 break;
1796 default:
1797 break;
1798 }
1799
1800 return NOTIFY_DONE;
1801}
1802
1803static struct notifier_block ndisc_netdev_notifier = {
1804 .notifier_call = ndisc_netdev_event,
1805 .priority = ADDRCONF_NOTIFY_PRIORITY - 5,
1806};
1807
1808#ifdef CONFIG_SYSCTL
1809static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1810 const char *func, const char *dev_name)
1811{
1812 static char warncomm[TASK_COMM_LEN];
1813 static int warned;
1814 if (strcmp(warncomm, current->comm) && warned < 5) {
1815 strcpy(warncomm, current->comm);
1816 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1817 warncomm, func,
1818 dev_name, ctl->procname,
1819 dev_name, ctl->procname);
1820 warned++;
1821 }
1822}
1823
1824int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
1825{
1826 struct net_device *dev = ctl->extra1;
1827 struct inet6_dev *idev;
1828 int ret;
1829
1830 if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1831 (strcmp(ctl->procname, "base_reachable_time") == 0))
1832 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1833
1834 if (strcmp(ctl->procname, "retrans_time") == 0)
1835 ret = neigh_proc_dointvec(ctl, write, buffer, lenp, ppos);
1836
1837 else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1838 ret = neigh_proc_dointvec_jiffies(ctl, write,
1839 buffer, lenp, ppos);
1840
1841 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1842 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1843 ret = neigh_proc_dointvec_ms_jiffies(ctl, write,
1844 buffer, lenp, ppos);
1845 else
1846 ret = -1;
1847
1848 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1849 if (ctl->data == &NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME))
1850 idev->nd_parms->reachable_time =
1851 neigh_rand_reach_time(NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME));
1852 idev->tstamp = jiffies;
1853 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1854 in6_dev_put(idev);
1855 }
1856 return ret;
1857}
1858
1859
1860#endif
1861
1862static int __net_init ndisc_net_init(struct net *net)
1863{
1864 struct ipv6_pinfo *np;
1865 struct sock *sk;
1866 int err;
1867
1868 err = inet_ctl_sock_create(&sk, PF_INET6,
1869 SOCK_RAW, IPPROTO_ICMPV6, net);
1870 if (err < 0) {
1871 ND_PRINTK(0, err,
1872 "NDISC: Failed to initialize the control socket (err %d)\n",
1873 err);
1874 return err;
1875 }
1876
1877 net->ipv6.ndisc_sk = sk;
1878
1879 np = inet6_sk(sk);
1880 np->hop_limit = 255;
1881
1882 np->mc_loop = 0;
1883
1884 return 0;
1885}
1886
1887static void __net_exit ndisc_net_exit(struct net *net)
1888{
1889 inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1890}
1891
1892static struct pernet_operations ndisc_net_ops = {
1893 .init = ndisc_net_init,
1894 .exit = ndisc_net_exit,
1895};
1896
1897int __init ndisc_init(void)
1898{
1899 int err;
1900
1901 err = register_pernet_subsys(&ndisc_net_ops);
1902 if (err)
1903 return err;
1904
1905
1906
1907 neigh_table_init(NEIGH_ND_TABLE, &nd_tbl);
1908
1909#ifdef CONFIG_SYSCTL
1910 err = neigh_sysctl_register(NULL, &nd_tbl.parms,
1911 ndisc_ifinfo_sysctl_change);
1912 if (err)
1913 goto out_unregister_pernet;
1914out:
1915#endif
1916 return err;
1917
1918#ifdef CONFIG_SYSCTL
1919out_unregister_pernet:
1920 unregister_pernet_subsys(&ndisc_net_ops);
1921 goto out;
1922#endif
1923}
1924
1925int __init ndisc_late_init(void)
1926{
1927 return register_netdevice_notifier(&ndisc_netdev_notifier);
1928}
1929
1930void ndisc_late_cleanup(void)
1931{
1932 unregister_netdevice_notifier(&ndisc_netdev_notifier);
1933}
1934
1935void ndisc_cleanup(void)
1936{
1937#ifdef CONFIG_SYSCTL
1938 neigh_sysctl_unregister(&nd_tbl.parms);
1939#endif
1940 neigh_table_clear(NEIGH_ND_TABLE, &nd_tbl);
1941 unregister_pernet_subsys(&ndisc_net_ops);
1942}
1943
