1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26#define pr_fmt(fmt) "ICMPv6: " fmt
27
28#include <linux/module.h>
29#include <linux/errno.h>
30#include <linux/types.h>
31#include <linux/socket.h>
32#include <linux/sockios.h>
33#include <linux/sched.h>
34#include <linux/net.h>
35#include <linux/in6.h>
36#include <linux/route.h>
37#include <linux/init.h>
38#include <linux/rcupdate.h>
39#include <linux/slab.h>
40#ifdef CONFIG_SYSCTL
41#include <linux/sysctl.h>
42#endif
43
44#include <linux/if_addr.h>
45#include <linux/if_ether.h>
46#include <linux/if_arp.h>
47#include <linux/ipv6.h>
48#include <linux/icmpv6.h>
49#include <linux/jhash.h>
50
51#include <net/sock.h>
52#include <net/snmp.h>
53
54#include <net/ipv6.h>
55#include <net/protocol.h>
56#include <net/ndisc.h>
57#include <net/ip6_route.h>
58#include <net/addrconf.h>
59#include <net/icmp.h>
60
61#include <net/netlink.h>
62#include <linux/rtnetlink.h>
63
64#include <net/flow.h>
65#include <net/ip6_checksum.h>
66#include <net/inet_common.h>
67#include <linux/proc_fs.h>
68
69#include <linux/netfilter.h>
70#include <linux/netfilter_ipv6.h>
71
72static u32 ndisc_hash(const void *pkey,
73 const struct net_device *dev,
74 __u32 *hash_rnd);
75static bool ndisc_key_eq(const struct neighbour *neigh, const void *pkey);
76static bool ndisc_allow_add(const struct net_device *dev,
77 struct netlink_ext_ack *extack);
78static int ndisc_constructor(struct neighbour *neigh);
79static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
80static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
81static int pndisc_constructor(struct pneigh_entry *n);
82static void pndisc_destructor(struct pneigh_entry *n);
83static void pndisc_redo(struct sk_buff *skb);
84static int ndisc_is_multicast(const void *pkey);
85
86static const struct neigh_ops ndisc_generic_ops = {
87 .family = AF_INET6,
88 .solicit = ndisc_solicit,
89 .error_report = ndisc_error_report,
90 .output = neigh_resolve_output,
91 .connected_output = neigh_connected_output,
92};
93
94static const struct neigh_ops ndisc_hh_ops = {
95 .family = AF_INET6,
96 .solicit = ndisc_solicit,
97 .error_report = ndisc_error_report,
98 .output = neigh_resolve_output,
99 .connected_output = neigh_resolve_output,
100};
101
102
103static const struct neigh_ops ndisc_direct_ops = {
104 .family = AF_INET6,
105 .output = neigh_direct_output,
106 .connected_output = neigh_direct_output,
107};
108
109struct neigh_table nd_tbl = {
110 .family = AF_INET6,
111 .key_len = sizeof(struct in6_addr),
112 .protocol = cpu_to_be16(ETH_P_IPV6),
113 .hash = ndisc_hash,
114 .key_eq = ndisc_key_eq,
115 .constructor = ndisc_constructor,
116 .pconstructor = pndisc_constructor,
117 .pdestructor = pndisc_destructor,
118 .proxy_redo = pndisc_redo,
119 .is_multicast = ndisc_is_multicast,
120 .allow_add = ndisc_allow_add,
121 .id = "ndisc_cache",
122 .parms = {
123 .tbl = &nd_tbl,
124 .reachable_time = ND_REACHABLE_TIME,
125 .data = {
126 [NEIGH_VAR_MCAST_PROBES] = 3,
127 [NEIGH_VAR_UCAST_PROBES] = 3,
128 [NEIGH_VAR_RETRANS_TIME] = ND_RETRANS_TIMER,
129 [NEIGH_VAR_BASE_REACHABLE_TIME] = ND_REACHABLE_TIME,
130 [NEIGH_VAR_DELAY_PROBE_TIME] = 5 * HZ,
131 [NEIGH_VAR_GC_STALETIME] = 60 * HZ,
132 [NEIGH_VAR_QUEUE_LEN_BYTES] = SK_WMEM_MAX,
133 [NEIGH_VAR_PROXY_QLEN] = 64,
134 [NEIGH_VAR_ANYCAST_DELAY] = 1 * HZ,
135 [NEIGH_VAR_PROXY_DELAY] = (8 * HZ) / 10,
136 },
137 },
138 .gc_interval = 30 * HZ,
139 .gc_thresh1 = 128,
140 .gc_thresh2 = 512,
141 .gc_thresh3 = 1024,
142};
143EXPORT_SYMBOL_GPL(nd_tbl);
144
145void __ndisc_fill_addr_option(struct sk_buff *skb, int type, void *data,
146 int data_len, int pad)
147{
148 int space = __ndisc_opt_addr_space(data_len, pad);
149 u8 *opt = skb_put(skb, space);
150
151 opt[0] = type;
152 opt[1] = space>>3;
153
154 memset(opt + 2, 0, pad);
155 opt += pad;
156 space -= pad;
157
158 memcpy(opt+2, data, data_len);
159 data_len += 2;
160 opt += data_len;
161 space -= data_len;
162 if (space > 0)
163 memset(opt, 0, space);
164}
165EXPORT_SYMBOL_GPL(__ndisc_fill_addr_option);
166
167static inline void ndisc_fill_addr_option(struct sk_buff *skb, int type,
168 void *data, u8 icmp6_type)
169{
170 __ndisc_fill_addr_option(skb, type, data, skb->dev->addr_len,
171 ndisc_addr_option_pad(skb->dev->type));
172 ndisc_ops_fill_addr_option(skb->dev, skb, icmp6_type);
173}
174
175static inline void ndisc_fill_redirect_addr_option(struct sk_buff *skb,
176 void *ha,
177 const u8 *ops_data)
178{
179 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR, ha, NDISC_REDIRECT);
180 ndisc_ops_fill_redirect_addr_option(skb->dev, skb, ops_data);
181}
182
183static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
184 struct nd_opt_hdr *end)
185{
186 int type;
187 if (!cur || !end || cur >= end)
188 return NULL;
189 type = cur->nd_opt_type;
190 do {
191 cur = ((void *)cur) + (cur->nd_opt_len << 3);
192 } while (cur < end && cur->nd_opt_type != type);
193 return cur <= end && cur->nd_opt_type == type ? cur : NULL;
194}
195
196static inline int ndisc_is_useropt(const struct net_device *dev,
197 struct nd_opt_hdr *opt)
198{
199 return opt->nd_opt_type == ND_OPT_RDNSS ||
200 opt->nd_opt_type == ND_OPT_DNSSL ||
201 opt->nd_opt_type == ND_OPT_CAPTIVE_PORTAL ||
202 opt->nd_opt_type == ND_OPT_PREF64 ||
203 ndisc_ops_is_useropt(dev, opt->nd_opt_type);
204}
205
206static struct nd_opt_hdr *ndisc_next_useropt(const struct net_device *dev,
207 struct nd_opt_hdr *cur,
208 struct nd_opt_hdr *end)
209{
210 if (!cur || !end || cur >= end)
211 return NULL;
212 do {
213 cur = ((void *)cur) + (cur->nd_opt_len << 3);
214 } while (cur < end && !ndisc_is_useropt(dev, cur));
215 return cur <= end && ndisc_is_useropt(dev, cur) ? cur : NULL;
216}
217
218struct ndisc_options *ndisc_parse_options(const struct net_device *dev,
219 u8 *opt, int opt_len,
220 struct ndisc_options *ndopts)
221{
222 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
223
224 if (!nd_opt || opt_len < 0 || !ndopts)
225 return NULL;
226 memset(ndopts, 0, sizeof(*ndopts));
227 while (opt_len) {
228 int l;
229 if (opt_len < sizeof(struct nd_opt_hdr))
230 return NULL;
231 l = nd_opt->nd_opt_len << 3;
232 if (opt_len < l || l == 0)
233 return NULL;
234 if (ndisc_ops_parse_options(dev, nd_opt, ndopts))
235 goto next_opt;
236 switch (nd_opt->nd_opt_type) {
237 case ND_OPT_SOURCE_LL_ADDR:
238 case ND_OPT_TARGET_LL_ADDR:
239 case ND_OPT_MTU:
240 case ND_OPT_NONCE:
241 case ND_OPT_REDIRECT_HDR:
242 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
243 ND_PRINTK(2, warn,
244 "%s: duplicated ND6 option found: type=%d\n",
245 __func__, nd_opt->nd_opt_type);
246 } else {
247 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
248 }
249 break;
250 case ND_OPT_PREFIX_INFO:
251 ndopts->nd_opts_pi_end = nd_opt;
252 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
253 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
254 break;
255#ifdef CONFIG_IPV6_ROUTE_INFO
256 case ND_OPT_ROUTE_INFO:
257 ndopts->nd_opts_ri_end = nd_opt;
258 if (!ndopts->nd_opts_ri)
259 ndopts->nd_opts_ri = nd_opt;
260 break;
261#endif
262 default:
263 if (ndisc_is_useropt(dev, nd_opt)) {
264 ndopts->nd_useropts_end = nd_opt;
265 if (!ndopts->nd_useropts)
266 ndopts->nd_useropts = nd_opt;
267 } else {
268
269
270
271
272
273 ND_PRINTK(2, notice,
274 "%s: ignored unsupported option; type=%d, len=%d\n",
275 __func__,
276 nd_opt->nd_opt_type,
277 nd_opt->nd_opt_len);
278 }
279 }
280next_opt:
281 opt_len -= l;
282 nd_opt = ((void *)nd_opt) + l;
283 }
284 return ndopts;
285}
286
287int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
288{
289 switch (dev->type) {
290 case ARPHRD_ETHER:
291 case ARPHRD_IEEE802:
292 case ARPHRD_FDDI:
293 ipv6_eth_mc_map(addr, buf);
294 return 0;
295 case ARPHRD_ARCNET:
296 ipv6_arcnet_mc_map(addr, buf);
297 return 0;
298 case ARPHRD_INFINIBAND:
299 ipv6_ib_mc_map(addr, dev->broadcast, buf);
300 return 0;
301 case ARPHRD_IPGRE:
302 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
303 default:
304 if (dir) {
305 memcpy(buf, dev->broadcast, dev->addr_len);
306 return 0;
307 }
308 }
309 return -EINVAL;
310}
311EXPORT_SYMBOL(ndisc_mc_map);
312
313static u32 ndisc_hash(const void *pkey,
314 const struct net_device *dev,
315 __u32 *hash_rnd)
316{
317 return ndisc_hashfn(pkey, dev, hash_rnd);
318}
319
320static bool ndisc_key_eq(const struct neighbour *n, const void *pkey)
321{
322 return neigh_key_eq128(n, pkey);
323}
324
325static int ndisc_constructor(struct neighbour *neigh)
326{
327 struct in6_addr *addr = (struct in6_addr *)&neigh->primary_key;
328 struct net_device *dev = neigh->dev;
329 struct inet6_dev *in6_dev;
330 struct neigh_parms *parms;
331 bool is_multicast = ipv6_addr_is_multicast(addr);
332
333 in6_dev = in6_dev_get(dev);
334 if (!in6_dev) {
335 return -EINVAL;
336 }
337
338 parms = in6_dev->nd_parms;
339 __neigh_parms_put(neigh->parms);
340 neigh->parms = neigh_parms_clone(parms);
341
342 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
343 if (!dev->header_ops) {
344 neigh->nud_state = NUD_NOARP;
345 neigh->ops = &ndisc_direct_ops;
346 neigh->output = neigh_direct_output;
347 } else {
348 if (is_multicast) {
349 neigh->nud_state = NUD_NOARP;
350 ndisc_mc_map(addr, neigh->ha, dev, 1);
351 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
352 neigh->nud_state = NUD_NOARP;
353 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
354 if (dev->flags&IFF_LOOPBACK)
355 neigh->type = RTN_LOCAL;
356 } else if (dev->flags&IFF_POINTOPOINT) {
357 neigh->nud_state = NUD_NOARP;
358 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
359 }
360 if (dev->header_ops->cache)
361 neigh->ops = &ndisc_hh_ops;
362 else
363 neigh->ops = &ndisc_generic_ops;
364 if (neigh->nud_state&NUD_VALID)
365 neigh->output = neigh->ops->connected_output;
366 else
367 neigh->output = neigh->ops->output;
368 }
369 in6_dev_put(in6_dev);
370 return 0;
371}
372
373static int pndisc_constructor(struct pneigh_entry *n)
374{
375 struct in6_addr *addr = (struct in6_addr *)&n->key;
376 struct in6_addr maddr;
377 struct net_device *dev = n->dev;
378
379 if (!dev || !__in6_dev_get(dev))
380 return -EINVAL;
381 addrconf_addr_solict_mult(addr, &maddr);
382 ipv6_dev_mc_inc(dev, &maddr);
383 return 0;
384}
385
386static void pndisc_destructor(struct pneigh_entry *n)
387{
388 struct in6_addr *addr = (struct in6_addr *)&n->key;
389 struct in6_addr maddr;
390 struct net_device *dev = n->dev;
391
392 if (!dev || !__in6_dev_get(dev))
393 return;
394 addrconf_addr_solict_mult(addr, &maddr);
395 ipv6_dev_mc_dec(dev, &maddr);
396}
397
398
399static bool ndisc_allow_add(const struct net_device *dev,
400 struct netlink_ext_ack *extack)
401{
402 struct inet6_dev *idev = __in6_dev_get(dev);
403
404 if (!idev || idev->cnf.disable_ipv6) {
405 NL_SET_ERR_MSG(extack, "IPv6 is disabled on this device");
406 return false;
407 }
408
409 return true;
410}
411
412static struct sk_buff *ndisc_alloc_skb(struct net_device *dev,
413 int len)
414{
415 int hlen = LL_RESERVED_SPACE(dev);
416 int tlen = dev->needed_tailroom;
417 struct sock *sk = dev_net(dev)->ipv6.ndisc_sk;
418 struct sk_buff *skb;
419
420 skb = alloc_skb(hlen + sizeof(struct ipv6hdr) + len + tlen, GFP_ATOMIC);
421 if (!skb) {
422 ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb\n",
423 __func__);
424 return NULL;
425 }
426
427 skb->protocol = htons(ETH_P_IPV6);
428 skb->dev = dev;
429
430 skb_reserve(skb, hlen + sizeof(struct ipv6hdr));
431 skb_reset_transport_header(skb);
432
433
434
435
436 skb_set_owner_w(skb, sk);
437
438 return skb;
439}
440
441static void ip6_nd_hdr(struct sk_buff *skb,
442 const struct in6_addr *saddr,
443 const struct in6_addr *daddr,
444 int hop_limit, int len)
445{
446 struct ipv6hdr *hdr;
447 struct inet6_dev *idev;
448 unsigned tclass;
449
450 rcu_read_lock();
451 idev = __in6_dev_get(skb->dev);
452 tclass = idev ? idev->cnf.ndisc_tclass : 0;
453 rcu_read_unlock();
454
455 skb_push(skb, sizeof(*hdr));
456 skb_reset_network_header(skb);
457 hdr = ipv6_hdr(skb);
458
459 ip6_flow_hdr(hdr, tclass, 0);
460
461 hdr->payload_len = htons(len);
462 hdr->nexthdr = IPPROTO_ICMPV6;
463 hdr->hop_limit = hop_limit;
464
465 hdr->saddr = *saddr;
466 hdr->daddr = *daddr;
467}
468
469static void ndisc_send_skb(struct sk_buff *skb,
470 const struct in6_addr *daddr,
471 const struct in6_addr *saddr)
472{
473 struct dst_entry *dst = skb_dst(skb);
474 struct net *net = dev_net(skb->dev);
475 struct sock *sk = net->ipv6.ndisc_sk;
476 struct inet6_dev *idev;
477 int err;
478 struct icmp6hdr *icmp6h = icmp6_hdr(skb);
479 u8 type;
480
481 type = icmp6h->icmp6_type;
482
483 if (!dst) {
484 struct flowi6 fl6;
485 int oif = skb->dev->ifindex;
486
487 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, oif);
488 dst = icmp6_dst_alloc(skb->dev, &fl6);
489 if (IS_ERR(dst)) {
490 kfree_skb(skb);
491 return;
492 }
493
494 skb_dst_set(skb, dst);
495 }
496
497 icmp6h->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len,
498 IPPROTO_ICMPV6,
499 csum_partial(icmp6h,
500 skb->len, 0));
501
502 ip6_nd_hdr(skb, saddr, daddr, inet6_sk(sk)->hop_limit, skb->len);
503
504 rcu_read_lock();
505 idev = __in6_dev_get(dst->dev);
506 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
507
508 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT,
509 net, sk, skb, NULL, dst->dev,
510 dst_output);
511 if (!err) {
512 ICMP6MSGOUT_INC_STATS(net, idev, type);
513 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
514 }
515
516 rcu_read_unlock();
517}
518
519void ndisc_send_na(struct net_device *dev, const struct in6_addr *daddr,
520 const struct in6_addr *solicited_addr,
521 bool router, bool solicited, bool override, bool inc_opt)
522{
523 struct sk_buff *skb;
524 struct in6_addr tmpaddr;
525 struct inet6_ifaddr *ifp;
526 const struct in6_addr *src_addr;
527 struct nd_msg *msg;
528 int optlen = 0;
529
530
531 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
532 if (ifp) {
533 src_addr = solicited_addr;
534 if (ifp->flags & IFA_F_OPTIMISTIC)
535 override = false;
536 inc_opt |= ifp->idev->cnf.force_tllao;
537 in6_ifa_put(ifp);
538 } else {
539 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
540 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
541 &tmpaddr))
542 return;
543 src_addr = &tmpaddr;
544 }
545
546 if (!dev->addr_len)
547 inc_opt = false;
548 if (inc_opt)
549 optlen += ndisc_opt_addr_space(dev,
550 NDISC_NEIGHBOUR_ADVERTISEMENT);
551
552 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
553 if (!skb)
554 return;
555
556 msg = skb_put(skb, sizeof(*msg));
557 *msg = (struct nd_msg) {
558 .icmph = {
559 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
560 .icmp6_router = router,
561 .icmp6_solicited = solicited,
562 .icmp6_override = override,
563 },
564 .target = *solicited_addr,
565 };
566
567 if (inc_opt)
568 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR,
569 dev->dev_addr,
570 NDISC_NEIGHBOUR_ADVERTISEMENT);
571
572 ndisc_send_skb(skb, daddr, src_addr);
573}
574
575static void ndisc_send_unsol_na(struct net_device *dev)
576{
577 struct inet6_dev *idev;
578 struct inet6_ifaddr *ifa;
579
580 idev = in6_dev_get(dev);
581 if (!idev)
582 return;
583
584 read_lock_bh(&idev->lock);
585 list_for_each_entry(ifa, &idev->addr_list, if_list) {
586
587 if (ifa->flags & IFA_F_TENTATIVE &&
588 !(ifa->flags & IFA_F_OPTIMISTIC))
589 continue;
590
591 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &ifa->addr,
592 !!idev->cnf.forwarding,
593 false, true,
594 true);
595 }
596 read_unlock_bh(&idev->lock);
597
598 in6_dev_put(idev);
599}
600
601void ndisc_send_ns(struct net_device *dev, const struct in6_addr *solicit,
602 const struct in6_addr *daddr, const struct in6_addr *saddr,
603 u64 nonce)
604{
605 struct sk_buff *skb;
606 struct in6_addr addr_buf;
607 int inc_opt = dev->addr_len;
608 int optlen = 0;
609 struct nd_msg *msg;
610
611 if (!saddr) {
612 if (ipv6_get_lladdr(dev, &addr_buf,
613 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
614 return;
615 saddr = &addr_buf;
616 }
617
618 if (ipv6_addr_any(saddr))
619 inc_opt = false;
620 if (inc_opt)
621 optlen += ndisc_opt_addr_space(dev,
622 NDISC_NEIGHBOUR_SOLICITATION);
623 if (nonce != 0)
624 optlen += 8;
625
626 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
627 if (!skb)
628 return;
629
630 msg = skb_put(skb, sizeof(*msg));
631 *msg = (struct nd_msg) {
632 .icmph = {
633 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
634 },
635 .target = *solicit,
636 };
637
638 if (inc_opt)
639 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
640 dev->dev_addr,
641 NDISC_NEIGHBOUR_SOLICITATION);
642 if (nonce != 0) {
643 u8 *opt = skb_put(skb, 8);
644
645 opt[0] = ND_OPT_NONCE;
646 opt[1] = 8 >> 3;
647 memcpy(opt + 2, &nonce, 6);
648 }
649
650 ndisc_send_skb(skb, daddr, saddr);
651}
652
653void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
654 const struct in6_addr *daddr)
655{
656 struct sk_buff *skb;
657 struct rs_msg *msg;
658 int send_sllao = dev->addr_len;
659 int optlen = 0;
660
661#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
662
663
664
665
666
667
668
669
670 if (send_sllao) {
671 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
672 dev, 1);
673 if (ifp) {
674 if (ifp->flags & IFA_F_OPTIMISTIC) {
675 send_sllao = 0;
676 }
677 in6_ifa_put(ifp);
678 } else {
679 send_sllao = 0;
680 }
681 }
682#endif
683 if (send_sllao)
684 optlen += ndisc_opt_addr_space(dev, NDISC_ROUTER_SOLICITATION);
685
686 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
687 if (!skb)
688 return;
689
690 msg = skb_put(skb, sizeof(*msg));
691 *msg = (struct rs_msg) {
692 .icmph = {
693 .icmp6_type = NDISC_ROUTER_SOLICITATION,
694 },
695 };
696
697 if (send_sllao)
698 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
699 dev->dev_addr,
700 NDISC_ROUTER_SOLICITATION);
701
702 ndisc_send_skb(skb, daddr, saddr);
703}
704
705
706static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
707{
708
709
710
711
712 dst_link_failure(skb);
713 kfree_skb(skb);
714}
715
716
717
718static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
719{
720 struct in6_addr *saddr = NULL;
721 struct in6_addr mcaddr;
722 struct net_device *dev = neigh->dev;
723 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
724 int probes = atomic_read(&neigh->probes);
725
726 if (skb && ipv6_chk_addr_and_flags(dev_net(dev), &ipv6_hdr(skb)->saddr,
727 dev, false, 1,
728 IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))
729 saddr = &ipv6_hdr(skb)->saddr;
730 probes -= NEIGH_VAR(neigh->parms, UCAST_PROBES);
731 if (probes < 0) {
732 if (!(neigh->nud_state & NUD_VALID)) {
733 ND_PRINTK(1, dbg,
734 "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
735 __func__, target);
736 }
737 ndisc_send_ns(dev, target, target, saddr, 0);
738 } else if ((probes -= NEIGH_VAR(neigh->parms, APP_PROBES)) < 0) {
739 neigh_app_ns(neigh);
740 } else {
741 addrconf_addr_solict_mult(target, &mcaddr);
742 ndisc_send_ns(dev, target, &mcaddr, saddr, 0);
743 }
744}
745
746static int pndisc_is_router(const void *pkey,
747 struct net_device *dev)
748{
749 struct pneigh_entry *n;
750 int ret = -1;
751
752 read_lock_bh(&nd_tbl.lock);
753 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
754 if (n)
755 ret = !!(n->flags & NTF_ROUTER);
756 read_unlock_bh(&nd_tbl.lock);
757
758 return ret;
759}
760
761void ndisc_update(const struct net_device *dev, struct neighbour *neigh,
762 const u8 *lladdr, u8 new, u32 flags, u8 icmp6_type,
763 struct ndisc_options *ndopts)
764{
765 neigh_update(neigh, lladdr, new, flags, 0);
766
767 ndisc_ops_update(dev, neigh, flags, icmp6_type, ndopts);
768}
769
770static void ndisc_recv_ns(struct sk_buff *skb)
771{
772 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
773 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
774 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
775 u8 *lladdr = NULL;
776 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
777 offsetof(struct nd_msg, opt));
778 struct ndisc_options ndopts;
779 struct net_device *dev = skb->dev;
780 struct inet6_ifaddr *ifp;
781 struct inet6_dev *idev = NULL;
782 struct neighbour *neigh;
783 int dad = ipv6_addr_any(saddr);
784 bool inc;
785 int is_router = -1;
786 u64 nonce = 0;
787
788 if (skb->len < sizeof(struct nd_msg)) {
789 ND_PRINTK(2, warn, "NS: packet too short\n");
790 return;
791 }
792
793 if (ipv6_addr_is_multicast(&msg->target)) {
794 ND_PRINTK(2, warn, "NS: multicast target address\n");
795 return;
796 }
797
798
799
800
801
802 if (dad && !ipv6_addr_is_solict_mult(daddr)) {
803 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
804 return;
805 }
806
807 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
808 ND_PRINTK(2, warn, "NS: invalid ND options\n");
809 return;
810 }
811
812 if (ndopts.nd_opts_src_lladdr) {
813 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
814 if (!lladdr) {
815 ND_PRINTK(2, warn,
816 "NS: invalid link-layer address length\n");
817 return;
818 }
819
820
821
822
823
824
825 if (dad) {
826 ND_PRINTK(2, warn,
827 "NS: bad DAD packet (link-layer address option)\n");
828 return;
829 }
830 }
831 if (ndopts.nd_opts_nonce && ndopts.nd_opts_nonce->nd_opt_len == 1)
832 memcpy(&nonce, (u8 *)(ndopts.nd_opts_nonce + 1), 6);
833
834 inc = ipv6_addr_is_multicast(daddr);
835
836 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
837 if (ifp) {
838have_ifp:
839 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
840 if (dad) {
841 if (nonce != 0 && ifp->dad_nonce == nonce) {
842 u8 *np = (u8 *)&nonce;
843
844 ND_PRINTK(2, notice,
845 "%s: IPv6 DAD loopback for address %pI6c nonce %pM ignored\n",
846 ifp->idev->dev->name,
847 &ifp->addr, np);
848 goto out;
849 }
850
851
852
853
854
855 addrconf_dad_failure(skb, ifp);
856 return;
857 } else {
858
859
860
861
862
863
864 if (!(ifp->flags & IFA_F_OPTIMISTIC))
865 goto out;
866 }
867 }
868
869 idev = ifp->idev;
870 } else {
871 struct net *net = dev_net(dev);
872
873
874 if (netif_is_l3_slave(dev)) {
875 struct net_device *mdev;
876
877 mdev = netdev_master_upper_dev_get_rcu(dev);
878 if (mdev) {
879 ifp = ipv6_get_ifaddr(net, &msg->target, mdev, 1);
880 if (ifp)
881 goto have_ifp;
882 }
883 }
884
885 idev = in6_dev_get(dev);
886 if (!idev) {
887
888 return;
889 }
890
891 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
892 (idev->cnf.forwarding &&
893 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
894 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
895 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
896 skb->pkt_type != PACKET_HOST &&
897 inc &&
898 NEIGH_VAR(idev->nd_parms, PROXY_DELAY) != 0) {
899
900
901
902
903
904
905
906 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
907 if (n)
908 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
909 goto out;
910 }
911 } else
912 goto out;
913 }
914
915 if (is_router < 0)
916 is_router = idev->cnf.forwarding;
917
918 if (dad) {
919 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &msg->target,
920 !!is_router, false, (ifp != NULL), true);
921 goto out;
922 }
923
924 if (inc)
925 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
926 else
927 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
928
929
930
931
932
933 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
934 !inc || lladdr || !dev->addr_len);
935 if (neigh)
936 ndisc_update(dev, neigh, lladdr, NUD_STALE,
937 NEIGH_UPDATE_F_WEAK_OVERRIDE|
938 NEIGH_UPDATE_F_OVERRIDE,
939 NDISC_NEIGHBOUR_SOLICITATION, &ndopts);
940 if (neigh || !dev->header_ops) {
941 ndisc_send_na(dev, saddr, &msg->target, !!is_router,
942 true, (ifp != NULL && inc), inc);
943 if (neigh)
944 neigh_release(neigh);
945 }
946
947out:
948 if (ifp)
949 in6_ifa_put(ifp);
950 else
951 in6_dev_put(idev);
952}
953
954static void ndisc_recv_na(struct sk_buff *skb)
955{
956 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
957 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
958 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
959 u8 *lladdr = NULL;
960 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
961 offsetof(struct nd_msg, opt));
962 struct ndisc_options ndopts;
963 struct net_device *dev = skb->dev;
964 struct inet6_dev *idev = __in6_dev_get(dev);
965 struct inet6_ifaddr *ifp;
966 struct neighbour *neigh;
967
968 if (skb->len < sizeof(struct nd_msg)) {
969 ND_PRINTK(2, warn, "NA: packet too short\n");
970 return;
971 }
972
973 if (ipv6_addr_is_multicast(&msg->target)) {
974 ND_PRINTK(2, warn, "NA: target address is multicast\n");
975 return;
976 }
977
978 if (ipv6_addr_is_multicast(daddr) &&
979 msg->icmph.icmp6_solicited) {
980 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
981 return;
982 }
983
984
985
986
987
988 if (!msg->icmph.icmp6_solicited && idev &&
989 idev->cnf.drop_unsolicited_na)
990 return;
991
992 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
993 ND_PRINTK(2, warn, "NS: invalid ND option\n");
994 return;
995 }
996 if (ndopts.nd_opts_tgt_lladdr) {
997 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
998 if (!lladdr) {
999 ND_PRINTK(2, warn,
1000 "NA: invalid link-layer address length\n");
1001 return;
1002 }
1003 }
1004 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
1005 if (ifp) {
1006 if (skb->pkt_type != PACKET_LOOPBACK
1007 && (ifp->flags & IFA_F_TENTATIVE)) {
1008 addrconf_dad_failure(skb, ifp);
1009 return;
1010 }
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020 if (skb->pkt_type != PACKET_LOOPBACK)
1021 ND_PRINTK(1, warn,
1022 "NA: %pM advertised our address %pI6c on %s!\n",
1023 eth_hdr(skb)->h_source, &ifp->addr, ifp->idev->dev->name);
1024 in6_ifa_put(ifp);
1025 return;
1026 }
1027 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
1028
1029 if (neigh) {
1030 u8 old_flags = neigh->flags;
1031 struct net *net = dev_net(dev);
1032
1033 if (neigh->nud_state & NUD_FAILED)
1034 goto out;
1035
1036
1037
1038
1039
1040
1041 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
1042 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
1043 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
1044
1045 goto out;
1046 }
1047
1048 ndisc_update(dev, neigh, lladdr,
1049 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
1050 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1051 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
1052 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1053 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0),
1054 NDISC_NEIGHBOUR_ADVERTISEMENT, &ndopts);
1055
1056 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
1057
1058
1059
1060 rt6_clean_tohost(dev_net(dev), saddr);
1061 }
1062
1063out:
1064 neigh_release(neigh);
1065 }
1066}
1067
1068static void ndisc_recv_rs(struct sk_buff *skb)
1069{
1070 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
1071 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
1072 struct neighbour *neigh;
1073 struct inet6_dev *idev;
1074 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
1075 struct ndisc_options ndopts;
1076 u8 *lladdr = NULL;
1077
1078 if (skb->len < sizeof(*rs_msg))
1079 return;
1080
1081 idev = __in6_dev_get(skb->dev);
1082 if (!idev) {
1083 ND_PRINTK(1, err, "RS: can't find in6 device\n");
1084 return;
1085 }
1086
1087
1088 if (!idev->cnf.forwarding)
1089 goto out;
1090
1091
1092
1093
1094
1095 if (ipv6_addr_any(saddr))
1096 goto out;
1097
1098
1099 if (!ndisc_parse_options(skb->dev, rs_msg->opt, ndoptlen, &ndopts)) {
1100 ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n");
1101 goto out;
1102 }
1103
1104 if (ndopts.nd_opts_src_lladdr) {
1105 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1106 skb->dev);
1107 if (!lladdr)
1108 goto out;
1109 }
1110
1111 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1112 if (neigh) {
1113 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1114 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1115 NEIGH_UPDATE_F_OVERRIDE|
1116 NEIGH_UPDATE_F_OVERRIDE_ISROUTER,
1117 NDISC_ROUTER_SOLICITATION, &ndopts);
1118 neigh_release(neigh);
1119 }
1120out:
1121 return;
1122}
1123
1124static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1125{
1126 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1127 struct sk_buff *skb;
1128 struct nlmsghdr *nlh;
1129 struct nduseroptmsg *ndmsg;
1130 struct net *net = dev_net(ra->dev);
1131 int err;
1132 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1133 + (opt->nd_opt_len << 3));
1134 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1135
1136 skb = nlmsg_new(msg_size, GFP_ATOMIC);
1137 if (!skb) {
1138 err = -ENOBUFS;
1139 goto errout;
1140 }
1141
1142 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1143 if (!nlh) {
1144 goto nla_put_failure;
1145 }
1146
1147 ndmsg = nlmsg_data(nlh);
1148 ndmsg->nduseropt_family = AF_INET6;
1149 ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1150 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1151 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1152 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1153
1154 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1155
1156 if (nla_put_in6_addr(skb, NDUSEROPT_SRCADDR, &ipv6_hdr(ra)->saddr))
1157 goto nla_put_failure;
1158 nlmsg_end(skb, nlh);
1159
1160 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1161 return;
1162
1163nla_put_failure:
1164 nlmsg_free(skb);
1165 err = -EMSGSIZE;
1166errout:
1167 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1168}
1169
1170static void ndisc_router_discovery(struct sk_buff *skb)
1171{
1172 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1173 struct neighbour *neigh = NULL;
1174 struct inet6_dev *in6_dev;
1175 struct fib6_info *rt = NULL;
1176 u32 defrtr_usr_metric;
1177 struct net *net;
1178 int lifetime;
1179 struct ndisc_options ndopts;
1180 int optlen;
1181 unsigned int pref = 0;
1182 __u32 old_if_flags;
1183 bool send_ifinfo_notify = false;
1184
1185 __u8 *opt = (__u8 *)(ra_msg + 1);
1186
1187 optlen = (skb_tail_pointer(skb) - skb_transport_header(skb)) -
1188 sizeof(struct ra_msg);
1189
1190 ND_PRINTK(2, info,
1191 "RA: %s, dev: %s\n",
1192 __func__, skb->dev->name);
1193 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1194 ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1195 return;
1196 }
1197 if (optlen < 0) {
1198 ND_PRINTK(2, warn, "RA: packet too short\n");
1199 return;
1200 }
1201
1202#ifdef CONFIG_IPV6_NDISC_NODETYPE
1203 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1204 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
1205 return;
1206 }
1207#endif
1208
1209
1210
1211
1212
1213 in6_dev = __in6_dev_get(skb->dev);
1214 if (!in6_dev) {
1215 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1216 skb->dev->name);
1217 return;
1218 }
1219
1220 if (!ndisc_parse_options(skb->dev, opt, optlen, &ndopts)) {
1221 ND_PRINTK(2, warn, "RA: invalid ND options\n");
1222 return;
1223 }
1224
1225 if (!ipv6_accept_ra(in6_dev)) {
1226 ND_PRINTK(2, info,
1227 "RA: %s, did not accept ra for dev: %s\n",
1228 __func__, skb->dev->name);
1229 goto skip_linkparms;
1230 }
1231
1232#ifdef CONFIG_IPV6_NDISC_NODETYPE
1233
1234 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1235 ND_PRINTK(2, info,
1236 "RA: %s, nodetype is NODEFAULT, dev: %s\n",
1237 __func__, skb->dev->name);
1238 goto skip_linkparms;
1239 }
1240#endif
1241
1242 if (in6_dev->if_flags & IF_RS_SENT) {
1243
1244
1245
1246
1247 in6_dev->if_flags |= IF_RA_RCVD;
1248 }
1249
1250
1251
1252
1253
1254 old_if_flags = in6_dev->if_flags;
1255 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1256 IF_RA_OTHERCONF)) |
1257 (ra_msg->icmph.icmp6_addrconf_managed ?
1258 IF_RA_MANAGED : 0) |
1259 (ra_msg->icmph.icmp6_addrconf_other ?
1260 IF_RA_OTHERCONF : 0);
1261
1262 if (old_if_flags != in6_dev->if_flags)
1263 send_ifinfo_notify = true;
1264
1265 if (!in6_dev->cnf.accept_ra_defrtr) {
1266 ND_PRINTK(2, info,
1267 "RA: %s, defrtr is false for dev: %s\n",
1268 __func__, skb->dev->name);
1269 goto skip_defrtr;
1270 }
1271
1272
1273
1274
1275 net = dev_net(in6_dev->dev);
1276 if (!in6_dev->cnf.accept_ra_from_local &&
1277 ipv6_chk_addr(net, &ipv6_hdr(skb)->saddr, in6_dev->dev, 0)) {
1278 ND_PRINTK(2, info,
1279 "RA from local address detected on dev: %s: default router ignored\n",
1280 skb->dev->name);
1281 goto skip_defrtr;
1282 }
1283
1284 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1285
1286#ifdef CONFIG_IPV6_ROUTER_PREF
1287 pref = ra_msg->icmph.icmp6_router_pref;
1288
1289 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1290 !in6_dev->cnf.accept_ra_rtr_pref)
1291 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1292#endif
1293
1294 rt = rt6_get_dflt_router(net, &ipv6_hdr(skb)->saddr, skb->dev);
1295 if (rt) {
1296 neigh = ip6_neigh_lookup(&rt->fib6_nh->fib_nh_gw6,
1297 rt->fib6_nh->fib_nh_dev, NULL,
1298 &ipv6_hdr(skb)->saddr);
1299 if (!neigh) {
1300 ND_PRINTK(0, err,
1301 "RA: %s got default router without neighbour\n",
1302 __func__);
1303 fib6_info_release(rt);
1304 return;
1305 }
1306 }
1307
1308 defrtr_usr_metric = in6_dev->cnf.ra_defrtr_metric;
1309
1310 if (rt && (lifetime == 0 || rt->fib6_metric != defrtr_usr_metric)) {
1311 ip6_del_rt(net, rt, false);
1312 rt = NULL;
1313 }
1314
1315 ND_PRINTK(3, info, "RA: rt: %p lifetime: %d, metric: %d, for dev: %s\n",
1316 rt, lifetime, defrtr_usr_metric, skb->dev->name);
1317 if (!rt && lifetime) {
1318 ND_PRINTK(3, info, "RA: adding default router\n");
1319
1320 rt = rt6_add_dflt_router(net, &ipv6_hdr(skb)->saddr,
1321 skb->dev, pref, defrtr_usr_metric);
1322 if (!rt) {
1323 ND_PRINTK(0, err,
1324 "RA: %s failed to add default route\n",
1325 __func__);
1326 return;
1327 }
1328
1329 neigh = ip6_neigh_lookup(&rt->fib6_nh->fib_nh_gw6,
1330 rt->fib6_nh->fib_nh_dev, NULL,
1331 &ipv6_hdr(skb)->saddr);
1332 if (!neigh) {
1333 ND_PRINTK(0, err,
1334 "RA: %s got default router without neighbour\n",
1335 __func__);
1336 fib6_info_release(rt);
1337 return;
1338 }
1339 neigh->flags |= NTF_ROUTER;
1340 } else if (rt) {
1341 rt->fib6_flags = (rt->fib6_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1342 }
1343
1344 if (rt)
1345 fib6_set_expires(rt, jiffies + (HZ * lifetime));
1346 if (in6_dev->cnf.accept_ra_min_hop_limit < 256 &&
1347 ra_msg->icmph.icmp6_hop_limit) {
1348 if (in6_dev->cnf.accept_ra_min_hop_limit <= ra_msg->icmph.icmp6_hop_limit) {
1349 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1350 fib6_metric_set(rt, RTAX_HOPLIMIT,
1351 ra_msg->icmph.icmp6_hop_limit);
1352 } else {
1353 ND_PRINTK(2, warn, "RA: Got route advertisement with lower hop_limit than minimum\n");
1354 }
1355 }
1356
1357skip_defrtr:
1358
1359
1360
1361
1362
1363 if (in6_dev->nd_parms) {
1364 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1365
1366 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1367 rtime = (rtime*HZ)/1000;
1368 if (rtime < HZ/100)
1369 rtime = HZ/100;
1370 NEIGH_VAR_SET(in6_dev->nd_parms, RETRANS_TIME, rtime);
1371 in6_dev->tstamp = jiffies;
1372 send_ifinfo_notify = true;
1373 }
1374
1375 rtime = ntohl(ra_msg->reachable_time);
1376 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1377 rtime = (rtime*HZ)/1000;
1378
1379 if (rtime < HZ/10)
1380 rtime = HZ/10;
1381
1382 if (rtime != NEIGH_VAR(in6_dev->nd_parms, BASE_REACHABLE_TIME)) {
1383 NEIGH_VAR_SET(in6_dev->nd_parms,
1384 BASE_REACHABLE_TIME, rtime);
1385 NEIGH_VAR_SET(in6_dev->nd_parms,
1386 GC_STALETIME, 3 * rtime);
1387 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1388 in6_dev->tstamp = jiffies;
1389 send_ifinfo_notify = true;
1390 }
1391 }
1392 }
1393
1394
1395
1396
1397 if (send_ifinfo_notify)
1398 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1399
1400skip_linkparms:
1401
1402
1403
1404
1405
1406 if (!neigh)
1407 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1408 skb->dev, 1);
1409 if (neigh) {
1410 u8 *lladdr = NULL;
1411 if (ndopts.nd_opts_src_lladdr) {
1412 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1413 skb->dev);
1414 if (!lladdr) {
1415 ND_PRINTK(2, warn,
1416 "RA: invalid link-layer address length\n");
1417 goto out;
1418 }
1419 }
1420 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1421 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1422 NEIGH_UPDATE_F_OVERRIDE|
1423 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1424 NEIGH_UPDATE_F_ISROUTER,
1425 NDISC_ROUTER_ADVERTISEMENT, &ndopts);
1426 }
1427
1428 if (!ipv6_accept_ra(in6_dev)) {
1429 ND_PRINTK(2, info,
1430 "RA: %s, accept_ra is false for dev: %s\n",
1431 __func__, skb->dev->name);
1432 goto out;
1433 }
1434
1435#ifdef CONFIG_IPV6_ROUTE_INFO
1436 if (!in6_dev->cnf.accept_ra_from_local &&
1437 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
1438 in6_dev->dev, 0)) {
1439 ND_PRINTK(2, info,
1440 "RA from local address detected on dev: %s: router info ignored.\n",
1441 skb->dev->name);
1442 goto skip_routeinfo;
1443 }
1444
1445 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1446 struct nd_opt_hdr *p;
1447 for (p = ndopts.nd_opts_ri;
1448 p;
1449 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1450 struct route_info *ri = (struct route_info *)p;
1451#ifdef CONFIG_IPV6_NDISC_NODETYPE
1452 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1453 ri->prefix_len == 0)
1454 continue;
1455#endif
1456 if (ri->prefix_len == 0 &&
1457 !in6_dev->cnf.accept_ra_defrtr)
1458 continue;
1459 if (ri->prefix_len < in6_dev->cnf.accept_ra_rt_info_min_plen)
1460 continue;
1461 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1462 continue;
1463 rt6_route_rcv(skb->dev, (u8 *)p, (p->nd_opt_len) << 3,
1464 &ipv6_hdr(skb)->saddr);
1465 }
1466 }
1467
1468skip_routeinfo:
1469#endif
1470
1471#ifdef CONFIG_IPV6_NDISC_NODETYPE
1472
1473 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1474 ND_PRINTK(2, info,
1475 "RA: %s, nodetype is NODEFAULT (interior routes), dev: %s\n",
1476 __func__, skb->dev->name);
1477 goto out;
1478 }
1479#endif
1480
1481 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1482 struct nd_opt_hdr *p;
1483 for (p = ndopts.nd_opts_pi;
1484 p;
1485 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1486 addrconf_prefix_rcv(skb->dev, (u8 *)p,
1487 (p->nd_opt_len) << 3,
1488 ndopts.nd_opts_src_lladdr != NULL);
1489 }
1490 }
1491
1492 if (ndopts.nd_opts_mtu && in6_dev->cnf.accept_ra_mtu) {
1493 __be32 n;
1494 u32 mtu;
1495
1496 memcpy(&n, ((u8 *)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1497 mtu = ntohl(n);
1498
1499 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1500 ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1501 } else if (in6_dev->cnf.mtu6 != mtu) {
1502 in6_dev->cnf.mtu6 = mtu;
1503 fib6_metric_set(rt, RTAX_MTU, mtu);
1504 rt6_mtu_change(skb->dev, mtu);
1505 }
1506 }
1507
1508 if (ndopts.nd_useropts) {
1509 struct nd_opt_hdr *p;
1510 for (p = ndopts.nd_useropts;
1511 p;
1512 p = ndisc_next_useropt(skb->dev, p,
1513 ndopts.nd_useropts_end)) {
1514 ndisc_ra_useropt(skb, p);
1515 }
1516 }
1517
1518 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1519 ND_PRINTK(2, warn, "RA: invalid RA options\n");
1520 }
1521out:
1522 fib6_info_release(rt);
1523 if (neigh)
1524 neigh_release(neigh);
1525}
1526
1527static void ndisc_redirect_rcv(struct sk_buff *skb)
1528{
1529 u8 *hdr;
1530 struct ndisc_options ndopts;
1531 struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb);
1532 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
1533 offsetof(struct rd_msg, opt));
1534
1535#ifdef CONFIG_IPV6_NDISC_NODETYPE
1536 switch (skb->ndisc_nodetype) {
1537 case NDISC_NODETYPE_HOST:
1538 case NDISC_NODETYPE_NODEFAULT:
1539 ND_PRINTK(2, warn,
1540 "Redirect: from host or unauthorized router\n");
1541 return;
1542 }
1543#endif
1544
1545 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1546 ND_PRINTK(2, warn,
1547 "Redirect: source address is not link-local\n");
1548 return;
1549 }
1550
1551 if (!ndisc_parse_options(skb->dev, msg->opt, ndoptlen, &ndopts))
1552 return;
1553
1554 if (!ndopts.nd_opts_rh) {
1555 ip6_redirect_no_header(skb, dev_net(skb->dev),
1556 skb->dev->ifindex);
1557 return;
1558 }
1559
1560 hdr = (u8 *)ndopts.nd_opts_rh;
1561 hdr += 8;
1562 if (!pskb_pull(skb, hdr - skb_transport_header(skb)))
1563 return;
1564
1565 icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1566}
1567
1568static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb,
1569 struct sk_buff *orig_skb,
1570 int rd_len)
1571{
1572 u8 *opt = skb_put(skb, rd_len);
1573
1574 memset(opt, 0, 8);
1575 *(opt++) = ND_OPT_REDIRECT_HDR;
1576 *(opt++) = (rd_len >> 3);
1577 opt += 6;
1578
1579 skb_copy_bits(orig_skb, skb_network_offset(orig_skb), opt,
1580 rd_len - 8);
1581}
1582
1583void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1584{
1585 struct net_device *dev = skb->dev;
1586 struct net *net = dev_net(dev);
1587 struct sock *sk = net->ipv6.ndisc_sk;
1588 int optlen = 0;
1589 struct inet_peer *peer;
1590 struct sk_buff *buff;
1591 struct rd_msg *msg;
1592 struct in6_addr saddr_buf;
1593 struct rt6_info *rt;
1594 struct dst_entry *dst;
1595 struct flowi6 fl6;
1596 int rd_len;
1597 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL,
1598 ops_data_buf[NDISC_OPS_REDIRECT_DATA_SPACE], *ops_data = NULL;
1599 bool ret;
1600
1601 if (netif_is_l3_master(skb->dev)) {
1602 dev = __dev_get_by_index(dev_net(skb->dev), IPCB(skb)->iif);
1603 if (!dev)
1604 return;
1605 }
1606
1607 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1608 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1609 dev->name);
1610 return;
1611 }
1612
1613 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1614 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1615 ND_PRINTK(2, warn,
1616 "Redirect: target address is not link-local unicast\n");
1617 return;
1618 }
1619
1620 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1621 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1622
1623 dst = ip6_route_output(net, NULL, &fl6);
1624 if (dst->error) {
1625 dst_release(dst);
1626 return;
1627 }
1628 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1629 if (IS_ERR(dst))
1630 return;
1631
1632 rt = (struct rt6_info *) dst;
1633
1634 if (rt->rt6i_flags & RTF_GATEWAY) {
1635 ND_PRINTK(2, warn,
1636 "Redirect: destination is not a neighbour\n");
1637 goto release;
1638 }
1639 peer = inet_getpeer_v6(net->ipv6.peers, &ipv6_hdr(skb)->saddr, 1);
1640 ret = inet_peer_xrlim_allow(peer, 1*HZ);
1641 if (peer)
1642 inet_putpeer(peer);
1643 if (!ret)
1644 goto release;
1645
1646 if (dev->addr_len) {
1647 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1648 if (!neigh) {
1649 ND_PRINTK(2, warn,
1650 "Redirect: no neigh for target address\n");
1651 goto release;
1652 }
1653
1654 read_lock_bh(&neigh->lock);
1655 if (neigh->nud_state & NUD_VALID) {
1656 memcpy(ha_buf, neigh->ha, dev->addr_len);
1657 read_unlock_bh(&neigh->lock);
1658 ha = ha_buf;
1659 optlen += ndisc_redirect_opt_addr_space(dev, neigh,
1660 ops_data_buf,
1661 &ops_data);
1662 } else
1663 read_unlock_bh(&neigh->lock);
1664
1665 neigh_release(neigh);
1666 }
1667
1668 rd_len = min_t(unsigned int,
1669 IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen,
1670 skb->len + 8);
1671 rd_len &= ~0x7;
1672 optlen += rd_len;
1673
1674 buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
1675 if (!buff)
1676 goto release;
1677
1678 msg = skb_put(buff, sizeof(*msg));
1679 *msg = (struct rd_msg) {
1680 .icmph = {
1681 .icmp6_type = NDISC_REDIRECT,
1682 },
1683 .target = *target,
1684 .dest = ipv6_hdr(skb)->daddr,
1685 };
1686
1687
1688
1689
1690
1691 if (ha)
1692 ndisc_fill_redirect_addr_option(buff, ha, ops_data);
1693
1694
1695
1696
1697
1698 if (rd_len)
1699 ndisc_fill_redirect_hdr_option(buff, skb, rd_len);
1700
1701 skb_dst_set(buff, dst);
1702 ndisc_send_skb(buff, &ipv6_hdr(skb)->saddr, &saddr_buf);
1703 return;
1704
1705release:
1706 dst_release(dst);
1707}
1708
1709static void pndisc_redo(struct sk_buff *skb)
1710{
1711 ndisc_recv_ns(skb);
1712 kfree_skb(skb);
1713}
1714
1715static int ndisc_is_multicast(const void *pkey)
1716{
1717 return ipv6_addr_is_multicast((struct in6_addr *)pkey);
1718}
1719
1720static bool ndisc_suppress_frag_ndisc(struct sk_buff *skb)
1721{
1722 struct inet6_dev *idev = __in6_dev_get(skb->dev);
1723
1724 if (!idev)
1725 return true;
1726 if (IP6CB(skb)->flags & IP6SKB_FRAGMENTED &&
1727 idev->cnf.suppress_frag_ndisc) {
1728 net_warn_ratelimited("Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.\n");
1729 return true;
1730 }
1731 return false;
1732}
1733
1734int ndisc_rcv(struct sk_buff *skb)
1735{
1736 struct nd_msg *msg;
1737
1738 if (ndisc_suppress_frag_ndisc(skb))
1739 return 0;
1740
1741 if (skb_linearize(skb))
1742 return 0;
1743
1744 msg = (struct nd_msg *)skb_transport_header(skb);
1745
1746 __skb_push(skb, skb->data - skb_transport_header(skb));
1747
1748 if (ipv6_hdr(skb)->hop_limit != 255) {
1749 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1750 ipv6_hdr(skb)->hop_limit);
1751 return 0;
1752 }
1753
1754 if (msg->icmph.icmp6_code != 0) {
1755 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1756 msg->icmph.icmp6_code);
1757 return 0;
1758 }
1759
1760 switch (msg->icmph.icmp6_type) {
1761 case NDISC_NEIGHBOUR_SOLICITATION:
1762 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1763 ndisc_recv_ns(skb);
1764 break;
1765
1766 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1767 ndisc_recv_na(skb);
1768 break;
1769
1770 case NDISC_ROUTER_SOLICITATION:
1771 ndisc_recv_rs(skb);
1772 break;
1773
1774 case NDISC_ROUTER_ADVERTISEMENT:
1775 ndisc_router_discovery(skb);
1776 break;
1777
1778 case NDISC_REDIRECT:
1779 ndisc_redirect_rcv(skb);
1780 break;
1781 }
1782
1783 return 0;
1784}
1785
1786static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1787{
1788 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1789 struct netdev_notifier_change_info *change_info;
1790 struct net *net = dev_net(dev);
1791 struct inet6_dev *idev;
1792
1793 switch (event) {
1794 case NETDEV_CHANGEADDR:
1795 neigh_changeaddr(&nd_tbl, dev);
1796 fib6_run_gc(0, net, false);
1797 fallthrough;
1798 case NETDEV_UP:
1799 idev = in6_dev_get(dev);
1800 if (!idev)
1801 break;
1802 if (idev->cnf.ndisc_notify ||
1803 net->ipv6.devconf_all->ndisc_notify)
1804 ndisc_send_unsol_na(dev);
1805 in6_dev_put(idev);
1806 break;
1807 case NETDEV_CHANGE:
1808 change_info = ptr;
1809 if (change_info->flags_changed & IFF_NOARP)
1810 neigh_changeaddr(&nd_tbl, dev);
1811 if (!netif_carrier_ok(dev))
1812 neigh_carrier_down(&nd_tbl, dev);
1813 break;
1814 case NETDEV_DOWN:
1815 neigh_ifdown(&nd_tbl, dev);
1816 fib6_run_gc(0, net, false);
1817 break;
1818 case NETDEV_NOTIFY_PEERS:
1819 ndisc_send_unsol_na(dev);
1820 break;
1821 default:
1822 break;
1823 }
1824
1825 return NOTIFY_DONE;
1826}
1827
1828static struct notifier_block ndisc_netdev_notifier = {
1829 .notifier_call = ndisc_netdev_event,
1830 .priority = ADDRCONF_NOTIFY_PRIORITY - 5,
1831};
1832
1833#ifdef CONFIG_SYSCTL
1834static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1835 const char *func, const char *dev_name)
1836{
1837 static char warncomm[TASK_COMM_LEN];
1838 static int warned;
1839 if (strcmp(warncomm, current->comm) && warned < 5) {
1840 strcpy(warncomm, current->comm);
1841 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1842 warncomm, func,
1843 dev_name, ctl->procname,
1844 dev_name, ctl->procname);
1845 warned++;
1846 }
1847}
1848
1849int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void *buffer,
1850 size_t *lenp, loff_t *ppos)
1851{
1852 struct net_device *dev = ctl->extra1;
1853 struct inet6_dev *idev;
1854 int ret;
1855
1856 if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1857 (strcmp(ctl->procname, "base_reachable_time") == 0))
1858 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1859
1860 if (strcmp(ctl->procname, "retrans_time") == 0)
1861 ret = neigh_proc_dointvec(ctl, write, buffer, lenp, ppos);
1862
1863 else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1864 ret = neigh_proc_dointvec_jiffies(ctl, write,
1865 buffer, lenp, ppos);
1866
1867 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1868 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1869 ret = neigh_proc_dointvec_ms_jiffies(ctl, write,
1870 buffer, lenp, ppos);
1871 else
1872 ret = -1;
1873
1874 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1875 if (ctl->data == &NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME))
1876 idev->nd_parms->reachable_time =
1877 neigh_rand_reach_time(NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME));
1878 idev->tstamp = jiffies;
1879 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1880 in6_dev_put(idev);
1881 }
1882 return ret;
1883}
1884
1885
1886#endif
1887
1888static int __net_init ndisc_net_init(struct net *net)
1889{
1890 struct ipv6_pinfo *np;
1891 struct sock *sk;
1892 int err;
1893
1894 err = inet_ctl_sock_create(&sk, PF_INET6,
1895 SOCK_RAW, IPPROTO_ICMPV6, net);
1896 if (err < 0) {
1897 ND_PRINTK(0, err,
1898 "NDISC: Failed to initialize the control socket (err %d)\n",
1899 err);
1900 return err;
1901 }
1902
1903 net->ipv6.ndisc_sk = sk;
1904
1905 np = inet6_sk(sk);
1906 np->hop_limit = 255;
1907
1908 np->mc_loop = 0;
1909
1910 return 0;
1911}
1912
1913static void __net_exit ndisc_net_exit(struct net *net)
1914{
1915 inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1916}
1917
1918static struct pernet_operations ndisc_net_ops = {
1919 .init = ndisc_net_init,
1920 .exit = ndisc_net_exit,
1921};
1922
1923int __init ndisc_init(void)
1924{
1925 int err;
1926
1927 err = register_pernet_subsys(&ndisc_net_ops);
1928 if (err)
1929 return err;
1930
1931
1932
1933 neigh_table_init(NEIGH_ND_TABLE, &nd_tbl);
1934
1935#ifdef CONFIG_SYSCTL
1936 err = neigh_sysctl_register(NULL, &nd_tbl.parms,
1937 ndisc_ifinfo_sysctl_change);
1938 if (err)
1939 goto out_unregister_pernet;
1940out:
1941#endif
1942 return err;
1943
1944#ifdef CONFIG_SYSCTL
1945out_unregister_pernet:
1946 unregister_pernet_subsys(&ndisc_net_ops);
1947 goto out;
1948#endif
1949}
1950
1951int __init ndisc_late_init(void)
1952{
1953 return register_netdevice_notifier(&ndisc_netdev_notifier);
1954}
1955
1956void ndisc_late_cleanup(void)
1957{
1958 unregister_netdevice_notifier(&ndisc_netdev_notifier);
1959}
1960
1961void ndisc_cleanup(void)
1962{
1963#ifdef CONFIG_SYSCTL
1964 neigh_sysctl_unregister(&nd_tbl.parms);
1965#endif
1966 neigh_table_clear(NEIGH_ND_TABLE, &nd_tbl);
1967 unregister_pernet_subsys(&ndisc_net_ops);
1968}
1969
