1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26#define pr_fmt(fmt) "ICMPv6: " fmt
27
28#include <linux/module.h>
29#include <linux/errno.h>
30#include <linux/types.h>
31#include <linux/socket.h>
32#include <linux/sockios.h>
33#include <linux/sched.h>
34#include <linux/net.h>
35#include <linux/in6.h>
36#include <linux/route.h>
37#include <linux/init.h>
38#include <linux/rcupdate.h>
39#include <linux/slab.h>
40#ifdef CONFIG_SYSCTL
41#include <linux/sysctl.h>
42#endif
43
44#include <linux/if_addr.h>
45#include <linux/if_ether.h>
46#include <linux/if_arp.h>
47#include <linux/ipv6.h>
48#include <linux/icmpv6.h>
49#include <linux/jhash.h>
50
51#include <net/sock.h>
52#include <net/snmp.h>
53
54#include <net/ipv6.h>
55#include <net/protocol.h>
56#include <net/ndisc.h>
57#include <net/ip6_route.h>
58#include <net/addrconf.h>
59#include <net/icmp.h>
60
61#include <net/netlink.h>
62#include <linux/rtnetlink.h>
63
64#include <net/flow.h>
65#include <net/ip6_checksum.h>
66#include <net/inet_common.h>
67#include <linux/proc_fs.h>
68
69#include <linux/netfilter.h>
70#include <linux/netfilter_ipv6.h>
71
72static u32 ndisc_hash(const void *pkey,
73 const struct net_device *dev,
74 __u32 *hash_rnd);
75static bool ndisc_key_eq(const struct neighbour *neigh, const void *pkey);
76static bool ndisc_allow_add(const struct net_device *dev,
77 struct netlink_ext_ack *extack);
78static int ndisc_constructor(struct neighbour *neigh);
79static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
80static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
81static int pndisc_constructor(struct pneigh_entry *n);
82static void pndisc_destructor(struct pneigh_entry *n);
83static void pndisc_redo(struct sk_buff *skb);
84
85static const struct neigh_ops ndisc_generic_ops = {
86 .family = AF_INET6,
87 .solicit = ndisc_solicit,
88 .error_report = ndisc_error_report,
89 .output = neigh_resolve_output,
90 .connected_output = neigh_connected_output,
91};
92
93static const struct neigh_ops ndisc_hh_ops = {
94 .family = AF_INET6,
95 .solicit = ndisc_solicit,
96 .error_report = ndisc_error_report,
97 .output = neigh_resolve_output,
98 .connected_output = neigh_resolve_output,
99};
100
101
102static const struct neigh_ops ndisc_direct_ops = {
103 .family = AF_INET6,
104 .output = neigh_direct_output,
105 .connected_output = neigh_direct_output,
106};
107
108struct neigh_table nd_tbl = {
109 .family = AF_INET6,
110 .key_len = sizeof(struct in6_addr),
111 .protocol = cpu_to_be16(ETH_P_IPV6),
112 .hash = ndisc_hash,
113 .key_eq = ndisc_key_eq,
114 .constructor = ndisc_constructor,
115 .pconstructor = pndisc_constructor,
116 .pdestructor = pndisc_destructor,
117 .proxy_redo = pndisc_redo,
118 .allow_add = ndisc_allow_add,
119 .id = "ndisc_cache",
120 .parms = {
121 .tbl = &nd_tbl,
122 .reachable_time = ND_REACHABLE_TIME,
123 .data = {
124 [NEIGH_VAR_MCAST_PROBES] = 3,
125 [NEIGH_VAR_UCAST_PROBES] = 3,
126 [NEIGH_VAR_RETRANS_TIME] = ND_RETRANS_TIMER,
127 [NEIGH_VAR_BASE_REACHABLE_TIME] = ND_REACHABLE_TIME,
128 [NEIGH_VAR_DELAY_PROBE_TIME] = 5 * HZ,
129 [NEIGH_VAR_GC_STALETIME] = 60 * HZ,
130 [NEIGH_VAR_QUEUE_LEN_BYTES] = SK_WMEM_MAX,
131 [NEIGH_VAR_PROXY_QLEN] = 64,
132 [NEIGH_VAR_ANYCAST_DELAY] = 1 * HZ,
133 [NEIGH_VAR_PROXY_DELAY] = (8 * HZ) / 10,
134 },
135 },
136 .gc_interval = 30 * HZ,
137 .gc_thresh1 = 128,
138 .gc_thresh2 = 512,
139 .gc_thresh3 = 1024,
140};
141EXPORT_SYMBOL_GPL(nd_tbl);
142
143void __ndisc_fill_addr_option(struct sk_buff *skb, int type, void *data,
144 int data_len, int pad)
145{
146 int space = __ndisc_opt_addr_space(data_len, pad);
147 u8 *opt = skb_put(skb, space);
148
149 opt[0] = type;
150 opt[1] = space>>3;
151
152 memset(opt + 2, 0, pad);
153 opt += pad;
154 space -= pad;
155
156 memcpy(opt+2, data, data_len);
157 data_len += 2;
158 opt += data_len;
159 space -= data_len;
160 if (space > 0)
161 memset(opt, 0, space);
162}
163EXPORT_SYMBOL_GPL(__ndisc_fill_addr_option);
164
165static inline void ndisc_fill_addr_option(struct sk_buff *skb, int type,
166 void *data, u8 icmp6_type)
167{
168 __ndisc_fill_addr_option(skb, type, data, skb->dev->addr_len,
169 ndisc_addr_option_pad(skb->dev->type));
170 ndisc_ops_fill_addr_option(skb->dev, skb, icmp6_type);
171}
172
173static inline void ndisc_fill_redirect_addr_option(struct sk_buff *skb,
174 void *ha,
175 const u8 *ops_data)
176{
177 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR, ha, NDISC_REDIRECT);
178 ndisc_ops_fill_redirect_addr_option(skb->dev, skb, ops_data);
179}
180
181static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
182 struct nd_opt_hdr *end)
183{
184 int type;
185 if (!cur || !end || cur >= end)
186 return NULL;
187 type = cur->nd_opt_type;
188 do {
189 cur = ((void *)cur) + (cur->nd_opt_len << 3);
190 } while (cur < end && cur->nd_opt_type != type);
191 return cur <= end && cur->nd_opt_type == type ? cur : NULL;
192}
193
194static inline int ndisc_is_useropt(const struct net_device *dev,
195 struct nd_opt_hdr *opt)
196{
197 return opt->nd_opt_type == ND_OPT_RDNSS ||
198 opt->nd_opt_type == ND_OPT_DNSSL ||
199 opt->nd_opt_type == ND_OPT_CAPTIVE_PORTAL ||
200 ndisc_ops_is_useropt(dev, opt->nd_opt_type);
201}
202
203static struct nd_opt_hdr *ndisc_next_useropt(const struct net_device *dev,
204 struct nd_opt_hdr *cur,
205 struct nd_opt_hdr *end)
206{
207 if (!cur || !end || cur >= end)
208 return NULL;
209 do {
210 cur = ((void *)cur) + (cur->nd_opt_len << 3);
211 } while (cur < end && !ndisc_is_useropt(dev, cur));
212 return cur <= end && ndisc_is_useropt(dev, cur) ? cur : NULL;
213}
214
215struct ndisc_options *ndisc_parse_options(const struct net_device *dev,
216 u8 *opt, int opt_len,
217 struct ndisc_options *ndopts)
218{
219 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
220
221 if (!nd_opt || opt_len < 0 || !ndopts)
222 return NULL;
223 memset(ndopts, 0, sizeof(*ndopts));
224 while (opt_len) {
225 int l;
226 if (opt_len < sizeof(struct nd_opt_hdr))
227 return NULL;
228 l = nd_opt->nd_opt_len << 3;
229 if (opt_len < l || l == 0)
230 return NULL;
231 if (ndisc_ops_parse_options(dev, nd_opt, ndopts))
232 goto next_opt;
233 switch (nd_opt->nd_opt_type) {
234 case ND_OPT_SOURCE_LL_ADDR:
235 case ND_OPT_TARGET_LL_ADDR:
236 case ND_OPT_MTU:
237 case ND_OPT_NONCE:
238 case ND_OPT_REDIRECT_HDR:
239 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
240 ND_PRINTK(2, warn,
241 "%s: duplicated ND6 option found: type=%d\n",
242 __func__, nd_opt->nd_opt_type);
243 } else {
244 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
245 }
246 break;
247 case ND_OPT_PREFIX_INFO:
248 ndopts->nd_opts_pi_end = nd_opt;
249 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
250 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
251 break;
252#ifdef CONFIG_IPV6_ROUTE_INFO
253 case ND_OPT_ROUTE_INFO:
254 ndopts->nd_opts_ri_end = nd_opt;
255 if (!ndopts->nd_opts_ri)
256 ndopts->nd_opts_ri = nd_opt;
257 break;
258#endif
259 default:
260 if (ndisc_is_useropt(dev, nd_opt)) {
261 ndopts->nd_useropts_end = nd_opt;
262 if (!ndopts->nd_useropts)
263 ndopts->nd_useropts = nd_opt;
264 } else {
265
266
267
268
269
270 ND_PRINTK(2, notice,
271 "%s: ignored unsupported option; type=%d, len=%d\n",
272 __func__,
273 nd_opt->nd_opt_type,
274 nd_opt->nd_opt_len);
275 }
276 }
277next_opt:
278 opt_len -= l;
279 nd_opt = ((void *)nd_opt) + l;
280 }
281 return ndopts;
282}
283
284int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
285{
286 switch (dev->type) {
287 case ARPHRD_ETHER:
288 case ARPHRD_IEEE802:
289 case ARPHRD_FDDI:
290 ipv6_eth_mc_map(addr, buf);
291 return 0;
292 case ARPHRD_ARCNET:
293 ipv6_arcnet_mc_map(addr, buf);
294 return 0;
295 case ARPHRD_INFINIBAND:
296 ipv6_ib_mc_map(addr, dev->broadcast, buf);
297 return 0;
298 case ARPHRD_IPGRE:
299 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
300 default:
301 if (dir) {
302 memcpy(buf, dev->broadcast, dev->addr_len);
303 return 0;
304 }
305 }
306 return -EINVAL;
307}
308EXPORT_SYMBOL(ndisc_mc_map);
309
310static u32 ndisc_hash(const void *pkey,
311 const struct net_device *dev,
312 __u32 *hash_rnd)
313{
314 return ndisc_hashfn(pkey, dev, hash_rnd);
315}
316
317static bool ndisc_key_eq(const struct neighbour *n, const void *pkey)
318{
319 return neigh_key_eq128(n, pkey);
320}
321
322static int ndisc_constructor(struct neighbour *neigh)
323{
324 struct in6_addr *addr = (struct in6_addr *)&neigh->primary_key;
325 struct net_device *dev = neigh->dev;
326 struct inet6_dev *in6_dev;
327 struct neigh_parms *parms;
328 bool is_multicast = ipv6_addr_is_multicast(addr);
329
330 in6_dev = in6_dev_get(dev);
331 if (!in6_dev) {
332 return -EINVAL;
333 }
334
335 parms = in6_dev->nd_parms;
336 __neigh_parms_put(neigh->parms);
337 neigh->parms = neigh_parms_clone(parms);
338
339 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
340 if (!dev->header_ops) {
341 neigh->nud_state = NUD_NOARP;
342 neigh->ops = &ndisc_direct_ops;
343 neigh->output = neigh_direct_output;
344 } else {
345 if (is_multicast) {
346 neigh->nud_state = NUD_NOARP;
347 ndisc_mc_map(addr, neigh->ha, dev, 1);
348 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
349 neigh->nud_state = NUD_NOARP;
350 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
351 if (dev->flags&IFF_LOOPBACK)
352 neigh->type = RTN_LOCAL;
353 } else if (dev->flags&IFF_POINTOPOINT) {
354 neigh->nud_state = NUD_NOARP;
355 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
356 }
357 if (dev->header_ops->cache)
358 neigh->ops = &ndisc_hh_ops;
359 else
360 neigh->ops = &ndisc_generic_ops;
361 if (neigh->nud_state&NUD_VALID)
362 neigh->output = neigh->ops->connected_output;
363 else
364 neigh->output = neigh->ops->output;
365 }
366 in6_dev_put(in6_dev);
367 return 0;
368}
369
370static int pndisc_constructor(struct pneigh_entry *n)
371{
372 struct in6_addr *addr = (struct in6_addr *)&n->key;
373 struct in6_addr maddr;
374 struct net_device *dev = n->dev;
375
376 if (!dev || !__in6_dev_get(dev))
377 return -EINVAL;
378 addrconf_addr_solict_mult(addr, &maddr);
379 ipv6_dev_mc_inc(dev, &maddr);
380 return 0;
381}
382
383static void pndisc_destructor(struct pneigh_entry *n)
384{
385 struct in6_addr *addr = (struct in6_addr *)&n->key;
386 struct in6_addr maddr;
387 struct net_device *dev = n->dev;
388
389 if (!dev || !__in6_dev_get(dev))
390 return;
391 addrconf_addr_solict_mult(addr, &maddr);
392 ipv6_dev_mc_dec(dev, &maddr);
393}
394
395
396static bool ndisc_allow_add(const struct net_device *dev,
397 struct netlink_ext_ack *extack)
398{
399 struct inet6_dev *idev = __in6_dev_get(dev);
400
401 if (!idev || idev->cnf.disable_ipv6) {
402 NL_SET_ERR_MSG(extack, "IPv6 is disabled on this device");
403 return false;
404 }
405
406 return true;
407}
408
409static struct sk_buff *ndisc_alloc_skb(struct net_device *dev,
410 int len)
411{
412 int hlen = LL_RESERVED_SPACE(dev);
413 int tlen = dev->needed_tailroom;
414 struct sock *sk = dev_net(dev)->ipv6.ndisc_sk;
415 struct sk_buff *skb;
416
417 skb = alloc_skb(hlen + sizeof(struct ipv6hdr) + len + tlen, GFP_ATOMIC);
418 if (!skb) {
419 ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb\n",
420 __func__);
421 return NULL;
422 }
423
424 skb->protocol = htons(ETH_P_IPV6);
425 skb->dev = dev;
426
427 skb_reserve(skb, hlen + sizeof(struct ipv6hdr));
428 skb_reset_transport_header(skb);
429
430
431
432
433 skb_set_owner_w(skb, sk);
434
435 return skb;
436}
437
438static void ip6_nd_hdr(struct sk_buff *skb,
439 const struct in6_addr *saddr,
440 const struct in6_addr *daddr,
441 int hop_limit, int len)
442{
443 struct ipv6hdr *hdr;
444 struct inet6_dev *idev;
445 unsigned tclass;
446
447 rcu_read_lock();
448 idev = __in6_dev_get(skb->dev);
449 tclass = idev ? idev->cnf.ndisc_tclass : 0;
450 rcu_read_unlock();
451
452 skb_push(skb, sizeof(*hdr));
453 skb_reset_network_header(skb);
454 hdr = ipv6_hdr(skb);
455
456 ip6_flow_hdr(hdr, tclass, 0);
457
458 hdr->payload_len = htons(len);
459 hdr->nexthdr = IPPROTO_ICMPV6;
460 hdr->hop_limit = hop_limit;
461
462 hdr->saddr = *saddr;
463 hdr->daddr = *daddr;
464}
465
466static void ndisc_send_skb(struct sk_buff *skb,
467 const struct in6_addr *daddr,
468 const struct in6_addr *saddr)
469{
470 struct dst_entry *dst = skb_dst(skb);
471 struct net *net = dev_net(skb->dev);
472 struct sock *sk = net->ipv6.ndisc_sk;
473 struct inet6_dev *idev;
474 int err;
475 struct icmp6hdr *icmp6h = icmp6_hdr(skb);
476 u8 type;
477
478 type = icmp6h->icmp6_type;
479
480 if (!dst) {
481 struct flowi6 fl6;
482 int oif = skb->dev->ifindex;
483
484 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, oif);
485 dst = icmp6_dst_alloc(skb->dev, &fl6);
486 if (IS_ERR(dst)) {
487 kfree_skb(skb);
488 return;
489 }
490
491 skb_dst_set(skb, dst);
492 }
493
494 icmp6h->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len,
495 IPPROTO_ICMPV6,
496 csum_partial(icmp6h,
497 skb->len, 0));
498
499 ip6_nd_hdr(skb, saddr, daddr, inet6_sk(sk)->hop_limit, skb->len);
500
501 rcu_read_lock();
502 idev = __in6_dev_get(dst->dev);
503 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
504
505 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT,
506 net, sk, skb, NULL, dst->dev,
507 dst_output);
508 if (!err) {
509 ICMP6MSGOUT_INC_STATS(net, idev, type);
510 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
511 }
512
513 rcu_read_unlock();
514}
515
516void ndisc_send_na(struct net_device *dev, const struct in6_addr *daddr,
517 const struct in6_addr *solicited_addr,
518 bool router, bool solicited, bool override, bool inc_opt)
519{
520 struct sk_buff *skb;
521 struct in6_addr tmpaddr;
522 struct inet6_ifaddr *ifp;
523 const struct in6_addr *src_addr;
524 struct nd_msg *msg;
525 int optlen = 0;
526
527
528 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
529 if (ifp) {
530 src_addr = solicited_addr;
531 if (ifp->flags & IFA_F_OPTIMISTIC)
532 override = false;
533 inc_opt |= ifp->idev->cnf.force_tllao;
534 in6_ifa_put(ifp);
535 } else {
536 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
537 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
538 &tmpaddr))
539 return;
540 src_addr = &tmpaddr;
541 }
542
543 if (!dev->addr_len)
544 inc_opt = false;
545 if (inc_opt)
546 optlen += ndisc_opt_addr_space(dev,
547 NDISC_NEIGHBOUR_ADVERTISEMENT);
548
549 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
550 if (!skb)
551 return;
552
553 msg = skb_put(skb, sizeof(*msg));
554 *msg = (struct nd_msg) {
555 .icmph = {
556 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
557 .icmp6_router = router,
558 .icmp6_solicited = solicited,
559 .icmp6_override = override,
560 },
561 .target = *solicited_addr,
562 };
563
564 if (inc_opt)
565 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR,
566 dev->dev_addr,
567 NDISC_NEIGHBOUR_ADVERTISEMENT);
568
569 ndisc_send_skb(skb, daddr, src_addr);
570}
571
572static void ndisc_send_unsol_na(struct net_device *dev)
573{
574 struct inet6_dev *idev;
575 struct inet6_ifaddr *ifa;
576
577 idev = in6_dev_get(dev);
578 if (!idev)
579 return;
580
581 read_lock_bh(&idev->lock);
582 list_for_each_entry(ifa, &idev->addr_list, if_list) {
583
584 if (ifa->flags & IFA_F_TENTATIVE &&
585 !(ifa->flags & IFA_F_OPTIMISTIC))
586 continue;
587
588 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &ifa->addr,
589 !!idev->cnf.forwarding,
590 false, true,
591 true);
592 }
593 read_unlock_bh(&idev->lock);
594
595 in6_dev_put(idev);
596}
597
598void ndisc_send_ns(struct net_device *dev, const struct in6_addr *solicit,
599 const struct in6_addr *daddr, const struct in6_addr *saddr,
600 u64 nonce)
601{
602 struct sk_buff *skb;
603 struct in6_addr addr_buf;
604 int inc_opt = dev->addr_len;
605 int optlen = 0;
606 struct nd_msg *msg;
607
608 if (!saddr) {
609 if (ipv6_get_lladdr(dev, &addr_buf,
610 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
611 return;
612 saddr = &addr_buf;
613 }
614
615 if (ipv6_addr_any(saddr))
616 inc_opt = false;
617 if (inc_opt)
618 optlen += ndisc_opt_addr_space(dev,
619 NDISC_NEIGHBOUR_SOLICITATION);
620 if (nonce != 0)
621 optlen += 8;
622
623 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
624 if (!skb)
625 return;
626
627 msg = skb_put(skb, sizeof(*msg));
628 *msg = (struct nd_msg) {
629 .icmph = {
630 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
631 },
632 .target = *solicit,
633 };
634
635 if (inc_opt)
636 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
637 dev->dev_addr,
638 NDISC_NEIGHBOUR_SOLICITATION);
639 if (nonce != 0) {
640 u8 *opt = skb_put(skb, 8);
641
642 opt[0] = ND_OPT_NONCE;
643 opt[1] = 8 >> 3;
644 memcpy(opt + 2, &nonce, 6);
645 }
646
647 ndisc_send_skb(skb, daddr, saddr);
648}
649
650void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
651 const struct in6_addr *daddr)
652{
653 struct sk_buff *skb;
654 struct rs_msg *msg;
655 int send_sllao = dev->addr_len;
656 int optlen = 0;
657
658#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
659
660
661
662
663
664
665
666
667 if (send_sllao) {
668 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
669 dev, 1);
670 if (ifp) {
671 if (ifp->flags & IFA_F_OPTIMISTIC) {
672 send_sllao = 0;
673 }
674 in6_ifa_put(ifp);
675 } else {
676 send_sllao = 0;
677 }
678 }
679#endif
680 if (send_sllao)
681 optlen += ndisc_opt_addr_space(dev, NDISC_ROUTER_SOLICITATION);
682
683 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
684 if (!skb)
685 return;
686
687 msg = skb_put(skb, sizeof(*msg));
688 *msg = (struct rs_msg) {
689 .icmph = {
690 .icmp6_type = NDISC_ROUTER_SOLICITATION,
691 },
692 };
693
694 if (send_sllao)
695 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
696 dev->dev_addr,
697 NDISC_ROUTER_SOLICITATION);
698
699 ndisc_send_skb(skb, daddr, saddr);
700}
701
702
703static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
704{
705
706
707
708
709 dst_link_failure(skb);
710 kfree_skb(skb);
711}
712
713
714
715static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
716{
717 struct in6_addr *saddr = NULL;
718 struct in6_addr mcaddr;
719 struct net_device *dev = neigh->dev;
720 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
721 int probes = atomic_read(&neigh->probes);
722
723 if (skb && ipv6_chk_addr_and_flags(dev_net(dev), &ipv6_hdr(skb)->saddr,
724 dev, false, 1,
725 IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))
726 saddr = &ipv6_hdr(skb)->saddr;
727 probes -= NEIGH_VAR(neigh->parms, UCAST_PROBES);
728 if (probes < 0) {
729 if (!(neigh->nud_state & NUD_VALID)) {
730 ND_PRINTK(1, dbg,
731 "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
732 __func__, target);
733 }
734 ndisc_send_ns(dev, target, target, saddr, 0);
735 } else if ((probes -= NEIGH_VAR(neigh->parms, APP_PROBES)) < 0) {
736 neigh_app_ns(neigh);
737 } else {
738 addrconf_addr_solict_mult(target, &mcaddr);
739 ndisc_send_ns(dev, target, &mcaddr, saddr, 0);
740 }
741}
742
743static int pndisc_is_router(const void *pkey,
744 struct net_device *dev)
745{
746 struct pneigh_entry *n;
747 int ret = -1;
748
749 read_lock_bh(&nd_tbl.lock);
750 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
751 if (n)
752 ret = !!(n->flags & NTF_ROUTER);
753 read_unlock_bh(&nd_tbl.lock);
754
755 return ret;
756}
757
758void ndisc_update(const struct net_device *dev, struct neighbour *neigh,
759 const u8 *lladdr, u8 new, u32 flags, u8 icmp6_type,
760 struct ndisc_options *ndopts)
761{
762 neigh_update(neigh, lladdr, new, flags, 0);
763
764 ndisc_ops_update(dev, neigh, flags, icmp6_type, ndopts);
765}
766
767static void ndisc_recv_ns(struct sk_buff *skb)
768{
769 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
770 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
771 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
772 u8 *lladdr = NULL;
773 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
774 offsetof(struct nd_msg, opt));
775 struct ndisc_options ndopts;
776 struct net_device *dev = skb->dev;
777 struct inet6_ifaddr *ifp;
778 struct inet6_dev *idev = NULL;
779 struct neighbour *neigh;
780 int dad = ipv6_addr_any(saddr);
781 bool inc;
782 int is_router = -1;
783 u64 nonce = 0;
784
785 if (skb->len < sizeof(struct nd_msg)) {
786 ND_PRINTK(2, warn, "NS: packet too short\n");
787 return;
788 }
789
790 if (ipv6_addr_is_multicast(&msg->target)) {
791 ND_PRINTK(2, warn, "NS: multicast target address\n");
792 return;
793 }
794
795
796
797
798
799 if (dad && !ipv6_addr_is_solict_mult(daddr)) {
800 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
801 return;
802 }
803
804 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
805 ND_PRINTK(2, warn, "NS: invalid ND options\n");
806 return;
807 }
808
809 if (ndopts.nd_opts_src_lladdr) {
810 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
811 if (!lladdr) {
812 ND_PRINTK(2, warn,
813 "NS: invalid link-layer address length\n");
814 return;
815 }
816
817
818
819
820
821
822 if (dad) {
823 ND_PRINTK(2, warn,
824 "NS: bad DAD packet (link-layer address option)\n");
825 return;
826 }
827 }
828 if (ndopts.nd_opts_nonce && ndopts.nd_opts_nonce->nd_opt_len == 1)
829 memcpy(&nonce, (u8 *)(ndopts.nd_opts_nonce + 1), 6);
830
831 inc = ipv6_addr_is_multicast(daddr);
832
833 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
834 if (ifp) {
835have_ifp:
836 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
837 if (dad) {
838 if (nonce != 0 && ifp->dad_nonce == nonce) {
839 u8 *np = (u8 *)&nonce;
840
841 ND_PRINTK(2, notice,
842 "%s: IPv6 DAD loopback for address %pI6c nonce %pM ignored\n",
843 ifp->idev->dev->name,
844 &ifp->addr, np);
845 goto out;
846 }
847
848
849
850
851
852 addrconf_dad_failure(skb, ifp);
853 return;
854 } else {
855
856
857
858
859
860
861 if (!(ifp->flags & IFA_F_OPTIMISTIC))
862 goto out;
863 }
864 }
865
866 idev = ifp->idev;
867 } else {
868 struct net *net = dev_net(dev);
869
870
871 if (netif_is_l3_slave(dev)) {
872 struct net_device *mdev;
873
874 mdev = netdev_master_upper_dev_get_rcu(dev);
875 if (mdev) {
876 ifp = ipv6_get_ifaddr(net, &msg->target, mdev, 1);
877 if (ifp)
878 goto have_ifp;
879 }
880 }
881
882 idev = in6_dev_get(dev);
883 if (!idev) {
884
885 return;
886 }
887
888 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
889 (idev->cnf.forwarding &&
890 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
891 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
892 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
893 skb->pkt_type != PACKET_HOST &&
894 inc &&
895 NEIGH_VAR(idev->nd_parms, PROXY_DELAY) != 0) {
896
897
898
899
900
901
902
903 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
904 if (n)
905 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
906 goto out;
907 }
908 } else
909 goto out;
910 }
911
912 if (is_router < 0)
913 is_router = idev->cnf.forwarding;
914
915 if (dad) {
916 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &msg->target,
917 !!is_router, false, (ifp != NULL), true);
918 goto out;
919 }
920
921 if (inc)
922 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
923 else
924 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
925
926
927
928
929
930 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
931 !inc || lladdr || !dev->addr_len);
932 if (neigh)
933 ndisc_update(dev, neigh, lladdr, NUD_STALE,
934 NEIGH_UPDATE_F_WEAK_OVERRIDE|
935 NEIGH_UPDATE_F_OVERRIDE,
936 NDISC_NEIGHBOUR_SOLICITATION, &ndopts);
937 if (neigh || !dev->header_ops) {
938 ndisc_send_na(dev, saddr, &msg->target, !!is_router,
939 true, (ifp != NULL && inc), inc);
940 if (neigh)
941 neigh_release(neigh);
942 }
943
944out:
945 if (ifp)
946 in6_ifa_put(ifp);
947 else
948 in6_dev_put(idev);
949}
950
951static void ndisc_recv_na(struct sk_buff *skb)
952{
953 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
954 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
955 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
956 u8 *lladdr = NULL;
957 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
958 offsetof(struct nd_msg, opt));
959 struct ndisc_options ndopts;
960 struct net_device *dev = skb->dev;
961 struct inet6_dev *idev = __in6_dev_get(dev);
962 struct inet6_ifaddr *ifp;
963 struct neighbour *neigh;
964
965 if (skb->len < sizeof(struct nd_msg)) {
966 ND_PRINTK(2, warn, "NA: packet too short\n");
967 return;
968 }
969
970 if (ipv6_addr_is_multicast(&msg->target)) {
971 ND_PRINTK(2, warn, "NA: target address is multicast\n");
972 return;
973 }
974
975 if (ipv6_addr_is_multicast(daddr) &&
976 msg->icmph.icmp6_solicited) {
977 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
978 return;
979 }
980
981
982
983
984
985 if (!msg->icmph.icmp6_solicited && idev &&
986 idev->cnf.drop_unsolicited_na)
987 return;
988
989 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
990 ND_PRINTK(2, warn, "NS: invalid ND option\n");
991 return;
992 }
993 if (ndopts.nd_opts_tgt_lladdr) {
994 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
995 if (!lladdr) {
996 ND_PRINTK(2, warn,
997 "NA: invalid link-layer address length\n");
998 return;
999 }
1000 }
1001 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
1002 if (ifp) {
1003 if (skb->pkt_type != PACKET_LOOPBACK
1004 && (ifp->flags & IFA_F_TENTATIVE)) {
1005 addrconf_dad_failure(skb, ifp);
1006 return;
1007 }
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017 if (skb->pkt_type != PACKET_LOOPBACK)
1018 ND_PRINTK(1, warn,
1019 "NA: %pM advertised our address %pI6c on %s!\n",
1020 eth_hdr(skb)->h_source, &ifp->addr, ifp->idev->dev->name);
1021 in6_ifa_put(ifp);
1022 return;
1023 }
1024 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
1025
1026 if (neigh) {
1027 u8 old_flags = neigh->flags;
1028 struct net *net = dev_net(dev);
1029
1030 if (neigh->nud_state & NUD_FAILED)
1031 goto out;
1032
1033
1034
1035
1036
1037
1038 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
1039 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
1040 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
1041
1042 goto out;
1043 }
1044
1045 ndisc_update(dev, neigh, lladdr,
1046 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
1047 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1048 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
1049 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1050 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0),
1051 NDISC_NEIGHBOUR_ADVERTISEMENT, &ndopts);
1052
1053 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
1054
1055
1056
1057 rt6_clean_tohost(dev_net(dev), saddr);
1058 }
1059
1060out:
1061 neigh_release(neigh);
1062 }
1063}
1064
1065static void ndisc_recv_rs(struct sk_buff *skb)
1066{
1067 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
1068 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
1069 struct neighbour *neigh;
1070 struct inet6_dev *idev;
1071 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
1072 struct ndisc_options ndopts;
1073 u8 *lladdr = NULL;
1074
1075 if (skb->len < sizeof(*rs_msg))
1076 return;
1077
1078 idev = __in6_dev_get(skb->dev);
1079 if (!idev) {
1080 ND_PRINTK(1, err, "RS: can't find in6 device\n");
1081 return;
1082 }
1083
1084
1085 if (!idev->cnf.forwarding)
1086 goto out;
1087
1088
1089
1090
1091
1092 if (ipv6_addr_any(saddr))
1093 goto out;
1094
1095
1096 if (!ndisc_parse_options(skb->dev, rs_msg->opt, ndoptlen, &ndopts)) {
1097 ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n");
1098 goto out;
1099 }
1100
1101 if (ndopts.nd_opts_src_lladdr) {
1102 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1103 skb->dev);
1104 if (!lladdr)
1105 goto out;
1106 }
1107
1108 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1109 if (neigh) {
1110 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1111 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1112 NEIGH_UPDATE_F_OVERRIDE|
1113 NEIGH_UPDATE_F_OVERRIDE_ISROUTER,
1114 NDISC_ROUTER_SOLICITATION, &ndopts);
1115 neigh_release(neigh);
1116 }
1117out:
1118 return;
1119}
1120
1121static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1122{
1123 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1124 struct sk_buff *skb;
1125 struct nlmsghdr *nlh;
1126 struct nduseroptmsg *ndmsg;
1127 struct net *net = dev_net(ra->dev);
1128 int err;
1129 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1130 + (opt->nd_opt_len << 3));
1131 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1132
1133 skb = nlmsg_new(msg_size, GFP_ATOMIC);
1134 if (!skb) {
1135 err = -ENOBUFS;
1136 goto errout;
1137 }
1138
1139 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1140 if (!nlh) {
1141 goto nla_put_failure;
1142 }
1143
1144 ndmsg = nlmsg_data(nlh);
1145 ndmsg->nduseropt_family = AF_INET6;
1146 ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1147 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1148 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1149 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1150
1151 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1152
1153 if (nla_put_in6_addr(skb, NDUSEROPT_SRCADDR, &ipv6_hdr(ra)->saddr))
1154 goto nla_put_failure;
1155 nlmsg_end(skb, nlh);
1156
1157 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1158 return;
1159
1160nla_put_failure:
1161 nlmsg_free(skb);
1162 err = -EMSGSIZE;
1163errout:
1164 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1165}
1166
1167static void ndisc_router_discovery(struct sk_buff *skb)
1168{
1169 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1170 struct neighbour *neigh = NULL;
1171 struct inet6_dev *in6_dev;
1172 struct fib6_info *rt = NULL;
1173 struct net *net;
1174 int lifetime;
1175 struct ndisc_options ndopts;
1176 int optlen;
1177 unsigned int pref = 0;
1178 __u32 old_if_flags;
1179 bool send_ifinfo_notify = false;
1180
1181 __u8 *opt = (__u8 *)(ra_msg + 1);
1182
1183 optlen = (skb_tail_pointer(skb) - skb_transport_header(skb)) -
1184 sizeof(struct ra_msg);
1185
1186 ND_PRINTK(2, info,
1187 "RA: %s, dev: %s\n",
1188 __func__, skb->dev->name);
1189 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1190 ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1191 return;
1192 }
1193 if (optlen < 0) {
1194 ND_PRINTK(2, warn, "RA: packet too short\n");
1195 return;
1196 }
1197
1198#ifdef CONFIG_IPV6_NDISC_NODETYPE
1199 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1200 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
1201 return;
1202 }
1203#endif
1204
1205
1206
1207
1208
1209 in6_dev = __in6_dev_get(skb->dev);
1210 if (!in6_dev) {
1211 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1212 skb->dev->name);
1213 return;
1214 }
1215
1216 if (!ndisc_parse_options(skb->dev, opt, optlen, &ndopts)) {
1217 ND_PRINTK(2, warn, "RA: invalid ND options\n");
1218 return;
1219 }
1220
1221 if (!ipv6_accept_ra(in6_dev)) {
1222 ND_PRINTK(2, info,
1223 "RA: %s, did not accept ra for dev: %s\n",
1224 __func__, skb->dev->name);
1225 goto skip_linkparms;
1226 }
1227
1228#ifdef CONFIG_IPV6_NDISC_NODETYPE
1229
1230 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1231 ND_PRINTK(2, info,
1232 "RA: %s, nodetype is NODEFAULT, dev: %s\n",
1233 __func__, skb->dev->name);
1234 goto skip_linkparms;
1235 }
1236#endif
1237
1238 if (in6_dev->if_flags & IF_RS_SENT) {
1239
1240
1241
1242
1243 in6_dev->if_flags |= IF_RA_RCVD;
1244 }
1245
1246
1247
1248
1249
1250 old_if_flags = in6_dev->if_flags;
1251 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1252 IF_RA_OTHERCONF)) |
1253 (ra_msg->icmph.icmp6_addrconf_managed ?
1254 IF_RA_MANAGED : 0) |
1255 (ra_msg->icmph.icmp6_addrconf_other ?
1256 IF_RA_OTHERCONF : 0);
1257
1258 if (old_if_flags != in6_dev->if_flags)
1259 send_ifinfo_notify = true;
1260
1261 if (!in6_dev->cnf.accept_ra_defrtr) {
1262 ND_PRINTK(2, info,
1263 "RA: %s, defrtr is false for dev: %s\n",
1264 __func__, skb->dev->name);
1265 goto skip_defrtr;
1266 }
1267
1268
1269
1270
1271 net = dev_net(in6_dev->dev);
1272 if (!in6_dev->cnf.accept_ra_from_local &&
1273 ipv6_chk_addr(net, &ipv6_hdr(skb)->saddr, in6_dev->dev, 0)) {
1274 ND_PRINTK(2, info,
1275 "RA from local address detected on dev: %s: default router ignored\n",
1276 skb->dev->name);
1277 goto skip_defrtr;
1278 }
1279
1280 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1281
1282#ifdef CONFIG_IPV6_ROUTER_PREF
1283 pref = ra_msg->icmph.icmp6_router_pref;
1284
1285 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1286 !in6_dev->cnf.accept_ra_rtr_pref)
1287 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1288#endif
1289
1290 rt = rt6_get_dflt_router(net, &ipv6_hdr(skb)->saddr, skb->dev);
1291 if (rt) {
1292 neigh = ip6_neigh_lookup(&rt->fib6_nh->fib_nh_gw6,
1293 rt->fib6_nh->fib_nh_dev, NULL,
1294 &ipv6_hdr(skb)->saddr);
1295 if (!neigh) {
1296 ND_PRINTK(0, err,
1297 "RA: %s got default router without neighbour\n",
1298 __func__);
1299 fib6_info_release(rt);
1300 return;
1301 }
1302 }
1303 if (rt && lifetime == 0) {
1304 ip6_del_rt(net, rt);
1305 rt = NULL;
1306 }
1307
1308 ND_PRINTK(3, info, "RA: rt: %p lifetime: %d, for dev: %s\n",
1309 rt, lifetime, skb->dev->name);
1310 if (!rt && lifetime) {
1311 ND_PRINTK(3, info, "RA: adding default router\n");
1312
1313 rt = rt6_add_dflt_router(net, &ipv6_hdr(skb)->saddr,
1314 skb->dev, pref);
1315 if (!rt) {
1316 ND_PRINTK(0, err,
1317 "RA: %s failed to add default route\n",
1318 __func__);
1319 return;
1320 }
1321
1322 neigh = ip6_neigh_lookup(&rt->fib6_nh->fib_nh_gw6,
1323 rt->fib6_nh->fib_nh_dev, NULL,
1324 &ipv6_hdr(skb)->saddr);
1325 if (!neigh) {
1326 ND_PRINTK(0, err,
1327 "RA: %s got default router without neighbour\n",
1328 __func__);
1329 fib6_info_release(rt);
1330 return;
1331 }
1332 neigh->flags |= NTF_ROUTER;
1333 } else if (rt) {
1334 rt->fib6_flags = (rt->fib6_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1335 }
1336
1337 if (rt)
1338 fib6_set_expires(rt, jiffies + (HZ * lifetime));
1339 if (in6_dev->cnf.accept_ra_min_hop_limit < 256 &&
1340 ra_msg->icmph.icmp6_hop_limit) {
1341 if (in6_dev->cnf.accept_ra_min_hop_limit <= ra_msg->icmph.icmp6_hop_limit) {
1342 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1343 fib6_metric_set(rt, RTAX_HOPLIMIT,
1344 ra_msg->icmph.icmp6_hop_limit);
1345 } else {
1346 ND_PRINTK(2, warn, "RA: Got route advertisement with lower hop_limit than minimum\n");
1347 }
1348 }
1349
1350skip_defrtr:
1351
1352
1353
1354
1355
1356 if (in6_dev->nd_parms) {
1357 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1358
1359 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1360 rtime = (rtime*HZ)/1000;
1361 if (rtime < HZ/10)
1362 rtime = HZ/10;
1363 NEIGH_VAR_SET(in6_dev->nd_parms, RETRANS_TIME, rtime);
1364 in6_dev->tstamp = jiffies;
1365 send_ifinfo_notify = true;
1366 }
1367
1368 rtime = ntohl(ra_msg->reachable_time);
1369 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1370 rtime = (rtime*HZ)/1000;
1371
1372 if (rtime < HZ/10)
1373 rtime = HZ/10;
1374
1375 if (rtime != NEIGH_VAR(in6_dev->nd_parms, BASE_REACHABLE_TIME)) {
1376 NEIGH_VAR_SET(in6_dev->nd_parms,
1377 BASE_REACHABLE_TIME, rtime);
1378 NEIGH_VAR_SET(in6_dev->nd_parms,
1379 GC_STALETIME, 3 * rtime);
1380 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1381 in6_dev->tstamp = jiffies;
1382 send_ifinfo_notify = true;
1383 }
1384 }
1385 }
1386
1387
1388
1389
1390 if (send_ifinfo_notify)
1391 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1392
1393skip_linkparms:
1394
1395
1396
1397
1398
1399 if (!neigh)
1400 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1401 skb->dev, 1);
1402 if (neigh) {
1403 u8 *lladdr = NULL;
1404 if (ndopts.nd_opts_src_lladdr) {
1405 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1406 skb->dev);
1407 if (!lladdr) {
1408 ND_PRINTK(2, warn,
1409 "RA: invalid link-layer address length\n");
1410 goto out;
1411 }
1412 }
1413 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1414 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1415 NEIGH_UPDATE_F_OVERRIDE|
1416 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1417 NEIGH_UPDATE_F_ISROUTER,
1418 NDISC_ROUTER_ADVERTISEMENT, &ndopts);
1419 }
1420
1421 if (!ipv6_accept_ra(in6_dev)) {
1422 ND_PRINTK(2, info,
1423 "RA: %s, accept_ra is false for dev: %s\n",
1424 __func__, skb->dev->name);
1425 goto out;
1426 }
1427
1428#ifdef CONFIG_IPV6_ROUTE_INFO
1429 if (!in6_dev->cnf.accept_ra_from_local &&
1430 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
1431 in6_dev->dev, 0)) {
1432 ND_PRINTK(2, info,
1433 "RA from local address detected on dev: %s: router info ignored.\n",
1434 skb->dev->name);
1435 goto skip_routeinfo;
1436 }
1437
1438 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1439 struct nd_opt_hdr *p;
1440 for (p = ndopts.nd_opts_ri;
1441 p;
1442 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1443 struct route_info *ri = (struct route_info *)p;
1444#ifdef CONFIG_IPV6_NDISC_NODETYPE
1445 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1446 ri->prefix_len == 0)
1447 continue;
1448#endif
1449 if (ri->prefix_len == 0 &&
1450 !in6_dev->cnf.accept_ra_defrtr)
1451 continue;
1452 if (ri->prefix_len < in6_dev->cnf.accept_ra_rt_info_min_plen)
1453 continue;
1454 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1455 continue;
1456 rt6_route_rcv(skb->dev, (u8 *)p, (p->nd_opt_len) << 3,
1457 &ipv6_hdr(skb)->saddr);
1458 }
1459 }
1460
1461skip_routeinfo:
1462#endif
1463
1464#ifdef CONFIG_IPV6_NDISC_NODETYPE
1465
1466 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1467 ND_PRINTK(2, info,
1468 "RA: %s, nodetype is NODEFAULT (interior routes), dev: %s\n",
1469 __func__, skb->dev->name);
1470 goto out;
1471 }
1472#endif
1473
1474 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1475 struct nd_opt_hdr *p;
1476 for (p = ndopts.nd_opts_pi;
1477 p;
1478 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1479 addrconf_prefix_rcv(skb->dev, (u8 *)p,
1480 (p->nd_opt_len) << 3,
1481 ndopts.nd_opts_src_lladdr != NULL);
1482 }
1483 }
1484
1485 if (ndopts.nd_opts_mtu && in6_dev->cnf.accept_ra_mtu) {
1486 __be32 n;
1487 u32 mtu;
1488
1489 memcpy(&n, ((u8 *)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1490 mtu = ntohl(n);
1491
1492 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1493 ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1494 } else if (in6_dev->cnf.mtu6 != mtu) {
1495 in6_dev->cnf.mtu6 = mtu;
1496 fib6_metric_set(rt, RTAX_MTU, mtu);
1497 rt6_mtu_change(skb->dev, mtu);
1498 }
1499 }
1500
1501 if (ndopts.nd_useropts) {
1502 struct nd_opt_hdr *p;
1503 for (p = ndopts.nd_useropts;
1504 p;
1505 p = ndisc_next_useropt(skb->dev, p,
1506 ndopts.nd_useropts_end)) {
1507 ndisc_ra_useropt(skb, p);
1508 }
1509 }
1510
1511 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1512 ND_PRINTK(2, warn, "RA: invalid RA options\n");
1513 }
1514out:
1515 fib6_info_release(rt);
1516 if (neigh)
1517 neigh_release(neigh);
1518}
1519
1520static void ndisc_redirect_rcv(struct sk_buff *skb)
1521{
1522 u8 *hdr;
1523 struct ndisc_options ndopts;
1524 struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb);
1525 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
1526 offsetof(struct rd_msg, opt));
1527
1528#ifdef CONFIG_IPV6_NDISC_NODETYPE
1529 switch (skb->ndisc_nodetype) {
1530 case NDISC_NODETYPE_HOST:
1531 case NDISC_NODETYPE_NODEFAULT:
1532 ND_PRINTK(2, warn,
1533 "Redirect: from host or unauthorized router\n");
1534 return;
1535 }
1536#endif
1537
1538 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1539 ND_PRINTK(2, warn,
1540 "Redirect: source address is not link-local\n");
1541 return;
1542 }
1543
1544 if (!ndisc_parse_options(skb->dev, msg->opt, ndoptlen, &ndopts))
1545 return;
1546
1547 if (!ndopts.nd_opts_rh) {
1548 ip6_redirect_no_header(skb, dev_net(skb->dev),
1549 skb->dev->ifindex);
1550 return;
1551 }
1552
1553 hdr = (u8 *)ndopts.nd_opts_rh;
1554 hdr += 8;
1555 if (!pskb_pull(skb, hdr - skb_transport_header(skb)))
1556 return;
1557
1558 icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1559}
1560
1561static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb,
1562 struct sk_buff *orig_skb,
1563 int rd_len)
1564{
1565 u8 *opt = skb_put(skb, rd_len);
1566
1567 memset(opt, 0, 8);
1568 *(opt++) = ND_OPT_REDIRECT_HDR;
1569 *(opt++) = (rd_len >> 3);
1570 opt += 6;
1571
1572 skb_copy_bits(orig_skb, skb_network_offset(orig_skb), opt,
1573 rd_len - 8);
1574}
1575
1576void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1577{
1578 struct net_device *dev = skb->dev;
1579 struct net *net = dev_net(dev);
1580 struct sock *sk = net->ipv6.ndisc_sk;
1581 int optlen = 0;
1582 struct inet_peer *peer;
1583 struct sk_buff *buff;
1584 struct rd_msg *msg;
1585 struct in6_addr saddr_buf;
1586 struct rt6_info *rt;
1587 struct dst_entry *dst;
1588 struct flowi6 fl6;
1589 int rd_len;
1590 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL,
1591 ops_data_buf[NDISC_OPS_REDIRECT_DATA_SPACE], *ops_data = NULL;
1592 bool ret;
1593
1594 if (netif_is_l3_master(skb->dev)) {
1595 dev = __dev_get_by_index(dev_net(skb->dev), IPCB(skb)->iif);
1596 if (!dev)
1597 return;
1598 }
1599
1600 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1601 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1602 dev->name);
1603 return;
1604 }
1605
1606 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1607 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1608 ND_PRINTK(2, warn,
1609 "Redirect: target address is not link-local unicast\n");
1610 return;
1611 }
1612
1613 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1614 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1615
1616 dst = ip6_route_output(net, NULL, &fl6);
1617 if (dst->error) {
1618 dst_release(dst);
1619 return;
1620 }
1621 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1622 if (IS_ERR(dst))
1623 return;
1624
1625 rt = (struct rt6_info *) dst;
1626
1627 if (rt->rt6i_flags & RTF_GATEWAY) {
1628 ND_PRINTK(2, warn,
1629 "Redirect: destination is not a neighbour\n");
1630 goto release;
1631 }
1632 peer = inet_getpeer_v6(net->ipv6.peers, &ipv6_hdr(skb)->saddr, 1);
1633 ret = inet_peer_xrlim_allow(peer, 1*HZ);
1634 if (peer)
1635 inet_putpeer(peer);
1636 if (!ret)
1637 goto release;
1638
1639 if (dev->addr_len) {
1640 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1641 if (!neigh) {
1642 ND_PRINTK(2, warn,
1643 "Redirect: no neigh for target address\n");
1644 goto release;
1645 }
1646
1647 read_lock_bh(&neigh->lock);
1648 if (neigh->nud_state & NUD_VALID) {
1649 memcpy(ha_buf, neigh->ha, dev->addr_len);
1650 read_unlock_bh(&neigh->lock);
1651 ha = ha_buf;
1652 optlen += ndisc_redirect_opt_addr_space(dev, neigh,
1653 ops_data_buf,
1654 &ops_data);
1655 } else
1656 read_unlock_bh(&neigh->lock);
1657
1658 neigh_release(neigh);
1659 }
1660
1661 rd_len = min_t(unsigned int,
1662 IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen,
1663 skb->len + 8);
1664 rd_len &= ~0x7;
1665 optlen += rd_len;
1666
1667 buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
1668 if (!buff)
1669 goto release;
1670
1671 msg = skb_put(buff, sizeof(*msg));
1672 *msg = (struct rd_msg) {
1673 .icmph = {
1674 .icmp6_type = NDISC_REDIRECT,
1675 },
1676 .target = *target,
1677 .dest = ipv6_hdr(skb)->daddr,
1678 };
1679
1680
1681
1682
1683
1684 if (ha)
1685 ndisc_fill_redirect_addr_option(buff, ha, ops_data);
1686
1687
1688
1689
1690
1691 if (rd_len)
1692 ndisc_fill_redirect_hdr_option(buff, skb, rd_len);
1693
1694 skb_dst_set(buff, dst);
1695 ndisc_send_skb(buff, &ipv6_hdr(skb)->saddr, &saddr_buf);
1696 return;
1697
1698release:
1699 dst_release(dst);
1700}
1701
1702static void pndisc_redo(struct sk_buff *skb)
1703{
1704 ndisc_recv_ns(skb);
1705 kfree_skb(skb);
1706}
1707
1708static bool ndisc_suppress_frag_ndisc(struct sk_buff *skb)
1709{
1710 struct inet6_dev *idev = __in6_dev_get(skb->dev);
1711
1712 if (!idev)
1713 return true;
1714 if (IP6CB(skb)->flags & IP6SKB_FRAGMENTED &&
1715 idev->cnf.suppress_frag_ndisc) {
1716 net_warn_ratelimited("Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.\n");
1717 return true;
1718 }
1719 return false;
1720}
1721
1722int ndisc_rcv(struct sk_buff *skb)
1723{
1724 struct nd_msg *msg;
1725
1726 if (ndisc_suppress_frag_ndisc(skb))
1727 return 0;
1728
1729 if (skb_linearize(skb))
1730 return 0;
1731
1732 msg = (struct nd_msg *)skb_transport_header(skb);
1733
1734 __skb_push(skb, skb->data - skb_transport_header(skb));
1735
1736 if (ipv6_hdr(skb)->hop_limit != 255) {
1737 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1738 ipv6_hdr(skb)->hop_limit);
1739 return 0;
1740 }
1741
1742 if (msg->icmph.icmp6_code != 0) {
1743 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1744 msg->icmph.icmp6_code);
1745 return 0;
1746 }
1747
1748 switch (msg->icmph.icmp6_type) {
1749 case NDISC_NEIGHBOUR_SOLICITATION:
1750 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1751 ndisc_recv_ns(skb);
1752 break;
1753
1754 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1755 ndisc_recv_na(skb);
1756 break;
1757
1758 case NDISC_ROUTER_SOLICITATION:
1759 ndisc_recv_rs(skb);
1760 break;
1761
1762 case NDISC_ROUTER_ADVERTISEMENT:
1763 ndisc_router_discovery(skb);
1764 break;
1765
1766 case NDISC_REDIRECT:
1767 ndisc_redirect_rcv(skb);
1768 break;
1769 }
1770
1771 return 0;
1772}
1773
1774static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1775{
1776 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1777 struct netdev_notifier_change_info *change_info;
1778 struct net *net = dev_net(dev);
1779 struct inet6_dev *idev;
1780
1781 switch (event) {
1782 case NETDEV_CHANGEADDR:
1783 neigh_changeaddr(&nd_tbl, dev);
1784 fib6_run_gc(0, net, false);
1785
1786 case NETDEV_UP:
1787 idev = in6_dev_get(dev);
1788 if (!idev)
1789 break;
1790 if (idev->cnf.ndisc_notify ||
1791 net->ipv6.devconf_all->ndisc_notify)
1792 ndisc_send_unsol_na(dev);
1793 in6_dev_put(idev);
1794 break;
1795 case NETDEV_CHANGE:
1796 change_info = ptr;
1797 if (change_info->flags_changed & IFF_NOARP)
1798 neigh_changeaddr(&nd_tbl, dev);
1799 if (!netif_carrier_ok(dev))
1800 neigh_carrier_down(&nd_tbl, dev);
1801 break;
1802 case NETDEV_DOWN:
1803 neigh_ifdown(&nd_tbl, dev);
1804 fib6_run_gc(0, net, false);
1805 break;
1806 case NETDEV_NOTIFY_PEERS:
1807 ndisc_send_unsol_na(dev);
1808 break;
1809 default:
1810 break;
1811 }
1812
1813 return NOTIFY_DONE;
1814}
1815
1816static struct notifier_block ndisc_netdev_notifier = {
1817 .notifier_call = ndisc_netdev_event,
1818 .priority = ADDRCONF_NOTIFY_PRIORITY - 5,
1819};
1820
1821#ifdef CONFIG_SYSCTL
1822static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1823 const char *func, const char *dev_name)
1824{
1825 static char warncomm[TASK_COMM_LEN];
1826 static int warned;
1827 if (strcmp(warncomm, current->comm) && warned < 5) {
1828 strcpy(warncomm, current->comm);
1829 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1830 warncomm, func,
1831 dev_name, ctl->procname,
1832 dev_name, ctl->procname);
1833 warned++;
1834 }
1835}
1836
1837int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
1838{
1839 struct net_device *dev = ctl->extra1;
1840 struct inet6_dev *idev;
1841 int ret;
1842
1843 if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1844 (strcmp(ctl->procname, "base_reachable_time") == 0))
1845 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1846
1847 if (strcmp(ctl->procname, "retrans_time") == 0)
1848 ret = neigh_proc_dointvec(ctl, write, buffer, lenp, ppos);
1849
1850 else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1851 ret = neigh_proc_dointvec_jiffies(ctl, write,
1852 buffer, lenp, ppos);
1853
1854 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1855 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1856 ret = neigh_proc_dointvec_ms_jiffies(ctl, write,
1857 buffer, lenp, ppos);
1858 else
1859 ret = -1;
1860
1861 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1862 if (ctl->data == &NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME))
1863 idev->nd_parms->reachable_time =
1864 neigh_rand_reach_time(NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME));
1865 idev->tstamp = jiffies;
1866 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1867 in6_dev_put(idev);
1868 }
1869 return ret;
1870}
1871
1872
1873#endif
1874
1875static int __net_init ndisc_net_init(struct net *net)
1876{
1877 struct ipv6_pinfo *np;
1878 struct sock *sk;
1879 int err;
1880
1881 err = inet_ctl_sock_create(&sk, PF_INET6,
1882 SOCK_RAW, IPPROTO_ICMPV6, net);
1883 if (err < 0) {
1884 ND_PRINTK(0, err,
1885 "NDISC: Failed to initialize the control socket (err %d)\n",
1886 err);
1887 return err;
1888 }
1889
1890 net->ipv6.ndisc_sk = sk;
1891
1892 np = inet6_sk(sk);
1893 np->hop_limit = 255;
1894
1895 np->mc_loop = 0;
1896
1897 return 0;
1898}
1899
1900static void __net_exit ndisc_net_exit(struct net *net)
1901{
1902 inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1903}
1904
1905static struct pernet_operations ndisc_net_ops = {
1906 .init = ndisc_net_init,
1907 .exit = ndisc_net_exit,
1908};
1909
1910int __init ndisc_init(void)
1911{
1912 int err;
1913
1914 err = register_pernet_subsys(&ndisc_net_ops);
1915 if (err)
1916 return err;
1917
1918
1919
1920 neigh_table_init(NEIGH_ND_TABLE, &nd_tbl);
1921
1922#ifdef CONFIG_SYSCTL
1923 err = neigh_sysctl_register(NULL, &nd_tbl.parms,
1924 ndisc_ifinfo_sysctl_change);
1925 if (err)
1926 goto out_unregister_pernet;
1927out:
1928#endif
1929 return err;
1930
1931#ifdef CONFIG_SYSCTL
1932out_unregister_pernet:
1933 unregister_pernet_subsys(&ndisc_net_ops);
1934 goto out;
1935#endif
1936}
1937
1938int __init ndisc_late_init(void)
1939{
1940 return register_netdevice_notifier(&ndisc_netdev_notifier);
1941}
1942
1943void ndisc_late_cleanup(void)
1944{
1945 unregister_netdevice_notifier(&ndisc_netdev_notifier);
1946}
1947
1948void ndisc_cleanup(void)
1949{
1950#ifdef CONFIG_SYSCTL
1951 neigh_sysctl_unregister(&nd_tbl.parms);
1952#endif
1953 neigh_table_clear(NEIGH_ND_TABLE, &nd_tbl);
1954 unregister_pernet_subsys(&ndisc_net_ops);
1955}
1956
