]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blame - net/ipv6/ndisc.c
projects / mirror_ubuntu-bionic-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
afs: Add metadata xattrs
[mirror_ubuntu-bionic-kernel.git] / net / ipv6 / ndisc.c
CommitLineData
1da177e4
LT		 1/*
2 * Neighbour Discovery for IPv6
1ab1457c 3 * Linux INET6 implementation
1da177e4
LT		 4 *
5 * Authors:
1ab1457c 6 * Pedro Roque <roque@di.fc.ul.pt>
1da177e4
LT		 7 * Mike Shaver <shaver@ingenia.com>
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version
12 * 2 of the License, or (at your option) any later version.
13 */
14
15/*
16 * Changes:
17 *
e35f30c1 18 * Alexey I. Froloff : RFC6106 (DNSSL) support
31910575
PY		 19 * Pierre Ynard : export userland ND options
20 * through netlink (RDNSS support)
1da177e4
LT		 21 * Lars Fenneberg : fixed MTU setting on receipt
22 * of an RA.
1da177e4
LT		 23 * Janos Farkas : kmalloc failure checks
24 * Alexey Kuznetsov : state machine reworked
25 * and moved to net/core.
26 * Pekka Savola : RFC2461 validation
27 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly
28 */
29
675418d5 30#define pr_fmt(fmt) "ICMPv6: " fmt
1da177e4
LT		 31
32#include <linux/module.h>
1da177e4
LT		 33#include <linux/errno.h>
34#include <linux/types.h>
35#include <linux/socket.h>
36#include <linux/sockios.h>
37#include <linux/sched.h>
38#include <linux/net.h>
39#include <linux/in6.h>
40#include <linux/route.h>
41#include <linux/init.h>
42#include <linux/rcupdate.h>
5a0e3ad6 43#include <linux/slab.h>
1da177e4
LT		 44#ifdef CONFIG_SYSCTL
45#include <linux/sysctl.h>
46#endif
47
1823730f 48#include <linux/if_addr.h>
1da177e4
LT		 49#include <linux/if_arp.h>
50#include <linux/ipv6.h>
51#include <linux/icmpv6.h>
52#include <linux/jhash.h>
53
54#include <net/sock.h>
55#include <net/snmp.h>
56
57#include <net/ipv6.h>
58#include <net/protocol.h>
59#include <net/ndisc.h>
60#include <net/ip6_route.h>
61#include <net/addrconf.h>
62#include <net/icmp.h>
63
31910575
PY		 64#include <net/netlink.h>
65#include <linux/rtnetlink.h>
66
1da177e4
LT		 67#include <net/flow.h>
68#include <net/ip6_checksum.h>
1ed8516f 69#include <net/inet_common.h>
1da177e4
LT		 70#include <linux/proc_fs.h>
71
72#include <linux/netfilter.h>
73#include <linux/netfilter_ipv6.h>
74
d6bf7817
ED		 75static u32 ndisc_hash(const void *pkey,
76 const struct net_device *dev,
2c2aba6c 77 __u32 *hash_rnd);
60395a20 78static bool ndisc_key_eq(const struct neighbour *neigh, const void *pkey);
1da177e4
LT		 79static int ndisc_constructor(struct neighbour *neigh);
80static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
81static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
82static int pndisc_constructor(struct pneigh_entry *n);
83static void pndisc_destructor(struct pneigh_entry *n);
84static void pndisc_redo(struct sk_buff *skb);
85
89d69d2b 86static const struct neigh_ops ndisc_generic_ops = {
1da177e4
LT		 87 .family = AF_INET6,
88 .solicit = ndisc_solicit,
89 .error_report = ndisc_error_report,
90 .output = neigh_resolve_output,
91 .connected_output = neigh_connected_output,
1da177e4
LT		 92};
93
89d69d2b 94static const struct neigh_ops ndisc_hh_ops = {
1da177e4
LT		 95 .family = AF_INET6,
96 .solicit = ndisc_solicit,
97 .error_report = ndisc_error_report,
98 .output = neigh_resolve_output,
99 .connected_output = neigh_resolve_output,
1da177e4
LT		 100};
101
102
89d69d2b 103static const struct neigh_ops ndisc_direct_ops = {
1da177e4 104 .family = AF_INET6,
8f40b161
DM		 105 .output = neigh_direct_output,
106 .connected_output = neigh_direct_output,
1da177e4
LT		 107};
108
109struct neigh_table nd_tbl = {
110 .family = AF_INET6,
1da177e4 111 .key_len = sizeof(struct in6_addr),
bdf53c58 112 .protocol = cpu_to_be16(ETH_P_IPV6),
1da177e4 113 .hash = ndisc_hash,
60395a20 114 .key_eq = ndisc_key_eq,
1da177e4
LT		 115 .constructor = ndisc_constructor,
116 .pconstructor = pndisc_constructor,
117 .pdestructor = pndisc_destructor,
118 .proxy_redo = pndisc_redo,
119 .id = "ndisc_cache",
120 .parms = {
b672083e 121 .tbl = &nd_tbl,
b672083e 122 .reachable_time = ND_REACHABLE_TIME,
1f9248e5
JP		 123 .data = {
124 [NEIGH_VAR_MCAST_PROBES] = 3,
125 [NEIGH_VAR_UCAST_PROBES] = 3,
126 [NEIGH_VAR_RETRANS_TIME] = ND_RETRANS_TIMER,
127 [NEIGH_VAR_BASE_REACHABLE_TIME] = ND_REACHABLE_TIME,
128 [NEIGH_VAR_DELAY_PROBE_TIME] = 5 * HZ,
129 [NEIGH_VAR_GC_STALETIME] = 60 * HZ,
130 [NEIGH_VAR_QUEUE_LEN_BYTES] = 64 * 1024,
131 [NEIGH_VAR_PROXY_QLEN] = 64,
132 [NEIGH_VAR_ANYCAST_DELAY] = 1 * HZ,
133 [NEIGH_VAR_PROXY_DELAY] = (8 * HZ) / 10,
134 },
1da177e4
LT		 135 },
136 .gc_interval = 30 * HZ,
137 .gc_thresh1 = 128,
138 .gc_thresh2 = 512,
139 .gc_thresh3 = 1024,
140};
c4850687 141EXPORT_SYMBOL_GPL(nd_tbl);
1da177e4 142
cc84b3c6
AA		 143void __ndisc_fill_addr_option(struct sk_buff *skb, int type, void *data,
144 int data_len, int pad)
1da177e4 145{
8ec5da41 146 int space = __ndisc_opt_addr_space(data_len, pad);
5f5a0115 147 u8 *opt = skb_put(skb, space);
1da177e4
LT		 148
149 opt[0] = type;
150 opt[1] = space>>3;
151
152 memset(opt + 2, 0, pad);
153 opt += pad;
154 space -= pad;
155
156 memcpy(opt+2, data, data_len);
157 data_len += 2;
158 opt += data_len;
e5d08d71
IM		 159 space -= data_len;
160 if (space > 0)
1da177e4 161 memset(opt, 0, space);
1da177e4 162}
cc84b3c6 163EXPORT_SYMBOL_GPL(__ndisc_fill_addr_option);
1da177e4 164
8ec5da41 165static inline void ndisc_fill_addr_option(struct sk_buff *skb, int type,
f997c55c 166 void *data, u8 icmp6_type)
8ec5da41
AA		 167{
168 __ndisc_fill_addr_option(skb, type, data, skb->dev->addr_len,
169 ndisc_addr_option_pad(skb->dev->type));
f997c55c
AA		 170 ndisc_ops_fill_addr_option(skb->dev, skb, icmp6_type);
171}
172
173static inline void ndisc_fill_redirect_addr_option(struct sk_buff *skb,
174 void *ha,
175 const u8 *ops_data)
176{
177 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR, ha, NDISC_REDIRECT);
178 ndisc_ops_fill_redirect_addr_option(skb->dev, skb, ops_data);
8ec5da41
AA		 179}
180
1da177e4
LT		 181static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
182 struct nd_opt_hdr *end)
183{
184 int type;
185 if (!cur || !end || cur >= end)
186 return NULL;
187 type = cur->nd_opt_type;
188 do {
189 cur = ((void *)cur) + (cur->nd_opt_len << 3);
67ba4152 190 } while (cur < end && cur->nd_opt_type != type);
a02cec21 191 return cur <= end && cur->nd_opt_type == type ? cur : NULL;
1da177e4
LT		 192}
193
f997c55c
AA		 194static inline int ndisc_is_useropt(const struct net_device *dev,
195 struct nd_opt_hdr *opt)
31910575 196{
e35f30c1 197 return opt->nd_opt_type == ND_OPT_RDNSS ||
f997c55c
AA		 198 opt->nd_opt_type == ND_OPT_DNSSL ||
199 ndisc_ops_is_useropt(dev, opt->nd_opt_type);
31910575
PY		 200}
201
f997c55c
AA		 202static struct nd_opt_hdr *ndisc_next_useropt(const struct net_device *dev,
203 struct nd_opt_hdr *cur,
31910575
PY		 204 struct nd_opt_hdr *end)
205{
206 if (!cur || !end || cur >= end)
207 return NULL;
208 do {
209 cur = ((void *)cur) + (cur->nd_opt_len << 3);
f997c55c
AA		 210 } while (cur < end && !ndisc_is_useropt(dev, cur));
211 return cur <= end && ndisc_is_useropt(dev, cur) ? cur : NULL;
31910575
PY		 212}
213
f997c55c
AA		 214struct ndisc_options *ndisc_parse_options(const struct net_device *dev,
215 u8 *opt, int opt_len,
30f2a5f3 216 struct ndisc_options *ndopts)
1da177e4
LT		 217{
218 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
219
220 if (!nd_opt || opt_len < 0 || !ndopts)
221 return NULL;
222 memset(ndopts, 0, sizeof(*ndopts));
223 while (opt_len) {
224 int l;
225 if (opt_len < sizeof(struct nd_opt_hdr))
226 return NULL;
227 l = nd_opt->nd_opt_len << 3;
228 if (opt_len < l || l == 0)
229 return NULL;
f997c55c
AA		 230 if (ndisc_ops_parse_options(dev, nd_opt, ndopts))
231 goto next_opt;
1da177e4
LT		 232 switch (nd_opt->nd_opt_type) {
233 case ND_OPT_SOURCE_LL_ADDR:
234 case ND_OPT_TARGET_LL_ADDR:
235 case ND_OPT_MTU:
adc176c5 236 case ND_OPT_NONCE:
1da177e4
LT		 237 case ND_OPT_REDIRECT_HDR:
238 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
675418d5
JP		 239 ND_PRINTK(2, warn,
240 "%s: duplicated ND6 option found: type=%d\n",
241 __func__, nd_opt->nd_opt_type);
1da177e4
LT		 242 } else {
243 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
244 }
245 break;
246 case ND_OPT_PREFIX_INFO:
247 ndopts->nd_opts_pi_end = nd_opt;
cfcabdcc 248 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
1da177e4
LT		 249 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
250 break;
70ceb4f5
YH		 251#ifdef CONFIG_IPV6_ROUTE_INFO
252 case ND_OPT_ROUTE_INFO:
253 ndopts->nd_opts_ri_end = nd_opt;
254 if (!ndopts->nd_opts_ri)
255 ndopts->nd_opts_ri = nd_opt;
256 break;
257#endif
1da177e4 258 default:
f997c55c 259 if (ndisc_is_useropt(dev, nd_opt)) {
31910575
PY		 260 ndopts->nd_useropts_end = nd_opt;
261 if (!ndopts->nd_useropts)
262 ndopts->nd_useropts = nd_opt;
263 } else {
264 /*
265 * Unknown options must be silently ignored,
266 * to accommodate future extension to the
267 * protocol.
268 */
675418d5
JP		 269 ND_PRINTK(2, notice,
270 "%s: ignored unsupported option; type=%d, len=%d\n",
271 __func__,
272 nd_opt->nd_opt_type,
273 nd_opt->nd_opt_len);
31910575 274 }
1da177e4 275 }
f997c55c 276next_opt:
1da177e4
LT		 277 opt_len -= l;
278 nd_opt = ((void *)nd_opt) + l;
279 }
280 return ndopts;
281}
282
b71d1d42 283int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
1da177e4
LT		 284{
285 switch (dev->type) {
286 case ARPHRD_ETHER:
287 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */
288 case ARPHRD_FDDI:
289 ipv6_eth_mc_map(addr, buf);
290 return 0;
1da177e4
LT		 291 case ARPHRD_ARCNET:
292 ipv6_arcnet_mc_map(addr, buf);
293 return 0;
294 case ARPHRD_INFINIBAND:
a9e527e3 295 ipv6_ib_mc_map(addr, dev->broadcast, buf);
1da177e4 296 return 0;
93ca3bb5
TT		 297 case ARPHRD_IPGRE:
298 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
1da177e4
LT		 299 default:
300 if (dir) {
301 memcpy(buf, dev->broadcast, dev->addr_len);
302 return 0;
303 }
304 }
305 return -EINVAL;
306}
7159039a
YH		 307EXPORT_SYMBOL(ndisc_mc_map);
308
d6bf7817
ED		 309static u32 ndisc_hash(const void *pkey,
310 const struct net_device *dev,
2c2aba6c 311 __u32 *hash_rnd)
1da177e4 312{
2c2aba6c 313 return ndisc_hashfn(pkey, dev, hash_rnd);
1da177e4
LT		 314}
315
60395a20
EB		 316static bool ndisc_key_eq(const struct neighbour *n, const void *pkey)
317{
318 return neigh_key_eq128(n, pkey);
319}
320
1da177e4
LT		 321static int ndisc_constructor(struct neighbour *neigh)
322{
67ba4152 323 struct in6_addr *addr = (struct in6_addr *)&neigh->primary_key;
1da177e4
LT		 324 struct net_device *dev = neigh->dev;
325 struct inet6_dev *in6_dev;
326 struct neigh_parms *parms;
a50feda5 327 bool is_multicast = ipv6_addr_is_multicast(addr);
1da177e4 328
1da177e4 329 in6_dev = in6_dev_get(dev);
63159f29 330 if (!in6_dev) {
1da177e4
LT		 331 return -EINVAL;
332 }
333
334 parms = in6_dev->nd_parms;
335 __neigh_parms_put(neigh->parms);
336 neigh->parms = neigh_parms_clone(parms);
1da177e4
LT		 337
338 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
3b04ddde 339 if (!dev->header_ops) {
1da177e4
LT		 340 neigh->nud_state = NUD_NOARP;
341 neigh->ops = &ndisc_direct_ops;
8f40b161 342 neigh->output = neigh_direct_output;
1da177e4
LT		 343 } else {
344 if (is_multicast) {
345 neigh->nud_state = NUD_NOARP;
346 ndisc_mc_map(addr, neigh->ha, dev, 1);
347 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
348 neigh->nud_state = NUD_NOARP;
349 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
350 if (dev->flags&IFF_LOOPBACK)
351 neigh->type = RTN_LOCAL;
352 } else if (dev->flags&IFF_POINTOPOINT) {
353 neigh->nud_state = NUD_NOARP;
354 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
355 }
3b04ddde 356 if (dev->header_ops->cache)
1da177e4
LT		 357 neigh->ops = &ndisc_hh_ops;
358 else
359 neigh->ops = &ndisc_generic_ops;
360 if (neigh->nud_state&NUD_VALID)
361 neigh->output = neigh->ops->connected_output;
362 else
363 neigh->output = neigh->ops->output;
364 }
365 in6_dev_put(in6_dev);
366 return 0;
367}
368
369static int pndisc_constructor(struct pneigh_entry *n)
370{
67ba4152 371 struct in6_addr *addr = (struct in6_addr *)&n->key;
1da177e4
LT		 372 struct in6_addr maddr;
373 struct net_device *dev = n->dev;
374
63159f29 375 if (!dev || !__in6_dev_get(dev))
1da177e4
LT		 376 return -EINVAL;
377 addrconf_addr_solict_mult(addr, &maddr);
378 ipv6_dev_mc_inc(dev, &maddr);
379 return 0;
380}
381
382static void pndisc_destructor(struct pneigh_entry *n)
383{
67ba4152 384 struct in6_addr *addr = (struct in6_addr *)&n->key;
1da177e4
LT		 385 struct in6_addr maddr;
386 struct net_device *dev = n->dev;
387
63159f29 388 if (!dev || !__in6_dev_get(dev))
1da177e4
LT		 389 return;
390 addrconf_addr_solict_mult(addr, &maddr);
391 ipv6_dev_mc_dec(dev, &maddr);
392}
393
de09334b
YH		 394static struct sk_buff *ndisc_alloc_skb(struct net_device *dev,
395 int len)
396{
397 int hlen = LL_RESERVED_SPACE(dev);
398 int tlen = dev->needed_tailroom;
399 struct sock *sk = dev_net(dev)->ipv6.ndisc_sk;
400 struct sk_buff *skb;
de09334b 401
25a6e6b8 402 skb = alloc_skb(hlen + sizeof(struct ipv6hdr) + len + tlen, GFP_ATOMIC);
de09334b 403 if (!skb) {
25a6e6b8
TG		 404 ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb\n",
405 __func__);
de09334b
YH		 406 return NULL;
407 }
408
f382d03a
YH		 409 skb->protocol = htons(ETH_P_IPV6);
410 skb->dev = dev;
411
527a150f 412 skb_reserve(skb, hlen + sizeof(struct ipv6hdr));
5135e633 413 skb_reset_transport_header(skb);
de09334b 414
25a6e6b8
TG		 415 /* Manually assign socket ownership as we avoid calling
416 * sock_alloc_send_pskb() to bypass wmem buffer limits
417 */
418 skb_set_owner_w(skb, sk);
419
de09334b
YH		 420 return skb;
421}
422
f382d03a 423static void ip6_nd_hdr(struct sk_buff *skb,
2576f17d
YH		 424 const struct in6_addr *saddr,
425 const struct in6_addr *daddr,
c8d6c380 426 int hop_limit, int len)
2576f17d
YH		 427{
428 struct ipv6hdr *hdr;
429
527a150f 430 skb_push(skb, sizeof(*hdr));
2576f17d 431 skb_reset_network_header(skb);
2576f17d
YH		 432 hdr = ipv6_hdr(skb);
433
434 ip6_flow_hdr(hdr, 0, 0);
435
436 hdr->payload_len = htons(len);
c8d6c380
YH		 437 hdr->nexthdr = IPPROTO_ICMPV6;
438 hdr->hop_limit = hop_limit;
2576f17d
YH		 439
440 hdr->saddr = *saddr;
441 hdr->daddr = *daddr;
442}
443
af9a9976 444static void ndisc_send_skb(struct sk_buff *skb,
fd0ea7db 445 const struct in6_addr *daddr,
aa4bdd4b 446 const struct in6_addr *saddr)
305d552a 447{
f4de84c6 448 struct dst_entry *dst = skb_dst(skb);
af9a9976 449 struct net *net = dev_net(skb->dev);
7b3d9b06 450 struct sock *sk = net->ipv6.ndisc_sk;
305d552a
BH		 451 struct inet6_dev *idev;
452 int err;
aa4bdd4b 453 struct icmp6hdr *icmp6h = icmp6_hdr(skb);
305d552a
BH		 454 u8 type;
455
456 type = icmp6h->icmp6_type;
457
f4de84c6 458 if (!dst) {
f4de84c6 459 struct flowi6 fl6;
e0d56fdd 460 int oif = skb->dev->ifindex;
305d552a 461
ca254490 462 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, oif);
f4de84c6
YH		 463 dst = icmp6_dst_alloc(skb->dev, &fl6);
464 if (IS_ERR(dst)) {
465 kfree_skb(skb);
466 return;
467 }
468
469 skb_dst_set(skb, dst);
470 }
e1ec7842 471
7b3d9b06
YH		 472 icmp6h->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len,
473 IPPROTO_ICMPV6,
474 csum_partial(icmp6h,
475 skb->len, 0));
476
477 ip6_nd_hdr(skb, saddr, daddr, inet6_sk(sk)->hop_limit, skb->len);
478
cfdf7647
ED		 479 rcu_read_lock();
480 idev = __in6_dev_get(dst->dev);
edf391ff 481 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
e1ec7842 482
29a26a56
EB		 483 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT,
484 net, sk, skb, NULL, dst->dev,
13206b6b 485 dst_output);
1da177e4 486 if (!err) {
5c5d244b 487 ICMP6MSGOUT_INC_STATS(net, idev, type);
a862f6a6 488 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
1da177e4
LT		 489 }
490
cfdf7647 491 rcu_read_unlock();
1ab1457c 492}
1da177e4 493
38cf595b 494void ndisc_send_na(struct net_device *dev, const struct in6_addr *daddr,
f564f45c
CW		 495 const struct in6_addr *solicited_addr,
496 bool router, bool solicited, bool override, bool inc_opt)
e1ec7842 497{
b44b5f4a 498 struct sk_buff *skb;
e1ec7842
YH		 499 struct in6_addr tmpaddr;
500 struct inet6_ifaddr *ifp;
9acd9f3a 501 const struct in6_addr *src_addr;
1cb3fe51
YH		 502 struct nd_msg *msg;
503 int optlen = 0;
e1ec7842
YH		 504
505 /* for anycast or proxy, solicited_addr != src_addr */
c346dca1 506 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
e1ec7842
YH		 507 if (ifp) {
508 src_addr = solicited_addr;
509 if (ifp->flags & IFA_F_OPTIMISTIC)
f2f79cca 510 override = false;
9f888160 511 inc_opt |= ifp->idev->cnf.force_tllao;
e1ec7842
YH		 512 in6_ifa_put(ifp);
513 } else {
191cd582 514 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
c346dca1 515 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
7cbca67c 516 &tmpaddr))
e1ec7842
YH		 517 return;
518 src_addr = &tmpaddr;
519 }
520
1cb3fe51
YH		 521 if (!dev->addr_len)
522 inc_opt = 0;
523 if (inc_opt)
f997c55c
AA		 524 optlen += ndisc_opt_addr_space(dev,
525 NDISC_NEIGHBOUR_ADVERTISEMENT);
e1ec7842 526
1cb3fe51 527 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
b44b5f4a
YH		 528 if (!skb)
529 return;
530
4df864c1 531 msg = skb_put(skb, sizeof(*msg));
1cb3fe51
YH		 532 *msg = (struct nd_msg) {
533 .icmph = {
534 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
535 .icmp6_router = router,
536 .icmp6_solicited = solicited,
537 .icmp6_override = override,
538 },
539 .target = *solicited_addr,
540 };
541
542 if (inc_opt)
543 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR,
f997c55c
AA		 544 dev->dev_addr,
545 NDISC_NEIGHBOUR_ADVERTISEMENT);
1cb3fe51 546
b44b5f4a 547 ndisc_send_skb(skb, daddr, src_addr);
e1ec7842
YH		 548}
549
f47b9464
BH		 550static void ndisc_send_unsol_na(struct net_device *dev)
551{
552 struct inet6_dev *idev;
553 struct inet6_ifaddr *ifa;
f47b9464
BH		 554
555 idev = in6_dev_get(dev);
556 if (!idev)
557 return;
558
559 read_lock_bh(&idev->lock);
560 list_for_each_entry(ifa, &idev->addr_list, if_list) {
38cf595b 561 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &ifa->addr,
f47b9464
BH		 562 /*router=*/ !!idev->cnf.forwarding,
563 /*solicited=*/ false, /*override=*/ true,
564 /*inc_opt=*/ true);
565 }
566 read_unlock_bh(&idev->lock);
567
568 in6_dev_put(idev);
569}
570
38cf595b 571void ndisc_send_ns(struct net_device *dev, const struct in6_addr *solicit,
adc176c5
EN		 572 const struct in6_addr *daddr, const struct in6_addr *saddr,
573 u64 nonce)
1da177e4 574{
b44b5f4a 575 struct sk_buff *skb;
1da177e4 576 struct in6_addr addr_buf;
1cb3fe51
YH		 577 int inc_opt = dev->addr_len;
578 int optlen = 0;
579 struct nd_msg *msg;
1da177e4 580
63159f29 581 if (!saddr) {
95c385b4
NH		 582 if (ipv6_get_lladdr(dev, &addr_buf,
583 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
1da177e4
LT		 584 return;
585 saddr = &addr_buf;
586 }
587
1cb3fe51 588 if (ipv6_addr_any(saddr))
f2f79cca 589 inc_opt = false;
1cb3fe51 590 if (inc_opt)
f997c55c
AA		 591 optlen += ndisc_opt_addr_space(dev,
592 NDISC_NEIGHBOUR_SOLICITATION);
adc176c5
EN		 593 if (nonce != 0)
594 optlen += 8;
1cb3fe51
YH		 595
596 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
b44b5f4a
YH		 597 if (!skb)
598 return;
599
4df864c1 600 msg = skb_put(skb, sizeof(*msg));
1cb3fe51
YH		 601 *msg = (struct nd_msg) {
602 .icmph = {
603 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
604 },
605 .target = *solicit,
606 };
607
608 if (inc_opt)
609 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
f997c55c
AA		 610 dev->dev_addr,
611 NDISC_NEIGHBOUR_SOLICITATION);
adc176c5
EN		 612 if (nonce != 0) {
613 u8 *opt = skb_put(skb, 8);
614
615 opt[0] = ND_OPT_NONCE;
616 opt[1] = 8 >> 3;
617 memcpy(opt + 2, &nonce, 6);
618 }
1cb3fe51 619
b44b5f4a 620 ndisc_send_skb(skb, daddr, saddr);
1da177e4
LT		 621}
622
9acd9f3a
YH		 623void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
624 const struct in6_addr *daddr)
1da177e4 625{
b44b5f4a 626 struct sk_buff *skb;
1cb3fe51 627 struct rs_msg *msg;
95c385b4 628 int send_sllao = dev->addr_len;
1cb3fe51 629 int optlen = 0;
95c385b4
NH		 630
631#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
632 /*
633 * According to section 2.2 of RFC 4429, we must not
634 * send router solicitations with a sllao from
635 * optimistic addresses, but we may send the solicitation
636 * if we don't include the sllao. So here we check
637 * if our address is optimistic, and if so, we
bea85195 638 * suppress the inclusion of the sllao.
95c385b4
NH		 639 */
640 if (send_sllao) {
c346dca1 641 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
1cab3da6 642 dev, 1);
95c385b4
NH		 643 if (ifp) {
644 if (ifp->flags & IFA_F_OPTIMISTIC) {
ca043569 645 send_sllao = 0;
95c385b4 646 }
ca043569 647 in6_ifa_put(ifp);
95c385b4
NH		 648 } else {
649 send_sllao = 0;
650 }
651 }
652#endif
1cb3fe51 653 if (send_sllao)
f997c55c 654 optlen += ndisc_opt_addr_space(dev, NDISC_ROUTER_SOLICITATION);
1cb3fe51
YH		 655
656 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
b44b5f4a
YH		 657 if (!skb)
658 return;
659
4df864c1 660 msg = skb_put(skb, sizeof(*msg));
1cb3fe51
YH		 661 *msg = (struct rs_msg) {
662 .icmph = {
663 .icmp6_type = NDISC_ROUTER_SOLICITATION,
664 },
665 };
666
667 if (send_sllao)
668 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
f997c55c
AA		 669 dev->dev_addr,
670 NDISC_ROUTER_SOLICITATION);
1cb3fe51 671
b44b5f4a 672 ndisc_send_skb(skb, daddr, saddr);
1da177e4 673}
1ab1457c 674
1da177e4
LT		 675
676static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
677{
678 /*
679 * "The sender MUST return an ICMP
680 * destination unreachable"
681 */
682 dst_link_failure(skb);
683 kfree_skb(skb);
684}
685
686/* Called with locked neigh: either read or both */
687
688static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
689{
690 struct in6_addr *saddr = NULL;
691 struct in6_addr mcaddr;
692 struct net_device *dev = neigh->dev;
693 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
694 int probes = atomic_read(&neigh->probes);
695
c58da4c6
EK		 696 if (skb && ipv6_chk_addr_and_flags(dev_net(dev), &ipv6_hdr(skb)->saddr,
697 dev, 1,
698 IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))
0660e03f 699 saddr = &ipv6_hdr(skb)->saddr;
e5d08d71
IM		 700 probes -= NEIGH_VAR(neigh->parms, UCAST_PROBES);
701 if (probes < 0) {
1da177e4 702 if (!(neigh->nud_state & NUD_VALID)) {
675418d5
JP		 703 ND_PRINTK(1, dbg,
704 "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
705 __func__, target);
1da177e4 706 }
adc176c5 707 ndisc_send_ns(dev, target, target, saddr, 0);
1f9248e5 708 } else if ((probes -= NEIGH_VAR(neigh->parms, APP_PROBES)) < 0) {
1da177e4 709 neigh_app_ns(neigh);
1da177e4
LT		 710 } else {
711 addrconf_addr_solict_mult(target, &mcaddr);
adc176c5 712 ndisc_send_ns(dev, target, &mcaddr, saddr, 0);
1da177e4
LT		 713 }
714}
715
0736ffc0
YH		 716static int pndisc_is_router(const void *pkey,
717 struct net_device *dev)
fa86d322
PE		 718{
719 struct pneigh_entry *n;
0736ffc0 720 int ret = -1;
fa86d322
PE		 721
722 read_lock_bh(&nd_tbl.lock);
0736ffc0
YH		 723 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
724 if (n)
725 ret = !!(n->flags & NTF_ROUTER);
fa86d322
PE		 726 read_unlock_bh(&nd_tbl.lock);
727
0736ffc0 728 return ret;
fa86d322
PE		 729}
730
f997c55c
AA		 731void ndisc_update(const struct net_device *dev, struct neighbour *neigh,
732 const u8 *lladdr, u8 new, u32 flags, u8 icmp6_type,
733 struct ndisc_options *ndopts)
734{
7b8f7a40 735 neigh_update(neigh, lladdr, new, flags, 0);
f997c55c
AA		 736 /* report ndisc ops about neighbour update */
737 ndisc_ops_update(dev, neigh, flags, icmp6_type, ndopts);
738}
739
1da177e4
LT		 740static void ndisc_recv_ns(struct sk_buff *skb)
741{
9c70220b 742 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
b71d1d42
ED		 743 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
744 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
1da177e4 745 u8 *lladdr = NULL;
29a3cad5 746 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
27a884dc 747 offsetof(struct nd_msg, opt));
1da177e4
LT		 748 struct ndisc_options ndopts;
749 struct net_device *dev = skb->dev;
750 struct inet6_ifaddr *ifp;
751 struct inet6_dev *idev = NULL;
752 struct neighbour *neigh;
753 int dad = ipv6_addr_any(saddr);
a50feda5 754 bool inc;
0736ffc0 755 int is_router = -1;
adc176c5 756 u64 nonce = 0;
1da177e4 757
115b0aa6
YH		 758 if (skb->len < sizeof(struct nd_msg)) {
759 ND_PRINTK(2, warn, "NS: packet too short\n");
760 return;
761 }
762
1da177e4 763 if (ipv6_addr_is_multicast(&msg->target)) {
675418d5 764 ND_PRINTK(2, warn, "NS: multicast target address\n");
1da177e4
LT		 765 return;
766 }
767
768 /*
769 * RFC2461 7.1.1:
770 * DAD has to be destined for solicited node multicast address.
771 */
ca97a644 772 if (dad && !ipv6_addr_is_solict_mult(daddr)) {
675418d5 773 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
1da177e4
LT		 774 return;
775 }
776
f997c55c 777 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
675418d5 778 ND_PRINTK(2, warn, "NS: invalid ND options\n");
1da177e4
LT		 779 return;
780 }
781
782 if (ndopts.nd_opts_src_lladdr) {
783 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
784 if (!lladdr) {
675418d5
JP		 785 ND_PRINTK(2, warn,
786 "NS: invalid link-layer address length\n");
1da177e4
LT		 787 return;
788 }
789
790 /* RFC2461 7.1.1:
1ab1457c
YH		 791 * If the IP source address is the unspecified address,
792 * there MUST NOT be source link-layer address option
1da177e4
LT		 793 * in the message.
794 */
795 if (dad) {
675418d5
JP		 796 ND_PRINTK(2, warn,
797 "NS: bad DAD packet (link-layer address option)\n");
1da177e4
LT		 798 return;
799 }
800 }
adc176c5
EN		 801 if (ndopts.nd_opts_nonce)
802 memcpy(&nonce, (u8 *)(ndopts.nd_opts_nonce + 1), 6);
1da177e4
LT		 803
804 inc = ipv6_addr_is_multicast(daddr);
805
c346dca1 806 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
a18bc695 807 if (ifp) {
ca254490 808have_ifp:
95c385b4
NH		 809 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
810 if (dad) {
adc176c5
EN		 811 if (nonce != 0 && ifp->dad_nonce == nonce) {
812 u8 *np = (u8 *)&nonce;
813 /* Matching nonce if looped back */
814 ND_PRINTK(2, notice,
815 "%s: IPv6 DAD loopback for address %pI6c nonce %pM ignored\n",
816 ifp->idev->dev->name,
817 &ifp->addr, np);
818 goto out;
819 }
95c385b4
NH		 820 /*
821 * We are colliding with another node
822 * who is doing DAD
823 * so fail our DAD process
824 */
825 addrconf_dad_failure(ifp);
9e3be4b3 826 return;
95c385b4
NH		 827 } else {
828 /*
829 * This is not a dad solicitation.
830 * If we are an optimistic node,
831 * we should respond.
832 * Otherwise, we should ignore it.
833 */
834 if (!(ifp->flags & IFA_F_OPTIMISTIC))
1da177e4 835 goto out;
1da177e4 836 }
1da177e4
LT		 837 }
838
839 idev = ifp->idev;
840 } else {
53b7997f
YH		 841 struct net *net = dev_net(dev);
842
ca254490
DA		 843 /* perhaps an address on the master device */
844 if (netif_is_l3_slave(dev)) {
845 struct net_device *mdev;
846
847 mdev = netdev_master_upper_dev_get_rcu(dev);
848 if (mdev) {
849 ifp = ipv6_get_ifaddr(net, &msg->target, mdev, 1);
850 if (ifp)
851 goto have_ifp;
852 }
853 }
854
1da177e4
LT		 855 idev = in6_dev_get(dev);
856 if (!idev) {
857 /* XXX: count this drop? */
858 return;
859 }
860
53b7997f 861 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
1ab1457c 862 (idev->cnf.forwarding &&
53b7997f 863 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
0736ffc0 864 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
a61bbcf2 865 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
1da177e4 866 skb->pkt_type != PACKET_HOST &&
f2f79cca 867 inc &&
1f9248e5 868 NEIGH_VAR(idev->nd_parms, PROXY_DELAY) != 0) {
1da177e4
LT		 869 /*
870 * for anycast or proxy,
1ab1457c
YH		 871 * sender should delay its response
872 * by a random time between 0 and
1da177e4
LT		 873 * MAX_ANYCAST_DELAY_TIME seconds.
874 * (RFC2461) -- yoshfuji
875 */
876 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
877 if (n)
878 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
879 goto out;
880 }
881 } else
882 goto out;
883 }
884
0736ffc0 885 if (is_router < 0)
fb568637 886 is_router = idev->cnf.forwarding;
62dd9318 887
1da177e4 888 if (dad) {
38cf595b 889 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &msg->target,
fb568637 890 !!is_router, false, (ifp != NULL), true);
1da177e4
LT		 891 goto out;
892 }
893
894 if (inc)
895 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
896 else
897 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
898
1ab1457c 899 /*
1da177e4
LT		 900 * update / create cache entry
901 * for the source address
902 */
903 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
904 !inc || lladdr || !dev->addr_len);
905 if (neigh)
f997c55c 906 ndisc_update(dev, neigh, lladdr, NUD_STALE,
1da177e4 907 NEIGH_UPDATE_F_WEAK_OVERRIDE|
f997c55c
AA		 908 NEIGH_UPDATE_F_OVERRIDE,
909 NDISC_NEIGHBOUR_SOLICITATION, &ndopts);
3b04ddde 910 if (neigh || !dev->header_ops) {
38cf595b 911 ndisc_send_na(dev, saddr, &msg->target, !!is_router,
fb568637 912 true, (ifp != NULL && inc), inc);
1da177e4
LT		 913 if (neigh)
914 neigh_release(neigh);
915 }
916
917out:
918 if (ifp)
919 in6_ifa_put(ifp);
920 else
921 in6_dev_put(idev);
1da177e4
LT		 922}
923
924static void ndisc_recv_na(struct sk_buff *skb)
925{
9c70220b 926 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
be7a010d 927 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
b71d1d42 928 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
1da177e4 929 u8 *lladdr = NULL;
29a3cad5 930 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
27a884dc 931 offsetof(struct nd_msg, opt));
1da177e4
LT		 932 struct ndisc_options ndopts;
933 struct net_device *dev = skb->dev;
7a02bf89 934 struct inet6_dev *idev = __in6_dev_get(dev);
1da177e4
LT		 935 struct inet6_ifaddr *ifp;
936 struct neighbour *neigh;
937
938 if (skb->len < sizeof(struct nd_msg)) {
675418d5 939 ND_PRINTK(2, warn, "NA: packet too short\n");
1da177e4
LT		 940 return;
941 }
942
943 if (ipv6_addr_is_multicast(&msg->target)) {
675418d5 944 ND_PRINTK(2, warn, "NA: target address is multicast\n");
1da177e4
LT		 945 return;
946 }
947
948 if (ipv6_addr_is_multicast(daddr) &&
949 msg->icmph.icmp6_solicited) {
675418d5 950 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
1da177e4
LT		 951 return;
952 }
1ab1457c 953
7a02bf89
JB		 954 /* For some 802.11 wireless deployments (and possibly other networks),
955 * there will be a NA proxy and unsolicitd packets are attacks
956 * and thus should not be accepted.
957 */
958 if (!msg->icmph.icmp6_solicited && idev &&
959 idev->cnf.drop_unsolicited_na)
960 return;
961
f997c55c 962 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
675418d5 963 ND_PRINTK(2, warn, "NS: invalid ND option\n");
1da177e4
LT		 964 return;
965 }
966 if (ndopts.nd_opts_tgt_lladdr) {
967 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
968 if (!lladdr) {
675418d5
JP		 969 ND_PRINTK(2, warn,
970 "NA: invalid link-layer address length\n");
1da177e4
LT		 971 return;
972 }
973 }
c346dca1 974 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
a18bc695 975 if (ifp) {
bd015928
DW		 976 if (skb->pkt_type != PACKET_LOOPBACK
977 && (ifp->flags & IFA_F_TENTATIVE)) {
978 addrconf_dad_failure(ifp);
979 return;
1da177e4
LT		 980 }
981 /* What should we make now? The advertisement
982 is invalid, but ndisc specs say nothing
983 about it. It could be misconfiguration, or
984 an smart proxy agent tries to help us :-)
24fc7b86
JS		 985
986 We should not print the error if NA has been
987 received from loopback - it is just our own
988 unsolicited advertisement.
1da177e4 989 */
24fc7b86 990 if (skb->pkt_type != PACKET_LOOPBACK)
675418d5
JP		 991 ND_PRINTK(1, warn,
992 "NA: someone advertises our address %pI6 on %s!\n",
993 &ifp->addr, ifp->idev->dev->name);
1da177e4
LT		 994 in6_ifa_put(ifp);
995 return;
996 }
997 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
998
999 if (neigh) {
1000 u8 old_flags = neigh->flags;
53b7997f 1001 struct net *net = dev_net(dev);
1da177e4
LT		 1002
1003 if (neigh->nud_state & NUD_FAILED)
1004 goto out;
1005
5f3e6e9e
VN		 1006 /*
1007 * Don't update the neighbor cache entry on a proxy NA from
1008 * ourselves because either the proxied node is off link or it
1009 * has already sent a NA to us.
1010 */
1011 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
53b7997f
YH		 1012 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
1013 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
b20b6d97 1014 /* XXX: idev->cnf.proxy_ndp */
5f3e6e9e 1015 goto out;
fbea49e1 1016 }
5f3e6e9e 1017
f997c55c 1018 ndisc_update(dev, neigh, lladdr,
1da177e4
LT		 1019 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
1020 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1021 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
1022 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
f997c55c
AA		 1023 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0),
1024 NDISC_NEIGHBOUR_ADVERTISEMENT, &ndopts);
1da177e4
LT		 1025
1026 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
1027 /*
1028 * Change: router to host
1029 */
be7a010d 1030 rt6_clean_tohost(dev_net(dev), saddr);
1da177e4
LT		 1031 }
1032
1033out:
1034 neigh_release(neigh);
1035 }
1036}
1037
1038static void ndisc_recv_rs(struct sk_buff *skb)
1039{
9c70220b 1040 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
1da177e4
LT		 1041 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
1042 struct neighbour *neigh;
1043 struct inet6_dev *idev;
b71d1d42 1044 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
1da177e4
LT		 1045 struct ndisc_options ndopts;
1046 u8 *lladdr = NULL;
1047
1048 if (skb->len < sizeof(*rs_msg))
1049 return;
1050
cfdf7647 1051 idev = __in6_dev_get(skb->dev);
1da177e4 1052 if (!idev) {
675418d5 1053 ND_PRINTK(1, err, "RS: can't find in6 device\n");
1da177e4
LT		 1054 return;
1055 }
1056
1057 /* Don't accept RS if we're not in router mode */
1058 if (!idev->cnf.forwarding)
1059 goto out;
1060
1061 /*
1062 * Don't update NCE if src = ::;
1063 * this implies that the source node has no ip address assigned yet.
1064 */
1065 if (ipv6_addr_any(saddr))
1066 goto out;
1067
1068 /* Parse ND options */
f997c55c 1069 if (!ndisc_parse_options(skb->dev, rs_msg->opt, ndoptlen, &ndopts)) {
675418d5 1070 ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n");
1da177e4
LT		 1071 goto out;
1072 }
1073
1074 if (ndopts.nd_opts_src_lladdr) {
1075 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1076 skb->dev);
1077 if (!lladdr)
1078 goto out;
1079 }
1080
1081 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1082 if (neigh) {
f997c55c 1083 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1da177e4
LT		 1084 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1085 NEIGH_UPDATE_F_OVERRIDE|
f997c55c
AA		 1086 NEIGH_UPDATE_F_OVERRIDE_ISROUTER,
1087 NDISC_ROUTER_SOLICITATION, &ndopts);
1da177e4
LT		 1088 neigh_release(neigh);
1089 }
1090out:
cfdf7647 1091 return;
1da177e4
LT		 1092}
1093
31910575
PY		 1094static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1095{
1096 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1097 struct sk_buff *skb;
1098 struct nlmsghdr *nlh;
1099 struct nduseroptmsg *ndmsg;
c346dca1 1100 struct net *net = dev_net(ra->dev);
31910575
PY		 1101 int err;
1102 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1103 + (opt->nd_opt_len << 3));
1104 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1105
1106 skb = nlmsg_new(msg_size, GFP_ATOMIC);
63159f29 1107 if (!skb) {
31910575
PY		 1108 err = -ENOBUFS;
1109 goto errout;
1110 }
1111
1112 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
63159f29 1113 if (!nlh) {
31910575
PY		 1114 goto nla_put_failure;
1115 }
1116
1117 ndmsg = nlmsg_data(nlh);
1118 ndmsg->nduseropt_family = AF_INET6;
dbb2ed24 1119 ndmsg->nduseropt_ifindex = ra->dev->ifindex;
31910575
PY		 1120 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1121 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1122 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1123
1124 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1125
930345ea 1126 if (nla_put_in6_addr(skb, NDUSEROPT_SRCADDR, &ipv6_hdr(ra)->saddr))
c78679e8 1127 goto nla_put_failure;
31910575
PY		 1128 nlmsg_end(skb, nlh);
1129
1ce85fe4 1130 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
31910575
PY		 1131 return;
1132
1133nla_put_failure:
1134 nlmsg_free(skb);
1135 err = -EMSGSIZE;
1136errout:
a18bc695 1137 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
31910575
PY		 1138}
1139
1da177e4
LT		 1140static void ndisc_router_discovery(struct sk_buff *skb)
1141{
9c70220b 1142 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1da177e4
LT		 1143 struct neighbour *neigh = NULL;
1144 struct inet6_dev *in6_dev;
65f5c7c1 1145 struct rt6_info *rt = NULL;
1da177e4
LT		 1146 int lifetime;
1147 struct ndisc_options ndopts;
1148 int optlen;
ebacaaa0 1149 unsigned int pref = 0;
a394eef5 1150 __u32 old_if_flags;
2053aeb6 1151 bool send_ifinfo_notify = false;
1da177e4 1152
67ba4152 1153 __u8 *opt = (__u8 *)(ra_msg + 1);
1da177e4 1154
29a3cad5
SH		 1155 optlen = (skb_tail_pointer(skb) - skb_transport_header(skb)) -
1156 sizeof(struct ra_msg);
1da177e4 1157
f2a762d8
BG		 1158 ND_PRINTK(2, info,
1159 "RA: %s, dev: %s\n",
1160 __func__, skb->dev->name);
0660e03f 1161 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
675418d5 1162 ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1da177e4
LT		 1163 return;
1164 }
1165 if (optlen < 0) {
675418d5 1166 ND_PRINTK(2, warn, "RA: packet too short\n");
1da177e4
LT		 1167 return;
1168 }
1169
de357cc0 1170#ifdef CONFIG_IPV6_NDISC_NODETYPE
fadf6bf0 1171 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
675418d5 1172 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
fadf6bf0
TF		 1173 return;
1174 }
de357cc0 1175#endif
fadf6bf0 1176
1da177e4
LT		 1177 /*
1178 * set the RA_RECV flag in the interface
1179 */
1180
cfdf7647 1181 in6_dev = __in6_dev_get(skb->dev);
63159f29 1182 if (!in6_dev) {
675418d5
JP		 1183 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1184 skb->dev->name);
1da177e4
LT		 1185 return;
1186 }
1da177e4 1187
f997c55c 1188 if (!ndisc_parse_options(skb->dev, opt, optlen, &ndopts)) {
675418d5 1189 ND_PRINTK(2, warn, "RA: invalid ND options\n");
1da177e4
LT		 1190 return;
1191 }
1192
f2a762d8
BG		 1193 if (!ipv6_accept_ra(in6_dev)) {
1194 ND_PRINTK(2, info,
1195 "RA: %s, did not accept ra for dev: %s\n",
1196 __func__, skb->dev->name);
31ce8c71 1197 goto skip_linkparms;
f2a762d8 1198 }
31ce8c71 1199
de357cc0 1200#ifdef CONFIG_IPV6_NDISC_NODETYPE
fadf6bf0 1201 /* skip link-specific parameters from interior routers */
f2a762d8
BG		 1202 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1203 ND_PRINTK(2, info,
1204 "RA: %s, nodetype is NODEFAULT, dev: %s\n",
1205 __func__, skb->dev->name);
fadf6bf0 1206 goto skip_linkparms;
f2a762d8 1207 }
de357cc0 1208#endif
fadf6bf0 1209
1da177e4
LT		 1210 if (in6_dev->if_flags & IF_RS_SENT) {
1211 /*
1212 * flag that an RA was received after an RS was sent
1213 * out on this interface.
1214 */
1215 in6_dev->if_flags |= IF_RA_RCVD;
1216 }
1217
1218 /*
1219 * Remember the managed/otherconf flags from most recently
1220 * received RA message (RFC 2462) -- yoshfuji
1221 */
a394eef5 1222 old_if_flags = in6_dev->if_flags;
1da177e4
LT		 1223 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1224 IF_RA_OTHERCONF)) |
1225 (ra_msg->icmph.icmp6_addrconf_managed ?
1226 IF_RA_MANAGED : 0) |
1227 (ra_msg->icmph.icmp6_addrconf_other ?
1228 IF_RA_OTHERCONF : 0);
1229
a394eef5 1230 if (old_if_flags != in6_dev->if_flags)
2053aeb6 1231 send_ifinfo_notify = true;
a394eef5 1232
f2a762d8
BG		 1233 if (!in6_dev->cnf.accept_ra_defrtr) {
1234 ND_PRINTK(2, info,
1235 "RA: %s, defrtr is false for dev: %s\n",
1236 __func__, skb->dev->name);
65f5c7c1 1237 goto skip_defrtr;
f2a762d8 1238 }
65f5c7c1 1239
d9333196
BG		 1240 /* Do not accept RA with source-addr found on local machine unless
1241 * accept_ra_from_local is set to true.
1242 */
b6428817
LR		 1243 if (!in6_dev->cnf.accept_ra_from_local &&
1244 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
c1a9a291 1245 in6_dev->dev, 0)) {
f2a762d8 1246 ND_PRINTK(2, info,
d9333196
BG		 1247 "RA from local address detected on dev: %s: default router ignored\n",
1248 skb->dev->name);
9f56220f 1249 goto skip_defrtr;
f2a762d8 1250 }
9f56220f 1251
1da177e4
LT		 1252 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1253
ebacaaa0
YH		 1254#ifdef CONFIG_IPV6_ROUTER_PREF
1255 pref = ra_msg->icmph.icmp6_router_pref;
1256 /* 10b is handled as if it were 00b (medium) */
930d6ff2 1257 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
6d5b78cd 1258 !in6_dev->cnf.accept_ra_rtr_pref)
ebacaaa0
YH		 1259 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1260#endif
1261
0660e03f 1262 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1da177e4 1263
eb857186
DM		 1264 if (rt) {
1265 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1266 if (!neigh) {
675418d5
JP		 1267 ND_PRINTK(0, err,
1268 "RA: %s got default router without neighbour\n",
1269 __func__);
94e187c0 1270 ip6_rt_put(rt);
eb857186
DM		 1271 return;
1272 }
1273 }
1da177e4 1274 if (rt && lifetime == 0) {
e0a1ad73 1275 ip6_del_rt(rt);
1da177e4
LT		 1276 rt = NULL;
1277 }
1278
f2a762d8
BG		 1279 ND_PRINTK(3, info, "RA: rt: %p lifetime: %d, for dev: %s\n",
1280 rt, lifetime, skb->dev->name);
63159f29 1281 if (!rt && lifetime) {
f2a762d8 1282 ND_PRINTK(3, info, "RA: adding default router\n");
1da177e4 1283
0660e03f 1284 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
63159f29 1285 if (!rt) {
675418d5
JP		 1286 ND_PRINTK(0, err,
1287 "RA: %s failed to add default route\n",
1288 __func__);
1da177e4
LT		 1289 return;
1290 }
1291
eb857186 1292 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
63159f29 1293 if (!neigh) {
675418d5
JP		 1294 ND_PRINTK(0, err,
1295 "RA: %s got default router without neighbour\n",
1296 __func__);
94e187c0 1297 ip6_rt_put(rt);
1da177e4
LT		 1298 return;
1299 }
1300 neigh->flags |= NTF_ROUTER;
ebacaaa0 1301 } else if (rt) {
22441cfa 1302 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1da177e4
LT		 1303 }
1304
1305 if (rt)
1716a961 1306 rt6_set_expires(rt, jiffies + (HZ * lifetime));
8013d1d7
HL		 1307 if (in6_dev->cnf.accept_ra_min_hop_limit < 256 &&
1308 ra_msg->icmph.icmp6_hop_limit) {
1309 if (in6_dev->cnf.accept_ra_min_hop_limit <= ra_msg->icmph.icmp6_hop_limit) {
6fd99094 1310 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
8013d1d7
HL		 1311 if (rt)
1312 dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
1313 ra_msg->icmph.icmp6_hop_limit);
6fd99094 1314 } else {
8013d1d7 1315 ND_PRINTK(2, warn, "RA: Got route advertisement with lower hop_limit than minimum\n");
6fd99094 1316 }
1da177e4
LT		 1317 }
1318
65f5c7c1
YH		 1319skip_defrtr:
1320
1da177e4
LT		 1321 /*
1322 * Update Reachable Time and Retrans Timer
1323 */
1324
1325 if (in6_dev->nd_parms) {
1326 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1327
1328 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1329 rtime = (rtime*HZ)/1000;
1330 if (rtime < HZ/10)
1331 rtime = HZ/10;
1f9248e5 1332 NEIGH_VAR_SET(in6_dev->nd_parms, RETRANS_TIME, rtime);
1da177e4 1333 in6_dev->tstamp = jiffies;
2053aeb6 1334 send_ifinfo_notify = true;
1da177e4
LT		 1335 }
1336
1337 rtime = ntohl(ra_msg->reachable_time);
1338 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1339 rtime = (rtime*HZ)/1000;
1340
1341 if (rtime < HZ/10)
1342 rtime = HZ/10;
1343
1f9248e5
JP		 1344 if (rtime != NEIGH_VAR(in6_dev->nd_parms, BASE_REACHABLE_TIME)) {
1345 NEIGH_VAR_SET(in6_dev->nd_parms,
1346 BASE_REACHABLE_TIME, rtime);
1347 NEIGH_VAR_SET(in6_dev->nd_parms,
1348 GC_STALETIME, 3 * rtime);
1da177e4
LT		 1349 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1350 in6_dev->tstamp = jiffies;
2053aeb6 1351 send_ifinfo_notify = true;
1da177e4
LT		 1352 }
1353 }
1354 }
1355
2053aeb6
MT		 1356 /*
1357 * Send a notify if RA changed managed/otherconf flags or timer settings
1358 */
1359 if (send_ifinfo_notify)
1360 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1361
fadf6bf0
TF		 1362skip_linkparms:
1363
1da177e4
LT		 1364 /*
1365 * Process options.
1366 */
1367
1368 if (!neigh)
0660e03f 1369 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1da177e4
LT		 1370 skb->dev, 1);
1371 if (neigh) {
1372 u8 *lladdr = NULL;
1373 if (ndopts.nd_opts_src_lladdr) {
1374 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1375 skb->dev);
1376 if (!lladdr) {
675418d5
JP		 1377 ND_PRINTK(2, warn,
1378 "RA: invalid link-layer address length\n");
1da177e4
LT		 1379 goto out;
1380 }
1381 }
f997c55c 1382 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1da177e4
LT		 1383 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1384 NEIGH_UPDATE_F_OVERRIDE|
1385 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
f997c55c
AA		 1386 NEIGH_UPDATE_F_ISROUTER,
1387 NDISC_ROUTER_ADVERTISEMENT, &ndopts);
1da177e4
LT		 1388 }
1389
f2a762d8
BG		 1390 if (!ipv6_accept_ra(in6_dev)) {
1391 ND_PRINTK(2, info,
1392 "RA: %s, accept_ra is false for dev: %s\n",
1393 __func__, skb->dev->name);
31ce8c71 1394 goto out;
f2a762d8 1395 }
31ce8c71 1396
70ceb4f5 1397#ifdef CONFIG_IPV6_ROUTE_INFO
b6428817
LR		 1398 if (!in6_dev->cnf.accept_ra_from_local &&
1399 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
c1a9a291 1400 in6_dev->dev, 0)) {
f2a762d8 1401 ND_PRINTK(2, info,
d9333196
BG		 1402 "RA from local address detected on dev: %s: router info ignored.\n",
1403 skb->dev->name);
9f56220f 1404 goto skip_routeinfo;
f2a762d8 1405 }
9f56220f 1406
09c884d4 1407 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
70ceb4f5
YH		 1408 struct nd_opt_hdr *p;
1409 for (p = ndopts.nd_opts_ri;
1410 p;
1411 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
6294e000
YH		 1412 struct route_info *ri = (struct route_info *)p;
1413#ifdef CONFIG_IPV6_NDISC_NODETYPE
1414 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1415 ri->prefix_len == 0)
1416 continue;
1417#endif
30e56918
DJ		 1418 if (ri->prefix_len == 0 &&
1419 !in6_dev->cnf.accept_ra_defrtr)
1420 continue;
bbea124b
JS		 1421 if (ri->prefix_len < in6_dev->cnf.accept_ra_rt_info_min_plen)
1422 continue;
6294e000 1423 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
09c884d4 1424 continue;
67ba4152 1425 rt6_route_rcv(skb->dev, (u8 *)p, (p->nd_opt_len) << 3,
0660e03f 1426 &ipv6_hdr(skb)->saddr);
70ceb4f5
YH		 1427 }
1428 }
9f56220f
AH		 1429
1430skip_routeinfo:
70ceb4f5
YH		 1431#endif
1432
de357cc0 1433#ifdef CONFIG_IPV6_NDISC_NODETYPE
fadf6bf0 1434 /* skip link-specific ndopts from interior routers */
f2a762d8
BG		 1435 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1436 ND_PRINTK(2, info,
1437 "RA: %s, nodetype is NODEFAULT (interior routes), dev: %s\n",
1438 __func__, skb->dev->name);
fadf6bf0 1439 goto out;
f2a762d8 1440 }
de357cc0 1441#endif
fadf6bf0 1442
c4fd30eb 1443 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1da177e4
LT		 1444 struct nd_opt_hdr *p;
1445 for (p = ndopts.nd_opts_pi;
1446 p;
1447 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
e6bff995
NH		 1448 addrconf_prefix_rcv(skb->dev, (u8 *)p,
1449 (p->nd_opt_len) << 3,
1450 ndopts.nd_opts_src_lladdr != NULL);
1da177e4
LT		 1451 }
1452 }
1453
c2943f14 1454 if (ndopts.nd_opts_mtu && in6_dev->cnf.accept_ra_mtu) {
e69a4adc 1455 __be32 n;
1da177e4
LT		 1456 u32 mtu;
1457
67ba4152 1458 memcpy(&n, ((u8 *)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
e69a4adc 1459 mtu = ntohl(n);
1da177e4
LT		 1460
1461 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
675418d5 1462 ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1da177e4
LT		 1463 } else if (in6_dev->cnf.mtu6 != mtu) {
1464 in6_dev->cnf.mtu6 = mtu;
1465
1466 if (rt)
defb3519 1467 dst_metric_set(&rt->dst, RTAX_MTU, mtu);
1da177e4
LT		 1468
1469 rt6_mtu_change(skb->dev, mtu);
1470 }
1471 }
1ab1457c 1472
31910575 1473 if (ndopts.nd_useropts) {
61cf46ad
YH		 1474 struct nd_opt_hdr *p;
1475 for (p = ndopts.nd_useropts;
1476 p;
f997c55c
AA		 1477 p = ndisc_next_useropt(skb->dev, p,
1478 ndopts.nd_useropts_end)) {
61cf46ad 1479 ndisc_ra_useropt(skb, p);
31910575
PY		 1480 }
1481 }
1482
1da177e4 1483 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
675418d5 1484 ND_PRINTK(2, warn, "RA: invalid RA options\n");
1da177e4
LT		 1485 }
1486out:
94e187c0 1487 ip6_rt_put(rt);
eb857186 1488 if (neigh)
1da177e4 1489 neigh_release(neigh);
1da177e4
LT		 1490}
1491
1492static void ndisc_redirect_rcv(struct sk_buff *skb)
1493{
093d04d4
DJ		 1494 u8 *hdr;
1495 struct ndisc_options ndopts;
1496 struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb);
29a3cad5 1497 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
093d04d4
DJ		 1498 offsetof(struct rd_msg, opt));
1499
de357cc0 1500#ifdef CONFIG_IPV6_NDISC_NODETYPE
fadf6bf0
TF		 1501 switch (skb->ndisc_nodetype) {
1502 case NDISC_NODETYPE_HOST:
1503 case NDISC_NODETYPE_NODEFAULT:
675418d5
JP		 1504 ND_PRINTK(2, warn,
1505 "Redirect: from host or unauthorized router\n");
fadf6bf0
TF		 1506 return;
1507 }
de357cc0 1508#endif
fadf6bf0 1509
0660e03f 1510 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
675418d5
JP		 1511 ND_PRINTK(2, warn,
1512 "Redirect: source address is not link-local\n");
1da177e4
LT		 1513 return;
1514 }
1515
f997c55c 1516 if (!ndisc_parse_options(skb->dev, msg->opt, ndoptlen, &ndopts))
093d04d4
DJ		 1517 return;
1518
c92a59ec 1519 if (!ndopts.nd_opts_rh) {
b55b76b2
DJ		 1520 ip6_redirect_no_header(skb, dev_net(skb->dev),
1521 skb->dev->ifindex, 0);
093d04d4 1522 return;
c92a59ec 1523 }
093d04d4
DJ		 1524
1525 hdr = (u8 *)ndopts.nd_opts_rh;
1526 hdr += 8;
1527 if (!pskb_pull(skb, hdr - skb_transport_header(skb)))
1528 return;
1529
b94f1c09 1530 icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1da177e4
LT		 1531}
1532
5f5a0115
YH		 1533static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb,
1534 struct sk_buff *orig_skb,
1535 int rd_len)
9c86dafe 1536{
5f5a0115
YH		 1537 u8 *opt = skb_put(skb, rd_len);
1538
9c86dafe
YH		 1539 memset(opt, 0, 8);
1540 *(opt++) = ND_OPT_REDIRECT_HDR;
1541 *(opt++) = (rd_len >> 3);
1542 opt += 6;
1543
1544 memcpy(opt, ipv6_hdr(orig_skb), rd_len - 8);
9c86dafe
YH		 1545}
1546
4991969a 1547void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1da177e4 1548{
1762f7e8 1549 struct net_device *dev = skb->dev;
c346dca1 1550 struct net *net = dev_net(dev);
1762f7e8 1551 struct sock *sk = net->ipv6.ndisc_sk;
2ce13576 1552 int optlen = 0;
fbfe95a4 1553 struct inet_peer *peer;
1da177e4 1554 struct sk_buff *buff;
71bcdba0 1555 struct rd_msg *msg;
1da177e4 1556 struct in6_addr saddr_buf;
1da177e4
LT		 1557 struct rt6_info *rt;
1558 struct dst_entry *dst;
4c9483b2 1559 struct flowi6 fl6;
1da177e4 1560 int rd_len;
f997c55c
AA		 1561 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL,
1562 ops_data_buf[NDISC_OPS_REDIRECT_DATA_SPACE], *ops_data = NULL;
1d861aa4 1563 bool ret;
1da177e4 1564
95c385b4 1565 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
675418d5
JP		 1566 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1567 dev->name);
1ab1457c
YH		 1568 return;
1569 }
1da177e4 1570
0660e03f 1571 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
bf0b48df 1572 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
675418d5
JP		 1573 ND_PRINTK(2, warn,
1574 "Redirect: target address is not link-local unicast\n");
29556526
LY		 1575 return;
1576 }
1577
4c9483b2 1578 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
e0d56fdd 1579 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1da177e4 1580
4c9483b2 1581 dst = ip6_route_output(net, NULL, &fl6);
5095d64d
RL		 1582 if (dst->error) {
1583 dst_release(dst);
1da177e4 1584 return;
5095d64d 1585 }
4c9483b2 1586 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
452edd59 1587 if (IS_ERR(dst))
1da177e4 1588 return;
1da177e4
LT		 1589
1590 rt = (struct rt6_info *) dst;
1591
1592 if (rt->rt6i_flags & RTF_GATEWAY) {
675418d5
JP		 1593 ND_PRINTK(2, warn,
1594 "Redirect: destination is not a neighbour\n");
d73f0801 1595 goto release;
1da177e4 1596 }
fd0273d7 1597 peer = inet_getpeer_v6(net->ipv6.peers, &ipv6_hdr(skb)->saddr, 1);
1d861aa4
DM		 1598 ret = inet_peer_xrlim_allow(peer, 1*HZ);
1599 if (peer)
1600 inet_putpeer(peer);
1601 if (!ret)
d73f0801 1602 goto release;
1da177e4
LT		 1603
1604 if (dev->addr_len) {
4991969a
DM		 1605 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1606 if (!neigh) {
675418d5
JP		 1607 ND_PRINTK(2, warn,
1608 "Redirect: no neigh for target address\n");
4991969a
DM		 1609 goto release;
1610 }
1611
1da177e4
LT		 1612 read_lock_bh(&neigh->lock);
1613 if (neigh->nud_state & NUD_VALID) {
1614 memcpy(ha_buf, neigh->ha, dev->addr_len);
1615 read_unlock_bh(&neigh->lock);
1616 ha = ha_buf;
f997c55c
AA		 1617 optlen += ndisc_redirect_opt_addr_space(dev, neigh,
1618 ops_data_buf,
1619 &ops_data);
1da177e4
LT		 1620 } else
1621 read_unlock_bh(&neigh->lock);
4991969a
DM		 1622
1623 neigh_release(neigh);
1da177e4
LT		 1624 }
1625
1626 rd_len = min_t(unsigned int,
2ce13576
YH		 1627 IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen,
1628 skb->len + 8);
1da177e4 1629 rd_len &= ~0x7;
2ce13576 1630 optlen += rd_len;
1da177e4 1631
2ce13576 1632 buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
de09334b 1633 if (!buff)
d73f0801 1634 goto release;
1da177e4 1635
4df864c1 1636 msg = skb_put(buff, sizeof(*msg));
4d5c152e
YH		 1637 *msg = (struct rd_msg) {
1638 .icmph = {
1639 .icmp6_type = NDISC_REDIRECT,
1640 },
1641 .target = *target,
1642 .dest = ipv6_hdr(skb)->daddr,
1643 };
1da177e4 1644
1da177e4
LT		 1645 /*
1646 * include target_address option
1647 */
1648
1649 if (ha)
f997c55c 1650 ndisc_fill_redirect_addr_option(buff, ha, ops_data);
1da177e4
LT		 1651
1652 /*
1653 * build redirect option and copy skb over to the new packet.
1654 */
1655
9c86dafe 1656 if (rd_len)
5f5a0115 1657 ndisc_fill_redirect_hdr_option(buff, skb, rd_len);
1da177e4 1658
adf30907 1659 skb_dst_set(buff, dst);
f4de84c6 1660 ndisc_send_skb(buff, &ipv6_hdr(skb)->saddr, &saddr_buf);
d73f0801
IJ		 1661 return;
1662
1663release:
1664 dst_release(dst);
1da177e4
LT		 1665}
1666
1667static void pndisc_redo(struct sk_buff *skb)
1668{
140e26fc 1669 ndisc_recv_ns(skb);
1da177e4
LT		 1670 kfree_skb(skb);
1671}
1672
b800c3b9
HFS		 1673static bool ndisc_suppress_frag_ndisc(struct sk_buff *skb)
1674{
1675 struct inet6_dev *idev = __in6_dev_get(skb->dev);
1676
1677 if (!idev)
1678 return true;
1679 if (IP6CB(skb)->flags & IP6SKB_FRAGMENTED &&
1680 idev->cnf.suppress_frag_ndisc) {
1681 net_warn_ratelimited("Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.\n");
1682 return true;
1683 }
1684 return false;
1685}
1686
1da177e4
LT		 1687int ndisc_rcv(struct sk_buff *skb)
1688{
1689 struct nd_msg *msg;
1690
b800c3b9
HFS		 1691 if (ndisc_suppress_frag_ndisc(skb))
1692 return 0;
1693
6bce6b4e 1694 if (skb_linearize(skb))
1da177e4
LT		 1695 return 0;
1696
9c70220b 1697 msg = (struct nd_msg *)skb_transport_header(skb);
1da177e4 1698
9c70220b 1699 __skb_push(skb, skb->data - skb_transport_header(skb));
1da177e4 1700
0660e03f 1701 if (ipv6_hdr(skb)->hop_limit != 255) {
675418d5
JP		 1702 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1703 ipv6_hdr(skb)->hop_limit);
1da177e4
LT		 1704 return 0;
1705 }
1706
1707 if (msg->icmph.icmp6_code != 0) {
675418d5
JP		 1708 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1709 msg->icmph.icmp6_code);
1da177e4
LT		 1710 return 0;
1711 }
1712
a61bbcf2
PM		 1713 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1714
1da177e4
LT		 1715 switch (msg->icmph.icmp6_type) {
1716 case NDISC_NEIGHBOUR_SOLICITATION:
1717 ndisc_recv_ns(skb);
1718 break;
1719
1720 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1721 ndisc_recv_na(skb);
1722 break;
1723
1724 case NDISC_ROUTER_SOLICITATION:
1725 ndisc_recv_rs(skb);
1726 break;
1727
1728 case NDISC_ROUTER_ADVERTISEMENT:
1729 ndisc_router_discovery(skb);
1730 break;
1731
1732 case NDISC_REDIRECT:
1733 ndisc_redirect_rcv(skb);
1734 break;
3ff50b79 1735 }
1da177e4
LT		 1736
1737 return 0;
1738}
1739
1740static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1741{
351638e7 1742 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
c8507fb2 1743 struct netdev_notifier_change_info *change_info;
c346dca1 1744 struct net *net = dev_net(dev);
5cb04436 1745 struct inet6_dev *idev;
1da177e4
LT		 1746
1747 switch (event) {
1748 case NETDEV_CHANGEADDR:
1749 neigh_changeaddr(&nd_tbl, dev);
2ac3ac8f 1750 fib6_run_gc(0, net, false);
4a6e3c5d
DA		 1751 /* fallthrough */
1752 case NETDEV_UP:
5cb04436
HFS		 1753 idev = in6_dev_get(dev);
1754 if (!idev)
1755 break;
fc1f8f4f
DA		 1756 if (idev->cnf.ndisc_notify ||
1757 net->ipv6.devconf_all->ndisc_notify)
5cb04436
HFS		 1758 ndisc_send_unsol_na(dev);
1759 in6_dev_put(idev);
1da177e4 1760 break;
c8507fb2
ED		 1761 case NETDEV_CHANGE:
1762 change_info = ptr;
1763 if (change_info->flags_changed & IFF_NOARP)
1764 neigh_changeaddr(&nd_tbl, dev);
1765 break;
1da177e4
LT		 1766 case NETDEV_DOWN:
1767 neigh_ifdown(&nd_tbl, dev);
2ac3ac8f 1768 fib6_run_gc(0, net, false);
1da177e4 1769 break;
f47b9464
BH		 1770 case NETDEV_NOTIFY_PEERS:
1771 ndisc_send_unsol_na(dev);
1772 break;
1da177e4
LT		 1773 default:
1774 break;
1775 }
1776
1777 return NOTIFY_DONE;
1778}
1779
1780static struct notifier_block ndisc_netdev_notifier = {
1781 .notifier_call = ndisc_netdev_event,
1782};
1783
1784#ifdef CONFIG_SYSCTL
1785static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1786 const char *func, const char *dev_name)
1787{
1788 static char warncomm[TASK_COMM_LEN];
1789 static int warned;
1790 if (strcmp(warncomm, current->comm) && warned < 5) {
1791 strcpy(warncomm, current->comm);
f3213831 1792 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1da177e4
LT		 1793 warncomm, func,
1794 dev_name, ctl->procname,
1795 dev_name, ctl->procname);
1796 warned++;
1797 }
1798}
1799
8d65af78 1800int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
1da177e4
LT		 1801{
1802 struct net_device *dev = ctl->extra1;
1803 struct inet6_dev *idev;
1804 int ret;
1805
d12af679
EB		 1806 if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1807 (strcmp(ctl->procname, "base_reachable_time") == 0))
1da177e4
LT		 1808 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1809
d12af679 1810 if (strcmp(ctl->procname, "retrans_time") == 0)
cb5b09c1 1811 ret = neigh_proc_dointvec(ctl, write, buffer, lenp, ppos);
d12af679
EB		 1812
1813 else if (strcmp(ctl->procname, "base_reachable_time") == 0)
cb5b09c1
JP		 1814 ret = neigh_proc_dointvec_jiffies(ctl, write,
1815 buffer, lenp, ppos);
d12af679
EB		 1816
1817 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
ad02ac14 1818 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
cb5b09c1
JP		 1819 ret = neigh_proc_dointvec_ms_jiffies(ctl, write,
1820 buffer, lenp, ppos);
d12af679 1821 else
1da177e4 1822 ret = -1;
1da177e4
LT		 1823
1824 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1f9248e5
JP		 1825 if (ctl->data == &NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME))
1826 idev->nd_parms->reachable_time =
1827 neigh_rand_reach_time(NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME));
1da177e4
LT		 1828 idev->tstamp = jiffies;
1829 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1830 in6_dev_put(idev);
1831 }
1832 return ret;
1833}
1834
1da177e4
LT		 1835
1836#endif
1837
2c8c1e72 1838static int __net_init ndisc_net_init(struct net *net)
1da177e4
LT		 1839{
1840 struct ipv6_pinfo *np;
1841 struct sock *sk;
1ab1457c 1842 int err;
1da177e4 1843
1ed8516f
DL		 1844 err = inet_ctl_sock_create(&sk, PF_INET6,
1845 SOCK_RAW, IPPROTO_ICMPV6, net);
1da177e4 1846 if (err < 0) {
675418d5
JP		 1847 ND_PRINTK(0, err,
1848 "NDISC: Failed to initialize the control socket (err %d)\n",
1849 err);
1da177e4
LT		 1850 return err;
1851 }
1852
1ed8516f 1853 net->ipv6.ndisc_sk = sk;
1762f7e8 1854
1da177e4 1855 np = inet6_sk(sk);
1da177e4
LT		 1856 np->hop_limit = 255;
1857 /* Do not loopback ndisc messages */
1858 np->mc_loop = 0;
1da177e4 1859
1762f7e8
DL		 1860 return 0;
1861}
1862
2c8c1e72 1863static void __net_exit ndisc_net_exit(struct net *net)
1762f7e8 1864{
1ed8516f 1865 inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1762f7e8
DL		 1866}
1867
1868static struct pernet_operations ndisc_net_ops = {
1869 .init = ndisc_net_init,
1870 .exit = ndisc_net_exit,
1871};
1872
1873int __init ndisc_init(void)
1874{
1875 int err;
1876
1877 err = register_pernet_subsys(&ndisc_net_ops);
1878 if (err)
1879 return err;
1ab1457c
YH		 1880 /*
1881 * Initialize the neighbour table
1882 */
d7480fd3 1883 neigh_table_init(NEIGH_ND_TABLE, &nd_tbl);
1da177e4
LT		 1884
1885#ifdef CONFIG_SYSCTL
73af614a 1886 err = neigh_sysctl_register(NULL, &nd_tbl.parms,
56ec0fb1 1887 ndisc_ifinfo_sysctl_change);
1762f7e8
DL		 1888 if (err)
1889 goto out_unregister_pernet;
1762f7e8 1890out:
bcd081a3 1891#endif
1762f7e8 1892 return err;
1da177e4 1893
1762f7e8 1894#ifdef CONFIG_SYSCTL
1762f7e8 1895out_unregister_pernet:
1762f7e8
DL		 1896 unregister_pernet_subsys(&ndisc_net_ops);
1897 goto out;
2c861cc6 1898#endif
1da177e4
LT		 1899}
1900
2c861cc6
MK		 1901int __init ndisc_late_init(void)
1902{
1903 return register_netdevice_notifier(&ndisc_netdev_notifier);
1904}
1905
1906void ndisc_late_cleanup(void)
1da177e4 1907{
36f73d0c 1908 unregister_netdevice_notifier(&ndisc_netdev_notifier);
2c861cc6
MK		 1909}
1910
1911void ndisc_cleanup(void)
1912{
1da177e4
LT		 1913#ifdef CONFIG_SYSCTL
1914 neigh_sysctl_unregister(&nd_tbl.parms);
1915#endif
d7480fd3 1916 neigh_table_clear(NEIGH_ND_TABLE, &nd_tbl);
1762f7e8 1917 unregister_pernet_subsys(&ndisc_net_ops);
1da177e4 1918}
ubuntu-bionic-kernel mirror