]> git.proxmox.com Git - mirror_ubuntu-hirsute-kernel.git/blame - net/ipv6/ndisc.c
projects / mirror_ubuntu-hirsute-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
tipc: use skb_unshare() instead in tipc_buf_append()
[mirror_ubuntu-hirsute-kernel.git] / net / ipv6 / ndisc.c
CommitLineData
2874c5fd 1// SPDX-License-Identifier: GPL-2.0-or-later
1da177e4
LT		 2/*
3 * Neighbour Discovery for IPv6
1ab1457c 4 * Linux INET6 implementation
1da177e4
LT		 5 *
6 * Authors:
1ab1457c 7 * Pedro Roque <roque@di.fc.ul.pt>
1da177e4 8 * Mike Shaver <shaver@ingenia.com>
1da177e4
LT		 9 */
10
11/*
12 * Changes:
13 *
e35f30c1 14 * Alexey I. Froloff : RFC6106 (DNSSL) support
31910575
PY		 15 * Pierre Ynard : export userland ND options
16 * through netlink (RDNSS support)
1da177e4
LT		 17 * Lars Fenneberg : fixed MTU setting on receipt
18 * of an RA.
1da177e4
LT		 19 * Janos Farkas : kmalloc failure checks
20 * Alexey Kuznetsov : state machine reworked
21 * and moved to net/core.
22 * Pekka Savola : RFC2461 validation
23 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly
24 */
25
675418d5 26#define pr_fmt(fmt) "ICMPv6: " fmt
1da177e4
LT		 27
28#include <linux/module.h>
1da177e4
LT		 29#include <linux/errno.h>
30#include <linux/types.h>
31#include <linux/socket.h>
32#include <linux/sockios.h>
33#include <linux/sched.h>
34#include <linux/net.h>
35#include <linux/in6.h>
36#include <linux/route.h>
37#include <linux/init.h>
38#include <linux/rcupdate.h>
5a0e3ad6 39#include <linux/slab.h>
1da177e4
LT		 40#ifdef CONFIG_SYSCTL
41#include <linux/sysctl.h>
42#endif
43
1823730f 44#include <linux/if_addr.h>
da13c59b 45#include <linux/if_ether.h>
1da177e4
LT		 46#include <linux/if_arp.h>
47#include <linux/ipv6.h>
48#include <linux/icmpv6.h>
49#include <linux/jhash.h>
50
51#include <net/sock.h>
52#include <net/snmp.h>
53
54#include <net/ipv6.h>
55#include <net/protocol.h>
56#include <net/ndisc.h>
57#include <net/ip6_route.h>
58#include <net/addrconf.h>
59#include <net/icmp.h>
60
31910575
PY		 61#include <net/netlink.h>
62#include <linux/rtnetlink.h>
63
1da177e4
LT		 64#include <net/flow.h>
65#include <net/ip6_checksum.h>
1ed8516f 66#include <net/inet_common.h>
1da177e4
LT		 67#include <linux/proc_fs.h>
68
69#include <linux/netfilter.h>
70#include <linux/netfilter_ipv6.h>
71
d6bf7817
ED		 72static u32 ndisc_hash(const void *pkey,
73 const struct net_device *dev,
2c2aba6c 74 __u32 *hash_rnd);
60395a20 75static bool ndisc_key_eq(const struct neighbour *neigh, const void *pkey);
b8fb1ab4
DA		 76static bool ndisc_allow_add(const struct net_device *dev,
77 struct netlink_ext_ack *extack);
1da177e4
LT		 78static int ndisc_constructor(struct neighbour *neigh);
79static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
80static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
81static int pndisc_constructor(struct pneigh_entry *n);
82static void pndisc_destructor(struct pneigh_entry *n);
83static void pndisc_redo(struct sk_buff *skb);
84
89d69d2b 85static const struct neigh_ops ndisc_generic_ops = {
1da177e4
LT		 86 .family = AF_INET6,
87 .solicit = ndisc_solicit,
88 .error_report = ndisc_error_report,
89 .output = neigh_resolve_output,
90 .connected_output = neigh_connected_output,
1da177e4
LT		 91};
92
89d69d2b 93static const struct neigh_ops ndisc_hh_ops = {
1da177e4
LT		 94 .family = AF_INET6,
95 .solicit = ndisc_solicit,
96 .error_report = ndisc_error_report,
97 .output = neigh_resolve_output,
98 .connected_output = neigh_resolve_output,
1da177e4
LT		 99};
100
101
89d69d2b 102static const struct neigh_ops ndisc_direct_ops = {
1da177e4 103 .family = AF_INET6,
8f40b161
DM		 104 .output = neigh_direct_output,
105 .connected_output = neigh_direct_output,
1da177e4
LT		 106};
107
108struct neigh_table nd_tbl = {
109 .family = AF_INET6,
1da177e4 110 .key_len = sizeof(struct in6_addr),
bdf53c58 111 .protocol = cpu_to_be16(ETH_P_IPV6),
1da177e4 112 .hash = ndisc_hash,
60395a20 113 .key_eq = ndisc_key_eq,
1da177e4
LT		 114 .constructor = ndisc_constructor,
115 .pconstructor = pndisc_constructor,
116 .pdestructor = pndisc_destructor,
117 .proxy_redo = pndisc_redo,
b8fb1ab4 118 .allow_add = ndisc_allow_add,
1da177e4
LT		 119 .id = "ndisc_cache",
120 .parms = {
b672083e 121 .tbl = &nd_tbl,
b672083e 122 .reachable_time = ND_REACHABLE_TIME,
1f9248e5
JP		 123 .data = {
124 [NEIGH_VAR_MCAST_PROBES] = 3,
125 [NEIGH_VAR_UCAST_PROBES] = 3,
126 [NEIGH_VAR_RETRANS_TIME] = ND_RETRANS_TIMER,
127 [NEIGH_VAR_BASE_REACHABLE_TIME] = ND_REACHABLE_TIME,
128 [NEIGH_VAR_DELAY_PROBE_TIME] = 5 * HZ,
129 [NEIGH_VAR_GC_STALETIME] = 60 * HZ,
eaa72dc4 130 [NEIGH_VAR_QUEUE_LEN_BYTES] = SK_WMEM_MAX,
1f9248e5
JP		 131 [NEIGH_VAR_PROXY_QLEN] = 64,
132 [NEIGH_VAR_ANYCAST_DELAY] = 1 * HZ,
133 [NEIGH_VAR_PROXY_DELAY] = (8 * HZ) / 10,
134 },
1da177e4
LT		 135 },
136 .gc_interval = 30 * HZ,
137 .gc_thresh1 = 128,
138 .gc_thresh2 = 512,
139 .gc_thresh3 = 1024,
140};
c4850687 141EXPORT_SYMBOL_GPL(nd_tbl);
1da177e4 142
cc84b3c6
AA		 143void __ndisc_fill_addr_option(struct sk_buff *skb, int type, void *data,
144 int data_len, int pad)
1da177e4 145{
8ec5da41 146 int space = __ndisc_opt_addr_space(data_len, pad);
5f5a0115 147 u8 *opt = skb_put(skb, space);
1da177e4
LT		 148
149 opt[0] = type;
150 opt[1] = space>>3;
151
152 memset(opt + 2, 0, pad);
153 opt += pad;
154 space -= pad;
155
156 memcpy(opt+2, data, data_len);
157 data_len += 2;
158 opt += data_len;
e5d08d71
IM		 159 space -= data_len;
160 if (space > 0)
1da177e4 161 memset(opt, 0, space);
1da177e4 162}
cc84b3c6 163EXPORT_SYMBOL_GPL(__ndisc_fill_addr_option);
1da177e4 164
8ec5da41 165static inline void ndisc_fill_addr_option(struct sk_buff *skb, int type,
f997c55c 166 void *data, u8 icmp6_type)
8ec5da41
AA		 167{
168 __ndisc_fill_addr_option(skb, type, data, skb->dev->addr_len,
169 ndisc_addr_option_pad(skb->dev->type));
f997c55c
AA		 170 ndisc_ops_fill_addr_option(skb->dev, skb, icmp6_type);
171}
172
173static inline void ndisc_fill_redirect_addr_option(struct sk_buff *skb,
174 void *ha,
175 const u8 *ops_data)
176{
177 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR, ha, NDISC_REDIRECT);
178 ndisc_ops_fill_redirect_addr_option(skb->dev, skb, ops_data);
8ec5da41
AA		 179}
180
1da177e4
LT		 181static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
182 struct nd_opt_hdr *end)
183{
184 int type;
185 if (!cur || !end || cur >= end)
186 return NULL;
187 type = cur->nd_opt_type;
188 do {
189 cur = ((void *)cur) + (cur->nd_opt_len << 3);
67ba4152 190 } while (cur < end && cur->nd_opt_type != type);
a02cec21 191 return cur <= end && cur->nd_opt_type == type ? cur : NULL;
1da177e4
LT		 192}
193
f997c55c
AA		 194static inline int ndisc_is_useropt(const struct net_device *dev,
195 struct nd_opt_hdr *opt)
31910575 196{
e35f30c1 197 return opt->nd_opt_type == ND_OPT_RDNSS ||
f997c55c 198 opt->nd_opt_type == ND_OPT_DNSSL ||
66b5f1c4 199 opt->nd_opt_type == ND_OPT_CAPTIVE_PORTAL ||
c24a77ed 200 opt->nd_opt_type == ND_OPT_PREF64 ||
f997c55c 201 ndisc_ops_is_useropt(dev, opt->nd_opt_type);
31910575
PY		 202}
203
f997c55c
AA		 204static struct nd_opt_hdr *ndisc_next_useropt(const struct net_device *dev,
205 struct nd_opt_hdr *cur,
31910575
PY		 206 struct nd_opt_hdr *end)
207{
208 if (!cur || !end || cur >= end)
209 return NULL;
210 do {
211 cur = ((void *)cur) + (cur->nd_opt_len << 3);
f997c55c
AA		 212 } while (cur < end && !ndisc_is_useropt(dev, cur));
213 return cur <= end && ndisc_is_useropt(dev, cur) ? cur : NULL;
31910575
PY		 214}
215
f997c55c
AA		 216struct ndisc_options *ndisc_parse_options(const struct net_device *dev,
217 u8 *opt, int opt_len,
30f2a5f3 218 struct ndisc_options *ndopts)
1da177e4
LT		 219{
220 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
221
222 if (!nd_opt || opt_len < 0 || !ndopts)
223 return NULL;
224 memset(ndopts, 0, sizeof(*ndopts));
225 while (opt_len) {
226 int l;
227 if (opt_len < sizeof(struct nd_opt_hdr))
228 return NULL;
229 l = nd_opt->nd_opt_len << 3;
230 if (opt_len < l || l == 0)
231 return NULL;
f997c55c
AA		 232 if (ndisc_ops_parse_options(dev, nd_opt, ndopts))
233 goto next_opt;
1da177e4
LT		 234 switch (nd_opt->nd_opt_type) {
235 case ND_OPT_SOURCE_LL_ADDR:
236 case ND_OPT_TARGET_LL_ADDR:
237 case ND_OPT_MTU:
adc176c5 238 case ND_OPT_NONCE:
1da177e4
LT		 239 case ND_OPT_REDIRECT_HDR:
240 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
675418d5
JP		 241 ND_PRINTK(2, warn,
242 "%s: duplicated ND6 option found: type=%d\n",
243 __func__, nd_opt->nd_opt_type);
1da177e4
LT		 244 } else {
245 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
246 }
247 break;
248 case ND_OPT_PREFIX_INFO:
249 ndopts->nd_opts_pi_end = nd_opt;
cfcabdcc 250 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
1da177e4
LT		 251 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
252 break;
70ceb4f5
YH		 253#ifdef CONFIG_IPV6_ROUTE_INFO
254 case ND_OPT_ROUTE_INFO:
255 ndopts->nd_opts_ri_end = nd_opt;
256 if (!ndopts->nd_opts_ri)
257 ndopts->nd_opts_ri = nd_opt;
258 break;
259#endif
1da177e4 260 default:
f997c55c 261 if (ndisc_is_useropt(dev, nd_opt)) {
31910575
PY		 262 ndopts->nd_useropts_end = nd_opt;
263 if (!ndopts->nd_useropts)
264 ndopts->nd_useropts = nd_opt;
265 } else {
266 /*
267 * Unknown options must be silently ignored,
268 * to accommodate future extension to the
269 * protocol.
270 */
675418d5
JP		 271 ND_PRINTK(2, notice,
272 "%s: ignored unsupported option; type=%d, len=%d\n",
273 __func__,
274 nd_opt->nd_opt_type,
275 nd_opt->nd_opt_len);
31910575 276 }
1da177e4 277 }
f997c55c 278next_opt:
1da177e4
LT		 279 opt_len -= l;
280 nd_opt = ((void *)nd_opt) + l;
281 }
282 return ndopts;
283}
284
b71d1d42 285int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
1da177e4
LT		 286{
287 switch (dev->type) {
288 case ARPHRD_ETHER:
289 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */
290 case ARPHRD_FDDI:
291 ipv6_eth_mc_map(addr, buf);
292 return 0;
1da177e4
LT		 293 case ARPHRD_ARCNET:
294 ipv6_arcnet_mc_map(addr, buf);
295 return 0;
296 case ARPHRD_INFINIBAND:
a9e527e3 297 ipv6_ib_mc_map(addr, dev->broadcast, buf);
1da177e4 298 return 0;
93ca3bb5
TT		 299 case ARPHRD_IPGRE:
300 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
1da177e4
LT		 301 default:
302 if (dir) {
303 memcpy(buf, dev->broadcast, dev->addr_len);
304 return 0;
305 }
306 }
307 return -EINVAL;
308}
7159039a
YH		 309EXPORT_SYMBOL(ndisc_mc_map);
310
d6bf7817
ED		 311static u32 ndisc_hash(const void *pkey,
312 const struct net_device *dev,
2c2aba6c 313 __u32 *hash_rnd)
1da177e4 314{
2c2aba6c 315 return ndisc_hashfn(pkey, dev, hash_rnd);
1da177e4
LT		 316}
317
60395a20
EB		 318static bool ndisc_key_eq(const struct neighbour *n, const void *pkey)
319{
320 return neigh_key_eq128(n, pkey);
321}
322
1da177e4
LT		 323static int ndisc_constructor(struct neighbour *neigh)
324{
67ba4152 325 struct in6_addr *addr = (struct in6_addr *)&neigh->primary_key;
1da177e4
LT		 326 struct net_device *dev = neigh->dev;
327 struct inet6_dev *in6_dev;
328 struct neigh_parms *parms;
a50feda5 329 bool is_multicast = ipv6_addr_is_multicast(addr);
1da177e4 330
1da177e4 331 in6_dev = in6_dev_get(dev);
63159f29 332 if (!in6_dev) {
1da177e4
LT		 333 return -EINVAL;
334 }
335
336 parms = in6_dev->nd_parms;
337 __neigh_parms_put(neigh->parms);
338 neigh->parms = neigh_parms_clone(parms);
1da177e4
LT		 339
340 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
3b04ddde 341 if (!dev->header_ops) {
1da177e4
LT		 342 neigh->nud_state = NUD_NOARP;
343 neigh->ops = &ndisc_direct_ops;
8f40b161 344 neigh->output = neigh_direct_output;
1da177e4
LT		 345 } else {
346 if (is_multicast) {
347 neigh->nud_state = NUD_NOARP;
348 ndisc_mc_map(addr, neigh->ha, dev, 1);
349 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
350 neigh->nud_state = NUD_NOARP;
351 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
352 if (dev->flags&IFF_LOOPBACK)
353 neigh->type = RTN_LOCAL;
354 } else if (dev->flags&IFF_POINTOPOINT) {
355 neigh->nud_state = NUD_NOARP;
356 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
357 }
3b04ddde 358 if (dev->header_ops->cache)
1da177e4
LT		 359 neigh->ops = &ndisc_hh_ops;
360 else
361 neigh->ops = &ndisc_generic_ops;
362 if (neigh->nud_state&NUD_VALID)
363 neigh->output = neigh->ops->connected_output;
364 else
365 neigh->output = neigh->ops->output;
366 }
367 in6_dev_put(in6_dev);
368 return 0;
369}
370
371static int pndisc_constructor(struct pneigh_entry *n)
372{
67ba4152 373 struct in6_addr *addr = (struct in6_addr *)&n->key;
1da177e4
LT		 374 struct in6_addr maddr;
375 struct net_device *dev = n->dev;
376
63159f29 377 if (!dev || !__in6_dev_get(dev))
1da177e4
LT		 378 return -EINVAL;
379 addrconf_addr_solict_mult(addr, &maddr);
380 ipv6_dev_mc_inc(dev, &maddr);
381 return 0;
382}
383
384static void pndisc_destructor(struct pneigh_entry *n)
385{
67ba4152 386 struct in6_addr *addr = (struct in6_addr *)&n->key;
1da177e4
LT		 387 struct in6_addr maddr;
388 struct net_device *dev = n->dev;
389
63159f29 390 if (!dev || !__in6_dev_get(dev))
1da177e4
LT		 391 return;
392 addrconf_addr_solict_mult(addr, &maddr);
393 ipv6_dev_mc_dec(dev, &maddr);
394}
395
b8fb1ab4
DA		 396/* called with rtnl held */
397static bool ndisc_allow_add(const struct net_device *dev,
398 struct netlink_ext_ack *extack)
399{
400 struct inet6_dev *idev = __in6_dev_get(dev);
401
402 if (!idev || idev->cnf.disable_ipv6) {
403 NL_SET_ERR_MSG(extack, "IPv6 is disabled on this device");
404 return false;
405 }
406
407 return true;
408}
409
de09334b
YH		 410static struct sk_buff *ndisc_alloc_skb(struct net_device *dev,
411 int len)
412{
413 int hlen = LL_RESERVED_SPACE(dev);
414 int tlen = dev->needed_tailroom;
415 struct sock *sk = dev_net(dev)->ipv6.ndisc_sk;
416 struct sk_buff *skb;
de09334b 417
25a6e6b8 418 skb = alloc_skb(hlen + sizeof(struct ipv6hdr) + len + tlen, GFP_ATOMIC);
de09334b 419 if (!skb) {
25a6e6b8
TG		 420 ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb\n",
421 __func__);
de09334b
YH		 422 return NULL;
423 }
424
f382d03a
YH		 425 skb->protocol = htons(ETH_P_IPV6);
426 skb->dev = dev;
427
527a150f 428 skb_reserve(skb, hlen + sizeof(struct ipv6hdr));
5135e633 429 skb_reset_transport_header(skb);
de09334b 430
25a6e6b8
TG		 431 /* Manually assign socket ownership as we avoid calling
432 * sock_alloc_send_pskb() to bypass wmem buffer limits
433 */
434 skb_set_owner_w(skb, sk);
435
de09334b
YH		 436 return skb;
437}
438
f382d03a 439static void ip6_nd_hdr(struct sk_buff *skb,
2576f17d
YH		 440 const struct in6_addr *saddr,
441 const struct in6_addr *daddr,
c8d6c380 442 int hop_limit, int len)
2576f17d
YH		 443{
444 struct ipv6hdr *hdr;
2210d6b2
 445 struct inet6_dev *idev;
446 unsigned tclass;
447
448 rcu_read_lock();
449 idev = __in6_dev_get(skb->dev);
450 tclass = idev ? idev->cnf.ndisc_tclass : 0;
451 rcu_read_unlock();
2576f17d 452
527a150f 453 skb_push(skb, sizeof(*hdr));
2576f17d 454 skb_reset_network_header(skb);
2576f17d
YH		 455 hdr = ipv6_hdr(skb);
456
2210d6b2 457 ip6_flow_hdr(hdr, tclass, 0);
2576f17d
YH		 458
459 hdr->payload_len = htons(len);
c8d6c380
YH		 460 hdr->nexthdr = IPPROTO_ICMPV6;
461 hdr->hop_limit = hop_limit;
2576f17d
YH		 462
463 hdr->saddr = *saddr;
464 hdr->daddr = *daddr;
465}
466
af9a9976 467static void ndisc_send_skb(struct sk_buff *skb,
fd0ea7db 468 const struct in6_addr *daddr,
aa4bdd4b 469 const struct in6_addr *saddr)
305d552a 470{
f4de84c6 471 struct dst_entry *dst = skb_dst(skb);
af9a9976 472 struct net *net = dev_net(skb->dev);
7b3d9b06 473 struct sock *sk = net->ipv6.ndisc_sk;
305d552a
BH		 474 struct inet6_dev *idev;
475 int err;
aa4bdd4b 476 struct icmp6hdr *icmp6h = icmp6_hdr(skb);
305d552a
BH		 477 u8 type;
478
479 type = icmp6h->icmp6_type;
480
f4de84c6 481 if (!dst) {
f4de84c6 482 struct flowi6 fl6;
e0d56fdd 483 int oif = skb->dev->ifindex;
305d552a 484
ca254490 485 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, oif);
f4de84c6
YH		 486 dst = icmp6_dst_alloc(skb->dev, &fl6);
487 if (IS_ERR(dst)) {
488 kfree_skb(skb);
489 return;
490 }
491
492 skb_dst_set(skb, dst);
493 }
e1ec7842 494
7b3d9b06
YH		 495 icmp6h->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len,
496 IPPROTO_ICMPV6,
497 csum_partial(icmp6h,
498 skb->len, 0));
499
500 ip6_nd_hdr(skb, saddr, daddr, inet6_sk(sk)->hop_limit, skb->len);
501
cfdf7647
ED		 502 rcu_read_lock();
503 idev = __in6_dev_get(dst->dev);
edf391ff 504 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
e1ec7842 505
29a26a56
EB		 506 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT,
507 net, sk, skb, NULL, dst->dev,
13206b6b 508 dst_output);
1da177e4 509 if (!err) {
5c5d244b 510 ICMP6MSGOUT_INC_STATS(net, idev, type);
a862f6a6 511 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
1da177e4
LT		 512 }
513
cfdf7647 514 rcu_read_unlock();
1ab1457c 515}
1da177e4 516
38cf595b 517void ndisc_send_na(struct net_device *dev, const struct in6_addr *daddr,
f564f45c
CW		 518 const struct in6_addr *solicited_addr,
519 bool router, bool solicited, bool override, bool inc_opt)
e1ec7842 520{
b44b5f4a 521 struct sk_buff *skb;
e1ec7842
YH		 522 struct in6_addr tmpaddr;
523 struct inet6_ifaddr *ifp;
9acd9f3a 524 const struct in6_addr *src_addr;
1cb3fe51
YH		 525 struct nd_msg *msg;
526 int optlen = 0;
e1ec7842
YH		 527
528 /* for anycast or proxy, solicited_addr != src_addr */
c346dca1 529 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
e1ec7842
YH		 530 if (ifp) {
531 src_addr = solicited_addr;
532 if (ifp->flags & IFA_F_OPTIMISTIC)
f2f79cca 533 override = false;
9f888160 534 inc_opt |= ifp->idev->cnf.force_tllao;
e1ec7842
YH		 535 in6_ifa_put(ifp);
536 } else {
191cd582 537 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
c346dca1 538 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
7cbca67c 539 &tmpaddr))
e1ec7842
YH		 540 return;
541 src_addr = &tmpaddr;
542 }
543
1cb3fe51 544 if (!dev->addr_len)
9a21ac94 545 inc_opt = false;
1cb3fe51 546 if (inc_opt)
f997c55c
AA		 547 optlen += ndisc_opt_addr_space(dev,
548 NDISC_NEIGHBOUR_ADVERTISEMENT);
e1ec7842 549
1cb3fe51 550 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
b44b5f4a
YH		 551 if (!skb)
552 return;
553
4df864c1 554 msg = skb_put(skb, sizeof(*msg));
1cb3fe51
YH		 555 *msg = (struct nd_msg) {
556 .icmph = {
557 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
558 .icmp6_router = router,
559 .icmp6_solicited = solicited,
560 .icmp6_override = override,
561 },
562 .target = *solicited_addr,
563 };
564
565 if (inc_opt)
566 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR,
f997c55c
AA		 567 dev->dev_addr,
568 NDISC_NEIGHBOUR_ADVERTISEMENT);
1cb3fe51 569
b44b5f4a 570 ndisc_send_skb(skb, daddr, src_addr);
e1ec7842
YH		 571}
572
f47b9464
BH		 573static void ndisc_send_unsol_na(struct net_device *dev)
574{
575 struct inet6_dev *idev;
576 struct inet6_ifaddr *ifa;
f47b9464
BH		 577
578 idev = in6_dev_get(dev);
579 if (!idev)
580 return;
581
582 read_lock_bh(&idev->lock);
583 list_for_each_entry(ifa, &idev->addr_list, if_list) {
c76fe2d9
DA		 584 /* skip tentative addresses until dad completes */
585 if (ifa->flags & IFA_F_TENTATIVE &&
586 !(ifa->flags & IFA_F_OPTIMISTIC))
587 continue;
588
38cf595b 589 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &ifa->addr,
f47b9464
BH		 590 /*router=*/ !!idev->cnf.forwarding,
591 /*solicited=*/ false, /*override=*/ true,
592 /*inc_opt=*/ true);
593 }
594 read_unlock_bh(&idev->lock);
595
596 in6_dev_put(idev);
597}
598
38cf595b 599void ndisc_send_ns(struct net_device *dev, const struct in6_addr *solicit,
adc176c5
EN		 600 const struct in6_addr *daddr, const struct in6_addr *saddr,
601 u64 nonce)
1da177e4 602{
b44b5f4a 603 struct sk_buff *skb;
1da177e4 604 struct in6_addr addr_buf;
1cb3fe51
YH		 605 int inc_opt = dev->addr_len;
606 int optlen = 0;
607 struct nd_msg *msg;
1da177e4 608
63159f29 609 if (!saddr) {
95c385b4
NH		 610 if (ipv6_get_lladdr(dev, &addr_buf,
611 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
1da177e4
LT		 612 return;
613 saddr = &addr_buf;
614 }
615
1cb3fe51 616 if (ipv6_addr_any(saddr))
f2f79cca 617 inc_opt = false;
1cb3fe51 618 if (inc_opt)
f997c55c
AA		 619 optlen += ndisc_opt_addr_space(dev,
620 NDISC_NEIGHBOUR_SOLICITATION);
adc176c5
EN		 621 if (nonce != 0)
622 optlen += 8;
1cb3fe51
YH		 623
624 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
b44b5f4a
YH		 625 if (!skb)
626 return;
627
4df864c1 628 msg = skb_put(skb, sizeof(*msg));
1cb3fe51
YH		 629 *msg = (struct nd_msg) {
630 .icmph = {
631 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
632 },
633 .target = *solicit,
634 };
635
636 if (inc_opt)
637 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
f997c55c
AA		 638 dev->dev_addr,
639 NDISC_NEIGHBOUR_SOLICITATION);
adc176c5
EN		 640 if (nonce != 0) {
641 u8 *opt = skb_put(skb, 8);
642
643 opt[0] = ND_OPT_NONCE;
644 opt[1] = 8 >> 3;
645 memcpy(opt + 2, &nonce, 6);
646 }
1cb3fe51 647
b44b5f4a 648 ndisc_send_skb(skb, daddr, saddr);
1da177e4
LT		 649}
650
9acd9f3a
YH		 651void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
652 const struct in6_addr *daddr)
1da177e4 653{
b44b5f4a 654 struct sk_buff *skb;
1cb3fe51 655 struct rs_msg *msg;
95c385b4 656 int send_sllao = dev->addr_len;
1cb3fe51 657 int optlen = 0;
95c385b4
NH		 658
659#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
660 /*
661 * According to section 2.2 of RFC 4429, we must not
662 * send router solicitations with a sllao from
663 * optimistic addresses, but we may send the solicitation
664 * if we don't include the sllao. So here we check
665 * if our address is optimistic, and if so, we
bea85195 666 * suppress the inclusion of the sllao.
95c385b4
NH		 667 */
668 if (send_sllao) {
c346dca1 669 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
1cab3da6 670 dev, 1);
95c385b4
NH		 671 if (ifp) {
672 if (ifp->flags & IFA_F_OPTIMISTIC) {
ca043569 673 send_sllao = 0;
95c385b4 674 }
ca043569 675 in6_ifa_put(ifp);
95c385b4
NH		 676 } else {
677 send_sllao = 0;
678 }
679 }
680#endif
1cb3fe51 681 if (send_sllao)
f997c55c 682 optlen += ndisc_opt_addr_space(dev, NDISC_ROUTER_SOLICITATION);
1cb3fe51
YH		 683
684 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
b44b5f4a
YH		 685 if (!skb)
686 return;
687
4df864c1 688 msg = skb_put(skb, sizeof(*msg));
1cb3fe51
YH		 689 *msg = (struct rs_msg) {
690 .icmph = {
691 .icmp6_type = NDISC_ROUTER_SOLICITATION,
692 },
693 };
694
695 if (send_sllao)
696 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
f997c55c
AA		 697 dev->dev_addr,
698 NDISC_ROUTER_SOLICITATION);
1cb3fe51 699
b44b5f4a 700 ndisc_send_skb(skb, daddr, saddr);
1da177e4 701}
1ab1457c 702
1da177e4
LT		 703
704static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
705{
706 /*
707 * "The sender MUST return an ICMP
708 * destination unreachable"
709 */
710 dst_link_failure(skb);
711 kfree_skb(skb);
712}
713
714/* Called with locked neigh: either read or both */
715
716static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
717{
718 struct in6_addr *saddr = NULL;
719 struct in6_addr mcaddr;
720 struct net_device *dev = neigh->dev;
721 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
722 int probes = atomic_read(&neigh->probes);
723
c58da4c6 724 if (skb && ipv6_chk_addr_and_flags(dev_net(dev), &ipv6_hdr(skb)->saddr,
232378e8 725 dev, false, 1,
c58da4c6 726 IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))
0660e03f 727 saddr = &ipv6_hdr(skb)->saddr;
e5d08d71
IM		 728 probes -= NEIGH_VAR(neigh->parms, UCAST_PROBES);
729 if (probes < 0) {
1da177e4 730 if (!(neigh->nud_state & NUD_VALID)) {
675418d5
JP		 731 ND_PRINTK(1, dbg,
732 "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
733 __func__, target);
1da177e4 734 }
adc176c5 735 ndisc_send_ns(dev, target, target, saddr, 0);
1f9248e5 736 } else if ((probes -= NEIGH_VAR(neigh->parms, APP_PROBES)) < 0) {
1da177e4 737 neigh_app_ns(neigh);
1da177e4
LT		 738 } else {
739 addrconf_addr_solict_mult(target, &mcaddr);
adc176c5 740 ndisc_send_ns(dev, target, &mcaddr, saddr, 0);
1da177e4
LT		 741 }
742}
743
0736ffc0
YH		 744static int pndisc_is_router(const void *pkey,
745 struct net_device *dev)
fa86d322
PE		 746{
747 struct pneigh_entry *n;
0736ffc0 748 int ret = -1;
fa86d322
PE		 749
750 read_lock_bh(&nd_tbl.lock);
0736ffc0
YH		 751 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
752 if (n)
753 ret = !!(n->flags & NTF_ROUTER);
fa86d322
PE		 754 read_unlock_bh(&nd_tbl.lock);
755
0736ffc0 756 return ret;
fa86d322
PE		 757}
758
f997c55c
AA		 759void ndisc_update(const struct net_device *dev, struct neighbour *neigh,
760 const u8 *lladdr, u8 new, u32 flags, u8 icmp6_type,
761 struct ndisc_options *ndopts)
762{
7b8f7a40 763 neigh_update(neigh, lladdr, new, flags, 0);
f997c55c
AA		 764 /* report ndisc ops about neighbour update */
765 ndisc_ops_update(dev, neigh, flags, icmp6_type, ndopts);
766}
767
1da177e4
LT		 768static void ndisc_recv_ns(struct sk_buff *skb)
769{
9c70220b 770 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
b71d1d42
ED		 771 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
772 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
1da177e4 773 u8 *lladdr = NULL;
29a3cad5 774 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
27a884dc 775 offsetof(struct nd_msg, opt));
1da177e4
LT		 776 struct ndisc_options ndopts;
777 struct net_device *dev = skb->dev;
778 struct inet6_ifaddr *ifp;
779 struct inet6_dev *idev = NULL;
780 struct neighbour *neigh;
781 int dad = ipv6_addr_any(saddr);
a50feda5 782 bool inc;
0736ffc0 783 int is_router = -1;
adc176c5 784 u64 nonce = 0;
1da177e4 785
115b0aa6
YH		 786 if (skb->len < sizeof(struct nd_msg)) {
787 ND_PRINTK(2, warn, "NS: packet too short\n");
788 return;
789 }
790
1da177e4 791 if (ipv6_addr_is_multicast(&msg->target)) {
675418d5 792 ND_PRINTK(2, warn, "NS: multicast target address\n");
1da177e4
LT		 793 return;
794 }
795
796 /*
797 * RFC2461 7.1.1:
798 * DAD has to be destined for solicited node multicast address.
799 */
ca97a644 800 if (dad && !ipv6_addr_is_solict_mult(daddr)) {
675418d5 801 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
1da177e4
LT		 802 return;
803 }
804
f997c55c 805 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
675418d5 806 ND_PRINTK(2, warn, "NS: invalid ND options\n");
1da177e4
LT		 807 return;
808 }
809
810 if (ndopts.nd_opts_src_lladdr) {
811 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
812 if (!lladdr) {
675418d5
JP		 813 ND_PRINTK(2, warn,
814 "NS: invalid link-layer address length\n");
1da177e4
LT		 815 return;
816 }
817
818 /* RFC2461 7.1.1:
1ab1457c
YH		 819 * If the IP source address is the unspecified address,
820 * there MUST NOT be source link-layer address option
1da177e4
LT		 821 * in the message.
822 */
823 if (dad) {
675418d5
JP		 824 ND_PRINTK(2, warn,
825 "NS: bad DAD packet (link-layer address option)\n");
1da177e4
LT		 826 return;
827 }
828 }
e6651599 829 if (ndopts.nd_opts_nonce && ndopts.nd_opts_nonce->nd_opt_len == 1)
adc176c5 830 memcpy(&nonce, (u8 *)(ndopts.nd_opts_nonce + 1), 6);
1da177e4
LT		 831
832 inc = ipv6_addr_is_multicast(daddr);
833
c346dca1 834 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
a18bc695 835 if (ifp) {
ca254490 836have_ifp:
95c385b4
NH		 837 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
838 if (dad) {
adc176c5
EN		 839 if (nonce != 0 && ifp->dad_nonce == nonce) {
840 u8 *np = (u8 *)&nonce;
841 /* Matching nonce if looped back */
842 ND_PRINTK(2, notice,
843 "%s: IPv6 DAD loopback for address %pI6c nonce %pM ignored\n",
844 ifp->idev->dev->name,
845 &ifp->addr, np);
846 goto out;
847 }
95c385b4
NH		 848 /*
849 * We are colliding with another node
850 * who is doing DAD
851 * so fail our DAD process
852 */
da13c59b 853 addrconf_dad_failure(skb, ifp);
9e3be4b3 854 return;
95c385b4
NH		 855 } else {
856 /*
857 * This is not a dad solicitation.
858 * If we are an optimistic node,
859 * we should respond.
860 * Otherwise, we should ignore it.
861 */
862 if (!(ifp->flags & IFA_F_OPTIMISTIC))
1da177e4 863 goto out;
1da177e4 864 }
1da177e4
LT		 865 }
866
867 idev = ifp->idev;
868 } else {
53b7997f
YH		 869 struct net *net = dev_net(dev);
870
ca254490
DA		 871 /* perhaps an address on the master device */
872 if (netif_is_l3_slave(dev)) {
873 struct net_device *mdev;
874
875 mdev = netdev_master_upper_dev_get_rcu(dev);
876 if (mdev) {
877 ifp = ipv6_get_ifaddr(net, &msg->target, mdev, 1);
878 if (ifp)
879 goto have_ifp;
880 }
881 }
882
1da177e4
LT		 883 idev = in6_dev_get(dev);
884 if (!idev) {
885 /* XXX: count this drop? */
886 return;
887 }
888
53b7997f 889 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
1ab1457c 890 (idev->cnf.forwarding &&
53b7997f 891 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
0736ffc0 892 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
a61bbcf2 893 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
1da177e4 894 skb->pkt_type != PACKET_HOST &&
f2f79cca 895 inc &&
1f9248e5 896 NEIGH_VAR(idev->nd_parms, PROXY_DELAY) != 0) {
1da177e4
LT		 897 /*
898 * for anycast or proxy,
1ab1457c
YH		 899 * sender should delay its response
900 * by a random time between 0 and
1da177e4
LT		 901 * MAX_ANYCAST_DELAY_TIME seconds.
902 * (RFC2461) -- yoshfuji
903 */
904 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
905 if (n)
906 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
907 goto out;
908 }
909 } else
910 goto out;
911 }
912
0736ffc0 913 if (is_router < 0)
fb568637 914 is_router = idev->cnf.forwarding;
62dd9318 915
1da177e4 916 if (dad) {
38cf595b 917 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &msg->target,
fb568637 918 !!is_router, false, (ifp != NULL), true);
1da177e4
LT		 919 goto out;
920 }
921
922 if (inc)
923 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
924 else
925 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
926
1ab1457c 927 /*
1da177e4
LT		 928 * update / create cache entry
929 * for the source address
930 */
931 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
932 !inc || lladdr || !dev->addr_len);
933 if (neigh)
f997c55c 934 ndisc_update(dev, neigh, lladdr, NUD_STALE,
1da177e4 935 NEIGH_UPDATE_F_WEAK_OVERRIDE|
f997c55c
AA		 936 NEIGH_UPDATE_F_OVERRIDE,
937 NDISC_NEIGHBOUR_SOLICITATION, &ndopts);
3b04ddde 938 if (neigh || !dev->header_ops) {
38cf595b 939 ndisc_send_na(dev, saddr, &msg->target, !!is_router,
fb568637 940 true, (ifp != NULL && inc), inc);
1da177e4
LT		 941 if (neigh)
942 neigh_release(neigh);
943 }
944
945out:
946 if (ifp)
947 in6_ifa_put(ifp);
948 else
949 in6_dev_put(idev);
1da177e4
LT		 950}
951
952static void ndisc_recv_na(struct sk_buff *skb)
953{
9c70220b 954 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
be7a010d 955 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
b71d1d42 956 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
1da177e4 957 u8 *lladdr = NULL;
29a3cad5 958 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
27a884dc 959 offsetof(struct nd_msg, opt));
1da177e4
LT		 960 struct ndisc_options ndopts;
961 struct net_device *dev = skb->dev;
7a02bf89 962 struct inet6_dev *idev = __in6_dev_get(dev);
1da177e4
LT		 963 struct inet6_ifaddr *ifp;
964 struct neighbour *neigh;
965
966 if (skb->len < sizeof(struct nd_msg)) {
675418d5 967 ND_PRINTK(2, warn, "NA: packet too short\n");
1da177e4
LT		 968 return;
969 }
970
971 if (ipv6_addr_is_multicast(&msg->target)) {
675418d5 972 ND_PRINTK(2, warn, "NA: target address is multicast\n");
1da177e4
LT		 973 return;
974 }
975
976 if (ipv6_addr_is_multicast(daddr) &&
977 msg->icmph.icmp6_solicited) {
675418d5 978 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
1da177e4
LT		 979 return;
980 }
1ab1457c 981
7a02bf89
JB		 982 /* For some 802.11 wireless deployments (and possibly other networks),
983 * there will be a NA proxy and unsolicitd packets are attacks
984 * and thus should not be accepted.
985 */
986 if (!msg->icmph.icmp6_solicited && idev &&
987 idev->cnf.drop_unsolicited_na)
988 return;
989
f997c55c 990 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
675418d5 991 ND_PRINTK(2, warn, "NS: invalid ND option\n");
1da177e4
LT		 992 return;
993 }
994 if (ndopts.nd_opts_tgt_lladdr) {
995 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
996 if (!lladdr) {
675418d5
JP		 997 ND_PRINTK(2, warn,
998 "NA: invalid link-layer address length\n");
1da177e4
LT		 999 return;
1000 }
1001 }
c346dca1 1002 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
a18bc695 1003 if (ifp) {
bd015928
DW		 1004 if (skb->pkt_type != PACKET_LOOPBACK
1005 && (ifp->flags & IFA_F_TENTATIVE)) {
da13c59b 1006 addrconf_dad_failure(skb, ifp);
bd015928 1007 return;
1da177e4
LT		 1008 }
1009 /* What should we make now? The advertisement
1010 is invalid, but ndisc specs say nothing
1011 about it. It could be misconfiguration, or
1012 an smart proxy agent tries to help us :-)
24fc7b86
JS		 1013
1014 We should not print the error if NA has been
1015 received from loopback - it is just our own
1016 unsolicited advertisement.
1da177e4 1017 */
24fc7b86 1018 if (skb->pkt_type != PACKET_LOOPBACK)
675418d5 1019 ND_PRINTK(1, warn,
da13c59b
VP		 1020 "NA: %pM advertised our address %pI6c on %s!\n",
1021 eth_hdr(skb)->h_source, &ifp->addr, ifp->idev->dev->name);
1da177e4
LT		 1022 in6_ifa_put(ifp);
1023 return;
1024 }
1025 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
1026
1027 if (neigh) {
1028 u8 old_flags = neigh->flags;
53b7997f 1029 struct net *net = dev_net(dev);
1da177e4
LT		 1030
1031 if (neigh->nud_state & NUD_FAILED)
1032 goto out;
1033
5f3e6e9e
VN		 1034 /*
1035 * Don't update the neighbor cache entry on a proxy NA from
1036 * ourselves because either the proxied node is off link or it
1037 * has already sent a NA to us.
1038 */
1039 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
53b7997f
YH		 1040 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
1041 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
b20b6d97 1042 /* XXX: idev->cnf.proxy_ndp */
5f3e6e9e 1043 goto out;
fbea49e1 1044 }
5f3e6e9e 1045
f997c55c 1046 ndisc_update(dev, neigh, lladdr,
1da177e4
LT		 1047 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
1048 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1049 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
1050 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
f997c55c
AA		 1051 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0),
1052 NDISC_NEIGHBOUR_ADVERTISEMENT, &ndopts);
1da177e4
LT		 1053
1054 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
1055 /*
1056 * Change: router to host
1057 */
be7a010d 1058 rt6_clean_tohost(dev_net(dev), saddr);
1da177e4
LT		 1059 }
1060
1061out:
1062 neigh_release(neigh);
1063 }
1064}
1065
1066static void ndisc_recv_rs(struct sk_buff *skb)
1067{
9c70220b 1068 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
1da177e4
LT		 1069 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
1070 struct neighbour *neigh;
1071 struct inet6_dev *idev;
b71d1d42 1072 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
1da177e4
LT		 1073 struct ndisc_options ndopts;
1074 u8 *lladdr = NULL;
1075
1076 if (skb->len < sizeof(*rs_msg))
1077 return;
1078
cfdf7647 1079 idev = __in6_dev_get(skb->dev);
1da177e4 1080 if (!idev) {
675418d5 1081 ND_PRINTK(1, err, "RS: can't find in6 device\n");
1da177e4
LT		 1082 return;
1083 }
1084
1085 /* Don't accept RS if we're not in router mode */
1086 if (!idev->cnf.forwarding)
1087 goto out;
1088
1089 /*
1090 * Don't update NCE if src = ::;
1091 * this implies that the source node has no ip address assigned yet.
1092 */
1093 if (ipv6_addr_any(saddr))
1094 goto out;
1095
1096 /* Parse ND options */
f997c55c 1097 if (!ndisc_parse_options(skb->dev, rs_msg->opt, ndoptlen, &ndopts)) {
675418d5 1098 ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n");
1da177e4
LT		 1099 goto out;
1100 }
1101
1102 if (ndopts.nd_opts_src_lladdr) {
1103 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1104 skb->dev);
1105 if (!lladdr)
1106 goto out;
1107 }
1108
1109 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1110 if (neigh) {
f997c55c 1111 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1da177e4
LT		 1112 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1113 NEIGH_UPDATE_F_OVERRIDE|
f997c55c
AA		 1114 NEIGH_UPDATE_F_OVERRIDE_ISROUTER,
1115 NDISC_ROUTER_SOLICITATION, &ndopts);
1da177e4
LT		 1116 neigh_release(neigh);
1117 }
1118out:
cfdf7647 1119 return;
1da177e4
LT		 1120}
1121
31910575
PY		 1122static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1123{
1124 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1125 struct sk_buff *skb;
1126 struct nlmsghdr *nlh;
1127 struct nduseroptmsg *ndmsg;
c346dca1 1128 struct net *net = dev_net(ra->dev);
31910575
PY		 1129 int err;
1130 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1131 + (opt->nd_opt_len << 3));
1132 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1133
1134 skb = nlmsg_new(msg_size, GFP_ATOMIC);
63159f29 1135 if (!skb) {
31910575
PY		 1136 err = -ENOBUFS;
1137 goto errout;
1138 }
1139
1140 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
63159f29 1141 if (!nlh) {
31910575
PY		 1142 goto nla_put_failure;
1143 }
1144
1145 ndmsg = nlmsg_data(nlh);
1146 ndmsg->nduseropt_family = AF_INET6;
dbb2ed24 1147 ndmsg->nduseropt_ifindex = ra->dev->ifindex;
31910575
PY		 1148 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1149 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1150 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1151
1152 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1153
930345ea 1154 if (nla_put_in6_addr(skb, NDUSEROPT_SRCADDR, &ipv6_hdr(ra)->saddr))
c78679e8 1155 goto nla_put_failure;
31910575
PY		 1156 nlmsg_end(skb, nlh);
1157
1ce85fe4 1158 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
31910575
PY		 1159 return;
1160
1161nla_put_failure:
1162 nlmsg_free(skb);
1163 err = -EMSGSIZE;
1164errout:
a18bc695 1165 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
31910575
PY		 1166}
1167
1da177e4
LT		 1168static void ndisc_router_discovery(struct sk_buff *skb)
1169{
9c70220b 1170 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1da177e4
LT		 1171 struct neighbour *neigh = NULL;
1172 struct inet6_dev *in6_dev;
8d1c802b 1173 struct fib6_info *rt = NULL;
afb1d4b5 1174 struct net *net;
1da177e4
LT		 1175 int lifetime;
1176 struct ndisc_options ndopts;
1177 int optlen;
ebacaaa0 1178 unsigned int pref = 0;
a394eef5 1179 __u32 old_if_flags;
2053aeb6 1180 bool send_ifinfo_notify = false;
1da177e4 1181
67ba4152 1182 __u8 *opt = (__u8 *)(ra_msg + 1);
1da177e4 1183
29a3cad5
SH		 1184 optlen = (skb_tail_pointer(skb) - skb_transport_header(skb)) -
1185 sizeof(struct ra_msg);
1da177e4 1186
f2a762d8
BG		 1187 ND_PRINTK(2, info,
1188 "RA: %s, dev: %s\n",
1189 __func__, skb->dev->name);
0660e03f 1190 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
675418d5 1191 ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1da177e4
LT		 1192 return;
1193 }
1194 if (optlen < 0) {
675418d5 1195 ND_PRINTK(2, warn, "RA: packet too short\n");
1da177e4
LT		 1196 return;
1197 }
1198
de357cc0 1199#ifdef CONFIG_IPV6_NDISC_NODETYPE
fadf6bf0 1200 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
675418d5 1201 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
fadf6bf0
TF		 1202 return;
1203 }
de357cc0 1204#endif
fadf6bf0 1205
1da177e4
LT		 1206 /*
1207 * set the RA_RECV flag in the interface
1208 */
1209
cfdf7647 1210 in6_dev = __in6_dev_get(skb->dev);
63159f29 1211 if (!in6_dev) {
675418d5
JP		 1212 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1213 skb->dev->name);
1da177e4
LT		 1214 return;
1215 }
1da177e4 1216
f997c55c 1217 if (!ndisc_parse_options(skb->dev, opt, optlen, &ndopts)) {
675418d5 1218 ND_PRINTK(2, warn, "RA: invalid ND options\n");
1da177e4
LT		 1219 return;
1220 }
1221
f2a762d8
BG		 1222 if (!ipv6_accept_ra(in6_dev)) {
1223 ND_PRINTK(2, info,
1224 "RA: %s, did not accept ra for dev: %s\n",
1225 __func__, skb->dev->name);
31ce8c71 1226 goto skip_linkparms;
f2a762d8 1227 }
31ce8c71 1228
de357cc0 1229#ifdef CONFIG_IPV6_NDISC_NODETYPE
fadf6bf0 1230 /* skip link-specific parameters from interior routers */
f2a762d8
BG		 1231 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1232 ND_PRINTK(2, info,
1233 "RA: %s, nodetype is NODEFAULT, dev: %s\n",
1234 __func__, skb->dev->name);
fadf6bf0 1235 goto skip_linkparms;
f2a762d8 1236 }
de357cc0 1237#endif
fadf6bf0 1238
1da177e4
LT		 1239 if (in6_dev->if_flags & IF_RS_SENT) {
1240 /*
1241 * flag that an RA was received after an RS was sent
1242 * out on this interface.
1243 */
1244 in6_dev->if_flags |= IF_RA_RCVD;
1245 }
1246
1247 /*
1248 * Remember the managed/otherconf flags from most recently
1249 * received RA message (RFC 2462) -- yoshfuji
1250 */
a394eef5 1251 old_if_flags = in6_dev->if_flags;
1da177e4
LT		 1252 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1253 IF_RA_OTHERCONF)) |
1254 (ra_msg->icmph.icmp6_addrconf_managed ?
1255 IF_RA_MANAGED : 0) |
1256 (ra_msg->icmph.icmp6_addrconf_other ?
1257 IF_RA_OTHERCONF : 0);
1258
a394eef5 1259 if (old_if_flags != in6_dev->if_flags)
2053aeb6 1260 send_ifinfo_notify = true;
a394eef5 1261
f2a762d8
BG		 1262 if (!in6_dev->cnf.accept_ra_defrtr) {
1263 ND_PRINTK(2, info,
1264 "RA: %s, defrtr is false for dev: %s\n",
1265 __func__, skb->dev->name);
65f5c7c1 1266 goto skip_defrtr;
f2a762d8 1267 }
65f5c7c1 1268
d9333196
BG		 1269 /* Do not accept RA with source-addr found on local machine unless
1270 * accept_ra_from_local is set to true.
1271 */
afb1d4b5 1272 net = dev_net(in6_dev->dev);
b6428817 1273 if (!in6_dev->cnf.accept_ra_from_local &&
afb1d4b5 1274 ipv6_chk_addr(net, &ipv6_hdr(skb)->saddr, in6_dev->dev, 0)) {
f2a762d8 1275 ND_PRINTK(2, info,
d9333196
BG		 1276 "RA from local address detected on dev: %s: default router ignored\n",
1277 skb->dev->name);
9f56220f 1278 goto skip_defrtr;
f2a762d8 1279 }
9f56220f 1280
1da177e4
LT		 1281 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1282
ebacaaa0
YH		 1283#ifdef CONFIG_IPV6_ROUTER_PREF
1284 pref = ra_msg->icmph.icmp6_router_pref;
1285 /* 10b is handled as if it were 00b (medium) */
930d6ff2 1286 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
6d5b78cd 1287 !in6_dev->cnf.accept_ra_rtr_pref)
ebacaaa0
YH		 1288 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1289#endif
f88d8ea6 1290 /* routes added from RAs do not use nexthop objects */
afb1d4b5 1291 rt = rt6_get_dflt_router(net, &ipv6_hdr(skb)->saddr, skb->dev);
eb857186 1292 if (rt) {
1cf844c7
DA		 1293 neigh = ip6_neigh_lookup(&rt->fib6_nh->fib_nh_gw6,
1294 rt->fib6_nh->fib_nh_dev, NULL,
f8a1b43b 1295 &ipv6_hdr(skb)->saddr);
eb857186 1296 if (!neigh) {
675418d5
JP		 1297 ND_PRINTK(0, err,
1298 "RA: %s got default router without neighbour\n",
1299 __func__);
93531c67 1300 fib6_info_release(rt);
eb857186
DM		 1301 return;
1302 }
1303 }
1da177e4 1304 if (rt && lifetime == 0) {
11dd74b3 1305 ip6_del_rt(net, rt, false);
1da177e4
LT		 1306 rt = NULL;
1307 }
1308
f2a762d8
BG		 1309 ND_PRINTK(3, info, "RA: rt: %p lifetime: %d, for dev: %s\n",
1310 rt, lifetime, skb->dev->name);
63159f29 1311 if (!rt && lifetime) {
f2a762d8 1312 ND_PRINTK(3, info, "RA: adding default router\n");
1da177e4 1313
afb1d4b5
DA		 1314 rt = rt6_add_dflt_router(net, &ipv6_hdr(skb)->saddr,
1315 skb->dev, pref);
63159f29 1316 if (!rt) {
675418d5
JP		 1317 ND_PRINTK(0, err,
1318 "RA: %s failed to add default route\n",
1319 __func__);
1da177e4
LT		 1320 return;
1321 }
1322
1cf844c7
DA		 1323 neigh = ip6_neigh_lookup(&rt->fib6_nh->fib_nh_gw6,
1324 rt->fib6_nh->fib_nh_dev, NULL,
f8a1b43b 1325 &ipv6_hdr(skb)->saddr);
63159f29 1326 if (!neigh) {
675418d5
JP		 1327 ND_PRINTK(0, err,
1328 "RA: %s got default router without neighbour\n",
1329 __func__);
93531c67 1330 fib6_info_release(rt);
1da177e4
LT		 1331 return;
1332 }
1333 neigh->flags |= NTF_ROUTER;
ebacaaa0 1334 } else if (rt) {
93c2fb25 1335 rt->fib6_flags = (rt->fib6_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1da177e4
LT		 1336 }
1337
1338 if (rt)
14895687 1339 fib6_set_expires(rt, jiffies + (HZ * lifetime));
8013d1d7
HL		 1340 if (in6_dev->cnf.accept_ra_min_hop_limit < 256 &&
1341 ra_msg->icmph.icmp6_hop_limit) {
1342 if (in6_dev->cnf.accept_ra_min_hop_limit <= ra_msg->icmph.icmp6_hop_limit) {
6fd99094 1343 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
d4ead6b3
DA		 1344 fib6_metric_set(rt, RTAX_HOPLIMIT,
1345 ra_msg->icmph.icmp6_hop_limit);
6fd99094 1346 } else {
8013d1d7 1347 ND_PRINTK(2, warn, "RA: Got route advertisement with lower hop_limit than minimum\n");
6fd99094 1348 }
1da177e4
LT		 1349 }
1350
65f5c7c1
YH		 1351skip_defrtr:
1352
1da177e4
LT		 1353 /*
1354 * Update Reachable Time and Retrans Timer
1355 */
1356
1357 if (in6_dev->nd_parms) {
1358 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1359
1360 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1361 rtime = (rtime*HZ)/1000;
19e16d22
HL		 1362 if (rtime < HZ/100)
1363 rtime = HZ/100;
1f9248e5 1364 NEIGH_VAR_SET(in6_dev->nd_parms, RETRANS_TIME, rtime);
1da177e4 1365 in6_dev->tstamp = jiffies;
2053aeb6 1366 send_ifinfo_notify = true;
1da177e4
LT		 1367 }
1368
1369 rtime = ntohl(ra_msg->reachable_time);
1370 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1371 rtime = (rtime*HZ)/1000;
1372
1373 if (rtime < HZ/10)
1374 rtime = HZ/10;
1375
1f9248e5
JP		 1376 if (rtime != NEIGH_VAR(in6_dev->nd_parms, BASE_REACHABLE_TIME)) {
1377 NEIGH_VAR_SET(in6_dev->nd_parms,
1378 BASE_REACHABLE_TIME, rtime);
1379 NEIGH_VAR_SET(in6_dev->nd_parms,
1380 GC_STALETIME, 3 * rtime);
1da177e4
LT		 1381 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1382 in6_dev->tstamp = jiffies;
2053aeb6 1383 send_ifinfo_notify = true;
1da177e4
LT		 1384 }
1385 }
1386 }
1387
2053aeb6
MT		 1388 /*
1389 * Send a notify if RA changed managed/otherconf flags or timer settings
1390 */
1391 if (send_ifinfo_notify)
1392 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1393
fadf6bf0
TF		 1394skip_linkparms:
1395
1da177e4
LT		 1396 /*
1397 * Process options.
1398 */
1399
1400 if (!neigh)
0660e03f 1401 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1da177e4
LT		 1402 skb->dev, 1);
1403 if (neigh) {
1404 u8 *lladdr = NULL;
1405 if (ndopts.nd_opts_src_lladdr) {
1406 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1407 skb->dev);
1408 if (!lladdr) {
675418d5
JP		 1409 ND_PRINTK(2, warn,
1410 "RA: invalid link-layer address length\n");
1da177e4
LT		 1411 goto out;
1412 }
1413 }
f997c55c 1414 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1da177e4
LT		 1415 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1416 NEIGH_UPDATE_F_OVERRIDE|
1417 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
f997c55c
AA		 1418 NEIGH_UPDATE_F_ISROUTER,
1419 NDISC_ROUTER_ADVERTISEMENT, &ndopts);
1da177e4
LT		 1420 }
1421
f2a762d8
BG		 1422 if (!ipv6_accept_ra(in6_dev)) {
1423 ND_PRINTK(2, info,
1424 "RA: %s, accept_ra is false for dev: %s\n",
1425 __func__, skb->dev->name);
31ce8c71 1426 goto out;
f2a762d8 1427 }
31ce8c71 1428
70ceb4f5 1429#ifdef CONFIG_IPV6_ROUTE_INFO
b6428817
LR		 1430 if (!in6_dev->cnf.accept_ra_from_local &&
1431 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
c1a9a291 1432 in6_dev->dev, 0)) {
f2a762d8 1433 ND_PRINTK(2, info,
d9333196
BG		 1434 "RA from local address detected on dev: %s: router info ignored.\n",
1435 skb->dev->name);
9f56220f 1436 goto skip_routeinfo;
f2a762d8 1437 }
9f56220f 1438
09c884d4 1439 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
70ceb4f5
YH		 1440 struct nd_opt_hdr *p;
1441 for (p = ndopts.nd_opts_ri;
1442 p;
1443 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
6294e000
YH		 1444 struct route_info *ri = (struct route_info *)p;
1445#ifdef CONFIG_IPV6_NDISC_NODETYPE
1446 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1447 ri->prefix_len == 0)
1448 continue;
1449#endif
30e56918
DJ		 1450 if (ri->prefix_len == 0 &&
1451 !in6_dev->cnf.accept_ra_defrtr)
1452 continue;
bbea124b
JS		 1453 if (ri->prefix_len < in6_dev->cnf.accept_ra_rt_info_min_plen)
1454 continue;
6294e000 1455 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
09c884d4 1456 continue;
67ba4152 1457 rt6_route_rcv(skb->dev, (u8 *)p, (p->nd_opt_len) << 3,
0660e03f 1458 &ipv6_hdr(skb)->saddr);
70ceb4f5
YH		 1459 }
1460 }
9f56220f
AH		 1461
1462skip_routeinfo:
70ceb4f5
YH		 1463#endif
1464
de357cc0 1465#ifdef CONFIG_IPV6_NDISC_NODETYPE
fadf6bf0 1466 /* skip link-specific ndopts from interior routers */
f2a762d8
BG		 1467 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1468 ND_PRINTK(2, info,
1469 "RA: %s, nodetype is NODEFAULT (interior routes), dev: %s\n",
1470 __func__, skb->dev->name);
fadf6bf0 1471 goto out;
f2a762d8 1472 }
de357cc0 1473#endif
fadf6bf0 1474
c4fd30eb 1475 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1da177e4
LT		 1476 struct nd_opt_hdr *p;
1477 for (p = ndopts.nd_opts_pi;
1478 p;
1479 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
e6bff995
NH		 1480 addrconf_prefix_rcv(skb->dev, (u8 *)p,
1481 (p->nd_opt_len) << 3,
1482 ndopts.nd_opts_src_lladdr != NULL);
1da177e4
LT		 1483 }
1484 }
1485
c2943f14 1486 if (ndopts.nd_opts_mtu && in6_dev->cnf.accept_ra_mtu) {
e69a4adc 1487 __be32 n;
1da177e4
LT		 1488 u32 mtu;
1489
67ba4152 1490 memcpy(&n, ((u8 *)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
e69a4adc 1491 mtu = ntohl(n);
1da177e4
LT		 1492
1493 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
675418d5 1494 ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1da177e4
LT		 1495 } else if (in6_dev->cnf.mtu6 != mtu) {
1496 in6_dev->cnf.mtu6 = mtu;
d4ead6b3 1497 fib6_metric_set(rt, RTAX_MTU, mtu);
1da177e4
LT		 1498 rt6_mtu_change(skb->dev, mtu);
1499 }
1500 }
1ab1457c 1501
31910575 1502 if (ndopts.nd_useropts) {
61cf46ad
YH		 1503 struct nd_opt_hdr *p;
1504 for (p = ndopts.nd_useropts;
1505 p;
f997c55c
AA		 1506 p = ndisc_next_useropt(skb->dev, p,
1507 ndopts.nd_useropts_end)) {
61cf46ad 1508 ndisc_ra_useropt(skb, p);
31910575
PY		 1509 }
1510 }
1511
1da177e4 1512 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
675418d5 1513 ND_PRINTK(2, warn, "RA: invalid RA options\n");
1da177e4
LT		 1514 }
1515out:
93531c67 1516 fib6_info_release(rt);
eb857186 1517 if (neigh)
1da177e4 1518 neigh_release(neigh);
1da177e4
LT		 1519}
1520
1521static void ndisc_redirect_rcv(struct sk_buff *skb)
1522{
093d04d4
DJ		 1523 u8 *hdr;
1524 struct ndisc_options ndopts;
1525 struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb);
29a3cad5 1526 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
093d04d4
DJ		 1527 offsetof(struct rd_msg, opt));
1528
de357cc0 1529#ifdef CONFIG_IPV6_NDISC_NODETYPE
fadf6bf0
TF		 1530 switch (skb->ndisc_nodetype) {
1531 case NDISC_NODETYPE_HOST:
1532 case NDISC_NODETYPE_NODEFAULT:
675418d5
JP		 1533 ND_PRINTK(2, warn,
1534 "Redirect: from host or unauthorized router\n");
fadf6bf0
TF		 1535 return;
1536 }
de357cc0 1537#endif
fadf6bf0 1538
0660e03f 1539 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
675418d5
JP		 1540 ND_PRINTK(2, warn,
1541 "Redirect: source address is not link-local\n");
1da177e4
LT		 1542 return;
1543 }
1544
f997c55c 1545 if (!ndisc_parse_options(skb->dev, msg->opt, ndoptlen, &ndopts))
093d04d4
DJ		 1546 return;
1547
c92a59ec 1548 if (!ndopts.nd_opts_rh) {
b55b76b2 1549 ip6_redirect_no_header(skb, dev_net(skb->dev),
d456336d 1550 skb->dev->ifindex);
093d04d4 1551 return;
c92a59ec 1552 }
093d04d4
DJ		 1553
1554 hdr = (u8 *)ndopts.nd_opts_rh;
1555 hdr += 8;
1556 if (!pskb_pull(skb, hdr - skb_transport_header(skb)))
1557 return;
1558
b94f1c09 1559 icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1da177e4
LT		 1560}
1561
5f5a0115
YH		 1562static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb,
1563 struct sk_buff *orig_skb,
1564 int rd_len)
9c86dafe 1565{
5f5a0115
YH		 1566 u8 *opt = skb_put(skb, rd_len);
1567
9c86dafe
YH		 1568 memset(opt, 0, 8);
1569 *(opt++) = ND_OPT_REDIRECT_HDR;
1570 *(opt++) = (rd_len >> 3);
1571 opt += 6;
1572
9f62c15f
LB		 1573 skb_copy_bits(orig_skb, skb_network_offset(orig_skb), opt,
1574 rd_len - 8);
9c86dafe
YH		 1575}
1576
4991969a 1577void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1da177e4 1578{
1762f7e8 1579 struct net_device *dev = skb->dev;
c346dca1 1580 struct net *net = dev_net(dev);
1762f7e8 1581 struct sock *sk = net->ipv6.ndisc_sk;
2ce13576 1582 int optlen = 0;
fbfe95a4 1583 struct inet_peer *peer;
1da177e4 1584 struct sk_buff *buff;
71bcdba0 1585 struct rd_msg *msg;
1da177e4 1586 struct in6_addr saddr_buf;
1da177e4
LT		 1587 struct rt6_info *rt;
1588 struct dst_entry *dst;
4c9483b2 1589 struct flowi6 fl6;
1da177e4 1590 int rd_len;
f997c55c
AA		 1591 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL,
1592 ops_data_buf[NDISC_OPS_REDIRECT_DATA_SPACE], *ops_data = NULL;
1d861aa4 1593 bool ret;
1da177e4 1594
2f17becf
SS		 1595 if (netif_is_l3_master(skb->dev)) {
1596 dev = __dev_get_by_index(dev_net(skb->dev), IPCB(skb)->iif);
1597 if (!dev)
1598 return;
1599 }
1600
95c385b4 1601 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
675418d5
JP		 1602 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1603 dev->name);
1ab1457c
YH		 1604 return;
1605 }
1da177e4 1606
0660e03f 1607 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
bf0b48df 1608 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
675418d5
JP		 1609 ND_PRINTK(2, warn,
1610 "Redirect: target address is not link-local unicast\n");
29556526
LY		 1611 return;
1612 }
1613
4c9483b2 1614 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
e0d56fdd 1615 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1da177e4 1616
4c9483b2 1617 dst = ip6_route_output(net, NULL, &fl6);
5095d64d
RL		 1618 if (dst->error) {
1619 dst_release(dst);
1da177e4 1620 return;
5095d64d 1621 }
4c9483b2 1622 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
452edd59 1623 if (IS_ERR(dst))
1da177e4 1624 return;
1da177e4
LT		 1625
1626 rt = (struct rt6_info *) dst;
1627
1628 if (rt->rt6i_flags & RTF_GATEWAY) {
675418d5
JP		 1629 ND_PRINTK(2, warn,
1630 "Redirect: destination is not a neighbour\n");
d73f0801 1631 goto release;
1da177e4 1632 }
fd0273d7 1633 peer = inet_getpeer_v6(net->ipv6.peers, &ipv6_hdr(skb)->saddr, 1);
1d861aa4
DM		 1634 ret = inet_peer_xrlim_allow(peer, 1*HZ);
1635 if (peer)
1636 inet_putpeer(peer);
1637 if (!ret)
d73f0801 1638 goto release;
1da177e4
LT		 1639
1640 if (dev->addr_len) {
4991969a
DM		 1641 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1642 if (!neigh) {
675418d5
JP		 1643 ND_PRINTK(2, warn,
1644 "Redirect: no neigh for target address\n");
4991969a
DM		 1645 goto release;
1646 }
1647
1da177e4
LT		 1648 read_lock_bh(&neigh->lock);
1649 if (neigh->nud_state & NUD_VALID) {
1650 memcpy(ha_buf, neigh->ha, dev->addr_len);
1651 read_unlock_bh(&neigh->lock);
1652 ha = ha_buf;
f997c55c
AA		 1653 optlen += ndisc_redirect_opt_addr_space(dev, neigh,
1654 ops_data_buf,
1655 &ops_data);
1da177e4
LT		 1656 } else
1657 read_unlock_bh(&neigh->lock);
4991969a
DM		 1658
1659 neigh_release(neigh);
1da177e4
LT		 1660 }
1661
1662 rd_len = min_t(unsigned int,
2ce13576
YH		 1663 IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen,
1664 skb->len + 8);
1da177e4 1665 rd_len &= ~0x7;
2ce13576 1666 optlen += rd_len;
1da177e4 1667
2ce13576 1668 buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
de09334b 1669 if (!buff)
d73f0801 1670 goto release;
1da177e4 1671
4df864c1 1672 msg = skb_put(buff, sizeof(*msg));
4d5c152e
YH		 1673 *msg = (struct rd_msg) {
1674 .icmph = {
1675 .icmp6_type = NDISC_REDIRECT,
1676 },
1677 .target = *target,
1678 .dest = ipv6_hdr(skb)->daddr,
1679 };
1da177e4 1680
1da177e4
LT		 1681 /*
1682 * include target_address option
1683 */
1684
1685 if (ha)
f997c55c 1686 ndisc_fill_redirect_addr_option(buff, ha, ops_data);
1da177e4
LT		 1687
1688 /*
1689 * build redirect option and copy skb over to the new packet.
1690 */
1691
9c86dafe 1692 if (rd_len)
5f5a0115 1693 ndisc_fill_redirect_hdr_option(buff, skb, rd_len);
1da177e4 1694
adf30907 1695 skb_dst_set(buff, dst);
f4de84c6 1696 ndisc_send_skb(buff, &ipv6_hdr(skb)->saddr, &saddr_buf);
d73f0801
IJ		 1697 return;
1698
1699release:
1700 dst_release(dst);
1da177e4
LT		 1701}
1702
1703static void pndisc_redo(struct sk_buff *skb)
1704{
140e26fc 1705 ndisc_recv_ns(skb);
1da177e4
LT		 1706 kfree_skb(skb);
1707}
1708
b800c3b9
HFS		 1709static bool ndisc_suppress_frag_ndisc(struct sk_buff *skb)
1710{
1711 struct inet6_dev *idev = __in6_dev_get(skb->dev);
1712
1713 if (!idev)
1714 return true;
1715 if (IP6CB(skb)->flags & IP6SKB_FRAGMENTED &&
1716 idev->cnf.suppress_frag_ndisc) {
1717 net_warn_ratelimited("Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.\n");
1718 return true;
1719 }
1720 return false;
1721}
1722
1da177e4
LT		 1723int ndisc_rcv(struct sk_buff *skb)
1724{
1725 struct nd_msg *msg;
1726
b800c3b9
HFS		 1727 if (ndisc_suppress_frag_ndisc(skb))
1728 return 0;
1729
6bce6b4e 1730 if (skb_linearize(skb))
1da177e4
LT		 1731 return 0;
1732
9c70220b 1733 msg = (struct nd_msg *)skb_transport_header(skb);
1da177e4 1734
9c70220b 1735 __skb_push(skb, skb->data - skb_transport_header(skb));
1da177e4 1736
0660e03f 1737 if (ipv6_hdr(skb)->hop_limit != 255) {
675418d5
JP		 1738 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1739 ipv6_hdr(skb)->hop_limit);
1da177e4
LT		 1740 return 0;
1741 }
1742
1743 if (msg->icmph.icmp6_code != 0) {
675418d5
JP		 1744 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1745 msg->icmph.icmp6_code);
1da177e4
LT		 1746 return 0;
1747 }
1748
1749 switch (msg->icmph.icmp6_type) {
1750 case NDISC_NEIGHBOUR_SOLICITATION:
ee1abcf6 1751 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1da177e4
LT		 1752 ndisc_recv_ns(skb);
1753 break;
1754
1755 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1756 ndisc_recv_na(skb);
1757 break;
1758
1759 case NDISC_ROUTER_SOLICITATION:
1760 ndisc_recv_rs(skb);
1761 break;
1762
1763 case NDISC_ROUTER_ADVERTISEMENT:
1764 ndisc_router_discovery(skb);
1765 break;
1766
1767 case NDISC_REDIRECT:
1768 ndisc_redirect_rcv(skb);
1769 break;
3ff50b79 1770 }
1da177e4
LT		 1771
1772 return 0;
1773}
1774
1775static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1776{
351638e7 1777 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
c8507fb2 1778 struct netdev_notifier_change_info *change_info;
c346dca1 1779 struct net *net = dev_net(dev);
5cb04436 1780 struct inet6_dev *idev;
1da177e4
LT		 1781
1782 switch (event) {
1783 case NETDEV_CHANGEADDR:
1784 neigh_changeaddr(&nd_tbl, dev);
2ac3ac8f 1785 fib6_run_gc(0, net, false);
a8eceea8 1786 fallthrough;
4a6e3c5d 1787 case NETDEV_UP:
5cb04436
HFS		 1788 idev = in6_dev_get(dev);
1789 if (!idev)
1790 break;
fc1f8f4f
DA		 1791 if (idev->cnf.ndisc_notify ||
1792 net->ipv6.devconf_all->ndisc_notify)
5cb04436
HFS		 1793 ndisc_send_unsol_na(dev);
1794 in6_dev_put(idev);
1da177e4 1795 break;
c8507fb2
ED		 1796 case NETDEV_CHANGE:
1797 change_info = ptr;
1798 if (change_info->flags_changed & IFF_NOARP)
1799 neigh_changeaddr(&nd_tbl, dev);
859bd2ef
DA		 1800 if (!netif_carrier_ok(dev))
1801 neigh_carrier_down(&nd_tbl, dev);
c8507fb2 1802 break;
1da177e4
LT		 1803 case NETDEV_DOWN:
1804 neigh_ifdown(&nd_tbl, dev);
2ac3ac8f 1805 fib6_run_gc(0, net, false);
1da177e4 1806 break;
f47b9464
BH		 1807 case NETDEV_NOTIFY_PEERS:
1808 ndisc_send_unsol_na(dev);
1809 break;
1da177e4
LT		 1810 default:
1811 break;
1812 }
1813
1814 return NOTIFY_DONE;
1815}
1816
1817static struct notifier_block ndisc_netdev_notifier = {
1818 .notifier_call = ndisc_netdev_event,
6eb79393 1819 .priority = ADDRCONF_NOTIFY_PRIORITY - 5,
1da177e4
LT		 1820};
1821
1822#ifdef CONFIG_SYSCTL
1823static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1824 const char *func, const char *dev_name)
1825{
1826 static char warncomm[TASK_COMM_LEN];
1827 static int warned;
1828 if (strcmp(warncomm, current->comm) && warned < 5) {
1829 strcpy(warncomm, current->comm);
f3213831 1830 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1da177e4
LT		 1831 warncomm, func,
1832 dev_name, ctl->procname,
1833 dev_name, ctl->procname);
1834 warned++;
1835 }
1836}
1837
32927393
CH		 1838int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void *buffer,
1839 size_t *lenp, loff_t *ppos)
1da177e4
LT		 1840{
1841 struct net_device *dev = ctl->extra1;
1842 struct inet6_dev *idev;
1843 int ret;
1844
d12af679
EB		 1845 if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1846 (strcmp(ctl->procname, "base_reachable_time") == 0))
1da177e4
LT		 1847 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1848
d12af679 1849 if (strcmp(ctl->procname, "retrans_time") == 0)
cb5b09c1 1850 ret = neigh_proc_dointvec(ctl, write, buffer, lenp, ppos);
d12af679
EB		 1851
1852 else if (strcmp(ctl->procname, "base_reachable_time") == 0)
cb5b09c1
JP		 1853 ret = neigh_proc_dointvec_jiffies(ctl, write,
1854 buffer, lenp, ppos);
d12af679
EB		 1855
1856 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
ad02ac14 1857 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
cb5b09c1
JP		 1858 ret = neigh_proc_dointvec_ms_jiffies(ctl, write,
1859 buffer, lenp, ppos);
d12af679 1860 else
1da177e4 1861 ret = -1;
1da177e4
LT		 1862
1863 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1f9248e5
JP		 1864 if (ctl->data == &NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME))
1865 idev->nd_parms->reachable_time =
1866 neigh_rand_reach_time(NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME));
1da177e4
LT		 1867 idev->tstamp = jiffies;
1868 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1869 in6_dev_put(idev);
1870 }
1871 return ret;
1872}
1873
1da177e4
LT		 1874
1875#endif
1876
2c8c1e72 1877static int __net_init ndisc_net_init(struct net *net)
1da177e4
LT		 1878{
1879 struct ipv6_pinfo *np;
1880 struct sock *sk;
1ab1457c 1881 int err;
1da177e4 1882
1ed8516f
DL		 1883 err = inet_ctl_sock_create(&sk, PF_INET6,
1884 SOCK_RAW, IPPROTO_ICMPV6, net);
1da177e4 1885 if (err < 0) {
675418d5
JP		 1886 ND_PRINTK(0, err,
1887 "NDISC: Failed to initialize the control socket (err %d)\n",
1888 err);
1da177e4
LT		 1889 return err;
1890 }
1891
1ed8516f 1892 net->ipv6.ndisc_sk = sk;
1762f7e8 1893
1da177e4 1894 np = inet6_sk(sk);
1da177e4
LT		 1895 np->hop_limit = 255;
1896 /* Do not loopback ndisc messages */
1897 np->mc_loop = 0;
1da177e4 1898
1762f7e8
DL		 1899 return 0;
1900}
1901
2c8c1e72 1902static void __net_exit ndisc_net_exit(struct net *net)
1762f7e8 1903{
1ed8516f 1904 inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1762f7e8
DL		 1905}
1906
1907static struct pernet_operations ndisc_net_ops = {
1908 .init = ndisc_net_init,
1909 .exit = ndisc_net_exit,
1910};
1911
1912int __init ndisc_init(void)
1913{
1914 int err;
1915
1916 err = register_pernet_subsys(&ndisc_net_ops);
1917 if (err)
1918 return err;
1ab1457c
YH		 1919 /*
1920 * Initialize the neighbour table
1921 */
d7480fd3 1922 neigh_table_init(NEIGH_ND_TABLE, &nd_tbl);
1da177e4
LT		 1923
1924#ifdef CONFIG_SYSCTL
73af614a 1925 err = neigh_sysctl_register(NULL, &nd_tbl.parms,
56ec0fb1 1926 ndisc_ifinfo_sysctl_change);
1762f7e8
DL		 1927 if (err)
1928 goto out_unregister_pernet;
1762f7e8 1929out:
bcd081a3 1930#endif
1762f7e8 1931 return err;
1da177e4 1932
1762f7e8 1933#ifdef CONFIG_SYSCTL
1762f7e8 1934out_unregister_pernet:
1762f7e8
DL		 1935 unregister_pernet_subsys(&ndisc_net_ops);
1936 goto out;
2c861cc6 1937#endif
1da177e4
LT		 1938}
1939
2c861cc6
MK		 1940int __init ndisc_late_init(void)
1941{
1942 return register_netdevice_notifier(&ndisc_netdev_notifier);
1943}
1944
1945void ndisc_late_cleanup(void)
1da177e4 1946{
36f73d0c 1947 unregister_netdevice_notifier(&ndisc_netdev_notifier);
2c861cc6
MK		 1948}
1949
1950void ndisc_cleanup(void)
1951{
1da177e4
LT		 1952#ifdef CONFIG_SYSCTL
1953 neigh_sysctl_unregister(&nd_tbl.parms);
1954#endif
d7480fd3 1955 neigh_table_clear(NEIGH_ND_TABLE, &nd_tbl);
1762f7e8 1956 unregister_pernet_subsys(&ndisc_net_ops);
1da177e4 1957}
Ubuntu Hirsute Linux kernel mirror