]> git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/blame - net/ipv6/ndisc.c
projects / mirror_ubuntu-jammy-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
xfrm: rate limit SA mapping change message to user space
[mirror_ubuntu-jammy-kernel.git] / net / ipv6 / ndisc.c
CommitLineData
2874c5fd 1// SPDX-License-Identifier: GPL-2.0-or-later
1da177e4
LT		 2/*
3 * Neighbour Discovery for IPv6
1ab1457c 4 * Linux INET6 implementation
1da177e4
LT		 5 *
6 * Authors:
1ab1457c 7 * Pedro Roque <roque@di.fc.ul.pt>
1da177e4 8 * Mike Shaver <shaver@ingenia.com>
1da177e4
LT		 9 */
10
11/*
12 * Changes:
13 *
e35f30c1 14 * Alexey I. Froloff : RFC6106 (DNSSL) support
31910575
PY		 15 * Pierre Ynard : export userland ND options
16 * through netlink (RDNSS support)
1da177e4
LT		 17 * Lars Fenneberg : fixed MTU setting on receipt
18 * of an RA.
1da177e4
LT		 19 * Janos Farkas : kmalloc failure checks
20 * Alexey Kuznetsov : state machine reworked
21 * and moved to net/core.
22 * Pekka Savola : RFC2461 validation
23 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly
24 */
25
675418d5 26#define pr_fmt(fmt) "ICMPv6: " fmt
1da177e4
LT		 27
28#include <linux/module.h>
1da177e4
LT		 29#include <linux/errno.h>
30#include <linux/types.h>
31#include <linux/socket.h>
32#include <linux/sockios.h>
33#include <linux/sched.h>
34#include <linux/net.h>
35#include <linux/in6.h>
36#include <linux/route.h>
37#include <linux/init.h>
38#include <linux/rcupdate.h>
5a0e3ad6 39#include <linux/slab.h>
1da177e4
LT		 40#ifdef CONFIG_SYSCTL
41#include <linux/sysctl.h>
42#endif
43
1823730f 44#include <linux/if_addr.h>
da13c59b 45#include <linux/if_ether.h>
1da177e4
LT		 46#include <linux/if_arp.h>
47#include <linux/ipv6.h>
48#include <linux/icmpv6.h>
49#include <linux/jhash.h>
50
51#include <net/sock.h>
52#include <net/snmp.h>
53
54#include <net/ipv6.h>
55#include <net/protocol.h>
56#include <net/ndisc.h>
57#include <net/ip6_route.h>
58#include <net/addrconf.h>
59#include <net/icmp.h>
60
31910575
PY		 61#include <net/netlink.h>
62#include <linux/rtnetlink.h>
63
1da177e4
LT		 64#include <net/flow.h>
65#include <net/ip6_checksum.h>
1ed8516f 66#include <net/inet_common.h>
1da177e4
LT		 67#include <linux/proc_fs.h>
68
69#include <linux/netfilter.h>
70#include <linux/netfilter_ipv6.h>
71
d6bf7817
ED		 72static u32 ndisc_hash(const void *pkey,
73 const struct net_device *dev,
2c2aba6c 74 __u32 *hash_rnd);
60395a20 75static bool ndisc_key_eq(const struct neighbour *neigh, const void *pkey);
b8fb1ab4
DA		 76static bool ndisc_allow_add(const struct net_device *dev,
77 struct netlink_ext_ack *extack);
1da177e4
LT		 78static int ndisc_constructor(struct neighbour *neigh);
79static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
80static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
81static int pndisc_constructor(struct pneigh_entry *n);
82static void pndisc_destructor(struct pneigh_entry *n);
83static void pndisc_redo(struct sk_buff *skb);
8cf8821e 84static int ndisc_is_multicast(const void *pkey);
1da177e4 85
89d69d2b 86static const struct neigh_ops ndisc_generic_ops = {
1da177e4
LT		 87 .family = AF_INET6,
88 .solicit = ndisc_solicit,
89 .error_report = ndisc_error_report,
90 .output = neigh_resolve_output,
91 .connected_output = neigh_connected_output,
1da177e4
LT		 92};
93
89d69d2b 94static const struct neigh_ops ndisc_hh_ops = {
1da177e4
LT		 95 .family = AF_INET6,
96 .solicit = ndisc_solicit,
97 .error_report = ndisc_error_report,
98 .output = neigh_resolve_output,
99 .connected_output = neigh_resolve_output,
1da177e4
LT		 100};
101
102
89d69d2b 103static const struct neigh_ops ndisc_direct_ops = {
1da177e4 104 .family = AF_INET6,
8f40b161
DM		 105 .output = neigh_direct_output,
106 .connected_output = neigh_direct_output,
1da177e4
LT		 107};
108
109struct neigh_table nd_tbl = {
110 .family = AF_INET6,
1da177e4 111 .key_len = sizeof(struct in6_addr),
bdf53c58 112 .protocol = cpu_to_be16(ETH_P_IPV6),
1da177e4 113 .hash = ndisc_hash,
60395a20 114 .key_eq = ndisc_key_eq,
1da177e4
LT		 115 .constructor = ndisc_constructor,
116 .pconstructor = pndisc_constructor,
117 .pdestructor = pndisc_destructor,
118 .proxy_redo = pndisc_redo,
8cf8821e 119 .is_multicast = ndisc_is_multicast,
b8fb1ab4 120 .allow_add = ndisc_allow_add,
1da177e4
LT		 121 .id = "ndisc_cache",
122 .parms = {
b672083e 123 .tbl = &nd_tbl,
b672083e 124 .reachable_time = ND_REACHABLE_TIME,
1f9248e5
JP		 125 .data = {
126 [NEIGH_VAR_MCAST_PROBES] = 3,
127 [NEIGH_VAR_UCAST_PROBES] = 3,
128 [NEIGH_VAR_RETRANS_TIME] = ND_RETRANS_TIMER,
129 [NEIGH_VAR_BASE_REACHABLE_TIME] = ND_REACHABLE_TIME,
130 [NEIGH_VAR_DELAY_PROBE_TIME] = 5 * HZ,
131 [NEIGH_VAR_GC_STALETIME] = 60 * HZ,
eaa72dc4 132 [NEIGH_VAR_QUEUE_LEN_BYTES] = SK_WMEM_MAX,
1f9248e5
JP		 133 [NEIGH_VAR_PROXY_QLEN] = 64,
134 [NEIGH_VAR_ANYCAST_DELAY] = 1 * HZ,
135 [NEIGH_VAR_PROXY_DELAY] = (8 * HZ) / 10,
136 },
1da177e4
LT		 137 },
138 .gc_interval = 30 * HZ,
139 .gc_thresh1 = 128,
140 .gc_thresh2 = 512,
141 .gc_thresh3 = 1024,
142};
c4850687 143EXPORT_SYMBOL_GPL(nd_tbl);
1da177e4 144
cc84b3c6
AA		 145void __ndisc_fill_addr_option(struct sk_buff *skb, int type, void *data,
146 int data_len, int pad)
1da177e4 147{
8ec5da41 148 int space = __ndisc_opt_addr_space(data_len, pad);
5f5a0115 149 u8 *opt = skb_put(skb, space);
1da177e4
LT		 150
151 opt[0] = type;
152 opt[1] = space>>3;
153
154 memset(opt + 2, 0, pad);
155 opt += pad;
156 space -= pad;
157
158 memcpy(opt+2, data, data_len);
159 data_len += 2;
160 opt += data_len;
e5d08d71
IM		 161 space -= data_len;
162 if (space > 0)
1da177e4 163 memset(opt, 0, space);
1da177e4 164}
cc84b3c6 165EXPORT_SYMBOL_GPL(__ndisc_fill_addr_option);
1da177e4 166
8ec5da41 167static inline void ndisc_fill_addr_option(struct sk_buff *skb, int type,
f997c55c 168 void *data, u8 icmp6_type)
8ec5da41
AA		 169{
170 __ndisc_fill_addr_option(skb, type, data, skb->dev->addr_len,
171 ndisc_addr_option_pad(skb->dev->type));
f997c55c
AA		 172 ndisc_ops_fill_addr_option(skb->dev, skb, icmp6_type);
173}
174
175static inline void ndisc_fill_redirect_addr_option(struct sk_buff *skb,
176 void *ha,
177 const u8 *ops_data)
178{
179 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR, ha, NDISC_REDIRECT);
180 ndisc_ops_fill_redirect_addr_option(skb->dev, skb, ops_data);
8ec5da41
AA		 181}
182
1da177e4
LT		 183static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
184 struct nd_opt_hdr *end)
185{
186 int type;
187 if (!cur || !end || cur >= end)
188 return NULL;
189 type = cur->nd_opt_type;
190 do {
191 cur = ((void *)cur) + (cur->nd_opt_len << 3);
67ba4152 192 } while (cur < end && cur->nd_opt_type != type);
a02cec21 193 return cur <= end && cur->nd_opt_type == type ? cur : NULL;
1da177e4
LT		 194}
195
f997c55c
AA		 196static inline int ndisc_is_useropt(const struct net_device *dev,
197 struct nd_opt_hdr *opt)
31910575 198{
e35f30c1 199 return opt->nd_opt_type == ND_OPT_RDNSS ||
f997c55c 200 opt->nd_opt_type == ND_OPT_DNSSL ||
66b5f1c4 201 opt->nd_opt_type == ND_OPT_CAPTIVE_PORTAL ||
c24a77ed 202 opt->nd_opt_type == ND_OPT_PREF64 ||
f997c55c 203 ndisc_ops_is_useropt(dev, opt->nd_opt_type);
31910575
PY		 204}
205
f997c55c
AA		 206static struct nd_opt_hdr *ndisc_next_useropt(const struct net_device *dev,
207 struct nd_opt_hdr *cur,
31910575
PY		 208 struct nd_opt_hdr *end)
209{
210 if (!cur || !end || cur >= end)
211 return NULL;
212 do {
213 cur = ((void *)cur) + (cur->nd_opt_len << 3);
f997c55c
AA		 214 } while (cur < end && !ndisc_is_useropt(dev, cur));
215 return cur <= end && ndisc_is_useropt(dev, cur) ? cur : NULL;
31910575
PY		 216}
217
f997c55c
AA		 218struct ndisc_options *ndisc_parse_options(const struct net_device *dev,
219 u8 *opt, int opt_len,
30f2a5f3 220 struct ndisc_options *ndopts)
1da177e4
LT		 221{
222 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
223
224 if (!nd_opt || opt_len < 0 || !ndopts)
225 return NULL;
226 memset(ndopts, 0, sizeof(*ndopts));
227 while (opt_len) {
228 int l;
229 if (opt_len < sizeof(struct nd_opt_hdr))
230 return NULL;
231 l = nd_opt->nd_opt_len << 3;
232 if (opt_len < l || l == 0)
233 return NULL;
f997c55c
AA		 234 if (ndisc_ops_parse_options(dev, nd_opt, ndopts))
235 goto next_opt;
1da177e4
LT		 236 switch (nd_opt->nd_opt_type) {
237 case ND_OPT_SOURCE_LL_ADDR:
238 case ND_OPT_TARGET_LL_ADDR:
239 case ND_OPT_MTU:
adc176c5 240 case ND_OPT_NONCE:
1da177e4
LT		 241 case ND_OPT_REDIRECT_HDR:
242 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
675418d5
JP		 243 ND_PRINTK(2, warn,
244 "%s: duplicated ND6 option found: type=%d\n",
245 __func__, nd_opt->nd_opt_type);
1da177e4
LT		 246 } else {
247 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
248 }
249 break;
250 case ND_OPT_PREFIX_INFO:
251 ndopts->nd_opts_pi_end = nd_opt;
cfcabdcc 252 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
1da177e4
LT		 253 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
254 break;
70ceb4f5
YH		 255#ifdef CONFIG_IPV6_ROUTE_INFO
256 case ND_OPT_ROUTE_INFO:
257 ndopts->nd_opts_ri_end = nd_opt;
258 if (!ndopts->nd_opts_ri)
259 ndopts->nd_opts_ri = nd_opt;
260 break;
261#endif
1da177e4 262 default:
f997c55c 263 if (ndisc_is_useropt(dev, nd_opt)) {
31910575
PY		 264 ndopts->nd_useropts_end = nd_opt;
265 if (!ndopts->nd_useropts)
266 ndopts->nd_useropts = nd_opt;
267 } else {
268 /*
269 * Unknown options must be silently ignored,
270 * to accommodate future extension to the
271 * protocol.
272 */
675418d5
JP		 273 ND_PRINTK(2, notice,
274 "%s: ignored unsupported option; type=%d, len=%d\n",
275 __func__,
276 nd_opt->nd_opt_type,
277 nd_opt->nd_opt_len);
31910575 278 }
1da177e4 279 }
f997c55c 280next_opt:
1da177e4
LT		 281 opt_len -= l;
282 nd_opt = ((void *)nd_opt) + l;
283 }
284 return ndopts;
285}
286
b71d1d42 287int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
1da177e4
LT		 288{
289 switch (dev->type) {
290 case ARPHRD_ETHER:
291 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */
292 case ARPHRD_FDDI:
293 ipv6_eth_mc_map(addr, buf);
294 return 0;
1da177e4
LT		 295 case ARPHRD_ARCNET:
296 ipv6_arcnet_mc_map(addr, buf);
297 return 0;
298 case ARPHRD_INFINIBAND:
a9e527e3 299 ipv6_ib_mc_map(addr, dev->broadcast, buf);
1da177e4 300 return 0;
93ca3bb5
TT		 301 case ARPHRD_IPGRE:
302 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
1da177e4
LT		 303 default:
304 if (dir) {
305 memcpy(buf, dev->broadcast, dev->addr_len);
306 return 0;
307 }
308 }
309 return -EINVAL;
310}
7159039a
YH		 311EXPORT_SYMBOL(ndisc_mc_map);
312
d6bf7817
ED		 313static u32 ndisc_hash(const void *pkey,
314 const struct net_device *dev,
2c2aba6c 315 __u32 *hash_rnd)
1da177e4 316{
2c2aba6c 317 return ndisc_hashfn(pkey, dev, hash_rnd);
1da177e4
LT		 318}
319
60395a20
EB		 320static bool ndisc_key_eq(const struct neighbour *n, const void *pkey)
321{
322 return neigh_key_eq128(n, pkey);
323}
324
1da177e4
LT		 325static int ndisc_constructor(struct neighbour *neigh)
326{
67ba4152 327 struct in6_addr *addr = (struct in6_addr *)&neigh->primary_key;
1da177e4
LT		 328 struct net_device *dev = neigh->dev;
329 struct inet6_dev *in6_dev;
330 struct neigh_parms *parms;
a50feda5 331 bool is_multicast = ipv6_addr_is_multicast(addr);
1da177e4 332
1da177e4 333 in6_dev = in6_dev_get(dev);
63159f29 334 if (!in6_dev) {
1da177e4
LT		 335 return -EINVAL;
336 }
337
338 parms = in6_dev->nd_parms;
339 __neigh_parms_put(neigh->parms);
340 neigh->parms = neigh_parms_clone(parms);
1da177e4
LT		 341
342 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
3b04ddde 343 if (!dev->header_ops) {
1da177e4
LT		 344 neigh->nud_state = NUD_NOARP;
345 neigh->ops = &ndisc_direct_ops;
8f40b161 346 neigh->output = neigh_direct_output;
1da177e4
LT		 347 } else {
348 if (is_multicast) {
349 neigh->nud_state = NUD_NOARP;
350 ndisc_mc_map(addr, neigh->ha, dev, 1);
351 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
352 neigh->nud_state = NUD_NOARP;
353 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
354 if (dev->flags&IFF_LOOPBACK)
355 neigh->type = RTN_LOCAL;
356 } else if (dev->flags&IFF_POINTOPOINT) {
357 neigh->nud_state = NUD_NOARP;
358 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
359 }
3b04ddde 360 if (dev->header_ops->cache)
1da177e4
LT		 361 neigh->ops = &ndisc_hh_ops;
362 else
363 neigh->ops = &ndisc_generic_ops;
364 if (neigh->nud_state&NUD_VALID)
365 neigh->output = neigh->ops->connected_output;
366 else
367 neigh->output = neigh->ops->output;
368 }
369 in6_dev_put(in6_dev);
370 return 0;
371}
372
373static int pndisc_constructor(struct pneigh_entry *n)
374{
67ba4152 375 struct in6_addr *addr = (struct in6_addr *)&n->key;
1da177e4
LT		 376 struct in6_addr maddr;
377 struct net_device *dev = n->dev;
378
63159f29 379 if (!dev || !__in6_dev_get(dev))
1da177e4
LT		 380 return -EINVAL;
381 addrconf_addr_solict_mult(addr, &maddr);
382 ipv6_dev_mc_inc(dev, &maddr);
383 return 0;
384}
385
386static void pndisc_destructor(struct pneigh_entry *n)
387{
67ba4152 388 struct in6_addr *addr = (struct in6_addr *)&n->key;
1da177e4
LT		 389 struct in6_addr maddr;
390 struct net_device *dev = n->dev;
391
63159f29 392 if (!dev || !__in6_dev_get(dev))
1da177e4
LT		 393 return;
394 addrconf_addr_solict_mult(addr, &maddr);
395 ipv6_dev_mc_dec(dev, &maddr);
396}
397
b8fb1ab4
DA		 398/* called with rtnl held */
399static bool ndisc_allow_add(const struct net_device *dev,
400 struct netlink_ext_ack *extack)
401{
402 struct inet6_dev *idev = __in6_dev_get(dev);
403
404 if (!idev || idev->cnf.disable_ipv6) {
405 NL_SET_ERR_MSG(extack, "IPv6 is disabled on this device");
406 return false;
407 }
408
409 return true;
410}
411
de09334b
YH		 412static struct sk_buff *ndisc_alloc_skb(struct net_device *dev,
413 int len)
414{
415 int hlen = LL_RESERVED_SPACE(dev);
416 int tlen = dev->needed_tailroom;
417 struct sock *sk = dev_net(dev)->ipv6.ndisc_sk;
418 struct sk_buff *skb;
de09334b 419
25a6e6b8 420 skb = alloc_skb(hlen + sizeof(struct ipv6hdr) + len + tlen, GFP_ATOMIC);
de09334b 421 if (!skb) {
25a6e6b8
TG		 422 ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb\n",
423 __func__);
de09334b
YH		 424 return NULL;
425 }
426
f382d03a
YH		 427 skb->protocol = htons(ETH_P_IPV6);
428 skb->dev = dev;
429
527a150f 430 skb_reserve(skb, hlen + sizeof(struct ipv6hdr));
5135e633 431 skb_reset_transport_header(skb);
de09334b 432
25a6e6b8
TG		 433 /* Manually assign socket ownership as we avoid calling
434 * sock_alloc_send_pskb() to bypass wmem buffer limits
435 */
436 skb_set_owner_w(skb, sk);
437
de09334b
YH		 438 return skb;
439}
440
f382d03a 441static void ip6_nd_hdr(struct sk_buff *skb,
2576f17d
YH		 442 const struct in6_addr *saddr,
443 const struct in6_addr *daddr,
c8d6c380 444 int hop_limit, int len)
2576f17d
YH		 445{
446 struct ipv6hdr *hdr;
2210d6b2
 447 struct inet6_dev *idev;
448 unsigned tclass;
449
450 rcu_read_lock();
451 idev = __in6_dev_get(skb->dev);
452 tclass = idev ? idev->cnf.ndisc_tclass : 0;
453 rcu_read_unlock();
2576f17d 454
527a150f 455 skb_push(skb, sizeof(*hdr));
2576f17d 456 skb_reset_network_header(skb);
2576f17d
YH		 457 hdr = ipv6_hdr(skb);
458
2210d6b2 459 ip6_flow_hdr(hdr, tclass, 0);
2576f17d
YH		 460
461 hdr->payload_len = htons(len);
c8d6c380
YH		 462 hdr->nexthdr = IPPROTO_ICMPV6;
463 hdr->hop_limit = hop_limit;
2576f17d
YH		 464
465 hdr->saddr = *saddr;
466 hdr->daddr = *daddr;
467}
468
af9a9976 469static void ndisc_send_skb(struct sk_buff *skb,
fd0ea7db 470 const struct in6_addr *daddr,
aa4bdd4b 471 const struct in6_addr *saddr)
305d552a 472{
f4de84c6 473 struct dst_entry *dst = skb_dst(skb);
af9a9976 474 struct net *net = dev_net(skb->dev);
7b3d9b06 475 struct sock *sk = net->ipv6.ndisc_sk;
305d552a
BH		 476 struct inet6_dev *idev;
477 int err;
aa4bdd4b 478 struct icmp6hdr *icmp6h = icmp6_hdr(skb);
305d552a
BH		 479 u8 type;
480
481 type = icmp6h->icmp6_type;
482
f4de84c6 483 if (!dst) {
f4de84c6 484 struct flowi6 fl6;
e0d56fdd 485 int oif = skb->dev->ifindex;
305d552a 486
ca254490 487 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, oif);
f4de84c6
YH		 488 dst = icmp6_dst_alloc(skb->dev, &fl6);
489 if (IS_ERR(dst)) {
490 kfree_skb(skb);
491 return;
492 }
493
494 skb_dst_set(skb, dst);
495 }
e1ec7842 496
7b3d9b06
YH		 497 icmp6h->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len,
498 IPPROTO_ICMPV6,
499 csum_partial(icmp6h,
500 skb->len, 0));
501
502 ip6_nd_hdr(skb, saddr, daddr, inet6_sk(sk)->hop_limit, skb->len);
503
cfdf7647
ED		 504 rcu_read_lock();
505 idev = __in6_dev_get(dst->dev);
edf391ff 506 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
e1ec7842 507
29a26a56
EB		 508 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT,
509 net, sk, skb, NULL, dst->dev,
13206b6b 510 dst_output);
1da177e4 511 if (!err) {
5c5d244b 512 ICMP6MSGOUT_INC_STATS(net, idev, type);
a862f6a6 513 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
1da177e4
LT		 514 }
515
cfdf7647 516 rcu_read_unlock();
1ab1457c 517}
1da177e4 518
38cf595b 519void ndisc_send_na(struct net_device *dev, const struct in6_addr *daddr,
f564f45c
CW		 520 const struct in6_addr *solicited_addr,
521 bool router, bool solicited, bool override, bool inc_opt)
e1ec7842 522{
b44b5f4a 523 struct sk_buff *skb;
e1ec7842
YH		 524 struct in6_addr tmpaddr;
525 struct inet6_ifaddr *ifp;
9acd9f3a 526 const struct in6_addr *src_addr;
1cb3fe51
YH		 527 struct nd_msg *msg;
528 int optlen = 0;
e1ec7842
YH		 529
530 /* for anycast or proxy, solicited_addr != src_addr */
c346dca1 531 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
e1ec7842
YH		 532 if (ifp) {
533 src_addr = solicited_addr;
534 if (ifp->flags & IFA_F_OPTIMISTIC)
f2f79cca 535 override = false;
9f888160 536 inc_opt |= ifp->idev->cnf.force_tllao;
e1ec7842
YH		 537 in6_ifa_put(ifp);
538 } else {
191cd582 539 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
c346dca1 540 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
7cbca67c 541 &tmpaddr))
e1ec7842
YH		 542 return;
543 src_addr = &tmpaddr;
544 }
545
1cb3fe51 546 if (!dev->addr_len)
9a21ac94 547 inc_opt = false;
1cb3fe51 548 if (inc_opt)
f997c55c
AA		 549 optlen += ndisc_opt_addr_space(dev,
550 NDISC_NEIGHBOUR_ADVERTISEMENT);
e1ec7842 551
1cb3fe51 552 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
b44b5f4a
YH		 553 if (!skb)
554 return;
555
4df864c1 556 msg = skb_put(skb, sizeof(*msg));
1cb3fe51
YH		 557 *msg = (struct nd_msg) {
558 .icmph = {
559 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
560 .icmp6_router = router,
561 .icmp6_solicited = solicited,
562 .icmp6_override = override,
563 },
564 .target = *solicited_addr,
565 };
566
567 if (inc_opt)
568 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR,
f997c55c
AA		 569 dev->dev_addr,
570 NDISC_NEIGHBOUR_ADVERTISEMENT);
1cb3fe51 571
b44b5f4a 572 ndisc_send_skb(skb, daddr, src_addr);
e1ec7842
YH		 573}
574
f47b9464
BH		 575static void ndisc_send_unsol_na(struct net_device *dev)
576{
577 struct inet6_dev *idev;
578 struct inet6_ifaddr *ifa;
f47b9464
BH		 579
580 idev = in6_dev_get(dev);
581 if (!idev)
582 return;
583
584 read_lock_bh(&idev->lock);
585 list_for_each_entry(ifa, &idev->addr_list, if_list) {
c76fe2d9
DA		 586 /* skip tentative addresses until dad completes */
587 if (ifa->flags & IFA_F_TENTATIVE &&
588 !(ifa->flags & IFA_F_OPTIMISTIC))
589 continue;
590
38cf595b 591 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &ifa->addr,
f47b9464
BH		 592 /*router=*/ !!idev->cnf.forwarding,
593 /*solicited=*/ false, /*override=*/ true,
594 /*inc_opt=*/ true);
595 }
596 read_unlock_bh(&idev->lock);
597
598 in6_dev_put(idev);
599}
600
38cf595b 601void ndisc_send_ns(struct net_device *dev, const struct in6_addr *solicit,
adc176c5
EN		 602 const struct in6_addr *daddr, const struct in6_addr *saddr,
603 u64 nonce)
1da177e4 604{
b44b5f4a 605 struct sk_buff *skb;
1da177e4 606 struct in6_addr addr_buf;
1cb3fe51
YH		 607 int inc_opt = dev->addr_len;
608 int optlen = 0;
609 struct nd_msg *msg;
1da177e4 610
63159f29 611 if (!saddr) {
95c385b4
NH		 612 if (ipv6_get_lladdr(dev, &addr_buf,
613 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
1da177e4
LT		 614 return;
615 saddr = &addr_buf;
616 }
617
1cb3fe51 618 if (ipv6_addr_any(saddr))
f2f79cca 619 inc_opt = false;
1cb3fe51 620 if (inc_opt)
f997c55c
AA		 621 optlen += ndisc_opt_addr_space(dev,
622 NDISC_NEIGHBOUR_SOLICITATION);
adc176c5
EN		 623 if (nonce != 0)
624 optlen += 8;
1cb3fe51
YH		 625
626 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
b44b5f4a
YH		 627 if (!skb)
628 return;
629
4df864c1 630 msg = skb_put(skb, sizeof(*msg));
1cb3fe51
YH		 631 *msg = (struct nd_msg) {
632 .icmph = {
633 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
634 },
635 .target = *solicit,
636 };
637
638 if (inc_opt)
639 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
f997c55c
AA		 640 dev->dev_addr,
641 NDISC_NEIGHBOUR_SOLICITATION);
adc176c5
EN		 642 if (nonce != 0) {
643 u8 *opt = skb_put(skb, 8);
644
645 opt[0] = ND_OPT_NONCE;
646 opt[1] = 8 >> 3;
647 memcpy(opt + 2, &nonce, 6);
648 }
1cb3fe51 649
b44b5f4a 650 ndisc_send_skb(skb, daddr, saddr);
1da177e4
LT		 651}
652
9acd9f3a
YH		 653void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
654 const struct in6_addr *daddr)
1da177e4 655{
b44b5f4a 656 struct sk_buff *skb;
1cb3fe51 657 struct rs_msg *msg;
95c385b4 658 int send_sllao = dev->addr_len;
1cb3fe51 659 int optlen = 0;
95c385b4
NH		 660
661#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
662 /*
663 * According to section 2.2 of RFC 4429, we must not
664 * send router solicitations with a sllao from
665 * optimistic addresses, but we may send the solicitation
666 * if we don't include the sllao. So here we check
667 * if our address is optimistic, and if so, we
bea85195 668 * suppress the inclusion of the sllao.
95c385b4
NH		 669 */
670 if (send_sllao) {
c346dca1 671 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
1cab3da6 672 dev, 1);
95c385b4
NH		 673 if (ifp) {
674 if (ifp->flags & IFA_F_OPTIMISTIC) {
ca043569 675 send_sllao = 0;
95c385b4 676 }
ca043569 677 in6_ifa_put(ifp);
95c385b4
NH		 678 } else {
679 send_sllao = 0;
680 }
681 }
682#endif
1cb3fe51 683 if (send_sllao)
f997c55c 684 optlen += ndisc_opt_addr_space(dev, NDISC_ROUTER_SOLICITATION);
1cb3fe51
YH		 685
686 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
b44b5f4a
YH		 687 if (!skb)
688 return;
689
4df864c1 690 msg = skb_put(skb, sizeof(*msg));
1cb3fe51
YH		 691 *msg = (struct rs_msg) {
692 .icmph = {
693 .icmp6_type = NDISC_ROUTER_SOLICITATION,
694 },
695 };
696
697 if (send_sllao)
698 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
f997c55c
AA		 699 dev->dev_addr,
700 NDISC_ROUTER_SOLICITATION);
1cb3fe51 701
b44b5f4a 702 ndisc_send_skb(skb, daddr, saddr);
1da177e4 703}
1ab1457c 704
1da177e4
LT		 705
706static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
707{
708 /*
709 * "The sender MUST return an ICMP
710 * destination unreachable"
711 */
712 dst_link_failure(skb);
713 kfree_skb(skb);
714}
715
716/* Called with locked neigh: either read or both */
717
718static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
719{
720 struct in6_addr *saddr = NULL;
721 struct in6_addr mcaddr;
722 struct net_device *dev = neigh->dev;
723 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
724 int probes = atomic_read(&neigh->probes);
725
c58da4c6 726 if (skb && ipv6_chk_addr_and_flags(dev_net(dev), &ipv6_hdr(skb)->saddr,
232378e8 727 dev, false, 1,
c58da4c6 728 IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))
0660e03f 729 saddr = &ipv6_hdr(skb)->saddr;
e5d08d71
IM		 730 probes -= NEIGH_VAR(neigh->parms, UCAST_PROBES);
731 if (probes < 0) {
1da177e4 732 if (!(neigh->nud_state & NUD_VALID)) {
675418d5
JP		 733 ND_PRINTK(1, dbg,
734 "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
735 __func__, target);
1da177e4 736 }
adc176c5 737 ndisc_send_ns(dev, target, target, saddr, 0);
1f9248e5 738 } else if ((probes -= NEIGH_VAR(neigh->parms, APP_PROBES)) < 0) {
1da177e4 739 neigh_app_ns(neigh);
1da177e4
LT		 740 } else {
741 addrconf_addr_solict_mult(target, &mcaddr);
adc176c5 742 ndisc_send_ns(dev, target, &mcaddr, saddr, 0);
1da177e4
LT		 743 }
744}
745
0736ffc0
YH		 746static int pndisc_is_router(const void *pkey,
747 struct net_device *dev)
fa86d322
PE		 748{
749 struct pneigh_entry *n;
0736ffc0 750 int ret = -1;
fa86d322
PE		 751
752 read_lock_bh(&nd_tbl.lock);
0736ffc0
YH		 753 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
754 if (n)
755 ret = !!(n->flags & NTF_ROUTER);
fa86d322
PE		 756 read_unlock_bh(&nd_tbl.lock);
757
0736ffc0 758 return ret;
fa86d322
PE		 759}
760
f997c55c
AA		 761void ndisc_update(const struct net_device *dev, struct neighbour *neigh,
762 const u8 *lladdr, u8 new, u32 flags, u8 icmp6_type,
763 struct ndisc_options *ndopts)
764{
7b8f7a40 765 neigh_update(neigh, lladdr, new, flags, 0);
f997c55c
AA		 766 /* report ndisc ops about neighbour update */
767 ndisc_ops_update(dev, neigh, flags, icmp6_type, ndopts);
768}
769
1da177e4
LT		 770static void ndisc_recv_ns(struct sk_buff *skb)
771{
9c70220b 772 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
b71d1d42
ED		 773 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
774 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
1da177e4 775 u8 *lladdr = NULL;
29a3cad5 776 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
27a884dc 777 offsetof(struct nd_msg, opt));
1da177e4
LT		 778 struct ndisc_options ndopts;
779 struct net_device *dev = skb->dev;
780 struct inet6_ifaddr *ifp;
781 struct inet6_dev *idev = NULL;
782 struct neighbour *neigh;
783 int dad = ipv6_addr_any(saddr);
a50feda5 784 bool inc;
0736ffc0 785 int is_router = -1;
adc176c5 786 u64 nonce = 0;
1da177e4 787
115b0aa6
YH		 788 if (skb->len < sizeof(struct nd_msg)) {
789 ND_PRINTK(2, warn, "NS: packet too short\n");
790 return;
791 }
792
1da177e4 793 if (ipv6_addr_is_multicast(&msg->target)) {
675418d5 794 ND_PRINTK(2, warn, "NS: multicast target address\n");
1da177e4
LT		 795 return;
796 }
797
798 /*
799 * RFC2461 7.1.1:
800 * DAD has to be destined for solicited node multicast address.
801 */
ca97a644 802 if (dad && !ipv6_addr_is_solict_mult(daddr)) {
675418d5 803 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
1da177e4
LT		 804 return;
805 }
806
f997c55c 807 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
675418d5 808 ND_PRINTK(2, warn, "NS: invalid ND options\n");
1da177e4
LT		 809 return;
810 }
811
812 if (ndopts.nd_opts_src_lladdr) {
813 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
814 if (!lladdr) {
675418d5
JP		 815 ND_PRINTK(2, warn,
816 "NS: invalid link-layer address length\n");
1da177e4
LT		 817 return;
818 }
819
820 /* RFC2461 7.1.1:
1ab1457c
YH		 821 * If the IP source address is the unspecified address,
822 * there MUST NOT be source link-layer address option
1da177e4
LT		 823 * in the message.
824 */
825 if (dad) {
675418d5
JP		 826 ND_PRINTK(2, warn,
827 "NS: bad DAD packet (link-layer address option)\n");
1da177e4
LT		 828 return;
829 }
830 }
e6651599 831 if (ndopts.nd_opts_nonce && ndopts.nd_opts_nonce->nd_opt_len == 1)
adc176c5 832 memcpy(&nonce, (u8 *)(ndopts.nd_opts_nonce + 1), 6);
1da177e4
LT		 833
834 inc = ipv6_addr_is_multicast(daddr);
835
c346dca1 836 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
a18bc695 837 if (ifp) {
ca254490 838have_ifp:
95c385b4
NH		 839 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
840 if (dad) {
adc176c5
EN		 841 if (nonce != 0 && ifp->dad_nonce == nonce) {
842 u8 *np = (u8 *)&nonce;
843 /* Matching nonce if looped back */
844 ND_PRINTK(2, notice,
845 "%s: IPv6 DAD loopback for address %pI6c nonce %pM ignored\n",
846 ifp->idev->dev->name,
847 &ifp->addr, np);
848 goto out;
849 }
95c385b4
NH		 850 /*
851 * We are colliding with another node
852 * who is doing DAD
853 * so fail our DAD process
854 */
da13c59b 855 addrconf_dad_failure(skb, ifp);
9e3be4b3 856 return;
95c385b4
NH		 857 } else {
858 /*
859 * This is not a dad solicitation.
860 * If we are an optimistic node,
861 * we should respond.
862 * Otherwise, we should ignore it.
863 */
864 if (!(ifp->flags & IFA_F_OPTIMISTIC))
1da177e4 865 goto out;
1da177e4 866 }
1da177e4
LT		 867 }
868
869 idev = ifp->idev;
870 } else {
53b7997f
YH		 871 struct net *net = dev_net(dev);
872
ca254490
DA		 873 /* perhaps an address on the master device */
874 if (netif_is_l3_slave(dev)) {
875 struct net_device *mdev;
876
877 mdev = netdev_master_upper_dev_get_rcu(dev);
878 if (mdev) {
879 ifp = ipv6_get_ifaddr(net, &msg->target, mdev, 1);
880 if (ifp)
881 goto have_ifp;
882 }
883 }
884
1da177e4
LT		 885 idev = in6_dev_get(dev);
886 if (!idev) {
887 /* XXX: count this drop? */
888 return;
889 }
890
53b7997f 891 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
1ab1457c 892 (idev->cnf.forwarding &&
53b7997f 893 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
0736ffc0 894 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
a61bbcf2 895 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
1da177e4 896 skb->pkt_type != PACKET_HOST &&
f2f79cca 897 inc &&
1f9248e5 898 NEIGH_VAR(idev->nd_parms, PROXY_DELAY) != 0) {
1da177e4
LT		 899 /*
900 * for anycast or proxy,
1ab1457c
YH		 901 * sender should delay its response
902 * by a random time between 0 and
1da177e4
LT		 903 * MAX_ANYCAST_DELAY_TIME seconds.
904 * (RFC2461) -- yoshfuji
905 */
906 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
907 if (n)
908 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
909 goto out;
910 }
911 } else
912 goto out;
913 }
914
0736ffc0 915 if (is_router < 0)
fb568637 916 is_router = idev->cnf.forwarding;
62dd9318 917
1da177e4 918 if (dad) {
38cf595b 919 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &msg->target,
fb568637 920 !!is_router, false, (ifp != NULL), true);
1da177e4
LT		 921 goto out;
922 }
923
924 if (inc)
925 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
926 else
927 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
928
1ab1457c 929 /*
1da177e4
LT		 930 * update / create cache entry
931 * for the source address
932 */
933 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
934 !inc || lladdr || !dev->addr_len);
935 if (neigh)
f997c55c 936 ndisc_update(dev, neigh, lladdr, NUD_STALE,
1da177e4 937 NEIGH_UPDATE_F_WEAK_OVERRIDE|
f997c55c
AA		 938 NEIGH_UPDATE_F_OVERRIDE,
939 NDISC_NEIGHBOUR_SOLICITATION, &ndopts);
3b04ddde 940 if (neigh || !dev->header_ops) {
38cf595b 941 ndisc_send_na(dev, saddr, &msg->target, !!is_router,
fb568637 942 true, (ifp != NULL && inc), inc);
1da177e4
LT		 943 if (neigh)
944 neigh_release(neigh);
945 }
946
947out:
948 if (ifp)
949 in6_ifa_put(ifp);
950 else
951 in6_dev_put(idev);
1da177e4
LT		 952}
953
954static void ndisc_recv_na(struct sk_buff *skb)
955{
9c70220b 956 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
be7a010d 957 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
b71d1d42 958 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
1da177e4 959 u8 *lladdr = NULL;
29a3cad5 960 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
27a884dc 961 offsetof(struct nd_msg, opt));
1da177e4
LT		 962 struct ndisc_options ndopts;
963 struct net_device *dev = skb->dev;
7a02bf89 964 struct inet6_dev *idev = __in6_dev_get(dev);
1da177e4
LT		 965 struct inet6_ifaddr *ifp;
966 struct neighbour *neigh;
967
968 if (skb->len < sizeof(struct nd_msg)) {
675418d5 969 ND_PRINTK(2, warn, "NA: packet too short\n");
1da177e4
LT		 970 return;
971 }
972
973 if (ipv6_addr_is_multicast(&msg->target)) {
675418d5 974 ND_PRINTK(2, warn, "NA: target address is multicast\n");
1da177e4
LT		 975 return;
976 }
977
978 if (ipv6_addr_is_multicast(daddr) &&
979 msg->icmph.icmp6_solicited) {
675418d5 980 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
1da177e4
LT		 981 return;
982 }
1ab1457c 983
7a02bf89
JB		 984 /* For some 802.11 wireless deployments (and possibly other networks),
985 * there will be a NA proxy and unsolicitd packets are attacks
986 * and thus should not be accepted.
987 */
988 if (!msg->icmph.icmp6_solicited && idev &&
989 idev->cnf.drop_unsolicited_na)
990 return;
991
f997c55c 992 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
675418d5 993 ND_PRINTK(2, warn, "NS: invalid ND option\n");
1da177e4
LT		 994 return;
995 }
996 if (ndopts.nd_opts_tgt_lladdr) {
997 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
998 if (!lladdr) {
675418d5
JP		 999 ND_PRINTK(2, warn,
1000 "NA: invalid link-layer address length\n");
1da177e4
LT		 1001 return;
1002 }
1003 }
c346dca1 1004 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
a18bc695 1005 if (ifp) {
bd015928
DW		 1006 if (skb->pkt_type != PACKET_LOOPBACK
1007 && (ifp->flags & IFA_F_TENTATIVE)) {
da13c59b 1008 addrconf_dad_failure(skb, ifp);
bd015928 1009 return;
1da177e4
LT		 1010 }
1011 /* What should we make now? The advertisement
1012 is invalid, but ndisc specs say nothing
1013 about it. It could be misconfiguration, or
1014 an smart proxy agent tries to help us :-)
24fc7b86
JS		 1015
1016 We should not print the error if NA has been
1017 received from loopback - it is just our own
1018 unsolicited advertisement.
1da177e4 1019 */
24fc7b86 1020 if (skb->pkt_type != PACKET_LOOPBACK)
675418d5 1021 ND_PRINTK(1, warn,
da13c59b
VP		 1022 "NA: %pM advertised our address %pI6c on %s!\n",
1023 eth_hdr(skb)->h_source, &ifp->addr, ifp->idev->dev->name);
1da177e4
LT		 1024 in6_ifa_put(ifp);
1025 return;
1026 }
1027 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
1028
1029 if (neigh) {
1030 u8 old_flags = neigh->flags;
53b7997f 1031 struct net *net = dev_net(dev);
1da177e4
LT		 1032
1033 if (neigh->nud_state & NUD_FAILED)
1034 goto out;
1035
5f3e6e9e
VN		 1036 /*
1037 * Don't update the neighbor cache entry on a proxy NA from
1038 * ourselves because either the proxied node is off link or it
1039 * has already sent a NA to us.
1040 */
1041 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
53b7997f
YH		 1042 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
1043 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
b20b6d97 1044 /* XXX: idev->cnf.proxy_ndp */
5f3e6e9e 1045 goto out;
fbea49e1 1046 }
5f3e6e9e 1047
f997c55c 1048 ndisc_update(dev, neigh, lladdr,
1da177e4
LT		 1049 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
1050 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1051 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
1052 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
f997c55c
AA		 1053 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0),
1054 NDISC_NEIGHBOUR_ADVERTISEMENT, &ndopts);
1da177e4
LT		 1055
1056 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
1057 /*
1058 * Change: router to host
1059 */
be7a010d 1060 rt6_clean_tohost(dev_net(dev), saddr);
1da177e4
LT		 1061 }
1062
1063out:
1064 neigh_release(neigh);
1065 }
1066}
1067
1068static void ndisc_recv_rs(struct sk_buff *skb)
1069{
9c70220b 1070 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
1da177e4
LT		 1071 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
1072 struct neighbour *neigh;
1073 struct inet6_dev *idev;
b71d1d42 1074 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
1da177e4
LT		 1075 struct ndisc_options ndopts;
1076 u8 *lladdr = NULL;
1077
1078 if (skb->len < sizeof(*rs_msg))
1079 return;
1080
cfdf7647 1081 idev = __in6_dev_get(skb->dev);
1da177e4 1082 if (!idev) {
675418d5 1083 ND_PRINTK(1, err, "RS: can't find in6 device\n");
1da177e4
LT		 1084 return;
1085 }
1086
1087 /* Don't accept RS if we're not in router mode */
1088 if (!idev->cnf.forwarding)
1089 goto out;
1090
1091 /*
1092 * Don't update NCE if src = ::;
1093 * this implies that the source node has no ip address assigned yet.
1094 */
1095 if (ipv6_addr_any(saddr))
1096 goto out;
1097
1098 /* Parse ND options */
f997c55c 1099 if (!ndisc_parse_options(skb->dev, rs_msg->opt, ndoptlen, &ndopts)) {
675418d5 1100 ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n");
1da177e4
LT		 1101 goto out;
1102 }
1103
1104 if (ndopts.nd_opts_src_lladdr) {
1105 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1106 skb->dev);
1107 if (!lladdr)
1108 goto out;
1109 }
1110
1111 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1112 if (neigh) {
f997c55c 1113 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1da177e4
LT		 1114 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1115 NEIGH_UPDATE_F_OVERRIDE|
f997c55c
AA		 1116 NEIGH_UPDATE_F_OVERRIDE_ISROUTER,
1117 NDISC_ROUTER_SOLICITATION, &ndopts);
1da177e4
LT		 1118 neigh_release(neigh);
1119 }
1120out:
cfdf7647 1121 return;
1da177e4
LT		 1122}
1123
31910575
PY		 1124static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1125{
1126 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1127 struct sk_buff *skb;
1128 struct nlmsghdr *nlh;
1129 struct nduseroptmsg *ndmsg;
c346dca1 1130 struct net *net = dev_net(ra->dev);
31910575
PY		 1131 int err;
1132 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1133 + (opt->nd_opt_len << 3));
1134 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1135
1136 skb = nlmsg_new(msg_size, GFP_ATOMIC);
63159f29 1137 if (!skb) {
31910575
PY		 1138 err = -ENOBUFS;
1139 goto errout;
1140 }
1141
1142 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
63159f29 1143 if (!nlh) {
31910575
PY		 1144 goto nla_put_failure;
1145 }
1146
1147 ndmsg = nlmsg_data(nlh);
1148 ndmsg->nduseropt_family = AF_INET6;
dbb2ed24 1149 ndmsg->nduseropt_ifindex = ra->dev->ifindex;
31910575
PY		 1150 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1151 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1152 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1153
1154 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1155
930345ea 1156 if (nla_put_in6_addr(skb, NDUSEROPT_SRCADDR, &ipv6_hdr(ra)->saddr))
c78679e8 1157 goto nla_put_failure;
31910575
PY		 1158 nlmsg_end(skb, nlh);
1159
1ce85fe4 1160 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
31910575
PY		 1161 return;
1162
1163nla_put_failure:
1164 nlmsg_free(skb);
1165 err = -EMSGSIZE;
1166errout:
a18bc695 1167 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
31910575
PY		 1168}
1169
1da177e4
LT		 1170static void ndisc_router_discovery(struct sk_buff *skb)
1171{
9c70220b 1172 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1da177e4
LT		 1173 struct neighbour *neigh = NULL;
1174 struct inet6_dev *in6_dev;
8d1c802b 1175 struct fib6_info *rt = NULL;
6b2e04bc 1176 u32 defrtr_usr_metric;
afb1d4b5 1177 struct net *net;
1da177e4
LT		 1178 int lifetime;
1179 struct ndisc_options ndopts;
1180 int optlen;
ebacaaa0 1181 unsigned int pref = 0;
a394eef5 1182 __u32 old_if_flags;
2053aeb6 1183 bool send_ifinfo_notify = false;
1da177e4 1184
67ba4152 1185 __u8 *opt = (__u8 *)(ra_msg + 1);
1da177e4 1186
29a3cad5
SH		 1187 optlen = (skb_tail_pointer(skb) - skb_transport_header(skb)) -
1188 sizeof(struct ra_msg);
1da177e4 1189
f2a762d8
BG		 1190 ND_PRINTK(2, info,
1191 "RA: %s, dev: %s\n",
1192 __func__, skb->dev->name);
0660e03f 1193 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
675418d5 1194 ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1da177e4
LT		 1195 return;
1196 }
1197 if (optlen < 0) {
675418d5 1198 ND_PRINTK(2, warn, "RA: packet too short\n");
1da177e4
LT		 1199 return;
1200 }
1201
de357cc0 1202#ifdef CONFIG_IPV6_NDISC_NODETYPE
fadf6bf0 1203 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
675418d5 1204 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
fadf6bf0
TF		 1205 return;
1206 }
de357cc0 1207#endif
fadf6bf0 1208
1da177e4
LT		 1209 /*
1210 * set the RA_RECV flag in the interface
1211 */
1212
cfdf7647 1213 in6_dev = __in6_dev_get(skb->dev);
63159f29 1214 if (!in6_dev) {
675418d5
JP		 1215 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1216 skb->dev->name);
1da177e4
LT		 1217 return;
1218 }
1da177e4 1219
f997c55c 1220 if (!ndisc_parse_options(skb->dev, opt, optlen, &ndopts)) {
675418d5 1221 ND_PRINTK(2, warn, "RA: invalid ND options\n");
1da177e4
LT		 1222 return;
1223 }
1224
f2a762d8
BG		 1225 if (!ipv6_accept_ra(in6_dev)) {
1226 ND_PRINTK(2, info,
1227 "RA: %s, did not accept ra for dev: %s\n",
1228 __func__, skb->dev->name);
31ce8c71 1229 goto skip_linkparms;
f2a762d8 1230 }
31ce8c71 1231
de357cc0 1232#ifdef CONFIG_IPV6_NDISC_NODETYPE
fadf6bf0 1233 /* skip link-specific parameters from interior routers */
f2a762d8
BG		 1234 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1235 ND_PRINTK(2, info,
1236 "RA: %s, nodetype is NODEFAULT, dev: %s\n",
1237 __func__, skb->dev->name);
fadf6bf0 1238 goto skip_linkparms;
f2a762d8 1239 }
de357cc0 1240#endif
fadf6bf0 1241
1da177e4
LT		 1242 if (in6_dev->if_flags & IF_RS_SENT) {
1243 /*
1244 * flag that an RA was received after an RS was sent
1245 * out on this interface.
1246 */
1247 in6_dev->if_flags |= IF_RA_RCVD;
1248 }
1249
1250 /*
1251 * Remember the managed/otherconf flags from most recently
1252 * received RA message (RFC 2462) -- yoshfuji
1253 */
a394eef5 1254 old_if_flags = in6_dev->if_flags;
1da177e4
LT		 1255 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1256 IF_RA_OTHERCONF)) |
1257 (ra_msg->icmph.icmp6_addrconf_managed ?
1258 IF_RA_MANAGED : 0) |
1259 (ra_msg->icmph.icmp6_addrconf_other ?
1260 IF_RA_OTHERCONF : 0);
1261
a394eef5 1262 if (old_if_flags != in6_dev->if_flags)
2053aeb6 1263 send_ifinfo_notify = true;
a394eef5 1264
f2a762d8
BG		 1265 if (!in6_dev->cnf.accept_ra_defrtr) {
1266 ND_PRINTK(2, info,
1267 "RA: %s, defrtr is false for dev: %s\n",
1268 __func__, skb->dev->name);
65f5c7c1 1269 goto skip_defrtr;
f2a762d8 1270 }
65f5c7c1 1271
d9333196
BG		 1272 /* Do not accept RA with source-addr found on local machine unless
1273 * accept_ra_from_local is set to true.
1274 */
afb1d4b5 1275 net = dev_net(in6_dev->dev);
b6428817 1276 if (!in6_dev->cnf.accept_ra_from_local &&
afb1d4b5 1277 ipv6_chk_addr(net, &ipv6_hdr(skb)->saddr, in6_dev->dev, 0)) {
f2a762d8 1278 ND_PRINTK(2, info,
d9333196
BG		 1279 "RA from local address detected on dev: %s: default router ignored\n",
1280 skb->dev->name);
9f56220f 1281 goto skip_defrtr;
f2a762d8 1282 }
9f56220f 1283
1da177e4
LT		 1284 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1285
ebacaaa0
YH		 1286#ifdef CONFIG_IPV6_ROUTER_PREF
1287 pref = ra_msg->icmph.icmp6_router_pref;
1288 /* 10b is handled as if it were 00b (medium) */
930d6ff2 1289 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
6d5b78cd 1290 !in6_dev->cnf.accept_ra_rtr_pref)
ebacaaa0
YH		 1291 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1292#endif
f88d8ea6 1293 /* routes added from RAs do not use nexthop objects */
afb1d4b5 1294 rt = rt6_get_dflt_router(net, &ipv6_hdr(skb)->saddr, skb->dev);
eb857186 1295 if (rt) {
1cf844c7
DA		 1296 neigh = ip6_neigh_lookup(&rt->fib6_nh->fib_nh_gw6,
1297 rt->fib6_nh->fib_nh_dev, NULL,
f8a1b43b 1298 &ipv6_hdr(skb)->saddr);
eb857186 1299 if (!neigh) {
675418d5
JP		 1300 ND_PRINTK(0, err,
1301 "RA: %s got default router without neighbour\n",
1302 __func__);
93531c67 1303 fib6_info_release(rt);
eb857186
DM		 1304 return;
1305 }
1306 }
6b2e04bc
PC		 1307 /* Set default route metric as specified by user */
1308 defrtr_usr_metric = in6_dev->cnf.ra_defrtr_metric;
1309 /* delete the route if lifetime is 0 or if metric needs change */
1310 if (rt && (lifetime == 0 || rt->fib6_metric != defrtr_usr_metric)) {
11dd74b3 1311 ip6_del_rt(net, rt, false);
1da177e4
LT		 1312 rt = NULL;
1313 }
1314
6b2e04bc
PC		 1315 ND_PRINTK(3, info, "RA: rt: %p lifetime: %d, metric: %d, for dev: %s\n",
1316 rt, lifetime, defrtr_usr_metric, skb->dev->name);
63159f29 1317 if (!rt && lifetime) {
f2a762d8 1318 ND_PRINTK(3, info, "RA: adding default router\n");
1da177e4 1319
afb1d4b5 1320 rt = rt6_add_dflt_router(net, &ipv6_hdr(skb)->saddr,
6b2e04bc 1321 skb->dev, pref, defrtr_usr_metric);
63159f29 1322 if (!rt) {
675418d5
JP		 1323 ND_PRINTK(0, err,
1324 "RA: %s failed to add default route\n",
1325 __func__);
1da177e4
LT		 1326 return;
1327 }
1328
1cf844c7
DA		 1329 neigh = ip6_neigh_lookup(&rt->fib6_nh->fib_nh_gw6,
1330 rt->fib6_nh->fib_nh_dev, NULL,
f8a1b43b 1331 &ipv6_hdr(skb)->saddr);
63159f29 1332 if (!neigh) {
675418d5
JP		 1333 ND_PRINTK(0, err,
1334 "RA: %s got default router without neighbour\n",
1335 __func__);
93531c67 1336 fib6_info_release(rt);
1da177e4
LT		 1337 return;
1338 }
1339 neigh->flags |= NTF_ROUTER;
ebacaaa0 1340 } else if (rt) {
93c2fb25 1341 rt->fib6_flags = (rt->fib6_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1da177e4
LT		 1342 }
1343
1344 if (rt)
14895687 1345 fib6_set_expires(rt, jiffies + (HZ * lifetime));
8013d1d7
HL		 1346 if (in6_dev->cnf.accept_ra_min_hop_limit < 256 &&
1347 ra_msg->icmph.icmp6_hop_limit) {
1348 if (in6_dev->cnf.accept_ra_min_hop_limit <= ra_msg->icmph.icmp6_hop_limit) {
6fd99094 1349 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
d4ead6b3
DA		 1350 fib6_metric_set(rt, RTAX_HOPLIMIT,
1351 ra_msg->icmph.icmp6_hop_limit);
6fd99094 1352 } else {
8013d1d7 1353 ND_PRINTK(2, warn, "RA: Got route advertisement with lower hop_limit than minimum\n");
6fd99094 1354 }
1da177e4
LT		 1355 }
1356
65f5c7c1
YH		 1357skip_defrtr:
1358
1da177e4
LT		 1359 /*
1360 * Update Reachable Time and Retrans Timer
1361 */
1362
1363 if (in6_dev->nd_parms) {
1364 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1365
1366 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1367 rtime = (rtime*HZ)/1000;
19e16d22
HL		 1368 if (rtime < HZ/100)
1369 rtime = HZ/100;
1f9248e5 1370 NEIGH_VAR_SET(in6_dev->nd_parms, RETRANS_TIME, rtime);
1da177e4 1371 in6_dev->tstamp = jiffies;
2053aeb6 1372 send_ifinfo_notify = true;
1da177e4
LT		 1373 }
1374
1375 rtime = ntohl(ra_msg->reachable_time);
1376 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1377 rtime = (rtime*HZ)/1000;
1378
1379 if (rtime < HZ/10)
1380 rtime = HZ/10;
1381
1f9248e5
JP		 1382 if (rtime != NEIGH_VAR(in6_dev->nd_parms, BASE_REACHABLE_TIME)) {
1383 NEIGH_VAR_SET(in6_dev->nd_parms,
1384 BASE_REACHABLE_TIME, rtime);
1385 NEIGH_VAR_SET(in6_dev->nd_parms,
1386 GC_STALETIME, 3 * rtime);
1da177e4
LT		 1387 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1388 in6_dev->tstamp = jiffies;
2053aeb6 1389 send_ifinfo_notify = true;
1da177e4
LT		 1390 }
1391 }
1392 }
1393
fadf6bf0
TF		 1394skip_linkparms:
1395
1da177e4
LT		 1396 /*
1397 * Process options.
1398 */
1399
1400 if (!neigh)
0660e03f 1401 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1da177e4
LT		 1402 skb->dev, 1);
1403 if (neigh) {
1404 u8 *lladdr = NULL;
1405 if (ndopts.nd_opts_src_lladdr) {
1406 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1407 skb->dev);
1408 if (!lladdr) {
675418d5
JP		 1409 ND_PRINTK(2, warn,
1410 "RA: invalid link-layer address length\n");
1da177e4
LT		 1411 goto out;
1412 }
1413 }
f997c55c 1414 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1da177e4
LT		 1415 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1416 NEIGH_UPDATE_F_OVERRIDE|
1417 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
f997c55c
AA		 1418 NEIGH_UPDATE_F_ISROUTER,
1419 NDISC_ROUTER_ADVERTISEMENT, &ndopts);
1da177e4
LT		 1420 }
1421
f2a762d8
BG		 1422 if (!ipv6_accept_ra(in6_dev)) {
1423 ND_PRINTK(2, info,
1424 "RA: %s, accept_ra is false for dev: %s\n",
1425 __func__, skb->dev->name);
31ce8c71 1426 goto out;
f2a762d8 1427 }
31ce8c71 1428
70ceb4f5 1429#ifdef CONFIG_IPV6_ROUTE_INFO
b6428817
LR		 1430 if (!in6_dev->cnf.accept_ra_from_local &&
1431 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
c1a9a291 1432 in6_dev->dev, 0)) {
f2a762d8 1433 ND_PRINTK(2, info,
d9333196
BG		 1434 "RA from local address detected on dev: %s: router info ignored.\n",
1435 skb->dev->name);
9f56220f 1436 goto skip_routeinfo;
f2a762d8 1437 }
9f56220f 1438
09c884d4 1439 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
70ceb4f5
YH		 1440 struct nd_opt_hdr *p;
1441 for (p = ndopts.nd_opts_ri;
1442 p;
1443 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
6294e000
YH		 1444 struct route_info *ri = (struct route_info *)p;
1445#ifdef CONFIG_IPV6_NDISC_NODETYPE
1446 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1447 ri->prefix_len == 0)
1448 continue;
1449#endif
30e56918
DJ		 1450 if (ri->prefix_len == 0 &&
1451 !in6_dev->cnf.accept_ra_defrtr)
1452 continue;
bbea124b
JS		 1453 if (ri->prefix_len < in6_dev->cnf.accept_ra_rt_info_min_plen)
1454 continue;
6294e000 1455 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
09c884d4 1456 continue;
67ba4152 1457 rt6_route_rcv(skb->dev, (u8 *)p, (p->nd_opt_len) << 3,
0660e03f 1458 &ipv6_hdr(skb)->saddr);
70ceb4f5
YH		 1459 }
1460 }
9f56220f
AH		 1461
1462skip_routeinfo:
70ceb4f5
YH		 1463#endif
1464
de357cc0 1465#ifdef CONFIG_IPV6_NDISC_NODETYPE
fadf6bf0 1466 /* skip link-specific ndopts from interior routers */
f2a762d8
BG		 1467 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1468 ND_PRINTK(2, info,
1469 "RA: %s, nodetype is NODEFAULT (interior routes), dev: %s\n",
1470 __func__, skb->dev->name);
fadf6bf0 1471 goto out;
f2a762d8 1472 }
de357cc0 1473#endif
fadf6bf0 1474
c4fd30eb 1475 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1da177e4
LT		 1476 struct nd_opt_hdr *p;
1477 for (p = ndopts.nd_opts_pi;
1478 p;
1479 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
e6bff995
NH		 1480 addrconf_prefix_rcv(skb->dev, (u8 *)p,
1481 (p->nd_opt_len) << 3,
1482 ndopts.nd_opts_src_lladdr != NULL);
1da177e4
LT		 1483 }
1484 }
1485
c2943f14 1486 if (ndopts.nd_opts_mtu && in6_dev->cnf.accept_ra_mtu) {
e69a4adc 1487 __be32 n;
1da177e4
LT		 1488 u32 mtu;
1489
67ba4152 1490 memcpy(&n, ((u8 *)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
e69a4adc 1491 mtu = ntohl(n);
1da177e4 1492
49b99da2
RY		 1493 if (in6_dev->ra_mtu != mtu) {
1494 in6_dev->ra_mtu = mtu;
1495 send_ifinfo_notify = true;
1496 }
1497
1da177e4 1498 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
675418d5 1499 ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1da177e4
LT		 1500 } else if (in6_dev->cnf.mtu6 != mtu) {
1501 in6_dev->cnf.mtu6 = mtu;
d4ead6b3 1502 fib6_metric_set(rt, RTAX_MTU, mtu);
1da177e4
LT		 1503 rt6_mtu_change(skb->dev, mtu);
1504 }
1505 }
1ab1457c 1506
31910575 1507 if (ndopts.nd_useropts) {
61cf46ad
YH		 1508 struct nd_opt_hdr *p;
1509 for (p = ndopts.nd_useropts;
1510 p;
f997c55c
AA		 1511 p = ndisc_next_useropt(skb->dev, p,
1512 ndopts.nd_useropts_end)) {
61cf46ad 1513 ndisc_ra_useropt(skb, p);
31910575
PY		 1514 }
1515 }
1516
1da177e4 1517 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
675418d5 1518 ND_PRINTK(2, warn, "RA: invalid RA options\n");
1da177e4
LT		 1519 }
1520out:
49b99da2
RY		 1521 /* Send a notify if RA changed managed/otherconf flags or
1522 * timer settings or ra_mtu value
1523 */
1524 if (send_ifinfo_notify)
1525 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1526
93531c67 1527 fib6_info_release(rt);
eb857186 1528 if (neigh)
1da177e4 1529 neigh_release(neigh);
1da177e4
LT		 1530}
1531
1532static void ndisc_redirect_rcv(struct sk_buff *skb)
1533{
093d04d4
DJ		 1534 u8 *hdr;
1535 struct ndisc_options ndopts;
1536 struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb);
29a3cad5 1537 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
093d04d4
DJ		 1538 offsetof(struct rd_msg, opt));
1539
de357cc0 1540#ifdef CONFIG_IPV6_NDISC_NODETYPE
fadf6bf0
TF		 1541 switch (skb->ndisc_nodetype) {
1542 case NDISC_NODETYPE_HOST:
1543 case NDISC_NODETYPE_NODEFAULT:
675418d5
JP		 1544 ND_PRINTK(2, warn,
1545 "Redirect: from host or unauthorized router\n");
fadf6bf0
TF		 1546 return;
1547 }
de357cc0 1548#endif
fadf6bf0 1549
0660e03f 1550 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
675418d5
JP		 1551 ND_PRINTK(2, warn,
1552 "Redirect: source address is not link-local\n");
1da177e4
LT		 1553 return;
1554 }
1555
f997c55c 1556 if (!ndisc_parse_options(skb->dev, msg->opt, ndoptlen, &ndopts))
093d04d4
DJ		 1557 return;
1558
c92a59ec 1559 if (!ndopts.nd_opts_rh) {
b55b76b2 1560 ip6_redirect_no_header(skb, dev_net(skb->dev),
d456336d 1561 skb->dev->ifindex);
093d04d4 1562 return;
c92a59ec 1563 }
093d04d4
DJ		 1564
1565 hdr = (u8 *)ndopts.nd_opts_rh;
1566 hdr += 8;
1567 if (!pskb_pull(skb, hdr - skb_transport_header(skb)))
1568 return;
1569
b94f1c09 1570 icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1da177e4
LT		 1571}
1572
5f5a0115
YH		 1573static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb,
1574 struct sk_buff *orig_skb,
1575 int rd_len)
9c86dafe 1576{
5f5a0115
YH		 1577 u8 *opt = skb_put(skb, rd_len);
1578
9c86dafe
YH		 1579 memset(opt, 0, 8);
1580 *(opt++) = ND_OPT_REDIRECT_HDR;
1581 *(opt++) = (rd_len >> 3);
1582 opt += 6;
1583
9f62c15f
LB		 1584 skb_copy_bits(orig_skb, skb_network_offset(orig_skb), opt,
1585 rd_len - 8);
9c86dafe
YH		 1586}
1587
4991969a 1588void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1da177e4 1589{
1762f7e8 1590 struct net_device *dev = skb->dev;
c346dca1 1591 struct net *net = dev_net(dev);
1762f7e8 1592 struct sock *sk = net->ipv6.ndisc_sk;
2ce13576 1593 int optlen = 0;
fbfe95a4 1594 struct inet_peer *peer;
1da177e4 1595 struct sk_buff *buff;
71bcdba0 1596 struct rd_msg *msg;
1da177e4 1597 struct in6_addr saddr_buf;
1da177e4
LT		 1598 struct rt6_info *rt;
1599 struct dst_entry *dst;
4c9483b2 1600 struct flowi6 fl6;
1da177e4 1601 int rd_len;
f997c55c
AA		 1602 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL,
1603 ops_data_buf[NDISC_OPS_REDIRECT_DATA_SPACE], *ops_data = NULL;
1d861aa4 1604 bool ret;
1da177e4 1605
2f17becf
SS		 1606 if (netif_is_l3_master(skb->dev)) {
1607 dev = __dev_get_by_index(dev_net(skb->dev), IPCB(skb)->iif);
1608 if (!dev)
1609 return;
1610 }
1611
95c385b4 1612 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
675418d5
JP		 1613 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1614 dev->name);
1ab1457c
YH		 1615 return;
1616 }
1da177e4 1617
0660e03f 1618 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
bf0b48df 1619 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
675418d5
JP		 1620 ND_PRINTK(2, warn,
1621 "Redirect: target address is not link-local unicast\n");
29556526
LY		 1622 return;
1623 }
1624
4c9483b2 1625 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
e0d56fdd 1626 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1da177e4 1627
4c9483b2 1628 dst = ip6_route_output(net, NULL, &fl6);
5095d64d
RL		 1629 if (dst->error) {
1630 dst_release(dst);
1da177e4 1631 return;
5095d64d 1632 }
4c9483b2 1633 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
452edd59 1634 if (IS_ERR(dst))
1da177e4 1635 return;
1da177e4
LT		 1636
1637 rt = (struct rt6_info *) dst;
1638
1639 if (rt->rt6i_flags & RTF_GATEWAY) {
675418d5
JP		 1640 ND_PRINTK(2, warn,
1641 "Redirect: destination is not a neighbour\n");
d73f0801 1642 goto release;
1da177e4 1643 }
fd0273d7 1644 peer = inet_getpeer_v6(net->ipv6.peers, &ipv6_hdr(skb)->saddr, 1);
1d861aa4
DM		 1645 ret = inet_peer_xrlim_allow(peer, 1*HZ);
1646 if (peer)
1647 inet_putpeer(peer);
1648 if (!ret)
d73f0801 1649 goto release;
1da177e4
LT		 1650
1651 if (dev->addr_len) {
4991969a
DM		 1652 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1653 if (!neigh) {
675418d5
JP		 1654 ND_PRINTK(2, warn,
1655 "Redirect: no neigh for target address\n");
4991969a
DM		 1656 goto release;
1657 }
1658
1da177e4
LT		 1659 read_lock_bh(&neigh->lock);
1660 if (neigh->nud_state & NUD_VALID) {
1661 memcpy(ha_buf, neigh->ha, dev->addr_len);
1662 read_unlock_bh(&neigh->lock);
1663 ha = ha_buf;
f997c55c
AA		 1664 optlen += ndisc_redirect_opt_addr_space(dev, neigh,
1665 ops_data_buf,
1666 &ops_data);
1da177e4
LT		 1667 } else
1668 read_unlock_bh(&neigh->lock);
4991969a
DM		 1669
1670 neigh_release(neigh);
1da177e4
LT		 1671 }
1672
1673 rd_len = min_t(unsigned int,
2ce13576
YH		 1674 IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen,
1675 skb->len + 8);
1da177e4 1676 rd_len &= ~0x7;
2ce13576 1677 optlen += rd_len;
1da177e4 1678
2ce13576 1679 buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
de09334b 1680 if (!buff)
d73f0801 1681 goto release;
1da177e4 1682
4df864c1 1683 msg = skb_put(buff, sizeof(*msg));
4d5c152e
YH		 1684 *msg = (struct rd_msg) {
1685 .icmph = {
1686 .icmp6_type = NDISC_REDIRECT,
1687 },
1688 .target = *target,
1689 .dest = ipv6_hdr(skb)->daddr,
1690 };
1da177e4 1691
1da177e4
LT		 1692 /*
1693 * include target_address option
1694 */
1695
1696 if (ha)
f997c55c 1697 ndisc_fill_redirect_addr_option(buff, ha, ops_data);
1da177e4
LT		 1698
1699 /*
1700 * build redirect option and copy skb over to the new packet.
1701 */
1702
9c86dafe 1703 if (rd_len)
5f5a0115 1704 ndisc_fill_redirect_hdr_option(buff, skb, rd_len);
1da177e4 1705
adf30907 1706 skb_dst_set(buff, dst);
f4de84c6 1707 ndisc_send_skb(buff, &ipv6_hdr(skb)->saddr, &saddr_buf);
d73f0801
IJ		 1708 return;
1709
1710release:
1711 dst_release(dst);
1da177e4
LT		 1712}
1713
1714static void pndisc_redo(struct sk_buff *skb)
1715{
140e26fc 1716 ndisc_recv_ns(skb);
1da177e4
LT		 1717 kfree_skb(skb);
1718}
1719
8cf8821e
JD		 1720static int ndisc_is_multicast(const void *pkey)
1721{
1722 return ipv6_addr_is_multicast((struct in6_addr *)pkey);
1723}
1724
b800c3b9
HFS		 1725static bool ndisc_suppress_frag_ndisc(struct sk_buff *skb)
1726{
1727 struct inet6_dev *idev = __in6_dev_get(skb->dev);
1728
1729 if (!idev)
1730 return true;
1731 if (IP6CB(skb)->flags & IP6SKB_FRAGMENTED &&
1732 idev->cnf.suppress_frag_ndisc) {
1733 net_warn_ratelimited("Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.\n");
1734 return true;
1735 }
1736 return false;
1737}
1738
1da177e4
LT		 1739int ndisc_rcv(struct sk_buff *skb)
1740{
1741 struct nd_msg *msg;
1742
b800c3b9
HFS		 1743 if (ndisc_suppress_frag_ndisc(skb))
1744 return 0;
1745
6bce6b4e 1746 if (skb_linearize(skb))
1da177e4
LT		 1747 return 0;
1748
9c70220b 1749 msg = (struct nd_msg *)skb_transport_header(skb);
1da177e4 1750
9c70220b 1751 __skb_push(skb, skb->data - skb_transport_header(skb));
1da177e4 1752
0660e03f 1753 if (ipv6_hdr(skb)->hop_limit != 255) {
675418d5
JP		 1754 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1755 ipv6_hdr(skb)->hop_limit);
1da177e4
LT		 1756 return 0;
1757 }
1758
1759 if (msg->icmph.icmp6_code != 0) {
675418d5
JP		 1760 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1761 msg->icmph.icmp6_code);
1da177e4
LT		 1762 return 0;
1763 }
1764
1765 switch (msg->icmph.icmp6_type) {
1766 case NDISC_NEIGHBOUR_SOLICITATION:
ee1abcf6 1767 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1da177e4
LT		 1768 ndisc_recv_ns(skb);
1769 break;
1770
1771 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1772 ndisc_recv_na(skb);
1773 break;
1774
1775 case NDISC_ROUTER_SOLICITATION:
1776 ndisc_recv_rs(skb);
1777 break;
1778
1779 case NDISC_ROUTER_ADVERTISEMENT:
1780 ndisc_router_discovery(skb);
1781 break;
1782
1783 case NDISC_REDIRECT:
1784 ndisc_redirect_rcv(skb);
1785 break;
3ff50b79 1786 }
1da177e4
LT		 1787
1788 return 0;
1789}
1790
1791static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1792{
351638e7 1793 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
c8507fb2 1794 struct netdev_notifier_change_info *change_info;
c346dca1 1795 struct net *net = dev_net(dev);
5cb04436 1796 struct inet6_dev *idev;
1da177e4
LT		 1797
1798 switch (event) {
1799 case NETDEV_CHANGEADDR:
1800 neigh_changeaddr(&nd_tbl, dev);
2ac3ac8f 1801 fib6_run_gc(0, net, false);
a8eceea8 1802 fallthrough;
4a6e3c5d 1803 case NETDEV_UP:
5cb04436
HFS		 1804 idev = in6_dev_get(dev);
1805 if (!idev)
1806 break;
fc1f8f4f
DA		 1807 if (idev->cnf.ndisc_notify ||
1808 net->ipv6.devconf_all->ndisc_notify)
5cb04436
HFS		 1809 ndisc_send_unsol_na(dev);
1810 in6_dev_put(idev);
1da177e4 1811 break;
c8507fb2
ED		 1812 case NETDEV_CHANGE:
1813 change_info = ptr;
1814 if (change_info->flags_changed & IFF_NOARP)
1815 neigh_changeaddr(&nd_tbl, dev);
859bd2ef
DA		 1816 if (!netif_carrier_ok(dev))
1817 neigh_carrier_down(&nd_tbl, dev);
c8507fb2 1818 break;
1da177e4
LT		 1819 case NETDEV_DOWN:
1820 neigh_ifdown(&nd_tbl, dev);
2ac3ac8f 1821 fib6_run_gc(0, net, false);
1da177e4 1822 break;
f47b9464
BH		 1823 case NETDEV_NOTIFY_PEERS:
1824 ndisc_send_unsol_na(dev);
1825 break;
1da177e4
LT		 1826 default:
1827 break;
1828 }
1829
1830 return NOTIFY_DONE;
1831}
1832
1833static struct notifier_block ndisc_netdev_notifier = {
1834 .notifier_call = ndisc_netdev_event,
6eb79393 1835 .priority = ADDRCONF_NOTIFY_PRIORITY - 5,
1da177e4
LT		 1836};
1837
1838#ifdef CONFIG_SYSCTL
1839static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1840 const char *func, const char *dev_name)
1841{
1842 static char warncomm[TASK_COMM_LEN];
1843 static int warned;
1844 if (strcmp(warncomm, current->comm) && warned < 5) {
1845 strcpy(warncomm, current->comm);
f3213831 1846 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1da177e4
LT		 1847 warncomm, func,
1848 dev_name, ctl->procname,
1849 dev_name, ctl->procname);
1850 warned++;
1851 }
1852}
1853
32927393
CH		 1854int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void *buffer,
1855 size_t *lenp, loff_t *ppos)
1da177e4
LT		 1856{
1857 struct net_device *dev = ctl->extra1;
1858 struct inet6_dev *idev;
1859 int ret;
1860
d12af679
EB		 1861 if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1862 (strcmp(ctl->procname, "base_reachable_time") == 0))
1da177e4
LT		 1863 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1864
d12af679 1865 if (strcmp(ctl->procname, "retrans_time") == 0)
cb5b09c1 1866 ret = neigh_proc_dointvec(ctl, write, buffer, lenp, ppos);
d12af679
EB		 1867
1868 else if (strcmp(ctl->procname, "base_reachable_time") == 0)
cb5b09c1
JP		 1869 ret = neigh_proc_dointvec_jiffies(ctl, write,
1870 buffer, lenp, ppos);
d12af679
EB		 1871
1872 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
ad02ac14 1873 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
cb5b09c1
JP		 1874 ret = neigh_proc_dointvec_ms_jiffies(ctl, write,
1875 buffer, lenp, ppos);
d12af679 1876 else
1da177e4 1877 ret = -1;
1da177e4
LT		 1878
1879 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1f9248e5
JP		 1880 if (ctl->data == &NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME))
1881 idev->nd_parms->reachable_time =
1882 neigh_rand_reach_time(NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME));
1da177e4
LT		 1883 idev->tstamp = jiffies;
1884 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1885 in6_dev_put(idev);
1886 }
1887 return ret;
1888}
1889
1da177e4
LT		 1890
1891#endif
1892
2c8c1e72 1893static int __net_init ndisc_net_init(struct net *net)
1da177e4
LT		 1894{
1895 struct ipv6_pinfo *np;
1896 struct sock *sk;
1ab1457c 1897 int err;
1da177e4 1898
1ed8516f
DL		 1899 err = inet_ctl_sock_create(&sk, PF_INET6,
1900 SOCK_RAW, IPPROTO_ICMPV6, net);
1da177e4 1901 if (err < 0) {
675418d5
JP		 1902 ND_PRINTK(0, err,
1903 "NDISC: Failed to initialize the control socket (err %d)\n",
1904 err);
1da177e4
LT		 1905 return err;
1906 }
1907
1ed8516f 1908 net->ipv6.ndisc_sk = sk;
1762f7e8 1909
1da177e4 1910 np = inet6_sk(sk);
1da177e4
LT		 1911 np->hop_limit = 255;
1912 /* Do not loopback ndisc messages */
1913 np->mc_loop = 0;
1da177e4 1914
1762f7e8
DL		 1915 return 0;
1916}
1917
2c8c1e72 1918static void __net_exit ndisc_net_exit(struct net *net)
1762f7e8 1919{
1ed8516f 1920 inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1762f7e8
DL		 1921}
1922
1923static struct pernet_operations ndisc_net_ops = {
1924 .init = ndisc_net_init,
1925 .exit = ndisc_net_exit,
1926};
1927
1928int __init ndisc_init(void)
1929{
1930 int err;
1931
1932 err = register_pernet_subsys(&ndisc_net_ops);
1933 if (err)
1934 return err;
1ab1457c
YH		 1935 /*
1936 * Initialize the neighbour table
1937 */
d7480fd3 1938 neigh_table_init(NEIGH_ND_TABLE, &nd_tbl);
1da177e4
LT		 1939
1940#ifdef CONFIG_SYSCTL
73af614a 1941 err = neigh_sysctl_register(NULL, &nd_tbl.parms,
56ec0fb1 1942 ndisc_ifinfo_sysctl_change);
1762f7e8
DL		 1943 if (err)
1944 goto out_unregister_pernet;
1762f7e8 1945out:
bcd081a3 1946#endif
1762f7e8 1947 return err;
1da177e4 1948
1762f7e8 1949#ifdef CONFIG_SYSCTL
1762f7e8 1950out_unregister_pernet:
1762f7e8
DL		 1951 unregister_pernet_subsys(&ndisc_net_ops);
1952 goto out;
2c861cc6 1953#endif
1da177e4
LT		 1954}
1955
2c861cc6
MK		 1956int __init ndisc_late_init(void)
1957{
1958 return register_netdevice_notifier(&ndisc_netdev_notifier);
1959}
1960
1961void ndisc_late_cleanup(void)
1da177e4 1962{
36f73d0c 1963 unregister_netdevice_notifier(&ndisc_netdev_notifier);
2c861cc6
MK		 1964}
1965
1966void ndisc_cleanup(void)
1967{
1da177e4
LT		 1968#ifdef CONFIG_SYSCTL
1969 neigh_sysctl_unregister(&nd_tbl.parms);
1970#endif
d7480fd3 1971 neigh_table_clear(NEIGH_ND_TABLE, &nd_tbl);
1762f7e8 1972 unregister_pernet_subsys(&ndisc_net_ops);
1da177e4 1973}
Ubuntu Jammy Linux kernel mirror