]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blame - net/ipv6/ndisc.c
projects / mirror_ubuntu-bionic-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
udp: fix rx queue len reported by diag and proc interface
[mirror_ubuntu-bionic-kernel.git] / net / ipv6 / ndisc.c
CommitLineData
1da177e4
LT		 1/*
2 * Neighbour Discovery for IPv6
1ab1457c 3 * Linux INET6 implementation
1da177e4
LT		 4 *
5 * Authors:
1ab1457c 6 * Pedro Roque <roque@di.fc.ul.pt>
1da177e4
LT		 7 * Mike Shaver <shaver@ingenia.com>
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version
12 * 2 of the License, or (at your option) any later version.
13 */
14
15/*
16 * Changes:
17 *
e35f30c1 18 * Alexey I. Froloff : RFC6106 (DNSSL) support
31910575
PY		 19 * Pierre Ynard : export userland ND options
20 * through netlink (RDNSS support)
1da177e4
LT		 21 * Lars Fenneberg : fixed MTU setting on receipt
22 * of an RA.
1da177e4
LT		 23 * Janos Farkas : kmalloc failure checks
24 * Alexey Kuznetsov : state machine reworked
25 * and moved to net/core.
26 * Pekka Savola : RFC2461 validation
27 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly
28 */
29
675418d5 30#define pr_fmt(fmt) "ICMPv6: " fmt
1da177e4
LT		 31
32#include <linux/module.h>
1da177e4
LT		 33#include <linux/errno.h>
34#include <linux/types.h>
35#include <linux/socket.h>
36#include <linux/sockios.h>
37#include <linux/sched.h>
38#include <linux/net.h>
39#include <linux/in6.h>
40#include <linux/route.h>
41#include <linux/init.h>
42#include <linux/rcupdate.h>
5a0e3ad6 43#include <linux/slab.h>
1da177e4
LT		 44#ifdef CONFIG_SYSCTL
45#include <linux/sysctl.h>
46#endif
47
1823730f 48#include <linux/if_addr.h>
da13c59b 49#include <linux/if_ether.h>
1da177e4
LT		 50#include <linux/if_arp.h>
51#include <linux/ipv6.h>
52#include <linux/icmpv6.h>
53#include <linux/jhash.h>
54
55#include <net/sock.h>
56#include <net/snmp.h>
57
58#include <net/ipv6.h>
59#include <net/protocol.h>
60#include <net/ndisc.h>
61#include <net/ip6_route.h>
62#include <net/addrconf.h>
63#include <net/icmp.h>
64
31910575
PY		 65#include <net/netlink.h>
66#include <linux/rtnetlink.h>
67
1da177e4
LT		 68#include <net/flow.h>
69#include <net/ip6_checksum.h>
1ed8516f 70#include <net/inet_common.h>
1da177e4
LT		 71#include <linux/proc_fs.h>
72
73#include <linux/netfilter.h>
74#include <linux/netfilter_ipv6.h>
75
d6bf7817
ED		 76static u32 ndisc_hash(const void *pkey,
77 const struct net_device *dev,
2c2aba6c 78 __u32 *hash_rnd);
60395a20 79static bool ndisc_key_eq(const struct neighbour *neigh, const void *pkey);
1da177e4
LT		 80static int ndisc_constructor(struct neighbour *neigh);
81static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
82static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
83static int pndisc_constructor(struct pneigh_entry *n);
84static void pndisc_destructor(struct pneigh_entry *n);
85static void pndisc_redo(struct sk_buff *skb);
86
89d69d2b 87static const struct neigh_ops ndisc_generic_ops = {
1da177e4
LT		 88 .family = AF_INET6,
89 .solicit = ndisc_solicit,
90 .error_report = ndisc_error_report,
91 .output = neigh_resolve_output,
92 .connected_output = neigh_connected_output,
1da177e4
LT		 93};
94
89d69d2b 95static const struct neigh_ops ndisc_hh_ops = {
1da177e4
LT		 96 .family = AF_INET6,
97 .solicit = ndisc_solicit,
98 .error_report = ndisc_error_report,
99 .output = neigh_resolve_output,
100 .connected_output = neigh_resolve_output,
1da177e4
LT		 101};
102
103
89d69d2b 104static const struct neigh_ops ndisc_direct_ops = {
1da177e4 105 .family = AF_INET6,
8f40b161
DM		 106 .output = neigh_direct_output,
107 .connected_output = neigh_direct_output,
1da177e4
LT		 108};
109
110struct neigh_table nd_tbl = {
111 .family = AF_INET6,
1da177e4 112 .key_len = sizeof(struct in6_addr),
bdf53c58 113 .protocol = cpu_to_be16(ETH_P_IPV6),
1da177e4 114 .hash = ndisc_hash,
60395a20 115 .key_eq = ndisc_key_eq,
1da177e4
LT		 116 .constructor = ndisc_constructor,
117 .pconstructor = pndisc_constructor,
118 .pdestructor = pndisc_destructor,
119 .proxy_redo = pndisc_redo,
120 .id = "ndisc_cache",
121 .parms = {
b672083e 122 .tbl = &nd_tbl,
b672083e 123 .reachable_time = ND_REACHABLE_TIME,
1f9248e5
JP		 124 .data = {
125 [NEIGH_VAR_MCAST_PROBES] = 3,
126 [NEIGH_VAR_UCAST_PROBES] = 3,
127 [NEIGH_VAR_RETRANS_TIME] = ND_RETRANS_TIMER,
128 [NEIGH_VAR_BASE_REACHABLE_TIME] = ND_REACHABLE_TIME,
129 [NEIGH_VAR_DELAY_PROBE_TIME] = 5 * HZ,
130 [NEIGH_VAR_GC_STALETIME] = 60 * HZ,
eaa72dc4 131 [NEIGH_VAR_QUEUE_LEN_BYTES] = SK_WMEM_MAX,
1f9248e5
JP		 132 [NEIGH_VAR_PROXY_QLEN] = 64,
133 [NEIGH_VAR_ANYCAST_DELAY] = 1 * HZ,
134 [NEIGH_VAR_PROXY_DELAY] = (8 * HZ) / 10,
135 },
1da177e4
LT		 136 },
137 .gc_interval = 30 * HZ,
138 .gc_thresh1 = 128,
139 .gc_thresh2 = 512,
140 .gc_thresh3 = 1024,
141};
c4850687 142EXPORT_SYMBOL_GPL(nd_tbl);
1da177e4 143
cc84b3c6
AA		 144void __ndisc_fill_addr_option(struct sk_buff *skb, int type, void *data,
145 int data_len, int pad)
1da177e4 146{
8ec5da41 147 int space = __ndisc_opt_addr_space(data_len, pad);
5f5a0115 148 u8 *opt = skb_put(skb, space);
1da177e4
LT		 149
150 opt[0] = type;
151 opt[1] = space>>3;
152
153 memset(opt + 2, 0, pad);
154 opt += pad;
155 space -= pad;
156
157 memcpy(opt+2, data, data_len);
158 data_len += 2;
159 opt += data_len;
e5d08d71
IM		 160 space -= data_len;
161 if (space > 0)
1da177e4 162 memset(opt, 0, space);
1da177e4 163}
cc84b3c6 164EXPORT_SYMBOL_GPL(__ndisc_fill_addr_option);
1da177e4 165
8ec5da41 166static inline void ndisc_fill_addr_option(struct sk_buff *skb, int type,
f997c55c 167 void *data, u8 icmp6_type)
8ec5da41
AA		 168{
169 __ndisc_fill_addr_option(skb, type, data, skb->dev->addr_len,
170 ndisc_addr_option_pad(skb->dev->type));
f997c55c
AA		 171 ndisc_ops_fill_addr_option(skb->dev, skb, icmp6_type);
172}
173
174static inline void ndisc_fill_redirect_addr_option(struct sk_buff *skb,
175 void *ha,
176 const u8 *ops_data)
177{
178 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR, ha, NDISC_REDIRECT);
179 ndisc_ops_fill_redirect_addr_option(skb->dev, skb, ops_data);
8ec5da41
AA		 180}
181
1da177e4
LT		 182static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
183 struct nd_opt_hdr *end)
184{
185 int type;
186 if (!cur || !end || cur >= end)
187 return NULL;
188 type = cur->nd_opt_type;
189 do {
190 cur = ((void *)cur) + (cur->nd_opt_len << 3);
67ba4152 191 } while (cur < end && cur->nd_opt_type != type);
a02cec21 192 return cur <= end && cur->nd_opt_type == type ? cur : NULL;
1da177e4
LT		 193}
194
f997c55c
AA		 195static inline int ndisc_is_useropt(const struct net_device *dev,
196 struct nd_opt_hdr *opt)
31910575 197{
e35f30c1 198 return opt->nd_opt_type == ND_OPT_RDNSS ||
f997c55c
AA		 199 opt->nd_opt_type == ND_OPT_DNSSL ||
200 ndisc_ops_is_useropt(dev, opt->nd_opt_type);
31910575
PY		 201}
202
f997c55c
AA		 203static struct nd_opt_hdr *ndisc_next_useropt(const struct net_device *dev,
204 struct nd_opt_hdr *cur,
31910575
PY		 205 struct nd_opt_hdr *end)
206{
207 if (!cur || !end || cur >= end)
208 return NULL;
209 do {
210 cur = ((void *)cur) + (cur->nd_opt_len << 3);
f997c55c
AA		 211 } while (cur < end && !ndisc_is_useropt(dev, cur));
212 return cur <= end && ndisc_is_useropt(dev, cur) ? cur : NULL;
31910575
PY		 213}
214
f997c55c
AA		 215struct ndisc_options *ndisc_parse_options(const struct net_device *dev,
216 u8 *opt, int opt_len,
30f2a5f3 217 struct ndisc_options *ndopts)
1da177e4
LT		 218{
219 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
220
221 if (!nd_opt || opt_len < 0 || !ndopts)
222 return NULL;
223 memset(ndopts, 0, sizeof(*ndopts));
224 while (opt_len) {
225 int l;
226 if (opt_len < sizeof(struct nd_opt_hdr))
227 return NULL;
228 l = nd_opt->nd_opt_len << 3;
229 if (opt_len < l || l == 0)
230 return NULL;
f997c55c
AA		 231 if (ndisc_ops_parse_options(dev, nd_opt, ndopts))
232 goto next_opt;
1da177e4
LT		 233 switch (nd_opt->nd_opt_type) {
234 case ND_OPT_SOURCE_LL_ADDR:
235 case ND_OPT_TARGET_LL_ADDR:
236 case ND_OPT_MTU:
adc176c5 237 case ND_OPT_NONCE:
1da177e4
LT		 238 case ND_OPT_REDIRECT_HDR:
239 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
675418d5
JP		 240 ND_PRINTK(2, warn,
241 "%s: duplicated ND6 option found: type=%d\n",
242 __func__, nd_opt->nd_opt_type);
1da177e4
LT		 243 } else {
244 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
245 }
246 break;
247 case ND_OPT_PREFIX_INFO:
248 ndopts->nd_opts_pi_end = nd_opt;
cfcabdcc 249 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
1da177e4
LT		 250 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
251 break;
70ceb4f5
YH		 252#ifdef CONFIG_IPV6_ROUTE_INFO
253 case ND_OPT_ROUTE_INFO:
254 ndopts->nd_opts_ri_end = nd_opt;
255 if (!ndopts->nd_opts_ri)
256 ndopts->nd_opts_ri = nd_opt;
257 break;
258#endif
1da177e4 259 default:
f997c55c 260 if (ndisc_is_useropt(dev, nd_opt)) {
31910575
PY		 261 ndopts->nd_useropts_end = nd_opt;
262 if (!ndopts->nd_useropts)
263 ndopts->nd_useropts = nd_opt;
264 } else {
265 /*
266 * Unknown options must be silently ignored,
267 * to accommodate future extension to the
268 * protocol.
269 */
675418d5
JP		 270 ND_PRINTK(2, notice,
271 "%s: ignored unsupported option; type=%d, len=%d\n",
272 __func__,
273 nd_opt->nd_opt_type,
274 nd_opt->nd_opt_len);
31910575 275 }
1da177e4 276 }
f997c55c 277next_opt:
1da177e4
LT		 278 opt_len -= l;
279 nd_opt = ((void *)nd_opt) + l;
280 }
281 return ndopts;
282}
283
b71d1d42 284int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
1da177e4
LT		 285{
286 switch (dev->type) {
287 case ARPHRD_ETHER:
288 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */
289 case ARPHRD_FDDI:
290 ipv6_eth_mc_map(addr, buf);
291 return 0;
1da177e4
LT		 292 case ARPHRD_ARCNET:
293 ipv6_arcnet_mc_map(addr, buf);
294 return 0;
295 case ARPHRD_INFINIBAND:
a9e527e3 296 ipv6_ib_mc_map(addr, dev->broadcast, buf);
1da177e4 297 return 0;
93ca3bb5
TT		 298 case ARPHRD_IPGRE:
299 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
1da177e4
LT		 300 default:
301 if (dir) {
302 memcpy(buf, dev->broadcast, dev->addr_len);
303 return 0;
304 }
305 }
306 return -EINVAL;
307}
7159039a
YH		 308EXPORT_SYMBOL(ndisc_mc_map);
309
d6bf7817
ED		 310static u32 ndisc_hash(const void *pkey,
311 const struct net_device *dev,
2c2aba6c 312 __u32 *hash_rnd)
1da177e4 313{
2c2aba6c 314 return ndisc_hashfn(pkey, dev, hash_rnd);
1da177e4
LT		 315}
316
60395a20
EB		 317static bool ndisc_key_eq(const struct neighbour *n, const void *pkey)
318{
319 return neigh_key_eq128(n, pkey);
320}
321
1da177e4
LT		 322static int ndisc_constructor(struct neighbour *neigh)
323{
67ba4152 324 struct in6_addr *addr = (struct in6_addr *)&neigh->primary_key;
1da177e4
LT		 325 struct net_device *dev = neigh->dev;
326 struct inet6_dev *in6_dev;
327 struct neigh_parms *parms;
a50feda5 328 bool is_multicast = ipv6_addr_is_multicast(addr);
1da177e4 329
1da177e4 330 in6_dev = in6_dev_get(dev);
63159f29 331 if (!in6_dev) {
1da177e4
LT		 332 return -EINVAL;
333 }
334
335 parms = in6_dev->nd_parms;
336 __neigh_parms_put(neigh->parms);
337 neigh->parms = neigh_parms_clone(parms);
1da177e4
LT		 338
339 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
3b04ddde 340 if (!dev->header_ops) {
1da177e4
LT		 341 neigh->nud_state = NUD_NOARP;
342 neigh->ops = &ndisc_direct_ops;
8f40b161 343 neigh->output = neigh_direct_output;
1da177e4
LT		 344 } else {
345 if (is_multicast) {
346 neigh->nud_state = NUD_NOARP;
347 ndisc_mc_map(addr, neigh->ha, dev, 1);
348 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
349 neigh->nud_state = NUD_NOARP;
350 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
351 if (dev->flags&IFF_LOOPBACK)
352 neigh->type = RTN_LOCAL;
353 } else if (dev->flags&IFF_POINTOPOINT) {
354 neigh->nud_state = NUD_NOARP;
355 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
356 }
3b04ddde 357 if (dev->header_ops->cache)
1da177e4
LT		 358 neigh->ops = &ndisc_hh_ops;
359 else
360 neigh->ops = &ndisc_generic_ops;
361 if (neigh->nud_state&NUD_VALID)
362 neigh->output = neigh->ops->connected_output;
363 else
364 neigh->output = neigh->ops->output;
365 }
366 in6_dev_put(in6_dev);
367 return 0;
368}
369
370static int pndisc_constructor(struct pneigh_entry *n)
371{
67ba4152 372 struct in6_addr *addr = (struct in6_addr *)&n->key;
1da177e4
LT		 373 struct in6_addr maddr;
374 struct net_device *dev = n->dev;
375
63159f29 376 if (!dev || !__in6_dev_get(dev))
1da177e4
LT		 377 return -EINVAL;
378 addrconf_addr_solict_mult(addr, &maddr);
379 ipv6_dev_mc_inc(dev, &maddr);
380 return 0;
381}
382
383static void pndisc_destructor(struct pneigh_entry *n)
384{
67ba4152 385 struct in6_addr *addr = (struct in6_addr *)&n->key;
1da177e4
LT		 386 struct in6_addr maddr;
387 struct net_device *dev = n->dev;
388
63159f29 389 if (!dev || !__in6_dev_get(dev))
1da177e4
LT		 390 return;
391 addrconf_addr_solict_mult(addr, &maddr);
392 ipv6_dev_mc_dec(dev, &maddr);
393}
394
de09334b
YH		 395static struct sk_buff *ndisc_alloc_skb(struct net_device *dev,
396 int len)
397{
398 int hlen = LL_RESERVED_SPACE(dev);
399 int tlen = dev->needed_tailroom;
400 struct sock *sk = dev_net(dev)->ipv6.ndisc_sk;
401 struct sk_buff *skb;
de09334b 402
25a6e6b8 403 skb = alloc_skb(hlen + sizeof(struct ipv6hdr) + len + tlen, GFP_ATOMIC);
de09334b 404 if (!skb) {
25a6e6b8
TG		 405 ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb\n",
406 __func__);
de09334b
YH		 407 return NULL;
408 }
409
f382d03a
YH		 410 skb->protocol = htons(ETH_P_IPV6);
411 skb->dev = dev;
412
527a150f 413 skb_reserve(skb, hlen + sizeof(struct ipv6hdr));
5135e633 414 skb_reset_transport_header(skb);
de09334b 415
25a6e6b8
TG		 416 /* Manually assign socket ownership as we avoid calling
417 * sock_alloc_send_pskb() to bypass wmem buffer limits
418 */
419 skb_set_owner_w(skb, sk);
420
de09334b
YH		 421 return skb;
422}
423
f382d03a 424static void ip6_nd_hdr(struct sk_buff *skb,
2576f17d
YH		 425 const struct in6_addr *saddr,
426 const struct in6_addr *daddr,
c8d6c380 427 int hop_limit, int len)
2576f17d
YH		 428{
429 struct ipv6hdr *hdr;
2210d6b2
 430 struct inet6_dev *idev;
431 unsigned tclass;
432
433 rcu_read_lock();
434 idev = __in6_dev_get(skb->dev);
435 tclass = idev ? idev->cnf.ndisc_tclass : 0;
436 rcu_read_unlock();
2576f17d 437
527a150f 438 skb_push(skb, sizeof(*hdr));
2576f17d 439 skb_reset_network_header(skb);
2576f17d
YH		 440 hdr = ipv6_hdr(skb);
441
2210d6b2 442 ip6_flow_hdr(hdr, tclass, 0);
2576f17d
YH		 443
444 hdr->payload_len = htons(len);
c8d6c380
YH		 445 hdr->nexthdr = IPPROTO_ICMPV6;
446 hdr->hop_limit = hop_limit;
2576f17d
YH		 447
448 hdr->saddr = *saddr;
449 hdr->daddr = *daddr;
450}
451
af9a9976 452static void ndisc_send_skb(struct sk_buff *skb,
fd0ea7db 453 const struct in6_addr *daddr,
aa4bdd4b 454 const struct in6_addr *saddr)
305d552a 455{
f4de84c6 456 struct dst_entry *dst = skb_dst(skb);
af9a9976 457 struct net *net = dev_net(skb->dev);
7b3d9b06 458 struct sock *sk = net->ipv6.ndisc_sk;
305d552a
BH		 459 struct inet6_dev *idev;
460 int err;
aa4bdd4b 461 struct icmp6hdr *icmp6h = icmp6_hdr(skb);
305d552a
BH		 462 u8 type;
463
464 type = icmp6h->icmp6_type;
465
f4de84c6 466 if (!dst) {
f4de84c6 467 struct flowi6 fl6;
e0d56fdd 468 int oif = skb->dev->ifindex;
305d552a 469
ca254490 470 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, oif);
f4de84c6
YH		 471 dst = icmp6_dst_alloc(skb->dev, &fl6);
472 if (IS_ERR(dst)) {
473 kfree_skb(skb);
474 return;
475 }
476
477 skb_dst_set(skb, dst);
478 }
e1ec7842 479
7b3d9b06
YH		 480 icmp6h->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len,
481 IPPROTO_ICMPV6,
482 csum_partial(icmp6h,
483 skb->len, 0));
484
485 ip6_nd_hdr(skb, saddr, daddr, inet6_sk(sk)->hop_limit, skb->len);
486
cfdf7647
ED		 487 rcu_read_lock();
488 idev = __in6_dev_get(dst->dev);
edf391ff 489 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
e1ec7842 490
29a26a56
EB		 491 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT,
492 net, sk, skb, NULL, dst->dev,
13206b6b 493 dst_output);
1da177e4 494 if (!err) {
5c5d244b 495 ICMP6MSGOUT_INC_STATS(net, idev, type);
a862f6a6 496 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
1da177e4
LT		 497 }
498
cfdf7647 499 rcu_read_unlock();
1ab1457c 500}
1da177e4 501
38cf595b 502void ndisc_send_na(struct net_device *dev, const struct in6_addr *daddr,
f564f45c
CW		 503 const struct in6_addr *solicited_addr,
504 bool router, bool solicited, bool override, bool inc_opt)
e1ec7842 505{
b44b5f4a 506 struct sk_buff *skb;
e1ec7842
YH		 507 struct in6_addr tmpaddr;
508 struct inet6_ifaddr *ifp;
9acd9f3a 509 const struct in6_addr *src_addr;
1cb3fe51
YH		 510 struct nd_msg *msg;
511 int optlen = 0;
e1ec7842
YH		 512
513 /* for anycast or proxy, solicited_addr != src_addr */
c346dca1 514 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
e1ec7842
YH		 515 if (ifp) {
516 src_addr = solicited_addr;
517 if (ifp->flags & IFA_F_OPTIMISTIC)
f2f79cca 518 override = false;
9f888160 519 inc_opt |= ifp->idev->cnf.force_tllao;
e1ec7842
YH		 520 in6_ifa_put(ifp);
521 } else {
191cd582 522 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
c346dca1 523 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
7cbca67c 524 &tmpaddr))
e1ec7842
YH		 525 return;
526 src_addr = &tmpaddr;
527 }
528
1cb3fe51
YH		 529 if (!dev->addr_len)
530 inc_opt = 0;
531 if (inc_opt)
f997c55c
AA		 532 optlen += ndisc_opt_addr_space(dev,
533 NDISC_NEIGHBOUR_ADVERTISEMENT);
e1ec7842 534
1cb3fe51 535 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
b44b5f4a
YH		 536 if (!skb)
537 return;
538
4df864c1 539 msg = skb_put(skb, sizeof(*msg));
1cb3fe51
YH		 540 *msg = (struct nd_msg) {
541 .icmph = {
542 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
543 .icmp6_router = router,
544 .icmp6_solicited = solicited,
545 .icmp6_override = override,
546 },
547 .target = *solicited_addr,
548 };
549
550 if (inc_opt)
551 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR,
f997c55c
AA		 552 dev->dev_addr,
553 NDISC_NEIGHBOUR_ADVERTISEMENT);
1cb3fe51 554
b44b5f4a 555 ndisc_send_skb(skb, daddr, src_addr);
e1ec7842
YH		 556}
557
f47b9464
BH		 558static void ndisc_send_unsol_na(struct net_device *dev)
559{
560 struct inet6_dev *idev;
561 struct inet6_ifaddr *ifa;
f47b9464
BH		 562
563 idev = in6_dev_get(dev);
564 if (!idev)
565 return;
566
567 read_lock_bh(&idev->lock);
568 list_for_each_entry(ifa, &idev->addr_list, if_list) {
db98f2c9
DA		 569 /* skip tentative addresses until dad completes */
570 if (ifa->flags & IFA_F_TENTATIVE &&
571 !(ifa->flags & IFA_F_OPTIMISTIC))
572 continue;
573
38cf595b 574 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &ifa->addr,
f47b9464
BH		 575 /*router=*/ !!idev->cnf.forwarding,
576 /*solicited=*/ false, /*override=*/ true,
577 /*inc_opt=*/ true);
578 }
579 read_unlock_bh(&idev->lock);
580
581 in6_dev_put(idev);
582}
583
38cf595b 584void ndisc_send_ns(struct net_device *dev, const struct in6_addr *solicit,
adc176c5
EN		 585 const struct in6_addr *daddr, const struct in6_addr *saddr,
586 u64 nonce)
1da177e4 587{
b44b5f4a 588 struct sk_buff *skb;
1da177e4 589 struct in6_addr addr_buf;
1cb3fe51
YH		 590 int inc_opt = dev->addr_len;
591 int optlen = 0;
592 struct nd_msg *msg;
1da177e4 593
63159f29 594 if (!saddr) {
95c385b4
NH		 595 if (ipv6_get_lladdr(dev, &addr_buf,
596 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
1da177e4
LT		 597 return;
598 saddr = &addr_buf;
599 }
600
1cb3fe51 601 if (ipv6_addr_any(saddr))
f2f79cca 602 inc_opt = false;
1cb3fe51 603 if (inc_opt)
f997c55c
AA		 604 optlen += ndisc_opt_addr_space(dev,
605 NDISC_NEIGHBOUR_SOLICITATION);
adc176c5
EN		 606 if (nonce != 0)
607 optlen += 8;
1cb3fe51
YH		 608
609 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
b44b5f4a
YH		 610 if (!skb)
611 return;
612
4df864c1 613 msg = skb_put(skb, sizeof(*msg));
1cb3fe51
YH		 614 *msg = (struct nd_msg) {
615 .icmph = {
616 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
617 },
618 .target = *solicit,
619 };
620
621 if (inc_opt)
622 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
f997c55c
AA		 623 dev->dev_addr,
624 NDISC_NEIGHBOUR_SOLICITATION);
adc176c5
EN		 625 if (nonce != 0) {
626 u8 *opt = skb_put(skb, 8);
627
628 opt[0] = ND_OPT_NONCE;
629 opt[1] = 8 >> 3;
630 memcpy(opt + 2, &nonce, 6);
631 }
1cb3fe51 632
b44b5f4a 633 ndisc_send_skb(skb, daddr, saddr);
1da177e4
LT		 634}
635
9acd9f3a
YH		 636void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
637 const struct in6_addr *daddr)
1da177e4 638{
b44b5f4a 639 struct sk_buff *skb;
1cb3fe51 640 struct rs_msg *msg;
95c385b4 641 int send_sllao = dev->addr_len;
1cb3fe51 642 int optlen = 0;
95c385b4
NH		 643
644#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
645 /*
646 * According to section 2.2 of RFC 4429, we must not
647 * send router solicitations with a sllao from
648 * optimistic addresses, but we may send the solicitation
649 * if we don't include the sllao. So here we check
650 * if our address is optimistic, and if so, we
bea85195 651 * suppress the inclusion of the sllao.
95c385b4
NH		 652 */
653 if (send_sllao) {
c346dca1 654 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
1cab3da6 655 dev, 1);
95c385b4
NH		 656 if (ifp) {
657 if (ifp->flags & IFA_F_OPTIMISTIC) {
ca043569 658 send_sllao = 0;
95c385b4 659 }
ca043569 660 in6_ifa_put(ifp);
95c385b4
NH		 661 } else {
662 send_sllao = 0;
663 }
664 }
665#endif
1cb3fe51 666 if (send_sllao)
f997c55c 667 optlen += ndisc_opt_addr_space(dev, NDISC_ROUTER_SOLICITATION);
1cb3fe51
YH		 668
669 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
b44b5f4a
YH		 670 if (!skb)
671 return;
672
4df864c1 673 msg = skb_put(skb, sizeof(*msg));
1cb3fe51
YH		 674 *msg = (struct rs_msg) {
675 .icmph = {
676 .icmp6_type = NDISC_ROUTER_SOLICITATION,
677 },
678 };
679
680 if (send_sllao)
681 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
f997c55c
AA		 682 dev->dev_addr,
683 NDISC_ROUTER_SOLICITATION);
1cb3fe51 684
b44b5f4a 685 ndisc_send_skb(skb, daddr, saddr);
1da177e4 686}
1ab1457c 687
1da177e4
LT		 688
689static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
690{
691 /*
692 * "The sender MUST return an ICMP
693 * destination unreachable"
694 */
695 dst_link_failure(skb);
696 kfree_skb(skb);
697}
698
699/* Called with locked neigh: either read or both */
700
701static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
702{
703 struct in6_addr *saddr = NULL;
704 struct in6_addr mcaddr;
705 struct net_device *dev = neigh->dev;
706 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
707 int probes = atomic_read(&neigh->probes);
708
c58da4c6
EK		 709 if (skb && ipv6_chk_addr_and_flags(dev_net(dev), &ipv6_hdr(skb)->saddr,
710 dev, 1,
711 IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))
0660e03f 712 saddr = &ipv6_hdr(skb)->saddr;
e5d08d71
IM		 713 probes -= NEIGH_VAR(neigh->parms, UCAST_PROBES);
714 if (probes < 0) {
1da177e4 715 if (!(neigh->nud_state & NUD_VALID)) {
675418d5
JP		 716 ND_PRINTK(1, dbg,
717 "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
718 __func__, target);
1da177e4 719 }
adc176c5 720 ndisc_send_ns(dev, target, target, saddr, 0);
1f9248e5 721 } else if ((probes -= NEIGH_VAR(neigh->parms, APP_PROBES)) < 0) {
1da177e4 722 neigh_app_ns(neigh);
1da177e4
LT		 723 } else {
724 addrconf_addr_solict_mult(target, &mcaddr);
adc176c5 725 ndisc_send_ns(dev, target, &mcaddr, saddr, 0);
1da177e4
LT		 726 }
727}
728
0736ffc0
YH		 729static int pndisc_is_router(const void *pkey,
730 struct net_device *dev)
fa86d322
PE		 731{
732 struct pneigh_entry *n;
0736ffc0 733 int ret = -1;
fa86d322
PE		 734
735 read_lock_bh(&nd_tbl.lock);
0736ffc0
YH		 736 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
737 if (n)
738 ret = !!(n->flags & NTF_ROUTER);
fa86d322
PE		 739 read_unlock_bh(&nd_tbl.lock);
740
0736ffc0 741 return ret;
fa86d322
PE		 742}
743
f997c55c
AA		 744void ndisc_update(const struct net_device *dev, struct neighbour *neigh,
745 const u8 *lladdr, u8 new, u32 flags, u8 icmp6_type,
746 struct ndisc_options *ndopts)
747{
7b8f7a40 748 neigh_update(neigh, lladdr, new, flags, 0);
f997c55c
AA		 749 /* report ndisc ops about neighbour update */
750 ndisc_ops_update(dev, neigh, flags, icmp6_type, ndopts);
751}
752
1da177e4
LT		 753static void ndisc_recv_ns(struct sk_buff *skb)
754{
9c70220b 755 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
b71d1d42
ED		 756 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
757 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
1da177e4 758 u8 *lladdr = NULL;
29a3cad5 759 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
27a884dc 760 offsetof(struct nd_msg, opt));
1da177e4
LT		 761 struct ndisc_options ndopts;
762 struct net_device *dev = skb->dev;
763 struct inet6_ifaddr *ifp;
764 struct inet6_dev *idev = NULL;
765 struct neighbour *neigh;
766 int dad = ipv6_addr_any(saddr);
a50feda5 767 bool inc;
0736ffc0 768 int is_router = -1;
adc176c5 769 u64 nonce = 0;
1da177e4 770
115b0aa6
YH		 771 if (skb->len < sizeof(struct nd_msg)) {
772 ND_PRINTK(2, warn, "NS: packet too short\n");
773 return;
774 }
775
1da177e4 776 if (ipv6_addr_is_multicast(&msg->target)) {
675418d5 777 ND_PRINTK(2, warn, "NS: multicast target address\n");
1da177e4
LT		 778 return;
779 }
780
781 /*
782 * RFC2461 7.1.1:
783 * DAD has to be destined for solicited node multicast address.
784 */
ca97a644 785 if (dad && !ipv6_addr_is_solict_mult(daddr)) {
675418d5 786 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
1da177e4
LT		 787 return;
788 }
789
f997c55c 790 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
675418d5 791 ND_PRINTK(2, warn, "NS: invalid ND options\n");
1da177e4
LT		 792 return;
793 }
794
795 if (ndopts.nd_opts_src_lladdr) {
796 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
797 if (!lladdr) {
675418d5
JP		 798 ND_PRINTK(2, warn,
799 "NS: invalid link-layer address length\n");
1da177e4
LT		 800 return;
801 }
802
803 /* RFC2461 7.1.1:
1ab1457c
YH		 804 * If the IP source address is the unspecified address,
805 * there MUST NOT be source link-layer address option
1da177e4
LT		 806 * in the message.
807 */
808 if (dad) {
675418d5
JP		 809 ND_PRINTK(2, warn,
810 "NS: bad DAD packet (link-layer address option)\n");
1da177e4
LT		 811 return;
812 }
813 }
adc176c5
EN		 814 if (ndopts.nd_opts_nonce)
815 memcpy(&nonce, (u8 *)(ndopts.nd_opts_nonce + 1), 6);
1da177e4
LT		 816
817 inc = ipv6_addr_is_multicast(daddr);
818
c346dca1 819 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
a18bc695 820 if (ifp) {
ca254490 821have_ifp:
95c385b4
NH		 822 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
823 if (dad) {
adc176c5
EN		 824 if (nonce != 0 && ifp->dad_nonce == nonce) {
825 u8 *np = (u8 *)&nonce;
826 /* Matching nonce if looped back */
827 ND_PRINTK(2, notice,
828 "%s: IPv6 DAD loopback for address %pI6c nonce %pM ignored\n",
829 ifp->idev->dev->name,
830 &ifp->addr, np);
831 goto out;
832 }
95c385b4
NH		 833 /*
834 * We are colliding with another node
835 * who is doing DAD
836 * so fail our DAD process
837 */
da13c59b 838 addrconf_dad_failure(skb, ifp);
9e3be4b3 839 return;
95c385b4
NH		 840 } else {
841 /*
842 * This is not a dad solicitation.
843 * If we are an optimistic node,
844 * we should respond.
845 * Otherwise, we should ignore it.
846 */
847 if (!(ifp->flags & IFA_F_OPTIMISTIC))
1da177e4 848 goto out;
1da177e4 849 }
1da177e4
LT		 850 }
851
852 idev = ifp->idev;
853 } else {
53b7997f
YH		 854 struct net *net = dev_net(dev);
855
ca254490
DA		 856 /* perhaps an address on the master device */
857 if (netif_is_l3_slave(dev)) {
858 struct net_device *mdev;
859
860 mdev = netdev_master_upper_dev_get_rcu(dev);
861 if (mdev) {
862 ifp = ipv6_get_ifaddr(net, &msg->target, mdev, 1);
863 if (ifp)
864 goto have_ifp;
865 }
866 }
867
1da177e4
LT		 868 idev = in6_dev_get(dev);
869 if (!idev) {
870 /* XXX: count this drop? */
871 return;
872 }
873
53b7997f 874 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
1ab1457c 875 (idev->cnf.forwarding &&
53b7997f 876 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
0736ffc0 877 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
a61bbcf2 878 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
1da177e4 879 skb->pkt_type != PACKET_HOST &&
f2f79cca 880 inc &&
1f9248e5 881 NEIGH_VAR(idev->nd_parms, PROXY_DELAY) != 0) {
1da177e4
LT		 882 /*
883 * for anycast or proxy,
1ab1457c
YH		 884 * sender should delay its response
885 * by a random time between 0 and
1da177e4
LT		 886 * MAX_ANYCAST_DELAY_TIME seconds.
887 * (RFC2461) -- yoshfuji
888 */
889 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
890 if (n)
891 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
892 goto out;
893 }
894 } else
895 goto out;
896 }
897
0736ffc0 898 if (is_router < 0)
fb568637 899 is_router = idev->cnf.forwarding;
62dd9318 900
1da177e4 901 if (dad) {
38cf595b 902 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &msg->target,
fb568637 903 !!is_router, false, (ifp != NULL), true);
1da177e4
LT		 904 goto out;
905 }
906
907 if (inc)
908 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
909 else
910 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
911
1ab1457c 912 /*
1da177e4
LT		 913 * update / create cache entry
914 * for the source address
915 */
916 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
917 !inc || lladdr || !dev->addr_len);
918 if (neigh)
f997c55c 919 ndisc_update(dev, neigh, lladdr, NUD_STALE,
1da177e4 920 NEIGH_UPDATE_F_WEAK_OVERRIDE|
f997c55c
AA		 921 NEIGH_UPDATE_F_OVERRIDE,
922 NDISC_NEIGHBOUR_SOLICITATION, &ndopts);
3b04ddde 923 if (neigh || !dev->header_ops) {
38cf595b 924 ndisc_send_na(dev, saddr, &msg->target, !!is_router,
fb568637 925 true, (ifp != NULL && inc), inc);
1da177e4
LT		 926 if (neigh)
927 neigh_release(neigh);
928 }
929
930out:
931 if (ifp)
932 in6_ifa_put(ifp);
933 else
934 in6_dev_put(idev);
1da177e4
LT		 935}
936
937static void ndisc_recv_na(struct sk_buff *skb)
938{
9c70220b 939 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
be7a010d 940 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
b71d1d42 941 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
1da177e4 942 u8 *lladdr = NULL;
29a3cad5 943 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
27a884dc 944 offsetof(struct nd_msg, opt));
1da177e4
LT		 945 struct ndisc_options ndopts;
946 struct net_device *dev = skb->dev;
7a02bf89 947 struct inet6_dev *idev = __in6_dev_get(dev);
1da177e4
LT		 948 struct inet6_ifaddr *ifp;
949 struct neighbour *neigh;
950
951 if (skb->len < sizeof(struct nd_msg)) {
675418d5 952 ND_PRINTK(2, warn, "NA: packet too short\n");
1da177e4
LT		 953 return;
954 }
955
956 if (ipv6_addr_is_multicast(&msg->target)) {
675418d5 957 ND_PRINTK(2, warn, "NA: target address is multicast\n");
1da177e4
LT		 958 return;
959 }
960
961 if (ipv6_addr_is_multicast(daddr) &&
962 msg->icmph.icmp6_solicited) {
675418d5 963 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
1da177e4
LT		 964 return;
965 }
1ab1457c 966
7a02bf89
JB		 967 /* For some 802.11 wireless deployments (and possibly other networks),
968 * there will be a NA proxy and unsolicitd packets are attacks
969 * and thus should not be accepted.
970 */
971 if (!msg->icmph.icmp6_solicited && idev &&
972 idev->cnf.drop_unsolicited_na)
973 return;
974
f997c55c 975 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
675418d5 976 ND_PRINTK(2, warn, "NS: invalid ND option\n");
1da177e4
LT		 977 return;
978 }
979 if (ndopts.nd_opts_tgt_lladdr) {
980 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
981 if (!lladdr) {
675418d5
JP		 982 ND_PRINTK(2, warn,
983 "NA: invalid link-layer address length\n");
1da177e4
LT		 984 return;
985 }
986 }
c346dca1 987 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
a18bc695 988 if (ifp) {
bd015928
DW		 989 if (skb->pkt_type != PACKET_LOOPBACK
990 && (ifp->flags & IFA_F_TENTATIVE)) {
da13c59b 991 addrconf_dad_failure(skb, ifp);
bd015928 992 return;
1da177e4
LT		 993 }
994 /* What should we make now? The advertisement
995 is invalid, but ndisc specs say nothing
996 about it. It could be misconfiguration, or
997 an smart proxy agent tries to help us :-)
24fc7b86
JS		 998
999 We should not print the error if NA has been
1000 received from loopback - it is just our own
1001 unsolicited advertisement.
1da177e4 1002 */
24fc7b86 1003 if (skb->pkt_type != PACKET_LOOPBACK)
675418d5 1004 ND_PRINTK(1, warn,
da13c59b
VP		 1005 "NA: %pM advertised our address %pI6c on %s!\n",
1006 eth_hdr(skb)->h_source, &ifp->addr, ifp->idev->dev->name);
1da177e4
LT		 1007 in6_ifa_put(ifp);
1008 return;
1009 }
1010 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
1011
1012 if (neigh) {
1013 u8 old_flags = neigh->flags;
53b7997f 1014 struct net *net = dev_net(dev);
1da177e4
LT		 1015
1016 if (neigh->nud_state & NUD_FAILED)
1017 goto out;
1018
5f3e6e9e
VN		 1019 /*
1020 * Don't update the neighbor cache entry on a proxy NA from
1021 * ourselves because either the proxied node is off link or it
1022 * has already sent a NA to us.
1023 */
1024 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
53b7997f
YH		 1025 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
1026 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
b20b6d97 1027 /* XXX: idev->cnf.proxy_ndp */
5f3e6e9e 1028 goto out;
fbea49e1 1029 }
5f3e6e9e 1030
f997c55c 1031 ndisc_update(dev, neigh, lladdr,
1da177e4
LT		 1032 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
1033 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1034 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
1035 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
f997c55c
AA		 1036 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0),
1037 NDISC_NEIGHBOUR_ADVERTISEMENT, &ndopts);
1da177e4
LT		 1038
1039 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
1040 /*
1041 * Change: router to host
1042 */
be7a010d 1043 rt6_clean_tohost(dev_net(dev), saddr);
1da177e4
LT		 1044 }
1045
1046out:
1047 neigh_release(neigh);
1048 }
1049}
1050
1051static void ndisc_recv_rs(struct sk_buff *skb)
1052{
9c70220b 1053 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
1da177e4
LT		 1054 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
1055 struct neighbour *neigh;
1056 struct inet6_dev *idev;
b71d1d42 1057 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
1da177e4
LT		 1058 struct ndisc_options ndopts;
1059 u8 *lladdr = NULL;
1060
1061 if (skb->len < sizeof(*rs_msg))
1062 return;
1063
cfdf7647 1064 idev = __in6_dev_get(skb->dev);
1da177e4 1065 if (!idev) {
675418d5 1066 ND_PRINTK(1, err, "RS: can't find in6 device\n");
1da177e4
LT		 1067 return;
1068 }
1069
1070 /* Don't accept RS if we're not in router mode */
1071 if (!idev->cnf.forwarding)
1072 goto out;
1073
1074 /*
1075 * Don't update NCE if src = ::;
1076 * this implies that the source node has no ip address assigned yet.
1077 */
1078 if (ipv6_addr_any(saddr))
1079 goto out;
1080
1081 /* Parse ND options */
f997c55c 1082 if (!ndisc_parse_options(skb->dev, rs_msg->opt, ndoptlen, &ndopts)) {
675418d5 1083 ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n");
1da177e4
LT		 1084 goto out;
1085 }
1086
1087 if (ndopts.nd_opts_src_lladdr) {
1088 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1089 skb->dev);
1090 if (!lladdr)
1091 goto out;
1092 }
1093
1094 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1095 if (neigh) {
f997c55c 1096 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1da177e4
LT		 1097 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1098 NEIGH_UPDATE_F_OVERRIDE|
f997c55c
AA		 1099 NEIGH_UPDATE_F_OVERRIDE_ISROUTER,
1100 NDISC_ROUTER_SOLICITATION, &ndopts);
1da177e4
LT		 1101 neigh_release(neigh);
1102 }
1103out:
cfdf7647 1104 return;
1da177e4
LT		 1105}
1106
31910575
PY		 1107static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1108{
1109 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1110 struct sk_buff *skb;
1111 struct nlmsghdr *nlh;
1112 struct nduseroptmsg *ndmsg;
c346dca1 1113 struct net *net = dev_net(ra->dev);
31910575
PY		 1114 int err;
1115 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1116 + (opt->nd_opt_len << 3));
1117 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1118
1119 skb = nlmsg_new(msg_size, GFP_ATOMIC);
63159f29 1120 if (!skb) {
31910575
PY		 1121 err = -ENOBUFS;
1122 goto errout;
1123 }
1124
1125 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
63159f29 1126 if (!nlh) {
31910575
PY		 1127 goto nla_put_failure;
1128 }
1129
1130 ndmsg = nlmsg_data(nlh);
1131 ndmsg->nduseropt_family = AF_INET6;
dbb2ed24 1132 ndmsg->nduseropt_ifindex = ra->dev->ifindex;
31910575
PY		 1133 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1134 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1135 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1136
1137 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1138
930345ea 1139 if (nla_put_in6_addr(skb, NDUSEROPT_SRCADDR, &ipv6_hdr(ra)->saddr))
c78679e8 1140 goto nla_put_failure;
31910575
PY		 1141 nlmsg_end(skb, nlh);
1142
1ce85fe4 1143 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
31910575
PY		 1144 return;
1145
1146nla_put_failure:
1147 nlmsg_free(skb);
1148 err = -EMSGSIZE;
1149errout:
a18bc695 1150 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
31910575
PY		 1151}
1152
1da177e4
LT		 1153static void ndisc_router_discovery(struct sk_buff *skb)
1154{
9c70220b 1155 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1da177e4
LT		 1156 struct neighbour *neigh = NULL;
1157 struct inet6_dev *in6_dev;
65f5c7c1 1158 struct rt6_info *rt = NULL;
1da177e4
LT		 1159 int lifetime;
1160 struct ndisc_options ndopts;
1161 int optlen;
ebacaaa0 1162 unsigned int pref = 0;
a394eef5 1163 __u32 old_if_flags;
2053aeb6 1164 bool send_ifinfo_notify = false;
1da177e4 1165
67ba4152 1166 __u8 *opt = (__u8 *)(ra_msg + 1);
1da177e4 1167
29a3cad5
SH		 1168 optlen = (skb_tail_pointer(skb) - skb_transport_header(skb)) -
1169 sizeof(struct ra_msg);
1da177e4 1170
f2a762d8
BG		 1171 ND_PRINTK(2, info,
1172 "RA: %s, dev: %s\n",
1173 __func__, skb->dev->name);
0660e03f 1174 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
675418d5 1175 ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1da177e4
LT		 1176 return;
1177 }
1178 if (optlen < 0) {
675418d5 1179 ND_PRINTK(2, warn, "RA: packet too short\n");
1da177e4
LT		 1180 return;
1181 }
1182
de357cc0 1183#ifdef CONFIG_IPV6_NDISC_NODETYPE
fadf6bf0 1184 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
675418d5 1185 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
fadf6bf0
TF		 1186 return;
1187 }
de357cc0 1188#endif
fadf6bf0 1189
1da177e4
LT		 1190 /*
1191 * set the RA_RECV flag in the interface
1192 */
1193
cfdf7647 1194 in6_dev = __in6_dev_get(skb->dev);
63159f29 1195 if (!in6_dev) {
675418d5
JP		 1196 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1197 skb->dev->name);
1da177e4
LT		 1198 return;
1199 }
1da177e4 1200
f997c55c 1201 if (!ndisc_parse_options(skb->dev, opt, optlen, &ndopts)) {
675418d5 1202 ND_PRINTK(2, warn, "RA: invalid ND options\n");
1da177e4
LT		 1203 return;
1204 }
1205
f2a762d8
BG		 1206 if (!ipv6_accept_ra(in6_dev)) {
1207 ND_PRINTK(2, info,
1208 "RA: %s, did not accept ra for dev: %s\n",
1209 __func__, skb->dev->name);
31ce8c71 1210 goto skip_linkparms;
f2a762d8 1211 }
31ce8c71 1212
de357cc0 1213#ifdef CONFIG_IPV6_NDISC_NODETYPE
fadf6bf0 1214 /* skip link-specific parameters from interior routers */
f2a762d8
BG		 1215 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1216 ND_PRINTK(2, info,
1217 "RA: %s, nodetype is NODEFAULT, dev: %s\n",
1218 __func__, skb->dev->name);
fadf6bf0 1219 goto skip_linkparms;
f2a762d8 1220 }
de357cc0 1221#endif
fadf6bf0 1222
1da177e4
LT		 1223 if (in6_dev->if_flags & IF_RS_SENT) {
1224 /*
1225 * flag that an RA was received after an RS was sent
1226 * out on this interface.
1227 */
1228 in6_dev->if_flags |= IF_RA_RCVD;
1229 }
1230
1231 /*
1232 * Remember the managed/otherconf flags from most recently
1233 * received RA message (RFC 2462) -- yoshfuji
1234 */
a394eef5 1235 old_if_flags = in6_dev->if_flags;
1da177e4
LT		 1236 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1237 IF_RA_OTHERCONF)) |
1238 (ra_msg->icmph.icmp6_addrconf_managed ?
1239 IF_RA_MANAGED : 0) |
1240 (ra_msg->icmph.icmp6_addrconf_other ?
1241 IF_RA_OTHERCONF : 0);
1242
a394eef5 1243 if (old_if_flags != in6_dev->if_flags)
2053aeb6 1244 send_ifinfo_notify = true;
a394eef5 1245
f2a762d8
BG		 1246 if (!in6_dev->cnf.accept_ra_defrtr) {
1247 ND_PRINTK(2, info,
1248 "RA: %s, defrtr is false for dev: %s\n",
1249 __func__, skb->dev->name);
65f5c7c1 1250 goto skip_defrtr;
f2a762d8 1251 }
65f5c7c1 1252
d9333196
BG		 1253 /* Do not accept RA with source-addr found on local machine unless
1254 * accept_ra_from_local is set to true.
1255 */
b6428817
LR		 1256 if (!in6_dev->cnf.accept_ra_from_local &&
1257 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
c1a9a291 1258 in6_dev->dev, 0)) {
f2a762d8 1259 ND_PRINTK(2, info,
d9333196
BG		 1260 "RA from local address detected on dev: %s: default router ignored\n",
1261 skb->dev->name);
9f56220f 1262 goto skip_defrtr;
f2a762d8 1263 }
9f56220f 1264
1da177e4
LT		 1265 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1266
ebacaaa0
YH		 1267#ifdef CONFIG_IPV6_ROUTER_PREF
1268 pref = ra_msg->icmph.icmp6_router_pref;
1269 /* 10b is handled as if it were 00b (medium) */
930d6ff2 1270 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
6d5b78cd 1271 !in6_dev->cnf.accept_ra_rtr_pref)
ebacaaa0
YH		 1272 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1273#endif
1274
0660e03f 1275 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1da177e4 1276
eb857186
DM		 1277 if (rt) {
1278 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1279 if (!neigh) {
675418d5
JP		 1280 ND_PRINTK(0, err,
1281 "RA: %s got default router without neighbour\n",
1282 __func__);
94e187c0 1283 ip6_rt_put(rt);
eb857186
DM		 1284 return;
1285 }
1286 }
1da177e4 1287 if (rt && lifetime == 0) {
e0a1ad73 1288 ip6_del_rt(rt);
1da177e4
LT		 1289 rt = NULL;
1290 }
1291
f2a762d8
BG		 1292 ND_PRINTK(3, info, "RA: rt: %p lifetime: %d, for dev: %s\n",
1293 rt, lifetime, skb->dev->name);
63159f29 1294 if (!rt && lifetime) {
f2a762d8 1295 ND_PRINTK(3, info, "RA: adding default router\n");
1da177e4 1296
0660e03f 1297 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
63159f29 1298 if (!rt) {
675418d5
JP		 1299 ND_PRINTK(0, err,
1300 "RA: %s failed to add default route\n",
1301 __func__);
1da177e4
LT		 1302 return;
1303 }
1304
eb857186 1305 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
63159f29 1306 if (!neigh) {
675418d5
JP		 1307 ND_PRINTK(0, err,
1308 "RA: %s got default router without neighbour\n",
1309 __func__);
94e187c0 1310 ip6_rt_put(rt);
1da177e4
LT		 1311 return;
1312 }
1313 neigh->flags |= NTF_ROUTER;
ebacaaa0 1314 } else if (rt) {
22441cfa 1315 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1da177e4
LT		 1316 }
1317
1318 if (rt)
1716a961 1319 rt6_set_expires(rt, jiffies + (HZ * lifetime));
8013d1d7
HL		 1320 if (in6_dev->cnf.accept_ra_min_hop_limit < 256 &&
1321 ra_msg->icmph.icmp6_hop_limit) {
1322 if (in6_dev->cnf.accept_ra_min_hop_limit <= ra_msg->icmph.icmp6_hop_limit) {
6fd99094 1323 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
8013d1d7
HL		 1324 if (rt)
1325 dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
1326 ra_msg->icmph.icmp6_hop_limit);
6fd99094 1327 } else {
8013d1d7 1328 ND_PRINTK(2, warn, "RA: Got route advertisement with lower hop_limit than minimum\n");
6fd99094 1329 }
1da177e4
LT		 1330 }
1331
65f5c7c1
YH		 1332skip_defrtr:
1333
1da177e4
LT		 1334 /*
1335 * Update Reachable Time and Retrans Timer
1336 */
1337
1338 if (in6_dev->nd_parms) {
1339 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1340
1341 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1342 rtime = (rtime*HZ)/1000;
1343 if (rtime < HZ/10)
1344 rtime = HZ/10;
1f9248e5 1345 NEIGH_VAR_SET(in6_dev->nd_parms, RETRANS_TIME, rtime);
1da177e4 1346 in6_dev->tstamp = jiffies;
2053aeb6 1347 send_ifinfo_notify = true;
1da177e4
LT		 1348 }
1349
1350 rtime = ntohl(ra_msg->reachable_time);
1351 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1352 rtime = (rtime*HZ)/1000;
1353
1354 if (rtime < HZ/10)
1355 rtime = HZ/10;
1356
1f9248e5
JP		 1357 if (rtime != NEIGH_VAR(in6_dev->nd_parms, BASE_REACHABLE_TIME)) {
1358 NEIGH_VAR_SET(in6_dev->nd_parms,
1359 BASE_REACHABLE_TIME, rtime);
1360 NEIGH_VAR_SET(in6_dev->nd_parms,
1361 GC_STALETIME, 3 * rtime);
1da177e4
LT		 1362 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1363 in6_dev->tstamp = jiffies;
2053aeb6 1364 send_ifinfo_notify = true;
1da177e4
LT		 1365 }
1366 }
1367 }
1368
2053aeb6
MT		 1369 /*
1370 * Send a notify if RA changed managed/otherconf flags or timer settings
1371 */
1372 if (send_ifinfo_notify)
1373 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1374
fadf6bf0
TF		 1375skip_linkparms:
1376
1da177e4
LT		 1377 /*
1378 * Process options.
1379 */
1380
1381 if (!neigh)
0660e03f 1382 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1da177e4
LT		 1383 skb->dev, 1);
1384 if (neigh) {
1385 u8 *lladdr = NULL;
1386 if (ndopts.nd_opts_src_lladdr) {
1387 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1388 skb->dev);
1389 if (!lladdr) {
675418d5
JP		 1390 ND_PRINTK(2, warn,
1391 "RA: invalid link-layer address length\n");
1da177e4
LT		 1392 goto out;
1393 }
1394 }
f997c55c 1395 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1da177e4
LT		 1396 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1397 NEIGH_UPDATE_F_OVERRIDE|
1398 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
f997c55c
AA		 1399 NEIGH_UPDATE_F_ISROUTER,
1400 NDISC_ROUTER_ADVERTISEMENT, &ndopts);
1da177e4
LT		 1401 }
1402
f2a762d8
BG		 1403 if (!ipv6_accept_ra(in6_dev)) {
1404 ND_PRINTK(2, info,
1405 "RA: %s, accept_ra is false for dev: %s\n",
1406 __func__, skb->dev->name);
31ce8c71 1407 goto out;
f2a762d8 1408 }
31ce8c71 1409
70ceb4f5 1410#ifdef CONFIG_IPV6_ROUTE_INFO
b6428817
LR		 1411 if (!in6_dev->cnf.accept_ra_from_local &&
1412 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
c1a9a291 1413 in6_dev->dev, 0)) {
f2a762d8 1414 ND_PRINTK(2, info,
d9333196
BG		 1415 "RA from local address detected on dev: %s: router info ignored.\n",
1416 skb->dev->name);
9f56220f 1417 goto skip_routeinfo;
f2a762d8 1418 }
9f56220f 1419
09c884d4 1420 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
70ceb4f5
YH		 1421 struct nd_opt_hdr *p;
1422 for (p = ndopts.nd_opts_ri;
1423 p;
1424 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
6294e000
YH		 1425 struct route_info *ri = (struct route_info *)p;
1426#ifdef CONFIG_IPV6_NDISC_NODETYPE
1427 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1428 ri->prefix_len == 0)
1429 continue;
1430#endif
30e56918
DJ		 1431 if (ri->prefix_len == 0 &&
1432 !in6_dev->cnf.accept_ra_defrtr)
1433 continue;
bbea124b
JS		 1434 if (ri->prefix_len < in6_dev->cnf.accept_ra_rt_info_min_plen)
1435 continue;
6294e000 1436 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
09c884d4 1437 continue;
67ba4152 1438 rt6_route_rcv(skb->dev, (u8 *)p, (p->nd_opt_len) << 3,
0660e03f 1439 &ipv6_hdr(skb)->saddr);
70ceb4f5
YH		 1440 }
1441 }
9f56220f
AH		 1442
1443skip_routeinfo:
70ceb4f5
YH		 1444#endif
1445
de357cc0 1446#ifdef CONFIG_IPV6_NDISC_NODETYPE
fadf6bf0 1447 /* skip link-specific ndopts from interior routers */
f2a762d8
BG		 1448 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1449 ND_PRINTK(2, info,
1450 "RA: %s, nodetype is NODEFAULT (interior routes), dev: %s\n",
1451 __func__, skb->dev->name);
fadf6bf0 1452 goto out;
f2a762d8 1453 }
de357cc0 1454#endif
fadf6bf0 1455
c4fd30eb 1456 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1da177e4
LT		 1457 struct nd_opt_hdr *p;
1458 for (p = ndopts.nd_opts_pi;
1459 p;
1460 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
e6bff995
NH		 1461 addrconf_prefix_rcv(skb->dev, (u8 *)p,
1462 (p->nd_opt_len) << 3,
1463 ndopts.nd_opts_src_lladdr != NULL);
1da177e4
LT		 1464 }
1465 }
1466
c2943f14 1467 if (ndopts.nd_opts_mtu && in6_dev->cnf.accept_ra_mtu) {
e69a4adc 1468 __be32 n;
1da177e4
LT		 1469 u32 mtu;
1470
67ba4152 1471 memcpy(&n, ((u8 *)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
e69a4adc 1472 mtu = ntohl(n);
1da177e4
LT		 1473
1474 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
675418d5 1475 ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1da177e4
LT		 1476 } else if (in6_dev->cnf.mtu6 != mtu) {
1477 in6_dev->cnf.mtu6 = mtu;
1478
1479 if (rt)
defb3519 1480 dst_metric_set(&rt->dst, RTAX_MTU, mtu);
1da177e4
LT		 1481
1482 rt6_mtu_change(skb->dev, mtu);
1483 }
1484 }
1ab1457c 1485
31910575 1486 if (ndopts.nd_useropts) {
61cf46ad
YH		 1487 struct nd_opt_hdr *p;
1488 for (p = ndopts.nd_useropts;
1489 p;
f997c55c
AA		 1490 p = ndisc_next_useropt(skb->dev, p,
1491 ndopts.nd_useropts_end)) {
61cf46ad 1492 ndisc_ra_useropt(skb, p);
31910575
PY		 1493 }
1494 }
1495
1da177e4 1496 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
675418d5 1497 ND_PRINTK(2, warn, "RA: invalid RA options\n");
1da177e4
LT		 1498 }
1499out:
94e187c0 1500 ip6_rt_put(rt);
eb857186 1501 if (neigh)
1da177e4 1502 neigh_release(neigh);
1da177e4
LT		 1503}
1504
1505static void ndisc_redirect_rcv(struct sk_buff *skb)
1506{
093d04d4
DJ		 1507 u8 *hdr;
1508 struct ndisc_options ndopts;
1509 struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb);
29a3cad5 1510 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
093d04d4
DJ		 1511 offsetof(struct rd_msg, opt));
1512
de357cc0 1513#ifdef CONFIG_IPV6_NDISC_NODETYPE
fadf6bf0
TF		 1514 switch (skb->ndisc_nodetype) {
1515 case NDISC_NODETYPE_HOST:
1516 case NDISC_NODETYPE_NODEFAULT:
675418d5
JP		 1517 ND_PRINTK(2, warn,
1518 "Redirect: from host or unauthorized router\n");
fadf6bf0
TF		 1519 return;
1520 }
de357cc0 1521#endif
fadf6bf0 1522
0660e03f 1523 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
675418d5
JP		 1524 ND_PRINTK(2, warn,
1525 "Redirect: source address is not link-local\n");
1da177e4
LT		 1526 return;
1527 }
1528
f997c55c 1529 if (!ndisc_parse_options(skb->dev, msg->opt, ndoptlen, &ndopts))
093d04d4
DJ		 1530 return;
1531
c92a59ec 1532 if (!ndopts.nd_opts_rh) {
b55b76b2
DJ		 1533 ip6_redirect_no_header(skb, dev_net(skb->dev),
1534 skb->dev->ifindex, 0);
093d04d4 1535 return;
c92a59ec 1536 }
093d04d4
DJ		 1537
1538 hdr = (u8 *)ndopts.nd_opts_rh;
1539 hdr += 8;
1540 if (!pskb_pull(skb, hdr - skb_transport_header(skb)))
1541 return;
1542
b94f1c09 1543 icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1da177e4
LT		 1544}
1545
5f5a0115
YH		 1546static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb,
1547 struct sk_buff *orig_skb,
1548 int rd_len)
9c86dafe 1549{
5f5a0115
YH		 1550 u8 *opt = skb_put(skb, rd_len);
1551
9c86dafe
YH		 1552 memset(opt, 0, 8);
1553 *(opt++) = ND_OPT_REDIRECT_HDR;
1554 *(opt++) = (rd_len >> 3);
1555 opt += 6;
1556
b7a51d52
LB		 1557 skb_copy_bits(orig_skb, skb_network_offset(orig_skb), opt,
1558 rd_len - 8);
9c86dafe
YH		 1559}
1560
4991969a 1561void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1da177e4 1562{
1762f7e8 1563 struct net_device *dev = skb->dev;
c346dca1 1564 struct net *net = dev_net(dev);
1762f7e8 1565 struct sock *sk = net->ipv6.ndisc_sk;
2ce13576 1566 int optlen = 0;
fbfe95a4 1567 struct inet_peer *peer;
1da177e4 1568 struct sk_buff *buff;
71bcdba0 1569 struct rd_msg *msg;
1da177e4 1570 struct in6_addr saddr_buf;
1da177e4
LT		 1571 struct rt6_info *rt;
1572 struct dst_entry *dst;
4c9483b2 1573 struct flowi6 fl6;
1da177e4 1574 int rd_len;
f997c55c
AA		 1575 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL,
1576 ops_data_buf[NDISC_OPS_REDIRECT_DATA_SPACE], *ops_data = NULL;
1d861aa4 1577 bool ret;
1da177e4 1578
764e34bc
SS		 1579 if (netif_is_l3_master(skb->dev)) {
1580 dev = __dev_get_by_index(dev_net(skb->dev), IPCB(skb)->iif);
1581 if (!dev)
1582 return;
1583 }
1584
95c385b4 1585 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
675418d5
JP		 1586 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1587 dev->name);
1ab1457c
YH		 1588 return;
1589 }
1da177e4 1590
0660e03f 1591 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
bf0b48df 1592 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
675418d5
JP		 1593 ND_PRINTK(2, warn,
1594 "Redirect: target address is not link-local unicast\n");
29556526
LY		 1595 return;
1596 }
1597
4c9483b2 1598 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
e0d56fdd 1599 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1da177e4 1600
4c9483b2 1601 dst = ip6_route_output(net, NULL, &fl6);
5095d64d
RL		 1602 if (dst->error) {
1603 dst_release(dst);
1da177e4 1604 return;
5095d64d 1605 }
4c9483b2 1606 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
452edd59 1607 if (IS_ERR(dst))
1da177e4 1608 return;
1da177e4
LT		 1609
1610 rt = (struct rt6_info *) dst;
1611
1612 if (rt->rt6i_flags & RTF_GATEWAY) {
675418d5
JP		 1613 ND_PRINTK(2, warn,
1614 "Redirect: destination is not a neighbour\n");
d73f0801 1615 goto release;
1da177e4 1616 }
fd0273d7 1617 peer = inet_getpeer_v6(net->ipv6.peers, &ipv6_hdr(skb)->saddr, 1);
1d861aa4
DM		 1618 ret = inet_peer_xrlim_allow(peer, 1*HZ);
1619 if (peer)
1620 inet_putpeer(peer);
1621 if (!ret)
d73f0801 1622 goto release;
1da177e4
LT		 1623
1624 if (dev->addr_len) {
4991969a
DM		 1625 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1626 if (!neigh) {
675418d5
JP		 1627 ND_PRINTK(2, warn,
1628 "Redirect: no neigh for target address\n");
4991969a
DM		 1629 goto release;
1630 }
1631
1da177e4
LT		 1632 read_lock_bh(&neigh->lock);
1633 if (neigh->nud_state & NUD_VALID) {
1634 memcpy(ha_buf, neigh->ha, dev->addr_len);
1635 read_unlock_bh(&neigh->lock);
1636 ha = ha_buf;
f997c55c
AA		 1637 optlen += ndisc_redirect_opt_addr_space(dev, neigh,
1638 ops_data_buf,
1639 &ops_data);
1da177e4
LT		 1640 } else
1641 read_unlock_bh(&neigh->lock);
4991969a
DM		 1642
1643 neigh_release(neigh);
1da177e4
LT		 1644 }
1645
1646 rd_len = min_t(unsigned int,
2ce13576
YH		 1647 IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen,
1648 skb->len + 8);
1da177e4 1649 rd_len &= ~0x7;
2ce13576 1650 optlen += rd_len;
1da177e4 1651
2ce13576 1652 buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
de09334b 1653 if (!buff)
d73f0801 1654 goto release;
1da177e4 1655
4df864c1 1656 msg = skb_put(buff, sizeof(*msg));
4d5c152e
YH		 1657 *msg = (struct rd_msg) {
1658 .icmph = {
1659 .icmp6_type = NDISC_REDIRECT,
1660 },
1661 .target = *target,
1662 .dest = ipv6_hdr(skb)->daddr,
1663 };
1da177e4 1664
1da177e4
LT		 1665 /*
1666 * include target_address option
1667 */
1668
1669 if (ha)
f997c55c 1670 ndisc_fill_redirect_addr_option(buff, ha, ops_data);
1da177e4
LT		 1671
1672 /*
1673 * build redirect option and copy skb over to the new packet.
1674 */
1675
9c86dafe 1676 if (rd_len)
5f5a0115 1677 ndisc_fill_redirect_hdr_option(buff, skb, rd_len);
1da177e4 1678
adf30907 1679 skb_dst_set(buff, dst);
f4de84c6 1680 ndisc_send_skb(buff, &ipv6_hdr(skb)->saddr, &saddr_buf);
d73f0801
IJ		 1681 return;
1682
1683release:
1684 dst_release(dst);
1da177e4
LT		 1685}
1686
1687static void pndisc_redo(struct sk_buff *skb)
1688{
140e26fc 1689 ndisc_recv_ns(skb);
1da177e4
LT		 1690 kfree_skb(skb);
1691}
1692
b800c3b9
HFS		 1693static bool ndisc_suppress_frag_ndisc(struct sk_buff *skb)
1694{
1695 struct inet6_dev *idev = __in6_dev_get(skb->dev);
1696
1697 if (!idev)
1698 return true;
1699 if (IP6CB(skb)->flags & IP6SKB_FRAGMENTED &&
1700 idev->cnf.suppress_frag_ndisc) {
1701 net_warn_ratelimited("Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.\n");
1702 return true;
1703 }
1704 return false;
1705}
1706
1da177e4
LT		 1707int ndisc_rcv(struct sk_buff *skb)
1708{
1709 struct nd_msg *msg;
1710
b800c3b9
HFS		 1711 if (ndisc_suppress_frag_ndisc(skb))
1712 return 0;
1713
6bce6b4e 1714 if (skb_linearize(skb))
1da177e4
LT		 1715 return 0;
1716
9c70220b 1717 msg = (struct nd_msg *)skb_transport_header(skb);
1da177e4 1718
9c70220b 1719 __skb_push(skb, skb->data - skb_transport_header(skb));
1da177e4 1720
0660e03f 1721 if (ipv6_hdr(skb)->hop_limit != 255) {
675418d5
JP		 1722 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1723 ipv6_hdr(skb)->hop_limit);
1da177e4
LT		 1724 return 0;
1725 }
1726
1727 if (msg->icmph.icmp6_code != 0) {
675418d5
JP		 1728 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1729 msg->icmph.icmp6_code);
1da177e4
LT		 1730 return 0;
1731 }
1732
a61bbcf2
PM		 1733 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1734
1da177e4
LT		 1735 switch (msg->icmph.icmp6_type) {
1736 case NDISC_NEIGHBOUR_SOLICITATION:
1737 ndisc_recv_ns(skb);
1738 break;
1739
1740 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1741 ndisc_recv_na(skb);
1742 break;
1743
1744 case NDISC_ROUTER_SOLICITATION:
1745 ndisc_recv_rs(skb);
1746 break;
1747
1748 case NDISC_ROUTER_ADVERTISEMENT:
1749 ndisc_router_discovery(skb);
1750 break;
1751
1752 case NDISC_REDIRECT:
1753 ndisc_redirect_rcv(skb);
1754 break;
3ff50b79 1755 }
1da177e4
LT		 1756
1757 return 0;
1758}
1759
1760static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1761{
351638e7 1762 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
c8507fb2 1763 struct netdev_notifier_change_info *change_info;
c346dca1 1764 struct net *net = dev_net(dev);
5cb04436 1765 struct inet6_dev *idev;
1da177e4
LT		 1766
1767 switch (event) {
1768 case NETDEV_CHANGEADDR:
1769 neigh_changeaddr(&nd_tbl, dev);
2ac3ac8f 1770 fib6_run_gc(0, net, false);
4a6e3c5d
DA		 1771 /* fallthrough */
1772 case NETDEV_UP:
5cb04436
HFS		 1773 idev = in6_dev_get(dev);
1774 if (!idev)
1775 break;
fc1f8f4f
DA		 1776 if (idev->cnf.ndisc_notify ||
1777 net->ipv6.devconf_all->ndisc_notify)
5cb04436
HFS		 1778 ndisc_send_unsol_na(dev);
1779 in6_dev_put(idev);
1da177e4 1780 break;
c8507fb2
ED		 1781 case NETDEV_CHANGE:
1782 change_info = ptr;
1783 if (change_info->flags_changed & IFF_NOARP)
1784 neigh_changeaddr(&nd_tbl, dev);
1785 break;
1da177e4
LT		 1786 case NETDEV_DOWN:
1787 neigh_ifdown(&nd_tbl, dev);
2ac3ac8f 1788 fib6_run_gc(0, net, false);
1da177e4 1789 break;
f47b9464
BH		 1790 case NETDEV_NOTIFY_PEERS:
1791 ndisc_send_unsol_na(dev);
1792 break;
1da177e4
LT		 1793 default:
1794 break;
1795 }
1796
1797 return NOTIFY_DONE;
1798}
1799
1800static struct notifier_block ndisc_netdev_notifier = {
1801 .notifier_call = ndisc_netdev_event,
6eb79393 1802 .priority = ADDRCONF_NOTIFY_PRIORITY - 5,
1da177e4
LT		 1803};
1804
1805#ifdef CONFIG_SYSCTL
1806static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1807 const char *func, const char *dev_name)
1808{
1809 static char warncomm[TASK_COMM_LEN];
1810 static int warned;
1811 if (strcmp(warncomm, current->comm) && warned < 5) {
1812 strcpy(warncomm, current->comm);
f3213831 1813 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1da177e4
LT		 1814 warncomm, func,
1815 dev_name, ctl->procname,
1816 dev_name, ctl->procname);
1817 warned++;
1818 }
1819}
1820
8d65af78 1821int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
1da177e4
LT		 1822{
1823 struct net_device *dev = ctl->extra1;
1824 struct inet6_dev *idev;
1825 int ret;
1826
d12af679
EB		 1827 if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1828 (strcmp(ctl->procname, "base_reachable_time") == 0))
1da177e4
LT		 1829 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1830
d12af679 1831 if (strcmp(ctl->procname, "retrans_time") == 0)
cb5b09c1 1832 ret = neigh_proc_dointvec(ctl, write, buffer, lenp, ppos);
d12af679
EB		 1833
1834 else if (strcmp(ctl->procname, "base_reachable_time") == 0)
cb5b09c1
JP		 1835 ret = neigh_proc_dointvec_jiffies(ctl, write,
1836 buffer, lenp, ppos);
d12af679
EB		 1837
1838 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
ad02ac14 1839 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
cb5b09c1
JP		 1840 ret = neigh_proc_dointvec_ms_jiffies(ctl, write,
1841 buffer, lenp, ppos);
d12af679 1842 else
1da177e4 1843 ret = -1;
1da177e4
LT		 1844
1845 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1f9248e5
JP		 1846 if (ctl->data == &NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME))
1847 idev->nd_parms->reachable_time =
1848 neigh_rand_reach_time(NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME));
1da177e4
LT		 1849 idev->tstamp = jiffies;
1850 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1851 in6_dev_put(idev);
1852 }
1853 return ret;
1854}
1855
1da177e4
LT		 1856
1857#endif
1858
2c8c1e72 1859static int __net_init ndisc_net_init(struct net *net)
1da177e4
LT		 1860{
1861 struct ipv6_pinfo *np;
1862 struct sock *sk;
1ab1457c 1863 int err;
1da177e4 1864
1ed8516f
DL		 1865 err = inet_ctl_sock_create(&sk, PF_INET6,
1866 SOCK_RAW, IPPROTO_ICMPV6, net);
1da177e4 1867 if (err < 0) {
675418d5
JP		 1868 ND_PRINTK(0, err,
1869 "NDISC: Failed to initialize the control socket (err %d)\n",
1870 err);
1da177e4
LT		 1871 return err;
1872 }
1873
1ed8516f 1874 net->ipv6.ndisc_sk = sk;
1762f7e8 1875
1da177e4 1876 np = inet6_sk(sk);
1da177e4
LT		 1877 np->hop_limit = 255;
1878 /* Do not loopback ndisc messages */
1879 np->mc_loop = 0;
1da177e4 1880
1762f7e8
DL		 1881 return 0;
1882}
1883
2c8c1e72 1884static void __net_exit ndisc_net_exit(struct net *net)
1762f7e8 1885{
1ed8516f 1886 inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1762f7e8
DL		 1887}
1888
1889static struct pernet_operations ndisc_net_ops = {
1890 .init = ndisc_net_init,
1891 .exit = ndisc_net_exit,
1892};
1893
1894int __init ndisc_init(void)
1895{
1896 int err;
1897
1898 err = register_pernet_subsys(&ndisc_net_ops);
1899 if (err)
1900 return err;
1ab1457c
YH		 1901 /*
1902 * Initialize the neighbour table
1903 */
d7480fd3 1904 neigh_table_init(NEIGH_ND_TABLE, &nd_tbl);
1da177e4
LT		 1905
1906#ifdef CONFIG_SYSCTL
73af614a 1907 err = neigh_sysctl_register(NULL, &nd_tbl.parms,
56ec0fb1 1908 ndisc_ifinfo_sysctl_change);
1762f7e8
DL		 1909 if (err)
1910 goto out_unregister_pernet;
1762f7e8 1911out:
bcd081a3 1912#endif
1762f7e8 1913 return err;
1da177e4 1914
1762f7e8 1915#ifdef CONFIG_SYSCTL
1762f7e8 1916out_unregister_pernet:
1762f7e8
DL		 1917 unregister_pernet_subsys(&ndisc_net_ops);
1918 goto out;
2c861cc6 1919#endif
1da177e4
LT		 1920}
1921
2c861cc6
MK		 1922int __init ndisc_late_init(void)
1923{
1924 return register_netdevice_notifier(&ndisc_netdev_notifier);
1925}
1926
1927void ndisc_late_cleanup(void)
1da177e4 1928{
36f73d0c 1929 unregister_netdevice_notifier(&ndisc_netdev_notifier);
2c861cc6
MK		 1930}
1931
1932void ndisc_cleanup(void)
1933{
1da177e4
LT		 1934#ifdef CONFIG_SYSCTL
1935 neigh_sysctl_unregister(&nd_tbl.parms);
1936#endif
d7480fd3 1937 neigh_table_clear(NEIGH_ND_TABLE, &nd_tbl);
1762f7e8 1938 unregister_pernet_subsys(&ndisc_net_ops);
1da177e4 1939}
ubuntu-bionic-kernel mirror