]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blame - net/ipv6/ndisc.c
projects / mirror_ubuntu-bionic-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
ip6_gre: remove the incorrect mtu limit for ipgre tap
[mirror_ubuntu-bionic-kernel.git] / net / ipv6 / ndisc.c
CommitLineData
1da177e4
LT		 1/*
2 * Neighbour Discovery for IPv6
1ab1457c 3 * Linux INET6 implementation
1da177e4
LT		 4 *
5 * Authors:
1ab1457c 6 * Pedro Roque <roque@di.fc.ul.pt>
1da177e4
LT		 7 * Mike Shaver <shaver@ingenia.com>
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version
12 * 2 of the License, or (at your option) any later version.
13 */
14
15/*
16 * Changes:
17 *
e35f30c1 18 * Alexey I. Froloff : RFC6106 (DNSSL) support
31910575
PY		 19 * Pierre Ynard : export userland ND options
20 * through netlink (RDNSS support)
1da177e4
LT		 21 * Lars Fenneberg : fixed MTU setting on receipt
22 * of an RA.
1da177e4
LT		 23 * Janos Farkas : kmalloc failure checks
24 * Alexey Kuznetsov : state machine reworked
25 * and moved to net/core.
26 * Pekka Savola : RFC2461 validation
27 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly
28 */
29
675418d5 30#define pr_fmt(fmt) "ICMPv6: " fmt
1da177e4
LT		 31
32#include <linux/module.h>
1da177e4
LT		 33#include <linux/errno.h>
34#include <linux/types.h>
35#include <linux/socket.h>
36#include <linux/sockios.h>
37#include <linux/sched.h>
38#include <linux/net.h>
39#include <linux/in6.h>
40#include <linux/route.h>
41#include <linux/init.h>
42#include <linux/rcupdate.h>
5a0e3ad6 43#include <linux/slab.h>
1da177e4
LT		 44#ifdef CONFIG_SYSCTL
45#include <linux/sysctl.h>
46#endif
47
1823730f 48#include <linux/if_addr.h>
da13c59b 49#include <linux/if_ether.h>
1da177e4
LT		 50#include <linux/if_arp.h>
51#include <linux/ipv6.h>
52#include <linux/icmpv6.h>
53#include <linux/jhash.h>
54
55#include <net/sock.h>
56#include <net/snmp.h>
57
58#include <net/ipv6.h>
59#include <net/protocol.h>
60#include <net/ndisc.h>
61#include <net/ip6_route.h>
62#include <net/addrconf.h>
63#include <net/icmp.h>
64
31910575
PY		 65#include <net/netlink.h>
66#include <linux/rtnetlink.h>
67
1da177e4
LT		 68#include <net/flow.h>
69#include <net/ip6_checksum.h>
1ed8516f 70#include <net/inet_common.h>
1da177e4
LT		 71#include <linux/proc_fs.h>
72
73#include <linux/netfilter.h>
74#include <linux/netfilter_ipv6.h>
75
d6bf7817
ED		 76static u32 ndisc_hash(const void *pkey,
77 const struct net_device *dev,
2c2aba6c 78 __u32 *hash_rnd);
60395a20 79static bool ndisc_key_eq(const struct neighbour *neigh, const void *pkey);
1da177e4
LT		 80static int ndisc_constructor(struct neighbour *neigh);
81static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
82static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
83static int pndisc_constructor(struct pneigh_entry *n);
84static void pndisc_destructor(struct pneigh_entry *n);
85static void pndisc_redo(struct sk_buff *skb);
86
89d69d2b 87static const struct neigh_ops ndisc_generic_ops = {
1da177e4
LT		 88 .family = AF_INET6,
89 .solicit = ndisc_solicit,
90 .error_report = ndisc_error_report,
91 .output = neigh_resolve_output,
92 .connected_output = neigh_connected_output,
1da177e4
LT		 93};
94
89d69d2b 95static const struct neigh_ops ndisc_hh_ops = {
1da177e4
LT		 96 .family = AF_INET6,
97 .solicit = ndisc_solicit,
98 .error_report = ndisc_error_report,
99 .output = neigh_resolve_output,
100 .connected_output = neigh_resolve_output,
1da177e4
LT		 101};
102
103
89d69d2b 104static const struct neigh_ops ndisc_direct_ops = {
1da177e4 105 .family = AF_INET6,
8f40b161
DM		 106 .output = neigh_direct_output,
107 .connected_output = neigh_direct_output,
1da177e4
LT		 108};
109
110struct neigh_table nd_tbl = {
111 .family = AF_INET6,
1da177e4 112 .key_len = sizeof(struct in6_addr),
bdf53c58 113 .protocol = cpu_to_be16(ETH_P_IPV6),
1da177e4 114 .hash = ndisc_hash,
60395a20 115 .key_eq = ndisc_key_eq,
1da177e4
LT		 116 .constructor = ndisc_constructor,
117 .pconstructor = pndisc_constructor,
118 .pdestructor = pndisc_destructor,
119 .proxy_redo = pndisc_redo,
120 .id = "ndisc_cache",
121 .parms = {
b672083e 122 .tbl = &nd_tbl,
b672083e 123 .reachable_time = ND_REACHABLE_TIME,
1f9248e5
JP		 124 .data = {
125 [NEIGH_VAR_MCAST_PROBES] = 3,
126 [NEIGH_VAR_UCAST_PROBES] = 3,
127 [NEIGH_VAR_RETRANS_TIME] = ND_RETRANS_TIMER,
128 [NEIGH_VAR_BASE_REACHABLE_TIME] = ND_REACHABLE_TIME,
129 [NEIGH_VAR_DELAY_PROBE_TIME] = 5 * HZ,
130 [NEIGH_VAR_GC_STALETIME] = 60 * HZ,
eaa72dc4 131 [NEIGH_VAR_QUEUE_LEN_BYTES] = SK_WMEM_MAX,
1f9248e5
JP		 132 [NEIGH_VAR_PROXY_QLEN] = 64,
133 [NEIGH_VAR_ANYCAST_DELAY] = 1 * HZ,
134 [NEIGH_VAR_PROXY_DELAY] = (8 * HZ) / 10,
135 },
1da177e4
LT		 136 },
137 .gc_interval = 30 * HZ,
138 .gc_thresh1 = 128,
139 .gc_thresh2 = 512,
140 .gc_thresh3 = 1024,
141};
c4850687 142EXPORT_SYMBOL_GPL(nd_tbl);
1da177e4 143
cc84b3c6
AA		 144void __ndisc_fill_addr_option(struct sk_buff *skb, int type, void *data,
145 int data_len, int pad)
1da177e4 146{
8ec5da41 147 int space = __ndisc_opt_addr_space(data_len, pad);
5f5a0115 148 u8 *opt = skb_put(skb, space);
1da177e4
LT		 149
150 opt[0] = type;
151 opt[1] = space>>3;
152
153 memset(opt + 2, 0, pad);
154 opt += pad;
155 space -= pad;
156
157 memcpy(opt+2, data, data_len);
158 data_len += 2;
159 opt += data_len;
e5d08d71
IM		 160 space -= data_len;
161 if (space > 0)
1da177e4 162 memset(opt, 0, space);
1da177e4 163}
cc84b3c6 164EXPORT_SYMBOL_GPL(__ndisc_fill_addr_option);
1da177e4 165
8ec5da41 166static inline void ndisc_fill_addr_option(struct sk_buff *skb, int type,
f997c55c 167 void *data, u8 icmp6_type)
8ec5da41
AA		 168{
169 __ndisc_fill_addr_option(skb, type, data, skb->dev->addr_len,
170 ndisc_addr_option_pad(skb->dev->type));
f997c55c
AA		 171 ndisc_ops_fill_addr_option(skb->dev, skb, icmp6_type);
172}
173
174static inline void ndisc_fill_redirect_addr_option(struct sk_buff *skb,
175 void *ha,
176 const u8 *ops_data)
177{
178 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR, ha, NDISC_REDIRECT);
179 ndisc_ops_fill_redirect_addr_option(skb->dev, skb, ops_data);
8ec5da41
AA		 180}
181
1da177e4
LT		 182static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
183 struct nd_opt_hdr *end)
184{
185 int type;
186 if (!cur || !end || cur >= end)
187 return NULL;
188 type = cur->nd_opt_type;
189 do {
190 cur = ((void *)cur) + (cur->nd_opt_len << 3);
67ba4152 191 } while (cur < end && cur->nd_opt_type != type);
a02cec21 192 return cur <= end && cur->nd_opt_type == type ? cur : NULL;
1da177e4
LT		 193}
194
f997c55c
AA		 195static inline int ndisc_is_useropt(const struct net_device *dev,
196 struct nd_opt_hdr *opt)
31910575 197{
e35f30c1 198 return opt->nd_opt_type == ND_OPT_RDNSS ||
f997c55c
AA		 199 opt->nd_opt_type == ND_OPT_DNSSL ||
200 ndisc_ops_is_useropt(dev, opt->nd_opt_type);
31910575
PY		 201}
202
f997c55c
AA		 203static struct nd_opt_hdr *ndisc_next_useropt(const struct net_device *dev,
204 struct nd_opt_hdr *cur,
31910575
PY		 205 struct nd_opt_hdr *end)
206{
207 if (!cur || !end || cur >= end)
208 return NULL;
209 do {
210 cur = ((void *)cur) + (cur->nd_opt_len << 3);
f997c55c
AA		 211 } while (cur < end && !ndisc_is_useropt(dev, cur));
212 return cur <= end && ndisc_is_useropt(dev, cur) ? cur : NULL;
31910575
PY		 213}
214
f997c55c
AA		 215struct ndisc_options *ndisc_parse_options(const struct net_device *dev,
216 u8 *opt, int opt_len,
30f2a5f3 217 struct ndisc_options *ndopts)
1da177e4
LT		 218{
219 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
220
221 if (!nd_opt || opt_len < 0 || !ndopts)
222 return NULL;
223 memset(ndopts, 0, sizeof(*ndopts));
224 while (opt_len) {
225 int l;
226 if (opt_len < sizeof(struct nd_opt_hdr))
227 return NULL;
228 l = nd_opt->nd_opt_len << 3;
229 if (opt_len < l || l == 0)
230 return NULL;
f997c55c
AA		 231 if (ndisc_ops_parse_options(dev, nd_opt, ndopts))
232 goto next_opt;
1da177e4
LT		 233 switch (nd_opt->nd_opt_type) {
234 case ND_OPT_SOURCE_LL_ADDR:
235 case ND_OPT_TARGET_LL_ADDR:
236 case ND_OPT_MTU:
adc176c5 237 case ND_OPT_NONCE:
1da177e4
LT		 238 case ND_OPT_REDIRECT_HDR:
239 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
675418d5
JP		 240 ND_PRINTK(2, warn,
241 "%s: duplicated ND6 option found: type=%d\n",
242 __func__, nd_opt->nd_opt_type);
1da177e4
LT		 243 } else {
244 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
245 }
246 break;
247 case ND_OPT_PREFIX_INFO:
248 ndopts->nd_opts_pi_end = nd_opt;
cfcabdcc 249 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
1da177e4
LT		 250 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
251 break;
70ceb4f5
YH		 252#ifdef CONFIG_IPV6_ROUTE_INFO
253 case ND_OPT_ROUTE_INFO:
254 ndopts->nd_opts_ri_end = nd_opt;
255 if (!ndopts->nd_opts_ri)
256 ndopts->nd_opts_ri = nd_opt;
257 break;
258#endif
1da177e4 259 default:
f997c55c 260 if (ndisc_is_useropt(dev, nd_opt)) {
31910575
PY		 261 ndopts->nd_useropts_end = nd_opt;
262 if (!ndopts->nd_useropts)
263 ndopts->nd_useropts = nd_opt;
264 } else {
265 /*
266 * Unknown options must be silently ignored,
267 * to accommodate future extension to the
268 * protocol.
269 */
675418d5
JP		 270 ND_PRINTK(2, notice,
271 "%s: ignored unsupported option; type=%d, len=%d\n",
272 __func__,
273 nd_opt->nd_opt_type,
274 nd_opt->nd_opt_len);
31910575 275 }
1da177e4 276 }
f997c55c 277next_opt:
1da177e4
LT		 278 opt_len -= l;
279 nd_opt = ((void *)nd_opt) + l;
280 }
281 return ndopts;
282}
283
b71d1d42 284int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
1da177e4
LT		 285{
286 switch (dev->type) {
287 case ARPHRD_ETHER:
288 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */
289 case ARPHRD_FDDI:
290 ipv6_eth_mc_map(addr, buf);
291 return 0;
1da177e4
LT		 292 case ARPHRD_ARCNET:
293 ipv6_arcnet_mc_map(addr, buf);
294 return 0;
295 case ARPHRD_INFINIBAND:
a9e527e3 296 ipv6_ib_mc_map(addr, dev->broadcast, buf);
1da177e4 297 return 0;
93ca3bb5
TT		 298 case ARPHRD_IPGRE:
299 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
1da177e4
LT		 300 default:
301 if (dir) {
302 memcpy(buf, dev->broadcast, dev->addr_len);
303 return 0;
304 }
305 }
306 return -EINVAL;
307}
7159039a
YH		 308EXPORT_SYMBOL(ndisc_mc_map);
309
d6bf7817
ED		 310static u32 ndisc_hash(const void *pkey,
311 const struct net_device *dev,
2c2aba6c 312 __u32 *hash_rnd)
1da177e4 313{
2c2aba6c 314 return ndisc_hashfn(pkey, dev, hash_rnd);
1da177e4
LT		 315}
316
60395a20
EB		 317static bool ndisc_key_eq(const struct neighbour *n, const void *pkey)
318{
319 return neigh_key_eq128(n, pkey);
320}
321
1da177e4
LT		 322static int ndisc_constructor(struct neighbour *neigh)
323{
67ba4152 324 struct in6_addr *addr = (struct in6_addr *)&neigh->primary_key;
1da177e4
LT		 325 struct net_device *dev = neigh->dev;
326 struct inet6_dev *in6_dev;
327 struct neigh_parms *parms;
a50feda5 328 bool is_multicast = ipv6_addr_is_multicast(addr);
1da177e4 329
1da177e4 330 in6_dev = in6_dev_get(dev);
63159f29 331 if (!in6_dev) {
1da177e4
LT		 332 return -EINVAL;
333 }
334
335 parms = in6_dev->nd_parms;
336 __neigh_parms_put(neigh->parms);
337 neigh->parms = neigh_parms_clone(parms);
1da177e4
LT		 338
339 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
3b04ddde 340 if (!dev->header_ops) {
1da177e4
LT		 341 neigh->nud_state = NUD_NOARP;
342 neigh->ops = &ndisc_direct_ops;
8f40b161 343 neigh->output = neigh_direct_output;
1da177e4
LT		 344 } else {
345 if (is_multicast) {
346 neigh->nud_state = NUD_NOARP;
347 ndisc_mc_map(addr, neigh->ha, dev, 1);
348 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
349 neigh->nud_state = NUD_NOARP;
350 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
351 if (dev->flags&IFF_LOOPBACK)
352 neigh->type = RTN_LOCAL;
353 } else if (dev->flags&IFF_POINTOPOINT) {
354 neigh->nud_state = NUD_NOARP;
355 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
356 }
3b04ddde 357 if (dev->header_ops->cache)
1da177e4
LT		 358 neigh->ops = &ndisc_hh_ops;
359 else
360 neigh->ops = &ndisc_generic_ops;
361 if (neigh->nud_state&NUD_VALID)
362 neigh->output = neigh->ops->connected_output;
363 else
364 neigh->output = neigh->ops->output;
365 }
366 in6_dev_put(in6_dev);
367 return 0;
368}
369
370static int pndisc_constructor(struct pneigh_entry *n)
371{
67ba4152 372 struct in6_addr *addr = (struct in6_addr *)&n->key;
1da177e4
LT		 373 struct in6_addr maddr;
374 struct net_device *dev = n->dev;
375
63159f29 376 if (!dev || !__in6_dev_get(dev))
1da177e4
LT		 377 return -EINVAL;
378 addrconf_addr_solict_mult(addr, &maddr);
379 ipv6_dev_mc_inc(dev, &maddr);
380 return 0;
381}
382
383static void pndisc_destructor(struct pneigh_entry *n)
384{
67ba4152 385 struct in6_addr *addr = (struct in6_addr *)&n->key;
1da177e4
LT		 386 struct in6_addr maddr;
387 struct net_device *dev = n->dev;
388
63159f29 389 if (!dev || !__in6_dev_get(dev))
1da177e4
LT		 390 return;
391 addrconf_addr_solict_mult(addr, &maddr);
392 ipv6_dev_mc_dec(dev, &maddr);
393}
394
de09334b
YH		 395static struct sk_buff *ndisc_alloc_skb(struct net_device *dev,
396 int len)
397{
398 int hlen = LL_RESERVED_SPACE(dev);
399 int tlen = dev->needed_tailroom;
400 struct sock *sk = dev_net(dev)->ipv6.ndisc_sk;
401 struct sk_buff *skb;
de09334b 402
25a6e6b8 403 skb = alloc_skb(hlen + sizeof(struct ipv6hdr) + len + tlen, GFP_ATOMIC);
de09334b 404 if (!skb) {
25a6e6b8
TG		 405 ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb\n",
406 __func__);
de09334b
YH		 407 return NULL;
408 }
409
f382d03a
YH		 410 skb->protocol = htons(ETH_P_IPV6);
411 skb->dev = dev;
412
527a150f 413 skb_reserve(skb, hlen + sizeof(struct ipv6hdr));
5135e633 414 skb_reset_transport_header(skb);
de09334b 415
25a6e6b8
TG		 416 /* Manually assign socket ownership as we avoid calling
417 * sock_alloc_send_pskb() to bypass wmem buffer limits
418 */
419 skb_set_owner_w(skb, sk);
420
de09334b
YH		 421 return skb;
422}
423
f382d03a 424static void ip6_nd_hdr(struct sk_buff *skb,
2576f17d
YH		 425 const struct in6_addr *saddr,
426 const struct in6_addr *daddr,
c8d6c380 427 int hop_limit, int len)
2576f17d
YH		 428{
429 struct ipv6hdr *hdr;
2210d6b2
 430 struct inet6_dev *idev;
431 unsigned tclass;
432
433 rcu_read_lock();
434 idev = __in6_dev_get(skb->dev);
435 tclass = idev ? idev->cnf.ndisc_tclass : 0;
436 rcu_read_unlock();
2576f17d 437
527a150f 438 skb_push(skb, sizeof(*hdr));
2576f17d 439 skb_reset_network_header(skb);
2576f17d
YH		 440 hdr = ipv6_hdr(skb);
441
2210d6b2 442 ip6_flow_hdr(hdr, tclass, 0);
2576f17d
YH		 443
444 hdr->payload_len = htons(len);
c8d6c380
YH		 445 hdr->nexthdr = IPPROTO_ICMPV6;
446 hdr->hop_limit = hop_limit;
2576f17d
YH		 447
448 hdr->saddr = *saddr;
449 hdr->daddr = *daddr;
450}
451
af9a9976 452static void ndisc_send_skb(struct sk_buff *skb,
fd0ea7db 453 const struct in6_addr *daddr,
aa4bdd4b 454 const struct in6_addr *saddr)
305d552a 455{
f4de84c6 456 struct dst_entry *dst = skb_dst(skb);
af9a9976 457 struct net *net = dev_net(skb->dev);
7b3d9b06 458 struct sock *sk = net->ipv6.ndisc_sk;
305d552a
BH		 459 struct inet6_dev *idev;
460 int err;
aa4bdd4b 461 struct icmp6hdr *icmp6h = icmp6_hdr(skb);
305d552a
BH		 462 u8 type;
463
464 type = icmp6h->icmp6_type;
465
f4de84c6 466 if (!dst) {
f4de84c6 467 struct flowi6 fl6;
e0d56fdd 468 int oif = skb->dev->ifindex;
305d552a 469
ca254490 470 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, oif);
f4de84c6
YH		 471 dst = icmp6_dst_alloc(skb->dev, &fl6);
472 if (IS_ERR(dst)) {
473 kfree_skb(skb);
474 return;
475 }
476
477 skb_dst_set(skb, dst);
478 }
e1ec7842 479
7b3d9b06
YH		 480 icmp6h->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len,
481 IPPROTO_ICMPV6,
482 csum_partial(icmp6h,
483 skb->len, 0));
484
485 ip6_nd_hdr(skb, saddr, daddr, inet6_sk(sk)->hop_limit, skb->len);
486
cfdf7647
ED		 487 rcu_read_lock();
488 idev = __in6_dev_get(dst->dev);
edf391ff 489 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
e1ec7842 490
29a26a56
EB		 491 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT,
492 net, sk, skb, NULL, dst->dev,
13206b6b 493 dst_output);
1da177e4 494 if (!err) {
5c5d244b 495 ICMP6MSGOUT_INC_STATS(net, idev, type);
a862f6a6 496 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
1da177e4
LT		 497 }
498
cfdf7647 499 rcu_read_unlock();
1ab1457c 500}
1da177e4 501
38cf595b 502void ndisc_send_na(struct net_device *dev, const struct in6_addr *daddr,
f564f45c
CW		 503 const struct in6_addr *solicited_addr,
504 bool router, bool solicited, bool override, bool inc_opt)
e1ec7842 505{
b44b5f4a 506 struct sk_buff *skb;
e1ec7842
YH		 507 struct in6_addr tmpaddr;
508 struct inet6_ifaddr *ifp;
9acd9f3a 509 const struct in6_addr *src_addr;
1cb3fe51
YH		 510 struct nd_msg *msg;
511 int optlen = 0;
e1ec7842
YH		 512
513 /* for anycast or proxy, solicited_addr != src_addr */
c346dca1 514 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
e1ec7842
YH		 515 if (ifp) {
516 src_addr = solicited_addr;
517 if (ifp->flags & IFA_F_OPTIMISTIC)
f2f79cca 518 override = false;
9f888160 519 inc_opt |= ifp->idev->cnf.force_tllao;
e1ec7842
YH		 520 in6_ifa_put(ifp);
521 } else {
191cd582 522 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
c346dca1 523 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
7cbca67c 524 &tmpaddr))
e1ec7842
YH		 525 return;
526 src_addr = &tmpaddr;
527 }
528
1cb3fe51
YH		 529 if (!dev->addr_len)
530 inc_opt = 0;
531 if (inc_opt)
f997c55c
AA		 532 optlen += ndisc_opt_addr_space(dev,
533 NDISC_NEIGHBOUR_ADVERTISEMENT);
e1ec7842 534
1cb3fe51 535 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
b44b5f4a
YH		 536 if (!skb)
537 return;
538
4df864c1 539 msg = skb_put(skb, sizeof(*msg));
1cb3fe51
YH		 540 *msg = (struct nd_msg) {
541 .icmph = {
542 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
543 .icmp6_router = router,
544 .icmp6_solicited = solicited,
545 .icmp6_override = override,
546 },
547 .target = *solicited_addr,
548 };
549
550 if (inc_opt)
551 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR,
f997c55c
AA		 552 dev->dev_addr,
553 NDISC_NEIGHBOUR_ADVERTISEMENT);
1cb3fe51 554
b44b5f4a 555 ndisc_send_skb(skb, daddr, src_addr);
e1ec7842
YH		 556}
557
f47b9464
BH		 558static void ndisc_send_unsol_na(struct net_device *dev)
559{
560 struct inet6_dev *idev;
561 struct inet6_ifaddr *ifa;
f47b9464
BH		 562
563 idev = in6_dev_get(dev);
564 if (!idev)
565 return;
566
567 read_lock_bh(&idev->lock);
568 list_for_each_entry(ifa, &idev->addr_list, if_list) {
38cf595b 569 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &ifa->addr,
f47b9464
BH		 570 /*router=*/ !!idev->cnf.forwarding,
571 /*solicited=*/ false, /*override=*/ true,
572 /*inc_opt=*/ true);
573 }
574 read_unlock_bh(&idev->lock);
575
576 in6_dev_put(idev);
577}
578
38cf595b 579void ndisc_send_ns(struct net_device *dev, const struct in6_addr *solicit,
adc176c5
EN		 580 const struct in6_addr *daddr, const struct in6_addr *saddr,
581 u64 nonce)
1da177e4 582{
b44b5f4a 583 struct sk_buff *skb;
1da177e4 584 struct in6_addr addr_buf;
1cb3fe51
YH		 585 int inc_opt = dev->addr_len;
586 int optlen = 0;
587 struct nd_msg *msg;
1da177e4 588
63159f29 589 if (!saddr) {
95c385b4
NH		 590 if (ipv6_get_lladdr(dev, &addr_buf,
591 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
1da177e4
LT		 592 return;
593 saddr = &addr_buf;
594 }
595
1cb3fe51 596 if (ipv6_addr_any(saddr))
f2f79cca 597 inc_opt = false;
1cb3fe51 598 if (inc_opt)
f997c55c
AA		 599 optlen += ndisc_opt_addr_space(dev,
600 NDISC_NEIGHBOUR_SOLICITATION);
adc176c5
EN		 601 if (nonce != 0)
602 optlen += 8;
1cb3fe51
YH		 603
604 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
b44b5f4a
YH		 605 if (!skb)
606 return;
607
4df864c1 608 msg = skb_put(skb, sizeof(*msg));
1cb3fe51
YH		 609 *msg = (struct nd_msg) {
610 .icmph = {
611 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
612 },
613 .target = *solicit,
614 };
615
616 if (inc_opt)
617 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
f997c55c
AA		 618 dev->dev_addr,
619 NDISC_NEIGHBOUR_SOLICITATION);
adc176c5
EN		 620 if (nonce != 0) {
621 u8 *opt = skb_put(skb, 8);
622
623 opt[0] = ND_OPT_NONCE;
624 opt[1] = 8 >> 3;
625 memcpy(opt + 2, &nonce, 6);
626 }
1cb3fe51 627
b44b5f4a 628 ndisc_send_skb(skb, daddr, saddr);
1da177e4
LT		 629}
630
9acd9f3a
YH		 631void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
632 const struct in6_addr *daddr)
1da177e4 633{
b44b5f4a 634 struct sk_buff *skb;
1cb3fe51 635 struct rs_msg *msg;
95c385b4 636 int send_sllao = dev->addr_len;
1cb3fe51 637 int optlen = 0;
95c385b4
NH		 638
639#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
640 /*
641 * According to section 2.2 of RFC 4429, we must not
642 * send router solicitations with a sllao from
643 * optimistic addresses, but we may send the solicitation
644 * if we don't include the sllao. So here we check
645 * if our address is optimistic, and if so, we
bea85195 646 * suppress the inclusion of the sllao.
95c385b4
NH		 647 */
648 if (send_sllao) {
c346dca1 649 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
1cab3da6 650 dev, 1);
95c385b4
NH		 651 if (ifp) {
652 if (ifp->flags & IFA_F_OPTIMISTIC) {
ca043569 653 send_sllao = 0;
95c385b4 654 }
ca043569 655 in6_ifa_put(ifp);
95c385b4
NH		 656 } else {
657 send_sllao = 0;
658 }
659 }
660#endif
1cb3fe51 661 if (send_sllao)
f997c55c 662 optlen += ndisc_opt_addr_space(dev, NDISC_ROUTER_SOLICITATION);
1cb3fe51
YH		 663
664 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
b44b5f4a
YH		 665 if (!skb)
666 return;
667
4df864c1 668 msg = skb_put(skb, sizeof(*msg));
1cb3fe51
YH		 669 *msg = (struct rs_msg) {
670 .icmph = {
671 .icmp6_type = NDISC_ROUTER_SOLICITATION,
672 },
673 };
674
675 if (send_sllao)
676 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
f997c55c
AA		 677 dev->dev_addr,
678 NDISC_ROUTER_SOLICITATION);
1cb3fe51 679
b44b5f4a 680 ndisc_send_skb(skb, daddr, saddr);
1da177e4 681}
1ab1457c 682
1da177e4
LT		 683
684static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
685{
686 /*
687 * "The sender MUST return an ICMP
688 * destination unreachable"
689 */
690 dst_link_failure(skb);
691 kfree_skb(skb);
692}
693
694/* Called with locked neigh: either read or both */
695
696static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
697{
698 struct in6_addr *saddr = NULL;
699 struct in6_addr mcaddr;
700 struct net_device *dev = neigh->dev;
701 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
702 int probes = atomic_read(&neigh->probes);
703
c58da4c6
EK		 704 if (skb && ipv6_chk_addr_and_flags(dev_net(dev), &ipv6_hdr(skb)->saddr,
705 dev, 1,
706 IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))
0660e03f 707 saddr = &ipv6_hdr(skb)->saddr;
e5d08d71
IM		 708 probes -= NEIGH_VAR(neigh->parms, UCAST_PROBES);
709 if (probes < 0) {
1da177e4 710 if (!(neigh->nud_state & NUD_VALID)) {
675418d5
JP		 711 ND_PRINTK(1, dbg,
712 "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
713 __func__, target);
1da177e4 714 }
adc176c5 715 ndisc_send_ns(dev, target, target, saddr, 0);
1f9248e5 716 } else if ((probes -= NEIGH_VAR(neigh->parms, APP_PROBES)) < 0) {
1da177e4 717 neigh_app_ns(neigh);
1da177e4
LT		 718 } else {
719 addrconf_addr_solict_mult(target, &mcaddr);
adc176c5 720 ndisc_send_ns(dev, target, &mcaddr, saddr, 0);
1da177e4
LT		 721 }
722}
723
0736ffc0
YH		 724static int pndisc_is_router(const void *pkey,
725 struct net_device *dev)
fa86d322
PE		 726{
727 struct pneigh_entry *n;
0736ffc0 728 int ret = -1;
fa86d322
PE		 729
730 read_lock_bh(&nd_tbl.lock);
0736ffc0
YH		 731 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
732 if (n)
733 ret = !!(n->flags & NTF_ROUTER);
fa86d322
PE		 734 read_unlock_bh(&nd_tbl.lock);
735
0736ffc0 736 return ret;
fa86d322
PE		 737}
738
f997c55c
AA		 739void ndisc_update(const struct net_device *dev, struct neighbour *neigh,
740 const u8 *lladdr, u8 new, u32 flags, u8 icmp6_type,
741 struct ndisc_options *ndopts)
742{
7b8f7a40 743 neigh_update(neigh, lladdr, new, flags, 0);
f997c55c
AA		 744 /* report ndisc ops about neighbour update */
745 ndisc_ops_update(dev, neigh, flags, icmp6_type, ndopts);
746}
747
1da177e4
LT		 748static void ndisc_recv_ns(struct sk_buff *skb)
749{
9c70220b 750 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
b71d1d42
ED		 751 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
752 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
1da177e4 753 u8 *lladdr = NULL;
29a3cad5 754 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
27a884dc 755 offsetof(struct nd_msg, opt));
1da177e4
LT		 756 struct ndisc_options ndopts;
757 struct net_device *dev = skb->dev;
758 struct inet6_ifaddr *ifp;
759 struct inet6_dev *idev = NULL;
760 struct neighbour *neigh;
761 int dad = ipv6_addr_any(saddr);
a50feda5 762 bool inc;
0736ffc0 763 int is_router = -1;
adc176c5 764 u64 nonce = 0;
1da177e4 765
115b0aa6
YH		 766 if (skb->len < sizeof(struct nd_msg)) {
767 ND_PRINTK(2, warn, "NS: packet too short\n");
768 return;
769 }
770
1da177e4 771 if (ipv6_addr_is_multicast(&msg->target)) {
675418d5 772 ND_PRINTK(2, warn, "NS: multicast target address\n");
1da177e4
LT		 773 return;
774 }
775
776 /*
777 * RFC2461 7.1.1:
778 * DAD has to be destined for solicited node multicast address.
779 */
ca97a644 780 if (dad && !ipv6_addr_is_solict_mult(daddr)) {
675418d5 781 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
1da177e4
LT		 782 return;
783 }
784
f997c55c 785 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
675418d5 786 ND_PRINTK(2, warn, "NS: invalid ND options\n");
1da177e4
LT		 787 return;
788 }
789
790 if (ndopts.nd_opts_src_lladdr) {
791 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
792 if (!lladdr) {
675418d5
JP		 793 ND_PRINTK(2, warn,
794 "NS: invalid link-layer address length\n");
1da177e4
LT		 795 return;
796 }
797
798 /* RFC2461 7.1.1:
1ab1457c
YH		 799 * If the IP source address is the unspecified address,
800 * there MUST NOT be source link-layer address option
1da177e4
LT		 801 * in the message.
802 */
803 if (dad) {
675418d5
JP		 804 ND_PRINTK(2, warn,
805 "NS: bad DAD packet (link-layer address option)\n");
1da177e4
LT		 806 return;
807 }
808 }
adc176c5
EN		 809 if (ndopts.nd_opts_nonce)
810 memcpy(&nonce, (u8 *)(ndopts.nd_opts_nonce + 1), 6);
1da177e4
LT		 811
812 inc = ipv6_addr_is_multicast(daddr);
813
c346dca1 814 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
a18bc695 815 if (ifp) {
ca254490 816have_ifp:
95c385b4
NH		 817 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
818 if (dad) {
adc176c5
EN		 819 if (nonce != 0 && ifp->dad_nonce == nonce) {
820 u8 *np = (u8 *)&nonce;
821 /* Matching nonce if looped back */
822 ND_PRINTK(2, notice,
823 "%s: IPv6 DAD loopback for address %pI6c nonce %pM ignored\n",
824 ifp->idev->dev->name,
825 &ifp->addr, np);
826 goto out;
827 }
95c385b4
NH		 828 /*
829 * We are colliding with another node
830 * who is doing DAD
831 * so fail our DAD process
832 */
da13c59b 833 addrconf_dad_failure(skb, ifp);
9e3be4b3 834 return;
95c385b4
NH		 835 } else {
836 /*
837 * This is not a dad solicitation.
838 * If we are an optimistic node,
839 * we should respond.
840 * Otherwise, we should ignore it.
841 */
842 if (!(ifp->flags & IFA_F_OPTIMISTIC))
1da177e4 843 goto out;
1da177e4 844 }
1da177e4
LT		 845 }
846
847 idev = ifp->idev;
848 } else {
53b7997f
YH		 849 struct net *net = dev_net(dev);
850
ca254490
DA		 851 /* perhaps an address on the master device */
852 if (netif_is_l3_slave(dev)) {
853 struct net_device *mdev;
854
855 mdev = netdev_master_upper_dev_get_rcu(dev);
856 if (mdev) {
857 ifp = ipv6_get_ifaddr(net, &msg->target, mdev, 1);
858 if (ifp)
859 goto have_ifp;
860 }
861 }
862
1da177e4
LT		 863 idev = in6_dev_get(dev);
864 if (!idev) {
865 /* XXX: count this drop? */
866 return;
867 }
868
53b7997f 869 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
1ab1457c 870 (idev->cnf.forwarding &&
53b7997f 871 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
0736ffc0 872 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
a61bbcf2 873 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
1da177e4 874 skb->pkt_type != PACKET_HOST &&
f2f79cca 875 inc &&
1f9248e5 876 NEIGH_VAR(idev->nd_parms, PROXY_DELAY) != 0) {
1da177e4
LT		 877 /*
878 * for anycast or proxy,
1ab1457c
YH		 879 * sender should delay its response
880 * by a random time between 0 and
1da177e4
LT		 881 * MAX_ANYCAST_DELAY_TIME seconds.
882 * (RFC2461) -- yoshfuji
883 */
884 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
885 if (n)
886 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
887 goto out;
888 }
889 } else
890 goto out;
891 }
892
0736ffc0 893 if (is_router < 0)
fb568637 894 is_router = idev->cnf.forwarding;
62dd9318 895
1da177e4 896 if (dad) {
38cf595b 897 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &msg->target,
fb568637 898 !!is_router, false, (ifp != NULL), true);
1da177e4
LT		 899 goto out;
900 }
901
902 if (inc)
903 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
904 else
905 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
906
1ab1457c 907 /*
1da177e4
LT		 908 * update / create cache entry
909 * for the source address
910 */
911 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
912 !inc || lladdr || !dev->addr_len);
913 if (neigh)
f997c55c 914 ndisc_update(dev, neigh, lladdr, NUD_STALE,
1da177e4 915 NEIGH_UPDATE_F_WEAK_OVERRIDE|
f997c55c
AA		 916 NEIGH_UPDATE_F_OVERRIDE,
917 NDISC_NEIGHBOUR_SOLICITATION, &ndopts);
3b04ddde 918 if (neigh || !dev->header_ops) {
38cf595b 919 ndisc_send_na(dev, saddr, &msg->target, !!is_router,
fb568637 920 true, (ifp != NULL && inc), inc);
1da177e4
LT		 921 if (neigh)
922 neigh_release(neigh);
923 }
924
925out:
926 if (ifp)
927 in6_ifa_put(ifp);
928 else
929 in6_dev_put(idev);
1da177e4
LT		 930}
931
932static void ndisc_recv_na(struct sk_buff *skb)
933{
9c70220b 934 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
be7a010d 935 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
b71d1d42 936 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
1da177e4 937 u8 *lladdr = NULL;
29a3cad5 938 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
27a884dc 939 offsetof(struct nd_msg, opt));
1da177e4
LT		 940 struct ndisc_options ndopts;
941 struct net_device *dev = skb->dev;
7a02bf89 942 struct inet6_dev *idev = __in6_dev_get(dev);
1da177e4
LT		 943 struct inet6_ifaddr *ifp;
944 struct neighbour *neigh;
945
946 if (skb->len < sizeof(struct nd_msg)) {
675418d5 947 ND_PRINTK(2, warn, "NA: packet too short\n");
1da177e4
LT		 948 return;
949 }
950
951 if (ipv6_addr_is_multicast(&msg->target)) {
675418d5 952 ND_PRINTK(2, warn, "NA: target address is multicast\n");
1da177e4
LT		 953 return;
954 }
955
956 if (ipv6_addr_is_multicast(daddr) &&
957 msg->icmph.icmp6_solicited) {
675418d5 958 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
1da177e4
LT		 959 return;
960 }
1ab1457c 961
7a02bf89
JB		 962 /* For some 802.11 wireless deployments (and possibly other networks),
963 * there will be a NA proxy and unsolicitd packets are attacks
964 * and thus should not be accepted.
965 */
966 if (!msg->icmph.icmp6_solicited && idev &&
967 idev->cnf.drop_unsolicited_na)
968 return;
969
f997c55c 970 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
675418d5 971 ND_PRINTK(2, warn, "NS: invalid ND option\n");
1da177e4
LT		 972 return;
973 }
974 if (ndopts.nd_opts_tgt_lladdr) {
975 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
976 if (!lladdr) {
675418d5
JP		 977 ND_PRINTK(2, warn,
978 "NA: invalid link-layer address length\n");
1da177e4
LT		 979 return;
980 }
981 }
c346dca1 982 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
a18bc695 983 if (ifp) {
bd015928
DW		 984 if (skb->pkt_type != PACKET_LOOPBACK
985 && (ifp->flags & IFA_F_TENTATIVE)) {
da13c59b 986 addrconf_dad_failure(skb, ifp);
bd015928 987 return;
1da177e4
LT		 988 }
989 /* What should we make now? The advertisement
990 is invalid, but ndisc specs say nothing
991 about it. It could be misconfiguration, or
992 an smart proxy agent tries to help us :-)
24fc7b86
JS		 993
994 We should not print the error if NA has been
995 received from loopback - it is just our own
996 unsolicited advertisement.
1da177e4 997 */
24fc7b86 998 if (skb->pkt_type != PACKET_LOOPBACK)
675418d5 999 ND_PRINTK(1, warn,
da13c59b
VP		 1000 "NA: %pM advertised our address %pI6c on %s!\n",
1001 eth_hdr(skb)->h_source, &ifp->addr, ifp->idev->dev->name);
1da177e4
LT		 1002 in6_ifa_put(ifp);
1003 return;
1004 }
1005 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
1006
1007 if (neigh) {
1008 u8 old_flags = neigh->flags;
53b7997f 1009 struct net *net = dev_net(dev);
1da177e4
LT		 1010
1011 if (neigh->nud_state & NUD_FAILED)
1012 goto out;
1013
5f3e6e9e
VN		 1014 /*
1015 * Don't update the neighbor cache entry on a proxy NA from
1016 * ourselves because either the proxied node is off link or it
1017 * has already sent a NA to us.
1018 */
1019 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
53b7997f
YH		 1020 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
1021 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
b20b6d97 1022 /* XXX: idev->cnf.proxy_ndp */
5f3e6e9e 1023 goto out;
fbea49e1 1024 }
5f3e6e9e 1025
f997c55c 1026 ndisc_update(dev, neigh, lladdr,
1da177e4
LT		 1027 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
1028 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1029 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
1030 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
f997c55c
AA		 1031 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0),
1032 NDISC_NEIGHBOUR_ADVERTISEMENT, &ndopts);
1da177e4
LT		 1033
1034 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
1035 /*
1036 * Change: router to host
1037 */
be7a010d 1038 rt6_clean_tohost(dev_net(dev), saddr);
1da177e4
LT		 1039 }
1040
1041out:
1042 neigh_release(neigh);
1043 }
1044}
1045
1046static void ndisc_recv_rs(struct sk_buff *skb)
1047{
9c70220b 1048 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
1da177e4
LT		 1049 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
1050 struct neighbour *neigh;
1051 struct inet6_dev *idev;
b71d1d42 1052 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
1da177e4
LT		 1053 struct ndisc_options ndopts;
1054 u8 *lladdr = NULL;
1055
1056 if (skb->len < sizeof(*rs_msg))
1057 return;
1058
cfdf7647 1059 idev = __in6_dev_get(skb->dev);
1da177e4 1060 if (!idev) {
675418d5 1061 ND_PRINTK(1, err, "RS: can't find in6 device\n");
1da177e4
LT		 1062 return;
1063 }
1064
1065 /* Don't accept RS if we're not in router mode */
1066 if (!idev->cnf.forwarding)
1067 goto out;
1068
1069 /*
1070 * Don't update NCE if src = ::;
1071 * this implies that the source node has no ip address assigned yet.
1072 */
1073 if (ipv6_addr_any(saddr))
1074 goto out;
1075
1076 /* Parse ND options */
f997c55c 1077 if (!ndisc_parse_options(skb->dev, rs_msg->opt, ndoptlen, &ndopts)) {
675418d5 1078 ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n");
1da177e4
LT		 1079 goto out;
1080 }
1081
1082 if (ndopts.nd_opts_src_lladdr) {
1083 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1084 skb->dev);
1085 if (!lladdr)
1086 goto out;
1087 }
1088
1089 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1090 if (neigh) {
f997c55c 1091 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1da177e4
LT		 1092 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1093 NEIGH_UPDATE_F_OVERRIDE|
f997c55c
AA		 1094 NEIGH_UPDATE_F_OVERRIDE_ISROUTER,
1095 NDISC_ROUTER_SOLICITATION, &ndopts);
1da177e4
LT		 1096 neigh_release(neigh);
1097 }
1098out:
cfdf7647 1099 return;
1da177e4
LT		 1100}
1101
31910575
PY		 1102static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1103{
1104 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1105 struct sk_buff *skb;
1106 struct nlmsghdr *nlh;
1107 struct nduseroptmsg *ndmsg;
c346dca1 1108 struct net *net = dev_net(ra->dev);
31910575
PY		 1109 int err;
1110 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1111 + (opt->nd_opt_len << 3));
1112 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1113
1114 skb = nlmsg_new(msg_size, GFP_ATOMIC);
63159f29 1115 if (!skb) {
31910575
PY		 1116 err = -ENOBUFS;
1117 goto errout;
1118 }
1119
1120 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
63159f29 1121 if (!nlh) {
31910575
PY		 1122 goto nla_put_failure;
1123 }
1124
1125 ndmsg = nlmsg_data(nlh);
1126 ndmsg->nduseropt_family = AF_INET6;
dbb2ed24 1127 ndmsg->nduseropt_ifindex = ra->dev->ifindex;
31910575
PY		 1128 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1129 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1130 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1131
1132 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1133
930345ea 1134 if (nla_put_in6_addr(skb, NDUSEROPT_SRCADDR, &ipv6_hdr(ra)->saddr))
c78679e8 1135 goto nla_put_failure;
31910575
PY		 1136 nlmsg_end(skb, nlh);
1137
1ce85fe4 1138 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
31910575
PY		 1139 return;
1140
1141nla_put_failure:
1142 nlmsg_free(skb);
1143 err = -EMSGSIZE;
1144errout:
a18bc695 1145 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
31910575
PY		 1146}
1147
1da177e4
LT		 1148static void ndisc_router_discovery(struct sk_buff *skb)
1149{
9c70220b 1150 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1da177e4
LT		 1151 struct neighbour *neigh = NULL;
1152 struct inet6_dev *in6_dev;
65f5c7c1 1153 struct rt6_info *rt = NULL;
1da177e4
LT		 1154 int lifetime;
1155 struct ndisc_options ndopts;
1156 int optlen;
ebacaaa0 1157 unsigned int pref = 0;
a394eef5 1158 __u32 old_if_flags;
2053aeb6 1159 bool send_ifinfo_notify = false;
1da177e4 1160
67ba4152 1161 __u8 *opt = (__u8 *)(ra_msg + 1);
1da177e4 1162
29a3cad5
SH		 1163 optlen = (skb_tail_pointer(skb) - skb_transport_header(skb)) -
1164 sizeof(struct ra_msg);
1da177e4 1165
f2a762d8
BG		 1166 ND_PRINTK(2, info,
1167 "RA: %s, dev: %s\n",
1168 __func__, skb->dev->name);
0660e03f 1169 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
675418d5 1170 ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1da177e4
LT		 1171 return;
1172 }
1173 if (optlen < 0) {
675418d5 1174 ND_PRINTK(2, warn, "RA: packet too short\n");
1da177e4
LT		 1175 return;
1176 }
1177
de357cc0 1178#ifdef CONFIG_IPV6_NDISC_NODETYPE
fadf6bf0 1179 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
675418d5 1180 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
fadf6bf0
TF		 1181 return;
1182 }
de357cc0 1183#endif
fadf6bf0 1184
1da177e4
LT		 1185 /*
1186 * set the RA_RECV flag in the interface
1187 */
1188
cfdf7647 1189 in6_dev = __in6_dev_get(skb->dev);
63159f29 1190 if (!in6_dev) {
675418d5
JP		 1191 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1192 skb->dev->name);
1da177e4
LT		 1193 return;
1194 }
1da177e4 1195
f997c55c 1196 if (!ndisc_parse_options(skb->dev, opt, optlen, &ndopts)) {
675418d5 1197 ND_PRINTK(2, warn, "RA: invalid ND options\n");
1da177e4
LT		 1198 return;
1199 }
1200
f2a762d8
BG		 1201 if (!ipv6_accept_ra(in6_dev)) {
1202 ND_PRINTK(2, info,
1203 "RA: %s, did not accept ra for dev: %s\n",
1204 __func__, skb->dev->name);
31ce8c71 1205 goto skip_linkparms;
f2a762d8 1206 }
31ce8c71 1207
de357cc0 1208#ifdef CONFIG_IPV6_NDISC_NODETYPE
fadf6bf0 1209 /* skip link-specific parameters from interior routers */
f2a762d8
BG		 1210 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1211 ND_PRINTK(2, info,
1212 "RA: %s, nodetype is NODEFAULT, dev: %s\n",
1213 __func__, skb->dev->name);
fadf6bf0 1214 goto skip_linkparms;
f2a762d8 1215 }
de357cc0 1216#endif
fadf6bf0 1217
1da177e4
LT		 1218 if (in6_dev->if_flags & IF_RS_SENT) {
1219 /*
1220 * flag that an RA was received after an RS was sent
1221 * out on this interface.
1222 */
1223 in6_dev->if_flags |= IF_RA_RCVD;
1224 }
1225
1226 /*
1227 * Remember the managed/otherconf flags from most recently
1228 * received RA message (RFC 2462) -- yoshfuji
1229 */
a394eef5 1230 old_if_flags = in6_dev->if_flags;
1da177e4
LT		 1231 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1232 IF_RA_OTHERCONF)) |
1233 (ra_msg->icmph.icmp6_addrconf_managed ?
1234 IF_RA_MANAGED : 0) |
1235 (ra_msg->icmph.icmp6_addrconf_other ?
1236 IF_RA_OTHERCONF : 0);
1237
a394eef5 1238 if (old_if_flags != in6_dev->if_flags)
2053aeb6 1239 send_ifinfo_notify = true;
a394eef5 1240
f2a762d8
BG		 1241 if (!in6_dev->cnf.accept_ra_defrtr) {
1242 ND_PRINTK(2, info,
1243 "RA: %s, defrtr is false for dev: %s\n",
1244 __func__, skb->dev->name);
65f5c7c1 1245 goto skip_defrtr;
f2a762d8 1246 }
65f5c7c1 1247
d9333196
BG		 1248 /* Do not accept RA with source-addr found on local machine unless
1249 * accept_ra_from_local is set to true.
1250 */
b6428817
LR		 1251 if (!in6_dev->cnf.accept_ra_from_local &&
1252 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
c1a9a291 1253 in6_dev->dev, 0)) {
f2a762d8 1254 ND_PRINTK(2, info,
d9333196
BG		 1255 "RA from local address detected on dev: %s: default router ignored\n",
1256 skb->dev->name);
9f56220f 1257 goto skip_defrtr;
f2a762d8 1258 }
9f56220f 1259
1da177e4
LT		 1260 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1261
ebacaaa0
YH		 1262#ifdef CONFIG_IPV6_ROUTER_PREF
1263 pref = ra_msg->icmph.icmp6_router_pref;
1264 /* 10b is handled as if it were 00b (medium) */
930d6ff2 1265 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
6d5b78cd 1266 !in6_dev->cnf.accept_ra_rtr_pref)
ebacaaa0
YH		 1267 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1268#endif
1269
0660e03f 1270 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1da177e4 1271
eb857186
DM		 1272 if (rt) {
1273 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1274 if (!neigh) {
675418d5
JP		 1275 ND_PRINTK(0, err,
1276 "RA: %s got default router without neighbour\n",
1277 __func__);
94e187c0 1278 ip6_rt_put(rt);
eb857186
DM		 1279 return;
1280 }
1281 }
1da177e4 1282 if (rt && lifetime == 0) {
e0a1ad73 1283 ip6_del_rt(rt);
1da177e4
LT		 1284 rt = NULL;
1285 }
1286
f2a762d8
BG		 1287 ND_PRINTK(3, info, "RA: rt: %p lifetime: %d, for dev: %s\n",
1288 rt, lifetime, skb->dev->name);
63159f29 1289 if (!rt && lifetime) {
f2a762d8 1290 ND_PRINTK(3, info, "RA: adding default router\n");
1da177e4 1291
0660e03f 1292 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
63159f29 1293 if (!rt) {
675418d5
JP		 1294 ND_PRINTK(0, err,
1295 "RA: %s failed to add default route\n",
1296 __func__);
1da177e4
LT		 1297 return;
1298 }
1299
eb857186 1300 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
63159f29 1301 if (!neigh) {
675418d5
JP		 1302 ND_PRINTK(0, err,
1303 "RA: %s got default router without neighbour\n",
1304 __func__);
94e187c0 1305 ip6_rt_put(rt);
1da177e4
LT		 1306 return;
1307 }
1308 neigh->flags |= NTF_ROUTER;
ebacaaa0 1309 } else if (rt) {
22441cfa 1310 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1da177e4
LT		 1311 }
1312
1313 if (rt)
1716a961 1314 rt6_set_expires(rt, jiffies + (HZ * lifetime));
8013d1d7
HL		 1315 if (in6_dev->cnf.accept_ra_min_hop_limit < 256 &&
1316 ra_msg->icmph.icmp6_hop_limit) {
1317 if (in6_dev->cnf.accept_ra_min_hop_limit <= ra_msg->icmph.icmp6_hop_limit) {
6fd99094 1318 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
8013d1d7
HL		 1319 if (rt)
1320 dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
1321 ra_msg->icmph.icmp6_hop_limit);
6fd99094 1322 } else {
8013d1d7 1323 ND_PRINTK(2, warn, "RA: Got route advertisement with lower hop_limit than minimum\n");
6fd99094 1324 }
1da177e4
LT		 1325 }
1326
65f5c7c1
YH		 1327skip_defrtr:
1328
1da177e4
LT		 1329 /*
1330 * Update Reachable Time and Retrans Timer
1331 */
1332
1333 if (in6_dev->nd_parms) {
1334 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1335
1336 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1337 rtime = (rtime*HZ)/1000;
1338 if (rtime < HZ/10)
1339 rtime = HZ/10;
1f9248e5 1340 NEIGH_VAR_SET(in6_dev->nd_parms, RETRANS_TIME, rtime);
1da177e4 1341 in6_dev->tstamp = jiffies;
2053aeb6 1342 send_ifinfo_notify = true;
1da177e4
LT		 1343 }
1344
1345 rtime = ntohl(ra_msg->reachable_time);
1346 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1347 rtime = (rtime*HZ)/1000;
1348
1349 if (rtime < HZ/10)
1350 rtime = HZ/10;
1351
1f9248e5
JP		 1352 if (rtime != NEIGH_VAR(in6_dev->nd_parms, BASE_REACHABLE_TIME)) {
1353 NEIGH_VAR_SET(in6_dev->nd_parms,
1354 BASE_REACHABLE_TIME, rtime);
1355 NEIGH_VAR_SET(in6_dev->nd_parms,
1356 GC_STALETIME, 3 * rtime);
1da177e4
LT		 1357 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1358 in6_dev->tstamp = jiffies;
2053aeb6 1359 send_ifinfo_notify = true;
1da177e4
LT		 1360 }
1361 }
1362 }
1363
2053aeb6
MT		 1364 /*
1365 * Send a notify if RA changed managed/otherconf flags or timer settings
1366 */
1367 if (send_ifinfo_notify)
1368 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1369
fadf6bf0
TF		 1370skip_linkparms:
1371
1da177e4
LT		 1372 /*
1373 * Process options.
1374 */
1375
1376 if (!neigh)
0660e03f 1377 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1da177e4
LT		 1378 skb->dev, 1);
1379 if (neigh) {
1380 u8 *lladdr = NULL;
1381 if (ndopts.nd_opts_src_lladdr) {
1382 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1383 skb->dev);
1384 if (!lladdr) {
675418d5
JP		 1385 ND_PRINTK(2, warn,
1386 "RA: invalid link-layer address length\n");
1da177e4
LT		 1387 goto out;
1388 }
1389 }
f997c55c 1390 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1da177e4
LT		 1391 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1392 NEIGH_UPDATE_F_OVERRIDE|
1393 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
f997c55c
AA		 1394 NEIGH_UPDATE_F_ISROUTER,
1395 NDISC_ROUTER_ADVERTISEMENT, &ndopts);
1da177e4
LT		 1396 }
1397
f2a762d8
BG		 1398 if (!ipv6_accept_ra(in6_dev)) {
1399 ND_PRINTK(2, info,
1400 "RA: %s, accept_ra is false for dev: %s\n",
1401 __func__, skb->dev->name);
31ce8c71 1402 goto out;
f2a762d8 1403 }
31ce8c71 1404
70ceb4f5 1405#ifdef CONFIG_IPV6_ROUTE_INFO
b6428817
LR		 1406 if (!in6_dev->cnf.accept_ra_from_local &&
1407 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
c1a9a291 1408 in6_dev->dev, 0)) {
f2a762d8 1409 ND_PRINTK(2, info,
d9333196
BG		 1410 "RA from local address detected on dev: %s: router info ignored.\n",
1411 skb->dev->name);
9f56220f 1412 goto skip_routeinfo;
f2a762d8 1413 }
9f56220f 1414
09c884d4 1415 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
70ceb4f5
YH		 1416 struct nd_opt_hdr *p;
1417 for (p = ndopts.nd_opts_ri;
1418 p;
1419 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
6294e000
YH		 1420 struct route_info *ri = (struct route_info *)p;
1421#ifdef CONFIG_IPV6_NDISC_NODETYPE
1422 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1423 ri->prefix_len == 0)
1424 continue;
1425#endif
30e56918
DJ		 1426 if (ri->prefix_len == 0 &&
1427 !in6_dev->cnf.accept_ra_defrtr)
1428 continue;
bbea124b
JS		 1429 if (ri->prefix_len < in6_dev->cnf.accept_ra_rt_info_min_plen)
1430 continue;
6294e000 1431 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
09c884d4 1432 continue;
67ba4152 1433 rt6_route_rcv(skb->dev, (u8 *)p, (p->nd_opt_len) << 3,
0660e03f 1434 &ipv6_hdr(skb)->saddr);
70ceb4f5
YH		 1435 }
1436 }
9f56220f
AH		 1437
1438skip_routeinfo:
70ceb4f5
YH		 1439#endif
1440
de357cc0 1441#ifdef CONFIG_IPV6_NDISC_NODETYPE
fadf6bf0 1442 /* skip link-specific ndopts from interior routers */
f2a762d8
BG		 1443 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1444 ND_PRINTK(2, info,
1445 "RA: %s, nodetype is NODEFAULT (interior routes), dev: %s\n",
1446 __func__, skb->dev->name);
fadf6bf0 1447 goto out;
f2a762d8 1448 }
de357cc0 1449#endif
fadf6bf0 1450
c4fd30eb 1451 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1da177e4
LT		 1452 struct nd_opt_hdr *p;
1453 for (p = ndopts.nd_opts_pi;
1454 p;
1455 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
e6bff995
NH		 1456 addrconf_prefix_rcv(skb->dev, (u8 *)p,
1457 (p->nd_opt_len) << 3,
1458 ndopts.nd_opts_src_lladdr != NULL);
1da177e4
LT		 1459 }
1460 }
1461
c2943f14 1462 if (ndopts.nd_opts_mtu && in6_dev->cnf.accept_ra_mtu) {
e69a4adc 1463 __be32 n;
1da177e4
LT		 1464 u32 mtu;
1465
67ba4152 1466 memcpy(&n, ((u8 *)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
e69a4adc 1467 mtu = ntohl(n);
1da177e4
LT		 1468
1469 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
675418d5 1470 ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1da177e4
LT		 1471 } else if (in6_dev->cnf.mtu6 != mtu) {
1472 in6_dev->cnf.mtu6 = mtu;
1473
1474 if (rt)
defb3519 1475 dst_metric_set(&rt->dst, RTAX_MTU, mtu);
1da177e4
LT		 1476
1477 rt6_mtu_change(skb->dev, mtu);
1478 }
1479 }
1ab1457c 1480
31910575 1481 if (ndopts.nd_useropts) {
61cf46ad
YH		 1482 struct nd_opt_hdr *p;
1483 for (p = ndopts.nd_useropts;
1484 p;
f997c55c
AA		 1485 p = ndisc_next_useropt(skb->dev, p,
1486 ndopts.nd_useropts_end)) {
61cf46ad 1487 ndisc_ra_useropt(skb, p);
31910575
PY		 1488 }
1489 }
1490
1da177e4 1491 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
675418d5 1492 ND_PRINTK(2, warn, "RA: invalid RA options\n");
1da177e4
LT		 1493 }
1494out:
94e187c0 1495 ip6_rt_put(rt);
eb857186 1496 if (neigh)
1da177e4 1497 neigh_release(neigh);
1da177e4
LT		 1498}
1499
1500static void ndisc_redirect_rcv(struct sk_buff *skb)
1501{
093d04d4
DJ		 1502 u8 *hdr;
1503 struct ndisc_options ndopts;
1504 struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb);
29a3cad5 1505 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
093d04d4
DJ		 1506 offsetof(struct rd_msg, opt));
1507
de357cc0 1508#ifdef CONFIG_IPV6_NDISC_NODETYPE
fadf6bf0
TF		 1509 switch (skb->ndisc_nodetype) {
1510 case NDISC_NODETYPE_HOST:
1511 case NDISC_NODETYPE_NODEFAULT:
675418d5
JP		 1512 ND_PRINTK(2, warn,
1513 "Redirect: from host or unauthorized router\n");
fadf6bf0
TF		 1514 return;
1515 }
de357cc0 1516#endif
fadf6bf0 1517
0660e03f 1518 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
675418d5
JP		 1519 ND_PRINTK(2, warn,
1520 "Redirect: source address is not link-local\n");
1da177e4
LT		 1521 return;
1522 }
1523
f997c55c 1524 if (!ndisc_parse_options(skb->dev, msg->opt, ndoptlen, &ndopts))
093d04d4
DJ		 1525 return;
1526
c92a59ec 1527 if (!ndopts.nd_opts_rh) {
b55b76b2
DJ		 1528 ip6_redirect_no_header(skb, dev_net(skb->dev),
1529 skb->dev->ifindex, 0);
093d04d4 1530 return;
c92a59ec 1531 }
093d04d4
DJ		 1532
1533 hdr = (u8 *)ndopts.nd_opts_rh;
1534 hdr += 8;
1535 if (!pskb_pull(skb, hdr - skb_transport_header(skb)))
1536 return;
1537
b94f1c09 1538 icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1da177e4
LT		 1539}
1540
5f5a0115
YH		 1541static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb,
1542 struct sk_buff *orig_skb,
1543 int rd_len)
9c86dafe 1544{
5f5a0115
YH		 1545 u8 *opt = skb_put(skb, rd_len);
1546
9c86dafe
YH		 1547 memset(opt, 0, 8);
1548 *(opt++) = ND_OPT_REDIRECT_HDR;
1549 *(opt++) = (rd_len >> 3);
1550 opt += 6;
1551
1552 memcpy(opt, ipv6_hdr(orig_skb), rd_len - 8);
9c86dafe
YH		 1553}
1554
4991969a 1555void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1da177e4 1556{
1762f7e8 1557 struct net_device *dev = skb->dev;
c346dca1 1558 struct net *net = dev_net(dev);
1762f7e8 1559 struct sock *sk = net->ipv6.ndisc_sk;
2ce13576 1560 int optlen = 0;
fbfe95a4 1561 struct inet_peer *peer;
1da177e4 1562 struct sk_buff *buff;
71bcdba0 1563 struct rd_msg *msg;
1da177e4 1564 struct in6_addr saddr_buf;
1da177e4
LT		 1565 struct rt6_info *rt;
1566 struct dst_entry *dst;
4c9483b2 1567 struct flowi6 fl6;
1da177e4 1568 int rd_len;
f997c55c
AA		 1569 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL,
1570 ops_data_buf[NDISC_OPS_REDIRECT_DATA_SPACE], *ops_data = NULL;
1d861aa4 1571 bool ret;
1da177e4 1572
95c385b4 1573 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
675418d5
JP		 1574 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1575 dev->name);
1ab1457c
YH		 1576 return;
1577 }
1da177e4 1578
0660e03f 1579 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
bf0b48df 1580 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
675418d5
JP		 1581 ND_PRINTK(2, warn,
1582 "Redirect: target address is not link-local unicast\n");
29556526
LY		 1583 return;
1584 }
1585
4c9483b2 1586 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
e0d56fdd 1587 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1da177e4 1588
4c9483b2 1589 dst = ip6_route_output(net, NULL, &fl6);
5095d64d
RL		 1590 if (dst->error) {
1591 dst_release(dst);
1da177e4 1592 return;
5095d64d 1593 }
4c9483b2 1594 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
452edd59 1595 if (IS_ERR(dst))
1da177e4 1596 return;
1da177e4
LT		 1597
1598 rt = (struct rt6_info *) dst;
1599
1600 if (rt->rt6i_flags & RTF_GATEWAY) {
675418d5
JP		 1601 ND_PRINTK(2, warn,
1602 "Redirect: destination is not a neighbour\n");
d73f0801 1603 goto release;
1da177e4 1604 }
fd0273d7 1605 peer = inet_getpeer_v6(net->ipv6.peers, &ipv6_hdr(skb)->saddr, 1);
1d861aa4
DM		 1606 ret = inet_peer_xrlim_allow(peer, 1*HZ);
1607 if (peer)
1608 inet_putpeer(peer);
1609 if (!ret)
d73f0801 1610 goto release;
1da177e4
LT		 1611
1612 if (dev->addr_len) {
4991969a
DM		 1613 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1614 if (!neigh) {
675418d5
JP		 1615 ND_PRINTK(2, warn,
1616 "Redirect: no neigh for target address\n");
4991969a
DM		 1617 goto release;
1618 }
1619
1da177e4
LT		 1620 read_lock_bh(&neigh->lock);
1621 if (neigh->nud_state & NUD_VALID) {
1622 memcpy(ha_buf, neigh->ha, dev->addr_len);
1623 read_unlock_bh(&neigh->lock);
1624 ha = ha_buf;
f997c55c
AA		 1625 optlen += ndisc_redirect_opt_addr_space(dev, neigh,
1626 ops_data_buf,
1627 &ops_data);
1da177e4
LT		 1628 } else
1629 read_unlock_bh(&neigh->lock);
4991969a
DM		 1630
1631 neigh_release(neigh);
1da177e4
LT		 1632 }
1633
1634 rd_len = min_t(unsigned int,
2ce13576
YH		 1635 IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen,
1636 skb->len + 8);
1da177e4 1637 rd_len &= ~0x7;
2ce13576 1638 optlen += rd_len;
1da177e4 1639
2ce13576 1640 buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
de09334b 1641 if (!buff)
d73f0801 1642 goto release;
1da177e4 1643
4df864c1 1644 msg = skb_put(buff, sizeof(*msg));
4d5c152e
YH		 1645 *msg = (struct rd_msg) {
1646 .icmph = {
1647 .icmp6_type = NDISC_REDIRECT,
1648 },
1649 .target = *target,
1650 .dest = ipv6_hdr(skb)->daddr,
1651 };
1da177e4 1652
1da177e4
LT		 1653 /*
1654 * include target_address option
1655 */
1656
1657 if (ha)
f997c55c 1658 ndisc_fill_redirect_addr_option(buff, ha, ops_data);
1da177e4
LT		 1659
1660 /*
1661 * build redirect option and copy skb over to the new packet.
1662 */
1663
9c86dafe 1664 if (rd_len)
5f5a0115 1665 ndisc_fill_redirect_hdr_option(buff, skb, rd_len);
1da177e4 1666
adf30907 1667 skb_dst_set(buff, dst);
f4de84c6 1668 ndisc_send_skb(buff, &ipv6_hdr(skb)->saddr, &saddr_buf);
d73f0801
IJ		 1669 return;
1670
1671release:
1672 dst_release(dst);
1da177e4
LT		 1673}
1674
1675static void pndisc_redo(struct sk_buff *skb)
1676{
140e26fc 1677 ndisc_recv_ns(skb);
1da177e4
LT		 1678 kfree_skb(skb);
1679}
1680
b800c3b9
HFS		 1681static bool ndisc_suppress_frag_ndisc(struct sk_buff *skb)
1682{
1683 struct inet6_dev *idev = __in6_dev_get(skb->dev);
1684
1685 if (!idev)
1686 return true;
1687 if (IP6CB(skb)->flags & IP6SKB_FRAGMENTED &&
1688 idev->cnf.suppress_frag_ndisc) {
1689 net_warn_ratelimited("Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.\n");
1690 return true;
1691 }
1692 return false;
1693}
1694
1da177e4
LT		 1695int ndisc_rcv(struct sk_buff *skb)
1696{
1697 struct nd_msg *msg;
1698
b800c3b9
HFS		 1699 if (ndisc_suppress_frag_ndisc(skb))
1700 return 0;
1701
6bce6b4e 1702 if (skb_linearize(skb))
1da177e4
LT		 1703 return 0;
1704
9c70220b 1705 msg = (struct nd_msg *)skb_transport_header(skb);
1da177e4 1706
9c70220b 1707 __skb_push(skb, skb->data - skb_transport_header(skb));
1da177e4 1708
0660e03f 1709 if (ipv6_hdr(skb)->hop_limit != 255) {
675418d5
JP		 1710 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1711 ipv6_hdr(skb)->hop_limit);
1da177e4
LT		 1712 return 0;
1713 }
1714
1715 if (msg->icmph.icmp6_code != 0) {
675418d5
JP		 1716 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1717 msg->icmph.icmp6_code);
1da177e4
LT		 1718 return 0;
1719 }
1720
a61bbcf2
PM		 1721 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1722
1da177e4
LT		 1723 switch (msg->icmph.icmp6_type) {
1724 case NDISC_NEIGHBOUR_SOLICITATION:
1725 ndisc_recv_ns(skb);
1726 break;
1727
1728 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1729 ndisc_recv_na(skb);
1730 break;
1731
1732 case NDISC_ROUTER_SOLICITATION:
1733 ndisc_recv_rs(skb);
1734 break;
1735
1736 case NDISC_ROUTER_ADVERTISEMENT:
1737 ndisc_router_discovery(skb);
1738 break;
1739
1740 case NDISC_REDIRECT:
1741 ndisc_redirect_rcv(skb);
1742 break;
3ff50b79 1743 }
1da177e4
LT		 1744
1745 return 0;
1746}
1747
1748static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1749{
351638e7 1750 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
c8507fb2 1751 struct netdev_notifier_change_info *change_info;
c346dca1 1752 struct net *net = dev_net(dev);
5cb04436 1753 struct inet6_dev *idev;
1da177e4
LT		 1754
1755 switch (event) {
1756 case NETDEV_CHANGEADDR:
1757 neigh_changeaddr(&nd_tbl, dev);
2ac3ac8f 1758 fib6_run_gc(0, net, false);
4a6e3c5d
DA		 1759 /* fallthrough */
1760 case NETDEV_UP:
5cb04436
HFS		 1761 idev = in6_dev_get(dev);
1762 if (!idev)
1763 break;
fc1f8f4f
DA		 1764 if (idev->cnf.ndisc_notify ||
1765 net->ipv6.devconf_all->ndisc_notify)
5cb04436
HFS		 1766 ndisc_send_unsol_na(dev);
1767 in6_dev_put(idev);
1da177e4 1768 break;
c8507fb2
ED		 1769 case NETDEV_CHANGE:
1770 change_info = ptr;
1771 if (change_info->flags_changed & IFF_NOARP)
1772 neigh_changeaddr(&nd_tbl, dev);
1773 break;
1da177e4
LT		 1774 case NETDEV_DOWN:
1775 neigh_ifdown(&nd_tbl, dev);
2ac3ac8f 1776 fib6_run_gc(0, net, false);
1da177e4 1777 break;
f47b9464
BH		 1778 case NETDEV_NOTIFY_PEERS:
1779 ndisc_send_unsol_na(dev);
1780 break;
1da177e4
LT		 1781 default:
1782 break;
1783 }
1784
1785 return NOTIFY_DONE;
1786}
1787
1788static struct notifier_block ndisc_netdev_notifier = {
1789 .notifier_call = ndisc_netdev_event,
6eb79393 1790 .priority = ADDRCONF_NOTIFY_PRIORITY - 5,
1da177e4
LT		 1791};
1792
1793#ifdef CONFIG_SYSCTL
1794static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1795 const char *func, const char *dev_name)
1796{
1797 static char warncomm[TASK_COMM_LEN];
1798 static int warned;
1799 if (strcmp(warncomm, current->comm) && warned < 5) {
1800 strcpy(warncomm, current->comm);
f3213831 1801 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1da177e4
LT		 1802 warncomm, func,
1803 dev_name, ctl->procname,
1804 dev_name, ctl->procname);
1805 warned++;
1806 }
1807}
1808
8d65af78 1809int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
1da177e4
LT		 1810{
1811 struct net_device *dev = ctl->extra1;
1812 struct inet6_dev *idev;
1813 int ret;
1814
d12af679
EB		 1815 if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1816 (strcmp(ctl->procname, "base_reachable_time") == 0))
1da177e4
LT		 1817 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1818
d12af679 1819 if (strcmp(ctl->procname, "retrans_time") == 0)
cb5b09c1 1820 ret = neigh_proc_dointvec(ctl, write, buffer, lenp, ppos);
d12af679
EB		 1821
1822 else if (strcmp(ctl->procname, "base_reachable_time") == 0)
cb5b09c1
JP		 1823 ret = neigh_proc_dointvec_jiffies(ctl, write,
1824 buffer, lenp, ppos);
d12af679
EB		 1825
1826 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
ad02ac14 1827 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
cb5b09c1
JP		 1828 ret = neigh_proc_dointvec_ms_jiffies(ctl, write,
1829 buffer, lenp, ppos);
d12af679 1830 else
1da177e4 1831 ret = -1;
1da177e4
LT		 1832
1833 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1f9248e5
JP		 1834 if (ctl->data == &NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME))
1835 idev->nd_parms->reachable_time =
1836 neigh_rand_reach_time(NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME));
1da177e4
LT		 1837 idev->tstamp = jiffies;
1838 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1839 in6_dev_put(idev);
1840 }
1841 return ret;
1842}
1843
1da177e4
LT		 1844
1845#endif
1846
2c8c1e72 1847static int __net_init ndisc_net_init(struct net *net)
1da177e4
LT		 1848{
1849 struct ipv6_pinfo *np;
1850 struct sock *sk;
1ab1457c 1851 int err;
1da177e4 1852
1ed8516f
DL		 1853 err = inet_ctl_sock_create(&sk, PF_INET6,
1854 SOCK_RAW, IPPROTO_ICMPV6, net);
1da177e4 1855 if (err < 0) {
675418d5
JP		 1856 ND_PRINTK(0, err,
1857 "NDISC: Failed to initialize the control socket (err %d)\n",
1858 err);
1da177e4
LT		 1859 return err;
1860 }
1861
1ed8516f 1862 net->ipv6.ndisc_sk = sk;
1762f7e8 1863
1da177e4 1864 np = inet6_sk(sk);
1da177e4
LT		 1865 np->hop_limit = 255;
1866 /* Do not loopback ndisc messages */
1867 np->mc_loop = 0;
1da177e4 1868
1762f7e8
DL		 1869 return 0;
1870}
1871
2c8c1e72 1872static void __net_exit ndisc_net_exit(struct net *net)
1762f7e8 1873{
1ed8516f 1874 inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1762f7e8
DL		 1875}
1876
1877static struct pernet_operations ndisc_net_ops = {
1878 .init = ndisc_net_init,
1879 .exit = ndisc_net_exit,
1880};
1881
1882int __init ndisc_init(void)
1883{
1884 int err;
1885
1886 err = register_pernet_subsys(&ndisc_net_ops);
1887 if (err)
1888 return err;
1ab1457c
YH		 1889 /*
1890 * Initialize the neighbour table
1891 */
d7480fd3 1892 neigh_table_init(NEIGH_ND_TABLE, &nd_tbl);
1da177e4
LT		 1893
1894#ifdef CONFIG_SYSCTL
73af614a 1895 err = neigh_sysctl_register(NULL, &nd_tbl.parms,
56ec0fb1 1896 ndisc_ifinfo_sysctl_change);
1762f7e8
DL		 1897 if (err)
1898 goto out_unregister_pernet;
1762f7e8 1899out:
bcd081a3 1900#endif
1762f7e8 1901 return err;
1da177e4 1902
1762f7e8 1903#ifdef CONFIG_SYSCTL
1762f7e8 1904out_unregister_pernet:
1762f7e8
DL		 1905 unregister_pernet_subsys(&ndisc_net_ops);
1906 goto out;
2c861cc6 1907#endif
1da177e4
LT		 1908}
1909
2c861cc6
MK		 1910int __init ndisc_late_init(void)
1911{
1912 return register_netdevice_notifier(&ndisc_netdev_notifier);
1913}
1914
1915void ndisc_late_cleanup(void)
1da177e4 1916{
36f73d0c 1917 unregister_netdevice_notifier(&ndisc_netdev_notifier);
2c861cc6
MK		 1918}
1919
1920void ndisc_cleanup(void)
1921{
1da177e4
LT		 1922#ifdef CONFIG_SYSCTL
1923 neigh_sysctl_unregister(&nd_tbl.parms);
1924#endif
d7480fd3 1925 neigh_table_clear(NEIGH_ND_TABLE, &nd_tbl);
1762f7e8 1926 unregister_pernet_subsys(&ndisc_net_ops);
1da177e4 1927}
ubuntu-bionic-kernel mirror