]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blame - net/ipv6/ndisc.c
projects / mirror_ubuntu-bionic-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge tag 'pci-v4.8-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci
[mirror_ubuntu-bionic-kernel.git] / net / ipv6 / ndisc.c
CommitLineData
1da177e4
LT		 1/*
2 * Neighbour Discovery for IPv6
1ab1457c 3 * Linux INET6 implementation
1da177e4
LT		 4 *
5 * Authors:
1ab1457c 6 * Pedro Roque <roque@di.fc.ul.pt>
1da177e4
LT		 7 * Mike Shaver <shaver@ingenia.com>
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version
12 * 2 of the License, or (at your option) any later version.
13 */
14
15/*
16 * Changes:
17 *
e35f30c1 18 * Alexey I. Froloff : RFC6106 (DNSSL) support
31910575
PY		 19 * Pierre Ynard : export userland ND options
20 * through netlink (RDNSS support)
1da177e4
LT		 21 * Lars Fenneberg : fixed MTU setting on receipt
22 * of an RA.
1da177e4
LT		 23 * Janos Farkas : kmalloc failure checks
24 * Alexey Kuznetsov : state machine reworked
25 * and moved to net/core.
26 * Pekka Savola : RFC2461 validation
27 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly
28 */
29
675418d5 30#define pr_fmt(fmt) "ICMPv6: " fmt
1da177e4
LT		 31
32#include <linux/module.h>
1da177e4
LT		 33#include <linux/errno.h>
34#include <linux/types.h>
35#include <linux/socket.h>
36#include <linux/sockios.h>
37#include <linux/sched.h>
38#include <linux/net.h>
39#include <linux/in6.h>
40#include <linux/route.h>
41#include <linux/init.h>
42#include <linux/rcupdate.h>
5a0e3ad6 43#include <linux/slab.h>
1da177e4
LT		 44#ifdef CONFIG_SYSCTL
45#include <linux/sysctl.h>
46#endif
47
1823730f 48#include <linux/if_addr.h>
1da177e4
LT		 49#include <linux/if_arp.h>
50#include <linux/ipv6.h>
51#include <linux/icmpv6.h>
52#include <linux/jhash.h>
53
54#include <net/sock.h>
55#include <net/snmp.h>
56
57#include <net/ipv6.h>
58#include <net/protocol.h>
59#include <net/ndisc.h>
60#include <net/ip6_route.h>
61#include <net/addrconf.h>
62#include <net/icmp.h>
63
31910575
PY		 64#include <net/netlink.h>
65#include <linux/rtnetlink.h>
66
1da177e4
LT		 67#include <net/flow.h>
68#include <net/ip6_checksum.h>
1ed8516f 69#include <net/inet_common.h>
ca254490 70#include <net/l3mdev.h>
1da177e4
LT		 71#include <linux/proc_fs.h>
72
73#include <linux/netfilter.h>
74#include <linux/netfilter_ipv6.h>
75
d6bf7817
ED		 76static u32 ndisc_hash(const void *pkey,
77 const struct net_device *dev,
2c2aba6c 78 __u32 *hash_rnd);
60395a20 79static bool ndisc_key_eq(const struct neighbour *neigh, const void *pkey);
1da177e4
LT		 80static int ndisc_constructor(struct neighbour *neigh);
81static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
82static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
83static int pndisc_constructor(struct pneigh_entry *n);
84static void pndisc_destructor(struct pneigh_entry *n);
85static void pndisc_redo(struct sk_buff *skb);
86
89d69d2b 87static const struct neigh_ops ndisc_generic_ops = {
1da177e4
LT		 88 .family = AF_INET6,
89 .solicit = ndisc_solicit,
90 .error_report = ndisc_error_report,
91 .output = neigh_resolve_output,
92 .connected_output = neigh_connected_output,
1da177e4
LT		 93};
94
89d69d2b 95static const struct neigh_ops ndisc_hh_ops = {
1da177e4
LT		 96 .family = AF_INET6,
97 .solicit = ndisc_solicit,
98 .error_report = ndisc_error_report,
99 .output = neigh_resolve_output,
100 .connected_output = neigh_resolve_output,
1da177e4
LT		 101};
102
103
89d69d2b 104static const struct neigh_ops ndisc_direct_ops = {
1da177e4 105 .family = AF_INET6,
8f40b161
DM		 106 .output = neigh_direct_output,
107 .connected_output = neigh_direct_output,
1da177e4
LT		 108};
109
110struct neigh_table nd_tbl = {
111 .family = AF_INET6,
1da177e4 112 .key_len = sizeof(struct in6_addr),
bdf53c58 113 .protocol = cpu_to_be16(ETH_P_IPV6),
1da177e4 114 .hash = ndisc_hash,
60395a20 115 .key_eq = ndisc_key_eq,
1da177e4
LT		 116 .constructor = ndisc_constructor,
117 .pconstructor = pndisc_constructor,
118 .pdestructor = pndisc_destructor,
119 .proxy_redo = pndisc_redo,
120 .id = "ndisc_cache",
121 .parms = {
b672083e 122 .tbl = &nd_tbl,
b672083e 123 .reachable_time = ND_REACHABLE_TIME,
1f9248e5
JP		 124 .data = {
125 [NEIGH_VAR_MCAST_PROBES] = 3,
126 [NEIGH_VAR_UCAST_PROBES] = 3,
127 [NEIGH_VAR_RETRANS_TIME] = ND_RETRANS_TIMER,
128 [NEIGH_VAR_BASE_REACHABLE_TIME] = ND_REACHABLE_TIME,
129 [NEIGH_VAR_DELAY_PROBE_TIME] = 5 * HZ,
130 [NEIGH_VAR_GC_STALETIME] = 60 * HZ,
131 [NEIGH_VAR_QUEUE_LEN_BYTES] = 64 * 1024,
132 [NEIGH_VAR_PROXY_QLEN] = 64,
133 [NEIGH_VAR_ANYCAST_DELAY] = 1 * HZ,
134 [NEIGH_VAR_PROXY_DELAY] = (8 * HZ) / 10,
135 },
1da177e4
LT		 136 },
137 .gc_interval = 30 * HZ,
138 .gc_thresh1 = 128,
139 .gc_thresh2 = 512,
140 .gc_thresh3 = 1024,
141};
c4850687 142EXPORT_SYMBOL_GPL(nd_tbl);
1da177e4 143
cc84b3c6
AA		 144void __ndisc_fill_addr_option(struct sk_buff *skb, int type, void *data,
145 int data_len, int pad)
1da177e4 146{
8ec5da41 147 int space = __ndisc_opt_addr_space(data_len, pad);
5f5a0115 148 u8 *opt = skb_put(skb, space);
1da177e4
LT		 149
150 opt[0] = type;
151 opt[1] = space>>3;
152
153 memset(opt + 2, 0, pad);
154 opt += pad;
155 space -= pad;
156
157 memcpy(opt+2, data, data_len);
158 data_len += 2;
159 opt += data_len;
e5d08d71
IM		 160 space -= data_len;
161 if (space > 0)
1da177e4 162 memset(opt, 0, space);
1da177e4 163}
cc84b3c6 164EXPORT_SYMBOL_GPL(__ndisc_fill_addr_option);
1da177e4 165
8ec5da41 166static inline void ndisc_fill_addr_option(struct sk_buff *skb, int type,
f997c55c 167 void *data, u8 icmp6_type)
8ec5da41
AA		 168{
169 __ndisc_fill_addr_option(skb, type, data, skb->dev->addr_len,
170 ndisc_addr_option_pad(skb->dev->type));
f997c55c
AA		 171 ndisc_ops_fill_addr_option(skb->dev, skb, icmp6_type);
172}
173
174static inline void ndisc_fill_redirect_addr_option(struct sk_buff *skb,
175 void *ha,
176 const u8 *ops_data)
177{
178 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR, ha, NDISC_REDIRECT);
179 ndisc_ops_fill_redirect_addr_option(skb->dev, skb, ops_data);
8ec5da41
AA		 180}
181
1da177e4
LT		 182static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
183 struct nd_opt_hdr *end)
184{
185 int type;
186 if (!cur || !end || cur >= end)
187 return NULL;
188 type = cur->nd_opt_type;
189 do {
190 cur = ((void *)cur) + (cur->nd_opt_len << 3);
67ba4152 191 } while (cur < end && cur->nd_opt_type != type);
a02cec21 192 return cur <= end && cur->nd_opt_type == type ? cur : NULL;
1da177e4
LT		 193}
194
f997c55c
AA		 195static inline int ndisc_is_useropt(const struct net_device *dev,
196 struct nd_opt_hdr *opt)
31910575 197{
e35f30c1 198 return opt->nd_opt_type == ND_OPT_RDNSS ||
f997c55c
AA		 199 opt->nd_opt_type == ND_OPT_DNSSL ||
200 ndisc_ops_is_useropt(dev, opt->nd_opt_type);
31910575
PY		 201}
202
f997c55c
AA		 203static struct nd_opt_hdr *ndisc_next_useropt(const struct net_device *dev,
204 struct nd_opt_hdr *cur,
31910575
PY		 205 struct nd_opt_hdr *end)
206{
207 if (!cur || !end || cur >= end)
208 return NULL;
209 do {
210 cur = ((void *)cur) + (cur->nd_opt_len << 3);
f997c55c
AA		 211 } while (cur < end && !ndisc_is_useropt(dev, cur));
212 return cur <= end && ndisc_is_useropt(dev, cur) ? cur : NULL;
31910575
PY		 213}
214
f997c55c
AA		 215struct ndisc_options *ndisc_parse_options(const struct net_device *dev,
216 u8 *opt, int opt_len,
30f2a5f3 217 struct ndisc_options *ndopts)
1da177e4
LT		 218{
219 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
220
221 if (!nd_opt || opt_len < 0 || !ndopts)
222 return NULL;
223 memset(ndopts, 0, sizeof(*ndopts));
224 while (opt_len) {
225 int l;
226 if (opt_len < sizeof(struct nd_opt_hdr))
227 return NULL;
228 l = nd_opt->nd_opt_len << 3;
229 if (opt_len < l || l == 0)
230 return NULL;
f997c55c
AA		 231 if (ndisc_ops_parse_options(dev, nd_opt, ndopts))
232 goto next_opt;
1da177e4
LT		 233 switch (nd_opt->nd_opt_type) {
234 case ND_OPT_SOURCE_LL_ADDR:
235 case ND_OPT_TARGET_LL_ADDR:
236 case ND_OPT_MTU:
237 case ND_OPT_REDIRECT_HDR:
238 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
675418d5
JP		 239 ND_PRINTK(2, warn,
240 "%s: duplicated ND6 option found: type=%d\n",
241 __func__, nd_opt->nd_opt_type);
1da177e4
LT		 242 } else {
243 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
244 }
245 break;
246 case ND_OPT_PREFIX_INFO:
247 ndopts->nd_opts_pi_end = nd_opt;
cfcabdcc 248 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
1da177e4
LT		 249 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
250 break;
70ceb4f5
YH		 251#ifdef CONFIG_IPV6_ROUTE_INFO
252 case ND_OPT_ROUTE_INFO:
253 ndopts->nd_opts_ri_end = nd_opt;
254 if (!ndopts->nd_opts_ri)
255 ndopts->nd_opts_ri = nd_opt;
256 break;
257#endif
1da177e4 258 default:
f997c55c 259 if (ndisc_is_useropt(dev, nd_opt)) {
31910575
PY		 260 ndopts->nd_useropts_end = nd_opt;
261 if (!ndopts->nd_useropts)
262 ndopts->nd_useropts = nd_opt;
263 } else {
264 /*
265 * Unknown options must be silently ignored,
266 * to accommodate future extension to the
267 * protocol.
268 */
675418d5
JP		 269 ND_PRINTK(2, notice,
270 "%s: ignored unsupported option; type=%d, len=%d\n",
271 __func__,
272 nd_opt->nd_opt_type,
273 nd_opt->nd_opt_len);
31910575 274 }
1da177e4 275 }
f997c55c 276next_opt:
1da177e4
LT		 277 opt_len -= l;
278 nd_opt = ((void *)nd_opt) + l;
279 }
280 return ndopts;
281}
282
b71d1d42 283int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
1da177e4
LT		 284{
285 switch (dev->type) {
286 case ARPHRD_ETHER:
287 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */
288 case ARPHRD_FDDI:
289 ipv6_eth_mc_map(addr, buf);
290 return 0;
1da177e4
LT		 291 case ARPHRD_ARCNET:
292 ipv6_arcnet_mc_map(addr, buf);
293 return 0;
294 case ARPHRD_INFINIBAND:
a9e527e3 295 ipv6_ib_mc_map(addr, dev->broadcast, buf);
1da177e4 296 return 0;
93ca3bb5
TT		 297 case ARPHRD_IPGRE:
298 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
1da177e4
LT		 299 default:
300 if (dir) {
301 memcpy(buf, dev->broadcast, dev->addr_len);
302 return 0;
303 }
304 }
305 return -EINVAL;
306}
7159039a
YH		 307EXPORT_SYMBOL(ndisc_mc_map);
308
d6bf7817
ED		 309static u32 ndisc_hash(const void *pkey,
310 const struct net_device *dev,
2c2aba6c 311 __u32 *hash_rnd)
1da177e4 312{
2c2aba6c 313 return ndisc_hashfn(pkey, dev, hash_rnd);
1da177e4
LT		 314}
315
60395a20
EB		 316static bool ndisc_key_eq(const struct neighbour *n, const void *pkey)
317{
318 return neigh_key_eq128(n, pkey);
319}
320
1da177e4
LT		 321static int ndisc_constructor(struct neighbour *neigh)
322{
67ba4152 323 struct in6_addr *addr = (struct in6_addr *)&neigh->primary_key;
1da177e4
LT		 324 struct net_device *dev = neigh->dev;
325 struct inet6_dev *in6_dev;
326 struct neigh_parms *parms;
a50feda5 327 bool is_multicast = ipv6_addr_is_multicast(addr);
1da177e4 328
1da177e4 329 in6_dev = in6_dev_get(dev);
63159f29 330 if (!in6_dev) {
1da177e4
LT		 331 return -EINVAL;
332 }
333
334 parms = in6_dev->nd_parms;
335 __neigh_parms_put(neigh->parms);
336 neigh->parms = neigh_parms_clone(parms);
1da177e4
LT		 337
338 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
3b04ddde 339 if (!dev->header_ops) {
1da177e4
LT		 340 neigh->nud_state = NUD_NOARP;
341 neigh->ops = &ndisc_direct_ops;
8f40b161 342 neigh->output = neigh_direct_output;
1da177e4
LT		 343 } else {
344 if (is_multicast) {
345 neigh->nud_state = NUD_NOARP;
346 ndisc_mc_map(addr, neigh->ha, dev, 1);
347 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
348 neigh->nud_state = NUD_NOARP;
349 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
350 if (dev->flags&IFF_LOOPBACK)
351 neigh->type = RTN_LOCAL;
352 } else if (dev->flags&IFF_POINTOPOINT) {
353 neigh->nud_state = NUD_NOARP;
354 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
355 }
3b04ddde 356 if (dev->header_ops->cache)
1da177e4
LT		 357 neigh->ops = &ndisc_hh_ops;
358 else
359 neigh->ops = &ndisc_generic_ops;
360 if (neigh->nud_state&NUD_VALID)
361 neigh->output = neigh->ops->connected_output;
362 else
363 neigh->output = neigh->ops->output;
364 }
365 in6_dev_put(in6_dev);
366 return 0;
367}
368
369static int pndisc_constructor(struct pneigh_entry *n)
370{
67ba4152 371 struct in6_addr *addr = (struct in6_addr *)&n->key;
1da177e4
LT		 372 struct in6_addr maddr;
373 struct net_device *dev = n->dev;
374
63159f29 375 if (!dev || !__in6_dev_get(dev))
1da177e4
LT		 376 return -EINVAL;
377 addrconf_addr_solict_mult(addr, &maddr);
378 ipv6_dev_mc_inc(dev, &maddr);
379 return 0;
380}
381
382static void pndisc_destructor(struct pneigh_entry *n)
383{
67ba4152 384 struct in6_addr *addr = (struct in6_addr *)&n->key;
1da177e4
LT		 385 struct in6_addr maddr;
386 struct net_device *dev = n->dev;
387
63159f29 388 if (!dev || !__in6_dev_get(dev))
1da177e4
LT		 389 return;
390 addrconf_addr_solict_mult(addr, &maddr);
391 ipv6_dev_mc_dec(dev, &maddr);
392}
393
de09334b
YH		 394static struct sk_buff *ndisc_alloc_skb(struct net_device *dev,
395 int len)
396{
397 int hlen = LL_RESERVED_SPACE(dev);
398 int tlen = dev->needed_tailroom;
399 struct sock *sk = dev_net(dev)->ipv6.ndisc_sk;
400 struct sk_buff *skb;
de09334b 401
25a6e6b8 402 skb = alloc_skb(hlen + sizeof(struct ipv6hdr) + len + tlen, GFP_ATOMIC);
de09334b 403 if (!skb) {
25a6e6b8
TG		 404 ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb\n",
405 __func__);
de09334b
YH		 406 return NULL;
407 }
408
f382d03a
YH		 409 skb->protocol = htons(ETH_P_IPV6);
410 skb->dev = dev;
411
527a150f 412 skb_reserve(skb, hlen + sizeof(struct ipv6hdr));
5135e633 413 skb_reset_transport_header(skb);
de09334b 414
25a6e6b8
TG		 415 /* Manually assign socket ownership as we avoid calling
416 * sock_alloc_send_pskb() to bypass wmem buffer limits
417 */
418 skb_set_owner_w(skb, sk);
419
de09334b
YH		 420 return skb;
421}
422
f382d03a 423static void ip6_nd_hdr(struct sk_buff *skb,
2576f17d
YH		 424 const struct in6_addr *saddr,
425 const struct in6_addr *daddr,
c8d6c380 426 int hop_limit, int len)
2576f17d
YH		 427{
428 struct ipv6hdr *hdr;
429
527a150f 430 skb_push(skb, sizeof(*hdr));
2576f17d 431 skb_reset_network_header(skb);
2576f17d
YH		 432 hdr = ipv6_hdr(skb);
433
434 ip6_flow_hdr(hdr, 0, 0);
435
436 hdr->payload_len = htons(len);
c8d6c380
YH		 437 hdr->nexthdr = IPPROTO_ICMPV6;
438 hdr->hop_limit = hop_limit;
2576f17d
YH		 439
440 hdr->saddr = *saddr;
441 hdr->daddr = *daddr;
442}
443
af9a9976 444static void ndisc_send_skb(struct sk_buff *skb,
fd0ea7db 445 const struct in6_addr *daddr,
aa4bdd4b 446 const struct in6_addr *saddr)
305d552a 447{
f4de84c6 448 struct dst_entry *dst = skb_dst(skb);
af9a9976 449 struct net *net = dev_net(skb->dev);
7b3d9b06 450 struct sock *sk = net->ipv6.ndisc_sk;
305d552a
BH		 451 struct inet6_dev *idev;
452 int err;
aa4bdd4b 453 struct icmp6hdr *icmp6h = icmp6_hdr(skb);
305d552a
BH		 454 u8 type;
455
456 type = icmp6h->icmp6_type;
457
f4de84c6 458 if (!dst) {
f4de84c6 459 struct flowi6 fl6;
ca254490 460 int oif = l3mdev_fib_oif(skb->dev);
305d552a 461
ca254490
DA		 462 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, oif);
463 if (oif != skb->dev->ifindex)
464 fl6.flowi6_flags |= FLOWI_FLAG_L3MDEV_SRC;
f4de84c6
YH		 465 dst = icmp6_dst_alloc(skb->dev, &fl6);
466 if (IS_ERR(dst)) {
467 kfree_skb(skb);
468 return;
469 }
470
471 skb_dst_set(skb, dst);
472 }
e1ec7842 473
7b3d9b06
YH		 474 icmp6h->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len,
475 IPPROTO_ICMPV6,
476 csum_partial(icmp6h,
477 skb->len, 0));
478
479 ip6_nd_hdr(skb, saddr, daddr, inet6_sk(sk)->hop_limit, skb->len);
480
cfdf7647
ED		 481 rcu_read_lock();
482 idev = __in6_dev_get(dst->dev);
edf391ff 483 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
e1ec7842 484
29a26a56
EB		 485 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT,
486 net, sk, skb, NULL, dst->dev,
13206b6b 487 dst_output);
1da177e4 488 if (!err) {
5c5d244b 489 ICMP6MSGOUT_INC_STATS(net, idev, type);
a862f6a6 490 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
1da177e4
LT		 491 }
492
cfdf7647 493 rcu_read_unlock();
1ab1457c 494}
1da177e4 495
38cf595b 496void ndisc_send_na(struct net_device *dev, const struct in6_addr *daddr,
f564f45c
CW		 497 const struct in6_addr *solicited_addr,
498 bool router, bool solicited, bool override, bool inc_opt)
e1ec7842 499{
b44b5f4a 500 struct sk_buff *skb;
e1ec7842
YH		 501 struct in6_addr tmpaddr;
502 struct inet6_ifaddr *ifp;
9acd9f3a 503 const struct in6_addr *src_addr;
1cb3fe51
YH		 504 struct nd_msg *msg;
505 int optlen = 0;
e1ec7842
YH		 506
507 /* for anycast or proxy, solicited_addr != src_addr */
c346dca1 508 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
e1ec7842
YH		 509 if (ifp) {
510 src_addr = solicited_addr;
511 if (ifp->flags & IFA_F_OPTIMISTIC)
f2f79cca 512 override = false;
9f888160 513 inc_opt |= ifp->idev->cnf.force_tllao;
e1ec7842
YH		 514 in6_ifa_put(ifp);
515 } else {
191cd582 516 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
c346dca1 517 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
7cbca67c 518 &tmpaddr))
e1ec7842
YH		 519 return;
520 src_addr = &tmpaddr;
521 }
522
1cb3fe51
YH		 523 if (!dev->addr_len)
524 inc_opt = 0;
525 if (inc_opt)
f997c55c
AA		 526 optlen += ndisc_opt_addr_space(dev,
527 NDISC_NEIGHBOUR_ADVERTISEMENT);
e1ec7842 528
1cb3fe51 529 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
b44b5f4a
YH		 530 if (!skb)
531 return;
532
1cb3fe51
YH		 533 msg = (struct nd_msg *)skb_put(skb, sizeof(*msg));
534 *msg = (struct nd_msg) {
535 .icmph = {
536 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
537 .icmp6_router = router,
538 .icmp6_solicited = solicited,
539 .icmp6_override = override,
540 },
541 .target = *solicited_addr,
542 };
543
544 if (inc_opt)
545 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR,
f997c55c
AA		 546 dev->dev_addr,
547 NDISC_NEIGHBOUR_ADVERTISEMENT);
1cb3fe51 548
b44b5f4a 549 ndisc_send_skb(skb, daddr, src_addr);
e1ec7842
YH		 550}
551
f47b9464
BH		 552static void ndisc_send_unsol_na(struct net_device *dev)
553{
554 struct inet6_dev *idev;
555 struct inet6_ifaddr *ifa;
f47b9464
BH		 556
557 idev = in6_dev_get(dev);
558 if (!idev)
559 return;
560
561 read_lock_bh(&idev->lock);
562 list_for_each_entry(ifa, &idev->addr_list, if_list) {
38cf595b 563 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &ifa->addr,
f47b9464
BH		 564 /*router=*/ !!idev->cnf.forwarding,
565 /*solicited=*/ false, /*override=*/ true,
566 /*inc_opt=*/ true);
567 }
568 read_unlock_bh(&idev->lock);
569
570 in6_dev_put(idev);
571}
572
38cf595b 573void ndisc_send_ns(struct net_device *dev, const struct in6_addr *solicit,
304d888b 574 const struct in6_addr *daddr, const struct in6_addr *saddr)
1da177e4 575{
b44b5f4a 576 struct sk_buff *skb;
1da177e4 577 struct in6_addr addr_buf;
1cb3fe51
YH		 578 int inc_opt = dev->addr_len;
579 int optlen = 0;
580 struct nd_msg *msg;
1da177e4 581
63159f29 582 if (!saddr) {
95c385b4
NH		 583 if (ipv6_get_lladdr(dev, &addr_buf,
584 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
1da177e4
LT		 585 return;
586 saddr = &addr_buf;
587 }
588
1cb3fe51 589 if (ipv6_addr_any(saddr))
f2f79cca 590 inc_opt = false;
1cb3fe51 591 if (inc_opt)
f997c55c
AA		 592 optlen += ndisc_opt_addr_space(dev,
593 NDISC_NEIGHBOUR_SOLICITATION);
1cb3fe51
YH		 594
595 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
b44b5f4a
YH		 596 if (!skb)
597 return;
598
1cb3fe51
YH		 599 msg = (struct nd_msg *)skb_put(skb, sizeof(*msg));
600 *msg = (struct nd_msg) {
601 .icmph = {
602 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
603 },
604 .target = *solicit,
605 };
606
607 if (inc_opt)
608 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
f997c55c
AA		 609 dev->dev_addr,
610 NDISC_NEIGHBOUR_SOLICITATION);
1cb3fe51 611
b44b5f4a 612 ndisc_send_skb(skb, daddr, saddr);
1da177e4
LT		 613}
614
9acd9f3a
YH		 615void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
616 const struct in6_addr *daddr)
1da177e4 617{
b44b5f4a 618 struct sk_buff *skb;
1cb3fe51 619 struct rs_msg *msg;
95c385b4 620 int send_sllao = dev->addr_len;
1cb3fe51 621 int optlen = 0;
95c385b4
NH		 622
623#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
624 /*
625 * According to section 2.2 of RFC 4429, we must not
626 * send router solicitations with a sllao from
627 * optimistic addresses, but we may send the solicitation
628 * if we don't include the sllao. So here we check
629 * if our address is optimistic, and if so, we
bea85195 630 * suppress the inclusion of the sllao.
95c385b4
NH		 631 */
632 if (send_sllao) {
c346dca1 633 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
1cab3da6 634 dev, 1);
95c385b4
NH		 635 if (ifp) {
636 if (ifp->flags & IFA_F_OPTIMISTIC) {
ca043569 637 send_sllao = 0;
95c385b4 638 }
ca043569 639 in6_ifa_put(ifp);
95c385b4
NH		 640 } else {
641 send_sllao = 0;
642 }
643 }
644#endif
1cb3fe51 645 if (send_sllao)
f997c55c 646 optlen += ndisc_opt_addr_space(dev, NDISC_ROUTER_SOLICITATION);
1cb3fe51
YH		 647
648 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
b44b5f4a
YH		 649 if (!skb)
650 return;
651
1cb3fe51
YH		 652 msg = (struct rs_msg *)skb_put(skb, sizeof(*msg));
653 *msg = (struct rs_msg) {
654 .icmph = {
655 .icmp6_type = NDISC_ROUTER_SOLICITATION,
656 },
657 };
658
659 if (send_sllao)
660 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
f997c55c
AA		 661 dev->dev_addr,
662 NDISC_ROUTER_SOLICITATION);
1cb3fe51 663
b44b5f4a 664 ndisc_send_skb(skb, daddr, saddr);
1da177e4 665}
1ab1457c 666
1da177e4
LT		 667
668static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
669{
670 /*
671 * "The sender MUST return an ICMP
672 * destination unreachable"
673 */
674 dst_link_failure(skb);
675 kfree_skb(skb);
676}
677
678/* Called with locked neigh: either read or both */
679
680static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
681{
682 struct in6_addr *saddr = NULL;
683 struct in6_addr mcaddr;
684 struct net_device *dev = neigh->dev;
685 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
686 int probes = atomic_read(&neigh->probes);
687
c58da4c6
EK		 688 if (skb && ipv6_chk_addr_and_flags(dev_net(dev), &ipv6_hdr(skb)->saddr,
689 dev, 1,
690 IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))
0660e03f 691 saddr = &ipv6_hdr(skb)->saddr;
e5d08d71
IM		 692 probes -= NEIGH_VAR(neigh->parms, UCAST_PROBES);
693 if (probes < 0) {
1da177e4 694 if (!(neigh->nud_state & NUD_VALID)) {
675418d5
JP		 695 ND_PRINTK(1, dbg,
696 "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
697 __func__, target);
1da177e4 698 }
304d888b 699 ndisc_send_ns(dev, target, target, saddr);
1f9248e5 700 } else if ((probes -= NEIGH_VAR(neigh->parms, APP_PROBES)) < 0) {
1da177e4 701 neigh_app_ns(neigh);
1da177e4
LT		 702 } else {
703 addrconf_addr_solict_mult(target, &mcaddr);
304d888b 704 ndisc_send_ns(dev, target, &mcaddr, saddr);
1da177e4
LT		 705 }
706}
707
0736ffc0
YH		 708static int pndisc_is_router(const void *pkey,
709 struct net_device *dev)
fa86d322
PE		 710{
711 struct pneigh_entry *n;
0736ffc0 712 int ret = -1;
fa86d322
PE		 713
714 read_lock_bh(&nd_tbl.lock);
0736ffc0
YH		 715 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
716 if (n)
717 ret = !!(n->flags & NTF_ROUTER);
fa86d322
PE		 718 read_unlock_bh(&nd_tbl.lock);
719
0736ffc0 720 return ret;
fa86d322
PE		 721}
722
f997c55c
AA		 723void ndisc_update(const struct net_device *dev, struct neighbour *neigh,
724 const u8 *lladdr, u8 new, u32 flags, u8 icmp6_type,
725 struct ndisc_options *ndopts)
726{
727 neigh_update(neigh, lladdr, new, flags);
728 /* report ndisc ops about neighbour update */
729 ndisc_ops_update(dev, neigh, flags, icmp6_type, ndopts);
730}
731
1da177e4
LT		 732static void ndisc_recv_ns(struct sk_buff *skb)
733{
9c70220b 734 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
b71d1d42
ED		 735 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
736 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
1da177e4 737 u8 *lladdr = NULL;
29a3cad5 738 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
27a884dc 739 offsetof(struct nd_msg, opt));
1da177e4
LT		 740 struct ndisc_options ndopts;
741 struct net_device *dev = skb->dev;
742 struct inet6_ifaddr *ifp;
743 struct inet6_dev *idev = NULL;
744 struct neighbour *neigh;
745 int dad = ipv6_addr_any(saddr);
a50feda5 746 bool inc;
0736ffc0 747 int is_router = -1;
1da177e4 748
115b0aa6
YH		 749 if (skb->len < sizeof(struct nd_msg)) {
750 ND_PRINTK(2, warn, "NS: packet too short\n");
751 return;
752 }
753
1da177e4 754 if (ipv6_addr_is_multicast(&msg->target)) {
675418d5 755 ND_PRINTK(2, warn, "NS: multicast target address\n");
1da177e4
LT		 756 return;
757 }
758
759 /*
760 * RFC2461 7.1.1:
761 * DAD has to be destined for solicited node multicast address.
762 */
ca97a644 763 if (dad && !ipv6_addr_is_solict_mult(daddr)) {
675418d5 764 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
1da177e4
LT		 765 return;
766 }
767
f997c55c 768 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
675418d5 769 ND_PRINTK(2, warn, "NS: invalid ND options\n");
1da177e4
LT		 770 return;
771 }
772
773 if (ndopts.nd_opts_src_lladdr) {
774 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
775 if (!lladdr) {
675418d5
JP		 776 ND_PRINTK(2, warn,
777 "NS: invalid link-layer address length\n");
1da177e4
LT		 778 return;
779 }
780
781 /* RFC2461 7.1.1:
1ab1457c
YH		 782 * If the IP source address is the unspecified address,
783 * there MUST NOT be source link-layer address option
1da177e4
LT		 784 * in the message.
785 */
786 if (dad) {
675418d5
JP		 787 ND_PRINTK(2, warn,
788 "NS: bad DAD packet (link-layer address option)\n");
1da177e4
LT		 789 return;
790 }
791 }
792
793 inc = ipv6_addr_is_multicast(daddr);
794
c346dca1 795 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
a18bc695 796 if (ifp) {
ca254490 797have_ifp:
95c385b4
NH		 798 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
799 if (dad) {
95c385b4
NH		 800 /*
801 * We are colliding with another node
802 * who is doing DAD
803 * so fail our DAD process
804 */
805 addrconf_dad_failure(ifp);
9e3be4b3 806 return;
95c385b4
NH		 807 } else {
808 /*
809 * This is not a dad solicitation.
810 * If we are an optimistic node,
811 * we should respond.
812 * Otherwise, we should ignore it.
813 */
814 if (!(ifp->flags & IFA_F_OPTIMISTIC))
1da177e4 815 goto out;
1da177e4 816 }
1da177e4
LT		 817 }
818
819 idev = ifp->idev;
820 } else {
53b7997f
YH		 821 struct net *net = dev_net(dev);
822
ca254490
DA		 823 /* perhaps an address on the master device */
824 if (netif_is_l3_slave(dev)) {
825 struct net_device *mdev;
826
827 mdev = netdev_master_upper_dev_get_rcu(dev);
828 if (mdev) {
829 ifp = ipv6_get_ifaddr(net, &msg->target, mdev, 1);
830 if (ifp)
831 goto have_ifp;
832 }
833 }
834
1da177e4
LT		 835 idev = in6_dev_get(dev);
836 if (!idev) {
837 /* XXX: count this drop? */
838 return;
839 }
840
53b7997f 841 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
1ab1457c 842 (idev->cnf.forwarding &&
53b7997f 843 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
0736ffc0 844 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
a61bbcf2 845 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
1da177e4 846 skb->pkt_type != PACKET_HOST &&
f2f79cca 847 inc &&
1f9248e5 848 NEIGH_VAR(idev->nd_parms, PROXY_DELAY) != 0) {
1da177e4
LT		 849 /*
850 * for anycast or proxy,
1ab1457c
YH		 851 * sender should delay its response
852 * by a random time between 0 and
1da177e4
LT		 853 * MAX_ANYCAST_DELAY_TIME seconds.
854 * (RFC2461) -- yoshfuji
855 */
856 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
857 if (n)
858 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
859 goto out;
860 }
861 } else
862 goto out;
863 }
864
0736ffc0 865 if (is_router < 0)
fb568637 866 is_router = idev->cnf.forwarding;
62dd9318 867
1da177e4 868 if (dad) {
38cf595b 869 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &msg->target,
fb568637 870 !!is_router, false, (ifp != NULL), true);
1da177e4
LT		 871 goto out;
872 }
873
874 if (inc)
875 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
876 else
877 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
878
1ab1457c 879 /*
1da177e4
LT		 880 * update / create cache entry
881 * for the source address
882 */
883 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
884 !inc || lladdr || !dev->addr_len);
885 if (neigh)
f997c55c 886 ndisc_update(dev, neigh, lladdr, NUD_STALE,
1da177e4 887 NEIGH_UPDATE_F_WEAK_OVERRIDE|
f997c55c
AA		 888 NEIGH_UPDATE_F_OVERRIDE,
889 NDISC_NEIGHBOUR_SOLICITATION, &ndopts);
3b04ddde 890 if (neigh || !dev->header_ops) {
38cf595b 891 ndisc_send_na(dev, saddr, &msg->target, !!is_router,
fb568637 892 true, (ifp != NULL && inc), inc);
1da177e4
LT		 893 if (neigh)
894 neigh_release(neigh);
895 }
896
897out:
898 if (ifp)
899 in6_ifa_put(ifp);
900 else
901 in6_dev_put(idev);
1da177e4
LT		 902}
903
904static void ndisc_recv_na(struct sk_buff *skb)
905{
9c70220b 906 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
be7a010d 907 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
b71d1d42 908 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
1da177e4 909 u8 *lladdr = NULL;
29a3cad5 910 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
27a884dc 911 offsetof(struct nd_msg, opt));
1da177e4
LT		 912 struct ndisc_options ndopts;
913 struct net_device *dev = skb->dev;
7a02bf89 914 struct inet6_dev *idev = __in6_dev_get(dev);
1da177e4
LT		 915 struct inet6_ifaddr *ifp;
916 struct neighbour *neigh;
917
918 if (skb->len < sizeof(struct nd_msg)) {
675418d5 919 ND_PRINTK(2, warn, "NA: packet too short\n");
1da177e4
LT		 920 return;
921 }
922
923 if (ipv6_addr_is_multicast(&msg->target)) {
675418d5 924 ND_PRINTK(2, warn, "NA: target address is multicast\n");
1da177e4
LT		 925 return;
926 }
927
928 if (ipv6_addr_is_multicast(daddr) &&
929 msg->icmph.icmp6_solicited) {
675418d5 930 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
1da177e4
LT		 931 return;
932 }
1ab1457c 933
7a02bf89
JB		 934 /* For some 802.11 wireless deployments (and possibly other networks),
935 * there will be a NA proxy and unsolicitd packets are attacks
936 * and thus should not be accepted.
937 */
938 if (!msg->icmph.icmp6_solicited && idev &&
939 idev->cnf.drop_unsolicited_na)
940 return;
941
f997c55c 942 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
675418d5 943 ND_PRINTK(2, warn, "NS: invalid ND option\n");
1da177e4
LT		 944 return;
945 }
946 if (ndopts.nd_opts_tgt_lladdr) {
947 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
948 if (!lladdr) {
675418d5
JP		 949 ND_PRINTK(2, warn,
950 "NA: invalid link-layer address length\n");
1da177e4
LT		 951 return;
952 }
953 }
c346dca1 954 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
a18bc695 955 if (ifp) {
bd015928
DW		 956 if (skb->pkt_type != PACKET_LOOPBACK
957 && (ifp->flags & IFA_F_TENTATIVE)) {
958 addrconf_dad_failure(ifp);
959 return;
1da177e4
LT		 960 }
961 /* What should we make now? The advertisement
962 is invalid, but ndisc specs say nothing
963 about it. It could be misconfiguration, or
964 an smart proxy agent tries to help us :-)
24fc7b86
JS		 965
966 We should not print the error if NA has been
967 received from loopback - it is just our own
968 unsolicited advertisement.
1da177e4 969 */
24fc7b86 970 if (skb->pkt_type != PACKET_LOOPBACK)
675418d5
JP		 971 ND_PRINTK(1, warn,
972 "NA: someone advertises our address %pI6 on %s!\n",
973 &ifp->addr, ifp->idev->dev->name);
1da177e4
LT		 974 in6_ifa_put(ifp);
975 return;
976 }
977 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
978
979 if (neigh) {
980 u8 old_flags = neigh->flags;
53b7997f 981 struct net *net = dev_net(dev);
1da177e4
LT		 982
983 if (neigh->nud_state & NUD_FAILED)
984 goto out;
985
5f3e6e9e
VN		 986 /*
987 * Don't update the neighbor cache entry on a proxy NA from
988 * ourselves because either the proxied node is off link or it
989 * has already sent a NA to us.
990 */
991 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
53b7997f
YH		 992 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
993 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
b20b6d97 994 /* XXX: idev->cnf.proxy_ndp */
5f3e6e9e 995 goto out;
fbea49e1 996 }
5f3e6e9e 997
f997c55c 998 ndisc_update(dev, neigh, lladdr,
1da177e4
LT		 999 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
1000 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1001 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
1002 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
f997c55c
AA		 1003 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0),
1004 NDISC_NEIGHBOUR_ADVERTISEMENT, &ndopts);
1da177e4
LT		 1005
1006 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
1007 /*
1008 * Change: router to host
1009 */
be7a010d 1010 rt6_clean_tohost(dev_net(dev), saddr);
1da177e4
LT		 1011 }
1012
1013out:
1014 neigh_release(neigh);
1015 }
1016}
1017
1018static void ndisc_recv_rs(struct sk_buff *skb)
1019{
9c70220b 1020 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
1da177e4
LT		 1021 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
1022 struct neighbour *neigh;
1023 struct inet6_dev *idev;
b71d1d42 1024 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
1da177e4
LT		 1025 struct ndisc_options ndopts;
1026 u8 *lladdr = NULL;
1027
1028 if (skb->len < sizeof(*rs_msg))
1029 return;
1030
cfdf7647 1031 idev = __in6_dev_get(skb->dev);
1da177e4 1032 if (!idev) {
675418d5 1033 ND_PRINTK(1, err, "RS: can't find in6 device\n");
1da177e4
LT		 1034 return;
1035 }
1036
1037 /* Don't accept RS if we're not in router mode */
1038 if (!idev->cnf.forwarding)
1039 goto out;
1040
1041 /*
1042 * Don't update NCE if src = ::;
1043 * this implies that the source node has no ip address assigned yet.
1044 */
1045 if (ipv6_addr_any(saddr))
1046 goto out;
1047
1048 /* Parse ND options */
f997c55c 1049 if (!ndisc_parse_options(skb->dev, rs_msg->opt, ndoptlen, &ndopts)) {
675418d5 1050 ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n");
1da177e4
LT		 1051 goto out;
1052 }
1053
1054 if (ndopts.nd_opts_src_lladdr) {
1055 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1056 skb->dev);
1057 if (!lladdr)
1058 goto out;
1059 }
1060
1061 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1062 if (neigh) {
f997c55c 1063 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1da177e4
LT		 1064 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1065 NEIGH_UPDATE_F_OVERRIDE|
f997c55c
AA		 1066 NEIGH_UPDATE_F_OVERRIDE_ISROUTER,
1067 NDISC_ROUTER_SOLICITATION, &ndopts);
1da177e4
LT		 1068 neigh_release(neigh);
1069 }
1070out:
cfdf7647 1071 return;
1da177e4
LT		 1072}
1073
31910575
PY		 1074static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1075{
1076 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1077 struct sk_buff *skb;
1078 struct nlmsghdr *nlh;
1079 struct nduseroptmsg *ndmsg;
c346dca1 1080 struct net *net = dev_net(ra->dev);
31910575
PY		 1081 int err;
1082 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1083 + (opt->nd_opt_len << 3));
1084 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1085
1086 skb = nlmsg_new(msg_size, GFP_ATOMIC);
63159f29 1087 if (!skb) {
31910575
PY		 1088 err = -ENOBUFS;
1089 goto errout;
1090 }
1091
1092 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
63159f29 1093 if (!nlh) {
31910575
PY		 1094 goto nla_put_failure;
1095 }
1096
1097 ndmsg = nlmsg_data(nlh);
1098 ndmsg->nduseropt_family = AF_INET6;
dbb2ed24 1099 ndmsg->nduseropt_ifindex = ra->dev->ifindex;
31910575
PY		 1100 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1101 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1102 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1103
1104 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1105
930345ea 1106 if (nla_put_in6_addr(skb, NDUSEROPT_SRCADDR, &ipv6_hdr(ra)->saddr))
c78679e8 1107 goto nla_put_failure;
31910575
PY		 1108 nlmsg_end(skb, nlh);
1109
1ce85fe4 1110 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
31910575
PY		 1111 return;
1112
1113nla_put_failure:
1114 nlmsg_free(skb);
1115 err = -EMSGSIZE;
1116errout:
a18bc695 1117 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
31910575
PY		 1118}
1119
1da177e4
LT		 1120static void ndisc_router_discovery(struct sk_buff *skb)
1121{
9c70220b 1122 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1da177e4
LT		 1123 struct neighbour *neigh = NULL;
1124 struct inet6_dev *in6_dev;
65f5c7c1 1125 struct rt6_info *rt = NULL;
1da177e4
LT		 1126 int lifetime;
1127 struct ndisc_options ndopts;
1128 int optlen;
ebacaaa0 1129 unsigned int pref = 0;
a394eef5 1130 __u32 old_if_flags;
2053aeb6 1131 bool send_ifinfo_notify = false;
1da177e4 1132
67ba4152 1133 __u8 *opt = (__u8 *)(ra_msg + 1);
1da177e4 1134
29a3cad5
SH		 1135 optlen = (skb_tail_pointer(skb) - skb_transport_header(skb)) -
1136 sizeof(struct ra_msg);
1da177e4 1137
f2a762d8
BG		 1138 ND_PRINTK(2, info,
1139 "RA: %s, dev: %s\n",
1140 __func__, skb->dev->name);
0660e03f 1141 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
675418d5 1142 ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1da177e4
LT		 1143 return;
1144 }
1145 if (optlen < 0) {
675418d5 1146 ND_PRINTK(2, warn, "RA: packet too short\n");
1da177e4
LT		 1147 return;
1148 }
1149
de357cc0 1150#ifdef CONFIG_IPV6_NDISC_NODETYPE
fadf6bf0 1151 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
675418d5 1152 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
fadf6bf0
TF		 1153 return;
1154 }
de357cc0 1155#endif
fadf6bf0 1156
1da177e4
LT		 1157 /*
1158 * set the RA_RECV flag in the interface
1159 */
1160
cfdf7647 1161 in6_dev = __in6_dev_get(skb->dev);
63159f29 1162 if (!in6_dev) {
675418d5
JP		 1163 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1164 skb->dev->name);
1da177e4
LT		 1165 return;
1166 }
1da177e4 1167
f997c55c 1168 if (!ndisc_parse_options(skb->dev, opt, optlen, &ndopts)) {
675418d5 1169 ND_PRINTK(2, warn, "RA: invalid ND options\n");
1da177e4
LT		 1170 return;
1171 }
1172
f2a762d8
BG		 1173 if (!ipv6_accept_ra(in6_dev)) {
1174 ND_PRINTK(2, info,
1175 "RA: %s, did not accept ra for dev: %s\n",
1176 __func__, skb->dev->name);
31ce8c71 1177 goto skip_linkparms;
f2a762d8 1178 }
31ce8c71 1179
de357cc0 1180#ifdef CONFIG_IPV6_NDISC_NODETYPE
fadf6bf0 1181 /* skip link-specific parameters from interior routers */
f2a762d8
BG		 1182 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1183 ND_PRINTK(2, info,
1184 "RA: %s, nodetype is NODEFAULT, dev: %s\n",
1185 __func__, skb->dev->name);
fadf6bf0 1186 goto skip_linkparms;
f2a762d8 1187 }
de357cc0 1188#endif
fadf6bf0 1189
1da177e4
LT		 1190 if (in6_dev->if_flags & IF_RS_SENT) {
1191 /*
1192 * flag that an RA was received after an RS was sent
1193 * out on this interface.
1194 */
1195 in6_dev->if_flags |= IF_RA_RCVD;
1196 }
1197
1198 /*
1199 * Remember the managed/otherconf flags from most recently
1200 * received RA message (RFC 2462) -- yoshfuji
1201 */
a394eef5 1202 old_if_flags = in6_dev->if_flags;
1da177e4
LT		 1203 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1204 IF_RA_OTHERCONF)) |
1205 (ra_msg->icmph.icmp6_addrconf_managed ?
1206 IF_RA_MANAGED : 0) |
1207 (ra_msg->icmph.icmp6_addrconf_other ?
1208 IF_RA_OTHERCONF : 0);
1209
a394eef5 1210 if (old_if_flags != in6_dev->if_flags)
2053aeb6 1211 send_ifinfo_notify = true;
a394eef5 1212
f2a762d8
BG		 1213 if (!in6_dev->cnf.accept_ra_defrtr) {
1214 ND_PRINTK(2, info,
1215 "RA: %s, defrtr is false for dev: %s\n",
1216 __func__, skb->dev->name);
65f5c7c1 1217 goto skip_defrtr;
f2a762d8 1218 }
65f5c7c1 1219
d9333196
BG		 1220 /* Do not accept RA with source-addr found on local machine unless
1221 * accept_ra_from_local is set to true.
1222 */
b6428817
LR		 1223 if (!in6_dev->cnf.accept_ra_from_local &&
1224 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
c1a9a291 1225 in6_dev->dev, 0)) {
f2a762d8 1226 ND_PRINTK(2, info,
d9333196
BG		 1227 "RA from local address detected on dev: %s: default router ignored\n",
1228 skb->dev->name);
9f56220f 1229 goto skip_defrtr;
f2a762d8 1230 }
9f56220f 1231
1da177e4
LT		 1232 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1233
ebacaaa0
YH		 1234#ifdef CONFIG_IPV6_ROUTER_PREF
1235 pref = ra_msg->icmph.icmp6_router_pref;
1236 /* 10b is handled as if it were 00b (medium) */
930d6ff2 1237 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
6d5b78cd 1238 !in6_dev->cnf.accept_ra_rtr_pref)
ebacaaa0
YH		 1239 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1240#endif
1241
0660e03f 1242 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1da177e4 1243
eb857186
DM		 1244 if (rt) {
1245 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1246 if (!neigh) {
675418d5
JP		 1247 ND_PRINTK(0, err,
1248 "RA: %s got default router without neighbour\n",
1249 __func__);
94e187c0 1250 ip6_rt_put(rt);
eb857186
DM		 1251 return;
1252 }
1253 }
1da177e4 1254 if (rt && lifetime == 0) {
e0a1ad73 1255 ip6_del_rt(rt);
1da177e4
LT		 1256 rt = NULL;
1257 }
1258
f2a762d8
BG		 1259 ND_PRINTK(3, info, "RA: rt: %p lifetime: %d, for dev: %s\n",
1260 rt, lifetime, skb->dev->name);
63159f29 1261 if (!rt && lifetime) {
f2a762d8 1262 ND_PRINTK(3, info, "RA: adding default router\n");
1da177e4 1263
0660e03f 1264 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
63159f29 1265 if (!rt) {
675418d5
JP		 1266 ND_PRINTK(0, err,
1267 "RA: %s failed to add default route\n",
1268 __func__);
1da177e4
LT		 1269 return;
1270 }
1271
eb857186 1272 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
63159f29 1273 if (!neigh) {
675418d5
JP		 1274 ND_PRINTK(0, err,
1275 "RA: %s got default router without neighbour\n",
1276 __func__);
94e187c0 1277 ip6_rt_put(rt);
1da177e4
LT		 1278 return;
1279 }
1280 neigh->flags |= NTF_ROUTER;
ebacaaa0 1281 } else if (rt) {
22441cfa 1282 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1da177e4
LT		 1283 }
1284
1285 if (rt)
1716a961 1286 rt6_set_expires(rt, jiffies + (HZ * lifetime));
8013d1d7
HL		 1287 if (in6_dev->cnf.accept_ra_min_hop_limit < 256 &&
1288 ra_msg->icmph.icmp6_hop_limit) {
1289 if (in6_dev->cnf.accept_ra_min_hop_limit <= ra_msg->icmph.icmp6_hop_limit) {
6fd99094 1290 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
8013d1d7
HL		 1291 if (rt)
1292 dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
1293 ra_msg->icmph.icmp6_hop_limit);
6fd99094 1294 } else {
8013d1d7 1295 ND_PRINTK(2, warn, "RA: Got route advertisement with lower hop_limit than minimum\n");
6fd99094 1296 }
1da177e4
LT		 1297 }
1298
65f5c7c1
YH		 1299skip_defrtr:
1300
1da177e4
LT		 1301 /*
1302 * Update Reachable Time and Retrans Timer
1303 */
1304
1305 if (in6_dev->nd_parms) {
1306 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1307
1308 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1309 rtime = (rtime*HZ)/1000;
1310 if (rtime < HZ/10)
1311 rtime = HZ/10;
1f9248e5 1312 NEIGH_VAR_SET(in6_dev->nd_parms, RETRANS_TIME, rtime);
1da177e4 1313 in6_dev->tstamp = jiffies;
2053aeb6 1314 send_ifinfo_notify = true;
1da177e4
LT		 1315 }
1316
1317 rtime = ntohl(ra_msg->reachable_time);
1318 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1319 rtime = (rtime*HZ)/1000;
1320
1321 if (rtime < HZ/10)
1322 rtime = HZ/10;
1323
1f9248e5
JP		 1324 if (rtime != NEIGH_VAR(in6_dev->nd_parms, BASE_REACHABLE_TIME)) {
1325 NEIGH_VAR_SET(in6_dev->nd_parms,
1326 BASE_REACHABLE_TIME, rtime);
1327 NEIGH_VAR_SET(in6_dev->nd_parms,
1328 GC_STALETIME, 3 * rtime);
1da177e4
LT		 1329 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1330 in6_dev->tstamp = jiffies;
2053aeb6 1331 send_ifinfo_notify = true;
1da177e4
LT		 1332 }
1333 }
1334 }
1335
2053aeb6
MT		 1336 /*
1337 * Send a notify if RA changed managed/otherconf flags or timer settings
1338 */
1339 if (send_ifinfo_notify)
1340 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1341
fadf6bf0
TF		 1342skip_linkparms:
1343
1da177e4
LT		 1344 /*
1345 * Process options.
1346 */
1347
1348 if (!neigh)
0660e03f 1349 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1da177e4
LT		 1350 skb->dev, 1);
1351 if (neigh) {
1352 u8 *lladdr = NULL;
1353 if (ndopts.nd_opts_src_lladdr) {
1354 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1355 skb->dev);
1356 if (!lladdr) {
675418d5
JP		 1357 ND_PRINTK(2, warn,
1358 "RA: invalid link-layer address length\n");
1da177e4
LT		 1359 goto out;
1360 }
1361 }
f997c55c 1362 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1da177e4
LT		 1363 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1364 NEIGH_UPDATE_F_OVERRIDE|
1365 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
f997c55c
AA		 1366 NEIGH_UPDATE_F_ISROUTER,
1367 NDISC_ROUTER_ADVERTISEMENT, &ndopts);
1da177e4
LT		 1368 }
1369
f2a762d8
BG		 1370 if (!ipv6_accept_ra(in6_dev)) {
1371 ND_PRINTK(2, info,
1372 "RA: %s, accept_ra is false for dev: %s\n",
1373 __func__, skb->dev->name);
31ce8c71 1374 goto out;
f2a762d8 1375 }
31ce8c71 1376
70ceb4f5 1377#ifdef CONFIG_IPV6_ROUTE_INFO
b6428817
LR		 1378 if (!in6_dev->cnf.accept_ra_from_local &&
1379 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
c1a9a291 1380 in6_dev->dev, 0)) {
f2a762d8 1381 ND_PRINTK(2, info,
d9333196
BG		 1382 "RA from local address detected on dev: %s: router info ignored.\n",
1383 skb->dev->name);
9f56220f 1384 goto skip_routeinfo;
f2a762d8 1385 }
9f56220f 1386
09c884d4 1387 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
70ceb4f5
YH		 1388 struct nd_opt_hdr *p;
1389 for (p = ndopts.nd_opts_ri;
1390 p;
1391 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
6294e000
YH		 1392 struct route_info *ri = (struct route_info *)p;
1393#ifdef CONFIG_IPV6_NDISC_NODETYPE
1394 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1395 ri->prefix_len == 0)
1396 continue;
1397#endif
30e56918
DJ		 1398 if (ri->prefix_len == 0 &&
1399 !in6_dev->cnf.accept_ra_defrtr)
1400 continue;
6294e000 1401 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
09c884d4 1402 continue;
67ba4152 1403 rt6_route_rcv(skb->dev, (u8 *)p, (p->nd_opt_len) << 3,
0660e03f 1404 &ipv6_hdr(skb)->saddr);
70ceb4f5
YH		 1405 }
1406 }
9f56220f
AH		 1407
1408skip_routeinfo:
70ceb4f5
YH		 1409#endif
1410
de357cc0 1411#ifdef CONFIG_IPV6_NDISC_NODETYPE
fadf6bf0 1412 /* skip link-specific ndopts from interior routers */
f2a762d8
BG		 1413 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1414 ND_PRINTK(2, info,
1415 "RA: %s, nodetype is NODEFAULT (interior routes), dev: %s\n",
1416 __func__, skb->dev->name);
fadf6bf0 1417 goto out;
f2a762d8 1418 }
de357cc0 1419#endif
fadf6bf0 1420
c4fd30eb 1421 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1da177e4
LT		 1422 struct nd_opt_hdr *p;
1423 for (p = ndopts.nd_opts_pi;
1424 p;
1425 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
e6bff995
NH		 1426 addrconf_prefix_rcv(skb->dev, (u8 *)p,
1427 (p->nd_opt_len) << 3,
1428 ndopts.nd_opts_src_lladdr != NULL);
1da177e4
LT		 1429 }
1430 }
1431
c2943f14 1432 if (ndopts.nd_opts_mtu && in6_dev->cnf.accept_ra_mtu) {
e69a4adc 1433 __be32 n;
1da177e4
LT		 1434 u32 mtu;
1435
67ba4152 1436 memcpy(&n, ((u8 *)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
e69a4adc 1437 mtu = ntohl(n);
1da177e4
LT		 1438
1439 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
675418d5 1440 ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1da177e4
LT		 1441 } else if (in6_dev->cnf.mtu6 != mtu) {
1442 in6_dev->cnf.mtu6 = mtu;
1443
1444 if (rt)
defb3519 1445 dst_metric_set(&rt->dst, RTAX_MTU, mtu);
1da177e4
LT		 1446
1447 rt6_mtu_change(skb->dev, mtu);
1448 }
1449 }
1ab1457c 1450
31910575 1451 if (ndopts.nd_useropts) {
61cf46ad
YH		 1452 struct nd_opt_hdr *p;
1453 for (p = ndopts.nd_useropts;
1454 p;
f997c55c
AA		 1455 p = ndisc_next_useropt(skb->dev, p,
1456 ndopts.nd_useropts_end)) {
61cf46ad 1457 ndisc_ra_useropt(skb, p);
31910575
PY		 1458 }
1459 }
1460
1da177e4 1461 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
675418d5 1462 ND_PRINTK(2, warn, "RA: invalid RA options\n");
1da177e4
LT		 1463 }
1464out:
94e187c0 1465 ip6_rt_put(rt);
eb857186 1466 if (neigh)
1da177e4 1467 neigh_release(neigh);
1da177e4
LT		 1468}
1469
1470static void ndisc_redirect_rcv(struct sk_buff *skb)
1471{
093d04d4
DJ		 1472 u8 *hdr;
1473 struct ndisc_options ndopts;
1474 struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb);
29a3cad5 1475 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
093d04d4
DJ		 1476 offsetof(struct rd_msg, opt));
1477
de357cc0 1478#ifdef CONFIG_IPV6_NDISC_NODETYPE
fadf6bf0
TF		 1479 switch (skb->ndisc_nodetype) {
1480 case NDISC_NODETYPE_HOST:
1481 case NDISC_NODETYPE_NODEFAULT:
675418d5
JP		 1482 ND_PRINTK(2, warn,
1483 "Redirect: from host or unauthorized router\n");
fadf6bf0
TF		 1484 return;
1485 }
de357cc0 1486#endif
fadf6bf0 1487
0660e03f 1488 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
675418d5
JP		 1489 ND_PRINTK(2, warn,
1490 "Redirect: source address is not link-local\n");
1da177e4
LT		 1491 return;
1492 }
1493
f997c55c 1494 if (!ndisc_parse_options(skb->dev, msg->opt, ndoptlen, &ndopts))
093d04d4
DJ		 1495 return;
1496
c92a59ec 1497 if (!ndopts.nd_opts_rh) {
b55b76b2
DJ		 1498 ip6_redirect_no_header(skb, dev_net(skb->dev),
1499 skb->dev->ifindex, 0);
093d04d4 1500 return;
c92a59ec 1501 }
093d04d4
DJ		 1502
1503 hdr = (u8 *)ndopts.nd_opts_rh;
1504 hdr += 8;
1505 if (!pskb_pull(skb, hdr - skb_transport_header(skb)))
1506 return;
1507
b94f1c09 1508 icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1da177e4
LT		 1509}
1510
5f5a0115
YH		 1511static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb,
1512 struct sk_buff *orig_skb,
1513 int rd_len)
9c86dafe 1514{
5f5a0115
YH		 1515 u8 *opt = skb_put(skb, rd_len);
1516
9c86dafe
YH		 1517 memset(opt, 0, 8);
1518 *(opt++) = ND_OPT_REDIRECT_HDR;
1519 *(opt++) = (rd_len >> 3);
1520 opt += 6;
1521
1522 memcpy(opt, ipv6_hdr(orig_skb), rd_len - 8);
9c86dafe
YH		 1523}
1524
4991969a 1525void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1da177e4 1526{
1762f7e8 1527 struct net_device *dev = skb->dev;
c346dca1 1528 struct net *net = dev_net(dev);
1762f7e8 1529 struct sock *sk = net->ipv6.ndisc_sk;
2ce13576 1530 int optlen = 0;
fbfe95a4 1531 struct inet_peer *peer;
1da177e4 1532 struct sk_buff *buff;
71bcdba0 1533 struct rd_msg *msg;
1da177e4 1534 struct in6_addr saddr_buf;
1da177e4
LT		 1535 struct rt6_info *rt;
1536 struct dst_entry *dst;
4c9483b2 1537 struct flowi6 fl6;
1da177e4 1538 int rd_len;
f997c55c
AA		 1539 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL,
1540 ops_data_buf[NDISC_OPS_REDIRECT_DATA_SPACE], *ops_data = NULL;
ca254490 1541 int oif = l3mdev_fib_oif(dev);
1d861aa4 1542 bool ret;
1da177e4 1543
95c385b4 1544 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
675418d5
JP		 1545 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1546 dev->name);
1ab1457c
YH		 1547 return;
1548 }
1da177e4 1549
0660e03f 1550 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
bf0b48df 1551 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
675418d5
JP		 1552 ND_PRINTK(2, warn,
1553 "Redirect: target address is not link-local unicast\n");
29556526
LY		 1554 return;
1555 }
1556
4c9483b2 1557 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
ca254490
DA		 1558 &saddr_buf, &ipv6_hdr(skb)->saddr, oif);
1559
1560 if (oif != skb->dev->ifindex)
1561 fl6.flowi6_flags |= FLOWI_FLAG_L3MDEV_SRC;
1da177e4 1562
4c9483b2 1563 dst = ip6_route_output(net, NULL, &fl6);
5095d64d
RL		 1564 if (dst->error) {
1565 dst_release(dst);
1da177e4 1566 return;
5095d64d 1567 }
4c9483b2 1568 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
452edd59 1569 if (IS_ERR(dst))
1da177e4 1570 return;
1da177e4
LT		 1571
1572 rt = (struct rt6_info *) dst;
1573
1574 if (rt->rt6i_flags & RTF_GATEWAY) {
675418d5
JP		 1575 ND_PRINTK(2, warn,
1576 "Redirect: destination is not a neighbour\n");
d73f0801 1577 goto release;
1da177e4 1578 }
fd0273d7 1579 peer = inet_getpeer_v6(net->ipv6.peers, &ipv6_hdr(skb)->saddr, 1);
1d861aa4
DM		 1580 ret = inet_peer_xrlim_allow(peer, 1*HZ);
1581 if (peer)
1582 inet_putpeer(peer);
1583 if (!ret)
d73f0801 1584 goto release;
1da177e4
LT		 1585
1586 if (dev->addr_len) {
4991969a
DM		 1587 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1588 if (!neigh) {
675418d5
JP		 1589 ND_PRINTK(2, warn,
1590 "Redirect: no neigh for target address\n");
4991969a
DM		 1591 goto release;
1592 }
1593
1da177e4
LT		 1594 read_lock_bh(&neigh->lock);
1595 if (neigh->nud_state & NUD_VALID) {
1596 memcpy(ha_buf, neigh->ha, dev->addr_len);
1597 read_unlock_bh(&neigh->lock);
1598 ha = ha_buf;
f997c55c
AA		 1599 optlen += ndisc_redirect_opt_addr_space(dev, neigh,
1600 ops_data_buf,
1601 &ops_data);
1da177e4
LT		 1602 } else
1603 read_unlock_bh(&neigh->lock);
4991969a
DM		 1604
1605 neigh_release(neigh);
1da177e4
LT		 1606 }
1607
1608 rd_len = min_t(unsigned int,
2ce13576
YH		 1609 IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen,
1610 skb->len + 8);
1da177e4 1611 rd_len &= ~0x7;
2ce13576 1612 optlen += rd_len;
1da177e4 1613
2ce13576 1614 buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
de09334b 1615 if (!buff)
d73f0801 1616 goto release;
1da177e4 1617
4d5c152e
YH		 1618 msg = (struct rd_msg *)skb_put(buff, sizeof(*msg));
1619 *msg = (struct rd_msg) {
1620 .icmph = {
1621 .icmp6_type = NDISC_REDIRECT,
1622 },
1623 .target = *target,
1624 .dest = ipv6_hdr(skb)->daddr,
1625 };
1da177e4 1626
1da177e4
LT		 1627 /*
1628 * include target_address option
1629 */
1630
1631 if (ha)
f997c55c 1632 ndisc_fill_redirect_addr_option(buff, ha, ops_data);
1da177e4
LT		 1633
1634 /*
1635 * build redirect option and copy skb over to the new packet.
1636 */
1637
9c86dafe 1638 if (rd_len)
5f5a0115 1639 ndisc_fill_redirect_hdr_option(buff, skb, rd_len);
1da177e4 1640
adf30907 1641 skb_dst_set(buff, dst);
f4de84c6 1642 ndisc_send_skb(buff, &ipv6_hdr(skb)->saddr, &saddr_buf);
d73f0801
IJ		 1643 return;
1644
1645release:
1646 dst_release(dst);
1da177e4
LT		 1647}
1648
1649static void pndisc_redo(struct sk_buff *skb)
1650{
140e26fc 1651 ndisc_recv_ns(skb);
1da177e4
LT		 1652 kfree_skb(skb);
1653}
1654
b800c3b9
HFS		 1655static bool ndisc_suppress_frag_ndisc(struct sk_buff *skb)
1656{
1657 struct inet6_dev *idev = __in6_dev_get(skb->dev);
1658
1659 if (!idev)
1660 return true;
1661 if (IP6CB(skb)->flags & IP6SKB_FRAGMENTED &&
1662 idev->cnf.suppress_frag_ndisc) {
1663 net_warn_ratelimited("Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.\n");
1664 return true;
1665 }
1666 return false;
1667}
1668
1da177e4
LT		 1669int ndisc_rcv(struct sk_buff *skb)
1670{
1671 struct nd_msg *msg;
1672
b800c3b9
HFS		 1673 if (ndisc_suppress_frag_ndisc(skb))
1674 return 0;
1675
6bce6b4e 1676 if (skb_linearize(skb))
1da177e4
LT		 1677 return 0;
1678
9c70220b 1679 msg = (struct nd_msg *)skb_transport_header(skb);
1da177e4 1680
9c70220b 1681 __skb_push(skb, skb->data - skb_transport_header(skb));
1da177e4 1682
0660e03f 1683 if (ipv6_hdr(skb)->hop_limit != 255) {
675418d5
JP		 1684 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1685 ipv6_hdr(skb)->hop_limit);
1da177e4
LT		 1686 return 0;
1687 }
1688
1689 if (msg->icmph.icmp6_code != 0) {
675418d5
JP		 1690 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1691 msg->icmph.icmp6_code);
1da177e4
LT		 1692 return 0;
1693 }
1694
a61bbcf2
PM		 1695 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1696
1da177e4
LT		 1697 switch (msg->icmph.icmp6_type) {
1698 case NDISC_NEIGHBOUR_SOLICITATION:
1699 ndisc_recv_ns(skb);
1700 break;
1701
1702 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1703 ndisc_recv_na(skb);
1704 break;
1705
1706 case NDISC_ROUTER_SOLICITATION:
1707 ndisc_recv_rs(skb);
1708 break;
1709
1710 case NDISC_ROUTER_ADVERTISEMENT:
1711 ndisc_router_discovery(skb);
1712 break;
1713
1714 case NDISC_REDIRECT:
1715 ndisc_redirect_rcv(skb);
1716 break;
3ff50b79 1717 }
1da177e4
LT		 1718
1719 return 0;
1720}
1721
1722static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1723{
351638e7 1724 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
c8507fb2 1725 struct netdev_notifier_change_info *change_info;
c346dca1 1726 struct net *net = dev_net(dev);
5cb04436 1727 struct inet6_dev *idev;
1da177e4
LT		 1728
1729 switch (event) {
1730 case NETDEV_CHANGEADDR:
1731 neigh_changeaddr(&nd_tbl, dev);
2ac3ac8f 1732 fib6_run_gc(0, net, false);
5cb04436
HFS		 1733 idev = in6_dev_get(dev);
1734 if (!idev)
1735 break;
1736 if (idev->cnf.ndisc_notify)
1737 ndisc_send_unsol_na(dev);
1738 in6_dev_put(idev);
1da177e4 1739 break;
c8507fb2
ED		 1740 case NETDEV_CHANGE:
1741 change_info = ptr;
1742 if (change_info->flags_changed & IFF_NOARP)
1743 neigh_changeaddr(&nd_tbl, dev);
1744 break;
1da177e4
LT		 1745 case NETDEV_DOWN:
1746 neigh_ifdown(&nd_tbl, dev);
2ac3ac8f 1747 fib6_run_gc(0, net, false);
1da177e4 1748 break;
f47b9464
BH		 1749 case NETDEV_NOTIFY_PEERS:
1750 ndisc_send_unsol_na(dev);
1751 break;
1da177e4
LT		 1752 default:
1753 break;
1754 }
1755
1756 return NOTIFY_DONE;
1757}
1758
1759static struct notifier_block ndisc_netdev_notifier = {
1760 .notifier_call = ndisc_netdev_event,
1761};
1762
1763#ifdef CONFIG_SYSCTL
1764static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1765 const char *func, const char *dev_name)
1766{
1767 static char warncomm[TASK_COMM_LEN];
1768 static int warned;
1769 if (strcmp(warncomm, current->comm) && warned < 5) {
1770 strcpy(warncomm, current->comm);
f3213831 1771 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1da177e4
LT		 1772 warncomm, func,
1773 dev_name, ctl->procname,
1774 dev_name, ctl->procname);
1775 warned++;
1776 }
1777}
1778
8d65af78 1779int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
1da177e4
LT		 1780{
1781 struct net_device *dev = ctl->extra1;
1782 struct inet6_dev *idev;
1783 int ret;
1784
d12af679
EB		 1785 if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1786 (strcmp(ctl->procname, "base_reachable_time") == 0))
1da177e4
LT		 1787 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1788
d12af679 1789 if (strcmp(ctl->procname, "retrans_time") == 0)
cb5b09c1 1790 ret = neigh_proc_dointvec(ctl, write, buffer, lenp, ppos);
d12af679
EB		 1791
1792 else if (strcmp(ctl->procname, "base_reachable_time") == 0)
cb5b09c1
JP		 1793 ret = neigh_proc_dointvec_jiffies(ctl, write,
1794 buffer, lenp, ppos);
d12af679
EB		 1795
1796 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
ad02ac14 1797 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
cb5b09c1
JP		 1798 ret = neigh_proc_dointvec_ms_jiffies(ctl, write,
1799 buffer, lenp, ppos);
d12af679 1800 else
1da177e4 1801 ret = -1;
1da177e4
LT		 1802
1803 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1f9248e5
JP		 1804 if (ctl->data == &NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME))
1805 idev->nd_parms->reachable_time =
1806 neigh_rand_reach_time(NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME));
1da177e4
LT		 1807 idev->tstamp = jiffies;
1808 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1809 in6_dev_put(idev);
1810 }
1811 return ret;
1812}
1813
1da177e4
LT		 1814
1815#endif
1816
2c8c1e72 1817static int __net_init ndisc_net_init(struct net *net)
1da177e4
LT		 1818{
1819 struct ipv6_pinfo *np;
1820 struct sock *sk;
1ab1457c 1821 int err;
1da177e4 1822
1ed8516f
DL		 1823 err = inet_ctl_sock_create(&sk, PF_INET6,
1824 SOCK_RAW, IPPROTO_ICMPV6, net);
1da177e4 1825 if (err < 0) {
675418d5
JP		 1826 ND_PRINTK(0, err,
1827 "NDISC: Failed to initialize the control socket (err %d)\n",
1828 err);
1da177e4
LT		 1829 return err;
1830 }
1831
1ed8516f 1832 net->ipv6.ndisc_sk = sk;
1762f7e8 1833
1da177e4 1834 np = inet6_sk(sk);
1da177e4
LT		 1835 np->hop_limit = 255;
1836 /* Do not loopback ndisc messages */
1837 np->mc_loop = 0;
1da177e4 1838
1762f7e8
DL		 1839 return 0;
1840}
1841
2c8c1e72 1842static void __net_exit ndisc_net_exit(struct net *net)
1762f7e8 1843{
1ed8516f 1844 inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1762f7e8
DL		 1845}
1846
1847static struct pernet_operations ndisc_net_ops = {
1848 .init = ndisc_net_init,
1849 .exit = ndisc_net_exit,
1850};
1851
1852int __init ndisc_init(void)
1853{
1854 int err;
1855
1856 err = register_pernet_subsys(&ndisc_net_ops);
1857 if (err)
1858 return err;
1ab1457c
YH		 1859 /*
1860 * Initialize the neighbour table
1861 */
d7480fd3 1862 neigh_table_init(NEIGH_ND_TABLE, &nd_tbl);
1da177e4
LT		 1863
1864#ifdef CONFIG_SYSCTL
73af614a 1865 err = neigh_sysctl_register(NULL, &nd_tbl.parms,
56ec0fb1 1866 ndisc_ifinfo_sysctl_change);
1762f7e8
DL		 1867 if (err)
1868 goto out_unregister_pernet;
1762f7e8 1869out:
bcd081a3 1870#endif
1762f7e8 1871 return err;
1da177e4 1872
1762f7e8 1873#ifdef CONFIG_SYSCTL
1762f7e8 1874out_unregister_pernet:
1762f7e8
DL		 1875 unregister_pernet_subsys(&ndisc_net_ops);
1876 goto out;
2c861cc6 1877#endif
1da177e4
LT		 1878}
1879
2c861cc6
MK		 1880int __init ndisc_late_init(void)
1881{
1882 return register_netdevice_notifier(&ndisc_netdev_notifier);
1883}
1884
1885void ndisc_late_cleanup(void)
1da177e4 1886{
36f73d0c 1887 unregister_netdevice_notifier(&ndisc_netdev_notifier);
2c861cc6
MK		 1888}
1889
1890void ndisc_cleanup(void)
1891{
1da177e4
LT		 1892#ifdef CONFIG_SYSCTL
1893 neigh_sysctl_unregister(&nd_tbl.parms);
1894#endif
d7480fd3 1895 neigh_table_clear(NEIGH_ND_TABLE, &nd_tbl);
1762f7e8 1896 unregister_pernet_subsys(&ndisc_net_ops);
1da177e4 1897}
ubuntu-bionic-kernel mirror