1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * Neighbour Discovery for IPv6
4 * Linux INET6 implementation
7 * Pedro Roque <roque@di.fc.ul.pt>
8 * Mike Shaver <shaver@ingenia.com>
14 * Alexey I. Froloff : RFC6106 (DNSSL) support
15 * Pierre Ynard : export userland ND options
16 * through netlink (RDNSS support)
17 * Lars Fenneberg : fixed MTU setting on receipt
19 * Janos Farkas : kmalloc failure checks
20 * Alexey Kuznetsov : state machine reworked
21 * and moved to net/core.
22 * Pekka Savola : RFC2461 validation
23 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly
26 #define pr_fmt(fmt) "ICMPv6: " fmt
28 #include <linux/module.h>
29 #include <linux/errno.h>
30 #include <linux/types.h>
31 #include <linux/socket.h>
32 #include <linux/sockios.h>
33 #include <linux/sched.h>
34 #include <linux/net.h>
35 #include <linux/in6.h>
36 #include <linux/route.h>
37 #include <linux/init.h>
38 #include <linux/rcupdate.h>
39 #include <linux/slab.h>
41 #include <linux/sysctl.h>
44 #include <linux/if_addr.h>
45 #include <linux/if_ether.h>
46 #include <linux/if_arp.h>
47 #include <linux/ipv6.h>
48 #include <linux/icmpv6.h>
49 #include <linux/jhash.h>
55 #include <net/protocol.h>
56 #include <net/ndisc.h>
57 #include <net/ip6_route.h>
58 #include <net/addrconf.h>
61 #include <net/netlink.h>
62 #include <linux/rtnetlink.h>
65 #include <net/ip6_checksum.h>
66 #include <net/inet_common.h>
67 #include <linux/proc_fs.h>
69 #include <linux/netfilter.h>
70 #include <linux/netfilter_ipv6.h>
72 static u32
ndisc_hash(const void *pkey
,
73 const struct net_device
*dev
,
75 static bool ndisc_key_eq(const struct neighbour
*neigh
, const void *pkey
);
76 static bool ndisc_allow_add(const struct net_device
*dev
,
77 struct netlink_ext_ack
*extack
);
78 static int ndisc_constructor(struct neighbour
*neigh
);
79 static void ndisc_solicit(struct neighbour
*neigh
, struct sk_buff
*skb
);
80 static void ndisc_error_report(struct neighbour
*neigh
, struct sk_buff
*skb
);
81 static int pndisc_constructor(struct pneigh_entry
*n
);
82 static void pndisc_destructor(struct pneigh_entry
*n
);
83 static void pndisc_redo(struct sk_buff
*skb
);
85 static const struct neigh_ops ndisc_generic_ops
= {
87 .solicit
= ndisc_solicit
,
88 .error_report
= ndisc_error_report
,
89 .output
= neigh_resolve_output
,
90 .connected_output
= neigh_connected_output
,
93 static const struct neigh_ops ndisc_hh_ops
= {
95 .solicit
= ndisc_solicit
,
96 .error_report
= ndisc_error_report
,
97 .output
= neigh_resolve_output
,
98 .connected_output
= neigh_resolve_output
,
102 static const struct neigh_ops ndisc_direct_ops
= {
104 .output
= neigh_direct_output
,
105 .connected_output
= neigh_direct_output
,
108 struct neigh_table nd_tbl
= {
110 .key_len
= sizeof(struct in6_addr
),
111 .protocol
= cpu_to_be16(ETH_P_IPV6
),
113 .key_eq
= ndisc_key_eq
,
114 .constructor
= ndisc_constructor
,
115 .pconstructor
= pndisc_constructor
,
116 .pdestructor
= pndisc_destructor
,
117 .proxy_redo
= pndisc_redo
,
118 .allow_add
= ndisc_allow_add
,
122 .reachable_time
= ND_REACHABLE_TIME
,
124 [NEIGH_VAR_MCAST_PROBES
] = 3,
125 [NEIGH_VAR_UCAST_PROBES
] = 3,
126 [NEIGH_VAR_RETRANS_TIME
] = ND_RETRANS_TIMER
,
127 [NEIGH_VAR_BASE_REACHABLE_TIME
] = ND_REACHABLE_TIME
,
128 [NEIGH_VAR_DELAY_PROBE_TIME
] = 5 * HZ
,
129 [NEIGH_VAR_GC_STALETIME
] = 60 * HZ
,
130 [NEIGH_VAR_QUEUE_LEN_BYTES
] = SK_WMEM_MAX
,
131 [NEIGH_VAR_PROXY_QLEN
] = 64,
132 [NEIGH_VAR_ANYCAST_DELAY
] = 1 * HZ
,
133 [NEIGH_VAR_PROXY_DELAY
] = (8 * HZ
) / 10,
136 .gc_interval
= 30 * HZ
,
141 EXPORT_SYMBOL_GPL(nd_tbl
);
143 void __ndisc_fill_addr_option(struct sk_buff
*skb
, int type
, void *data
,
144 int data_len
, int pad
)
146 int space
= __ndisc_opt_addr_space(data_len
, pad
);
147 u8
*opt
= skb_put(skb
, space
);
152 memset(opt
+ 2, 0, pad
);
156 memcpy(opt
+2, data
, data_len
);
161 memset(opt
, 0, space
);
163 EXPORT_SYMBOL_GPL(__ndisc_fill_addr_option
);
165 static inline void ndisc_fill_addr_option(struct sk_buff
*skb
, int type
,
166 void *data
, u8 icmp6_type
)
168 __ndisc_fill_addr_option(skb
, type
, data
, skb
->dev
->addr_len
,
169 ndisc_addr_option_pad(skb
->dev
->type
));
170 ndisc_ops_fill_addr_option(skb
->dev
, skb
, icmp6_type
);
173 static inline void ndisc_fill_redirect_addr_option(struct sk_buff
*skb
,
177 ndisc_fill_addr_option(skb
, ND_OPT_TARGET_LL_ADDR
, ha
, NDISC_REDIRECT
);
178 ndisc_ops_fill_redirect_addr_option(skb
->dev
, skb
, ops_data
);
181 static struct nd_opt_hdr
*ndisc_next_option(struct nd_opt_hdr
*cur
,
182 struct nd_opt_hdr
*end
)
185 if (!cur
|| !end
|| cur
>= end
)
187 type
= cur
->nd_opt_type
;
189 cur
= ((void *)cur
) + (cur
->nd_opt_len
<< 3);
190 } while (cur
< end
&& cur
->nd_opt_type
!= type
);
191 return cur
<= end
&& cur
->nd_opt_type
== type
? cur
: NULL
;
194 static inline int ndisc_is_useropt(const struct net_device
*dev
,
195 struct nd_opt_hdr
*opt
)
197 return opt
->nd_opt_type
== ND_OPT_RDNSS
||
198 opt
->nd_opt_type
== ND_OPT_DNSSL
||
199 ndisc_ops_is_useropt(dev
, opt
->nd_opt_type
);
202 static struct nd_opt_hdr
*ndisc_next_useropt(const struct net_device
*dev
,
203 struct nd_opt_hdr
*cur
,
204 struct nd_opt_hdr
*end
)
206 if (!cur
|| !end
|| cur
>= end
)
209 cur
= ((void *)cur
) + (cur
->nd_opt_len
<< 3);
210 } while (cur
< end
&& !ndisc_is_useropt(dev
, cur
));
211 return cur
<= end
&& ndisc_is_useropt(dev
, cur
) ? cur
: NULL
;
214 struct ndisc_options
*ndisc_parse_options(const struct net_device
*dev
,
215 u8
*opt
, int opt_len
,
216 struct ndisc_options
*ndopts
)
218 struct nd_opt_hdr
*nd_opt
= (struct nd_opt_hdr
*)opt
;
220 if (!nd_opt
|| opt_len
< 0 || !ndopts
)
222 memset(ndopts
, 0, sizeof(*ndopts
));
225 if (opt_len
< sizeof(struct nd_opt_hdr
))
227 l
= nd_opt
->nd_opt_len
<< 3;
228 if (opt_len
< l
|| l
== 0)
230 if (ndisc_ops_parse_options(dev
, nd_opt
, ndopts
))
232 switch (nd_opt
->nd_opt_type
) {
233 case ND_OPT_SOURCE_LL_ADDR
:
234 case ND_OPT_TARGET_LL_ADDR
:
237 case ND_OPT_REDIRECT_HDR
:
238 if (ndopts
->nd_opt_array
[nd_opt
->nd_opt_type
]) {
240 "%s: duplicated ND6 option found: type=%d\n",
241 __func__
, nd_opt
->nd_opt_type
);
243 ndopts
->nd_opt_array
[nd_opt
->nd_opt_type
] = nd_opt
;
246 case ND_OPT_PREFIX_INFO
:
247 ndopts
->nd_opts_pi_end
= nd_opt
;
248 if (!ndopts
->nd_opt_array
[nd_opt
->nd_opt_type
])
249 ndopts
->nd_opt_array
[nd_opt
->nd_opt_type
] = nd_opt
;
251 #ifdef CONFIG_IPV6_ROUTE_INFO
252 case ND_OPT_ROUTE_INFO
:
253 ndopts
->nd_opts_ri_end
= nd_opt
;
254 if (!ndopts
->nd_opts_ri
)
255 ndopts
->nd_opts_ri
= nd_opt
;
259 if (ndisc_is_useropt(dev
, nd_opt
)) {
260 ndopts
->nd_useropts_end
= nd_opt
;
261 if (!ndopts
->nd_useropts
)
262 ndopts
->nd_useropts
= nd_opt
;
265 * Unknown options must be silently ignored,
266 * to accommodate future extension to the
270 "%s: ignored unsupported option; type=%d, len=%d\n",
278 nd_opt
= ((void *)nd_opt
) + l
;
283 int ndisc_mc_map(const struct in6_addr
*addr
, char *buf
, struct net_device
*dev
, int dir
)
287 case ARPHRD_IEEE802
: /* Not sure. Check it later. --ANK */
289 ipv6_eth_mc_map(addr
, buf
);
292 ipv6_arcnet_mc_map(addr
, buf
);
294 case ARPHRD_INFINIBAND
:
295 ipv6_ib_mc_map(addr
, dev
->broadcast
, buf
);
298 return ipv6_ipgre_mc_map(addr
, dev
->broadcast
, buf
);
301 memcpy(buf
, dev
->broadcast
, dev
->addr_len
);
307 EXPORT_SYMBOL(ndisc_mc_map
);
309 static u32
ndisc_hash(const void *pkey
,
310 const struct net_device
*dev
,
313 return ndisc_hashfn(pkey
, dev
, hash_rnd
);
316 static bool ndisc_key_eq(const struct neighbour
*n
, const void *pkey
)
318 return neigh_key_eq128(n
, pkey
);
321 static int ndisc_constructor(struct neighbour
*neigh
)
323 struct in6_addr
*addr
= (struct in6_addr
*)&neigh
->primary_key
;
324 struct net_device
*dev
= neigh
->dev
;
325 struct inet6_dev
*in6_dev
;
326 struct neigh_parms
*parms
;
327 bool is_multicast
= ipv6_addr_is_multicast(addr
);
329 in6_dev
= in6_dev_get(dev
);
334 parms
= in6_dev
->nd_parms
;
335 __neigh_parms_put(neigh
->parms
);
336 neigh
->parms
= neigh_parms_clone(parms
);
338 neigh
->type
= is_multicast
? RTN_MULTICAST
: RTN_UNICAST
;
339 if (!dev
->header_ops
) {
340 neigh
->nud_state
= NUD_NOARP
;
341 neigh
->ops
= &ndisc_direct_ops
;
342 neigh
->output
= neigh_direct_output
;
345 neigh
->nud_state
= NUD_NOARP
;
346 ndisc_mc_map(addr
, neigh
->ha
, dev
, 1);
347 } else if (dev
->flags
&(IFF_NOARP
|IFF_LOOPBACK
)) {
348 neigh
->nud_state
= NUD_NOARP
;
349 memcpy(neigh
->ha
, dev
->dev_addr
, dev
->addr_len
);
350 if (dev
->flags
&IFF_LOOPBACK
)
351 neigh
->type
= RTN_LOCAL
;
352 } else if (dev
->flags
&IFF_POINTOPOINT
) {
353 neigh
->nud_state
= NUD_NOARP
;
354 memcpy(neigh
->ha
, dev
->broadcast
, dev
->addr_len
);
356 if (dev
->header_ops
->cache
)
357 neigh
->ops
= &ndisc_hh_ops
;
359 neigh
->ops
= &ndisc_generic_ops
;
360 if (neigh
->nud_state
&NUD_VALID
)
361 neigh
->output
= neigh
->ops
->connected_output
;
363 neigh
->output
= neigh
->ops
->output
;
365 in6_dev_put(in6_dev
);
369 static int pndisc_constructor(struct pneigh_entry
*n
)
371 struct in6_addr
*addr
= (struct in6_addr
*)&n
->key
;
372 struct in6_addr maddr
;
373 struct net_device
*dev
= n
->dev
;
375 if (!dev
|| !__in6_dev_get(dev
))
377 addrconf_addr_solict_mult(addr
, &maddr
);
378 ipv6_dev_mc_inc(dev
, &maddr
);
382 static void pndisc_destructor(struct pneigh_entry
*n
)
384 struct in6_addr
*addr
= (struct in6_addr
*)&n
->key
;
385 struct in6_addr maddr
;
386 struct net_device
*dev
= n
->dev
;
388 if (!dev
|| !__in6_dev_get(dev
))
390 addrconf_addr_solict_mult(addr
, &maddr
);
391 ipv6_dev_mc_dec(dev
, &maddr
);
394 /* called with rtnl held */
395 static bool ndisc_allow_add(const struct net_device
*dev
,
396 struct netlink_ext_ack
*extack
)
398 struct inet6_dev
*idev
= __in6_dev_get(dev
);
400 if (!idev
|| idev
->cnf
.disable_ipv6
) {
401 NL_SET_ERR_MSG(extack
, "IPv6 is disabled on this device");
408 static struct sk_buff
*ndisc_alloc_skb(struct net_device
*dev
,
411 int hlen
= LL_RESERVED_SPACE(dev
);
412 int tlen
= dev
->needed_tailroom
;
413 struct sock
*sk
= dev_net(dev
)->ipv6
.ndisc_sk
;
416 skb
= alloc_skb(hlen
+ sizeof(struct ipv6hdr
) + len
+ tlen
, GFP_ATOMIC
);
418 ND_PRINTK(0, err
, "ndisc: %s failed to allocate an skb\n",
423 skb
->protocol
= htons(ETH_P_IPV6
);
426 skb_reserve(skb
, hlen
+ sizeof(struct ipv6hdr
));
427 skb_reset_transport_header(skb
);
429 /* Manually assign socket ownership as we avoid calling
430 * sock_alloc_send_pskb() to bypass wmem buffer limits
432 skb_set_owner_w(skb
, sk
);
437 static void ip6_nd_hdr(struct sk_buff
*skb
,
438 const struct in6_addr
*saddr
,
439 const struct in6_addr
*daddr
,
440 int hop_limit
, int len
)
443 struct inet6_dev
*idev
;
447 idev
= __in6_dev_get(skb
->dev
);
448 tclass
= idev
? idev
->cnf
.ndisc_tclass
: 0;
451 skb_push(skb
, sizeof(*hdr
));
452 skb_reset_network_header(skb
);
455 ip6_flow_hdr(hdr
, tclass
, 0);
457 hdr
->payload_len
= htons(len
);
458 hdr
->nexthdr
= IPPROTO_ICMPV6
;
459 hdr
->hop_limit
= hop_limit
;
465 static void ndisc_send_skb(struct sk_buff
*skb
,
466 const struct in6_addr
*daddr
,
467 const struct in6_addr
*saddr
)
469 struct dst_entry
*dst
= skb_dst(skb
);
470 struct net
*net
= dev_net(skb
->dev
);
471 struct sock
*sk
= net
->ipv6
.ndisc_sk
;
472 struct inet6_dev
*idev
;
474 struct icmp6hdr
*icmp6h
= icmp6_hdr(skb
);
477 type
= icmp6h
->icmp6_type
;
481 int oif
= skb
->dev
->ifindex
;
483 icmpv6_flow_init(sk
, &fl6
, type
, saddr
, daddr
, oif
);
484 dst
= icmp6_dst_alloc(skb
->dev
, &fl6
);
490 skb_dst_set(skb
, dst
);
493 icmp6h
->icmp6_cksum
= csum_ipv6_magic(saddr
, daddr
, skb
->len
,
498 ip6_nd_hdr(skb
, saddr
, daddr
, inet6_sk(sk
)->hop_limit
, skb
->len
);
501 idev
= __in6_dev_get(dst
->dev
);
502 IP6_UPD_PO_STATS(net
, idev
, IPSTATS_MIB_OUT
, skb
->len
);
504 err
= NF_HOOK(NFPROTO_IPV6
, NF_INET_LOCAL_OUT
,
505 net
, sk
, skb
, NULL
, dst
->dev
,
508 ICMP6MSGOUT_INC_STATS(net
, idev
, type
);
509 ICMP6_INC_STATS(net
, idev
, ICMP6_MIB_OUTMSGS
);
515 void ndisc_send_na(struct net_device
*dev
, const struct in6_addr
*daddr
,
516 const struct in6_addr
*solicited_addr
,
517 bool router
, bool solicited
, bool override
, bool inc_opt
)
520 struct in6_addr tmpaddr
;
521 struct inet6_ifaddr
*ifp
;
522 const struct in6_addr
*src_addr
;
526 /* for anycast or proxy, solicited_addr != src_addr */
527 ifp
= ipv6_get_ifaddr(dev_net(dev
), solicited_addr
, dev
, 1);
529 src_addr
= solicited_addr
;
530 if (ifp
->flags
& IFA_F_OPTIMISTIC
)
532 inc_opt
|= ifp
->idev
->cnf
.force_tllao
;
535 if (ipv6_dev_get_saddr(dev_net(dev
), dev
, daddr
,
536 inet6_sk(dev_net(dev
)->ipv6
.ndisc_sk
)->srcprefs
,
545 optlen
+= ndisc_opt_addr_space(dev
,
546 NDISC_NEIGHBOUR_ADVERTISEMENT
);
548 skb
= ndisc_alloc_skb(dev
, sizeof(*msg
) + optlen
);
552 msg
= skb_put(skb
, sizeof(*msg
));
553 *msg
= (struct nd_msg
) {
555 .icmp6_type
= NDISC_NEIGHBOUR_ADVERTISEMENT
,
556 .icmp6_router
= router
,
557 .icmp6_solicited
= solicited
,
558 .icmp6_override
= override
,
560 .target
= *solicited_addr
,
564 ndisc_fill_addr_option(skb
, ND_OPT_TARGET_LL_ADDR
,
566 NDISC_NEIGHBOUR_ADVERTISEMENT
);
568 ndisc_send_skb(skb
, daddr
, src_addr
);
571 static void ndisc_send_unsol_na(struct net_device
*dev
)
573 struct inet6_dev
*idev
;
574 struct inet6_ifaddr
*ifa
;
576 idev
= in6_dev_get(dev
);
580 read_lock_bh(&idev
->lock
);
581 list_for_each_entry(ifa
, &idev
->addr_list
, if_list
) {
582 /* skip tentative addresses until dad completes */
583 if (ifa
->flags
& IFA_F_TENTATIVE
&&
584 !(ifa
->flags
& IFA_F_OPTIMISTIC
))
587 ndisc_send_na(dev
, &in6addr_linklocal_allnodes
, &ifa
->addr
,
588 /*router=*/ !!idev
->cnf
.forwarding
,
589 /*solicited=*/ false, /*override=*/ true,
592 read_unlock_bh(&idev
->lock
);
597 void ndisc_send_ns(struct net_device
*dev
, const struct in6_addr
*solicit
,
598 const struct in6_addr
*daddr
, const struct in6_addr
*saddr
,
602 struct in6_addr addr_buf
;
603 int inc_opt
= dev
->addr_len
;
608 if (ipv6_get_lladdr(dev
, &addr_buf
,
609 (IFA_F_TENTATIVE
|IFA_F_OPTIMISTIC
)))
614 if (ipv6_addr_any(saddr
))
617 optlen
+= ndisc_opt_addr_space(dev
,
618 NDISC_NEIGHBOUR_SOLICITATION
);
622 skb
= ndisc_alloc_skb(dev
, sizeof(*msg
) + optlen
);
626 msg
= skb_put(skb
, sizeof(*msg
));
627 *msg
= (struct nd_msg
) {
629 .icmp6_type
= NDISC_NEIGHBOUR_SOLICITATION
,
635 ndisc_fill_addr_option(skb
, ND_OPT_SOURCE_LL_ADDR
,
637 NDISC_NEIGHBOUR_SOLICITATION
);
639 u8
*opt
= skb_put(skb
, 8);
641 opt
[0] = ND_OPT_NONCE
;
643 memcpy(opt
+ 2, &nonce
, 6);
646 ndisc_send_skb(skb
, daddr
, saddr
);
649 void ndisc_send_rs(struct net_device
*dev
, const struct in6_addr
*saddr
,
650 const struct in6_addr
*daddr
)
654 int send_sllao
= dev
->addr_len
;
657 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
659 * According to section 2.2 of RFC 4429, we must not
660 * send router solicitations with a sllao from
661 * optimistic addresses, but we may send the solicitation
662 * if we don't include the sllao. So here we check
663 * if our address is optimistic, and if so, we
664 * suppress the inclusion of the sllao.
667 struct inet6_ifaddr
*ifp
= ipv6_get_ifaddr(dev_net(dev
), saddr
,
670 if (ifp
->flags
& IFA_F_OPTIMISTIC
) {
680 optlen
+= ndisc_opt_addr_space(dev
, NDISC_ROUTER_SOLICITATION
);
682 skb
= ndisc_alloc_skb(dev
, sizeof(*msg
) + optlen
);
686 msg
= skb_put(skb
, sizeof(*msg
));
687 *msg
= (struct rs_msg
) {
689 .icmp6_type
= NDISC_ROUTER_SOLICITATION
,
694 ndisc_fill_addr_option(skb
, ND_OPT_SOURCE_LL_ADDR
,
696 NDISC_ROUTER_SOLICITATION
);
698 ndisc_send_skb(skb
, daddr
, saddr
);
702 static void ndisc_error_report(struct neighbour
*neigh
, struct sk_buff
*skb
)
705 * "The sender MUST return an ICMP
706 * destination unreachable"
708 dst_link_failure(skb
);
712 /* Called with locked neigh: either read or both */
714 static void ndisc_solicit(struct neighbour
*neigh
, struct sk_buff
*skb
)
716 struct in6_addr
*saddr
= NULL
;
717 struct in6_addr mcaddr
;
718 struct net_device
*dev
= neigh
->dev
;
719 struct in6_addr
*target
= (struct in6_addr
*)&neigh
->primary_key
;
720 int probes
= atomic_read(&neigh
->probes
);
722 if (skb
&& ipv6_chk_addr_and_flags(dev_net(dev
), &ipv6_hdr(skb
)->saddr
,
724 IFA_F_TENTATIVE
|IFA_F_OPTIMISTIC
))
725 saddr
= &ipv6_hdr(skb
)->saddr
;
726 probes
-= NEIGH_VAR(neigh
->parms
, UCAST_PROBES
);
728 if (!(neigh
->nud_state
& NUD_VALID
)) {
730 "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
733 ndisc_send_ns(dev
, target
, target
, saddr
, 0);
734 } else if ((probes
-= NEIGH_VAR(neigh
->parms
, APP_PROBES
)) < 0) {
737 addrconf_addr_solict_mult(target
, &mcaddr
);
738 ndisc_send_ns(dev
, target
, &mcaddr
, saddr
, 0);
742 static int pndisc_is_router(const void *pkey
,
743 struct net_device
*dev
)
745 struct pneigh_entry
*n
;
748 read_lock_bh(&nd_tbl
.lock
);
749 n
= __pneigh_lookup(&nd_tbl
, dev_net(dev
), pkey
, dev
);
751 ret
= !!(n
->flags
& NTF_ROUTER
);
752 read_unlock_bh(&nd_tbl
.lock
);
757 void ndisc_update(const struct net_device
*dev
, struct neighbour
*neigh
,
758 const u8
*lladdr
, u8
new, u32 flags
, u8 icmp6_type
,
759 struct ndisc_options
*ndopts
)
761 neigh_update(neigh
, lladdr
, new, flags
, 0);
762 /* report ndisc ops about neighbour update */
763 ndisc_ops_update(dev
, neigh
, flags
, icmp6_type
, ndopts
);
766 static void ndisc_recv_ns(struct sk_buff
*skb
)
768 struct nd_msg
*msg
= (struct nd_msg
*)skb_transport_header(skb
);
769 const struct in6_addr
*saddr
= &ipv6_hdr(skb
)->saddr
;
770 const struct in6_addr
*daddr
= &ipv6_hdr(skb
)->daddr
;
772 u32 ndoptlen
= skb_tail_pointer(skb
) - (skb_transport_header(skb
) +
773 offsetof(struct nd_msg
, opt
));
774 struct ndisc_options ndopts
;
775 struct net_device
*dev
= skb
->dev
;
776 struct inet6_ifaddr
*ifp
;
777 struct inet6_dev
*idev
= NULL
;
778 struct neighbour
*neigh
;
779 int dad
= ipv6_addr_any(saddr
);
784 if (skb
->len
< sizeof(struct nd_msg
)) {
785 ND_PRINTK(2, warn
, "NS: packet too short\n");
789 if (ipv6_addr_is_multicast(&msg
->target
)) {
790 ND_PRINTK(2, warn
, "NS: multicast target address\n");
796 * DAD has to be destined for solicited node multicast address.
798 if (dad
&& !ipv6_addr_is_solict_mult(daddr
)) {
799 ND_PRINTK(2, warn
, "NS: bad DAD packet (wrong destination)\n");
803 if (!ndisc_parse_options(dev
, msg
->opt
, ndoptlen
, &ndopts
)) {
804 ND_PRINTK(2, warn
, "NS: invalid ND options\n");
808 if (ndopts
.nd_opts_src_lladdr
) {
809 lladdr
= ndisc_opt_addr_data(ndopts
.nd_opts_src_lladdr
, dev
);
812 "NS: invalid link-layer address length\n");
817 * If the IP source address is the unspecified address,
818 * there MUST NOT be source link-layer address option
823 "NS: bad DAD packet (link-layer address option)\n");
827 if (ndopts
.nd_opts_nonce
&& ndopts
.nd_opts_nonce
->nd_opt_len
== 1)
828 memcpy(&nonce
, (u8
*)(ndopts
.nd_opts_nonce
+ 1), 6);
830 inc
= ipv6_addr_is_multicast(daddr
);
832 ifp
= ipv6_get_ifaddr(dev_net(dev
), &msg
->target
, dev
, 1);
835 if (ifp
->flags
& (IFA_F_TENTATIVE
|IFA_F_OPTIMISTIC
)) {
837 if (nonce
!= 0 && ifp
->dad_nonce
== nonce
) {
838 u8
*np
= (u8
*)&nonce
;
839 /* Matching nonce if looped back */
841 "%s: IPv6 DAD loopback for address %pI6c nonce %pM ignored\n",
842 ifp
->idev
->dev
->name
,
847 * We are colliding with another node
849 * so fail our DAD process
851 addrconf_dad_failure(skb
, ifp
);
855 * This is not a dad solicitation.
856 * If we are an optimistic node,
858 * Otherwise, we should ignore it.
860 if (!(ifp
->flags
& IFA_F_OPTIMISTIC
))
867 struct net
*net
= dev_net(dev
);
869 /* perhaps an address on the master device */
870 if (netif_is_l3_slave(dev
)) {
871 struct net_device
*mdev
;
873 mdev
= netdev_master_upper_dev_get_rcu(dev
);
875 ifp
= ipv6_get_ifaddr(net
, &msg
->target
, mdev
, 1);
881 idev
= in6_dev_get(dev
);
883 /* XXX: count this drop? */
887 if (ipv6_chk_acast_addr(net
, dev
, &msg
->target
) ||
888 (idev
->cnf
.forwarding
&&
889 (net
->ipv6
.devconf_all
->proxy_ndp
|| idev
->cnf
.proxy_ndp
) &&
890 (is_router
= pndisc_is_router(&msg
->target
, dev
)) >= 0)) {
891 if (!(NEIGH_CB(skb
)->flags
& LOCALLY_ENQUEUED
) &&
892 skb
->pkt_type
!= PACKET_HOST
&&
894 NEIGH_VAR(idev
->nd_parms
, PROXY_DELAY
) != 0) {
896 * for anycast or proxy,
897 * sender should delay its response
898 * by a random time between 0 and
899 * MAX_ANYCAST_DELAY_TIME seconds.
900 * (RFC2461) -- yoshfuji
902 struct sk_buff
*n
= skb_clone(skb
, GFP_ATOMIC
);
904 pneigh_enqueue(&nd_tbl
, idev
->nd_parms
, n
);
912 is_router
= idev
->cnf
.forwarding
;
915 ndisc_send_na(dev
, &in6addr_linklocal_allnodes
, &msg
->target
,
916 !!is_router
, false, (ifp
!= NULL
), true);
921 NEIGH_CACHE_STAT_INC(&nd_tbl
, rcv_probes_mcast
);
923 NEIGH_CACHE_STAT_INC(&nd_tbl
, rcv_probes_ucast
);
926 * update / create cache entry
927 * for the source address
929 neigh
= __neigh_lookup(&nd_tbl
, saddr
, dev
,
930 !inc
|| lladdr
|| !dev
->addr_len
);
932 ndisc_update(dev
, neigh
, lladdr
, NUD_STALE
,
933 NEIGH_UPDATE_F_WEAK_OVERRIDE
|
934 NEIGH_UPDATE_F_OVERRIDE
,
935 NDISC_NEIGHBOUR_SOLICITATION
, &ndopts
);
936 if (neigh
|| !dev
->header_ops
) {
937 ndisc_send_na(dev
, saddr
, &msg
->target
, !!is_router
,
938 true, (ifp
!= NULL
&& inc
), inc
);
940 neigh_release(neigh
);
950 static void ndisc_recv_na(struct sk_buff
*skb
)
952 struct nd_msg
*msg
= (struct nd_msg
*)skb_transport_header(skb
);
953 struct in6_addr
*saddr
= &ipv6_hdr(skb
)->saddr
;
954 const struct in6_addr
*daddr
= &ipv6_hdr(skb
)->daddr
;
956 u32 ndoptlen
= skb_tail_pointer(skb
) - (skb_transport_header(skb
) +
957 offsetof(struct nd_msg
, opt
));
958 struct ndisc_options ndopts
;
959 struct net_device
*dev
= skb
->dev
;
960 struct inet6_dev
*idev
= __in6_dev_get(dev
);
961 struct inet6_ifaddr
*ifp
;
962 struct neighbour
*neigh
;
964 if (skb
->len
< sizeof(struct nd_msg
)) {
965 ND_PRINTK(2, warn
, "NA: packet too short\n");
969 if (ipv6_addr_is_multicast(&msg
->target
)) {
970 ND_PRINTK(2, warn
, "NA: target address is multicast\n");
974 if (ipv6_addr_is_multicast(daddr
) &&
975 msg
->icmph
.icmp6_solicited
) {
976 ND_PRINTK(2, warn
, "NA: solicited NA is multicasted\n");
980 /* For some 802.11 wireless deployments (and possibly other networks),
981 * there will be a NA proxy and unsolicitd packets are attacks
982 * and thus should not be accepted.
984 if (!msg
->icmph
.icmp6_solicited
&& idev
&&
985 idev
->cnf
.drop_unsolicited_na
)
988 if (!ndisc_parse_options(dev
, msg
->opt
, ndoptlen
, &ndopts
)) {
989 ND_PRINTK(2, warn
, "NS: invalid ND option\n");
992 if (ndopts
.nd_opts_tgt_lladdr
) {
993 lladdr
= ndisc_opt_addr_data(ndopts
.nd_opts_tgt_lladdr
, dev
);
996 "NA: invalid link-layer address length\n");
1000 ifp
= ipv6_get_ifaddr(dev_net(dev
), &msg
->target
, dev
, 1);
1002 if (skb
->pkt_type
!= PACKET_LOOPBACK
1003 && (ifp
->flags
& IFA_F_TENTATIVE
)) {
1004 addrconf_dad_failure(skb
, ifp
);
1007 /* What should we make now? The advertisement
1008 is invalid, but ndisc specs say nothing
1009 about it. It could be misconfiguration, or
1010 an smart proxy agent tries to help us :-)
1012 We should not print the error if NA has been
1013 received from loopback - it is just our own
1014 unsolicited advertisement.
1016 if (skb
->pkt_type
!= PACKET_LOOPBACK
)
1018 "NA: %pM advertised our address %pI6c on %s!\n",
1019 eth_hdr(skb
)->h_source
, &ifp
->addr
, ifp
->idev
->dev
->name
);
1023 neigh
= neigh_lookup(&nd_tbl
, &msg
->target
, dev
);
1026 u8 old_flags
= neigh
->flags
;
1027 struct net
*net
= dev_net(dev
);
1029 if (neigh
->nud_state
& NUD_FAILED
)
1033 * Don't update the neighbor cache entry on a proxy NA from
1034 * ourselves because either the proxied node is off link or it
1035 * has already sent a NA to us.
1037 if (lladdr
&& !memcmp(lladdr
, dev
->dev_addr
, dev
->addr_len
) &&
1038 net
->ipv6
.devconf_all
->forwarding
&& net
->ipv6
.devconf_all
->proxy_ndp
&&
1039 pneigh_lookup(&nd_tbl
, net
, &msg
->target
, dev
, 0)) {
1040 /* XXX: idev->cnf.proxy_ndp */
1044 ndisc_update(dev
, neigh
, lladdr
,
1045 msg
->icmph
.icmp6_solicited
? NUD_REACHABLE
: NUD_STALE
,
1046 NEIGH_UPDATE_F_WEAK_OVERRIDE
|
1047 (msg
->icmph
.icmp6_override
? NEIGH_UPDATE_F_OVERRIDE
: 0)|
1048 NEIGH_UPDATE_F_OVERRIDE_ISROUTER
|
1049 (msg
->icmph
.icmp6_router
? NEIGH_UPDATE_F_ISROUTER
: 0),
1050 NDISC_NEIGHBOUR_ADVERTISEMENT
, &ndopts
);
1052 if ((old_flags
& ~neigh
->flags
) & NTF_ROUTER
) {
1054 * Change: router to host
1056 rt6_clean_tohost(dev_net(dev
), saddr
);
1060 neigh_release(neigh
);
1064 static void ndisc_recv_rs(struct sk_buff
*skb
)
1066 struct rs_msg
*rs_msg
= (struct rs_msg
*)skb_transport_header(skb
);
1067 unsigned long ndoptlen
= skb
->len
- sizeof(*rs_msg
);
1068 struct neighbour
*neigh
;
1069 struct inet6_dev
*idev
;
1070 const struct in6_addr
*saddr
= &ipv6_hdr(skb
)->saddr
;
1071 struct ndisc_options ndopts
;
1074 if (skb
->len
< sizeof(*rs_msg
))
1077 idev
= __in6_dev_get(skb
->dev
);
1079 ND_PRINTK(1, err
, "RS: can't find in6 device\n");
1083 /* Don't accept RS if we're not in router mode */
1084 if (!idev
->cnf
.forwarding
)
1088 * Don't update NCE if src = ::;
1089 * this implies that the source node has no ip address assigned yet.
1091 if (ipv6_addr_any(saddr
))
1094 /* Parse ND options */
1095 if (!ndisc_parse_options(skb
->dev
, rs_msg
->opt
, ndoptlen
, &ndopts
)) {
1096 ND_PRINTK(2, notice
, "NS: invalid ND option, ignored\n");
1100 if (ndopts
.nd_opts_src_lladdr
) {
1101 lladdr
= ndisc_opt_addr_data(ndopts
.nd_opts_src_lladdr
,
1107 neigh
= __neigh_lookup(&nd_tbl
, saddr
, skb
->dev
, 1);
1109 ndisc_update(skb
->dev
, neigh
, lladdr
, NUD_STALE
,
1110 NEIGH_UPDATE_F_WEAK_OVERRIDE
|
1111 NEIGH_UPDATE_F_OVERRIDE
|
1112 NEIGH_UPDATE_F_OVERRIDE_ISROUTER
,
1113 NDISC_ROUTER_SOLICITATION
, &ndopts
);
1114 neigh_release(neigh
);
1120 static void ndisc_ra_useropt(struct sk_buff
*ra
, struct nd_opt_hdr
*opt
)
1122 struct icmp6hdr
*icmp6h
= (struct icmp6hdr
*)skb_transport_header(ra
);
1123 struct sk_buff
*skb
;
1124 struct nlmsghdr
*nlh
;
1125 struct nduseroptmsg
*ndmsg
;
1126 struct net
*net
= dev_net(ra
->dev
);
1128 int base_size
= NLMSG_ALIGN(sizeof(struct nduseroptmsg
)
1129 + (opt
->nd_opt_len
<< 3));
1130 size_t msg_size
= base_size
+ nla_total_size(sizeof(struct in6_addr
));
1132 skb
= nlmsg_new(msg_size
, GFP_ATOMIC
);
1138 nlh
= nlmsg_put(skb
, 0, 0, RTM_NEWNDUSEROPT
, base_size
, 0);
1140 goto nla_put_failure
;
1143 ndmsg
= nlmsg_data(nlh
);
1144 ndmsg
->nduseropt_family
= AF_INET6
;
1145 ndmsg
->nduseropt_ifindex
= ra
->dev
->ifindex
;
1146 ndmsg
->nduseropt_icmp_type
= icmp6h
->icmp6_type
;
1147 ndmsg
->nduseropt_icmp_code
= icmp6h
->icmp6_code
;
1148 ndmsg
->nduseropt_opts_len
= opt
->nd_opt_len
<< 3;
1150 memcpy(ndmsg
+ 1, opt
, opt
->nd_opt_len
<< 3);
1152 if (nla_put_in6_addr(skb
, NDUSEROPT_SRCADDR
, &ipv6_hdr(ra
)->saddr
))
1153 goto nla_put_failure
;
1154 nlmsg_end(skb
, nlh
);
1156 rtnl_notify(skb
, net
, 0, RTNLGRP_ND_USEROPT
, NULL
, GFP_ATOMIC
);
1163 rtnl_set_sk_err(net
, RTNLGRP_ND_USEROPT
, err
);
1166 static void ndisc_router_discovery(struct sk_buff
*skb
)
1168 struct ra_msg
*ra_msg
= (struct ra_msg
*)skb_transport_header(skb
);
1169 struct neighbour
*neigh
= NULL
;
1170 struct inet6_dev
*in6_dev
;
1171 struct fib6_info
*rt
= NULL
;
1174 struct ndisc_options ndopts
;
1176 unsigned int pref
= 0;
1178 bool send_ifinfo_notify
= false;
1180 __u8
*opt
= (__u8
*)(ra_msg
+ 1);
1182 optlen
= (skb_tail_pointer(skb
) - skb_transport_header(skb
)) -
1183 sizeof(struct ra_msg
);
1186 "RA: %s, dev: %s\n",
1187 __func__
, skb
->dev
->name
);
1188 if (!(ipv6_addr_type(&ipv6_hdr(skb
)->saddr
) & IPV6_ADDR_LINKLOCAL
)) {
1189 ND_PRINTK(2, warn
, "RA: source address is not link-local\n");
1193 ND_PRINTK(2, warn
, "RA: packet too short\n");
1197 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1198 if (skb
->ndisc_nodetype
== NDISC_NODETYPE_HOST
) {
1199 ND_PRINTK(2, warn
, "RA: from host or unauthorized router\n");
1205 * set the RA_RECV flag in the interface
1208 in6_dev
= __in6_dev_get(skb
->dev
);
1210 ND_PRINTK(0, err
, "RA: can't find inet6 device for %s\n",
1215 if (!ndisc_parse_options(skb
->dev
, opt
, optlen
, &ndopts
)) {
1216 ND_PRINTK(2, warn
, "RA: invalid ND options\n");
1220 if (!ipv6_accept_ra(in6_dev
)) {
1222 "RA: %s, did not accept ra for dev: %s\n",
1223 __func__
, skb
->dev
->name
);
1224 goto skip_linkparms
;
1227 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1228 /* skip link-specific parameters from interior routers */
1229 if (skb
->ndisc_nodetype
== NDISC_NODETYPE_NODEFAULT
) {
1231 "RA: %s, nodetype is NODEFAULT, dev: %s\n",
1232 __func__
, skb
->dev
->name
);
1233 goto skip_linkparms
;
1237 if (in6_dev
->if_flags
& IF_RS_SENT
) {
1239 * flag that an RA was received after an RS was sent
1240 * out on this interface.
1242 in6_dev
->if_flags
|= IF_RA_RCVD
;
1246 * Remember the managed/otherconf flags from most recently
1247 * received RA message (RFC 2462) -- yoshfuji
1249 old_if_flags
= in6_dev
->if_flags
;
1250 in6_dev
->if_flags
= (in6_dev
->if_flags
& ~(IF_RA_MANAGED
|
1252 (ra_msg
->icmph
.icmp6_addrconf_managed
?
1253 IF_RA_MANAGED
: 0) |
1254 (ra_msg
->icmph
.icmp6_addrconf_other
?
1255 IF_RA_OTHERCONF
: 0);
1257 if (old_if_flags
!= in6_dev
->if_flags
)
1258 send_ifinfo_notify
= true;
1260 if (!in6_dev
->cnf
.accept_ra_defrtr
) {
1262 "RA: %s, defrtr is false for dev: %s\n",
1263 __func__
, skb
->dev
->name
);
1267 /* Do not accept RA with source-addr found on local machine unless
1268 * accept_ra_from_local is set to true.
1270 net
= dev_net(in6_dev
->dev
);
1271 if (!in6_dev
->cnf
.accept_ra_from_local
&&
1272 ipv6_chk_addr(net
, &ipv6_hdr(skb
)->saddr
, in6_dev
->dev
, 0)) {
1274 "RA from local address detected on dev: %s: default router ignored\n",
1279 lifetime
= ntohs(ra_msg
->icmph
.icmp6_rt_lifetime
);
1281 #ifdef CONFIG_IPV6_ROUTER_PREF
1282 pref
= ra_msg
->icmph
.icmp6_router_pref
;
1283 /* 10b is handled as if it were 00b (medium) */
1284 if (pref
== ICMPV6_ROUTER_PREF_INVALID
||
1285 !in6_dev
->cnf
.accept_ra_rtr_pref
)
1286 pref
= ICMPV6_ROUTER_PREF_MEDIUM
;
1289 rt
= rt6_get_dflt_router(net
, &ipv6_hdr(skb
)->saddr
, skb
->dev
);
1292 neigh
= ip6_neigh_lookup(&rt
->fib6_nh
.fib_nh_gw6
,
1293 rt
->fib6_nh
.fib_nh_dev
, NULL
,
1294 &ipv6_hdr(skb
)->saddr
);
1297 "RA: %s got default router without neighbour\n",
1299 fib6_info_release(rt
);
1303 if (rt
&& lifetime
== 0) {
1304 ip6_del_rt(net
, rt
);
1308 ND_PRINTK(3, info
, "RA: rt: %p lifetime: %d, for dev: %s\n",
1309 rt
, lifetime
, skb
->dev
->name
);
1310 if (!rt
&& lifetime
) {
1311 ND_PRINTK(3, info
, "RA: adding default router\n");
1313 rt
= rt6_add_dflt_router(net
, &ipv6_hdr(skb
)->saddr
,
1317 "RA: %s failed to add default route\n",
1322 neigh
= ip6_neigh_lookup(&rt
->fib6_nh
.fib_nh_gw6
,
1323 rt
->fib6_nh
.fib_nh_dev
, NULL
,
1324 &ipv6_hdr(skb
)->saddr
);
1327 "RA: %s got default router without neighbour\n",
1329 fib6_info_release(rt
);
1332 neigh
->flags
|= NTF_ROUTER
;
1334 rt
->fib6_flags
= (rt
->fib6_flags
& ~RTF_PREF_MASK
) | RTF_PREF(pref
);
1338 fib6_set_expires(rt
, jiffies
+ (HZ
* lifetime
));
1339 if (in6_dev
->cnf
.accept_ra_min_hop_limit
< 256 &&
1340 ra_msg
->icmph
.icmp6_hop_limit
) {
1341 if (in6_dev
->cnf
.accept_ra_min_hop_limit
<= ra_msg
->icmph
.icmp6_hop_limit
) {
1342 in6_dev
->cnf
.hop_limit
= ra_msg
->icmph
.icmp6_hop_limit
;
1343 fib6_metric_set(rt
, RTAX_HOPLIMIT
,
1344 ra_msg
->icmph
.icmp6_hop_limit
);
1346 ND_PRINTK(2, warn
, "RA: Got route advertisement with lower hop_limit than minimum\n");
1353 * Update Reachable Time and Retrans Timer
1356 if (in6_dev
->nd_parms
) {
1357 unsigned long rtime
= ntohl(ra_msg
->retrans_timer
);
1359 if (rtime
&& rtime
/1000 < MAX_SCHEDULE_TIMEOUT
/HZ
) {
1360 rtime
= (rtime
*HZ
)/1000;
1363 NEIGH_VAR_SET(in6_dev
->nd_parms
, RETRANS_TIME
, rtime
);
1364 in6_dev
->tstamp
= jiffies
;
1365 send_ifinfo_notify
= true;
1368 rtime
= ntohl(ra_msg
->reachable_time
);
1369 if (rtime
&& rtime
/1000 < MAX_SCHEDULE_TIMEOUT
/(3*HZ
)) {
1370 rtime
= (rtime
*HZ
)/1000;
1375 if (rtime
!= NEIGH_VAR(in6_dev
->nd_parms
, BASE_REACHABLE_TIME
)) {
1376 NEIGH_VAR_SET(in6_dev
->nd_parms
,
1377 BASE_REACHABLE_TIME
, rtime
);
1378 NEIGH_VAR_SET(in6_dev
->nd_parms
,
1379 GC_STALETIME
, 3 * rtime
);
1380 in6_dev
->nd_parms
->reachable_time
= neigh_rand_reach_time(rtime
);
1381 in6_dev
->tstamp
= jiffies
;
1382 send_ifinfo_notify
= true;
1388 * Send a notify if RA changed managed/otherconf flags or timer settings
1390 if (send_ifinfo_notify
)
1391 inet6_ifinfo_notify(RTM_NEWLINK
, in6_dev
);
1400 neigh
= __neigh_lookup(&nd_tbl
, &ipv6_hdr(skb
)->saddr
,
1404 if (ndopts
.nd_opts_src_lladdr
) {
1405 lladdr
= ndisc_opt_addr_data(ndopts
.nd_opts_src_lladdr
,
1409 "RA: invalid link-layer address length\n");
1413 ndisc_update(skb
->dev
, neigh
, lladdr
, NUD_STALE
,
1414 NEIGH_UPDATE_F_WEAK_OVERRIDE
|
1415 NEIGH_UPDATE_F_OVERRIDE
|
1416 NEIGH_UPDATE_F_OVERRIDE_ISROUTER
|
1417 NEIGH_UPDATE_F_ISROUTER
,
1418 NDISC_ROUTER_ADVERTISEMENT
, &ndopts
);
1421 if (!ipv6_accept_ra(in6_dev
)) {
1423 "RA: %s, accept_ra is false for dev: %s\n",
1424 __func__
, skb
->dev
->name
);
1428 #ifdef CONFIG_IPV6_ROUTE_INFO
1429 if (!in6_dev
->cnf
.accept_ra_from_local
&&
1430 ipv6_chk_addr(dev_net(in6_dev
->dev
), &ipv6_hdr(skb
)->saddr
,
1433 "RA from local address detected on dev: %s: router info ignored.\n",
1435 goto skip_routeinfo
;
1438 if (in6_dev
->cnf
.accept_ra_rtr_pref
&& ndopts
.nd_opts_ri
) {
1439 struct nd_opt_hdr
*p
;
1440 for (p
= ndopts
.nd_opts_ri
;
1442 p
= ndisc_next_option(p
, ndopts
.nd_opts_ri_end
)) {
1443 struct route_info
*ri
= (struct route_info
*)p
;
1444 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1445 if (skb
->ndisc_nodetype
== NDISC_NODETYPE_NODEFAULT
&&
1446 ri
->prefix_len
== 0)
1449 if (ri
->prefix_len
== 0 &&
1450 !in6_dev
->cnf
.accept_ra_defrtr
)
1452 if (ri
->prefix_len
< in6_dev
->cnf
.accept_ra_rt_info_min_plen
)
1454 if (ri
->prefix_len
> in6_dev
->cnf
.accept_ra_rt_info_max_plen
)
1456 rt6_route_rcv(skb
->dev
, (u8
*)p
, (p
->nd_opt_len
) << 3,
1457 &ipv6_hdr(skb
)->saddr
);
1464 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1465 /* skip link-specific ndopts from interior routers */
1466 if (skb
->ndisc_nodetype
== NDISC_NODETYPE_NODEFAULT
) {
1468 "RA: %s, nodetype is NODEFAULT (interior routes), dev: %s\n",
1469 __func__
, skb
->dev
->name
);
1474 if (in6_dev
->cnf
.accept_ra_pinfo
&& ndopts
.nd_opts_pi
) {
1475 struct nd_opt_hdr
*p
;
1476 for (p
= ndopts
.nd_opts_pi
;
1478 p
= ndisc_next_option(p
, ndopts
.nd_opts_pi_end
)) {
1479 addrconf_prefix_rcv(skb
->dev
, (u8
*)p
,
1480 (p
->nd_opt_len
) << 3,
1481 ndopts
.nd_opts_src_lladdr
!= NULL
);
1485 if (ndopts
.nd_opts_mtu
&& in6_dev
->cnf
.accept_ra_mtu
) {
1489 memcpy(&n
, ((u8
*)(ndopts
.nd_opts_mtu
+1))+2, sizeof(mtu
));
1492 if (mtu
< IPV6_MIN_MTU
|| mtu
> skb
->dev
->mtu
) {
1493 ND_PRINTK(2, warn
, "RA: invalid mtu: %d\n", mtu
);
1494 } else if (in6_dev
->cnf
.mtu6
!= mtu
) {
1495 in6_dev
->cnf
.mtu6
= mtu
;
1496 fib6_metric_set(rt
, RTAX_MTU
, mtu
);
1497 rt6_mtu_change(skb
->dev
, mtu
);
1501 if (ndopts
.nd_useropts
) {
1502 struct nd_opt_hdr
*p
;
1503 for (p
= ndopts
.nd_useropts
;
1505 p
= ndisc_next_useropt(skb
->dev
, p
,
1506 ndopts
.nd_useropts_end
)) {
1507 ndisc_ra_useropt(skb
, p
);
1511 if (ndopts
.nd_opts_tgt_lladdr
|| ndopts
.nd_opts_rh
) {
1512 ND_PRINTK(2, warn
, "RA: invalid RA options\n");
1515 fib6_info_release(rt
);
1517 neigh_release(neigh
);
1520 static void ndisc_redirect_rcv(struct sk_buff
*skb
)
1523 struct ndisc_options ndopts
;
1524 struct rd_msg
*msg
= (struct rd_msg
*)skb_transport_header(skb
);
1525 u32 ndoptlen
= skb_tail_pointer(skb
) - (skb_transport_header(skb
) +
1526 offsetof(struct rd_msg
, opt
));
1528 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1529 switch (skb
->ndisc_nodetype
) {
1530 case NDISC_NODETYPE_HOST
:
1531 case NDISC_NODETYPE_NODEFAULT
:
1533 "Redirect: from host or unauthorized router\n");
1538 if (!(ipv6_addr_type(&ipv6_hdr(skb
)->saddr
) & IPV6_ADDR_LINKLOCAL
)) {
1540 "Redirect: source address is not link-local\n");
1544 if (!ndisc_parse_options(skb
->dev
, msg
->opt
, ndoptlen
, &ndopts
))
1547 if (!ndopts
.nd_opts_rh
) {
1548 ip6_redirect_no_header(skb
, dev_net(skb
->dev
),
1553 hdr
= (u8
*)ndopts
.nd_opts_rh
;
1555 if (!pskb_pull(skb
, hdr
- skb_transport_header(skb
)))
1558 icmpv6_notify(skb
, NDISC_REDIRECT
, 0, 0);
1561 static void ndisc_fill_redirect_hdr_option(struct sk_buff
*skb
,
1562 struct sk_buff
*orig_skb
,
1565 u8
*opt
= skb_put(skb
, rd_len
);
1568 *(opt
++) = ND_OPT_REDIRECT_HDR
;
1569 *(opt
++) = (rd_len
>> 3);
1572 skb_copy_bits(orig_skb
, skb_network_offset(orig_skb
), opt
,
1576 void ndisc_send_redirect(struct sk_buff
*skb
, const struct in6_addr
*target
)
1578 struct net_device
*dev
= skb
->dev
;
1579 struct net
*net
= dev_net(dev
);
1580 struct sock
*sk
= net
->ipv6
.ndisc_sk
;
1582 struct inet_peer
*peer
;
1583 struct sk_buff
*buff
;
1585 struct in6_addr saddr_buf
;
1586 struct rt6_info
*rt
;
1587 struct dst_entry
*dst
;
1590 u8 ha_buf
[MAX_ADDR_LEN
], *ha
= NULL
,
1591 ops_data_buf
[NDISC_OPS_REDIRECT_DATA_SPACE
], *ops_data
= NULL
;
1594 if (netif_is_l3_master(skb
->dev
)) {
1595 dev
= __dev_get_by_index(dev_net(skb
->dev
), IPCB(skb
)->iif
);
1600 if (ipv6_get_lladdr(dev
, &saddr_buf
, IFA_F_TENTATIVE
)) {
1601 ND_PRINTK(2, warn
, "Redirect: no link-local address on %s\n",
1606 if (!ipv6_addr_equal(&ipv6_hdr(skb
)->daddr
, target
) &&
1607 ipv6_addr_type(target
) != (IPV6_ADDR_UNICAST
|IPV6_ADDR_LINKLOCAL
)) {
1609 "Redirect: target address is not link-local unicast\n");
1613 icmpv6_flow_init(sk
, &fl6
, NDISC_REDIRECT
,
1614 &saddr_buf
, &ipv6_hdr(skb
)->saddr
, dev
->ifindex
);
1616 dst
= ip6_route_output(net
, NULL
, &fl6
);
1621 dst
= xfrm_lookup(net
, dst
, flowi6_to_flowi(&fl6
), NULL
, 0);
1625 rt
= (struct rt6_info
*) dst
;
1627 if (rt
->rt6i_flags
& RTF_GATEWAY
) {
1629 "Redirect: destination is not a neighbour\n");
1632 peer
= inet_getpeer_v6(net
->ipv6
.peers
, &ipv6_hdr(skb
)->saddr
, 1);
1633 ret
= inet_peer_xrlim_allow(peer
, 1*HZ
);
1639 if (dev
->addr_len
) {
1640 struct neighbour
*neigh
= dst_neigh_lookup(skb_dst(skb
), target
);
1643 "Redirect: no neigh for target address\n");
1647 read_lock_bh(&neigh
->lock
);
1648 if (neigh
->nud_state
& NUD_VALID
) {
1649 memcpy(ha_buf
, neigh
->ha
, dev
->addr_len
);
1650 read_unlock_bh(&neigh
->lock
);
1652 optlen
+= ndisc_redirect_opt_addr_space(dev
, neigh
,
1656 read_unlock_bh(&neigh
->lock
);
1658 neigh_release(neigh
);
1661 rd_len
= min_t(unsigned int,
1662 IPV6_MIN_MTU
- sizeof(struct ipv6hdr
) - sizeof(*msg
) - optlen
,
1667 buff
= ndisc_alloc_skb(dev
, sizeof(*msg
) + optlen
);
1671 msg
= skb_put(buff
, sizeof(*msg
));
1672 *msg
= (struct rd_msg
) {
1674 .icmp6_type
= NDISC_REDIRECT
,
1677 .dest
= ipv6_hdr(skb
)->daddr
,
1681 * include target_address option
1685 ndisc_fill_redirect_addr_option(buff
, ha
, ops_data
);
1688 * build redirect option and copy skb over to the new packet.
1692 ndisc_fill_redirect_hdr_option(buff
, skb
, rd_len
);
1694 skb_dst_set(buff
, dst
);
1695 ndisc_send_skb(buff
, &ipv6_hdr(skb
)->saddr
, &saddr_buf
);
1702 static void pndisc_redo(struct sk_buff
*skb
)
1708 static bool ndisc_suppress_frag_ndisc(struct sk_buff
*skb
)
1710 struct inet6_dev
*idev
= __in6_dev_get(skb
->dev
);
1714 if (IP6CB(skb
)->flags
& IP6SKB_FRAGMENTED
&&
1715 idev
->cnf
.suppress_frag_ndisc
) {
1716 net_warn_ratelimited("Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.\n");
1722 int ndisc_rcv(struct sk_buff
*skb
)
1726 if (ndisc_suppress_frag_ndisc(skb
))
1729 if (skb_linearize(skb
))
1732 msg
= (struct nd_msg
*)skb_transport_header(skb
);
1734 __skb_push(skb
, skb
->data
- skb_transport_header(skb
));
1736 if (ipv6_hdr(skb
)->hop_limit
!= 255) {
1737 ND_PRINTK(2, warn
, "NDISC: invalid hop-limit: %d\n",
1738 ipv6_hdr(skb
)->hop_limit
);
1742 if (msg
->icmph
.icmp6_code
!= 0) {
1743 ND_PRINTK(2, warn
, "NDISC: invalid ICMPv6 code: %d\n",
1744 msg
->icmph
.icmp6_code
);
1748 switch (msg
->icmph
.icmp6_type
) {
1749 case NDISC_NEIGHBOUR_SOLICITATION
:
1750 memset(NEIGH_CB(skb
), 0, sizeof(struct neighbour_cb
));
1754 case NDISC_NEIGHBOUR_ADVERTISEMENT
:
1758 case NDISC_ROUTER_SOLICITATION
:
1762 case NDISC_ROUTER_ADVERTISEMENT
:
1763 ndisc_router_discovery(skb
);
1766 case NDISC_REDIRECT
:
1767 ndisc_redirect_rcv(skb
);
1774 static int ndisc_netdev_event(struct notifier_block
*this, unsigned long event
, void *ptr
)
1776 struct net_device
*dev
= netdev_notifier_info_to_dev(ptr
);
1777 struct netdev_notifier_change_info
*change_info
;
1778 struct net
*net
= dev_net(dev
);
1779 struct inet6_dev
*idev
;
1782 case NETDEV_CHANGEADDR
:
1783 neigh_changeaddr(&nd_tbl
, dev
);
1784 fib6_run_gc(0, net
, false);
1787 idev
= in6_dev_get(dev
);
1790 if (idev
->cnf
.ndisc_notify
||
1791 net
->ipv6
.devconf_all
->ndisc_notify
)
1792 ndisc_send_unsol_na(dev
);
1797 if (change_info
->flags_changed
& IFF_NOARP
)
1798 neigh_changeaddr(&nd_tbl
, dev
);
1799 if (!netif_carrier_ok(dev
))
1800 neigh_carrier_down(&nd_tbl
, dev
);
1803 neigh_ifdown(&nd_tbl
, dev
);
1804 fib6_run_gc(0, net
, false);
1806 case NETDEV_NOTIFY_PEERS
:
1807 ndisc_send_unsol_na(dev
);
1816 static struct notifier_block ndisc_netdev_notifier
= {
1817 .notifier_call
= ndisc_netdev_event
,
1818 .priority
= ADDRCONF_NOTIFY_PRIORITY
- 5,
1821 #ifdef CONFIG_SYSCTL
1822 static void ndisc_warn_deprecated_sysctl(struct ctl_table
*ctl
,
1823 const char *func
, const char *dev_name
)
1825 static char warncomm
[TASK_COMM_LEN
];
1827 if (strcmp(warncomm
, current
->comm
) && warned
< 5) {
1828 strcpy(warncomm
, current
->comm
);
1829 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1831 dev_name
, ctl
->procname
,
1832 dev_name
, ctl
->procname
);
1837 int ndisc_ifinfo_sysctl_change(struct ctl_table
*ctl
, int write
, void __user
*buffer
, size_t *lenp
, loff_t
*ppos
)
1839 struct net_device
*dev
= ctl
->extra1
;
1840 struct inet6_dev
*idev
;
1843 if ((strcmp(ctl
->procname
, "retrans_time") == 0) ||
1844 (strcmp(ctl
->procname
, "base_reachable_time") == 0))
1845 ndisc_warn_deprecated_sysctl(ctl
, "syscall", dev
? dev
->name
: "default");
1847 if (strcmp(ctl
->procname
, "retrans_time") == 0)
1848 ret
= neigh_proc_dointvec(ctl
, write
, buffer
, lenp
, ppos
);
1850 else if (strcmp(ctl
->procname
, "base_reachable_time") == 0)
1851 ret
= neigh_proc_dointvec_jiffies(ctl
, write
,
1852 buffer
, lenp
, ppos
);
1854 else if ((strcmp(ctl
->procname
, "retrans_time_ms") == 0) ||
1855 (strcmp(ctl
->procname
, "base_reachable_time_ms") == 0))
1856 ret
= neigh_proc_dointvec_ms_jiffies(ctl
, write
,
1857 buffer
, lenp
, ppos
);
1861 if (write
&& ret
== 0 && dev
&& (idev
= in6_dev_get(dev
)) != NULL
) {
1862 if (ctl
->data
== &NEIGH_VAR(idev
->nd_parms
, BASE_REACHABLE_TIME
))
1863 idev
->nd_parms
->reachable_time
=
1864 neigh_rand_reach_time(NEIGH_VAR(idev
->nd_parms
, BASE_REACHABLE_TIME
));
1865 idev
->tstamp
= jiffies
;
1866 inet6_ifinfo_notify(RTM_NEWLINK
, idev
);
1875 static int __net_init
ndisc_net_init(struct net
*net
)
1877 struct ipv6_pinfo
*np
;
1881 err
= inet_ctl_sock_create(&sk
, PF_INET6
,
1882 SOCK_RAW
, IPPROTO_ICMPV6
, net
);
1885 "NDISC: Failed to initialize the control socket (err %d)\n",
1890 net
->ipv6
.ndisc_sk
= sk
;
1893 np
->hop_limit
= 255;
1894 /* Do not loopback ndisc messages */
1900 static void __net_exit
ndisc_net_exit(struct net
*net
)
1902 inet_ctl_sock_destroy(net
->ipv6
.ndisc_sk
);
1905 static struct pernet_operations ndisc_net_ops
= {
1906 .init
= ndisc_net_init
,
1907 .exit
= ndisc_net_exit
,
1910 int __init
ndisc_init(void)
1914 err
= register_pernet_subsys(&ndisc_net_ops
);
1918 * Initialize the neighbour table
1920 neigh_table_init(NEIGH_ND_TABLE
, &nd_tbl
);
1922 #ifdef CONFIG_SYSCTL
1923 err
= neigh_sysctl_register(NULL
, &nd_tbl
.parms
,
1924 ndisc_ifinfo_sysctl_change
);
1926 goto out_unregister_pernet
;
1931 #ifdef CONFIG_SYSCTL
1932 out_unregister_pernet
:
1933 unregister_pernet_subsys(&ndisc_net_ops
);
1938 int __init
ndisc_late_init(void)
1940 return register_netdevice_notifier(&ndisc_netdev_notifier
);
1943 void ndisc_late_cleanup(void)
1945 unregister_netdevice_notifier(&ndisc_netdev_notifier
);
1948 void ndisc_cleanup(void)
1950 #ifdef CONFIG_SYSCTL
1951 neigh_sysctl_unregister(&nd_tbl
.parms
);
1953 neigh_table_clear(NEIGH_ND_TABLE
, &nd_tbl
);
1954 unregister_pernet_subsys(&ndisc_net_ops
);