]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blob - net/ipv6/ndisc.c
projects / mirror_ubuntu-artful-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
ipv6: introduce neighbour discovery ops
[mirror_ubuntu-artful-kernel.git] / net / ipv6 / ndisc.c
1 /*
2 * Neighbour Discovery for IPv6
3 * Linux INET6 implementation
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 * Mike Shaver <shaver@ingenia.com>
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version
12 * 2 of the License, or (at your option) any later version.
13 */
14
15 /*
16 * Changes:
17 *
18 * Alexey I. Froloff : RFC6106 (DNSSL) support
19 * Pierre Ynard : export userland ND options
20 * through netlink (RDNSS support)
21 * Lars Fenneberg : fixed MTU setting on receipt
22 * of an RA.
23 * Janos Farkas : kmalloc failure checks
24 * Alexey Kuznetsov : state machine reworked
25 * and moved to net/core.
26 * Pekka Savola : RFC2461 validation
27 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly
28 */
29
30 #define pr_fmt(fmt) "ICMPv6: " fmt
31
32 #include <linux/module.h>
33 #include <linux/errno.h>
34 #include <linux/types.h>
35 #include <linux/socket.h>
36 #include <linux/sockios.h>
37 #include <linux/sched.h>
38 #include <linux/net.h>
39 #include <linux/in6.h>
40 #include <linux/route.h>
41 #include <linux/init.h>
42 #include <linux/rcupdate.h>
43 #include <linux/slab.h>
44 #ifdef CONFIG_SYSCTL
45 #include <linux/sysctl.h>
46 #endif
47
48 #include <linux/if_addr.h>
49 #include <linux/if_arp.h>
50 #include <linux/ipv6.h>
51 #include <linux/icmpv6.h>
52 #include <linux/jhash.h>
53
54 #include <net/sock.h>
55 #include <net/snmp.h>
56
57 #include <net/ipv6.h>
58 #include <net/protocol.h>
59 #include <net/ndisc.h>
60 #include <net/ip6_route.h>
61 #include <net/addrconf.h>
62 #include <net/icmp.h>
63
64 #include <net/netlink.h>
65 #include <linux/rtnetlink.h>
66
67 #include <net/flow.h>
68 #include <net/ip6_checksum.h>
69 #include <net/inet_common.h>
70 #include <net/l3mdev.h>
71 #include <linux/proc_fs.h>
72
73 #include <linux/netfilter.h>
74 #include <linux/netfilter_ipv6.h>
75
76 /* Set to 3 to get tracing... */
77 #define ND_DEBUG 1
78
79 #define ND_PRINTK(val, level, fmt, ...) \
80 do { \
81 if (val <= ND_DEBUG) \
82 net_##level##_ratelimited(fmt, ##__VA_ARGS__); \
83 } while (0)
84
85 static u32 ndisc_hash(const void *pkey,
86 const struct net_device *dev,
87 __u32 *hash_rnd);
88 static bool ndisc_key_eq(const struct neighbour *neigh, const void *pkey);
89 static int ndisc_constructor(struct neighbour *neigh);
90 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
91 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
92 static int pndisc_constructor(struct pneigh_entry *n);
93 static void pndisc_destructor(struct pneigh_entry *n);
94 static void pndisc_redo(struct sk_buff *skb);
95
96 static const struct neigh_ops ndisc_generic_ops = {
97 .family = AF_INET6,
98 .solicit = ndisc_solicit,
99 .error_report = ndisc_error_report,
100 .output = neigh_resolve_output,
101 .connected_output = neigh_connected_output,
102 };
103
104 static const struct neigh_ops ndisc_hh_ops = {
105 .family = AF_INET6,
106 .solicit = ndisc_solicit,
107 .error_report = ndisc_error_report,
108 .output = neigh_resolve_output,
109 .connected_output = neigh_resolve_output,
110 };
111
112
113 static const struct neigh_ops ndisc_direct_ops = {
114 .family = AF_INET6,
115 .output = neigh_direct_output,
116 .connected_output = neigh_direct_output,
117 };
118
119 struct neigh_table nd_tbl = {
120 .family = AF_INET6,
121 .key_len = sizeof(struct in6_addr),
122 .protocol = cpu_to_be16(ETH_P_IPV6),
123 .hash = ndisc_hash,
124 .key_eq = ndisc_key_eq,
125 .constructor = ndisc_constructor,
126 .pconstructor = pndisc_constructor,
127 .pdestructor = pndisc_destructor,
128 .proxy_redo = pndisc_redo,
129 .id = "ndisc_cache",
130 .parms = {
131 .tbl = &nd_tbl,
132 .reachable_time = ND_REACHABLE_TIME,
133 .data = {
134 [NEIGH_VAR_MCAST_PROBES] = 3,
135 [NEIGH_VAR_UCAST_PROBES] = 3,
136 [NEIGH_VAR_RETRANS_TIME] = ND_RETRANS_TIMER,
137 [NEIGH_VAR_BASE_REACHABLE_TIME] = ND_REACHABLE_TIME,
138 [NEIGH_VAR_DELAY_PROBE_TIME] = 5 * HZ,
139 [NEIGH_VAR_GC_STALETIME] = 60 * HZ,
140 [NEIGH_VAR_QUEUE_LEN_BYTES] = 64 * 1024,
141 [NEIGH_VAR_PROXY_QLEN] = 64,
142 [NEIGH_VAR_ANYCAST_DELAY] = 1 * HZ,
143 [NEIGH_VAR_PROXY_DELAY] = (8 * HZ) / 10,
144 },
145 },
146 .gc_interval = 30 * HZ,
147 .gc_thresh1 = 128,
148 .gc_thresh2 = 512,
149 .gc_thresh3 = 1024,
150 };
151 EXPORT_SYMBOL_GPL(nd_tbl);
152
153 static void __ndisc_fill_addr_option(struct sk_buff *skb, int type, void *data,
154 int data_len, int pad)
155 {
156 int space = __ndisc_opt_addr_space(data_len, pad);
157 u8 *opt = skb_put(skb, space);
158
159 opt[0] = type;
160 opt[1] = space>>3;
161
162 memset(opt + 2, 0, pad);
163 opt += pad;
164 space -= pad;
165
166 memcpy(opt+2, data, data_len);
167 data_len += 2;
168 opt += data_len;
169 space -= data_len;
170 if (space > 0)
171 memset(opt, 0, space);
172 }
173
174 static inline void ndisc_fill_addr_option(struct sk_buff *skb, int type,
175 void *data, u8 icmp6_type)
176 {
177 __ndisc_fill_addr_option(skb, type, data, skb->dev->addr_len,
178 ndisc_addr_option_pad(skb->dev->type));
179 ndisc_ops_fill_addr_option(skb->dev, skb, icmp6_type);
180 }
181
182 static inline void ndisc_fill_redirect_addr_option(struct sk_buff *skb,
183 void *ha,
184 const u8 *ops_data)
185 {
186 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR, ha, NDISC_REDIRECT);
187 ndisc_ops_fill_redirect_addr_option(skb->dev, skb, ops_data);
188 }
189
190 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
191 struct nd_opt_hdr *end)
192 {
193 int type;
194 if (!cur || !end || cur >= end)
195 return NULL;
196 type = cur->nd_opt_type;
197 do {
198 cur = ((void *)cur) + (cur->nd_opt_len << 3);
199 } while (cur < end && cur->nd_opt_type != type);
200 return cur <= end && cur->nd_opt_type == type ? cur : NULL;
201 }
202
203 static inline int ndisc_is_useropt(const struct net_device *dev,
204 struct nd_opt_hdr *opt)
205 {
206 return opt->nd_opt_type == ND_OPT_RDNSS ||
207 opt->nd_opt_type == ND_OPT_DNSSL ||
208 ndisc_ops_is_useropt(dev, opt->nd_opt_type);
209 }
210
211 static struct nd_opt_hdr *ndisc_next_useropt(const struct net_device *dev,
212 struct nd_opt_hdr *cur,
213 struct nd_opt_hdr *end)
214 {
215 if (!cur || !end || cur >= end)
216 return NULL;
217 do {
218 cur = ((void *)cur) + (cur->nd_opt_len << 3);
219 } while (cur < end && !ndisc_is_useropt(dev, cur));
220 return cur <= end && ndisc_is_useropt(dev, cur) ? cur : NULL;
221 }
222
223 struct ndisc_options *ndisc_parse_options(const struct net_device *dev,
224 u8 *opt, int opt_len,
225 struct ndisc_options *ndopts)
226 {
227 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
228
229 if (!nd_opt || opt_len < 0 || !ndopts)
230 return NULL;
231 memset(ndopts, 0, sizeof(*ndopts));
232 while (opt_len) {
233 int l;
234 if (opt_len < sizeof(struct nd_opt_hdr))
235 return NULL;
236 l = nd_opt->nd_opt_len << 3;
237 if (opt_len < l || l == 0)
238 return NULL;
239 if (ndisc_ops_parse_options(dev, nd_opt, ndopts))
240 goto next_opt;
241 switch (nd_opt->nd_opt_type) {
242 case ND_OPT_SOURCE_LL_ADDR:
243 case ND_OPT_TARGET_LL_ADDR:
244 case ND_OPT_MTU:
245 case ND_OPT_REDIRECT_HDR:
246 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
247 ND_PRINTK(2, warn,
248 "%s: duplicated ND6 option found: type=%d\n",
249 __func__, nd_opt->nd_opt_type);
250 } else {
251 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
252 }
253 break;
254 case ND_OPT_PREFIX_INFO:
255 ndopts->nd_opts_pi_end = nd_opt;
256 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
257 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
258 break;
259 #ifdef CONFIG_IPV6_ROUTE_INFO
260 case ND_OPT_ROUTE_INFO:
261 ndopts->nd_opts_ri_end = nd_opt;
262 if (!ndopts->nd_opts_ri)
263 ndopts->nd_opts_ri = nd_opt;
264 break;
265 #endif
266 default:
267 if (ndisc_is_useropt(dev, nd_opt)) {
268 ndopts->nd_useropts_end = nd_opt;
269 if (!ndopts->nd_useropts)
270 ndopts->nd_useropts = nd_opt;
271 } else {
272 /*
273 * Unknown options must be silently ignored,
274 * to accommodate future extension to the
275 * protocol.
276 */
277 ND_PRINTK(2, notice,
278 "%s: ignored unsupported option; type=%d, len=%d\n",
279 __func__,
280 nd_opt->nd_opt_type,
281 nd_opt->nd_opt_len);
282 }
283 }
284 next_opt:
285 opt_len -= l;
286 nd_opt = ((void *)nd_opt) + l;
287 }
288 return ndopts;
289 }
290
291 int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
292 {
293 switch (dev->type) {
294 case ARPHRD_ETHER:
295 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */
296 case ARPHRD_FDDI:
297 ipv6_eth_mc_map(addr, buf);
298 return 0;
299 case ARPHRD_ARCNET:
300 ipv6_arcnet_mc_map(addr, buf);
301 return 0;
302 case ARPHRD_INFINIBAND:
303 ipv6_ib_mc_map(addr, dev->broadcast, buf);
304 return 0;
305 case ARPHRD_IPGRE:
306 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
307 default:
308 if (dir) {
309 memcpy(buf, dev->broadcast, dev->addr_len);
310 return 0;
311 }
312 }
313 return -EINVAL;
314 }
315 EXPORT_SYMBOL(ndisc_mc_map);
316
317 static u32 ndisc_hash(const void *pkey,
318 const struct net_device *dev,
319 __u32 *hash_rnd)
320 {
321 return ndisc_hashfn(pkey, dev, hash_rnd);
322 }
323
324 static bool ndisc_key_eq(const struct neighbour *n, const void *pkey)
325 {
326 return neigh_key_eq128(n, pkey);
327 }
328
329 static int ndisc_constructor(struct neighbour *neigh)
330 {
331 struct in6_addr *addr = (struct in6_addr *)&neigh->primary_key;
332 struct net_device *dev = neigh->dev;
333 struct inet6_dev *in6_dev;
334 struct neigh_parms *parms;
335 bool is_multicast = ipv6_addr_is_multicast(addr);
336
337 in6_dev = in6_dev_get(dev);
338 if (!in6_dev) {
339 return -EINVAL;
340 }
341
342 parms = in6_dev->nd_parms;
343 __neigh_parms_put(neigh->parms);
344 neigh->parms = neigh_parms_clone(parms);
345
346 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
347 if (!dev->header_ops) {
348 neigh->nud_state = NUD_NOARP;
349 neigh->ops = &ndisc_direct_ops;
350 neigh->output = neigh_direct_output;
351 } else {
352 if (is_multicast) {
353 neigh->nud_state = NUD_NOARP;
354 ndisc_mc_map(addr, neigh->ha, dev, 1);
355 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
356 neigh->nud_state = NUD_NOARP;
357 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
358 if (dev->flags&IFF_LOOPBACK)
359 neigh->type = RTN_LOCAL;
360 } else if (dev->flags&IFF_POINTOPOINT) {
361 neigh->nud_state = NUD_NOARP;
362 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
363 }
364 if (dev->header_ops->cache)
365 neigh->ops = &ndisc_hh_ops;
366 else
367 neigh->ops = &ndisc_generic_ops;
368 if (neigh->nud_state&NUD_VALID)
369 neigh->output = neigh->ops->connected_output;
370 else
371 neigh->output = neigh->ops->output;
372 }
373 in6_dev_put(in6_dev);
374 return 0;
375 }
376
377 static int pndisc_constructor(struct pneigh_entry *n)
378 {
379 struct in6_addr *addr = (struct in6_addr *)&n->key;
380 struct in6_addr maddr;
381 struct net_device *dev = n->dev;
382
383 if (!dev || !__in6_dev_get(dev))
384 return -EINVAL;
385 addrconf_addr_solict_mult(addr, &maddr);
386 ipv6_dev_mc_inc(dev, &maddr);
387 return 0;
388 }
389
390 static void pndisc_destructor(struct pneigh_entry *n)
391 {
392 struct in6_addr *addr = (struct in6_addr *)&n->key;
393 struct in6_addr maddr;
394 struct net_device *dev = n->dev;
395
396 if (!dev || !__in6_dev_get(dev))
397 return;
398 addrconf_addr_solict_mult(addr, &maddr);
399 ipv6_dev_mc_dec(dev, &maddr);
400 }
401
402 static struct sk_buff *ndisc_alloc_skb(struct net_device *dev,
403 int len)
404 {
405 int hlen = LL_RESERVED_SPACE(dev);
406 int tlen = dev->needed_tailroom;
407 struct sock *sk = dev_net(dev)->ipv6.ndisc_sk;
408 struct sk_buff *skb;
409
410 skb = alloc_skb(hlen + sizeof(struct ipv6hdr) + len + tlen, GFP_ATOMIC);
411 if (!skb) {
412 ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb\n",
413 __func__);
414 return NULL;
415 }
416
417 skb->protocol = htons(ETH_P_IPV6);
418 skb->dev = dev;
419
420 skb_reserve(skb, hlen + sizeof(struct ipv6hdr));
421 skb_reset_transport_header(skb);
422
423 /* Manually assign socket ownership as we avoid calling
424 * sock_alloc_send_pskb() to bypass wmem buffer limits
425 */
426 skb_set_owner_w(skb, sk);
427
428 return skb;
429 }
430
431 static void ip6_nd_hdr(struct sk_buff *skb,
432 const struct in6_addr *saddr,
433 const struct in6_addr *daddr,
434 int hop_limit, int len)
435 {
436 struct ipv6hdr *hdr;
437
438 skb_push(skb, sizeof(*hdr));
439 skb_reset_network_header(skb);
440 hdr = ipv6_hdr(skb);
441
442 ip6_flow_hdr(hdr, 0, 0);
443
444 hdr->payload_len = htons(len);
445 hdr->nexthdr = IPPROTO_ICMPV6;
446 hdr->hop_limit = hop_limit;
447
448 hdr->saddr = *saddr;
449 hdr->daddr = *daddr;
450 }
451
452 static void ndisc_send_skb(struct sk_buff *skb,
453 const struct in6_addr *daddr,
454 const struct in6_addr *saddr)
455 {
456 struct dst_entry *dst = skb_dst(skb);
457 struct net *net = dev_net(skb->dev);
458 struct sock *sk = net->ipv6.ndisc_sk;
459 struct inet6_dev *idev;
460 int err;
461 struct icmp6hdr *icmp6h = icmp6_hdr(skb);
462 u8 type;
463
464 type = icmp6h->icmp6_type;
465
466 if (!dst) {
467 struct flowi6 fl6;
468 int oif = l3mdev_fib_oif(skb->dev);
469
470 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, oif);
471 if (oif != skb->dev->ifindex)
472 fl6.flowi6_flags |= FLOWI_FLAG_L3MDEV_SRC;
473 dst = icmp6_dst_alloc(skb->dev, &fl6);
474 if (IS_ERR(dst)) {
475 kfree_skb(skb);
476 return;
477 }
478
479 skb_dst_set(skb, dst);
480 }
481
482 icmp6h->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len,
483 IPPROTO_ICMPV6,
484 csum_partial(icmp6h,
485 skb->len, 0));
486
487 ip6_nd_hdr(skb, saddr, daddr, inet6_sk(sk)->hop_limit, skb->len);
488
489 rcu_read_lock();
490 idev = __in6_dev_get(dst->dev);
491 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
492
493 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT,
494 net, sk, skb, NULL, dst->dev,
495 dst_output);
496 if (!err) {
497 ICMP6MSGOUT_INC_STATS(net, idev, type);
498 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
499 }
500
501 rcu_read_unlock();
502 }
503
504 void ndisc_send_na(struct net_device *dev, const struct in6_addr *daddr,
505 const struct in6_addr *solicited_addr,
506 bool router, bool solicited, bool override, bool inc_opt)
507 {
508 struct sk_buff *skb;
509 struct in6_addr tmpaddr;
510 struct inet6_ifaddr *ifp;
511 const struct in6_addr *src_addr;
512 struct nd_msg *msg;
513 int optlen = 0;
514
515 /* for anycast or proxy, solicited_addr != src_addr */
516 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
517 if (ifp) {
518 src_addr = solicited_addr;
519 if (ifp->flags & IFA_F_OPTIMISTIC)
520 override = false;
521 inc_opt |= ifp->idev->cnf.force_tllao;
522 in6_ifa_put(ifp);
523 } else {
524 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
525 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
526 &tmpaddr))
527 return;
528 src_addr = &tmpaddr;
529 }
530
531 if (!dev->addr_len)
532 inc_opt = 0;
533 if (inc_opt)
534 optlen += ndisc_opt_addr_space(dev,
535 NDISC_NEIGHBOUR_ADVERTISEMENT);
536
537 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
538 if (!skb)
539 return;
540
541 msg = (struct nd_msg *)skb_put(skb, sizeof(*msg));
542 *msg = (struct nd_msg) {
543 .icmph = {
544 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
545 .icmp6_router = router,
546 .icmp6_solicited = solicited,
547 .icmp6_override = override,
548 },
549 .target = *solicited_addr,
550 };
551
552 if (inc_opt)
553 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR,
554 dev->dev_addr,
555 NDISC_NEIGHBOUR_ADVERTISEMENT);
556
557 ndisc_send_skb(skb, daddr, src_addr);
558 }
559
560 static void ndisc_send_unsol_na(struct net_device *dev)
561 {
562 struct inet6_dev *idev;
563 struct inet6_ifaddr *ifa;
564
565 idev = in6_dev_get(dev);
566 if (!idev)
567 return;
568
569 read_lock_bh(&idev->lock);
570 list_for_each_entry(ifa, &idev->addr_list, if_list) {
571 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &ifa->addr,
572 /*router=*/ !!idev->cnf.forwarding,
573 /*solicited=*/ false, /*override=*/ true,
574 /*inc_opt=*/ true);
575 }
576 read_unlock_bh(&idev->lock);
577
578 in6_dev_put(idev);
579 }
580
581 void ndisc_send_ns(struct net_device *dev, const struct in6_addr *solicit,
582 const struct in6_addr *daddr, const struct in6_addr *saddr)
583 {
584 struct sk_buff *skb;
585 struct in6_addr addr_buf;
586 int inc_opt = dev->addr_len;
587 int optlen = 0;
588 struct nd_msg *msg;
589
590 if (!saddr) {
591 if (ipv6_get_lladdr(dev, &addr_buf,
592 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
593 return;
594 saddr = &addr_buf;
595 }
596
597 if (ipv6_addr_any(saddr))
598 inc_opt = false;
599 if (inc_opt)
600 optlen += ndisc_opt_addr_space(dev,
601 NDISC_NEIGHBOUR_SOLICITATION);
602
603 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
604 if (!skb)
605 return;
606
607 msg = (struct nd_msg *)skb_put(skb, sizeof(*msg));
608 *msg = (struct nd_msg) {
609 .icmph = {
610 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
611 },
612 .target = *solicit,
613 };
614
615 if (inc_opt)
616 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
617 dev->dev_addr,
618 NDISC_NEIGHBOUR_SOLICITATION);
619
620 ndisc_send_skb(skb, daddr, saddr);
621 }
622
623 void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
624 const struct in6_addr *daddr)
625 {
626 struct sk_buff *skb;
627 struct rs_msg *msg;
628 int send_sllao = dev->addr_len;
629 int optlen = 0;
630
631 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
632 /*
633 * According to section 2.2 of RFC 4429, we must not
634 * send router solicitations with a sllao from
635 * optimistic addresses, but we may send the solicitation
636 * if we don't include the sllao. So here we check
637 * if our address is optimistic, and if so, we
638 * suppress the inclusion of the sllao.
639 */
640 if (send_sllao) {
641 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
642 dev, 1);
643 if (ifp) {
644 if (ifp->flags & IFA_F_OPTIMISTIC) {
645 send_sllao = 0;
646 }
647 in6_ifa_put(ifp);
648 } else {
649 send_sllao = 0;
650 }
651 }
652 #endif
653 if (send_sllao)
654 optlen += ndisc_opt_addr_space(dev, NDISC_ROUTER_SOLICITATION);
655
656 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
657 if (!skb)
658 return;
659
660 msg = (struct rs_msg *)skb_put(skb, sizeof(*msg));
661 *msg = (struct rs_msg) {
662 .icmph = {
663 .icmp6_type = NDISC_ROUTER_SOLICITATION,
664 },
665 };
666
667 if (send_sllao)
668 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
669 dev->dev_addr,
670 NDISC_ROUTER_SOLICITATION);
671
672 ndisc_send_skb(skb, daddr, saddr);
673 }
674
675
676 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
677 {
678 /*
679 * "The sender MUST return an ICMP
680 * destination unreachable"
681 */
682 dst_link_failure(skb);
683 kfree_skb(skb);
684 }
685
686 /* Called with locked neigh: either read or both */
687
688 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
689 {
690 struct in6_addr *saddr = NULL;
691 struct in6_addr mcaddr;
692 struct net_device *dev = neigh->dev;
693 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
694 int probes = atomic_read(&neigh->probes);
695
696 if (skb && ipv6_chk_addr_and_flags(dev_net(dev), &ipv6_hdr(skb)->saddr,
697 dev, 1,
698 IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))
699 saddr = &ipv6_hdr(skb)->saddr;
700 probes -= NEIGH_VAR(neigh->parms, UCAST_PROBES);
701 if (probes < 0) {
702 if (!(neigh->nud_state & NUD_VALID)) {
703 ND_PRINTK(1, dbg,
704 "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
705 __func__, target);
706 }
707 ndisc_send_ns(dev, target, target, saddr);
708 } else if ((probes -= NEIGH_VAR(neigh->parms, APP_PROBES)) < 0) {
709 neigh_app_ns(neigh);
710 } else {
711 addrconf_addr_solict_mult(target, &mcaddr);
712 ndisc_send_ns(dev, target, &mcaddr, saddr);
713 }
714 }
715
716 static int pndisc_is_router(const void *pkey,
717 struct net_device *dev)
718 {
719 struct pneigh_entry *n;
720 int ret = -1;
721
722 read_lock_bh(&nd_tbl.lock);
723 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
724 if (n)
725 ret = !!(n->flags & NTF_ROUTER);
726 read_unlock_bh(&nd_tbl.lock);
727
728 return ret;
729 }
730
731 void ndisc_update(const struct net_device *dev, struct neighbour *neigh,
732 const u8 *lladdr, u8 new, u32 flags, u8 icmp6_type,
733 struct ndisc_options *ndopts)
734 {
735 neigh_update(neigh, lladdr, new, flags);
736 /* report ndisc ops about neighbour update */
737 ndisc_ops_update(dev, neigh, flags, icmp6_type, ndopts);
738 }
739
740 static void ndisc_recv_ns(struct sk_buff *skb)
741 {
742 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
743 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
744 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
745 u8 *lladdr = NULL;
746 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
747 offsetof(struct nd_msg, opt));
748 struct ndisc_options ndopts;
749 struct net_device *dev = skb->dev;
750 struct inet6_ifaddr *ifp;
751 struct inet6_dev *idev = NULL;
752 struct neighbour *neigh;
753 int dad = ipv6_addr_any(saddr);
754 bool inc;
755 int is_router = -1;
756
757 if (skb->len < sizeof(struct nd_msg)) {
758 ND_PRINTK(2, warn, "NS: packet too short\n");
759 return;
760 }
761
762 if (ipv6_addr_is_multicast(&msg->target)) {
763 ND_PRINTK(2, warn, "NS: multicast target address\n");
764 return;
765 }
766
767 /*
768 * RFC2461 7.1.1:
769 * DAD has to be destined for solicited node multicast address.
770 */
771 if (dad && !ipv6_addr_is_solict_mult(daddr)) {
772 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
773 return;
774 }
775
776 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
777 ND_PRINTK(2, warn, "NS: invalid ND options\n");
778 return;
779 }
780
781 if (ndopts.nd_opts_src_lladdr) {
782 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
783 if (!lladdr) {
784 ND_PRINTK(2, warn,
785 "NS: invalid link-layer address length\n");
786 return;
787 }
788
789 /* RFC2461 7.1.1:
790 * If the IP source address is the unspecified address,
791 * there MUST NOT be source link-layer address option
792 * in the message.
793 */
794 if (dad) {
795 ND_PRINTK(2, warn,
796 "NS: bad DAD packet (link-layer address option)\n");
797 return;
798 }
799 }
800
801 inc = ipv6_addr_is_multicast(daddr);
802
803 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
804 if (ifp) {
805 have_ifp:
806 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
807 if (dad) {
808 /*
809 * We are colliding with another node
810 * who is doing DAD
811 * so fail our DAD process
812 */
813 addrconf_dad_failure(ifp);
814 return;
815 } else {
816 /*
817 * This is not a dad solicitation.
818 * If we are an optimistic node,
819 * we should respond.
820 * Otherwise, we should ignore it.
821 */
822 if (!(ifp->flags & IFA_F_OPTIMISTIC))
823 goto out;
824 }
825 }
826
827 idev = ifp->idev;
828 } else {
829 struct net *net = dev_net(dev);
830
831 /* perhaps an address on the master device */
832 if (netif_is_l3_slave(dev)) {
833 struct net_device *mdev;
834
835 mdev = netdev_master_upper_dev_get_rcu(dev);
836 if (mdev) {
837 ifp = ipv6_get_ifaddr(net, &msg->target, mdev, 1);
838 if (ifp)
839 goto have_ifp;
840 }
841 }
842
843 idev = in6_dev_get(dev);
844 if (!idev) {
845 /* XXX: count this drop? */
846 return;
847 }
848
849 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
850 (idev->cnf.forwarding &&
851 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
852 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
853 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
854 skb->pkt_type != PACKET_HOST &&
855 inc &&
856 NEIGH_VAR(idev->nd_parms, PROXY_DELAY) != 0) {
857 /*
858 * for anycast or proxy,
859 * sender should delay its response
860 * by a random time between 0 and
861 * MAX_ANYCAST_DELAY_TIME seconds.
862 * (RFC2461) -- yoshfuji
863 */
864 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
865 if (n)
866 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
867 goto out;
868 }
869 } else
870 goto out;
871 }
872
873 if (is_router < 0)
874 is_router = idev->cnf.forwarding;
875
876 if (dad) {
877 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &msg->target,
878 !!is_router, false, (ifp != NULL), true);
879 goto out;
880 }
881
882 if (inc)
883 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
884 else
885 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
886
887 /*
888 * update / create cache entry
889 * for the source address
890 */
891 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
892 !inc || lladdr || !dev->addr_len);
893 if (neigh)
894 ndisc_update(dev, neigh, lladdr, NUD_STALE,
895 NEIGH_UPDATE_F_WEAK_OVERRIDE|
896 NEIGH_UPDATE_F_OVERRIDE,
897 NDISC_NEIGHBOUR_SOLICITATION, &ndopts);
898 if (neigh || !dev->header_ops) {
899 ndisc_send_na(dev, saddr, &msg->target, !!is_router,
900 true, (ifp != NULL && inc), inc);
901 if (neigh)
902 neigh_release(neigh);
903 }
904
905 out:
906 if (ifp)
907 in6_ifa_put(ifp);
908 else
909 in6_dev_put(idev);
910 }
911
912 static void ndisc_recv_na(struct sk_buff *skb)
913 {
914 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
915 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
916 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
917 u8 *lladdr = NULL;
918 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
919 offsetof(struct nd_msg, opt));
920 struct ndisc_options ndopts;
921 struct net_device *dev = skb->dev;
922 struct inet6_dev *idev = __in6_dev_get(dev);
923 struct inet6_ifaddr *ifp;
924 struct neighbour *neigh;
925
926 if (skb->len < sizeof(struct nd_msg)) {
927 ND_PRINTK(2, warn, "NA: packet too short\n");
928 return;
929 }
930
931 if (ipv6_addr_is_multicast(&msg->target)) {
932 ND_PRINTK(2, warn, "NA: target address is multicast\n");
933 return;
934 }
935
936 if (ipv6_addr_is_multicast(daddr) &&
937 msg->icmph.icmp6_solicited) {
938 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
939 return;
940 }
941
942 /* For some 802.11 wireless deployments (and possibly other networks),
943 * there will be a NA proxy and unsolicitd packets are attacks
944 * and thus should not be accepted.
945 */
946 if (!msg->icmph.icmp6_solicited && idev &&
947 idev->cnf.drop_unsolicited_na)
948 return;
949
950 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
951 ND_PRINTK(2, warn, "NS: invalid ND option\n");
952 return;
953 }
954 if (ndopts.nd_opts_tgt_lladdr) {
955 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
956 if (!lladdr) {
957 ND_PRINTK(2, warn,
958 "NA: invalid link-layer address length\n");
959 return;
960 }
961 }
962 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
963 if (ifp) {
964 if (skb->pkt_type != PACKET_LOOPBACK
965 && (ifp->flags & IFA_F_TENTATIVE)) {
966 addrconf_dad_failure(ifp);
967 return;
968 }
969 /* What should we make now? The advertisement
970 is invalid, but ndisc specs say nothing
971 about it. It could be misconfiguration, or
972 an smart proxy agent tries to help us :-)
973
974 We should not print the error if NA has been
975 received from loopback - it is just our own
976 unsolicited advertisement.
977 */
978 if (skb->pkt_type != PACKET_LOOPBACK)
979 ND_PRINTK(1, warn,
980 "NA: someone advertises our address %pI6 on %s!\n",
981 &ifp->addr, ifp->idev->dev->name);
982 in6_ifa_put(ifp);
983 return;
984 }
985 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
986
987 if (neigh) {
988 u8 old_flags = neigh->flags;
989 struct net *net = dev_net(dev);
990
991 if (neigh->nud_state & NUD_FAILED)
992 goto out;
993
994 /*
995 * Don't update the neighbor cache entry on a proxy NA from
996 * ourselves because either the proxied node is off link or it
997 * has already sent a NA to us.
998 */
999 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
1000 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
1001 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
1002 /* XXX: idev->cnf.proxy_ndp */
1003 goto out;
1004 }
1005
1006 ndisc_update(dev, neigh, lladdr,
1007 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
1008 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1009 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
1010 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1011 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0),
1012 NDISC_NEIGHBOUR_ADVERTISEMENT, &ndopts);
1013
1014 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
1015 /*
1016 * Change: router to host
1017 */
1018 rt6_clean_tohost(dev_net(dev), saddr);
1019 }
1020
1021 out:
1022 neigh_release(neigh);
1023 }
1024 }
1025
1026 static void ndisc_recv_rs(struct sk_buff *skb)
1027 {
1028 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
1029 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
1030 struct neighbour *neigh;
1031 struct inet6_dev *idev;
1032 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
1033 struct ndisc_options ndopts;
1034 u8 *lladdr = NULL;
1035
1036 if (skb->len < sizeof(*rs_msg))
1037 return;
1038
1039 idev = __in6_dev_get(skb->dev);
1040 if (!idev) {
1041 ND_PRINTK(1, err, "RS: can't find in6 device\n");
1042 return;
1043 }
1044
1045 /* Don't accept RS if we're not in router mode */
1046 if (!idev->cnf.forwarding)
1047 goto out;
1048
1049 /*
1050 * Don't update NCE if src = ::;
1051 * this implies that the source node has no ip address assigned yet.
1052 */
1053 if (ipv6_addr_any(saddr))
1054 goto out;
1055
1056 /* Parse ND options */
1057 if (!ndisc_parse_options(skb->dev, rs_msg->opt, ndoptlen, &ndopts)) {
1058 ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n");
1059 goto out;
1060 }
1061
1062 if (ndopts.nd_opts_src_lladdr) {
1063 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1064 skb->dev);
1065 if (!lladdr)
1066 goto out;
1067 }
1068
1069 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1070 if (neigh) {
1071 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1072 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1073 NEIGH_UPDATE_F_OVERRIDE|
1074 NEIGH_UPDATE_F_OVERRIDE_ISROUTER,
1075 NDISC_ROUTER_SOLICITATION, &ndopts);
1076 neigh_release(neigh);
1077 }
1078 out:
1079 return;
1080 }
1081
1082 static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1083 {
1084 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1085 struct sk_buff *skb;
1086 struct nlmsghdr *nlh;
1087 struct nduseroptmsg *ndmsg;
1088 struct net *net = dev_net(ra->dev);
1089 int err;
1090 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1091 + (opt->nd_opt_len << 3));
1092 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1093
1094 skb = nlmsg_new(msg_size, GFP_ATOMIC);
1095 if (!skb) {
1096 err = -ENOBUFS;
1097 goto errout;
1098 }
1099
1100 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1101 if (!nlh) {
1102 goto nla_put_failure;
1103 }
1104
1105 ndmsg = nlmsg_data(nlh);
1106 ndmsg->nduseropt_family = AF_INET6;
1107 ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1108 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1109 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1110 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1111
1112 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1113
1114 if (nla_put_in6_addr(skb, NDUSEROPT_SRCADDR, &ipv6_hdr(ra)->saddr))
1115 goto nla_put_failure;
1116 nlmsg_end(skb, nlh);
1117
1118 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1119 return;
1120
1121 nla_put_failure:
1122 nlmsg_free(skb);
1123 err = -EMSGSIZE;
1124 errout:
1125 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1126 }
1127
1128 static void ndisc_router_discovery(struct sk_buff *skb)
1129 {
1130 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1131 struct neighbour *neigh = NULL;
1132 struct inet6_dev *in6_dev;
1133 struct rt6_info *rt = NULL;
1134 int lifetime;
1135 struct ndisc_options ndopts;
1136 int optlen;
1137 unsigned int pref = 0;
1138 __u32 old_if_flags;
1139 bool send_ifinfo_notify = false;
1140
1141 __u8 *opt = (__u8 *)(ra_msg + 1);
1142
1143 optlen = (skb_tail_pointer(skb) - skb_transport_header(skb)) -
1144 sizeof(struct ra_msg);
1145
1146 ND_PRINTK(2, info,
1147 "RA: %s, dev: %s\n",
1148 __func__, skb->dev->name);
1149 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1150 ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1151 return;
1152 }
1153 if (optlen < 0) {
1154 ND_PRINTK(2, warn, "RA: packet too short\n");
1155 return;
1156 }
1157
1158 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1159 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1160 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
1161 return;
1162 }
1163 #endif
1164
1165 /*
1166 * set the RA_RECV flag in the interface
1167 */
1168
1169 in6_dev = __in6_dev_get(skb->dev);
1170 if (!in6_dev) {
1171 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1172 skb->dev->name);
1173 return;
1174 }
1175
1176 if (!ndisc_parse_options(skb->dev, opt, optlen, &ndopts)) {
1177 ND_PRINTK(2, warn, "RA: invalid ND options\n");
1178 return;
1179 }
1180
1181 if (!ipv6_accept_ra(in6_dev)) {
1182 ND_PRINTK(2, info,
1183 "RA: %s, did not accept ra for dev: %s\n",
1184 __func__, skb->dev->name);
1185 goto skip_linkparms;
1186 }
1187
1188 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1189 /* skip link-specific parameters from interior routers */
1190 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1191 ND_PRINTK(2, info,
1192 "RA: %s, nodetype is NODEFAULT, dev: %s\n",
1193 __func__, skb->dev->name);
1194 goto skip_linkparms;
1195 }
1196 #endif
1197
1198 if (in6_dev->if_flags & IF_RS_SENT) {
1199 /*
1200 * flag that an RA was received after an RS was sent
1201 * out on this interface.
1202 */
1203 in6_dev->if_flags |= IF_RA_RCVD;
1204 }
1205
1206 /*
1207 * Remember the managed/otherconf flags from most recently
1208 * received RA message (RFC 2462) -- yoshfuji
1209 */
1210 old_if_flags = in6_dev->if_flags;
1211 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1212 IF_RA_OTHERCONF)) |
1213 (ra_msg->icmph.icmp6_addrconf_managed ?
1214 IF_RA_MANAGED : 0) |
1215 (ra_msg->icmph.icmp6_addrconf_other ?
1216 IF_RA_OTHERCONF : 0);
1217
1218 if (old_if_flags != in6_dev->if_flags)
1219 send_ifinfo_notify = true;
1220
1221 if (!in6_dev->cnf.accept_ra_defrtr) {
1222 ND_PRINTK(2, info,
1223 "RA: %s, defrtr is false for dev: %s\n",
1224 __func__, skb->dev->name);
1225 goto skip_defrtr;
1226 }
1227
1228 /* Do not accept RA with source-addr found on local machine unless
1229 * accept_ra_from_local is set to true.
1230 */
1231 if (!in6_dev->cnf.accept_ra_from_local &&
1232 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
1233 in6_dev->dev, 0)) {
1234 ND_PRINTK(2, info,
1235 "RA from local address detected on dev: %s: default router ignored\n",
1236 skb->dev->name);
1237 goto skip_defrtr;
1238 }
1239
1240 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1241
1242 #ifdef CONFIG_IPV6_ROUTER_PREF
1243 pref = ra_msg->icmph.icmp6_router_pref;
1244 /* 10b is handled as if it were 00b (medium) */
1245 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1246 !in6_dev->cnf.accept_ra_rtr_pref)
1247 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1248 #endif
1249
1250 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1251
1252 if (rt) {
1253 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1254 if (!neigh) {
1255 ND_PRINTK(0, err,
1256 "RA: %s got default router without neighbour\n",
1257 __func__);
1258 ip6_rt_put(rt);
1259 return;
1260 }
1261 }
1262 if (rt && lifetime == 0) {
1263 ip6_del_rt(rt);
1264 rt = NULL;
1265 }
1266
1267 ND_PRINTK(3, info, "RA: rt: %p lifetime: %d, for dev: %s\n",
1268 rt, lifetime, skb->dev->name);
1269 if (!rt && lifetime) {
1270 ND_PRINTK(3, info, "RA: adding default router\n");
1271
1272 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
1273 if (!rt) {
1274 ND_PRINTK(0, err,
1275 "RA: %s failed to add default route\n",
1276 __func__);
1277 return;
1278 }
1279
1280 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1281 if (!neigh) {
1282 ND_PRINTK(0, err,
1283 "RA: %s got default router without neighbour\n",
1284 __func__);
1285 ip6_rt_put(rt);
1286 return;
1287 }
1288 neigh->flags |= NTF_ROUTER;
1289 } else if (rt) {
1290 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1291 }
1292
1293 if (rt)
1294 rt6_set_expires(rt, jiffies + (HZ * lifetime));
1295 if (in6_dev->cnf.accept_ra_min_hop_limit < 256 &&
1296 ra_msg->icmph.icmp6_hop_limit) {
1297 if (in6_dev->cnf.accept_ra_min_hop_limit <= ra_msg->icmph.icmp6_hop_limit) {
1298 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1299 if (rt)
1300 dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
1301 ra_msg->icmph.icmp6_hop_limit);
1302 } else {
1303 ND_PRINTK(2, warn, "RA: Got route advertisement with lower hop_limit than minimum\n");
1304 }
1305 }
1306
1307 skip_defrtr:
1308
1309 /*
1310 * Update Reachable Time and Retrans Timer
1311 */
1312
1313 if (in6_dev->nd_parms) {
1314 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1315
1316 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1317 rtime = (rtime*HZ)/1000;
1318 if (rtime < HZ/10)
1319 rtime = HZ/10;
1320 NEIGH_VAR_SET(in6_dev->nd_parms, RETRANS_TIME, rtime);
1321 in6_dev->tstamp = jiffies;
1322 send_ifinfo_notify = true;
1323 }
1324
1325 rtime = ntohl(ra_msg->reachable_time);
1326 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1327 rtime = (rtime*HZ)/1000;
1328
1329 if (rtime < HZ/10)
1330 rtime = HZ/10;
1331
1332 if (rtime != NEIGH_VAR(in6_dev->nd_parms, BASE_REACHABLE_TIME)) {
1333 NEIGH_VAR_SET(in6_dev->nd_parms,
1334 BASE_REACHABLE_TIME, rtime);
1335 NEIGH_VAR_SET(in6_dev->nd_parms,
1336 GC_STALETIME, 3 * rtime);
1337 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1338 in6_dev->tstamp = jiffies;
1339 send_ifinfo_notify = true;
1340 }
1341 }
1342 }
1343
1344 /*
1345 * Send a notify if RA changed managed/otherconf flags or timer settings
1346 */
1347 if (send_ifinfo_notify)
1348 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1349
1350 skip_linkparms:
1351
1352 /*
1353 * Process options.
1354 */
1355
1356 if (!neigh)
1357 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1358 skb->dev, 1);
1359 if (neigh) {
1360 u8 *lladdr = NULL;
1361 if (ndopts.nd_opts_src_lladdr) {
1362 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1363 skb->dev);
1364 if (!lladdr) {
1365 ND_PRINTK(2, warn,
1366 "RA: invalid link-layer address length\n");
1367 goto out;
1368 }
1369 }
1370 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1371 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1372 NEIGH_UPDATE_F_OVERRIDE|
1373 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1374 NEIGH_UPDATE_F_ISROUTER,
1375 NDISC_ROUTER_ADVERTISEMENT, &ndopts);
1376 }
1377
1378 if (!ipv6_accept_ra(in6_dev)) {
1379 ND_PRINTK(2, info,
1380 "RA: %s, accept_ra is false for dev: %s\n",
1381 __func__, skb->dev->name);
1382 goto out;
1383 }
1384
1385 #ifdef CONFIG_IPV6_ROUTE_INFO
1386 if (!in6_dev->cnf.accept_ra_from_local &&
1387 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
1388 in6_dev->dev, 0)) {
1389 ND_PRINTK(2, info,
1390 "RA from local address detected on dev: %s: router info ignored.\n",
1391 skb->dev->name);
1392 goto skip_routeinfo;
1393 }
1394
1395 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1396 struct nd_opt_hdr *p;
1397 for (p = ndopts.nd_opts_ri;
1398 p;
1399 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1400 struct route_info *ri = (struct route_info *)p;
1401 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1402 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1403 ri->prefix_len == 0)
1404 continue;
1405 #endif
1406 if (ri->prefix_len == 0 &&
1407 !in6_dev->cnf.accept_ra_defrtr)
1408 continue;
1409 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1410 continue;
1411 rt6_route_rcv(skb->dev, (u8 *)p, (p->nd_opt_len) << 3,
1412 &ipv6_hdr(skb)->saddr);
1413 }
1414 }
1415
1416 skip_routeinfo:
1417 #endif
1418
1419 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1420 /* skip link-specific ndopts from interior routers */
1421 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1422 ND_PRINTK(2, info,
1423 "RA: %s, nodetype is NODEFAULT (interior routes), dev: %s\n",
1424 __func__, skb->dev->name);
1425 goto out;
1426 }
1427 #endif
1428
1429 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1430 struct nd_opt_hdr *p;
1431 for (p = ndopts.nd_opts_pi;
1432 p;
1433 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1434 addrconf_prefix_rcv(skb->dev, (u8 *)p,
1435 (p->nd_opt_len) << 3,
1436 ndopts.nd_opts_src_lladdr != NULL);
1437 }
1438 }
1439
1440 if (ndopts.nd_opts_mtu && in6_dev->cnf.accept_ra_mtu) {
1441 __be32 n;
1442 u32 mtu;
1443
1444 memcpy(&n, ((u8 *)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1445 mtu = ntohl(n);
1446
1447 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1448 ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1449 } else if (in6_dev->cnf.mtu6 != mtu) {
1450 in6_dev->cnf.mtu6 = mtu;
1451
1452 if (rt)
1453 dst_metric_set(&rt->dst, RTAX_MTU, mtu);
1454
1455 rt6_mtu_change(skb->dev, mtu);
1456 }
1457 }
1458
1459 if (ndopts.nd_useropts) {
1460 struct nd_opt_hdr *p;
1461 for (p = ndopts.nd_useropts;
1462 p;
1463 p = ndisc_next_useropt(skb->dev, p,
1464 ndopts.nd_useropts_end)) {
1465 ndisc_ra_useropt(skb, p);
1466 }
1467 }
1468
1469 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1470 ND_PRINTK(2, warn, "RA: invalid RA options\n");
1471 }
1472 out:
1473 ip6_rt_put(rt);
1474 if (neigh)
1475 neigh_release(neigh);
1476 }
1477
1478 static void ndisc_redirect_rcv(struct sk_buff *skb)
1479 {
1480 u8 *hdr;
1481 struct ndisc_options ndopts;
1482 struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb);
1483 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
1484 offsetof(struct rd_msg, opt));
1485
1486 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1487 switch (skb->ndisc_nodetype) {
1488 case NDISC_NODETYPE_HOST:
1489 case NDISC_NODETYPE_NODEFAULT:
1490 ND_PRINTK(2, warn,
1491 "Redirect: from host or unauthorized router\n");
1492 return;
1493 }
1494 #endif
1495
1496 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1497 ND_PRINTK(2, warn,
1498 "Redirect: source address is not link-local\n");
1499 return;
1500 }
1501
1502 if (!ndisc_parse_options(skb->dev, msg->opt, ndoptlen, &ndopts))
1503 return;
1504
1505 if (!ndopts.nd_opts_rh) {
1506 ip6_redirect_no_header(skb, dev_net(skb->dev),
1507 skb->dev->ifindex, 0);
1508 return;
1509 }
1510
1511 hdr = (u8 *)ndopts.nd_opts_rh;
1512 hdr += 8;
1513 if (!pskb_pull(skb, hdr - skb_transport_header(skb)))
1514 return;
1515
1516 icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1517 }
1518
1519 static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb,
1520 struct sk_buff *orig_skb,
1521 int rd_len)
1522 {
1523 u8 *opt = skb_put(skb, rd_len);
1524
1525 memset(opt, 0, 8);
1526 *(opt++) = ND_OPT_REDIRECT_HDR;
1527 *(opt++) = (rd_len >> 3);
1528 opt += 6;
1529
1530 memcpy(opt, ipv6_hdr(orig_skb), rd_len - 8);
1531 }
1532
1533 void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1534 {
1535 struct net_device *dev = skb->dev;
1536 struct net *net = dev_net(dev);
1537 struct sock *sk = net->ipv6.ndisc_sk;
1538 int optlen = 0;
1539 struct inet_peer *peer;
1540 struct sk_buff *buff;
1541 struct rd_msg *msg;
1542 struct in6_addr saddr_buf;
1543 struct rt6_info *rt;
1544 struct dst_entry *dst;
1545 struct flowi6 fl6;
1546 int rd_len;
1547 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL,
1548 ops_data_buf[NDISC_OPS_REDIRECT_DATA_SPACE], *ops_data = NULL;
1549 int oif = l3mdev_fib_oif(dev);
1550 bool ret;
1551
1552 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1553 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1554 dev->name);
1555 return;
1556 }
1557
1558 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1559 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1560 ND_PRINTK(2, warn,
1561 "Redirect: target address is not link-local unicast\n");
1562 return;
1563 }
1564
1565 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1566 &saddr_buf, &ipv6_hdr(skb)->saddr, oif);
1567
1568 if (oif != skb->dev->ifindex)
1569 fl6.flowi6_flags |= FLOWI_FLAG_L3MDEV_SRC;
1570
1571 dst = ip6_route_output(net, NULL, &fl6);
1572 if (dst->error) {
1573 dst_release(dst);
1574 return;
1575 }
1576 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1577 if (IS_ERR(dst))
1578 return;
1579
1580 rt = (struct rt6_info *) dst;
1581
1582 if (rt->rt6i_flags & RTF_GATEWAY) {
1583 ND_PRINTK(2, warn,
1584 "Redirect: destination is not a neighbour\n");
1585 goto release;
1586 }
1587 peer = inet_getpeer_v6(net->ipv6.peers, &ipv6_hdr(skb)->saddr, 1);
1588 ret = inet_peer_xrlim_allow(peer, 1*HZ);
1589 if (peer)
1590 inet_putpeer(peer);
1591 if (!ret)
1592 goto release;
1593
1594 if (dev->addr_len) {
1595 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1596 if (!neigh) {
1597 ND_PRINTK(2, warn,
1598 "Redirect: no neigh for target address\n");
1599 goto release;
1600 }
1601
1602 read_lock_bh(&neigh->lock);
1603 if (neigh->nud_state & NUD_VALID) {
1604 memcpy(ha_buf, neigh->ha, dev->addr_len);
1605 read_unlock_bh(&neigh->lock);
1606 ha = ha_buf;
1607 optlen += ndisc_redirect_opt_addr_space(dev, neigh,
1608 ops_data_buf,
1609 &ops_data);
1610 } else
1611 read_unlock_bh(&neigh->lock);
1612
1613 neigh_release(neigh);
1614 }
1615
1616 rd_len = min_t(unsigned int,
1617 IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen,
1618 skb->len + 8);
1619 rd_len &= ~0x7;
1620 optlen += rd_len;
1621
1622 buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
1623 if (!buff)
1624 goto release;
1625
1626 msg = (struct rd_msg *)skb_put(buff, sizeof(*msg));
1627 *msg = (struct rd_msg) {
1628 .icmph = {
1629 .icmp6_type = NDISC_REDIRECT,
1630 },
1631 .target = *target,
1632 .dest = ipv6_hdr(skb)->daddr,
1633 };
1634
1635 /*
1636 * include target_address option
1637 */
1638
1639 if (ha)
1640 ndisc_fill_redirect_addr_option(buff, ha, ops_data);
1641
1642 /*
1643 * build redirect option and copy skb over to the new packet.
1644 */
1645
1646 if (rd_len)
1647 ndisc_fill_redirect_hdr_option(buff, skb, rd_len);
1648
1649 skb_dst_set(buff, dst);
1650 ndisc_send_skb(buff, &ipv6_hdr(skb)->saddr, &saddr_buf);
1651 return;
1652
1653 release:
1654 dst_release(dst);
1655 }
1656
1657 static void pndisc_redo(struct sk_buff *skb)
1658 {
1659 ndisc_recv_ns(skb);
1660 kfree_skb(skb);
1661 }
1662
1663 static bool ndisc_suppress_frag_ndisc(struct sk_buff *skb)
1664 {
1665 struct inet6_dev *idev = __in6_dev_get(skb->dev);
1666
1667 if (!idev)
1668 return true;
1669 if (IP6CB(skb)->flags & IP6SKB_FRAGMENTED &&
1670 idev->cnf.suppress_frag_ndisc) {
1671 net_warn_ratelimited("Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.\n");
1672 return true;
1673 }
1674 return false;
1675 }
1676
1677 int ndisc_rcv(struct sk_buff *skb)
1678 {
1679 struct nd_msg *msg;
1680
1681 if (ndisc_suppress_frag_ndisc(skb))
1682 return 0;
1683
1684 if (skb_linearize(skb))
1685 return 0;
1686
1687 msg = (struct nd_msg *)skb_transport_header(skb);
1688
1689 __skb_push(skb, skb->data - skb_transport_header(skb));
1690
1691 if (ipv6_hdr(skb)->hop_limit != 255) {
1692 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1693 ipv6_hdr(skb)->hop_limit);
1694 return 0;
1695 }
1696
1697 if (msg->icmph.icmp6_code != 0) {
1698 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1699 msg->icmph.icmp6_code);
1700 return 0;
1701 }
1702
1703 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1704
1705 switch (msg->icmph.icmp6_type) {
1706 case NDISC_NEIGHBOUR_SOLICITATION:
1707 ndisc_recv_ns(skb);
1708 break;
1709
1710 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1711 ndisc_recv_na(skb);
1712 break;
1713
1714 case NDISC_ROUTER_SOLICITATION:
1715 ndisc_recv_rs(skb);
1716 break;
1717
1718 case NDISC_ROUTER_ADVERTISEMENT:
1719 ndisc_router_discovery(skb);
1720 break;
1721
1722 case NDISC_REDIRECT:
1723 ndisc_redirect_rcv(skb);
1724 break;
1725 }
1726
1727 return 0;
1728 }
1729
1730 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1731 {
1732 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1733 struct netdev_notifier_change_info *change_info;
1734 struct net *net = dev_net(dev);
1735 struct inet6_dev *idev;
1736
1737 switch (event) {
1738 case NETDEV_CHANGEADDR:
1739 neigh_changeaddr(&nd_tbl, dev);
1740 fib6_run_gc(0, net, false);
1741 idev = in6_dev_get(dev);
1742 if (!idev)
1743 break;
1744 if (idev->cnf.ndisc_notify)
1745 ndisc_send_unsol_na(dev);
1746 in6_dev_put(idev);
1747 break;
1748 case NETDEV_CHANGE:
1749 change_info = ptr;
1750 if (change_info->flags_changed & IFF_NOARP)
1751 neigh_changeaddr(&nd_tbl, dev);
1752 break;
1753 case NETDEV_DOWN:
1754 neigh_ifdown(&nd_tbl, dev);
1755 fib6_run_gc(0, net, false);
1756 break;
1757 case NETDEV_NOTIFY_PEERS:
1758 ndisc_send_unsol_na(dev);
1759 break;
1760 default:
1761 break;
1762 }
1763
1764 return NOTIFY_DONE;
1765 }
1766
1767 static struct notifier_block ndisc_netdev_notifier = {
1768 .notifier_call = ndisc_netdev_event,
1769 };
1770
1771 #ifdef CONFIG_SYSCTL
1772 static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1773 const char *func, const char *dev_name)
1774 {
1775 static char warncomm[TASK_COMM_LEN];
1776 static int warned;
1777 if (strcmp(warncomm, current->comm) && warned < 5) {
1778 strcpy(warncomm, current->comm);
1779 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1780 warncomm, func,
1781 dev_name, ctl->procname,
1782 dev_name, ctl->procname);
1783 warned++;
1784 }
1785 }
1786
1787 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
1788 {
1789 struct net_device *dev = ctl->extra1;
1790 struct inet6_dev *idev;
1791 int ret;
1792
1793 if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1794 (strcmp(ctl->procname, "base_reachable_time") == 0))
1795 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1796
1797 if (strcmp(ctl->procname, "retrans_time") == 0)
1798 ret = neigh_proc_dointvec(ctl, write, buffer, lenp, ppos);
1799
1800 else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1801 ret = neigh_proc_dointvec_jiffies(ctl, write,
1802 buffer, lenp, ppos);
1803
1804 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1805 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1806 ret = neigh_proc_dointvec_ms_jiffies(ctl, write,
1807 buffer, lenp, ppos);
1808 else
1809 ret = -1;
1810
1811 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1812 if (ctl->data == &NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME))
1813 idev->nd_parms->reachable_time =
1814 neigh_rand_reach_time(NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME));
1815 idev->tstamp = jiffies;
1816 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1817 in6_dev_put(idev);
1818 }
1819 return ret;
1820 }
1821
1822
1823 #endif
1824
1825 static int __net_init ndisc_net_init(struct net *net)
1826 {
1827 struct ipv6_pinfo *np;
1828 struct sock *sk;
1829 int err;
1830
1831 err = inet_ctl_sock_create(&sk, PF_INET6,
1832 SOCK_RAW, IPPROTO_ICMPV6, net);
1833 if (err < 0) {
1834 ND_PRINTK(0, err,
1835 "NDISC: Failed to initialize the control socket (err %d)\n",
1836 err);
1837 return err;
1838 }
1839
1840 net->ipv6.ndisc_sk = sk;
1841
1842 np = inet6_sk(sk);
1843 np->hop_limit = 255;
1844 /* Do not loopback ndisc messages */
1845 np->mc_loop = 0;
1846
1847 return 0;
1848 }
1849
1850 static void __net_exit ndisc_net_exit(struct net *net)
1851 {
1852 inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1853 }
1854
1855 static struct pernet_operations ndisc_net_ops = {
1856 .init = ndisc_net_init,
1857 .exit = ndisc_net_exit,
1858 };
1859
1860 int __init ndisc_init(void)
1861 {
1862 int err;
1863
1864 err = register_pernet_subsys(&ndisc_net_ops);
1865 if (err)
1866 return err;
1867 /*
1868 * Initialize the neighbour table
1869 */
1870 neigh_table_init(NEIGH_ND_TABLE, &nd_tbl);
1871
1872 #ifdef CONFIG_SYSCTL
1873 err = neigh_sysctl_register(NULL, &nd_tbl.parms,
1874 ndisc_ifinfo_sysctl_change);
1875 if (err)
1876 goto out_unregister_pernet;
1877 out:
1878 #endif
1879 return err;
1880
1881 #ifdef CONFIG_SYSCTL
1882 out_unregister_pernet:
1883 unregister_pernet_subsys(&ndisc_net_ops);
1884 goto out;
1885 #endif
1886 }
1887
1888 int __init ndisc_late_init(void)
1889 {
1890 return register_netdevice_notifier(&ndisc_netdev_notifier);
1891 }
1892
1893 void ndisc_late_cleanup(void)
1894 {
1895 unregister_netdevice_notifier(&ndisc_netdev_notifier);
1896 }
1897
1898 void ndisc_cleanup(void)
1899 {
1900 #ifdef CONFIG_SYSCTL
1901 neigh_sysctl_unregister(&nd_tbl.parms);
1902 #endif
1903 neigh_table_clear(NEIGH_ND_TABLE, &nd_tbl);
1904 unregister_pernet_subsys(&ndisc_net_ops);
1905 }
Ubuntu Artful kernel mirror