2 * Neighbour Discovery for IPv6
3 * Linux INET6 implementation
6 * Pedro Roque <roque@di.fc.ul.pt>
7 * Mike Shaver <shaver@ingenia.com>
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version
12 * 2 of the License, or (at your option) any later version.
18 * Alexey I. Froloff : RFC6106 (DNSSL) support
19 * Pierre Ynard : export userland ND options
20 * through netlink (RDNSS support)
21 * Lars Fenneberg : fixed MTU setting on receipt
23 * Janos Farkas : kmalloc failure checks
24 * Alexey Kuznetsov : state machine reworked
25 * and moved to net/core.
26 * Pekka Savola : RFC2461 validation
27 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly
30 #define pr_fmt(fmt) "ICMPv6: " fmt
32 #include <linux/module.h>
33 #include <linux/errno.h>
34 #include <linux/types.h>
35 #include <linux/socket.h>
36 #include <linux/sockios.h>
37 #include <linux/sched.h>
38 #include <linux/net.h>
39 #include <linux/in6.h>
40 #include <linux/route.h>
41 #include <linux/init.h>
42 #include <linux/rcupdate.h>
43 #include <linux/slab.h>
45 #include <linux/sysctl.h>
48 #include <linux/if_addr.h>
49 #include <linux/if_arp.h>
50 #include <linux/ipv6.h>
51 #include <linux/icmpv6.h>
52 #include <linux/jhash.h>
58 #include <net/protocol.h>
59 #include <net/ndisc.h>
60 #include <net/ip6_route.h>
61 #include <net/addrconf.h>
64 #include <net/netlink.h>
65 #include <linux/rtnetlink.h>
68 #include <net/ip6_checksum.h>
69 #include <net/inet_common.h>
70 #include <net/l3mdev.h>
71 #include <linux/proc_fs.h>
73 #include <linux/netfilter.h>
74 #include <linux/netfilter_ipv6.h>
76 /* Set to 3 to get tracing... */
79 #define ND_PRINTK(val, level, fmt, ...) \
81 if (val <= ND_DEBUG) \
82 net_##level##_ratelimited(fmt, ##__VA_ARGS__); \
85 static u32
ndisc_hash(const void *pkey
,
86 const struct net_device
*dev
,
88 static bool ndisc_key_eq(const struct neighbour
*neigh
, const void *pkey
);
89 static int ndisc_constructor(struct neighbour
*neigh
);
90 static void ndisc_solicit(struct neighbour
*neigh
, struct sk_buff
*skb
);
91 static void ndisc_error_report(struct neighbour
*neigh
, struct sk_buff
*skb
);
92 static int pndisc_constructor(struct pneigh_entry
*n
);
93 static void pndisc_destructor(struct pneigh_entry
*n
);
94 static void pndisc_redo(struct sk_buff
*skb
);
96 static const struct neigh_ops ndisc_generic_ops
= {
98 .solicit
= ndisc_solicit
,
99 .error_report
= ndisc_error_report
,
100 .output
= neigh_resolve_output
,
101 .connected_output
= neigh_connected_output
,
104 static const struct neigh_ops ndisc_hh_ops
= {
106 .solicit
= ndisc_solicit
,
107 .error_report
= ndisc_error_report
,
108 .output
= neigh_resolve_output
,
109 .connected_output
= neigh_resolve_output
,
113 static const struct neigh_ops ndisc_direct_ops
= {
115 .output
= neigh_direct_output
,
116 .connected_output
= neigh_direct_output
,
119 struct neigh_table nd_tbl
= {
121 .key_len
= sizeof(struct in6_addr
),
122 .protocol
= cpu_to_be16(ETH_P_IPV6
),
124 .key_eq
= ndisc_key_eq
,
125 .constructor
= ndisc_constructor
,
126 .pconstructor
= pndisc_constructor
,
127 .pdestructor
= pndisc_destructor
,
128 .proxy_redo
= pndisc_redo
,
132 .reachable_time
= ND_REACHABLE_TIME
,
134 [NEIGH_VAR_MCAST_PROBES
] = 3,
135 [NEIGH_VAR_UCAST_PROBES
] = 3,
136 [NEIGH_VAR_RETRANS_TIME
] = ND_RETRANS_TIMER
,
137 [NEIGH_VAR_BASE_REACHABLE_TIME
] = ND_REACHABLE_TIME
,
138 [NEIGH_VAR_DELAY_PROBE_TIME
] = 5 * HZ
,
139 [NEIGH_VAR_GC_STALETIME
] = 60 * HZ
,
140 [NEIGH_VAR_QUEUE_LEN_BYTES
] = 64 * 1024,
141 [NEIGH_VAR_PROXY_QLEN
] = 64,
142 [NEIGH_VAR_ANYCAST_DELAY
] = 1 * HZ
,
143 [NEIGH_VAR_PROXY_DELAY
] = (8 * HZ
) / 10,
146 .gc_interval
= 30 * HZ
,
151 EXPORT_SYMBOL_GPL(nd_tbl
);
153 static void __ndisc_fill_addr_option(struct sk_buff
*skb
, int type
, void *data
,
154 int data_len
, int pad
)
156 int space
= __ndisc_opt_addr_space(data_len
, pad
);
157 u8
*opt
= skb_put(skb
, space
);
162 memset(opt
+ 2, 0, pad
);
166 memcpy(opt
+2, data
, data_len
);
171 memset(opt
, 0, space
);
174 static inline void ndisc_fill_addr_option(struct sk_buff
*skb
, int type
,
175 void *data
, u8 icmp6_type
)
177 __ndisc_fill_addr_option(skb
, type
, data
, skb
->dev
->addr_len
,
178 ndisc_addr_option_pad(skb
->dev
->type
));
179 ndisc_ops_fill_addr_option(skb
->dev
, skb
, icmp6_type
);
182 static inline void ndisc_fill_redirect_addr_option(struct sk_buff
*skb
,
186 ndisc_fill_addr_option(skb
, ND_OPT_TARGET_LL_ADDR
, ha
, NDISC_REDIRECT
);
187 ndisc_ops_fill_redirect_addr_option(skb
->dev
, skb
, ops_data
);
190 static struct nd_opt_hdr
*ndisc_next_option(struct nd_opt_hdr
*cur
,
191 struct nd_opt_hdr
*end
)
194 if (!cur
|| !end
|| cur
>= end
)
196 type
= cur
->nd_opt_type
;
198 cur
= ((void *)cur
) + (cur
->nd_opt_len
<< 3);
199 } while (cur
< end
&& cur
->nd_opt_type
!= type
);
200 return cur
<= end
&& cur
->nd_opt_type
== type
? cur
: NULL
;
203 static inline int ndisc_is_useropt(const struct net_device
*dev
,
204 struct nd_opt_hdr
*opt
)
206 return opt
->nd_opt_type
== ND_OPT_RDNSS
||
207 opt
->nd_opt_type
== ND_OPT_DNSSL
||
208 ndisc_ops_is_useropt(dev
, opt
->nd_opt_type
);
211 static struct nd_opt_hdr
*ndisc_next_useropt(const struct net_device
*dev
,
212 struct nd_opt_hdr
*cur
,
213 struct nd_opt_hdr
*end
)
215 if (!cur
|| !end
|| cur
>= end
)
218 cur
= ((void *)cur
) + (cur
->nd_opt_len
<< 3);
219 } while (cur
< end
&& !ndisc_is_useropt(dev
, cur
));
220 return cur
<= end
&& ndisc_is_useropt(dev
, cur
) ? cur
: NULL
;
223 struct ndisc_options
*ndisc_parse_options(const struct net_device
*dev
,
224 u8
*opt
, int opt_len
,
225 struct ndisc_options
*ndopts
)
227 struct nd_opt_hdr
*nd_opt
= (struct nd_opt_hdr
*)opt
;
229 if (!nd_opt
|| opt_len
< 0 || !ndopts
)
231 memset(ndopts
, 0, sizeof(*ndopts
));
234 if (opt_len
< sizeof(struct nd_opt_hdr
))
236 l
= nd_opt
->nd_opt_len
<< 3;
237 if (opt_len
< l
|| l
== 0)
239 if (ndisc_ops_parse_options(dev
, nd_opt
, ndopts
))
241 switch (nd_opt
->nd_opt_type
) {
242 case ND_OPT_SOURCE_LL_ADDR
:
243 case ND_OPT_TARGET_LL_ADDR
:
245 case ND_OPT_REDIRECT_HDR
:
246 if (ndopts
->nd_opt_array
[nd_opt
->nd_opt_type
]) {
248 "%s: duplicated ND6 option found: type=%d\n",
249 __func__
, nd_opt
->nd_opt_type
);
251 ndopts
->nd_opt_array
[nd_opt
->nd_opt_type
] = nd_opt
;
254 case ND_OPT_PREFIX_INFO
:
255 ndopts
->nd_opts_pi_end
= nd_opt
;
256 if (!ndopts
->nd_opt_array
[nd_opt
->nd_opt_type
])
257 ndopts
->nd_opt_array
[nd_opt
->nd_opt_type
] = nd_opt
;
259 #ifdef CONFIG_IPV6_ROUTE_INFO
260 case ND_OPT_ROUTE_INFO
:
261 ndopts
->nd_opts_ri_end
= nd_opt
;
262 if (!ndopts
->nd_opts_ri
)
263 ndopts
->nd_opts_ri
= nd_opt
;
267 if (ndisc_is_useropt(dev
, nd_opt
)) {
268 ndopts
->nd_useropts_end
= nd_opt
;
269 if (!ndopts
->nd_useropts
)
270 ndopts
->nd_useropts
= nd_opt
;
273 * Unknown options must be silently ignored,
274 * to accommodate future extension to the
278 "%s: ignored unsupported option; type=%d, len=%d\n",
286 nd_opt
= ((void *)nd_opt
) + l
;
291 int ndisc_mc_map(const struct in6_addr
*addr
, char *buf
, struct net_device
*dev
, int dir
)
295 case ARPHRD_IEEE802
: /* Not sure. Check it later. --ANK */
297 ipv6_eth_mc_map(addr
, buf
);
300 ipv6_arcnet_mc_map(addr
, buf
);
302 case ARPHRD_INFINIBAND
:
303 ipv6_ib_mc_map(addr
, dev
->broadcast
, buf
);
306 return ipv6_ipgre_mc_map(addr
, dev
->broadcast
, buf
);
309 memcpy(buf
, dev
->broadcast
, dev
->addr_len
);
315 EXPORT_SYMBOL(ndisc_mc_map
);
317 static u32
ndisc_hash(const void *pkey
,
318 const struct net_device
*dev
,
321 return ndisc_hashfn(pkey
, dev
, hash_rnd
);
324 static bool ndisc_key_eq(const struct neighbour
*n
, const void *pkey
)
326 return neigh_key_eq128(n
, pkey
);
329 static int ndisc_constructor(struct neighbour
*neigh
)
331 struct in6_addr
*addr
= (struct in6_addr
*)&neigh
->primary_key
;
332 struct net_device
*dev
= neigh
->dev
;
333 struct inet6_dev
*in6_dev
;
334 struct neigh_parms
*parms
;
335 bool is_multicast
= ipv6_addr_is_multicast(addr
);
337 in6_dev
= in6_dev_get(dev
);
342 parms
= in6_dev
->nd_parms
;
343 __neigh_parms_put(neigh
->parms
);
344 neigh
->parms
= neigh_parms_clone(parms
);
346 neigh
->type
= is_multicast
? RTN_MULTICAST
: RTN_UNICAST
;
347 if (!dev
->header_ops
) {
348 neigh
->nud_state
= NUD_NOARP
;
349 neigh
->ops
= &ndisc_direct_ops
;
350 neigh
->output
= neigh_direct_output
;
353 neigh
->nud_state
= NUD_NOARP
;
354 ndisc_mc_map(addr
, neigh
->ha
, dev
, 1);
355 } else if (dev
->flags
&(IFF_NOARP
|IFF_LOOPBACK
)) {
356 neigh
->nud_state
= NUD_NOARP
;
357 memcpy(neigh
->ha
, dev
->dev_addr
, dev
->addr_len
);
358 if (dev
->flags
&IFF_LOOPBACK
)
359 neigh
->type
= RTN_LOCAL
;
360 } else if (dev
->flags
&IFF_POINTOPOINT
) {
361 neigh
->nud_state
= NUD_NOARP
;
362 memcpy(neigh
->ha
, dev
->broadcast
, dev
->addr_len
);
364 if (dev
->header_ops
->cache
)
365 neigh
->ops
= &ndisc_hh_ops
;
367 neigh
->ops
= &ndisc_generic_ops
;
368 if (neigh
->nud_state
&NUD_VALID
)
369 neigh
->output
= neigh
->ops
->connected_output
;
371 neigh
->output
= neigh
->ops
->output
;
373 in6_dev_put(in6_dev
);
377 static int pndisc_constructor(struct pneigh_entry
*n
)
379 struct in6_addr
*addr
= (struct in6_addr
*)&n
->key
;
380 struct in6_addr maddr
;
381 struct net_device
*dev
= n
->dev
;
383 if (!dev
|| !__in6_dev_get(dev
))
385 addrconf_addr_solict_mult(addr
, &maddr
);
386 ipv6_dev_mc_inc(dev
, &maddr
);
390 static void pndisc_destructor(struct pneigh_entry
*n
)
392 struct in6_addr
*addr
= (struct in6_addr
*)&n
->key
;
393 struct in6_addr maddr
;
394 struct net_device
*dev
= n
->dev
;
396 if (!dev
|| !__in6_dev_get(dev
))
398 addrconf_addr_solict_mult(addr
, &maddr
);
399 ipv6_dev_mc_dec(dev
, &maddr
);
402 static struct sk_buff
*ndisc_alloc_skb(struct net_device
*dev
,
405 int hlen
= LL_RESERVED_SPACE(dev
);
406 int tlen
= dev
->needed_tailroom
;
407 struct sock
*sk
= dev_net(dev
)->ipv6
.ndisc_sk
;
410 skb
= alloc_skb(hlen
+ sizeof(struct ipv6hdr
) + len
+ tlen
, GFP_ATOMIC
);
412 ND_PRINTK(0, err
, "ndisc: %s failed to allocate an skb\n",
417 skb
->protocol
= htons(ETH_P_IPV6
);
420 skb_reserve(skb
, hlen
+ sizeof(struct ipv6hdr
));
421 skb_reset_transport_header(skb
);
423 /* Manually assign socket ownership as we avoid calling
424 * sock_alloc_send_pskb() to bypass wmem buffer limits
426 skb_set_owner_w(skb
, sk
);
431 static void ip6_nd_hdr(struct sk_buff
*skb
,
432 const struct in6_addr
*saddr
,
433 const struct in6_addr
*daddr
,
434 int hop_limit
, int len
)
438 skb_push(skb
, sizeof(*hdr
));
439 skb_reset_network_header(skb
);
442 ip6_flow_hdr(hdr
, 0, 0);
444 hdr
->payload_len
= htons(len
);
445 hdr
->nexthdr
= IPPROTO_ICMPV6
;
446 hdr
->hop_limit
= hop_limit
;
452 static void ndisc_send_skb(struct sk_buff
*skb
,
453 const struct in6_addr
*daddr
,
454 const struct in6_addr
*saddr
)
456 struct dst_entry
*dst
= skb_dst(skb
);
457 struct net
*net
= dev_net(skb
->dev
);
458 struct sock
*sk
= net
->ipv6
.ndisc_sk
;
459 struct inet6_dev
*idev
;
461 struct icmp6hdr
*icmp6h
= icmp6_hdr(skb
);
464 type
= icmp6h
->icmp6_type
;
468 int oif
= l3mdev_fib_oif(skb
->dev
);
470 icmpv6_flow_init(sk
, &fl6
, type
, saddr
, daddr
, oif
);
471 if (oif
!= skb
->dev
->ifindex
)
472 fl6
.flowi6_flags
|= FLOWI_FLAG_L3MDEV_SRC
;
473 dst
= icmp6_dst_alloc(skb
->dev
, &fl6
);
479 skb_dst_set(skb
, dst
);
482 icmp6h
->icmp6_cksum
= csum_ipv6_magic(saddr
, daddr
, skb
->len
,
487 ip6_nd_hdr(skb
, saddr
, daddr
, inet6_sk(sk
)->hop_limit
, skb
->len
);
490 idev
= __in6_dev_get(dst
->dev
);
491 IP6_UPD_PO_STATS(net
, idev
, IPSTATS_MIB_OUT
, skb
->len
);
493 err
= NF_HOOK(NFPROTO_IPV6
, NF_INET_LOCAL_OUT
,
494 net
, sk
, skb
, NULL
, dst
->dev
,
497 ICMP6MSGOUT_INC_STATS(net
, idev
, type
);
498 ICMP6_INC_STATS(net
, idev
, ICMP6_MIB_OUTMSGS
);
504 void ndisc_send_na(struct net_device
*dev
, const struct in6_addr
*daddr
,
505 const struct in6_addr
*solicited_addr
,
506 bool router
, bool solicited
, bool override
, bool inc_opt
)
509 struct in6_addr tmpaddr
;
510 struct inet6_ifaddr
*ifp
;
511 const struct in6_addr
*src_addr
;
515 /* for anycast or proxy, solicited_addr != src_addr */
516 ifp
= ipv6_get_ifaddr(dev_net(dev
), solicited_addr
, dev
, 1);
518 src_addr
= solicited_addr
;
519 if (ifp
->flags
& IFA_F_OPTIMISTIC
)
521 inc_opt
|= ifp
->idev
->cnf
.force_tllao
;
524 if (ipv6_dev_get_saddr(dev_net(dev
), dev
, daddr
,
525 inet6_sk(dev_net(dev
)->ipv6
.ndisc_sk
)->srcprefs
,
534 optlen
+= ndisc_opt_addr_space(dev
,
535 NDISC_NEIGHBOUR_ADVERTISEMENT
);
537 skb
= ndisc_alloc_skb(dev
, sizeof(*msg
) + optlen
);
541 msg
= (struct nd_msg
*)skb_put(skb
, sizeof(*msg
));
542 *msg
= (struct nd_msg
) {
544 .icmp6_type
= NDISC_NEIGHBOUR_ADVERTISEMENT
,
545 .icmp6_router
= router
,
546 .icmp6_solicited
= solicited
,
547 .icmp6_override
= override
,
549 .target
= *solicited_addr
,
553 ndisc_fill_addr_option(skb
, ND_OPT_TARGET_LL_ADDR
,
555 NDISC_NEIGHBOUR_ADVERTISEMENT
);
557 ndisc_send_skb(skb
, daddr
, src_addr
);
560 static void ndisc_send_unsol_na(struct net_device
*dev
)
562 struct inet6_dev
*idev
;
563 struct inet6_ifaddr
*ifa
;
565 idev
= in6_dev_get(dev
);
569 read_lock_bh(&idev
->lock
);
570 list_for_each_entry(ifa
, &idev
->addr_list
, if_list
) {
571 ndisc_send_na(dev
, &in6addr_linklocal_allnodes
, &ifa
->addr
,
572 /*router=*/ !!idev
->cnf
.forwarding
,
573 /*solicited=*/ false, /*override=*/ true,
576 read_unlock_bh(&idev
->lock
);
581 void ndisc_send_ns(struct net_device
*dev
, const struct in6_addr
*solicit
,
582 const struct in6_addr
*daddr
, const struct in6_addr
*saddr
)
585 struct in6_addr addr_buf
;
586 int inc_opt
= dev
->addr_len
;
591 if (ipv6_get_lladdr(dev
, &addr_buf
,
592 (IFA_F_TENTATIVE
|IFA_F_OPTIMISTIC
)))
597 if (ipv6_addr_any(saddr
))
600 optlen
+= ndisc_opt_addr_space(dev
,
601 NDISC_NEIGHBOUR_SOLICITATION
);
603 skb
= ndisc_alloc_skb(dev
, sizeof(*msg
) + optlen
);
607 msg
= (struct nd_msg
*)skb_put(skb
, sizeof(*msg
));
608 *msg
= (struct nd_msg
) {
610 .icmp6_type
= NDISC_NEIGHBOUR_SOLICITATION
,
616 ndisc_fill_addr_option(skb
, ND_OPT_SOURCE_LL_ADDR
,
618 NDISC_NEIGHBOUR_SOLICITATION
);
620 ndisc_send_skb(skb
, daddr
, saddr
);
623 void ndisc_send_rs(struct net_device
*dev
, const struct in6_addr
*saddr
,
624 const struct in6_addr
*daddr
)
628 int send_sllao
= dev
->addr_len
;
631 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
633 * According to section 2.2 of RFC 4429, we must not
634 * send router solicitations with a sllao from
635 * optimistic addresses, but we may send the solicitation
636 * if we don't include the sllao. So here we check
637 * if our address is optimistic, and if so, we
638 * suppress the inclusion of the sllao.
641 struct inet6_ifaddr
*ifp
= ipv6_get_ifaddr(dev_net(dev
), saddr
,
644 if (ifp
->flags
& IFA_F_OPTIMISTIC
) {
654 optlen
+= ndisc_opt_addr_space(dev
, NDISC_ROUTER_SOLICITATION
);
656 skb
= ndisc_alloc_skb(dev
, sizeof(*msg
) + optlen
);
660 msg
= (struct rs_msg
*)skb_put(skb
, sizeof(*msg
));
661 *msg
= (struct rs_msg
) {
663 .icmp6_type
= NDISC_ROUTER_SOLICITATION
,
668 ndisc_fill_addr_option(skb
, ND_OPT_SOURCE_LL_ADDR
,
670 NDISC_ROUTER_SOLICITATION
);
672 ndisc_send_skb(skb
, daddr
, saddr
);
676 static void ndisc_error_report(struct neighbour
*neigh
, struct sk_buff
*skb
)
679 * "The sender MUST return an ICMP
680 * destination unreachable"
682 dst_link_failure(skb
);
686 /* Called with locked neigh: either read or both */
688 static void ndisc_solicit(struct neighbour
*neigh
, struct sk_buff
*skb
)
690 struct in6_addr
*saddr
= NULL
;
691 struct in6_addr mcaddr
;
692 struct net_device
*dev
= neigh
->dev
;
693 struct in6_addr
*target
= (struct in6_addr
*)&neigh
->primary_key
;
694 int probes
= atomic_read(&neigh
->probes
);
696 if (skb
&& ipv6_chk_addr_and_flags(dev_net(dev
), &ipv6_hdr(skb
)->saddr
,
698 IFA_F_TENTATIVE
|IFA_F_OPTIMISTIC
))
699 saddr
= &ipv6_hdr(skb
)->saddr
;
700 probes
-= NEIGH_VAR(neigh
->parms
, UCAST_PROBES
);
702 if (!(neigh
->nud_state
& NUD_VALID
)) {
704 "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
707 ndisc_send_ns(dev
, target
, target
, saddr
);
708 } else if ((probes
-= NEIGH_VAR(neigh
->parms
, APP_PROBES
)) < 0) {
711 addrconf_addr_solict_mult(target
, &mcaddr
);
712 ndisc_send_ns(dev
, target
, &mcaddr
, saddr
);
716 static int pndisc_is_router(const void *pkey
,
717 struct net_device
*dev
)
719 struct pneigh_entry
*n
;
722 read_lock_bh(&nd_tbl
.lock
);
723 n
= __pneigh_lookup(&nd_tbl
, dev_net(dev
), pkey
, dev
);
725 ret
= !!(n
->flags
& NTF_ROUTER
);
726 read_unlock_bh(&nd_tbl
.lock
);
731 void ndisc_update(const struct net_device
*dev
, struct neighbour
*neigh
,
732 const u8
*lladdr
, u8
new, u32 flags
, u8 icmp6_type
,
733 struct ndisc_options
*ndopts
)
735 neigh_update(neigh
, lladdr
, new, flags
);
736 /* report ndisc ops about neighbour update */
737 ndisc_ops_update(dev
, neigh
, flags
, icmp6_type
, ndopts
);
740 static void ndisc_recv_ns(struct sk_buff
*skb
)
742 struct nd_msg
*msg
= (struct nd_msg
*)skb_transport_header(skb
);
743 const struct in6_addr
*saddr
= &ipv6_hdr(skb
)->saddr
;
744 const struct in6_addr
*daddr
= &ipv6_hdr(skb
)->daddr
;
746 u32 ndoptlen
= skb_tail_pointer(skb
) - (skb_transport_header(skb
) +
747 offsetof(struct nd_msg
, opt
));
748 struct ndisc_options ndopts
;
749 struct net_device
*dev
= skb
->dev
;
750 struct inet6_ifaddr
*ifp
;
751 struct inet6_dev
*idev
= NULL
;
752 struct neighbour
*neigh
;
753 int dad
= ipv6_addr_any(saddr
);
757 if (skb
->len
< sizeof(struct nd_msg
)) {
758 ND_PRINTK(2, warn
, "NS: packet too short\n");
762 if (ipv6_addr_is_multicast(&msg
->target
)) {
763 ND_PRINTK(2, warn
, "NS: multicast target address\n");
769 * DAD has to be destined for solicited node multicast address.
771 if (dad
&& !ipv6_addr_is_solict_mult(daddr
)) {
772 ND_PRINTK(2, warn
, "NS: bad DAD packet (wrong destination)\n");
776 if (!ndisc_parse_options(dev
, msg
->opt
, ndoptlen
, &ndopts
)) {
777 ND_PRINTK(2, warn
, "NS: invalid ND options\n");
781 if (ndopts
.nd_opts_src_lladdr
) {
782 lladdr
= ndisc_opt_addr_data(ndopts
.nd_opts_src_lladdr
, dev
);
785 "NS: invalid link-layer address length\n");
790 * If the IP source address is the unspecified address,
791 * there MUST NOT be source link-layer address option
796 "NS: bad DAD packet (link-layer address option)\n");
801 inc
= ipv6_addr_is_multicast(daddr
);
803 ifp
= ipv6_get_ifaddr(dev_net(dev
), &msg
->target
, dev
, 1);
806 if (ifp
->flags
& (IFA_F_TENTATIVE
|IFA_F_OPTIMISTIC
)) {
809 * We are colliding with another node
811 * so fail our DAD process
813 addrconf_dad_failure(ifp
);
817 * This is not a dad solicitation.
818 * If we are an optimistic node,
820 * Otherwise, we should ignore it.
822 if (!(ifp
->flags
& IFA_F_OPTIMISTIC
))
829 struct net
*net
= dev_net(dev
);
831 /* perhaps an address on the master device */
832 if (netif_is_l3_slave(dev
)) {
833 struct net_device
*mdev
;
835 mdev
= netdev_master_upper_dev_get_rcu(dev
);
837 ifp
= ipv6_get_ifaddr(net
, &msg
->target
, mdev
, 1);
843 idev
= in6_dev_get(dev
);
845 /* XXX: count this drop? */
849 if (ipv6_chk_acast_addr(net
, dev
, &msg
->target
) ||
850 (idev
->cnf
.forwarding
&&
851 (net
->ipv6
.devconf_all
->proxy_ndp
|| idev
->cnf
.proxy_ndp
) &&
852 (is_router
= pndisc_is_router(&msg
->target
, dev
)) >= 0)) {
853 if (!(NEIGH_CB(skb
)->flags
& LOCALLY_ENQUEUED
) &&
854 skb
->pkt_type
!= PACKET_HOST
&&
856 NEIGH_VAR(idev
->nd_parms
, PROXY_DELAY
) != 0) {
858 * for anycast or proxy,
859 * sender should delay its response
860 * by a random time between 0 and
861 * MAX_ANYCAST_DELAY_TIME seconds.
862 * (RFC2461) -- yoshfuji
864 struct sk_buff
*n
= skb_clone(skb
, GFP_ATOMIC
);
866 pneigh_enqueue(&nd_tbl
, idev
->nd_parms
, n
);
874 is_router
= idev
->cnf
.forwarding
;
877 ndisc_send_na(dev
, &in6addr_linklocal_allnodes
, &msg
->target
,
878 !!is_router
, false, (ifp
!= NULL
), true);
883 NEIGH_CACHE_STAT_INC(&nd_tbl
, rcv_probes_mcast
);
885 NEIGH_CACHE_STAT_INC(&nd_tbl
, rcv_probes_ucast
);
888 * update / create cache entry
889 * for the source address
891 neigh
= __neigh_lookup(&nd_tbl
, saddr
, dev
,
892 !inc
|| lladdr
|| !dev
->addr_len
);
894 ndisc_update(dev
, neigh
, lladdr
, NUD_STALE
,
895 NEIGH_UPDATE_F_WEAK_OVERRIDE
|
896 NEIGH_UPDATE_F_OVERRIDE
,
897 NDISC_NEIGHBOUR_SOLICITATION
, &ndopts
);
898 if (neigh
|| !dev
->header_ops
) {
899 ndisc_send_na(dev
, saddr
, &msg
->target
, !!is_router
,
900 true, (ifp
!= NULL
&& inc
), inc
);
902 neigh_release(neigh
);
912 static void ndisc_recv_na(struct sk_buff
*skb
)
914 struct nd_msg
*msg
= (struct nd_msg
*)skb_transport_header(skb
);
915 struct in6_addr
*saddr
= &ipv6_hdr(skb
)->saddr
;
916 const struct in6_addr
*daddr
= &ipv6_hdr(skb
)->daddr
;
918 u32 ndoptlen
= skb_tail_pointer(skb
) - (skb_transport_header(skb
) +
919 offsetof(struct nd_msg
, opt
));
920 struct ndisc_options ndopts
;
921 struct net_device
*dev
= skb
->dev
;
922 struct inet6_dev
*idev
= __in6_dev_get(dev
);
923 struct inet6_ifaddr
*ifp
;
924 struct neighbour
*neigh
;
926 if (skb
->len
< sizeof(struct nd_msg
)) {
927 ND_PRINTK(2, warn
, "NA: packet too short\n");
931 if (ipv6_addr_is_multicast(&msg
->target
)) {
932 ND_PRINTK(2, warn
, "NA: target address is multicast\n");
936 if (ipv6_addr_is_multicast(daddr
) &&
937 msg
->icmph
.icmp6_solicited
) {
938 ND_PRINTK(2, warn
, "NA: solicited NA is multicasted\n");
942 /* For some 802.11 wireless deployments (and possibly other networks),
943 * there will be a NA proxy and unsolicitd packets are attacks
944 * and thus should not be accepted.
946 if (!msg
->icmph
.icmp6_solicited
&& idev
&&
947 idev
->cnf
.drop_unsolicited_na
)
950 if (!ndisc_parse_options(dev
, msg
->opt
, ndoptlen
, &ndopts
)) {
951 ND_PRINTK(2, warn
, "NS: invalid ND option\n");
954 if (ndopts
.nd_opts_tgt_lladdr
) {
955 lladdr
= ndisc_opt_addr_data(ndopts
.nd_opts_tgt_lladdr
, dev
);
958 "NA: invalid link-layer address length\n");
962 ifp
= ipv6_get_ifaddr(dev_net(dev
), &msg
->target
, dev
, 1);
964 if (skb
->pkt_type
!= PACKET_LOOPBACK
965 && (ifp
->flags
& IFA_F_TENTATIVE
)) {
966 addrconf_dad_failure(ifp
);
969 /* What should we make now? The advertisement
970 is invalid, but ndisc specs say nothing
971 about it. It could be misconfiguration, or
972 an smart proxy agent tries to help us :-)
974 We should not print the error if NA has been
975 received from loopback - it is just our own
976 unsolicited advertisement.
978 if (skb
->pkt_type
!= PACKET_LOOPBACK
)
980 "NA: someone advertises our address %pI6 on %s!\n",
981 &ifp
->addr
, ifp
->idev
->dev
->name
);
985 neigh
= neigh_lookup(&nd_tbl
, &msg
->target
, dev
);
988 u8 old_flags
= neigh
->flags
;
989 struct net
*net
= dev_net(dev
);
991 if (neigh
->nud_state
& NUD_FAILED
)
995 * Don't update the neighbor cache entry on a proxy NA from
996 * ourselves because either the proxied node is off link or it
997 * has already sent a NA to us.
999 if (lladdr
&& !memcmp(lladdr
, dev
->dev_addr
, dev
->addr_len
) &&
1000 net
->ipv6
.devconf_all
->forwarding
&& net
->ipv6
.devconf_all
->proxy_ndp
&&
1001 pneigh_lookup(&nd_tbl
, net
, &msg
->target
, dev
, 0)) {
1002 /* XXX: idev->cnf.proxy_ndp */
1006 ndisc_update(dev
, neigh
, lladdr
,
1007 msg
->icmph
.icmp6_solicited
? NUD_REACHABLE
: NUD_STALE
,
1008 NEIGH_UPDATE_F_WEAK_OVERRIDE
|
1009 (msg
->icmph
.icmp6_override
? NEIGH_UPDATE_F_OVERRIDE
: 0)|
1010 NEIGH_UPDATE_F_OVERRIDE_ISROUTER
|
1011 (msg
->icmph
.icmp6_router
? NEIGH_UPDATE_F_ISROUTER
: 0),
1012 NDISC_NEIGHBOUR_ADVERTISEMENT
, &ndopts
);
1014 if ((old_flags
& ~neigh
->flags
) & NTF_ROUTER
) {
1016 * Change: router to host
1018 rt6_clean_tohost(dev_net(dev
), saddr
);
1022 neigh_release(neigh
);
1026 static void ndisc_recv_rs(struct sk_buff
*skb
)
1028 struct rs_msg
*rs_msg
= (struct rs_msg
*)skb_transport_header(skb
);
1029 unsigned long ndoptlen
= skb
->len
- sizeof(*rs_msg
);
1030 struct neighbour
*neigh
;
1031 struct inet6_dev
*idev
;
1032 const struct in6_addr
*saddr
= &ipv6_hdr(skb
)->saddr
;
1033 struct ndisc_options ndopts
;
1036 if (skb
->len
< sizeof(*rs_msg
))
1039 idev
= __in6_dev_get(skb
->dev
);
1041 ND_PRINTK(1, err
, "RS: can't find in6 device\n");
1045 /* Don't accept RS if we're not in router mode */
1046 if (!idev
->cnf
.forwarding
)
1050 * Don't update NCE if src = ::;
1051 * this implies that the source node has no ip address assigned yet.
1053 if (ipv6_addr_any(saddr
))
1056 /* Parse ND options */
1057 if (!ndisc_parse_options(skb
->dev
, rs_msg
->opt
, ndoptlen
, &ndopts
)) {
1058 ND_PRINTK(2, notice
, "NS: invalid ND option, ignored\n");
1062 if (ndopts
.nd_opts_src_lladdr
) {
1063 lladdr
= ndisc_opt_addr_data(ndopts
.nd_opts_src_lladdr
,
1069 neigh
= __neigh_lookup(&nd_tbl
, saddr
, skb
->dev
, 1);
1071 ndisc_update(skb
->dev
, neigh
, lladdr
, NUD_STALE
,
1072 NEIGH_UPDATE_F_WEAK_OVERRIDE
|
1073 NEIGH_UPDATE_F_OVERRIDE
|
1074 NEIGH_UPDATE_F_OVERRIDE_ISROUTER
,
1075 NDISC_ROUTER_SOLICITATION
, &ndopts
);
1076 neigh_release(neigh
);
1082 static void ndisc_ra_useropt(struct sk_buff
*ra
, struct nd_opt_hdr
*opt
)
1084 struct icmp6hdr
*icmp6h
= (struct icmp6hdr
*)skb_transport_header(ra
);
1085 struct sk_buff
*skb
;
1086 struct nlmsghdr
*nlh
;
1087 struct nduseroptmsg
*ndmsg
;
1088 struct net
*net
= dev_net(ra
->dev
);
1090 int base_size
= NLMSG_ALIGN(sizeof(struct nduseroptmsg
)
1091 + (opt
->nd_opt_len
<< 3));
1092 size_t msg_size
= base_size
+ nla_total_size(sizeof(struct in6_addr
));
1094 skb
= nlmsg_new(msg_size
, GFP_ATOMIC
);
1100 nlh
= nlmsg_put(skb
, 0, 0, RTM_NEWNDUSEROPT
, base_size
, 0);
1102 goto nla_put_failure
;
1105 ndmsg
= nlmsg_data(nlh
);
1106 ndmsg
->nduseropt_family
= AF_INET6
;
1107 ndmsg
->nduseropt_ifindex
= ra
->dev
->ifindex
;
1108 ndmsg
->nduseropt_icmp_type
= icmp6h
->icmp6_type
;
1109 ndmsg
->nduseropt_icmp_code
= icmp6h
->icmp6_code
;
1110 ndmsg
->nduseropt_opts_len
= opt
->nd_opt_len
<< 3;
1112 memcpy(ndmsg
+ 1, opt
, opt
->nd_opt_len
<< 3);
1114 if (nla_put_in6_addr(skb
, NDUSEROPT_SRCADDR
, &ipv6_hdr(ra
)->saddr
))
1115 goto nla_put_failure
;
1116 nlmsg_end(skb
, nlh
);
1118 rtnl_notify(skb
, net
, 0, RTNLGRP_ND_USEROPT
, NULL
, GFP_ATOMIC
);
1125 rtnl_set_sk_err(net
, RTNLGRP_ND_USEROPT
, err
);
1128 static void ndisc_router_discovery(struct sk_buff
*skb
)
1130 struct ra_msg
*ra_msg
= (struct ra_msg
*)skb_transport_header(skb
);
1131 struct neighbour
*neigh
= NULL
;
1132 struct inet6_dev
*in6_dev
;
1133 struct rt6_info
*rt
= NULL
;
1135 struct ndisc_options ndopts
;
1137 unsigned int pref
= 0;
1139 bool send_ifinfo_notify
= false;
1141 __u8
*opt
= (__u8
*)(ra_msg
+ 1);
1143 optlen
= (skb_tail_pointer(skb
) - skb_transport_header(skb
)) -
1144 sizeof(struct ra_msg
);
1147 "RA: %s, dev: %s\n",
1148 __func__
, skb
->dev
->name
);
1149 if (!(ipv6_addr_type(&ipv6_hdr(skb
)->saddr
) & IPV6_ADDR_LINKLOCAL
)) {
1150 ND_PRINTK(2, warn
, "RA: source address is not link-local\n");
1154 ND_PRINTK(2, warn
, "RA: packet too short\n");
1158 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1159 if (skb
->ndisc_nodetype
== NDISC_NODETYPE_HOST
) {
1160 ND_PRINTK(2, warn
, "RA: from host or unauthorized router\n");
1166 * set the RA_RECV flag in the interface
1169 in6_dev
= __in6_dev_get(skb
->dev
);
1171 ND_PRINTK(0, err
, "RA: can't find inet6 device for %s\n",
1176 if (!ndisc_parse_options(skb
->dev
, opt
, optlen
, &ndopts
)) {
1177 ND_PRINTK(2, warn
, "RA: invalid ND options\n");
1181 if (!ipv6_accept_ra(in6_dev
)) {
1183 "RA: %s, did not accept ra for dev: %s\n",
1184 __func__
, skb
->dev
->name
);
1185 goto skip_linkparms
;
1188 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1189 /* skip link-specific parameters from interior routers */
1190 if (skb
->ndisc_nodetype
== NDISC_NODETYPE_NODEFAULT
) {
1192 "RA: %s, nodetype is NODEFAULT, dev: %s\n",
1193 __func__
, skb
->dev
->name
);
1194 goto skip_linkparms
;
1198 if (in6_dev
->if_flags
& IF_RS_SENT
) {
1200 * flag that an RA was received after an RS was sent
1201 * out on this interface.
1203 in6_dev
->if_flags
|= IF_RA_RCVD
;
1207 * Remember the managed/otherconf flags from most recently
1208 * received RA message (RFC 2462) -- yoshfuji
1210 old_if_flags
= in6_dev
->if_flags
;
1211 in6_dev
->if_flags
= (in6_dev
->if_flags
& ~(IF_RA_MANAGED
|
1213 (ra_msg
->icmph
.icmp6_addrconf_managed
?
1214 IF_RA_MANAGED
: 0) |
1215 (ra_msg
->icmph
.icmp6_addrconf_other
?
1216 IF_RA_OTHERCONF
: 0);
1218 if (old_if_flags
!= in6_dev
->if_flags
)
1219 send_ifinfo_notify
= true;
1221 if (!in6_dev
->cnf
.accept_ra_defrtr
) {
1223 "RA: %s, defrtr is false for dev: %s\n",
1224 __func__
, skb
->dev
->name
);
1228 /* Do not accept RA with source-addr found on local machine unless
1229 * accept_ra_from_local is set to true.
1231 if (!in6_dev
->cnf
.accept_ra_from_local
&&
1232 ipv6_chk_addr(dev_net(in6_dev
->dev
), &ipv6_hdr(skb
)->saddr
,
1235 "RA from local address detected on dev: %s: default router ignored\n",
1240 lifetime
= ntohs(ra_msg
->icmph
.icmp6_rt_lifetime
);
1242 #ifdef CONFIG_IPV6_ROUTER_PREF
1243 pref
= ra_msg
->icmph
.icmp6_router_pref
;
1244 /* 10b is handled as if it were 00b (medium) */
1245 if (pref
== ICMPV6_ROUTER_PREF_INVALID
||
1246 !in6_dev
->cnf
.accept_ra_rtr_pref
)
1247 pref
= ICMPV6_ROUTER_PREF_MEDIUM
;
1250 rt
= rt6_get_dflt_router(&ipv6_hdr(skb
)->saddr
, skb
->dev
);
1253 neigh
= dst_neigh_lookup(&rt
->dst
, &ipv6_hdr(skb
)->saddr
);
1256 "RA: %s got default router without neighbour\n",
1262 if (rt
&& lifetime
== 0) {
1267 ND_PRINTK(3, info
, "RA: rt: %p lifetime: %d, for dev: %s\n",
1268 rt
, lifetime
, skb
->dev
->name
);
1269 if (!rt
&& lifetime
) {
1270 ND_PRINTK(3, info
, "RA: adding default router\n");
1272 rt
= rt6_add_dflt_router(&ipv6_hdr(skb
)->saddr
, skb
->dev
, pref
);
1275 "RA: %s failed to add default route\n",
1280 neigh
= dst_neigh_lookup(&rt
->dst
, &ipv6_hdr(skb
)->saddr
);
1283 "RA: %s got default router without neighbour\n",
1288 neigh
->flags
|= NTF_ROUTER
;
1290 rt
->rt6i_flags
= (rt
->rt6i_flags
& ~RTF_PREF_MASK
) | RTF_PREF(pref
);
1294 rt6_set_expires(rt
, jiffies
+ (HZ
* lifetime
));
1295 if (in6_dev
->cnf
.accept_ra_min_hop_limit
< 256 &&
1296 ra_msg
->icmph
.icmp6_hop_limit
) {
1297 if (in6_dev
->cnf
.accept_ra_min_hop_limit
<= ra_msg
->icmph
.icmp6_hop_limit
) {
1298 in6_dev
->cnf
.hop_limit
= ra_msg
->icmph
.icmp6_hop_limit
;
1300 dst_metric_set(&rt
->dst
, RTAX_HOPLIMIT
,
1301 ra_msg
->icmph
.icmp6_hop_limit
);
1303 ND_PRINTK(2, warn
, "RA: Got route advertisement with lower hop_limit than minimum\n");
1310 * Update Reachable Time and Retrans Timer
1313 if (in6_dev
->nd_parms
) {
1314 unsigned long rtime
= ntohl(ra_msg
->retrans_timer
);
1316 if (rtime
&& rtime
/1000 < MAX_SCHEDULE_TIMEOUT
/HZ
) {
1317 rtime
= (rtime
*HZ
)/1000;
1320 NEIGH_VAR_SET(in6_dev
->nd_parms
, RETRANS_TIME
, rtime
);
1321 in6_dev
->tstamp
= jiffies
;
1322 send_ifinfo_notify
= true;
1325 rtime
= ntohl(ra_msg
->reachable_time
);
1326 if (rtime
&& rtime
/1000 < MAX_SCHEDULE_TIMEOUT
/(3*HZ
)) {
1327 rtime
= (rtime
*HZ
)/1000;
1332 if (rtime
!= NEIGH_VAR(in6_dev
->nd_parms
, BASE_REACHABLE_TIME
)) {
1333 NEIGH_VAR_SET(in6_dev
->nd_parms
,
1334 BASE_REACHABLE_TIME
, rtime
);
1335 NEIGH_VAR_SET(in6_dev
->nd_parms
,
1336 GC_STALETIME
, 3 * rtime
);
1337 in6_dev
->nd_parms
->reachable_time
= neigh_rand_reach_time(rtime
);
1338 in6_dev
->tstamp
= jiffies
;
1339 send_ifinfo_notify
= true;
1345 * Send a notify if RA changed managed/otherconf flags or timer settings
1347 if (send_ifinfo_notify
)
1348 inet6_ifinfo_notify(RTM_NEWLINK
, in6_dev
);
1357 neigh
= __neigh_lookup(&nd_tbl
, &ipv6_hdr(skb
)->saddr
,
1361 if (ndopts
.nd_opts_src_lladdr
) {
1362 lladdr
= ndisc_opt_addr_data(ndopts
.nd_opts_src_lladdr
,
1366 "RA: invalid link-layer address length\n");
1370 ndisc_update(skb
->dev
, neigh
, lladdr
, NUD_STALE
,
1371 NEIGH_UPDATE_F_WEAK_OVERRIDE
|
1372 NEIGH_UPDATE_F_OVERRIDE
|
1373 NEIGH_UPDATE_F_OVERRIDE_ISROUTER
|
1374 NEIGH_UPDATE_F_ISROUTER
,
1375 NDISC_ROUTER_ADVERTISEMENT
, &ndopts
);
1378 if (!ipv6_accept_ra(in6_dev
)) {
1380 "RA: %s, accept_ra is false for dev: %s\n",
1381 __func__
, skb
->dev
->name
);
1385 #ifdef CONFIG_IPV6_ROUTE_INFO
1386 if (!in6_dev
->cnf
.accept_ra_from_local
&&
1387 ipv6_chk_addr(dev_net(in6_dev
->dev
), &ipv6_hdr(skb
)->saddr
,
1390 "RA from local address detected on dev: %s: router info ignored.\n",
1392 goto skip_routeinfo
;
1395 if (in6_dev
->cnf
.accept_ra_rtr_pref
&& ndopts
.nd_opts_ri
) {
1396 struct nd_opt_hdr
*p
;
1397 for (p
= ndopts
.nd_opts_ri
;
1399 p
= ndisc_next_option(p
, ndopts
.nd_opts_ri_end
)) {
1400 struct route_info
*ri
= (struct route_info
*)p
;
1401 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1402 if (skb
->ndisc_nodetype
== NDISC_NODETYPE_NODEFAULT
&&
1403 ri
->prefix_len
== 0)
1406 if (ri
->prefix_len
== 0 &&
1407 !in6_dev
->cnf
.accept_ra_defrtr
)
1409 if (ri
->prefix_len
> in6_dev
->cnf
.accept_ra_rt_info_max_plen
)
1411 rt6_route_rcv(skb
->dev
, (u8
*)p
, (p
->nd_opt_len
) << 3,
1412 &ipv6_hdr(skb
)->saddr
);
1419 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1420 /* skip link-specific ndopts from interior routers */
1421 if (skb
->ndisc_nodetype
== NDISC_NODETYPE_NODEFAULT
) {
1423 "RA: %s, nodetype is NODEFAULT (interior routes), dev: %s\n",
1424 __func__
, skb
->dev
->name
);
1429 if (in6_dev
->cnf
.accept_ra_pinfo
&& ndopts
.nd_opts_pi
) {
1430 struct nd_opt_hdr
*p
;
1431 for (p
= ndopts
.nd_opts_pi
;
1433 p
= ndisc_next_option(p
, ndopts
.nd_opts_pi_end
)) {
1434 addrconf_prefix_rcv(skb
->dev
, (u8
*)p
,
1435 (p
->nd_opt_len
) << 3,
1436 ndopts
.nd_opts_src_lladdr
!= NULL
);
1440 if (ndopts
.nd_opts_mtu
&& in6_dev
->cnf
.accept_ra_mtu
) {
1444 memcpy(&n
, ((u8
*)(ndopts
.nd_opts_mtu
+1))+2, sizeof(mtu
));
1447 if (mtu
< IPV6_MIN_MTU
|| mtu
> skb
->dev
->mtu
) {
1448 ND_PRINTK(2, warn
, "RA: invalid mtu: %d\n", mtu
);
1449 } else if (in6_dev
->cnf
.mtu6
!= mtu
) {
1450 in6_dev
->cnf
.mtu6
= mtu
;
1453 dst_metric_set(&rt
->dst
, RTAX_MTU
, mtu
);
1455 rt6_mtu_change(skb
->dev
, mtu
);
1459 if (ndopts
.nd_useropts
) {
1460 struct nd_opt_hdr
*p
;
1461 for (p
= ndopts
.nd_useropts
;
1463 p
= ndisc_next_useropt(skb
->dev
, p
,
1464 ndopts
.nd_useropts_end
)) {
1465 ndisc_ra_useropt(skb
, p
);
1469 if (ndopts
.nd_opts_tgt_lladdr
|| ndopts
.nd_opts_rh
) {
1470 ND_PRINTK(2, warn
, "RA: invalid RA options\n");
1475 neigh_release(neigh
);
1478 static void ndisc_redirect_rcv(struct sk_buff
*skb
)
1481 struct ndisc_options ndopts
;
1482 struct rd_msg
*msg
= (struct rd_msg
*)skb_transport_header(skb
);
1483 u32 ndoptlen
= skb_tail_pointer(skb
) - (skb_transport_header(skb
) +
1484 offsetof(struct rd_msg
, opt
));
1486 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1487 switch (skb
->ndisc_nodetype
) {
1488 case NDISC_NODETYPE_HOST
:
1489 case NDISC_NODETYPE_NODEFAULT
:
1491 "Redirect: from host or unauthorized router\n");
1496 if (!(ipv6_addr_type(&ipv6_hdr(skb
)->saddr
) & IPV6_ADDR_LINKLOCAL
)) {
1498 "Redirect: source address is not link-local\n");
1502 if (!ndisc_parse_options(skb
->dev
, msg
->opt
, ndoptlen
, &ndopts
))
1505 if (!ndopts
.nd_opts_rh
) {
1506 ip6_redirect_no_header(skb
, dev_net(skb
->dev
),
1507 skb
->dev
->ifindex
, 0);
1511 hdr
= (u8
*)ndopts
.nd_opts_rh
;
1513 if (!pskb_pull(skb
, hdr
- skb_transport_header(skb
)))
1516 icmpv6_notify(skb
, NDISC_REDIRECT
, 0, 0);
1519 static void ndisc_fill_redirect_hdr_option(struct sk_buff
*skb
,
1520 struct sk_buff
*orig_skb
,
1523 u8
*opt
= skb_put(skb
, rd_len
);
1526 *(opt
++) = ND_OPT_REDIRECT_HDR
;
1527 *(opt
++) = (rd_len
>> 3);
1530 memcpy(opt
, ipv6_hdr(orig_skb
), rd_len
- 8);
1533 void ndisc_send_redirect(struct sk_buff
*skb
, const struct in6_addr
*target
)
1535 struct net_device
*dev
= skb
->dev
;
1536 struct net
*net
= dev_net(dev
);
1537 struct sock
*sk
= net
->ipv6
.ndisc_sk
;
1539 struct inet_peer
*peer
;
1540 struct sk_buff
*buff
;
1542 struct in6_addr saddr_buf
;
1543 struct rt6_info
*rt
;
1544 struct dst_entry
*dst
;
1547 u8 ha_buf
[MAX_ADDR_LEN
], *ha
= NULL
,
1548 ops_data_buf
[NDISC_OPS_REDIRECT_DATA_SPACE
], *ops_data
= NULL
;
1549 int oif
= l3mdev_fib_oif(dev
);
1552 if (ipv6_get_lladdr(dev
, &saddr_buf
, IFA_F_TENTATIVE
)) {
1553 ND_PRINTK(2, warn
, "Redirect: no link-local address on %s\n",
1558 if (!ipv6_addr_equal(&ipv6_hdr(skb
)->daddr
, target
) &&
1559 ipv6_addr_type(target
) != (IPV6_ADDR_UNICAST
|IPV6_ADDR_LINKLOCAL
)) {
1561 "Redirect: target address is not link-local unicast\n");
1565 icmpv6_flow_init(sk
, &fl6
, NDISC_REDIRECT
,
1566 &saddr_buf
, &ipv6_hdr(skb
)->saddr
, oif
);
1568 if (oif
!= skb
->dev
->ifindex
)
1569 fl6
.flowi6_flags
|= FLOWI_FLAG_L3MDEV_SRC
;
1571 dst
= ip6_route_output(net
, NULL
, &fl6
);
1576 dst
= xfrm_lookup(net
, dst
, flowi6_to_flowi(&fl6
), NULL
, 0);
1580 rt
= (struct rt6_info
*) dst
;
1582 if (rt
->rt6i_flags
& RTF_GATEWAY
) {
1584 "Redirect: destination is not a neighbour\n");
1587 peer
= inet_getpeer_v6(net
->ipv6
.peers
, &ipv6_hdr(skb
)->saddr
, 1);
1588 ret
= inet_peer_xrlim_allow(peer
, 1*HZ
);
1594 if (dev
->addr_len
) {
1595 struct neighbour
*neigh
= dst_neigh_lookup(skb_dst(skb
), target
);
1598 "Redirect: no neigh for target address\n");
1602 read_lock_bh(&neigh
->lock
);
1603 if (neigh
->nud_state
& NUD_VALID
) {
1604 memcpy(ha_buf
, neigh
->ha
, dev
->addr_len
);
1605 read_unlock_bh(&neigh
->lock
);
1607 optlen
+= ndisc_redirect_opt_addr_space(dev
, neigh
,
1611 read_unlock_bh(&neigh
->lock
);
1613 neigh_release(neigh
);
1616 rd_len
= min_t(unsigned int,
1617 IPV6_MIN_MTU
- sizeof(struct ipv6hdr
) - sizeof(*msg
) - optlen
,
1622 buff
= ndisc_alloc_skb(dev
, sizeof(*msg
) + optlen
);
1626 msg
= (struct rd_msg
*)skb_put(buff
, sizeof(*msg
));
1627 *msg
= (struct rd_msg
) {
1629 .icmp6_type
= NDISC_REDIRECT
,
1632 .dest
= ipv6_hdr(skb
)->daddr
,
1636 * include target_address option
1640 ndisc_fill_redirect_addr_option(buff
, ha
, ops_data
);
1643 * build redirect option and copy skb over to the new packet.
1647 ndisc_fill_redirect_hdr_option(buff
, skb
, rd_len
);
1649 skb_dst_set(buff
, dst
);
1650 ndisc_send_skb(buff
, &ipv6_hdr(skb
)->saddr
, &saddr_buf
);
1657 static void pndisc_redo(struct sk_buff
*skb
)
1663 static bool ndisc_suppress_frag_ndisc(struct sk_buff
*skb
)
1665 struct inet6_dev
*idev
= __in6_dev_get(skb
->dev
);
1669 if (IP6CB(skb
)->flags
& IP6SKB_FRAGMENTED
&&
1670 idev
->cnf
.suppress_frag_ndisc
) {
1671 net_warn_ratelimited("Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.\n");
1677 int ndisc_rcv(struct sk_buff
*skb
)
1681 if (ndisc_suppress_frag_ndisc(skb
))
1684 if (skb_linearize(skb
))
1687 msg
= (struct nd_msg
*)skb_transport_header(skb
);
1689 __skb_push(skb
, skb
->data
- skb_transport_header(skb
));
1691 if (ipv6_hdr(skb
)->hop_limit
!= 255) {
1692 ND_PRINTK(2, warn
, "NDISC: invalid hop-limit: %d\n",
1693 ipv6_hdr(skb
)->hop_limit
);
1697 if (msg
->icmph
.icmp6_code
!= 0) {
1698 ND_PRINTK(2, warn
, "NDISC: invalid ICMPv6 code: %d\n",
1699 msg
->icmph
.icmp6_code
);
1703 memset(NEIGH_CB(skb
), 0, sizeof(struct neighbour_cb
));
1705 switch (msg
->icmph
.icmp6_type
) {
1706 case NDISC_NEIGHBOUR_SOLICITATION
:
1710 case NDISC_NEIGHBOUR_ADVERTISEMENT
:
1714 case NDISC_ROUTER_SOLICITATION
:
1718 case NDISC_ROUTER_ADVERTISEMENT
:
1719 ndisc_router_discovery(skb
);
1722 case NDISC_REDIRECT
:
1723 ndisc_redirect_rcv(skb
);
1730 static int ndisc_netdev_event(struct notifier_block
*this, unsigned long event
, void *ptr
)
1732 struct net_device
*dev
= netdev_notifier_info_to_dev(ptr
);
1733 struct netdev_notifier_change_info
*change_info
;
1734 struct net
*net
= dev_net(dev
);
1735 struct inet6_dev
*idev
;
1738 case NETDEV_CHANGEADDR
:
1739 neigh_changeaddr(&nd_tbl
, dev
);
1740 fib6_run_gc(0, net
, false);
1741 idev
= in6_dev_get(dev
);
1744 if (idev
->cnf
.ndisc_notify
)
1745 ndisc_send_unsol_na(dev
);
1750 if (change_info
->flags_changed
& IFF_NOARP
)
1751 neigh_changeaddr(&nd_tbl
, dev
);
1754 neigh_ifdown(&nd_tbl
, dev
);
1755 fib6_run_gc(0, net
, false);
1757 case NETDEV_NOTIFY_PEERS
:
1758 ndisc_send_unsol_na(dev
);
1767 static struct notifier_block ndisc_netdev_notifier
= {
1768 .notifier_call
= ndisc_netdev_event
,
1771 #ifdef CONFIG_SYSCTL
1772 static void ndisc_warn_deprecated_sysctl(struct ctl_table
*ctl
,
1773 const char *func
, const char *dev_name
)
1775 static char warncomm
[TASK_COMM_LEN
];
1777 if (strcmp(warncomm
, current
->comm
) && warned
< 5) {
1778 strcpy(warncomm
, current
->comm
);
1779 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1781 dev_name
, ctl
->procname
,
1782 dev_name
, ctl
->procname
);
1787 int ndisc_ifinfo_sysctl_change(struct ctl_table
*ctl
, int write
, void __user
*buffer
, size_t *lenp
, loff_t
*ppos
)
1789 struct net_device
*dev
= ctl
->extra1
;
1790 struct inet6_dev
*idev
;
1793 if ((strcmp(ctl
->procname
, "retrans_time") == 0) ||
1794 (strcmp(ctl
->procname
, "base_reachable_time") == 0))
1795 ndisc_warn_deprecated_sysctl(ctl
, "syscall", dev
? dev
->name
: "default");
1797 if (strcmp(ctl
->procname
, "retrans_time") == 0)
1798 ret
= neigh_proc_dointvec(ctl
, write
, buffer
, lenp
, ppos
);
1800 else if (strcmp(ctl
->procname
, "base_reachable_time") == 0)
1801 ret
= neigh_proc_dointvec_jiffies(ctl
, write
,
1802 buffer
, lenp
, ppos
);
1804 else if ((strcmp(ctl
->procname
, "retrans_time_ms") == 0) ||
1805 (strcmp(ctl
->procname
, "base_reachable_time_ms") == 0))
1806 ret
= neigh_proc_dointvec_ms_jiffies(ctl
, write
,
1807 buffer
, lenp
, ppos
);
1811 if (write
&& ret
== 0 && dev
&& (idev
= in6_dev_get(dev
)) != NULL
) {
1812 if (ctl
->data
== &NEIGH_VAR(idev
->nd_parms
, BASE_REACHABLE_TIME
))
1813 idev
->nd_parms
->reachable_time
=
1814 neigh_rand_reach_time(NEIGH_VAR(idev
->nd_parms
, BASE_REACHABLE_TIME
));
1815 idev
->tstamp
= jiffies
;
1816 inet6_ifinfo_notify(RTM_NEWLINK
, idev
);
1825 static int __net_init
ndisc_net_init(struct net
*net
)
1827 struct ipv6_pinfo
*np
;
1831 err
= inet_ctl_sock_create(&sk
, PF_INET6
,
1832 SOCK_RAW
, IPPROTO_ICMPV6
, net
);
1835 "NDISC: Failed to initialize the control socket (err %d)\n",
1840 net
->ipv6
.ndisc_sk
= sk
;
1843 np
->hop_limit
= 255;
1844 /* Do not loopback ndisc messages */
1850 static void __net_exit
ndisc_net_exit(struct net
*net
)
1852 inet_ctl_sock_destroy(net
->ipv6
.ndisc_sk
);
1855 static struct pernet_operations ndisc_net_ops
= {
1856 .init
= ndisc_net_init
,
1857 .exit
= ndisc_net_exit
,
1860 int __init
ndisc_init(void)
1864 err
= register_pernet_subsys(&ndisc_net_ops
);
1868 * Initialize the neighbour table
1870 neigh_table_init(NEIGH_ND_TABLE
, &nd_tbl
);
1872 #ifdef CONFIG_SYSCTL
1873 err
= neigh_sysctl_register(NULL
, &nd_tbl
.parms
,
1874 ndisc_ifinfo_sysctl_change
);
1876 goto out_unregister_pernet
;
1881 #ifdef CONFIG_SYSCTL
1882 out_unregister_pernet
:
1883 unregister_pernet_subsys(&ndisc_net_ops
);
1888 int __init
ndisc_late_init(void)
1890 return register_netdevice_notifier(&ndisc_netdev_notifier
);
1893 void ndisc_late_cleanup(void)
1895 unregister_netdevice_notifier(&ndisc_netdev_notifier
);
1898 void ndisc_cleanup(void)
1900 #ifdef CONFIG_SYSCTL
1901 neigh_sysctl_unregister(&nd_tbl
.parms
);
1903 neigh_table_clear(NEIGH_ND_TABLE
, &nd_tbl
);
1904 unregister_pernet_subsys(&ndisc_net_ops
);