]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blob - net/ipv6/ndisc.c
projects / mirror_ubuntu-bionic-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
[NET]: sparse warning fixes
[mirror_ubuntu-bionic-kernel.git] / net / ipv6 / ndisc.c
1 /*
2 * Neighbour Discovery for IPv6
3 * Linux INET6 implementation
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 * Mike Shaver <shaver@ingenia.com>
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version
12 * 2 of the License, or (at your option) any later version.
13 */
14
15 /*
16 * Changes:
17 *
18 * Lars Fenneberg : fixed MTU setting on receipt
19 * of an RA.
20 *
21 * Janos Farkas : kmalloc failure checks
22 * Alexey Kuznetsov : state machine reworked
23 * and moved to net/core.
24 * Pekka Savola : RFC2461 validation
25 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly
26 */
27
28 /* Set to 3 to get tracing... */
29 #define ND_DEBUG 1
30
31 #define ND_PRINTK(fmt, args...) do { if (net_ratelimit()) { printk(fmt, ## args); } } while(0)
32 #define ND_NOPRINTK(x...) do { ; } while(0)
33 #define ND_PRINTK0 ND_PRINTK
34 #define ND_PRINTK1 ND_NOPRINTK
35 #define ND_PRINTK2 ND_NOPRINTK
36 #define ND_PRINTK3 ND_NOPRINTK
37 #if ND_DEBUG >= 1
38 #undef ND_PRINTK1
39 #define ND_PRINTK1 ND_PRINTK
40 #endif
41 #if ND_DEBUG >= 2
42 #undef ND_PRINTK2
43 #define ND_PRINTK2 ND_PRINTK
44 #endif
45 #if ND_DEBUG >= 3
46 #undef ND_PRINTK3
47 #define ND_PRINTK3 ND_PRINTK
48 #endif
49
50 #include <linux/module.h>
51 #include <linux/errno.h>
52 #include <linux/types.h>
53 #include <linux/socket.h>
54 #include <linux/sockios.h>
55 #include <linux/sched.h>
56 #include <linux/net.h>
57 #include <linux/in6.h>
58 #include <linux/route.h>
59 #include <linux/init.h>
60 #include <linux/rcupdate.h>
61 #ifdef CONFIG_SYSCTL
62 #include <linux/sysctl.h>
63 #endif
64
65 #include <linux/if_addr.h>
66 #include <linux/if_arp.h>
67 #include <linux/ipv6.h>
68 #include <linux/icmpv6.h>
69 #include <linux/jhash.h>
70
71 #include <net/sock.h>
72 #include <net/snmp.h>
73
74 #include <net/ipv6.h>
75 #include <net/protocol.h>
76 #include <net/ndisc.h>
77 #include <net/ip6_route.h>
78 #include <net/addrconf.h>
79 #include <net/icmp.h>
80
81 #include <net/flow.h>
82 #include <net/ip6_checksum.h>
83 #include <linux/proc_fs.h>
84
85 #include <linux/netfilter.h>
86 #include <linux/netfilter_ipv6.h>
87
88 static struct socket *ndisc_socket;
89
90 static u32 ndisc_hash(const void *pkey, const struct net_device *dev);
91 static int ndisc_constructor(struct neighbour *neigh);
92 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
93 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
94 static int pndisc_constructor(struct pneigh_entry *n);
95 static void pndisc_destructor(struct pneigh_entry *n);
96 static void pndisc_redo(struct sk_buff *skb);
97
98 static struct neigh_ops ndisc_generic_ops = {
99 .family = AF_INET6,
100 .solicit = ndisc_solicit,
101 .error_report = ndisc_error_report,
102 .output = neigh_resolve_output,
103 .connected_output = neigh_connected_output,
104 .hh_output = dev_queue_xmit,
105 .queue_xmit = dev_queue_xmit,
106 };
107
108 static struct neigh_ops ndisc_hh_ops = {
109 .family = AF_INET6,
110 .solicit = ndisc_solicit,
111 .error_report = ndisc_error_report,
112 .output = neigh_resolve_output,
113 .connected_output = neigh_resolve_output,
114 .hh_output = dev_queue_xmit,
115 .queue_xmit = dev_queue_xmit,
116 };
117
118
119 static struct neigh_ops ndisc_direct_ops = {
120 .family = AF_INET6,
121 .output = dev_queue_xmit,
122 .connected_output = dev_queue_xmit,
123 .hh_output = dev_queue_xmit,
124 .queue_xmit = dev_queue_xmit,
125 };
126
127 struct neigh_table nd_tbl = {
128 .family = AF_INET6,
129 .entry_size = sizeof(struct neighbour) + sizeof(struct in6_addr),
130 .key_len = sizeof(struct in6_addr),
131 .hash = ndisc_hash,
132 .constructor = ndisc_constructor,
133 .pconstructor = pndisc_constructor,
134 .pdestructor = pndisc_destructor,
135 .proxy_redo = pndisc_redo,
136 .id = "ndisc_cache",
137 .parms = {
138 .tbl = &nd_tbl,
139 .base_reachable_time = 30 * HZ,
140 .retrans_time = 1 * HZ,
141 .gc_staletime = 60 * HZ,
142 .reachable_time = 30 * HZ,
143 .delay_probe_time = 5 * HZ,
144 .queue_len = 3,
145 .ucast_probes = 3,
146 .mcast_probes = 3,
147 .anycast_delay = 1 * HZ,
148 .proxy_delay = (8 * HZ) / 10,
149 .proxy_qlen = 64,
150 },
151 .gc_interval = 30 * HZ,
152 .gc_thresh1 = 128,
153 .gc_thresh2 = 512,
154 .gc_thresh3 = 1024,
155 };
156
157 /* ND options */
158 struct ndisc_options {
159 struct nd_opt_hdr *nd_opt_array[__ND_OPT_ARRAY_MAX];
160 #ifdef CONFIG_IPV6_ROUTE_INFO
161 struct nd_opt_hdr *nd_opts_ri;
162 struct nd_opt_hdr *nd_opts_ri_end;
163 #endif
164 };
165
166 #define nd_opts_src_lladdr nd_opt_array[ND_OPT_SOURCE_LL_ADDR]
167 #define nd_opts_tgt_lladdr nd_opt_array[ND_OPT_TARGET_LL_ADDR]
168 #define nd_opts_pi nd_opt_array[ND_OPT_PREFIX_INFO]
169 #define nd_opts_pi_end nd_opt_array[__ND_OPT_PREFIX_INFO_END]
170 #define nd_opts_rh nd_opt_array[ND_OPT_REDIRECT_HDR]
171 #define nd_opts_mtu nd_opt_array[ND_OPT_MTU]
172
173 #define NDISC_OPT_SPACE(len) (((len)+2+7)&~7)
174
175 /*
176 * Return the padding between the option length and the start of the
177 * link addr. Currently only IP-over-InfiniBand needs this, although
178 * if RFC 3831 IPv6-over-Fibre Channel is ever implemented it may
179 * also need a pad of 2.
180 */
181 static int ndisc_addr_option_pad(unsigned short type)
182 {
183 switch (type) {
184 case ARPHRD_INFINIBAND: return 2;
185 default: return 0;
186 }
187 }
188
189 static inline int ndisc_opt_addr_space(struct net_device *dev)
190 {
191 return NDISC_OPT_SPACE(dev->addr_len + ndisc_addr_option_pad(dev->type));
192 }
193
194 static u8 *ndisc_fill_addr_option(u8 *opt, int type, void *data, int data_len,
195 unsigned short addr_type)
196 {
197 int space = NDISC_OPT_SPACE(data_len);
198 int pad = ndisc_addr_option_pad(addr_type);
199
200 opt[0] = type;
201 opt[1] = space>>3;
202
203 memset(opt + 2, 0, pad);
204 opt += pad;
205 space -= pad;
206
207 memcpy(opt+2, data, data_len);
208 data_len += 2;
209 opt += data_len;
210 if ((space -= data_len) > 0)
211 memset(opt, 0, space);
212 return opt + space;
213 }
214
215 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
216 struct nd_opt_hdr *end)
217 {
218 int type;
219 if (!cur || !end || cur >= end)
220 return NULL;
221 type = cur->nd_opt_type;
222 do {
223 cur = ((void *)cur) + (cur->nd_opt_len << 3);
224 } while(cur < end && cur->nd_opt_type != type);
225 return (cur <= end && cur->nd_opt_type == type ? cur : NULL);
226 }
227
228 static struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
229 struct ndisc_options *ndopts)
230 {
231 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
232
233 if (!nd_opt || opt_len < 0 || !ndopts)
234 return NULL;
235 memset(ndopts, 0, sizeof(*ndopts));
236 while (opt_len) {
237 int l;
238 if (opt_len < sizeof(struct nd_opt_hdr))
239 return NULL;
240 l = nd_opt->nd_opt_len << 3;
241 if (opt_len < l || l == 0)
242 return NULL;
243 switch (nd_opt->nd_opt_type) {
244 case ND_OPT_SOURCE_LL_ADDR:
245 case ND_OPT_TARGET_LL_ADDR:
246 case ND_OPT_MTU:
247 case ND_OPT_REDIRECT_HDR:
248 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
249 ND_PRINTK2(KERN_WARNING
250 "%s(): duplicated ND6 option found: type=%d\n",
251 __FUNCTION__,
252 nd_opt->nd_opt_type);
253 } else {
254 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
255 }
256 break;
257 case ND_OPT_PREFIX_INFO:
258 ndopts->nd_opts_pi_end = nd_opt;
259 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
260 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
261 break;
262 #ifdef CONFIG_IPV6_ROUTE_INFO
263 case ND_OPT_ROUTE_INFO:
264 ndopts->nd_opts_ri_end = nd_opt;
265 if (!ndopts->nd_opts_ri)
266 ndopts->nd_opts_ri = nd_opt;
267 break;
268 #endif
269 default:
270 /*
271 * Unknown options must be silently ignored,
272 * to accommodate future extension to the protocol.
273 */
274 ND_PRINTK2(KERN_NOTICE
275 "%s(): ignored unsupported option; type=%d, len=%d\n",
276 __FUNCTION__,
277 nd_opt->nd_opt_type, nd_opt->nd_opt_len);
278 }
279 opt_len -= l;
280 nd_opt = ((void *)nd_opt) + l;
281 }
282 return ndopts;
283 }
284
285 static inline u8 *ndisc_opt_addr_data(struct nd_opt_hdr *p,
286 struct net_device *dev)
287 {
288 u8 *lladdr = (u8 *)(p + 1);
289 int lladdrlen = p->nd_opt_len << 3;
290 int prepad = ndisc_addr_option_pad(dev->type);
291 if (lladdrlen != NDISC_OPT_SPACE(dev->addr_len + prepad))
292 return NULL;
293 return (lladdr + prepad);
294 }
295
296 int ndisc_mc_map(struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
297 {
298 switch (dev->type) {
299 case ARPHRD_ETHER:
300 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */
301 case ARPHRD_FDDI:
302 ipv6_eth_mc_map(addr, buf);
303 return 0;
304 case ARPHRD_IEEE802_TR:
305 ipv6_tr_mc_map(addr,buf);
306 return 0;
307 case ARPHRD_ARCNET:
308 ipv6_arcnet_mc_map(addr, buf);
309 return 0;
310 case ARPHRD_INFINIBAND:
311 ipv6_ib_mc_map(addr, buf);
312 return 0;
313 default:
314 if (dir) {
315 memcpy(buf, dev->broadcast, dev->addr_len);
316 return 0;
317 }
318 }
319 return -EINVAL;
320 }
321
322 EXPORT_SYMBOL(ndisc_mc_map);
323
324 static u32 ndisc_hash(const void *pkey, const struct net_device *dev)
325 {
326 const u32 *p32 = pkey;
327 u32 addr_hash, i;
328
329 addr_hash = 0;
330 for (i = 0; i < (sizeof(struct in6_addr) / sizeof(u32)); i++)
331 addr_hash ^= *p32++;
332
333 return jhash_2words(addr_hash, dev->ifindex, nd_tbl.hash_rnd);
334 }
335
336 static int ndisc_constructor(struct neighbour *neigh)
337 {
338 struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key;
339 struct net_device *dev = neigh->dev;
340 struct inet6_dev *in6_dev;
341 struct neigh_parms *parms;
342 int is_multicast = ipv6_addr_is_multicast(addr);
343
344 rcu_read_lock();
345 in6_dev = in6_dev_get(dev);
346 if (in6_dev == NULL) {
347 rcu_read_unlock();
348 return -EINVAL;
349 }
350
351 parms = in6_dev->nd_parms;
352 __neigh_parms_put(neigh->parms);
353 neigh->parms = neigh_parms_clone(parms);
354 rcu_read_unlock();
355
356 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
357 if (!dev->header_ops) {
358 neigh->nud_state = NUD_NOARP;
359 neigh->ops = &ndisc_direct_ops;
360 neigh->output = neigh->ops->queue_xmit;
361 } else {
362 if (is_multicast) {
363 neigh->nud_state = NUD_NOARP;
364 ndisc_mc_map(addr, neigh->ha, dev, 1);
365 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
366 neigh->nud_state = NUD_NOARP;
367 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
368 if (dev->flags&IFF_LOOPBACK)
369 neigh->type = RTN_LOCAL;
370 } else if (dev->flags&IFF_POINTOPOINT) {
371 neigh->nud_state = NUD_NOARP;
372 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
373 }
374 if (dev->header_ops->cache)
375 neigh->ops = &ndisc_hh_ops;
376 else
377 neigh->ops = &ndisc_generic_ops;
378 if (neigh->nud_state&NUD_VALID)
379 neigh->output = neigh->ops->connected_output;
380 else
381 neigh->output = neigh->ops->output;
382 }
383 in6_dev_put(in6_dev);
384 return 0;
385 }
386
387 static int pndisc_constructor(struct pneigh_entry *n)
388 {
389 struct in6_addr *addr = (struct in6_addr*)&n->key;
390 struct in6_addr maddr;
391 struct net_device *dev = n->dev;
392
393 if (dev == NULL || __in6_dev_get(dev) == NULL)
394 return -EINVAL;
395 addrconf_addr_solict_mult(addr, &maddr);
396 ipv6_dev_mc_inc(dev, &maddr);
397 return 0;
398 }
399
400 static void pndisc_destructor(struct pneigh_entry *n)
401 {
402 struct in6_addr *addr = (struct in6_addr*)&n->key;
403 struct in6_addr maddr;
404 struct net_device *dev = n->dev;
405
406 if (dev == NULL || __in6_dev_get(dev) == NULL)
407 return;
408 addrconf_addr_solict_mult(addr, &maddr);
409 ipv6_dev_mc_dec(dev, &maddr);
410 }
411
412 /*
413 * Send a Neighbour Advertisement
414 */
415
416 static inline void ndisc_flow_init(struct flowi *fl, u8 type,
417 struct in6_addr *saddr, struct in6_addr *daddr,
418 int oif)
419 {
420 memset(fl, 0, sizeof(*fl));
421 ipv6_addr_copy(&fl->fl6_src, saddr);
422 ipv6_addr_copy(&fl->fl6_dst, daddr);
423 fl->proto = IPPROTO_ICMPV6;
424 fl->fl_icmp_type = type;
425 fl->fl_icmp_code = 0;
426 fl->oif = oif;
427 security_sk_classify_flow(ndisc_socket->sk, fl);
428 }
429
430 static void __ndisc_send(struct net_device *dev,
431 struct neighbour *neigh,
432 struct in6_addr *daddr, struct in6_addr *saddr,
433 struct icmp6hdr *icmp6h, struct in6_addr *target,
434 int llinfo)
435 {
436 struct flowi fl;
437 struct dst_entry *dst;
438 struct sock *sk = ndisc_socket->sk;
439 struct sk_buff *skb;
440 struct icmp6hdr *hdr;
441 struct inet6_dev *idev;
442 int len;
443 int err;
444 u8 *opt, type;
445
446 type = icmp6h->icmp6_type;
447
448 ndisc_flow_init(&fl, type, saddr, daddr,
449 dev->ifindex);
450
451 dst = ndisc_dst_alloc(dev, neigh, daddr, ip6_output);
452 if (!dst)
453 return;
454
455 err = xfrm_lookup(&dst, &fl, NULL, 0);
456 if (err < 0)
457 return;
458
459 if (!dev->addr_len)
460 llinfo = 0;
461
462 len = sizeof(struct icmp6hdr) + (target ? sizeof(*target) : 0);
463 if (llinfo)
464 len += ndisc_opt_addr_space(dev);
465
466 skb = sock_alloc_send_skb(sk,
467 (MAX_HEADER + sizeof(struct ipv6hdr) +
468 len + LL_RESERVED_SPACE(dev)),
469 1, &err);
470 if (!skb) {
471 ND_PRINTK0(KERN_ERR
472 "ICMPv6 ND: %s() failed to allocate an skb.\n",
473 __FUNCTION__);
474 dst_release(dst);
475 return;
476 }
477
478 skb_reserve(skb, LL_RESERVED_SPACE(dev));
479 ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len);
480
481 skb->transport_header = skb->tail;
482 skb_put(skb, len);
483
484 hdr = (struct icmp6hdr *)skb_transport_header(skb);
485 memcpy(hdr, icmp6h, sizeof(*hdr));
486
487 opt = skb_transport_header(skb) + sizeof(struct icmp6hdr);
488 if (target) {
489 ipv6_addr_copy((struct in6_addr *)opt, target);
490 opt += sizeof(*target);
491 }
492
493 if (llinfo)
494 ndisc_fill_addr_option(opt, llinfo, dev->dev_addr,
495 dev->addr_len, dev->type);
496
497 hdr->icmp6_cksum = csum_ipv6_magic(saddr, daddr, len,
498 IPPROTO_ICMPV6,
499 csum_partial((__u8 *) hdr,
500 len, 0));
501
502 skb->dst = dst;
503
504 idev = in6_dev_get(dst->dev);
505 IP6_INC_STATS(idev, IPSTATS_MIB_OUTREQUESTS);
506
507 err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, dst_output);
508 if (!err) {
509 ICMP6MSGOUT_INC_STATS(idev, type);
510 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS);
511 }
512
513 if (likely(idev != NULL))
514 in6_dev_put(idev);
515 }
516
517 static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
518 struct in6_addr *daddr, struct in6_addr *solicited_addr,
519 int router, int solicited, int override, int inc_opt)
520 {
521 struct in6_addr tmpaddr;
522 struct inet6_ifaddr *ifp;
523 struct in6_addr *src_addr;
524 struct icmp6hdr icmp6h = {
525 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
526 };
527
528 /* for anycast or proxy, solicited_addr != src_addr */
529 ifp = ipv6_get_ifaddr(solicited_addr, dev, 1);
530 if (ifp) {
531 src_addr = solicited_addr;
532 if (ifp->flags & IFA_F_OPTIMISTIC)
533 override = 0;
534 in6_ifa_put(ifp);
535 } else {
536 if (ipv6_dev_get_saddr(dev, daddr, &tmpaddr))
537 return;
538 src_addr = &tmpaddr;
539 }
540
541 icmp6h.icmp6_router = router;
542 icmp6h.icmp6_solicited = solicited;
543 icmp6h.icmp6_override = override;
544
545 __ndisc_send(dev, neigh, daddr, src_addr,
546 &icmp6h, solicited_addr,
547 inc_opt ? ND_OPT_TARGET_LL_ADDR : 0);
548 }
549
550 void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh,
551 struct in6_addr *solicit,
552 struct in6_addr *daddr, struct in6_addr *saddr)
553 {
554 struct in6_addr addr_buf;
555 struct icmp6hdr icmp6h = {
556 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
557 };
558
559 if (saddr == NULL) {
560 if (ipv6_get_lladdr(dev, &addr_buf,
561 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
562 return;
563 saddr = &addr_buf;
564 }
565
566 __ndisc_send(dev, neigh, daddr, saddr,
567 &icmp6h, solicit,
568 !ipv6_addr_any(saddr) ? ND_OPT_SOURCE_LL_ADDR : 0);
569 }
570
571 void ndisc_send_rs(struct net_device *dev, struct in6_addr *saddr,
572 struct in6_addr *daddr)
573 {
574 struct icmp6hdr icmp6h = {
575 .icmp6_type = NDISC_ROUTER_SOLICITATION,
576 };
577 int send_sllao = dev->addr_len;
578
579 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
580 /*
581 * According to section 2.2 of RFC 4429, we must not
582 * send router solicitations with a sllao from
583 * optimistic addresses, but we may send the solicitation
584 * if we don't include the sllao. So here we check
585 * if our address is optimistic, and if so, we
586 * supress the inclusion of the sllao.
587 */
588 if (send_sllao) {
589 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(saddr, dev, 1);
590 if (ifp) {
591 if (ifp->flags & IFA_F_OPTIMISTIC) {
592 send_sllao = 0;
593 }
594 in6_ifa_put(ifp);
595 } else {
596 send_sllao = 0;
597 }
598 }
599 #endif
600 __ndisc_send(dev, NULL, daddr, saddr,
601 &icmp6h, NULL,
602 send_sllao ? ND_OPT_SOURCE_LL_ADDR : 0);
603 }
604
605
606 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
607 {
608 /*
609 * "The sender MUST return an ICMP
610 * destination unreachable"
611 */
612 dst_link_failure(skb);
613 kfree_skb(skb);
614 }
615
616 /* Called with locked neigh: either read or both */
617
618 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
619 {
620 struct in6_addr *saddr = NULL;
621 struct in6_addr mcaddr;
622 struct net_device *dev = neigh->dev;
623 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
624 int probes = atomic_read(&neigh->probes);
625
626 if (skb && ipv6_chk_addr(&ipv6_hdr(skb)->saddr, dev, 1))
627 saddr = &ipv6_hdr(skb)->saddr;
628
629 if ((probes -= neigh->parms->ucast_probes) < 0) {
630 if (!(neigh->nud_state & NUD_VALID)) {
631 ND_PRINTK1(KERN_DEBUG
632 "%s(): trying to ucast probe in NUD_INVALID: "
633 NIP6_FMT "\n",
634 __FUNCTION__,
635 NIP6(*target));
636 }
637 ndisc_send_ns(dev, neigh, target, target, saddr);
638 } else if ((probes -= neigh->parms->app_probes) < 0) {
639 #ifdef CONFIG_ARPD
640 neigh_app_ns(neigh);
641 #endif
642 } else {
643 addrconf_addr_solict_mult(target, &mcaddr);
644 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr);
645 }
646 }
647
648 static void ndisc_recv_ns(struct sk_buff *skb)
649 {
650 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
651 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
652 struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
653 u8 *lladdr = NULL;
654 u32 ndoptlen = skb->tail - (skb->transport_header +
655 offsetof(struct nd_msg, opt));
656 struct ndisc_options ndopts;
657 struct net_device *dev = skb->dev;
658 struct inet6_ifaddr *ifp;
659 struct inet6_dev *idev = NULL;
660 struct neighbour *neigh;
661 struct pneigh_entry *pneigh = NULL;
662 int dad = ipv6_addr_any(saddr);
663 int inc;
664 int is_router;
665
666 if (ipv6_addr_is_multicast(&msg->target)) {
667 ND_PRINTK2(KERN_WARNING
668 "ICMPv6 NS: multicast target address");
669 return;
670 }
671
672 /*
673 * RFC2461 7.1.1:
674 * DAD has to be destined for solicited node multicast address.
675 */
676 if (dad &&
677 !(daddr->s6_addr32[0] == htonl(0xff020000) &&
678 daddr->s6_addr32[1] == htonl(0x00000000) &&
679 daddr->s6_addr32[2] == htonl(0x00000001) &&
680 daddr->s6_addr [12] == 0xff )) {
681 ND_PRINTK2(KERN_WARNING
682 "ICMPv6 NS: bad DAD packet (wrong destination)\n");
683 return;
684 }
685
686 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
687 ND_PRINTK2(KERN_WARNING
688 "ICMPv6 NS: invalid ND options\n");
689 return;
690 }
691
692 if (ndopts.nd_opts_src_lladdr) {
693 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
694 if (!lladdr) {
695 ND_PRINTK2(KERN_WARNING
696 "ICMPv6 NS: invalid link-layer address length\n");
697 return;
698 }
699
700 /* RFC2461 7.1.1:
701 * If the IP source address is the unspecified address,
702 * there MUST NOT be source link-layer address option
703 * in the message.
704 */
705 if (dad) {
706 ND_PRINTK2(KERN_WARNING
707 "ICMPv6 NS: bad DAD packet (link-layer address option)\n");
708 return;
709 }
710 }
711
712 inc = ipv6_addr_is_multicast(daddr);
713
714 if ((ifp = ipv6_get_ifaddr(&msg->target, dev, 1)) != NULL) {
715
716 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
717 if (dad) {
718 if (dev->type == ARPHRD_IEEE802_TR) {
719 const unsigned char *sadr;
720 sadr = skb_mac_header(skb);
721 if (((sadr[8] ^ dev->dev_addr[0]) & 0x7f) == 0 &&
722 sadr[9] == dev->dev_addr[1] &&
723 sadr[10] == dev->dev_addr[2] &&
724 sadr[11] == dev->dev_addr[3] &&
725 sadr[12] == dev->dev_addr[4] &&
726 sadr[13] == dev->dev_addr[5]) {
727 /* looped-back to us */
728 goto out;
729 }
730 }
731
732 /*
733 * We are colliding with another node
734 * who is doing DAD
735 * so fail our DAD process
736 */
737 addrconf_dad_failure(ifp);
738 return;
739 } else {
740 /*
741 * This is not a dad solicitation.
742 * If we are an optimistic node,
743 * we should respond.
744 * Otherwise, we should ignore it.
745 */
746 if (!(ifp->flags & IFA_F_OPTIMISTIC))
747 goto out;
748 }
749 }
750
751 idev = ifp->idev;
752 } else {
753 idev = in6_dev_get(dev);
754 if (!idev) {
755 /* XXX: count this drop? */
756 return;
757 }
758
759 if (ipv6_chk_acast_addr(dev, &msg->target) ||
760 (idev->cnf.forwarding &&
761 (ipv6_devconf.proxy_ndp || idev->cnf.proxy_ndp) &&
762 (pneigh = pneigh_lookup(&nd_tbl,
763 &msg->target, dev, 0)) != NULL)) {
764 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
765 skb->pkt_type != PACKET_HOST &&
766 inc != 0 &&
767 idev->nd_parms->proxy_delay != 0) {
768 /*
769 * for anycast or proxy,
770 * sender should delay its response
771 * by a random time between 0 and
772 * MAX_ANYCAST_DELAY_TIME seconds.
773 * (RFC2461) -- yoshfuji
774 */
775 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
776 if (n)
777 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
778 goto out;
779 }
780 } else
781 goto out;
782 }
783
784 is_router = !!(pneigh ? pneigh->flags & NTF_ROUTER : idev->cnf.forwarding);
785
786 if (dad) {
787 struct in6_addr maddr;
788
789 ipv6_addr_all_nodes(&maddr);
790 ndisc_send_na(dev, NULL, &maddr, &msg->target,
791 is_router, 0, (ifp != NULL), 1);
792 goto out;
793 }
794
795 if (inc)
796 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
797 else
798 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
799
800 /*
801 * update / create cache entry
802 * for the source address
803 */
804 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
805 !inc || lladdr || !dev->addr_len);
806 if (neigh)
807 neigh_update(neigh, lladdr, NUD_STALE,
808 NEIGH_UPDATE_F_WEAK_OVERRIDE|
809 NEIGH_UPDATE_F_OVERRIDE);
810 if (neigh || !dev->header_ops) {
811 ndisc_send_na(dev, neigh, saddr, &msg->target,
812 is_router,
813 1, (ifp != NULL && inc), inc);
814 if (neigh)
815 neigh_release(neigh);
816 }
817
818 out:
819 if (ifp)
820 in6_ifa_put(ifp);
821 else
822 in6_dev_put(idev);
823
824 return;
825 }
826
827 static void ndisc_recv_na(struct sk_buff *skb)
828 {
829 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
830 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
831 struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
832 u8 *lladdr = NULL;
833 u32 ndoptlen = skb->tail - (skb->transport_header +
834 offsetof(struct nd_msg, opt));
835 struct ndisc_options ndopts;
836 struct net_device *dev = skb->dev;
837 struct inet6_ifaddr *ifp;
838 struct neighbour *neigh;
839
840 if (skb->len < sizeof(struct nd_msg)) {
841 ND_PRINTK2(KERN_WARNING
842 "ICMPv6 NA: packet too short\n");
843 return;
844 }
845
846 if (ipv6_addr_is_multicast(&msg->target)) {
847 ND_PRINTK2(KERN_WARNING
848 "ICMPv6 NA: target address is multicast.\n");
849 return;
850 }
851
852 if (ipv6_addr_is_multicast(daddr) &&
853 msg->icmph.icmp6_solicited) {
854 ND_PRINTK2(KERN_WARNING
855 "ICMPv6 NA: solicited NA is multicasted.\n");
856 return;
857 }
858
859 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
860 ND_PRINTK2(KERN_WARNING
861 "ICMPv6 NS: invalid ND option\n");
862 return;
863 }
864 if (ndopts.nd_opts_tgt_lladdr) {
865 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
866 if (!lladdr) {
867 ND_PRINTK2(KERN_WARNING
868 "ICMPv6 NA: invalid link-layer address length\n");
869 return;
870 }
871 }
872 if ((ifp = ipv6_get_ifaddr(&msg->target, dev, 1))) {
873 if (ifp->flags & IFA_F_TENTATIVE) {
874 addrconf_dad_failure(ifp);
875 return;
876 }
877 /* What should we make now? The advertisement
878 is invalid, but ndisc specs say nothing
879 about it. It could be misconfiguration, or
880 an smart proxy agent tries to help us :-)
881 */
882 ND_PRINTK1(KERN_WARNING
883 "ICMPv6 NA: someone advertises our address on %s!\n",
884 ifp->idev->dev->name);
885 in6_ifa_put(ifp);
886 return;
887 }
888 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
889
890 if (neigh) {
891 u8 old_flags = neigh->flags;
892
893 if (neigh->nud_state & NUD_FAILED)
894 goto out;
895
896 /*
897 * Don't update the neighbor cache entry on a proxy NA from
898 * ourselves because either the proxied node is off link or it
899 * has already sent a NA to us.
900 */
901 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
902 ipv6_devconf.forwarding && ipv6_devconf.proxy_ndp &&
903 pneigh_lookup(&nd_tbl, &msg->target, dev, 0)) {
904 /* XXX: idev->cnf.prixy_ndp */
905 goto out;
906 }
907
908 neigh_update(neigh, lladdr,
909 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
910 NEIGH_UPDATE_F_WEAK_OVERRIDE|
911 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
912 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
913 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0));
914
915 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
916 /*
917 * Change: router to host
918 */
919 struct rt6_info *rt;
920 rt = rt6_get_dflt_router(saddr, dev);
921 if (rt)
922 ip6_del_rt(rt);
923 }
924
925 out:
926 neigh_release(neigh);
927 }
928 }
929
930 static void ndisc_recv_rs(struct sk_buff *skb)
931 {
932 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
933 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
934 struct neighbour *neigh;
935 struct inet6_dev *idev;
936 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
937 struct ndisc_options ndopts;
938 u8 *lladdr = NULL;
939
940 if (skb->len < sizeof(*rs_msg))
941 return;
942
943 idev = in6_dev_get(skb->dev);
944 if (!idev) {
945 if (net_ratelimit())
946 ND_PRINTK1("ICMP6 RS: can't find in6 device\n");
947 return;
948 }
949
950 /* Don't accept RS if we're not in router mode */
951 if (!idev->cnf.forwarding)
952 goto out;
953
954 /*
955 * Don't update NCE if src = ::;
956 * this implies that the source node has no ip address assigned yet.
957 */
958 if (ipv6_addr_any(saddr))
959 goto out;
960
961 /* Parse ND options */
962 if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) {
963 if (net_ratelimit())
964 ND_PRINTK2("ICMP6 NS: invalid ND option, ignored\n");
965 goto out;
966 }
967
968 if (ndopts.nd_opts_src_lladdr) {
969 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
970 skb->dev);
971 if (!lladdr)
972 goto out;
973 }
974
975 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
976 if (neigh) {
977 neigh_update(neigh, lladdr, NUD_STALE,
978 NEIGH_UPDATE_F_WEAK_OVERRIDE|
979 NEIGH_UPDATE_F_OVERRIDE|
980 NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
981 neigh_release(neigh);
982 }
983 out:
984 in6_dev_put(idev);
985 }
986
987 static void ndisc_router_discovery(struct sk_buff *skb)
988 {
989 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
990 struct neighbour *neigh = NULL;
991 struct inet6_dev *in6_dev;
992 struct rt6_info *rt = NULL;
993 int lifetime;
994 struct ndisc_options ndopts;
995 int optlen;
996 unsigned int pref = 0;
997
998 __u8 * opt = (__u8 *)(ra_msg + 1);
999
1000 optlen = (skb->tail - skb->transport_header) - sizeof(struct ra_msg);
1001
1002 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1003 ND_PRINTK2(KERN_WARNING
1004 "ICMPv6 RA: source address is not link-local.\n");
1005 return;
1006 }
1007 if (optlen < 0) {
1008 ND_PRINTK2(KERN_WARNING
1009 "ICMPv6 RA: packet too short\n");
1010 return;
1011 }
1012
1013 /*
1014 * set the RA_RECV flag in the interface
1015 */
1016
1017 in6_dev = in6_dev_get(skb->dev);
1018 if (in6_dev == NULL) {
1019 ND_PRINTK0(KERN_ERR
1020 "ICMPv6 RA: can't find inet6 device for %s.\n",
1021 skb->dev->name);
1022 return;
1023 }
1024 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_ra) {
1025 in6_dev_put(in6_dev);
1026 return;
1027 }
1028
1029 if (!ndisc_parse_options(opt, optlen, &ndopts)) {
1030 in6_dev_put(in6_dev);
1031 ND_PRINTK2(KERN_WARNING
1032 "ICMP6 RA: invalid ND options\n");
1033 return;
1034 }
1035
1036 if (in6_dev->if_flags & IF_RS_SENT) {
1037 /*
1038 * flag that an RA was received after an RS was sent
1039 * out on this interface.
1040 */
1041 in6_dev->if_flags |= IF_RA_RCVD;
1042 }
1043
1044 /*
1045 * Remember the managed/otherconf flags from most recently
1046 * received RA message (RFC 2462) -- yoshfuji
1047 */
1048 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1049 IF_RA_OTHERCONF)) |
1050 (ra_msg->icmph.icmp6_addrconf_managed ?
1051 IF_RA_MANAGED : 0) |
1052 (ra_msg->icmph.icmp6_addrconf_other ?
1053 IF_RA_OTHERCONF : 0);
1054
1055 if (!in6_dev->cnf.accept_ra_defrtr)
1056 goto skip_defrtr;
1057
1058 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1059
1060 #ifdef CONFIG_IPV6_ROUTER_PREF
1061 pref = ra_msg->icmph.icmp6_router_pref;
1062 /* 10b is handled as if it were 00b (medium) */
1063 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1064 !in6_dev->cnf.accept_ra_rtr_pref)
1065 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1066 #endif
1067
1068 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1069
1070 if (rt)
1071 neigh = rt->rt6i_nexthop;
1072
1073 if (rt && lifetime == 0) {
1074 neigh_clone(neigh);
1075 ip6_del_rt(rt);
1076 rt = NULL;
1077 }
1078
1079 if (rt == NULL && lifetime) {
1080 ND_PRINTK3(KERN_DEBUG
1081 "ICMPv6 RA: adding default router.\n");
1082
1083 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
1084 if (rt == NULL) {
1085 ND_PRINTK0(KERN_ERR
1086 "ICMPv6 RA: %s() failed to add default route.\n",
1087 __FUNCTION__);
1088 in6_dev_put(in6_dev);
1089 return;
1090 }
1091
1092 neigh = rt->rt6i_nexthop;
1093 if (neigh == NULL) {
1094 ND_PRINTK0(KERN_ERR
1095 "ICMPv6 RA: %s() got default router without neighbour.\n",
1096 __FUNCTION__);
1097 dst_release(&rt->u.dst);
1098 in6_dev_put(in6_dev);
1099 return;
1100 }
1101 neigh->flags |= NTF_ROUTER;
1102 } else if (rt) {
1103 rt->rt6i_flags |= (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1104 }
1105
1106 if (rt)
1107 rt->rt6i_expires = jiffies + (HZ * lifetime);
1108
1109 if (ra_msg->icmph.icmp6_hop_limit) {
1110 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1111 if (rt)
1112 rt->u.dst.metrics[RTAX_HOPLIMIT-1] = ra_msg->icmph.icmp6_hop_limit;
1113 }
1114
1115 skip_defrtr:
1116
1117 /*
1118 * Update Reachable Time and Retrans Timer
1119 */
1120
1121 if (in6_dev->nd_parms) {
1122 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1123
1124 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1125 rtime = (rtime*HZ)/1000;
1126 if (rtime < HZ/10)
1127 rtime = HZ/10;
1128 in6_dev->nd_parms->retrans_time = rtime;
1129 in6_dev->tstamp = jiffies;
1130 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1131 }
1132
1133 rtime = ntohl(ra_msg->reachable_time);
1134 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1135 rtime = (rtime*HZ)/1000;
1136
1137 if (rtime < HZ/10)
1138 rtime = HZ/10;
1139
1140 if (rtime != in6_dev->nd_parms->base_reachable_time) {
1141 in6_dev->nd_parms->base_reachable_time = rtime;
1142 in6_dev->nd_parms->gc_staletime = 3 * rtime;
1143 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1144 in6_dev->tstamp = jiffies;
1145 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1146 }
1147 }
1148 }
1149
1150 /*
1151 * Process options.
1152 */
1153
1154 if (!neigh)
1155 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1156 skb->dev, 1);
1157 if (neigh) {
1158 u8 *lladdr = NULL;
1159 if (ndopts.nd_opts_src_lladdr) {
1160 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1161 skb->dev);
1162 if (!lladdr) {
1163 ND_PRINTK2(KERN_WARNING
1164 "ICMPv6 RA: invalid link-layer address length\n");
1165 goto out;
1166 }
1167 }
1168 neigh_update(neigh, lladdr, NUD_STALE,
1169 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1170 NEIGH_UPDATE_F_OVERRIDE|
1171 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1172 NEIGH_UPDATE_F_ISROUTER);
1173 }
1174
1175 #ifdef CONFIG_IPV6_ROUTE_INFO
1176 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1177 struct nd_opt_hdr *p;
1178 for (p = ndopts.nd_opts_ri;
1179 p;
1180 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1181 if (((struct route_info *)p)->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1182 continue;
1183 rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3,
1184 &ipv6_hdr(skb)->saddr);
1185 }
1186 }
1187 #endif
1188
1189 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1190 struct nd_opt_hdr *p;
1191 for (p = ndopts.nd_opts_pi;
1192 p;
1193 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1194 addrconf_prefix_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3);
1195 }
1196 }
1197
1198 if (ndopts.nd_opts_mtu) {
1199 __be32 n;
1200 u32 mtu;
1201
1202 memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1203 mtu = ntohl(n);
1204
1205 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1206 ND_PRINTK2(KERN_WARNING
1207 "ICMPv6 RA: invalid mtu: %d\n",
1208 mtu);
1209 } else if (in6_dev->cnf.mtu6 != mtu) {
1210 in6_dev->cnf.mtu6 = mtu;
1211
1212 if (rt)
1213 rt->u.dst.metrics[RTAX_MTU-1] = mtu;
1214
1215 rt6_mtu_change(skb->dev, mtu);
1216 }
1217 }
1218
1219 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1220 ND_PRINTK2(KERN_WARNING
1221 "ICMPv6 RA: invalid RA options");
1222 }
1223 out:
1224 if (rt)
1225 dst_release(&rt->u.dst);
1226 else if (neigh)
1227 neigh_release(neigh);
1228 in6_dev_put(in6_dev);
1229 }
1230
1231 static void ndisc_redirect_rcv(struct sk_buff *skb)
1232 {
1233 struct inet6_dev *in6_dev;
1234 struct icmp6hdr *icmph;
1235 struct in6_addr *dest;
1236 struct in6_addr *target; /* new first hop to destination */
1237 struct neighbour *neigh;
1238 int on_link = 0;
1239 struct ndisc_options ndopts;
1240 int optlen;
1241 u8 *lladdr = NULL;
1242
1243 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1244 ND_PRINTK2(KERN_WARNING
1245 "ICMPv6 Redirect: source address is not link-local.\n");
1246 return;
1247 }
1248
1249 optlen = skb->tail - skb->transport_header;
1250 optlen -= sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1251
1252 if (optlen < 0) {
1253 ND_PRINTK2(KERN_WARNING
1254 "ICMPv6 Redirect: packet too short\n");
1255 return;
1256 }
1257
1258 icmph = icmp6_hdr(skb);
1259 target = (struct in6_addr *) (icmph + 1);
1260 dest = target + 1;
1261
1262 if (ipv6_addr_is_multicast(dest)) {
1263 ND_PRINTK2(KERN_WARNING
1264 "ICMPv6 Redirect: destination address is multicast.\n");
1265 return;
1266 }
1267
1268 if (ipv6_addr_equal(dest, target)) {
1269 on_link = 1;
1270 } else if (ipv6_addr_type(target) !=
1271 (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1272 ND_PRINTK2(KERN_WARNING
1273 "ICMPv6 Redirect: target address is not link-local unicast.\n");
1274 return;
1275 }
1276
1277 in6_dev = in6_dev_get(skb->dev);
1278 if (!in6_dev)
1279 return;
1280 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects) {
1281 in6_dev_put(in6_dev);
1282 return;
1283 }
1284
1285 /* RFC2461 8.1:
1286 * The IP source address of the Redirect MUST be the same as the current
1287 * first-hop router for the specified ICMP Destination Address.
1288 */
1289
1290 if (!ndisc_parse_options((u8*)(dest + 1), optlen, &ndopts)) {
1291 ND_PRINTK2(KERN_WARNING
1292 "ICMPv6 Redirect: invalid ND options\n");
1293 in6_dev_put(in6_dev);
1294 return;
1295 }
1296 if (ndopts.nd_opts_tgt_lladdr) {
1297 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr,
1298 skb->dev);
1299 if (!lladdr) {
1300 ND_PRINTK2(KERN_WARNING
1301 "ICMPv6 Redirect: invalid link-layer address length\n");
1302 in6_dev_put(in6_dev);
1303 return;
1304 }
1305 }
1306
1307 neigh = __neigh_lookup(&nd_tbl, target, skb->dev, 1);
1308 if (neigh) {
1309 rt6_redirect(dest, &ipv6_hdr(skb)->daddr,
1310 &ipv6_hdr(skb)->saddr, neigh, lladdr,
1311 on_link);
1312 neigh_release(neigh);
1313 }
1314 in6_dev_put(in6_dev);
1315 }
1316
1317 void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh,
1318 struct in6_addr *target)
1319 {
1320 struct sock *sk = ndisc_socket->sk;
1321 int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1322 struct sk_buff *buff;
1323 struct icmp6hdr *icmph;
1324 struct in6_addr saddr_buf;
1325 struct in6_addr *addrp;
1326 struct net_device *dev;
1327 struct rt6_info *rt;
1328 struct dst_entry *dst;
1329 struct inet6_dev *idev;
1330 struct flowi fl;
1331 u8 *opt;
1332 int rd_len;
1333 int err;
1334 int hlen;
1335 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL;
1336
1337 dev = skb->dev;
1338
1339 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1340 ND_PRINTK2(KERN_WARNING
1341 "ICMPv6 Redirect: no link-local address on %s\n",
1342 dev->name);
1343 return;
1344 }
1345
1346 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1347 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1348 ND_PRINTK2(KERN_WARNING
1349 "ICMPv6 Redirect: target address is not link-local unicast.\n");
1350 return;
1351 }
1352
1353 ndisc_flow_init(&fl, NDISC_REDIRECT, &saddr_buf, &ipv6_hdr(skb)->saddr,
1354 dev->ifindex);
1355
1356 dst = ip6_route_output(NULL, &fl);
1357 if (dst == NULL)
1358 return;
1359
1360 err = xfrm_lookup(&dst, &fl, NULL, 0);
1361 if (err)
1362 return;
1363
1364 rt = (struct rt6_info *) dst;
1365
1366 if (rt->rt6i_flags & RTF_GATEWAY) {
1367 ND_PRINTK2(KERN_WARNING
1368 "ICMPv6 Redirect: destination is not a neighbour.\n");
1369 dst_release(dst);
1370 return;
1371 }
1372 if (!xrlim_allow(dst, 1*HZ)) {
1373 dst_release(dst);
1374 return;
1375 }
1376
1377 if (dev->addr_len) {
1378 read_lock_bh(&neigh->lock);
1379 if (neigh->nud_state & NUD_VALID) {
1380 memcpy(ha_buf, neigh->ha, dev->addr_len);
1381 read_unlock_bh(&neigh->lock);
1382 ha = ha_buf;
1383 len += ndisc_opt_addr_space(dev);
1384 } else
1385 read_unlock_bh(&neigh->lock);
1386 }
1387
1388 rd_len = min_t(unsigned int,
1389 IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8);
1390 rd_len &= ~0x7;
1391 len += rd_len;
1392
1393 buff = sock_alloc_send_skb(sk,
1394 (MAX_HEADER + sizeof(struct ipv6hdr) +
1395 len + LL_RESERVED_SPACE(dev)),
1396 1, &err);
1397 if (buff == NULL) {
1398 ND_PRINTK0(KERN_ERR
1399 "ICMPv6 Redirect: %s() failed to allocate an skb.\n",
1400 __FUNCTION__);
1401 dst_release(dst);
1402 return;
1403 }
1404
1405 hlen = 0;
1406
1407 skb_reserve(buff, LL_RESERVED_SPACE(dev));
1408 ip6_nd_hdr(sk, buff, dev, &saddr_buf, &ipv6_hdr(skb)->saddr,
1409 IPPROTO_ICMPV6, len);
1410
1411 skb_set_transport_header(buff, skb_tail_pointer(buff) - buff->data);
1412 skb_put(buff, len);
1413 icmph = icmp6_hdr(buff);
1414
1415 memset(icmph, 0, sizeof(struct icmp6hdr));
1416 icmph->icmp6_type = NDISC_REDIRECT;
1417
1418 /*
1419 * copy target and destination addresses
1420 */
1421
1422 addrp = (struct in6_addr *)(icmph + 1);
1423 ipv6_addr_copy(addrp, target);
1424 addrp++;
1425 ipv6_addr_copy(addrp, &ipv6_hdr(skb)->daddr);
1426
1427 opt = (u8*) (addrp + 1);
1428
1429 /*
1430 * include target_address option
1431 */
1432
1433 if (ha)
1434 opt = ndisc_fill_addr_option(opt, ND_OPT_TARGET_LL_ADDR, ha,
1435 dev->addr_len, dev->type);
1436
1437 /*
1438 * build redirect option and copy skb over to the new packet.
1439 */
1440
1441 memset(opt, 0, 8);
1442 *(opt++) = ND_OPT_REDIRECT_HDR;
1443 *(opt++) = (rd_len >> 3);
1444 opt += 6;
1445
1446 memcpy(opt, ipv6_hdr(skb), rd_len - 8);
1447
1448 icmph->icmp6_cksum = csum_ipv6_magic(&saddr_buf, &ipv6_hdr(skb)->saddr,
1449 len, IPPROTO_ICMPV6,
1450 csum_partial((u8 *) icmph, len, 0));
1451
1452 buff->dst = dst;
1453 idev = in6_dev_get(dst->dev);
1454 IP6_INC_STATS(idev, IPSTATS_MIB_OUTREQUESTS);
1455 err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, buff, NULL, dst->dev, dst_output);
1456 if (!err) {
1457 ICMP6MSGOUT_INC_STATS(idev, NDISC_REDIRECT);
1458 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS);
1459 }
1460
1461 if (likely(idev != NULL))
1462 in6_dev_put(idev);
1463 }
1464
1465 static void pndisc_redo(struct sk_buff *skb)
1466 {
1467 ndisc_recv_ns(skb);
1468 kfree_skb(skb);
1469 }
1470
1471 int ndisc_rcv(struct sk_buff *skb)
1472 {
1473 struct nd_msg *msg;
1474
1475 if (!pskb_may_pull(skb, skb->len))
1476 return 0;
1477
1478 msg = (struct nd_msg *)skb_transport_header(skb);
1479
1480 __skb_push(skb, skb->data - skb_transport_header(skb));
1481
1482 if (ipv6_hdr(skb)->hop_limit != 255) {
1483 ND_PRINTK2(KERN_WARNING
1484 "ICMPv6 NDISC: invalid hop-limit: %d\n",
1485 ipv6_hdr(skb)->hop_limit);
1486 return 0;
1487 }
1488
1489 if (msg->icmph.icmp6_code != 0) {
1490 ND_PRINTK2(KERN_WARNING
1491 "ICMPv6 NDISC: invalid ICMPv6 code: %d\n",
1492 msg->icmph.icmp6_code);
1493 return 0;
1494 }
1495
1496 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1497
1498 switch (msg->icmph.icmp6_type) {
1499 case NDISC_NEIGHBOUR_SOLICITATION:
1500 ndisc_recv_ns(skb);
1501 break;
1502
1503 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1504 ndisc_recv_na(skb);
1505 break;
1506
1507 case NDISC_ROUTER_SOLICITATION:
1508 ndisc_recv_rs(skb);
1509 break;
1510
1511 case NDISC_ROUTER_ADVERTISEMENT:
1512 ndisc_router_discovery(skb);
1513 break;
1514
1515 case NDISC_REDIRECT:
1516 ndisc_redirect_rcv(skb);
1517 break;
1518 }
1519
1520 return 0;
1521 }
1522
1523 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1524 {
1525 struct net_device *dev = ptr;
1526
1527 if (dev->nd_net != &init_net)
1528 return NOTIFY_DONE;
1529
1530 switch (event) {
1531 case NETDEV_CHANGEADDR:
1532 neigh_changeaddr(&nd_tbl, dev);
1533 fib6_run_gc(~0UL);
1534 break;
1535 case NETDEV_DOWN:
1536 neigh_ifdown(&nd_tbl, dev);
1537 fib6_run_gc(~0UL);
1538 break;
1539 default:
1540 break;
1541 }
1542
1543 return NOTIFY_DONE;
1544 }
1545
1546 static struct notifier_block ndisc_netdev_notifier = {
1547 .notifier_call = ndisc_netdev_event,
1548 };
1549
1550 #ifdef CONFIG_SYSCTL
1551 static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1552 const char *func, const char *dev_name)
1553 {
1554 static char warncomm[TASK_COMM_LEN];
1555 static int warned;
1556 if (strcmp(warncomm, current->comm) && warned < 5) {
1557 strcpy(warncomm, current->comm);
1558 printk(KERN_WARNING
1559 "process `%s' is using deprecated sysctl (%s) "
1560 "net.ipv6.neigh.%s.%s; "
1561 "Use net.ipv6.neigh.%s.%s_ms "
1562 "instead.\n",
1563 warncomm, func,
1564 dev_name, ctl->procname,
1565 dev_name, ctl->procname);
1566 warned++;
1567 }
1568 }
1569
1570 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, struct file * filp, void __user *buffer, size_t *lenp, loff_t *ppos)
1571 {
1572 struct net_device *dev = ctl->extra1;
1573 struct inet6_dev *idev;
1574 int ret;
1575
1576 if (ctl->ctl_name == NET_NEIGH_RETRANS_TIME ||
1577 ctl->ctl_name == NET_NEIGH_REACHABLE_TIME)
1578 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1579
1580 switch (ctl->ctl_name) {
1581 case NET_NEIGH_RETRANS_TIME:
1582 ret = proc_dointvec(ctl, write, filp, buffer, lenp, ppos);
1583 break;
1584 case NET_NEIGH_REACHABLE_TIME:
1585 ret = proc_dointvec_jiffies(ctl, write,
1586 filp, buffer, lenp, ppos);
1587 break;
1588 case NET_NEIGH_RETRANS_TIME_MS:
1589 case NET_NEIGH_REACHABLE_TIME_MS:
1590 ret = proc_dointvec_ms_jiffies(ctl, write,
1591 filp, buffer, lenp, ppos);
1592 break;
1593 default:
1594 ret = -1;
1595 }
1596
1597 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1598 if (ctl->ctl_name == NET_NEIGH_REACHABLE_TIME ||
1599 ctl->ctl_name == NET_NEIGH_REACHABLE_TIME_MS)
1600 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time);
1601 idev->tstamp = jiffies;
1602 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1603 in6_dev_put(idev);
1604 }
1605 return ret;
1606 }
1607
1608 static int ndisc_ifinfo_sysctl_strategy(ctl_table *ctl, int __user *name,
1609 int nlen, void __user *oldval,
1610 size_t __user *oldlenp,
1611 void __user *newval, size_t newlen)
1612 {
1613 struct net_device *dev = ctl->extra1;
1614 struct inet6_dev *idev;
1615 int ret;
1616
1617 if (ctl->ctl_name == NET_NEIGH_RETRANS_TIME ||
1618 ctl->ctl_name == NET_NEIGH_REACHABLE_TIME)
1619 ndisc_warn_deprecated_sysctl(ctl, "procfs", dev ? dev->name : "default");
1620
1621 switch (ctl->ctl_name) {
1622 case NET_NEIGH_REACHABLE_TIME:
1623 ret = sysctl_jiffies(ctl, name, nlen,
1624 oldval, oldlenp, newval, newlen);
1625 break;
1626 case NET_NEIGH_RETRANS_TIME_MS:
1627 case NET_NEIGH_REACHABLE_TIME_MS:
1628 ret = sysctl_ms_jiffies(ctl, name, nlen,
1629 oldval, oldlenp, newval, newlen);
1630 break;
1631 default:
1632 ret = 0;
1633 }
1634
1635 if (newval && newlen && ret > 0 &&
1636 dev && (idev = in6_dev_get(dev)) != NULL) {
1637 if (ctl->ctl_name == NET_NEIGH_REACHABLE_TIME ||
1638 ctl->ctl_name == NET_NEIGH_REACHABLE_TIME_MS)
1639 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time);
1640 idev->tstamp = jiffies;
1641 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1642 in6_dev_put(idev);
1643 }
1644
1645 return ret;
1646 }
1647
1648 #endif
1649
1650 int __init ndisc_init(struct net_proto_family *ops)
1651 {
1652 struct ipv6_pinfo *np;
1653 struct sock *sk;
1654 int err;
1655
1656 err = sock_create_kern(PF_INET6, SOCK_RAW, IPPROTO_ICMPV6, &ndisc_socket);
1657 if (err < 0) {
1658 ND_PRINTK0(KERN_ERR
1659 "ICMPv6 NDISC: Failed to initialize the control socket (err %d).\n",
1660 err);
1661 ndisc_socket = NULL; /* For safety. */
1662 return err;
1663 }
1664
1665 sk = ndisc_socket->sk;
1666 np = inet6_sk(sk);
1667 sk->sk_allocation = GFP_ATOMIC;
1668 np->hop_limit = 255;
1669 /* Do not loopback ndisc messages */
1670 np->mc_loop = 0;
1671 sk->sk_prot->unhash(sk);
1672
1673 /*
1674 * Initialize the neighbour table
1675 */
1676
1677 neigh_table_init(&nd_tbl);
1678
1679 #ifdef CONFIG_SYSCTL
1680 neigh_sysctl_register(NULL, &nd_tbl.parms, NET_IPV6, NET_IPV6_NEIGH,
1681 "ipv6",
1682 &ndisc_ifinfo_sysctl_change,
1683 &ndisc_ifinfo_sysctl_strategy);
1684 #endif
1685
1686 register_netdevice_notifier(&ndisc_netdev_notifier);
1687 return 0;
1688 }
1689
1690 void ndisc_cleanup(void)
1691 {
1692 unregister_netdevice_notifier(&ndisc_netdev_notifier);
1693 #ifdef CONFIG_SYSCTL
1694 neigh_sysctl_unregister(&nd_tbl.parms);
1695 #endif
1696 neigh_table_clear(&nd_tbl);
1697 sock_release(ndisc_socket);
1698 ndisc_socket = NULL; /* For safety. */
1699 }
ubuntu-bionic-kernel mirror