]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blob - net/ipv6/ndisc.c
projects / mirror_ubuntu-bionic-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit...
[mirror_ubuntu-bionic-kernel.git] / net / ipv6 / ndisc.c
1 /*
2 * Neighbour Discovery for IPv6
3 * Linux INET6 implementation
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 * Mike Shaver <shaver@ingenia.com>
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version
12 * 2 of the License, or (at your option) any later version.
13 */
14
15 /*
16 * Changes:
17 *
18 * Pierre Ynard : export userland ND options
19 * through netlink (RDNSS support)
20 * Lars Fenneberg : fixed MTU setting on receipt
21 * of an RA.
22 * Janos Farkas : kmalloc failure checks
23 * Alexey Kuznetsov : state machine reworked
24 * and moved to net/core.
25 * Pekka Savola : RFC2461 validation
26 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly
27 */
28
29 /* Set to 3 to get tracing... */
30 #define ND_DEBUG 1
31
32 #define ND_PRINTK(fmt, args...) do { if (net_ratelimit()) { printk(fmt, ## args); } } while(0)
33 #define ND_NOPRINTK(x...) do { ; } while(0)
34 #define ND_PRINTK0 ND_PRINTK
35 #define ND_PRINTK1 ND_NOPRINTK
36 #define ND_PRINTK2 ND_NOPRINTK
37 #define ND_PRINTK3 ND_NOPRINTK
38 #if ND_DEBUG >= 1
39 #undef ND_PRINTK1
40 #define ND_PRINTK1 ND_PRINTK
41 #endif
42 #if ND_DEBUG >= 2
43 #undef ND_PRINTK2
44 #define ND_PRINTK2 ND_PRINTK
45 #endif
46 #if ND_DEBUG >= 3
47 #undef ND_PRINTK3
48 #define ND_PRINTK3 ND_PRINTK
49 #endif
50
51 #include <linux/module.h>
52 #include <linux/errno.h>
53 #include <linux/types.h>
54 #include <linux/socket.h>
55 #include <linux/sockios.h>
56 #include <linux/sched.h>
57 #include <linux/net.h>
58 #include <linux/in6.h>
59 #include <linux/route.h>
60 #include <linux/init.h>
61 #include <linux/rcupdate.h>
62 #include <linux/slab.h>
63 #ifdef CONFIG_SYSCTL
64 #include <linux/sysctl.h>
65 #endif
66
67 #include <linux/if_addr.h>
68 #include <linux/if_arp.h>
69 #include <linux/ipv6.h>
70 #include <linux/icmpv6.h>
71 #include <linux/jhash.h>
72
73 #include <net/sock.h>
74 #include <net/snmp.h>
75
76 #include <net/ipv6.h>
77 #include <net/protocol.h>
78 #include <net/ndisc.h>
79 #include <net/ip6_route.h>
80 #include <net/addrconf.h>
81 #include <net/icmp.h>
82
83 #include <net/netlink.h>
84 #include <linux/rtnetlink.h>
85
86 #include <net/flow.h>
87 #include <net/ip6_checksum.h>
88 #include <net/inet_common.h>
89 #include <linux/proc_fs.h>
90
91 #include <linux/netfilter.h>
92 #include <linux/netfilter_ipv6.h>
93
94 static u32 ndisc_hash(const void *pkey, const struct net_device *dev);
95 static int ndisc_constructor(struct neighbour *neigh);
96 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
97 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
98 static int pndisc_constructor(struct pneigh_entry *n);
99 static void pndisc_destructor(struct pneigh_entry *n);
100 static void pndisc_redo(struct sk_buff *skb);
101
102 static const struct neigh_ops ndisc_generic_ops = {
103 .family = AF_INET6,
104 .solicit = ndisc_solicit,
105 .error_report = ndisc_error_report,
106 .output = neigh_resolve_output,
107 .connected_output = neigh_connected_output,
108 .hh_output = dev_queue_xmit,
109 .queue_xmit = dev_queue_xmit,
110 };
111
112 static const struct neigh_ops ndisc_hh_ops = {
113 .family = AF_INET6,
114 .solicit = ndisc_solicit,
115 .error_report = ndisc_error_report,
116 .output = neigh_resolve_output,
117 .connected_output = neigh_resolve_output,
118 .hh_output = dev_queue_xmit,
119 .queue_xmit = dev_queue_xmit,
120 };
121
122
123 static const struct neigh_ops ndisc_direct_ops = {
124 .family = AF_INET6,
125 .output = dev_queue_xmit,
126 .connected_output = dev_queue_xmit,
127 .hh_output = dev_queue_xmit,
128 .queue_xmit = dev_queue_xmit,
129 };
130
131 struct neigh_table nd_tbl = {
132 .family = AF_INET6,
133 .entry_size = sizeof(struct neighbour) + sizeof(struct in6_addr),
134 .key_len = sizeof(struct in6_addr),
135 .hash = ndisc_hash,
136 .constructor = ndisc_constructor,
137 .pconstructor = pndisc_constructor,
138 .pdestructor = pndisc_destructor,
139 .proxy_redo = pndisc_redo,
140 .id = "ndisc_cache",
141 .parms = {
142 .tbl = &nd_tbl,
143 .base_reachable_time = 30 * HZ,
144 .retrans_time = 1 * HZ,
145 .gc_staletime = 60 * HZ,
146 .reachable_time = 30 * HZ,
147 .delay_probe_time = 5 * HZ,
148 .queue_len = 3,
149 .ucast_probes = 3,
150 .mcast_probes = 3,
151 .anycast_delay = 1 * HZ,
152 .proxy_delay = (8 * HZ) / 10,
153 .proxy_qlen = 64,
154 },
155 .gc_interval = 30 * HZ,
156 .gc_thresh1 = 128,
157 .gc_thresh2 = 512,
158 .gc_thresh3 = 1024,
159 };
160
161 /* ND options */
162 struct ndisc_options {
163 struct nd_opt_hdr *nd_opt_array[__ND_OPT_ARRAY_MAX];
164 #ifdef CONFIG_IPV6_ROUTE_INFO
165 struct nd_opt_hdr *nd_opts_ri;
166 struct nd_opt_hdr *nd_opts_ri_end;
167 #endif
168 struct nd_opt_hdr *nd_useropts;
169 struct nd_opt_hdr *nd_useropts_end;
170 };
171
172 #define nd_opts_src_lladdr nd_opt_array[ND_OPT_SOURCE_LL_ADDR]
173 #define nd_opts_tgt_lladdr nd_opt_array[ND_OPT_TARGET_LL_ADDR]
174 #define nd_opts_pi nd_opt_array[ND_OPT_PREFIX_INFO]
175 #define nd_opts_pi_end nd_opt_array[__ND_OPT_PREFIX_INFO_END]
176 #define nd_opts_rh nd_opt_array[ND_OPT_REDIRECT_HDR]
177 #define nd_opts_mtu nd_opt_array[ND_OPT_MTU]
178
179 #define NDISC_OPT_SPACE(len) (((len)+2+7)&~7)
180
181 /*
182 * Return the padding between the option length and the start of the
183 * link addr. Currently only IP-over-InfiniBand needs this, although
184 * if RFC 3831 IPv6-over-Fibre Channel is ever implemented it may
185 * also need a pad of 2.
186 */
187 static int ndisc_addr_option_pad(unsigned short type)
188 {
189 switch (type) {
190 case ARPHRD_INFINIBAND: return 2;
191 default: return 0;
192 }
193 }
194
195 static inline int ndisc_opt_addr_space(struct net_device *dev)
196 {
197 return NDISC_OPT_SPACE(dev->addr_len + ndisc_addr_option_pad(dev->type));
198 }
199
200 static u8 *ndisc_fill_addr_option(u8 *opt, int type, void *data, int data_len,
201 unsigned short addr_type)
202 {
203 int space = NDISC_OPT_SPACE(data_len);
204 int pad = ndisc_addr_option_pad(addr_type);
205
206 opt[0] = type;
207 opt[1] = space>>3;
208
209 memset(opt + 2, 0, pad);
210 opt += pad;
211 space -= pad;
212
213 memcpy(opt+2, data, data_len);
214 data_len += 2;
215 opt += data_len;
216 if ((space -= data_len) > 0)
217 memset(opt, 0, space);
218 return opt + space;
219 }
220
221 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
222 struct nd_opt_hdr *end)
223 {
224 int type;
225 if (!cur || !end || cur >= end)
226 return NULL;
227 type = cur->nd_opt_type;
228 do {
229 cur = ((void *)cur) + (cur->nd_opt_len << 3);
230 } while(cur < end && cur->nd_opt_type != type);
231 return (cur <= end && cur->nd_opt_type == type ? cur : NULL);
232 }
233
234 static inline int ndisc_is_useropt(struct nd_opt_hdr *opt)
235 {
236 return (opt->nd_opt_type == ND_OPT_RDNSS);
237 }
238
239 static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur,
240 struct nd_opt_hdr *end)
241 {
242 if (!cur || !end || cur >= end)
243 return NULL;
244 do {
245 cur = ((void *)cur) + (cur->nd_opt_len << 3);
246 } while(cur < end && !ndisc_is_useropt(cur));
247 return (cur <= end && ndisc_is_useropt(cur) ? cur : NULL);
248 }
249
250 static struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
251 struct ndisc_options *ndopts)
252 {
253 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
254
255 if (!nd_opt || opt_len < 0 || !ndopts)
256 return NULL;
257 memset(ndopts, 0, sizeof(*ndopts));
258 while (opt_len) {
259 int l;
260 if (opt_len < sizeof(struct nd_opt_hdr))
261 return NULL;
262 l = nd_opt->nd_opt_len << 3;
263 if (opt_len < l || l == 0)
264 return NULL;
265 switch (nd_opt->nd_opt_type) {
266 case ND_OPT_SOURCE_LL_ADDR:
267 case ND_OPT_TARGET_LL_ADDR:
268 case ND_OPT_MTU:
269 case ND_OPT_REDIRECT_HDR:
270 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
271 ND_PRINTK2(KERN_WARNING
272 "%s(): duplicated ND6 option found: type=%d\n",
273 __func__,
274 nd_opt->nd_opt_type);
275 } else {
276 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
277 }
278 break;
279 case ND_OPT_PREFIX_INFO:
280 ndopts->nd_opts_pi_end = nd_opt;
281 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
282 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
283 break;
284 #ifdef CONFIG_IPV6_ROUTE_INFO
285 case ND_OPT_ROUTE_INFO:
286 ndopts->nd_opts_ri_end = nd_opt;
287 if (!ndopts->nd_opts_ri)
288 ndopts->nd_opts_ri = nd_opt;
289 break;
290 #endif
291 default:
292 if (ndisc_is_useropt(nd_opt)) {
293 ndopts->nd_useropts_end = nd_opt;
294 if (!ndopts->nd_useropts)
295 ndopts->nd_useropts = nd_opt;
296 } else {
297 /*
298 * Unknown options must be silently ignored,
299 * to accommodate future extension to the
300 * protocol.
301 */
302 ND_PRINTK2(KERN_NOTICE
303 "%s(): ignored unsupported option; type=%d, len=%d\n",
304 __func__,
305 nd_opt->nd_opt_type, nd_opt->nd_opt_len);
306 }
307 }
308 opt_len -= l;
309 nd_opt = ((void *)nd_opt) + l;
310 }
311 return ndopts;
312 }
313
314 static inline u8 *ndisc_opt_addr_data(struct nd_opt_hdr *p,
315 struct net_device *dev)
316 {
317 u8 *lladdr = (u8 *)(p + 1);
318 int lladdrlen = p->nd_opt_len << 3;
319 int prepad = ndisc_addr_option_pad(dev->type);
320 if (lladdrlen != NDISC_OPT_SPACE(dev->addr_len + prepad))
321 return NULL;
322 return (lladdr + prepad);
323 }
324
325 int ndisc_mc_map(struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
326 {
327 switch (dev->type) {
328 case ARPHRD_ETHER:
329 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */
330 case ARPHRD_FDDI:
331 ipv6_eth_mc_map(addr, buf);
332 return 0;
333 case ARPHRD_IEEE802_TR:
334 ipv6_tr_mc_map(addr,buf);
335 return 0;
336 case ARPHRD_ARCNET:
337 ipv6_arcnet_mc_map(addr, buf);
338 return 0;
339 case ARPHRD_INFINIBAND:
340 ipv6_ib_mc_map(addr, dev->broadcast, buf);
341 return 0;
342 default:
343 if (dir) {
344 memcpy(buf, dev->broadcast, dev->addr_len);
345 return 0;
346 }
347 }
348 return -EINVAL;
349 }
350
351 EXPORT_SYMBOL(ndisc_mc_map);
352
353 static u32 ndisc_hash(const void *pkey, const struct net_device *dev)
354 {
355 const u32 *p32 = pkey;
356 u32 addr_hash, i;
357
358 addr_hash = 0;
359 for (i = 0; i < (sizeof(struct in6_addr) / sizeof(u32)); i++)
360 addr_hash ^= *p32++;
361
362 return jhash_2words(addr_hash, dev->ifindex, nd_tbl.hash_rnd);
363 }
364
365 static int ndisc_constructor(struct neighbour *neigh)
366 {
367 struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key;
368 struct net_device *dev = neigh->dev;
369 struct inet6_dev *in6_dev;
370 struct neigh_parms *parms;
371 int is_multicast = ipv6_addr_is_multicast(addr);
372
373 rcu_read_lock();
374 in6_dev = in6_dev_get(dev);
375 if (in6_dev == NULL) {
376 rcu_read_unlock();
377 return -EINVAL;
378 }
379
380 parms = in6_dev->nd_parms;
381 __neigh_parms_put(neigh->parms);
382 neigh->parms = neigh_parms_clone(parms);
383 rcu_read_unlock();
384
385 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
386 if (!dev->header_ops) {
387 neigh->nud_state = NUD_NOARP;
388 neigh->ops = &ndisc_direct_ops;
389 neigh->output = neigh->ops->queue_xmit;
390 } else {
391 if (is_multicast) {
392 neigh->nud_state = NUD_NOARP;
393 ndisc_mc_map(addr, neigh->ha, dev, 1);
394 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
395 neigh->nud_state = NUD_NOARP;
396 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
397 if (dev->flags&IFF_LOOPBACK)
398 neigh->type = RTN_LOCAL;
399 } else if (dev->flags&IFF_POINTOPOINT) {
400 neigh->nud_state = NUD_NOARP;
401 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
402 }
403 if (dev->header_ops->cache)
404 neigh->ops = &ndisc_hh_ops;
405 else
406 neigh->ops = &ndisc_generic_ops;
407 if (neigh->nud_state&NUD_VALID)
408 neigh->output = neigh->ops->connected_output;
409 else
410 neigh->output = neigh->ops->output;
411 }
412 in6_dev_put(in6_dev);
413 return 0;
414 }
415
416 static int pndisc_constructor(struct pneigh_entry *n)
417 {
418 struct in6_addr *addr = (struct in6_addr*)&n->key;
419 struct in6_addr maddr;
420 struct net_device *dev = n->dev;
421
422 if (dev == NULL || __in6_dev_get(dev) == NULL)
423 return -EINVAL;
424 addrconf_addr_solict_mult(addr, &maddr);
425 ipv6_dev_mc_inc(dev, &maddr);
426 return 0;
427 }
428
429 static void pndisc_destructor(struct pneigh_entry *n)
430 {
431 struct in6_addr *addr = (struct in6_addr*)&n->key;
432 struct in6_addr maddr;
433 struct net_device *dev = n->dev;
434
435 if (dev == NULL || __in6_dev_get(dev) == NULL)
436 return;
437 addrconf_addr_solict_mult(addr, &maddr);
438 ipv6_dev_mc_dec(dev, &maddr);
439 }
440
441 struct sk_buff *ndisc_build_skb(struct net_device *dev,
442 const struct in6_addr *daddr,
443 const struct in6_addr *saddr,
444 struct icmp6hdr *icmp6h,
445 const struct in6_addr *target,
446 int llinfo)
447 {
448 struct net *net = dev_net(dev);
449 struct sock *sk = net->ipv6.ndisc_sk;
450 struct sk_buff *skb;
451 struct icmp6hdr *hdr;
452 int len;
453 int err;
454 u8 *opt;
455
456 if (!dev->addr_len)
457 llinfo = 0;
458
459 len = sizeof(struct icmp6hdr) + (target ? sizeof(*target) : 0);
460 if (llinfo)
461 len += ndisc_opt_addr_space(dev);
462
463 skb = sock_alloc_send_skb(sk,
464 (MAX_HEADER + sizeof(struct ipv6hdr) +
465 len + LL_ALLOCATED_SPACE(dev)),
466 1, &err);
467 if (!skb) {
468 ND_PRINTK0(KERN_ERR
469 "ICMPv6 ND: %s() failed to allocate an skb, err=%d.\n",
470 __func__, err);
471 return NULL;
472 }
473
474 skb_reserve(skb, LL_RESERVED_SPACE(dev));
475 ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len);
476
477 skb->transport_header = skb->tail;
478 skb_put(skb, len);
479
480 hdr = (struct icmp6hdr *)skb_transport_header(skb);
481 memcpy(hdr, icmp6h, sizeof(*hdr));
482
483 opt = skb_transport_header(skb) + sizeof(struct icmp6hdr);
484 if (target) {
485 ipv6_addr_copy((struct in6_addr *)opt, target);
486 opt += sizeof(*target);
487 }
488
489 if (llinfo)
490 ndisc_fill_addr_option(opt, llinfo, dev->dev_addr,
491 dev->addr_len, dev->type);
492
493 hdr->icmp6_cksum = csum_ipv6_magic(saddr, daddr, len,
494 IPPROTO_ICMPV6,
495 csum_partial(hdr,
496 len, 0));
497
498 return skb;
499 }
500
501 EXPORT_SYMBOL(ndisc_build_skb);
502
503 void ndisc_send_skb(struct sk_buff *skb,
504 struct net_device *dev,
505 struct neighbour *neigh,
506 const struct in6_addr *daddr,
507 const struct in6_addr *saddr,
508 struct icmp6hdr *icmp6h)
509 {
510 struct flowi fl;
511 struct dst_entry *dst;
512 struct net *net = dev_net(dev);
513 struct sock *sk = net->ipv6.ndisc_sk;
514 struct inet6_dev *idev;
515 int err;
516 u8 type;
517
518 type = icmp6h->icmp6_type;
519
520 icmpv6_flow_init(sk, &fl, type, saddr, daddr, dev->ifindex);
521
522 dst = icmp6_dst_alloc(dev, neigh, daddr);
523 if (!dst) {
524 kfree_skb(skb);
525 return;
526 }
527
528 err = xfrm_lookup(net, &dst, &fl, NULL, 0);
529 if (err < 0) {
530 kfree_skb(skb);
531 return;
532 }
533
534 skb_dst_set(skb, dst);
535
536 idev = in6_dev_get(dst->dev);
537 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
538
539 err = NF_HOOK(PF_INET6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev,
540 dst_output);
541 if (!err) {
542 ICMP6MSGOUT_INC_STATS(net, idev, type);
543 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
544 }
545
546 if (likely(idev != NULL))
547 in6_dev_put(idev);
548 }
549
550 EXPORT_SYMBOL(ndisc_send_skb);
551
552 /*
553 * Send a Neighbour Discover packet
554 */
555 static void __ndisc_send(struct net_device *dev,
556 struct neighbour *neigh,
557 const struct in6_addr *daddr,
558 const struct in6_addr *saddr,
559 struct icmp6hdr *icmp6h, const struct in6_addr *target,
560 int llinfo)
561 {
562 struct sk_buff *skb;
563
564 skb = ndisc_build_skb(dev, daddr, saddr, icmp6h, target, llinfo);
565 if (!skb)
566 return;
567
568 ndisc_send_skb(skb, dev, neigh, daddr, saddr, icmp6h);
569 }
570
571 static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
572 const struct in6_addr *daddr,
573 const struct in6_addr *solicited_addr,
574 int router, int solicited, int override, int inc_opt)
575 {
576 struct in6_addr tmpaddr;
577 struct inet6_ifaddr *ifp;
578 const struct in6_addr *src_addr;
579 struct icmp6hdr icmp6h = {
580 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
581 };
582
583 /* for anycast or proxy, solicited_addr != src_addr */
584 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
585 if (ifp) {
586 src_addr = solicited_addr;
587 if (ifp->flags & IFA_F_OPTIMISTIC)
588 override = 0;
589 in6_ifa_put(ifp);
590 } else {
591 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
592 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
593 &tmpaddr))
594 return;
595 src_addr = &tmpaddr;
596 }
597
598 icmp6h.icmp6_router = router;
599 icmp6h.icmp6_solicited = solicited;
600 icmp6h.icmp6_override = override;
601
602 inc_opt |= ifp->idev->cnf.force_tllao;
603 __ndisc_send(dev, neigh, daddr, src_addr,
604 &icmp6h, solicited_addr,
605 inc_opt ? ND_OPT_TARGET_LL_ADDR : 0);
606 }
607
608 void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh,
609 const struct in6_addr *solicit,
610 const struct in6_addr *daddr, const struct in6_addr *saddr)
611 {
612 struct in6_addr addr_buf;
613 struct icmp6hdr icmp6h = {
614 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
615 };
616
617 if (saddr == NULL) {
618 if (ipv6_get_lladdr(dev, &addr_buf,
619 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
620 return;
621 saddr = &addr_buf;
622 }
623
624 __ndisc_send(dev, neigh, daddr, saddr,
625 &icmp6h, solicit,
626 !ipv6_addr_any(saddr) ? ND_OPT_SOURCE_LL_ADDR : 0);
627 }
628
629 void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
630 const struct in6_addr *daddr)
631 {
632 struct icmp6hdr icmp6h = {
633 .icmp6_type = NDISC_ROUTER_SOLICITATION,
634 };
635 int send_sllao = dev->addr_len;
636
637 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
638 /*
639 * According to section 2.2 of RFC 4429, we must not
640 * send router solicitations with a sllao from
641 * optimistic addresses, but we may send the solicitation
642 * if we don't include the sllao. So here we check
643 * if our address is optimistic, and if so, we
644 * suppress the inclusion of the sllao.
645 */
646 if (send_sllao) {
647 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
648 dev, 1);
649 if (ifp) {
650 if (ifp->flags & IFA_F_OPTIMISTIC) {
651 send_sllao = 0;
652 }
653 in6_ifa_put(ifp);
654 } else {
655 send_sllao = 0;
656 }
657 }
658 #endif
659 __ndisc_send(dev, NULL, daddr, saddr,
660 &icmp6h, NULL,
661 send_sllao ? ND_OPT_SOURCE_LL_ADDR : 0);
662 }
663
664
665 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
666 {
667 /*
668 * "The sender MUST return an ICMP
669 * destination unreachable"
670 */
671 dst_link_failure(skb);
672 kfree_skb(skb);
673 }
674
675 /* Called with locked neigh: either read or both */
676
677 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
678 {
679 struct in6_addr *saddr = NULL;
680 struct in6_addr mcaddr;
681 struct net_device *dev = neigh->dev;
682 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
683 int probes = atomic_read(&neigh->probes);
684
685 if (skb && ipv6_chk_addr(dev_net(dev), &ipv6_hdr(skb)->saddr, dev, 1))
686 saddr = &ipv6_hdr(skb)->saddr;
687
688 if ((probes -= neigh->parms->ucast_probes) < 0) {
689 if (!(neigh->nud_state & NUD_VALID)) {
690 ND_PRINTK1(KERN_DEBUG "%s(): trying to ucast probe in NUD_INVALID: %pI6\n",
691 __func__, target);
692 }
693 ndisc_send_ns(dev, neigh, target, target, saddr);
694 } else if ((probes -= neigh->parms->app_probes) < 0) {
695 #ifdef CONFIG_ARPD
696 neigh_app_ns(neigh);
697 #endif
698 } else {
699 addrconf_addr_solict_mult(target, &mcaddr);
700 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr);
701 }
702 }
703
704 static int pndisc_is_router(const void *pkey,
705 struct net_device *dev)
706 {
707 struct pneigh_entry *n;
708 int ret = -1;
709
710 read_lock_bh(&nd_tbl.lock);
711 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
712 if (n)
713 ret = !!(n->flags & NTF_ROUTER);
714 read_unlock_bh(&nd_tbl.lock);
715
716 return ret;
717 }
718
719 static void ndisc_recv_ns(struct sk_buff *skb)
720 {
721 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
722 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
723 struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
724 u8 *lladdr = NULL;
725 u32 ndoptlen = skb->tail - (skb->transport_header +
726 offsetof(struct nd_msg, opt));
727 struct ndisc_options ndopts;
728 struct net_device *dev = skb->dev;
729 struct inet6_ifaddr *ifp;
730 struct inet6_dev *idev = NULL;
731 struct neighbour *neigh;
732 int dad = ipv6_addr_any(saddr);
733 int inc;
734 int is_router = -1;
735
736 if (ipv6_addr_is_multicast(&msg->target)) {
737 ND_PRINTK2(KERN_WARNING
738 "ICMPv6 NS: multicast target address");
739 return;
740 }
741
742 /*
743 * RFC2461 7.1.1:
744 * DAD has to be destined for solicited node multicast address.
745 */
746 if (dad &&
747 !(daddr->s6_addr32[0] == htonl(0xff020000) &&
748 daddr->s6_addr32[1] == htonl(0x00000000) &&
749 daddr->s6_addr32[2] == htonl(0x00000001) &&
750 daddr->s6_addr [12] == 0xff )) {
751 ND_PRINTK2(KERN_WARNING
752 "ICMPv6 NS: bad DAD packet (wrong destination)\n");
753 return;
754 }
755
756 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
757 ND_PRINTK2(KERN_WARNING
758 "ICMPv6 NS: invalid ND options\n");
759 return;
760 }
761
762 if (ndopts.nd_opts_src_lladdr) {
763 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
764 if (!lladdr) {
765 ND_PRINTK2(KERN_WARNING
766 "ICMPv6 NS: invalid link-layer address length\n");
767 return;
768 }
769
770 /* RFC2461 7.1.1:
771 * If the IP source address is the unspecified address,
772 * there MUST NOT be source link-layer address option
773 * in the message.
774 */
775 if (dad) {
776 ND_PRINTK2(KERN_WARNING
777 "ICMPv6 NS: bad DAD packet (link-layer address option)\n");
778 return;
779 }
780 }
781
782 inc = ipv6_addr_is_multicast(daddr);
783
784 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
785 if (ifp) {
786
787 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
788 if (dad) {
789 if (dev->type == ARPHRD_IEEE802_TR) {
790 const unsigned char *sadr;
791 sadr = skb_mac_header(skb);
792 if (((sadr[8] ^ dev->dev_addr[0]) & 0x7f) == 0 &&
793 sadr[9] == dev->dev_addr[1] &&
794 sadr[10] == dev->dev_addr[2] &&
795 sadr[11] == dev->dev_addr[3] &&
796 sadr[12] == dev->dev_addr[4] &&
797 sadr[13] == dev->dev_addr[5]) {
798 /* looped-back to us */
799 goto out;
800 }
801 }
802
803 /*
804 * We are colliding with another node
805 * who is doing DAD
806 * so fail our DAD process
807 */
808 addrconf_dad_failure(ifp);
809 return;
810 } else {
811 /*
812 * This is not a dad solicitation.
813 * If we are an optimistic node,
814 * we should respond.
815 * Otherwise, we should ignore it.
816 */
817 if (!(ifp->flags & IFA_F_OPTIMISTIC))
818 goto out;
819 }
820 }
821
822 idev = ifp->idev;
823 } else {
824 struct net *net = dev_net(dev);
825
826 idev = in6_dev_get(dev);
827 if (!idev) {
828 /* XXX: count this drop? */
829 return;
830 }
831
832 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
833 (idev->cnf.forwarding &&
834 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
835 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
836 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
837 skb->pkt_type != PACKET_HOST &&
838 inc != 0 &&
839 idev->nd_parms->proxy_delay != 0) {
840 /*
841 * for anycast or proxy,
842 * sender should delay its response
843 * by a random time between 0 and
844 * MAX_ANYCAST_DELAY_TIME seconds.
845 * (RFC2461) -- yoshfuji
846 */
847 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
848 if (n)
849 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
850 goto out;
851 }
852 } else
853 goto out;
854 }
855
856 if (is_router < 0)
857 is_router = !!idev->cnf.forwarding;
858
859 if (dad) {
860 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &msg->target,
861 is_router, 0, (ifp != NULL), 1);
862 goto out;
863 }
864
865 if (inc)
866 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
867 else
868 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
869
870 /*
871 * update / create cache entry
872 * for the source address
873 */
874 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
875 !inc || lladdr || !dev->addr_len);
876 if (neigh)
877 neigh_update(neigh, lladdr, NUD_STALE,
878 NEIGH_UPDATE_F_WEAK_OVERRIDE|
879 NEIGH_UPDATE_F_OVERRIDE);
880 if (neigh || !dev->header_ops) {
881 ndisc_send_na(dev, neigh, saddr, &msg->target,
882 is_router,
883 1, (ifp != NULL && inc), inc);
884 if (neigh)
885 neigh_release(neigh);
886 }
887
888 out:
889 if (ifp)
890 in6_ifa_put(ifp);
891 else
892 in6_dev_put(idev);
893
894 return;
895 }
896
897 static void ndisc_recv_na(struct sk_buff *skb)
898 {
899 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
900 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
901 struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
902 u8 *lladdr = NULL;
903 u32 ndoptlen = skb->tail - (skb->transport_header +
904 offsetof(struct nd_msg, opt));
905 struct ndisc_options ndopts;
906 struct net_device *dev = skb->dev;
907 struct inet6_ifaddr *ifp;
908 struct neighbour *neigh;
909
910 if (skb->len < sizeof(struct nd_msg)) {
911 ND_PRINTK2(KERN_WARNING
912 "ICMPv6 NA: packet too short\n");
913 return;
914 }
915
916 if (ipv6_addr_is_multicast(&msg->target)) {
917 ND_PRINTK2(KERN_WARNING
918 "ICMPv6 NA: target address is multicast.\n");
919 return;
920 }
921
922 if (ipv6_addr_is_multicast(daddr) &&
923 msg->icmph.icmp6_solicited) {
924 ND_PRINTK2(KERN_WARNING
925 "ICMPv6 NA: solicited NA is multicasted.\n");
926 return;
927 }
928
929 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
930 ND_PRINTK2(KERN_WARNING
931 "ICMPv6 NS: invalid ND option\n");
932 return;
933 }
934 if (ndopts.nd_opts_tgt_lladdr) {
935 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
936 if (!lladdr) {
937 ND_PRINTK2(KERN_WARNING
938 "ICMPv6 NA: invalid link-layer address length\n");
939 return;
940 }
941 }
942 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
943 if (ifp) {
944 if (ifp->flags & IFA_F_TENTATIVE) {
945 addrconf_dad_failure(ifp);
946 return;
947 }
948 /* What should we make now? The advertisement
949 is invalid, but ndisc specs say nothing
950 about it. It could be misconfiguration, or
951 an smart proxy agent tries to help us :-)
952
953 We should not print the error if NA has been
954 received from loopback - it is just our own
955 unsolicited advertisement.
956 */
957 if (skb->pkt_type != PACKET_LOOPBACK)
958 ND_PRINTK1(KERN_WARNING
959 "ICMPv6 NA: someone advertises our address %pI6 on %s!\n",
960 &ifp->addr, ifp->idev->dev->name);
961 in6_ifa_put(ifp);
962 return;
963 }
964 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
965
966 if (neigh) {
967 u8 old_flags = neigh->flags;
968 struct net *net = dev_net(dev);
969
970 if (neigh->nud_state & NUD_FAILED)
971 goto out;
972
973 /*
974 * Don't update the neighbor cache entry on a proxy NA from
975 * ourselves because either the proxied node is off link or it
976 * has already sent a NA to us.
977 */
978 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
979 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
980 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
981 /* XXX: idev->cnf.prixy_ndp */
982 goto out;
983 }
984
985 neigh_update(neigh, lladdr,
986 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
987 NEIGH_UPDATE_F_WEAK_OVERRIDE|
988 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
989 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
990 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0));
991
992 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
993 /*
994 * Change: router to host
995 */
996 struct rt6_info *rt;
997 rt = rt6_get_dflt_router(saddr, dev);
998 if (rt)
999 ip6_del_rt(rt);
1000 }
1001
1002 out:
1003 neigh_release(neigh);
1004 }
1005 }
1006
1007 static void ndisc_recv_rs(struct sk_buff *skb)
1008 {
1009 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
1010 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
1011 struct neighbour *neigh;
1012 struct inet6_dev *idev;
1013 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
1014 struct ndisc_options ndopts;
1015 u8 *lladdr = NULL;
1016
1017 if (skb->len < sizeof(*rs_msg))
1018 return;
1019
1020 idev = in6_dev_get(skb->dev);
1021 if (!idev) {
1022 if (net_ratelimit())
1023 ND_PRINTK1("ICMP6 RS: can't find in6 device\n");
1024 return;
1025 }
1026
1027 /* Don't accept RS if we're not in router mode */
1028 if (!idev->cnf.forwarding)
1029 goto out;
1030
1031 /*
1032 * Don't update NCE if src = ::;
1033 * this implies that the source node has no ip address assigned yet.
1034 */
1035 if (ipv6_addr_any(saddr))
1036 goto out;
1037
1038 /* Parse ND options */
1039 if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) {
1040 if (net_ratelimit())
1041 ND_PRINTK2("ICMP6 NS: invalid ND option, ignored\n");
1042 goto out;
1043 }
1044
1045 if (ndopts.nd_opts_src_lladdr) {
1046 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1047 skb->dev);
1048 if (!lladdr)
1049 goto out;
1050 }
1051
1052 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1053 if (neigh) {
1054 neigh_update(neigh, lladdr, NUD_STALE,
1055 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1056 NEIGH_UPDATE_F_OVERRIDE|
1057 NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
1058 neigh_release(neigh);
1059 }
1060 out:
1061 in6_dev_put(idev);
1062 }
1063
1064 static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1065 {
1066 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1067 struct sk_buff *skb;
1068 struct nlmsghdr *nlh;
1069 struct nduseroptmsg *ndmsg;
1070 struct net *net = dev_net(ra->dev);
1071 int err;
1072 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1073 + (opt->nd_opt_len << 3));
1074 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1075
1076 skb = nlmsg_new(msg_size, GFP_ATOMIC);
1077 if (skb == NULL) {
1078 err = -ENOBUFS;
1079 goto errout;
1080 }
1081
1082 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1083 if (nlh == NULL) {
1084 goto nla_put_failure;
1085 }
1086
1087 ndmsg = nlmsg_data(nlh);
1088 ndmsg->nduseropt_family = AF_INET6;
1089 ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1090 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1091 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1092 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1093
1094 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1095
1096 NLA_PUT(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr),
1097 &ipv6_hdr(ra)->saddr);
1098 nlmsg_end(skb, nlh);
1099
1100 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1101 return;
1102
1103 nla_put_failure:
1104 nlmsg_free(skb);
1105 err = -EMSGSIZE;
1106 errout:
1107 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1108 }
1109
1110 static void ndisc_router_discovery(struct sk_buff *skb)
1111 {
1112 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1113 struct neighbour *neigh = NULL;
1114 struct inet6_dev *in6_dev;
1115 struct rt6_info *rt = NULL;
1116 int lifetime;
1117 struct ndisc_options ndopts;
1118 int optlen;
1119 unsigned int pref = 0;
1120
1121 __u8 * opt = (__u8 *)(ra_msg + 1);
1122
1123 optlen = (skb->tail - skb->transport_header) - sizeof(struct ra_msg);
1124
1125 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1126 ND_PRINTK2(KERN_WARNING
1127 "ICMPv6 RA: source address is not link-local.\n");
1128 return;
1129 }
1130 if (optlen < 0) {
1131 ND_PRINTK2(KERN_WARNING
1132 "ICMPv6 RA: packet too short\n");
1133 return;
1134 }
1135
1136 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1137 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1138 ND_PRINTK2(KERN_WARNING
1139 "ICMPv6 RA: from host or unauthorized router\n");
1140 return;
1141 }
1142 #endif
1143
1144 /*
1145 * set the RA_RECV flag in the interface
1146 */
1147
1148 in6_dev = in6_dev_get(skb->dev);
1149 if (in6_dev == NULL) {
1150 ND_PRINTK0(KERN_ERR
1151 "ICMPv6 RA: can't find inet6 device for %s.\n",
1152 skb->dev->name);
1153 return;
1154 }
1155
1156 if (!ndisc_parse_options(opt, optlen, &ndopts)) {
1157 in6_dev_put(in6_dev);
1158 ND_PRINTK2(KERN_WARNING
1159 "ICMP6 RA: invalid ND options\n");
1160 return;
1161 }
1162
1163 /* skip route and link configuration on routers */
1164 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_ra)
1165 goto skip_linkparms;
1166
1167 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1168 /* skip link-specific parameters from interior routers */
1169 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1170 goto skip_linkparms;
1171 #endif
1172
1173 if (in6_dev->if_flags & IF_RS_SENT) {
1174 /*
1175 * flag that an RA was received after an RS was sent
1176 * out on this interface.
1177 */
1178 in6_dev->if_flags |= IF_RA_RCVD;
1179 }
1180
1181 /*
1182 * Remember the managed/otherconf flags from most recently
1183 * received RA message (RFC 2462) -- yoshfuji
1184 */
1185 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1186 IF_RA_OTHERCONF)) |
1187 (ra_msg->icmph.icmp6_addrconf_managed ?
1188 IF_RA_MANAGED : 0) |
1189 (ra_msg->icmph.icmp6_addrconf_other ?
1190 IF_RA_OTHERCONF : 0);
1191
1192 if (!in6_dev->cnf.accept_ra_defrtr)
1193 goto skip_defrtr;
1194
1195 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1196
1197 #ifdef CONFIG_IPV6_ROUTER_PREF
1198 pref = ra_msg->icmph.icmp6_router_pref;
1199 /* 10b is handled as if it were 00b (medium) */
1200 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1201 !in6_dev->cnf.accept_ra_rtr_pref)
1202 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1203 #endif
1204
1205 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1206
1207 if (rt)
1208 neigh = rt->rt6i_nexthop;
1209
1210 if (rt && lifetime == 0) {
1211 neigh_clone(neigh);
1212 ip6_del_rt(rt);
1213 rt = NULL;
1214 }
1215
1216 if (rt == NULL && lifetime) {
1217 ND_PRINTK3(KERN_DEBUG
1218 "ICMPv6 RA: adding default router.\n");
1219
1220 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
1221 if (rt == NULL) {
1222 ND_PRINTK0(KERN_ERR
1223 "ICMPv6 RA: %s() failed to add default route.\n",
1224 __func__);
1225 in6_dev_put(in6_dev);
1226 return;
1227 }
1228
1229 neigh = rt->rt6i_nexthop;
1230 if (neigh == NULL) {
1231 ND_PRINTK0(KERN_ERR
1232 "ICMPv6 RA: %s() got default router without neighbour.\n",
1233 __func__);
1234 dst_release(&rt->u.dst);
1235 in6_dev_put(in6_dev);
1236 return;
1237 }
1238 neigh->flags |= NTF_ROUTER;
1239 } else if (rt) {
1240 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1241 }
1242
1243 if (rt)
1244 rt->rt6i_expires = jiffies + (HZ * lifetime);
1245
1246 if (ra_msg->icmph.icmp6_hop_limit) {
1247 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1248 if (rt)
1249 rt->u.dst.metrics[RTAX_HOPLIMIT-1] = ra_msg->icmph.icmp6_hop_limit;
1250 }
1251
1252 skip_defrtr:
1253
1254 /*
1255 * Update Reachable Time and Retrans Timer
1256 */
1257
1258 if (in6_dev->nd_parms) {
1259 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1260
1261 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1262 rtime = (rtime*HZ)/1000;
1263 if (rtime < HZ/10)
1264 rtime = HZ/10;
1265 in6_dev->nd_parms->retrans_time = rtime;
1266 in6_dev->tstamp = jiffies;
1267 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1268 }
1269
1270 rtime = ntohl(ra_msg->reachable_time);
1271 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1272 rtime = (rtime*HZ)/1000;
1273
1274 if (rtime < HZ/10)
1275 rtime = HZ/10;
1276
1277 if (rtime != in6_dev->nd_parms->base_reachable_time) {
1278 in6_dev->nd_parms->base_reachable_time = rtime;
1279 in6_dev->nd_parms->gc_staletime = 3 * rtime;
1280 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1281 in6_dev->tstamp = jiffies;
1282 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1283 }
1284 }
1285 }
1286
1287 skip_linkparms:
1288
1289 /*
1290 * Process options.
1291 */
1292
1293 if (!neigh)
1294 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1295 skb->dev, 1);
1296 if (neigh) {
1297 u8 *lladdr = NULL;
1298 if (ndopts.nd_opts_src_lladdr) {
1299 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1300 skb->dev);
1301 if (!lladdr) {
1302 ND_PRINTK2(KERN_WARNING
1303 "ICMPv6 RA: invalid link-layer address length\n");
1304 goto out;
1305 }
1306 }
1307 neigh_update(neigh, lladdr, NUD_STALE,
1308 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1309 NEIGH_UPDATE_F_OVERRIDE|
1310 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1311 NEIGH_UPDATE_F_ISROUTER);
1312 }
1313
1314 /* skip route and link configuration on routers */
1315 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_ra)
1316 goto out;
1317
1318 #ifdef CONFIG_IPV6_ROUTE_INFO
1319 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1320 struct nd_opt_hdr *p;
1321 for (p = ndopts.nd_opts_ri;
1322 p;
1323 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1324 struct route_info *ri = (struct route_info *)p;
1325 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1326 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1327 ri->prefix_len == 0)
1328 continue;
1329 #endif
1330 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1331 continue;
1332 rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3,
1333 &ipv6_hdr(skb)->saddr);
1334 }
1335 }
1336 #endif
1337
1338 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1339 /* skip link-specific ndopts from interior routers */
1340 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1341 goto out;
1342 #endif
1343
1344 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1345 struct nd_opt_hdr *p;
1346 for (p = ndopts.nd_opts_pi;
1347 p;
1348 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1349 addrconf_prefix_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3);
1350 }
1351 }
1352
1353 if (ndopts.nd_opts_mtu) {
1354 __be32 n;
1355 u32 mtu;
1356
1357 memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1358 mtu = ntohl(n);
1359
1360 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1361 ND_PRINTK2(KERN_WARNING
1362 "ICMPv6 RA: invalid mtu: %d\n",
1363 mtu);
1364 } else if (in6_dev->cnf.mtu6 != mtu) {
1365 in6_dev->cnf.mtu6 = mtu;
1366
1367 if (rt)
1368 rt->u.dst.metrics[RTAX_MTU-1] = mtu;
1369
1370 rt6_mtu_change(skb->dev, mtu);
1371 }
1372 }
1373
1374 if (ndopts.nd_useropts) {
1375 struct nd_opt_hdr *p;
1376 for (p = ndopts.nd_useropts;
1377 p;
1378 p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) {
1379 ndisc_ra_useropt(skb, p);
1380 }
1381 }
1382
1383 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1384 ND_PRINTK2(KERN_WARNING
1385 "ICMPv6 RA: invalid RA options");
1386 }
1387 out:
1388 if (rt)
1389 dst_release(&rt->u.dst);
1390 else if (neigh)
1391 neigh_release(neigh);
1392 in6_dev_put(in6_dev);
1393 }
1394
1395 static void ndisc_redirect_rcv(struct sk_buff *skb)
1396 {
1397 struct inet6_dev *in6_dev;
1398 struct icmp6hdr *icmph;
1399 struct in6_addr *dest;
1400 struct in6_addr *target; /* new first hop to destination */
1401 struct neighbour *neigh;
1402 int on_link = 0;
1403 struct ndisc_options ndopts;
1404 int optlen;
1405 u8 *lladdr = NULL;
1406
1407 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1408 switch (skb->ndisc_nodetype) {
1409 case NDISC_NODETYPE_HOST:
1410 case NDISC_NODETYPE_NODEFAULT:
1411 ND_PRINTK2(KERN_WARNING
1412 "ICMPv6 Redirect: from host or unauthorized router\n");
1413 return;
1414 }
1415 #endif
1416
1417 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1418 ND_PRINTK2(KERN_WARNING
1419 "ICMPv6 Redirect: source address is not link-local.\n");
1420 return;
1421 }
1422
1423 optlen = skb->tail - skb->transport_header;
1424 optlen -= sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1425
1426 if (optlen < 0) {
1427 ND_PRINTK2(KERN_WARNING
1428 "ICMPv6 Redirect: packet too short\n");
1429 return;
1430 }
1431
1432 icmph = icmp6_hdr(skb);
1433 target = (struct in6_addr *) (icmph + 1);
1434 dest = target + 1;
1435
1436 if (ipv6_addr_is_multicast(dest)) {
1437 ND_PRINTK2(KERN_WARNING
1438 "ICMPv6 Redirect: destination address is multicast.\n");
1439 return;
1440 }
1441
1442 if (ipv6_addr_equal(dest, target)) {
1443 on_link = 1;
1444 } else if (ipv6_addr_type(target) !=
1445 (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1446 ND_PRINTK2(KERN_WARNING
1447 "ICMPv6 Redirect: target address is not link-local unicast.\n");
1448 return;
1449 }
1450
1451 in6_dev = in6_dev_get(skb->dev);
1452 if (!in6_dev)
1453 return;
1454 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects) {
1455 in6_dev_put(in6_dev);
1456 return;
1457 }
1458
1459 /* RFC2461 8.1:
1460 * The IP source address of the Redirect MUST be the same as the current
1461 * first-hop router for the specified ICMP Destination Address.
1462 */
1463
1464 if (!ndisc_parse_options((u8*)(dest + 1), optlen, &ndopts)) {
1465 ND_PRINTK2(KERN_WARNING
1466 "ICMPv6 Redirect: invalid ND options\n");
1467 in6_dev_put(in6_dev);
1468 return;
1469 }
1470 if (ndopts.nd_opts_tgt_lladdr) {
1471 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr,
1472 skb->dev);
1473 if (!lladdr) {
1474 ND_PRINTK2(KERN_WARNING
1475 "ICMPv6 Redirect: invalid link-layer address length\n");
1476 in6_dev_put(in6_dev);
1477 return;
1478 }
1479 }
1480
1481 neigh = __neigh_lookup(&nd_tbl, target, skb->dev, 1);
1482 if (neigh) {
1483 rt6_redirect(dest, &ipv6_hdr(skb)->daddr,
1484 &ipv6_hdr(skb)->saddr, neigh, lladdr,
1485 on_link);
1486 neigh_release(neigh);
1487 }
1488 in6_dev_put(in6_dev);
1489 }
1490
1491 void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh,
1492 const struct in6_addr *target)
1493 {
1494 struct net_device *dev = skb->dev;
1495 struct net *net = dev_net(dev);
1496 struct sock *sk = net->ipv6.ndisc_sk;
1497 int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1498 struct sk_buff *buff;
1499 struct icmp6hdr *icmph;
1500 struct in6_addr saddr_buf;
1501 struct in6_addr *addrp;
1502 struct rt6_info *rt;
1503 struct dst_entry *dst;
1504 struct inet6_dev *idev;
1505 struct flowi fl;
1506 u8 *opt;
1507 int rd_len;
1508 int err;
1509 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL;
1510
1511 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1512 ND_PRINTK2(KERN_WARNING
1513 "ICMPv6 Redirect: no link-local address on %s\n",
1514 dev->name);
1515 return;
1516 }
1517
1518 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1519 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1520 ND_PRINTK2(KERN_WARNING
1521 "ICMPv6 Redirect: target address is not link-local unicast.\n");
1522 return;
1523 }
1524
1525 icmpv6_flow_init(sk, &fl, NDISC_REDIRECT,
1526 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1527
1528 dst = ip6_route_output(net, NULL, &fl);
1529 if (dst == NULL)
1530 return;
1531
1532 err = xfrm_lookup(net, &dst, &fl, NULL, 0);
1533 if (err)
1534 return;
1535
1536 rt = (struct rt6_info *) dst;
1537
1538 if (rt->rt6i_flags & RTF_GATEWAY) {
1539 ND_PRINTK2(KERN_WARNING
1540 "ICMPv6 Redirect: destination is not a neighbour.\n");
1541 goto release;
1542 }
1543 if (!xrlim_allow(dst, 1*HZ))
1544 goto release;
1545
1546 if (dev->addr_len) {
1547 read_lock_bh(&neigh->lock);
1548 if (neigh->nud_state & NUD_VALID) {
1549 memcpy(ha_buf, neigh->ha, dev->addr_len);
1550 read_unlock_bh(&neigh->lock);
1551 ha = ha_buf;
1552 len += ndisc_opt_addr_space(dev);
1553 } else
1554 read_unlock_bh(&neigh->lock);
1555 }
1556
1557 rd_len = min_t(unsigned int,
1558 IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8);
1559 rd_len &= ~0x7;
1560 len += rd_len;
1561
1562 buff = sock_alloc_send_skb(sk,
1563 (MAX_HEADER + sizeof(struct ipv6hdr) +
1564 len + LL_ALLOCATED_SPACE(dev)),
1565 1, &err);
1566 if (buff == NULL) {
1567 ND_PRINTK0(KERN_ERR
1568 "ICMPv6 Redirect: %s() failed to allocate an skb, err=%d.\n",
1569 __func__, err);
1570 goto release;
1571 }
1572
1573 skb_reserve(buff, LL_RESERVED_SPACE(dev));
1574 ip6_nd_hdr(sk, buff, dev, &saddr_buf, &ipv6_hdr(skb)->saddr,
1575 IPPROTO_ICMPV6, len);
1576
1577 skb_set_transport_header(buff, skb_tail_pointer(buff) - buff->data);
1578 skb_put(buff, len);
1579 icmph = icmp6_hdr(buff);
1580
1581 memset(icmph, 0, sizeof(struct icmp6hdr));
1582 icmph->icmp6_type = NDISC_REDIRECT;
1583
1584 /*
1585 * copy target and destination addresses
1586 */
1587
1588 addrp = (struct in6_addr *)(icmph + 1);
1589 ipv6_addr_copy(addrp, target);
1590 addrp++;
1591 ipv6_addr_copy(addrp, &ipv6_hdr(skb)->daddr);
1592
1593 opt = (u8*) (addrp + 1);
1594
1595 /*
1596 * include target_address option
1597 */
1598
1599 if (ha)
1600 opt = ndisc_fill_addr_option(opt, ND_OPT_TARGET_LL_ADDR, ha,
1601 dev->addr_len, dev->type);
1602
1603 /*
1604 * build redirect option and copy skb over to the new packet.
1605 */
1606
1607 memset(opt, 0, 8);
1608 *(opt++) = ND_OPT_REDIRECT_HDR;
1609 *(opt++) = (rd_len >> 3);
1610 opt += 6;
1611
1612 memcpy(opt, ipv6_hdr(skb), rd_len - 8);
1613
1614 icmph->icmp6_cksum = csum_ipv6_magic(&saddr_buf, &ipv6_hdr(skb)->saddr,
1615 len, IPPROTO_ICMPV6,
1616 csum_partial(icmph, len, 0));
1617
1618 skb_dst_set(buff, dst);
1619 idev = in6_dev_get(dst->dev);
1620 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
1621 err = NF_HOOK(PF_INET6, NF_INET_LOCAL_OUT, buff, NULL, dst->dev,
1622 dst_output);
1623 if (!err) {
1624 ICMP6MSGOUT_INC_STATS(net, idev, NDISC_REDIRECT);
1625 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
1626 }
1627
1628 if (likely(idev != NULL))
1629 in6_dev_put(idev);
1630 return;
1631
1632 release:
1633 dst_release(dst);
1634 }
1635
1636 static void pndisc_redo(struct sk_buff *skb)
1637 {
1638 ndisc_recv_ns(skb);
1639 kfree_skb(skb);
1640 }
1641
1642 int ndisc_rcv(struct sk_buff *skb)
1643 {
1644 struct nd_msg *msg;
1645
1646 if (!pskb_may_pull(skb, skb->len))
1647 return 0;
1648
1649 msg = (struct nd_msg *)skb_transport_header(skb);
1650
1651 __skb_push(skb, skb->data - skb_transport_header(skb));
1652
1653 if (ipv6_hdr(skb)->hop_limit != 255) {
1654 ND_PRINTK2(KERN_WARNING
1655 "ICMPv6 NDISC: invalid hop-limit: %d\n",
1656 ipv6_hdr(skb)->hop_limit);
1657 return 0;
1658 }
1659
1660 if (msg->icmph.icmp6_code != 0) {
1661 ND_PRINTK2(KERN_WARNING
1662 "ICMPv6 NDISC: invalid ICMPv6 code: %d\n",
1663 msg->icmph.icmp6_code);
1664 return 0;
1665 }
1666
1667 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1668
1669 switch (msg->icmph.icmp6_type) {
1670 case NDISC_NEIGHBOUR_SOLICITATION:
1671 ndisc_recv_ns(skb);
1672 break;
1673
1674 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1675 ndisc_recv_na(skb);
1676 break;
1677
1678 case NDISC_ROUTER_SOLICITATION:
1679 ndisc_recv_rs(skb);
1680 break;
1681
1682 case NDISC_ROUTER_ADVERTISEMENT:
1683 ndisc_router_discovery(skb);
1684 break;
1685
1686 case NDISC_REDIRECT:
1687 ndisc_redirect_rcv(skb);
1688 break;
1689 }
1690
1691 return 0;
1692 }
1693
1694 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1695 {
1696 struct net_device *dev = ptr;
1697 struct net *net = dev_net(dev);
1698
1699 switch (event) {
1700 case NETDEV_CHANGEADDR:
1701 neigh_changeaddr(&nd_tbl, dev);
1702 fib6_run_gc(~0UL, net);
1703 break;
1704 case NETDEV_DOWN:
1705 neigh_ifdown(&nd_tbl, dev);
1706 fib6_run_gc(~0UL, net);
1707 break;
1708 default:
1709 break;
1710 }
1711
1712 return NOTIFY_DONE;
1713 }
1714
1715 static struct notifier_block ndisc_netdev_notifier = {
1716 .notifier_call = ndisc_netdev_event,
1717 };
1718
1719 #ifdef CONFIG_SYSCTL
1720 static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1721 const char *func, const char *dev_name)
1722 {
1723 static char warncomm[TASK_COMM_LEN];
1724 static int warned;
1725 if (strcmp(warncomm, current->comm) && warned < 5) {
1726 strcpy(warncomm, current->comm);
1727 printk(KERN_WARNING
1728 "process `%s' is using deprecated sysctl (%s) "
1729 "net.ipv6.neigh.%s.%s; "
1730 "Use net.ipv6.neigh.%s.%s_ms "
1731 "instead.\n",
1732 warncomm, func,
1733 dev_name, ctl->procname,
1734 dev_name, ctl->procname);
1735 warned++;
1736 }
1737 }
1738
1739 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
1740 {
1741 struct net_device *dev = ctl->extra1;
1742 struct inet6_dev *idev;
1743 int ret;
1744
1745 if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1746 (strcmp(ctl->procname, "base_reachable_time") == 0))
1747 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1748
1749 if (strcmp(ctl->procname, "retrans_time") == 0)
1750 ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
1751
1752 else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1753 ret = proc_dointvec_jiffies(ctl, write,
1754 buffer, lenp, ppos);
1755
1756 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1757 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1758 ret = proc_dointvec_ms_jiffies(ctl, write,
1759 buffer, lenp, ppos);
1760 else
1761 ret = -1;
1762
1763 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1764 if (ctl->data == &idev->nd_parms->base_reachable_time)
1765 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time);
1766 idev->tstamp = jiffies;
1767 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1768 in6_dev_put(idev);
1769 }
1770 return ret;
1771 }
1772
1773
1774 #endif
1775
1776 static int __net_init ndisc_net_init(struct net *net)
1777 {
1778 struct ipv6_pinfo *np;
1779 struct sock *sk;
1780 int err;
1781
1782 err = inet_ctl_sock_create(&sk, PF_INET6,
1783 SOCK_RAW, IPPROTO_ICMPV6, net);
1784 if (err < 0) {
1785 ND_PRINTK0(KERN_ERR
1786 "ICMPv6 NDISC: Failed to initialize the control socket (err %d).\n",
1787 err);
1788 return err;
1789 }
1790
1791 net->ipv6.ndisc_sk = sk;
1792
1793 np = inet6_sk(sk);
1794 np->hop_limit = 255;
1795 /* Do not loopback ndisc messages */
1796 np->mc_loop = 0;
1797
1798 return 0;
1799 }
1800
1801 static void __net_exit ndisc_net_exit(struct net *net)
1802 {
1803 inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1804 }
1805
1806 static struct pernet_operations ndisc_net_ops = {
1807 .init = ndisc_net_init,
1808 .exit = ndisc_net_exit,
1809 };
1810
1811 int __init ndisc_init(void)
1812 {
1813 int err;
1814
1815 err = register_pernet_subsys(&ndisc_net_ops);
1816 if (err)
1817 return err;
1818 /*
1819 * Initialize the neighbour table
1820 */
1821 neigh_table_init(&nd_tbl);
1822
1823 #ifdef CONFIG_SYSCTL
1824 err = neigh_sysctl_register(NULL, &nd_tbl.parms, "ipv6",
1825 &ndisc_ifinfo_sysctl_change);
1826 if (err)
1827 goto out_unregister_pernet;
1828 #endif
1829 err = register_netdevice_notifier(&ndisc_netdev_notifier);
1830 if (err)
1831 goto out_unregister_sysctl;
1832 out:
1833 return err;
1834
1835 out_unregister_sysctl:
1836 #ifdef CONFIG_SYSCTL
1837 neigh_sysctl_unregister(&nd_tbl.parms);
1838 out_unregister_pernet:
1839 #endif
1840 unregister_pernet_subsys(&ndisc_net_ops);
1841 goto out;
1842 }
1843
1844 void ndisc_cleanup(void)
1845 {
1846 unregister_netdevice_notifier(&ndisc_netdev_notifier);
1847 #ifdef CONFIG_SYSCTL
1848 neigh_sysctl_unregister(&nd_tbl.parms);
1849 #endif
1850 neigh_table_clear(&nd_tbl);
1851 unregister_pernet_subsys(&ndisc_net_ops);
1852 }
ubuntu-bionic-kernel mirror