search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge remote-tracking branch 'moduleh/module.h-split'
[linux-2.6/next.git] / net / ipv6 / ndisc.c
blob1f52dd2576312bd33e242d445eb5510f993f529d
1 /*
2 * Neighbour Discovery for IPv6
3 * Linux INET6 implementation
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 * Mike Shaver <shaver@ingenia.com>
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version
12 * 2 of the License, or (at your option) any later version.
13 */
14
15 /*
16 * Changes:
17 *
18 * Pierre Ynard : export userland ND options
19 * through netlink (RDNSS support)
20 * Lars Fenneberg : fixed MTU setting on receipt
21 * of an RA.
22 * Janos Farkas : kmalloc failure checks
23 * Alexey Kuznetsov : state machine reworked
24 * and moved to net/core.
25 * Pekka Savola : RFC2461 validation
26 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly
27 */
28
29 /* Set to 3 to get tracing... */
30 #define ND_DEBUG 1
31
32 #define ND_PRINTK(fmt, args...) do { if (net_ratelimit()) { printk(fmt, ## args); } } while(0)
33 #define ND_NOPRINTK(x...) do { ; } while(0)
34 #define ND_PRINTK0 ND_PRINTK
35 #define ND_PRINTK1 ND_NOPRINTK
36 #define ND_PRINTK2 ND_NOPRINTK
37 #define ND_PRINTK3 ND_NOPRINTK
38 #if ND_DEBUG >= 1
39 #undef ND_PRINTK1
40 #define ND_PRINTK1 ND_PRINTK
41 #endif
42 #if ND_DEBUG >= 2
43 #undef ND_PRINTK2
44 #define ND_PRINTK2 ND_PRINTK
45 #endif
46 #if ND_DEBUG >= 3
47 #undef ND_PRINTK3
48 #define ND_PRINTK3 ND_PRINTK
49 #endif
50
51 #include <linux/module.h>
52 #include <linux/errno.h>
53 #include <linux/types.h>
54 #include <linux/socket.h>
55 #include <linux/sockios.h>
56 #include <linux/sched.h>
57 #include <linux/net.h>
58 #include <linux/in6.h>
59 #include <linux/route.h>
60 #include <linux/init.h>
61 #include <linux/rcupdate.h>
62 #include <linux/slab.h>
63 #ifdef CONFIG_SYSCTL
64 #include <linux/sysctl.h>
65 #endif
66
67 #include <linux/if_addr.h>
68 #include <linux/if_arp.h>
69 #include <linux/ipv6.h>
70 #include <linux/icmpv6.h>
71 #include <linux/jhash.h>
72
73 #include <net/sock.h>
74 #include <net/snmp.h>
75
76 #include <net/ipv6.h>
77 #include <net/protocol.h>
78 #include <net/ndisc.h>
79 #include <net/ip6_route.h>
80 #include <net/addrconf.h>
81 #include <net/icmp.h>
82
83 #include <net/netlink.h>
84 #include <linux/rtnetlink.h>
85
86 #include <net/flow.h>
87 #include <net/ip6_checksum.h>
88 #include <net/inet_common.h>
89 #include <linux/proc_fs.h>
90
91 #include <linux/netfilter.h>
92 #include <linux/netfilter_ipv6.h>
93
94 static u32 ndisc_hash(const void *pkey,
95 const struct net_device *dev,
96 __u32 rnd);
97 static int ndisc_constructor(struct neighbour *neigh);
98 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
99 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
100 static int pndisc_constructor(struct pneigh_entry *n);
101 static void pndisc_destructor(struct pneigh_entry *n);
102 static void pndisc_redo(struct sk_buff *skb);
103
104 static const struct neigh_ops ndisc_generic_ops = {
105 .family = AF_INET6,
106 .solicit = ndisc_solicit,
107 .error_report = ndisc_error_report,
108 .output = neigh_resolve_output,
109 .connected_output = neigh_connected_output,
110 };
111
112 static const struct neigh_ops ndisc_hh_ops = {
113 .family = AF_INET6,
114 .solicit = ndisc_solicit,
115 .error_report = ndisc_error_report,
116 .output = neigh_resolve_output,
117 .connected_output = neigh_resolve_output,
118 };
119
120
121 static const struct neigh_ops ndisc_direct_ops = {
122 .family = AF_INET6,
123 .output = neigh_direct_output,
124 .connected_output = neigh_direct_output,
125 };
126
127 struct neigh_table nd_tbl = {
128 .family = AF_INET6,
129 .entry_size = sizeof(struct neighbour) + sizeof(struct in6_addr),
130 .key_len = sizeof(struct in6_addr),
131 .hash = ndisc_hash,
132 .constructor = ndisc_constructor,
133 .pconstructor = pndisc_constructor,
134 .pdestructor = pndisc_destructor,
135 .proxy_redo = pndisc_redo,
136 .id = "ndisc_cache",
137 .parms = {
138 .tbl = &nd_tbl,
139 .base_reachable_time = ND_REACHABLE_TIME,
140 .retrans_time = ND_RETRANS_TIMER,
141 .gc_staletime = 60 * HZ,
142 .reachable_time = ND_REACHABLE_TIME,
143 .delay_probe_time = 5 * HZ,
144 .queue_len = 3,
145 .ucast_probes = 3,
146 .mcast_probes = 3,
147 .anycast_delay = 1 * HZ,
148 .proxy_delay = (8 * HZ) / 10,
149 .proxy_qlen = 64,
150 },
151 .gc_interval = 30 * HZ,
152 .gc_thresh1 = 128,
153 .gc_thresh2 = 512,
154 .gc_thresh3 = 1024,
155 };
156
157 /* ND options */
158 struct ndisc_options {
159 struct nd_opt_hdr *nd_opt_array[__ND_OPT_ARRAY_MAX];
160 #ifdef CONFIG_IPV6_ROUTE_INFO
161 struct nd_opt_hdr *nd_opts_ri;
162 struct nd_opt_hdr *nd_opts_ri_end;
163 #endif
164 struct nd_opt_hdr *nd_useropts;
165 struct nd_opt_hdr *nd_useropts_end;
166 };
167
168 #define nd_opts_src_lladdr nd_opt_array[ND_OPT_SOURCE_LL_ADDR]
169 #define nd_opts_tgt_lladdr nd_opt_array[ND_OPT_TARGET_LL_ADDR]
170 #define nd_opts_pi nd_opt_array[ND_OPT_PREFIX_INFO]
171 #define nd_opts_pi_end nd_opt_array[__ND_OPT_PREFIX_INFO_END]
172 #define nd_opts_rh nd_opt_array[ND_OPT_REDIRECT_HDR]
173 #define nd_opts_mtu nd_opt_array[ND_OPT_MTU]
174
175 #define NDISC_OPT_SPACE(len) (((len)+2+7)&~7)
176
177 /*
178 * Return the padding between the option length and the start of the
179 * link addr. Currently only IP-over-InfiniBand needs this, although
180 * if RFC 3831 IPv6-over-Fibre Channel is ever implemented it may
181 * also need a pad of 2.
182 */
183 static int ndisc_addr_option_pad(unsigned short type)
184 {
185 switch (type) {
186 case ARPHRD_INFINIBAND: return 2;
187 default: return 0;
188 }
189 }
190
191 static inline int ndisc_opt_addr_space(struct net_device *dev)
192 {
193 return NDISC_OPT_SPACE(dev->addr_len + ndisc_addr_option_pad(dev->type));
194 }
195
196 static u8 *ndisc_fill_addr_option(u8 *opt, int type, void *data, int data_len,
197 unsigned short addr_type)
198 {
199 int space = NDISC_OPT_SPACE(data_len);
200 int pad = ndisc_addr_option_pad(addr_type);
201
202 opt[0] = type;
203 opt[1] = space>>3;
204
205 memset(opt + 2, 0, pad);
206 opt += pad;
207 space -= pad;
208
209 memcpy(opt+2, data, data_len);
210 data_len += 2;
211 opt += data_len;
212 if ((space -= data_len) > 0)
213 memset(opt, 0, space);
214 return opt + space;
215 }
216
217 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
218 struct nd_opt_hdr *end)
219 {
220 int type;
221 if (!cur || !end || cur >= end)
222 return NULL;
223 type = cur->nd_opt_type;
224 do {
225 cur = ((void *)cur) + (cur->nd_opt_len << 3);
226 } while(cur < end && cur->nd_opt_type != type);
227 return cur <= end && cur->nd_opt_type == type ? cur : NULL;
228 }
229
230 static inline int ndisc_is_useropt(struct nd_opt_hdr *opt)
231 {
232 return opt->nd_opt_type == ND_OPT_RDNSS;
233 }
234
235 static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur,
236 struct nd_opt_hdr *end)
237 {
238 if (!cur || !end || cur >= end)
239 return NULL;
240 do {
241 cur = ((void *)cur) + (cur->nd_opt_len << 3);
242 } while(cur < end && !ndisc_is_useropt(cur));
243 return cur <= end && ndisc_is_useropt(cur) ? cur : NULL;
244 }
245
246 static struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
247 struct ndisc_options *ndopts)
248 {
249 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
250
251 if (!nd_opt || opt_len < 0 || !ndopts)
252 return NULL;
253 memset(ndopts, 0, sizeof(*ndopts));
254 while (opt_len) {
255 int l;
256 if (opt_len < sizeof(struct nd_opt_hdr))
257 return NULL;
258 l = nd_opt->nd_opt_len << 3;
259 if (opt_len < l || l == 0)
260 return NULL;
261 switch (nd_opt->nd_opt_type) {
262 case ND_OPT_SOURCE_LL_ADDR:
263 case ND_OPT_TARGET_LL_ADDR:
264 case ND_OPT_MTU:
265 case ND_OPT_REDIRECT_HDR:
266 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
267 ND_PRINTK2(KERN_WARNING
268 "%s(): duplicated ND6 option found: type=%d\n",
269 __func__,
270 nd_opt->nd_opt_type);
271 } else {
272 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
273 }
274 break;
275 case ND_OPT_PREFIX_INFO:
276 ndopts->nd_opts_pi_end = nd_opt;
277 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
278 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
279 break;
280 #ifdef CONFIG_IPV6_ROUTE_INFO
281 case ND_OPT_ROUTE_INFO:
282 ndopts->nd_opts_ri_end = nd_opt;
283 if (!ndopts->nd_opts_ri)
284 ndopts->nd_opts_ri = nd_opt;
285 break;
286 #endif
287 default:
288 if (ndisc_is_useropt(nd_opt)) {
289 ndopts->nd_useropts_end = nd_opt;
290 if (!ndopts->nd_useropts)
291 ndopts->nd_useropts = nd_opt;
292 } else {
293 /*
294 * Unknown options must be silently ignored,
295 * to accommodate future extension to the
296 * protocol.
297 */
298 ND_PRINTK2(KERN_NOTICE
299 "%s(): ignored unsupported option; type=%d, len=%d\n",
300 __func__,
301 nd_opt->nd_opt_type, nd_opt->nd_opt_len);
302 }
303 }
304 opt_len -= l;
305 nd_opt = ((void *)nd_opt) + l;
306 }
307 return ndopts;
308 }
309
310 static inline u8 *ndisc_opt_addr_data(struct nd_opt_hdr *p,
311 struct net_device *dev)
312 {
313 u8 *lladdr = (u8 *)(p + 1);
314 int lladdrlen = p->nd_opt_len << 3;
315 int prepad = ndisc_addr_option_pad(dev->type);
316 if (lladdrlen != NDISC_OPT_SPACE(dev->addr_len + prepad))
317 return NULL;
318 return lladdr + prepad;
319 }
320
321 int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
322 {
323 switch (dev->type) {
324 case ARPHRD_ETHER:
325 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */
326 case ARPHRD_FDDI:
327 ipv6_eth_mc_map(addr, buf);
328 return 0;
329 case ARPHRD_IEEE802_TR:
330 ipv6_tr_mc_map(addr,buf);
331 return 0;
332 case ARPHRD_ARCNET:
333 ipv6_arcnet_mc_map(addr, buf);
334 return 0;
335 case ARPHRD_INFINIBAND:
336 ipv6_ib_mc_map(addr, dev->broadcast, buf);
337 return 0;
338 case ARPHRD_IPGRE:
339 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
340 default:
341 if (dir) {
342 memcpy(buf, dev->broadcast, dev->addr_len);
343 return 0;
344 }
345 }
346 return -EINVAL;
347 }
348
349 EXPORT_SYMBOL(ndisc_mc_map);
350
351 static u32 ndisc_hash(const void *pkey,
352 const struct net_device *dev,
353 __u32 hash_rnd)
354 {
355 const u32 *p32 = pkey;
356 u32 addr_hash, i;
357
358 addr_hash = 0;
359 for (i = 0; i < (sizeof(struct in6_addr) / sizeof(u32)); i++)
360 addr_hash ^= *p32++;
361
362 return jhash_2words(addr_hash, dev->ifindex, hash_rnd);
363 }
364
365 static int ndisc_constructor(struct neighbour *neigh)
366 {
367 struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key;
368 struct net_device *dev = neigh->dev;
369 struct inet6_dev *in6_dev;
370 struct neigh_parms *parms;
371 int is_multicast = ipv6_addr_is_multicast(addr);
372
373 rcu_read_lock();
374 in6_dev = in6_dev_get(dev);
375 if (in6_dev == NULL) {
376 rcu_read_unlock();
377 return -EINVAL;
378 }
379
380 parms = in6_dev->nd_parms;
381 __neigh_parms_put(neigh->parms);
382 neigh->parms = neigh_parms_clone(parms);
383 rcu_read_unlock();
384
385 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
386 if (!dev->header_ops) {
387 neigh->nud_state = NUD_NOARP;
388 neigh->ops = &ndisc_direct_ops;
389 neigh->output = neigh_direct_output;
390 } else {
391 if (is_multicast) {
392 neigh->nud_state = NUD_NOARP;
393 ndisc_mc_map(addr, neigh->ha, dev, 1);
394 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
395 neigh->nud_state = NUD_NOARP;
396 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
397 if (dev->flags&IFF_LOOPBACK)
398 neigh->type = RTN_LOCAL;
399 } else if (dev->flags&IFF_POINTOPOINT) {
400 neigh->nud_state = NUD_NOARP;
401 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
402 }
403 if (dev->header_ops->cache)
404 neigh->ops = &ndisc_hh_ops;
405 else
406 neigh->ops = &ndisc_generic_ops;
407 if (neigh->nud_state&NUD_VALID)
408 neigh->output = neigh->ops->connected_output;
409 else
410 neigh->output = neigh->ops->output;
411 }
412 in6_dev_put(in6_dev);
413 return 0;
414 }
415
416 static int pndisc_constructor(struct pneigh_entry *n)
417 {
418 struct in6_addr *addr = (struct in6_addr*)&n->key;
419 struct in6_addr maddr;
420 struct net_device *dev = n->dev;
421
422 if (dev == NULL || __in6_dev_get(dev) == NULL)
423 return -EINVAL;
424 addrconf_addr_solict_mult(addr, &maddr);
425 ipv6_dev_mc_inc(dev, &maddr);
426 return 0;
427 }
428
429 static void pndisc_destructor(struct pneigh_entry *n)
430 {
431 struct in6_addr *addr = (struct in6_addr*)&n->key;
432 struct in6_addr maddr;
433 struct net_device *dev = n->dev;
434
435 if (dev == NULL || __in6_dev_get(dev) == NULL)
436 return;
437 addrconf_addr_solict_mult(addr, &maddr);
438 ipv6_dev_mc_dec(dev, &maddr);
439 }
440
441 struct sk_buff *ndisc_build_skb(struct net_device *dev,
442 const struct in6_addr *daddr,
443 const struct in6_addr *saddr,
444 struct icmp6hdr *icmp6h,
445 const struct in6_addr *target,
446 int llinfo)
447 {
448 struct net *net = dev_net(dev);
449 struct sock *sk = net->ipv6.ndisc_sk;
450 struct sk_buff *skb;
451 struct icmp6hdr *hdr;
452 int len;
453 int err;
454 u8 *opt;
455
456 if (!dev->addr_len)
457 llinfo = 0;
458
459 len = sizeof(struct icmp6hdr) + (target ? sizeof(*target) : 0);
460 if (llinfo)
461 len += ndisc_opt_addr_space(dev);
462
463 skb = sock_alloc_send_skb(sk,
464 (MAX_HEADER + sizeof(struct ipv6hdr) +
465 len + LL_ALLOCATED_SPACE(dev)),
466 1, &err);
467 if (!skb) {
468 ND_PRINTK0(KERN_ERR
469 "ICMPv6 ND: %s() failed to allocate an skb, err=%d.\n",
470 __func__, err);
471 return NULL;
472 }
473
474 skb_reserve(skb, LL_RESERVED_SPACE(dev));
475 ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len);
476
477 skb->transport_header = skb->tail;
478 skb_put(skb, len);
479
480 hdr = (struct icmp6hdr *)skb_transport_header(skb);
481 memcpy(hdr, icmp6h, sizeof(*hdr));
482
483 opt = skb_transport_header(skb) + sizeof(struct icmp6hdr);
484 if (target) {
485 ipv6_addr_copy((struct in6_addr *)opt, target);
486 opt += sizeof(*target);
487 }
488
489 if (llinfo)
490 ndisc_fill_addr_option(opt, llinfo, dev->dev_addr,
491 dev->addr_len, dev->type);
492
493 hdr->icmp6_cksum = csum_ipv6_magic(saddr, daddr, len,
494 IPPROTO_ICMPV6,
495 csum_partial(hdr,
496 len, 0));
497
498 return skb;
499 }
500
501 EXPORT_SYMBOL(ndisc_build_skb);
502
503 void ndisc_send_skb(struct sk_buff *skb,
504 struct net_device *dev,
505 struct neighbour *neigh,
506 const struct in6_addr *daddr,
507 const struct in6_addr *saddr,
508 struct icmp6hdr *icmp6h)
509 {
510 struct flowi6 fl6;
511 struct dst_entry *dst;
512 struct net *net = dev_net(dev);
513 struct sock *sk = net->ipv6.ndisc_sk;
514 struct inet6_dev *idev;
515 int err;
516 u8 type;
517
518 type = icmp6h->icmp6_type;
519
520 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, dev->ifindex);
521
522 dst = icmp6_dst_alloc(dev, neigh, daddr);
523 if (!dst) {
524 kfree_skb(skb);
525 return;
526 }
527
528 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
529 if (IS_ERR(dst)) {
530 kfree_skb(skb);
531 return;
532 }
533
534 skb_dst_set(skb, dst);
535
536 rcu_read_lock();
537 idev = __in6_dev_get(dst->dev);
538 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
539
540 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev,
541 dst_output);
542 if (!err) {
543 ICMP6MSGOUT_INC_STATS(net, idev, type);
544 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
545 }
546
547 rcu_read_unlock();
548 }
549
550 EXPORT_SYMBOL(ndisc_send_skb);
551
552 /*
553 * Send a Neighbour Discover packet
554 */
555 static void __ndisc_send(struct net_device *dev,
556 struct neighbour *neigh,
557 const struct in6_addr *daddr,
558 const struct in6_addr *saddr,
559 struct icmp6hdr *icmp6h, const struct in6_addr *target,
560 int llinfo)
561 {
562 struct sk_buff *skb;
563
564 skb = ndisc_build_skb(dev, daddr, saddr, icmp6h, target, llinfo);
565 if (!skb)
566 return;
567
568 ndisc_send_skb(skb, dev, neigh, daddr, saddr, icmp6h);
569 }
570
571 static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
572 const struct in6_addr *daddr,
573 const struct in6_addr *solicited_addr,
574 int router, int solicited, int override, int inc_opt)
575 {
576 struct in6_addr tmpaddr;
577 struct inet6_ifaddr *ifp;
578 const struct in6_addr *src_addr;
579 struct icmp6hdr icmp6h = {
580 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
581 };
582
583 /* for anycast or proxy, solicited_addr != src_addr */
584 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
585 if (ifp) {
586 src_addr = solicited_addr;
587 if (ifp->flags & IFA_F_OPTIMISTIC)
588 override = 0;
589 inc_opt |= ifp->idev->cnf.force_tllao;
590 in6_ifa_put(ifp);
591 } else {
592 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
593 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
594 &tmpaddr))
595 return;
596 src_addr = &tmpaddr;
597 }
598
599 icmp6h.icmp6_router = router;
600 icmp6h.icmp6_solicited = solicited;
601 icmp6h.icmp6_override = override;
602
603 __ndisc_send(dev, neigh, daddr, src_addr,
604 &icmp6h, solicited_addr,
605 inc_opt ? ND_OPT_TARGET_LL_ADDR : 0);
606 }
607
608 static void ndisc_send_unsol_na(struct net_device *dev)
609 {
610 struct inet6_dev *idev;
611 struct inet6_ifaddr *ifa;
612 struct in6_addr mcaddr;
613
614 idev = in6_dev_get(dev);
615 if (!idev)
616 return;
617
618 read_lock_bh(&idev->lock);
619 list_for_each_entry(ifa, &idev->addr_list, if_list) {
620 addrconf_addr_solict_mult(&ifa->addr, &mcaddr);
621 ndisc_send_na(dev, NULL, &mcaddr, &ifa->addr,
622 /*router=*/ !!idev->cnf.forwarding,
623 /*solicited=*/ false, /*override=*/ true,
624 /*inc_opt=*/ true);
625 }
626 read_unlock_bh(&idev->lock);
627
628 in6_dev_put(idev);
629 }
630
631 void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh,
632 const struct in6_addr *solicit,
633 const struct in6_addr *daddr, const struct in6_addr *saddr)
634 {
635 struct in6_addr addr_buf;
636 struct icmp6hdr icmp6h = {
637 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
638 };
639
640 if (saddr == NULL) {
641 if (ipv6_get_lladdr(dev, &addr_buf,
642 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
643 return;
644 saddr = &addr_buf;
645 }
646
647 __ndisc_send(dev, neigh, daddr, saddr,
648 &icmp6h, solicit,
649 !ipv6_addr_any(saddr) ? ND_OPT_SOURCE_LL_ADDR : 0);
650 }
651
652 void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
653 const struct in6_addr *daddr)
654 {
655 struct icmp6hdr icmp6h = {
656 .icmp6_type = NDISC_ROUTER_SOLICITATION,
657 };
658 int send_sllao = dev->addr_len;
659
660 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
661 /*
662 * According to section 2.2 of RFC 4429, we must not
663 * send router solicitations with a sllao from
664 * optimistic addresses, but we may send the solicitation
665 * if we don't include the sllao. So here we check
666 * if our address is optimistic, and if so, we
667 * suppress the inclusion of the sllao.
668 */
669 if (send_sllao) {
670 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
671 dev, 1);
672 if (ifp) {
673 if (ifp->flags & IFA_F_OPTIMISTIC) {
674 send_sllao = 0;
675 }
676 in6_ifa_put(ifp);
677 } else {
678 send_sllao = 0;
679 }
680 }
681 #endif
682 __ndisc_send(dev, NULL, daddr, saddr,
683 &icmp6h, NULL,
684 send_sllao ? ND_OPT_SOURCE_LL_ADDR : 0);
685 }
686
687
688 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
689 {
690 /*
691 * "The sender MUST return an ICMP
692 * destination unreachable"
693 */
694 dst_link_failure(skb);
695 kfree_skb(skb);
696 }
697
698 /* Called with locked neigh: either read or both */
699
700 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
701 {
702 struct in6_addr *saddr = NULL;
703 struct in6_addr mcaddr;
704 struct net_device *dev = neigh->dev;
705 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
706 int probes = atomic_read(&neigh->probes);
707
708 if (skb && ipv6_chk_addr(dev_net(dev), &ipv6_hdr(skb)->saddr, dev, 1))
709 saddr = &ipv6_hdr(skb)->saddr;
710
711 if ((probes -= neigh->parms->ucast_probes) < 0) {
712 if (!(neigh->nud_state & NUD_VALID)) {
713 ND_PRINTK1(KERN_DEBUG "%s(): trying to ucast probe in NUD_INVALID: %pI6\n",
714 __func__, target);
715 }
716 ndisc_send_ns(dev, neigh, target, target, saddr);
717 } else if ((probes -= neigh->parms->app_probes) < 0) {
718 #ifdef CONFIG_ARPD
719 neigh_app_ns(neigh);
720 #endif
721 } else {
722 addrconf_addr_solict_mult(target, &mcaddr);
723 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr);
724 }
725 }
726
727 static int pndisc_is_router(const void *pkey,
728 struct net_device *dev)
729 {
730 struct pneigh_entry *n;
731 int ret = -1;
732
733 read_lock_bh(&nd_tbl.lock);
734 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
735 if (n)
736 ret = !!(n->flags & NTF_ROUTER);
737 read_unlock_bh(&nd_tbl.lock);
738
739 return ret;
740 }
741
742 static void ndisc_recv_ns(struct sk_buff *skb)
743 {
744 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
745 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
746 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
747 u8 *lladdr = NULL;
748 u32 ndoptlen = skb->tail - (skb->transport_header +
749 offsetof(struct nd_msg, opt));
750 struct ndisc_options ndopts;
751 struct net_device *dev = skb->dev;
752 struct inet6_ifaddr *ifp;
753 struct inet6_dev *idev = NULL;
754 struct neighbour *neigh;
755 int dad = ipv6_addr_any(saddr);
756 int inc;
757 int is_router = -1;
758
759 if (ipv6_addr_is_multicast(&msg->target)) {
760 ND_PRINTK2(KERN_WARNING
761 "ICMPv6 NS: multicast target address");
762 return;
763 }
764
765 /*
766 * RFC2461 7.1.1:
767 * DAD has to be destined for solicited node multicast address.
768 */
769 if (dad &&
770 !(daddr->s6_addr32[0] == htonl(0xff020000) &&
771 daddr->s6_addr32[1] == htonl(0x00000000) &&
772 daddr->s6_addr32[2] == htonl(0x00000001) &&
773 daddr->s6_addr [12] == 0xff )) {
774 ND_PRINTK2(KERN_WARNING
775 "ICMPv6 NS: bad DAD packet (wrong destination)\n");
776 return;
777 }
778
779 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
780 ND_PRINTK2(KERN_WARNING
781 "ICMPv6 NS: invalid ND options\n");
782 return;
783 }
784
785 if (ndopts.nd_opts_src_lladdr) {
786 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
787 if (!lladdr) {
788 ND_PRINTK2(KERN_WARNING
789 "ICMPv6 NS: invalid link-layer address length\n");
790 return;
791 }
792
793 /* RFC2461 7.1.1:
794 * If the IP source address is the unspecified address,
795 * there MUST NOT be source link-layer address option
796 * in the message.
797 */
798 if (dad) {
799 ND_PRINTK2(KERN_WARNING
800 "ICMPv6 NS: bad DAD packet (link-layer address option)\n");
801 return;
802 }
803 }
804
805 inc = ipv6_addr_is_multicast(daddr);
806
807 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
808 if (ifp) {
809
810 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
811 if (dad) {
812 if (dev->type == ARPHRD_IEEE802_TR) {
813 const unsigned char *sadr;
814 sadr = skb_mac_header(skb);
815 if (((sadr[8] ^ dev->dev_addr[0]) & 0x7f) == 0 &&
816 sadr[9] == dev->dev_addr[1] &&
817 sadr[10] == dev->dev_addr[2] &&
818 sadr[11] == dev->dev_addr[3] &&
819 sadr[12] == dev->dev_addr[4] &&
820 sadr[13] == dev->dev_addr[5]) {
821 /* looped-back to us */
822 goto out;
823 }
824 }
825
826 /*
827 * We are colliding with another node
828 * who is doing DAD
829 * so fail our DAD process
830 */
831 addrconf_dad_failure(ifp);
832 return;
833 } else {
834 /*
835 * This is not a dad solicitation.
836 * If we are an optimistic node,
837 * we should respond.
838 * Otherwise, we should ignore it.
839 */
840 if (!(ifp->flags & IFA_F_OPTIMISTIC))
841 goto out;
842 }
843 }
844
845 idev = ifp->idev;
846 } else {
847 struct net *net = dev_net(dev);
848
849 idev = in6_dev_get(dev);
850 if (!idev) {
851 /* XXX: count this drop? */
852 return;
853 }
854
855 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
856 (idev->cnf.forwarding &&
857 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
858 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
859 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
860 skb->pkt_type != PACKET_HOST &&
861 inc != 0 &&
862 idev->nd_parms->proxy_delay != 0) {
863 /*
864 * for anycast or proxy,
865 * sender should delay its response
866 * by a random time between 0 and
867 * MAX_ANYCAST_DELAY_TIME seconds.
868 * (RFC2461) -- yoshfuji
869 */
870 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
871 if (n)
872 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
873 goto out;
874 }
875 } else
876 goto out;
877 }
878
879 if (is_router < 0)
880 is_router = !!idev->cnf.forwarding;
881
882 if (dad) {
883 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &msg->target,
884 is_router, 0, (ifp != NULL), 1);
885 goto out;
886 }
887
888 if (inc)
889 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
890 else
891 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
892
893 /*
894 * update / create cache entry
895 * for the source address
896 */
897 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
898 !inc || lladdr || !dev->addr_len);
899 if (neigh)
900 neigh_update(neigh, lladdr, NUD_STALE,
901 NEIGH_UPDATE_F_WEAK_OVERRIDE|
902 NEIGH_UPDATE_F_OVERRIDE);
903 if (neigh || !dev->header_ops) {
904 ndisc_send_na(dev, neigh, saddr, &msg->target,
905 is_router,
906 1, (ifp != NULL && inc), inc);
907 if (neigh)
908 neigh_release(neigh);
909 }
910
911 out:
912 if (ifp)
913 in6_ifa_put(ifp);
914 else
915 in6_dev_put(idev);
916 }
917
918 static void ndisc_recv_na(struct sk_buff *skb)
919 {
920 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
921 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
922 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
923 u8 *lladdr = NULL;
924 u32 ndoptlen = skb->tail - (skb->transport_header +
925 offsetof(struct nd_msg, opt));
926 struct ndisc_options ndopts;
927 struct net_device *dev = skb->dev;
928 struct inet6_ifaddr *ifp;
929 struct neighbour *neigh;
930
931 if (skb->len < sizeof(struct nd_msg)) {
932 ND_PRINTK2(KERN_WARNING
933 "ICMPv6 NA: packet too short\n");
934 return;
935 }
936
937 if (ipv6_addr_is_multicast(&msg->target)) {
938 ND_PRINTK2(KERN_WARNING
939 "ICMPv6 NA: target address is multicast.\n");
940 return;
941 }
942
943 if (ipv6_addr_is_multicast(daddr) &&
944 msg->icmph.icmp6_solicited) {
945 ND_PRINTK2(KERN_WARNING
946 "ICMPv6 NA: solicited NA is multicasted.\n");
947 return;
948 }
949
950 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
951 ND_PRINTK2(KERN_WARNING
952 "ICMPv6 NS: invalid ND option\n");
953 return;
954 }
955 if (ndopts.nd_opts_tgt_lladdr) {
956 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
957 if (!lladdr) {
958 ND_PRINTK2(KERN_WARNING
959 "ICMPv6 NA: invalid link-layer address length\n");
960 return;
961 }
962 }
963 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
964 if (ifp) {
965 if (skb->pkt_type != PACKET_LOOPBACK
966 && (ifp->flags & IFA_F_TENTATIVE)) {
967 addrconf_dad_failure(ifp);
968 return;
969 }
970 /* What should we make now? The advertisement
971 is invalid, but ndisc specs say nothing
972 about it. It could be misconfiguration, or
973 an smart proxy agent tries to help us :-)
974
975 We should not print the error if NA has been
976 received from loopback - it is just our own
977 unsolicited advertisement.
978 */
979 if (skb->pkt_type != PACKET_LOOPBACK)
980 ND_PRINTK1(KERN_WARNING
981 "ICMPv6 NA: someone advertises our address %pI6 on %s!\n",
982 &ifp->addr, ifp->idev->dev->name);
983 in6_ifa_put(ifp);
984 return;
985 }
986 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
987
988 if (neigh) {
989 u8 old_flags = neigh->flags;
990 struct net *net = dev_net(dev);
991
992 if (neigh->nud_state & NUD_FAILED)
993 goto out;
994
995 /*
996 * Don't update the neighbor cache entry on a proxy NA from
997 * ourselves because either the proxied node is off link or it
998 * has already sent a NA to us.
999 */
1000 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
1001 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
1002 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
1003 /* XXX: idev->cnf.prixy_ndp */
1004 goto out;
1005 }
1006
1007 neigh_update(neigh, lladdr,
1008 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
1009 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1010 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
1011 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1012 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0));
1013
1014 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
1015 /*
1016 * Change: router to host
1017 */
1018 struct rt6_info *rt;
1019 rt = rt6_get_dflt_router(saddr, dev);
1020 if (rt)
1021 ip6_del_rt(rt);
1022 }
1023
1024 out:
1025 neigh_release(neigh);
1026 }
1027 }
1028
1029 static void ndisc_recv_rs(struct sk_buff *skb)
1030 {
1031 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
1032 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
1033 struct neighbour *neigh;
1034 struct inet6_dev *idev;
1035 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
1036 struct ndisc_options ndopts;
1037 u8 *lladdr = NULL;
1038
1039 if (skb->len < sizeof(*rs_msg))
1040 return;
1041
1042 idev = __in6_dev_get(skb->dev);
1043 if (!idev) {
1044 if (net_ratelimit())
1045 ND_PRINTK1("ICMP6 RS: can't find in6 device\n");
1046 return;
1047 }
1048
1049 /* Don't accept RS if we're not in router mode */
1050 if (!idev->cnf.forwarding)
1051 goto out;
1052
1053 /*
1054 * Don't update NCE if src = ::;
1055 * this implies that the source node has no ip address assigned yet.
1056 */
1057 if (ipv6_addr_any(saddr))
1058 goto out;
1059
1060 /* Parse ND options */
1061 if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) {
1062 if (net_ratelimit())
1063 ND_PRINTK2("ICMP6 NS: invalid ND option, ignored\n");
1064 goto out;
1065 }
1066
1067 if (ndopts.nd_opts_src_lladdr) {
1068 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1069 skb->dev);
1070 if (!lladdr)
1071 goto out;
1072 }
1073
1074 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1075 if (neigh) {
1076 neigh_update(neigh, lladdr, NUD_STALE,
1077 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1078 NEIGH_UPDATE_F_OVERRIDE|
1079 NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
1080 neigh_release(neigh);
1081 }
1082 out:
1083 return;
1084 }
1085
1086 static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1087 {
1088 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1089 struct sk_buff *skb;
1090 struct nlmsghdr *nlh;
1091 struct nduseroptmsg *ndmsg;
1092 struct net *net = dev_net(ra->dev);
1093 int err;
1094 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1095 + (opt->nd_opt_len << 3));
1096 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1097
1098 skb = nlmsg_new(msg_size, GFP_ATOMIC);
1099 if (skb == NULL) {
1100 err = -ENOBUFS;
1101 goto errout;
1102 }
1103
1104 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1105 if (nlh == NULL) {
1106 goto nla_put_failure;
1107 }
1108
1109 ndmsg = nlmsg_data(nlh);
1110 ndmsg->nduseropt_family = AF_INET6;
1111 ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1112 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1113 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1114 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1115
1116 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1117
1118 NLA_PUT(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr),
1119 &ipv6_hdr(ra)->saddr);
1120 nlmsg_end(skb, nlh);
1121
1122 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1123 return;
1124
1125 nla_put_failure:
1126 nlmsg_free(skb);
1127 err = -EMSGSIZE;
1128 errout:
1129 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1130 }
1131
1132 static inline int accept_ra(struct inet6_dev *in6_dev)
1133 {
1134 /*
1135 * If forwarding is enabled, RA are not accepted unless the special
1136 * hybrid mode (accept_ra=2) is enabled.
1137 */
1138 if (in6_dev->cnf.forwarding && in6_dev->cnf.accept_ra < 2)
1139 return 0;
1140
1141 return in6_dev->cnf.accept_ra;
1142 }
1143
1144 static void ndisc_router_discovery(struct sk_buff *skb)
1145 {
1146 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1147 struct neighbour *neigh = NULL;
1148 struct inet6_dev *in6_dev;
1149 struct rt6_info *rt = NULL;
1150 int lifetime;
1151 struct ndisc_options ndopts;
1152 int optlen;
1153 unsigned int pref = 0;
1154
1155 __u8 * opt = (__u8 *)(ra_msg + 1);
1156
1157 optlen = (skb->tail - skb->transport_header) - sizeof(struct ra_msg);
1158
1159 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1160 ND_PRINTK2(KERN_WARNING
1161 "ICMPv6 RA: source address is not link-local.\n");
1162 return;
1163 }
1164 if (optlen < 0) {
1165 ND_PRINTK2(KERN_WARNING
1166 "ICMPv6 RA: packet too short\n");
1167 return;
1168 }
1169
1170 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1171 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1172 ND_PRINTK2(KERN_WARNING
1173 "ICMPv6 RA: from host or unauthorized router\n");
1174 return;
1175 }
1176 #endif
1177
1178 /*
1179 * set the RA_RECV flag in the interface
1180 */
1181
1182 in6_dev = __in6_dev_get(skb->dev);
1183 if (in6_dev == NULL) {
1184 ND_PRINTK0(KERN_ERR
1185 "ICMPv6 RA: can't find inet6 device for %s.\n",
1186 skb->dev->name);
1187 return;
1188 }
1189
1190 if (!ndisc_parse_options(opt, optlen, &ndopts)) {
1191 ND_PRINTK2(KERN_WARNING
1192 "ICMP6 RA: invalid ND options\n");
1193 return;
1194 }
1195
1196 if (!accept_ra(in6_dev))
1197 goto skip_linkparms;
1198
1199 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1200 /* skip link-specific parameters from interior routers */
1201 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1202 goto skip_linkparms;
1203 #endif
1204
1205 if (in6_dev->if_flags & IF_RS_SENT) {
1206 /*
1207 * flag that an RA was received after an RS was sent
1208 * out on this interface.
1209 */
1210 in6_dev->if_flags |= IF_RA_RCVD;
1211 }
1212
1213 /*
1214 * Remember the managed/otherconf flags from most recently
1215 * received RA message (RFC 2462) -- yoshfuji
1216 */
1217 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1218 IF_RA_OTHERCONF)) |
1219 (ra_msg->icmph.icmp6_addrconf_managed ?
1220 IF_RA_MANAGED : 0) |
1221 (ra_msg->icmph.icmp6_addrconf_other ?
1222 IF_RA_OTHERCONF : 0);
1223
1224 if (!in6_dev->cnf.accept_ra_defrtr)
1225 goto skip_defrtr;
1226
1227 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1228
1229 #ifdef CONFIG_IPV6_ROUTER_PREF
1230 pref = ra_msg->icmph.icmp6_router_pref;
1231 /* 10b is handled as if it were 00b (medium) */
1232 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1233 !in6_dev->cnf.accept_ra_rtr_pref)
1234 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1235 #endif
1236
1237 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1238
1239 if (rt)
1240 neigh = dst_get_neighbour(&rt->dst);
1241
1242 if (rt && lifetime == 0) {
1243 neigh_clone(neigh);
1244 ip6_del_rt(rt);
1245 rt = NULL;
1246 }
1247
1248 if (rt == NULL && lifetime) {
1249 ND_PRINTK3(KERN_DEBUG
1250 "ICMPv6 RA: adding default router.\n");
1251
1252 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
1253 if (rt == NULL) {
1254 ND_PRINTK0(KERN_ERR
1255 "ICMPv6 RA: %s() failed to add default route.\n",
1256 __func__);
1257 return;
1258 }
1259
1260 neigh = dst_get_neighbour(&rt->dst);
1261 if (neigh == NULL) {
1262 ND_PRINTK0(KERN_ERR
1263 "ICMPv6 RA: %s() got default router without neighbour.\n",
1264 __func__);
1265 dst_release(&rt->dst);
1266 return;
1267 }
1268 neigh->flags |= NTF_ROUTER;
1269 } else if (rt) {
1270 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1271 }
1272
1273 if (rt)
1274 rt->rt6i_expires = jiffies + (HZ * lifetime);
1275
1276 if (ra_msg->icmph.icmp6_hop_limit) {
1277 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1278 if (rt)
1279 dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
1280 ra_msg->icmph.icmp6_hop_limit);
1281 }
1282
1283 skip_defrtr:
1284
1285 /*
1286 * Update Reachable Time and Retrans Timer
1287 */
1288
1289 if (in6_dev->nd_parms) {
1290 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1291
1292 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1293 rtime = (rtime*HZ)/1000;
1294 if (rtime < HZ/10)
1295 rtime = HZ/10;
1296 in6_dev->nd_parms->retrans_time = rtime;
1297 in6_dev->tstamp = jiffies;
1298 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1299 }
1300
1301 rtime = ntohl(ra_msg->reachable_time);
1302 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1303 rtime = (rtime*HZ)/1000;
1304
1305 if (rtime < HZ/10)
1306 rtime = HZ/10;
1307
1308 if (rtime != in6_dev->nd_parms->base_reachable_time) {
1309 in6_dev->nd_parms->base_reachable_time = rtime;
1310 in6_dev->nd_parms->gc_staletime = 3 * rtime;
1311 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1312 in6_dev->tstamp = jiffies;
1313 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1314 }
1315 }
1316 }
1317
1318 skip_linkparms:
1319
1320 /*
1321 * Process options.
1322 */
1323
1324 if (!neigh)
1325 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1326 skb->dev, 1);
1327 if (neigh) {
1328 u8 *lladdr = NULL;
1329 if (ndopts.nd_opts_src_lladdr) {
1330 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1331 skb->dev);
1332 if (!lladdr) {
1333 ND_PRINTK2(KERN_WARNING
1334 "ICMPv6 RA: invalid link-layer address length\n");
1335 goto out;
1336 }
1337 }
1338 neigh_update(neigh, lladdr, NUD_STALE,
1339 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1340 NEIGH_UPDATE_F_OVERRIDE|
1341 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1342 NEIGH_UPDATE_F_ISROUTER);
1343 }
1344
1345 if (!accept_ra(in6_dev))
1346 goto out;
1347
1348 #ifdef CONFIG_IPV6_ROUTE_INFO
1349 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1350 struct nd_opt_hdr *p;
1351 for (p = ndopts.nd_opts_ri;
1352 p;
1353 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1354 struct route_info *ri = (struct route_info *)p;
1355 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1356 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1357 ri->prefix_len == 0)
1358 continue;
1359 #endif
1360 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1361 continue;
1362 rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3,
1363 &ipv6_hdr(skb)->saddr);
1364 }
1365 }
1366 #endif
1367
1368 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1369 /* skip link-specific ndopts from interior routers */
1370 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1371 goto out;
1372 #endif
1373
1374 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1375 struct nd_opt_hdr *p;
1376 for (p = ndopts.nd_opts_pi;
1377 p;
1378 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1379 addrconf_prefix_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3);
1380 }
1381 }
1382
1383 if (ndopts.nd_opts_mtu) {
1384 __be32 n;
1385 u32 mtu;
1386
1387 memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1388 mtu = ntohl(n);
1389
1390 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1391 ND_PRINTK2(KERN_WARNING
1392 "ICMPv6 RA: invalid mtu: %d\n",
1393 mtu);
1394 } else if (in6_dev->cnf.mtu6 != mtu) {
1395 in6_dev->cnf.mtu6 = mtu;
1396
1397 if (rt)
1398 dst_metric_set(&rt->dst, RTAX_MTU, mtu);
1399
1400 rt6_mtu_change(skb->dev, mtu);
1401 }
1402 }
1403
1404 if (ndopts.nd_useropts) {
1405 struct nd_opt_hdr *p;
1406 for (p = ndopts.nd_useropts;
1407 p;
1408 p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) {
1409 ndisc_ra_useropt(skb, p);
1410 }
1411 }
1412
1413 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1414 ND_PRINTK2(KERN_WARNING
1415 "ICMPv6 RA: invalid RA options");
1416 }
1417 out:
1418 if (rt)
1419 dst_release(&rt->dst);
1420 else if (neigh)
1421 neigh_release(neigh);
1422 }
1423
1424 static void ndisc_redirect_rcv(struct sk_buff *skb)
1425 {
1426 struct inet6_dev *in6_dev;
1427 struct icmp6hdr *icmph;
1428 const struct in6_addr *dest;
1429 const struct in6_addr *target; /* new first hop to destination */
1430 struct neighbour *neigh;
1431 int on_link = 0;
1432 struct ndisc_options ndopts;
1433 int optlen;
1434 u8 *lladdr = NULL;
1435
1436 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1437 switch (skb->ndisc_nodetype) {
1438 case NDISC_NODETYPE_HOST:
1439 case NDISC_NODETYPE_NODEFAULT:
1440 ND_PRINTK2(KERN_WARNING
1441 "ICMPv6 Redirect: from host or unauthorized router\n");
1442 return;
1443 }
1444 #endif
1445
1446 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1447 ND_PRINTK2(KERN_WARNING
1448 "ICMPv6 Redirect: source address is not link-local.\n");
1449 return;
1450 }
1451
1452 optlen = skb->tail - skb->transport_header;
1453 optlen -= sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1454
1455 if (optlen < 0) {
1456 ND_PRINTK2(KERN_WARNING
1457 "ICMPv6 Redirect: packet too short\n");
1458 return;
1459 }
1460
1461 icmph = icmp6_hdr(skb);
1462 target = (const struct in6_addr *) (icmph + 1);
1463 dest = target + 1;
1464
1465 if (ipv6_addr_is_multicast(dest)) {
1466 ND_PRINTK2(KERN_WARNING
1467 "ICMPv6 Redirect: destination address is multicast.\n");
1468 return;
1469 }
1470
1471 if (ipv6_addr_equal(dest, target)) {
1472 on_link = 1;
1473 } else if (ipv6_addr_type(target) !=
1474 (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1475 ND_PRINTK2(KERN_WARNING
1476 "ICMPv6 Redirect: target address is not link-local unicast.\n");
1477 return;
1478 }
1479
1480 in6_dev = __in6_dev_get(skb->dev);
1481 if (!in6_dev)
1482 return;
1483 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects)
1484 return;
1485
1486 /* RFC2461 8.1:
1487 * The IP source address of the Redirect MUST be the same as the current
1488 * first-hop router for the specified ICMP Destination Address.
1489 */
1490
1491 if (!ndisc_parse_options((u8*)(dest + 1), optlen, &ndopts)) {
1492 ND_PRINTK2(KERN_WARNING
1493 "ICMPv6 Redirect: invalid ND options\n");
1494 return;
1495 }
1496 if (ndopts.nd_opts_tgt_lladdr) {
1497 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr,
1498 skb->dev);
1499 if (!lladdr) {
1500 ND_PRINTK2(KERN_WARNING
1501 "ICMPv6 Redirect: invalid link-layer address length\n");
1502 return;
1503 }
1504 }
1505
1506 neigh = __neigh_lookup(&nd_tbl, target, skb->dev, 1);
1507 if (neigh) {
1508 rt6_redirect(dest, &ipv6_hdr(skb)->daddr,
1509 &ipv6_hdr(skb)->saddr, neigh, lladdr,
1510 on_link);
1511 neigh_release(neigh);
1512 }
1513 }
1514
1515 void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh,
1516 const struct in6_addr *target)
1517 {
1518 struct net_device *dev = skb->dev;
1519 struct net *net = dev_net(dev);
1520 struct sock *sk = net->ipv6.ndisc_sk;
1521 int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1522 struct sk_buff *buff;
1523 struct icmp6hdr *icmph;
1524 struct in6_addr saddr_buf;
1525 struct in6_addr *addrp;
1526 struct rt6_info *rt;
1527 struct dst_entry *dst;
1528 struct inet6_dev *idev;
1529 struct flowi6 fl6;
1530 u8 *opt;
1531 int rd_len;
1532 int err;
1533 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL;
1534
1535 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1536 ND_PRINTK2(KERN_WARNING
1537 "ICMPv6 Redirect: no link-local address on %s\n",
1538 dev->name);
1539 return;
1540 }
1541
1542 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1543 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1544 ND_PRINTK2(KERN_WARNING
1545 "ICMPv6 Redirect: target address is not link-local unicast.\n");
1546 return;
1547 }
1548
1549 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1550 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1551
1552 dst = ip6_route_output(net, NULL, &fl6);
1553 if (dst == NULL)
1554 return;
1555
1556 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1557 if (IS_ERR(dst))
1558 return;
1559
1560 rt = (struct rt6_info *) dst;
1561
1562 if (rt->rt6i_flags & RTF_GATEWAY) {
1563 ND_PRINTK2(KERN_WARNING
1564 "ICMPv6 Redirect: destination is not a neighbour.\n");
1565 goto release;
1566 }
1567 if (!rt->rt6i_peer)
1568 rt6_bind_peer(rt, 1);
1569 if (inet_peer_xrlim_allow(rt->rt6i_peer, 1*HZ))
1570 goto release;
1571
1572 if (dev->addr_len) {
1573 read_lock_bh(&neigh->lock);
1574 if (neigh->nud_state & NUD_VALID) {
1575 memcpy(ha_buf, neigh->ha, dev->addr_len);
1576 read_unlock_bh(&neigh->lock);
1577 ha = ha_buf;
1578 len += ndisc_opt_addr_space(dev);
1579 } else
1580 read_unlock_bh(&neigh->lock);
1581 }
1582
1583 rd_len = min_t(unsigned int,
1584 IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8);
1585 rd_len &= ~0x7;
1586 len += rd_len;
1587
1588 buff = sock_alloc_send_skb(sk,
1589 (MAX_HEADER + sizeof(struct ipv6hdr) +
1590 len + LL_ALLOCATED_SPACE(dev)),
1591 1, &err);
1592 if (buff == NULL) {
1593 ND_PRINTK0(KERN_ERR
1594 "ICMPv6 Redirect: %s() failed to allocate an skb, err=%d.\n",
1595 __func__, err);
1596 goto release;
1597 }
1598
1599 skb_reserve(buff, LL_RESERVED_SPACE(dev));
1600 ip6_nd_hdr(sk, buff, dev, &saddr_buf, &ipv6_hdr(skb)->saddr,
1601 IPPROTO_ICMPV6, len);
1602
1603 skb_set_transport_header(buff, skb_tail_pointer(buff) - buff->data);
1604 skb_put(buff, len);
1605 icmph = icmp6_hdr(buff);
1606
1607 memset(icmph, 0, sizeof(struct icmp6hdr));
1608 icmph->icmp6_type = NDISC_REDIRECT;
1609
1610 /*
1611 * copy target and destination addresses
1612 */
1613
1614 addrp = (struct in6_addr *)(icmph + 1);
1615 ipv6_addr_copy(addrp, target);
1616 addrp++;
1617 ipv6_addr_copy(addrp, &ipv6_hdr(skb)->daddr);
1618
1619 opt = (u8*) (addrp + 1);
1620
1621 /*
1622 * include target_address option
1623 */
1624
1625 if (ha)
1626 opt = ndisc_fill_addr_option(opt, ND_OPT_TARGET_LL_ADDR, ha,
1627 dev->addr_len, dev->type);
1628
1629 /*
1630 * build redirect option and copy skb over to the new packet.
1631 */
1632
1633 memset(opt, 0, 8);
1634 *(opt++) = ND_OPT_REDIRECT_HDR;
1635 *(opt++) = (rd_len >> 3);
1636 opt += 6;
1637
1638 memcpy(opt, ipv6_hdr(skb), rd_len - 8);
1639
1640 icmph->icmp6_cksum = csum_ipv6_magic(&saddr_buf, &ipv6_hdr(skb)->saddr,
1641 len, IPPROTO_ICMPV6,
1642 csum_partial(icmph, len, 0));
1643
1644 skb_dst_set(buff, dst);
1645 rcu_read_lock();
1646 idev = __in6_dev_get(dst->dev);
1647 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
1648 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, buff, NULL, dst->dev,
1649 dst_output);
1650 if (!err) {
1651 ICMP6MSGOUT_INC_STATS(net, idev, NDISC_REDIRECT);
1652 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
1653 }
1654
1655 rcu_read_unlock();
1656 return;
1657
1658 release:
1659 dst_release(dst);
1660 }
1661
1662 static void pndisc_redo(struct sk_buff *skb)
1663 {
1664 ndisc_recv_ns(skb);
1665 kfree_skb(skb);
1666 }
1667
1668 int ndisc_rcv(struct sk_buff *skb)
1669 {
1670 struct nd_msg *msg;
1671
1672 if (!pskb_may_pull(skb, skb->len))
1673 return 0;
1674
1675 msg = (struct nd_msg *)skb_transport_header(skb);
1676
1677 __skb_push(skb, skb->data - skb_transport_header(skb));
1678
1679 if (ipv6_hdr(skb)->hop_limit != 255) {
1680 ND_PRINTK2(KERN_WARNING
1681 "ICMPv6 NDISC: invalid hop-limit: %d\n",
1682 ipv6_hdr(skb)->hop_limit);
1683 return 0;
1684 }
1685
1686 if (msg->icmph.icmp6_code != 0) {
1687 ND_PRINTK2(KERN_WARNING
1688 "ICMPv6 NDISC: invalid ICMPv6 code: %d\n",
1689 msg->icmph.icmp6_code);
1690 return 0;
1691 }
1692
1693 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1694
1695 switch (msg->icmph.icmp6_type) {
1696 case NDISC_NEIGHBOUR_SOLICITATION:
1697 ndisc_recv_ns(skb);
1698 break;
1699
1700 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1701 ndisc_recv_na(skb);
1702 break;
1703
1704 case NDISC_ROUTER_SOLICITATION:
1705 ndisc_recv_rs(skb);
1706 break;
1707
1708 case NDISC_ROUTER_ADVERTISEMENT:
1709 ndisc_router_discovery(skb);
1710 break;
1711
1712 case NDISC_REDIRECT:
1713 ndisc_redirect_rcv(skb);
1714 break;
1715 }
1716
1717 return 0;
1718 }
1719
1720 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1721 {
1722 struct net_device *dev = ptr;
1723 struct net *net = dev_net(dev);
1724
1725 switch (event) {
1726 case NETDEV_CHANGEADDR:
1727 neigh_changeaddr(&nd_tbl, dev);
1728 fib6_run_gc(~0UL, net);
1729 break;
1730 case NETDEV_DOWN:
1731 neigh_ifdown(&nd_tbl, dev);
1732 fib6_run_gc(~0UL, net);
1733 break;
1734 case NETDEV_NOTIFY_PEERS:
1735 ndisc_send_unsol_na(dev);
1736 break;
1737 default:
1738 break;
1739 }
1740
1741 return NOTIFY_DONE;
1742 }
1743
1744 static struct notifier_block ndisc_netdev_notifier = {
1745 .notifier_call = ndisc_netdev_event,
1746 };
1747
1748 #ifdef CONFIG_SYSCTL
1749 static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1750 const char *func, const char *dev_name)
1751 {
1752 static char warncomm[TASK_COMM_LEN];
1753 static int warned;
1754 if (strcmp(warncomm, current->comm) && warned < 5) {
1755 strcpy(warncomm, current->comm);
1756 printk(KERN_WARNING
1757 "process `%s' is using deprecated sysctl (%s) "
1758 "net.ipv6.neigh.%s.%s; "
1759 "Use net.ipv6.neigh.%s.%s_ms "
1760 "instead.\n",
1761 warncomm, func,
1762 dev_name, ctl->procname,
1763 dev_name, ctl->procname);
1764 warned++;
1765 }
1766 }
1767
1768 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
1769 {
1770 struct net_device *dev = ctl->extra1;
1771 struct inet6_dev *idev;
1772 int ret;
1773
1774 if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1775 (strcmp(ctl->procname, "base_reachable_time") == 0))
1776 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1777
1778 if (strcmp(ctl->procname, "retrans_time") == 0)
1779 ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
1780
1781 else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1782 ret = proc_dointvec_jiffies(ctl, write,
1783 buffer, lenp, ppos);
1784
1785 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1786 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1787 ret = proc_dointvec_ms_jiffies(ctl, write,
1788 buffer, lenp, ppos);
1789 else
1790 ret = -1;
1791
1792 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1793 if (ctl->data == &idev->nd_parms->base_reachable_time)
1794 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time);
1795 idev->tstamp = jiffies;
1796 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1797 in6_dev_put(idev);
1798 }
1799 return ret;
1800 }
1801
1802
1803 #endif
1804
1805 static int __net_init ndisc_net_init(struct net *net)
1806 {
1807 struct ipv6_pinfo *np;
1808 struct sock *sk;
1809 int err;
1810
1811 err = inet_ctl_sock_create(&sk, PF_INET6,
1812 SOCK_RAW, IPPROTO_ICMPV6, net);
1813 if (err < 0) {
1814 ND_PRINTK0(KERN_ERR
1815 "ICMPv6 NDISC: Failed to initialize the control socket (err %d).\n",
1816 err);
1817 return err;
1818 }
1819
1820 net->ipv6.ndisc_sk = sk;
1821
1822 np = inet6_sk(sk);
1823 np->hop_limit = 255;
1824 /* Do not loopback ndisc messages */
1825 np->mc_loop = 0;
1826
1827 return 0;
1828 }
1829
1830 static void __net_exit ndisc_net_exit(struct net *net)
1831 {
1832 inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1833 }
1834
1835 static struct pernet_operations ndisc_net_ops = {
1836 .init = ndisc_net_init,
1837 .exit = ndisc_net_exit,
1838 };
1839
1840 int __init ndisc_init(void)
1841 {
1842 int err;
1843
1844 err = register_pernet_subsys(&ndisc_net_ops);
1845 if (err)
1846 return err;
1847 /*
1848 * Initialize the neighbour table
1849 */
1850 neigh_table_init(&nd_tbl);
1851
1852 #ifdef CONFIG_SYSCTL
1853 err = neigh_sysctl_register(NULL, &nd_tbl.parms, "ipv6",
1854 &ndisc_ifinfo_sysctl_change);
1855 if (err)
1856 goto out_unregister_pernet;
1857 #endif
1858 err = register_netdevice_notifier(&ndisc_netdev_notifier);
1859 if (err)
1860 goto out_unregister_sysctl;
1861 out:
1862 return err;
1863
1864 out_unregister_sysctl:
1865 #ifdef CONFIG_SYSCTL
1866 neigh_sysctl_unregister(&nd_tbl.parms);
1867 out_unregister_pernet:
1868 #endif
1869 unregister_pernet_subsys(&ndisc_net_ops);
1870 goto out;
1871 }
1872
1873 void ndisc_cleanup(void)
1874 {
1875 unregister_netdevice_notifier(&ndisc_netdev_notifier);
1876 #ifdef CONFIG_SYSCTL
1877 neigh_sysctl_unregister(&nd_tbl.parms);
1878 #endif
1879 neigh_table_clear(&nd_tbl);
1880 unregister_pernet_subsys(&ndisc_net_ops);
1881 }
linux-next