Linux 2.6.25.20
[linux/fpc-iii.git] / net / ipv6 / ndisc.c
blob452a2ac4eec8ca58d4083b05dc4756224bb7f95c
1 /*
2 * Neighbour Discovery for IPv6
3 * Linux INET6 implementation
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 * Mike Shaver <shaver@ingenia.com>
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version
12 * 2 of the License, or (at your option) any later version.
16 * Changes:
18 * Pierre Ynard : export userland ND options
19 * through netlink (RDNSS support)
20 * Lars Fenneberg : fixed MTU setting on receipt
21 * of an RA.
22 * Janos Farkas : kmalloc failure checks
23 * Alexey Kuznetsov : state machine reworked
24 * and moved to net/core.
25 * Pekka Savola : RFC2461 validation
26 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly
29 /* Set to 3 to get tracing... */
30 #define ND_DEBUG 1
32 #define ND_PRINTK(fmt, args...) do { if (net_ratelimit()) { printk(fmt, ## args); } } while(0)
33 #define ND_NOPRINTK(x...) do { ; } while(0)
34 #define ND_PRINTK0 ND_PRINTK
35 #define ND_PRINTK1 ND_NOPRINTK
36 #define ND_PRINTK2 ND_NOPRINTK
37 #define ND_PRINTK3 ND_NOPRINTK
38 #if ND_DEBUG >= 1
39 #undef ND_PRINTK1
40 #define ND_PRINTK1 ND_PRINTK
41 #endif
42 #if ND_DEBUG >= 2
43 #undef ND_PRINTK2
44 #define ND_PRINTK2 ND_PRINTK
45 #endif
46 #if ND_DEBUG >= 3
47 #undef ND_PRINTK3
48 #define ND_PRINTK3 ND_PRINTK
49 #endif
51 #include <linux/module.h>
52 #include <linux/errno.h>
53 #include <linux/types.h>
54 #include <linux/socket.h>
55 #include <linux/sockios.h>
56 #include <linux/sched.h>
57 #include <linux/net.h>
58 #include <linux/in6.h>
59 #include <linux/route.h>
60 #include <linux/init.h>
61 #include <linux/rcupdate.h>
62 #ifdef CONFIG_SYSCTL
63 #include <linux/sysctl.h>
64 #endif
66 #include <linux/if_addr.h>
67 #include <linux/if_arp.h>
68 #include <linux/ipv6.h>
69 #include <linux/icmpv6.h>
70 #include <linux/jhash.h>
72 #include <net/sock.h>
73 #include <net/snmp.h>
75 #include <net/ipv6.h>
76 #include <net/protocol.h>
77 #include <net/ndisc.h>
78 #include <net/ip6_route.h>
79 #include <net/addrconf.h>
80 #include <net/icmp.h>
82 #include <net/netlink.h>
83 #include <linux/rtnetlink.h>
85 #include <net/flow.h>
86 #include <net/ip6_checksum.h>
87 #include <linux/proc_fs.h>
89 #include <linux/netfilter.h>
90 #include <linux/netfilter_ipv6.h>
92 static struct socket *ndisc_socket;
94 static u32 ndisc_hash(const void *pkey, const struct net_device *dev);
95 static int ndisc_constructor(struct neighbour *neigh);
96 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
97 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
98 static int pndisc_constructor(struct pneigh_entry *n);
99 static void pndisc_destructor(struct pneigh_entry *n);
100 static void pndisc_redo(struct sk_buff *skb);
102 static struct neigh_ops ndisc_generic_ops = {
103 .family = AF_INET6,
104 .solicit = ndisc_solicit,
105 .error_report = ndisc_error_report,
106 .output = neigh_resolve_output,
107 .connected_output = neigh_connected_output,
108 .hh_output = dev_queue_xmit,
109 .queue_xmit = dev_queue_xmit,
112 static struct neigh_ops ndisc_hh_ops = {
113 .family = AF_INET6,
114 .solicit = ndisc_solicit,
115 .error_report = ndisc_error_report,
116 .output = neigh_resolve_output,
117 .connected_output = neigh_resolve_output,
118 .hh_output = dev_queue_xmit,
119 .queue_xmit = dev_queue_xmit,
123 static struct neigh_ops ndisc_direct_ops = {
124 .family = AF_INET6,
125 .output = dev_queue_xmit,
126 .connected_output = dev_queue_xmit,
127 .hh_output = dev_queue_xmit,
128 .queue_xmit = dev_queue_xmit,
131 struct neigh_table nd_tbl = {
132 .family = AF_INET6,
133 .entry_size = sizeof(struct neighbour) + sizeof(struct in6_addr),
134 .key_len = sizeof(struct in6_addr),
135 .hash = ndisc_hash,
136 .constructor = ndisc_constructor,
137 .pconstructor = pndisc_constructor,
138 .pdestructor = pndisc_destructor,
139 .proxy_redo = pndisc_redo,
140 .id = "ndisc_cache",
141 .parms = {
142 .tbl = &nd_tbl,
143 .base_reachable_time = 30 * HZ,
144 .retrans_time = 1 * HZ,
145 .gc_staletime = 60 * HZ,
146 .reachable_time = 30 * HZ,
147 .delay_probe_time = 5 * HZ,
148 .queue_len = 3,
149 .ucast_probes = 3,
150 .mcast_probes = 3,
151 .anycast_delay = 1 * HZ,
152 .proxy_delay = (8 * HZ) / 10,
153 .proxy_qlen = 64,
155 .gc_interval = 30 * HZ,
156 .gc_thresh1 = 128,
157 .gc_thresh2 = 512,
158 .gc_thresh3 = 1024,
161 /* ND options */
162 struct ndisc_options {
163 struct nd_opt_hdr *nd_opt_array[__ND_OPT_ARRAY_MAX];
164 #ifdef CONFIG_IPV6_ROUTE_INFO
165 struct nd_opt_hdr *nd_opts_ri;
166 struct nd_opt_hdr *nd_opts_ri_end;
167 #endif
168 struct nd_opt_hdr *nd_useropts;
169 struct nd_opt_hdr *nd_useropts_end;
172 #define nd_opts_src_lladdr nd_opt_array[ND_OPT_SOURCE_LL_ADDR]
173 #define nd_opts_tgt_lladdr nd_opt_array[ND_OPT_TARGET_LL_ADDR]
174 #define nd_opts_pi nd_opt_array[ND_OPT_PREFIX_INFO]
175 #define nd_opts_pi_end nd_opt_array[__ND_OPT_PREFIX_INFO_END]
176 #define nd_opts_rh nd_opt_array[ND_OPT_REDIRECT_HDR]
177 #define nd_opts_mtu nd_opt_array[ND_OPT_MTU]
179 #define NDISC_OPT_SPACE(len) (((len)+2+7)&~7)
182 * Return the padding between the option length and the start of the
183 * link addr. Currently only IP-over-InfiniBand needs this, although
184 * if RFC 3831 IPv6-over-Fibre Channel is ever implemented it may
185 * also need a pad of 2.
187 static int ndisc_addr_option_pad(unsigned short type)
189 switch (type) {
190 case ARPHRD_INFINIBAND: return 2;
191 default: return 0;
195 static inline int ndisc_opt_addr_space(struct net_device *dev)
197 return NDISC_OPT_SPACE(dev->addr_len + ndisc_addr_option_pad(dev->type));
200 static u8 *ndisc_fill_addr_option(u8 *opt, int type, void *data, int data_len,
201 unsigned short addr_type)
203 int space = NDISC_OPT_SPACE(data_len);
204 int pad = ndisc_addr_option_pad(addr_type);
206 opt[0] = type;
207 opt[1] = space>>3;
209 memset(opt + 2, 0, pad);
210 opt += pad;
211 space -= pad;
213 memcpy(opt+2, data, data_len);
214 data_len += 2;
215 opt += data_len;
216 if ((space -= data_len) > 0)
217 memset(opt, 0, space);
218 return opt + space;
221 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
222 struct nd_opt_hdr *end)
224 int type;
225 if (!cur || !end || cur >= end)
226 return NULL;
227 type = cur->nd_opt_type;
228 do {
229 cur = ((void *)cur) + (cur->nd_opt_len << 3);
230 } while(cur < end && cur->nd_opt_type != type);
231 return (cur <= end && cur->nd_opt_type == type ? cur : NULL);
234 static inline int ndisc_is_useropt(struct nd_opt_hdr *opt)
236 return (opt->nd_opt_type == ND_OPT_RDNSS);
239 static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur,
240 struct nd_opt_hdr *end)
242 if (!cur || !end || cur >= end)
243 return NULL;
244 do {
245 cur = ((void *)cur) + (cur->nd_opt_len << 3);
246 } while(cur < end && !ndisc_is_useropt(cur));
247 return (cur <= end && ndisc_is_useropt(cur) ? cur : NULL);
250 static struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
251 struct ndisc_options *ndopts)
253 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
255 if (!nd_opt || opt_len < 0 || !ndopts)
256 return NULL;
257 memset(ndopts, 0, sizeof(*ndopts));
258 while (opt_len) {
259 int l;
260 if (opt_len < sizeof(struct nd_opt_hdr))
261 return NULL;
262 l = nd_opt->nd_opt_len << 3;
263 if (opt_len < l || l == 0)
264 return NULL;
265 switch (nd_opt->nd_opt_type) {
266 case ND_OPT_SOURCE_LL_ADDR:
267 case ND_OPT_TARGET_LL_ADDR:
268 case ND_OPT_MTU:
269 case ND_OPT_REDIRECT_HDR:
270 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
271 ND_PRINTK2(KERN_WARNING
272 "%s(): duplicated ND6 option found: type=%d\n",
273 __FUNCTION__,
274 nd_opt->nd_opt_type);
275 } else {
276 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
278 break;
279 case ND_OPT_PREFIX_INFO:
280 ndopts->nd_opts_pi_end = nd_opt;
281 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
282 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
283 break;
284 #ifdef CONFIG_IPV6_ROUTE_INFO
285 case ND_OPT_ROUTE_INFO:
286 ndopts->nd_opts_ri_end = nd_opt;
287 if (!ndopts->nd_opts_ri)
288 ndopts->nd_opts_ri = nd_opt;
289 break;
290 #endif
291 default:
292 if (ndisc_is_useropt(nd_opt)) {
293 ndopts->nd_useropts_end = nd_opt;
294 if (!ndopts->nd_useropts)
295 ndopts->nd_useropts = nd_opt;
296 } else {
298 * Unknown options must be silently ignored,
299 * to accommodate future extension to the
300 * protocol.
302 ND_PRINTK2(KERN_NOTICE
303 "%s(): ignored unsupported option; type=%d, len=%d\n",
304 __FUNCTION__,
305 nd_opt->nd_opt_type, nd_opt->nd_opt_len);
308 opt_len -= l;
309 nd_opt = ((void *)nd_opt) + l;
311 return ndopts;
314 static inline u8 *ndisc_opt_addr_data(struct nd_opt_hdr *p,
315 struct net_device *dev)
317 u8 *lladdr = (u8 *)(p + 1);
318 int lladdrlen = p->nd_opt_len << 3;
319 int prepad = ndisc_addr_option_pad(dev->type);
320 if (lladdrlen != NDISC_OPT_SPACE(dev->addr_len + prepad))
321 return NULL;
322 return (lladdr + prepad);
325 int ndisc_mc_map(struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
327 switch (dev->type) {
328 case ARPHRD_ETHER:
329 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */
330 case ARPHRD_FDDI:
331 ipv6_eth_mc_map(addr, buf);
332 return 0;
333 case ARPHRD_IEEE802_TR:
334 ipv6_tr_mc_map(addr,buf);
335 return 0;
336 case ARPHRD_ARCNET:
337 ipv6_arcnet_mc_map(addr, buf);
338 return 0;
339 case ARPHRD_INFINIBAND:
340 ipv6_ib_mc_map(addr, dev->broadcast, buf);
341 return 0;
342 default:
343 if (dir) {
344 memcpy(buf, dev->broadcast, dev->addr_len);
345 return 0;
348 return -EINVAL;
351 EXPORT_SYMBOL(ndisc_mc_map);
353 static u32 ndisc_hash(const void *pkey, const struct net_device *dev)
355 const u32 *p32 = pkey;
356 u32 addr_hash, i;
358 addr_hash = 0;
359 for (i = 0; i < (sizeof(struct in6_addr) / sizeof(u32)); i++)
360 addr_hash ^= *p32++;
362 return jhash_2words(addr_hash, dev->ifindex, nd_tbl.hash_rnd);
365 static int ndisc_constructor(struct neighbour *neigh)
367 struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key;
368 struct net_device *dev = neigh->dev;
369 struct inet6_dev *in6_dev;
370 struct neigh_parms *parms;
371 int is_multicast = ipv6_addr_is_multicast(addr);
373 rcu_read_lock();
374 in6_dev = in6_dev_get(dev);
375 if (in6_dev == NULL) {
376 rcu_read_unlock();
377 return -EINVAL;
380 parms = in6_dev->nd_parms;
381 __neigh_parms_put(neigh->parms);
382 neigh->parms = neigh_parms_clone(parms);
383 rcu_read_unlock();
385 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
386 if (!dev->header_ops) {
387 neigh->nud_state = NUD_NOARP;
388 neigh->ops = &ndisc_direct_ops;
389 neigh->output = neigh->ops->queue_xmit;
390 } else {
391 if (is_multicast) {
392 neigh->nud_state = NUD_NOARP;
393 ndisc_mc_map(addr, neigh->ha, dev, 1);
394 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
395 neigh->nud_state = NUD_NOARP;
396 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
397 if (dev->flags&IFF_LOOPBACK)
398 neigh->type = RTN_LOCAL;
399 } else if (dev->flags&IFF_POINTOPOINT) {
400 neigh->nud_state = NUD_NOARP;
401 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
403 if (dev->header_ops->cache)
404 neigh->ops = &ndisc_hh_ops;
405 else
406 neigh->ops = &ndisc_generic_ops;
407 if (neigh->nud_state&NUD_VALID)
408 neigh->output = neigh->ops->connected_output;
409 else
410 neigh->output = neigh->ops->output;
412 in6_dev_put(in6_dev);
413 return 0;
416 static int pndisc_constructor(struct pneigh_entry *n)
418 struct in6_addr *addr = (struct in6_addr*)&n->key;
419 struct in6_addr maddr;
420 struct net_device *dev = n->dev;
422 if (dev == NULL || __in6_dev_get(dev) == NULL)
423 return -EINVAL;
424 addrconf_addr_solict_mult(addr, &maddr);
425 ipv6_dev_mc_inc(dev, &maddr);
426 return 0;
429 static void pndisc_destructor(struct pneigh_entry *n)
431 struct in6_addr *addr = (struct in6_addr*)&n->key;
432 struct in6_addr maddr;
433 struct net_device *dev = n->dev;
435 if (dev == NULL || __in6_dev_get(dev) == NULL)
436 return;
437 addrconf_addr_solict_mult(addr, &maddr);
438 ipv6_dev_mc_dec(dev, &maddr);
442 * Send a Neighbour Advertisement
445 static inline void ndisc_flow_init(struct flowi *fl, u8 type,
446 struct in6_addr *saddr, struct in6_addr *daddr,
447 int oif)
449 memset(fl, 0, sizeof(*fl));
450 ipv6_addr_copy(&fl->fl6_src, saddr);
451 ipv6_addr_copy(&fl->fl6_dst, daddr);
452 fl->proto = IPPROTO_ICMPV6;
453 fl->fl_icmp_type = type;
454 fl->fl_icmp_code = 0;
455 fl->oif = oif;
456 security_sk_classify_flow(ndisc_socket->sk, fl);
459 static void __ndisc_send(struct net_device *dev,
460 struct neighbour *neigh,
461 struct in6_addr *daddr, struct in6_addr *saddr,
462 struct icmp6hdr *icmp6h, struct in6_addr *target,
463 int llinfo)
465 struct flowi fl;
466 struct dst_entry *dst;
467 struct sock *sk = ndisc_socket->sk;
468 struct sk_buff *skb;
469 struct icmp6hdr *hdr;
470 struct inet6_dev *idev;
471 int len;
472 int err;
473 u8 *opt, type;
475 type = icmp6h->icmp6_type;
477 ndisc_flow_init(&fl, type, saddr, daddr,
478 dev->ifindex);
480 dst = ndisc_dst_alloc(dev, neigh, daddr, ip6_output);
481 if (!dst)
482 return;
484 err = xfrm_lookup(&dst, &fl, NULL, 0);
485 if (err < 0)
486 return;
488 if (!dev->addr_len)
489 llinfo = 0;
491 len = sizeof(struct icmp6hdr) + (target ? sizeof(*target) : 0);
492 if (llinfo)
493 len += ndisc_opt_addr_space(dev);
495 skb = sock_alloc_send_skb(sk,
496 (MAX_HEADER + sizeof(struct ipv6hdr) +
497 len + LL_RESERVED_SPACE(dev)),
498 1, &err);
499 if (!skb) {
500 ND_PRINTK0(KERN_ERR
501 "ICMPv6 ND: %s() failed to allocate an skb.\n",
502 __FUNCTION__);
503 dst_release(dst);
504 return;
507 skb_reserve(skb, LL_RESERVED_SPACE(dev));
508 ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len);
510 skb->transport_header = skb->tail;
511 skb_put(skb, len);
513 hdr = (struct icmp6hdr *)skb_transport_header(skb);
514 memcpy(hdr, icmp6h, sizeof(*hdr));
516 opt = skb_transport_header(skb) + sizeof(struct icmp6hdr);
517 if (target) {
518 ipv6_addr_copy((struct in6_addr *)opt, target);
519 opt += sizeof(*target);
522 if (llinfo)
523 ndisc_fill_addr_option(opt, llinfo, dev->dev_addr,
524 dev->addr_len, dev->type);
526 hdr->icmp6_cksum = csum_ipv6_magic(saddr, daddr, len,
527 IPPROTO_ICMPV6,
528 csum_partial((__u8 *) hdr,
529 len, 0));
531 skb->dst = dst;
533 idev = in6_dev_get(dst->dev);
534 IP6_INC_STATS(idev, IPSTATS_MIB_OUTREQUESTS);
536 err = NF_HOOK(PF_INET6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev,
537 dst_output);
538 if (!err) {
539 ICMP6MSGOUT_INC_STATS(idev, type);
540 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS);
543 if (likely(idev != NULL))
544 in6_dev_put(idev);
547 static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
548 struct in6_addr *daddr, struct in6_addr *solicited_addr,
549 int router, int solicited, int override, int inc_opt)
551 struct in6_addr tmpaddr;
552 struct inet6_ifaddr *ifp;
553 struct in6_addr *src_addr;
554 struct icmp6hdr icmp6h = {
555 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
558 /* for anycast or proxy, solicited_addr != src_addr */
559 ifp = ipv6_get_ifaddr(&init_net, solicited_addr, dev, 1);
560 if (ifp) {
561 src_addr = solicited_addr;
562 if (ifp->flags & IFA_F_OPTIMISTIC)
563 override = 0;
564 in6_ifa_put(ifp);
565 } else {
566 if (ipv6_dev_get_saddr(dev, daddr, &tmpaddr))
567 return;
568 src_addr = &tmpaddr;
571 icmp6h.icmp6_router = router;
572 icmp6h.icmp6_solicited = solicited;
573 icmp6h.icmp6_override = override;
575 __ndisc_send(dev, neigh, daddr, src_addr,
576 &icmp6h, solicited_addr,
577 inc_opt ? ND_OPT_TARGET_LL_ADDR : 0);
580 void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh,
581 struct in6_addr *solicit,
582 struct in6_addr *daddr, struct in6_addr *saddr)
584 struct in6_addr addr_buf;
585 struct icmp6hdr icmp6h = {
586 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
589 if (saddr == NULL) {
590 if (ipv6_get_lladdr(dev, &addr_buf,
591 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
592 return;
593 saddr = &addr_buf;
596 __ndisc_send(dev, neigh, daddr, saddr,
597 &icmp6h, solicit,
598 !ipv6_addr_any(saddr) ? ND_OPT_SOURCE_LL_ADDR : 0);
601 void ndisc_send_rs(struct net_device *dev, struct in6_addr *saddr,
602 struct in6_addr *daddr)
604 struct icmp6hdr icmp6h = {
605 .icmp6_type = NDISC_ROUTER_SOLICITATION,
607 int send_sllao = dev->addr_len;
609 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
611 * According to section 2.2 of RFC 4429, we must not
612 * send router solicitations with a sllao from
613 * optimistic addresses, but we may send the solicitation
614 * if we don't include the sllao. So here we check
615 * if our address is optimistic, and if so, we
616 * suppress the inclusion of the sllao.
618 if (send_sllao) {
619 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(&init_net, saddr,
620 dev, 1);
621 if (ifp) {
622 if (ifp->flags & IFA_F_OPTIMISTIC) {
623 send_sllao = 0;
625 in6_ifa_put(ifp);
626 } else {
627 send_sllao = 0;
630 #endif
631 __ndisc_send(dev, NULL, daddr, saddr,
632 &icmp6h, NULL,
633 send_sllao ? ND_OPT_SOURCE_LL_ADDR : 0);
637 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
640 * "The sender MUST return an ICMP
641 * destination unreachable"
643 dst_link_failure(skb);
644 kfree_skb(skb);
647 /* Called with locked neigh: either read or both */
649 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
651 struct in6_addr *saddr = NULL;
652 struct in6_addr mcaddr;
653 struct net_device *dev = neigh->dev;
654 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
655 int probes = atomic_read(&neigh->probes);
657 if (skb && ipv6_chk_addr(&init_net, &ipv6_hdr(skb)->saddr, dev, 1))
658 saddr = &ipv6_hdr(skb)->saddr;
660 if ((probes -= neigh->parms->ucast_probes) < 0) {
661 if (!(neigh->nud_state & NUD_VALID)) {
662 ND_PRINTK1(KERN_DEBUG
663 "%s(): trying to ucast probe in NUD_INVALID: "
664 NIP6_FMT "\n",
665 __FUNCTION__,
666 NIP6(*target));
668 ndisc_send_ns(dev, neigh, target, target, saddr);
669 } else if ((probes -= neigh->parms->app_probes) < 0) {
670 #ifdef CONFIG_ARPD
671 neigh_app_ns(neigh);
672 #endif
673 } else {
674 addrconf_addr_solict_mult(target, &mcaddr);
675 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr);
679 static struct pneigh_entry *pndisc_check_router(struct net_device *dev,
680 struct in6_addr *addr, int *is_router)
682 struct pneigh_entry *n;
684 read_lock_bh(&nd_tbl.lock);
685 n = __pneigh_lookup(&nd_tbl, &init_net, addr, dev);
686 if (n != NULL)
687 *is_router = (n->flags & NTF_ROUTER);
688 read_unlock_bh(&nd_tbl.lock);
690 return n;
693 static void ndisc_recv_ns(struct sk_buff *skb)
695 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
696 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
697 struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
698 u8 *lladdr = NULL;
699 u32 ndoptlen = skb->tail - (skb->transport_header +
700 offsetof(struct nd_msg, opt));
701 struct ndisc_options ndopts;
702 struct net_device *dev = skb->dev;
703 struct inet6_ifaddr *ifp;
704 struct inet6_dev *idev = NULL;
705 struct neighbour *neigh;
706 struct pneigh_entry *pneigh = NULL;
707 int dad = ipv6_addr_any(saddr);
708 int inc;
709 int is_router = 0;
711 if (ipv6_addr_is_multicast(&msg->target)) {
712 ND_PRINTK2(KERN_WARNING
713 "ICMPv6 NS: multicast target address");
714 return;
718 * RFC2461 7.1.1:
719 * DAD has to be destined for solicited node multicast address.
721 if (dad &&
722 !(daddr->s6_addr32[0] == htonl(0xff020000) &&
723 daddr->s6_addr32[1] == htonl(0x00000000) &&
724 daddr->s6_addr32[2] == htonl(0x00000001) &&
725 daddr->s6_addr [12] == 0xff )) {
726 ND_PRINTK2(KERN_WARNING
727 "ICMPv6 NS: bad DAD packet (wrong destination)\n");
728 return;
731 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
732 ND_PRINTK2(KERN_WARNING
733 "ICMPv6 NS: invalid ND options\n");
734 return;
737 if (ndopts.nd_opts_src_lladdr) {
738 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
739 if (!lladdr) {
740 ND_PRINTK2(KERN_WARNING
741 "ICMPv6 NS: invalid link-layer address length\n");
742 return;
745 /* RFC2461 7.1.1:
746 * If the IP source address is the unspecified address,
747 * there MUST NOT be source link-layer address option
748 * in the message.
750 if (dad) {
751 ND_PRINTK2(KERN_WARNING
752 "ICMPv6 NS: bad DAD packet (link-layer address option)\n");
753 return;
757 inc = ipv6_addr_is_multicast(daddr);
759 if ((ifp = ipv6_get_ifaddr(&init_net, &msg->target, dev, 1)) != NULL) {
761 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
762 if (dad) {
763 if (dev->type == ARPHRD_IEEE802_TR) {
764 const unsigned char *sadr;
765 sadr = skb_mac_header(skb);
766 if (((sadr[8] ^ dev->dev_addr[0]) & 0x7f) == 0 &&
767 sadr[9] == dev->dev_addr[1] &&
768 sadr[10] == dev->dev_addr[2] &&
769 sadr[11] == dev->dev_addr[3] &&
770 sadr[12] == dev->dev_addr[4] &&
771 sadr[13] == dev->dev_addr[5]) {
772 /* looped-back to us */
773 goto out;
778 * We are colliding with another node
779 * who is doing DAD
780 * so fail our DAD process
782 addrconf_dad_failure(ifp);
783 return;
784 } else {
786 * This is not a dad solicitation.
787 * If we are an optimistic node,
788 * we should respond.
789 * Otherwise, we should ignore it.
791 if (!(ifp->flags & IFA_F_OPTIMISTIC))
792 goto out;
796 idev = ifp->idev;
797 } else {
798 idev = in6_dev_get(dev);
799 if (!idev) {
800 /* XXX: count this drop? */
801 return;
804 if (ipv6_chk_acast_addr(dev, &msg->target) ||
805 (idev->cnf.forwarding &&
806 (ipv6_devconf.proxy_ndp || idev->cnf.proxy_ndp) &&
807 (pneigh = pndisc_check_router(dev, &msg->target,
808 &is_router)) != NULL)) {
809 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
810 skb->pkt_type != PACKET_HOST &&
811 inc != 0 &&
812 idev->nd_parms->proxy_delay != 0) {
814 * for anycast or proxy,
815 * sender should delay its response
816 * by a random time between 0 and
817 * MAX_ANYCAST_DELAY_TIME seconds.
818 * (RFC2461) -- yoshfuji
820 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
821 if (n)
822 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
823 goto out;
825 } else
826 goto out;
829 is_router = !!(pneigh ? is_router : idev->cnf.forwarding);
831 if (dad) {
832 struct in6_addr maddr;
834 ipv6_addr_all_nodes(&maddr);
835 ndisc_send_na(dev, NULL, &maddr, &msg->target,
836 is_router, 0, (ifp != NULL), 1);
837 goto out;
840 if (inc)
841 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
842 else
843 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
846 * update / create cache entry
847 * for the source address
849 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
850 !inc || lladdr || !dev->addr_len);
851 if (neigh)
852 neigh_update(neigh, lladdr, NUD_STALE,
853 NEIGH_UPDATE_F_WEAK_OVERRIDE|
854 NEIGH_UPDATE_F_OVERRIDE);
855 if (neigh || !dev->header_ops) {
856 ndisc_send_na(dev, neigh, saddr, &msg->target,
857 is_router,
858 1, (ifp != NULL && inc), inc);
859 if (neigh)
860 neigh_release(neigh);
863 out:
864 if (ifp)
865 in6_ifa_put(ifp);
866 else
867 in6_dev_put(idev);
869 return;
872 static void ndisc_recv_na(struct sk_buff *skb)
874 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
875 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
876 struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
877 u8 *lladdr = NULL;
878 u32 ndoptlen = skb->tail - (skb->transport_header +
879 offsetof(struct nd_msg, opt));
880 struct ndisc_options ndopts;
881 struct net_device *dev = skb->dev;
882 struct inet6_ifaddr *ifp;
883 struct neighbour *neigh;
885 if (skb->len < sizeof(struct nd_msg)) {
886 ND_PRINTK2(KERN_WARNING
887 "ICMPv6 NA: packet too short\n");
888 return;
891 if (ipv6_addr_is_multicast(&msg->target)) {
892 ND_PRINTK2(KERN_WARNING
893 "ICMPv6 NA: target address is multicast.\n");
894 return;
897 if (ipv6_addr_is_multicast(daddr) &&
898 msg->icmph.icmp6_solicited) {
899 ND_PRINTK2(KERN_WARNING
900 "ICMPv6 NA: solicited NA is multicasted.\n");
901 return;
904 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
905 ND_PRINTK2(KERN_WARNING
906 "ICMPv6 NS: invalid ND option\n");
907 return;
909 if (ndopts.nd_opts_tgt_lladdr) {
910 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
911 if (!lladdr) {
912 ND_PRINTK2(KERN_WARNING
913 "ICMPv6 NA: invalid link-layer address length\n");
914 return;
917 if ((ifp = ipv6_get_ifaddr(&init_net, &msg->target, dev, 1))) {
918 if (ifp->flags & IFA_F_TENTATIVE) {
919 addrconf_dad_failure(ifp);
920 return;
922 /* What should we make now? The advertisement
923 is invalid, but ndisc specs say nothing
924 about it. It could be misconfiguration, or
925 an smart proxy agent tries to help us :-)
927 ND_PRINTK1(KERN_WARNING
928 "ICMPv6 NA: someone advertises our address on %s!\n",
929 ifp->idev->dev->name);
930 in6_ifa_put(ifp);
931 return;
933 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
935 if (neigh) {
936 u8 old_flags = neigh->flags;
938 if (neigh->nud_state & NUD_FAILED)
939 goto out;
942 * Don't update the neighbor cache entry on a proxy NA from
943 * ourselves because either the proxied node is off link or it
944 * has already sent a NA to us.
946 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
947 ipv6_devconf.forwarding && ipv6_devconf.proxy_ndp &&
948 pneigh_lookup(&nd_tbl, &init_net, &msg->target, dev, 0)) {
949 /* XXX: idev->cnf.prixy_ndp */
950 goto out;
953 neigh_update(neigh, lladdr,
954 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
955 NEIGH_UPDATE_F_WEAK_OVERRIDE|
956 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
957 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
958 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0));
960 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
962 * Change: router to host
964 struct rt6_info *rt;
965 rt = rt6_get_dflt_router(saddr, dev);
966 if (rt)
967 ip6_del_rt(rt);
970 out:
971 neigh_release(neigh);
975 static void ndisc_recv_rs(struct sk_buff *skb)
977 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
978 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
979 struct neighbour *neigh;
980 struct inet6_dev *idev;
981 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
982 struct ndisc_options ndopts;
983 u8 *lladdr = NULL;
985 if (skb->len < sizeof(*rs_msg))
986 return;
988 idev = in6_dev_get(skb->dev);
989 if (!idev) {
990 if (net_ratelimit())
991 ND_PRINTK1("ICMP6 RS: can't find in6 device\n");
992 return;
995 /* Don't accept RS if we're not in router mode */
996 if (!idev->cnf.forwarding)
997 goto out;
1000 * Don't update NCE if src = ::;
1001 * this implies that the source node has no ip address assigned yet.
1003 if (ipv6_addr_any(saddr))
1004 goto out;
1006 /* Parse ND options */
1007 if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) {
1008 if (net_ratelimit())
1009 ND_PRINTK2("ICMP6 NS: invalid ND option, ignored\n");
1010 goto out;
1013 if (ndopts.nd_opts_src_lladdr) {
1014 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1015 skb->dev);
1016 if (!lladdr)
1017 goto out;
1020 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1021 if (neigh) {
1022 neigh_update(neigh, lladdr, NUD_STALE,
1023 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1024 NEIGH_UPDATE_F_OVERRIDE|
1025 NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
1026 neigh_release(neigh);
1028 out:
1029 in6_dev_put(idev);
1032 static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1034 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1035 struct sk_buff *skb;
1036 struct nlmsghdr *nlh;
1037 struct nduseroptmsg *ndmsg;
1038 int err;
1039 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1040 + (opt->nd_opt_len << 3));
1041 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1043 skb = nlmsg_new(msg_size, GFP_ATOMIC);
1044 if (skb == NULL) {
1045 err = -ENOBUFS;
1046 goto errout;
1049 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1050 if (nlh == NULL) {
1051 goto nla_put_failure;
1054 ndmsg = nlmsg_data(nlh);
1055 ndmsg->nduseropt_family = AF_INET6;
1056 ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1057 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1058 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1059 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1061 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1063 NLA_PUT(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr),
1064 &ipv6_hdr(ra)->saddr);
1065 nlmsg_end(skb, nlh);
1067 err = rtnl_notify(skb, &init_net, 0, RTNLGRP_ND_USEROPT, NULL,
1068 GFP_ATOMIC);
1069 if (err < 0)
1070 goto errout;
1072 return;
1074 nla_put_failure:
1075 nlmsg_free(skb);
1076 err = -EMSGSIZE;
1077 errout:
1078 rtnl_set_sk_err(&init_net, RTNLGRP_ND_USEROPT, err);
1081 static void ndisc_router_discovery(struct sk_buff *skb)
1083 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1084 struct neighbour *neigh = NULL;
1085 struct inet6_dev *in6_dev;
1086 struct rt6_info *rt = NULL;
1087 int lifetime;
1088 struct ndisc_options ndopts;
1089 int optlen;
1090 unsigned int pref = 0;
1092 __u8 * opt = (__u8 *)(ra_msg + 1);
1094 optlen = (skb->tail - skb->transport_header) - sizeof(struct ra_msg);
1096 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1097 ND_PRINTK2(KERN_WARNING
1098 "ICMPv6 RA: source address is not link-local.\n");
1099 return;
1101 if (optlen < 0) {
1102 ND_PRINTK2(KERN_WARNING
1103 "ICMPv6 RA: packet too short\n");
1104 return;
1108 * set the RA_RECV flag in the interface
1111 in6_dev = in6_dev_get(skb->dev);
1112 if (in6_dev == NULL) {
1113 ND_PRINTK0(KERN_ERR
1114 "ICMPv6 RA: can't find inet6 device for %s.\n",
1115 skb->dev->name);
1116 return;
1118 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_ra) {
1119 in6_dev_put(in6_dev);
1120 return;
1123 if (!ndisc_parse_options(opt, optlen, &ndopts)) {
1124 in6_dev_put(in6_dev);
1125 ND_PRINTK2(KERN_WARNING
1126 "ICMP6 RA: invalid ND options\n");
1127 return;
1130 if (in6_dev->if_flags & IF_RS_SENT) {
1132 * flag that an RA was received after an RS was sent
1133 * out on this interface.
1135 in6_dev->if_flags |= IF_RA_RCVD;
1139 * Remember the managed/otherconf flags from most recently
1140 * received RA message (RFC 2462) -- yoshfuji
1142 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1143 IF_RA_OTHERCONF)) |
1144 (ra_msg->icmph.icmp6_addrconf_managed ?
1145 IF_RA_MANAGED : 0) |
1146 (ra_msg->icmph.icmp6_addrconf_other ?
1147 IF_RA_OTHERCONF : 0);
1149 if (!in6_dev->cnf.accept_ra_defrtr)
1150 goto skip_defrtr;
1152 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1154 #ifdef CONFIG_IPV6_ROUTER_PREF
1155 pref = ra_msg->icmph.icmp6_router_pref;
1156 /* 10b is handled as if it were 00b (medium) */
1157 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1158 !in6_dev->cnf.accept_ra_rtr_pref)
1159 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1160 #endif
1162 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1164 if (rt)
1165 neigh = rt->rt6i_nexthop;
1167 if (rt && lifetime == 0) {
1168 neigh_clone(neigh);
1169 ip6_del_rt(rt);
1170 rt = NULL;
1173 if (rt == NULL && lifetime) {
1174 ND_PRINTK3(KERN_DEBUG
1175 "ICMPv6 RA: adding default router.\n");
1177 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
1178 if (rt == NULL) {
1179 ND_PRINTK0(KERN_ERR
1180 "ICMPv6 RA: %s() failed to add default route.\n",
1181 __FUNCTION__);
1182 in6_dev_put(in6_dev);
1183 return;
1186 neigh = rt->rt6i_nexthop;
1187 if (neigh == NULL) {
1188 ND_PRINTK0(KERN_ERR
1189 "ICMPv6 RA: %s() got default router without neighbour.\n",
1190 __FUNCTION__);
1191 dst_release(&rt->u.dst);
1192 in6_dev_put(in6_dev);
1193 return;
1195 neigh->flags |= NTF_ROUTER;
1196 } else if (rt) {
1197 rt->rt6i_flags |= (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1200 if (rt)
1201 rt->rt6i_expires = jiffies + (HZ * lifetime);
1203 if (ra_msg->icmph.icmp6_hop_limit) {
1204 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1205 if (rt)
1206 rt->u.dst.metrics[RTAX_HOPLIMIT-1] = ra_msg->icmph.icmp6_hop_limit;
1209 skip_defrtr:
1212 * Update Reachable Time and Retrans Timer
1215 if (in6_dev->nd_parms) {
1216 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1218 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1219 rtime = (rtime*HZ)/1000;
1220 if (rtime < HZ/10)
1221 rtime = HZ/10;
1222 in6_dev->nd_parms->retrans_time = rtime;
1223 in6_dev->tstamp = jiffies;
1224 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1227 rtime = ntohl(ra_msg->reachable_time);
1228 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1229 rtime = (rtime*HZ)/1000;
1231 if (rtime < HZ/10)
1232 rtime = HZ/10;
1234 if (rtime != in6_dev->nd_parms->base_reachable_time) {
1235 in6_dev->nd_parms->base_reachable_time = rtime;
1236 in6_dev->nd_parms->gc_staletime = 3 * rtime;
1237 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1238 in6_dev->tstamp = jiffies;
1239 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1245 * Process options.
1248 if (!neigh)
1249 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1250 skb->dev, 1);
1251 if (neigh) {
1252 u8 *lladdr = NULL;
1253 if (ndopts.nd_opts_src_lladdr) {
1254 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1255 skb->dev);
1256 if (!lladdr) {
1257 ND_PRINTK2(KERN_WARNING
1258 "ICMPv6 RA: invalid link-layer address length\n");
1259 goto out;
1262 neigh_update(neigh, lladdr, NUD_STALE,
1263 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1264 NEIGH_UPDATE_F_OVERRIDE|
1265 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1266 NEIGH_UPDATE_F_ISROUTER);
1269 #ifdef CONFIG_IPV6_ROUTE_INFO
1270 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1271 struct nd_opt_hdr *p;
1272 for (p = ndopts.nd_opts_ri;
1274 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1275 if (((struct route_info *)p)->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1276 continue;
1277 rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3,
1278 &ipv6_hdr(skb)->saddr);
1281 #endif
1283 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1284 struct nd_opt_hdr *p;
1285 for (p = ndopts.nd_opts_pi;
1287 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1288 addrconf_prefix_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3);
1292 if (ndopts.nd_opts_mtu) {
1293 __be32 n;
1294 u32 mtu;
1296 memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1297 mtu = ntohl(n);
1299 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1300 ND_PRINTK2(KERN_WARNING
1301 "ICMPv6 RA: invalid mtu: %d\n",
1302 mtu);
1303 } else if (in6_dev->cnf.mtu6 != mtu) {
1304 in6_dev->cnf.mtu6 = mtu;
1306 if (rt)
1307 rt->u.dst.metrics[RTAX_MTU-1] = mtu;
1309 rt6_mtu_change(skb->dev, mtu);
1313 if (ndopts.nd_useropts) {
1314 struct nd_opt_hdr *p;
1315 for (p = ndopts.nd_useropts;
1317 p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) {
1318 ndisc_ra_useropt(skb, p);
1322 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1323 ND_PRINTK2(KERN_WARNING
1324 "ICMPv6 RA: invalid RA options");
1326 out:
1327 if (rt)
1328 dst_release(&rt->u.dst);
1329 else if (neigh)
1330 neigh_release(neigh);
1331 in6_dev_put(in6_dev);
1334 static void ndisc_redirect_rcv(struct sk_buff *skb)
1336 struct inet6_dev *in6_dev;
1337 struct icmp6hdr *icmph;
1338 struct in6_addr *dest;
1339 struct in6_addr *target; /* new first hop to destination */
1340 struct neighbour *neigh;
1341 int on_link = 0;
1342 struct ndisc_options ndopts;
1343 int optlen;
1344 u8 *lladdr = NULL;
1346 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1347 ND_PRINTK2(KERN_WARNING
1348 "ICMPv6 Redirect: source address is not link-local.\n");
1349 return;
1352 optlen = skb->tail - skb->transport_header;
1353 optlen -= sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1355 if (optlen < 0) {
1356 ND_PRINTK2(KERN_WARNING
1357 "ICMPv6 Redirect: packet too short\n");
1358 return;
1361 icmph = icmp6_hdr(skb);
1362 target = (struct in6_addr *) (icmph + 1);
1363 dest = target + 1;
1365 if (ipv6_addr_is_multicast(dest)) {
1366 ND_PRINTK2(KERN_WARNING
1367 "ICMPv6 Redirect: destination address is multicast.\n");
1368 return;
1371 if (ipv6_addr_equal(dest, target)) {
1372 on_link = 1;
1373 } else if (ipv6_addr_type(target) !=
1374 (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1375 ND_PRINTK2(KERN_WARNING
1376 "ICMPv6 Redirect: target address is not link-local unicast.\n");
1377 return;
1380 in6_dev = in6_dev_get(skb->dev);
1381 if (!in6_dev)
1382 return;
1383 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects) {
1384 in6_dev_put(in6_dev);
1385 return;
1388 /* RFC2461 8.1:
1389 * The IP source address of the Redirect MUST be the same as the current
1390 * first-hop router for the specified ICMP Destination Address.
1393 if (!ndisc_parse_options((u8*)(dest + 1), optlen, &ndopts)) {
1394 ND_PRINTK2(KERN_WARNING
1395 "ICMPv6 Redirect: invalid ND options\n");
1396 in6_dev_put(in6_dev);
1397 return;
1399 if (ndopts.nd_opts_tgt_lladdr) {
1400 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr,
1401 skb->dev);
1402 if (!lladdr) {
1403 ND_PRINTK2(KERN_WARNING
1404 "ICMPv6 Redirect: invalid link-layer address length\n");
1405 in6_dev_put(in6_dev);
1406 return;
1410 neigh = __neigh_lookup(&nd_tbl, target, skb->dev, 1);
1411 if (neigh) {
1412 rt6_redirect(dest, &ipv6_hdr(skb)->daddr,
1413 &ipv6_hdr(skb)->saddr, neigh, lladdr,
1414 on_link);
1415 neigh_release(neigh);
1417 in6_dev_put(in6_dev);
1420 void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh,
1421 struct in6_addr *target)
1423 struct sock *sk = ndisc_socket->sk;
1424 int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1425 struct sk_buff *buff;
1426 struct icmp6hdr *icmph;
1427 struct in6_addr saddr_buf;
1428 struct in6_addr *addrp;
1429 struct net_device *dev;
1430 struct rt6_info *rt;
1431 struct dst_entry *dst;
1432 struct inet6_dev *idev;
1433 struct flowi fl;
1434 u8 *opt;
1435 int rd_len;
1436 int err;
1437 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL;
1439 dev = skb->dev;
1441 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1442 ND_PRINTK2(KERN_WARNING
1443 "ICMPv6 Redirect: no link-local address on %s\n",
1444 dev->name);
1445 return;
1448 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1449 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1450 ND_PRINTK2(KERN_WARNING
1451 "ICMPv6 Redirect: target address is not link-local unicast.\n");
1452 return;
1455 ndisc_flow_init(&fl, NDISC_REDIRECT, &saddr_buf, &ipv6_hdr(skb)->saddr,
1456 dev->ifindex);
1458 dst = ip6_route_output(NULL, &fl);
1459 if (dst == NULL)
1460 return;
1462 err = xfrm_lookup(&dst, &fl, NULL, 0);
1463 if (err)
1464 return;
1466 rt = (struct rt6_info *) dst;
1468 if (rt->rt6i_flags & RTF_GATEWAY) {
1469 ND_PRINTK2(KERN_WARNING
1470 "ICMPv6 Redirect: destination is not a neighbour.\n");
1471 dst_release(dst);
1472 return;
1474 if (!xrlim_allow(dst, 1*HZ)) {
1475 dst_release(dst);
1476 return;
1479 if (dev->addr_len) {
1480 read_lock_bh(&neigh->lock);
1481 if (neigh->nud_state & NUD_VALID) {
1482 memcpy(ha_buf, neigh->ha, dev->addr_len);
1483 read_unlock_bh(&neigh->lock);
1484 ha = ha_buf;
1485 len += ndisc_opt_addr_space(dev);
1486 } else
1487 read_unlock_bh(&neigh->lock);
1490 rd_len = min_t(unsigned int,
1491 IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8);
1492 rd_len &= ~0x7;
1493 len += rd_len;
1495 buff = sock_alloc_send_skb(sk,
1496 (MAX_HEADER + sizeof(struct ipv6hdr) +
1497 len + LL_RESERVED_SPACE(dev)),
1498 1, &err);
1499 if (buff == NULL) {
1500 ND_PRINTK0(KERN_ERR
1501 "ICMPv6 Redirect: %s() failed to allocate an skb.\n",
1502 __FUNCTION__);
1503 dst_release(dst);
1504 return;
1508 skb_reserve(buff, LL_RESERVED_SPACE(dev));
1509 ip6_nd_hdr(sk, buff, dev, &saddr_buf, &ipv6_hdr(skb)->saddr,
1510 IPPROTO_ICMPV6, len);
1512 skb_set_transport_header(buff, skb_tail_pointer(buff) - buff->data);
1513 skb_put(buff, len);
1514 icmph = icmp6_hdr(buff);
1516 memset(icmph, 0, sizeof(struct icmp6hdr));
1517 icmph->icmp6_type = NDISC_REDIRECT;
1520 * copy target and destination addresses
1523 addrp = (struct in6_addr *)(icmph + 1);
1524 ipv6_addr_copy(addrp, target);
1525 addrp++;
1526 ipv6_addr_copy(addrp, &ipv6_hdr(skb)->daddr);
1528 opt = (u8*) (addrp + 1);
1531 * include target_address option
1534 if (ha)
1535 opt = ndisc_fill_addr_option(opt, ND_OPT_TARGET_LL_ADDR, ha,
1536 dev->addr_len, dev->type);
1539 * build redirect option and copy skb over to the new packet.
1542 memset(opt, 0, 8);
1543 *(opt++) = ND_OPT_REDIRECT_HDR;
1544 *(opt++) = (rd_len >> 3);
1545 opt += 6;
1547 memcpy(opt, ipv6_hdr(skb), rd_len - 8);
1549 icmph->icmp6_cksum = csum_ipv6_magic(&saddr_buf, &ipv6_hdr(skb)->saddr,
1550 len, IPPROTO_ICMPV6,
1551 csum_partial((u8 *) icmph, len, 0));
1553 buff->dst = dst;
1554 idev = in6_dev_get(dst->dev);
1555 IP6_INC_STATS(idev, IPSTATS_MIB_OUTREQUESTS);
1556 err = NF_HOOK(PF_INET6, NF_INET_LOCAL_OUT, buff, NULL, dst->dev,
1557 dst_output);
1558 if (!err) {
1559 ICMP6MSGOUT_INC_STATS(idev, NDISC_REDIRECT);
1560 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS);
1563 if (likely(idev != NULL))
1564 in6_dev_put(idev);
1567 static void pndisc_redo(struct sk_buff *skb)
1569 ndisc_recv_ns(skb);
1570 kfree_skb(skb);
1573 int ndisc_rcv(struct sk_buff *skb)
1575 struct nd_msg *msg;
1577 if (!pskb_may_pull(skb, skb->len))
1578 return 0;
1580 msg = (struct nd_msg *)skb_transport_header(skb);
1582 __skb_push(skb, skb->data - skb_transport_header(skb));
1584 if (ipv6_hdr(skb)->hop_limit != 255) {
1585 ND_PRINTK2(KERN_WARNING
1586 "ICMPv6 NDISC: invalid hop-limit: %d\n",
1587 ipv6_hdr(skb)->hop_limit);
1588 return 0;
1591 if (msg->icmph.icmp6_code != 0) {
1592 ND_PRINTK2(KERN_WARNING
1593 "ICMPv6 NDISC: invalid ICMPv6 code: %d\n",
1594 msg->icmph.icmp6_code);
1595 return 0;
1598 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1600 switch (msg->icmph.icmp6_type) {
1601 case NDISC_NEIGHBOUR_SOLICITATION:
1602 ndisc_recv_ns(skb);
1603 break;
1605 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1606 ndisc_recv_na(skb);
1607 break;
1609 case NDISC_ROUTER_SOLICITATION:
1610 ndisc_recv_rs(skb);
1611 break;
1613 case NDISC_ROUTER_ADVERTISEMENT:
1614 ndisc_router_discovery(skb);
1615 break;
1617 case NDISC_REDIRECT:
1618 ndisc_redirect_rcv(skb);
1619 break;
1622 return 0;
1625 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1627 struct net_device *dev = ptr;
1629 if (dev->nd_net != &init_net)
1630 return NOTIFY_DONE;
1632 switch (event) {
1633 case NETDEV_CHANGEADDR:
1634 neigh_changeaddr(&nd_tbl, dev);
1635 fib6_run_gc(~0UL);
1636 break;
1637 case NETDEV_DOWN:
1638 neigh_ifdown(&nd_tbl, dev);
1639 fib6_run_gc(~0UL);
1640 break;
1641 default:
1642 break;
1645 return NOTIFY_DONE;
1648 static struct notifier_block ndisc_netdev_notifier = {
1649 .notifier_call = ndisc_netdev_event,
1652 #ifdef CONFIG_SYSCTL
1653 static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1654 const char *func, const char *dev_name)
1656 static char warncomm[TASK_COMM_LEN];
1657 static int warned;
1658 if (strcmp(warncomm, current->comm) && warned < 5) {
1659 strcpy(warncomm, current->comm);
1660 printk(KERN_WARNING
1661 "process `%s' is using deprecated sysctl (%s) "
1662 "net.ipv6.neigh.%s.%s; "
1663 "Use net.ipv6.neigh.%s.%s_ms "
1664 "instead.\n",
1665 warncomm, func,
1666 dev_name, ctl->procname,
1667 dev_name, ctl->procname);
1668 warned++;
1672 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, struct file * filp, void __user *buffer, size_t *lenp, loff_t *ppos)
1674 struct net_device *dev = ctl->extra1;
1675 struct inet6_dev *idev;
1676 int ret;
1678 if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1679 (strcmp(ctl->procname, "base_reachable_time") == 0))
1680 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1682 if (strcmp(ctl->procname, "retrans_time") == 0)
1683 ret = proc_dointvec(ctl, write, filp, buffer, lenp, ppos);
1685 else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1686 ret = proc_dointvec_jiffies(ctl, write,
1687 filp, buffer, lenp, ppos);
1689 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1690 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1691 ret = proc_dointvec_ms_jiffies(ctl, write,
1692 filp, buffer, lenp, ppos);
1693 else
1694 ret = -1;
1696 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1697 if (ctl->data == &idev->nd_parms->base_reachable_time)
1698 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time);
1699 idev->tstamp = jiffies;
1700 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1701 in6_dev_put(idev);
1703 return ret;
1706 static int ndisc_ifinfo_sysctl_strategy(ctl_table *ctl, int __user *name,
1707 int nlen, void __user *oldval,
1708 size_t __user *oldlenp,
1709 void __user *newval, size_t newlen)
1711 struct net_device *dev = ctl->extra1;
1712 struct inet6_dev *idev;
1713 int ret;
1715 if (ctl->ctl_name == NET_NEIGH_RETRANS_TIME ||
1716 ctl->ctl_name == NET_NEIGH_REACHABLE_TIME)
1717 ndisc_warn_deprecated_sysctl(ctl, "procfs", dev ? dev->name : "default");
1719 switch (ctl->ctl_name) {
1720 case NET_NEIGH_REACHABLE_TIME:
1721 ret = sysctl_jiffies(ctl, name, nlen,
1722 oldval, oldlenp, newval, newlen);
1723 break;
1724 case NET_NEIGH_RETRANS_TIME_MS:
1725 case NET_NEIGH_REACHABLE_TIME_MS:
1726 ret = sysctl_ms_jiffies(ctl, name, nlen,
1727 oldval, oldlenp, newval, newlen);
1728 break;
1729 default:
1730 ret = 0;
1733 if (newval && newlen && ret > 0 &&
1734 dev && (idev = in6_dev_get(dev)) != NULL) {
1735 if (ctl->ctl_name == NET_NEIGH_REACHABLE_TIME ||
1736 ctl->ctl_name == NET_NEIGH_REACHABLE_TIME_MS)
1737 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time);
1738 idev->tstamp = jiffies;
1739 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1740 in6_dev_put(idev);
1743 return ret;
1746 #endif
1748 int __init ndisc_init(struct net_proto_family *ops)
1750 struct ipv6_pinfo *np;
1751 struct sock *sk;
1752 int err;
1754 err = sock_create_kern(PF_INET6, SOCK_RAW, IPPROTO_ICMPV6, &ndisc_socket);
1755 if (err < 0) {
1756 ND_PRINTK0(KERN_ERR
1757 "ICMPv6 NDISC: Failed to initialize the control socket (err %d).\n",
1758 err);
1759 ndisc_socket = NULL; /* For safety. */
1760 return err;
1763 sk = ndisc_socket->sk;
1764 np = inet6_sk(sk);
1765 sk->sk_allocation = GFP_ATOMIC;
1766 np->hop_limit = 255;
1767 /* Do not loopback ndisc messages */
1768 np->mc_loop = 0;
1769 sk->sk_prot->unhash(sk);
1772 * Initialize the neighbour table
1775 neigh_table_init(&nd_tbl);
1777 #ifdef CONFIG_SYSCTL
1778 neigh_sysctl_register(NULL, &nd_tbl.parms, NET_IPV6, NET_IPV6_NEIGH,
1779 "ipv6",
1780 &ndisc_ifinfo_sysctl_change,
1781 &ndisc_ifinfo_sysctl_strategy);
1782 #endif
1784 register_netdevice_notifier(&ndisc_netdev_notifier);
1785 return 0;
1788 void ndisc_cleanup(void)
1790 unregister_netdevice_notifier(&ndisc_netdev_notifier);
1791 #ifdef CONFIG_SYSCTL
1792 neigh_sysctl_unregister(&nd_tbl.parms);
1793 #endif
1794 neigh_table_clear(&nd_tbl);
1795 sock_release(ndisc_socket);
1796 ndisc_socket = NULL; /* For safety. */