search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
drm/fb-helper: Keep references for the current set of used connectors
[linux/fpc-iii.git] / net / ipv6 / ndisc.c
blobfe65cdc28a45973e4b623827bf77c721bdd69e70
1 /*
2 * Neighbour Discovery for IPv6
3 * Linux INET6 implementation
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 * Mike Shaver <shaver@ingenia.com>
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version
12 * 2 of the License, or (at your option) any later version.
13 */
14
15 /*
16 * Changes:
17 *
18 * Alexey I. Froloff : RFC6106 (DNSSL) support
19 * Pierre Ynard : export userland ND options
20 * through netlink (RDNSS support)
21 * Lars Fenneberg : fixed MTU setting on receipt
22 * of an RA.
23 * Janos Farkas : kmalloc failure checks
24 * Alexey Kuznetsov : state machine reworked
25 * and moved to net/core.
26 * Pekka Savola : RFC2461 validation
27 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly
28 */
29
30 #define pr_fmt(fmt) "ICMPv6: " fmt
31
32 #include <linux/module.h>
33 #include <linux/errno.h>
34 #include <linux/types.h>
35 #include <linux/socket.h>
36 #include <linux/sockios.h>
37 #include <linux/sched.h>
38 #include <linux/net.h>
39 #include <linux/in6.h>
40 #include <linux/route.h>
41 #include <linux/init.h>
42 #include <linux/rcupdate.h>
43 #include <linux/slab.h>
44 #ifdef CONFIG_SYSCTL
45 #include <linux/sysctl.h>
46 #endif
47
48 #include <linux/if_addr.h>
49 #include <linux/if_arp.h>
50 #include <linux/ipv6.h>
51 #include <linux/icmpv6.h>
52 #include <linux/jhash.h>
53
54 #include <net/sock.h>
55 #include <net/snmp.h>
56
57 #include <net/ipv6.h>
58 #include <net/protocol.h>
59 #include <net/ndisc.h>
60 #include <net/ip6_route.h>
61 #include <net/addrconf.h>
62 #include <net/icmp.h>
63
64 #include <net/netlink.h>
65 #include <linux/rtnetlink.h>
66
67 #include <net/flow.h>
68 #include <net/ip6_checksum.h>
69 #include <net/inet_common.h>
70 #include <net/l3mdev.h>
71 #include <linux/proc_fs.h>
72
73 #include <linux/netfilter.h>
74 #include <linux/netfilter_ipv6.h>
75
76 static u32 ndisc_hash(const void *pkey,
77 const struct net_device *dev,
78 __u32 *hash_rnd);
79 static bool ndisc_key_eq(const struct neighbour *neigh, const void *pkey);
80 static int ndisc_constructor(struct neighbour *neigh);
81 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
82 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
83 static int pndisc_constructor(struct pneigh_entry *n);
84 static void pndisc_destructor(struct pneigh_entry *n);
85 static void pndisc_redo(struct sk_buff *skb);
86
87 static const struct neigh_ops ndisc_generic_ops = {
88 .family = AF_INET6,
89 .solicit = ndisc_solicit,
90 .error_report = ndisc_error_report,
91 .output = neigh_resolve_output,
92 .connected_output = neigh_connected_output,
93 };
94
95 static const struct neigh_ops ndisc_hh_ops = {
96 .family = AF_INET6,
97 .solicit = ndisc_solicit,
98 .error_report = ndisc_error_report,
99 .output = neigh_resolve_output,
100 .connected_output = neigh_resolve_output,
101 };
102
103
104 static const struct neigh_ops ndisc_direct_ops = {
105 .family = AF_INET6,
106 .output = neigh_direct_output,
107 .connected_output = neigh_direct_output,
108 };
109
110 struct neigh_table nd_tbl = {
111 .family = AF_INET6,
112 .key_len = sizeof(struct in6_addr),
113 .protocol = cpu_to_be16(ETH_P_IPV6),
114 .hash = ndisc_hash,
115 .key_eq = ndisc_key_eq,
116 .constructor = ndisc_constructor,
117 .pconstructor = pndisc_constructor,
118 .pdestructor = pndisc_destructor,
119 .proxy_redo = pndisc_redo,
120 .id = "ndisc_cache",
121 .parms = {
122 .tbl = &nd_tbl,
123 .reachable_time = ND_REACHABLE_TIME,
124 .data = {
125 [NEIGH_VAR_MCAST_PROBES] = 3,
126 [NEIGH_VAR_UCAST_PROBES] = 3,
127 [NEIGH_VAR_RETRANS_TIME] = ND_RETRANS_TIMER,
128 [NEIGH_VAR_BASE_REACHABLE_TIME] = ND_REACHABLE_TIME,
129 [NEIGH_VAR_DELAY_PROBE_TIME] = 5 * HZ,
130 [NEIGH_VAR_GC_STALETIME] = 60 * HZ,
131 [NEIGH_VAR_QUEUE_LEN_BYTES] = 64 * 1024,
132 [NEIGH_VAR_PROXY_QLEN] = 64,
133 [NEIGH_VAR_ANYCAST_DELAY] = 1 * HZ,
134 [NEIGH_VAR_PROXY_DELAY] = (8 * HZ) / 10,
135 },
136 },
137 .gc_interval = 30 * HZ,
138 .gc_thresh1 = 128,
139 .gc_thresh2 = 512,
140 .gc_thresh3 = 1024,
141 };
142 EXPORT_SYMBOL_GPL(nd_tbl);
143
144 void __ndisc_fill_addr_option(struct sk_buff *skb, int type, void *data,
145 int data_len, int pad)
146 {
147 int space = __ndisc_opt_addr_space(data_len, pad);
148 u8 *opt = skb_put(skb, space);
149
150 opt[0] = type;
151 opt[1] = space>>3;
152
153 memset(opt + 2, 0, pad);
154 opt += pad;
155 space -= pad;
156
157 memcpy(opt+2, data, data_len);
158 data_len += 2;
159 opt += data_len;
160 space -= data_len;
161 if (space > 0)
162 memset(opt, 0, space);
163 }
164 EXPORT_SYMBOL_GPL(__ndisc_fill_addr_option);
165
166 static inline void ndisc_fill_addr_option(struct sk_buff *skb, int type,
167 void *data, u8 icmp6_type)
168 {
169 __ndisc_fill_addr_option(skb, type, data, skb->dev->addr_len,
170 ndisc_addr_option_pad(skb->dev->type));
171 ndisc_ops_fill_addr_option(skb->dev, skb, icmp6_type);
172 }
173
174 static inline void ndisc_fill_redirect_addr_option(struct sk_buff *skb,
175 void *ha,
176 const u8 *ops_data)
177 {
178 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR, ha, NDISC_REDIRECT);
179 ndisc_ops_fill_redirect_addr_option(skb->dev, skb, ops_data);
180 }
181
182 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
183 struct nd_opt_hdr *end)
184 {
185 int type;
186 if (!cur || !end || cur >= end)
187 return NULL;
188 type = cur->nd_opt_type;
189 do {
190 cur = ((void *)cur) + (cur->nd_opt_len << 3);
191 } while (cur < end && cur->nd_opt_type != type);
192 return cur <= end && cur->nd_opt_type == type ? cur : NULL;
193 }
194
195 static inline int ndisc_is_useropt(const struct net_device *dev,
196 struct nd_opt_hdr *opt)
197 {
198 return opt->nd_opt_type == ND_OPT_RDNSS ||
199 opt->nd_opt_type == ND_OPT_DNSSL ||
200 ndisc_ops_is_useropt(dev, opt->nd_opt_type);
201 }
202
203 static struct nd_opt_hdr *ndisc_next_useropt(const struct net_device *dev,
204 struct nd_opt_hdr *cur,
205 struct nd_opt_hdr *end)
206 {
207 if (!cur || !end || cur >= end)
208 return NULL;
209 do {
210 cur = ((void *)cur) + (cur->nd_opt_len << 3);
211 } while (cur < end && !ndisc_is_useropt(dev, cur));
212 return cur <= end && ndisc_is_useropt(dev, cur) ? cur : NULL;
213 }
214
215 struct ndisc_options *ndisc_parse_options(const struct net_device *dev,
216 u8 *opt, int opt_len,
217 struct ndisc_options *ndopts)
218 {
219 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
220
221 if (!nd_opt || opt_len < 0 || !ndopts)
222 return NULL;
223 memset(ndopts, 0, sizeof(*ndopts));
224 while (opt_len) {
225 int l;
226 if (opt_len < sizeof(struct nd_opt_hdr))
227 return NULL;
228 l = nd_opt->nd_opt_len << 3;
229 if (opt_len < l || l == 0)
230 return NULL;
231 if (ndisc_ops_parse_options(dev, nd_opt, ndopts))
232 goto next_opt;
233 switch (nd_opt->nd_opt_type) {
234 case ND_OPT_SOURCE_LL_ADDR:
235 case ND_OPT_TARGET_LL_ADDR:
236 case ND_OPT_MTU:
237 case ND_OPT_REDIRECT_HDR:
238 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
239 ND_PRINTK(2, warn,
240 "%s: duplicated ND6 option found: type=%d\n",
241 __func__, nd_opt->nd_opt_type);
242 } else {
243 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
244 }
245 break;
246 case ND_OPT_PREFIX_INFO:
247 ndopts->nd_opts_pi_end = nd_opt;
248 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
249 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
250 break;
251 #ifdef CONFIG_IPV6_ROUTE_INFO
252 case ND_OPT_ROUTE_INFO:
253 ndopts->nd_opts_ri_end = nd_opt;
254 if (!ndopts->nd_opts_ri)
255 ndopts->nd_opts_ri = nd_opt;
256 break;
257 #endif
258 default:
259 if (ndisc_is_useropt(dev, nd_opt)) {
260 ndopts->nd_useropts_end = nd_opt;
261 if (!ndopts->nd_useropts)
262 ndopts->nd_useropts = nd_opt;
263 } else {
264 /*
265 * Unknown options must be silently ignored,
266 * to accommodate future extension to the
267 * protocol.
268 */
269 ND_PRINTK(2, notice,
270 "%s: ignored unsupported option; type=%d, len=%d\n",
271 __func__,
272 nd_opt->nd_opt_type,
273 nd_opt->nd_opt_len);
274 }
275 }
276 next_opt:
277 opt_len -= l;
278 nd_opt = ((void *)nd_opt) + l;
279 }
280 return ndopts;
281 }
282
283 int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
284 {
285 switch (dev->type) {
286 case ARPHRD_ETHER:
287 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */
288 case ARPHRD_FDDI:
289 ipv6_eth_mc_map(addr, buf);
290 return 0;
291 case ARPHRD_ARCNET:
292 ipv6_arcnet_mc_map(addr, buf);
293 return 0;
294 case ARPHRD_INFINIBAND:
295 ipv6_ib_mc_map(addr, dev->broadcast, buf);
296 return 0;
297 case ARPHRD_IPGRE:
298 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
299 default:
300 if (dir) {
301 memcpy(buf, dev->broadcast, dev->addr_len);
302 return 0;
303 }
304 }
305 return -EINVAL;
306 }
307 EXPORT_SYMBOL(ndisc_mc_map);
308
309 static u32 ndisc_hash(const void *pkey,
310 const struct net_device *dev,
311 __u32 *hash_rnd)
312 {
313 return ndisc_hashfn(pkey, dev, hash_rnd);
314 }
315
316 static bool ndisc_key_eq(const struct neighbour *n, const void *pkey)
317 {
318 return neigh_key_eq128(n, pkey);
319 }
320
321 static int ndisc_constructor(struct neighbour *neigh)
322 {
323 struct in6_addr *addr = (struct in6_addr *)&neigh->primary_key;
324 struct net_device *dev = neigh->dev;
325 struct inet6_dev *in6_dev;
326 struct neigh_parms *parms;
327 bool is_multicast = ipv6_addr_is_multicast(addr);
328
329 in6_dev = in6_dev_get(dev);
330 if (!in6_dev) {
331 return -EINVAL;
332 }
333
334 parms = in6_dev->nd_parms;
335 __neigh_parms_put(neigh->parms);
336 neigh->parms = neigh_parms_clone(parms);
337
338 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
339 if (!dev->header_ops) {
340 neigh->nud_state = NUD_NOARP;
341 neigh->ops = &ndisc_direct_ops;
342 neigh->output = neigh_direct_output;
343 } else {
344 if (is_multicast) {
345 neigh->nud_state = NUD_NOARP;
346 ndisc_mc_map(addr, neigh->ha, dev, 1);
347 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
348 neigh->nud_state = NUD_NOARP;
349 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
350 if (dev->flags&IFF_LOOPBACK)
351 neigh->type = RTN_LOCAL;
352 } else if (dev->flags&IFF_POINTOPOINT) {
353 neigh->nud_state = NUD_NOARP;
354 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
355 }
356 if (dev->header_ops->cache)
357 neigh->ops = &ndisc_hh_ops;
358 else
359 neigh->ops = &ndisc_generic_ops;
360 if (neigh->nud_state&NUD_VALID)
361 neigh->output = neigh->ops->connected_output;
362 else
363 neigh->output = neigh->ops->output;
364 }
365 in6_dev_put(in6_dev);
366 return 0;
367 }
368
369 static int pndisc_constructor(struct pneigh_entry *n)
370 {
371 struct in6_addr *addr = (struct in6_addr *)&n->key;
372 struct in6_addr maddr;
373 struct net_device *dev = n->dev;
374
375 if (!dev || !__in6_dev_get(dev))
376 return -EINVAL;
377 addrconf_addr_solict_mult(addr, &maddr);
378 ipv6_dev_mc_inc(dev, &maddr);
379 return 0;
380 }
381
382 static void pndisc_destructor(struct pneigh_entry *n)
383 {
384 struct in6_addr *addr = (struct in6_addr *)&n->key;
385 struct in6_addr maddr;
386 struct net_device *dev = n->dev;
387
388 if (!dev || !__in6_dev_get(dev))
389 return;
390 addrconf_addr_solict_mult(addr, &maddr);
391 ipv6_dev_mc_dec(dev, &maddr);
392 }
393
394 static struct sk_buff *ndisc_alloc_skb(struct net_device *dev,
395 int len)
396 {
397 int hlen = LL_RESERVED_SPACE(dev);
398 int tlen = dev->needed_tailroom;
399 struct sock *sk = dev_net(dev)->ipv6.ndisc_sk;
400 struct sk_buff *skb;
401
402 skb = alloc_skb(hlen + sizeof(struct ipv6hdr) + len + tlen, GFP_ATOMIC);
403 if (!skb) {
404 ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb\n",
405 __func__);
406 return NULL;
407 }
408
409 skb->protocol = htons(ETH_P_IPV6);
410 skb->dev = dev;
411
412 skb_reserve(skb, hlen + sizeof(struct ipv6hdr));
413 skb_reset_transport_header(skb);
414
415 /* Manually assign socket ownership as we avoid calling
416 * sock_alloc_send_pskb() to bypass wmem buffer limits
417 */
418 skb_set_owner_w(skb, sk);
419
420 return skb;
421 }
422
423 static void ip6_nd_hdr(struct sk_buff *skb,
424 const struct in6_addr *saddr,
425 const struct in6_addr *daddr,
426 int hop_limit, int len)
427 {
428 struct ipv6hdr *hdr;
429
430 skb_push(skb, sizeof(*hdr));
431 skb_reset_network_header(skb);
432 hdr = ipv6_hdr(skb);
433
434 ip6_flow_hdr(hdr, 0, 0);
435
436 hdr->payload_len = htons(len);
437 hdr->nexthdr = IPPROTO_ICMPV6;
438 hdr->hop_limit = hop_limit;
439
440 hdr->saddr = *saddr;
441 hdr->daddr = *daddr;
442 }
443
444 static void ndisc_send_skb(struct sk_buff *skb,
445 const struct in6_addr *daddr,
446 const struct in6_addr *saddr)
447 {
448 struct dst_entry *dst = skb_dst(skb);
449 struct net *net = dev_net(skb->dev);
450 struct sock *sk = net->ipv6.ndisc_sk;
451 struct inet6_dev *idev;
452 int err;
453 struct icmp6hdr *icmp6h = icmp6_hdr(skb);
454 u8 type;
455
456 type = icmp6h->icmp6_type;
457
458 if (!dst) {
459 struct flowi6 fl6;
460 int oif = l3mdev_fib_oif(skb->dev);
461
462 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, oif);
463 if (oif != skb->dev->ifindex)
464 fl6.flowi6_flags |= FLOWI_FLAG_L3MDEV_SRC;
465 dst = icmp6_dst_alloc(skb->dev, &fl6);
466 if (IS_ERR(dst)) {
467 kfree_skb(skb);
468 return;
469 }
470
471 skb_dst_set(skb, dst);
472 }
473
474 icmp6h->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len,
475 IPPROTO_ICMPV6,
476 csum_partial(icmp6h,
477 skb->len, 0));
478
479 ip6_nd_hdr(skb, saddr, daddr, inet6_sk(sk)->hop_limit, skb->len);
480
481 rcu_read_lock();
482 idev = __in6_dev_get(dst->dev);
483 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
484
485 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT,
486 net, sk, skb, NULL, dst->dev,
487 dst_output);
488 if (!err) {
489 ICMP6MSGOUT_INC_STATS(net, idev, type);
490 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
491 }
492
493 rcu_read_unlock();
494 }
495
496 void ndisc_send_na(struct net_device *dev, const struct in6_addr *daddr,
497 const struct in6_addr *solicited_addr,
498 bool router, bool solicited, bool override, bool inc_opt)
499 {
500 struct sk_buff *skb;
501 struct in6_addr tmpaddr;
502 struct inet6_ifaddr *ifp;
503 const struct in6_addr *src_addr;
504 struct nd_msg *msg;
505 int optlen = 0;
506
507 /* for anycast or proxy, solicited_addr != src_addr */
508 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
509 if (ifp) {
510 src_addr = solicited_addr;
511 if (ifp->flags & IFA_F_OPTIMISTIC)
512 override = false;
513 inc_opt |= ifp->idev->cnf.force_tllao;
514 in6_ifa_put(ifp);
515 } else {
516 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
517 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
518 &tmpaddr))
519 return;
520 src_addr = &tmpaddr;
521 }
522
523 if (!dev->addr_len)
524 inc_opt = 0;
525 if (inc_opt)
526 optlen += ndisc_opt_addr_space(dev,
527 NDISC_NEIGHBOUR_ADVERTISEMENT);
528
529 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
530 if (!skb)
531 return;
532
533 msg = (struct nd_msg *)skb_put(skb, sizeof(*msg));
534 *msg = (struct nd_msg) {
535 .icmph = {
536 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
537 .icmp6_router = router,
538 .icmp6_solicited = solicited,
539 .icmp6_override = override,
540 },
541 .target = *solicited_addr,
542 };
543
544 if (inc_opt)
545 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR,
546 dev->dev_addr,
547 NDISC_NEIGHBOUR_ADVERTISEMENT);
548
549 ndisc_send_skb(skb, daddr, src_addr);
550 }
551
552 static void ndisc_send_unsol_na(struct net_device *dev)
553 {
554 struct inet6_dev *idev;
555 struct inet6_ifaddr *ifa;
556
557 idev = in6_dev_get(dev);
558 if (!idev)
559 return;
560
561 read_lock_bh(&idev->lock);
562 list_for_each_entry(ifa, &idev->addr_list, if_list) {
563 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &ifa->addr,
564 /*router=*/ !!idev->cnf.forwarding,
565 /*solicited=*/ false, /*override=*/ true,
566 /*inc_opt=*/ true);
567 }
568 read_unlock_bh(&idev->lock);
569
570 in6_dev_put(idev);
571 }
572
573 void ndisc_send_ns(struct net_device *dev, const struct in6_addr *solicit,
574 const struct in6_addr *daddr, const struct in6_addr *saddr)
575 {
576 struct sk_buff *skb;
577 struct in6_addr addr_buf;
578 int inc_opt = dev->addr_len;
579 int optlen = 0;
580 struct nd_msg *msg;
581
582 if (!saddr) {
583 if (ipv6_get_lladdr(dev, &addr_buf,
584 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
585 return;
586 saddr = &addr_buf;
587 }
588
589 if (ipv6_addr_any(saddr))
590 inc_opt = false;
591 if (inc_opt)
592 optlen += ndisc_opt_addr_space(dev,
593 NDISC_NEIGHBOUR_SOLICITATION);
594
595 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
596 if (!skb)
597 return;
598
599 msg = (struct nd_msg *)skb_put(skb, sizeof(*msg));
600 *msg = (struct nd_msg) {
601 .icmph = {
602 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
603 },
604 .target = *solicit,
605 };
606
607 if (inc_opt)
608 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
609 dev->dev_addr,
610 NDISC_NEIGHBOUR_SOLICITATION);
611
612 ndisc_send_skb(skb, daddr, saddr);
613 }
614
615 void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
616 const struct in6_addr *daddr)
617 {
618 struct sk_buff *skb;
619 struct rs_msg *msg;
620 int send_sllao = dev->addr_len;
621 int optlen = 0;
622
623 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
624 /*
625 * According to section 2.2 of RFC 4429, we must not
626 * send router solicitations with a sllao from
627 * optimistic addresses, but we may send the solicitation
628 * if we don't include the sllao. So here we check
629 * if our address is optimistic, and if so, we
630 * suppress the inclusion of the sllao.
631 */
632 if (send_sllao) {
633 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
634 dev, 1);
635 if (ifp) {
636 if (ifp->flags & IFA_F_OPTIMISTIC) {
637 send_sllao = 0;
638 }
639 in6_ifa_put(ifp);
640 } else {
641 send_sllao = 0;
642 }
643 }
644 #endif
645 if (send_sllao)
646 optlen += ndisc_opt_addr_space(dev, NDISC_ROUTER_SOLICITATION);
647
648 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
649 if (!skb)
650 return;
651
652 msg = (struct rs_msg *)skb_put(skb, sizeof(*msg));
653 *msg = (struct rs_msg) {
654 .icmph = {
655 .icmp6_type = NDISC_ROUTER_SOLICITATION,
656 },
657 };
658
659 if (send_sllao)
660 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
661 dev->dev_addr,
662 NDISC_ROUTER_SOLICITATION);
663
664 ndisc_send_skb(skb, daddr, saddr);
665 }
666
667
668 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
669 {
670 /*
671 * "The sender MUST return an ICMP
672 * destination unreachable"
673 */
674 dst_link_failure(skb);
675 kfree_skb(skb);
676 }
677
678 /* Called with locked neigh: either read or both */
679
680 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
681 {
682 struct in6_addr *saddr = NULL;
683 struct in6_addr mcaddr;
684 struct net_device *dev = neigh->dev;
685 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
686 int probes = atomic_read(&neigh->probes);
687
688 if (skb && ipv6_chk_addr_and_flags(dev_net(dev), &ipv6_hdr(skb)->saddr,
689 dev, 1,
690 IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))
691 saddr = &ipv6_hdr(skb)->saddr;
692 probes -= NEIGH_VAR(neigh->parms, UCAST_PROBES);
693 if (probes < 0) {
694 if (!(neigh->nud_state & NUD_VALID)) {
695 ND_PRINTK(1, dbg,
696 "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
697 __func__, target);
698 }
699 ndisc_send_ns(dev, target, target, saddr);
700 } else if ((probes -= NEIGH_VAR(neigh->parms, APP_PROBES)) < 0) {
701 neigh_app_ns(neigh);
702 } else {
703 addrconf_addr_solict_mult(target, &mcaddr);
704 ndisc_send_ns(dev, target, &mcaddr, saddr);
705 }
706 }
707
708 static int pndisc_is_router(const void *pkey,
709 struct net_device *dev)
710 {
711 struct pneigh_entry *n;
712 int ret = -1;
713
714 read_lock_bh(&nd_tbl.lock);
715 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
716 if (n)
717 ret = !!(n->flags & NTF_ROUTER);
718 read_unlock_bh(&nd_tbl.lock);
719
720 return ret;
721 }
722
723 void ndisc_update(const struct net_device *dev, struct neighbour *neigh,
724 const u8 *lladdr, u8 new, u32 flags, u8 icmp6_type,
725 struct ndisc_options *ndopts)
726 {
727 neigh_update(neigh, lladdr, new, flags);
728 /* report ndisc ops about neighbour update */
729 ndisc_ops_update(dev, neigh, flags, icmp6_type, ndopts);
730 }
731
732 static void ndisc_recv_ns(struct sk_buff *skb)
733 {
734 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
735 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
736 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
737 u8 *lladdr = NULL;
738 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
739 offsetof(struct nd_msg, opt));
740 struct ndisc_options ndopts;
741 struct net_device *dev = skb->dev;
742 struct inet6_ifaddr *ifp;
743 struct inet6_dev *idev = NULL;
744 struct neighbour *neigh;
745 int dad = ipv6_addr_any(saddr);
746 bool inc;
747 int is_router = -1;
748
749 if (skb->len < sizeof(struct nd_msg)) {
750 ND_PRINTK(2, warn, "NS: packet too short\n");
751 return;
752 }
753
754 if (ipv6_addr_is_multicast(&msg->target)) {
755 ND_PRINTK(2, warn, "NS: multicast target address\n");
756 return;
757 }
758
759 /*
760 * RFC2461 7.1.1:
761 * DAD has to be destined for solicited node multicast address.
762 */
763 if (dad && !ipv6_addr_is_solict_mult(daddr)) {
764 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
765 return;
766 }
767
768 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
769 ND_PRINTK(2, warn, "NS: invalid ND options\n");
770 return;
771 }
772
773 if (ndopts.nd_opts_src_lladdr) {
774 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
775 if (!lladdr) {
776 ND_PRINTK(2, warn,
777 "NS: invalid link-layer address length\n");
778 return;
779 }
780
781 /* RFC2461 7.1.1:
782 * If the IP source address is the unspecified address,
783 * there MUST NOT be source link-layer address option
784 * in the message.
785 */
786 if (dad) {
787 ND_PRINTK(2, warn,
788 "NS: bad DAD packet (link-layer address option)\n");
789 return;
790 }
791 }
792
793 inc = ipv6_addr_is_multicast(daddr);
794
795 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
796 if (ifp) {
797 have_ifp:
798 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
799 if (dad) {
800 /*
801 * We are colliding with another node
802 * who is doing DAD
803 * so fail our DAD process
804 */
805 addrconf_dad_failure(ifp);
806 return;
807 } else {
808 /*
809 * This is not a dad solicitation.
810 * If we are an optimistic node,
811 * we should respond.
812 * Otherwise, we should ignore it.
813 */
814 if (!(ifp->flags & IFA_F_OPTIMISTIC))
815 goto out;
816 }
817 }
818
819 idev = ifp->idev;
820 } else {
821 struct net *net = dev_net(dev);
822
823 /* perhaps an address on the master device */
824 if (netif_is_l3_slave(dev)) {
825 struct net_device *mdev;
826
827 mdev = netdev_master_upper_dev_get_rcu(dev);
828 if (mdev) {
829 ifp = ipv6_get_ifaddr(net, &msg->target, mdev, 1);
830 if (ifp)
831 goto have_ifp;
832 }
833 }
834
835 idev = in6_dev_get(dev);
836 if (!idev) {
837 /* XXX: count this drop? */
838 return;
839 }
840
841 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
842 (idev->cnf.forwarding &&
843 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
844 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
845 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
846 skb->pkt_type != PACKET_HOST &&
847 inc &&
848 NEIGH_VAR(idev->nd_parms, PROXY_DELAY) != 0) {
849 /*
850 * for anycast or proxy,
851 * sender should delay its response
852 * by a random time between 0 and
853 * MAX_ANYCAST_DELAY_TIME seconds.
854 * (RFC2461) -- yoshfuji
855 */
856 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
857 if (n)
858 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
859 goto out;
860 }
861 } else
862 goto out;
863 }
864
865 if (is_router < 0)
866 is_router = idev->cnf.forwarding;
867
868 if (dad) {
869 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &msg->target,
870 !!is_router, false, (ifp != NULL), true);
871 goto out;
872 }
873
874 if (inc)
875 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
876 else
877 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
878
879 /*
880 * update / create cache entry
881 * for the source address
882 */
883 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
884 !inc || lladdr || !dev->addr_len);
885 if (neigh)
886 ndisc_update(dev, neigh, lladdr, NUD_STALE,
887 NEIGH_UPDATE_F_WEAK_OVERRIDE|
888 NEIGH_UPDATE_F_OVERRIDE,
889 NDISC_NEIGHBOUR_SOLICITATION, &ndopts);
890 if (neigh || !dev->header_ops) {
891 ndisc_send_na(dev, saddr, &msg->target, !!is_router,
892 true, (ifp != NULL && inc), inc);
893 if (neigh)
894 neigh_release(neigh);
895 }
896
897 out:
898 if (ifp)
899 in6_ifa_put(ifp);
900 else
901 in6_dev_put(idev);
902 }
903
904 static void ndisc_recv_na(struct sk_buff *skb)
905 {
906 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
907 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
908 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
909 u8 *lladdr = NULL;
910 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
911 offsetof(struct nd_msg, opt));
912 struct ndisc_options ndopts;
913 struct net_device *dev = skb->dev;
914 struct inet6_dev *idev = __in6_dev_get(dev);
915 struct inet6_ifaddr *ifp;
916 struct neighbour *neigh;
917
918 if (skb->len < sizeof(struct nd_msg)) {
919 ND_PRINTK(2, warn, "NA: packet too short\n");
920 return;
921 }
922
923 if (ipv6_addr_is_multicast(&msg->target)) {
924 ND_PRINTK(2, warn, "NA: target address is multicast\n");
925 return;
926 }
927
928 if (ipv6_addr_is_multicast(daddr) &&
929 msg->icmph.icmp6_solicited) {
930 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
931 return;
932 }
933
934 /* For some 802.11 wireless deployments (and possibly other networks),
935 * there will be a NA proxy and unsolicitd packets are attacks
936 * and thus should not be accepted.
937 */
938 if (!msg->icmph.icmp6_solicited && idev &&
939 idev->cnf.drop_unsolicited_na)
940 return;
941
942 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
943 ND_PRINTK(2, warn, "NS: invalid ND option\n");
944 return;
945 }
946 if (ndopts.nd_opts_tgt_lladdr) {
947 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
948 if (!lladdr) {
949 ND_PRINTK(2, warn,
950 "NA: invalid link-layer address length\n");
951 return;
952 }
953 }
954 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
955 if (ifp) {
956 if (skb->pkt_type != PACKET_LOOPBACK
957 && (ifp->flags & IFA_F_TENTATIVE)) {
958 addrconf_dad_failure(ifp);
959 return;
960 }
961 /* What should we make now? The advertisement
962 is invalid, but ndisc specs say nothing
963 about it. It could be misconfiguration, or
964 an smart proxy agent tries to help us :-)
965
966 We should not print the error if NA has been
967 received from loopback - it is just our own
968 unsolicited advertisement.
969 */
970 if (skb->pkt_type != PACKET_LOOPBACK)
971 ND_PRINTK(1, warn,
972 "NA: someone advertises our address %pI6 on %s!\n",
973 &ifp->addr, ifp->idev->dev->name);
974 in6_ifa_put(ifp);
975 return;
976 }
977 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
978
979 if (neigh) {
980 u8 old_flags = neigh->flags;
981 struct net *net = dev_net(dev);
982
983 if (neigh->nud_state & NUD_FAILED)
984 goto out;
985
986 /*
987 * Don't update the neighbor cache entry on a proxy NA from
988 * ourselves because either the proxied node is off link or it
989 * has already sent a NA to us.
990 */
991 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
992 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
993 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
994 /* XXX: idev->cnf.proxy_ndp */
995 goto out;
996 }
997
998 ndisc_update(dev, neigh, lladdr,
999 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
1000 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1001 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
1002 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1003 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0),
1004 NDISC_NEIGHBOUR_ADVERTISEMENT, &ndopts);
1005
1006 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
1007 /*
1008 * Change: router to host
1009 */
1010 rt6_clean_tohost(dev_net(dev), saddr);
1011 }
1012
1013 out:
1014 neigh_release(neigh);
1015 }
1016 }
1017
1018 static void ndisc_recv_rs(struct sk_buff *skb)
1019 {
1020 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
1021 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
1022 struct neighbour *neigh;
1023 struct inet6_dev *idev;
1024 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
1025 struct ndisc_options ndopts;
1026 u8 *lladdr = NULL;
1027
1028 if (skb->len < sizeof(*rs_msg))
1029 return;
1030
1031 idev = __in6_dev_get(skb->dev);
1032 if (!idev) {
1033 ND_PRINTK(1, err, "RS: can't find in6 device\n");
1034 return;
1035 }
1036
1037 /* Don't accept RS if we're not in router mode */
1038 if (!idev->cnf.forwarding)
1039 goto out;
1040
1041 /*
1042 * Don't update NCE if src = ::;
1043 * this implies that the source node has no ip address assigned yet.
1044 */
1045 if (ipv6_addr_any(saddr))
1046 goto out;
1047
1048 /* Parse ND options */
1049 if (!ndisc_parse_options(skb->dev, rs_msg->opt, ndoptlen, &ndopts)) {
1050 ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n");
1051 goto out;
1052 }
1053
1054 if (ndopts.nd_opts_src_lladdr) {
1055 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1056 skb->dev);
1057 if (!lladdr)
1058 goto out;
1059 }
1060
1061 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1062 if (neigh) {
1063 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1064 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1065 NEIGH_UPDATE_F_OVERRIDE|
1066 NEIGH_UPDATE_F_OVERRIDE_ISROUTER,
1067 NDISC_ROUTER_SOLICITATION, &ndopts);
1068 neigh_release(neigh);
1069 }
1070 out:
1071 return;
1072 }
1073
1074 static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1075 {
1076 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1077 struct sk_buff *skb;
1078 struct nlmsghdr *nlh;
1079 struct nduseroptmsg *ndmsg;
1080 struct net *net = dev_net(ra->dev);
1081 int err;
1082 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1083 + (opt->nd_opt_len << 3));
1084 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1085
1086 skb = nlmsg_new(msg_size, GFP_ATOMIC);
1087 if (!skb) {
1088 err = -ENOBUFS;
1089 goto errout;
1090 }
1091
1092 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1093 if (!nlh) {
1094 goto nla_put_failure;
1095 }
1096
1097 ndmsg = nlmsg_data(nlh);
1098 ndmsg->nduseropt_family = AF_INET6;
1099 ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1100 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1101 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1102 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1103
1104 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1105
1106 if (nla_put_in6_addr(skb, NDUSEROPT_SRCADDR, &ipv6_hdr(ra)->saddr))
1107 goto nla_put_failure;
1108 nlmsg_end(skb, nlh);
1109
1110 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1111 return;
1112
1113 nla_put_failure:
1114 nlmsg_free(skb);
1115 err = -EMSGSIZE;
1116 errout:
1117 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1118 }
1119
1120 static void ndisc_router_discovery(struct sk_buff *skb)
1121 {
1122 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1123 struct neighbour *neigh = NULL;
1124 struct inet6_dev *in6_dev;
1125 struct rt6_info *rt = NULL;
1126 int lifetime;
1127 struct ndisc_options ndopts;
1128 int optlen;
1129 unsigned int pref = 0;
1130 __u32 old_if_flags;
1131 bool send_ifinfo_notify = false;
1132
1133 __u8 *opt = (__u8 *)(ra_msg + 1);
1134
1135 optlen = (skb_tail_pointer(skb) - skb_transport_header(skb)) -
1136 sizeof(struct ra_msg);
1137
1138 ND_PRINTK(2, info,
1139 "RA: %s, dev: %s\n",
1140 __func__, skb->dev->name);
1141 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1142 ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1143 return;
1144 }
1145 if (optlen < 0) {
1146 ND_PRINTK(2, warn, "RA: packet too short\n");
1147 return;
1148 }
1149
1150 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1151 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1152 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
1153 return;
1154 }
1155 #endif
1156
1157 /*
1158 * set the RA_RECV flag in the interface
1159 */
1160
1161 in6_dev = __in6_dev_get(skb->dev);
1162 if (!in6_dev) {
1163 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1164 skb->dev->name);
1165 return;
1166 }
1167
1168 if (!ndisc_parse_options(skb->dev, opt, optlen, &ndopts)) {
1169 ND_PRINTK(2, warn, "RA: invalid ND options\n");
1170 return;
1171 }
1172
1173 if (!ipv6_accept_ra(in6_dev)) {
1174 ND_PRINTK(2, info,
1175 "RA: %s, did not accept ra for dev: %s\n",
1176 __func__, skb->dev->name);
1177 goto skip_linkparms;
1178 }
1179
1180 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1181 /* skip link-specific parameters from interior routers */
1182 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1183 ND_PRINTK(2, info,
1184 "RA: %s, nodetype is NODEFAULT, dev: %s\n",
1185 __func__, skb->dev->name);
1186 goto skip_linkparms;
1187 }
1188 #endif
1189
1190 if (in6_dev->if_flags & IF_RS_SENT) {
1191 /*
1192 * flag that an RA was received after an RS was sent
1193 * out on this interface.
1194 */
1195 in6_dev->if_flags |= IF_RA_RCVD;
1196 }
1197
1198 /*
1199 * Remember the managed/otherconf flags from most recently
1200 * received RA message (RFC 2462) -- yoshfuji
1201 */
1202 old_if_flags = in6_dev->if_flags;
1203 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1204 IF_RA_OTHERCONF)) |
1205 (ra_msg->icmph.icmp6_addrconf_managed ?
1206 IF_RA_MANAGED : 0) |
1207 (ra_msg->icmph.icmp6_addrconf_other ?
1208 IF_RA_OTHERCONF : 0);
1209
1210 if (old_if_flags != in6_dev->if_flags)
1211 send_ifinfo_notify = true;
1212
1213 if (!in6_dev->cnf.accept_ra_defrtr) {
1214 ND_PRINTK(2, info,
1215 "RA: %s, defrtr is false for dev: %s\n",
1216 __func__, skb->dev->name);
1217 goto skip_defrtr;
1218 }
1219
1220 /* Do not accept RA with source-addr found on local machine unless
1221 * accept_ra_from_local is set to true.
1222 */
1223 if (!in6_dev->cnf.accept_ra_from_local &&
1224 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
1225 in6_dev->dev, 0)) {
1226 ND_PRINTK(2, info,
1227 "RA from local address detected on dev: %s: default router ignored\n",
1228 skb->dev->name);
1229 goto skip_defrtr;
1230 }
1231
1232 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1233
1234 #ifdef CONFIG_IPV6_ROUTER_PREF
1235 pref = ra_msg->icmph.icmp6_router_pref;
1236 /* 10b is handled as if it were 00b (medium) */
1237 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1238 !in6_dev->cnf.accept_ra_rtr_pref)
1239 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1240 #endif
1241
1242 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1243
1244 if (rt) {
1245 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1246 if (!neigh) {
1247 ND_PRINTK(0, err,
1248 "RA: %s got default router without neighbour\n",
1249 __func__);
1250 ip6_rt_put(rt);
1251 return;
1252 }
1253 }
1254 if (rt && lifetime == 0) {
1255 ip6_del_rt(rt);
1256 rt = NULL;
1257 }
1258
1259 ND_PRINTK(3, info, "RA: rt: %p lifetime: %d, for dev: %s\n",
1260 rt, lifetime, skb->dev->name);
1261 if (!rt && lifetime) {
1262 ND_PRINTK(3, info, "RA: adding default router\n");
1263
1264 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
1265 if (!rt) {
1266 ND_PRINTK(0, err,
1267 "RA: %s failed to add default route\n",
1268 __func__);
1269 return;
1270 }
1271
1272 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1273 if (!neigh) {
1274 ND_PRINTK(0, err,
1275 "RA: %s got default router without neighbour\n",
1276 __func__);
1277 ip6_rt_put(rt);
1278 return;
1279 }
1280 neigh->flags |= NTF_ROUTER;
1281 } else if (rt) {
1282 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1283 }
1284
1285 if (rt)
1286 rt6_set_expires(rt, jiffies + (HZ * lifetime));
1287 if (in6_dev->cnf.accept_ra_min_hop_limit < 256 &&
1288 ra_msg->icmph.icmp6_hop_limit) {
1289 if (in6_dev->cnf.accept_ra_min_hop_limit <= ra_msg->icmph.icmp6_hop_limit) {
1290 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1291 if (rt)
1292 dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
1293 ra_msg->icmph.icmp6_hop_limit);
1294 } else {
1295 ND_PRINTK(2, warn, "RA: Got route advertisement with lower hop_limit than minimum\n");
1296 }
1297 }
1298
1299 skip_defrtr:
1300
1301 /*
1302 * Update Reachable Time and Retrans Timer
1303 */
1304
1305 if (in6_dev->nd_parms) {
1306 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1307
1308 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1309 rtime = (rtime*HZ)/1000;
1310 if (rtime < HZ/10)
1311 rtime = HZ/10;
1312 NEIGH_VAR_SET(in6_dev->nd_parms, RETRANS_TIME, rtime);
1313 in6_dev->tstamp = jiffies;
1314 send_ifinfo_notify = true;
1315 }
1316
1317 rtime = ntohl(ra_msg->reachable_time);
1318 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1319 rtime = (rtime*HZ)/1000;
1320
1321 if (rtime < HZ/10)
1322 rtime = HZ/10;
1323
1324 if (rtime != NEIGH_VAR(in6_dev->nd_parms, BASE_REACHABLE_TIME)) {
1325 NEIGH_VAR_SET(in6_dev->nd_parms,
1326 BASE_REACHABLE_TIME, rtime);
1327 NEIGH_VAR_SET(in6_dev->nd_parms,
1328 GC_STALETIME, 3 * rtime);
1329 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1330 in6_dev->tstamp = jiffies;
1331 send_ifinfo_notify = true;
1332 }
1333 }
1334 }
1335
1336 /*
1337 * Send a notify if RA changed managed/otherconf flags or timer settings
1338 */
1339 if (send_ifinfo_notify)
1340 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1341
1342 skip_linkparms:
1343
1344 /*
1345 * Process options.
1346 */
1347
1348 if (!neigh)
1349 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1350 skb->dev, 1);
1351 if (neigh) {
1352 u8 *lladdr = NULL;
1353 if (ndopts.nd_opts_src_lladdr) {
1354 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1355 skb->dev);
1356 if (!lladdr) {
1357 ND_PRINTK(2, warn,
1358 "RA: invalid link-layer address length\n");
1359 goto out;
1360 }
1361 }
1362 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1363 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1364 NEIGH_UPDATE_F_OVERRIDE|
1365 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1366 NEIGH_UPDATE_F_ISROUTER,
1367 NDISC_ROUTER_ADVERTISEMENT, &ndopts);
1368 }
1369
1370 if (!ipv6_accept_ra(in6_dev)) {
1371 ND_PRINTK(2, info,
1372 "RA: %s, accept_ra is false for dev: %s\n",
1373 __func__, skb->dev->name);
1374 goto out;
1375 }
1376
1377 #ifdef CONFIG_IPV6_ROUTE_INFO
1378 if (!in6_dev->cnf.accept_ra_from_local &&
1379 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
1380 in6_dev->dev, 0)) {
1381 ND_PRINTK(2, info,
1382 "RA from local address detected on dev: %s: router info ignored.\n",
1383 skb->dev->name);
1384 goto skip_routeinfo;
1385 }
1386
1387 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1388 struct nd_opt_hdr *p;
1389 for (p = ndopts.nd_opts_ri;
1390 p;
1391 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1392 struct route_info *ri = (struct route_info *)p;
1393 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1394 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1395 ri->prefix_len == 0)
1396 continue;
1397 #endif
1398 if (ri->prefix_len == 0 &&
1399 !in6_dev->cnf.accept_ra_defrtr)
1400 continue;
1401 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1402 continue;
1403 rt6_route_rcv(skb->dev, (u8 *)p, (p->nd_opt_len) << 3,
1404 &ipv6_hdr(skb)->saddr);
1405 }
1406 }
1407
1408 skip_routeinfo:
1409 #endif
1410
1411 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1412 /* skip link-specific ndopts from interior routers */
1413 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1414 ND_PRINTK(2, info,
1415 "RA: %s, nodetype is NODEFAULT (interior routes), dev: %s\n",
1416 __func__, skb->dev->name);
1417 goto out;
1418 }
1419 #endif
1420
1421 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1422 struct nd_opt_hdr *p;
1423 for (p = ndopts.nd_opts_pi;
1424 p;
1425 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1426 addrconf_prefix_rcv(skb->dev, (u8 *)p,
1427 (p->nd_opt_len) << 3,
1428 ndopts.nd_opts_src_lladdr != NULL);
1429 }
1430 }
1431
1432 if (ndopts.nd_opts_mtu && in6_dev->cnf.accept_ra_mtu) {
1433 __be32 n;
1434 u32 mtu;
1435
1436 memcpy(&n, ((u8 *)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1437 mtu = ntohl(n);
1438
1439 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1440 ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1441 } else if (in6_dev->cnf.mtu6 != mtu) {
1442 in6_dev->cnf.mtu6 = mtu;
1443
1444 if (rt)
1445 dst_metric_set(&rt->dst, RTAX_MTU, mtu);
1446
1447 rt6_mtu_change(skb->dev, mtu);
1448 }
1449 }
1450
1451 if (ndopts.nd_useropts) {
1452 struct nd_opt_hdr *p;
1453 for (p = ndopts.nd_useropts;
1454 p;
1455 p = ndisc_next_useropt(skb->dev, p,
1456 ndopts.nd_useropts_end)) {
1457 ndisc_ra_useropt(skb, p);
1458 }
1459 }
1460
1461 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1462 ND_PRINTK(2, warn, "RA: invalid RA options\n");
1463 }
1464 out:
1465 ip6_rt_put(rt);
1466 if (neigh)
1467 neigh_release(neigh);
1468 }
1469
1470 static void ndisc_redirect_rcv(struct sk_buff *skb)
1471 {
1472 u8 *hdr;
1473 struct ndisc_options ndopts;
1474 struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb);
1475 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
1476 offsetof(struct rd_msg, opt));
1477
1478 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1479 switch (skb->ndisc_nodetype) {
1480 case NDISC_NODETYPE_HOST:
1481 case NDISC_NODETYPE_NODEFAULT:
1482 ND_PRINTK(2, warn,
1483 "Redirect: from host or unauthorized router\n");
1484 return;
1485 }
1486 #endif
1487
1488 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1489 ND_PRINTK(2, warn,
1490 "Redirect: source address is not link-local\n");
1491 return;
1492 }
1493
1494 if (!ndisc_parse_options(skb->dev, msg->opt, ndoptlen, &ndopts))
1495 return;
1496
1497 if (!ndopts.nd_opts_rh) {
1498 ip6_redirect_no_header(skb, dev_net(skb->dev),
1499 skb->dev->ifindex, 0);
1500 return;
1501 }
1502
1503 hdr = (u8 *)ndopts.nd_opts_rh;
1504 hdr += 8;
1505 if (!pskb_pull(skb, hdr - skb_transport_header(skb)))
1506 return;
1507
1508 icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1509 }
1510
1511 static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb,
1512 struct sk_buff *orig_skb,
1513 int rd_len)
1514 {
1515 u8 *opt = skb_put(skb, rd_len);
1516
1517 memset(opt, 0, 8);
1518 *(opt++) = ND_OPT_REDIRECT_HDR;
1519 *(opt++) = (rd_len >> 3);
1520 opt += 6;
1521
1522 memcpy(opt, ipv6_hdr(orig_skb), rd_len - 8);
1523 }
1524
1525 void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1526 {
1527 struct net_device *dev = skb->dev;
1528 struct net *net = dev_net(dev);
1529 struct sock *sk = net->ipv6.ndisc_sk;
1530 int optlen = 0;
1531 struct inet_peer *peer;
1532 struct sk_buff *buff;
1533 struct rd_msg *msg;
1534 struct in6_addr saddr_buf;
1535 struct rt6_info *rt;
1536 struct dst_entry *dst;
1537 struct flowi6 fl6;
1538 int rd_len;
1539 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL,
1540 ops_data_buf[NDISC_OPS_REDIRECT_DATA_SPACE], *ops_data = NULL;
1541 int oif = l3mdev_fib_oif(dev);
1542 bool ret;
1543
1544 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1545 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1546 dev->name);
1547 return;
1548 }
1549
1550 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1551 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1552 ND_PRINTK(2, warn,
1553 "Redirect: target address is not link-local unicast\n");
1554 return;
1555 }
1556
1557 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1558 &saddr_buf, &ipv6_hdr(skb)->saddr, oif);
1559
1560 if (oif != skb->dev->ifindex)
1561 fl6.flowi6_flags |= FLOWI_FLAG_L3MDEV_SRC;
1562
1563 dst = ip6_route_output(net, NULL, &fl6);
1564 if (dst->error) {
1565 dst_release(dst);
1566 return;
1567 }
1568 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1569 if (IS_ERR(dst))
1570 return;
1571
1572 rt = (struct rt6_info *) dst;
1573
1574 if (rt->rt6i_flags & RTF_GATEWAY) {
1575 ND_PRINTK(2, warn,
1576 "Redirect: destination is not a neighbour\n");
1577 goto release;
1578 }
1579 peer = inet_getpeer_v6(net->ipv6.peers, &ipv6_hdr(skb)->saddr, 1);
1580 ret = inet_peer_xrlim_allow(peer, 1*HZ);
1581 if (peer)
1582 inet_putpeer(peer);
1583 if (!ret)
1584 goto release;
1585
1586 if (dev->addr_len) {
1587 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1588 if (!neigh) {
1589 ND_PRINTK(2, warn,
1590 "Redirect: no neigh for target address\n");
1591 goto release;
1592 }
1593
1594 read_lock_bh(&neigh->lock);
1595 if (neigh->nud_state & NUD_VALID) {
1596 memcpy(ha_buf, neigh->ha, dev->addr_len);
1597 read_unlock_bh(&neigh->lock);
1598 ha = ha_buf;
1599 optlen += ndisc_redirect_opt_addr_space(dev, neigh,
1600 ops_data_buf,
1601 &ops_data);
1602 } else
1603 read_unlock_bh(&neigh->lock);
1604
1605 neigh_release(neigh);
1606 }
1607
1608 rd_len = min_t(unsigned int,
1609 IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen,
1610 skb->len + 8);
1611 rd_len &= ~0x7;
1612 optlen += rd_len;
1613
1614 buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
1615 if (!buff)
1616 goto release;
1617
1618 msg = (struct rd_msg *)skb_put(buff, sizeof(*msg));
1619 *msg = (struct rd_msg) {
1620 .icmph = {
1621 .icmp6_type = NDISC_REDIRECT,
1622 },
1623 .target = *target,
1624 .dest = ipv6_hdr(skb)->daddr,
1625 };
1626
1627 /*
1628 * include target_address option
1629 */
1630
1631 if (ha)
1632 ndisc_fill_redirect_addr_option(buff, ha, ops_data);
1633
1634 /*
1635 * build redirect option and copy skb over to the new packet.
1636 */
1637
1638 if (rd_len)
1639 ndisc_fill_redirect_hdr_option(buff, skb, rd_len);
1640
1641 skb_dst_set(buff, dst);
1642 ndisc_send_skb(buff, &ipv6_hdr(skb)->saddr, &saddr_buf);
1643 return;
1644
1645 release:
1646 dst_release(dst);
1647 }
1648
1649 static void pndisc_redo(struct sk_buff *skb)
1650 {
1651 ndisc_recv_ns(skb);
1652 kfree_skb(skb);
1653 }
1654
1655 static bool ndisc_suppress_frag_ndisc(struct sk_buff *skb)
1656 {
1657 struct inet6_dev *idev = __in6_dev_get(skb->dev);
1658
1659 if (!idev)
1660 return true;
1661 if (IP6CB(skb)->flags & IP6SKB_FRAGMENTED &&
1662 idev->cnf.suppress_frag_ndisc) {
1663 net_warn_ratelimited("Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.\n");
1664 return true;
1665 }
1666 return false;
1667 }
1668
1669 int ndisc_rcv(struct sk_buff *skb)
1670 {
1671 struct nd_msg *msg;
1672
1673 if (ndisc_suppress_frag_ndisc(skb))
1674 return 0;
1675
1676 if (skb_linearize(skb))
1677 return 0;
1678
1679 msg = (struct nd_msg *)skb_transport_header(skb);
1680
1681 __skb_push(skb, skb->data - skb_transport_header(skb));
1682
1683 if (ipv6_hdr(skb)->hop_limit != 255) {
1684 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1685 ipv6_hdr(skb)->hop_limit);
1686 return 0;
1687 }
1688
1689 if (msg->icmph.icmp6_code != 0) {
1690 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1691 msg->icmph.icmp6_code);
1692 return 0;
1693 }
1694
1695 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1696
1697 switch (msg->icmph.icmp6_type) {
1698 case NDISC_NEIGHBOUR_SOLICITATION:
1699 ndisc_recv_ns(skb);
1700 break;
1701
1702 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1703 ndisc_recv_na(skb);
1704 break;
1705
1706 case NDISC_ROUTER_SOLICITATION:
1707 ndisc_recv_rs(skb);
1708 break;
1709
1710 case NDISC_ROUTER_ADVERTISEMENT:
1711 ndisc_router_discovery(skb);
1712 break;
1713
1714 case NDISC_REDIRECT:
1715 ndisc_redirect_rcv(skb);
1716 break;
1717 }
1718
1719 return 0;
1720 }
1721
1722 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1723 {
1724 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1725 struct netdev_notifier_change_info *change_info;
1726 struct net *net = dev_net(dev);
1727 struct inet6_dev *idev;
1728
1729 switch (event) {
1730 case NETDEV_CHANGEADDR:
1731 neigh_changeaddr(&nd_tbl, dev);
1732 fib6_run_gc(0, net, false);
1733 idev = in6_dev_get(dev);
1734 if (!idev)
1735 break;
1736 if (idev->cnf.ndisc_notify)
1737 ndisc_send_unsol_na(dev);
1738 in6_dev_put(idev);
1739 break;
1740 case NETDEV_CHANGE:
1741 change_info = ptr;
1742 if (change_info->flags_changed & IFF_NOARP)
1743 neigh_changeaddr(&nd_tbl, dev);
1744 break;
1745 case NETDEV_DOWN:
1746 neigh_ifdown(&nd_tbl, dev);
1747 fib6_run_gc(0, net, false);
1748 break;
1749 case NETDEV_NOTIFY_PEERS:
1750 ndisc_send_unsol_na(dev);
1751 break;
1752 default:
1753 break;
1754 }
1755
1756 return NOTIFY_DONE;
1757 }
1758
1759 static struct notifier_block ndisc_netdev_notifier = {
1760 .notifier_call = ndisc_netdev_event,
1761 };
1762
1763 #ifdef CONFIG_SYSCTL
1764 static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1765 const char *func, const char *dev_name)
1766 {
1767 static char warncomm[TASK_COMM_LEN];
1768 static int warned;
1769 if (strcmp(warncomm, current->comm) && warned < 5) {
1770 strcpy(warncomm, current->comm);
1771 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1772 warncomm, func,
1773 dev_name, ctl->procname,
1774 dev_name, ctl->procname);
1775 warned++;
1776 }
1777 }
1778
1779 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
1780 {
1781 struct net_device *dev = ctl->extra1;
1782 struct inet6_dev *idev;
1783 int ret;
1784
1785 if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1786 (strcmp(ctl->procname, "base_reachable_time") == 0))
1787 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1788
1789 if (strcmp(ctl->procname, "retrans_time") == 0)
1790 ret = neigh_proc_dointvec(ctl, write, buffer, lenp, ppos);
1791
1792 else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1793 ret = neigh_proc_dointvec_jiffies(ctl, write,
1794 buffer, lenp, ppos);
1795
1796 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1797 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1798 ret = neigh_proc_dointvec_ms_jiffies(ctl, write,
1799 buffer, lenp, ppos);
1800 else
1801 ret = -1;
1802
1803 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1804 if (ctl->data == &NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME))
1805 idev->nd_parms->reachable_time =
1806 neigh_rand_reach_time(NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME));
1807 idev->tstamp = jiffies;
1808 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1809 in6_dev_put(idev);
1810 }
1811 return ret;
1812 }
1813
1814
1815 #endif
1816
1817 static int __net_init ndisc_net_init(struct net *net)
1818 {
1819 struct ipv6_pinfo *np;
1820 struct sock *sk;
1821 int err;
1822
1823 err = inet_ctl_sock_create(&sk, PF_INET6,
1824 SOCK_RAW, IPPROTO_ICMPV6, net);
1825 if (err < 0) {
1826 ND_PRINTK(0, err,
1827 "NDISC: Failed to initialize the control socket (err %d)\n",
1828 err);
1829 return err;
1830 }
1831
1832 net->ipv6.ndisc_sk = sk;
1833
1834 np = inet6_sk(sk);
1835 np->hop_limit = 255;
1836 /* Do not loopback ndisc messages */
1837 np->mc_loop = 0;
1838
1839 return 0;
1840 }
1841
1842 static void __net_exit ndisc_net_exit(struct net *net)
1843 {
1844 inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1845 }
1846
1847 static struct pernet_operations ndisc_net_ops = {
1848 .init = ndisc_net_init,
1849 .exit = ndisc_net_exit,
1850 };
1851
1852 int __init ndisc_init(void)
1853 {
1854 int err;
1855
1856 err = register_pernet_subsys(&ndisc_net_ops);
1857 if (err)
1858 return err;
1859 /*
1860 * Initialize the neighbour table
1861 */
1862 neigh_table_init(NEIGH_ND_TABLE, &nd_tbl);
1863
1864 #ifdef CONFIG_SYSCTL
1865 err = neigh_sysctl_register(NULL, &nd_tbl.parms,
1866 ndisc_ifinfo_sysctl_change);
1867 if (err)
1868 goto out_unregister_pernet;
1869 out:
1870 #endif
1871 return err;
1872
1873 #ifdef CONFIG_SYSCTL
1874 out_unregister_pernet:
1875 unregister_pernet_subsys(&ndisc_net_ops);
1876 goto out;
1877 #endif
1878 }
1879
1880 int __init ndisc_late_init(void)
1881 {
1882 return register_netdevice_notifier(&ndisc_netdev_notifier);
1883 }
1884
1885 void ndisc_late_cleanup(void)
1886 {
1887 unregister_netdevice_notifier(&ndisc_netdev_notifier);
1888 }
1889
1890 void ndisc_cleanup(void)
1891 {
1892 #ifdef CONFIG_SYSCTL
1893 neigh_sysctl_unregister(&nd_tbl.parms);
1894 #endif
1895 neigh_table_clear(NEIGH_ND_TABLE, &nd_tbl);
1896 unregister_pernet_subsys(&ndisc_net_ops);
1897 }
Linux with added FPC-III support