Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
[linux/fpc-iii.git] / net / ipv6 / ndisc.c
blobb3cea200c85e232829b8b64f38e000ef896462b8
1 /*
2 * Neighbour Discovery for IPv6
3 * Linux INET6 implementation
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 * Mike Shaver <shaver@ingenia.com>
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version
12 * 2 of the License, or (at your option) any later version.
16 * Changes:
18 * Alexey I. Froloff : RFC6106 (DNSSL) support
19 * Pierre Ynard : export userland ND options
20 * through netlink (RDNSS support)
21 * Lars Fenneberg : fixed MTU setting on receipt
22 * of an RA.
23 * Janos Farkas : kmalloc failure checks
24 * Alexey Kuznetsov : state machine reworked
25 * and moved to net/core.
26 * Pekka Savola : RFC2461 validation
27 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly
30 #define pr_fmt(fmt) "ICMPv6: " fmt
32 #include <linux/module.h>
33 #include <linux/errno.h>
34 #include <linux/types.h>
35 #include <linux/socket.h>
36 #include <linux/sockios.h>
37 #include <linux/sched.h>
38 #include <linux/net.h>
39 #include <linux/in6.h>
40 #include <linux/route.h>
41 #include <linux/init.h>
42 #include <linux/rcupdate.h>
43 #include <linux/slab.h>
44 #ifdef CONFIG_SYSCTL
45 #include <linux/sysctl.h>
46 #endif
48 #include <linux/if_addr.h>
49 #include <linux/if_ether.h>
50 #include <linux/if_arp.h>
51 #include <linux/ipv6.h>
52 #include <linux/icmpv6.h>
53 #include <linux/jhash.h>
55 #include <net/sock.h>
56 #include <net/snmp.h>
58 #include <net/ipv6.h>
59 #include <net/protocol.h>
60 #include <net/ndisc.h>
61 #include <net/ip6_route.h>
62 #include <net/addrconf.h>
63 #include <net/icmp.h>
65 #include <net/netlink.h>
66 #include <linux/rtnetlink.h>
68 #include <net/flow.h>
69 #include <net/ip6_checksum.h>
70 #include <net/inet_common.h>
71 #include <linux/proc_fs.h>
73 #include <linux/netfilter.h>
74 #include <linux/netfilter_ipv6.h>
76 static u32 ndisc_hash(const void *pkey,
77 const struct net_device *dev,
78 __u32 *hash_rnd);
79 static bool ndisc_key_eq(const struct neighbour *neigh, const void *pkey);
80 static int ndisc_constructor(struct neighbour *neigh);
81 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
82 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
83 static int pndisc_constructor(struct pneigh_entry *n);
84 static void pndisc_destructor(struct pneigh_entry *n);
85 static void pndisc_redo(struct sk_buff *skb);
87 static const struct neigh_ops ndisc_generic_ops = {
88 .family = AF_INET6,
89 .solicit = ndisc_solicit,
90 .error_report = ndisc_error_report,
91 .output = neigh_resolve_output,
92 .connected_output = neigh_connected_output,
95 static const struct neigh_ops ndisc_hh_ops = {
96 .family = AF_INET6,
97 .solicit = ndisc_solicit,
98 .error_report = ndisc_error_report,
99 .output = neigh_resolve_output,
100 .connected_output = neigh_resolve_output,
104 static const struct neigh_ops ndisc_direct_ops = {
105 .family = AF_INET6,
106 .output = neigh_direct_output,
107 .connected_output = neigh_direct_output,
110 struct neigh_table nd_tbl = {
111 .family = AF_INET6,
112 .key_len = sizeof(struct in6_addr),
113 .protocol = cpu_to_be16(ETH_P_IPV6),
114 .hash = ndisc_hash,
115 .key_eq = ndisc_key_eq,
116 .constructor = ndisc_constructor,
117 .pconstructor = pndisc_constructor,
118 .pdestructor = pndisc_destructor,
119 .proxy_redo = pndisc_redo,
120 .id = "ndisc_cache",
121 .parms = {
122 .tbl = &nd_tbl,
123 .reachable_time = ND_REACHABLE_TIME,
124 .data = {
125 [NEIGH_VAR_MCAST_PROBES] = 3,
126 [NEIGH_VAR_UCAST_PROBES] = 3,
127 [NEIGH_VAR_RETRANS_TIME] = ND_RETRANS_TIMER,
128 [NEIGH_VAR_BASE_REACHABLE_TIME] = ND_REACHABLE_TIME,
129 [NEIGH_VAR_DELAY_PROBE_TIME] = 5 * HZ,
130 [NEIGH_VAR_GC_STALETIME] = 60 * HZ,
131 [NEIGH_VAR_QUEUE_LEN_BYTES] = SK_WMEM_MAX,
132 [NEIGH_VAR_PROXY_QLEN] = 64,
133 [NEIGH_VAR_ANYCAST_DELAY] = 1 * HZ,
134 [NEIGH_VAR_PROXY_DELAY] = (8 * HZ) / 10,
137 .gc_interval = 30 * HZ,
138 .gc_thresh1 = 128,
139 .gc_thresh2 = 512,
140 .gc_thresh3 = 1024,
142 EXPORT_SYMBOL_GPL(nd_tbl);
144 void __ndisc_fill_addr_option(struct sk_buff *skb, int type, void *data,
145 int data_len, int pad)
147 int space = __ndisc_opt_addr_space(data_len, pad);
148 u8 *opt = skb_put(skb, space);
150 opt[0] = type;
151 opt[1] = space>>3;
153 memset(opt + 2, 0, pad);
154 opt += pad;
155 space -= pad;
157 memcpy(opt+2, data, data_len);
158 data_len += 2;
159 opt += data_len;
160 space -= data_len;
161 if (space > 0)
162 memset(opt, 0, space);
164 EXPORT_SYMBOL_GPL(__ndisc_fill_addr_option);
166 static inline void ndisc_fill_addr_option(struct sk_buff *skb, int type,
167 void *data, u8 icmp6_type)
169 __ndisc_fill_addr_option(skb, type, data, skb->dev->addr_len,
170 ndisc_addr_option_pad(skb->dev->type));
171 ndisc_ops_fill_addr_option(skb->dev, skb, icmp6_type);
174 static inline void ndisc_fill_redirect_addr_option(struct sk_buff *skb,
175 void *ha,
176 const u8 *ops_data)
178 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR, ha, NDISC_REDIRECT);
179 ndisc_ops_fill_redirect_addr_option(skb->dev, skb, ops_data);
182 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
183 struct nd_opt_hdr *end)
185 int type;
186 if (!cur || !end || cur >= end)
187 return NULL;
188 type = cur->nd_opt_type;
189 do {
190 cur = ((void *)cur) + (cur->nd_opt_len << 3);
191 } while (cur < end && cur->nd_opt_type != type);
192 return cur <= end && cur->nd_opt_type == type ? cur : NULL;
195 static inline int ndisc_is_useropt(const struct net_device *dev,
196 struct nd_opt_hdr *opt)
198 return opt->nd_opt_type == ND_OPT_RDNSS ||
199 opt->nd_opt_type == ND_OPT_DNSSL ||
200 ndisc_ops_is_useropt(dev, opt->nd_opt_type);
203 static struct nd_opt_hdr *ndisc_next_useropt(const struct net_device *dev,
204 struct nd_opt_hdr *cur,
205 struct nd_opt_hdr *end)
207 if (!cur || !end || cur >= end)
208 return NULL;
209 do {
210 cur = ((void *)cur) + (cur->nd_opt_len << 3);
211 } while (cur < end && !ndisc_is_useropt(dev, cur));
212 return cur <= end && ndisc_is_useropt(dev, cur) ? cur : NULL;
215 struct ndisc_options *ndisc_parse_options(const struct net_device *dev,
216 u8 *opt, int opt_len,
217 struct ndisc_options *ndopts)
219 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
221 if (!nd_opt || opt_len < 0 || !ndopts)
222 return NULL;
223 memset(ndopts, 0, sizeof(*ndopts));
224 while (opt_len) {
225 int l;
226 if (opt_len < sizeof(struct nd_opt_hdr))
227 return NULL;
228 l = nd_opt->nd_opt_len << 3;
229 if (opt_len < l || l == 0)
230 return NULL;
231 if (ndisc_ops_parse_options(dev, nd_opt, ndopts))
232 goto next_opt;
233 switch (nd_opt->nd_opt_type) {
234 case ND_OPT_SOURCE_LL_ADDR:
235 case ND_OPT_TARGET_LL_ADDR:
236 case ND_OPT_MTU:
237 case ND_OPT_NONCE:
238 case ND_OPT_REDIRECT_HDR:
239 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
240 ND_PRINTK(2, warn,
241 "%s: duplicated ND6 option found: type=%d\n",
242 __func__, nd_opt->nd_opt_type);
243 } else {
244 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
246 break;
247 case ND_OPT_PREFIX_INFO:
248 ndopts->nd_opts_pi_end = nd_opt;
249 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
250 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
251 break;
252 #ifdef CONFIG_IPV6_ROUTE_INFO
253 case ND_OPT_ROUTE_INFO:
254 ndopts->nd_opts_ri_end = nd_opt;
255 if (!ndopts->nd_opts_ri)
256 ndopts->nd_opts_ri = nd_opt;
257 break;
258 #endif
259 default:
260 if (ndisc_is_useropt(dev, nd_opt)) {
261 ndopts->nd_useropts_end = nd_opt;
262 if (!ndopts->nd_useropts)
263 ndopts->nd_useropts = nd_opt;
264 } else {
266 * Unknown options must be silently ignored,
267 * to accommodate future extension to the
268 * protocol.
270 ND_PRINTK(2, notice,
271 "%s: ignored unsupported option; type=%d, len=%d\n",
272 __func__,
273 nd_opt->nd_opt_type,
274 nd_opt->nd_opt_len);
277 next_opt:
278 opt_len -= l;
279 nd_opt = ((void *)nd_opt) + l;
281 return ndopts;
284 int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
286 switch (dev->type) {
287 case ARPHRD_ETHER:
288 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */
289 case ARPHRD_FDDI:
290 ipv6_eth_mc_map(addr, buf);
291 return 0;
292 case ARPHRD_ARCNET:
293 ipv6_arcnet_mc_map(addr, buf);
294 return 0;
295 case ARPHRD_INFINIBAND:
296 ipv6_ib_mc_map(addr, dev->broadcast, buf);
297 return 0;
298 case ARPHRD_IPGRE:
299 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
300 default:
301 if (dir) {
302 memcpy(buf, dev->broadcast, dev->addr_len);
303 return 0;
306 return -EINVAL;
308 EXPORT_SYMBOL(ndisc_mc_map);
310 static u32 ndisc_hash(const void *pkey,
311 const struct net_device *dev,
312 __u32 *hash_rnd)
314 return ndisc_hashfn(pkey, dev, hash_rnd);
317 static bool ndisc_key_eq(const struct neighbour *n, const void *pkey)
319 return neigh_key_eq128(n, pkey);
322 static int ndisc_constructor(struct neighbour *neigh)
324 struct in6_addr *addr = (struct in6_addr *)&neigh->primary_key;
325 struct net_device *dev = neigh->dev;
326 struct inet6_dev *in6_dev;
327 struct neigh_parms *parms;
328 bool is_multicast = ipv6_addr_is_multicast(addr);
330 in6_dev = in6_dev_get(dev);
331 if (!in6_dev) {
332 return -EINVAL;
335 parms = in6_dev->nd_parms;
336 __neigh_parms_put(neigh->parms);
337 neigh->parms = neigh_parms_clone(parms);
339 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
340 if (!dev->header_ops) {
341 neigh->nud_state = NUD_NOARP;
342 neigh->ops = &ndisc_direct_ops;
343 neigh->output = neigh_direct_output;
344 } else {
345 if (is_multicast) {
346 neigh->nud_state = NUD_NOARP;
347 ndisc_mc_map(addr, neigh->ha, dev, 1);
348 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
349 neigh->nud_state = NUD_NOARP;
350 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
351 if (dev->flags&IFF_LOOPBACK)
352 neigh->type = RTN_LOCAL;
353 } else if (dev->flags&IFF_POINTOPOINT) {
354 neigh->nud_state = NUD_NOARP;
355 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
357 if (dev->header_ops->cache)
358 neigh->ops = &ndisc_hh_ops;
359 else
360 neigh->ops = &ndisc_generic_ops;
361 if (neigh->nud_state&NUD_VALID)
362 neigh->output = neigh->ops->connected_output;
363 else
364 neigh->output = neigh->ops->output;
366 in6_dev_put(in6_dev);
367 return 0;
370 static int pndisc_constructor(struct pneigh_entry *n)
372 struct in6_addr *addr = (struct in6_addr *)&n->key;
373 struct in6_addr maddr;
374 struct net_device *dev = n->dev;
376 if (!dev || !__in6_dev_get(dev))
377 return -EINVAL;
378 addrconf_addr_solict_mult(addr, &maddr);
379 ipv6_dev_mc_inc(dev, &maddr);
380 return 0;
383 static void pndisc_destructor(struct pneigh_entry *n)
385 struct in6_addr *addr = (struct in6_addr *)&n->key;
386 struct in6_addr maddr;
387 struct net_device *dev = n->dev;
389 if (!dev || !__in6_dev_get(dev))
390 return;
391 addrconf_addr_solict_mult(addr, &maddr);
392 ipv6_dev_mc_dec(dev, &maddr);
395 static struct sk_buff *ndisc_alloc_skb(struct net_device *dev,
396 int len)
398 int hlen = LL_RESERVED_SPACE(dev);
399 int tlen = dev->needed_tailroom;
400 struct sock *sk = dev_net(dev)->ipv6.ndisc_sk;
401 struct sk_buff *skb;
403 skb = alloc_skb(hlen + sizeof(struct ipv6hdr) + len + tlen, GFP_ATOMIC);
404 if (!skb) {
405 ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb\n",
406 __func__);
407 return NULL;
410 skb->protocol = htons(ETH_P_IPV6);
411 skb->dev = dev;
413 skb_reserve(skb, hlen + sizeof(struct ipv6hdr));
414 skb_reset_transport_header(skb);
416 /* Manually assign socket ownership as we avoid calling
417 * sock_alloc_send_pskb() to bypass wmem buffer limits
419 skb_set_owner_w(skb, sk);
421 return skb;
424 static void ip6_nd_hdr(struct sk_buff *skb,
425 const struct in6_addr *saddr,
426 const struct in6_addr *daddr,
427 int hop_limit, int len)
429 struct ipv6hdr *hdr;
430 struct inet6_dev *idev;
431 unsigned tclass;
433 rcu_read_lock();
434 idev = __in6_dev_get(skb->dev);
435 tclass = idev ? idev->cnf.ndisc_tclass : 0;
436 rcu_read_unlock();
438 skb_push(skb, sizeof(*hdr));
439 skb_reset_network_header(skb);
440 hdr = ipv6_hdr(skb);
442 ip6_flow_hdr(hdr, tclass, 0);
444 hdr->payload_len = htons(len);
445 hdr->nexthdr = IPPROTO_ICMPV6;
446 hdr->hop_limit = hop_limit;
448 hdr->saddr = *saddr;
449 hdr->daddr = *daddr;
452 static void ndisc_send_skb(struct sk_buff *skb,
453 const struct in6_addr *daddr,
454 const struct in6_addr *saddr)
456 struct dst_entry *dst = skb_dst(skb);
457 struct net *net = dev_net(skb->dev);
458 struct sock *sk = net->ipv6.ndisc_sk;
459 struct inet6_dev *idev;
460 int err;
461 struct icmp6hdr *icmp6h = icmp6_hdr(skb);
462 u8 type;
464 type = icmp6h->icmp6_type;
466 if (!dst) {
467 struct flowi6 fl6;
468 int oif = skb->dev->ifindex;
470 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, oif);
471 dst = icmp6_dst_alloc(skb->dev, &fl6);
472 if (IS_ERR(dst)) {
473 kfree_skb(skb);
474 return;
477 skb_dst_set(skb, dst);
480 icmp6h->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len,
481 IPPROTO_ICMPV6,
482 csum_partial(icmp6h,
483 skb->len, 0));
485 ip6_nd_hdr(skb, saddr, daddr, inet6_sk(sk)->hop_limit, skb->len);
487 rcu_read_lock();
488 idev = __in6_dev_get(dst->dev);
489 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
491 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT,
492 net, sk, skb, NULL, dst->dev,
493 dst_output);
494 if (!err) {
495 ICMP6MSGOUT_INC_STATS(net, idev, type);
496 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
499 rcu_read_unlock();
502 void ndisc_send_na(struct net_device *dev, const struct in6_addr *daddr,
503 const struct in6_addr *solicited_addr,
504 bool router, bool solicited, bool override, bool inc_opt)
506 struct sk_buff *skb;
507 struct in6_addr tmpaddr;
508 struct inet6_ifaddr *ifp;
509 const struct in6_addr *src_addr;
510 struct nd_msg *msg;
511 int optlen = 0;
513 /* for anycast or proxy, solicited_addr != src_addr */
514 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
515 if (ifp) {
516 src_addr = solicited_addr;
517 if (ifp->flags & IFA_F_OPTIMISTIC)
518 override = false;
519 inc_opt |= ifp->idev->cnf.force_tllao;
520 in6_ifa_put(ifp);
521 } else {
522 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
523 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
524 &tmpaddr))
525 return;
526 src_addr = &tmpaddr;
529 if (!dev->addr_len)
530 inc_opt = 0;
531 if (inc_opt)
532 optlen += ndisc_opt_addr_space(dev,
533 NDISC_NEIGHBOUR_ADVERTISEMENT);
535 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
536 if (!skb)
537 return;
539 msg = skb_put(skb, sizeof(*msg));
540 *msg = (struct nd_msg) {
541 .icmph = {
542 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
543 .icmp6_router = router,
544 .icmp6_solicited = solicited,
545 .icmp6_override = override,
547 .target = *solicited_addr,
550 if (inc_opt)
551 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR,
552 dev->dev_addr,
553 NDISC_NEIGHBOUR_ADVERTISEMENT);
555 ndisc_send_skb(skb, daddr, src_addr);
558 static void ndisc_send_unsol_na(struct net_device *dev)
560 struct inet6_dev *idev;
561 struct inet6_ifaddr *ifa;
563 idev = in6_dev_get(dev);
564 if (!idev)
565 return;
567 read_lock_bh(&idev->lock);
568 list_for_each_entry(ifa, &idev->addr_list, if_list) {
569 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &ifa->addr,
570 /*router=*/ !!idev->cnf.forwarding,
571 /*solicited=*/ false, /*override=*/ true,
572 /*inc_opt=*/ true);
574 read_unlock_bh(&idev->lock);
576 in6_dev_put(idev);
579 void ndisc_send_ns(struct net_device *dev, const struct in6_addr *solicit,
580 const struct in6_addr *daddr, const struct in6_addr *saddr,
581 u64 nonce)
583 struct sk_buff *skb;
584 struct in6_addr addr_buf;
585 int inc_opt = dev->addr_len;
586 int optlen = 0;
587 struct nd_msg *msg;
589 if (!saddr) {
590 if (ipv6_get_lladdr(dev, &addr_buf,
591 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
592 return;
593 saddr = &addr_buf;
596 if (ipv6_addr_any(saddr))
597 inc_opt = false;
598 if (inc_opt)
599 optlen += ndisc_opt_addr_space(dev,
600 NDISC_NEIGHBOUR_SOLICITATION);
601 if (nonce != 0)
602 optlen += 8;
604 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
605 if (!skb)
606 return;
608 msg = skb_put(skb, sizeof(*msg));
609 *msg = (struct nd_msg) {
610 .icmph = {
611 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
613 .target = *solicit,
616 if (inc_opt)
617 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
618 dev->dev_addr,
619 NDISC_NEIGHBOUR_SOLICITATION);
620 if (nonce != 0) {
621 u8 *opt = skb_put(skb, 8);
623 opt[0] = ND_OPT_NONCE;
624 opt[1] = 8 >> 3;
625 memcpy(opt + 2, &nonce, 6);
628 ndisc_send_skb(skb, daddr, saddr);
631 void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
632 const struct in6_addr *daddr)
634 struct sk_buff *skb;
635 struct rs_msg *msg;
636 int send_sllao = dev->addr_len;
637 int optlen = 0;
639 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
641 * According to section 2.2 of RFC 4429, we must not
642 * send router solicitations with a sllao from
643 * optimistic addresses, but we may send the solicitation
644 * if we don't include the sllao. So here we check
645 * if our address is optimistic, and if so, we
646 * suppress the inclusion of the sllao.
648 if (send_sllao) {
649 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
650 dev, 1);
651 if (ifp) {
652 if (ifp->flags & IFA_F_OPTIMISTIC) {
653 send_sllao = 0;
655 in6_ifa_put(ifp);
656 } else {
657 send_sllao = 0;
660 #endif
661 if (send_sllao)
662 optlen += ndisc_opt_addr_space(dev, NDISC_ROUTER_SOLICITATION);
664 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
665 if (!skb)
666 return;
668 msg = skb_put(skb, sizeof(*msg));
669 *msg = (struct rs_msg) {
670 .icmph = {
671 .icmp6_type = NDISC_ROUTER_SOLICITATION,
675 if (send_sllao)
676 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
677 dev->dev_addr,
678 NDISC_ROUTER_SOLICITATION);
680 ndisc_send_skb(skb, daddr, saddr);
684 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
687 * "The sender MUST return an ICMP
688 * destination unreachable"
690 dst_link_failure(skb);
691 kfree_skb(skb);
694 /* Called with locked neigh: either read or both */
696 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
698 struct in6_addr *saddr = NULL;
699 struct in6_addr mcaddr;
700 struct net_device *dev = neigh->dev;
701 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
702 int probes = atomic_read(&neigh->probes);
704 if (skb && ipv6_chk_addr_and_flags(dev_net(dev), &ipv6_hdr(skb)->saddr,
705 dev, 1,
706 IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))
707 saddr = &ipv6_hdr(skb)->saddr;
708 probes -= NEIGH_VAR(neigh->parms, UCAST_PROBES);
709 if (probes < 0) {
710 if (!(neigh->nud_state & NUD_VALID)) {
711 ND_PRINTK(1, dbg,
712 "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
713 __func__, target);
715 ndisc_send_ns(dev, target, target, saddr, 0);
716 } else if ((probes -= NEIGH_VAR(neigh->parms, APP_PROBES)) < 0) {
717 neigh_app_ns(neigh);
718 } else {
719 addrconf_addr_solict_mult(target, &mcaddr);
720 ndisc_send_ns(dev, target, &mcaddr, saddr, 0);
724 static int pndisc_is_router(const void *pkey,
725 struct net_device *dev)
727 struct pneigh_entry *n;
728 int ret = -1;
730 read_lock_bh(&nd_tbl.lock);
731 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
732 if (n)
733 ret = !!(n->flags & NTF_ROUTER);
734 read_unlock_bh(&nd_tbl.lock);
736 return ret;
739 void ndisc_update(const struct net_device *dev, struct neighbour *neigh,
740 const u8 *lladdr, u8 new, u32 flags, u8 icmp6_type,
741 struct ndisc_options *ndopts)
743 neigh_update(neigh, lladdr, new, flags, 0);
744 /* report ndisc ops about neighbour update */
745 ndisc_ops_update(dev, neigh, flags, icmp6_type, ndopts);
748 static void ndisc_recv_ns(struct sk_buff *skb)
750 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
751 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
752 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
753 u8 *lladdr = NULL;
754 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
755 offsetof(struct nd_msg, opt));
756 struct ndisc_options ndopts;
757 struct net_device *dev = skb->dev;
758 struct inet6_ifaddr *ifp;
759 struct inet6_dev *idev = NULL;
760 struct neighbour *neigh;
761 int dad = ipv6_addr_any(saddr);
762 bool inc;
763 int is_router = -1;
764 u64 nonce = 0;
766 if (skb->len < sizeof(struct nd_msg)) {
767 ND_PRINTK(2, warn, "NS: packet too short\n");
768 return;
771 if (ipv6_addr_is_multicast(&msg->target)) {
772 ND_PRINTK(2, warn, "NS: multicast target address\n");
773 return;
777 * RFC2461 7.1.1:
778 * DAD has to be destined for solicited node multicast address.
780 if (dad && !ipv6_addr_is_solict_mult(daddr)) {
781 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
782 return;
785 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
786 ND_PRINTK(2, warn, "NS: invalid ND options\n");
787 return;
790 if (ndopts.nd_opts_src_lladdr) {
791 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
792 if (!lladdr) {
793 ND_PRINTK(2, warn,
794 "NS: invalid link-layer address length\n");
795 return;
798 /* RFC2461 7.1.1:
799 * If the IP source address is the unspecified address,
800 * there MUST NOT be source link-layer address option
801 * in the message.
803 if (dad) {
804 ND_PRINTK(2, warn,
805 "NS: bad DAD packet (link-layer address option)\n");
806 return;
809 if (ndopts.nd_opts_nonce)
810 memcpy(&nonce, (u8 *)(ndopts.nd_opts_nonce + 1), 6);
812 inc = ipv6_addr_is_multicast(daddr);
814 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
815 if (ifp) {
816 have_ifp:
817 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
818 if (dad) {
819 if (nonce != 0 && ifp->dad_nonce == nonce) {
820 u8 *np = (u8 *)&nonce;
821 /* Matching nonce if looped back */
822 ND_PRINTK(2, notice,
823 "%s: IPv6 DAD loopback for address %pI6c nonce %pM ignored\n",
824 ifp->idev->dev->name,
825 &ifp->addr, np);
826 goto out;
829 * We are colliding with another node
830 * who is doing DAD
831 * so fail our DAD process
833 addrconf_dad_failure(skb, ifp);
834 return;
835 } else {
837 * This is not a dad solicitation.
838 * If we are an optimistic node,
839 * we should respond.
840 * Otherwise, we should ignore it.
842 if (!(ifp->flags & IFA_F_OPTIMISTIC))
843 goto out;
847 idev = ifp->idev;
848 } else {
849 struct net *net = dev_net(dev);
851 /* perhaps an address on the master device */
852 if (netif_is_l3_slave(dev)) {
853 struct net_device *mdev;
855 mdev = netdev_master_upper_dev_get_rcu(dev);
856 if (mdev) {
857 ifp = ipv6_get_ifaddr(net, &msg->target, mdev, 1);
858 if (ifp)
859 goto have_ifp;
863 idev = in6_dev_get(dev);
864 if (!idev) {
865 /* XXX: count this drop? */
866 return;
869 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
870 (idev->cnf.forwarding &&
871 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
872 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
873 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
874 skb->pkt_type != PACKET_HOST &&
875 inc &&
876 NEIGH_VAR(idev->nd_parms, PROXY_DELAY) != 0) {
878 * for anycast or proxy,
879 * sender should delay its response
880 * by a random time between 0 and
881 * MAX_ANYCAST_DELAY_TIME seconds.
882 * (RFC2461) -- yoshfuji
884 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
885 if (n)
886 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
887 goto out;
889 } else
890 goto out;
893 if (is_router < 0)
894 is_router = idev->cnf.forwarding;
896 if (dad) {
897 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &msg->target,
898 !!is_router, false, (ifp != NULL), true);
899 goto out;
902 if (inc)
903 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
904 else
905 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
908 * update / create cache entry
909 * for the source address
911 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
912 !inc || lladdr || !dev->addr_len);
913 if (neigh)
914 ndisc_update(dev, neigh, lladdr, NUD_STALE,
915 NEIGH_UPDATE_F_WEAK_OVERRIDE|
916 NEIGH_UPDATE_F_OVERRIDE,
917 NDISC_NEIGHBOUR_SOLICITATION, &ndopts);
918 if (neigh || !dev->header_ops) {
919 ndisc_send_na(dev, saddr, &msg->target, !!is_router,
920 true, (ifp != NULL && inc), inc);
921 if (neigh)
922 neigh_release(neigh);
925 out:
926 if (ifp)
927 in6_ifa_put(ifp);
928 else
929 in6_dev_put(idev);
932 static void ndisc_recv_na(struct sk_buff *skb)
934 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
935 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
936 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
937 u8 *lladdr = NULL;
938 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
939 offsetof(struct nd_msg, opt));
940 struct ndisc_options ndopts;
941 struct net_device *dev = skb->dev;
942 struct inet6_dev *idev = __in6_dev_get(dev);
943 struct inet6_ifaddr *ifp;
944 struct neighbour *neigh;
946 if (skb->len < sizeof(struct nd_msg)) {
947 ND_PRINTK(2, warn, "NA: packet too short\n");
948 return;
951 if (ipv6_addr_is_multicast(&msg->target)) {
952 ND_PRINTK(2, warn, "NA: target address is multicast\n");
953 return;
956 if (ipv6_addr_is_multicast(daddr) &&
957 msg->icmph.icmp6_solicited) {
958 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
959 return;
962 /* For some 802.11 wireless deployments (and possibly other networks),
963 * there will be a NA proxy and unsolicitd packets are attacks
964 * and thus should not be accepted.
966 if (!msg->icmph.icmp6_solicited && idev &&
967 idev->cnf.drop_unsolicited_na)
968 return;
970 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
971 ND_PRINTK(2, warn, "NS: invalid ND option\n");
972 return;
974 if (ndopts.nd_opts_tgt_lladdr) {
975 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
976 if (!lladdr) {
977 ND_PRINTK(2, warn,
978 "NA: invalid link-layer address length\n");
979 return;
982 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
983 if (ifp) {
984 if (skb->pkt_type != PACKET_LOOPBACK
985 && (ifp->flags & IFA_F_TENTATIVE)) {
986 addrconf_dad_failure(skb, ifp);
987 return;
989 /* What should we make now? The advertisement
990 is invalid, but ndisc specs say nothing
991 about it. It could be misconfiguration, or
992 an smart proxy agent tries to help us :-)
994 We should not print the error if NA has been
995 received from loopback - it is just our own
996 unsolicited advertisement.
998 if (skb->pkt_type != PACKET_LOOPBACK)
999 ND_PRINTK(1, warn,
1000 "NA: %pM advertised our address %pI6c on %s!\n",
1001 eth_hdr(skb)->h_source, &ifp->addr, ifp->idev->dev->name);
1002 in6_ifa_put(ifp);
1003 return;
1005 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
1007 if (neigh) {
1008 u8 old_flags = neigh->flags;
1009 struct net *net = dev_net(dev);
1011 if (neigh->nud_state & NUD_FAILED)
1012 goto out;
1015 * Don't update the neighbor cache entry on a proxy NA from
1016 * ourselves because either the proxied node is off link or it
1017 * has already sent a NA to us.
1019 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
1020 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
1021 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
1022 /* XXX: idev->cnf.proxy_ndp */
1023 goto out;
1026 ndisc_update(dev, neigh, lladdr,
1027 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
1028 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1029 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
1030 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1031 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0),
1032 NDISC_NEIGHBOUR_ADVERTISEMENT, &ndopts);
1034 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
1036 * Change: router to host
1038 rt6_clean_tohost(dev_net(dev), saddr);
1041 out:
1042 neigh_release(neigh);
1046 static void ndisc_recv_rs(struct sk_buff *skb)
1048 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
1049 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
1050 struct neighbour *neigh;
1051 struct inet6_dev *idev;
1052 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
1053 struct ndisc_options ndopts;
1054 u8 *lladdr = NULL;
1056 if (skb->len < sizeof(*rs_msg))
1057 return;
1059 idev = __in6_dev_get(skb->dev);
1060 if (!idev) {
1061 ND_PRINTK(1, err, "RS: can't find in6 device\n");
1062 return;
1065 /* Don't accept RS if we're not in router mode */
1066 if (!idev->cnf.forwarding)
1067 goto out;
1070 * Don't update NCE if src = ::;
1071 * this implies that the source node has no ip address assigned yet.
1073 if (ipv6_addr_any(saddr))
1074 goto out;
1076 /* Parse ND options */
1077 if (!ndisc_parse_options(skb->dev, rs_msg->opt, ndoptlen, &ndopts)) {
1078 ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n");
1079 goto out;
1082 if (ndopts.nd_opts_src_lladdr) {
1083 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1084 skb->dev);
1085 if (!lladdr)
1086 goto out;
1089 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1090 if (neigh) {
1091 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1092 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1093 NEIGH_UPDATE_F_OVERRIDE|
1094 NEIGH_UPDATE_F_OVERRIDE_ISROUTER,
1095 NDISC_ROUTER_SOLICITATION, &ndopts);
1096 neigh_release(neigh);
1098 out:
1099 return;
1102 static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1104 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1105 struct sk_buff *skb;
1106 struct nlmsghdr *nlh;
1107 struct nduseroptmsg *ndmsg;
1108 struct net *net = dev_net(ra->dev);
1109 int err;
1110 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1111 + (opt->nd_opt_len << 3));
1112 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1114 skb = nlmsg_new(msg_size, GFP_ATOMIC);
1115 if (!skb) {
1116 err = -ENOBUFS;
1117 goto errout;
1120 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1121 if (!nlh) {
1122 goto nla_put_failure;
1125 ndmsg = nlmsg_data(nlh);
1126 ndmsg->nduseropt_family = AF_INET6;
1127 ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1128 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1129 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1130 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1132 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1134 if (nla_put_in6_addr(skb, NDUSEROPT_SRCADDR, &ipv6_hdr(ra)->saddr))
1135 goto nla_put_failure;
1136 nlmsg_end(skb, nlh);
1138 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1139 return;
1141 nla_put_failure:
1142 nlmsg_free(skb);
1143 err = -EMSGSIZE;
1144 errout:
1145 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1148 static void ndisc_router_discovery(struct sk_buff *skb)
1150 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1151 struct neighbour *neigh = NULL;
1152 struct inet6_dev *in6_dev;
1153 struct rt6_info *rt = NULL;
1154 int lifetime;
1155 struct ndisc_options ndopts;
1156 int optlen;
1157 unsigned int pref = 0;
1158 __u32 old_if_flags;
1159 bool send_ifinfo_notify = false;
1161 __u8 *opt = (__u8 *)(ra_msg + 1);
1163 optlen = (skb_tail_pointer(skb) - skb_transport_header(skb)) -
1164 sizeof(struct ra_msg);
1166 ND_PRINTK(2, info,
1167 "RA: %s, dev: %s\n",
1168 __func__, skb->dev->name);
1169 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1170 ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1171 return;
1173 if (optlen < 0) {
1174 ND_PRINTK(2, warn, "RA: packet too short\n");
1175 return;
1178 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1179 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1180 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
1181 return;
1183 #endif
1186 * set the RA_RECV flag in the interface
1189 in6_dev = __in6_dev_get(skb->dev);
1190 if (!in6_dev) {
1191 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1192 skb->dev->name);
1193 return;
1196 if (!ndisc_parse_options(skb->dev, opt, optlen, &ndopts)) {
1197 ND_PRINTK(2, warn, "RA: invalid ND options\n");
1198 return;
1201 if (!ipv6_accept_ra(in6_dev)) {
1202 ND_PRINTK(2, info,
1203 "RA: %s, did not accept ra for dev: %s\n",
1204 __func__, skb->dev->name);
1205 goto skip_linkparms;
1208 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1209 /* skip link-specific parameters from interior routers */
1210 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1211 ND_PRINTK(2, info,
1212 "RA: %s, nodetype is NODEFAULT, dev: %s\n",
1213 __func__, skb->dev->name);
1214 goto skip_linkparms;
1216 #endif
1218 if (in6_dev->if_flags & IF_RS_SENT) {
1220 * flag that an RA was received after an RS was sent
1221 * out on this interface.
1223 in6_dev->if_flags |= IF_RA_RCVD;
1227 * Remember the managed/otherconf flags from most recently
1228 * received RA message (RFC 2462) -- yoshfuji
1230 old_if_flags = in6_dev->if_flags;
1231 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1232 IF_RA_OTHERCONF)) |
1233 (ra_msg->icmph.icmp6_addrconf_managed ?
1234 IF_RA_MANAGED : 0) |
1235 (ra_msg->icmph.icmp6_addrconf_other ?
1236 IF_RA_OTHERCONF : 0);
1238 if (old_if_flags != in6_dev->if_flags)
1239 send_ifinfo_notify = true;
1241 if (!in6_dev->cnf.accept_ra_defrtr) {
1242 ND_PRINTK(2, info,
1243 "RA: %s, defrtr is false for dev: %s\n",
1244 __func__, skb->dev->name);
1245 goto skip_defrtr;
1248 /* Do not accept RA with source-addr found on local machine unless
1249 * accept_ra_from_local is set to true.
1251 if (!in6_dev->cnf.accept_ra_from_local &&
1252 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
1253 in6_dev->dev, 0)) {
1254 ND_PRINTK(2, info,
1255 "RA from local address detected on dev: %s: default router ignored\n",
1256 skb->dev->name);
1257 goto skip_defrtr;
1260 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1262 #ifdef CONFIG_IPV6_ROUTER_PREF
1263 pref = ra_msg->icmph.icmp6_router_pref;
1264 /* 10b is handled as if it were 00b (medium) */
1265 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1266 !in6_dev->cnf.accept_ra_rtr_pref)
1267 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1268 #endif
1270 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1272 if (rt) {
1273 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1274 if (!neigh) {
1275 ND_PRINTK(0, err,
1276 "RA: %s got default router without neighbour\n",
1277 __func__);
1278 ip6_rt_put(rt);
1279 return;
1282 if (rt && lifetime == 0) {
1283 ip6_del_rt(rt);
1284 rt = NULL;
1287 ND_PRINTK(3, info, "RA: rt: %p lifetime: %d, for dev: %s\n",
1288 rt, lifetime, skb->dev->name);
1289 if (!rt && lifetime) {
1290 ND_PRINTK(3, info, "RA: adding default router\n");
1292 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
1293 if (!rt) {
1294 ND_PRINTK(0, err,
1295 "RA: %s failed to add default route\n",
1296 __func__);
1297 return;
1300 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1301 if (!neigh) {
1302 ND_PRINTK(0, err,
1303 "RA: %s got default router without neighbour\n",
1304 __func__);
1305 ip6_rt_put(rt);
1306 return;
1308 neigh->flags |= NTF_ROUTER;
1309 } else if (rt) {
1310 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1313 if (rt)
1314 rt6_set_expires(rt, jiffies + (HZ * lifetime));
1315 if (in6_dev->cnf.accept_ra_min_hop_limit < 256 &&
1316 ra_msg->icmph.icmp6_hop_limit) {
1317 if (in6_dev->cnf.accept_ra_min_hop_limit <= ra_msg->icmph.icmp6_hop_limit) {
1318 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1319 if (rt)
1320 dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
1321 ra_msg->icmph.icmp6_hop_limit);
1322 } else {
1323 ND_PRINTK(2, warn, "RA: Got route advertisement with lower hop_limit than minimum\n");
1327 skip_defrtr:
1330 * Update Reachable Time and Retrans Timer
1333 if (in6_dev->nd_parms) {
1334 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1336 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1337 rtime = (rtime*HZ)/1000;
1338 if (rtime < HZ/10)
1339 rtime = HZ/10;
1340 NEIGH_VAR_SET(in6_dev->nd_parms, RETRANS_TIME, rtime);
1341 in6_dev->tstamp = jiffies;
1342 send_ifinfo_notify = true;
1345 rtime = ntohl(ra_msg->reachable_time);
1346 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1347 rtime = (rtime*HZ)/1000;
1349 if (rtime < HZ/10)
1350 rtime = HZ/10;
1352 if (rtime != NEIGH_VAR(in6_dev->nd_parms, BASE_REACHABLE_TIME)) {
1353 NEIGH_VAR_SET(in6_dev->nd_parms,
1354 BASE_REACHABLE_TIME, rtime);
1355 NEIGH_VAR_SET(in6_dev->nd_parms,
1356 GC_STALETIME, 3 * rtime);
1357 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1358 in6_dev->tstamp = jiffies;
1359 send_ifinfo_notify = true;
1365 * Send a notify if RA changed managed/otherconf flags or timer settings
1367 if (send_ifinfo_notify)
1368 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1370 skip_linkparms:
1373 * Process options.
1376 if (!neigh)
1377 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1378 skb->dev, 1);
1379 if (neigh) {
1380 u8 *lladdr = NULL;
1381 if (ndopts.nd_opts_src_lladdr) {
1382 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1383 skb->dev);
1384 if (!lladdr) {
1385 ND_PRINTK(2, warn,
1386 "RA: invalid link-layer address length\n");
1387 goto out;
1390 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1391 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1392 NEIGH_UPDATE_F_OVERRIDE|
1393 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1394 NEIGH_UPDATE_F_ISROUTER,
1395 NDISC_ROUTER_ADVERTISEMENT, &ndopts);
1398 if (!ipv6_accept_ra(in6_dev)) {
1399 ND_PRINTK(2, info,
1400 "RA: %s, accept_ra is false for dev: %s\n",
1401 __func__, skb->dev->name);
1402 goto out;
1405 #ifdef CONFIG_IPV6_ROUTE_INFO
1406 if (!in6_dev->cnf.accept_ra_from_local &&
1407 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
1408 in6_dev->dev, 0)) {
1409 ND_PRINTK(2, info,
1410 "RA from local address detected on dev: %s: router info ignored.\n",
1411 skb->dev->name);
1412 goto skip_routeinfo;
1415 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1416 struct nd_opt_hdr *p;
1417 for (p = ndopts.nd_opts_ri;
1419 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1420 struct route_info *ri = (struct route_info *)p;
1421 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1422 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1423 ri->prefix_len == 0)
1424 continue;
1425 #endif
1426 if (ri->prefix_len == 0 &&
1427 !in6_dev->cnf.accept_ra_defrtr)
1428 continue;
1429 if (ri->prefix_len < in6_dev->cnf.accept_ra_rt_info_min_plen)
1430 continue;
1431 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1432 continue;
1433 rt6_route_rcv(skb->dev, (u8 *)p, (p->nd_opt_len) << 3,
1434 &ipv6_hdr(skb)->saddr);
1438 skip_routeinfo:
1439 #endif
1441 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1442 /* skip link-specific ndopts from interior routers */
1443 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1444 ND_PRINTK(2, info,
1445 "RA: %s, nodetype is NODEFAULT (interior routes), dev: %s\n",
1446 __func__, skb->dev->name);
1447 goto out;
1449 #endif
1451 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1452 struct nd_opt_hdr *p;
1453 for (p = ndopts.nd_opts_pi;
1455 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1456 addrconf_prefix_rcv(skb->dev, (u8 *)p,
1457 (p->nd_opt_len) << 3,
1458 ndopts.nd_opts_src_lladdr != NULL);
1462 if (ndopts.nd_opts_mtu && in6_dev->cnf.accept_ra_mtu) {
1463 __be32 n;
1464 u32 mtu;
1466 memcpy(&n, ((u8 *)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1467 mtu = ntohl(n);
1469 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1470 ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1471 } else if (in6_dev->cnf.mtu6 != mtu) {
1472 in6_dev->cnf.mtu6 = mtu;
1474 if (rt)
1475 dst_metric_set(&rt->dst, RTAX_MTU, mtu);
1477 rt6_mtu_change(skb->dev, mtu);
1481 if (ndopts.nd_useropts) {
1482 struct nd_opt_hdr *p;
1483 for (p = ndopts.nd_useropts;
1485 p = ndisc_next_useropt(skb->dev, p,
1486 ndopts.nd_useropts_end)) {
1487 ndisc_ra_useropt(skb, p);
1491 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1492 ND_PRINTK(2, warn, "RA: invalid RA options\n");
1494 out:
1495 ip6_rt_put(rt);
1496 if (neigh)
1497 neigh_release(neigh);
1500 static void ndisc_redirect_rcv(struct sk_buff *skb)
1502 u8 *hdr;
1503 struct ndisc_options ndopts;
1504 struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb);
1505 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
1506 offsetof(struct rd_msg, opt));
1508 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1509 switch (skb->ndisc_nodetype) {
1510 case NDISC_NODETYPE_HOST:
1511 case NDISC_NODETYPE_NODEFAULT:
1512 ND_PRINTK(2, warn,
1513 "Redirect: from host or unauthorized router\n");
1514 return;
1516 #endif
1518 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1519 ND_PRINTK(2, warn,
1520 "Redirect: source address is not link-local\n");
1521 return;
1524 if (!ndisc_parse_options(skb->dev, msg->opt, ndoptlen, &ndopts))
1525 return;
1527 if (!ndopts.nd_opts_rh) {
1528 ip6_redirect_no_header(skb, dev_net(skb->dev),
1529 skb->dev->ifindex, 0);
1530 return;
1533 hdr = (u8 *)ndopts.nd_opts_rh;
1534 hdr += 8;
1535 if (!pskb_pull(skb, hdr - skb_transport_header(skb)))
1536 return;
1538 icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1541 static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb,
1542 struct sk_buff *orig_skb,
1543 int rd_len)
1545 u8 *opt = skb_put(skb, rd_len);
1547 memset(opt, 0, 8);
1548 *(opt++) = ND_OPT_REDIRECT_HDR;
1549 *(opt++) = (rd_len >> 3);
1550 opt += 6;
1552 memcpy(opt, ipv6_hdr(orig_skb), rd_len - 8);
1555 void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1557 struct net_device *dev = skb->dev;
1558 struct net *net = dev_net(dev);
1559 struct sock *sk = net->ipv6.ndisc_sk;
1560 int optlen = 0;
1561 struct inet_peer *peer;
1562 struct sk_buff *buff;
1563 struct rd_msg *msg;
1564 struct in6_addr saddr_buf;
1565 struct rt6_info *rt;
1566 struct dst_entry *dst;
1567 struct flowi6 fl6;
1568 int rd_len;
1569 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL,
1570 ops_data_buf[NDISC_OPS_REDIRECT_DATA_SPACE], *ops_data = NULL;
1571 bool ret;
1573 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1574 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1575 dev->name);
1576 return;
1579 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1580 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1581 ND_PRINTK(2, warn,
1582 "Redirect: target address is not link-local unicast\n");
1583 return;
1586 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1587 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1589 dst = ip6_route_output(net, NULL, &fl6);
1590 if (dst->error) {
1591 dst_release(dst);
1592 return;
1594 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1595 if (IS_ERR(dst))
1596 return;
1598 rt = (struct rt6_info *) dst;
1600 if (rt->rt6i_flags & RTF_GATEWAY) {
1601 ND_PRINTK(2, warn,
1602 "Redirect: destination is not a neighbour\n");
1603 goto release;
1605 peer = inet_getpeer_v6(net->ipv6.peers, &ipv6_hdr(skb)->saddr, 1);
1606 ret = inet_peer_xrlim_allow(peer, 1*HZ);
1607 if (peer)
1608 inet_putpeer(peer);
1609 if (!ret)
1610 goto release;
1612 if (dev->addr_len) {
1613 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1614 if (!neigh) {
1615 ND_PRINTK(2, warn,
1616 "Redirect: no neigh for target address\n");
1617 goto release;
1620 read_lock_bh(&neigh->lock);
1621 if (neigh->nud_state & NUD_VALID) {
1622 memcpy(ha_buf, neigh->ha, dev->addr_len);
1623 read_unlock_bh(&neigh->lock);
1624 ha = ha_buf;
1625 optlen += ndisc_redirect_opt_addr_space(dev, neigh,
1626 ops_data_buf,
1627 &ops_data);
1628 } else
1629 read_unlock_bh(&neigh->lock);
1631 neigh_release(neigh);
1634 rd_len = min_t(unsigned int,
1635 IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen,
1636 skb->len + 8);
1637 rd_len &= ~0x7;
1638 optlen += rd_len;
1640 buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
1641 if (!buff)
1642 goto release;
1644 msg = skb_put(buff, sizeof(*msg));
1645 *msg = (struct rd_msg) {
1646 .icmph = {
1647 .icmp6_type = NDISC_REDIRECT,
1649 .target = *target,
1650 .dest = ipv6_hdr(skb)->daddr,
1654 * include target_address option
1657 if (ha)
1658 ndisc_fill_redirect_addr_option(buff, ha, ops_data);
1661 * build redirect option and copy skb over to the new packet.
1664 if (rd_len)
1665 ndisc_fill_redirect_hdr_option(buff, skb, rd_len);
1667 skb_dst_set(buff, dst);
1668 ndisc_send_skb(buff, &ipv6_hdr(skb)->saddr, &saddr_buf);
1669 return;
1671 release:
1672 dst_release(dst);
1675 static void pndisc_redo(struct sk_buff *skb)
1677 ndisc_recv_ns(skb);
1678 kfree_skb(skb);
1681 static bool ndisc_suppress_frag_ndisc(struct sk_buff *skb)
1683 struct inet6_dev *idev = __in6_dev_get(skb->dev);
1685 if (!idev)
1686 return true;
1687 if (IP6CB(skb)->flags & IP6SKB_FRAGMENTED &&
1688 idev->cnf.suppress_frag_ndisc) {
1689 net_warn_ratelimited("Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.\n");
1690 return true;
1692 return false;
1695 int ndisc_rcv(struct sk_buff *skb)
1697 struct nd_msg *msg;
1699 if (ndisc_suppress_frag_ndisc(skb))
1700 return 0;
1702 if (skb_linearize(skb))
1703 return 0;
1705 msg = (struct nd_msg *)skb_transport_header(skb);
1707 __skb_push(skb, skb->data - skb_transport_header(skb));
1709 if (ipv6_hdr(skb)->hop_limit != 255) {
1710 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1711 ipv6_hdr(skb)->hop_limit);
1712 return 0;
1715 if (msg->icmph.icmp6_code != 0) {
1716 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1717 msg->icmph.icmp6_code);
1718 return 0;
1721 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1723 switch (msg->icmph.icmp6_type) {
1724 case NDISC_NEIGHBOUR_SOLICITATION:
1725 ndisc_recv_ns(skb);
1726 break;
1728 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1729 ndisc_recv_na(skb);
1730 break;
1732 case NDISC_ROUTER_SOLICITATION:
1733 ndisc_recv_rs(skb);
1734 break;
1736 case NDISC_ROUTER_ADVERTISEMENT:
1737 ndisc_router_discovery(skb);
1738 break;
1740 case NDISC_REDIRECT:
1741 ndisc_redirect_rcv(skb);
1742 break;
1745 return 0;
1748 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1750 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1751 struct netdev_notifier_change_info *change_info;
1752 struct net *net = dev_net(dev);
1753 struct inet6_dev *idev;
1755 switch (event) {
1756 case NETDEV_CHANGEADDR:
1757 neigh_changeaddr(&nd_tbl, dev);
1758 fib6_run_gc(0, net, false);
1759 /* fallthrough */
1760 case NETDEV_UP:
1761 idev = in6_dev_get(dev);
1762 if (!idev)
1763 break;
1764 if (idev->cnf.ndisc_notify ||
1765 net->ipv6.devconf_all->ndisc_notify)
1766 ndisc_send_unsol_na(dev);
1767 in6_dev_put(idev);
1768 break;
1769 case NETDEV_CHANGE:
1770 change_info = ptr;
1771 if (change_info->flags_changed & IFF_NOARP)
1772 neigh_changeaddr(&nd_tbl, dev);
1773 break;
1774 case NETDEV_DOWN:
1775 neigh_ifdown(&nd_tbl, dev);
1776 fib6_run_gc(0, net, false);
1777 break;
1778 case NETDEV_NOTIFY_PEERS:
1779 ndisc_send_unsol_na(dev);
1780 break;
1781 default:
1782 break;
1785 return NOTIFY_DONE;
1788 static struct notifier_block ndisc_netdev_notifier = {
1789 .notifier_call = ndisc_netdev_event,
1790 .priority = ADDRCONF_NOTIFY_PRIORITY - 5,
1793 #ifdef CONFIG_SYSCTL
1794 static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1795 const char *func, const char *dev_name)
1797 static char warncomm[TASK_COMM_LEN];
1798 static int warned;
1799 if (strcmp(warncomm, current->comm) && warned < 5) {
1800 strcpy(warncomm, current->comm);
1801 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1802 warncomm, func,
1803 dev_name, ctl->procname,
1804 dev_name, ctl->procname);
1805 warned++;
1809 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
1811 struct net_device *dev = ctl->extra1;
1812 struct inet6_dev *idev;
1813 int ret;
1815 if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1816 (strcmp(ctl->procname, "base_reachable_time") == 0))
1817 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1819 if (strcmp(ctl->procname, "retrans_time") == 0)
1820 ret = neigh_proc_dointvec(ctl, write, buffer, lenp, ppos);
1822 else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1823 ret = neigh_proc_dointvec_jiffies(ctl, write,
1824 buffer, lenp, ppos);
1826 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1827 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1828 ret = neigh_proc_dointvec_ms_jiffies(ctl, write,
1829 buffer, lenp, ppos);
1830 else
1831 ret = -1;
1833 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1834 if (ctl->data == &NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME))
1835 idev->nd_parms->reachable_time =
1836 neigh_rand_reach_time(NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME));
1837 idev->tstamp = jiffies;
1838 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1839 in6_dev_put(idev);
1841 return ret;
1845 #endif
1847 static int __net_init ndisc_net_init(struct net *net)
1849 struct ipv6_pinfo *np;
1850 struct sock *sk;
1851 int err;
1853 err = inet_ctl_sock_create(&sk, PF_INET6,
1854 SOCK_RAW, IPPROTO_ICMPV6, net);
1855 if (err < 0) {
1856 ND_PRINTK(0, err,
1857 "NDISC: Failed to initialize the control socket (err %d)\n",
1858 err);
1859 return err;
1862 net->ipv6.ndisc_sk = sk;
1864 np = inet6_sk(sk);
1865 np->hop_limit = 255;
1866 /* Do not loopback ndisc messages */
1867 np->mc_loop = 0;
1869 return 0;
1872 static void __net_exit ndisc_net_exit(struct net *net)
1874 inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1877 static struct pernet_operations ndisc_net_ops = {
1878 .init = ndisc_net_init,
1879 .exit = ndisc_net_exit,
1882 int __init ndisc_init(void)
1884 int err;
1886 err = register_pernet_subsys(&ndisc_net_ops);
1887 if (err)
1888 return err;
1890 * Initialize the neighbour table
1892 neigh_table_init(NEIGH_ND_TABLE, &nd_tbl);
1894 #ifdef CONFIG_SYSCTL
1895 err = neigh_sysctl_register(NULL, &nd_tbl.parms,
1896 ndisc_ifinfo_sysctl_change);
1897 if (err)
1898 goto out_unregister_pernet;
1899 out:
1900 #endif
1901 return err;
1903 #ifdef CONFIG_SYSCTL
1904 out_unregister_pernet:
1905 unregister_pernet_subsys(&ndisc_net_ops);
1906 goto out;
1907 #endif
1910 int __init ndisc_late_init(void)
1912 return register_netdevice_notifier(&ndisc_netdev_notifier);
1915 void ndisc_late_cleanup(void)
1917 unregister_netdevice_notifier(&ndisc_netdev_notifier);
1920 void ndisc_cleanup(void)
1922 #ifdef CONFIG_SYSCTL
1923 neigh_sysctl_unregister(&nd_tbl.parms);
1924 #endif
1925 neigh_table_clear(NEIGH_ND_TABLE, &nd_tbl);
1926 unregister_pernet_subsys(&ndisc_net_ops);