search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
x86/mm: Add TLB purge to free pmd/pte page interfaces
[linux/fpc-iii.git] / net / ipv6 / ndisc.c
blob21f3bf2125f4a2bce427e7132ea5690fed12e7d7
1 /*
2 * Neighbour Discovery for IPv6
3 * Linux INET6 implementation
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 * Mike Shaver <shaver@ingenia.com>
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version
12 * 2 of the License, or (at your option) any later version.
13 */
14
15 /*
16 * Changes:
17 *
18 * Alexey I. Froloff : RFC6106 (DNSSL) support
19 * Pierre Ynard : export userland ND options
20 * through netlink (RDNSS support)
21 * Lars Fenneberg : fixed MTU setting on receipt
22 * of an RA.
23 * Janos Farkas : kmalloc failure checks
24 * Alexey Kuznetsov : state machine reworked
25 * and moved to net/core.
26 * Pekka Savola : RFC2461 validation
27 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly
28 */
29
30 #define pr_fmt(fmt) "ICMPv6: " fmt
31
32 #include <linux/module.h>
33 #include <linux/errno.h>
34 #include <linux/types.h>
35 #include <linux/socket.h>
36 #include <linux/sockios.h>
37 #include <linux/sched.h>
38 #include <linux/net.h>
39 #include <linux/in6.h>
40 #include <linux/route.h>
41 #include <linux/init.h>
42 #include <linux/rcupdate.h>
43 #include <linux/slab.h>
44 #ifdef CONFIG_SYSCTL
45 #include <linux/sysctl.h>
46 #endif
47
48 #include <linux/if_addr.h>
49 #include <linux/if_arp.h>
50 #include <linux/ipv6.h>
51 #include <linux/icmpv6.h>
52 #include <linux/jhash.h>
53
54 #include <net/sock.h>
55 #include <net/snmp.h>
56
57 #include <net/ipv6.h>
58 #include <net/protocol.h>
59 #include <net/ndisc.h>
60 #include <net/ip6_route.h>
61 #include <net/addrconf.h>
62 #include <net/icmp.h>
63
64 #include <net/netlink.h>
65 #include <linux/rtnetlink.h>
66
67 #include <net/flow.h>
68 #include <net/ip6_checksum.h>
69 #include <net/inet_common.h>
70 #include <linux/proc_fs.h>
71
72 #include <linux/netfilter.h>
73 #include <linux/netfilter_ipv6.h>
74
75 static u32 ndisc_hash(const void *pkey,
76 const struct net_device *dev,
77 __u32 *hash_rnd);
78 static bool ndisc_key_eq(const struct neighbour *neigh, const void *pkey);
79 static int ndisc_constructor(struct neighbour *neigh);
80 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
81 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
82 static int pndisc_constructor(struct pneigh_entry *n);
83 static void pndisc_destructor(struct pneigh_entry *n);
84 static void pndisc_redo(struct sk_buff *skb);
85
86 static const struct neigh_ops ndisc_generic_ops = {
87 .family = AF_INET6,
88 .solicit = ndisc_solicit,
89 .error_report = ndisc_error_report,
90 .output = neigh_resolve_output,
91 .connected_output = neigh_connected_output,
92 };
93
94 static const struct neigh_ops ndisc_hh_ops = {
95 .family = AF_INET6,
96 .solicit = ndisc_solicit,
97 .error_report = ndisc_error_report,
98 .output = neigh_resolve_output,
99 .connected_output = neigh_resolve_output,
100 };
101
102
103 static const struct neigh_ops ndisc_direct_ops = {
104 .family = AF_INET6,
105 .output = neigh_direct_output,
106 .connected_output = neigh_direct_output,
107 };
108
109 struct neigh_table nd_tbl = {
110 .family = AF_INET6,
111 .key_len = sizeof(struct in6_addr),
112 .protocol = cpu_to_be16(ETH_P_IPV6),
113 .hash = ndisc_hash,
114 .key_eq = ndisc_key_eq,
115 .constructor = ndisc_constructor,
116 .pconstructor = pndisc_constructor,
117 .pdestructor = pndisc_destructor,
118 .proxy_redo = pndisc_redo,
119 .id = "ndisc_cache",
120 .parms = {
121 .tbl = &nd_tbl,
122 .reachable_time = ND_REACHABLE_TIME,
123 .data = {
124 [NEIGH_VAR_MCAST_PROBES] = 3,
125 [NEIGH_VAR_UCAST_PROBES] = 3,
126 [NEIGH_VAR_RETRANS_TIME] = ND_RETRANS_TIMER,
127 [NEIGH_VAR_BASE_REACHABLE_TIME] = ND_REACHABLE_TIME,
128 [NEIGH_VAR_DELAY_PROBE_TIME] = 5 * HZ,
129 [NEIGH_VAR_GC_STALETIME] = 60 * HZ,
130 [NEIGH_VAR_QUEUE_LEN_BYTES] = 64 * 1024,
131 [NEIGH_VAR_PROXY_QLEN] = 64,
132 [NEIGH_VAR_ANYCAST_DELAY] = 1 * HZ,
133 [NEIGH_VAR_PROXY_DELAY] = (8 * HZ) / 10,
134 },
135 },
136 .gc_interval = 30 * HZ,
137 .gc_thresh1 = 128,
138 .gc_thresh2 = 512,
139 .gc_thresh3 = 1024,
140 };
141 EXPORT_SYMBOL_GPL(nd_tbl);
142
143 void __ndisc_fill_addr_option(struct sk_buff *skb, int type, void *data,
144 int data_len, int pad)
145 {
146 int space = __ndisc_opt_addr_space(data_len, pad);
147 u8 *opt = skb_put(skb, space);
148
149 opt[0] = type;
150 opt[1] = space>>3;
151
152 memset(opt + 2, 0, pad);
153 opt += pad;
154 space -= pad;
155
156 memcpy(opt+2, data, data_len);
157 data_len += 2;
158 opt += data_len;
159 space -= data_len;
160 if (space > 0)
161 memset(opt, 0, space);
162 }
163 EXPORT_SYMBOL_GPL(__ndisc_fill_addr_option);
164
165 static inline void ndisc_fill_addr_option(struct sk_buff *skb, int type,
166 void *data, u8 icmp6_type)
167 {
168 __ndisc_fill_addr_option(skb, type, data, skb->dev->addr_len,
169 ndisc_addr_option_pad(skb->dev->type));
170 ndisc_ops_fill_addr_option(skb->dev, skb, icmp6_type);
171 }
172
173 static inline void ndisc_fill_redirect_addr_option(struct sk_buff *skb,
174 void *ha,
175 const u8 *ops_data)
176 {
177 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR, ha, NDISC_REDIRECT);
178 ndisc_ops_fill_redirect_addr_option(skb->dev, skb, ops_data);
179 }
180
181 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
182 struct nd_opt_hdr *end)
183 {
184 int type;
185 if (!cur || !end || cur >= end)
186 return NULL;
187 type = cur->nd_opt_type;
188 do {
189 cur = ((void *)cur) + (cur->nd_opt_len << 3);
190 } while (cur < end && cur->nd_opt_type != type);
191 return cur <= end && cur->nd_opt_type == type ? cur : NULL;
192 }
193
194 static inline int ndisc_is_useropt(const struct net_device *dev,
195 struct nd_opt_hdr *opt)
196 {
197 return opt->nd_opt_type == ND_OPT_RDNSS ||
198 opt->nd_opt_type == ND_OPT_DNSSL ||
199 ndisc_ops_is_useropt(dev, opt->nd_opt_type);
200 }
201
202 static struct nd_opt_hdr *ndisc_next_useropt(const struct net_device *dev,
203 struct nd_opt_hdr *cur,
204 struct nd_opt_hdr *end)
205 {
206 if (!cur || !end || cur >= end)
207 return NULL;
208 do {
209 cur = ((void *)cur) + (cur->nd_opt_len << 3);
210 } while (cur < end && !ndisc_is_useropt(dev, cur));
211 return cur <= end && ndisc_is_useropt(dev, cur) ? cur : NULL;
212 }
213
214 struct ndisc_options *ndisc_parse_options(const struct net_device *dev,
215 u8 *opt, int opt_len,
216 struct ndisc_options *ndopts)
217 {
218 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
219
220 if (!nd_opt || opt_len < 0 || !ndopts)
221 return NULL;
222 memset(ndopts, 0, sizeof(*ndopts));
223 while (opt_len) {
224 int l;
225 if (opt_len < sizeof(struct nd_opt_hdr))
226 return NULL;
227 l = nd_opt->nd_opt_len << 3;
228 if (opt_len < l || l == 0)
229 return NULL;
230 if (ndisc_ops_parse_options(dev, nd_opt, ndopts))
231 goto next_opt;
232 switch (nd_opt->nd_opt_type) {
233 case ND_OPT_SOURCE_LL_ADDR:
234 case ND_OPT_TARGET_LL_ADDR:
235 case ND_OPT_MTU:
236 case ND_OPT_REDIRECT_HDR:
237 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
238 ND_PRINTK(2, warn,
239 "%s: duplicated ND6 option found: type=%d\n",
240 __func__, nd_opt->nd_opt_type);
241 } else {
242 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
243 }
244 break;
245 case ND_OPT_PREFIX_INFO:
246 ndopts->nd_opts_pi_end = nd_opt;
247 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
248 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
249 break;
250 #ifdef CONFIG_IPV6_ROUTE_INFO
251 case ND_OPT_ROUTE_INFO:
252 ndopts->nd_opts_ri_end = nd_opt;
253 if (!ndopts->nd_opts_ri)
254 ndopts->nd_opts_ri = nd_opt;
255 break;
256 #endif
257 default:
258 if (ndisc_is_useropt(dev, nd_opt)) {
259 ndopts->nd_useropts_end = nd_opt;
260 if (!ndopts->nd_useropts)
261 ndopts->nd_useropts = nd_opt;
262 } else {
263 /*
264 * Unknown options must be silently ignored,
265 * to accommodate future extension to the
266 * protocol.
267 */
268 ND_PRINTK(2, notice,
269 "%s: ignored unsupported option; type=%d, len=%d\n",
270 __func__,
271 nd_opt->nd_opt_type,
272 nd_opt->nd_opt_len);
273 }
274 }
275 next_opt:
276 opt_len -= l;
277 nd_opt = ((void *)nd_opt) + l;
278 }
279 return ndopts;
280 }
281
282 int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
283 {
284 switch (dev->type) {
285 case ARPHRD_ETHER:
286 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */
287 case ARPHRD_FDDI:
288 ipv6_eth_mc_map(addr, buf);
289 return 0;
290 case ARPHRD_ARCNET:
291 ipv6_arcnet_mc_map(addr, buf);
292 return 0;
293 case ARPHRD_INFINIBAND:
294 ipv6_ib_mc_map(addr, dev->broadcast, buf);
295 return 0;
296 case ARPHRD_IPGRE:
297 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
298 default:
299 if (dir) {
300 memcpy(buf, dev->broadcast, dev->addr_len);
301 return 0;
302 }
303 }
304 return -EINVAL;
305 }
306 EXPORT_SYMBOL(ndisc_mc_map);
307
308 static u32 ndisc_hash(const void *pkey,
309 const struct net_device *dev,
310 __u32 *hash_rnd)
311 {
312 return ndisc_hashfn(pkey, dev, hash_rnd);
313 }
314
315 static bool ndisc_key_eq(const struct neighbour *n, const void *pkey)
316 {
317 return neigh_key_eq128(n, pkey);
318 }
319
320 static int ndisc_constructor(struct neighbour *neigh)
321 {
322 struct in6_addr *addr = (struct in6_addr *)&neigh->primary_key;
323 struct net_device *dev = neigh->dev;
324 struct inet6_dev *in6_dev;
325 struct neigh_parms *parms;
326 bool is_multicast = ipv6_addr_is_multicast(addr);
327
328 in6_dev = in6_dev_get(dev);
329 if (!in6_dev) {
330 return -EINVAL;
331 }
332
333 parms = in6_dev->nd_parms;
334 __neigh_parms_put(neigh->parms);
335 neigh->parms = neigh_parms_clone(parms);
336
337 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
338 if (!dev->header_ops) {
339 neigh->nud_state = NUD_NOARP;
340 neigh->ops = &ndisc_direct_ops;
341 neigh->output = neigh_direct_output;
342 } else {
343 if (is_multicast) {
344 neigh->nud_state = NUD_NOARP;
345 ndisc_mc_map(addr, neigh->ha, dev, 1);
346 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
347 neigh->nud_state = NUD_NOARP;
348 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
349 if (dev->flags&IFF_LOOPBACK)
350 neigh->type = RTN_LOCAL;
351 } else if (dev->flags&IFF_POINTOPOINT) {
352 neigh->nud_state = NUD_NOARP;
353 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
354 }
355 if (dev->header_ops->cache)
356 neigh->ops = &ndisc_hh_ops;
357 else
358 neigh->ops = &ndisc_generic_ops;
359 if (neigh->nud_state&NUD_VALID)
360 neigh->output = neigh->ops->connected_output;
361 else
362 neigh->output = neigh->ops->output;
363 }
364 in6_dev_put(in6_dev);
365 return 0;
366 }
367
368 static int pndisc_constructor(struct pneigh_entry *n)
369 {
370 struct in6_addr *addr = (struct in6_addr *)&n->key;
371 struct in6_addr maddr;
372 struct net_device *dev = n->dev;
373
374 if (!dev || !__in6_dev_get(dev))
375 return -EINVAL;
376 addrconf_addr_solict_mult(addr, &maddr);
377 ipv6_dev_mc_inc(dev, &maddr);
378 return 0;
379 }
380
381 static void pndisc_destructor(struct pneigh_entry *n)
382 {
383 struct in6_addr *addr = (struct in6_addr *)&n->key;
384 struct in6_addr maddr;
385 struct net_device *dev = n->dev;
386
387 if (!dev || !__in6_dev_get(dev))
388 return;
389 addrconf_addr_solict_mult(addr, &maddr);
390 ipv6_dev_mc_dec(dev, &maddr);
391 }
392
393 static struct sk_buff *ndisc_alloc_skb(struct net_device *dev,
394 int len)
395 {
396 int hlen = LL_RESERVED_SPACE(dev);
397 int tlen = dev->needed_tailroom;
398 struct sock *sk = dev_net(dev)->ipv6.ndisc_sk;
399 struct sk_buff *skb;
400
401 skb = alloc_skb(hlen + sizeof(struct ipv6hdr) + len + tlen, GFP_ATOMIC);
402 if (!skb) {
403 ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb\n",
404 __func__);
405 return NULL;
406 }
407
408 skb->protocol = htons(ETH_P_IPV6);
409 skb->dev = dev;
410
411 skb_reserve(skb, hlen + sizeof(struct ipv6hdr));
412 skb_reset_transport_header(skb);
413
414 /* Manually assign socket ownership as we avoid calling
415 * sock_alloc_send_pskb() to bypass wmem buffer limits
416 */
417 skb_set_owner_w(skb, sk);
418
419 return skb;
420 }
421
422 static void ip6_nd_hdr(struct sk_buff *skb,
423 const struct in6_addr *saddr,
424 const struct in6_addr *daddr,
425 int hop_limit, int len)
426 {
427 struct ipv6hdr *hdr;
428
429 skb_push(skb, sizeof(*hdr));
430 skb_reset_network_header(skb);
431 hdr = ipv6_hdr(skb);
432
433 ip6_flow_hdr(hdr, 0, 0);
434
435 hdr->payload_len = htons(len);
436 hdr->nexthdr = IPPROTO_ICMPV6;
437 hdr->hop_limit = hop_limit;
438
439 hdr->saddr = *saddr;
440 hdr->daddr = *daddr;
441 }
442
443 static void ndisc_send_skb(struct sk_buff *skb,
444 const struct in6_addr *daddr,
445 const struct in6_addr *saddr)
446 {
447 struct dst_entry *dst = skb_dst(skb);
448 struct net *net = dev_net(skb->dev);
449 struct sock *sk = net->ipv6.ndisc_sk;
450 struct inet6_dev *idev;
451 int err;
452 struct icmp6hdr *icmp6h = icmp6_hdr(skb);
453 u8 type;
454
455 type = icmp6h->icmp6_type;
456
457 if (!dst) {
458 struct flowi6 fl6;
459 int oif = skb->dev->ifindex;
460
461 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, oif);
462 dst = icmp6_dst_alloc(skb->dev, &fl6);
463 if (IS_ERR(dst)) {
464 kfree_skb(skb);
465 return;
466 }
467
468 skb_dst_set(skb, dst);
469 }
470
471 icmp6h->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len,
472 IPPROTO_ICMPV6,
473 csum_partial(icmp6h,
474 skb->len, 0));
475
476 ip6_nd_hdr(skb, saddr, daddr, inet6_sk(sk)->hop_limit, skb->len);
477
478 rcu_read_lock();
479 idev = __in6_dev_get(dst->dev);
480 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
481
482 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT,
483 net, sk, skb, NULL, dst->dev,
484 dst_output);
485 if (!err) {
486 ICMP6MSGOUT_INC_STATS(net, idev, type);
487 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
488 }
489
490 rcu_read_unlock();
491 }
492
493 void ndisc_send_na(struct net_device *dev, const struct in6_addr *daddr,
494 const struct in6_addr *solicited_addr,
495 bool router, bool solicited, bool override, bool inc_opt)
496 {
497 struct sk_buff *skb;
498 struct in6_addr tmpaddr;
499 struct inet6_ifaddr *ifp;
500 const struct in6_addr *src_addr;
501 struct nd_msg *msg;
502 int optlen = 0;
503
504 /* for anycast or proxy, solicited_addr != src_addr */
505 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
506 if (ifp) {
507 src_addr = solicited_addr;
508 if (ifp->flags & IFA_F_OPTIMISTIC)
509 override = false;
510 inc_opt |= ifp->idev->cnf.force_tllao;
511 in6_ifa_put(ifp);
512 } else {
513 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
514 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
515 &tmpaddr))
516 return;
517 src_addr = &tmpaddr;
518 }
519
520 if (!dev->addr_len)
521 inc_opt = 0;
522 if (inc_opt)
523 optlen += ndisc_opt_addr_space(dev,
524 NDISC_NEIGHBOUR_ADVERTISEMENT);
525
526 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
527 if (!skb)
528 return;
529
530 msg = (struct nd_msg *)skb_put(skb, sizeof(*msg));
531 *msg = (struct nd_msg) {
532 .icmph = {
533 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
534 .icmp6_router = router,
535 .icmp6_solicited = solicited,
536 .icmp6_override = override,
537 },
538 .target = *solicited_addr,
539 };
540
541 if (inc_opt)
542 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR,
543 dev->dev_addr,
544 NDISC_NEIGHBOUR_ADVERTISEMENT);
545
546 ndisc_send_skb(skb, daddr, src_addr);
547 }
548
549 static void ndisc_send_unsol_na(struct net_device *dev)
550 {
551 struct inet6_dev *idev;
552 struct inet6_ifaddr *ifa;
553
554 idev = in6_dev_get(dev);
555 if (!idev)
556 return;
557
558 read_lock_bh(&idev->lock);
559 list_for_each_entry(ifa, &idev->addr_list, if_list) {
560 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &ifa->addr,
561 /*router=*/ !!idev->cnf.forwarding,
562 /*solicited=*/ false, /*override=*/ true,
563 /*inc_opt=*/ true);
564 }
565 read_unlock_bh(&idev->lock);
566
567 in6_dev_put(idev);
568 }
569
570 void ndisc_send_ns(struct net_device *dev, const struct in6_addr *solicit,
571 const struct in6_addr *daddr, const struct in6_addr *saddr)
572 {
573 struct sk_buff *skb;
574 struct in6_addr addr_buf;
575 int inc_opt = dev->addr_len;
576 int optlen = 0;
577 struct nd_msg *msg;
578
579 if (!saddr) {
580 if (ipv6_get_lladdr(dev, &addr_buf,
581 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
582 return;
583 saddr = &addr_buf;
584 }
585
586 if (ipv6_addr_any(saddr))
587 inc_opt = false;
588 if (inc_opt)
589 optlen += ndisc_opt_addr_space(dev,
590 NDISC_NEIGHBOUR_SOLICITATION);
591
592 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
593 if (!skb)
594 return;
595
596 msg = (struct nd_msg *)skb_put(skb, sizeof(*msg));
597 *msg = (struct nd_msg) {
598 .icmph = {
599 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
600 },
601 .target = *solicit,
602 };
603
604 if (inc_opt)
605 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
606 dev->dev_addr,
607 NDISC_NEIGHBOUR_SOLICITATION);
608
609 ndisc_send_skb(skb, daddr, saddr);
610 }
611
612 void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
613 const struct in6_addr *daddr)
614 {
615 struct sk_buff *skb;
616 struct rs_msg *msg;
617 int send_sllao = dev->addr_len;
618 int optlen = 0;
619
620 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
621 /*
622 * According to section 2.2 of RFC 4429, we must not
623 * send router solicitations with a sllao from
624 * optimistic addresses, but we may send the solicitation
625 * if we don't include the sllao. So here we check
626 * if our address is optimistic, and if so, we
627 * suppress the inclusion of the sllao.
628 */
629 if (send_sllao) {
630 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
631 dev, 1);
632 if (ifp) {
633 if (ifp->flags & IFA_F_OPTIMISTIC) {
634 send_sllao = 0;
635 }
636 in6_ifa_put(ifp);
637 } else {
638 send_sllao = 0;
639 }
640 }
641 #endif
642 if (send_sllao)
643 optlen += ndisc_opt_addr_space(dev, NDISC_ROUTER_SOLICITATION);
644
645 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
646 if (!skb)
647 return;
648
649 msg = (struct rs_msg *)skb_put(skb, sizeof(*msg));
650 *msg = (struct rs_msg) {
651 .icmph = {
652 .icmp6_type = NDISC_ROUTER_SOLICITATION,
653 },
654 };
655
656 if (send_sllao)
657 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
658 dev->dev_addr,
659 NDISC_ROUTER_SOLICITATION);
660
661 ndisc_send_skb(skb, daddr, saddr);
662 }
663
664
665 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
666 {
667 /*
668 * "The sender MUST return an ICMP
669 * destination unreachable"
670 */
671 dst_link_failure(skb);
672 kfree_skb(skb);
673 }
674
675 /* Called with locked neigh: either read or both */
676
677 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
678 {
679 struct in6_addr *saddr = NULL;
680 struct in6_addr mcaddr;
681 struct net_device *dev = neigh->dev;
682 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
683 int probes = atomic_read(&neigh->probes);
684
685 if (skb && ipv6_chk_addr_and_flags(dev_net(dev), &ipv6_hdr(skb)->saddr,
686 dev, 1,
687 IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))
688 saddr = &ipv6_hdr(skb)->saddr;
689 probes -= NEIGH_VAR(neigh->parms, UCAST_PROBES);
690 if (probes < 0) {
691 if (!(neigh->nud_state & NUD_VALID)) {
692 ND_PRINTK(1, dbg,
693 "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
694 __func__, target);
695 }
696 ndisc_send_ns(dev, target, target, saddr);
697 } else if ((probes -= NEIGH_VAR(neigh->parms, APP_PROBES)) < 0) {
698 neigh_app_ns(neigh);
699 } else {
700 addrconf_addr_solict_mult(target, &mcaddr);
701 ndisc_send_ns(dev, target, &mcaddr, saddr);
702 }
703 }
704
705 static int pndisc_is_router(const void *pkey,
706 struct net_device *dev)
707 {
708 struct pneigh_entry *n;
709 int ret = -1;
710
711 read_lock_bh(&nd_tbl.lock);
712 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
713 if (n)
714 ret = !!(n->flags & NTF_ROUTER);
715 read_unlock_bh(&nd_tbl.lock);
716
717 return ret;
718 }
719
720 void ndisc_update(const struct net_device *dev, struct neighbour *neigh,
721 const u8 *lladdr, u8 new, u32 flags, u8 icmp6_type,
722 struct ndisc_options *ndopts)
723 {
724 neigh_update(neigh, lladdr, new, flags);
725 /* report ndisc ops about neighbour update */
726 ndisc_ops_update(dev, neigh, flags, icmp6_type, ndopts);
727 }
728
729 static void ndisc_recv_ns(struct sk_buff *skb)
730 {
731 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
732 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
733 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
734 u8 *lladdr = NULL;
735 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
736 offsetof(struct nd_msg, opt));
737 struct ndisc_options ndopts;
738 struct net_device *dev = skb->dev;
739 struct inet6_ifaddr *ifp;
740 struct inet6_dev *idev = NULL;
741 struct neighbour *neigh;
742 int dad = ipv6_addr_any(saddr);
743 bool inc;
744 int is_router = -1;
745
746 if (skb->len < sizeof(struct nd_msg)) {
747 ND_PRINTK(2, warn, "NS: packet too short\n");
748 return;
749 }
750
751 if (ipv6_addr_is_multicast(&msg->target)) {
752 ND_PRINTK(2, warn, "NS: multicast target address\n");
753 return;
754 }
755
756 /*
757 * RFC2461 7.1.1:
758 * DAD has to be destined for solicited node multicast address.
759 */
760 if (dad && !ipv6_addr_is_solict_mult(daddr)) {
761 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
762 return;
763 }
764
765 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
766 ND_PRINTK(2, warn, "NS: invalid ND options\n");
767 return;
768 }
769
770 if (ndopts.nd_opts_src_lladdr) {
771 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
772 if (!lladdr) {
773 ND_PRINTK(2, warn,
774 "NS: invalid link-layer address length\n");
775 return;
776 }
777
778 /* RFC2461 7.1.1:
779 * If the IP source address is the unspecified address,
780 * there MUST NOT be source link-layer address option
781 * in the message.
782 */
783 if (dad) {
784 ND_PRINTK(2, warn,
785 "NS: bad DAD packet (link-layer address option)\n");
786 return;
787 }
788 }
789
790 inc = ipv6_addr_is_multicast(daddr);
791
792 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
793 if (ifp) {
794 have_ifp:
795 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
796 if (dad) {
797 /*
798 * We are colliding with another node
799 * who is doing DAD
800 * so fail our DAD process
801 */
802 addrconf_dad_failure(ifp);
803 return;
804 } else {
805 /*
806 * This is not a dad solicitation.
807 * If we are an optimistic node,
808 * we should respond.
809 * Otherwise, we should ignore it.
810 */
811 if (!(ifp->flags & IFA_F_OPTIMISTIC))
812 goto out;
813 }
814 }
815
816 idev = ifp->idev;
817 } else {
818 struct net *net = dev_net(dev);
819
820 /* perhaps an address on the master device */
821 if (netif_is_l3_slave(dev)) {
822 struct net_device *mdev;
823
824 mdev = netdev_master_upper_dev_get_rcu(dev);
825 if (mdev) {
826 ifp = ipv6_get_ifaddr(net, &msg->target, mdev, 1);
827 if (ifp)
828 goto have_ifp;
829 }
830 }
831
832 idev = in6_dev_get(dev);
833 if (!idev) {
834 /* XXX: count this drop? */
835 return;
836 }
837
838 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
839 (idev->cnf.forwarding &&
840 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
841 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
842 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
843 skb->pkt_type != PACKET_HOST &&
844 inc &&
845 NEIGH_VAR(idev->nd_parms, PROXY_DELAY) != 0) {
846 /*
847 * for anycast or proxy,
848 * sender should delay its response
849 * by a random time between 0 and
850 * MAX_ANYCAST_DELAY_TIME seconds.
851 * (RFC2461) -- yoshfuji
852 */
853 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
854 if (n)
855 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
856 goto out;
857 }
858 } else
859 goto out;
860 }
861
862 if (is_router < 0)
863 is_router = idev->cnf.forwarding;
864
865 if (dad) {
866 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &msg->target,
867 !!is_router, false, (ifp != NULL), true);
868 goto out;
869 }
870
871 if (inc)
872 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
873 else
874 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
875
876 /*
877 * update / create cache entry
878 * for the source address
879 */
880 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
881 !inc || lladdr || !dev->addr_len);
882 if (neigh)
883 ndisc_update(dev, neigh, lladdr, NUD_STALE,
884 NEIGH_UPDATE_F_WEAK_OVERRIDE|
885 NEIGH_UPDATE_F_OVERRIDE,
886 NDISC_NEIGHBOUR_SOLICITATION, &ndopts);
887 if (neigh || !dev->header_ops) {
888 ndisc_send_na(dev, saddr, &msg->target, !!is_router,
889 true, (ifp != NULL && inc), inc);
890 if (neigh)
891 neigh_release(neigh);
892 }
893
894 out:
895 if (ifp)
896 in6_ifa_put(ifp);
897 else
898 in6_dev_put(idev);
899 }
900
901 static void ndisc_recv_na(struct sk_buff *skb)
902 {
903 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
904 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
905 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
906 u8 *lladdr = NULL;
907 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
908 offsetof(struct nd_msg, opt));
909 struct ndisc_options ndopts;
910 struct net_device *dev = skb->dev;
911 struct inet6_dev *idev = __in6_dev_get(dev);
912 struct inet6_ifaddr *ifp;
913 struct neighbour *neigh;
914
915 if (skb->len < sizeof(struct nd_msg)) {
916 ND_PRINTK(2, warn, "NA: packet too short\n");
917 return;
918 }
919
920 if (ipv6_addr_is_multicast(&msg->target)) {
921 ND_PRINTK(2, warn, "NA: target address is multicast\n");
922 return;
923 }
924
925 if (ipv6_addr_is_multicast(daddr) &&
926 msg->icmph.icmp6_solicited) {
927 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
928 return;
929 }
930
931 /* For some 802.11 wireless deployments (and possibly other networks),
932 * there will be a NA proxy and unsolicitd packets are attacks
933 * and thus should not be accepted.
934 */
935 if (!msg->icmph.icmp6_solicited && idev &&
936 idev->cnf.drop_unsolicited_na)
937 return;
938
939 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
940 ND_PRINTK(2, warn, "NS: invalid ND option\n");
941 return;
942 }
943 if (ndopts.nd_opts_tgt_lladdr) {
944 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
945 if (!lladdr) {
946 ND_PRINTK(2, warn,
947 "NA: invalid link-layer address length\n");
948 return;
949 }
950 }
951 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
952 if (ifp) {
953 if (skb->pkt_type != PACKET_LOOPBACK
954 && (ifp->flags & IFA_F_TENTATIVE)) {
955 addrconf_dad_failure(ifp);
956 return;
957 }
958 /* What should we make now? The advertisement
959 is invalid, but ndisc specs say nothing
960 about it. It could be misconfiguration, or
961 an smart proxy agent tries to help us :-)
962
963 We should not print the error if NA has been
964 received from loopback - it is just our own
965 unsolicited advertisement.
966 */
967 if (skb->pkt_type != PACKET_LOOPBACK)
968 ND_PRINTK(1, warn,
969 "NA: someone advertises our address %pI6 on %s!\n",
970 &ifp->addr, ifp->idev->dev->name);
971 in6_ifa_put(ifp);
972 return;
973 }
974 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
975
976 if (neigh) {
977 u8 old_flags = neigh->flags;
978 struct net *net = dev_net(dev);
979
980 if (neigh->nud_state & NUD_FAILED)
981 goto out;
982
983 /*
984 * Don't update the neighbor cache entry on a proxy NA from
985 * ourselves because either the proxied node is off link or it
986 * has already sent a NA to us.
987 */
988 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
989 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
990 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
991 /* XXX: idev->cnf.proxy_ndp */
992 goto out;
993 }
994
995 ndisc_update(dev, neigh, lladdr,
996 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
997 NEIGH_UPDATE_F_WEAK_OVERRIDE|
998 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
999 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1000 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0),
1001 NDISC_NEIGHBOUR_ADVERTISEMENT, &ndopts);
1002
1003 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
1004 /*
1005 * Change: router to host
1006 */
1007 rt6_clean_tohost(dev_net(dev), saddr);
1008 }
1009
1010 out:
1011 neigh_release(neigh);
1012 }
1013 }
1014
1015 static void ndisc_recv_rs(struct sk_buff *skb)
1016 {
1017 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
1018 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
1019 struct neighbour *neigh;
1020 struct inet6_dev *idev;
1021 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
1022 struct ndisc_options ndopts;
1023 u8 *lladdr = NULL;
1024
1025 if (skb->len < sizeof(*rs_msg))
1026 return;
1027
1028 idev = __in6_dev_get(skb->dev);
1029 if (!idev) {
1030 ND_PRINTK(1, err, "RS: can't find in6 device\n");
1031 return;
1032 }
1033
1034 /* Don't accept RS if we're not in router mode */
1035 if (!idev->cnf.forwarding)
1036 goto out;
1037
1038 /*
1039 * Don't update NCE if src = ::;
1040 * this implies that the source node has no ip address assigned yet.
1041 */
1042 if (ipv6_addr_any(saddr))
1043 goto out;
1044
1045 /* Parse ND options */
1046 if (!ndisc_parse_options(skb->dev, rs_msg->opt, ndoptlen, &ndopts)) {
1047 ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n");
1048 goto out;
1049 }
1050
1051 if (ndopts.nd_opts_src_lladdr) {
1052 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1053 skb->dev);
1054 if (!lladdr)
1055 goto out;
1056 }
1057
1058 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1059 if (neigh) {
1060 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1061 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1062 NEIGH_UPDATE_F_OVERRIDE|
1063 NEIGH_UPDATE_F_OVERRIDE_ISROUTER,
1064 NDISC_ROUTER_SOLICITATION, &ndopts);
1065 neigh_release(neigh);
1066 }
1067 out:
1068 return;
1069 }
1070
1071 static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1072 {
1073 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1074 struct sk_buff *skb;
1075 struct nlmsghdr *nlh;
1076 struct nduseroptmsg *ndmsg;
1077 struct net *net = dev_net(ra->dev);
1078 int err;
1079 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1080 + (opt->nd_opt_len << 3));
1081 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1082
1083 skb = nlmsg_new(msg_size, GFP_ATOMIC);
1084 if (!skb) {
1085 err = -ENOBUFS;
1086 goto errout;
1087 }
1088
1089 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1090 if (!nlh) {
1091 goto nla_put_failure;
1092 }
1093
1094 ndmsg = nlmsg_data(nlh);
1095 ndmsg->nduseropt_family = AF_INET6;
1096 ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1097 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1098 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1099 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1100
1101 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1102
1103 if (nla_put_in6_addr(skb, NDUSEROPT_SRCADDR, &ipv6_hdr(ra)->saddr))
1104 goto nla_put_failure;
1105 nlmsg_end(skb, nlh);
1106
1107 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1108 return;
1109
1110 nla_put_failure:
1111 nlmsg_free(skb);
1112 err = -EMSGSIZE;
1113 errout:
1114 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1115 }
1116
1117 static void ndisc_router_discovery(struct sk_buff *skb)
1118 {
1119 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1120 struct neighbour *neigh = NULL;
1121 struct inet6_dev *in6_dev;
1122 struct rt6_info *rt = NULL;
1123 int lifetime;
1124 struct ndisc_options ndopts;
1125 int optlen;
1126 unsigned int pref = 0;
1127 __u32 old_if_flags;
1128 bool send_ifinfo_notify = false;
1129
1130 __u8 *opt = (__u8 *)(ra_msg + 1);
1131
1132 optlen = (skb_tail_pointer(skb) - skb_transport_header(skb)) -
1133 sizeof(struct ra_msg);
1134
1135 ND_PRINTK(2, info,
1136 "RA: %s, dev: %s\n",
1137 __func__, skb->dev->name);
1138 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1139 ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1140 return;
1141 }
1142 if (optlen < 0) {
1143 ND_PRINTK(2, warn, "RA: packet too short\n");
1144 return;
1145 }
1146
1147 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1148 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1149 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
1150 return;
1151 }
1152 #endif
1153
1154 /*
1155 * set the RA_RECV flag in the interface
1156 */
1157
1158 in6_dev = __in6_dev_get(skb->dev);
1159 if (!in6_dev) {
1160 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1161 skb->dev->name);
1162 return;
1163 }
1164
1165 if (!ndisc_parse_options(skb->dev, opt, optlen, &ndopts)) {
1166 ND_PRINTK(2, warn, "RA: invalid ND options\n");
1167 return;
1168 }
1169
1170 if (!ipv6_accept_ra(in6_dev)) {
1171 ND_PRINTK(2, info,
1172 "RA: %s, did not accept ra for dev: %s\n",
1173 __func__, skb->dev->name);
1174 goto skip_linkparms;
1175 }
1176
1177 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1178 /* skip link-specific parameters from interior routers */
1179 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1180 ND_PRINTK(2, info,
1181 "RA: %s, nodetype is NODEFAULT, dev: %s\n",
1182 __func__, skb->dev->name);
1183 goto skip_linkparms;
1184 }
1185 #endif
1186
1187 if (in6_dev->if_flags & IF_RS_SENT) {
1188 /*
1189 * flag that an RA was received after an RS was sent
1190 * out on this interface.
1191 */
1192 in6_dev->if_flags |= IF_RA_RCVD;
1193 }
1194
1195 /*
1196 * Remember the managed/otherconf flags from most recently
1197 * received RA message (RFC 2462) -- yoshfuji
1198 */
1199 old_if_flags = in6_dev->if_flags;
1200 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1201 IF_RA_OTHERCONF)) |
1202 (ra_msg->icmph.icmp6_addrconf_managed ?
1203 IF_RA_MANAGED : 0) |
1204 (ra_msg->icmph.icmp6_addrconf_other ?
1205 IF_RA_OTHERCONF : 0);
1206
1207 if (old_if_flags != in6_dev->if_flags)
1208 send_ifinfo_notify = true;
1209
1210 if (!in6_dev->cnf.accept_ra_defrtr) {
1211 ND_PRINTK(2, info,
1212 "RA: %s, defrtr is false for dev: %s\n",
1213 __func__, skb->dev->name);
1214 goto skip_defrtr;
1215 }
1216
1217 /* Do not accept RA with source-addr found on local machine unless
1218 * accept_ra_from_local is set to true.
1219 */
1220 if (!in6_dev->cnf.accept_ra_from_local &&
1221 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
1222 in6_dev->dev, 0)) {
1223 ND_PRINTK(2, info,
1224 "RA from local address detected on dev: %s: default router ignored\n",
1225 skb->dev->name);
1226 goto skip_defrtr;
1227 }
1228
1229 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1230
1231 #ifdef CONFIG_IPV6_ROUTER_PREF
1232 pref = ra_msg->icmph.icmp6_router_pref;
1233 /* 10b is handled as if it were 00b (medium) */
1234 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1235 !in6_dev->cnf.accept_ra_rtr_pref)
1236 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1237 #endif
1238
1239 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1240
1241 if (rt) {
1242 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1243 if (!neigh) {
1244 ND_PRINTK(0, err,
1245 "RA: %s got default router without neighbour\n",
1246 __func__);
1247 ip6_rt_put(rt);
1248 return;
1249 }
1250 }
1251 if (rt && lifetime == 0) {
1252 ip6_del_rt(rt);
1253 rt = NULL;
1254 }
1255
1256 ND_PRINTK(3, info, "RA: rt: %p lifetime: %d, for dev: %s\n",
1257 rt, lifetime, skb->dev->name);
1258 if (!rt && lifetime) {
1259 ND_PRINTK(3, info, "RA: adding default router\n");
1260
1261 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
1262 if (!rt) {
1263 ND_PRINTK(0, err,
1264 "RA: %s failed to add default route\n",
1265 __func__);
1266 return;
1267 }
1268
1269 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1270 if (!neigh) {
1271 ND_PRINTK(0, err,
1272 "RA: %s got default router without neighbour\n",
1273 __func__);
1274 ip6_rt_put(rt);
1275 return;
1276 }
1277 neigh->flags |= NTF_ROUTER;
1278 } else if (rt) {
1279 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1280 }
1281
1282 if (rt)
1283 rt6_set_expires(rt, jiffies + (HZ * lifetime));
1284 if (in6_dev->cnf.accept_ra_min_hop_limit < 256 &&
1285 ra_msg->icmph.icmp6_hop_limit) {
1286 if (in6_dev->cnf.accept_ra_min_hop_limit <= ra_msg->icmph.icmp6_hop_limit) {
1287 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1288 if (rt)
1289 dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
1290 ra_msg->icmph.icmp6_hop_limit);
1291 } else {
1292 ND_PRINTK(2, warn, "RA: Got route advertisement with lower hop_limit than minimum\n");
1293 }
1294 }
1295
1296 skip_defrtr:
1297
1298 /*
1299 * Update Reachable Time and Retrans Timer
1300 */
1301
1302 if (in6_dev->nd_parms) {
1303 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1304
1305 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1306 rtime = (rtime*HZ)/1000;
1307 if (rtime < HZ/10)
1308 rtime = HZ/10;
1309 NEIGH_VAR_SET(in6_dev->nd_parms, RETRANS_TIME, rtime);
1310 in6_dev->tstamp = jiffies;
1311 send_ifinfo_notify = true;
1312 }
1313
1314 rtime = ntohl(ra_msg->reachable_time);
1315 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1316 rtime = (rtime*HZ)/1000;
1317
1318 if (rtime < HZ/10)
1319 rtime = HZ/10;
1320
1321 if (rtime != NEIGH_VAR(in6_dev->nd_parms, BASE_REACHABLE_TIME)) {
1322 NEIGH_VAR_SET(in6_dev->nd_parms,
1323 BASE_REACHABLE_TIME, rtime);
1324 NEIGH_VAR_SET(in6_dev->nd_parms,
1325 GC_STALETIME, 3 * rtime);
1326 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1327 in6_dev->tstamp = jiffies;
1328 send_ifinfo_notify = true;
1329 }
1330 }
1331 }
1332
1333 /*
1334 * Send a notify if RA changed managed/otherconf flags or timer settings
1335 */
1336 if (send_ifinfo_notify)
1337 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1338
1339 skip_linkparms:
1340
1341 /*
1342 * Process options.
1343 */
1344
1345 if (!neigh)
1346 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1347 skb->dev, 1);
1348 if (neigh) {
1349 u8 *lladdr = NULL;
1350 if (ndopts.nd_opts_src_lladdr) {
1351 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1352 skb->dev);
1353 if (!lladdr) {
1354 ND_PRINTK(2, warn,
1355 "RA: invalid link-layer address length\n");
1356 goto out;
1357 }
1358 }
1359 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1360 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1361 NEIGH_UPDATE_F_OVERRIDE|
1362 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1363 NEIGH_UPDATE_F_ISROUTER,
1364 NDISC_ROUTER_ADVERTISEMENT, &ndopts);
1365 }
1366
1367 if (!ipv6_accept_ra(in6_dev)) {
1368 ND_PRINTK(2, info,
1369 "RA: %s, accept_ra is false for dev: %s\n",
1370 __func__, skb->dev->name);
1371 goto out;
1372 }
1373
1374 #ifdef CONFIG_IPV6_ROUTE_INFO
1375 if (!in6_dev->cnf.accept_ra_from_local &&
1376 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
1377 in6_dev->dev, 0)) {
1378 ND_PRINTK(2, info,
1379 "RA from local address detected on dev: %s: router info ignored.\n",
1380 skb->dev->name);
1381 goto skip_routeinfo;
1382 }
1383
1384 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1385 struct nd_opt_hdr *p;
1386 for (p = ndopts.nd_opts_ri;
1387 p;
1388 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1389 struct route_info *ri = (struct route_info *)p;
1390 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1391 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1392 ri->prefix_len == 0)
1393 continue;
1394 #endif
1395 if (ri->prefix_len == 0 &&
1396 !in6_dev->cnf.accept_ra_defrtr)
1397 continue;
1398 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1399 continue;
1400 rt6_route_rcv(skb->dev, (u8 *)p, (p->nd_opt_len) << 3,
1401 &ipv6_hdr(skb)->saddr);
1402 }
1403 }
1404
1405 skip_routeinfo:
1406 #endif
1407
1408 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1409 /* skip link-specific ndopts from interior routers */
1410 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1411 ND_PRINTK(2, info,
1412 "RA: %s, nodetype is NODEFAULT (interior routes), dev: %s\n",
1413 __func__, skb->dev->name);
1414 goto out;
1415 }
1416 #endif
1417
1418 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1419 struct nd_opt_hdr *p;
1420 for (p = ndopts.nd_opts_pi;
1421 p;
1422 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1423 addrconf_prefix_rcv(skb->dev, (u8 *)p,
1424 (p->nd_opt_len) << 3,
1425 ndopts.nd_opts_src_lladdr != NULL);
1426 }
1427 }
1428
1429 if (ndopts.nd_opts_mtu && in6_dev->cnf.accept_ra_mtu) {
1430 __be32 n;
1431 u32 mtu;
1432
1433 memcpy(&n, ((u8 *)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1434 mtu = ntohl(n);
1435
1436 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1437 ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1438 } else if (in6_dev->cnf.mtu6 != mtu) {
1439 in6_dev->cnf.mtu6 = mtu;
1440
1441 if (rt)
1442 dst_metric_set(&rt->dst, RTAX_MTU, mtu);
1443
1444 rt6_mtu_change(skb->dev, mtu);
1445 }
1446 }
1447
1448 if (ndopts.nd_useropts) {
1449 struct nd_opt_hdr *p;
1450 for (p = ndopts.nd_useropts;
1451 p;
1452 p = ndisc_next_useropt(skb->dev, p,
1453 ndopts.nd_useropts_end)) {
1454 ndisc_ra_useropt(skb, p);
1455 }
1456 }
1457
1458 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1459 ND_PRINTK(2, warn, "RA: invalid RA options\n");
1460 }
1461 out:
1462 ip6_rt_put(rt);
1463 if (neigh)
1464 neigh_release(neigh);
1465 }
1466
1467 static void ndisc_redirect_rcv(struct sk_buff *skb)
1468 {
1469 u8 *hdr;
1470 struct ndisc_options ndopts;
1471 struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb);
1472 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
1473 offsetof(struct rd_msg, opt));
1474
1475 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1476 switch (skb->ndisc_nodetype) {
1477 case NDISC_NODETYPE_HOST:
1478 case NDISC_NODETYPE_NODEFAULT:
1479 ND_PRINTK(2, warn,
1480 "Redirect: from host or unauthorized router\n");
1481 return;
1482 }
1483 #endif
1484
1485 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1486 ND_PRINTK(2, warn,
1487 "Redirect: source address is not link-local\n");
1488 return;
1489 }
1490
1491 if (!ndisc_parse_options(skb->dev, msg->opt, ndoptlen, &ndopts))
1492 return;
1493
1494 if (!ndopts.nd_opts_rh) {
1495 ip6_redirect_no_header(skb, dev_net(skb->dev),
1496 skb->dev->ifindex, 0);
1497 return;
1498 }
1499
1500 hdr = (u8 *)ndopts.nd_opts_rh;
1501 hdr += 8;
1502 if (!pskb_pull(skb, hdr - skb_transport_header(skb)))
1503 return;
1504
1505 icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1506 }
1507
1508 static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb,
1509 struct sk_buff *orig_skb,
1510 int rd_len)
1511 {
1512 u8 *opt = skb_put(skb, rd_len);
1513
1514 memset(opt, 0, 8);
1515 *(opt++) = ND_OPT_REDIRECT_HDR;
1516 *(opt++) = (rd_len >> 3);
1517 opt += 6;
1518
1519 skb_copy_bits(orig_skb, skb_network_offset(orig_skb), opt,
1520 rd_len - 8);
1521 }
1522
1523 void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1524 {
1525 struct net_device *dev = skb->dev;
1526 struct net *net = dev_net(dev);
1527 struct sock *sk = net->ipv6.ndisc_sk;
1528 int optlen = 0;
1529 struct inet_peer *peer;
1530 struct sk_buff *buff;
1531 struct rd_msg *msg;
1532 struct in6_addr saddr_buf;
1533 struct rt6_info *rt;
1534 struct dst_entry *dst;
1535 struct flowi6 fl6;
1536 int rd_len;
1537 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL,
1538 ops_data_buf[NDISC_OPS_REDIRECT_DATA_SPACE], *ops_data = NULL;
1539 bool ret;
1540
1541 if (netif_is_l3_master(skb->dev)) {
1542 dev = __dev_get_by_index(dev_net(skb->dev), IPCB(skb)->iif);
1543 if (!dev)
1544 return;
1545 }
1546
1547 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1548 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1549 dev->name);
1550 return;
1551 }
1552
1553 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1554 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1555 ND_PRINTK(2, warn,
1556 "Redirect: target address is not link-local unicast\n");
1557 return;
1558 }
1559
1560 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1561 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1562
1563 dst = ip6_route_output(net, NULL, &fl6);
1564 if (dst->error) {
1565 dst_release(dst);
1566 return;
1567 }
1568 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1569 if (IS_ERR(dst))
1570 return;
1571
1572 rt = (struct rt6_info *) dst;
1573
1574 if (rt->rt6i_flags & RTF_GATEWAY) {
1575 ND_PRINTK(2, warn,
1576 "Redirect: destination is not a neighbour\n");
1577 goto release;
1578 }
1579 peer = inet_getpeer_v6(net->ipv6.peers, &ipv6_hdr(skb)->saddr, 1);
1580 ret = inet_peer_xrlim_allow(peer, 1*HZ);
1581 if (peer)
1582 inet_putpeer(peer);
1583 if (!ret)
1584 goto release;
1585
1586 if (dev->addr_len) {
1587 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1588 if (!neigh) {
1589 ND_PRINTK(2, warn,
1590 "Redirect: no neigh for target address\n");
1591 goto release;
1592 }
1593
1594 read_lock_bh(&neigh->lock);
1595 if (neigh->nud_state & NUD_VALID) {
1596 memcpy(ha_buf, neigh->ha, dev->addr_len);
1597 read_unlock_bh(&neigh->lock);
1598 ha = ha_buf;
1599 optlen += ndisc_redirect_opt_addr_space(dev, neigh,
1600 ops_data_buf,
1601 &ops_data);
1602 } else
1603 read_unlock_bh(&neigh->lock);
1604
1605 neigh_release(neigh);
1606 }
1607
1608 rd_len = min_t(unsigned int,
1609 IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen,
1610 skb->len + 8);
1611 rd_len &= ~0x7;
1612 optlen += rd_len;
1613
1614 buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
1615 if (!buff)
1616 goto release;
1617
1618 msg = (struct rd_msg *)skb_put(buff, sizeof(*msg));
1619 *msg = (struct rd_msg) {
1620 .icmph = {
1621 .icmp6_type = NDISC_REDIRECT,
1622 },
1623 .target = *target,
1624 .dest = ipv6_hdr(skb)->daddr,
1625 };
1626
1627 /*
1628 * include target_address option
1629 */
1630
1631 if (ha)
1632 ndisc_fill_redirect_addr_option(buff, ha, ops_data);
1633
1634 /*
1635 * build redirect option and copy skb over to the new packet.
1636 */
1637
1638 if (rd_len)
1639 ndisc_fill_redirect_hdr_option(buff, skb, rd_len);
1640
1641 skb_dst_set(buff, dst);
1642 ndisc_send_skb(buff, &ipv6_hdr(skb)->saddr, &saddr_buf);
1643 return;
1644
1645 release:
1646 dst_release(dst);
1647 }
1648
1649 static void pndisc_redo(struct sk_buff *skb)
1650 {
1651 ndisc_recv_ns(skb);
1652 kfree_skb(skb);
1653 }
1654
1655 static bool ndisc_suppress_frag_ndisc(struct sk_buff *skb)
1656 {
1657 struct inet6_dev *idev = __in6_dev_get(skb->dev);
1658
1659 if (!idev)
1660 return true;
1661 if (IP6CB(skb)->flags & IP6SKB_FRAGMENTED &&
1662 idev->cnf.suppress_frag_ndisc) {
1663 net_warn_ratelimited("Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.\n");
1664 return true;
1665 }
1666 return false;
1667 }
1668
1669 int ndisc_rcv(struct sk_buff *skb)
1670 {
1671 struct nd_msg *msg;
1672
1673 if (ndisc_suppress_frag_ndisc(skb))
1674 return 0;
1675
1676 if (skb_linearize(skb))
1677 return 0;
1678
1679 msg = (struct nd_msg *)skb_transport_header(skb);
1680
1681 __skb_push(skb, skb->data - skb_transport_header(skb));
1682
1683 if (ipv6_hdr(skb)->hop_limit != 255) {
1684 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1685 ipv6_hdr(skb)->hop_limit);
1686 return 0;
1687 }
1688
1689 if (msg->icmph.icmp6_code != 0) {
1690 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1691 msg->icmph.icmp6_code);
1692 return 0;
1693 }
1694
1695 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1696
1697 switch (msg->icmph.icmp6_type) {
1698 case NDISC_NEIGHBOUR_SOLICITATION:
1699 ndisc_recv_ns(skb);
1700 break;
1701
1702 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1703 ndisc_recv_na(skb);
1704 break;
1705
1706 case NDISC_ROUTER_SOLICITATION:
1707 ndisc_recv_rs(skb);
1708 break;
1709
1710 case NDISC_ROUTER_ADVERTISEMENT:
1711 ndisc_router_discovery(skb);
1712 break;
1713
1714 case NDISC_REDIRECT:
1715 ndisc_redirect_rcv(skb);
1716 break;
1717 }
1718
1719 return 0;
1720 }
1721
1722 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1723 {
1724 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1725 struct netdev_notifier_change_info *change_info;
1726 struct net *net = dev_net(dev);
1727 struct inet6_dev *idev;
1728
1729 switch (event) {
1730 case NETDEV_CHANGEADDR:
1731 neigh_changeaddr(&nd_tbl, dev);
1732 fib6_run_gc(0, net, false);
1733 /* fallthrough */
1734 case NETDEV_UP:
1735 idev = in6_dev_get(dev);
1736 if (!idev)
1737 break;
1738 if (idev->cnf.ndisc_notify)
1739 ndisc_send_unsol_na(dev);
1740 in6_dev_put(idev);
1741 break;
1742 case NETDEV_CHANGE:
1743 change_info = ptr;
1744 if (change_info->flags_changed & IFF_NOARP)
1745 neigh_changeaddr(&nd_tbl, dev);
1746 break;
1747 case NETDEV_DOWN:
1748 neigh_ifdown(&nd_tbl, dev);
1749 fib6_run_gc(0, net, false);
1750 break;
1751 case NETDEV_NOTIFY_PEERS:
1752 ndisc_send_unsol_na(dev);
1753 break;
1754 default:
1755 break;
1756 }
1757
1758 return NOTIFY_DONE;
1759 }
1760
1761 static struct notifier_block ndisc_netdev_notifier = {
1762 .notifier_call = ndisc_netdev_event,
1763 };
1764
1765 #ifdef CONFIG_SYSCTL
1766 static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1767 const char *func, const char *dev_name)
1768 {
1769 static char warncomm[TASK_COMM_LEN];
1770 static int warned;
1771 if (strcmp(warncomm, current->comm) && warned < 5) {
1772 strcpy(warncomm, current->comm);
1773 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1774 warncomm, func,
1775 dev_name, ctl->procname,
1776 dev_name, ctl->procname);
1777 warned++;
1778 }
1779 }
1780
1781 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
1782 {
1783 struct net_device *dev = ctl->extra1;
1784 struct inet6_dev *idev;
1785 int ret;
1786
1787 if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1788 (strcmp(ctl->procname, "base_reachable_time") == 0))
1789 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1790
1791 if (strcmp(ctl->procname, "retrans_time") == 0)
1792 ret = neigh_proc_dointvec(ctl, write, buffer, lenp, ppos);
1793
1794 else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1795 ret = neigh_proc_dointvec_jiffies(ctl, write,
1796 buffer, lenp, ppos);
1797
1798 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1799 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1800 ret = neigh_proc_dointvec_ms_jiffies(ctl, write,
1801 buffer, lenp, ppos);
1802 else
1803 ret = -1;
1804
1805 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1806 if (ctl->data == &NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME))
1807 idev->nd_parms->reachable_time =
1808 neigh_rand_reach_time(NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME));
1809 idev->tstamp = jiffies;
1810 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1811 in6_dev_put(idev);
1812 }
1813 return ret;
1814 }
1815
1816
1817 #endif
1818
1819 static int __net_init ndisc_net_init(struct net *net)
1820 {
1821 struct ipv6_pinfo *np;
1822 struct sock *sk;
1823 int err;
1824
1825 err = inet_ctl_sock_create(&sk, PF_INET6,
1826 SOCK_RAW, IPPROTO_ICMPV6, net);
1827 if (err < 0) {
1828 ND_PRINTK(0, err,
1829 "NDISC: Failed to initialize the control socket (err %d)\n",
1830 err);
1831 return err;
1832 }
1833
1834 net->ipv6.ndisc_sk = sk;
1835
1836 np = inet6_sk(sk);
1837 np->hop_limit = 255;
1838 /* Do not loopback ndisc messages */
1839 np->mc_loop = 0;
1840
1841 return 0;
1842 }
1843
1844 static void __net_exit ndisc_net_exit(struct net *net)
1845 {
1846 inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1847 }
1848
1849 static struct pernet_operations ndisc_net_ops = {
1850 .init = ndisc_net_init,
1851 .exit = ndisc_net_exit,
1852 };
1853
1854 int __init ndisc_init(void)
1855 {
1856 int err;
1857
1858 err = register_pernet_subsys(&ndisc_net_ops);
1859 if (err)
1860 return err;
1861 /*
1862 * Initialize the neighbour table
1863 */
1864 neigh_table_init(NEIGH_ND_TABLE, &nd_tbl);
1865
1866 #ifdef CONFIG_SYSCTL
1867 err = neigh_sysctl_register(NULL, &nd_tbl.parms,
1868 ndisc_ifinfo_sysctl_change);
1869 if (err)
1870 goto out_unregister_pernet;
1871 out:
1872 #endif
1873 return err;
1874
1875 #ifdef CONFIG_SYSCTL
1876 out_unregister_pernet:
1877 unregister_pernet_subsys(&ndisc_net_ops);
1878 goto out;
1879 #endif
1880 }
1881
1882 int __init ndisc_late_init(void)
1883 {
1884 return register_netdevice_notifier(&ndisc_netdev_notifier);
1885 }
1886
1887 void ndisc_late_cleanup(void)
1888 {
1889 unregister_netdevice_notifier(&ndisc_netdev_notifier);
1890 }
1891
1892 void ndisc_cleanup(void)
1893 {
1894 #ifdef CONFIG_SYSCTL
1895 neigh_sysctl_unregister(&nd_tbl.parms);
1896 #endif
1897 neigh_table_clear(NEIGH_ND_TABLE, &nd_tbl);
1898 unregister_pernet_subsys(&ndisc_net_ops);
1899 }
Linux with added FPC-III support