1 /* 2 * Neighbour Discovery for IPv6 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * Mike Shaver <shaver@ingenia.com> 8 * 9 * This program is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU General Public License 11 * as published by the Free Software Foundation; either version 12 * 2 of the License, or (at your option) any later version. 13 */ 14 15 /* 16 * Changes: 17 * 18 * Pierre Ynard : export userland ND options 19 * through netlink (RDNSS support) 20 * Lars Fenneberg : fixed MTU setting on receipt 21 * of an RA. 22 * Janos Farkas : kmalloc failure checks 23 * Alexey Kuznetsov : state machine reworked 24 * and moved to net/core. 25 * Pekka Savola : RFC2461 validation 26 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly 27 */ 28 29 /* Set to 3 to get tracing... */ 30 #define ND_DEBUG 1 31 32 #define ND_PRINTK(fmt, args...) do { if (net_ratelimit()) { printk(fmt, ## args); } } while(0) 33 #define ND_NOPRINTK(x...) do { ; } while(0) 34 #define ND_PRINTK0 ND_PRINTK 35 #define ND_PRINTK1 ND_NOPRINTK 36 #define ND_PRINTK2 ND_NOPRINTK 37 #define ND_PRINTK3 ND_NOPRINTK 38 #if ND_DEBUG >= 1 39 #undef ND_PRINTK1 40 #define ND_PRINTK1 ND_PRINTK 41 #endif 42 #if ND_DEBUG >= 2 43 #undef ND_PRINTK2 44 #define ND_PRINTK2 ND_PRINTK 45 #endif 46 #if ND_DEBUG >= 3 47 #undef ND_PRINTK3 48 #define ND_PRINTK3 ND_PRINTK 49 #endif 50 51 #include <linux/module.h> 52 #include <linux/errno.h> 53 #include <linux/types.h> 54 #include <linux/socket.h> 55 #include <linux/sockios.h> 56 #include <linux/sched.h> 57 #include <linux/net.h> 58 #include <linux/in6.h> 59 #include <linux/route.h> 60 #include <linux/init.h> 61 #include <linux/rcupdate.h> 62 #include <linux/slab.h> 63 #ifdef CONFIG_SYSCTL 64 #include <linux/sysctl.h> 65 #endif 66 67 #include <linux/if_addr.h> 68 #include <linux/if_arp.h> 69 #include <linux/ipv6.h> 70 #include <linux/icmpv6.h> 71 #include <linux/jhash.h> 72 73 #include <net/sock.h> 74 #include <net/snmp.h> 75 76 #include <net/ipv6.h> 77 #include <net/protocol.h> 78 #include <net/ndisc.h> 79 #include <net/ip6_route.h> 80 #include <net/addrconf.h> 81 #include <net/icmp.h> 82 83 #include <net/netlink.h> 84 #include <linux/rtnetlink.h> 85 86 #include <net/flow.h> 87 #include <net/ip6_checksum.h> 88 #include <net/inet_common.h> 89 #include <linux/proc_fs.h> 90 91 #include <linux/netfilter.h> 92 #include <linux/netfilter_ipv6.h> 93 94 static u32 ndisc_hash(const void *pkey, 95 const struct net_device *dev, 96 __u32 rnd); 97 static int ndisc_constructor(struct neighbour *neigh); 98 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb); 99 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb); 100 static int pndisc_constructor(struct pneigh_entry *n); 101 static void pndisc_destructor(struct pneigh_entry *n); 102 static void pndisc_redo(struct sk_buff *skb); 103 104 static const struct neigh_ops ndisc_generic_ops = { 105 .family = AF_INET6, 106 .solicit = ndisc_solicit, 107 .error_report = ndisc_error_report, 108 .output = neigh_resolve_output, 109 .connected_output = neigh_connected_output, 110 }; 111 112 static const struct neigh_ops ndisc_hh_ops = { 113 .family = AF_INET6, 114 .solicit = ndisc_solicit, 115 .error_report = ndisc_error_report, 116 .output = neigh_resolve_output, 117 .connected_output = neigh_resolve_output, 118 }; 119 120 121 static const struct neigh_ops ndisc_direct_ops = { 122 .family = AF_INET6, 123 .output = neigh_direct_output, 124 .connected_output = neigh_direct_output, 125 }; 126 127 struct neigh_table nd_tbl = { 128 .family = AF_INET6, 129 .key_len = sizeof(struct in6_addr), 130 .hash = ndisc_hash, 131 .constructor = ndisc_constructor, 132 .pconstructor = pndisc_constructor, 133 .pdestructor = pndisc_destructor, 134 .proxy_redo = pndisc_redo, 135 .id = "ndisc_cache", 136 .parms = { 137 .tbl = &nd_tbl, 138 .base_reachable_time = ND_REACHABLE_TIME, 139 .retrans_time = ND_RETRANS_TIMER, 140 .gc_staletime = 60 * HZ, 141 .reachable_time = ND_REACHABLE_TIME, 142 .delay_probe_time = 5 * HZ, 143 .queue_len_bytes = 64*1024, 144 .ucast_probes = 3, 145 .mcast_probes = 3, 146 .anycast_delay = 1 * HZ, 147 .proxy_delay = (8 * HZ) / 10, 148 .proxy_qlen = 64, 149 }, 150 .gc_interval = 30 * HZ, 151 .gc_thresh1 = 128, 152 .gc_thresh2 = 512, 153 .gc_thresh3 = 1024, 154 }; 155 156 /* ND options */ 157 struct ndisc_options { 158 struct nd_opt_hdr *nd_opt_array[__ND_OPT_ARRAY_MAX]; 159 #ifdef CONFIG_IPV6_ROUTE_INFO 160 struct nd_opt_hdr *nd_opts_ri; 161 struct nd_opt_hdr *nd_opts_ri_end; 162 #endif 163 struct nd_opt_hdr *nd_useropts; 164 struct nd_opt_hdr *nd_useropts_end; 165 }; 166 167 #define nd_opts_src_lladdr nd_opt_array[ND_OPT_SOURCE_LL_ADDR] 168 #define nd_opts_tgt_lladdr nd_opt_array[ND_OPT_TARGET_LL_ADDR] 169 #define nd_opts_pi nd_opt_array[ND_OPT_PREFIX_INFO] 170 #define nd_opts_pi_end nd_opt_array[__ND_OPT_PREFIX_INFO_END] 171 #define nd_opts_rh nd_opt_array[ND_OPT_REDIRECT_HDR] 172 #define nd_opts_mtu nd_opt_array[ND_OPT_MTU] 173 174 #define NDISC_OPT_SPACE(len) (((len)+2+7)&~7) 175 176 /* 177 * Return the padding between the option length and the start of the 178 * link addr. Currently only IP-over-InfiniBand needs this, although 179 * if RFC 3831 IPv6-over-Fibre Channel is ever implemented it may 180 * also need a pad of 2. 181 */ 182 static int ndisc_addr_option_pad(unsigned short type) 183 { 184 switch (type) { 185 case ARPHRD_INFINIBAND: return 2; 186 default: return 0; 187 } 188 } 189 190 static inline int ndisc_opt_addr_space(struct net_device *dev) 191 { 192 return NDISC_OPT_SPACE(dev->addr_len + ndisc_addr_option_pad(dev->type)); 193 } 194 195 static u8 *ndisc_fill_addr_option(u8 *opt, int type, void *data, int data_len, 196 unsigned short addr_type) 197 { 198 int space = NDISC_OPT_SPACE(data_len); 199 int pad = ndisc_addr_option_pad(addr_type); 200 201 opt[0] = type; 202 opt[1] = space>>3; 203 204 memset(opt + 2, 0, pad); 205 opt += pad; 206 space -= pad; 207 208 memcpy(opt+2, data, data_len); 209 data_len += 2; 210 opt += data_len; 211 if ((space -= data_len) > 0) 212 memset(opt, 0, space); 213 return opt + space; 214 } 215 216 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur, 217 struct nd_opt_hdr *end) 218 { 219 int type; 220 if (!cur || !end || cur >= end) 221 return NULL; 222 type = cur->nd_opt_type; 223 do { 224 cur = ((void *)cur) + (cur->nd_opt_len << 3); 225 } while(cur < end && cur->nd_opt_type != type); 226 return cur <= end && cur->nd_opt_type == type ? cur : NULL; 227 } 228 229 static inline int ndisc_is_useropt(struct nd_opt_hdr *opt) 230 { 231 return opt->nd_opt_type == ND_OPT_RDNSS; 232 } 233 234 static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur, 235 struct nd_opt_hdr *end) 236 { 237 if (!cur || !end || cur >= end) 238 return NULL; 239 do { 240 cur = ((void *)cur) + (cur->nd_opt_len << 3); 241 } while(cur < end && !ndisc_is_useropt(cur)); 242 return cur <= end && ndisc_is_useropt(cur) ? cur : NULL; 243 } 244 245 static struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len, 246 struct ndisc_options *ndopts) 247 { 248 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt; 249 250 if (!nd_opt || opt_len < 0 || !ndopts) 251 return NULL; 252 memset(ndopts, 0, sizeof(*ndopts)); 253 while (opt_len) { 254 int l; 255 if (opt_len < sizeof(struct nd_opt_hdr)) 256 return NULL; 257 l = nd_opt->nd_opt_len << 3; 258 if (opt_len < l || l == 0) 259 return NULL; 260 switch (nd_opt->nd_opt_type) { 261 case ND_OPT_SOURCE_LL_ADDR: 262 case ND_OPT_TARGET_LL_ADDR: 263 case ND_OPT_MTU: 264 case ND_OPT_REDIRECT_HDR: 265 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) { 266 ND_PRINTK2(KERN_WARNING 267 "%s(): duplicated ND6 option found: type=%d\n", 268 __func__, 269 nd_opt->nd_opt_type); 270 } else { 271 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 272 } 273 break; 274 case ND_OPT_PREFIX_INFO: 275 ndopts->nd_opts_pi_end = nd_opt; 276 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type]) 277 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 278 break; 279 #ifdef CONFIG_IPV6_ROUTE_INFO 280 case ND_OPT_ROUTE_INFO: 281 ndopts->nd_opts_ri_end = nd_opt; 282 if (!ndopts->nd_opts_ri) 283 ndopts->nd_opts_ri = nd_opt; 284 break; 285 #endif 286 default: 287 if (ndisc_is_useropt(nd_opt)) { 288 ndopts->nd_useropts_end = nd_opt; 289 if (!ndopts->nd_useropts) 290 ndopts->nd_useropts = nd_opt; 291 } else { 292 /* 293 * Unknown options must be silently ignored, 294 * to accommodate future extension to the 295 * protocol. 296 */ 297 ND_PRINTK2(KERN_NOTICE 298 "%s(): ignored unsupported option; type=%d, len=%d\n", 299 __func__, 300 nd_opt->nd_opt_type, nd_opt->nd_opt_len); 301 } 302 } 303 opt_len -= l; 304 nd_opt = ((void *)nd_opt) + l; 305 } 306 return ndopts; 307 } 308 309 static inline u8 *ndisc_opt_addr_data(struct nd_opt_hdr *p, 310 struct net_device *dev) 311 { 312 u8 *lladdr = (u8 *)(p + 1); 313 int lladdrlen = p->nd_opt_len << 3; 314 int prepad = ndisc_addr_option_pad(dev->type); 315 if (lladdrlen != NDISC_OPT_SPACE(dev->addr_len + prepad)) 316 return NULL; 317 return lladdr + prepad; 318 } 319 320 int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir) 321 { 322 switch (dev->type) { 323 case ARPHRD_ETHER: 324 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */ 325 case ARPHRD_FDDI: 326 ipv6_eth_mc_map(addr, buf); 327 return 0; 328 case ARPHRD_IEEE802_TR: 329 ipv6_tr_mc_map(addr,buf); 330 return 0; 331 case ARPHRD_ARCNET: 332 ipv6_arcnet_mc_map(addr, buf); 333 return 0; 334 case ARPHRD_INFINIBAND: 335 ipv6_ib_mc_map(addr, dev->broadcast, buf); 336 return 0; 337 case ARPHRD_IPGRE: 338 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf); 339 default: 340 if (dir) { 341 memcpy(buf, dev->broadcast, dev->addr_len); 342 return 0; 343 } 344 } 345 return -EINVAL; 346 } 347 348 EXPORT_SYMBOL(ndisc_mc_map); 349 350 static u32 ndisc_hash(const void *pkey, 351 const struct net_device *dev, 352 __u32 hash_rnd) 353 { 354 const u32 *p32 = pkey; 355 u32 addr_hash, i; 356 357 addr_hash = 0; 358 for (i = 0; i < (sizeof(struct in6_addr) / sizeof(u32)); i++) 359 addr_hash ^= *p32++; 360 361 return jhash_2words(addr_hash, dev->ifindex, hash_rnd); 362 } 363 364 static int ndisc_constructor(struct neighbour *neigh) 365 { 366 struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key; 367 struct net_device *dev = neigh->dev; 368 struct inet6_dev *in6_dev; 369 struct neigh_parms *parms; 370 int is_multicast = ipv6_addr_is_multicast(addr); 371 372 in6_dev = in6_dev_get(dev); 373 if (in6_dev == NULL) { 374 return -EINVAL; 375 } 376 377 parms = in6_dev->nd_parms; 378 __neigh_parms_put(neigh->parms); 379 neigh->parms = neigh_parms_clone(parms); 380 381 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST; 382 if (!dev->header_ops) { 383 neigh->nud_state = NUD_NOARP; 384 neigh->ops = &ndisc_direct_ops; 385 neigh->output = neigh_direct_output; 386 } else { 387 if (is_multicast) { 388 neigh->nud_state = NUD_NOARP; 389 ndisc_mc_map(addr, neigh->ha, dev, 1); 390 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) { 391 neigh->nud_state = NUD_NOARP; 392 memcpy(neigh->ha, dev->dev_addr, dev->addr_len); 393 if (dev->flags&IFF_LOOPBACK) 394 neigh->type = RTN_LOCAL; 395 } else if (dev->flags&IFF_POINTOPOINT) { 396 neigh->nud_state = NUD_NOARP; 397 memcpy(neigh->ha, dev->broadcast, dev->addr_len); 398 } 399 if (dev->header_ops->cache) 400 neigh->ops = &ndisc_hh_ops; 401 else 402 neigh->ops = &ndisc_generic_ops; 403 if (neigh->nud_state&NUD_VALID) 404 neigh->output = neigh->ops->connected_output; 405 else 406 neigh->output = neigh->ops->output; 407 } 408 in6_dev_put(in6_dev); 409 return 0; 410 } 411 412 static int pndisc_constructor(struct pneigh_entry *n) 413 { 414 struct in6_addr *addr = (struct in6_addr*)&n->key; 415 struct in6_addr maddr; 416 struct net_device *dev = n->dev; 417 418 if (dev == NULL || __in6_dev_get(dev) == NULL) 419 return -EINVAL; 420 addrconf_addr_solict_mult(addr, &maddr); 421 ipv6_dev_mc_inc(dev, &maddr); 422 return 0; 423 } 424 425 static void pndisc_destructor(struct pneigh_entry *n) 426 { 427 struct in6_addr *addr = (struct in6_addr*)&n->key; 428 struct in6_addr maddr; 429 struct net_device *dev = n->dev; 430 431 if (dev == NULL || __in6_dev_get(dev) == NULL) 432 return; 433 addrconf_addr_solict_mult(addr, &maddr); 434 ipv6_dev_mc_dec(dev, &maddr); 435 } 436 437 struct sk_buff *ndisc_build_skb(struct net_device *dev, 438 const struct in6_addr *daddr, 439 const struct in6_addr *saddr, 440 struct icmp6hdr *icmp6h, 441 const struct in6_addr *target, 442 int llinfo) 443 { 444 struct net *net = dev_net(dev); 445 struct sock *sk = net->ipv6.ndisc_sk; 446 struct sk_buff *skb; 447 struct icmp6hdr *hdr; 448 int hlen = LL_RESERVED_SPACE(dev); 449 int tlen = dev->needed_tailroom; 450 int len; 451 int err; 452 u8 *opt; 453 454 if (!dev->addr_len) 455 llinfo = 0; 456 457 len = sizeof(struct icmp6hdr) + (target ? sizeof(*target) : 0); 458 if (llinfo) 459 len += ndisc_opt_addr_space(dev); 460 461 skb = sock_alloc_send_skb(sk, 462 (MAX_HEADER + sizeof(struct ipv6hdr) + 463 len + hlen + tlen), 464 1, &err); 465 if (!skb) { 466 ND_PRINTK0(KERN_ERR 467 "ICMPv6 ND: %s() failed to allocate an skb, err=%d.\n", 468 __func__, err); 469 return NULL; 470 } 471 472 skb_reserve(skb, hlen); 473 ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len); 474 475 skb->transport_header = skb->tail; 476 skb_put(skb, len); 477 478 hdr = (struct icmp6hdr *)skb_transport_header(skb); 479 memcpy(hdr, icmp6h, sizeof(*hdr)); 480 481 opt = skb_transport_header(skb) + sizeof(struct icmp6hdr); 482 if (target) { 483 *(struct in6_addr *)opt = *target; 484 opt += sizeof(*target); 485 } 486 487 if (llinfo) 488 ndisc_fill_addr_option(opt, llinfo, dev->dev_addr, 489 dev->addr_len, dev->type); 490 491 hdr->icmp6_cksum = csum_ipv6_magic(saddr, daddr, len, 492 IPPROTO_ICMPV6, 493 csum_partial(hdr, 494 len, 0)); 495 496 return skb; 497 } 498 499 EXPORT_SYMBOL(ndisc_build_skb); 500 501 void ndisc_send_skb(struct sk_buff *skb, 502 struct net_device *dev, 503 struct neighbour *neigh, 504 const struct in6_addr *daddr, 505 const struct in6_addr *saddr, 506 struct icmp6hdr *icmp6h) 507 { 508 struct flowi6 fl6; 509 struct dst_entry *dst; 510 struct net *net = dev_net(dev); 511 struct sock *sk = net->ipv6.ndisc_sk; 512 struct inet6_dev *idev; 513 int err; 514 u8 type; 515 516 type = icmp6h->icmp6_type; 517 518 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, dev->ifindex); 519 dst = icmp6_dst_alloc(dev, neigh, &fl6); 520 if (IS_ERR(dst)) { 521 kfree_skb(skb); 522 return; 523 } 524 525 skb_dst_set(skb, dst); 526 527 rcu_read_lock(); 528 idev = __in6_dev_get(dst->dev); 529 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len); 530 531 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev, 532 dst_output); 533 if (!err) { 534 ICMP6MSGOUT_INC_STATS(net, idev, type); 535 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS); 536 } 537 538 rcu_read_unlock(); 539 } 540 541 EXPORT_SYMBOL(ndisc_send_skb); 542 543 /* 544 * Send a Neighbour Discover packet 545 */ 546 static void __ndisc_send(struct net_device *dev, 547 struct neighbour *neigh, 548 const struct in6_addr *daddr, 549 const struct in6_addr *saddr, 550 struct icmp6hdr *icmp6h, const struct in6_addr *target, 551 int llinfo) 552 { 553 struct sk_buff *skb; 554 555 skb = ndisc_build_skb(dev, daddr, saddr, icmp6h, target, llinfo); 556 if (!skb) 557 return; 558 559 ndisc_send_skb(skb, dev, neigh, daddr, saddr, icmp6h); 560 } 561 562 static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh, 563 const struct in6_addr *daddr, 564 const struct in6_addr *solicited_addr, 565 int router, int solicited, int override, int inc_opt) 566 { 567 struct in6_addr tmpaddr; 568 struct inet6_ifaddr *ifp; 569 const struct in6_addr *src_addr; 570 struct icmp6hdr icmp6h = { 571 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT, 572 }; 573 574 /* for anycast or proxy, solicited_addr != src_addr */ 575 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1); 576 if (ifp) { 577 src_addr = solicited_addr; 578 if (ifp->flags & IFA_F_OPTIMISTIC) 579 override = 0; 580 inc_opt |= ifp->idev->cnf.force_tllao; 581 in6_ifa_put(ifp); 582 } else { 583 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr, 584 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs, 585 &tmpaddr)) 586 return; 587 src_addr = &tmpaddr; 588 } 589 590 icmp6h.icmp6_router = router; 591 icmp6h.icmp6_solicited = solicited; 592 icmp6h.icmp6_override = override; 593 594 __ndisc_send(dev, neigh, daddr, src_addr, 595 &icmp6h, solicited_addr, 596 inc_opt ? ND_OPT_TARGET_LL_ADDR : 0); 597 } 598 599 static void ndisc_send_unsol_na(struct net_device *dev) 600 { 601 struct inet6_dev *idev; 602 struct inet6_ifaddr *ifa; 603 struct in6_addr mcaddr; 604 605 idev = in6_dev_get(dev); 606 if (!idev) 607 return; 608 609 read_lock_bh(&idev->lock); 610 list_for_each_entry(ifa, &idev->addr_list, if_list) { 611 addrconf_addr_solict_mult(&ifa->addr, &mcaddr); 612 ndisc_send_na(dev, NULL, &mcaddr, &ifa->addr, 613 /*router=*/ !!idev->cnf.forwarding, 614 /*solicited=*/ false, /*override=*/ true, 615 /*inc_opt=*/ true); 616 } 617 read_unlock_bh(&idev->lock); 618 619 in6_dev_put(idev); 620 } 621 622 void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh, 623 const struct in6_addr *solicit, 624 const struct in6_addr *daddr, const struct in6_addr *saddr) 625 { 626 struct in6_addr addr_buf; 627 struct icmp6hdr icmp6h = { 628 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION, 629 }; 630 631 if (saddr == NULL) { 632 if (ipv6_get_lladdr(dev, &addr_buf, 633 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))) 634 return; 635 saddr = &addr_buf; 636 } 637 638 __ndisc_send(dev, neigh, daddr, saddr, 639 &icmp6h, solicit, 640 !ipv6_addr_any(saddr) ? ND_OPT_SOURCE_LL_ADDR : 0); 641 } 642 643 void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr, 644 const struct in6_addr *daddr) 645 { 646 struct icmp6hdr icmp6h = { 647 .icmp6_type = NDISC_ROUTER_SOLICITATION, 648 }; 649 int send_sllao = dev->addr_len; 650 651 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD 652 /* 653 * According to section 2.2 of RFC 4429, we must not 654 * send router solicitations with a sllao from 655 * optimistic addresses, but we may send the solicitation 656 * if we don't include the sllao. So here we check 657 * if our address is optimistic, and if so, we 658 * suppress the inclusion of the sllao. 659 */ 660 if (send_sllao) { 661 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr, 662 dev, 1); 663 if (ifp) { 664 if (ifp->flags & IFA_F_OPTIMISTIC) { 665 send_sllao = 0; 666 } 667 in6_ifa_put(ifp); 668 } else { 669 send_sllao = 0; 670 } 671 } 672 #endif 673 __ndisc_send(dev, NULL, daddr, saddr, 674 &icmp6h, NULL, 675 send_sllao ? ND_OPT_SOURCE_LL_ADDR : 0); 676 } 677 678 679 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb) 680 { 681 /* 682 * "The sender MUST return an ICMP 683 * destination unreachable" 684 */ 685 dst_link_failure(skb); 686 kfree_skb(skb); 687 } 688 689 /* Called with locked neigh: either read or both */ 690 691 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb) 692 { 693 struct in6_addr *saddr = NULL; 694 struct in6_addr mcaddr; 695 struct net_device *dev = neigh->dev; 696 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key; 697 int probes = atomic_read(&neigh->probes); 698 699 if (skb && ipv6_chk_addr(dev_net(dev), &ipv6_hdr(skb)->saddr, dev, 1)) 700 saddr = &ipv6_hdr(skb)->saddr; 701 702 if ((probes -= neigh->parms->ucast_probes) < 0) { 703 if (!(neigh->nud_state & NUD_VALID)) { 704 ND_PRINTK1(KERN_DEBUG "%s(): trying to ucast probe in NUD_INVALID: %pI6\n", 705 __func__, target); 706 } 707 ndisc_send_ns(dev, neigh, target, target, saddr); 708 } else if ((probes -= neigh->parms->app_probes) < 0) { 709 #ifdef CONFIG_ARPD 710 neigh_app_ns(neigh); 711 #endif 712 } else { 713 addrconf_addr_solict_mult(target, &mcaddr); 714 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr); 715 } 716 } 717 718 static int pndisc_is_router(const void *pkey, 719 struct net_device *dev) 720 { 721 struct pneigh_entry *n; 722 int ret = -1; 723 724 read_lock_bh(&nd_tbl.lock); 725 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev); 726 if (n) 727 ret = !!(n->flags & NTF_ROUTER); 728 read_unlock_bh(&nd_tbl.lock); 729 730 return ret; 731 } 732 733 static void ndisc_recv_ns(struct sk_buff *skb) 734 { 735 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb); 736 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 737 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr; 738 u8 *lladdr = NULL; 739 u32 ndoptlen = skb->tail - (skb->transport_header + 740 offsetof(struct nd_msg, opt)); 741 struct ndisc_options ndopts; 742 struct net_device *dev = skb->dev; 743 struct inet6_ifaddr *ifp; 744 struct inet6_dev *idev = NULL; 745 struct neighbour *neigh; 746 int dad = ipv6_addr_any(saddr); 747 int inc; 748 int is_router = -1; 749 750 if (ipv6_addr_is_multicast(&msg->target)) { 751 ND_PRINTK2(KERN_WARNING 752 "ICMPv6 NS: multicast target address"); 753 return; 754 } 755 756 /* 757 * RFC2461 7.1.1: 758 * DAD has to be destined for solicited node multicast address. 759 */ 760 if (dad && 761 !(daddr->s6_addr32[0] == htonl(0xff020000) && 762 daddr->s6_addr32[1] == htonl(0x00000000) && 763 daddr->s6_addr32[2] == htonl(0x00000001) && 764 daddr->s6_addr [12] == 0xff )) { 765 ND_PRINTK2(KERN_WARNING 766 "ICMPv6 NS: bad DAD packet (wrong destination)\n"); 767 return; 768 } 769 770 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) { 771 ND_PRINTK2(KERN_WARNING 772 "ICMPv6 NS: invalid ND options\n"); 773 return; 774 } 775 776 if (ndopts.nd_opts_src_lladdr) { 777 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev); 778 if (!lladdr) { 779 ND_PRINTK2(KERN_WARNING 780 "ICMPv6 NS: invalid link-layer address length\n"); 781 return; 782 } 783 784 /* RFC2461 7.1.1: 785 * If the IP source address is the unspecified address, 786 * there MUST NOT be source link-layer address option 787 * in the message. 788 */ 789 if (dad) { 790 ND_PRINTK2(KERN_WARNING 791 "ICMPv6 NS: bad DAD packet (link-layer address option)\n"); 792 return; 793 } 794 } 795 796 inc = ipv6_addr_is_multicast(daddr); 797 798 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1); 799 if (ifp) { 800 801 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) { 802 if (dad) { 803 if (dev->type == ARPHRD_IEEE802_TR) { 804 const unsigned char *sadr; 805 sadr = skb_mac_header(skb); 806 if (((sadr[8] ^ dev->dev_addr[0]) & 0x7f) == 0 && 807 sadr[9] == dev->dev_addr[1] && 808 sadr[10] == dev->dev_addr[2] && 809 sadr[11] == dev->dev_addr[3] && 810 sadr[12] == dev->dev_addr[4] && 811 sadr[13] == dev->dev_addr[5]) { 812 /* looped-back to us */ 813 goto out; 814 } 815 } 816 817 /* 818 * We are colliding with another node 819 * who is doing DAD 820 * so fail our DAD process 821 */ 822 addrconf_dad_failure(ifp); 823 return; 824 } else { 825 /* 826 * This is not a dad solicitation. 827 * If we are an optimistic node, 828 * we should respond. 829 * Otherwise, we should ignore it. 830 */ 831 if (!(ifp->flags & IFA_F_OPTIMISTIC)) 832 goto out; 833 } 834 } 835 836 idev = ifp->idev; 837 } else { 838 struct net *net = dev_net(dev); 839 840 idev = in6_dev_get(dev); 841 if (!idev) { 842 /* XXX: count this drop? */ 843 return; 844 } 845 846 if (ipv6_chk_acast_addr(net, dev, &msg->target) || 847 (idev->cnf.forwarding && 848 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) && 849 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) { 850 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) && 851 skb->pkt_type != PACKET_HOST && 852 inc != 0 && 853 idev->nd_parms->proxy_delay != 0) { 854 /* 855 * for anycast or proxy, 856 * sender should delay its response 857 * by a random time between 0 and 858 * MAX_ANYCAST_DELAY_TIME seconds. 859 * (RFC2461) -- yoshfuji 860 */ 861 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC); 862 if (n) 863 pneigh_enqueue(&nd_tbl, idev->nd_parms, n); 864 goto out; 865 } 866 } else 867 goto out; 868 } 869 870 if (is_router < 0) 871 is_router = !!idev->cnf.forwarding; 872 873 if (dad) { 874 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &msg->target, 875 is_router, 0, (ifp != NULL), 1); 876 goto out; 877 } 878 879 if (inc) 880 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast); 881 else 882 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast); 883 884 /* 885 * update / create cache entry 886 * for the source address 887 */ 888 neigh = __neigh_lookup(&nd_tbl, saddr, dev, 889 !inc || lladdr || !dev->addr_len); 890 if (neigh) 891 neigh_update(neigh, lladdr, NUD_STALE, 892 NEIGH_UPDATE_F_WEAK_OVERRIDE| 893 NEIGH_UPDATE_F_OVERRIDE); 894 if (neigh || !dev->header_ops) { 895 ndisc_send_na(dev, neigh, saddr, &msg->target, 896 is_router, 897 1, (ifp != NULL && inc), inc); 898 if (neigh) 899 neigh_release(neigh); 900 } 901 902 out: 903 if (ifp) 904 in6_ifa_put(ifp); 905 else 906 in6_dev_put(idev); 907 } 908 909 static void ndisc_recv_na(struct sk_buff *skb) 910 { 911 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb); 912 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 913 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr; 914 u8 *lladdr = NULL; 915 u32 ndoptlen = skb->tail - (skb->transport_header + 916 offsetof(struct nd_msg, opt)); 917 struct ndisc_options ndopts; 918 struct net_device *dev = skb->dev; 919 struct inet6_ifaddr *ifp; 920 struct neighbour *neigh; 921 922 if (skb->len < sizeof(struct nd_msg)) { 923 ND_PRINTK2(KERN_WARNING 924 "ICMPv6 NA: packet too short\n"); 925 return; 926 } 927 928 if (ipv6_addr_is_multicast(&msg->target)) { 929 ND_PRINTK2(KERN_WARNING 930 "ICMPv6 NA: target address is multicast.\n"); 931 return; 932 } 933 934 if (ipv6_addr_is_multicast(daddr) && 935 msg->icmph.icmp6_solicited) { 936 ND_PRINTK2(KERN_WARNING 937 "ICMPv6 NA: solicited NA is multicasted.\n"); 938 return; 939 } 940 941 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) { 942 ND_PRINTK2(KERN_WARNING 943 "ICMPv6 NS: invalid ND option\n"); 944 return; 945 } 946 if (ndopts.nd_opts_tgt_lladdr) { 947 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev); 948 if (!lladdr) { 949 ND_PRINTK2(KERN_WARNING 950 "ICMPv6 NA: invalid link-layer address length\n"); 951 return; 952 } 953 } 954 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1); 955 if (ifp) { 956 if (skb->pkt_type != PACKET_LOOPBACK 957 && (ifp->flags & IFA_F_TENTATIVE)) { 958 addrconf_dad_failure(ifp); 959 return; 960 } 961 /* What should we make now? The advertisement 962 is invalid, but ndisc specs say nothing 963 about it. It could be misconfiguration, or 964 an smart proxy agent tries to help us :-) 965 966 We should not print the error if NA has been 967 received from loopback - it is just our own 968 unsolicited advertisement. 969 */ 970 if (skb->pkt_type != PACKET_LOOPBACK) 971 ND_PRINTK1(KERN_WARNING 972 "ICMPv6 NA: someone advertises our address %pI6 on %s!\n", 973 &ifp->addr, ifp->idev->dev->name); 974 in6_ifa_put(ifp); 975 return; 976 } 977 neigh = neigh_lookup(&nd_tbl, &msg->target, dev); 978 979 if (neigh) { 980 u8 old_flags = neigh->flags; 981 struct net *net = dev_net(dev); 982 983 if (neigh->nud_state & NUD_FAILED) 984 goto out; 985 986 /* 987 * Don't update the neighbor cache entry on a proxy NA from 988 * ourselves because either the proxied node is off link or it 989 * has already sent a NA to us. 990 */ 991 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) && 992 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp && 993 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) { 994 /* XXX: idev->cnf.prixy_ndp */ 995 goto out; 996 } 997 998 neigh_update(neigh, lladdr, 999 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE, 1000 NEIGH_UPDATE_F_WEAK_OVERRIDE| 1001 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)| 1002 NEIGH_UPDATE_F_OVERRIDE_ISROUTER| 1003 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0)); 1004 1005 if ((old_flags & ~neigh->flags) & NTF_ROUTER) { 1006 /* 1007 * Change: router to host 1008 */ 1009 struct rt6_info *rt; 1010 rt = rt6_get_dflt_router(saddr, dev); 1011 if (rt) 1012 ip6_del_rt(rt); 1013 } 1014 1015 out: 1016 neigh_release(neigh); 1017 } 1018 } 1019 1020 static void ndisc_recv_rs(struct sk_buff *skb) 1021 { 1022 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb); 1023 unsigned long ndoptlen = skb->len - sizeof(*rs_msg); 1024 struct neighbour *neigh; 1025 struct inet6_dev *idev; 1026 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 1027 struct ndisc_options ndopts; 1028 u8 *lladdr = NULL; 1029 1030 if (skb->len < sizeof(*rs_msg)) 1031 return; 1032 1033 idev = __in6_dev_get(skb->dev); 1034 if (!idev) { 1035 if (net_ratelimit()) 1036 ND_PRINTK1("ICMP6 RS: can't find in6 device\n"); 1037 return; 1038 } 1039 1040 /* Don't accept RS if we're not in router mode */ 1041 if (!idev->cnf.forwarding) 1042 goto out; 1043 1044 /* 1045 * Don't update NCE if src = ::; 1046 * this implies that the source node has no ip address assigned yet. 1047 */ 1048 if (ipv6_addr_any(saddr)) 1049 goto out; 1050 1051 /* Parse ND options */ 1052 if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) { 1053 if (net_ratelimit()) 1054 ND_PRINTK2("ICMP6 NS: invalid ND option, ignored\n"); 1055 goto out; 1056 } 1057 1058 if (ndopts.nd_opts_src_lladdr) { 1059 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, 1060 skb->dev); 1061 if (!lladdr) 1062 goto out; 1063 } 1064 1065 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1); 1066 if (neigh) { 1067 neigh_update(neigh, lladdr, NUD_STALE, 1068 NEIGH_UPDATE_F_WEAK_OVERRIDE| 1069 NEIGH_UPDATE_F_OVERRIDE| 1070 NEIGH_UPDATE_F_OVERRIDE_ISROUTER); 1071 neigh_release(neigh); 1072 } 1073 out: 1074 return; 1075 } 1076 1077 static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt) 1078 { 1079 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra); 1080 struct sk_buff *skb; 1081 struct nlmsghdr *nlh; 1082 struct nduseroptmsg *ndmsg; 1083 struct net *net = dev_net(ra->dev); 1084 int err; 1085 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg) 1086 + (opt->nd_opt_len << 3)); 1087 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr)); 1088 1089 skb = nlmsg_new(msg_size, GFP_ATOMIC); 1090 if (skb == NULL) { 1091 err = -ENOBUFS; 1092 goto errout; 1093 } 1094 1095 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0); 1096 if (nlh == NULL) { 1097 goto nla_put_failure; 1098 } 1099 1100 ndmsg = nlmsg_data(nlh); 1101 ndmsg->nduseropt_family = AF_INET6; 1102 ndmsg->nduseropt_ifindex = ra->dev->ifindex; 1103 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type; 1104 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code; 1105 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3; 1106 1107 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3); 1108 1109 NLA_PUT(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr), 1110 &ipv6_hdr(ra)->saddr); 1111 nlmsg_end(skb, nlh); 1112 1113 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC); 1114 return; 1115 1116 nla_put_failure: 1117 nlmsg_free(skb); 1118 err = -EMSGSIZE; 1119 errout: 1120 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err); 1121 } 1122 1123 static inline int accept_ra(struct inet6_dev *in6_dev) 1124 { 1125 /* 1126 * If forwarding is enabled, RA are not accepted unless the special 1127 * hybrid mode (accept_ra=2) is enabled. 1128 */ 1129 if (in6_dev->cnf.forwarding && in6_dev->cnf.accept_ra < 2) 1130 return 0; 1131 1132 return in6_dev->cnf.accept_ra; 1133 } 1134 1135 static void ndisc_router_discovery(struct sk_buff *skb) 1136 { 1137 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb); 1138 struct neighbour *neigh = NULL; 1139 struct inet6_dev *in6_dev; 1140 struct rt6_info *rt = NULL; 1141 int lifetime; 1142 struct ndisc_options ndopts; 1143 int optlen; 1144 unsigned int pref = 0; 1145 1146 __u8 * opt = (__u8 *)(ra_msg + 1); 1147 1148 optlen = (skb->tail - skb->transport_header) - sizeof(struct ra_msg); 1149 1150 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) { 1151 ND_PRINTK2(KERN_WARNING 1152 "ICMPv6 RA: source address is not link-local.\n"); 1153 return; 1154 } 1155 if (optlen < 0) { 1156 ND_PRINTK2(KERN_WARNING 1157 "ICMPv6 RA: packet too short\n"); 1158 return; 1159 } 1160 1161 #ifdef CONFIG_IPV6_NDISC_NODETYPE 1162 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) { 1163 ND_PRINTK2(KERN_WARNING 1164 "ICMPv6 RA: from host or unauthorized router\n"); 1165 return; 1166 } 1167 #endif 1168 1169 /* 1170 * set the RA_RECV flag in the interface 1171 */ 1172 1173 in6_dev = __in6_dev_get(skb->dev); 1174 if (in6_dev == NULL) { 1175 ND_PRINTK0(KERN_ERR 1176 "ICMPv6 RA: can't find inet6 device for %s.\n", 1177 skb->dev->name); 1178 return; 1179 } 1180 1181 if (!ndisc_parse_options(opt, optlen, &ndopts)) { 1182 ND_PRINTK2(KERN_WARNING 1183 "ICMP6 RA: invalid ND options\n"); 1184 return; 1185 } 1186 1187 if (!accept_ra(in6_dev)) 1188 goto skip_linkparms; 1189 1190 #ifdef CONFIG_IPV6_NDISC_NODETYPE 1191 /* skip link-specific parameters from interior routers */ 1192 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) 1193 goto skip_linkparms; 1194 #endif 1195 1196 if (in6_dev->if_flags & IF_RS_SENT) { 1197 /* 1198 * flag that an RA was received after an RS was sent 1199 * out on this interface. 1200 */ 1201 in6_dev->if_flags |= IF_RA_RCVD; 1202 } 1203 1204 /* 1205 * Remember the managed/otherconf flags from most recently 1206 * received RA message (RFC 2462) -- yoshfuji 1207 */ 1208 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED | 1209 IF_RA_OTHERCONF)) | 1210 (ra_msg->icmph.icmp6_addrconf_managed ? 1211 IF_RA_MANAGED : 0) | 1212 (ra_msg->icmph.icmp6_addrconf_other ? 1213 IF_RA_OTHERCONF : 0); 1214 1215 if (!in6_dev->cnf.accept_ra_defrtr) 1216 goto skip_defrtr; 1217 1218 if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0)) 1219 goto skip_defrtr; 1220 1221 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime); 1222 1223 #ifdef CONFIG_IPV6_ROUTER_PREF 1224 pref = ra_msg->icmph.icmp6_router_pref; 1225 /* 10b is handled as if it were 00b (medium) */ 1226 if (pref == ICMPV6_ROUTER_PREF_INVALID || 1227 !in6_dev->cnf.accept_ra_rtr_pref) 1228 pref = ICMPV6_ROUTER_PREF_MEDIUM; 1229 #endif 1230 1231 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev); 1232 1233 if (rt) 1234 neigh = dst_get_neighbour_noref(&rt->dst); 1235 1236 if (rt && lifetime == 0) { 1237 neigh_clone(neigh); 1238 ip6_del_rt(rt); 1239 rt = NULL; 1240 } 1241 1242 if (rt == NULL && lifetime) { 1243 ND_PRINTK3(KERN_DEBUG 1244 "ICMPv6 RA: adding default router.\n"); 1245 1246 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref); 1247 if (rt == NULL) { 1248 ND_PRINTK0(KERN_ERR 1249 "ICMPv6 RA: %s() failed to add default route.\n", 1250 __func__); 1251 return; 1252 } 1253 1254 neigh = dst_get_neighbour_noref(&rt->dst); 1255 if (neigh == NULL) { 1256 ND_PRINTK0(KERN_ERR 1257 "ICMPv6 RA: %s() got default router without neighbour.\n", 1258 __func__); 1259 dst_release(&rt->dst); 1260 return; 1261 } 1262 neigh->flags |= NTF_ROUTER; 1263 } else if (rt) { 1264 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref); 1265 } 1266 1267 if (rt) 1268 rt->rt6i_expires = jiffies + (HZ * lifetime); 1269 1270 if (ra_msg->icmph.icmp6_hop_limit) { 1271 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit; 1272 if (rt) 1273 dst_metric_set(&rt->dst, RTAX_HOPLIMIT, 1274 ra_msg->icmph.icmp6_hop_limit); 1275 } 1276 1277 skip_defrtr: 1278 1279 /* 1280 * Update Reachable Time and Retrans Timer 1281 */ 1282 1283 if (in6_dev->nd_parms) { 1284 unsigned long rtime = ntohl(ra_msg->retrans_timer); 1285 1286 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) { 1287 rtime = (rtime*HZ)/1000; 1288 if (rtime < HZ/10) 1289 rtime = HZ/10; 1290 in6_dev->nd_parms->retrans_time = rtime; 1291 in6_dev->tstamp = jiffies; 1292 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev); 1293 } 1294 1295 rtime = ntohl(ra_msg->reachable_time); 1296 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) { 1297 rtime = (rtime*HZ)/1000; 1298 1299 if (rtime < HZ/10) 1300 rtime = HZ/10; 1301 1302 if (rtime != in6_dev->nd_parms->base_reachable_time) { 1303 in6_dev->nd_parms->base_reachable_time = rtime; 1304 in6_dev->nd_parms->gc_staletime = 3 * rtime; 1305 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime); 1306 in6_dev->tstamp = jiffies; 1307 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev); 1308 } 1309 } 1310 } 1311 1312 skip_linkparms: 1313 1314 /* 1315 * Process options. 1316 */ 1317 1318 if (!neigh) 1319 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr, 1320 skb->dev, 1); 1321 if (neigh) { 1322 u8 *lladdr = NULL; 1323 if (ndopts.nd_opts_src_lladdr) { 1324 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, 1325 skb->dev); 1326 if (!lladdr) { 1327 ND_PRINTK2(KERN_WARNING 1328 "ICMPv6 RA: invalid link-layer address length\n"); 1329 goto out; 1330 } 1331 } 1332 neigh_update(neigh, lladdr, NUD_STALE, 1333 NEIGH_UPDATE_F_WEAK_OVERRIDE| 1334 NEIGH_UPDATE_F_OVERRIDE| 1335 NEIGH_UPDATE_F_OVERRIDE_ISROUTER| 1336 NEIGH_UPDATE_F_ISROUTER); 1337 } 1338 1339 if (!accept_ra(in6_dev)) 1340 goto out; 1341 1342 #ifdef CONFIG_IPV6_ROUTE_INFO 1343 if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0)) 1344 goto skip_routeinfo; 1345 1346 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) { 1347 struct nd_opt_hdr *p; 1348 for (p = ndopts.nd_opts_ri; 1349 p; 1350 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) { 1351 struct route_info *ri = (struct route_info *)p; 1352 #ifdef CONFIG_IPV6_NDISC_NODETYPE 1353 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT && 1354 ri->prefix_len == 0) 1355 continue; 1356 #endif 1357 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen) 1358 continue; 1359 rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3, 1360 &ipv6_hdr(skb)->saddr); 1361 } 1362 } 1363 1364 skip_routeinfo: 1365 #endif 1366 1367 #ifdef CONFIG_IPV6_NDISC_NODETYPE 1368 /* skip link-specific ndopts from interior routers */ 1369 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) 1370 goto out; 1371 #endif 1372 1373 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) { 1374 struct nd_opt_hdr *p; 1375 for (p = ndopts.nd_opts_pi; 1376 p; 1377 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) { 1378 addrconf_prefix_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3); 1379 } 1380 } 1381 1382 if (ndopts.nd_opts_mtu) { 1383 __be32 n; 1384 u32 mtu; 1385 1386 memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu)); 1387 mtu = ntohl(n); 1388 1389 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) { 1390 ND_PRINTK2(KERN_WARNING 1391 "ICMPv6 RA: invalid mtu: %d\n", 1392 mtu); 1393 } else if (in6_dev->cnf.mtu6 != mtu) { 1394 in6_dev->cnf.mtu6 = mtu; 1395 1396 if (rt) 1397 dst_metric_set(&rt->dst, RTAX_MTU, mtu); 1398 1399 rt6_mtu_change(skb->dev, mtu); 1400 } 1401 } 1402 1403 if (ndopts.nd_useropts) { 1404 struct nd_opt_hdr *p; 1405 for (p = ndopts.nd_useropts; 1406 p; 1407 p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) { 1408 ndisc_ra_useropt(skb, p); 1409 } 1410 } 1411 1412 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) { 1413 ND_PRINTK2(KERN_WARNING 1414 "ICMPv6 RA: invalid RA options"); 1415 } 1416 out: 1417 if (rt) 1418 dst_release(&rt->dst); 1419 else if (neigh) 1420 neigh_release(neigh); 1421 } 1422 1423 static void ndisc_redirect_rcv(struct sk_buff *skb) 1424 { 1425 struct inet6_dev *in6_dev; 1426 struct icmp6hdr *icmph; 1427 const struct in6_addr *dest; 1428 const struct in6_addr *target; /* new first hop to destination */ 1429 struct neighbour *neigh; 1430 int on_link = 0; 1431 struct ndisc_options ndopts; 1432 int optlen; 1433 u8 *lladdr = NULL; 1434 1435 #ifdef CONFIG_IPV6_NDISC_NODETYPE 1436 switch (skb->ndisc_nodetype) { 1437 case NDISC_NODETYPE_HOST: 1438 case NDISC_NODETYPE_NODEFAULT: 1439 ND_PRINTK2(KERN_WARNING 1440 "ICMPv6 Redirect: from host or unauthorized router\n"); 1441 return; 1442 } 1443 #endif 1444 1445 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) { 1446 ND_PRINTK2(KERN_WARNING 1447 "ICMPv6 Redirect: source address is not link-local.\n"); 1448 return; 1449 } 1450 1451 optlen = skb->tail - skb->transport_header; 1452 optlen -= sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr); 1453 1454 if (optlen < 0) { 1455 ND_PRINTK2(KERN_WARNING 1456 "ICMPv6 Redirect: packet too short\n"); 1457 return; 1458 } 1459 1460 icmph = icmp6_hdr(skb); 1461 target = (const struct in6_addr *) (icmph + 1); 1462 dest = target + 1; 1463 1464 if (ipv6_addr_is_multicast(dest)) { 1465 ND_PRINTK2(KERN_WARNING 1466 "ICMPv6 Redirect: destination address is multicast.\n"); 1467 return; 1468 } 1469 1470 if (ipv6_addr_equal(dest, target)) { 1471 on_link = 1; 1472 } else if (ipv6_addr_type(target) != 1473 (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) { 1474 ND_PRINTK2(KERN_WARNING 1475 "ICMPv6 Redirect: target address is not link-local unicast.\n"); 1476 return; 1477 } 1478 1479 in6_dev = __in6_dev_get(skb->dev); 1480 if (!in6_dev) 1481 return; 1482 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects) 1483 return; 1484 1485 /* RFC2461 8.1: 1486 * The IP source address of the Redirect MUST be the same as the current 1487 * first-hop router for the specified ICMP Destination Address. 1488 */ 1489 1490 if (!ndisc_parse_options((u8*)(dest + 1), optlen, &ndopts)) { 1491 ND_PRINTK2(KERN_WARNING 1492 "ICMPv6 Redirect: invalid ND options\n"); 1493 return; 1494 } 1495 if (ndopts.nd_opts_tgt_lladdr) { 1496 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, 1497 skb->dev); 1498 if (!lladdr) { 1499 ND_PRINTK2(KERN_WARNING 1500 "ICMPv6 Redirect: invalid link-layer address length\n"); 1501 return; 1502 } 1503 } 1504 1505 neigh = __neigh_lookup(&nd_tbl, target, skb->dev, 1); 1506 if (neigh) { 1507 rt6_redirect(dest, &ipv6_hdr(skb)->daddr, 1508 &ipv6_hdr(skb)->saddr, neigh, lladdr, 1509 on_link); 1510 neigh_release(neigh); 1511 } 1512 } 1513 1514 void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh, 1515 const struct in6_addr *target) 1516 { 1517 struct net_device *dev = skb->dev; 1518 struct net *net = dev_net(dev); 1519 struct sock *sk = net->ipv6.ndisc_sk; 1520 int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr); 1521 struct sk_buff *buff; 1522 struct icmp6hdr *icmph; 1523 struct in6_addr saddr_buf; 1524 struct in6_addr *addrp; 1525 struct rt6_info *rt; 1526 struct dst_entry *dst; 1527 struct inet6_dev *idev; 1528 struct flowi6 fl6; 1529 u8 *opt; 1530 int hlen, tlen; 1531 int rd_len; 1532 int err; 1533 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL; 1534 1535 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) { 1536 ND_PRINTK2(KERN_WARNING 1537 "ICMPv6 Redirect: no link-local address on %s\n", 1538 dev->name); 1539 return; 1540 } 1541 1542 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) && 1543 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) { 1544 ND_PRINTK2(KERN_WARNING 1545 "ICMPv6 Redirect: target address is not link-local unicast.\n"); 1546 return; 1547 } 1548 1549 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT, 1550 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex); 1551 1552 dst = ip6_route_output(net, NULL, &fl6); 1553 if (dst == NULL) 1554 return; 1555 1556 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0); 1557 if (IS_ERR(dst)) 1558 return; 1559 1560 rt = (struct rt6_info *) dst; 1561 1562 if (rt->rt6i_flags & RTF_GATEWAY) { 1563 ND_PRINTK2(KERN_WARNING 1564 "ICMPv6 Redirect: destination is not a neighbour.\n"); 1565 goto release; 1566 } 1567 if (!rt->rt6i_peer) 1568 rt6_bind_peer(rt, 1); 1569 if (!inet_peer_xrlim_allow(rt->rt6i_peer, 1*HZ)) 1570 goto release; 1571 1572 if (dev->addr_len) { 1573 read_lock_bh(&neigh->lock); 1574 if (neigh->nud_state & NUD_VALID) { 1575 memcpy(ha_buf, neigh->ha, dev->addr_len); 1576 read_unlock_bh(&neigh->lock); 1577 ha = ha_buf; 1578 len += ndisc_opt_addr_space(dev); 1579 } else 1580 read_unlock_bh(&neigh->lock); 1581 } 1582 1583 rd_len = min_t(unsigned int, 1584 IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8); 1585 rd_len &= ~0x7; 1586 len += rd_len; 1587 1588 hlen = LL_RESERVED_SPACE(dev); 1589 tlen = dev->needed_tailroom; 1590 buff = sock_alloc_send_skb(sk, 1591 (MAX_HEADER + sizeof(struct ipv6hdr) + 1592 len + hlen + tlen), 1593 1, &err); 1594 if (buff == NULL) { 1595 ND_PRINTK0(KERN_ERR 1596 "ICMPv6 Redirect: %s() failed to allocate an skb, err=%d.\n", 1597 __func__, err); 1598 goto release; 1599 } 1600 1601 skb_reserve(buff, hlen); 1602 ip6_nd_hdr(sk, buff, dev, &saddr_buf, &ipv6_hdr(skb)->saddr, 1603 IPPROTO_ICMPV6, len); 1604 1605 skb_set_transport_header(buff, skb_tail_pointer(buff) - buff->data); 1606 skb_put(buff, len); 1607 icmph = icmp6_hdr(buff); 1608 1609 memset(icmph, 0, sizeof(struct icmp6hdr)); 1610 icmph->icmp6_type = NDISC_REDIRECT; 1611 1612 /* 1613 * copy target and destination addresses 1614 */ 1615 1616 addrp = (struct in6_addr *)(icmph + 1); 1617 *addrp = *target; 1618 addrp++; 1619 *addrp = ipv6_hdr(skb)->daddr; 1620 1621 opt = (u8*) (addrp + 1); 1622 1623 /* 1624 * include target_address option 1625 */ 1626 1627 if (ha) 1628 opt = ndisc_fill_addr_option(opt, ND_OPT_TARGET_LL_ADDR, ha, 1629 dev->addr_len, dev->type); 1630 1631 /* 1632 * build redirect option and copy skb over to the new packet. 1633 */ 1634 1635 memset(opt, 0, 8); 1636 *(opt++) = ND_OPT_REDIRECT_HDR; 1637 *(opt++) = (rd_len >> 3); 1638 opt += 6; 1639 1640 memcpy(opt, ipv6_hdr(skb), rd_len - 8); 1641 1642 icmph->icmp6_cksum = csum_ipv6_magic(&saddr_buf, &ipv6_hdr(skb)->saddr, 1643 len, IPPROTO_ICMPV6, 1644 csum_partial(icmph, len, 0)); 1645 1646 skb_dst_set(buff, dst); 1647 rcu_read_lock(); 1648 idev = __in6_dev_get(dst->dev); 1649 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len); 1650 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, buff, NULL, dst->dev, 1651 dst_output); 1652 if (!err) { 1653 ICMP6MSGOUT_INC_STATS(net, idev, NDISC_REDIRECT); 1654 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS); 1655 } 1656 1657 rcu_read_unlock(); 1658 return; 1659 1660 release: 1661 dst_release(dst); 1662 } 1663 1664 static void pndisc_redo(struct sk_buff *skb) 1665 { 1666 ndisc_recv_ns(skb); 1667 kfree_skb(skb); 1668 } 1669 1670 int ndisc_rcv(struct sk_buff *skb) 1671 { 1672 struct nd_msg *msg; 1673 1674 if (!pskb_may_pull(skb, skb->len)) 1675 return 0; 1676 1677 msg = (struct nd_msg *)skb_transport_header(skb); 1678 1679 __skb_push(skb, skb->data - skb_transport_header(skb)); 1680 1681 if (ipv6_hdr(skb)->hop_limit != 255) { 1682 ND_PRINTK2(KERN_WARNING 1683 "ICMPv6 NDISC: invalid hop-limit: %d\n", 1684 ipv6_hdr(skb)->hop_limit); 1685 return 0; 1686 } 1687 1688 if (msg->icmph.icmp6_code != 0) { 1689 ND_PRINTK2(KERN_WARNING 1690 "ICMPv6 NDISC: invalid ICMPv6 code: %d\n", 1691 msg->icmph.icmp6_code); 1692 return 0; 1693 } 1694 1695 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb)); 1696 1697 switch (msg->icmph.icmp6_type) { 1698 case NDISC_NEIGHBOUR_SOLICITATION: 1699 ndisc_recv_ns(skb); 1700 break; 1701 1702 case NDISC_NEIGHBOUR_ADVERTISEMENT: 1703 ndisc_recv_na(skb); 1704 break; 1705 1706 case NDISC_ROUTER_SOLICITATION: 1707 ndisc_recv_rs(skb); 1708 break; 1709 1710 case NDISC_ROUTER_ADVERTISEMENT: 1711 ndisc_router_discovery(skb); 1712 break; 1713 1714 case NDISC_REDIRECT: 1715 ndisc_redirect_rcv(skb); 1716 break; 1717 } 1718 1719 return 0; 1720 } 1721 1722 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr) 1723 { 1724 struct net_device *dev = ptr; 1725 struct net *net = dev_net(dev); 1726 1727 switch (event) { 1728 case NETDEV_CHANGEADDR: 1729 neigh_changeaddr(&nd_tbl, dev); 1730 fib6_run_gc(~0UL, net); 1731 break; 1732 case NETDEV_DOWN: 1733 neigh_ifdown(&nd_tbl, dev); 1734 fib6_run_gc(~0UL, net); 1735 break; 1736 case NETDEV_NOTIFY_PEERS: 1737 ndisc_send_unsol_na(dev); 1738 break; 1739 default: 1740 break; 1741 } 1742 1743 return NOTIFY_DONE; 1744 } 1745 1746 static struct notifier_block ndisc_netdev_notifier = { 1747 .notifier_call = ndisc_netdev_event, 1748 }; 1749 1750 #ifdef CONFIG_SYSCTL 1751 static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl, 1752 const char *func, const char *dev_name) 1753 { 1754 static char warncomm[TASK_COMM_LEN]; 1755 static int warned; 1756 if (strcmp(warncomm, current->comm) && warned < 5) { 1757 strcpy(warncomm, current->comm); 1758 printk(KERN_WARNING 1759 "process `%s' is using deprecated sysctl (%s) " 1760 "net.ipv6.neigh.%s.%s; " 1761 "Use net.ipv6.neigh.%s.%s_ms " 1762 "instead.\n", 1763 warncomm, func, 1764 dev_name, ctl->procname, 1765 dev_name, ctl->procname); 1766 warned++; 1767 } 1768 } 1769 1770 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos) 1771 { 1772 struct net_device *dev = ctl->extra1; 1773 struct inet6_dev *idev; 1774 int ret; 1775 1776 if ((strcmp(ctl->procname, "retrans_time") == 0) || 1777 (strcmp(ctl->procname, "base_reachable_time") == 0)) 1778 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default"); 1779 1780 if (strcmp(ctl->procname, "retrans_time") == 0) 1781 ret = proc_dointvec(ctl, write, buffer, lenp, ppos); 1782 1783 else if (strcmp(ctl->procname, "base_reachable_time") == 0) 1784 ret = proc_dointvec_jiffies(ctl, write, 1785 buffer, lenp, ppos); 1786 1787 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) || 1788 (strcmp(ctl->procname, "base_reachable_time_ms") == 0)) 1789 ret = proc_dointvec_ms_jiffies(ctl, write, 1790 buffer, lenp, ppos); 1791 else 1792 ret = -1; 1793 1794 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) { 1795 if (ctl->data == &idev->nd_parms->base_reachable_time) 1796 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time); 1797 idev->tstamp = jiffies; 1798 inet6_ifinfo_notify(RTM_NEWLINK, idev); 1799 in6_dev_put(idev); 1800 } 1801 return ret; 1802 } 1803 1804 1805 #endif 1806 1807 static int __net_init ndisc_net_init(struct net *net) 1808 { 1809 struct ipv6_pinfo *np; 1810 struct sock *sk; 1811 int err; 1812 1813 err = inet_ctl_sock_create(&sk, PF_INET6, 1814 SOCK_RAW, IPPROTO_ICMPV6, net); 1815 if (err < 0) { 1816 ND_PRINTK0(KERN_ERR 1817 "ICMPv6 NDISC: Failed to initialize the control socket (err %d).\n", 1818 err); 1819 return err; 1820 } 1821 1822 net->ipv6.ndisc_sk = sk; 1823 1824 np = inet6_sk(sk); 1825 np->hop_limit = 255; 1826 /* Do not loopback ndisc messages */ 1827 np->mc_loop = 0; 1828 1829 return 0; 1830 } 1831 1832 static void __net_exit ndisc_net_exit(struct net *net) 1833 { 1834 inet_ctl_sock_destroy(net->ipv6.ndisc_sk); 1835 } 1836 1837 static struct pernet_operations ndisc_net_ops = { 1838 .init = ndisc_net_init, 1839 .exit = ndisc_net_exit, 1840 }; 1841 1842 int __init ndisc_init(void) 1843 { 1844 int err; 1845 1846 err = register_pernet_subsys(&ndisc_net_ops); 1847 if (err) 1848 return err; 1849 /* 1850 * Initialize the neighbour table 1851 */ 1852 neigh_table_init(&nd_tbl); 1853 1854 #ifdef CONFIG_SYSCTL 1855 err = neigh_sysctl_register(NULL, &nd_tbl.parms, "ipv6", 1856 &ndisc_ifinfo_sysctl_change); 1857 if (err) 1858 goto out_unregister_pernet; 1859 #endif 1860 err = register_netdevice_notifier(&ndisc_netdev_notifier); 1861 if (err) 1862 goto out_unregister_sysctl; 1863 out: 1864 return err; 1865 1866 out_unregister_sysctl: 1867 #ifdef CONFIG_SYSCTL 1868 neigh_sysctl_unregister(&nd_tbl.parms); 1869 out_unregister_pernet: 1870 #endif 1871 unregister_pernet_subsys(&ndisc_net_ops); 1872 goto out; 1873 } 1874 1875 void ndisc_cleanup(void) 1876 { 1877 unregister_netdevice_notifier(&ndisc_netdev_notifier); 1878 #ifdef CONFIG_SYSCTL 1879 neigh_sysctl_unregister(&nd_tbl.parms); 1880 #endif 1881 neigh_table_clear(&nd_tbl); 1882 unregister_pernet_subsys(&ndisc_net_ops); 1883 } 1884