1 // SPDX-License-Identifier: GPL-2.0-or-later 2 /* 3 * Neighbour Discovery for IPv6 4 * Linux INET6 implementation 5 * 6 * Authors: 7 * Pedro Roque <roque@di.fc.ul.pt> 8 * Mike Shaver <shaver@ingenia.com> 9 */ 10 11 /* 12 * Changes: 13 * 14 * Alexey I. Froloff : RFC6106 (DNSSL) support 15 * Pierre Ynard : export userland ND options 16 * through netlink (RDNSS support) 17 * Lars Fenneberg : fixed MTU setting on receipt 18 * of an RA. 19 * Janos Farkas : kmalloc failure checks 20 * Alexey Kuznetsov : state machine reworked 21 * and moved to net/core. 22 * Pekka Savola : RFC2461 validation 23 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly 24 */ 25 26 #define pr_fmt(fmt) "ICMPv6: " fmt 27 28 #include <linux/module.h> 29 #include <linux/errno.h> 30 #include <linux/types.h> 31 #include <linux/socket.h> 32 #include <linux/sockios.h> 33 #include <linux/sched.h> 34 #include <linux/net.h> 35 #include <linux/in6.h> 36 #include <linux/route.h> 37 #include <linux/init.h> 38 #include <linux/rcupdate.h> 39 #include <linux/slab.h> 40 #ifdef CONFIG_SYSCTL 41 #include <linux/sysctl.h> 42 #endif 43 44 #include <linux/if_addr.h> 45 #include <linux/if_ether.h> 46 #include <linux/if_arp.h> 47 #include <linux/ipv6.h> 48 #include <linux/icmpv6.h> 49 #include <linux/jhash.h> 50 51 #include <net/sock.h> 52 #include <net/snmp.h> 53 54 #include <net/ipv6.h> 55 #include <net/protocol.h> 56 #include <net/ndisc.h> 57 #include <net/ip6_route.h> 58 #include <net/addrconf.h> 59 #include <net/icmp.h> 60 61 #include <net/netlink.h> 62 #include <linux/rtnetlink.h> 63 64 #include <net/flow.h> 65 #include <net/ip6_checksum.h> 66 #include <net/inet_common.h> 67 #include <linux/proc_fs.h> 68 69 #include <linux/netfilter.h> 70 #include <linux/netfilter_ipv6.h> 71 72 static u32 ndisc_hash(const void *pkey, 73 const struct net_device *dev, 74 __u32 *hash_rnd); 75 static bool ndisc_key_eq(const struct neighbour *neigh, const void *pkey); 76 static bool ndisc_allow_add(const struct net_device *dev, 77 struct netlink_ext_ack *extack); 78 static int ndisc_constructor(struct neighbour *neigh); 79 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb); 80 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb); 81 static int pndisc_constructor(struct pneigh_entry *n); 82 static void pndisc_destructor(struct pneigh_entry *n); 83 static void pndisc_redo(struct sk_buff *skb); 84 static int ndisc_is_multicast(const void *pkey); 85 86 static const struct neigh_ops ndisc_generic_ops = { 87 .family = AF_INET6, 88 .solicit = ndisc_solicit, 89 .error_report = ndisc_error_report, 90 .output = neigh_resolve_output, 91 .connected_output = neigh_connected_output, 92 }; 93 94 static const struct neigh_ops ndisc_hh_ops = { 95 .family = AF_INET6, 96 .solicit = ndisc_solicit, 97 .error_report = ndisc_error_report, 98 .output = neigh_resolve_output, 99 .connected_output = neigh_resolve_output, 100 }; 101 102 103 static const struct neigh_ops ndisc_direct_ops = { 104 .family = AF_INET6, 105 .output = neigh_direct_output, 106 .connected_output = neigh_direct_output, 107 }; 108 109 struct neigh_table nd_tbl = { 110 .family = AF_INET6, 111 .key_len = sizeof(struct in6_addr), 112 .protocol = cpu_to_be16(ETH_P_IPV6), 113 .hash = ndisc_hash, 114 .key_eq = ndisc_key_eq, 115 .constructor = ndisc_constructor, 116 .pconstructor = pndisc_constructor, 117 .pdestructor = pndisc_destructor, 118 .proxy_redo = pndisc_redo, 119 .is_multicast = ndisc_is_multicast, 120 .allow_add = ndisc_allow_add, 121 .id = "ndisc_cache", 122 .parms = { 123 .tbl = &nd_tbl, 124 .reachable_time = ND_REACHABLE_TIME, 125 .data = { 126 [NEIGH_VAR_MCAST_PROBES] = 3, 127 [NEIGH_VAR_UCAST_PROBES] = 3, 128 [NEIGH_VAR_RETRANS_TIME] = ND_RETRANS_TIMER, 129 [NEIGH_VAR_BASE_REACHABLE_TIME] = ND_REACHABLE_TIME, 130 [NEIGH_VAR_DELAY_PROBE_TIME] = 5 * HZ, 131 [NEIGH_VAR_INTERVAL_PROBE_TIME_MS] = 5 * HZ, 132 [NEIGH_VAR_GC_STALETIME] = 60 * HZ, 133 [NEIGH_VAR_QUEUE_LEN_BYTES] = SK_WMEM_MAX, 134 [NEIGH_VAR_PROXY_QLEN] = 64, 135 [NEIGH_VAR_ANYCAST_DELAY] = 1 * HZ, 136 [NEIGH_VAR_PROXY_DELAY] = (8 * HZ) / 10, 137 }, 138 }, 139 .gc_interval = 30 * HZ, 140 .gc_thresh1 = 128, 141 .gc_thresh2 = 512, 142 .gc_thresh3 = 1024, 143 }; 144 EXPORT_SYMBOL_GPL(nd_tbl); 145 146 void __ndisc_fill_addr_option(struct sk_buff *skb, int type, const void *data, 147 int data_len, int pad) 148 { 149 int space = __ndisc_opt_addr_space(data_len, pad); 150 u8 *opt = skb_put(skb, space); 151 152 opt[0] = type; 153 opt[1] = space>>3; 154 155 memset(opt + 2, 0, pad); 156 opt += pad; 157 space -= pad; 158 159 memcpy(opt+2, data, data_len); 160 data_len += 2; 161 opt += data_len; 162 space -= data_len; 163 if (space > 0) 164 memset(opt, 0, space); 165 } 166 EXPORT_SYMBOL_GPL(__ndisc_fill_addr_option); 167 168 static inline void ndisc_fill_addr_option(struct sk_buff *skb, int type, 169 const void *data, u8 icmp6_type) 170 { 171 __ndisc_fill_addr_option(skb, type, data, skb->dev->addr_len, 172 ndisc_addr_option_pad(skb->dev->type)); 173 ndisc_ops_fill_addr_option(skb->dev, skb, icmp6_type); 174 } 175 176 static inline void ndisc_fill_redirect_addr_option(struct sk_buff *skb, 177 void *ha, 178 const u8 *ops_data) 179 { 180 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR, ha, NDISC_REDIRECT); 181 ndisc_ops_fill_redirect_addr_option(skb->dev, skb, ops_data); 182 } 183 184 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur, 185 struct nd_opt_hdr *end) 186 { 187 int type; 188 if (!cur || !end || cur >= end) 189 return NULL; 190 type = cur->nd_opt_type; 191 do { 192 cur = ((void *)cur) + (cur->nd_opt_len << 3); 193 } while (cur < end && cur->nd_opt_type != type); 194 return cur <= end && cur->nd_opt_type == type ? cur : NULL; 195 } 196 197 static inline int ndisc_is_useropt(const struct net_device *dev, 198 struct nd_opt_hdr *opt) 199 { 200 return opt->nd_opt_type == ND_OPT_PREFIX_INFO || 201 opt->nd_opt_type == ND_OPT_RDNSS || 202 opt->nd_opt_type == ND_OPT_DNSSL || 203 opt->nd_opt_type == ND_OPT_6CO || 204 opt->nd_opt_type == ND_OPT_CAPTIVE_PORTAL || 205 opt->nd_opt_type == ND_OPT_PREF64; 206 } 207 208 static struct nd_opt_hdr *ndisc_next_useropt(const struct net_device *dev, 209 struct nd_opt_hdr *cur, 210 struct nd_opt_hdr *end) 211 { 212 if (!cur || !end || cur >= end) 213 return NULL; 214 do { 215 cur = ((void *)cur) + (cur->nd_opt_len << 3); 216 } while (cur < end && !ndisc_is_useropt(dev, cur)); 217 return cur <= end && ndisc_is_useropt(dev, cur) ? cur : NULL; 218 } 219 220 struct ndisc_options *ndisc_parse_options(const struct net_device *dev, 221 u8 *opt, int opt_len, 222 struct ndisc_options *ndopts) 223 { 224 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt; 225 226 if (!nd_opt || opt_len < 0 || !ndopts) 227 return NULL; 228 memset(ndopts, 0, sizeof(*ndopts)); 229 while (opt_len) { 230 bool unknown = false; 231 int l; 232 if (opt_len < sizeof(struct nd_opt_hdr)) 233 return NULL; 234 l = nd_opt->nd_opt_len << 3; 235 if (opt_len < l || l == 0) 236 return NULL; 237 if (ndisc_ops_parse_options(dev, nd_opt, ndopts)) 238 goto next_opt; 239 switch (nd_opt->nd_opt_type) { 240 case ND_OPT_SOURCE_LL_ADDR: 241 case ND_OPT_TARGET_LL_ADDR: 242 case ND_OPT_MTU: 243 case ND_OPT_NONCE: 244 case ND_OPT_REDIRECT_HDR: 245 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) { 246 net_dbg_ratelimited("%s: duplicated ND6 option found: type=%d\n", 247 __func__, nd_opt->nd_opt_type); 248 } else { 249 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 250 } 251 break; 252 case ND_OPT_PREFIX_INFO: 253 ndopts->nd_opts_pi_end = nd_opt; 254 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type]) 255 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 256 break; 257 #ifdef CONFIG_IPV6_ROUTE_INFO 258 case ND_OPT_ROUTE_INFO: 259 ndopts->nd_opts_ri_end = nd_opt; 260 if (!ndopts->nd_opts_ri) 261 ndopts->nd_opts_ri = nd_opt; 262 break; 263 #endif 264 default: 265 unknown = true; 266 } 267 if (ndisc_is_useropt(dev, nd_opt)) { 268 ndopts->nd_useropts_end = nd_opt; 269 if (!ndopts->nd_useropts) 270 ndopts->nd_useropts = nd_opt; 271 } else if (unknown) { 272 /* 273 * Unknown options must be silently ignored, 274 * to accommodate future extension to the 275 * protocol. 276 */ 277 net_dbg_ratelimited("%s: ignored unsupported option; type=%d, len=%d\n", 278 __func__, nd_opt->nd_opt_type, nd_opt->nd_opt_len); 279 } 280 next_opt: 281 opt_len -= l; 282 nd_opt = ((void *)nd_opt) + l; 283 } 284 return ndopts; 285 } 286 287 int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir) 288 { 289 switch (dev->type) { 290 case ARPHRD_ETHER: 291 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */ 292 case ARPHRD_FDDI: 293 ipv6_eth_mc_map(addr, buf); 294 return 0; 295 case ARPHRD_ARCNET: 296 ipv6_arcnet_mc_map(addr, buf); 297 return 0; 298 case ARPHRD_INFINIBAND: 299 ipv6_ib_mc_map(addr, dev->broadcast, buf); 300 return 0; 301 case ARPHRD_IPGRE: 302 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf); 303 default: 304 if (dir) { 305 memcpy(buf, dev->broadcast, dev->addr_len); 306 return 0; 307 } 308 } 309 return -EINVAL; 310 } 311 EXPORT_SYMBOL(ndisc_mc_map); 312 313 static u32 ndisc_hash(const void *pkey, 314 const struct net_device *dev, 315 __u32 *hash_rnd) 316 { 317 return ndisc_hashfn(pkey, dev, hash_rnd); 318 } 319 320 static bool ndisc_key_eq(const struct neighbour *n, const void *pkey) 321 { 322 return neigh_key_eq128(n, pkey); 323 } 324 325 static int ndisc_constructor(struct neighbour *neigh) 326 { 327 struct in6_addr *addr = (struct in6_addr *)&neigh->primary_key; 328 struct net_device *dev = neigh->dev; 329 struct inet6_dev *in6_dev; 330 struct neigh_parms *parms; 331 bool is_multicast = ipv6_addr_is_multicast(addr); 332 333 in6_dev = in6_dev_get(dev); 334 if (!in6_dev) { 335 return -EINVAL; 336 } 337 338 parms = in6_dev->nd_parms; 339 __neigh_parms_put(neigh->parms); 340 neigh->parms = neigh_parms_clone(parms); 341 342 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST; 343 if (!dev->header_ops) { 344 neigh->nud_state = NUD_NOARP; 345 neigh->ops = &ndisc_direct_ops; 346 neigh->output = neigh_direct_output; 347 } else { 348 if (is_multicast) { 349 neigh->nud_state = NUD_NOARP; 350 ndisc_mc_map(addr, neigh->ha, dev, 1); 351 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) { 352 neigh->nud_state = NUD_NOARP; 353 memcpy(neigh->ha, dev->dev_addr, dev->addr_len); 354 if (dev->flags&IFF_LOOPBACK) 355 neigh->type = RTN_LOCAL; 356 } else if (dev->flags&IFF_POINTOPOINT) { 357 neigh->nud_state = NUD_NOARP; 358 memcpy(neigh->ha, dev->broadcast, dev->addr_len); 359 } 360 if (dev->header_ops->cache) 361 neigh->ops = &ndisc_hh_ops; 362 else 363 neigh->ops = &ndisc_generic_ops; 364 if (neigh->nud_state&NUD_VALID) 365 neigh->output = neigh->ops->connected_output; 366 else 367 neigh->output = neigh->ops->output; 368 } 369 in6_dev_put(in6_dev); 370 return 0; 371 } 372 373 static int pndisc_constructor(struct pneigh_entry *n) 374 { 375 struct in6_addr *addr = (struct in6_addr *)&n->key; 376 struct net_device *dev = n->dev; 377 struct in6_addr maddr; 378 379 if (!dev) 380 return -EINVAL; 381 382 addrconf_addr_solict_mult(addr, &maddr); 383 return ipv6_dev_mc_inc(dev, &maddr); 384 } 385 386 static void pndisc_destructor(struct pneigh_entry *n) 387 { 388 struct in6_addr *addr = (struct in6_addr *)&n->key; 389 struct net_device *dev = n->dev; 390 struct in6_addr maddr; 391 392 if (!dev) 393 return; 394 395 addrconf_addr_solict_mult(addr, &maddr); 396 ipv6_dev_mc_dec(dev, &maddr); 397 } 398 399 /* called with rtnl held */ 400 static bool ndisc_allow_add(const struct net_device *dev, 401 struct netlink_ext_ack *extack) 402 { 403 struct inet6_dev *idev = __in6_dev_get(dev); 404 405 if (!idev || idev->cnf.disable_ipv6) { 406 NL_SET_ERR_MSG(extack, "IPv6 is disabled on this device"); 407 return false; 408 } 409 410 return true; 411 } 412 413 static struct sk_buff *ndisc_alloc_skb(struct net_device *dev, 414 int len) 415 { 416 int hlen = LL_RESERVED_SPACE(dev); 417 int tlen = dev->needed_tailroom; 418 struct sk_buff *skb; 419 420 skb = alloc_skb(hlen + sizeof(struct ipv6hdr) + len + tlen, GFP_ATOMIC); 421 if (!skb) 422 return NULL; 423 424 skb->protocol = htons(ETH_P_IPV6); 425 skb->dev = dev; 426 427 skb_reserve(skb, hlen + sizeof(struct ipv6hdr)); 428 skb_reset_transport_header(skb); 429 430 /* Manually assign socket ownership as we avoid calling 431 * sock_alloc_send_pskb() to bypass wmem buffer limits 432 */ 433 rcu_read_lock(); 434 skb_set_owner_w(skb, dev_net_rcu(dev)->ipv6.ndisc_sk); 435 rcu_read_unlock(); 436 437 return skb; 438 } 439 440 static void ip6_nd_hdr(struct sk_buff *skb, 441 const struct in6_addr *saddr, 442 const struct in6_addr *daddr, 443 int hop_limit, int len) 444 { 445 struct ipv6hdr *hdr; 446 struct inet6_dev *idev; 447 unsigned tclass; 448 449 rcu_read_lock(); 450 idev = __in6_dev_get(skb->dev); 451 tclass = idev ? READ_ONCE(idev->cnf.ndisc_tclass) : 0; 452 rcu_read_unlock(); 453 454 skb_push(skb, sizeof(*hdr)); 455 skb_reset_network_header(skb); 456 hdr = ipv6_hdr(skb); 457 458 ip6_flow_hdr(hdr, tclass, 0); 459 460 hdr->payload_len = htons(len); 461 hdr->nexthdr = IPPROTO_ICMPV6; 462 hdr->hop_limit = hop_limit; 463 464 hdr->saddr = *saddr; 465 hdr->daddr = *daddr; 466 } 467 468 void ndisc_send_skb(struct sk_buff *skb, const struct in6_addr *daddr, 469 const struct in6_addr *saddr) 470 { 471 struct icmp6hdr *icmp6h = icmp6_hdr(skb); 472 struct dst_entry *dst = skb_dst(skb); 473 struct net_device *dev; 474 struct inet6_dev *idev; 475 struct net *net; 476 struct sock *sk; 477 int err; 478 u8 type; 479 480 type = icmp6h->icmp6_type; 481 482 rcu_read_lock(); 483 484 net = dev_net_rcu(skb->dev); 485 sk = net->ipv6.ndisc_sk; 486 if (!dst) { 487 struct flowi6 fl6; 488 int oif = skb->dev->ifindex; 489 490 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, oif); 491 dst = icmp6_dst_alloc(skb->dev, &fl6); 492 if (IS_ERR(dst)) { 493 rcu_read_unlock(); 494 kfree_skb(skb); 495 return; 496 } 497 498 skb_dst_set(skb, dst); 499 } 500 501 icmp6h->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len, 502 IPPROTO_ICMPV6, 503 csum_partial(icmp6h, 504 skb->len, 0)); 505 506 ip6_nd_hdr(skb, saddr, daddr, READ_ONCE(inet6_sk(sk)->hop_limit), skb->len); 507 508 dev = dst_dev(dst); 509 idev = __in6_dev_get(dev); 510 IP6_INC_STATS(net, idev, IPSTATS_MIB_OUTREQUESTS); 511 512 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, 513 net, sk, skb, NULL, dev, 514 dst_output); 515 if (!err) { 516 ICMP6MSGOUT_INC_STATS(net, idev, type); 517 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS); 518 } 519 520 rcu_read_unlock(); 521 } 522 EXPORT_SYMBOL(ndisc_send_skb); 523 524 void ndisc_send_na(struct net_device *dev, const struct in6_addr *daddr, 525 const struct in6_addr *solicited_addr, 526 bool router, bool solicited, bool override, bool inc_opt) 527 { 528 struct sk_buff *skb; 529 struct in6_addr tmpaddr; 530 struct inet6_ifaddr *ifp; 531 const struct in6_addr *src_addr; 532 struct nd_msg *msg; 533 int optlen = 0; 534 535 /* for anycast or proxy, solicited_addr != src_addr */ 536 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1); 537 if (ifp) { 538 src_addr = solicited_addr; 539 if (ifp->flags & IFA_F_OPTIMISTIC) 540 override = false; 541 inc_opt |= READ_ONCE(ifp->idev->cnf.force_tllao); 542 in6_ifa_put(ifp); 543 } else { 544 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr, 545 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs, 546 &tmpaddr)) 547 return; 548 src_addr = &tmpaddr; 549 } 550 551 if (!dev->addr_len) 552 inc_opt = false; 553 if (inc_opt) 554 optlen += ndisc_opt_addr_space(dev, 555 NDISC_NEIGHBOUR_ADVERTISEMENT); 556 557 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen); 558 if (!skb) 559 return; 560 561 msg = skb_put(skb, sizeof(*msg)); 562 *msg = (struct nd_msg) { 563 .icmph = { 564 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT, 565 .icmp6_router = router, 566 .icmp6_solicited = solicited, 567 .icmp6_override = override, 568 }, 569 .target = *solicited_addr, 570 }; 571 572 if (inc_opt) 573 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR, 574 dev->dev_addr, 575 NDISC_NEIGHBOUR_ADVERTISEMENT); 576 577 ndisc_send_skb(skb, daddr, src_addr); 578 } 579 580 static void ndisc_send_unsol_na(struct net_device *dev) 581 { 582 struct inet6_dev *idev; 583 struct inet6_ifaddr *ifa; 584 585 idev = in6_dev_get(dev); 586 if (!idev) 587 return; 588 589 read_lock_bh(&idev->lock); 590 list_for_each_entry(ifa, &idev->addr_list, if_list) { 591 /* skip tentative addresses until dad completes */ 592 if (ifa->flags & IFA_F_TENTATIVE && 593 !(ifa->flags & IFA_F_OPTIMISTIC)) 594 continue; 595 596 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &ifa->addr, 597 /*router=*/ !!idev->cnf.forwarding, 598 /*solicited=*/ false, /*override=*/ true, 599 /*inc_opt=*/ true); 600 } 601 read_unlock_bh(&idev->lock); 602 603 in6_dev_put(idev); 604 } 605 606 struct sk_buff *ndisc_ns_create(struct net_device *dev, const struct in6_addr *solicit, 607 const struct in6_addr *saddr, u64 nonce) 608 { 609 int inc_opt = dev->addr_len; 610 struct sk_buff *skb; 611 struct nd_msg *msg; 612 int optlen = 0; 613 614 if (!saddr) 615 return NULL; 616 617 if (ipv6_addr_any(saddr)) 618 inc_opt = false; 619 if (inc_opt) 620 optlen += ndisc_opt_addr_space(dev, 621 NDISC_NEIGHBOUR_SOLICITATION); 622 if (nonce != 0) 623 optlen += 8; 624 625 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen); 626 if (!skb) 627 return NULL; 628 629 msg = skb_put(skb, sizeof(*msg)); 630 *msg = (struct nd_msg) { 631 .icmph = { 632 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION, 633 }, 634 .target = *solicit, 635 }; 636 637 if (inc_opt) 638 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR, 639 dev->dev_addr, 640 NDISC_NEIGHBOUR_SOLICITATION); 641 if (nonce != 0) { 642 u8 *opt = skb_put(skb, 8); 643 644 opt[0] = ND_OPT_NONCE; 645 opt[1] = 8 >> 3; 646 memcpy(opt + 2, &nonce, 6); 647 } 648 649 return skb; 650 } 651 EXPORT_SYMBOL(ndisc_ns_create); 652 653 void ndisc_send_ns(struct net_device *dev, const struct in6_addr *solicit, 654 const struct in6_addr *daddr, const struct in6_addr *saddr, 655 u64 nonce) 656 { 657 struct in6_addr addr_buf; 658 struct sk_buff *skb; 659 660 if (!saddr) { 661 if (ipv6_get_lladdr(dev, &addr_buf, 662 (IFA_F_TENTATIVE | IFA_F_OPTIMISTIC))) 663 return; 664 saddr = &addr_buf; 665 } 666 667 skb = ndisc_ns_create(dev, solicit, saddr, nonce); 668 669 if (skb) 670 ndisc_send_skb(skb, daddr, saddr); 671 } 672 673 void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr, 674 const struct in6_addr *daddr) 675 { 676 struct sk_buff *skb; 677 struct rs_msg *msg; 678 int send_sllao = dev->addr_len; 679 int optlen = 0; 680 681 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD 682 /* 683 * According to section 2.2 of RFC 4429, we must not 684 * send router solicitations with a sllao from 685 * optimistic addresses, but we may send the solicitation 686 * if we don't include the sllao. So here we check 687 * if our address is optimistic, and if so, we 688 * suppress the inclusion of the sllao. 689 */ 690 if (send_sllao) { 691 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr, 692 dev, 1); 693 if (ifp) { 694 if (ifp->flags & IFA_F_OPTIMISTIC) { 695 send_sllao = 0; 696 } 697 in6_ifa_put(ifp); 698 } else { 699 send_sllao = 0; 700 } 701 } 702 #endif 703 if (send_sllao) 704 optlen += ndisc_opt_addr_space(dev, NDISC_ROUTER_SOLICITATION); 705 706 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen); 707 if (!skb) 708 return; 709 710 msg = skb_put(skb, sizeof(*msg)); 711 *msg = (struct rs_msg) { 712 .icmph = { 713 .icmp6_type = NDISC_ROUTER_SOLICITATION, 714 }, 715 }; 716 717 if (send_sllao) 718 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR, 719 dev->dev_addr, 720 NDISC_ROUTER_SOLICITATION); 721 722 ndisc_send_skb(skb, daddr, saddr); 723 } 724 725 726 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb) 727 { 728 /* 729 * "The sender MUST return an ICMP 730 * destination unreachable" 731 */ 732 dst_link_failure(skb); 733 kfree_skb(skb); 734 } 735 736 /* Called with locked neigh: either read or both */ 737 738 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb) 739 { 740 struct in6_addr *saddr = NULL; 741 struct in6_addr mcaddr; 742 struct net_device *dev = neigh->dev; 743 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key; 744 int probes = atomic_read(&neigh->probes); 745 746 if (skb && ipv6_chk_addr_and_flags(dev_net(dev), &ipv6_hdr(skb)->saddr, 747 dev, false, 1, 748 IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) 749 saddr = &ipv6_hdr(skb)->saddr; 750 probes -= NEIGH_VAR(neigh->parms, UCAST_PROBES); 751 if (probes < 0) { 752 if (!(READ_ONCE(neigh->nud_state) & NUD_VALID)) { 753 net_dbg_ratelimited("%s: trying to ucast probe in NUD_INVALID: %pI6\n", 754 __func__, target); 755 } 756 ndisc_send_ns(dev, target, target, saddr, 0); 757 } else if ((probes -= NEIGH_VAR(neigh->parms, APP_PROBES)) < 0) { 758 neigh_app_ns(neigh); 759 } else { 760 addrconf_addr_solict_mult(target, &mcaddr); 761 ndisc_send_ns(dev, target, &mcaddr, saddr, 0); 762 } 763 } 764 765 static int pndisc_is_router(const void *pkey, 766 struct net_device *dev) 767 { 768 struct pneigh_entry *n; 769 int ret = -1; 770 771 read_lock_bh(&nd_tbl.lock); 772 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev); 773 if (n) 774 ret = !!(n->flags & NTF_ROUTER); 775 read_unlock_bh(&nd_tbl.lock); 776 777 return ret; 778 } 779 780 void ndisc_update(const struct net_device *dev, struct neighbour *neigh, 781 const u8 *lladdr, u8 new, u32 flags, u8 icmp6_type, 782 struct ndisc_options *ndopts) 783 { 784 neigh_update(neigh, lladdr, new, flags, 0); 785 /* report ndisc ops about neighbour update */ 786 ndisc_ops_update(dev, neigh, flags, icmp6_type, ndopts); 787 } 788 789 static enum skb_drop_reason ndisc_recv_ns(struct sk_buff *skb) 790 { 791 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb); 792 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 793 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr; 794 u8 *lladdr = NULL; 795 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) + 796 offsetof(struct nd_msg, opt)); 797 struct ndisc_options ndopts; 798 struct net_device *dev = skb->dev; 799 struct inet6_ifaddr *ifp; 800 struct inet6_dev *idev = NULL; 801 struct neighbour *neigh; 802 int dad = ipv6_addr_any(saddr); 803 int is_router = -1; 804 SKB_DR(reason); 805 u64 nonce = 0; 806 bool inc; 807 808 if (skb->len < sizeof(struct nd_msg)) 809 return SKB_DROP_REASON_PKT_TOO_SMALL; 810 811 if (ipv6_addr_is_multicast(&msg->target)) { 812 net_dbg_ratelimited("NS: multicast target address\n"); 813 return reason; 814 } 815 816 /* 817 * RFC2461 7.1.1: 818 * DAD has to be destined for solicited node multicast address. 819 */ 820 if (dad && !ipv6_addr_is_solict_mult(daddr)) { 821 net_dbg_ratelimited("NS: bad DAD packet (wrong destination)\n"); 822 return reason; 823 } 824 825 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) 826 return SKB_DROP_REASON_IPV6_NDISC_BAD_OPTIONS; 827 828 if (ndopts.nd_opts_src_lladdr) { 829 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev); 830 if (!lladdr) { 831 net_dbg_ratelimited("NS: invalid link-layer address length\n"); 832 return reason; 833 } 834 835 /* RFC2461 7.1.1: 836 * If the IP source address is the unspecified address, 837 * there MUST NOT be source link-layer address option 838 * in the message. 839 */ 840 if (dad) { 841 net_dbg_ratelimited("NS: bad DAD packet (link-layer address option)\n"); 842 return reason; 843 } 844 } 845 if (ndopts.nd_opts_nonce && ndopts.nd_opts_nonce->nd_opt_len == 1) 846 memcpy(&nonce, (u8 *)(ndopts.nd_opts_nonce + 1), 6); 847 848 inc = ipv6_addr_is_multicast(daddr); 849 850 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1); 851 if (ifp) { 852 have_ifp: 853 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) { 854 if (dad) { 855 if (nonce != 0 && ifp->dad_nonce == nonce) { 856 u8 *np = (u8 *)&nonce; 857 /* Matching nonce if looped back */ 858 net_dbg_ratelimited("%s: IPv6 DAD loopback for address %pI6c nonce %pM ignored\n", 859 ifp->idev->dev->name, &ifp->addr, np); 860 goto out; 861 } 862 /* 863 * We are colliding with another node 864 * who is doing DAD 865 * so fail our DAD process 866 */ 867 addrconf_dad_failure(skb, ifp); 868 return reason; 869 } else { 870 /* 871 * This is not a dad solicitation. 872 * If we are an optimistic node, 873 * we should respond. 874 * Otherwise, we should ignore it. 875 */ 876 if (!(ifp->flags & IFA_F_OPTIMISTIC)) 877 goto out; 878 } 879 } 880 881 idev = ifp->idev; 882 } else { 883 struct net *net = dev_net(dev); 884 885 /* perhaps an address on the master device */ 886 if (netif_is_l3_slave(dev)) { 887 struct net_device *mdev; 888 889 mdev = netdev_master_upper_dev_get_rcu(dev); 890 if (mdev) { 891 ifp = ipv6_get_ifaddr(net, &msg->target, mdev, 1); 892 if (ifp) 893 goto have_ifp; 894 } 895 } 896 897 idev = in6_dev_get(dev); 898 if (!idev) { 899 /* XXX: count this drop? */ 900 return reason; 901 } 902 903 if (ipv6_chk_acast_addr(net, dev, &msg->target) || 904 (READ_ONCE(idev->cnf.forwarding) && 905 (READ_ONCE(net->ipv6.devconf_all->proxy_ndp) || 906 READ_ONCE(idev->cnf.proxy_ndp)) && 907 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) { 908 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) && 909 skb->pkt_type != PACKET_HOST && 910 inc && 911 NEIGH_VAR(idev->nd_parms, PROXY_DELAY) != 0) { 912 /* 913 * for anycast or proxy, 914 * sender should delay its response 915 * by a random time between 0 and 916 * MAX_ANYCAST_DELAY_TIME seconds. 917 * (RFC2461) -- yoshfuji 918 */ 919 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC); 920 if (n) 921 pneigh_enqueue(&nd_tbl, idev->nd_parms, n); 922 goto out; 923 } 924 } else { 925 SKB_DR_SET(reason, IPV6_NDISC_NS_OTHERHOST); 926 goto out; 927 } 928 } 929 930 if (is_router < 0) 931 is_router = READ_ONCE(idev->cnf.forwarding); 932 933 if (dad) { 934 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &msg->target, 935 !!is_router, false, (ifp != NULL), true); 936 goto out; 937 } 938 939 if (inc) 940 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast); 941 else 942 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast); 943 944 /* 945 * update / create cache entry 946 * for the source address 947 */ 948 neigh = __neigh_lookup(&nd_tbl, saddr, dev, 949 !inc || lladdr || !dev->addr_len); 950 if (neigh) 951 ndisc_update(dev, neigh, lladdr, NUD_STALE, 952 NEIGH_UPDATE_F_WEAK_OVERRIDE| 953 NEIGH_UPDATE_F_OVERRIDE, 954 NDISC_NEIGHBOUR_SOLICITATION, &ndopts); 955 if (neigh || !dev->header_ops) { 956 ndisc_send_na(dev, saddr, &msg->target, !!is_router, 957 true, (ifp != NULL && inc), inc); 958 if (neigh) 959 neigh_release(neigh); 960 reason = SKB_CONSUMED; 961 } 962 963 out: 964 if (ifp) 965 in6_ifa_put(ifp); 966 else 967 in6_dev_put(idev); 968 return reason; 969 } 970 971 static int accept_untracked_na(struct net_device *dev, struct in6_addr *saddr) 972 { 973 struct inet6_dev *idev = __in6_dev_get(dev); 974 975 switch (READ_ONCE(idev->cnf.accept_untracked_na)) { 976 case 0: /* Don't accept untracked na (absent in neighbor cache) */ 977 return 0; 978 case 1: /* Create new entries from na if currently untracked */ 979 return 1; 980 case 2: /* Create new entries from untracked na only if saddr is in the 981 * same subnet as an address configured on the interface that 982 * received the na 983 */ 984 return !!ipv6_chk_prefix(saddr, dev); 985 default: 986 return 0; 987 } 988 } 989 990 static enum skb_drop_reason ndisc_recv_na(struct sk_buff *skb) 991 { 992 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb); 993 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 994 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr; 995 u8 *lladdr = NULL; 996 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) + 997 offsetof(struct nd_msg, opt)); 998 struct ndisc_options ndopts; 999 struct net_device *dev = skb->dev; 1000 struct inet6_dev *idev = __in6_dev_get(dev); 1001 struct inet6_ifaddr *ifp; 1002 struct neighbour *neigh; 1003 SKB_DR(reason); 1004 u8 new_state; 1005 1006 if (skb->len < sizeof(struct nd_msg)) 1007 return SKB_DROP_REASON_PKT_TOO_SMALL; 1008 1009 if (ipv6_addr_is_multicast(&msg->target)) { 1010 net_dbg_ratelimited("NA: target address is multicast\n"); 1011 return reason; 1012 } 1013 1014 if (ipv6_addr_is_multicast(daddr) && 1015 msg->icmph.icmp6_solicited) { 1016 net_dbg_ratelimited("NA: solicited NA is multicasted\n"); 1017 return reason; 1018 } 1019 1020 /* For some 802.11 wireless deployments (and possibly other networks), 1021 * there will be a NA proxy and unsolicitd packets are attacks 1022 * and thus should not be accepted. 1023 * drop_unsolicited_na takes precedence over accept_untracked_na 1024 */ 1025 if (!msg->icmph.icmp6_solicited && idev && 1026 READ_ONCE(idev->cnf.drop_unsolicited_na)) 1027 return reason; 1028 1029 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) 1030 return SKB_DROP_REASON_IPV6_NDISC_BAD_OPTIONS; 1031 1032 if (ndopts.nd_opts_tgt_lladdr) { 1033 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev); 1034 if (!lladdr) { 1035 net_dbg_ratelimited("NA: invalid link-layer address length\n"); 1036 return reason; 1037 } 1038 } 1039 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1); 1040 if (ifp) { 1041 if (skb->pkt_type != PACKET_LOOPBACK 1042 && (ifp->flags & IFA_F_TENTATIVE)) { 1043 addrconf_dad_failure(skb, ifp); 1044 return reason; 1045 } 1046 /* What should we make now? The advertisement 1047 is invalid, but ndisc specs say nothing 1048 about it. It could be misconfiguration, or 1049 an smart proxy agent tries to help us :-) 1050 1051 We should not print the error if NA has been 1052 received from loopback - it is just our own 1053 unsolicited advertisement. 1054 */ 1055 if (skb->pkt_type != PACKET_LOOPBACK) 1056 net_warn_ratelimited("NA: %pM advertised our address %pI6c on %s!\n", 1057 eth_hdr(skb)->h_source, &ifp->addr, 1058 ifp->idev->dev->name); 1059 in6_ifa_put(ifp); 1060 return reason; 1061 } 1062 1063 neigh = neigh_lookup(&nd_tbl, &msg->target, dev); 1064 1065 /* RFC 9131 updates original Neighbour Discovery RFC 4861. 1066 * NAs with Target LL Address option without a corresponding 1067 * entry in the neighbour cache can now create a STALE neighbour 1068 * cache entry on routers. 1069 * 1070 * entry accept fwding solicited behaviour 1071 * ------- ------ ------ --------- ---------------------- 1072 * present X X 0 Set state to STALE 1073 * present X X 1 Set state to REACHABLE 1074 * absent 0 X X Do nothing 1075 * absent 1 0 X Do nothing 1076 * absent 1 1 X Add a new STALE entry 1077 * 1078 * Note that we don't do a (daddr == all-routers-mcast) check. 1079 */ 1080 new_state = msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE; 1081 if (!neigh && lladdr && idev && READ_ONCE(idev->cnf.forwarding)) { 1082 if (accept_untracked_na(dev, saddr)) { 1083 neigh = neigh_create(&nd_tbl, &msg->target, dev); 1084 new_state = NUD_STALE; 1085 } 1086 } 1087 1088 if (neigh && !IS_ERR(neigh)) { 1089 u8 old_flags = neigh->flags; 1090 struct net *net = dev_net(dev); 1091 1092 if (READ_ONCE(neigh->nud_state) & NUD_FAILED) 1093 goto out; 1094 1095 /* 1096 * Don't update the neighbor cache entry on a proxy NA from 1097 * ourselves because either the proxied node is off link or it 1098 * has already sent a NA to us. 1099 */ 1100 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) && 1101 READ_ONCE(net->ipv6.devconf_all->forwarding) && 1102 READ_ONCE(net->ipv6.devconf_all->proxy_ndp) && 1103 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) { 1104 /* XXX: idev->cnf.proxy_ndp */ 1105 goto out; 1106 } 1107 1108 ndisc_update(dev, neigh, lladdr, 1109 new_state, 1110 NEIGH_UPDATE_F_WEAK_OVERRIDE| 1111 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)| 1112 NEIGH_UPDATE_F_OVERRIDE_ISROUTER| 1113 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0), 1114 NDISC_NEIGHBOUR_ADVERTISEMENT, &ndopts); 1115 1116 if ((old_flags & ~neigh->flags) & NTF_ROUTER) { 1117 /* 1118 * Change: router to host 1119 */ 1120 rt6_clean_tohost(dev_net(dev), saddr); 1121 } 1122 reason = SKB_CONSUMED; 1123 out: 1124 neigh_release(neigh); 1125 } 1126 return reason; 1127 } 1128 1129 static enum skb_drop_reason ndisc_recv_rs(struct sk_buff *skb) 1130 { 1131 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb); 1132 unsigned long ndoptlen = skb->len - sizeof(*rs_msg); 1133 struct neighbour *neigh; 1134 struct inet6_dev *idev; 1135 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 1136 struct ndisc_options ndopts; 1137 u8 *lladdr = NULL; 1138 SKB_DR(reason); 1139 1140 if (skb->len < sizeof(*rs_msg)) 1141 return SKB_DROP_REASON_PKT_TOO_SMALL; 1142 1143 idev = __in6_dev_get(skb->dev); 1144 if (!idev) { 1145 net_err_ratelimited("RS: can't find in6 device\n"); 1146 return reason; 1147 } 1148 1149 /* Don't accept RS if we're not in router mode */ 1150 if (!READ_ONCE(idev->cnf.forwarding)) 1151 goto out; 1152 1153 /* 1154 * Don't update NCE if src = ::; 1155 * this implies that the source node has no ip address assigned yet. 1156 */ 1157 if (ipv6_addr_any(saddr)) 1158 goto out; 1159 1160 /* Parse ND options */ 1161 if (!ndisc_parse_options(skb->dev, rs_msg->opt, ndoptlen, &ndopts)) 1162 return SKB_DROP_REASON_IPV6_NDISC_BAD_OPTIONS; 1163 1164 if (ndopts.nd_opts_src_lladdr) { 1165 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, 1166 skb->dev); 1167 if (!lladdr) 1168 goto out; 1169 } 1170 1171 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1); 1172 if (neigh) { 1173 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE, 1174 NEIGH_UPDATE_F_WEAK_OVERRIDE| 1175 NEIGH_UPDATE_F_OVERRIDE| 1176 NEIGH_UPDATE_F_OVERRIDE_ISROUTER, 1177 NDISC_ROUTER_SOLICITATION, &ndopts); 1178 neigh_release(neigh); 1179 reason = SKB_CONSUMED; 1180 } 1181 out: 1182 return reason; 1183 } 1184 1185 static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt) 1186 { 1187 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra); 1188 struct sk_buff *skb; 1189 struct nlmsghdr *nlh; 1190 struct nduseroptmsg *ndmsg; 1191 struct net *net = dev_net(ra->dev); 1192 int err; 1193 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg) 1194 + (opt->nd_opt_len << 3)); 1195 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr)); 1196 1197 skb = nlmsg_new(msg_size, GFP_ATOMIC); 1198 if (!skb) { 1199 err = -ENOBUFS; 1200 goto errout; 1201 } 1202 1203 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0); 1204 if (!nlh) { 1205 goto nla_put_failure; 1206 } 1207 1208 ndmsg = nlmsg_data(nlh); 1209 ndmsg->nduseropt_family = AF_INET6; 1210 ndmsg->nduseropt_ifindex = ra->dev->ifindex; 1211 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type; 1212 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code; 1213 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3; 1214 1215 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3); 1216 1217 if (nla_put_in6_addr(skb, NDUSEROPT_SRCADDR, &ipv6_hdr(ra)->saddr)) 1218 goto nla_put_failure; 1219 nlmsg_end(skb, nlh); 1220 1221 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC); 1222 return; 1223 1224 nla_put_failure: 1225 nlmsg_free(skb); 1226 err = -EMSGSIZE; 1227 errout: 1228 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err); 1229 } 1230 1231 static enum skb_drop_reason ndisc_router_discovery(struct sk_buff *skb) 1232 { 1233 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb); 1234 bool send_ifinfo_notify = false; 1235 struct neighbour *neigh = NULL; 1236 struct ndisc_options ndopts; 1237 struct fib6_info *rt = NULL; 1238 struct inet6_dev *in6_dev; 1239 struct fib6_table *table; 1240 u32 defrtr_usr_metric; 1241 unsigned int pref = 0; 1242 __u32 old_if_flags; 1243 struct net *net; 1244 SKB_DR(reason); 1245 int lifetime; 1246 int optlen; 1247 1248 __u8 *opt = (__u8 *)(ra_msg + 1); 1249 1250 optlen = (skb_tail_pointer(skb) - skb_transport_header(skb)) - 1251 sizeof(struct ra_msg); 1252 1253 net_dbg_ratelimited("RA: %s, dev: %s\n", __func__, skb->dev->name); 1254 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) { 1255 net_dbg_ratelimited("RA: source address is not link-local\n"); 1256 return reason; 1257 } 1258 if (optlen < 0) 1259 return SKB_DROP_REASON_PKT_TOO_SMALL; 1260 1261 #ifdef CONFIG_IPV6_NDISC_NODETYPE 1262 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) { 1263 net_dbg_ratelimited("RA: from host or unauthorized router\n"); 1264 return reason; 1265 } 1266 #endif 1267 1268 in6_dev = __in6_dev_get(skb->dev); 1269 if (!in6_dev) { 1270 net_err_ratelimited("RA: can't find inet6 device for %s\n", skb->dev->name); 1271 return reason; 1272 } 1273 1274 if (!ndisc_parse_options(skb->dev, opt, optlen, &ndopts)) 1275 return SKB_DROP_REASON_IPV6_NDISC_BAD_OPTIONS; 1276 1277 if (!ipv6_accept_ra(in6_dev)) { 1278 net_dbg_ratelimited("RA: %s, did not accept ra for dev: %s\n", __func__, 1279 skb->dev->name); 1280 goto skip_linkparms; 1281 } 1282 1283 #ifdef CONFIG_IPV6_NDISC_NODETYPE 1284 /* skip link-specific parameters from interior routers */ 1285 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) { 1286 net_dbg_ratelimited("RA: %s, nodetype is NODEFAULT, dev: %s\n", __func__, 1287 skb->dev->name); 1288 goto skip_linkparms; 1289 } 1290 #endif 1291 1292 if (in6_dev->if_flags & IF_RS_SENT) { 1293 /* 1294 * flag that an RA was received after an RS was sent 1295 * out on this interface. 1296 */ 1297 in6_dev->if_flags |= IF_RA_RCVD; 1298 } 1299 1300 /* 1301 * Remember the managed/otherconf flags from most recently 1302 * received RA message (RFC 2462) -- yoshfuji 1303 */ 1304 old_if_flags = in6_dev->if_flags; 1305 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED | 1306 IF_RA_OTHERCONF)) | 1307 (ra_msg->icmph.icmp6_addrconf_managed ? 1308 IF_RA_MANAGED : 0) | 1309 (ra_msg->icmph.icmp6_addrconf_other ? 1310 IF_RA_OTHERCONF : 0); 1311 1312 if (old_if_flags != in6_dev->if_flags) 1313 send_ifinfo_notify = true; 1314 1315 if (!READ_ONCE(in6_dev->cnf.accept_ra_defrtr)) { 1316 net_dbg_ratelimited("RA: %s, defrtr is false for dev: %s\n", __func__, 1317 skb->dev->name); 1318 goto skip_defrtr; 1319 } 1320 1321 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime); 1322 if (lifetime != 0 && 1323 lifetime < READ_ONCE(in6_dev->cnf.accept_ra_min_lft)) { 1324 net_dbg_ratelimited("RA: router lifetime (%ds) is too short: %s\n", lifetime, 1325 skb->dev->name); 1326 goto skip_defrtr; 1327 } 1328 1329 /* Do not accept RA with source-addr found on local machine unless 1330 * accept_ra_from_local is set to true. 1331 */ 1332 net = dev_net(in6_dev->dev); 1333 if (!READ_ONCE(in6_dev->cnf.accept_ra_from_local) && 1334 ipv6_chk_addr(net, &ipv6_hdr(skb)->saddr, in6_dev->dev, 0)) { 1335 net_dbg_ratelimited("RA from local address detected on dev: %s: default router ignored\n", 1336 skb->dev->name); 1337 goto skip_defrtr; 1338 } 1339 1340 #ifdef CONFIG_IPV6_ROUTER_PREF 1341 pref = ra_msg->icmph.icmp6_router_pref; 1342 /* 10b is handled as if it were 00b (medium) */ 1343 if (pref == ICMPV6_ROUTER_PREF_INVALID || 1344 !READ_ONCE(in6_dev->cnf.accept_ra_rtr_pref)) 1345 pref = ICMPV6_ROUTER_PREF_MEDIUM; 1346 #endif 1347 /* routes added from RAs do not use nexthop objects */ 1348 rt = rt6_get_dflt_router(net, &ipv6_hdr(skb)->saddr, skb->dev); 1349 if (rt) { 1350 neigh = ip6_neigh_lookup(&rt->fib6_nh->fib_nh_gw6, 1351 rt->fib6_nh->fib_nh_dev, NULL, 1352 &ipv6_hdr(skb)->saddr); 1353 if (!neigh) { 1354 net_err_ratelimited("RA: %s got default router without neighbour\n", 1355 __func__); 1356 fib6_info_release(rt); 1357 return reason; 1358 } 1359 } 1360 /* Set default route metric as specified by user */ 1361 defrtr_usr_metric = in6_dev->cnf.ra_defrtr_metric; 1362 /* delete the route if lifetime is 0 or if metric needs change */ 1363 if (rt && (lifetime == 0 || rt->fib6_metric != defrtr_usr_metric)) { 1364 ip6_del_rt(net, rt, false); 1365 rt = NULL; 1366 } 1367 1368 net_dbg_ratelimited("RA: rt: %p lifetime: %d, metric: %d, for dev: %s\n", rt, lifetime, 1369 defrtr_usr_metric, skb->dev->name); 1370 if (!rt && lifetime) { 1371 net_dbg_ratelimited("RA: adding default router\n"); 1372 1373 if (neigh) 1374 neigh_release(neigh); 1375 1376 rt = rt6_add_dflt_router(net, &ipv6_hdr(skb)->saddr, 1377 skb->dev, pref, defrtr_usr_metric, 1378 lifetime); 1379 if (!rt) { 1380 net_err_ratelimited("RA: %s failed to add default route\n", __func__); 1381 return reason; 1382 } 1383 1384 neigh = ip6_neigh_lookup(&rt->fib6_nh->fib_nh_gw6, 1385 rt->fib6_nh->fib_nh_dev, NULL, 1386 &ipv6_hdr(skb)->saddr); 1387 if (!neigh) { 1388 net_err_ratelimited("RA: %s got default router without neighbour\n", 1389 __func__); 1390 fib6_info_release(rt); 1391 return reason; 1392 } 1393 neigh->flags |= NTF_ROUTER; 1394 } else if (rt && IPV6_EXTRACT_PREF(rt->fib6_flags) != pref) { 1395 struct nl_info nlinfo = { 1396 .nl_net = net, 1397 }; 1398 rt->fib6_flags = (rt->fib6_flags & ~RTF_PREF_MASK) | RTF_PREF(pref); 1399 inet6_rt_notify(RTM_NEWROUTE, rt, &nlinfo, NLM_F_REPLACE); 1400 } 1401 1402 if (rt) { 1403 table = rt->fib6_table; 1404 spin_lock_bh(&table->tb6_lock); 1405 1406 fib6_set_expires(rt, jiffies + (HZ * lifetime)); 1407 fib6_add_gc_list(rt); 1408 1409 spin_unlock_bh(&table->tb6_lock); 1410 } 1411 if (READ_ONCE(in6_dev->cnf.accept_ra_min_hop_limit) < 256 && 1412 ra_msg->icmph.icmp6_hop_limit) { 1413 if (READ_ONCE(in6_dev->cnf.accept_ra_min_hop_limit) <= 1414 ra_msg->icmph.icmp6_hop_limit) { 1415 WRITE_ONCE(in6_dev->cnf.hop_limit, 1416 ra_msg->icmph.icmp6_hop_limit); 1417 fib6_metric_set(rt, RTAX_HOPLIMIT, 1418 ra_msg->icmph.icmp6_hop_limit); 1419 } else { 1420 net_dbg_ratelimited("RA: Got route advertisement with lower hop_limit than minimum\n"); 1421 } 1422 } 1423 1424 skip_defrtr: 1425 1426 /* 1427 * Update Reachable Time and Retrans Timer 1428 */ 1429 1430 if (in6_dev->nd_parms) { 1431 unsigned long rtime = ntohl(ra_msg->retrans_timer); 1432 1433 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) { 1434 rtime = (rtime*HZ)/1000; 1435 if (rtime < HZ/100) 1436 rtime = HZ/100; 1437 NEIGH_VAR_SET(in6_dev->nd_parms, RETRANS_TIME, rtime); 1438 in6_dev->tstamp = jiffies; 1439 send_ifinfo_notify = true; 1440 } 1441 1442 rtime = ntohl(ra_msg->reachable_time); 1443 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) { 1444 rtime = (rtime*HZ)/1000; 1445 1446 if (rtime < HZ/10) 1447 rtime = HZ/10; 1448 1449 if (rtime != NEIGH_VAR(in6_dev->nd_parms, BASE_REACHABLE_TIME)) { 1450 NEIGH_VAR_SET(in6_dev->nd_parms, 1451 BASE_REACHABLE_TIME, rtime); 1452 NEIGH_VAR_SET(in6_dev->nd_parms, 1453 GC_STALETIME, 3 * rtime); 1454 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime); 1455 in6_dev->tstamp = jiffies; 1456 send_ifinfo_notify = true; 1457 } 1458 } 1459 } 1460 1461 skip_linkparms: 1462 1463 /* 1464 * Process options. 1465 */ 1466 1467 if (!neigh) 1468 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr, 1469 skb->dev, 1); 1470 if (neigh) { 1471 u8 *lladdr = NULL; 1472 if (ndopts.nd_opts_src_lladdr) { 1473 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, 1474 skb->dev); 1475 if (!lladdr) { 1476 net_dbg_ratelimited("RA: invalid link-layer address length\n"); 1477 goto out; 1478 } 1479 } 1480 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE, 1481 NEIGH_UPDATE_F_WEAK_OVERRIDE| 1482 NEIGH_UPDATE_F_OVERRIDE| 1483 NEIGH_UPDATE_F_OVERRIDE_ISROUTER| 1484 NEIGH_UPDATE_F_ISROUTER, 1485 NDISC_ROUTER_ADVERTISEMENT, &ndopts); 1486 reason = SKB_CONSUMED; 1487 } 1488 1489 if (!ipv6_accept_ra(in6_dev)) { 1490 net_dbg_ratelimited("RA: %s, accept_ra is false for dev: %s\n", __func__, 1491 skb->dev->name); 1492 goto out; 1493 } 1494 1495 #ifdef CONFIG_IPV6_ROUTE_INFO 1496 if (!READ_ONCE(in6_dev->cnf.accept_ra_from_local) && 1497 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, 1498 in6_dev->dev, 0)) { 1499 net_dbg_ratelimited("RA from local address detected on dev: %s: router info ignored.\n", 1500 skb->dev->name); 1501 goto skip_routeinfo; 1502 } 1503 1504 if (READ_ONCE(in6_dev->cnf.accept_ra_rtr_pref) && ndopts.nd_opts_ri) { 1505 struct nd_opt_hdr *p; 1506 for (p = ndopts.nd_opts_ri; 1507 p; 1508 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) { 1509 struct route_info *ri = (struct route_info *)p; 1510 #ifdef CONFIG_IPV6_NDISC_NODETYPE 1511 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT && 1512 ri->prefix_len == 0) 1513 continue; 1514 #endif 1515 if (ri->prefix_len == 0 && 1516 !READ_ONCE(in6_dev->cnf.accept_ra_defrtr)) 1517 continue; 1518 if (ri->lifetime != 0 && 1519 ntohl(ri->lifetime) < READ_ONCE(in6_dev->cnf.accept_ra_min_lft)) 1520 continue; 1521 if (ri->prefix_len < READ_ONCE(in6_dev->cnf.accept_ra_rt_info_min_plen)) 1522 continue; 1523 if (ri->prefix_len > READ_ONCE(in6_dev->cnf.accept_ra_rt_info_max_plen)) 1524 continue; 1525 rt6_route_rcv(skb->dev, (u8 *)p, (p->nd_opt_len) << 3, 1526 &ipv6_hdr(skb)->saddr); 1527 } 1528 } 1529 1530 skip_routeinfo: 1531 #endif 1532 1533 #ifdef CONFIG_IPV6_NDISC_NODETYPE 1534 /* skip link-specific ndopts from interior routers */ 1535 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) { 1536 net_dbg_ratelimited("RA: %s, nodetype is NODEFAULT (interior routes), dev: %s\n", 1537 __func__, skb->dev->name); 1538 goto out; 1539 } 1540 #endif 1541 1542 if (READ_ONCE(in6_dev->cnf.accept_ra_pinfo) && ndopts.nd_opts_pi) { 1543 struct nd_opt_hdr *p; 1544 for (p = ndopts.nd_opts_pi; 1545 p; 1546 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) { 1547 addrconf_prefix_rcv(skb->dev, (u8 *)p, 1548 (p->nd_opt_len) << 3, 1549 ndopts.nd_opts_src_lladdr != NULL); 1550 } 1551 } 1552 1553 if (ndopts.nd_opts_mtu && READ_ONCE(in6_dev->cnf.accept_ra_mtu)) { 1554 __be32 n; 1555 u32 mtu; 1556 1557 memcpy(&n, ((u8 *)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu)); 1558 mtu = ntohl(n); 1559 1560 if (in6_dev->ra_mtu != mtu) { 1561 in6_dev->ra_mtu = mtu; 1562 send_ifinfo_notify = true; 1563 } 1564 1565 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) { 1566 net_dbg_ratelimited("RA: invalid mtu: %d\n", mtu); 1567 } else if (READ_ONCE(in6_dev->cnf.mtu6) != mtu) { 1568 WRITE_ONCE(in6_dev->cnf.mtu6, mtu); 1569 fib6_metric_set(rt, RTAX_MTU, mtu); 1570 rt6_mtu_change(skb->dev, mtu); 1571 } 1572 } 1573 1574 if (ndopts.nd_useropts) { 1575 struct nd_opt_hdr *p; 1576 for (p = ndopts.nd_useropts; 1577 p; 1578 p = ndisc_next_useropt(skb->dev, p, 1579 ndopts.nd_useropts_end)) { 1580 ndisc_ra_useropt(skb, p); 1581 } 1582 } 1583 1584 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) { 1585 net_dbg_ratelimited("RA: invalid RA options\n"); 1586 } 1587 out: 1588 /* Send a notify if RA changed managed/otherconf flags or 1589 * timer settings or ra_mtu value 1590 */ 1591 if (send_ifinfo_notify) 1592 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev); 1593 1594 fib6_info_release(rt); 1595 if (neigh) 1596 neigh_release(neigh); 1597 return reason; 1598 } 1599 1600 static enum skb_drop_reason ndisc_redirect_rcv(struct sk_buff *skb) 1601 { 1602 struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb); 1603 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) + 1604 offsetof(struct rd_msg, opt)); 1605 struct ndisc_options ndopts; 1606 SKB_DR(reason); 1607 u8 *hdr; 1608 1609 #ifdef CONFIG_IPV6_NDISC_NODETYPE 1610 switch (skb->ndisc_nodetype) { 1611 case NDISC_NODETYPE_HOST: 1612 case NDISC_NODETYPE_NODEFAULT: 1613 net_dbg_ratelimited("Redirect: from host or unauthorized router\n"); 1614 return reason; 1615 } 1616 #endif 1617 1618 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) { 1619 net_dbg_ratelimited("Redirect: source address is not link-local\n"); 1620 return reason; 1621 } 1622 1623 if (!ndisc_parse_options(skb->dev, msg->opt, ndoptlen, &ndopts)) 1624 return SKB_DROP_REASON_IPV6_NDISC_BAD_OPTIONS; 1625 1626 if (!ndopts.nd_opts_rh) { 1627 ip6_redirect_no_header(skb, dev_net(skb->dev), 1628 skb->dev->ifindex); 1629 return reason; 1630 } 1631 1632 hdr = (u8 *)ndopts.nd_opts_rh; 1633 hdr += 8; 1634 if (!pskb_pull(skb, hdr - skb_transport_header(skb))) 1635 return SKB_DROP_REASON_PKT_TOO_SMALL; 1636 1637 return icmpv6_notify(skb, NDISC_REDIRECT, 0, 0); 1638 } 1639 1640 static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb, 1641 struct sk_buff *orig_skb, 1642 int rd_len) 1643 { 1644 u8 *opt = skb_put(skb, rd_len); 1645 1646 memset(opt, 0, 8); 1647 *(opt++) = ND_OPT_REDIRECT_HDR; 1648 *(opt++) = (rd_len >> 3); 1649 opt += 6; 1650 1651 skb_copy_bits(orig_skb, skb_network_offset(orig_skb), opt, 1652 rd_len - 8); 1653 } 1654 1655 void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target) 1656 { 1657 struct net_device *dev = skb->dev; 1658 struct net *net = dev_net_rcu(dev); 1659 struct sock *sk = net->ipv6.ndisc_sk; 1660 int optlen = 0; 1661 struct inet_peer *peer; 1662 struct sk_buff *buff; 1663 struct rd_msg *msg; 1664 struct in6_addr saddr_buf; 1665 struct rt6_info *rt; 1666 struct dst_entry *dst; 1667 struct flowi6 fl6; 1668 int rd_len; 1669 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL, 1670 ops_data_buf[NDISC_OPS_REDIRECT_DATA_SPACE], *ops_data = NULL; 1671 bool ret; 1672 1673 if (netif_is_l3_master(dev)) { 1674 dev = dev_get_by_index_rcu(net, IPCB(skb)->iif); 1675 if (!dev) 1676 return; 1677 } 1678 1679 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) { 1680 net_dbg_ratelimited("Redirect: no link-local address on %s\n", dev->name); 1681 return; 1682 } 1683 1684 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) && 1685 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) { 1686 net_dbg_ratelimited("Redirect: target address is not link-local unicast\n"); 1687 return; 1688 } 1689 1690 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT, 1691 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex); 1692 1693 dst = ip6_route_output(net, NULL, &fl6); 1694 if (dst->error) { 1695 dst_release(dst); 1696 return; 1697 } 1698 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0); 1699 if (IS_ERR(dst)) 1700 return; 1701 1702 rt = dst_rt6_info(dst); 1703 1704 if (rt->rt6i_flags & RTF_GATEWAY) { 1705 net_dbg_ratelimited("Redirect: destination is not a neighbour\n"); 1706 goto release; 1707 } 1708 1709 peer = inet_getpeer_v6(net->ipv6.peers, &ipv6_hdr(skb)->saddr); 1710 ret = inet_peer_xrlim_allow(peer, 1*HZ); 1711 1712 if (!ret) 1713 goto release; 1714 1715 if (dev->addr_len) { 1716 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target); 1717 if (!neigh) { 1718 net_dbg_ratelimited("Redirect: no neigh for target address\n"); 1719 goto release; 1720 } 1721 1722 read_lock_bh(&neigh->lock); 1723 if (neigh->nud_state & NUD_VALID) { 1724 memcpy(ha_buf, neigh->ha, dev->addr_len); 1725 read_unlock_bh(&neigh->lock); 1726 ha = ha_buf; 1727 optlen += ndisc_redirect_opt_addr_space(dev, neigh, 1728 ops_data_buf, 1729 &ops_data); 1730 } else 1731 read_unlock_bh(&neigh->lock); 1732 1733 neigh_release(neigh); 1734 } 1735 1736 rd_len = min_t(unsigned int, 1737 IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen, 1738 skb->len + 8); 1739 rd_len &= ~0x7; 1740 optlen += rd_len; 1741 1742 buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen); 1743 if (!buff) 1744 goto release; 1745 1746 msg = skb_put(buff, sizeof(*msg)); 1747 *msg = (struct rd_msg) { 1748 .icmph = { 1749 .icmp6_type = NDISC_REDIRECT, 1750 }, 1751 .target = *target, 1752 .dest = ipv6_hdr(skb)->daddr, 1753 }; 1754 1755 /* 1756 * include target_address option 1757 */ 1758 1759 if (ha) 1760 ndisc_fill_redirect_addr_option(buff, ha, ops_data); 1761 1762 /* 1763 * build redirect option and copy skb over to the new packet. 1764 */ 1765 1766 if (rd_len) 1767 ndisc_fill_redirect_hdr_option(buff, skb, rd_len); 1768 1769 skb_dst_set(buff, dst); 1770 ndisc_send_skb(buff, &ipv6_hdr(skb)->saddr, &saddr_buf); 1771 return; 1772 1773 release: 1774 dst_release(dst); 1775 } 1776 1777 static void pndisc_redo(struct sk_buff *skb) 1778 { 1779 enum skb_drop_reason reason = ndisc_recv_ns(skb); 1780 1781 kfree_skb_reason(skb, reason); 1782 } 1783 1784 static int ndisc_is_multicast(const void *pkey) 1785 { 1786 return ipv6_addr_is_multicast((struct in6_addr *)pkey); 1787 } 1788 1789 static bool ndisc_suppress_frag_ndisc(struct sk_buff *skb) 1790 { 1791 struct inet6_dev *idev = __in6_dev_get(skb->dev); 1792 1793 if (!idev) 1794 return true; 1795 if (IP6CB(skb)->flags & IP6SKB_FRAGMENTED && 1796 READ_ONCE(idev->cnf.suppress_frag_ndisc)) { 1797 net_warn_ratelimited("Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.\n"); 1798 return true; 1799 } 1800 return false; 1801 } 1802 1803 enum skb_drop_reason ndisc_rcv(struct sk_buff *skb) 1804 { 1805 struct nd_msg *msg; 1806 SKB_DR(reason); 1807 1808 if (ndisc_suppress_frag_ndisc(skb)) 1809 return SKB_DROP_REASON_IPV6_NDISC_FRAG; 1810 1811 if (skb_linearize(skb)) 1812 return SKB_DROP_REASON_NOMEM; 1813 1814 msg = (struct nd_msg *)skb_transport_header(skb); 1815 1816 __skb_push(skb, skb->data - skb_transport_header(skb)); 1817 1818 if (ipv6_hdr(skb)->hop_limit != 255) { 1819 net_dbg_ratelimited("NDISC: invalid hop-limit: %d\n", ipv6_hdr(skb)->hop_limit); 1820 return SKB_DROP_REASON_IPV6_NDISC_HOP_LIMIT; 1821 } 1822 1823 if (msg->icmph.icmp6_code != 0) { 1824 net_dbg_ratelimited("NDISC: invalid ICMPv6 code: %d\n", msg->icmph.icmp6_code); 1825 return SKB_DROP_REASON_IPV6_NDISC_BAD_CODE; 1826 } 1827 1828 switch (msg->icmph.icmp6_type) { 1829 case NDISC_NEIGHBOUR_SOLICITATION: 1830 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb)); 1831 reason = ndisc_recv_ns(skb); 1832 break; 1833 1834 case NDISC_NEIGHBOUR_ADVERTISEMENT: 1835 reason = ndisc_recv_na(skb); 1836 break; 1837 1838 case NDISC_ROUTER_SOLICITATION: 1839 reason = ndisc_recv_rs(skb); 1840 break; 1841 1842 case NDISC_ROUTER_ADVERTISEMENT: 1843 reason = ndisc_router_discovery(skb); 1844 break; 1845 1846 case NDISC_REDIRECT: 1847 reason = ndisc_redirect_rcv(skb); 1848 break; 1849 } 1850 1851 return reason; 1852 } 1853 1854 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr) 1855 { 1856 struct net_device *dev = netdev_notifier_info_to_dev(ptr); 1857 struct netdev_notifier_change_info *change_info; 1858 struct net *net = dev_net(dev); 1859 struct inet6_dev *idev; 1860 bool evict_nocarrier; 1861 1862 switch (event) { 1863 case NETDEV_CHANGEADDR: 1864 neigh_changeaddr(&nd_tbl, dev); 1865 fib6_run_gc(0, net, false); 1866 fallthrough; 1867 case NETDEV_UP: 1868 idev = in6_dev_get(dev); 1869 if (!idev) 1870 break; 1871 if (READ_ONCE(idev->cnf.ndisc_notify) || 1872 READ_ONCE(net->ipv6.devconf_all->ndisc_notify)) 1873 ndisc_send_unsol_na(dev); 1874 in6_dev_put(idev); 1875 break; 1876 case NETDEV_CHANGE: 1877 idev = in6_dev_get(dev); 1878 if (!idev) 1879 evict_nocarrier = true; 1880 else { 1881 evict_nocarrier = READ_ONCE(idev->cnf.ndisc_evict_nocarrier) && 1882 READ_ONCE(net->ipv6.devconf_all->ndisc_evict_nocarrier); 1883 in6_dev_put(idev); 1884 } 1885 1886 change_info = ptr; 1887 if (change_info->flags_changed & IFF_NOARP) 1888 neigh_changeaddr(&nd_tbl, dev); 1889 if (evict_nocarrier && !netif_carrier_ok(dev)) 1890 neigh_carrier_down(&nd_tbl, dev); 1891 break; 1892 case NETDEV_DOWN: 1893 neigh_ifdown(&nd_tbl, dev); 1894 fib6_run_gc(0, net, false); 1895 break; 1896 case NETDEV_NOTIFY_PEERS: 1897 ndisc_send_unsol_na(dev); 1898 break; 1899 default: 1900 break; 1901 } 1902 1903 return NOTIFY_DONE; 1904 } 1905 1906 static struct notifier_block ndisc_netdev_notifier = { 1907 .notifier_call = ndisc_netdev_event, 1908 .priority = ADDRCONF_NOTIFY_PRIORITY - 5, 1909 }; 1910 1911 #ifdef CONFIG_SYSCTL 1912 static void ndisc_warn_deprecated_sysctl(const struct ctl_table *ctl, 1913 const char *func, const char *dev_name) 1914 { 1915 static char warncomm[TASK_COMM_LEN]; 1916 static int warned; 1917 if (strcmp(warncomm, current->comm) && warned < 5) { 1918 strscpy(warncomm, current->comm); 1919 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n", 1920 warncomm, func, 1921 dev_name, ctl->procname, 1922 dev_name, ctl->procname); 1923 warned++; 1924 } 1925 } 1926 1927 int ndisc_ifinfo_sysctl_change(const struct ctl_table *ctl, int write, void *buffer, 1928 size_t *lenp, loff_t *ppos) 1929 { 1930 struct net_device *dev = ctl->extra1; 1931 struct inet6_dev *idev; 1932 int ret; 1933 1934 if ((strcmp(ctl->procname, "retrans_time") == 0) || 1935 (strcmp(ctl->procname, "base_reachable_time") == 0)) 1936 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default"); 1937 1938 if (strcmp(ctl->procname, "retrans_time") == 0) 1939 ret = neigh_proc_dointvec(ctl, write, buffer, lenp, ppos); 1940 1941 else if (strcmp(ctl->procname, "base_reachable_time") == 0) 1942 ret = neigh_proc_dointvec_jiffies(ctl, write, 1943 buffer, lenp, ppos); 1944 1945 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) || 1946 (strcmp(ctl->procname, "base_reachable_time_ms") == 0)) 1947 ret = neigh_proc_dointvec_ms_jiffies(ctl, write, 1948 buffer, lenp, ppos); 1949 else 1950 ret = -1; 1951 1952 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) { 1953 if (ctl->data == &NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME)) 1954 idev->nd_parms->reachable_time = 1955 neigh_rand_reach_time(NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME)); 1956 WRITE_ONCE(idev->tstamp, jiffies); 1957 inet6_ifinfo_notify(RTM_NEWLINK, idev); 1958 in6_dev_put(idev); 1959 } 1960 return ret; 1961 } 1962 1963 1964 #endif 1965 1966 static int __net_init ndisc_net_init(struct net *net) 1967 { 1968 struct ipv6_pinfo *np; 1969 struct sock *sk; 1970 int err; 1971 1972 err = inet_ctl_sock_create(&sk, PF_INET6, 1973 SOCK_RAW, IPPROTO_ICMPV6, net); 1974 if (err < 0) { 1975 net_err_ratelimited("NDISC: Failed to initialize the control socket (err %d)\n", 1976 err); 1977 return err; 1978 } 1979 1980 net->ipv6.ndisc_sk = sk; 1981 1982 np = inet6_sk(sk); 1983 np->hop_limit = 255; 1984 /* Do not loopback ndisc messages */ 1985 inet6_clear_bit(MC6_LOOP, sk); 1986 1987 return 0; 1988 } 1989 1990 static void __net_exit ndisc_net_exit(struct net *net) 1991 { 1992 inet_ctl_sock_destroy(net->ipv6.ndisc_sk); 1993 } 1994 1995 static struct pernet_operations ndisc_net_ops = { 1996 .init = ndisc_net_init, 1997 .exit = ndisc_net_exit, 1998 }; 1999 2000 int __init ndisc_init(void) 2001 { 2002 int err; 2003 2004 err = register_pernet_subsys(&ndisc_net_ops); 2005 if (err) 2006 return err; 2007 /* 2008 * Initialize the neighbour table 2009 */ 2010 neigh_table_init(NEIGH_ND_TABLE, &nd_tbl); 2011 2012 #ifdef CONFIG_SYSCTL 2013 err = neigh_sysctl_register(NULL, &nd_tbl.parms, 2014 ndisc_ifinfo_sysctl_change); 2015 if (err) 2016 goto out_unregister_pernet; 2017 out: 2018 #endif 2019 return err; 2020 2021 #ifdef CONFIG_SYSCTL 2022 out_unregister_pernet: 2023 unregister_pernet_subsys(&ndisc_net_ops); 2024 goto out; 2025 #endif 2026 } 2027 2028 int __init ndisc_late_init(void) 2029 { 2030 return register_netdevice_notifier(&ndisc_netdev_notifier); 2031 } 2032 2033 void ndisc_late_cleanup(void) 2034 { 2035 unregister_netdevice_notifier(&ndisc_netdev_notifier); 2036 } 2037 2038 void ndisc_cleanup(void) 2039 { 2040 #ifdef CONFIG_SYSCTL 2041 neigh_sysctl_unregister(&nd_tbl.parms); 2042 #endif 2043 neigh_table_clear(NEIGH_ND_TABLE, &nd_tbl); 2044 unregister_pernet_subsys(&ndisc_net_ops); 2045 } 2046