1 /* 2 * Neighbour Discovery for IPv6 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * Mike Shaver <shaver@ingenia.com> 8 * 9 * This program is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU General Public License 11 * as published by the Free Software Foundation; either version 12 * 2 of the License, or (at your option) any later version. 13 */ 14 15 /* 16 * Changes: 17 * 18 * Lars Fenneberg : fixed MTU setting on receipt 19 * of an RA. 20 * 21 * Janos Farkas : kmalloc failure checks 22 * Alexey Kuznetsov : state machine reworked 23 * and moved to net/core. 24 * Pekka Savola : RFC2461 validation 25 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly 26 */ 27 28 /* Set to 3 to get tracing... */ 29 #define ND_DEBUG 1 30 31 #define ND_PRINTK(fmt, args...) do { if (net_ratelimit()) { printk(fmt, ## args); } } while(0) 32 #define ND_NOPRINTK(x...) do { ; } while(0) 33 #define ND_PRINTK0 ND_PRINTK 34 #define ND_PRINTK1 ND_NOPRINTK 35 #define ND_PRINTK2 ND_NOPRINTK 36 #define ND_PRINTK3 ND_NOPRINTK 37 #if ND_DEBUG >= 1 38 #undef ND_PRINTK1 39 #define ND_PRINTK1 ND_PRINTK 40 #endif 41 #if ND_DEBUG >= 2 42 #undef ND_PRINTK2 43 #define ND_PRINTK2 ND_PRINTK 44 #endif 45 #if ND_DEBUG >= 3 46 #undef ND_PRINTK3 47 #define ND_PRINTK3 ND_PRINTK 48 #endif 49 50 #include <linux/module.h> 51 #include <linux/errno.h> 52 #include <linux/types.h> 53 #include <linux/socket.h> 54 #include <linux/sockios.h> 55 #include <linux/sched.h> 56 #include <linux/net.h> 57 #include <linux/in6.h> 58 #include <linux/route.h> 59 #include <linux/init.h> 60 #include <linux/rcupdate.h> 61 #ifdef CONFIG_SYSCTL 62 #include <linux/sysctl.h> 63 #endif 64 65 #include <linux/if_addr.h> 66 #include <linux/if_arp.h> 67 #include <linux/ipv6.h> 68 #include <linux/icmpv6.h> 69 #include <linux/jhash.h> 70 71 #include <net/sock.h> 72 #include <net/snmp.h> 73 74 #include <net/ipv6.h> 75 #include <net/protocol.h> 76 #include <net/ndisc.h> 77 #include <net/ip6_route.h> 78 #include <net/addrconf.h> 79 #include <net/icmp.h> 80 81 #include <net/flow.h> 82 #include <net/ip6_checksum.h> 83 #include <linux/proc_fs.h> 84 85 #include <linux/netfilter.h> 86 #include <linux/netfilter_ipv6.h> 87 88 static struct socket *ndisc_socket; 89 90 static u32 ndisc_hash(const void *pkey, const struct net_device *dev); 91 static int ndisc_constructor(struct neighbour *neigh); 92 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb); 93 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb); 94 static int pndisc_constructor(struct pneigh_entry *n); 95 static void pndisc_destructor(struct pneigh_entry *n); 96 static void pndisc_redo(struct sk_buff *skb); 97 98 static struct neigh_ops ndisc_generic_ops = { 99 .family = AF_INET6, 100 .solicit = ndisc_solicit, 101 .error_report = ndisc_error_report, 102 .output = neigh_resolve_output, 103 .connected_output = neigh_connected_output, 104 .hh_output = dev_queue_xmit, 105 .queue_xmit = dev_queue_xmit, 106 }; 107 108 static struct neigh_ops ndisc_hh_ops = { 109 .family = AF_INET6, 110 .solicit = ndisc_solicit, 111 .error_report = ndisc_error_report, 112 .output = neigh_resolve_output, 113 .connected_output = neigh_resolve_output, 114 .hh_output = dev_queue_xmit, 115 .queue_xmit = dev_queue_xmit, 116 }; 117 118 119 static struct neigh_ops ndisc_direct_ops = { 120 .family = AF_INET6, 121 .output = dev_queue_xmit, 122 .connected_output = dev_queue_xmit, 123 .hh_output = dev_queue_xmit, 124 .queue_xmit = dev_queue_xmit, 125 }; 126 127 struct neigh_table nd_tbl = { 128 .family = AF_INET6, 129 .entry_size = sizeof(struct neighbour) + sizeof(struct in6_addr), 130 .key_len = sizeof(struct in6_addr), 131 .hash = ndisc_hash, 132 .constructor = ndisc_constructor, 133 .pconstructor = pndisc_constructor, 134 .pdestructor = pndisc_destructor, 135 .proxy_redo = pndisc_redo, 136 .id = "ndisc_cache", 137 .parms = { 138 .tbl = &nd_tbl, 139 .base_reachable_time = 30 * HZ, 140 .retrans_time = 1 * HZ, 141 .gc_staletime = 60 * HZ, 142 .reachable_time = 30 * HZ, 143 .delay_probe_time = 5 * HZ, 144 .queue_len = 3, 145 .ucast_probes = 3, 146 .mcast_probes = 3, 147 .anycast_delay = 1 * HZ, 148 .proxy_delay = (8 * HZ) / 10, 149 .proxy_qlen = 64, 150 }, 151 .gc_interval = 30 * HZ, 152 .gc_thresh1 = 128, 153 .gc_thresh2 = 512, 154 .gc_thresh3 = 1024, 155 }; 156 157 /* ND options */ 158 struct ndisc_options { 159 struct nd_opt_hdr *nd_opt_array[__ND_OPT_ARRAY_MAX]; 160 #ifdef CONFIG_IPV6_ROUTE_INFO 161 struct nd_opt_hdr *nd_opts_ri; 162 struct nd_opt_hdr *nd_opts_ri_end; 163 #endif 164 }; 165 166 #define nd_opts_src_lladdr nd_opt_array[ND_OPT_SOURCE_LL_ADDR] 167 #define nd_opts_tgt_lladdr nd_opt_array[ND_OPT_TARGET_LL_ADDR] 168 #define nd_opts_pi nd_opt_array[ND_OPT_PREFIX_INFO] 169 #define nd_opts_pi_end nd_opt_array[__ND_OPT_PREFIX_INFO_END] 170 #define nd_opts_rh nd_opt_array[ND_OPT_REDIRECT_HDR] 171 #define nd_opts_mtu nd_opt_array[ND_OPT_MTU] 172 173 #define NDISC_OPT_SPACE(len) (((len)+2+7)&~7) 174 175 /* 176 * Return the padding between the option length and the start of the 177 * link addr. Currently only IP-over-InfiniBand needs this, although 178 * if RFC 3831 IPv6-over-Fibre Channel is ever implemented it may 179 * also need a pad of 2. 180 */ 181 static int ndisc_addr_option_pad(unsigned short type) 182 { 183 switch (type) { 184 case ARPHRD_INFINIBAND: return 2; 185 default: return 0; 186 } 187 } 188 189 static inline int ndisc_opt_addr_space(struct net_device *dev) 190 { 191 return NDISC_OPT_SPACE(dev->addr_len + ndisc_addr_option_pad(dev->type)); 192 } 193 194 static u8 *ndisc_fill_addr_option(u8 *opt, int type, void *data, int data_len, 195 unsigned short addr_type) 196 { 197 int space = NDISC_OPT_SPACE(data_len); 198 int pad = ndisc_addr_option_pad(addr_type); 199 200 opt[0] = type; 201 opt[1] = space>>3; 202 203 memset(opt + 2, 0, pad); 204 opt += pad; 205 space -= pad; 206 207 memcpy(opt+2, data, data_len); 208 data_len += 2; 209 opt += data_len; 210 if ((space -= data_len) > 0) 211 memset(opt, 0, space); 212 return opt + space; 213 } 214 215 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur, 216 struct nd_opt_hdr *end) 217 { 218 int type; 219 if (!cur || !end || cur >= end) 220 return NULL; 221 type = cur->nd_opt_type; 222 do { 223 cur = ((void *)cur) + (cur->nd_opt_len << 3); 224 } while(cur < end && cur->nd_opt_type != type); 225 return (cur <= end && cur->nd_opt_type == type ? cur : NULL); 226 } 227 228 static struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len, 229 struct ndisc_options *ndopts) 230 { 231 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt; 232 233 if (!nd_opt || opt_len < 0 || !ndopts) 234 return NULL; 235 memset(ndopts, 0, sizeof(*ndopts)); 236 while (opt_len) { 237 int l; 238 if (opt_len < sizeof(struct nd_opt_hdr)) 239 return NULL; 240 l = nd_opt->nd_opt_len << 3; 241 if (opt_len < l || l == 0) 242 return NULL; 243 switch (nd_opt->nd_opt_type) { 244 case ND_OPT_SOURCE_LL_ADDR: 245 case ND_OPT_TARGET_LL_ADDR: 246 case ND_OPT_MTU: 247 case ND_OPT_REDIRECT_HDR: 248 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) { 249 ND_PRINTK2(KERN_WARNING 250 "%s(): duplicated ND6 option found: type=%d\n", 251 __FUNCTION__, 252 nd_opt->nd_opt_type); 253 } else { 254 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 255 } 256 break; 257 case ND_OPT_PREFIX_INFO: 258 ndopts->nd_opts_pi_end = nd_opt; 259 if (ndopts->nd_opt_array[nd_opt->nd_opt_type] == 0) 260 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 261 break; 262 #ifdef CONFIG_IPV6_ROUTE_INFO 263 case ND_OPT_ROUTE_INFO: 264 ndopts->nd_opts_ri_end = nd_opt; 265 if (!ndopts->nd_opts_ri) 266 ndopts->nd_opts_ri = nd_opt; 267 break; 268 #endif 269 default: 270 /* 271 * Unknown options must be silently ignored, 272 * to accommodate future extension to the protocol. 273 */ 274 ND_PRINTK2(KERN_NOTICE 275 "%s(): ignored unsupported option; type=%d, len=%d\n", 276 __FUNCTION__, 277 nd_opt->nd_opt_type, nd_opt->nd_opt_len); 278 } 279 opt_len -= l; 280 nd_opt = ((void *)nd_opt) + l; 281 } 282 return ndopts; 283 } 284 285 static inline u8 *ndisc_opt_addr_data(struct nd_opt_hdr *p, 286 struct net_device *dev) 287 { 288 u8 *lladdr = (u8 *)(p + 1); 289 int lladdrlen = p->nd_opt_len << 3; 290 int prepad = ndisc_addr_option_pad(dev->type); 291 if (lladdrlen != NDISC_OPT_SPACE(dev->addr_len + prepad)) 292 return NULL; 293 return (lladdr + prepad); 294 } 295 296 int ndisc_mc_map(struct in6_addr *addr, char *buf, struct net_device *dev, int dir) 297 { 298 switch (dev->type) { 299 case ARPHRD_ETHER: 300 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */ 301 case ARPHRD_FDDI: 302 ipv6_eth_mc_map(addr, buf); 303 return 0; 304 case ARPHRD_IEEE802_TR: 305 ipv6_tr_mc_map(addr,buf); 306 return 0; 307 case ARPHRD_ARCNET: 308 ipv6_arcnet_mc_map(addr, buf); 309 return 0; 310 case ARPHRD_INFINIBAND: 311 ipv6_ib_mc_map(addr, buf); 312 return 0; 313 default: 314 if (dir) { 315 memcpy(buf, dev->broadcast, dev->addr_len); 316 return 0; 317 } 318 } 319 return -EINVAL; 320 } 321 322 static u32 ndisc_hash(const void *pkey, const struct net_device *dev) 323 { 324 const u32 *p32 = pkey; 325 u32 addr_hash, i; 326 327 addr_hash = 0; 328 for (i = 0; i < (sizeof(struct in6_addr) / sizeof(u32)); i++) 329 addr_hash ^= *p32++; 330 331 return jhash_2words(addr_hash, dev->ifindex, nd_tbl.hash_rnd); 332 } 333 334 static int ndisc_constructor(struct neighbour *neigh) 335 { 336 struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key; 337 struct net_device *dev = neigh->dev; 338 struct inet6_dev *in6_dev; 339 struct neigh_parms *parms; 340 int is_multicast = ipv6_addr_is_multicast(addr); 341 342 rcu_read_lock(); 343 in6_dev = in6_dev_get(dev); 344 if (in6_dev == NULL) { 345 rcu_read_unlock(); 346 return -EINVAL; 347 } 348 349 parms = in6_dev->nd_parms; 350 __neigh_parms_put(neigh->parms); 351 neigh->parms = neigh_parms_clone(parms); 352 rcu_read_unlock(); 353 354 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST; 355 if (dev->hard_header == NULL) { 356 neigh->nud_state = NUD_NOARP; 357 neigh->ops = &ndisc_direct_ops; 358 neigh->output = neigh->ops->queue_xmit; 359 } else { 360 if (is_multicast) { 361 neigh->nud_state = NUD_NOARP; 362 ndisc_mc_map(addr, neigh->ha, dev, 1); 363 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) { 364 neigh->nud_state = NUD_NOARP; 365 memcpy(neigh->ha, dev->dev_addr, dev->addr_len); 366 if (dev->flags&IFF_LOOPBACK) 367 neigh->type = RTN_LOCAL; 368 } else if (dev->flags&IFF_POINTOPOINT) { 369 neigh->nud_state = NUD_NOARP; 370 memcpy(neigh->ha, dev->broadcast, dev->addr_len); 371 } 372 if (dev->hard_header_cache) 373 neigh->ops = &ndisc_hh_ops; 374 else 375 neigh->ops = &ndisc_generic_ops; 376 if (neigh->nud_state&NUD_VALID) 377 neigh->output = neigh->ops->connected_output; 378 else 379 neigh->output = neigh->ops->output; 380 } 381 in6_dev_put(in6_dev); 382 return 0; 383 } 384 385 static int pndisc_constructor(struct pneigh_entry *n) 386 { 387 struct in6_addr *addr = (struct in6_addr*)&n->key; 388 struct in6_addr maddr; 389 struct net_device *dev = n->dev; 390 391 if (dev == NULL || __in6_dev_get(dev) == NULL) 392 return -EINVAL; 393 addrconf_addr_solict_mult(addr, &maddr); 394 ipv6_dev_mc_inc(dev, &maddr); 395 return 0; 396 } 397 398 static void pndisc_destructor(struct pneigh_entry *n) 399 { 400 struct in6_addr *addr = (struct in6_addr*)&n->key; 401 struct in6_addr maddr; 402 struct net_device *dev = n->dev; 403 404 if (dev == NULL || __in6_dev_get(dev) == NULL) 405 return; 406 addrconf_addr_solict_mult(addr, &maddr); 407 ipv6_dev_mc_dec(dev, &maddr); 408 } 409 410 /* 411 * Send a Neighbour Advertisement 412 */ 413 414 static inline void ndisc_flow_init(struct flowi *fl, u8 type, 415 struct in6_addr *saddr, struct in6_addr *daddr, 416 int oif) 417 { 418 memset(fl, 0, sizeof(*fl)); 419 ipv6_addr_copy(&fl->fl6_src, saddr); 420 ipv6_addr_copy(&fl->fl6_dst, daddr); 421 fl->proto = IPPROTO_ICMPV6; 422 fl->fl_icmp_type = type; 423 fl->fl_icmp_code = 0; 424 fl->oif = oif; 425 security_sk_classify_flow(ndisc_socket->sk, fl); 426 } 427 428 static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh, 429 struct in6_addr *daddr, struct in6_addr *solicited_addr, 430 int router, int solicited, int override, int inc_opt) 431 { 432 struct in6_addr tmpaddr; 433 struct inet6_ifaddr *ifp; 434 struct inet6_dev *idev; 435 struct flowi fl; 436 struct dst_entry* dst; 437 struct sock *sk = ndisc_socket->sk; 438 struct in6_addr *src_addr; 439 struct nd_msg *msg; 440 int len; 441 struct sk_buff *skb; 442 int err; 443 444 len = sizeof(struct icmp6hdr) + sizeof(struct in6_addr); 445 446 /* for anycast or proxy, solicited_addr != src_addr */ 447 ifp = ipv6_get_ifaddr(solicited_addr, dev, 1); 448 if (ifp) { 449 src_addr = solicited_addr; 450 in6_ifa_put(ifp); 451 } else { 452 if (ipv6_dev_get_saddr(dev, daddr, &tmpaddr)) 453 return; 454 src_addr = &tmpaddr; 455 } 456 457 ndisc_flow_init(&fl, NDISC_NEIGHBOUR_ADVERTISEMENT, src_addr, daddr, 458 dev->ifindex); 459 460 dst = ndisc_dst_alloc(dev, neigh, daddr, ip6_output); 461 if (!dst) 462 return; 463 464 err = xfrm_lookup(&dst, &fl, NULL, 0); 465 if (err < 0) 466 return; 467 468 if (inc_opt) { 469 if (dev->addr_len) 470 len += ndisc_opt_addr_space(dev); 471 else 472 inc_opt = 0; 473 } 474 475 skb = sock_alloc_send_skb(sk, 476 (MAX_HEADER + sizeof(struct ipv6hdr) + 477 len + LL_RESERVED_SPACE(dev)), 478 1, &err); 479 480 if (skb == NULL) { 481 ND_PRINTK0(KERN_ERR 482 "ICMPv6 NA: %s() failed to allocate an skb.\n", 483 __FUNCTION__); 484 dst_release(dst); 485 return; 486 } 487 488 skb_reserve(skb, LL_RESERVED_SPACE(dev)); 489 ip6_nd_hdr(sk, skb, dev, src_addr, daddr, IPPROTO_ICMPV6, len); 490 491 msg = (struct nd_msg *)skb_put(skb, len); 492 skb->h.raw = (unsigned char*)msg; 493 494 msg->icmph.icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT; 495 msg->icmph.icmp6_code = 0; 496 msg->icmph.icmp6_cksum = 0; 497 498 msg->icmph.icmp6_unused = 0; 499 msg->icmph.icmp6_router = router; 500 msg->icmph.icmp6_solicited = solicited; 501 msg->icmph.icmp6_override = override; 502 503 /* Set the target address. */ 504 ipv6_addr_copy(&msg->target, solicited_addr); 505 506 if (inc_opt) 507 ndisc_fill_addr_option(msg->opt, ND_OPT_TARGET_LL_ADDR, dev->dev_addr, 508 dev->addr_len, dev->type); 509 510 /* checksum */ 511 msg->icmph.icmp6_cksum = csum_ipv6_magic(src_addr, daddr, len, 512 IPPROTO_ICMPV6, 513 csum_partial((__u8 *) msg, 514 len, 0)); 515 516 skb->dst = dst; 517 idev = in6_dev_get(dst->dev); 518 IP6_INC_STATS(idev, IPSTATS_MIB_OUTREQUESTS); 519 err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, dst_output); 520 if (!err) { 521 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTNEIGHBORADVERTISEMENTS); 522 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS); 523 } 524 525 if (likely(idev != NULL)) 526 in6_dev_put(idev); 527 } 528 529 void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh, 530 struct in6_addr *solicit, 531 struct in6_addr *daddr, struct in6_addr *saddr) 532 { 533 struct flowi fl; 534 struct dst_entry* dst; 535 struct inet6_dev *idev; 536 struct sock *sk = ndisc_socket->sk; 537 struct sk_buff *skb; 538 struct nd_msg *msg; 539 struct in6_addr addr_buf; 540 int len; 541 int err; 542 int send_llinfo; 543 544 if (saddr == NULL) { 545 if (ipv6_get_lladdr(dev, &addr_buf)) 546 return; 547 saddr = &addr_buf; 548 } 549 550 ndisc_flow_init(&fl, NDISC_NEIGHBOUR_SOLICITATION, saddr, daddr, 551 dev->ifindex); 552 553 dst = ndisc_dst_alloc(dev, neigh, daddr, ip6_output); 554 if (!dst) 555 return; 556 557 err = xfrm_lookup(&dst, &fl, NULL, 0); 558 if (err < 0) 559 return; 560 561 len = sizeof(struct icmp6hdr) + sizeof(struct in6_addr); 562 send_llinfo = dev->addr_len && !ipv6_addr_any(saddr); 563 if (send_llinfo) 564 len += ndisc_opt_addr_space(dev); 565 566 skb = sock_alloc_send_skb(sk, 567 (MAX_HEADER + sizeof(struct ipv6hdr) + 568 len + LL_RESERVED_SPACE(dev)), 569 1, &err); 570 if (skb == NULL) { 571 ND_PRINTK0(KERN_ERR 572 "ICMPv6 NA: %s() failed to allocate an skb.\n", 573 __FUNCTION__); 574 dst_release(dst); 575 return; 576 } 577 578 skb_reserve(skb, LL_RESERVED_SPACE(dev)); 579 ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len); 580 581 msg = (struct nd_msg *)skb_put(skb, len); 582 skb->h.raw = (unsigned char*)msg; 583 msg->icmph.icmp6_type = NDISC_NEIGHBOUR_SOLICITATION; 584 msg->icmph.icmp6_code = 0; 585 msg->icmph.icmp6_cksum = 0; 586 msg->icmph.icmp6_unused = 0; 587 588 /* Set the target address. */ 589 ipv6_addr_copy(&msg->target, solicit); 590 591 if (send_llinfo) 592 ndisc_fill_addr_option(msg->opt, ND_OPT_SOURCE_LL_ADDR, dev->dev_addr, 593 dev->addr_len, dev->type); 594 595 /* checksum */ 596 msg->icmph.icmp6_cksum = csum_ipv6_magic(&skb->nh.ipv6h->saddr, 597 daddr, len, 598 IPPROTO_ICMPV6, 599 csum_partial((__u8 *) msg, 600 len, 0)); 601 /* send it! */ 602 skb->dst = dst; 603 idev = in6_dev_get(dst->dev); 604 IP6_INC_STATS(idev, IPSTATS_MIB_OUTREQUESTS); 605 err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, dst_output); 606 if (!err) { 607 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTNEIGHBORSOLICITS); 608 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS); 609 } 610 611 if (likely(idev != NULL)) 612 in6_dev_put(idev); 613 } 614 615 void ndisc_send_rs(struct net_device *dev, struct in6_addr *saddr, 616 struct in6_addr *daddr) 617 { 618 struct flowi fl; 619 struct dst_entry* dst; 620 struct inet6_dev *idev; 621 struct sock *sk = ndisc_socket->sk; 622 struct sk_buff *skb; 623 struct icmp6hdr *hdr; 624 __u8 * opt; 625 int len; 626 int err; 627 628 ndisc_flow_init(&fl, NDISC_ROUTER_SOLICITATION, saddr, daddr, 629 dev->ifindex); 630 631 dst = ndisc_dst_alloc(dev, NULL, daddr, ip6_output); 632 if (!dst) 633 return; 634 635 err = xfrm_lookup(&dst, &fl, NULL, 0); 636 if (err < 0) 637 return; 638 639 len = sizeof(struct icmp6hdr); 640 if (dev->addr_len) 641 len += ndisc_opt_addr_space(dev); 642 643 skb = sock_alloc_send_skb(sk, 644 (MAX_HEADER + sizeof(struct ipv6hdr) + 645 len + LL_RESERVED_SPACE(dev)), 646 1, &err); 647 if (skb == NULL) { 648 ND_PRINTK0(KERN_ERR 649 "ICMPv6 RS: %s() failed to allocate an skb.\n", 650 __FUNCTION__); 651 dst_release(dst); 652 return; 653 } 654 655 skb_reserve(skb, LL_RESERVED_SPACE(dev)); 656 ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len); 657 658 hdr = (struct icmp6hdr *)skb_put(skb, len); 659 skb->h.raw = (unsigned char*)hdr; 660 hdr->icmp6_type = NDISC_ROUTER_SOLICITATION; 661 hdr->icmp6_code = 0; 662 hdr->icmp6_cksum = 0; 663 hdr->icmp6_unused = 0; 664 665 opt = (u8*) (hdr + 1); 666 667 if (dev->addr_len) 668 ndisc_fill_addr_option(opt, ND_OPT_SOURCE_LL_ADDR, dev->dev_addr, 669 dev->addr_len, dev->type); 670 671 /* checksum */ 672 hdr->icmp6_cksum = csum_ipv6_magic(&skb->nh.ipv6h->saddr, daddr, len, 673 IPPROTO_ICMPV6, 674 csum_partial((__u8 *) hdr, len, 0)); 675 676 /* send it! */ 677 skb->dst = dst; 678 idev = in6_dev_get(dst->dev); 679 IP6_INC_STATS(idev, IPSTATS_MIB_OUTREQUESTS); 680 err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, dst_output); 681 if (!err) { 682 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTROUTERSOLICITS); 683 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS); 684 } 685 686 if (likely(idev != NULL)) 687 in6_dev_put(idev); 688 } 689 690 691 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb) 692 { 693 /* 694 * "The sender MUST return an ICMP 695 * destination unreachable" 696 */ 697 dst_link_failure(skb); 698 kfree_skb(skb); 699 } 700 701 /* Called with locked neigh: either read or both */ 702 703 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb) 704 { 705 struct in6_addr *saddr = NULL; 706 struct in6_addr mcaddr; 707 struct net_device *dev = neigh->dev; 708 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key; 709 int probes = atomic_read(&neigh->probes); 710 711 if (skb && ipv6_chk_addr(&skb->nh.ipv6h->saddr, dev, 1)) 712 saddr = &skb->nh.ipv6h->saddr; 713 714 if ((probes -= neigh->parms->ucast_probes) < 0) { 715 if (!(neigh->nud_state & NUD_VALID)) { 716 ND_PRINTK1(KERN_DEBUG 717 "%s(): trying to ucast probe in NUD_INVALID: " 718 NIP6_FMT "\n", 719 __FUNCTION__, 720 NIP6(*target)); 721 } 722 ndisc_send_ns(dev, neigh, target, target, saddr); 723 } else if ((probes -= neigh->parms->app_probes) < 0) { 724 #ifdef CONFIG_ARPD 725 neigh_app_ns(neigh); 726 #endif 727 } else { 728 addrconf_addr_solict_mult(target, &mcaddr); 729 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr); 730 } 731 } 732 733 static void ndisc_recv_ns(struct sk_buff *skb) 734 { 735 struct nd_msg *msg = (struct nd_msg *)skb->h.raw; 736 struct in6_addr *saddr = &skb->nh.ipv6h->saddr; 737 struct in6_addr *daddr = &skb->nh.ipv6h->daddr; 738 u8 *lladdr = NULL; 739 u32 ndoptlen = skb->tail - msg->opt; 740 struct ndisc_options ndopts; 741 struct net_device *dev = skb->dev; 742 struct inet6_ifaddr *ifp; 743 struct inet6_dev *idev = NULL; 744 struct neighbour *neigh; 745 struct pneigh_entry *pneigh = NULL; 746 int dad = ipv6_addr_any(saddr); 747 int inc; 748 int is_router; 749 750 if (ipv6_addr_is_multicast(&msg->target)) { 751 ND_PRINTK2(KERN_WARNING 752 "ICMPv6 NS: multicast target address"); 753 return; 754 } 755 756 /* 757 * RFC2461 7.1.1: 758 * DAD has to be destined for solicited node multicast address. 759 */ 760 if (dad && 761 !(daddr->s6_addr32[0] == htonl(0xff020000) && 762 daddr->s6_addr32[1] == htonl(0x00000000) && 763 daddr->s6_addr32[2] == htonl(0x00000001) && 764 daddr->s6_addr [12] == 0xff )) { 765 ND_PRINTK2(KERN_WARNING 766 "ICMPv6 NS: bad DAD packet (wrong destination)\n"); 767 return; 768 } 769 770 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) { 771 ND_PRINTK2(KERN_WARNING 772 "ICMPv6 NS: invalid ND options\n"); 773 return; 774 } 775 776 if (ndopts.nd_opts_src_lladdr) { 777 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev); 778 if (!lladdr) { 779 ND_PRINTK2(KERN_WARNING 780 "ICMPv6 NS: invalid link-layer address length\n"); 781 return; 782 } 783 784 /* RFC2461 7.1.1: 785 * If the IP source address is the unspecified address, 786 * there MUST NOT be source link-layer address option 787 * in the message. 788 */ 789 if (dad) { 790 ND_PRINTK2(KERN_WARNING 791 "ICMPv6 NS: bad DAD packet (link-layer address option)\n"); 792 return; 793 } 794 } 795 796 inc = ipv6_addr_is_multicast(daddr); 797 798 if ((ifp = ipv6_get_ifaddr(&msg->target, dev, 1)) != NULL) { 799 if (ifp->flags & IFA_F_TENTATIVE) { 800 /* Address is tentative. If the source 801 is unspecified address, it is someone 802 does DAD, otherwise we ignore solicitations 803 until DAD timer expires. 804 */ 805 if (!dad) 806 goto out; 807 if (dev->type == ARPHRD_IEEE802_TR) { 808 unsigned char *sadr = skb->mac.raw; 809 if (((sadr[8] ^ dev->dev_addr[0]) & 0x7f) == 0 && 810 sadr[9] == dev->dev_addr[1] && 811 sadr[10] == dev->dev_addr[2] && 812 sadr[11] == dev->dev_addr[3] && 813 sadr[12] == dev->dev_addr[4] && 814 sadr[13] == dev->dev_addr[5]) { 815 /* looped-back to us */ 816 goto out; 817 } 818 } 819 addrconf_dad_failure(ifp); 820 return; 821 } 822 823 idev = ifp->idev; 824 } else { 825 idev = in6_dev_get(dev); 826 if (!idev) { 827 /* XXX: count this drop? */ 828 return; 829 } 830 831 if (ipv6_chk_acast_addr(dev, &msg->target) || 832 (idev->cnf.forwarding && 833 (ipv6_devconf.proxy_ndp || idev->cnf.proxy_ndp) && 834 (pneigh = pneigh_lookup(&nd_tbl, 835 &msg->target, dev, 0)) != NULL)) { 836 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) && 837 skb->pkt_type != PACKET_HOST && 838 inc != 0 && 839 idev->nd_parms->proxy_delay != 0) { 840 /* 841 * for anycast or proxy, 842 * sender should delay its response 843 * by a random time between 0 and 844 * MAX_ANYCAST_DELAY_TIME seconds. 845 * (RFC2461) -- yoshfuji 846 */ 847 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC); 848 if (n) 849 pneigh_enqueue(&nd_tbl, idev->nd_parms, n); 850 goto out; 851 } 852 } else 853 goto out; 854 } 855 856 is_router = !!(pneigh ? pneigh->flags & NTF_ROUTER : idev->cnf.forwarding); 857 858 if (dad) { 859 struct in6_addr maddr; 860 861 ipv6_addr_all_nodes(&maddr); 862 ndisc_send_na(dev, NULL, &maddr, &msg->target, 863 is_router, 0, (ifp != NULL), 1); 864 goto out; 865 } 866 867 if (inc) 868 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast); 869 else 870 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast); 871 872 /* 873 * update / create cache entry 874 * for the source address 875 */ 876 neigh = __neigh_lookup(&nd_tbl, saddr, dev, 877 !inc || lladdr || !dev->addr_len); 878 if (neigh) 879 neigh_update(neigh, lladdr, NUD_STALE, 880 NEIGH_UPDATE_F_WEAK_OVERRIDE| 881 NEIGH_UPDATE_F_OVERRIDE); 882 if (neigh || !dev->hard_header) { 883 ndisc_send_na(dev, neigh, saddr, &msg->target, 884 is_router, 885 1, (ifp != NULL && inc), inc); 886 if (neigh) 887 neigh_release(neigh); 888 } 889 890 out: 891 if (ifp) 892 in6_ifa_put(ifp); 893 else 894 in6_dev_put(idev); 895 896 return; 897 } 898 899 static void ndisc_recv_na(struct sk_buff *skb) 900 { 901 struct nd_msg *msg = (struct nd_msg *)skb->h.raw; 902 struct in6_addr *saddr = &skb->nh.ipv6h->saddr; 903 struct in6_addr *daddr = &skb->nh.ipv6h->daddr; 904 u8 *lladdr = NULL; 905 u32 ndoptlen = skb->tail - msg->opt; 906 struct ndisc_options ndopts; 907 struct net_device *dev = skb->dev; 908 struct inet6_ifaddr *ifp; 909 struct neighbour *neigh; 910 911 if (skb->len < sizeof(struct nd_msg)) { 912 ND_PRINTK2(KERN_WARNING 913 "ICMPv6 NA: packet too short\n"); 914 return; 915 } 916 917 if (ipv6_addr_is_multicast(&msg->target)) { 918 ND_PRINTK2(KERN_WARNING 919 "ICMPv6 NA: target address is multicast.\n"); 920 return; 921 } 922 923 if (ipv6_addr_is_multicast(daddr) && 924 msg->icmph.icmp6_solicited) { 925 ND_PRINTK2(KERN_WARNING 926 "ICMPv6 NA: solicited NA is multicasted.\n"); 927 return; 928 } 929 930 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) { 931 ND_PRINTK2(KERN_WARNING 932 "ICMPv6 NS: invalid ND option\n"); 933 return; 934 } 935 if (ndopts.nd_opts_tgt_lladdr) { 936 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev); 937 if (!lladdr) { 938 ND_PRINTK2(KERN_WARNING 939 "ICMPv6 NA: invalid link-layer address length\n"); 940 return; 941 } 942 } 943 if ((ifp = ipv6_get_ifaddr(&msg->target, dev, 1))) { 944 if (ifp->flags & IFA_F_TENTATIVE) { 945 addrconf_dad_failure(ifp); 946 return; 947 } 948 /* What should we make now? The advertisement 949 is invalid, but ndisc specs say nothing 950 about it. It could be misconfiguration, or 951 an smart proxy agent tries to help us :-) 952 */ 953 ND_PRINTK1(KERN_WARNING 954 "ICMPv6 NA: someone advertises our address on %s!\n", 955 ifp->idev->dev->name); 956 in6_ifa_put(ifp); 957 return; 958 } 959 neigh = neigh_lookup(&nd_tbl, &msg->target, dev); 960 961 if (neigh) { 962 u8 old_flags = neigh->flags; 963 964 if (neigh->nud_state & NUD_FAILED) 965 goto out; 966 967 /* 968 * Don't update the neighbor cache entry on a proxy NA from 969 * ourselves because either the proxied node is off link or it 970 * has already sent a NA to us. 971 */ 972 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) && 973 ipv6_devconf.forwarding && ipv6_devconf.proxy_ndp && 974 pneigh_lookup(&nd_tbl, &msg->target, dev, 0)) { 975 /* XXX: idev->cnf.prixy_ndp */ 976 goto out; 977 } 978 979 neigh_update(neigh, lladdr, 980 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE, 981 NEIGH_UPDATE_F_WEAK_OVERRIDE| 982 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)| 983 NEIGH_UPDATE_F_OVERRIDE_ISROUTER| 984 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0)); 985 986 if ((old_flags & ~neigh->flags) & NTF_ROUTER) { 987 /* 988 * Change: router to host 989 */ 990 struct rt6_info *rt; 991 rt = rt6_get_dflt_router(saddr, dev); 992 if (rt) 993 ip6_del_rt(rt); 994 } 995 996 out: 997 neigh_release(neigh); 998 } 999 } 1000 1001 static void ndisc_recv_rs(struct sk_buff *skb) 1002 { 1003 struct rs_msg *rs_msg = (struct rs_msg *) skb->h.raw; 1004 unsigned long ndoptlen = skb->len - sizeof(*rs_msg); 1005 struct neighbour *neigh; 1006 struct inet6_dev *idev; 1007 struct in6_addr *saddr = &skb->nh.ipv6h->saddr; 1008 struct ndisc_options ndopts; 1009 u8 *lladdr = NULL; 1010 1011 if (skb->len < sizeof(*rs_msg)) 1012 return; 1013 1014 idev = in6_dev_get(skb->dev); 1015 if (!idev) { 1016 if (net_ratelimit()) 1017 ND_PRINTK1("ICMP6 RS: can't find in6 device\n"); 1018 return; 1019 } 1020 1021 /* Don't accept RS if we're not in router mode */ 1022 if (!idev->cnf.forwarding) 1023 goto out; 1024 1025 /* 1026 * Don't update NCE if src = ::; 1027 * this implies that the source node has no ip address assigned yet. 1028 */ 1029 if (ipv6_addr_any(saddr)) 1030 goto out; 1031 1032 /* Parse ND options */ 1033 if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) { 1034 if (net_ratelimit()) 1035 ND_PRINTK2("ICMP6 NS: invalid ND option, ignored\n"); 1036 goto out; 1037 } 1038 1039 if (ndopts.nd_opts_src_lladdr) { 1040 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, 1041 skb->dev); 1042 if (!lladdr) 1043 goto out; 1044 } 1045 1046 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1); 1047 if (neigh) { 1048 neigh_update(neigh, lladdr, NUD_STALE, 1049 NEIGH_UPDATE_F_WEAK_OVERRIDE| 1050 NEIGH_UPDATE_F_OVERRIDE| 1051 NEIGH_UPDATE_F_OVERRIDE_ISROUTER); 1052 neigh_release(neigh); 1053 } 1054 out: 1055 in6_dev_put(idev); 1056 } 1057 1058 static void ndisc_router_discovery(struct sk_buff *skb) 1059 { 1060 struct ra_msg *ra_msg = (struct ra_msg *) skb->h.raw; 1061 struct neighbour *neigh = NULL; 1062 struct inet6_dev *in6_dev; 1063 struct rt6_info *rt = NULL; 1064 int lifetime; 1065 struct ndisc_options ndopts; 1066 int optlen; 1067 unsigned int pref = 0; 1068 1069 __u8 * opt = (__u8 *)(ra_msg + 1); 1070 1071 optlen = (skb->tail - skb->h.raw) - sizeof(struct ra_msg); 1072 1073 if (!(ipv6_addr_type(&skb->nh.ipv6h->saddr) & IPV6_ADDR_LINKLOCAL)) { 1074 ND_PRINTK2(KERN_WARNING 1075 "ICMPv6 RA: source address is not link-local.\n"); 1076 return; 1077 } 1078 if (optlen < 0) { 1079 ND_PRINTK2(KERN_WARNING 1080 "ICMPv6 RA: packet too short\n"); 1081 return; 1082 } 1083 1084 /* 1085 * set the RA_RECV flag in the interface 1086 */ 1087 1088 in6_dev = in6_dev_get(skb->dev); 1089 if (in6_dev == NULL) { 1090 ND_PRINTK0(KERN_ERR 1091 "ICMPv6 RA: can't find inet6 device for %s.\n", 1092 skb->dev->name); 1093 return; 1094 } 1095 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_ra) { 1096 in6_dev_put(in6_dev); 1097 return; 1098 } 1099 1100 if (!ndisc_parse_options(opt, optlen, &ndopts)) { 1101 in6_dev_put(in6_dev); 1102 ND_PRINTK2(KERN_WARNING 1103 "ICMP6 RA: invalid ND options\n"); 1104 return; 1105 } 1106 1107 if (in6_dev->if_flags & IF_RS_SENT) { 1108 /* 1109 * flag that an RA was received after an RS was sent 1110 * out on this interface. 1111 */ 1112 in6_dev->if_flags |= IF_RA_RCVD; 1113 } 1114 1115 /* 1116 * Remember the managed/otherconf flags from most recently 1117 * received RA message (RFC 2462) -- yoshfuji 1118 */ 1119 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED | 1120 IF_RA_OTHERCONF)) | 1121 (ra_msg->icmph.icmp6_addrconf_managed ? 1122 IF_RA_MANAGED : 0) | 1123 (ra_msg->icmph.icmp6_addrconf_other ? 1124 IF_RA_OTHERCONF : 0); 1125 1126 if (!in6_dev->cnf.accept_ra_defrtr) 1127 goto skip_defrtr; 1128 1129 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime); 1130 1131 #ifdef CONFIG_IPV6_ROUTER_PREF 1132 pref = ra_msg->icmph.icmp6_router_pref; 1133 /* 10b is handled as if it were 00b (medium) */ 1134 if (pref == ICMPV6_ROUTER_PREF_INVALID || 1135 in6_dev->cnf.accept_ra_rtr_pref) 1136 pref = ICMPV6_ROUTER_PREF_MEDIUM; 1137 #endif 1138 1139 rt = rt6_get_dflt_router(&skb->nh.ipv6h->saddr, skb->dev); 1140 1141 if (rt) 1142 neigh = rt->rt6i_nexthop; 1143 1144 if (rt && lifetime == 0) { 1145 neigh_clone(neigh); 1146 ip6_del_rt(rt); 1147 rt = NULL; 1148 } 1149 1150 if (rt == NULL && lifetime) { 1151 ND_PRINTK3(KERN_DEBUG 1152 "ICMPv6 RA: adding default router.\n"); 1153 1154 rt = rt6_add_dflt_router(&skb->nh.ipv6h->saddr, skb->dev, pref); 1155 if (rt == NULL) { 1156 ND_PRINTK0(KERN_ERR 1157 "ICMPv6 RA: %s() failed to add default route.\n", 1158 __FUNCTION__); 1159 in6_dev_put(in6_dev); 1160 return; 1161 } 1162 1163 neigh = rt->rt6i_nexthop; 1164 if (neigh == NULL) { 1165 ND_PRINTK0(KERN_ERR 1166 "ICMPv6 RA: %s() got default router without neighbour.\n", 1167 __FUNCTION__); 1168 dst_release(&rt->u.dst); 1169 in6_dev_put(in6_dev); 1170 return; 1171 } 1172 neigh->flags |= NTF_ROUTER; 1173 } else if (rt) { 1174 rt->rt6i_flags |= (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref); 1175 } 1176 1177 if (rt) 1178 rt->rt6i_expires = jiffies + (HZ * lifetime); 1179 1180 if (ra_msg->icmph.icmp6_hop_limit) { 1181 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit; 1182 if (rt) 1183 rt->u.dst.metrics[RTAX_HOPLIMIT-1] = ra_msg->icmph.icmp6_hop_limit; 1184 } 1185 1186 skip_defrtr: 1187 1188 /* 1189 * Update Reachable Time and Retrans Timer 1190 */ 1191 1192 if (in6_dev->nd_parms) { 1193 unsigned long rtime = ntohl(ra_msg->retrans_timer); 1194 1195 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) { 1196 rtime = (rtime*HZ)/1000; 1197 if (rtime < HZ/10) 1198 rtime = HZ/10; 1199 in6_dev->nd_parms->retrans_time = rtime; 1200 in6_dev->tstamp = jiffies; 1201 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev); 1202 } 1203 1204 rtime = ntohl(ra_msg->reachable_time); 1205 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) { 1206 rtime = (rtime*HZ)/1000; 1207 1208 if (rtime < HZ/10) 1209 rtime = HZ/10; 1210 1211 if (rtime != in6_dev->nd_parms->base_reachable_time) { 1212 in6_dev->nd_parms->base_reachable_time = rtime; 1213 in6_dev->nd_parms->gc_staletime = 3 * rtime; 1214 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime); 1215 in6_dev->tstamp = jiffies; 1216 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev); 1217 } 1218 } 1219 } 1220 1221 /* 1222 * Process options. 1223 */ 1224 1225 if (!neigh) 1226 neigh = __neigh_lookup(&nd_tbl, &skb->nh.ipv6h->saddr, 1227 skb->dev, 1); 1228 if (neigh) { 1229 u8 *lladdr = NULL; 1230 if (ndopts.nd_opts_src_lladdr) { 1231 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, 1232 skb->dev); 1233 if (!lladdr) { 1234 ND_PRINTK2(KERN_WARNING 1235 "ICMPv6 RA: invalid link-layer address length\n"); 1236 goto out; 1237 } 1238 } 1239 neigh_update(neigh, lladdr, NUD_STALE, 1240 NEIGH_UPDATE_F_WEAK_OVERRIDE| 1241 NEIGH_UPDATE_F_OVERRIDE| 1242 NEIGH_UPDATE_F_OVERRIDE_ISROUTER| 1243 NEIGH_UPDATE_F_ISROUTER); 1244 } 1245 1246 #ifdef CONFIG_IPV6_ROUTE_INFO 1247 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) { 1248 struct nd_opt_hdr *p; 1249 for (p = ndopts.nd_opts_ri; 1250 p; 1251 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) { 1252 if (((struct route_info *)p)->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen) 1253 continue; 1254 rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3, 1255 &skb->nh.ipv6h->saddr); 1256 } 1257 } 1258 #endif 1259 1260 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) { 1261 struct nd_opt_hdr *p; 1262 for (p = ndopts.nd_opts_pi; 1263 p; 1264 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) { 1265 addrconf_prefix_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3); 1266 } 1267 } 1268 1269 if (ndopts.nd_opts_mtu) { 1270 __be32 n; 1271 u32 mtu; 1272 1273 memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu)); 1274 mtu = ntohl(n); 1275 1276 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) { 1277 ND_PRINTK2(KERN_WARNING 1278 "ICMPv6 RA: invalid mtu: %d\n", 1279 mtu); 1280 } else if (in6_dev->cnf.mtu6 != mtu) { 1281 in6_dev->cnf.mtu6 = mtu; 1282 1283 if (rt) 1284 rt->u.dst.metrics[RTAX_MTU-1] = mtu; 1285 1286 rt6_mtu_change(skb->dev, mtu); 1287 } 1288 } 1289 1290 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) { 1291 ND_PRINTK2(KERN_WARNING 1292 "ICMPv6 RA: invalid RA options"); 1293 } 1294 out: 1295 if (rt) 1296 dst_release(&rt->u.dst); 1297 else if (neigh) 1298 neigh_release(neigh); 1299 in6_dev_put(in6_dev); 1300 } 1301 1302 static void ndisc_redirect_rcv(struct sk_buff *skb) 1303 { 1304 struct inet6_dev *in6_dev; 1305 struct icmp6hdr *icmph; 1306 struct in6_addr *dest; 1307 struct in6_addr *target; /* new first hop to destination */ 1308 struct neighbour *neigh; 1309 int on_link = 0; 1310 struct ndisc_options ndopts; 1311 int optlen; 1312 u8 *lladdr = NULL; 1313 1314 if (!(ipv6_addr_type(&skb->nh.ipv6h->saddr) & IPV6_ADDR_LINKLOCAL)) { 1315 ND_PRINTK2(KERN_WARNING 1316 "ICMPv6 Redirect: source address is not link-local.\n"); 1317 return; 1318 } 1319 1320 optlen = skb->tail - skb->h.raw; 1321 optlen -= sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr); 1322 1323 if (optlen < 0) { 1324 ND_PRINTK2(KERN_WARNING 1325 "ICMPv6 Redirect: packet too short\n"); 1326 return; 1327 } 1328 1329 icmph = (struct icmp6hdr *) skb->h.raw; 1330 target = (struct in6_addr *) (icmph + 1); 1331 dest = target + 1; 1332 1333 if (ipv6_addr_is_multicast(dest)) { 1334 ND_PRINTK2(KERN_WARNING 1335 "ICMPv6 Redirect: destination address is multicast.\n"); 1336 return; 1337 } 1338 1339 if (ipv6_addr_equal(dest, target)) { 1340 on_link = 1; 1341 } else if (!(ipv6_addr_type(target) & IPV6_ADDR_LINKLOCAL)) { 1342 ND_PRINTK2(KERN_WARNING 1343 "ICMPv6 Redirect: target address is not link-local.\n"); 1344 return; 1345 } 1346 1347 in6_dev = in6_dev_get(skb->dev); 1348 if (!in6_dev) 1349 return; 1350 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects) { 1351 in6_dev_put(in6_dev); 1352 return; 1353 } 1354 1355 /* RFC2461 8.1: 1356 * The IP source address of the Redirect MUST be the same as the current 1357 * first-hop router for the specified ICMP Destination Address. 1358 */ 1359 1360 if (!ndisc_parse_options((u8*)(dest + 1), optlen, &ndopts)) { 1361 ND_PRINTK2(KERN_WARNING 1362 "ICMPv6 Redirect: invalid ND options\n"); 1363 in6_dev_put(in6_dev); 1364 return; 1365 } 1366 if (ndopts.nd_opts_tgt_lladdr) { 1367 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, 1368 skb->dev); 1369 if (!lladdr) { 1370 ND_PRINTK2(KERN_WARNING 1371 "ICMPv6 Redirect: invalid link-layer address length\n"); 1372 in6_dev_put(in6_dev); 1373 return; 1374 } 1375 } 1376 1377 neigh = __neigh_lookup(&nd_tbl, target, skb->dev, 1); 1378 if (neigh) { 1379 rt6_redirect(dest, &skb->nh.ipv6h->daddr, 1380 &skb->nh.ipv6h->saddr, neigh, lladdr, 1381 on_link); 1382 neigh_release(neigh); 1383 } 1384 in6_dev_put(in6_dev); 1385 } 1386 1387 void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh, 1388 struct in6_addr *target) 1389 { 1390 struct sock *sk = ndisc_socket->sk; 1391 int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr); 1392 struct sk_buff *buff; 1393 struct icmp6hdr *icmph; 1394 struct in6_addr saddr_buf; 1395 struct in6_addr *addrp; 1396 struct net_device *dev; 1397 struct rt6_info *rt; 1398 struct dst_entry *dst; 1399 struct inet6_dev *idev; 1400 struct flowi fl; 1401 u8 *opt; 1402 int rd_len; 1403 int err; 1404 int hlen; 1405 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL; 1406 1407 dev = skb->dev; 1408 1409 if (ipv6_get_lladdr(dev, &saddr_buf)) { 1410 ND_PRINTK2(KERN_WARNING 1411 "ICMPv6 Redirect: no link-local address on %s\n", 1412 dev->name); 1413 return; 1414 } 1415 1416 if (!ipv6_addr_equal(&skb->nh.ipv6h->daddr, target) && 1417 !(ipv6_addr_type(target) & IPV6_ADDR_LINKLOCAL)) { 1418 ND_PRINTK2(KERN_WARNING 1419 "ICMPv6 Redirect: target address is not link-local.\n"); 1420 return; 1421 } 1422 1423 ndisc_flow_init(&fl, NDISC_REDIRECT, &saddr_buf, &skb->nh.ipv6h->saddr, 1424 dev->ifindex); 1425 1426 dst = ip6_route_output(NULL, &fl); 1427 if (dst == NULL) 1428 return; 1429 1430 err = xfrm_lookup(&dst, &fl, NULL, 0); 1431 if (err) 1432 return; 1433 1434 rt = (struct rt6_info *) dst; 1435 1436 if (rt->rt6i_flags & RTF_GATEWAY) { 1437 ND_PRINTK2(KERN_WARNING 1438 "ICMPv6 Redirect: destination is not a neighbour.\n"); 1439 dst_release(dst); 1440 return; 1441 } 1442 if (!xrlim_allow(dst, 1*HZ)) { 1443 dst_release(dst); 1444 return; 1445 } 1446 1447 if (dev->addr_len) { 1448 read_lock_bh(&neigh->lock); 1449 if (neigh->nud_state & NUD_VALID) { 1450 memcpy(ha_buf, neigh->ha, dev->addr_len); 1451 read_unlock_bh(&neigh->lock); 1452 ha = ha_buf; 1453 len += ndisc_opt_addr_space(dev); 1454 } else 1455 read_unlock_bh(&neigh->lock); 1456 } 1457 1458 rd_len = min_t(unsigned int, 1459 IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8); 1460 rd_len &= ~0x7; 1461 len += rd_len; 1462 1463 buff = sock_alloc_send_skb(sk, 1464 (MAX_HEADER + sizeof(struct ipv6hdr) + 1465 len + LL_RESERVED_SPACE(dev)), 1466 1, &err); 1467 if (buff == NULL) { 1468 ND_PRINTK0(KERN_ERR 1469 "ICMPv6 Redirect: %s() failed to allocate an skb.\n", 1470 __FUNCTION__); 1471 dst_release(dst); 1472 return; 1473 } 1474 1475 hlen = 0; 1476 1477 skb_reserve(buff, LL_RESERVED_SPACE(dev)); 1478 ip6_nd_hdr(sk, buff, dev, &saddr_buf, &skb->nh.ipv6h->saddr, 1479 IPPROTO_ICMPV6, len); 1480 1481 icmph = (struct icmp6hdr *)skb_put(buff, len); 1482 buff->h.raw = (unsigned char*)icmph; 1483 1484 memset(icmph, 0, sizeof(struct icmp6hdr)); 1485 icmph->icmp6_type = NDISC_REDIRECT; 1486 1487 /* 1488 * copy target and destination addresses 1489 */ 1490 1491 addrp = (struct in6_addr *)(icmph + 1); 1492 ipv6_addr_copy(addrp, target); 1493 addrp++; 1494 ipv6_addr_copy(addrp, &skb->nh.ipv6h->daddr); 1495 1496 opt = (u8*) (addrp + 1); 1497 1498 /* 1499 * include target_address option 1500 */ 1501 1502 if (ha) 1503 opt = ndisc_fill_addr_option(opt, ND_OPT_TARGET_LL_ADDR, ha, 1504 dev->addr_len, dev->type); 1505 1506 /* 1507 * build redirect option and copy skb over to the new packet. 1508 */ 1509 1510 memset(opt, 0, 8); 1511 *(opt++) = ND_OPT_REDIRECT_HDR; 1512 *(opt++) = (rd_len >> 3); 1513 opt += 6; 1514 1515 memcpy(opt, skb->nh.ipv6h, rd_len - 8); 1516 1517 icmph->icmp6_cksum = csum_ipv6_magic(&saddr_buf, &skb->nh.ipv6h->saddr, 1518 len, IPPROTO_ICMPV6, 1519 csum_partial((u8 *) icmph, len, 0)); 1520 1521 buff->dst = dst; 1522 idev = in6_dev_get(dst->dev); 1523 IP6_INC_STATS(idev, IPSTATS_MIB_OUTREQUESTS); 1524 err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, buff, NULL, dst->dev, dst_output); 1525 if (!err) { 1526 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTREDIRECTS); 1527 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS); 1528 } 1529 1530 if (likely(idev != NULL)) 1531 in6_dev_put(idev); 1532 } 1533 1534 static void pndisc_redo(struct sk_buff *skb) 1535 { 1536 ndisc_recv_ns(skb); 1537 kfree_skb(skb); 1538 } 1539 1540 int ndisc_rcv(struct sk_buff *skb) 1541 { 1542 struct nd_msg *msg; 1543 1544 if (!pskb_may_pull(skb, skb->len)) 1545 return 0; 1546 1547 msg = (struct nd_msg *) skb->h.raw; 1548 1549 __skb_push(skb, skb->data-skb->h.raw); 1550 1551 if (skb->nh.ipv6h->hop_limit != 255) { 1552 ND_PRINTK2(KERN_WARNING 1553 "ICMPv6 NDISC: invalid hop-limit: %d\n", 1554 skb->nh.ipv6h->hop_limit); 1555 return 0; 1556 } 1557 1558 if (msg->icmph.icmp6_code != 0) { 1559 ND_PRINTK2(KERN_WARNING 1560 "ICMPv6 NDISC: invalid ICMPv6 code: %d\n", 1561 msg->icmph.icmp6_code); 1562 return 0; 1563 } 1564 1565 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb)); 1566 1567 switch (msg->icmph.icmp6_type) { 1568 case NDISC_NEIGHBOUR_SOLICITATION: 1569 ndisc_recv_ns(skb); 1570 break; 1571 1572 case NDISC_NEIGHBOUR_ADVERTISEMENT: 1573 ndisc_recv_na(skb); 1574 break; 1575 1576 case NDISC_ROUTER_SOLICITATION: 1577 ndisc_recv_rs(skb); 1578 break; 1579 1580 case NDISC_ROUTER_ADVERTISEMENT: 1581 ndisc_router_discovery(skb); 1582 break; 1583 1584 case NDISC_REDIRECT: 1585 ndisc_redirect_rcv(skb); 1586 break; 1587 }; 1588 1589 return 0; 1590 } 1591 1592 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr) 1593 { 1594 struct net_device *dev = ptr; 1595 1596 switch (event) { 1597 case NETDEV_CHANGEADDR: 1598 neigh_changeaddr(&nd_tbl, dev); 1599 fib6_run_gc(~0UL); 1600 break; 1601 case NETDEV_DOWN: 1602 neigh_ifdown(&nd_tbl, dev); 1603 fib6_run_gc(~0UL); 1604 break; 1605 default: 1606 break; 1607 } 1608 1609 return NOTIFY_DONE; 1610 } 1611 1612 static struct notifier_block ndisc_netdev_notifier = { 1613 .notifier_call = ndisc_netdev_event, 1614 }; 1615 1616 #ifdef CONFIG_SYSCTL 1617 static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl, 1618 const char *func, const char *dev_name) 1619 { 1620 static char warncomm[TASK_COMM_LEN]; 1621 static int warned; 1622 if (strcmp(warncomm, current->comm) && warned < 5) { 1623 strcpy(warncomm, current->comm); 1624 printk(KERN_WARNING 1625 "process `%s' is using deprecated sysctl (%s) " 1626 "net.ipv6.neigh.%s.%s; " 1627 "Use net.ipv6.neigh.%s.%s_ms " 1628 "instead.\n", 1629 warncomm, func, 1630 dev_name, ctl->procname, 1631 dev_name, ctl->procname); 1632 warned++; 1633 } 1634 } 1635 1636 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, struct file * filp, void __user *buffer, size_t *lenp, loff_t *ppos) 1637 { 1638 struct net_device *dev = ctl->extra1; 1639 struct inet6_dev *idev; 1640 int ret; 1641 1642 if (ctl->ctl_name == NET_NEIGH_RETRANS_TIME || 1643 ctl->ctl_name == NET_NEIGH_REACHABLE_TIME) 1644 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default"); 1645 1646 switch (ctl->ctl_name) { 1647 case NET_NEIGH_RETRANS_TIME: 1648 ret = proc_dointvec(ctl, write, filp, buffer, lenp, ppos); 1649 break; 1650 case NET_NEIGH_REACHABLE_TIME: 1651 ret = proc_dointvec_jiffies(ctl, write, 1652 filp, buffer, lenp, ppos); 1653 break; 1654 case NET_NEIGH_RETRANS_TIME_MS: 1655 case NET_NEIGH_REACHABLE_TIME_MS: 1656 ret = proc_dointvec_ms_jiffies(ctl, write, 1657 filp, buffer, lenp, ppos); 1658 break; 1659 default: 1660 ret = -1; 1661 } 1662 1663 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) { 1664 if (ctl->ctl_name == NET_NEIGH_REACHABLE_TIME || 1665 ctl->ctl_name == NET_NEIGH_REACHABLE_TIME_MS) 1666 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time); 1667 idev->tstamp = jiffies; 1668 inet6_ifinfo_notify(RTM_NEWLINK, idev); 1669 in6_dev_put(idev); 1670 } 1671 return ret; 1672 } 1673 1674 static int ndisc_ifinfo_sysctl_strategy(ctl_table *ctl, int __user *name, 1675 int nlen, void __user *oldval, 1676 size_t __user *oldlenp, 1677 void __user *newval, size_t newlen) 1678 { 1679 struct net_device *dev = ctl->extra1; 1680 struct inet6_dev *idev; 1681 int ret; 1682 1683 if (ctl->ctl_name == NET_NEIGH_RETRANS_TIME || 1684 ctl->ctl_name == NET_NEIGH_REACHABLE_TIME) 1685 ndisc_warn_deprecated_sysctl(ctl, "procfs", dev ? dev->name : "default"); 1686 1687 switch (ctl->ctl_name) { 1688 case NET_NEIGH_REACHABLE_TIME: 1689 ret = sysctl_jiffies(ctl, name, nlen, 1690 oldval, oldlenp, newval, newlen); 1691 break; 1692 case NET_NEIGH_RETRANS_TIME_MS: 1693 case NET_NEIGH_REACHABLE_TIME_MS: 1694 ret = sysctl_ms_jiffies(ctl, name, nlen, 1695 oldval, oldlenp, newval, newlen); 1696 break; 1697 default: 1698 ret = 0; 1699 } 1700 1701 if (newval && newlen && ret > 0 && 1702 dev && (idev = in6_dev_get(dev)) != NULL) { 1703 if (ctl->ctl_name == NET_NEIGH_REACHABLE_TIME || 1704 ctl->ctl_name == NET_NEIGH_REACHABLE_TIME_MS) 1705 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time); 1706 idev->tstamp = jiffies; 1707 inet6_ifinfo_notify(RTM_NEWLINK, idev); 1708 in6_dev_put(idev); 1709 } 1710 1711 return ret; 1712 } 1713 1714 #endif 1715 1716 int __init ndisc_init(struct net_proto_family *ops) 1717 { 1718 struct ipv6_pinfo *np; 1719 struct sock *sk; 1720 int err; 1721 1722 err = sock_create_kern(PF_INET6, SOCK_RAW, IPPROTO_ICMPV6, &ndisc_socket); 1723 if (err < 0) { 1724 ND_PRINTK0(KERN_ERR 1725 "ICMPv6 NDISC: Failed to initialize the control socket (err %d).\n", 1726 err); 1727 ndisc_socket = NULL; /* For safety. */ 1728 return err; 1729 } 1730 1731 sk = ndisc_socket->sk; 1732 np = inet6_sk(sk); 1733 sk->sk_allocation = GFP_ATOMIC; 1734 np->hop_limit = 255; 1735 /* Do not loopback ndisc messages */ 1736 np->mc_loop = 0; 1737 sk->sk_prot->unhash(sk); 1738 1739 /* 1740 * Initialize the neighbour table 1741 */ 1742 1743 neigh_table_init(&nd_tbl); 1744 1745 #ifdef CONFIG_SYSCTL 1746 neigh_sysctl_register(NULL, &nd_tbl.parms, NET_IPV6, NET_IPV6_NEIGH, 1747 "ipv6", 1748 &ndisc_ifinfo_sysctl_change, 1749 &ndisc_ifinfo_sysctl_strategy); 1750 #endif 1751 1752 register_netdevice_notifier(&ndisc_netdev_notifier); 1753 return 0; 1754 } 1755 1756 void ndisc_cleanup(void) 1757 { 1758 unregister_netdevice_notifier(&ndisc_netdev_notifier); 1759 #ifdef CONFIG_SYSCTL 1760 neigh_sysctl_unregister(&nd_tbl.parms); 1761 #endif 1762 neigh_table_clear(&nd_tbl); 1763 sock_release(ndisc_socket); 1764 ndisc_socket = NULL; /* For safety. */ 1765 } 1766