1 /* 2 * Neighbour Discovery for IPv6 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * Mike Shaver <shaver@ingenia.com> 8 * 9 * This program is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU General Public License 11 * as published by the Free Software Foundation; either version 12 * 2 of the License, or (at your option) any later version. 13 */ 14 15 /* 16 * Changes: 17 * 18 * Lars Fenneberg : fixed MTU setting on receipt 19 * of an RA. 20 * 21 * Janos Farkas : kmalloc failure checks 22 * Alexey Kuznetsov : state machine reworked 23 * and moved to net/core. 24 * Pekka Savola : RFC2461 validation 25 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly 26 */ 27 28 /* Set to 3 to get tracing... */ 29 #define ND_DEBUG 1 30 31 #define ND_PRINTK(fmt, args...) do { if (net_ratelimit()) { printk(fmt, ## args); } } while(0) 32 #define ND_NOPRINTK(x...) do { ; } while(0) 33 #define ND_PRINTK0 ND_PRINTK 34 #define ND_PRINTK1 ND_NOPRINTK 35 #define ND_PRINTK2 ND_NOPRINTK 36 #define ND_PRINTK3 ND_NOPRINTK 37 #if ND_DEBUG >= 1 38 #undef ND_PRINTK1 39 #define ND_PRINTK1 ND_PRINTK 40 #endif 41 #if ND_DEBUG >= 2 42 #undef ND_PRINTK2 43 #define ND_PRINTK2 ND_PRINTK 44 #endif 45 #if ND_DEBUG >= 3 46 #undef ND_PRINTK3 47 #define ND_PRINTK3 ND_PRINTK 48 #endif 49 50 #include <linux/module.h> 51 #include <linux/config.h> 52 #include <linux/errno.h> 53 #include <linux/types.h> 54 #include <linux/socket.h> 55 #include <linux/sockios.h> 56 #include <linux/sched.h> 57 #include <linux/net.h> 58 #include <linux/in6.h> 59 #include <linux/route.h> 60 #include <linux/init.h> 61 #include <linux/rcupdate.h> 62 #ifdef CONFIG_SYSCTL 63 #include <linux/sysctl.h> 64 #endif 65 66 #include <linux/if_arp.h> 67 #include <linux/ipv6.h> 68 #include <linux/icmpv6.h> 69 #include <linux/jhash.h> 70 71 #include <net/sock.h> 72 #include <net/snmp.h> 73 74 #include <net/ipv6.h> 75 #include <net/protocol.h> 76 #include <net/ndisc.h> 77 #include <net/ip6_route.h> 78 #include <net/addrconf.h> 79 #include <net/icmp.h> 80 81 #include <net/flow.h> 82 #include <net/ip6_checksum.h> 83 #include <linux/proc_fs.h> 84 85 #include <linux/netfilter.h> 86 #include <linux/netfilter_ipv6.h> 87 88 static struct socket *ndisc_socket; 89 90 static u32 ndisc_hash(const void *pkey, const struct net_device *dev); 91 static int ndisc_constructor(struct neighbour *neigh); 92 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb); 93 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb); 94 static int pndisc_constructor(struct pneigh_entry *n); 95 static void pndisc_destructor(struct pneigh_entry *n); 96 static void pndisc_redo(struct sk_buff *skb); 97 98 static struct neigh_ops ndisc_generic_ops = { 99 .family = AF_INET6, 100 .solicit = ndisc_solicit, 101 .error_report = ndisc_error_report, 102 .output = neigh_resolve_output, 103 .connected_output = neigh_connected_output, 104 .hh_output = dev_queue_xmit, 105 .queue_xmit = dev_queue_xmit, 106 }; 107 108 static struct neigh_ops ndisc_hh_ops = { 109 .family = AF_INET6, 110 .solicit = ndisc_solicit, 111 .error_report = ndisc_error_report, 112 .output = neigh_resolve_output, 113 .connected_output = neigh_resolve_output, 114 .hh_output = dev_queue_xmit, 115 .queue_xmit = dev_queue_xmit, 116 }; 117 118 119 static struct neigh_ops ndisc_direct_ops = { 120 .family = AF_INET6, 121 .output = dev_queue_xmit, 122 .connected_output = dev_queue_xmit, 123 .hh_output = dev_queue_xmit, 124 .queue_xmit = dev_queue_xmit, 125 }; 126 127 struct neigh_table nd_tbl = { 128 .family = AF_INET6, 129 .entry_size = sizeof(struct neighbour) + sizeof(struct in6_addr), 130 .key_len = sizeof(struct in6_addr), 131 .hash = ndisc_hash, 132 .constructor = ndisc_constructor, 133 .pconstructor = pndisc_constructor, 134 .pdestructor = pndisc_destructor, 135 .proxy_redo = pndisc_redo, 136 .id = "ndisc_cache", 137 .parms = { 138 .tbl = &nd_tbl, 139 .base_reachable_time = 30 * HZ, 140 .retrans_time = 1 * HZ, 141 .gc_staletime = 60 * HZ, 142 .reachable_time = 30 * HZ, 143 .delay_probe_time = 5 * HZ, 144 .queue_len = 3, 145 .ucast_probes = 3, 146 .mcast_probes = 3, 147 .anycast_delay = 1 * HZ, 148 .proxy_delay = (8 * HZ) / 10, 149 .proxy_qlen = 64, 150 }, 151 .gc_interval = 30 * HZ, 152 .gc_thresh1 = 128, 153 .gc_thresh2 = 512, 154 .gc_thresh3 = 1024, 155 }; 156 157 /* ND options */ 158 struct ndisc_options { 159 struct nd_opt_hdr *nd_opt_array[__ND_OPT_ARRAY_MAX]; 160 #ifdef CONFIG_IPV6_ROUTE_INFO 161 struct nd_opt_hdr *nd_opts_ri; 162 struct nd_opt_hdr *nd_opts_ri_end; 163 #endif 164 }; 165 166 #define nd_opts_src_lladdr nd_opt_array[ND_OPT_SOURCE_LL_ADDR] 167 #define nd_opts_tgt_lladdr nd_opt_array[ND_OPT_TARGET_LL_ADDR] 168 #define nd_opts_pi nd_opt_array[ND_OPT_PREFIX_INFO] 169 #define nd_opts_pi_end nd_opt_array[__ND_OPT_PREFIX_INFO_END] 170 #define nd_opts_rh nd_opt_array[ND_OPT_REDIRECT_HDR] 171 #define nd_opts_mtu nd_opt_array[ND_OPT_MTU] 172 173 #define NDISC_OPT_SPACE(len) (((len)+2+7)&~7) 174 175 /* 176 * Return the padding between the option length and the start of the 177 * link addr. Currently only IP-over-InfiniBand needs this, although 178 * if RFC 3831 IPv6-over-Fibre Channel is ever implemented it may 179 * also need a pad of 2. 180 */ 181 static int ndisc_addr_option_pad(unsigned short type) 182 { 183 switch (type) { 184 case ARPHRD_INFINIBAND: return 2; 185 default: return 0; 186 } 187 } 188 189 static inline int ndisc_opt_addr_space(struct net_device *dev) 190 { 191 return NDISC_OPT_SPACE(dev->addr_len + ndisc_addr_option_pad(dev->type)); 192 } 193 194 static u8 *ndisc_fill_addr_option(u8 *opt, int type, void *data, int data_len, 195 unsigned short addr_type) 196 { 197 int space = NDISC_OPT_SPACE(data_len); 198 int pad = ndisc_addr_option_pad(addr_type); 199 200 opt[0] = type; 201 opt[1] = space>>3; 202 203 memset(opt + 2, 0, pad); 204 opt += pad; 205 space -= pad; 206 207 memcpy(opt+2, data, data_len); 208 data_len += 2; 209 opt += data_len; 210 if ((space -= data_len) > 0) 211 memset(opt, 0, space); 212 return opt + space; 213 } 214 215 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur, 216 struct nd_opt_hdr *end) 217 { 218 int type; 219 if (!cur || !end || cur >= end) 220 return NULL; 221 type = cur->nd_opt_type; 222 do { 223 cur = ((void *)cur) + (cur->nd_opt_len << 3); 224 } while(cur < end && cur->nd_opt_type != type); 225 return (cur <= end && cur->nd_opt_type == type ? cur : NULL); 226 } 227 228 static struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len, 229 struct ndisc_options *ndopts) 230 { 231 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt; 232 233 if (!nd_opt || opt_len < 0 || !ndopts) 234 return NULL; 235 memset(ndopts, 0, sizeof(*ndopts)); 236 while (opt_len) { 237 int l; 238 if (opt_len < sizeof(struct nd_opt_hdr)) 239 return NULL; 240 l = nd_opt->nd_opt_len << 3; 241 if (opt_len < l || l == 0) 242 return NULL; 243 switch (nd_opt->nd_opt_type) { 244 case ND_OPT_SOURCE_LL_ADDR: 245 case ND_OPT_TARGET_LL_ADDR: 246 case ND_OPT_MTU: 247 case ND_OPT_REDIRECT_HDR: 248 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) { 249 ND_PRINTK2(KERN_WARNING 250 "%s(): duplicated ND6 option found: type=%d\n", 251 __FUNCTION__, 252 nd_opt->nd_opt_type); 253 } else { 254 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 255 } 256 break; 257 case ND_OPT_PREFIX_INFO: 258 ndopts->nd_opts_pi_end = nd_opt; 259 if (ndopts->nd_opt_array[nd_opt->nd_opt_type] == 0) 260 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 261 break; 262 #ifdef CONFIG_IPV6_ROUTE_INFO 263 case ND_OPT_ROUTE_INFO: 264 ndopts->nd_opts_ri_end = nd_opt; 265 if (!ndopts->nd_opts_ri) 266 ndopts->nd_opts_ri = nd_opt; 267 break; 268 #endif 269 default: 270 /* 271 * Unknown options must be silently ignored, 272 * to accommodate future extension to the protocol. 273 */ 274 ND_PRINTK2(KERN_NOTICE 275 "%s(): ignored unsupported option; type=%d, len=%d\n", 276 __FUNCTION__, 277 nd_opt->nd_opt_type, nd_opt->nd_opt_len); 278 } 279 opt_len -= l; 280 nd_opt = ((void *)nd_opt) + l; 281 } 282 return ndopts; 283 } 284 285 static inline u8 *ndisc_opt_addr_data(struct nd_opt_hdr *p, 286 struct net_device *dev) 287 { 288 u8 *lladdr = (u8 *)(p + 1); 289 int lladdrlen = p->nd_opt_len << 3; 290 int prepad = ndisc_addr_option_pad(dev->type); 291 if (lladdrlen != NDISC_OPT_SPACE(dev->addr_len + prepad)) 292 return NULL; 293 return (lladdr + prepad); 294 } 295 296 int ndisc_mc_map(struct in6_addr *addr, char *buf, struct net_device *dev, int dir) 297 { 298 switch (dev->type) { 299 case ARPHRD_ETHER: 300 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */ 301 case ARPHRD_FDDI: 302 ipv6_eth_mc_map(addr, buf); 303 return 0; 304 case ARPHRD_IEEE802_TR: 305 ipv6_tr_mc_map(addr,buf); 306 return 0; 307 case ARPHRD_ARCNET: 308 ipv6_arcnet_mc_map(addr, buf); 309 return 0; 310 case ARPHRD_INFINIBAND: 311 ipv6_ib_mc_map(addr, buf); 312 return 0; 313 default: 314 if (dir) { 315 memcpy(buf, dev->broadcast, dev->addr_len); 316 return 0; 317 } 318 } 319 return -EINVAL; 320 } 321 322 static u32 ndisc_hash(const void *pkey, const struct net_device *dev) 323 { 324 const u32 *p32 = pkey; 325 u32 addr_hash, i; 326 327 addr_hash = 0; 328 for (i = 0; i < (sizeof(struct in6_addr) / sizeof(u32)); i++) 329 addr_hash ^= *p32++; 330 331 return jhash_2words(addr_hash, dev->ifindex, nd_tbl.hash_rnd); 332 } 333 334 static int ndisc_constructor(struct neighbour *neigh) 335 { 336 struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key; 337 struct net_device *dev = neigh->dev; 338 struct inet6_dev *in6_dev; 339 struct neigh_parms *parms; 340 int is_multicast = ipv6_addr_is_multicast(addr); 341 342 rcu_read_lock(); 343 in6_dev = in6_dev_get(dev); 344 if (in6_dev == NULL) { 345 rcu_read_unlock(); 346 return -EINVAL; 347 } 348 349 parms = in6_dev->nd_parms; 350 __neigh_parms_put(neigh->parms); 351 neigh->parms = neigh_parms_clone(parms); 352 rcu_read_unlock(); 353 354 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST; 355 if (dev->hard_header == NULL) { 356 neigh->nud_state = NUD_NOARP; 357 neigh->ops = &ndisc_direct_ops; 358 neigh->output = neigh->ops->queue_xmit; 359 } else { 360 if (is_multicast) { 361 neigh->nud_state = NUD_NOARP; 362 ndisc_mc_map(addr, neigh->ha, dev, 1); 363 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) { 364 neigh->nud_state = NUD_NOARP; 365 memcpy(neigh->ha, dev->dev_addr, dev->addr_len); 366 if (dev->flags&IFF_LOOPBACK) 367 neigh->type = RTN_LOCAL; 368 } else if (dev->flags&IFF_POINTOPOINT) { 369 neigh->nud_state = NUD_NOARP; 370 memcpy(neigh->ha, dev->broadcast, dev->addr_len); 371 } 372 if (dev->hard_header_cache) 373 neigh->ops = &ndisc_hh_ops; 374 else 375 neigh->ops = &ndisc_generic_ops; 376 if (neigh->nud_state&NUD_VALID) 377 neigh->output = neigh->ops->connected_output; 378 else 379 neigh->output = neigh->ops->output; 380 } 381 in6_dev_put(in6_dev); 382 return 0; 383 } 384 385 static int pndisc_constructor(struct pneigh_entry *n) 386 { 387 struct in6_addr *addr = (struct in6_addr*)&n->key; 388 struct in6_addr maddr; 389 struct net_device *dev = n->dev; 390 391 if (dev == NULL || __in6_dev_get(dev) == NULL) 392 return -EINVAL; 393 addrconf_addr_solict_mult(addr, &maddr); 394 ipv6_dev_mc_inc(dev, &maddr); 395 return 0; 396 } 397 398 static void pndisc_destructor(struct pneigh_entry *n) 399 { 400 struct in6_addr *addr = (struct in6_addr*)&n->key; 401 struct in6_addr maddr; 402 struct net_device *dev = n->dev; 403 404 if (dev == NULL || __in6_dev_get(dev) == NULL) 405 return; 406 addrconf_addr_solict_mult(addr, &maddr); 407 ipv6_dev_mc_dec(dev, &maddr); 408 } 409 410 /* 411 * Send a Neighbour Advertisement 412 */ 413 414 static inline void ndisc_flow_init(struct flowi *fl, u8 type, 415 struct in6_addr *saddr, struct in6_addr *daddr) 416 { 417 memset(fl, 0, sizeof(*fl)); 418 ipv6_addr_copy(&fl->fl6_src, saddr); 419 ipv6_addr_copy(&fl->fl6_dst, daddr); 420 fl->proto = IPPROTO_ICMPV6; 421 fl->fl_icmp_type = type; 422 fl->fl_icmp_code = 0; 423 } 424 425 static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh, 426 struct in6_addr *daddr, struct in6_addr *solicited_addr, 427 int router, int solicited, int override, int inc_opt) 428 { 429 struct in6_addr tmpaddr; 430 struct inet6_ifaddr *ifp; 431 struct inet6_dev *idev; 432 struct flowi fl; 433 struct dst_entry* dst; 434 struct sock *sk = ndisc_socket->sk; 435 struct in6_addr *src_addr; 436 struct nd_msg *msg; 437 int len; 438 struct sk_buff *skb; 439 int err; 440 441 len = sizeof(struct icmp6hdr) + sizeof(struct in6_addr); 442 443 /* for anycast or proxy, solicited_addr != src_addr */ 444 ifp = ipv6_get_ifaddr(solicited_addr, dev, 1); 445 if (ifp) { 446 src_addr = solicited_addr; 447 in6_ifa_put(ifp); 448 } else { 449 if (ipv6_dev_get_saddr(dev, daddr, &tmpaddr)) 450 return; 451 src_addr = &tmpaddr; 452 } 453 454 ndisc_flow_init(&fl, NDISC_NEIGHBOUR_ADVERTISEMENT, src_addr, daddr); 455 456 dst = ndisc_dst_alloc(dev, neigh, daddr, ip6_output); 457 if (!dst) 458 return; 459 460 err = xfrm_lookup(&dst, &fl, NULL, 0); 461 if (err < 0) 462 return; 463 464 if (inc_opt) { 465 if (dev->addr_len) 466 len += ndisc_opt_addr_space(dev); 467 else 468 inc_opt = 0; 469 } 470 471 skb = sock_alloc_send_skb(sk, MAX_HEADER + len + LL_RESERVED_SPACE(dev), 472 1, &err); 473 474 if (skb == NULL) { 475 ND_PRINTK0(KERN_ERR 476 "ICMPv6 NA: %s() failed to allocate an skb.\n", 477 __FUNCTION__); 478 dst_release(dst); 479 return; 480 } 481 482 skb_reserve(skb, LL_RESERVED_SPACE(dev)); 483 ip6_nd_hdr(sk, skb, dev, src_addr, daddr, IPPROTO_ICMPV6, len); 484 485 msg = (struct nd_msg *)skb_put(skb, len); 486 skb->h.raw = (unsigned char*)msg; 487 488 msg->icmph.icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT; 489 msg->icmph.icmp6_code = 0; 490 msg->icmph.icmp6_cksum = 0; 491 492 msg->icmph.icmp6_unused = 0; 493 msg->icmph.icmp6_router = router; 494 msg->icmph.icmp6_solicited = solicited; 495 msg->icmph.icmp6_override = !!override; 496 497 /* Set the target address. */ 498 ipv6_addr_copy(&msg->target, solicited_addr); 499 500 if (inc_opt) 501 ndisc_fill_addr_option(msg->opt, ND_OPT_TARGET_LL_ADDR, dev->dev_addr, 502 dev->addr_len, dev->type); 503 504 /* checksum */ 505 msg->icmph.icmp6_cksum = csum_ipv6_magic(src_addr, daddr, len, 506 IPPROTO_ICMPV6, 507 csum_partial((__u8 *) msg, 508 len, 0)); 509 510 skb->dst = dst; 511 idev = in6_dev_get(dst->dev); 512 IP6_INC_STATS(IPSTATS_MIB_OUTREQUESTS); 513 err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, dst_output); 514 if (!err) { 515 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTNEIGHBORADVERTISEMENTS); 516 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS); 517 } 518 519 if (likely(idev != NULL)) 520 in6_dev_put(idev); 521 } 522 523 void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh, 524 struct in6_addr *solicit, 525 struct in6_addr *daddr, struct in6_addr *saddr) 526 { 527 struct flowi fl; 528 struct dst_entry* dst; 529 struct inet6_dev *idev; 530 struct sock *sk = ndisc_socket->sk; 531 struct sk_buff *skb; 532 struct nd_msg *msg; 533 struct in6_addr addr_buf; 534 int len; 535 int err; 536 int send_llinfo; 537 538 if (saddr == NULL) { 539 if (ipv6_get_lladdr(dev, &addr_buf)) 540 return; 541 saddr = &addr_buf; 542 } 543 544 ndisc_flow_init(&fl, NDISC_NEIGHBOUR_SOLICITATION, saddr, daddr); 545 546 dst = ndisc_dst_alloc(dev, neigh, daddr, ip6_output); 547 if (!dst) 548 return; 549 550 err = xfrm_lookup(&dst, &fl, NULL, 0); 551 if (err < 0) 552 return; 553 554 len = sizeof(struct icmp6hdr) + sizeof(struct in6_addr); 555 send_llinfo = dev->addr_len && !ipv6_addr_any(saddr); 556 if (send_llinfo) 557 len += ndisc_opt_addr_space(dev); 558 559 skb = sock_alloc_send_skb(sk, MAX_HEADER + len + LL_RESERVED_SPACE(dev), 560 1, &err); 561 if (skb == NULL) { 562 ND_PRINTK0(KERN_ERR 563 "ICMPv6 NA: %s() failed to allocate an skb.\n", 564 __FUNCTION__); 565 dst_release(dst); 566 return; 567 } 568 569 skb_reserve(skb, LL_RESERVED_SPACE(dev)); 570 ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len); 571 572 msg = (struct nd_msg *)skb_put(skb, len); 573 skb->h.raw = (unsigned char*)msg; 574 msg->icmph.icmp6_type = NDISC_NEIGHBOUR_SOLICITATION; 575 msg->icmph.icmp6_code = 0; 576 msg->icmph.icmp6_cksum = 0; 577 msg->icmph.icmp6_unused = 0; 578 579 /* Set the target address. */ 580 ipv6_addr_copy(&msg->target, solicit); 581 582 if (send_llinfo) 583 ndisc_fill_addr_option(msg->opt, ND_OPT_SOURCE_LL_ADDR, dev->dev_addr, 584 dev->addr_len, dev->type); 585 586 /* checksum */ 587 msg->icmph.icmp6_cksum = csum_ipv6_magic(&skb->nh.ipv6h->saddr, 588 daddr, len, 589 IPPROTO_ICMPV6, 590 csum_partial((__u8 *) msg, 591 len, 0)); 592 /* send it! */ 593 skb->dst = dst; 594 idev = in6_dev_get(dst->dev); 595 IP6_INC_STATS(IPSTATS_MIB_OUTREQUESTS); 596 err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, dst_output); 597 if (!err) { 598 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTNEIGHBORSOLICITS); 599 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS); 600 } 601 602 if (likely(idev != NULL)) 603 in6_dev_put(idev); 604 } 605 606 void ndisc_send_rs(struct net_device *dev, struct in6_addr *saddr, 607 struct in6_addr *daddr) 608 { 609 struct flowi fl; 610 struct dst_entry* dst; 611 struct inet6_dev *idev; 612 struct sock *sk = ndisc_socket->sk; 613 struct sk_buff *skb; 614 struct icmp6hdr *hdr; 615 __u8 * opt; 616 int len; 617 int err; 618 619 ndisc_flow_init(&fl, NDISC_ROUTER_SOLICITATION, saddr, daddr); 620 621 dst = ndisc_dst_alloc(dev, NULL, daddr, ip6_output); 622 if (!dst) 623 return; 624 625 err = xfrm_lookup(&dst, &fl, NULL, 0); 626 if (err < 0) 627 return; 628 629 len = sizeof(struct icmp6hdr); 630 if (dev->addr_len) 631 len += ndisc_opt_addr_space(dev); 632 633 skb = sock_alloc_send_skb(sk, MAX_HEADER + len + LL_RESERVED_SPACE(dev), 634 1, &err); 635 if (skb == NULL) { 636 ND_PRINTK0(KERN_ERR 637 "ICMPv6 RS: %s() failed to allocate an skb.\n", 638 __FUNCTION__); 639 dst_release(dst); 640 return; 641 } 642 643 skb_reserve(skb, LL_RESERVED_SPACE(dev)); 644 ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len); 645 646 hdr = (struct icmp6hdr *)skb_put(skb, len); 647 skb->h.raw = (unsigned char*)hdr; 648 hdr->icmp6_type = NDISC_ROUTER_SOLICITATION; 649 hdr->icmp6_code = 0; 650 hdr->icmp6_cksum = 0; 651 hdr->icmp6_unused = 0; 652 653 opt = (u8*) (hdr + 1); 654 655 if (dev->addr_len) 656 ndisc_fill_addr_option(opt, ND_OPT_SOURCE_LL_ADDR, dev->dev_addr, 657 dev->addr_len, dev->type); 658 659 /* checksum */ 660 hdr->icmp6_cksum = csum_ipv6_magic(&skb->nh.ipv6h->saddr, daddr, len, 661 IPPROTO_ICMPV6, 662 csum_partial((__u8 *) hdr, len, 0)); 663 664 /* send it! */ 665 skb->dst = dst; 666 idev = in6_dev_get(dst->dev); 667 IP6_INC_STATS(IPSTATS_MIB_OUTREQUESTS); 668 err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, dst_output); 669 if (!err) { 670 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTROUTERSOLICITS); 671 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS); 672 } 673 674 if (likely(idev != NULL)) 675 in6_dev_put(idev); 676 } 677 678 679 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb) 680 { 681 /* 682 * "The sender MUST return an ICMP 683 * destination unreachable" 684 */ 685 dst_link_failure(skb); 686 kfree_skb(skb); 687 } 688 689 /* Called with locked neigh: either read or both */ 690 691 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb) 692 { 693 struct in6_addr *saddr = NULL; 694 struct in6_addr mcaddr; 695 struct net_device *dev = neigh->dev; 696 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key; 697 int probes = atomic_read(&neigh->probes); 698 699 if (skb && ipv6_chk_addr(&skb->nh.ipv6h->saddr, dev, 1)) 700 saddr = &skb->nh.ipv6h->saddr; 701 702 if ((probes -= neigh->parms->ucast_probes) < 0) { 703 if (!(neigh->nud_state & NUD_VALID)) { 704 ND_PRINTK1(KERN_DEBUG 705 "%s(): trying to ucast probe in NUD_INVALID: " 706 NIP6_FMT "\n", 707 __FUNCTION__, 708 NIP6(*target)); 709 } 710 ndisc_send_ns(dev, neigh, target, target, saddr); 711 } else if ((probes -= neigh->parms->app_probes) < 0) { 712 #ifdef CONFIG_ARPD 713 neigh_app_ns(neigh); 714 #endif 715 } else { 716 addrconf_addr_solict_mult(target, &mcaddr); 717 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr); 718 } 719 } 720 721 static void ndisc_recv_ns(struct sk_buff *skb) 722 { 723 struct nd_msg *msg = (struct nd_msg *)skb->h.raw; 724 struct in6_addr *saddr = &skb->nh.ipv6h->saddr; 725 struct in6_addr *daddr = &skb->nh.ipv6h->daddr; 726 u8 *lladdr = NULL; 727 u32 ndoptlen = skb->tail - msg->opt; 728 struct ndisc_options ndopts; 729 struct net_device *dev = skb->dev; 730 struct inet6_ifaddr *ifp; 731 struct inet6_dev *idev = NULL; 732 struct neighbour *neigh; 733 int dad = ipv6_addr_any(saddr); 734 int inc; 735 736 if (ipv6_addr_is_multicast(&msg->target)) { 737 ND_PRINTK2(KERN_WARNING 738 "ICMPv6 NS: multicast target address"); 739 return; 740 } 741 742 /* 743 * RFC2461 7.1.1: 744 * DAD has to be destined for solicited node multicast address. 745 */ 746 if (dad && 747 !(daddr->s6_addr32[0] == htonl(0xff020000) && 748 daddr->s6_addr32[1] == htonl(0x00000000) && 749 daddr->s6_addr32[2] == htonl(0x00000001) && 750 daddr->s6_addr [12] == 0xff )) { 751 ND_PRINTK2(KERN_WARNING 752 "ICMPv6 NS: bad DAD packet (wrong destination)\n"); 753 return; 754 } 755 756 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) { 757 ND_PRINTK2(KERN_WARNING 758 "ICMPv6 NS: invalid ND options\n"); 759 return; 760 } 761 762 if (ndopts.nd_opts_src_lladdr) { 763 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev); 764 if (!lladdr) { 765 ND_PRINTK2(KERN_WARNING 766 "ICMPv6 NS: invalid link-layer address length\n"); 767 return; 768 } 769 770 /* RFC2461 7.1.1: 771 * If the IP source address is the unspecified address, 772 * there MUST NOT be source link-layer address option 773 * in the message. 774 */ 775 if (dad) { 776 ND_PRINTK2(KERN_WARNING 777 "ICMPv6 NS: bad DAD packet (link-layer address option)\n"); 778 return; 779 } 780 } 781 782 inc = ipv6_addr_is_multicast(daddr); 783 784 if ((ifp = ipv6_get_ifaddr(&msg->target, dev, 1)) != NULL) { 785 if (ifp->flags & IFA_F_TENTATIVE) { 786 /* Address is tentative. If the source 787 is unspecified address, it is someone 788 does DAD, otherwise we ignore solicitations 789 until DAD timer expires. 790 */ 791 if (!dad) 792 goto out; 793 if (dev->type == ARPHRD_IEEE802_TR) { 794 unsigned char *sadr = skb->mac.raw; 795 if (((sadr[8] ^ dev->dev_addr[0]) & 0x7f) == 0 && 796 sadr[9] == dev->dev_addr[1] && 797 sadr[10] == dev->dev_addr[2] && 798 sadr[11] == dev->dev_addr[3] && 799 sadr[12] == dev->dev_addr[4] && 800 sadr[13] == dev->dev_addr[5]) { 801 /* looped-back to us */ 802 goto out; 803 } 804 } 805 addrconf_dad_failure(ifp); 806 return; 807 } 808 809 idev = ifp->idev; 810 } else { 811 idev = in6_dev_get(dev); 812 if (!idev) { 813 /* XXX: count this drop? */ 814 return; 815 } 816 817 if (ipv6_chk_acast_addr(dev, &msg->target) || 818 (idev->cnf.forwarding && 819 pneigh_lookup(&nd_tbl, &msg->target, dev, 0))) { 820 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) && 821 skb->pkt_type != PACKET_HOST && 822 inc != 0 && 823 idev->nd_parms->proxy_delay != 0) { 824 /* 825 * for anycast or proxy, 826 * sender should delay its response 827 * by a random time between 0 and 828 * MAX_ANYCAST_DELAY_TIME seconds. 829 * (RFC2461) -- yoshfuji 830 */ 831 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC); 832 if (n) 833 pneigh_enqueue(&nd_tbl, idev->nd_parms, n); 834 goto out; 835 } 836 } else 837 goto out; 838 } 839 840 if (dad) { 841 struct in6_addr maddr; 842 843 ipv6_addr_all_nodes(&maddr); 844 ndisc_send_na(dev, NULL, &maddr, &msg->target, 845 idev->cnf.forwarding, 0, (ifp != NULL), 1); 846 goto out; 847 } 848 849 if (inc) 850 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast); 851 else 852 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast); 853 854 /* 855 * update / create cache entry 856 * for the source address 857 */ 858 neigh = __neigh_lookup(&nd_tbl, saddr, dev, 859 !inc || lladdr || !dev->addr_len); 860 if (neigh) 861 neigh_update(neigh, lladdr, NUD_STALE, 862 NEIGH_UPDATE_F_WEAK_OVERRIDE| 863 NEIGH_UPDATE_F_OVERRIDE); 864 if (neigh || !dev->hard_header) { 865 ndisc_send_na(dev, neigh, saddr, &msg->target, 866 idev->cnf.forwarding, 867 1, (ifp != NULL && inc), inc); 868 if (neigh) 869 neigh_release(neigh); 870 } 871 872 out: 873 if (ifp) 874 in6_ifa_put(ifp); 875 else 876 in6_dev_put(idev); 877 878 return; 879 } 880 881 static void ndisc_recv_na(struct sk_buff *skb) 882 { 883 struct nd_msg *msg = (struct nd_msg *)skb->h.raw; 884 struct in6_addr *saddr = &skb->nh.ipv6h->saddr; 885 struct in6_addr *daddr = &skb->nh.ipv6h->daddr; 886 u8 *lladdr = NULL; 887 u32 ndoptlen = skb->tail - msg->opt; 888 struct ndisc_options ndopts; 889 struct net_device *dev = skb->dev; 890 struct inet6_ifaddr *ifp; 891 struct neighbour *neigh; 892 893 if (skb->len < sizeof(struct nd_msg)) { 894 ND_PRINTK2(KERN_WARNING 895 "ICMPv6 NA: packet too short\n"); 896 return; 897 } 898 899 if (ipv6_addr_is_multicast(&msg->target)) { 900 ND_PRINTK2(KERN_WARNING 901 "ICMPv6 NA: target address is multicast.\n"); 902 return; 903 } 904 905 if (ipv6_addr_is_multicast(daddr) && 906 msg->icmph.icmp6_solicited) { 907 ND_PRINTK2(KERN_WARNING 908 "ICMPv6 NA: solicited NA is multicasted.\n"); 909 return; 910 } 911 912 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) { 913 ND_PRINTK2(KERN_WARNING 914 "ICMPv6 NS: invalid ND option\n"); 915 return; 916 } 917 if (ndopts.nd_opts_tgt_lladdr) { 918 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev); 919 if (!lladdr) { 920 ND_PRINTK2(KERN_WARNING 921 "ICMPv6 NA: invalid link-layer address length\n"); 922 return; 923 } 924 } 925 if ((ifp = ipv6_get_ifaddr(&msg->target, dev, 1))) { 926 if (ifp->flags & IFA_F_TENTATIVE) { 927 addrconf_dad_failure(ifp); 928 return; 929 } 930 /* What should we make now? The advertisement 931 is invalid, but ndisc specs say nothing 932 about it. It could be misconfiguration, or 933 an smart proxy agent tries to help us :-) 934 */ 935 ND_PRINTK1(KERN_WARNING 936 "ICMPv6 NA: someone advertises our address on %s!\n", 937 ifp->idev->dev->name); 938 in6_ifa_put(ifp); 939 return; 940 } 941 neigh = neigh_lookup(&nd_tbl, &msg->target, dev); 942 943 if (neigh) { 944 u8 old_flags = neigh->flags; 945 946 if (neigh->nud_state & NUD_FAILED) 947 goto out; 948 949 neigh_update(neigh, lladdr, 950 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE, 951 NEIGH_UPDATE_F_WEAK_OVERRIDE| 952 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)| 953 NEIGH_UPDATE_F_OVERRIDE_ISROUTER| 954 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0)); 955 956 if ((old_flags & ~neigh->flags) & NTF_ROUTER) { 957 /* 958 * Change: router to host 959 */ 960 struct rt6_info *rt; 961 rt = rt6_get_dflt_router(saddr, dev); 962 if (rt) 963 ip6_del_rt(rt, NULL, NULL, NULL); 964 } 965 966 out: 967 neigh_release(neigh); 968 } 969 } 970 971 static void ndisc_recv_rs(struct sk_buff *skb) 972 { 973 struct rs_msg *rs_msg = (struct rs_msg *) skb->h.raw; 974 unsigned long ndoptlen = skb->len - sizeof(*rs_msg); 975 struct neighbour *neigh; 976 struct inet6_dev *idev; 977 struct in6_addr *saddr = &skb->nh.ipv6h->saddr; 978 struct ndisc_options ndopts; 979 u8 *lladdr = NULL; 980 981 if (skb->len < sizeof(*rs_msg)) 982 return; 983 984 idev = in6_dev_get(skb->dev); 985 if (!idev) { 986 if (net_ratelimit()) 987 ND_PRINTK1("ICMP6 RS: can't find in6 device\n"); 988 return; 989 } 990 991 /* Don't accept RS if we're not in router mode */ 992 if (!idev->cnf.forwarding) 993 goto out; 994 995 /* 996 * Don't update NCE if src = ::; 997 * this implies that the source node has no ip address assigned yet. 998 */ 999 if (ipv6_addr_any(saddr)) 1000 goto out; 1001 1002 /* Parse ND options */ 1003 if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) { 1004 if (net_ratelimit()) 1005 ND_PRINTK2("ICMP6 NS: invalid ND option, ignored\n"); 1006 goto out; 1007 } 1008 1009 if (ndopts.nd_opts_src_lladdr) { 1010 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, 1011 skb->dev); 1012 if (!lladdr) 1013 goto out; 1014 } 1015 1016 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1); 1017 if (neigh) { 1018 neigh_update(neigh, lladdr, NUD_STALE, 1019 NEIGH_UPDATE_F_WEAK_OVERRIDE| 1020 NEIGH_UPDATE_F_OVERRIDE| 1021 NEIGH_UPDATE_F_OVERRIDE_ISROUTER); 1022 neigh_release(neigh); 1023 } 1024 out: 1025 in6_dev_put(idev); 1026 } 1027 1028 static void ndisc_router_discovery(struct sk_buff *skb) 1029 { 1030 struct ra_msg *ra_msg = (struct ra_msg *) skb->h.raw; 1031 struct neighbour *neigh = NULL; 1032 struct inet6_dev *in6_dev; 1033 struct rt6_info *rt = NULL; 1034 int lifetime; 1035 struct ndisc_options ndopts; 1036 int optlen; 1037 unsigned int pref = 0; 1038 1039 __u8 * opt = (__u8 *)(ra_msg + 1); 1040 1041 optlen = (skb->tail - skb->h.raw) - sizeof(struct ra_msg); 1042 1043 if (!(ipv6_addr_type(&skb->nh.ipv6h->saddr) & IPV6_ADDR_LINKLOCAL)) { 1044 ND_PRINTK2(KERN_WARNING 1045 "ICMPv6 RA: source address is not link-local.\n"); 1046 return; 1047 } 1048 if (optlen < 0) { 1049 ND_PRINTK2(KERN_WARNING 1050 "ICMPv6 RA: packet too short\n"); 1051 return; 1052 } 1053 1054 /* 1055 * set the RA_RECV flag in the interface 1056 */ 1057 1058 in6_dev = in6_dev_get(skb->dev); 1059 if (in6_dev == NULL) { 1060 ND_PRINTK0(KERN_ERR 1061 "ICMPv6 RA: can't find inet6 device for %s.\n", 1062 skb->dev->name); 1063 return; 1064 } 1065 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_ra) { 1066 in6_dev_put(in6_dev); 1067 return; 1068 } 1069 1070 if (!ndisc_parse_options(opt, optlen, &ndopts)) { 1071 in6_dev_put(in6_dev); 1072 ND_PRINTK2(KERN_WARNING 1073 "ICMP6 RA: invalid ND options\n"); 1074 return; 1075 } 1076 1077 if (in6_dev->if_flags & IF_RS_SENT) { 1078 /* 1079 * flag that an RA was received after an RS was sent 1080 * out on this interface. 1081 */ 1082 in6_dev->if_flags |= IF_RA_RCVD; 1083 } 1084 1085 /* 1086 * Remember the managed/otherconf flags from most recently 1087 * received RA message (RFC 2462) -- yoshfuji 1088 */ 1089 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED | 1090 IF_RA_OTHERCONF)) | 1091 (ra_msg->icmph.icmp6_addrconf_managed ? 1092 IF_RA_MANAGED : 0) | 1093 (ra_msg->icmph.icmp6_addrconf_other ? 1094 IF_RA_OTHERCONF : 0); 1095 1096 if (!in6_dev->cnf.accept_ra_defrtr) 1097 goto skip_defrtr; 1098 1099 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime); 1100 1101 #ifdef CONFIG_IPV6_ROUTER_PREF 1102 pref = ra_msg->icmph.icmp6_router_pref; 1103 /* 10b is handled as if it were 00b (medium) */ 1104 if (pref == ICMPV6_ROUTER_PREF_INVALID || 1105 in6_dev->cnf.accept_ra_rtr_pref) 1106 pref = ICMPV6_ROUTER_PREF_MEDIUM; 1107 #endif 1108 1109 rt = rt6_get_dflt_router(&skb->nh.ipv6h->saddr, skb->dev); 1110 1111 if (rt) 1112 neigh = rt->rt6i_nexthop; 1113 1114 if (rt && lifetime == 0) { 1115 neigh_clone(neigh); 1116 ip6_del_rt(rt, NULL, NULL, NULL); 1117 rt = NULL; 1118 } 1119 1120 if (rt == NULL && lifetime) { 1121 ND_PRINTK3(KERN_DEBUG 1122 "ICMPv6 RA: adding default router.\n"); 1123 1124 rt = rt6_add_dflt_router(&skb->nh.ipv6h->saddr, skb->dev, pref); 1125 if (rt == NULL) { 1126 ND_PRINTK0(KERN_ERR 1127 "ICMPv6 RA: %s() failed to add default route.\n", 1128 __FUNCTION__); 1129 in6_dev_put(in6_dev); 1130 return; 1131 } 1132 1133 neigh = rt->rt6i_nexthop; 1134 if (neigh == NULL) { 1135 ND_PRINTK0(KERN_ERR 1136 "ICMPv6 RA: %s() got default router without neighbour.\n", 1137 __FUNCTION__); 1138 dst_release(&rt->u.dst); 1139 in6_dev_put(in6_dev); 1140 return; 1141 } 1142 neigh->flags |= NTF_ROUTER; 1143 } else if (rt) { 1144 rt->rt6i_flags |= (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref); 1145 } 1146 1147 if (rt) 1148 rt->rt6i_expires = jiffies + (HZ * lifetime); 1149 1150 if (ra_msg->icmph.icmp6_hop_limit) { 1151 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit; 1152 if (rt) 1153 rt->u.dst.metrics[RTAX_HOPLIMIT-1] = ra_msg->icmph.icmp6_hop_limit; 1154 } 1155 1156 skip_defrtr: 1157 1158 /* 1159 * Update Reachable Time and Retrans Timer 1160 */ 1161 1162 if (in6_dev->nd_parms) { 1163 unsigned long rtime = ntohl(ra_msg->retrans_timer); 1164 1165 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) { 1166 rtime = (rtime*HZ)/1000; 1167 if (rtime < HZ/10) 1168 rtime = HZ/10; 1169 in6_dev->nd_parms->retrans_time = rtime; 1170 in6_dev->tstamp = jiffies; 1171 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev); 1172 } 1173 1174 rtime = ntohl(ra_msg->reachable_time); 1175 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) { 1176 rtime = (rtime*HZ)/1000; 1177 1178 if (rtime < HZ/10) 1179 rtime = HZ/10; 1180 1181 if (rtime != in6_dev->nd_parms->base_reachable_time) { 1182 in6_dev->nd_parms->base_reachable_time = rtime; 1183 in6_dev->nd_parms->gc_staletime = 3 * rtime; 1184 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime); 1185 in6_dev->tstamp = jiffies; 1186 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev); 1187 } 1188 } 1189 } 1190 1191 /* 1192 * Process options. 1193 */ 1194 1195 if (!neigh) 1196 neigh = __neigh_lookup(&nd_tbl, &skb->nh.ipv6h->saddr, 1197 skb->dev, 1); 1198 if (neigh) { 1199 u8 *lladdr = NULL; 1200 if (ndopts.nd_opts_src_lladdr) { 1201 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, 1202 skb->dev); 1203 if (!lladdr) { 1204 ND_PRINTK2(KERN_WARNING 1205 "ICMPv6 RA: invalid link-layer address length\n"); 1206 goto out; 1207 } 1208 } 1209 neigh_update(neigh, lladdr, NUD_STALE, 1210 NEIGH_UPDATE_F_WEAK_OVERRIDE| 1211 NEIGH_UPDATE_F_OVERRIDE| 1212 NEIGH_UPDATE_F_OVERRIDE_ISROUTER| 1213 NEIGH_UPDATE_F_ISROUTER); 1214 } 1215 1216 #ifdef CONFIG_IPV6_ROUTE_INFO 1217 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) { 1218 struct nd_opt_hdr *p; 1219 for (p = ndopts.nd_opts_ri; 1220 p; 1221 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) { 1222 if (((struct route_info *)p)->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen) 1223 continue; 1224 rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3, 1225 &skb->nh.ipv6h->saddr); 1226 } 1227 } 1228 #endif 1229 1230 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) { 1231 struct nd_opt_hdr *p; 1232 for (p = ndopts.nd_opts_pi; 1233 p; 1234 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) { 1235 addrconf_prefix_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3); 1236 } 1237 } 1238 1239 if (ndopts.nd_opts_mtu) { 1240 u32 mtu; 1241 1242 memcpy(&mtu, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu)); 1243 mtu = ntohl(mtu); 1244 1245 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) { 1246 ND_PRINTK2(KERN_WARNING 1247 "ICMPv6 RA: invalid mtu: %d\n", 1248 mtu); 1249 } else if (in6_dev->cnf.mtu6 != mtu) { 1250 in6_dev->cnf.mtu6 = mtu; 1251 1252 if (rt) 1253 rt->u.dst.metrics[RTAX_MTU-1] = mtu; 1254 1255 rt6_mtu_change(skb->dev, mtu); 1256 } 1257 } 1258 1259 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) { 1260 ND_PRINTK2(KERN_WARNING 1261 "ICMPv6 RA: invalid RA options"); 1262 } 1263 out: 1264 if (rt) 1265 dst_release(&rt->u.dst); 1266 else if (neigh) 1267 neigh_release(neigh); 1268 in6_dev_put(in6_dev); 1269 } 1270 1271 static void ndisc_redirect_rcv(struct sk_buff *skb) 1272 { 1273 struct inet6_dev *in6_dev; 1274 struct icmp6hdr *icmph; 1275 struct in6_addr *dest; 1276 struct in6_addr *target; /* new first hop to destination */ 1277 struct neighbour *neigh; 1278 int on_link = 0; 1279 struct ndisc_options ndopts; 1280 int optlen; 1281 u8 *lladdr = NULL; 1282 1283 if (!(ipv6_addr_type(&skb->nh.ipv6h->saddr) & IPV6_ADDR_LINKLOCAL)) { 1284 ND_PRINTK2(KERN_WARNING 1285 "ICMPv6 Redirect: source address is not link-local.\n"); 1286 return; 1287 } 1288 1289 optlen = skb->tail - skb->h.raw; 1290 optlen -= sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr); 1291 1292 if (optlen < 0) { 1293 ND_PRINTK2(KERN_WARNING 1294 "ICMPv6 Redirect: packet too short\n"); 1295 return; 1296 } 1297 1298 icmph = (struct icmp6hdr *) skb->h.raw; 1299 target = (struct in6_addr *) (icmph + 1); 1300 dest = target + 1; 1301 1302 if (ipv6_addr_is_multicast(dest)) { 1303 ND_PRINTK2(KERN_WARNING 1304 "ICMPv6 Redirect: destination address is multicast.\n"); 1305 return; 1306 } 1307 1308 if (ipv6_addr_equal(dest, target)) { 1309 on_link = 1; 1310 } else if (!(ipv6_addr_type(target) & IPV6_ADDR_LINKLOCAL)) { 1311 ND_PRINTK2(KERN_WARNING 1312 "ICMPv6 Redirect: target address is not link-local.\n"); 1313 return; 1314 } 1315 1316 in6_dev = in6_dev_get(skb->dev); 1317 if (!in6_dev) 1318 return; 1319 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects) { 1320 in6_dev_put(in6_dev); 1321 return; 1322 } 1323 1324 /* RFC2461 8.1: 1325 * The IP source address of the Redirect MUST be the same as the current 1326 * first-hop router for the specified ICMP Destination Address. 1327 */ 1328 1329 if (!ndisc_parse_options((u8*)(dest + 1), optlen, &ndopts)) { 1330 ND_PRINTK2(KERN_WARNING 1331 "ICMPv6 Redirect: invalid ND options\n"); 1332 in6_dev_put(in6_dev); 1333 return; 1334 } 1335 if (ndopts.nd_opts_tgt_lladdr) { 1336 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, 1337 skb->dev); 1338 if (!lladdr) { 1339 ND_PRINTK2(KERN_WARNING 1340 "ICMPv6 Redirect: invalid link-layer address length\n"); 1341 in6_dev_put(in6_dev); 1342 return; 1343 } 1344 } 1345 1346 neigh = __neigh_lookup(&nd_tbl, target, skb->dev, 1); 1347 if (neigh) { 1348 rt6_redirect(dest, &skb->nh.ipv6h->saddr, neigh, lladdr, 1349 on_link); 1350 neigh_release(neigh); 1351 } 1352 in6_dev_put(in6_dev); 1353 } 1354 1355 void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh, 1356 struct in6_addr *target) 1357 { 1358 struct sock *sk = ndisc_socket->sk; 1359 int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr); 1360 struct sk_buff *buff; 1361 struct icmp6hdr *icmph; 1362 struct in6_addr saddr_buf; 1363 struct in6_addr *addrp; 1364 struct net_device *dev; 1365 struct rt6_info *rt; 1366 struct dst_entry *dst; 1367 struct inet6_dev *idev; 1368 struct flowi fl; 1369 u8 *opt; 1370 int rd_len; 1371 int err; 1372 int hlen; 1373 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL; 1374 1375 dev = skb->dev; 1376 1377 if (ipv6_get_lladdr(dev, &saddr_buf)) { 1378 ND_PRINTK2(KERN_WARNING 1379 "ICMPv6 Redirect: no link-local address on %s\n", 1380 dev->name); 1381 return; 1382 } 1383 1384 ndisc_flow_init(&fl, NDISC_REDIRECT, &saddr_buf, &skb->nh.ipv6h->saddr); 1385 1386 dst = ip6_route_output(NULL, &fl); 1387 if (dst == NULL) 1388 return; 1389 1390 err = xfrm_lookup(&dst, &fl, NULL, 0); 1391 if (err) 1392 return; 1393 1394 rt = (struct rt6_info *) dst; 1395 1396 if (rt->rt6i_flags & RTF_GATEWAY) { 1397 ND_PRINTK2(KERN_WARNING 1398 "ICMPv6 Redirect: destination is not a neighbour.\n"); 1399 dst_release(dst); 1400 return; 1401 } 1402 if (!xrlim_allow(dst, 1*HZ)) { 1403 dst_release(dst); 1404 return; 1405 } 1406 1407 if (dev->addr_len) { 1408 read_lock_bh(&neigh->lock); 1409 if (neigh->nud_state & NUD_VALID) { 1410 memcpy(ha_buf, neigh->ha, dev->addr_len); 1411 read_unlock_bh(&neigh->lock); 1412 ha = ha_buf; 1413 len += ndisc_opt_addr_space(dev); 1414 } else 1415 read_unlock_bh(&neigh->lock); 1416 } 1417 1418 rd_len = min_t(unsigned int, 1419 IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8); 1420 rd_len &= ~0x7; 1421 len += rd_len; 1422 1423 buff = sock_alloc_send_skb(sk, MAX_HEADER + len + LL_RESERVED_SPACE(dev), 1424 1, &err); 1425 if (buff == NULL) { 1426 ND_PRINTK0(KERN_ERR 1427 "ICMPv6 Redirect: %s() failed to allocate an skb.\n", 1428 __FUNCTION__); 1429 dst_release(dst); 1430 return; 1431 } 1432 1433 hlen = 0; 1434 1435 skb_reserve(buff, LL_RESERVED_SPACE(dev)); 1436 ip6_nd_hdr(sk, buff, dev, &saddr_buf, &skb->nh.ipv6h->saddr, 1437 IPPROTO_ICMPV6, len); 1438 1439 icmph = (struct icmp6hdr *)skb_put(buff, len); 1440 buff->h.raw = (unsigned char*)icmph; 1441 1442 memset(icmph, 0, sizeof(struct icmp6hdr)); 1443 icmph->icmp6_type = NDISC_REDIRECT; 1444 1445 /* 1446 * copy target and destination addresses 1447 */ 1448 1449 addrp = (struct in6_addr *)(icmph + 1); 1450 ipv6_addr_copy(addrp, target); 1451 addrp++; 1452 ipv6_addr_copy(addrp, &skb->nh.ipv6h->daddr); 1453 1454 opt = (u8*) (addrp + 1); 1455 1456 /* 1457 * include target_address option 1458 */ 1459 1460 if (ha) 1461 opt = ndisc_fill_addr_option(opt, ND_OPT_TARGET_LL_ADDR, ha, 1462 dev->addr_len, dev->type); 1463 1464 /* 1465 * build redirect option and copy skb over to the new packet. 1466 */ 1467 1468 memset(opt, 0, 8); 1469 *(opt++) = ND_OPT_REDIRECT_HDR; 1470 *(opt++) = (rd_len >> 3); 1471 opt += 6; 1472 1473 memcpy(opt, skb->nh.ipv6h, rd_len - 8); 1474 1475 icmph->icmp6_cksum = csum_ipv6_magic(&saddr_buf, &skb->nh.ipv6h->saddr, 1476 len, IPPROTO_ICMPV6, 1477 csum_partial((u8 *) icmph, len, 0)); 1478 1479 buff->dst = dst; 1480 idev = in6_dev_get(dst->dev); 1481 IP6_INC_STATS(IPSTATS_MIB_OUTREQUESTS); 1482 err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, buff, NULL, dst->dev, dst_output); 1483 if (!err) { 1484 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTREDIRECTS); 1485 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS); 1486 } 1487 1488 if (likely(idev != NULL)) 1489 in6_dev_put(idev); 1490 } 1491 1492 static void pndisc_redo(struct sk_buff *skb) 1493 { 1494 ndisc_recv_ns(skb); 1495 kfree_skb(skb); 1496 } 1497 1498 int ndisc_rcv(struct sk_buff *skb) 1499 { 1500 struct nd_msg *msg; 1501 1502 if (!pskb_may_pull(skb, skb->len)) 1503 return 0; 1504 1505 msg = (struct nd_msg *) skb->h.raw; 1506 1507 __skb_push(skb, skb->data-skb->h.raw); 1508 1509 if (skb->nh.ipv6h->hop_limit != 255) { 1510 ND_PRINTK2(KERN_WARNING 1511 "ICMPv6 NDISC: invalid hop-limit: %d\n", 1512 skb->nh.ipv6h->hop_limit); 1513 return 0; 1514 } 1515 1516 if (msg->icmph.icmp6_code != 0) { 1517 ND_PRINTK2(KERN_WARNING 1518 "ICMPv6 NDISC: invalid ICMPv6 code: %d\n", 1519 msg->icmph.icmp6_code); 1520 return 0; 1521 } 1522 1523 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb)); 1524 1525 switch (msg->icmph.icmp6_type) { 1526 case NDISC_NEIGHBOUR_SOLICITATION: 1527 ndisc_recv_ns(skb); 1528 break; 1529 1530 case NDISC_NEIGHBOUR_ADVERTISEMENT: 1531 ndisc_recv_na(skb); 1532 break; 1533 1534 case NDISC_ROUTER_SOLICITATION: 1535 ndisc_recv_rs(skb); 1536 break; 1537 1538 case NDISC_ROUTER_ADVERTISEMENT: 1539 ndisc_router_discovery(skb); 1540 break; 1541 1542 case NDISC_REDIRECT: 1543 ndisc_redirect_rcv(skb); 1544 break; 1545 }; 1546 1547 return 0; 1548 } 1549 1550 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr) 1551 { 1552 struct net_device *dev = ptr; 1553 1554 switch (event) { 1555 case NETDEV_CHANGEADDR: 1556 neigh_changeaddr(&nd_tbl, dev); 1557 fib6_run_gc(~0UL); 1558 break; 1559 case NETDEV_DOWN: 1560 neigh_ifdown(&nd_tbl, dev); 1561 fib6_run_gc(~0UL); 1562 break; 1563 default: 1564 break; 1565 } 1566 1567 return NOTIFY_DONE; 1568 } 1569 1570 static struct notifier_block ndisc_netdev_notifier = { 1571 .notifier_call = ndisc_netdev_event, 1572 }; 1573 1574 #ifdef CONFIG_SYSCTL 1575 static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl, 1576 const char *func, const char *dev_name) 1577 { 1578 static char warncomm[TASK_COMM_LEN]; 1579 static int warned; 1580 if (strcmp(warncomm, current->comm) && warned < 5) { 1581 strcpy(warncomm, current->comm); 1582 printk(KERN_WARNING 1583 "process `%s' is using deprecated sysctl (%s) " 1584 "net.ipv6.neigh.%s.%s; " 1585 "Use net.ipv6.neigh.%s.%s_ms " 1586 "instead.\n", 1587 warncomm, func, 1588 dev_name, ctl->procname, 1589 dev_name, ctl->procname); 1590 warned++; 1591 } 1592 } 1593 1594 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, struct file * filp, void __user *buffer, size_t *lenp, loff_t *ppos) 1595 { 1596 struct net_device *dev = ctl->extra1; 1597 struct inet6_dev *idev; 1598 int ret; 1599 1600 if (ctl->ctl_name == NET_NEIGH_RETRANS_TIME || 1601 ctl->ctl_name == NET_NEIGH_REACHABLE_TIME) 1602 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default"); 1603 1604 switch (ctl->ctl_name) { 1605 case NET_NEIGH_RETRANS_TIME: 1606 ret = proc_dointvec(ctl, write, filp, buffer, lenp, ppos); 1607 break; 1608 case NET_NEIGH_REACHABLE_TIME: 1609 ret = proc_dointvec_jiffies(ctl, write, 1610 filp, buffer, lenp, ppos); 1611 break; 1612 case NET_NEIGH_RETRANS_TIME_MS: 1613 case NET_NEIGH_REACHABLE_TIME_MS: 1614 ret = proc_dointvec_ms_jiffies(ctl, write, 1615 filp, buffer, lenp, ppos); 1616 break; 1617 default: 1618 ret = -1; 1619 } 1620 1621 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) { 1622 if (ctl->ctl_name == NET_NEIGH_REACHABLE_TIME || 1623 ctl->ctl_name == NET_NEIGH_REACHABLE_TIME_MS) 1624 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time); 1625 idev->tstamp = jiffies; 1626 inet6_ifinfo_notify(RTM_NEWLINK, idev); 1627 in6_dev_put(idev); 1628 } 1629 return ret; 1630 } 1631 1632 static int ndisc_ifinfo_sysctl_strategy(ctl_table *ctl, int __user *name, 1633 int nlen, void __user *oldval, 1634 size_t __user *oldlenp, 1635 void __user *newval, size_t newlen, 1636 void **context) 1637 { 1638 struct net_device *dev = ctl->extra1; 1639 struct inet6_dev *idev; 1640 int ret; 1641 1642 if (ctl->ctl_name == NET_NEIGH_RETRANS_TIME || 1643 ctl->ctl_name == NET_NEIGH_REACHABLE_TIME) 1644 ndisc_warn_deprecated_sysctl(ctl, "procfs", dev ? dev->name : "default"); 1645 1646 switch (ctl->ctl_name) { 1647 case NET_NEIGH_REACHABLE_TIME: 1648 ret = sysctl_jiffies(ctl, name, nlen, 1649 oldval, oldlenp, newval, newlen, 1650 context); 1651 break; 1652 case NET_NEIGH_RETRANS_TIME_MS: 1653 case NET_NEIGH_REACHABLE_TIME_MS: 1654 ret = sysctl_ms_jiffies(ctl, name, nlen, 1655 oldval, oldlenp, newval, newlen, 1656 context); 1657 break; 1658 default: 1659 ret = 0; 1660 } 1661 1662 if (newval && newlen && ret > 0 && 1663 dev && (idev = in6_dev_get(dev)) != NULL) { 1664 if (ctl->ctl_name == NET_NEIGH_REACHABLE_TIME || 1665 ctl->ctl_name == NET_NEIGH_REACHABLE_TIME_MS) 1666 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time); 1667 idev->tstamp = jiffies; 1668 inet6_ifinfo_notify(RTM_NEWLINK, idev); 1669 in6_dev_put(idev); 1670 } 1671 1672 return ret; 1673 } 1674 1675 #endif 1676 1677 int __init ndisc_init(struct net_proto_family *ops) 1678 { 1679 struct ipv6_pinfo *np; 1680 struct sock *sk; 1681 int err; 1682 1683 err = sock_create_kern(PF_INET6, SOCK_RAW, IPPROTO_ICMPV6, &ndisc_socket); 1684 if (err < 0) { 1685 ND_PRINTK0(KERN_ERR 1686 "ICMPv6 NDISC: Failed to initialize the control socket (err %d).\n", 1687 err); 1688 ndisc_socket = NULL; /* For safety. */ 1689 return err; 1690 } 1691 1692 sk = ndisc_socket->sk; 1693 np = inet6_sk(sk); 1694 sk->sk_allocation = GFP_ATOMIC; 1695 np->hop_limit = 255; 1696 /* Do not loopback ndisc messages */ 1697 np->mc_loop = 0; 1698 sk->sk_prot->unhash(sk); 1699 1700 /* 1701 * Initialize the neighbour table 1702 */ 1703 1704 neigh_table_init(&nd_tbl); 1705 1706 #ifdef CONFIG_SYSCTL 1707 neigh_sysctl_register(NULL, &nd_tbl.parms, NET_IPV6, NET_IPV6_NEIGH, 1708 "ipv6", 1709 &ndisc_ifinfo_sysctl_change, 1710 &ndisc_ifinfo_sysctl_strategy); 1711 #endif 1712 1713 register_netdevice_notifier(&ndisc_netdev_notifier); 1714 return 0; 1715 } 1716 1717 void ndisc_cleanup(void) 1718 { 1719 #ifdef CONFIG_SYSCTL 1720 neigh_sysctl_unregister(&nd_tbl.parms); 1721 #endif 1722 neigh_table_clear(&nd_tbl); 1723 sock_release(ndisc_socket); 1724 ndisc_socket = NULL; /* For safety. */ 1725 } 1726