Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
ndisc.c
Go to the documentation of this file.
1 /*
2  * Neighbour Discovery for IPv6
3  * Linux INET6 implementation
4  *
5  * Authors:
6  * Pedro Roque <[email protected]>
7  * Mike Shaver <[email protected]>
8  *
9  * This program is free software; you can redistribute it and/or
10  * modify it under the terms of the GNU General Public License
11  * as published by the Free Software Foundation; either version
12  * 2 of the License, or (at your option) any later version.
13  */
14 
15 /*
16  * Changes:
17  *
18  * Alexey I. Froloff : RFC6106 (DNSSL) support
19  * Pierre Ynard : export userland ND options
20  * through netlink (RDNSS support)
21  * Lars Fenneberg : fixed MTU setting on receipt
22  * of an RA.
23  * Janos Farkas : kmalloc failure checks
24  * Alexey Kuznetsov : state machine reworked
25  * and moved to net/core.
26  * Pekka Savola : RFC2461 validation
27  * YOSHIFUJI Hideaki @USAGI : Verify ND options properly
28  */
29 
30 #define pr_fmt(fmt) "ICMPv6: " fmt
31 
32 #include <linux/module.h>
33 #include <linux/errno.h>
34 #include <linux/types.h>
35 #include <linux/socket.h>
36 #include <linux/sockios.h>
37 #include <linux/sched.h>
38 #include <linux/net.h>
39 #include <linux/in6.h>
40 #include <linux/route.h>
41 #include <linux/init.h>
42 #include <linux/rcupdate.h>
43 #include <linux/slab.h>
44 #ifdef CONFIG_SYSCTL
45 #include <linux/sysctl.h>
46 #endif
47 
48 #include <linux/if_addr.h>
49 #include <linux/if_arp.h>
50 #include <linux/ipv6.h>
51 #include <linux/icmpv6.h>
52 #include <linux/jhash.h>
53 
54 #include <net/sock.h>
55 #include <net/snmp.h>
56 
57 #include <net/ipv6.h>
58 #include <net/protocol.h>
59 #include <net/ndisc.h>
60 #include <net/ip6_route.h>
61 #include <net/addrconf.h>
62 #include <net/icmp.h>
63 
64 #include <net/netlink.h>
65 #include <linux/rtnetlink.h>
66 
67 #include <net/flow.h>
68 #include <net/ip6_checksum.h>
69 #include <net/inet_common.h>
70 #include <linux/proc_fs.h>
71 
72 #include <linux/netfilter.h>
73 #include <linux/netfilter_ipv6.h>
74 
75 /* Set to 3 to get tracing... */
76 #define ND_DEBUG 1
77 
78 #define ND_PRINTK(val, level, fmt, ...) \
79 do { \
80  if (val <= ND_DEBUG) \
81  net_##level##_ratelimited(fmt, ##__VA_ARGS__); \
82 } while (0)
83 
84 static u32 ndisc_hash(const void *pkey,
85  const struct net_device *dev,
86  __u32 *hash_rnd);
87 static int ndisc_constructor(struct neighbour *neigh);
88 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
89 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
90 static int pndisc_constructor(struct pneigh_entry *n);
91 static void pndisc_destructor(struct pneigh_entry *n);
92 static void pndisc_redo(struct sk_buff *skb);
93 
94 static const struct neigh_ops ndisc_generic_ops = {
95  .family = AF_INET6,
96  .solicit = ndisc_solicit,
97  .error_report = ndisc_error_report,
98  .output = neigh_resolve_output,
99  .connected_output = neigh_connected_output,
100 };
101 
102 static const struct neigh_ops ndisc_hh_ops = {
103  .family = AF_INET6,
104  .solicit = ndisc_solicit,
105  .error_report = ndisc_error_report,
106  .output = neigh_resolve_output,
107  .connected_output = neigh_resolve_output,
108 };
109 
110 
111 static const struct neigh_ops ndisc_direct_ops = {
112  .family = AF_INET6,
113  .output = neigh_direct_output,
114  .connected_output = neigh_direct_output,
115 };
116 
117 struct neigh_table nd_tbl = {
118  .family = AF_INET6,
119  .key_len = sizeof(struct in6_addr),
120  .hash = ndisc_hash,
121  .constructor = ndisc_constructor,
122  .pconstructor = pndisc_constructor,
123  .pdestructor = pndisc_destructor,
124  .proxy_redo = pndisc_redo,
125  .id = "ndisc_cache",
126  .parms = {
127  .tbl = &nd_tbl,
128  .base_reachable_time = ND_REACHABLE_TIME,
129  .retrans_time = ND_RETRANS_TIMER,
130  .gc_staletime = 60 * HZ,
131  .reachable_time = ND_REACHABLE_TIME,
132  .delay_probe_time = 5 * HZ,
133  .queue_len_bytes = 64*1024,
134  .ucast_probes = 3,
135  .mcast_probes = 3,
136  .anycast_delay = 1 * HZ,
137  .proxy_delay = (8 * HZ) / 10,
138  .proxy_qlen = 64,
139  },
140  .gc_interval = 30 * HZ,
141  .gc_thresh1 = 128,
142  .gc_thresh2 = 512,
143  .gc_thresh3 = 1024,
144 };
145 
146 static inline int ndisc_opt_addr_space(struct net_device *dev)
147 {
148  return NDISC_OPT_SPACE(dev->addr_len + ndisc_addr_option_pad(dev->type));
149 }
150 
151 static u8 *ndisc_fill_addr_option(u8 *opt, int type, void *data, int data_len,
152  unsigned short addr_type)
153 {
154  int space = NDISC_OPT_SPACE(data_len);
155  int pad = ndisc_addr_option_pad(addr_type);
156 
157  opt[0] = type;
158  opt[1] = space>>3;
159 
160  memset(opt + 2, 0, pad);
161  opt += pad;
162  space -= pad;
163 
164  memcpy(opt+2, data, data_len);
165  data_len += 2;
166  opt += data_len;
167  if ((space -= data_len) > 0)
168  memset(opt, 0, space);
169  return opt + space;
170 }
171 
172 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
173  struct nd_opt_hdr *end)
174 {
175  int type;
176  if (!cur || !end || cur >= end)
177  return NULL;
178  type = cur->nd_opt_type;
179  do {
180  cur = ((void *)cur) + (cur->nd_opt_len << 3);
181  } while(cur < end && cur->nd_opt_type != type);
182  return cur <= end && cur->nd_opt_type == type ? cur : NULL;
183 }
184 
185 static inline int ndisc_is_useropt(struct nd_opt_hdr *opt)
186 {
187  return opt->nd_opt_type == ND_OPT_RDNSS ||
188  opt->nd_opt_type == ND_OPT_DNSSL;
189 }
190 
191 static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur,
192  struct nd_opt_hdr *end)
193 {
194  if (!cur || !end || cur >= end)
195  return NULL;
196  do {
197  cur = ((void *)cur) + (cur->nd_opt_len << 3);
198  } while(cur < end && !ndisc_is_useropt(cur));
199  return cur <= end && ndisc_is_useropt(cur) ? cur : NULL;
200 }
201 
202 struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
203  struct ndisc_options *ndopts)
204 {
205  struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
206 
207  if (!nd_opt || opt_len < 0 || !ndopts)
208  return NULL;
209  memset(ndopts, 0, sizeof(*ndopts));
210  while (opt_len) {
211  int l;
212  if (opt_len < sizeof(struct nd_opt_hdr))
213  return NULL;
214  l = nd_opt->nd_opt_len << 3;
215  if (opt_len < l || l == 0)
216  return NULL;
217  switch (nd_opt->nd_opt_type) {
220  case ND_OPT_MTU:
221  case ND_OPT_REDIRECT_HDR:
222  if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
223  ND_PRINTK(2, warn,
224  "%s: duplicated ND6 option found: type=%d\n",
225  __func__, nd_opt->nd_opt_type);
226  } else {
227  ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
228  }
229  break;
230  case ND_OPT_PREFIX_INFO:
231  ndopts->nd_opts_pi_end = nd_opt;
232  if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
233  ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
234  break;
235 #ifdef CONFIG_IPV6_ROUTE_INFO
236  case ND_OPT_ROUTE_INFO:
237  ndopts->nd_opts_ri_end = nd_opt;
238  if (!ndopts->nd_opts_ri)
239  ndopts->nd_opts_ri = nd_opt;
240  break;
241 #endif
242  default:
243  if (ndisc_is_useropt(nd_opt)) {
244  ndopts->nd_useropts_end = nd_opt;
245  if (!ndopts->nd_useropts)
246  ndopts->nd_useropts = nd_opt;
247  } else {
248  /*
249  * Unknown options must be silently ignored,
250  * to accommodate future extension to the
251  * protocol.
252  */
253  ND_PRINTK(2, notice,
254  "%s: ignored unsupported option; type=%d, len=%d\n",
255  __func__,
256  nd_opt->nd_opt_type,
257  nd_opt->nd_opt_len);
258  }
259  }
260  opt_len -= l;
261  nd_opt = ((void *)nd_opt) + l;
262  }
263  return ndopts;
264 }
265 
266 int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
267 {
268  switch (dev->type) {
269  case ARPHRD_ETHER:
270  case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */
271  case ARPHRD_FDDI:
272  ipv6_eth_mc_map(addr, buf);
273  return 0;
274  case ARPHRD_ARCNET:
275  ipv6_arcnet_mc_map(addr, buf);
276  return 0;
277  case ARPHRD_INFINIBAND:
278  ipv6_ib_mc_map(addr, dev->broadcast, buf);
279  return 0;
280  case ARPHRD_IPGRE:
281  return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
282  default:
283  if (dir) {
284  memcpy(buf, dev->broadcast, dev->addr_len);
285  return 0;
286  }
287  }
288  return -EINVAL;
289 }
290 
292 
293 static u32 ndisc_hash(const void *pkey,
294  const struct net_device *dev,
295  __u32 *hash_rnd)
296 {
297  return ndisc_hashfn(pkey, dev, hash_rnd);
298 }
299 
300 static int ndisc_constructor(struct neighbour *neigh)
301 {
302  struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key;
303  struct net_device *dev = neigh->dev;
304  struct inet6_dev *in6_dev;
305  struct neigh_parms *parms;
306  bool is_multicast = ipv6_addr_is_multicast(addr);
307 
308  in6_dev = in6_dev_get(dev);
309  if (in6_dev == NULL) {
310  return -EINVAL;
311  }
312 
313  parms = in6_dev->nd_parms;
314  __neigh_parms_put(neigh->parms);
315  neigh->parms = neigh_parms_clone(parms);
316 
317  neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
318  if (!dev->header_ops) {
319  neigh->nud_state = NUD_NOARP;
320  neigh->ops = &ndisc_direct_ops;
321  neigh->output = neigh_direct_output;
322  } else {
323  if (is_multicast) {
324  neigh->nud_state = NUD_NOARP;
325  ndisc_mc_map(addr, neigh->ha, dev, 1);
326  } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
327  neigh->nud_state = NUD_NOARP;
328  memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
329  if (dev->flags&IFF_LOOPBACK)
330  neigh->type = RTN_LOCAL;
331  } else if (dev->flags&IFF_POINTOPOINT) {
332  neigh->nud_state = NUD_NOARP;
333  memcpy(neigh->ha, dev->broadcast, dev->addr_len);
334  }
335  if (dev->header_ops->cache)
336  neigh->ops = &ndisc_hh_ops;
337  else
338  neigh->ops = &ndisc_generic_ops;
339  if (neigh->nud_state&NUD_VALID)
340  neigh->output = neigh->ops->connected_output;
341  else
342  neigh->output = neigh->ops->output;
343  }
344  in6_dev_put(in6_dev);
345  return 0;
346 }
347 
348 static int pndisc_constructor(struct pneigh_entry *n)
349 {
350  struct in6_addr *addr = (struct in6_addr*)&n->key;
351  struct in6_addr maddr;
352  struct net_device *dev = n->dev;
353 
354  if (dev == NULL || __in6_dev_get(dev) == NULL)
355  return -EINVAL;
356  addrconf_addr_solict_mult(addr, &maddr);
357  ipv6_dev_mc_inc(dev, &maddr);
358  return 0;
359 }
360 
361 static void pndisc_destructor(struct pneigh_entry *n)
362 {
363  struct in6_addr *addr = (struct in6_addr*)&n->key;
364  struct in6_addr maddr;
365  struct net_device *dev = n->dev;
366 
367  if (dev == NULL || __in6_dev_get(dev) == NULL)
368  return;
369  addrconf_addr_solict_mult(addr, &maddr);
370  ipv6_dev_mc_dec(dev, &maddr);
371 }
372 
373 struct sk_buff *ndisc_build_skb(struct net_device *dev,
374  const struct in6_addr *daddr,
375  const struct in6_addr *saddr,
376  struct icmp6hdr *icmp6h,
377  const struct in6_addr *target,
378  int llinfo)
379 {
380  struct net *net = dev_net(dev);
381  struct sock *sk = net->ipv6.ndisc_sk;
382  struct sk_buff *skb;
383  struct icmp6hdr *hdr;
384  int hlen = LL_RESERVED_SPACE(dev);
385  int tlen = dev->needed_tailroom;
386  int len;
387  int err;
388  u8 *opt;
389 
390  if (!dev->addr_len)
391  llinfo = 0;
392 
393  len = sizeof(struct icmp6hdr) + (target ? sizeof(*target) : 0);
394  if (llinfo)
395  len += ndisc_opt_addr_space(dev);
396 
397  skb = sock_alloc_send_skb(sk,
398  (MAX_HEADER + sizeof(struct ipv6hdr) +
399  len + hlen + tlen),
400  1, &err);
401  if (!skb) {
402  ND_PRINTK(0, err, "ND: %s failed to allocate an skb, err=%d\n",
403  __func__, err);
404  return NULL;
405  }
406 
407  skb_reserve(skb, hlen);
408  ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len);
409 
410  skb->transport_header = skb->tail;
411  skb_put(skb, len);
412 
413  hdr = (struct icmp6hdr *)skb_transport_header(skb);
414  memcpy(hdr, icmp6h, sizeof(*hdr));
415 
416  opt = skb_transport_header(skb) + sizeof(struct icmp6hdr);
417  if (target) {
418  *(struct in6_addr *)opt = *target;
419  opt += sizeof(*target);
420  }
421 
422  if (llinfo)
423  ndisc_fill_addr_option(opt, llinfo, dev->dev_addr,
424  dev->addr_len, dev->type);
425 
426  hdr->icmp6_cksum = csum_ipv6_magic(saddr, daddr, len,
428  csum_partial(hdr,
429  len, 0));
430 
431  return skb;
432 }
433 
435 
437  struct net_device *dev,
438  struct neighbour *neigh,
439  const struct in6_addr *daddr,
440  const struct in6_addr *saddr,
441  struct icmp6hdr *icmp6h)
442 {
443  struct flowi6 fl6;
444  struct dst_entry *dst;
445  struct net *net = dev_net(dev);
446  struct sock *sk = net->ipv6.ndisc_sk;
447  struct inet6_dev *idev;
448  int err;
449  u8 type;
450 
451  type = icmp6h->icmp6_type;
452 
453  icmpv6_flow_init(sk, &fl6, type, saddr, daddr, dev->ifindex);
454  dst = icmp6_dst_alloc(dev, neigh, &fl6);
455  if (IS_ERR(dst)) {
456  kfree_skb(skb);
457  return;
458  }
459 
460  skb_dst_set(skb, dst);
461 
462  rcu_read_lock();
463  idev = __in6_dev_get(dst->dev);
464  IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
465 
466  err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev,
467  dst_output);
468  if (!err) {
469  ICMP6MSGOUT_INC_STATS(net, idev, type);
471  }
472 
473  rcu_read_unlock();
474 }
475 
477 
478 /*
479  * Send a Neighbour Discover packet
480  */
481 static void __ndisc_send(struct net_device *dev,
482  struct neighbour *neigh,
483  const struct in6_addr *daddr,
484  const struct in6_addr *saddr,
485  struct icmp6hdr *icmp6h, const struct in6_addr *target,
486  int llinfo)
487 {
488  struct sk_buff *skb;
489 
490  skb = ndisc_build_skb(dev, daddr, saddr, icmp6h, target, llinfo);
491  if (!skb)
492  return;
493 
494  ndisc_send_skb(skb, dev, neigh, daddr, saddr, icmp6h);
495 }
496 
497 static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
498  const struct in6_addr *daddr,
499  const struct in6_addr *solicited_addr,
500  int router, int solicited, int override, int inc_opt)
501 {
502  struct in6_addr tmpaddr;
503  struct inet6_ifaddr *ifp;
504  const struct in6_addr *src_addr;
505  struct icmp6hdr icmp6h = {
507  };
508 
509  /* for anycast or proxy, solicited_addr != src_addr */
510  ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
511  if (ifp) {
512  src_addr = solicited_addr;
513  if (ifp->flags & IFA_F_OPTIMISTIC)
514  override = 0;
515  inc_opt |= ifp->idev->cnf.force_tllao;
516  in6_ifa_put(ifp);
517  } else {
518  if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
519  inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
520  &tmpaddr))
521  return;
522  src_addr = &tmpaddr;
523  }
524 
525  icmp6h.icmp6_router = router;
526  icmp6h.icmp6_solicited = solicited;
527  icmp6h.icmp6_override = override;
528 
529  __ndisc_send(dev, neigh, daddr, src_addr,
530  &icmp6h, solicited_addr,
531  inc_opt ? ND_OPT_TARGET_LL_ADDR : 0);
532 }
533 
534 static void ndisc_send_unsol_na(struct net_device *dev)
535 {
536  struct inet6_dev *idev;
537  struct inet6_ifaddr *ifa;
539 
540  idev = in6_dev_get(dev);
541  if (!idev)
542  return;
543 
544  read_lock_bh(&idev->lock);
545  list_for_each_entry(ifa, &idev->addr_list, if_list) {
546  ndisc_send_na(dev, NULL, &mcaddr, &ifa->addr,
547  /*router=*/ !!idev->cnf.forwarding,
548  /*solicited=*/ false, /*override=*/ true,
549  /*inc_opt=*/ true);
550  }
551  read_unlock_bh(&idev->lock);
552 
553  in6_dev_put(idev);
554 }
555 
556 void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh,
557  const struct in6_addr *solicit,
558  const struct in6_addr *daddr, const struct in6_addr *saddr)
559 {
560  struct in6_addr addr_buf;
561  struct icmp6hdr icmp6h = {
563  };
564 
565  if (saddr == NULL) {
566  if (ipv6_get_lladdr(dev, &addr_buf,
568  return;
569  saddr = &addr_buf;
570  }
571 
572  __ndisc_send(dev, neigh, daddr, saddr,
573  &icmp6h, solicit,
574  !ipv6_addr_any(saddr) ? ND_OPT_SOURCE_LL_ADDR : 0);
575 }
576 
577 void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
578  const struct in6_addr *daddr)
579 {
580  struct icmp6hdr icmp6h = {
582  };
583  int send_sllao = dev->addr_len;
584 
585 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
586  /*
587  * According to section 2.2 of RFC 4429, we must not
588  * send router solicitations with a sllao from
589  * optimistic addresses, but we may send the solicitation
590  * if we don't include the sllao. So here we check
591  * if our address is optimistic, and if so, we
592  * suppress the inclusion of the sllao.
593  */
594  if (send_sllao) {
595  struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
596  dev, 1);
597  if (ifp) {
598  if (ifp->flags & IFA_F_OPTIMISTIC) {
599  send_sllao = 0;
600  }
601  in6_ifa_put(ifp);
602  } else {
603  send_sllao = 0;
604  }
605  }
606 #endif
607  __ndisc_send(dev, NULL, daddr, saddr,
608  &icmp6h, NULL,
609  send_sllao ? ND_OPT_SOURCE_LL_ADDR : 0);
610 }
611 
612 
613 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
614 {
615  /*
616  * "The sender MUST return an ICMP
617  * destination unreachable"
618  */
619  dst_link_failure(skb);
620  kfree_skb(skb);
621 }
622 
623 /* Called with locked neigh: either read or both */
624 
625 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
626 {
627  struct in6_addr *saddr = NULL;
628  struct in6_addr mcaddr;
629  struct net_device *dev = neigh->dev;
630  struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
631  int probes = atomic_read(&neigh->probes);
632 
633  if (skb && ipv6_chk_addr(dev_net(dev), &ipv6_hdr(skb)->saddr, dev, 1))
634  saddr = &ipv6_hdr(skb)->saddr;
635 
636  if ((probes -= neigh->parms->ucast_probes) < 0) {
637  if (!(neigh->nud_state & NUD_VALID)) {
638  ND_PRINTK(1, dbg,
639  "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
640  __func__, target);
641  }
642  ndisc_send_ns(dev, neigh, target, target, saddr);
643  } else if ((probes -= neigh->parms->app_probes) < 0) {
644 #ifdef CONFIG_ARPD
645  neigh_app_ns(neigh);
646 #endif
647  } else {
648  addrconf_addr_solict_mult(target, &mcaddr);
649  ndisc_send_ns(dev, NULL, target, &mcaddr, saddr);
650  }
651 }
652 
653 static int pndisc_is_router(const void *pkey,
654  struct net_device *dev)
655 {
656  struct pneigh_entry *n;
657  int ret = -1;
658 
659  read_lock_bh(&nd_tbl.lock);
660  n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
661  if (n)
662  ret = !!(n->flags & NTF_ROUTER);
663  read_unlock_bh(&nd_tbl.lock);
664 
665  return ret;
666 }
667 
668 static void ndisc_recv_ns(struct sk_buff *skb)
669 {
670  struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
671  const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
672  const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
673  u8 *lladdr = NULL;
674  u32 ndoptlen = skb->tail - (skb->transport_header +
675  offsetof(struct nd_msg, opt));
676  struct ndisc_options ndopts;
677  struct net_device *dev = skb->dev;
678  struct inet6_ifaddr *ifp;
679  struct inet6_dev *idev = NULL;
680  struct neighbour *neigh;
681  int dad = ipv6_addr_any(saddr);
682  bool inc;
683  int is_router = -1;
684 
685  if (ipv6_addr_is_multicast(&msg->target)) {
686  ND_PRINTK(2, warn, "NS: multicast target address\n");
687  return;
688  }
689 
690  /*
691  * RFC2461 7.1.1:
692  * DAD has to be destined for solicited node multicast address.
693  */
694  if (dad &&
695  !(daddr->s6_addr32[0] == htonl(0xff020000) &&
696  daddr->s6_addr32[1] == htonl(0x00000000) &&
697  daddr->s6_addr32[2] == htonl(0x00000001) &&
698  daddr->s6_addr [12] == 0xff )) {
699  ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
700  return;
701  }
702 
703  if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
704  ND_PRINTK(2, warn, "NS: invalid ND options\n");
705  return;
706  }
707 
708  if (ndopts.nd_opts_src_lladdr) {
709  lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
710  if (!lladdr) {
711  ND_PRINTK(2, warn,
712  "NS: invalid link-layer address length\n");
713  return;
714  }
715 
716  /* RFC2461 7.1.1:
717  * If the IP source address is the unspecified address,
718  * there MUST NOT be source link-layer address option
719  * in the message.
720  */
721  if (dad) {
722  ND_PRINTK(2, warn,
723  "NS: bad DAD packet (link-layer address option)\n");
724  return;
725  }
726  }
727 
728  inc = ipv6_addr_is_multicast(daddr);
729 
730  ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
731  if (ifp) {
732 
733  if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
734  if (dad) {
735  /*
736  * We are colliding with another node
737  * who is doing DAD
738  * so fail our DAD process
739  */
741  return;
742  } else {
743  /*
744  * This is not a dad solicitation.
745  * If we are an optimistic node,
746  * we should respond.
747  * Otherwise, we should ignore it.
748  */
749  if (!(ifp->flags & IFA_F_OPTIMISTIC))
750  goto out;
751  }
752  }
753 
754  idev = ifp->idev;
755  } else {
756  struct net *net = dev_net(dev);
757 
758  idev = in6_dev_get(dev);
759  if (!idev) {
760  /* XXX: count this drop? */
761  return;
762  }
763 
764  if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
765  (idev->cnf.forwarding &&
766  (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
767  (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
768  if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
769  skb->pkt_type != PACKET_HOST &&
770  inc != 0 &&
771  idev->nd_parms->proxy_delay != 0) {
772  /*
773  * for anycast or proxy,
774  * sender should delay its response
775  * by a random time between 0 and
776  * MAX_ANYCAST_DELAY_TIME seconds.
777  * (RFC2461) -- yoshfuji
778  */
779  struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
780  if (n)
781  pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
782  goto out;
783  }
784  } else
785  goto out;
786  }
787 
788  if (is_router < 0)
789  is_router = !!idev->cnf.forwarding;
790 
791  if (dad) {
792  ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &msg->target,
793  is_router, 0, (ifp != NULL), 1);
794  goto out;
795  }
796 
797  if (inc)
798  NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
799  else
800  NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
801 
802  /*
803  * update / create cache entry
804  * for the source address
805  */
806  neigh = __neigh_lookup(&nd_tbl, saddr, dev,
807  !inc || lladdr || !dev->addr_len);
808  if (neigh)
809  neigh_update(neigh, lladdr, NUD_STALE,
812  if (neigh || !dev->header_ops) {
813  ndisc_send_na(dev, neigh, saddr, &msg->target,
814  is_router,
815  1, (ifp != NULL && inc), inc);
816  if (neigh)
817  neigh_release(neigh);
818  }
819 
820 out:
821  if (ifp)
822  in6_ifa_put(ifp);
823  else
824  in6_dev_put(idev);
825 }
826 
827 static void ndisc_recv_na(struct sk_buff *skb)
828 {
829  struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
830  const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
831  const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
832  u8 *lladdr = NULL;
833  u32 ndoptlen = skb->tail - (skb->transport_header +
834  offsetof(struct nd_msg, opt));
835  struct ndisc_options ndopts;
836  struct net_device *dev = skb->dev;
837  struct inet6_ifaddr *ifp;
838  struct neighbour *neigh;
839 
840  if (skb->len < sizeof(struct nd_msg)) {
841  ND_PRINTK(2, warn, "NA: packet too short\n");
842  return;
843  }
844 
845  if (ipv6_addr_is_multicast(&msg->target)) {
846  ND_PRINTK(2, warn, "NA: target address is multicast\n");
847  return;
848  }
849 
850  if (ipv6_addr_is_multicast(daddr) &&
851  msg->icmph.icmp6_solicited) {
852  ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
853  return;
854  }
855 
856  if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
857  ND_PRINTK(2, warn, "NS: invalid ND option\n");
858  return;
859  }
860  if (ndopts.nd_opts_tgt_lladdr) {
861  lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
862  if (!lladdr) {
863  ND_PRINTK(2, warn,
864  "NA: invalid link-layer address length\n");
865  return;
866  }
867  }
868  ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
869  if (ifp) {
870  if (skb->pkt_type != PACKET_LOOPBACK
871  && (ifp->flags & IFA_F_TENTATIVE)) {
873  return;
874  }
875  /* What should we make now? The advertisement
876  is invalid, but ndisc specs say nothing
877  about it. It could be misconfiguration, or
878  an smart proxy agent tries to help us :-)
879 
880  We should not print the error if NA has been
881  received from loopback - it is just our own
882  unsolicited advertisement.
883  */
884  if (skb->pkt_type != PACKET_LOOPBACK)
885  ND_PRINTK(1, warn,
886  "NA: someone advertises our address %pI6 on %s!\n",
887  &ifp->addr, ifp->idev->dev->name);
888  in6_ifa_put(ifp);
889  return;
890  }
891  neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
892 
893  if (neigh) {
894  u8 old_flags = neigh->flags;
895  struct net *net = dev_net(dev);
896 
897  if (neigh->nud_state & NUD_FAILED)
898  goto out;
899 
900  /*
901  * Don't update the neighbor cache entry on a proxy NA from
902  * ourselves because either the proxied node is off link or it
903  * has already sent a NA to us.
904  */
905  if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
906  net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
907  pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
908  /* XXX: idev->cnf.prixy_ndp */
909  goto out;
910  }
911 
912  neigh_update(neigh, lladdr,
913  msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
915  (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
917  (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0));
918 
919  if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
920  /*
921  * Change: router to host
922  */
923  struct rt6_info *rt;
924  rt = rt6_get_dflt_router(saddr, dev);
925  if (rt)
926  ip6_del_rt(rt);
927  }
928 
929 out:
930  neigh_release(neigh);
931  }
932 }
933 
934 static void ndisc_recv_rs(struct sk_buff *skb)
935 {
936  struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
937  unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
938  struct neighbour *neigh;
939  struct inet6_dev *idev;
940  const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
941  struct ndisc_options ndopts;
942  u8 *lladdr = NULL;
943 
944  if (skb->len < sizeof(*rs_msg))
945  return;
946 
947  idev = __in6_dev_get(skb->dev);
948  if (!idev) {
949  ND_PRINTK(1, err, "RS: can't find in6 device\n");
950  return;
951  }
952 
953  /* Don't accept RS if we're not in router mode */
954  if (!idev->cnf.forwarding)
955  goto out;
956 
957  /*
958  * Don't update NCE if src = ::;
959  * this implies that the source node has no ip address assigned yet.
960  */
961  if (ipv6_addr_any(saddr))
962  goto out;
963 
964  /* Parse ND options */
965  if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) {
966  ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n");
967  goto out;
968  }
969 
970  if (ndopts.nd_opts_src_lladdr) {
971  lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
972  skb->dev);
973  if (!lladdr)
974  goto out;
975  }
976 
977  neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
978  if (neigh) {
979  neigh_update(neigh, lladdr, NUD_STALE,
983  neigh_release(neigh);
984  }
985 out:
986  return;
987 }
988 
989 static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
990 {
991  struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
992  struct sk_buff *skb;
993  struct nlmsghdr *nlh;
994  struct nduseroptmsg *ndmsg;
995  struct net *net = dev_net(ra->dev);
996  int err;
997  int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
998  + (opt->nd_opt_len << 3));
999  size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1000 
1001  skb = nlmsg_new(msg_size, GFP_ATOMIC);
1002  if (skb == NULL) {
1003  err = -ENOBUFS;
1004  goto errout;
1005  }
1006 
1007  nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1008  if (nlh == NULL) {
1009  goto nla_put_failure;
1010  }
1011 
1012  ndmsg = nlmsg_data(nlh);
1013  ndmsg->nduseropt_family = AF_INET6;
1014  ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1015  ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1016  ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1017  ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1018 
1019  memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1020 
1021  if (nla_put(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr),
1022  &ipv6_hdr(ra)->saddr))
1023  goto nla_put_failure;
1024  nlmsg_end(skb, nlh);
1025 
1027  return;
1028 
1029 nla_put_failure:
1030  nlmsg_free(skb);
1031  err = -EMSGSIZE;
1032 errout:
1034 }
1035 
1036 static inline int accept_ra(struct inet6_dev *in6_dev)
1037 {
1038  /*
1039  * If forwarding is enabled, RA are not accepted unless the special
1040  * hybrid mode (accept_ra=2) is enabled.
1041  */
1042  if (in6_dev->cnf.forwarding && in6_dev->cnf.accept_ra < 2)
1043  return 0;
1044 
1045  return in6_dev->cnf.accept_ra;
1046 }
1047 
1048 static void ndisc_router_discovery(struct sk_buff *skb)
1049 {
1050  struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1051  struct neighbour *neigh = NULL;
1052  struct inet6_dev *in6_dev;
1053  struct rt6_info *rt = NULL;
1054  int lifetime;
1055  struct ndisc_options ndopts;
1056  int optlen;
1057  unsigned int pref = 0;
1058 
1059  __u8 * opt = (__u8 *)(ra_msg + 1);
1060 
1061  optlen = (skb->tail - skb->transport_header) - sizeof(struct ra_msg);
1062 
1063  if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1064  ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1065  return;
1066  }
1067  if (optlen < 0) {
1068  ND_PRINTK(2, warn, "RA: packet too short\n");
1069  return;
1070  }
1071 
1072 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1073  if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1074  ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
1075  return;
1076  }
1077 #endif
1078 
1079  /*
1080  * set the RA_RECV flag in the interface
1081  */
1082 
1083  in6_dev = __in6_dev_get(skb->dev);
1084  if (in6_dev == NULL) {
1085  ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1086  skb->dev->name);
1087  return;
1088  }
1089 
1090  if (!ndisc_parse_options(opt, optlen, &ndopts)) {
1091  ND_PRINTK(2, warn, "RA: invalid ND options\n");
1092  return;
1093  }
1094 
1095  if (!accept_ra(in6_dev))
1096  goto skip_linkparms;
1097 
1098 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1099  /* skip link-specific parameters from interior routers */
1100  if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1101  goto skip_linkparms;
1102 #endif
1103 
1104  if (in6_dev->if_flags & IF_RS_SENT) {
1105  /*
1106  * flag that an RA was received after an RS was sent
1107  * out on this interface.
1108  */
1109  in6_dev->if_flags |= IF_RA_RCVD;
1110  }
1111 
1112  /*
1113  * Remember the managed/otherconf flags from most recently
1114  * received RA message (RFC 2462) -- yoshfuji
1115  */
1116  in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1117  IF_RA_OTHERCONF)) |
1118  (ra_msg->icmph.icmp6_addrconf_managed ?
1119  IF_RA_MANAGED : 0) |
1120  (ra_msg->icmph.icmp6_addrconf_other ?
1121  IF_RA_OTHERCONF : 0);
1122 
1123  if (!in6_dev->cnf.accept_ra_defrtr)
1124  goto skip_defrtr;
1125 
1126  if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0))
1127  goto skip_defrtr;
1128 
1129  lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1130 
1131 #ifdef CONFIG_IPV6_ROUTER_PREF
1132  pref = ra_msg->icmph.icmp6_router_pref;
1133  /* 10b is handled as if it were 00b (medium) */
1134  if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1135  !in6_dev->cnf.accept_ra_rtr_pref)
1137 #endif
1138 
1139  rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1140 
1141  if (rt) {
1142  neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1143  if (!neigh) {
1144  ND_PRINTK(0, err,
1145  "RA: %s got default router without neighbour\n",
1146  __func__);
1147  dst_release(&rt->dst);
1148  return;
1149  }
1150  }
1151  if (rt && lifetime == 0) {
1152  ip6_del_rt(rt);
1153  rt = NULL;
1154  }
1155 
1156  if (rt == NULL && lifetime) {
1157  ND_PRINTK(3, dbg, "RA: adding default router\n");
1158 
1159  rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
1160  if (rt == NULL) {
1161  ND_PRINTK(0, err,
1162  "RA: %s failed to add default route\n",
1163  __func__);
1164  return;
1165  }
1166 
1167  neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1168  if (neigh == NULL) {
1169  ND_PRINTK(0, err,
1170  "RA: %s got default router without neighbour\n",
1171  __func__);
1172  dst_release(&rt->dst);
1173  return;
1174  }
1175  neigh->flags |= NTF_ROUTER;
1176  } else if (rt) {
1177  rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1178  }
1179 
1180  if (rt)
1181  rt6_set_expires(rt, jiffies + (HZ * lifetime));
1182  if (ra_msg->icmph.icmp6_hop_limit) {
1183  in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1184  if (rt)
1185  dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
1186  ra_msg->icmph.icmp6_hop_limit);
1187  }
1188 
1189 skip_defrtr:
1190 
1191  /*
1192  * Update Reachable Time and Retrans Timer
1193  */
1194 
1195  if (in6_dev->nd_parms) {
1196  unsigned long rtime = ntohl(ra_msg->retrans_timer);
1197 
1198  if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1199  rtime = (rtime*HZ)/1000;
1200  if (rtime < HZ/10)
1201  rtime = HZ/10;
1202  in6_dev->nd_parms->retrans_time = rtime;
1203  in6_dev->tstamp = jiffies;
1204  inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1205  }
1206 
1207  rtime = ntohl(ra_msg->reachable_time);
1208  if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1209  rtime = (rtime*HZ)/1000;
1210 
1211  if (rtime < HZ/10)
1212  rtime = HZ/10;
1213 
1214  if (rtime != in6_dev->nd_parms->base_reachable_time) {
1215  in6_dev->nd_parms->base_reachable_time = rtime;
1216  in6_dev->nd_parms->gc_staletime = 3 * rtime;
1217  in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1218  in6_dev->tstamp = jiffies;
1219  inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1220  }
1221  }
1222  }
1223 
1224 skip_linkparms:
1225 
1226  /*
1227  * Process options.
1228  */
1229 
1230  if (!neigh)
1231  neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1232  skb->dev, 1);
1233  if (neigh) {
1234  u8 *lladdr = NULL;
1235  if (ndopts.nd_opts_src_lladdr) {
1236  lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1237  skb->dev);
1238  if (!lladdr) {
1239  ND_PRINTK(2, warn,
1240  "RA: invalid link-layer address length\n");
1241  goto out;
1242  }
1243  }
1244  neigh_update(neigh, lladdr, NUD_STALE,
1249  }
1250 
1251  if (!accept_ra(in6_dev))
1252  goto out;
1253 
1254 #ifdef CONFIG_IPV6_ROUTE_INFO
1255  if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0))
1256  goto skip_routeinfo;
1257 
1258  if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1259  struct nd_opt_hdr *p;
1260  for (p = ndopts.nd_opts_ri;
1261  p;
1262  p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1263  struct route_info *ri = (struct route_info *)p;
1264 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1265  if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1266  ri->prefix_len == 0)
1267  continue;
1268 #endif
1269  if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1270  continue;
1271  rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3,
1272  &ipv6_hdr(skb)->saddr);
1273  }
1274  }
1275 
1276 skip_routeinfo:
1277 #endif
1278 
1279 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1280  /* skip link-specific ndopts from interior routers */
1281  if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1282  goto out;
1283 #endif
1284 
1285  if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1286  struct nd_opt_hdr *p;
1287  for (p = ndopts.nd_opts_pi;
1288  p;
1289  p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1290  addrconf_prefix_rcv(skb->dev, (u8 *)p,
1291  (p->nd_opt_len) << 3,
1292  ndopts.nd_opts_src_lladdr != NULL);
1293  }
1294  }
1295 
1296  if (ndopts.nd_opts_mtu) {
1297  __be32 n;
1298  u32 mtu;
1299 
1300  memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1301  mtu = ntohl(n);
1302 
1303  if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1304  ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1305  } else if (in6_dev->cnf.mtu6 != mtu) {
1306  in6_dev->cnf.mtu6 = mtu;
1307 
1308  if (rt)
1309  dst_metric_set(&rt->dst, RTAX_MTU, mtu);
1310 
1311  rt6_mtu_change(skb->dev, mtu);
1312  }
1313  }
1314 
1315  if (ndopts.nd_useropts) {
1316  struct nd_opt_hdr *p;
1317  for (p = ndopts.nd_useropts;
1318  p;
1319  p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) {
1320  ndisc_ra_useropt(skb, p);
1321  }
1322  }
1323 
1324  if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1325  ND_PRINTK(2, warn, "RA: invalid RA options\n");
1326  }
1327 out:
1328  if (rt)
1329  dst_release(&rt->dst);
1330  if (neigh)
1331  neigh_release(neigh);
1332 }
1333 
1334 static void ndisc_redirect_rcv(struct sk_buff *skb)
1335 {
1336 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1337  switch (skb->ndisc_nodetype) {
1338  case NDISC_NODETYPE_HOST:
1340  ND_PRINTK(2, warn,
1341  "Redirect: from host or unauthorized router\n");
1342  return;
1343  }
1344 #endif
1345 
1346  if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1347  ND_PRINTK(2, warn,
1348  "Redirect: source address is not link-local\n");
1349  return;
1350  }
1351 
1352  icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1353 }
1354 
1355 void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1356 {
1357  struct net_device *dev = skb->dev;
1358  struct net *net = dev_net(dev);
1359  struct sock *sk = net->ipv6.ndisc_sk;
1360  int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1361  struct inet_peer *peer;
1362  struct sk_buff *buff;
1363  struct icmp6hdr *icmph;
1364  struct in6_addr saddr_buf;
1365  struct in6_addr *addrp;
1366  struct rt6_info *rt;
1367  struct dst_entry *dst;
1368  struct inet6_dev *idev;
1369  struct flowi6 fl6;
1370  u8 *opt;
1371  int hlen, tlen;
1372  int rd_len;
1373  int err;
1374  u8 ha_buf[MAX_ADDR_LEN], *ha = NULL;
1375  bool ret;
1376 
1377  if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1378  ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1379  dev->name);
1380  return;
1381  }
1382 
1383  if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1384  ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1385  ND_PRINTK(2, warn,
1386  "Redirect: target address is not link-local unicast\n");
1387  return;
1388  }
1389 
1390  icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1391  &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1392 
1393  dst = ip6_route_output(net, NULL, &fl6);
1394  if (dst->error) {
1395  dst_release(dst);
1396  return;
1397  }
1398  dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1399  if (IS_ERR(dst))
1400  return;
1401 
1402  rt = (struct rt6_info *) dst;
1403 
1404  if (rt->rt6i_flags & RTF_GATEWAY) {
1405  ND_PRINTK(2, warn,
1406  "Redirect: destination is not a neighbour\n");
1407  goto release;
1408  }
1409  peer = inet_getpeer_v6(net->ipv6.peers, &rt->rt6i_dst.addr, 1);
1410  ret = inet_peer_xrlim_allow(peer, 1*HZ);
1411  if (peer)
1412  inet_putpeer(peer);
1413  if (!ret)
1414  goto release;
1415 
1416  if (dev->addr_len) {
1417  struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1418  if (!neigh) {
1419  ND_PRINTK(2, warn,
1420  "Redirect: no neigh for target address\n");
1421  goto release;
1422  }
1423 
1424  read_lock_bh(&neigh->lock);
1425  if (neigh->nud_state & NUD_VALID) {
1426  memcpy(ha_buf, neigh->ha, dev->addr_len);
1427  read_unlock_bh(&neigh->lock);
1428  ha = ha_buf;
1429  len += ndisc_opt_addr_space(dev);
1430  } else
1431  read_unlock_bh(&neigh->lock);
1432 
1433  neigh_release(neigh);
1434  }
1435 
1436  rd_len = min_t(unsigned int,
1437  IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8);
1438  rd_len &= ~0x7;
1439  len += rd_len;
1440 
1441  hlen = LL_RESERVED_SPACE(dev);
1442  tlen = dev->needed_tailroom;
1443  buff = sock_alloc_send_skb(sk,
1444  (MAX_HEADER + sizeof(struct ipv6hdr) +
1445  len + hlen + tlen),
1446  1, &err);
1447  if (buff == NULL) {
1448  ND_PRINTK(0, err,
1449  "Redirect: %s failed to allocate an skb, err=%d\n",
1450  __func__, err);
1451  goto release;
1452  }
1453 
1454  skb_reserve(buff, hlen);
1455  ip6_nd_hdr(sk, buff, dev, &saddr_buf, &ipv6_hdr(skb)->saddr,
1456  IPPROTO_ICMPV6, len);
1457 
1458  skb_set_transport_header(buff, skb_tail_pointer(buff) - buff->data);
1459  skb_put(buff, len);
1460  icmph = icmp6_hdr(buff);
1461 
1462  memset(icmph, 0, sizeof(struct icmp6hdr));
1463  icmph->icmp6_type = NDISC_REDIRECT;
1464 
1465  /*
1466  * copy target and destination addresses
1467  */
1468 
1469  addrp = (struct in6_addr *)(icmph + 1);
1470  *addrp = *target;
1471  addrp++;
1472  *addrp = ipv6_hdr(skb)->daddr;
1473 
1474  opt = (u8*) (addrp + 1);
1475 
1476  /*
1477  * include target_address option
1478  */
1479 
1480  if (ha)
1481  opt = ndisc_fill_addr_option(opt, ND_OPT_TARGET_LL_ADDR, ha,
1482  dev->addr_len, dev->type);
1483 
1484  /*
1485  * build redirect option and copy skb over to the new packet.
1486  */
1487 
1488  memset(opt, 0, 8);
1489  *(opt++) = ND_OPT_REDIRECT_HDR;
1490  *(opt++) = (rd_len >> 3);
1491  opt += 6;
1492 
1493  memcpy(opt, ipv6_hdr(skb), rd_len - 8);
1494 
1495  icmph->icmp6_cksum = csum_ipv6_magic(&saddr_buf, &ipv6_hdr(skb)->saddr,
1496  len, IPPROTO_ICMPV6,
1497  csum_partial(icmph, len, 0));
1498 
1499  skb_dst_set(buff, dst);
1500  rcu_read_lock();
1501  idev = __in6_dev_get(dst->dev);
1502  IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
1503  err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, buff, NULL, dst->dev,
1504  dst_output);
1505  if (!err) {
1507  ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
1508  }
1509 
1510  rcu_read_unlock();
1511  return;
1512 
1513 release:
1514  dst_release(dst);
1515 }
1516 
1517 static void pndisc_redo(struct sk_buff *skb)
1518 {
1519  ndisc_recv_ns(skb);
1520  kfree_skb(skb);
1521 }
1522 
1523 int ndisc_rcv(struct sk_buff *skb)
1524 {
1525  struct nd_msg *msg;
1526 
1527  if (!pskb_may_pull(skb, skb->len))
1528  return 0;
1529 
1530  msg = (struct nd_msg *)skb_transport_header(skb);
1531 
1532  __skb_push(skb, skb->data - skb_transport_header(skb));
1533 
1534  if (ipv6_hdr(skb)->hop_limit != 255) {
1535  ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1536  ipv6_hdr(skb)->hop_limit);
1537  return 0;
1538  }
1539 
1540  if (msg->icmph.icmp6_code != 0) {
1541  ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1542  msg->icmph.icmp6_code);
1543  return 0;
1544  }
1545 
1546  memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1547 
1548  switch (msg->icmph.icmp6_type) {
1550  ndisc_recv_ns(skb);
1551  break;
1552 
1554  ndisc_recv_na(skb);
1555  break;
1556 
1558  ndisc_recv_rs(skb);
1559  break;
1560 
1562  ndisc_router_discovery(skb);
1563  break;
1564 
1565  case NDISC_REDIRECT:
1566  ndisc_redirect_rcv(skb);
1567  break;
1568  }
1569 
1570  return 0;
1571 }
1572 
1573 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1574 {
1575  struct net_device *dev = ptr;
1576  struct net *net = dev_net(dev);
1577 
1578  switch (event) {
1579  case NETDEV_CHANGEADDR:
1580  neigh_changeaddr(&nd_tbl, dev);
1581  fib6_run_gc(~0UL, net);
1582  break;
1583  case NETDEV_DOWN:
1584  neigh_ifdown(&nd_tbl, dev);
1585  fib6_run_gc(~0UL, net);
1586  break;
1587  case NETDEV_NOTIFY_PEERS:
1588  ndisc_send_unsol_na(dev);
1589  break;
1590  default:
1591  break;
1592  }
1593 
1594  return NOTIFY_DONE;
1595 }
1596 
1597 static struct notifier_block ndisc_netdev_notifier = {
1598  .notifier_call = ndisc_netdev_event,
1599 };
1600 
1601 #ifdef CONFIG_SYSCTL
1602 static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1603  const char *func, const char *dev_name)
1604 {
1605  static char warncomm[TASK_COMM_LEN];
1606  static int warned;
1607  if (strcmp(warncomm, current->comm) && warned < 5) {
1608  strcpy(warncomm, current->comm);
1609  pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1610  warncomm, func,
1611  dev_name, ctl->procname,
1612  dev_name, ctl->procname);
1613  warned++;
1614  }
1615 }
1616 
1617 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
1618 {
1619  struct net_device *dev = ctl->extra1;
1620  struct inet6_dev *idev;
1621  int ret;
1622 
1623  if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1624  (strcmp(ctl->procname, "base_reachable_time") == 0))
1625  ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1626 
1627  if (strcmp(ctl->procname, "retrans_time") == 0)
1628  ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
1629 
1630  else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1631  ret = proc_dointvec_jiffies(ctl, write,
1632  buffer, lenp, ppos);
1633 
1634  else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1635  (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1636  ret = proc_dointvec_ms_jiffies(ctl, write,
1637  buffer, lenp, ppos);
1638  else
1639  ret = -1;
1640 
1641  if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1642  if (ctl->data == &idev->nd_parms->base_reachable_time)
1643  idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time);
1644  idev->tstamp = jiffies;
1646  in6_dev_put(idev);
1647  }
1648  return ret;
1649 }
1650 
1651 
1652 #endif
1653 
1654 static int __net_init ndisc_net_init(struct net *net)
1655 {
1656  struct ipv6_pinfo *np;
1657  struct sock *sk;
1658  int err;
1659 
1660  err = inet_ctl_sock_create(&sk, PF_INET6,
1661  SOCK_RAW, IPPROTO_ICMPV6, net);
1662  if (err < 0) {
1663  ND_PRINTK(0, err,
1664  "NDISC: Failed to initialize the control socket (err %d)\n",
1665  err);
1666  return err;
1667  }
1668 
1669  net->ipv6.ndisc_sk = sk;
1670 
1671  np = inet6_sk(sk);
1672  np->hop_limit = 255;
1673  /* Do not loopback ndisc messages */
1674  np->mc_loop = 0;
1675 
1676  return 0;
1677 }
1678 
1679 static void __net_exit ndisc_net_exit(struct net *net)
1680 {
1681  inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1682 }
1683 
1684 static struct pernet_operations ndisc_net_ops = {
1685  .init = ndisc_net_init,
1686  .exit = ndisc_net_exit,
1687 };
1688 
1690 {
1691  int err;
1692 
1693  err = register_pernet_subsys(&ndisc_net_ops);
1694  if (err)
1695  return err;
1696  /*
1697  * Initialize the neighbour table
1698  */
1699  neigh_table_init(&nd_tbl);
1700 
1701 #ifdef CONFIG_SYSCTL
1702  err = neigh_sysctl_register(NULL, &nd_tbl.parms, "ipv6",
1703  &ndisc_ifinfo_sysctl_change);
1704  if (err)
1705  goto out_unregister_pernet;
1706 #endif
1707  err = register_netdevice_notifier(&ndisc_netdev_notifier);
1708  if (err)
1709  goto out_unregister_sysctl;
1710 out:
1711  return err;
1712 
1713 out_unregister_sysctl:
1714 #ifdef CONFIG_SYSCTL
1715  neigh_sysctl_unregister(&nd_tbl.parms);
1716 out_unregister_pernet:
1717 #endif
1718  unregister_pernet_subsys(&ndisc_net_ops);
1719  goto out;
1720 }
1721 
1722 void ndisc_cleanup(void)
1723 {
1724  unregister_netdevice_notifier(&ndisc_netdev_notifier);
1725 #ifdef CONFIG_SYSCTL
1726  neigh_sysctl_unregister(&nd_tbl.parms);
1727 #endif
1728  neigh_table_clear(&nd_tbl);
1729  unregister_pernet_subsys(&ndisc_net_ops);
1730 }