1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Neighbour Discovery for IPv6
4 * Linux INET6 implementation
5 *
6 * Authors:
7 * Pedro Roque <roque@di.fc.ul.pt>
8 * Mike Shaver <shaver@ingenia.com>
9 */
10
11 /*
12 * Changes:
13 *
14 * Alexey I. Froloff : RFC6106 (DNSSL) support
15 * Pierre Ynard : export userland ND options
16 * through netlink (RDNSS support)
17 * Lars Fenneberg : fixed MTU setting on receipt
18 * of an RA.
19 * Janos Farkas : kmalloc failure checks
20 * Alexey Kuznetsov : state machine reworked
21 * and moved to net/core.
22 * Pekka Savola : RFC2461 validation
23 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly
24 */
25
26 #define pr_fmt(fmt) "ICMPv6: " fmt
27
28 #include <linux/module.h>
29 #include <linux/errno.h>
30 #include <linux/types.h>
31 #include <linux/socket.h>
32 #include <linux/sockios.h>
33 #include <linux/sched.h>
34 #include <linux/net.h>
35 #include <linux/in6.h>
36 #include <linux/route.h>
37 #include <linux/init.h>
38 #include <linux/rcupdate.h>
39 #include <linux/slab.h>
40 #ifdef CONFIG_SYSCTL
41 #include <linux/sysctl.h>
42 #endif
43
44 #include <linux/if_addr.h>
45 #include <linux/if_ether.h>
46 #include <linux/if_arp.h>
47 #include <linux/ipv6.h>
48 #include <linux/icmpv6.h>
49 #include <linux/jhash.h>
50
51 #include <net/sock.h>
52 #include <net/snmp.h>
53
54 #include <net/ipv6.h>
55 #include <net/protocol.h>
56 #include <net/ndisc.h>
57 #include <net/ip6_route.h>
58 #include <net/addrconf.h>
59 #include <net/icmp.h>
60
61 #include <net/netlink.h>
62 #include <linux/rtnetlink.h>
63
64 #include <net/flow.h>
65 #include <net/ip6_checksum.h>
66 #include <net/inet_common.h>
67 #include <linux/proc_fs.h>
68
69 #include <linux/netfilter.h>
70 #include <linux/netfilter_ipv6.h>
71
72 static u32 ndisc_hash(const void *pkey,
73 const struct net_device *dev,
74 __u32 *hash_rnd);
75 static bool ndisc_key_eq(const struct neighbour *neigh, const void *pkey);
76 static bool ndisc_allow_add(const struct net_device *dev,
77 struct netlink_ext_ack *extack);
78 static int ndisc_constructor(struct neighbour *neigh);
79 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
80 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
81 static int pndisc_constructor(struct pneigh_entry *n);
82 static void pndisc_destructor(struct pneigh_entry *n);
83 static void pndisc_redo(struct sk_buff *skb);
84 static int ndisc_is_multicast(const void *pkey);
85
86 static const struct neigh_ops ndisc_generic_ops = {
87 .family = AF_INET6,
88 .solicit = ndisc_solicit,
89 .error_report = ndisc_error_report,
90 .output = neigh_resolve_output,
91 .connected_output = neigh_connected_output,
92 };
93
94 static const struct neigh_ops ndisc_hh_ops = {
95 .family = AF_INET6,
96 .solicit = ndisc_solicit,
97 .error_report = ndisc_error_report,
98 .output = neigh_resolve_output,
99 .connected_output = neigh_resolve_output,
100 };
101
102
103 static const struct neigh_ops ndisc_direct_ops = {
104 .family = AF_INET6,
105 .output = neigh_direct_output,
106 .connected_output = neigh_direct_output,
107 };
108
109 struct neigh_table nd_tbl = {
110 .family = AF_INET6,
111 .key_len = sizeof(struct in6_addr),
112 .protocol = cpu_to_be16(ETH_P_IPV6),
113 .hash = ndisc_hash,
114 .key_eq = ndisc_key_eq,
115 .constructor = ndisc_constructor,
116 .pconstructor = pndisc_constructor,
117 .pdestructor = pndisc_destructor,
118 .proxy_redo = pndisc_redo,
119 .is_multicast = ndisc_is_multicast,
120 .allow_add = ndisc_allow_add,
121 .id = "ndisc_cache",
122 .parms = {
123 .tbl = &nd_tbl,
124 .reachable_time = ND_REACHABLE_TIME,
125 .data = {
126 [NEIGH_VAR_MCAST_PROBES] = 3,
127 [NEIGH_VAR_UCAST_PROBES] = 3,
128 [NEIGH_VAR_RETRANS_TIME] = ND_RETRANS_TIMER,
129 [NEIGH_VAR_BASE_REACHABLE_TIME] = ND_REACHABLE_TIME,
130 [NEIGH_VAR_DELAY_PROBE_TIME] = 5 * HZ,
131 [NEIGH_VAR_INTERVAL_PROBE_TIME_MS] = 5 * HZ,
132 [NEIGH_VAR_GC_STALETIME] = 60 * HZ,
133 [NEIGH_VAR_QUEUE_LEN_BYTES] = SK_WMEM_MAX,
134 [NEIGH_VAR_PROXY_QLEN] = 64,
135 [NEIGH_VAR_ANYCAST_DELAY] = 1 * HZ,
136 [NEIGH_VAR_PROXY_DELAY] = (8 * HZ) / 10,
137 },
138 },
139 .gc_interval = 30 * HZ,
140 .gc_thresh1 = 128,
141 .gc_thresh2 = 512,
142 .gc_thresh3 = 1024,
143 };
144 EXPORT_SYMBOL_GPL(nd_tbl);
145
__ndisc_fill_addr_option(struct sk_buff * skb,int type,const void * data,int data_len,int pad)146 void __ndisc_fill_addr_option(struct sk_buff *skb, int type, const void *data,
147 int data_len, int pad)
148 {
149 int space = __ndisc_opt_addr_space(data_len, pad);
150 u8 *opt = skb_put(skb, space);
151
152 opt[0] = type;
153 opt[1] = space>>3;
154
155 memset(opt + 2, 0, pad);
156 opt += pad;
157 space -= pad;
158
159 memcpy(opt+2, data, data_len);
160 data_len += 2;
161 opt += data_len;
162 space -= data_len;
163 if (space > 0)
164 memset(opt, 0, space);
165 }
166 EXPORT_SYMBOL_GPL(__ndisc_fill_addr_option);
167
ndisc_fill_addr_option(struct sk_buff * skb,int type,const void * data,u8 icmp6_type)168 static inline void ndisc_fill_addr_option(struct sk_buff *skb, int type,
169 const void *data, u8 icmp6_type)
170 {
171 __ndisc_fill_addr_option(skb, type, data, skb->dev->addr_len,
172 ndisc_addr_option_pad(skb->dev->type));
173 ndisc_ops_fill_addr_option(skb->dev, skb, icmp6_type);
174 }
175
ndisc_fill_redirect_addr_option(struct sk_buff * skb,void * ha,const u8 * ops_data)176 static inline void ndisc_fill_redirect_addr_option(struct sk_buff *skb,
177 void *ha,
178 const u8 *ops_data)
179 {
180 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR, ha, NDISC_REDIRECT);
181 ndisc_ops_fill_redirect_addr_option(skb->dev, skb, ops_data);
182 }
183
ndisc_next_option(struct nd_opt_hdr * cur,struct nd_opt_hdr * end)184 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
185 struct nd_opt_hdr *end)
186 {
187 int type;
188 if (!cur || !end || cur >= end)
189 return NULL;
190 type = cur->nd_opt_type;
191 do {
192 cur = ((void *)cur) + (cur->nd_opt_len << 3);
193 } while (cur < end && cur->nd_opt_type != type);
194 return cur <= end && cur->nd_opt_type == type ? cur : NULL;
195 }
196
ndisc_is_useropt(const struct net_device * dev,struct nd_opt_hdr * opt)197 static inline int ndisc_is_useropt(const struct net_device *dev,
198 struct nd_opt_hdr *opt)
199 {
200 return opt->nd_opt_type == ND_OPT_PREFIX_INFO ||
201 opt->nd_opt_type == ND_OPT_RDNSS ||
202 opt->nd_opt_type == ND_OPT_DNSSL ||
203 opt->nd_opt_type == ND_OPT_CAPTIVE_PORTAL ||
204 opt->nd_opt_type == ND_OPT_PREF64 ||
205 ndisc_ops_is_useropt(dev, opt->nd_opt_type);
206 }
207
ndisc_next_useropt(const struct net_device * dev,struct nd_opt_hdr * cur,struct nd_opt_hdr * end)208 static struct nd_opt_hdr *ndisc_next_useropt(const struct net_device *dev,
209 struct nd_opt_hdr *cur,
210 struct nd_opt_hdr *end)
211 {
212 if (!cur || !end || cur >= end)
213 return NULL;
214 do {
215 cur = ((void *)cur) + (cur->nd_opt_len << 3);
216 } while (cur < end && !ndisc_is_useropt(dev, cur));
217 return cur <= end && ndisc_is_useropt(dev, cur) ? cur : NULL;
218 }
219
ndisc_parse_options(const struct net_device * dev,u8 * opt,int opt_len,struct ndisc_options * ndopts)220 struct ndisc_options *ndisc_parse_options(const struct net_device *dev,
221 u8 *opt, int opt_len,
222 struct ndisc_options *ndopts)
223 {
224 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
225
226 if (!nd_opt || opt_len < 0 || !ndopts)
227 return NULL;
228 memset(ndopts, 0, sizeof(*ndopts));
229 while (opt_len) {
230 bool unknown = false;
231 int l;
232 if (opt_len < sizeof(struct nd_opt_hdr))
233 return NULL;
234 l = nd_opt->nd_opt_len << 3;
235 if (opt_len < l || l == 0)
236 return NULL;
237 if (ndisc_ops_parse_options(dev, nd_opt, ndopts))
238 goto next_opt;
239 switch (nd_opt->nd_opt_type) {
240 case ND_OPT_SOURCE_LL_ADDR:
241 case ND_OPT_TARGET_LL_ADDR:
242 case ND_OPT_MTU:
243 case ND_OPT_NONCE:
244 case ND_OPT_REDIRECT_HDR:
245 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
246 ND_PRINTK(2, warn,
247 "%s: duplicated ND6 option found: type=%d\n",
248 __func__, nd_opt->nd_opt_type);
249 } else {
250 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
251 }
252 break;
253 case ND_OPT_PREFIX_INFO:
254 ndopts->nd_opts_pi_end = nd_opt;
255 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
256 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
257 break;
258 #ifdef CONFIG_IPV6_ROUTE_INFO
259 case ND_OPT_ROUTE_INFO:
260 ndopts->nd_opts_ri_end = nd_opt;
261 if (!ndopts->nd_opts_ri)
262 ndopts->nd_opts_ri = nd_opt;
263 break;
264 #endif
265 default:
266 unknown = true;
267 }
268 if (ndisc_is_useropt(dev, nd_opt)) {
269 ndopts->nd_useropts_end = nd_opt;
270 if (!ndopts->nd_useropts)
271 ndopts->nd_useropts = nd_opt;
272 } else if (unknown) {
273 /*
274 * Unknown options must be silently ignored,
275 * to accommodate future extension to the
276 * protocol.
277 */
278 ND_PRINTK(2, notice,
279 "%s: ignored unsupported option; type=%d, len=%d\n",
280 __func__,
281 nd_opt->nd_opt_type,
282 nd_opt->nd_opt_len);
283 }
284 next_opt:
285 opt_len -= l;
286 nd_opt = ((void *)nd_opt) + l;
287 }
288 return ndopts;
289 }
290
ndisc_mc_map(const struct in6_addr * addr,char * buf,struct net_device * dev,int dir)291 int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
292 {
293 switch (dev->type) {
294 case ARPHRD_ETHER:
295 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */
296 case ARPHRD_FDDI:
297 ipv6_eth_mc_map(addr, buf);
298 return 0;
299 case ARPHRD_ARCNET:
300 ipv6_arcnet_mc_map(addr, buf);
301 return 0;
302 case ARPHRD_INFINIBAND:
303 ipv6_ib_mc_map(addr, dev->broadcast, buf);
304 return 0;
305 case ARPHRD_IPGRE:
306 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
307 default:
308 if (dir) {
309 memcpy(buf, dev->broadcast, dev->addr_len);
310 return 0;
311 }
312 }
313 return -EINVAL;
314 }
315 EXPORT_SYMBOL(ndisc_mc_map);
316
ndisc_hash(const void * pkey,const struct net_device * dev,__u32 * hash_rnd)317 static u32 ndisc_hash(const void *pkey,
318 const struct net_device *dev,
319 __u32 *hash_rnd)
320 {
321 return ndisc_hashfn(pkey, dev, hash_rnd);
322 }
323
ndisc_key_eq(const struct neighbour * n,const void * pkey)324 static bool ndisc_key_eq(const struct neighbour *n, const void *pkey)
325 {
326 return neigh_key_eq128(n, pkey);
327 }
328
ndisc_constructor(struct neighbour * neigh)329 static int ndisc_constructor(struct neighbour *neigh)
330 {
331 struct in6_addr *addr = (struct in6_addr *)&neigh->primary_key;
332 struct net_device *dev = neigh->dev;
333 struct inet6_dev *in6_dev;
334 struct neigh_parms *parms;
335 bool is_multicast = ipv6_addr_is_multicast(addr);
336
337 in6_dev = in6_dev_get(dev);
338 if (!in6_dev) {
339 return -EINVAL;
340 }
341
342 parms = in6_dev->nd_parms;
343 __neigh_parms_put(neigh->parms);
344 neigh->parms = neigh_parms_clone(parms);
345
346 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
347 if (!dev->header_ops) {
348 neigh->nud_state = NUD_NOARP;
349 neigh->ops = &ndisc_direct_ops;
350 neigh->output = neigh_direct_output;
351 } else {
352 if (is_multicast) {
353 neigh->nud_state = NUD_NOARP;
354 ndisc_mc_map(addr, neigh->ha, dev, 1);
355 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
356 neigh->nud_state = NUD_NOARP;
357 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
358 if (dev->flags&IFF_LOOPBACK)
359 neigh->type = RTN_LOCAL;
360 } else if (dev->flags&IFF_POINTOPOINT) {
361 neigh->nud_state = NUD_NOARP;
362 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
363 }
364 if (dev->header_ops->cache)
365 neigh->ops = &ndisc_hh_ops;
366 else
367 neigh->ops = &ndisc_generic_ops;
368 if (neigh->nud_state&NUD_VALID)
369 neigh->output = neigh->ops->connected_output;
370 else
371 neigh->output = neigh->ops->output;
372 }
373 in6_dev_put(in6_dev);
374 return 0;
375 }
376
pndisc_constructor(struct pneigh_entry * n)377 static int pndisc_constructor(struct pneigh_entry *n)
378 {
379 struct in6_addr *addr = (struct in6_addr *)&n->key;
380 struct in6_addr maddr;
381 struct net_device *dev = n->dev;
382
383 if (!dev || !__in6_dev_get(dev))
384 return -EINVAL;
385 addrconf_addr_solict_mult(addr, &maddr);
386 ipv6_dev_mc_inc(dev, &maddr);
387 return 0;
388 }
389
pndisc_destructor(struct pneigh_entry * n)390 static void pndisc_destructor(struct pneigh_entry *n)
391 {
392 struct in6_addr *addr = (struct in6_addr *)&n->key;
393 struct in6_addr maddr;
394 struct net_device *dev = n->dev;
395
396 if (!dev || !__in6_dev_get(dev))
397 return;
398 addrconf_addr_solict_mult(addr, &maddr);
399 ipv6_dev_mc_dec(dev, &maddr);
400 }
401
402 /* called with rtnl held */
ndisc_allow_add(const struct net_device * dev,struct netlink_ext_ack * extack)403 static bool ndisc_allow_add(const struct net_device *dev,
404 struct netlink_ext_ack *extack)
405 {
406 struct inet6_dev *idev = __in6_dev_get(dev);
407
408 if (!idev || idev->cnf.disable_ipv6) {
409 NL_SET_ERR_MSG(extack, "IPv6 is disabled on this device");
410 return false;
411 }
412
413 return true;
414 }
415
ndisc_alloc_skb(struct net_device * dev,int len)416 static struct sk_buff *ndisc_alloc_skb(struct net_device *dev,
417 int len)
418 {
419 int hlen = LL_RESERVED_SPACE(dev);
420 int tlen = dev->needed_tailroom;
421 struct sock *sk = dev_net(dev)->ipv6.ndisc_sk;
422 struct sk_buff *skb;
423
424 skb = alloc_skb(hlen + sizeof(struct ipv6hdr) + len + tlen, GFP_ATOMIC);
425 if (!skb) {
426 ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb\n",
427 __func__);
428 return NULL;
429 }
430
431 skb->protocol = htons(ETH_P_IPV6);
432 skb->dev = dev;
433
434 skb_reserve(skb, hlen + sizeof(struct ipv6hdr));
435 skb_reset_transport_header(skb);
436
437 /* Manually assign socket ownership as we avoid calling
438 * sock_alloc_send_pskb() to bypass wmem buffer limits
439 */
440 skb_set_owner_w(skb, sk);
441
442 return skb;
443 }
444
ip6_nd_hdr(struct sk_buff * skb,const struct in6_addr * saddr,const struct in6_addr * daddr,int hop_limit,int len)445 static void ip6_nd_hdr(struct sk_buff *skb,
446 const struct in6_addr *saddr,
447 const struct in6_addr *daddr,
448 int hop_limit, int len)
449 {
450 struct ipv6hdr *hdr;
451 struct inet6_dev *idev;
452 unsigned tclass;
453
454 rcu_read_lock();
455 idev = __in6_dev_get(skb->dev);
456 tclass = idev ? idev->cnf.ndisc_tclass : 0;
457 rcu_read_unlock();
458
459 skb_push(skb, sizeof(*hdr));
460 skb_reset_network_header(skb);
461 hdr = ipv6_hdr(skb);
462
463 ip6_flow_hdr(hdr, tclass, 0);
464
465 hdr->payload_len = htons(len);
466 hdr->nexthdr = IPPROTO_ICMPV6;
467 hdr->hop_limit = hop_limit;
468
469 hdr->saddr = *saddr;
470 hdr->daddr = *daddr;
471 }
472
ndisc_send_skb(struct sk_buff * skb,const struct in6_addr * daddr,const struct in6_addr * saddr)473 void ndisc_send_skb(struct sk_buff *skb, const struct in6_addr *daddr,
474 const struct in6_addr *saddr)
475 {
476 struct dst_entry *dst = skb_dst(skb);
477 struct net *net = dev_net(skb->dev);
478 struct sock *sk = net->ipv6.ndisc_sk;
479 struct inet6_dev *idev;
480 int err;
481 struct icmp6hdr *icmp6h = icmp6_hdr(skb);
482 u8 type;
483
484 type = icmp6h->icmp6_type;
485
486 if (!dst) {
487 struct flowi6 fl6;
488 int oif = skb->dev->ifindex;
489
490 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, oif);
491 dst = icmp6_dst_alloc(skb->dev, &fl6);
492 if (IS_ERR(dst)) {
493 kfree_skb(skb);
494 return;
495 }
496
497 skb_dst_set(skb, dst);
498 }
499
500 icmp6h->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len,
501 IPPROTO_ICMPV6,
502 csum_partial(icmp6h,
503 skb->len, 0));
504
505 ip6_nd_hdr(skb, saddr, daddr, inet6_sk(sk)->hop_limit, skb->len);
506
507 rcu_read_lock();
508 idev = __in6_dev_get(dst->dev);
509 IP6_INC_STATS(net, idev, IPSTATS_MIB_OUTREQUESTS);
510
511 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT,
512 net, sk, skb, NULL, dst->dev,
513 dst_output);
514 if (!err) {
515 ICMP6MSGOUT_INC_STATS(net, idev, type);
516 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
517 }
518
519 rcu_read_unlock();
520 }
521 EXPORT_SYMBOL(ndisc_send_skb);
522
ndisc_send_na(struct net_device * dev,const struct in6_addr * daddr,const struct in6_addr * solicited_addr,bool router,bool solicited,bool override,bool inc_opt)523 void ndisc_send_na(struct net_device *dev, const struct in6_addr *daddr,
524 const struct in6_addr *solicited_addr,
525 bool router, bool solicited, bool override, bool inc_opt)
526 {
527 struct sk_buff *skb;
528 struct in6_addr tmpaddr;
529 struct inet6_ifaddr *ifp;
530 const struct in6_addr *src_addr;
531 struct nd_msg *msg;
532 int optlen = 0;
533
534 /* for anycast or proxy, solicited_addr != src_addr */
535 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
536 if (ifp) {
537 src_addr = solicited_addr;
538 if (ifp->flags & IFA_F_OPTIMISTIC)
539 override = false;
540 inc_opt |= ifp->idev->cnf.force_tllao;
541 in6_ifa_put(ifp);
542 } else {
543 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
544 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
545 &tmpaddr))
546 return;
547 src_addr = &tmpaddr;
548 }
549
550 if (!dev->addr_len)
551 inc_opt = false;
552 if (inc_opt)
553 optlen += ndisc_opt_addr_space(dev,
554 NDISC_NEIGHBOUR_ADVERTISEMENT);
555
556 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
557 if (!skb)
558 return;
559
560 msg = skb_put(skb, sizeof(*msg));
561 *msg = (struct nd_msg) {
562 .icmph = {
563 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
564 .icmp6_router = router,
565 .icmp6_solicited = solicited,
566 .icmp6_override = override,
567 },
568 .target = *solicited_addr,
569 };
570
571 if (inc_opt)
572 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR,
573 dev->dev_addr,
574 NDISC_NEIGHBOUR_ADVERTISEMENT);
575
576 ndisc_send_skb(skb, daddr, src_addr);
577 }
578
ndisc_send_unsol_na(struct net_device * dev)579 static void ndisc_send_unsol_na(struct net_device *dev)
580 {
581 struct inet6_dev *idev;
582 struct inet6_ifaddr *ifa;
583
584 idev = in6_dev_get(dev);
585 if (!idev)
586 return;
587
588 read_lock_bh(&idev->lock);
589 list_for_each_entry(ifa, &idev->addr_list, if_list) {
590 /* skip tentative addresses until dad completes */
591 if (ifa->flags & IFA_F_TENTATIVE &&
592 !(ifa->flags & IFA_F_OPTIMISTIC))
593 continue;
594
595 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &ifa->addr,
596 /*router=*/ !!idev->cnf.forwarding,
597 /*solicited=*/ false, /*override=*/ true,
598 /*inc_opt=*/ true);
599 }
600 read_unlock_bh(&idev->lock);
601
602 in6_dev_put(idev);
603 }
604
ndisc_ns_create(struct net_device * dev,const struct in6_addr * solicit,const struct in6_addr * saddr,u64 nonce)605 struct sk_buff *ndisc_ns_create(struct net_device *dev, const struct in6_addr *solicit,
606 const struct in6_addr *saddr, u64 nonce)
607 {
608 int inc_opt = dev->addr_len;
609 struct sk_buff *skb;
610 struct nd_msg *msg;
611 int optlen = 0;
612
613 if (!saddr)
614 return NULL;
615
616 if (ipv6_addr_any(saddr))
617 inc_opt = false;
618 if (inc_opt)
619 optlen += ndisc_opt_addr_space(dev,
620 NDISC_NEIGHBOUR_SOLICITATION);
621 if (nonce != 0)
622 optlen += 8;
623
624 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
625 if (!skb)
626 return NULL;
627
628 msg = skb_put(skb, sizeof(*msg));
629 *msg = (struct nd_msg) {
630 .icmph = {
631 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
632 },
633 .target = *solicit,
634 };
635
636 if (inc_opt)
637 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
638 dev->dev_addr,
639 NDISC_NEIGHBOUR_SOLICITATION);
640 if (nonce != 0) {
641 u8 *opt = skb_put(skb, 8);
642
643 opt[0] = ND_OPT_NONCE;
644 opt[1] = 8 >> 3;
645 memcpy(opt + 2, &nonce, 6);
646 }
647
648 return skb;
649 }
650 EXPORT_SYMBOL(ndisc_ns_create);
651
ndisc_send_ns(struct net_device * dev,const struct in6_addr * solicit,const struct in6_addr * daddr,const struct in6_addr * saddr,u64 nonce)652 void ndisc_send_ns(struct net_device *dev, const struct in6_addr *solicit,
653 const struct in6_addr *daddr, const struct in6_addr *saddr,
654 u64 nonce)
655 {
656 struct in6_addr addr_buf;
657 struct sk_buff *skb;
658
659 if (!saddr) {
660 if (ipv6_get_lladdr(dev, &addr_buf,
661 (IFA_F_TENTATIVE | IFA_F_OPTIMISTIC)))
662 return;
663 saddr = &addr_buf;
664 }
665
666 skb = ndisc_ns_create(dev, solicit, saddr, nonce);
667
668 if (skb)
669 ndisc_send_skb(skb, daddr, saddr);
670 }
671
ndisc_send_rs(struct net_device * dev,const struct in6_addr * saddr,const struct in6_addr * daddr)672 void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
673 const struct in6_addr *daddr)
674 {
675 struct sk_buff *skb;
676 struct rs_msg *msg;
677 int send_sllao = dev->addr_len;
678 int optlen = 0;
679
680 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
681 /*
682 * According to section 2.2 of RFC 4429, we must not
683 * send router solicitations with a sllao from
684 * optimistic addresses, but we may send the solicitation
685 * if we don't include the sllao. So here we check
686 * if our address is optimistic, and if so, we
687 * suppress the inclusion of the sllao.
688 */
689 if (send_sllao) {
690 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
691 dev, 1);
692 if (ifp) {
693 if (ifp->flags & IFA_F_OPTIMISTIC) {
694 send_sllao = 0;
695 }
696 in6_ifa_put(ifp);
697 } else {
698 send_sllao = 0;
699 }
700 }
701 #endif
702 if (send_sllao)
703 optlen += ndisc_opt_addr_space(dev, NDISC_ROUTER_SOLICITATION);
704
705 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
706 if (!skb)
707 return;
708
709 msg = skb_put(skb, sizeof(*msg));
710 *msg = (struct rs_msg) {
711 .icmph = {
712 .icmp6_type = NDISC_ROUTER_SOLICITATION,
713 },
714 };
715
716 if (send_sllao)
717 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
718 dev->dev_addr,
719 NDISC_ROUTER_SOLICITATION);
720
721 ndisc_send_skb(skb, daddr, saddr);
722 }
723
724
ndisc_error_report(struct neighbour * neigh,struct sk_buff * skb)725 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
726 {
727 /*
728 * "The sender MUST return an ICMP
729 * destination unreachable"
730 */
731 dst_link_failure(skb);
732 kfree_skb(skb);
733 }
734
735 /* Called with locked neigh: either read or both */
736
ndisc_solicit(struct neighbour * neigh,struct sk_buff * skb)737 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
738 {
739 struct in6_addr *saddr = NULL;
740 struct in6_addr mcaddr;
741 struct net_device *dev = neigh->dev;
742 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
743 int probes = atomic_read(&neigh->probes);
744
745 if (skb && ipv6_chk_addr_and_flags(dev_net(dev), &ipv6_hdr(skb)->saddr,
746 dev, false, 1,
747 IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))
748 saddr = &ipv6_hdr(skb)->saddr;
749 probes -= NEIGH_VAR(neigh->parms, UCAST_PROBES);
750 if (probes < 0) {
751 if (!(READ_ONCE(neigh->nud_state) & NUD_VALID)) {
752 ND_PRINTK(1, dbg,
753 "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
754 __func__, target);
755 }
756 ndisc_send_ns(dev, target, target, saddr, 0);
757 } else if ((probes -= NEIGH_VAR(neigh->parms, APP_PROBES)) < 0) {
758 neigh_app_ns(neigh);
759 } else {
760 addrconf_addr_solict_mult(target, &mcaddr);
761 ndisc_send_ns(dev, target, &mcaddr, saddr, 0);
762 }
763 }
764
pndisc_is_router(const void * pkey,struct net_device * dev)765 static int pndisc_is_router(const void *pkey,
766 struct net_device *dev)
767 {
768 struct pneigh_entry *n;
769 int ret = -1;
770
771 read_lock_bh(&nd_tbl.lock);
772 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
773 if (n)
774 ret = !!(n->flags & NTF_ROUTER);
775 read_unlock_bh(&nd_tbl.lock);
776
777 return ret;
778 }
779
ndisc_update(const struct net_device * dev,struct neighbour * neigh,const u8 * lladdr,u8 new,u32 flags,u8 icmp6_type,struct ndisc_options * ndopts)780 void ndisc_update(const struct net_device *dev, struct neighbour *neigh,
781 const u8 *lladdr, u8 new, u32 flags, u8 icmp6_type,
782 struct ndisc_options *ndopts)
783 {
784 neigh_update(neigh, lladdr, new, flags, 0);
785 /* report ndisc ops about neighbour update */
786 ndisc_ops_update(dev, neigh, flags, icmp6_type, ndopts);
787 }
788
ndisc_recv_ns(struct sk_buff * skb)789 static enum skb_drop_reason ndisc_recv_ns(struct sk_buff *skb)
790 {
791 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
792 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
793 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
794 u8 *lladdr = NULL;
795 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
796 offsetof(struct nd_msg, opt));
797 struct ndisc_options ndopts;
798 struct net_device *dev = skb->dev;
799 struct inet6_ifaddr *ifp;
800 struct inet6_dev *idev = NULL;
801 struct neighbour *neigh;
802 int dad = ipv6_addr_any(saddr);
803 int is_router = -1;
804 SKB_DR(reason);
805 u64 nonce = 0;
806 bool inc;
807
808 if (skb->len < sizeof(struct nd_msg))
809 return SKB_DROP_REASON_PKT_TOO_SMALL;
810
811 if (ipv6_addr_is_multicast(&msg->target)) {
812 ND_PRINTK(2, warn, "NS: multicast target address\n");
813 return reason;
814 }
815
816 /*
817 * RFC2461 7.1.1:
818 * DAD has to be destined for solicited node multicast address.
819 */
820 if (dad && !ipv6_addr_is_solict_mult(daddr)) {
821 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
822 return reason;
823 }
824
825 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts))
826 return SKB_DROP_REASON_IPV6_NDISC_BAD_OPTIONS;
827
828 if (ndopts.nd_opts_src_lladdr) {
829 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
830 if (!lladdr) {
831 ND_PRINTK(2, warn,
832 "NS: invalid link-layer address length\n");
833 return reason;
834 }
835
836 /* RFC2461 7.1.1:
837 * If the IP source address is the unspecified address,
838 * there MUST NOT be source link-layer address option
839 * in the message.
840 */
841 if (dad) {
842 ND_PRINTK(2, warn,
843 "NS: bad DAD packet (link-layer address option)\n");
844 return reason;
845 }
846 }
847 if (ndopts.nd_opts_nonce && ndopts.nd_opts_nonce->nd_opt_len == 1)
848 memcpy(&nonce, (u8 *)(ndopts.nd_opts_nonce + 1), 6);
849
850 inc = ipv6_addr_is_multicast(daddr);
851
852 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
853 if (ifp) {
854 have_ifp:
855 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
856 if (dad) {
857 if (nonce != 0 && ifp->dad_nonce == nonce) {
858 u8 *np = (u8 *)&nonce;
859 /* Matching nonce if looped back */
860 ND_PRINTK(2, notice,
861 "%s: IPv6 DAD loopback for address %pI6c nonce %pM ignored\n",
862 ifp->idev->dev->name,
863 &ifp->addr, np);
864 goto out;
865 }
866 /*
867 * We are colliding with another node
868 * who is doing DAD
869 * so fail our DAD process
870 */
871 addrconf_dad_failure(skb, ifp);
872 return reason;
873 } else {
874 /*
875 * This is not a dad solicitation.
876 * If we are an optimistic node,
877 * we should respond.
878 * Otherwise, we should ignore it.
879 */
880 if (!(ifp->flags & IFA_F_OPTIMISTIC))
881 goto out;
882 }
883 }
884
885 idev = ifp->idev;
886 } else {
887 struct net *net = dev_net(dev);
888
889 /* perhaps an address on the master device */
890 if (netif_is_l3_slave(dev)) {
891 struct net_device *mdev;
892
893 mdev = netdev_master_upper_dev_get_rcu(dev);
894 if (mdev) {
895 ifp = ipv6_get_ifaddr(net, &msg->target, mdev, 1);
896 if (ifp)
897 goto have_ifp;
898 }
899 }
900
901 idev = in6_dev_get(dev);
902 if (!idev) {
903 /* XXX: count this drop? */
904 return reason;
905 }
906
907 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
908 (idev->cnf.forwarding &&
909 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
910 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
911 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
912 skb->pkt_type != PACKET_HOST &&
913 inc &&
914 NEIGH_VAR(idev->nd_parms, PROXY_DELAY) != 0) {
915 /*
916 * for anycast or proxy,
917 * sender should delay its response
918 * by a random time between 0 and
919 * MAX_ANYCAST_DELAY_TIME seconds.
920 * (RFC2461) -- yoshfuji
921 */
922 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
923 if (n)
924 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
925 goto out;
926 }
927 } else {
928 SKB_DR_SET(reason, IPV6_NDISC_NS_OTHERHOST);
929 goto out;
930 }
931 }
932
933 if (is_router < 0)
934 is_router = idev->cnf.forwarding;
935
936 if (dad) {
937 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &msg->target,
938 !!is_router, false, (ifp != NULL), true);
939 goto out;
940 }
941
942 if (inc)
943 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
944 else
945 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
946
947 /*
948 * update / create cache entry
949 * for the source address
950 */
951 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
952 !inc || lladdr || !dev->addr_len);
953 if (neigh)
954 ndisc_update(dev, neigh, lladdr, NUD_STALE,
955 NEIGH_UPDATE_F_WEAK_OVERRIDE|
956 NEIGH_UPDATE_F_OVERRIDE,
957 NDISC_NEIGHBOUR_SOLICITATION, &ndopts);
958 if (neigh || !dev->header_ops) {
959 ndisc_send_na(dev, saddr, &msg->target, !!is_router,
960 true, (ifp != NULL && inc), inc);
961 if (neigh)
962 neigh_release(neigh);
963 reason = SKB_CONSUMED;
964 }
965
966 out:
967 if (ifp)
968 in6_ifa_put(ifp);
969 else
970 in6_dev_put(idev);
971 return reason;
972 }
973
accept_untracked_na(struct net_device * dev,struct in6_addr * saddr)974 static int accept_untracked_na(struct net_device *dev, struct in6_addr *saddr)
975 {
976 struct inet6_dev *idev = __in6_dev_get(dev);
977
978 switch (idev->cnf.accept_untracked_na) {
979 case 0: /* Don't accept untracked na (absent in neighbor cache) */
980 return 0;
981 case 1: /* Create new entries from na if currently untracked */
982 return 1;
983 case 2: /* Create new entries from untracked na only if saddr is in the
984 * same subnet as an address configured on the interface that
985 * received the na
986 */
987 return !!ipv6_chk_prefix(saddr, dev);
988 default:
989 return 0;
990 }
991 }
992
ndisc_recv_na(struct sk_buff * skb)993 static enum skb_drop_reason ndisc_recv_na(struct sk_buff *skb)
994 {
995 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
996 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
997 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
998 u8 *lladdr = NULL;
999 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
1000 offsetof(struct nd_msg, opt));
1001 struct ndisc_options ndopts;
1002 struct net_device *dev = skb->dev;
1003 struct inet6_dev *idev = __in6_dev_get(dev);
1004 struct inet6_ifaddr *ifp;
1005 struct neighbour *neigh;
1006 SKB_DR(reason);
1007 u8 new_state;
1008
1009 if (skb->len < sizeof(struct nd_msg))
1010 return SKB_DROP_REASON_PKT_TOO_SMALL;
1011
1012 if (ipv6_addr_is_multicast(&msg->target)) {
1013 ND_PRINTK(2, warn, "NA: target address is multicast\n");
1014 return reason;
1015 }
1016
1017 if (ipv6_addr_is_multicast(daddr) &&
1018 msg->icmph.icmp6_solicited) {
1019 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
1020 return reason;
1021 }
1022
1023 /* For some 802.11 wireless deployments (and possibly other networks),
1024 * there will be a NA proxy and unsolicitd packets are attacks
1025 * and thus should not be accepted.
1026 * drop_unsolicited_na takes precedence over accept_untracked_na
1027 */
1028 if (!msg->icmph.icmp6_solicited && idev &&
1029 idev->cnf.drop_unsolicited_na)
1030 return reason;
1031
1032 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts))
1033 return SKB_DROP_REASON_IPV6_NDISC_BAD_OPTIONS;
1034
1035 if (ndopts.nd_opts_tgt_lladdr) {
1036 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
1037 if (!lladdr) {
1038 ND_PRINTK(2, warn,
1039 "NA: invalid link-layer address length\n");
1040 return reason;
1041 }
1042 }
1043 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
1044 if (ifp) {
1045 if (skb->pkt_type != PACKET_LOOPBACK
1046 && (ifp->flags & IFA_F_TENTATIVE)) {
1047 addrconf_dad_failure(skb, ifp);
1048 return reason;
1049 }
1050 /* What should we make now? The advertisement
1051 is invalid, but ndisc specs say nothing
1052 about it. It could be misconfiguration, or
1053 an smart proxy agent tries to help us :-)
1054
1055 We should not print the error if NA has been
1056 received from loopback - it is just our own
1057 unsolicited advertisement.
1058 */
1059 if (skb->pkt_type != PACKET_LOOPBACK)
1060 ND_PRINTK(1, warn,
1061 "NA: %pM advertised our address %pI6c on %s!\n",
1062 eth_hdr(skb)->h_source, &ifp->addr, ifp->idev->dev->name);
1063 in6_ifa_put(ifp);
1064 return reason;
1065 }
1066
1067 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
1068
1069 /* RFC 9131 updates original Neighbour Discovery RFC 4861.
1070 * NAs with Target LL Address option without a corresponding
1071 * entry in the neighbour cache can now create a STALE neighbour
1072 * cache entry on routers.
1073 *
1074 * entry accept fwding solicited behaviour
1075 * ------- ------ ------ --------- ----------------------
1076 * present X X 0 Set state to STALE
1077 * present X X 1 Set state to REACHABLE
1078 * absent 0 X X Do nothing
1079 * absent 1 0 X Do nothing
1080 * absent 1 1 X Add a new STALE entry
1081 *
1082 * Note that we don't do a (daddr == all-routers-mcast) check.
1083 */
1084 new_state = msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE;
1085 if (!neigh && lladdr && idev && idev->cnf.forwarding) {
1086 if (accept_untracked_na(dev, saddr)) {
1087 neigh = neigh_create(&nd_tbl, &msg->target, dev);
1088 new_state = NUD_STALE;
1089 }
1090 }
1091
1092 if (neigh && !IS_ERR(neigh)) {
1093 u8 old_flags = neigh->flags;
1094 struct net *net = dev_net(dev);
1095
1096 if (READ_ONCE(neigh->nud_state) & NUD_FAILED)
1097 goto out;
1098
1099 /*
1100 * Don't update the neighbor cache entry on a proxy NA from
1101 * ourselves because either the proxied node is off link or it
1102 * has already sent a NA to us.
1103 */
1104 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
1105 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
1106 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
1107 /* XXX: idev->cnf.proxy_ndp */
1108 goto out;
1109 }
1110
1111 ndisc_update(dev, neigh, lladdr,
1112 new_state,
1113 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1114 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
1115 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1116 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0),
1117 NDISC_NEIGHBOUR_ADVERTISEMENT, &ndopts);
1118
1119 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
1120 /*
1121 * Change: router to host
1122 */
1123 rt6_clean_tohost(dev_net(dev), saddr);
1124 }
1125 reason = SKB_CONSUMED;
1126 out:
1127 neigh_release(neigh);
1128 }
1129 return reason;
1130 }
1131
ndisc_recv_rs(struct sk_buff * skb)1132 static enum skb_drop_reason ndisc_recv_rs(struct sk_buff *skb)
1133 {
1134 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
1135 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
1136 struct neighbour *neigh;
1137 struct inet6_dev *idev;
1138 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
1139 struct ndisc_options ndopts;
1140 u8 *lladdr = NULL;
1141 SKB_DR(reason);
1142
1143 if (skb->len < sizeof(*rs_msg))
1144 return SKB_DROP_REASON_PKT_TOO_SMALL;
1145
1146 idev = __in6_dev_get(skb->dev);
1147 if (!idev) {
1148 ND_PRINTK(1, err, "RS: can't find in6 device\n");
1149 return reason;
1150 }
1151
1152 /* Don't accept RS if we're not in router mode */
1153 if (!idev->cnf.forwarding)
1154 goto out;
1155
1156 /*
1157 * Don't update NCE if src = ::;
1158 * this implies that the source node has no ip address assigned yet.
1159 */
1160 if (ipv6_addr_any(saddr))
1161 goto out;
1162
1163 /* Parse ND options */
1164 if (!ndisc_parse_options(skb->dev, rs_msg->opt, ndoptlen, &ndopts))
1165 return SKB_DROP_REASON_IPV6_NDISC_BAD_OPTIONS;
1166
1167 if (ndopts.nd_opts_src_lladdr) {
1168 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1169 skb->dev);
1170 if (!lladdr)
1171 goto out;
1172 }
1173
1174 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1175 if (neigh) {
1176 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1177 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1178 NEIGH_UPDATE_F_OVERRIDE|
1179 NEIGH_UPDATE_F_OVERRIDE_ISROUTER,
1180 NDISC_ROUTER_SOLICITATION, &ndopts);
1181 neigh_release(neigh);
1182 reason = SKB_CONSUMED;
1183 }
1184 out:
1185 return reason;
1186 }
1187
ndisc_ra_useropt(struct sk_buff * ra,struct nd_opt_hdr * opt)1188 static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1189 {
1190 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1191 struct sk_buff *skb;
1192 struct nlmsghdr *nlh;
1193 struct nduseroptmsg *ndmsg;
1194 struct net *net = dev_net(ra->dev);
1195 int err;
1196 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1197 + (opt->nd_opt_len << 3));
1198 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1199
1200 skb = nlmsg_new(msg_size, GFP_ATOMIC);
1201 if (!skb) {
1202 err = -ENOBUFS;
1203 goto errout;
1204 }
1205
1206 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1207 if (!nlh) {
1208 goto nla_put_failure;
1209 }
1210
1211 ndmsg = nlmsg_data(nlh);
1212 ndmsg->nduseropt_family = AF_INET6;
1213 ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1214 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1215 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1216 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1217
1218 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1219
1220 if (nla_put_in6_addr(skb, NDUSEROPT_SRCADDR, &ipv6_hdr(ra)->saddr))
1221 goto nla_put_failure;
1222 nlmsg_end(skb, nlh);
1223
1224 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1225 return;
1226
1227 nla_put_failure:
1228 nlmsg_free(skb);
1229 err = -EMSGSIZE;
1230 errout:
1231 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1232 }
1233
ndisc_router_discovery(struct sk_buff * skb)1234 static enum skb_drop_reason ndisc_router_discovery(struct sk_buff *skb)
1235 {
1236 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1237 bool send_ifinfo_notify = false;
1238 struct neighbour *neigh = NULL;
1239 struct ndisc_options ndopts;
1240 struct fib6_info *rt = NULL;
1241 struct inet6_dev *in6_dev;
1242 u32 defrtr_usr_metric;
1243 unsigned int pref = 0;
1244 __u32 old_if_flags;
1245 struct net *net;
1246 SKB_DR(reason);
1247 int lifetime;
1248 int optlen;
1249
1250 __u8 *opt = (__u8 *)(ra_msg + 1);
1251
1252 optlen = (skb_tail_pointer(skb) - skb_transport_header(skb)) -
1253 sizeof(struct ra_msg);
1254
1255 ND_PRINTK(2, info,
1256 "RA: %s, dev: %s\n",
1257 __func__, skb->dev->name);
1258 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1259 ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1260 return reason;
1261 }
1262 if (optlen < 0)
1263 return SKB_DROP_REASON_PKT_TOO_SMALL;
1264
1265 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1266 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1267 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
1268 return reason;
1269 }
1270 #endif
1271
1272 in6_dev = __in6_dev_get(skb->dev);
1273 if (!in6_dev) {
1274 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1275 skb->dev->name);
1276 return reason;
1277 }
1278
1279 if (!ndisc_parse_options(skb->dev, opt, optlen, &ndopts))
1280 return SKB_DROP_REASON_IPV6_NDISC_BAD_OPTIONS;
1281
1282 if (!ipv6_accept_ra(in6_dev)) {
1283 ND_PRINTK(2, info,
1284 "RA: %s, did not accept ra for dev: %s\n",
1285 __func__, skb->dev->name);
1286 goto skip_linkparms;
1287 }
1288
1289 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1290 /* skip link-specific parameters from interior routers */
1291 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1292 ND_PRINTK(2, info,
1293 "RA: %s, nodetype is NODEFAULT, dev: %s\n",
1294 __func__, skb->dev->name);
1295 goto skip_linkparms;
1296 }
1297 #endif
1298
1299 if (in6_dev->if_flags & IF_RS_SENT) {
1300 /*
1301 * flag that an RA was received after an RS was sent
1302 * out on this interface.
1303 */
1304 in6_dev->if_flags |= IF_RA_RCVD;
1305 }
1306
1307 /*
1308 * Remember the managed/otherconf flags from most recently
1309 * received RA message (RFC 2462) -- yoshfuji
1310 */
1311 old_if_flags = in6_dev->if_flags;
1312 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1313 IF_RA_OTHERCONF)) |
1314 (ra_msg->icmph.icmp6_addrconf_managed ?
1315 IF_RA_MANAGED : 0) |
1316 (ra_msg->icmph.icmp6_addrconf_other ?
1317 IF_RA_OTHERCONF : 0);
1318
1319 if (old_if_flags != in6_dev->if_flags)
1320 send_ifinfo_notify = true;
1321
1322 if (!in6_dev->cnf.accept_ra_defrtr) {
1323 ND_PRINTK(2, info,
1324 "RA: %s, defrtr is false for dev: %s\n",
1325 __func__, skb->dev->name);
1326 goto skip_defrtr;
1327 }
1328
1329 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1330 if (lifetime != 0 && lifetime < in6_dev->cnf.accept_ra_min_lft) {
1331 ND_PRINTK(2, info,
1332 "RA: router lifetime (%ds) is too short: %s\n",
1333 lifetime, skb->dev->name);
1334 goto skip_defrtr;
1335 }
1336
1337 /* Do not accept RA with source-addr found on local machine unless
1338 * accept_ra_from_local is set to true.
1339 */
1340 net = dev_net(in6_dev->dev);
1341 if (!in6_dev->cnf.accept_ra_from_local &&
1342 ipv6_chk_addr(net, &ipv6_hdr(skb)->saddr, in6_dev->dev, 0)) {
1343 ND_PRINTK(2, info,
1344 "RA from local address detected on dev: %s: default router ignored\n",
1345 skb->dev->name);
1346 goto skip_defrtr;
1347 }
1348
1349 #ifdef CONFIG_IPV6_ROUTER_PREF
1350 pref = ra_msg->icmph.icmp6_router_pref;
1351 /* 10b is handled as if it were 00b (medium) */
1352 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1353 !in6_dev->cnf.accept_ra_rtr_pref)
1354 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1355 #endif
1356 /* routes added from RAs do not use nexthop objects */
1357 rt = rt6_get_dflt_router(net, &ipv6_hdr(skb)->saddr, skb->dev);
1358 if (rt) {
1359 neigh = ip6_neigh_lookup(&rt->fib6_nh->fib_nh_gw6,
1360 rt->fib6_nh->fib_nh_dev, NULL,
1361 &ipv6_hdr(skb)->saddr);
1362 if (!neigh) {
1363 ND_PRINTK(0, err,
1364 "RA: %s got default router without neighbour\n",
1365 __func__);
1366 fib6_info_release(rt);
1367 return reason;
1368 }
1369 }
1370 /* Set default route metric as specified by user */
1371 defrtr_usr_metric = in6_dev->cnf.ra_defrtr_metric;
1372 /* delete the route if lifetime is 0 or if metric needs change */
1373 if (rt && (lifetime == 0 || rt->fib6_metric != defrtr_usr_metric)) {
1374 ip6_del_rt(net, rt, false);
1375 rt = NULL;
1376 }
1377
1378 ND_PRINTK(3, info, "RA: rt: %p lifetime: %d, metric: %d, for dev: %s\n",
1379 rt, lifetime, defrtr_usr_metric, skb->dev->name);
1380 if (!rt && lifetime) {
1381 ND_PRINTK(3, info, "RA: adding default router\n");
1382
1383 if (neigh)
1384 neigh_release(neigh);
1385
1386 rt = rt6_add_dflt_router(net, &ipv6_hdr(skb)->saddr,
1387 skb->dev, pref, defrtr_usr_metric);
1388 if (!rt) {
1389 ND_PRINTK(0, err,
1390 "RA: %s failed to add default route\n",
1391 __func__);
1392 return reason;
1393 }
1394
1395 neigh = ip6_neigh_lookup(&rt->fib6_nh->fib_nh_gw6,
1396 rt->fib6_nh->fib_nh_dev, NULL,
1397 &ipv6_hdr(skb)->saddr);
1398 if (!neigh) {
1399 ND_PRINTK(0, err,
1400 "RA: %s got default router without neighbour\n",
1401 __func__);
1402 fib6_info_release(rt);
1403 return reason;
1404 }
1405 neigh->flags |= NTF_ROUTER;
1406 } else if (rt && IPV6_EXTRACT_PREF(rt->fib6_flags) != pref) {
1407 struct nl_info nlinfo = {
1408 .nl_net = net,
1409 };
1410 rt->fib6_flags = (rt->fib6_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1411 inet6_rt_notify(RTM_NEWROUTE, rt, &nlinfo, NLM_F_REPLACE);
1412 }
1413
1414 if (rt)
1415 fib6_set_expires(rt, jiffies + (HZ * lifetime));
1416 if (in6_dev->cnf.accept_ra_min_hop_limit < 256 &&
1417 ra_msg->icmph.icmp6_hop_limit) {
1418 if (in6_dev->cnf.accept_ra_min_hop_limit <= ra_msg->icmph.icmp6_hop_limit) {
1419 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1420 fib6_metric_set(rt, RTAX_HOPLIMIT,
1421 ra_msg->icmph.icmp6_hop_limit);
1422 } else {
1423 ND_PRINTK(2, warn, "RA: Got route advertisement with lower hop_limit than minimum\n");
1424 }
1425 }
1426
1427 skip_defrtr:
1428
1429 /*
1430 * Update Reachable Time and Retrans Timer
1431 */
1432
1433 if (in6_dev->nd_parms) {
1434 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1435
1436 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1437 rtime = (rtime*HZ)/1000;
1438 if (rtime < HZ/100)
1439 rtime = HZ/100;
1440 NEIGH_VAR_SET(in6_dev->nd_parms, RETRANS_TIME, rtime);
1441 in6_dev->tstamp = jiffies;
1442 send_ifinfo_notify = true;
1443 }
1444
1445 rtime = ntohl(ra_msg->reachable_time);
1446 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1447 rtime = (rtime*HZ)/1000;
1448
1449 if (rtime < HZ/10)
1450 rtime = HZ/10;
1451
1452 if (rtime != NEIGH_VAR(in6_dev->nd_parms, BASE_REACHABLE_TIME)) {
1453 NEIGH_VAR_SET(in6_dev->nd_parms,
1454 BASE_REACHABLE_TIME, rtime);
1455 NEIGH_VAR_SET(in6_dev->nd_parms,
1456 GC_STALETIME, 3 * rtime);
1457 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1458 in6_dev->tstamp = jiffies;
1459 send_ifinfo_notify = true;
1460 }
1461 }
1462 }
1463
1464 skip_linkparms:
1465
1466 /*
1467 * Process options.
1468 */
1469
1470 if (!neigh)
1471 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1472 skb->dev, 1);
1473 if (neigh) {
1474 u8 *lladdr = NULL;
1475 if (ndopts.nd_opts_src_lladdr) {
1476 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1477 skb->dev);
1478 if (!lladdr) {
1479 ND_PRINTK(2, warn,
1480 "RA: invalid link-layer address length\n");
1481 goto out;
1482 }
1483 }
1484 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1485 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1486 NEIGH_UPDATE_F_OVERRIDE|
1487 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1488 NEIGH_UPDATE_F_ISROUTER,
1489 NDISC_ROUTER_ADVERTISEMENT, &ndopts);
1490 reason = SKB_CONSUMED;
1491 }
1492
1493 if (!ipv6_accept_ra(in6_dev)) {
1494 ND_PRINTK(2, info,
1495 "RA: %s, accept_ra is false for dev: %s\n",
1496 __func__, skb->dev->name);
1497 goto out;
1498 }
1499
1500 #ifdef CONFIG_IPV6_ROUTE_INFO
1501 if (!in6_dev->cnf.accept_ra_from_local &&
1502 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
1503 in6_dev->dev, 0)) {
1504 ND_PRINTK(2, info,
1505 "RA from local address detected on dev: %s: router info ignored.\n",
1506 skb->dev->name);
1507 goto skip_routeinfo;
1508 }
1509
1510 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1511 struct nd_opt_hdr *p;
1512 for (p = ndopts.nd_opts_ri;
1513 p;
1514 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1515 struct route_info *ri = (struct route_info *)p;
1516 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1517 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1518 ri->prefix_len == 0)
1519 continue;
1520 #endif
1521 if (ri->prefix_len == 0 &&
1522 !in6_dev->cnf.accept_ra_defrtr)
1523 continue;
1524 if (ri->lifetime != 0 &&
1525 ntohl(ri->lifetime) < in6_dev->cnf.accept_ra_min_lft)
1526 continue;
1527 if (ri->prefix_len < in6_dev->cnf.accept_ra_rt_info_min_plen)
1528 continue;
1529 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1530 continue;
1531 rt6_route_rcv(skb->dev, (u8 *)p, (p->nd_opt_len) << 3,
1532 &ipv6_hdr(skb)->saddr);
1533 }
1534 }
1535
1536 skip_routeinfo:
1537 #endif
1538
1539 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1540 /* skip link-specific ndopts from interior routers */
1541 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1542 ND_PRINTK(2, info,
1543 "RA: %s, nodetype is NODEFAULT (interior routes), dev: %s\n",
1544 __func__, skb->dev->name);
1545 goto out;
1546 }
1547 #endif
1548
1549 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1550 struct nd_opt_hdr *p;
1551 for (p = ndopts.nd_opts_pi;
1552 p;
1553 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1554 addrconf_prefix_rcv(skb->dev, (u8 *)p,
1555 (p->nd_opt_len) << 3,
1556 ndopts.nd_opts_src_lladdr != NULL);
1557 }
1558 }
1559
1560 if (ndopts.nd_opts_mtu && in6_dev->cnf.accept_ra_mtu) {
1561 __be32 n;
1562 u32 mtu;
1563
1564 memcpy(&n, ((u8 *)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1565 mtu = ntohl(n);
1566
1567 if (in6_dev->ra_mtu != mtu) {
1568 in6_dev->ra_mtu = mtu;
1569 send_ifinfo_notify = true;
1570 }
1571
1572 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1573 ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1574 } else if (in6_dev->cnf.mtu6 != mtu) {
1575 in6_dev->cnf.mtu6 = mtu;
1576 fib6_metric_set(rt, RTAX_MTU, mtu);
1577 rt6_mtu_change(skb->dev, mtu);
1578 }
1579 }
1580
1581 if (ndopts.nd_useropts) {
1582 struct nd_opt_hdr *p;
1583 for (p = ndopts.nd_useropts;
1584 p;
1585 p = ndisc_next_useropt(skb->dev, p,
1586 ndopts.nd_useropts_end)) {
1587 ndisc_ra_useropt(skb, p);
1588 }
1589 }
1590
1591 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1592 ND_PRINTK(2, warn, "RA: invalid RA options\n");
1593 }
1594 out:
1595 /* Send a notify if RA changed managed/otherconf flags or
1596 * timer settings or ra_mtu value
1597 */
1598 if (send_ifinfo_notify)
1599 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1600
1601 fib6_info_release(rt);
1602 if (neigh)
1603 neigh_release(neigh);
1604 return reason;
1605 }
1606
ndisc_redirect_rcv(struct sk_buff * skb)1607 static enum skb_drop_reason ndisc_redirect_rcv(struct sk_buff *skb)
1608 {
1609 struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb);
1610 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
1611 offsetof(struct rd_msg, opt));
1612 struct ndisc_options ndopts;
1613 SKB_DR(reason);
1614 u8 *hdr;
1615
1616 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1617 switch (skb->ndisc_nodetype) {
1618 case NDISC_NODETYPE_HOST:
1619 case NDISC_NODETYPE_NODEFAULT:
1620 ND_PRINTK(2, warn,
1621 "Redirect: from host or unauthorized router\n");
1622 return reason;
1623 }
1624 #endif
1625
1626 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1627 ND_PRINTK(2, warn,
1628 "Redirect: source address is not link-local\n");
1629 return reason;
1630 }
1631
1632 if (!ndisc_parse_options(skb->dev, msg->opt, ndoptlen, &ndopts))
1633 return SKB_DROP_REASON_IPV6_NDISC_BAD_OPTIONS;
1634
1635 if (!ndopts.nd_opts_rh) {
1636 ip6_redirect_no_header(skb, dev_net(skb->dev),
1637 skb->dev->ifindex);
1638 return reason;
1639 }
1640
1641 hdr = (u8 *)ndopts.nd_opts_rh;
1642 hdr += 8;
1643 if (!pskb_pull(skb, hdr - skb_transport_header(skb)))
1644 return SKB_DROP_REASON_PKT_TOO_SMALL;
1645
1646 return icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1647 }
1648
ndisc_fill_redirect_hdr_option(struct sk_buff * skb,struct sk_buff * orig_skb,int rd_len)1649 static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb,
1650 struct sk_buff *orig_skb,
1651 int rd_len)
1652 {
1653 u8 *opt = skb_put(skb, rd_len);
1654
1655 memset(opt, 0, 8);
1656 *(opt++) = ND_OPT_REDIRECT_HDR;
1657 *(opt++) = (rd_len >> 3);
1658 opt += 6;
1659
1660 skb_copy_bits(orig_skb, skb_network_offset(orig_skb), opt,
1661 rd_len - 8);
1662 }
1663
ndisc_send_redirect(struct sk_buff * skb,const struct in6_addr * target)1664 void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1665 {
1666 struct net_device *dev = skb->dev;
1667 struct net *net = dev_net(dev);
1668 struct sock *sk = net->ipv6.ndisc_sk;
1669 int optlen = 0;
1670 struct inet_peer *peer;
1671 struct sk_buff *buff;
1672 struct rd_msg *msg;
1673 struct in6_addr saddr_buf;
1674 struct rt6_info *rt;
1675 struct dst_entry *dst;
1676 struct flowi6 fl6;
1677 int rd_len;
1678 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL,
1679 ops_data_buf[NDISC_OPS_REDIRECT_DATA_SPACE], *ops_data = NULL;
1680 bool ret;
1681
1682 if (netif_is_l3_master(skb->dev)) {
1683 dev = __dev_get_by_index(dev_net(skb->dev), IPCB(skb)->iif);
1684 if (!dev)
1685 return;
1686 }
1687
1688 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1689 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1690 dev->name);
1691 return;
1692 }
1693
1694 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1695 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1696 ND_PRINTK(2, warn,
1697 "Redirect: target address is not link-local unicast\n");
1698 return;
1699 }
1700
1701 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1702 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1703
1704 dst = ip6_route_output(net, NULL, &fl6);
1705 if (dst->error) {
1706 dst_release(dst);
1707 return;
1708 }
1709 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1710 if (IS_ERR(dst))
1711 return;
1712
1713 rt = dst_rt6_info(dst);
1714
1715 if (rt->rt6i_flags & RTF_GATEWAY) {
1716 ND_PRINTK(2, warn,
1717 "Redirect: destination is not a neighbour\n");
1718 goto release;
1719 }
1720 peer = inet_getpeer_v6(net->ipv6.peers, &ipv6_hdr(skb)->saddr, 1);
1721 ret = inet_peer_xrlim_allow(peer, 1*HZ);
1722 if (peer)
1723 inet_putpeer(peer);
1724 if (!ret)
1725 goto release;
1726
1727 if (dev->addr_len) {
1728 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1729 if (!neigh) {
1730 ND_PRINTK(2, warn,
1731 "Redirect: no neigh for target address\n");
1732 goto release;
1733 }
1734
1735 read_lock_bh(&neigh->lock);
1736 if (neigh->nud_state & NUD_VALID) {
1737 memcpy(ha_buf, neigh->ha, dev->addr_len);
1738 read_unlock_bh(&neigh->lock);
1739 ha = ha_buf;
1740 optlen += ndisc_redirect_opt_addr_space(dev, neigh,
1741 ops_data_buf,
1742 &ops_data);
1743 } else
1744 read_unlock_bh(&neigh->lock);
1745
1746 neigh_release(neigh);
1747 }
1748
1749 rd_len = min_t(unsigned int,
1750 IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen,
1751 skb->len + 8);
1752 rd_len &= ~0x7;
1753 optlen += rd_len;
1754
1755 buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
1756 if (!buff)
1757 goto release;
1758
1759 msg = skb_put(buff, sizeof(*msg));
1760 *msg = (struct rd_msg) {
1761 .icmph = {
1762 .icmp6_type = NDISC_REDIRECT,
1763 },
1764 .target = *target,
1765 .dest = ipv6_hdr(skb)->daddr,
1766 };
1767
1768 /*
1769 * include target_address option
1770 */
1771
1772 if (ha)
1773 ndisc_fill_redirect_addr_option(buff, ha, ops_data);
1774
1775 /*
1776 * build redirect option and copy skb over to the new packet.
1777 */
1778
1779 if (rd_len)
1780 ndisc_fill_redirect_hdr_option(buff, skb, rd_len);
1781
1782 skb_dst_set(buff, dst);
1783 ndisc_send_skb(buff, &ipv6_hdr(skb)->saddr, &saddr_buf);
1784 return;
1785
1786 release:
1787 dst_release(dst);
1788 }
1789
pndisc_redo(struct sk_buff * skb)1790 static void pndisc_redo(struct sk_buff *skb)
1791 {
1792 enum skb_drop_reason reason = ndisc_recv_ns(skb);
1793
1794 kfree_skb_reason(skb, reason);
1795 }
1796
ndisc_is_multicast(const void * pkey)1797 static int ndisc_is_multicast(const void *pkey)
1798 {
1799 return ipv6_addr_is_multicast((struct in6_addr *)pkey);
1800 }
1801
ndisc_suppress_frag_ndisc(struct sk_buff * skb)1802 static bool ndisc_suppress_frag_ndisc(struct sk_buff *skb)
1803 {
1804 struct inet6_dev *idev = __in6_dev_get(skb->dev);
1805
1806 if (!idev)
1807 return true;
1808 if (IP6CB(skb)->flags & IP6SKB_FRAGMENTED &&
1809 idev->cnf.suppress_frag_ndisc) {
1810 net_warn_ratelimited("Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.\n");
1811 return true;
1812 }
1813 return false;
1814 }
1815
ndisc_rcv(struct sk_buff * skb)1816 enum skb_drop_reason ndisc_rcv(struct sk_buff *skb)
1817 {
1818 struct nd_msg *msg;
1819 SKB_DR(reason);
1820
1821 if (ndisc_suppress_frag_ndisc(skb))
1822 return SKB_DROP_REASON_IPV6_NDISC_FRAG;
1823
1824 if (skb_linearize(skb))
1825 return SKB_DROP_REASON_NOMEM;
1826
1827 msg = (struct nd_msg *)skb_transport_header(skb);
1828
1829 __skb_push(skb, skb->data - skb_transport_header(skb));
1830
1831 if (ipv6_hdr(skb)->hop_limit != 255) {
1832 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1833 ipv6_hdr(skb)->hop_limit);
1834 return SKB_DROP_REASON_IPV6_NDISC_HOP_LIMIT;
1835 }
1836
1837 if (msg->icmph.icmp6_code != 0) {
1838 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1839 msg->icmph.icmp6_code);
1840 return SKB_DROP_REASON_IPV6_NDISC_BAD_CODE;
1841 }
1842
1843 switch (msg->icmph.icmp6_type) {
1844 case NDISC_NEIGHBOUR_SOLICITATION:
1845 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1846 reason = ndisc_recv_ns(skb);
1847 break;
1848
1849 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1850 reason = ndisc_recv_na(skb);
1851 break;
1852
1853 case NDISC_ROUTER_SOLICITATION:
1854 reason = ndisc_recv_rs(skb);
1855 break;
1856
1857 case NDISC_ROUTER_ADVERTISEMENT:
1858 reason = ndisc_router_discovery(skb);
1859 break;
1860
1861 case NDISC_REDIRECT:
1862 reason = ndisc_redirect_rcv(skb);
1863 break;
1864 }
1865
1866 return reason;
1867 }
1868
ndisc_netdev_event(struct notifier_block * this,unsigned long event,void * ptr)1869 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1870 {
1871 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1872 struct netdev_notifier_change_info *change_info;
1873 struct net *net = dev_net(dev);
1874 struct inet6_dev *idev;
1875 bool evict_nocarrier;
1876
1877 switch (event) {
1878 case NETDEV_CHANGEADDR:
1879 neigh_changeaddr(&nd_tbl, dev);
1880 fib6_run_gc(0, net, false);
1881 fallthrough;
1882 case NETDEV_UP:
1883 idev = in6_dev_get(dev);
1884 if (!idev)
1885 break;
1886 if (idev->cnf.ndisc_notify ||
1887 net->ipv6.devconf_all->ndisc_notify)
1888 ndisc_send_unsol_na(dev);
1889 in6_dev_put(idev);
1890 break;
1891 case NETDEV_CHANGE:
1892 idev = in6_dev_get(dev);
1893 if (!idev)
1894 evict_nocarrier = true;
1895 else {
1896 evict_nocarrier = idev->cnf.ndisc_evict_nocarrier &&
1897 net->ipv6.devconf_all->ndisc_evict_nocarrier;
1898 in6_dev_put(idev);
1899 }
1900
1901 change_info = ptr;
1902 if (change_info->flags_changed & IFF_NOARP)
1903 neigh_changeaddr(&nd_tbl, dev);
1904 if (evict_nocarrier && !netif_carrier_ok(dev))
1905 neigh_carrier_down(&nd_tbl, dev);
1906 break;
1907 case NETDEV_DOWN:
1908 neigh_ifdown(&nd_tbl, dev);
1909 fib6_run_gc(0, net, false);
1910 break;
1911 case NETDEV_NOTIFY_PEERS:
1912 ndisc_send_unsol_na(dev);
1913 break;
1914 default:
1915 break;
1916 }
1917
1918 return NOTIFY_DONE;
1919 }
1920
1921 static struct notifier_block ndisc_netdev_notifier = {
1922 .notifier_call = ndisc_netdev_event,
1923 .priority = ADDRCONF_NOTIFY_PRIORITY - 5,
1924 };
1925
1926 #ifdef CONFIG_SYSCTL
ndisc_warn_deprecated_sysctl(struct ctl_table * ctl,const char * func,const char * dev_name)1927 static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1928 const char *func, const char *dev_name)
1929 {
1930 static char warncomm[TASK_COMM_LEN];
1931 static int warned;
1932 if (strcmp(warncomm, current->comm) && warned < 5) {
1933 strcpy(warncomm, current->comm);
1934 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1935 warncomm, func,
1936 dev_name, ctl->procname,
1937 dev_name, ctl->procname);
1938 warned++;
1939 }
1940 }
1941
ndisc_ifinfo_sysctl_change(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)1942 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void *buffer,
1943 size_t *lenp, loff_t *ppos)
1944 {
1945 struct net_device *dev = ctl->extra1;
1946 struct inet6_dev *idev;
1947 int ret;
1948
1949 if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1950 (strcmp(ctl->procname, "base_reachable_time") == 0))
1951 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1952
1953 if (strcmp(ctl->procname, "retrans_time") == 0)
1954 ret = neigh_proc_dointvec(ctl, write, buffer, lenp, ppos);
1955
1956 else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1957 ret = neigh_proc_dointvec_jiffies(ctl, write,
1958 buffer, lenp, ppos);
1959
1960 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1961 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1962 ret = neigh_proc_dointvec_ms_jiffies(ctl, write,
1963 buffer, lenp, ppos);
1964 else
1965 ret = -1;
1966
1967 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1968 if (ctl->data == &NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME))
1969 idev->nd_parms->reachable_time =
1970 neigh_rand_reach_time(NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME));
1971 idev->tstamp = jiffies;
1972 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1973 in6_dev_put(idev);
1974 }
1975 return ret;
1976 }
1977
1978
1979 #endif
1980
ndisc_net_init(struct net * net)1981 static int __net_init ndisc_net_init(struct net *net)
1982 {
1983 struct ipv6_pinfo *np;
1984 struct sock *sk;
1985 int err;
1986
1987 err = inet_ctl_sock_create(&sk, PF_INET6,
1988 SOCK_RAW, IPPROTO_ICMPV6, net);
1989 if (err < 0) {
1990 ND_PRINTK(0, err,
1991 "NDISC: Failed to initialize the control socket (err %d)\n",
1992 err);
1993 return err;
1994 }
1995
1996 net->ipv6.ndisc_sk = sk;
1997
1998 np = inet6_sk(sk);
1999 np->hop_limit = 255;
2000 /* Do not loopback ndisc messages */
2001 np->mc_loop = 0;
2002
2003 return 0;
2004 }
2005
ndisc_net_exit(struct net * net)2006 static void __net_exit ndisc_net_exit(struct net *net)
2007 {
2008 inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
2009 }
2010
2011 static struct pernet_operations ndisc_net_ops = {
2012 .init = ndisc_net_init,
2013 .exit = ndisc_net_exit,
2014 };
2015
ndisc_init(void)2016 int __init ndisc_init(void)
2017 {
2018 int err;
2019
2020 err = register_pernet_subsys(&ndisc_net_ops);
2021 if (err)
2022 return err;
2023 /*
2024 * Initialize the neighbour table
2025 */
2026 neigh_table_init(NEIGH_ND_TABLE, &nd_tbl);
2027
2028 #ifdef CONFIG_SYSCTL
2029 err = neigh_sysctl_register(NULL, &nd_tbl.parms,
2030 ndisc_ifinfo_sysctl_change);
2031 if (err)
2032 goto out_unregister_pernet;
2033 out:
2034 #endif
2035 return err;
2036
2037 #ifdef CONFIG_SYSCTL
2038 out_unregister_pernet:
2039 unregister_pernet_subsys(&ndisc_net_ops);
2040 goto out;
2041 #endif
2042 }
2043
ndisc_late_init(void)2044 int __init ndisc_late_init(void)
2045 {
2046 return register_netdevice_notifier(&ndisc_netdev_notifier);
2047 }
2048
ndisc_late_cleanup(void)2049 void ndisc_late_cleanup(void)
2050 {
2051 unregister_netdevice_notifier(&ndisc_netdev_notifier);
2052 }
2053
ndisc_cleanup(void)2054 void ndisc_cleanup(void)
2055 {
2056 #ifdef CONFIG_SYSCTL
2057 neigh_sysctl_unregister(&nd_tbl.parms);
2058 #endif
2059 neigh_table_clear(NEIGH_ND_TABLE, &nd_tbl);
2060 unregister_pernet_subsys(&ndisc_net_ops);
2061 }
2062