1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Neighbour Discovery for IPv6
4 * Linux INET6 implementation
5 *
6 * Authors:
7 * Pedro Roque <roque@di.fc.ul.pt>
8 * Mike Shaver <shaver@ingenia.com>
9 */
10
11 /*
12 * Changes:
13 *
14 * Alexey I. Froloff : RFC6106 (DNSSL) support
15 * Pierre Ynard : export userland ND options
16 * through netlink (RDNSS support)
17 * Lars Fenneberg : fixed MTU setting on receipt
18 * of an RA.
19 * Janos Farkas : kmalloc failure checks
20 * Alexey Kuznetsov : state machine reworked
21 * and moved to net/core.
22 * Pekka Savola : RFC2461 validation
23 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly
24 */
25
26 #define pr_fmt(fmt) "ICMPv6: " fmt
27
28 #include <linux/module.h>
29 #include <linux/errno.h>
30 #include <linux/types.h>
31 #include <linux/socket.h>
32 #include <linux/sockios.h>
33 #include <linux/sched.h>
34 #include <linux/net.h>
35 #include <linux/in6.h>
36 #include <linux/route.h>
37 #include <linux/init.h>
38 #include <linux/rcupdate.h>
39 #include <linux/slab.h>
40 #ifdef CONFIG_SYSCTL
41 #include <linux/sysctl.h>
42 #endif
43
44 #include <linux/if_addr.h>
45 #include <linux/if_ether.h>
46 #include <linux/if_arp.h>
47 #include <linux/ipv6.h>
48 #include <linux/icmpv6.h>
49 #include <linux/jhash.h>
50
51 #include <net/sock.h>
52 #include <net/snmp.h>
53
54 #include <net/ipv6.h>
55 #include <net/protocol.h>
56 #include <net/ndisc.h>
57 #include <net/ip6_route.h>
58 #include <net/addrconf.h>
59 #include <net/icmp.h>
60
61 #include <net/netlink.h>
62 #include <linux/rtnetlink.h>
63
64 #include <net/flow.h>
65 #include <net/ip6_checksum.h>
66 #include <net/inet_common.h>
67 #include <linux/proc_fs.h>
68
69 #include <linux/netfilter.h>
70 #include <linux/netfilter_ipv6.h>
71
72 static u32 ndisc_hash(const void *pkey,
73 const struct net_device *dev,
74 __u32 *hash_rnd);
75 static bool ndisc_key_eq(const struct neighbour *neigh, const void *pkey);
76 static bool ndisc_allow_add(const struct net_device *dev,
77 struct netlink_ext_ack *extack);
78 static int ndisc_constructor(struct neighbour *neigh);
79 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
80 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
81 static int pndisc_constructor(struct pneigh_entry *n);
82 static void pndisc_destructor(struct pneigh_entry *n);
83 static void pndisc_redo(struct sk_buff *skb);
84 static int ndisc_is_multicast(const void *pkey);
85
86 static const struct neigh_ops ndisc_generic_ops = {
87 .family = AF_INET6,
88 .solicit = ndisc_solicit,
89 .error_report = ndisc_error_report,
90 .output = neigh_resolve_output,
91 .connected_output = neigh_connected_output,
92 };
93
94 static const struct neigh_ops ndisc_hh_ops = {
95 .family = AF_INET6,
96 .solicit = ndisc_solicit,
97 .error_report = ndisc_error_report,
98 .output = neigh_resolve_output,
99 .connected_output = neigh_resolve_output,
100 };
101
102
103 static const struct neigh_ops ndisc_direct_ops = {
104 .family = AF_INET6,
105 .output = neigh_direct_output,
106 .connected_output = neigh_direct_output,
107 };
108
109 struct neigh_table nd_tbl = {
110 .family = AF_INET6,
111 .key_len = sizeof(struct in6_addr),
112 .protocol = cpu_to_be16(ETH_P_IPV6),
113 .hash = ndisc_hash,
114 .key_eq = ndisc_key_eq,
115 .constructor = ndisc_constructor,
116 .pconstructor = pndisc_constructor,
117 .pdestructor = pndisc_destructor,
118 .proxy_redo = pndisc_redo,
119 .is_multicast = ndisc_is_multicast,
120 .allow_add = ndisc_allow_add,
121 .id = "ndisc_cache",
122 .parms = {
123 .tbl = &nd_tbl,
124 .reachable_time = ND_REACHABLE_TIME,
125 .data = {
126 [NEIGH_VAR_MCAST_PROBES] = 3,
127 [NEIGH_VAR_UCAST_PROBES] = 3,
128 [NEIGH_VAR_RETRANS_TIME] = ND_RETRANS_TIMER,
129 [NEIGH_VAR_BASE_REACHABLE_TIME] = ND_REACHABLE_TIME,
130 [NEIGH_VAR_DELAY_PROBE_TIME] = 5 * HZ,
131 [NEIGH_VAR_INTERVAL_PROBE_TIME_MS] = 5 * HZ,
132 [NEIGH_VAR_GC_STALETIME] = 60 * HZ,
133 [NEIGH_VAR_QUEUE_LEN_BYTES] = SK_WMEM_MAX,
134 [NEIGH_VAR_PROXY_QLEN] = 64,
135 [NEIGH_VAR_ANYCAST_DELAY] = 1 * HZ,
136 [NEIGH_VAR_PROXY_DELAY] = (8 * HZ) / 10,
137 },
138 },
139 .gc_interval = 30 * HZ,
140 .gc_thresh1 = 128,
141 .gc_thresh2 = 512,
142 .gc_thresh3 = 1024,
143 };
144 EXPORT_SYMBOL_GPL(nd_tbl);
145
__ndisc_fill_addr_option(struct sk_buff * skb,int type,const void * data,int data_len,int pad)146 void __ndisc_fill_addr_option(struct sk_buff *skb, int type, const void *data,
147 int data_len, int pad)
148 {
149 int space = __ndisc_opt_addr_space(data_len, pad);
150 u8 *opt = skb_put(skb, space);
151
152 opt[0] = type;
153 opt[1] = space>>3;
154
155 memset(opt + 2, 0, pad);
156 opt += pad;
157 space -= pad;
158
159 memcpy(opt+2, data, data_len);
160 data_len += 2;
161 opt += data_len;
162 space -= data_len;
163 if (space > 0)
164 memset(opt, 0, space);
165 }
166 EXPORT_SYMBOL_GPL(__ndisc_fill_addr_option);
167
ndisc_fill_addr_option(struct sk_buff * skb,int type,const void * data,u8 icmp6_type)168 static inline void ndisc_fill_addr_option(struct sk_buff *skb, int type,
169 const void *data, u8 icmp6_type)
170 {
171 __ndisc_fill_addr_option(skb, type, data, skb->dev->addr_len,
172 ndisc_addr_option_pad(skb->dev->type));
173 ndisc_ops_fill_addr_option(skb->dev, skb, icmp6_type);
174 }
175
ndisc_fill_redirect_addr_option(struct sk_buff * skb,void * ha,const u8 * ops_data)176 static inline void ndisc_fill_redirect_addr_option(struct sk_buff *skb,
177 void *ha,
178 const u8 *ops_data)
179 {
180 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR, ha, NDISC_REDIRECT);
181 ndisc_ops_fill_redirect_addr_option(skb->dev, skb, ops_data);
182 }
183
ndisc_next_option(struct nd_opt_hdr * cur,struct nd_opt_hdr * end)184 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
185 struct nd_opt_hdr *end)
186 {
187 int type;
188 if (!cur || !end || cur >= end)
189 return NULL;
190 type = cur->nd_opt_type;
191 do {
192 cur = ((void *)cur) + (cur->nd_opt_len << 3);
193 } while (cur < end && cur->nd_opt_type != type);
194 return cur <= end && cur->nd_opt_type == type ? cur : NULL;
195 }
196
ndisc_is_useropt(const struct net_device * dev,struct nd_opt_hdr * opt)197 static inline int ndisc_is_useropt(const struct net_device *dev,
198 struct nd_opt_hdr *opt)
199 {
200 return opt->nd_opt_type == ND_OPT_PREFIX_INFO ||
201 opt->nd_opt_type == ND_OPT_RDNSS ||
202 opt->nd_opt_type == ND_OPT_DNSSL ||
203 opt->nd_opt_type == ND_OPT_CAPTIVE_PORTAL ||
204 opt->nd_opt_type == ND_OPT_PREF64 ||
205 ndisc_ops_is_useropt(dev, opt->nd_opt_type);
206 }
207
ndisc_next_useropt(const struct net_device * dev,struct nd_opt_hdr * cur,struct nd_opt_hdr * end)208 static struct nd_opt_hdr *ndisc_next_useropt(const struct net_device *dev,
209 struct nd_opt_hdr *cur,
210 struct nd_opt_hdr *end)
211 {
212 if (!cur || !end || cur >= end)
213 return NULL;
214 do {
215 cur = ((void *)cur) + (cur->nd_opt_len << 3);
216 } while (cur < end && !ndisc_is_useropt(dev, cur));
217 return cur <= end && ndisc_is_useropt(dev, cur) ? cur : NULL;
218 }
219
ndisc_parse_options(const struct net_device * dev,u8 * opt,int opt_len,struct ndisc_options * ndopts)220 struct ndisc_options *ndisc_parse_options(const struct net_device *dev,
221 u8 *opt, int opt_len,
222 struct ndisc_options *ndopts)
223 {
224 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
225
226 if (!nd_opt || opt_len < 0 || !ndopts)
227 return NULL;
228 memset(ndopts, 0, sizeof(*ndopts));
229 while (opt_len) {
230 bool unknown = false;
231 int l;
232 if (opt_len < sizeof(struct nd_opt_hdr))
233 return NULL;
234 l = nd_opt->nd_opt_len << 3;
235 if (opt_len < l || l == 0)
236 return NULL;
237 if (ndisc_ops_parse_options(dev, nd_opt, ndopts))
238 goto next_opt;
239 switch (nd_opt->nd_opt_type) {
240 case ND_OPT_SOURCE_LL_ADDR:
241 case ND_OPT_TARGET_LL_ADDR:
242 case ND_OPT_MTU:
243 case ND_OPT_NONCE:
244 case ND_OPT_REDIRECT_HDR:
245 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
246 ND_PRINTK(2, warn,
247 "%s: duplicated ND6 option found: type=%d\n",
248 __func__, nd_opt->nd_opt_type);
249 } else {
250 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
251 }
252 break;
253 case ND_OPT_PREFIX_INFO:
254 ndopts->nd_opts_pi_end = nd_opt;
255 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
256 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
257 break;
258 #ifdef CONFIG_IPV6_ROUTE_INFO
259 case ND_OPT_ROUTE_INFO:
260 ndopts->nd_opts_ri_end = nd_opt;
261 if (!ndopts->nd_opts_ri)
262 ndopts->nd_opts_ri = nd_opt;
263 break;
264 #endif
265 default:
266 unknown = true;
267 }
268 if (ndisc_is_useropt(dev, nd_opt)) {
269 ndopts->nd_useropts_end = nd_opt;
270 if (!ndopts->nd_useropts)
271 ndopts->nd_useropts = nd_opt;
272 } else if (unknown) {
273 /*
274 * Unknown options must be silently ignored,
275 * to accommodate future extension to the
276 * protocol.
277 */
278 ND_PRINTK(2, notice,
279 "%s: ignored unsupported option; type=%d, len=%d\n",
280 __func__,
281 nd_opt->nd_opt_type,
282 nd_opt->nd_opt_len);
283 }
284 next_opt:
285 opt_len -= l;
286 nd_opt = ((void *)nd_opt) + l;
287 }
288 return ndopts;
289 }
290
ndisc_mc_map(const struct in6_addr * addr,char * buf,struct net_device * dev,int dir)291 int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
292 {
293 switch (dev->type) {
294 case ARPHRD_ETHER:
295 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */
296 case ARPHRD_FDDI:
297 ipv6_eth_mc_map(addr, buf);
298 return 0;
299 case ARPHRD_ARCNET:
300 ipv6_arcnet_mc_map(addr, buf);
301 return 0;
302 case ARPHRD_INFINIBAND:
303 ipv6_ib_mc_map(addr, dev->broadcast, buf);
304 return 0;
305 case ARPHRD_IPGRE:
306 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
307 default:
308 if (dir) {
309 memcpy(buf, dev->broadcast, dev->addr_len);
310 return 0;
311 }
312 }
313 return -EINVAL;
314 }
315 EXPORT_SYMBOL(ndisc_mc_map);
316
ndisc_hash(const void * pkey,const struct net_device * dev,__u32 * hash_rnd)317 static u32 ndisc_hash(const void *pkey,
318 const struct net_device *dev,
319 __u32 *hash_rnd)
320 {
321 return ndisc_hashfn(pkey, dev, hash_rnd);
322 }
323
ndisc_key_eq(const struct neighbour * n,const void * pkey)324 static bool ndisc_key_eq(const struct neighbour *n, const void *pkey)
325 {
326 return neigh_key_eq128(n, pkey);
327 }
328
ndisc_constructor(struct neighbour * neigh)329 static int ndisc_constructor(struct neighbour *neigh)
330 {
331 struct in6_addr *addr = (struct in6_addr *)&neigh->primary_key;
332 struct net_device *dev = neigh->dev;
333 struct inet6_dev *in6_dev;
334 struct neigh_parms *parms;
335 bool is_multicast = ipv6_addr_is_multicast(addr);
336
337 in6_dev = in6_dev_get(dev);
338 if (!in6_dev) {
339 return -EINVAL;
340 }
341
342 parms = in6_dev->nd_parms;
343 __neigh_parms_put(neigh->parms);
344 neigh->parms = neigh_parms_clone(parms);
345
346 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
347 if (!dev->header_ops) {
348 neigh->nud_state = NUD_NOARP;
349 neigh->ops = &ndisc_direct_ops;
350 neigh->output = neigh_direct_output;
351 } else {
352 if (is_multicast) {
353 neigh->nud_state = NUD_NOARP;
354 ndisc_mc_map(addr, neigh->ha, dev, 1);
355 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
356 neigh->nud_state = NUD_NOARP;
357 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
358 if (dev->flags&IFF_LOOPBACK)
359 neigh->type = RTN_LOCAL;
360 } else if (dev->flags&IFF_POINTOPOINT) {
361 neigh->nud_state = NUD_NOARP;
362 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
363 }
364 if (dev->header_ops->cache)
365 neigh->ops = &ndisc_hh_ops;
366 else
367 neigh->ops = &ndisc_generic_ops;
368 if (neigh->nud_state&NUD_VALID)
369 neigh->output = neigh->ops->connected_output;
370 else
371 neigh->output = neigh->ops->output;
372 }
373 in6_dev_put(in6_dev);
374 return 0;
375 }
376
pndisc_constructor(struct pneigh_entry * n)377 static int pndisc_constructor(struct pneigh_entry *n)
378 {
379 struct in6_addr *addr = (struct in6_addr *)&n->key;
380 struct in6_addr maddr;
381 struct net_device *dev = n->dev;
382
383 if (!dev || !__in6_dev_get(dev))
384 return -EINVAL;
385 addrconf_addr_solict_mult(addr, &maddr);
386 ipv6_dev_mc_inc(dev, &maddr);
387 return 0;
388 }
389
pndisc_destructor(struct pneigh_entry * n)390 static void pndisc_destructor(struct pneigh_entry *n)
391 {
392 struct in6_addr *addr = (struct in6_addr *)&n->key;
393 struct in6_addr maddr;
394 struct net_device *dev = n->dev;
395
396 if (!dev || !__in6_dev_get(dev))
397 return;
398 addrconf_addr_solict_mult(addr, &maddr);
399 ipv6_dev_mc_dec(dev, &maddr);
400 }
401
402 /* called with rtnl held */
ndisc_allow_add(const struct net_device * dev,struct netlink_ext_ack * extack)403 static bool ndisc_allow_add(const struct net_device *dev,
404 struct netlink_ext_ack *extack)
405 {
406 struct inet6_dev *idev = __in6_dev_get(dev);
407
408 if (!idev || idev->cnf.disable_ipv6) {
409 NL_SET_ERR_MSG(extack, "IPv6 is disabled on this device");
410 return false;
411 }
412
413 return true;
414 }
415
ndisc_alloc_skb(struct net_device * dev,int len)416 static struct sk_buff *ndisc_alloc_skb(struct net_device *dev,
417 int len)
418 {
419 int hlen = LL_RESERVED_SPACE(dev);
420 int tlen = dev->needed_tailroom;
421 struct sk_buff *skb;
422
423 skb = alloc_skb(hlen + sizeof(struct ipv6hdr) + len + tlen, GFP_ATOMIC);
424 if (!skb)
425 return NULL;
426
427 skb->protocol = htons(ETH_P_IPV6);
428 skb->dev = dev;
429
430 skb_reserve(skb, hlen + sizeof(struct ipv6hdr));
431 skb_reset_transport_header(skb);
432
433 /* Manually assign socket ownership as we avoid calling
434 * sock_alloc_send_pskb() to bypass wmem buffer limits
435 */
436 rcu_read_lock();
437 skb_set_owner_w(skb, dev_net_rcu(dev)->ipv6.ndisc_sk);
438 rcu_read_unlock();
439
440 return skb;
441 }
442
ip6_nd_hdr(struct sk_buff * skb,const struct in6_addr * saddr,const struct in6_addr * daddr,int hop_limit,int len)443 static void ip6_nd_hdr(struct sk_buff *skb,
444 const struct in6_addr *saddr,
445 const struct in6_addr *daddr,
446 int hop_limit, int len)
447 {
448 struct ipv6hdr *hdr;
449 struct inet6_dev *idev;
450 unsigned tclass;
451
452 rcu_read_lock();
453 idev = __in6_dev_get(skb->dev);
454 tclass = idev ? idev->cnf.ndisc_tclass : 0;
455 rcu_read_unlock();
456
457 skb_push(skb, sizeof(*hdr));
458 skb_reset_network_header(skb);
459 hdr = ipv6_hdr(skb);
460
461 ip6_flow_hdr(hdr, tclass, 0);
462
463 hdr->payload_len = htons(len);
464 hdr->nexthdr = IPPROTO_ICMPV6;
465 hdr->hop_limit = hop_limit;
466
467 hdr->saddr = *saddr;
468 hdr->daddr = *daddr;
469 }
470
ndisc_send_skb(struct sk_buff * skb,const struct in6_addr * daddr,const struct in6_addr * saddr)471 void ndisc_send_skb(struct sk_buff *skb, const struct in6_addr *daddr,
472 const struct in6_addr *saddr)
473 {
474 struct icmp6hdr *icmp6h = icmp6_hdr(skb);
475 struct dst_entry *dst = skb_dst(skb);
476 struct inet6_dev *idev;
477 struct net *net;
478 struct sock *sk;
479 int err;
480 u8 type;
481
482 type = icmp6h->icmp6_type;
483
484 rcu_read_lock();
485
486 net = dev_net_rcu(skb->dev);
487 sk = net->ipv6.ndisc_sk;
488 if (!dst) {
489 struct flowi6 fl6;
490 int oif = skb->dev->ifindex;
491
492 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, oif);
493 dst = icmp6_dst_alloc(skb->dev, &fl6);
494 if (IS_ERR(dst)) {
495 rcu_read_unlock();
496 kfree_skb(skb);
497 return;
498 }
499
500 skb_dst_set(skb, dst);
501 }
502
503 icmp6h->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len,
504 IPPROTO_ICMPV6,
505 csum_partial(icmp6h,
506 skb->len, 0));
507
508 ip6_nd_hdr(skb, saddr, daddr, inet6_sk(sk)->hop_limit, skb->len);
509
510 idev = __in6_dev_get(dst->dev);
511 IP6_INC_STATS(net, idev, IPSTATS_MIB_OUTREQUESTS);
512
513 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT,
514 net, sk, skb, NULL, dst->dev,
515 dst_output);
516 if (!err) {
517 ICMP6MSGOUT_INC_STATS(net, idev, type);
518 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
519 }
520
521 rcu_read_unlock();
522 }
523 EXPORT_SYMBOL(ndisc_send_skb);
524
ndisc_send_na(struct net_device * dev,const struct in6_addr * daddr,const struct in6_addr * solicited_addr,bool router,bool solicited,bool override,bool inc_opt)525 void ndisc_send_na(struct net_device *dev, const struct in6_addr *daddr,
526 const struct in6_addr *solicited_addr,
527 bool router, bool solicited, bool override, bool inc_opt)
528 {
529 struct sk_buff *skb;
530 struct in6_addr tmpaddr;
531 struct inet6_ifaddr *ifp;
532 const struct in6_addr *src_addr;
533 struct nd_msg *msg;
534 int optlen = 0;
535
536 /* for anycast or proxy, solicited_addr != src_addr */
537 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
538 if (ifp) {
539 src_addr = solicited_addr;
540 if (ifp->flags & IFA_F_OPTIMISTIC)
541 override = false;
542 inc_opt |= ifp->idev->cnf.force_tllao;
543 in6_ifa_put(ifp);
544 } else {
545 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
546 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
547 &tmpaddr))
548 return;
549 src_addr = &tmpaddr;
550 }
551
552 if (!dev->addr_len)
553 inc_opt = false;
554 if (inc_opt)
555 optlen += ndisc_opt_addr_space(dev,
556 NDISC_NEIGHBOUR_ADVERTISEMENT);
557
558 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
559 if (!skb)
560 return;
561
562 msg = skb_put(skb, sizeof(*msg));
563 *msg = (struct nd_msg) {
564 .icmph = {
565 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
566 .icmp6_router = router,
567 .icmp6_solicited = solicited,
568 .icmp6_override = override,
569 },
570 .target = *solicited_addr,
571 };
572
573 if (inc_opt)
574 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR,
575 dev->dev_addr,
576 NDISC_NEIGHBOUR_ADVERTISEMENT);
577
578 ndisc_send_skb(skb, daddr, src_addr);
579 }
580
ndisc_send_unsol_na(struct net_device * dev)581 static void ndisc_send_unsol_na(struct net_device *dev)
582 {
583 struct inet6_dev *idev;
584 struct inet6_ifaddr *ifa;
585
586 idev = in6_dev_get(dev);
587 if (!idev)
588 return;
589
590 read_lock_bh(&idev->lock);
591 list_for_each_entry(ifa, &idev->addr_list, if_list) {
592 /* skip tentative addresses until dad completes */
593 if (ifa->flags & IFA_F_TENTATIVE &&
594 !(ifa->flags & IFA_F_OPTIMISTIC))
595 continue;
596
597 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &ifa->addr,
598 /*router=*/ !!idev->cnf.forwarding,
599 /*solicited=*/ false, /*override=*/ true,
600 /*inc_opt=*/ true);
601 }
602 read_unlock_bh(&idev->lock);
603
604 in6_dev_put(idev);
605 }
606
ndisc_ns_create(struct net_device * dev,const struct in6_addr * solicit,const struct in6_addr * saddr,u64 nonce)607 struct sk_buff *ndisc_ns_create(struct net_device *dev, const struct in6_addr *solicit,
608 const struct in6_addr *saddr, u64 nonce)
609 {
610 int inc_opt = dev->addr_len;
611 struct sk_buff *skb;
612 struct nd_msg *msg;
613 int optlen = 0;
614
615 if (!saddr)
616 return NULL;
617
618 if (ipv6_addr_any(saddr))
619 inc_opt = false;
620 if (inc_opt)
621 optlen += ndisc_opt_addr_space(dev,
622 NDISC_NEIGHBOUR_SOLICITATION);
623 if (nonce != 0)
624 optlen += 8;
625
626 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
627 if (!skb)
628 return NULL;
629
630 msg = skb_put(skb, sizeof(*msg));
631 *msg = (struct nd_msg) {
632 .icmph = {
633 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
634 },
635 .target = *solicit,
636 };
637
638 if (inc_opt)
639 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
640 dev->dev_addr,
641 NDISC_NEIGHBOUR_SOLICITATION);
642 if (nonce != 0) {
643 u8 *opt = skb_put(skb, 8);
644
645 opt[0] = ND_OPT_NONCE;
646 opt[1] = 8 >> 3;
647 memcpy(opt + 2, &nonce, 6);
648 }
649
650 return skb;
651 }
652 EXPORT_SYMBOL(ndisc_ns_create);
653
ndisc_send_ns(struct net_device * dev,const struct in6_addr * solicit,const struct in6_addr * daddr,const struct in6_addr * saddr,u64 nonce)654 void ndisc_send_ns(struct net_device *dev, const struct in6_addr *solicit,
655 const struct in6_addr *daddr, const struct in6_addr *saddr,
656 u64 nonce)
657 {
658 struct in6_addr addr_buf;
659 struct sk_buff *skb;
660
661 if (!saddr) {
662 if (ipv6_get_lladdr(dev, &addr_buf,
663 (IFA_F_TENTATIVE | IFA_F_OPTIMISTIC)))
664 return;
665 saddr = &addr_buf;
666 }
667
668 skb = ndisc_ns_create(dev, solicit, saddr, nonce);
669
670 if (skb)
671 ndisc_send_skb(skb, daddr, saddr);
672 }
673
ndisc_send_rs(struct net_device * dev,const struct in6_addr * saddr,const struct in6_addr * daddr)674 void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
675 const struct in6_addr *daddr)
676 {
677 struct sk_buff *skb;
678 struct rs_msg *msg;
679 int send_sllao = dev->addr_len;
680 int optlen = 0;
681
682 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
683 /*
684 * According to section 2.2 of RFC 4429, we must not
685 * send router solicitations with a sllao from
686 * optimistic addresses, but we may send the solicitation
687 * if we don't include the sllao. So here we check
688 * if our address is optimistic, and if so, we
689 * suppress the inclusion of the sllao.
690 */
691 if (send_sllao) {
692 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
693 dev, 1);
694 if (ifp) {
695 if (ifp->flags & IFA_F_OPTIMISTIC) {
696 send_sllao = 0;
697 }
698 in6_ifa_put(ifp);
699 } else {
700 send_sllao = 0;
701 }
702 }
703 #endif
704 if (send_sllao)
705 optlen += ndisc_opt_addr_space(dev, NDISC_ROUTER_SOLICITATION);
706
707 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
708 if (!skb)
709 return;
710
711 msg = skb_put(skb, sizeof(*msg));
712 *msg = (struct rs_msg) {
713 .icmph = {
714 .icmp6_type = NDISC_ROUTER_SOLICITATION,
715 },
716 };
717
718 if (send_sllao)
719 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
720 dev->dev_addr,
721 NDISC_ROUTER_SOLICITATION);
722
723 ndisc_send_skb(skb, daddr, saddr);
724 }
725
726
ndisc_error_report(struct neighbour * neigh,struct sk_buff * skb)727 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
728 {
729 /*
730 * "The sender MUST return an ICMP
731 * destination unreachable"
732 */
733 dst_link_failure(skb);
734 kfree_skb(skb);
735 }
736
737 /* Called with locked neigh: either read or both */
738
ndisc_solicit(struct neighbour * neigh,struct sk_buff * skb)739 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
740 {
741 struct in6_addr *saddr = NULL;
742 struct in6_addr mcaddr;
743 struct net_device *dev = neigh->dev;
744 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
745 int probes = atomic_read(&neigh->probes);
746
747 if (skb && ipv6_chk_addr_and_flags(dev_net(dev), &ipv6_hdr(skb)->saddr,
748 dev, false, 1,
749 IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))
750 saddr = &ipv6_hdr(skb)->saddr;
751 probes -= NEIGH_VAR(neigh->parms, UCAST_PROBES);
752 if (probes < 0) {
753 if (!(READ_ONCE(neigh->nud_state) & NUD_VALID)) {
754 ND_PRINTK(1, dbg,
755 "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
756 __func__, target);
757 }
758 ndisc_send_ns(dev, target, target, saddr, 0);
759 } else if ((probes -= NEIGH_VAR(neigh->parms, APP_PROBES)) < 0) {
760 neigh_app_ns(neigh);
761 } else {
762 addrconf_addr_solict_mult(target, &mcaddr);
763 ndisc_send_ns(dev, target, &mcaddr, saddr, 0);
764 }
765 }
766
pndisc_is_router(const void * pkey,struct net_device * dev)767 static int pndisc_is_router(const void *pkey,
768 struct net_device *dev)
769 {
770 struct pneigh_entry *n;
771 int ret = -1;
772
773 read_lock_bh(&nd_tbl.lock);
774 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
775 if (n)
776 ret = !!(n->flags & NTF_ROUTER);
777 read_unlock_bh(&nd_tbl.lock);
778
779 return ret;
780 }
781
ndisc_update(const struct net_device * dev,struct neighbour * neigh,const u8 * lladdr,u8 new,u32 flags,u8 icmp6_type,struct ndisc_options * ndopts)782 void ndisc_update(const struct net_device *dev, struct neighbour *neigh,
783 const u8 *lladdr, u8 new, u32 flags, u8 icmp6_type,
784 struct ndisc_options *ndopts)
785 {
786 neigh_update(neigh, lladdr, new, flags, 0);
787 /* report ndisc ops about neighbour update */
788 ndisc_ops_update(dev, neigh, flags, icmp6_type, ndopts);
789 }
790
ndisc_recv_ns(struct sk_buff * skb)791 static enum skb_drop_reason ndisc_recv_ns(struct sk_buff *skb)
792 {
793 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
794 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
795 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
796 u8 *lladdr = NULL;
797 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
798 offsetof(struct nd_msg, opt));
799 struct ndisc_options ndopts;
800 struct net_device *dev = skb->dev;
801 struct inet6_ifaddr *ifp;
802 struct inet6_dev *idev = NULL;
803 struct neighbour *neigh;
804 int dad = ipv6_addr_any(saddr);
805 int is_router = -1;
806 SKB_DR(reason);
807 u64 nonce = 0;
808 bool inc;
809
810 if (skb->len < sizeof(struct nd_msg))
811 return SKB_DROP_REASON_PKT_TOO_SMALL;
812
813 if (ipv6_addr_is_multicast(&msg->target)) {
814 ND_PRINTK(2, warn, "NS: multicast target address\n");
815 return reason;
816 }
817
818 /*
819 * RFC2461 7.1.1:
820 * DAD has to be destined for solicited node multicast address.
821 */
822 if (dad && !ipv6_addr_is_solict_mult(daddr)) {
823 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
824 return reason;
825 }
826
827 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts))
828 return SKB_DROP_REASON_IPV6_NDISC_BAD_OPTIONS;
829
830 if (ndopts.nd_opts_src_lladdr) {
831 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
832 if (!lladdr) {
833 ND_PRINTK(2, warn,
834 "NS: invalid link-layer address length\n");
835 return reason;
836 }
837
838 /* RFC2461 7.1.1:
839 * If the IP source address is the unspecified address,
840 * there MUST NOT be source link-layer address option
841 * in the message.
842 */
843 if (dad) {
844 ND_PRINTK(2, warn,
845 "NS: bad DAD packet (link-layer address option)\n");
846 return reason;
847 }
848 }
849 if (ndopts.nd_opts_nonce && ndopts.nd_opts_nonce->nd_opt_len == 1)
850 memcpy(&nonce, (u8 *)(ndopts.nd_opts_nonce + 1), 6);
851
852 inc = ipv6_addr_is_multicast(daddr);
853
854 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
855 if (ifp) {
856 have_ifp:
857 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
858 if (dad) {
859 if (nonce != 0 && ifp->dad_nonce == nonce) {
860 u8 *np = (u8 *)&nonce;
861 /* Matching nonce if looped back */
862 ND_PRINTK(2, notice,
863 "%s: IPv6 DAD loopback for address %pI6c nonce %pM ignored\n",
864 ifp->idev->dev->name,
865 &ifp->addr, np);
866 goto out;
867 }
868 /*
869 * We are colliding with another node
870 * who is doing DAD
871 * so fail our DAD process
872 */
873 addrconf_dad_failure(skb, ifp);
874 return reason;
875 } else {
876 /*
877 * This is not a dad solicitation.
878 * If we are an optimistic node,
879 * we should respond.
880 * Otherwise, we should ignore it.
881 */
882 if (!(ifp->flags & IFA_F_OPTIMISTIC))
883 goto out;
884 }
885 }
886
887 idev = ifp->idev;
888 } else {
889 struct net *net = dev_net(dev);
890
891 /* perhaps an address on the master device */
892 if (netif_is_l3_slave(dev)) {
893 struct net_device *mdev;
894
895 mdev = netdev_master_upper_dev_get_rcu(dev);
896 if (mdev) {
897 ifp = ipv6_get_ifaddr(net, &msg->target, mdev, 1);
898 if (ifp)
899 goto have_ifp;
900 }
901 }
902
903 idev = in6_dev_get(dev);
904 if (!idev) {
905 /* XXX: count this drop? */
906 return reason;
907 }
908
909 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
910 (idev->cnf.forwarding &&
911 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
912 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
913 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
914 skb->pkt_type != PACKET_HOST &&
915 inc &&
916 NEIGH_VAR(idev->nd_parms, PROXY_DELAY) != 0) {
917 /*
918 * for anycast or proxy,
919 * sender should delay its response
920 * by a random time between 0 and
921 * MAX_ANYCAST_DELAY_TIME seconds.
922 * (RFC2461) -- yoshfuji
923 */
924 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
925 if (n)
926 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
927 goto out;
928 }
929 } else {
930 SKB_DR_SET(reason, IPV6_NDISC_NS_OTHERHOST);
931 goto out;
932 }
933 }
934
935 if (is_router < 0)
936 is_router = idev->cnf.forwarding;
937
938 if (dad) {
939 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &msg->target,
940 !!is_router, false, (ifp != NULL), true);
941 goto out;
942 }
943
944 if (inc)
945 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
946 else
947 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
948
949 /*
950 * update / create cache entry
951 * for the source address
952 */
953 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
954 !inc || lladdr || !dev->addr_len);
955 if (neigh)
956 ndisc_update(dev, neigh, lladdr, NUD_STALE,
957 NEIGH_UPDATE_F_WEAK_OVERRIDE|
958 NEIGH_UPDATE_F_OVERRIDE,
959 NDISC_NEIGHBOUR_SOLICITATION, &ndopts);
960 if (neigh || !dev->header_ops) {
961 ndisc_send_na(dev, saddr, &msg->target, !!is_router,
962 true, (ifp != NULL && inc), inc);
963 if (neigh)
964 neigh_release(neigh);
965 reason = SKB_CONSUMED;
966 }
967
968 out:
969 if (ifp)
970 in6_ifa_put(ifp);
971 else
972 in6_dev_put(idev);
973 return reason;
974 }
975
accept_untracked_na(struct net_device * dev,struct in6_addr * saddr)976 static int accept_untracked_na(struct net_device *dev, struct in6_addr *saddr)
977 {
978 struct inet6_dev *idev = __in6_dev_get(dev);
979
980 switch (idev->cnf.accept_untracked_na) {
981 case 0: /* Don't accept untracked na (absent in neighbor cache) */
982 return 0;
983 case 1: /* Create new entries from na if currently untracked */
984 return 1;
985 case 2: /* Create new entries from untracked na only if saddr is in the
986 * same subnet as an address configured on the interface that
987 * received the na
988 */
989 return !!ipv6_chk_prefix(saddr, dev);
990 default:
991 return 0;
992 }
993 }
994
ndisc_recv_na(struct sk_buff * skb)995 static enum skb_drop_reason ndisc_recv_na(struct sk_buff *skb)
996 {
997 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
998 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
999 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
1000 u8 *lladdr = NULL;
1001 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
1002 offsetof(struct nd_msg, opt));
1003 struct ndisc_options ndopts;
1004 struct net_device *dev = skb->dev;
1005 struct inet6_dev *idev = __in6_dev_get(dev);
1006 struct inet6_ifaddr *ifp;
1007 struct neighbour *neigh;
1008 SKB_DR(reason);
1009 u8 new_state;
1010
1011 if (skb->len < sizeof(struct nd_msg))
1012 return SKB_DROP_REASON_PKT_TOO_SMALL;
1013
1014 if (ipv6_addr_is_multicast(&msg->target)) {
1015 ND_PRINTK(2, warn, "NA: target address is multicast\n");
1016 return reason;
1017 }
1018
1019 if (ipv6_addr_is_multicast(daddr) &&
1020 msg->icmph.icmp6_solicited) {
1021 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
1022 return reason;
1023 }
1024
1025 /* For some 802.11 wireless deployments (and possibly other networks),
1026 * there will be a NA proxy and unsolicitd packets are attacks
1027 * and thus should not be accepted.
1028 * drop_unsolicited_na takes precedence over accept_untracked_na
1029 */
1030 if (!msg->icmph.icmp6_solicited && idev &&
1031 idev->cnf.drop_unsolicited_na)
1032 return reason;
1033
1034 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts))
1035 return SKB_DROP_REASON_IPV6_NDISC_BAD_OPTIONS;
1036
1037 if (ndopts.nd_opts_tgt_lladdr) {
1038 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
1039 if (!lladdr) {
1040 ND_PRINTK(2, warn,
1041 "NA: invalid link-layer address length\n");
1042 return reason;
1043 }
1044 }
1045 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
1046 if (ifp) {
1047 if (skb->pkt_type != PACKET_LOOPBACK
1048 && (ifp->flags & IFA_F_TENTATIVE)) {
1049 addrconf_dad_failure(skb, ifp);
1050 return reason;
1051 }
1052 /* What should we make now? The advertisement
1053 is invalid, but ndisc specs say nothing
1054 about it. It could be misconfiguration, or
1055 an smart proxy agent tries to help us :-)
1056
1057 We should not print the error if NA has been
1058 received from loopback - it is just our own
1059 unsolicited advertisement.
1060 */
1061 if (skb->pkt_type != PACKET_LOOPBACK)
1062 ND_PRINTK(1, warn,
1063 "NA: %pM advertised our address %pI6c on %s!\n",
1064 eth_hdr(skb)->h_source, &ifp->addr, ifp->idev->dev->name);
1065 in6_ifa_put(ifp);
1066 return reason;
1067 }
1068
1069 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
1070
1071 /* RFC 9131 updates original Neighbour Discovery RFC 4861.
1072 * NAs with Target LL Address option without a corresponding
1073 * entry in the neighbour cache can now create a STALE neighbour
1074 * cache entry on routers.
1075 *
1076 * entry accept fwding solicited behaviour
1077 * ------- ------ ------ --------- ----------------------
1078 * present X X 0 Set state to STALE
1079 * present X X 1 Set state to REACHABLE
1080 * absent 0 X X Do nothing
1081 * absent 1 0 X Do nothing
1082 * absent 1 1 X Add a new STALE entry
1083 *
1084 * Note that we don't do a (daddr == all-routers-mcast) check.
1085 */
1086 new_state = msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE;
1087 if (!neigh && lladdr && idev && idev->cnf.forwarding) {
1088 if (accept_untracked_na(dev, saddr)) {
1089 neigh = neigh_create(&nd_tbl, &msg->target, dev);
1090 new_state = NUD_STALE;
1091 }
1092 }
1093
1094 if (neigh && !IS_ERR(neigh)) {
1095 u8 old_flags = neigh->flags;
1096 struct net *net = dev_net(dev);
1097
1098 if (READ_ONCE(neigh->nud_state) & NUD_FAILED)
1099 goto out;
1100
1101 /*
1102 * Don't update the neighbor cache entry on a proxy NA from
1103 * ourselves because either the proxied node is off link or it
1104 * has already sent a NA to us.
1105 */
1106 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
1107 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
1108 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
1109 /* XXX: idev->cnf.proxy_ndp */
1110 goto out;
1111 }
1112
1113 ndisc_update(dev, neigh, lladdr,
1114 new_state,
1115 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1116 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
1117 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1118 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0),
1119 NDISC_NEIGHBOUR_ADVERTISEMENT, &ndopts);
1120
1121 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
1122 /*
1123 * Change: router to host
1124 */
1125 rt6_clean_tohost(dev_net(dev), saddr);
1126 }
1127 reason = SKB_CONSUMED;
1128 out:
1129 neigh_release(neigh);
1130 }
1131 return reason;
1132 }
1133
ndisc_recv_rs(struct sk_buff * skb)1134 static enum skb_drop_reason ndisc_recv_rs(struct sk_buff *skb)
1135 {
1136 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
1137 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
1138 struct neighbour *neigh;
1139 struct inet6_dev *idev;
1140 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
1141 struct ndisc_options ndopts;
1142 u8 *lladdr = NULL;
1143 SKB_DR(reason);
1144
1145 if (skb->len < sizeof(*rs_msg))
1146 return SKB_DROP_REASON_PKT_TOO_SMALL;
1147
1148 idev = __in6_dev_get(skb->dev);
1149 if (!idev) {
1150 ND_PRINTK(1, err, "RS: can't find in6 device\n");
1151 return reason;
1152 }
1153
1154 /* Don't accept RS if we're not in router mode */
1155 if (!idev->cnf.forwarding)
1156 goto out;
1157
1158 /*
1159 * Don't update NCE if src = ::;
1160 * this implies that the source node has no ip address assigned yet.
1161 */
1162 if (ipv6_addr_any(saddr))
1163 goto out;
1164
1165 /* Parse ND options */
1166 if (!ndisc_parse_options(skb->dev, rs_msg->opt, ndoptlen, &ndopts))
1167 return SKB_DROP_REASON_IPV6_NDISC_BAD_OPTIONS;
1168
1169 if (ndopts.nd_opts_src_lladdr) {
1170 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1171 skb->dev);
1172 if (!lladdr)
1173 goto out;
1174 }
1175
1176 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1177 if (neigh) {
1178 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1179 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1180 NEIGH_UPDATE_F_OVERRIDE|
1181 NEIGH_UPDATE_F_OVERRIDE_ISROUTER,
1182 NDISC_ROUTER_SOLICITATION, &ndopts);
1183 neigh_release(neigh);
1184 reason = SKB_CONSUMED;
1185 }
1186 out:
1187 return reason;
1188 }
1189
ndisc_ra_useropt(struct sk_buff * ra,struct nd_opt_hdr * opt)1190 static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1191 {
1192 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1193 struct sk_buff *skb;
1194 struct nlmsghdr *nlh;
1195 struct nduseroptmsg *ndmsg;
1196 struct net *net = dev_net(ra->dev);
1197 int err;
1198 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1199 + (opt->nd_opt_len << 3));
1200 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1201
1202 skb = nlmsg_new(msg_size, GFP_ATOMIC);
1203 if (!skb) {
1204 err = -ENOBUFS;
1205 goto errout;
1206 }
1207
1208 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1209 if (!nlh) {
1210 goto nla_put_failure;
1211 }
1212
1213 ndmsg = nlmsg_data(nlh);
1214 ndmsg->nduseropt_family = AF_INET6;
1215 ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1216 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1217 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1218 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1219
1220 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1221
1222 if (nla_put_in6_addr(skb, NDUSEROPT_SRCADDR, &ipv6_hdr(ra)->saddr))
1223 goto nla_put_failure;
1224 nlmsg_end(skb, nlh);
1225
1226 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1227 return;
1228
1229 nla_put_failure:
1230 nlmsg_free(skb);
1231 err = -EMSGSIZE;
1232 errout:
1233 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1234 }
1235
ndisc_router_discovery(struct sk_buff * skb)1236 static enum skb_drop_reason ndisc_router_discovery(struct sk_buff *skb)
1237 {
1238 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1239 bool send_ifinfo_notify = false;
1240 struct neighbour *neigh = NULL;
1241 struct ndisc_options ndopts;
1242 struct fib6_info *rt = NULL;
1243 struct inet6_dev *in6_dev;
1244 u32 defrtr_usr_metric;
1245 unsigned int pref = 0;
1246 __u32 old_if_flags;
1247 struct net *net;
1248 SKB_DR(reason);
1249 int lifetime;
1250 int optlen;
1251
1252 __u8 *opt = (__u8 *)(ra_msg + 1);
1253
1254 optlen = (skb_tail_pointer(skb) - skb_transport_header(skb)) -
1255 sizeof(struct ra_msg);
1256
1257 ND_PRINTK(2, info,
1258 "RA: %s, dev: %s\n",
1259 __func__, skb->dev->name);
1260 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1261 ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1262 return reason;
1263 }
1264 if (optlen < 0)
1265 return SKB_DROP_REASON_PKT_TOO_SMALL;
1266
1267 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1268 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1269 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
1270 return reason;
1271 }
1272 #endif
1273
1274 in6_dev = __in6_dev_get(skb->dev);
1275 if (!in6_dev) {
1276 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1277 skb->dev->name);
1278 return reason;
1279 }
1280
1281 if (!ndisc_parse_options(skb->dev, opt, optlen, &ndopts))
1282 return SKB_DROP_REASON_IPV6_NDISC_BAD_OPTIONS;
1283
1284 if (!ipv6_accept_ra(in6_dev)) {
1285 ND_PRINTK(2, info,
1286 "RA: %s, did not accept ra for dev: %s\n",
1287 __func__, skb->dev->name);
1288 goto skip_linkparms;
1289 }
1290
1291 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1292 /* skip link-specific parameters from interior routers */
1293 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1294 ND_PRINTK(2, info,
1295 "RA: %s, nodetype is NODEFAULT, dev: %s\n",
1296 __func__, skb->dev->name);
1297 goto skip_linkparms;
1298 }
1299 #endif
1300
1301 if (in6_dev->if_flags & IF_RS_SENT) {
1302 /*
1303 * flag that an RA was received after an RS was sent
1304 * out on this interface.
1305 */
1306 in6_dev->if_flags |= IF_RA_RCVD;
1307 }
1308
1309 /*
1310 * Remember the managed/otherconf flags from most recently
1311 * received RA message (RFC 2462) -- yoshfuji
1312 */
1313 old_if_flags = in6_dev->if_flags;
1314 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1315 IF_RA_OTHERCONF)) |
1316 (ra_msg->icmph.icmp6_addrconf_managed ?
1317 IF_RA_MANAGED : 0) |
1318 (ra_msg->icmph.icmp6_addrconf_other ?
1319 IF_RA_OTHERCONF : 0);
1320
1321 if (old_if_flags != in6_dev->if_flags)
1322 send_ifinfo_notify = true;
1323
1324 if (!in6_dev->cnf.accept_ra_defrtr) {
1325 ND_PRINTK(2, info,
1326 "RA: %s, defrtr is false for dev: %s\n",
1327 __func__, skb->dev->name);
1328 goto skip_defrtr;
1329 }
1330
1331 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1332 if (lifetime != 0 && lifetime < in6_dev->cnf.accept_ra_min_lft) {
1333 ND_PRINTK(2, info,
1334 "RA: router lifetime (%ds) is too short: %s\n",
1335 lifetime, skb->dev->name);
1336 goto skip_defrtr;
1337 }
1338
1339 /* Do not accept RA with source-addr found on local machine unless
1340 * accept_ra_from_local is set to true.
1341 */
1342 net = dev_net(in6_dev->dev);
1343 if (!in6_dev->cnf.accept_ra_from_local &&
1344 ipv6_chk_addr(net, &ipv6_hdr(skb)->saddr, in6_dev->dev, 0)) {
1345 ND_PRINTK(2, info,
1346 "RA from local address detected on dev: %s: default router ignored\n",
1347 skb->dev->name);
1348 goto skip_defrtr;
1349 }
1350
1351 #ifdef CONFIG_IPV6_ROUTER_PREF
1352 pref = ra_msg->icmph.icmp6_router_pref;
1353 /* 10b is handled as if it were 00b (medium) */
1354 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1355 !in6_dev->cnf.accept_ra_rtr_pref)
1356 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1357 #endif
1358 /* routes added from RAs do not use nexthop objects */
1359 rt = rt6_get_dflt_router(net, &ipv6_hdr(skb)->saddr, skb->dev);
1360 if (rt) {
1361 neigh = ip6_neigh_lookup(&rt->fib6_nh->fib_nh_gw6,
1362 rt->fib6_nh->fib_nh_dev, NULL,
1363 &ipv6_hdr(skb)->saddr);
1364 if (!neigh) {
1365 ND_PRINTK(0, err,
1366 "RA: %s got default router without neighbour\n",
1367 __func__);
1368 fib6_info_release(rt);
1369 return reason;
1370 }
1371 }
1372 /* Set default route metric as specified by user */
1373 defrtr_usr_metric = in6_dev->cnf.ra_defrtr_metric;
1374 /* delete the route if lifetime is 0 or if metric needs change */
1375 if (rt && (lifetime == 0 || rt->fib6_metric != defrtr_usr_metric)) {
1376 ip6_del_rt(net, rt, false);
1377 rt = NULL;
1378 }
1379
1380 ND_PRINTK(3, info, "RA: rt: %p lifetime: %d, metric: %d, for dev: %s\n",
1381 rt, lifetime, defrtr_usr_metric, skb->dev->name);
1382 if (!rt && lifetime) {
1383 ND_PRINTK(3, info, "RA: adding default router\n");
1384
1385 if (neigh)
1386 neigh_release(neigh);
1387
1388 rt = rt6_add_dflt_router(net, &ipv6_hdr(skb)->saddr,
1389 skb->dev, pref, defrtr_usr_metric);
1390 if (!rt) {
1391 ND_PRINTK(0, err,
1392 "RA: %s failed to add default route\n",
1393 __func__);
1394 return reason;
1395 }
1396
1397 neigh = ip6_neigh_lookup(&rt->fib6_nh->fib_nh_gw6,
1398 rt->fib6_nh->fib_nh_dev, NULL,
1399 &ipv6_hdr(skb)->saddr);
1400 if (!neigh) {
1401 ND_PRINTK(0, err,
1402 "RA: %s got default router without neighbour\n",
1403 __func__);
1404 fib6_info_release(rt);
1405 return reason;
1406 }
1407 neigh->flags |= NTF_ROUTER;
1408 } else if (rt && IPV6_EXTRACT_PREF(rt->fib6_flags) != pref) {
1409 struct nl_info nlinfo = {
1410 .nl_net = net,
1411 };
1412 rt->fib6_flags = (rt->fib6_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1413 inet6_rt_notify(RTM_NEWROUTE, rt, &nlinfo, NLM_F_REPLACE);
1414 }
1415
1416 if (rt)
1417 fib6_set_expires(rt, jiffies + (HZ * lifetime));
1418 if (in6_dev->cnf.accept_ra_min_hop_limit < 256 &&
1419 ra_msg->icmph.icmp6_hop_limit) {
1420 if (in6_dev->cnf.accept_ra_min_hop_limit <= ra_msg->icmph.icmp6_hop_limit) {
1421 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1422 fib6_metric_set(rt, RTAX_HOPLIMIT,
1423 ra_msg->icmph.icmp6_hop_limit);
1424 } else {
1425 ND_PRINTK(2, warn, "RA: Got route advertisement with lower hop_limit than minimum\n");
1426 }
1427 }
1428
1429 skip_defrtr:
1430
1431 /*
1432 * Update Reachable Time and Retrans Timer
1433 */
1434
1435 if (in6_dev->nd_parms) {
1436 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1437
1438 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1439 rtime = (rtime*HZ)/1000;
1440 if (rtime < HZ/100)
1441 rtime = HZ/100;
1442 NEIGH_VAR_SET(in6_dev->nd_parms, RETRANS_TIME, rtime);
1443 in6_dev->tstamp = jiffies;
1444 send_ifinfo_notify = true;
1445 }
1446
1447 rtime = ntohl(ra_msg->reachable_time);
1448 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1449 rtime = (rtime*HZ)/1000;
1450
1451 if (rtime < HZ/10)
1452 rtime = HZ/10;
1453
1454 if (rtime != NEIGH_VAR(in6_dev->nd_parms, BASE_REACHABLE_TIME)) {
1455 NEIGH_VAR_SET(in6_dev->nd_parms,
1456 BASE_REACHABLE_TIME, rtime);
1457 NEIGH_VAR_SET(in6_dev->nd_parms,
1458 GC_STALETIME, 3 * rtime);
1459 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1460 in6_dev->tstamp = jiffies;
1461 send_ifinfo_notify = true;
1462 }
1463 }
1464 }
1465
1466 skip_linkparms:
1467
1468 /*
1469 * Process options.
1470 */
1471
1472 if (!neigh)
1473 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1474 skb->dev, 1);
1475 if (neigh) {
1476 u8 *lladdr = NULL;
1477 if (ndopts.nd_opts_src_lladdr) {
1478 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1479 skb->dev);
1480 if (!lladdr) {
1481 ND_PRINTK(2, warn,
1482 "RA: invalid link-layer address length\n");
1483 goto out;
1484 }
1485 }
1486 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1487 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1488 NEIGH_UPDATE_F_OVERRIDE|
1489 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1490 NEIGH_UPDATE_F_ISROUTER,
1491 NDISC_ROUTER_ADVERTISEMENT, &ndopts);
1492 reason = SKB_CONSUMED;
1493 }
1494
1495 if (!ipv6_accept_ra(in6_dev)) {
1496 ND_PRINTK(2, info,
1497 "RA: %s, accept_ra is false for dev: %s\n",
1498 __func__, skb->dev->name);
1499 goto out;
1500 }
1501
1502 #ifdef CONFIG_IPV6_ROUTE_INFO
1503 if (!in6_dev->cnf.accept_ra_from_local &&
1504 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
1505 in6_dev->dev, 0)) {
1506 ND_PRINTK(2, info,
1507 "RA from local address detected on dev: %s: router info ignored.\n",
1508 skb->dev->name);
1509 goto skip_routeinfo;
1510 }
1511
1512 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1513 struct nd_opt_hdr *p;
1514 for (p = ndopts.nd_opts_ri;
1515 p;
1516 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1517 struct route_info *ri = (struct route_info *)p;
1518 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1519 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1520 ri->prefix_len == 0)
1521 continue;
1522 #endif
1523 if (ri->prefix_len == 0 &&
1524 !in6_dev->cnf.accept_ra_defrtr)
1525 continue;
1526 if (ri->lifetime != 0 &&
1527 ntohl(ri->lifetime) < in6_dev->cnf.accept_ra_min_lft)
1528 continue;
1529 if (ri->prefix_len < in6_dev->cnf.accept_ra_rt_info_min_plen)
1530 continue;
1531 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1532 continue;
1533 rt6_route_rcv(skb->dev, (u8 *)p, (p->nd_opt_len) << 3,
1534 &ipv6_hdr(skb)->saddr);
1535 }
1536 }
1537
1538 skip_routeinfo:
1539 #endif
1540
1541 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1542 /* skip link-specific ndopts from interior routers */
1543 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1544 ND_PRINTK(2, info,
1545 "RA: %s, nodetype is NODEFAULT (interior routes), dev: %s\n",
1546 __func__, skb->dev->name);
1547 goto out;
1548 }
1549 #endif
1550
1551 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1552 struct nd_opt_hdr *p;
1553 for (p = ndopts.nd_opts_pi;
1554 p;
1555 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1556 addrconf_prefix_rcv(skb->dev, (u8 *)p,
1557 (p->nd_opt_len) << 3,
1558 ndopts.nd_opts_src_lladdr != NULL);
1559 }
1560 }
1561
1562 if (ndopts.nd_opts_mtu && in6_dev->cnf.accept_ra_mtu) {
1563 __be32 n;
1564 u32 mtu;
1565
1566 memcpy(&n, ((u8 *)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1567 mtu = ntohl(n);
1568
1569 if (in6_dev->ra_mtu != mtu) {
1570 in6_dev->ra_mtu = mtu;
1571 send_ifinfo_notify = true;
1572 }
1573
1574 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1575 ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1576 } else if (in6_dev->cnf.mtu6 != mtu) {
1577 in6_dev->cnf.mtu6 = mtu;
1578 fib6_metric_set(rt, RTAX_MTU, mtu);
1579 rt6_mtu_change(skb->dev, mtu);
1580 }
1581 }
1582
1583 if (ndopts.nd_useropts) {
1584 struct nd_opt_hdr *p;
1585 for (p = ndopts.nd_useropts;
1586 p;
1587 p = ndisc_next_useropt(skb->dev, p,
1588 ndopts.nd_useropts_end)) {
1589 ndisc_ra_useropt(skb, p);
1590 }
1591 }
1592
1593 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1594 ND_PRINTK(2, warn, "RA: invalid RA options\n");
1595 }
1596 out:
1597 /* Send a notify if RA changed managed/otherconf flags or
1598 * timer settings or ra_mtu value
1599 */
1600 if (send_ifinfo_notify)
1601 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1602
1603 fib6_info_release(rt);
1604 if (neigh)
1605 neigh_release(neigh);
1606 return reason;
1607 }
1608
ndisc_redirect_rcv(struct sk_buff * skb)1609 static enum skb_drop_reason ndisc_redirect_rcv(struct sk_buff *skb)
1610 {
1611 struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb);
1612 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
1613 offsetof(struct rd_msg, opt));
1614 struct ndisc_options ndopts;
1615 SKB_DR(reason);
1616 u8 *hdr;
1617
1618 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1619 switch (skb->ndisc_nodetype) {
1620 case NDISC_NODETYPE_HOST:
1621 case NDISC_NODETYPE_NODEFAULT:
1622 ND_PRINTK(2, warn,
1623 "Redirect: from host or unauthorized router\n");
1624 return reason;
1625 }
1626 #endif
1627
1628 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1629 ND_PRINTK(2, warn,
1630 "Redirect: source address is not link-local\n");
1631 return reason;
1632 }
1633
1634 if (!ndisc_parse_options(skb->dev, msg->opt, ndoptlen, &ndopts))
1635 return SKB_DROP_REASON_IPV6_NDISC_BAD_OPTIONS;
1636
1637 if (!ndopts.nd_opts_rh) {
1638 ip6_redirect_no_header(skb, dev_net(skb->dev),
1639 skb->dev->ifindex);
1640 return reason;
1641 }
1642
1643 hdr = (u8 *)ndopts.nd_opts_rh;
1644 hdr += 8;
1645 if (!pskb_pull(skb, hdr - skb_transport_header(skb)))
1646 return SKB_DROP_REASON_PKT_TOO_SMALL;
1647
1648 return icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1649 }
1650
ndisc_fill_redirect_hdr_option(struct sk_buff * skb,struct sk_buff * orig_skb,int rd_len)1651 static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb,
1652 struct sk_buff *orig_skb,
1653 int rd_len)
1654 {
1655 u8 *opt = skb_put(skb, rd_len);
1656
1657 memset(opt, 0, 8);
1658 *(opt++) = ND_OPT_REDIRECT_HDR;
1659 *(opt++) = (rd_len >> 3);
1660 opt += 6;
1661
1662 skb_copy_bits(orig_skb, skb_network_offset(orig_skb), opt,
1663 rd_len - 8);
1664 }
1665
ndisc_send_redirect(struct sk_buff * skb,const struct in6_addr * target)1666 void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1667 {
1668 struct net_device *dev = skb->dev;
1669 struct net *net = dev_net(dev);
1670 struct sock *sk = net->ipv6.ndisc_sk;
1671 int optlen = 0;
1672 struct inet_peer *peer;
1673 struct sk_buff *buff;
1674 struct rd_msg *msg;
1675 struct in6_addr saddr_buf;
1676 struct rt6_info *rt;
1677 struct dst_entry *dst;
1678 struct flowi6 fl6;
1679 int rd_len;
1680 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL,
1681 ops_data_buf[NDISC_OPS_REDIRECT_DATA_SPACE], *ops_data = NULL;
1682 bool ret;
1683
1684 if (netif_is_l3_master(skb->dev)) {
1685 dev = dev_get_by_index_rcu(dev_net(skb->dev), IPCB(skb)->iif);
1686 if (!dev)
1687 return;
1688 }
1689
1690 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1691 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1692 dev->name);
1693 return;
1694 }
1695
1696 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1697 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1698 ND_PRINTK(2, warn,
1699 "Redirect: target address is not link-local unicast\n");
1700 return;
1701 }
1702
1703 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1704 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1705
1706 dst = ip6_route_output(net, NULL, &fl6);
1707 if (dst->error) {
1708 dst_release(dst);
1709 return;
1710 }
1711 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1712 if (IS_ERR(dst))
1713 return;
1714
1715 rt = dst_rt6_info(dst);
1716
1717 if (rt->rt6i_flags & RTF_GATEWAY) {
1718 ND_PRINTK(2, warn,
1719 "Redirect: destination is not a neighbour\n");
1720 goto release;
1721 }
1722
1723 rcu_read_lock();
1724 peer = inet_getpeer_v6(net->ipv6.peers, &ipv6_hdr(skb)->saddr);
1725 ret = inet_peer_xrlim_allow(peer, 1*HZ);
1726 rcu_read_unlock();
1727
1728 if (!ret)
1729 goto release;
1730
1731 if (dev->addr_len) {
1732 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1733 if (!neigh) {
1734 ND_PRINTK(2, warn,
1735 "Redirect: no neigh for target address\n");
1736 goto release;
1737 }
1738
1739 read_lock_bh(&neigh->lock);
1740 if (neigh->nud_state & NUD_VALID) {
1741 memcpy(ha_buf, neigh->ha, dev->addr_len);
1742 read_unlock_bh(&neigh->lock);
1743 ha = ha_buf;
1744 optlen += ndisc_redirect_opt_addr_space(dev, neigh,
1745 ops_data_buf,
1746 &ops_data);
1747 } else
1748 read_unlock_bh(&neigh->lock);
1749
1750 neigh_release(neigh);
1751 }
1752
1753 rd_len = min_t(unsigned int,
1754 IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen,
1755 skb->len + 8);
1756 rd_len &= ~0x7;
1757 optlen += rd_len;
1758
1759 buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
1760 if (!buff)
1761 goto release;
1762
1763 msg = skb_put(buff, sizeof(*msg));
1764 *msg = (struct rd_msg) {
1765 .icmph = {
1766 .icmp6_type = NDISC_REDIRECT,
1767 },
1768 .target = *target,
1769 .dest = ipv6_hdr(skb)->daddr,
1770 };
1771
1772 /*
1773 * include target_address option
1774 */
1775
1776 if (ha)
1777 ndisc_fill_redirect_addr_option(buff, ha, ops_data);
1778
1779 /*
1780 * build redirect option and copy skb over to the new packet.
1781 */
1782
1783 if (rd_len)
1784 ndisc_fill_redirect_hdr_option(buff, skb, rd_len);
1785
1786 skb_dst_set(buff, dst);
1787 ndisc_send_skb(buff, &ipv6_hdr(skb)->saddr, &saddr_buf);
1788 return;
1789
1790 release:
1791 dst_release(dst);
1792 }
1793
pndisc_redo(struct sk_buff * skb)1794 static void pndisc_redo(struct sk_buff *skb)
1795 {
1796 enum skb_drop_reason reason = ndisc_recv_ns(skb);
1797
1798 kfree_skb_reason(skb, reason);
1799 }
1800
ndisc_is_multicast(const void * pkey)1801 static int ndisc_is_multicast(const void *pkey)
1802 {
1803 return ipv6_addr_is_multicast((struct in6_addr *)pkey);
1804 }
1805
ndisc_suppress_frag_ndisc(struct sk_buff * skb)1806 static bool ndisc_suppress_frag_ndisc(struct sk_buff *skb)
1807 {
1808 struct inet6_dev *idev = __in6_dev_get(skb->dev);
1809
1810 if (!idev)
1811 return true;
1812 if (IP6CB(skb)->flags & IP6SKB_FRAGMENTED &&
1813 idev->cnf.suppress_frag_ndisc) {
1814 net_warn_ratelimited("Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.\n");
1815 return true;
1816 }
1817 return false;
1818 }
1819
ndisc_rcv(struct sk_buff * skb)1820 enum skb_drop_reason ndisc_rcv(struct sk_buff *skb)
1821 {
1822 struct nd_msg *msg;
1823 SKB_DR(reason);
1824
1825 if (ndisc_suppress_frag_ndisc(skb))
1826 return SKB_DROP_REASON_IPV6_NDISC_FRAG;
1827
1828 if (skb_linearize(skb))
1829 return SKB_DROP_REASON_NOMEM;
1830
1831 msg = (struct nd_msg *)skb_transport_header(skb);
1832
1833 __skb_push(skb, skb->data - skb_transport_header(skb));
1834
1835 if (ipv6_hdr(skb)->hop_limit != 255) {
1836 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1837 ipv6_hdr(skb)->hop_limit);
1838 return SKB_DROP_REASON_IPV6_NDISC_HOP_LIMIT;
1839 }
1840
1841 if (msg->icmph.icmp6_code != 0) {
1842 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1843 msg->icmph.icmp6_code);
1844 return SKB_DROP_REASON_IPV6_NDISC_BAD_CODE;
1845 }
1846
1847 switch (msg->icmph.icmp6_type) {
1848 case NDISC_NEIGHBOUR_SOLICITATION:
1849 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1850 reason = ndisc_recv_ns(skb);
1851 break;
1852
1853 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1854 reason = ndisc_recv_na(skb);
1855 break;
1856
1857 case NDISC_ROUTER_SOLICITATION:
1858 reason = ndisc_recv_rs(skb);
1859 break;
1860
1861 case NDISC_ROUTER_ADVERTISEMENT:
1862 reason = ndisc_router_discovery(skb);
1863 break;
1864
1865 case NDISC_REDIRECT:
1866 reason = ndisc_redirect_rcv(skb);
1867 break;
1868 }
1869
1870 return reason;
1871 }
1872
ndisc_netdev_event(struct notifier_block * this,unsigned long event,void * ptr)1873 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1874 {
1875 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1876 struct netdev_notifier_change_info *change_info;
1877 struct net *net = dev_net(dev);
1878 struct inet6_dev *idev;
1879 bool evict_nocarrier;
1880
1881 switch (event) {
1882 case NETDEV_CHANGEADDR:
1883 neigh_changeaddr(&nd_tbl, dev);
1884 fib6_run_gc(0, net, false);
1885 fallthrough;
1886 case NETDEV_UP:
1887 idev = in6_dev_get(dev);
1888 if (!idev)
1889 break;
1890 if (idev->cnf.ndisc_notify ||
1891 net->ipv6.devconf_all->ndisc_notify)
1892 ndisc_send_unsol_na(dev);
1893 in6_dev_put(idev);
1894 break;
1895 case NETDEV_CHANGE:
1896 idev = in6_dev_get(dev);
1897 if (!idev)
1898 evict_nocarrier = true;
1899 else {
1900 evict_nocarrier = idev->cnf.ndisc_evict_nocarrier &&
1901 net->ipv6.devconf_all->ndisc_evict_nocarrier;
1902 in6_dev_put(idev);
1903 }
1904
1905 change_info = ptr;
1906 if (change_info->flags_changed & IFF_NOARP)
1907 neigh_changeaddr(&nd_tbl, dev);
1908 if (evict_nocarrier && !netif_carrier_ok(dev))
1909 neigh_carrier_down(&nd_tbl, dev);
1910 break;
1911 case NETDEV_DOWN:
1912 neigh_ifdown(&nd_tbl, dev);
1913 fib6_run_gc(0, net, false);
1914 break;
1915 case NETDEV_NOTIFY_PEERS:
1916 ndisc_send_unsol_na(dev);
1917 break;
1918 default:
1919 break;
1920 }
1921
1922 return NOTIFY_DONE;
1923 }
1924
1925 static struct notifier_block ndisc_netdev_notifier = {
1926 .notifier_call = ndisc_netdev_event,
1927 .priority = ADDRCONF_NOTIFY_PRIORITY - 5,
1928 };
1929
1930 #ifdef CONFIG_SYSCTL
ndisc_warn_deprecated_sysctl(struct ctl_table * ctl,const char * func,const char * dev_name)1931 static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1932 const char *func, const char *dev_name)
1933 {
1934 static char warncomm[TASK_COMM_LEN];
1935 static int warned;
1936 if (strcmp(warncomm, current->comm) && warned < 5) {
1937 strcpy(warncomm, current->comm);
1938 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1939 warncomm, func,
1940 dev_name, ctl->procname,
1941 dev_name, ctl->procname);
1942 warned++;
1943 }
1944 }
1945
ndisc_ifinfo_sysctl_change(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)1946 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void *buffer,
1947 size_t *lenp, loff_t *ppos)
1948 {
1949 struct net_device *dev = ctl->extra1;
1950 struct inet6_dev *idev;
1951 int ret;
1952
1953 if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1954 (strcmp(ctl->procname, "base_reachable_time") == 0))
1955 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1956
1957 if (strcmp(ctl->procname, "retrans_time") == 0)
1958 ret = neigh_proc_dointvec(ctl, write, buffer, lenp, ppos);
1959
1960 else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1961 ret = neigh_proc_dointvec_jiffies(ctl, write,
1962 buffer, lenp, ppos);
1963
1964 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1965 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1966 ret = neigh_proc_dointvec_ms_jiffies(ctl, write,
1967 buffer, lenp, ppos);
1968 else
1969 ret = -1;
1970
1971 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1972 if (ctl->data == &NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME))
1973 idev->nd_parms->reachable_time =
1974 neigh_rand_reach_time(NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME));
1975 idev->tstamp = jiffies;
1976 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1977 in6_dev_put(idev);
1978 }
1979 return ret;
1980 }
1981
1982
1983 #endif
1984
ndisc_net_init(struct net * net)1985 static int __net_init ndisc_net_init(struct net *net)
1986 {
1987 struct ipv6_pinfo *np;
1988 struct sock *sk;
1989 int err;
1990
1991 err = inet_ctl_sock_create(&sk, PF_INET6,
1992 SOCK_RAW, IPPROTO_ICMPV6, net);
1993 if (err < 0) {
1994 ND_PRINTK(0, err,
1995 "NDISC: Failed to initialize the control socket (err %d)\n",
1996 err);
1997 return err;
1998 }
1999
2000 net->ipv6.ndisc_sk = sk;
2001
2002 np = inet6_sk(sk);
2003 np->hop_limit = 255;
2004 /* Do not loopback ndisc messages */
2005 np->mc_loop = 0;
2006
2007 return 0;
2008 }
2009
ndisc_net_exit(struct net * net)2010 static void __net_exit ndisc_net_exit(struct net *net)
2011 {
2012 inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
2013 }
2014
2015 static struct pernet_operations ndisc_net_ops = {
2016 .init = ndisc_net_init,
2017 .exit = ndisc_net_exit,
2018 };
2019
ndisc_init(void)2020 int __init ndisc_init(void)
2021 {
2022 int err;
2023
2024 err = register_pernet_subsys(&ndisc_net_ops);
2025 if (err)
2026 return err;
2027 /*
2028 * Initialize the neighbour table
2029 */
2030 neigh_table_init(NEIGH_ND_TABLE, &nd_tbl);
2031
2032 #ifdef CONFIG_SYSCTL
2033 err = neigh_sysctl_register(NULL, &nd_tbl.parms,
2034 ndisc_ifinfo_sysctl_change);
2035 if (err)
2036 goto out_unregister_pernet;
2037 out:
2038 #endif
2039 return err;
2040
2041 #ifdef CONFIG_SYSCTL
2042 out_unregister_pernet:
2043 unregister_pernet_subsys(&ndisc_net_ops);
2044 goto out;
2045 #endif
2046 }
2047
ndisc_late_init(void)2048 int __init ndisc_late_init(void)
2049 {
2050 return register_netdevice_notifier(&ndisc_netdev_notifier);
2051 }
2052
ndisc_late_cleanup(void)2053 void ndisc_late_cleanup(void)
2054 {
2055 unregister_netdevice_notifier(&ndisc_netdev_notifier);
2056 }
2057
ndisc_cleanup(void)2058 void ndisc_cleanup(void)
2059 {
2060 #ifdef CONFIG_SYSCTL
2061 neigh_sysctl_unregister(&nd_tbl.parms);
2062 #endif
2063 neigh_table_clear(NEIGH_ND_TABLE, &nd_tbl);
2064 unregister_pernet_subsys(&ndisc_net_ops);
2065 }
2066