1 /* 2 * Neighbour Discovery for IPv6 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * Mike Shaver <shaver@ingenia.com> 8 * 9 * This program is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU General Public License 11 * as published by the Free Software Foundation; either version 12 * 2 of the License, or (at your option) any later version. 13 */ 14 15 /* 16 * Changes: 17 * 18 * Lars Fenneberg : fixed MTU setting on receipt 19 * of an RA. 20 * 21 * Janos Farkas : kmalloc failure checks 22 * Alexey Kuznetsov : state machine reworked 23 * and moved to net/core. 24 * Pekka Savola : RFC2461 validation 25 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly 26 */ 27 28 /* Set to 3 to get tracing... */ 29 #define ND_DEBUG 1 30 31 #define ND_PRINTK(fmt, args...) do { if (net_ratelimit()) { printk(fmt, ## args); } } while(0) 32 #define ND_NOPRINTK(x...) do { ; } while(0) 33 #define ND_PRINTK0 ND_PRINTK 34 #define ND_PRINTK1 ND_NOPRINTK 35 #define ND_PRINTK2 ND_NOPRINTK 36 #define ND_PRINTK3 ND_NOPRINTK 37 #if ND_DEBUG >= 1 38 #undef ND_PRINTK1 39 #define ND_PRINTK1 ND_PRINTK 40 #endif 41 #if ND_DEBUG >= 2 42 #undef ND_PRINTK2 43 #define ND_PRINTK2 ND_PRINTK 44 #endif 45 #if ND_DEBUG >= 3 46 #undef ND_PRINTK3 47 #define ND_PRINTK3 ND_PRINTK 48 #endif 49 50 #include <linux/module.h> 51 #include <linux/errno.h> 52 #include <linux/types.h> 53 #include <linux/socket.h> 54 #include <linux/sockios.h> 55 #include <linux/sched.h> 56 #include <linux/net.h> 57 #include <linux/in6.h> 58 #include <linux/route.h> 59 #include <linux/init.h> 60 #include <linux/rcupdate.h> 61 #ifdef CONFIG_SYSCTL 62 #include <linux/sysctl.h> 63 #endif 64 65 #include <linux/if_addr.h> 66 #include <linux/if_arp.h> 67 #include <linux/ipv6.h> 68 #include <linux/icmpv6.h> 69 #include <linux/jhash.h> 70 71 #include <net/sock.h> 72 #include <net/snmp.h> 73 74 #include <net/ipv6.h> 75 #include <net/protocol.h> 76 #include <net/ndisc.h> 77 #include <net/ip6_route.h> 78 #include <net/addrconf.h> 79 #include <net/icmp.h> 80 81 #include <net/flow.h> 82 #include <net/ip6_checksum.h> 83 #include <linux/proc_fs.h> 84 85 #include <linux/netfilter.h> 86 #include <linux/netfilter_ipv6.h> 87 88 static struct socket *ndisc_socket; 89 90 static u32 ndisc_hash(const void *pkey, const struct net_device *dev); 91 static int ndisc_constructor(struct neighbour *neigh); 92 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb); 93 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb); 94 static int pndisc_constructor(struct pneigh_entry *n); 95 static void pndisc_destructor(struct pneigh_entry *n); 96 static void pndisc_redo(struct sk_buff *skb); 97 98 static struct neigh_ops ndisc_generic_ops = { 99 .family = AF_INET6, 100 .solicit = ndisc_solicit, 101 .error_report = ndisc_error_report, 102 .output = neigh_resolve_output, 103 .connected_output = neigh_connected_output, 104 .hh_output = dev_queue_xmit, 105 .queue_xmit = dev_queue_xmit, 106 }; 107 108 static struct neigh_ops ndisc_hh_ops = { 109 .family = AF_INET6, 110 .solicit = ndisc_solicit, 111 .error_report = ndisc_error_report, 112 .output = neigh_resolve_output, 113 .connected_output = neigh_resolve_output, 114 .hh_output = dev_queue_xmit, 115 .queue_xmit = dev_queue_xmit, 116 }; 117 118 119 static struct neigh_ops ndisc_direct_ops = { 120 .family = AF_INET6, 121 .output = dev_queue_xmit, 122 .connected_output = dev_queue_xmit, 123 .hh_output = dev_queue_xmit, 124 .queue_xmit = dev_queue_xmit, 125 }; 126 127 struct neigh_table nd_tbl = { 128 .family = AF_INET6, 129 .entry_size = sizeof(struct neighbour) + sizeof(struct in6_addr), 130 .key_len = sizeof(struct in6_addr), 131 .hash = ndisc_hash, 132 .constructor = ndisc_constructor, 133 .pconstructor = pndisc_constructor, 134 .pdestructor = pndisc_destructor, 135 .proxy_redo = pndisc_redo, 136 .id = "ndisc_cache", 137 .parms = { 138 .tbl = &nd_tbl, 139 .base_reachable_time = 30 * HZ, 140 .retrans_time = 1 * HZ, 141 .gc_staletime = 60 * HZ, 142 .reachable_time = 30 * HZ, 143 .delay_probe_time = 5 * HZ, 144 .queue_len = 3, 145 .ucast_probes = 3, 146 .mcast_probes = 3, 147 .anycast_delay = 1 * HZ, 148 .proxy_delay = (8 * HZ) / 10, 149 .proxy_qlen = 64, 150 }, 151 .gc_interval = 30 * HZ, 152 .gc_thresh1 = 128, 153 .gc_thresh2 = 512, 154 .gc_thresh3 = 1024, 155 }; 156 157 /* ND options */ 158 struct ndisc_options { 159 struct nd_opt_hdr *nd_opt_array[__ND_OPT_ARRAY_MAX]; 160 #ifdef CONFIG_IPV6_ROUTE_INFO 161 struct nd_opt_hdr *nd_opts_ri; 162 struct nd_opt_hdr *nd_opts_ri_end; 163 #endif 164 }; 165 166 #define nd_opts_src_lladdr nd_opt_array[ND_OPT_SOURCE_LL_ADDR] 167 #define nd_opts_tgt_lladdr nd_opt_array[ND_OPT_TARGET_LL_ADDR] 168 #define nd_opts_pi nd_opt_array[ND_OPT_PREFIX_INFO] 169 #define nd_opts_pi_end nd_opt_array[__ND_OPT_PREFIX_INFO_END] 170 #define nd_opts_rh nd_opt_array[ND_OPT_REDIRECT_HDR] 171 #define nd_opts_mtu nd_opt_array[ND_OPT_MTU] 172 173 #define NDISC_OPT_SPACE(len) (((len)+2+7)&~7) 174 175 /* 176 * Return the padding between the option length and the start of the 177 * link addr. Currently only IP-over-InfiniBand needs this, although 178 * if RFC 3831 IPv6-over-Fibre Channel is ever implemented it may 179 * also need a pad of 2. 180 */ 181 static int ndisc_addr_option_pad(unsigned short type) 182 { 183 switch (type) { 184 case ARPHRD_INFINIBAND: return 2; 185 default: return 0; 186 } 187 } 188 189 static inline int ndisc_opt_addr_space(struct net_device *dev) 190 { 191 return NDISC_OPT_SPACE(dev->addr_len + ndisc_addr_option_pad(dev->type)); 192 } 193 194 static u8 *ndisc_fill_addr_option(u8 *opt, int type, void *data, int data_len, 195 unsigned short addr_type) 196 { 197 int space = NDISC_OPT_SPACE(data_len); 198 int pad = ndisc_addr_option_pad(addr_type); 199 200 opt[0] = type; 201 opt[1] = space>>3; 202 203 memset(opt + 2, 0, pad); 204 opt += pad; 205 space -= pad; 206 207 memcpy(opt+2, data, data_len); 208 data_len += 2; 209 opt += data_len; 210 if ((space -= data_len) > 0) 211 memset(opt, 0, space); 212 return opt + space; 213 } 214 215 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur, 216 struct nd_opt_hdr *end) 217 { 218 int type; 219 if (!cur || !end || cur >= end) 220 return NULL; 221 type = cur->nd_opt_type; 222 do { 223 cur = ((void *)cur) + (cur->nd_opt_len << 3); 224 } while(cur < end && cur->nd_opt_type != type); 225 return (cur <= end && cur->nd_opt_type == type ? cur : NULL); 226 } 227 228 static struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len, 229 struct ndisc_options *ndopts) 230 { 231 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt; 232 233 if (!nd_opt || opt_len < 0 || !ndopts) 234 return NULL; 235 memset(ndopts, 0, sizeof(*ndopts)); 236 while (opt_len) { 237 int l; 238 if (opt_len < sizeof(struct nd_opt_hdr)) 239 return NULL; 240 l = nd_opt->nd_opt_len << 3; 241 if (opt_len < l || l == 0) 242 return NULL; 243 switch (nd_opt->nd_opt_type) { 244 case ND_OPT_SOURCE_LL_ADDR: 245 case ND_OPT_TARGET_LL_ADDR: 246 case ND_OPT_MTU: 247 case ND_OPT_REDIRECT_HDR: 248 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) { 249 ND_PRINTK2(KERN_WARNING 250 "%s(): duplicated ND6 option found: type=%d\n", 251 __FUNCTION__, 252 nd_opt->nd_opt_type); 253 } else { 254 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 255 } 256 break; 257 case ND_OPT_PREFIX_INFO: 258 ndopts->nd_opts_pi_end = nd_opt; 259 if (ndopts->nd_opt_array[nd_opt->nd_opt_type] == 0) 260 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 261 break; 262 #ifdef CONFIG_IPV6_ROUTE_INFO 263 case ND_OPT_ROUTE_INFO: 264 ndopts->nd_opts_ri_end = nd_opt; 265 if (!ndopts->nd_opts_ri) 266 ndopts->nd_opts_ri = nd_opt; 267 break; 268 #endif 269 default: 270 /* 271 * Unknown options must be silently ignored, 272 * to accommodate future extension to the protocol. 273 */ 274 ND_PRINTK2(KERN_NOTICE 275 "%s(): ignored unsupported option; type=%d, len=%d\n", 276 __FUNCTION__, 277 nd_opt->nd_opt_type, nd_opt->nd_opt_len); 278 } 279 opt_len -= l; 280 nd_opt = ((void *)nd_opt) + l; 281 } 282 return ndopts; 283 } 284 285 static inline u8 *ndisc_opt_addr_data(struct nd_opt_hdr *p, 286 struct net_device *dev) 287 { 288 u8 *lladdr = (u8 *)(p + 1); 289 int lladdrlen = p->nd_opt_len << 3; 290 int prepad = ndisc_addr_option_pad(dev->type); 291 if (lladdrlen != NDISC_OPT_SPACE(dev->addr_len + prepad)) 292 return NULL; 293 return (lladdr + prepad); 294 } 295 296 int ndisc_mc_map(struct in6_addr *addr, char *buf, struct net_device *dev, int dir) 297 { 298 switch (dev->type) { 299 case ARPHRD_ETHER: 300 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */ 301 case ARPHRD_FDDI: 302 ipv6_eth_mc_map(addr, buf); 303 return 0; 304 case ARPHRD_IEEE802_TR: 305 ipv6_tr_mc_map(addr,buf); 306 return 0; 307 case ARPHRD_ARCNET: 308 ipv6_arcnet_mc_map(addr, buf); 309 return 0; 310 case ARPHRD_INFINIBAND: 311 ipv6_ib_mc_map(addr, buf); 312 return 0; 313 default: 314 if (dir) { 315 memcpy(buf, dev->broadcast, dev->addr_len); 316 return 0; 317 } 318 } 319 return -EINVAL; 320 } 321 322 EXPORT_SYMBOL(ndisc_mc_map); 323 324 static u32 ndisc_hash(const void *pkey, const struct net_device *dev) 325 { 326 const u32 *p32 = pkey; 327 u32 addr_hash, i; 328 329 addr_hash = 0; 330 for (i = 0; i < (sizeof(struct in6_addr) / sizeof(u32)); i++) 331 addr_hash ^= *p32++; 332 333 return jhash_2words(addr_hash, dev->ifindex, nd_tbl.hash_rnd); 334 } 335 336 static int ndisc_constructor(struct neighbour *neigh) 337 { 338 struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key; 339 struct net_device *dev = neigh->dev; 340 struct inet6_dev *in6_dev; 341 struct neigh_parms *parms; 342 int is_multicast = ipv6_addr_is_multicast(addr); 343 344 rcu_read_lock(); 345 in6_dev = in6_dev_get(dev); 346 if (in6_dev == NULL) { 347 rcu_read_unlock(); 348 return -EINVAL; 349 } 350 351 parms = in6_dev->nd_parms; 352 __neigh_parms_put(neigh->parms); 353 neigh->parms = neigh_parms_clone(parms); 354 rcu_read_unlock(); 355 356 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST; 357 if (dev->hard_header == NULL) { 358 neigh->nud_state = NUD_NOARP; 359 neigh->ops = &ndisc_direct_ops; 360 neigh->output = neigh->ops->queue_xmit; 361 } else { 362 if (is_multicast) { 363 neigh->nud_state = NUD_NOARP; 364 ndisc_mc_map(addr, neigh->ha, dev, 1); 365 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) { 366 neigh->nud_state = NUD_NOARP; 367 memcpy(neigh->ha, dev->dev_addr, dev->addr_len); 368 if (dev->flags&IFF_LOOPBACK) 369 neigh->type = RTN_LOCAL; 370 } else if (dev->flags&IFF_POINTOPOINT) { 371 neigh->nud_state = NUD_NOARP; 372 memcpy(neigh->ha, dev->broadcast, dev->addr_len); 373 } 374 if (dev->hard_header_cache) 375 neigh->ops = &ndisc_hh_ops; 376 else 377 neigh->ops = &ndisc_generic_ops; 378 if (neigh->nud_state&NUD_VALID) 379 neigh->output = neigh->ops->connected_output; 380 else 381 neigh->output = neigh->ops->output; 382 } 383 in6_dev_put(in6_dev); 384 return 0; 385 } 386 387 static int pndisc_constructor(struct pneigh_entry *n) 388 { 389 struct in6_addr *addr = (struct in6_addr*)&n->key; 390 struct in6_addr maddr; 391 struct net_device *dev = n->dev; 392 393 if (dev == NULL || __in6_dev_get(dev) == NULL) 394 return -EINVAL; 395 addrconf_addr_solict_mult(addr, &maddr); 396 ipv6_dev_mc_inc(dev, &maddr); 397 return 0; 398 } 399 400 static void pndisc_destructor(struct pneigh_entry *n) 401 { 402 struct in6_addr *addr = (struct in6_addr*)&n->key; 403 struct in6_addr maddr; 404 struct net_device *dev = n->dev; 405 406 if (dev == NULL || __in6_dev_get(dev) == NULL) 407 return; 408 addrconf_addr_solict_mult(addr, &maddr); 409 ipv6_dev_mc_dec(dev, &maddr); 410 } 411 412 /* 413 * Send a Neighbour Advertisement 414 */ 415 416 static inline void ndisc_flow_init(struct flowi *fl, u8 type, 417 struct in6_addr *saddr, struct in6_addr *daddr, 418 int oif) 419 { 420 memset(fl, 0, sizeof(*fl)); 421 ipv6_addr_copy(&fl->fl6_src, saddr); 422 ipv6_addr_copy(&fl->fl6_dst, daddr); 423 fl->proto = IPPROTO_ICMPV6; 424 fl->fl_icmp_type = type; 425 fl->fl_icmp_code = 0; 426 fl->oif = oif; 427 security_sk_classify_flow(ndisc_socket->sk, fl); 428 } 429 430 static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh, 431 struct in6_addr *daddr, struct in6_addr *solicited_addr, 432 int router, int solicited, int override, int inc_opt) 433 { 434 struct in6_addr tmpaddr; 435 struct inet6_ifaddr *ifp; 436 struct inet6_dev *idev; 437 struct flowi fl; 438 struct dst_entry* dst; 439 struct sock *sk = ndisc_socket->sk; 440 struct in6_addr *src_addr; 441 struct nd_msg *msg; 442 int len; 443 struct sk_buff *skb; 444 int err; 445 446 len = sizeof(struct icmp6hdr) + sizeof(struct in6_addr); 447 448 /* for anycast or proxy, solicited_addr != src_addr */ 449 ifp = ipv6_get_ifaddr(solicited_addr, dev, 1); 450 if (ifp) { 451 src_addr = solicited_addr; 452 in6_ifa_put(ifp); 453 } else { 454 if (ipv6_dev_get_saddr(dev, daddr, &tmpaddr)) 455 return; 456 src_addr = &tmpaddr; 457 } 458 459 ndisc_flow_init(&fl, NDISC_NEIGHBOUR_ADVERTISEMENT, src_addr, daddr, 460 dev->ifindex); 461 462 dst = ndisc_dst_alloc(dev, neigh, daddr, ip6_output); 463 if (!dst) 464 return; 465 466 err = xfrm_lookup(&dst, &fl, NULL, 0); 467 if (err < 0) 468 return; 469 470 if (inc_opt) { 471 if (dev->addr_len) 472 len += ndisc_opt_addr_space(dev); 473 else 474 inc_opt = 0; 475 } 476 477 skb = sock_alloc_send_skb(sk, 478 (MAX_HEADER + sizeof(struct ipv6hdr) + 479 len + LL_RESERVED_SPACE(dev)), 480 1, &err); 481 482 if (skb == NULL) { 483 ND_PRINTK0(KERN_ERR 484 "ICMPv6 NA: %s() failed to allocate an skb.\n", 485 __FUNCTION__); 486 dst_release(dst); 487 return; 488 } 489 490 skb_reserve(skb, LL_RESERVED_SPACE(dev)); 491 ip6_nd_hdr(sk, skb, dev, src_addr, daddr, IPPROTO_ICMPV6, len); 492 493 msg = (struct nd_msg *)skb_put(skb, len); 494 skb->h.raw = (unsigned char*)msg; 495 496 msg->icmph.icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT; 497 msg->icmph.icmp6_code = 0; 498 msg->icmph.icmp6_cksum = 0; 499 500 msg->icmph.icmp6_unused = 0; 501 msg->icmph.icmp6_router = router; 502 msg->icmph.icmp6_solicited = solicited; 503 msg->icmph.icmp6_override = override; 504 505 /* Set the target address. */ 506 ipv6_addr_copy(&msg->target, solicited_addr); 507 508 if (inc_opt) 509 ndisc_fill_addr_option(msg->opt, ND_OPT_TARGET_LL_ADDR, dev->dev_addr, 510 dev->addr_len, dev->type); 511 512 /* checksum */ 513 msg->icmph.icmp6_cksum = csum_ipv6_magic(src_addr, daddr, len, 514 IPPROTO_ICMPV6, 515 csum_partial((__u8 *) msg, 516 len, 0)); 517 518 skb->dst = dst; 519 idev = in6_dev_get(dst->dev); 520 IP6_INC_STATS(idev, IPSTATS_MIB_OUTREQUESTS); 521 err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, dst_output); 522 if (!err) { 523 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTNEIGHBORADVERTISEMENTS); 524 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS); 525 } 526 527 if (likely(idev != NULL)) 528 in6_dev_put(idev); 529 } 530 531 void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh, 532 struct in6_addr *solicit, 533 struct in6_addr *daddr, struct in6_addr *saddr) 534 { 535 struct flowi fl; 536 struct dst_entry* dst; 537 struct inet6_dev *idev; 538 struct sock *sk = ndisc_socket->sk; 539 struct sk_buff *skb; 540 struct nd_msg *msg; 541 struct in6_addr addr_buf; 542 int len; 543 int err; 544 int send_llinfo; 545 546 if (saddr == NULL) { 547 if (ipv6_get_lladdr(dev, &addr_buf)) 548 return; 549 saddr = &addr_buf; 550 } 551 552 ndisc_flow_init(&fl, NDISC_NEIGHBOUR_SOLICITATION, saddr, daddr, 553 dev->ifindex); 554 555 dst = ndisc_dst_alloc(dev, neigh, daddr, ip6_output); 556 if (!dst) 557 return; 558 559 err = xfrm_lookup(&dst, &fl, NULL, 0); 560 if (err < 0) 561 return; 562 563 len = sizeof(struct icmp6hdr) + sizeof(struct in6_addr); 564 send_llinfo = dev->addr_len && !ipv6_addr_any(saddr); 565 if (send_llinfo) 566 len += ndisc_opt_addr_space(dev); 567 568 skb = sock_alloc_send_skb(sk, 569 (MAX_HEADER + sizeof(struct ipv6hdr) + 570 len + LL_RESERVED_SPACE(dev)), 571 1, &err); 572 if (skb == NULL) { 573 ND_PRINTK0(KERN_ERR 574 "ICMPv6 NA: %s() failed to allocate an skb.\n", 575 __FUNCTION__); 576 dst_release(dst); 577 return; 578 } 579 580 skb_reserve(skb, LL_RESERVED_SPACE(dev)); 581 ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len); 582 583 msg = (struct nd_msg *)skb_put(skb, len); 584 skb->h.raw = (unsigned char*)msg; 585 msg->icmph.icmp6_type = NDISC_NEIGHBOUR_SOLICITATION; 586 msg->icmph.icmp6_code = 0; 587 msg->icmph.icmp6_cksum = 0; 588 msg->icmph.icmp6_unused = 0; 589 590 /* Set the target address. */ 591 ipv6_addr_copy(&msg->target, solicit); 592 593 if (send_llinfo) 594 ndisc_fill_addr_option(msg->opt, ND_OPT_SOURCE_LL_ADDR, dev->dev_addr, 595 dev->addr_len, dev->type); 596 597 /* checksum */ 598 msg->icmph.icmp6_cksum = csum_ipv6_magic(&skb->nh.ipv6h->saddr, 599 daddr, len, 600 IPPROTO_ICMPV6, 601 csum_partial((__u8 *) msg, 602 len, 0)); 603 /* send it! */ 604 skb->dst = dst; 605 idev = in6_dev_get(dst->dev); 606 IP6_INC_STATS(idev, IPSTATS_MIB_OUTREQUESTS); 607 err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, dst_output); 608 if (!err) { 609 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTNEIGHBORSOLICITS); 610 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS); 611 } 612 613 if (likely(idev != NULL)) 614 in6_dev_put(idev); 615 } 616 617 void ndisc_send_rs(struct net_device *dev, struct in6_addr *saddr, 618 struct in6_addr *daddr) 619 { 620 struct flowi fl; 621 struct dst_entry* dst; 622 struct inet6_dev *idev; 623 struct sock *sk = ndisc_socket->sk; 624 struct sk_buff *skb; 625 struct icmp6hdr *hdr; 626 __u8 * opt; 627 int len; 628 int err; 629 630 ndisc_flow_init(&fl, NDISC_ROUTER_SOLICITATION, saddr, daddr, 631 dev->ifindex); 632 633 dst = ndisc_dst_alloc(dev, NULL, daddr, ip6_output); 634 if (!dst) 635 return; 636 637 err = xfrm_lookup(&dst, &fl, NULL, 0); 638 if (err < 0) 639 return; 640 641 len = sizeof(struct icmp6hdr); 642 if (dev->addr_len) 643 len += ndisc_opt_addr_space(dev); 644 645 skb = sock_alloc_send_skb(sk, 646 (MAX_HEADER + sizeof(struct ipv6hdr) + 647 len + LL_RESERVED_SPACE(dev)), 648 1, &err); 649 if (skb == NULL) { 650 ND_PRINTK0(KERN_ERR 651 "ICMPv6 RS: %s() failed to allocate an skb.\n", 652 __FUNCTION__); 653 dst_release(dst); 654 return; 655 } 656 657 skb_reserve(skb, LL_RESERVED_SPACE(dev)); 658 ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len); 659 660 hdr = (struct icmp6hdr *)skb_put(skb, len); 661 skb->h.raw = (unsigned char*)hdr; 662 hdr->icmp6_type = NDISC_ROUTER_SOLICITATION; 663 hdr->icmp6_code = 0; 664 hdr->icmp6_cksum = 0; 665 hdr->icmp6_unused = 0; 666 667 opt = (u8*) (hdr + 1); 668 669 if (dev->addr_len) 670 ndisc_fill_addr_option(opt, ND_OPT_SOURCE_LL_ADDR, dev->dev_addr, 671 dev->addr_len, dev->type); 672 673 /* checksum */ 674 hdr->icmp6_cksum = csum_ipv6_magic(&skb->nh.ipv6h->saddr, daddr, len, 675 IPPROTO_ICMPV6, 676 csum_partial((__u8 *) hdr, len, 0)); 677 678 /* send it! */ 679 skb->dst = dst; 680 idev = in6_dev_get(dst->dev); 681 IP6_INC_STATS(idev, IPSTATS_MIB_OUTREQUESTS); 682 err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, dst_output); 683 if (!err) { 684 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTROUTERSOLICITS); 685 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS); 686 } 687 688 if (likely(idev != NULL)) 689 in6_dev_put(idev); 690 } 691 692 693 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb) 694 { 695 /* 696 * "The sender MUST return an ICMP 697 * destination unreachable" 698 */ 699 dst_link_failure(skb); 700 kfree_skb(skb); 701 } 702 703 /* Called with locked neigh: either read or both */ 704 705 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb) 706 { 707 struct in6_addr *saddr = NULL; 708 struct in6_addr mcaddr; 709 struct net_device *dev = neigh->dev; 710 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key; 711 int probes = atomic_read(&neigh->probes); 712 713 if (skb && ipv6_chk_addr(&skb->nh.ipv6h->saddr, dev, 1)) 714 saddr = &skb->nh.ipv6h->saddr; 715 716 if ((probes -= neigh->parms->ucast_probes) < 0) { 717 if (!(neigh->nud_state & NUD_VALID)) { 718 ND_PRINTK1(KERN_DEBUG 719 "%s(): trying to ucast probe in NUD_INVALID: " 720 NIP6_FMT "\n", 721 __FUNCTION__, 722 NIP6(*target)); 723 } 724 ndisc_send_ns(dev, neigh, target, target, saddr); 725 } else if ((probes -= neigh->parms->app_probes) < 0) { 726 #ifdef CONFIG_ARPD 727 neigh_app_ns(neigh); 728 #endif 729 } else { 730 addrconf_addr_solict_mult(target, &mcaddr); 731 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr); 732 } 733 } 734 735 static void ndisc_recv_ns(struct sk_buff *skb) 736 { 737 struct nd_msg *msg = (struct nd_msg *)skb->h.raw; 738 struct in6_addr *saddr = &skb->nh.ipv6h->saddr; 739 struct in6_addr *daddr = &skb->nh.ipv6h->daddr; 740 u8 *lladdr = NULL; 741 u32 ndoptlen = skb->tail - msg->opt; 742 struct ndisc_options ndopts; 743 struct net_device *dev = skb->dev; 744 struct inet6_ifaddr *ifp; 745 struct inet6_dev *idev = NULL; 746 struct neighbour *neigh; 747 struct pneigh_entry *pneigh = NULL; 748 int dad = ipv6_addr_any(saddr); 749 int inc; 750 int is_router; 751 752 if (ipv6_addr_is_multicast(&msg->target)) { 753 ND_PRINTK2(KERN_WARNING 754 "ICMPv6 NS: multicast target address"); 755 return; 756 } 757 758 /* 759 * RFC2461 7.1.1: 760 * DAD has to be destined for solicited node multicast address. 761 */ 762 if (dad && 763 !(daddr->s6_addr32[0] == htonl(0xff020000) && 764 daddr->s6_addr32[1] == htonl(0x00000000) && 765 daddr->s6_addr32[2] == htonl(0x00000001) && 766 daddr->s6_addr [12] == 0xff )) { 767 ND_PRINTK2(KERN_WARNING 768 "ICMPv6 NS: bad DAD packet (wrong destination)\n"); 769 return; 770 } 771 772 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) { 773 ND_PRINTK2(KERN_WARNING 774 "ICMPv6 NS: invalid ND options\n"); 775 return; 776 } 777 778 if (ndopts.nd_opts_src_lladdr) { 779 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev); 780 if (!lladdr) { 781 ND_PRINTK2(KERN_WARNING 782 "ICMPv6 NS: invalid link-layer address length\n"); 783 return; 784 } 785 786 /* RFC2461 7.1.1: 787 * If the IP source address is the unspecified address, 788 * there MUST NOT be source link-layer address option 789 * in the message. 790 */ 791 if (dad) { 792 ND_PRINTK2(KERN_WARNING 793 "ICMPv6 NS: bad DAD packet (link-layer address option)\n"); 794 return; 795 } 796 } 797 798 inc = ipv6_addr_is_multicast(daddr); 799 800 if ((ifp = ipv6_get_ifaddr(&msg->target, dev, 1)) != NULL) { 801 if (ifp->flags & IFA_F_TENTATIVE) { 802 /* Address is tentative. If the source 803 is unspecified address, it is someone 804 does DAD, otherwise we ignore solicitations 805 until DAD timer expires. 806 */ 807 if (!dad) 808 goto out; 809 if (dev->type == ARPHRD_IEEE802_TR) { 810 unsigned char *sadr = skb->mac.raw; 811 if (((sadr[8] ^ dev->dev_addr[0]) & 0x7f) == 0 && 812 sadr[9] == dev->dev_addr[1] && 813 sadr[10] == dev->dev_addr[2] && 814 sadr[11] == dev->dev_addr[3] && 815 sadr[12] == dev->dev_addr[4] && 816 sadr[13] == dev->dev_addr[5]) { 817 /* looped-back to us */ 818 goto out; 819 } 820 } 821 addrconf_dad_failure(ifp); 822 return; 823 } 824 825 idev = ifp->idev; 826 } else { 827 idev = in6_dev_get(dev); 828 if (!idev) { 829 /* XXX: count this drop? */ 830 return; 831 } 832 833 if (ipv6_chk_acast_addr(dev, &msg->target) || 834 (idev->cnf.forwarding && 835 (ipv6_devconf.proxy_ndp || idev->cnf.proxy_ndp) && 836 (pneigh = pneigh_lookup(&nd_tbl, 837 &msg->target, dev, 0)) != NULL)) { 838 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) && 839 skb->pkt_type != PACKET_HOST && 840 inc != 0 && 841 idev->nd_parms->proxy_delay != 0) { 842 /* 843 * for anycast or proxy, 844 * sender should delay its response 845 * by a random time between 0 and 846 * MAX_ANYCAST_DELAY_TIME seconds. 847 * (RFC2461) -- yoshfuji 848 */ 849 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC); 850 if (n) 851 pneigh_enqueue(&nd_tbl, idev->nd_parms, n); 852 goto out; 853 } 854 } else 855 goto out; 856 } 857 858 is_router = !!(pneigh ? pneigh->flags & NTF_ROUTER : idev->cnf.forwarding); 859 860 if (dad) { 861 struct in6_addr maddr; 862 863 ipv6_addr_all_nodes(&maddr); 864 ndisc_send_na(dev, NULL, &maddr, &msg->target, 865 is_router, 0, (ifp != NULL), 1); 866 goto out; 867 } 868 869 if (inc) 870 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast); 871 else 872 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast); 873 874 /* 875 * update / create cache entry 876 * for the source address 877 */ 878 neigh = __neigh_lookup(&nd_tbl, saddr, dev, 879 !inc || lladdr || !dev->addr_len); 880 if (neigh) 881 neigh_update(neigh, lladdr, NUD_STALE, 882 NEIGH_UPDATE_F_WEAK_OVERRIDE| 883 NEIGH_UPDATE_F_OVERRIDE); 884 if (neigh || !dev->hard_header) { 885 ndisc_send_na(dev, neigh, saddr, &msg->target, 886 is_router, 887 1, (ifp != NULL && inc), inc); 888 if (neigh) 889 neigh_release(neigh); 890 } 891 892 out: 893 if (ifp) 894 in6_ifa_put(ifp); 895 else 896 in6_dev_put(idev); 897 898 return; 899 } 900 901 static void ndisc_recv_na(struct sk_buff *skb) 902 { 903 struct nd_msg *msg = (struct nd_msg *)skb->h.raw; 904 struct in6_addr *saddr = &skb->nh.ipv6h->saddr; 905 struct in6_addr *daddr = &skb->nh.ipv6h->daddr; 906 u8 *lladdr = NULL; 907 u32 ndoptlen = skb->tail - msg->opt; 908 struct ndisc_options ndopts; 909 struct net_device *dev = skb->dev; 910 struct inet6_ifaddr *ifp; 911 struct neighbour *neigh; 912 913 if (skb->len < sizeof(struct nd_msg)) { 914 ND_PRINTK2(KERN_WARNING 915 "ICMPv6 NA: packet too short\n"); 916 return; 917 } 918 919 if (ipv6_addr_is_multicast(&msg->target)) { 920 ND_PRINTK2(KERN_WARNING 921 "ICMPv6 NA: target address is multicast.\n"); 922 return; 923 } 924 925 if (ipv6_addr_is_multicast(daddr) && 926 msg->icmph.icmp6_solicited) { 927 ND_PRINTK2(KERN_WARNING 928 "ICMPv6 NA: solicited NA is multicasted.\n"); 929 return; 930 } 931 932 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) { 933 ND_PRINTK2(KERN_WARNING 934 "ICMPv6 NS: invalid ND option\n"); 935 return; 936 } 937 if (ndopts.nd_opts_tgt_lladdr) { 938 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev); 939 if (!lladdr) { 940 ND_PRINTK2(KERN_WARNING 941 "ICMPv6 NA: invalid link-layer address length\n"); 942 return; 943 } 944 } 945 if ((ifp = ipv6_get_ifaddr(&msg->target, dev, 1))) { 946 if (ifp->flags & IFA_F_TENTATIVE) { 947 addrconf_dad_failure(ifp); 948 return; 949 } 950 /* What should we make now? The advertisement 951 is invalid, but ndisc specs say nothing 952 about it. It could be misconfiguration, or 953 an smart proxy agent tries to help us :-) 954 */ 955 ND_PRINTK1(KERN_WARNING 956 "ICMPv6 NA: someone advertises our address on %s!\n", 957 ifp->idev->dev->name); 958 in6_ifa_put(ifp); 959 return; 960 } 961 neigh = neigh_lookup(&nd_tbl, &msg->target, dev); 962 963 if (neigh) { 964 u8 old_flags = neigh->flags; 965 966 if (neigh->nud_state & NUD_FAILED) 967 goto out; 968 969 /* 970 * Don't update the neighbor cache entry on a proxy NA from 971 * ourselves because either the proxied node is off link or it 972 * has already sent a NA to us. 973 */ 974 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) && 975 ipv6_devconf.forwarding && ipv6_devconf.proxy_ndp && 976 pneigh_lookup(&nd_tbl, &msg->target, dev, 0)) { 977 /* XXX: idev->cnf.prixy_ndp */ 978 goto out; 979 } 980 981 neigh_update(neigh, lladdr, 982 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE, 983 NEIGH_UPDATE_F_WEAK_OVERRIDE| 984 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)| 985 NEIGH_UPDATE_F_OVERRIDE_ISROUTER| 986 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0)); 987 988 if ((old_flags & ~neigh->flags) & NTF_ROUTER) { 989 /* 990 * Change: router to host 991 */ 992 struct rt6_info *rt; 993 rt = rt6_get_dflt_router(saddr, dev); 994 if (rt) 995 ip6_del_rt(rt); 996 } 997 998 out: 999 neigh_release(neigh); 1000 } 1001 } 1002 1003 static void ndisc_recv_rs(struct sk_buff *skb) 1004 { 1005 struct rs_msg *rs_msg = (struct rs_msg *) skb->h.raw; 1006 unsigned long ndoptlen = skb->len - sizeof(*rs_msg); 1007 struct neighbour *neigh; 1008 struct inet6_dev *idev; 1009 struct in6_addr *saddr = &skb->nh.ipv6h->saddr; 1010 struct ndisc_options ndopts; 1011 u8 *lladdr = NULL; 1012 1013 if (skb->len < sizeof(*rs_msg)) 1014 return; 1015 1016 idev = in6_dev_get(skb->dev); 1017 if (!idev) { 1018 if (net_ratelimit()) 1019 ND_PRINTK1("ICMP6 RS: can't find in6 device\n"); 1020 return; 1021 } 1022 1023 /* Don't accept RS if we're not in router mode */ 1024 if (!idev->cnf.forwarding) 1025 goto out; 1026 1027 /* 1028 * Don't update NCE if src = ::; 1029 * this implies that the source node has no ip address assigned yet. 1030 */ 1031 if (ipv6_addr_any(saddr)) 1032 goto out; 1033 1034 /* Parse ND options */ 1035 if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) { 1036 if (net_ratelimit()) 1037 ND_PRINTK2("ICMP6 NS: invalid ND option, ignored\n"); 1038 goto out; 1039 } 1040 1041 if (ndopts.nd_opts_src_lladdr) { 1042 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, 1043 skb->dev); 1044 if (!lladdr) 1045 goto out; 1046 } 1047 1048 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1); 1049 if (neigh) { 1050 neigh_update(neigh, lladdr, NUD_STALE, 1051 NEIGH_UPDATE_F_WEAK_OVERRIDE| 1052 NEIGH_UPDATE_F_OVERRIDE| 1053 NEIGH_UPDATE_F_OVERRIDE_ISROUTER); 1054 neigh_release(neigh); 1055 } 1056 out: 1057 in6_dev_put(idev); 1058 } 1059 1060 static void ndisc_router_discovery(struct sk_buff *skb) 1061 { 1062 struct ra_msg *ra_msg = (struct ra_msg *) skb->h.raw; 1063 struct neighbour *neigh = NULL; 1064 struct inet6_dev *in6_dev; 1065 struct rt6_info *rt = NULL; 1066 int lifetime; 1067 struct ndisc_options ndopts; 1068 int optlen; 1069 unsigned int pref = 0; 1070 1071 __u8 * opt = (__u8 *)(ra_msg + 1); 1072 1073 optlen = (skb->tail - skb->h.raw) - sizeof(struct ra_msg); 1074 1075 if (!(ipv6_addr_type(&skb->nh.ipv6h->saddr) & IPV6_ADDR_LINKLOCAL)) { 1076 ND_PRINTK2(KERN_WARNING 1077 "ICMPv6 RA: source address is not link-local.\n"); 1078 return; 1079 } 1080 if (optlen < 0) { 1081 ND_PRINTK2(KERN_WARNING 1082 "ICMPv6 RA: packet too short\n"); 1083 return; 1084 } 1085 1086 /* 1087 * set the RA_RECV flag in the interface 1088 */ 1089 1090 in6_dev = in6_dev_get(skb->dev); 1091 if (in6_dev == NULL) { 1092 ND_PRINTK0(KERN_ERR 1093 "ICMPv6 RA: can't find inet6 device for %s.\n", 1094 skb->dev->name); 1095 return; 1096 } 1097 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_ra) { 1098 in6_dev_put(in6_dev); 1099 return; 1100 } 1101 1102 if (!ndisc_parse_options(opt, optlen, &ndopts)) { 1103 in6_dev_put(in6_dev); 1104 ND_PRINTK2(KERN_WARNING 1105 "ICMP6 RA: invalid ND options\n"); 1106 return; 1107 } 1108 1109 if (in6_dev->if_flags & IF_RS_SENT) { 1110 /* 1111 * flag that an RA was received after an RS was sent 1112 * out on this interface. 1113 */ 1114 in6_dev->if_flags |= IF_RA_RCVD; 1115 } 1116 1117 /* 1118 * Remember the managed/otherconf flags from most recently 1119 * received RA message (RFC 2462) -- yoshfuji 1120 */ 1121 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED | 1122 IF_RA_OTHERCONF)) | 1123 (ra_msg->icmph.icmp6_addrconf_managed ? 1124 IF_RA_MANAGED : 0) | 1125 (ra_msg->icmph.icmp6_addrconf_other ? 1126 IF_RA_OTHERCONF : 0); 1127 1128 if (!in6_dev->cnf.accept_ra_defrtr) 1129 goto skip_defrtr; 1130 1131 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime); 1132 1133 #ifdef CONFIG_IPV6_ROUTER_PREF 1134 pref = ra_msg->icmph.icmp6_router_pref; 1135 /* 10b is handled as if it were 00b (medium) */ 1136 if (pref == ICMPV6_ROUTER_PREF_INVALID || 1137 in6_dev->cnf.accept_ra_rtr_pref) 1138 pref = ICMPV6_ROUTER_PREF_MEDIUM; 1139 #endif 1140 1141 rt = rt6_get_dflt_router(&skb->nh.ipv6h->saddr, skb->dev); 1142 1143 if (rt) 1144 neigh = rt->rt6i_nexthop; 1145 1146 if (rt && lifetime == 0) { 1147 neigh_clone(neigh); 1148 ip6_del_rt(rt); 1149 rt = NULL; 1150 } 1151 1152 if (rt == NULL && lifetime) { 1153 ND_PRINTK3(KERN_DEBUG 1154 "ICMPv6 RA: adding default router.\n"); 1155 1156 rt = rt6_add_dflt_router(&skb->nh.ipv6h->saddr, skb->dev, pref); 1157 if (rt == NULL) { 1158 ND_PRINTK0(KERN_ERR 1159 "ICMPv6 RA: %s() failed to add default route.\n", 1160 __FUNCTION__); 1161 in6_dev_put(in6_dev); 1162 return; 1163 } 1164 1165 neigh = rt->rt6i_nexthop; 1166 if (neigh == NULL) { 1167 ND_PRINTK0(KERN_ERR 1168 "ICMPv6 RA: %s() got default router without neighbour.\n", 1169 __FUNCTION__); 1170 dst_release(&rt->u.dst); 1171 in6_dev_put(in6_dev); 1172 return; 1173 } 1174 neigh->flags |= NTF_ROUTER; 1175 } else if (rt) { 1176 rt->rt6i_flags |= (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref); 1177 } 1178 1179 if (rt) 1180 rt->rt6i_expires = jiffies + (HZ * lifetime); 1181 1182 if (ra_msg->icmph.icmp6_hop_limit) { 1183 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit; 1184 if (rt) 1185 rt->u.dst.metrics[RTAX_HOPLIMIT-1] = ra_msg->icmph.icmp6_hop_limit; 1186 } 1187 1188 skip_defrtr: 1189 1190 /* 1191 * Update Reachable Time and Retrans Timer 1192 */ 1193 1194 if (in6_dev->nd_parms) { 1195 unsigned long rtime = ntohl(ra_msg->retrans_timer); 1196 1197 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) { 1198 rtime = (rtime*HZ)/1000; 1199 if (rtime < HZ/10) 1200 rtime = HZ/10; 1201 in6_dev->nd_parms->retrans_time = rtime; 1202 in6_dev->tstamp = jiffies; 1203 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev); 1204 } 1205 1206 rtime = ntohl(ra_msg->reachable_time); 1207 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) { 1208 rtime = (rtime*HZ)/1000; 1209 1210 if (rtime < HZ/10) 1211 rtime = HZ/10; 1212 1213 if (rtime != in6_dev->nd_parms->base_reachable_time) { 1214 in6_dev->nd_parms->base_reachable_time = rtime; 1215 in6_dev->nd_parms->gc_staletime = 3 * rtime; 1216 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime); 1217 in6_dev->tstamp = jiffies; 1218 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev); 1219 } 1220 } 1221 } 1222 1223 /* 1224 * Process options. 1225 */ 1226 1227 if (!neigh) 1228 neigh = __neigh_lookup(&nd_tbl, &skb->nh.ipv6h->saddr, 1229 skb->dev, 1); 1230 if (neigh) { 1231 u8 *lladdr = NULL; 1232 if (ndopts.nd_opts_src_lladdr) { 1233 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, 1234 skb->dev); 1235 if (!lladdr) { 1236 ND_PRINTK2(KERN_WARNING 1237 "ICMPv6 RA: invalid link-layer address length\n"); 1238 goto out; 1239 } 1240 } 1241 neigh_update(neigh, lladdr, NUD_STALE, 1242 NEIGH_UPDATE_F_WEAK_OVERRIDE| 1243 NEIGH_UPDATE_F_OVERRIDE| 1244 NEIGH_UPDATE_F_OVERRIDE_ISROUTER| 1245 NEIGH_UPDATE_F_ISROUTER); 1246 } 1247 1248 #ifdef CONFIG_IPV6_ROUTE_INFO 1249 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) { 1250 struct nd_opt_hdr *p; 1251 for (p = ndopts.nd_opts_ri; 1252 p; 1253 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) { 1254 if (((struct route_info *)p)->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen) 1255 continue; 1256 rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3, 1257 &skb->nh.ipv6h->saddr); 1258 } 1259 } 1260 #endif 1261 1262 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) { 1263 struct nd_opt_hdr *p; 1264 for (p = ndopts.nd_opts_pi; 1265 p; 1266 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) { 1267 addrconf_prefix_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3); 1268 } 1269 } 1270 1271 if (ndopts.nd_opts_mtu) { 1272 __be32 n; 1273 u32 mtu; 1274 1275 memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu)); 1276 mtu = ntohl(n); 1277 1278 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) { 1279 ND_PRINTK2(KERN_WARNING 1280 "ICMPv6 RA: invalid mtu: %d\n", 1281 mtu); 1282 } else if (in6_dev->cnf.mtu6 != mtu) { 1283 in6_dev->cnf.mtu6 = mtu; 1284 1285 if (rt) 1286 rt->u.dst.metrics[RTAX_MTU-1] = mtu; 1287 1288 rt6_mtu_change(skb->dev, mtu); 1289 } 1290 } 1291 1292 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) { 1293 ND_PRINTK2(KERN_WARNING 1294 "ICMPv6 RA: invalid RA options"); 1295 } 1296 out: 1297 if (rt) 1298 dst_release(&rt->u.dst); 1299 else if (neigh) 1300 neigh_release(neigh); 1301 in6_dev_put(in6_dev); 1302 } 1303 1304 static void ndisc_redirect_rcv(struct sk_buff *skb) 1305 { 1306 struct inet6_dev *in6_dev; 1307 struct icmp6hdr *icmph; 1308 struct in6_addr *dest; 1309 struct in6_addr *target; /* new first hop to destination */ 1310 struct neighbour *neigh; 1311 int on_link = 0; 1312 struct ndisc_options ndopts; 1313 int optlen; 1314 u8 *lladdr = NULL; 1315 1316 if (!(ipv6_addr_type(&skb->nh.ipv6h->saddr) & IPV6_ADDR_LINKLOCAL)) { 1317 ND_PRINTK2(KERN_WARNING 1318 "ICMPv6 Redirect: source address is not link-local.\n"); 1319 return; 1320 } 1321 1322 optlen = skb->tail - skb->h.raw; 1323 optlen -= sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr); 1324 1325 if (optlen < 0) { 1326 ND_PRINTK2(KERN_WARNING 1327 "ICMPv6 Redirect: packet too short\n"); 1328 return; 1329 } 1330 1331 icmph = (struct icmp6hdr *) skb->h.raw; 1332 target = (struct in6_addr *) (icmph + 1); 1333 dest = target + 1; 1334 1335 if (ipv6_addr_is_multicast(dest)) { 1336 ND_PRINTK2(KERN_WARNING 1337 "ICMPv6 Redirect: destination address is multicast.\n"); 1338 return; 1339 } 1340 1341 if (ipv6_addr_equal(dest, target)) { 1342 on_link = 1; 1343 } else if (!(ipv6_addr_type(target) & IPV6_ADDR_LINKLOCAL)) { 1344 ND_PRINTK2(KERN_WARNING 1345 "ICMPv6 Redirect: target address is not link-local.\n"); 1346 return; 1347 } 1348 1349 in6_dev = in6_dev_get(skb->dev); 1350 if (!in6_dev) 1351 return; 1352 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects) { 1353 in6_dev_put(in6_dev); 1354 return; 1355 } 1356 1357 /* RFC2461 8.1: 1358 * The IP source address of the Redirect MUST be the same as the current 1359 * first-hop router for the specified ICMP Destination Address. 1360 */ 1361 1362 if (!ndisc_parse_options((u8*)(dest + 1), optlen, &ndopts)) { 1363 ND_PRINTK2(KERN_WARNING 1364 "ICMPv6 Redirect: invalid ND options\n"); 1365 in6_dev_put(in6_dev); 1366 return; 1367 } 1368 if (ndopts.nd_opts_tgt_lladdr) { 1369 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, 1370 skb->dev); 1371 if (!lladdr) { 1372 ND_PRINTK2(KERN_WARNING 1373 "ICMPv6 Redirect: invalid link-layer address length\n"); 1374 in6_dev_put(in6_dev); 1375 return; 1376 } 1377 } 1378 1379 neigh = __neigh_lookup(&nd_tbl, target, skb->dev, 1); 1380 if (neigh) { 1381 rt6_redirect(dest, &skb->nh.ipv6h->daddr, 1382 &skb->nh.ipv6h->saddr, neigh, lladdr, 1383 on_link); 1384 neigh_release(neigh); 1385 } 1386 in6_dev_put(in6_dev); 1387 } 1388 1389 void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh, 1390 struct in6_addr *target) 1391 { 1392 struct sock *sk = ndisc_socket->sk; 1393 int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr); 1394 struct sk_buff *buff; 1395 struct icmp6hdr *icmph; 1396 struct in6_addr saddr_buf; 1397 struct in6_addr *addrp; 1398 struct net_device *dev; 1399 struct rt6_info *rt; 1400 struct dst_entry *dst; 1401 struct inet6_dev *idev; 1402 struct flowi fl; 1403 u8 *opt; 1404 int rd_len; 1405 int err; 1406 int hlen; 1407 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL; 1408 1409 dev = skb->dev; 1410 1411 if (ipv6_get_lladdr(dev, &saddr_buf)) { 1412 ND_PRINTK2(KERN_WARNING 1413 "ICMPv6 Redirect: no link-local address on %s\n", 1414 dev->name); 1415 return; 1416 } 1417 1418 if (!ipv6_addr_equal(&skb->nh.ipv6h->daddr, target) && 1419 !(ipv6_addr_type(target) & IPV6_ADDR_LINKLOCAL)) { 1420 ND_PRINTK2(KERN_WARNING 1421 "ICMPv6 Redirect: target address is not link-local.\n"); 1422 return; 1423 } 1424 1425 ndisc_flow_init(&fl, NDISC_REDIRECT, &saddr_buf, &skb->nh.ipv6h->saddr, 1426 dev->ifindex); 1427 1428 dst = ip6_route_output(NULL, &fl); 1429 if (dst == NULL) 1430 return; 1431 1432 err = xfrm_lookup(&dst, &fl, NULL, 0); 1433 if (err) 1434 return; 1435 1436 rt = (struct rt6_info *) dst; 1437 1438 if (rt->rt6i_flags & RTF_GATEWAY) { 1439 ND_PRINTK2(KERN_WARNING 1440 "ICMPv6 Redirect: destination is not a neighbour.\n"); 1441 dst_release(dst); 1442 return; 1443 } 1444 if (!xrlim_allow(dst, 1*HZ)) { 1445 dst_release(dst); 1446 return; 1447 } 1448 1449 if (dev->addr_len) { 1450 read_lock_bh(&neigh->lock); 1451 if (neigh->nud_state & NUD_VALID) { 1452 memcpy(ha_buf, neigh->ha, dev->addr_len); 1453 read_unlock_bh(&neigh->lock); 1454 ha = ha_buf; 1455 len += ndisc_opt_addr_space(dev); 1456 } else 1457 read_unlock_bh(&neigh->lock); 1458 } 1459 1460 rd_len = min_t(unsigned int, 1461 IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8); 1462 rd_len &= ~0x7; 1463 len += rd_len; 1464 1465 buff = sock_alloc_send_skb(sk, 1466 (MAX_HEADER + sizeof(struct ipv6hdr) + 1467 len + LL_RESERVED_SPACE(dev)), 1468 1, &err); 1469 if (buff == NULL) { 1470 ND_PRINTK0(KERN_ERR 1471 "ICMPv6 Redirect: %s() failed to allocate an skb.\n", 1472 __FUNCTION__); 1473 dst_release(dst); 1474 return; 1475 } 1476 1477 hlen = 0; 1478 1479 skb_reserve(buff, LL_RESERVED_SPACE(dev)); 1480 ip6_nd_hdr(sk, buff, dev, &saddr_buf, &skb->nh.ipv6h->saddr, 1481 IPPROTO_ICMPV6, len); 1482 1483 icmph = (struct icmp6hdr *)skb_put(buff, len); 1484 buff->h.raw = (unsigned char*)icmph; 1485 1486 memset(icmph, 0, sizeof(struct icmp6hdr)); 1487 icmph->icmp6_type = NDISC_REDIRECT; 1488 1489 /* 1490 * copy target and destination addresses 1491 */ 1492 1493 addrp = (struct in6_addr *)(icmph + 1); 1494 ipv6_addr_copy(addrp, target); 1495 addrp++; 1496 ipv6_addr_copy(addrp, &skb->nh.ipv6h->daddr); 1497 1498 opt = (u8*) (addrp + 1); 1499 1500 /* 1501 * include target_address option 1502 */ 1503 1504 if (ha) 1505 opt = ndisc_fill_addr_option(opt, ND_OPT_TARGET_LL_ADDR, ha, 1506 dev->addr_len, dev->type); 1507 1508 /* 1509 * build redirect option and copy skb over to the new packet. 1510 */ 1511 1512 memset(opt, 0, 8); 1513 *(opt++) = ND_OPT_REDIRECT_HDR; 1514 *(opt++) = (rd_len >> 3); 1515 opt += 6; 1516 1517 memcpy(opt, skb->nh.ipv6h, rd_len - 8); 1518 1519 icmph->icmp6_cksum = csum_ipv6_magic(&saddr_buf, &skb->nh.ipv6h->saddr, 1520 len, IPPROTO_ICMPV6, 1521 csum_partial((u8 *) icmph, len, 0)); 1522 1523 buff->dst = dst; 1524 idev = in6_dev_get(dst->dev); 1525 IP6_INC_STATS(idev, IPSTATS_MIB_OUTREQUESTS); 1526 err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, buff, NULL, dst->dev, dst_output); 1527 if (!err) { 1528 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTREDIRECTS); 1529 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS); 1530 } 1531 1532 if (likely(idev != NULL)) 1533 in6_dev_put(idev); 1534 } 1535 1536 static void pndisc_redo(struct sk_buff *skb) 1537 { 1538 ndisc_recv_ns(skb); 1539 kfree_skb(skb); 1540 } 1541 1542 int ndisc_rcv(struct sk_buff *skb) 1543 { 1544 struct nd_msg *msg; 1545 1546 if (!pskb_may_pull(skb, skb->len)) 1547 return 0; 1548 1549 msg = (struct nd_msg *) skb->h.raw; 1550 1551 __skb_push(skb, skb->data-skb->h.raw); 1552 1553 if (skb->nh.ipv6h->hop_limit != 255) { 1554 ND_PRINTK2(KERN_WARNING 1555 "ICMPv6 NDISC: invalid hop-limit: %d\n", 1556 skb->nh.ipv6h->hop_limit); 1557 return 0; 1558 } 1559 1560 if (msg->icmph.icmp6_code != 0) { 1561 ND_PRINTK2(KERN_WARNING 1562 "ICMPv6 NDISC: invalid ICMPv6 code: %d\n", 1563 msg->icmph.icmp6_code); 1564 return 0; 1565 } 1566 1567 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb)); 1568 1569 switch (msg->icmph.icmp6_type) { 1570 case NDISC_NEIGHBOUR_SOLICITATION: 1571 ndisc_recv_ns(skb); 1572 break; 1573 1574 case NDISC_NEIGHBOUR_ADVERTISEMENT: 1575 ndisc_recv_na(skb); 1576 break; 1577 1578 case NDISC_ROUTER_SOLICITATION: 1579 ndisc_recv_rs(skb); 1580 break; 1581 1582 case NDISC_ROUTER_ADVERTISEMENT: 1583 ndisc_router_discovery(skb); 1584 break; 1585 1586 case NDISC_REDIRECT: 1587 ndisc_redirect_rcv(skb); 1588 break; 1589 }; 1590 1591 return 0; 1592 } 1593 1594 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr) 1595 { 1596 struct net_device *dev = ptr; 1597 1598 switch (event) { 1599 case NETDEV_CHANGEADDR: 1600 neigh_changeaddr(&nd_tbl, dev); 1601 fib6_run_gc(~0UL); 1602 break; 1603 case NETDEV_DOWN: 1604 neigh_ifdown(&nd_tbl, dev); 1605 fib6_run_gc(~0UL); 1606 break; 1607 default: 1608 break; 1609 } 1610 1611 return NOTIFY_DONE; 1612 } 1613 1614 static struct notifier_block ndisc_netdev_notifier = { 1615 .notifier_call = ndisc_netdev_event, 1616 }; 1617 1618 #ifdef CONFIG_SYSCTL 1619 static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl, 1620 const char *func, const char *dev_name) 1621 { 1622 static char warncomm[TASK_COMM_LEN]; 1623 static int warned; 1624 if (strcmp(warncomm, current->comm) && warned < 5) { 1625 strcpy(warncomm, current->comm); 1626 printk(KERN_WARNING 1627 "process `%s' is using deprecated sysctl (%s) " 1628 "net.ipv6.neigh.%s.%s; " 1629 "Use net.ipv6.neigh.%s.%s_ms " 1630 "instead.\n", 1631 warncomm, func, 1632 dev_name, ctl->procname, 1633 dev_name, ctl->procname); 1634 warned++; 1635 } 1636 } 1637 1638 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, struct file * filp, void __user *buffer, size_t *lenp, loff_t *ppos) 1639 { 1640 struct net_device *dev = ctl->extra1; 1641 struct inet6_dev *idev; 1642 int ret; 1643 1644 if (ctl->ctl_name == NET_NEIGH_RETRANS_TIME || 1645 ctl->ctl_name == NET_NEIGH_REACHABLE_TIME) 1646 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default"); 1647 1648 switch (ctl->ctl_name) { 1649 case NET_NEIGH_RETRANS_TIME: 1650 ret = proc_dointvec(ctl, write, filp, buffer, lenp, ppos); 1651 break; 1652 case NET_NEIGH_REACHABLE_TIME: 1653 ret = proc_dointvec_jiffies(ctl, write, 1654 filp, buffer, lenp, ppos); 1655 break; 1656 case NET_NEIGH_RETRANS_TIME_MS: 1657 case NET_NEIGH_REACHABLE_TIME_MS: 1658 ret = proc_dointvec_ms_jiffies(ctl, write, 1659 filp, buffer, lenp, ppos); 1660 break; 1661 default: 1662 ret = -1; 1663 } 1664 1665 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) { 1666 if (ctl->ctl_name == NET_NEIGH_REACHABLE_TIME || 1667 ctl->ctl_name == NET_NEIGH_REACHABLE_TIME_MS) 1668 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time); 1669 idev->tstamp = jiffies; 1670 inet6_ifinfo_notify(RTM_NEWLINK, idev); 1671 in6_dev_put(idev); 1672 } 1673 return ret; 1674 } 1675 1676 static int ndisc_ifinfo_sysctl_strategy(ctl_table *ctl, int __user *name, 1677 int nlen, void __user *oldval, 1678 size_t __user *oldlenp, 1679 void __user *newval, size_t newlen) 1680 { 1681 struct net_device *dev = ctl->extra1; 1682 struct inet6_dev *idev; 1683 int ret; 1684 1685 if (ctl->ctl_name == NET_NEIGH_RETRANS_TIME || 1686 ctl->ctl_name == NET_NEIGH_REACHABLE_TIME) 1687 ndisc_warn_deprecated_sysctl(ctl, "procfs", dev ? dev->name : "default"); 1688 1689 switch (ctl->ctl_name) { 1690 case NET_NEIGH_REACHABLE_TIME: 1691 ret = sysctl_jiffies(ctl, name, nlen, 1692 oldval, oldlenp, newval, newlen); 1693 break; 1694 case NET_NEIGH_RETRANS_TIME_MS: 1695 case NET_NEIGH_REACHABLE_TIME_MS: 1696 ret = sysctl_ms_jiffies(ctl, name, nlen, 1697 oldval, oldlenp, newval, newlen); 1698 break; 1699 default: 1700 ret = 0; 1701 } 1702 1703 if (newval && newlen && ret > 0 && 1704 dev && (idev = in6_dev_get(dev)) != NULL) { 1705 if (ctl->ctl_name == NET_NEIGH_REACHABLE_TIME || 1706 ctl->ctl_name == NET_NEIGH_REACHABLE_TIME_MS) 1707 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time); 1708 idev->tstamp = jiffies; 1709 inet6_ifinfo_notify(RTM_NEWLINK, idev); 1710 in6_dev_put(idev); 1711 } 1712 1713 return ret; 1714 } 1715 1716 #endif 1717 1718 int __init ndisc_init(struct net_proto_family *ops) 1719 { 1720 struct ipv6_pinfo *np; 1721 struct sock *sk; 1722 int err; 1723 1724 err = sock_create_kern(PF_INET6, SOCK_RAW, IPPROTO_ICMPV6, &ndisc_socket); 1725 if (err < 0) { 1726 ND_PRINTK0(KERN_ERR 1727 "ICMPv6 NDISC: Failed to initialize the control socket (err %d).\n", 1728 err); 1729 ndisc_socket = NULL; /* For safety. */ 1730 return err; 1731 } 1732 1733 sk = ndisc_socket->sk; 1734 np = inet6_sk(sk); 1735 sk->sk_allocation = GFP_ATOMIC; 1736 np->hop_limit = 255; 1737 /* Do not loopback ndisc messages */ 1738 np->mc_loop = 0; 1739 sk->sk_prot->unhash(sk); 1740 1741 /* 1742 * Initialize the neighbour table 1743 */ 1744 1745 neigh_table_init(&nd_tbl); 1746 1747 #ifdef CONFIG_SYSCTL 1748 neigh_sysctl_register(NULL, &nd_tbl.parms, NET_IPV6, NET_IPV6_NEIGH, 1749 "ipv6", 1750 &ndisc_ifinfo_sysctl_change, 1751 &ndisc_ifinfo_sysctl_strategy); 1752 #endif 1753 1754 register_netdevice_notifier(&ndisc_netdev_notifier); 1755 return 0; 1756 } 1757 1758 void ndisc_cleanup(void) 1759 { 1760 unregister_netdevice_notifier(&ndisc_netdev_notifier); 1761 #ifdef CONFIG_SYSCTL 1762 neigh_sysctl_unregister(&nd_tbl.parms); 1763 #endif 1764 neigh_table_clear(&nd_tbl); 1765 sock_release(ndisc_socket); 1766 ndisc_socket = NULL; /* For safety. */ 1767 } 1768