1 /* 2 * Neighbour Discovery for IPv6 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * Mike Shaver <shaver@ingenia.com> 8 * 9 * This program is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU General Public License 11 * as published by the Free Software Foundation; either version 12 * 2 of the License, or (at your option) any later version. 13 */ 14 15 /* 16 * Changes: 17 * 18 * Pierre Ynard : export userland ND options 19 * through netlink (RDNSS support) 20 * Lars Fenneberg : fixed MTU setting on receipt 21 * of an RA. 22 * Janos Farkas : kmalloc failure checks 23 * Alexey Kuznetsov : state machine reworked 24 * and moved to net/core. 25 * Pekka Savola : RFC2461 validation 26 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly 27 */ 28 29 /* Set to 3 to get tracing... */ 30 #define ND_DEBUG 1 31 32 #define ND_PRINTK(fmt, args...) do { if (net_ratelimit()) { printk(fmt, ## args); } } while(0) 33 #define ND_NOPRINTK(x...) do { ; } while(0) 34 #define ND_PRINTK0 ND_PRINTK 35 #define ND_PRINTK1 ND_NOPRINTK 36 #define ND_PRINTK2 ND_NOPRINTK 37 #define ND_PRINTK3 ND_NOPRINTK 38 #if ND_DEBUG >= 1 39 #undef ND_PRINTK1 40 #define ND_PRINTK1 ND_PRINTK 41 #endif 42 #if ND_DEBUG >= 2 43 #undef ND_PRINTK2 44 #define ND_PRINTK2 ND_PRINTK 45 #endif 46 #if ND_DEBUG >= 3 47 #undef ND_PRINTK3 48 #define ND_PRINTK3 ND_PRINTK 49 #endif 50 51 #include <linux/module.h> 52 #include <linux/errno.h> 53 #include <linux/types.h> 54 #include <linux/socket.h> 55 #include <linux/sockios.h> 56 #include <linux/sched.h> 57 #include <linux/net.h> 58 #include <linux/in6.h> 59 #include <linux/route.h> 60 #include <linux/init.h> 61 #include <linux/rcupdate.h> 62 #ifdef CONFIG_SYSCTL 63 #include <linux/sysctl.h> 64 #endif 65 66 #include <linux/if_addr.h> 67 #include <linux/if_arp.h> 68 #include <linux/ipv6.h> 69 #include <linux/icmpv6.h> 70 #include <linux/jhash.h> 71 72 #include <net/sock.h> 73 #include <net/snmp.h> 74 75 #include <net/ipv6.h> 76 #include <net/protocol.h> 77 #include <net/ndisc.h> 78 #include <net/ip6_route.h> 79 #include <net/addrconf.h> 80 #include <net/icmp.h> 81 82 #include <net/netlink.h> 83 #include <linux/rtnetlink.h> 84 85 #include <net/flow.h> 86 #include <net/ip6_checksum.h> 87 #include <linux/proc_fs.h> 88 89 #include <linux/netfilter.h> 90 #include <linux/netfilter_ipv6.h> 91 92 static struct socket *ndisc_socket; 93 94 static u32 ndisc_hash(const void *pkey, const struct net_device *dev); 95 static int ndisc_constructor(struct neighbour *neigh); 96 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb); 97 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb); 98 static int pndisc_constructor(struct pneigh_entry *n); 99 static void pndisc_destructor(struct pneigh_entry *n); 100 static void pndisc_redo(struct sk_buff *skb); 101 102 static struct neigh_ops ndisc_generic_ops = { 103 .family = AF_INET6, 104 .solicit = ndisc_solicit, 105 .error_report = ndisc_error_report, 106 .output = neigh_resolve_output, 107 .connected_output = neigh_connected_output, 108 .hh_output = dev_queue_xmit, 109 .queue_xmit = dev_queue_xmit, 110 }; 111 112 static struct neigh_ops ndisc_hh_ops = { 113 .family = AF_INET6, 114 .solicit = ndisc_solicit, 115 .error_report = ndisc_error_report, 116 .output = neigh_resolve_output, 117 .connected_output = neigh_resolve_output, 118 .hh_output = dev_queue_xmit, 119 .queue_xmit = dev_queue_xmit, 120 }; 121 122 123 static struct neigh_ops ndisc_direct_ops = { 124 .family = AF_INET6, 125 .output = dev_queue_xmit, 126 .connected_output = dev_queue_xmit, 127 .hh_output = dev_queue_xmit, 128 .queue_xmit = dev_queue_xmit, 129 }; 130 131 struct neigh_table nd_tbl = { 132 .family = AF_INET6, 133 .entry_size = sizeof(struct neighbour) + sizeof(struct in6_addr), 134 .key_len = sizeof(struct in6_addr), 135 .hash = ndisc_hash, 136 .constructor = ndisc_constructor, 137 .pconstructor = pndisc_constructor, 138 .pdestructor = pndisc_destructor, 139 .proxy_redo = pndisc_redo, 140 .id = "ndisc_cache", 141 .parms = { 142 .tbl = &nd_tbl, 143 .base_reachable_time = 30 * HZ, 144 .retrans_time = 1 * HZ, 145 .gc_staletime = 60 * HZ, 146 .reachable_time = 30 * HZ, 147 .delay_probe_time = 5 * HZ, 148 .queue_len = 3, 149 .ucast_probes = 3, 150 .mcast_probes = 3, 151 .anycast_delay = 1 * HZ, 152 .proxy_delay = (8 * HZ) / 10, 153 .proxy_qlen = 64, 154 }, 155 .gc_interval = 30 * HZ, 156 .gc_thresh1 = 128, 157 .gc_thresh2 = 512, 158 .gc_thresh3 = 1024, 159 }; 160 161 /* ND options */ 162 struct ndisc_options { 163 struct nd_opt_hdr *nd_opt_array[__ND_OPT_ARRAY_MAX]; 164 #ifdef CONFIG_IPV6_ROUTE_INFO 165 struct nd_opt_hdr *nd_opts_ri; 166 struct nd_opt_hdr *nd_opts_ri_end; 167 #endif 168 struct nd_opt_hdr *nd_useropts; 169 struct nd_opt_hdr *nd_useropts_end; 170 }; 171 172 #define nd_opts_src_lladdr nd_opt_array[ND_OPT_SOURCE_LL_ADDR] 173 #define nd_opts_tgt_lladdr nd_opt_array[ND_OPT_TARGET_LL_ADDR] 174 #define nd_opts_pi nd_opt_array[ND_OPT_PREFIX_INFO] 175 #define nd_opts_pi_end nd_opt_array[__ND_OPT_PREFIX_INFO_END] 176 #define nd_opts_rh nd_opt_array[ND_OPT_REDIRECT_HDR] 177 #define nd_opts_mtu nd_opt_array[ND_OPT_MTU] 178 179 #define NDISC_OPT_SPACE(len) (((len)+2+7)&~7) 180 181 /* 182 * Return the padding between the option length and the start of the 183 * link addr. Currently only IP-over-InfiniBand needs this, although 184 * if RFC 3831 IPv6-over-Fibre Channel is ever implemented it may 185 * also need a pad of 2. 186 */ 187 static int ndisc_addr_option_pad(unsigned short type) 188 { 189 switch (type) { 190 case ARPHRD_INFINIBAND: return 2; 191 default: return 0; 192 } 193 } 194 195 static inline int ndisc_opt_addr_space(struct net_device *dev) 196 { 197 return NDISC_OPT_SPACE(dev->addr_len + ndisc_addr_option_pad(dev->type)); 198 } 199 200 static u8 *ndisc_fill_addr_option(u8 *opt, int type, void *data, int data_len, 201 unsigned short addr_type) 202 { 203 int space = NDISC_OPT_SPACE(data_len); 204 int pad = ndisc_addr_option_pad(addr_type); 205 206 opt[0] = type; 207 opt[1] = space>>3; 208 209 memset(opt + 2, 0, pad); 210 opt += pad; 211 space -= pad; 212 213 memcpy(opt+2, data, data_len); 214 data_len += 2; 215 opt += data_len; 216 if ((space -= data_len) > 0) 217 memset(opt, 0, space); 218 return opt + space; 219 } 220 221 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur, 222 struct nd_opt_hdr *end) 223 { 224 int type; 225 if (!cur || !end || cur >= end) 226 return NULL; 227 type = cur->nd_opt_type; 228 do { 229 cur = ((void *)cur) + (cur->nd_opt_len << 3); 230 } while(cur < end && cur->nd_opt_type != type); 231 return (cur <= end && cur->nd_opt_type == type ? cur : NULL); 232 } 233 234 static inline int ndisc_is_useropt(struct nd_opt_hdr *opt) 235 { 236 return (opt->nd_opt_type == ND_OPT_RDNSS); 237 } 238 239 static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur, 240 struct nd_opt_hdr *end) 241 { 242 if (!cur || !end || cur >= end) 243 return NULL; 244 do { 245 cur = ((void *)cur) + (cur->nd_opt_len << 3); 246 } while(cur < end && !ndisc_is_useropt(cur)); 247 return (cur <= end && ndisc_is_useropt(cur) ? cur : NULL); 248 } 249 250 static struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len, 251 struct ndisc_options *ndopts) 252 { 253 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt; 254 255 if (!nd_opt || opt_len < 0 || !ndopts) 256 return NULL; 257 memset(ndopts, 0, sizeof(*ndopts)); 258 while (opt_len) { 259 int l; 260 if (opt_len < sizeof(struct nd_opt_hdr)) 261 return NULL; 262 l = nd_opt->nd_opt_len << 3; 263 if (opt_len < l || l == 0) 264 return NULL; 265 switch (nd_opt->nd_opt_type) { 266 case ND_OPT_SOURCE_LL_ADDR: 267 case ND_OPT_TARGET_LL_ADDR: 268 case ND_OPT_MTU: 269 case ND_OPT_REDIRECT_HDR: 270 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) { 271 ND_PRINTK2(KERN_WARNING 272 "%s(): duplicated ND6 option found: type=%d\n", 273 __FUNCTION__, 274 nd_opt->nd_opt_type); 275 } else { 276 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 277 } 278 break; 279 case ND_OPT_PREFIX_INFO: 280 ndopts->nd_opts_pi_end = nd_opt; 281 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type]) 282 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 283 break; 284 #ifdef CONFIG_IPV6_ROUTE_INFO 285 case ND_OPT_ROUTE_INFO: 286 ndopts->nd_opts_ri_end = nd_opt; 287 if (!ndopts->nd_opts_ri) 288 ndopts->nd_opts_ri = nd_opt; 289 break; 290 #endif 291 default: 292 if (ndisc_is_useropt(nd_opt)) { 293 ndopts->nd_useropts_end = nd_opt; 294 if (!ndopts->nd_useropts) 295 ndopts->nd_useropts = nd_opt; 296 } else { 297 /* 298 * Unknown options must be silently ignored, 299 * to accommodate future extension to the 300 * protocol. 301 */ 302 ND_PRINTK2(KERN_NOTICE 303 "%s(): ignored unsupported option; type=%d, len=%d\n", 304 __FUNCTION__, 305 nd_opt->nd_opt_type, nd_opt->nd_opt_len); 306 } 307 } 308 opt_len -= l; 309 nd_opt = ((void *)nd_opt) + l; 310 } 311 return ndopts; 312 } 313 314 static inline u8 *ndisc_opt_addr_data(struct nd_opt_hdr *p, 315 struct net_device *dev) 316 { 317 u8 *lladdr = (u8 *)(p + 1); 318 int lladdrlen = p->nd_opt_len << 3; 319 int prepad = ndisc_addr_option_pad(dev->type); 320 if (lladdrlen != NDISC_OPT_SPACE(dev->addr_len + prepad)) 321 return NULL; 322 return (lladdr + prepad); 323 } 324 325 int ndisc_mc_map(struct in6_addr *addr, char *buf, struct net_device *dev, int dir) 326 { 327 switch (dev->type) { 328 case ARPHRD_ETHER: 329 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */ 330 case ARPHRD_FDDI: 331 ipv6_eth_mc_map(addr, buf); 332 return 0; 333 case ARPHRD_IEEE802_TR: 334 ipv6_tr_mc_map(addr,buf); 335 return 0; 336 case ARPHRD_ARCNET: 337 ipv6_arcnet_mc_map(addr, buf); 338 return 0; 339 case ARPHRD_INFINIBAND: 340 ipv6_ib_mc_map(addr, buf); 341 return 0; 342 default: 343 if (dir) { 344 memcpy(buf, dev->broadcast, dev->addr_len); 345 return 0; 346 } 347 } 348 return -EINVAL; 349 } 350 351 EXPORT_SYMBOL(ndisc_mc_map); 352 353 static u32 ndisc_hash(const void *pkey, const struct net_device *dev) 354 { 355 const u32 *p32 = pkey; 356 u32 addr_hash, i; 357 358 addr_hash = 0; 359 for (i = 0; i < (sizeof(struct in6_addr) / sizeof(u32)); i++) 360 addr_hash ^= *p32++; 361 362 return jhash_2words(addr_hash, dev->ifindex, nd_tbl.hash_rnd); 363 } 364 365 static int ndisc_constructor(struct neighbour *neigh) 366 { 367 struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key; 368 struct net_device *dev = neigh->dev; 369 struct inet6_dev *in6_dev; 370 struct neigh_parms *parms; 371 int is_multicast = ipv6_addr_is_multicast(addr); 372 373 rcu_read_lock(); 374 in6_dev = in6_dev_get(dev); 375 if (in6_dev == NULL) { 376 rcu_read_unlock(); 377 return -EINVAL; 378 } 379 380 parms = in6_dev->nd_parms; 381 __neigh_parms_put(neigh->parms); 382 neigh->parms = neigh_parms_clone(parms); 383 rcu_read_unlock(); 384 385 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST; 386 if (!dev->header_ops) { 387 neigh->nud_state = NUD_NOARP; 388 neigh->ops = &ndisc_direct_ops; 389 neigh->output = neigh->ops->queue_xmit; 390 } else { 391 if (is_multicast) { 392 neigh->nud_state = NUD_NOARP; 393 ndisc_mc_map(addr, neigh->ha, dev, 1); 394 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) { 395 neigh->nud_state = NUD_NOARP; 396 memcpy(neigh->ha, dev->dev_addr, dev->addr_len); 397 if (dev->flags&IFF_LOOPBACK) 398 neigh->type = RTN_LOCAL; 399 } else if (dev->flags&IFF_POINTOPOINT) { 400 neigh->nud_state = NUD_NOARP; 401 memcpy(neigh->ha, dev->broadcast, dev->addr_len); 402 } 403 if (dev->header_ops->cache) 404 neigh->ops = &ndisc_hh_ops; 405 else 406 neigh->ops = &ndisc_generic_ops; 407 if (neigh->nud_state&NUD_VALID) 408 neigh->output = neigh->ops->connected_output; 409 else 410 neigh->output = neigh->ops->output; 411 } 412 in6_dev_put(in6_dev); 413 return 0; 414 } 415 416 static int pndisc_constructor(struct pneigh_entry *n) 417 { 418 struct in6_addr *addr = (struct in6_addr*)&n->key; 419 struct in6_addr maddr; 420 struct net_device *dev = n->dev; 421 422 if (dev == NULL || __in6_dev_get(dev) == NULL) 423 return -EINVAL; 424 addrconf_addr_solict_mult(addr, &maddr); 425 ipv6_dev_mc_inc(dev, &maddr); 426 return 0; 427 } 428 429 static void pndisc_destructor(struct pneigh_entry *n) 430 { 431 struct in6_addr *addr = (struct in6_addr*)&n->key; 432 struct in6_addr maddr; 433 struct net_device *dev = n->dev; 434 435 if (dev == NULL || __in6_dev_get(dev) == NULL) 436 return; 437 addrconf_addr_solict_mult(addr, &maddr); 438 ipv6_dev_mc_dec(dev, &maddr); 439 } 440 441 /* 442 * Send a Neighbour Advertisement 443 */ 444 445 static inline void ndisc_flow_init(struct flowi *fl, u8 type, 446 struct in6_addr *saddr, struct in6_addr *daddr, 447 int oif) 448 { 449 memset(fl, 0, sizeof(*fl)); 450 ipv6_addr_copy(&fl->fl6_src, saddr); 451 ipv6_addr_copy(&fl->fl6_dst, daddr); 452 fl->proto = IPPROTO_ICMPV6; 453 fl->fl_icmp_type = type; 454 fl->fl_icmp_code = 0; 455 fl->oif = oif; 456 security_sk_classify_flow(ndisc_socket->sk, fl); 457 } 458 459 static void __ndisc_send(struct net_device *dev, 460 struct neighbour *neigh, 461 struct in6_addr *daddr, struct in6_addr *saddr, 462 struct icmp6hdr *icmp6h, struct in6_addr *target, 463 int llinfo) 464 { 465 struct flowi fl; 466 struct dst_entry *dst; 467 struct sock *sk = ndisc_socket->sk; 468 struct sk_buff *skb; 469 struct icmp6hdr *hdr; 470 struct inet6_dev *idev; 471 int len; 472 int err; 473 u8 *opt, type; 474 475 type = icmp6h->icmp6_type; 476 477 ndisc_flow_init(&fl, type, saddr, daddr, 478 dev->ifindex); 479 480 dst = ndisc_dst_alloc(dev, neigh, daddr, ip6_output); 481 if (!dst) 482 return; 483 484 err = xfrm_lookup(&dst, &fl, NULL, 0); 485 if (err < 0) 486 return; 487 488 if (!dev->addr_len) 489 llinfo = 0; 490 491 len = sizeof(struct icmp6hdr) + (target ? sizeof(*target) : 0); 492 if (llinfo) 493 len += ndisc_opt_addr_space(dev); 494 495 skb = sock_alloc_send_skb(sk, 496 (MAX_HEADER + sizeof(struct ipv6hdr) + 497 len + LL_RESERVED_SPACE(dev)), 498 1, &err); 499 if (!skb) { 500 ND_PRINTK0(KERN_ERR 501 "ICMPv6 ND: %s() failed to allocate an skb.\n", 502 __FUNCTION__); 503 dst_release(dst); 504 return; 505 } 506 507 skb_reserve(skb, LL_RESERVED_SPACE(dev)); 508 ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len); 509 510 skb->transport_header = skb->tail; 511 skb_put(skb, len); 512 513 hdr = (struct icmp6hdr *)skb_transport_header(skb); 514 memcpy(hdr, icmp6h, sizeof(*hdr)); 515 516 opt = skb_transport_header(skb) + sizeof(struct icmp6hdr); 517 if (target) { 518 ipv6_addr_copy((struct in6_addr *)opt, target); 519 opt += sizeof(*target); 520 } 521 522 if (llinfo) 523 ndisc_fill_addr_option(opt, llinfo, dev->dev_addr, 524 dev->addr_len, dev->type); 525 526 hdr->icmp6_cksum = csum_ipv6_magic(saddr, daddr, len, 527 IPPROTO_ICMPV6, 528 csum_partial((__u8 *) hdr, 529 len, 0)); 530 531 skb->dst = dst; 532 533 idev = in6_dev_get(dst->dev); 534 IP6_INC_STATS(idev, IPSTATS_MIB_OUTREQUESTS); 535 536 err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, dst_output); 537 if (!err) { 538 ICMP6MSGOUT_INC_STATS(idev, type); 539 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS); 540 } 541 542 if (likely(idev != NULL)) 543 in6_dev_put(idev); 544 } 545 546 static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh, 547 struct in6_addr *daddr, struct in6_addr *solicited_addr, 548 int router, int solicited, int override, int inc_opt) 549 { 550 struct in6_addr tmpaddr; 551 struct inet6_ifaddr *ifp; 552 struct in6_addr *src_addr; 553 struct icmp6hdr icmp6h = { 554 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT, 555 }; 556 557 /* for anycast or proxy, solicited_addr != src_addr */ 558 ifp = ipv6_get_ifaddr(solicited_addr, dev, 1); 559 if (ifp) { 560 src_addr = solicited_addr; 561 if (ifp->flags & IFA_F_OPTIMISTIC) 562 override = 0; 563 in6_ifa_put(ifp); 564 } else { 565 if (ipv6_dev_get_saddr(dev, daddr, &tmpaddr)) 566 return; 567 src_addr = &tmpaddr; 568 } 569 570 icmp6h.icmp6_router = router; 571 icmp6h.icmp6_solicited = solicited; 572 icmp6h.icmp6_override = override; 573 574 __ndisc_send(dev, neigh, daddr, src_addr, 575 &icmp6h, solicited_addr, 576 inc_opt ? ND_OPT_TARGET_LL_ADDR : 0); 577 } 578 579 void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh, 580 struct in6_addr *solicit, 581 struct in6_addr *daddr, struct in6_addr *saddr) 582 { 583 struct in6_addr addr_buf; 584 struct icmp6hdr icmp6h = { 585 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION, 586 }; 587 588 if (saddr == NULL) { 589 if (ipv6_get_lladdr(dev, &addr_buf, 590 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))) 591 return; 592 saddr = &addr_buf; 593 } 594 595 __ndisc_send(dev, neigh, daddr, saddr, 596 &icmp6h, solicit, 597 !ipv6_addr_any(saddr) ? ND_OPT_SOURCE_LL_ADDR : 0); 598 } 599 600 void ndisc_send_rs(struct net_device *dev, struct in6_addr *saddr, 601 struct in6_addr *daddr) 602 { 603 struct icmp6hdr icmp6h = { 604 .icmp6_type = NDISC_ROUTER_SOLICITATION, 605 }; 606 int send_sllao = dev->addr_len; 607 608 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD 609 /* 610 * According to section 2.2 of RFC 4429, we must not 611 * send router solicitations with a sllao from 612 * optimistic addresses, but we may send the solicitation 613 * if we don't include the sllao. So here we check 614 * if our address is optimistic, and if so, we 615 * supress the inclusion of the sllao. 616 */ 617 if (send_sllao) { 618 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(saddr, dev, 1); 619 if (ifp) { 620 if (ifp->flags & IFA_F_OPTIMISTIC) { 621 send_sllao = 0; 622 } 623 in6_ifa_put(ifp); 624 } else { 625 send_sllao = 0; 626 } 627 } 628 #endif 629 __ndisc_send(dev, NULL, daddr, saddr, 630 &icmp6h, NULL, 631 send_sllao ? ND_OPT_SOURCE_LL_ADDR : 0); 632 } 633 634 635 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb) 636 { 637 /* 638 * "The sender MUST return an ICMP 639 * destination unreachable" 640 */ 641 dst_link_failure(skb); 642 kfree_skb(skb); 643 } 644 645 /* Called with locked neigh: either read or both */ 646 647 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb) 648 { 649 struct in6_addr *saddr = NULL; 650 struct in6_addr mcaddr; 651 struct net_device *dev = neigh->dev; 652 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key; 653 int probes = atomic_read(&neigh->probes); 654 655 if (skb && ipv6_chk_addr(&ipv6_hdr(skb)->saddr, dev, 1)) 656 saddr = &ipv6_hdr(skb)->saddr; 657 658 if ((probes -= neigh->parms->ucast_probes) < 0) { 659 if (!(neigh->nud_state & NUD_VALID)) { 660 ND_PRINTK1(KERN_DEBUG 661 "%s(): trying to ucast probe in NUD_INVALID: " 662 NIP6_FMT "\n", 663 __FUNCTION__, 664 NIP6(*target)); 665 } 666 ndisc_send_ns(dev, neigh, target, target, saddr); 667 } else if ((probes -= neigh->parms->app_probes) < 0) { 668 #ifdef CONFIG_ARPD 669 neigh_app_ns(neigh); 670 #endif 671 } else { 672 addrconf_addr_solict_mult(target, &mcaddr); 673 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr); 674 } 675 } 676 677 static void ndisc_recv_ns(struct sk_buff *skb) 678 { 679 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb); 680 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 681 struct in6_addr *daddr = &ipv6_hdr(skb)->daddr; 682 u8 *lladdr = NULL; 683 u32 ndoptlen = skb->tail - (skb->transport_header + 684 offsetof(struct nd_msg, opt)); 685 struct ndisc_options ndopts; 686 struct net_device *dev = skb->dev; 687 struct inet6_ifaddr *ifp; 688 struct inet6_dev *idev = NULL; 689 struct neighbour *neigh; 690 struct pneigh_entry *pneigh = NULL; 691 int dad = ipv6_addr_any(saddr); 692 int inc; 693 int is_router; 694 695 if (ipv6_addr_is_multicast(&msg->target)) { 696 ND_PRINTK2(KERN_WARNING 697 "ICMPv6 NS: multicast target address"); 698 return; 699 } 700 701 /* 702 * RFC2461 7.1.1: 703 * DAD has to be destined for solicited node multicast address. 704 */ 705 if (dad && 706 !(daddr->s6_addr32[0] == htonl(0xff020000) && 707 daddr->s6_addr32[1] == htonl(0x00000000) && 708 daddr->s6_addr32[2] == htonl(0x00000001) && 709 daddr->s6_addr [12] == 0xff )) { 710 ND_PRINTK2(KERN_WARNING 711 "ICMPv6 NS: bad DAD packet (wrong destination)\n"); 712 return; 713 } 714 715 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) { 716 ND_PRINTK2(KERN_WARNING 717 "ICMPv6 NS: invalid ND options\n"); 718 return; 719 } 720 721 if (ndopts.nd_opts_src_lladdr) { 722 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev); 723 if (!lladdr) { 724 ND_PRINTK2(KERN_WARNING 725 "ICMPv6 NS: invalid link-layer address length\n"); 726 return; 727 } 728 729 /* RFC2461 7.1.1: 730 * If the IP source address is the unspecified address, 731 * there MUST NOT be source link-layer address option 732 * in the message. 733 */ 734 if (dad) { 735 ND_PRINTK2(KERN_WARNING 736 "ICMPv6 NS: bad DAD packet (link-layer address option)\n"); 737 return; 738 } 739 } 740 741 inc = ipv6_addr_is_multicast(daddr); 742 743 if ((ifp = ipv6_get_ifaddr(&msg->target, dev, 1)) != NULL) { 744 745 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) { 746 if (dad) { 747 if (dev->type == ARPHRD_IEEE802_TR) { 748 const unsigned char *sadr; 749 sadr = skb_mac_header(skb); 750 if (((sadr[8] ^ dev->dev_addr[0]) & 0x7f) == 0 && 751 sadr[9] == dev->dev_addr[1] && 752 sadr[10] == dev->dev_addr[2] && 753 sadr[11] == dev->dev_addr[3] && 754 sadr[12] == dev->dev_addr[4] && 755 sadr[13] == dev->dev_addr[5]) { 756 /* looped-back to us */ 757 goto out; 758 } 759 } 760 761 /* 762 * We are colliding with another node 763 * who is doing DAD 764 * so fail our DAD process 765 */ 766 addrconf_dad_failure(ifp); 767 return; 768 } else { 769 /* 770 * This is not a dad solicitation. 771 * If we are an optimistic node, 772 * we should respond. 773 * Otherwise, we should ignore it. 774 */ 775 if (!(ifp->flags & IFA_F_OPTIMISTIC)) 776 goto out; 777 } 778 } 779 780 idev = ifp->idev; 781 } else { 782 idev = in6_dev_get(dev); 783 if (!idev) { 784 /* XXX: count this drop? */ 785 return; 786 } 787 788 if (ipv6_chk_acast_addr(dev, &msg->target) || 789 (idev->cnf.forwarding && 790 (ipv6_devconf.proxy_ndp || idev->cnf.proxy_ndp) && 791 (pneigh = pneigh_lookup(&nd_tbl, 792 &msg->target, dev, 0)) != NULL)) { 793 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) && 794 skb->pkt_type != PACKET_HOST && 795 inc != 0 && 796 idev->nd_parms->proxy_delay != 0) { 797 /* 798 * for anycast or proxy, 799 * sender should delay its response 800 * by a random time between 0 and 801 * MAX_ANYCAST_DELAY_TIME seconds. 802 * (RFC2461) -- yoshfuji 803 */ 804 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC); 805 if (n) 806 pneigh_enqueue(&nd_tbl, idev->nd_parms, n); 807 goto out; 808 } 809 } else 810 goto out; 811 } 812 813 is_router = !!(pneigh ? pneigh->flags & NTF_ROUTER : idev->cnf.forwarding); 814 815 if (dad) { 816 struct in6_addr maddr; 817 818 ipv6_addr_all_nodes(&maddr); 819 ndisc_send_na(dev, NULL, &maddr, &msg->target, 820 is_router, 0, (ifp != NULL), 1); 821 goto out; 822 } 823 824 if (inc) 825 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast); 826 else 827 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast); 828 829 /* 830 * update / create cache entry 831 * for the source address 832 */ 833 neigh = __neigh_lookup(&nd_tbl, saddr, dev, 834 !inc || lladdr || !dev->addr_len); 835 if (neigh) 836 neigh_update(neigh, lladdr, NUD_STALE, 837 NEIGH_UPDATE_F_WEAK_OVERRIDE| 838 NEIGH_UPDATE_F_OVERRIDE); 839 if (neigh || !dev->header_ops) { 840 ndisc_send_na(dev, neigh, saddr, &msg->target, 841 is_router, 842 1, (ifp != NULL && inc), inc); 843 if (neigh) 844 neigh_release(neigh); 845 } 846 847 out: 848 if (ifp) 849 in6_ifa_put(ifp); 850 else 851 in6_dev_put(idev); 852 853 return; 854 } 855 856 static void ndisc_recv_na(struct sk_buff *skb) 857 { 858 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb); 859 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 860 struct in6_addr *daddr = &ipv6_hdr(skb)->daddr; 861 u8 *lladdr = NULL; 862 u32 ndoptlen = skb->tail - (skb->transport_header + 863 offsetof(struct nd_msg, opt)); 864 struct ndisc_options ndopts; 865 struct net_device *dev = skb->dev; 866 struct inet6_ifaddr *ifp; 867 struct neighbour *neigh; 868 869 if (skb->len < sizeof(struct nd_msg)) { 870 ND_PRINTK2(KERN_WARNING 871 "ICMPv6 NA: packet too short\n"); 872 return; 873 } 874 875 if (ipv6_addr_is_multicast(&msg->target)) { 876 ND_PRINTK2(KERN_WARNING 877 "ICMPv6 NA: target address is multicast.\n"); 878 return; 879 } 880 881 if (ipv6_addr_is_multicast(daddr) && 882 msg->icmph.icmp6_solicited) { 883 ND_PRINTK2(KERN_WARNING 884 "ICMPv6 NA: solicited NA is multicasted.\n"); 885 return; 886 } 887 888 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) { 889 ND_PRINTK2(KERN_WARNING 890 "ICMPv6 NS: invalid ND option\n"); 891 return; 892 } 893 if (ndopts.nd_opts_tgt_lladdr) { 894 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev); 895 if (!lladdr) { 896 ND_PRINTK2(KERN_WARNING 897 "ICMPv6 NA: invalid link-layer address length\n"); 898 return; 899 } 900 } 901 if ((ifp = ipv6_get_ifaddr(&msg->target, dev, 1))) { 902 if (ifp->flags & IFA_F_TENTATIVE) { 903 addrconf_dad_failure(ifp); 904 return; 905 } 906 /* What should we make now? The advertisement 907 is invalid, but ndisc specs say nothing 908 about it. It could be misconfiguration, or 909 an smart proxy agent tries to help us :-) 910 */ 911 ND_PRINTK1(KERN_WARNING 912 "ICMPv6 NA: someone advertises our address on %s!\n", 913 ifp->idev->dev->name); 914 in6_ifa_put(ifp); 915 return; 916 } 917 neigh = neigh_lookup(&nd_tbl, &msg->target, dev); 918 919 if (neigh) { 920 u8 old_flags = neigh->flags; 921 922 if (neigh->nud_state & NUD_FAILED) 923 goto out; 924 925 /* 926 * Don't update the neighbor cache entry on a proxy NA from 927 * ourselves because either the proxied node is off link or it 928 * has already sent a NA to us. 929 */ 930 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) && 931 ipv6_devconf.forwarding && ipv6_devconf.proxy_ndp && 932 pneigh_lookup(&nd_tbl, &msg->target, dev, 0)) { 933 /* XXX: idev->cnf.prixy_ndp */ 934 goto out; 935 } 936 937 neigh_update(neigh, lladdr, 938 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE, 939 NEIGH_UPDATE_F_WEAK_OVERRIDE| 940 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)| 941 NEIGH_UPDATE_F_OVERRIDE_ISROUTER| 942 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0)); 943 944 if ((old_flags & ~neigh->flags) & NTF_ROUTER) { 945 /* 946 * Change: router to host 947 */ 948 struct rt6_info *rt; 949 rt = rt6_get_dflt_router(saddr, dev); 950 if (rt) 951 ip6_del_rt(rt); 952 } 953 954 out: 955 neigh_release(neigh); 956 } 957 } 958 959 static void ndisc_recv_rs(struct sk_buff *skb) 960 { 961 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb); 962 unsigned long ndoptlen = skb->len - sizeof(*rs_msg); 963 struct neighbour *neigh; 964 struct inet6_dev *idev; 965 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 966 struct ndisc_options ndopts; 967 u8 *lladdr = NULL; 968 969 if (skb->len < sizeof(*rs_msg)) 970 return; 971 972 idev = in6_dev_get(skb->dev); 973 if (!idev) { 974 if (net_ratelimit()) 975 ND_PRINTK1("ICMP6 RS: can't find in6 device\n"); 976 return; 977 } 978 979 /* Don't accept RS if we're not in router mode */ 980 if (!idev->cnf.forwarding) 981 goto out; 982 983 /* 984 * Don't update NCE if src = ::; 985 * this implies that the source node has no ip address assigned yet. 986 */ 987 if (ipv6_addr_any(saddr)) 988 goto out; 989 990 /* Parse ND options */ 991 if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) { 992 if (net_ratelimit()) 993 ND_PRINTK2("ICMP6 NS: invalid ND option, ignored\n"); 994 goto out; 995 } 996 997 if (ndopts.nd_opts_src_lladdr) { 998 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, 999 skb->dev); 1000 if (!lladdr) 1001 goto out; 1002 } 1003 1004 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1); 1005 if (neigh) { 1006 neigh_update(neigh, lladdr, NUD_STALE, 1007 NEIGH_UPDATE_F_WEAK_OVERRIDE| 1008 NEIGH_UPDATE_F_OVERRIDE| 1009 NEIGH_UPDATE_F_OVERRIDE_ISROUTER); 1010 neigh_release(neigh); 1011 } 1012 out: 1013 in6_dev_put(idev); 1014 } 1015 1016 static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt) 1017 { 1018 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra); 1019 struct sk_buff *skb; 1020 struct nlmsghdr *nlh; 1021 struct nduseroptmsg *ndmsg; 1022 int err; 1023 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg) 1024 + (opt->nd_opt_len << 3)); 1025 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr)); 1026 1027 skb = nlmsg_new(msg_size, GFP_ATOMIC); 1028 if (skb == NULL) { 1029 err = -ENOBUFS; 1030 goto errout; 1031 } 1032 1033 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0); 1034 if (nlh == NULL) { 1035 goto nla_put_failure; 1036 } 1037 1038 ndmsg = nlmsg_data(nlh); 1039 ndmsg->nduseropt_family = AF_INET6; 1040 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type; 1041 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code; 1042 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3; 1043 1044 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3); 1045 1046 NLA_PUT(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr), 1047 &ipv6_hdr(ra)->saddr); 1048 nlmsg_end(skb, nlh); 1049 1050 err = rtnl_notify(skb, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC); 1051 if (err < 0) 1052 goto errout; 1053 1054 return; 1055 1056 nla_put_failure: 1057 nlmsg_free(skb); 1058 err = -EMSGSIZE; 1059 errout: 1060 rtnl_set_sk_err(RTNLGRP_ND_USEROPT, err); 1061 } 1062 1063 static void ndisc_router_discovery(struct sk_buff *skb) 1064 { 1065 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb); 1066 struct neighbour *neigh = NULL; 1067 struct inet6_dev *in6_dev; 1068 struct rt6_info *rt = NULL; 1069 int lifetime; 1070 struct ndisc_options ndopts; 1071 int optlen; 1072 unsigned int pref = 0; 1073 1074 __u8 * opt = (__u8 *)(ra_msg + 1); 1075 1076 optlen = (skb->tail - skb->transport_header) - sizeof(struct ra_msg); 1077 1078 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) { 1079 ND_PRINTK2(KERN_WARNING 1080 "ICMPv6 RA: source address is not link-local.\n"); 1081 return; 1082 } 1083 if (optlen < 0) { 1084 ND_PRINTK2(KERN_WARNING 1085 "ICMPv6 RA: packet too short\n"); 1086 return; 1087 } 1088 1089 /* 1090 * set the RA_RECV flag in the interface 1091 */ 1092 1093 in6_dev = in6_dev_get(skb->dev); 1094 if (in6_dev == NULL) { 1095 ND_PRINTK0(KERN_ERR 1096 "ICMPv6 RA: can't find inet6 device for %s.\n", 1097 skb->dev->name); 1098 return; 1099 } 1100 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_ra) { 1101 in6_dev_put(in6_dev); 1102 return; 1103 } 1104 1105 if (!ndisc_parse_options(opt, optlen, &ndopts)) { 1106 in6_dev_put(in6_dev); 1107 ND_PRINTK2(KERN_WARNING 1108 "ICMP6 RA: invalid ND options\n"); 1109 return; 1110 } 1111 1112 if (in6_dev->if_flags & IF_RS_SENT) { 1113 /* 1114 * flag that an RA was received after an RS was sent 1115 * out on this interface. 1116 */ 1117 in6_dev->if_flags |= IF_RA_RCVD; 1118 } 1119 1120 /* 1121 * Remember the managed/otherconf flags from most recently 1122 * received RA message (RFC 2462) -- yoshfuji 1123 */ 1124 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED | 1125 IF_RA_OTHERCONF)) | 1126 (ra_msg->icmph.icmp6_addrconf_managed ? 1127 IF_RA_MANAGED : 0) | 1128 (ra_msg->icmph.icmp6_addrconf_other ? 1129 IF_RA_OTHERCONF : 0); 1130 1131 if (!in6_dev->cnf.accept_ra_defrtr) 1132 goto skip_defrtr; 1133 1134 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime); 1135 1136 #ifdef CONFIG_IPV6_ROUTER_PREF 1137 pref = ra_msg->icmph.icmp6_router_pref; 1138 /* 10b is handled as if it were 00b (medium) */ 1139 if (pref == ICMPV6_ROUTER_PREF_INVALID || 1140 !in6_dev->cnf.accept_ra_rtr_pref) 1141 pref = ICMPV6_ROUTER_PREF_MEDIUM; 1142 #endif 1143 1144 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev); 1145 1146 if (rt) 1147 neigh = rt->rt6i_nexthop; 1148 1149 if (rt && lifetime == 0) { 1150 neigh_clone(neigh); 1151 ip6_del_rt(rt); 1152 rt = NULL; 1153 } 1154 1155 if (rt == NULL && lifetime) { 1156 ND_PRINTK3(KERN_DEBUG 1157 "ICMPv6 RA: adding default router.\n"); 1158 1159 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref); 1160 if (rt == NULL) { 1161 ND_PRINTK0(KERN_ERR 1162 "ICMPv6 RA: %s() failed to add default route.\n", 1163 __FUNCTION__); 1164 in6_dev_put(in6_dev); 1165 return; 1166 } 1167 1168 neigh = rt->rt6i_nexthop; 1169 if (neigh == NULL) { 1170 ND_PRINTK0(KERN_ERR 1171 "ICMPv6 RA: %s() got default router without neighbour.\n", 1172 __FUNCTION__); 1173 dst_release(&rt->u.dst); 1174 in6_dev_put(in6_dev); 1175 return; 1176 } 1177 neigh->flags |= NTF_ROUTER; 1178 } else if (rt) { 1179 rt->rt6i_flags |= (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref); 1180 } 1181 1182 if (rt) 1183 rt->rt6i_expires = jiffies + (HZ * lifetime); 1184 1185 if (ra_msg->icmph.icmp6_hop_limit) { 1186 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit; 1187 if (rt) 1188 rt->u.dst.metrics[RTAX_HOPLIMIT-1] = ra_msg->icmph.icmp6_hop_limit; 1189 } 1190 1191 skip_defrtr: 1192 1193 /* 1194 * Update Reachable Time and Retrans Timer 1195 */ 1196 1197 if (in6_dev->nd_parms) { 1198 unsigned long rtime = ntohl(ra_msg->retrans_timer); 1199 1200 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) { 1201 rtime = (rtime*HZ)/1000; 1202 if (rtime < HZ/10) 1203 rtime = HZ/10; 1204 in6_dev->nd_parms->retrans_time = rtime; 1205 in6_dev->tstamp = jiffies; 1206 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev); 1207 } 1208 1209 rtime = ntohl(ra_msg->reachable_time); 1210 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) { 1211 rtime = (rtime*HZ)/1000; 1212 1213 if (rtime < HZ/10) 1214 rtime = HZ/10; 1215 1216 if (rtime != in6_dev->nd_parms->base_reachable_time) { 1217 in6_dev->nd_parms->base_reachable_time = rtime; 1218 in6_dev->nd_parms->gc_staletime = 3 * rtime; 1219 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime); 1220 in6_dev->tstamp = jiffies; 1221 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev); 1222 } 1223 } 1224 } 1225 1226 /* 1227 * Process options. 1228 */ 1229 1230 if (!neigh) 1231 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr, 1232 skb->dev, 1); 1233 if (neigh) { 1234 u8 *lladdr = NULL; 1235 if (ndopts.nd_opts_src_lladdr) { 1236 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, 1237 skb->dev); 1238 if (!lladdr) { 1239 ND_PRINTK2(KERN_WARNING 1240 "ICMPv6 RA: invalid link-layer address length\n"); 1241 goto out; 1242 } 1243 } 1244 neigh_update(neigh, lladdr, NUD_STALE, 1245 NEIGH_UPDATE_F_WEAK_OVERRIDE| 1246 NEIGH_UPDATE_F_OVERRIDE| 1247 NEIGH_UPDATE_F_OVERRIDE_ISROUTER| 1248 NEIGH_UPDATE_F_ISROUTER); 1249 } 1250 1251 #ifdef CONFIG_IPV6_ROUTE_INFO 1252 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) { 1253 struct nd_opt_hdr *p; 1254 for (p = ndopts.nd_opts_ri; 1255 p; 1256 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) { 1257 if (((struct route_info *)p)->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen) 1258 continue; 1259 rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3, 1260 &ipv6_hdr(skb)->saddr); 1261 } 1262 } 1263 #endif 1264 1265 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) { 1266 struct nd_opt_hdr *p; 1267 for (p = ndopts.nd_opts_pi; 1268 p; 1269 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) { 1270 addrconf_prefix_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3); 1271 } 1272 } 1273 1274 if (ndopts.nd_opts_mtu) { 1275 __be32 n; 1276 u32 mtu; 1277 1278 memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu)); 1279 mtu = ntohl(n); 1280 1281 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) { 1282 ND_PRINTK2(KERN_WARNING 1283 "ICMPv6 RA: invalid mtu: %d\n", 1284 mtu); 1285 } else if (in6_dev->cnf.mtu6 != mtu) { 1286 in6_dev->cnf.mtu6 = mtu; 1287 1288 if (rt) 1289 rt->u.dst.metrics[RTAX_MTU-1] = mtu; 1290 1291 rt6_mtu_change(skb->dev, mtu); 1292 } 1293 } 1294 1295 if (ndopts.nd_useropts) { 1296 struct nd_opt_hdr *opt; 1297 for (opt = ndopts.nd_useropts; 1298 opt; 1299 opt = ndisc_next_useropt(opt, ndopts.nd_useropts_end)) { 1300 ndisc_ra_useropt(skb, opt); 1301 } 1302 } 1303 1304 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) { 1305 ND_PRINTK2(KERN_WARNING 1306 "ICMPv6 RA: invalid RA options"); 1307 } 1308 out: 1309 if (rt) 1310 dst_release(&rt->u.dst); 1311 else if (neigh) 1312 neigh_release(neigh); 1313 in6_dev_put(in6_dev); 1314 } 1315 1316 static void ndisc_redirect_rcv(struct sk_buff *skb) 1317 { 1318 struct inet6_dev *in6_dev; 1319 struct icmp6hdr *icmph; 1320 struct in6_addr *dest; 1321 struct in6_addr *target; /* new first hop to destination */ 1322 struct neighbour *neigh; 1323 int on_link = 0; 1324 struct ndisc_options ndopts; 1325 int optlen; 1326 u8 *lladdr = NULL; 1327 1328 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) { 1329 ND_PRINTK2(KERN_WARNING 1330 "ICMPv6 Redirect: source address is not link-local.\n"); 1331 return; 1332 } 1333 1334 optlen = skb->tail - skb->transport_header; 1335 optlen -= sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr); 1336 1337 if (optlen < 0) { 1338 ND_PRINTK2(KERN_WARNING 1339 "ICMPv6 Redirect: packet too short\n"); 1340 return; 1341 } 1342 1343 icmph = icmp6_hdr(skb); 1344 target = (struct in6_addr *) (icmph + 1); 1345 dest = target + 1; 1346 1347 if (ipv6_addr_is_multicast(dest)) { 1348 ND_PRINTK2(KERN_WARNING 1349 "ICMPv6 Redirect: destination address is multicast.\n"); 1350 return; 1351 } 1352 1353 if (ipv6_addr_equal(dest, target)) { 1354 on_link = 1; 1355 } else if (ipv6_addr_type(target) != 1356 (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) { 1357 ND_PRINTK2(KERN_WARNING 1358 "ICMPv6 Redirect: target address is not link-local unicast.\n"); 1359 return; 1360 } 1361 1362 in6_dev = in6_dev_get(skb->dev); 1363 if (!in6_dev) 1364 return; 1365 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects) { 1366 in6_dev_put(in6_dev); 1367 return; 1368 } 1369 1370 /* RFC2461 8.1: 1371 * The IP source address of the Redirect MUST be the same as the current 1372 * first-hop router for the specified ICMP Destination Address. 1373 */ 1374 1375 if (!ndisc_parse_options((u8*)(dest + 1), optlen, &ndopts)) { 1376 ND_PRINTK2(KERN_WARNING 1377 "ICMPv6 Redirect: invalid ND options\n"); 1378 in6_dev_put(in6_dev); 1379 return; 1380 } 1381 if (ndopts.nd_opts_tgt_lladdr) { 1382 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, 1383 skb->dev); 1384 if (!lladdr) { 1385 ND_PRINTK2(KERN_WARNING 1386 "ICMPv6 Redirect: invalid link-layer address length\n"); 1387 in6_dev_put(in6_dev); 1388 return; 1389 } 1390 } 1391 1392 neigh = __neigh_lookup(&nd_tbl, target, skb->dev, 1); 1393 if (neigh) { 1394 rt6_redirect(dest, &ipv6_hdr(skb)->daddr, 1395 &ipv6_hdr(skb)->saddr, neigh, lladdr, 1396 on_link); 1397 neigh_release(neigh); 1398 } 1399 in6_dev_put(in6_dev); 1400 } 1401 1402 void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh, 1403 struct in6_addr *target) 1404 { 1405 struct sock *sk = ndisc_socket->sk; 1406 int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr); 1407 struct sk_buff *buff; 1408 struct icmp6hdr *icmph; 1409 struct in6_addr saddr_buf; 1410 struct in6_addr *addrp; 1411 struct net_device *dev; 1412 struct rt6_info *rt; 1413 struct dst_entry *dst; 1414 struct inet6_dev *idev; 1415 struct flowi fl; 1416 u8 *opt; 1417 int rd_len; 1418 int err; 1419 int hlen; 1420 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL; 1421 1422 dev = skb->dev; 1423 1424 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) { 1425 ND_PRINTK2(KERN_WARNING 1426 "ICMPv6 Redirect: no link-local address on %s\n", 1427 dev->name); 1428 return; 1429 } 1430 1431 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) && 1432 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) { 1433 ND_PRINTK2(KERN_WARNING 1434 "ICMPv6 Redirect: target address is not link-local unicast.\n"); 1435 return; 1436 } 1437 1438 ndisc_flow_init(&fl, NDISC_REDIRECT, &saddr_buf, &ipv6_hdr(skb)->saddr, 1439 dev->ifindex); 1440 1441 dst = ip6_route_output(NULL, &fl); 1442 if (dst == NULL) 1443 return; 1444 1445 err = xfrm_lookup(&dst, &fl, NULL, 0); 1446 if (err) 1447 return; 1448 1449 rt = (struct rt6_info *) dst; 1450 1451 if (rt->rt6i_flags & RTF_GATEWAY) { 1452 ND_PRINTK2(KERN_WARNING 1453 "ICMPv6 Redirect: destination is not a neighbour.\n"); 1454 dst_release(dst); 1455 return; 1456 } 1457 if (!xrlim_allow(dst, 1*HZ)) { 1458 dst_release(dst); 1459 return; 1460 } 1461 1462 if (dev->addr_len) { 1463 read_lock_bh(&neigh->lock); 1464 if (neigh->nud_state & NUD_VALID) { 1465 memcpy(ha_buf, neigh->ha, dev->addr_len); 1466 read_unlock_bh(&neigh->lock); 1467 ha = ha_buf; 1468 len += ndisc_opt_addr_space(dev); 1469 } else 1470 read_unlock_bh(&neigh->lock); 1471 } 1472 1473 rd_len = min_t(unsigned int, 1474 IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8); 1475 rd_len &= ~0x7; 1476 len += rd_len; 1477 1478 buff = sock_alloc_send_skb(sk, 1479 (MAX_HEADER + sizeof(struct ipv6hdr) + 1480 len + LL_RESERVED_SPACE(dev)), 1481 1, &err); 1482 if (buff == NULL) { 1483 ND_PRINTK0(KERN_ERR 1484 "ICMPv6 Redirect: %s() failed to allocate an skb.\n", 1485 __FUNCTION__); 1486 dst_release(dst); 1487 return; 1488 } 1489 1490 hlen = 0; 1491 1492 skb_reserve(buff, LL_RESERVED_SPACE(dev)); 1493 ip6_nd_hdr(sk, buff, dev, &saddr_buf, &ipv6_hdr(skb)->saddr, 1494 IPPROTO_ICMPV6, len); 1495 1496 skb_set_transport_header(buff, skb_tail_pointer(buff) - buff->data); 1497 skb_put(buff, len); 1498 icmph = icmp6_hdr(buff); 1499 1500 memset(icmph, 0, sizeof(struct icmp6hdr)); 1501 icmph->icmp6_type = NDISC_REDIRECT; 1502 1503 /* 1504 * copy target and destination addresses 1505 */ 1506 1507 addrp = (struct in6_addr *)(icmph + 1); 1508 ipv6_addr_copy(addrp, target); 1509 addrp++; 1510 ipv6_addr_copy(addrp, &ipv6_hdr(skb)->daddr); 1511 1512 opt = (u8*) (addrp + 1); 1513 1514 /* 1515 * include target_address option 1516 */ 1517 1518 if (ha) 1519 opt = ndisc_fill_addr_option(opt, ND_OPT_TARGET_LL_ADDR, ha, 1520 dev->addr_len, dev->type); 1521 1522 /* 1523 * build redirect option and copy skb over to the new packet. 1524 */ 1525 1526 memset(opt, 0, 8); 1527 *(opt++) = ND_OPT_REDIRECT_HDR; 1528 *(opt++) = (rd_len >> 3); 1529 opt += 6; 1530 1531 memcpy(opt, ipv6_hdr(skb), rd_len - 8); 1532 1533 icmph->icmp6_cksum = csum_ipv6_magic(&saddr_buf, &ipv6_hdr(skb)->saddr, 1534 len, IPPROTO_ICMPV6, 1535 csum_partial((u8 *) icmph, len, 0)); 1536 1537 buff->dst = dst; 1538 idev = in6_dev_get(dst->dev); 1539 IP6_INC_STATS(idev, IPSTATS_MIB_OUTREQUESTS); 1540 err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, buff, NULL, dst->dev, dst_output); 1541 if (!err) { 1542 ICMP6MSGOUT_INC_STATS(idev, NDISC_REDIRECT); 1543 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS); 1544 } 1545 1546 if (likely(idev != NULL)) 1547 in6_dev_put(idev); 1548 } 1549 1550 static void pndisc_redo(struct sk_buff *skb) 1551 { 1552 ndisc_recv_ns(skb); 1553 kfree_skb(skb); 1554 } 1555 1556 int ndisc_rcv(struct sk_buff *skb) 1557 { 1558 struct nd_msg *msg; 1559 1560 if (!pskb_may_pull(skb, skb->len)) 1561 return 0; 1562 1563 msg = (struct nd_msg *)skb_transport_header(skb); 1564 1565 __skb_push(skb, skb->data - skb_transport_header(skb)); 1566 1567 if (ipv6_hdr(skb)->hop_limit != 255) { 1568 ND_PRINTK2(KERN_WARNING 1569 "ICMPv6 NDISC: invalid hop-limit: %d\n", 1570 ipv6_hdr(skb)->hop_limit); 1571 return 0; 1572 } 1573 1574 if (msg->icmph.icmp6_code != 0) { 1575 ND_PRINTK2(KERN_WARNING 1576 "ICMPv6 NDISC: invalid ICMPv6 code: %d\n", 1577 msg->icmph.icmp6_code); 1578 return 0; 1579 } 1580 1581 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb)); 1582 1583 switch (msg->icmph.icmp6_type) { 1584 case NDISC_NEIGHBOUR_SOLICITATION: 1585 ndisc_recv_ns(skb); 1586 break; 1587 1588 case NDISC_NEIGHBOUR_ADVERTISEMENT: 1589 ndisc_recv_na(skb); 1590 break; 1591 1592 case NDISC_ROUTER_SOLICITATION: 1593 ndisc_recv_rs(skb); 1594 break; 1595 1596 case NDISC_ROUTER_ADVERTISEMENT: 1597 ndisc_router_discovery(skb); 1598 break; 1599 1600 case NDISC_REDIRECT: 1601 ndisc_redirect_rcv(skb); 1602 break; 1603 } 1604 1605 return 0; 1606 } 1607 1608 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr) 1609 { 1610 struct net_device *dev = ptr; 1611 1612 if (dev->nd_net != &init_net) 1613 return NOTIFY_DONE; 1614 1615 switch (event) { 1616 case NETDEV_CHANGEADDR: 1617 neigh_changeaddr(&nd_tbl, dev); 1618 fib6_run_gc(~0UL); 1619 break; 1620 case NETDEV_DOWN: 1621 neigh_ifdown(&nd_tbl, dev); 1622 fib6_run_gc(~0UL); 1623 break; 1624 default: 1625 break; 1626 } 1627 1628 return NOTIFY_DONE; 1629 } 1630 1631 static struct notifier_block ndisc_netdev_notifier = { 1632 .notifier_call = ndisc_netdev_event, 1633 }; 1634 1635 #ifdef CONFIG_SYSCTL 1636 static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl, 1637 const char *func, const char *dev_name) 1638 { 1639 static char warncomm[TASK_COMM_LEN]; 1640 static int warned; 1641 if (strcmp(warncomm, current->comm) && warned < 5) { 1642 strcpy(warncomm, current->comm); 1643 printk(KERN_WARNING 1644 "process `%s' is using deprecated sysctl (%s) " 1645 "net.ipv6.neigh.%s.%s; " 1646 "Use net.ipv6.neigh.%s.%s_ms " 1647 "instead.\n", 1648 warncomm, func, 1649 dev_name, ctl->procname, 1650 dev_name, ctl->procname); 1651 warned++; 1652 } 1653 } 1654 1655 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, struct file * filp, void __user *buffer, size_t *lenp, loff_t *ppos) 1656 { 1657 struct net_device *dev = ctl->extra1; 1658 struct inet6_dev *idev; 1659 int ret; 1660 1661 if ((strcmp(ctl->procname, "retrans_time") == 0) || 1662 (strcmp(ctl->procname, "base_reachable_time") == 0)) 1663 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default"); 1664 1665 if (strcmp(ctl->procname, "retrans_time") == 0) 1666 ret = proc_dointvec(ctl, write, filp, buffer, lenp, ppos); 1667 1668 else if (strcmp(ctl->procname, "base_reachable_time") == 0) 1669 ret = proc_dointvec_jiffies(ctl, write, 1670 filp, buffer, lenp, ppos); 1671 1672 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) || 1673 (strcmp(ctl->procname, "base_reacable_time_ms") == 0)) 1674 ret = proc_dointvec_ms_jiffies(ctl, write, 1675 filp, buffer, lenp, ppos); 1676 else 1677 ret = -1; 1678 1679 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) { 1680 if (ctl->data == &idev->nd_parms->base_reachable_time) 1681 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time); 1682 idev->tstamp = jiffies; 1683 inet6_ifinfo_notify(RTM_NEWLINK, idev); 1684 in6_dev_put(idev); 1685 } 1686 return ret; 1687 } 1688 1689 static int ndisc_ifinfo_sysctl_strategy(ctl_table *ctl, int __user *name, 1690 int nlen, void __user *oldval, 1691 size_t __user *oldlenp, 1692 void __user *newval, size_t newlen) 1693 { 1694 struct net_device *dev = ctl->extra1; 1695 struct inet6_dev *idev; 1696 int ret; 1697 1698 if (ctl->ctl_name == NET_NEIGH_RETRANS_TIME || 1699 ctl->ctl_name == NET_NEIGH_REACHABLE_TIME) 1700 ndisc_warn_deprecated_sysctl(ctl, "procfs", dev ? dev->name : "default"); 1701 1702 switch (ctl->ctl_name) { 1703 case NET_NEIGH_REACHABLE_TIME: 1704 ret = sysctl_jiffies(ctl, name, nlen, 1705 oldval, oldlenp, newval, newlen); 1706 break; 1707 case NET_NEIGH_RETRANS_TIME_MS: 1708 case NET_NEIGH_REACHABLE_TIME_MS: 1709 ret = sysctl_ms_jiffies(ctl, name, nlen, 1710 oldval, oldlenp, newval, newlen); 1711 break; 1712 default: 1713 ret = 0; 1714 } 1715 1716 if (newval && newlen && ret > 0 && 1717 dev && (idev = in6_dev_get(dev)) != NULL) { 1718 if (ctl->ctl_name == NET_NEIGH_REACHABLE_TIME || 1719 ctl->ctl_name == NET_NEIGH_REACHABLE_TIME_MS) 1720 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time); 1721 idev->tstamp = jiffies; 1722 inet6_ifinfo_notify(RTM_NEWLINK, idev); 1723 in6_dev_put(idev); 1724 } 1725 1726 return ret; 1727 } 1728 1729 #endif 1730 1731 int __init ndisc_init(struct net_proto_family *ops) 1732 { 1733 struct ipv6_pinfo *np; 1734 struct sock *sk; 1735 int err; 1736 1737 err = sock_create_kern(PF_INET6, SOCK_RAW, IPPROTO_ICMPV6, &ndisc_socket); 1738 if (err < 0) { 1739 ND_PRINTK0(KERN_ERR 1740 "ICMPv6 NDISC: Failed to initialize the control socket (err %d).\n", 1741 err); 1742 ndisc_socket = NULL; /* For safety. */ 1743 return err; 1744 } 1745 1746 sk = ndisc_socket->sk; 1747 np = inet6_sk(sk); 1748 sk->sk_allocation = GFP_ATOMIC; 1749 np->hop_limit = 255; 1750 /* Do not loopback ndisc messages */ 1751 np->mc_loop = 0; 1752 sk->sk_prot->unhash(sk); 1753 1754 /* 1755 * Initialize the neighbour table 1756 */ 1757 1758 neigh_table_init(&nd_tbl); 1759 1760 #ifdef CONFIG_SYSCTL 1761 neigh_sysctl_register(NULL, &nd_tbl.parms, NET_IPV6, NET_IPV6_NEIGH, 1762 "ipv6", 1763 &ndisc_ifinfo_sysctl_change, 1764 &ndisc_ifinfo_sysctl_strategy); 1765 #endif 1766 1767 register_netdevice_notifier(&ndisc_netdev_notifier); 1768 return 0; 1769 } 1770 1771 void ndisc_cleanup(void) 1772 { 1773 unregister_netdevice_notifier(&ndisc_netdev_notifier); 1774 #ifdef CONFIG_SYSCTL 1775 neigh_sysctl_unregister(&nd_tbl.parms); 1776 #endif 1777 neigh_table_clear(&nd_tbl); 1778 sock_release(ndisc_socket); 1779 ndisc_socket = NULL; /* For safety. */ 1780 } 1781