1 /* 2 * Neighbour Discovery for IPv6 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * Mike Shaver <shaver@ingenia.com> 8 * 9 * This program is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU General Public License 11 * as published by the Free Software Foundation; either version 12 * 2 of the License, or (at your option) any later version. 13 */ 14 15 /* 16 * Changes: 17 * 18 * Lars Fenneberg : fixed MTU setting on receipt 19 * of an RA. 20 * 21 * Janos Farkas : kmalloc failure checks 22 * Alexey Kuznetsov : state machine reworked 23 * and moved to net/core. 24 * Pekka Savola : RFC2461 validation 25 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly 26 */ 27 28 /* Set to 3 to get tracing... */ 29 #define ND_DEBUG 1 30 31 #define ND_PRINTK(fmt, args...) do { if (net_ratelimit()) { printk(fmt, ## args); } } while(0) 32 #define ND_NOPRINTK(x...) do { ; } while(0) 33 #define ND_PRINTK0 ND_PRINTK 34 #define ND_PRINTK1 ND_NOPRINTK 35 #define ND_PRINTK2 ND_NOPRINTK 36 #define ND_PRINTK3 ND_NOPRINTK 37 #if ND_DEBUG >= 1 38 #undef ND_PRINTK1 39 #define ND_PRINTK1 ND_PRINTK 40 #endif 41 #if ND_DEBUG >= 2 42 #undef ND_PRINTK2 43 #define ND_PRINTK2 ND_PRINTK 44 #endif 45 #if ND_DEBUG >= 3 46 #undef ND_PRINTK3 47 #define ND_PRINTK3 ND_PRINTK 48 #endif 49 50 #include <linux/module.h> 51 #include <linux/errno.h> 52 #include <linux/types.h> 53 #include <linux/socket.h> 54 #include <linux/sockios.h> 55 #include <linux/sched.h> 56 #include <linux/net.h> 57 #include <linux/in6.h> 58 #include <linux/route.h> 59 #include <linux/init.h> 60 #include <linux/rcupdate.h> 61 #ifdef CONFIG_SYSCTL 62 #include <linux/sysctl.h> 63 #endif 64 65 #include <linux/if_addr.h> 66 #include <linux/if_arp.h> 67 #include <linux/ipv6.h> 68 #include <linux/icmpv6.h> 69 #include <linux/jhash.h> 70 71 #include <net/sock.h> 72 #include <net/snmp.h> 73 74 #include <net/ipv6.h> 75 #include <net/protocol.h> 76 #include <net/ndisc.h> 77 #include <net/ip6_route.h> 78 #include <net/addrconf.h> 79 #include <net/icmp.h> 80 81 #include <net/flow.h> 82 #include <net/ip6_checksum.h> 83 #include <linux/proc_fs.h> 84 85 #include <linux/netfilter.h> 86 #include <linux/netfilter_ipv6.h> 87 88 static struct socket *ndisc_socket; 89 90 static u32 ndisc_hash(const void *pkey, const struct net_device *dev); 91 static int ndisc_constructor(struct neighbour *neigh); 92 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb); 93 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb); 94 static int pndisc_constructor(struct pneigh_entry *n); 95 static void pndisc_destructor(struct pneigh_entry *n); 96 static void pndisc_redo(struct sk_buff *skb); 97 98 static struct neigh_ops ndisc_generic_ops = { 99 .family = AF_INET6, 100 .solicit = ndisc_solicit, 101 .error_report = ndisc_error_report, 102 .output = neigh_resolve_output, 103 .connected_output = neigh_connected_output, 104 .hh_output = dev_queue_xmit, 105 .queue_xmit = dev_queue_xmit, 106 }; 107 108 static struct neigh_ops ndisc_hh_ops = { 109 .family = AF_INET6, 110 .solicit = ndisc_solicit, 111 .error_report = ndisc_error_report, 112 .output = neigh_resolve_output, 113 .connected_output = neigh_resolve_output, 114 .hh_output = dev_queue_xmit, 115 .queue_xmit = dev_queue_xmit, 116 }; 117 118 119 static struct neigh_ops ndisc_direct_ops = { 120 .family = AF_INET6, 121 .output = dev_queue_xmit, 122 .connected_output = dev_queue_xmit, 123 .hh_output = dev_queue_xmit, 124 .queue_xmit = dev_queue_xmit, 125 }; 126 127 struct neigh_table nd_tbl = { 128 .family = AF_INET6, 129 .entry_size = sizeof(struct neighbour) + sizeof(struct in6_addr), 130 .key_len = sizeof(struct in6_addr), 131 .hash = ndisc_hash, 132 .constructor = ndisc_constructor, 133 .pconstructor = pndisc_constructor, 134 .pdestructor = pndisc_destructor, 135 .proxy_redo = pndisc_redo, 136 .id = "ndisc_cache", 137 .parms = { 138 .tbl = &nd_tbl, 139 .base_reachable_time = 30 * HZ, 140 .retrans_time = 1 * HZ, 141 .gc_staletime = 60 * HZ, 142 .reachable_time = 30 * HZ, 143 .delay_probe_time = 5 * HZ, 144 .queue_len = 3, 145 .ucast_probes = 3, 146 .mcast_probes = 3, 147 .anycast_delay = 1 * HZ, 148 .proxy_delay = (8 * HZ) / 10, 149 .proxy_qlen = 64, 150 }, 151 .gc_interval = 30 * HZ, 152 .gc_thresh1 = 128, 153 .gc_thresh2 = 512, 154 .gc_thresh3 = 1024, 155 }; 156 157 /* ND options */ 158 struct ndisc_options { 159 struct nd_opt_hdr *nd_opt_array[__ND_OPT_ARRAY_MAX]; 160 #ifdef CONFIG_IPV6_ROUTE_INFO 161 struct nd_opt_hdr *nd_opts_ri; 162 struct nd_opt_hdr *nd_opts_ri_end; 163 #endif 164 }; 165 166 #define nd_opts_src_lladdr nd_opt_array[ND_OPT_SOURCE_LL_ADDR] 167 #define nd_opts_tgt_lladdr nd_opt_array[ND_OPT_TARGET_LL_ADDR] 168 #define nd_opts_pi nd_opt_array[ND_OPT_PREFIX_INFO] 169 #define nd_opts_pi_end nd_opt_array[__ND_OPT_PREFIX_INFO_END] 170 #define nd_opts_rh nd_opt_array[ND_OPT_REDIRECT_HDR] 171 #define nd_opts_mtu nd_opt_array[ND_OPT_MTU] 172 173 #define NDISC_OPT_SPACE(len) (((len)+2+7)&~7) 174 175 /* 176 * Return the padding between the option length and the start of the 177 * link addr. Currently only IP-over-InfiniBand needs this, although 178 * if RFC 3831 IPv6-over-Fibre Channel is ever implemented it may 179 * also need a pad of 2. 180 */ 181 static int ndisc_addr_option_pad(unsigned short type) 182 { 183 switch (type) { 184 case ARPHRD_INFINIBAND: return 2; 185 default: return 0; 186 } 187 } 188 189 static inline int ndisc_opt_addr_space(struct net_device *dev) 190 { 191 return NDISC_OPT_SPACE(dev->addr_len + ndisc_addr_option_pad(dev->type)); 192 } 193 194 static u8 *ndisc_fill_addr_option(u8 *opt, int type, void *data, int data_len, 195 unsigned short addr_type) 196 { 197 int space = NDISC_OPT_SPACE(data_len); 198 int pad = ndisc_addr_option_pad(addr_type); 199 200 opt[0] = type; 201 opt[1] = space>>3; 202 203 memset(opt + 2, 0, pad); 204 opt += pad; 205 space -= pad; 206 207 memcpy(opt+2, data, data_len); 208 data_len += 2; 209 opt += data_len; 210 if ((space -= data_len) > 0) 211 memset(opt, 0, space); 212 return opt + space; 213 } 214 215 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur, 216 struct nd_opt_hdr *end) 217 { 218 int type; 219 if (!cur || !end || cur >= end) 220 return NULL; 221 type = cur->nd_opt_type; 222 do { 223 cur = ((void *)cur) + (cur->nd_opt_len << 3); 224 } while(cur < end && cur->nd_opt_type != type); 225 return (cur <= end && cur->nd_opt_type == type ? cur : NULL); 226 } 227 228 static struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len, 229 struct ndisc_options *ndopts) 230 { 231 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt; 232 233 if (!nd_opt || opt_len < 0 || !ndopts) 234 return NULL; 235 memset(ndopts, 0, sizeof(*ndopts)); 236 while (opt_len) { 237 int l; 238 if (opt_len < sizeof(struct nd_opt_hdr)) 239 return NULL; 240 l = nd_opt->nd_opt_len << 3; 241 if (opt_len < l || l == 0) 242 return NULL; 243 switch (nd_opt->nd_opt_type) { 244 case ND_OPT_SOURCE_LL_ADDR: 245 case ND_OPT_TARGET_LL_ADDR: 246 case ND_OPT_MTU: 247 case ND_OPT_REDIRECT_HDR: 248 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) { 249 ND_PRINTK2(KERN_WARNING 250 "%s(): duplicated ND6 option found: type=%d\n", 251 __FUNCTION__, 252 nd_opt->nd_opt_type); 253 } else { 254 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 255 } 256 break; 257 case ND_OPT_PREFIX_INFO: 258 ndopts->nd_opts_pi_end = nd_opt; 259 if (ndopts->nd_opt_array[nd_opt->nd_opt_type] == 0) 260 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 261 break; 262 #ifdef CONFIG_IPV6_ROUTE_INFO 263 case ND_OPT_ROUTE_INFO: 264 ndopts->nd_opts_ri_end = nd_opt; 265 if (!ndopts->nd_opts_ri) 266 ndopts->nd_opts_ri = nd_opt; 267 break; 268 #endif 269 default: 270 /* 271 * Unknown options must be silently ignored, 272 * to accommodate future extension to the protocol. 273 */ 274 ND_PRINTK2(KERN_NOTICE 275 "%s(): ignored unsupported option; type=%d, len=%d\n", 276 __FUNCTION__, 277 nd_opt->nd_opt_type, nd_opt->nd_opt_len); 278 } 279 opt_len -= l; 280 nd_opt = ((void *)nd_opt) + l; 281 } 282 return ndopts; 283 } 284 285 static inline u8 *ndisc_opt_addr_data(struct nd_opt_hdr *p, 286 struct net_device *dev) 287 { 288 u8 *lladdr = (u8 *)(p + 1); 289 int lladdrlen = p->nd_opt_len << 3; 290 int prepad = ndisc_addr_option_pad(dev->type); 291 if (lladdrlen != NDISC_OPT_SPACE(dev->addr_len + prepad)) 292 return NULL; 293 return (lladdr + prepad); 294 } 295 296 int ndisc_mc_map(struct in6_addr *addr, char *buf, struct net_device *dev, int dir) 297 { 298 switch (dev->type) { 299 case ARPHRD_ETHER: 300 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */ 301 case ARPHRD_FDDI: 302 ipv6_eth_mc_map(addr, buf); 303 return 0; 304 case ARPHRD_IEEE802_TR: 305 ipv6_tr_mc_map(addr,buf); 306 return 0; 307 case ARPHRD_ARCNET: 308 ipv6_arcnet_mc_map(addr, buf); 309 return 0; 310 case ARPHRD_INFINIBAND: 311 ipv6_ib_mc_map(addr, buf); 312 return 0; 313 default: 314 if (dir) { 315 memcpy(buf, dev->broadcast, dev->addr_len); 316 return 0; 317 } 318 } 319 return -EINVAL; 320 } 321 322 EXPORT_SYMBOL(ndisc_mc_map); 323 324 static u32 ndisc_hash(const void *pkey, const struct net_device *dev) 325 { 326 const u32 *p32 = pkey; 327 u32 addr_hash, i; 328 329 addr_hash = 0; 330 for (i = 0; i < (sizeof(struct in6_addr) / sizeof(u32)); i++) 331 addr_hash ^= *p32++; 332 333 return jhash_2words(addr_hash, dev->ifindex, nd_tbl.hash_rnd); 334 } 335 336 static int ndisc_constructor(struct neighbour *neigh) 337 { 338 struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key; 339 struct net_device *dev = neigh->dev; 340 struct inet6_dev *in6_dev; 341 struct neigh_parms *parms; 342 int is_multicast = ipv6_addr_is_multicast(addr); 343 344 rcu_read_lock(); 345 in6_dev = in6_dev_get(dev); 346 if (in6_dev == NULL) { 347 rcu_read_unlock(); 348 return -EINVAL; 349 } 350 351 parms = in6_dev->nd_parms; 352 __neigh_parms_put(neigh->parms); 353 neigh->parms = neigh_parms_clone(parms); 354 rcu_read_unlock(); 355 356 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST; 357 if (dev->hard_header == NULL) { 358 neigh->nud_state = NUD_NOARP; 359 neigh->ops = &ndisc_direct_ops; 360 neigh->output = neigh->ops->queue_xmit; 361 } else { 362 if (is_multicast) { 363 neigh->nud_state = NUD_NOARP; 364 ndisc_mc_map(addr, neigh->ha, dev, 1); 365 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) { 366 neigh->nud_state = NUD_NOARP; 367 memcpy(neigh->ha, dev->dev_addr, dev->addr_len); 368 if (dev->flags&IFF_LOOPBACK) 369 neigh->type = RTN_LOCAL; 370 } else if (dev->flags&IFF_POINTOPOINT) { 371 neigh->nud_state = NUD_NOARP; 372 memcpy(neigh->ha, dev->broadcast, dev->addr_len); 373 } 374 if (dev->hard_header_cache) 375 neigh->ops = &ndisc_hh_ops; 376 else 377 neigh->ops = &ndisc_generic_ops; 378 if (neigh->nud_state&NUD_VALID) 379 neigh->output = neigh->ops->connected_output; 380 else 381 neigh->output = neigh->ops->output; 382 } 383 in6_dev_put(in6_dev); 384 return 0; 385 } 386 387 static int pndisc_constructor(struct pneigh_entry *n) 388 { 389 struct in6_addr *addr = (struct in6_addr*)&n->key; 390 struct in6_addr maddr; 391 struct net_device *dev = n->dev; 392 393 if (dev == NULL || __in6_dev_get(dev) == NULL) 394 return -EINVAL; 395 addrconf_addr_solict_mult(addr, &maddr); 396 ipv6_dev_mc_inc(dev, &maddr); 397 return 0; 398 } 399 400 static void pndisc_destructor(struct pneigh_entry *n) 401 { 402 struct in6_addr *addr = (struct in6_addr*)&n->key; 403 struct in6_addr maddr; 404 struct net_device *dev = n->dev; 405 406 if (dev == NULL || __in6_dev_get(dev) == NULL) 407 return; 408 addrconf_addr_solict_mult(addr, &maddr); 409 ipv6_dev_mc_dec(dev, &maddr); 410 } 411 412 /* 413 * Send a Neighbour Advertisement 414 */ 415 416 static inline void ndisc_flow_init(struct flowi *fl, u8 type, 417 struct in6_addr *saddr, struct in6_addr *daddr, 418 int oif) 419 { 420 memset(fl, 0, sizeof(*fl)); 421 ipv6_addr_copy(&fl->fl6_src, saddr); 422 ipv6_addr_copy(&fl->fl6_dst, daddr); 423 fl->proto = IPPROTO_ICMPV6; 424 fl->fl_icmp_type = type; 425 fl->fl_icmp_code = 0; 426 fl->oif = oif; 427 security_sk_classify_flow(ndisc_socket->sk, fl); 428 } 429 430 static void __ndisc_send(struct net_device *dev, 431 struct neighbour *neigh, 432 struct in6_addr *daddr, struct in6_addr *saddr, 433 struct icmp6hdr *icmp6h, struct in6_addr *target, 434 int llinfo, int icmp6_mib_outnd) 435 { 436 struct flowi fl; 437 struct dst_entry *dst; 438 struct sock *sk = ndisc_socket->sk; 439 struct sk_buff *skb; 440 struct icmp6hdr *hdr; 441 struct inet6_dev *idev; 442 int len; 443 int err; 444 u8 *opt; 445 446 ndisc_flow_init(&fl, icmp6h->icmp6_type, saddr, daddr, 447 dev->ifindex); 448 449 dst = ndisc_dst_alloc(dev, neigh, daddr, ip6_output); 450 if (!dst) 451 return; 452 453 err = xfrm_lookup(&dst, &fl, NULL, 0); 454 if (err < 0) 455 return; 456 457 if (!dev->addr_len) 458 llinfo = 0; 459 460 len = sizeof(struct icmp6hdr) + (target ? sizeof(*target) : 0); 461 if (llinfo) 462 len += ndisc_opt_addr_space(dev); 463 464 skb = sock_alloc_send_skb(sk, 465 (MAX_HEADER + sizeof(struct ipv6hdr) + 466 len + LL_RESERVED_SPACE(dev)), 467 1, &err); 468 if (!skb) { 469 ND_PRINTK0(KERN_ERR 470 "ICMPv6 ND: %s() failed to allocate an skb.\n", 471 __FUNCTION__); 472 dst_release(dst); 473 return; 474 } 475 476 skb_reserve(skb, LL_RESERVED_SPACE(dev)); 477 ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len); 478 479 skb->transport_header = skb->tail; 480 skb_put(skb, len); 481 482 hdr = (struct icmp6hdr *)skb_transport_header(skb); 483 memcpy(hdr, icmp6h, sizeof(*hdr)); 484 485 opt = skb_transport_header(skb) + sizeof(struct icmp6hdr); 486 if (target) { 487 ipv6_addr_copy((struct in6_addr *)opt, target); 488 opt += sizeof(*target); 489 } 490 491 if (llinfo) 492 ndisc_fill_addr_option(opt, llinfo, dev->dev_addr, 493 dev->addr_len, dev->type); 494 495 hdr->icmp6_cksum = csum_ipv6_magic(saddr, daddr, len, 496 IPPROTO_ICMPV6, 497 csum_partial((__u8 *) hdr, 498 len, 0)); 499 500 skb->dst = dst; 501 502 idev = in6_dev_get(dst->dev); 503 IP6_INC_STATS(idev, IPSTATS_MIB_OUTREQUESTS); 504 505 err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, dst_output); 506 if (!err) { 507 ICMP6_INC_STATS(idev, icmp6_mib_outnd); 508 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS); 509 } 510 511 if (likely(idev != NULL)) 512 in6_dev_put(idev); 513 } 514 515 static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh, 516 struct in6_addr *daddr, struct in6_addr *solicited_addr, 517 int router, int solicited, int override, int inc_opt) 518 { 519 struct in6_addr tmpaddr; 520 struct inet6_ifaddr *ifp; 521 struct in6_addr *src_addr; 522 struct icmp6hdr icmp6h = { 523 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT, 524 }; 525 526 /* for anycast or proxy, solicited_addr != src_addr */ 527 ifp = ipv6_get_ifaddr(solicited_addr, dev, 1); 528 if (ifp) { 529 src_addr = solicited_addr; 530 if (ifp->flags & IFA_F_OPTIMISTIC) 531 override = 0; 532 in6_ifa_put(ifp); 533 } else { 534 if (ipv6_dev_get_saddr(dev, daddr, &tmpaddr)) 535 return; 536 src_addr = &tmpaddr; 537 } 538 539 icmp6h.icmp6_router = router; 540 icmp6h.icmp6_solicited = solicited; 541 icmp6h.icmp6_override = override; 542 543 __ndisc_send(dev, neigh, daddr, src_addr, 544 &icmp6h, solicited_addr, 545 inc_opt ? ND_OPT_TARGET_LL_ADDR : 0, 546 ICMP6_MIB_OUTNEIGHBORADVERTISEMENTS); 547 } 548 549 void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh, 550 struct in6_addr *solicit, 551 struct in6_addr *daddr, struct in6_addr *saddr) 552 { 553 struct in6_addr addr_buf; 554 struct icmp6hdr icmp6h = { 555 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION, 556 }; 557 558 if (saddr == NULL) { 559 if (ipv6_get_lladdr(dev, &addr_buf, 560 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))) 561 return; 562 saddr = &addr_buf; 563 } 564 565 __ndisc_send(dev, neigh, daddr, saddr, 566 &icmp6h, solicit, 567 !ipv6_addr_any(saddr) ? ND_OPT_SOURCE_LL_ADDR : 0, 568 ICMP6_MIB_OUTNEIGHBORSOLICITS); 569 } 570 571 void ndisc_send_rs(struct net_device *dev, struct in6_addr *saddr, 572 struct in6_addr *daddr) 573 { 574 struct icmp6hdr icmp6h = { 575 .icmp6_type = NDISC_ROUTER_SOLICITATION, 576 }; 577 int send_sllao = dev->addr_len; 578 579 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD 580 /* 581 * According to section 2.2 of RFC 4429, we must not 582 * send router solicitations with a sllao from 583 * optimistic addresses, but we may send the solicitation 584 * if we don't include the sllao. So here we check 585 * if our address is optimistic, and if so, we 586 * supress the inclusion of the sllao. 587 */ 588 if (send_sllao) { 589 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(saddr, dev, 1); 590 if (ifp) { 591 if (ifp->flags & IFA_F_OPTIMISTIC) { 592 send_sllao = 0; 593 } 594 in6_ifa_put(ifp); 595 } else { 596 send_sllao = 0; 597 } 598 } 599 #endif 600 __ndisc_send(dev, NULL, daddr, saddr, 601 &icmp6h, NULL, 602 send_sllao ? ND_OPT_SOURCE_LL_ADDR : 0, 603 ICMP6_MIB_OUTROUTERSOLICITS); 604 } 605 606 607 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb) 608 { 609 /* 610 * "The sender MUST return an ICMP 611 * destination unreachable" 612 */ 613 dst_link_failure(skb); 614 kfree_skb(skb); 615 } 616 617 /* Called with locked neigh: either read or both */ 618 619 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb) 620 { 621 struct in6_addr *saddr = NULL; 622 struct in6_addr mcaddr; 623 struct net_device *dev = neigh->dev; 624 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key; 625 int probes = atomic_read(&neigh->probes); 626 627 if (skb && ipv6_chk_addr(&ipv6_hdr(skb)->saddr, dev, 1)) 628 saddr = &ipv6_hdr(skb)->saddr; 629 630 if ((probes -= neigh->parms->ucast_probes) < 0) { 631 if (!(neigh->nud_state & NUD_VALID)) { 632 ND_PRINTK1(KERN_DEBUG 633 "%s(): trying to ucast probe in NUD_INVALID: " 634 NIP6_FMT "\n", 635 __FUNCTION__, 636 NIP6(*target)); 637 } 638 ndisc_send_ns(dev, neigh, target, target, saddr); 639 } else if ((probes -= neigh->parms->app_probes) < 0) { 640 #ifdef CONFIG_ARPD 641 neigh_app_ns(neigh); 642 #endif 643 } else { 644 addrconf_addr_solict_mult(target, &mcaddr); 645 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr); 646 } 647 } 648 649 static void ndisc_recv_ns(struct sk_buff *skb) 650 { 651 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb); 652 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 653 struct in6_addr *daddr = &ipv6_hdr(skb)->daddr; 654 u8 *lladdr = NULL; 655 u32 ndoptlen = skb->tail - (skb->transport_header + 656 offsetof(struct nd_msg, opt)); 657 struct ndisc_options ndopts; 658 struct net_device *dev = skb->dev; 659 struct inet6_ifaddr *ifp; 660 struct inet6_dev *idev = NULL; 661 struct neighbour *neigh; 662 struct pneigh_entry *pneigh = NULL; 663 int dad = ipv6_addr_any(saddr); 664 int inc; 665 int is_router; 666 667 if (ipv6_addr_is_multicast(&msg->target)) { 668 ND_PRINTK2(KERN_WARNING 669 "ICMPv6 NS: multicast target address"); 670 return; 671 } 672 673 /* 674 * RFC2461 7.1.1: 675 * DAD has to be destined for solicited node multicast address. 676 */ 677 if (dad && 678 !(daddr->s6_addr32[0] == htonl(0xff020000) && 679 daddr->s6_addr32[1] == htonl(0x00000000) && 680 daddr->s6_addr32[2] == htonl(0x00000001) && 681 daddr->s6_addr [12] == 0xff )) { 682 ND_PRINTK2(KERN_WARNING 683 "ICMPv6 NS: bad DAD packet (wrong destination)\n"); 684 return; 685 } 686 687 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) { 688 ND_PRINTK2(KERN_WARNING 689 "ICMPv6 NS: invalid ND options\n"); 690 return; 691 } 692 693 if (ndopts.nd_opts_src_lladdr) { 694 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev); 695 if (!lladdr) { 696 ND_PRINTK2(KERN_WARNING 697 "ICMPv6 NS: invalid link-layer address length\n"); 698 return; 699 } 700 701 /* RFC2461 7.1.1: 702 * If the IP source address is the unspecified address, 703 * there MUST NOT be source link-layer address option 704 * in the message. 705 */ 706 if (dad) { 707 ND_PRINTK2(KERN_WARNING 708 "ICMPv6 NS: bad DAD packet (link-layer address option)\n"); 709 return; 710 } 711 } 712 713 inc = ipv6_addr_is_multicast(daddr); 714 715 if ((ifp = ipv6_get_ifaddr(&msg->target, dev, 1)) != NULL) { 716 717 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) { 718 if (dad) { 719 if (dev->type == ARPHRD_IEEE802_TR) { 720 const unsigned char *sadr; 721 sadr = skb_mac_header(skb); 722 if (((sadr[8] ^ dev->dev_addr[0]) & 0x7f) == 0 && 723 sadr[9] == dev->dev_addr[1] && 724 sadr[10] == dev->dev_addr[2] && 725 sadr[11] == dev->dev_addr[3] && 726 sadr[12] == dev->dev_addr[4] && 727 sadr[13] == dev->dev_addr[5]) { 728 /* looped-back to us */ 729 goto out; 730 } 731 } 732 733 /* 734 * We are colliding with another node 735 * who is doing DAD 736 * so fail our DAD process 737 */ 738 addrconf_dad_failure(ifp); 739 goto out; 740 } else { 741 /* 742 * This is not a dad solicitation. 743 * If we are an optimistic node, 744 * we should respond. 745 * Otherwise, we should ignore it. 746 */ 747 if (!(ifp->flags & IFA_F_OPTIMISTIC)) 748 goto out; 749 } 750 } 751 752 idev = ifp->idev; 753 } else { 754 idev = in6_dev_get(dev); 755 if (!idev) { 756 /* XXX: count this drop? */ 757 return; 758 } 759 760 if (ipv6_chk_acast_addr(dev, &msg->target) || 761 (idev->cnf.forwarding && 762 (ipv6_devconf.proxy_ndp || idev->cnf.proxy_ndp) && 763 (pneigh = pneigh_lookup(&nd_tbl, 764 &msg->target, dev, 0)) != NULL)) { 765 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) && 766 skb->pkt_type != PACKET_HOST && 767 inc != 0 && 768 idev->nd_parms->proxy_delay != 0) { 769 /* 770 * for anycast or proxy, 771 * sender should delay its response 772 * by a random time between 0 and 773 * MAX_ANYCAST_DELAY_TIME seconds. 774 * (RFC2461) -- yoshfuji 775 */ 776 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC); 777 if (n) 778 pneigh_enqueue(&nd_tbl, idev->nd_parms, n); 779 goto out; 780 } 781 } else 782 goto out; 783 } 784 785 is_router = !!(pneigh ? pneigh->flags & NTF_ROUTER : idev->cnf.forwarding); 786 787 if (dad) { 788 struct in6_addr maddr; 789 790 ipv6_addr_all_nodes(&maddr); 791 ndisc_send_na(dev, NULL, &maddr, &msg->target, 792 is_router, 0, (ifp != NULL), 1); 793 goto out; 794 } 795 796 if (inc) 797 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast); 798 else 799 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast); 800 801 /* 802 * update / create cache entry 803 * for the source address 804 */ 805 neigh = __neigh_lookup(&nd_tbl, saddr, dev, 806 !inc || lladdr || !dev->addr_len); 807 if (neigh) 808 neigh_update(neigh, lladdr, NUD_STALE, 809 NEIGH_UPDATE_F_WEAK_OVERRIDE| 810 NEIGH_UPDATE_F_OVERRIDE); 811 if (neigh || !dev->hard_header) { 812 ndisc_send_na(dev, neigh, saddr, &msg->target, 813 is_router, 814 1, (ifp != NULL && inc), inc); 815 if (neigh) 816 neigh_release(neigh); 817 } 818 819 out: 820 if (ifp) 821 in6_ifa_put(ifp); 822 else 823 in6_dev_put(idev); 824 825 return; 826 } 827 828 static void ndisc_recv_na(struct sk_buff *skb) 829 { 830 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb); 831 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 832 struct in6_addr *daddr = &ipv6_hdr(skb)->daddr; 833 u8 *lladdr = NULL; 834 u32 ndoptlen = skb->tail - (skb->transport_header + 835 offsetof(struct nd_msg, opt)); 836 struct ndisc_options ndopts; 837 struct net_device *dev = skb->dev; 838 struct inet6_ifaddr *ifp; 839 struct neighbour *neigh; 840 841 if (skb->len < sizeof(struct nd_msg)) { 842 ND_PRINTK2(KERN_WARNING 843 "ICMPv6 NA: packet too short\n"); 844 return; 845 } 846 847 if (ipv6_addr_is_multicast(&msg->target)) { 848 ND_PRINTK2(KERN_WARNING 849 "ICMPv6 NA: target address is multicast.\n"); 850 return; 851 } 852 853 if (ipv6_addr_is_multicast(daddr) && 854 msg->icmph.icmp6_solicited) { 855 ND_PRINTK2(KERN_WARNING 856 "ICMPv6 NA: solicited NA is multicasted.\n"); 857 return; 858 } 859 860 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) { 861 ND_PRINTK2(KERN_WARNING 862 "ICMPv6 NS: invalid ND option\n"); 863 return; 864 } 865 if (ndopts.nd_opts_tgt_lladdr) { 866 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev); 867 if (!lladdr) { 868 ND_PRINTK2(KERN_WARNING 869 "ICMPv6 NA: invalid link-layer address length\n"); 870 return; 871 } 872 } 873 if ((ifp = ipv6_get_ifaddr(&msg->target, dev, 1))) { 874 if (ifp->flags & IFA_F_TENTATIVE) { 875 addrconf_dad_failure(ifp); 876 return; 877 } 878 /* What should we make now? The advertisement 879 is invalid, but ndisc specs say nothing 880 about it. It could be misconfiguration, or 881 an smart proxy agent tries to help us :-) 882 */ 883 ND_PRINTK1(KERN_WARNING 884 "ICMPv6 NA: someone advertises our address on %s!\n", 885 ifp->idev->dev->name); 886 in6_ifa_put(ifp); 887 return; 888 } 889 neigh = neigh_lookup(&nd_tbl, &msg->target, dev); 890 891 if (neigh) { 892 u8 old_flags = neigh->flags; 893 894 if (neigh->nud_state & NUD_FAILED) 895 goto out; 896 897 /* 898 * Don't update the neighbor cache entry on a proxy NA from 899 * ourselves because either the proxied node is off link or it 900 * has already sent a NA to us. 901 */ 902 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) && 903 ipv6_devconf.forwarding && ipv6_devconf.proxy_ndp && 904 pneigh_lookup(&nd_tbl, &msg->target, dev, 0)) { 905 /* XXX: idev->cnf.prixy_ndp */ 906 goto out; 907 } 908 909 neigh_update(neigh, lladdr, 910 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE, 911 NEIGH_UPDATE_F_WEAK_OVERRIDE| 912 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)| 913 NEIGH_UPDATE_F_OVERRIDE_ISROUTER| 914 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0)); 915 916 if ((old_flags & ~neigh->flags) & NTF_ROUTER) { 917 /* 918 * Change: router to host 919 */ 920 struct rt6_info *rt; 921 rt = rt6_get_dflt_router(saddr, dev); 922 if (rt) 923 ip6_del_rt(rt); 924 } 925 926 out: 927 neigh_release(neigh); 928 } 929 } 930 931 static void ndisc_recv_rs(struct sk_buff *skb) 932 { 933 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb); 934 unsigned long ndoptlen = skb->len - sizeof(*rs_msg); 935 struct neighbour *neigh; 936 struct inet6_dev *idev; 937 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 938 struct ndisc_options ndopts; 939 u8 *lladdr = NULL; 940 941 if (skb->len < sizeof(*rs_msg)) 942 return; 943 944 idev = in6_dev_get(skb->dev); 945 if (!idev) { 946 if (net_ratelimit()) 947 ND_PRINTK1("ICMP6 RS: can't find in6 device\n"); 948 return; 949 } 950 951 /* Don't accept RS if we're not in router mode */ 952 if (!idev->cnf.forwarding) 953 goto out; 954 955 /* 956 * Don't update NCE if src = ::; 957 * this implies that the source node has no ip address assigned yet. 958 */ 959 if (ipv6_addr_any(saddr)) 960 goto out; 961 962 /* Parse ND options */ 963 if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) { 964 if (net_ratelimit()) 965 ND_PRINTK2("ICMP6 NS: invalid ND option, ignored\n"); 966 goto out; 967 } 968 969 if (ndopts.nd_opts_src_lladdr) { 970 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, 971 skb->dev); 972 if (!lladdr) 973 goto out; 974 } 975 976 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1); 977 if (neigh) { 978 neigh_update(neigh, lladdr, NUD_STALE, 979 NEIGH_UPDATE_F_WEAK_OVERRIDE| 980 NEIGH_UPDATE_F_OVERRIDE| 981 NEIGH_UPDATE_F_OVERRIDE_ISROUTER); 982 neigh_release(neigh); 983 } 984 out: 985 in6_dev_put(idev); 986 } 987 988 static void ndisc_router_discovery(struct sk_buff *skb) 989 { 990 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb); 991 struct neighbour *neigh = NULL; 992 struct inet6_dev *in6_dev; 993 struct rt6_info *rt = NULL; 994 int lifetime; 995 struct ndisc_options ndopts; 996 int optlen; 997 unsigned int pref = 0; 998 999 __u8 * opt = (__u8 *)(ra_msg + 1); 1000 1001 optlen = (skb->tail - skb->transport_header) - sizeof(struct ra_msg); 1002 1003 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) { 1004 ND_PRINTK2(KERN_WARNING 1005 "ICMPv6 RA: source address is not link-local.\n"); 1006 return; 1007 } 1008 if (optlen < 0) { 1009 ND_PRINTK2(KERN_WARNING 1010 "ICMPv6 RA: packet too short\n"); 1011 return; 1012 } 1013 1014 /* 1015 * set the RA_RECV flag in the interface 1016 */ 1017 1018 in6_dev = in6_dev_get(skb->dev); 1019 if (in6_dev == NULL) { 1020 ND_PRINTK0(KERN_ERR 1021 "ICMPv6 RA: can't find inet6 device for %s.\n", 1022 skb->dev->name); 1023 return; 1024 } 1025 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_ra) { 1026 in6_dev_put(in6_dev); 1027 return; 1028 } 1029 1030 if (!ndisc_parse_options(opt, optlen, &ndopts)) { 1031 in6_dev_put(in6_dev); 1032 ND_PRINTK2(KERN_WARNING 1033 "ICMP6 RA: invalid ND options\n"); 1034 return; 1035 } 1036 1037 if (in6_dev->if_flags & IF_RS_SENT) { 1038 /* 1039 * flag that an RA was received after an RS was sent 1040 * out on this interface. 1041 */ 1042 in6_dev->if_flags |= IF_RA_RCVD; 1043 } 1044 1045 /* 1046 * Remember the managed/otherconf flags from most recently 1047 * received RA message (RFC 2462) -- yoshfuji 1048 */ 1049 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED | 1050 IF_RA_OTHERCONF)) | 1051 (ra_msg->icmph.icmp6_addrconf_managed ? 1052 IF_RA_MANAGED : 0) | 1053 (ra_msg->icmph.icmp6_addrconf_other ? 1054 IF_RA_OTHERCONF : 0); 1055 1056 if (!in6_dev->cnf.accept_ra_defrtr) 1057 goto skip_defrtr; 1058 1059 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime); 1060 1061 #ifdef CONFIG_IPV6_ROUTER_PREF 1062 pref = ra_msg->icmph.icmp6_router_pref; 1063 /* 10b is handled as if it were 00b (medium) */ 1064 if (pref == ICMPV6_ROUTER_PREF_INVALID || 1065 in6_dev->cnf.accept_ra_rtr_pref) 1066 pref = ICMPV6_ROUTER_PREF_MEDIUM; 1067 #endif 1068 1069 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev); 1070 1071 if (rt) 1072 neigh = rt->rt6i_nexthop; 1073 1074 if (rt && lifetime == 0) { 1075 neigh_clone(neigh); 1076 ip6_del_rt(rt); 1077 rt = NULL; 1078 } 1079 1080 if (rt == NULL && lifetime) { 1081 ND_PRINTK3(KERN_DEBUG 1082 "ICMPv6 RA: adding default router.\n"); 1083 1084 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref); 1085 if (rt == NULL) { 1086 ND_PRINTK0(KERN_ERR 1087 "ICMPv6 RA: %s() failed to add default route.\n", 1088 __FUNCTION__); 1089 in6_dev_put(in6_dev); 1090 return; 1091 } 1092 1093 neigh = rt->rt6i_nexthop; 1094 if (neigh == NULL) { 1095 ND_PRINTK0(KERN_ERR 1096 "ICMPv6 RA: %s() got default router without neighbour.\n", 1097 __FUNCTION__); 1098 dst_release(&rt->u.dst); 1099 in6_dev_put(in6_dev); 1100 return; 1101 } 1102 neigh->flags |= NTF_ROUTER; 1103 } else if (rt) { 1104 rt->rt6i_flags |= (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref); 1105 } 1106 1107 if (rt) 1108 rt->rt6i_expires = jiffies + (HZ * lifetime); 1109 1110 if (ra_msg->icmph.icmp6_hop_limit) { 1111 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit; 1112 if (rt) 1113 rt->u.dst.metrics[RTAX_HOPLIMIT-1] = ra_msg->icmph.icmp6_hop_limit; 1114 } 1115 1116 skip_defrtr: 1117 1118 /* 1119 * Update Reachable Time and Retrans Timer 1120 */ 1121 1122 if (in6_dev->nd_parms) { 1123 unsigned long rtime = ntohl(ra_msg->retrans_timer); 1124 1125 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) { 1126 rtime = (rtime*HZ)/1000; 1127 if (rtime < HZ/10) 1128 rtime = HZ/10; 1129 in6_dev->nd_parms->retrans_time = rtime; 1130 in6_dev->tstamp = jiffies; 1131 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev); 1132 } 1133 1134 rtime = ntohl(ra_msg->reachable_time); 1135 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) { 1136 rtime = (rtime*HZ)/1000; 1137 1138 if (rtime < HZ/10) 1139 rtime = HZ/10; 1140 1141 if (rtime != in6_dev->nd_parms->base_reachable_time) { 1142 in6_dev->nd_parms->base_reachable_time = rtime; 1143 in6_dev->nd_parms->gc_staletime = 3 * rtime; 1144 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime); 1145 in6_dev->tstamp = jiffies; 1146 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev); 1147 } 1148 } 1149 } 1150 1151 /* 1152 * Process options. 1153 */ 1154 1155 if (!neigh) 1156 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr, 1157 skb->dev, 1); 1158 if (neigh) { 1159 u8 *lladdr = NULL; 1160 if (ndopts.nd_opts_src_lladdr) { 1161 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, 1162 skb->dev); 1163 if (!lladdr) { 1164 ND_PRINTK2(KERN_WARNING 1165 "ICMPv6 RA: invalid link-layer address length\n"); 1166 goto out; 1167 } 1168 } 1169 neigh_update(neigh, lladdr, NUD_STALE, 1170 NEIGH_UPDATE_F_WEAK_OVERRIDE| 1171 NEIGH_UPDATE_F_OVERRIDE| 1172 NEIGH_UPDATE_F_OVERRIDE_ISROUTER| 1173 NEIGH_UPDATE_F_ISROUTER); 1174 } 1175 1176 #ifdef CONFIG_IPV6_ROUTE_INFO 1177 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) { 1178 struct nd_opt_hdr *p; 1179 for (p = ndopts.nd_opts_ri; 1180 p; 1181 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) { 1182 if (((struct route_info *)p)->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen) 1183 continue; 1184 rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3, 1185 &ipv6_hdr(skb)->saddr); 1186 } 1187 } 1188 #endif 1189 1190 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) { 1191 struct nd_opt_hdr *p; 1192 for (p = ndopts.nd_opts_pi; 1193 p; 1194 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) { 1195 addrconf_prefix_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3); 1196 } 1197 } 1198 1199 if (ndopts.nd_opts_mtu) { 1200 __be32 n; 1201 u32 mtu; 1202 1203 memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu)); 1204 mtu = ntohl(n); 1205 1206 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) { 1207 ND_PRINTK2(KERN_WARNING 1208 "ICMPv6 RA: invalid mtu: %d\n", 1209 mtu); 1210 } else if (in6_dev->cnf.mtu6 != mtu) { 1211 in6_dev->cnf.mtu6 = mtu; 1212 1213 if (rt) 1214 rt->u.dst.metrics[RTAX_MTU-1] = mtu; 1215 1216 rt6_mtu_change(skb->dev, mtu); 1217 } 1218 } 1219 1220 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) { 1221 ND_PRINTK2(KERN_WARNING 1222 "ICMPv6 RA: invalid RA options"); 1223 } 1224 out: 1225 if (rt) 1226 dst_release(&rt->u.dst); 1227 else if (neigh) 1228 neigh_release(neigh); 1229 in6_dev_put(in6_dev); 1230 } 1231 1232 static void ndisc_redirect_rcv(struct sk_buff *skb) 1233 { 1234 struct inet6_dev *in6_dev; 1235 struct icmp6hdr *icmph; 1236 struct in6_addr *dest; 1237 struct in6_addr *target; /* new first hop to destination */ 1238 struct neighbour *neigh; 1239 int on_link = 0; 1240 struct ndisc_options ndopts; 1241 int optlen; 1242 u8 *lladdr = NULL; 1243 1244 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) { 1245 ND_PRINTK2(KERN_WARNING 1246 "ICMPv6 Redirect: source address is not link-local.\n"); 1247 return; 1248 } 1249 1250 optlen = skb->tail - skb->transport_header; 1251 optlen -= sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr); 1252 1253 if (optlen < 0) { 1254 ND_PRINTK2(KERN_WARNING 1255 "ICMPv6 Redirect: packet too short\n"); 1256 return; 1257 } 1258 1259 icmph = icmp6_hdr(skb); 1260 target = (struct in6_addr *) (icmph + 1); 1261 dest = target + 1; 1262 1263 if (ipv6_addr_is_multicast(dest)) { 1264 ND_PRINTK2(KERN_WARNING 1265 "ICMPv6 Redirect: destination address is multicast.\n"); 1266 return; 1267 } 1268 1269 if (ipv6_addr_equal(dest, target)) { 1270 on_link = 1; 1271 } else if (!(ipv6_addr_type(target) & IPV6_ADDR_LINKLOCAL)) { 1272 ND_PRINTK2(KERN_WARNING 1273 "ICMPv6 Redirect: target address is not link-local.\n"); 1274 return; 1275 } 1276 1277 in6_dev = in6_dev_get(skb->dev); 1278 if (!in6_dev) 1279 return; 1280 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects) { 1281 in6_dev_put(in6_dev); 1282 return; 1283 } 1284 1285 /* RFC2461 8.1: 1286 * The IP source address of the Redirect MUST be the same as the current 1287 * first-hop router for the specified ICMP Destination Address. 1288 */ 1289 1290 if (!ndisc_parse_options((u8*)(dest + 1), optlen, &ndopts)) { 1291 ND_PRINTK2(KERN_WARNING 1292 "ICMPv6 Redirect: invalid ND options\n"); 1293 in6_dev_put(in6_dev); 1294 return; 1295 } 1296 if (ndopts.nd_opts_tgt_lladdr) { 1297 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, 1298 skb->dev); 1299 if (!lladdr) { 1300 ND_PRINTK2(KERN_WARNING 1301 "ICMPv6 Redirect: invalid link-layer address length\n"); 1302 in6_dev_put(in6_dev); 1303 return; 1304 } 1305 } 1306 1307 neigh = __neigh_lookup(&nd_tbl, target, skb->dev, 1); 1308 if (neigh) { 1309 rt6_redirect(dest, &ipv6_hdr(skb)->daddr, 1310 &ipv6_hdr(skb)->saddr, neigh, lladdr, 1311 on_link); 1312 neigh_release(neigh); 1313 } 1314 in6_dev_put(in6_dev); 1315 } 1316 1317 void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh, 1318 struct in6_addr *target) 1319 { 1320 struct sock *sk = ndisc_socket->sk; 1321 int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr); 1322 struct sk_buff *buff; 1323 struct icmp6hdr *icmph; 1324 struct in6_addr saddr_buf; 1325 struct in6_addr *addrp; 1326 struct net_device *dev; 1327 struct rt6_info *rt; 1328 struct dst_entry *dst; 1329 struct inet6_dev *idev; 1330 struct flowi fl; 1331 u8 *opt; 1332 int rd_len; 1333 int err; 1334 int hlen; 1335 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL; 1336 1337 dev = skb->dev; 1338 1339 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) { 1340 ND_PRINTK2(KERN_WARNING 1341 "ICMPv6 Redirect: no link-local address on %s\n", 1342 dev->name); 1343 return; 1344 } 1345 1346 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) && 1347 !(ipv6_addr_type(target) & IPV6_ADDR_LINKLOCAL)) { 1348 ND_PRINTK2(KERN_WARNING 1349 "ICMPv6 Redirect: target address is not link-local.\n"); 1350 return; 1351 } 1352 1353 ndisc_flow_init(&fl, NDISC_REDIRECT, &saddr_buf, &ipv6_hdr(skb)->saddr, 1354 dev->ifindex); 1355 1356 dst = ip6_route_output(NULL, &fl); 1357 if (dst == NULL) 1358 return; 1359 1360 err = xfrm_lookup(&dst, &fl, NULL, 0); 1361 if (err) 1362 return; 1363 1364 rt = (struct rt6_info *) dst; 1365 1366 if (rt->rt6i_flags & RTF_GATEWAY) { 1367 ND_PRINTK2(KERN_WARNING 1368 "ICMPv6 Redirect: destination is not a neighbour.\n"); 1369 dst_release(dst); 1370 return; 1371 } 1372 if (!xrlim_allow(dst, 1*HZ)) { 1373 dst_release(dst); 1374 return; 1375 } 1376 1377 if (dev->addr_len) { 1378 read_lock_bh(&neigh->lock); 1379 if (neigh->nud_state & NUD_VALID) { 1380 memcpy(ha_buf, neigh->ha, dev->addr_len); 1381 read_unlock_bh(&neigh->lock); 1382 ha = ha_buf; 1383 len += ndisc_opt_addr_space(dev); 1384 } else 1385 read_unlock_bh(&neigh->lock); 1386 } 1387 1388 rd_len = min_t(unsigned int, 1389 IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8); 1390 rd_len &= ~0x7; 1391 len += rd_len; 1392 1393 buff = sock_alloc_send_skb(sk, 1394 (MAX_HEADER + sizeof(struct ipv6hdr) + 1395 len + LL_RESERVED_SPACE(dev)), 1396 1, &err); 1397 if (buff == NULL) { 1398 ND_PRINTK0(KERN_ERR 1399 "ICMPv6 Redirect: %s() failed to allocate an skb.\n", 1400 __FUNCTION__); 1401 dst_release(dst); 1402 return; 1403 } 1404 1405 hlen = 0; 1406 1407 skb_reserve(buff, LL_RESERVED_SPACE(dev)); 1408 ip6_nd_hdr(sk, buff, dev, &saddr_buf, &ipv6_hdr(skb)->saddr, 1409 IPPROTO_ICMPV6, len); 1410 1411 skb_set_transport_header(buff, skb_tail_pointer(buff) - buff->data); 1412 skb_put(buff, len); 1413 icmph = icmp6_hdr(buff); 1414 1415 memset(icmph, 0, sizeof(struct icmp6hdr)); 1416 icmph->icmp6_type = NDISC_REDIRECT; 1417 1418 /* 1419 * copy target and destination addresses 1420 */ 1421 1422 addrp = (struct in6_addr *)(icmph + 1); 1423 ipv6_addr_copy(addrp, target); 1424 addrp++; 1425 ipv6_addr_copy(addrp, &ipv6_hdr(skb)->daddr); 1426 1427 opt = (u8*) (addrp + 1); 1428 1429 /* 1430 * include target_address option 1431 */ 1432 1433 if (ha) 1434 opt = ndisc_fill_addr_option(opt, ND_OPT_TARGET_LL_ADDR, ha, 1435 dev->addr_len, dev->type); 1436 1437 /* 1438 * build redirect option and copy skb over to the new packet. 1439 */ 1440 1441 memset(opt, 0, 8); 1442 *(opt++) = ND_OPT_REDIRECT_HDR; 1443 *(opt++) = (rd_len >> 3); 1444 opt += 6; 1445 1446 memcpy(opt, ipv6_hdr(skb), rd_len - 8); 1447 1448 icmph->icmp6_cksum = csum_ipv6_magic(&saddr_buf, &ipv6_hdr(skb)->saddr, 1449 len, IPPROTO_ICMPV6, 1450 csum_partial((u8 *) icmph, len, 0)); 1451 1452 buff->dst = dst; 1453 idev = in6_dev_get(dst->dev); 1454 IP6_INC_STATS(idev, IPSTATS_MIB_OUTREQUESTS); 1455 err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, buff, NULL, dst->dev, dst_output); 1456 if (!err) { 1457 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTREDIRECTS); 1458 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS); 1459 } 1460 1461 if (likely(idev != NULL)) 1462 in6_dev_put(idev); 1463 } 1464 1465 static void pndisc_redo(struct sk_buff *skb) 1466 { 1467 ndisc_recv_ns(skb); 1468 kfree_skb(skb); 1469 } 1470 1471 int ndisc_rcv(struct sk_buff *skb) 1472 { 1473 struct nd_msg *msg; 1474 1475 if (!pskb_may_pull(skb, skb->len)) 1476 return 0; 1477 1478 msg = (struct nd_msg *)skb_transport_header(skb); 1479 1480 __skb_push(skb, skb->data - skb_transport_header(skb)); 1481 1482 if (ipv6_hdr(skb)->hop_limit != 255) { 1483 ND_PRINTK2(KERN_WARNING 1484 "ICMPv6 NDISC: invalid hop-limit: %d\n", 1485 ipv6_hdr(skb)->hop_limit); 1486 return 0; 1487 } 1488 1489 if (msg->icmph.icmp6_code != 0) { 1490 ND_PRINTK2(KERN_WARNING 1491 "ICMPv6 NDISC: invalid ICMPv6 code: %d\n", 1492 msg->icmph.icmp6_code); 1493 return 0; 1494 } 1495 1496 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb)); 1497 1498 switch (msg->icmph.icmp6_type) { 1499 case NDISC_NEIGHBOUR_SOLICITATION: 1500 ndisc_recv_ns(skb); 1501 break; 1502 1503 case NDISC_NEIGHBOUR_ADVERTISEMENT: 1504 ndisc_recv_na(skb); 1505 break; 1506 1507 case NDISC_ROUTER_SOLICITATION: 1508 ndisc_recv_rs(skb); 1509 break; 1510 1511 case NDISC_ROUTER_ADVERTISEMENT: 1512 ndisc_router_discovery(skb); 1513 break; 1514 1515 case NDISC_REDIRECT: 1516 ndisc_redirect_rcv(skb); 1517 break; 1518 } 1519 1520 return 0; 1521 } 1522 1523 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr) 1524 { 1525 struct net_device *dev = ptr; 1526 1527 switch (event) { 1528 case NETDEV_CHANGEADDR: 1529 neigh_changeaddr(&nd_tbl, dev); 1530 fib6_run_gc(~0UL); 1531 break; 1532 case NETDEV_DOWN: 1533 neigh_ifdown(&nd_tbl, dev); 1534 fib6_run_gc(~0UL); 1535 break; 1536 default: 1537 break; 1538 } 1539 1540 return NOTIFY_DONE; 1541 } 1542 1543 static struct notifier_block ndisc_netdev_notifier = { 1544 .notifier_call = ndisc_netdev_event, 1545 }; 1546 1547 #ifdef CONFIG_SYSCTL 1548 static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl, 1549 const char *func, const char *dev_name) 1550 { 1551 static char warncomm[TASK_COMM_LEN]; 1552 static int warned; 1553 if (strcmp(warncomm, current->comm) && warned < 5) { 1554 strcpy(warncomm, current->comm); 1555 printk(KERN_WARNING 1556 "process `%s' is using deprecated sysctl (%s) " 1557 "net.ipv6.neigh.%s.%s; " 1558 "Use net.ipv6.neigh.%s.%s_ms " 1559 "instead.\n", 1560 warncomm, func, 1561 dev_name, ctl->procname, 1562 dev_name, ctl->procname); 1563 warned++; 1564 } 1565 } 1566 1567 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, struct file * filp, void __user *buffer, size_t *lenp, loff_t *ppos) 1568 { 1569 struct net_device *dev = ctl->extra1; 1570 struct inet6_dev *idev; 1571 int ret; 1572 1573 if (ctl->ctl_name == NET_NEIGH_RETRANS_TIME || 1574 ctl->ctl_name == NET_NEIGH_REACHABLE_TIME) 1575 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default"); 1576 1577 switch (ctl->ctl_name) { 1578 case NET_NEIGH_RETRANS_TIME: 1579 ret = proc_dointvec(ctl, write, filp, buffer, lenp, ppos); 1580 break; 1581 case NET_NEIGH_REACHABLE_TIME: 1582 ret = proc_dointvec_jiffies(ctl, write, 1583 filp, buffer, lenp, ppos); 1584 break; 1585 case NET_NEIGH_RETRANS_TIME_MS: 1586 case NET_NEIGH_REACHABLE_TIME_MS: 1587 ret = proc_dointvec_ms_jiffies(ctl, write, 1588 filp, buffer, lenp, ppos); 1589 break; 1590 default: 1591 ret = -1; 1592 } 1593 1594 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) { 1595 if (ctl->ctl_name == NET_NEIGH_REACHABLE_TIME || 1596 ctl->ctl_name == NET_NEIGH_REACHABLE_TIME_MS) 1597 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time); 1598 idev->tstamp = jiffies; 1599 inet6_ifinfo_notify(RTM_NEWLINK, idev); 1600 in6_dev_put(idev); 1601 } 1602 return ret; 1603 } 1604 1605 static int ndisc_ifinfo_sysctl_strategy(ctl_table *ctl, int __user *name, 1606 int nlen, void __user *oldval, 1607 size_t __user *oldlenp, 1608 void __user *newval, size_t newlen) 1609 { 1610 struct net_device *dev = ctl->extra1; 1611 struct inet6_dev *idev; 1612 int ret; 1613 1614 if (ctl->ctl_name == NET_NEIGH_RETRANS_TIME || 1615 ctl->ctl_name == NET_NEIGH_REACHABLE_TIME) 1616 ndisc_warn_deprecated_sysctl(ctl, "procfs", dev ? dev->name : "default"); 1617 1618 switch (ctl->ctl_name) { 1619 case NET_NEIGH_REACHABLE_TIME: 1620 ret = sysctl_jiffies(ctl, name, nlen, 1621 oldval, oldlenp, newval, newlen); 1622 break; 1623 case NET_NEIGH_RETRANS_TIME_MS: 1624 case NET_NEIGH_REACHABLE_TIME_MS: 1625 ret = sysctl_ms_jiffies(ctl, name, nlen, 1626 oldval, oldlenp, newval, newlen); 1627 break; 1628 default: 1629 ret = 0; 1630 } 1631 1632 if (newval && newlen && ret > 0 && 1633 dev && (idev = in6_dev_get(dev)) != NULL) { 1634 if (ctl->ctl_name == NET_NEIGH_REACHABLE_TIME || 1635 ctl->ctl_name == NET_NEIGH_REACHABLE_TIME_MS) 1636 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time); 1637 idev->tstamp = jiffies; 1638 inet6_ifinfo_notify(RTM_NEWLINK, idev); 1639 in6_dev_put(idev); 1640 } 1641 1642 return ret; 1643 } 1644 1645 #endif 1646 1647 int __init ndisc_init(struct net_proto_family *ops) 1648 { 1649 struct ipv6_pinfo *np; 1650 struct sock *sk; 1651 int err; 1652 1653 err = sock_create_kern(PF_INET6, SOCK_RAW, IPPROTO_ICMPV6, &ndisc_socket); 1654 if (err < 0) { 1655 ND_PRINTK0(KERN_ERR 1656 "ICMPv6 NDISC: Failed to initialize the control socket (err %d).\n", 1657 err); 1658 ndisc_socket = NULL; /* For safety. */ 1659 return err; 1660 } 1661 1662 sk = ndisc_socket->sk; 1663 np = inet6_sk(sk); 1664 sk->sk_allocation = GFP_ATOMIC; 1665 np->hop_limit = 255; 1666 /* Do not loopback ndisc messages */ 1667 np->mc_loop = 0; 1668 sk->sk_prot->unhash(sk); 1669 1670 /* 1671 * Initialize the neighbour table 1672 */ 1673 1674 neigh_table_init(&nd_tbl); 1675 1676 #ifdef CONFIG_SYSCTL 1677 neigh_sysctl_register(NULL, &nd_tbl.parms, NET_IPV6, NET_IPV6_NEIGH, 1678 "ipv6", 1679 &ndisc_ifinfo_sysctl_change, 1680 &ndisc_ifinfo_sysctl_strategy); 1681 #endif 1682 1683 register_netdevice_notifier(&ndisc_netdev_notifier); 1684 return 0; 1685 } 1686 1687 void ndisc_cleanup(void) 1688 { 1689 unregister_netdevice_notifier(&ndisc_netdev_notifier); 1690 #ifdef CONFIG_SYSCTL 1691 neigh_sysctl_unregister(&nd_tbl.parms); 1692 #endif 1693 neigh_table_clear(&nd_tbl); 1694 sock_release(ndisc_socket); 1695 ndisc_socket = NULL; /* For safety. */ 1696 } 1697