1 /* 2 * Neighbour Discovery for IPv6 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * Mike Shaver <shaver@ingenia.com> 8 * 9 * This program is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU General Public License 11 * as published by the Free Software Foundation; either version 12 * 2 of the License, or (at your option) any later version. 13 */ 14 15 /* 16 * Changes: 17 * 18 * Alexey I. Froloff : RFC6106 (DNSSL) support 19 * Pierre Ynard : export userland ND options 20 * through netlink (RDNSS support) 21 * Lars Fenneberg : fixed MTU setting on receipt 22 * of an RA. 23 * Janos Farkas : kmalloc failure checks 24 * Alexey Kuznetsov : state machine reworked 25 * and moved to net/core. 26 * Pekka Savola : RFC2461 validation 27 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly 28 */ 29 30 #define pr_fmt(fmt) "ICMPv6: " fmt 31 32 #include <linux/module.h> 33 #include <linux/errno.h> 34 #include <linux/types.h> 35 #include <linux/socket.h> 36 #include <linux/sockios.h> 37 #include <linux/sched.h> 38 #include <linux/net.h> 39 #include <linux/in6.h> 40 #include <linux/route.h> 41 #include <linux/init.h> 42 #include <linux/rcupdate.h> 43 #include <linux/slab.h> 44 #ifdef CONFIG_SYSCTL 45 #include <linux/sysctl.h> 46 #endif 47 48 #include <linux/if_addr.h> 49 #include <linux/if_arp.h> 50 #include <linux/ipv6.h> 51 #include <linux/icmpv6.h> 52 #include <linux/jhash.h> 53 54 #include <net/sock.h> 55 #include <net/snmp.h> 56 57 #include <net/ipv6.h> 58 #include <net/protocol.h> 59 #include <net/ndisc.h> 60 #include <net/ip6_route.h> 61 #include <net/addrconf.h> 62 #include <net/icmp.h> 63 64 #include <net/netlink.h> 65 #include <linux/rtnetlink.h> 66 67 #include <net/flow.h> 68 #include <net/ip6_checksum.h> 69 #include <net/inet_common.h> 70 #include <linux/proc_fs.h> 71 72 #include <linux/netfilter.h> 73 #include <linux/netfilter_ipv6.h> 74 75 /* Set to 3 to get tracing... */ 76 #define ND_DEBUG 1 77 78 #define ND_PRINTK(val, level, fmt, ...) \ 79 do { \ 80 if (val <= ND_DEBUG) \ 81 net_##level##_ratelimited(fmt, ##__VA_ARGS__); \ 82 } while (0) 83 84 static u32 ndisc_hash(const void *pkey, 85 const struct net_device *dev, 86 __u32 *hash_rnd); 87 static int ndisc_constructor(struct neighbour *neigh); 88 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb); 89 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb); 90 static int pndisc_constructor(struct pneigh_entry *n); 91 static void pndisc_destructor(struct pneigh_entry *n); 92 static void pndisc_redo(struct sk_buff *skb); 93 94 static const struct neigh_ops ndisc_generic_ops = { 95 .family = AF_INET6, 96 .solicit = ndisc_solicit, 97 .error_report = ndisc_error_report, 98 .output = neigh_resolve_output, 99 .connected_output = neigh_connected_output, 100 }; 101 102 static const struct neigh_ops ndisc_hh_ops = { 103 .family = AF_INET6, 104 .solicit = ndisc_solicit, 105 .error_report = ndisc_error_report, 106 .output = neigh_resolve_output, 107 .connected_output = neigh_resolve_output, 108 }; 109 110 111 static const struct neigh_ops ndisc_direct_ops = { 112 .family = AF_INET6, 113 .output = neigh_direct_output, 114 .connected_output = neigh_direct_output, 115 }; 116 117 struct neigh_table nd_tbl = { 118 .family = AF_INET6, 119 .key_len = sizeof(struct in6_addr), 120 .hash = ndisc_hash, 121 .constructor = ndisc_constructor, 122 .pconstructor = pndisc_constructor, 123 .pdestructor = pndisc_destructor, 124 .proxy_redo = pndisc_redo, 125 .id = "ndisc_cache", 126 .parms = { 127 .tbl = &nd_tbl, 128 .base_reachable_time = ND_REACHABLE_TIME, 129 .retrans_time = ND_RETRANS_TIMER, 130 .gc_staletime = 60 * HZ, 131 .reachable_time = ND_REACHABLE_TIME, 132 .delay_probe_time = 5 * HZ, 133 .queue_len_bytes = 64*1024, 134 .ucast_probes = 3, 135 .mcast_probes = 3, 136 .anycast_delay = 1 * HZ, 137 .proxy_delay = (8 * HZ) / 10, 138 .proxy_qlen = 64, 139 }, 140 .gc_interval = 30 * HZ, 141 .gc_thresh1 = 128, 142 .gc_thresh2 = 512, 143 .gc_thresh3 = 1024, 144 }; 145 146 static inline int ndisc_opt_addr_space(struct net_device *dev) 147 { 148 return NDISC_OPT_SPACE(dev->addr_len + ndisc_addr_option_pad(dev->type)); 149 } 150 151 static u8 *ndisc_fill_addr_option(u8 *opt, int type, void *data, int data_len, 152 unsigned short addr_type) 153 { 154 int space = NDISC_OPT_SPACE(data_len); 155 int pad = ndisc_addr_option_pad(addr_type); 156 157 opt[0] = type; 158 opt[1] = space>>3; 159 160 memset(opt + 2, 0, pad); 161 opt += pad; 162 space -= pad; 163 164 memcpy(opt+2, data, data_len); 165 data_len += 2; 166 opt += data_len; 167 if ((space -= data_len) > 0) 168 memset(opt, 0, space); 169 return opt + space; 170 } 171 172 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur, 173 struct nd_opt_hdr *end) 174 { 175 int type; 176 if (!cur || !end || cur >= end) 177 return NULL; 178 type = cur->nd_opt_type; 179 do { 180 cur = ((void *)cur) + (cur->nd_opt_len << 3); 181 } while(cur < end && cur->nd_opt_type != type); 182 return cur <= end && cur->nd_opt_type == type ? cur : NULL; 183 } 184 185 static inline int ndisc_is_useropt(struct nd_opt_hdr *opt) 186 { 187 return opt->nd_opt_type == ND_OPT_RDNSS || 188 opt->nd_opt_type == ND_OPT_DNSSL; 189 } 190 191 static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur, 192 struct nd_opt_hdr *end) 193 { 194 if (!cur || !end || cur >= end) 195 return NULL; 196 do { 197 cur = ((void *)cur) + (cur->nd_opt_len << 3); 198 } while(cur < end && !ndisc_is_useropt(cur)); 199 return cur <= end && ndisc_is_useropt(cur) ? cur : NULL; 200 } 201 202 struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len, 203 struct ndisc_options *ndopts) 204 { 205 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt; 206 207 if (!nd_opt || opt_len < 0 || !ndopts) 208 return NULL; 209 memset(ndopts, 0, sizeof(*ndopts)); 210 while (opt_len) { 211 int l; 212 if (opt_len < sizeof(struct nd_opt_hdr)) 213 return NULL; 214 l = nd_opt->nd_opt_len << 3; 215 if (opt_len < l || l == 0) 216 return NULL; 217 switch (nd_opt->nd_opt_type) { 218 case ND_OPT_SOURCE_LL_ADDR: 219 case ND_OPT_TARGET_LL_ADDR: 220 case ND_OPT_MTU: 221 case ND_OPT_REDIRECT_HDR: 222 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) { 223 ND_PRINTK(2, warn, 224 "%s: duplicated ND6 option found: type=%d\n", 225 __func__, nd_opt->nd_opt_type); 226 } else { 227 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 228 } 229 break; 230 case ND_OPT_PREFIX_INFO: 231 ndopts->nd_opts_pi_end = nd_opt; 232 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type]) 233 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 234 break; 235 #ifdef CONFIG_IPV6_ROUTE_INFO 236 case ND_OPT_ROUTE_INFO: 237 ndopts->nd_opts_ri_end = nd_opt; 238 if (!ndopts->nd_opts_ri) 239 ndopts->nd_opts_ri = nd_opt; 240 break; 241 #endif 242 default: 243 if (ndisc_is_useropt(nd_opt)) { 244 ndopts->nd_useropts_end = nd_opt; 245 if (!ndopts->nd_useropts) 246 ndopts->nd_useropts = nd_opt; 247 } else { 248 /* 249 * Unknown options must be silently ignored, 250 * to accommodate future extension to the 251 * protocol. 252 */ 253 ND_PRINTK(2, notice, 254 "%s: ignored unsupported option; type=%d, len=%d\n", 255 __func__, 256 nd_opt->nd_opt_type, 257 nd_opt->nd_opt_len); 258 } 259 } 260 opt_len -= l; 261 nd_opt = ((void *)nd_opt) + l; 262 } 263 return ndopts; 264 } 265 266 int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir) 267 { 268 switch (dev->type) { 269 case ARPHRD_ETHER: 270 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */ 271 case ARPHRD_FDDI: 272 ipv6_eth_mc_map(addr, buf); 273 return 0; 274 case ARPHRD_ARCNET: 275 ipv6_arcnet_mc_map(addr, buf); 276 return 0; 277 case ARPHRD_INFINIBAND: 278 ipv6_ib_mc_map(addr, dev->broadcast, buf); 279 return 0; 280 case ARPHRD_IPGRE: 281 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf); 282 default: 283 if (dir) { 284 memcpy(buf, dev->broadcast, dev->addr_len); 285 return 0; 286 } 287 } 288 return -EINVAL; 289 } 290 291 EXPORT_SYMBOL(ndisc_mc_map); 292 293 static u32 ndisc_hash(const void *pkey, 294 const struct net_device *dev, 295 __u32 *hash_rnd) 296 { 297 return ndisc_hashfn(pkey, dev, hash_rnd); 298 } 299 300 static int ndisc_constructor(struct neighbour *neigh) 301 { 302 struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key; 303 struct net_device *dev = neigh->dev; 304 struct inet6_dev *in6_dev; 305 struct neigh_parms *parms; 306 bool is_multicast = ipv6_addr_is_multicast(addr); 307 308 in6_dev = in6_dev_get(dev); 309 if (in6_dev == NULL) { 310 return -EINVAL; 311 } 312 313 parms = in6_dev->nd_parms; 314 __neigh_parms_put(neigh->parms); 315 neigh->parms = neigh_parms_clone(parms); 316 317 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST; 318 if (!dev->header_ops) { 319 neigh->nud_state = NUD_NOARP; 320 neigh->ops = &ndisc_direct_ops; 321 neigh->output = neigh_direct_output; 322 } else { 323 if (is_multicast) { 324 neigh->nud_state = NUD_NOARP; 325 ndisc_mc_map(addr, neigh->ha, dev, 1); 326 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) { 327 neigh->nud_state = NUD_NOARP; 328 memcpy(neigh->ha, dev->dev_addr, dev->addr_len); 329 if (dev->flags&IFF_LOOPBACK) 330 neigh->type = RTN_LOCAL; 331 } else if (dev->flags&IFF_POINTOPOINT) { 332 neigh->nud_state = NUD_NOARP; 333 memcpy(neigh->ha, dev->broadcast, dev->addr_len); 334 } 335 if (dev->header_ops->cache) 336 neigh->ops = &ndisc_hh_ops; 337 else 338 neigh->ops = &ndisc_generic_ops; 339 if (neigh->nud_state&NUD_VALID) 340 neigh->output = neigh->ops->connected_output; 341 else 342 neigh->output = neigh->ops->output; 343 } 344 in6_dev_put(in6_dev); 345 return 0; 346 } 347 348 static int pndisc_constructor(struct pneigh_entry *n) 349 { 350 struct in6_addr *addr = (struct in6_addr*)&n->key; 351 struct in6_addr maddr; 352 struct net_device *dev = n->dev; 353 354 if (dev == NULL || __in6_dev_get(dev) == NULL) 355 return -EINVAL; 356 addrconf_addr_solict_mult(addr, &maddr); 357 ipv6_dev_mc_inc(dev, &maddr); 358 return 0; 359 } 360 361 static void pndisc_destructor(struct pneigh_entry *n) 362 { 363 struct in6_addr *addr = (struct in6_addr*)&n->key; 364 struct in6_addr maddr; 365 struct net_device *dev = n->dev; 366 367 if (dev == NULL || __in6_dev_get(dev) == NULL) 368 return; 369 addrconf_addr_solict_mult(addr, &maddr); 370 ipv6_dev_mc_dec(dev, &maddr); 371 } 372 373 struct sk_buff *ndisc_build_skb(struct net_device *dev, 374 const struct in6_addr *daddr, 375 const struct in6_addr *saddr, 376 struct icmp6hdr *icmp6h, 377 const struct in6_addr *target, 378 int llinfo) 379 { 380 struct net *net = dev_net(dev); 381 struct sock *sk = net->ipv6.ndisc_sk; 382 struct sk_buff *skb; 383 struct icmp6hdr *hdr; 384 int hlen = LL_RESERVED_SPACE(dev); 385 int tlen = dev->needed_tailroom; 386 int len; 387 int err; 388 u8 *opt; 389 390 if (!dev->addr_len) 391 llinfo = 0; 392 393 len = sizeof(struct icmp6hdr) + (target ? sizeof(*target) : 0); 394 if (llinfo) 395 len += ndisc_opt_addr_space(dev); 396 397 skb = sock_alloc_send_skb(sk, 398 (MAX_HEADER + sizeof(struct ipv6hdr) + 399 len + hlen + tlen), 400 1, &err); 401 if (!skb) { 402 ND_PRINTK(0, err, "ND: %s failed to allocate an skb, err=%d\n", 403 __func__, err); 404 return NULL; 405 } 406 407 skb_reserve(skb, hlen); 408 ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len); 409 410 skb->transport_header = skb->tail; 411 skb_put(skb, len); 412 413 hdr = (struct icmp6hdr *)skb_transport_header(skb); 414 memcpy(hdr, icmp6h, sizeof(*hdr)); 415 416 opt = skb_transport_header(skb) + sizeof(struct icmp6hdr); 417 if (target) { 418 *(struct in6_addr *)opt = *target; 419 opt += sizeof(*target); 420 } 421 422 if (llinfo) 423 ndisc_fill_addr_option(opt, llinfo, dev->dev_addr, 424 dev->addr_len, dev->type); 425 426 hdr->icmp6_cksum = csum_ipv6_magic(saddr, daddr, len, 427 IPPROTO_ICMPV6, 428 csum_partial(hdr, 429 len, 0)); 430 431 return skb; 432 } 433 434 EXPORT_SYMBOL(ndisc_build_skb); 435 436 void ndisc_send_skb(struct sk_buff *skb, 437 struct net_device *dev, 438 struct neighbour *neigh, 439 const struct in6_addr *daddr, 440 const struct in6_addr *saddr, 441 struct icmp6hdr *icmp6h) 442 { 443 struct flowi6 fl6; 444 struct dst_entry *dst; 445 struct net *net = dev_net(dev); 446 struct sock *sk = net->ipv6.ndisc_sk; 447 struct inet6_dev *idev; 448 int err; 449 u8 type; 450 451 type = icmp6h->icmp6_type; 452 453 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, dev->ifindex); 454 dst = icmp6_dst_alloc(dev, neigh, &fl6); 455 if (IS_ERR(dst)) { 456 kfree_skb(skb); 457 return; 458 } 459 460 skb_dst_set(skb, dst); 461 462 rcu_read_lock(); 463 idev = __in6_dev_get(dst->dev); 464 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len); 465 466 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev, 467 dst_output); 468 if (!err) { 469 ICMP6MSGOUT_INC_STATS(net, idev, type); 470 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS); 471 } 472 473 rcu_read_unlock(); 474 } 475 476 EXPORT_SYMBOL(ndisc_send_skb); 477 478 /* 479 * Send a Neighbour Discover packet 480 */ 481 static void __ndisc_send(struct net_device *dev, 482 struct neighbour *neigh, 483 const struct in6_addr *daddr, 484 const struct in6_addr *saddr, 485 struct icmp6hdr *icmp6h, const struct in6_addr *target, 486 int llinfo) 487 { 488 struct sk_buff *skb; 489 490 skb = ndisc_build_skb(dev, daddr, saddr, icmp6h, target, llinfo); 491 if (!skb) 492 return; 493 494 ndisc_send_skb(skb, dev, neigh, daddr, saddr, icmp6h); 495 } 496 497 static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh, 498 const struct in6_addr *daddr, 499 const struct in6_addr *solicited_addr, 500 int router, int solicited, int override, int inc_opt) 501 { 502 struct in6_addr tmpaddr; 503 struct inet6_ifaddr *ifp; 504 const struct in6_addr *src_addr; 505 struct icmp6hdr icmp6h = { 506 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT, 507 }; 508 509 /* for anycast or proxy, solicited_addr != src_addr */ 510 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1); 511 if (ifp) { 512 src_addr = solicited_addr; 513 if (ifp->flags & IFA_F_OPTIMISTIC) 514 override = 0; 515 inc_opt |= ifp->idev->cnf.force_tllao; 516 in6_ifa_put(ifp); 517 } else { 518 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr, 519 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs, 520 &tmpaddr)) 521 return; 522 src_addr = &tmpaddr; 523 } 524 525 icmp6h.icmp6_router = router; 526 icmp6h.icmp6_solicited = solicited; 527 icmp6h.icmp6_override = override; 528 529 __ndisc_send(dev, neigh, daddr, src_addr, 530 &icmp6h, solicited_addr, 531 inc_opt ? ND_OPT_TARGET_LL_ADDR : 0); 532 } 533 534 static void ndisc_send_unsol_na(struct net_device *dev) 535 { 536 struct inet6_dev *idev; 537 struct inet6_ifaddr *ifa; 538 struct in6_addr mcaddr = IN6ADDR_LINKLOCAL_ALLNODES_INIT; 539 540 idev = in6_dev_get(dev); 541 if (!idev) 542 return; 543 544 read_lock_bh(&idev->lock); 545 list_for_each_entry(ifa, &idev->addr_list, if_list) { 546 ndisc_send_na(dev, NULL, &mcaddr, &ifa->addr, 547 /*router=*/ !!idev->cnf.forwarding, 548 /*solicited=*/ false, /*override=*/ true, 549 /*inc_opt=*/ true); 550 } 551 read_unlock_bh(&idev->lock); 552 553 in6_dev_put(idev); 554 } 555 556 void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh, 557 const struct in6_addr *solicit, 558 const struct in6_addr *daddr, const struct in6_addr *saddr) 559 { 560 struct in6_addr addr_buf; 561 struct icmp6hdr icmp6h = { 562 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION, 563 }; 564 565 if (saddr == NULL) { 566 if (ipv6_get_lladdr(dev, &addr_buf, 567 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))) 568 return; 569 saddr = &addr_buf; 570 } 571 572 __ndisc_send(dev, neigh, daddr, saddr, 573 &icmp6h, solicit, 574 !ipv6_addr_any(saddr) ? ND_OPT_SOURCE_LL_ADDR : 0); 575 } 576 577 void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr, 578 const struct in6_addr *daddr) 579 { 580 struct icmp6hdr icmp6h = { 581 .icmp6_type = NDISC_ROUTER_SOLICITATION, 582 }; 583 int send_sllao = dev->addr_len; 584 585 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD 586 /* 587 * According to section 2.2 of RFC 4429, we must not 588 * send router solicitations with a sllao from 589 * optimistic addresses, but we may send the solicitation 590 * if we don't include the sllao. So here we check 591 * if our address is optimistic, and if so, we 592 * suppress the inclusion of the sllao. 593 */ 594 if (send_sllao) { 595 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr, 596 dev, 1); 597 if (ifp) { 598 if (ifp->flags & IFA_F_OPTIMISTIC) { 599 send_sllao = 0; 600 } 601 in6_ifa_put(ifp); 602 } else { 603 send_sllao = 0; 604 } 605 } 606 #endif 607 __ndisc_send(dev, NULL, daddr, saddr, 608 &icmp6h, NULL, 609 send_sllao ? ND_OPT_SOURCE_LL_ADDR : 0); 610 } 611 612 613 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb) 614 { 615 /* 616 * "The sender MUST return an ICMP 617 * destination unreachable" 618 */ 619 dst_link_failure(skb); 620 kfree_skb(skb); 621 } 622 623 /* Called with locked neigh: either read or both */ 624 625 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb) 626 { 627 struct in6_addr *saddr = NULL; 628 struct in6_addr mcaddr; 629 struct net_device *dev = neigh->dev; 630 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key; 631 int probes = atomic_read(&neigh->probes); 632 633 if (skb && ipv6_chk_addr(dev_net(dev), &ipv6_hdr(skb)->saddr, dev, 1)) 634 saddr = &ipv6_hdr(skb)->saddr; 635 636 if ((probes -= neigh->parms->ucast_probes) < 0) { 637 if (!(neigh->nud_state & NUD_VALID)) { 638 ND_PRINTK(1, dbg, 639 "%s: trying to ucast probe in NUD_INVALID: %pI6\n", 640 __func__, target); 641 } 642 ndisc_send_ns(dev, neigh, target, target, saddr); 643 } else if ((probes -= neigh->parms->app_probes) < 0) { 644 #ifdef CONFIG_ARPD 645 neigh_app_ns(neigh); 646 #endif 647 } else { 648 addrconf_addr_solict_mult(target, &mcaddr); 649 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr); 650 } 651 } 652 653 static int pndisc_is_router(const void *pkey, 654 struct net_device *dev) 655 { 656 struct pneigh_entry *n; 657 int ret = -1; 658 659 read_lock_bh(&nd_tbl.lock); 660 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev); 661 if (n) 662 ret = !!(n->flags & NTF_ROUTER); 663 read_unlock_bh(&nd_tbl.lock); 664 665 return ret; 666 } 667 668 static void ndisc_recv_ns(struct sk_buff *skb) 669 { 670 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb); 671 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 672 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr; 673 u8 *lladdr = NULL; 674 u32 ndoptlen = skb->tail - (skb->transport_header + 675 offsetof(struct nd_msg, opt)); 676 struct ndisc_options ndopts; 677 struct net_device *dev = skb->dev; 678 struct inet6_ifaddr *ifp; 679 struct inet6_dev *idev = NULL; 680 struct neighbour *neigh; 681 int dad = ipv6_addr_any(saddr); 682 bool inc; 683 int is_router = -1; 684 685 if (ipv6_addr_is_multicast(&msg->target)) { 686 ND_PRINTK(2, warn, "NS: multicast target address\n"); 687 return; 688 } 689 690 /* 691 * RFC2461 7.1.1: 692 * DAD has to be destined for solicited node multicast address. 693 */ 694 if (dad && 695 !(daddr->s6_addr32[0] == htonl(0xff020000) && 696 daddr->s6_addr32[1] == htonl(0x00000000) && 697 daddr->s6_addr32[2] == htonl(0x00000001) && 698 daddr->s6_addr [12] == 0xff )) { 699 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n"); 700 return; 701 } 702 703 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) { 704 ND_PRINTK(2, warn, "NS: invalid ND options\n"); 705 return; 706 } 707 708 if (ndopts.nd_opts_src_lladdr) { 709 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev); 710 if (!lladdr) { 711 ND_PRINTK(2, warn, 712 "NS: invalid link-layer address length\n"); 713 return; 714 } 715 716 /* RFC2461 7.1.1: 717 * If the IP source address is the unspecified address, 718 * there MUST NOT be source link-layer address option 719 * in the message. 720 */ 721 if (dad) { 722 ND_PRINTK(2, warn, 723 "NS: bad DAD packet (link-layer address option)\n"); 724 return; 725 } 726 } 727 728 inc = ipv6_addr_is_multicast(daddr); 729 730 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1); 731 if (ifp) { 732 733 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) { 734 if (dad) { 735 /* 736 * We are colliding with another node 737 * who is doing DAD 738 * so fail our DAD process 739 */ 740 addrconf_dad_failure(ifp); 741 return; 742 } else { 743 /* 744 * This is not a dad solicitation. 745 * If we are an optimistic node, 746 * we should respond. 747 * Otherwise, we should ignore it. 748 */ 749 if (!(ifp->flags & IFA_F_OPTIMISTIC)) 750 goto out; 751 } 752 } 753 754 idev = ifp->idev; 755 } else { 756 struct net *net = dev_net(dev); 757 758 idev = in6_dev_get(dev); 759 if (!idev) { 760 /* XXX: count this drop? */ 761 return; 762 } 763 764 if (ipv6_chk_acast_addr(net, dev, &msg->target) || 765 (idev->cnf.forwarding && 766 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) && 767 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) { 768 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) && 769 skb->pkt_type != PACKET_HOST && 770 inc != 0 && 771 idev->nd_parms->proxy_delay != 0) { 772 /* 773 * for anycast or proxy, 774 * sender should delay its response 775 * by a random time between 0 and 776 * MAX_ANYCAST_DELAY_TIME seconds. 777 * (RFC2461) -- yoshfuji 778 */ 779 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC); 780 if (n) 781 pneigh_enqueue(&nd_tbl, idev->nd_parms, n); 782 goto out; 783 } 784 } else 785 goto out; 786 } 787 788 if (is_router < 0) 789 is_router = !!idev->cnf.forwarding; 790 791 if (dad) { 792 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &msg->target, 793 is_router, 0, (ifp != NULL), 1); 794 goto out; 795 } 796 797 if (inc) 798 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast); 799 else 800 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast); 801 802 /* 803 * update / create cache entry 804 * for the source address 805 */ 806 neigh = __neigh_lookup(&nd_tbl, saddr, dev, 807 !inc || lladdr || !dev->addr_len); 808 if (neigh) 809 neigh_update(neigh, lladdr, NUD_STALE, 810 NEIGH_UPDATE_F_WEAK_OVERRIDE| 811 NEIGH_UPDATE_F_OVERRIDE); 812 if (neigh || !dev->header_ops) { 813 ndisc_send_na(dev, neigh, saddr, &msg->target, 814 is_router, 815 1, (ifp != NULL && inc), inc); 816 if (neigh) 817 neigh_release(neigh); 818 } 819 820 out: 821 if (ifp) 822 in6_ifa_put(ifp); 823 else 824 in6_dev_put(idev); 825 } 826 827 static void ndisc_recv_na(struct sk_buff *skb) 828 { 829 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb); 830 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 831 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr; 832 u8 *lladdr = NULL; 833 u32 ndoptlen = skb->tail - (skb->transport_header + 834 offsetof(struct nd_msg, opt)); 835 struct ndisc_options ndopts; 836 struct net_device *dev = skb->dev; 837 struct inet6_ifaddr *ifp; 838 struct neighbour *neigh; 839 840 if (skb->len < sizeof(struct nd_msg)) { 841 ND_PRINTK(2, warn, "NA: packet too short\n"); 842 return; 843 } 844 845 if (ipv6_addr_is_multicast(&msg->target)) { 846 ND_PRINTK(2, warn, "NA: target address is multicast\n"); 847 return; 848 } 849 850 if (ipv6_addr_is_multicast(daddr) && 851 msg->icmph.icmp6_solicited) { 852 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n"); 853 return; 854 } 855 856 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) { 857 ND_PRINTK(2, warn, "NS: invalid ND option\n"); 858 return; 859 } 860 if (ndopts.nd_opts_tgt_lladdr) { 861 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev); 862 if (!lladdr) { 863 ND_PRINTK(2, warn, 864 "NA: invalid link-layer address length\n"); 865 return; 866 } 867 } 868 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1); 869 if (ifp) { 870 if (skb->pkt_type != PACKET_LOOPBACK 871 && (ifp->flags & IFA_F_TENTATIVE)) { 872 addrconf_dad_failure(ifp); 873 return; 874 } 875 /* What should we make now? The advertisement 876 is invalid, but ndisc specs say nothing 877 about it. It could be misconfiguration, or 878 an smart proxy agent tries to help us :-) 879 880 We should not print the error if NA has been 881 received from loopback - it is just our own 882 unsolicited advertisement. 883 */ 884 if (skb->pkt_type != PACKET_LOOPBACK) 885 ND_PRINTK(1, warn, 886 "NA: someone advertises our address %pI6 on %s!\n", 887 &ifp->addr, ifp->idev->dev->name); 888 in6_ifa_put(ifp); 889 return; 890 } 891 neigh = neigh_lookup(&nd_tbl, &msg->target, dev); 892 893 if (neigh) { 894 u8 old_flags = neigh->flags; 895 struct net *net = dev_net(dev); 896 897 if (neigh->nud_state & NUD_FAILED) 898 goto out; 899 900 /* 901 * Don't update the neighbor cache entry on a proxy NA from 902 * ourselves because either the proxied node is off link or it 903 * has already sent a NA to us. 904 */ 905 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) && 906 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp && 907 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) { 908 /* XXX: idev->cnf.prixy_ndp */ 909 goto out; 910 } 911 912 neigh_update(neigh, lladdr, 913 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE, 914 NEIGH_UPDATE_F_WEAK_OVERRIDE| 915 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)| 916 NEIGH_UPDATE_F_OVERRIDE_ISROUTER| 917 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0)); 918 919 if ((old_flags & ~neigh->flags) & NTF_ROUTER) { 920 /* 921 * Change: router to host 922 */ 923 struct rt6_info *rt; 924 rt = rt6_get_dflt_router(saddr, dev); 925 if (rt) 926 ip6_del_rt(rt); 927 } 928 929 out: 930 neigh_release(neigh); 931 } 932 } 933 934 static void ndisc_recv_rs(struct sk_buff *skb) 935 { 936 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb); 937 unsigned long ndoptlen = skb->len - sizeof(*rs_msg); 938 struct neighbour *neigh; 939 struct inet6_dev *idev; 940 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 941 struct ndisc_options ndopts; 942 u8 *lladdr = NULL; 943 944 if (skb->len < sizeof(*rs_msg)) 945 return; 946 947 idev = __in6_dev_get(skb->dev); 948 if (!idev) { 949 ND_PRINTK(1, err, "RS: can't find in6 device\n"); 950 return; 951 } 952 953 /* Don't accept RS if we're not in router mode */ 954 if (!idev->cnf.forwarding) 955 goto out; 956 957 /* 958 * Don't update NCE if src = ::; 959 * this implies that the source node has no ip address assigned yet. 960 */ 961 if (ipv6_addr_any(saddr)) 962 goto out; 963 964 /* Parse ND options */ 965 if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) { 966 ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n"); 967 goto out; 968 } 969 970 if (ndopts.nd_opts_src_lladdr) { 971 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, 972 skb->dev); 973 if (!lladdr) 974 goto out; 975 } 976 977 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1); 978 if (neigh) { 979 neigh_update(neigh, lladdr, NUD_STALE, 980 NEIGH_UPDATE_F_WEAK_OVERRIDE| 981 NEIGH_UPDATE_F_OVERRIDE| 982 NEIGH_UPDATE_F_OVERRIDE_ISROUTER); 983 neigh_release(neigh); 984 } 985 out: 986 return; 987 } 988 989 static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt) 990 { 991 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra); 992 struct sk_buff *skb; 993 struct nlmsghdr *nlh; 994 struct nduseroptmsg *ndmsg; 995 struct net *net = dev_net(ra->dev); 996 int err; 997 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg) 998 + (opt->nd_opt_len << 3)); 999 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr)); 1000 1001 skb = nlmsg_new(msg_size, GFP_ATOMIC); 1002 if (skb == NULL) { 1003 err = -ENOBUFS; 1004 goto errout; 1005 } 1006 1007 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0); 1008 if (nlh == NULL) { 1009 goto nla_put_failure; 1010 } 1011 1012 ndmsg = nlmsg_data(nlh); 1013 ndmsg->nduseropt_family = AF_INET6; 1014 ndmsg->nduseropt_ifindex = ra->dev->ifindex; 1015 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type; 1016 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code; 1017 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3; 1018 1019 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3); 1020 1021 if (nla_put(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr), 1022 &ipv6_hdr(ra)->saddr)) 1023 goto nla_put_failure; 1024 nlmsg_end(skb, nlh); 1025 1026 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC); 1027 return; 1028 1029 nla_put_failure: 1030 nlmsg_free(skb); 1031 err = -EMSGSIZE; 1032 errout: 1033 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err); 1034 } 1035 1036 static inline int accept_ra(struct inet6_dev *in6_dev) 1037 { 1038 /* 1039 * If forwarding is enabled, RA are not accepted unless the special 1040 * hybrid mode (accept_ra=2) is enabled. 1041 */ 1042 if (in6_dev->cnf.forwarding && in6_dev->cnf.accept_ra < 2) 1043 return 0; 1044 1045 return in6_dev->cnf.accept_ra; 1046 } 1047 1048 static void ndisc_router_discovery(struct sk_buff *skb) 1049 { 1050 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb); 1051 struct neighbour *neigh = NULL; 1052 struct inet6_dev *in6_dev; 1053 struct rt6_info *rt = NULL; 1054 int lifetime; 1055 struct ndisc_options ndopts; 1056 int optlen; 1057 unsigned int pref = 0; 1058 1059 __u8 * opt = (__u8 *)(ra_msg + 1); 1060 1061 optlen = (skb->tail - skb->transport_header) - sizeof(struct ra_msg); 1062 1063 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) { 1064 ND_PRINTK(2, warn, "RA: source address is not link-local\n"); 1065 return; 1066 } 1067 if (optlen < 0) { 1068 ND_PRINTK(2, warn, "RA: packet too short\n"); 1069 return; 1070 } 1071 1072 #ifdef CONFIG_IPV6_NDISC_NODETYPE 1073 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) { 1074 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n"); 1075 return; 1076 } 1077 #endif 1078 1079 /* 1080 * set the RA_RECV flag in the interface 1081 */ 1082 1083 in6_dev = __in6_dev_get(skb->dev); 1084 if (in6_dev == NULL) { 1085 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n", 1086 skb->dev->name); 1087 return; 1088 } 1089 1090 if (!ndisc_parse_options(opt, optlen, &ndopts)) { 1091 ND_PRINTK(2, warn, "RA: invalid ND options\n"); 1092 return; 1093 } 1094 1095 if (!accept_ra(in6_dev)) 1096 goto skip_linkparms; 1097 1098 #ifdef CONFIG_IPV6_NDISC_NODETYPE 1099 /* skip link-specific parameters from interior routers */ 1100 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) 1101 goto skip_linkparms; 1102 #endif 1103 1104 if (in6_dev->if_flags & IF_RS_SENT) { 1105 /* 1106 * flag that an RA was received after an RS was sent 1107 * out on this interface. 1108 */ 1109 in6_dev->if_flags |= IF_RA_RCVD; 1110 } 1111 1112 /* 1113 * Remember the managed/otherconf flags from most recently 1114 * received RA message (RFC 2462) -- yoshfuji 1115 */ 1116 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED | 1117 IF_RA_OTHERCONF)) | 1118 (ra_msg->icmph.icmp6_addrconf_managed ? 1119 IF_RA_MANAGED : 0) | 1120 (ra_msg->icmph.icmp6_addrconf_other ? 1121 IF_RA_OTHERCONF : 0); 1122 1123 if (!in6_dev->cnf.accept_ra_defrtr) 1124 goto skip_defrtr; 1125 1126 if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0)) 1127 goto skip_defrtr; 1128 1129 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime); 1130 1131 #ifdef CONFIG_IPV6_ROUTER_PREF 1132 pref = ra_msg->icmph.icmp6_router_pref; 1133 /* 10b is handled as if it were 00b (medium) */ 1134 if (pref == ICMPV6_ROUTER_PREF_INVALID || 1135 !in6_dev->cnf.accept_ra_rtr_pref) 1136 pref = ICMPV6_ROUTER_PREF_MEDIUM; 1137 #endif 1138 1139 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev); 1140 1141 if (rt) { 1142 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr); 1143 if (!neigh) { 1144 ND_PRINTK(0, err, 1145 "RA: %s got default router without neighbour\n", 1146 __func__); 1147 dst_release(&rt->dst); 1148 return; 1149 } 1150 } 1151 if (rt && lifetime == 0) { 1152 ip6_del_rt(rt); 1153 rt = NULL; 1154 } 1155 1156 if (rt == NULL && lifetime) { 1157 ND_PRINTK(3, dbg, "RA: adding default router\n"); 1158 1159 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref); 1160 if (rt == NULL) { 1161 ND_PRINTK(0, err, 1162 "RA: %s failed to add default route\n", 1163 __func__); 1164 return; 1165 } 1166 1167 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr); 1168 if (neigh == NULL) { 1169 ND_PRINTK(0, err, 1170 "RA: %s got default router without neighbour\n", 1171 __func__); 1172 dst_release(&rt->dst); 1173 return; 1174 } 1175 neigh->flags |= NTF_ROUTER; 1176 } else if (rt) { 1177 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref); 1178 } 1179 1180 if (rt) 1181 rt6_set_expires(rt, jiffies + (HZ * lifetime)); 1182 if (ra_msg->icmph.icmp6_hop_limit) { 1183 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit; 1184 if (rt) 1185 dst_metric_set(&rt->dst, RTAX_HOPLIMIT, 1186 ra_msg->icmph.icmp6_hop_limit); 1187 } 1188 1189 skip_defrtr: 1190 1191 /* 1192 * Update Reachable Time and Retrans Timer 1193 */ 1194 1195 if (in6_dev->nd_parms) { 1196 unsigned long rtime = ntohl(ra_msg->retrans_timer); 1197 1198 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) { 1199 rtime = (rtime*HZ)/1000; 1200 if (rtime < HZ/10) 1201 rtime = HZ/10; 1202 in6_dev->nd_parms->retrans_time = rtime; 1203 in6_dev->tstamp = jiffies; 1204 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev); 1205 } 1206 1207 rtime = ntohl(ra_msg->reachable_time); 1208 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) { 1209 rtime = (rtime*HZ)/1000; 1210 1211 if (rtime < HZ/10) 1212 rtime = HZ/10; 1213 1214 if (rtime != in6_dev->nd_parms->base_reachable_time) { 1215 in6_dev->nd_parms->base_reachable_time = rtime; 1216 in6_dev->nd_parms->gc_staletime = 3 * rtime; 1217 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime); 1218 in6_dev->tstamp = jiffies; 1219 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev); 1220 } 1221 } 1222 } 1223 1224 skip_linkparms: 1225 1226 /* 1227 * Process options. 1228 */ 1229 1230 if (!neigh) 1231 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr, 1232 skb->dev, 1); 1233 if (neigh) { 1234 u8 *lladdr = NULL; 1235 if (ndopts.nd_opts_src_lladdr) { 1236 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, 1237 skb->dev); 1238 if (!lladdr) { 1239 ND_PRINTK(2, warn, 1240 "RA: invalid link-layer address length\n"); 1241 goto out; 1242 } 1243 } 1244 neigh_update(neigh, lladdr, NUD_STALE, 1245 NEIGH_UPDATE_F_WEAK_OVERRIDE| 1246 NEIGH_UPDATE_F_OVERRIDE| 1247 NEIGH_UPDATE_F_OVERRIDE_ISROUTER| 1248 NEIGH_UPDATE_F_ISROUTER); 1249 } 1250 1251 if (!accept_ra(in6_dev)) 1252 goto out; 1253 1254 #ifdef CONFIG_IPV6_ROUTE_INFO 1255 if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0)) 1256 goto skip_routeinfo; 1257 1258 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) { 1259 struct nd_opt_hdr *p; 1260 for (p = ndopts.nd_opts_ri; 1261 p; 1262 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) { 1263 struct route_info *ri = (struct route_info *)p; 1264 #ifdef CONFIG_IPV6_NDISC_NODETYPE 1265 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT && 1266 ri->prefix_len == 0) 1267 continue; 1268 #endif 1269 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen) 1270 continue; 1271 rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3, 1272 &ipv6_hdr(skb)->saddr); 1273 } 1274 } 1275 1276 skip_routeinfo: 1277 #endif 1278 1279 #ifdef CONFIG_IPV6_NDISC_NODETYPE 1280 /* skip link-specific ndopts from interior routers */ 1281 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) 1282 goto out; 1283 #endif 1284 1285 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) { 1286 struct nd_opt_hdr *p; 1287 for (p = ndopts.nd_opts_pi; 1288 p; 1289 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) { 1290 addrconf_prefix_rcv(skb->dev, (u8 *)p, 1291 (p->nd_opt_len) << 3, 1292 ndopts.nd_opts_src_lladdr != NULL); 1293 } 1294 } 1295 1296 if (ndopts.nd_opts_mtu) { 1297 __be32 n; 1298 u32 mtu; 1299 1300 memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu)); 1301 mtu = ntohl(n); 1302 1303 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) { 1304 ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu); 1305 } else if (in6_dev->cnf.mtu6 != mtu) { 1306 in6_dev->cnf.mtu6 = mtu; 1307 1308 if (rt) 1309 dst_metric_set(&rt->dst, RTAX_MTU, mtu); 1310 1311 rt6_mtu_change(skb->dev, mtu); 1312 } 1313 } 1314 1315 if (ndopts.nd_useropts) { 1316 struct nd_opt_hdr *p; 1317 for (p = ndopts.nd_useropts; 1318 p; 1319 p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) { 1320 ndisc_ra_useropt(skb, p); 1321 } 1322 } 1323 1324 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) { 1325 ND_PRINTK(2, warn, "RA: invalid RA options\n"); 1326 } 1327 out: 1328 if (rt) 1329 dst_release(&rt->dst); 1330 if (neigh) 1331 neigh_release(neigh); 1332 } 1333 1334 static void ndisc_redirect_rcv(struct sk_buff *skb) 1335 { 1336 #ifdef CONFIG_IPV6_NDISC_NODETYPE 1337 switch (skb->ndisc_nodetype) { 1338 case NDISC_NODETYPE_HOST: 1339 case NDISC_NODETYPE_NODEFAULT: 1340 ND_PRINTK(2, warn, 1341 "Redirect: from host or unauthorized router\n"); 1342 return; 1343 } 1344 #endif 1345 1346 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) { 1347 ND_PRINTK(2, warn, 1348 "Redirect: source address is not link-local\n"); 1349 return; 1350 } 1351 1352 icmpv6_notify(skb, NDISC_REDIRECT, 0, 0); 1353 } 1354 1355 void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target) 1356 { 1357 struct net_device *dev = skb->dev; 1358 struct net *net = dev_net(dev); 1359 struct sock *sk = net->ipv6.ndisc_sk; 1360 int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr); 1361 struct inet_peer *peer; 1362 struct sk_buff *buff; 1363 struct icmp6hdr *icmph; 1364 struct in6_addr saddr_buf; 1365 struct in6_addr *addrp; 1366 struct rt6_info *rt; 1367 struct dst_entry *dst; 1368 struct inet6_dev *idev; 1369 struct flowi6 fl6; 1370 u8 *opt; 1371 int hlen, tlen; 1372 int rd_len; 1373 int err; 1374 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL; 1375 bool ret; 1376 1377 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) { 1378 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n", 1379 dev->name); 1380 return; 1381 } 1382 1383 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) && 1384 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) { 1385 ND_PRINTK(2, warn, 1386 "Redirect: target address is not link-local unicast\n"); 1387 return; 1388 } 1389 1390 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT, 1391 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex); 1392 1393 dst = ip6_route_output(net, NULL, &fl6); 1394 if (dst->error) { 1395 dst_release(dst); 1396 return; 1397 } 1398 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0); 1399 if (IS_ERR(dst)) 1400 return; 1401 1402 rt = (struct rt6_info *) dst; 1403 1404 if (rt->rt6i_flags & RTF_GATEWAY) { 1405 ND_PRINTK(2, warn, 1406 "Redirect: destination is not a neighbour\n"); 1407 goto release; 1408 } 1409 peer = inet_getpeer_v6(net->ipv6.peers, &rt->rt6i_dst.addr, 1); 1410 ret = inet_peer_xrlim_allow(peer, 1*HZ); 1411 if (peer) 1412 inet_putpeer(peer); 1413 if (!ret) 1414 goto release; 1415 1416 if (dev->addr_len) { 1417 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target); 1418 if (!neigh) { 1419 ND_PRINTK(2, warn, 1420 "Redirect: no neigh for target address\n"); 1421 goto release; 1422 } 1423 1424 read_lock_bh(&neigh->lock); 1425 if (neigh->nud_state & NUD_VALID) { 1426 memcpy(ha_buf, neigh->ha, dev->addr_len); 1427 read_unlock_bh(&neigh->lock); 1428 ha = ha_buf; 1429 len += ndisc_opt_addr_space(dev); 1430 } else 1431 read_unlock_bh(&neigh->lock); 1432 1433 neigh_release(neigh); 1434 } 1435 1436 rd_len = min_t(unsigned int, 1437 IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8); 1438 rd_len &= ~0x7; 1439 len += rd_len; 1440 1441 hlen = LL_RESERVED_SPACE(dev); 1442 tlen = dev->needed_tailroom; 1443 buff = sock_alloc_send_skb(sk, 1444 (MAX_HEADER + sizeof(struct ipv6hdr) + 1445 len + hlen + tlen), 1446 1, &err); 1447 if (buff == NULL) { 1448 ND_PRINTK(0, err, 1449 "Redirect: %s failed to allocate an skb, err=%d\n", 1450 __func__, err); 1451 goto release; 1452 } 1453 1454 skb_reserve(buff, hlen); 1455 ip6_nd_hdr(sk, buff, dev, &saddr_buf, &ipv6_hdr(skb)->saddr, 1456 IPPROTO_ICMPV6, len); 1457 1458 skb_set_transport_header(buff, skb_tail_pointer(buff) - buff->data); 1459 skb_put(buff, len); 1460 icmph = icmp6_hdr(buff); 1461 1462 memset(icmph, 0, sizeof(struct icmp6hdr)); 1463 icmph->icmp6_type = NDISC_REDIRECT; 1464 1465 /* 1466 * copy target and destination addresses 1467 */ 1468 1469 addrp = (struct in6_addr *)(icmph + 1); 1470 *addrp = *target; 1471 addrp++; 1472 *addrp = ipv6_hdr(skb)->daddr; 1473 1474 opt = (u8*) (addrp + 1); 1475 1476 /* 1477 * include target_address option 1478 */ 1479 1480 if (ha) 1481 opt = ndisc_fill_addr_option(opt, ND_OPT_TARGET_LL_ADDR, ha, 1482 dev->addr_len, dev->type); 1483 1484 /* 1485 * build redirect option and copy skb over to the new packet. 1486 */ 1487 1488 memset(opt, 0, 8); 1489 *(opt++) = ND_OPT_REDIRECT_HDR; 1490 *(opt++) = (rd_len >> 3); 1491 opt += 6; 1492 1493 memcpy(opt, ipv6_hdr(skb), rd_len - 8); 1494 1495 icmph->icmp6_cksum = csum_ipv6_magic(&saddr_buf, &ipv6_hdr(skb)->saddr, 1496 len, IPPROTO_ICMPV6, 1497 csum_partial(icmph, len, 0)); 1498 1499 skb_dst_set(buff, dst); 1500 rcu_read_lock(); 1501 idev = __in6_dev_get(dst->dev); 1502 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len); 1503 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, buff, NULL, dst->dev, 1504 dst_output); 1505 if (!err) { 1506 ICMP6MSGOUT_INC_STATS(net, idev, NDISC_REDIRECT); 1507 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS); 1508 } 1509 1510 rcu_read_unlock(); 1511 return; 1512 1513 release: 1514 dst_release(dst); 1515 } 1516 1517 static void pndisc_redo(struct sk_buff *skb) 1518 { 1519 ndisc_recv_ns(skb); 1520 kfree_skb(skb); 1521 } 1522 1523 int ndisc_rcv(struct sk_buff *skb) 1524 { 1525 struct nd_msg *msg; 1526 1527 if (!pskb_may_pull(skb, skb->len)) 1528 return 0; 1529 1530 msg = (struct nd_msg *)skb_transport_header(skb); 1531 1532 __skb_push(skb, skb->data - skb_transport_header(skb)); 1533 1534 if (ipv6_hdr(skb)->hop_limit != 255) { 1535 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n", 1536 ipv6_hdr(skb)->hop_limit); 1537 return 0; 1538 } 1539 1540 if (msg->icmph.icmp6_code != 0) { 1541 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n", 1542 msg->icmph.icmp6_code); 1543 return 0; 1544 } 1545 1546 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb)); 1547 1548 switch (msg->icmph.icmp6_type) { 1549 case NDISC_NEIGHBOUR_SOLICITATION: 1550 ndisc_recv_ns(skb); 1551 break; 1552 1553 case NDISC_NEIGHBOUR_ADVERTISEMENT: 1554 ndisc_recv_na(skb); 1555 break; 1556 1557 case NDISC_ROUTER_SOLICITATION: 1558 ndisc_recv_rs(skb); 1559 break; 1560 1561 case NDISC_ROUTER_ADVERTISEMENT: 1562 ndisc_router_discovery(skb); 1563 break; 1564 1565 case NDISC_REDIRECT: 1566 ndisc_redirect_rcv(skb); 1567 break; 1568 } 1569 1570 return 0; 1571 } 1572 1573 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr) 1574 { 1575 struct net_device *dev = ptr; 1576 struct net *net = dev_net(dev); 1577 1578 switch (event) { 1579 case NETDEV_CHANGEADDR: 1580 neigh_changeaddr(&nd_tbl, dev); 1581 fib6_run_gc(~0UL, net); 1582 break; 1583 case NETDEV_DOWN: 1584 neigh_ifdown(&nd_tbl, dev); 1585 fib6_run_gc(~0UL, net); 1586 break; 1587 case NETDEV_NOTIFY_PEERS: 1588 ndisc_send_unsol_na(dev); 1589 break; 1590 default: 1591 break; 1592 } 1593 1594 return NOTIFY_DONE; 1595 } 1596 1597 static struct notifier_block ndisc_netdev_notifier = { 1598 .notifier_call = ndisc_netdev_event, 1599 }; 1600 1601 #ifdef CONFIG_SYSCTL 1602 static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl, 1603 const char *func, const char *dev_name) 1604 { 1605 static char warncomm[TASK_COMM_LEN]; 1606 static int warned; 1607 if (strcmp(warncomm, current->comm) && warned < 5) { 1608 strcpy(warncomm, current->comm); 1609 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n", 1610 warncomm, func, 1611 dev_name, ctl->procname, 1612 dev_name, ctl->procname); 1613 warned++; 1614 } 1615 } 1616 1617 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos) 1618 { 1619 struct net_device *dev = ctl->extra1; 1620 struct inet6_dev *idev; 1621 int ret; 1622 1623 if ((strcmp(ctl->procname, "retrans_time") == 0) || 1624 (strcmp(ctl->procname, "base_reachable_time") == 0)) 1625 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default"); 1626 1627 if (strcmp(ctl->procname, "retrans_time") == 0) 1628 ret = proc_dointvec(ctl, write, buffer, lenp, ppos); 1629 1630 else if (strcmp(ctl->procname, "base_reachable_time") == 0) 1631 ret = proc_dointvec_jiffies(ctl, write, 1632 buffer, lenp, ppos); 1633 1634 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) || 1635 (strcmp(ctl->procname, "base_reachable_time_ms") == 0)) 1636 ret = proc_dointvec_ms_jiffies(ctl, write, 1637 buffer, lenp, ppos); 1638 else 1639 ret = -1; 1640 1641 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) { 1642 if (ctl->data == &idev->nd_parms->base_reachable_time) 1643 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time); 1644 idev->tstamp = jiffies; 1645 inet6_ifinfo_notify(RTM_NEWLINK, idev); 1646 in6_dev_put(idev); 1647 } 1648 return ret; 1649 } 1650 1651 1652 #endif 1653 1654 static int __net_init ndisc_net_init(struct net *net) 1655 { 1656 struct ipv6_pinfo *np; 1657 struct sock *sk; 1658 int err; 1659 1660 err = inet_ctl_sock_create(&sk, PF_INET6, 1661 SOCK_RAW, IPPROTO_ICMPV6, net); 1662 if (err < 0) { 1663 ND_PRINTK(0, err, 1664 "NDISC: Failed to initialize the control socket (err %d)\n", 1665 err); 1666 return err; 1667 } 1668 1669 net->ipv6.ndisc_sk = sk; 1670 1671 np = inet6_sk(sk); 1672 np->hop_limit = 255; 1673 /* Do not loopback ndisc messages */ 1674 np->mc_loop = 0; 1675 1676 return 0; 1677 } 1678 1679 static void __net_exit ndisc_net_exit(struct net *net) 1680 { 1681 inet_ctl_sock_destroy(net->ipv6.ndisc_sk); 1682 } 1683 1684 static struct pernet_operations ndisc_net_ops = { 1685 .init = ndisc_net_init, 1686 .exit = ndisc_net_exit, 1687 }; 1688 1689 int __init ndisc_init(void) 1690 { 1691 int err; 1692 1693 err = register_pernet_subsys(&ndisc_net_ops); 1694 if (err) 1695 return err; 1696 /* 1697 * Initialize the neighbour table 1698 */ 1699 neigh_table_init(&nd_tbl); 1700 1701 #ifdef CONFIG_SYSCTL 1702 err = neigh_sysctl_register(NULL, &nd_tbl.parms, "ipv6", 1703 &ndisc_ifinfo_sysctl_change); 1704 if (err) 1705 goto out_unregister_pernet; 1706 #endif 1707 err = register_netdevice_notifier(&ndisc_netdev_notifier); 1708 if (err) 1709 goto out_unregister_sysctl; 1710 out: 1711 return err; 1712 1713 out_unregister_sysctl: 1714 #ifdef CONFIG_SYSCTL 1715 neigh_sysctl_unregister(&nd_tbl.parms); 1716 out_unregister_pernet: 1717 #endif 1718 unregister_pernet_subsys(&ndisc_net_ops); 1719 goto out; 1720 } 1721 1722 void ndisc_cleanup(void) 1723 { 1724 unregister_netdevice_notifier(&ndisc_netdev_notifier); 1725 #ifdef CONFIG_SYSCTL 1726 neigh_sysctl_unregister(&nd_tbl.parms); 1727 #endif 1728 neigh_table_clear(&nd_tbl); 1729 unregister_pernet_subsys(&ndisc_net_ops); 1730 } 1731