1 /* 2 * Neighbour Discovery for IPv6 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * Mike Shaver <shaver@ingenia.com> 8 * 9 * This program is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU General Public License 11 * as published by the Free Software Foundation; either version 12 * 2 of the License, or (at your option) any later version. 13 */ 14 15 /* 16 * Changes: 17 * 18 * Alexey I. Froloff : RFC6106 (DNSSL) support 19 * Pierre Ynard : export userland ND options 20 * through netlink (RDNSS support) 21 * Lars Fenneberg : fixed MTU setting on receipt 22 * of an RA. 23 * Janos Farkas : kmalloc failure checks 24 * Alexey Kuznetsov : state machine reworked 25 * and moved to net/core. 26 * Pekka Savola : RFC2461 validation 27 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly 28 */ 29 30 #define pr_fmt(fmt) "ICMPv6: " fmt 31 32 #include <linux/module.h> 33 #include <linux/errno.h> 34 #include <linux/types.h> 35 #include <linux/socket.h> 36 #include <linux/sockios.h> 37 #include <linux/sched.h> 38 #include <linux/net.h> 39 #include <linux/in6.h> 40 #include <linux/route.h> 41 #include <linux/init.h> 42 #include <linux/rcupdate.h> 43 #include <linux/slab.h> 44 #ifdef CONFIG_SYSCTL 45 #include <linux/sysctl.h> 46 #endif 47 48 #include <linux/if_addr.h> 49 #include <linux/if_arp.h> 50 #include <linux/ipv6.h> 51 #include <linux/icmpv6.h> 52 #include <linux/jhash.h> 53 54 #include <net/sock.h> 55 #include <net/snmp.h> 56 57 #include <net/ipv6.h> 58 #include <net/protocol.h> 59 #include <net/ndisc.h> 60 #include <net/ip6_route.h> 61 #include <net/addrconf.h> 62 #include <net/icmp.h> 63 64 #include <net/netlink.h> 65 #include <linux/rtnetlink.h> 66 67 #include <net/flow.h> 68 #include <net/ip6_checksum.h> 69 #include <net/inet_common.h> 70 #include <linux/proc_fs.h> 71 72 #include <linux/netfilter.h> 73 #include <linux/netfilter_ipv6.h> 74 75 /* Set to 3 to get tracing... */ 76 #define ND_DEBUG 1 77 78 #define ND_PRINTK(val, level, fmt, ...) \ 79 do { \ 80 if (val <= ND_DEBUG) \ 81 net_##level##_ratelimited(fmt, ##__VA_ARGS__); \ 82 } while (0) 83 84 static u32 ndisc_hash(const void *pkey, 85 const struct net_device *dev, 86 __u32 *hash_rnd); 87 static int ndisc_constructor(struct neighbour *neigh); 88 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb); 89 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb); 90 static int pndisc_constructor(struct pneigh_entry *n); 91 static void pndisc_destructor(struct pneigh_entry *n); 92 static void pndisc_redo(struct sk_buff *skb); 93 94 static const struct neigh_ops ndisc_generic_ops = { 95 .family = AF_INET6, 96 .solicit = ndisc_solicit, 97 .error_report = ndisc_error_report, 98 .output = neigh_resolve_output, 99 .connected_output = neigh_connected_output, 100 }; 101 102 static const struct neigh_ops ndisc_hh_ops = { 103 .family = AF_INET6, 104 .solicit = ndisc_solicit, 105 .error_report = ndisc_error_report, 106 .output = neigh_resolve_output, 107 .connected_output = neigh_resolve_output, 108 }; 109 110 111 static const struct neigh_ops ndisc_direct_ops = { 112 .family = AF_INET6, 113 .output = neigh_direct_output, 114 .connected_output = neigh_direct_output, 115 }; 116 117 struct neigh_table nd_tbl = { 118 .family = AF_INET6, 119 .key_len = sizeof(struct in6_addr), 120 .hash = ndisc_hash, 121 .constructor = ndisc_constructor, 122 .pconstructor = pndisc_constructor, 123 .pdestructor = pndisc_destructor, 124 .proxy_redo = pndisc_redo, 125 .id = "ndisc_cache", 126 .parms = { 127 .tbl = &nd_tbl, 128 .reachable_time = ND_REACHABLE_TIME, 129 .data = { 130 [NEIGH_VAR_MCAST_PROBES] = 3, 131 [NEIGH_VAR_UCAST_PROBES] = 3, 132 [NEIGH_VAR_RETRANS_TIME] = ND_RETRANS_TIMER, 133 [NEIGH_VAR_BASE_REACHABLE_TIME] = ND_REACHABLE_TIME, 134 [NEIGH_VAR_DELAY_PROBE_TIME] = 5 * HZ, 135 [NEIGH_VAR_GC_STALETIME] = 60 * HZ, 136 [NEIGH_VAR_QUEUE_LEN_BYTES] = 64 * 1024, 137 [NEIGH_VAR_PROXY_QLEN] = 64, 138 [NEIGH_VAR_ANYCAST_DELAY] = 1 * HZ, 139 [NEIGH_VAR_PROXY_DELAY] = (8 * HZ) / 10, 140 }, 141 }, 142 .gc_interval = 30 * HZ, 143 .gc_thresh1 = 128, 144 .gc_thresh2 = 512, 145 .gc_thresh3 = 1024, 146 }; 147 148 static void ndisc_fill_addr_option(struct sk_buff *skb, int type, void *data) 149 { 150 int pad = ndisc_addr_option_pad(skb->dev->type); 151 int data_len = skb->dev->addr_len; 152 int space = ndisc_opt_addr_space(skb->dev); 153 u8 *opt = skb_put(skb, space); 154 155 opt[0] = type; 156 opt[1] = space>>3; 157 158 memset(opt + 2, 0, pad); 159 opt += pad; 160 space -= pad; 161 162 memcpy(opt+2, data, data_len); 163 data_len += 2; 164 opt += data_len; 165 if ((space -= data_len) > 0) 166 memset(opt, 0, space); 167 } 168 169 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur, 170 struct nd_opt_hdr *end) 171 { 172 int type; 173 if (!cur || !end || cur >= end) 174 return NULL; 175 type = cur->nd_opt_type; 176 do { 177 cur = ((void *)cur) + (cur->nd_opt_len << 3); 178 } while (cur < end && cur->nd_opt_type != type); 179 return cur <= end && cur->nd_opt_type == type ? cur : NULL; 180 } 181 182 static inline int ndisc_is_useropt(struct nd_opt_hdr *opt) 183 { 184 return opt->nd_opt_type == ND_OPT_RDNSS || 185 opt->nd_opt_type == ND_OPT_DNSSL; 186 } 187 188 static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur, 189 struct nd_opt_hdr *end) 190 { 191 if (!cur || !end || cur >= end) 192 return NULL; 193 do { 194 cur = ((void *)cur) + (cur->nd_opt_len << 3); 195 } while (cur < end && !ndisc_is_useropt(cur)); 196 return cur <= end && ndisc_is_useropt(cur) ? cur : NULL; 197 } 198 199 struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len, 200 struct ndisc_options *ndopts) 201 { 202 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt; 203 204 if (!nd_opt || opt_len < 0 || !ndopts) 205 return NULL; 206 memset(ndopts, 0, sizeof(*ndopts)); 207 while (opt_len) { 208 int l; 209 if (opt_len < sizeof(struct nd_opt_hdr)) 210 return NULL; 211 l = nd_opt->nd_opt_len << 3; 212 if (opt_len < l || l == 0) 213 return NULL; 214 switch (nd_opt->nd_opt_type) { 215 case ND_OPT_SOURCE_LL_ADDR: 216 case ND_OPT_TARGET_LL_ADDR: 217 case ND_OPT_MTU: 218 case ND_OPT_REDIRECT_HDR: 219 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) { 220 ND_PRINTK(2, warn, 221 "%s: duplicated ND6 option found: type=%d\n", 222 __func__, nd_opt->nd_opt_type); 223 } else { 224 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 225 } 226 break; 227 case ND_OPT_PREFIX_INFO: 228 ndopts->nd_opts_pi_end = nd_opt; 229 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type]) 230 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 231 break; 232 #ifdef CONFIG_IPV6_ROUTE_INFO 233 case ND_OPT_ROUTE_INFO: 234 ndopts->nd_opts_ri_end = nd_opt; 235 if (!ndopts->nd_opts_ri) 236 ndopts->nd_opts_ri = nd_opt; 237 break; 238 #endif 239 default: 240 if (ndisc_is_useropt(nd_opt)) { 241 ndopts->nd_useropts_end = nd_opt; 242 if (!ndopts->nd_useropts) 243 ndopts->nd_useropts = nd_opt; 244 } else { 245 /* 246 * Unknown options must be silently ignored, 247 * to accommodate future extension to the 248 * protocol. 249 */ 250 ND_PRINTK(2, notice, 251 "%s: ignored unsupported option; type=%d, len=%d\n", 252 __func__, 253 nd_opt->nd_opt_type, 254 nd_opt->nd_opt_len); 255 } 256 } 257 opt_len -= l; 258 nd_opt = ((void *)nd_opt) + l; 259 } 260 return ndopts; 261 } 262 263 int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir) 264 { 265 switch (dev->type) { 266 case ARPHRD_ETHER: 267 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */ 268 case ARPHRD_FDDI: 269 ipv6_eth_mc_map(addr, buf); 270 return 0; 271 case ARPHRD_ARCNET: 272 ipv6_arcnet_mc_map(addr, buf); 273 return 0; 274 case ARPHRD_INFINIBAND: 275 ipv6_ib_mc_map(addr, dev->broadcast, buf); 276 return 0; 277 case ARPHRD_IPGRE: 278 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf); 279 default: 280 if (dir) { 281 memcpy(buf, dev->broadcast, dev->addr_len); 282 return 0; 283 } 284 } 285 return -EINVAL; 286 } 287 EXPORT_SYMBOL(ndisc_mc_map); 288 289 static u32 ndisc_hash(const void *pkey, 290 const struct net_device *dev, 291 __u32 *hash_rnd) 292 { 293 return ndisc_hashfn(pkey, dev, hash_rnd); 294 } 295 296 static int ndisc_constructor(struct neighbour *neigh) 297 { 298 struct in6_addr *addr = (struct in6_addr *)&neigh->primary_key; 299 struct net_device *dev = neigh->dev; 300 struct inet6_dev *in6_dev; 301 struct neigh_parms *parms; 302 bool is_multicast = ipv6_addr_is_multicast(addr); 303 304 in6_dev = in6_dev_get(dev); 305 if (in6_dev == NULL) { 306 return -EINVAL; 307 } 308 309 parms = in6_dev->nd_parms; 310 __neigh_parms_put(neigh->parms); 311 neigh->parms = neigh_parms_clone(parms); 312 313 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST; 314 if (!dev->header_ops) { 315 neigh->nud_state = NUD_NOARP; 316 neigh->ops = &ndisc_direct_ops; 317 neigh->output = neigh_direct_output; 318 } else { 319 if (is_multicast) { 320 neigh->nud_state = NUD_NOARP; 321 ndisc_mc_map(addr, neigh->ha, dev, 1); 322 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) { 323 neigh->nud_state = NUD_NOARP; 324 memcpy(neigh->ha, dev->dev_addr, dev->addr_len); 325 if (dev->flags&IFF_LOOPBACK) 326 neigh->type = RTN_LOCAL; 327 } else if (dev->flags&IFF_POINTOPOINT) { 328 neigh->nud_state = NUD_NOARP; 329 memcpy(neigh->ha, dev->broadcast, dev->addr_len); 330 } 331 if (dev->header_ops->cache) 332 neigh->ops = &ndisc_hh_ops; 333 else 334 neigh->ops = &ndisc_generic_ops; 335 if (neigh->nud_state&NUD_VALID) 336 neigh->output = neigh->ops->connected_output; 337 else 338 neigh->output = neigh->ops->output; 339 } 340 in6_dev_put(in6_dev); 341 return 0; 342 } 343 344 static int pndisc_constructor(struct pneigh_entry *n) 345 { 346 struct in6_addr *addr = (struct in6_addr *)&n->key; 347 struct in6_addr maddr; 348 struct net_device *dev = n->dev; 349 350 if (dev == NULL || __in6_dev_get(dev) == NULL) 351 return -EINVAL; 352 addrconf_addr_solict_mult(addr, &maddr); 353 ipv6_dev_mc_inc(dev, &maddr); 354 return 0; 355 } 356 357 static void pndisc_destructor(struct pneigh_entry *n) 358 { 359 struct in6_addr *addr = (struct in6_addr *)&n->key; 360 struct in6_addr maddr; 361 struct net_device *dev = n->dev; 362 363 if (dev == NULL || __in6_dev_get(dev) == NULL) 364 return; 365 addrconf_addr_solict_mult(addr, &maddr); 366 ipv6_dev_mc_dec(dev, &maddr); 367 } 368 369 static struct sk_buff *ndisc_alloc_skb(struct net_device *dev, 370 int len) 371 { 372 int hlen = LL_RESERVED_SPACE(dev); 373 int tlen = dev->needed_tailroom; 374 struct sock *sk = dev_net(dev)->ipv6.ndisc_sk; 375 struct sk_buff *skb; 376 377 skb = alloc_skb(hlen + sizeof(struct ipv6hdr) + len + tlen, GFP_ATOMIC); 378 if (!skb) { 379 ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb\n", 380 __func__); 381 return NULL; 382 } 383 384 skb->protocol = htons(ETH_P_IPV6); 385 skb->dev = dev; 386 387 skb_reserve(skb, hlen + sizeof(struct ipv6hdr)); 388 skb_reset_transport_header(skb); 389 390 /* Manually assign socket ownership as we avoid calling 391 * sock_alloc_send_pskb() to bypass wmem buffer limits 392 */ 393 skb_set_owner_w(skb, sk); 394 395 return skb; 396 } 397 398 static void ip6_nd_hdr(struct sk_buff *skb, 399 const struct in6_addr *saddr, 400 const struct in6_addr *daddr, 401 int hop_limit, int len) 402 { 403 struct ipv6hdr *hdr; 404 405 skb_push(skb, sizeof(*hdr)); 406 skb_reset_network_header(skb); 407 hdr = ipv6_hdr(skb); 408 409 ip6_flow_hdr(hdr, 0, 0); 410 411 hdr->payload_len = htons(len); 412 hdr->nexthdr = IPPROTO_ICMPV6; 413 hdr->hop_limit = hop_limit; 414 415 hdr->saddr = *saddr; 416 hdr->daddr = *daddr; 417 } 418 419 static void ndisc_send_skb(struct sk_buff *skb, 420 const struct in6_addr *daddr, 421 const struct in6_addr *saddr) 422 { 423 struct dst_entry *dst = skb_dst(skb); 424 struct net *net = dev_net(skb->dev); 425 struct sock *sk = net->ipv6.ndisc_sk; 426 struct inet6_dev *idev; 427 int err; 428 struct icmp6hdr *icmp6h = icmp6_hdr(skb); 429 u8 type; 430 431 type = icmp6h->icmp6_type; 432 433 if (!dst) { 434 struct flowi6 fl6; 435 436 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, skb->dev->ifindex); 437 dst = icmp6_dst_alloc(skb->dev, &fl6); 438 if (IS_ERR(dst)) { 439 kfree_skb(skb); 440 return; 441 } 442 443 skb_dst_set(skb, dst); 444 } 445 446 icmp6h->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len, 447 IPPROTO_ICMPV6, 448 csum_partial(icmp6h, 449 skb->len, 0)); 450 451 ip6_nd_hdr(skb, saddr, daddr, inet6_sk(sk)->hop_limit, skb->len); 452 453 rcu_read_lock(); 454 idev = __in6_dev_get(dst->dev); 455 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len); 456 457 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev, 458 dst_output); 459 if (!err) { 460 ICMP6MSGOUT_INC_STATS(net, idev, type); 461 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS); 462 } 463 464 rcu_read_unlock(); 465 } 466 467 void ndisc_send_na(struct net_device *dev, struct neighbour *neigh, 468 const struct in6_addr *daddr, 469 const struct in6_addr *solicited_addr, 470 bool router, bool solicited, bool override, bool inc_opt) 471 { 472 struct sk_buff *skb; 473 struct in6_addr tmpaddr; 474 struct inet6_ifaddr *ifp; 475 const struct in6_addr *src_addr; 476 struct nd_msg *msg; 477 int optlen = 0; 478 479 /* for anycast or proxy, solicited_addr != src_addr */ 480 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1); 481 if (ifp) { 482 src_addr = solicited_addr; 483 if (ifp->flags & IFA_F_OPTIMISTIC) 484 override = false; 485 inc_opt |= ifp->idev->cnf.force_tllao; 486 in6_ifa_put(ifp); 487 } else { 488 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr, 489 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs, 490 &tmpaddr)) 491 return; 492 src_addr = &tmpaddr; 493 } 494 495 if (!dev->addr_len) 496 inc_opt = 0; 497 if (inc_opt) 498 optlen += ndisc_opt_addr_space(dev); 499 500 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen); 501 if (!skb) 502 return; 503 504 msg = (struct nd_msg *)skb_put(skb, sizeof(*msg)); 505 *msg = (struct nd_msg) { 506 .icmph = { 507 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT, 508 .icmp6_router = router, 509 .icmp6_solicited = solicited, 510 .icmp6_override = override, 511 }, 512 .target = *solicited_addr, 513 }; 514 515 if (inc_opt) 516 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR, 517 dev->dev_addr); 518 519 520 ndisc_send_skb(skb, daddr, src_addr); 521 } 522 523 static void ndisc_send_unsol_na(struct net_device *dev) 524 { 525 struct inet6_dev *idev; 526 struct inet6_ifaddr *ifa; 527 528 idev = in6_dev_get(dev); 529 if (!idev) 530 return; 531 532 read_lock_bh(&idev->lock); 533 list_for_each_entry(ifa, &idev->addr_list, if_list) { 534 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &ifa->addr, 535 /*router=*/ !!idev->cnf.forwarding, 536 /*solicited=*/ false, /*override=*/ true, 537 /*inc_opt=*/ true); 538 } 539 read_unlock_bh(&idev->lock); 540 541 in6_dev_put(idev); 542 } 543 544 void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh, 545 const struct in6_addr *solicit, 546 const struct in6_addr *daddr, const struct in6_addr *saddr) 547 { 548 struct sk_buff *skb; 549 struct in6_addr addr_buf; 550 int inc_opt = dev->addr_len; 551 int optlen = 0; 552 struct nd_msg *msg; 553 554 if (saddr == NULL) { 555 if (ipv6_get_lladdr(dev, &addr_buf, 556 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))) 557 return; 558 saddr = &addr_buf; 559 } 560 561 if (ipv6_addr_any(saddr)) 562 inc_opt = false; 563 if (inc_opt) 564 optlen += ndisc_opt_addr_space(dev); 565 566 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen); 567 if (!skb) 568 return; 569 570 msg = (struct nd_msg *)skb_put(skb, sizeof(*msg)); 571 *msg = (struct nd_msg) { 572 .icmph = { 573 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION, 574 }, 575 .target = *solicit, 576 }; 577 578 if (inc_opt) 579 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR, 580 dev->dev_addr); 581 582 ndisc_send_skb(skb, daddr, saddr); 583 } 584 585 void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr, 586 const struct in6_addr *daddr) 587 { 588 struct sk_buff *skb; 589 struct rs_msg *msg; 590 int send_sllao = dev->addr_len; 591 int optlen = 0; 592 593 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD 594 /* 595 * According to section 2.2 of RFC 4429, we must not 596 * send router solicitations with a sllao from 597 * optimistic addresses, but we may send the solicitation 598 * if we don't include the sllao. So here we check 599 * if our address is optimistic, and if so, we 600 * suppress the inclusion of the sllao. 601 */ 602 if (send_sllao) { 603 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr, 604 dev, 1); 605 if (ifp) { 606 if (ifp->flags & IFA_F_OPTIMISTIC) { 607 send_sllao = 0; 608 } 609 in6_ifa_put(ifp); 610 } else { 611 send_sllao = 0; 612 } 613 } 614 #endif 615 if (send_sllao) 616 optlen += ndisc_opt_addr_space(dev); 617 618 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen); 619 if (!skb) 620 return; 621 622 msg = (struct rs_msg *)skb_put(skb, sizeof(*msg)); 623 *msg = (struct rs_msg) { 624 .icmph = { 625 .icmp6_type = NDISC_ROUTER_SOLICITATION, 626 }, 627 }; 628 629 if (send_sllao) 630 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR, 631 dev->dev_addr); 632 633 ndisc_send_skb(skb, daddr, saddr); 634 } 635 636 637 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb) 638 { 639 /* 640 * "The sender MUST return an ICMP 641 * destination unreachable" 642 */ 643 dst_link_failure(skb); 644 kfree_skb(skb); 645 } 646 647 /* Called with locked neigh: either read or both */ 648 649 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb) 650 { 651 struct in6_addr *saddr = NULL; 652 struct in6_addr mcaddr; 653 struct net_device *dev = neigh->dev; 654 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key; 655 int probes = atomic_read(&neigh->probes); 656 657 if (skb && ipv6_chk_addr(dev_net(dev), &ipv6_hdr(skb)->saddr, dev, 1)) 658 saddr = &ipv6_hdr(skb)->saddr; 659 660 if ((probes -= NEIGH_VAR(neigh->parms, UCAST_PROBES)) < 0) { 661 if (!(neigh->nud_state & NUD_VALID)) { 662 ND_PRINTK(1, dbg, 663 "%s: trying to ucast probe in NUD_INVALID: %pI6\n", 664 __func__, target); 665 } 666 ndisc_send_ns(dev, neigh, target, target, saddr); 667 } else if ((probes -= NEIGH_VAR(neigh->parms, APP_PROBES)) < 0) { 668 neigh_app_ns(neigh); 669 } else { 670 addrconf_addr_solict_mult(target, &mcaddr); 671 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr); 672 } 673 } 674 675 static int pndisc_is_router(const void *pkey, 676 struct net_device *dev) 677 { 678 struct pneigh_entry *n; 679 int ret = -1; 680 681 read_lock_bh(&nd_tbl.lock); 682 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev); 683 if (n) 684 ret = !!(n->flags & NTF_ROUTER); 685 read_unlock_bh(&nd_tbl.lock); 686 687 return ret; 688 } 689 690 static void ndisc_recv_ns(struct sk_buff *skb) 691 { 692 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb); 693 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 694 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr; 695 u8 *lladdr = NULL; 696 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) + 697 offsetof(struct nd_msg, opt)); 698 struct ndisc_options ndopts; 699 struct net_device *dev = skb->dev; 700 struct inet6_ifaddr *ifp; 701 struct inet6_dev *idev = NULL; 702 struct neighbour *neigh; 703 int dad = ipv6_addr_any(saddr); 704 bool inc; 705 int is_router = -1; 706 707 if (skb->len < sizeof(struct nd_msg)) { 708 ND_PRINTK(2, warn, "NS: packet too short\n"); 709 return; 710 } 711 712 if (ipv6_addr_is_multicast(&msg->target)) { 713 ND_PRINTK(2, warn, "NS: multicast target address\n"); 714 return; 715 } 716 717 /* 718 * RFC2461 7.1.1: 719 * DAD has to be destined for solicited node multicast address. 720 */ 721 if (dad && !ipv6_addr_is_solict_mult(daddr)) { 722 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n"); 723 return; 724 } 725 726 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) { 727 ND_PRINTK(2, warn, "NS: invalid ND options\n"); 728 return; 729 } 730 731 if (ndopts.nd_opts_src_lladdr) { 732 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev); 733 if (!lladdr) { 734 ND_PRINTK(2, warn, 735 "NS: invalid link-layer address length\n"); 736 return; 737 } 738 739 /* RFC2461 7.1.1: 740 * If the IP source address is the unspecified address, 741 * there MUST NOT be source link-layer address option 742 * in the message. 743 */ 744 if (dad) { 745 ND_PRINTK(2, warn, 746 "NS: bad DAD packet (link-layer address option)\n"); 747 return; 748 } 749 } 750 751 inc = ipv6_addr_is_multicast(daddr); 752 753 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1); 754 if (ifp) { 755 756 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) { 757 if (dad) { 758 /* 759 * We are colliding with another node 760 * who is doing DAD 761 * so fail our DAD process 762 */ 763 addrconf_dad_failure(ifp); 764 return; 765 } else { 766 /* 767 * This is not a dad solicitation. 768 * If we are an optimistic node, 769 * we should respond. 770 * Otherwise, we should ignore it. 771 */ 772 if (!(ifp->flags & IFA_F_OPTIMISTIC)) 773 goto out; 774 } 775 } 776 777 idev = ifp->idev; 778 } else { 779 struct net *net = dev_net(dev); 780 781 idev = in6_dev_get(dev); 782 if (!idev) { 783 /* XXX: count this drop? */ 784 return; 785 } 786 787 if (ipv6_chk_acast_addr(net, dev, &msg->target) || 788 (idev->cnf.forwarding && 789 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) && 790 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) { 791 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) && 792 skb->pkt_type != PACKET_HOST && 793 inc && 794 NEIGH_VAR(idev->nd_parms, PROXY_DELAY) != 0) { 795 /* 796 * for anycast or proxy, 797 * sender should delay its response 798 * by a random time between 0 and 799 * MAX_ANYCAST_DELAY_TIME seconds. 800 * (RFC2461) -- yoshfuji 801 */ 802 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC); 803 if (n) 804 pneigh_enqueue(&nd_tbl, idev->nd_parms, n); 805 goto out; 806 } 807 } else 808 goto out; 809 } 810 811 if (is_router < 0) 812 is_router = idev->cnf.forwarding; 813 814 if (dad) { 815 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &msg->target, 816 !!is_router, false, (ifp != NULL), true); 817 goto out; 818 } 819 820 if (inc) 821 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast); 822 else 823 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast); 824 825 /* 826 * update / create cache entry 827 * for the source address 828 */ 829 neigh = __neigh_lookup(&nd_tbl, saddr, dev, 830 !inc || lladdr || !dev->addr_len); 831 if (neigh) 832 neigh_update(neigh, lladdr, NUD_STALE, 833 NEIGH_UPDATE_F_WEAK_OVERRIDE| 834 NEIGH_UPDATE_F_OVERRIDE); 835 if (neigh || !dev->header_ops) { 836 ndisc_send_na(dev, neigh, saddr, &msg->target, 837 !!is_router, 838 true, (ifp != NULL && inc), inc); 839 if (neigh) 840 neigh_release(neigh); 841 } 842 843 out: 844 if (ifp) 845 in6_ifa_put(ifp); 846 else 847 in6_dev_put(idev); 848 } 849 850 static void ndisc_recv_na(struct sk_buff *skb) 851 { 852 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb); 853 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 854 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr; 855 u8 *lladdr = NULL; 856 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) + 857 offsetof(struct nd_msg, opt)); 858 struct ndisc_options ndopts; 859 struct net_device *dev = skb->dev; 860 struct inet6_ifaddr *ifp; 861 struct neighbour *neigh; 862 863 if (skb->len < sizeof(struct nd_msg)) { 864 ND_PRINTK(2, warn, "NA: packet too short\n"); 865 return; 866 } 867 868 if (ipv6_addr_is_multicast(&msg->target)) { 869 ND_PRINTK(2, warn, "NA: target address is multicast\n"); 870 return; 871 } 872 873 if (ipv6_addr_is_multicast(daddr) && 874 msg->icmph.icmp6_solicited) { 875 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n"); 876 return; 877 } 878 879 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) { 880 ND_PRINTK(2, warn, "NS: invalid ND option\n"); 881 return; 882 } 883 if (ndopts.nd_opts_tgt_lladdr) { 884 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev); 885 if (!lladdr) { 886 ND_PRINTK(2, warn, 887 "NA: invalid link-layer address length\n"); 888 return; 889 } 890 } 891 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1); 892 if (ifp) { 893 if (skb->pkt_type != PACKET_LOOPBACK 894 && (ifp->flags & IFA_F_TENTATIVE)) { 895 addrconf_dad_failure(ifp); 896 return; 897 } 898 /* What should we make now? The advertisement 899 is invalid, but ndisc specs say nothing 900 about it. It could be misconfiguration, or 901 an smart proxy agent tries to help us :-) 902 903 We should not print the error if NA has been 904 received from loopback - it is just our own 905 unsolicited advertisement. 906 */ 907 if (skb->pkt_type != PACKET_LOOPBACK) 908 ND_PRINTK(1, warn, 909 "NA: someone advertises our address %pI6 on %s!\n", 910 &ifp->addr, ifp->idev->dev->name); 911 in6_ifa_put(ifp); 912 return; 913 } 914 neigh = neigh_lookup(&nd_tbl, &msg->target, dev); 915 916 if (neigh) { 917 u8 old_flags = neigh->flags; 918 struct net *net = dev_net(dev); 919 920 if (neigh->nud_state & NUD_FAILED) 921 goto out; 922 923 /* 924 * Don't update the neighbor cache entry on a proxy NA from 925 * ourselves because either the proxied node is off link or it 926 * has already sent a NA to us. 927 */ 928 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) && 929 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp && 930 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) { 931 /* XXX: idev->cnf.proxy_ndp */ 932 goto out; 933 } 934 935 neigh_update(neigh, lladdr, 936 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE, 937 NEIGH_UPDATE_F_WEAK_OVERRIDE| 938 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)| 939 NEIGH_UPDATE_F_OVERRIDE_ISROUTER| 940 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0)); 941 942 if ((old_flags & ~neigh->flags) & NTF_ROUTER) { 943 /* 944 * Change: router to host 945 */ 946 rt6_clean_tohost(dev_net(dev), saddr); 947 } 948 949 out: 950 neigh_release(neigh); 951 } 952 } 953 954 static void ndisc_recv_rs(struct sk_buff *skb) 955 { 956 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb); 957 unsigned long ndoptlen = skb->len - sizeof(*rs_msg); 958 struct neighbour *neigh; 959 struct inet6_dev *idev; 960 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 961 struct ndisc_options ndopts; 962 u8 *lladdr = NULL; 963 964 if (skb->len < sizeof(*rs_msg)) 965 return; 966 967 idev = __in6_dev_get(skb->dev); 968 if (!idev) { 969 ND_PRINTK(1, err, "RS: can't find in6 device\n"); 970 return; 971 } 972 973 /* Don't accept RS if we're not in router mode */ 974 if (!idev->cnf.forwarding) 975 goto out; 976 977 /* 978 * Don't update NCE if src = ::; 979 * this implies that the source node has no ip address assigned yet. 980 */ 981 if (ipv6_addr_any(saddr)) 982 goto out; 983 984 /* Parse ND options */ 985 if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) { 986 ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n"); 987 goto out; 988 } 989 990 if (ndopts.nd_opts_src_lladdr) { 991 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, 992 skb->dev); 993 if (!lladdr) 994 goto out; 995 } 996 997 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1); 998 if (neigh) { 999 neigh_update(neigh, lladdr, NUD_STALE, 1000 NEIGH_UPDATE_F_WEAK_OVERRIDE| 1001 NEIGH_UPDATE_F_OVERRIDE| 1002 NEIGH_UPDATE_F_OVERRIDE_ISROUTER); 1003 neigh_release(neigh); 1004 } 1005 out: 1006 return; 1007 } 1008 1009 static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt) 1010 { 1011 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra); 1012 struct sk_buff *skb; 1013 struct nlmsghdr *nlh; 1014 struct nduseroptmsg *ndmsg; 1015 struct net *net = dev_net(ra->dev); 1016 int err; 1017 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg) 1018 + (opt->nd_opt_len << 3)); 1019 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr)); 1020 1021 skb = nlmsg_new(msg_size, GFP_ATOMIC); 1022 if (skb == NULL) { 1023 err = -ENOBUFS; 1024 goto errout; 1025 } 1026 1027 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0); 1028 if (nlh == NULL) { 1029 goto nla_put_failure; 1030 } 1031 1032 ndmsg = nlmsg_data(nlh); 1033 ndmsg->nduseropt_family = AF_INET6; 1034 ndmsg->nduseropt_ifindex = ra->dev->ifindex; 1035 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type; 1036 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code; 1037 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3; 1038 1039 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3); 1040 1041 if (nla_put(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr), 1042 &ipv6_hdr(ra)->saddr)) 1043 goto nla_put_failure; 1044 nlmsg_end(skb, nlh); 1045 1046 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC); 1047 return; 1048 1049 nla_put_failure: 1050 nlmsg_free(skb); 1051 err = -EMSGSIZE; 1052 errout: 1053 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err); 1054 } 1055 1056 static void ndisc_router_discovery(struct sk_buff *skb) 1057 { 1058 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb); 1059 struct neighbour *neigh = NULL; 1060 struct inet6_dev *in6_dev; 1061 struct rt6_info *rt = NULL; 1062 int lifetime; 1063 struct ndisc_options ndopts; 1064 int optlen; 1065 unsigned int pref = 0; 1066 1067 __u8 *opt = (__u8 *)(ra_msg + 1); 1068 1069 optlen = (skb_tail_pointer(skb) - skb_transport_header(skb)) - 1070 sizeof(struct ra_msg); 1071 1072 ND_PRINTK(2, info, 1073 "RA: %s, dev: %s\n", 1074 __func__, skb->dev->name); 1075 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) { 1076 ND_PRINTK(2, warn, "RA: source address is not link-local\n"); 1077 return; 1078 } 1079 if (optlen < 0) { 1080 ND_PRINTK(2, warn, "RA: packet too short\n"); 1081 return; 1082 } 1083 1084 #ifdef CONFIG_IPV6_NDISC_NODETYPE 1085 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) { 1086 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n"); 1087 return; 1088 } 1089 #endif 1090 1091 /* 1092 * set the RA_RECV flag in the interface 1093 */ 1094 1095 in6_dev = __in6_dev_get(skb->dev); 1096 if (in6_dev == NULL) { 1097 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n", 1098 skb->dev->name); 1099 return; 1100 } 1101 1102 if (!ndisc_parse_options(opt, optlen, &ndopts)) { 1103 ND_PRINTK(2, warn, "RA: invalid ND options\n"); 1104 return; 1105 } 1106 1107 if (!ipv6_accept_ra(in6_dev)) { 1108 ND_PRINTK(2, info, 1109 "RA: %s, did not accept ra for dev: %s\n", 1110 __func__, skb->dev->name); 1111 goto skip_linkparms; 1112 } 1113 1114 #ifdef CONFIG_IPV6_NDISC_NODETYPE 1115 /* skip link-specific parameters from interior routers */ 1116 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) { 1117 ND_PRINTK(2, info, 1118 "RA: %s, nodetype is NODEFAULT, dev: %s\n", 1119 __func__, skb->dev->name); 1120 goto skip_linkparms; 1121 } 1122 #endif 1123 1124 if (in6_dev->if_flags & IF_RS_SENT) { 1125 /* 1126 * flag that an RA was received after an RS was sent 1127 * out on this interface. 1128 */ 1129 in6_dev->if_flags |= IF_RA_RCVD; 1130 } 1131 1132 /* 1133 * Remember the managed/otherconf flags from most recently 1134 * received RA message (RFC 2462) -- yoshfuji 1135 */ 1136 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED | 1137 IF_RA_OTHERCONF)) | 1138 (ra_msg->icmph.icmp6_addrconf_managed ? 1139 IF_RA_MANAGED : 0) | 1140 (ra_msg->icmph.icmp6_addrconf_other ? 1141 IF_RA_OTHERCONF : 0); 1142 1143 if (!in6_dev->cnf.accept_ra_defrtr) { 1144 ND_PRINTK(2, info, 1145 "RA: %s, defrtr is false for dev: %s\n", 1146 __func__, skb->dev->name); 1147 goto skip_defrtr; 1148 } 1149 1150 /* Do not accept RA with source-addr found on local machine unless 1151 * accept_ra_from_local is set to true. 1152 */ 1153 if (!in6_dev->cnf.accept_ra_from_local && 1154 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, 1155 NULL, 0)) { 1156 ND_PRINTK(2, info, 1157 "RA from local address detected on dev: %s: default router ignored\n", 1158 skb->dev->name); 1159 goto skip_defrtr; 1160 } 1161 1162 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime); 1163 1164 #ifdef CONFIG_IPV6_ROUTER_PREF 1165 pref = ra_msg->icmph.icmp6_router_pref; 1166 /* 10b is handled as if it were 00b (medium) */ 1167 if (pref == ICMPV6_ROUTER_PREF_INVALID || 1168 !in6_dev->cnf.accept_ra_rtr_pref) 1169 pref = ICMPV6_ROUTER_PREF_MEDIUM; 1170 #endif 1171 1172 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev); 1173 1174 if (rt) { 1175 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr); 1176 if (!neigh) { 1177 ND_PRINTK(0, err, 1178 "RA: %s got default router without neighbour\n", 1179 __func__); 1180 ip6_rt_put(rt); 1181 return; 1182 } 1183 } 1184 if (rt && lifetime == 0) { 1185 ip6_del_rt(rt); 1186 rt = NULL; 1187 } 1188 1189 ND_PRINTK(3, info, "RA: rt: %p lifetime: %d, for dev: %s\n", 1190 rt, lifetime, skb->dev->name); 1191 if (rt == NULL && lifetime) { 1192 ND_PRINTK(3, info, "RA: adding default router\n"); 1193 1194 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref); 1195 if (rt == NULL) { 1196 ND_PRINTK(0, err, 1197 "RA: %s failed to add default route\n", 1198 __func__); 1199 return; 1200 } 1201 1202 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr); 1203 if (neigh == NULL) { 1204 ND_PRINTK(0, err, 1205 "RA: %s got default router without neighbour\n", 1206 __func__); 1207 ip6_rt_put(rt); 1208 return; 1209 } 1210 neigh->flags |= NTF_ROUTER; 1211 } else if (rt) { 1212 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref); 1213 } 1214 1215 if (rt) 1216 rt6_set_expires(rt, jiffies + (HZ * lifetime)); 1217 if (ra_msg->icmph.icmp6_hop_limit) { 1218 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit; 1219 if (rt) 1220 dst_metric_set(&rt->dst, RTAX_HOPLIMIT, 1221 ra_msg->icmph.icmp6_hop_limit); 1222 } 1223 1224 skip_defrtr: 1225 1226 /* 1227 * Update Reachable Time and Retrans Timer 1228 */ 1229 1230 if (in6_dev->nd_parms) { 1231 unsigned long rtime = ntohl(ra_msg->retrans_timer); 1232 1233 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) { 1234 rtime = (rtime*HZ)/1000; 1235 if (rtime < HZ/10) 1236 rtime = HZ/10; 1237 NEIGH_VAR_SET(in6_dev->nd_parms, RETRANS_TIME, rtime); 1238 in6_dev->tstamp = jiffies; 1239 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev); 1240 } 1241 1242 rtime = ntohl(ra_msg->reachable_time); 1243 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) { 1244 rtime = (rtime*HZ)/1000; 1245 1246 if (rtime < HZ/10) 1247 rtime = HZ/10; 1248 1249 if (rtime != NEIGH_VAR(in6_dev->nd_parms, BASE_REACHABLE_TIME)) { 1250 NEIGH_VAR_SET(in6_dev->nd_parms, 1251 BASE_REACHABLE_TIME, rtime); 1252 NEIGH_VAR_SET(in6_dev->nd_parms, 1253 GC_STALETIME, 3 * rtime); 1254 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime); 1255 in6_dev->tstamp = jiffies; 1256 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev); 1257 } 1258 } 1259 } 1260 1261 skip_linkparms: 1262 1263 /* 1264 * Process options. 1265 */ 1266 1267 if (!neigh) 1268 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr, 1269 skb->dev, 1); 1270 if (neigh) { 1271 u8 *lladdr = NULL; 1272 if (ndopts.nd_opts_src_lladdr) { 1273 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, 1274 skb->dev); 1275 if (!lladdr) { 1276 ND_PRINTK(2, warn, 1277 "RA: invalid link-layer address length\n"); 1278 goto out; 1279 } 1280 } 1281 neigh_update(neigh, lladdr, NUD_STALE, 1282 NEIGH_UPDATE_F_WEAK_OVERRIDE| 1283 NEIGH_UPDATE_F_OVERRIDE| 1284 NEIGH_UPDATE_F_OVERRIDE_ISROUTER| 1285 NEIGH_UPDATE_F_ISROUTER); 1286 } 1287 1288 if (!ipv6_accept_ra(in6_dev)) { 1289 ND_PRINTK(2, info, 1290 "RA: %s, accept_ra is false for dev: %s\n", 1291 __func__, skb->dev->name); 1292 goto out; 1293 } 1294 1295 #ifdef CONFIG_IPV6_ROUTE_INFO 1296 if (!in6_dev->cnf.accept_ra_from_local && 1297 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, 1298 NULL, 0)) { 1299 ND_PRINTK(2, info, 1300 "RA from local address detected on dev: %s: router info ignored.\n", 1301 skb->dev->name); 1302 goto skip_routeinfo; 1303 } 1304 1305 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) { 1306 struct nd_opt_hdr *p; 1307 for (p = ndopts.nd_opts_ri; 1308 p; 1309 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) { 1310 struct route_info *ri = (struct route_info *)p; 1311 #ifdef CONFIG_IPV6_NDISC_NODETYPE 1312 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT && 1313 ri->prefix_len == 0) 1314 continue; 1315 #endif 1316 if (ri->prefix_len == 0 && 1317 !in6_dev->cnf.accept_ra_defrtr) 1318 continue; 1319 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen) 1320 continue; 1321 rt6_route_rcv(skb->dev, (u8 *)p, (p->nd_opt_len) << 3, 1322 &ipv6_hdr(skb)->saddr); 1323 } 1324 } 1325 1326 skip_routeinfo: 1327 #endif 1328 1329 #ifdef CONFIG_IPV6_NDISC_NODETYPE 1330 /* skip link-specific ndopts from interior routers */ 1331 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) { 1332 ND_PRINTK(2, info, 1333 "RA: %s, nodetype is NODEFAULT (interior routes), dev: %s\n", 1334 __func__, skb->dev->name); 1335 goto out; 1336 } 1337 #endif 1338 1339 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) { 1340 struct nd_opt_hdr *p; 1341 for (p = ndopts.nd_opts_pi; 1342 p; 1343 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) { 1344 addrconf_prefix_rcv(skb->dev, (u8 *)p, 1345 (p->nd_opt_len) << 3, 1346 ndopts.nd_opts_src_lladdr != NULL); 1347 } 1348 } 1349 1350 if (ndopts.nd_opts_mtu) { 1351 __be32 n; 1352 u32 mtu; 1353 1354 memcpy(&n, ((u8 *)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu)); 1355 mtu = ntohl(n); 1356 1357 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) { 1358 ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu); 1359 } else if (in6_dev->cnf.mtu6 != mtu) { 1360 in6_dev->cnf.mtu6 = mtu; 1361 1362 if (rt) 1363 dst_metric_set(&rt->dst, RTAX_MTU, mtu); 1364 1365 rt6_mtu_change(skb->dev, mtu); 1366 } 1367 } 1368 1369 if (ndopts.nd_useropts) { 1370 struct nd_opt_hdr *p; 1371 for (p = ndopts.nd_useropts; 1372 p; 1373 p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) { 1374 ndisc_ra_useropt(skb, p); 1375 } 1376 } 1377 1378 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) { 1379 ND_PRINTK(2, warn, "RA: invalid RA options\n"); 1380 } 1381 out: 1382 ip6_rt_put(rt); 1383 if (neigh) 1384 neigh_release(neigh); 1385 } 1386 1387 static void ndisc_redirect_rcv(struct sk_buff *skb) 1388 { 1389 u8 *hdr; 1390 struct ndisc_options ndopts; 1391 struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb); 1392 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) + 1393 offsetof(struct rd_msg, opt)); 1394 1395 #ifdef CONFIG_IPV6_NDISC_NODETYPE 1396 switch (skb->ndisc_nodetype) { 1397 case NDISC_NODETYPE_HOST: 1398 case NDISC_NODETYPE_NODEFAULT: 1399 ND_PRINTK(2, warn, 1400 "Redirect: from host or unauthorized router\n"); 1401 return; 1402 } 1403 #endif 1404 1405 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) { 1406 ND_PRINTK(2, warn, 1407 "Redirect: source address is not link-local\n"); 1408 return; 1409 } 1410 1411 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) 1412 return; 1413 1414 if (!ndopts.nd_opts_rh) { 1415 ip6_redirect_no_header(skb, dev_net(skb->dev), 1416 skb->dev->ifindex, 0); 1417 return; 1418 } 1419 1420 hdr = (u8 *)ndopts.nd_opts_rh; 1421 hdr += 8; 1422 if (!pskb_pull(skb, hdr - skb_transport_header(skb))) 1423 return; 1424 1425 icmpv6_notify(skb, NDISC_REDIRECT, 0, 0); 1426 } 1427 1428 static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb, 1429 struct sk_buff *orig_skb, 1430 int rd_len) 1431 { 1432 u8 *opt = skb_put(skb, rd_len); 1433 1434 memset(opt, 0, 8); 1435 *(opt++) = ND_OPT_REDIRECT_HDR; 1436 *(opt++) = (rd_len >> 3); 1437 opt += 6; 1438 1439 memcpy(opt, ipv6_hdr(orig_skb), rd_len - 8); 1440 } 1441 1442 void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target) 1443 { 1444 struct net_device *dev = skb->dev; 1445 struct net *net = dev_net(dev); 1446 struct sock *sk = net->ipv6.ndisc_sk; 1447 int optlen = 0; 1448 struct inet_peer *peer; 1449 struct sk_buff *buff; 1450 struct rd_msg *msg; 1451 struct in6_addr saddr_buf; 1452 struct rt6_info *rt; 1453 struct dst_entry *dst; 1454 struct flowi6 fl6; 1455 int rd_len; 1456 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL; 1457 bool ret; 1458 1459 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) { 1460 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n", 1461 dev->name); 1462 return; 1463 } 1464 1465 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) && 1466 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) { 1467 ND_PRINTK(2, warn, 1468 "Redirect: target address is not link-local unicast\n"); 1469 return; 1470 } 1471 1472 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT, 1473 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex); 1474 1475 dst = ip6_route_output(net, NULL, &fl6); 1476 if (dst->error) { 1477 dst_release(dst); 1478 return; 1479 } 1480 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0); 1481 if (IS_ERR(dst)) 1482 return; 1483 1484 rt = (struct rt6_info *) dst; 1485 1486 if (rt->rt6i_flags & RTF_GATEWAY) { 1487 ND_PRINTK(2, warn, 1488 "Redirect: destination is not a neighbour\n"); 1489 goto release; 1490 } 1491 peer = inet_getpeer_v6(net->ipv6.peers, &rt->rt6i_dst.addr, 1); 1492 ret = inet_peer_xrlim_allow(peer, 1*HZ); 1493 if (peer) 1494 inet_putpeer(peer); 1495 if (!ret) 1496 goto release; 1497 1498 if (dev->addr_len) { 1499 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target); 1500 if (!neigh) { 1501 ND_PRINTK(2, warn, 1502 "Redirect: no neigh for target address\n"); 1503 goto release; 1504 } 1505 1506 read_lock_bh(&neigh->lock); 1507 if (neigh->nud_state & NUD_VALID) { 1508 memcpy(ha_buf, neigh->ha, dev->addr_len); 1509 read_unlock_bh(&neigh->lock); 1510 ha = ha_buf; 1511 optlen += ndisc_opt_addr_space(dev); 1512 } else 1513 read_unlock_bh(&neigh->lock); 1514 1515 neigh_release(neigh); 1516 } 1517 1518 rd_len = min_t(unsigned int, 1519 IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen, 1520 skb->len + 8); 1521 rd_len &= ~0x7; 1522 optlen += rd_len; 1523 1524 buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen); 1525 if (!buff) 1526 goto release; 1527 1528 msg = (struct rd_msg *)skb_put(buff, sizeof(*msg)); 1529 *msg = (struct rd_msg) { 1530 .icmph = { 1531 .icmp6_type = NDISC_REDIRECT, 1532 }, 1533 .target = *target, 1534 .dest = ipv6_hdr(skb)->daddr, 1535 }; 1536 1537 /* 1538 * include target_address option 1539 */ 1540 1541 if (ha) 1542 ndisc_fill_addr_option(buff, ND_OPT_TARGET_LL_ADDR, ha); 1543 1544 /* 1545 * build redirect option and copy skb over to the new packet. 1546 */ 1547 1548 if (rd_len) 1549 ndisc_fill_redirect_hdr_option(buff, skb, rd_len); 1550 1551 skb_dst_set(buff, dst); 1552 ndisc_send_skb(buff, &ipv6_hdr(skb)->saddr, &saddr_buf); 1553 return; 1554 1555 release: 1556 dst_release(dst); 1557 } 1558 1559 static void pndisc_redo(struct sk_buff *skb) 1560 { 1561 ndisc_recv_ns(skb); 1562 kfree_skb(skb); 1563 } 1564 1565 static bool ndisc_suppress_frag_ndisc(struct sk_buff *skb) 1566 { 1567 struct inet6_dev *idev = __in6_dev_get(skb->dev); 1568 1569 if (!idev) 1570 return true; 1571 if (IP6CB(skb)->flags & IP6SKB_FRAGMENTED && 1572 idev->cnf.suppress_frag_ndisc) { 1573 net_warn_ratelimited("Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.\n"); 1574 return true; 1575 } 1576 return false; 1577 } 1578 1579 int ndisc_rcv(struct sk_buff *skb) 1580 { 1581 struct nd_msg *msg; 1582 1583 if (ndisc_suppress_frag_ndisc(skb)) 1584 return 0; 1585 1586 if (skb_linearize(skb)) 1587 return 0; 1588 1589 msg = (struct nd_msg *)skb_transport_header(skb); 1590 1591 __skb_push(skb, skb->data - skb_transport_header(skb)); 1592 1593 if (ipv6_hdr(skb)->hop_limit != 255) { 1594 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n", 1595 ipv6_hdr(skb)->hop_limit); 1596 return 0; 1597 } 1598 1599 if (msg->icmph.icmp6_code != 0) { 1600 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n", 1601 msg->icmph.icmp6_code); 1602 return 0; 1603 } 1604 1605 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb)); 1606 1607 switch (msg->icmph.icmp6_type) { 1608 case NDISC_NEIGHBOUR_SOLICITATION: 1609 ndisc_recv_ns(skb); 1610 break; 1611 1612 case NDISC_NEIGHBOUR_ADVERTISEMENT: 1613 ndisc_recv_na(skb); 1614 break; 1615 1616 case NDISC_ROUTER_SOLICITATION: 1617 ndisc_recv_rs(skb); 1618 break; 1619 1620 case NDISC_ROUTER_ADVERTISEMENT: 1621 ndisc_router_discovery(skb); 1622 break; 1623 1624 case NDISC_REDIRECT: 1625 ndisc_redirect_rcv(skb); 1626 break; 1627 } 1628 1629 return 0; 1630 } 1631 1632 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr) 1633 { 1634 struct net_device *dev = netdev_notifier_info_to_dev(ptr); 1635 struct net *net = dev_net(dev); 1636 struct inet6_dev *idev; 1637 1638 switch (event) { 1639 case NETDEV_CHANGEADDR: 1640 neigh_changeaddr(&nd_tbl, dev); 1641 fib6_run_gc(0, net, false); 1642 idev = in6_dev_get(dev); 1643 if (!idev) 1644 break; 1645 if (idev->cnf.ndisc_notify) 1646 ndisc_send_unsol_na(dev); 1647 in6_dev_put(idev); 1648 break; 1649 case NETDEV_DOWN: 1650 neigh_ifdown(&nd_tbl, dev); 1651 fib6_run_gc(0, net, false); 1652 break; 1653 case NETDEV_NOTIFY_PEERS: 1654 ndisc_send_unsol_na(dev); 1655 break; 1656 default: 1657 break; 1658 } 1659 1660 return NOTIFY_DONE; 1661 } 1662 1663 static struct notifier_block ndisc_netdev_notifier = { 1664 .notifier_call = ndisc_netdev_event, 1665 }; 1666 1667 #ifdef CONFIG_SYSCTL 1668 static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl, 1669 const char *func, const char *dev_name) 1670 { 1671 static char warncomm[TASK_COMM_LEN]; 1672 static int warned; 1673 if (strcmp(warncomm, current->comm) && warned < 5) { 1674 strcpy(warncomm, current->comm); 1675 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n", 1676 warncomm, func, 1677 dev_name, ctl->procname, 1678 dev_name, ctl->procname); 1679 warned++; 1680 } 1681 } 1682 1683 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos) 1684 { 1685 struct net_device *dev = ctl->extra1; 1686 struct inet6_dev *idev; 1687 int ret; 1688 1689 if ((strcmp(ctl->procname, "retrans_time") == 0) || 1690 (strcmp(ctl->procname, "base_reachable_time") == 0)) 1691 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default"); 1692 1693 if (strcmp(ctl->procname, "retrans_time") == 0) 1694 ret = neigh_proc_dointvec(ctl, write, buffer, lenp, ppos); 1695 1696 else if (strcmp(ctl->procname, "base_reachable_time") == 0) 1697 ret = neigh_proc_dointvec_jiffies(ctl, write, 1698 buffer, lenp, ppos); 1699 1700 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) || 1701 (strcmp(ctl->procname, "base_reachable_time_ms") == 0)) 1702 ret = neigh_proc_dointvec_ms_jiffies(ctl, write, 1703 buffer, lenp, ppos); 1704 else 1705 ret = -1; 1706 1707 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) { 1708 if (ctl->data == &NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME)) 1709 idev->nd_parms->reachable_time = 1710 neigh_rand_reach_time(NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME)); 1711 idev->tstamp = jiffies; 1712 inet6_ifinfo_notify(RTM_NEWLINK, idev); 1713 in6_dev_put(idev); 1714 } 1715 return ret; 1716 } 1717 1718 1719 #endif 1720 1721 static int __net_init ndisc_net_init(struct net *net) 1722 { 1723 struct ipv6_pinfo *np; 1724 struct sock *sk; 1725 int err; 1726 1727 err = inet_ctl_sock_create(&sk, PF_INET6, 1728 SOCK_RAW, IPPROTO_ICMPV6, net); 1729 if (err < 0) { 1730 ND_PRINTK(0, err, 1731 "NDISC: Failed to initialize the control socket (err %d)\n", 1732 err); 1733 return err; 1734 } 1735 1736 net->ipv6.ndisc_sk = sk; 1737 1738 np = inet6_sk(sk); 1739 np->hop_limit = 255; 1740 /* Do not loopback ndisc messages */ 1741 np->mc_loop = 0; 1742 1743 return 0; 1744 } 1745 1746 static void __net_exit ndisc_net_exit(struct net *net) 1747 { 1748 inet_ctl_sock_destroy(net->ipv6.ndisc_sk); 1749 } 1750 1751 static struct pernet_operations ndisc_net_ops = { 1752 .init = ndisc_net_init, 1753 .exit = ndisc_net_exit, 1754 }; 1755 1756 int __init ndisc_init(void) 1757 { 1758 int err; 1759 1760 err = register_pernet_subsys(&ndisc_net_ops); 1761 if (err) 1762 return err; 1763 /* 1764 * Initialize the neighbour table 1765 */ 1766 neigh_table_init(&nd_tbl); 1767 1768 #ifdef CONFIG_SYSCTL 1769 err = neigh_sysctl_register(NULL, &nd_tbl.parms, 1770 ndisc_ifinfo_sysctl_change); 1771 if (err) 1772 goto out_unregister_pernet; 1773 out: 1774 #endif 1775 return err; 1776 1777 #ifdef CONFIG_SYSCTL 1778 out_unregister_pernet: 1779 unregister_pernet_subsys(&ndisc_net_ops); 1780 goto out; 1781 #endif 1782 } 1783 1784 int __init ndisc_late_init(void) 1785 { 1786 return register_netdevice_notifier(&ndisc_netdev_notifier); 1787 } 1788 1789 void ndisc_late_cleanup(void) 1790 { 1791 unregister_netdevice_notifier(&ndisc_netdev_notifier); 1792 } 1793 1794 void ndisc_cleanup(void) 1795 { 1796 #ifdef CONFIG_SYSCTL 1797 neigh_sysctl_unregister(&nd_tbl.parms); 1798 #endif 1799 neigh_table_clear(&nd_tbl); 1800 unregister_pernet_subsys(&ndisc_net_ops); 1801 } 1802