1 /* 2 * Neighbour Discovery for IPv6 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * Mike Shaver <shaver@ingenia.com> 8 * 9 * This program is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU General Public License 11 * as published by the Free Software Foundation; either version 12 * 2 of the License, or (at your option) any later version. 13 */ 14 15 /* 16 * Changes: 17 * 18 * Alexey I. Froloff : RFC6106 (DNSSL) support 19 * Pierre Ynard : export userland ND options 20 * through netlink (RDNSS support) 21 * Lars Fenneberg : fixed MTU setting on receipt 22 * of an RA. 23 * Janos Farkas : kmalloc failure checks 24 * Alexey Kuznetsov : state machine reworked 25 * and moved to net/core. 26 * Pekka Savola : RFC2461 validation 27 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly 28 */ 29 30 #define pr_fmt(fmt) "ICMPv6: " fmt 31 32 #include <linux/module.h> 33 #include <linux/errno.h> 34 #include <linux/types.h> 35 #include <linux/socket.h> 36 #include <linux/sockios.h> 37 #include <linux/sched.h> 38 #include <linux/net.h> 39 #include <linux/in6.h> 40 #include <linux/route.h> 41 #include <linux/init.h> 42 #include <linux/rcupdate.h> 43 #include <linux/slab.h> 44 #ifdef CONFIG_SYSCTL 45 #include <linux/sysctl.h> 46 #endif 47 48 #include <linux/if_addr.h> 49 #include <linux/if_arp.h> 50 #include <linux/ipv6.h> 51 #include <linux/icmpv6.h> 52 #include <linux/jhash.h> 53 54 #include <net/sock.h> 55 #include <net/snmp.h> 56 57 #include <net/ipv6.h> 58 #include <net/protocol.h> 59 #include <net/ndisc.h> 60 #include <net/ip6_route.h> 61 #include <net/addrconf.h> 62 #include <net/icmp.h> 63 64 #include <net/netlink.h> 65 #include <linux/rtnetlink.h> 66 67 #include <net/flow.h> 68 #include <net/ip6_checksum.h> 69 #include <net/inet_common.h> 70 #include <linux/proc_fs.h> 71 72 #include <linux/netfilter.h> 73 #include <linux/netfilter_ipv6.h> 74 75 /* Set to 3 to get tracing... */ 76 #define ND_DEBUG 1 77 78 #define ND_PRINTK(val, level, fmt, ...) \ 79 do { \ 80 if (val <= ND_DEBUG) \ 81 net_##level##_ratelimited(fmt, ##__VA_ARGS__); \ 82 } while (0) 83 84 static u32 ndisc_hash(const void *pkey, 85 const struct net_device *dev, 86 __u32 *hash_rnd); 87 static int ndisc_constructor(struct neighbour *neigh); 88 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb); 89 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb); 90 static int pndisc_constructor(struct pneigh_entry *n); 91 static void pndisc_destructor(struct pneigh_entry *n); 92 static void pndisc_redo(struct sk_buff *skb); 93 94 static const struct neigh_ops ndisc_generic_ops = { 95 .family = AF_INET6, 96 .solicit = ndisc_solicit, 97 .error_report = ndisc_error_report, 98 .output = neigh_resolve_output, 99 .connected_output = neigh_connected_output, 100 }; 101 102 static const struct neigh_ops ndisc_hh_ops = { 103 .family = AF_INET6, 104 .solicit = ndisc_solicit, 105 .error_report = ndisc_error_report, 106 .output = neigh_resolve_output, 107 .connected_output = neigh_resolve_output, 108 }; 109 110 111 static const struct neigh_ops ndisc_direct_ops = { 112 .family = AF_INET6, 113 .output = neigh_direct_output, 114 .connected_output = neigh_direct_output, 115 }; 116 117 struct neigh_table nd_tbl = { 118 .family = AF_INET6, 119 .key_len = sizeof(struct in6_addr), 120 .hash = ndisc_hash, 121 .constructor = ndisc_constructor, 122 .pconstructor = pndisc_constructor, 123 .pdestructor = pndisc_destructor, 124 .proxy_redo = pndisc_redo, 125 .id = "ndisc_cache", 126 .parms = { 127 .tbl = &nd_tbl, 128 .base_reachable_time = ND_REACHABLE_TIME, 129 .retrans_time = ND_RETRANS_TIMER, 130 .gc_staletime = 60 * HZ, 131 .reachable_time = ND_REACHABLE_TIME, 132 .delay_probe_time = 5 * HZ, 133 .queue_len_bytes = 64*1024, 134 .ucast_probes = 3, 135 .mcast_probes = 3, 136 .anycast_delay = 1 * HZ, 137 .proxy_delay = (8 * HZ) / 10, 138 .proxy_qlen = 64, 139 }, 140 .gc_interval = 30 * HZ, 141 .gc_thresh1 = 128, 142 .gc_thresh2 = 512, 143 .gc_thresh3 = 1024, 144 }; 145 146 static inline int ndisc_opt_addr_space(struct net_device *dev) 147 { 148 return NDISC_OPT_SPACE(dev->addr_len + ndisc_addr_option_pad(dev->type)); 149 } 150 151 static u8 *ndisc_fill_addr_option(u8 *opt, int type, void *data, int data_len, 152 unsigned short addr_type) 153 { 154 int pad = ndisc_addr_option_pad(addr_type); 155 int space = NDISC_OPT_SPACE(data_len + pad); 156 157 opt[0] = type; 158 opt[1] = space>>3; 159 160 memset(opt + 2, 0, pad); 161 opt += pad; 162 space -= pad; 163 164 memcpy(opt+2, data, data_len); 165 data_len += 2; 166 opt += data_len; 167 if ((space -= data_len) > 0) 168 memset(opt, 0, space); 169 return opt + space; 170 } 171 172 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur, 173 struct nd_opt_hdr *end) 174 { 175 int type; 176 if (!cur || !end || cur >= end) 177 return NULL; 178 type = cur->nd_opt_type; 179 do { 180 cur = ((void *)cur) + (cur->nd_opt_len << 3); 181 } while(cur < end && cur->nd_opt_type != type); 182 return cur <= end && cur->nd_opt_type == type ? cur : NULL; 183 } 184 185 static inline int ndisc_is_useropt(struct nd_opt_hdr *opt) 186 { 187 return opt->nd_opt_type == ND_OPT_RDNSS || 188 opt->nd_opt_type == ND_OPT_DNSSL; 189 } 190 191 static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur, 192 struct nd_opt_hdr *end) 193 { 194 if (!cur || !end || cur >= end) 195 return NULL; 196 do { 197 cur = ((void *)cur) + (cur->nd_opt_len << 3); 198 } while(cur < end && !ndisc_is_useropt(cur)); 199 return cur <= end && ndisc_is_useropt(cur) ? cur : NULL; 200 } 201 202 struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len, 203 struct ndisc_options *ndopts) 204 { 205 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt; 206 207 if (!nd_opt || opt_len < 0 || !ndopts) 208 return NULL; 209 memset(ndopts, 0, sizeof(*ndopts)); 210 while (opt_len) { 211 int l; 212 if (opt_len < sizeof(struct nd_opt_hdr)) 213 return NULL; 214 l = nd_opt->nd_opt_len << 3; 215 if (opt_len < l || l == 0) 216 return NULL; 217 switch (nd_opt->nd_opt_type) { 218 case ND_OPT_SOURCE_LL_ADDR: 219 case ND_OPT_TARGET_LL_ADDR: 220 case ND_OPT_MTU: 221 case ND_OPT_REDIRECT_HDR: 222 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) { 223 ND_PRINTK(2, warn, 224 "%s: duplicated ND6 option found: type=%d\n", 225 __func__, nd_opt->nd_opt_type); 226 } else { 227 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 228 } 229 break; 230 case ND_OPT_PREFIX_INFO: 231 ndopts->nd_opts_pi_end = nd_opt; 232 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type]) 233 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 234 break; 235 #ifdef CONFIG_IPV6_ROUTE_INFO 236 case ND_OPT_ROUTE_INFO: 237 ndopts->nd_opts_ri_end = nd_opt; 238 if (!ndopts->nd_opts_ri) 239 ndopts->nd_opts_ri = nd_opt; 240 break; 241 #endif 242 default: 243 if (ndisc_is_useropt(nd_opt)) { 244 ndopts->nd_useropts_end = nd_opt; 245 if (!ndopts->nd_useropts) 246 ndopts->nd_useropts = nd_opt; 247 } else { 248 /* 249 * Unknown options must be silently ignored, 250 * to accommodate future extension to the 251 * protocol. 252 */ 253 ND_PRINTK(2, notice, 254 "%s: ignored unsupported option; type=%d, len=%d\n", 255 __func__, 256 nd_opt->nd_opt_type, 257 nd_opt->nd_opt_len); 258 } 259 } 260 opt_len -= l; 261 nd_opt = ((void *)nd_opt) + l; 262 } 263 return ndopts; 264 } 265 266 int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir) 267 { 268 switch (dev->type) { 269 case ARPHRD_ETHER: 270 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */ 271 case ARPHRD_FDDI: 272 ipv6_eth_mc_map(addr, buf); 273 return 0; 274 case ARPHRD_ARCNET: 275 ipv6_arcnet_mc_map(addr, buf); 276 return 0; 277 case ARPHRD_INFINIBAND: 278 ipv6_ib_mc_map(addr, dev->broadcast, buf); 279 return 0; 280 case ARPHRD_IPGRE: 281 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf); 282 default: 283 if (dir) { 284 memcpy(buf, dev->broadcast, dev->addr_len); 285 return 0; 286 } 287 } 288 return -EINVAL; 289 } 290 291 EXPORT_SYMBOL(ndisc_mc_map); 292 293 static u32 ndisc_hash(const void *pkey, 294 const struct net_device *dev, 295 __u32 *hash_rnd) 296 { 297 return ndisc_hashfn(pkey, dev, hash_rnd); 298 } 299 300 static int ndisc_constructor(struct neighbour *neigh) 301 { 302 struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key; 303 struct net_device *dev = neigh->dev; 304 struct inet6_dev *in6_dev; 305 struct neigh_parms *parms; 306 bool is_multicast = ipv6_addr_is_multicast(addr); 307 308 in6_dev = in6_dev_get(dev); 309 if (in6_dev == NULL) { 310 return -EINVAL; 311 } 312 313 parms = in6_dev->nd_parms; 314 __neigh_parms_put(neigh->parms); 315 neigh->parms = neigh_parms_clone(parms); 316 317 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST; 318 if (!dev->header_ops) { 319 neigh->nud_state = NUD_NOARP; 320 neigh->ops = &ndisc_direct_ops; 321 neigh->output = neigh_direct_output; 322 } else { 323 if (is_multicast) { 324 neigh->nud_state = NUD_NOARP; 325 ndisc_mc_map(addr, neigh->ha, dev, 1); 326 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) { 327 neigh->nud_state = NUD_NOARP; 328 memcpy(neigh->ha, dev->dev_addr, dev->addr_len); 329 if (dev->flags&IFF_LOOPBACK) 330 neigh->type = RTN_LOCAL; 331 } else if (dev->flags&IFF_POINTOPOINT) { 332 neigh->nud_state = NUD_NOARP; 333 memcpy(neigh->ha, dev->broadcast, dev->addr_len); 334 } 335 if (dev->header_ops->cache) 336 neigh->ops = &ndisc_hh_ops; 337 else 338 neigh->ops = &ndisc_generic_ops; 339 if (neigh->nud_state&NUD_VALID) 340 neigh->output = neigh->ops->connected_output; 341 else 342 neigh->output = neigh->ops->output; 343 } 344 in6_dev_put(in6_dev); 345 return 0; 346 } 347 348 static int pndisc_constructor(struct pneigh_entry *n) 349 { 350 struct in6_addr *addr = (struct in6_addr*)&n->key; 351 struct in6_addr maddr; 352 struct net_device *dev = n->dev; 353 354 if (dev == NULL || __in6_dev_get(dev) == NULL) 355 return -EINVAL; 356 addrconf_addr_solict_mult(addr, &maddr); 357 ipv6_dev_mc_inc(dev, &maddr); 358 return 0; 359 } 360 361 static void pndisc_destructor(struct pneigh_entry *n) 362 { 363 struct in6_addr *addr = (struct in6_addr*)&n->key; 364 struct in6_addr maddr; 365 struct net_device *dev = n->dev; 366 367 if (dev == NULL || __in6_dev_get(dev) == NULL) 368 return; 369 addrconf_addr_solict_mult(addr, &maddr); 370 ipv6_dev_mc_dec(dev, &maddr); 371 } 372 373 static struct sk_buff *ndisc_build_skb(struct net_device *dev, 374 const struct in6_addr *daddr, 375 const struct in6_addr *saddr, 376 struct icmp6hdr *icmp6h, 377 const struct in6_addr *target, 378 int llinfo) 379 { 380 struct net *net = dev_net(dev); 381 struct sock *sk = net->ipv6.ndisc_sk; 382 struct sk_buff *skb; 383 struct icmp6hdr *hdr; 384 int hlen = LL_RESERVED_SPACE(dev); 385 int tlen = dev->needed_tailroom; 386 int len; 387 int err; 388 u8 *opt; 389 390 if (!dev->addr_len) 391 llinfo = 0; 392 393 len = sizeof(struct icmp6hdr) + (target ? sizeof(*target) : 0); 394 if (llinfo) 395 len += ndisc_opt_addr_space(dev); 396 397 skb = sock_alloc_send_skb(sk, 398 (MAX_HEADER + sizeof(struct ipv6hdr) + 399 len + hlen + tlen), 400 1, &err); 401 if (!skb) { 402 ND_PRINTK(0, err, "ND: %s failed to allocate an skb, err=%d\n", 403 __func__, err); 404 return NULL; 405 } 406 407 skb_reserve(skb, hlen); 408 ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len); 409 410 skb->transport_header = skb->tail; 411 skb_put(skb, len); 412 413 hdr = (struct icmp6hdr *)skb_transport_header(skb); 414 memcpy(hdr, icmp6h, sizeof(*hdr)); 415 416 opt = skb_transport_header(skb) + sizeof(struct icmp6hdr); 417 if (target) { 418 *(struct in6_addr *)opt = *target; 419 opt += sizeof(*target); 420 } 421 422 if (llinfo) 423 ndisc_fill_addr_option(opt, llinfo, dev->dev_addr, 424 dev->addr_len, dev->type); 425 426 hdr->icmp6_cksum = csum_ipv6_magic(saddr, daddr, len, 427 IPPROTO_ICMPV6, 428 csum_partial(hdr, 429 len, 0)); 430 431 return skb; 432 } 433 434 static void ndisc_send_skb(struct sk_buff *skb, struct net_device *dev, 435 struct neighbour *neigh, 436 const struct in6_addr *daddr, 437 const struct in6_addr *saddr, 438 struct icmp6hdr *icmp6h) 439 { 440 struct flowi6 fl6; 441 struct dst_entry *dst; 442 struct net *net = dev_net(dev); 443 struct sock *sk = net->ipv6.ndisc_sk; 444 struct inet6_dev *idev; 445 int err; 446 u8 type; 447 448 type = icmp6h->icmp6_type; 449 450 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, dev->ifindex); 451 dst = icmp6_dst_alloc(dev, neigh, &fl6); 452 if (IS_ERR(dst)) { 453 kfree_skb(skb); 454 return; 455 } 456 457 skb_dst_set(skb, dst); 458 459 rcu_read_lock(); 460 idev = __in6_dev_get(dst->dev); 461 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len); 462 463 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev, 464 dst_output); 465 if (!err) { 466 ICMP6MSGOUT_INC_STATS(net, idev, type); 467 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS); 468 } 469 470 rcu_read_unlock(); 471 } 472 473 /* 474 * Send a Neighbour Discover packet 475 */ 476 static void __ndisc_send(struct net_device *dev, 477 struct neighbour *neigh, 478 const struct in6_addr *daddr, 479 const struct in6_addr *saddr, 480 struct icmp6hdr *icmp6h, const struct in6_addr *target, 481 int llinfo) 482 { 483 struct sk_buff *skb; 484 485 skb = ndisc_build_skb(dev, daddr, saddr, icmp6h, target, llinfo); 486 if (!skb) 487 return; 488 489 ndisc_send_skb(skb, dev, neigh, daddr, saddr, icmp6h); 490 } 491 492 static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh, 493 const struct in6_addr *daddr, 494 const struct in6_addr *solicited_addr, 495 int router, int solicited, int override, int inc_opt) 496 { 497 struct in6_addr tmpaddr; 498 struct inet6_ifaddr *ifp; 499 const struct in6_addr *src_addr; 500 struct icmp6hdr icmp6h = { 501 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT, 502 }; 503 504 /* for anycast or proxy, solicited_addr != src_addr */ 505 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1); 506 if (ifp) { 507 src_addr = solicited_addr; 508 if (ifp->flags & IFA_F_OPTIMISTIC) 509 override = 0; 510 inc_opt |= ifp->idev->cnf.force_tllao; 511 in6_ifa_put(ifp); 512 } else { 513 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr, 514 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs, 515 &tmpaddr)) 516 return; 517 src_addr = &tmpaddr; 518 } 519 520 icmp6h.icmp6_router = router; 521 icmp6h.icmp6_solicited = solicited; 522 icmp6h.icmp6_override = override; 523 524 __ndisc_send(dev, neigh, daddr, src_addr, 525 &icmp6h, solicited_addr, 526 inc_opt ? ND_OPT_TARGET_LL_ADDR : 0); 527 } 528 529 static void ndisc_send_unsol_na(struct net_device *dev) 530 { 531 struct inet6_dev *idev; 532 struct inet6_ifaddr *ifa; 533 534 idev = in6_dev_get(dev); 535 if (!idev) 536 return; 537 538 read_lock_bh(&idev->lock); 539 list_for_each_entry(ifa, &idev->addr_list, if_list) { 540 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &ifa->addr, 541 /*router=*/ !!idev->cnf.forwarding, 542 /*solicited=*/ false, /*override=*/ true, 543 /*inc_opt=*/ true); 544 } 545 read_unlock_bh(&idev->lock); 546 547 in6_dev_put(idev); 548 } 549 550 void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh, 551 const struct in6_addr *solicit, 552 const struct in6_addr *daddr, const struct in6_addr *saddr) 553 { 554 struct in6_addr addr_buf; 555 struct icmp6hdr icmp6h = { 556 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION, 557 }; 558 559 if (saddr == NULL) { 560 if (ipv6_get_lladdr(dev, &addr_buf, 561 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))) 562 return; 563 saddr = &addr_buf; 564 } 565 566 __ndisc_send(dev, neigh, daddr, saddr, 567 &icmp6h, solicit, 568 !ipv6_addr_any(saddr) ? ND_OPT_SOURCE_LL_ADDR : 0); 569 } 570 571 void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr, 572 const struct in6_addr *daddr) 573 { 574 struct icmp6hdr icmp6h = { 575 .icmp6_type = NDISC_ROUTER_SOLICITATION, 576 }; 577 int send_sllao = dev->addr_len; 578 579 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD 580 /* 581 * According to section 2.2 of RFC 4429, we must not 582 * send router solicitations with a sllao from 583 * optimistic addresses, but we may send the solicitation 584 * if we don't include the sllao. So here we check 585 * if our address is optimistic, and if so, we 586 * suppress the inclusion of the sllao. 587 */ 588 if (send_sllao) { 589 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr, 590 dev, 1); 591 if (ifp) { 592 if (ifp->flags & IFA_F_OPTIMISTIC) { 593 send_sllao = 0; 594 } 595 in6_ifa_put(ifp); 596 } else { 597 send_sllao = 0; 598 } 599 } 600 #endif 601 __ndisc_send(dev, NULL, daddr, saddr, 602 &icmp6h, NULL, 603 send_sllao ? ND_OPT_SOURCE_LL_ADDR : 0); 604 } 605 606 607 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb) 608 { 609 /* 610 * "The sender MUST return an ICMP 611 * destination unreachable" 612 */ 613 dst_link_failure(skb); 614 kfree_skb(skb); 615 } 616 617 /* Called with locked neigh: either read or both */ 618 619 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb) 620 { 621 struct in6_addr *saddr = NULL; 622 struct in6_addr mcaddr; 623 struct net_device *dev = neigh->dev; 624 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key; 625 int probes = atomic_read(&neigh->probes); 626 627 if (skb && ipv6_chk_addr(dev_net(dev), &ipv6_hdr(skb)->saddr, dev, 1)) 628 saddr = &ipv6_hdr(skb)->saddr; 629 630 if ((probes -= neigh->parms->ucast_probes) < 0) { 631 if (!(neigh->nud_state & NUD_VALID)) { 632 ND_PRINTK(1, dbg, 633 "%s: trying to ucast probe in NUD_INVALID: %pI6\n", 634 __func__, target); 635 } 636 ndisc_send_ns(dev, neigh, target, target, saddr); 637 } else if ((probes -= neigh->parms->app_probes) < 0) { 638 #ifdef CONFIG_ARPD 639 neigh_app_ns(neigh); 640 #endif 641 } else { 642 addrconf_addr_solict_mult(target, &mcaddr); 643 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr); 644 } 645 } 646 647 static int pndisc_is_router(const void *pkey, 648 struct net_device *dev) 649 { 650 struct pneigh_entry *n; 651 int ret = -1; 652 653 read_lock_bh(&nd_tbl.lock); 654 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev); 655 if (n) 656 ret = !!(n->flags & NTF_ROUTER); 657 read_unlock_bh(&nd_tbl.lock); 658 659 return ret; 660 } 661 662 static void ndisc_recv_ns(struct sk_buff *skb) 663 { 664 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb); 665 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 666 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr; 667 u8 *lladdr = NULL; 668 u32 ndoptlen = skb->tail - (skb->transport_header + 669 offsetof(struct nd_msg, opt)); 670 struct ndisc_options ndopts; 671 struct net_device *dev = skb->dev; 672 struct inet6_ifaddr *ifp; 673 struct inet6_dev *idev = NULL; 674 struct neighbour *neigh; 675 int dad = ipv6_addr_any(saddr); 676 bool inc; 677 int is_router = -1; 678 679 if (ipv6_addr_is_multicast(&msg->target)) { 680 ND_PRINTK(2, warn, "NS: multicast target address\n"); 681 return; 682 } 683 684 /* 685 * RFC2461 7.1.1: 686 * DAD has to be destined for solicited node multicast address. 687 */ 688 if (dad && 689 !(daddr->s6_addr32[0] == htonl(0xff020000) && 690 daddr->s6_addr32[1] == htonl(0x00000000) && 691 daddr->s6_addr32[2] == htonl(0x00000001) && 692 daddr->s6_addr [12] == 0xff )) { 693 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n"); 694 return; 695 } 696 697 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) { 698 ND_PRINTK(2, warn, "NS: invalid ND options\n"); 699 return; 700 } 701 702 if (ndopts.nd_opts_src_lladdr) { 703 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev); 704 if (!lladdr) { 705 ND_PRINTK(2, warn, 706 "NS: invalid link-layer address length\n"); 707 return; 708 } 709 710 /* RFC2461 7.1.1: 711 * If the IP source address is the unspecified address, 712 * there MUST NOT be source link-layer address option 713 * in the message. 714 */ 715 if (dad) { 716 ND_PRINTK(2, warn, 717 "NS: bad DAD packet (link-layer address option)\n"); 718 return; 719 } 720 } 721 722 inc = ipv6_addr_is_multicast(daddr); 723 724 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1); 725 if (ifp) { 726 727 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) { 728 if (dad) { 729 /* 730 * We are colliding with another node 731 * who is doing DAD 732 * so fail our DAD process 733 */ 734 addrconf_dad_failure(ifp); 735 return; 736 } else { 737 /* 738 * This is not a dad solicitation. 739 * If we are an optimistic node, 740 * we should respond. 741 * Otherwise, we should ignore it. 742 */ 743 if (!(ifp->flags & IFA_F_OPTIMISTIC)) 744 goto out; 745 } 746 } 747 748 idev = ifp->idev; 749 } else { 750 struct net *net = dev_net(dev); 751 752 idev = in6_dev_get(dev); 753 if (!idev) { 754 /* XXX: count this drop? */ 755 return; 756 } 757 758 if (ipv6_chk_acast_addr(net, dev, &msg->target) || 759 (idev->cnf.forwarding && 760 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) && 761 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) { 762 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) && 763 skb->pkt_type != PACKET_HOST && 764 inc != 0 && 765 idev->nd_parms->proxy_delay != 0) { 766 /* 767 * for anycast or proxy, 768 * sender should delay its response 769 * by a random time between 0 and 770 * MAX_ANYCAST_DELAY_TIME seconds. 771 * (RFC2461) -- yoshfuji 772 */ 773 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC); 774 if (n) 775 pneigh_enqueue(&nd_tbl, idev->nd_parms, n); 776 goto out; 777 } 778 } else 779 goto out; 780 } 781 782 if (is_router < 0) 783 is_router = !!idev->cnf.forwarding; 784 785 if (dad) { 786 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &msg->target, 787 is_router, 0, (ifp != NULL), 1); 788 goto out; 789 } 790 791 if (inc) 792 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast); 793 else 794 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast); 795 796 /* 797 * update / create cache entry 798 * for the source address 799 */ 800 neigh = __neigh_lookup(&nd_tbl, saddr, dev, 801 !inc || lladdr || !dev->addr_len); 802 if (neigh) 803 neigh_update(neigh, lladdr, NUD_STALE, 804 NEIGH_UPDATE_F_WEAK_OVERRIDE| 805 NEIGH_UPDATE_F_OVERRIDE); 806 if (neigh || !dev->header_ops) { 807 ndisc_send_na(dev, neigh, saddr, &msg->target, 808 is_router, 809 1, (ifp != NULL && inc), inc); 810 if (neigh) 811 neigh_release(neigh); 812 } 813 814 out: 815 if (ifp) 816 in6_ifa_put(ifp); 817 else 818 in6_dev_put(idev); 819 } 820 821 static void ndisc_recv_na(struct sk_buff *skb) 822 { 823 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb); 824 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 825 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr; 826 u8 *lladdr = NULL; 827 u32 ndoptlen = skb->tail - (skb->transport_header + 828 offsetof(struct nd_msg, opt)); 829 struct ndisc_options ndopts; 830 struct net_device *dev = skb->dev; 831 struct inet6_ifaddr *ifp; 832 struct neighbour *neigh; 833 834 if (skb->len < sizeof(struct nd_msg)) { 835 ND_PRINTK(2, warn, "NA: packet too short\n"); 836 return; 837 } 838 839 if (ipv6_addr_is_multicast(&msg->target)) { 840 ND_PRINTK(2, warn, "NA: target address is multicast\n"); 841 return; 842 } 843 844 if (ipv6_addr_is_multicast(daddr) && 845 msg->icmph.icmp6_solicited) { 846 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n"); 847 return; 848 } 849 850 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) { 851 ND_PRINTK(2, warn, "NS: invalid ND option\n"); 852 return; 853 } 854 if (ndopts.nd_opts_tgt_lladdr) { 855 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev); 856 if (!lladdr) { 857 ND_PRINTK(2, warn, 858 "NA: invalid link-layer address length\n"); 859 return; 860 } 861 } 862 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1); 863 if (ifp) { 864 if (skb->pkt_type != PACKET_LOOPBACK 865 && (ifp->flags & IFA_F_TENTATIVE)) { 866 addrconf_dad_failure(ifp); 867 return; 868 } 869 /* What should we make now? The advertisement 870 is invalid, but ndisc specs say nothing 871 about it. It could be misconfiguration, or 872 an smart proxy agent tries to help us :-) 873 874 We should not print the error if NA has been 875 received from loopback - it is just our own 876 unsolicited advertisement. 877 */ 878 if (skb->pkt_type != PACKET_LOOPBACK) 879 ND_PRINTK(1, warn, 880 "NA: someone advertises our address %pI6 on %s!\n", 881 &ifp->addr, ifp->idev->dev->name); 882 in6_ifa_put(ifp); 883 return; 884 } 885 neigh = neigh_lookup(&nd_tbl, &msg->target, dev); 886 887 if (neigh) { 888 u8 old_flags = neigh->flags; 889 struct net *net = dev_net(dev); 890 891 if (neigh->nud_state & NUD_FAILED) 892 goto out; 893 894 /* 895 * Don't update the neighbor cache entry on a proxy NA from 896 * ourselves because either the proxied node is off link or it 897 * has already sent a NA to us. 898 */ 899 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) && 900 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp && 901 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) { 902 /* XXX: idev->cnf.proxy_ndp */ 903 goto out; 904 } 905 906 neigh_update(neigh, lladdr, 907 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE, 908 NEIGH_UPDATE_F_WEAK_OVERRIDE| 909 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)| 910 NEIGH_UPDATE_F_OVERRIDE_ISROUTER| 911 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0)); 912 913 if ((old_flags & ~neigh->flags) & NTF_ROUTER) { 914 /* 915 * Change: router to host 916 */ 917 struct rt6_info *rt; 918 rt = rt6_get_dflt_router(saddr, dev); 919 if (rt) 920 ip6_del_rt(rt); 921 } 922 923 out: 924 neigh_release(neigh); 925 } 926 } 927 928 static void ndisc_recv_rs(struct sk_buff *skb) 929 { 930 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb); 931 unsigned long ndoptlen = skb->len - sizeof(*rs_msg); 932 struct neighbour *neigh; 933 struct inet6_dev *idev; 934 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 935 struct ndisc_options ndopts; 936 u8 *lladdr = NULL; 937 938 if (skb->len < sizeof(*rs_msg)) 939 return; 940 941 idev = __in6_dev_get(skb->dev); 942 if (!idev) { 943 ND_PRINTK(1, err, "RS: can't find in6 device\n"); 944 return; 945 } 946 947 /* Don't accept RS if we're not in router mode */ 948 if (!idev->cnf.forwarding) 949 goto out; 950 951 /* 952 * Don't update NCE if src = ::; 953 * this implies that the source node has no ip address assigned yet. 954 */ 955 if (ipv6_addr_any(saddr)) 956 goto out; 957 958 /* Parse ND options */ 959 if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) { 960 ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n"); 961 goto out; 962 } 963 964 if (ndopts.nd_opts_src_lladdr) { 965 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, 966 skb->dev); 967 if (!lladdr) 968 goto out; 969 } 970 971 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1); 972 if (neigh) { 973 neigh_update(neigh, lladdr, NUD_STALE, 974 NEIGH_UPDATE_F_WEAK_OVERRIDE| 975 NEIGH_UPDATE_F_OVERRIDE| 976 NEIGH_UPDATE_F_OVERRIDE_ISROUTER); 977 neigh_release(neigh); 978 } 979 out: 980 return; 981 } 982 983 static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt) 984 { 985 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra); 986 struct sk_buff *skb; 987 struct nlmsghdr *nlh; 988 struct nduseroptmsg *ndmsg; 989 struct net *net = dev_net(ra->dev); 990 int err; 991 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg) 992 + (opt->nd_opt_len << 3)); 993 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr)); 994 995 skb = nlmsg_new(msg_size, GFP_ATOMIC); 996 if (skb == NULL) { 997 err = -ENOBUFS; 998 goto errout; 999 } 1000 1001 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0); 1002 if (nlh == NULL) { 1003 goto nla_put_failure; 1004 } 1005 1006 ndmsg = nlmsg_data(nlh); 1007 ndmsg->nduseropt_family = AF_INET6; 1008 ndmsg->nduseropt_ifindex = ra->dev->ifindex; 1009 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type; 1010 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code; 1011 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3; 1012 1013 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3); 1014 1015 if (nla_put(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr), 1016 &ipv6_hdr(ra)->saddr)) 1017 goto nla_put_failure; 1018 nlmsg_end(skb, nlh); 1019 1020 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC); 1021 return; 1022 1023 nla_put_failure: 1024 nlmsg_free(skb); 1025 err = -EMSGSIZE; 1026 errout: 1027 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err); 1028 } 1029 1030 static void ndisc_router_discovery(struct sk_buff *skb) 1031 { 1032 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb); 1033 struct neighbour *neigh = NULL; 1034 struct inet6_dev *in6_dev; 1035 struct rt6_info *rt = NULL; 1036 int lifetime; 1037 struct ndisc_options ndopts; 1038 int optlen; 1039 unsigned int pref = 0; 1040 1041 __u8 * opt = (__u8 *)(ra_msg + 1); 1042 1043 optlen = (skb->tail - skb->transport_header) - sizeof(struct ra_msg); 1044 1045 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) { 1046 ND_PRINTK(2, warn, "RA: source address is not link-local\n"); 1047 return; 1048 } 1049 if (optlen < 0) { 1050 ND_PRINTK(2, warn, "RA: packet too short\n"); 1051 return; 1052 } 1053 1054 #ifdef CONFIG_IPV6_NDISC_NODETYPE 1055 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) { 1056 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n"); 1057 return; 1058 } 1059 #endif 1060 1061 /* 1062 * set the RA_RECV flag in the interface 1063 */ 1064 1065 in6_dev = __in6_dev_get(skb->dev); 1066 if (in6_dev == NULL) { 1067 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n", 1068 skb->dev->name); 1069 return; 1070 } 1071 1072 if (!ndisc_parse_options(opt, optlen, &ndopts)) { 1073 ND_PRINTK(2, warn, "RA: invalid ND options\n"); 1074 return; 1075 } 1076 1077 if (!ipv6_accept_ra(in6_dev)) 1078 goto skip_linkparms; 1079 1080 #ifdef CONFIG_IPV6_NDISC_NODETYPE 1081 /* skip link-specific parameters from interior routers */ 1082 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) 1083 goto skip_linkparms; 1084 #endif 1085 1086 if (in6_dev->if_flags & IF_RS_SENT) { 1087 /* 1088 * flag that an RA was received after an RS was sent 1089 * out on this interface. 1090 */ 1091 in6_dev->if_flags |= IF_RA_RCVD; 1092 } 1093 1094 /* 1095 * Remember the managed/otherconf flags from most recently 1096 * received RA message (RFC 2462) -- yoshfuji 1097 */ 1098 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED | 1099 IF_RA_OTHERCONF)) | 1100 (ra_msg->icmph.icmp6_addrconf_managed ? 1101 IF_RA_MANAGED : 0) | 1102 (ra_msg->icmph.icmp6_addrconf_other ? 1103 IF_RA_OTHERCONF : 0); 1104 1105 if (!in6_dev->cnf.accept_ra_defrtr) 1106 goto skip_defrtr; 1107 1108 if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0)) 1109 goto skip_defrtr; 1110 1111 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime); 1112 1113 #ifdef CONFIG_IPV6_ROUTER_PREF 1114 pref = ra_msg->icmph.icmp6_router_pref; 1115 /* 10b is handled as if it were 00b (medium) */ 1116 if (pref == ICMPV6_ROUTER_PREF_INVALID || 1117 !in6_dev->cnf.accept_ra_rtr_pref) 1118 pref = ICMPV6_ROUTER_PREF_MEDIUM; 1119 #endif 1120 1121 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev); 1122 1123 if (rt) { 1124 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr); 1125 if (!neigh) { 1126 ND_PRINTK(0, err, 1127 "RA: %s got default router without neighbour\n", 1128 __func__); 1129 ip6_rt_put(rt); 1130 return; 1131 } 1132 } 1133 if (rt && lifetime == 0) { 1134 ip6_del_rt(rt); 1135 rt = NULL; 1136 } 1137 1138 if (rt == NULL && lifetime) { 1139 ND_PRINTK(3, dbg, "RA: adding default router\n"); 1140 1141 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref); 1142 if (rt == NULL) { 1143 ND_PRINTK(0, err, 1144 "RA: %s failed to add default route\n", 1145 __func__); 1146 return; 1147 } 1148 1149 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr); 1150 if (neigh == NULL) { 1151 ND_PRINTK(0, err, 1152 "RA: %s got default router without neighbour\n", 1153 __func__); 1154 ip6_rt_put(rt); 1155 return; 1156 } 1157 neigh->flags |= NTF_ROUTER; 1158 } else if (rt) { 1159 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref); 1160 } 1161 1162 if (rt) 1163 rt6_set_expires(rt, jiffies + (HZ * lifetime)); 1164 if (ra_msg->icmph.icmp6_hop_limit) { 1165 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit; 1166 if (rt) 1167 dst_metric_set(&rt->dst, RTAX_HOPLIMIT, 1168 ra_msg->icmph.icmp6_hop_limit); 1169 } 1170 1171 skip_defrtr: 1172 1173 /* 1174 * Update Reachable Time and Retrans Timer 1175 */ 1176 1177 if (in6_dev->nd_parms) { 1178 unsigned long rtime = ntohl(ra_msg->retrans_timer); 1179 1180 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) { 1181 rtime = (rtime*HZ)/1000; 1182 if (rtime < HZ/10) 1183 rtime = HZ/10; 1184 in6_dev->nd_parms->retrans_time = rtime; 1185 in6_dev->tstamp = jiffies; 1186 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev); 1187 } 1188 1189 rtime = ntohl(ra_msg->reachable_time); 1190 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) { 1191 rtime = (rtime*HZ)/1000; 1192 1193 if (rtime < HZ/10) 1194 rtime = HZ/10; 1195 1196 if (rtime != in6_dev->nd_parms->base_reachable_time) { 1197 in6_dev->nd_parms->base_reachable_time = rtime; 1198 in6_dev->nd_parms->gc_staletime = 3 * rtime; 1199 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime); 1200 in6_dev->tstamp = jiffies; 1201 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev); 1202 } 1203 } 1204 } 1205 1206 skip_linkparms: 1207 1208 /* 1209 * Process options. 1210 */ 1211 1212 if (!neigh) 1213 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr, 1214 skb->dev, 1); 1215 if (neigh) { 1216 u8 *lladdr = NULL; 1217 if (ndopts.nd_opts_src_lladdr) { 1218 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, 1219 skb->dev); 1220 if (!lladdr) { 1221 ND_PRINTK(2, warn, 1222 "RA: invalid link-layer address length\n"); 1223 goto out; 1224 } 1225 } 1226 neigh_update(neigh, lladdr, NUD_STALE, 1227 NEIGH_UPDATE_F_WEAK_OVERRIDE| 1228 NEIGH_UPDATE_F_OVERRIDE| 1229 NEIGH_UPDATE_F_OVERRIDE_ISROUTER| 1230 NEIGH_UPDATE_F_ISROUTER); 1231 } 1232 1233 if (!ipv6_accept_ra(in6_dev)) 1234 goto out; 1235 1236 #ifdef CONFIG_IPV6_ROUTE_INFO 1237 if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0)) 1238 goto skip_routeinfo; 1239 1240 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) { 1241 struct nd_opt_hdr *p; 1242 for (p = ndopts.nd_opts_ri; 1243 p; 1244 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) { 1245 struct route_info *ri = (struct route_info *)p; 1246 #ifdef CONFIG_IPV6_NDISC_NODETYPE 1247 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT && 1248 ri->prefix_len == 0) 1249 continue; 1250 #endif 1251 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen) 1252 continue; 1253 rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3, 1254 &ipv6_hdr(skb)->saddr); 1255 } 1256 } 1257 1258 skip_routeinfo: 1259 #endif 1260 1261 #ifdef CONFIG_IPV6_NDISC_NODETYPE 1262 /* skip link-specific ndopts from interior routers */ 1263 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) 1264 goto out; 1265 #endif 1266 1267 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) { 1268 struct nd_opt_hdr *p; 1269 for (p = ndopts.nd_opts_pi; 1270 p; 1271 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) { 1272 addrconf_prefix_rcv(skb->dev, (u8 *)p, 1273 (p->nd_opt_len) << 3, 1274 ndopts.nd_opts_src_lladdr != NULL); 1275 } 1276 } 1277 1278 if (ndopts.nd_opts_mtu) { 1279 __be32 n; 1280 u32 mtu; 1281 1282 memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu)); 1283 mtu = ntohl(n); 1284 1285 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) { 1286 ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu); 1287 } else if (in6_dev->cnf.mtu6 != mtu) { 1288 in6_dev->cnf.mtu6 = mtu; 1289 1290 if (rt) 1291 dst_metric_set(&rt->dst, RTAX_MTU, mtu); 1292 1293 rt6_mtu_change(skb->dev, mtu); 1294 } 1295 } 1296 1297 if (ndopts.nd_useropts) { 1298 struct nd_opt_hdr *p; 1299 for (p = ndopts.nd_useropts; 1300 p; 1301 p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) { 1302 ndisc_ra_useropt(skb, p); 1303 } 1304 } 1305 1306 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) { 1307 ND_PRINTK(2, warn, "RA: invalid RA options\n"); 1308 } 1309 out: 1310 ip6_rt_put(rt); 1311 if (neigh) 1312 neigh_release(neigh); 1313 } 1314 1315 static void ndisc_redirect_rcv(struct sk_buff *skb) 1316 { 1317 u8 *hdr; 1318 struct ndisc_options ndopts; 1319 struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb); 1320 u32 ndoptlen = skb->tail - (skb->transport_header + 1321 offsetof(struct rd_msg, opt)); 1322 1323 #ifdef CONFIG_IPV6_NDISC_NODETYPE 1324 switch (skb->ndisc_nodetype) { 1325 case NDISC_NODETYPE_HOST: 1326 case NDISC_NODETYPE_NODEFAULT: 1327 ND_PRINTK(2, warn, 1328 "Redirect: from host or unauthorized router\n"); 1329 return; 1330 } 1331 #endif 1332 1333 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) { 1334 ND_PRINTK(2, warn, 1335 "Redirect: source address is not link-local\n"); 1336 return; 1337 } 1338 1339 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) 1340 return; 1341 1342 if (!ndopts.nd_opts_rh) 1343 return; 1344 1345 hdr = (u8 *)ndopts.nd_opts_rh; 1346 hdr += 8; 1347 if (!pskb_pull(skb, hdr - skb_transport_header(skb))) 1348 return; 1349 1350 icmpv6_notify(skb, NDISC_REDIRECT, 0, 0); 1351 } 1352 1353 void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target) 1354 { 1355 struct net_device *dev = skb->dev; 1356 struct net *net = dev_net(dev); 1357 struct sock *sk = net->ipv6.ndisc_sk; 1358 int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr); 1359 struct inet_peer *peer; 1360 struct sk_buff *buff; 1361 struct icmp6hdr *icmph; 1362 struct in6_addr saddr_buf; 1363 struct in6_addr *addrp; 1364 struct rt6_info *rt; 1365 struct dst_entry *dst; 1366 struct inet6_dev *idev; 1367 struct flowi6 fl6; 1368 u8 *opt; 1369 int hlen, tlen; 1370 int rd_len; 1371 int err; 1372 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL; 1373 bool ret; 1374 1375 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) { 1376 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n", 1377 dev->name); 1378 return; 1379 } 1380 1381 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) && 1382 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) { 1383 ND_PRINTK(2, warn, 1384 "Redirect: target address is not link-local unicast\n"); 1385 return; 1386 } 1387 1388 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT, 1389 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex); 1390 1391 dst = ip6_route_output(net, NULL, &fl6); 1392 if (dst->error) { 1393 dst_release(dst); 1394 return; 1395 } 1396 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0); 1397 if (IS_ERR(dst)) 1398 return; 1399 1400 rt = (struct rt6_info *) dst; 1401 1402 if (rt->rt6i_flags & RTF_GATEWAY) { 1403 ND_PRINTK(2, warn, 1404 "Redirect: destination is not a neighbour\n"); 1405 goto release; 1406 } 1407 peer = inet_getpeer_v6(net->ipv6.peers, &rt->rt6i_dst.addr, 1); 1408 ret = inet_peer_xrlim_allow(peer, 1*HZ); 1409 if (peer) 1410 inet_putpeer(peer); 1411 if (!ret) 1412 goto release; 1413 1414 if (dev->addr_len) { 1415 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target); 1416 if (!neigh) { 1417 ND_PRINTK(2, warn, 1418 "Redirect: no neigh for target address\n"); 1419 goto release; 1420 } 1421 1422 read_lock_bh(&neigh->lock); 1423 if (neigh->nud_state & NUD_VALID) { 1424 memcpy(ha_buf, neigh->ha, dev->addr_len); 1425 read_unlock_bh(&neigh->lock); 1426 ha = ha_buf; 1427 len += ndisc_opt_addr_space(dev); 1428 } else 1429 read_unlock_bh(&neigh->lock); 1430 1431 neigh_release(neigh); 1432 } 1433 1434 rd_len = min_t(unsigned int, 1435 IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8); 1436 rd_len &= ~0x7; 1437 len += rd_len; 1438 1439 hlen = LL_RESERVED_SPACE(dev); 1440 tlen = dev->needed_tailroom; 1441 buff = sock_alloc_send_skb(sk, 1442 (MAX_HEADER + sizeof(struct ipv6hdr) + 1443 len + hlen + tlen), 1444 1, &err); 1445 if (buff == NULL) { 1446 ND_PRINTK(0, err, 1447 "Redirect: %s failed to allocate an skb, err=%d\n", 1448 __func__, err); 1449 goto release; 1450 } 1451 1452 skb_reserve(buff, hlen); 1453 ip6_nd_hdr(sk, buff, dev, &saddr_buf, &ipv6_hdr(skb)->saddr, 1454 IPPROTO_ICMPV6, len); 1455 1456 skb_set_transport_header(buff, skb_tail_pointer(buff) - buff->data); 1457 skb_put(buff, len); 1458 icmph = icmp6_hdr(buff); 1459 1460 memset(icmph, 0, sizeof(struct icmp6hdr)); 1461 icmph->icmp6_type = NDISC_REDIRECT; 1462 1463 /* 1464 * copy target and destination addresses 1465 */ 1466 1467 addrp = (struct in6_addr *)(icmph + 1); 1468 *addrp = *target; 1469 addrp++; 1470 *addrp = ipv6_hdr(skb)->daddr; 1471 1472 opt = (u8*) (addrp + 1); 1473 1474 /* 1475 * include target_address option 1476 */ 1477 1478 if (ha) 1479 opt = ndisc_fill_addr_option(opt, ND_OPT_TARGET_LL_ADDR, ha, 1480 dev->addr_len, dev->type); 1481 1482 /* 1483 * build redirect option and copy skb over to the new packet. 1484 */ 1485 1486 memset(opt, 0, 8); 1487 *(opt++) = ND_OPT_REDIRECT_HDR; 1488 *(opt++) = (rd_len >> 3); 1489 opt += 6; 1490 1491 memcpy(opt, ipv6_hdr(skb), rd_len - 8); 1492 1493 icmph->icmp6_cksum = csum_ipv6_magic(&saddr_buf, &ipv6_hdr(skb)->saddr, 1494 len, IPPROTO_ICMPV6, 1495 csum_partial(icmph, len, 0)); 1496 1497 skb_dst_set(buff, dst); 1498 rcu_read_lock(); 1499 idev = __in6_dev_get(dst->dev); 1500 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len); 1501 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, buff, NULL, dst->dev, 1502 dst_output); 1503 if (!err) { 1504 ICMP6MSGOUT_INC_STATS(net, idev, NDISC_REDIRECT); 1505 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS); 1506 } 1507 1508 rcu_read_unlock(); 1509 return; 1510 1511 release: 1512 dst_release(dst); 1513 } 1514 1515 static void pndisc_redo(struct sk_buff *skb) 1516 { 1517 ndisc_recv_ns(skb); 1518 kfree_skb(skb); 1519 } 1520 1521 int ndisc_rcv(struct sk_buff *skb) 1522 { 1523 struct nd_msg *msg; 1524 1525 if (!pskb_may_pull(skb, skb->len)) 1526 return 0; 1527 1528 msg = (struct nd_msg *)skb_transport_header(skb); 1529 1530 __skb_push(skb, skb->data - skb_transport_header(skb)); 1531 1532 if (ipv6_hdr(skb)->hop_limit != 255) { 1533 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n", 1534 ipv6_hdr(skb)->hop_limit); 1535 return 0; 1536 } 1537 1538 if (msg->icmph.icmp6_code != 0) { 1539 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n", 1540 msg->icmph.icmp6_code); 1541 return 0; 1542 } 1543 1544 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb)); 1545 1546 switch (msg->icmph.icmp6_type) { 1547 case NDISC_NEIGHBOUR_SOLICITATION: 1548 ndisc_recv_ns(skb); 1549 break; 1550 1551 case NDISC_NEIGHBOUR_ADVERTISEMENT: 1552 ndisc_recv_na(skb); 1553 break; 1554 1555 case NDISC_ROUTER_SOLICITATION: 1556 ndisc_recv_rs(skb); 1557 break; 1558 1559 case NDISC_ROUTER_ADVERTISEMENT: 1560 ndisc_router_discovery(skb); 1561 break; 1562 1563 case NDISC_REDIRECT: 1564 ndisc_redirect_rcv(skb); 1565 break; 1566 } 1567 1568 return 0; 1569 } 1570 1571 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr) 1572 { 1573 struct net_device *dev = ptr; 1574 struct net *net = dev_net(dev); 1575 struct inet6_dev *idev; 1576 1577 switch (event) { 1578 case NETDEV_CHANGEADDR: 1579 neigh_changeaddr(&nd_tbl, dev); 1580 fib6_run_gc(~0UL, net); 1581 idev = in6_dev_get(dev); 1582 if (!idev) 1583 break; 1584 if (idev->cnf.ndisc_notify) 1585 ndisc_send_unsol_na(dev); 1586 in6_dev_put(idev); 1587 break; 1588 case NETDEV_DOWN: 1589 neigh_ifdown(&nd_tbl, dev); 1590 fib6_run_gc(~0UL, net); 1591 break; 1592 case NETDEV_NOTIFY_PEERS: 1593 ndisc_send_unsol_na(dev); 1594 break; 1595 default: 1596 break; 1597 } 1598 1599 return NOTIFY_DONE; 1600 } 1601 1602 static struct notifier_block ndisc_netdev_notifier = { 1603 .notifier_call = ndisc_netdev_event, 1604 }; 1605 1606 #ifdef CONFIG_SYSCTL 1607 static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl, 1608 const char *func, const char *dev_name) 1609 { 1610 static char warncomm[TASK_COMM_LEN]; 1611 static int warned; 1612 if (strcmp(warncomm, current->comm) && warned < 5) { 1613 strcpy(warncomm, current->comm); 1614 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n", 1615 warncomm, func, 1616 dev_name, ctl->procname, 1617 dev_name, ctl->procname); 1618 warned++; 1619 } 1620 } 1621 1622 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos) 1623 { 1624 struct net_device *dev = ctl->extra1; 1625 struct inet6_dev *idev; 1626 int ret; 1627 1628 if ((strcmp(ctl->procname, "retrans_time") == 0) || 1629 (strcmp(ctl->procname, "base_reachable_time") == 0)) 1630 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default"); 1631 1632 if (strcmp(ctl->procname, "retrans_time") == 0) 1633 ret = proc_dointvec(ctl, write, buffer, lenp, ppos); 1634 1635 else if (strcmp(ctl->procname, "base_reachable_time") == 0) 1636 ret = proc_dointvec_jiffies(ctl, write, 1637 buffer, lenp, ppos); 1638 1639 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) || 1640 (strcmp(ctl->procname, "base_reachable_time_ms") == 0)) 1641 ret = proc_dointvec_ms_jiffies(ctl, write, 1642 buffer, lenp, ppos); 1643 else 1644 ret = -1; 1645 1646 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) { 1647 if (ctl->data == &idev->nd_parms->base_reachable_time) 1648 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time); 1649 idev->tstamp = jiffies; 1650 inet6_ifinfo_notify(RTM_NEWLINK, idev); 1651 in6_dev_put(idev); 1652 } 1653 return ret; 1654 } 1655 1656 1657 #endif 1658 1659 static int __net_init ndisc_net_init(struct net *net) 1660 { 1661 struct ipv6_pinfo *np; 1662 struct sock *sk; 1663 int err; 1664 1665 err = inet_ctl_sock_create(&sk, PF_INET6, 1666 SOCK_RAW, IPPROTO_ICMPV6, net); 1667 if (err < 0) { 1668 ND_PRINTK(0, err, 1669 "NDISC: Failed to initialize the control socket (err %d)\n", 1670 err); 1671 return err; 1672 } 1673 1674 net->ipv6.ndisc_sk = sk; 1675 1676 np = inet6_sk(sk); 1677 np->hop_limit = 255; 1678 /* Do not loopback ndisc messages */ 1679 np->mc_loop = 0; 1680 1681 return 0; 1682 } 1683 1684 static void __net_exit ndisc_net_exit(struct net *net) 1685 { 1686 inet_ctl_sock_destroy(net->ipv6.ndisc_sk); 1687 } 1688 1689 static struct pernet_operations ndisc_net_ops = { 1690 .init = ndisc_net_init, 1691 .exit = ndisc_net_exit, 1692 }; 1693 1694 int __init ndisc_init(void) 1695 { 1696 int err; 1697 1698 err = register_pernet_subsys(&ndisc_net_ops); 1699 if (err) 1700 return err; 1701 /* 1702 * Initialize the neighbour table 1703 */ 1704 neigh_table_init(&nd_tbl); 1705 1706 #ifdef CONFIG_SYSCTL 1707 err = neigh_sysctl_register(NULL, &nd_tbl.parms, "ipv6", 1708 &ndisc_ifinfo_sysctl_change); 1709 if (err) 1710 goto out_unregister_pernet; 1711 #endif 1712 err = register_netdevice_notifier(&ndisc_netdev_notifier); 1713 if (err) 1714 goto out_unregister_sysctl; 1715 out: 1716 return err; 1717 1718 out_unregister_sysctl: 1719 #ifdef CONFIG_SYSCTL 1720 neigh_sysctl_unregister(&nd_tbl.parms); 1721 out_unregister_pernet: 1722 #endif 1723 unregister_pernet_subsys(&ndisc_net_ops); 1724 goto out; 1725 } 1726 1727 void ndisc_cleanup(void) 1728 { 1729 unregister_netdevice_notifier(&ndisc_netdev_notifier); 1730 #ifdef CONFIG_SYSCTL 1731 neigh_sysctl_unregister(&nd_tbl.parms); 1732 #endif 1733 neigh_table_clear(&nd_tbl); 1734 unregister_pernet_subsys(&ndisc_net_ops); 1735 } 1736