1 /* 2 * Neighbour Discovery for IPv6 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * Mike Shaver <shaver@ingenia.com> 8 * 9 * This program is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU General Public License 11 * as published by the Free Software Foundation; either version 12 * 2 of the License, or (at your option) any later version. 13 */ 14 15 /* 16 * Changes: 17 * 18 * Alexey I. Froloff : RFC6106 (DNSSL) support 19 * Pierre Ynard : export userland ND options 20 * through netlink (RDNSS support) 21 * Lars Fenneberg : fixed MTU setting on receipt 22 * of an RA. 23 * Janos Farkas : kmalloc failure checks 24 * Alexey Kuznetsov : state machine reworked 25 * and moved to net/core. 26 * Pekka Savola : RFC2461 validation 27 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly 28 */ 29 30 #define pr_fmt(fmt) "ICMPv6: " fmt 31 32 #include <linux/module.h> 33 #include <linux/errno.h> 34 #include <linux/types.h> 35 #include <linux/socket.h> 36 #include <linux/sockios.h> 37 #include <linux/sched.h> 38 #include <linux/net.h> 39 #include <linux/in6.h> 40 #include <linux/route.h> 41 #include <linux/init.h> 42 #include <linux/rcupdate.h> 43 #include <linux/slab.h> 44 #ifdef CONFIG_SYSCTL 45 #include <linux/sysctl.h> 46 #endif 47 48 #include <linux/if_addr.h> 49 #include <linux/if_arp.h> 50 #include <linux/ipv6.h> 51 #include <linux/icmpv6.h> 52 #include <linux/jhash.h> 53 54 #include <net/sock.h> 55 #include <net/snmp.h> 56 57 #include <net/ipv6.h> 58 #include <net/protocol.h> 59 #include <net/ndisc.h> 60 #include <net/ip6_route.h> 61 #include <net/addrconf.h> 62 #include <net/icmp.h> 63 64 #include <net/netlink.h> 65 #include <linux/rtnetlink.h> 66 67 #include <net/flow.h> 68 #include <net/ip6_checksum.h> 69 #include <net/inet_common.h> 70 #include <linux/proc_fs.h> 71 72 #include <linux/netfilter.h> 73 #include <linux/netfilter_ipv6.h> 74 75 /* Set to 3 to get tracing... */ 76 #define ND_DEBUG 1 77 78 #define ND_PRINTK(val, level, fmt, ...) \ 79 do { \ 80 if (val <= ND_DEBUG) \ 81 net_##level##_ratelimited(fmt, ##__VA_ARGS__); \ 82 } while (0) 83 84 static u32 ndisc_hash(const void *pkey, 85 const struct net_device *dev, 86 __u32 *hash_rnd); 87 static int ndisc_constructor(struct neighbour *neigh); 88 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb); 89 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb); 90 static int pndisc_constructor(struct pneigh_entry *n); 91 static void pndisc_destructor(struct pneigh_entry *n); 92 static void pndisc_redo(struct sk_buff *skb); 93 94 static const struct neigh_ops ndisc_generic_ops = { 95 .family = AF_INET6, 96 .solicit = ndisc_solicit, 97 .error_report = ndisc_error_report, 98 .output = neigh_resolve_output, 99 .connected_output = neigh_connected_output, 100 }; 101 102 static const struct neigh_ops ndisc_hh_ops = { 103 .family = AF_INET6, 104 .solicit = ndisc_solicit, 105 .error_report = ndisc_error_report, 106 .output = neigh_resolve_output, 107 .connected_output = neigh_resolve_output, 108 }; 109 110 111 static const struct neigh_ops ndisc_direct_ops = { 112 .family = AF_INET6, 113 .output = neigh_direct_output, 114 .connected_output = neigh_direct_output, 115 }; 116 117 struct neigh_table nd_tbl = { 118 .family = AF_INET6, 119 .key_len = sizeof(struct in6_addr), 120 .hash = ndisc_hash, 121 .constructor = ndisc_constructor, 122 .pconstructor = pndisc_constructor, 123 .pdestructor = pndisc_destructor, 124 .proxy_redo = pndisc_redo, 125 .id = "ndisc_cache", 126 .parms = { 127 .tbl = &nd_tbl, 128 .base_reachable_time = ND_REACHABLE_TIME, 129 .retrans_time = ND_RETRANS_TIMER, 130 .gc_staletime = 60 * HZ, 131 .reachable_time = ND_REACHABLE_TIME, 132 .delay_probe_time = 5 * HZ, 133 .queue_len_bytes = 64*1024, 134 .ucast_probes = 3, 135 .mcast_probes = 3, 136 .anycast_delay = 1 * HZ, 137 .proxy_delay = (8 * HZ) / 10, 138 .proxy_qlen = 64, 139 }, 140 .gc_interval = 30 * HZ, 141 .gc_thresh1 = 128, 142 .gc_thresh2 = 512, 143 .gc_thresh3 = 1024, 144 }; 145 146 static void ndisc_fill_addr_option(struct sk_buff *skb, int type, void *data) 147 { 148 int pad = ndisc_addr_option_pad(skb->dev->type); 149 int data_len = skb->dev->addr_len; 150 int space = ndisc_opt_addr_space(skb->dev); 151 u8 *opt = skb_put(skb, space); 152 153 opt[0] = type; 154 opt[1] = space>>3; 155 156 memset(opt + 2, 0, pad); 157 opt += pad; 158 space -= pad; 159 160 memcpy(opt+2, data, data_len); 161 data_len += 2; 162 opt += data_len; 163 if ((space -= data_len) > 0) 164 memset(opt, 0, space); 165 } 166 167 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur, 168 struct nd_opt_hdr *end) 169 { 170 int type; 171 if (!cur || !end || cur >= end) 172 return NULL; 173 type = cur->nd_opt_type; 174 do { 175 cur = ((void *)cur) + (cur->nd_opt_len << 3); 176 } while(cur < end && cur->nd_opt_type != type); 177 return cur <= end && cur->nd_opt_type == type ? cur : NULL; 178 } 179 180 static inline int ndisc_is_useropt(struct nd_opt_hdr *opt) 181 { 182 return opt->nd_opt_type == ND_OPT_RDNSS || 183 opt->nd_opt_type == ND_OPT_DNSSL; 184 } 185 186 static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur, 187 struct nd_opt_hdr *end) 188 { 189 if (!cur || !end || cur >= end) 190 return NULL; 191 do { 192 cur = ((void *)cur) + (cur->nd_opt_len << 3); 193 } while(cur < end && !ndisc_is_useropt(cur)); 194 return cur <= end && ndisc_is_useropt(cur) ? cur : NULL; 195 } 196 197 struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len, 198 struct ndisc_options *ndopts) 199 { 200 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt; 201 202 if (!nd_opt || opt_len < 0 || !ndopts) 203 return NULL; 204 memset(ndopts, 0, sizeof(*ndopts)); 205 while (opt_len) { 206 int l; 207 if (opt_len < sizeof(struct nd_opt_hdr)) 208 return NULL; 209 l = nd_opt->nd_opt_len << 3; 210 if (opt_len < l || l == 0) 211 return NULL; 212 switch (nd_opt->nd_opt_type) { 213 case ND_OPT_SOURCE_LL_ADDR: 214 case ND_OPT_TARGET_LL_ADDR: 215 case ND_OPT_MTU: 216 case ND_OPT_REDIRECT_HDR: 217 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) { 218 ND_PRINTK(2, warn, 219 "%s: duplicated ND6 option found: type=%d\n", 220 __func__, nd_opt->nd_opt_type); 221 } else { 222 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 223 } 224 break; 225 case ND_OPT_PREFIX_INFO: 226 ndopts->nd_opts_pi_end = nd_opt; 227 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type]) 228 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 229 break; 230 #ifdef CONFIG_IPV6_ROUTE_INFO 231 case ND_OPT_ROUTE_INFO: 232 ndopts->nd_opts_ri_end = nd_opt; 233 if (!ndopts->nd_opts_ri) 234 ndopts->nd_opts_ri = nd_opt; 235 break; 236 #endif 237 default: 238 if (ndisc_is_useropt(nd_opt)) { 239 ndopts->nd_useropts_end = nd_opt; 240 if (!ndopts->nd_useropts) 241 ndopts->nd_useropts = nd_opt; 242 } else { 243 /* 244 * Unknown options must be silently ignored, 245 * to accommodate future extension to the 246 * protocol. 247 */ 248 ND_PRINTK(2, notice, 249 "%s: ignored unsupported option; type=%d, len=%d\n", 250 __func__, 251 nd_opt->nd_opt_type, 252 nd_opt->nd_opt_len); 253 } 254 } 255 opt_len -= l; 256 nd_opt = ((void *)nd_opt) + l; 257 } 258 return ndopts; 259 } 260 261 int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir) 262 { 263 switch (dev->type) { 264 case ARPHRD_ETHER: 265 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */ 266 case ARPHRD_FDDI: 267 ipv6_eth_mc_map(addr, buf); 268 return 0; 269 case ARPHRD_ARCNET: 270 ipv6_arcnet_mc_map(addr, buf); 271 return 0; 272 case ARPHRD_INFINIBAND: 273 ipv6_ib_mc_map(addr, dev->broadcast, buf); 274 return 0; 275 case ARPHRD_IPGRE: 276 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf); 277 default: 278 if (dir) { 279 memcpy(buf, dev->broadcast, dev->addr_len); 280 return 0; 281 } 282 } 283 return -EINVAL; 284 } 285 286 EXPORT_SYMBOL(ndisc_mc_map); 287 288 static u32 ndisc_hash(const void *pkey, 289 const struct net_device *dev, 290 __u32 *hash_rnd) 291 { 292 return ndisc_hashfn(pkey, dev, hash_rnd); 293 } 294 295 static int ndisc_constructor(struct neighbour *neigh) 296 { 297 struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key; 298 struct net_device *dev = neigh->dev; 299 struct inet6_dev *in6_dev; 300 struct neigh_parms *parms; 301 bool is_multicast = ipv6_addr_is_multicast(addr); 302 303 in6_dev = in6_dev_get(dev); 304 if (in6_dev == NULL) { 305 return -EINVAL; 306 } 307 308 parms = in6_dev->nd_parms; 309 __neigh_parms_put(neigh->parms); 310 neigh->parms = neigh_parms_clone(parms); 311 312 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST; 313 if (!dev->header_ops) { 314 neigh->nud_state = NUD_NOARP; 315 neigh->ops = &ndisc_direct_ops; 316 neigh->output = neigh_direct_output; 317 } else { 318 if (is_multicast) { 319 neigh->nud_state = NUD_NOARP; 320 ndisc_mc_map(addr, neigh->ha, dev, 1); 321 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) { 322 neigh->nud_state = NUD_NOARP; 323 memcpy(neigh->ha, dev->dev_addr, dev->addr_len); 324 if (dev->flags&IFF_LOOPBACK) 325 neigh->type = RTN_LOCAL; 326 } else if (dev->flags&IFF_POINTOPOINT) { 327 neigh->nud_state = NUD_NOARP; 328 memcpy(neigh->ha, dev->broadcast, dev->addr_len); 329 } 330 if (dev->header_ops->cache) 331 neigh->ops = &ndisc_hh_ops; 332 else 333 neigh->ops = &ndisc_generic_ops; 334 if (neigh->nud_state&NUD_VALID) 335 neigh->output = neigh->ops->connected_output; 336 else 337 neigh->output = neigh->ops->output; 338 } 339 in6_dev_put(in6_dev); 340 return 0; 341 } 342 343 static int pndisc_constructor(struct pneigh_entry *n) 344 { 345 struct in6_addr *addr = (struct in6_addr*)&n->key; 346 struct in6_addr maddr; 347 struct net_device *dev = n->dev; 348 349 if (dev == NULL || __in6_dev_get(dev) == NULL) 350 return -EINVAL; 351 addrconf_addr_solict_mult(addr, &maddr); 352 ipv6_dev_mc_inc(dev, &maddr); 353 return 0; 354 } 355 356 static void pndisc_destructor(struct pneigh_entry *n) 357 { 358 struct in6_addr *addr = (struct in6_addr*)&n->key; 359 struct in6_addr maddr; 360 struct net_device *dev = n->dev; 361 362 if (dev == NULL || __in6_dev_get(dev) == NULL) 363 return; 364 addrconf_addr_solict_mult(addr, &maddr); 365 ipv6_dev_mc_dec(dev, &maddr); 366 } 367 368 static struct sk_buff *ndisc_alloc_skb(struct net_device *dev, 369 int len) 370 { 371 int hlen = LL_RESERVED_SPACE(dev); 372 int tlen = dev->needed_tailroom; 373 struct sock *sk = dev_net(dev)->ipv6.ndisc_sk; 374 struct sk_buff *skb; 375 376 skb = alloc_skb(hlen + sizeof(struct ipv6hdr) + len + tlen, GFP_ATOMIC); 377 if (!skb) { 378 ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb\n", 379 __func__); 380 return NULL; 381 } 382 383 skb->protocol = htons(ETH_P_IPV6); 384 skb->dev = dev; 385 386 skb_reserve(skb, hlen + sizeof(struct ipv6hdr)); 387 skb_reset_transport_header(skb); 388 389 /* Manually assign socket ownership as we avoid calling 390 * sock_alloc_send_pskb() to bypass wmem buffer limits 391 */ 392 skb_set_owner_w(skb, sk); 393 394 return skb; 395 } 396 397 static void ip6_nd_hdr(struct sk_buff *skb, 398 const struct in6_addr *saddr, 399 const struct in6_addr *daddr, 400 int hop_limit, int len) 401 { 402 struct ipv6hdr *hdr; 403 404 skb_push(skb, sizeof(*hdr)); 405 skb_reset_network_header(skb); 406 hdr = ipv6_hdr(skb); 407 408 ip6_flow_hdr(hdr, 0, 0); 409 410 hdr->payload_len = htons(len); 411 hdr->nexthdr = IPPROTO_ICMPV6; 412 hdr->hop_limit = hop_limit; 413 414 hdr->saddr = *saddr; 415 hdr->daddr = *daddr; 416 } 417 418 static void ndisc_send_skb(struct sk_buff *skb, 419 const struct in6_addr *daddr, 420 const struct in6_addr *saddr) 421 { 422 struct dst_entry *dst = skb_dst(skb); 423 struct net *net = dev_net(skb->dev); 424 struct sock *sk = net->ipv6.ndisc_sk; 425 struct inet6_dev *idev; 426 int err; 427 struct icmp6hdr *icmp6h = icmp6_hdr(skb); 428 u8 type; 429 430 type = icmp6h->icmp6_type; 431 432 if (!dst) { 433 struct flowi6 fl6; 434 435 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, skb->dev->ifindex); 436 dst = icmp6_dst_alloc(skb->dev, &fl6); 437 if (IS_ERR(dst)) { 438 kfree_skb(skb); 439 return; 440 } 441 442 skb_dst_set(skb, dst); 443 } 444 445 icmp6h->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len, 446 IPPROTO_ICMPV6, 447 csum_partial(icmp6h, 448 skb->len, 0)); 449 450 ip6_nd_hdr(skb, saddr, daddr, inet6_sk(sk)->hop_limit, skb->len); 451 452 rcu_read_lock(); 453 idev = __in6_dev_get(dst->dev); 454 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len); 455 456 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev, 457 dst_output); 458 if (!err) { 459 ICMP6MSGOUT_INC_STATS(net, idev, type); 460 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS); 461 } 462 463 rcu_read_unlock(); 464 } 465 466 void ndisc_send_na(struct net_device *dev, struct neighbour *neigh, 467 const struct in6_addr *daddr, 468 const struct in6_addr *solicited_addr, 469 bool router, bool solicited, bool override, bool inc_opt) 470 { 471 struct sk_buff *skb; 472 struct in6_addr tmpaddr; 473 struct inet6_ifaddr *ifp; 474 const struct in6_addr *src_addr; 475 struct nd_msg *msg; 476 int optlen = 0; 477 478 /* for anycast or proxy, solicited_addr != src_addr */ 479 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1); 480 if (ifp) { 481 src_addr = solicited_addr; 482 if (ifp->flags & IFA_F_OPTIMISTIC) 483 override = false; 484 inc_opt |= ifp->idev->cnf.force_tllao; 485 in6_ifa_put(ifp); 486 } else { 487 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr, 488 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs, 489 &tmpaddr)) 490 return; 491 src_addr = &tmpaddr; 492 } 493 494 if (!dev->addr_len) 495 inc_opt = 0; 496 if (inc_opt) 497 optlen += ndisc_opt_addr_space(dev); 498 499 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen); 500 if (!skb) 501 return; 502 503 msg = (struct nd_msg *)skb_put(skb, sizeof(*msg)); 504 *msg = (struct nd_msg) { 505 .icmph = { 506 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT, 507 .icmp6_router = router, 508 .icmp6_solicited = solicited, 509 .icmp6_override = override, 510 }, 511 .target = *solicited_addr, 512 }; 513 514 if (inc_opt) 515 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR, 516 dev->dev_addr); 517 518 519 ndisc_send_skb(skb, daddr, src_addr); 520 } 521 522 static void ndisc_send_unsol_na(struct net_device *dev) 523 { 524 struct inet6_dev *idev; 525 struct inet6_ifaddr *ifa; 526 527 idev = in6_dev_get(dev); 528 if (!idev) 529 return; 530 531 read_lock_bh(&idev->lock); 532 list_for_each_entry(ifa, &idev->addr_list, if_list) { 533 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &ifa->addr, 534 /*router=*/ !!idev->cnf.forwarding, 535 /*solicited=*/ false, /*override=*/ true, 536 /*inc_opt=*/ true); 537 } 538 read_unlock_bh(&idev->lock); 539 540 in6_dev_put(idev); 541 } 542 543 void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh, 544 const struct in6_addr *solicit, 545 const struct in6_addr *daddr, const struct in6_addr *saddr) 546 { 547 struct sk_buff *skb; 548 struct in6_addr addr_buf; 549 int inc_opt = dev->addr_len; 550 int optlen = 0; 551 struct nd_msg *msg; 552 553 if (saddr == NULL) { 554 if (ipv6_get_lladdr(dev, &addr_buf, 555 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))) 556 return; 557 saddr = &addr_buf; 558 } 559 560 if (ipv6_addr_any(saddr)) 561 inc_opt = false; 562 if (inc_opt) 563 optlen += ndisc_opt_addr_space(dev); 564 565 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen); 566 if (!skb) 567 return; 568 569 msg = (struct nd_msg *)skb_put(skb, sizeof(*msg)); 570 *msg = (struct nd_msg) { 571 .icmph = { 572 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION, 573 }, 574 .target = *solicit, 575 }; 576 577 if (inc_opt) 578 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR, 579 dev->dev_addr); 580 581 ndisc_send_skb(skb, daddr, saddr); 582 } 583 584 void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr, 585 const struct in6_addr *daddr) 586 { 587 struct sk_buff *skb; 588 struct rs_msg *msg; 589 int send_sllao = dev->addr_len; 590 int optlen = 0; 591 592 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD 593 /* 594 * According to section 2.2 of RFC 4429, we must not 595 * send router solicitations with a sllao from 596 * optimistic addresses, but we may send the solicitation 597 * if we don't include the sllao. So here we check 598 * if our address is optimistic, and if so, we 599 * suppress the inclusion of the sllao. 600 */ 601 if (send_sllao) { 602 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr, 603 dev, 1); 604 if (ifp) { 605 if (ifp->flags & IFA_F_OPTIMISTIC) { 606 send_sllao = 0; 607 } 608 in6_ifa_put(ifp); 609 } else { 610 send_sllao = 0; 611 } 612 } 613 #endif 614 if (send_sllao) 615 optlen += ndisc_opt_addr_space(dev); 616 617 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen); 618 if (!skb) 619 return; 620 621 msg = (struct rs_msg *)skb_put(skb, sizeof(*msg)); 622 *msg = (struct rs_msg) { 623 .icmph = { 624 .icmp6_type = NDISC_ROUTER_SOLICITATION, 625 }, 626 }; 627 628 if (send_sllao) 629 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR, 630 dev->dev_addr); 631 632 ndisc_send_skb(skb, daddr, saddr); 633 } 634 635 636 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb) 637 { 638 /* 639 * "The sender MUST return an ICMP 640 * destination unreachable" 641 */ 642 dst_link_failure(skb); 643 kfree_skb(skb); 644 } 645 646 /* Called with locked neigh: either read or both */ 647 648 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb) 649 { 650 struct in6_addr *saddr = NULL; 651 struct in6_addr mcaddr; 652 struct net_device *dev = neigh->dev; 653 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key; 654 int probes = atomic_read(&neigh->probes); 655 656 if (skb && ipv6_chk_addr(dev_net(dev), &ipv6_hdr(skb)->saddr, dev, 1)) 657 saddr = &ipv6_hdr(skb)->saddr; 658 659 if ((probes -= neigh->parms->ucast_probes) < 0) { 660 if (!(neigh->nud_state & NUD_VALID)) { 661 ND_PRINTK(1, dbg, 662 "%s: trying to ucast probe in NUD_INVALID: %pI6\n", 663 __func__, target); 664 } 665 ndisc_send_ns(dev, neigh, target, target, saddr); 666 } else if ((probes -= neigh->parms->app_probes) < 0) { 667 neigh_app_ns(neigh); 668 } else { 669 addrconf_addr_solict_mult(target, &mcaddr); 670 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr); 671 } 672 } 673 674 static int pndisc_is_router(const void *pkey, 675 struct net_device *dev) 676 { 677 struct pneigh_entry *n; 678 int ret = -1; 679 680 read_lock_bh(&nd_tbl.lock); 681 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev); 682 if (n) 683 ret = !!(n->flags & NTF_ROUTER); 684 read_unlock_bh(&nd_tbl.lock); 685 686 return ret; 687 } 688 689 static void ndisc_recv_ns(struct sk_buff *skb) 690 { 691 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb); 692 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 693 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr; 694 u8 *lladdr = NULL; 695 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) + 696 offsetof(struct nd_msg, opt)); 697 struct ndisc_options ndopts; 698 struct net_device *dev = skb->dev; 699 struct inet6_ifaddr *ifp; 700 struct inet6_dev *idev = NULL; 701 struct neighbour *neigh; 702 int dad = ipv6_addr_any(saddr); 703 bool inc; 704 int is_router = -1; 705 706 if (skb->len < sizeof(struct nd_msg)) { 707 ND_PRINTK(2, warn, "NS: packet too short\n"); 708 return; 709 } 710 711 if (ipv6_addr_is_multicast(&msg->target)) { 712 ND_PRINTK(2, warn, "NS: multicast target address\n"); 713 return; 714 } 715 716 /* 717 * RFC2461 7.1.1: 718 * DAD has to be destined for solicited node multicast address. 719 */ 720 if (dad && !ipv6_addr_is_solict_mult(daddr)) { 721 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n"); 722 return; 723 } 724 725 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) { 726 ND_PRINTK(2, warn, "NS: invalid ND options\n"); 727 return; 728 } 729 730 if (ndopts.nd_opts_src_lladdr) { 731 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev); 732 if (!lladdr) { 733 ND_PRINTK(2, warn, 734 "NS: invalid link-layer address length\n"); 735 return; 736 } 737 738 /* RFC2461 7.1.1: 739 * If the IP source address is the unspecified address, 740 * there MUST NOT be source link-layer address option 741 * in the message. 742 */ 743 if (dad) { 744 ND_PRINTK(2, warn, 745 "NS: bad DAD packet (link-layer address option)\n"); 746 return; 747 } 748 } 749 750 inc = ipv6_addr_is_multicast(daddr); 751 752 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1); 753 if (ifp) { 754 755 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) { 756 if (dad) { 757 /* 758 * We are colliding with another node 759 * who is doing DAD 760 * so fail our DAD process 761 */ 762 addrconf_dad_failure(ifp); 763 return; 764 } else { 765 /* 766 * This is not a dad solicitation. 767 * If we are an optimistic node, 768 * we should respond. 769 * Otherwise, we should ignore it. 770 */ 771 if (!(ifp->flags & IFA_F_OPTIMISTIC)) 772 goto out; 773 } 774 } 775 776 idev = ifp->idev; 777 } else { 778 struct net *net = dev_net(dev); 779 780 idev = in6_dev_get(dev); 781 if (!idev) { 782 /* XXX: count this drop? */ 783 return; 784 } 785 786 if (ipv6_chk_acast_addr(net, dev, &msg->target) || 787 (idev->cnf.forwarding && 788 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) && 789 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) { 790 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) && 791 skb->pkt_type != PACKET_HOST && 792 inc && 793 idev->nd_parms->proxy_delay != 0) { 794 /* 795 * for anycast or proxy, 796 * sender should delay its response 797 * by a random time between 0 and 798 * MAX_ANYCAST_DELAY_TIME seconds. 799 * (RFC2461) -- yoshfuji 800 */ 801 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC); 802 if (n) 803 pneigh_enqueue(&nd_tbl, idev->nd_parms, n); 804 goto out; 805 } 806 } else 807 goto out; 808 } 809 810 if (is_router < 0) 811 is_router = idev->cnf.forwarding; 812 813 if (dad) { 814 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &msg->target, 815 !!is_router, false, (ifp != NULL), true); 816 goto out; 817 } 818 819 if (inc) 820 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast); 821 else 822 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast); 823 824 /* 825 * update / create cache entry 826 * for the source address 827 */ 828 neigh = __neigh_lookup(&nd_tbl, saddr, dev, 829 !inc || lladdr || !dev->addr_len); 830 if (neigh) 831 neigh_update(neigh, lladdr, NUD_STALE, 832 NEIGH_UPDATE_F_WEAK_OVERRIDE| 833 NEIGH_UPDATE_F_OVERRIDE); 834 if (neigh || !dev->header_ops) { 835 ndisc_send_na(dev, neigh, saddr, &msg->target, 836 !!is_router, 837 true, (ifp != NULL && inc), inc); 838 if (neigh) 839 neigh_release(neigh); 840 } 841 842 out: 843 if (ifp) 844 in6_ifa_put(ifp); 845 else 846 in6_dev_put(idev); 847 } 848 849 static void ndisc_recv_na(struct sk_buff *skb) 850 { 851 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb); 852 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 853 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr; 854 u8 *lladdr = NULL; 855 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) + 856 offsetof(struct nd_msg, opt)); 857 struct ndisc_options ndopts; 858 struct net_device *dev = skb->dev; 859 struct inet6_ifaddr *ifp; 860 struct neighbour *neigh; 861 862 if (skb->len < sizeof(struct nd_msg)) { 863 ND_PRINTK(2, warn, "NA: packet too short\n"); 864 return; 865 } 866 867 if (ipv6_addr_is_multicast(&msg->target)) { 868 ND_PRINTK(2, warn, "NA: target address is multicast\n"); 869 return; 870 } 871 872 if (ipv6_addr_is_multicast(daddr) && 873 msg->icmph.icmp6_solicited) { 874 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n"); 875 return; 876 } 877 878 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) { 879 ND_PRINTK(2, warn, "NS: invalid ND option\n"); 880 return; 881 } 882 if (ndopts.nd_opts_tgt_lladdr) { 883 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev); 884 if (!lladdr) { 885 ND_PRINTK(2, warn, 886 "NA: invalid link-layer address length\n"); 887 return; 888 } 889 } 890 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1); 891 if (ifp) { 892 if (skb->pkt_type != PACKET_LOOPBACK 893 && (ifp->flags & IFA_F_TENTATIVE)) { 894 addrconf_dad_failure(ifp); 895 return; 896 } 897 /* What should we make now? The advertisement 898 is invalid, but ndisc specs say nothing 899 about it. It could be misconfiguration, or 900 an smart proxy agent tries to help us :-) 901 902 We should not print the error if NA has been 903 received from loopback - it is just our own 904 unsolicited advertisement. 905 */ 906 if (skb->pkt_type != PACKET_LOOPBACK) 907 ND_PRINTK(1, warn, 908 "NA: someone advertises our address %pI6 on %s!\n", 909 &ifp->addr, ifp->idev->dev->name); 910 in6_ifa_put(ifp); 911 return; 912 } 913 neigh = neigh_lookup(&nd_tbl, &msg->target, dev); 914 915 if (neigh) { 916 u8 old_flags = neigh->flags; 917 struct net *net = dev_net(dev); 918 919 if (neigh->nud_state & NUD_FAILED) 920 goto out; 921 922 /* 923 * Don't update the neighbor cache entry on a proxy NA from 924 * ourselves because either the proxied node is off link or it 925 * has already sent a NA to us. 926 */ 927 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) && 928 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp && 929 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) { 930 /* XXX: idev->cnf.proxy_ndp */ 931 goto out; 932 } 933 934 neigh_update(neigh, lladdr, 935 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE, 936 NEIGH_UPDATE_F_WEAK_OVERRIDE| 937 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)| 938 NEIGH_UPDATE_F_OVERRIDE_ISROUTER| 939 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0)); 940 941 if ((old_flags & ~neigh->flags) & NTF_ROUTER) { 942 /* 943 * Change: router to host 944 */ 945 struct rt6_info *rt; 946 rt = rt6_get_dflt_router(saddr, dev); 947 if (rt) 948 ip6_del_rt(rt); 949 } 950 951 out: 952 neigh_release(neigh); 953 } 954 } 955 956 static void ndisc_recv_rs(struct sk_buff *skb) 957 { 958 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb); 959 unsigned long ndoptlen = skb->len - sizeof(*rs_msg); 960 struct neighbour *neigh; 961 struct inet6_dev *idev; 962 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 963 struct ndisc_options ndopts; 964 u8 *lladdr = NULL; 965 966 if (skb->len < sizeof(*rs_msg)) 967 return; 968 969 idev = __in6_dev_get(skb->dev); 970 if (!idev) { 971 ND_PRINTK(1, err, "RS: can't find in6 device\n"); 972 return; 973 } 974 975 /* Don't accept RS if we're not in router mode */ 976 if (!idev->cnf.forwarding) 977 goto out; 978 979 /* 980 * Don't update NCE if src = ::; 981 * this implies that the source node has no ip address assigned yet. 982 */ 983 if (ipv6_addr_any(saddr)) 984 goto out; 985 986 /* Parse ND options */ 987 if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) { 988 ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n"); 989 goto out; 990 } 991 992 if (ndopts.nd_opts_src_lladdr) { 993 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, 994 skb->dev); 995 if (!lladdr) 996 goto out; 997 } 998 999 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1); 1000 if (neigh) { 1001 neigh_update(neigh, lladdr, NUD_STALE, 1002 NEIGH_UPDATE_F_WEAK_OVERRIDE| 1003 NEIGH_UPDATE_F_OVERRIDE| 1004 NEIGH_UPDATE_F_OVERRIDE_ISROUTER); 1005 neigh_release(neigh); 1006 } 1007 out: 1008 return; 1009 } 1010 1011 static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt) 1012 { 1013 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra); 1014 struct sk_buff *skb; 1015 struct nlmsghdr *nlh; 1016 struct nduseroptmsg *ndmsg; 1017 struct net *net = dev_net(ra->dev); 1018 int err; 1019 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg) 1020 + (opt->nd_opt_len << 3)); 1021 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr)); 1022 1023 skb = nlmsg_new(msg_size, GFP_ATOMIC); 1024 if (skb == NULL) { 1025 err = -ENOBUFS; 1026 goto errout; 1027 } 1028 1029 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0); 1030 if (nlh == NULL) { 1031 goto nla_put_failure; 1032 } 1033 1034 ndmsg = nlmsg_data(nlh); 1035 ndmsg->nduseropt_family = AF_INET6; 1036 ndmsg->nduseropt_ifindex = ra->dev->ifindex; 1037 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type; 1038 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code; 1039 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3; 1040 1041 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3); 1042 1043 if (nla_put(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr), 1044 &ipv6_hdr(ra)->saddr)) 1045 goto nla_put_failure; 1046 nlmsg_end(skb, nlh); 1047 1048 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC); 1049 return; 1050 1051 nla_put_failure: 1052 nlmsg_free(skb); 1053 err = -EMSGSIZE; 1054 errout: 1055 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err); 1056 } 1057 1058 static void ndisc_router_discovery(struct sk_buff *skb) 1059 { 1060 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb); 1061 struct neighbour *neigh = NULL; 1062 struct inet6_dev *in6_dev; 1063 struct rt6_info *rt = NULL; 1064 int lifetime; 1065 struct ndisc_options ndopts; 1066 int optlen; 1067 unsigned int pref = 0; 1068 1069 __u8 * opt = (__u8 *)(ra_msg + 1); 1070 1071 optlen = (skb_tail_pointer(skb) - skb_transport_header(skb)) - 1072 sizeof(struct ra_msg); 1073 1074 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) { 1075 ND_PRINTK(2, warn, "RA: source address is not link-local\n"); 1076 return; 1077 } 1078 if (optlen < 0) { 1079 ND_PRINTK(2, warn, "RA: packet too short\n"); 1080 return; 1081 } 1082 1083 #ifdef CONFIG_IPV6_NDISC_NODETYPE 1084 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) { 1085 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n"); 1086 return; 1087 } 1088 #endif 1089 1090 /* 1091 * set the RA_RECV flag in the interface 1092 */ 1093 1094 in6_dev = __in6_dev_get(skb->dev); 1095 if (in6_dev == NULL) { 1096 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n", 1097 skb->dev->name); 1098 return; 1099 } 1100 1101 if (!ndisc_parse_options(opt, optlen, &ndopts)) { 1102 ND_PRINTK(2, warn, "RA: invalid ND options\n"); 1103 return; 1104 } 1105 1106 if (!ipv6_accept_ra(in6_dev)) 1107 goto skip_linkparms; 1108 1109 #ifdef CONFIG_IPV6_NDISC_NODETYPE 1110 /* skip link-specific parameters from interior routers */ 1111 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) 1112 goto skip_linkparms; 1113 #endif 1114 1115 if (in6_dev->if_flags & IF_RS_SENT) { 1116 /* 1117 * flag that an RA was received after an RS was sent 1118 * out on this interface. 1119 */ 1120 in6_dev->if_flags |= IF_RA_RCVD; 1121 } 1122 1123 /* 1124 * Remember the managed/otherconf flags from most recently 1125 * received RA message (RFC 2462) -- yoshfuji 1126 */ 1127 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED | 1128 IF_RA_OTHERCONF)) | 1129 (ra_msg->icmph.icmp6_addrconf_managed ? 1130 IF_RA_MANAGED : 0) | 1131 (ra_msg->icmph.icmp6_addrconf_other ? 1132 IF_RA_OTHERCONF : 0); 1133 1134 if (!in6_dev->cnf.accept_ra_defrtr) 1135 goto skip_defrtr; 1136 1137 if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0)) 1138 goto skip_defrtr; 1139 1140 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime); 1141 1142 #ifdef CONFIG_IPV6_ROUTER_PREF 1143 pref = ra_msg->icmph.icmp6_router_pref; 1144 /* 10b is handled as if it were 00b (medium) */ 1145 if (pref == ICMPV6_ROUTER_PREF_INVALID || 1146 !in6_dev->cnf.accept_ra_rtr_pref) 1147 pref = ICMPV6_ROUTER_PREF_MEDIUM; 1148 #endif 1149 1150 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev); 1151 1152 if (rt) { 1153 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr); 1154 if (!neigh) { 1155 ND_PRINTK(0, err, 1156 "RA: %s got default router without neighbour\n", 1157 __func__); 1158 ip6_rt_put(rt); 1159 return; 1160 } 1161 } 1162 if (rt && lifetime == 0) { 1163 ip6_del_rt(rt); 1164 rt = NULL; 1165 } 1166 1167 if (rt == NULL && lifetime) { 1168 ND_PRINTK(3, dbg, "RA: adding default router\n"); 1169 1170 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref); 1171 if (rt == NULL) { 1172 ND_PRINTK(0, err, 1173 "RA: %s failed to add default route\n", 1174 __func__); 1175 return; 1176 } 1177 1178 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr); 1179 if (neigh == NULL) { 1180 ND_PRINTK(0, err, 1181 "RA: %s got default router without neighbour\n", 1182 __func__); 1183 ip6_rt_put(rt); 1184 return; 1185 } 1186 neigh->flags |= NTF_ROUTER; 1187 } else if (rt) { 1188 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref); 1189 } 1190 1191 if (rt) 1192 rt6_set_expires(rt, jiffies + (HZ * lifetime)); 1193 if (ra_msg->icmph.icmp6_hop_limit) { 1194 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit; 1195 if (rt) 1196 dst_metric_set(&rt->dst, RTAX_HOPLIMIT, 1197 ra_msg->icmph.icmp6_hop_limit); 1198 } 1199 1200 skip_defrtr: 1201 1202 /* 1203 * Update Reachable Time and Retrans Timer 1204 */ 1205 1206 if (in6_dev->nd_parms) { 1207 unsigned long rtime = ntohl(ra_msg->retrans_timer); 1208 1209 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) { 1210 rtime = (rtime*HZ)/1000; 1211 if (rtime < HZ/10) 1212 rtime = HZ/10; 1213 in6_dev->nd_parms->retrans_time = rtime; 1214 in6_dev->tstamp = jiffies; 1215 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev); 1216 } 1217 1218 rtime = ntohl(ra_msg->reachable_time); 1219 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) { 1220 rtime = (rtime*HZ)/1000; 1221 1222 if (rtime < HZ/10) 1223 rtime = HZ/10; 1224 1225 if (rtime != in6_dev->nd_parms->base_reachable_time) { 1226 in6_dev->nd_parms->base_reachable_time = rtime; 1227 in6_dev->nd_parms->gc_staletime = 3 * rtime; 1228 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime); 1229 in6_dev->tstamp = jiffies; 1230 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev); 1231 } 1232 } 1233 } 1234 1235 skip_linkparms: 1236 1237 /* 1238 * Process options. 1239 */ 1240 1241 if (!neigh) 1242 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr, 1243 skb->dev, 1); 1244 if (neigh) { 1245 u8 *lladdr = NULL; 1246 if (ndopts.nd_opts_src_lladdr) { 1247 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, 1248 skb->dev); 1249 if (!lladdr) { 1250 ND_PRINTK(2, warn, 1251 "RA: invalid link-layer address length\n"); 1252 goto out; 1253 } 1254 } 1255 neigh_update(neigh, lladdr, NUD_STALE, 1256 NEIGH_UPDATE_F_WEAK_OVERRIDE| 1257 NEIGH_UPDATE_F_OVERRIDE| 1258 NEIGH_UPDATE_F_OVERRIDE_ISROUTER| 1259 NEIGH_UPDATE_F_ISROUTER); 1260 } 1261 1262 if (!ipv6_accept_ra(in6_dev)) 1263 goto out; 1264 1265 #ifdef CONFIG_IPV6_ROUTE_INFO 1266 if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0)) 1267 goto skip_routeinfo; 1268 1269 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) { 1270 struct nd_opt_hdr *p; 1271 for (p = ndopts.nd_opts_ri; 1272 p; 1273 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) { 1274 struct route_info *ri = (struct route_info *)p; 1275 #ifdef CONFIG_IPV6_NDISC_NODETYPE 1276 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT && 1277 ri->prefix_len == 0) 1278 continue; 1279 #endif 1280 if (ri->prefix_len == 0 && 1281 !in6_dev->cnf.accept_ra_defrtr) 1282 continue; 1283 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen) 1284 continue; 1285 rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3, 1286 &ipv6_hdr(skb)->saddr); 1287 } 1288 } 1289 1290 skip_routeinfo: 1291 #endif 1292 1293 #ifdef CONFIG_IPV6_NDISC_NODETYPE 1294 /* skip link-specific ndopts from interior routers */ 1295 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) 1296 goto out; 1297 #endif 1298 1299 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) { 1300 struct nd_opt_hdr *p; 1301 for (p = ndopts.nd_opts_pi; 1302 p; 1303 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) { 1304 addrconf_prefix_rcv(skb->dev, (u8 *)p, 1305 (p->nd_opt_len) << 3, 1306 ndopts.nd_opts_src_lladdr != NULL); 1307 } 1308 } 1309 1310 if (ndopts.nd_opts_mtu) { 1311 __be32 n; 1312 u32 mtu; 1313 1314 memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu)); 1315 mtu = ntohl(n); 1316 1317 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) { 1318 ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu); 1319 } else if (in6_dev->cnf.mtu6 != mtu) { 1320 in6_dev->cnf.mtu6 = mtu; 1321 1322 if (rt) 1323 dst_metric_set(&rt->dst, RTAX_MTU, mtu); 1324 1325 rt6_mtu_change(skb->dev, mtu); 1326 } 1327 } 1328 1329 if (ndopts.nd_useropts) { 1330 struct nd_opt_hdr *p; 1331 for (p = ndopts.nd_useropts; 1332 p; 1333 p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) { 1334 ndisc_ra_useropt(skb, p); 1335 } 1336 } 1337 1338 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) { 1339 ND_PRINTK(2, warn, "RA: invalid RA options\n"); 1340 } 1341 out: 1342 ip6_rt_put(rt); 1343 if (neigh) 1344 neigh_release(neigh); 1345 } 1346 1347 static void ndisc_redirect_rcv(struct sk_buff *skb) 1348 { 1349 u8 *hdr; 1350 struct ndisc_options ndopts; 1351 struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb); 1352 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) + 1353 offsetof(struct rd_msg, opt)); 1354 1355 #ifdef CONFIG_IPV6_NDISC_NODETYPE 1356 switch (skb->ndisc_nodetype) { 1357 case NDISC_NODETYPE_HOST: 1358 case NDISC_NODETYPE_NODEFAULT: 1359 ND_PRINTK(2, warn, 1360 "Redirect: from host or unauthorized router\n"); 1361 return; 1362 } 1363 #endif 1364 1365 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) { 1366 ND_PRINTK(2, warn, 1367 "Redirect: source address is not link-local\n"); 1368 return; 1369 } 1370 1371 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) 1372 return; 1373 1374 if (!ndopts.nd_opts_rh) { 1375 ip6_redirect_no_header(skb, dev_net(skb->dev), 1376 skb->dev->ifindex, 0); 1377 return; 1378 } 1379 1380 hdr = (u8 *)ndopts.nd_opts_rh; 1381 hdr += 8; 1382 if (!pskb_pull(skb, hdr - skb_transport_header(skb))) 1383 return; 1384 1385 icmpv6_notify(skb, NDISC_REDIRECT, 0, 0); 1386 } 1387 1388 static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb, 1389 struct sk_buff *orig_skb, 1390 int rd_len) 1391 { 1392 u8 *opt = skb_put(skb, rd_len); 1393 1394 memset(opt, 0, 8); 1395 *(opt++) = ND_OPT_REDIRECT_HDR; 1396 *(opt++) = (rd_len >> 3); 1397 opt += 6; 1398 1399 memcpy(opt, ipv6_hdr(orig_skb), rd_len - 8); 1400 } 1401 1402 void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target) 1403 { 1404 struct net_device *dev = skb->dev; 1405 struct net *net = dev_net(dev); 1406 struct sock *sk = net->ipv6.ndisc_sk; 1407 int optlen = 0; 1408 struct inet_peer *peer; 1409 struct sk_buff *buff; 1410 struct rd_msg *msg; 1411 struct in6_addr saddr_buf; 1412 struct rt6_info *rt; 1413 struct dst_entry *dst; 1414 struct flowi6 fl6; 1415 int rd_len; 1416 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL; 1417 bool ret; 1418 1419 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) { 1420 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n", 1421 dev->name); 1422 return; 1423 } 1424 1425 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) && 1426 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) { 1427 ND_PRINTK(2, warn, 1428 "Redirect: target address is not link-local unicast\n"); 1429 return; 1430 } 1431 1432 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT, 1433 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex); 1434 1435 dst = ip6_route_output(net, NULL, &fl6); 1436 if (dst->error) { 1437 dst_release(dst); 1438 return; 1439 } 1440 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0); 1441 if (IS_ERR(dst)) 1442 return; 1443 1444 rt = (struct rt6_info *) dst; 1445 1446 if (rt->rt6i_flags & RTF_GATEWAY) { 1447 ND_PRINTK(2, warn, 1448 "Redirect: destination is not a neighbour\n"); 1449 goto release; 1450 } 1451 peer = inet_getpeer_v6(net->ipv6.peers, &rt->rt6i_dst.addr, 1); 1452 ret = inet_peer_xrlim_allow(peer, 1*HZ); 1453 if (peer) 1454 inet_putpeer(peer); 1455 if (!ret) 1456 goto release; 1457 1458 if (dev->addr_len) { 1459 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target); 1460 if (!neigh) { 1461 ND_PRINTK(2, warn, 1462 "Redirect: no neigh for target address\n"); 1463 goto release; 1464 } 1465 1466 read_lock_bh(&neigh->lock); 1467 if (neigh->nud_state & NUD_VALID) { 1468 memcpy(ha_buf, neigh->ha, dev->addr_len); 1469 read_unlock_bh(&neigh->lock); 1470 ha = ha_buf; 1471 optlen += ndisc_opt_addr_space(dev); 1472 } else 1473 read_unlock_bh(&neigh->lock); 1474 1475 neigh_release(neigh); 1476 } 1477 1478 rd_len = min_t(unsigned int, 1479 IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen, 1480 skb->len + 8); 1481 rd_len &= ~0x7; 1482 optlen += rd_len; 1483 1484 buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen); 1485 if (!buff) 1486 goto release; 1487 1488 msg = (struct rd_msg *)skb_put(buff, sizeof(*msg)); 1489 *msg = (struct rd_msg) { 1490 .icmph = { 1491 .icmp6_type = NDISC_REDIRECT, 1492 }, 1493 .target = *target, 1494 .dest = ipv6_hdr(skb)->daddr, 1495 }; 1496 1497 /* 1498 * include target_address option 1499 */ 1500 1501 if (ha) 1502 ndisc_fill_addr_option(buff, ND_OPT_TARGET_LL_ADDR, ha); 1503 1504 /* 1505 * build redirect option and copy skb over to the new packet. 1506 */ 1507 1508 if (rd_len) 1509 ndisc_fill_redirect_hdr_option(buff, skb, rd_len); 1510 1511 skb_dst_set(buff, dst); 1512 ndisc_send_skb(buff, &ipv6_hdr(skb)->saddr, &saddr_buf); 1513 return; 1514 1515 release: 1516 dst_release(dst); 1517 } 1518 1519 static void pndisc_redo(struct sk_buff *skb) 1520 { 1521 ndisc_recv_ns(skb); 1522 kfree_skb(skb); 1523 } 1524 1525 static bool ndisc_suppress_frag_ndisc(struct sk_buff *skb) 1526 { 1527 struct inet6_dev *idev = __in6_dev_get(skb->dev); 1528 1529 if (!idev) 1530 return true; 1531 if (IP6CB(skb)->flags & IP6SKB_FRAGMENTED && 1532 idev->cnf.suppress_frag_ndisc) { 1533 net_warn_ratelimited("Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.\n"); 1534 return true; 1535 } 1536 return false; 1537 } 1538 1539 int ndisc_rcv(struct sk_buff *skb) 1540 { 1541 struct nd_msg *msg; 1542 1543 if (ndisc_suppress_frag_ndisc(skb)) 1544 return 0; 1545 1546 if (skb_linearize(skb)) 1547 return 0; 1548 1549 msg = (struct nd_msg *)skb_transport_header(skb); 1550 1551 __skb_push(skb, skb->data - skb_transport_header(skb)); 1552 1553 if (ipv6_hdr(skb)->hop_limit != 255) { 1554 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n", 1555 ipv6_hdr(skb)->hop_limit); 1556 return 0; 1557 } 1558 1559 if (msg->icmph.icmp6_code != 0) { 1560 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n", 1561 msg->icmph.icmp6_code); 1562 return 0; 1563 } 1564 1565 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb)); 1566 1567 switch (msg->icmph.icmp6_type) { 1568 case NDISC_NEIGHBOUR_SOLICITATION: 1569 ndisc_recv_ns(skb); 1570 break; 1571 1572 case NDISC_NEIGHBOUR_ADVERTISEMENT: 1573 ndisc_recv_na(skb); 1574 break; 1575 1576 case NDISC_ROUTER_SOLICITATION: 1577 ndisc_recv_rs(skb); 1578 break; 1579 1580 case NDISC_ROUTER_ADVERTISEMENT: 1581 ndisc_router_discovery(skb); 1582 break; 1583 1584 case NDISC_REDIRECT: 1585 ndisc_redirect_rcv(skb); 1586 break; 1587 } 1588 1589 return 0; 1590 } 1591 1592 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr) 1593 { 1594 struct net_device *dev = netdev_notifier_info_to_dev(ptr); 1595 struct net *net = dev_net(dev); 1596 struct inet6_dev *idev; 1597 1598 switch (event) { 1599 case NETDEV_CHANGEADDR: 1600 neigh_changeaddr(&nd_tbl, dev); 1601 fib6_run_gc(0, net, false); 1602 idev = in6_dev_get(dev); 1603 if (!idev) 1604 break; 1605 if (idev->cnf.ndisc_notify) 1606 ndisc_send_unsol_na(dev); 1607 in6_dev_put(idev); 1608 break; 1609 case NETDEV_DOWN: 1610 neigh_ifdown(&nd_tbl, dev); 1611 fib6_run_gc(0, net, false); 1612 break; 1613 case NETDEV_NOTIFY_PEERS: 1614 ndisc_send_unsol_na(dev); 1615 break; 1616 default: 1617 break; 1618 } 1619 1620 return NOTIFY_DONE; 1621 } 1622 1623 static struct notifier_block ndisc_netdev_notifier = { 1624 .notifier_call = ndisc_netdev_event, 1625 }; 1626 1627 #ifdef CONFIG_SYSCTL 1628 static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl, 1629 const char *func, const char *dev_name) 1630 { 1631 static char warncomm[TASK_COMM_LEN]; 1632 static int warned; 1633 if (strcmp(warncomm, current->comm) && warned < 5) { 1634 strcpy(warncomm, current->comm); 1635 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n", 1636 warncomm, func, 1637 dev_name, ctl->procname, 1638 dev_name, ctl->procname); 1639 warned++; 1640 } 1641 } 1642 1643 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos) 1644 { 1645 struct net_device *dev = ctl->extra1; 1646 struct inet6_dev *idev; 1647 int ret; 1648 1649 if ((strcmp(ctl->procname, "retrans_time") == 0) || 1650 (strcmp(ctl->procname, "base_reachable_time") == 0)) 1651 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default"); 1652 1653 if (strcmp(ctl->procname, "retrans_time") == 0) 1654 ret = proc_dointvec(ctl, write, buffer, lenp, ppos); 1655 1656 else if (strcmp(ctl->procname, "base_reachable_time") == 0) 1657 ret = proc_dointvec_jiffies(ctl, write, 1658 buffer, lenp, ppos); 1659 1660 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) || 1661 (strcmp(ctl->procname, "base_reachable_time_ms") == 0)) 1662 ret = proc_dointvec_ms_jiffies(ctl, write, 1663 buffer, lenp, ppos); 1664 else 1665 ret = -1; 1666 1667 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) { 1668 if (ctl->data == &idev->nd_parms->base_reachable_time) 1669 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time); 1670 idev->tstamp = jiffies; 1671 inet6_ifinfo_notify(RTM_NEWLINK, idev); 1672 in6_dev_put(idev); 1673 } 1674 return ret; 1675 } 1676 1677 1678 #endif 1679 1680 static int __net_init ndisc_net_init(struct net *net) 1681 { 1682 struct ipv6_pinfo *np; 1683 struct sock *sk; 1684 int err; 1685 1686 err = inet_ctl_sock_create(&sk, PF_INET6, 1687 SOCK_RAW, IPPROTO_ICMPV6, net); 1688 if (err < 0) { 1689 ND_PRINTK(0, err, 1690 "NDISC: Failed to initialize the control socket (err %d)\n", 1691 err); 1692 return err; 1693 } 1694 1695 net->ipv6.ndisc_sk = sk; 1696 1697 np = inet6_sk(sk); 1698 np->hop_limit = 255; 1699 /* Do not loopback ndisc messages */ 1700 np->mc_loop = 0; 1701 1702 return 0; 1703 } 1704 1705 static void __net_exit ndisc_net_exit(struct net *net) 1706 { 1707 inet_ctl_sock_destroy(net->ipv6.ndisc_sk); 1708 } 1709 1710 static struct pernet_operations ndisc_net_ops = { 1711 .init = ndisc_net_init, 1712 .exit = ndisc_net_exit, 1713 }; 1714 1715 int __init ndisc_init(void) 1716 { 1717 int err; 1718 1719 err = register_pernet_subsys(&ndisc_net_ops); 1720 if (err) 1721 return err; 1722 /* 1723 * Initialize the neighbour table 1724 */ 1725 neigh_table_init(&nd_tbl); 1726 1727 #ifdef CONFIG_SYSCTL 1728 err = neigh_sysctl_register(NULL, &nd_tbl.parms, "ipv6", 1729 &ndisc_ifinfo_sysctl_change); 1730 if (err) 1731 goto out_unregister_pernet; 1732 out: 1733 #endif 1734 return err; 1735 1736 #ifdef CONFIG_SYSCTL 1737 out_unregister_pernet: 1738 unregister_pernet_subsys(&ndisc_net_ops); 1739 goto out; 1740 #endif 1741 } 1742 1743 int __init ndisc_late_init(void) 1744 { 1745 return register_netdevice_notifier(&ndisc_netdev_notifier); 1746 } 1747 1748 void ndisc_late_cleanup(void) 1749 { 1750 unregister_netdevice_notifier(&ndisc_netdev_notifier); 1751 } 1752 1753 void ndisc_cleanup(void) 1754 { 1755 #ifdef CONFIG_SYSCTL 1756 neigh_sysctl_unregister(&nd_tbl.parms); 1757 #endif 1758 neigh_table_clear(&nd_tbl); 1759 unregister_pernet_subsys(&ndisc_net_ops); 1760 } 1761