1 /* 2 * Neighbour Discovery for IPv6 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * Mike Shaver <shaver@ingenia.com> 8 * 9 * This program is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU General Public License 11 * as published by the Free Software Foundation; either version 12 * 2 of the License, or (at your option) any later version. 13 */ 14 15 /* 16 * Changes: 17 * 18 * Pierre Ynard : export userland ND options 19 * through netlink (RDNSS support) 20 * Lars Fenneberg : fixed MTU setting on receipt 21 * of an RA. 22 * Janos Farkas : kmalloc failure checks 23 * Alexey Kuznetsov : state machine reworked 24 * and moved to net/core. 25 * Pekka Savola : RFC2461 validation 26 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly 27 */ 28 29 /* Set to 3 to get tracing... */ 30 #define ND_DEBUG 1 31 32 #define ND_PRINTK(fmt, args...) do { if (net_ratelimit()) { printk(fmt, ## args); } } while(0) 33 #define ND_NOPRINTK(x...) do { ; } while(0) 34 #define ND_PRINTK0 ND_PRINTK 35 #define ND_PRINTK1 ND_NOPRINTK 36 #define ND_PRINTK2 ND_NOPRINTK 37 #define ND_PRINTK3 ND_NOPRINTK 38 #if ND_DEBUG >= 1 39 #undef ND_PRINTK1 40 #define ND_PRINTK1 ND_PRINTK 41 #endif 42 #if ND_DEBUG >= 2 43 #undef ND_PRINTK2 44 #define ND_PRINTK2 ND_PRINTK 45 #endif 46 #if ND_DEBUG >= 3 47 #undef ND_PRINTK3 48 #define ND_PRINTK3 ND_PRINTK 49 #endif 50 51 #include <linux/module.h> 52 #include <linux/errno.h> 53 #include <linux/types.h> 54 #include <linux/socket.h> 55 #include <linux/sockios.h> 56 #include <linux/sched.h> 57 #include <linux/net.h> 58 #include <linux/in6.h> 59 #include <linux/route.h> 60 #include <linux/init.h> 61 #include <linux/rcupdate.h> 62 #include <linux/slab.h> 63 #ifdef CONFIG_SYSCTL 64 #include <linux/sysctl.h> 65 #endif 66 67 #include <linux/if_addr.h> 68 #include <linux/if_arp.h> 69 #include <linux/ipv6.h> 70 #include <linux/icmpv6.h> 71 #include <linux/jhash.h> 72 73 #include <net/sock.h> 74 #include <net/snmp.h> 75 76 #include <net/ipv6.h> 77 #include <net/protocol.h> 78 #include <net/ndisc.h> 79 #include <net/ip6_route.h> 80 #include <net/addrconf.h> 81 #include <net/icmp.h> 82 83 #include <net/netlink.h> 84 #include <linux/rtnetlink.h> 85 86 #include <net/flow.h> 87 #include <net/ip6_checksum.h> 88 #include <net/inet_common.h> 89 #include <linux/proc_fs.h> 90 91 #include <linux/netfilter.h> 92 #include <linux/netfilter_ipv6.h> 93 94 static u32 ndisc_hash(const void *pkey, 95 const struct net_device *dev, 96 __u32 rnd); 97 static int ndisc_constructor(struct neighbour *neigh); 98 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb); 99 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb); 100 static int pndisc_constructor(struct pneigh_entry *n); 101 static void pndisc_destructor(struct pneigh_entry *n); 102 static void pndisc_redo(struct sk_buff *skb); 103 104 static const struct neigh_ops ndisc_generic_ops = { 105 .family = AF_INET6, 106 .solicit = ndisc_solicit, 107 .error_report = ndisc_error_report, 108 .output = neigh_resolve_output, 109 .connected_output = neigh_connected_output, 110 }; 111 112 static const struct neigh_ops ndisc_hh_ops = { 113 .family = AF_INET6, 114 .solicit = ndisc_solicit, 115 .error_report = ndisc_error_report, 116 .output = neigh_resolve_output, 117 .connected_output = neigh_resolve_output, 118 }; 119 120 121 static const struct neigh_ops ndisc_direct_ops = { 122 .family = AF_INET6, 123 .output = neigh_direct_output, 124 .connected_output = neigh_direct_output, 125 }; 126 127 struct neigh_table nd_tbl = { 128 .family = AF_INET6, 129 .entry_size = sizeof(struct neighbour) + sizeof(struct in6_addr), 130 .key_len = sizeof(struct in6_addr), 131 .hash = ndisc_hash, 132 .constructor = ndisc_constructor, 133 .pconstructor = pndisc_constructor, 134 .pdestructor = pndisc_destructor, 135 .proxy_redo = pndisc_redo, 136 .id = "ndisc_cache", 137 .parms = { 138 .tbl = &nd_tbl, 139 .base_reachable_time = ND_REACHABLE_TIME, 140 .retrans_time = ND_RETRANS_TIMER, 141 .gc_staletime = 60 * HZ, 142 .reachable_time = ND_REACHABLE_TIME, 143 .delay_probe_time = 5 * HZ, 144 .queue_len = 3, 145 .ucast_probes = 3, 146 .mcast_probes = 3, 147 .anycast_delay = 1 * HZ, 148 .proxy_delay = (8 * HZ) / 10, 149 .proxy_qlen = 64, 150 }, 151 .gc_interval = 30 * HZ, 152 .gc_thresh1 = 128, 153 .gc_thresh2 = 512, 154 .gc_thresh3 = 1024, 155 }; 156 157 /* ND options */ 158 struct ndisc_options { 159 struct nd_opt_hdr *nd_opt_array[__ND_OPT_ARRAY_MAX]; 160 #ifdef CONFIG_IPV6_ROUTE_INFO 161 struct nd_opt_hdr *nd_opts_ri; 162 struct nd_opt_hdr *nd_opts_ri_end; 163 #endif 164 struct nd_opt_hdr *nd_useropts; 165 struct nd_opt_hdr *nd_useropts_end; 166 }; 167 168 #define nd_opts_src_lladdr nd_opt_array[ND_OPT_SOURCE_LL_ADDR] 169 #define nd_opts_tgt_lladdr nd_opt_array[ND_OPT_TARGET_LL_ADDR] 170 #define nd_opts_pi nd_opt_array[ND_OPT_PREFIX_INFO] 171 #define nd_opts_pi_end nd_opt_array[__ND_OPT_PREFIX_INFO_END] 172 #define nd_opts_rh nd_opt_array[ND_OPT_REDIRECT_HDR] 173 #define nd_opts_mtu nd_opt_array[ND_OPT_MTU] 174 175 #define NDISC_OPT_SPACE(len) (((len)+2+7)&~7) 176 177 /* 178 * Return the padding between the option length and the start of the 179 * link addr. Currently only IP-over-InfiniBand needs this, although 180 * if RFC 3831 IPv6-over-Fibre Channel is ever implemented it may 181 * also need a pad of 2. 182 */ 183 static int ndisc_addr_option_pad(unsigned short type) 184 { 185 switch (type) { 186 case ARPHRD_INFINIBAND: return 2; 187 default: return 0; 188 } 189 } 190 191 static inline int ndisc_opt_addr_space(struct net_device *dev) 192 { 193 return NDISC_OPT_SPACE(dev->addr_len + ndisc_addr_option_pad(dev->type)); 194 } 195 196 static u8 *ndisc_fill_addr_option(u8 *opt, int type, void *data, int data_len, 197 unsigned short addr_type) 198 { 199 int space = NDISC_OPT_SPACE(data_len); 200 int pad = ndisc_addr_option_pad(addr_type); 201 202 opt[0] = type; 203 opt[1] = space>>3; 204 205 memset(opt + 2, 0, pad); 206 opt += pad; 207 space -= pad; 208 209 memcpy(opt+2, data, data_len); 210 data_len += 2; 211 opt += data_len; 212 if ((space -= data_len) > 0) 213 memset(opt, 0, space); 214 return opt + space; 215 } 216 217 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur, 218 struct nd_opt_hdr *end) 219 { 220 int type; 221 if (!cur || !end || cur >= end) 222 return NULL; 223 type = cur->nd_opt_type; 224 do { 225 cur = ((void *)cur) + (cur->nd_opt_len << 3); 226 } while(cur < end && cur->nd_opt_type != type); 227 return cur <= end && cur->nd_opt_type == type ? cur : NULL; 228 } 229 230 static inline int ndisc_is_useropt(struct nd_opt_hdr *opt) 231 { 232 return opt->nd_opt_type == ND_OPT_RDNSS; 233 } 234 235 static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur, 236 struct nd_opt_hdr *end) 237 { 238 if (!cur || !end || cur >= end) 239 return NULL; 240 do { 241 cur = ((void *)cur) + (cur->nd_opt_len << 3); 242 } while(cur < end && !ndisc_is_useropt(cur)); 243 return cur <= end && ndisc_is_useropt(cur) ? cur : NULL; 244 } 245 246 static struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len, 247 struct ndisc_options *ndopts) 248 { 249 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt; 250 251 if (!nd_opt || opt_len < 0 || !ndopts) 252 return NULL; 253 memset(ndopts, 0, sizeof(*ndopts)); 254 while (opt_len) { 255 int l; 256 if (opt_len < sizeof(struct nd_opt_hdr)) 257 return NULL; 258 l = nd_opt->nd_opt_len << 3; 259 if (opt_len < l || l == 0) 260 return NULL; 261 switch (nd_opt->nd_opt_type) { 262 case ND_OPT_SOURCE_LL_ADDR: 263 case ND_OPT_TARGET_LL_ADDR: 264 case ND_OPT_MTU: 265 case ND_OPT_REDIRECT_HDR: 266 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) { 267 ND_PRINTK2(KERN_WARNING 268 "%s(): duplicated ND6 option found: type=%d\n", 269 __func__, 270 nd_opt->nd_opt_type); 271 } else { 272 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 273 } 274 break; 275 case ND_OPT_PREFIX_INFO: 276 ndopts->nd_opts_pi_end = nd_opt; 277 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type]) 278 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 279 break; 280 #ifdef CONFIG_IPV6_ROUTE_INFO 281 case ND_OPT_ROUTE_INFO: 282 ndopts->nd_opts_ri_end = nd_opt; 283 if (!ndopts->nd_opts_ri) 284 ndopts->nd_opts_ri = nd_opt; 285 break; 286 #endif 287 default: 288 if (ndisc_is_useropt(nd_opt)) { 289 ndopts->nd_useropts_end = nd_opt; 290 if (!ndopts->nd_useropts) 291 ndopts->nd_useropts = nd_opt; 292 } else { 293 /* 294 * Unknown options must be silently ignored, 295 * to accommodate future extension to the 296 * protocol. 297 */ 298 ND_PRINTK2(KERN_NOTICE 299 "%s(): ignored unsupported option; type=%d, len=%d\n", 300 __func__, 301 nd_opt->nd_opt_type, nd_opt->nd_opt_len); 302 } 303 } 304 opt_len -= l; 305 nd_opt = ((void *)nd_opt) + l; 306 } 307 return ndopts; 308 } 309 310 static inline u8 *ndisc_opt_addr_data(struct nd_opt_hdr *p, 311 struct net_device *dev) 312 { 313 u8 *lladdr = (u8 *)(p + 1); 314 int lladdrlen = p->nd_opt_len << 3; 315 int prepad = ndisc_addr_option_pad(dev->type); 316 if (lladdrlen != NDISC_OPT_SPACE(dev->addr_len + prepad)) 317 return NULL; 318 return lladdr + prepad; 319 } 320 321 int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir) 322 { 323 switch (dev->type) { 324 case ARPHRD_ETHER: 325 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */ 326 case ARPHRD_FDDI: 327 ipv6_eth_mc_map(addr, buf); 328 return 0; 329 case ARPHRD_IEEE802_TR: 330 ipv6_tr_mc_map(addr,buf); 331 return 0; 332 case ARPHRD_ARCNET: 333 ipv6_arcnet_mc_map(addr, buf); 334 return 0; 335 case ARPHRD_INFINIBAND: 336 ipv6_ib_mc_map(addr, dev->broadcast, buf); 337 return 0; 338 case ARPHRD_IPGRE: 339 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf); 340 default: 341 if (dir) { 342 memcpy(buf, dev->broadcast, dev->addr_len); 343 return 0; 344 } 345 } 346 return -EINVAL; 347 } 348 349 EXPORT_SYMBOL(ndisc_mc_map); 350 351 static u32 ndisc_hash(const void *pkey, 352 const struct net_device *dev, 353 __u32 hash_rnd) 354 { 355 const u32 *p32 = pkey; 356 u32 addr_hash, i; 357 358 addr_hash = 0; 359 for (i = 0; i < (sizeof(struct in6_addr) / sizeof(u32)); i++) 360 addr_hash ^= *p32++; 361 362 return jhash_2words(addr_hash, dev->ifindex, hash_rnd); 363 } 364 365 static int ndisc_constructor(struct neighbour *neigh) 366 { 367 struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key; 368 struct net_device *dev = neigh->dev; 369 struct inet6_dev *in6_dev; 370 struct neigh_parms *parms; 371 int is_multicast = ipv6_addr_is_multicast(addr); 372 373 rcu_read_lock(); 374 in6_dev = in6_dev_get(dev); 375 if (in6_dev == NULL) { 376 rcu_read_unlock(); 377 return -EINVAL; 378 } 379 380 parms = in6_dev->nd_parms; 381 __neigh_parms_put(neigh->parms); 382 neigh->parms = neigh_parms_clone(parms); 383 rcu_read_unlock(); 384 385 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST; 386 if (!dev->header_ops) { 387 neigh->nud_state = NUD_NOARP; 388 neigh->ops = &ndisc_direct_ops; 389 neigh->output = neigh_direct_output; 390 } else { 391 if (is_multicast) { 392 neigh->nud_state = NUD_NOARP; 393 ndisc_mc_map(addr, neigh->ha, dev, 1); 394 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) { 395 neigh->nud_state = NUD_NOARP; 396 memcpy(neigh->ha, dev->dev_addr, dev->addr_len); 397 if (dev->flags&IFF_LOOPBACK) 398 neigh->type = RTN_LOCAL; 399 } else if (dev->flags&IFF_POINTOPOINT) { 400 neigh->nud_state = NUD_NOARP; 401 memcpy(neigh->ha, dev->broadcast, dev->addr_len); 402 } 403 if (dev->header_ops->cache) 404 neigh->ops = &ndisc_hh_ops; 405 else 406 neigh->ops = &ndisc_generic_ops; 407 if (neigh->nud_state&NUD_VALID) 408 neigh->output = neigh->ops->connected_output; 409 else 410 neigh->output = neigh->ops->output; 411 } 412 in6_dev_put(in6_dev); 413 return 0; 414 } 415 416 static int pndisc_constructor(struct pneigh_entry *n) 417 { 418 struct in6_addr *addr = (struct in6_addr*)&n->key; 419 struct in6_addr maddr; 420 struct net_device *dev = n->dev; 421 422 if (dev == NULL || __in6_dev_get(dev) == NULL) 423 return -EINVAL; 424 addrconf_addr_solict_mult(addr, &maddr); 425 ipv6_dev_mc_inc(dev, &maddr); 426 return 0; 427 } 428 429 static void pndisc_destructor(struct pneigh_entry *n) 430 { 431 struct in6_addr *addr = (struct in6_addr*)&n->key; 432 struct in6_addr maddr; 433 struct net_device *dev = n->dev; 434 435 if (dev == NULL || __in6_dev_get(dev) == NULL) 436 return; 437 addrconf_addr_solict_mult(addr, &maddr); 438 ipv6_dev_mc_dec(dev, &maddr); 439 } 440 441 struct sk_buff *ndisc_build_skb(struct net_device *dev, 442 const struct in6_addr *daddr, 443 const struct in6_addr *saddr, 444 struct icmp6hdr *icmp6h, 445 const struct in6_addr *target, 446 int llinfo) 447 { 448 struct net *net = dev_net(dev); 449 struct sock *sk = net->ipv6.ndisc_sk; 450 struct sk_buff *skb; 451 struct icmp6hdr *hdr; 452 int len; 453 int err; 454 u8 *opt; 455 456 if (!dev->addr_len) 457 llinfo = 0; 458 459 len = sizeof(struct icmp6hdr) + (target ? sizeof(*target) : 0); 460 if (llinfo) 461 len += ndisc_opt_addr_space(dev); 462 463 skb = sock_alloc_send_skb(sk, 464 (MAX_HEADER + sizeof(struct ipv6hdr) + 465 len + LL_ALLOCATED_SPACE(dev)), 466 1, &err); 467 if (!skb) { 468 ND_PRINTK0(KERN_ERR 469 "ICMPv6 ND: %s() failed to allocate an skb, err=%d.\n", 470 __func__, err); 471 return NULL; 472 } 473 474 skb_reserve(skb, LL_RESERVED_SPACE(dev)); 475 ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len); 476 477 skb->transport_header = skb->tail; 478 skb_put(skb, len); 479 480 hdr = (struct icmp6hdr *)skb_transport_header(skb); 481 memcpy(hdr, icmp6h, sizeof(*hdr)); 482 483 opt = skb_transport_header(skb) + sizeof(struct icmp6hdr); 484 if (target) { 485 ipv6_addr_copy((struct in6_addr *)opt, target); 486 opt += sizeof(*target); 487 } 488 489 if (llinfo) 490 ndisc_fill_addr_option(opt, llinfo, dev->dev_addr, 491 dev->addr_len, dev->type); 492 493 hdr->icmp6_cksum = csum_ipv6_magic(saddr, daddr, len, 494 IPPROTO_ICMPV6, 495 csum_partial(hdr, 496 len, 0)); 497 498 return skb; 499 } 500 501 EXPORT_SYMBOL(ndisc_build_skb); 502 503 void ndisc_send_skb(struct sk_buff *skb, 504 struct net_device *dev, 505 struct neighbour *neigh, 506 const struct in6_addr *daddr, 507 const struct in6_addr *saddr, 508 struct icmp6hdr *icmp6h) 509 { 510 struct flowi6 fl6; 511 struct dst_entry *dst; 512 struct net *net = dev_net(dev); 513 struct sock *sk = net->ipv6.ndisc_sk; 514 struct inet6_dev *idev; 515 int err; 516 u8 type; 517 518 type = icmp6h->icmp6_type; 519 520 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, dev->ifindex); 521 522 dst = icmp6_dst_alloc(dev, neigh, daddr); 523 if (!dst) { 524 kfree_skb(skb); 525 return; 526 } 527 528 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0); 529 if (IS_ERR(dst)) { 530 kfree_skb(skb); 531 return; 532 } 533 534 skb_dst_set(skb, dst); 535 536 idev = in6_dev_get(dst->dev); 537 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len); 538 539 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev, 540 dst_output); 541 if (!err) { 542 ICMP6MSGOUT_INC_STATS(net, idev, type); 543 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS); 544 } 545 546 if (likely(idev != NULL)) 547 in6_dev_put(idev); 548 } 549 550 EXPORT_SYMBOL(ndisc_send_skb); 551 552 /* 553 * Send a Neighbour Discover packet 554 */ 555 static void __ndisc_send(struct net_device *dev, 556 struct neighbour *neigh, 557 const struct in6_addr *daddr, 558 const struct in6_addr *saddr, 559 struct icmp6hdr *icmp6h, const struct in6_addr *target, 560 int llinfo) 561 { 562 struct sk_buff *skb; 563 564 skb = ndisc_build_skb(dev, daddr, saddr, icmp6h, target, llinfo); 565 if (!skb) 566 return; 567 568 ndisc_send_skb(skb, dev, neigh, daddr, saddr, icmp6h); 569 } 570 571 static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh, 572 const struct in6_addr *daddr, 573 const struct in6_addr *solicited_addr, 574 int router, int solicited, int override, int inc_opt) 575 { 576 struct in6_addr tmpaddr; 577 struct inet6_ifaddr *ifp; 578 const struct in6_addr *src_addr; 579 struct icmp6hdr icmp6h = { 580 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT, 581 }; 582 583 /* for anycast or proxy, solicited_addr != src_addr */ 584 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1); 585 if (ifp) { 586 src_addr = solicited_addr; 587 if (ifp->flags & IFA_F_OPTIMISTIC) 588 override = 0; 589 inc_opt |= ifp->idev->cnf.force_tllao; 590 in6_ifa_put(ifp); 591 } else { 592 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr, 593 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs, 594 &tmpaddr)) 595 return; 596 src_addr = &tmpaddr; 597 } 598 599 icmp6h.icmp6_router = router; 600 icmp6h.icmp6_solicited = solicited; 601 icmp6h.icmp6_override = override; 602 603 __ndisc_send(dev, neigh, daddr, src_addr, 604 &icmp6h, solicited_addr, 605 inc_opt ? ND_OPT_TARGET_LL_ADDR : 0); 606 } 607 608 static void ndisc_send_unsol_na(struct net_device *dev) 609 { 610 struct inet6_dev *idev; 611 struct inet6_ifaddr *ifa; 612 struct in6_addr mcaddr; 613 614 idev = in6_dev_get(dev); 615 if (!idev) 616 return; 617 618 read_lock_bh(&idev->lock); 619 list_for_each_entry(ifa, &idev->addr_list, if_list) { 620 addrconf_addr_solict_mult(&ifa->addr, &mcaddr); 621 ndisc_send_na(dev, NULL, &mcaddr, &ifa->addr, 622 /*router=*/ !!idev->cnf.forwarding, 623 /*solicited=*/ false, /*override=*/ true, 624 /*inc_opt=*/ true); 625 } 626 read_unlock_bh(&idev->lock); 627 628 in6_dev_put(idev); 629 } 630 631 void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh, 632 const struct in6_addr *solicit, 633 const struct in6_addr *daddr, const struct in6_addr *saddr) 634 { 635 struct in6_addr addr_buf; 636 struct icmp6hdr icmp6h = { 637 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION, 638 }; 639 640 if (saddr == NULL) { 641 if (ipv6_get_lladdr(dev, &addr_buf, 642 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))) 643 return; 644 saddr = &addr_buf; 645 } 646 647 __ndisc_send(dev, neigh, daddr, saddr, 648 &icmp6h, solicit, 649 !ipv6_addr_any(saddr) ? ND_OPT_SOURCE_LL_ADDR : 0); 650 } 651 652 void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr, 653 const struct in6_addr *daddr) 654 { 655 struct icmp6hdr icmp6h = { 656 .icmp6_type = NDISC_ROUTER_SOLICITATION, 657 }; 658 int send_sllao = dev->addr_len; 659 660 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD 661 /* 662 * According to section 2.2 of RFC 4429, we must not 663 * send router solicitations with a sllao from 664 * optimistic addresses, but we may send the solicitation 665 * if we don't include the sllao. So here we check 666 * if our address is optimistic, and if so, we 667 * suppress the inclusion of the sllao. 668 */ 669 if (send_sllao) { 670 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr, 671 dev, 1); 672 if (ifp) { 673 if (ifp->flags & IFA_F_OPTIMISTIC) { 674 send_sllao = 0; 675 } 676 in6_ifa_put(ifp); 677 } else { 678 send_sllao = 0; 679 } 680 } 681 #endif 682 __ndisc_send(dev, NULL, daddr, saddr, 683 &icmp6h, NULL, 684 send_sllao ? ND_OPT_SOURCE_LL_ADDR : 0); 685 } 686 687 688 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb) 689 { 690 /* 691 * "The sender MUST return an ICMP 692 * destination unreachable" 693 */ 694 dst_link_failure(skb); 695 kfree_skb(skb); 696 } 697 698 /* Called with locked neigh: either read or both */ 699 700 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb) 701 { 702 struct in6_addr *saddr = NULL; 703 struct in6_addr mcaddr; 704 struct net_device *dev = neigh->dev; 705 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key; 706 int probes = atomic_read(&neigh->probes); 707 708 if (skb && ipv6_chk_addr(dev_net(dev), &ipv6_hdr(skb)->saddr, dev, 1)) 709 saddr = &ipv6_hdr(skb)->saddr; 710 711 if ((probes -= neigh->parms->ucast_probes) < 0) { 712 if (!(neigh->nud_state & NUD_VALID)) { 713 ND_PRINTK1(KERN_DEBUG "%s(): trying to ucast probe in NUD_INVALID: %pI6\n", 714 __func__, target); 715 } 716 ndisc_send_ns(dev, neigh, target, target, saddr); 717 } else if ((probes -= neigh->parms->app_probes) < 0) { 718 #ifdef CONFIG_ARPD 719 neigh_app_ns(neigh); 720 #endif 721 } else { 722 addrconf_addr_solict_mult(target, &mcaddr); 723 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr); 724 } 725 } 726 727 static int pndisc_is_router(const void *pkey, 728 struct net_device *dev) 729 { 730 struct pneigh_entry *n; 731 int ret = -1; 732 733 read_lock_bh(&nd_tbl.lock); 734 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev); 735 if (n) 736 ret = !!(n->flags & NTF_ROUTER); 737 read_unlock_bh(&nd_tbl.lock); 738 739 return ret; 740 } 741 742 static void ndisc_recv_ns(struct sk_buff *skb) 743 { 744 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb); 745 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 746 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr; 747 u8 *lladdr = NULL; 748 u32 ndoptlen = skb->tail - (skb->transport_header + 749 offsetof(struct nd_msg, opt)); 750 struct ndisc_options ndopts; 751 struct net_device *dev = skb->dev; 752 struct inet6_ifaddr *ifp; 753 struct inet6_dev *idev = NULL; 754 struct neighbour *neigh; 755 int dad = ipv6_addr_any(saddr); 756 int inc; 757 int is_router = -1; 758 759 if (ipv6_addr_is_multicast(&msg->target)) { 760 ND_PRINTK2(KERN_WARNING 761 "ICMPv6 NS: multicast target address"); 762 return; 763 } 764 765 /* 766 * RFC2461 7.1.1: 767 * DAD has to be destined for solicited node multicast address. 768 */ 769 if (dad && 770 !(daddr->s6_addr32[0] == htonl(0xff020000) && 771 daddr->s6_addr32[1] == htonl(0x00000000) && 772 daddr->s6_addr32[2] == htonl(0x00000001) && 773 daddr->s6_addr [12] == 0xff )) { 774 ND_PRINTK2(KERN_WARNING 775 "ICMPv6 NS: bad DAD packet (wrong destination)\n"); 776 return; 777 } 778 779 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) { 780 ND_PRINTK2(KERN_WARNING 781 "ICMPv6 NS: invalid ND options\n"); 782 return; 783 } 784 785 if (ndopts.nd_opts_src_lladdr) { 786 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev); 787 if (!lladdr) { 788 ND_PRINTK2(KERN_WARNING 789 "ICMPv6 NS: invalid link-layer address length\n"); 790 return; 791 } 792 793 /* RFC2461 7.1.1: 794 * If the IP source address is the unspecified address, 795 * there MUST NOT be source link-layer address option 796 * in the message. 797 */ 798 if (dad) { 799 ND_PRINTK2(KERN_WARNING 800 "ICMPv6 NS: bad DAD packet (link-layer address option)\n"); 801 return; 802 } 803 } 804 805 inc = ipv6_addr_is_multicast(daddr); 806 807 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1); 808 if (ifp) { 809 810 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) { 811 if (dad) { 812 if (dev->type == ARPHRD_IEEE802_TR) { 813 const unsigned char *sadr; 814 sadr = skb_mac_header(skb); 815 if (((sadr[8] ^ dev->dev_addr[0]) & 0x7f) == 0 && 816 sadr[9] == dev->dev_addr[1] && 817 sadr[10] == dev->dev_addr[2] && 818 sadr[11] == dev->dev_addr[3] && 819 sadr[12] == dev->dev_addr[4] && 820 sadr[13] == dev->dev_addr[5]) { 821 /* looped-back to us */ 822 goto out; 823 } 824 } 825 826 /* 827 * We are colliding with another node 828 * who is doing DAD 829 * so fail our DAD process 830 */ 831 addrconf_dad_failure(ifp); 832 return; 833 } else { 834 /* 835 * This is not a dad solicitation. 836 * If we are an optimistic node, 837 * we should respond. 838 * Otherwise, we should ignore it. 839 */ 840 if (!(ifp->flags & IFA_F_OPTIMISTIC)) 841 goto out; 842 } 843 } 844 845 idev = ifp->idev; 846 } else { 847 struct net *net = dev_net(dev); 848 849 idev = in6_dev_get(dev); 850 if (!idev) { 851 /* XXX: count this drop? */ 852 return; 853 } 854 855 if (ipv6_chk_acast_addr(net, dev, &msg->target) || 856 (idev->cnf.forwarding && 857 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) && 858 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) { 859 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) && 860 skb->pkt_type != PACKET_HOST && 861 inc != 0 && 862 idev->nd_parms->proxy_delay != 0) { 863 /* 864 * for anycast or proxy, 865 * sender should delay its response 866 * by a random time between 0 and 867 * MAX_ANYCAST_DELAY_TIME seconds. 868 * (RFC2461) -- yoshfuji 869 */ 870 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC); 871 if (n) 872 pneigh_enqueue(&nd_tbl, idev->nd_parms, n); 873 goto out; 874 } 875 } else 876 goto out; 877 } 878 879 if (is_router < 0) 880 is_router = !!idev->cnf.forwarding; 881 882 if (dad) { 883 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &msg->target, 884 is_router, 0, (ifp != NULL), 1); 885 goto out; 886 } 887 888 if (inc) 889 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast); 890 else 891 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast); 892 893 /* 894 * update / create cache entry 895 * for the source address 896 */ 897 neigh = __neigh_lookup(&nd_tbl, saddr, dev, 898 !inc || lladdr || !dev->addr_len); 899 if (neigh) 900 neigh_update(neigh, lladdr, NUD_STALE, 901 NEIGH_UPDATE_F_WEAK_OVERRIDE| 902 NEIGH_UPDATE_F_OVERRIDE); 903 if (neigh || !dev->header_ops) { 904 ndisc_send_na(dev, neigh, saddr, &msg->target, 905 is_router, 906 1, (ifp != NULL && inc), inc); 907 if (neigh) 908 neigh_release(neigh); 909 } 910 911 out: 912 if (ifp) 913 in6_ifa_put(ifp); 914 else 915 in6_dev_put(idev); 916 } 917 918 static void ndisc_recv_na(struct sk_buff *skb) 919 { 920 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb); 921 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 922 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr; 923 u8 *lladdr = NULL; 924 u32 ndoptlen = skb->tail - (skb->transport_header + 925 offsetof(struct nd_msg, opt)); 926 struct ndisc_options ndopts; 927 struct net_device *dev = skb->dev; 928 struct inet6_ifaddr *ifp; 929 struct neighbour *neigh; 930 931 if (skb->len < sizeof(struct nd_msg)) { 932 ND_PRINTK2(KERN_WARNING 933 "ICMPv6 NA: packet too short\n"); 934 return; 935 } 936 937 if (ipv6_addr_is_multicast(&msg->target)) { 938 ND_PRINTK2(KERN_WARNING 939 "ICMPv6 NA: target address is multicast.\n"); 940 return; 941 } 942 943 if (ipv6_addr_is_multicast(daddr) && 944 msg->icmph.icmp6_solicited) { 945 ND_PRINTK2(KERN_WARNING 946 "ICMPv6 NA: solicited NA is multicasted.\n"); 947 return; 948 } 949 950 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) { 951 ND_PRINTK2(KERN_WARNING 952 "ICMPv6 NS: invalid ND option\n"); 953 return; 954 } 955 if (ndopts.nd_opts_tgt_lladdr) { 956 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev); 957 if (!lladdr) { 958 ND_PRINTK2(KERN_WARNING 959 "ICMPv6 NA: invalid link-layer address length\n"); 960 return; 961 } 962 } 963 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1); 964 if (ifp) { 965 if (skb->pkt_type != PACKET_LOOPBACK 966 && (ifp->flags & IFA_F_TENTATIVE)) { 967 addrconf_dad_failure(ifp); 968 return; 969 } 970 /* What should we make now? The advertisement 971 is invalid, but ndisc specs say nothing 972 about it. It could be misconfiguration, or 973 an smart proxy agent tries to help us :-) 974 975 We should not print the error if NA has been 976 received from loopback - it is just our own 977 unsolicited advertisement. 978 */ 979 if (skb->pkt_type != PACKET_LOOPBACK) 980 ND_PRINTK1(KERN_WARNING 981 "ICMPv6 NA: someone advertises our address %pI6 on %s!\n", 982 &ifp->addr, ifp->idev->dev->name); 983 in6_ifa_put(ifp); 984 return; 985 } 986 neigh = neigh_lookup(&nd_tbl, &msg->target, dev); 987 988 if (neigh) { 989 u8 old_flags = neigh->flags; 990 struct net *net = dev_net(dev); 991 992 if (neigh->nud_state & NUD_FAILED) 993 goto out; 994 995 /* 996 * Don't update the neighbor cache entry on a proxy NA from 997 * ourselves because either the proxied node is off link or it 998 * has already sent a NA to us. 999 */ 1000 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) && 1001 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp && 1002 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) { 1003 /* XXX: idev->cnf.prixy_ndp */ 1004 goto out; 1005 } 1006 1007 neigh_update(neigh, lladdr, 1008 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE, 1009 NEIGH_UPDATE_F_WEAK_OVERRIDE| 1010 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)| 1011 NEIGH_UPDATE_F_OVERRIDE_ISROUTER| 1012 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0)); 1013 1014 if ((old_flags & ~neigh->flags) & NTF_ROUTER) { 1015 /* 1016 * Change: router to host 1017 */ 1018 struct rt6_info *rt; 1019 rt = rt6_get_dflt_router(saddr, dev); 1020 if (rt) 1021 ip6_del_rt(rt); 1022 } 1023 1024 out: 1025 neigh_release(neigh); 1026 } 1027 } 1028 1029 static void ndisc_recv_rs(struct sk_buff *skb) 1030 { 1031 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb); 1032 unsigned long ndoptlen = skb->len - sizeof(*rs_msg); 1033 struct neighbour *neigh; 1034 struct inet6_dev *idev; 1035 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 1036 struct ndisc_options ndopts; 1037 u8 *lladdr = NULL; 1038 1039 if (skb->len < sizeof(*rs_msg)) 1040 return; 1041 1042 idev = in6_dev_get(skb->dev); 1043 if (!idev) { 1044 if (net_ratelimit()) 1045 ND_PRINTK1("ICMP6 RS: can't find in6 device\n"); 1046 return; 1047 } 1048 1049 /* Don't accept RS if we're not in router mode */ 1050 if (!idev->cnf.forwarding) 1051 goto out; 1052 1053 /* 1054 * Don't update NCE if src = ::; 1055 * this implies that the source node has no ip address assigned yet. 1056 */ 1057 if (ipv6_addr_any(saddr)) 1058 goto out; 1059 1060 /* Parse ND options */ 1061 if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) { 1062 if (net_ratelimit()) 1063 ND_PRINTK2("ICMP6 NS: invalid ND option, ignored\n"); 1064 goto out; 1065 } 1066 1067 if (ndopts.nd_opts_src_lladdr) { 1068 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, 1069 skb->dev); 1070 if (!lladdr) 1071 goto out; 1072 } 1073 1074 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1); 1075 if (neigh) { 1076 neigh_update(neigh, lladdr, NUD_STALE, 1077 NEIGH_UPDATE_F_WEAK_OVERRIDE| 1078 NEIGH_UPDATE_F_OVERRIDE| 1079 NEIGH_UPDATE_F_OVERRIDE_ISROUTER); 1080 neigh_release(neigh); 1081 } 1082 out: 1083 in6_dev_put(idev); 1084 } 1085 1086 static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt) 1087 { 1088 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra); 1089 struct sk_buff *skb; 1090 struct nlmsghdr *nlh; 1091 struct nduseroptmsg *ndmsg; 1092 struct net *net = dev_net(ra->dev); 1093 int err; 1094 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg) 1095 + (opt->nd_opt_len << 3)); 1096 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr)); 1097 1098 skb = nlmsg_new(msg_size, GFP_ATOMIC); 1099 if (skb == NULL) { 1100 err = -ENOBUFS; 1101 goto errout; 1102 } 1103 1104 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0); 1105 if (nlh == NULL) { 1106 goto nla_put_failure; 1107 } 1108 1109 ndmsg = nlmsg_data(nlh); 1110 ndmsg->nduseropt_family = AF_INET6; 1111 ndmsg->nduseropt_ifindex = ra->dev->ifindex; 1112 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type; 1113 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code; 1114 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3; 1115 1116 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3); 1117 1118 NLA_PUT(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr), 1119 &ipv6_hdr(ra)->saddr); 1120 nlmsg_end(skb, nlh); 1121 1122 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC); 1123 return; 1124 1125 nla_put_failure: 1126 nlmsg_free(skb); 1127 err = -EMSGSIZE; 1128 errout: 1129 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err); 1130 } 1131 1132 static inline int accept_ra(struct inet6_dev *in6_dev) 1133 { 1134 /* 1135 * If forwarding is enabled, RA are not accepted unless the special 1136 * hybrid mode (accept_ra=2) is enabled. 1137 */ 1138 if (in6_dev->cnf.forwarding && in6_dev->cnf.accept_ra < 2) 1139 return 0; 1140 1141 return in6_dev->cnf.accept_ra; 1142 } 1143 1144 static void ndisc_router_discovery(struct sk_buff *skb) 1145 { 1146 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb); 1147 struct neighbour *neigh = NULL; 1148 struct inet6_dev *in6_dev; 1149 struct rt6_info *rt = NULL; 1150 int lifetime; 1151 struct ndisc_options ndopts; 1152 int optlen; 1153 unsigned int pref = 0; 1154 1155 __u8 * opt = (__u8 *)(ra_msg + 1); 1156 1157 optlen = (skb->tail - skb->transport_header) - sizeof(struct ra_msg); 1158 1159 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) { 1160 ND_PRINTK2(KERN_WARNING 1161 "ICMPv6 RA: source address is not link-local.\n"); 1162 return; 1163 } 1164 if (optlen < 0) { 1165 ND_PRINTK2(KERN_WARNING 1166 "ICMPv6 RA: packet too short\n"); 1167 return; 1168 } 1169 1170 #ifdef CONFIG_IPV6_NDISC_NODETYPE 1171 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) { 1172 ND_PRINTK2(KERN_WARNING 1173 "ICMPv6 RA: from host or unauthorized router\n"); 1174 return; 1175 } 1176 #endif 1177 1178 /* 1179 * set the RA_RECV flag in the interface 1180 */ 1181 1182 in6_dev = in6_dev_get(skb->dev); 1183 if (in6_dev == NULL) { 1184 ND_PRINTK0(KERN_ERR 1185 "ICMPv6 RA: can't find inet6 device for %s.\n", 1186 skb->dev->name); 1187 return; 1188 } 1189 1190 if (!ndisc_parse_options(opt, optlen, &ndopts)) { 1191 in6_dev_put(in6_dev); 1192 ND_PRINTK2(KERN_WARNING 1193 "ICMP6 RA: invalid ND options\n"); 1194 return; 1195 } 1196 1197 if (!accept_ra(in6_dev)) 1198 goto skip_linkparms; 1199 1200 #ifdef CONFIG_IPV6_NDISC_NODETYPE 1201 /* skip link-specific parameters from interior routers */ 1202 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) 1203 goto skip_linkparms; 1204 #endif 1205 1206 if (in6_dev->if_flags & IF_RS_SENT) { 1207 /* 1208 * flag that an RA was received after an RS was sent 1209 * out on this interface. 1210 */ 1211 in6_dev->if_flags |= IF_RA_RCVD; 1212 } 1213 1214 /* 1215 * Remember the managed/otherconf flags from most recently 1216 * received RA message (RFC 2462) -- yoshfuji 1217 */ 1218 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED | 1219 IF_RA_OTHERCONF)) | 1220 (ra_msg->icmph.icmp6_addrconf_managed ? 1221 IF_RA_MANAGED : 0) | 1222 (ra_msg->icmph.icmp6_addrconf_other ? 1223 IF_RA_OTHERCONF : 0); 1224 1225 if (!in6_dev->cnf.accept_ra_defrtr) 1226 goto skip_defrtr; 1227 1228 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime); 1229 1230 #ifdef CONFIG_IPV6_ROUTER_PREF 1231 pref = ra_msg->icmph.icmp6_router_pref; 1232 /* 10b is handled as if it were 00b (medium) */ 1233 if (pref == ICMPV6_ROUTER_PREF_INVALID || 1234 !in6_dev->cnf.accept_ra_rtr_pref) 1235 pref = ICMPV6_ROUTER_PREF_MEDIUM; 1236 #endif 1237 1238 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev); 1239 1240 if (rt) 1241 neigh = dst_get_neighbour(&rt->dst); 1242 1243 if (rt && lifetime == 0) { 1244 neigh_clone(neigh); 1245 ip6_del_rt(rt); 1246 rt = NULL; 1247 } 1248 1249 if (rt == NULL && lifetime) { 1250 ND_PRINTK3(KERN_DEBUG 1251 "ICMPv6 RA: adding default router.\n"); 1252 1253 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref); 1254 if (rt == NULL) { 1255 ND_PRINTK0(KERN_ERR 1256 "ICMPv6 RA: %s() failed to add default route.\n", 1257 __func__); 1258 in6_dev_put(in6_dev); 1259 return; 1260 } 1261 1262 neigh = dst_get_neighbour(&rt->dst); 1263 if (neigh == NULL) { 1264 ND_PRINTK0(KERN_ERR 1265 "ICMPv6 RA: %s() got default router without neighbour.\n", 1266 __func__); 1267 dst_release(&rt->dst); 1268 in6_dev_put(in6_dev); 1269 return; 1270 } 1271 neigh->flags |= NTF_ROUTER; 1272 } else if (rt) { 1273 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref); 1274 } 1275 1276 if (rt) 1277 rt->rt6i_expires = jiffies + (HZ * lifetime); 1278 1279 if (ra_msg->icmph.icmp6_hop_limit) { 1280 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit; 1281 if (rt) 1282 dst_metric_set(&rt->dst, RTAX_HOPLIMIT, 1283 ra_msg->icmph.icmp6_hop_limit); 1284 } 1285 1286 skip_defrtr: 1287 1288 /* 1289 * Update Reachable Time and Retrans Timer 1290 */ 1291 1292 if (in6_dev->nd_parms) { 1293 unsigned long rtime = ntohl(ra_msg->retrans_timer); 1294 1295 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) { 1296 rtime = (rtime*HZ)/1000; 1297 if (rtime < HZ/10) 1298 rtime = HZ/10; 1299 in6_dev->nd_parms->retrans_time = rtime; 1300 in6_dev->tstamp = jiffies; 1301 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev); 1302 } 1303 1304 rtime = ntohl(ra_msg->reachable_time); 1305 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) { 1306 rtime = (rtime*HZ)/1000; 1307 1308 if (rtime < HZ/10) 1309 rtime = HZ/10; 1310 1311 if (rtime != in6_dev->nd_parms->base_reachable_time) { 1312 in6_dev->nd_parms->base_reachable_time = rtime; 1313 in6_dev->nd_parms->gc_staletime = 3 * rtime; 1314 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime); 1315 in6_dev->tstamp = jiffies; 1316 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev); 1317 } 1318 } 1319 } 1320 1321 skip_linkparms: 1322 1323 /* 1324 * Process options. 1325 */ 1326 1327 if (!neigh) 1328 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr, 1329 skb->dev, 1); 1330 if (neigh) { 1331 u8 *lladdr = NULL; 1332 if (ndopts.nd_opts_src_lladdr) { 1333 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, 1334 skb->dev); 1335 if (!lladdr) { 1336 ND_PRINTK2(KERN_WARNING 1337 "ICMPv6 RA: invalid link-layer address length\n"); 1338 goto out; 1339 } 1340 } 1341 neigh_update(neigh, lladdr, NUD_STALE, 1342 NEIGH_UPDATE_F_WEAK_OVERRIDE| 1343 NEIGH_UPDATE_F_OVERRIDE| 1344 NEIGH_UPDATE_F_OVERRIDE_ISROUTER| 1345 NEIGH_UPDATE_F_ISROUTER); 1346 } 1347 1348 if (!accept_ra(in6_dev)) 1349 goto out; 1350 1351 #ifdef CONFIG_IPV6_ROUTE_INFO 1352 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) { 1353 struct nd_opt_hdr *p; 1354 for (p = ndopts.nd_opts_ri; 1355 p; 1356 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) { 1357 struct route_info *ri = (struct route_info *)p; 1358 #ifdef CONFIG_IPV6_NDISC_NODETYPE 1359 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT && 1360 ri->prefix_len == 0) 1361 continue; 1362 #endif 1363 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen) 1364 continue; 1365 rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3, 1366 &ipv6_hdr(skb)->saddr); 1367 } 1368 } 1369 #endif 1370 1371 #ifdef CONFIG_IPV6_NDISC_NODETYPE 1372 /* skip link-specific ndopts from interior routers */ 1373 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) 1374 goto out; 1375 #endif 1376 1377 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) { 1378 struct nd_opt_hdr *p; 1379 for (p = ndopts.nd_opts_pi; 1380 p; 1381 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) { 1382 addrconf_prefix_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3); 1383 } 1384 } 1385 1386 if (ndopts.nd_opts_mtu) { 1387 __be32 n; 1388 u32 mtu; 1389 1390 memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu)); 1391 mtu = ntohl(n); 1392 1393 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) { 1394 ND_PRINTK2(KERN_WARNING 1395 "ICMPv6 RA: invalid mtu: %d\n", 1396 mtu); 1397 } else if (in6_dev->cnf.mtu6 != mtu) { 1398 in6_dev->cnf.mtu6 = mtu; 1399 1400 if (rt) 1401 dst_metric_set(&rt->dst, RTAX_MTU, mtu); 1402 1403 rt6_mtu_change(skb->dev, mtu); 1404 } 1405 } 1406 1407 if (ndopts.nd_useropts) { 1408 struct nd_opt_hdr *p; 1409 for (p = ndopts.nd_useropts; 1410 p; 1411 p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) { 1412 ndisc_ra_useropt(skb, p); 1413 } 1414 } 1415 1416 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) { 1417 ND_PRINTK2(KERN_WARNING 1418 "ICMPv6 RA: invalid RA options"); 1419 } 1420 out: 1421 if (rt) 1422 dst_release(&rt->dst); 1423 else if (neigh) 1424 neigh_release(neigh); 1425 in6_dev_put(in6_dev); 1426 } 1427 1428 static void ndisc_redirect_rcv(struct sk_buff *skb) 1429 { 1430 struct inet6_dev *in6_dev; 1431 struct icmp6hdr *icmph; 1432 const struct in6_addr *dest; 1433 const struct in6_addr *target; /* new first hop to destination */ 1434 struct neighbour *neigh; 1435 int on_link = 0; 1436 struct ndisc_options ndopts; 1437 int optlen; 1438 u8 *lladdr = NULL; 1439 1440 #ifdef CONFIG_IPV6_NDISC_NODETYPE 1441 switch (skb->ndisc_nodetype) { 1442 case NDISC_NODETYPE_HOST: 1443 case NDISC_NODETYPE_NODEFAULT: 1444 ND_PRINTK2(KERN_WARNING 1445 "ICMPv6 Redirect: from host or unauthorized router\n"); 1446 return; 1447 } 1448 #endif 1449 1450 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) { 1451 ND_PRINTK2(KERN_WARNING 1452 "ICMPv6 Redirect: source address is not link-local.\n"); 1453 return; 1454 } 1455 1456 optlen = skb->tail - skb->transport_header; 1457 optlen -= sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr); 1458 1459 if (optlen < 0) { 1460 ND_PRINTK2(KERN_WARNING 1461 "ICMPv6 Redirect: packet too short\n"); 1462 return; 1463 } 1464 1465 icmph = icmp6_hdr(skb); 1466 target = (const struct in6_addr *) (icmph + 1); 1467 dest = target + 1; 1468 1469 if (ipv6_addr_is_multicast(dest)) { 1470 ND_PRINTK2(KERN_WARNING 1471 "ICMPv6 Redirect: destination address is multicast.\n"); 1472 return; 1473 } 1474 1475 if (ipv6_addr_equal(dest, target)) { 1476 on_link = 1; 1477 } else if (ipv6_addr_type(target) != 1478 (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) { 1479 ND_PRINTK2(KERN_WARNING 1480 "ICMPv6 Redirect: target address is not link-local unicast.\n"); 1481 return; 1482 } 1483 1484 in6_dev = in6_dev_get(skb->dev); 1485 if (!in6_dev) 1486 return; 1487 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects) { 1488 in6_dev_put(in6_dev); 1489 return; 1490 } 1491 1492 /* RFC2461 8.1: 1493 * The IP source address of the Redirect MUST be the same as the current 1494 * first-hop router for the specified ICMP Destination Address. 1495 */ 1496 1497 if (!ndisc_parse_options((u8*)(dest + 1), optlen, &ndopts)) { 1498 ND_PRINTK2(KERN_WARNING 1499 "ICMPv6 Redirect: invalid ND options\n"); 1500 in6_dev_put(in6_dev); 1501 return; 1502 } 1503 if (ndopts.nd_opts_tgt_lladdr) { 1504 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, 1505 skb->dev); 1506 if (!lladdr) { 1507 ND_PRINTK2(KERN_WARNING 1508 "ICMPv6 Redirect: invalid link-layer address length\n"); 1509 in6_dev_put(in6_dev); 1510 return; 1511 } 1512 } 1513 1514 neigh = __neigh_lookup(&nd_tbl, target, skb->dev, 1); 1515 if (neigh) { 1516 rt6_redirect(dest, &ipv6_hdr(skb)->daddr, 1517 &ipv6_hdr(skb)->saddr, neigh, lladdr, 1518 on_link); 1519 neigh_release(neigh); 1520 } 1521 in6_dev_put(in6_dev); 1522 } 1523 1524 void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh, 1525 const struct in6_addr *target) 1526 { 1527 struct net_device *dev = skb->dev; 1528 struct net *net = dev_net(dev); 1529 struct sock *sk = net->ipv6.ndisc_sk; 1530 int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr); 1531 struct sk_buff *buff; 1532 struct icmp6hdr *icmph; 1533 struct in6_addr saddr_buf; 1534 struct in6_addr *addrp; 1535 struct rt6_info *rt; 1536 struct dst_entry *dst; 1537 struct inet6_dev *idev; 1538 struct flowi6 fl6; 1539 u8 *opt; 1540 int rd_len; 1541 int err; 1542 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL; 1543 1544 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) { 1545 ND_PRINTK2(KERN_WARNING 1546 "ICMPv6 Redirect: no link-local address on %s\n", 1547 dev->name); 1548 return; 1549 } 1550 1551 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) && 1552 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) { 1553 ND_PRINTK2(KERN_WARNING 1554 "ICMPv6 Redirect: target address is not link-local unicast.\n"); 1555 return; 1556 } 1557 1558 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT, 1559 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex); 1560 1561 dst = ip6_route_output(net, NULL, &fl6); 1562 if (dst == NULL) 1563 return; 1564 1565 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0); 1566 if (IS_ERR(dst)) 1567 return; 1568 1569 rt = (struct rt6_info *) dst; 1570 1571 if (rt->rt6i_flags & RTF_GATEWAY) { 1572 ND_PRINTK2(KERN_WARNING 1573 "ICMPv6 Redirect: destination is not a neighbour.\n"); 1574 goto release; 1575 } 1576 if (!rt->rt6i_peer) 1577 rt6_bind_peer(rt, 1); 1578 if (inet_peer_xrlim_allow(rt->rt6i_peer, 1*HZ)) 1579 goto release; 1580 1581 if (dev->addr_len) { 1582 read_lock_bh(&neigh->lock); 1583 if (neigh->nud_state & NUD_VALID) { 1584 memcpy(ha_buf, neigh->ha, dev->addr_len); 1585 read_unlock_bh(&neigh->lock); 1586 ha = ha_buf; 1587 len += ndisc_opt_addr_space(dev); 1588 } else 1589 read_unlock_bh(&neigh->lock); 1590 } 1591 1592 rd_len = min_t(unsigned int, 1593 IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8); 1594 rd_len &= ~0x7; 1595 len += rd_len; 1596 1597 buff = sock_alloc_send_skb(sk, 1598 (MAX_HEADER + sizeof(struct ipv6hdr) + 1599 len + LL_ALLOCATED_SPACE(dev)), 1600 1, &err); 1601 if (buff == NULL) { 1602 ND_PRINTK0(KERN_ERR 1603 "ICMPv6 Redirect: %s() failed to allocate an skb, err=%d.\n", 1604 __func__, err); 1605 goto release; 1606 } 1607 1608 skb_reserve(buff, LL_RESERVED_SPACE(dev)); 1609 ip6_nd_hdr(sk, buff, dev, &saddr_buf, &ipv6_hdr(skb)->saddr, 1610 IPPROTO_ICMPV6, len); 1611 1612 skb_set_transport_header(buff, skb_tail_pointer(buff) - buff->data); 1613 skb_put(buff, len); 1614 icmph = icmp6_hdr(buff); 1615 1616 memset(icmph, 0, sizeof(struct icmp6hdr)); 1617 icmph->icmp6_type = NDISC_REDIRECT; 1618 1619 /* 1620 * copy target and destination addresses 1621 */ 1622 1623 addrp = (struct in6_addr *)(icmph + 1); 1624 ipv6_addr_copy(addrp, target); 1625 addrp++; 1626 ipv6_addr_copy(addrp, &ipv6_hdr(skb)->daddr); 1627 1628 opt = (u8*) (addrp + 1); 1629 1630 /* 1631 * include target_address option 1632 */ 1633 1634 if (ha) 1635 opt = ndisc_fill_addr_option(opt, ND_OPT_TARGET_LL_ADDR, ha, 1636 dev->addr_len, dev->type); 1637 1638 /* 1639 * build redirect option and copy skb over to the new packet. 1640 */ 1641 1642 memset(opt, 0, 8); 1643 *(opt++) = ND_OPT_REDIRECT_HDR; 1644 *(opt++) = (rd_len >> 3); 1645 opt += 6; 1646 1647 memcpy(opt, ipv6_hdr(skb), rd_len - 8); 1648 1649 icmph->icmp6_cksum = csum_ipv6_magic(&saddr_buf, &ipv6_hdr(skb)->saddr, 1650 len, IPPROTO_ICMPV6, 1651 csum_partial(icmph, len, 0)); 1652 1653 skb_dst_set(buff, dst); 1654 idev = in6_dev_get(dst->dev); 1655 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len); 1656 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, buff, NULL, dst->dev, 1657 dst_output); 1658 if (!err) { 1659 ICMP6MSGOUT_INC_STATS(net, idev, NDISC_REDIRECT); 1660 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS); 1661 } 1662 1663 if (likely(idev != NULL)) 1664 in6_dev_put(idev); 1665 return; 1666 1667 release: 1668 dst_release(dst); 1669 } 1670 1671 static void pndisc_redo(struct sk_buff *skb) 1672 { 1673 ndisc_recv_ns(skb); 1674 kfree_skb(skb); 1675 } 1676 1677 int ndisc_rcv(struct sk_buff *skb) 1678 { 1679 struct nd_msg *msg; 1680 1681 if (!pskb_may_pull(skb, skb->len)) 1682 return 0; 1683 1684 msg = (struct nd_msg *)skb_transport_header(skb); 1685 1686 __skb_push(skb, skb->data - skb_transport_header(skb)); 1687 1688 if (ipv6_hdr(skb)->hop_limit != 255) { 1689 ND_PRINTK2(KERN_WARNING 1690 "ICMPv6 NDISC: invalid hop-limit: %d\n", 1691 ipv6_hdr(skb)->hop_limit); 1692 return 0; 1693 } 1694 1695 if (msg->icmph.icmp6_code != 0) { 1696 ND_PRINTK2(KERN_WARNING 1697 "ICMPv6 NDISC: invalid ICMPv6 code: %d\n", 1698 msg->icmph.icmp6_code); 1699 return 0; 1700 } 1701 1702 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb)); 1703 1704 switch (msg->icmph.icmp6_type) { 1705 case NDISC_NEIGHBOUR_SOLICITATION: 1706 ndisc_recv_ns(skb); 1707 break; 1708 1709 case NDISC_NEIGHBOUR_ADVERTISEMENT: 1710 ndisc_recv_na(skb); 1711 break; 1712 1713 case NDISC_ROUTER_SOLICITATION: 1714 ndisc_recv_rs(skb); 1715 break; 1716 1717 case NDISC_ROUTER_ADVERTISEMENT: 1718 ndisc_router_discovery(skb); 1719 break; 1720 1721 case NDISC_REDIRECT: 1722 ndisc_redirect_rcv(skb); 1723 break; 1724 } 1725 1726 return 0; 1727 } 1728 1729 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr) 1730 { 1731 struct net_device *dev = ptr; 1732 struct net *net = dev_net(dev); 1733 1734 switch (event) { 1735 case NETDEV_CHANGEADDR: 1736 neigh_changeaddr(&nd_tbl, dev); 1737 fib6_run_gc(~0UL, net); 1738 break; 1739 case NETDEV_DOWN: 1740 neigh_ifdown(&nd_tbl, dev); 1741 fib6_run_gc(~0UL, net); 1742 break; 1743 case NETDEV_NOTIFY_PEERS: 1744 ndisc_send_unsol_na(dev); 1745 break; 1746 default: 1747 break; 1748 } 1749 1750 return NOTIFY_DONE; 1751 } 1752 1753 static struct notifier_block ndisc_netdev_notifier = { 1754 .notifier_call = ndisc_netdev_event, 1755 }; 1756 1757 #ifdef CONFIG_SYSCTL 1758 static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl, 1759 const char *func, const char *dev_name) 1760 { 1761 static char warncomm[TASK_COMM_LEN]; 1762 static int warned; 1763 if (strcmp(warncomm, current->comm) && warned < 5) { 1764 strcpy(warncomm, current->comm); 1765 printk(KERN_WARNING 1766 "process `%s' is using deprecated sysctl (%s) " 1767 "net.ipv6.neigh.%s.%s; " 1768 "Use net.ipv6.neigh.%s.%s_ms " 1769 "instead.\n", 1770 warncomm, func, 1771 dev_name, ctl->procname, 1772 dev_name, ctl->procname); 1773 warned++; 1774 } 1775 } 1776 1777 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos) 1778 { 1779 struct net_device *dev = ctl->extra1; 1780 struct inet6_dev *idev; 1781 int ret; 1782 1783 if ((strcmp(ctl->procname, "retrans_time") == 0) || 1784 (strcmp(ctl->procname, "base_reachable_time") == 0)) 1785 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default"); 1786 1787 if (strcmp(ctl->procname, "retrans_time") == 0) 1788 ret = proc_dointvec(ctl, write, buffer, lenp, ppos); 1789 1790 else if (strcmp(ctl->procname, "base_reachable_time") == 0) 1791 ret = proc_dointvec_jiffies(ctl, write, 1792 buffer, lenp, ppos); 1793 1794 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) || 1795 (strcmp(ctl->procname, "base_reachable_time_ms") == 0)) 1796 ret = proc_dointvec_ms_jiffies(ctl, write, 1797 buffer, lenp, ppos); 1798 else 1799 ret = -1; 1800 1801 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) { 1802 if (ctl->data == &idev->nd_parms->base_reachable_time) 1803 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time); 1804 idev->tstamp = jiffies; 1805 inet6_ifinfo_notify(RTM_NEWLINK, idev); 1806 in6_dev_put(idev); 1807 } 1808 return ret; 1809 } 1810 1811 1812 #endif 1813 1814 static int __net_init ndisc_net_init(struct net *net) 1815 { 1816 struct ipv6_pinfo *np; 1817 struct sock *sk; 1818 int err; 1819 1820 err = inet_ctl_sock_create(&sk, PF_INET6, 1821 SOCK_RAW, IPPROTO_ICMPV6, net); 1822 if (err < 0) { 1823 ND_PRINTK0(KERN_ERR 1824 "ICMPv6 NDISC: Failed to initialize the control socket (err %d).\n", 1825 err); 1826 return err; 1827 } 1828 1829 net->ipv6.ndisc_sk = sk; 1830 1831 np = inet6_sk(sk); 1832 np->hop_limit = 255; 1833 /* Do not loopback ndisc messages */ 1834 np->mc_loop = 0; 1835 1836 return 0; 1837 } 1838 1839 static void __net_exit ndisc_net_exit(struct net *net) 1840 { 1841 inet_ctl_sock_destroy(net->ipv6.ndisc_sk); 1842 } 1843 1844 static struct pernet_operations ndisc_net_ops = { 1845 .init = ndisc_net_init, 1846 .exit = ndisc_net_exit, 1847 }; 1848 1849 int __init ndisc_init(void) 1850 { 1851 int err; 1852 1853 err = register_pernet_subsys(&ndisc_net_ops); 1854 if (err) 1855 return err; 1856 /* 1857 * Initialize the neighbour table 1858 */ 1859 neigh_table_init(&nd_tbl); 1860 1861 #ifdef CONFIG_SYSCTL 1862 err = neigh_sysctl_register(NULL, &nd_tbl.parms, "ipv6", 1863 &ndisc_ifinfo_sysctl_change); 1864 if (err) 1865 goto out_unregister_pernet; 1866 #endif 1867 err = register_netdevice_notifier(&ndisc_netdev_notifier); 1868 if (err) 1869 goto out_unregister_sysctl; 1870 out: 1871 return err; 1872 1873 out_unregister_sysctl: 1874 #ifdef CONFIG_SYSCTL 1875 neigh_sysctl_unregister(&nd_tbl.parms); 1876 out_unregister_pernet: 1877 #endif 1878 unregister_pernet_subsys(&ndisc_net_ops); 1879 goto out; 1880 } 1881 1882 void ndisc_cleanup(void) 1883 { 1884 unregister_netdevice_notifier(&ndisc_netdev_notifier); 1885 #ifdef CONFIG_SYSCTL 1886 neigh_sysctl_unregister(&nd_tbl.parms); 1887 #endif 1888 neigh_table_clear(&nd_tbl); 1889 unregister_pernet_subsys(&ndisc_net_ops); 1890 } 1891