1 /* 2 * Neighbour Discovery for IPv6 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * Mike Shaver <shaver@ingenia.com> 8 * 9 * This program is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU General Public License 11 * as published by the Free Software Foundation; either version 12 * 2 of the License, or (at your option) any later version. 13 */ 14 15 /* 16 * Changes: 17 * 18 * Alexey I. Froloff : RFC6106 (DNSSL) support 19 * Pierre Ynard : export userland ND options 20 * through netlink (RDNSS support) 21 * Lars Fenneberg : fixed MTU setting on receipt 22 * of an RA. 23 * Janos Farkas : kmalloc failure checks 24 * Alexey Kuznetsov : state machine reworked 25 * and moved to net/core. 26 * Pekka Savola : RFC2461 validation 27 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly 28 */ 29 30 #define pr_fmt(fmt) "ICMPv6: " fmt 31 32 #include <linux/module.h> 33 #include <linux/errno.h> 34 #include <linux/types.h> 35 #include <linux/socket.h> 36 #include <linux/sockios.h> 37 #include <linux/sched.h> 38 #include <linux/net.h> 39 #include <linux/in6.h> 40 #include <linux/route.h> 41 #include <linux/init.h> 42 #include <linux/rcupdate.h> 43 #include <linux/slab.h> 44 #ifdef CONFIG_SYSCTL 45 #include <linux/sysctl.h> 46 #endif 47 48 #include <linux/if_addr.h> 49 #include <linux/if_arp.h> 50 #include <linux/ipv6.h> 51 #include <linux/icmpv6.h> 52 #include <linux/jhash.h> 53 54 #include <net/sock.h> 55 #include <net/snmp.h> 56 57 #include <net/ipv6.h> 58 #include <net/protocol.h> 59 #include <net/ndisc.h> 60 #include <net/ip6_route.h> 61 #include <net/addrconf.h> 62 #include <net/icmp.h> 63 64 #include <net/netlink.h> 65 #include <linux/rtnetlink.h> 66 67 #include <net/flow.h> 68 #include <net/ip6_checksum.h> 69 #include <net/inet_common.h> 70 #include <linux/proc_fs.h> 71 72 #include <linux/netfilter.h> 73 #include <linux/netfilter_ipv6.h> 74 75 /* Set to 3 to get tracing... */ 76 #define ND_DEBUG 1 77 78 #define ND_PRINTK(val, level, fmt, ...) \ 79 do { \ 80 if (val <= ND_DEBUG) \ 81 net_##level##_ratelimited(fmt, ##__VA_ARGS__); \ 82 } while (0) 83 84 static u32 ndisc_hash(const void *pkey, 85 const struct net_device *dev, 86 __u32 *hash_rnd); 87 static bool ndisc_key_eq(const struct neighbour *neigh, const void *pkey); 88 static int ndisc_constructor(struct neighbour *neigh); 89 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb); 90 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb); 91 static int pndisc_constructor(struct pneigh_entry *n); 92 static void pndisc_destructor(struct pneigh_entry *n); 93 static void pndisc_redo(struct sk_buff *skb); 94 95 static const struct neigh_ops ndisc_generic_ops = { 96 .family = AF_INET6, 97 .solicit = ndisc_solicit, 98 .error_report = ndisc_error_report, 99 .output = neigh_resolve_output, 100 .connected_output = neigh_connected_output, 101 }; 102 103 static const struct neigh_ops ndisc_hh_ops = { 104 .family = AF_INET6, 105 .solicit = ndisc_solicit, 106 .error_report = ndisc_error_report, 107 .output = neigh_resolve_output, 108 .connected_output = neigh_resolve_output, 109 }; 110 111 112 static const struct neigh_ops ndisc_direct_ops = { 113 .family = AF_INET6, 114 .output = neigh_direct_output, 115 .connected_output = neigh_direct_output, 116 }; 117 118 struct neigh_table nd_tbl = { 119 .family = AF_INET6, 120 .key_len = sizeof(struct in6_addr), 121 .protocol = cpu_to_be16(ETH_P_IPV6), 122 .hash = ndisc_hash, 123 .key_eq = ndisc_key_eq, 124 .constructor = ndisc_constructor, 125 .pconstructor = pndisc_constructor, 126 .pdestructor = pndisc_destructor, 127 .proxy_redo = pndisc_redo, 128 .id = "ndisc_cache", 129 .parms = { 130 .tbl = &nd_tbl, 131 .reachable_time = ND_REACHABLE_TIME, 132 .data = { 133 [NEIGH_VAR_MCAST_PROBES] = 3, 134 [NEIGH_VAR_UCAST_PROBES] = 3, 135 [NEIGH_VAR_RETRANS_TIME] = ND_RETRANS_TIMER, 136 [NEIGH_VAR_BASE_REACHABLE_TIME] = ND_REACHABLE_TIME, 137 [NEIGH_VAR_DELAY_PROBE_TIME] = 5 * HZ, 138 [NEIGH_VAR_GC_STALETIME] = 60 * HZ, 139 [NEIGH_VAR_QUEUE_LEN_BYTES] = 64 * 1024, 140 [NEIGH_VAR_PROXY_QLEN] = 64, 141 [NEIGH_VAR_ANYCAST_DELAY] = 1 * HZ, 142 [NEIGH_VAR_PROXY_DELAY] = (8 * HZ) / 10, 143 }, 144 }, 145 .gc_interval = 30 * HZ, 146 .gc_thresh1 = 128, 147 .gc_thresh2 = 512, 148 .gc_thresh3 = 1024, 149 }; 150 151 static void ndisc_fill_addr_option(struct sk_buff *skb, int type, void *data) 152 { 153 int pad = ndisc_addr_option_pad(skb->dev->type); 154 int data_len = skb->dev->addr_len; 155 int space = ndisc_opt_addr_space(skb->dev); 156 u8 *opt = skb_put(skb, space); 157 158 opt[0] = type; 159 opt[1] = space>>3; 160 161 memset(opt + 2, 0, pad); 162 opt += pad; 163 space -= pad; 164 165 memcpy(opt+2, data, data_len); 166 data_len += 2; 167 opt += data_len; 168 space -= data_len; 169 if (space > 0) 170 memset(opt, 0, space); 171 } 172 173 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur, 174 struct nd_opt_hdr *end) 175 { 176 int type; 177 if (!cur || !end || cur >= end) 178 return NULL; 179 type = cur->nd_opt_type; 180 do { 181 cur = ((void *)cur) + (cur->nd_opt_len << 3); 182 } while (cur < end && cur->nd_opt_type != type); 183 return cur <= end && cur->nd_opt_type == type ? cur : NULL; 184 } 185 186 static inline int ndisc_is_useropt(struct nd_opt_hdr *opt) 187 { 188 return opt->nd_opt_type == ND_OPT_RDNSS || 189 opt->nd_opt_type == ND_OPT_DNSSL; 190 } 191 192 static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur, 193 struct nd_opt_hdr *end) 194 { 195 if (!cur || !end || cur >= end) 196 return NULL; 197 do { 198 cur = ((void *)cur) + (cur->nd_opt_len << 3); 199 } while (cur < end && !ndisc_is_useropt(cur)); 200 return cur <= end && ndisc_is_useropt(cur) ? cur : NULL; 201 } 202 203 struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len, 204 struct ndisc_options *ndopts) 205 { 206 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt; 207 208 if (!nd_opt || opt_len < 0 || !ndopts) 209 return NULL; 210 memset(ndopts, 0, sizeof(*ndopts)); 211 while (opt_len) { 212 int l; 213 if (opt_len < sizeof(struct nd_opt_hdr)) 214 return NULL; 215 l = nd_opt->nd_opt_len << 3; 216 if (opt_len < l || l == 0) 217 return NULL; 218 switch (nd_opt->nd_opt_type) { 219 case ND_OPT_SOURCE_LL_ADDR: 220 case ND_OPT_TARGET_LL_ADDR: 221 case ND_OPT_MTU: 222 case ND_OPT_REDIRECT_HDR: 223 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) { 224 ND_PRINTK(2, warn, 225 "%s: duplicated ND6 option found: type=%d\n", 226 __func__, nd_opt->nd_opt_type); 227 } else { 228 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 229 } 230 break; 231 case ND_OPT_PREFIX_INFO: 232 ndopts->nd_opts_pi_end = nd_opt; 233 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type]) 234 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 235 break; 236 #ifdef CONFIG_IPV6_ROUTE_INFO 237 case ND_OPT_ROUTE_INFO: 238 ndopts->nd_opts_ri_end = nd_opt; 239 if (!ndopts->nd_opts_ri) 240 ndopts->nd_opts_ri = nd_opt; 241 break; 242 #endif 243 default: 244 if (ndisc_is_useropt(nd_opt)) { 245 ndopts->nd_useropts_end = nd_opt; 246 if (!ndopts->nd_useropts) 247 ndopts->nd_useropts = nd_opt; 248 } else { 249 /* 250 * Unknown options must be silently ignored, 251 * to accommodate future extension to the 252 * protocol. 253 */ 254 ND_PRINTK(2, notice, 255 "%s: ignored unsupported option; type=%d, len=%d\n", 256 __func__, 257 nd_opt->nd_opt_type, 258 nd_opt->nd_opt_len); 259 } 260 } 261 opt_len -= l; 262 nd_opt = ((void *)nd_opt) + l; 263 } 264 return ndopts; 265 } 266 267 int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir) 268 { 269 switch (dev->type) { 270 case ARPHRD_ETHER: 271 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */ 272 case ARPHRD_FDDI: 273 ipv6_eth_mc_map(addr, buf); 274 return 0; 275 case ARPHRD_ARCNET: 276 ipv6_arcnet_mc_map(addr, buf); 277 return 0; 278 case ARPHRD_INFINIBAND: 279 ipv6_ib_mc_map(addr, dev->broadcast, buf); 280 return 0; 281 case ARPHRD_IPGRE: 282 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf); 283 default: 284 if (dir) { 285 memcpy(buf, dev->broadcast, dev->addr_len); 286 return 0; 287 } 288 } 289 return -EINVAL; 290 } 291 EXPORT_SYMBOL(ndisc_mc_map); 292 293 static u32 ndisc_hash(const void *pkey, 294 const struct net_device *dev, 295 __u32 *hash_rnd) 296 { 297 return ndisc_hashfn(pkey, dev, hash_rnd); 298 } 299 300 static bool ndisc_key_eq(const struct neighbour *n, const void *pkey) 301 { 302 return neigh_key_eq128(n, pkey); 303 } 304 305 static int ndisc_constructor(struct neighbour *neigh) 306 { 307 struct in6_addr *addr = (struct in6_addr *)&neigh->primary_key; 308 struct net_device *dev = neigh->dev; 309 struct inet6_dev *in6_dev; 310 struct neigh_parms *parms; 311 bool is_multicast = ipv6_addr_is_multicast(addr); 312 313 in6_dev = in6_dev_get(dev); 314 if (!in6_dev) { 315 return -EINVAL; 316 } 317 318 parms = in6_dev->nd_parms; 319 __neigh_parms_put(neigh->parms); 320 neigh->parms = neigh_parms_clone(parms); 321 322 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST; 323 if (!dev->header_ops) { 324 neigh->nud_state = NUD_NOARP; 325 neigh->ops = &ndisc_direct_ops; 326 neigh->output = neigh_direct_output; 327 } else { 328 if (is_multicast) { 329 neigh->nud_state = NUD_NOARP; 330 ndisc_mc_map(addr, neigh->ha, dev, 1); 331 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) { 332 neigh->nud_state = NUD_NOARP; 333 memcpy(neigh->ha, dev->dev_addr, dev->addr_len); 334 if (dev->flags&IFF_LOOPBACK) 335 neigh->type = RTN_LOCAL; 336 } else if (dev->flags&IFF_POINTOPOINT) { 337 neigh->nud_state = NUD_NOARP; 338 memcpy(neigh->ha, dev->broadcast, dev->addr_len); 339 } 340 if (dev->header_ops->cache) 341 neigh->ops = &ndisc_hh_ops; 342 else 343 neigh->ops = &ndisc_generic_ops; 344 if (neigh->nud_state&NUD_VALID) 345 neigh->output = neigh->ops->connected_output; 346 else 347 neigh->output = neigh->ops->output; 348 } 349 in6_dev_put(in6_dev); 350 return 0; 351 } 352 353 static int pndisc_constructor(struct pneigh_entry *n) 354 { 355 struct in6_addr *addr = (struct in6_addr *)&n->key; 356 struct in6_addr maddr; 357 struct net_device *dev = n->dev; 358 359 if (!dev || !__in6_dev_get(dev)) 360 return -EINVAL; 361 addrconf_addr_solict_mult(addr, &maddr); 362 ipv6_dev_mc_inc(dev, &maddr); 363 return 0; 364 } 365 366 static void pndisc_destructor(struct pneigh_entry *n) 367 { 368 struct in6_addr *addr = (struct in6_addr *)&n->key; 369 struct in6_addr maddr; 370 struct net_device *dev = n->dev; 371 372 if (!dev || !__in6_dev_get(dev)) 373 return; 374 addrconf_addr_solict_mult(addr, &maddr); 375 ipv6_dev_mc_dec(dev, &maddr); 376 } 377 378 static struct sk_buff *ndisc_alloc_skb(struct net_device *dev, 379 int len) 380 { 381 int hlen = LL_RESERVED_SPACE(dev); 382 int tlen = dev->needed_tailroom; 383 struct sock *sk = dev_net(dev)->ipv6.ndisc_sk; 384 struct sk_buff *skb; 385 386 skb = alloc_skb(hlen + sizeof(struct ipv6hdr) + len + tlen, GFP_ATOMIC); 387 if (!skb) { 388 ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb\n", 389 __func__); 390 return NULL; 391 } 392 393 skb->protocol = htons(ETH_P_IPV6); 394 skb->dev = dev; 395 396 skb_reserve(skb, hlen + sizeof(struct ipv6hdr)); 397 skb_reset_transport_header(skb); 398 399 /* Manually assign socket ownership as we avoid calling 400 * sock_alloc_send_pskb() to bypass wmem buffer limits 401 */ 402 skb_set_owner_w(skb, sk); 403 404 return skb; 405 } 406 407 static void ip6_nd_hdr(struct sk_buff *skb, 408 const struct in6_addr *saddr, 409 const struct in6_addr *daddr, 410 int hop_limit, int len) 411 { 412 struct ipv6hdr *hdr; 413 414 skb_push(skb, sizeof(*hdr)); 415 skb_reset_network_header(skb); 416 hdr = ipv6_hdr(skb); 417 418 ip6_flow_hdr(hdr, 0, 0); 419 420 hdr->payload_len = htons(len); 421 hdr->nexthdr = IPPROTO_ICMPV6; 422 hdr->hop_limit = hop_limit; 423 424 hdr->saddr = *saddr; 425 hdr->daddr = *daddr; 426 } 427 428 static void ndisc_send_skb(struct sk_buff *skb, 429 const struct in6_addr *daddr, 430 const struct in6_addr *saddr) 431 { 432 struct dst_entry *dst = skb_dst(skb); 433 struct net *net = dev_net(skb->dev); 434 struct sock *sk = net->ipv6.ndisc_sk; 435 struct inet6_dev *idev; 436 int err; 437 struct icmp6hdr *icmp6h = icmp6_hdr(skb); 438 u8 type; 439 440 type = icmp6h->icmp6_type; 441 442 if (!dst) { 443 struct flowi6 fl6; 444 445 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, skb->dev->ifindex); 446 dst = icmp6_dst_alloc(skb->dev, &fl6); 447 if (IS_ERR(dst)) { 448 kfree_skb(skb); 449 return; 450 } 451 452 skb_dst_set(skb, dst); 453 } 454 455 icmp6h->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len, 456 IPPROTO_ICMPV6, 457 csum_partial(icmp6h, 458 skb->len, 0)); 459 460 ip6_nd_hdr(skb, saddr, daddr, inet6_sk(sk)->hop_limit, skb->len); 461 462 rcu_read_lock(); 463 idev = __in6_dev_get(dst->dev); 464 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len); 465 466 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, sk, skb, 467 NULL, dst->dev, 468 dst_output_sk); 469 if (!err) { 470 ICMP6MSGOUT_INC_STATS(net, idev, type); 471 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS); 472 } 473 474 rcu_read_unlock(); 475 } 476 477 void ndisc_send_na(struct net_device *dev, struct neighbour *neigh, 478 const struct in6_addr *daddr, 479 const struct in6_addr *solicited_addr, 480 bool router, bool solicited, bool override, bool inc_opt) 481 { 482 struct sk_buff *skb; 483 struct in6_addr tmpaddr; 484 struct inet6_ifaddr *ifp; 485 const struct in6_addr *src_addr; 486 struct nd_msg *msg; 487 int optlen = 0; 488 489 /* for anycast or proxy, solicited_addr != src_addr */ 490 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1); 491 if (ifp) { 492 src_addr = solicited_addr; 493 if (ifp->flags & IFA_F_OPTIMISTIC) 494 override = false; 495 inc_opt |= ifp->idev->cnf.force_tllao; 496 in6_ifa_put(ifp); 497 } else { 498 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr, 499 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs, 500 &tmpaddr)) 501 return; 502 src_addr = &tmpaddr; 503 } 504 505 if (!dev->addr_len) 506 inc_opt = 0; 507 if (inc_opt) 508 optlen += ndisc_opt_addr_space(dev); 509 510 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen); 511 if (!skb) 512 return; 513 514 msg = (struct nd_msg *)skb_put(skb, sizeof(*msg)); 515 *msg = (struct nd_msg) { 516 .icmph = { 517 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT, 518 .icmp6_router = router, 519 .icmp6_solicited = solicited, 520 .icmp6_override = override, 521 }, 522 .target = *solicited_addr, 523 }; 524 525 if (inc_opt) 526 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR, 527 dev->dev_addr); 528 529 530 ndisc_send_skb(skb, daddr, src_addr); 531 } 532 533 static void ndisc_send_unsol_na(struct net_device *dev) 534 { 535 struct inet6_dev *idev; 536 struct inet6_ifaddr *ifa; 537 538 idev = in6_dev_get(dev); 539 if (!idev) 540 return; 541 542 read_lock_bh(&idev->lock); 543 list_for_each_entry(ifa, &idev->addr_list, if_list) { 544 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &ifa->addr, 545 /*router=*/ !!idev->cnf.forwarding, 546 /*solicited=*/ false, /*override=*/ true, 547 /*inc_opt=*/ true); 548 } 549 read_unlock_bh(&idev->lock); 550 551 in6_dev_put(idev); 552 } 553 554 void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh, 555 const struct in6_addr *solicit, 556 const struct in6_addr *daddr, const struct in6_addr *saddr) 557 { 558 struct sk_buff *skb; 559 struct in6_addr addr_buf; 560 int inc_opt = dev->addr_len; 561 int optlen = 0; 562 struct nd_msg *msg; 563 564 if (!saddr) { 565 if (ipv6_get_lladdr(dev, &addr_buf, 566 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))) 567 return; 568 saddr = &addr_buf; 569 } 570 571 if (ipv6_addr_any(saddr)) 572 inc_opt = false; 573 if (inc_opt) 574 optlen += ndisc_opt_addr_space(dev); 575 576 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen); 577 if (!skb) 578 return; 579 580 msg = (struct nd_msg *)skb_put(skb, sizeof(*msg)); 581 *msg = (struct nd_msg) { 582 .icmph = { 583 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION, 584 }, 585 .target = *solicit, 586 }; 587 588 if (inc_opt) 589 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR, 590 dev->dev_addr); 591 592 ndisc_send_skb(skb, daddr, saddr); 593 } 594 595 void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr, 596 const struct in6_addr *daddr) 597 { 598 struct sk_buff *skb; 599 struct rs_msg *msg; 600 int send_sllao = dev->addr_len; 601 int optlen = 0; 602 603 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD 604 /* 605 * According to section 2.2 of RFC 4429, we must not 606 * send router solicitations with a sllao from 607 * optimistic addresses, but we may send the solicitation 608 * if we don't include the sllao. So here we check 609 * if our address is optimistic, and if so, we 610 * suppress the inclusion of the sllao. 611 */ 612 if (send_sllao) { 613 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr, 614 dev, 1); 615 if (ifp) { 616 if (ifp->flags & IFA_F_OPTIMISTIC) { 617 send_sllao = 0; 618 } 619 in6_ifa_put(ifp); 620 } else { 621 send_sllao = 0; 622 } 623 } 624 #endif 625 if (send_sllao) 626 optlen += ndisc_opt_addr_space(dev); 627 628 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen); 629 if (!skb) 630 return; 631 632 msg = (struct rs_msg *)skb_put(skb, sizeof(*msg)); 633 *msg = (struct rs_msg) { 634 .icmph = { 635 .icmp6_type = NDISC_ROUTER_SOLICITATION, 636 }, 637 }; 638 639 if (send_sllao) 640 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR, 641 dev->dev_addr); 642 643 ndisc_send_skb(skb, daddr, saddr); 644 } 645 646 647 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb) 648 { 649 /* 650 * "The sender MUST return an ICMP 651 * destination unreachable" 652 */ 653 dst_link_failure(skb); 654 kfree_skb(skb); 655 } 656 657 /* Called with locked neigh: either read or both */ 658 659 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb) 660 { 661 struct in6_addr *saddr = NULL; 662 struct in6_addr mcaddr; 663 struct net_device *dev = neigh->dev; 664 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key; 665 int probes = atomic_read(&neigh->probes); 666 667 if (skb && ipv6_chk_addr_and_flags(dev_net(dev), &ipv6_hdr(skb)->saddr, 668 dev, 1, 669 IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) 670 saddr = &ipv6_hdr(skb)->saddr; 671 probes -= NEIGH_VAR(neigh->parms, UCAST_PROBES); 672 if (probes < 0) { 673 if (!(neigh->nud_state & NUD_VALID)) { 674 ND_PRINTK(1, dbg, 675 "%s: trying to ucast probe in NUD_INVALID: %pI6\n", 676 __func__, target); 677 } 678 ndisc_send_ns(dev, neigh, target, target, saddr); 679 } else if ((probes -= NEIGH_VAR(neigh->parms, APP_PROBES)) < 0) { 680 neigh_app_ns(neigh); 681 } else { 682 addrconf_addr_solict_mult(target, &mcaddr); 683 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr); 684 } 685 } 686 687 static int pndisc_is_router(const void *pkey, 688 struct net_device *dev) 689 { 690 struct pneigh_entry *n; 691 int ret = -1; 692 693 read_lock_bh(&nd_tbl.lock); 694 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev); 695 if (n) 696 ret = !!(n->flags & NTF_ROUTER); 697 read_unlock_bh(&nd_tbl.lock); 698 699 return ret; 700 } 701 702 static void ndisc_recv_ns(struct sk_buff *skb) 703 { 704 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb); 705 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 706 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr; 707 u8 *lladdr = NULL; 708 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) + 709 offsetof(struct nd_msg, opt)); 710 struct ndisc_options ndopts; 711 struct net_device *dev = skb->dev; 712 struct inet6_ifaddr *ifp; 713 struct inet6_dev *idev = NULL; 714 struct neighbour *neigh; 715 int dad = ipv6_addr_any(saddr); 716 bool inc; 717 int is_router = -1; 718 719 if (skb->len < sizeof(struct nd_msg)) { 720 ND_PRINTK(2, warn, "NS: packet too short\n"); 721 return; 722 } 723 724 if (ipv6_addr_is_multicast(&msg->target)) { 725 ND_PRINTK(2, warn, "NS: multicast target address\n"); 726 return; 727 } 728 729 /* 730 * RFC2461 7.1.1: 731 * DAD has to be destined for solicited node multicast address. 732 */ 733 if (dad && !ipv6_addr_is_solict_mult(daddr)) { 734 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n"); 735 return; 736 } 737 738 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) { 739 ND_PRINTK(2, warn, "NS: invalid ND options\n"); 740 return; 741 } 742 743 if (ndopts.nd_opts_src_lladdr) { 744 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev); 745 if (!lladdr) { 746 ND_PRINTK(2, warn, 747 "NS: invalid link-layer address length\n"); 748 return; 749 } 750 751 /* RFC2461 7.1.1: 752 * If the IP source address is the unspecified address, 753 * there MUST NOT be source link-layer address option 754 * in the message. 755 */ 756 if (dad) { 757 ND_PRINTK(2, warn, 758 "NS: bad DAD packet (link-layer address option)\n"); 759 return; 760 } 761 } 762 763 inc = ipv6_addr_is_multicast(daddr); 764 765 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1); 766 if (ifp) { 767 768 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) { 769 if (dad) { 770 /* 771 * We are colliding with another node 772 * who is doing DAD 773 * so fail our DAD process 774 */ 775 addrconf_dad_failure(ifp); 776 return; 777 } else { 778 /* 779 * This is not a dad solicitation. 780 * If we are an optimistic node, 781 * we should respond. 782 * Otherwise, we should ignore it. 783 */ 784 if (!(ifp->flags & IFA_F_OPTIMISTIC)) 785 goto out; 786 } 787 } 788 789 idev = ifp->idev; 790 } else { 791 struct net *net = dev_net(dev); 792 793 idev = in6_dev_get(dev); 794 if (!idev) { 795 /* XXX: count this drop? */ 796 return; 797 } 798 799 if (ipv6_chk_acast_addr(net, dev, &msg->target) || 800 (idev->cnf.forwarding && 801 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) && 802 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) { 803 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) && 804 skb->pkt_type != PACKET_HOST && 805 inc && 806 NEIGH_VAR(idev->nd_parms, PROXY_DELAY) != 0) { 807 /* 808 * for anycast or proxy, 809 * sender should delay its response 810 * by a random time between 0 and 811 * MAX_ANYCAST_DELAY_TIME seconds. 812 * (RFC2461) -- yoshfuji 813 */ 814 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC); 815 if (n) 816 pneigh_enqueue(&nd_tbl, idev->nd_parms, n); 817 goto out; 818 } 819 } else 820 goto out; 821 } 822 823 if (is_router < 0) 824 is_router = idev->cnf.forwarding; 825 826 if (dad) { 827 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &msg->target, 828 !!is_router, false, (ifp != NULL), true); 829 goto out; 830 } 831 832 if (inc) 833 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast); 834 else 835 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast); 836 837 /* 838 * update / create cache entry 839 * for the source address 840 */ 841 neigh = __neigh_lookup(&nd_tbl, saddr, dev, 842 !inc || lladdr || !dev->addr_len); 843 if (neigh) 844 neigh_update(neigh, lladdr, NUD_STALE, 845 NEIGH_UPDATE_F_WEAK_OVERRIDE| 846 NEIGH_UPDATE_F_OVERRIDE); 847 if (neigh || !dev->header_ops) { 848 ndisc_send_na(dev, neigh, saddr, &msg->target, 849 !!is_router, 850 true, (ifp != NULL && inc), inc); 851 if (neigh) 852 neigh_release(neigh); 853 } 854 855 out: 856 if (ifp) 857 in6_ifa_put(ifp); 858 else 859 in6_dev_put(idev); 860 } 861 862 static void ndisc_recv_na(struct sk_buff *skb) 863 { 864 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb); 865 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 866 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr; 867 u8 *lladdr = NULL; 868 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) + 869 offsetof(struct nd_msg, opt)); 870 struct ndisc_options ndopts; 871 struct net_device *dev = skb->dev; 872 struct inet6_ifaddr *ifp; 873 struct neighbour *neigh; 874 875 if (skb->len < sizeof(struct nd_msg)) { 876 ND_PRINTK(2, warn, "NA: packet too short\n"); 877 return; 878 } 879 880 if (ipv6_addr_is_multicast(&msg->target)) { 881 ND_PRINTK(2, warn, "NA: target address is multicast\n"); 882 return; 883 } 884 885 if (ipv6_addr_is_multicast(daddr) && 886 msg->icmph.icmp6_solicited) { 887 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n"); 888 return; 889 } 890 891 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) { 892 ND_PRINTK(2, warn, "NS: invalid ND option\n"); 893 return; 894 } 895 if (ndopts.nd_opts_tgt_lladdr) { 896 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev); 897 if (!lladdr) { 898 ND_PRINTK(2, warn, 899 "NA: invalid link-layer address length\n"); 900 return; 901 } 902 } 903 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1); 904 if (ifp) { 905 if (skb->pkt_type != PACKET_LOOPBACK 906 && (ifp->flags & IFA_F_TENTATIVE)) { 907 addrconf_dad_failure(ifp); 908 return; 909 } 910 /* What should we make now? The advertisement 911 is invalid, but ndisc specs say nothing 912 about it. It could be misconfiguration, or 913 an smart proxy agent tries to help us :-) 914 915 We should not print the error if NA has been 916 received from loopback - it is just our own 917 unsolicited advertisement. 918 */ 919 if (skb->pkt_type != PACKET_LOOPBACK) 920 ND_PRINTK(1, warn, 921 "NA: someone advertises our address %pI6 on %s!\n", 922 &ifp->addr, ifp->idev->dev->name); 923 in6_ifa_put(ifp); 924 return; 925 } 926 neigh = neigh_lookup(&nd_tbl, &msg->target, dev); 927 928 if (neigh) { 929 u8 old_flags = neigh->flags; 930 struct net *net = dev_net(dev); 931 932 if (neigh->nud_state & NUD_FAILED) 933 goto out; 934 935 /* 936 * Don't update the neighbor cache entry on a proxy NA from 937 * ourselves because either the proxied node is off link or it 938 * has already sent a NA to us. 939 */ 940 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) && 941 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp && 942 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) { 943 /* XXX: idev->cnf.proxy_ndp */ 944 goto out; 945 } 946 947 neigh_update(neigh, lladdr, 948 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE, 949 NEIGH_UPDATE_F_WEAK_OVERRIDE| 950 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)| 951 NEIGH_UPDATE_F_OVERRIDE_ISROUTER| 952 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0)); 953 954 if ((old_flags & ~neigh->flags) & NTF_ROUTER) { 955 /* 956 * Change: router to host 957 */ 958 rt6_clean_tohost(dev_net(dev), saddr); 959 } 960 961 out: 962 neigh_release(neigh); 963 } 964 } 965 966 static void ndisc_recv_rs(struct sk_buff *skb) 967 { 968 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb); 969 unsigned long ndoptlen = skb->len - sizeof(*rs_msg); 970 struct neighbour *neigh; 971 struct inet6_dev *idev; 972 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 973 struct ndisc_options ndopts; 974 u8 *lladdr = NULL; 975 976 if (skb->len < sizeof(*rs_msg)) 977 return; 978 979 idev = __in6_dev_get(skb->dev); 980 if (!idev) { 981 ND_PRINTK(1, err, "RS: can't find in6 device\n"); 982 return; 983 } 984 985 /* Don't accept RS if we're not in router mode */ 986 if (!idev->cnf.forwarding) 987 goto out; 988 989 /* 990 * Don't update NCE if src = ::; 991 * this implies that the source node has no ip address assigned yet. 992 */ 993 if (ipv6_addr_any(saddr)) 994 goto out; 995 996 /* Parse ND options */ 997 if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) { 998 ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n"); 999 goto out; 1000 } 1001 1002 if (ndopts.nd_opts_src_lladdr) { 1003 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, 1004 skb->dev); 1005 if (!lladdr) 1006 goto out; 1007 } 1008 1009 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1); 1010 if (neigh) { 1011 neigh_update(neigh, lladdr, NUD_STALE, 1012 NEIGH_UPDATE_F_WEAK_OVERRIDE| 1013 NEIGH_UPDATE_F_OVERRIDE| 1014 NEIGH_UPDATE_F_OVERRIDE_ISROUTER); 1015 neigh_release(neigh); 1016 } 1017 out: 1018 return; 1019 } 1020 1021 static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt) 1022 { 1023 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra); 1024 struct sk_buff *skb; 1025 struct nlmsghdr *nlh; 1026 struct nduseroptmsg *ndmsg; 1027 struct net *net = dev_net(ra->dev); 1028 int err; 1029 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg) 1030 + (opt->nd_opt_len << 3)); 1031 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr)); 1032 1033 skb = nlmsg_new(msg_size, GFP_ATOMIC); 1034 if (!skb) { 1035 err = -ENOBUFS; 1036 goto errout; 1037 } 1038 1039 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0); 1040 if (!nlh) { 1041 goto nla_put_failure; 1042 } 1043 1044 ndmsg = nlmsg_data(nlh); 1045 ndmsg->nduseropt_family = AF_INET6; 1046 ndmsg->nduseropt_ifindex = ra->dev->ifindex; 1047 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type; 1048 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code; 1049 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3; 1050 1051 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3); 1052 1053 if (nla_put_in6_addr(skb, NDUSEROPT_SRCADDR, &ipv6_hdr(ra)->saddr)) 1054 goto nla_put_failure; 1055 nlmsg_end(skb, nlh); 1056 1057 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC); 1058 return; 1059 1060 nla_put_failure: 1061 nlmsg_free(skb); 1062 err = -EMSGSIZE; 1063 errout: 1064 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err); 1065 } 1066 1067 static void ndisc_router_discovery(struct sk_buff *skb) 1068 { 1069 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb); 1070 struct neighbour *neigh = NULL; 1071 struct inet6_dev *in6_dev; 1072 struct rt6_info *rt = NULL; 1073 int lifetime; 1074 struct ndisc_options ndopts; 1075 int optlen; 1076 unsigned int pref = 0; 1077 1078 __u8 *opt = (__u8 *)(ra_msg + 1); 1079 1080 optlen = (skb_tail_pointer(skb) - skb_transport_header(skb)) - 1081 sizeof(struct ra_msg); 1082 1083 ND_PRINTK(2, info, 1084 "RA: %s, dev: %s\n", 1085 __func__, skb->dev->name); 1086 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) { 1087 ND_PRINTK(2, warn, "RA: source address is not link-local\n"); 1088 return; 1089 } 1090 if (optlen < 0) { 1091 ND_PRINTK(2, warn, "RA: packet too short\n"); 1092 return; 1093 } 1094 1095 #ifdef CONFIG_IPV6_NDISC_NODETYPE 1096 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) { 1097 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n"); 1098 return; 1099 } 1100 #endif 1101 1102 /* 1103 * set the RA_RECV flag in the interface 1104 */ 1105 1106 in6_dev = __in6_dev_get(skb->dev); 1107 if (!in6_dev) { 1108 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n", 1109 skb->dev->name); 1110 return; 1111 } 1112 1113 if (!ndisc_parse_options(opt, optlen, &ndopts)) { 1114 ND_PRINTK(2, warn, "RA: invalid ND options\n"); 1115 return; 1116 } 1117 1118 if (!ipv6_accept_ra(in6_dev)) { 1119 ND_PRINTK(2, info, 1120 "RA: %s, did not accept ra for dev: %s\n", 1121 __func__, skb->dev->name); 1122 goto skip_linkparms; 1123 } 1124 1125 #ifdef CONFIG_IPV6_NDISC_NODETYPE 1126 /* skip link-specific parameters from interior routers */ 1127 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) { 1128 ND_PRINTK(2, info, 1129 "RA: %s, nodetype is NODEFAULT, dev: %s\n", 1130 __func__, skb->dev->name); 1131 goto skip_linkparms; 1132 } 1133 #endif 1134 1135 if (in6_dev->if_flags & IF_RS_SENT) { 1136 /* 1137 * flag that an RA was received after an RS was sent 1138 * out on this interface. 1139 */ 1140 in6_dev->if_flags |= IF_RA_RCVD; 1141 } 1142 1143 /* 1144 * Remember the managed/otherconf flags from most recently 1145 * received RA message (RFC 2462) -- yoshfuji 1146 */ 1147 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED | 1148 IF_RA_OTHERCONF)) | 1149 (ra_msg->icmph.icmp6_addrconf_managed ? 1150 IF_RA_MANAGED : 0) | 1151 (ra_msg->icmph.icmp6_addrconf_other ? 1152 IF_RA_OTHERCONF : 0); 1153 1154 if (!in6_dev->cnf.accept_ra_defrtr) { 1155 ND_PRINTK(2, info, 1156 "RA: %s, defrtr is false for dev: %s\n", 1157 __func__, skb->dev->name); 1158 goto skip_defrtr; 1159 } 1160 1161 /* Do not accept RA with source-addr found on local machine unless 1162 * accept_ra_from_local is set to true. 1163 */ 1164 if (!in6_dev->cnf.accept_ra_from_local && 1165 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, 1166 NULL, 0)) { 1167 ND_PRINTK(2, info, 1168 "RA from local address detected on dev: %s: default router ignored\n", 1169 skb->dev->name); 1170 goto skip_defrtr; 1171 } 1172 1173 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime); 1174 1175 #ifdef CONFIG_IPV6_ROUTER_PREF 1176 pref = ra_msg->icmph.icmp6_router_pref; 1177 /* 10b is handled as if it were 00b (medium) */ 1178 if (pref == ICMPV6_ROUTER_PREF_INVALID || 1179 !in6_dev->cnf.accept_ra_rtr_pref) 1180 pref = ICMPV6_ROUTER_PREF_MEDIUM; 1181 #endif 1182 1183 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev); 1184 1185 if (rt) { 1186 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr); 1187 if (!neigh) { 1188 ND_PRINTK(0, err, 1189 "RA: %s got default router without neighbour\n", 1190 __func__); 1191 ip6_rt_put(rt); 1192 return; 1193 } 1194 } 1195 if (rt && lifetime == 0) { 1196 ip6_del_rt(rt); 1197 rt = NULL; 1198 } 1199 1200 ND_PRINTK(3, info, "RA: rt: %p lifetime: %d, for dev: %s\n", 1201 rt, lifetime, skb->dev->name); 1202 if (!rt && lifetime) { 1203 ND_PRINTK(3, info, "RA: adding default router\n"); 1204 1205 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref); 1206 if (!rt) { 1207 ND_PRINTK(0, err, 1208 "RA: %s failed to add default route\n", 1209 __func__); 1210 return; 1211 } 1212 1213 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr); 1214 if (!neigh) { 1215 ND_PRINTK(0, err, 1216 "RA: %s got default router without neighbour\n", 1217 __func__); 1218 ip6_rt_put(rt); 1219 return; 1220 } 1221 neigh->flags |= NTF_ROUTER; 1222 } else if (rt) { 1223 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref); 1224 } 1225 1226 if (rt) 1227 rt6_set_expires(rt, jiffies + (HZ * lifetime)); 1228 if (ra_msg->icmph.icmp6_hop_limit) { 1229 /* Only set hop_limit on the interface if it is higher than 1230 * the current hop_limit. 1231 */ 1232 if (in6_dev->cnf.hop_limit < ra_msg->icmph.icmp6_hop_limit) { 1233 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit; 1234 } else { 1235 ND_PRINTK(2, warn, "RA: Got route advertisement with lower hop_limit than current\n"); 1236 } 1237 if (rt) 1238 dst_metric_set(&rt->dst, RTAX_HOPLIMIT, 1239 ra_msg->icmph.icmp6_hop_limit); 1240 } 1241 1242 skip_defrtr: 1243 1244 /* 1245 * Update Reachable Time and Retrans Timer 1246 */ 1247 1248 if (in6_dev->nd_parms) { 1249 unsigned long rtime = ntohl(ra_msg->retrans_timer); 1250 1251 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) { 1252 rtime = (rtime*HZ)/1000; 1253 if (rtime < HZ/10) 1254 rtime = HZ/10; 1255 NEIGH_VAR_SET(in6_dev->nd_parms, RETRANS_TIME, rtime); 1256 in6_dev->tstamp = jiffies; 1257 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev); 1258 } 1259 1260 rtime = ntohl(ra_msg->reachable_time); 1261 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) { 1262 rtime = (rtime*HZ)/1000; 1263 1264 if (rtime < HZ/10) 1265 rtime = HZ/10; 1266 1267 if (rtime != NEIGH_VAR(in6_dev->nd_parms, BASE_REACHABLE_TIME)) { 1268 NEIGH_VAR_SET(in6_dev->nd_parms, 1269 BASE_REACHABLE_TIME, rtime); 1270 NEIGH_VAR_SET(in6_dev->nd_parms, 1271 GC_STALETIME, 3 * rtime); 1272 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime); 1273 in6_dev->tstamp = jiffies; 1274 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev); 1275 } 1276 } 1277 } 1278 1279 skip_linkparms: 1280 1281 /* 1282 * Process options. 1283 */ 1284 1285 if (!neigh) 1286 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr, 1287 skb->dev, 1); 1288 if (neigh) { 1289 u8 *lladdr = NULL; 1290 if (ndopts.nd_opts_src_lladdr) { 1291 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, 1292 skb->dev); 1293 if (!lladdr) { 1294 ND_PRINTK(2, warn, 1295 "RA: invalid link-layer address length\n"); 1296 goto out; 1297 } 1298 } 1299 neigh_update(neigh, lladdr, NUD_STALE, 1300 NEIGH_UPDATE_F_WEAK_OVERRIDE| 1301 NEIGH_UPDATE_F_OVERRIDE| 1302 NEIGH_UPDATE_F_OVERRIDE_ISROUTER| 1303 NEIGH_UPDATE_F_ISROUTER); 1304 } 1305 1306 if (!ipv6_accept_ra(in6_dev)) { 1307 ND_PRINTK(2, info, 1308 "RA: %s, accept_ra is false for dev: %s\n", 1309 __func__, skb->dev->name); 1310 goto out; 1311 } 1312 1313 #ifdef CONFIG_IPV6_ROUTE_INFO 1314 if (!in6_dev->cnf.accept_ra_from_local && 1315 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, 1316 NULL, 0)) { 1317 ND_PRINTK(2, info, 1318 "RA from local address detected on dev: %s: router info ignored.\n", 1319 skb->dev->name); 1320 goto skip_routeinfo; 1321 } 1322 1323 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) { 1324 struct nd_opt_hdr *p; 1325 for (p = ndopts.nd_opts_ri; 1326 p; 1327 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) { 1328 struct route_info *ri = (struct route_info *)p; 1329 #ifdef CONFIG_IPV6_NDISC_NODETYPE 1330 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT && 1331 ri->prefix_len == 0) 1332 continue; 1333 #endif 1334 if (ri->prefix_len == 0 && 1335 !in6_dev->cnf.accept_ra_defrtr) 1336 continue; 1337 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen) 1338 continue; 1339 rt6_route_rcv(skb->dev, (u8 *)p, (p->nd_opt_len) << 3, 1340 &ipv6_hdr(skb)->saddr); 1341 } 1342 } 1343 1344 skip_routeinfo: 1345 #endif 1346 1347 #ifdef CONFIG_IPV6_NDISC_NODETYPE 1348 /* skip link-specific ndopts from interior routers */ 1349 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) { 1350 ND_PRINTK(2, info, 1351 "RA: %s, nodetype is NODEFAULT (interior routes), dev: %s\n", 1352 __func__, skb->dev->name); 1353 goto out; 1354 } 1355 #endif 1356 1357 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) { 1358 struct nd_opt_hdr *p; 1359 for (p = ndopts.nd_opts_pi; 1360 p; 1361 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) { 1362 addrconf_prefix_rcv(skb->dev, (u8 *)p, 1363 (p->nd_opt_len) << 3, 1364 ndopts.nd_opts_src_lladdr != NULL); 1365 } 1366 } 1367 1368 if (ndopts.nd_opts_mtu && in6_dev->cnf.accept_ra_mtu) { 1369 __be32 n; 1370 u32 mtu; 1371 1372 memcpy(&n, ((u8 *)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu)); 1373 mtu = ntohl(n); 1374 1375 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) { 1376 ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu); 1377 } else if (in6_dev->cnf.mtu6 != mtu) { 1378 in6_dev->cnf.mtu6 = mtu; 1379 1380 if (rt) 1381 dst_metric_set(&rt->dst, RTAX_MTU, mtu); 1382 1383 rt6_mtu_change(skb->dev, mtu); 1384 } 1385 } 1386 1387 if (ndopts.nd_useropts) { 1388 struct nd_opt_hdr *p; 1389 for (p = ndopts.nd_useropts; 1390 p; 1391 p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) { 1392 ndisc_ra_useropt(skb, p); 1393 } 1394 } 1395 1396 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) { 1397 ND_PRINTK(2, warn, "RA: invalid RA options\n"); 1398 } 1399 out: 1400 ip6_rt_put(rt); 1401 if (neigh) 1402 neigh_release(neigh); 1403 } 1404 1405 static void ndisc_redirect_rcv(struct sk_buff *skb) 1406 { 1407 u8 *hdr; 1408 struct ndisc_options ndopts; 1409 struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb); 1410 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) + 1411 offsetof(struct rd_msg, opt)); 1412 1413 #ifdef CONFIG_IPV6_NDISC_NODETYPE 1414 switch (skb->ndisc_nodetype) { 1415 case NDISC_NODETYPE_HOST: 1416 case NDISC_NODETYPE_NODEFAULT: 1417 ND_PRINTK(2, warn, 1418 "Redirect: from host or unauthorized router\n"); 1419 return; 1420 } 1421 #endif 1422 1423 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) { 1424 ND_PRINTK(2, warn, 1425 "Redirect: source address is not link-local\n"); 1426 return; 1427 } 1428 1429 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) 1430 return; 1431 1432 if (!ndopts.nd_opts_rh) { 1433 ip6_redirect_no_header(skb, dev_net(skb->dev), 1434 skb->dev->ifindex, 0); 1435 return; 1436 } 1437 1438 hdr = (u8 *)ndopts.nd_opts_rh; 1439 hdr += 8; 1440 if (!pskb_pull(skb, hdr - skb_transport_header(skb))) 1441 return; 1442 1443 icmpv6_notify(skb, NDISC_REDIRECT, 0, 0); 1444 } 1445 1446 static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb, 1447 struct sk_buff *orig_skb, 1448 int rd_len) 1449 { 1450 u8 *opt = skb_put(skb, rd_len); 1451 1452 memset(opt, 0, 8); 1453 *(opt++) = ND_OPT_REDIRECT_HDR; 1454 *(opt++) = (rd_len >> 3); 1455 opt += 6; 1456 1457 memcpy(opt, ipv6_hdr(orig_skb), rd_len - 8); 1458 } 1459 1460 void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target) 1461 { 1462 struct net_device *dev = skb->dev; 1463 struct net *net = dev_net(dev); 1464 struct sock *sk = net->ipv6.ndisc_sk; 1465 int optlen = 0; 1466 struct inet_peer *peer; 1467 struct sk_buff *buff; 1468 struct rd_msg *msg; 1469 struct in6_addr saddr_buf; 1470 struct rt6_info *rt; 1471 struct dst_entry *dst; 1472 struct flowi6 fl6; 1473 int rd_len; 1474 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL; 1475 bool ret; 1476 1477 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) { 1478 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n", 1479 dev->name); 1480 return; 1481 } 1482 1483 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) && 1484 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) { 1485 ND_PRINTK(2, warn, 1486 "Redirect: target address is not link-local unicast\n"); 1487 return; 1488 } 1489 1490 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT, 1491 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex); 1492 1493 dst = ip6_route_output(net, NULL, &fl6); 1494 if (dst->error) { 1495 dst_release(dst); 1496 return; 1497 } 1498 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0); 1499 if (IS_ERR(dst)) 1500 return; 1501 1502 rt = (struct rt6_info *) dst; 1503 1504 if (rt->rt6i_flags & RTF_GATEWAY) { 1505 ND_PRINTK(2, warn, 1506 "Redirect: destination is not a neighbour\n"); 1507 goto release; 1508 } 1509 peer = inet_getpeer_v6(net->ipv6.peers, &ipv6_hdr(skb)->saddr, 1); 1510 ret = inet_peer_xrlim_allow(peer, 1*HZ); 1511 if (peer) 1512 inet_putpeer(peer); 1513 if (!ret) 1514 goto release; 1515 1516 if (dev->addr_len) { 1517 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target); 1518 if (!neigh) { 1519 ND_PRINTK(2, warn, 1520 "Redirect: no neigh for target address\n"); 1521 goto release; 1522 } 1523 1524 read_lock_bh(&neigh->lock); 1525 if (neigh->nud_state & NUD_VALID) { 1526 memcpy(ha_buf, neigh->ha, dev->addr_len); 1527 read_unlock_bh(&neigh->lock); 1528 ha = ha_buf; 1529 optlen += ndisc_opt_addr_space(dev); 1530 } else 1531 read_unlock_bh(&neigh->lock); 1532 1533 neigh_release(neigh); 1534 } 1535 1536 rd_len = min_t(unsigned int, 1537 IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen, 1538 skb->len + 8); 1539 rd_len &= ~0x7; 1540 optlen += rd_len; 1541 1542 buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen); 1543 if (!buff) 1544 goto release; 1545 1546 msg = (struct rd_msg *)skb_put(buff, sizeof(*msg)); 1547 *msg = (struct rd_msg) { 1548 .icmph = { 1549 .icmp6_type = NDISC_REDIRECT, 1550 }, 1551 .target = *target, 1552 .dest = ipv6_hdr(skb)->daddr, 1553 }; 1554 1555 /* 1556 * include target_address option 1557 */ 1558 1559 if (ha) 1560 ndisc_fill_addr_option(buff, ND_OPT_TARGET_LL_ADDR, ha); 1561 1562 /* 1563 * build redirect option and copy skb over to the new packet. 1564 */ 1565 1566 if (rd_len) 1567 ndisc_fill_redirect_hdr_option(buff, skb, rd_len); 1568 1569 skb_dst_set(buff, dst); 1570 ndisc_send_skb(buff, &ipv6_hdr(skb)->saddr, &saddr_buf); 1571 return; 1572 1573 release: 1574 dst_release(dst); 1575 } 1576 1577 static void pndisc_redo(struct sk_buff *skb) 1578 { 1579 ndisc_recv_ns(skb); 1580 kfree_skb(skb); 1581 } 1582 1583 static bool ndisc_suppress_frag_ndisc(struct sk_buff *skb) 1584 { 1585 struct inet6_dev *idev = __in6_dev_get(skb->dev); 1586 1587 if (!idev) 1588 return true; 1589 if (IP6CB(skb)->flags & IP6SKB_FRAGMENTED && 1590 idev->cnf.suppress_frag_ndisc) { 1591 net_warn_ratelimited("Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.\n"); 1592 return true; 1593 } 1594 return false; 1595 } 1596 1597 int ndisc_rcv(struct sk_buff *skb) 1598 { 1599 struct nd_msg *msg; 1600 1601 if (ndisc_suppress_frag_ndisc(skb)) 1602 return 0; 1603 1604 if (skb_linearize(skb)) 1605 return 0; 1606 1607 msg = (struct nd_msg *)skb_transport_header(skb); 1608 1609 __skb_push(skb, skb->data - skb_transport_header(skb)); 1610 1611 if (ipv6_hdr(skb)->hop_limit != 255) { 1612 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n", 1613 ipv6_hdr(skb)->hop_limit); 1614 return 0; 1615 } 1616 1617 if (msg->icmph.icmp6_code != 0) { 1618 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n", 1619 msg->icmph.icmp6_code); 1620 return 0; 1621 } 1622 1623 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb)); 1624 1625 switch (msg->icmph.icmp6_type) { 1626 case NDISC_NEIGHBOUR_SOLICITATION: 1627 ndisc_recv_ns(skb); 1628 break; 1629 1630 case NDISC_NEIGHBOUR_ADVERTISEMENT: 1631 ndisc_recv_na(skb); 1632 break; 1633 1634 case NDISC_ROUTER_SOLICITATION: 1635 ndisc_recv_rs(skb); 1636 break; 1637 1638 case NDISC_ROUTER_ADVERTISEMENT: 1639 ndisc_router_discovery(skb); 1640 break; 1641 1642 case NDISC_REDIRECT: 1643 ndisc_redirect_rcv(skb); 1644 break; 1645 } 1646 1647 return 0; 1648 } 1649 1650 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr) 1651 { 1652 struct net_device *dev = netdev_notifier_info_to_dev(ptr); 1653 struct net *net = dev_net(dev); 1654 struct inet6_dev *idev; 1655 1656 switch (event) { 1657 case NETDEV_CHANGEADDR: 1658 neigh_changeaddr(&nd_tbl, dev); 1659 fib6_run_gc(0, net, false); 1660 idev = in6_dev_get(dev); 1661 if (!idev) 1662 break; 1663 if (idev->cnf.ndisc_notify) 1664 ndisc_send_unsol_na(dev); 1665 in6_dev_put(idev); 1666 break; 1667 case NETDEV_DOWN: 1668 neigh_ifdown(&nd_tbl, dev); 1669 fib6_run_gc(0, net, false); 1670 break; 1671 case NETDEV_NOTIFY_PEERS: 1672 ndisc_send_unsol_na(dev); 1673 break; 1674 default: 1675 break; 1676 } 1677 1678 return NOTIFY_DONE; 1679 } 1680 1681 static struct notifier_block ndisc_netdev_notifier = { 1682 .notifier_call = ndisc_netdev_event, 1683 }; 1684 1685 #ifdef CONFIG_SYSCTL 1686 static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl, 1687 const char *func, const char *dev_name) 1688 { 1689 static char warncomm[TASK_COMM_LEN]; 1690 static int warned; 1691 if (strcmp(warncomm, current->comm) && warned < 5) { 1692 strcpy(warncomm, current->comm); 1693 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n", 1694 warncomm, func, 1695 dev_name, ctl->procname, 1696 dev_name, ctl->procname); 1697 warned++; 1698 } 1699 } 1700 1701 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos) 1702 { 1703 struct net_device *dev = ctl->extra1; 1704 struct inet6_dev *idev; 1705 int ret; 1706 1707 if ((strcmp(ctl->procname, "retrans_time") == 0) || 1708 (strcmp(ctl->procname, "base_reachable_time") == 0)) 1709 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default"); 1710 1711 if (strcmp(ctl->procname, "retrans_time") == 0) 1712 ret = neigh_proc_dointvec(ctl, write, buffer, lenp, ppos); 1713 1714 else if (strcmp(ctl->procname, "base_reachable_time") == 0) 1715 ret = neigh_proc_dointvec_jiffies(ctl, write, 1716 buffer, lenp, ppos); 1717 1718 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) || 1719 (strcmp(ctl->procname, "base_reachable_time_ms") == 0)) 1720 ret = neigh_proc_dointvec_ms_jiffies(ctl, write, 1721 buffer, lenp, ppos); 1722 else 1723 ret = -1; 1724 1725 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) { 1726 if (ctl->data == &NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME)) 1727 idev->nd_parms->reachable_time = 1728 neigh_rand_reach_time(NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME)); 1729 idev->tstamp = jiffies; 1730 inet6_ifinfo_notify(RTM_NEWLINK, idev); 1731 in6_dev_put(idev); 1732 } 1733 return ret; 1734 } 1735 1736 1737 #endif 1738 1739 static int __net_init ndisc_net_init(struct net *net) 1740 { 1741 struct ipv6_pinfo *np; 1742 struct sock *sk; 1743 int err; 1744 1745 err = inet_ctl_sock_create(&sk, PF_INET6, 1746 SOCK_RAW, IPPROTO_ICMPV6, net); 1747 if (err < 0) { 1748 ND_PRINTK(0, err, 1749 "NDISC: Failed to initialize the control socket (err %d)\n", 1750 err); 1751 return err; 1752 } 1753 1754 net->ipv6.ndisc_sk = sk; 1755 1756 np = inet6_sk(sk); 1757 np->hop_limit = 255; 1758 /* Do not loopback ndisc messages */ 1759 np->mc_loop = 0; 1760 1761 return 0; 1762 } 1763 1764 static void __net_exit ndisc_net_exit(struct net *net) 1765 { 1766 inet_ctl_sock_destroy(net->ipv6.ndisc_sk); 1767 } 1768 1769 static struct pernet_operations ndisc_net_ops = { 1770 .init = ndisc_net_init, 1771 .exit = ndisc_net_exit, 1772 }; 1773 1774 int __init ndisc_init(void) 1775 { 1776 int err; 1777 1778 err = register_pernet_subsys(&ndisc_net_ops); 1779 if (err) 1780 return err; 1781 /* 1782 * Initialize the neighbour table 1783 */ 1784 neigh_table_init(NEIGH_ND_TABLE, &nd_tbl); 1785 1786 #ifdef CONFIG_SYSCTL 1787 err = neigh_sysctl_register(NULL, &nd_tbl.parms, 1788 ndisc_ifinfo_sysctl_change); 1789 if (err) 1790 goto out_unregister_pernet; 1791 out: 1792 #endif 1793 return err; 1794 1795 #ifdef CONFIG_SYSCTL 1796 out_unregister_pernet: 1797 unregister_pernet_subsys(&ndisc_net_ops); 1798 goto out; 1799 #endif 1800 } 1801 1802 int __init ndisc_late_init(void) 1803 { 1804 return register_netdevice_notifier(&ndisc_netdev_notifier); 1805 } 1806 1807 void ndisc_late_cleanup(void) 1808 { 1809 unregister_netdevice_notifier(&ndisc_netdev_notifier); 1810 } 1811 1812 void ndisc_cleanup(void) 1813 { 1814 #ifdef CONFIG_SYSCTL 1815 neigh_sysctl_unregister(&nd_tbl.parms); 1816 #endif 1817 neigh_table_clear(NEIGH_ND_TABLE, &nd_tbl); 1818 unregister_pernet_subsys(&ndisc_net_ops); 1819 } 1820