1 /* 2 * Neighbour Discovery for IPv6 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * Mike Shaver <shaver@ingenia.com> 8 * 9 * This program is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU General Public License 11 * as published by the Free Software Foundation; either version 12 * 2 of the License, or (at your option) any later version. 13 */ 14 15 /* 16 * Changes: 17 * 18 * Alexey I. Froloff : RFC6106 (DNSSL) support 19 * Pierre Ynard : export userland ND options 20 * through netlink (RDNSS support) 21 * Lars Fenneberg : fixed MTU setting on receipt 22 * of an RA. 23 * Janos Farkas : kmalloc failure checks 24 * Alexey Kuznetsov : state machine reworked 25 * and moved to net/core. 26 * Pekka Savola : RFC2461 validation 27 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly 28 */ 29 30 #define pr_fmt(fmt) "ICMPv6: " fmt 31 32 #include <linux/module.h> 33 #include <linux/errno.h> 34 #include <linux/types.h> 35 #include <linux/socket.h> 36 #include <linux/sockios.h> 37 #include <linux/sched.h> 38 #include <linux/net.h> 39 #include <linux/in6.h> 40 #include <linux/route.h> 41 #include <linux/init.h> 42 #include <linux/rcupdate.h> 43 #include <linux/slab.h> 44 #ifdef CONFIG_SYSCTL 45 #include <linux/sysctl.h> 46 #endif 47 48 #include <linux/if_addr.h> 49 #include <linux/if_arp.h> 50 #include <linux/ipv6.h> 51 #include <linux/icmpv6.h> 52 #include <linux/jhash.h> 53 54 #include <net/sock.h> 55 #include <net/snmp.h> 56 57 #include <net/ipv6.h> 58 #include <net/protocol.h> 59 #include <net/ndisc.h> 60 #include <net/ip6_route.h> 61 #include <net/addrconf.h> 62 #include <net/icmp.h> 63 64 #include <net/netlink.h> 65 #include <linux/rtnetlink.h> 66 67 #include <net/flow.h> 68 #include <net/ip6_checksum.h> 69 #include <net/inet_common.h> 70 #include <linux/proc_fs.h> 71 72 #include <linux/netfilter.h> 73 #include <linux/netfilter_ipv6.h> 74 75 /* Set to 3 to get tracing... */ 76 #define ND_DEBUG 1 77 78 #define ND_PRINTK(val, level, fmt, ...) \ 79 do { \ 80 if (val <= ND_DEBUG) \ 81 net_##level##_ratelimited(fmt, ##__VA_ARGS__); \ 82 } while (0) 83 84 static u32 ndisc_hash(const void *pkey, 85 const struct net_device *dev, 86 __u32 *hash_rnd); 87 static int ndisc_constructor(struct neighbour *neigh); 88 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb); 89 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb); 90 static int pndisc_constructor(struct pneigh_entry *n); 91 static void pndisc_destructor(struct pneigh_entry *n); 92 static void pndisc_redo(struct sk_buff *skb); 93 94 static const struct neigh_ops ndisc_generic_ops = { 95 .family = AF_INET6, 96 .solicit = ndisc_solicit, 97 .error_report = ndisc_error_report, 98 .output = neigh_resolve_output, 99 .connected_output = neigh_connected_output, 100 }; 101 102 static const struct neigh_ops ndisc_hh_ops = { 103 .family = AF_INET6, 104 .solicit = ndisc_solicit, 105 .error_report = ndisc_error_report, 106 .output = neigh_resolve_output, 107 .connected_output = neigh_resolve_output, 108 }; 109 110 111 static const struct neigh_ops ndisc_direct_ops = { 112 .family = AF_INET6, 113 .output = neigh_direct_output, 114 .connected_output = neigh_direct_output, 115 }; 116 117 struct neigh_table nd_tbl = { 118 .family = AF_INET6, 119 .key_len = sizeof(struct in6_addr), 120 .hash = ndisc_hash, 121 .constructor = ndisc_constructor, 122 .pconstructor = pndisc_constructor, 123 .pdestructor = pndisc_destructor, 124 .proxy_redo = pndisc_redo, 125 .id = "ndisc_cache", 126 .parms = { 127 .tbl = &nd_tbl, 128 .base_reachable_time = ND_REACHABLE_TIME, 129 .retrans_time = ND_RETRANS_TIMER, 130 .gc_staletime = 60 * HZ, 131 .reachable_time = ND_REACHABLE_TIME, 132 .delay_probe_time = 5 * HZ, 133 .queue_len_bytes = 64*1024, 134 .ucast_probes = 3, 135 .mcast_probes = 3, 136 .anycast_delay = 1 * HZ, 137 .proxy_delay = (8 * HZ) / 10, 138 .proxy_qlen = 64, 139 }, 140 .gc_interval = 30 * HZ, 141 .gc_thresh1 = 128, 142 .gc_thresh2 = 512, 143 .gc_thresh3 = 1024, 144 }; 145 146 static inline int ndisc_opt_addr_space(struct net_device *dev) 147 { 148 return NDISC_OPT_SPACE(dev->addr_len + ndisc_addr_option_pad(dev->type)); 149 } 150 151 static u8 *ndisc_fill_addr_option(u8 *opt, int type, void *data, int data_len, 152 unsigned short addr_type) 153 { 154 int space = NDISC_OPT_SPACE(data_len); 155 int pad = ndisc_addr_option_pad(addr_type); 156 157 opt[0] = type; 158 opt[1] = space>>3; 159 160 memset(opt + 2, 0, pad); 161 opt += pad; 162 space -= pad; 163 164 memcpy(opt+2, data, data_len); 165 data_len += 2; 166 opt += data_len; 167 if ((space -= data_len) > 0) 168 memset(opt, 0, space); 169 return opt + space; 170 } 171 172 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur, 173 struct nd_opt_hdr *end) 174 { 175 int type; 176 if (!cur || !end || cur >= end) 177 return NULL; 178 type = cur->nd_opt_type; 179 do { 180 cur = ((void *)cur) + (cur->nd_opt_len << 3); 181 } while(cur < end && cur->nd_opt_type != type); 182 return cur <= end && cur->nd_opt_type == type ? cur : NULL; 183 } 184 185 static inline int ndisc_is_useropt(struct nd_opt_hdr *opt) 186 { 187 return opt->nd_opt_type == ND_OPT_RDNSS || 188 opt->nd_opt_type == ND_OPT_DNSSL; 189 } 190 191 static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur, 192 struct nd_opt_hdr *end) 193 { 194 if (!cur || !end || cur >= end) 195 return NULL; 196 do { 197 cur = ((void *)cur) + (cur->nd_opt_len << 3); 198 } while(cur < end && !ndisc_is_useropt(cur)); 199 return cur <= end && ndisc_is_useropt(cur) ? cur : NULL; 200 } 201 202 struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len, 203 struct ndisc_options *ndopts) 204 { 205 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt; 206 207 if (!nd_opt || opt_len < 0 || !ndopts) 208 return NULL; 209 memset(ndopts, 0, sizeof(*ndopts)); 210 while (opt_len) { 211 int l; 212 if (opt_len < sizeof(struct nd_opt_hdr)) 213 return NULL; 214 l = nd_opt->nd_opt_len << 3; 215 if (opt_len < l || l == 0) 216 return NULL; 217 switch (nd_opt->nd_opt_type) { 218 case ND_OPT_SOURCE_LL_ADDR: 219 case ND_OPT_TARGET_LL_ADDR: 220 case ND_OPT_MTU: 221 case ND_OPT_REDIRECT_HDR: 222 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) { 223 ND_PRINTK(2, warn, 224 "%s: duplicated ND6 option found: type=%d\n", 225 __func__, nd_opt->nd_opt_type); 226 } else { 227 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 228 } 229 break; 230 case ND_OPT_PREFIX_INFO: 231 ndopts->nd_opts_pi_end = nd_opt; 232 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type]) 233 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 234 break; 235 #ifdef CONFIG_IPV6_ROUTE_INFO 236 case ND_OPT_ROUTE_INFO: 237 ndopts->nd_opts_ri_end = nd_opt; 238 if (!ndopts->nd_opts_ri) 239 ndopts->nd_opts_ri = nd_opt; 240 break; 241 #endif 242 default: 243 if (ndisc_is_useropt(nd_opt)) { 244 ndopts->nd_useropts_end = nd_opt; 245 if (!ndopts->nd_useropts) 246 ndopts->nd_useropts = nd_opt; 247 } else { 248 /* 249 * Unknown options must be silently ignored, 250 * to accommodate future extension to the 251 * protocol. 252 */ 253 ND_PRINTK(2, notice, 254 "%s: ignored unsupported option; type=%d, len=%d\n", 255 __func__, 256 nd_opt->nd_opt_type, 257 nd_opt->nd_opt_len); 258 } 259 } 260 opt_len -= l; 261 nd_opt = ((void *)nd_opt) + l; 262 } 263 return ndopts; 264 } 265 266 int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir) 267 { 268 switch (dev->type) { 269 case ARPHRD_ETHER: 270 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */ 271 case ARPHRD_FDDI: 272 ipv6_eth_mc_map(addr, buf); 273 return 0; 274 case ARPHRD_ARCNET: 275 ipv6_arcnet_mc_map(addr, buf); 276 return 0; 277 case ARPHRD_INFINIBAND: 278 ipv6_ib_mc_map(addr, dev->broadcast, buf); 279 return 0; 280 case ARPHRD_IPGRE: 281 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf); 282 default: 283 if (dir) { 284 memcpy(buf, dev->broadcast, dev->addr_len); 285 return 0; 286 } 287 } 288 return -EINVAL; 289 } 290 291 EXPORT_SYMBOL(ndisc_mc_map); 292 293 static u32 ndisc_hash(const void *pkey, 294 const struct net_device *dev, 295 __u32 *hash_rnd) 296 { 297 return ndisc_hashfn(pkey, dev, hash_rnd); 298 } 299 300 static int ndisc_constructor(struct neighbour *neigh) 301 { 302 struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key; 303 struct net_device *dev = neigh->dev; 304 struct inet6_dev *in6_dev; 305 struct neigh_parms *parms; 306 bool is_multicast = ipv6_addr_is_multicast(addr); 307 308 in6_dev = in6_dev_get(dev); 309 if (in6_dev == NULL) { 310 return -EINVAL; 311 } 312 313 parms = in6_dev->nd_parms; 314 __neigh_parms_put(neigh->parms); 315 neigh->parms = neigh_parms_clone(parms); 316 317 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST; 318 if (!dev->header_ops) { 319 neigh->nud_state = NUD_NOARP; 320 neigh->ops = &ndisc_direct_ops; 321 neigh->output = neigh_direct_output; 322 } else { 323 if (is_multicast) { 324 neigh->nud_state = NUD_NOARP; 325 ndisc_mc_map(addr, neigh->ha, dev, 1); 326 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) { 327 neigh->nud_state = NUD_NOARP; 328 memcpy(neigh->ha, dev->dev_addr, dev->addr_len); 329 if (dev->flags&IFF_LOOPBACK) 330 neigh->type = RTN_LOCAL; 331 } else if (dev->flags&IFF_POINTOPOINT) { 332 neigh->nud_state = NUD_NOARP; 333 memcpy(neigh->ha, dev->broadcast, dev->addr_len); 334 } 335 if (dev->header_ops->cache) 336 neigh->ops = &ndisc_hh_ops; 337 else 338 neigh->ops = &ndisc_generic_ops; 339 if (neigh->nud_state&NUD_VALID) 340 neigh->output = neigh->ops->connected_output; 341 else 342 neigh->output = neigh->ops->output; 343 } 344 in6_dev_put(in6_dev); 345 return 0; 346 } 347 348 static int pndisc_constructor(struct pneigh_entry *n) 349 { 350 struct in6_addr *addr = (struct in6_addr*)&n->key; 351 struct in6_addr maddr; 352 struct net_device *dev = n->dev; 353 354 if (dev == NULL || __in6_dev_get(dev) == NULL) 355 return -EINVAL; 356 addrconf_addr_solict_mult(addr, &maddr); 357 ipv6_dev_mc_inc(dev, &maddr); 358 return 0; 359 } 360 361 static void pndisc_destructor(struct pneigh_entry *n) 362 { 363 struct in6_addr *addr = (struct in6_addr*)&n->key; 364 struct in6_addr maddr; 365 struct net_device *dev = n->dev; 366 367 if (dev == NULL || __in6_dev_get(dev) == NULL) 368 return; 369 addrconf_addr_solict_mult(addr, &maddr); 370 ipv6_dev_mc_dec(dev, &maddr); 371 } 372 373 struct sk_buff *ndisc_build_skb(struct net_device *dev, 374 const struct in6_addr *daddr, 375 const struct in6_addr *saddr, 376 struct icmp6hdr *icmp6h, 377 const struct in6_addr *target, 378 int llinfo) 379 { 380 struct net *net = dev_net(dev); 381 struct sock *sk = net->ipv6.ndisc_sk; 382 struct sk_buff *skb; 383 struct icmp6hdr *hdr; 384 int hlen = LL_RESERVED_SPACE(dev); 385 int tlen = dev->needed_tailroom; 386 int len; 387 int err; 388 u8 *opt; 389 390 if (!dev->addr_len) 391 llinfo = 0; 392 393 len = sizeof(struct icmp6hdr) + (target ? sizeof(*target) : 0); 394 if (llinfo) 395 len += ndisc_opt_addr_space(dev); 396 397 skb = sock_alloc_send_skb(sk, 398 (MAX_HEADER + sizeof(struct ipv6hdr) + 399 len + hlen + tlen), 400 1, &err); 401 if (!skb) { 402 ND_PRINTK(0, err, "ND: %s failed to allocate an skb, err=%d\n", 403 __func__, err); 404 return NULL; 405 } 406 407 skb_reserve(skb, hlen); 408 ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len); 409 410 skb->transport_header = skb->tail; 411 skb_put(skb, len); 412 413 hdr = (struct icmp6hdr *)skb_transport_header(skb); 414 memcpy(hdr, icmp6h, sizeof(*hdr)); 415 416 opt = skb_transport_header(skb) + sizeof(struct icmp6hdr); 417 if (target) { 418 *(struct in6_addr *)opt = *target; 419 opt += sizeof(*target); 420 } 421 422 if (llinfo) 423 ndisc_fill_addr_option(opt, llinfo, dev->dev_addr, 424 dev->addr_len, dev->type); 425 426 hdr->icmp6_cksum = csum_ipv6_magic(saddr, daddr, len, 427 IPPROTO_ICMPV6, 428 csum_partial(hdr, 429 len, 0)); 430 431 return skb; 432 } 433 434 EXPORT_SYMBOL(ndisc_build_skb); 435 436 void ndisc_send_skb(struct sk_buff *skb, 437 struct net_device *dev, 438 struct neighbour *neigh, 439 const struct in6_addr *daddr, 440 const struct in6_addr *saddr, 441 struct icmp6hdr *icmp6h) 442 { 443 struct flowi6 fl6; 444 struct dst_entry *dst; 445 struct net *net = dev_net(dev); 446 struct sock *sk = net->ipv6.ndisc_sk; 447 struct inet6_dev *idev; 448 int err; 449 u8 type; 450 451 type = icmp6h->icmp6_type; 452 453 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, dev->ifindex); 454 dst = icmp6_dst_alloc(dev, neigh, &fl6); 455 if (IS_ERR(dst)) { 456 kfree_skb(skb); 457 return; 458 } 459 460 skb_dst_set(skb, dst); 461 462 rcu_read_lock(); 463 idev = __in6_dev_get(dst->dev); 464 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len); 465 466 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev, 467 dst_output); 468 if (!err) { 469 ICMP6MSGOUT_INC_STATS(net, idev, type); 470 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS); 471 } 472 473 rcu_read_unlock(); 474 } 475 476 EXPORT_SYMBOL(ndisc_send_skb); 477 478 /* 479 * Send a Neighbour Discover packet 480 */ 481 static void __ndisc_send(struct net_device *dev, 482 struct neighbour *neigh, 483 const struct in6_addr *daddr, 484 const struct in6_addr *saddr, 485 struct icmp6hdr *icmp6h, const struct in6_addr *target, 486 int llinfo) 487 { 488 struct sk_buff *skb; 489 490 skb = ndisc_build_skb(dev, daddr, saddr, icmp6h, target, llinfo); 491 if (!skb) 492 return; 493 494 ndisc_send_skb(skb, dev, neigh, daddr, saddr, icmp6h); 495 } 496 497 static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh, 498 const struct in6_addr *daddr, 499 const struct in6_addr *solicited_addr, 500 int router, int solicited, int override, int inc_opt) 501 { 502 struct in6_addr tmpaddr; 503 struct inet6_ifaddr *ifp; 504 const struct in6_addr *src_addr; 505 struct icmp6hdr icmp6h = { 506 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT, 507 }; 508 509 /* for anycast or proxy, solicited_addr != src_addr */ 510 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1); 511 if (ifp) { 512 src_addr = solicited_addr; 513 if (ifp->flags & IFA_F_OPTIMISTIC) 514 override = 0; 515 inc_opt |= ifp->idev->cnf.force_tllao; 516 in6_ifa_put(ifp); 517 } else { 518 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr, 519 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs, 520 &tmpaddr)) 521 return; 522 src_addr = &tmpaddr; 523 } 524 525 icmp6h.icmp6_router = router; 526 icmp6h.icmp6_solicited = solicited; 527 icmp6h.icmp6_override = override; 528 529 __ndisc_send(dev, neigh, daddr, src_addr, 530 &icmp6h, solicited_addr, 531 inc_opt ? ND_OPT_TARGET_LL_ADDR : 0); 532 } 533 534 static void ndisc_send_unsol_na(struct net_device *dev) 535 { 536 struct inet6_dev *idev; 537 struct inet6_ifaddr *ifa; 538 struct in6_addr mcaddr; 539 540 idev = in6_dev_get(dev); 541 if (!idev) 542 return; 543 544 read_lock_bh(&idev->lock); 545 list_for_each_entry(ifa, &idev->addr_list, if_list) { 546 addrconf_addr_solict_mult(&ifa->addr, &mcaddr); 547 ndisc_send_na(dev, NULL, &mcaddr, &ifa->addr, 548 /*router=*/ !!idev->cnf.forwarding, 549 /*solicited=*/ false, /*override=*/ true, 550 /*inc_opt=*/ true); 551 } 552 read_unlock_bh(&idev->lock); 553 554 in6_dev_put(idev); 555 } 556 557 void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh, 558 const struct in6_addr *solicit, 559 const struct in6_addr *daddr, const struct in6_addr *saddr) 560 { 561 struct in6_addr addr_buf; 562 struct icmp6hdr icmp6h = { 563 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION, 564 }; 565 566 if (saddr == NULL) { 567 if (ipv6_get_lladdr(dev, &addr_buf, 568 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))) 569 return; 570 saddr = &addr_buf; 571 } 572 573 __ndisc_send(dev, neigh, daddr, saddr, 574 &icmp6h, solicit, 575 !ipv6_addr_any(saddr) ? ND_OPT_SOURCE_LL_ADDR : 0); 576 } 577 578 void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr, 579 const struct in6_addr *daddr) 580 { 581 struct icmp6hdr icmp6h = { 582 .icmp6_type = NDISC_ROUTER_SOLICITATION, 583 }; 584 int send_sllao = dev->addr_len; 585 586 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD 587 /* 588 * According to section 2.2 of RFC 4429, we must not 589 * send router solicitations with a sllao from 590 * optimistic addresses, but we may send the solicitation 591 * if we don't include the sllao. So here we check 592 * if our address is optimistic, and if so, we 593 * suppress the inclusion of the sllao. 594 */ 595 if (send_sllao) { 596 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr, 597 dev, 1); 598 if (ifp) { 599 if (ifp->flags & IFA_F_OPTIMISTIC) { 600 send_sllao = 0; 601 } 602 in6_ifa_put(ifp); 603 } else { 604 send_sllao = 0; 605 } 606 } 607 #endif 608 __ndisc_send(dev, NULL, daddr, saddr, 609 &icmp6h, NULL, 610 send_sllao ? ND_OPT_SOURCE_LL_ADDR : 0); 611 } 612 613 614 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb) 615 { 616 /* 617 * "The sender MUST return an ICMP 618 * destination unreachable" 619 */ 620 dst_link_failure(skb); 621 kfree_skb(skb); 622 } 623 624 /* Called with locked neigh: either read or both */ 625 626 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb) 627 { 628 struct in6_addr *saddr = NULL; 629 struct in6_addr mcaddr; 630 struct net_device *dev = neigh->dev; 631 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key; 632 int probes = atomic_read(&neigh->probes); 633 634 if (skb && ipv6_chk_addr(dev_net(dev), &ipv6_hdr(skb)->saddr, dev, 1)) 635 saddr = &ipv6_hdr(skb)->saddr; 636 637 if ((probes -= neigh->parms->ucast_probes) < 0) { 638 if (!(neigh->nud_state & NUD_VALID)) { 639 ND_PRINTK(1, dbg, 640 "%s: trying to ucast probe in NUD_INVALID: %pI6\n", 641 __func__, target); 642 } 643 ndisc_send_ns(dev, neigh, target, target, saddr); 644 } else if ((probes -= neigh->parms->app_probes) < 0) { 645 #ifdef CONFIG_ARPD 646 neigh_app_ns(neigh); 647 #endif 648 } else { 649 addrconf_addr_solict_mult(target, &mcaddr); 650 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr); 651 } 652 } 653 654 static int pndisc_is_router(const void *pkey, 655 struct net_device *dev) 656 { 657 struct pneigh_entry *n; 658 int ret = -1; 659 660 read_lock_bh(&nd_tbl.lock); 661 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev); 662 if (n) 663 ret = !!(n->flags & NTF_ROUTER); 664 read_unlock_bh(&nd_tbl.lock); 665 666 return ret; 667 } 668 669 static void ndisc_recv_ns(struct sk_buff *skb) 670 { 671 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb); 672 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 673 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr; 674 u8 *lladdr = NULL; 675 u32 ndoptlen = skb->tail - (skb->transport_header + 676 offsetof(struct nd_msg, opt)); 677 struct ndisc_options ndopts; 678 struct net_device *dev = skb->dev; 679 struct inet6_ifaddr *ifp; 680 struct inet6_dev *idev = NULL; 681 struct neighbour *neigh; 682 int dad = ipv6_addr_any(saddr); 683 bool inc; 684 int is_router = -1; 685 686 if (ipv6_addr_is_multicast(&msg->target)) { 687 ND_PRINTK(2, warn, "NS: multicast target address\n"); 688 return; 689 } 690 691 /* 692 * RFC2461 7.1.1: 693 * DAD has to be destined for solicited node multicast address. 694 */ 695 if (dad && 696 !(daddr->s6_addr32[0] == htonl(0xff020000) && 697 daddr->s6_addr32[1] == htonl(0x00000000) && 698 daddr->s6_addr32[2] == htonl(0x00000001) && 699 daddr->s6_addr [12] == 0xff )) { 700 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n"); 701 return; 702 } 703 704 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) { 705 ND_PRINTK(2, warn, "NS: invalid ND options\n"); 706 return; 707 } 708 709 if (ndopts.nd_opts_src_lladdr) { 710 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev); 711 if (!lladdr) { 712 ND_PRINTK(2, warn, 713 "NS: invalid link-layer address length\n"); 714 return; 715 } 716 717 /* RFC2461 7.1.1: 718 * If the IP source address is the unspecified address, 719 * there MUST NOT be source link-layer address option 720 * in the message. 721 */ 722 if (dad) { 723 ND_PRINTK(2, warn, 724 "NS: bad DAD packet (link-layer address option)\n"); 725 return; 726 } 727 } 728 729 inc = ipv6_addr_is_multicast(daddr); 730 731 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1); 732 if (ifp) { 733 734 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) { 735 if (dad) { 736 /* 737 * We are colliding with another node 738 * who is doing DAD 739 * so fail our DAD process 740 */ 741 addrconf_dad_failure(ifp); 742 return; 743 } else { 744 /* 745 * This is not a dad solicitation. 746 * If we are an optimistic node, 747 * we should respond. 748 * Otherwise, we should ignore it. 749 */ 750 if (!(ifp->flags & IFA_F_OPTIMISTIC)) 751 goto out; 752 } 753 } 754 755 idev = ifp->idev; 756 } else { 757 struct net *net = dev_net(dev); 758 759 idev = in6_dev_get(dev); 760 if (!idev) { 761 /* XXX: count this drop? */ 762 return; 763 } 764 765 if (ipv6_chk_acast_addr(net, dev, &msg->target) || 766 (idev->cnf.forwarding && 767 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) && 768 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) { 769 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) && 770 skb->pkt_type != PACKET_HOST && 771 inc != 0 && 772 idev->nd_parms->proxy_delay != 0) { 773 /* 774 * for anycast or proxy, 775 * sender should delay its response 776 * by a random time between 0 and 777 * MAX_ANYCAST_DELAY_TIME seconds. 778 * (RFC2461) -- yoshfuji 779 */ 780 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC); 781 if (n) 782 pneigh_enqueue(&nd_tbl, idev->nd_parms, n); 783 goto out; 784 } 785 } else 786 goto out; 787 } 788 789 if (is_router < 0) 790 is_router = !!idev->cnf.forwarding; 791 792 if (dad) { 793 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &msg->target, 794 is_router, 0, (ifp != NULL), 1); 795 goto out; 796 } 797 798 if (inc) 799 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast); 800 else 801 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast); 802 803 /* 804 * update / create cache entry 805 * for the source address 806 */ 807 neigh = __neigh_lookup(&nd_tbl, saddr, dev, 808 !inc || lladdr || !dev->addr_len); 809 if (neigh) 810 neigh_update(neigh, lladdr, NUD_STALE, 811 NEIGH_UPDATE_F_WEAK_OVERRIDE| 812 NEIGH_UPDATE_F_OVERRIDE); 813 if (neigh || !dev->header_ops) { 814 ndisc_send_na(dev, neigh, saddr, &msg->target, 815 is_router, 816 1, (ifp != NULL && inc), inc); 817 if (neigh) 818 neigh_release(neigh); 819 } 820 821 out: 822 if (ifp) 823 in6_ifa_put(ifp); 824 else 825 in6_dev_put(idev); 826 } 827 828 static void ndisc_recv_na(struct sk_buff *skb) 829 { 830 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb); 831 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 832 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr; 833 u8 *lladdr = NULL; 834 u32 ndoptlen = skb->tail - (skb->transport_header + 835 offsetof(struct nd_msg, opt)); 836 struct ndisc_options ndopts; 837 struct net_device *dev = skb->dev; 838 struct inet6_ifaddr *ifp; 839 struct neighbour *neigh; 840 841 if (skb->len < sizeof(struct nd_msg)) { 842 ND_PRINTK(2, warn, "NA: packet too short\n"); 843 return; 844 } 845 846 if (ipv6_addr_is_multicast(&msg->target)) { 847 ND_PRINTK(2, warn, "NA: target address is multicast\n"); 848 return; 849 } 850 851 if (ipv6_addr_is_multicast(daddr) && 852 msg->icmph.icmp6_solicited) { 853 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n"); 854 return; 855 } 856 857 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) { 858 ND_PRINTK(2, warn, "NS: invalid ND option\n"); 859 return; 860 } 861 if (ndopts.nd_opts_tgt_lladdr) { 862 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev); 863 if (!lladdr) { 864 ND_PRINTK(2, warn, 865 "NA: invalid link-layer address length\n"); 866 return; 867 } 868 } 869 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1); 870 if (ifp) { 871 if (skb->pkt_type != PACKET_LOOPBACK 872 && (ifp->flags & IFA_F_TENTATIVE)) { 873 addrconf_dad_failure(ifp); 874 return; 875 } 876 /* What should we make now? The advertisement 877 is invalid, but ndisc specs say nothing 878 about it. It could be misconfiguration, or 879 an smart proxy agent tries to help us :-) 880 881 We should not print the error if NA has been 882 received from loopback - it is just our own 883 unsolicited advertisement. 884 */ 885 if (skb->pkt_type != PACKET_LOOPBACK) 886 ND_PRINTK(1, warn, 887 "NA: someone advertises our address %pI6 on %s!\n", 888 &ifp->addr, ifp->idev->dev->name); 889 in6_ifa_put(ifp); 890 return; 891 } 892 neigh = neigh_lookup(&nd_tbl, &msg->target, dev); 893 894 if (neigh) { 895 u8 old_flags = neigh->flags; 896 struct net *net = dev_net(dev); 897 898 if (neigh->nud_state & NUD_FAILED) 899 goto out; 900 901 /* 902 * Don't update the neighbor cache entry on a proxy NA from 903 * ourselves because either the proxied node is off link or it 904 * has already sent a NA to us. 905 */ 906 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) && 907 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp && 908 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) { 909 /* XXX: idev->cnf.prixy_ndp */ 910 goto out; 911 } 912 913 neigh_update(neigh, lladdr, 914 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE, 915 NEIGH_UPDATE_F_WEAK_OVERRIDE| 916 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)| 917 NEIGH_UPDATE_F_OVERRIDE_ISROUTER| 918 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0)); 919 920 if ((old_flags & ~neigh->flags) & NTF_ROUTER) { 921 /* 922 * Change: router to host 923 */ 924 struct rt6_info *rt; 925 rt = rt6_get_dflt_router(saddr, dev); 926 if (rt) 927 ip6_del_rt(rt); 928 } 929 930 out: 931 neigh_release(neigh); 932 } 933 } 934 935 static void ndisc_recv_rs(struct sk_buff *skb) 936 { 937 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb); 938 unsigned long ndoptlen = skb->len - sizeof(*rs_msg); 939 struct neighbour *neigh; 940 struct inet6_dev *idev; 941 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr; 942 struct ndisc_options ndopts; 943 u8 *lladdr = NULL; 944 945 if (skb->len < sizeof(*rs_msg)) 946 return; 947 948 idev = __in6_dev_get(skb->dev); 949 if (!idev) { 950 ND_PRINTK(1, err, "RS: can't find in6 device\n"); 951 return; 952 } 953 954 /* Don't accept RS if we're not in router mode */ 955 if (!idev->cnf.forwarding) 956 goto out; 957 958 /* 959 * Don't update NCE if src = ::; 960 * this implies that the source node has no ip address assigned yet. 961 */ 962 if (ipv6_addr_any(saddr)) 963 goto out; 964 965 /* Parse ND options */ 966 if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) { 967 ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n"); 968 goto out; 969 } 970 971 if (ndopts.nd_opts_src_lladdr) { 972 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, 973 skb->dev); 974 if (!lladdr) 975 goto out; 976 } 977 978 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1); 979 if (neigh) { 980 neigh_update(neigh, lladdr, NUD_STALE, 981 NEIGH_UPDATE_F_WEAK_OVERRIDE| 982 NEIGH_UPDATE_F_OVERRIDE| 983 NEIGH_UPDATE_F_OVERRIDE_ISROUTER); 984 neigh_release(neigh); 985 } 986 out: 987 return; 988 } 989 990 static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt) 991 { 992 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra); 993 struct sk_buff *skb; 994 struct nlmsghdr *nlh; 995 struct nduseroptmsg *ndmsg; 996 struct net *net = dev_net(ra->dev); 997 int err; 998 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg) 999 + (opt->nd_opt_len << 3)); 1000 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr)); 1001 1002 skb = nlmsg_new(msg_size, GFP_ATOMIC); 1003 if (skb == NULL) { 1004 err = -ENOBUFS; 1005 goto errout; 1006 } 1007 1008 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0); 1009 if (nlh == NULL) { 1010 goto nla_put_failure; 1011 } 1012 1013 ndmsg = nlmsg_data(nlh); 1014 ndmsg->nduseropt_family = AF_INET6; 1015 ndmsg->nduseropt_ifindex = ra->dev->ifindex; 1016 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type; 1017 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code; 1018 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3; 1019 1020 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3); 1021 1022 if (nla_put(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr), 1023 &ipv6_hdr(ra)->saddr)) 1024 goto nla_put_failure; 1025 nlmsg_end(skb, nlh); 1026 1027 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC); 1028 return; 1029 1030 nla_put_failure: 1031 nlmsg_free(skb); 1032 err = -EMSGSIZE; 1033 errout: 1034 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err); 1035 } 1036 1037 static inline int accept_ra(struct inet6_dev *in6_dev) 1038 { 1039 /* 1040 * If forwarding is enabled, RA are not accepted unless the special 1041 * hybrid mode (accept_ra=2) is enabled. 1042 */ 1043 if (in6_dev->cnf.forwarding && in6_dev->cnf.accept_ra < 2) 1044 return 0; 1045 1046 return in6_dev->cnf.accept_ra; 1047 } 1048 1049 static void ndisc_router_discovery(struct sk_buff *skb) 1050 { 1051 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb); 1052 struct neighbour *neigh = NULL; 1053 struct inet6_dev *in6_dev; 1054 struct rt6_info *rt = NULL; 1055 int lifetime; 1056 struct ndisc_options ndopts; 1057 int optlen; 1058 unsigned int pref = 0; 1059 1060 __u8 * opt = (__u8 *)(ra_msg + 1); 1061 1062 optlen = (skb->tail - skb->transport_header) - sizeof(struct ra_msg); 1063 1064 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) { 1065 ND_PRINTK(2, warn, "RA: source address is not link-local\n"); 1066 return; 1067 } 1068 if (optlen < 0) { 1069 ND_PRINTK(2, warn, "RA: packet too short\n"); 1070 return; 1071 } 1072 1073 #ifdef CONFIG_IPV6_NDISC_NODETYPE 1074 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) { 1075 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n"); 1076 return; 1077 } 1078 #endif 1079 1080 /* 1081 * set the RA_RECV flag in the interface 1082 */ 1083 1084 in6_dev = __in6_dev_get(skb->dev); 1085 if (in6_dev == NULL) { 1086 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n", 1087 skb->dev->name); 1088 return; 1089 } 1090 1091 if (!ndisc_parse_options(opt, optlen, &ndopts)) { 1092 ND_PRINTK(2, warn, "RA: invalid ND options\n"); 1093 return; 1094 } 1095 1096 if (!accept_ra(in6_dev)) 1097 goto skip_linkparms; 1098 1099 #ifdef CONFIG_IPV6_NDISC_NODETYPE 1100 /* skip link-specific parameters from interior routers */ 1101 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) 1102 goto skip_linkparms; 1103 #endif 1104 1105 if (in6_dev->if_flags & IF_RS_SENT) { 1106 /* 1107 * flag that an RA was received after an RS was sent 1108 * out on this interface. 1109 */ 1110 in6_dev->if_flags |= IF_RA_RCVD; 1111 } 1112 1113 /* 1114 * Remember the managed/otherconf flags from most recently 1115 * received RA message (RFC 2462) -- yoshfuji 1116 */ 1117 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED | 1118 IF_RA_OTHERCONF)) | 1119 (ra_msg->icmph.icmp6_addrconf_managed ? 1120 IF_RA_MANAGED : 0) | 1121 (ra_msg->icmph.icmp6_addrconf_other ? 1122 IF_RA_OTHERCONF : 0); 1123 1124 if (!in6_dev->cnf.accept_ra_defrtr) 1125 goto skip_defrtr; 1126 1127 if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0)) 1128 goto skip_defrtr; 1129 1130 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime); 1131 1132 #ifdef CONFIG_IPV6_ROUTER_PREF 1133 pref = ra_msg->icmph.icmp6_router_pref; 1134 /* 10b is handled as if it were 00b (medium) */ 1135 if (pref == ICMPV6_ROUTER_PREF_INVALID || 1136 !in6_dev->cnf.accept_ra_rtr_pref) 1137 pref = ICMPV6_ROUTER_PREF_MEDIUM; 1138 #endif 1139 1140 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev); 1141 1142 if (rt) { 1143 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr); 1144 if (!neigh) { 1145 ND_PRINTK(0, err, 1146 "RA: %s got default router without neighbour\n", 1147 __func__); 1148 dst_release(&rt->dst); 1149 return; 1150 } 1151 } 1152 if (rt && lifetime == 0) { 1153 ip6_del_rt(rt); 1154 rt = NULL; 1155 } 1156 1157 if (rt == NULL && lifetime) { 1158 ND_PRINTK(3, dbg, "RA: adding default router\n"); 1159 1160 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref); 1161 if (rt == NULL) { 1162 ND_PRINTK(0, err, 1163 "RA: %s failed to add default route\n", 1164 __func__); 1165 return; 1166 } 1167 1168 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr); 1169 if (neigh == NULL) { 1170 ND_PRINTK(0, err, 1171 "RA: %s got default router without neighbour\n", 1172 __func__); 1173 dst_release(&rt->dst); 1174 return; 1175 } 1176 neigh->flags |= NTF_ROUTER; 1177 } else if (rt) { 1178 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref); 1179 } 1180 1181 if (rt) 1182 rt6_set_expires(rt, jiffies + (HZ * lifetime)); 1183 if (ra_msg->icmph.icmp6_hop_limit) { 1184 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit; 1185 if (rt) 1186 dst_metric_set(&rt->dst, RTAX_HOPLIMIT, 1187 ra_msg->icmph.icmp6_hop_limit); 1188 } 1189 1190 skip_defrtr: 1191 1192 /* 1193 * Update Reachable Time and Retrans Timer 1194 */ 1195 1196 if (in6_dev->nd_parms) { 1197 unsigned long rtime = ntohl(ra_msg->retrans_timer); 1198 1199 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) { 1200 rtime = (rtime*HZ)/1000; 1201 if (rtime < HZ/10) 1202 rtime = HZ/10; 1203 in6_dev->nd_parms->retrans_time = rtime; 1204 in6_dev->tstamp = jiffies; 1205 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev); 1206 } 1207 1208 rtime = ntohl(ra_msg->reachable_time); 1209 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) { 1210 rtime = (rtime*HZ)/1000; 1211 1212 if (rtime < HZ/10) 1213 rtime = HZ/10; 1214 1215 if (rtime != in6_dev->nd_parms->base_reachable_time) { 1216 in6_dev->nd_parms->base_reachable_time = rtime; 1217 in6_dev->nd_parms->gc_staletime = 3 * rtime; 1218 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime); 1219 in6_dev->tstamp = jiffies; 1220 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev); 1221 } 1222 } 1223 } 1224 1225 skip_linkparms: 1226 1227 /* 1228 * Process options. 1229 */ 1230 1231 if (!neigh) 1232 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr, 1233 skb->dev, 1); 1234 if (neigh) { 1235 u8 *lladdr = NULL; 1236 if (ndopts.nd_opts_src_lladdr) { 1237 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, 1238 skb->dev); 1239 if (!lladdr) { 1240 ND_PRINTK(2, warn, 1241 "RA: invalid link-layer address length\n"); 1242 goto out; 1243 } 1244 } 1245 neigh_update(neigh, lladdr, NUD_STALE, 1246 NEIGH_UPDATE_F_WEAK_OVERRIDE| 1247 NEIGH_UPDATE_F_OVERRIDE| 1248 NEIGH_UPDATE_F_OVERRIDE_ISROUTER| 1249 NEIGH_UPDATE_F_ISROUTER); 1250 } 1251 1252 if (!accept_ra(in6_dev)) 1253 goto out; 1254 1255 #ifdef CONFIG_IPV6_ROUTE_INFO 1256 if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0)) 1257 goto skip_routeinfo; 1258 1259 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) { 1260 struct nd_opt_hdr *p; 1261 for (p = ndopts.nd_opts_ri; 1262 p; 1263 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) { 1264 struct route_info *ri = (struct route_info *)p; 1265 #ifdef CONFIG_IPV6_NDISC_NODETYPE 1266 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT && 1267 ri->prefix_len == 0) 1268 continue; 1269 #endif 1270 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen) 1271 continue; 1272 rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3, 1273 &ipv6_hdr(skb)->saddr); 1274 } 1275 } 1276 1277 skip_routeinfo: 1278 #endif 1279 1280 #ifdef CONFIG_IPV6_NDISC_NODETYPE 1281 /* skip link-specific ndopts from interior routers */ 1282 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) 1283 goto out; 1284 #endif 1285 1286 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) { 1287 struct nd_opt_hdr *p; 1288 for (p = ndopts.nd_opts_pi; 1289 p; 1290 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) { 1291 addrconf_prefix_rcv(skb->dev, (u8 *)p, 1292 (p->nd_opt_len) << 3, 1293 ndopts.nd_opts_src_lladdr != NULL); 1294 } 1295 } 1296 1297 if (ndopts.nd_opts_mtu) { 1298 __be32 n; 1299 u32 mtu; 1300 1301 memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu)); 1302 mtu = ntohl(n); 1303 1304 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) { 1305 ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu); 1306 } else if (in6_dev->cnf.mtu6 != mtu) { 1307 in6_dev->cnf.mtu6 = mtu; 1308 1309 if (rt) 1310 dst_metric_set(&rt->dst, RTAX_MTU, mtu); 1311 1312 rt6_mtu_change(skb->dev, mtu); 1313 } 1314 } 1315 1316 if (ndopts.nd_useropts) { 1317 struct nd_opt_hdr *p; 1318 for (p = ndopts.nd_useropts; 1319 p; 1320 p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) { 1321 ndisc_ra_useropt(skb, p); 1322 } 1323 } 1324 1325 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) { 1326 ND_PRINTK(2, warn, "RA: invalid RA options\n"); 1327 } 1328 out: 1329 if (rt) 1330 dst_release(&rt->dst); 1331 if (neigh) 1332 neigh_release(neigh); 1333 } 1334 1335 static void ndisc_redirect_rcv(struct sk_buff *skb) 1336 { 1337 #ifdef CONFIG_IPV6_NDISC_NODETYPE 1338 switch (skb->ndisc_nodetype) { 1339 case NDISC_NODETYPE_HOST: 1340 case NDISC_NODETYPE_NODEFAULT: 1341 ND_PRINTK(2, warn, 1342 "Redirect: from host or unauthorized router\n"); 1343 return; 1344 } 1345 #endif 1346 1347 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) { 1348 ND_PRINTK(2, warn, 1349 "Redirect: source address is not link-local\n"); 1350 return; 1351 } 1352 1353 icmpv6_notify(skb, NDISC_REDIRECT, 0, 0); 1354 } 1355 1356 void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target) 1357 { 1358 struct net_device *dev = skb->dev; 1359 struct net *net = dev_net(dev); 1360 struct sock *sk = net->ipv6.ndisc_sk; 1361 int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr); 1362 struct inet_peer *peer; 1363 struct sk_buff *buff; 1364 struct icmp6hdr *icmph; 1365 struct in6_addr saddr_buf; 1366 struct in6_addr *addrp; 1367 struct rt6_info *rt; 1368 struct dst_entry *dst; 1369 struct inet6_dev *idev; 1370 struct flowi6 fl6; 1371 u8 *opt; 1372 int hlen, tlen; 1373 int rd_len; 1374 int err; 1375 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL; 1376 bool ret; 1377 1378 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) { 1379 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n", 1380 dev->name); 1381 return; 1382 } 1383 1384 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) && 1385 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) { 1386 ND_PRINTK(2, warn, 1387 "Redirect: target address is not link-local unicast\n"); 1388 return; 1389 } 1390 1391 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT, 1392 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex); 1393 1394 dst = ip6_route_output(net, NULL, &fl6); 1395 if (dst->error) { 1396 dst_release(dst); 1397 return; 1398 } 1399 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0); 1400 if (IS_ERR(dst)) 1401 return; 1402 1403 rt = (struct rt6_info *) dst; 1404 1405 if (rt->rt6i_flags & RTF_GATEWAY) { 1406 ND_PRINTK(2, warn, 1407 "Redirect: destination is not a neighbour\n"); 1408 goto release; 1409 } 1410 peer = inet_getpeer_v6(net->ipv6.peers, &rt->rt6i_dst.addr, 1); 1411 ret = inet_peer_xrlim_allow(peer, 1*HZ); 1412 if (peer) 1413 inet_putpeer(peer); 1414 if (!ret) 1415 goto release; 1416 1417 if (dev->addr_len) { 1418 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target); 1419 if (!neigh) { 1420 ND_PRINTK(2, warn, 1421 "Redirect: no neigh for target address\n"); 1422 goto release; 1423 } 1424 1425 read_lock_bh(&neigh->lock); 1426 if (neigh->nud_state & NUD_VALID) { 1427 memcpy(ha_buf, neigh->ha, dev->addr_len); 1428 read_unlock_bh(&neigh->lock); 1429 ha = ha_buf; 1430 len += ndisc_opt_addr_space(dev); 1431 } else 1432 read_unlock_bh(&neigh->lock); 1433 1434 neigh_release(neigh); 1435 } 1436 1437 rd_len = min_t(unsigned int, 1438 IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8); 1439 rd_len &= ~0x7; 1440 len += rd_len; 1441 1442 hlen = LL_RESERVED_SPACE(dev); 1443 tlen = dev->needed_tailroom; 1444 buff = sock_alloc_send_skb(sk, 1445 (MAX_HEADER + sizeof(struct ipv6hdr) + 1446 len + hlen + tlen), 1447 1, &err); 1448 if (buff == NULL) { 1449 ND_PRINTK(0, err, 1450 "Redirect: %s failed to allocate an skb, err=%d\n", 1451 __func__, err); 1452 goto release; 1453 } 1454 1455 skb_reserve(buff, hlen); 1456 ip6_nd_hdr(sk, buff, dev, &saddr_buf, &ipv6_hdr(skb)->saddr, 1457 IPPROTO_ICMPV6, len); 1458 1459 skb_set_transport_header(buff, skb_tail_pointer(buff) - buff->data); 1460 skb_put(buff, len); 1461 icmph = icmp6_hdr(buff); 1462 1463 memset(icmph, 0, sizeof(struct icmp6hdr)); 1464 icmph->icmp6_type = NDISC_REDIRECT; 1465 1466 /* 1467 * copy target and destination addresses 1468 */ 1469 1470 addrp = (struct in6_addr *)(icmph + 1); 1471 *addrp = *target; 1472 addrp++; 1473 *addrp = ipv6_hdr(skb)->daddr; 1474 1475 opt = (u8*) (addrp + 1); 1476 1477 /* 1478 * include target_address option 1479 */ 1480 1481 if (ha) 1482 opt = ndisc_fill_addr_option(opt, ND_OPT_TARGET_LL_ADDR, ha, 1483 dev->addr_len, dev->type); 1484 1485 /* 1486 * build redirect option and copy skb over to the new packet. 1487 */ 1488 1489 memset(opt, 0, 8); 1490 *(opt++) = ND_OPT_REDIRECT_HDR; 1491 *(opt++) = (rd_len >> 3); 1492 opt += 6; 1493 1494 memcpy(opt, ipv6_hdr(skb), rd_len - 8); 1495 1496 icmph->icmp6_cksum = csum_ipv6_magic(&saddr_buf, &ipv6_hdr(skb)->saddr, 1497 len, IPPROTO_ICMPV6, 1498 csum_partial(icmph, len, 0)); 1499 1500 skb_dst_set(buff, dst); 1501 rcu_read_lock(); 1502 idev = __in6_dev_get(dst->dev); 1503 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len); 1504 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, buff, NULL, dst->dev, 1505 dst_output); 1506 if (!err) { 1507 ICMP6MSGOUT_INC_STATS(net, idev, NDISC_REDIRECT); 1508 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS); 1509 } 1510 1511 rcu_read_unlock(); 1512 return; 1513 1514 release: 1515 dst_release(dst); 1516 } 1517 1518 static void pndisc_redo(struct sk_buff *skb) 1519 { 1520 ndisc_recv_ns(skb); 1521 kfree_skb(skb); 1522 } 1523 1524 int ndisc_rcv(struct sk_buff *skb) 1525 { 1526 struct nd_msg *msg; 1527 1528 if (!pskb_may_pull(skb, skb->len)) 1529 return 0; 1530 1531 msg = (struct nd_msg *)skb_transport_header(skb); 1532 1533 __skb_push(skb, skb->data - skb_transport_header(skb)); 1534 1535 if (ipv6_hdr(skb)->hop_limit != 255) { 1536 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n", 1537 ipv6_hdr(skb)->hop_limit); 1538 return 0; 1539 } 1540 1541 if (msg->icmph.icmp6_code != 0) { 1542 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n", 1543 msg->icmph.icmp6_code); 1544 return 0; 1545 } 1546 1547 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb)); 1548 1549 switch (msg->icmph.icmp6_type) { 1550 case NDISC_NEIGHBOUR_SOLICITATION: 1551 ndisc_recv_ns(skb); 1552 break; 1553 1554 case NDISC_NEIGHBOUR_ADVERTISEMENT: 1555 ndisc_recv_na(skb); 1556 break; 1557 1558 case NDISC_ROUTER_SOLICITATION: 1559 ndisc_recv_rs(skb); 1560 break; 1561 1562 case NDISC_ROUTER_ADVERTISEMENT: 1563 ndisc_router_discovery(skb); 1564 break; 1565 1566 case NDISC_REDIRECT: 1567 ndisc_redirect_rcv(skb); 1568 break; 1569 } 1570 1571 return 0; 1572 } 1573 1574 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr) 1575 { 1576 struct net_device *dev = ptr; 1577 struct net *net = dev_net(dev); 1578 1579 switch (event) { 1580 case NETDEV_CHANGEADDR: 1581 neigh_changeaddr(&nd_tbl, dev); 1582 fib6_run_gc(~0UL, net); 1583 break; 1584 case NETDEV_DOWN: 1585 neigh_ifdown(&nd_tbl, dev); 1586 fib6_run_gc(~0UL, net); 1587 break; 1588 case NETDEV_NOTIFY_PEERS: 1589 ndisc_send_unsol_na(dev); 1590 break; 1591 default: 1592 break; 1593 } 1594 1595 return NOTIFY_DONE; 1596 } 1597 1598 static struct notifier_block ndisc_netdev_notifier = { 1599 .notifier_call = ndisc_netdev_event, 1600 }; 1601 1602 #ifdef CONFIG_SYSCTL 1603 static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl, 1604 const char *func, const char *dev_name) 1605 { 1606 static char warncomm[TASK_COMM_LEN]; 1607 static int warned; 1608 if (strcmp(warncomm, current->comm) && warned < 5) { 1609 strcpy(warncomm, current->comm); 1610 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n", 1611 warncomm, func, 1612 dev_name, ctl->procname, 1613 dev_name, ctl->procname); 1614 warned++; 1615 } 1616 } 1617 1618 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos) 1619 { 1620 struct net_device *dev = ctl->extra1; 1621 struct inet6_dev *idev; 1622 int ret; 1623 1624 if ((strcmp(ctl->procname, "retrans_time") == 0) || 1625 (strcmp(ctl->procname, "base_reachable_time") == 0)) 1626 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default"); 1627 1628 if (strcmp(ctl->procname, "retrans_time") == 0) 1629 ret = proc_dointvec(ctl, write, buffer, lenp, ppos); 1630 1631 else if (strcmp(ctl->procname, "base_reachable_time") == 0) 1632 ret = proc_dointvec_jiffies(ctl, write, 1633 buffer, lenp, ppos); 1634 1635 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) || 1636 (strcmp(ctl->procname, "base_reachable_time_ms") == 0)) 1637 ret = proc_dointvec_ms_jiffies(ctl, write, 1638 buffer, lenp, ppos); 1639 else 1640 ret = -1; 1641 1642 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) { 1643 if (ctl->data == &idev->nd_parms->base_reachable_time) 1644 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time); 1645 idev->tstamp = jiffies; 1646 inet6_ifinfo_notify(RTM_NEWLINK, idev); 1647 in6_dev_put(idev); 1648 } 1649 return ret; 1650 } 1651 1652 1653 #endif 1654 1655 static int __net_init ndisc_net_init(struct net *net) 1656 { 1657 struct ipv6_pinfo *np; 1658 struct sock *sk; 1659 int err; 1660 1661 err = inet_ctl_sock_create(&sk, PF_INET6, 1662 SOCK_RAW, IPPROTO_ICMPV6, net); 1663 if (err < 0) { 1664 ND_PRINTK(0, err, 1665 "NDISC: Failed to initialize the control socket (err %d)\n", 1666 err); 1667 return err; 1668 } 1669 1670 net->ipv6.ndisc_sk = sk; 1671 1672 np = inet6_sk(sk); 1673 np->hop_limit = 255; 1674 /* Do not loopback ndisc messages */ 1675 np->mc_loop = 0; 1676 1677 return 0; 1678 } 1679 1680 static void __net_exit ndisc_net_exit(struct net *net) 1681 { 1682 inet_ctl_sock_destroy(net->ipv6.ndisc_sk); 1683 } 1684 1685 static struct pernet_operations ndisc_net_ops = { 1686 .init = ndisc_net_init, 1687 .exit = ndisc_net_exit, 1688 }; 1689 1690 int __init ndisc_init(void) 1691 { 1692 int err; 1693 1694 err = register_pernet_subsys(&ndisc_net_ops); 1695 if (err) 1696 return err; 1697 /* 1698 * Initialize the neighbour table 1699 */ 1700 neigh_table_init(&nd_tbl); 1701 1702 #ifdef CONFIG_SYSCTL 1703 err = neigh_sysctl_register(NULL, &nd_tbl.parms, "ipv6", 1704 &ndisc_ifinfo_sysctl_change); 1705 if (err) 1706 goto out_unregister_pernet; 1707 #endif 1708 err = register_netdevice_notifier(&ndisc_netdev_notifier); 1709 if (err) 1710 goto out_unregister_sysctl; 1711 out: 1712 return err; 1713 1714 out_unregister_sysctl: 1715 #ifdef CONFIG_SYSCTL 1716 neigh_sysctl_unregister(&nd_tbl.parms); 1717 out_unregister_pernet: 1718 #endif 1719 unregister_pernet_subsys(&ndisc_net_ops); 1720 goto out; 1721 } 1722 1723 void ndisc_cleanup(void) 1724 { 1725 unregister_netdevice_notifier(&ndisc_netdev_notifier); 1726 #ifdef CONFIG_SYSCTL 1727 neigh_sysctl_unregister(&nd_tbl.parms); 1728 #endif 1729 neigh_table_clear(&nd_tbl); 1730 unregister_pernet_subsys(&ndisc_net_ops); 1731 } 1732