1 /*
2 * Neighbour Discovery for IPv6
3 * Linux INET6 implementation
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 * Mike Shaver <shaver@ingenia.com>
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version
12 * 2 of the License, or (at your option) any later version.
13 */
14
15 /*
16 * Changes:
17 *
18 * Alexey I. Froloff : RFC6106 (DNSSL) support
19 * Pierre Ynard : export userland ND options
20 * through netlink (RDNSS support)
21 * Lars Fenneberg : fixed MTU setting on receipt
22 * of an RA.
23 * Janos Farkas : kmalloc failure checks
24 * Alexey Kuznetsov : state machine reworked
25 * and moved to net/core.
26 * Pekka Savola : RFC2461 validation
27 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly
28 */
29
30 #define pr_fmt(fmt) "ICMPv6: " fmt
31
32 #include <linux/module.h>
33 #include <linux/errno.h>
34 #include <linux/types.h>
35 #include <linux/socket.h>
36 #include <linux/sockios.h>
37 #include <linux/sched.h>
38 #include <linux/net.h>
39 #include <linux/in6.h>
40 #include <linux/route.h>
41 #include <linux/init.h>
42 #include <linux/rcupdate.h>
43 #include <linux/slab.h>
44 #ifdef CONFIG_SYSCTL
45 #include <linux/sysctl.h>
46 #endif
47
48 #include <linux/if_addr.h>
49 #include <linux/if_arp.h>
50 #include <linux/ipv6.h>
51 #include <linux/icmpv6.h>
52 #include <linux/jhash.h>
53
54 #include <net/sock.h>
55 #include <net/snmp.h>
56
57 #include <net/ipv6.h>
58 #include <net/protocol.h>
59 #include <net/ndisc.h>
60 #include <net/ip6_route.h>
61 #include <net/addrconf.h>
62 #include <net/icmp.h>
63
64 #include <net/netlink.h>
65 #include <linux/rtnetlink.h>
66
67 #include <net/flow.h>
68 #include <net/ip6_checksum.h>
69 #include <net/inet_common.h>
70 #include <linux/proc_fs.h>
71
72 #include <linux/netfilter.h>
73 #include <linux/netfilter_ipv6.h>
74
75 /* Set to 3 to get tracing... */
76 #define ND_DEBUG 1
77
78 #define ND_PRINTK(val, level, fmt, ...) \
79 do { \
80 if (val <= ND_DEBUG) \
81 net_##level##_ratelimited(fmt, ##__VA_ARGS__); \
82 } while (0)
83
84 static u32 ndisc_hash(const void *pkey,
85 const struct net_device *dev,
86 __u32 *hash_rnd);
87 static int ndisc_constructor(struct neighbour *neigh);
88 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
89 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
90 static int pndisc_constructor(struct pneigh_entry *n);
91 static void pndisc_destructor(struct pneigh_entry *n);
92 static void pndisc_redo(struct sk_buff *skb);
93
94 static const struct neigh_ops ndisc_generic_ops = {
95 .family = AF_INET6,
96 .solicit = ndisc_solicit,
97 .error_report = ndisc_error_report,
98 .output = neigh_resolve_output,
99 .connected_output = neigh_connected_output,
100 };
101
102 static const struct neigh_ops ndisc_hh_ops = {
103 .family = AF_INET6,
104 .solicit = ndisc_solicit,
105 .error_report = ndisc_error_report,
106 .output = neigh_resolve_output,
107 .connected_output = neigh_resolve_output,
108 };
109
110
111 static const struct neigh_ops ndisc_direct_ops = {
112 .family = AF_INET6,
113 .output = neigh_direct_output,
114 .connected_output = neigh_direct_output,
115 };
116
117 struct neigh_table nd_tbl = {
118 .family = AF_INET6,
119 .key_len = sizeof(struct in6_addr),
120 .hash = ndisc_hash,
121 .constructor = ndisc_constructor,
122 .pconstructor = pndisc_constructor,
123 .pdestructor = pndisc_destructor,
124 .proxy_redo = pndisc_redo,
125 .id = "ndisc_cache",
126 .parms = {
127 .tbl = &nd_tbl,
128 .base_reachable_time = ND_REACHABLE_TIME,
129 .retrans_time = ND_RETRANS_TIMER,
130 .gc_staletime = 60 * HZ,
131 .reachable_time = ND_REACHABLE_TIME,
132 .delay_probe_time = 5 * HZ,
133 .queue_len_bytes = 64*1024,
134 .ucast_probes = 3,
135 .mcast_probes = 3,
136 .anycast_delay = 1 * HZ,
137 .proxy_delay = (8 * HZ) / 10,
138 .proxy_qlen = 64,
139 },
140 .gc_interval = 30 * HZ,
141 .gc_thresh1 = 128,
142 .gc_thresh2 = 512,
143 .gc_thresh3 = 1024,
144 };
145
ndisc_fill_addr_option(struct sk_buff * skb,int type,void * data)146 static void ndisc_fill_addr_option(struct sk_buff *skb, int type, void *data)
147 {
148 int pad = ndisc_addr_option_pad(skb->dev->type);
149 int data_len = skb->dev->addr_len;
150 int space = ndisc_opt_addr_space(skb->dev);
151 u8 *opt = skb_put(skb, space);
152
153 opt[0] = type;
154 opt[1] = space>>3;
155
156 memset(opt + 2, 0, pad);
157 opt += pad;
158 space -= pad;
159
160 memcpy(opt+2, data, data_len);
161 data_len += 2;
162 opt += data_len;
163 if ((space -= data_len) > 0)
164 memset(opt, 0, space);
165 }
166
ndisc_next_option(struct nd_opt_hdr * cur,struct nd_opt_hdr * end)167 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
168 struct nd_opt_hdr *end)
169 {
170 int type;
171 if (!cur || !end || cur >= end)
172 return NULL;
173 type = cur->nd_opt_type;
174 do {
175 cur = ((void *)cur) + (cur->nd_opt_len << 3);
176 } while(cur < end && cur->nd_opt_type != type);
177 return cur <= end && cur->nd_opt_type == type ? cur : NULL;
178 }
179
ndisc_is_useropt(struct nd_opt_hdr * opt)180 static inline int ndisc_is_useropt(struct nd_opt_hdr *opt)
181 {
182 return opt->nd_opt_type == ND_OPT_RDNSS ||
183 opt->nd_opt_type == ND_OPT_DNSSL;
184 }
185
ndisc_next_useropt(struct nd_opt_hdr * cur,struct nd_opt_hdr * end)186 static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur,
187 struct nd_opt_hdr *end)
188 {
189 if (!cur || !end || cur >= end)
190 return NULL;
191 do {
192 cur = ((void *)cur) + (cur->nd_opt_len << 3);
193 } while(cur < end && !ndisc_is_useropt(cur));
194 return cur <= end && ndisc_is_useropt(cur) ? cur : NULL;
195 }
196
ndisc_parse_options(u8 * opt,int opt_len,struct ndisc_options * ndopts)197 struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
198 struct ndisc_options *ndopts)
199 {
200 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
201
202 if (!nd_opt || opt_len < 0 || !ndopts)
203 return NULL;
204 memset(ndopts, 0, sizeof(*ndopts));
205 while (opt_len) {
206 int l;
207 if (opt_len < sizeof(struct nd_opt_hdr))
208 return NULL;
209 l = nd_opt->nd_opt_len << 3;
210 if (opt_len < l || l == 0)
211 return NULL;
212 switch (nd_opt->nd_opt_type) {
213 case ND_OPT_SOURCE_LL_ADDR:
214 case ND_OPT_TARGET_LL_ADDR:
215 case ND_OPT_MTU:
216 case ND_OPT_REDIRECT_HDR:
217 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
218 ND_PRINTK(2, warn,
219 "%s: duplicated ND6 option found: type=%d\n",
220 __func__, nd_opt->nd_opt_type);
221 } else {
222 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
223 }
224 break;
225 case ND_OPT_PREFIX_INFO:
226 ndopts->nd_opts_pi_end = nd_opt;
227 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
228 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
229 break;
230 #ifdef CONFIG_IPV6_ROUTE_INFO
231 case ND_OPT_ROUTE_INFO:
232 ndopts->nd_opts_ri_end = nd_opt;
233 if (!ndopts->nd_opts_ri)
234 ndopts->nd_opts_ri = nd_opt;
235 break;
236 #endif
237 default:
238 if (ndisc_is_useropt(nd_opt)) {
239 ndopts->nd_useropts_end = nd_opt;
240 if (!ndopts->nd_useropts)
241 ndopts->nd_useropts = nd_opt;
242 } else {
243 /*
244 * Unknown options must be silently ignored,
245 * to accommodate future extension to the
246 * protocol.
247 */
248 ND_PRINTK(2, notice,
249 "%s: ignored unsupported option; type=%d, len=%d\n",
250 __func__,
251 nd_opt->nd_opt_type,
252 nd_opt->nd_opt_len);
253 }
254 }
255 opt_len -= l;
256 nd_opt = ((void *)nd_opt) + l;
257 }
258 return ndopts;
259 }
260
ndisc_mc_map(const struct in6_addr * addr,char * buf,struct net_device * dev,int dir)261 int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
262 {
263 switch (dev->type) {
264 case ARPHRD_ETHER:
265 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */
266 case ARPHRD_FDDI:
267 ipv6_eth_mc_map(addr, buf);
268 return 0;
269 case ARPHRD_ARCNET:
270 ipv6_arcnet_mc_map(addr, buf);
271 return 0;
272 case ARPHRD_INFINIBAND:
273 ipv6_ib_mc_map(addr, dev->broadcast, buf);
274 return 0;
275 case ARPHRD_IPGRE:
276 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
277 default:
278 if (dir) {
279 memcpy(buf, dev->broadcast, dev->addr_len);
280 return 0;
281 }
282 }
283 return -EINVAL;
284 }
285
286 EXPORT_SYMBOL(ndisc_mc_map);
287
ndisc_hash(const void * pkey,const struct net_device * dev,__u32 * hash_rnd)288 static u32 ndisc_hash(const void *pkey,
289 const struct net_device *dev,
290 __u32 *hash_rnd)
291 {
292 return ndisc_hashfn(pkey, dev, hash_rnd);
293 }
294
ndisc_constructor(struct neighbour * neigh)295 static int ndisc_constructor(struct neighbour *neigh)
296 {
297 struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key;
298 struct net_device *dev = neigh->dev;
299 struct inet6_dev *in6_dev;
300 struct neigh_parms *parms;
301 bool is_multicast = ipv6_addr_is_multicast(addr);
302
303 in6_dev = in6_dev_get(dev);
304 if (in6_dev == NULL) {
305 return -EINVAL;
306 }
307
308 parms = in6_dev->nd_parms;
309 __neigh_parms_put(neigh->parms);
310 neigh->parms = neigh_parms_clone(parms);
311
312 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
313 if (!dev->header_ops) {
314 neigh->nud_state = NUD_NOARP;
315 neigh->ops = &ndisc_direct_ops;
316 neigh->output = neigh_direct_output;
317 } else {
318 if (is_multicast) {
319 neigh->nud_state = NUD_NOARP;
320 ndisc_mc_map(addr, neigh->ha, dev, 1);
321 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
322 neigh->nud_state = NUD_NOARP;
323 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
324 if (dev->flags&IFF_LOOPBACK)
325 neigh->type = RTN_LOCAL;
326 } else if (dev->flags&IFF_POINTOPOINT) {
327 neigh->nud_state = NUD_NOARP;
328 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
329 }
330 if (dev->header_ops->cache)
331 neigh->ops = &ndisc_hh_ops;
332 else
333 neigh->ops = &ndisc_generic_ops;
334 if (neigh->nud_state&NUD_VALID)
335 neigh->output = neigh->ops->connected_output;
336 else
337 neigh->output = neigh->ops->output;
338 }
339 in6_dev_put(in6_dev);
340 return 0;
341 }
342
pndisc_constructor(struct pneigh_entry * n)343 static int pndisc_constructor(struct pneigh_entry *n)
344 {
345 struct in6_addr *addr = (struct in6_addr*)&n->key;
346 struct in6_addr maddr;
347 struct net_device *dev = n->dev;
348
349 if (dev == NULL || __in6_dev_get(dev) == NULL)
350 return -EINVAL;
351 addrconf_addr_solict_mult(addr, &maddr);
352 ipv6_dev_mc_inc(dev, &maddr);
353 return 0;
354 }
355
pndisc_destructor(struct pneigh_entry * n)356 static void pndisc_destructor(struct pneigh_entry *n)
357 {
358 struct in6_addr *addr = (struct in6_addr*)&n->key;
359 struct in6_addr maddr;
360 struct net_device *dev = n->dev;
361
362 if (dev == NULL || __in6_dev_get(dev) == NULL)
363 return;
364 addrconf_addr_solict_mult(addr, &maddr);
365 ipv6_dev_mc_dec(dev, &maddr);
366 }
367
ndisc_alloc_skb(struct net_device * dev,int len)368 static struct sk_buff *ndisc_alloc_skb(struct net_device *dev,
369 int len)
370 {
371 int hlen = LL_RESERVED_SPACE(dev);
372 int tlen = dev->needed_tailroom;
373 struct sock *sk = dev_net(dev)->ipv6.ndisc_sk;
374 struct sk_buff *skb;
375 int err;
376
377 skb = sock_alloc_send_skb(sk,
378 hlen + sizeof(struct ipv6hdr) + len + tlen,
379 1, &err);
380 if (!skb) {
381 ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb, err=%d\n",
382 __func__, err);
383 return NULL;
384 }
385
386 skb->protocol = htons(ETH_P_IPV6);
387 skb->dev = dev;
388
389 skb_reserve(skb, hlen + sizeof(struct ipv6hdr));
390 skb_reset_transport_header(skb);
391
392 return skb;
393 }
394
ip6_nd_hdr(struct sk_buff * skb,const struct in6_addr * saddr,const struct in6_addr * daddr,int hop_limit,int len)395 static void ip6_nd_hdr(struct sk_buff *skb,
396 const struct in6_addr *saddr,
397 const struct in6_addr *daddr,
398 int hop_limit, int len)
399 {
400 struct ipv6hdr *hdr;
401
402 skb_push(skb, sizeof(*hdr));
403 skb_reset_network_header(skb);
404 hdr = ipv6_hdr(skb);
405
406 ip6_flow_hdr(hdr, 0, 0);
407
408 hdr->payload_len = htons(len);
409 hdr->nexthdr = IPPROTO_ICMPV6;
410 hdr->hop_limit = hop_limit;
411
412 hdr->saddr = *saddr;
413 hdr->daddr = *daddr;
414 }
415
ndisc_send_skb(struct sk_buff * skb,const struct in6_addr * daddr,const struct in6_addr * saddr)416 static void ndisc_send_skb(struct sk_buff *skb,
417 const struct in6_addr *daddr,
418 const struct in6_addr *saddr)
419 {
420 struct dst_entry *dst = skb_dst(skb);
421 struct net *net = dev_net(skb->dev);
422 struct sock *sk = net->ipv6.ndisc_sk;
423 struct inet6_dev *idev;
424 int err;
425 struct icmp6hdr *icmp6h = icmp6_hdr(skb);
426 u8 type;
427
428 type = icmp6h->icmp6_type;
429
430 if (!dst) {
431 struct sock *sk = net->ipv6.ndisc_sk;
432 struct flowi6 fl6;
433
434 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, skb->dev->ifindex);
435 dst = icmp6_dst_alloc(skb->dev, &fl6);
436 if (IS_ERR(dst)) {
437 kfree_skb(skb);
438 return;
439 }
440
441 skb_dst_set(skb, dst);
442 }
443
444 icmp6h->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len,
445 IPPROTO_ICMPV6,
446 csum_partial(icmp6h,
447 skb->len, 0));
448
449 ip6_nd_hdr(skb, saddr, daddr, inet6_sk(sk)->hop_limit, skb->len);
450
451 rcu_read_lock();
452 idev = __in6_dev_get(dst->dev);
453 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
454
455 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev,
456 dst_output);
457 if (!err) {
458 ICMP6MSGOUT_INC_STATS(net, idev, type);
459 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
460 }
461
462 rcu_read_unlock();
463 }
464
ndisc_send_na(struct net_device * dev,struct neighbour * neigh,const struct in6_addr * daddr,const struct in6_addr * solicited_addr,bool router,bool solicited,bool override,bool inc_opt)465 static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
466 const struct in6_addr *daddr,
467 const struct in6_addr *solicited_addr,
468 bool router, bool solicited, bool override, bool inc_opt)
469 {
470 struct sk_buff *skb;
471 struct in6_addr tmpaddr;
472 struct inet6_ifaddr *ifp;
473 const struct in6_addr *src_addr;
474 struct nd_msg *msg;
475 int optlen = 0;
476
477 /* for anycast or proxy, solicited_addr != src_addr */
478 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
479 if (ifp) {
480 src_addr = solicited_addr;
481 if (ifp->flags & IFA_F_OPTIMISTIC)
482 override = 0;
483 inc_opt |= ifp->idev->cnf.force_tllao;
484 in6_ifa_put(ifp);
485 } else {
486 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
487 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
488 &tmpaddr))
489 return;
490 src_addr = &tmpaddr;
491 }
492
493 if (!dev->addr_len)
494 inc_opt = 0;
495 if (inc_opt)
496 optlen += ndisc_opt_addr_space(dev);
497
498 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
499 if (!skb)
500 return;
501
502 msg = (struct nd_msg *)skb_put(skb, sizeof(*msg));
503 *msg = (struct nd_msg) {
504 .icmph = {
505 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
506 .icmp6_router = router,
507 .icmp6_solicited = solicited,
508 .icmp6_override = override,
509 },
510 .target = *solicited_addr,
511 };
512
513 if (inc_opt)
514 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR,
515 dev->dev_addr);
516
517
518 ndisc_send_skb(skb, daddr, src_addr);
519 }
520
ndisc_send_unsol_na(struct net_device * dev)521 static void ndisc_send_unsol_na(struct net_device *dev)
522 {
523 struct inet6_dev *idev;
524 struct inet6_ifaddr *ifa;
525
526 idev = in6_dev_get(dev);
527 if (!idev)
528 return;
529
530 read_lock_bh(&idev->lock);
531 list_for_each_entry(ifa, &idev->addr_list, if_list) {
532 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &ifa->addr,
533 /*router=*/ !!idev->cnf.forwarding,
534 /*solicited=*/ false, /*override=*/ true,
535 /*inc_opt=*/ true);
536 }
537 read_unlock_bh(&idev->lock);
538
539 in6_dev_put(idev);
540 }
541
ndisc_send_ns(struct net_device * dev,struct neighbour * neigh,const struct in6_addr * solicit,const struct in6_addr * daddr,const struct in6_addr * saddr)542 void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh,
543 const struct in6_addr *solicit,
544 const struct in6_addr *daddr, const struct in6_addr *saddr)
545 {
546 struct sk_buff *skb;
547 struct in6_addr addr_buf;
548 int inc_opt = dev->addr_len;
549 int optlen = 0;
550 struct nd_msg *msg;
551
552 if (saddr == NULL) {
553 if (ipv6_get_lladdr(dev, &addr_buf,
554 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
555 return;
556 saddr = &addr_buf;
557 }
558
559 if (ipv6_addr_any(saddr))
560 inc_opt = 0;
561 if (inc_opt)
562 optlen += ndisc_opt_addr_space(dev);
563
564 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
565 if (!skb)
566 return;
567
568 msg = (struct nd_msg *)skb_put(skb, sizeof(*msg));
569 *msg = (struct nd_msg) {
570 .icmph = {
571 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
572 },
573 .target = *solicit,
574 };
575
576 if (inc_opt)
577 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
578 dev->dev_addr);
579
580 ndisc_send_skb(skb, daddr, saddr);
581 }
582
ndisc_send_rs(struct net_device * dev,const struct in6_addr * saddr,const struct in6_addr * daddr)583 void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
584 const struct in6_addr *daddr)
585 {
586 struct sk_buff *skb;
587 struct rs_msg *msg;
588 int send_sllao = dev->addr_len;
589 int optlen = 0;
590
591 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
592 /*
593 * According to section 2.2 of RFC 4429, we must not
594 * send router solicitations with a sllao from
595 * optimistic addresses, but we may send the solicitation
596 * if we don't include the sllao. So here we check
597 * if our address is optimistic, and if so, we
598 * suppress the inclusion of the sllao.
599 */
600 if (send_sllao) {
601 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
602 dev, 1);
603 if (ifp) {
604 if (ifp->flags & IFA_F_OPTIMISTIC) {
605 send_sllao = 0;
606 }
607 in6_ifa_put(ifp);
608 } else {
609 send_sllao = 0;
610 }
611 }
612 #endif
613 if (send_sllao)
614 optlen += ndisc_opt_addr_space(dev);
615
616 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
617 if (!skb)
618 return;
619
620 msg = (struct rs_msg *)skb_put(skb, sizeof(*msg));
621 *msg = (struct rs_msg) {
622 .icmph = {
623 .icmp6_type = NDISC_ROUTER_SOLICITATION,
624 },
625 };
626
627 if (send_sllao)
628 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
629 dev->dev_addr);
630
631 ndisc_send_skb(skb, daddr, saddr);
632 }
633
634
ndisc_error_report(struct neighbour * neigh,struct sk_buff * skb)635 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
636 {
637 /*
638 * "The sender MUST return an ICMP
639 * destination unreachable"
640 */
641 dst_link_failure(skb);
642 kfree_skb(skb);
643 }
644
645 /* Called with locked neigh: either read or both */
646
ndisc_solicit(struct neighbour * neigh,struct sk_buff * skb)647 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
648 {
649 struct in6_addr *saddr = NULL;
650 struct in6_addr mcaddr;
651 struct net_device *dev = neigh->dev;
652 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
653 int probes = atomic_read(&neigh->probes);
654
655 if (skb && ipv6_chk_addr(dev_net(dev), &ipv6_hdr(skb)->saddr, dev, 1))
656 saddr = &ipv6_hdr(skb)->saddr;
657
658 if ((probes -= neigh->parms->ucast_probes) < 0) {
659 if (!(neigh->nud_state & NUD_VALID)) {
660 ND_PRINTK(1, dbg,
661 "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
662 __func__, target);
663 }
664 ndisc_send_ns(dev, neigh, target, target, saddr);
665 } else if ((probes -= neigh->parms->app_probes) < 0) {
666 #ifdef CONFIG_ARPD
667 neigh_app_ns(neigh);
668 #endif
669 } else {
670 addrconf_addr_solict_mult(target, &mcaddr);
671 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr);
672 }
673 }
674
pndisc_is_router(const void * pkey,struct net_device * dev)675 static int pndisc_is_router(const void *pkey,
676 struct net_device *dev)
677 {
678 struct pneigh_entry *n;
679 int ret = -1;
680
681 read_lock_bh(&nd_tbl.lock);
682 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
683 if (n)
684 ret = !!(n->flags & NTF_ROUTER);
685 read_unlock_bh(&nd_tbl.lock);
686
687 return ret;
688 }
689
ndisc_recv_ns(struct sk_buff * skb)690 static void ndisc_recv_ns(struct sk_buff *skb)
691 {
692 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
693 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
694 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
695 u8 *lladdr = NULL;
696 u32 ndoptlen = skb->tail - (skb->transport_header +
697 offsetof(struct nd_msg, opt));
698 struct ndisc_options ndopts;
699 struct net_device *dev = skb->dev;
700 struct inet6_ifaddr *ifp;
701 struct inet6_dev *idev = NULL;
702 struct neighbour *neigh;
703 int dad = ipv6_addr_any(saddr);
704 bool inc;
705 int is_router = -1;
706
707 if (skb->len < sizeof(struct nd_msg)) {
708 ND_PRINTK(2, warn, "NS: packet too short\n");
709 return;
710 }
711
712 if (ipv6_addr_is_multicast(&msg->target)) {
713 ND_PRINTK(2, warn, "NS: multicast target address\n");
714 return;
715 }
716
717 /*
718 * RFC2461 7.1.1:
719 * DAD has to be destined for solicited node multicast address.
720 */
721 if (dad && !ipv6_addr_is_solict_mult(daddr)) {
722 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
723 return;
724 }
725
726 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
727 ND_PRINTK(2, warn, "NS: invalid ND options\n");
728 return;
729 }
730
731 if (ndopts.nd_opts_src_lladdr) {
732 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
733 if (!lladdr) {
734 ND_PRINTK(2, warn,
735 "NS: invalid link-layer address length\n");
736 return;
737 }
738
739 /* RFC2461 7.1.1:
740 * If the IP source address is the unspecified address,
741 * there MUST NOT be source link-layer address option
742 * in the message.
743 */
744 if (dad) {
745 ND_PRINTK(2, warn,
746 "NS: bad DAD packet (link-layer address option)\n");
747 return;
748 }
749 }
750
751 inc = ipv6_addr_is_multicast(daddr);
752
753 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
754 if (ifp) {
755
756 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
757 if (dad) {
758 /*
759 * We are colliding with another node
760 * who is doing DAD
761 * so fail our DAD process
762 */
763 addrconf_dad_failure(ifp);
764 return;
765 } else {
766 /*
767 * This is not a dad solicitation.
768 * If we are an optimistic node,
769 * we should respond.
770 * Otherwise, we should ignore it.
771 */
772 if (!(ifp->flags & IFA_F_OPTIMISTIC))
773 goto out;
774 }
775 }
776
777 idev = ifp->idev;
778 } else {
779 struct net *net = dev_net(dev);
780
781 idev = in6_dev_get(dev);
782 if (!idev) {
783 /* XXX: count this drop? */
784 return;
785 }
786
787 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
788 (idev->cnf.forwarding &&
789 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
790 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
791 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
792 skb->pkt_type != PACKET_HOST &&
793 inc != 0 &&
794 idev->nd_parms->proxy_delay != 0) {
795 /*
796 * for anycast or proxy,
797 * sender should delay its response
798 * by a random time between 0 and
799 * MAX_ANYCAST_DELAY_TIME seconds.
800 * (RFC2461) -- yoshfuji
801 */
802 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
803 if (n)
804 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
805 goto out;
806 }
807 } else
808 goto out;
809 }
810
811 if (is_router < 0)
812 is_router = idev->cnf.forwarding;
813
814 if (dad) {
815 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &msg->target,
816 !!is_router, false, (ifp != NULL), true);
817 goto out;
818 }
819
820 if (inc)
821 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
822 else
823 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
824
825 /*
826 * update / create cache entry
827 * for the source address
828 */
829 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
830 !inc || lladdr || !dev->addr_len);
831 if (neigh)
832 neigh_update(neigh, lladdr, NUD_STALE,
833 NEIGH_UPDATE_F_WEAK_OVERRIDE|
834 NEIGH_UPDATE_F_OVERRIDE);
835 if (neigh || !dev->header_ops) {
836 ndisc_send_na(dev, neigh, saddr, &msg->target,
837 !!is_router,
838 true, (ifp != NULL && inc), inc);
839 if (neigh)
840 neigh_release(neigh);
841 }
842
843 out:
844 if (ifp)
845 in6_ifa_put(ifp);
846 else
847 in6_dev_put(idev);
848 }
849
ndisc_recv_na(struct sk_buff * skb)850 static void ndisc_recv_na(struct sk_buff *skb)
851 {
852 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
853 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
854 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
855 u8 *lladdr = NULL;
856 u32 ndoptlen = skb->tail - (skb->transport_header +
857 offsetof(struct nd_msg, opt));
858 struct ndisc_options ndopts;
859 struct net_device *dev = skb->dev;
860 struct inet6_ifaddr *ifp;
861 struct neighbour *neigh;
862
863 if (skb->len < sizeof(struct nd_msg)) {
864 ND_PRINTK(2, warn, "NA: packet too short\n");
865 return;
866 }
867
868 if (ipv6_addr_is_multicast(&msg->target)) {
869 ND_PRINTK(2, warn, "NA: target address is multicast\n");
870 return;
871 }
872
873 if (ipv6_addr_is_multicast(daddr) &&
874 msg->icmph.icmp6_solicited) {
875 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
876 return;
877 }
878
879 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
880 ND_PRINTK(2, warn, "NS: invalid ND option\n");
881 return;
882 }
883 if (ndopts.nd_opts_tgt_lladdr) {
884 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
885 if (!lladdr) {
886 ND_PRINTK(2, warn,
887 "NA: invalid link-layer address length\n");
888 return;
889 }
890 }
891 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
892 if (ifp) {
893 if (skb->pkt_type != PACKET_LOOPBACK
894 && (ifp->flags & IFA_F_TENTATIVE)) {
895 addrconf_dad_failure(ifp);
896 return;
897 }
898 /* What should we make now? The advertisement
899 is invalid, but ndisc specs say nothing
900 about it. It could be misconfiguration, or
901 an smart proxy agent tries to help us :-)
902
903 We should not print the error if NA has been
904 received from loopback - it is just our own
905 unsolicited advertisement.
906 */
907 if (skb->pkt_type != PACKET_LOOPBACK)
908 ND_PRINTK(1, warn,
909 "NA: someone advertises our address %pI6 on %s!\n",
910 &ifp->addr, ifp->idev->dev->name);
911 in6_ifa_put(ifp);
912 return;
913 }
914 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
915
916 if (neigh) {
917 u8 old_flags = neigh->flags;
918 struct net *net = dev_net(dev);
919
920 if (neigh->nud_state & NUD_FAILED)
921 goto out;
922
923 /*
924 * Don't update the neighbor cache entry on a proxy NA from
925 * ourselves because either the proxied node is off link or it
926 * has already sent a NA to us.
927 */
928 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
929 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
930 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
931 /* XXX: idev->cnf.proxy_ndp */
932 goto out;
933 }
934
935 neigh_update(neigh, lladdr,
936 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
937 NEIGH_UPDATE_F_WEAK_OVERRIDE|
938 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
939 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
940 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0));
941
942 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
943 /*
944 * Change: router to host
945 */
946 struct rt6_info *rt;
947 rt = rt6_get_dflt_router(saddr, dev);
948 if (rt)
949 ip6_del_rt(rt);
950 }
951
952 out:
953 neigh_release(neigh);
954 }
955 }
956
ndisc_recv_rs(struct sk_buff * skb)957 static void ndisc_recv_rs(struct sk_buff *skb)
958 {
959 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
960 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
961 struct neighbour *neigh;
962 struct inet6_dev *idev;
963 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
964 struct ndisc_options ndopts;
965 u8 *lladdr = NULL;
966
967 if (skb->len < sizeof(*rs_msg))
968 return;
969
970 idev = __in6_dev_get(skb->dev);
971 if (!idev) {
972 ND_PRINTK(1, err, "RS: can't find in6 device\n");
973 return;
974 }
975
976 /* Don't accept RS if we're not in router mode */
977 if (!idev->cnf.forwarding)
978 goto out;
979
980 /*
981 * Don't update NCE if src = ::;
982 * this implies that the source node has no ip address assigned yet.
983 */
984 if (ipv6_addr_any(saddr))
985 goto out;
986
987 /* Parse ND options */
988 if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) {
989 ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n");
990 goto out;
991 }
992
993 if (ndopts.nd_opts_src_lladdr) {
994 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
995 skb->dev);
996 if (!lladdr)
997 goto out;
998 }
999
1000 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1001 if (neigh) {
1002 neigh_update(neigh, lladdr, NUD_STALE,
1003 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1004 NEIGH_UPDATE_F_OVERRIDE|
1005 NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
1006 neigh_release(neigh);
1007 }
1008 out:
1009 return;
1010 }
1011
ndisc_ra_useropt(struct sk_buff * ra,struct nd_opt_hdr * opt)1012 static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1013 {
1014 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1015 struct sk_buff *skb;
1016 struct nlmsghdr *nlh;
1017 struct nduseroptmsg *ndmsg;
1018 struct net *net = dev_net(ra->dev);
1019 int err;
1020 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1021 + (opt->nd_opt_len << 3));
1022 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1023
1024 skb = nlmsg_new(msg_size, GFP_ATOMIC);
1025 if (skb == NULL) {
1026 err = -ENOBUFS;
1027 goto errout;
1028 }
1029
1030 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1031 if (nlh == NULL) {
1032 goto nla_put_failure;
1033 }
1034
1035 ndmsg = nlmsg_data(nlh);
1036 ndmsg->nduseropt_family = AF_INET6;
1037 ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1038 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1039 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1040 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1041
1042 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1043
1044 if (nla_put(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr),
1045 &ipv6_hdr(ra)->saddr))
1046 goto nla_put_failure;
1047 nlmsg_end(skb, nlh);
1048
1049 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1050 return;
1051
1052 nla_put_failure:
1053 nlmsg_free(skb);
1054 err = -EMSGSIZE;
1055 errout:
1056 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1057 }
1058
ndisc_router_discovery(struct sk_buff * skb)1059 static void ndisc_router_discovery(struct sk_buff *skb)
1060 {
1061 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1062 struct neighbour *neigh = NULL;
1063 struct inet6_dev *in6_dev;
1064 struct rt6_info *rt = NULL;
1065 int lifetime;
1066 struct ndisc_options ndopts;
1067 int optlen;
1068 unsigned int pref = 0;
1069
1070 __u8 * opt = (__u8 *)(ra_msg + 1);
1071
1072 optlen = (skb->tail - skb->transport_header) - sizeof(struct ra_msg);
1073
1074 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1075 ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1076 return;
1077 }
1078 if (optlen < 0) {
1079 ND_PRINTK(2, warn, "RA: packet too short\n");
1080 return;
1081 }
1082
1083 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1084 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1085 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
1086 return;
1087 }
1088 #endif
1089
1090 /*
1091 * set the RA_RECV flag in the interface
1092 */
1093
1094 in6_dev = __in6_dev_get(skb->dev);
1095 if (in6_dev == NULL) {
1096 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1097 skb->dev->name);
1098 return;
1099 }
1100
1101 if (!ndisc_parse_options(opt, optlen, &ndopts)) {
1102 ND_PRINTK(2, warn, "RA: invalid ND options\n");
1103 return;
1104 }
1105
1106 if (!ipv6_accept_ra(in6_dev))
1107 goto skip_linkparms;
1108
1109 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1110 /* skip link-specific parameters from interior routers */
1111 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1112 goto skip_linkparms;
1113 #endif
1114
1115 if (in6_dev->if_flags & IF_RS_SENT) {
1116 /*
1117 * flag that an RA was received after an RS was sent
1118 * out on this interface.
1119 */
1120 in6_dev->if_flags |= IF_RA_RCVD;
1121 }
1122
1123 /*
1124 * Remember the managed/otherconf flags from most recently
1125 * received RA message (RFC 2462) -- yoshfuji
1126 */
1127 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1128 IF_RA_OTHERCONF)) |
1129 (ra_msg->icmph.icmp6_addrconf_managed ?
1130 IF_RA_MANAGED : 0) |
1131 (ra_msg->icmph.icmp6_addrconf_other ?
1132 IF_RA_OTHERCONF : 0);
1133
1134 if (!in6_dev->cnf.accept_ra_defrtr)
1135 goto skip_defrtr;
1136
1137 if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0))
1138 goto skip_defrtr;
1139
1140 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1141
1142 #ifdef CONFIG_IPV6_ROUTER_PREF
1143 pref = ra_msg->icmph.icmp6_router_pref;
1144 /* 10b is handled as if it were 00b (medium) */
1145 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1146 !in6_dev->cnf.accept_ra_rtr_pref)
1147 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1148 #endif
1149
1150 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1151
1152 if (rt) {
1153 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1154 if (!neigh) {
1155 ND_PRINTK(0, err,
1156 "RA: %s got default router without neighbour\n",
1157 __func__);
1158 ip6_rt_put(rt);
1159 return;
1160 }
1161 }
1162 if (rt && lifetime == 0) {
1163 ip6_del_rt(rt);
1164 rt = NULL;
1165 }
1166
1167 if (rt == NULL && lifetime) {
1168 ND_PRINTK(3, dbg, "RA: adding default router\n");
1169
1170 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
1171 if (rt == NULL) {
1172 ND_PRINTK(0, err,
1173 "RA: %s failed to add default route\n",
1174 __func__);
1175 return;
1176 }
1177
1178 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1179 if (neigh == NULL) {
1180 ND_PRINTK(0, err,
1181 "RA: %s got default router without neighbour\n",
1182 __func__);
1183 ip6_rt_put(rt);
1184 return;
1185 }
1186 neigh->flags |= NTF_ROUTER;
1187 } else if (rt) {
1188 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1189 }
1190
1191 if (rt)
1192 rt6_set_expires(rt, jiffies + (HZ * lifetime));
1193 if (ra_msg->icmph.icmp6_hop_limit) {
1194 /* Only set hop_limit on the interface if it is higher than
1195 * the current hop_limit.
1196 */
1197 if (in6_dev->cnf.hop_limit < ra_msg->icmph.icmp6_hop_limit) {
1198 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1199 } else {
1200 ND_PRINTK(2, warn, "RA: Got route advertisement with lower hop_limit than current\n");
1201 }
1202 if (rt)
1203 dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
1204 ra_msg->icmph.icmp6_hop_limit);
1205 }
1206
1207 skip_defrtr:
1208
1209 /*
1210 * Update Reachable Time and Retrans Timer
1211 */
1212
1213 if (in6_dev->nd_parms) {
1214 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1215
1216 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1217 rtime = (rtime*HZ)/1000;
1218 if (rtime < HZ/10)
1219 rtime = HZ/10;
1220 in6_dev->nd_parms->retrans_time = rtime;
1221 in6_dev->tstamp = jiffies;
1222 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1223 }
1224
1225 rtime = ntohl(ra_msg->reachable_time);
1226 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1227 rtime = (rtime*HZ)/1000;
1228
1229 if (rtime < HZ/10)
1230 rtime = HZ/10;
1231
1232 if (rtime != in6_dev->nd_parms->base_reachable_time) {
1233 in6_dev->nd_parms->base_reachable_time = rtime;
1234 in6_dev->nd_parms->gc_staletime = 3 * rtime;
1235 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1236 in6_dev->tstamp = jiffies;
1237 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1238 }
1239 }
1240 }
1241
1242 skip_linkparms:
1243
1244 /*
1245 * Process options.
1246 */
1247
1248 if (!neigh)
1249 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1250 skb->dev, 1);
1251 if (neigh) {
1252 u8 *lladdr = NULL;
1253 if (ndopts.nd_opts_src_lladdr) {
1254 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1255 skb->dev);
1256 if (!lladdr) {
1257 ND_PRINTK(2, warn,
1258 "RA: invalid link-layer address length\n");
1259 goto out;
1260 }
1261 }
1262 neigh_update(neigh, lladdr, NUD_STALE,
1263 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1264 NEIGH_UPDATE_F_OVERRIDE|
1265 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1266 NEIGH_UPDATE_F_ISROUTER);
1267 }
1268
1269 if (!ipv6_accept_ra(in6_dev))
1270 goto out;
1271
1272 #ifdef CONFIG_IPV6_ROUTE_INFO
1273 if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0))
1274 goto skip_routeinfo;
1275
1276 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1277 struct nd_opt_hdr *p;
1278 for (p = ndopts.nd_opts_ri;
1279 p;
1280 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1281 struct route_info *ri = (struct route_info *)p;
1282 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1283 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1284 ri->prefix_len == 0)
1285 continue;
1286 #endif
1287 if (ri->prefix_len < in6_dev->cnf.accept_ra_rt_info_min_plen)
1288 continue;
1289 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1290 continue;
1291 rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3,
1292 &ipv6_hdr(skb)->saddr);
1293 }
1294 }
1295
1296 skip_routeinfo:
1297 #endif
1298
1299 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1300 /* skip link-specific ndopts from interior routers */
1301 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1302 goto out;
1303 #endif
1304
1305 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1306 struct nd_opt_hdr *p;
1307 for (p = ndopts.nd_opts_pi;
1308 p;
1309 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1310 addrconf_prefix_rcv(skb->dev, (u8 *)p,
1311 (p->nd_opt_len) << 3,
1312 ndopts.nd_opts_src_lladdr != NULL);
1313 }
1314 }
1315
1316 if (ndopts.nd_opts_mtu) {
1317 __be32 n;
1318 u32 mtu;
1319
1320 memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1321 mtu = ntohl(n);
1322
1323 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1324 ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1325 } else if (in6_dev->cnf.mtu6 != mtu) {
1326 in6_dev->cnf.mtu6 = mtu;
1327
1328 if (rt)
1329 dst_metric_set(&rt->dst, RTAX_MTU, mtu);
1330
1331 rt6_mtu_change(skb->dev, mtu);
1332 }
1333 }
1334
1335 if (ndopts.nd_useropts) {
1336 struct nd_opt_hdr *p;
1337 for (p = ndopts.nd_useropts;
1338 p;
1339 p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) {
1340 ndisc_ra_useropt(skb, p);
1341 }
1342 }
1343
1344 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1345 ND_PRINTK(2, warn, "RA: invalid RA options\n");
1346 }
1347 out:
1348 ip6_rt_put(rt);
1349 if (neigh)
1350 neigh_release(neigh);
1351 }
1352
ndisc_redirect_rcv(struct sk_buff * skb)1353 static void ndisc_redirect_rcv(struct sk_buff *skb)
1354 {
1355 u8 *hdr;
1356 struct ndisc_options ndopts;
1357 struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb);
1358 u32 ndoptlen = skb->tail - (skb->transport_header +
1359 offsetof(struct rd_msg, opt));
1360
1361 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1362 switch (skb->ndisc_nodetype) {
1363 case NDISC_NODETYPE_HOST:
1364 case NDISC_NODETYPE_NODEFAULT:
1365 ND_PRINTK(2, warn,
1366 "Redirect: from host or unauthorized router\n");
1367 return;
1368 }
1369 #endif
1370
1371 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1372 ND_PRINTK(2, warn,
1373 "Redirect: source address is not link-local\n");
1374 return;
1375 }
1376
1377 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts))
1378 return;
1379
1380 if (!ndopts.nd_opts_rh)
1381 return;
1382
1383 hdr = (u8 *)ndopts.nd_opts_rh;
1384 hdr += 8;
1385 if (!pskb_pull(skb, hdr - skb_transport_header(skb)))
1386 return;
1387
1388 icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1389 }
1390
ndisc_fill_redirect_hdr_option(struct sk_buff * skb,struct sk_buff * orig_skb,int rd_len)1391 static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb,
1392 struct sk_buff *orig_skb,
1393 int rd_len)
1394 {
1395 u8 *opt = skb_put(skb, rd_len);
1396
1397 memset(opt, 0, 8);
1398 *(opt++) = ND_OPT_REDIRECT_HDR;
1399 *(opt++) = (rd_len >> 3);
1400 opt += 6;
1401
1402 memcpy(opt, ipv6_hdr(orig_skb), rd_len - 8);
1403 }
1404
ndisc_send_redirect(struct sk_buff * skb,const struct in6_addr * target)1405 void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1406 {
1407 struct net_device *dev = skb->dev;
1408 struct net *net = dev_net(dev);
1409 struct sock *sk = net->ipv6.ndisc_sk;
1410 int optlen = 0;
1411 struct inet_peer *peer;
1412 struct sk_buff *buff;
1413 struct rd_msg *msg;
1414 struct in6_addr saddr_buf;
1415 struct rt6_info *rt;
1416 struct dst_entry *dst;
1417 struct flowi6 fl6;
1418 int rd_len;
1419 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL;
1420 bool ret;
1421
1422 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1423 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1424 dev->name);
1425 return;
1426 }
1427
1428 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1429 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1430 ND_PRINTK(2, warn,
1431 "Redirect: target address is not link-local unicast\n");
1432 return;
1433 }
1434
1435 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1436 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1437
1438 dst = ip6_route_output(net, NULL, &fl6);
1439 if (dst->error) {
1440 dst_release(dst);
1441 return;
1442 }
1443 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1444 if (IS_ERR(dst))
1445 return;
1446
1447 rt = (struct rt6_info *) dst;
1448
1449 if (rt->rt6i_flags & RTF_GATEWAY) {
1450 ND_PRINTK(2, warn,
1451 "Redirect: destination is not a neighbour\n");
1452 goto release;
1453 }
1454 peer = inet_getpeer_v6(net->ipv6.peers, &rt->rt6i_dst.addr, 1);
1455 ret = inet_peer_xrlim_allow(peer, 1*HZ);
1456 if (peer)
1457 inet_putpeer(peer);
1458 if (!ret)
1459 goto release;
1460
1461 if (dev->addr_len) {
1462 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1463 if (!neigh) {
1464 ND_PRINTK(2, warn,
1465 "Redirect: no neigh for target address\n");
1466 goto release;
1467 }
1468
1469 read_lock_bh(&neigh->lock);
1470 if (neigh->nud_state & NUD_VALID) {
1471 memcpy(ha_buf, neigh->ha, dev->addr_len);
1472 read_unlock_bh(&neigh->lock);
1473 ha = ha_buf;
1474 optlen += ndisc_opt_addr_space(dev);
1475 } else
1476 read_unlock_bh(&neigh->lock);
1477
1478 neigh_release(neigh);
1479 }
1480
1481 rd_len = min_t(unsigned int,
1482 IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen,
1483 skb->len + 8);
1484 rd_len &= ~0x7;
1485 optlen += rd_len;
1486
1487 buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
1488 if (!buff)
1489 goto release;
1490
1491 msg = (struct rd_msg *)skb_put(buff, sizeof(*msg));
1492 *msg = (struct rd_msg) {
1493 .icmph = {
1494 .icmp6_type = NDISC_REDIRECT,
1495 },
1496 .target = *target,
1497 .dest = ipv6_hdr(skb)->daddr,
1498 };
1499
1500 /*
1501 * include target_address option
1502 */
1503
1504 if (ha)
1505 ndisc_fill_addr_option(buff, ND_OPT_TARGET_LL_ADDR, ha);
1506
1507 /*
1508 * build redirect option and copy skb over to the new packet.
1509 */
1510
1511 if (rd_len)
1512 ndisc_fill_redirect_hdr_option(buff, skb, rd_len);
1513
1514 skb_dst_set(buff, dst);
1515 ndisc_send_skb(buff, &ipv6_hdr(skb)->saddr, &saddr_buf);
1516 return;
1517
1518 release:
1519 dst_release(dst);
1520 }
1521
pndisc_redo(struct sk_buff * skb)1522 static void pndisc_redo(struct sk_buff *skb)
1523 {
1524 ndisc_recv_ns(skb);
1525 kfree_skb(skb);
1526 }
1527
ndisc_rcv(struct sk_buff * skb)1528 int ndisc_rcv(struct sk_buff *skb)
1529 {
1530 struct nd_msg *msg;
1531
1532 if (skb_linearize(skb))
1533 return 0;
1534
1535 msg = (struct nd_msg *)skb_transport_header(skb);
1536
1537 __skb_push(skb, skb->data - skb_transport_header(skb));
1538
1539 if (ipv6_hdr(skb)->hop_limit != 255) {
1540 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1541 ipv6_hdr(skb)->hop_limit);
1542 return 0;
1543 }
1544
1545 if (msg->icmph.icmp6_code != 0) {
1546 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1547 msg->icmph.icmp6_code);
1548 return 0;
1549 }
1550
1551 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1552
1553 switch (msg->icmph.icmp6_type) {
1554 case NDISC_NEIGHBOUR_SOLICITATION:
1555 ndisc_recv_ns(skb);
1556 break;
1557
1558 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1559 ndisc_recv_na(skb);
1560 break;
1561
1562 case NDISC_ROUTER_SOLICITATION:
1563 ndisc_recv_rs(skb);
1564 break;
1565
1566 case NDISC_ROUTER_ADVERTISEMENT:
1567 ndisc_router_discovery(skb);
1568 break;
1569
1570 case NDISC_REDIRECT:
1571 ndisc_redirect_rcv(skb);
1572 break;
1573 }
1574
1575 return 0;
1576 }
1577
ndisc_netdev_event(struct notifier_block * this,unsigned long event,void * ptr)1578 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1579 {
1580 struct net_device *dev = ptr;
1581 struct net *net = dev_net(dev);
1582 struct inet6_dev *idev;
1583
1584 switch (event) {
1585 case NETDEV_CHANGEADDR:
1586 neigh_changeaddr(&nd_tbl, dev);
1587 fib6_run_gc(~0UL, net);
1588 idev = in6_dev_get(dev);
1589 if (!idev)
1590 break;
1591 if (idev->cnf.ndisc_notify)
1592 ndisc_send_unsol_na(dev);
1593 in6_dev_put(idev);
1594 break;
1595 case NETDEV_DOWN:
1596 neigh_ifdown(&nd_tbl, dev);
1597 fib6_run_gc(~0UL, net);
1598 break;
1599 case NETDEV_NOTIFY_PEERS:
1600 ndisc_send_unsol_na(dev);
1601 break;
1602 default:
1603 break;
1604 }
1605
1606 return NOTIFY_DONE;
1607 }
1608
1609 static struct notifier_block ndisc_netdev_notifier = {
1610 .notifier_call = ndisc_netdev_event,
1611 };
1612
1613 #ifdef CONFIG_SYSCTL
ndisc_warn_deprecated_sysctl(struct ctl_table * ctl,const char * func,const char * dev_name)1614 static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1615 const char *func, const char *dev_name)
1616 {
1617 static char warncomm[TASK_COMM_LEN];
1618 static int warned;
1619 if (strcmp(warncomm, current->comm) && warned < 5) {
1620 strcpy(warncomm, current->comm);
1621 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1622 warncomm, func,
1623 dev_name, ctl->procname,
1624 dev_name, ctl->procname);
1625 warned++;
1626 }
1627 }
1628
ndisc_ifinfo_sysctl_change(struct ctl_table * ctl,int write,void __user * buffer,size_t * lenp,loff_t * ppos)1629 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
1630 {
1631 struct net_device *dev = ctl->extra1;
1632 struct inet6_dev *idev;
1633 int ret;
1634
1635 if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1636 (strcmp(ctl->procname, "base_reachable_time") == 0))
1637 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1638
1639 if (strcmp(ctl->procname, "retrans_time") == 0)
1640 ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
1641
1642 else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1643 ret = proc_dointvec_jiffies(ctl, write,
1644 buffer, lenp, ppos);
1645
1646 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1647 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1648 ret = proc_dointvec_ms_jiffies(ctl, write,
1649 buffer, lenp, ppos);
1650 else
1651 ret = -1;
1652
1653 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1654 if (ctl->data == &idev->nd_parms->base_reachable_time)
1655 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time);
1656 idev->tstamp = jiffies;
1657 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1658 in6_dev_put(idev);
1659 }
1660 return ret;
1661 }
1662
1663
1664 #endif
1665
ndisc_net_init(struct net * net)1666 static int __net_init ndisc_net_init(struct net *net)
1667 {
1668 struct ipv6_pinfo *np;
1669 struct sock *sk;
1670 int err;
1671
1672 err = inet_ctl_sock_create(&sk, PF_INET6,
1673 SOCK_RAW, IPPROTO_ICMPV6, net);
1674 if (err < 0) {
1675 ND_PRINTK(0, err,
1676 "NDISC: Failed to initialize the control socket (err %d)\n",
1677 err);
1678 return err;
1679 }
1680
1681 net->ipv6.ndisc_sk = sk;
1682
1683 np = inet6_sk(sk);
1684 np->hop_limit = 255;
1685 /* Do not loopback ndisc messages */
1686 np->mc_loop = 0;
1687
1688 return 0;
1689 }
1690
ndisc_net_exit(struct net * net)1691 static void __net_exit ndisc_net_exit(struct net *net)
1692 {
1693 inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1694 }
1695
1696 static struct pernet_operations ndisc_net_ops = {
1697 .init = ndisc_net_init,
1698 .exit = ndisc_net_exit,
1699 };
1700
ndisc_init(void)1701 int __init ndisc_init(void)
1702 {
1703 int err;
1704
1705 err = register_pernet_subsys(&ndisc_net_ops);
1706 if (err)
1707 return err;
1708 /*
1709 * Initialize the neighbour table
1710 */
1711 neigh_table_init(&nd_tbl);
1712
1713 #ifdef CONFIG_SYSCTL
1714 err = neigh_sysctl_register(NULL, &nd_tbl.parms, "ipv6",
1715 &ndisc_ifinfo_sysctl_change);
1716 if (err)
1717 goto out_unregister_pernet;
1718 #endif
1719 err = register_netdevice_notifier(&ndisc_netdev_notifier);
1720 if (err)
1721 goto out_unregister_sysctl;
1722 out:
1723 return err;
1724
1725 out_unregister_sysctl:
1726 #ifdef CONFIG_SYSCTL
1727 neigh_sysctl_unregister(&nd_tbl.parms);
1728 out_unregister_pernet:
1729 #endif
1730 unregister_pernet_subsys(&ndisc_net_ops);
1731 goto out;
1732 }
1733
ndisc_cleanup(void)1734 void ndisc_cleanup(void)
1735 {
1736 unregister_netdevice_notifier(&ndisc_netdev_notifier);
1737 #ifdef CONFIG_SYSCTL
1738 neigh_sysctl_unregister(&nd_tbl.parms);
1739 #endif
1740 neigh_table_clear(&nd_tbl);
1741 unregister_pernet_subsys(&ndisc_net_ops);
1742 }
1743