1 /*
2 * Neighbour Discovery for IPv6
3 * Linux INET6 implementation
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 * Mike Shaver <shaver@ingenia.com>
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version
12 * 2 of the License, or (at your option) any later version.
13 */
14
15 /*
16 * Changes:
17 *
18 * Pierre Ynard : export userland ND options
19 * through netlink (RDNSS support)
20 * Lars Fenneberg : fixed MTU setting on receipt
21 * of an RA.
22 * Janos Farkas : kmalloc failure checks
23 * Alexey Kuznetsov : state machine reworked
24 * and moved to net/core.
25 * Pekka Savola : RFC2461 validation
26 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly
27 */
28
29 /* Set to 3 to get tracing... */
30 #define ND_DEBUG 1
31
32 #define ND_PRINTK(fmt, args...) do { if (net_ratelimit()) { printk(fmt, ## args); } } while(0)
33 #define ND_NOPRINTK(x...) do { ; } while(0)
34 #define ND_PRINTK0 ND_PRINTK
35 #define ND_PRINTK1 ND_NOPRINTK
36 #define ND_PRINTK2 ND_NOPRINTK
37 #define ND_PRINTK3 ND_NOPRINTK
38 #if ND_DEBUG >= 1
39 #undef ND_PRINTK1
40 #define ND_PRINTK1 ND_PRINTK
41 #endif
42 #if ND_DEBUG >= 2
43 #undef ND_PRINTK2
44 #define ND_PRINTK2 ND_PRINTK
45 #endif
46 #if ND_DEBUG >= 3
47 #undef ND_PRINTK3
48 #define ND_PRINTK3 ND_PRINTK
49 #endif
50
51 #include <linux/module.h>
52 #include <linux/errno.h>
53 #include <linux/types.h>
54 #include <linux/socket.h>
55 #include <linux/sockios.h>
56 #include <linux/sched.h>
57 #include <linux/net.h>
58 #include <linux/in6.h>
59 #include <linux/route.h>
60 #include <linux/init.h>
61 #include <linux/rcupdate.h>
62 #ifdef CONFIG_SYSCTL
63 #include <linux/sysctl.h>
64 #endif
65
66 #include <linux/if_addr.h>
67 #include <linux/if_arp.h>
68 #include <linux/ipv6.h>
69 #include <linux/icmpv6.h>
70 #include <linux/jhash.h>
71
72 #include <net/sock.h>
73 #include <net/snmp.h>
74
75 #include <net/ipv6.h>
76 #include <net/protocol.h>
77 #include <net/ndisc.h>
78 #include <net/ip6_route.h>
79 #include <net/addrconf.h>
80 #include <net/icmp.h>
81
82 #include <net/netlink.h>
83 #include <linux/rtnetlink.h>
84
85 #include <net/flow.h>
86 #include <net/ip6_checksum.h>
87 #include <linux/proc_fs.h>
88
89 #include <linux/netfilter.h>
90 #include <linux/netfilter_ipv6.h>
91
92 static struct socket *ndisc_socket;
93
94 static u32 ndisc_hash(const void *pkey, const struct net_device *dev);
95 static int ndisc_constructor(struct neighbour *neigh);
96 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
97 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
98 static int pndisc_constructor(struct pneigh_entry *n);
99 static void pndisc_destructor(struct pneigh_entry *n);
100 static void pndisc_redo(struct sk_buff *skb);
101
102 static struct neigh_ops ndisc_generic_ops = {
103 .family = AF_INET6,
104 .solicit = ndisc_solicit,
105 .error_report = ndisc_error_report,
106 .output = neigh_resolve_output,
107 .connected_output = neigh_connected_output,
108 .hh_output = dev_queue_xmit,
109 .queue_xmit = dev_queue_xmit,
110 };
111
112 static struct neigh_ops ndisc_hh_ops = {
113 .family = AF_INET6,
114 .solicit = ndisc_solicit,
115 .error_report = ndisc_error_report,
116 .output = neigh_resolve_output,
117 .connected_output = neigh_resolve_output,
118 .hh_output = dev_queue_xmit,
119 .queue_xmit = dev_queue_xmit,
120 };
121
122
123 static struct neigh_ops ndisc_direct_ops = {
124 .family = AF_INET6,
125 .output = dev_queue_xmit,
126 .connected_output = dev_queue_xmit,
127 .hh_output = dev_queue_xmit,
128 .queue_xmit = dev_queue_xmit,
129 };
130
131 struct neigh_table nd_tbl = {
132 .family = AF_INET6,
133 .entry_size = sizeof(struct neighbour) + sizeof(struct in6_addr),
134 .key_len = sizeof(struct in6_addr),
135 .hash = ndisc_hash,
136 .constructor = ndisc_constructor,
137 .pconstructor = pndisc_constructor,
138 .pdestructor = pndisc_destructor,
139 .proxy_redo = pndisc_redo,
140 .id = "ndisc_cache",
141 .parms = {
142 .tbl = &nd_tbl,
143 .base_reachable_time = 30 * HZ,
144 .retrans_time = 1 * HZ,
145 .gc_staletime = 60 * HZ,
146 .reachable_time = 30 * HZ,
147 .delay_probe_time = 5 * HZ,
148 .queue_len = 3,
149 .ucast_probes = 3,
150 .mcast_probes = 3,
151 .anycast_delay = 1 * HZ,
152 .proxy_delay = (8 * HZ) / 10,
153 .proxy_qlen = 64,
154 },
155 .gc_interval = 30 * HZ,
156 .gc_thresh1 = 128,
157 .gc_thresh2 = 512,
158 .gc_thresh3 = 1024,
159 };
160
161 /* ND options */
162 struct ndisc_options {
163 struct nd_opt_hdr *nd_opt_array[__ND_OPT_ARRAY_MAX];
164 #ifdef CONFIG_IPV6_ROUTE_INFO
165 struct nd_opt_hdr *nd_opts_ri;
166 struct nd_opt_hdr *nd_opts_ri_end;
167 #endif
168 struct nd_opt_hdr *nd_useropts;
169 struct nd_opt_hdr *nd_useropts_end;
170 };
171
172 #define nd_opts_src_lladdr nd_opt_array[ND_OPT_SOURCE_LL_ADDR]
173 #define nd_opts_tgt_lladdr nd_opt_array[ND_OPT_TARGET_LL_ADDR]
174 #define nd_opts_pi nd_opt_array[ND_OPT_PREFIX_INFO]
175 #define nd_opts_pi_end nd_opt_array[__ND_OPT_PREFIX_INFO_END]
176 #define nd_opts_rh nd_opt_array[ND_OPT_REDIRECT_HDR]
177 #define nd_opts_mtu nd_opt_array[ND_OPT_MTU]
178
179 #define NDISC_OPT_SPACE(len) (((len)+2+7)&~7)
180
181 /*
182 * Return the padding between the option length and the start of the
183 * link addr. Currently only IP-over-InfiniBand needs this, although
184 * if RFC 3831 IPv6-over-Fibre Channel is ever implemented it may
185 * also need a pad of 2.
186 */
187 static int ndisc_addr_option_pad(unsigned short type)
188 {
189 switch (type) {
190 case ARPHRD_INFINIBAND: return 2;
191 default: return 0;
192 }
193 }
194
195 static inline int ndisc_opt_addr_space(struct net_device *dev)
196 {
197 return NDISC_OPT_SPACE(dev->addr_len + ndisc_addr_option_pad(dev->type));
198 }
199
200 static u8 *ndisc_fill_addr_option(u8 *opt, int type, void *data, int data_len,
201 unsigned short addr_type)
202 {
203 int space = NDISC_OPT_SPACE(data_len);
204 int pad = ndisc_addr_option_pad(addr_type);
205
206 opt[0] = type;
207 opt[1] = space>>3;
208
209 memset(opt + 2, 0, pad);
210 opt += pad;
211 space -= pad;
212
213 memcpy(opt+2, data, data_len);
214 data_len += 2;
215 opt += data_len;
216 if ((space -= data_len) > 0)
217 memset(opt, 0, space);
218 return opt + space;
219 }
220
221 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
222 struct nd_opt_hdr *end)
223 {
224 int type;
225 if (!cur || !end || cur >= end)
226 return NULL;
227 type = cur->nd_opt_type;
228 do {
229 cur = ((void *)cur) + (cur->nd_opt_len << 3);
230 } while(cur < end && cur->nd_opt_type != type);
231 return (cur <= end && cur->nd_opt_type == type ? cur : NULL);
232 }
233
234 static inline int ndisc_is_useropt(struct nd_opt_hdr *opt)
235 {
236 return (opt->nd_opt_type == ND_OPT_RDNSS);
237 }
238
239 static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur,
240 struct nd_opt_hdr *end)
241 {
242 if (!cur || !end || cur >= end)
243 return NULL;
244 do {
245 cur = ((void *)cur) + (cur->nd_opt_len << 3);
246 } while(cur < end && !ndisc_is_useropt(cur));
247 return (cur <= end && ndisc_is_useropt(cur) ? cur : NULL);
248 }
249
250 static struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
251 struct ndisc_options *ndopts)
252 {
253 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
254
255 if (!nd_opt || opt_len < 0 || !ndopts)
256 return NULL;
257 memset(ndopts, 0, sizeof(*ndopts));
258 while (opt_len) {
259 int l;
260 if (opt_len < sizeof(struct nd_opt_hdr))
261 return NULL;
262 l = nd_opt->nd_opt_len << 3;
263 if (opt_len < l || l == 0)
264 return NULL;
265 switch (nd_opt->nd_opt_type) {
266 case ND_OPT_SOURCE_LL_ADDR:
267 case ND_OPT_TARGET_LL_ADDR:
268 case ND_OPT_MTU:
269 case ND_OPT_REDIRECT_HDR:
270 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
271 ND_PRINTK2(KERN_WARNING
272 "%s(): duplicated ND6 option found: type=%d\n",
273 __FUNCTION__,
274 nd_opt->nd_opt_type);
275 } else {
276 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
277 }
278 break;
279 case ND_OPT_PREFIX_INFO:
280 ndopts->nd_opts_pi_end = nd_opt;
281 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
282 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
283 break;
284 #ifdef CONFIG_IPV6_ROUTE_INFO
285 case ND_OPT_ROUTE_INFO:
286 ndopts->nd_opts_ri_end = nd_opt;
287 if (!ndopts->nd_opts_ri)
288 ndopts->nd_opts_ri = nd_opt;
289 break;
290 #endif
291 default:
292 if (ndisc_is_useropt(nd_opt)) {
293 ndopts->nd_useropts_end = nd_opt;
294 if (!ndopts->nd_useropts)
295 ndopts->nd_useropts = nd_opt;
296 } else {
297 /*
298 * Unknown options must be silently ignored,
299 * to accommodate future extension to the
300 * protocol.
301 */
302 ND_PRINTK2(KERN_NOTICE
303 "%s(): ignored unsupported option; type=%d, len=%d\n",
304 __FUNCTION__,
305 nd_opt->nd_opt_type, nd_opt->nd_opt_len);
306 }
307 }
308 opt_len -= l;
309 nd_opt = ((void *)nd_opt) + l;
310 }
311 return ndopts;
312 }
313
314 static inline u8 *ndisc_opt_addr_data(struct nd_opt_hdr *p,
315 struct net_device *dev)
316 {
317 u8 *lladdr = (u8 *)(p + 1);
318 int lladdrlen = p->nd_opt_len << 3;
319 int prepad = ndisc_addr_option_pad(dev->type);
320 if (lladdrlen != NDISC_OPT_SPACE(dev->addr_len + prepad))
321 return NULL;
322 return (lladdr + prepad);
323 }
324
325 int ndisc_mc_map(struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
326 {
327 switch (dev->type) {
328 case ARPHRD_ETHER:
329 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */
330 case ARPHRD_FDDI:
331 ipv6_eth_mc_map(addr, buf);
332 return 0;
333 case ARPHRD_IEEE802_TR:
334 ipv6_tr_mc_map(addr,buf);
335 return 0;
336 case ARPHRD_ARCNET:
337 ipv6_arcnet_mc_map(addr, buf);
338 return 0;
339 case ARPHRD_INFINIBAND:
340 ipv6_ib_mc_map(addr, dev->broadcast, buf);
341 return 0;
342 default:
343 if (dir) {
344 memcpy(buf, dev->broadcast, dev->addr_len);
345 return 0;
346 }
347 }
348 return -EINVAL;
349 }
350
351 EXPORT_SYMBOL(ndisc_mc_map);
352
353 static u32 ndisc_hash(const void *pkey, const struct net_device *dev)
354 {
355 const u32 *p32 = pkey;
356 u32 addr_hash, i;
357
358 addr_hash = 0;
359 for (i = 0; i < (sizeof(struct in6_addr) / sizeof(u32)); i++)
360 addr_hash ^= *p32++;
361
362 return jhash_2words(addr_hash, dev->ifindex, nd_tbl.hash_rnd);
363 }
364
365 static int ndisc_constructor(struct neighbour *neigh)
366 {
367 struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key;
368 struct net_device *dev = neigh->dev;
369 struct inet6_dev *in6_dev;
370 struct neigh_parms *parms;
371 int is_multicast = ipv6_addr_is_multicast(addr);
372
373 rcu_read_lock();
374 in6_dev = in6_dev_get(dev);
375 if (in6_dev == NULL) {
376 rcu_read_unlock();
377 return -EINVAL;
378 }
379
380 parms = in6_dev->nd_parms;
381 __neigh_parms_put(neigh->parms);
382 neigh->parms = neigh_parms_clone(parms);
383 rcu_read_unlock();
384
385 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
386 if (!dev->header_ops) {
387 neigh->nud_state = NUD_NOARP;
388 neigh->ops = &ndisc_direct_ops;
389 neigh->output = neigh->ops->queue_xmit;
390 } else {
391 if (is_multicast) {
392 neigh->nud_state = NUD_NOARP;
393 ndisc_mc_map(addr, neigh->ha, dev, 1);
394 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
395 neigh->nud_state = NUD_NOARP;
396 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
397 if (dev->flags&IFF_LOOPBACK)
398 neigh->type = RTN_LOCAL;
399 } else if (dev->flags&IFF_POINTOPOINT) {
400 neigh->nud_state = NUD_NOARP;
401 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
402 }
403 if (dev->header_ops->cache)
404 neigh->ops = &ndisc_hh_ops;
405 else
406 neigh->ops = &ndisc_generic_ops;
407 if (neigh->nud_state&NUD_VALID)
408 neigh->output = neigh->ops->connected_output;
409 else
410 neigh->output = neigh->ops->output;
411 }
412 in6_dev_put(in6_dev);
413 return 0;
414 }
415
416 static int pndisc_constructor(struct pneigh_entry *n)
417 {
418 struct in6_addr *addr = (struct in6_addr*)&n->key;
419 struct in6_addr maddr;
420 struct net_device *dev = n->dev;
421
422 if (dev == NULL || __in6_dev_get(dev) == NULL)
423 return -EINVAL;
424 addrconf_addr_solict_mult(addr, &maddr);
425 ipv6_dev_mc_inc(dev, &maddr);
426 return 0;
427 }
428
429 static void pndisc_destructor(struct pneigh_entry *n)
430 {
431 struct in6_addr *addr = (struct in6_addr*)&n->key;
432 struct in6_addr maddr;
433 struct net_device *dev = n->dev;
434
435 if (dev == NULL || __in6_dev_get(dev) == NULL)
436 return;
437 addrconf_addr_solict_mult(addr, &maddr);
438 ipv6_dev_mc_dec(dev, &maddr);
439 }
440
441 /*
442 * Send a Neighbour Advertisement
443 */
444
445 static inline void ndisc_flow_init(struct flowi *fl, u8 type,
446 struct in6_addr *saddr, struct in6_addr *daddr,
447 int oif)
448 {
449 memset(fl, 0, sizeof(*fl));
450 ipv6_addr_copy(&fl->fl6_src, saddr);
451 ipv6_addr_copy(&fl->fl6_dst, daddr);
452 fl->proto = IPPROTO_ICMPV6;
453 fl->fl_icmp_type = type;
454 fl->fl_icmp_code = 0;
455 fl->oif = oif;
456 security_sk_classify_flow(ndisc_socket->sk, fl);
457 }
458
459 static void __ndisc_send(struct net_device *dev,
460 struct neighbour *neigh,
461 struct in6_addr *daddr, struct in6_addr *saddr,
462 struct icmp6hdr *icmp6h, struct in6_addr *target,
463 int llinfo)
464 {
465 struct flowi fl;
466 struct dst_entry *dst;
467 struct sock *sk = ndisc_socket->sk;
468 struct sk_buff *skb;
469 struct icmp6hdr *hdr;
470 struct inet6_dev *idev;
471 int len;
472 int err;
473 u8 *opt, type;
474
475 type = icmp6h->icmp6_type;
476
477 ndisc_flow_init(&fl, type, saddr, daddr,
478 dev->ifindex);
479
480 dst = ndisc_dst_alloc(dev, neigh, daddr, ip6_output);
481 if (!dst)
482 return;
483
484 err = xfrm_lookup(&dst, &fl, NULL, 0);
485 if (err < 0)
486 return;
487
488 if (!dev->addr_len)
489 llinfo = 0;
490
491 len = sizeof(struct icmp6hdr) + (target ? sizeof(*target) : 0);
492 if (llinfo)
493 len += ndisc_opt_addr_space(dev);
494
495 skb = sock_alloc_send_skb(sk,
496 (MAX_HEADER + sizeof(struct ipv6hdr) +
497 len + LL_RESERVED_SPACE(dev)),
498 1, &err);
499 if (!skb) {
500 ND_PRINTK0(KERN_ERR
501 "ICMPv6 ND: %s() failed to allocate an skb.\n",
502 __FUNCTION__);
503 dst_release(dst);
504 return;
505 }
506
507 skb_reserve(skb, LL_RESERVED_SPACE(dev));
508 ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len);
509
510 skb->transport_header = skb->tail;
511 skb_put(skb, len);
512
513 hdr = (struct icmp6hdr *)skb_transport_header(skb);
514 memcpy(hdr, icmp6h, sizeof(*hdr));
515
516 opt = skb_transport_header(skb) + sizeof(struct icmp6hdr);
517 if (target) {
518 ipv6_addr_copy((struct in6_addr *)opt, target);
519 opt += sizeof(*target);
520 }
521
522 if (llinfo)
523 ndisc_fill_addr_option(opt, llinfo, dev->dev_addr,
524 dev->addr_len, dev->type);
525
526 hdr->icmp6_cksum = csum_ipv6_magic(saddr, daddr, len,
527 IPPROTO_ICMPV6,
528 csum_partial((__u8 *) hdr,
529 len, 0));
530
531 skb->dst = dst;
532
533 idev = in6_dev_get(dst->dev);
534 IP6_INC_STATS(idev, IPSTATS_MIB_OUTREQUESTS);
535
536 err = NF_HOOK(PF_INET6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev,
537 dst_output);
538 if (!err) {
539 ICMP6MSGOUT_INC_STATS(idev, type);
540 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS);
541 }
542
543 if (likely(idev != NULL))
544 in6_dev_put(idev);
545 }
546
547 static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
548 struct in6_addr *daddr, struct in6_addr *solicited_addr,
549 int router, int solicited, int override, int inc_opt)
550 {
551 struct in6_addr tmpaddr;
552 struct inet6_ifaddr *ifp;
553 struct in6_addr *src_addr;
554 struct icmp6hdr icmp6h = {
555 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
556 };
557
558 /* for anycast or proxy, solicited_addr != src_addr */
559 ifp = ipv6_get_ifaddr(&init_net, solicited_addr, dev, 1);
560 if (ifp) {
561 src_addr = solicited_addr;
562 if (ifp->flags & IFA_F_OPTIMISTIC)
563 override = 0;
564 in6_ifa_put(ifp);
565 } else {
566 if (ipv6_dev_get_saddr(dev, daddr, &tmpaddr))
567 return;
568 src_addr = &tmpaddr;
569 }
570
571 icmp6h.icmp6_router = router;
572 icmp6h.icmp6_solicited = solicited;
573 icmp6h.icmp6_override = override;
574
575 __ndisc_send(dev, neigh, daddr, src_addr,
576 &icmp6h, solicited_addr,
577 inc_opt ? ND_OPT_TARGET_LL_ADDR : 0);
578 }
579
580 void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh,
581 struct in6_addr *solicit,
582 struct in6_addr *daddr, struct in6_addr *saddr)
583 {
584 struct in6_addr addr_buf;
585 struct icmp6hdr icmp6h = {
586 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
587 };
588
589 if (saddr == NULL) {
590 if (ipv6_get_lladdr(dev, &addr_buf,
591 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
592 return;
593 saddr = &addr_buf;
594 }
595
596 __ndisc_send(dev, neigh, daddr, saddr,
597 &icmp6h, solicit,
598 !ipv6_addr_any(saddr) ? ND_OPT_SOURCE_LL_ADDR : 0);
599 }
600
601 void ndisc_send_rs(struct net_device *dev, struct in6_addr *saddr,
602 struct in6_addr *daddr)
603 {
604 struct icmp6hdr icmp6h = {
605 .icmp6_type = NDISC_ROUTER_SOLICITATION,
606 };
607 int send_sllao = dev->addr_len;
608
609 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
610 /*
611 * According to section 2.2 of RFC 4429, we must not
612 * send router solicitations with a sllao from
613 * optimistic addresses, but we may send the solicitation
614 * if we don't include the sllao. So here we check
615 * if our address is optimistic, and if so, we
616 * suppress the inclusion of the sllao.
617 */
618 if (send_sllao) {
619 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(&init_net, saddr,
620 dev, 1);
621 if (ifp) {
622 if (ifp->flags & IFA_F_OPTIMISTIC) {
623 send_sllao = 0;
624 }
625 in6_ifa_put(ifp);
626 } else {
627 send_sllao = 0;
628 }
629 }
630 #endif
631 __ndisc_send(dev, NULL, daddr, saddr,
632 &icmp6h, NULL,
633 send_sllao ? ND_OPT_SOURCE_LL_ADDR : 0);
634 }
635
636
637 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
638 {
639 /*
640 * "The sender MUST return an ICMP
641 * destination unreachable"
642 */
643 dst_link_failure(skb);
644 kfree_skb(skb);
645 }
646
647 /* Called with locked neigh: either read or both */
648
649 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
650 {
651 struct in6_addr *saddr = NULL;
652 struct in6_addr mcaddr;
653 struct net_device *dev = neigh->dev;
654 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
655 int probes = atomic_read(&neigh->probes);
656
657 if (skb && ipv6_chk_addr(&init_net, &ipv6_hdr(skb)->saddr, dev, 1))
658 saddr = &ipv6_hdr(skb)->saddr;
659
660 if ((probes -= neigh->parms->ucast_probes) < 0) {
661 if (!(neigh->nud_state & NUD_VALID)) {
662 ND_PRINTK1(KERN_DEBUG
663 "%s(): trying to ucast probe in NUD_INVALID: "
664 NIP6_FMT "\n",
665 __FUNCTION__,
666 NIP6(*target));
667 }
668 ndisc_send_ns(dev, neigh, target, target, saddr);
669 } else if ((probes -= neigh->parms->app_probes) < 0) {
670 #ifdef CONFIG_ARPD
671 neigh_app_ns(neigh);
672 #endif
673 } else {
674 addrconf_addr_solict_mult(target, &mcaddr);
675 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr);
676 }
677 }
678
679 static struct pneigh_entry *pndisc_check_router(struct net_device *dev,
680 struct in6_addr *addr, int *is_router)
681 {
682 struct pneigh_entry *n;
683
684 read_lock_bh(&nd_tbl.lock);
685 n = __pneigh_lookup(&nd_tbl, &init_net, addr, dev);
686 if (n != NULL)
687 *is_router = (n->flags & NTF_ROUTER);
688 read_unlock_bh(&nd_tbl.lock);
689
690 return n;
691 }
692
693 static void ndisc_recv_ns(struct sk_buff *skb)
694 {
695 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
696 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
697 struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
698 u8 *lladdr = NULL;
699 u32 ndoptlen = skb->tail - (skb->transport_header +
700 offsetof(struct nd_msg, opt));
701 struct ndisc_options ndopts;
702 struct net_device *dev = skb->dev;
703 struct inet6_ifaddr *ifp;
704 struct inet6_dev *idev = NULL;
705 struct neighbour *neigh;
706 struct pneigh_entry *pneigh = NULL;
707 int dad = ipv6_addr_any(saddr);
708 int inc;
709 int is_router = 0;
710
711 if (ipv6_addr_is_multicast(&msg->target)) {
712 ND_PRINTK2(KERN_WARNING
713 "ICMPv6 NS: multicast target address");
714 return;
715 }
716
717 /*
718 * RFC2461 7.1.1:
719 * DAD has to be destined for solicited node multicast address.
720 */
721 if (dad &&
722 !(daddr->s6_addr32[0] == htonl(0xff020000) &&
723 daddr->s6_addr32[1] == htonl(0x00000000) &&
724 daddr->s6_addr32[2] == htonl(0x00000001) &&
725 daddr->s6_addr [12] == 0xff )) {
726 ND_PRINTK2(KERN_WARNING
727 "ICMPv6 NS: bad DAD packet (wrong destination)\n");
728 return;
729 }
730
731 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
732 ND_PRINTK2(KERN_WARNING
733 "ICMPv6 NS: invalid ND options\n");
734 return;
735 }
736
737 if (ndopts.nd_opts_src_lladdr) {
738 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
739 if (!lladdr) {
740 ND_PRINTK2(KERN_WARNING
741 "ICMPv6 NS: invalid link-layer address length\n");
742 return;
743 }
744
745 /* RFC2461 7.1.1:
746 * If the IP source address is the unspecified address,
747 * there MUST NOT be source link-layer address option
748 * in the message.
749 */
750 if (dad) {
751 ND_PRINTK2(KERN_WARNING
752 "ICMPv6 NS: bad DAD packet (link-layer address option)\n");
753 return;
754 }
755 }
756
757 inc = ipv6_addr_is_multicast(daddr);
758
759 if ((ifp = ipv6_get_ifaddr(&init_net, &msg->target, dev, 1)) != NULL) {
760
761 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
762 if (dad) {
763 if (dev->type == ARPHRD_IEEE802_TR) {
764 const unsigned char *sadr;
765 sadr = skb_mac_header(skb);
766 if (((sadr[8] ^ dev->dev_addr[0]) & 0x7f) == 0 &&
767 sadr[9] == dev->dev_addr[1] &&
768 sadr[10] == dev->dev_addr[2] &&
769 sadr[11] == dev->dev_addr[3] &&
770 sadr[12] == dev->dev_addr[4] &&
771 sadr[13] == dev->dev_addr[5]) {
772 /* looped-back to us */
773 goto out;
774 }
775 }
776
777 /*
778 * We are colliding with another node
779 * who is doing DAD
780 * so fail our DAD process
781 */
782 addrconf_dad_failure(ifp);
783 return;
784 } else {
785 /*
786 * This is not a dad solicitation.
787 * If we are an optimistic node,
788 * we should respond.
789 * Otherwise, we should ignore it.
790 */
791 if (!(ifp->flags & IFA_F_OPTIMISTIC))
792 goto out;
793 }
794 }
795
796 idev = ifp->idev;
797 } else {
798 idev = in6_dev_get(dev);
799 if (!idev) {
800 /* XXX: count this drop? */
801 return;
802 }
803
804 if (ipv6_chk_acast_addr(dev, &msg->target) ||
805 (idev->cnf.forwarding &&
806 (ipv6_devconf.proxy_ndp || idev->cnf.proxy_ndp) &&
807 (pneigh = pndisc_check_router(dev, &msg->target,
808 &is_router)) != NULL)) {
809 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
810 skb->pkt_type != PACKET_HOST &&
811 inc != 0 &&
812 idev->nd_parms->proxy_delay != 0) {
813 /*
814 * for anycast or proxy,
815 * sender should delay its response
816 * by a random time between 0 and
817 * MAX_ANYCAST_DELAY_TIME seconds.
818 * (RFC2461) -- yoshfuji
819 */
820 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
821 if (n)
822 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
823 goto out;
824 }
825 } else
826 goto out;
827 }
828
829 is_router = !!(pneigh ? is_router : idev->cnf.forwarding);
830
831 if (dad) {
832 struct in6_addr maddr;
833
834 ipv6_addr_all_nodes(&maddr);
835 ndisc_send_na(dev, NULL, &maddr, &msg->target,
836 is_router, 0, (ifp != NULL), 1);
837 goto out;
838 }
839
840 if (inc)
841 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
842 else
843 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
844
845 /*
846 * update / create cache entry
847 * for the source address
848 */
849 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
850 !inc || lladdr || !dev->addr_len);
851 if (neigh)
852 neigh_update(neigh, lladdr, NUD_STALE,
853 NEIGH_UPDATE_F_WEAK_OVERRIDE|
854 NEIGH_UPDATE_F_OVERRIDE);
855 if (neigh || !dev->header_ops) {
856 ndisc_send_na(dev, neigh, saddr, &msg->target,
857 is_router,
858 1, (ifp != NULL && inc), inc);
859 if (neigh)
860 neigh_release(neigh);
861 }
862
863 out:
864 if (ifp)
865 in6_ifa_put(ifp);
866 else
867 in6_dev_put(idev);
868
869 return;
870 }
871
872 static void ndisc_recv_na(struct sk_buff *skb)
873 {
874 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
875 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
876 struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
877 u8 *lladdr = NULL;
878 u32 ndoptlen = skb->tail - (skb->transport_header +
879 offsetof(struct nd_msg, opt));
880 struct ndisc_options ndopts;
881 struct net_device *dev = skb->dev;
882 struct inet6_ifaddr *ifp;
883 struct neighbour *neigh;
884
885 if (skb->len < sizeof(struct nd_msg)) {
886 ND_PRINTK2(KERN_WARNING
887 "ICMPv6 NA: packet too short\n");
888 return;
889 }
890
891 if (ipv6_addr_is_multicast(&msg->target)) {
892 ND_PRINTK2(KERN_WARNING
893 "ICMPv6 NA: target address is multicast.\n");
894 return;
895 }
896
897 if (ipv6_addr_is_multicast(daddr) &&
898 msg->icmph.icmp6_solicited) {
899 ND_PRINTK2(KERN_WARNING
900 "ICMPv6 NA: solicited NA is multicasted.\n");
901 return;
902 }
903
904 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
905 ND_PRINTK2(KERN_WARNING
906 "ICMPv6 NS: invalid ND option\n");
907 return;
908 }
909 if (ndopts.nd_opts_tgt_lladdr) {
910 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
911 if (!lladdr) {
912 ND_PRINTK2(KERN_WARNING
913 "ICMPv6 NA: invalid link-layer address length\n");
914 return;
915 }
916 }
917 if ((ifp = ipv6_get_ifaddr(&init_net, &msg->target, dev, 1))) {
918 if (ifp->flags & IFA_F_TENTATIVE) {
919 addrconf_dad_failure(ifp);
920 return;
921 }
922 /* What should we make now? The advertisement
923 is invalid, but ndisc specs say nothing
924 about it. It could be misconfiguration, or
925 an smart proxy agent tries to help us :-)
926 */
927 ND_PRINTK1(KERN_WARNING
928 "ICMPv6 NA: someone advertises our address on %s!\n",
929 ifp->idev->dev->name);
930 in6_ifa_put(ifp);
931 return;
932 }
933 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
934
935 if (neigh) {
936 u8 old_flags = neigh->flags;
937
938 if (neigh->nud_state & NUD_FAILED)
939 goto out;
940
941 /*
942 * Don't update the neighbor cache entry on a proxy NA from
943 * ourselves because either the proxied node is off link or it
944 * has already sent a NA to us.
945 */
946 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
947 ipv6_devconf.forwarding && ipv6_devconf.proxy_ndp &&
948 pneigh_lookup(&nd_tbl, &init_net, &msg->target, dev, 0)) {
949 /* XXX: idev->cnf.prixy_ndp */
950 goto out;
951 }
952
953 neigh_update(neigh, lladdr,
954 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
955 NEIGH_UPDATE_F_WEAK_OVERRIDE|
956 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
957 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
958 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0));
959
960 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
961 /*
962 * Change: router to host
963 */
964 struct rt6_info *rt;
965 rt = rt6_get_dflt_router(saddr, dev);
966 if (rt)
967 ip6_del_rt(rt);
968 }
969
970 out:
971 neigh_release(neigh);
972 }
973 }
974
975 static void ndisc_recv_rs(struct sk_buff *skb)
976 {
977 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
978 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
979 struct neighbour *neigh;
980 struct inet6_dev *idev;
981 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
982 struct ndisc_options ndopts;
983 u8 *lladdr = NULL;
984
985 if (skb->len < sizeof(*rs_msg))
986 return;
987
988 idev = in6_dev_get(skb->dev);
989 if (!idev) {
990 if (net_ratelimit())
991 ND_PRINTK1("ICMP6 RS: can't find in6 device\n");
992 return;
993 }
994
995 /* Don't accept RS if we're not in router mode */
996 if (!idev->cnf.forwarding)
997 goto out;
998
999 /*
1000 * Don't update NCE if src = ::;
1001 * this implies that the source node has no ip address assigned yet.
1002 */
1003 if (ipv6_addr_any(saddr))
1004 goto out;
1005
1006 /* Parse ND options */
1007 if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) {
1008 if (net_ratelimit())
1009 ND_PRINTK2("ICMP6 NS: invalid ND option, ignored\n");
1010 goto out;
1011 }
1012
1013 if (ndopts.nd_opts_src_lladdr) {
1014 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1015 skb->dev);
1016 if (!lladdr)
1017 goto out;
1018 }
1019
1020 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1021 if (neigh) {
1022 neigh_update(neigh, lladdr, NUD_STALE,
1023 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1024 NEIGH_UPDATE_F_OVERRIDE|
1025 NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
1026 neigh_release(neigh);
1027 }
1028 out:
1029 in6_dev_put(idev);
1030 }
1031
1032 static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1033 {
1034 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1035 struct sk_buff *skb;
1036 struct nlmsghdr *nlh;
1037 struct nduseroptmsg *ndmsg;
1038 int err;
1039 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1040 + (opt->nd_opt_len << 3));
1041 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1042
1043 skb = nlmsg_new(msg_size, GFP_ATOMIC);
1044 if (skb == NULL) {
1045 err = -ENOBUFS;
1046 goto errout;
1047 }
1048
1049 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1050 if (nlh == NULL) {
1051 goto nla_put_failure;
1052 }
1053
1054 ndmsg = nlmsg_data(nlh);
1055 ndmsg->nduseropt_family = AF_INET6;
1056 ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1057 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1058 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1059 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1060
1061 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1062
1063 NLA_PUT(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr),
1064 &ipv6_hdr(ra)->saddr);
1065 nlmsg_end(skb, nlh);
1066
1067 err = rtnl_notify(skb, &init_net, 0, RTNLGRP_ND_USEROPT, NULL,
1068 GFP_ATOMIC);
1069 if (err < 0)
1070 goto errout;
1071
1072 return;
1073
1074 nla_put_failure:
1075 nlmsg_free(skb);
1076 err = -EMSGSIZE;
1077 errout:
1078 rtnl_set_sk_err(&init_net, RTNLGRP_ND_USEROPT, err);
1079 }
1080
1081 static void ndisc_router_discovery(struct sk_buff *skb)
1082 {
1083 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1084 struct neighbour *neigh = NULL;
1085 struct inet6_dev *in6_dev;
1086 struct rt6_info *rt = NULL;
1087 int lifetime;
1088 struct ndisc_options ndopts;
1089 int optlen;
1090 unsigned int pref = 0;
1091
1092 __u8 * opt = (__u8 *)(ra_msg + 1);
1093
1094 optlen = (skb->tail - skb->transport_header) - sizeof(struct ra_msg);
1095
1096 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1097 ND_PRINTK2(KERN_WARNING
1098 "ICMPv6 RA: source address is not link-local.\n");
1099 return;
1100 }
1101 if (optlen < 0) {
1102 ND_PRINTK2(KERN_WARNING
1103 "ICMPv6 RA: packet too short\n");
1104 return;
1105 }
1106
1107 /*
1108 * set the RA_RECV flag in the interface
1109 */
1110
1111 in6_dev = in6_dev_get(skb->dev);
1112 if (in6_dev == NULL) {
1113 ND_PRINTK0(KERN_ERR
1114 "ICMPv6 RA: can't find inet6 device for %s.\n",
1115 skb->dev->name);
1116 return;
1117 }
1118 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_ra) {
1119 in6_dev_put(in6_dev);
1120 return;
1121 }
1122
1123 if (!ndisc_parse_options(opt, optlen, &ndopts)) {
1124 in6_dev_put(in6_dev);
1125 ND_PRINTK2(KERN_WARNING
1126 "ICMP6 RA: invalid ND options\n");
1127 return;
1128 }
1129
1130 if (in6_dev->if_flags & IF_RS_SENT) {
1131 /*
1132 * flag that an RA was received after an RS was sent
1133 * out on this interface.
1134 */
1135 in6_dev->if_flags |= IF_RA_RCVD;
1136 }
1137
1138 /*
1139 * Remember the managed/otherconf flags from most recently
1140 * received RA message (RFC 2462) -- yoshfuji
1141 */
1142 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1143 IF_RA_OTHERCONF)) |
1144 (ra_msg->icmph.icmp6_addrconf_managed ?
1145 IF_RA_MANAGED : 0) |
1146 (ra_msg->icmph.icmp6_addrconf_other ?
1147 IF_RA_OTHERCONF : 0);
1148
1149 if (!in6_dev->cnf.accept_ra_defrtr)
1150 goto skip_defrtr;
1151
1152 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1153
1154 #ifdef CONFIG_IPV6_ROUTER_PREF
1155 pref = ra_msg->icmph.icmp6_router_pref;
1156 /* 10b is handled as if it were 00b (medium) */
1157 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1158 !in6_dev->cnf.accept_ra_rtr_pref)
1159 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1160 #endif
1161
1162 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1163
1164 if (rt)
1165 neigh = rt->rt6i_nexthop;
1166
1167 if (rt && lifetime == 0) {
1168 neigh_clone(neigh);
1169 ip6_del_rt(rt);
1170 rt = NULL;
1171 }
1172
1173 if (rt == NULL && lifetime) {
1174 ND_PRINTK3(KERN_DEBUG
1175 "ICMPv6 RA: adding default router.\n");
1176
1177 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
1178 if (rt == NULL) {
1179 ND_PRINTK0(KERN_ERR
1180 "ICMPv6 RA: %s() failed to add default route.\n",
1181 __FUNCTION__);
1182 in6_dev_put(in6_dev);
1183 return;
1184 }
1185
1186 neigh = rt->rt6i_nexthop;
1187 if (neigh == NULL) {
1188 ND_PRINTK0(KERN_ERR
1189 "ICMPv6 RA: %s() got default router without neighbour.\n",
1190 __FUNCTION__);
1191 dst_release(&rt->u.dst);
1192 in6_dev_put(in6_dev);
1193 return;
1194 }
1195 neigh->flags |= NTF_ROUTER;
1196 } else if (rt) {
1197 rt->rt6i_flags |= (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1198 }
1199
1200 if (rt)
1201 rt->rt6i_expires = jiffies + (HZ * lifetime);
1202
1203 if (ra_msg->icmph.icmp6_hop_limit) {
1204 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1205 if (rt)
1206 rt->u.dst.metrics[RTAX_HOPLIMIT-1] = ra_msg->icmph.icmp6_hop_limit;
1207 }
1208
1209 skip_defrtr:
1210
1211 /*
1212 * Update Reachable Time and Retrans Timer
1213 */
1214
1215 if (in6_dev->nd_parms) {
1216 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1217
1218 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1219 rtime = (rtime*HZ)/1000;
1220 if (rtime < HZ/10)
1221 rtime = HZ/10;
1222 in6_dev->nd_parms->retrans_time = rtime;
1223 in6_dev->tstamp = jiffies;
1224 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1225 }
1226
1227 rtime = ntohl(ra_msg->reachable_time);
1228 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1229 rtime = (rtime*HZ)/1000;
1230
1231 if (rtime < HZ/10)
1232 rtime = HZ/10;
1233
1234 if (rtime != in6_dev->nd_parms->base_reachable_time) {
1235 in6_dev->nd_parms->base_reachable_time = rtime;
1236 in6_dev->nd_parms->gc_staletime = 3 * rtime;
1237 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1238 in6_dev->tstamp = jiffies;
1239 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1240 }
1241 }
1242 }
1243
1244 /*
1245 * Process options.
1246 */
1247
1248 if (!neigh)
1249 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1250 skb->dev, 1);
1251 if (neigh) {
1252 u8 *lladdr = NULL;
1253 if (ndopts.nd_opts_src_lladdr) {
1254 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1255 skb->dev);
1256 if (!lladdr) {
1257 ND_PRINTK2(KERN_WARNING
1258 "ICMPv6 RA: invalid link-layer address length\n");
1259 goto out;
1260 }
1261 }
1262 neigh_update(neigh, lladdr, NUD_STALE,
1263 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1264 NEIGH_UPDATE_F_OVERRIDE|
1265 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1266 NEIGH_UPDATE_F_ISROUTER);
1267 }
1268
1269 #ifdef CONFIG_IPV6_ROUTE_INFO
1270 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1271 struct nd_opt_hdr *p;
1272 for (p = ndopts.nd_opts_ri;
1273 p;
1274 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1275 if (((struct route_info *)p)->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1276 continue;
1277 rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3,
1278 &ipv6_hdr(skb)->saddr);
1279 }
1280 }
1281 #endif
1282
1283 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1284 struct nd_opt_hdr *p;
1285 for (p = ndopts.nd_opts_pi;
1286 p;
1287 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1288 addrconf_prefix_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3);
1289 }
1290 }
1291
1292 if (ndopts.nd_opts_mtu) {
1293 __be32 n;
1294 u32 mtu;
1295
1296 memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1297 mtu = ntohl(n);
1298
1299 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1300 ND_PRINTK2(KERN_WARNING
1301 "ICMPv6 RA: invalid mtu: %d\n",
1302 mtu);
1303 } else if (in6_dev->cnf.mtu6 != mtu) {
1304 in6_dev->cnf.mtu6 = mtu;
1305
1306 if (rt)
1307 rt->u.dst.metrics[RTAX_MTU-1] = mtu;
1308
1309 rt6_mtu_change(skb->dev, mtu);
1310 }
1311 }
1312
1313 if (ndopts.nd_useropts) {
1314 struct nd_opt_hdr *p;
1315 for (p = ndopts.nd_useropts;
1316 p;
1317 p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) {
1318 ndisc_ra_useropt(skb, p);
1319 }
1320 }
1321
1322 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1323 ND_PRINTK2(KERN_WARNING
1324 "ICMPv6 RA: invalid RA options");
1325 }
1326 out:
1327 if (rt)
1328 dst_release(&rt->u.dst);
1329 else if (neigh)
1330 neigh_release(neigh);
1331 in6_dev_put(in6_dev);
1332 }
1333
1334 static void ndisc_redirect_rcv(struct sk_buff *skb)
1335 {
1336 struct inet6_dev *in6_dev;
1337 struct icmp6hdr *icmph;
1338 struct in6_addr *dest;
1339 struct in6_addr *target; /* new first hop to destination */
1340 struct neighbour *neigh;
1341 int on_link = 0;
1342 struct ndisc_options ndopts;
1343 int optlen;
1344 u8 *lladdr = NULL;
1345
1346 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1347 ND_PRINTK2(KERN_WARNING
1348 "ICMPv6 Redirect: source address is not link-local.\n");
1349 return;
1350 }
1351
1352 optlen = skb->tail - skb->transport_header;
1353 optlen -= sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1354
1355 if (optlen < 0) {
1356 ND_PRINTK2(KERN_WARNING
1357 "ICMPv6 Redirect: packet too short\n");
1358 return;
1359 }
1360
1361 icmph = icmp6_hdr(skb);
1362 target = (struct in6_addr *) (icmph + 1);
1363 dest = target + 1;
1364
1365 if (ipv6_addr_is_multicast(dest)) {
1366 ND_PRINTK2(KERN_WARNING
1367 "ICMPv6 Redirect: destination address is multicast.\n");
1368 return;
1369 }
1370
1371 if (ipv6_addr_equal(dest, target)) {
1372 on_link = 1;
1373 } else if (ipv6_addr_type(target) !=
1374 (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1375 ND_PRINTK2(KERN_WARNING
1376 "ICMPv6 Redirect: target address is not link-local unicast.\n");
1377 return;
1378 }
1379
1380 in6_dev = in6_dev_get(skb->dev);
1381 if (!in6_dev)
1382 return;
1383 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects) {
1384 in6_dev_put(in6_dev);
1385 return;
1386 }
1387
1388 /* RFC2461 8.1:
1389 * The IP source address of the Redirect MUST be the same as the current
1390 * first-hop router for the specified ICMP Destination Address.
1391 */
1392
1393 if (!ndisc_parse_options((u8*)(dest + 1), optlen, &ndopts)) {
1394 ND_PRINTK2(KERN_WARNING
1395 "ICMPv6 Redirect: invalid ND options\n");
1396 in6_dev_put(in6_dev);
1397 return;
1398 }
1399 if (ndopts.nd_opts_tgt_lladdr) {
1400 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr,
1401 skb->dev);
1402 if (!lladdr) {
1403 ND_PRINTK2(KERN_WARNING
1404 "ICMPv6 Redirect: invalid link-layer address length\n");
1405 in6_dev_put(in6_dev);
1406 return;
1407 }
1408 }
1409
1410 neigh = __neigh_lookup(&nd_tbl, target, skb->dev, 1);
1411 if (neigh) {
1412 rt6_redirect(dest, &ipv6_hdr(skb)->daddr,
1413 &ipv6_hdr(skb)->saddr, neigh, lladdr,
1414 on_link);
1415 neigh_release(neigh);
1416 }
1417 in6_dev_put(in6_dev);
1418 }
1419
1420 void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh,
1421 struct in6_addr *target)
1422 {
1423 struct sock *sk = ndisc_socket->sk;
1424 int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1425 struct sk_buff *buff;
1426 struct icmp6hdr *icmph;
1427 struct in6_addr saddr_buf;
1428 struct in6_addr *addrp;
1429 struct net_device *dev;
1430 struct rt6_info *rt;
1431 struct dst_entry *dst;
1432 struct inet6_dev *idev;
1433 struct flowi fl;
1434 u8 *opt;
1435 int rd_len;
1436 int err;
1437 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL;
1438
1439 dev = skb->dev;
1440
1441 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1442 ND_PRINTK2(KERN_WARNING
1443 "ICMPv6 Redirect: no link-local address on %s\n",
1444 dev->name);
1445 return;
1446 }
1447
1448 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1449 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1450 ND_PRINTK2(KERN_WARNING
1451 "ICMPv6 Redirect: target address is not link-local unicast.\n");
1452 return;
1453 }
1454
1455 ndisc_flow_init(&fl, NDISC_REDIRECT, &saddr_buf, &ipv6_hdr(skb)->saddr,
1456 dev->ifindex);
1457
1458 dst = ip6_route_output(NULL, &fl);
1459 if (dst == NULL)
1460 return;
1461
1462 err = xfrm_lookup(&dst, &fl, NULL, 0);
1463 if (err)
1464 return;
1465
1466 rt = (struct rt6_info *) dst;
1467
1468 if (rt->rt6i_flags & RTF_GATEWAY) {
1469 ND_PRINTK2(KERN_WARNING
1470 "ICMPv6 Redirect: destination is not a neighbour.\n");
1471 dst_release(dst);
1472 return;
1473 }
1474 if (!xrlim_allow(dst, 1*HZ)) {
1475 dst_release(dst);
1476 return;
1477 }
1478
1479 if (dev->addr_len) {
1480 read_lock_bh(&neigh->lock);
1481 if (neigh->nud_state & NUD_VALID) {
1482 memcpy(ha_buf, neigh->ha, dev->addr_len);
1483 read_unlock_bh(&neigh->lock);
1484 ha = ha_buf;
1485 len += ndisc_opt_addr_space(dev);
1486 } else
1487 read_unlock_bh(&neigh->lock);
1488 }
1489
1490 rd_len = min_t(unsigned int,
1491 IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8);
1492 rd_len &= ~0x7;
1493 len += rd_len;
1494
1495 buff = sock_alloc_send_skb(sk,
1496 (MAX_HEADER + sizeof(struct ipv6hdr) +
1497 len + LL_RESERVED_SPACE(dev)),
1498 1, &err);
1499 if (buff == NULL) {
1500 ND_PRINTK0(KERN_ERR
1501 "ICMPv6 Redirect: %s() failed to allocate an skb.\n",
1502 __FUNCTION__);
1503 dst_release(dst);
1504 return;
1505 }
1506
1507
1508 skb_reserve(buff, LL_RESERVED_SPACE(dev));
1509 ip6_nd_hdr(sk, buff, dev, &saddr_buf, &ipv6_hdr(skb)->saddr,
1510 IPPROTO_ICMPV6, len);
1511
1512 skb_set_transport_header(buff, skb_tail_pointer(buff) - buff->data);
1513 skb_put(buff, len);
1514 icmph = icmp6_hdr(buff);
1515
1516 memset(icmph, 0, sizeof(struct icmp6hdr));
1517 icmph->icmp6_type = NDISC_REDIRECT;
1518
1519 /*
1520 * copy target and destination addresses
1521 */
1522
1523 addrp = (struct in6_addr *)(icmph + 1);
1524 ipv6_addr_copy(addrp, target);
1525 addrp++;
1526 ipv6_addr_copy(addrp, &ipv6_hdr(skb)->daddr);
1527
1528 opt = (u8*) (addrp + 1);
1529
1530 /*
1531 * include target_address option
1532 */
1533
1534 if (ha)
1535 opt = ndisc_fill_addr_option(opt, ND_OPT_TARGET_LL_ADDR, ha,
1536 dev->addr_len, dev->type);
1537
1538 /*
1539 * build redirect option and copy skb over to the new packet.
1540 */
1541
1542 memset(opt, 0, 8);
1543 *(opt++) = ND_OPT_REDIRECT_HDR;
1544 *(opt++) = (rd_len >> 3);
1545 opt += 6;
1546
1547 memcpy(opt, ipv6_hdr(skb), rd_len - 8);
1548
1549 icmph->icmp6_cksum = csum_ipv6_magic(&saddr_buf, &ipv6_hdr(skb)->saddr,
1550 len, IPPROTO_ICMPV6,
1551 csum_partial((u8 *) icmph, len, 0));
1552
1553 buff->dst = dst;
1554 idev = in6_dev_get(dst->dev);
1555 IP6_INC_STATS(idev, IPSTATS_MIB_OUTREQUESTS);
1556 err = NF_HOOK(PF_INET6, NF_INET_LOCAL_OUT, buff, NULL, dst->dev,
1557 dst_output);
1558 if (!err) {
1559 ICMP6MSGOUT_INC_STATS(idev, NDISC_REDIRECT);
1560 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS);
1561 }
1562
1563 if (likely(idev != NULL))
1564 in6_dev_put(idev);
1565 }
1566
1567 static void pndisc_redo(struct sk_buff *skb)
1568 {
1569 ndisc_recv_ns(skb);
1570 kfree_skb(skb);
1571 }
1572
1573 int ndisc_rcv(struct sk_buff *skb)
1574 {
1575 struct nd_msg *msg;
1576
1577 if (!pskb_may_pull(skb, skb->len))
1578 return 0;
1579
1580 msg = (struct nd_msg *)skb_transport_header(skb);
1581
1582 __skb_push(skb, skb->data - skb_transport_header(skb));
1583
1584 if (ipv6_hdr(skb)->hop_limit != 255) {
1585 ND_PRINTK2(KERN_WARNING
1586 "ICMPv6 NDISC: invalid hop-limit: %d\n",
1587 ipv6_hdr(skb)->hop_limit);
1588 return 0;
1589 }
1590
1591 if (msg->icmph.icmp6_code != 0) {
1592 ND_PRINTK2(KERN_WARNING
1593 "ICMPv6 NDISC: invalid ICMPv6 code: %d\n",
1594 msg->icmph.icmp6_code);
1595 return 0;
1596 }
1597
1598 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1599
1600 switch (msg->icmph.icmp6_type) {
1601 case NDISC_NEIGHBOUR_SOLICITATION:
1602 ndisc_recv_ns(skb);
1603 break;
1604
1605 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1606 ndisc_recv_na(skb);
1607 break;
1608
1609 case NDISC_ROUTER_SOLICITATION:
1610 ndisc_recv_rs(skb);
1611 break;
1612
1613 case NDISC_ROUTER_ADVERTISEMENT:
1614 ndisc_router_discovery(skb);
1615 break;
1616
1617 case NDISC_REDIRECT:
1618 ndisc_redirect_rcv(skb);
1619 break;
1620 }
1621
1622 return 0;
1623 }
1624
1625 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1626 {
1627 struct net_device *dev = ptr;
1628
1629 if (dev->nd_net != &init_net)
1630 return NOTIFY_DONE;
1631
1632 switch (event) {
1633 case NETDEV_CHANGEADDR:
1634 neigh_changeaddr(&nd_tbl, dev);
1635 fib6_run_gc(~0UL);
1636 break;
1637 case NETDEV_DOWN:
1638 neigh_ifdown(&nd_tbl, dev);
1639 fib6_run_gc(~0UL);
1640 break;
1641 default:
1642 break;
1643 }
1644
1645 return NOTIFY_DONE;
1646 }
1647
1648 static struct notifier_block ndisc_netdev_notifier = {
1649 .notifier_call = ndisc_netdev_event,
1650 };
1651
1652 #ifdef CONFIG_SYSCTL
1653 static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1654 const char *func, const char *dev_name)
1655 {
1656 static char warncomm[TASK_COMM_LEN];
1657 static int warned;
1658 if (strcmp(warncomm, current->comm) && warned < 5) {
1659 strcpy(warncomm, current->comm);
1660 printk(KERN_WARNING
1661 "process `%s' is using deprecated sysctl (%s) "
1662 "net.ipv6.neigh.%s.%s; "
1663 "Use net.ipv6.neigh.%s.%s_ms "
1664 "instead.\n",
1665 warncomm, func,
1666 dev_name, ctl->procname,
1667 dev_name, ctl->procname);
1668 warned++;
1669 }
1670 }
1671
1672 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, struct file * filp, void __user *buffer, size_t *lenp, loff_t *ppos)
1673 {
1674 struct net_device *dev = ctl->extra1;
1675 struct inet6_dev *idev;
1676 int ret;
1677
1678 if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1679 (strcmp(ctl->procname, "base_reachable_time") == 0))
1680 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1681
1682 if (strcmp(ctl->procname, "retrans_time") == 0)
1683 ret = proc_dointvec(ctl, write, filp, buffer, lenp, ppos);
1684
1685 else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1686 ret = proc_dointvec_jiffies(ctl, write,
1687 filp, buffer, lenp, ppos);
1688
1689 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1690 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1691 ret = proc_dointvec_ms_jiffies(ctl, write,
1692 filp, buffer, lenp, ppos);
1693 else
1694 ret = -1;
1695
1696 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1697 if (ctl->data == &idev->nd_parms->base_reachable_time)
1698 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time);
1699 idev->tstamp = jiffies;
1700 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1701 in6_dev_put(idev);
1702 }
1703 return ret;
1704 }
1705
1706 static int ndisc_ifinfo_sysctl_strategy(ctl_table *ctl, int __user *name,
1707 int nlen, void __user *oldval,
1708 size_t __user *oldlenp,
1709 void __user *newval, size_t newlen)
1710 {
1711 struct net_device *dev = ctl->extra1;
1712 struct inet6_dev *idev;
1713 int ret;
1714
1715 if (ctl->ctl_name == NET_NEIGH_RETRANS_TIME ||
1716 ctl->ctl_name == NET_NEIGH_REACHABLE_TIME)
1717 ndisc_warn_deprecated_sysctl(ctl, "procfs", dev ? dev->name : "default");
1718
1719 switch (ctl->ctl_name) {
1720 case NET_NEIGH_REACHABLE_TIME:
1721 ret = sysctl_jiffies(ctl, name, nlen,
1722 oldval, oldlenp, newval, newlen);
1723 break;
1724 case NET_NEIGH_RETRANS_TIME_MS:
1725 case NET_NEIGH_REACHABLE_TIME_MS:
1726 ret = sysctl_ms_jiffies(ctl, name, nlen,
1727 oldval, oldlenp, newval, newlen);
1728 break;
1729 default:
1730 ret = 0;
1731 }
1732
1733 if (newval && newlen && ret > 0 &&
1734 dev && (idev = in6_dev_get(dev)) != NULL) {
1735 if (ctl->ctl_name == NET_NEIGH_REACHABLE_TIME ||
1736 ctl->ctl_name == NET_NEIGH_REACHABLE_TIME_MS)
1737 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time);
1738 idev->tstamp = jiffies;
1739 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1740 in6_dev_put(idev);
1741 }
1742
1743 return ret;
1744 }
1745
1746 #endif
1747
1748 int __init ndisc_init(struct net_proto_family *ops)
1749 {
1750 struct ipv6_pinfo *np;
1751 struct sock *sk;
1752 int err;
1753
1754 err = sock_create_kern(PF_INET6, SOCK_RAW, IPPROTO_ICMPV6, &ndisc_socket);
1755 if (err < 0) {
1756 ND_PRINTK0(KERN_ERR
1757 "ICMPv6 NDISC: Failed to initialize the control socket (err %d).\n",
1758 err);
1759 ndisc_socket = NULL; /* For safety. */
1760 return err;
1761 }
1762
1763 sk = ndisc_socket->sk;
1764 np = inet6_sk(sk);
1765 sk->sk_allocation = GFP_ATOMIC;
1766 np->hop_limit = 255;
1767 /* Do not loopback ndisc messages */
1768 np->mc_loop = 0;
1769 sk->sk_prot->unhash(sk);
1770
1771 /*
1772 * Initialize the neighbour table
1773 */
1774
1775 neigh_table_init(&nd_tbl);
1776
1777 #ifdef CONFIG_SYSCTL
1778 neigh_sysctl_register(NULL, &nd_tbl.parms, NET_IPV6, NET_IPV6_NEIGH,
1779 "ipv6",
1780 &ndisc_ifinfo_sysctl_change,
1781 &ndisc_ifinfo_sysctl_strategy);
1782 #endif
1783
1784 register_netdevice_notifier(&ndisc_netdev_notifier);
1785 return 0;
1786 }
1787
1788 void ndisc_cleanup(void)
1789 {
1790 unregister_netdevice_notifier(&ndisc_netdev_notifier);
1791 #ifdef CONFIG_SYSCTL
1792 neigh_sysctl_unregister(&nd_tbl.parms);
1793 #endif
1794 neigh_table_clear(&nd_tbl);
1795 sock_release(ndisc_socket);
1796 ndisc_socket = NULL; /* For safety. */
1797 }
1798
|
This page was automatically generated by the
LXR engine.
|