projects / GitHub / LineageOS / android_kernel_motorola_exynos9610.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
vti6: better validate user provided tunnel names
[GitHub/LineageOS/android_kernel_motorola_exynos9610.git] / net / ipv6 / ndisc.c
CommitLineData
1da177e4
LT		 1/*
2 * Neighbour Discovery for IPv6
1ab1457c 3 * Linux INET6 implementation
1da177e4
LT		 4 *
5 * Authors:
1ab1457c 6 * Pedro Roque <roque@di.fc.ul.pt>
1da177e4
LT		 7 * Mike Shaver <shaver@ingenia.com>
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version
12 * 2 of the License, or (at your option) any later version.
13 */
14
15/*
16 * Changes:
17 *
e35f30c1 18 * Alexey I. Froloff : RFC6106 (DNSSL) support
31910575
PY		 19 * Pierre Ynard : export userland ND options
20 * through netlink (RDNSS support)
1da177e4
LT		 21 * Lars Fenneberg : fixed MTU setting on receipt
22 * of an RA.
1da177e4
LT		 23 * Janos Farkas : kmalloc failure checks
24 * Alexey Kuznetsov : state machine reworked
25 * and moved to net/core.
26 * Pekka Savola : RFC2461 validation
27 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly
28 */
29
675418d5 30#define pr_fmt(fmt) "ICMPv6: " fmt
1da177e4
LT		 31
32#include <linux/module.h>
1da177e4
LT		 33#include <linux/errno.h>
34#include <linux/types.h>
35#include <linux/socket.h>
36#include <linux/sockios.h>
37#include <linux/sched.h>
38#include <linux/net.h>
39#include <linux/in6.h>
40#include <linux/route.h>
41#include <linux/init.h>
42#include <linux/rcupdate.h>
5a0e3ad6 43#include <linux/slab.h>
1da177e4
LT		 44#ifdef CONFIG_SYSCTL
45#include <linux/sysctl.h>
46#endif
47
1823730f 48#include <linux/if_addr.h>
1da177e4
LT		 49#include <linux/if_arp.h>
50#include <linux/ipv6.h>
51#include <linux/icmpv6.h>
52#include <linux/jhash.h>
53
54#include <net/sock.h>
55#include <net/snmp.h>
56
57#include <net/ipv6.h>
58#include <net/protocol.h>
59#include <net/ndisc.h>
60#include <net/ip6_route.h>
61#include <net/addrconf.h>
62#include <net/icmp.h>
63
31910575
PY		 64#include <net/netlink.h>
65#include <linux/rtnetlink.h>
66
1da177e4
LT		 67#include <net/flow.h>
68#include <net/ip6_checksum.h>
1ed8516f 69#include <net/inet_common.h>
1da177e4
LT		 70#include <linux/proc_fs.h>
71
72#include <linux/netfilter.h>
73#include <linux/netfilter_ipv6.h>
74
d6bf7817
ED		 75static u32 ndisc_hash(const void *pkey,
76 const struct net_device *dev,
2c2aba6c 77 __u32 *hash_rnd);
60395a20 78static bool ndisc_key_eq(const struct neighbour *neigh, const void *pkey);
1da177e4
LT		 79static int ndisc_constructor(struct neighbour *neigh);
80static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
81static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
82static int pndisc_constructor(struct pneigh_entry *n);
83static void pndisc_destructor(struct pneigh_entry *n);
84static void pndisc_redo(struct sk_buff *skb);
85
89d69d2b 86static const struct neigh_ops ndisc_generic_ops = {
1da177e4
LT		 87 .family = AF_INET6,
88 .solicit = ndisc_solicit,
89 .error_report = ndisc_error_report,
90 .output = neigh_resolve_output,
91 .connected_output = neigh_connected_output,
1da177e4
LT		 92};
93
89d69d2b 94static const struct neigh_ops ndisc_hh_ops = {
1da177e4
LT		 95 .family = AF_INET6,
96 .solicit = ndisc_solicit,
97 .error_report = ndisc_error_report,
98 .output = neigh_resolve_output,
99 .connected_output = neigh_resolve_output,
1da177e4
LT		 100};
101
102
89d69d2b 103static const struct neigh_ops ndisc_direct_ops = {
1da177e4 104 .family = AF_INET6,
8f40b161
DM		 105 .output = neigh_direct_output,
106 .connected_output = neigh_direct_output,
1da177e4
LT		 107};
108
109struct neigh_table nd_tbl = {
110 .family = AF_INET6,
1da177e4 111 .key_len = sizeof(struct in6_addr),
bdf53c58 112 .protocol = cpu_to_be16(ETH_P_IPV6),
1da177e4 113 .hash = ndisc_hash,
60395a20 114 .key_eq = ndisc_key_eq,
1da177e4
LT		 115 .constructor = ndisc_constructor,
116 .pconstructor = pndisc_constructor,
117 .pdestructor = pndisc_destructor,
118 .proxy_redo = pndisc_redo,
119 .id = "ndisc_cache",
120 .parms = {
b672083e 121 .tbl = &nd_tbl,
b672083e 122 .reachable_time = ND_REACHABLE_TIME,
1f9248e5
JP		 123 .data = {
124 [NEIGH_VAR_MCAST_PROBES] = 3,
125 [NEIGH_VAR_UCAST_PROBES] = 3,
126 [NEIGH_VAR_RETRANS_TIME] = ND_RETRANS_TIMER,
127 [NEIGH_VAR_BASE_REACHABLE_TIME] = ND_REACHABLE_TIME,
128 [NEIGH_VAR_DELAY_PROBE_TIME] = 5 * HZ,
129 [NEIGH_VAR_GC_STALETIME] = 60 * HZ,
eaa72dc4 130 [NEIGH_VAR_QUEUE_LEN_BYTES] = SK_WMEM_MAX,
1f9248e5
JP		 131 [NEIGH_VAR_PROXY_QLEN] = 64,
132 [NEIGH_VAR_ANYCAST_DELAY] = 1 * HZ,
133 [NEIGH_VAR_PROXY_DELAY] = (8 * HZ) / 10,
134 },
1da177e4
LT		 135 },
136 .gc_interval = 30 * HZ,
137 .gc_thresh1 = 128,
138 .gc_thresh2 = 512,
139 .gc_thresh3 = 1024,
140};
c4850687 141EXPORT_SYMBOL_GPL(nd_tbl);
1da177e4 142
cc84b3c6
AA		 143void __ndisc_fill_addr_option(struct sk_buff *skb, int type, void *data,
144 int data_len, int pad)
1da177e4 145{
8ec5da41 146 int space = __ndisc_opt_addr_space(data_len, pad);
5f5a0115 147 u8 *opt = skb_put(skb, space);
1da177e4
LT		 148
149 opt[0] = type;
150 opt[1] = space>>3;
151
152 memset(opt + 2, 0, pad);
153 opt += pad;
154 space -= pad;
155
156 memcpy(opt+2, data, data_len);
157 data_len += 2;
158 opt += data_len;
e5d08d71
IM		 159 space -= data_len;
160 if (space > 0)
1da177e4 161 memset(opt, 0, space);
1da177e4 162}
cc84b3c6 163EXPORT_SYMBOL_GPL(__ndisc_fill_addr_option);
1da177e4 164
8ec5da41 165static inline void ndisc_fill_addr_option(struct sk_buff *skb, int type,
f997c55c 166 void *data, u8 icmp6_type)
8ec5da41
AA		 167{
168 __ndisc_fill_addr_option(skb, type, data, skb->dev->addr_len,
169 ndisc_addr_option_pad(skb->dev->type));
f997c55c
AA		 170 ndisc_ops_fill_addr_option(skb->dev, skb, icmp6_type);
171}
172
173static inline void ndisc_fill_redirect_addr_option(struct sk_buff *skb,
174 void *ha,
175 const u8 *ops_data)
176{
177 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR, ha, NDISC_REDIRECT);
178 ndisc_ops_fill_redirect_addr_option(skb->dev, skb, ops_data);
8ec5da41
AA		 179}
180
1da177e4
LT		 181static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
182 struct nd_opt_hdr *end)
183{
184 int type;
185 if (!cur || !end || cur >= end)
186 return NULL;
187 type = cur->nd_opt_type;
188 do {
189 cur = ((void *)cur) + (cur->nd_opt_len << 3);
67ba4152 190 } while (cur < end && cur->nd_opt_type != type);
a02cec21 191 return cur <= end && cur->nd_opt_type == type ? cur : NULL;
1da177e4
LT		 192}
193
f997c55c
AA		 194static inline int ndisc_is_useropt(const struct net_device *dev,
195 struct nd_opt_hdr *opt)
31910575 196{
e35f30c1 197 return opt->nd_opt_type == ND_OPT_RDNSS ||
f997c55c
AA		 198 opt->nd_opt_type == ND_OPT_DNSSL ||
199 ndisc_ops_is_useropt(dev, opt->nd_opt_type);
31910575
PY		 200}
201
f997c55c
AA		 202static struct nd_opt_hdr *ndisc_next_useropt(const struct net_device *dev,
203 struct nd_opt_hdr *cur,
31910575
PY		 204 struct nd_opt_hdr *end)
205{
206 if (!cur || !end || cur >= end)
207 return NULL;
208 do {
209 cur = ((void *)cur) + (cur->nd_opt_len << 3);
f997c55c
AA		 210 } while (cur < end && !ndisc_is_useropt(dev, cur));
211 return cur <= end && ndisc_is_useropt(dev, cur) ? cur : NULL;
31910575
PY		 212}
213
f997c55c
AA		 214struct ndisc_options *ndisc_parse_options(const struct net_device *dev,
215 u8 *opt, int opt_len,
30f2a5f3 216 struct ndisc_options *ndopts)
1da177e4
LT		 217{
218 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
219
220 if (!nd_opt || opt_len < 0 || !ndopts)
221 return NULL;
222 memset(ndopts, 0, sizeof(*ndopts));
223 while (opt_len) {
224 int l;
225 if (opt_len < sizeof(struct nd_opt_hdr))
226 return NULL;
227 l = nd_opt->nd_opt_len << 3;
228 if (opt_len < l || l == 0)
229 return NULL;
f997c55c
AA		 230 if (ndisc_ops_parse_options(dev, nd_opt, ndopts))
231 goto next_opt;
1da177e4
LT		 232 switch (nd_opt->nd_opt_type) {
233 case ND_OPT_SOURCE_LL_ADDR:
234 case ND_OPT_TARGET_LL_ADDR:
235 case ND_OPT_MTU:
adc176c5 236 case ND_OPT_NONCE:
1da177e4
LT		 237 case ND_OPT_REDIRECT_HDR:
238 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
675418d5
JP		 239 ND_PRINTK(2, warn,
240 "%s: duplicated ND6 option found: type=%d\n",
241 __func__, nd_opt->nd_opt_type);
1da177e4
LT		 242 } else {
243 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
244 }
245 break;
246 case ND_OPT_PREFIX_INFO:
247 ndopts->nd_opts_pi_end = nd_opt;
cfcabdcc 248 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
1da177e4
LT		 249 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
250 break;
70ceb4f5
YH		 251#ifdef CONFIG_IPV6_ROUTE_INFO
252 case ND_OPT_ROUTE_INFO:
253 ndopts->nd_opts_ri_end = nd_opt;
254 if (!ndopts->nd_opts_ri)
255 ndopts->nd_opts_ri = nd_opt;
256 break;
257#endif
1da177e4 258 default:
f997c55c 259 if (ndisc_is_useropt(dev, nd_opt)) {
31910575
PY		 260 ndopts->nd_useropts_end = nd_opt;
261 if (!ndopts->nd_useropts)
262 ndopts->nd_useropts = nd_opt;
263 } else {
264 /*
265 * Unknown options must be silently ignored,
266 * to accommodate future extension to the
267 * protocol.
268 */
675418d5
JP		 269 ND_PRINTK(2, notice,
270 "%s: ignored unsupported option; type=%d, len=%d\n",
271 __func__,
272 nd_opt->nd_opt_type,
273 nd_opt->nd_opt_len);
31910575 274 }
1da177e4 275 }
f997c55c 276next_opt:
1da177e4
LT		 277 opt_len -= l;
278 nd_opt = ((void *)nd_opt) + l;
279 }
280 return ndopts;
281}
282
b71d1d42 283int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
1da177e4
LT		 284{
285 switch (dev->type) {
286 case ARPHRD_ETHER:
287 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */
288 case ARPHRD_FDDI:
289 ipv6_eth_mc_map(addr, buf);
290 return 0;
1da177e4
LT		 291 case ARPHRD_ARCNET:
292 ipv6_arcnet_mc_map(addr, buf);
293 return 0;
294 case ARPHRD_INFINIBAND:
a9e527e3 295 ipv6_ib_mc_map(addr, dev->broadcast, buf);
1da177e4 296 return 0;
93ca3bb5
TT		 297 case ARPHRD_IPGRE:
298 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
1da177e4
LT		 299 default:
300 if (dir) {
301 memcpy(buf, dev->broadcast, dev->addr_len);
302 return 0;
303 }
304 }
305 return -EINVAL;
306}
7159039a
YH		 307EXPORT_SYMBOL(ndisc_mc_map);
308
d6bf7817
ED		 309static u32 ndisc_hash(const void *pkey,
310 const struct net_device *dev,
2c2aba6c 311 __u32 *hash_rnd)
1da177e4 312{
2c2aba6c 313 return ndisc_hashfn(pkey, dev, hash_rnd);
1da177e4
LT		 314}
315
60395a20
EB		 316static bool ndisc_key_eq(const struct neighbour *n, const void *pkey)
317{
318 return neigh_key_eq128(n, pkey);
319}
320
1da177e4
LT		 321static int ndisc_constructor(struct neighbour *neigh)
322{
67ba4152 323 struct in6_addr *addr = (struct in6_addr *)&neigh->primary_key;
1da177e4
LT		 324 struct net_device *dev = neigh->dev;
325 struct inet6_dev *in6_dev;
326 struct neigh_parms *parms;
a50feda5 327 bool is_multicast = ipv6_addr_is_multicast(addr);
1da177e4 328
1da177e4 329 in6_dev = in6_dev_get(dev);
63159f29 330 if (!in6_dev) {
1da177e4
LT		 331 return -EINVAL;
332 }
333
334 parms = in6_dev->nd_parms;
335 __neigh_parms_put(neigh->parms);
336 neigh->parms = neigh_parms_clone(parms);
1da177e4
LT		 337
338 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
3b04ddde 339 if (!dev->header_ops) {
1da177e4
LT		 340 neigh->nud_state = NUD_NOARP;
341 neigh->ops = &ndisc_direct_ops;
8f40b161 342 neigh->output = neigh_direct_output;
1da177e4
LT		 343 } else {
344 if (is_multicast) {
345 neigh->nud_state = NUD_NOARP;
346 ndisc_mc_map(addr, neigh->ha, dev, 1);
347 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
348 neigh->nud_state = NUD_NOARP;
349 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
350 if (dev->flags&IFF_LOOPBACK)
351 neigh->type = RTN_LOCAL;
352 } else if (dev->flags&IFF_POINTOPOINT) {
353 neigh->nud_state = NUD_NOARP;
354 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
355 }
3b04ddde 356 if (dev->header_ops->cache)
1da177e4
LT		 357 neigh->ops = &ndisc_hh_ops;
358 else
359 neigh->ops = &ndisc_generic_ops;
360 if (neigh->nud_state&NUD_VALID)
361 neigh->output = neigh->ops->connected_output;
362 else
363 neigh->output = neigh->ops->output;
364 }
365 in6_dev_put(in6_dev);
366 return 0;
367}
368
369static int pndisc_constructor(struct pneigh_entry *n)
370{
67ba4152 371 struct in6_addr *addr = (struct in6_addr *)&n->key;
1da177e4
LT		 372 struct in6_addr maddr;
373 struct net_device *dev = n->dev;
374
63159f29 375 if (!dev || !__in6_dev_get(dev))
1da177e4
LT		 376 return -EINVAL;
377 addrconf_addr_solict_mult(addr, &maddr);
378 ipv6_dev_mc_inc(dev, &maddr);
379 return 0;
380}
381
382static void pndisc_destructor(struct pneigh_entry *n)
383{
67ba4152 384 struct in6_addr *addr = (struct in6_addr *)&n->key;
1da177e4
LT		 385 struct in6_addr maddr;
386 struct net_device *dev = n->dev;
387
63159f29 388 if (!dev || !__in6_dev_get(dev))
1da177e4
LT		 389 return;
390 addrconf_addr_solict_mult(addr, &maddr);
391 ipv6_dev_mc_dec(dev, &maddr);
392}
393
de09334b
YH		 394static struct sk_buff *ndisc_alloc_skb(struct net_device *dev,
395 int len)
396{
397 int hlen = LL_RESERVED_SPACE(dev);
398 int tlen = dev->needed_tailroom;
399 struct sock *sk = dev_net(dev)->ipv6.ndisc_sk;
400 struct sk_buff *skb;
de09334b 401
25a6e6b8 402 skb = alloc_skb(hlen + sizeof(struct ipv6hdr) + len + tlen, GFP_ATOMIC);
de09334b 403 if (!skb) {
25a6e6b8
TG		 404 ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb\n",
405 __func__);
de09334b
YH		 406 return NULL;
407 }
408
f382d03a
YH		 409 skb->protocol = htons(ETH_P_IPV6);
410 skb->dev = dev;
411
527a150f 412 skb_reserve(skb, hlen + sizeof(struct ipv6hdr));
5135e633 413 skb_reset_transport_header(skb);
de09334b 414
25a6e6b8
TG		 415 /* Manually assign socket ownership as we avoid calling
416 * sock_alloc_send_pskb() to bypass wmem buffer limits
417 */
418 skb_set_owner_w(skb, sk);
419
de09334b
YH		 420 return skb;
421}
422
f382d03a 423static void ip6_nd_hdr(struct sk_buff *skb,
2576f17d
YH		 424 const struct in6_addr *saddr,
425 const struct in6_addr *daddr,
c8d6c380 426 int hop_limit, int len)
2576f17d
YH		 427{
428 struct ipv6hdr *hdr;
429
527a150f 430 skb_push(skb, sizeof(*hdr));
2576f17d 431 skb_reset_network_header(skb);
2576f17d
YH		 432 hdr = ipv6_hdr(skb);
433
434 ip6_flow_hdr(hdr, 0, 0);
435
436 hdr->payload_len = htons(len);
c8d6c380
YH		 437 hdr->nexthdr = IPPROTO_ICMPV6;
438 hdr->hop_limit = hop_limit;
2576f17d
YH		 439
440 hdr->saddr = *saddr;
441 hdr->daddr = *daddr;
442}
443
af9a9976 444static void ndisc_send_skb(struct sk_buff *skb,
fd0ea7db 445 const struct in6_addr *daddr,
aa4bdd4b 446 const struct in6_addr *saddr)
305d552a 447{
f4de84c6 448 struct dst_entry *dst = skb_dst(skb);
af9a9976 449 struct net *net = dev_net(skb->dev);
7b3d9b06 450 struct sock *sk = net->ipv6.ndisc_sk;
305d552a
BH		 451 struct inet6_dev *idev;
452 int err;
aa4bdd4b 453 struct icmp6hdr *icmp6h = icmp6_hdr(skb);
305d552a
BH		 454 u8 type;
455
456 type = icmp6h->icmp6_type;
457
f4de84c6 458 if (!dst) {
f4de84c6 459 struct flowi6 fl6;
e0d56fdd 460 int oif = skb->dev->ifindex;
305d552a 461
ca254490 462 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, oif);
f4de84c6
YH		 463 dst = icmp6_dst_alloc(skb->dev, &fl6);
464 if (IS_ERR(dst)) {
465 kfree_skb(skb);
466 return;
467 }
468
469 skb_dst_set(skb, dst);
470 }
e1ec7842 471
7b3d9b06
YH		 472 icmp6h->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len,
473 IPPROTO_ICMPV6,
474 csum_partial(icmp6h,
475 skb->len, 0));
476
477 ip6_nd_hdr(skb, saddr, daddr, inet6_sk(sk)->hop_limit, skb->len);
478
cfdf7647
ED		 479 rcu_read_lock();
480 idev = __in6_dev_get(dst->dev);
edf391ff 481 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
e1ec7842 482
29a26a56
EB		 483 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT,
484 net, sk, skb, NULL, dst->dev,
13206b6b 485 dst_output);
1da177e4 486 if (!err) {
5c5d244b 487 ICMP6MSGOUT_INC_STATS(net, idev, type);
a862f6a6 488 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
1da177e4
LT		 489 }
490
cfdf7647 491 rcu_read_unlock();
1ab1457c 492}
1da177e4 493
38cf595b 494void ndisc_send_na(struct net_device *dev, const struct in6_addr *daddr,
f564f45c
CW		 495 const struct in6_addr *solicited_addr,
496 bool router, bool solicited, bool override, bool inc_opt)
e1ec7842 497{
b44b5f4a 498 struct sk_buff *skb;
e1ec7842
YH		 499 struct in6_addr tmpaddr;
500 struct inet6_ifaddr *ifp;
9acd9f3a 501 const struct in6_addr *src_addr;
1cb3fe51
YH		 502 struct nd_msg *msg;
503 int optlen = 0;
e1ec7842
YH		 504
505 /* for anycast or proxy, solicited_addr != src_addr */
c346dca1 506 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
e1ec7842
YH		 507 if (ifp) {
508 src_addr = solicited_addr;
509 if (ifp->flags & IFA_F_OPTIMISTIC)
f2f79cca 510 override = false;
9f888160 511 inc_opt |= ifp->idev->cnf.force_tllao;
e1ec7842
YH		 512 in6_ifa_put(ifp);
513 } else {
191cd582 514 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
c346dca1 515 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
7cbca67c 516 &tmpaddr))
e1ec7842
YH		 517 return;
518 src_addr = &tmpaddr;
519 }
520
1cb3fe51
YH		 521 if (!dev->addr_len)
522 inc_opt = 0;
523 if (inc_opt)
f997c55c
AA		 524 optlen += ndisc_opt_addr_space(dev,
525 NDISC_NEIGHBOUR_ADVERTISEMENT);
e1ec7842 526
1cb3fe51 527 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
b44b5f4a
YH		 528 if (!skb)
529 return;
530
4df864c1 531 msg = skb_put(skb, sizeof(*msg));
1cb3fe51
YH		 532 *msg = (struct nd_msg) {
533 .icmph = {
534 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
535 .icmp6_router = router,
536 .icmp6_solicited = solicited,
537 .icmp6_override = override,
538 },
539 .target = *solicited_addr,
540 };
541
542 if (inc_opt)
543 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR,
f997c55c
AA		 544 dev->dev_addr,
545 NDISC_NEIGHBOUR_ADVERTISEMENT);
1cb3fe51 546
b44b5f4a 547 ndisc_send_skb(skb, daddr, src_addr);
e1ec7842
YH		 548}
549
f47b9464
BH		 550static void ndisc_send_unsol_na(struct net_device *dev)
551{
552 struct inet6_dev *idev;
553 struct inet6_ifaddr *ifa;
f47b9464
BH		 554
555 idev = in6_dev_get(dev);
556 if (!idev)
557 return;
558
559 read_lock_bh(&idev->lock);
560 list_for_each_entry(ifa, &idev->addr_list, if_list) {
07ca93e3
DA		 561 /* skip tentative addresses until dad completes */
562 if (ifa->flags & IFA_F_TENTATIVE &&
563 !(ifa->flags & IFA_F_OPTIMISTIC))
564 continue;
565
38cf595b 566 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &ifa->addr,
f47b9464
BH		 567 /*router=*/ !!idev->cnf.forwarding,
568 /*solicited=*/ false, /*override=*/ true,
569 /*inc_opt=*/ true);
570 }
571 read_unlock_bh(&idev->lock);
572
573 in6_dev_put(idev);
574}
575
38cf595b 576void ndisc_send_ns(struct net_device *dev, const struct in6_addr *solicit,
adc176c5
EN		 577 const struct in6_addr *daddr, const struct in6_addr *saddr,
578 u64 nonce)
1da177e4 579{
b44b5f4a 580 struct sk_buff *skb;
1da177e4 581 struct in6_addr addr_buf;
1cb3fe51
YH		 582 int inc_opt = dev->addr_len;
583 int optlen = 0;
584 struct nd_msg *msg;
1da177e4 585
63159f29 586 if (!saddr) {
95c385b4
NH		 587 if (ipv6_get_lladdr(dev, &addr_buf,
588 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
1da177e4
LT		 589 return;
590 saddr = &addr_buf;
591 }
592
1cb3fe51 593 if (ipv6_addr_any(saddr))
f2f79cca 594 inc_opt = false;
1cb3fe51 595 if (inc_opt)
f997c55c
AA		 596 optlen += ndisc_opt_addr_space(dev,
597 NDISC_NEIGHBOUR_SOLICITATION);
adc176c5
EN		 598 if (nonce != 0)
599 optlen += 8;
1cb3fe51
YH		 600
601 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
b44b5f4a
YH		 602 if (!skb)
603 return;
604
4df864c1 605 msg = skb_put(skb, sizeof(*msg));
1cb3fe51
YH		 606 *msg = (struct nd_msg) {
607 .icmph = {
608 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
609 },
610 .target = *solicit,
611 };
612
613 if (inc_opt)
614 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
f997c55c
AA		 615 dev->dev_addr,
616 NDISC_NEIGHBOUR_SOLICITATION);
adc176c5
EN		 617 if (nonce != 0) {
618 u8 *opt = skb_put(skb, 8);
619
620 opt[0] = ND_OPT_NONCE;
621 opt[1] = 8 >> 3;
622 memcpy(opt + 2, &nonce, 6);
623 }
1cb3fe51 624
b44b5f4a 625 ndisc_send_skb(skb, daddr, saddr);
1da177e4
LT		 626}
627
9acd9f3a
YH		 628void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
629 const struct in6_addr *daddr)
1da177e4 630{
b44b5f4a 631 struct sk_buff *skb;
1cb3fe51 632 struct rs_msg *msg;
95c385b4 633 int send_sllao = dev->addr_len;
1cb3fe51 634 int optlen = 0;
95c385b4
NH		 635
636#ifdef CONFIG_IPV6_OPTIMISTIC_DAD
637 /*
638 * According to section 2.2 of RFC 4429, we must not
639 * send router solicitations with a sllao from
640 * optimistic addresses, but we may send the solicitation
641 * if we don't include the sllao. So here we check
642 * if our address is optimistic, and if so, we
bea85195 643 * suppress the inclusion of the sllao.
95c385b4
NH		 644 */
645 if (send_sllao) {
c346dca1 646 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
1cab3da6 647 dev, 1);
95c385b4
NH		 648 if (ifp) {
649 if (ifp->flags & IFA_F_OPTIMISTIC) {
ca043569 650 send_sllao = 0;
95c385b4 651 }
ca043569 652 in6_ifa_put(ifp);
95c385b4
NH		 653 } else {
654 send_sllao = 0;
655 }
656 }
657#endif
1cb3fe51 658 if (send_sllao)
f997c55c 659 optlen += ndisc_opt_addr_space(dev, NDISC_ROUTER_SOLICITATION);
1cb3fe51
YH		 660
661 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
b44b5f4a
YH		 662 if (!skb)
663 return;
664
4df864c1 665 msg = skb_put(skb, sizeof(*msg));
1cb3fe51
YH		 666 *msg = (struct rs_msg) {
667 .icmph = {
668 .icmp6_type = NDISC_ROUTER_SOLICITATION,
669 },
670 };
671
672 if (send_sllao)
673 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
f997c55c
AA		 674 dev->dev_addr,
675 NDISC_ROUTER_SOLICITATION);
1cb3fe51 676
b44b5f4a 677 ndisc_send_skb(skb, daddr, saddr);
1da177e4 678}
1ab1457c 679
1da177e4
LT		 680
681static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
682{
683 /*
684 * "The sender MUST return an ICMP
685 * destination unreachable"
686 */
687 dst_link_failure(skb);
688 kfree_skb(skb);
689}
690
691/* Called with locked neigh: either read or both */
692
693static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
694{
695 struct in6_addr *saddr = NULL;
696 struct in6_addr mcaddr;
697 struct net_device *dev = neigh->dev;
698 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
699 int probes = atomic_read(&neigh->probes);
700
c58da4c6
EK		 701 if (skb && ipv6_chk_addr_and_flags(dev_net(dev), &ipv6_hdr(skb)->saddr,
702 dev, 1,
703 IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))
0660e03f 704 saddr = &ipv6_hdr(skb)->saddr;
e5d08d71
IM		 705 probes -= NEIGH_VAR(neigh->parms, UCAST_PROBES);
706 if (probes < 0) {
1da177e4 707 if (!(neigh->nud_state & NUD_VALID)) {
675418d5
JP		 708 ND_PRINTK(1, dbg,
709 "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
710 __func__, target);
1da177e4 711 }
adc176c5 712 ndisc_send_ns(dev, target, target, saddr, 0);
1f9248e5 713 } else if ((probes -= NEIGH_VAR(neigh->parms, APP_PROBES)) < 0) {
1da177e4 714 neigh_app_ns(neigh);
1da177e4
LT		 715 } else {
716 addrconf_addr_solict_mult(target, &mcaddr);
adc176c5 717 ndisc_send_ns(dev, target, &mcaddr, saddr, 0);
1da177e4
LT		 718 }
719}
720
0736ffc0
YH		 721static int pndisc_is_router(const void *pkey,
722 struct net_device *dev)
fa86d322
PE		 723{
724 struct pneigh_entry *n;
0736ffc0 725 int ret = -1;
fa86d322
PE		 726
727 read_lock_bh(&nd_tbl.lock);
0736ffc0
YH		 728 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
729 if (n)
730 ret = !!(n->flags & NTF_ROUTER);
fa86d322
PE		 731 read_unlock_bh(&nd_tbl.lock);
732
0736ffc0 733 return ret;
fa86d322
PE		 734}
735
f997c55c
AA		 736void ndisc_update(const struct net_device *dev, struct neighbour *neigh,
737 const u8 *lladdr, u8 new, u32 flags, u8 icmp6_type,
738 struct ndisc_options *ndopts)
739{
7b8f7a40 740 neigh_update(neigh, lladdr, new, flags, 0);
f997c55c
AA		 741 /* report ndisc ops about neighbour update */
742 ndisc_ops_update(dev, neigh, flags, icmp6_type, ndopts);
743}
744
1da177e4
LT		 745static void ndisc_recv_ns(struct sk_buff *skb)
746{
9c70220b 747 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
b71d1d42
ED		 748 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
749 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
1da177e4 750 u8 *lladdr = NULL;
29a3cad5 751 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
27a884dc 752 offsetof(struct nd_msg, opt));
1da177e4
LT		 753 struct ndisc_options ndopts;
754 struct net_device *dev = skb->dev;
755 struct inet6_ifaddr *ifp;
756 struct inet6_dev *idev = NULL;
757 struct neighbour *neigh;
758 int dad = ipv6_addr_any(saddr);
a50feda5 759 bool inc;
0736ffc0 760 int is_router = -1;
adc176c5 761 u64 nonce = 0;
1da177e4 762
115b0aa6
YH		 763 if (skb->len < sizeof(struct nd_msg)) {
764 ND_PRINTK(2, warn, "NS: packet too short\n");
765 return;
766 }
767
1da177e4 768 if (ipv6_addr_is_multicast(&msg->target)) {
675418d5 769 ND_PRINTK(2, warn, "NS: multicast target address\n");
1da177e4
LT		 770 return;
771 }
772
773 /*
774 * RFC2461 7.1.1:
775 * DAD has to be destined for solicited node multicast address.
776 */
ca97a644 777 if (dad && !ipv6_addr_is_solict_mult(daddr)) {
675418d5 778 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
1da177e4
LT		 779 return;
780 }
781
f997c55c 782 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
675418d5 783 ND_PRINTK(2, warn, "NS: invalid ND options\n");
1da177e4
LT		 784 return;
785 }
786
787 if (ndopts.nd_opts_src_lladdr) {
788 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
789 if (!lladdr) {
675418d5
JP		 790 ND_PRINTK(2, warn,
791 "NS: invalid link-layer address length\n");
1da177e4
LT		 792 return;
793 }
794
795 /* RFC2461 7.1.1:
1ab1457c
YH		 796 * If the IP source address is the unspecified address,
797 * there MUST NOT be source link-layer address option
1da177e4
LT		 798 * in the message.
799 */
800 if (dad) {
675418d5
JP		 801 ND_PRINTK(2, warn,
802 "NS: bad DAD packet (link-layer address option)\n");
1da177e4
LT		 803 return;
804 }
805 }
adc176c5
EN		 806 if (ndopts.nd_opts_nonce)
807 memcpy(&nonce, (u8 *)(ndopts.nd_opts_nonce + 1), 6);
1da177e4
LT		 808
809 inc = ipv6_addr_is_multicast(daddr);
810
c346dca1 811 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
a18bc695 812 if (ifp) {
ca254490 813have_ifp:
95c385b4
NH		 814 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
815 if (dad) {
adc176c5
EN		 816 if (nonce != 0 && ifp->dad_nonce == nonce) {
817 u8 *np = (u8 *)&nonce;
818 /* Matching nonce if looped back */
819 ND_PRINTK(2, notice,
820 "%s: IPv6 DAD loopback for address %pI6c nonce %pM ignored\n",
821 ifp->idev->dev->name,
822 &ifp->addr, np);
823 goto out;
824 }
95c385b4
NH		 825 /*
826 * We are colliding with another node
827 * who is doing DAD
828 * so fail our DAD process
829 */
830 addrconf_dad_failure(ifp);
9e3be4b3 831 return;
95c385b4
NH		 832 } else {
833 /*
834 * This is not a dad solicitation.
835 * If we are an optimistic node,
836 * we should respond.
837 * Otherwise, we should ignore it.
838 */
839 if (!(ifp->flags & IFA_F_OPTIMISTIC))
1da177e4 840 goto out;
1da177e4 841 }
1da177e4
LT		 842 }
843
844 idev = ifp->idev;
845 } else {
53b7997f
YH		 846 struct net *net = dev_net(dev);
847
ca254490
DA		 848 /* perhaps an address on the master device */
849 if (netif_is_l3_slave(dev)) {
850 struct net_device *mdev;
851
852 mdev = netdev_master_upper_dev_get_rcu(dev);
853 if (mdev) {
854 ifp = ipv6_get_ifaddr(net, &msg->target, mdev, 1);
855 if (ifp)
856 goto have_ifp;
857 }
858 }
859
1da177e4
LT		 860 idev = in6_dev_get(dev);
861 if (!idev) {
862 /* XXX: count this drop? */
863 return;
864 }
865
53b7997f 866 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
1ab1457c 867 (idev->cnf.forwarding &&
53b7997f 868 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
0736ffc0 869 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
a61bbcf2 870 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
1da177e4 871 skb->pkt_type != PACKET_HOST &&
f2f79cca 872 inc &&
1f9248e5 873 NEIGH_VAR(idev->nd_parms, PROXY_DELAY) != 0) {
1da177e4
LT		 874 /*
875 * for anycast or proxy,
1ab1457c
YH		 876 * sender should delay its response
877 * by a random time between 0 and
1da177e4
LT		 878 * MAX_ANYCAST_DELAY_TIME seconds.
879 * (RFC2461) -- yoshfuji
880 */
881 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
882 if (n)
883 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
884 goto out;
885 }
886 } else
887 goto out;
888 }
889
0736ffc0 890 if (is_router < 0)
fb568637 891 is_router = idev->cnf.forwarding;
62dd9318 892
1da177e4 893 if (dad) {
38cf595b 894 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &msg->target,
fb568637 895 !!is_router, false, (ifp != NULL), true);
1da177e4
LT		 896 goto out;
897 }
898
899 if (inc)
900 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
901 else
902 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
903
1ab1457c 904 /*
1da177e4
LT		 905 * update / create cache entry
906 * for the source address
907 */
908 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
909 !inc || lladdr || !dev->addr_len);
910 if (neigh)
f997c55c 911 ndisc_update(dev, neigh, lladdr, NUD_STALE,
1da177e4 912 NEIGH_UPDATE_F_WEAK_OVERRIDE|
f997c55c
AA		 913 NEIGH_UPDATE_F_OVERRIDE,
914 NDISC_NEIGHBOUR_SOLICITATION, &ndopts);
3b04ddde 915 if (neigh || !dev->header_ops) {
38cf595b 916 ndisc_send_na(dev, saddr, &msg->target, !!is_router,
fb568637 917 true, (ifp != NULL && inc), inc);
1da177e4
LT		 918 if (neigh)
919 neigh_release(neigh);
920 }
921
922out:
923 if (ifp)
924 in6_ifa_put(ifp);
925 else
926 in6_dev_put(idev);
1da177e4
LT		 927}
928
929static void ndisc_recv_na(struct sk_buff *skb)
930{
9c70220b 931 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
be7a010d 932 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
b71d1d42 933 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
1da177e4 934 u8 *lladdr = NULL;
29a3cad5 935 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
27a884dc 936 offsetof(struct nd_msg, opt));
1da177e4
LT		 937 struct ndisc_options ndopts;
938 struct net_device *dev = skb->dev;
7a02bf89 939 struct inet6_dev *idev = __in6_dev_get(dev);
1da177e4
LT		 940 struct inet6_ifaddr *ifp;
941 struct neighbour *neigh;
942
943 if (skb->len < sizeof(struct nd_msg)) {
675418d5 944 ND_PRINTK(2, warn, "NA: packet too short\n");
1da177e4
LT		 945 return;
946 }
947
948 if (ipv6_addr_is_multicast(&msg->target)) {
675418d5 949 ND_PRINTK(2, warn, "NA: target address is multicast\n");
1da177e4
LT		 950 return;
951 }
952
953 if (ipv6_addr_is_multicast(daddr) &&
954 msg->icmph.icmp6_solicited) {
675418d5 955 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
1da177e4
LT		 956 return;
957 }
1ab1457c 958
7a02bf89
JB		 959 /* For some 802.11 wireless deployments (and possibly other networks),
960 * there will be a NA proxy and unsolicitd packets are attacks
961 * and thus should not be accepted.
962 */
963 if (!msg->icmph.icmp6_solicited && idev &&
964 idev->cnf.drop_unsolicited_na)
965 return;
966
f997c55c 967 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
675418d5 968 ND_PRINTK(2, warn, "NS: invalid ND option\n");
1da177e4
LT		 969 return;
970 }
971 if (ndopts.nd_opts_tgt_lladdr) {
972 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
973 if (!lladdr) {
675418d5
JP		 974 ND_PRINTK(2, warn,
975 "NA: invalid link-layer address length\n");
1da177e4
LT		 976 return;
977 }
978 }
c346dca1 979 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
a18bc695 980 if (ifp) {
bd015928
DW		 981 if (skb->pkt_type != PACKET_LOOPBACK
982 && (ifp->flags & IFA_F_TENTATIVE)) {
983 addrconf_dad_failure(ifp);
984 return;
1da177e4
LT		 985 }
986 /* What should we make now? The advertisement
987 is invalid, but ndisc specs say nothing
988 about it. It could be misconfiguration, or
989 an smart proxy agent tries to help us :-)
24fc7b86
JS		 990
991 We should not print the error if NA has been
992 received from loopback - it is just our own
993 unsolicited advertisement.
1da177e4 994 */
24fc7b86 995 if (skb->pkt_type != PACKET_LOOPBACK)
675418d5
JP		 996 ND_PRINTK(1, warn,
997 "NA: someone advertises our address %pI6 on %s!\n",
998 &ifp->addr, ifp->idev->dev->name);
1da177e4
LT		 999 in6_ifa_put(ifp);
1000 return;
1001 }
1002 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
1003
1004 if (neigh) {
1005 u8 old_flags = neigh->flags;
53b7997f 1006 struct net *net = dev_net(dev);
1da177e4
LT		 1007
1008 if (neigh->nud_state & NUD_FAILED)
1009 goto out;
1010
5f3e6e9e
VN		 1011 /*
1012 * Don't update the neighbor cache entry on a proxy NA from
1013 * ourselves because either the proxied node is off link or it
1014 * has already sent a NA to us.
1015 */
1016 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
53b7997f
YH		 1017 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
1018 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
b20b6d97 1019 /* XXX: idev->cnf.proxy_ndp */
5f3e6e9e 1020 goto out;
fbea49e1 1021 }
5f3e6e9e 1022
f997c55c 1023 ndisc_update(dev, neigh, lladdr,
1da177e4
LT		 1024 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
1025 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1026 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
1027 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
f997c55c
AA		 1028 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0),
1029 NDISC_NEIGHBOUR_ADVERTISEMENT, &ndopts);
1da177e4
LT		 1030
1031 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
1032 /*
1033 * Change: router to host
1034 */
be7a010d 1035 rt6_clean_tohost(dev_net(dev), saddr);
1da177e4
LT		 1036 }
1037
1038out:
1039 neigh_release(neigh);
1040 }
1041}
1042
1043static void ndisc_recv_rs(struct sk_buff *skb)
1044{
9c70220b 1045 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
1da177e4
LT		 1046 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
1047 struct neighbour *neigh;
1048 struct inet6_dev *idev;
b71d1d42 1049 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
1da177e4
LT		 1050 struct ndisc_options ndopts;
1051 u8 *lladdr = NULL;
1052
1053 if (skb->len < sizeof(*rs_msg))
1054 return;
1055
cfdf7647 1056 idev = __in6_dev_get(skb->dev);
1da177e4 1057 if (!idev) {
675418d5 1058 ND_PRINTK(1, err, "RS: can't find in6 device\n");
1da177e4
LT		 1059 return;
1060 }
1061
1062 /* Don't accept RS if we're not in router mode */
1063 if (!idev->cnf.forwarding)
1064 goto out;
1065
1066 /*
1067 * Don't update NCE if src = ::;
1068 * this implies that the source node has no ip address assigned yet.
1069 */
1070 if (ipv6_addr_any(saddr))
1071 goto out;
1072
1073 /* Parse ND options */
f997c55c 1074 if (!ndisc_parse_options(skb->dev, rs_msg->opt, ndoptlen, &ndopts)) {
675418d5 1075 ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n");
1da177e4
LT		 1076 goto out;
1077 }
1078
1079 if (ndopts.nd_opts_src_lladdr) {
1080 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1081 skb->dev);
1082 if (!lladdr)
1083 goto out;
1084 }
1085
1086 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1087 if (neigh) {
f997c55c 1088 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1da177e4
LT		 1089 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1090 NEIGH_UPDATE_F_OVERRIDE|
f997c55c
AA		 1091 NEIGH_UPDATE_F_OVERRIDE_ISROUTER,
1092 NDISC_ROUTER_SOLICITATION, &ndopts);
1da177e4
LT		 1093 neigh_release(neigh);
1094 }
1095out:
cfdf7647 1096 return;
1da177e4
LT		 1097}
1098
31910575
PY		 1099static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1100{
1101 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1102 struct sk_buff *skb;
1103 struct nlmsghdr *nlh;
1104 struct nduseroptmsg *ndmsg;
c346dca1 1105 struct net *net = dev_net(ra->dev);
31910575
PY		 1106 int err;
1107 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1108 + (opt->nd_opt_len << 3));
1109 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1110
1111 skb = nlmsg_new(msg_size, GFP_ATOMIC);
63159f29 1112 if (!skb) {
31910575
PY		 1113 err = -ENOBUFS;
1114 goto errout;
1115 }
1116
1117 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
63159f29 1118 if (!nlh) {
31910575
PY		 1119 goto nla_put_failure;
1120 }
1121
1122 ndmsg = nlmsg_data(nlh);
1123 ndmsg->nduseropt_family = AF_INET6;
dbb2ed24 1124 ndmsg->nduseropt_ifindex = ra->dev->ifindex;
31910575
PY		 1125 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1126 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1127 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1128
1129 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1130
930345ea 1131 if (nla_put_in6_addr(skb, NDUSEROPT_SRCADDR, &ipv6_hdr(ra)->saddr))
c78679e8 1132 goto nla_put_failure;
31910575
PY		 1133 nlmsg_end(skb, nlh);
1134
1ce85fe4 1135 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
31910575
PY		 1136 return;
1137
1138nla_put_failure:
1139 nlmsg_free(skb);
1140 err = -EMSGSIZE;
1141errout:
a18bc695 1142 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
31910575
PY		 1143}
1144
1da177e4
LT		 1145static void ndisc_router_discovery(struct sk_buff *skb)
1146{
9c70220b 1147 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1da177e4
LT		 1148 struct neighbour *neigh = NULL;
1149 struct inet6_dev *in6_dev;
65f5c7c1 1150 struct rt6_info *rt = NULL;
1da177e4
LT		 1151 int lifetime;
1152 struct ndisc_options ndopts;
1153 int optlen;
ebacaaa0 1154 unsigned int pref = 0;
a394eef5 1155 __u32 old_if_flags;
2053aeb6 1156 bool send_ifinfo_notify = false;
1da177e4 1157
67ba4152 1158 __u8 *opt = (__u8 *)(ra_msg + 1);
1da177e4 1159
29a3cad5
SH		 1160 optlen = (skb_tail_pointer(skb) - skb_transport_header(skb)) -
1161 sizeof(struct ra_msg);
1da177e4 1162
f2a762d8
BG		 1163 ND_PRINTK(2, info,
1164 "RA: %s, dev: %s\n",
1165 __func__, skb->dev->name);
0660e03f 1166 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
675418d5 1167 ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1da177e4
LT		 1168 return;
1169 }
1170 if (optlen < 0) {
675418d5 1171 ND_PRINTK(2, warn, "RA: packet too short\n");
1da177e4
LT		 1172 return;
1173 }
1174
de357cc0 1175#ifdef CONFIG_IPV6_NDISC_NODETYPE
fadf6bf0 1176 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
675418d5 1177 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
fadf6bf0
TF		 1178 return;
1179 }
de357cc0 1180#endif
fadf6bf0 1181
1da177e4
LT		 1182 /*
1183 * set the RA_RECV flag in the interface
1184 */
1185
cfdf7647 1186 in6_dev = __in6_dev_get(skb->dev);
63159f29 1187 if (!in6_dev) {
675418d5
JP		 1188 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1189 skb->dev->name);
1da177e4
LT		 1190 return;
1191 }
1da177e4 1192
f997c55c 1193 if (!ndisc_parse_options(skb->dev, opt, optlen, &ndopts)) {
675418d5 1194 ND_PRINTK(2, warn, "RA: invalid ND options\n");
1da177e4
LT		 1195 return;
1196 }
1197
f2a762d8
BG		 1198 if (!ipv6_accept_ra(in6_dev)) {
1199 ND_PRINTK(2, info,
1200 "RA: %s, did not accept ra for dev: %s\n",
1201 __func__, skb->dev->name);
31ce8c71 1202 goto skip_linkparms;
f2a762d8 1203 }
31ce8c71 1204
de357cc0 1205#ifdef CONFIG_IPV6_NDISC_NODETYPE
fadf6bf0 1206 /* skip link-specific parameters from interior routers */
f2a762d8
BG		 1207 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1208 ND_PRINTK(2, info,
1209 "RA: %s, nodetype is NODEFAULT, dev: %s\n",
1210 __func__, skb->dev->name);
fadf6bf0 1211 goto skip_linkparms;
f2a762d8 1212 }
de357cc0 1213#endif
fadf6bf0 1214
1da177e4
LT		 1215 if (in6_dev->if_flags & IF_RS_SENT) {
1216 /*
1217 * flag that an RA was received after an RS was sent
1218 * out on this interface.
1219 */
1220 in6_dev->if_flags |= IF_RA_RCVD;
1221 }
1222
1223 /*
1224 * Remember the managed/otherconf flags from most recently
1225 * received RA message (RFC 2462) -- yoshfuji
1226 */
a394eef5 1227 old_if_flags = in6_dev->if_flags;
1da177e4
LT		 1228 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1229 IF_RA_OTHERCONF)) |
1230 (ra_msg->icmph.icmp6_addrconf_managed ?
1231 IF_RA_MANAGED : 0) |
1232 (ra_msg->icmph.icmp6_addrconf_other ?
1233 IF_RA_OTHERCONF : 0);
1234
a394eef5 1235 if (old_if_flags != in6_dev->if_flags)
2053aeb6 1236 send_ifinfo_notify = true;
a394eef5 1237
f2a762d8
BG		 1238 if (!in6_dev->cnf.accept_ra_defrtr) {
1239 ND_PRINTK(2, info,
1240 "RA: %s, defrtr is false for dev: %s\n",
1241 __func__, skb->dev->name);
65f5c7c1 1242 goto skip_defrtr;
f2a762d8 1243 }
65f5c7c1 1244
d9333196
BG		 1245 /* Do not accept RA with source-addr found on local machine unless
1246 * accept_ra_from_local is set to true.
1247 */
b6428817
LR		 1248 if (!in6_dev->cnf.accept_ra_from_local &&
1249 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
c1a9a291 1250 in6_dev->dev, 0)) {
f2a762d8 1251 ND_PRINTK(2, info,
d9333196
BG		 1252 "RA from local address detected on dev: %s: default router ignored\n",
1253 skb->dev->name);
9f56220f 1254 goto skip_defrtr;
f2a762d8 1255 }
9f56220f 1256
1da177e4
LT		 1257 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1258
ebacaaa0
YH		 1259#ifdef CONFIG_IPV6_ROUTER_PREF
1260 pref = ra_msg->icmph.icmp6_router_pref;
1261 /* 10b is handled as if it were 00b (medium) */
930d6ff2 1262 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
6d5b78cd 1263 !in6_dev->cnf.accept_ra_rtr_pref)
ebacaaa0
YH		 1264 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1265#endif
1266
0660e03f 1267 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1da177e4 1268
eb857186
DM		 1269 if (rt) {
1270 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1271 if (!neigh) {
675418d5
JP		 1272 ND_PRINTK(0, err,
1273 "RA: %s got default router without neighbour\n",
1274 __func__);
94e187c0 1275 ip6_rt_put(rt);
eb857186
DM		 1276 return;
1277 }
1278 }
1da177e4 1279 if (rt && lifetime == 0) {
e0a1ad73 1280 ip6_del_rt(rt);
1da177e4
LT		 1281 rt = NULL;
1282 }
1283
f2a762d8
BG		 1284 ND_PRINTK(3, info, "RA: rt: %p lifetime: %d, for dev: %s\n",
1285 rt, lifetime, skb->dev->name);
63159f29 1286 if (!rt && lifetime) {
f2a762d8 1287 ND_PRINTK(3, info, "RA: adding default router\n");
1da177e4 1288
0660e03f 1289 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
63159f29 1290 if (!rt) {
675418d5
JP		 1291 ND_PRINTK(0, err,
1292 "RA: %s failed to add default route\n",
1293 __func__);
1da177e4
LT		 1294 return;
1295 }
1296
eb857186 1297 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
63159f29 1298 if (!neigh) {
675418d5
JP		 1299 ND_PRINTK(0, err,
1300 "RA: %s got default router without neighbour\n",
1301 __func__);
94e187c0 1302 ip6_rt_put(rt);
1da177e4
LT		 1303 return;
1304 }
1305 neigh->flags |= NTF_ROUTER;
ebacaaa0 1306 } else if (rt) {
22441cfa 1307 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1da177e4
LT		 1308 }
1309
1310 if (rt)
1716a961 1311 rt6_set_expires(rt, jiffies + (HZ * lifetime));
8013d1d7
HL		 1312 if (in6_dev->cnf.accept_ra_min_hop_limit < 256 &&
1313 ra_msg->icmph.icmp6_hop_limit) {
1314 if (in6_dev->cnf.accept_ra_min_hop_limit <= ra_msg->icmph.icmp6_hop_limit) {
6fd99094 1315 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
8013d1d7
HL		 1316 if (rt)
1317 dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
1318 ra_msg->icmph.icmp6_hop_limit);
6fd99094 1319 } else {
8013d1d7 1320 ND_PRINTK(2, warn, "RA: Got route advertisement with lower hop_limit than minimum\n");
6fd99094 1321 }
1da177e4
LT		 1322 }
1323
65f5c7c1
YH		 1324skip_defrtr:
1325
1da177e4
LT		 1326 /*
1327 * Update Reachable Time and Retrans Timer
1328 */
1329
1330 if (in6_dev->nd_parms) {
1331 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1332
1333 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1334 rtime = (rtime*HZ)/1000;
1335 if (rtime < HZ/10)
1336 rtime = HZ/10;
1f9248e5 1337 NEIGH_VAR_SET(in6_dev->nd_parms, RETRANS_TIME, rtime);
1da177e4 1338 in6_dev->tstamp = jiffies;
2053aeb6 1339 send_ifinfo_notify = true;
1da177e4
LT		 1340 }
1341
1342 rtime = ntohl(ra_msg->reachable_time);
1343 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1344 rtime = (rtime*HZ)/1000;
1345
1346 if (rtime < HZ/10)
1347 rtime = HZ/10;
1348
1f9248e5
JP		 1349 if (rtime != NEIGH_VAR(in6_dev->nd_parms, BASE_REACHABLE_TIME)) {
1350 NEIGH_VAR_SET(in6_dev->nd_parms,
1351 BASE_REACHABLE_TIME, rtime);
1352 NEIGH_VAR_SET(in6_dev->nd_parms,
1353 GC_STALETIME, 3 * rtime);
1da177e4
LT		 1354 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1355 in6_dev->tstamp = jiffies;
2053aeb6 1356 send_ifinfo_notify = true;
1da177e4
LT		 1357 }
1358 }
1359 }
1360
2053aeb6
MT		 1361 /*
1362 * Send a notify if RA changed managed/otherconf flags or timer settings
1363 */
1364 if (send_ifinfo_notify)
1365 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1366
fadf6bf0
TF		 1367skip_linkparms:
1368
1da177e4
LT		 1369 /*
1370 * Process options.
1371 */
1372
1373 if (!neigh)
0660e03f 1374 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1da177e4
LT		 1375 skb->dev, 1);
1376 if (neigh) {
1377 u8 *lladdr = NULL;
1378 if (ndopts.nd_opts_src_lladdr) {
1379 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1380 skb->dev);
1381 if (!lladdr) {
675418d5
JP		 1382 ND_PRINTK(2, warn,
1383 "RA: invalid link-layer address length\n");
1da177e4
LT		 1384 goto out;
1385 }
1386 }
f997c55c 1387 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1da177e4
LT		 1388 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1389 NEIGH_UPDATE_F_OVERRIDE|
1390 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
f997c55c
AA		 1391 NEIGH_UPDATE_F_ISROUTER,
1392 NDISC_ROUTER_ADVERTISEMENT, &ndopts);
1da177e4
LT		 1393 }
1394
f2a762d8
BG		 1395 if (!ipv6_accept_ra(in6_dev)) {
1396 ND_PRINTK(2, info,
1397 "RA: %s, accept_ra is false for dev: %s\n",
1398 __func__, skb->dev->name);
31ce8c71 1399 goto out;
f2a762d8 1400 }
31ce8c71 1401
70ceb4f5 1402#ifdef CONFIG_IPV6_ROUTE_INFO
b6428817
LR		 1403 if (!in6_dev->cnf.accept_ra_from_local &&
1404 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
c1a9a291 1405 in6_dev->dev, 0)) {
f2a762d8 1406 ND_PRINTK(2, info,
d9333196
BG		 1407 "RA from local address detected on dev: %s: router info ignored.\n",
1408 skb->dev->name);
9f56220f 1409 goto skip_routeinfo;
f2a762d8 1410 }
9f56220f 1411
09c884d4 1412 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
70ceb4f5
YH		 1413 struct nd_opt_hdr *p;
1414 for (p = ndopts.nd_opts_ri;
1415 p;
1416 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
6294e000
YH		 1417 struct route_info *ri = (struct route_info *)p;
1418#ifdef CONFIG_IPV6_NDISC_NODETYPE
1419 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1420 ri->prefix_len == 0)
1421 continue;
1422#endif
30e56918
DJ		 1423 if (ri->prefix_len == 0 &&
1424 !in6_dev->cnf.accept_ra_defrtr)
1425 continue;
bbea124b
JS		 1426 if (ri->prefix_len < in6_dev->cnf.accept_ra_rt_info_min_plen)
1427 continue;
6294e000 1428 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
09c884d4 1429 continue;
67ba4152 1430 rt6_route_rcv(skb->dev, (u8 *)p, (p->nd_opt_len) << 3,
0660e03f 1431 &ipv6_hdr(skb)->saddr);
70ceb4f5
YH		 1432 }
1433 }
9f56220f
AH		 1434
1435skip_routeinfo:
70ceb4f5
YH		 1436#endif
1437
de357cc0 1438#ifdef CONFIG_IPV6_NDISC_NODETYPE
fadf6bf0 1439 /* skip link-specific ndopts from interior routers */
f2a762d8
BG		 1440 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1441 ND_PRINTK(2, info,
1442 "RA: %s, nodetype is NODEFAULT (interior routes), dev: %s\n",
1443 __func__, skb->dev->name);
fadf6bf0 1444 goto out;
f2a762d8 1445 }
de357cc0 1446#endif
fadf6bf0 1447
c4fd30eb 1448 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1da177e4
LT		 1449 struct nd_opt_hdr *p;
1450 for (p = ndopts.nd_opts_pi;
1451 p;
1452 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
e6bff995
NH		 1453 addrconf_prefix_rcv(skb->dev, (u8 *)p,
1454 (p->nd_opt_len) << 3,
1455 ndopts.nd_opts_src_lladdr != NULL);
1da177e4
LT		 1456 }
1457 }
1458
c2943f14 1459 if (ndopts.nd_opts_mtu && in6_dev->cnf.accept_ra_mtu) {
e69a4adc 1460 __be32 n;
1da177e4
LT		 1461 u32 mtu;
1462
67ba4152 1463 memcpy(&n, ((u8 *)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
e69a4adc 1464 mtu = ntohl(n);
1da177e4
LT		 1465
1466 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
675418d5 1467 ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1da177e4
LT		 1468 } else if (in6_dev->cnf.mtu6 != mtu) {
1469 in6_dev->cnf.mtu6 = mtu;
1470
1471 if (rt)
defb3519 1472 dst_metric_set(&rt->dst, RTAX_MTU, mtu);
1da177e4
LT		 1473
1474 rt6_mtu_change(skb->dev, mtu);
1475 }
1476 }
1ab1457c 1477
31910575 1478 if (ndopts.nd_useropts) {
61cf46ad
YH		 1479 struct nd_opt_hdr *p;
1480 for (p = ndopts.nd_useropts;
1481 p;
f997c55c
AA		 1482 p = ndisc_next_useropt(skb->dev, p,
1483 ndopts.nd_useropts_end)) {
61cf46ad 1484 ndisc_ra_useropt(skb, p);
31910575
PY		 1485 }
1486 }
1487
1da177e4 1488 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
675418d5 1489 ND_PRINTK(2, warn, "RA: invalid RA options\n");
1da177e4
LT		 1490 }
1491out:
94e187c0 1492 ip6_rt_put(rt);
eb857186 1493 if (neigh)
1da177e4 1494 neigh_release(neigh);
1da177e4
LT		 1495}
1496
1497static void ndisc_redirect_rcv(struct sk_buff *skb)
1498{
093d04d4
DJ		 1499 u8 *hdr;
1500 struct ndisc_options ndopts;
1501 struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb);
29a3cad5 1502 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
093d04d4
DJ		 1503 offsetof(struct rd_msg, opt));
1504
de357cc0 1505#ifdef CONFIG_IPV6_NDISC_NODETYPE
fadf6bf0
TF		 1506 switch (skb->ndisc_nodetype) {
1507 case NDISC_NODETYPE_HOST:
1508 case NDISC_NODETYPE_NODEFAULT:
675418d5
JP		 1509 ND_PRINTK(2, warn,
1510 "Redirect: from host or unauthorized router\n");
fadf6bf0
TF		 1511 return;
1512 }
de357cc0 1513#endif
fadf6bf0 1514
0660e03f 1515 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
675418d5
JP		 1516 ND_PRINTK(2, warn,
1517 "Redirect: source address is not link-local\n");
1da177e4
LT		 1518 return;
1519 }
1520
f997c55c 1521 if (!ndisc_parse_options(skb->dev, msg->opt, ndoptlen, &ndopts))
093d04d4
DJ		 1522 return;
1523
c92a59ec 1524 if (!ndopts.nd_opts_rh) {
b55b76b2
DJ		 1525 ip6_redirect_no_header(skb, dev_net(skb->dev),
1526 skb->dev->ifindex, 0);
093d04d4 1527 return;
c92a59ec 1528 }
093d04d4
DJ		 1529
1530 hdr = (u8 *)ndopts.nd_opts_rh;
1531 hdr += 8;
1532 if (!pskb_pull(skb, hdr - skb_transport_header(skb)))
1533 return;
1534
b94f1c09 1535 icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1da177e4
LT		 1536}
1537
5f5a0115
YH		 1538static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb,
1539 struct sk_buff *orig_skb,
1540 int rd_len)
9c86dafe 1541{
5f5a0115
YH		 1542 u8 *opt = skb_put(skb, rd_len);
1543
9c86dafe
YH		 1544 memset(opt, 0, 8);
1545 *(opt++) = ND_OPT_REDIRECT_HDR;
1546 *(opt++) = (rd_len >> 3);
1547 opt += 6;
1548
18c64745
LB		 1549 skb_copy_bits(orig_skb, skb_network_offset(orig_skb), opt,
1550 rd_len - 8);
9c86dafe
YH		 1551}
1552
4991969a 1553void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1da177e4 1554{
1762f7e8 1555 struct net_device *dev = skb->dev;
c346dca1 1556 struct net *net = dev_net(dev);
1762f7e8 1557 struct sock *sk = net->ipv6.ndisc_sk;
2ce13576 1558 int optlen = 0;
fbfe95a4 1559 struct inet_peer *peer;
1da177e4 1560 struct sk_buff *buff;
71bcdba0 1561 struct rd_msg *msg;
1da177e4 1562 struct in6_addr saddr_buf;
1da177e4
LT		 1563 struct rt6_info *rt;
1564 struct dst_entry *dst;
4c9483b2 1565 struct flowi6 fl6;
1da177e4 1566 int rd_len;
f997c55c
AA		 1567 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL,
1568 ops_data_buf[NDISC_OPS_REDIRECT_DATA_SPACE], *ops_data = NULL;
1d861aa4 1569 bool ret;
1da177e4 1570
95c385b4 1571 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
675418d5
JP		 1572 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1573 dev->name);
1ab1457c
YH		 1574 return;
1575 }
1da177e4 1576
0660e03f 1577 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
bf0b48df 1578 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
675418d5
JP		 1579 ND_PRINTK(2, warn,
1580 "Redirect: target address is not link-local unicast\n");
29556526
LY		 1581 return;
1582 }
1583
4c9483b2 1584 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
e0d56fdd 1585 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1da177e4 1586
4c9483b2 1587 dst = ip6_route_output(net, NULL, &fl6);
5095d64d
RL		 1588 if (dst->error) {
1589 dst_release(dst);
1da177e4 1590 return;
5095d64d 1591 }
4c9483b2 1592 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
452edd59 1593 if (IS_ERR(dst))
1da177e4 1594 return;
1da177e4
LT		 1595
1596 rt = (struct rt6_info *) dst;
1597
1598 if (rt->rt6i_flags & RTF_GATEWAY) {
675418d5
JP		 1599 ND_PRINTK(2, warn,
1600 "Redirect: destination is not a neighbour\n");
d73f0801 1601 goto release;
1da177e4 1602 }
fd0273d7 1603 peer = inet_getpeer_v6(net->ipv6.peers, &ipv6_hdr(skb)->saddr, 1);
1d861aa4
DM		 1604 ret = inet_peer_xrlim_allow(peer, 1*HZ);
1605 if (peer)
1606 inet_putpeer(peer);
1607 if (!ret)
d73f0801 1608 goto release;
1da177e4
LT		 1609
1610 if (dev->addr_len) {
4991969a
DM		 1611 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1612 if (!neigh) {
675418d5
JP		 1613 ND_PRINTK(2, warn,
1614 "Redirect: no neigh for target address\n");
4991969a
DM		 1615 goto release;
1616 }
1617
1da177e4
LT		 1618 read_lock_bh(&neigh->lock);
1619 if (neigh->nud_state & NUD_VALID) {
1620 memcpy(ha_buf, neigh->ha, dev->addr_len);
1621 read_unlock_bh(&neigh->lock);
1622 ha = ha_buf;
f997c55c
AA		 1623 optlen += ndisc_redirect_opt_addr_space(dev, neigh,
1624 ops_data_buf,
1625 &ops_data);
1da177e4
LT		 1626 } else
1627 read_unlock_bh(&neigh->lock);
4991969a
DM		 1628
1629 neigh_release(neigh);
1da177e4
LT		 1630 }
1631
1632 rd_len = min_t(unsigned int,
2ce13576
YH		 1633 IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen,
1634 skb->len + 8);
1da177e4 1635 rd_len &= ~0x7;
2ce13576 1636 optlen += rd_len;
1da177e4 1637
2ce13576 1638 buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
de09334b 1639 if (!buff)
d73f0801 1640 goto release;
1da177e4 1641
4df864c1 1642 msg = skb_put(buff, sizeof(*msg));
4d5c152e
YH		 1643 *msg = (struct rd_msg) {
1644 .icmph = {
1645 .icmp6_type = NDISC_REDIRECT,
1646 },
1647 .target = *target,
1648 .dest = ipv6_hdr(skb)->daddr,
1649 };
1da177e4 1650
1da177e4
LT		 1651 /*
1652 * include target_address option
1653 */
1654
1655 if (ha)
f997c55c 1656 ndisc_fill_redirect_addr_option(buff, ha, ops_data);
1da177e4
LT		 1657
1658 /*
1659 * build redirect option and copy skb over to the new packet.
1660 */
1661
9c86dafe 1662 if (rd_len)
5f5a0115 1663 ndisc_fill_redirect_hdr_option(buff, skb, rd_len);
1da177e4 1664
adf30907 1665 skb_dst_set(buff, dst);
f4de84c6 1666 ndisc_send_skb(buff, &ipv6_hdr(skb)->saddr, &saddr_buf);
d73f0801
IJ		 1667 return;
1668
1669release:
1670 dst_release(dst);
1da177e4
LT		 1671}
1672
1673static void pndisc_redo(struct sk_buff *skb)
1674{
140e26fc 1675 ndisc_recv_ns(skb);
1da177e4
LT		 1676 kfree_skb(skb);
1677}
1678
b800c3b9
HFS		 1679static bool ndisc_suppress_frag_ndisc(struct sk_buff *skb)
1680{
1681 struct inet6_dev *idev = __in6_dev_get(skb->dev);
1682
1683 if (!idev)
1684 return true;
1685 if (IP6CB(skb)->flags & IP6SKB_FRAGMENTED &&
1686 idev->cnf.suppress_frag_ndisc) {
1687 net_warn_ratelimited("Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.\n");
1688 return true;
1689 }
1690 return false;
1691}
1692
1da177e4
LT		 1693int ndisc_rcv(struct sk_buff *skb)
1694{
1695 struct nd_msg *msg;
1696
b800c3b9
HFS		 1697 if (ndisc_suppress_frag_ndisc(skb))
1698 return 0;
1699
6bce6b4e 1700 if (skb_linearize(skb))
1da177e4
LT		 1701 return 0;
1702
9c70220b 1703 msg = (struct nd_msg *)skb_transport_header(skb);
1da177e4 1704
9c70220b 1705 __skb_push(skb, skb->data - skb_transport_header(skb));
1da177e4 1706
0660e03f 1707 if (ipv6_hdr(skb)->hop_limit != 255) {
675418d5
JP		 1708 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1709 ipv6_hdr(skb)->hop_limit);
1da177e4
LT		 1710 return 0;
1711 }
1712
1713 if (msg->icmph.icmp6_code != 0) {
675418d5
JP		 1714 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1715 msg->icmph.icmp6_code);
1da177e4
LT		 1716 return 0;
1717 }
1718
a61bbcf2
PM		 1719 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1720
1da177e4
LT		 1721 switch (msg->icmph.icmp6_type) {
1722 case NDISC_NEIGHBOUR_SOLICITATION:
1723 ndisc_recv_ns(skb);
1724 break;
1725
1726 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1727 ndisc_recv_na(skb);
1728 break;
1729
1730 case NDISC_ROUTER_SOLICITATION:
1731 ndisc_recv_rs(skb);
1732 break;
1733
1734 case NDISC_ROUTER_ADVERTISEMENT:
1735 ndisc_router_discovery(skb);
1736 break;
1737
1738 case NDISC_REDIRECT:
1739 ndisc_redirect_rcv(skb);
1740 break;
3ff50b79 1741 }
1da177e4
LT		 1742
1743 return 0;
1744}
1745
1746static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1747{
351638e7 1748 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
c8507fb2 1749 struct netdev_notifier_change_info *change_info;
c346dca1 1750 struct net *net = dev_net(dev);
5cb04436 1751 struct inet6_dev *idev;
1da177e4
LT		 1752
1753 switch (event) {
1754 case NETDEV_CHANGEADDR:
1755 neigh_changeaddr(&nd_tbl, dev);
2ac3ac8f 1756 fib6_run_gc(0, net, false);
4a6e3c5d
DA		 1757 /* fallthrough */
1758 case NETDEV_UP:
5cb04436
HFS		 1759 idev = in6_dev_get(dev);
1760 if (!idev)
1761 break;
fc1f8f4f
DA		 1762 if (idev->cnf.ndisc_notify ||
1763 net->ipv6.devconf_all->ndisc_notify)
5cb04436
HFS		 1764 ndisc_send_unsol_na(dev);
1765 in6_dev_put(idev);
1da177e4 1766 break;
c8507fb2
ED		 1767 case NETDEV_CHANGE:
1768 change_info = ptr;
1769 if (change_info->flags_changed & IFF_NOARP)
1770 neigh_changeaddr(&nd_tbl, dev);
1771 break;
1da177e4
LT		 1772 case NETDEV_DOWN:
1773 neigh_ifdown(&nd_tbl, dev);
2ac3ac8f 1774 fib6_run_gc(0, net, false);
1da177e4 1775 break;
f47b9464
BH		 1776 case NETDEV_NOTIFY_PEERS:
1777 ndisc_send_unsol_na(dev);
1778 break;
1da177e4
LT		 1779 default:
1780 break;
1781 }
1782
1783 return NOTIFY_DONE;
1784}
1785
1786static struct notifier_block ndisc_netdev_notifier = {
1787 .notifier_call = ndisc_netdev_event,
6eb79393 1788 .priority = ADDRCONF_NOTIFY_PRIORITY - 5,
1da177e4
LT		 1789};
1790
1791#ifdef CONFIG_SYSCTL
1792static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1793 const char *func, const char *dev_name)
1794{
1795 static char warncomm[TASK_COMM_LEN];
1796 static int warned;
1797 if (strcmp(warncomm, current->comm) && warned < 5) {
1798 strcpy(warncomm, current->comm);
f3213831 1799 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1da177e4
LT		 1800 warncomm, func,
1801 dev_name, ctl->procname,
1802 dev_name, ctl->procname);
1803 warned++;
1804 }
1805}
1806
8d65af78 1807int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
1da177e4
LT		 1808{
1809 struct net_device *dev = ctl->extra1;
1810 struct inet6_dev *idev;
1811 int ret;
1812
d12af679
EB		 1813 if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1814 (strcmp(ctl->procname, "base_reachable_time") == 0))
1da177e4
LT		 1815 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1816
d12af679 1817 if (strcmp(ctl->procname, "retrans_time") == 0)
cb5b09c1 1818 ret = neigh_proc_dointvec(ctl, write, buffer, lenp, ppos);
d12af679
EB		 1819
1820 else if (strcmp(ctl->procname, "base_reachable_time") == 0)
cb5b09c1
JP		 1821 ret = neigh_proc_dointvec_jiffies(ctl, write,
1822 buffer, lenp, ppos);
d12af679
EB		 1823
1824 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
ad02ac14 1825 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
cb5b09c1
JP		 1826 ret = neigh_proc_dointvec_ms_jiffies(ctl, write,
1827 buffer, lenp, ppos);
d12af679 1828 else
1da177e4 1829 ret = -1;
1da177e4
LT		 1830
1831 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1f9248e5
JP		 1832 if (ctl->data == &NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME))
1833 idev->nd_parms->reachable_time =
1834 neigh_rand_reach_time(NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME));
1da177e4
LT		 1835 idev->tstamp = jiffies;
1836 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1837 in6_dev_put(idev);
1838 }
1839 return ret;
1840}
1841
1da177e4
LT		 1842
1843#endif
1844
2c8c1e72 1845static int __net_init ndisc_net_init(struct net *net)
1da177e4
LT		 1846{
1847 struct ipv6_pinfo *np;
1848 struct sock *sk;
1ab1457c 1849 int err;
1da177e4 1850
1ed8516f
DL		 1851 err = inet_ctl_sock_create(&sk, PF_INET6,
1852 SOCK_RAW, IPPROTO_ICMPV6, net);
1da177e4 1853 if (err < 0) {
675418d5
JP		 1854 ND_PRINTK(0, err,
1855 "NDISC: Failed to initialize the control socket (err %d)\n",
1856 err);
1da177e4
LT		 1857 return err;
1858 }
1859
1ed8516f 1860 net->ipv6.ndisc_sk = sk;
1762f7e8 1861
1da177e4 1862 np = inet6_sk(sk);
1da177e4
LT		 1863 np->hop_limit = 255;
1864 /* Do not loopback ndisc messages */
1865 np->mc_loop = 0;
1da177e4 1866
1762f7e8
DL		 1867 return 0;
1868}
1869
2c8c1e72 1870static void __net_exit ndisc_net_exit(struct net *net)
1762f7e8 1871{
1ed8516f 1872 inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1762f7e8
DL		 1873}
1874
1875static struct pernet_operations ndisc_net_ops = {
1876 .init = ndisc_net_init,
1877 .exit = ndisc_net_exit,
1878};
1879
1880int __init ndisc_init(void)
1881{
1882 int err;
1883
1884 err = register_pernet_subsys(&ndisc_net_ops);
1885 if (err)
1886 return err;
1ab1457c
YH		 1887 /*
1888 * Initialize the neighbour table
1889 */
d7480fd3 1890 neigh_table_init(NEIGH_ND_TABLE, &nd_tbl);
1da177e4
LT		 1891
1892#ifdef CONFIG_SYSCTL
73af614a 1893 err = neigh_sysctl_register(NULL, &nd_tbl.parms,
56ec0fb1 1894 ndisc_ifinfo_sysctl_change);
1762f7e8
DL		 1895 if (err)
1896 goto out_unregister_pernet;
1762f7e8 1897out:
bcd081a3 1898#endif
1762f7e8 1899 return err;
1da177e4 1900
1762f7e8 1901#ifdef CONFIG_SYSCTL
1762f7e8 1902out_unregister_pernet:
1762f7e8
DL		 1903 unregister_pernet_subsys(&ndisc_net_ops);
1904 goto out;
2c861cc6 1905#endif
1da177e4
LT		 1906}
1907
2c861cc6
MK		 1908int __init ndisc_late_init(void)
1909{
1910 return register_netdevice_notifier(&ndisc_netdev_notifier);
1911}
1912
1913void ndisc_late_cleanup(void)
1da177e4 1914{
36f73d0c 1915 unregister_netdevice_notifier(&ndisc_netdev_notifier);
2c861cc6
MK		 1916}
1917
1918void ndisc_cleanup(void)
1919{
1da177e4
LT		 1920#ifdef CONFIG_SYSCTL
1921 neigh_sysctl_unregister(&nd_tbl.parms);
1922#endif
d7480fd3 1923 neigh_table_clear(NEIGH_ND_TABLE, &nd_tbl);
1762f7e8 1924 unregister_pernet_subsys(&ndisc_net_ops);
1da177e4 1925}