projects / GitHub / moto-9609 / android_kernel_motorola_exynos9610.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
[NETNS][IPV6]: inet6_addr - check ipv6 address per namespace
[GitHub/moto-9609/android_kernel_motorola_exynos9610.git] / net / ipv6 / ndisc.c
1 /*
2 * Neighbour Discovery for IPv6
3 * Linux INET6 implementation
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 * Mike Shaver <shaver@ingenia.com>
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version
12 * 2 of the License, or (at your option) any later version.
13 */
14
15 /*
16 * Changes:
17 *
18 * Pierre Ynard : export userland ND options
19 * through netlink (RDNSS support)
20 * Lars Fenneberg : fixed MTU setting on receipt
21 * of an RA.
22 * Janos Farkas : kmalloc failure checks
23 * Alexey Kuznetsov : state machine reworked
24 * and moved to net/core.
25 * Pekka Savola : RFC2461 validation
26 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly
27 */
28
29 /* Set to 3 to get tracing... */
30 #define ND_DEBUG 1
31
32 #define ND_PRINTK(fmt, args...) do { if (net_ratelimit()) { printk(fmt, ## args); } } while(0)
33 #define ND_NOPRINTK(x...) do { ; } while(0)
34 #define ND_PRINTK0 ND_PRINTK
35 #define ND_PRINTK1 ND_NOPRINTK
36 #define ND_PRINTK2 ND_NOPRINTK
37 #define ND_PRINTK3 ND_NOPRINTK
38 #if ND_DEBUG >= 1
39 #undef ND_PRINTK1
40 #define ND_PRINTK1 ND_PRINTK
41 #endif
42 #if ND_DEBUG >= 2
43 #undef ND_PRINTK2
44 #define ND_PRINTK2 ND_PRINTK
45 #endif
46 #if ND_DEBUG >= 3
47 #undef ND_PRINTK3
48 #define ND_PRINTK3 ND_PRINTK
49 #endif
50
51 #include <linux/module.h>
52 #include <linux/errno.h>
53 #include <linux/types.h>
54 #include <linux/socket.h>
55 #include <linux/sockios.h>
56 #include <linux/sched.h>
57 #include <linux/net.h>
58 #include <linux/in6.h>
59 #include <linux/route.h>
60 #include <linux/init.h>
61 #include <linux/rcupdate.h>
62 #ifdef CONFIG_SYSCTL
63 #include <linux/sysctl.h>
64 #endif
65
66 #include <linux/if_addr.h>
67 #include <linux/if_arp.h>
68 #include <linux/ipv6.h>
69 #include <linux/icmpv6.h>
70 #include <linux/jhash.h>
71
72 #include <net/sock.h>
73 #include <net/snmp.h>
74
75 #include <net/ipv6.h>
76 #include <net/protocol.h>
77 #include <net/ndisc.h>
78 #include <net/ip6_route.h>
79 #include <net/addrconf.h>
80 #include <net/icmp.h>
81
82 #include <net/netlink.h>
83 #include <linux/rtnetlink.h>
84
85 #include <net/flow.h>
86 #include <net/ip6_checksum.h>
87 #include <linux/proc_fs.h>
88
89 #include <linux/netfilter.h>
90 #include <linux/netfilter_ipv6.h>
91
92 static struct socket *ndisc_socket;
93
94 static u32 ndisc_hash(const void *pkey, const struct net_device *dev);
95 static int ndisc_constructor(struct neighbour *neigh);
96 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
97 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
98 static int pndisc_constructor(struct pneigh_entry *n);
99 static void pndisc_destructor(struct pneigh_entry *n);
100 static void pndisc_redo(struct sk_buff *skb);
101
102 static struct neigh_ops ndisc_generic_ops = {
103 .family = AF_INET6,
104 .solicit = ndisc_solicit,
105 .error_report = ndisc_error_report,
106 .output = neigh_resolve_output,
107 .connected_output = neigh_connected_output,
108 .hh_output = dev_queue_xmit,
109 .queue_xmit = dev_queue_xmit,
110 };
111
112 static struct neigh_ops ndisc_hh_ops = {
113 .family = AF_INET6,
114 .solicit = ndisc_solicit,
115 .error_report = ndisc_error_report,
116 .output = neigh_resolve_output,
117 .connected_output = neigh_resolve_output,
118 .hh_output = dev_queue_xmit,
119 .queue_xmit = dev_queue_xmit,
120 };
121
122
123 static struct neigh_ops ndisc_direct_ops = {
124 .family = AF_INET6,
125 .output = dev_queue_xmit,
126 .connected_output = dev_queue_xmit,
127 .hh_output = dev_queue_xmit,
128 .queue_xmit = dev_queue_xmit,
129 };
130
131 struct neigh_table nd_tbl = {
132 .family = AF_INET6,
133 .entry_size = sizeof(struct neighbour) + sizeof(struct in6_addr),
134 .key_len = sizeof(struct in6_addr),
135 .hash = ndisc_hash,
136 .constructor = ndisc_constructor,
137 .pconstructor = pndisc_constructor,
138 .pdestructor = pndisc_destructor,
139 .proxy_redo = pndisc_redo,
140 .id = "ndisc_cache",
141 .parms = {
142 .tbl = &nd_tbl,
143 .base_reachable_time = 30 * HZ,
144 .retrans_time = 1 * HZ,
145 .gc_staletime = 60 * HZ,
146 .reachable_time = 30 * HZ,
147 .delay_probe_time = 5 * HZ,
148 .queue_len = 3,
149 .ucast_probes = 3,
150 .mcast_probes = 3,
151 .anycast_delay = 1 * HZ,
152 .proxy_delay = (8 * HZ) / 10,
153 .proxy_qlen = 64,
154 },
155 .gc_interval = 30 * HZ,
156 .gc_thresh1 = 128,
157 .gc_thresh2 = 512,
158 .gc_thresh3 = 1024,
159 };
160
161 /* ND options */
162 struct ndisc_options {
163 struct nd_opt_hdr *nd_opt_array[__ND_OPT_ARRAY_MAX];
164 #ifdef CONFIG_IPV6_ROUTE_INFO
165 struct nd_opt_hdr *nd_opts_ri;
166 struct nd_opt_hdr *nd_opts_ri_end;
167 #endif
168 struct nd_opt_hdr *nd_useropts;
169 struct nd_opt_hdr *nd_useropts_end;
170 };
171
172 #define nd_opts_src_lladdr nd_opt_array[ND_OPT_SOURCE_LL_ADDR]
173 #define nd_opts_tgt_lladdr nd_opt_array[ND_OPT_TARGET_LL_ADDR]
174 #define nd_opts_pi nd_opt_array[ND_OPT_PREFIX_INFO]
175 #define nd_opts_pi_end nd_opt_array[__ND_OPT_PREFIX_INFO_END]
176 #define nd_opts_rh nd_opt_array[ND_OPT_REDIRECT_HDR]
177 #define nd_opts_mtu nd_opt_array[ND_OPT_MTU]
178
179 #define NDISC_OPT_SPACE(len) (((len)+2+7)&~7)
180
181 /*
182 * Return the padding between the option length and the start of the
183 * link addr. Currently only IP-over-InfiniBand needs this, although
184 * if RFC 3831 IPv6-over-Fibre Channel is ever implemented it may
185 * also need a pad of 2.
186 */
187 static int ndisc_addr_option_pad(unsigned short type)
188 {
189 switch (type) {
190 case ARPHRD_INFINIBAND: return 2;
191 default: return 0;
192 }
193 }
194
195 static inline int ndisc_opt_addr_space(struct net_device *dev)
196 {
197 return NDISC_OPT_SPACE(dev->addr_len + ndisc_addr_option_pad(dev->type));
198 }
199
200 static u8 *ndisc_fill_addr_option(u8 *opt, int type, void *data, int data_len,
201 unsigned short addr_type)
202 {
203 int space = NDISC_OPT_SPACE(data_len);
204 int pad = ndisc_addr_option_pad(addr_type);
205
206 opt[0] = type;
207 opt[1] = space>>3;
208
209 memset(opt + 2, 0, pad);
210 opt += pad;
211 space -= pad;
212
213 memcpy(opt+2, data, data_len);
214 data_len += 2;
215 opt += data_len;
216 if ((space -= data_len) > 0)
217 memset(opt, 0, space);
218 return opt + space;
219 }
220
221 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
222 struct nd_opt_hdr *end)
223 {
224 int type;
225 if (!cur || !end || cur >= end)
226 return NULL;
227 type = cur->nd_opt_type;
228 do {
229 cur = ((void *)cur) + (cur->nd_opt_len << 3);
230 } while(cur < end && cur->nd_opt_type != type);
231 return (cur <= end && cur->nd_opt_type == type ? cur : NULL);
232 }
233
234 static inline int ndisc_is_useropt(struct nd_opt_hdr *opt)
235 {
236 return (opt->nd_opt_type == ND_OPT_RDNSS);
237 }
238
239 static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur,
240 struct nd_opt_hdr *end)
241 {
242 if (!cur || !end || cur >= end)
243 return NULL;
244 do {
245 cur = ((void *)cur) + (cur->nd_opt_len << 3);
246 } while(cur < end && !ndisc_is_useropt(cur));
247 return (cur <= end && ndisc_is_useropt(cur) ? cur : NULL);
248 }
249
250 static struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
251 struct ndisc_options *ndopts)
252 {
253 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
254
255 if (!nd_opt || opt_len < 0 || !ndopts)
256 return NULL;
257 memset(ndopts, 0, sizeof(*ndopts));
258 while (opt_len) {
259 int l;
260 if (opt_len < sizeof(struct nd_opt_hdr))
261 return NULL;
262 l = nd_opt->nd_opt_len << 3;
263 if (opt_len < l || l == 0)
264 return NULL;
265 switch (nd_opt->nd_opt_type) {
266 case ND_OPT_SOURCE_LL_ADDR:
267 case ND_OPT_TARGET_LL_ADDR:
268 case ND_OPT_MTU:
269 case ND_OPT_REDIRECT_HDR:
270 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
271 ND_PRINTK2(KERN_WARNING
272 "%s(): duplicated ND6 option found: type=%d\n",
273 __FUNCTION__,
274 nd_opt->nd_opt_type);
275 } else {
276 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
277 }
278 break;
279 case ND_OPT_PREFIX_INFO:
280 ndopts->nd_opts_pi_end = nd_opt;
281 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
282 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
283 break;
284 #ifdef CONFIG_IPV6_ROUTE_INFO
285 case ND_OPT_ROUTE_INFO:
286 ndopts->nd_opts_ri_end = nd_opt;
287 if (!ndopts->nd_opts_ri)
288 ndopts->nd_opts_ri = nd_opt;
289 break;
290 #endif
291 default:
292 if (ndisc_is_useropt(nd_opt)) {
293 ndopts->nd_useropts_end = nd_opt;
294 if (!ndopts->nd_useropts)
295 ndopts->nd_useropts = nd_opt;
296 } else {
297 /*
298 * Unknown options must be silently ignored,
299 * to accommodate future extension to the
300 * protocol.
301 */
302 ND_PRINTK2(KERN_NOTICE
303 "%s(): ignored unsupported option; type=%d, len=%d\n",
304 __FUNCTION__,
305 nd_opt->nd_opt_type, nd_opt->nd_opt_len);
306 }
307 }
308 opt_len -= l;
309 nd_opt = ((void *)nd_opt) + l;
310 }
311 return ndopts;
312 }
313
314 static inline u8 *ndisc_opt_addr_data(struct nd_opt_hdr *p,
315 struct net_device *dev)
316 {
317 u8 *lladdr = (u8 *)(p + 1);
318 int lladdrlen = p->nd_opt_len << 3;
319 int prepad = ndisc_addr_option_pad(dev->type);
320 if (lladdrlen != NDISC_OPT_SPACE(dev->addr_len + prepad))
321 return NULL;
322 return (lladdr + prepad);
323 }
324
325 int ndisc_mc_map(struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
326 {
327 switch (dev->type) {
328 case ARPHRD_ETHER:
329 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */
330 case ARPHRD_FDDI:
331 ipv6_eth_mc_map(addr, buf);
332 return 0;
333 case ARPHRD_IEEE802_TR:
334 ipv6_tr_mc_map(addr,buf);
335 return 0;
336 case ARPHRD_ARCNET:
337 ipv6_arcnet_mc_map(addr, buf);
338 return 0;
339 case ARPHRD_INFINIBAND:
340 ipv6_ib_mc_map(addr, dev->broadcast, buf);
341 return 0;
342 default:
343 if (dir) {
344 memcpy(buf, dev->broadcast, dev->addr_len);
345 return 0;
346 }
347 }
348 return -EINVAL;
349 }
350
351 EXPORT_SYMBOL(ndisc_mc_map);
352
353 static u32 ndisc_hash(const void *pkey, const struct net_device *dev)
354 {
355 const u32 *p32 = pkey;
356 u32 addr_hash, i;
357
358 addr_hash = 0;
359 for (i = 0; i < (sizeof(struct in6_addr) / sizeof(u32)); i++)
360 addr_hash ^= *p32++;
361
362 return jhash_2words(addr_hash, dev->ifindex, nd_tbl.hash_rnd);
363 }
364
365 static int ndisc_constructor(struct neighbour *neigh)
366 {
367 struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key;
368 struct net_device *dev = neigh->dev;
369 struct inet6_dev *in6_dev;
370 struct neigh_parms *parms;
371 int is_multicast = ipv6_addr_is_multicast(addr);
372
373 rcu_read_lock();
374 in6_dev = in6_dev_get(dev);
375 if (in6_dev == NULL) {
376 rcu_read_unlock();
377 return -EINVAL;
378 }
379
380 parms = in6_dev->nd_parms;
381 __neigh_parms_put(neigh->parms);
382 neigh->parms = neigh_parms_clone(parms);
383 rcu_read_unlock();
384
385 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
386 if (!dev->header_ops) {
387 neigh->nud_state = NUD_NOARP;
388 neigh->ops = &ndisc_direct_ops;
389 neigh->output = neigh->ops->queue_xmit;
390 } else {
391 if (is_multicast) {
392 neigh->nud_state = NUD_NOARP;
393 ndisc_mc_map(addr, neigh->ha, dev, 1);
394 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
395 neigh->nud_state = NUD_NOARP;
396 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
397 if (dev->flags&IFF_LOOPBACK)
398 neigh->type = RTN_LOCAL;
399 } else if (dev->flags&IFF_POINTOPOINT) {
400 neigh->nud_state = NUD_NOARP;
401 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
402 }
403 if (dev->header_ops->cache)
404 neigh->ops = &ndisc_hh_ops;
405 else
406 neigh->ops = &ndisc_generic_ops;
407 if (neigh->nud_state&NUD_VALID)
408 neigh->output = neigh->ops->connected_output;
409 else
410 neigh->output = neigh->ops->output;
411 }
412 in6_dev_put(in6_dev);
413 return 0;
414 }
415
416 static int pndisc_constructor(struct pneigh_entry *n)
417 {
418 struct in6_addr *addr = (struct in6_addr*)&n->key;
419 struct in6_addr maddr;
420 struct net_device *dev = n->dev;
421
422 if (dev == NULL || __in6_dev_get(dev) == NULL)
423 return -EINVAL;
424 addrconf_addr_solict_mult(addr, &maddr);
425 ipv6_dev_mc_inc(dev, &maddr);
426 return 0;
427 }
428
429 static void pndisc_destructor(struct pneigh_entry *n)
430 {
431 struct in6_addr *addr = (struct in6_addr*)&n->key;
432 struct in6_addr maddr;
433 struct net_device *dev = n->dev;
434
435 if (dev == NULL || __in6_dev_get(dev) == NULL)
436 return;
437 addrconf_addr_solict_mult(addr, &maddr);
438 ipv6_dev_mc_dec(dev, &maddr);
439 }
440
441 /*
442 * Send a Neighbour Advertisement
443 */
444
445 static inline void ndisc_flow_init(struct flowi *fl, u8 type,
446 struct in6_addr *saddr, struct in6_addr *daddr,
447 int oif)
448 {
449 memset(fl, 0, sizeof(*fl));
450 ipv6_addr_copy(&fl->fl6_src, saddr);
451 ipv6_addr_copy(&fl->fl6_dst, daddr);
452 fl->proto = IPPROTO_ICMPV6;
453 fl->fl_icmp_type = type;
454 fl->fl_icmp_code = 0;
455 fl->oif = oif;
456 security_sk_classify_flow(ndisc_socket->sk, fl);
457 }
458
459 static void __ndisc_send(struct net_device *dev,
460 struct neighbour *neigh,
461 struct in6_addr *daddr, struct in6_addr *saddr,
462 struct icmp6hdr *icmp6h, struct in6_addr *target,
463 int llinfo)
464 {
465 struct flowi fl;
466 struct dst_entry *dst;
467 struct sock *sk = ndisc_socket->sk;
468 struct sk_buff *skb;
469 struct icmp6hdr *hdr;
470 struct inet6_dev *idev;
471 int len;
472 int err;
473 u8 *opt, type;
474
475 type = icmp6h->icmp6_type;
476
477 ndisc_flow_init(&fl, type, saddr, daddr,
478 dev->ifindex);
479
480 dst = ndisc_dst_alloc(dev, neigh, daddr, ip6_output);
481 if (!dst)
482 return;
483
484 err = xfrm_lookup(&dst, &fl, NULL, 0);
485 if (err < 0)
486 return;
487
488 if (!dev->addr_len)
489 llinfo = 0;
490
491 len = sizeof(struct icmp6hdr) + (target ? sizeof(*target) : 0);
492 if (llinfo)
493 len += ndisc_opt_addr_space(dev);
494
495 skb = sock_alloc_send_skb(sk,
496 (MAX_HEADER + sizeof(struct ipv6hdr) +
497 len + LL_RESERVED_SPACE(dev)),
498 1, &err);
499 if (!skb) {
500 ND_PRINTK0(KERN_ERR
501 "ICMPv6 ND: %s() failed to allocate an skb.\n",
502 __FUNCTION__);
503 dst_release(dst);
504 return;
505 }
506
507 skb_reserve(skb, LL_RESERVED_SPACE(dev));
508 ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len);
509
510 skb->transport_header = skb->tail;
511 skb_put(skb, len);
512
513 hdr = (struct icmp6hdr *)skb_transport_header(skb);
514 memcpy(hdr, icmp6h, sizeof(*hdr));
515
516 opt = skb_transport_header(skb) + sizeof(struct icmp6hdr);
517 if (target) {
518 ipv6_addr_copy((struct in6_addr *)opt, target);
519 opt += sizeof(*target);
520 }
521
522 if (llinfo)
523 ndisc_fill_addr_option(opt, llinfo, dev->dev_addr,
524 dev->addr_len, dev->type);
525
526 hdr->icmp6_cksum = csum_ipv6_magic(saddr, daddr, len,
527 IPPROTO_ICMPV6,
528 csum_partial((__u8 *) hdr,
529 len, 0));
530
531 skb->dst = dst;
532
533 idev = in6_dev_get(dst->dev);
534 IP6_INC_STATS(idev, IPSTATS_MIB_OUTREQUESTS);
535
536 err = NF_HOOK(PF_INET6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev,
537 dst_output);
538 if (!err) {
539 ICMP6MSGOUT_INC_STATS(idev, type);
540 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS);
541 }
542
543 if (likely(idev != NULL))
544 in6_dev_put(idev);
545 }
546
547 static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
548 struct in6_addr *daddr, struct in6_addr *solicited_addr,
549 int router, int solicited, int override, int inc_opt)
550 {
551 struct in6_addr tmpaddr;
552 struct inet6_ifaddr *ifp;
553 struct in6_addr *src_addr;
554 struct icmp6hdr icmp6h = {
555 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
556 };
557
558 /* for anycast or proxy, solicited_addr != src_addr */
559 ifp = ipv6_get_ifaddr(solicited_addr, dev, 1);
560 if (ifp) {
561 src_addr = solicited_addr;
562 if (ifp->flags & IFA_F_OPTIMISTIC)
563 override = 0;
564 in6_ifa_put(ifp);
565 } else {
566 if (ipv6_dev_get_saddr(dev, daddr, &tmpaddr))
567 return;
568 src_addr = &tmpaddr;
569 }
570
571 icmp6h.icmp6_router = router;
572 icmp6h.icmp6_solicited = solicited;
573 icmp6h.icmp6_override = override;
574
575 __ndisc_send(dev, neigh, daddr, src_addr,
576 &icmp6h, solicited_addr,
577 inc_opt ? ND_OPT_TARGET_LL_ADDR : 0);
578 }
579
580 void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh,
581 struct in6_addr *solicit,
582 struct in6_addr *daddr, struct in6_addr *saddr)
583 {
584 struct in6_addr addr_buf;
585 struct icmp6hdr icmp6h = {
586 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
587 };
588
589 if (saddr == NULL) {
590 if (ipv6_get_lladdr(dev, &addr_buf,
591 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
592 return;
593 saddr = &addr_buf;
594 }
595
596 __ndisc_send(dev, neigh, daddr, saddr,
597 &icmp6h, solicit,
598 !ipv6_addr_any(saddr) ? ND_OPT_SOURCE_LL_ADDR : 0);
599 }
600
601 void ndisc_send_rs(struct net_device *dev, struct in6_addr *saddr,
602 struct in6_addr *daddr)
603 {
604 struct icmp6hdr icmp6h = {
605 .icmp6_type = NDISC_ROUTER_SOLICITATION,
606 };
607 int send_sllao = dev->addr_len;
608
609 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
610 /*
611 * According to section 2.2 of RFC 4429, we must not
612 * send router solicitations with a sllao from
613 * optimistic addresses, but we may send the solicitation
614 * if we don't include the sllao. So here we check
615 * if our address is optimistic, and if so, we
616 * suppress the inclusion of the sllao.
617 */
618 if (send_sllao) {
619 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(saddr, dev, 1);
620 if (ifp) {
621 if (ifp->flags & IFA_F_OPTIMISTIC) {
622 send_sllao = 0;
623 }
624 in6_ifa_put(ifp);
625 } else {
626 send_sllao = 0;
627 }
628 }
629 #endif
630 __ndisc_send(dev, NULL, daddr, saddr,
631 &icmp6h, NULL,
632 send_sllao ? ND_OPT_SOURCE_LL_ADDR : 0);
633 }
634
635
636 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
637 {
638 /*
639 * "The sender MUST return an ICMP
640 * destination unreachable"
641 */
642 dst_link_failure(skb);
643 kfree_skb(skb);
644 }
645
646 /* Called with locked neigh: either read or both */
647
648 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
649 {
650 struct in6_addr *saddr = NULL;
651 struct in6_addr mcaddr;
652 struct net_device *dev = neigh->dev;
653 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
654 int probes = atomic_read(&neigh->probes);
655
656 if (skb && ipv6_chk_addr(&init_net, &ipv6_hdr(skb)->saddr, dev, 1))
657 saddr = &ipv6_hdr(skb)->saddr;
658
659 if ((probes -= neigh->parms->ucast_probes) < 0) {
660 if (!(neigh->nud_state & NUD_VALID)) {
661 ND_PRINTK1(KERN_DEBUG
662 "%s(): trying to ucast probe in NUD_INVALID: "
663 NIP6_FMT "\n",
664 __FUNCTION__,
665 NIP6(*target));
666 }
667 ndisc_send_ns(dev, neigh, target, target, saddr);
668 } else if ((probes -= neigh->parms->app_probes) < 0) {
669 #ifdef CONFIG_ARPD
670 neigh_app_ns(neigh);
671 #endif
672 } else {
673 addrconf_addr_solict_mult(target, &mcaddr);
674 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr);
675 }
676 }
677
678 static void ndisc_recv_ns(struct sk_buff *skb)
679 {
680 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
681 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
682 struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
683 u8 *lladdr = NULL;
684 u32 ndoptlen = skb->tail - (skb->transport_header +
685 offsetof(struct nd_msg, opt));
686 struct ndisc_options ndopts;
687 struct net_device *dev = skb->dev;
688 struct inet6_ifaddr *ifp;
689 struct inet6_dev *idev = NULL;
690 struct neighbour *neigh;
691 struct pneigh_entry *pneigh = NULL;
692 int dad = ipv6_addr_any(saddr);
693 int inc;
694 int is_router;
695
696 if (ipv6_addr_is_multicast(&msg->target)) {
697 ND_PRINTK2(KERN_WARNING
698 "ICMPv6 NS: multicast target address");
699 return;
700 }
701
702 /*
703 * RFC2461 7.1.1:
704 * DAD has to be destined for solicited node multicast address.
705 */
706 if (dad &&
707 !(daddr->s6_addr32[0] == htonl(0xff020000) &&
708 daddr->s6_addr32[1] == htonl(0x00000000) &&
709 daddr->s6_addr32[2] == htonl(0x00000001) &&
710 daddr->s6_addr [12] == 0xff )) {
711 ND_PRINTK2(KERN_WARNING
712 "ICMPv6 NS: bad DAD packet (wrong destination)\n");
713 return;
714 }
715
716 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
717 ND_PRINTK2(KERN_WARNING
718 "ICMPv6 NS: invalid ND options\n");
719 return;
720 }
721
722 if (ndopts.nd_opts_src_lladdr) {
723 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
724 if (!lladdr) {
725 ND_PRINTK2(KERN_WARNING
726 "ICMPv6 NS: invalid link-layer address length\n");
727 return;
728 }
729
730 /* RFC2461 7.1.1:
731 * If the IP source address is the unspecified address,
732 * there MUST NOT be source link-layer address option
733 * in the message.
734 */
735 if (dad) {
736 ND_PRINTK2(KERN_WARNING
737 "ICMPv6 NS: bad DAD packet (link-layer address option)\n");
738 return;
739 }
740 }
741
742 inc = ipv6_addr_is_multicast(daddr);
743
744 if ((ifp = ipv6_get_ifaddr(&msg->target, dev, 1)) != NULL) {
745
746 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
747 if (dad) {
748 if (dev->type == ARPHRD_IEEE802_TR) {
749 const unsigned char *sadr;
750 sadr = skb_mac_header(skb);
751 if (((sadr[8] ^ dev->dev_addr[0]) & 0x7f) == 0 &&
752 sadr[9] == dev->dev_addr[1] &&
753 sadr[10] == dev->dev_addr[2] &&
754 sadr[11] == dev->dev_addr[3] &&
755 sadr[12] == dev->dev_addr[4] &&
756 sadr[13] == dev->dev_addr[5]) {
757 /* looped-back to us */
758 goto out;
759 }
760 }
761
762 /*
763 * We are colliding with another node
764 * who is doing DAD
765 * so fail our DAD process
766 */
767 addrconf_dad_failure(ifp);
768 return;
769 } else {
770 /*
771 * This is not a dad solicitation.
772 * If we are an optimistic node,
773 * we should respond.
774 * Otherwise, we should ignore it.
775 */
776 if (!(ifp->flags & IFA_F_OPTIMISTIC))
777 goto out;
778 }
779 }
780
781 idev = ifp->idev;
782 } else {
783 idev = in6_dev_get(dev);
784 if (!idev) {
785 /* XXX: count this drop? */
786 return;
787 }
788
789 if (ipv6_chk_acast_addr(dev, &msg->target) ||
790 (idev->cnf.forwarding &&
791 (ipv6_devconf.proxy_ndp || idev->cnf.proxy_ndp) &&
792 (pneigh = pneigh_lookup(&nd_tbl, &init_net,
793 &msg->target, dev, 0)) != NULL)) {
794 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
795 skb->pkt_type != PACKET_HOST &&
796 inc != 0 &&
797 idev->nd_parms->proxy_delay != 0) {
798 /*
799 * for anycast or proxy,
800 * sender should delay its response
801 * by a random time between 0 and
802 * MAX_ANYCAST_DELAY_TIME seconds.
803 * (RFC2461) -- yoshfuji
804 */
805 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
806 if (n)
807 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
808 goto out;
809 }
810 } else
811 goto out;
812 }
813
814 is_router = !!(pneigh ? pneigh->flags & NTF_ROUTER : idev->cnf.forwarding);
815
816 if (dad) {
817 struct in6_addr maddr;
818
819 ipv6_addr_all_nodes(&maddr);
820 ndisc_send_na(dev, NULL, &maddr, &msg->target,
821 is_router, 0, (ifp != NULL), 1);
822 goto out;
823 }
824
825 if (inc)
826 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
827 else
828 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
829
830 /*
831 * update / create cache entry
832 * for the source address
833 */
834 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
835 !inc || lladdr || !dev->addr_len);
836 if (neigh)
837 neigh_update(neigh, lladdr, NUD_STALE,
838 NEIGH_UPDATE_F_WEAK_OVERRIDE|
839 NEIGH_UPDATE_F_OVERRIDE);
840 if (neigh || !dev->header_ops) {
841 ndisc_send_na(dev, neigh, saddr, &msg->target,
842 is_router,
843 1, (ifp != NULL && inc), inc);
844 if (neigh)
845 neigh_release(neigh);
846 }
847
848 out:
849 if (ifp)
850 in6_ifa_put(ifp);
851 else
852 in6_dev_put(idev);
853
854 return;
855 }
856
857 static void ndisc_recv_na(struct sk_buff *skb)
858 {
859 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
860 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
861 struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
862 u8 *lladdr = NULL;
863 u32 ndoptlen = skb->tail - (skb->transport_header +
864 offsetof(struct nd_msg, opt));
865 struct ndisc_options ndopts;
866 struct net_device *dev = skb->dev;
867 struct inet6_ifaddr *ifp;
868 struct neighbour *neigh;
869
870 if (skb->len < sizeof(struct nd_msg)) {
871 ND_PRINTK2(KERN_WARNING
872 "ICMPv6 NA: packet too short\n");
873 return;
874 }
875
876 if (ipv6_addr_is_multicast(&msg->target)) {
877 ND_PRINTK2(KERN_WARNING
878 "ICMPv6 NA: target address is multicast.\n");
879 return;
880 }
881
882 if (ipv6_addr_is_multicast(daddr) &&
883 msg->icmph.icmp6_solicited) {
884 ND_PRINTK2(KERN_WARNING
885 "ICMPv6 NA: solicited NA is multicasted.\n");
886 return;
887 }
888
889 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
890 ND_PRINTK2(KERN_WARNING
891 "ICMPv6 NS: invalid ND option\n");
892 return;
893 }
894 if (ndopts.nd_opts_tgt_lladdr) {
895 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
896 if (!lladdr) {
897 ND_PRINTK2(KERN_WARNING
898 "ICMPv6 NA: invalid link-layer address length\n");
899 return;
900 }
901 }
902 if ((ifp = ipv6_get_ifaddr(&msg->target, dev, 1))) {
903 if (ifp->flags & IFA_F_TENTATIVE) {
904 addrconf_dad_failure(ifp);
905 return;
906 }
907 /* What should we make now? The advertisement
908 is invalid, but ndisc specs say nothing
909 about it. It could be misconfiguration, or
910 an smart proxy agent tries to help us :-)
911 */
912 ND_PRINTK1(KERN_WARNING
913 "ICMPv6 NA: someone advertises our address on %s!\n",
914 ifp->idev->dev->name);
915 in6_ifa_put(ifp);
916 return;
917 }
918 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
919
920 if (neigh) {
921 u8 old_flags = neigh->flags;
922
923 if (neigh->nud_state & NUD_FAILED)
924 goto out;
925
926 /*
927 * Don't update the neighbor cache entry on a proxy NA from
928 * ourselves because either the proxied node is off link or it
929 * has already sent a NA to us.
930 */
931 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
932 ipv6_devconf.forwarding && ipv6_devconf.proxy_ndp &&
933 pneigh_lookup(&nd_tbl, &init_net, &msg->target, dev, 0)) {
934 /* XXX: idev->cnf.prixy_ndp */
935 goto out;
936 }
937
938 neigh_update(neigh, lladdr,
939 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
940 NEIGH_UPDATE_F_WEAK_OVERRIDE|
941 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
942 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
943 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0));
944
945 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
946 /*
947 * Change: router to host
948 */
949 struct rt6_info *rt;
950 rt = rt6_get_dflt_router(saddr, dev);
951 if (rt)
952 ip6_del_rt(rt);
953 }
954
955 out:
956 neigh_release(neigh);
957 }
958 }
959
960 static void ndisc_recv_rs(struct sk_buff *skb)
961 {
962 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
963 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
964 struct neighbour *neigh;
965 struct inet6_dev *idev;
966 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
967 struct ndisc_options ndopts;
968 u8 *lladdr = NULL;
969
970 if (skb->len < sizeof(*rs_msg))
971 return;
972
973 idev = in6_dev_get(skb->dev);
974 if (!idev) {
975 if (net_ratelimit())
976 ND_PRINTK1("ICMP6 RS: can't find in6 device\n");
977 return;
978 }
979
980 /* Don't accept RS if we're not in router mode */
981 if (!idev->cnf.forwarding)
982 goto out;
983
984 /*
985 * Don't update NCE if src = ::;
986 * this implies that the source node has no ip address assigned yet.
987 */
988 if (ipv6_addr_any(saddr))
989 goto out;
990
991 /* Parse ND options */
992 if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) {
993 if (net_ratelimit())
994 ND_PRINTK2("ICMP6 NS: invalid ND option, ignored\n");
995 goto out;
996 }
997
998 if (ndopts.nd_opts_src_lladdr) {
999 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1000 skb->dev);
1001 if (!lladdr)
1002 goto out;
1003 }
1004
1005 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1006 if (neigh) {
1007 neigh_update(neigh, lladdr, NUD_STALE,
1008 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1009 NEIGH_UPDATE_F_OVERRIDE|
1010 NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
1011 neigh_release(neigh);
1012 }
1013 out:
1014 in6_dev_put(idev);
1015 }
1016
1017 static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1018 {
1019 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1020 struct sk_buff *skb;
1021 struct nlmsghdr *nlh;
1022 struct nduseroptmsg *ndmsg;
1023 int err;
1024 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1025 + (opt->nd_opt_len << 3));
1026 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1027
1028 skb = nlmsg_new(msg_size, GFP_ATOMIC);
1029 if (skb == NULL) {
1030 err = -ENOBUFS;
1031 goto errout;
1032 }
1033
1034 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1035 if (nlh == NULL) {
1036 goto nla_put_failure;
1037 }
1038
1039 ndmsg = nlmsg_data(nlh);
1040 ndmsg->nduseropt_family = AF_INET6;
1041 ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1042 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1043 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1044 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1045
1046 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1047
1048 NLA_PUT(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr),
1049 &ipv6_hdr(ra)->saddr);
1050 nlmsg_end(skb, nlh);
1051
1052 err = rtnl_notify(skb, &init_net, 0, RTNLGRP_ND_USEROPT, NULL,
1053 GFP_ATOMIC);
1054 if (err < 0)
1055 goto errout;
1056
1057 return;
1058
1059 nla_put_failure:
1060 nlmsg_free(skb);
1061 err = -EMSGSIZE;
1062 errout:
1063 rtnl_set_sk_err(&init_net, RTNLGRP_ND_USEROPT, err);
1064 }
1065
1066 static void ndisc_router_discovery(struct sk_buff *skb)
1067 {
1068 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1069 struct neighbour *neigh = NULL;
1070 struct inet6_dev *in6_dev;
1071 struct rt6_info *rt = NULL;
1072 int lifetime;
1073 struct ndisc_options ndopts;
1074 int optlen;
1075 unsigned int pref = 0;
1076
1077 __u8 * opt = (__u8 *)(ra_msg + 1);
1078
1079 optlen = (skb->tail - skb->transport_header) - sizeof(struct ra_msg);
1080
1081 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1082 ND_PRINTK2(KERN_WARNING
1083 "ICMPv6 RA: source address is not link-local.\n");
1084 return;
1085 }
1086 if (optlen < 0) {
1087 ND_PRINTK2(KERN_WARNING
1088 "ICMPv6 RA: packet too short\n");
1089 return;
1090 }
1091
1092 /*
1093 * set the RA_RECV flag in the interface
1094 */
1095
1096 in6_dev = in6_dev_get(skb->dev);
1097 if (in6_dev == NULL) {
1098 ND_PRINTK0(KERN_ERR
1099 "ICMPv6 RA: can't find inet6 device for %s.\n",
1100 skb->dev->name);
1101 return;
1102 }
1103 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_ra) {
1104 in6_dev_put(in6_dev);
1105 return;
1106 }
1107
1108 if (!ndisc_parse_options(opt, optlen, &ndopts)) {
1109 in6_dev_put(in6_dev);
1110 ND_PRINTK2(KERN_WARNING
1111 "ICMP6 RA: invalid ND options\n");
1112 return;
1113 }
1114
1115 if (in6_dev->if_flags & IF_RS_SENT) {
1116 /*
1117 * flag that an RA was received after an RS was sent
1118 * out on this interface.
1119 */
1120 in6_dev->if_flags |= IF_RA_RCVD;
1121 }
1122
1123 /*
1124 * Remember the managed/otherconf flags from most recently
1125 * received RA message (RFC 2462) -- yoshfuji
1126 */
1127 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1128 IF_RA_OTHERCONF)) |
1129 (ra_msg->icmph.icmp6_addrconf_managed ?
1130 IF_RA_MANAGED : 0) |
1131 (ra_msg->icmph.icmp6_addrconf_other ?
1132 IF_RA_OTHERCONF : 0);
1133
1134 if (!in6_dev->cnf.accept_ra_defrtr)
1135 goto skip_defrtr;
1136
1137 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1138
1139 #ifdef CONFIG_IPV6_ROUTER_PREF
1140 pref = ra_msg->icmph.icmp6_router_pref;
1141 /* 10b is handled as if it were 00b (medium) */
1142 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1143 !in6_dev->cnf.accept_ra_rtr_pref)
1144 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1145 #endif
1146
1147 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1148
1149 if (rt)
1150 neigh = rt->rt6i_nexthop;
1151
1152 if (rt && lifetime == 0) {
1153 neigh_clone(neigh);
1154 ip6_del_rt(rt);
1155 rt = NULL;
1156 }
1157
1158 if (rt == NULL && lifetime) {
1159 ND_PRINTK3(KERN_DEBUG
1160 "ICMPv6 RA: adding default router.\n");
1161
1162 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
1163 if (rt == NULL) {
1164 ND_PRINTK0(KERN_ERR
1165 "ICMPv6 RA: %s() failed to add default route.\n",
1166 __FUNCTION__);
1167 in6_dev_put(in6_dev);
1168 return;
1169 }
1170
1171 neigh = rt->rt6i_nexthop;
1172 if (neigh == NULL) {
1173 ND_PRINTK0(KERN_ERR
1174 "ICMPv6 RA: %s() got default router without neighbour.\n",
1175 __FUNCTION__);
1176 dst_release(&rt->u.dst);
1177 in6_dev_put(in6_dev);
1178 return;
1179 }
1180 neigh->flags |= NTF_ROUTER;
1181 } else if (rt) {
1182 rt->rt6i_flags |= (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1183 }
1184
1185 if (rt)
1186 rt->rt6i_expires = jiffies + (HZ * lifetime);
1187
1188 if (ra_msg->icmph.icmp6_hop_limit) {
1189 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1190 if (rt)
1191 rt->u.dst.metrics[RTAX_HOPLIMIT-1] = ra_msg->icmph.icmp6_hop_limit;
1192 }
1193
1194 skip_defrtr:
1195
1196 /*
1197 * Update Reachable Time and Retrans Timer
1198 */
1199
1200 if (in6_dev->nd_parms) {
1201 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1202
1203 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1204 rtime = (rtime*HZ)/1000;
1205 if (rtime < HZ/10)
1206 rtime = HZ/10;
1207 in6_dev->nd_parms->retrans_time = rtime;
1208 in6_dev->tstamp = jiffies;
1209 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1210 }
1211
1212 rtime = ntohl(ra_msg->reachable_time);
1213 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1214 rtime = (rtime*HZ)/1000;
1215
1216 if (rtime < HZ/10)
1217 rtime = HZ/10;
1218
1219 if (rtime != in6_dev->nd_parms->base_reachable_time) {
1220 in6_dev->nd_parms->base_reachable_time = rtime;
1221 in6_dev->nd_parms->gc_staletime = 3 * rtime;
1222 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1223 in6_dev->tstamp = jiffies;
1224 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1225 }
1226 }
1227 }
1228
1229 /*
1230 * Process options.
1231 */
1232
1233 if (!neigh)
1234 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1235 skb->dev, 1);
1236 if (neigh) {
1237 u8 *lladdr = NULL;
1238 if (ndopts.nd_opts_src_lladdr) {
1239 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1240 skb->dev);
1241 if (!lladdr) {
1242 ND_PRINTK2(KERN_WARNING
1243 "ICMPv6 RA: invalid link-layer address length\n");
1244 goto out;
1245 }
1246 }
1247 neigh_update(neigh, lladdr, NUD_STALE,
1248 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1249 NEIGH_UPDATE_F_OVERRIDE|
1250 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1251 NEIGH_UPDATE_F_ISROUTER);
1252 }
1253
1254 #ifdef CONFIG_IPV6_ROUTE_INFO
1255 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1256 struct nd_opt_hdr *p;
1257 for (p = ndopts.nd_opts_ri;
1258 p;
1259 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1260 if (((struct route_info *)p)->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1261 continue;
1262 rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3,
1263 &ipv6_hdr(skb)->saddr);
1264 }
1265 }
1266 #endif
1267
1268 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1269 struct nd_opt_hdr *p;
1270 for (p = ndopts.nd_opts_pi;
1271 p;
1272 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1273 addrconf_prefix_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3);
1274 }
1275 }
1276
1277 if (ndopts.nd_opts_mtu) {
1278 __be32 n;
1279 u32 mtu;
1280
1281 memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1282 mtu = ntohl(n);
1283
1284 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1285 ND_PRINTK2(KERN_WARNING
1286 "ICMPv6 RA: invalid mtu: %d\n",
1287 mtu);
1288 } else if (in6_dev->cnf.mtu6 != mtu) {
1289 in6_dev->cnf.mtu6 = mtu;
1290
1291 if (rt)
1292 rt->u.dst.metrics[RTAX_MTU-1] = mtu;
1293
1294 rt6_mtu_change(skb->dev, mtu);
1295 }
1296 }
1297
1298 if (ndopts.nd_useropts) {
1299 struct nd_opt_hdr *opt;
1300 for (opt = ndopts.nd_useropts;
1301 opt;
1302 opt = ndisc_next_useropt(opt, ndopts.nd_useropts_end)) {
1303 ndisc_ra_useropt(skb, opt);
1304 }
1305 }
1306
1307 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1308 ND_PRINTK2(KERN_WARNING
1309 "ICMPv6 RA: invalid RA options");
1310 }
1311 out:
1312 if (rt)
1313 dst_release(&rt->u.dst);
1314 else if (neigh)
1315 neigh_release(neigh);
1316 in6_dev_put(in6_dev);
1317 }
1318
1319 static void ndisc_redirect_rcv(struct sk_buff *skb)
1320 {
1321 struct inet6_dev *in6_dev;
1322 struct icmp6hdr *icmph;
1323 struct in6_addr *dest;
1324 struct in6_addr *target; /* new first hop to destination */
1325 struct neighbour *neigh;
1326 int on_link = 0;
1327 struct ndisc_options ndopts;
1328 int optlen;
1329 u8 *lladdr = NULL;
1330
1331 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1332 ND_PRINTK2(KERN_WARNING
1333 "ICMPv6 Redirect: source address is not link-local.\n");
1334 return;
1335 }
1336
1337 optlen = skb->tail - skb->transport_header;
1338 optlen -= sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1339
1340 if (optlen < 0) {
1341 ND_PRINTK2(KERN_WARNING
1342 "ICMPv6 Redirect: packet too short\n");
1343 return;
1344 }
1345
1346 icmph = icmp6_hdr(skb);
1347 target = (struct in6_addr *) (icmph + 1);
1348 dest = target + 1;
1349
1350 if (ipv6_addr_is_multicast(dest)) {
1351 ND_PRINTK2(KERN_WARNING
1352 "ICMPv6 Redirect: destination address is multicast.\n");
1353 return;
1354 }
1355
1356 if (ipv6_addr_equal(dest, target)) {
1357 on_link = 1;
1358 } else if (ipv6_addr_type(target) !=
1359 (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1360 ND_PRINTK2(KERN_WARNING
1361 "ICMPv6 Redirect: target address is not link-local unicast.\n");
1362 return;
1363 }
1364
1365 in6_dev = in6_dev_get(skb->dev);
1366 if (!in6_dev)
1367 return;
1368 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects) {
1369 in6_dev_put(in6_dev);
1370 return;
1371 }
1372
1373 /* RFC2461 8.1:
1374 * The IP source address of the Redirect MUST be the same as the current
1375 * first-hop router for the specified ICMP Destination Address.
1376 */
1377
1378 if (!ndisc_parse_options((u8*)(dest + 1), optlen, &ndopts)) {
1379 ND_PRINTK2(KERN_WARNING
1380 "ICMPv6 Redirect: invalid ND options\n");
1381 in6_dev_put(in6_dev);
1382 return;
1383 }
1384 if (ndopts.nd_opts_tgt_lladdr) {
1385 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr,
1386 skb->dev);
1387 if (!lladdr) {
1388 ND_PRINTK2(KERN_WARNING
1389 "ICMPv6 Redirect: invalid link-layer address length\n");
1390 in6_dev_put(in6_dev);
1391 return;
1392 }
1393 }
1394
1395 neigh = __neigh_lookup(&nd_tbl, target, skb->dev, 1);
1396 if (neigh) {
1397 rt6_redirect(dest, &ipv6_hdr(skb)->daddr,
1398 &ipv6_hdr(skb)->saddr, neigh, lladdr,
1399 on_link);
1400 neigh_release(neigh);
1401 }
1402 in6_dev_put(in6_dev);
1403 }
1404
1405 void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh,
1406 struct in6_addr *target)
1407 {
1408 struct sock *sk = ndisc_socket->sk;
1409 int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1410 struct sk_buff *buff;
1411 struct icmp6hdr *icmph;
1412 struct in6_addr saddr_buf;
1413 struct in6_addr *addrp;
1414 struct net_device *dev;
1415 struct rt6_info *rt;
1416 struct dst_entry *dst;
1417 struct inet6_dev *idev;
1418 struct flowi fl;
1419 u8 *opt;
1420 int rd_len;
1421 int err;
1422 int hlen;
1423 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL;
1424
1425 dev = skb->dev;
1426
1427 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1428 ND_PRINTK2(KERN_WARNING
1429 "ICMPv6 Redirect: no link-local address on %s\n",
1430 dev->name);
1431 return;
1432 }
1433
1434 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1435 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1436 ND_PRINTK2(KERN_WARNING
1437 "ICMPv6 Redirect: target address is not link-local unicast.\n");
1438 return;
1439 }
1440
1441 ndisc_flow_init(&fl, NDISC_REDIRECT, &saddr_buf, &ipv6_hdr(skb)->saddr,
1442 dev->ifindex);
1443
1444 dst = ip6_route_output(NULL, &fl);
1445 if (dst == NULL)
1446 return;
1447
1448 err = xfrm_lookup(&dst, &fl, NULL, 0);
1449 if (err)
1450 return;
1451
1452 rt = (struct rt6_info *) dst;
1453
1454 if (rt->rt6i_flags & RTF_GATEWAY) {
1455 ND_PRINTK2(KERN_WARNING
1456 "ICMPv6 Redirect: destination is not a neighbour.\n");
1457 dst_release(dst);
1458 return;
1459 }
1460 if (!xrlim_allow(dst, 1*HZ)) {
1461 dst_release(dst);
1462 return;
1463 }
1464
1465 if (dev->addr_len) {
1466 read_lock_bh(&neigh->lock);
1467 if (neigh->nud_state & NUD_VALID) {
1468 memcpy(ha_buf, neigh->ha, dev->addr_len);
1469 read_unlock_bh(&neigh->lock);
1470 ha = ha_buf;
1471 len += ndisc_opt_addr_space(dev);
1472 } else
1473 read_unlock_bh(&neigh->lock);
1474 }
1475
1476 rd_len = min_t(unsigned int,
1477 IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8);
1478 rd_len &= ~0x7;
1479 len += rd_len;
1480
1481 buff = sock_alloc_send_skb(sk,
1482 (MAX_HEADER + sizeof(struct ipv6hdr) +
1483 len + LL_RESERVED_SPACE(dev)),
1484 1, &err);
1485 if (buff == NULL) {
1486 ND_PRINTK0(KERN_ERR
1487 "ICMPv6 Redirect: %s() failed to allocate an skb.\n",
1488 __FUNCTION__);
1489 dst_release(dst);
1490 return;
1491 }
1492
1493 hlen = 0;
1494
1495 skb_reserve(buff, LL_RESERVED_SPACE(dev));
1496 ip6_nd_hdr(sk, buff, dev, &saddr_buf, &ipv6_hdr(skb)->saddr,
1497 IPPROTO_ICMPV6, len);
1498
1499 skb_set_transport_header(buff, skb_tail_pointer(buff) - buff->data);
1500 skb_put(buff, len);
1501 icmph = icmp6_hdr(buff);
1502
1503 memset(icmph, 0, sizeof(struct icmp6hdr));
1504 icmph->icmp6_type = NDISC_REDIRECT;
1505
1506 /*
1507 * copy target and destination addresses
1508 */
1509
1510 addrp = (struct in6_addr *)(icmph + 1);
1511 ipv6_addr_copy(addrp, target);
1512 addrp++;
1513 ipv6_addr_copy(addrp, &ipv6_hdr(skb)->daddr);
1514
1515 opt = (u8*) (addrp + 1);
1516
1517 /*
1518 * include target_address option
1519 */
1520
1521 if (ha)
1522 opt = ndisc_fill_addr_option(opt, ND_OPT_TARGET_LL_ADDR, ha,
1523 dev->addr_len, dev->type);
1524
1525 /*
1526 * build redirect option and copy skb over to the new packet.
1527 */
1528
1529 memset(opt, 0, 8);
1530 *(opt++) = ND_OPT_REDIRECT_HDR;
1531 *(opt++) = (rd_len >> 3);
1532 opt += 6;
1533
1534 memcpy(opt, ipv6_hdr(skb), rd_len - 8);
1535
1536 icmph->icmp6_cksum = csum_ipv6_magic(&saddr_buf, &ipv6_hdr(skb)->saddr,
1537 len, IPPROTO_ICMPV6,
1538 csum_partial((u8 *) icmph, len, 0));
1539
1540 buff->dst = dst;
1541 idev = in6_dev_get(dst->dev);
1542 IP6_INC_STATS(idev, IPSTATS_MIB_OUTREQUESTS);
1543 err = NF_HOOK(PF_INET6, NF_INET_LOCAL_OUT, buff, NULL, dst->dev,
1544 dst_output);
1545 if (!err) {
1546 ICMP6MSGOUT_INC_STATS(idev, NDISC_REDIRECT);
1547 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS);
1548 }
1549
1550 if (likely(idev != NULL))
1551 in6_dev_put(idev);
1552 }
1553
1554 static void pndisc_redo(struct sk_buff *skb)
1555 {
1556 ndisc_recv_ns(skb);
1557 kfree_skb(skb);
1558 }
1559
1560 int ndisc_rcv(struct sk_buff *skb)
1561 {
1562 struct nd_msg *msg;
1563
1564 if (!pskb_may_pull(skb, skb->len))
1565 return 0;
1566
1567 msg = (struct nd_msg *)skb_transport_header(skb);
1568
1569 __skb_push(skb, skb->data - skb_transport_header(skb));
1570
1571 if (ipv6_hdr(skb)->hop_limit != 255) {
1572 ND_PRINTK2(KERN_WARNING
1573 "ICMPv6 NDISC: invalid hop-limit: %d\n",
1574 ipv6_hdr(skb)->hop_limit);
1575 return 0;
1576 }
1577
1578 if (msg->icmph.icmp6_code != 0) {
1579 ND_PRINTK2(KERN_WARNING
1580 "ICMPv6 NDISC: invalid ICMPv6 code: %d\n",
1581 msg->icmph.icmp6_code);
1582 return 0;
1583 }
1584
1585 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1586
1587 switch (msg->icmph.icmp6_type) {
1588 case NDISC_NEIGHBOUR_SOLICITATION:
1589 ndisc_recv_ns(skb);
1590 break;
1591
1592 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1593 ndisc_recv_na(skb);
1594 break;
1595
1596 case NDISC_ROUTER_SOLICITATION:
1597 ndisc_recv_rs(skb);
1598 break;
1599
1600 case NDISC_ROUTER_ADVERTISEMENT:
1601 ndisc_router_discovery(skb);
1602 break;
1603
1604 case NDISC_REDIRECT:
1605 ndisc_redirect_rcv(skb);
1606 break;
1607 }
1608
1609 return 0;
1610 }
1611
1612 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1613 {
1614 struct net_device *dev = ptr;
1615
1616 if (dev->nd_net != &init_net)
1617 return NOTIFY_DONE;
1618
1619 switch (event) {
1620 case NETDEV_CHANGEADDR:
1621 neigh_changeaddr(&nd_tbl, dev);
1622 fib6_run_gc(~0UL);
1623 break;
1624 case NETDEV_DOWN:
1625 neigh_ifdown(&nd_tbl, dev);
1626 fib6_run_gc(~0UL);
1627 break;
1628 default:
1629 break;
1630 }
1631
1632 return NOTIFY_DONE;
1633 }
1634
1635 static struct notifier_block ndisc_netdev_notifier = {
1636 .notifier_call = ndisc_netdev_event,
1637 };
1638
1639 #ifdef CONFIG_SYSCTL
1640 static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1641 const char *func, const char *dev_name)
1642 {
1643 static char warncomm[TASK_COMM_LEN];
1644 static int warned;
1645 if (strcmp(warncomm, current->comm) && warned < 5) {
1646 strcpy(warncomm, current->comm);
1647 printk(KERN_WARNING
1648 "process `%s' is using deprecated sysctl (%s) "
1649 "net.ipv6.neigh.%s.%s; "
1650 "Use net.ipv6.neigh.%s.%s_ms "
1651 "instead.\n",
1652 warncomm, func,
1653 dev_name, ctl->procname,
1654 dev_name, ctl->procname);
1655 warned++;
1656 }
1657 }
1658
1659 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, struct file * filp, void __user *buffer, size_t *lenp, loff_t *ppos)
1660 {
1661 struct net_device *dev = ctl->extra1;
1662 struct inet6_dev *idev;
1663 int ret;
1664
1665 if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1666 (strcmp(ctl->procname, "base_reachable_time") == 0))
1667 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1668
1669 if (strcmp(ctl->procname, "retrans_time") == 0)
1670 ret = proc_dointvec(ctl, write, filp, buffer, lenp, ppos);
1671
1672 else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1673 ret = proc_dointvec_jiffies(ctl, write,
1674 filp, buffer, lenp, ppos);
1675
1676 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1677 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1678 ret = proc_dointvec_ms_jiffies(ctl, write,
1679 filp, buffer, lenp, ppos);
1680 else
1681 ret = -1;
1682
1683 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1684 if (ctl->data == &idev->nd_parms->base_reachable_time)
1685 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time);
1686 idev->tstamp = jiffies;
1687 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1688 in6_dev_put(idev);
1689 }
1690 return ret;
1691 }
1692
1693 static int ndisc_ifinfo_sysctl_strategy(ctl_table *ctl, int __user *name,
1694 int nlen, void __user *oldval,
1695 size_t __user *oldlenp,
1696 void __user *newval, size_t newlen)
1697 {
1698 struct net_device *dev = ctl->extra1;
1699 struct inet6_dev *idev;
1700 int ret;
1701
1702 if (ctl->ctl_name == NET_NEIGH_RETRANS_TIME ||
1703 ctl->ctl_name == NET_NEIGH_REACHABLE_TIME)
1704 ndisc_warn_deprecated_sysctl(ctl, "procfs", dev ? dev->name : "default");
1705
1706 switch (ctl->ctl_name) {
1707 case NET_NEIGH_REACHABLE_TIME:
1708 ret = sysctl_jiffies(ctl, name, nlen,
1709 oldval, oldlenp, newval, newlen);
1710 break;
1711 case NET_NEIGH_RETRANS_TIME_MS:
1712 case NET_NEIGH_REACHABLE_TIME_MS:
1713 ret = sysctl_ms_jiffies(ctl, name, nlen,
1714 oldval, oldlenp, newval, newlen);
1715 break;
1716 default:
1717 ret = 0;
1718 }
1719
1720 if (newval && newlen && ret > 0 &&
1721 dev && (idev = in6_dev_get(dev)) != NULL) {
1722 if (ctl->ctl_name == NET_NEIGH_REACHABLE_TIME ||
1723 ctl->ctl_name == NET_NEIGH_REACHABLE_TIME_MS)
1724 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time);
1725 idev->tstamp = jiffies;
1726 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1727 in6_dev_put(idev);
1728 }
1729
1730 return ret;
1731 }
1732
1733 #endif
1734
1735 int __init ndisc_init(struct net_proto_family *ops)
1736 {
1737 struct ipv6_pinfo *np;
1738 struct sock *sk;
1739 int err;
1740
1741 err = sock_create_kern(PF_INET6, SOCK_RAW, IPPROTO_ICMPV6, &ndisc_socket);
1742 if (err < 0) {
1743 ND_PRINTK0(KERN_ERR
1744 "ICMPv6 NDISC: Failed to initialize the control socket (err %d).\n",
1745 err);
1746 ndisc_socket = NULL; /* For safety. */
1747 return err;
1748 }
1749
1750 sk = ndisc_socket->sk;
1751 np = inet6_sk(sk);
1752 sk->sk_allocation = GFP_ATOMIC;
1753 np->hop_limit = 255;
1754 /* Do not loopback ndisc messages */
1755 np->mc_loop = 0;
1756 sk->sk_prot->unhash(sk);
1757
1758 /*
1759 * Initialize the neighbour table
1760 */
1761
1762 neigh_table_init(&nd_tbl);
1763
1764 #ifdef CONFIG_SYSCTL
1765 neigh_sysctl_register(NULL, &nd_tbl.parms, NET_IPV6, NET_IPV6_NEIGH,
1766 "ipv6",
1767 &ndisc_ifinfo_sysctl_change,
1768 &ndisc_ifinfo_sysctl_strategy);
1769 #endif
1770
1771 register_netdevice_notifier(&ndisc_netdev_notifier);
1772 return 0;
1773 }
1774
1775 void ndisc_cleanup(void)
1776 {
1777 unregister_netdevice_notifier(&ndisc_netdev_notifier);
1778 #ifdef CONFIG_SYSCTL
1779 neigh_sysctl_unregister(&nd_tbl.parms);
1780 #endif
1781 neigh_table_clear(&nd_tbl);
1782 sock_release(ndisc_socket);
1783 ndisc_socket = NULL; /* For safety. */
1784 }