1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * Neighbour Discovery for IPv6
4 * Linux INET6 implementation
7 * Pedro Roque <roque@di.fc.ul.pt>
8 * Mike Shaver <shaver@ingenia.com>
14 * Alexey I. Froloff : RFC6106 (DNSSL) support
15 * Pierre Ynard : export userland ND options
16 * through netlink (RDNSS support)
17 * Lars Fenneberg : fixed MTU setting on receipt
19 * Janos Farkas : kmalloc failure checks
20 * Alexey Kuznetsov : state machine reworked
21 * and moved to net/core.
22 * Pekka Savola : RFC2461 validation
23 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly
26 #define pr_fmt(fmt) "ICMPv6: " fmt
28 #include <linux/module.h>
29 #include <linux/errno.h>
30 #include <linux/types.h>
31 #include <linux/socket.h>
32 #include <linux/sockios.h>
33 #include <linux/sched.h>
34 #include <linux/net.h>
35 #include <linux/in6.h>
36 #include <linux/route.h>
37 #include <linux/init.h>
38 #include <linux/rcupdate.h>
39 #include <linux/slab.h>
41 #include <linux/sysctl.h>
44 #include <linux/if_addr.h>
45 #include <linux/if_ether.h>
46 #include <linux/if_arp.h>
47 #include <linux/ipv6.h>
48 #include <linux/icmpv6.h>
49 #include <linux/jhash.h>
55 #include <net/protocol.h>
56 #include <net/ndisc.h>
57 #include <net/ip6_route.h>
58 #include <net/addrconf.h>
61 #include <net/netlink.h>
62 #include <linux/rtnetlink.h>
65 #include <net/ip6_checksum.h>
66 #include <net/inet_common.h>
67 #include <linux/proc_fs.h>
69 #include <linux/netfilter.h>
70 #include <linux/netfilter_ipv6.h>
72 static u32 ndisc_hash(const void *pkey,
73 const struct net_device *dev,
75 static bool ndisc_key_eq(const struct neighbour *neigh, const void *pkey);
76 static bool ndisc_allow_add(const struct net_device *dev,
77 struct netlink_ext_ack *extack);
78 static int ndisc_constructor(struct neighbour *neigh);
79 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
80 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
81 static int pndisc_constructor(struct pneigh_entry *n);
82 static void pndisc_destructor(struct pneigh_entry *n);
83 static void pndisc_redo(struct sk_buff *skb);
84 static int ndisc_is_multicast(const void *pkey);
86 static const struct neigh_ops ndisc_generic_ops = {
88 .solicit = ndisc_solicit,
89 .error_report = ndisc_error_report,
90 .output = neigh_resolve_output,
91 .connected_output = neigh_connected_output,
94 static const struct neigh_ops ndisc_hh_ops = {
96 .solicit = ndisc_solicit,
97 .error_report = ndisc_error_report,
98 .output = neigh_resolve_output,
99 .connected_output = neigh_resolve_output,
103 static const struct neigh_ops ndisc_direct_ops = {
105 .output = neigh_direct_output,
106 .connected_output = neigh_direct_output,
109 struct neigh_table nd_tbl = {
111 .key_len = sizeof(struct in6_addr),
112 .protocol = cpu_to_be16(ETH_P_IPV6),
114 .key_eq = ndisc_key_eq,
115 .constructor = ndisc_constructor,
116 .pconstructor = pndisc_constructor,
117 .pdestructor = pndisc_destructor,
118 .proxy_redo = pndisc_redo,
119 .is_multicast = ndisc_is_multicast,
120 .allow_add = ndisc_allow_add,
124 .reachable_time = ND_REACHABLE_TIME,
126 [NEIGH_VAR_MCAST_PROBES] = 3,
127 [NEIGH_VAR_UCAST_PROBES] = 3,
128 [NEIGH_VAR_RETRANS_TIME] = ND_RETRANS_TIMER,
129 [NEIGH_VAR_BASE_REACHABLE_TIME] = ND_REACHABLE_TIME,
130 [NEIGH_VAR_DELAY_PROBE_TIME] = 5 * HZ,
131 [NEIGH_VAR_GC_STALETIME] = 60 * HZ,
132 [NEIGH_VAR_QUEUE_LEN_BYTES] = SK_WMEM_MAX,
133 [NEIGH_VAR_PROXY_QLEN] = 64,
134 [NEIGH_VAR_ANYCAST_DELAY] = 1 * HZ,
135 [NEIGH_VAR_PROXY_DELAY] = (8 * HZ) / 10,
138 .gc_interval = 30 * HZ,
143 EXPORT_SYMBOL_GPL(nd_tbl);
145 void __ndisc_fill_addr_option(struct sk_buff *skb, int type, void *data,
146 int data_len, int pad)
148 int space = __ndisc_opt_addr_space(data_len, pad);
149 u8 *opt = skb_put(skb, space);
154 memset(opt + 2, 0, pad);
158 memcpy(opt+2, data, data_len);
163 memset(opt, 0, space);
165 EXPORT_SYMBOL_GPL(__ndisc_fill_addr_option);
167 static inline void ndisc_fill_addr_option(struct sk_buff *skb, int type,
168 void *data, u8 icmp6_type)
170 __ndisc_fill_addr_option(skb, type, data, skb->dev->addr_len,
171 ndisc_addr_option_pad(skb->dev->type));
172 ndisc_ops_fill_addr_option(skb->dev, skb, icmp6_type);
175 static inline void ndisc_fill_redirect_addr_option(struct sk_buff *skb,
179 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR, ha, NDISC_REDIRECT);
180 ndisc_ops_fill_redirect_addr_option(skb->dev, skb, ops_data);
183 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
184 struct nd_opt_hdr *end)
187 if (!cur || !end || cur >= end)
189 type = cur->nd_opt_type;
191 cur = ((void *)cur) + (cur->nd_opt_len << 3);
192 } while (cur < end && cur->nd_opt_type != type);
193 return cur <= end && cur->nd_opt_type == type ? cur : NULL;
196 static inline int ndisc_is_useropt(const struct net_device *dev,
197 struct nd_opt_hdr *opt)
199 return opt->nd_opt_type == ND_OPT_RDNSS ||
200 opt->nd_opt_type == ND_OPT_DNSSL ||
201 opt->nd_opt_type == ND_OPT_CAPTIVE_PORTAL ||
202 ndisc_ops_is_useropt(dev, opt->nd_opt_type);
205 static struct nd_opt_hdr *ndisc_next_useropt(const struct net_device *dev,
206 struct nd_opt_hdr *cur,
207 struct nd_opt_hdr *end)
209 if (!cur || !end || cur >= end)
212 cur = ((void *)cur) + (cur->nd_opt_len << 3);
213 } while (cur < end && !ndisc_is_useropt(dev, cur));
214 return cur <= end && ndisc_is_useropt(dev, cur) ? cur : NULL;
217 struct ndisc_options *ndisc_parse_options(const struct net_device *dev,
218 u8 *opt, int opt_len,
219 struct ndisc_options *ndopts)
221 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
223 if (!nd_opt || opt_len < 0 || !ndopts)
225 memset(ndopts, 0, sizeof(*ndopts));
228 if (opt_len < sizeof(struct nd_opt_hdr))
230 l = nd_opt->nd_opt_len << 3;
231 if (opt_len < l || l == 0)
233 if (ndisc_ops_parse_options(dev, nd_opt, ndopts))
235 switch (nd_opt->nd_opt_type) {
236 case ND_OPT_SOURCE_LL_ADDR:
237 case ND_OPT_TARGET_LL_ADDR:
240 case ND_OPT_REDIRECT_HDR:
241 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
243 "%s: duplicated ND6 option found: type=%d\n",
244 __func__, nd_opt->nd_opt_type);
246 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
249 case ND_OPT_PREFIX_INFO:
250 ndopts->nd_opts_pi_end = nd_opt;
251 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
252 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
254 #ifdef CONFIG_IPV6_ROUTE_INFO
255 case ND_OPT_ROUTE_INFO:
256 ndopts->nd_opts_ri_end = nd_opt;
257 if (!ndopts->nd_opts_ri)
258 ndopts->nd_opts_ri = nd_opt;
262 if (ndisc_is_useropt(dev, nd_opt)) {
263 ndopts->nd_useropts_end = nd_opt;
264 if (!ndopts->nd_useropts)
265 ndopts->nd_useropts = nd_opt;
268 * Unknown options must be silently ignored,
269 * to accommodate future extension to the
273 "%s: ignored unsupported option; type=%d, len=%d\n",
281 nd_opt = ((void *)nd_opt) + l;
286 int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
290 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */
292 ipv6_eth_mc_map(addr, buf);
295 ipv6_arcnet_mc_map(addr, buf);
297 case ARPHRD_INFINIBAND:
298 ipv6_ib_mc_map(addr, dev->broadcast, buf);
301 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
304 memcpy(buf, dev->broadcast, dev->addr_len);
310 EXPORT_SYMBOL(ndisc_mc_map);
312 static u32 ndisc_hash(const void *pkey,
313 const struct net_device *dev,
316 return ndisc_hashfn(pkey, dev, hash_rnd);
319 static bool ndisc_key_eq(const struct neighbour *n, const void *pkey)
321 return neigh_key_eq128(n, pkey);
324 static int ndisc_constructor(struct neighbour *neigh)
326 struct in6_addr *addr = (struct in6_addr *)&neigh->primary_key;
327 struct net_device *dev = neigh->dev;
328 struct inet6_dev *in6_dev;
329 struct neigh_parms *parms;
330 bool is_multicast = ipv6_addr_is_multicast(addr);
332 in6_dev = in6_dev_get(dev);
337 parms = in6_dev->nd_parms;
338 __neigh_parms_put(neigh->parms);
339 neigh->parms = neigh_parms_clone(parms);
341 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
342 if (!dev->header_ops) {
343 neigh->nud_state = NUD_NOARP;
344 neigh->ops = &ndisc_direct_ops;
345 neigh->output = neigh_direct_output;
348 neigh->nud_state = NUD_NOARP;
349 ndisc_mc_map(addr, neigh->ha, dev, 1);
350 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
351 neigh->nud_state = NUD_NOARP;
352 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
353 if (dev->flags&IFF_LOOPBACK)
354 neigh->type = RTN_LOCAL;
355 } else if (dev->flags&IFF_POINTOPOINT) {
356 neigh->nud_state = NUD_NOARP;
357 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
359 if (dev->header_ops->cache)
360 neigh->ops = &ndisc_hh_ops;
362 neigh->ops = &ndisc_generic_ops;
363 if (neigh->nud_state&NUD_VALID)
364 neigh->output = neigh->ops->connected_output;
366 neigh->output = neigh->ops->output;
368 in6_dev_put(in6_dev);
372 static int pndisc_constructor(struct pneigh_entry *n)
374 struct in6_addr *addr = (struct in6_addr *)&n->key;
375 struct in6_addr maddr;
376 struct net_device *dev = n->dev;
378 if (!dev || !__in6_dev_get(dev))
380 addrconf_addr_solict_mult(addr, &maddr);
381 ipv6_dev_mc_inc(dev, &maddr);
385 static void pndisc_destructor(struct pneigh_entry *n)
387 struct in6_addr *addr = (struct in6_addr *)&n->key;
388 struct in6_addr maddr;
389 struct net_device *dev = n->dev;
391 if (!dev || !__in6_dev_get(dev))
393 addrconf_addr_solict_mult(addr, &maddr);
394 ipv6_dev_mc_dec(dev, &maddr);
397 /* called with rtnl held */
398 static bool ndisc_allow_add(const struct net_device *dev,
399 struct netlink_ext_ack *extack)
401 struct inet6_dev *idev = __in6_dev_get(dev);
403 if (!idev || idev->cnf.disable_ipv6) {
404 NL_SET_ERR_MSG(extack, "IPv6 is disabled on this device");
411 static struct sk_buff *ndisc_alloc_skb(struct net_device *dev,
414 int hlen = LL_RESERVED_SPACE(dev);
415 int tlen = dev->needed_tailroom;
416 struct sock *sk = dev_net(dev)->ipv6.ndisc_sk;
419 skb = alloc_skb(hlen + sizeof(struct ipv6hdr) + len + tlen, GFP_ATOMIC);
421 ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb\n",
426 skb->protocol = htons(ETH_P_IPV6);
429 skb_reserve(skb, hlen + sizeof(struct ipv6hdr));
430 skb_reset_transport_header(skb);
432 /* Manually assign socket ownership as we avoid calling
433 * sock_alloc_send_pskb() to bypass wmem buffer limits
435 skb_set_owner_w(skb, sk);
440 static void ip6_nd_hdr(struct sk_buff *skb,
441 const struct in6_addr *saddr,
442 const struct in6_addr *daddr,
443 int hop_limit, int len)
446 struct inet6_dev *idev;
450 idev = __in6_dev_get(skb->dev);
451 tclass = idev ? idev->cnf.ndisc_tclass : 0;
454 skb_push(skb, sizeof(*hdr));
455 skb_reset_network_header(skb);
458 ip6_flow_hdr(hdr, tclass, 0);
460 hdr->payload_len = htons(len);
461 hdr->nexthdr = IPPROTO_ICMPV6;
462 hdr->hop_limit = hop_limit;
468 static void ndisc_send_skb(struct sk_buff *skb,
469 const struct in6_addr *daddr,
470 const struct in6_addr *saddr)
472 struct dst_entry *dst = skb_dst(skb);
473 struct net *net = dev_net(skb->dev);
474 struct sock *sk = net->ipv6.ndisc_sk;
475 struct inet6_dev *idev;
477 struct icmp6hdr *icmp6h = icmp6_hdr(skb);
480 type = icmp6h->icmp6_type;
484 int oif = skb->dev->ifindex;
486 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, oif);
487 dst = icmp6_dst_alloc(skb->dev, &fl6);
493 skb_dst_set(skb, dst);
496 icmp6h->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len,
501 ip6_nd_hdr(skb, saddr, daddr, inet6_sk(sk)->hop_limit, skb->len);
504 idev = __in6_dev_get(dst->dev);
505 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
507 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT,
508 net, sk, skb, NULL, dst->dev,
511 ICMP6MSGOUT_INC_STATS(net, idev, type);
512 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
518 void ndisc_send_na(struct net_device *dev, const struct in6_addr *daddr,
519 const struct in6_addr *solicited_addr,
520 bool router, bool solicited, bool override, bool inc_opt)
523 struct in6_addr tmpaddr;
524 struct inet6_ifaddr *ifp;
525 const struct in6_addr *src_addr;
529 /* for anycast or proxy, solicited_addr != src_addr */
530 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
532 src_addr = solicited_addr;
533 if (ifp->flags & IFA_F_OPTIMISTIC)
535 inc_opt |= ifp->idev->cnf.force_tllao;
538 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
539 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
548 optlen += ndisc_opt_addr_space(dev,
549 NDISC_NEIGHBOUR_ADVERTISEMENT);
551 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
555 msg = skb_put(skb, sizeof(*msg));
556 *msg = (struct nd_msg) {
558 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
559 .icmp6_router = router,
560 .icmp6_solicited = solicited,
561 .icmp6_override = override,
563 .target = *solicited_addr,
567 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR,
569 NDISC_NEIGHBOUR_ADVERTISEMENT);
571 ndisc_send_skb(skb, daddr, src_addr);
574 static void ndisc_send_unsol_na(struct net_device *dev)
576 struct inet6_dev *idev;
577 struct inet6_ifaddr *ifa;
579 idev = in6_dev_get(dev);
583 read_lock_bh(&idev->lock);
584 list_for_each_entry(ifa, &idev->addr_list, if_list) {
585 /* skip tentative addresses until dad completes */
586 if (ifa->flags & IFA_F_TENTATIVE &&
587 !(ifa->flags & IFA_F_OPTIMISTIC))
590 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &ifa->addr,
591 /*router=*/ !!idev->cnf.forwarding,
592 /*solicited=*/ false, /*override=*/ true,
595 read_unlock_bh(&idev->lock);
600 void ndisc_send_ns(struct net_device *dev, const struct in6_addr *solicit,
601 const struct in6_addr *daddr, const struct in6_addr *saddr,
605 struct in6_addr addr_buf;
606 int inc_opt = dev->addr_len;
611 if (ipv6_get_lladdr(dev, &addr_buf,
612 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
617 if (ipv6_addr_any(saddr))
620 optlen += ndisc_opt_addr_space(dev,
621 NDISC_NEIGHBOUR_SOLICITATION);
625 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
629 msg = skb_put(skb, sizeof(*msg));
630 *msg = (struct nd_msg) {
632 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
638 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
640 NDISC_NEIGHBOUR_SOLICITATION);
642 u8 *opt = skb_put(skb, 8);
644 opt[0] = ND_OPT_NONCE;
646 memcpy(opt + 2, &nonce, 6);
649 ndisc_send_skb(skb, daddr, saddr);
652 void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
653 const struct in6_addr *daddr)
657 int send_sllao = dev->addr_len;
660 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
662 * According to section 2.2 of RFC 4429, we must not
663 * send router solicitations with a sllao from
664 * optimistic addresses, but we may send the solicitation
665 * if we don't include the sllao. So here we check
666 * if our address is optimistic, and if so, we
667 * suppress the inclusion of the sllao.
670 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
673 if (ifp->flags & IFA_F_OPTIMISTIC) {
683 optlen += ndisc_opt_addr_space(dev, NDISC_ROUTER_SOLICITATION);
685 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
689 msg = skb_put(skb, sizeof(*msg));
690 *msg = (struct rs_msg) {
692 .icmp6_type = NDISC_ROUTER_SOLICITATION,
697 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
699 NDISC_ROUTER_SOLICITATION);
701 ndisc_send_skb(skb, daddr, saddr);
705 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
708 * "The sender MUST return an ICMP
709 * destination unreachable"
711 dst_link_failure(skb);
715 /* Called with locked neigh: either read or both */
717 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
719 struct in6_addr *saddr = NULL;
720 struct in6_addr mcaddr;
721 struct net_device *dev = neigh->dev;
722 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
723 int probes = atomic_read(&neigh->probes);
725 if (skb && ipv6_chk_addr_and_flags(dev_net(dev), &ipv6_hdr(skb)->saddr,
727 IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))
728 saddr = &ipv6_hdr(skb)->saddr;
729 probes -= NEIGH_VAR(neigh->parms, UCAST_PROBES);
731 if (!(neigh->nud_state & NUD_VALID)) {
733 "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
736 ndisc_send_ns(dev, target, target, saddr, 0);
737 } else if ((probes -= NEIGH_VAR(neigh->parms, APP_PROBES)) < 0) {
740 addrconf_addr_solict_mult(target, &mcaddr);
741 ndisc_send_ns(dev, target, &mcaddr, saddr, 0);
745 static int pndisc_is_router(const void *pkey,
746 struct net_device *dev)
748 struct pneigh_entry *n;
751 read_lock_bh(&nd_tbl.lock);
752 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
754 ret = !!(n->flags & NTF_ROUTER);
755 read_unlock_bh(&nd_tbl.lock);
760 void ndisc_update(const struct net_device *dev, struct neighbour *neigh,
761 const u8 *lladdr, u8 new, u32 flags, u8 icmp6_type,
762 struct ndisc_options *ndopts)
764 neigh_update(neigh, lladdr, new, flags, 0);
765 /* report ndisc ops about neighbour update */
766 ndisc_ops_update(dev, neigh, flags, icmp6_type, ndopts);
769 static void ndisc_recv_ns(struct sk_buff *skb)
771 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
772 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
773 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
775 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
776 offsetof(struct nd_msg, opt));
777 struct ndisc_options ndopts;
778 struct net_device *dev = skb->dev;
779 struct inet6_ifaddr *ifp;
780 struct inet6_dev *idev = NULL;
781 struct neighbour *neigh;
782 int dad = ipv6_addr_any(saddr);
787 if (skb->len < sizeof(struct nd_msg)) {
788 ND_PRINTK(2, warn, "NS: packet too short\n");
792 if (ipv6_addr_is_multicast(&msg->target)) {
793 ND_PRINTK(2, warn, "NS: multicast target address\n");
799 * DAD has to be destined for solicited node multicast address.
801 if (dad && !ipv6_addr_is_solict_mult(daddr)) {
802 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
806 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
807 ND_PRINTK(2, warn, "NS: invalid ND options\n");
811 if (ndopts.nd_opts_src_lladdr) {
812 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
815 "NS: invalid link-layer address length\n");
820 * If the IP source address is the unspecified address,
821 * there MUST NOT be source link-layer address option
826 "NS: bad DAD packet (link-layer address option)\n");
830 if (ndopts.nd_opts_nonce && ndopts.nd_opts_nonce->nd_opt_len == 1)
831 memcpy(&nonce, (u8 *)(ndopts.nd_opts_nonce + 1), 6);
833 inc = ipv6_addr_is_multicast(daddr);
835 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
838 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
840 if (nonce != 0 && ifp->dad_nonce == nonce) {
841 u8 *np = (u8 *)&nonce;
842 /* Matching nonce if looped back */
844 "%s: IPv6 DAD loopback for address %pI6c nonce %pM ignored\n",
845 ifp->idev->dev->name,
850 * We are colliding with another node
852 * so fail our DAD process
854 addrconf_dad_failure(skb, ifp);
858 * This is not a dad solicitation.
859 * If we are an optimistic node,
861 * Otherwise, we should ignore it.
863 if (!(ifp->flags & IFA_F_OPTIMISTIC))
870 struct net *net = dev_net(dev);
872 /* perhaps an address on the master device */
873 if (netif_is_l3_slave(dev)) {
874 struct net_device *mdev;
876 mdev = netdev_master_upper_dev_get_rcu(dev);
878 ifp = ipv6_get_ifaddr(net, &msg->target, mdev, 1);
884 idev = in6_dev_get(dev);
886 /* XXX: count this drop? */
890 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
891 (idev->cnf.forwarding &&
892 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
893 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
894 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
895 skb->pkt_type != PACKET_HOST &&
897 NEIGH_VAR(idev->nd_parms, PROXY_DELAY) != 0) {
899 * for anycast or proxy,
900 * sender should delay its response
901 * by a random time between 0 and
902 * MAX_ANYCAST_DELAY_TIME seconds.
903 * (RFC2461) -- yoshfuji
905 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
907 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
915 is_router = idev->cnf.forwarding;
918 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &msg->target,
919 !!is_router, false, (ifp != NULL), true);
924 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
926 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
929 * update / create cache entry
930 * for the source address
932 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
933 !inc || lladdr || !dev->addr_len);
935 ndisc_update(dev, neigh, lladdr, NUD_STALE,
936 NEIGH_UPDATE_F_WEAK_OVERRIDE|
937 NEIGH_UPDATE_F_OVERRIDE,
938 NDISC_NEIGHBOUR_SOLICITATION, &ndopts);
939 if (neigh || !dev->header_ops) {
940 ndisc_send_na(dev, saddr, &msg->target, !!is_router,
941 true, (ifp != NULL && inc), inc);
943 neigh_release(neigh);
953 static void ndisc_recv_na(struct sk_buff *skb)
955 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
956 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
957 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
959 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
960 offsetof(struct nd_msg, opt));
961 struct ndisc_options ndopts;
962 struct net_device *dev = skb->dev;
963 struct inet6_dev *idev = __in6_dev_get(dev);
964 struct inet6_ifaddr *ifp;
965 struct neighbour *neigh;
967 if (skb->len < sizeof(struct nd_msg)) {
968 ND_PRINTK(2, warn, "NA: packet too short\n");
972 if (ipv6_addr_is_multicast(&msg->target)) {
973 ND_PRINTK(2, warn, "NA: target address is multicast\n");
977 if (ipv6_addr_is_multicast(daddr) &&
978 msg->icmph.icmp6_solicited) {
979 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
983 /* For some 802.11 wireless deployments (and possibly other networks),
984 * there will be a NA proxy and unsolicitd packets are attacks
985 * and thus should not be accepted.
987 if (!msg->icmph.icmp6_solicited && idev &&
988 idev->cnf.drop_unsolicited_na)
991 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
992 ND_PRINTK(2, warn, "NS: invalid ND option\n");
995 if (ndopts.nd_opts_tgt_lladdr) {
996 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
999 "NA: invalid link-layer address length\n");
1003 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
1005 if (skb->pkt_type != PACKET_LOOPBACK
1006 && (ifp->flags & IFA_F_TENTATIVE)) {
1007 addrconf_dad_failure(skb, ifp);
1010 /* What should we make now? The advertisement
1011 is invalid, but ndisc specs say nothing
1012 about it. It could be misconfiguration, or
1013 an smart proxy agent tries to help us :-)
1015 We should not print the error if NA has been
1016 received from loopback - it is just our own
1017 unsolicited advertisement.
1019 if (skb->pkt_type != PACKET_LOOPBACK)
1021 "NA: %pM advertised our address %pI6c on %s!\n",
1022 eth_hdr(skb)->h_source, &ifp->addr, ifp->idev->dev->name);
1026 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
1029 u8 old_flags = neigh->flags;
1030 struct net *net = dev_net(dev);
1032 if (neigh->nud_state & NUD_FAILED)
1036 * Don't update the neighbor cache entry on a proxy NA from
1037 * ourselves because either the proxied node is off link or it
1038 * has already sent a NA to us.
1040 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
1041 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
1042 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
1043 /* XXX: idev->cnf.proxy_ndp */
1047 ndisc_update(dev, neigh, lladdr,
1048 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
1049 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1050 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
1051 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1052 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0),
1053 NDISC_NEIGHBOUR_ADVERTISEMENT, &ndopts);
1055 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
1057 * Change: router to host
1059 rt6_clean_tohost(dev_net(dev), saddr);
1063 neigh_release(neigh);
1067 static void ndisc_recv_rs(struct sk_buff *skb)
1069 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
1070 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
1071 struct neighbour *neigh;
1072 struct inet6_dev *idev;
1073 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
1074 struct ndisc_options ndopts;
1077 if (skb->len < sizeof(*rs_msg))
1080 idev = __in6_dev_get(skb->dev);
1082 ND_PRINTK(1, err, "RS: can't find in6 device\n");
1086 /* Don't accept RS if we're not in router mode */
1087 if (!idev->cnf.forwarding)
1091 * Don't update NCE if src = ::;
1092 * this implies that the source node has no ip address assigned yet.
1094 if (ipv6_addr_any(saddr))
1097 /* Parse ND options */
1098 if (!ndisc_parse_options(skb->dev, rs_msg->opt, ndoptlen, &ndopts)) {
1099 ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n");
1103 if (ndopts.nd_opts_src_lladdr) {
1104 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1110 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1112 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1113 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1114 NEIGH_UPDATE_F_OVERRIDE|
1115 NEIGH_UPDATE_F_OVERRIDE_ISROUTER,
1116 NDISC_ROUTER_SOLICITATION, &ndopts);
1117 neigh_release(neigh);
1123 static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1125 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1126 struct sk_buff *skb;
1127 struct nlmsghdr *nlh;
1128 struct nduseroptmsg *ndmsg;
1129 struct net *net = dev_net(ra->dev);
1131 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1132 + (opt->nd_opt_len << 3));
1133 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1135 skb = nlmsg_new(msg_size, GFP_ATOMIC);
1141 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1143 goto nla_put_failure;
1146 ndmsg = nlmsg_data(nlh);
1147 ndmsg->nduseropt_family = AF_INET6;
1148 ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1149 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1150 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1151 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1153 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1155 if (nla_put_in6_addr(skb, NDUSEROPT_SRCADDR, &ipv6_hdr(ra)->saddr))
1156 goto nla_put_failure;
1157 nlmsg_end(skb, nlh);
1159 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1166 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1169 static void ndisc_router_discovery(struct sk_buff *skb)
1171 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1172 struct neighbour *neigh = NULL;
1173 struct inet6_dev *in6_dev;
1174 struct fib6_info *rt = NULL;
1177 struct ndisc_options ndopts;
1179 unsigned int pref = 0;
1181 bool send_ifinfo_notify = false;
1183 __u8 *opt = (__u8 *)(ra_msg + 1);
1185 optlen = (skb_tail_pointer(skb) - skb_transport_header(skb)) -
1186 sizeof(struct ra_msg);
1189 "RA: %s, dev: %s\n",
1190 __func__, skb->dev->name);
1191 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1192 ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1196 ND_PRINTK(2, warn, "RA: packet too short\n");
1200 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1201 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1202 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
1208 * set the RA_RECV flag in the interface
1211 in6_dev = __in6_dev_get(skb->dev);
1213 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1218 if (!ndisc_parse_options(skb->dev, opt, optlen, &ndopts)) {
1219 ND_PRINTK(2, warn, "RA: invalid ND options\n");
1223 if (!ipv6_accept_ra(in6_dev)) {
1225 "RA: %s, did not accept ra for dev: %s\n",
1226 __func__, skb->dev->name);
1227 goto skip_linkparms;
1230 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1231 /* skip link-specific parameters from interior routers */
1232 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1234 "RA: %s, nodetype is NODEFAULT, dev: %s\n",
1235 __func__, skb->dev->name);
1236 goto skip_linkparms;
1240 if (in6_dev->if_flags & IF_RS_SENT) {
1242 * flag that an RA was received after an RS was sent
1243 * out on this interface.
1245 in6_dev->if_flags |= IF_RA_RCVD;
1249 * Remember the managed/otherconf flags from most recently
1250 * received RA message (RFC 2462) -- yoshfuji
1252 old_if_flags = in6_dev->if_flags;
1253 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1255 (ra_msg->icmph.icmp6_addrconf_managed ?
1256 IF_RA_MANAGED : 0) |
1257 (ra_msg->icmph.icmp6_addrconf_other ?
1258 IF_RA_OTHERCONF : 0);
1260 if (old_if_flags != in6_dev->if_flags)
1261 send_ifinfo_notify = true;
1263 if (!in6_dev->cnf.accept_ra_defrtr) {
1265 "RA: %s, defrtr is false for dev: %s\n",
1266 __func__, skb->dev->name);
1270 /* Do not accept RA with source-addr found on local machine unless
1271 * accept_ra_from_local is set to true.
1273 net = dev_net(in6_dev->dev);
1274 if (!in6_dev->cnf.accept_ra_from_local &&
1275 ipv6_chk_addr(net, &ipv6_hdr(skb)->saddr, in6_dev->dev, 0)) {
1277 "RA from local address detected on dev: %s: default router ignored\n",
1282 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1284 #ifdef CONFIG_IPV6_ROUTER_PREF
1285 pref = ra_msg->icmph.icmp6_router_pref;
1286 /* 10b is handled as if it were 00b (medium) */
1287 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1288 !in6_dev->cnf.accept_ra_rtr_pref)
1289 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1291 /* routes added from RAs do not use nexthop objects */
1292 rt = rt6_get_dflt_router(net, &ipv6_hdr(skb)->saddr, skb->dev);
1294 neigh = ip6_neigh_lookup(&rt->fib6_nh->fib_nh_gw6,
1295 rt->fib6_nh->fib_nh_dev, NULL,
1296 &ipv6_hdr(skb)->saddr);
1299 "RA: %s got default router without neighbour\n",
1301 fib6_info_release(rt);
1305 if (rt && lifetime == 0) {
1306 ip6_del_rt(net, rt);
1310 ND_PRINTK(3, info, "RA: rt: %p lifetime: %d, for dev: %s\n",
1311 rt, lifetime, skb->dev->name);
1312 if (!rt && lifetime) {
1313 ND_PRINTK(3, info, "RA: adding default router\n");
1315 rt = rt6_add_dflt_router(net, &ipv6_hdr(skb)->saddr,
1319 "RA: %s failed to add default route\n",
1324 neigh = ip6_neigh_lookup(&rt->fib6_nh->fib_nh_gw6,
1325 rt->fib6_nh->fib_nh_dev, NULL,
1326 &ipv6_hdr(skb)->saddr);
1329 "RA: %s got default router without neighbour\n",
1331 fib6_info_release(rt);
1334 neigh->flags |= NTF_ROUTER;
1336 rt->fib6_flags = (rt->fib6_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1340 fib6_set_expires(rt, jiffies + (HZ * lifetime));
1341 if (in6_dev->cnf.accept_ra_min_hop_limit < 256 &&
1342 ra_msg->icmph.icmp6_hop_limit) {
1343 if (in6_dev->cnf.accept_ra_min_hop_limit <= ra_msg->icmph.icmp6_hop_limit) {
1344 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1345 fib6_metric_set(rt, RTAX_HOPLIMIT,
1346 ra_msg->icmph.icmp6_hop_limit);
1348 ND_PRINTK(2, warn, "RA: Got route advertisement with lower hop_limit than minimum\n");
1355 * Update Reachable Time and Retrans Timer
1358 if (in6_dev->nd_parms) {
1359 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1361 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1362 rtime = (rtime*HZ)/1000;
1365 NEIGH_VAR_SET(in6_dev->nd_parms, RETRANS_TIME, rtime);
1366 in6_dev->tstamp = jiffies;
1367 send_ifinfo_notify = true;
1370 rtime = ntohl(ra_msg->reachable_time);
1371 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1372 rtime = (rtime*HZ)/1000;
1377 if (rtime != NEIGH_VAR(in6_dev->nd_parms, BASE_REACHABLE_TIME)) {
1378 NEIGH_VAR_SET(in6_dev->nd_parms,
1379 BASE_REACHABLE_TIME, rtime);
1380 NEIGH_VAR_SET(in6_dev->nd_parms,
1381 GC_STALETIME, 3 * rtime);
1382 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1383 in6_dev->tstamp = jiffies;
1384 send_ifinfo_notify = true;
1390 * Send a notify if RA changed managed/otherconf flags or timer settings
1392 if (send_ifinfo_notify)
1393 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1402 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1406 if (ndopts.nd_opts_src_lladdr) {
1407 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1411 "RA: invalid link-layer address length\n");
1415 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1416 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1417 NEIGH_UPDATE_F_OVERRIDE|
1418 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1419 NEIGH_UPDATE_F_ISROUTER,
1420 NDISC_ROUTER_ADVERTISEMENT, &ndopts);
1423 if (!ipv6_accept_ra(in6_dev)) {
1425 "RA: %s, accept_ra is false for dev: %s\n",
1426 __func__, skb->dev->name);
1430 #ifdef CONFIG_IPV6_ROUTE_INFO
1431 if (!in6_dev->cnf.accept_ra_from_local &&
1432 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
1435 "RA from local address detected on dev: %s: router info ignored.\n",
1437 goto skip_routeinfo;
1440 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1441 struct nd_opt_hdr *p;
1442 for (p = ndopts.nd_opts_ri;
1444 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1445 struct route_info *ri = (struct route_info *)p;
1446 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1447 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1448 ri->prefix_len == 0)
1451 if (ri->prefix_len == 0 &&
1452 !in6_dev->cnf.accept_ra_defrtr)
1454 if (ri->prefix_len < in6_dev->cnf.accept_ra_rt_info_min_plen)
1456 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1458 rt6_route_rcv(skb->dev, (u8 *)p, (p->nd_opt_len) << 3,
1459 &ipv6_hdr(skb)->saddr);
1466 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1467 /* skip link-specific ndopts from interior routers */
1468 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1470 "RA: %s, nodetype is NODEFAULT (interior routes), dev: %s\n",
1471 __func__, skb->dev->name);
1476 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1477 struct nd_opt_hdr *p;
1478 for (p = ndopts.nd_opts_pi;
1480 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1481 addrconf_prefix_rcv(skb->dev, (u8 *)p,
1482 (p->nd_opt_len) << 3,
1483 ndopts.nd_opts_src_lladdr != NULL);
1487 if (ndopts.nd_opts_mtu && in6_dev->cnf.accept_ra_mtu) {
1491 memcpy(&n, ((u8 *)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1494 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1495 ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1496 } else if (in6_dev->cnf.mtu6 != mtu) {
1497 in6_dev->cnf.mtu6 = mtu;
1498 fib6_metric_set(rt, RTAX_MTU, mtu);
1499 rt6_mtu_change(skb->dev, mtu);
1503 if (ndopts.nd_useropts) {
1504 struct nd_opt_hdr *p;
1505 for (p = ndopts.nd_useropts;
1507 p = ndisc_next_useropt(skb->dev, p,
1508 ndopts.nd_useropts_end)) {
1509 ndisc_ra_useropt(skb, p);
1513 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1514 ND_PRINTK(2, warn, "RA: invalid RA options\n");
1517 fib6_info_release(rt);
1519 neigh_release(neigh);
1522 static void ndisc_redirect_rcv(struct sk_buff *skb)
1525 struct ndisc_options ndopts;
1526 struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb);
1527 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
1528 offsetof(struct rd_msg, opt));
1530 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1531 switch (skb->ndisc_nodetype) {
1532 case NDISC_NODETYPE_HOST:
1533 case NDISC_NODETYPE_NODEFAULT:
1535 "Redirect: from host or unauthorized router\n");
1540 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1542 "Redirect: source address is not link-local\n");
1546 if (!ndisc_parse_options(skb->dev, msg->opt, ndoptlen, &ndopts))
1549 if (!ndopts.nd_opts_rh) {
1550 ip6_redirect_no_header(skb, dev_net(skb->dev),
1555 hdr = (u8 *)ndopts.nd_opts_rh;
1557 if (!pskb_pull(skb, hdr - skb_transport_header(skb)))
1560 icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1563 static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb,
1564 struct sk_buff *orig_skb,
1567 u8 *opt = skb_put(skb, rd_len);
1570 *(opt++) = ND_OPT_REDIRECT_HDR;
1571 *(opt++) = (rd_len >> 3);
1574 skb_copy_bits(orig_skb, skb_network_offset(orig_skb), opt,
1578 void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1580 struct net_device *dev = skb->dev;
1581 struct net *net = dev_net(dev);
1582 struct sock *sk = net->ipv6.ndisc_sk;
1584 struct inet_peer *peer;
1585 struct sk_buff *buff;
1587 struct in6_addr saddr_buf;
1588 struct rt6_info *rt;
1589 struct dst_entry *dst;
1592 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL,
1593 ops_data_buf[NDISC_OPS_REDIRECT_DATA_SPACE], *ops_data = NULL;
1596 if (netif_is_l3_master(skb->dev)) {
1597 dev = __dev_get_by_index(dev_net(skb->dev), IPCB(skb)->iif);
1602 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1603 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1608 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1609 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1611 "Redirect: target address is not link-local unicast\n");
1615 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1616 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1618 dst = ip6_route_output(net, NULL, &fl6);
1623 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1627 rt = (struct rt6_info *) dst;
1629 if (rt->rt6i_flags & RTF_GATEWAY) {
1631 "Redirect: destination is not a neighbour\n");
1634 peer = inet_getpeer_v6(net->ipv6.peers, &ipv6_hdr(skb)->saddr, 1);
1635 ret = inet_peer_xrlim_allow(peer, 1*HZ);
1641 if (dev->addr_len) {
1642 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1645 "Redirect: no neigh for target address\n");
1649 read_lock_bh(&neigh->lock);
1650 if (neigh->nud_state & NUD_VALID) {
1651 memcpy(ha_buf, neigh->ha, dev->addr_len);
1652 read_unlock_bh(&neigh->lock);
1654 optlen += ndisc_redirect_opt_addr_space(dev, neigh,
1658 read_unlock_bh(&neigh->lock);
1660 neigh_release(neigh);
1663 rd_len = min_t(unsigned int,
1664 IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen,
1669 buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
1673 msg = skb_put(buff, sizeof(*msg));
1674 *msg = (struct rd_msg) {
1676 .icmp6_type = NDISC_REDIRECT,
1679 .dest = ipv6_hdr(skb)->daddr,
1683 * include target_address option
1687 ndisc_fill_redirect_addr_option(buff, ha, ops_data);
1690 * build redirect option and copy skb over to the new packet.
1694 ndisc_fill_redirect_hdr_option(buff, skb, rd_len);
1696 skb_dst_set(buff, dst);
1697 ndisc_send_skb(buff, &ipv6_hdr(skb)->saddr, &saddr_buf);
1704 static void pndisc_redo(struct sk_buff *skb)
1710 static int ndisc_is_multicast(const void *pkey)
1712 return ipv6_addr_is_multicast((struct in6_addr *)pkey);
1715 static bool ndisc_suppress_frag_ndisc(struct sk_buff *skb)
1717 struct inet6_dev *idev = __in6_dev_get(skb->dev);
1721 if (IP6CB(skb)->flags & IP6SKB_FRAGMENTED &&
1722 idev->cnf.suppress_frag_ndisc) {
1723 net_warn_ratelimited("Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.\n");
1729 int ndisc_rcv(struct sk_buff *skb)
1733 if (ndisc_suppress_frag_ndisc(skb))
1736 if (skb_linearize(skb))
1739 msg = (struct nd_msg *)skb_transport_header(skb);
1741 __skb_push(skb, skb->data - skb_transport_header(skb));
1743 if (ipv6_hdr(skb)->hop_limit != 255) {
1744 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1745 ipv6_hdr(skb)->hop_limit);
1749 if (msg->icmph.icmp6_code != 0) {
1750 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1751 msg->icmph.icmp6_code);
1755 switch (msg->icmph.icmp6_type) {
1756 case NDISC_NEIGHBOUR_SOLICITATION:
1757 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1761 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1765 case NDISC_ROUTER_SOLICITATION:
1769 case NDISC_ROUTER_ADVERTISEMENT:
1770 ndisc_router_discovery(skb);
1773 case NDISC_REDIRECT:
1774 ndisc_redirect_rcv(skb);
1781 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1783 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1784 struct netdev_notifier_change_info *change_info;
1785 struct net *net = dev_net(dev);
1786 struct inet6_dev *idev;
1789 case NETDEV_CHANGEADDR:
1790 neigh_changeaddr(&nd_tbl, dev);
1791 fib6_run_gc(0, net, false);
1794 idev = in6_dev_get(dev);
1797 if (idev->cnf.ndisc_notify ||
1798 net->ipv6.devconf_all->ndisc_notify)
1799 ndisc_send_unsol_na(dev);
1804 if (change_info->flags_changed & IFF_NOARP)
1805 neigh_changeaddr(&nd_tbl, dev);
1806 if (!netif_carrier_ok(dev))
1807 neigh_carrier_down(&nd_tbl, dev);
1810 neigh_ifdown(&nd_tbl, dev);
1811 fib6_run_gc(0, net, false);
1813 case NETDEV_NOTIFY_PEERS:
1814 ndisc_send_unsol_na(dev);
1823 static struct notifier_block ndisc_netdev_notifier = {
1824 .notifier_call = ndisc_netdev_event,
1825 .priority = ADDRCONF_NOTIFY_PRIORITY - 5,
1828 #ifdef CONFIG_SYSCTL
1829 static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1830 const char *func, const char *dev_name)
1832 static char warncomm[TASK_COMM_LEN];
1834 if (strcmp(warncomm, current->comm) && warned < 5) {
1835 strcpy(warncomm, current->comm);
1836 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1838 dev_name, ctl->procname,
1839 dev_name, ctl->procname);
1844 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
1846 struct net_device *dev = ctl->extra1;
1847 struct inet6_dev *idev;
1850 if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1851 (strcmp(ctl->procname, "base_reachable_time") == 0))
1852 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1854 if (strcmp(ctl->procname, "retrans_time") == 0)
1855 ret = neigh_proc_dointvec(ctl, write, buffer, lenp, ppos);
1857 else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1858 ret = neigh_proc_dointvec_jiffies(ctl, write,
1859 buffer, lenp, ppos);
1861 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1862 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1863 ret = neigh_proc_dointvec_ms_jiffies(ctl, write,
1864 buffer, lenp, ppos);
1868 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1869 if (ctl->data == &NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME))
1870 idev->nd_parms->reachable_time =
1871 neigh_rand_reach_time(NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME));
1872 idev->tstamp = jiffies;
1873 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1882 static int __net_init ndisc_net_init(struct net *net)
1884 struct ipv6_pinfo *np;
1888 err = inet_ctl_sock_create(&sk, PF_INET6,
1889 SOCK_RAW, IPPROTO_ICMPV6, net);
1892 "NDISC: Failed to initialize the control socket (err %d)\n",
1897 net->ipv6.ndisc_sk = sk;
1900 np->hop_limit = 255;
1901 /* Do not loopback ndisc messages */
1907 static void __net_exit ndisc_net_exit(struct net *net)
1909 inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1912 static struct pernet_operations ndisc_net_ops = {
1913 .init = ndisc_net_init,
1914 .exit = ndisc_net_exit,
1917 int __init ndisc_init(void)
1921 err = register_pernet_subsys(&ndisc_net_ops);
1925 * Initialize the neighbour table
1927 neigh_table_init(NEIGH_ND_TABLE, &nd_tbl);
1929 #ifdef CONFIG_SYSCTL
1930 err = neigh_sysctl_register(NULL, &nd_tbl.parms,
1931 ndisc_ifinfo_sysctl_change);
1933 goto out_unregister_pernet;
1938 #ifdef CONFIG_SYSCTL
1939 out_unregister_pernet:
1940 unregister_pernet_subsys(&ndisc_net_ops);
1945 int __init ndisc_late_init(void)
1947 return register_netdevice_notifier(&ndisc_netdev_notifier);
1950 void ndisc_late_cleanup(void)
1952 unregister_netdevice_notifier(&ndisc_netdev_notifier);
1955 void ndisc_cleanup(void)
1957 #ifdef CONFIG_SYSCTL
1958 neigh_sysctl_unregister(&nd_tbl.parms);
1960 neigh_table_clear(NEIGH_ND_TABLE, &nd_tbl);
1961 unregister_pernet_subsys(&ndisc_net_ops);