1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * Neighbour Discovery for IPv6
4 * Linux INET6 implementation
7 * Pedro Roque <roque@di.fc.ul.pt>
8 * Mike Shaver <shaver@ingenia.com>
14 * Alexey I. Froloff : RFC6106 (DNSSL) support
15 * Pierre Ynard : export userland ND options
16 * through netlink (RDNSS support)
17 * Lars Fenneberg : fixed MTU setting on receipt
19 * Janos Farkas : kmalloc failure checks
20 * Alexey Kuznetsov : state machine reworked
21 * and moved to net/core.
22 * Pekka Savola : RFC2461 validation
23 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly
26 #define pr_fmt(fmt) "ICMPv6: " fmt
28 #include <linux/module.h>
29 #include <linux/errno.h>
30 #include <linux/types.h>
31 #include <linux/socket.h>
32 #include <linux/sockios.h>
33 #include <linux/sched.h>
34 #include <linux/net.h>
35 #include <linux/in6.h>
36 #include <linux/route.h>
37 #include <linux/init.h>
38 #include <linux/rcupdate.h>
39 #include <linux/slab.h>
41 #include <linux/sysctl.h>
44 #include <linux/if_addr.h>
45 #include <linux/if_ether.h>
46 #include <linux/if_arp.h>
47 #include <linux/ipv6.h>
48 #include <linux/icmpv6.h>
49 #include <linux/jhash.h>
55 #include <net/protocol.h>
56 #include <net/ndisc.h>
57 #include <net/ip6_route.h>
58 #include <net/addrconf.h>
61 #include <net/netlink.h>
62 #include <linux/rtnetlink.h>
65 #include <net/ip6_checksum.h>
66 #include <net/inet_common.h>
67 #include <linux/proc_fs.h>
69 #include <linux/netfilter.h>
70 #include <linux/netfilter_ipv6.h>
72 static u32 ndisc_hash(const void *pkey,
73 const struct net_device *dev,
75 static bool ndisc_key_eq(const struct neighbour *neigh, const void *pkey);
76 static bool ndisc_allow_add(const struct net_device *dev,
77 struct netlink_ext_ack *extack);
78 static int ndisc_constructor(struct neighbour *neigh);
79 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
80 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
81 static int pndisc_constructor(struct pneigh_entry *n);
82 static void pndisc_destructor(struct pneigh_entry *n);
83 static void pndisc_redo(struct sk_buff *skb);
84 static int ndisc_is_multicast(const void *pkey);
86 static const struct neigh_ops ndisc_generic_ops = {
88 .solicit = ndisc_solicit,
89 .error_report = ndisc_error_report,
90 .output = neigh_resolve_output,
91 .connected_output = neigh_connected_output,
94 static const struct neigh_ops ndisc_hh_ops = {
96 .solicit = ndisc_solicit,
97 .error_report = ndisc_error_report,
98 .output = neigh_resolve_output,
99 .connected_output = neigh_resolve_output,
103 static const struct neigh_ops ndisc_direct_ops = {
105 .output = neigh_direct_output,
106 .connected_output = neigh_direct_output,
109 struct neigh_table nd_tbl = {
111 .key_len = sizeof(struct in6_addr),
112 .protocol = cpu_to_be16(ETH_P_IPV6),
114 .key_eq = ndisc_key_eq,
115 .constructor = ndisc_constructor,
116 .pconstructor = pndisc_constructor,
117 .pdestructor = pndisc_destructor,
118 .proxy_redo = pndisc_redo,
119 .is_multicast = ndisc_is_multicast,
120 .allow_add = ndisc_allow_add,
124 .reachable_time = ND_REACHABLE_TIME,
126 [NEIGH_VAR_MCAST_PROBES] = 3,
127 [NEIGH_VAR_UCAST_PROBES] = 3,
128 [NEIGH_VAR_RETRANS_TIME] = ND_RETRANS_TIMER,
129 [NEIGH_VAR_BASE_REACHABLE_TIME] = ND_REACHABLE_TIME,
130 [NEIGH_VAR_DELAY_PROBE_TIME] = 5 * HZ,
131 [NEIGH_VAR_GC_STALETIME] = 60 * HZ,
132 [NEIGH_VAR_QUEUE_LEN_BYTES] = SK_WMEM_MAX,
133 [NEIGH_VAR_PROXY_QLEN] = 64,
134 [NEIGH_VAR_ANYCAST_DELAY] = 1 * HZ,
135 [NEIGH_VAR_PROXY_DELAY] = (8 * HZ) / 10,
138 .gc_interval = 30 * HZ,
143 EXPORT_SYMBOL_GPL(nd_tbl);
145 void __ndisc_fill_addr_option(struct sk_buff *skb, int type, void *data,
146 int data_len, int pad)
148 int space = __ndisc_opt_addr_space(data_len, pad);
149 u8 *opt = skb_put(skb, space);
154 memset(opt + 2, 0, pad);
158 memcpy(opt+2, data, data_len);
163 memset(opt, 0, space);
165 EXPORT_SYMBOL_GPL(__ndisc_fill_addr_option);
167 static inline void ndisc_fill_addr_option(struct sk_buff *skb, int type,
168 void *data, u8 icmp6_type)
170 __ndisc_fill_addr_option(skb, type, data, skb->dev->addr_len,
171 ndisc_addr_option_pad(skb->dev->type));
172 ndisc_ops_fill_addr_option(skb->dev, skb, icmp6_type);
175 static inline void ndisc_fill_redirect_addr_option(struct sk_buff *skb,
179 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR, ha, NDISC_REDIRECT);
180 ndisc_ops_fill_redirect_addr_option(skb->dev, skb, ops_data);
183 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
184 struct nd_opt_hdr *end)
187 if (!cur || !end || cur >= end)
189 type = cur->nd_opt_type;
191 cur = ((void *)cur) + (cur->nd_opt_len << 3);
192 } while (cur < end && cur->nd_opt_type != type);
193 return cur <= end && cur->nd_opt_type == type ? cur : NULL;
196 static inline int ndisc_is_useropt(const struct net_device *dev,
197 struct nd_opt_hdr *opt)
199 return opt->nd_opt_type == ND_OPT_PREFIX_INFO ||
200 opt->nd_opt_type == ND_OPT_RDNSS ||
201 opt->nd_opt_type == ND_OPT_DNSSL ||
202 opt->nd_opt_type == ND_OPT_CAPTIVE_PORTAL ||
203 opt->nd_opt_type == ND_OPT_PREF64 ||
204 ndisc_ops_is_useropt(dev, opt->nd_opt_type);
207 static struct nd_opt_hdr *ndisc_next_useropt(const struct net_device *dev,
208 struct nd_opt_hdr *cur,
209 struct nd_opt_hdr *end)
211 if (!cur || !end || cur >= end)
214 cur = ((void *)cur) + (cur->nd_opt_len << 3);
215 } while (cur < end && !ndisc_is_useropt(dev, cur));
216 return cur <= end && ndisc_is_useropt(dev, cur) ? cur : NULL;
219 struct ndisc_options *ndisc_parse_options(const struct net_device *dev,
220 u8 *opt, int opt_len,
221 struct ndisc_options *ndopts)
223 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
225 if (!nd_opt || opt_len < 0 || !ndopts)
227 memset(ndopts, 0, sizeof(*ndopts));
230 if (opt_len < sizeof(struct nd_opt_hdr))
232 l = nd_opt->nd_opt_len << 3;
233 if (opt_len < l || l == 0)
235 if (ndisc_ops_parse_options(dev, nd_opt, ndopts))
237 switch (nd_opt->nd_opt_type) {
238 case ND_OPT_SOURCE_LL_ADDR:
239 case ND_OPT_TARGET_LL_ADDR:
242 case ND_OPT_REDIRECT_HDR:
243 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
245 "%s: duplicated ND6 option found: type=%d\n",
246 __func__, nd_opt->nd_opt_type);
248 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
251 case ND_OPT_PREFIX_INFO:
252 ndopts->nd_opts_pi_end = nd_opt;
253 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
254 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
256 #ifdef CONFIG_IPV6_ROUTE_INFO
257 case ND_OPT_ROUTE_INFO:
258 ndopts->nd_opts_ri_end = nd_opt;
259 if (!ndopts->nd_opts_ri)
260 ndopts->nd_opts_ri = nd_opt;
264 if (ndisc_is_useropt(dev, nd_opt)) {
265 ndopts->nd_useropts_end = nd_opt;
266 if (!ndopts->nd_useropts)
267 ndopts->nd_useropts = nd_opt;
270 * Unknown options must be silently ignored,
271 * to accommodate future extension to the
275 "%s: ignored unsupported option; type=%d, len=%d\n",
283 nd_opt = ((void *)nd_opt) + l;
288 int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
292 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */
294 ipv6_eth_mc_map(addr, buf);
297 ipv6_arcnet_mc_map(addr, buf);
299 case ARPHRD_INFINIBAND:
300 ipv6_ib_mc_map(addr, dev->broadcast, buf);
303 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
306 memcpy(buf, dev->broadcast, dev->addr_len);
312 EXPORT_SYMBOL(ndisc_mc_map);
314 static u32 ndisc_hash(const void *pkey,
315 const struct net_device *dev,
318 return ndisc_hashfn(pkey, dev, hash_rnd);
321 static bool ndisc_key_eq(const struct neighbour *n, const void *pkey)
323 return neigh_key_eq128(n, pkey);
326 static int ndisc_constructor(struct neighbour *neigh)
328 struct in6_addr *addr = (struct in6_addr *)&neigh->primary_key;
329 struct net_device *dev = neigh->dev;
330 struct inet6_dev *in6_dev;
331 struct neigh_parms *parms;
332 bool is_multicast = ipv6_addr_is_multicast(addr);
334 in6_dev = in6_dev_get(dev);
339 parms = in6_dev->nd_parms;
340 __neigh_parms_put(neigh->parms);
341 neigh->parms = neigh_parms_clone(parms);
343 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
344 if (!dev->header_ops) {
345 neigh->nud_state = NUD_NOARP;
346 neigh->ops = &ndisc_direct_ops;
347 neigh->output = neigh_direct_output;
350 neigh->nud_state = NUD_NOARP;
351 ndisc_mc_map(addr, neigh->ha, dev, 1);
352 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
353 neigh->nud_state = NUD_NOARP;
354 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
355 if (dev->flags&IFF_LOOPBACK)
356 neigh->type = RTN_LOCAL;
357 } else if (dev->flags&IFF_POINTOPOINT) {
358 neigh->nud_state = NUD_NOARP;
359 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
361 if (dev->header_ops->cache)
362 neigh->ops = &ndisc_hh_ops;
364 neigh->ops = &ndisc_generic_ops;
365 if (neigh->nud_state&NUD_VALID)
366 neigh->output = neigh->ops->connected_output;
368 neigh->output = neigh->ops->output;
370 in6_dev_put(in6_dev);
374 static int pndisc_constructor(struct pneigh_entry *n)
376 struct in6_addr *addr = (struct in6_addr *)&n->key;
377 struct in6_addr maddr;
378 struct net_device *dev = n->dev;
380 if (!dev || !__in6_dev_get(dev))
382 addrconf_addr_solict_mult(addr, &maddr);
383 ipv6_dev_mc_inc(dev, &maddr);
387 static void pndisc_destructor(struct pneigh_entry *n)
389 struct in6_addr *addr = (struct in6_addr *)&n->key;
390 struct in6_addr maddr;
391 struct net_device *dev = n->dev;
393 if (!dev || !__in6_dev_get(dev))
395 addrconf_addr_solict_mult(addr, &maddr);
396 ipv6_dev_mc_dec(dev, &maddr);
399 /* called with rtnl held */
400 static bool ndisc_allow_add(const struct net_device *dev,
401 struct netlink_ext_ack *extack)
403 struct inet6_dev *idev = __in6_dev_get(dev);
405 if (!idev || idev->cnf.disable_ipv6) {
406 NL_SET_ERR_MSG(extack, "IPv6 is disabled on this device");
413 static struct sk_buff *ndisc_alloc_skb(struct net_device *dev,
416 int hlen = LL_RESERVED_SPACE(dev);
417 int tlen = dev->needed_tailroom;
418 struct sock *sk = dev_net(dev)->ipv6.ndisc_sk;
421 skb = alloc_skb(hlen + sizeof(struct ipv6hdr) + len + tlen, GFP_ATOMIC);
423 ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb\n",
428 skb->protocol = htons(ETH_P_IPV6);
431 skb_reserve(skb, hlen + sizeof(struct ipv6hdr));
432 skb_reset_transport_header(skb);
434 /* Manually assign socket ownership as we avoid calling
435 * sock_alloc_send_pskb() to bypass wmem buffer limits
437 skb_set_owner_w(skb, sk);
442 static void ip6_nd_hdr(struct sk_buff *skb,
443 const struct in6_addr *saddr,
444 const struct in6_addr *daddr,
445 int hop_limit, int len)
448 struct inet6_dev *idev;
452 idev = __in6_dev_get(skb->dev);
453 tclass = idev ? idev->cnf.ndisc_tclass : 0;
456 skb_push(skb, sizeof(*hdr));
457 skb_reset_network_header(skb);
460 ip6_flow_hdr(hdr, tclass, 0);
462 hdr->payload_len = htons(len);
463 hdr->nexthdr = IPPROTO_ICMPV6;
464 hdr->hop_limit = hop_limit;
470 static void ndisc_send_skb(struct sk_buff *skb,
471 const struct in6_addr *daddr,
472 const struct in6_addr *saddr)
474 struct dst_entry *dst = skb_dst(skb);
475 struct net *net = dev_net(skb->dev);
476 struct sock *sk = net->ipv6.ndisc_sk;
477 struct inet6_dev *idev;
479 struct icmp6hdr *icmp6h = icmp6_hdr(skb);
482 type = icmp6h->icmp6_type;
486 int oif = skb->dev->ifindex;
488 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, oif);
489 dst = icmp6_dst_alloc(skb->dev, &fl6);
495 skb_dst_set(skb, dst);
498 icmp6h->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len,
503 ip6_nd_hdr(skb, saddr, daddr, inet6_sk(sk)->hop_limit, skb->len);
506 idev = __in6_dev_get(dst->dev);
507 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
509 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT,
510 net, sk, skb, NULL, dst->dev,
513 ICMP6MSGOUT_INC_STATS(net, idev, type);
514 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
520 void ndisc_send_na(struct net_device *dev, const struct in6_addr *daddr,
521 const struct in6_addr *solicited_addr,
522 bool router, bool solicited, bool override, bool inc_opt)
525 struct in6_addr tmpaddr;
526 struct inet6_ifaddr *ifp;
527 const struct in6_addr *src_addr;
531 /* for anycast or proxy, solicited_addr != src_addr */
532 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
534 src_addr = solicited_addr;
535 if (ifp->flags & IFA_F_OPTIMISTIC)
537 inc_opt |= ifp->idev->cnf.force_tllao;
540 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
541 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
550 optlen += ndisc_opt_addr_space(dev,
551 NDISC_NEIGHBOUR_ADVERTISEMENT);
553 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
557 msg = skb_put(skb, sizeof(*msg));
558 *msg = (struct nd_msg) {
560 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
561 .icmp6_router = router,
562 .icmp6_solicited = solicited,
563 .icmp6_override = override,
565 .target = *solicited_addr,
569 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR,
571 NDISC_NEIGHBOUR_ADVERTISEMENT);
573 ndisc_send_skb(skb, daddr, src_addr);
576 static void ndisc_send_unsol_na(struct net_device *dev)
578 struct inet6_dev *idev;
579 struct inet6_ifaddr *ifa;
581 idev = in6_dev_get(dev);
585 read_lock_bh(&idev->lock);
586 list_for_each_entry(ifa, &idev->addr_list, if_list) {
587 /* skip tentative addresses until dad completes */
588 if (ifa->flags & IFA_F_TENTATIVE &&
589 !(ifa->flags & IFA_F_OPTIMISTIC))
592 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &ifa->addr,
593 /*router=*/ !!idev->cnf.forwarding,
594 /*solicited=*/ false, /*override=*/ true,
597 read_unlock_bh(&idev->lock);
602 void ndisc_send_ns(struct net_device *dev, const struct in6_addr *solicit,
603 const struct in6_addr *daddr, const struct in6_addr *saddr,
607 struct in6_addr addr_buf;
608 int inc_opt = dev->addr_len;
613 if (ipv6_get_lladdr(dev, &addr_buf,
614 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
619 if (ipv6_addr_any(saddr))
622 optlen += ndisc_opt_addr_space(dev,
623 NDISC_NEIGHBOUR_SOLICITATION);
627 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
631 msg = skb_put(skb, sizeof(*msg));
632 *msg = (struct nd_msg) {
634 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
640 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
642 NDISC_NEIGHBOUR_SOLICITATION);
644 u8 *opt = skb_put(skb, 8);
646 opt[0] = ND_OPT_NONCE;
648 memcpy(opt + 2, &nonce, 6);
651 ndisc_send_skb(skb, daddr, saddr);
654 void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
655 const struct in6_addr *daddr)
659 int send_sllao = dev->addr_len;
662 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
664 * According to section 2.2 of RFC 4429, we must not
665 * send router solicitations with a sllao from
666 * optimistic addresses, but we may send the solicitation
667 * if we don't include the sllao. So here we check
668 * if our address is optimistic, and if so, we
669 * suppress the inclusion of the sllao.
672 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
675 if (ifp->flags & IFA_F_OPTIMISTIC) {
685 optlen += ndisc_opt_addr_space(dev, NDISC_ROUTER_SOLICITATION);
687 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
691 msg = skb_put(skb, sizeof(*msg));
692 *msg = (struct rs_msg) {
694 .icmp6_type = NDISC_ROUTER_SOLICITATION,
699 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
701 NDISC_ROUTER_SOLICITATION);
703 ndisc_send_skb(skb, daddr, saddr);
707 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
710 * "The sender MUST return an ICMP
711 * destination unreachable"
713 dst_link_failure(skb);
717 /* Called with locked neigh: either read or both */
719 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
721 struct in6_addr *saddr = NULL;
722 struct in6_addr mcaddr;
723 struct net_device *dev = neigh->dev;
724 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
725 int probes = atomic_read(&neigh->probes);
727 if (skb && ipv6_chk_addr_and_flags(dev_net(dev), &ipv6_hdr(skb)->saddr,
729 IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))
730 saddr = &ipv6_hdr(skb)->saddr;
731 probes -= NEIGH_VAR(neigh->parms, UCAST_PROBES);
733 if (!(neigh->nud_state & NUD_VALID)) {
735 "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
738 ndisc_send_ns(dev, target, target, saddr, 0);
739 } else if ((probes -= NEIGH_VAR(neigh->parms, APP_PROBES)) < 0) {
742 addrconf_addr_solict_mult(target, &mcaddr);
743 ndisc_send_ns(dev, target, &mcaddr, saddr, 0);
747 static int pndisc_is_router(const void *pkey,
748 struct net_device *dev)
750 struct pneigh_entry *n;
753 read_lock_bh(&nd_tbl.lock);
754 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
756 ret = !!(n->flags & NTF_ROUTER);
757 read_unlock_bh(&nd_tbl.lock);
762 void ndisc_update(const struct net_device *dev, struct neighbour *neigh,
763 const u8 *lladdr, u8 new, u32 flags, u8 icmp6_type,
764 struct ndisc_options *ndopts)
766 neigh_update(neigh, lladdr, new, flags, 0);
767 /* report ndisc ops about neighbour update */
768 ndisc_ops_update(dev, neigh, flags, icmp6_type, ndopts);
771 static void ndisc_recv_ns(struct sk_buff *skb)
773 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
774 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
775 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
777 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
778 offsetof(struct nd_msg, opt));
779 struct ndisc_options ndopts;
780 struct net_device *dev = skb->dev;
781 struct inet6_ifaddr *ifp;
782 struct inet6_dev *idev = NULL;
783 struct neighbour *neigh;
784 int dad = ipv6_addr_any(saddr);
789 if (skb->len < sizeof(struct nd_msg)) {
790 ND_PRINTK(2, warn, "NS: packet too short\n");
794 if (ipv6_addr_is_multicast(&msg->target)) {
795 ND_PRINTK(2, warn, "NS: multicast target address\n");
801 * DAD has to be destined for solicited node multicast address.
803 if (dad && !ipv6_addr_is_solict_mult(daddr)) {
804 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
808 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
809 ND_PRINTK(2, warn, "NS: invalid ND options\n");
813 if (ndopts.nd_opts_src_lladdr) {
814 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
817 "NS: invalid link-layer address length\n");
822 * If the IP source address is the unspecified address,
823 * there MUST NOT be source link-layer address option
828 "NS: bad DAD packet (link-layer address option)\n");
832 if (ndopts.nd_opts_nonce && ndopts.nd_opts_nonce->nd_opt_len == 1)
833 memcpy(&nonce, (u8 *)(ndopts.nd_opts_nonce + 1), 6);
835 inc = ipv6_addr_is_multicast(daddr);
837 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
840 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
842 if (nonce != 0 && ifp->dad_nonce == nonce) {
843 u8 *np = (u8 *)&nonce;
844 /* Matching nonce if looped back */
846 "%s: IPv6 DAD loopback for address %pI6c nonce %pM ignored\n",
847 ifp->idev->dev->name,
852 * We are colliding with another node
854 * so fail our DAD process
856 addrconf_dad_failure(skb, ifp);
860 * This is not a dad solicitation.
861 * If we are an optimistic node,
863 * Otherwise, we should ignore it.
865 if (!(ifp->flags & IFA_F_OPTIMISTIC))
872 struct net *net = dev_net(dev);
874 /* perhaps an address on the master device */
875 if (netif_is_l3_slave(dev)) {
876 struct net_device *mdev;
878 mdev = netdev_master_upper_dev_get_rcu(dev);
880 ifp = ipv6_get_ifaddr(net, &msg->target, mdev, 1);
886 idev = in6_dev_get(dev);
888 /* XXX: count this drop? */
892 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
893 (idev->cnf.forwarding &&
894 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
895 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
896 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
897 skb->pkt_type != PACKET_HOST &&
899 NEIGH_VAR(idev->nd_parms, PROXY_DELAY) != 0) {
901 * for anycast or proxy,
902 * sender should delay its response
903 * by a random time between 0 and
904 * MAX_ANYCAST_DELAY_TIME seconds.
905 * (RFC2461) -- yoshfuji
907 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
909 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
917 is_router = idev->cnf.forwarding;
920 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &msg->target,
921 !!is_router, false, (ifp != NULL), true);
926 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
928 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
931 * update / create cache entry
932 * for the source address
934 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
935 !inc || lladdr || !dev->addr_len);
937 ndisc_update(dev, neigh, lladdr, NUD_STALE,
938 NEIGH_UPDATE_F_WEAK_OVERRIDE|
939 NEIGH_UPDATE_F_OVERRIDE,
940 NDISC_NEIGHBOUR_SOLICITATION, &ndopts);
941 if (neigh || !dev->header_ops) {
942 ndisc_send_na(dev, saddr, &msg->target, !!is_router,
943 true, (ifp != NULL && inc), inc);
945 neigh_release(neigh);
955 static void ndisc_recv_na(struct sk_buff *skb)
957 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
958 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
959 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
961 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
962 offsetof(struct nd_msg, opt));
963 struct ndisc_options ndopts;
964 struct net_device *dev = skb->dev;
965 struct inet6_dev *idev = __in6_dev_get(dev);
966 struct inet6_ifaddr *ifp;
967 struct neighbour *neigh;
969 if (skb->len < sizeof(struct nd_msg)) {
970 ND_PRINTK(2, warn, "NA: packet too short\n");
974 if (ipv6_addr_is_multicast(&msg->target)) {
975 ND_PRINTK(2, warn, "NA: target address is multicast\n");
979 if (ipv6_addr_is_multicast(daddr) &&
980 msg->icmph.icmp6_solicited) {
981 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
985 /* For some 802.11 wireless deployments (and possibly other networks),
986 * there will be a NA proxy and unsolicitd packets are attacks
987 * and thus should not be accepted.
989 if (!msg->icmph.icmp6_solicited && idev &&
990 idev->cnf.drop_unsolicited_na)
993 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
994 ND_PRINTK(2, warn, "NS: invalid ND option\n");
997 if (ndopts.nd_opts_tgt_lladdr) {
998 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
1001 "NA: invalid link-layer address length\n");
1005 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
1007 if (skb->pkt_type != PACKET_LOOPBACK
1008 && (ifp->flags & IFA_F_TENTATIVE)) {
1009 addrconf_dad_failure(skb, ifp);
1012 /* What should we make now? The advertisement
1013 is invalid, but ndisc specs say nothing
1014 about it. It could be misconfiguration, or
1015 an smart proxy agent tries to help us :-)
1017 We should not print the error if NA has been
1018 received from loopback - it is just our own
1019 unsolicited advertisement.
1021 if (skb->pkt_type != PACKET_LOOPBACK)
1023 "NA: %pM advertised our address %pI6c on %s!\n",
1024 eth_hdr(skb)->h_source, &ifp->addr, ifp->idev->dev->name);
1028 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
1031 u8 old_flags = neigh->flags;
1032 struct net *net = dev_net(dev);
1034 if (neigh->nud_state & NUD_FAILED)
1038 * Don't update the neighbor cache entry on a proxy NA from
1039 * ourselves because either the proxied node is off link or it
1040 * has already sent a NA to us.
1042 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
1043 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
1044 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
1045 /* XXX: idev->cnf.proxy_ndp */
1049 ndisc_update(dev, neigh, lladdr,
1050 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
1051 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1052 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
1053 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1054 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0),
1055 NDISC_NEIGHBOUR_ADVERTISEMENT, &ndopts);
1057 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
1059 * Change: router to host
1061 rt6_clean_tohost(dev_net(dev), saddr);
1065 neigh_release(neigh);
1069 static void ndisc_recv_rs(struct sk_buff *skb)
1071 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
1072 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
1073 struct neighbour *neigh;
1074 struct inet6_dev *idev;
1075 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
1076 struct ndisc_options ndopts;
1079 if (skb->len < sizeof(*rs_msg))
1082 idev = __in6_dev_get(skb->dev);
1084 ND_PRINTK(1, err, "RS: can't find in6 device\n");
1088 /* Don't accept RS if we're not in router mode */
1089 if (!idev->cnf.forwarding)
1093 * Don't update NCE if src = ::;
1094 * this implies that the source node has no ip address assigned yet.
1096 if (ipv6_addr_any(saddr))
1099 /* Parse ND options */
1100 if (!ndisc_parse_options(skb->dev, rs_msg->opt, ndoptlen, &ndopts)) {
1101 ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n");
1105 if (ndopts.nd_opts_src_lladdr) {
1106 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1112 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1114 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1115 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1116 NEIGH_UPDATE_F_OVERRIDE|
1117 NEIGH_UPDATE_F_OVERRIDE_ISROUTER,
1118 NDISC_ROUTER_SOLICITATION, &ndopts);
1119 neigh_release(neigh);
1125 static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1127 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1128 struct sk_buff *skb;
1129 struct nlmsghdr *nlh;
1130 struct nduseroptmsg *ndmsg;
1131 struct net *net = dev_net(ra->dev);
1133 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1134 + (opt->nd_opt_len << 3));
1135 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1137 skb = nlmsg_new(msg_size, GFP_ATOMIC);
1143 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1145 goto nla_put_failure;
1148 ndmsg = nlmsg_data(nlh);
1149 ndmsg->nduseropt_family = AF_INET6;
1150 ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1151 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1152 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1153 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1155 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1157 if (nla_put_in6_addr(skb, NDUSEROPT_SRCADDR, &ipv6_hdr(ra)->saddr))
1158 goto nla_put_failure;
1159 nlmsg_end(skb, nlh);
1161 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1168 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1171 static void ndisc_router_discovery(struct sk_buff *skb)
1173 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1174 struct neighbour *neigh = NULL;
1175 struct inet6_dev *in6_dev;
1176 struct fib6_info *rt = NULL;
1177 u32 defrtr_usr_metric;
1180 struct ndisc_options ndopts;
1182 unsigned int pref = 0;
1184 bool send_ifinfo_notify = false;
1186 __u8 *opt = (__u8 *)(ra_msg + 1);
1188 optlen = (skb_tail_pointer(skb) - skb_transport_header(skb)) -
1189 sizeof(struct ra_msg);
1192 "RA: %s, dev: %s\n",
1193 __func__, skb->dev->name);
1194 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1195 ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1199 ND_PRINTK(2, warn, "RA: packet too short\n");
1203 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1204 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1205 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
1211 * set the RA_RECV flag in the interface
1214 in6_dev = __in6_dev_get(skb->dev);
1216 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1221 if (!ndisc_parse_options(skb->dev, opt, optlen, &ndopts)) {
1222 ND_PRINTK(2, warn, "RA: invalid ND options\n");
1226 if (!ipv6_accept_ra(in6_dev)) {
1228 "RA: %s, did not accept ra for dev: %s\n",
1229 __func__, skb->dev->name);
1230 goto skip_linkparms;
1233 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1234 /* skip link-specific parameters from interior routers */
1235 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1237 "RA: %s, nodetype is NODEFAULT, dev: %s\n",
1238 __func__, skb->dev->name);
1239 goto skip_linkparms;
1243 if (in6_dev->if_flags & IF_RS_SENT) {
1245 * flag that an RA was received after an RS was sent
1246 * out on this interface.
1248 in6_dev->if_flags |= IF_RA_RCVD;
1252 * Remember the managed/otherconf flags from most recently
1253 * received RA message (RFC 2462) -- yoshfuji
1255 old_if_flags = in6_dev->if_flags;
1256 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1258 (ra_msg->icmph.icmp6_addrconf_managed ?
1259 IF_RA_MANAGED : 0) |
1260 (ra_msg->icmph.icmp6_addrconf_other ?
1261 IF_RA_OTHERCONF : 0);
1263 if (old_if_flags != in6_dev->if_flags)
1264 send_ifinfo_notify = true;
1266 if (!in6_dev->cnf.accept_ra_defrtr) {
1268 "RA: %s, defrtr is false for dev: %s\n",
1269 __func__, skb->dev->name);
1273 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1274 if (lifetime != 0 && lifetime < in6_dev->cnf.accept_ra_min_lft) {
1276 "RA: router lifetime (%ds) is too short: %s\n",
1277 lifetime, skb->dev->name);
1281 /* Do not accept RA with source-addr found on local machine unless
1282 * accept_ra_from_local is set to true.
1284 net = dev_net(in6_dev->dev);
1285 if (!in6_dev->cnf.accept_ra_from_local &&
1286 ipv6_chk_addr(net, &ipv6_hdr(skb)->saddr, in6_dev->dev, 0)) {
1288 "RA from local address detected on dev: %s: default router ignored\n",
1293 #ifdef CONFIG_IPV6_ROUTER_PREF
1294 pref = ra_msg->icmph.icmp6_router_pref;
1295 /* 10b is handled as if it were 00b (medium) */
1296 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1297 !in6_dev->cnf.accept_ra_rtr_pref)
1298 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1300 /* routes added from RAs do not use nexthop objects */
1301 rt = rt6_get_dflt_router(net, &ipv6_hdr(skb)->saddr, skb->dev);
1303 neigh = ip6_neigh_lookup(&rt->fib6_nh->fib_nh_gw6,
1304 rt->fib6_nh->fib_nh_dev, NULL,
1305 &ipv6_hdr(skb)->saddr);
1308 "RA: %s got default router without neighbour\n",
1310 fib6_info_release(rt);
1314 /* Set default route metric as specified by user */
1315 defrtr_usr_metric = in6_dev->cnf.ra_defrtr_metric;
1316 /* delete the route if lifetime is 0 or if metric needs change */
1317 if (rt && (lifetime == 0 || rt->fib6_metric != defrtr_usr_metric)) {
1318 ip6_del_rt(net, rt, false);
1322 ND_PRINTK(3, info, "RA: rt: %p lifetime: %d, metric: %d, for dev: %s\n",
1323 rt, lifetime, defrtr_usr_metric, skb->dev->name);
1324 if (!rt && lifetime) {
1325 ND_PRINTK(3, info, "RA: adding default router\n");
1328 neigh_release(neigh);
1330 rt = rt6_add_dflt_router(net, &ipv6_hdr(skb)->saddr,
1331 skb->dev, pref, defrtr_usr_metric);
1334 "RA: %s failed to add default route\n",
1339 neigh = ip6_neigh_lookup(&rt->fib6_nh->fib_nh_gw6,
1340 rt->fib6_nh->fib_nh_dev, NULL,
1341 &ipv6_hdr(skb)->saddr);
1344 "RA: %s got default router without neighbour\n",
1346 fib6_info_release(rt);
1349 neigh->flags |= NTF_ROUTER;
1351 rt->fib6_flags = (rt->fib6_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1355 fib6_set_expires(rt, jiffies + (HZ * lifetime));
1356 if (in6_dev->cnf.accept_ra_min_hop_limit < 256 &&
1357 ra_msg->icmph.icmp6_hop_limit) {
1358 if (in6_dev->cnf.accept_ra_min_hop_limit <= ra_msg->icmph.icmp6_hop_limit) {
1359 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1360 fib6_metric_set(rt, RTAX_HOPLIMIT,
1361 ra_msg->icmph.icmp6_hop_limit);
1363 ND_PRINTK(2, warn, "RA: Got route advertisement with lower hop_limit than minimum\n");
1370 * Update Reachable Time and Retrans Timer
1373 if (in6_dev->nd_parms) {
1374 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1376 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1377 rtime = (rtime*HZ)/1000;
1380 NEIGH_VAR_SET(in6_dev->nd_parms, RETRANS_TIME, rtime);
1381 in6_dev->tstamp = jiffies;
1382 send_ifinfo_notify = true;
1385 rtime = ntohl(ra_msg->reachable_time);
1386 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1387 rtime = (rtime*HZ)/1000;
1392 if (rtime != NEIGH_VAR(in6_dev->nd_parms, BASE_REACHABLE_TIME)) {
1393 NEIGH_VAR_SET(in6_dev->nd_parms,
1394 BASE_REACHABLE_TIME, rtime);
1395 NEIGH_VAR_SET(in6_dev->nd_parms,
1396 GC_STALETIME, 3 * rtime);
1397 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1398 in6_dev->tstamp = jiffies;
1399 send_ifinfo_notify = true;
1411 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1415 if (ndopts.nd_opts_src_lladdr) {
1416 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1420 "RA: invalid link-layer address length\n");
1424 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1425 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1426 NEIGH_UPDATE_F_OVERRIDE|
1427 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1428 NEIGH_UPDATE_F_ISROUTER,
1429 NDISC_ROUTER_ADVERTISEMENT, &ndopts);
1432 if (!ipv6_accept_ra(in6_dev)) {
1434 "RA: %s, accept_ra is false for dev: %s\n",
1435 __func__, skb->dev->name);
1439 #ifdef CONFIG_IPV6_ROUTE_INFO
1440 if (!in6_dev->cnf.accept_ra_from_local &&
1441 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
1444 "RA from local address detected on dev: %s: router info ignored.\n",
1446 goto skip_routeinfo;
1449 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1450 struct nd_opt_hdr *p;
1451 for (p = ndopts.nd_opts_ri;
1453 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1454 struct route_info *ri = (struct route_info *)p;
1455 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1456 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1457 ri->prefix_len == 0)
1460 if (ri->prefix_len == 0 &&
1461 !in6_dev->cnf.accept_ra_defrtr)
1463 if (ri->lifetime != 0 &&
1464 ntohl(ri->lifetime) < in6_dev->cnf.accept_ra_min_lft)
1466 if (ri->prefix_len < in6_dev->cnf.accept_ra_rt_info_min_plen)
1468 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1470 rt6_route_rcv(skb->dev, (u8 *)p, (p->nd_opt_len) << 3,
1471 &ipv6_hdr(skb)->saddr);
1478 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1479 /* skip link-specific ndopts from interior routers */
1480 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1482 "RA: %s, nodetype is NODEFAULT (interior routes), dev: %s\n",
1483 __func__, skb->dev->name);
1488 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1489 struct nd_opt_hdr *p;
1490 for (p = ndopts.nd_opts_pi;
1492 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1493 addrconf_prefix_rcv(skb->dev, (u8 *)p,
1494 (p->nd_opt_len) << 3,
1495 ndopts.nd_opts_src_lladdr != NULL);
1499 if (ndopts.nd_opts_mtu && in6_dev->cnf.accept_ra_mtu) {
1503 memcpy(&n, ((u8 *)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1506 if (in6_dev->ra_mtu != mtu) {
1507 in6_dev->ra_mtu = mtu;
1508 send_ifinfo_notify = true;
1511 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1512 ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1513 } else if (in6_dev->cnf.mtu6 != mtu) {
1514 in6_dev->cnf.mtu6 = mtu;
1515 fib6_metric_set(rt, RTAX_MTU, mtu);
1516 rt6_mtu_change(skb->dev, mtu);
1520 if (ndopts.nd_useropts) {
1521 struct nd_opt_hdr *p;
1522 for (p = ndopts.nd_useropts;
1524 p = ndisc_next_useropt(skb->dev, p,
1525 ndopts.nd_useropts_end)) {
1526 ndisc_ra_useropt(skb, p);
1530 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1531 ND_PRINTK(2, warn, "RA: invalid RA options\n");
1534 /* Send a notify if RA changed managed/otherconf flags or
1535 * timer settings or ra_mtu value
1537 if (send_ifinfo_notify)
1538 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1540 fib6_info_release(rt);
1542 neigh_release(neigh);
1545 static void ndisc_redirect_rcv(struct sk_buff *skb)
1548 struct ndisc_options ndopts;
1549 struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb);
1550 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
1551 offsetof(struct rd_msg, opt));
1553 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1554 switch (skb->ndisc_nodetype) {
1555 case NDISC_NODETYPE_HOST:
1556 case NDISC_NODETYPE_NODEFAULT:
1558 "Redirect: from host or unauthorized router\n");
1563 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1565 "Redirect: source address is not link-local\n");
1569 if (!ndisc_parse_options(skb->dev, msg->opt, ndoptlen, &ndopts))
1572 if (!ndopts.nd_opts_rh) {
1573 ip6_redirect_no_header(skb, dev_net(skb->dev),
1578 hdr = (u8 *)ndopts.nd_opts_rh;
1580 if (!pskb_pull(skb, hdr - skb_transport_header(skb)))
1583 icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1586 static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb,
1587 struct sk_buff *orig_skb,
1590 u8 *opt = skb_put(skb, rd_len);
1593 *(opt++) = ND_OPT_REDIRECT_HDR;
1594 *(opt++) = (rd_len >> 3);
1597 skb_copy_bits(orig_skb, skb_network_offset(orig_skb), opt,
1601 void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1603 struct net_device *dev = skb->dev;
1604 struct net *net = dev_net(dev);
1605 struct sock *sk = net->ipv6.ndisc_sk;
1607 struct inet_peer *peer;
1608 struct sk_buff *buff;
1610 struct in6_addr saddr_buf;
1611 struct rt6_info *rt;
1612 struct dst_entry *dst;
1615 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL,
1616 ops_data_buf[NDISC_OPS_REDIRECT_DATA_SPACE], *ops_data = NULL;
1619 if (netif_is_l3_master(skb->dev)) {
1620 dev = __dev_get_by_index(dev_net(skb->dev), IPCB(skb)->iif);
1625 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1626 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1631 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1632 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1634 "Redirect: target address is not link-local unicast\n");
1638 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1639 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1641 dst = ip6_route_output(net, NULL, &fl6);
1646 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1650 rt = (struct rt6_info *) dst;
1652 if (rt->rt6i_flags & RTF_GATEWAY) {
1654 "Redirect: destination is not a neighbour\n");
1657 peer = inet_getpeer_v6(net->ipv6.peers, &ipv6_hdr(skb)->saddr, 1);
1658 ret = inet_peer_xrlim_allow(peer, 1*HZ);
1664 if (dev->addr_len) {
1665 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1668 "Redirect: no neigh for target address\n");
1672 read_lock_bh(&neigh->lock);
1673 if (neigh->nud_state & NUD_VALID) {
1674 memcpy(ha_buf, neigh->ha, dev->addr_len);
1675 read_unlock_bh(&neigh->lock);
1677 optlen += ndisc_redirect_opt_addr_space(dev, neigh,
1681 read_unlock_bh(&neigh->lock);
1683 neigh_release(neigh);
1686 rd_len = min_t(unsigned int,
1687 IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen,
1692 buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
1696 msg = skb_put(buff, sizeof(*msg));
1697 *msg = (struct rd_msg) {
1699 .icmp6_type = NDISC_REDIRECT,
1702 .dest = ipv6_hdr(skb)->daddr,
1706 * include target_address option
1710 ndisc_fill_redirect_addr_option(buff, ha, ops_data);
1713 * build redirect option and copy skb over to the new packet.
1717 ndisc_fill_redirect_hdr_option(buff, skb, rd_len);
1719 skb_dst_set(buff, dst);
1720 ndisc_send_skb(buff, &ipv6_hdr(skb)->saddr, &saddr_buf);
1727 static void pndisc_redo(struct sk_buff *skb)
1733 static int ndisc_is_multicast(const void *pkey)
1735 return ipv6_addr_is_multicast((struct in6_addr *)pkey);
1738 static bool ndisc_suppress_frag_ndisc(struct sk_buff *skb)
1740 struct inet6_dev *idev = __in6_dev_get(skb->dev);
1744 if (IP6CB(skb)->flags & IP6SKB_FRAGMENTED &&
1745 idev->cnf.suppress_frag_ndisc) {
1746 net_warn_ratelimited("Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.\n");
1752 int ndisc_rcv(struct sk_buff *skb)
1756 if (ndisc_suppress_frag_ndisc(skb))
1759 if (skb_linearize(skb))
1762 msg = (struct nd_msg *)skb_transport_header(skb);
1764 __skb_push(skb, skb->data - skb_transport_header(skb));
1766 if (ipv6_hdr(skb)->hop_limit != 255) {
1767 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1768 ipv6_hdr(skb)->hop_limit);
1772 if (msg->icmph.icmp6_code != 0) {
1773 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1774 msg->icmph.icmp6_code);
1778 switch (msg->icmph.icmp6_type) {
1779 case NDISC_NEIGHBOUR_SOLICITATION:
1780 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1784 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1788 case NDISC_ROUTER_SOLICITATION:
1792 case NDISC_ROUTER_ADVERTISEMENT:
1793 ndisc_router_discovery(skb);
1796 case NDISC_REDIRECT:
1797 ndisc_redirect_rcv(skb);
1804 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1806 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1807 struct netdev_notifier_change_info *change_info;
1808 struct net *net = dev_net(dev);
1809 struct inet6_dev *idev;
1812 case NETDEV_CHANGEADDR:
1813 neigh_changeaddr(&nd_tbl, dev);
1814 fib6_run_gc(0, net, false);
1817 idev = in6_dev_get(dev);
1820 if (idev->cnf.ndisc_notify ||
1821 net->ipv6.devconf_all->ndisc_notify)
1822 ndisc_send_unsol_na(dev);
1827 if (change_info->flags_changed & IFF_NOARP)
1828 neigh_changeaddr(&nd_tbl, dev);
1829 if (!netif_carrier_ok(dev))
1830 neigh_carrier_down(&nd_tbl, dev);
1833 neigh_ifdown(&nd_tbl, dev);
1834 fib6_run_gc(0, net, false);
1836 case NETDEV_NOTIFY_PEERS:
1837 ndisc_send_unsol_na(dev);
1846 static struct notifier_block ndisc_netdev_notifier = {
1847 .notifier_call = ndisc_netdev_event,
1848 .priority = ADDRCONF_NOTIFY_PRIORITY - 5,
1851 #ifdef CONFIG_SYSCTL
1852 static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1853 const char *func, const char *dev_name)
1855 static char warncomm[TASK_COMM_LEN];
1857 if (strcmp(warncomm, current->comm) && warned < 5) {
1858 strcpy(warncomm, current->comm);
1859 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1861 dev_name, ctl->procname,
1862 dev_name, ctl->procname);
1867 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void *buffer,
1868 size_t *lenp, loff_t *ppos)
1870 struct net_device *dev = ctl->extra1;
1871 struct inet6_dev *idev;
1874 if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1875 (strcmp(ctl->procname, "base_reachable_time") == 0))
1876 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1878 if (strcmp(ctl->procname, "retrans_time") == 0)
1879 ret = neigh_proc_dointvec(ctl, write, buffer, lenp, ppos);
1881 else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1882 ret = neigh_proc_dointvec_jiffies(ctl, write,
1883 buffer, lenp, ppos);
1885 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1886 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1887 ret = neigh_proc_dointvec_ms_jiffies(ctl, write,
1888 buffer, lenp, ppos);
1892 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1893 if (ctl->data == &NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME))
1894 idev->nd_parms->reachable_time =
1895 neigh_rand_reach_time(NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME));
1896 idev->tstamp = jiffies;
1897 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1906 static int __net_init ndisc_net_init(struct net *net)
1908 struct ipv6_pinfo *np;
1912 err = inet_ctl_sock_create(&sk, PF_INET6,
1913 SOCK_RAW, IPPROTO_ICMPV6, net);
1916 "NDISC: Failed to initialize the control socket (err %d)\n",
1921 net->ipv6.ndisc_sk = sk;
1924 np->hop_limit = 255;
1925 /* Do not loopback ndisc messages */
1931 static void __net_exit ndisc_net_exit(struct net *net)
1933 inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1936 static struct pernet_operations ndisc_net_ops = {
1937 .init = ndisc_net_init,
1938 .exit = ndisc_net_exit,
1941 int __init ndisc_init(void)
1945 err = register_pernet_subsys(&ndisc_net_ops);
1949 * Initialize the neighbour table
1951 neigh_table_init(NEIGH_ND_TABLE, &nd_tbl);
1953 #ifdef CONFIG_SYSCTL
1954 err = neigh_sysctl_register(NULL, &nd_tbl.parms,
1955 ndisc_ifinfo_sysctl_change);
1957 goto out_unregister_pernet;
1962 #ifdef CONFIG_SYSCTL
1963 out_unregister_pernet:
1964 unregister_pernet_subsys(&ndisc_net_ops);
1969 int __init ndisc_late_init(void)
1971 return register_netdevice_notifier(&ndisc_netdev_notifier);
1974 void ndisc_late_cleanup(void)
1976 unregister_netdevice_notifier(&ndisc_netdev_notifier);
1979 void ndisc_cleanup(void)
1981 #ifdef CONFIG_SYSCTL
1982 neigh_sysctl_unregister(&nd_tbl.parms);
1984 neigh_table_clear(NEIGH_ND_TABLE, &nd_tbl);
1985 unregister_pernet_subsys(&ndisc_net_ops);
projects / releases.git / blob