1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * Neighbour Discovery for IPv6
4 * Linux INET6 implementation
7 * Pedro Roque <roque@di.fc.ul.pt>
8 * Mike Shaver <shaver@ingenia.com>
14 * Alexey I. Froloff : RFC6106 (DNSSL) support
15 * Pierre Ynard : export userland ND options
16 * through netlink (RDNSS support)
17 * Lars Fenneberg : fixed MTU setting on receipt
19 * Janos Farkas : kmalloc failure checks
20 * Alexey Kuznetsov : state machine reworked
21 * and moved to net/core.
22 * Pekka Savola : RFC2461 validation
23 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly
26 #define pr_fmt(fmt) "ICMPv6: " fmt
28 #include <linux/module.h>
29 #include <linux/errno.h>
30 #include <linux/types.h>
31 #include <linux/socket.h>
32 #include <linux/sockios.h>
33 #include <linux/sched.h>
34 #include <linux/net.h>
35 #include <linux/in6.h>
36 #include <linux/route.h>
37 #include <linux/init.h>
38 #include <linux/rcupdate.h>
39 #include <linux/slab.h>
41 #include <linux/sysctl.h>
44 #include <linux/if_addr.h>
45 #include <linux/if_ether.h>
46 #include <linux/if_arp.h>
47 #include <linux/ipv6.h>
48 #include <linux/icmpv6.h>
49 #include <linux/jhash.h>
55 #include <net/protocol.h>
56 #include <net/ndisc.h>
57 #include <net/ip6_route.h>
58 #include <net/addrconf.h>
61 #include <net/netlink.h>
62 #include <linux/rtnetlink.h>
65 #include <net/ip6_checksum.h>
66 #include <net/inet_common.h>
67 #include <linux/proc_fs.h>
69 #include <linux/netfilter.h>
70 #include <linux/netfilter_ipv6.h>
72 static u32 ndisc_hash(const void *pkey,
73 const struct net_device *dev,
75 static bool ndisc_key_eq(const struct neighbour *neigh, const void *pkey);
76 static bool ndisc_allow_add(const struct net_device *dev,
77 struct netlink_ext_ack *extack);
78 static int ndisc_constructor(struct neighbour *neigh);
79 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
80 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
81 static int pndisc_constructor(struct pneigh_entry *n);
82 static void pndisc_destructor(struct pneigh_entry *n);
83 static void pndisc_redo(struct sk_buff *skb);
84 static int ndisc_is_multicast(const void *pkey);
86 static const struct neigh_ops ndisc_generic_ops = {
88 .solicit = ndisc_solicit,
89 .error_report = ndisc_error_report,
90 .output = neigh_resolve_output,
91 .connected_output = neigh_connected_output,
94 static const struct neigh_ops ndisc_hh_ops = {
96 .solicit = ndisc_solicit,
97 .error_report = ndisc_error_report,
98 .output = neigh_resolve_output,
99 .connected_output = neigh_resolve_output,
103 static const struct neigh_ops ndisc_direct_ops = {
105 .output = neigh_direct_output,
106 .connected_output = neigh_direct_output,
109 struct neigh_table nd_tbl = {
111 .key_len = sizeof(struct in6_addr),
112 .protocol = cpu_to_be16(ETH_P_IPV6),
114 .key_eq = ndisc_key_eq,
115 .constructor = ndisc_constructor,
116 .pconstructor = pndisc_constructor,
117 .pdestructor = pndisc_destructor,
118 .proxy_redo = pndisc_redo,
119 .is_multicast = ndisc_is_multicast,
120 .allow_add = ndisc_allow_add,
124 .reachable_time = ND_REACHABLE_TIME,
126 [NEIGH_VAR_MCAST_PROBES] = 3,
127 [NEIGH_VAR_UCAST_PROBES] = 3,
128 [NEIGH_VAR_RETRANS_TIME] = ND_RETRANS_TIMER,
129 [NEIGH_VAR_BASE_REACHABLE_TIME] = ND_REACHABLE_TIME,
130 [NEIGH_VAR_DELAY_PROBE_TIME] = 5 * HZ,
131 [NEIGH_VAR_GC_STALETIME] = 60 * HZ,
132 [NEIGH_VAR_QUEUE_LEN_BYTES] = SK_WMEM_MAX,
133 [NEIGH_VAR_PROXY_QLEN] = 64,
134 [NEIGH_VAR_ANYCAST_DELAY] = 1 * HZ,
135 [NEIGH_VAR_PROXY_DELAY] = (8 * HZ) / 10,
138 .gc_interval = 30 * HZ,
143 EXPORT_SYMBOL_GPL(nd_tbl);
145 void __ndisc_fill_addr_option(struct sk_buff *skb, int type, const void *data,
146 int data_len, int pad)
148 int space = __ndisc_opt_addr_space(data_len, pad);
149 u8 *opt = skb_put(skb, space);
154 memset(opt + 2, 0, pad);
158 memcpy(opt+2, data, data_len);
163 memset(opt, 0, space);
165 EXPORT_SYMBOL_GPL(__ndisc_fill_addr_option);
167 static inline void ndisc_fill_addr_option(struct sk_buff *skb, int type,
168 const void *data, u8 icmp6_type)
170 __ndisc_fill_addr_option(skb, type, data, skb->dev->addr_len,
171 ndisc_addr_option_pad(skb->dev->type));
172 ndisc_ops_fill_addr_option(skb->dev, skb, icmp6_type);
175 static inline void ndisc_fill_redirect_addr_option(struct sk_buff *skb,
179 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR, ha, NDISC_REDIRECT);
180 ndisc_ops_fill_redirect_addr_option(skb->dev, skb, ops_data);
183 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
184 struct nd_opt_hdr *end)
187 if (!cur || !end || cur >= end)
189 type = cur->nd_opt_type;
191 cur = ((void *)cur) + (cur->nd_opt_len << 3);
192 } while (cur < end && cur->nd_opt_type != type);
193 return cur <= end && cur->nd_opt_type == type ? cur : NULL;
196 static inline int ndisc_is_useropt(const struct net_device *dev,
197 struct nd_opt_hdr *opt)
199 return opt->nd_opt_type == ND_OPT_RDNSS ||
200 opt->nd_opt_type == ND_OPT_DNSSL ||
201 opt->nd_opt_type == ND_OPT_CAPTIVE_PORTAL ||
202 opt->nd_opt_type == ND_OPT_PREF64 ||
203 ndisc_ops_is_useropt(dev, opt->nd_opt_type);
206 static struct nd_opt_hdr *ndisc_next_useropt(const struct net_device *dev,
207 struct nd_opt_hdr *cur,
208 struct nd_opt_hdr *end)
210 if (!cur || !end || cur >= end)
213 cur = ((void *)cur) + (cur->nd_opt_len << 3);
214 } while (cur < end && !ndisc_is_useropt(dev, cur));
215 return cur <= end && ndisc_is_useropt(dev, cur) ? cur : NULL;
218 struct ndisc_options *ndisc_parse_options(const struct net_device *dev,
219 u8 *opt, int opt_len,
220 struct ndisc_options *ndopts)
222 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
224 if (!nd_opt || opt_len < 0 || !ndopts)
226 memset(ndopts, 0, sizeof(*ndopts));
229 if (opt_len < sizeof(struct nd_opt_hdr))
231 l = nd_opt->nd_opt_len << 3;
232 if (opt_len < l || l == 0)
234 if (ndisc_ops_parse_options(dev, nd_opt, ndopts))
236 switch (nd_opt->nd_opt_type) {
237 case ND_OPT_SOURCE_LL_ADDR:
238 case ND_OPT_TARGET_LL_ADDR:
241 case ND_OPT_REDIRECT_HDR:
242 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
244 "%s: duplicated ND6 option found: type=%d\n",
245 __func__, nd_opt->nd_opt_type);
247 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
250 case ND_OPT_PREFIX_INFO:
251 ndopts->nd_opts_pi_end = nd_opt;
252 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
253 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
255 #ifdef CONFIG_IPV6_ROUTE_INFO
256 case ND_OPT_ROUTE_INFO:
257 ndopts->nd_opts_ri_end = nd_opt;
258 if (!ndopts->nd_opts_ri)
259 ndopts->nd_opts_ri = nd_opt;
263 if (ndisc_is_useropt(dev, nd_opt)) {
264 ndopts->nd_useropts_end = nd_opt;
265 if (!ndopts->nd_useropts)
266 ndopts->nd_useropts = nd_opt;
269 * Unknown options must be silently ignored,
270 * to accommodate future extension to the
274 "%s: ignored unsupported option; type=%d, len=%d\n",
282 nd_opt = ((void *)nd_opt) + l;
287 int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
291 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */
293 ipv6_eth_mc_map(addr, buf);
296 ipv6_arcnet_mc_map(addr, buf);
298 case ARPHRD_INFINIBAND:
299 ipv6_ib_mc_map(addr, dev->broadcast, buf);
302 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
305 memcpy(buf, dev->broadcast, dev->addr_len);
311 EXPORT_SYMBOL(ndisc_mc_map);
313 static u32 ndisc_hash(const void *pkey,
314 const struct net_device *dev,
317 return ndisc_hashfn(pkey, dev, hash_rnd);
320 static bool ndisc_key_eq(const struct neighbour *n, const void *pkey)
322 return neigh_key_eq128(n, pkey);
325 static int ndisc_constructor(struct neighbour *neigh)
327 struct in6_addr *addr = (struct in6_addr *)&neigh->primary_key;
328 struct net_device *dev = neigh->dev;
329 struct inet6_dev *in6_dev;
330 struct neigh_parms *parms;
331 bool is_multicast = ipv6_addr_is_multicast(addr);
333 in6_dev = in6_dev_get(dev);
338 parms = in6_dev->nd_parms;
339 __neigh_parms_put(neigh->parms);
340 neigh->parms = neigh_parms_clone(parms);
342 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
343 if (!dev->header_ops) {
344 neigh->nud_state = NUD_NOARP;
345 neigh->ops = &ndisc_direct_ops;
346 neigh->output = neigh_direct_output;
349 neigh->nud_state = NUD_NOARP;
350 ndisc_mc_map(addr, neigh->ha, dev, 1);
351 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
352 neigh->nud_state = NUD_NOARP;
353 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
354 if (dev->flags&IFF_LOOPBACK)
355 neigh->type = RTN_LOCAL;
356 } else if (dev->flags&IFF_POINTOPOINT) {
357 neigh->nud_state = NUD_NOARP;
358 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
360 if (dev->header_ops->cache)
361 neigh->ops = &ndisc_hh_ops;
363 neigh->ops = &ndisc_generic_ops;
364 if (neigh->nud_state&NUD_VALID)
365 neigh->output = neigh->ops->connected_output;
367 neigh->output = neigh->ops->output;
369 in6_dev_put(in6_dev);
373 static int pndisc_constructor(struct pneigh_entry *n)
375 struct in6_addr *addr = (struct in6_addr *)&n->key;
376 struct in6_addr maddr;
377 struct net_device *dev = n->dev;
379 if (!dev || !__in6_dev_get(dev))
381 addrconf_addr_solict_mult(addr, &maddr);
382 ipv6_dev_mc_inc(dev, &maddr);
386 static void pndisc_destructor(struct pneigh_entry *n)
388 struct in6_addr *addr = (struct in6_addr *)&n->key;
389 struct in6_addr maddr;
390 struct net_device *dev = n->dev;
392 if (!dev || !__in6_dev_get(dev))
394 addrconf_addr_solict_mult(addr, &maddr);
395 ipv6_dev_mc_dec(dev, &maddr);
398 /* called with rtnl held */
399 static bool ndisc_allow_add(const struct net_device *dev,
400 struct netlink_ext_ack *extack)
402 struct inet6_dev *idev = __in6_dev_get(dev);
404 if (!idev || idev->cnf.disable_ipv6) {
405 NL_SET_ERR_MSG(extack, "IPv6 is disabled on this device");
412 static struct sk_buff *ndisc_alloc_skb(struct net_device *dev,
415 int hlen = LL_RESERVED_SPACE(dev);
416 int tlen = dev->needed_tailroom;
417 struct sock *sk = dev_net(dev)->ipv6.ndisc_sk;
420 skb = alloc_skb(hlen + sizeof(struct ipv6hdr) + len + tlen, GFP_ATOMIC);
422 ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb\n",
427 skb->protocol = htons(ETH_P_IPV6);
430 skb_reserve(skb, hlen + sizeof(struct ipv6hdr));
431 skb_reset_transport_header(skb);
433 /* Manually assign socket ownership as we avoid calling
434 * sock_alloc_send_pskb() to bypass wmem buffer limits
436 skb_set_owner_w(skb, sk);
441 static void ip6_nd_hdr(struct sk_buff *skb,
442 const struct in6_addr *saddr,
443 const struct in6_addr *daddr,
444 int hop_limit, int len)
447 struct inet6_dev *idev;
451 idev = __in6_dev_get(skb->dev);
452 tclass = idev ? idev->cnf.ndisc_tclass : 0;
455 skb_push(skb, sizeof(*hdr));
456 skb_reset_network_header(skb);
459 ip6_flow_hdr(hdr, tclass, 0);
461 hdr->payload_len = htons(len);
462 hdr->nexthdr = IPPROTO_ICMPV6;
463 hdr->hop_limit = hop_limit;
469 void ndisc_send_skb(struct sk_buff *skb, const struct in6_addr *daddr,
470 const struct in6_addr *saddr)
472 struct dst_entry *dst = skb_dst(skb);
473 struct net *net = dev_net(skb->dev);
474 struct sock *sk = net->ipv6.ndisc_sk;
475 struct inet6_dev *idev;
477 struct icmp6hdr *icmp6h = icmp6_hdr(skb);
480 type = icmp6h->icmp6_type;
484 int oif = skb->dev->ifindex;
486 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, oif);
487 dst = icmp6_dst_alloc(skb->dev, &fl6);
493 skb_dst_set(skb, dst);
496 icmp6h->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len,
501 ip6_nd_hdr(skb, saddr, daddr, inet6_sk(sk)->hop_limit, skb->len);
504 idev = __in6_dev_get(dst->dev);
505 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
507 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT,
508 net, sk, skb, NULL, dst->dev,
511 ICMP6MSGOUT_INC_STATS(net, idev, type);
512 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
517 EXPORT_SYMBOL(ndisc_send_skb);
519 void ndisc_send_na(struct net_device *dev, const struct in6_addr *daddr,
520 const struct in6_addr *solicited_addr,
521 bool router, bool solicited, bool override, bool inc_opt)
524 struct in6_addr tmpaddr;
525 struct inet6_ifaddr *ifp;
526 const struct in6_addr *src_addr;
530 /* for anycast or proxy, solicited_addr != src_addr */
531 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
533 src_addr = solicited_addr;
534 if (ifp->flags & IFA_F_OPTIMISTIC)
536 inc_opt |= ifp->idev->cnf.force_tllao;
539 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
540 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
549 optlen += ndisc_opt_addr_space(dev,
550 NDISC_NEIGHBOUR_ADVERTISEMENT);
552 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
556 msg = skb_put(skb, sizeof(*msg));
557 *msg = (struct nd_msg) {
559 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
560 .icmp6_router = router,
561 .icmp6_solicited = solicited,
562 .icmp6_override = override,
564 .target = *solicited_addr,
568 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR,
570 NDISC_NEIGHBOUR_ADVERTISEMENT);
572 ndisc_send_skb(skb, daddr, src_addr);
575 static void ndisc_send_unsol_na(struct net_device *dev)
577 struct inet6_dev *idev;
578 struct inet6_ifaddr *ifa;
580 idev = in6_dev_get(dev);
584 read_lock_bh(&idev->lock);
585 list_for_each_entry(ifa, &idev->addr_list, if_list) {
586 /* skip tentative addresses until dad completes */
587 if (ifa->flags & IFA_F_TENTATIVE &&
588 !(ifa->flags & IFA_F_OPTIMISTIC))
591 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &ifa->addr,
592 /*router=*/ !!idev->cnf.forwarding,
593 /*solicited=*/ false, /*override=*/ true,
596 read_unlock_bh(&idev->lock);
601 struct sk_buff *ndisc_ns_create(struct net_device *dev, const struct in6_addr *solicit,
602 const struct in6_addr *saddr, u64 nonce)
604 int inc_opt = dev->addr_len;
612 if (ipv6_addr_any(saddr))
615 optlen += ndisc_opt_addr_space(dev,
616 NDISC_NEIGHBOUR_SOLICITATION);
620 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
624 msg = skb_put(skb, sizeof(*msg));
625 *msg = (struct nd_msg) {
627 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
633 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
635 NDISC_NEIGHBOUR_SOLICITATION);
637 u8 *opt = skb_put(skb, 8);
639 opt[0] = ND_OPT_NONCE;
641 memcpy(opt + 2, &nonce, 6);
646 EXPORT_SYMBOL(ndisc_ns_create);
648 void ndisc_send_ns(struct net_device *dev, const struct in6_addr *solicit,
649 const struct in6_addr *daddr, const struct in6_addr *saddr,
652 struct in6_addr addr_buf;
656 if (ipv6_get_lladdr(dev, &addr_buf,
657 (IFA_F_TENTATIVE | IFA_F_OPTIMISTIC)))
662 skb = ndisc_ns_create(dev, solicit, saddr, nonce);
665 ndisc_send_skb(skb, daddr, saddr);
668 void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
669 const struct in6_addr *daddr)
673 int send_sllao = dev->addr_len;
676 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
678 * According to section 2.2 of RFC 4429, we must not
679 * send router solicitations with a sllao from
680 * optimistic addresses, but we may send the solicitation
681 * if we don't include the sllao. So here we check
682 * if our address is optimistic, and if so, we
683 * suppress the inclusion of the sllao.
686 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
689 if (ifp->flags & IFA_F_OPTIMISTIC) {
699 optlen += ndisc_opt_addr_space(dev, NDISC_ROUTER_SOLICITATION);
701 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
705 msg = skb_put(skb, sizeof(*msg));
706 *msg = (struct rs_msg) {
708 .icmp6_type = NDISC_ROUTER_SOLICITATION,
713 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
715 NDISC_ROUTER_SOLICITATION);
717 ndisc_send_skb(skb, daddr, saddr);
721 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
724 * "The sender MUST return an ICMP
725 * destination unreachable"
727 dst_link_failure(skb);
731 /* Called with locked neigh: either read or both */
733 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
735 struct in6_addr *saddr = NULL;
736 struct in6_addr mcaddr;
737 struct net_device *dev = neigh->dev;
738 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
739 int probes = atomic_read(&neigh->probes);
741 if (skb && ipv6_chk_addr_and_flags(dev_net(dev), &ipv6_hdr(skb)->saddr,
743 IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))
744 saddr = &ipv6_hdr(skb)->saddr;
745 probes -= NEIGH_VAR(neigh->parms, UCAST_PROBES);
747 if (!(neigh->nud_state & NUD_VALID)) {
749 "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
752 ndisc_send_ns(dev, target, target, saddr, 0);
753 } else if ((probes -= NEIGH_VAR(neigh->parms, APP_PROBES)) < 0) {
756 addrconf_addr_solict_mult(target, &mcaddr);
757 ndisc_send_ns(dev, target, &mcaddr, saddr, 0);
761 static int pndisc_is_router(const void *pkey,
762 struct net_device *dev)
764 struct pneigh_entry *n;
767 read_lock_bh(&nd_tbl.lock);
768 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
770 ret = !!(n->flags & NTF_ROUTER);
771 read_unlock_bh(&nd_tbl.lock);
776 void ndisc_update(const struct net_device *dev, struct neighbour *neigh,
777 const u8 *lladdr, u8 new, u32 flags, u8 icmp6_type,
778 struct ndisc_options *ndopts)
780 neigh_update(neigh, lladdr, new, flags, 0);
781 /* report ndisc ops about neighbour update */
782 ndisc_ops_update(dev, neigh, flags, icmp6_type, ndopts);
785 static void ndisc_recv_ns(struct sk_buff *skb)
787 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
788 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
789 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
791 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
792 offsetof(struct nd_msg, opt));
793 struct ndisc_options ndopts;
794 struct net_device *dev = skb->dev;
795 struct inet6_ifaddr *ifp;
796 struct inet6_dev *idev = NULL;
797 struct neighbour *neigh;
798 int dad = ipv6_addr_any(saddr);
803 if (skb->len < sizeof(struct nd_msg)) {
804 ND_PRINTK(2, warn, "NS: packet too short\n");
808 if (ipv6_addr_is_multicast(&msg->target)) {
809 ND_PRINTK(2, warn, "NS: multicast target address\n");
815 * DAD has to be destined for solicited node multicast address.
817 if (dad && !ipv6_addr_is_solict_mult(daddr)) {
818 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
822 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
823 ND_PRINTK(2, warn, "NS: invalid ND options\n");
827 if (ndopts.nd_opts_src_lladdr) {
828 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
831 "NS: invalid link-layer address length\n");
836 * If the IP source address is the unspecified address,
837 * there MUST NOT be source link-layer address option
842 "NS: bad DAD packet (link-layer address option)\n");
846 if (ndopts.nd_opts_nonce && ndopts.nd_opts_nonce->nd_opt_len == 1)
847 memcpy(&nonce, (u8 *)(ndopts.nd_opts_nonce + 1), 6);
849 inc = ipv6_addr_is_multicast(daddr);
851 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
854 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
856 if (nonce != 0 && ifp->dad_nonce == nonce) {
857 u8 *np = (u8 *)&nonce;
858 /* Matching nonce if looped back */
860 "%s: IPv6 DAD loopback for address %pI6c nonce %pM ignored\n",
861 ifp->idev->dev->name,
866 * We are colliding with another node
868 * so fail our DAD process
870 addrconf_dad_failure(skb, ifp);
874 * This is not a dad solicitation.
875 * If we are an optimistic node,
877 * Otherwise, we should ignore it.
879 if (!(ifp->flags & IFA_F_OPTIMISTIC))
886 struct net *net = dev_net(dev);
888 /* perhaps an address on the master device */
889 if (netif_is_l3_slave(dev)) {
890 struct net_device *mdev;
892 mdev = netdev_master_upper_dev_get_rcu(dev);
894 ifp = ipv6_get_ifaddr(net, &msg->target, mdev, 1);
900 idev = in6_dev_get(dev);
902 /* XXX: count this drop? */
906 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
907 (idev->cnf.forwarding &&
908 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
909 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
910 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
911 skb->pkt_type != PACKET_HOST &&
913 NEIGH_VAR(idev->nd_parms, PROXY_DELAY) != 0) {
915 * for anycast or proxy,
916 * sender should delay its response
917 * by a random time between 0 and
918 * MAX_ANYCAST_DELAY_TIME seconds.
919 * (RFC2461) -- yoshfuji
921 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
923 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
931 is_router = idev->cnf.forwarding;
934 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &msg->target,
935 !!is_router, false, (ifp != NULL), true);
940 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
942 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
945 * update / create cache entry
946 * for the source address
948 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
949 !inc || lladdr || !dev->addr_len);
951 ndisc_update(dev, neigh, lladdr, NUD_STALE,
952 NEIGH_UPDATE_F_WEAK_OVERRIDE|
953 NEIGH_UPDATE_F_OVERRIDE,
954 NDISC_NEIGHBOUR_SOLICITATION, &ndopts);
955 if (neigh || !dev->header_ops) {
956 ndisc_send_na(dev, saddr, &msg->target, !!is_router,
957 true, (ifp != NULL && inc), inc);
959 neigh_release(neigh);
969 static void ndisc_recv_na(struct sk_buff *skb)
971 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
972 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
973 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
975 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
976 offsetof(struct nd_msg, opt));
977 struct ndisc_options ndopts;
978 struct net_device *dev = skb->dev;
979 struct inet6_dev *idev = __in6_dev_get(dev);
980 struct inet6_ifaddr *ifp;
981 struct neighbour *neigh;
984 if (skb->len < sizeof(struct nd_msg)) {
985 ND_PRINTK(2, warn, "NA: packet too short\n");
989 if (ipv6_addr_is_multicast(&msg->target)) {
990 ND_PRINTK(2, warn, "NA: target address is multicast\n");
994 if (ipv6_addr_is_multicast(daddr) &&
995 msg->icmph.icmp6_solicited) {
996 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
1000 /* For some 802.11 wireless deployments (and possibly other networks),
1001 * there will be a NA proxy and unsolicitd packets are attacks
1002 * and thus should not be accepted.
1003 * drop_unsolicited_na takes precedence over accept_untracked_na
1005 if (!msg->icmph.icmp6_solicited && idev &&
1006 idev->cnf.drop_unsolicited_na)
1009 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
1010 ND_PRINTK(2, warn, "NS: invalid ND option\n");
1013 if (ndopts.nd_opts_tgt_lladdr) {
1014 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
1017 "NA: invalid link-layer address length\n");
1021 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
1023 if (skb->pkt_type != PACKET_LOOPBACK
1024 && (ifp->flags & IFA_F_TENTATIVE)) {
1025 addrconf_dad_failure(skb, ifp);
1028 /* What should we make now? The advertisement
1029 is invalid, but ndisc specs say nothing
1030 about it. It could be misconfiguration, or
1031 an smart proxy agent tries to help us :-)
1033 We should not print the error if NA has been
1034 received from loopback - it is just our own
1035 unsolicited advertisement.
1037 if (skb->pkt_type != PACKET_LOOPBACK)
1039 "NA: %pM advertised our address %pI6c on %s!\n",
1040 eth_hdr(skb)->h_source, &ifp->addr, ifp->idev->dev->name);
1045 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
1047 /* RFC 9131 updates original Neighbour Discovery RFC 4861.
1048 * NAs with Target LL Address option without a corresponding
1049 * entry in the neighbour cache can now create a STALE neighbour
1050 * cache entry on routers.
1052 * entry accept fwding solicited behaviour
1053 * ------- ------ ------ --------- ----------------------
1054 * present X X 0 Set state to STALE
1055 * present X X 1 Set state to REACHABLE
1056 * absent 0 X X Do nothing
1057 * absent 1 0 X Do nothing
1058 * absent 1 1 X Add a new STALE entry
1060 * Note that we don't do a (daddr == all-routers-mcast) check.
1062 new_state = msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE;
1063 if (!neigh && lladdr &&
1064 idev && idev->cnf.forwarding &&
1065 idev->cnf.accept_untracked_na) {
1066 neigh = neigh_create(&nd_tbl, &msg->target, dev);
1067 new_state = NUD_STALE;
1070 if (neigh && !IS_ERR(neigh)) {
1071 u8 old_flags = neigh->flags;
1072 struct net *net = dev_net(dev);
1074 if (neigh->nud_state & NUD_FAILED)
1078 * Don't update the neighbor cache entry on a proxy NA from
1079 * ourselves because either the proxied node is off link or it
1080 * has already sent a NA to us.
1082 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
1083 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
1084 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
1085 /* XXX: idev->cnf.proxy_ndp */
1089 ndisc_update(dev, neigh, lladdr,
1091 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1092 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
1093 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1094 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0),
1095 NDISC_NEIGHBOUR_ADVERTISEMENT, &ndopts);
1097 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
1099 * Change: router to host
1101 rt6_clean_tohost(dev_net(dev), saddr);
1105 neigh_release(neigh);
1109 static void ndisc_recv_rs(struct sk_buff *skb)
1111 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
1112 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
1113 struct neighbour *neigh;
1114 struct inet6_dev *idev;
1115 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
1116 struct ndisc_options ndopts;
1119 if (skb->len < sizeof(*rs_msg))
1122 idev = __in6_dev_get(skb->dev);
1124 ND_PRINTK(1, err, "RS: can't find in6 device\n");
1128 /* Don't accept RS if we're not in router mode */
1129 if (!idev->cnf.forwarding)
1133 * Don't update NCE if src = ::;
1134 * this implies that the source node has no ip address assigned yet.
1136 if (ipv6_addr_any(saddr))
1139 /* Parse ND options */
1140 if (!ndisc_parse_options(skb->dev, rs_msg->opt, ndoptlen, &ndopts)) {
1141 ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n");
1145 if (ndopts.nd_opts_src_lladdr) {
1146 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1152 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1154 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1155 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1156 NEIGH_UPDATE_F_OVERRIDE|
1157 NEIGH_UPDATE_F_OVERRIDE_ISROUTER,
1158 NDISC_ROUTER_SOLICITATION, &ndopts);
1159 neigh_release(neigh);
1165 static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1167 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1168 struct sk_buff *skb;
1169 struct nlmsghdr *nlh;
1170 struct nduseroptmsg *ndmsg;
1171 struct net *net = dev_net(ra->dev);
1173 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1174 + (opt->nd_opt_len << 3));
1175 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1177 skb = nlmsg_new(msg_size, GFP_ATOMIC);
1183 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1185 goto nla_put_failure;
1188 ndmsg = nlmsg_data(nlh);
1189 ndmsg->nduseropt_family = AF_INET6;
1190 ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1191 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1192 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1193 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1195 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1197 if (nla_put_in6_addr(skb, NDUSEROPT_SRCADDR, &ipv6_hdr(ra)->saddr))
1198 goto nla_put_failure;
1199 nlmsg_end(skb, nlh);
1201 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1208 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1211 static void ndisc_router_discovery(struct sk_buff *skb)
1213 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1214 struct neighbour *neigh = NULL;
1215 struct inet6_dev *in6_dev;
1216 struct fib6_info *rt = NULL;
1217 u32 defrtr_usr_metric;
1220 struct ndisc_options ndopts;
1222 unsigned int pref = 0;
1224 bool send_ifinfo_notify = false;
1226 __u8 *opt = (__u8 *)(ra_msg + 1);
1228 optlen = (skb_tail_pointer(skb) - skb_transport_header(skb)) -
1229 sizeof(struct ra_msg);
1232 "RA: %s, dev: %s\n",
1233 __func__, skb->dev->name);
1234 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1235 ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1239 ND_PRINTK(2, warn, "RA: packet too short\n");
1243 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1244 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1245 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
1251 * set the RA_RECV flag in the interface
1254 in6_dev = __in6_dev_get(skb->dev);
1256 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1261 if (!ndisc_parse_options(skb->dev, opt, optlen, &ndopts)) {
1262 ND_PRINTK(2, warn, "RA: invalid ND options\n");
1266 if (!ipv6_accept_ra(in6_dev)) {
1268 "RA: %s, did not accept ra for dev: %s\n",
1269 __func__, skb->dev->name);
1270 goto skip_linkparms;
1273 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1274 /* skip link-specific parameters from interior routers */
1275 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1277 "RA: %s, nodetype is NODEFAULT, dev: %s\n",
1278 __func__, skb->dev->name);
1279 goto skip_linkparms;
1283 if (in6_dev->if_flags & IF_RS_SENT) {
1285 * flag that an RA was received after an RS was sent
1286 * out on this interface.
1288 in6_dev->if_flags |= IF_RA_RCVD;
1292 * Remember the managed/otherconf flags from most recently
1293 * received RA message (RFC 2462) -- yoshfuji
1295 old_if_flags = in6_dev->if_flags;
1296 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1298 (ra_msg->icmph.icmp6_addrconf_managed ?
1299 IF_RA_MANAGED : 0) |
1300 (ra_msg->icmph.icmp6_addrconf_other ?
1301 IF_RA_OTHERCONF : 0);
1303 if (old_if_flags != in6_dev->if_flags)
1304 send_ifinfo_notify = true;
1306 if (!in6_dev->cnf.accept_ra_defrtr) {
1308 "RA: %s, defrtr is false for dev: %s\n",
1309 __func__, skb->dev->name);
1313 /* Do not accept RA with source-addr found on local machine unless
1314 * accept_ra_from_local is set to true.
1316 net = dev_net(in6_dev->dev);
1317 if (!in6_dev->cnf.accept_ra_from_local &&
1318 ipv6_chk_addr(net, &ipv6_hdr(skb)->saddr, in6_dev->dev, 0)) {
1320 "RA from local address detected on dev: %s: default router ignored\n",
1325 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1327 #ifdef CONFIG_IPV6_ROUTER_PREF
1328 pref = ra_msg->icmph.icmp6_router_pref;
1329 /* 10b is handled as if it were 00b (medium) */
1330 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1331 !in6_dev->cnf.accept_ra_rtr_pref)
1332 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1334 /* routes added from RAs do not use nexthop objects */
1335 rt = rt6_get_dflt_router(net, &ipv6_hdr(skb)->saddr, skb->dev);
1337 neigh = ip6_neigh_lookup(&rt->fib6_nh->fib_nh_gw6,
1338 rt->fib6_nh->fib_nh_dev, NULL,
1339 &ipv6_hdr(skb)->saddr);
1342 "RA: %s got default router without neighbour\n",
1344 fib6_info_release(rt);
1348 /* Set default route metric as specified by user */
1349 defrtr_usr_metric = in6_dev->cnf.ra_defrtr_metric;
1350 /* delete the route if lifetime is 0 or if metric needs change */
1351 if (rt && (lifetime == 0 || rt->fib6_metric != defrtr_usr_metric)) {
1352 ip6_del_rt(net, rt, false);
1356 ND_PRINTK(3, info, "RA: rt: %p lifetime: %d, metric: %d, for dev: %s\n",
1357 rt, lifetime, defrtr_usr_metric, skb->dev->name);
1358 if (!rt && lifetime) {
1359 ND_PRINTK(3, info, "RA: adding default router\n");
1361 rt = rt6_add_dflt_router(net, &ipv6_hdr(skb)->saddr,
1362 skb->dev, pref, defrtr_usr_metric);
1365 "RA: %s failed to add default route\n",
1370 neigh = ip6_neigh_lookup(&rt->fib6_nh->fib_nh_gw6,
1371 rt->fib6_nh->fib_nh_dev, NULL,
1372 &ipv6_hdr(skb)->saddr);
1375 "RA: %s got default router without neighbour\n",
1377 fib6_info_release(rt);
1380 neigh->flags |= NTF_ROUTER;
1381 } else if (rt && IPV6_EXTRACT_PREF(rt->fib6_flags) != pref) {
1382 struct nl_info nlinfo = {
1385 rt->fib6_flags = (rt->fib6_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1386 inet6_rt_notify(RTM_NEWROUTE, rt, &nlinfo, NLM_F_REPLACE);
1390 fib6_set_expires(rt, jiffies + (HZ * lifetime));
1391 if (in6_dev->cnf.accept_ra_min_hop_limit < 256 &&
1392 ra_msg->icmph.icmp6_hop_limit) {
1393 if (in6_dev->cnf.accept_ra_min_hop_limit <= ra_msg->icmph.icmp6_hop_limit) {
1394 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1395 fib6_metric_set(rt, RTAX_HOPLIMIT,
1396 ra_msg->icmph.icmp6_hop_limit);
1398 ND_PRINTK(2, warn, "RA: Got route advertisement with lower hop_limit than minimum\n");
1405 * Update Reachable Time and Retrans Timer
1408 if (in6_dev->nd_parms) {
1409 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1411 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1412 rtime = (rtime*HZ)/1000;
1415 NEIGH_VAR_SET(in6_dev->nd_parms, RETRANS_TIME, rtime);
1416 in6_dev->tstamp = jiffies;
1417 send_ifinfo_notify = true;
1420 rtime = ntohl(ra_msg->reachable_time);
1421 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1422 rtime = (rtime*HZ)/1000;
1427 if (rtime != NEIGH_VAR(in6_dev->nd_parms, BASE_REACHABLE_TIME)) {
1428 NEIGH_VAR_SET(in6_dev->nd_parms,
1429 BASE_REACHABLE_TIME, rtime);
1430 NEIGH_VAR_SET(in6_dev->nd_parms,
1431 GC_STALETIME, 3 * rtime);
1432 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1433 in6_dev->tstamp = jiffies;
1434 send_ifinfo_notify = true;
1446 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1450 if (ndopts.nd_opts_src_lladdr) {
1451 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1455 "RA: invalid link-layer address length\n");
1459 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1460 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1461 NEIGH_UPDATE_F_OVERRIDE|
1462 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1463 NEIGH_UPDATE_F_ISROUTER,
1464 NDISC_ROUTER_ADVERTISEMENT, &ndopts);
1467 if (!ipv6_accept_ra(in6_dev)) {
1469 "RA: %s, accept_ra is false for dev: %s\n",
1470 __func__, skb->dev->name);
1474 #ifdef CONFIG_IPV6_ROUTE_INFO
1475 if (!in6_dev->cnf.accept_ra_from_local &&
1476 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
1479 "RA from local address detected on dev: %s: router info ignored.\n",
1481 goto skip_routeinfo;
1484 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1485 struct nd_opt_hdr *p;
1486 for (p = ndopts.nd_opts_ri;
1488 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1489 struct route_info *ri = (struct route_info *)p;
1490 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1491 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1492 ri->prefix_len == 0)
1495 if (ri->prefix_len == 0 &&
1496 !in6_dev->cnf.accept_ra_defrtr)
1498 if (ri->prefix_len < in6_dev->cnf.accept_ra_rt_info_min_plen)
1500 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1502 rt6_route_rcv(skb->dev, (u8 *)p, (p->nd_opt_len) << 3,
1503 &ipv6_hdr(skb)->saddr);
1510 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1511 /* skip link-specific ndopts from interior routers */
1512 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1514 "RA: %s, nodetype is NODEFAULT (interior routes), dev: %s\n",
1515 __func__, skb->dev->name);
1520 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1521 struct nd_opt_hdr *p;
1522 for (p = ndopts.nd_opts_pi;
1524 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1525 addrconf_prefix_rcv(skb->dev, (u8 *)p,
1526 (p->nd_opt_len) << 3,
1527 ndopts.nd_opts_src_lladdr != NULL);
1531 if (ndopts.nd_opts_mtu && in6_dev->cnf.accept_ra_mtu) {
1535 memcpy(&n, ((u8 *)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1538 if (in6_dev->ra_mtu != mtu) {
1539 in6_dev->ra_mtu = mtu;
1540 send_ifinfo_notify = true;
1543 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1544 ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1545 } else if (in6_dev->cnf.mtu6 != mtu) {
1546 in6_dev->cnf.mtu6 = mtu;
1547 fib6_metric_set(rt, RTAX_MTU, mtu);
1548 rt6_mtu_change(skb->dev, mtu);
1552 if (ndopts.nd_useropts) {
1553 struct nd_opt_hdr *p;
1554 for (p = ndopts.nd_useropts;
1556 p = ndisc_next_useropt(skb->dev, p,
1557 ndopts.nd_useropts_end)) {
1558 ndisc_ra_useropt(skb, p);
1562 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1563 ND_PRINTK(2, warn, "RA: invalid RA options\n");
1566 /* Send a notify if RA changed managed/otherconf flags or
1567 * timer settings or ra_mtu value
1569 if (send_ifinfo_notify)
1570 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1572 fib6_info_release(rt);
1574 neigh_release(neigh);
1577 static void ndisc_redirect_rcv(struct sk_buff *skb)
1580 struct ndisc_options ndopts;
1581 struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb);
1582 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
1583 offsetof(struct rd_msg, opt));
1585 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1586 switch (skb->ndisc_nodetype) {
1587 case NDISC_NODETYPE_HOST:
1588 case NDISC_NODETYPE_NODEFAULT:
1590 "Redirect: from host or unauthorized router\n");
1595 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1597 "Redirect: source address is not link-local\n");
1601 if (!ndisc_parse_options(skb->dev, msg->opt, ndoptlen, &ndopts))
1604 if (!ndopts.nd_opts_rh) {
1605 ip6_redirect_no_header(skb, dev_net(skb->dev),
1610 hdr = (u8 *)ndopts.nd_opts_rh;
1612 if (!pskb_pull(skb, hdr - skb_transport_header(skb)))
1615 icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1618 static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb,
1619 struct sk_buff *orig_skb,
1622 u8 *opt = skb_put(skb, rd_len);
1625 *(opt++) = ND_OPT_REDIRECT_HDR;
1626 *(opt++) = (rd_len >> 3);
1629 skb_copy_bits(orig_skb, skb_network_offset(orig_skb), opt,
1633 void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1635 struct net_device *dev = skb->dev;
1636 struct net *net = dev_net(dev);
1637 struct sock *sk = net->ipv6.ndisc_sk;
1639 struct inet_peer *peer;
1640 struct sk_buff *buff;
1642 struct in6_addr saddr_buf;
1643 struct rt6_info *rt;
1644 struct dst_entry *dst;
1647 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL,
1648 ops_data_buf[NDISC_OPS_REDIRECT_DATA_SPACE], *ops_data = NULL;
1651 if (netif_is_l3_master(skb->dev)) {
1652 dev = __dev_get_by_index(dev_net(skb->dev), IPCB(skb)->iif);
1657 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1658 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1663 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1664 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1666 "Redirect: target address is not link-local unicast\n");
1670 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1671 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1673 dst = ip6_route_output(net, NULL, &fl6);
1678 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1682 rt = (struct rt6_info *) dst;
1684 if (rt->rt6i_flags & RTF_GATEWAY) {
1686 "Redirect: destination is not a neighbour\n");
1689 peer = inet_getpeer_v6(net->ipv6.peers, &ipv6_hdr(skb)->saddr, 1);
1690 ret = inet_peer_xrlim_allow(peer, 1*HZ);
1696 if (dev->addr_len) {
1697 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1700 "Redirect: no neigh for target address\n");
1704 read_lock_bh(&neigh->lock);
1705 if (neigh->nud_state & NUD_VALID) {
1706 memcpy(ha_buf, neigh->ha, dev->addr_len);
1707 read_unlock_bh(&neigh->lock);
1709 optlen += ndisc_redirect_opt_addr_space(dev, neigh,
1713 read_unlock_bh(&neigh->lock);
1715 neigh_release(neigh);
1718 rd_len = min_t(unsigned int,
1719 IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen,
1724 buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
1728 msg = skb_put(buff, sizeof(*msg));
1729 *msg = (struct rd_msg) {
1731 .icmp6_type = NDISC_REDIRECT,
1734 .dest = ipv6_hdr(skb)->daddr,
1738 * include target_address option
1742 ndisc_fill_redirect_addr_option(buff, ha, ops_data);
1745 * build redirect option and copy skb over to the new packet.
1749 ndisc_fill_redirect_hdr_option(buff, skb, rd_len);
1751 skb_dst_set(buff, dst);
1752 ndisc_send_skb(buff, &ipv6_hdr(skb)->saddr, &saddr_buf);
1759 static void pndisc_redo(struct sk_buff *skb)
1765 static int ndisc_is_multicast(const void *pkey)
1767 return ipv6_addr_is_multicast((struct in6_addr *)pkey);
1770 static bool ndisc_suppress_frag_ndisc(struct sk_buff *skb)
1772 struct inet6_dev *idev = __in6_dev_get(skb->dev);
1776 if (IP6CB(skb)->flags & IP6SKB_FRAGMENTED &&
1777 idev->cnf.suppress_frag_ndisc) {
1778 net_warn_ratelimited("Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.\n");
1784 int ndisc_rcv(struct sk_buff *skb)
1788 if (ndisc_suppress_frag_ndisc(skb))
1791 if (skb_linearize(skb))
1794 msg = (struct nd_msg *)skb_transport_header(skb);
1796 __skb_push(skb, skb->data - skb_transport_header(skb));
1798 if (ipv6_hdr(skb)->hop_limit != 255) {
1799 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1800 ipv6_hdr(skb)->hop_limit);
1804 if (msg->icmph.icmp6_code != 0) {
1805 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1806 msg->icmph.icmp6_code);
1810 switch (msg->icmph.icmp6_type) {
1811 case NDISC_NEIGHBOUR_SOLICITATION:
1812 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1816 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1820 case NDISC_ROUTER_SOLICITATION:
1824 case NDISC_ROUTER_ADVERTISEMENT:
1825 ndisc_router_discovery(skb);
1828 case NDISC_REDIRECT:
1829 ndisc_redirect_rcv(skb);
1836 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1838 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1839 struct netdev_notifier_change_info *change_info;
1840 struct net *net = dev_net(dev);
1841 struct inet6_dev *idev;
1842 bool evict_nocarrier;
1845 case NETDEV_CHANGEADDR:
1846 neigh_changeaddr(&nd_tbl, dev);
1847 fib6_run_gc(0, net, false);
1850 idev = in6_dev_get(dev);
1853 if (idev->cnf.ndisc_notify ||
1854 net->ipv6.devconf_all->ndisc_notify)
1855 ndisc_send_unsol_na(dev);
1859 idev = in6_dev_get(dev);
1861 evict_nocarrier = true;
1863 evict_nocarrier = idev->cnf.ndisc_evict_nocarrier &&
1864 net->ipv6.devconf_all->ndisc_evict_nocarrier;
1869 if (change_info->flags_changed & IFF_NOARP)
1870 neigh_changeaddr(&nd_tbl, dev);
1871 if (evict_nocarrier && !netif_carrier_ok(dev))
1872 neigh_carrier_down(&nd_tbl, dev);
1875 neigh_ifdown(&nd_tbl, dev);
1876 fib6_run_gc(0, net, false);
1878 case NETDEV_NOTIFY_PEERS:
1879 ndisc_send_unsol_na(dev);
1888 static struct notifier_block ndisc_netdev_notifier = {
1889 .notifier_call = ndisc_netdev_event,
1890 .priority = ADDRCONF_NOTIFY_PRIORITY - 5,
1893 #ifdef CONFIG_SYSCTL
1894 static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1895 const char *func, const char *dev_name)
1897 static char warncomm[TASK_COMM_LEN];
1899 if (strcmp(warncomm, current->comm) && warned < 5) {
1900 strcpy(warncomm, current->comm);
1901 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1903 dev_name, ctl->procname,
1904 dev_name, ctl->procname);
1909 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void *buffer,
1910 size_t *lenp, loff_t *ppos)
1912 struct net_device *dev = ctl->extra1;
1913 struct inet6_dev *idev;
1916 if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1917 (strcmp(ctl->procname, "base_reachable_time") == 0))
1918 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1920 if (strcmp(ctl->procname, "retrans_time") == 0)
1921 ret = neigh_proc_dointvec(ctl, write, buffer, lenp, ppos);
1923 else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1924 ret = neigh_proc_dointvec_jiffies(ctl, write,
1925 buffer, lenp, ppos);
1927 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1928 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1929 ret = neigh_proc_dointvec_ms_jiffies(ctl, write,
1930 buffer, lenp, ppos);
1934 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1935 if (ctl->data == &NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME))
1936 idev->nd_parms->reachable_time =
1937 neigh_rand_reach_time(NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME));
1938 idev->tstamp = jiffies;
1939 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1948 static int __net_init ndisc_net_init(struct net *net)
1950 struct ipv6_pinfo *np;
1954 err = inet_ctl_sock_create(&sk, PF_INET6,
1955 SOCK_RAW, IPPROTO_ICMPV6, net);
1958 "NDISC: Failed to initialize the control socket (err %d)\n",
1963 net->ipv6.ndisc_sk = sk;
1966 np->hop_limit = 255;
1967 /* Do not loopback ndisc messages */
1973 static void __net_exit ndisc_net_exit(struct net *net)
1975 inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1978 static struct pernet_operations ndisc_net_ops = {
1979 .init = ndisc_net_init,
1980 .exit = ndisc_net_exit,
1983 int __init ndisc_init(void)
1987 err = register_pernet_subsys(&ndisc_net_ops);
1991 * Initialize the neighbour table
1993 neigh_table_init(NEIGH_ND_TABLE, &nd_tbl);
1995 #ifdef CONFIG_SYSCTL
1996 err = neigh_sysctl_register(NULL, &nd_tbl.parms,
1997 ndisc_ifinfo_sysctl_change);
1999 goto out_unregister_pernet;
2004 #ifdef CONFIG_SYSCTL
2005 out_unregister_pernet:
2006 unregister_pernet_subsys(&ndisc_net_ops);
2011 int __init ndisc_late_init(void)
2013 return register_netdevice_notifier(&ndisc_netdev_notifier);
2016 void ndisc_late_cleanup(void)
2018 unregister_netdevice_notifier(&ndisc_netdev_notifier);
2021 void ndisc_cleanup(void)
2023 #ifdef CONFIG_SYSCTL
2024 neigh_sysctl_unregister(&nd_tbl.parms);
2026 neigh_table_clear(NEIGH_ND_TABLE, &nd_tbl);
2027 unregister_pernet_subsys(&ndisc_net_ops);
projects / releases.git / blob