1/* 2 * Neighbour Discovery for IPv6 3 * Linux INET6 implementation 4 * 5 * Authors: 6 * Pedro Roque <roque@di.fc.ul.pt> 7 * Mike Shaver <shaver@ingenia.com> 8 * 9 * This program is free software; you can redistribute it and/or 10 * modify it under the terms of the GNU General Public License 11 * as published by the Free Software Foundation; either version 12 * 2 of the License, or (at your option) any later version. 13 */ 14 15/* 16 * Changes: 17 * 18 * Lars Fenneberg : fixed MTU setting on receipt 19 * of an RA. 20 * 21 * Janos Farkas : kmalloc failure checks 22 * Alexey Kuznetsov : state machine reworked 23 * and moved to net/core. 24 * Pekka Savola : RFC2461 validation 25 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly 26 */ 27 28/* Set to 3 to get tracing... */ 29#define ND_DEBUG 1 30 31#define ND_PRINTK(x...) printk(KERN_DEBUG x) 32#define ND_NOPRINTK(x...) do { ; } while(0) 33#define ND_PRINTK0 ND_PRINTK 34#define ND_PRINTK1 ND_NOPRINTK 35#define ND_PRINTK2 ND_NOPRINTK 36#if ND_DEBUG >= 1 37#undef ND_PRINTK1 38#define ND_PRINTK1 ND_PRINTK 39#endif 40#if ND_DEBUG >= 2 41#undef ND_PRINTK2 42#define ND_PRINTK2 ND_PRINTK 43#endif 44 45#define __NO_VERSION__ 46#include <linux/module.h> 47#include <linux/config.h> 48#include <linux/errno.h> 49#include <linux/types.h> 50#include <linux/socket.h> 51#include <linux/sockios.h> 52#include <linux/sched.h> 53#include <linux/net.h> 54#include <linux/in6.h> 55#include <linux/route.h> 56#include <linux/init.h> 57#ifdef CONFIG_SYSCTL 58#include <linux/sysctl.h> 59#endif 60 61#include <linux/if_arp.h> 62#include <linux/ipv6.h> 63#include <linux/icmpv6.h> 64 65#include <net/sock.h> 66#include <net/snmp.h> 67 68#include <net/ipv6.h> 69#include <net/protocol.h> 70#include <net/ndisc.h> 71#include <net/ip6_route.h> 72#include <net/addrconf.h> 73#include <net/icmp.h> 74 75#include <net/checksum.h> 76#include <linux/proc_fs.h> 77 78static struct socket *ndisc_socket; 79 80static u32 ndisc_hash(const void *pkey, const struct net_device *dev); 81static int ndisc_constructor(struct neighbour *neigh); 82static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb); 83static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb); 84static int pndisc_constructor(struct pneigh_entry *n); 85static void pndisc_destructor(struct pneigh_entry *n); 86static void pndisc_redo(struct sk_buff *skb); 87 88static struct neigh_ops ndisc_generic_ops = 89{ 90 AF_INET6, 91 NULL, 92 ndisc_solicit, 93 ndisc_error_report, 94 neigh_resolve_output, 95 neigh_connected_output, 96 dev_queue_xmit, 97 dev_queue_xmit 98}; 99 100static struct neigh_ops ndisc_hh_ops = 101{ 102 AF_INET6, 103 NULL, 104 ndisc_solicit, 105 ndisc_error_report, 106 neigh_resolve_output, 107 neigh_resolve_output, 108 dev_queue_xmit, 109 dev_queue_xmit 110}; 111 112 113static struct neigh_ops ndisc_direct_ops = 114{ 115 AF_INET6, 116 NULL, 117 NULL, 118 NULL, 119 dev_queue_xmit, 120 dev_queue_xmit, 121 dev_queue_xmit, 122 dev_queue_xmit 123}; 124 125struct neigh_table nd_tbl = 126{ 127 NULL, 128 AF_INET6, 129 sizeof(struct neighbour) + sizeof(struct in6_addr), 130 sizeof(struct in6_addr), 131 ndisc_hash, 132 ndisc_constructor, 133 pndisc_constructor, 134 pndisc_destructor, 135 pndisc_redo, 136 "ndisc_cache", 137 { NULL, NULL, &nd_tbl, 0, NULL, NULL, 138 30*HZ, 1*HZ, 60*HZ, 30*HZ, 5*HZ, 3, 3, 0, 3, 1*HZ, (8*HZ)/10, 64, 0 }, 139 30*HZ, 128, 512, 1024, 140}; 141 142#define NDISC_OPT_SPACE(len) (((len)+2+7)&~7) 143 144static u8 *ndisc_fill_option(u8 *opt, int type, void *data, int data_len) 145{ 146 int space = NDISC_OPT_SPACE(data_len); 147 148 opt[0] = type; 149 opt[1] = space>>3; 150 memcpy(opt+2, data, data_len); 151 data_len += 2; 152 opt += data_len; 153 if ((space -= data_len) > 0) 154 memset(opt, 0, space); 155 return opt + space; 156} 157 158struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur, 159 struct nd_opt_hdr *end) 160{ 161 int type; 162 if (!cur || !end || cur >= end) 163 return NULL; 164 type = cur->nd_opt_type; 165 do { 166 cur = ((void *)cur) + (cur->nd_opt_len << 3); 167 } while(cur < end && cur->nd_opt_type != type); 168 return (cur <= end && cur->nd_opt_type == type ? cur : NULL); 169} 170 171struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len, 172 struct ndisc_options *ndopts) 173{ 174 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt; 175 176 if (!nd_opt || opt_len < 0 || !ndopts) 177 return NULL; 178 memset(ndopts, 0, sizeof(*ndopts)); 179 while (opt_len) { 180 int l; 181 if (opt_len < sizeof(struct nd_opt_hdr)) 182 return NULL; 183 l = nd_opt->nd_opt_len << 3; 184 if (opt_len < l || l == 0) 185 return NULL; 186 switch (nd_opt->nd_opt_type) { 187 case ND_OPT_SOURCE_LL_ADDR: 188 case ND_OPT_TARGET_LL_ADDR: 189 case ND_OPT_MTU: 190 case ND_OPT_REDIRECT_HDR: 191 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) { 192 ND_PRINTK2((KERN_WARNING 193 "ndisc_parse_options(): duplicated ND6 option found: type=%d\n", 194 nd_opt->nd_opt_type)); 195 } else { 196 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 197 } 198 break; 199 case ND_OPT_PREFIX_INFO: 200 ndopts->nd_opts_pi_end = nd_opt; 201 if (ndopts->nd_opt_array[nd_opt->nd_opt_type] == 0) 202 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt; 203 break; 204 default: 205 /* 206 * Unknown options must be silently ignored, 207 * to accomodate future extension to the protocol. 208 */ 209 ND_PRINTK2(KERN_WARNING 210 "ndisc_parse_options(): ignored unsupported option; type=%d, len=%d\n", 211 nd_opt->nd_opt_type, nd_opt->nd_opt_len); 212 } 213 opt_len -= l; 214 nd_opt = ((void *)nd_opt) + l; 215 } 216 return ndopts; 217} 218 219int ndisc_mc_map(struct in6_addr *addr, char *buf, struct net_device *dev, int dir) 220{ 221 switch (dev->type) { 222 case ARPHRD_ETHER: 223 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */ 224 case ARPHRD_FDDI: 225 ipv6_eth_mc_map(addr, buf); 226 return 0; 227 case ARPHRD_IEEE802_TR: 228 ipv6_tr_mc_map(addr,buf); 229 return 0; 230 default: 231 if (dir) { 232 memcpy(buf, dev->broadcast, dev->addr_len); 233 return 0; 234 } 235 } 236 return -EINVAL; 237} 238 239static u32 ndisc_hash(const void *pkey, const struct net_device *dev) 240{ 241 u32 hash_val; 242 243 hash_val = *(u32*)(pkey + sizeof(struct in6_addr) - 4); 244 hash_val ^= (hash_val>>16); 245 hash_val ^= hash_val>>8; 246 hash_val ^= hash_val>>3; 247 hash_val = (hash_val^dev->ifindex)&NEIGH_HASHMASK; 248 249 return hash_val; 250} 251 252static int ndisc_constructor(struct neighbour *neigh) 253{ 254 struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key; 255 struct net_device *dev = neigh->dev; 256 struct inet6_dev *in6_dev = in6_dev_get(dev); 257 int addr_type; 258 259 if (in6_dev == NULL) 260 return -EINVAL; 261 262 addr_type = ipv6_addr_type(addr); 263 if (in6_dev->nd_parms) 264 neigh->parms = in6_dev->nd_parms; 265 266 if (addr_type&IPV6_ADDR_MULTICAST) 267 neigh->type = RTN_MULTICAST; 268 else 269 neigh->type = RTN_UNICAST; 270 if (dev->hard_header == NULL) { 271 neigh->nud_state = NUD_NOARP; 272 neigh->ops = &ndisc_direct_ops; 273 neigh->output = neigh->ops->queue_xmit; 274 } else { 275 if (addr_type&IPV6_ADDR_MULTICAST) { 276 neigh->nud_state = NUD_NOARP; 277 ndisc_mc_map(addr, neigh->ha, dev, 1); 278 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) { 279 neigh->nud_state = NUD_NOARP; 280 memcpy(neigh->ha, dev->dev_addr, dev->addr_len); 281 if (dev->flags&IFF_LOOPBACK) 282 neigh->type = RTN_LOCAL; 283 } else if (dev->flags&IFF_POINTOPOINT) { 284 neigh->nud_state = NUD_NOARP; 285 memcpy(neigh->ha, dev->broadcast, dev->addr_len); 286 } 287 if (dev->hard_header_cache) 288 neigh->ops = &ndisc_hh_ops; 289 else 290 neigh->ops = &ndisc_generic_ops; 291 if (neigh->nud_state&NUD_VALID) 292 neigh->output = neigh->ops->connected_output; 293 else 294 neigh->output = neigh->ops->output; 295 } 296 in6_dev_put(in6_dev); 297 return 0; 298} 299 300static int pndisc_constructor(struct pneigh_entry *n) 301{ 302 struct in6_addr *addr = (struct in6_addr*)&n->key; 303 struct in6_addr maddr; 304 struct net_device *dev = n->dev; 305 306 if (dev == NULL || __in6_dev_get(dev) == NULL) 307 return -EINVAL; 308 addrconf_addr_solict_mult(addr, &maddr); 309 ipv6_dev_mc_inc(dev, &maddr); 310 return 0; 311} 312 313static void pndisc_destructor(struct pneigh_entry *n) 314{ 315 struct in6_addr *addr = (struct in6_addr*)&n->key; 316 struct in6_addr maddr; 317 struct net_device *dev = n->dev; 318 319 if (dev == NULL || __in6_dev_get(dev) == NULL) 320 return; 321 addrconf_addr_solict_mult(addr, &maddr); 322 ipv6_dev_mc_dec(dev, &maddr); 323} 324 325 326 327static int 328ndisc_build_ll_hdr(struct sk_buff *skb, struct net_device *dev, 329 struct in6_addr *daddr, struct neighbour *neigh, int len) 330{ 331 unsigned char ha[MAX_ADDR_LEN]; 332 unsigned char *h_dest = NULL; 333 334 skb_reserve(skb, (dev->hard_header_len + 15) & ~15); 335 336 if (dev->hard_header) { 337 if (ipv6_addr_type(daddr) & IPV6_ADDR_MULTICAST) { 338 ndisc_mc_map(daddr, ha, dev, 1); 339 h_dest = ha; 340 } else if (neigh) { 341 read_lock_bh(&neigh->lock); 342 if (neigh->nud_state&NUD_VALID) { 343 memcpy(ha, neigh->ha, dev->addr_len); 344 h_dest = ha; 345 } 346 read_unlock_bh(&neigh->lock); 347 } else { 348 neigh = neigh_lookup(&nd_tbl, daddr, dev); 349 if (neigh) { 350 read_lock_bh(&neigh->lock); 351 if (neigh->nud_state&NUD_VALID) { 352 memcpy(ha, neigh->ha, dev->addr_len); 353 h_dest = ha; 354 } 355 read_unlock_bh(&neigh->lock); 356 neigh_release(neigh); 357 } 358 } 359 360 if (dev->hard_header(skb, dev, ETH_P_IPV6, h_dest, NULL, len) < 0) 361 return 0; 362 } 363 364 return 1; 365} 366 367 368/* 369 * Send a Neighbour Advertisement 370 */ 371 372void ndisc_send_na(struct net_device *dev, struct neighbour *neigh, 373 struct in6_addr *daddr, struct in6_addr *solicited_addr, 374 int router, int solicited, int override, int inc_opt) 375{ 376 struct sock *sk = ndisc_socket->sk; 377 struct nd_msg *msg; 378 int len; 379 struct sk_buff *skb; 380 int err; 381 382 len = sizeof(struct icmp6hdr) + sizeof(struct in6_addr); 383 384 if (inc_opt) { 385 if (dev->addr_len) 386 len += NDISC_OPT_SPACE(dev->addr_len); 387 else 388 inc_opt = 0; 389 } 390 391 skb = sock_alloc_send_skb(sk, MAX_HEADER + len + dev->hard_header_len + 15, 392 0, &err); 393 394 if (skb == NULL) { 395 ND_PRINTK1("send_na: alloc skb failed\n"); 396 return; 397 } 398 399 if (ndisc_build_ll_hdr(skb, dev, daddr, neigh, len) == 0) { 400 kfree_skb(skb); 401 return; 402 } 403 404 ip6_nd_hdr(sk, skb, dev, solicited_addr, daddr, IPPROTO_ICMPV6, len); 405 406 msg = (struct nd_msg *) skb_put(skb, len); 407 408 msg->icmph.icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT; 409 msg->icmph.icmp6_code = 0; 410 msg->icmph.icmp6_cksum = 0; 411 412 msg->icmph.icmp6_unused = 0; 413 msg->icmph.icmp6_router = router; 414 msg->icmph.icmp6_solicited = solicited; 415 msg->icmph.icmp6_override = !!override; 416 417 /* Set the target address. */ 418 ipv6_addr_copy(&msg->target, solicited_addr); 419 420 if (inc_opt) 421 ndisc_fill_option(msg->opt, ND_OPT_TARGET_LL_ADDR, dev->dev_addr, dev->addr_len); 422 423 /* checksum */ 424 msg->icmph.icmp6_cksum = csum_ipv6_magic(solicited_addr, daddr, len, 425 IPPROTO_ICMPV6, 426 csum_partial((__u8 *) msg, 427 len, 0)); 428 429 dev_queue_xmit(skb); 430 431 ICMP6_INC_STATS(Icmp6OutNeighborAdvertisements); 432 ICMP6_INC_STATS(Icmp6OutMsgs); 433} 434 435void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh, 436 struct in6_addr *solicit, 437 struct in6_addr *daddr, struct in6_addr *saddr) 438{ 439 struct sock *sk = ndisc_socket->sk; 440 struct sk_buff *skb; 441 struct nd_msg *msg; 442 struct in6_addr addr_buf; 443 int len; 444 int err; 445 int send_llinfo; 446 447 if (saddr == NULL) { 448 if (ipv6_get_lladdr(dev, &addr_buf)) 449 return; 450 saddr = &addr_buf; 451 } 452 453 len = sizeof(struct icmp6hdr) + sizeof(struct in6_addr); 454 send_llinfo = dev->addr_len && ipv6_addr_type(saddr) != IPV6_ADDR_ANY; 455 if (send_llinfo) 456 len += NDISC_OPT_SPACE(dev->addr_len); 457 458 skb = sock_alloc_send_skb(sk, MAX_HEADER + len + dev->hard_header_len + 15, 459 0, &err); 460 if (skb == NULL) { 461 ND_PRINTK1("send_ns: alloc skb failed\n"); 462 return; 463 } 464 465 if (ndisc_build_ll_hdr(skb, dev, daddr, neigh, len) == 0) { 466 kfree_skb(skb); 467 return; 468 } 469 470 ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len); 471 472 msg = (struct nd_msg *)skb_put(skb, len); 473 msg->icmph.icmp6_type = NDISC_NEIGHBOUR_SOLICITATION; 474 msg->icmph.icmp6_code = 0; 475 msg->icmph.icmp6_cksum = 0; 476 msg->icmph.icmp6_unused = 0; 477 478 /* Set the target address. */ 479 ipv6_addr_copy(&msg->target, solicit); 480 481 if (send_llinfo) 482 ndisc_fill_option(msg->opt, ND_OPT_SOURCE_LL_ADDR, dev->dev_addr, dev->addr_len); 483 484 /* checksum */ 485 msg->icmph.icmp6_cksum = csum_ipv6_magic(&skb->nh.ipv6h->saddr, 486 daddr, len, 487 IPPROTO_ICMPV6, 488 csum_partial((__u8 *) msg, 489 len, 0)); 490 /* send it! */ 491 dev_queue_xmit(skb); 492 493 ICMP6_INC_STATS(Icmp6OutNeighborSolicits); 494 ICMP6_INC_STATS(Icmp6OutMsgs); 495} 496 497void ndisc_send_rs(struct net_device *dev, struct in6_addr *saddr, 498 struct in6_addr *daddr) 499{ 500 struct sock *sk = ndisc_socket->sk; 501 struct sk_buff *skb; 502 struct icmp6hdr *hdr; 503 __u8 * opt; 504 int len; 505 int err; 506 507 len = sizeof(struct icmp6hdr); 508 if (dev->addr_len) 509 len += NDISC_OPT_SPACE(dev->addr_len); 510 511 skb = sock_alloc_send_skb(sk, MAX_HEADER + len + dev->hard_header_len + 15, 512 0, &err); 513 if (skb == NULL) { 514 ND_PRINTK1("send_ns: alloc skb failed\n"); 515 return; 516 } 517 518 if (ndisc_build_ll_hdr(skb, dev, daddr, NULL, len) == 0) { 519 kfree_skb(skb); 520 return; 521 } 522 523 ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len); 524 525 hdr = (struct icmp6hdr *) skb_put(skb, len); 526 hdr->icmp6_type = NDISC_ROUTER_SOLICITATION; 527 hdr->icmp6_code = 0; 528 hdr->icmp6_cksum = 0; 529 hdr->icmp6_unused = 0; 530 531 opt = (u8*) (hdr + 1); 532 533 if (dev->addr_len) 534 ndisc_fill_option(opt, ND_OPT_SOURCE_LL_ADDR, dev->dev_addr, dev->addr_len); 535 536 /* checksum */ 537 hdr->icmp6_cksum = csum_ipv6_magic(&skb->nh.ipv6h->saddr, daddr, len, 538 IPPROTO_ICMPV6, 539 csum_partial((__u8 *) hdr, len, 0)); 540 541 /* send it! */ 542 dev_queue_xmit(skb); 543 544 ICMP6_INC_STATS(Icmp6OutRouterSolicits); 545 ICMP6_INC_STATS(Icmp6OutMsgs); 546} 547 548 549static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb) 550{ 551 /* 552 * "The sender MUST return an ICMP 553 * destination unreachable" 554 */ 555 dst_link_failure(skb); 556 kfree_skb(skb); 557} 558 559/* Called with locked neigh: either read or both */ 560 561static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb) 562{ 563 struct in6_addr *saddr = NULL; 564 struct in6_addr mcaddr; 565 struct net_device *dev = neigh->dev; 566 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key; 567 int probes = atomic_read(&neigh->probes); 568 569 if (skb && ipv6_chk_addr(&skb->nh.ipv6h->saddr, dev)) 570 saddr = &skb->nh.ipv6h->saddr; 571 572 if ((probes -= neigh->parms->ucast_probes) < 0) { 573 if (!(neigh->nud_state&NUD_VALID)) 574 ND_PRINTK1("trying to ucast probe in NUD_INVALID\n"); 575 ndisc_send_ns(dev, neigh, target, target, saddr); 576 } else if ((probes -= neigh->parms->app_probes) < 0) { 577#ifdef CONFIG_ARPD 578 neigh_app_ns(neigh); 579#endif 580 } else { 581 addrconf_addr_solict_mult(target, &mcaddr); 582 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr); 583 } 584} 585 586static void ndisc_router_discovery(struct sk_buff *skb) 587{ 588 struct ra_msg *ra_msg = (struct ra_msg *) skb->h.raw; 589 struct neighbour *neigh; 590 struct inet6_dev *in6_dev; 591 struct rt6_info *rt; 592 int lifetime; 593 struct ndisc_options ndopts; 594 int optlen; 595 596 __u8 * opt = (__u8 *)(ra_msg + 1); 597 598 optlen = (skb->tail - skb->h.raw) - sizeof(struct ra_msg); 599 600 if (!(ipv6_addr_type(&skb->nh.ipv6h->saddr) & IPV6_ADDR_LINKLOCAL)) { 601 if (net_ratelimit()) 602 printk(KERN_WARNING "ICMP RA: source address is not linklocal\n"); 603 return; 604 } 605 if (optlen < 0) { 606 if (net_ratelimit()) 607 printk(KERN_WARNING "ICMP RA: packet too short\n"); 608 return; 609 } 610 611 /* 612 * set the RA_RECV flag in the interface 613 */ 614 615 in6_dev = in6_dev_get(skb->dev); 616 if (in6_dev == NULL) { 617 ND_PRINTK1("RA: can't find in6 device\n"); 618 return; 619 } 620 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_ra) { 621 in6_dev_put(in6_dev); 622 return; 623 } 624 625 if (!ndisc_parse_options(opt, optlen, &ndopts)) { 626 if (net_ratelimit()) 627 ND_PRINTK2(KERN_WARNING 628 "ICMP6 RA: invalid ND option, ignored.\n"); 629 return; 630 } 631 632 if (in6_dev->if_flags & IF_RS_SENT) { 633 /* 634 * flag that an RA was received after an RS was sent 635 * out on this interface. 636 */ 637 in6_dev->if_flags |= IF_RA_RCVD; 638 } 639 640 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime); 641 642 rt = rt6_get_dflt_router(&skb->nh.ipv6h->saddr, skb->dev); 643 644 if (rt && lifetime == 0) { 645 ip6_del_rt(rt); 646 rt = NULL; 647 } 648 649 if (rt == NULL && lifetime) { 650 ND_PRINTK2("ndisc_rdisc: adding default router\n"); 651 652 rt = rt6_add_dflt_router(&skb->nh.ipv6h->saddr, skb->dev); 653 if (rt == NULL) { 654 ND_PRINTK1("route_add failed\n"); 655 in6_dev_put(in6_dev); 656 return; 657 } 658 659 neigh = rt->rt6i_nexthop; 660 if (neigh == NULL) { 661 ND_PRINTK1("nd: add default router: null neighbour\n"); 662 dst_release(&rt->u.dst); 663 in6_dev_put(in6_dev); 664 return; 665 } 666 neigh->flags |= NTF_ROUTER; 667 668 /* 669 * If we where using an "all destinations on link" route 670 * delete it 671 */ 672 673 rt6_purge_dflt_routers(RTF_ALLONLINK); 674 } 675 676 if (rt) 677 rt->rt6i_expires = jiffies + (HZ * lifetime); 678 679 if (ra_msg->icmph.icmp6_hop_limit) 680 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit; 681 682 /* 683 * Update Reachable Time and Retrans Timer 684 */ 685 686 if (in6_dev->nd_parms) { 687 __u32 rtime = ntohl(ra_msg->retrans_timer); 688 689 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) { 690 rtime = (rtime*HZ)/1000; 691 if (rtime < HZ/10) 692 rtime = HZ/10; 693 in6_dev->nd_parms->retrans_time = rtime; 694 } 695 696 rtime = ntohl(ra_msg->reachable_time); 697 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) { 698 rtime = (rtime*HZ)/1000; 699 700 if (rtime < HZ/10) 701 rtime = HZ/10; 702 703 if (rtime != in6_dev->nd_parms->base_reachable_time) { 704 in6_dev->nd_parms->base_reachable_time = rtime; 705 in6_dev->nd_parms->gc_staletime = 3 * rtime; 706 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime); 707 } 708 } 709 } 710 711 /* 712 * Process options. 713 */ 714 715 if (rt && (neigh = rt->rt6i_nexthop) != NULL) { 716 u8 *lladdr = NULL; 717 int lladdrlen; 718 if (ndopts.nd_opts_src_lladdr) { 719 lladdr = (u8*)((ndopts.nd_opts_src_lladdr)+1); 720 lladdrlen = ndopts.nd_opts_src_lladdr->nd_opt_len << 3; 721 if (lladdrlen != NDISC_OPT_SPACE(skb->dev->addr_len)) { 722 if (net_ratelimit()) 723 ND_PRINTK2(KERN_WARNING 724 "ICMP6 RA: Invalid lladdr length.\n"); 725 goto out; 726 } 727 } 728 neigh_update(neigh, lladdr, NUD_STALE, 1, 1); 729 } 730 731 if (ndopts.nd_opts_pi) { 732 struct nd_opt_hdr *p; 733 for (p = ndopts.nd_opts_pi; 734 p; 735 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) { 736 addrconf_prefix_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3); 737 } 738 } 739 740 if (ndopts.nd_opts_mtu) { 741 u32 mtu; 742 743 memcpy(&mtu, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu)); 744 mtu = ntohl(mtu); 745 746 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) { 747 if (net_ratelimit()) { 748 ND_PRINTK0("NDISC: router announcement with mtu = %d\n", 749 mtu); 750 } 751 } 752 753 if (in6_dev->cnf.mtu6 != mtu) { 754 in6_dev->cnf.mtu6 = mtu; 755 756 if (rt) 757 rt->u.dst.pmtu = mtu; 758 759 rt6_mtu_change(skb->dev, mtu); 760 } 761 } 762 763 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) { 764 if (net_ratelimit()) 765 ND_PRINTK0(KERN_WARNING 766 "ICMP6 RA: got illegal option with RA"); 767 } 768out: 769 if (rt) 770 dst_release(&rt->u.dst); 771 in6_dev_put(in6_dev); 772} 773 774static void ndisc_redirect_rcv(struct sk_buff *skb) 775{ 776 struct inet6_dev *in6_dev; 777 struct icmp6hdr *icmph; 778 struct in6_addr *dest; 779 struct in6_addr *target; /* new first hop to destination */ 780 struct neighbour *neigh; 781 int on_link = 0; 782 struct ndisc_options ndopts; 783 int optlen; 784 u8 *lladdr = NULL; 785 int lladdrlen; 786 787 if (!(ipv6_addr_type(&skb->nh.ipv6h->saddr) & IPV6_ADDR_LINKLOCAL)) { 788 if (net_ratelimit()) 789 printk(KERN_WARNING "ICMP redirect: source address is not linklocal\n"); 790 return; 791 } 792 793 optlen = skb->tail - skb->h.raw; 794 optlen -= sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr); 795 796 if (optlen < 0) { 797 if (net_ratelimit()) 798 printk(KERN_WARNING "ICMP redirect: packet too small\n"); 799 return; 800 } 801 802 icmph = (struct icmp6hdr *) skb->h.raw; 803 target = (struct in6_addr *) (icmph + 1); 804 dest = target + 1; 805 806 if (ipv6_addr_type(dest) & IPV6_ADDR_MULTICAST) { 807 if (net_ratelimit()) 808 printk(KERN_WARNING "ICMP redirect for multicast addr\n"); 809 return; 810 } 811 812 if (ipv6_addr_cmp(dest, target) == 0) { 813 on_link = 1; 814 } else if (!(ipv6_addr_type(target) & IPV6_ADDR_LINKLOCAL)) { 815 if (net_ratelimit()) 816 printk(KERN_WARNING "ICMP redirect: target address is not linklocal\n"); 817 return; 818 } 819 820 in6_dev = in6_dev_get(skb->dev); 821 if (!in6_dev) 822 return; 823 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects) { 824 in6_dev_put(in6_dev); 825 return; 826 } 827 828 829 if (!ndisc_parse_options((u8*)(dest + 1), optlen, &ndopts)) { 830 if (net_ratelimit()) 831 ND_PRINTK2(KERN_WARNING 832 "ICMP6 Redirect: invalid ND options, rejected.\n"); 833 in6_dev_put(in6_dev); 834 return; 835 } 836 if (ndopts.nd_opts_tgt_lladdr) { 837 lladdr = (u8*)(ndopts.nd_opts_tgt_lladdr + 1); 838 lladdrlen = ndopts.nd_opts_tgt_lladdr->nd_opt_len << 3; 839 if (lladdrlen != NDISC_OPT_SPACE(skb->dev->addr_len)) { 840 if (net_ratelimit()) 841 ND_PRINTK2(KERN_WARNING 842 "ICMP6 Redirect: invalid lladdr length.\n"); 843 in6_dev_put(in6_dev); 844 return; 845 } 846 } 847 /* passed validation tests */ 848 849 /* 850 We install redirect only if nexthop state is valid. 851 */ 852 853 neigh = __neigh_lookup(&nd_tbl, target, skb->dev, 1); 854 if (neigh) { 855 neigh_update(neigh, lladdr, NUD_STALE, 1, 1); 856 if (neigh->nud_state&NUD_VALID) 857 rt6_redirect(dest, &skb->nh.ipv6h->saddr, neigh, on_link); 858 else 859 __neigh_event_send(neigh, NULL); 860 neigh_release(neigh); 861 } 862 in6_dev_put(in6_dev); 863} 864 865void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh, 866 struct in6_addr *target) 867{ 868 struct sock *sk = ndisc_socket->sk; 869 int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr); 870 struct sk_buff *buff; 871 struct icmp6hdr *icmph; 872 struct in6_addr saddr_buf; 873 struct in6_addr *addrp; 874 struct net_device *dev; 875 struct rt6_info *rt; 876 u8 *opt; 877 int rd_len; 878 int err; 879 int hlen; 880 881 dev = skb->dev; 882 rt = rt6_lookup(&skb->nh.ipv6h->saddr, NULL, dev->ifindex, 1); 883 884 if (rt == NULL) 885 return; 886 887 if (rt->rt6i_flags & RTF_GATEWAY) { 888 ND_PRINTK1("ndisc_send_redirect: not a neighbour\n"); 889 dst_release(&rt->u.dst); 890 return; 891 } 892 if (!xrlim_allow(&rt->u.dst, 1*HZ)) { 893 dst_release(&rt->u.dst); 894 return; 895 } 896 dst_release(&rt->u.dst); 897 898 if (dev->addr_len) { 899 if (neigh->nud_state&NUD_VALID) { 900 len += NDISC_OPT_SPACE(dev->addr_len); 901 } else { 902 /* If nexthop is not valid, do not redirect! 903 We will make it later, when will be sure, 904 that it is alive. 905 */ 906 return; 907 } 908 } 909 910 rd_len = min_t(unsigned int, 911 IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8); 912 rd_len &= ~0x7; 913 len += rd_len; 914 915 if (ipv6_get_lladdr(dev, &saddr_buf)) { 916 ND_PRINTK1("redirect: no link_local addr for dev\n"); 917 return; 918 } 919 920 buff = sock_alloc_send_skb(sk, MAX_HEADER + len + dev->hard_header_len + 15, 921 0, &err); 922 if (buff == NULL) { 923 ND_PRINTK1("ndisc_send_redirect: alloc_skb failed\n"); 924 return; 925 } 926 927 hlen = 0; 928 929 if (ndisc_build_ll_hdr(buff, dev, &skb->nh.ipv6h->saddr, NULL, len) == 0) { 930 kfree_skb(buff); 931 return; 932 } 933 934 ip6_nd_hdr(sk, buff, dev, &saddr_buf, &skb->nh.ipv6h->saddr, 935 IPPROTO_ICMPV6, len); 936 937 icmph = (struct icmp6hdr *) skb_put(buff, len); 938 939 memset(icmph, 0, sizeof(struct icmp6hdr)); 940 icmph->icmp6_type = NDISC_REDIRECT; 941 942 /* 943 * copy target and destination addresses 944 */ 945 946 addrp = (struct in6_addr *)(icmph + 1); 947 ipv6_addr_copy(addrp, target); 948 addrp++; 949 ipv6_addr_copy(addrp, &skb->nh.ipv6h->daddr); 950 951 opt = (u8*) (addrp + 1); 952 953 /* 954 * include target_address option 955 */ 956 957 if (dev->addr_len) 958 opt = ndisc_fill_option(opt, ND_OPT_TARGET_LL_ADDR, neigh->ha, dev->addr_len); 959 960 /* 961 * build redirect option and copy skb over to the new packet. 962 */ 963 964 memset(opt, 0, 8); 965 *(opt++) = ND_OPT_REDIRECT_HDR; 966 *(opt++) = (rd_len >> 3); 967 opt += 6; 968 969 memcpy(opt, skb->nh.ipv6h, rd_len - 8); 970 971 icmph->icmp6_cksum = csum_ipv6_magic(&saddr_buf, &skb->nh.ipv6h->saddr, 972 len, IPPROTO_ICMPV6, 973 csum_partial((u8 *) icmph, len, 0)); 974 975 dev_queue_xmit(buff); 976 977 ICMP6_INC_STATS(Icmp6OutRedirects); 978 ICMP6_INC_STATS(Icmp6OutMsgs); 979} 980 981static void pndisc_redo(struct sk_buff *skb) 982{ 983 ndisc_rcv(skb); 984 kfree_skb(skb); 985} 986 987int ndisc_rcv(struct sk_buff *skb) 988{ 989 struct net_device *dev = skb->dev; 990 struct in6_addr *saddr = &skb->nh.ipv6h->saddr; 991 struct in6_addr *daddr = &skb->nh.ipv6h->daddr; 992 struct nd_msg *msg = (struct nd_msg *) skb->h.raw; 993 struct neighbour *neigh; 994 struct inet6_ifaddr *ifp; 995 996 __skb_push(skb, skb->data-skb->h.raw); 997 998 if (skb->nh.ipv6h->hop_limit != 255) { 999 if (net_ratelimit()) 1000 printk(KERN_WARNING 1001 "ICMP NDISC: fake message with non-255 Hop Limit received: %d\n", 1002 skb->nh.ipv6h->hop_limit); 1003 return 0; 1004 } 1005 1006 if (msg->icmph.icmp6_code != 0) { 1007 if (net_ratelimit()) 1008 printk(KERN_WARNING "ICMP NDISC: code is not zero\n"); 1009 return 0; 1010 } 1011 1012 switch (msg->icmph.icmp6_type) { 1013 case NDISC_NEIGHBOUR_SOLICITATION: 1014 { 1015 struct nd_msg *msg = (struct nd_msg *)skb->h.raw; 1016 u8 *lladdr = NULL; 1017 int lladdrlen = 0; 1018 u32 ndoptlen = skb->tail - msg->opt; 1019 struct ndisc_options ndopts; 1020 1021 if (skb->len < sizeof(struct nd_msg)) { 1022 if (net_ratelimit()) 1023 printk(KERN_WARNING "ICMP NS: packet too short\n"); 1024 return 0; 1025 } 1026 1027 if (ipv6_addr_type(&msg->target)&IPV6_ADDR_MULTICAST) { 1028 if (net_ratelimit()) 1029 printk(KERN_WARNING "ICMP NS: target address is multicast\n"); 1030 return 0; 1031 } 1032 1033 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) { 1034 if (net_ratelimit()) 1035 printk(KERN_WARNING "ICMP NS: invalid ND option, ignored.\n"); 1036 return 0; 1037 } 1038 1039 if (ndopts.nd_opts_src_lladdr) { 1040 lladdr = (u8*)(ndopts.nd_opts_src_lladdr + 1); 1041 lladdrlen = ndopts.nd_opts_src_lladdr->nd_opt_len << 3; 1042 if (lladdrlen != NDISC_OPT_SPACE(skb->dev->addr_len)) { 1043 if (net_ratelimit()) 1044 printk(KERN_WARNING "ICMP NS: bad lladdr length.\n"); 1045 return 0; 1046 } 1047 } 1048 1049 1050 1051 if ((ifp = ipv6_get_ifaddr(&msg->target, dev)) != NULL) { 1052 int addr_type = ipv6_addr_type(saddr); 1053 1054 if (ifp->flags & IFA_F_TENTATIVE) { 1055 /* Address is tentative. If the source 1056 is unspecified address, it is someone 1057 does DAD, otherwise we ignore solicitations 1058 until DAD timer expires. 1059 */ 1060 if (addr_type == IPV6_ADDR_ANY) { 1061 if (dev->type == ARPHRD_IEEE802_TR) { 1062 unsigned char *sadr = skb->mac.raw ; 1063 if (((sadr[8] &0x7f) != (dev->dev_addr[0] & 0x7f)) || 1064 (sadr[9] != dev->dev_addr[1]) || 1065 (sadr[10] != dev->dev_addr[2]) || 1066 (sadr[11] != dev->dev_addr[3]) || 1067 (sadr[12] != dev->dev_addr[4]) || 1068 (sadr[13] != dev->dev_addr[5])) 1069 { 1070 addrconf_dad_failure(ifp) ; 1071 } 1072 } else { 1073 addrconf_dad_failure(ifp); 1074 } 1075 } else 1076 in6_ifa_put(ifp); 1077 return 0; 1078 } 1079 1080 if (addr_type == IPV6_ADDR_ANY) { 1081 struct in6_addr maddr; 1082 1083 ipv6_addr_all_nodes(&maddr); 1084 ndisc_send_na(dev, NULL, &maddr, &ifp->addr, 1085 ifp->idev->cnf.forwarding, 0, 1086 ipv6_addr_type(&ifp->addr)&IPV6_ADDR_ANYCAST ? 0 : 1, 1087 1); 1088 in6_ifa_put(ifp); 1089 return 0; 1090 } 1091 1092 if (addr_type & IPV6_ADDR_UNICAST) { 1093 int inc = ipv6_addr_type(daddr)&IPV6_ADDR_MULTICAST; 1094 1095 if (inc) 1096 nd_tbl.stats.rcv_probes_mcast++; 1097 else 1098 nd_tbl.stats.rcv_probes_ucast++; 1099 1100 /* 1101 * update / create cache entry 1102 * for the source adddress 1103 */ 1104 1105 neigh = neigh_event_ns(&nd_tbl, lladdr, saddr, skb->dev); 1106 1107 if (neigh || !dev->hard_header) { 1108 ndisc_send_na(dev, neigh, saddr, &ifp->addr, 1109 ifp->idev->cnf.forwarding, 1, 1110 ipv6_addr_type(&ifp->addr)&IPV6_ADDR_ANYCAST ? 0 : 1, 1111 1); 1112 if (neigh) 1113 neigh_release(neigh); 1114 } 1115 } 1116 in6_ifa_put(ifp); 1117 } else { 1118 struct inet6_dev *in6_dev = in6_dev_get(dev); 1119 int addr_type = ipv6_addr_type(saddr); 1120 1121 if (in6_dev && in6_dev->cnf.forwarding && 1122 (addr_type & IPV6_ADDR_UNICAST) && 1123 pneigh_lookup(&nd_tbl, &msg->target, dev, 0)) { 1124 int inc = ipv6_addr_type(daddr)&IPV6_ADDR_MULTICAST; 1125 1126 if (skb->stamp.tv_sec == 0 || 1127 skb->pkt_type == PACKET_HOST || 1128 inc == 0 || 1129 in6_dev->nd_parms->proxy_delay == 0) { 1130 if (inc) 1131 nd_tbl.stats.rcv_probes_mcast++; 1132 else 1133 nd_tbl.stats.rcv_probes_ucast++; 1134 1135 1136 neigh = neigh_event_ns(&nd_tbl, lladdr, saddr, skb->dev); 1137 1138 if (neigh) { 1139 ndisc_send_na(dev, neigh, saddr, &msg->target, 1140 0, 1, 0, 1); 1141 neigh_release(neigh); 1142 } 1143 } else { 1144 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC); 1145 if (n) 1146 pneigh_enqueue(&nd_tbl, in6_dev->nd_parms, n); 1147 in6_dev_put(in6_dev); 1148 return 0; 1149 } 1150 } 1151 if (in6_dev) 1152 in6_dev_put(in6_dev); 1153 1154 } 1155 return 0; 1156 } 1157 1158 case NDISC_NEIGHBOUR_ADVERTISEMENT: 1159 { 1160 struct nd_msg *msg = (struct nd_msg *)skb->h.raw; 1161 u8 *lladdr = NULL; 1162 int lladdrlen = 0; 1163 u32 ndoptlen = skb->tail - msg->opt; 1164 struct ndisc_options ndopts; 1165 1166 if (skb->len < sizeof(struct nd_msg)) { 1167 if (net_ratelimit()) 1168 printk(KERN_WARNING "ICMP NA: packet too short\n"); 1169 return 0; 1170 } 1171 1172 if (ipv6_addr_type(&msg->target)&IPV6_ADDR_MULTICAST) { 1173 if (net_ratelimit()) 1174 printk(KERN_WARNING "NDISC NA: target address is multicast\n"); 1175 return 0; 1176 } 1177 1178 if ((ipv6_addr_type(daddr)&IPV6_ADDR_MULTICAST) && 1179 msg->icmph.icmp6_solicited) { 1180 ND_PRINTK0("NDISC: solicited NA is multicasted\n"); 1181 return 0; 1182 } 1183 1184 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) { 1185 if (net_ratelimit()) 1186 printk(KERN_WARNING "ICMP NS: invalid ND option, ignored.\n"); 1187 return 0; 1188 } 1189 if (ndopts.nd_opts_tgt_lladdr) { 1190 lladdr = (u8*)(ndopts.nd_opts_tgt_lladdr + 1); 1191 lladdrlen = ndopts.nd_opts_tgt_lladdr->nd_opt_len << 3; 1192 if (lladdrlen != NDISC_OPT_SPACE(skb->dev->addr_len)) { 1193 if (net_ratelimit()) 1194 printk(KERN_WARNING "NDISC NA: invalid lladdr length.\n"); 1195 return 0; 1196 } 1197 } 1198 if ((ifp = ipv6_get_ifaddr(&msg->target, dev))) { 1199 if (ifp->flags & IFA_F_TENTATIVE) { 1200 addrconf_dad_failure(ifp); 1201 return 0; 1202 } 1203 /* What should we make now? The advertisement 1204 is invalid, but ndisc specs say nothing 1205 about it. It could be misconfiguration, or 1206 an smart proxy agent tries to help us :-) 1207 */ 1208 ND_PRINTK0("%s: someone advertises our address!\n", 1209 ifp->idev->dev->name); 1210 in6_ifa_put(ifp); 1211 return 0; 1212 } 1213 neigh = neigh_lookup(&nd_tbl, &msg->target, skb->dev); 1214 1215 if (neigh) { 1216 if (neigh->flags & NTF_ROUTER) { 1217 if (msg->icmph.icmp6_router == 0) { 1218 /* 1219 * Change: router to host 1220 */ 1221 struct rt6_info *rt; 1222 rt = rt6_get_dflt_router(saddr, skb->dev); 1223 if (rt) { 1224 ip6_del_rt(rt); 1225 } 1226 } 1227 } else { 1228 if (msg->icmph.icmp6_router) 1229 neigh->flags |= NTF_ROUTER; 1230 } 1231 1232 neigh_update(neigh, lladdr, 1233 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE, 1234 msg->icmph.icmp6_override, 1); 1235 neigh_release(neigh); 1236 } 1237 break; 1238 } 1239 1240 case NDISC_ROUTER_ADVERTISEMENT: 1241 ndisc_router_discovery(skb); 1242 break; 1243 1244 case NDISC_REDIRECT: 1245 ndisc_redirect_rcv(skb); 1246 break; 1247 }; 1248 1249 return 0; 1250} 1251 1252int __init ndisc_init(struct net_proto_family *ops) 1253{ 1254 struct sock *sk; 1255 int err; 1256 1257 ndisc_socket = sock_alloc(); 1258 if (ndisc_socket == NULL) { 1259 printk(KERN_ERR 1260 "Failed to create the NDISC control socket.\n"); 1261 return -1; 1262 } 1263 ndisc_socket->inode->i_uid = 0; 1264 ndisc_socket->inode->i_gid = 0; 1265 ndisc_socket->type = SOCK_RAW; 1266 1267 if((err = ops->create(ndisc_socket, IPPROTO_ICMPV6)) < 0) { 1268 printk(KERN_DEBUG 1269 "Failed to initialize the NDISC control socket (err %d).\n", 1270 err); 1271 sock_release(ndisc_socket); 1272 ndisc_socket = NULL; /* For safety. */ 1273 return err; 1274 } 1275 1276 sk = ndisc_socket->sk; 1277 sk->allocation = GFP_ATOMIC; 1278 sk->net_pinfo.af_inet6.hop_limit = 255; 1279 /* Do not loopback ndisc messages */ 1280 sk->net_pinfo.af_inet6.mc_loop = 0; 1281 sk->prot->unhash(sk); 1282 1283 /* 1284 * Initialize the neighbour table 1285 */ 1286 1287 neigh_table_init(&nd_tbl); 1288 1289#ifdef CONFIG_SYSCTL 1290 neigh_sysctl_register(NULL, &nd_tbl.parms, NET_IPV6, NET_IPV6_NEIGH, "ipv6"); 1291#endif 1292 1293 return 0; 1294} 1295 1296void ndisc_cleanup(void) 1297{ 1298 neigh_table_clear(&nd_tbl); 1299 sock_release(ndisc_socket); 1300 ndisc_socket = NULL; /* For safety. */ 1301} 1302