]> bbs.cooldavid.org Git - net-next-2.6.git/blame - net/ipv6/ndisc.c
git://bbs.cooldavid.org / net-next-2.6.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
[IPV6]: ROUTE: Add accept_ra_rt_info_max_plen sysctl.
[net-next-2.6.git] / net / ipv6 / ndisc.c
CommitLineData
1da177e4
LT		 1/*
2 * Neighbour Discovery for IPv6
3 * Linux INET6 implementation
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 * Mike Shaver <shaver@ingenia.com>
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version
12 * 2 of the License, or (at your option) any later version.
13 */
14
15/*
16 * Changes:
17 *
18 * Lars Fenneberg : fixed MTU setting on receipt
19 * of an RA.
20 *
21 * Janos Farkas : kmalloc failure checks
22 * Alexey Kuznetsov : state machine reworked
23 * and moved to net/core.
24 * Pekka Savola : RFC2461 validation
25 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly
26 */
27
28/* Set to 3 to get tracing... */
29#define ND_DEBUG 1
30
31#define ND_PRINTK(fmt, args...) do { if (net_ratelimit()) { printk(fmt, ## args); } } while(0)
32#define ND_NOPRINTK(x...) do { ; } while(0)
33#define ND_PRINTK0 ND_PRINTK
34#define ND_PRINTK1 ND_NOPRINTK
35#define ND_PRINTK2 ND_NOPRINTK
36#define ND_PRINTK3 ND_NOPRINTK
37#if ND_DEBUG >= 1
38#undef ND_PRINTK1
39#define ND_PRINTK1 ND_PRINTK
40#endif
41#if ND_DEBUG >= 2
42#undef ND_PRINTK2
43#define ND_PRINTK2 ND_PRINTK
44#endif
45#if ND_DEBUG >= 3
46#undef ND_PRINTK3
47#define ND_PRINTK3 ND_PRINTK
48#endif
49
50#include <linux/module.h>
51#include <linux/config.h>
52#include <linux/errno.h>
53#include <linux/types.h>
54#include <linux/socket.h>
55#include <linux/sockios.h>
56#include <linux/sched.h>
57#include <linux/net.h>
58#include <linux/in6.h>
59#include <linux/route.h>
60#include <linux/init.h>
61#include <linux/rcupdate.h>
62#ifdef CONFIG_SYSCTL
63#include <linux/sysctl.h>
64#endif
65
66#include <linux/if_arp.h>
67#include <linux/ipv6.h>
68#include <linux/icmpv6.h>
69#include <linux/jhash.h>
70
71#include <net/sock.h>
72#include <net/snmp.h>
73
74#include <net/ipv6.h>
75#include <net/protocol.h>
76#include <net/ndisc.h>
77#include <net/ip6_route.h>
78#include <net/addrconf.h>
79#include <net/icmp.h>
80
81#include <net/flow.h>
82#include <net/ip6_checksum.h>
83#include <linux/proc_fs.h>
84
85#include <linux/netfilter.h>
86#include <linux/netfilter_ipv6.h>
87
88static struct socket *ndisc_socket;
89
90static u32 ndisc_hash(const void *pkey, const struct net_device *dev);
91static int ndisc_constructor(struct neighbour *neigh);
92static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
93static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
94static int pndisc_constructor(struct pneigh_entry *n);
95static void pndisc_destructor(struct pneigh_entry *n);
96static void pndisc_redo(struct sk_buff *skb);
97
98static struct neigh_ops ndisc_generic_ops = {
99 .family = AF_INET6,
100 .solicit = ndisc_solicit,
101 .error_report = ndisc_error_report,
102 .output = neigh_resolve_output,
103 .connected_output = neigh_connected_output,
104 .hh_output = dev_queue_xmit,
105 .queue_xmit = dev_queue_xmit,
106};
107
108static struct neigh_ops ndisc_hh_ops = {
109 .family = AF_INET6,
110 .solicit = ndisc_solicit,
111 .error_report = ndisc_error_report,
112 .output = neigh_resolve_output,
113 .connected_output = neigh_resolve_output,
114 .hh_output = dev_queue_xmit,
115 .queue_xmit = dev_queue_xmit,
116};
117
118
119static struct neigh_ops ndisc_direct_ops = {
120 .family = AF_INET6,
121 .output = dev_queue_xmit,
122 .connected_output = dev_queue_xmit,
123 .hh_output = dev_queue_xmit,
124 .queue_xmit = dev_queue_xmit,
125};
126
127struct neigh_table nd_tbl = {
128 .family = AF_INET6,
129 .entry_size = sizeof(struct neighbour) + sizeof(struct in6_addr),
130 .key_len = sizeof(struct in6_addr),
131 .hash = ndisc_hash,
132 .constructor = ndisc_constructor,
133 .pconstructor = pndisc_constructor,
134 .pdestructor = pndisc_destructor,
135 .proxy_redo = pndisc_redo,
136 .id = "ndisc_cache",
137 .parms = {
138 .tbl = &nd_tbl,
139 .base_reachable_time = 30 * HZ,
140 .retrans_time = 1 * HZ,
141 .gc_staletime = 60 * HZ,
142 .reachable_time = 30 * HZ,
143 .delay_probe_time = 5 * HZ,
144 .queue_len = 3,
145 .ucast_probes = 3,
146 .mcast_probes = 3,
147 .anycast_delay = 1 * HZ,
148 .proxy_delay = (8 * HZ) / 10,
149 .proxy_qlen = 64,
150 },
151 .gc_interval = 30 * HZ,
152 .gc_thresh1 = 128,
153 .gc_thresh2 = 512,
154 .gc_thresh3 = 1024,
155};
156
157/* ND options */
158struct ndisc_options {
70ceb4f5
YH		 159 struct nd_opt_hdr *nd_opt_array[__ND_OPT_ARRAY_MAX];
160#ifdef CONFIG_IPV6_ROUTE_INFO
161 struct nd_opt_hdr *nd_opts_ri;
162 struct nd_opt_hdr *nd_opts_ri_end;
163#endif
1da177e4
LT		 164};
165
166#define nd_opts_src_lladdr nd_opt_array[ND_OPT_SOURCE_LL_ADDR]
167#define nd_opts_tgt_lladdr nd_opt_array[ND_OPT_TARGET_LL_ADDR]
168#define nd_opts_pi nd_opt_array[ND_OPT_PREFIX_INFO]
169#define nd_opts_pi_end nd_opt_array[__ND_OPT_PREFIX_INFO_END]
170#define nd_opts_rh nd_opt_array[ND_OPT_REDIRECT_HDR]
171#define nd_opts_mtu nd_opt_array[ND_OPT_MTU]
172
173#define NDISC_OPT_SPACE(len) (((len)+2+7)&~7)
174
175/*
176 * Return the padding between the option length and the start of the
177 * link addr. Currently only IP-over-InfiniBand needs this, although
178 * if RFC 3831 IPv6-over-Fibre Channel is ever implemented it may
179 * also need a pad of 2.
180 */
181static int ndisc_addr_option_pad(unsigned short type)
182{
183 switch (type) {
184 case ARPHRD_INFINIBAND: return 2;
185 default: return 0;
186 }
187}
188
189static inline int ndisc_opt_addr_space(struct net_device *dev)
190{
191 return NDISC_OPT_SPACE(dev->addr_len + ndisc_addr_option_pad(dev->type));
192}
193
194static u8 *ndisc_fill_addr_option(u8 *opt, int type, void *data, int data_len,
195 unsigned short addr_type)
196{
197 int space = NDISC_OPT_SPACE(data_len);
198 int pad = ndisc_addr_option_pad(addr_type);
199
200 opt[0] = type;
201 opt[1] = space>>3;
202
203 memset(opt + 2, 0, pad);
204 opt += pad;
205 space -= pad;
206
207 memcpy(opt+2, data, data_len);
208 data_len += 2;
209 opt += data_len;
210 if ((space -= data_len) > 0)
211 memset(opt, 0, space);
212 return opt + space;
213}
214
215static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
216 struct nd_opt_hdr *end)
217{
218 int type;
219 if (!cur || !end || cur >= end)
220 return NULL;
221 type = cur->nd_opt_type;
222 do {
223 cur = ((void *)cur) + (cur->nd_opt_len << 3);
224 } while(cur < end && cur->nd_opt_type != type);
225 return (cur <= end && cur->nd_opt_type == type ? cur : NULL);
226}
227
228static struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
229 struct ndisc_options *ndopts)
230{
231 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
232
233 if (!nd_opt || opt_len < 0 || !ndopts)
234 return NULL;
235 memset(ndopts, 0, sizeof(*ndopts));
236 while (opt_len) {
237 int l;
238 if (opt_len < sizeof(struct nd_opt_hdr))
239 return NULL;
240 l = nd_opt->nd_opt_len << 3;
241 if (opt_len < l || l == 0)
242 return NULL;
243 switch (nd_opt->nd_opt_type) {
244 case ND_OPT_SOURCE_LL_ADDR:
245 case ND_OPT_TARGET_LL_ADDR:
246 case ND_OPT_MTU:
247 case ND_OPT_REDIRECT_HDR:
248 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
249 ND_PRINTK2(KERN_WARNING
250 "%s(): duplicated ND6 option found: type=%d\n",
251 __FUNCTION__,
252 nd_opt->nd_opt_type);
253 } else {
254 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
255 }
256 break;
257 case ND_OPT_PREFIX_INFO:
258 ndopts->nd_opts_pi_end = nd_opt;
259 if (ndopts->nd_opt_array[nd_opt->nd_opt_type] == 0)
260 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
261 break;
70ceb4f5
YH		 262#ifdef CONFIG_IPV6_ROUTE_INFO
263 case ND_OPT_ROUTE_INFO:
264 ndopts->nd_opts_ri_end = nd_opt;
265 if (!ndopts->nd_opts_ri)
266 ndopts->nd_opts_ri = nd_opt;
267 break;
268#endif
1da177e4
LT		 269 default:
270 /*
271 * Unknown options must be silently ignored,
272 * to accommodate future extension to the protocol.
273 */
274 ND_PRINTK2(KERN_NOTICE
275 "%s(): ignored unsupported option; type=%d, len=%d\n",
276 __FUNCTION__,
277 nd_opt->nd_opt_type, nd_opt->nd_opt_len);
278 }
279 opt_len -= l;
280 nd_opt = ((void *)nd_opt) + l;
281 }
282 return ndopts;
283}
284
285static inline u8 *ndisc_opt_addr_data(struct nd_opt_hdr *p,
286 struct net_device *dev)
287{
288 u8 *lladdr = (u8 *)(p + 1);
289 int lladdrlen = p->nd_opt_len << 3;
290 int prepad = ndisc_addr_option_pad(dev->type);
291 if (lladdrlen != NDISC_OPT_SPACE(dev->addr_len + prepad))
292 return NULL;
293 return (lladdr + prepad);
294}
295
296int ndisc_mc_map(struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
297{
298 switch (dev->type) {
299 case ARPHRD_ETHER:
300 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */
301 case ARPHRD_FDDI:
302 ipv6_eth_mc_map(addr, buf);
303 return 0;
304 case ARPHRD_IEEE802_TR:
305 ipv6_tr_mc_map(addr,buf);
306 return 0;
307 case ARPHRD_ARCNET:
308 ipv6_arcnet_mc_map(addr, buf);
309 return 0;
310 case ARPHRD_INFINIBAND:
311 ipv6_ib_mc_map(addr, buf);
312 return 0;
313 default:
314 if (dir) {
315 memcpy(buf, dev->broadcast, dev->addr_len);
316 return 0;
317 }
318 }
319 return -EINVAL;
320}
321
322static u32 ndisc_hash(const void *pkey, const struct net_device *dev)
323{
324 const u32 *p32 = pkey;
325 u32 addr_hash, i;
326
327 addr_hash = 0;
328 for (i = 0; i < (sizeof(struct in6_addr) / sizeof(u32)); i++)
329 addr_hash ^= *p32++;
330
331 return jhash_2words(addr_hash, dev->ifindex, nd_tbl.hash_rnd);
332}
333
334static int ndisc_constructor(struct neighbour *neigh)
335{
336 struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key;
337 struct net_device *dev = neigh->dev;
338 struct inet6_dev *in6_dev;
339 struct neigh_parms *parms;
340 int is_multicast = ipv6_addr_is_multicast(addr);
341
342 rcu_read_lock();
343 in6_dev = in6_dev_get(dev);
344 if (in6_dev == NULL) {
345 rcu_read_unlock();
346 return -EINVAL;
347 }
348
349 parms = in6_dev->nd_parms;
350 __neigh_parms_put(neigh->parms);
351 neigh->parms = neigh_parms_clone(parms);
352 rcu_read_unlock();
353
354 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
355 if (dev->hard_header == NULL) {
356 neigh->nud_state = NUD_NOARP;
357 neigh->ops = &ndisc_direct_ops;
358 neigh->output = neigh->ops->queue_xmit;
359 } else {
360 if (is_multicast) {
361 neigh->nud_state = NUD_NOARP;
362 ndisc_mc_map(addr, neigh->ha, dev, 1);
363 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
364 neigh->nud_state = NUD_NOARP;
365 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
366 if (dev->flags&IFF_LOOPBACK)
367 neigh->type = RTN_LOCAL;
368 } else if (dev->flags&IFF_POINTOPOINT) {
369 neigh->nud_state = NUD_NOARP;
370 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
371 }
372 if (dev->hard_header_cache)
373 neigh->ops = &ndisc_hh_ops;
374 else
375 neigh->ops = &ndisc_generic_ops;
376 if (neigh->nud_state&NUD_VALID)
377 neigh->output = neigh->ops->connected_output;
378 else
379 neigh->output = neigh->ops->output;
380 }
381 in6_dev_put(in6_dev);
382 return 0;
383}
384
385static int pndisc_constructor(struct pneigh_entry *n)
386{
387 struct in6_addr *addr = (struct in6_addr*)&n->key;
388 struct in6_addr maddr;
389 struct net_device *dev = n->dev;
390
391 if (dev == NULL || __in6_dev_get(dev) == NULL)
392 return -EINVAL;
393 addrconf_addr_solict_mult(addr, &maddr);
394 ipv6_dev_mc_inc(dev, &maddr);
395 return 0;
396}
397
398static void pndisc_destructor(struct pneigh_entry *n)
399{
400 struct in6_addr *addr = (struct in6_addr*)&n->key;
401 struct in6_addr maddr;
402 struct net_device *dev = n->dev;
403
404 if (dev == NULL || __in6_dev_get(dev) == NULL)
405 return;
406 addrconf_addr_solict_mult(addr, &maddr);
407 ipv6_dev_mc_dec(dev, &maddr);
408}
409
410/*
411 * Send a Neighbour Advertisement
412 */
413
414static inline void ndisc_flow_init(struct flowi *fl, u8 type,
415 struct in6_addr *saddr, struct in6_addr *daddr)
416{
417 memset(fl, 0, sizeof(*fl));
418 ipv6_addr_copy(&fl->fl6_src, saddr);
419 ipv6_addr_copy(&fl->fl6_dst, daddr);
420 fl->proto = IPPROTO_ICMPV6;
421 fl->fl_icmp_type = type;
422 fl->fl_icmp_code = 0;
423}
424
425static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
426 struct in6_addr *daddr, struct in6_addr *solicited_addr,
427 int router, int solicited, int override, int inc_opt)
428{
429 struct in6_addr tmpaddr;
430 struct inet6_ifaddr *ifp;
431 struct inet6_dev *idev;
432 struct flowi fl;
433 struct dst_entry* dst;
434 struct sock *sk = ndisc_socket->sk;
435 struct in6_addr *src_addr;
436 struct nd_msg *msg;
437 int len;
438 struct sk_buff *skb;
439 int err;
440
441 len = sizeof(struct icmp6hdr) + sizeof(struct in6_addr);
442
443 /* for anycast or proxy, solicited_addr != src_addr */
444 ifp = ipv6_get_ifaddr(solicited_addr, dev, 1);
445 if (ifp) {
446 src_addr = solicited_addr;
447 in6_ifa_put(ifp);
448 } else {
449 if (ipv6_dev_get_saddr(dev, daddr, &tmpaddr))
450 return;
451 src_addr = &tmpaddr;
452 }
453
454 ndisc_flow_init(&fl, NDISC_NEIGHBOUR_ADVERTISEMENT, src_addr, daddr);
455
456 dst = ndisc_dst_alloc(dev, neigh, daddr, ip6_output);
457 if (!dst)
458 return;
459
460 err = xfrm_lookup(&dst, &fl, NULL, 0);
e104411b 461 if (err < 0)
1da177e4 462 return;
1da177e4
LT		 463
464 if (inc_opt) {
465 if (dev->addr_len)
466 len += ndisc_opt_addr_space(dev);
467 else
468 inc_opt = 0;
469 }
470
471 skb = sock_alloc_send_skb(sk, MAX_HEADER + len + LL_RESERVED_SPACE(dev),
472 1, &err);
473
474 if (skb == NULL) {
475 ND_PRINTK0(KERN_ERR
476 "ICMPv6 NA: %s() failed to allocate an skb.\n",
477 __FUNCTION__);
478 dst_release(dst);
479 return;
480 }
481
482 skb_reserve(skb, LL_RESERVED_SPACE(dev));
483 ip6_nd_hdr(sk, skb, dev, src_addr, daddr, IPPROTO_ICMPV6, len);
484
485 msg = (struct nd_msg *)skb_put(skb, len);
486 skb->h.raw = (unsigned char*)msg;
487
488 msg->icmph.icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT;
489 msg->icmph.icmp6_code = 0;
490 msg->icmph.icmp6_cksum = 0;
491
492 msg->icmph.icmp6_unused = 0;
493 msg->icmph.icmp6_router = router;
494 msg->icmph.icmp6_solicited = solicited;
495 msg->icmph.icmp6_override = !!override;
496
497 /* Set the target address. */
498 ipv6_addr_copy(&msg->target, solicited_addr);
499
500 if (inc_opt)
501 ndisc_fill_addr_option(msg->opt, ND_OPT_TARGET_LL_ADDR, dev->dev_addr,
502 dev->addr_len, dev->type);
503
504 /* checksum */
505 msg->icmph.icmp6_cksum = csum_ipv6_magic(src_addr, daddr, len,
506 IPPROTO_ICMPV6,
507 csum_partial((__u8 *) msg,
508 len, 0));
509
510 skb->dst = dst;
511 idev = in6_dev_get(dst->dev);
512 IP6_INC_STATS(IPSTATS_MIB_OUTREQUESTS);
513 err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, dst_output);
514 if (!err) {
515 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTNEIGHBORADVERTISEMENTS);
516 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS);
517 }
518
519 if (likely(idev != NULL))
520 in6_dev_put(idev);
521}
522
523void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh,
524 struct in6_addr *solicit,
525 struct in6_addr *daddr, struct in6_addr *saddr)
526{
527 struct flowi fl;
528 struct dst_entry* dst;
529 struct inet6_dev *idev;
530 struct sock *sk = ndisc_socket->sk;
531 struct sk_buff *skb;
532 struct nd_msg *msg;
533 struct in6_addr addr_buf;
534 int len;
535 int err;
536 int send_llinfo;
537
538 if (saddr == NULL) {
539 if (ipv6_get_lladdr(dev, &addr_buf))
540 return;
541 saddr = &addr_buf;
542 }
543
544 ndisc_flow_init(&fl, NDISC_NEIGHBOUR_SOLICITATION, saddr, daddr);
545
546 dst = ndisc_dst_alloc(dev, neigh, daddr, ip6_output);
547 if (!dst)
548 return;
549
550 err = xfrm_lookup(&dst, &fl, NULL, 0);
e104411b 551 if (err < 0)
1da177e4 552 return;
1da177e4
LT		 553
554 len = sizeof(struct icmp6hdr) + sizeof(struct in6_addr);
555 send_llinfo = dev->addr_len && !ipv6_addr_any(saddr);
556 if (send_llinfo)
557 len += ndisc_opt_addr_space(dev);
558
559 skb = sock_alloc_send_skb(sk, MAX_HEADER + len + LL_RESERVED_SPACE(dev),
560 1, &err);
561 if (skb == NULL) {
562 ND_PRINTK0(KERN_ERR
563 "ICMPv6 NA: %s() failed to allocate an skb.\n",
564 __FUNCTION__);
565 dst_release(dst);
566 return;
567 }
568
569 skb_reserve(skb, LL_RESERVED_SPACE(dev));
570 ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len);
571
572 msg = (struct nd_msg *)skb_put(skb, len);
573 skb->h.raw = (unsigned char*)msg;
574 msg->icmph.icmp6_type = NDISC_NEIGHBOUR_SOLICITATION;
575 msg->icmph.icmp6_code = 0;
576 msg->icmph.icmp6_cksum = 0;
577 msg->icmph.icmp6_unused = 0;
578
579 /* Set the target address. */
580 ipv6_addr_copy(&msg->target, solicit);
581
582 if (send_llinfo)
583 ndisc_fill_addr_option(msg->opt, ND_OPT_SOURCE_LL_ADDR, dev->dev_addr,
584 dev->addr_len, dev->type);
585
586 /* checksum */
587 msg->icmph.icmp6_cksum = csum_ipv6_magic(&skb->nh.ipv6h->saddr,
588 daddr, len,
589 IPPROTO_ICMPV6,
590 csum_partial((__u8 *) msg,
591 len, 0));
592 /* send it! */
593 skb->dst = dst;
594 idev = in6_dev_get(dst->dev);
595 IP6_INC_STATS(IPSTATS_MIB_OUTREQUESTS);
596 err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, dst_output);
597 if (!err) {
598 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTNEIGHBORSOLICITS);
599 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS);
600 }
601
602 if (likely(idev != NULL))
603 in6_dev_put(idev);
604}
605
606void ndisc_send_rs(struct net_device *dev, struct in6_addr *saddr,
607 struct in6_addr *daddr)
608{
609 struct flowi fl;
610 struct dst_entry* dst;
611 struct inet6_dev *idev;
612 struct sock *sk = ndisc_socket->sk;
613 struct sk_buff *skb;
614 struct icmp6hdr *hdr;
615 __u8 * opt;
616 int len;
617 int err;
618
619 ndisc_flow_init(&fl, NDISC_ROUTER_SOLICITATION, saddr, daddr);
620
621 dst = ndisc_dst_alloc(dev, NULL, daddr, ip6_output);
622 if (!dst)
623 return;
624
625 err = xfrm_lookup(&dst, &fl, NULL, 0);
e104411b 626 if (err < 0)
1da177e4 627 return;
1da177e4
LT		 628
629 len = sizeof(struct icmp6hdr);
630 if (dev->addr_len)
631 len += ndisc_opt_addr_space(dev);
632
633 skb = sock_alloc_send_skb(sk, MAX_HEADER + len + LL_RESERVED_SPACE(dev),
634 1, &err);
635 if (skb == NULL) {
636 ND_PRINTK0(KERN_ERR
637 "ICMPv6 RS: %s() failed to allocate an skb.\n",
638 __FUNCTION__);
639 dst_release(dst);
640 return;
641 }
642
643 skb_reserve(skb, LL_RESERVED_SPACE(dev));
644 ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len);
645
646 hdr = (struct icmp6hdr *)skb_put(skb, len);
647 skb->h.raw = (unsigned char*)hdr;
648 hdr->icmp6_type = NDISC_ROUTER_SOLICITATION;
649 hdr->icmp6_code = 0;
650 hdr->icmp6_cksum = 0;
651 hdr->icmp6_unused = 0;
652
653 opt = (u8*) (hdr + 1);
654
655 if (dev->addr_len)
656 ndisc_fill_addr_option(opt, ND_OPT_SOURCE_LL_ADDR, dev->dev_addr,
657 dev->addr_len, dev->type);
658
659 /* checksum */
660 hdr->icmp6_cksum = csum_ipv6_magic(&skb->nh.ipv6h->saddr, daddr, len,
661 IPPROTO_ICMPV6,
662 csum_partial((__u8 *) hdr, len, 0));
663
664 /* send it! */
665 skb->dst = dst;
666 idev = in6_dev_get(dst->dev);
667 IP6_INC_STATS(IPSTATS_MIB_OUTREQUESTS);
668 err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, dst_output);
669 if (!err) {
670 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTROUTERSOLICITS);
671 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS);
672 }
673
674 if (likely(idev != NULL))
675 in6_dev_put(idev);
676}
677
678
679static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
680{
681 /*
682 * "The sender MUST return an ICMP
683 * destination unreachable"
684 */
685 dst_link_failure(skb);
686 kfree_skb(skb);
687}
688
689/* Called with locked neigh: either read or both */
690
691static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
692{
693 struct in6_addr *saddr = NULL;
694 struct in6_addr mcaddr;
695 struct net_device *dev = neigh->dev;
696 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
697 int probes = atomic_read(&neigh->probes);
698
699 if (skb && ipv6_chk_addr(&skb->nh.ipv6h->saddr, dev, 1))
700 saddr = &skb->nh.ipv6h->saddr;
701
702 if ((probes -= neigh->parms->ucast_probes) < 0) {
703 if (!(neigh->nud_state & NUD_VALID)) {
704 ND_PRINTK1(KERN_DEBUG
705 "%s(): trying to ucast probe in NUD_INVALID: "
46b86a2d 706 NIP6_FMT "\n",
1da177e4
LT		 707 __FUNCTION__,
708 NIP6(*target));
709 }
710 ndisc_send_ns(dev, neigh, target, target, saddr);
711 } else if ((probes -= neigh->parms->app_probes) < 0) {
712#ifdef CONFIG_ARPD
713 neigh_app_ns(neigh);
714#endif
715 } else {
716 addrconf_addr_solict_mult(target, &mcaddr);
717 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr);
718 }
719}
720
721static void ndisc_recv_ns(struct sk_buff *skb)
722{
723 struct nd_msg *msg = (struct nd_msg *)skb->h.raw;
724 struct in6_addr *saddr = &skb->nh.ipv6h->saddr;
725 struct in6_addr *daddr = &skb->nh.ipv6h->daddr;
726 u8 *lladdr = NULL;
727 u32 ndoptlen = skb->tail - msg->opt;
728 struct ndisc_options ndopts;
729 struct net_device *dev = skb->dev;
730 struct inet6_ifaddr *ifp;
731 struct inet6_dev *idev = NULL;
732 struct neighbour *neigh;
733 int dad = ipv6_addr_any(saddr);
734 int inc;
735
736 if (ipv6_addr_is_multicast(&msg->target)) {
737 ND_PRINTK2(KERN_WARNING
738 "ICMPv6 NS: multicast target address");
739 return;
740 }
741
742 /*
743 * RFC2461 7.1.1:
744 * DAD has to be destined for solicited node multicast address.
745 */
746 if (dad &&
747 !(daddr->s6_addr32[0] == htonl(0xff020000) &&
748 daddr->s6_addr32[1] == htonl(0x00000000) &&
749 daddr->s6_addr32[2] == htonl(0x00000001) &&
750 daddr->s6_addr [12] == 0xff )) {
751 ND_PRINTK2(KERN_WARNING
752 "ICMPv6 NS: bad DAD packet (wrong destination)\n");
753 return;
754 }
755
756 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
757 ND_PRINTK2(KERN_WARNING
758 "ICMPv6 NS: invalid ND options\n");
759 return;
760 }
761
762 if (ndopts.nd_opts_src_lladdr) {
763 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
764 if (!lladdr) {
765 ND_PRINTK2(KERN_WARNING
766 "ICMPv6 NS: invalid link-layer address length\n");
767 return;
768 }
769
770 /* RFC2461 7.1.1:
771 * If the IP source address is the unspecified address,
772 * there MUST NOT be source link-layer address option
773 * in the message.
774 */
775 if (dad) {
776 ND_PRINTK2(KERN_WARNING
777 "ICMPv6 NS: bad DAD packet (link-layer address option)\n");
778 return;
779 }
780 }
781
782 inc = ipv6_addr_is_multicast(daddr);
783
784 if ((ifp = ipv6_get_ifaddr(&msg->target, dev, 1)) != NULL) {
785 if (ifp->flags & IFA_F_TENTATIVE) {
786 /* Address is tentative. If the source
787 is unspecified address, it is someone
788 does DAD, otherwise we ignore solicitations
789 until DAD timer expires.
790 */
791 if (!dad)
792 goto out;
793 if (dev->type == ARPHRD_IEEE802_TR) {
794 unsigned char *sadr = skb->mac.raw;
795 if (((sadr[8] ^ dev->dev_addr[0]) & 0x7f) == 0 &&
796 sadr[9] == dev->dev_addr[1] &&
797 sadr[10] == dev->dev_addr[2] &&
798 sadr[11] == dev->dev_addr[3] &&
799 sadr[12] == dev->dev_addr[4] &&
800 sadr[13] == dev->dev_addr[5]) {
801 /* looped-back to us */
802 goto out;
803 }
804 }
805 addrconf_dad_failure(ifp);
806 return;
807 }
808
809 idev = ifp->idev;
810 } else {
811 idev = in6_dev_get(dev);
812 if (!idev) {
813 /* XXX: count this drop? */
814 return;
815 }
816
817 if (ipv6_chk_acast_addr(dev, &msg->target) ||
818 (idev->cnf.forwarding &&
819 pneigh_lookup(&nd_tbl, &msg->target, dev, 0))) {
a61bbcf2 820 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
1da177e4
LT		 821 skb->pkt_type != PACKET_HOST &&
822 inc != 0 &&
823 idev->nd_parms->proxy_delay != 0) {
824 /*
825 * for anycast or proxy,
826 * sender should delay its response
827 * by a random time between 0 and
828 * MAX_ANYCAST_DELAY_TIME seconds.
829 * (RFC2461) -- yoshfuji
830 */
831 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
832 if (n)
833 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
834 goto out;
835 }
836 } else
837 goto out;
838 }
839
840 if (dad) {
841 struct in6_addr maddr;
842
843 ipv6_addr_all_nodes(&maddr);
844 ndisc_send_na(dev, NULL, &maddr, &msg->target,
845 idev->cnf.forwarding, 0, (ifp != NULL), 1);
846 goto out;
847 }
848
849 if (inc)
850 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
851 else
852 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
853
854 /*
855 * update / create cache entry
856 * for the source address
857 */
858 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
859 !inc || lladdr || !dev->addr_len);
860 if (neigh)
861 neigh_update(neigh, lladdr, NUD_STALE,
862 NEIGH_UPDATE_F_WEAK_OVERRIDE|
863 NEIGH_UPDATE_F_OVERRIDE);
864 if (neigh || !dev->hard_header) {
865 ndisc_send_na(dev, neigh, saddr, &msg->target,
866 idev->cnf.forwarding,
867 1, (ifp != NULL && inc), inc);
868 if (neigh)
869 neigh_release(neigh);
870 }
871
872out:
873 if (ifp)
874 in6_ifa_put(ifp);
875 else
876 in6_dev_put(idev);
877
878 return;
879}
880
881static void ndisc_recv_na(struct sk_buff *skb)
882{
883 struct nd_msg *msg = (struct nd_msg *)skb->h.raw;
884 struct in6_addr *saddr = &skb->nh.ipv6h->saddr;
885 struct in6_addr *daddr = &skb->nh.ipv6h->daddr;
886 u8 *lladdr = NULL;
887 u32 ndoptlen = skb->tail - msg->opt;
888 struct ndisc_options ndopts;
889 struct net_device *dev = skb->dev;
890 struct inet6_ifaddr *ifp;
891 struct neighbour *neigh;
892
893 if (skb->len < sizeof(struct nd_msg)) {
894 ND_PRINTK2(KERN_WARNING
895 "ICMPv6 NA: packet too short\n");
896 return;
897 }
898
899 if (ipv6_addr_is_multicast(&msg->target)) {
900 ND_PRINTK2(KERN_WARNING
901 "ICMPv6 NA: target address is multicast.\n");
902 return;
903 }
904
905 if (ipv6_addr_is_multicast(daddr) &&
906 msg->icmph.icmp6_solicited) {
907 ND_PRINTK2(KERN_WARNING
908 "ICMPv6 NA: solicited NA is multicasted.\n");
909 return;
910 }
911
912 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
913 ND_PRINTK2(KERN_WARNING
914 "ICMPv6 NS: invalid ND option\n");
915 return;
916 }
917 if (ndopts.nd_opts_tgt_lladdr) {
918 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
919 if (!lladdr) {
920 ND_PRINTK2(KERN_WARNING
921 "ICMPv6 NA: invalid link-layer address length\n");
922 return;
923 }
924 }
925 if ((ifp = ipv6_get_ifaddr(&msg->target, dev, 1))) {
926 if (ifp->flags & IFA_F_TENTATIVE) {
927 addrconf_dad_failure(ifp);
928 return;
929 }
930 /* What should we make now? The advertisement
931 is invalid, but ndisc specs say nothing
932 about it. It could be misconfiguration, or
933 an smart proxy agent tries to help us :-)
934 */
935 ND_PRINTK1(KERN_WARNING
936 "ICMPv6 NA: someone advertises our address on %s!\n",
937 ifp->idev->dev->name);
938 in6_ifa_put(ifp);
939 return;
940 }
941 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
942
943 if (neigh) {
944 u8 old_flags = neigh->flags;
945
946 if (neigh->nud_state & NUD_FAILED)
947 goto out;
948
949 neigh_update(neigh, lladdr,
950 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
951 NEIGH_UPDATE_F_WEAK_OVERRIDE|
952 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
953 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
954 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0));
955
956 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
957 /*
958 * Change: router to host
959 */
960 struct rt6_info *rt;
961 rt = rt6_get_dflt_router(saddr, dev);
962 if (rt)
0d51aa80 963 ip6_del_rt(rt, NULL, NULL, NULL);
1da177e4
LT		 964 }
965
966out:
967 neigh_release(neigh);
968 }
969}
970
971static void ndisc_recv_rs(struct sk_buff *skb)
972{
973 struct rs_msg *rs_msg = (struct rs_msg *) skb->h.raw;
974 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
975 struct neighbour *neigh;
976 struct inet6_dev *idev;
977 struct in6_addr *saddr = &skb->nh.ipv6h->saddr;
978 struct ndisc_options ndopts;
979 u8 *lladdr = NULL;
980
981 if (skb->len < sizeof(*rs_msg))
982 return;
983
984 idev = in6_dev_get(skb->dev);
985 if (!idev) {
986 if (net_ratelimit())
987 ND_PRINTK1("ICMP6 RS: can't find in6 device\n");
988 return;
989 }
990
991 /* Don't accept RS if we're not in router mode */
992 if (!idev->cnf.forwarding)
993 goto out;
994
995 /*
996 * Don't update NCE if src = ::;
997 * this implies that the source node has no ip address assigned yet.
998 */
999 if (ipv6_addr_any(saddr))
1000 goto out;
1001
1002 /* Parse ND options */
1003 if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) {
1004 if (net_ratelimit())
1005 ND_PRINTK2("ICMP6 NS: invalid ND option, ignored\n");
1006 goto out;
1007 }
1008
1009 if (ndopts.nd_opts_src_lladdr) {
1010 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1011 skb->dev);
1012 if (!lladdr)
1013 goto out;
1014 }
1015
1016 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1017 if (neigh) {
1018 neigh_update(neigh, lladdr, NUD_STALE,
1019 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1020 NEIGH_UPDATE_F_OVERRIDE|
1021 NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
1022 neigh_release(neigh);
1023 }
1024out:
1025 in6_dev_put(idev);
1026}
1027
1028static void ndisc_router_discovery(struct sk_buff *skb)
1029{
1030 struct ra_msg *ra_msg = (struct ra_msg *) skb->h.raw;
1031 struct neighbour *neigh = NULL;
1032 struct inet6_dev *in6_dev;
65f5c7c1 1033 struct rt6_info *rt = NULL;
1da177e4
LT		 1034 int lifetime;
1035 struct ndisc_options ndopts;
1036 int optlen;
ebacaaa0 1037 unsigned int pref = 0;
1da177e4
LT		 1038
1039 __u8 * opt = (__u8 *)(ra_msg + 1);
1040
1041 optlen = (skb->tail - skb->h.raw) - sizeof(struct ra_msg);
1042
1043 if (!(ipv6_addr_type(&skb->nh.ipv6h->saddr) & IPV6_ADDR_LINKLOCAL)) {
1044 ND_PRINTK2(KERN_WARNING
1045 "ICMPv6 RA: source address is not link-local.\n");
1046 return;
1047 }
1048 if (optlen < 0) {
1049 ND_PRINTK2(KERN_WARNING
1050 "ICMPv6 RA: packet too short\n");
1051 return;
1052 }
1053
1054 /*
1055 * set the RA_RECV flag in the interface
1056 */
1057
1058 in6_dev = in6_dev_get(skb->dev);
1059 if (in6_dev == NULL) {
1060 ND_PRINTK0(KERN_ERR
1061 "ICMPv6 RA: can't find inet6 device for %s.\n",
1062 skb->dev->name);
1063 return;
1064 }
1065 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_ra) {
1066 in6_dev_put(in6_dev);
1067 return;
1068 }
1069
1070 if (!ndisc_parse_options(opt, optlen, &ndopts)) {
1071 in6_dev_put(in6_dev);
1072 ND_PRINTK2(KERN_WARNING
1073 "ICMP6 RA: invalid ND options\n");
1074 return;
1075 }
1076
1077 if (in6_dev->if_flags & IF_RS_SENT) {
1078 /*
1079 * flag that an RA was received after an RS was sent
1080 * out on this interface.
1081 */
1082 in6_dev->if_flags |= IF_RA_RCVD;
1083 }
1084
1085 /*
1086 * Remember the managed/otherconf flags from most recently
1087 * received RA message (RFC 2462) -- yoshfuji
1088 */
1089 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1090 IF_RA_OTHERCONF)) |
1091 (ra_msg->icmph.icmp6_addrconf_managed ?
1092 IF_RA_MANAGED : 0) |
1093 (ra_msg->icmph.icmp6_addrconf_other ?
1094 IF_RA_OTHERCONF : 0);
1095
65f5c7c1
YH		 1096 if (!in6_dev->cnf.accept_ra_defrtr)
1097 goto skip_defrtr;
1098
1da177e4
LT		 1099 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1100
ebacaaa0
YH		 1101#ifdef CONFIG_IPV6_ROUTER_PREF
1102 pref = ra_msg->icmph.icmp6_router_pref;
1103 /* 10b is handled as if it were 00b (medium) */
930d6ff2
YH		 1104 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1105 in6_dev->cnf.accept_ra_rtr_pref)
ebacaaa0
YH		 1106 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1107#endif
1108
1da177e4
LT		 1109 rt = rt6_get_dflt_router(&skb->nh.ipv6h->saddr, skb->dev);
1110
1111 if (rt)
1112 neigh = rt->rt6i_nexthop;
1113
1114 if (rt && lifetime == 0) {
1115 neigh_clone(neigh);
0d51aa80 1116 ip6_del_rt(rt, NULL, NULL, NULL);
1da177e4
LT		 1117 rt = NULL;
1118 }
1119
1120 if (rt == NULL && lifetime) {
1121 ND_PRINTK3(KERN_DEBUG
1122 "ICMPv6 RA: adding default router.\n");
1123
ebacaaa0 1124 rt = rt6_add_dflt_router(&skb->nh.ipv6h->saddr, skb->dev, pref);
1da177e4
LT		 1125 if (rt == NULL) {
1126 ND_PRINTK0(KERN_ERR
1127 "ICMPv6 RA: %s() failed to add default route.\n",
1128 __FUNCTION__);
1129 in6_dev_put(in6_dev);
1130 return;
1131 }
1132
1133 neigh = rt->rt6i_nexthop;
1134 if (neigh == NULL) {
1135 ND_PRINTK0(KERN_ERR
1136 "ICMPv6 RA: %s() got default router without neighbour.\n",
1137 __FUNCTION__);
1138 dst_release(&rt->u.dst);
1139 in6_dev_put(in6_dev);
1140 return;
1141 }
1142 neigh->flags |= NTF_ROUTER;
ebacaaa0
YH		 1143 } else if (rt) {
1144 rt->rt6i_flags |= (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1da177e4
LT		 1145 }
1146
1147 if (rt)
1148 rt->rt6i_expires = jiffies + (HZ * lifetime);
1149
1150 if (ra_msg->icmph.icmp6_hop_limit) {
1151 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1152 if (rt)
1153 rt->u.dst.metrics[RTAX_HOPLIMIT-1] = ra_msg->icmph.icmp6_hop_limit;
1154 }
1155
65f5c7c1
YH		 1156skip_defrtr:
1157
1da177e4
LT		 1158 /*
1159 * Update Reachable Time and Retrans Timer
1160 */
1161
1162 if (in6_dev->nd_parms) {
1163 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1164
1165 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1166 rtime = (rtime*HZ)/1000;
1167 if (rtime < HZ/10)
1168 rtime = HZ/10;
1169 in6_dev->nd_parms->retrans_time = rtime;
1170 in6_dev->tstamp = jiffies;
1171 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1172 }
1173
1174 rtime = ntohl(ra_msg->reachable_time);
1175 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1176 rtime = (rtime*HZ)/1000;
1177
1178 if (rtime < HZ/10)
1179 rtime = HZ/10;
1180
1181 if (rtime != in6_dev->nd_parms->base_reachable_time) {
1182 in6_dev->nd_parms->base_reachable_time = rtime;
1183 in6_dev->nd_parms->gc_staletime = 3 * rtime;
1184 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1185 in6_dev->tstamp = jiffies;
1186 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1187 }
1188 }
1189 }
1190
1191 /*
1192 * Process options.
1193 */
1194
1195 if (!neigh)
1196 neigh = __neigh_lookup(&nd_tbl, &skb->nh.ipv6h->saddr,
1197 skb->dev, 1);
1198 if (neigh) {
1199 u8 *lladdr = NULL;
1200 if (ndopts.nd_opts_src_lladdr) {
1201 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1202 skb->dev);
1203 if (!lladdr) {
1204 ND_PRINTK2(KERN_WARNING
1205 "ICMPv6 RA: invalid link-layer address length\n");
1206 goto out;
1207 }
1208 }
1209 neigh_update(neigh, lladdr, NUD_STALE,
1210 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1211 NEIGH_UPDATE_F_OVERRIDE|
1212 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1213 NEIGH_UPDATE_F_ISROUTER);
1214 }
1215
70ceb4f5 1216#ifdef CONFIG_IPV6_ROUTE_INFO
09c884d4 1217 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
70ceb4f5
YH		 1218 struct nd_opt_hdr *p;
1219 for (p = ndopts.nd_opts_ri;
1220 p;
1221 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
09c884d4
YH		 1222 if (((struct route_info *)p)->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1223 continue;
70ceb4f5
YH		 1224 rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3,
1225 &skb->nh.ipv6h->saddr);
1226 }
1227 }
1228#endif
1229
c4fd30eb 1230 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1da177e4
LT		 1231 struct nd_opt_hdr *p;
1232 for (p = ndopts.nd_opts_pi;
1233 p;
1234 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1235 addrconf_prefix_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3);
1236 }
1237 }
1238
1239 if (ndopts.nd_opts_mtu) {
1240 u32 mtu;
1241
1242 memcpy(&mtu, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1243 mtu = ntohl(mtu);
1244
1245 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1246 ND_PRINTK2(KERN_WARNING
1247 "ICMPv6 RA: invalid mtu: %d\n",
1248 mtu);
1249 } else if (in6_dev->cnf.mtu6 != mtu) {
1250 in6_dev->cnf.mtu6 = mtu;
1251
1252 if (rt)
1253 rt->u.dst.metrics[RTAX_MTU-1] = mtu;
1254
1255 rt6_mtu_change(skb->dev, mtu);
1256 }
1257 }
1258
1259 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1260 ND_PRINTK2(KERN_WARNING
1261 "ICMPv6 RA: invalid RA options");
1262 }
1263out:
1264 if (rt)
1265 dst_release(&rt->u.dst);
1266 else if (neigh)
1267 neigh_release(neigh);
1268 in6_dev_put(in6_dev);
1269}
1270
1271static void ndisc_redirect_rcv(struct sk_buff *skb)
1272{
1273 struct inet6_dev *in6_dev;
1274 struct icmp6hdr *icmph;
1275 struct in6_addr *dest;
1276 struct in6_addr *target; /* new first hop to destination */
1277 struct neighbour *neigh;
1278 int on_link = 0;
1279 struct ndisc_options ndopts;
1280 int optlen;
1281 u8 *lladdr = NULL;
1282
1283 if (!(ipv6_addr_type(&skb->nh.ipv6h->saddr) & IPV6_ADDR_LINKLOCAL)) {
1284 ND_PRINTK2(KERN_WARNING
1285 "ICMPv6 Redirect: source address is not link-local.\n");
1286 return;
1287 }
1288
1289 optlen = skb->tail - skb->h.raw;
1290 optlen -= sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1291
1292 if (optlen < 0) {
1293 ND_PRINTK2(KERN_WARNING
1294 "ICMPv6 Redirect: packet too short\n");
1295 return;
1296 }
1297
1298 icmph = (struct icmp6hdr *) skb->h.raw;
1299 target = (struct in6_addr *) (icmph + 1);
1300 dest = target + 1;
1301
1302 if (ipv6_addr_is_multicast(dest)) {
1303 ND_PRINTK2(KERN_WARNING
1304 "ICMPv6 Redirect: destination address is multicast.\n");
1305 return;
1306 }
1307
1308 if (ipv6_addr_equal(dest, target)) {
1309 on_link = 1;
1310 } else if (!(ipv6_addr_type(target) & IPV6_ADDR_LINKLOCAL)) {
1311 ND_PRINTK2(KERN_WARNING
1312 "ICMPv6 Redirect: target address is not link-local.\n");
1313 return;
1314 }
1315
1316 in6_dev = in6_dev_get(skb->dev);
1317 if (!in6_dev)
1318 return;
1319 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects) {
1320 in6_dev_put(in6_dev);
1321 return;
1322 }
1323
1324 /* RFC2461 8.1:
1325 * The IP source address of the Redirect MUST be the same as the current
1326 * first-hop router for the specified ICMP Destination Address.
1327 */
1328
1329 if (!ndisc_parse_options((u8*)(dest + 1), optlen, &ndopts)) {
1330 ND_PRINTK2(KERN_WARNING
1331 "ICMPv6 Redirect: invalid ND options\n");
1332 in6_dev_put(in6_dev);
1333 return;
1334 }
1335 if (ndopts.nd_opts_tgt_lladdr) {
1336 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr,
1337 skb->dev);
1338 if (!lladdr) {
1339 ND_PRINTK2(KERN_WARNING
1340 "ICMPv6 Redirect: invalid link-layer address length\n");
1341 in6_dev_put(in6_dev);
1342 return;
1343 }
1344 }
1345
1346 neigh = __neigh_lookup(&nd_tbl, target, skb->dev, 1);
1347 if (neigh) {
1348 rt6_redirect(dest, &skb->nh.ipv6h->saddr, neigh, lladdr,
1349 on_link);
1350 neigh_release(neigh);
1351 }
1352 in6_dev_put(in6_dev);
1353}
1354
1355void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh,
1356 struct in6_addr *target)
1357{
1358 struct sock *sk = ndisc_socket->sk;
1359 int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1360 struct sk_buff *buff;
1361 struct icmp6hdr *icmph;
1362 struct in6_addr saddr_buf;
1363 struct in6_addr *addrp;
1364 struct net_device *dev;
1365 struct rt6_info *rt;
1366 struct dst_entry *dst;
1367 struct inet6_dev *idev;
1368 struct flowi fl;
1369 u8 *opt;
1370 int rd_len;
1371 int err;
1372 int hlen;
1373 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL;
1374
1375 dev = skb->dev;
1376
1377 if (ipv6_get_lladdr(dev, &saddr_buf)) {
1378 ND_PRINTK2(KERN_WARNING
1379 "ICMPv6 Redirect: no link-local address on %s\n",
1380 dev->name);
1381 return;
1382 }
1383
1384 ndisc_flow_init(&fl, NDISC_REDIRECT, &saddr_buf, &skb->nh.ipv6h->saddr);
1385
1386 dst = ip6_route_output(NULL, &fl);
1387 if (dst == NULL)
1388 return;
1389
1390 err = xfrm_lookup(&dst, &fl, NULL, 0);
e104411b 1391 if (err)
1da177e4 1392 return;
1da177e4
LT		 1393
1394 rt = (struct rt6_info *) dst;
1395
1396 if (rt->rt6i_flags & RTF_GATEWAY) {
1397 ND_PRINTK2(KERN_WARNING
1398 "ICMPv6 Redirect: destination is not a neighbour.\n");
1399 dst_release(dst);
1400 return;
1401 }
1402 if (!xrlim_allow(dst, 1*HZ)) {
1403 dst_release(dst);
1404 return;
1405 }
1406
1407 if (dev->addr_len) {
1408 read_lock_bh(&neigh->lock);
1409 if (neigh->nud_state & NUD_VALID) {
1410 memcpy(ha_buf, neigh->ha, dev->addr_len);
1411 read_unlock_bh(&neigh->lock);
1412 ha = ha_buf;
1413 len += ndisc_opt_addr_space(dev);
1414 } else
1415 read_unlock_bh(&neigh->lock);
1416 }
1417
1418 rd_len = min_t(unsigned int,
1419 IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8);
1420 rd_len &= ~0x7;
1421 len += rd_len;
1422
1423 buff = sock_alloc_send_skb(sk, MAX_HEADER + len + LL_RESERVED_SPACE(dev),
1424 1, &err);
1425 if (buff == NULL) {
1426 ND_PRINTK0(KERN_ERR
1427 "ICMPv6 Redirect: %s() failed to allocate an skb.\n",
1428 __FUNCTION__);
1429 dst_release(dst);
1430 return;
1431 }
1432
1433 hlen = 0;
1434
1435 skb_reserve(buff, LL_RESERVED_SPACE(dev));
1436 ip6_nd_hdr(sk, buff, dev, &saddr_buf, &skb->nh.ipv6h->saddr,
1437 IPPROTO_ICMPV6, len);
1438
1439 icmph = (struct icmp6hdr *)skb_put(buff, len);
1440 buff->h.raw = (unsigned char*)icmph;
1441
1442 memset(icmph, 0, sizeof(struct icmp6hdr));
1443 icmph->icmp6_type = NDISC_REDIRECT;
1444
1445 /*
1446 * copy target and destination addresses
1447 */
1448
1449 addrp = (struct in6_addr *)(icmph + 1);
1450 ipv6_addr_copy(addrp, target);
1451 addrp++;
1452 ipv6_addr_copy(addrp, &skb->nh.ipv6h->daddr);
1453
1454 opt = (u8*) (addrp + 1);
1455
1456 /*
1457 * include target_address option
1458 */
1459
1460 if (ha)
1461 opt = ndisc_fill_addr_option(opt, ND_OPT_TARGET_LL_ADDR, ha,
1462 dev->addr_len, dev->type);
1463
1464 /*
1465 * build redirect option and copy skb over to the new packet.
1466 */
1467
1468 memset(opt, 0, 8);
1469 *(opt++) = ND_OPT_REDIRECT_HDR;
1470 *(opt++) = (rd_len >> 3);
1471 opt += 6;
1472
1473 memcpy(opt, skb->nh.ipv6h, rd_len - 8);
1474
1475 icmph->icmp6_cksum = csum_ipv6_magic(&saddr_buf, &skb->nh.ipv6h->saddr,
1476 len, IPPROTO_ICMPV6,
1477 csum_partial((u8 *) icmph, len, 0));
1478
1479 buff->dst = dst;
1480 idev = in6_dev_get(dst->dev);
1481 IP6_INC_STATS(IPSTATS_MIB_OUTREQUESTS);
1482 err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, buff, NULL, dst->dev, dst_output);
1483 if (!err) {
1484 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTREDIRECTS);
1485 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS);
1486 }
1487
1488 if (likely(idev != NULL))
1489 in6_dev_put(idev);
1490}
1491
1492static void pndisc_redo(struct sk_buff *skb)
1493{
140e26fc 1494 ndisc_recv_ns(skb);
1da177e4
LT		 1495 kfree_skb(skb);
1496}
1497
1498int ndisc_rcv(struct sk_buff *skb)
1499{
1500 struct nd_msg *msg;
1501
1502 if (!pskb_may_pull(skb, skb->len))
1503 return 0;
1504
1505 msg = (struct nd_msg *) skb->h.raw;
1506
1507 __skb_push(skb, skb->data-skb->h.raw);
1508
1509 if (skb->nh.ipv6h->hop_limit != 255) {
1510 ND_PRINTK2(KERN_WARNING
1511 "ICMPv6 NDISC: invalid hop-limit: %d\n",
1512 skb->nh.ipv6h->hop_limit);
1513 return 0;
1514 }
1515
1516 if (msg->icmph.icmp6_code != 0) {
1517 ND_PRINTK2(KERN_WARNING
1518 "ICMPv6 NDISC: invalid ICMPv6 code: %d\n",
1519 msg->icmph.icmp6_code);
1520 return 0;
1521 }
1522
a61bbcf2
PM		 1523 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1524
1da177e4
LT		 1525 switch (msg->icmph.icmp6_type) {
1526 case NDISC_NEIGHBOUR_SOLICITATION:
1527 ndisc_recv_ns(skb);
1528 break;
1529
1530 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1531 ndisc_recv_na(skb);
1532 break;
1533
1534 case NDISC_ROUTER_SOLICITATION:
1535 ndisc_recv_rs(skb);
1536 break;
1537
1538 case NDISC_ROUTER_ADVERTISEMENT:
1539 ndisc_router_discovery(skb);
1540 break;
1541
1542 case NDISC_REDIRECT:
1543 ndisc_redirect_rcv(skb);
1544 break;
1545 };
1546
1547 return 0;
1548}
1549
1550static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1551{
1552 struct net_device *dev = ptr;
1553
1554 switch (event) {
1555 case NETDEV_CHANGEADDR:
1556 neigh_changeaddr(&nd_tbl, dev);
1557 fib6_run_gc(~0UL);
1558 break;
1559 case NETDEV_DOWN:
1560 neigh_ifdown(&nd_tbl, dev);
1561 fib6_run_gc(~0UL);
1562 break;
1563 default:
1564 break;
1565 }
1566
1567 return NOTIFY_DONE;
1568}
1569
1570static struct notifier_block ndisc_netdev_notifier = {
1571 .notifier_call = ndisc_netdev_event,
1572};
1573
1574#ifdef CONFIG_SYSCTL
1575static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1576 const char *func, const char *dev_name)
1577{
1578 static char warncomm[TASK_COMM_LEN];
1579 static int warned;
1580 if (strcmp(warncomm, current->comm) && warned < 5) {
1581 strcpy(warncomm, current->comm);
1582 printk(KERN_WARNING
1583 "process `%s' is using deprecated sysctl (%s) "
1584 "net.ipv6.neigh.%s.%s; "
1585 "Use net.ipv6.neigh.%s.%s_ms "
1586 "instead.\n",
1587 warncomm, func,
1588 dev_name, ctl->procname,
1589 dev_name, ctl->procname);
1590 warned++;
1591 }
1592}
1593
1594int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, struct file * filp, void __user *buffer, size_t *lenp, loff_t *ppos)
1595{
1596 struct net_device *dev = ctl->extra1;
1597 struct inet6_dev *idev;
1598 int ret;
1599
1600 if (ctl->ctl_name == NET_NEIGH_RETRANS_TIME ||
1601 ctl->ctl_name == NET_NEIGH_REACHABLE_TIME)
1602 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1603
1604 switch (ctl->ctl_name) {
1605 case NET_NEIGH_RETRANS_TIME:
1606 ret = proc_dointvec(ctl, write, filp, buffer, lenp, ppos);
1607 break;
1608 case NET_NEIGH_REACHABLE_TIME:
1609 ret = proc_dointvec_jiffies(ctl, write,
1610 filp, buffer, lenp, ppos);
1611 break;
1612 case NET_NEIGH_RETRANS_TIME_MS:
1613 case NET_NEIGH_REACHABLE_TIME_MS:
1614 ret = proc_dointvec_ms_jiffies(ctl, write,
1615 filp, buffer, lenp, ppos);
1616 break;
1617 default:
1618 ret = -1;
1619 }
1620
1621 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1622 if (ctl->ctl_name == NET_NEIGH_REACHABLE_TIME ||
1623 ctl->ctl_name == NET_NEIGH_REACHABLE_TIME_MS)
1624 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time);
1625 idev->tstamp = jiffies;
1626 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1627 in6_dev_put(idev);
1628 }
1629 return ret;
1630}
1631
1632static int ndisc_ifinfo_sysctl_strategy(ctl_table *ctl, int __user *name,
1633 int nlen, void __user *oldval,
1634 size_t __user *oldlenp,
1635 void __user *newval, size_t newlen,
1636 void **context)
1637{
1638 struct net_device *dev = ctl->extra1;
1639 struct inet6_dev *idev;
1640 int ret;
1641
1642 if (ctl->ctl_name == NET_NEIGH_RETRANS_TIME ||
1643 ctl->ctl_name == NET_NEIGH_REACHABLE_TIME)
1644 ndisc_warn_deprecated_sysctl(ctl, "procfs", dev ? dev->name : "default");
1645
1646 switch (ctl->ctl_name) {
1647 case NET_NEIGH_REACHABLE_TIME:
1648 ret = sysctl_jiffies(ctl, name, nlen,
1649 oldval, oldlenp, newval, newlen,
1650 context);
1651 break;
1652 case NET_NEIGH_RETRANS_TIME_MS:
1653 case NET_NEIGH_REACHABLE_TIME_MS:
1654 ret = sysctl_ms_jiffies(ctl, name, nlen,
1655 oldval, oldlenp, newval, newlen,
1656 context);
1657 break;
1658 default:
1659 ret = 0;
1660 }
1661
1662 if (newval && newlen && ret > 0 &&
1663 dev && (idev = in6_dev_get(dev)) != NULL) {
1664 if (ctl->ctl_name == NET_NEIGH_REACHABLE_TIME ||
1665 ctl->ctl_name == NET_NEIGH_REACHABLE_TIME_MS)
1666 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time);
1667 idev->tstamp = jiffies;
1668 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1669 in6_dev_put(idev);
1670 }
1671
1672 return ret;
1673}
1674
1675#endif
1676
1677int __init ndisc_init(struct net_proto_family *ops)
1678{
1679 struct ipv6_pinfo *np;
1680 struct sock *sk;
1681 int err;
1682
1683 err = sock_create_kern(PF_INET6, SOCK_RAW, IPPROTO_ICMPV6, &ndisc_socket);
1684 if (err < 0) {
1685 ND_PRINTK0(KERN_ERR
1686 "ICMPv6 NDISC: Failed to initialize the control socket (err %d).\n",
1687 err);
1688 ndisc_socket = NULL; /* For safety. */
1689 return err;
1690 }
1691
1692 sk = ndisc_socket->sk;
1693 np = inet6_sk(sk);
1694 sk->sk_allocation = GFP_ATOMIC;
1695 np->hop_limit = 255;
1696 /* Do not loopback ndisc messages */
1697 np->mc_loop = 0;
1698 sk->sk_prot->unhash(sk);
1699
1700 /*
1701 * Initialize the neighbour table
1702 */
1703
1704 neigh_table_init(&nd_tbl);
1705
1706#ifdef CONFIG_SYSCTL
1707 neigh_sysctl_register(NULL, &nd_tbl.parms, NET_IPV6, NET_IPV6_NEIGH,
1708 "ipv6",
1709 &ndisc_ifinfo_sysctl_change,
1710 &ndisc_ifinfo_sysctl_strategy);
1711#endif
1712
1713 register_netdevice_notifier(&ndisc_netdev_notifier);
1714 return 0;
1715}
1716
1717void ndisc_cleanup(void)
1718{
1719#ifdef CONFIG_SYSCTL
1720 neigh_sysctl_unregister(&nd_tbl.parms);
1721#endif
1722 neigh_table_clear(&nd_tbl);
1723 sock_release(ndisc_socket);
1724 ndisc_socket = NULL; /* For safety. */
1725}
Clone of davem's net-next-2.6 tree