]> bbs.cooldavid.org Git - net-next-2.6.git/blame - net/ipv6/ndisc.c
git://bbs.cooldavid.org / net-next-2.6.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
[IPV6]: Don't forward packets to proxied link-local address.
[net-next-2.6.git] / net / ipv6 / ndisc.c
CommitLineData
1da177e4
LT		 1/*
2 * Neighbour Discovery for IPv6
3 * Linux INET6 implementation
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 * Mike Shaver <shaver@ingenia.com>
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version
12 * 2 of the License, or (at your option) any later version.
13 */
14
15/*
16 * Changes:
17 *
18 * Lars Fenneberg : fixed MTU setting on receipt
19 * of an RA.
20 *
21 * Janos Farkas : kmalloc failure checks
22 * Alexey Kuznetsov : state machine reworked
23 * and moved to net/core.
24 * Pekka Savola : RFC2461 validation
25 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly
26 */
27
28/* Set to 3 to get tracing... */
29#define ND_DEBUG 1
30
31#define ND_PRINTK(fmt, args...) do { if (net_ratelimit()) { printk(fmt, ## args); } } while(0)
32#define ND_NOPRINTK(x...) do { ; } while(0)
33#define ND_PRINTK0 ND_PRINTK
34#define ND_PRINTK1 ND_NOPRINTK
35#define ND_PRINTK2 ND_NOPRINTK
36#define ND_PRINTK3 ND_NOPRINTK
37#if ND_DEBUG >= 1
38#undef ND_PRINTK1
39#define ND_PRINTK1 ND_PRINTK
40#endif
41#if ND_DEBUG >= 2
42#undef ND_PRINTK2
43#define ND_PRINTK2 ND_PRINTK
44#endif
45#if ND_DEBUG >= 3
46#undef ND_PRINTK3
47#define ND_PRINTK3 ND_PRINTK
48#endif
49
50#include <linux/module.h>
1da177e4
LT		 51#include <linux/errno.h>
52#include <linux/types.h>
53#include <linux/socket.h>
54#include <linux/sockios.h>
55#include <linux/sched.h>
56#include <linux/net.h>
57#include <linux/in6.h>
58#include <linux/route.h>
59#include <linux/init.h>
60#include <linux/rcupdate.h>
61#ifdef CONFIG_SYSCTL
62#include <linux/sysctl.h>
63#endif
64
1823730f 65#include <linux/if_addr.h>
1da177e4
LT		 66#include <linux/if_arp.h>
67#include <linux/ipv6.h>
68#include <linux/icmpv6.h>
69#include <linux/jhash.h>
70
71#include <net/sock.h>
72#include <net/snmp.h>
73
74#include <net/ipv6.h>
75#include <net/protocol.h>
76#include <net/ndisc.h>
77#include <net/ip6_route.h>
78#include <net/addrconf.h>
79#include <net/icmp.h>
80
81#include <net/flow.h>
82#include <net/ip6_checksum.h>
83#include <linux/proc_fs.h>
84
85#include <linux/netfilter.h>
86#include <linux/netfilter_ipv6.h>
87
88static struct socket *ndisc_socket;
89
90static u32 ndisc_hash(const void *pkey, const struct net_device *dev);
91static int ndisc_constructor(struct neighbour *neigh);
92static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
93static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
94static int pndisc_constructor(struct pneigh_entry *n);
95static void pndisc_destructor(struct pneigh_entry *n);
96static void pndisc_redo(struct sk_buff *skb);
97
98static struct neigh_ops ndisc_generic_ops = {
99 .family = AF_INET6,
100 .solicit = ndisc_solicit,
101 .error_report = ndisc_error_report,
102 .output = neigh_resolve_output,
103 .connected_output = neigh_connected_output,
104 .hh_output = dev_queue_xmit,
105 .queue_xmit = dev_queue_xmit,
106};
107
108static struct neigh_ops ndisc_hh_ops = {
109 .family = AF_INET6,
110 .solicit = ndisc_solicit,
111 .error_report = ndisc_error_report,
112 .output = neigh_resolve_output,
113 .connected_output = neigh_resolve_output,
114 .hh_output = dev_queue_xmit,
115 .queue_xmit = dev_queue_xmit,
116};
117
118
119static struct neigh_ops ndisc_direct_ops = {
120 .family = AF_INET6,
121 .output = dev_queue_xmit,
122 .connected_output = dev_queue_xmit,
123 .hh_output = dev_queue_xmit,
124 .queue_xmit = dev_queue_xmit,
125};
126
127struct neigh_table nd_tbl = {
128 .family = AF_INET6,
129 .entry_size = sizeof(struct neighbour) + sizeof(struct in6_addr),
130 .key_len = sizeof(struct in6_addr),
131 .hash = ndisc_hash,
132 .constructor = ndisc_constructor,
133 .pconstructor = pndisc_constructor,
134 .pdestructor = pndisc_destructor,
135 .proxy_redo = pndisc_redo,
136 .id = "ndisc_cache",
137 .parms = {
138 .tbl = &nd_tbl,
139 .base_reachable_time = 30 * HZ,
140 .retrans_time = 1 * HZ,
141 .gc_staletime = 60 * HZ,
142 .reachable_time = 30 * HZ,
143 .delay_probe_time = 5 * HZ,
144 .queue_len = 3,
145 .ucast_probes = 3,
146 .mcast_probes = 3,
147 .anycast_delay = 1 * HZ,
148 .proxy_delay = (8 * HZ) / 10,
149 .proxy_qlen = 64,
150 },
151 .gc_interval = 30 * HZ,
152 .gc_thresh1 = 128,
153 .gc_thresh2 = 512,
154 .gc_thresh3 = 1024,
155};
156
157/* ND options */
158struct ndisc_options {
70ceb4f5
YH		 159 struct nd_opt_hdr *nd_opt_array[__ND_OPT_ARRAY_MAX];
160#ifdef CONFIG_IPV6_ROUTE_INFO
161 struct nd_opt_hdr *nd_opts_ri;
162 struct nd_opt_hdr *nd_opts_ri_end;
163#endif
1da177e4
LT		 164};
165
166#define nd_opts_src_lladdr nd_opt_array[ND_OPT_SOURCE_LL_ADDR]
167#define nd_opts_tgt_lladdr nd_opt_array[ND_OPT_TARGET_LL_ADDR]
168#define nd_opts_pi nd_opt_array[ND_OPT_PREFIX_INFO]
169#define nd_opts_pi_end nd_opt_array[__ND_OPT_PREFIX_INFO_END]
170#define nd_opts_rh nd_opt_array[ND_OPT_REDIRECT_HDR]
171#define nd_opts_mtu nd_opt_array[ND_OPT_MTU]
172
173#define NDISC_OPT_SPACE(len) (((len)+2+7)&~7)
174
175/*
176 * Return the padding between the option length and the start of the
177 * link addr. Currently only IP-over-InfiniBand needs this, although
178 * if RFC 3831 IPv6-over-Fibre Channel is ever implemented it may
179 * also need a pad of 2.
180 */
181static int ndisc_addr_option_pad(unsigned short type)
182{
183 switch (type) {
184 case ARPHRD_INFINIBAND: return 2;
185 default: return 0;
186 }
187}
188
189static inline int ndisc_opt_addr_space(struct net_device *dev)
190{
191 return NDISC_OPT_SPACE(dev->addr_len + ndisc_addr_option_pad(dev->type));
192}
193
194static u8 *ndisc_fill_addr_option(u8 *opt, int type, void *data, int data_len,
195 unsigned short addr_type)
196{
197 int space = NDISC_OPT_SPACE(data_len);
198 int pad = ndisc_addr_option_pad(addr_type);
199
200 opt[0] = type;
201 opt[1] = space>>3;
202
203 memset(opt + 2, 0, pad);
204 opt += pad;
205 space -= pad;
206
207 memcpy(opt+2, data, data_len);
208 data_len += 2;
209 opt += data_len;
210 if ((space -= data_len) > 0)
211 memset(opt, 0, space);
212 return opt + space;
213}
214
215static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
216 struct nd_opt_hdr *end)
217{
218 int type;
219 if (!cur || !end || cur >= end)
220 return NULL;
221 type = cur->nd_opt_type;
222 do {
223 cur = ((void *)cur) + (cur->nd_opt_len << 3);
224 } while(cur < end && cur->nd_opt_type != type);
225 return (cur <= end && cur->nd_opt_type == type ? cur : NULL);
226}
227
228static struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
229 struct ndisc_options *ndopts)
230{
231 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
232
233 if (!nd_opt || opt_len < 0 || !ndopts)
234 return NULL;
235 memset(ndopts, 0, sizeof(*ndopts));
236 while (opt_len) {
237 int l;
238 if (opt_len < sizeof(struct nd_opt_hdr))
239 return NULL;
240 l = nd_opt->nd_opt_len << 3;
241 if (opt_len < l || l == 0)
242 return NULL;
243 switch (nd_opt->nd_opt_type) {
244 case ND_OPT_SOURCE_LL_ADDR:
245 case ND_OPT_TARGET_LL_ADDR:
246 case ND_OPT_MTU:
247 case ND_OPT_REDIRECT_HDR:
248 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
249 ND_PRINTK2(KERN_WARNING
250 "%s(): duplicated ND6 option found: type=%d\n",
251 __FUNCTION__,
252 nd_opt->nd_opt_type);
253 } else {
254 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
255 }
256 break;
257 case ND_OPT_PREFIX_INFO:
258 ndopts->nd_opts_pi_end = nd_opt;
259 if (ndopts->nd_opt_array[nd_opt->nd_opt_type] == 0)
260 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
261 break;
70ceb4f5
YH		 262#ifdef CONFIG_IPV6_ROUTE_INFO
263 case ND_OPT_ROUTE_INFO:
264 ndopts->nd_opts_ri_end = nd_opt;
265 if (!ndopts->nd_opts_ri)
266 ndopts->nd_opts_ri = nd_opt;
267 break;
268#endif
1da177e4
LT		 269 default:
270 /*
271 * Unknown options must be silently ignored,
272 * to accommodate future extension to the protocol.
273 */
274 ND_PRINTK2(KERN_NOTICE
275 "%s(): ignored unsupported option; type=%d, len=%d\n",
276 __FUNCTION__,
277 nd_opt->nd_opt_type, nd_opt->nd_opt_len);
278 }
279 opt_len -= l;
280 nd_opt = ((void *)nd_opt) + l;
281 }
282 return ndopts;
283}
284
285static inline u8 *ndisc_opt_addr_data(struct nd_opt_hdr *p,
286 struct net_device *dev)
287{
288 u8 *lladdr = (u8 *)(p + 1);
289 int lladdrlen = p->nd_opt_len << 3;
290 int prepad = ndisc_addr_option_pad(dev->type);
291 if (lladdrlen != NDISC_OPT_SPACE(dev->addr_len + prepad))
292 return NULL;
293 return (lladdr + prepad);
294}
295
296int ndisc_mc_map(struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
297{
298 switch (dev->type) {
299 case ARPHRD_ETHER:
300 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */
301 case ARPHRD_FDDI:
302 ipv6_eth_mc_map(addr, buf);
303 return 0;
304 case ARPHRD_IEEE802_TR:
305 ipv6_tr_mc_map(addr,buf);
306 return 0;
307 case ARPHRD_ARCNET:
308 ipv6_arcnet_mc_map(addr, buf);
309 return 0;
310 case ARPHRD_INFINIBAND:
311 ipv6_ib_mc_map(addr, buf);
312 return 0;
313 default:
314 if (dir) {
315 memcpy(buf, dev->broadcast, dev->addr_len);
316 return 0;
317 }
318 }
319 return -EINVAL;
320}
321
322static u32 ndisc_hash(const void *pkey, const struct net_device *dev)
323{
324 const u32 *p32 = pkey;
325 u32 addr_hash, i;
326
327 addr_hash = 0;
328 for (i = 0; i < (sizeof(struct in6_addr) / sizeof(u32)); i++)
329 addr_hash ^= *p32++;
330
331 return jhash_2words(addr_hash, dev->ifindex, nd_tbl.hash_rnd);
332}
333
334static int ndisc_constructor(struct neighbour *neigh)
335{
336 struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key;
337 struct net_device *dev = neigh->dev;
338 struct inet6_dev *in6_dev;
339 struct neigh_parms *parms;
340 int is_multicast = ipv6_addr_is_multicast(addr);
341
342 rcu_read_lock();
343 in6_dev = in6_dev_get(dev);
344 if (in6_dev == NULL) {
345 rcu_read_unlock();
346 return -EINVAL;
347 }
348
349 parms = in6_dev->nd_parms;
350 __neigh_parms_put(neigh->parms);
351 neigh->parms = neigh_parms_clone(parms);
352 rcu_read_unlock();
353
354 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
355 if (dev->hard_header == NULL) {
356 neigh->nud_state = NUD_NOARP;
357 neigh->ops = &ndisc_direct_ops;
358 neigh->output = neigh->ops->queue_xmit;
359 } else {
360 if (is_multicast) {
361 neigh->nud_state = NUD_NOARP;
362 ndisc_mc_map(addr, neigh->ha, dev, 1);
363 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
364 neigh->nud_state = NUD_NOARP;
365 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
366 if (dev->flags&IFF_LOOPBACK)
367 neigh->type = RTN_LOCAL;
368 } else if (dev->flags&IFF_POINTOPOINT) {
369 neigh->nud_state = NUD_NOARP;
370 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
371 }
372 if (dev->hard_header_cache)
373 neigh->ops = &ndisc_hh_ops;
374 else
375 neigh->ops = &ndisc_generic_ops;
376 if (neigh->nud_state&NUD_VALID)
377 neigh->output = neigh->ops->connected_output;
378 else
379 neigh->output = neigh->ops->output;
380 }
381 in6_dev_put(in6_dev);
382 return 0;
383}
384
385static int pndisc_constructor(struct pneigh_entry *n)
386{
387 struct in6_addr *addr = (struct in6_addr*)&n->key;
388 struct in6_addr maddr;
389 struct net_device *dev = n->dev;
390
391 if (dev == NULL || __in6_dev_get(dev) == NULL)
392 return -EINVAL;
393 addrconf_addr_solict_mult(addr, &maddr);
394 ipv6_dev_mc_inc(dev, &maddr);
395 return 0;
396}
397
398static void pndisc_destructor(struct pneigh_entry *n)
399{
400 struct in6_addr *addr = (struct in6_addr*)&n->key;
401 struct in6_addr maddr;
402 struct net_device *dev = n->dev;
403
404 if (dev == NULL || __in6_dev_get(dev) == NULL)
405 return;
406 addrconf_addr_solict_mult(addr, &maddr);
407 ipv6_dev_mc_dec(dev, &maddr);
408}
409
410/*
411 * Send a Neighbour Advertisement
412 */
413
414static inline void ndisc_flow_init(struct flowi *fl, u8 type,
af184765
YH		 415 struct in6_addr *saddr, struct in6_addr *daddr,
416 int oif)
1da177e4
LT		 417{
418 memset(fl, 0, sizeof(*fl));
419 ipv6_addr_copy(&fl->fl6_src, saddr);
420 ipv6_addr_copy(&fl->fl6_dst, daddr);
421 fl->proto = IPPROTO_ICMPV6;
422 fl->fl_icmp_type = type;
423 fl->fl_icmp_code = 0;
af184765 424 fl->oif = oif;
beb8d13b 425 security_sk_classify_flow(ndisc_socket->sk, fl);
1da177e4
LT		 426}
427
428static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
429 struct in6_addr *daddr, struct in6_addr *solicited_addr,
430 int router, int solicited, int override, int inc_opt)
431{
432 struct in6_addr tmpaddr;
433 struct inet6_ifaddr *ifp;
434 struct inet6_dev *idev;
435 struct flowi fl;
436 struct dst_entry* dst;
437 struct sock *sk = ndisc_socket->sk;
438 struct in6_addr *src_addr;
439 struct nd_msg *msg;
440 int len;
441 struct sk_buff *skb;
442 int err;
443
444 len = sizeof(struct icmp6hdr) + sizeof(struct in6_addr);
445
446 /* for anycast or proxy, solicited_addr != src_addr */
447 ifp = ipv6_get_ifaddr(solicited_addr, dev, 1);
448 if (ifp) {
449 src_addr = solicited_addr;
450 in6_ifa_put(ifp);
451 } else {
452 if (ipv6_dev_get_saddr(dev, daddr, &tmpaddr))
453 return;
454 src_addr = &tmpaddr;
455 }
456
af184765
YH		 457 ndisc_flow_init(&fl, NDISC_NEIGHBOUR_ADVERTISEMENT, src_addr, daddr,
458 dev->ifindex);
1da177e4
LT		 459
460 dst = ndisc_dst_alloc(dev, neigh, daddr, ip6_output);
461 if (!dst)
462 return;
463
464 err = xfrm_lookup(&dst, &fl, NULL, 0);
e104411b 465 if (err < 0)
1da177e4 466 return;
1da177e4
LT		 467
468 if (inc_opt) {
469 if (dev->addr_len)
470 len += ndisc_opt_addr_space(dev);
471 else
472 inc_opt = 0;
473 }
474
475 skb = sock_alloc_send_skb(sk, MAX_HEADER + len + LL_RESERVED_SPACE(dev),
476 1, &err);
477
478 if (skb == NULL) {
479 ND_PRINTK0(KERN_ERR
480 "ICMPv6 NA: %s() failed to allocate an skb.\n",
481 __FUNCTION__);
482 dst_release(dst);
483 return;
484 }
485
486 skb_reserve(skb, LL_RESERVED_SPACE(dev));
487 ip6_nd_hdr(sk, skb, dev, src_addr, daddr, IPPROTO_ICMPV6, len);
488
489 msg = (struct nd_msg *)skb_put(skb, len);
490 skb->h.raw = (unsigned char*)msg;
491
492 msg->icmph.icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT;
493 msg->icmph.icmp6_code = 0;
494 msg->icmph.icmp6_cksum = 0;
495
496 msg->icmph.icmp6_unused = 0;
497 msg->icmph.icmp6_router = router;
498 msg->icmph.icmp6_solicited = solicited;
499 msg->icmph.icmp6_override = !!override;
500
501 /* Set the target address. */
502 ipv6_addr_copy(&msg->target, solicited_addr);
503
504 if (inc_opt)
505 ndisc_fill_addr_option(msg->opt, ND_OPT_TARGET_LL_ADDR, dev->dev_addr,
506 dev->addr_len, dev->type);
507
508 /* checksum */
509 msg->icmph.icmp6_cksum = csum_ipv6_magic(src_addr, daddr, len,
510 IPPROTO_ICMPV6,
511 csum_partial((__u8 *) msg,
512 len, 0));
513
514 skb->dst = dst;
515 idev = in6_dev_get(dst->dev);
516 IP6_INC_STATS(IPSTATS_MIB_OUTREQUESTS);
517 err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, dst_output);
518 if (!err) {
519 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTNEIGHBORADVERTISEMENTS);
520 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS);
521 }
522
523 if (likely(idev != NULL))
524 in6_dev_put(idev);
525}
526
527void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh,
528 struct in6_addr *solicit,
529 struct in6_addr *daddr, struct in6_addr *saddr)
530{
531 struct flowi fl;
532 struct dst_entry* dst;
533 struct inet6_dev *idev;
534 struct sock *sk = ndisc_socket->sk;
535 struct sk_buff *skb;
536 struct nd_msg *msg;
537 struct in6_addr addr_buf;
538 int len;
539 int err;
540 int send_llinfo;
541
542 if (saddr == NULL) {
543 if (ipv6_get_lladdr(dev, &addr_buf))
544 return;
545 saddr = &addr_buf;
546 }
547
af184765
YH		 548 ndisc_flow_init(&fl, NDISC_NEIGHBOUR_SOLICITATION, saddr, daddr,
549 dev->ifindex);
1da177e4
LT		 550
551 dst = ndisc_dst_alloc(dev, neigh, daddr, ip6_output);
552 if (!dst)
553 return;
554
555 err = xfrm_lookup(&dst, &fl, NULL, 0);
e104411b 556 if (err < 0)
1da177e4 557 return;
1da177e4
LT		 558
559 len = sizeof(struct icmp6hdr) + sizeof(struct in6_addr);
560 send_llinfo = dev->addr_len && !ipv6_addr_any(saddr);
561 if (send_llinfo)
562 len += ndisc_opt_addr_space(dev);
563
564 skb = sock_alloc_send_skb(sk, MAX_HEADER + len + LL_RESERVED_SPACE(dev),
565 1, &err);
566 if (skb == NULL) {
567 ND_PRINTK0(KERN_ERR
568 "ICMPv6 NA: %s() failed to allocate an skb.\n",
569 __FUNCTION__);
570 dst_release(dst);
571 return;
572 }
573
574 skb_reserve(skb, LL_RESERVED_SPACE(dev));
575 ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len);
576
577 msg = (struct nd_msg *)skb_put(skb, len);
578 skb->h.raw = (unsigned char*)msg;
579 msg->icmph.icmp6_type = NDISC_NEIGHBOUR_SOLICITATION;
580 msg->icmph.icmp6_code = 0;
581 msg->icmph.icmp6_cksum = 0;
582 msg->icmph.icmp6_unused = 0;
583
584 /* Set the target address. */
585 ipv6_addr_copy(&msg->target, solicit);
586
587 if (send_llinfo)
588 ndisc_fill_addr_option(msg->opt, ND_OPT_SOURCE_LL_ADDR, dev->dev_addr,
589 dev->addr_len, dev->type);
590
591 /* checksum */
592 msg->icmph.icmp6_cksum = csum_ipv6_magic(&skb->nh.ipv6h->saddr,
593 daddr, len,
594 IPPROTO_ICMPV6,
595 csum_partial((__u8 *) msg,
596 len, 0));
597 /* send it! */
598 skb->dst = dst;
599 idev = in6_dev_get(dst->dev);
600 IP6_INC_STATS(IPSTATS_MIB_OUTREQUESTS);
601 err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, dst_output);
602 if (!err) {
603 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTNEIGHBORSOLICITS);
604 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS);
605 }
606
607 if (likely(idev != NULL))
608 in6_dev_put(idev);
609}
610
611void ndisc_send_rs(struct net_device *dev, struct in6_addr *saddr,
612 struct in6_addr *daddr)
613{
614 struct flowi fl;
615 struct dst_entry* dst;
616 struct inet6_dev *idev;
617 struct sock *sk = ndisc_socket->sk;
618 struct sk_buff *skb;
619 struct icmp6hdr *hdr;
620 __u8 * opt;
621 int len;
622 int err;
623
af184765
YH		 624 ndisc_flow_init(&fl, NDISC_ROUTER_SOLICITATION, saddr, daddr,
625 dev->ifindex);
1da177e4
LT		 626
627 dst = ndisc_dst_alloc(dev, NULL, daddr, ip6_output);
628 if (!dst)
629 return;
630
631 err = xfrm_lookup(&dst, &fl, NULL, 0);
e104411b 632 if (err < 0)
1da177e4 633 return;
1da177e4
LT		 634
635 len = sizeof(struct icmp6hdr);
636 if (dev->addr_len)
637 len += ndisc_opt_addr_space(dev);
638
639 skb = sock_alloc_send_skb(sk, MAX_HEADER + len + LL_RESERVED_SPACE(dev),
640 1, &err);
641 if (skb == NULL) {
642 ND_PRINTK0(KERN_ERR
643 "ICMPv6 RS: %s() failed to allocate an skb.\n",
644 __FUNCTION__);
645 dst_release(dst);
646 return;
647 }
648
649 skb_reserve(skb, LL_RESERVED_SPACE(dev));
650 ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len);
651
652 hdr = (struct icmp6hdr *)skb_put(skb, len);
653 skb->h.raw = (unsigned char*)hdr;
654 hdr->icmp6_type = NDISC_ROUTER_SOLICITATION;
655 hdr->icmp6_code = 0;
656 hdr->icmp6_cksum = 0;
657 hdr->icmp6_unused = 0;
658
659 opt = (u8*) (hdr + 1);
660
661 if (dev->addr_len)
662 ndisc_fill_addr_option(opt, ND_OPT_SOURCE_LL_ADDR, dev->dev_addr,
663 dev->addr_len, dev->type);
664
665 /* checksum */
666 hdr->icmp6_cksum = csum_ipv6_magic(&skb->nh.ipv6h->saddr, daddr, len,
667 IPPROTO_ICMPV6,
668 csum_partial((__u8 *) hdr, len, 0));
669
670 /* send it! */
671 skb->dst = dst;
672 idev = in6_dev_get(dst->dev);
673 IP6_INC_STATS(IPSTATS_MIB_OUTREQUESTS);
674 err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, dst_output);
675 if (!err) {
676 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTROUTERSOLICITS);
677 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS);
678 }
679
680 if (likely(idev != NULL))
681 in6_dev_put(idev);
682}
683
684
685static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
686{
687 /*
688 * "The sender MUST return an ICMP
689 * destination unreachable"
690 */
691 dst_link_failure(skb);
692 kfree_skb(skb);
693}
694
695/* Called with locked neigh: either read or both */
696
697static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
698{
699 struct in6_addr *saddr = NULL;
700 struct in6_addr mcaddr;
701 struct net_device *dev = neigh->dev;
702 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
703 int probes = atomic_read(&neigh->probes);
704
705 if (skb && ipv6_chk_addr(&skb->nh.ipv6h->saddr, dev, 1))
706 saddr = &skb->nh.ipv6h->saddr;
707
708 if ((probes -= neigh->parms->ucast_probes) < 0) {
709 if (!(neigh->nud_state & NUD_VALID)) {
710 ND_PRINTK1(KERN_DEBUG
711 "%s(): trying to ucast probe in NUD_INVALID: "
46b86a2d 712 NIP6_FMT "\n",
1da177e4
LT		 713 __FUNCTION__,
714 NIP6(*target));
715 }
716 ndisc_send_ns(dev, neigh, target, target, saddr);
717 } else if ((probes -= neigh->parms->app_probes) < 0) {
718#ifdef CONFIG_ARPD
719 neigh_app_ns(neigh);
720#endif
721 } else {
722 addrconf_addr_solict_mult(target, &mcaddr);
723 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr);
724 }
725}
726
727static void ndisc_recv_ns(struct sk_buff *skb)
728{
729 struct nd_msg *msg = (struct nd_msg *)skb->h.raw;
730 struct in6_addr *saddr = &skb->nh.ipv6h->saddr;
731 struct in6_addr *daddr = &skb->nh.ipv6h->daddr;
732 u8 *lladdr = NULL;
733 u32 ndoptlen = skb->tail - msg->opt;
734 struct ndisc_options ndopts;
735 struct net_device *dev = skb->dev;
736 struct inet6_ifaddr *ifp;
737 struct inet6_dev *idev = NULL;
738 struct neighbour *neigh;
739 int dad = ipv6_addr_any(saddr);
740 int inc;
741
742 if (ipv6_addr_is_multicast(&msg->target)) {
743 ND_PRINTK2(KERN_WARNING
744 "ICMPv6 NS: multicast target address");
745 return;
746 }
747
748 /*
749 * RFC2461 7.1.1:
750 * DAD has to be destined for solicited node multicast address.
751 */
752 if (dad &&
753 !(daddr->s6_addr32[0] == htonl(0xff020000) &&
754 daddr->s6_addr32[1] == htonl(0x00000000) &&
755 daddr->s6_addr32[2] == htonl(0x00000001) &&
756 daddr->s6_addr [12] == 0xff )) {
757 ND_PRINTK2(KERN_WARNING
758 "ICMPv6 NS: bad DAD packet (wrong destination)\n");
759 return;
760 }
761
762 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
763 ND_PRINTK2(KERN_WARNING
764 "ICMPv6 NS: invalid ND options\n");
765 return;
766 }
767
768 if (ndopts.nd_opts_src_lladdr) {
769 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
770 if (!lladdr) {
771 ND_PRINTK2(KERN_WARNING
772 "ICMPv6 NS: invalid link-layer address length\n");
773 return;
774 }
775
776 /* RFC2461 7.1.1:
777 * If the IP source address is the unspecified address,
778 * there MUST NOT be source link-layer address option
779 * in the message.
780 */
781 if (dad) {
782 ND_PRINTK2(KERN_WARNING
783 "ICMPv6 NS: bad DAD packet (link-layer address option)\n");
784 return;
785 }
786 }
787
788 inc = ipv6_addr_is_multicast(daddr);
789
790 if ((ifp = ipv6_get_ifaddr(&msg->target, dev, 1)) != NULL) {
791 if (ifp->flags & IFA_F_TENTATIVE) {
792 /* Address is tentative. If the source
793 is unspecified address, it is someone
794 does DAD, otherwise we ignore solicitations
795 until DAD timer expires.
796 */
797 if (!dad)
798 goto out;
799 if (dev->type == ARPHRD_IEEE802_TR) {
800 unsigned char *sadr = skb->mac.raw;
801 if (((sadr[8] ^ dev->dev_addr[0]) & 0x7f) == 0 &&
802 sadr[9] == dev->dev_addr[1] &&
803 sadr[10] == dev->dev_addr[2] &&
804 sadr[11] == dev->dev_addr[3] &&
805 sadr[12] == dev->dev_addr[4] &&
806 sadr[13] == dev->dev_addr[5]) {
807 /* looped-back to us */
808 goto out;
809 }
810 }
811 addrconf_dad_failure(ifp);
812 return;
813 }
814
815 idev = ifp->idev;
816 } else {
817 idev = in6_dev_get(dev);
818 if (!idev) {
819 /* XXX: count this drop? */
820 return;
821 }
822
823 if (ipv6_chk_acast_addr(dev, &msg->target) ||
824 (idev->cnf.forwarding &&
825 pneigh_lookup(&nd_tbl, &msg->target, dev, 0))) {
a61bbcf2 826 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
1da177e4
LT		 827 skb->pkt_type != PACKET_HOST &&
828 inc != 0 &&
829 idev->nd_parms->proxy_delay != 0) {
830 /*
831 * for anycast or proxy,
832 * sender should delay its response
833 * by a random time between 0 and
834 * MAX_ANYCAST_DELAY_TIME seconds.
835 * (RFC2461) -- yoshfuji
836 */
837 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
838 if (n)
839 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
840 goto out;
841 }
842 } else
843 goto out;
844 }
845
846 if (dad) {
847 struct in6_addr maddr;
848
849 ipv6_addr_all_nodes(&maddr);
850 ndisc_send_na(dev, NULL, &maddr, &msg->target,
851 idev->cnf.forwarding, 0, (ifp != NULL), 1);
852 goto out;
853 }
854
855 if (inc)
856 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
857 else
858 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
859
860 /*
861 * update / create cache entry
862 * for the source address
863 */
864 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
865 !inc || lladdr || !dev->addr_len);
866 if (neigh)
867 neigh_update(neigh, lladdr, NUD_STALE,
868 NEIGH_UPDATE_F_WEAK_OVERRIDE|
869 NEIGH_UPDATE_F_OVERRIDE);
870 if (neigh || !dev->hard_header) {
871 ndisc_send_na(dev, neigh, saddr, &msg->target,
872 idev->cnf.forwarding,
873 1, (ifp != NULL && inc), inc);
874 if (neigh)
875 neigh_release(neigh);
876 }
877
878out:
879 if (ifp)
880 in6_ifa_put(ifp);
881 else
882 in6_dev_put(idev);
883
884 return;
885}
886
887static void ndisc_recv_na(struct sk_buff *skb)
888{
889 struct nd_msg *msg = (struct nd_msg *)skb->h.raw;
890 struct in6_addr *saddr = &skb->nh.ipv6h->saddr;
891 struct in6_addr *daddr = &skb->nh.ipv6h->daddr;
892 u8 *lladdr = NULL;
893 u32 ndoptlen = skb->tail - msg->opt;
894 struct ndisc_options ndopts;
895 struct net_device *dev = skb->dev;
896 struct inet6_ifaddr *ifp;
897 struct neighbour *neigh;
898
899 if (skb->len < sizeof(struct nd_msg)) {
900 ND_PRINTK2(KERN_WARNING
901 "ICMPv6 NA: packet too short\n");
902 return;
903 }
904
905 if (ipv6_addr_is_multicast(&msg->target)) {
906 ND_PRINTK2(KERN_WARNING
907 "ICMPv6 NA: target address is multicast.\n");
908 return;
909 }
910
911 if (ipv6_addr_is_multicast(daddr) &&
912 msg->icmph.icmp6_solicited) {
913 ND_PRINTK2(KERN_WARNING
914 "ICMPv6 NA: solicited NA is multicasted.\n");
915 return;
916 }
917
918 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
919 ND_PRINTK2(KERN_WARNING
920 "ICMPv6 NS: invalid ND option\n");
921 return;
922 }
923 if (ndopts.nd_opts_tgt_lladdr) {
924 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
925 if (!lladdr) {
926 ND_PRINTK2(KERN_WARNING
927 "ICMPv6 NA: invalid link-layer address length\n");
928 return;
929 }
930 }
931 if ((ifp = ipv6_get_ifaddr(&msg->target, dev, 1))) {
932 if (ifp->flags & IFA_F_TENTATIVE) {
933 addrconf_dad_failure(ifp);
934 return;
935 }
936 /* What should we make now? The advertisement
937 is invalid, but ndisc specs say nothing
938 about it. It could be misconfiguration, or
939 an smart proxy agent tries to help us :-)
940 */
941 ND_PRINTK1(KERN_WARNING
942 "ICMPv6 NA: someone advertises our address on %s!\n",
943 ifp->idev->dev->name);
944 in6_ifa_put(ifp);
945 return;
946 }
947 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
948
949 if (neigh) {
950 u8 old_flags = neigh->flags;
951
952 if (neigh->nud_state & NUD_FAILED)
953 goto out;
954
955 neigh_update(neigh, lladdr,
956 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
957 NEIGH_UPDATE_F_WEAK_OVERRIDE|
958 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
959 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
960 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0));
961
962 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
963 /*
964 * Change: router to host
965 */
966 struct rt6_info *rt;
967 rt = rt6_get_dflt_router(saddr, dev);
968 if (rt)
e0a1ad73 969 ip6_del_rt(rt);
1da177e4
LT		 970 }
971
972out:
973 neigh_release(neigh);
974 }
975}
976
977static void ndisc_recv_rs(struct sk_buff *skb)
978{
979 struct rs_msg *rs_msg = (struct rs_msg *) skb->h.raw;
980 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
981 struct neighbour *neigh;
982 struct inet6_dev *idev;
983 struct in6_addr *saddr = &skb->nh.ipv6h->saddr;
984 struct ndisc_options ndopts;
985 u8 *lladdr = NULL;
986
987 if (skb->len < sizeof(*rs_msg))
988 return;
989
990 idev = in6_dev_get(skb->dev);
991 if (!idev) {
992 if (net_ratelimit())
993 ND_PRINTK1("ICMP6 RS: can't find in6 device\n");
994 return;
995 }
996
997 /* Don't accept RS if we're not in router mode */
998 if (!idev->cnf.forwarding)
999 goto out;
1000
1001 /*
1002 * Don't update NCE if src = ::;
1003 * this implies that the source node has no ip address assigned yet.
1004 */
1005 if (ipv6_addr_any(saddr))
1006 goto out;
1007
1008 /* Parse ND options */
1009 if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) {
1010 if (net_ratelimit())
1011 ND_PRINTK2("ICMP6 NS: invalid ND option, ignored\n");
1012 goto out;
1013 }
1014
1015 if (ndopts.nd_opts_src_lladdr) {
1016 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1017 skb->dev);
1018 if (!lladdr)
1019 goto out;
1020 }
1021
1022 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1023 if (neigh) {
1024 neigh_update(neigh, lladdr, NUD_STALE,
1025 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1026 NEIGH_UPDATE_F_OVERRIDE|
1027 NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
1028 neigh_release(neigh);
1029 }
1030out:
1031 in6_dev_put(idev);
1032}
1033
1034static void ndisc_router_discovery(struct sk_buff *skb)
1035{
1036 struct ra_msg *ra_msg = (struct ra_msg *) skb->h.raw;
1037 struct neighbour *neigh = NULL;
1038 struct inet6_dev *in6_dev;
65f5c7c1 1039 struct rt6_info *rt = NULL;
1da177e4
LT		 1040 int lifetime;
1041 struct ndisc_options ndopts;
1042 int optlen;
ebacaaa0 1043 unsigned int pref = 0;
1da177e4
LT		 1044
1045 __u8 * opt = (__u8 *)(ra_msg + 1);
1046
1047 optlen = (skb->tail - skb->h.raw) - sizeof(struct ra_msg);
1048
1049 if (!(ipv6_addr_type(&skb->nh.ipv6h->saddr) & IPV6_ADDR_LINKLOCAL)) {
1050 ND_PRINTK2(KERN_WARNING
1051 "ICMPv6 RA: source address is not link-local.\n");
1052 return;
1053 }
1054 if (optlen < 0) {
1055 ND_PRINTK2(KERN_WARNING
1056 "ICMPv6 RA: packet too short\n");
1057 return;
1058 }
1059
1060 /*
1061 * set the RA_RECV flag in the interface
1062 */
1063
1064 in6_dev = in6_dev_get(skb->dev);
1065 if (in6_dev == NULL) {
1066 ND_PRINTK0(KERN_ERR
1067 "ICMPv6 RA: can't find inet6 device for %s.\n",
1068 skb->dev->name);
1069 return;
1070 }
1071 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_ra) {
1072 in6_dev_put(in6_dev);
1073 return;
1074 }
1075
1076 if (!ndisc_parse_options(opt, optlen, &ndopts)) {
1077 in6_dev_put(in6_dev);
1078 ND_PRINTK2(KERN_WARNING
1079 "ICMP6 RA: invalid ND options\n");
1080 return;
1081 }
1082
1083 if (in6_dev->if_flags & IF_RS_SENT) {
1084 /*
1085 * flag that an RA was received after an RS was sent
1086 * out on this interface.
1087 */
1088 in6_dev->if_flags |= IF_RA_RCVD;
1089 }
1090
1091 /*
1092 * Remember the managed/otherconf flags from most recently
1093 * received RA message (RFC 2462) -- yoshfuji
1094 */
1095 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1096 IF_RA_OTHERCONF)) |
1097 (ra_msg->icmph.icmp6_addrconf_managed ?
1098 IF_RA_MANAGED : 0) |
1099 (ra_msg->icmph.icmp6_addrconf_other ?
1100 IF_RA_OTHERCONF : 0);
1101
65f5c7c1
YH		 1102 if (!in6_dev->cnf.accept_ra_defrtr)
1103 goto skip_defrtr;
1104
1da177e4
LT		 1105 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1106
ebacaaa0
YH		 1107#ifdef CONFIG_IPV6_ROUTER_PREF
1108 pref = ra_msg->icmph.icmp6_router_pref;
1109 /* 10b is handled as if it were 00b (medium) */
930d6ff2
YH		 1110 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1111 in6_dev->cnf.accept_ra_rtr_pref)
ebacaaa0
YH		 1112 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1113#endif
1114
1da177e4
LT		 1115 rt = rt6_get_dflt_router(&skb->nh.ipv6h->saddr, skb->dev);
1116
1117 if (rt)
1118 neigh = rt->rt6i_nexthop;
1119
1120 if (rt && lifetime == 0) {
1121 neigh_clone(neigh);
e0a1ad73 1122 ip6_del_rt(rt);
1da177e4
LT		 1123 rt = NULL;
1124 }
1125
1126 if (rt == NULL && lifetime) {
1127 ND_PRINTK3(KERN_DEBUG
1128 "ICMPv6 RA: adding default router.\n");
1129
ebacaaa0 1130 rt = rt6_add_dflt_router(&skb->nh.ipv6h->saddr, skb->dev, pref);
1da177e4
LT		 1131 if (rt == NULL) {
1132 ND_PRINTK0(KERN_ERR
1133 "ICMPv6 RA: %s() failed to add default route.\n",
1134 __FUNCTION__);
1135 in6_dev_put(in6_dev);
1136 return;
1137 }
1138
1139 neigh = rt->rt6i_nexthop;
1140 if (neigh == NULL) {
1141 ND_PRINTK0(KERN_ERR
1142 "ICMPv6 RA: %s() got default router without neighbour.\n",
1143 __FUNCTION__);
1144 dst_release(&rt->u.dst);
1145 in6_dev_put(in6_dev);
1146 return;
1147 }
1148 neigh->flags |= NTF_ROUTER;
ebacaaa0
YH		 1149 } else if (rt) {
1150 rt->rt6i_flags |= (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1da177e4
LT		 1151 }
1152
1153 if (rt)
1154 rt->rt6i_expires = jiffies + (HZ * lifetime);
1155
1156 if (ra_msg->icmph.icmp6_hop_limit) {
1157 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1158 if (rt)
1159 rt->u.dst.metrics[RTAX_HOPLIMIT-1] = ra_msg->icmph.icmp6_hop_limit;
1160 }
1161
65f5c7c1
YH		 1162skip_defrtr:
1163
1da177e4
LT		 1164 /*
1165 * Update Reachable Time and Retrans Timer
1166 */
1167
1168 if (in6_dev->nd_parms) {
1169 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1170
1171 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1172 rtime = (rtime*HZ)/1000;
1173 if (rtime < HZ/10)
1174 rtime = HZ/10;
1175 in6_dev->nd_parms->retrans_time = rtime;
1176 in6_dev->tstamp = jiffies;
1177 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1178 }
1179
1180 rtime = ntohl(ra_msg->reachable_time);
1181 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1182 rtime = (rtime*HZ)/1000;
1183
1184 if (rtime < HZ/10)
1185 rtime = HZ/10;
1186
1187 if (rtime != in6_dev->nd_parms->base_reachable_time) {
1188 in6_dev->nd_parms->base_reachable_time = rtime;
1189 in6_dev->nd_parms->gc_staletime = 3 * rtime;
1190 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1191 in6_dev->tstamp = jiffies;
1192 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1193 }
1194 }
1195 }
1196
1197 /*
1198 * Process options.
1199 */
1200
1201 if (!neigh)
1202 neigh = __neigh_lookup(&nd_tbl, &skb->nh.ipv6h->saddr,
1203 skb->dev, 1);
1204 if (neigh) {
1205 u8 *lladdr = NULL;
1206 if (ndopts.nd_opts_src_lladdr) {
1207 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1208 skb->dev);
1209 if (!lladdr) {
1210 ND_PRINTK2(KERN_WARNING
1211 "ICMPv6 RA: invalid link-layer address length\n");
1212 goto out;
1213 }
1214 }
1215 neigh_update(neigh, lladdr, NUD_STALE,
1216 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1217 NEIGH_UPDATE_F_OVERRIDE|
1218 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1219 NEIGH_UPDATE_F_ISROUTER);
1220 }
1221
70ceb4f5 1222#ifdef CONFIG_IPV6_ROUTE_INFO
09c884d4 1223 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
70ceb4f5
YH		 1224 struct nd_opt_hdr *p;
1225 for (p = ndopts.nd_opts_ri;
1226 p;
1227 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
09c884d4
YH		 1228 if (((struct route_info *)p)->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1229 continue;
70ceb4f5
YH		 1230 rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3,
1231 &skb->nh.ipv6h->saddr);
1232 }
1233 }
1234#endif
1235
c4fd30eb 1236 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1da177e4
LT		 1237 struct nd_opt_hdr *p;
1238 for (p = ndopts.nd_opts_pi;
1239 p;
1240 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1241 addrconf_prefix_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3);
1242 }
1243 }
1244
1245 if (ndopts.nd_opts_mtu) {
1246 u32 mtu;
1247
1248 memcpy(&mtu, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1249 mtu = ntohl(mtu);
1250
1251 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1252 ND_PRINTK2(KERN_WARNING
1253 "ICMPv6 RA: invalid mtu: %d\n",
1254 mtu);
1255 } else if (in6_dev->cnf.mtu6 != mtu) {
1256 in6_dev->cnf.mtu6 = mtu;
1257
1258 if (rt)
1259 rt->u.dst.metrics[RTAX_MTU-1] = mtu;
1260
1261 rt6_mtu_change(skb->dev, mtu);
1262 }
1263 }
1264
1265 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1266 ND_PRINTK2(KERN_WARNING
1267 "ICMPv6 RA: invalid RA options");
1268 }
1269out:
1270 if (rt)
1271 dst_release(&rt->u.dst);
1272 else if (neigh)
1273 neigh_release(neigh);
1274 in6_dev_put(in6_dev);
1275}
1276
1277static void ndisc_redirect_rcv(struct sk_buff *skb)
1278{
1279 struct inet6_dev *in6_dev;
1280 struct icmp6hdr *icmph;
1281 struct in6_addr *dest;
1282 struct in6_addr *target; /* new first hop to destination */
1283 struct neighbour *neigh;
1284 int on_link = 0;
1285 struct ndisc_options ndopts;
1286 int optlen;
1287 u8 *lladdr = NULL;
1288
1289 if (!(ipv6_addr_type(&skb->nh.ipv6h->saddr) & IPV6_ADDR_LINKLOCAL)) {
1290 ND_PRINTK2(KERN_WARNING
1291 "ICMPv6 Redirect: source address is not link-local.\n");
1292 return;
1293 }
1294
1295 optlen = skb->tail - skb->h.raw;
1296 optlen -= sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1297
1298 if (optlen < 0) {
1299 ND_PRINTK2(KERN_WARNING
1300 "ICMPv6 Redirect: packet too short\n");
1301 return;
1302 }
1303
1304 icmph = (struct icmp6hdr *) skb->h.raw;
1305 target = (struct in6_addr *) (icmph + 1);
1306 dest = target + 1;
1307
1308 if (ipv6_addr_is_multicast(dest)) {
1309 ND_PRINTK2(KERN_WARNING
1310 "ICMPv6 Redirect: destination address is multicast.\n");
1311 return;
1312 }
1313
1314 if (ipv6_addr_equal(dest, target)) {
1315 on_link = 1;
1316 } else if (!(ipv6_addr_type(target) & IPV6_ADDR_LINKLOCAL)) {
1317 ND_PRINTK2(KERN_WARNING
1318 "ICMPv6 Redirect: target address is not link-local.\n");
1319 return;
1320 }
1321
1322 in6_dev = in6_dev_get(skb->dev);
1323 if (!in6_dev)
1324 return;
1325 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects) {
1326 in6_dev_put(in6_dev);
1327 return;
1328 }
1329
1330 /* RFC2461 8.1:
1331 * The IP source address of the Redirect MUST be the same as the current
1332 * first-hop router for the specified ICMP Destination Address.
1333 */
1334
1335 if (!ndisc_parse_options((u8*)(dest + 1), optlen, &ndopts)) {
1336 ND_PRINTK2(KERN_WARNING
1337 "ICMPv6 Redirect: invalid ND options\n");
1338 in6_dev_put(in6_dev);
1339 return;
1340 }
1341 if (ndopts.nd_opts_tgt_lladdr) {
1342 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr,
1343 skb->dev);
1344 if (!lladdr) {
1345 ND_PRINTK2(KERN_WARNING
1346 "ICMPv6 Redirect: invalid link-layer address length\n");
1347 in6_dev_put(in6_dev);
1348 return;
1349 }
1350 }
1351
1352 neigh = __neigh_lookup(&nd_tbl, target, skb->dev, 1);
1353 if (neigh) {
5e032e32
YH		 1354 rt6_redirect(dest, &skb->nh.ipv6h->daddr,
1355 &skb->nh.ipv6h->saddr, neigh, lladdr,
1da177e4
LT		 1356 on_link);
1357 neigh_release(neigh);
1358 }
1359 in6_dev_put(in6_dev);
1360}
1361
1362void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh,
1363 struct in6_addr *target)
1364{
1365 struct sock *sk = ndisc_socket->sk;
1366 int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1367 struct sk_buff *buff;
1368 struct icmp6hdr *icmph;
1369 struct in6_addr saddr_buf;
1370 struct in6_addr *addrp;
1371 struct net_device *dev;
1372 struct rt6_info *rt;
1373 struct dst_entry *dst;
1374 struct inet6_dev *idev;
1375 struct flowi fl;
1376 u8 *opt;
1377 int rd_len;
1378 int err;
1379 int hlen;
1380 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL;
1381
1382 dev = skb->dev;
1383
1384 if (ipv6_get_lladdr(dev, &saddr_buf)) {
1385 ND_PRINTK2(KERN_WARNING
1386 "ICMPv6 Redirect: no link-local address on %s\n",
1387 dev->name);
1388 return;
1389 }
1390
af184765
YH		 1391 ndisc_flow_init(&fl, NDISC_REDIRECT, &saddr_buf, &skb->nh.ipv6h->saddr,
1392 dev->ifindex);
1da177e4
LT		 1393
1394 dst = ip6_route_output(NULL, &fl);
1395 if (dst == NULL)
1396 return;
1397
1398 err = xfrm_lookup(&dst, &fl, NULL, 0);
e104411b 1399 if (err)
1da177e4 1400 return;
1da177e4
LT		 1401
1402 rt = (struct rt6_info *) dst;
1403
1404 if (rt->rt6i_flags & RTF_GATEWAY) {
1405 ND_PRINTK2(KERN_WARNING
1406 "ICMPv6 Redirect: destination is not a neighbour.\n");
1407 dst_release(dst);
1408 return;
1409 }
1410 if (!xrlim_allow(dst, 1*HZ)) {
1411 dst_release(dst);
1412 return;
1413 }
1414
1415 if (dev->addr_len) {
1416 read_lock_bh(&neigh->lock);
1417 if (neigh->nud_state & NUD_VALID) {
1418 memcpy(ha_buf, neigh->ha, dev->addr_len);
1419 read_unlock_bh(&neigh->lock);
1420 ha = ha_buf;
1421 len += ndisc_opt_addr_space(dev);
1422 } else
1423 read_unlock_bh(&neigh->lock);
1424 }
1425
1426 rd_len = min_t(unsigned int,
1427 IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8);
1428 rd_len &= ~0x7;
1429 len += rd_len;
1430
1431 buff = sock_alloc_send_skb(sk, MAX_HEADER + len + LL_RESERVED_SPACE(dev),
1432 1, &err);
1433 if (buff == NULL) {
1434 ND_PRINTK0(KERN_ERR
1435 "ICMPv6 Redirect: %s() failed to allocate an skb.\n",
1436 __FUNCTION__);
1437 dst_release(dst);
1438 return;
1439 }
1440
1441 hlen = 0;
1442
1443 skb_reserve(buff, LL_RESERVED_SPACE(dev));
1444 ip6_nd_hdr(sk, buff, dev, &saddr_buf, &skb->nh.ipv6h->saddr,
1445 IPPROTO_ICMPV6, len);
1446
1447 icmph = (struct icmp6hdr *)skb_put(buff, len);
1448 buff->h.raw = (unsigned char*)icmph;
1449
1450 memset(icmph, 0, sizeof(struct icmp6hdr));
1451 icmph->icmp6_type = NDISC_REDIRECT;
1452
1453 /*
1454 * copy target and destination addresses
1455 */
1456
1457 addrp = (struct in6_addr *)(icmph + 1);
1458 ipv6_addr_copy(addrp, target);
1459 addrp++;
1460 ipv6_addr_copy(addrp, &skb->nh.ipv6h->daddr);
1461
1462 opt = (u8*) (addrp + 1);
1463
1464 /*
1465 * include target_address option
1466 */
1467
1468 if (ha)
1469 opt = ndisc_fill_addr_option(opt, ND_OPT_TARGET_LL_ADDR, ha,
1470 dev->addr_len, dev->type);
1471
1472 /*
1473 * build redirect option and copy skb over to the new packet.
1474 */
1475
1476 memset(opt, 0, 8);
1477 *(opt++) = ND_OPT_REDIRECT_HDR;
1478 *(opt++) = (rd_len >> 3);
1479 opt += 6;
1480
1481 memcpy(opt, skb->nh.ipv6h, rd_len - 8);
1482
1483 icmph->icmp6_cksum = csum_ipv6_magic(&saddr_buf, &skb->nh.ipv6h->saddr,
1484 len, IPPROTO_ICMPV6,
1485 csum_partial((u8 *) icmph, len, 0));
1486
1487 buff->dst = dst;
1488 idev = in6_dev_get(dst->dev);
1489 IP6_INC_STATS(IPSTATS_MIB_OUTREQUESTS);
1490 err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, buff, NULL, dst->dev, dst_output);
1491 if (!err) {
1492 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTREDIRECTS);
1493 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS);
1494 }
1495
1496 if (likely(idev != NULL))
1497 in6_dev_put(idev);
1498}
1499
1500static void pndisc_redo(struct sk_buff *skb)
1501{
140e26fc 1502 ndisc_recv_ns(skb);
1da177e4
LT		 1503 kfree_skb(skb);
1504}
1505
1506int ndisc_rcv(struct sk_buff *skb)
1507{
1508 struct nd_msg *msg;
1509
1510 if (!pskb_may_pull(skb, skb->len))
1511 return 0;
1512
1513 msg = (struct nd_msg *) skb->h.raw;
1514
1515 __skb_push(skb, skb->data-skb->h.raw);
1516
1517 if (skb->nh.ipv6h->hop_limit != 255) {
1518 ND_PRINTK2(KERN_WARNING
1519 "ICMPv6 NDISC: invalid hop-limit: %d\n",
1520 skb->nh.ipv6h->hop_limit);
1521 return 0;
1522 }
1523
1524 if (msg->icmph.icmp6_code != 0) {
1525 ND_PRINTK2(KERN_WARNING
1526 "ICMPv6 NDISC: invalid ICMPv6 code: %d\n",
1527 msg->icmph.icmp6_code);
1528 return 0;
1529 }
1530
a61bbcf2
PM		 1531 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1532
1da177e4
LT		 1533 switch (msg->icmph.icmp6_type) {
1534 case NDISC_NEIGHBOUR_SOLICITATION:
1535 ndisc_recv_ns(skb);
1536 break;
1537
1538 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1539 ndisc_recv_na(skb);
1540 break;
1541
1542 case NDISC_ROUTER_SOLICITATION:
1543 ndisc_recv_rs(skb);
1544 break;
1545
1546 case NDISC_ROUTER_ADVERTISEMENT:
1547 ndisc_router_discovery(skb);
1548 break;
1549
1550 case NDISC_REDIRECT:
1551 ndisc_redirect_rcv(skb);
1552 break;
1553 };
1554
1555 return 0;
1556}
1557
1558static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1559{
1560 struct net_device *dev = ptr;
1561
1562 switch (event) {
1563 case NETDEV_CHANGEADDR:
1564 neigh_changeaddr(&nd_tbl, dev);
1565 fib6_run_gc(~0UL);
1566 break;
1567 case NETDEV_DOWN:
1568 neigh_ifdown(&nd_tbl, dev);
1569 fib6_run_gc(~0UL);
1570 break;
1571 default:
1572 break;
1573 }
1574
1575 return NOTIFY_DONE;
1576}
1577
1578static struct notifier_block ndisc_netdev_notifier = {
1579 .notifier_call = ndisc_netdev_event,
1580};
1581
1582#ifdef CONFIG_SYSCTL
1583static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1584 const char *func, const char *dev_name)
1585{
1586 static char warncomm[TASK_COMM_LEN];
1587 static int warned;
1588 if (strcmp(warncomm, current->comm) && warned < 5) {
1589 strcpy(warncomm, current->comm);
1590 printk(KERN_WARNING
1591 "process `%s' is using deprecated sysctl (%s) "
1592 "net.ipv6.neigh.%s.%s; "
1593 "Use net.ipv6.neigh.%s.%s_ms "
1594 "instead.\n",
1595 warncomm, func,
1596 dev_name, ctl->procname,
1597 dev_name, ctl->procname);
1598 warned++;
1599 }
1600}
1601
1602int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, struct file * filp, void __user *buffer, size_t *lenp, loff_t *ppos)
1603{
1604 struct net_device *dev = ctl->extra1;
1605 struct inet6_dev *idev;
1606 int ret;
1607
1608 if (ctl->ctl_name == NET_NEIGH_RETRANS_TIME ||
1609 ctl->ctl_name == NET_NEIGH_REACHABLE_TIME)
1610 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1611
1612 switch (ctl->ctl_name) {
1613 case NET_NEIGH_RETRANS_TIME:
1614 ret = proc_dointvec(ctl, write, filp, buffer, lenp, ppos);
1615 break;
1616 case NET_NEIGH_REACHABLE_TIME:
1617 ret = proc_dointvec_jiffies(ctl, write,
1618 filp, buffer, lenp, ppos);
1619 break;
1620 case NET_NEIGH_RETRANS_TIME_MS:
1621 case NET_NEIGH_REACHABLE_TIME_MS:
1622 ret = proc_dointvec_ms_jiffies(ctl, write,
1623 filp, buffer, lenp, ppos);
1624 break;
1625 default:
1626 ret = -1;
1627 }
1628
1629 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1630 if (ctl->ctl_name == NET_NEIGH_REACHABLE_TIME ||
1631 ctl->ctl_name == NET_NEIGH_REACHABLE_TIME_MS)
1632 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time);
1633 idev->tstamp = jiffies;
1634 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1635 in6_dev_put(idev);
1636 }
1637 return ret;
1638}
1639
1640static int ndisc_ifinfo_sysctl_strategy(ctl_table *ctl, int __user *name,
1641 int nlen, void __user *oldval,
1642 size_t __user *oldlenp,
1643 void __user *newval, size_t newlen,
1644 void **context)
1645{
1646 struct net_device *dev = ctl->extra1;
1647 struct inet6_dev *idev;
1648 int ret;
1649
1650 if (ctl->ctl_name == NET_NEIGH_RETRANS_TIME ||
1651 ctl->ctl_name == NET_NEIGH_REACHABLE_TIME)
1652 ndisc_warn_deprecated_sysctl(ctl, "procfs", dev ? dev->name : "default");
1653
1654 switch (ctl->ctl_name) {
1655 case NET_NEIGH_REACHABLE_TIME:
1656 ret = sysctl_jiffies(ctl, name, nlen,
1657 oldval, oldlenp, newval, newlen,
1658 context);
1659 break;
1660 case NET_NEIGH_RETRANS_TIME_MS:
1661 case NET_NEIGH_REACHABLE_TIME_MS:
1662 ret = sysctl_ms_jiffies(ctl, name, nlen,
1663 oldval, oldlenp, newval, newlen,
1664 context);
1665 break;
1666 default:
1667 ret = 0;
1668 }
1669
1670 if (newval && newlen && ret > 0 &&
1671 dev && (idev = in6_dev_get(dev)) != NULL) {
1672 if (ctl->ctl_name == NET_NEIGH_REACHABLE_TIME ||
1673 ctl->ctl_name == NET_NEIGH_REACHABLE_TIME_MS)
1674 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time);
1675 idev->tstamp = jiffies;
1676 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1677 in6_dev_put(idev);
1678 }
1679
1680 return ret;
1681}
1682
1683#endif
1684
1685int __init ndisc_init(struct net_proto_family *ops)
1686{
1687 struct ipv6_pinfo *np;
1688 struct sock *sk;
1689 int err;
1690
1691 err = sock_create_kern(PF_INET6, SOCK_RAW, IPPROTO_ICMPV6, &ndisc_socket);
1692 if (err < 0) {
1693 ND_PRINTK0(KERN_ERR
1694 "ICMPv6 NDISC: Failed to initialize the control socket (err %d).\n",
1695 err);
1696 ndisc_socket = NULL; /* For safety. */
1697 return err;
1698 }
1699
1700 sk = ndisc_socket->sk;
1701 np = inet6_sk(sk);
1702 sk->sk_allocation = GFP_ATOMIC;
1703 np->hop_limit = 255;
1704 /* Do not loopback ndisc messages */
1705 np->mc_loop = 0;
1706 sk->sk_prot->unhash(sk);
1707
1708 /*
1709 * Initialize the neighbour table
1710 */
1711
1712 neigh_table_init(&nd_tbl);
1713
1714#ifdef CONFIG_SYSCTL
1715 neigh_sysctl_register(NULL, &nd_tbl.parms, NET_IPV6, NET_IPV6_NEIGH,
1716 "ipv6",
1717 &ndisc_ifinfo_sysctl_change,
1718 &ndisc_ifinfo_sysctl_strategy);
1719#endif
1720
1721 register_netdevice_notifier(&ndisc_netdev_notifier);
1722 return 0;
1723}
1724
1725void ndisc_cleanup(void)
1726{
1727#ifdef CONFIG_SYSCTL
1728 neigh_sysctl_unregister(&nd_tbl.parms);
1729#endif
1730 neigh_table_clear(&nd_tbl);
1731 sock_release(ndisc_socket);
1732 ndisc_socket = NULL; /* For safety. */
1733}
Clone of davem's net-next-2.6 tree