1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Neighbour Discovery for IPv6
4 * Linux INET6 implementation
5 *
6 * Authors:
7 * Pedro Roque <roque@di.fc.ul.pt>
8 * Mike Shaver <shaver@ingenia.com>
9 */
10
11 /*
12 * Changes:
13 *
14 * Alexey I. Froloff : RFC6106 (DNSSL) support
15 * Pierre Ynard : export userland ND options
16 * through netlink (RDNSS support)
17 * Lars Fenneberg : fixed MTU setting on receipt
18 * of an RA.
19 * Janos Farkas : kmalloc failure checks
20 * Alexey Kuznetsov : state machine reworked
21 * and moved to net/core.
22 * Pekka Savola : RFC2461 validation
23 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly
24 */
25
26 #define pr_fmt(fmt) "ICMPv6: " fmt
27
28 #include <linux/module.h>
29 #include <linux/errno.h>
30 #include <linux/types.h>
31 #include <linux/socket.h>
32 #include <linux/sockios.h>
33 #include <linux/sched.h>
34 #include <linux/net.h>
35 #include <linux/in6.h>
36 #include <linux/route.h>
37 #include <linux/init.h>
38 #include <linux/rcupdate.h>
39 #include <linux/slab.h>
40 #ifdef CONFIG_SYSCTL
41 #include <linux/sysctl.h>
42 #endif
43
44 #include <linux/if_addr.h>
45 #include <linux/if_ether.h>
46 #include <linux/if_arp.h>
47 #include <linux/ipv6.h>
48 #include <linux/icmpv6.h>
49 #include <linux/jhash.h>
50
51 #include <net/sock.h>
52 #include <net/snmp.h>
53
54 #include <net/ipv6.h>
55 #include <net/protocol.h>
56 #include <net/ndisc.h>
57 #include <net/ip6_route.h>
58 #include <net/addrconf.h>
59 #include <net/icmp.h>
60
61 #include <net/netlink.h>
62 #include <linux/rtnetlink.h>
63
64 #include <net/flow.h>
65 #include <net/ip6_checksum.h>
66 #include <net/inet_common.h>
67 #include <linux/proc_fs.h>
68
69 #include <linux/netfilter.h>
70 #include <linux/netfilter_ipv6.h>
71
72 static u32 ndisc_hash(const void *pkey,
73 const struct net_device *dev,
74 __u32 *hash_rnd);
75 static bool ndisc_key_eq(const struct neighbour *neigh, const void *pkey);
76 static bool ndisc_allow_add(const struct net_device *dev,
77 struct netlink_ext_ack *extack);
78 static int ndisc_constructor(struct neighbour *neigh);
79 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
80 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
81 static int pndisc_constructor(struct pneigh_entry *n);
82 static void pndisc_destructor(struct pneigh_entry *n);
83 static void pndisc_redo(struct sk_buff *skb);
84 static int ndisc_is_multicast(const void *pkey);
85
86 static const struct neigh_ops ndisc_generic_ops = {
87 .family = AF_INET6,
88 .solicit = ndisc_solicit,
89 .error_report = ndisc_error_report,
90 .output = neigh_resolve_output,
91 .connected_output = neigh_connected_output,
92 };
93
94 static const struct neigh_ops ndisc_hh_ops = {
95 .family = AF_INET6,
96 .solicit = ndisc_solicit,
97 .error_report = ndisc_error_report,
98 .output = neigh_resolve_output,
99 .connected_output = neigh_resolve_output,
100 };
101
102
103 static const struct neigh_ops ndisc_direct_ops = {
104 .family = AF_INET6,
105 .output = neigh_direct_output,
106 .connected_output = neigh_direct_output,
107 };
108
109 struct neigh_table nd_tbl = {
110 .family = AF_INET6,
111 .key_len = sizeof(struct in6_addr),
112 .protocol = cpu_to_be16(ETH_P_IPV6),
113 .hash = ndisc_hash,
114 .key_eq = ndisc_key_eq,
115 .constructor = ndisc_constructor,
116 .pconstructor = pndisc_constructor,
117 .pdestructor = pndisc_destructor,
118 .proxy_redo = pndisc_redo,
119 .is_multicast = ndisc_is_multicast,
120 .allow_add = ndisc_allow_add,
121 .id = "ndisc_cache",
122 .parms = {
123 .tbl = &nd_tbl,
124 .reachable_time = ND_REACHABLE_TIME,
125 .data = {
126 [NEIGH_VAR_MCAST_PROBES] = 3,
127 [NEIGH_VAR_UCAST_PROBES] = 3,
128 [NEIGH_VAR_RETRANS_TIME] = ND_RETRANS_TIMER,
129 [NEIGH_VAR_BASE_REACHABLE_TIME] = ND_REACHABLE_TIME,
130 [NEIGH_VAR_DELAY_PROBE_TIME] = 5 * HZ,
131 [NEIGH_VAR_GC_STALETIME] = 60 * HZ,
132 [NEIGH_VAR_QUEUE_LEN_BYTES] = SK_WMEM_MAX,
133 [NEIGH_VAR_PROXY_QLEN] = 64,
134 [NEIGH_VAR_ANYCAST_DELAY] = 1 * HZ,
135 [NEIGH_VAR_PROXY_DELAY] = (8 * HZ) / 10,
136 },
137 },
138 .gc_interval = 30 * HZ,
139 .gc_thresh1 = 128,
140 .gc_thresh2 = 512,
141 .gc_thresh3 = 1024,
142 };
143 EXPORT_SYMBOL_GPL(nd_tbl);
144
__ndisc_fill_addr_option(struct sk_buff * skb,int type,const void * data,int data_len,int pad)145 void __ndisc_fill_addr_option(struct sk_buff *skb, int type, const void *data,
146 int data_len, int pad)
147 {
148 int space = __ndisc_opt_addr_space(data_len, pad);
149 u8 *opt = skb_put(skb, space);
150
151 opt[0] = type;
152 opt[1] = space>>3;
153
154 memset(opt + 2, 0, pad);
155 opt += pad;
156 space -= pad;
157
158 memcpy(opt+2, data, data_len);
159 data_len += 2;
160 opt += data_len;
161 space -= data_len;
162 if (space > 0)
163 memset(opt, 0, space);
164 }
165 EXPORT_SYMBOL_GPL(__ndisc_fill_addr_option);
166
ndisc_fill_addr_option(struct sk_buff * skb,int type,const void * data,u8 icmp6_type)167 static inline void ndisc_fill_addr_option(struct sk_buff *skb, int type,
168 const void *data, u8 icmp6_type)
169 {
170 __ndisc_fill_addr_option(skb, type, data, skb->dev->addr_len,
171 ndisc_addr_option_pad(skb->dev->type));
172 ndisc_ops_fill_addr_option(skb->dev, skb, icmp6_type);
173 }
174
ndisc_fill_redirect_addr_option(struct sk_buff * skb,void * ha,const u8 * ops_data)175 static inline void ndisc_fill_redirect_addr_option(struct sk_buff *skb,
176 void *ha,
177 const u8 *ops_data)
178 {
179 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR, ha, NDISC_REDIRECT);
180 ndisc_ops_fill_redirect_addr_option(skb->dev, skb, ops_data);
181 }
182
ndisc_next_option(struct nd_opt_hdr * cur,struct nd_opt_hdr * end)183 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
184 struct nd_opt_hdr *end)
185 {
186 int type;
187 if (!cur || !end || cur >= end)
188 return NULL;
189 type = cur->nd_opt_type;
190 do {
191 cur = ((void *)cur) + (cur->nd_opt_len << 3);
192 } while (cur < end && cur->nd_opt_type != type);
193 return cur <= end && cur->nd_opt_type == type ? cur : NULL;
194 }
195
ndisc_is_useropt(const struct net_device * dev,struct nd_opt_hdr * opt)196 static inline int ndisc_is_useropt(const struct net_device *dev,
197 struct nd_opt_hdr *opt)
198 {
199 return opt->nd_opt_type == ND_OPT_RDNSS ||
200 opt->nd_opt_type == ND_OPT_DNSSL ||
201 opt->nd_opt_type == ND_OPT_CAPTIVE_PORTAL ||
202 opt->nd_opt_type == ND_OPT_PREF64 ||
203 ndisc_ops_is_useropt(dev, opt->nd_opt_type);
204 }
205
ndisc_next_useropt(const struct net_device * dev,struct nd_opt_hdr * cur,struct nd_opt_hdr * end)206 static struct nd_opt_hdr *ndisc_next_useropt(const struct net_device *dev,
207 struct nd_opt_hdr *cur,
208 struct nd_opt_hdr *end)
209 {
210 if (!cur || !end || cur >= end)
211 return NULL;
212 do {
213 cur = ((void *)cur) + (cur->nd_opt_len << 3);
214 } while (cur < end && !ndisc_is_useropt(dev, cur));
215 return cur <= end && ndisc_is_useropt(dev, cur) ? cur : NULL;
216 }
217
ndisc_parse_options(const struct net_device * dev,u8 * opt,int opt_len,struct ndisc_options * ndopts)218 struct ndisc_options *ndisc_parse_options(const struct net_device *dev,
219 u8 *opt, int opt_len,
220 struct ndisc_options *ndopts)
221 {
222 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
223
224 if (!nd_opt || opt_len < 0 || !ndopts)
225 return NULL;
226 memset(ndopts, 0, sizeof(*ndopts));
227 while (opt_len) {
228 int l;
229 if (opt_len < sizeof(struct nd_opt_hdr))
230 return NULL;
231 l = nd_opt->nd_opt_len << 3;
232 if (opt_len < l || l == 0)
233 return NULL;
234 if (ndisc_ops_parse_options(dev, nd_opt, ndopts))
235 goto next_opt;
236 switch (nd_opt->nd_opt_type) {
237 case ND_OPT_SOURCE_LL_ADDR:
238 case ND_OPT_TARGET_LL_ADDR:
239 case ND_OPT_MTU:
240 case ND_OPT_NONCE:
241 case ND_OPT_REDIRECT_HDR:
242 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
243 ND_PRINTK(2, warn,
244 "%s: duplicated ND6 option found: type=%d\n",
245 __func__, nd_opt->nd_opt_type);
246 } else {
247 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
248 }
249 break;
250 case ND_OPT_PREFIX_INFO:
251 ndopts->nd_opts_pi_end = nd_opt;
252 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
253 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
254 break;
255 #ifdef CONFIG_IPV6_ROUTE_INFO
256 case ND_OPT_ROUTE_INFO:
257 ndopts->nd_opts_ri_end = nd_opt;
258 if (!ndopts->nd_opts_ri)
259 ndopts->nd_opts_ri = nd_opt;
260 break;
261 #endif
262 default:
263 if (ndisc_is_useropt(dev, nd_opt)) {
264 ndopts->nd_useropts_end = nd_opt;
265 if (!ndopts->nd_useropts)
266 ndopts->nd_useropts = nd_opt;
267 } else {
268 /*
269 * Unknown options must be silently ignored,
270 * to accommodate future extension to the
271 * protocol.
272 */
273 ND_PRINTK(2, notice,
274 "%s: ignored unsupported option; type=%d, len=%d\n",
275 __func__,
276 nd_opt->nd_opt_type,
277 nd_opt->nd_opt_len);
278 }
279 }
280 next_opt:
281 opt_len -= l;
282 nd_opt = ((void *)nd_opt) + l;
283 }
284 return ndopts;
285 }
286
ndisc_mc_map(const struct in6_addr * addr,char * buf,struct net_device * dev,int dir)287 int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
288 {
289 switch (dev->type) {
290 case ARPHRD_ETHER:
291 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */
292 case ARPHRD_FDDI:
293 ipv6_eth_mc_map(addr, buf);
294 return 0;
295 case ARPHRD_ARCNET:
296 ipv6_arcnet_mc_map(addr, buf);
297 return 0;
298 case ARPHRD_INFINIBAND:
299 ipv6_ib_mc_map(addr, dev->broadcast, buf);
300 return 0;
301 case ARPHRD_IPGRE:
302 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
303 default:
304 if (dir) {
305 memcpy(buf, dev->broadcast, dev->addr_len);
306 return 0;
307 }
308 }
309 return -EINVAL;
310 }
311 EXPORT_SYMBOL(ndisc_mc_map);
312
ndisc_hash(const void * pkey,const struct net_device * dev,__u32 * hash_rnd)313 static u32 ndisc_hash(const void *pkey,
314 const struct net_device *dev,
315 __u32 *hash_rnd)
316 {
317 return ndisc_hashfn(pkey, dev, hash_rnd);
318 }
319
ndisc_key_eq(const struct neighbour * n,const void * pkey)320 static bool ndisc_key_eq(const struct neighbour *n, const void *pkey)
321 {
322 return neigh_key_eq128(n, pkey);
323 }
324
ndisc_constructor(struct neighbour * neigh)325 static int ndisc_constructor(struct neighbour *neigh)
326 {
327 struct in6_addr *addr = (struct in6_addr *)&neigh->primary_key;
328 struct net_device *dev = neigh->dev;
329 struct inet6_dev *in6_dev;
330 struct neigh_parms *parms;
331 bool is_multicast = ipv6_addr_is_multicast(addr);
332
333 in6_dev = in6_dev_get(dev);
334 if (!in6_dev) {
335 return -EINVAL;
336 }
337
338 parms = in6_dev->nd_parms;
339 __neigh_parms_put(neigh->parms);
340 neigh->parms = neigh_parms_clone(parms);
341
342 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
343 if (!dev->header_ops) {
344 neigh->nud_state = NUD_NOARP;
345 neigh->ops = &ndisc_direct_ops;
346 neigh->output = neigh_direct_output;
347 } else {
348 if (is_multicast) {
349 neigh->nud_state = NUD_NOARP;
350 ndisc_mc_map(addr, neigh->ha, dev, 1);
351 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
352 neigh->nud_state = NUD_NOARP;
353 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
354 if (dev->flags&IFF_LOOPBACK)
355 neigh->type = RTN_LOCAL;
356 } else if (dev->flags&IFF_POINTOPOINT) {
357 neigh->nud_state = NUD_NOARP;
358 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
359 }
360 if (dev->header_ops->cache)
361 neigh->ops = &ndisc_hh_ops;
362 else
363 neigh->ops = &ndisc_generic_ops;
364 if (neigh->nud_state&NUD_VALID)
365 neigh->output = neigh->ops->connected_output;
366 else
367 neigh->output = neigh->ops->output;
368 }
369 in6_dev_put(in6_dev);
370 return 0;
371 }
372
pndisc_constructor(struct pneigh_entry * n)373 static int pndisc_constructor(struct pneigh_entry *n)
374 {
375 struct in6_addr *addr = (struct in6_addr *)&n->key;
376 struct in6_addr maddr;
377 struct net_device *dev = n->dev;
378
379 if (!dev || !__in6_dev_get(dev))
380 return -EINVAL;
381 addrconf_addr_solict_mult(addr, &maddr);
382 ipv6_dev_mc_inc(dev, &maddr);
383 return 0;
384 }
385
pndisc_destructor(struct pneigh_entry * n)386 static void pndisc_destructor(struct pneigh_entry *n)
387 {
388 struct in6_addr *addr = (struct in6_addr *)&n->key;
389 struct in6_addr maddr;
390 struct net_device *dev = n->dev;
391
392 if (!dev || !__in6_dev_get(dev))
393 return;
394 addrconf_addr_solict_mult(addr, &maddr);
395 ipv6_dev_mc_dec(dev, &maddr);
396 }
397
398 /* called with rtnl held */
ndisc_allow_add(const struct net_device * dev,struct netlink_ext_ack * extack)399 static bool ndisc_allow_add(const struct net_device *dev,
400 struct netlink_ext_ack *extack)
401 {
402 struct inet6_dev *idev = __in6_dev_get(dev);
403
404 if (!idev || idev->cnf.disable_ipv6) {
405 NL_SET_ERR_MSG(extack, "IPv6 is disabled on this device");
406 return false;
407 }
408
409 return true;
410 }
411
ndisc_alloc_skb(struct net_device * dev,int len)412 static struct sk_buff *ndisc_alloc_skb(struct net_device *dev,
413 int len)
414 {
415 int hlen = LL_RESERVED_SPACE(dev);
416 int tlen = dev->needed_tailroom;
417 struct sock *sk = dev_net(dev)->ipv6.ndisc_sk;
418 struct sk_buff *skb;
419
420 skb = alloc_skb(hlen + sizeof(struct ipv6hdr) + len + tlen, GFP_ATOMIC);
421 if (!skb) {
422 ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb\n",
423 __func__);
424 return NULL;
425 }
426
427 skb->protocol = htons(ETH_P_IPV6);
428 skb->dev = dev;
429
430 skb_reserve(skb, hlen + sizeof(struct ipv6hdr));
431 skb_reset_transport_header(skb);
432
433 /* Manually assign socket ownership as we avoid calling
434 * sock_alloc_send_pskb() to bypass wmem buffer limits
435 */
436 skb_set_owner_w(skb, sk);
437
438 return skb;
439 }
440
ip6_nd_hdr(struct sk_buff * skb,const struct in6_addr * saddr,const struct in6_addr * daddr,int hop_limit,int len)441 static void ip6_nd_hdr(struct sk_buff *skb,
442 const struct in6_addr *saddr,
443 const struct in6_addr *daddr,
444 int hop_limit, int len)
445 {
446 struct ipv6hdr *hdr;
447 struct inet6_dev *idev;
448 unsigned tclass;
449
450 rcu_read_lock();
451 idev = __in6_dev_get(skb->dev);
452 tclass = idev ? idev->cnf.ndisc_tclass : 0;
453 rcu_read_unlock();
454
455 skb_push(skb, sizeof(*hdr));
456 skb_reset_network_header(skb);
457 hdr = ipv6_hdr(skb);
458
459 ip6_flow_hdr(hdr, tclass, 0);
460
461 hdr->payload_len = htons(len);
462 hdr->nexthdr = IPPROTO_ICMPV6;
463 hdr->hop_limit = hop_limit;
464
465 hdr->saddr = *saddr;
466 hdr->daddr = *daddr;
467 }
468
ndisc_send_skb(struct sk_buff * skb,const struct in6_addr * daddr,const struct in6_addr * saddr)469 void ndisc_send_skb(struct sk_buff *skb, const struct in6_addr *daddr,
470 const struct in6_addr *saddr)
471 {
472 struct dst_entry *dst = skb_dst(skb);
473 struct net *net = dev_net(skb->dev);
474 struct sock *sk = net->ipv6.ndisc_sk;
475 struct inet6_dev *idev;
476 int err;
477 struct icmp6hdr *icmp6h = icmp6_hdr(skb);
478 u8 type;
479
480 type = icmp6h->icmp6_type;
481
482 if (!dst) {
483 struct flowi6 fl6;
484 int oif = skb->dev->ifindex;
485
486 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, oif);
487 dst = icmp6_dst_alloc(skb->dev, &fl6);
488 if (IS_ERR(dst)) {
489 kfree_skb(skb);
490 return;
491 }
492
493 skb_dst_set(skb, dst);
494 }
495
496 icmp6h->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len,
497 IPPROTO_ICMPV6,
498 csum_partial(icmp6h,
499 skb->len, 0));
500
501 ip6_nd_hdr(skb, saddr, daddr, inet6_sk(sk)->hop_limit, skb->len);
502
503 rcu_read_lock();
504 idev = __in6_dev_get(dst->dev);
505 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
506
507 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT,
508 net, sk, skb, NULL, dst->dev,
509 dst_output);
510 if (!err) {
511 ICMP6MSGOUT_INC_STATS(net, idev, type);
512 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
513 }
514
515 rcu_read_unlock();
516 }
517 EXPORT_SYMBOL(ndisc_send_skb);
518
ndisc_send_na(struct net_device * dev,const struct in6_addr * daddr,const struct in6_addr * solicited_addr,bool router,bool solicited,bool override,bool inc_opt)519 void ndisc_send_na(struct net_device *dev, const struct in6_addr *daddr,
520 const struct in6_addr *solicited_addr,
521 bool router, bool solicited, bool override, bool inc_opt)
522 {
523 struct sk_buff *skb;
524 struct in6_addr tmpaddr;
525 struct inet6_ifaddr *ifp;
526 const struct in6_addr *src_addr;
527 struct nd_msg *msg;
528 int optlen = 0;
529
530 /* for anycast or proxy, solicited_addr != src_addr */
531 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
532 if (ifp) {
533 src_addr = solicited_addr;
534 if (ifp->flags & IFA_F_OPTIMISTIC)
535 override = false;
536 inc_opt |= ifp->idev->cnf.force_tllao;
537 in6_ifa_put(ifp);
538 } else {
539 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
540 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
541 &tmpaddr))
542 return;
543 src_addr = &tmpaddr;
544 }
545
546 if (!dev->addr_len)
547 inc_opt = false;
548 if (inc_opt)
549 optlen += ndisc_opt_addr_space(dev,
550 NDISC_NEIGHBOUR_ADVERTISEMENT);
551
552 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
553 if (!skb)
554 return;
555
556 msg = skb_put(skb, sizeof(*msg));
557 *msg = (struct nd_msg) {
558 .icmph = {
559 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
560 .icmp6_router = router,
561 .icmp6_solicited = solicited,
562 .icmp6_override = override,
563 },
564 .target = *solicited_addr,
565 };
566
567 if (inc_opt)
568 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR,
569 dev->dev_addr,
570 NDISC_NEIGHBOUR_ADVERTISEMENT);
571
572 ndisc_send_skb(skb, daddr, src_addr);
573 }
574
ndisc_send_unsol_na(struct net_device * dev)575 static void ndisc_send_unsol_na(struct net_device *dev)
576 {
577 struct inet6_dev *idev;
578 struct inet6_ifaddr *ifa;
579
580 idev = in6_dev_get(dev);
581 if (!idev)
582 return;
583
584 read_lock_bh(&idev->lock);
585 list_for_each_entry(ifa, &idev->addr_list, if_list) {
586 /* skip tentative addresses until dad completes */
587 if (ifa->flags & IFA_F_TENTATIVE &&
588 !(ifa->flags & IFA_F_OPTIMISTIC))
589 continue;
590
591 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &ifa->addr,
592 /*router=*/ !!idev->cnf.forwarding,
593 /*solicited=*/ false, /*override=*/ true,
594 /*inc_opt=*/ true);
595 }
596 read_unlock_bh(&idev->lock);
597
598 in6_dev_put(idev);
599 }
600
ndisc_ns_create(struct net_device * dev,const struct in6_addr * solicit,const struct in6_addr * saddr,u64 nonce)601 struct sk_buff *ndisc_ns_create(struct net_device *dev, const struct in6_addr *solicit,
602 const struct in6_addr *saddr, u64 nonce)
603 {
604 int inc_opt = dev->addr_len;
605 struct sk_buff *skb;
606 struct nd_msg *msg;
607 int optlen = 0;
608
609 if (!saddr)
610 return NULL;
611
612 if (ipv6_addr_any(saddr))
613 inc_opt = false;
614 if (inc_opt)
615 optlen += ndisc_opt_addr_space(dev,
616 NDISC_NEIGHBOUR_SOLICITATION);
617 if (nonce != 0)
618 optlen += 8;
619
620 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
621 if (!skb)
622 return NULL;
623
624 msg = skb_put(skb, sizeof(*msg));
625 *msg = (struct nd_msg) {
626 .icmph = {
627 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
628 },
629 .target = *solicit,
630 };
631
632 if (inc_opt)
633 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
634 dev->dev_addr,
635 NDISC_NEIGHBOUR_SOLICITATION);
636 if (nonce != 0) {
637 u8 *opt = skb_put(skb, 8);
638
639 opt[0] = ND_OPT_NONCE;
640 opt[1] = 8 >> 3;
641 memcpy(opt + 2, &nonce, 6);
642 }
643
644 return skb;
645 }
646 EXPORT_SYMBOL(ndisc_ns_create);
647
ndisc_send_ns(struct net_device * dev,const struct in6_addr * solicit,const struct in6_addr * daddr,const struct in6_addr * saddr,u64 nonce)648 void ndisc_send_ns(struct net_device *dev, const struct in6_addr *solicit,
649 const struct in6_addr *daddr, const struct in6_addr *saddr,
650 u64 nonce)
651 {
652 struct in6_addr addr_buf;
653 struct sk_buff *skb;
654
655 if (!saddr) {
656 if (ipv6_get_lladdr(dev, &addr_buf,
657 (IFA_F_TENTATIVE | IFA_F_OPTIMISTIC)))
658 return;
659 saddr = &addr_buf;
660 }
661
662 skb = ndisc_ns_create(dev, solicit, saddr, nonce);
663
664 if (skb)
665 ndisc_send_skb(skb, daddr, saddr);
666 }
667
ndisc_send_rs(struct net_device * dev,const struct in6_addr * saddr,const struct in6_addr * daddr)668 void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
669 const struct in6_addr *daddr)
670 {
671 struct sk_buff *skb;
672 struct rs_msg *msg;
673 int send_sllao = dev->addr_len;
674 int optlen = 0;
675
676 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
677 /*
678 * According to section 2.2 of RFC 4429, we must not
679 * send router solicitations with a sllao from
680 * optimistic addresses, but we may send the solicitation
681 * if we don't include the sllao. So here we check
682 * if our address is optimistic, and if so, we
683 * suppress the inclusion of the sllao.
684 */
685 if (send_sllao) {
686 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
687 dev, 1);
688 if (ifp) {
689 if (ifp->flags & IFA_F_OPTIMISTIC) {
690 send_sllao = 0;
691 }
692 in6_ifa_put(ifp);
693 } else {
694 send_sllao = 0;
695 }
696 }
697 #endif
698 if (send_sllao)
699 optlen += ndisc_opt_addr_space(dev, NDISC_ROUTER_SOLICITATION);
700
701 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
702 if (!skb)
703 return;
704
705 msg = skb_put(skb, sizeof(*msg));
706 *msg = (struct rs_msg) {
707 .icmph = {
708 .icmp6_type = NDISC_ROUTER_SOLICITATION,
709 },
710 };
711
712 if (send_sllao)
713 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
714 dev->dev_addr,
715 NDISC_ROUTER_SOLICITATION);
716
717 ndisc_send_skb(skb, daddr, saddr);
718 }
719
720
ndisc_error_report(struct neighbour * neigh,struct sk_buff * skb)721 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
722 {
723 /*
724 * "The sender MUST return an ICMP
725 * destination unreachable"
726 */
727 dst_link_failure(skb);
728 kfree_skb(skb);
729 }
730
731 /* Called with locked neigh: either read or both */
732
ndisc_solicit(struct neighbour * neigh,struct sk_buff * skb)733 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
734 {
735 struct in6_addr *saddr = NULL;
736 struct in6_addr mcaddr;
737 struct net_device *dev = neigh->dev;
738 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
739 int probes = atomic_read(&neigh->probes);
740
741 if (skb && ipv6_chk_addr_and_flags(dev_net(dev), &ipv6_hdr(skb)->saddr,
742 dev, false, 1,
743 IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))
744 saddr = &ipv6_hdr(skb)->saddr;
745 probes -= NEIGH_VAR(neigh->parms, UCAST_PROBES);
746 if (probes < 0) {
747 if (!(neigh->nud_state & NUD_VALID)) {
748 ND_PRINTK(1, dbg,
749 "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
750 __func__, target);
751 }
752 ndisc_send_ns(dev, target, target, saddr, 0);
753 } else if ((probes -= NEIGH_VAR(neigh->parms, APP_PROBES)) < 0) {
754 neigh_app_ns(neigh);
755 } else {
756 addrconf_addr_solict_mult(target, &mcaddr);
757 ndisc_send_ns(dev, target, &mcaddr, saddr, 0);
758 }
759 }
760
pndisc_is_router(const void * pkey,struct net_device * dev)761 static int pndisc_is_router(const void *pkey,
762 struct net_device *dev)
763 {
764 struct pneigh_entry *n;
765 int ret = -1;
766
767 read_lock_bh(&nd_tbl.lock);
768 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
769 if (n)
770 ret = !!(n->flags & NTF_ROUTER);
771 read_unlock_bh(&nd_tbl.lock);
772
773 return ret;
774 }
775
ndisc_update(const struct net_device * dev,struct neighbour * neigh,const u8 * lladdr,u8 new,u32 flags,u8 icmp6_type,struct ndisc_options * ndopts)776 void ndisc_update(const struct net_device *dev, struct neighbour *neigh,
777 const u8 *lladdr, u8 new, u32 flags, u8 icmp6_type,
778 struct ndisc_options *ndopts)
779 {
780 neigh_update(neigh, lladdr, new, flags, 0);
781 /* report ndisc ops about neighbour update */
782 ndisc_ops_update(dev, neigh, flags, icmp6_type, ndopts);
783 }
784
ndisc_recv_ns(struct sk_buff * skb)785 static void ndisc_recv_ns(struct sk_buff *skb)
786 {
787 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
788 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
789 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
790 u8 *lladdr = NULL;
791 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
792 offsetof(struct nd_msg, opt));
793 struct ndisc_options ndopts;
794 struct net_device *dev = skb->dev;
795 struct inet6_ifaddr *ifp;
796 struct inet6_dev *idev = NULL;
797 struct neighbour *neigh;
798 int dad = ipv6_addr_any(saddr);
799 bool inc;
800 int is_router = -1;
801 u64 nonce = 0;
802
803 if (skb->len < sizeof(struct nd_msg)) {
804 ND_PRINTK(2, warn, "NS: packet too short\n");
805 return;
806 }
807
808 if (ipv6_addr_is_multicast(&msg->target)) {
809 ND_PRINTK(2, warn, "NS: multicast target address\n");
810 return;
811 }
812
813 /*
814 * RFC2461 7.1.1:
815 * DAD has to be destined for solicited node multicast address.
816 */
817 if (dad && !ipv6_addr_is_solict_mult(daddr)) {
818 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
819 return;
820 }
821
822 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
823 ND_PRINTK(2, warn, "NS: invalid ND options\n");
824 return;
825 }
826
827 if (ndopts.nd_opts_src_lladdr) {
828 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
829 if (!lladdr) {
830 ND_PRINTK(2, warn,
831 "NS: invalid link-layer address length\n");
832 return;
833 }
834
835 /* RFC2461 7.1.1:
836 * If the IP source address is the unspecified address,
837 * there MUST NOT be source link-layer address option
838 * in the message.
839 */
840 if (dad) {
841 ND_PRINTK(2, warn,
842 "NS: bad DAD packet (link-layer address option)\n");
843 return;
844 }
845 }
846 if (ndopts.nd_opts_nonce && ndopts.nd_opts_nonce->nd_opt_len == 1)
847 memcpy(&nonce, (u8 *)(ndopts.nd_opts_nonce + 1), 6);
848
849 inc = ipv6_addr_is_multicast(daddr);
850
851 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
852 if (ifp) {
853 have_ifp:
854 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
855 if (dad) {
856 if (nonce != 0 && ifp->dad_nonce == nonce) {
857 u8 *np = (u8 *)&nonce;
858 /* Matching nonce if looped back */
859 ND_PRINTK(2, notice,
860 "%s: IPv6 DAD loopback for address %pI6c nonce %pM ignored\n",
861 ifp->idev->dev->name,
862 &ifp->addr, np);
863 goto out;
864 }
865 /*
866 * We are colliding with another node
867 * who is doing DAD
868 * so fail our DAD process
869 */
870 addrconf_dad_failure(skb, ifp);
871 return;
872 } else {
873 /*
874 * This is not a dad solicitation.
875 * If we are an optimistic node,
876 * we should respond.
877 * Otherwise, we should ignore it.
878 */
879 if (!(ifp->flags & IFA_F_OPTIMISTIC))
880 goto out;
881 }
882 }
883
884 idev = ifp->idev;
885 } else {
886 struct net *net = dev_net(dev);
887
888 /* perhaps an address on the master device */
889 if (netif_is_l3_slave(dev)) {
890 struct net_device *mdev;
891
892 mdev = netdev_master_upper_dev_get_rcu(dev);
893 if (mdev) {
894 ifp = ipv6_get_ifaddr(net, &msg->target, mdev, 1);
895 if (ifp)
896 goto have_ifp;
897 }
898 }
899
900 idev = in6_dev_get(dev);
901 if (!idev) {
902 /* XXX: count this drop? */
903 return;
904 }
905
906 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
907 (idev->cnf.forwarding &&
908 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
909 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
910 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
911 skb->pkt_type != PACKET_HOST &&
912 inc &&
913 NEIGH_VAR(idev->nd_parms, PROXY_DELAY) != 0) {
914 /*
915 * for anycast or proxy,
916 * sender should delay its response
917 * by a random time between 0 and
918 * MAX_ANYCAST_DELAY_TIME seconds.
919 * (RFC2461) -- yoshfuji
920 */
921 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
922 if (n)
923 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
924 goto out;
925 }
926 } else
927 goto out;
928 }
929
930 if (is_router < 0)
931 is_router = idev->cnf.forwarding;
932
933 if (dad) {
934 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &msg->target,
935 !!is_router, false, (ifp != NULL), true);
936 goto out;
937 }
938
939 if (inc)
940 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
941 else
942 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
943
944 /*
945 * update / create cache entry
946 * for the source address
947 */
948 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
949 !inc || lladdr || !dev->addr_len);
950 if (neigh)
951 ndisc_update(dev, neigh, lladdr, NUD_STALE,
952 NEIGH_UPDATE_F_WEAK_OVERRIDE|
953 NEIGH_UPDATE_F_OVERRIDE,
954 NDISC_NEIGHBOUR_SOLICITATION, &ndopts);
955 if (neigh || !dev->header_ops) {
956 ndisc_send_na(dev, saddr, &msg->target, !!is_router,
957 true, (ifp != NULL && inc), inc);
958 if (neigh)
959 neigh_release(neigh);
960 }
961
962 out:
963 if (ifp)
964 in6_ifa_put(ifp);
965 else
966 in6_dev_put(idev);
967 }
968
ndisc_recv_na(struct sk_buff * skb)969 static void ndisc_recv_na(struct sk_buff *skb)
970 {
971 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
972 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
973 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
974 u8 *lladdr = NULL;
975 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
976 offsetof(struct nd_msg, opt));
977 struct ndisc_options ndopts;
978 struct net_device *dev = skb->dev;
979 struct inet6_dev *idev = __in6_dev_get(dev);
980 struct inet6_ifaddr *ifp;
981 struct neighbour *neigh;
982 u8 new_state;
983
984 if (skb->len < sizeof(struct nd_msg)) {
985 ND_PRINTK(2, warn, "NA: packet too short\n");
986 return;
987 }
988
989 if (ipv6_addr_is_multicast(&msg->target)) {
990 ND_PRINTK(2, warn, "NA: target address is multicast\n");
991 return;
992 }
993
994 if (ipv6_addr_is_multicast(daddr) &&
995 msg->icmph.icmp6_solicited) {
996 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
997 return;
998 }
999
1000 /* For some 802.11 wireless deployments (and possibly other networks),
1001 * there will be a NA proxy and unsolicitd packets are attacks
1002 * and thus should not be accepted.
1003 * drop_unsolicited_na takes precedence over accept_untracked_na
1004 */
1005 if (!msg->icmph.icmp6_solicited && idev &&
1006 idev->cnf.drop_unsolicited_na)
1007 return;
1008
1009 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
1010 ND_PRINTK(2, warn, "NS: invalid ND option\n");
1011 return;
1012 }
1013 if (ndopts.nd_opts_tgt_lladdr) {
1014 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
1015 if (!lladdr) {
1016 ND_PRINTK(2, warn,
1017 "NA: invalid link-layer address length\n");
1018 return;
1019 }
1020 }
1021 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
1022 if (ifp) {
1023 if (skb->pkt_type != PACKET_LOOPBACK
1024 && (ifp->flags & IFA_F_TENTATIVE)) {
1025 addrconf_dad_failure(skb, ifp);
1026 return;
1027 }
1028 /* What should we make now? The advertisement
1029 is invalid, but ndisc specs say nothing
1030 about it. It could be misconfiguration, or
1031 an smart proxy agent tries to help us :-)
1032
1033 We should not print the error if NA has been
1034 received from loopback - it is just our own
1035 unsolicited advertisement.
1036 */
1037 if (skb->pkt_type != PACKET_LOOPBACK)
1038 ND_PRINTK(1, warn,
1039 "NA: %pM advertised our address %pI6c on %s!\n",
1040 eth_hdr(skb)->h_source, &ifp->addr, ifp->idev->dev->name);
1041 in6_ifa_put(ifp);
1042 return;
1043 }
1044
1045 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
1046
1047 /* RFC 9131 updates original Neighbour Discovery RFC 4861.
1048 * NAs with Target LL Address option without a corresponding
1049 * entry in the neighbour cache can now create a STALE neighbour
1050 * cache entry on routers.
1051 *
1052 * entry accept fwding solicited behaviour
1053 * ------- ------ ------ --------- ----------------------
1054 * present X X 0 Set state to STALE
1055 * present X X 1 Set state to REACHABLE
1056 * absent 0 X X Do nothing
1057 * absent 1 0 X Do nothing
1058 * absent 1 1 X Add a new STALE entry
1059 *
1060 * Note that we don't do a (daddr == all-routers-mcast) check.
1061 */
1062 new_state = msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE;
1063 if (!neigh && lladdr &&
1064 idev && idev->cnf.forwarding &&
1065 idev->cnf.accept_untracked_na) {
1066 neigh = neigh_create(&nd_tbl, &msg->target, dev);
1067 new_state = NUD_STALE;
1068 }
1069
1070 if (neigh && !IS_ERR(neigh)) {
1071 u8 old_flags = neigh->flags;
1072 struct net *net = dev_net(dev);
1073
1074 if (neigh->nud_state & NUD_FAILED)
1075 goto out;
1076
1077 /*
1078 * Don't update the neighbor cache entry on a proxy NA from
1079 * ourselves because either the proxied node is off link or it
1080 * has already sent a NA to us.
1081 */
1082 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
1083 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
1084 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
1085 /* XXX: idev->cnf.proxy_ndp */
1086 goto out;
1087 }
1088
1089 ndisc_update(dev, neigh, lladdr,
1090 new_state,
1091 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1092 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
1093 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1094 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0),
1095 NDISC_NEIGHBOUR_ADVERTISEMENT, &ndopts);
1096
1097 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
1098 /*
1099 * Change: router to host
1100 */
1101 rt6_clean_tohost(dev_net(dev), saddr);
1102 }
1103
1104 out:
1105 neigh_release(neigh);
1106 }
1107 }
1108
ndisc_recv_rs(struct sk_buff * skb)1109 static void ndisc_recv_rs(struct sk_buff *skb)
1110 {
1111 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
1112 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
1113 struct neighbour *neigh;
1114 struct inet6_dev *idev;
1115 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
1116 struct ndisc_options ndopts;
1117 u8 *lladdr = NULL;
1118
1119 if (skb->len < sizeof(*rs_msg))
1120 return;
1121
1122 idev = __in6_dev_get(skb->dev);
1123 if (!idev) {
1124 ND_PRINTK(1, err, "RS: can't find in6 device\n");
1125 return;
1126 }
1127
1128 /* Don't accept RS if we're not in router mode */
1129 if (!idev->cnf.forwarding)
1130 goto out;
1131
1132 /*
1133 * Don't update NCE if src = ::;
1134 * this implies that the source node has no ip address assigned yet.
1135 */
1136 if (ipv6_addr_any(saddr))
1137 goto out;
1138
1139 /* Parse ND options */
1140 if (!ndisc_parse_options(skb->dev, rs_msg->opt, ndoptlen, &ndopts)) {
1141 ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n");
1142 goto out;
1143 }
1144
1145 if (ndopts.nd_opts_src_lladdr) {
1146 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1147 skb->dev);
1148 if (!lladdr)
1149 goto out;
1150 }
1151
1152 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1153 if (neigh) {
1154 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1155 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1156 NEIGH_UPDATE_F_OVERRIDE|
1157 NEIGH_UPDATE_F_OVERRIDE_ISROUTER,
1158 NDISC_ROUTER_SOLICITATION, &ndopts);
1159 neigh_release(neigh);
1160 }
1161 out:
1162 return;
1163 }
1164
ndisc_ra_useropt(struct sk_buff * ra,struct nd_opt_hdr * opt)1165 static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1166 {
1167 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1168 struct sk_buff *skb;
1169 struct nlmsghdr *nlh;
1170 struct nduseroptmsg *ndmsg;
1171 struct net *net = dev_net(ra->dev);
1172 int err;
1173 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1174 + (opt->nd_opt_len << 3));
1175 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1176
1177 skb = nlmsg_new(msg_size, GFP_ATOMIC);
1178 if (!skb) {
1179 err = -ENOBUFS;
1180 goto errout;
1181 }
1182
1183 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1184 if (!nlh) {
1185 goto nla_put_failure;
1186 }
1187
1188 ndmsg = nlmsg_data(nlh);
1189 ndmsg->nduseropt_family = AF_INET6;
1190 ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1191 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1192 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1193 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1194
1195 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1196
1197 if (nla_put_in6_addr(skb, NDUSEROPT_SRCADDR, &ipv6_hdr(ra)->saddr))
1198 goto nla_put_failure;
1199 nlmsg_end(skb, nlh);
1200
1201 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1202 return;
1203
1204 nla_put_failure:
1205 nlmsg_free(skb);
1206 err = -EMSGSIZE;
1207 errout:
1208 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1209 }
1210
ndisc_router_discovery(struct sk_buff * skb)1211 static void ndisc_router_discovery(struct sk_buff *skb)
1212 {
1213 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1214 struct neighbour *neigh = NULL;
1215 struct inet6_dev *in6_dev;
1216 struct fib6_info *rt = NULL;
1217 u32 defrtr_usr_metric;
1218 struct net *net;
1219 int lifetime;
1220 struct ndisc_options ndopts;
1221 int optlen;
1222 unsigned int pref = 0;
1223 __u32 old_if_flags;
1224 bool send_ifinfo_notify = false;
1225
1226 __u8 *opt = (__u8 *)(ra_msg + 1);
1227
1228 optlen = (skb_tail_pointer(skb) - skb_transport_header(skb)) -
1229 sizeof(struct ra_msg);
1230
1231 ND_PRINTK(2, info,
1232 "RA: %s, dev: %s\n",
1233 __func__, skb->dev->name);
1234 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1235 ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1236 return;
1237 }
1238 if (optlen < 0) {
1239 ND_PRINTK(2, warn, "RA: packet too short\n");
1240 return;
1241 }
1242
1243 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1244 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1245 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
1246 return;
1247 }
1248 #endif
1249
1250 /*
1251 * set the RA_RECV flag in the interface
1252 */
1253
1254 in6_dev = __in6_dev_get(skb->dev);
1255 if (!in6_dev) {
1256 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1257 skb->dev->name);
1258 return;
1259 }
1260
1261 if (!ndisc_parse_options(skb->dev, opt, optlen, &ndopts)) {
1262 ND_PRINTK(2, warn, "RA: invalid ND options\n");
1263 return;
1264 }
1265
1266 if (!ipv6_accept_ra(in6_dev)) {
1267 ND_PRINTK(2, info,
1268 "RA: %s, did not accept ra for dev: %s\n",
1269 __func__, skb->dev->name);
1270 goto skip_linkparms;
1271 }
1272
1273 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1274 /* skip link-specific parameters from interior routers */
1275 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1276 ND_PRINTK(2, info,
1277 "RA: %s, nodetype is NODEFAULT, dev: %s\n",
1278 __func__, skb->dev->name);
1279 goto skip_linkparms;
1280 }
1281 #endif
1282
1283 if (in6_dev->if_flags & IF_RS_SENT) {
1284 /*
1285 * flag that an RA was received after an RS was sent
1286 * out on this interface.
1287 */
1288 in6_dev->if_flags |= IF_RA_RCVD;
1289 }
1290
1291 /*
1292 * Remember the managed/otherconf flags from most recently
1293 * received RA message (RFC 2462) -- yoshfuji
1294 */
1295 old_if_flags = in6_dev->if_flags;
1296 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1297 IF_RA_OTHERCONF)) |
1298 (ra_msg->icmph.icmp6_addrconf_managed ?
1299 IF_RA_MANAGED : 0) |
1300 (ra_msg->icmph.icmp6_addrconf_other ?
1301 IF_RA_OTHERCONF : 0);
1302
1303 if (old_if_flags != in6_dev->if_flags)
1304 send_ifinfo_notify = true;
1305
1306 if (!in6_dev->cnf.accept_ra_defrtr) {
1307 ND_PRINTK(2, info,
1308 "RA: %s, defrtr is false for dev: %s\n",
1309 __func__, skb->dev->name);
1310 goto skip_defrtr;
1311 }
1312
1313 /* Do not accept RA with source-addr found on local machine unless
1314 * accept_ra_from_local is set to true.
1315 */
1316 net = dev_net(in6_dev->dev);
1317 if (!in6_dev->cnf.accept_ra_from_local &&
1318 ipv6_chk_addr(net, &ipv6_hdr(skb)->saddr, in6_dev->dev, 0)) {
1319 ND_PRINTK(2, info,
1320 "RA from local address detected on dev: %s: default router ignored\n",
1321 skb->dev->name);
1322 goto skip_defrtr;
1323 }
1324
1325 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1326
1327 #ifdef CONFIG_IPV6_ROUTER_PREF
1328 pref = ra_msg->icmph.icmp6_router_pref;
1329 /* 10b is handled as if it were 00b (medium) */
1330 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1331 !in6_dev->cnf.accept_ra_rtr_pref)
1332 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1333 #endif
1334 /* routes added from RAs do not use nexthop objects */
1335 rt = rt6_get_dflt_router(net, &ipv6_hdr(skb)->saddr, skb->dev);
1336 if (rt) {
1337 neigh = ip6_neigh_lookup(&rt->fib6_nh->fib_nh_gw6,
1338 rt->fib6_nh->fib_nh_dev, NULL,
1339 &ipv6_hdr(skb)->saddr);
1340 if (!neigh) {
1341 ND_PRINTK(0, err,
1342 "RA: %s got default router without neighbour\n",
1343 __func__);
1344 fib6_info_release(rt);
1345 return;
1346 }
1347 }
1348 /* Set default route metric as specified by user */
1349 defrtr_usr_metric = in6_dev->cnf.ra_defrtr_metric;
1350 /* delete the route if lifetime is 0 or if metric needs change */
1351 if (rt && (lifetime == 0 || rt->fib6_metric != defrtr_usr_metric)) {
1352 ip6_del_rt(net, rt, false);
1353 rt = NULL;
1354 }
1355
1356 ND_PRINTK(3, info, "RA: rt: %p lifetime: %d, metric: %d, for dev: %s\n",
1357 rt, lifetime, defrtr_usr_metric, skb->dev->name);
1358 if (!rt && lifetime) {
1359 ND_PRINTK(3, info, "RA: adding default router\n");
1360
1361 if (neigh)
1362 neigh_release(neigh);
1363
1364 rt = rt6_add_dflt_router(net, &ipv6_hdr(skb)->saddr,
1365 skb->dev, pref, defrtr_usr_metric);
1366 if (!rt) {
1367 ND_PRINTK(0, err,
1368 "RA: %s failed to add default route\n",
1369 __func__);
1370 return;
1371 }
1372
1373 neigh = ip6_neigh_lookup(&rt->fib6_nh->fib_nh_gw6,
1374 rt->fib6_nh->fib_nh_dev, NULL,
1375 &ipv6_hdr(skb)->saddr);
1376 if (!neigh) {
1377 ND_PRINTK(0, err,
1378 "RA: %s got default router without neighbour\n",
1379 __func__);
1380 fib6_info_release(rt);
1381 return;
1382 }
1383 neigh->flags |= NTF_ROUTER;
1384 } else if (rt && IPV6_EXTRACT_PREF(rt->fib6_flags) != pref) {
1385 struct nl_info nlinfo = {
1386 .nl_net = net,
1387 };
1388 rt->fib6_flags = (rt->fib6_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1389 inet6_rt_notify(RTM_NEWROUTE, rt, &nlinfo, NLM_F_REPLACE);
1390 }
1391
1392 if (rt)
1393 fib6_set_expires(rt, jiffies + (HZ * lifetime));
1394 if (in6_dev->cnf.accept_ra_min_hop_limit < 256 &&
1395 ra_msg->icmph.icmp6_hop_limit) {
1396 if (in6_dev->cnf.accept_ra_min_hop_limit <= ra_msg->icmph.icmp6_hop_limit) {
1397 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1398 fib6_metric_set(rt, RTAX_HOPLIMIT,
1399 ra_msg->icmph.icmp6_hop_limit);
1400 } else {
1401 ND_PRINTK(2, warn, "RA: Got route advertisement with lower hop_limit than minimum\n");
1402 }
1403 }
1404
1405 skip_defrtr:
1406
1407 /*
1408 * Update Reachable Time and Retrans Timer
1409 */
1410
1411 if (in6_dev->nd_parms) {
1412 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1413
1414 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1415 rtime = (rtime*HZ)/1000;
1416 if (rtime < HZ/100)
1417 rtime = HZ/100;
1418 NEIGH_VAR_SET(in6_dev->nd_parms, RETRANS_TIME, rtime);
1419 in6_dev->tstamp = jiffies;
1420 send_ifinfo_notify = true;
1421 }
1422
1423 rtime = ntohl(ra_msg->reachable_time);
1424 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1425 rtime = (rtime*HZ)/1000;
1426
1427 if (rtime < HZ/10)
1428 rtime = HZ/10;
1429
1430 if (rtime != NEIGH_VAR(in6_dev->nd_parms, BASE_REACHABLE_TIME)) {
1431 NEIGH_VAR_SET(in6_dev->nd_parms,
1432 BASE_REACHABLE_TIME, rtime);
1433 NEIGH_VAR_SET(in6_dev->nd_parms,
1434 GC_STALETIME, 3 * rtime);
1435 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1436 in6_dev->tstamp = jiffies;
1437 send_ifinfo_notify = true;
1438 }
1439 }
1440 }
1441
1442 skip_linkparms:
1443
1444 /*
1445 * Process options.
1446 */
1447
1448 if (!neigh)
1449 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1450 skb->dev, 1);
1451 if (neigh) {
1452 u8 *lladdr = NULL;
1453 if (ndopts.nd_opts_src_lladdr) {
1454 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1455 skb->dev);
1456 if (!lladdr) {
1457 ND_PRINTK(2, warn,
1458 "RA: invalid link-layer address length\n");
1459 goto out;
1460 }
1461 }
1462 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1463 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1464 NEIGH_UPDATE_F_OVERRIDE|
1465 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1466 NEIGH_UPDATE_F_ISROUTER,
1467 NDISC_ROUTER_ADVERTISEMENT, &ndopts);
1468 }
1469
1470 if (!ipv6_accept_ra(in6_dev)) {
1471 ND_PRINTK(2, info,
1472 "RA: %s, accept_ra is false for dev: %s\n",
1473 __func__, skb->dev->name);
1474 goto out;
1475 }
1476
1477 #ifdef CONFIG_IPV6_ROUTE_INFO
1478 if (!in6_dev->cnf.accept_ra_from_local &&
1479 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
1480 in6_dev->dev, 0)) {
1481 ND_PRINTK(2, info,
1482 "RA from local address detected on dev: %s: router info ignored.\n",
1483 skb->dev->name);
1484 goto skip_routeinfo;
1485 }
1486
1487 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1488 struct nd_opt_hdr *p;
1489 for (p = ndopts.nd_opts_ri;
1490 p;
1491 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1492 struct route_info *ri = (struct route_info *)p;
1493 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1494 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1495 ri->prefix_len == 0)
1496 continue;
1497 #endif
1498 if (ri->prefix_len == 0 &&
1499 !in6_dev->cnf.accept_ra_defrtr)
1500 continue;
1501 if (ri->prefix_len < in6_dev->cnf.accept_ra_rt_info_min_plen)
1502 continue;
1503 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1504 continue;
1505 rt6_route_rcv(skb->dev, (u8 *)p, (p->nd_opt_len) << 3,
1506 &ipv6_hdr(skb)->saddr);
1507 }
1508 }
1509
1510 skip_routeinfo:
1511 #endif
1512
1513 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1514 /* skip link-specific ndopts from interior routers */
1515 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1516 ND_PRINTK(2, info,
1517 "RA: %s, nodetype is NODEFAULT (interior routes), dev: %s\n",
1518 __func__, skb->dev->name);
1519 goto out;
1520 }
1521 #endif
1522
1523 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1524 struct nd_opt_hdr *p;
1525 for (p = ndopts.nd_opts_pi;
1526 p;
1527 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1528 addrconf_prefix_rcv(skb->dev, (u8 *)p,
1529 (p->nd_opt_len) << 3,
1530 ndopts.nd_opts_src_lladdr != NULL);
1531 }
1532 }
1533
1534 if (ndopts.nd_opts_mtu && in6_dev->cnf.accept_ra_mtu) {
1535 __be32 n;
1536 u32 mtu;
1537
1538 memcpy(&n, ((u8 *)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1539 mtu = ntohl(n);
1540
1541 if (in6_dev->ra_mtu != mtu) {
1542 in6_dev->ra_mtu = mtu;
1543 send_ifinfo_notify = true;
1544 }
1545
1546 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1547 ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1548 } else if (in6_dev->cnf.mtu6 != mtu) {
1549 in6_dev->cnf.mtu6 = mtu;
1550 fib6_metric_set(rt, RTAX_MTU, mtu);
1551 rt6_mtu_change(skb->dev, mtu);
1552 }
1553 }
1554
1555 if (ndopts.nd_useropts) {
1556 struct nd_opt_hdr *p;
1557 for (p = ndopts.nd_useropts;
1558 p;
1559 p = ndisc_next_useropt(skb->dev, p,
1560 ndopts.nd_useropts_end)) {
1561 ndisc_ra_useropt(skb, p);
1562 }
1563 }
1564
1565 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1566 ND_PRINTK(2, warn, "RA: invalid RA options\n");
1567 }
1568 out:
1569 /* Send a notify if RA changed managed/otherconf flags or
1570 * timer settings or ra_mtu value
1571 */
1572 if (send_ifinfo_notify)
1573 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1574
1575 fib6_info_release(rt);
1576 if (neigh)
1577 neigh_release(neigh);
1578 }
1579
ndisc_redirect_rcv(struct sk_buff * skb)1580 static void ndisc_redirect_rcv(struct sk_buff *skb)
1581 {
1582 u8 *hdr;
1583 struct ndisc_options ndopts;
1584 struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb);
1585 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
1586 offsetof(struct rd_msg, opt));
1587
1588 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1589 switch (skb->ndisc_nodetype) {
1590 case NDISC_NODETYPE_HOST:
1591 case NDISC_NODETYPE_NODEFAULT:
1592 ND_PRINTK(2, warn,
1593 "Redirect: from host or unauthorized router\n");
1594 return;
1595 }
1596 #endif
1597
1598 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1599 ND_PRINTK(2, warn,
1600 "Redirect: source address is not link-local\n");
1601 return;
1602 }
1603
1604 if (!ndisc_parse_options(skb->dev, msg->opt, ndoptlen, &ndopts))
1605 return;
1606
1607 if (!ndopts.nd_opts_rh) {
1608 ip6_redirect_no_header(skb, dev_net(skb->dev),
1609 skb->dev->ifindex);
1610 return;
1611 }
1612
1613 hdr = (u8 *)ndopts.nd_opts_rh;
1614 hdr += 8;
1615 if (!pskb_pull(skb, hdr - skb_transport_header(skb)))
1616 return;
1617
1618 icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1619 }
1620
ndisc_fill_redirect_hdr_option(struct sk_buff * skb,struct sk_buff * orig_skb,int rd_len)1621 static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb,
1622 struct sk_buff *orig_skb,
1623 int rd_len)
1624 {
1625 u8 *opt = skb_put(skb, rd_len);
1626
1627 memset(opt, 0, 8);
1628 *(opt++) = ND_OPT_REDIRECT_HDR;
1629 *(opt++) = (rd_len >> 3);
1630 opt += 6;
1631
1632 skb_copy_bits(orig_skb, skb_network_offset(orig_skb), opt,
1633 rd_len - 8);
1634 }
1635
ndisc_send_redirect(struct sk_buff * skb,const struct in6_addr * target)1636 void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1637 {
1638 struct net_device *dev = skb->dev;
1639 struct net *net = dev_net(dev);
1640 struct sock *sk = net->ipv6.ndisc_sk;
1641 int optlen = 0;
1642 struct inet_peer *peer;
1643 struct sk_buff *buff;
1644 struct rd_msg *msg;
1645 struct in6_addr saddr_buf;
1646 struct rt6_info *rt;
1647 struct dst_entry *dst;
1648 struct flowi6 fl6;
1649 int rd_len;
1650 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL,
1651 ops_data_buf[NDISC_OPS_REDIRECT_DATA_SPACE], *ops_data = NULL;
1652 bool ret;
1653
1654 if (netif_is_l3_master(skb->dev)) {
1655 dev = __dev_get_by_index(dev_net(skb->dev), IPCB(skb)->iif);
1656 if (!dev)
1657 return;
1658 }
1659
1660 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1661 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1662 dev->name);
1663 return;
1664 }
1665
1666 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1667 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1668 ND_PRINTK(2, warn,
1669 "Redirect: target address is not link-local unicast\n");
1670 return;
1671 }
1672
1673 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1674 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1675
1676 dst = ip6_route_output(net, NULL, &fl6);
1677 if (dst->error) {
1678 dst_release(dst);
1679 return;
1680 }
1681 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1682 if (IS_ERR(dst))
1683 return;
1684
1685 rt = (struct rt6_info *) dst;
1686
1687 if (rt->rt6i_flags & RTF_GATEWAY) {
1688 ND_PRINTK(2, warn,
1689 "Redirect: destination is not a neighbour\n");
1690 goto release;
1691 }
1692 peer = inet_getpeer_v6(net->ipv6.peers, &ipv6_hdr(skb)->saddr, 1);
1693 ret = inet_peer_xrlim_allow(peer, 1*HZ);
1694 if (peer)
1695 inet_putpeer(peer);
1696 if (!ret)
1697 goto release;
1698
1699 if (dev->addr_len) {
1700 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1701 if (!neigh) {
1702 ND_PRINTK(2, warn,
1703 "Redirect: no neigh for target address\n");
1704 goto release;
1705 }
1706
1707 read_lock_bh(&neigh->lock);
1708 if (neigh->nud_state & NUD_VALID) {
1709 memcpy(ha_buf, neigh->ha, dev->addr_len);
1710 read_unlock_bh(&neigh->lock);
1711 ha = ha_buf;
1712 optlen += ndisc_redirect_opt_addr_space(dev, neigh,
1713 ops_data_buf,
1714 &ops_data);
1715 } else
1716 read_unlock_bh(&neigh->lock);
1717
1718 neigh_release(neigh);
1719 }
1720
1721 rd_len = min_t(unsigned int,
1722 IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen,
1723 skb->len + 8);
1724 rd_len &= ~0x7;
1725 optlen += rd_len;
1726
1727 buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
1728 if (!buff)
1729 goto release;
1730
1731 msg = skb_put(buff, sizeof(*msg));
1732 *msg = (struct rd_msg) {
1733 .icmph = {
1734 .icmp6_type = NDISC_REDIRECT,
1735 },
1736 .target = *target,
1737 .dest = ipv6_hdr(skb)->daddr,
1738 };
1739
1740 /*
1741 * include target_address option
1742 */
1743
1744 if (ha)
1745 ndisc_fill_redirect_addr_option(buff, ha, ops_data);
1746
1747 /*
1748 * build redirect option and copy skb over to the new packet.
1749 */
1750
1751 if (rd_len)
1752 ndisc_fill_redirect_hdr_option(buff, skb, rd_len);
1753
1754 skb_dst_set(buff, dst);
1755 ndisc_send_skb(buff, &ipv6_hdr(skb)->saddr, &saddr_buf);
1756 return;
1757
1758 release:
1759 dst_release(dst);
1760 }
1761
pndisc_redo(struct sk_buff * skb)1762 static void pndisc_redo(struct sk_buff *skb)
1763 {
1764 ndisc_recv_ns(skb);
1765 kfree_skb(skb);
1766 }
1767
ndisc_is_multicast(const void * pkey)1768 static int ndisc_is_multicast(const void *pkey)
1769 {
1770 return ipv6_addr_is_multicast((struct in6_addr *)pkey);
1771 }
1772
ndisc_suppress_frag_ndisc(struct sk_buff * skb)1773 static bool ndisc_suppress_frag_ndisc(struct sk_buff *skb)
1774 {
1775 struct inet6_dev *idev = __in6_dev_get(skb->dev);
1776
1777 if (!idev)
1778 return true;
1779 if (IP6CB(skb)->flags & IP6SKB_FRAGMENTED &&
1780 idev->cnf.suppress_frag_ndisc) {
1781 net_warn_ratelimited("Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.\n");
1782 return true;
1783 }
1784 return false;
1785 }
1786
ndisc_rcv(struct sk_buff * skb)1787 int ndisc_rcv(struct sk_buff *skb)
1788 {
1789 struct nd_msg *msg;
1790
1791 if (ndisc_suppress_frag_ndisc(skb))
1792 return 0;
1793
1794 if (skb_linearize(skb))
1795 return 0;
1796
1797 msg = (struct nd_msg *)skb_transport_header(skb);
1798
1799 __skb_push(skb, skb->data - skb_transport_header(skb));
1800
1801 if (ipv6_hdr(skb)->hop_limit != 255) {
1802 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1803 ipv6_hdr(skb)->hop_limit);
1804 return 0;
1805 }
1806
1807 if (msg->icmph.icmp6_code != 0) {
1808 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1809 msg->icmph.icmp6_code);
1810 return 0;
1811 }
1812
1813 switch (msg->icmph.icmp6_type) {
1814 case NDISC_NEIGHBOUR_SOLICITATION:
1815 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1816 ndisc_recv_ns(skb);
1817 break;
1818
1819 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1820 ndisc_recv_na(skb);
1821 break;
1822
1823 case NDISC_ROUTER_SOLICITATION:
1824 ndisc_recv_rs(skb);
1825 break;
1826
1827 case NDISC_ROUTER_ADVERTISEMENT:
1828 ndisc_router_discovery(skb);
1829 break;
1830
1831 case NDISC_REDIRECT:
1832 ndisc_redirect_rcv(skb);
1833 break;
1834 }
1835
1836 return 0;
1837 }
1838
ndisc_netdev_event(struct notifier_block * this,unsigned long event,void * ptr)1839 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1840 {
1841 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1842 struct netdev_notifier_change_info *change_info;
1843 struct net *net = dev_net(dev);
1844 struct inet6_dev *idev;
1845 bool evict_nocarrier;
1846
1847 switch (event) {
1848 case NETDEV_CHANGEADDR:
1849 neigh_changeaddr(&nd_tbl, dev);
1850 fib6_run_gc(0, net, false);
1851 fallthrough;
1852 case NETDEV_UP:
1853 idev = in6_dev_get(dev);
1854 if (!idev)
1855 break;
1856 if (idev->cnf.ndisc_notify ||
1857 net->ipv6.devconf_all->ndisc_notify)
1858 ndisc_send_unsol_na(dev);
1859 in6_dev_put(idev);
1860 break;
1861 case NETDEV_CHANGE:
1862 idev = in6_dev_get(dev);
1863 if (!idev)
1864 evict_nocarrier = true;
1865 else {
1866 evict_nocarrier = idev->cnf.ndisc_evict_nocarrier &&
1867 net->ipv6.devconf_all->ndisc_evict_nocarrier;
1868 in6_dev_put(idev);
1869 }
1870
1871 change_info = ptr;
1872 if (change_info->flags_changed & IFF_NOARP)
1873 neigh_changeaddr(&nd_tbl, dev);
1874 if (evict_nocarrier && !netif_carrier_ok(dev))
1875 neigh_carrier_down(&nd_tbl, dev);
1876 break;
1877 case NETDEV_DOWN:
1878 neigh_ifdown(&nd_tbl, dev);
1879 fib6_run_gc(0, net, false);
1880 break;
1881 case NETDEV_NOTIFY_PEERS:
1882 ndisc_send_unsol_na(dev);
1883 break;
1884 default:
1885 break;
1886 }
1887
1888 return NOTIFY_DONE;
1889 }
1890
1891 static struct notifier_block ndisc_netdev_notifier = {
1892 .notifier_call = ndisc_netdev_event,
1893 .priority = ADDRCONF_NOTIFY_PRIORITY - 5,
1894 };
1895
1896 #ifdef CONFIG_SYSCTL
ndisc_warn_deprecated_sysctl(struct ctl_table * ctl,const char * func,const char * dev_name)1897 static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1898 const char *func, const char *dev_name)
1899 {
1900 static char warncomm[TASK_COMM_LEN];
1901 static int warned;
1902 if (strcmp(warncomm, current->comm) && warned < 5) {
1903 strcpy(warncomm, current->comm);
1904 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1905 warncomm, func,
1906 dev_name, ctl->procname,
1907 dev_name, ctl->procname);
1908 warned++;
1909 }
1910 }
1911
ndisc_ifinfo_sysctl_change(struct ctl_table * ctl,int write,void * buffer,size_t * lenp,loff_t * ppos)1912 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void *buffer,
1913 size_t *lenp, loff_t *ppos)
1914 {
1915 struct net_device *dev = ctl->extra1;
1916 struct inet6_dev *idev;
1917 int ret;
1918
1919 if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1920 (strcmp(ctl->procname, "base_reachable_time") == 0))
1921 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1922
1923 if (strcmp(ctl->procname, "retrans_time") == 0)
1924 ret = neigh_proc_dointvec(ctl, write, buffer, lenp, ppos);
1925
1926 else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1927 ret = neigh_proc_dointvec_jiffies(ctl, write,
1928 buffer, lenp, ppos);
1929
1930 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1931 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1932 ret = neigh_proc_dointvec_ms_jiffies(ctl, write,
1933 buffer, lenp, ppos);
1934 else
1935 ret = -1;
1936
1937 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1938 if (ctl->data == &NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME))
1939 idev->nd_parms->reachable_time =
1940 neigh_rand_reach_time(NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME));
1941 idev->tstamp = jiffies;
1942 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1943 in6_dev_put(idev);
1944 }
1945 return ret;
1946 }
1947
1948
1949 #endif
1950
ndisc_net_init(struct net * net)1951 static int __net_init ndisc_net_init(struct net *net)
1952 {
1953 struct ipv6_pinfo *np;
1954 struct sock *sk;
1955 int err;
1956
1957 err = inet_ctl_sock_create(&sk, PF_INET6,
1958 SOCK_RAW, IPPROTO_ICMPV6, net);
1959 if (err < 0) {
1960 ND_PRINTK(0, err,
1961 "NDISC: Failed to initialize the control socket (err %d)\n",
1962 err);
1963 return err;
1964 }
1965
1966 net->ipv6.ndisc_sk = sk;
1967
1968 np = inet6_sk(sk);
1969 np->hop_limit = 255;
1970 /* Do not loopback ndisc messages */
1971 np->mc_loop = 0;
1972
1973 return 0;
1974 }
1975
ndisc_net_exit(struct net * net)1976 static void __net_exit ndisc_net_exit(struct net *net)
1977 {
1978 inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1979 }
1980
1981 static struct pernet_operations ndisc_net_ops = {
1982 .init = ndisc_net_init,
1983 .exit = ndisc_net_exit,
1984 };
1985
ndisc_init(void)1986 int __init ndisc_init(void)
1987 {
1988 int err;
1989
1990 err = register_pernet_subsys(&ndisc_net_ops);
1991 if (err)
1992 return err;
1993 /*
1994 * Initialize the neighbour table
1995 */
1996 neigh_table_init(NEIGH_ND_TABLE, &nd_tbl);
1997
1998 #ifdef CONFIG_SYSCTL
1999 err = neigh_sysctl_register(NULL, &nd_tbl.parms,
2000 ndisc_ifinfo_sysctl_change);
2001 if (err)
2002 goto out_unregister_pernet;
2003 out:
2004 #endif
2005 return err;
2006
2007 #ifdef CONFIG_SYSCTL
2008 out_unregister_pernet:
2009 unregister_pernet_subsys(&ndisc_net_ops);
2010 goto out;
2011 #endif
2012 }
2013
ndisc_late_init(void)2014 int __init ndisc_late_init(void)
2015 {
2016 return register_netdevice_notifier(&ndisc_netdev_notifier);
2017 }
2018
ndisc_late_cleanup(void)2019 void ndisc_late_cleanup(void)
2020 {
2021 unregister_netdevice_notifier(&ndisc_netdev_notifier);
2022 }
2023
ndisc_cleanup(void)2024 void ndisc_cleanup(void)
2025 {
2026 #ifdef CONFIG_SYSCTL
2027 neigh_sysctl_unregister(&nd_tbl.parms);
2028 #endif
2029 neigh_table_clear(NEIGH_ND_TABLE, &nd_tbl);
2030 unregister_pernet_subsys(&ndisc_net_ops);
2031 }
2032