search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
net: bpf_jit: fix divide by 0 generation
[linux-2.6/linux-acpi-2.6/ibm-acpi-2.6.git] / net / ipv6 / ndisc.c
blob7596f071d3088cd86643ade87203b39eb42c6552
1 /*
2 * Neighbour Discovery for IPv6
3 * Linux INET6 implementation
4 *
5 * Authors:
6 * Pedro Roque <roque@di.fc.ul.pt>
7 * Mike Shaver <shaver@ingenia.com>
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version
12 * 2 of the License, or (at your option) any later version.
13 */
14
15 /*
16 * Changes:
17 *
18 * Pierre Ynard : export userland ND options
19 * through netlink (RDNSS support)
20 * Lars Fenneberg : fixed MTU setting on receipt
21 * of an RA.
22 * Janos Farkas : kmalloc failure checks
23 * Alexey Kuznetsov : state machine reworked
24 * and moved to net/core.
25 * Pekka Savola : RFC2461 validation
26 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly
27 */
28
29 /* Set to 3 to get tracing... */
30 #define ND_DEBUG 1
31
32 #define ND_PRINTK(fmt, args...) do { if (net_ratelimit()) { printk(fmt, ## args); } } while(0)
33 #define ND_NOPRINTK(x...) do { ; } while(0)
34 #define ND_PRINTK0 ND_PRINTK
35 #define ND_PRINTK1 ND_NOPRINTK
36 #define ND_PRINTK2 ND_NOPRINTK
37 #define ND_PRINTK3 ND_NOPRINTK
38 #if ND_DEBUG >= 1
39 #undef ND_PRINTK1
40 #define ND_PRINTK1 ND_PRINTK
41 #endif
42 #if ND_DEBUG >= 2
43 #undef ND_PRINTK2
44 #define ND_PRINTK2 ND_PRINTK
45 #endif
46 #if ND_DEBUG >= 3
47 #undef ND_PRINTK3
48 #define ND_PRINTK3 ND_PRINTK
49 #endif
50
51 #include <linux/module.h>
52 #include <linux/errno.h>
53 #include <linux/types.h>
54 #include <linux/socket.h>
55 #include <linux/sockios.h>
56 #include <linux/sched.h>
57 #include <linux/net.h>
58 #include <linux/in6.h>
59 #include <linux/route.h>
60 #include <linux/init.h>
61 #include <linux/rcupdate.h>
62 #include <linux/slab.h>
63 #ifdef CONFIG_SYSCTL
64 #include <linux/sysctl.h>
65 #endif
66
67 #include <linux/if_addr.h>
68 #include <linux/if_arp.h>
69 #include <linux/ipv6.h>
70 #include <linux/icmpv6.h>
71 #include <linux/jhash.h>
72
73 #include <net/sock.h>
74 #include <net/snmp.h>
75
76 #include <net/ipv6.h>
77 #include <net/protocol.h>
78 #include <net/ndisc.h>
79 #include <net/ip6_route.h>
80 #include <net/addrconf.h>
81 #include <net/icmp.h>
82
83 #include <net/netlink.h>
84 #include <linux/rtnetlink.h>
85
86 #include <net/flow.h>
87 #include <net/ip6_checksum.h>
88 #include <net/inet_common.h>
89 #include <linux/proc_fs.h>
90
91 #include <linux/netfilter.h>
92 #include <linux/netfilter_ipv6.h>
93
94 static u32 ndisc_hash(const void *pkey,
95 const struct net_device *dev,
96 __u32 rnd);
97 static int ndisc_constructor(struct neighbour *neigh);
98 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
99 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
100 static int pndisc_constructor(struct pneigh_entry *n);
101 static void pndisc_destructor(struct pneigh_entry *n);
102 static void pndisc_redo(struct sk_buff *skb);
103
104 static const struct neigh_ops ndisc_generic_ops = {
105 .family = AF_INET6,
106 .solicit = ndisc_solicit,
107 .error_report = ndisc_error_report,
108 .output = neigh_resolve_output,
109 .connected_output = neigh_connected_output,
110 .hh_output = dev_queue_xmit,
111 .queue_xmit = dev_queue_xmit,
112 };
113
114 static const struct neigh_ops ndisc_hh_ops = {
115 .family = AF_INET6,
116 .solicit = ndisc_solicit,
117 .error_report = ndisc_error_report,
118 .output = neigh_resolve_output,
119 .connected_output = neigh_resolve_output,
120 .hh_output = dev_queue_xmit,
121 .queue_xmit = dev_queue_xmit,
122 };
123
124
125 static const struct neigh_ops ndisc_direct_ops = {
126 .family = AF_INET6,
127 .output = dev_queue_xmit,
128 .connected_output = dev_queue_xmit,
129 .hh_output = dev_queue_xmit,
130 .queue_xmit = dev_queue_xmit,
131 };
132
133 struct neigh_table nd_tbl = {
134 .family = AF_INET6,
135 .entry_size = sizeof(struct neighbour) + sizeof(struct in6_addr),
136 .key_len = sizeof(struct in6_addr),
137 .hash = ndisc_hash,
138 .constructor = ndisc_constructor,
139 .pconstructor = pndisc_constructor,
140 .pdestructor = pndisc_destructor,
141 .proxy_redo = pndisc_redo,
142 .id = "ndisc_cache",
143 .parms = {
144 .tbl = &nd_tbl,
145 .base_reachable_time = ND_REACHABLE_TIME,
146 .retrans_time = ND_RETRANS_TIMER,
147 .gc_staletime = 60 * HZ,
148 .reachable_time = ND_REACHABLE_TIME,
149 .delay_probe_time = 5 * HZ,
150 .queue_len = 3,
151 .ucast_probes = 3,
152 .mcast_probes = 3,
153 .anycast_delay = 1 * HZ,
154 .proxy_delay = (8 * HZ) / 10,
155 .proxy_qlen = 64,
156 },
157 .gc_interval = 30 * HZ,
158 .gc_thresh1 = 128,
159 .gc_thresh2 = 512,
160 .gc_thresh3 = 1024,
161 };
162
163 /* ND options */
164 struct ndisc_options {
165 struct nd_opt_hdr *nd_opt_array[__ND_OPT_ARRAY_MAX];
166 #ifdef CONFIG_IPV6_ROUTE_INFO
167 struct nd_opt_hdr *nd_opts_ri;
168 struct nd_opt_hdr *nd_opts_ri_end;
169 #endif
170 struct nd_opt_hdr *nd_useropts;
171 struct nd_opt_hdr *nd_useropts_end;
172 };
173
174 #define nd_opts_src_lladdr nd_opt_array[ND_OPT_SOURCE_LL_ADDR]
175 #define nd_opts_tgt_lladdr nd_opt_array[ND_OPT_TARGET_LL_ADDR]
176 #define nd_opts_pi nd_opt_array[ND_OPT_PREFIX_INFO]
177 #define nd_opts_pi_end nd_opt_array[__ND_OPT_PREFIX_INFO_END]
178 #define nd_opts_rh nd_opt_array[ND_OPT_REDIRECT_HDR]
179 #define nd_opts_mtu nd_opt_array[ND_OPT_MTU]
180
181 #define NDISC_OPT_SPACE(len) (((len)+2+7)&~7)
182
183 /*
184 * Return the padding between the option length and the start of the
185 * link addr. Currently only IP-over-InfiniBand needs this, although
186 * if RFC 3831 IPv6-over-Fibre Channel is ever implemented it may
187 * also need a pad of 2.
188 */
189 static int ndisc_addr_option_pad(unsigned short type)
190 {
191 switch (type) {
192 case ARPHRD_INFINIBAND: return 2;
193 default: return 0;
194 }
195 }
196
197 static inline int ndisc_opt_addr_space(struct net_device *dev)
198 {
199 return NDISC_OPT_SPACE(dev->addr_len + ndisc_addr_option_pad(dev->type));
200 }
201
202 static u8 *ndisc_fill_addr_option(u8 *opt, int type, void *data, int data_len,
203 unsigned short addr_type)
204 {
205 int space = NDISC_OPT_SPACE(data_len);
206 int pad = ndisc_addr_option_pad(addr_type);
207
208 opt[0] = type;
209 opt[1] = space>>3;
210
211 memset(opt + 2, 0, pad);
212 opt += pad;
213 space -= pad;
214
215 memcpy(opt+2, data, data_len);
216 data_len += 2;
217 opt += data_len;
218 if ((space -= data_len) > 0)
219 memset(opt, 0, space);
220 return opt + space;
221 }
222
223 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
224 struct nd_opt_hdr *end)
225 {
226 int type;
227 if (!cur || !end || cur >= end)
228 return NULL;
229 type = cur->nd_opt_type;
230 do {
231 cur = ((void *)cur) + (cur->nd_opt_len << 3);
232 } while(cur < end && cur->nd_opt_type != type);
233 return cur <= end && cur->nd_opt_type == type ? cur : NULL;
234 }
235
236 static inline int ndisc_is_useropt(struct nd_opt_hdr *opt)
237 {
238 return opt->nd_opt_type == ND_OPT_RDNSS;
239 }
240
241 static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur,
242 struct nd_opt_hdr *end)
243 {
244 if (!cur || !end || cur >= end)
245 return NULL;
246 do {
247 cur = ((void *)cur) + (cur->nd_opt_len << 3);
248 } while(cur < end && !ndisc_is_useropt(cur));
249 return cur <= end && ndisc_is_useropt(cur) ? cur : NULL;
250 }
251
252 static struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
253 struct ndisc_options *ndopts)
254 {
255 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
256
257 if (!nd_opt || opt_len < 0 || !ndopts)
258 return NULL;
259 memset(ndopts, 0, sizeof(*ndopts));
260 while (opt_len) {
261 int l;
262 if (opt_len < sizeof(struct nd_opt_hdr))
263 return NULL;
264 l = nd_opt->nd_opt_len << 3;
265 if (opt_len < l || l == 0)
266 return NULL;
267 switch (nd_opt->nd_opt_type) {
268 case ND_OPT_SOURCE_LL_ADDR:
269 case ND_OPT_TARGET_LL_ADDR:
270 case ND_OPT_MTU:
271 case ND_OPT_REDIRECT_HDR:
272 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
273 ND_PRINTK2(KERN_WARNING
274 "%s(): duplicated ND6 option found: type=%d\n",
275 __func__,
276 nd_opt->nd_opt_type);
277 } else {
278 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
279 }
280 break;
281 case ND_OPT_PREFIX_INFO:
282 ndopts->nd_opts_pi_end = nd_opt;
283 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
284 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
285 break;
286 #ifdef CONFIG_IPV6_ROUTE_INFO
287 case ND_OPT_ROUTE_INFO:
288 ndopts->nd_opts_ri_end = nd_opt;
289 if (!ndopts->nd_opts_ri)
290 ndopts->nd_opts_ri = nd_opt;
291 break;
292 #endif
293 default:
294 if (ndisc_is_useropt(nd_opt)) {
295 ndopts->nd_useropts_end = nd_opt;
296 if (!ndopts->nd_useropts)
297 ndopts->nd_useropts = nd_opt;
298 } else {
299 /*
300 * Unknown options must be silently ignored,
301 * to accommodate future extension to the
302 * protocol.
303 */
304 ND_PRINTK2(KERN_NOTICE
305 "%s(): ignored unsupported option; type=%d, len=%d\n",
306 __func__,
307 nd_opt->nd_opt_type, nd_opt->nd_opt_len);
308 }
309 }
310 opt_len -= l;
311 nd_opt = ((void *)nd_opt) + l;
312 }
313 return ndopts;
314 }
315
316 static inline u8 *ndisc_opt_addr_data(struct nd_opt_hdr *p,
317 struct net_device *dev)
318 {
319 u8 *lladdr = (u8 *)(p + 1);
320 int lladdrlen = p->nd_opt_len << 3;
321 int prepad = ndisc_addr_option_pad(dev->type);
322 if (lladdrlen != NDISC_OPT_SPACE(dev->addr_len + prepad))
323 return NULL;
324 return lladdr + prepad;
325 }
326
327 int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
328 {
329 switch (dev->type) {
330 case ARPHRD_ETHER:
331 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */
332 case ARPHRD_FDDI:
333 ipv6_eth_mc_map(addr, buf);
334 return 0;
335 case ARPHRD_IEEE802_TR:
336 ipv6_tr_mc_map(addr,buf);
337 return 0;
338 case ARPHRD_ARCNET:
339 ipv6_arcnet_mc_map(addr, buf);
340 return 0;
341 case ARPHRD_INFINIBAND:
342 ipv6_ib_mc_map(addr, dev->broadcast, buf);
343 return 0;
344 case ARPHRD_IPGRE:
345 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
346 default:
347 if (dir) {
348 memcpy(buf, dev->broadcast, dev->addr_len);
349 return 0;
350 }
351 }
352 return -EINVAL;
353 }
354
355 EXPORT_SYMBOL(ndisc_mc_map);
356
357 static u32 ndisc_hash(const void *pkey,
358 const struct net_device *dev,
359 __u32 hash_rnd)
360 {
361 const u32 *p32 = pkey;
362 u32 addr_hash, i;
363
364 addr_hash = 0;
365 for (i = 0; i < (sizeof(struct in6_addr) / sizeof(u32)); i++)
366 addr_hash ^= *p32++;
367
368 return jhash_2words(addr_hash, dev->ifindex, hash_rnd);
369 }
370
371 static int ndisc_constructor(struct neighbour *neigh)
372 {
373 struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key;
374 struct net_device *dev = neigh->dev;
375 struct inet6_dev *in6_dev;
376 struct neigh_parms *parms;
377 int is_multicast = ipv6_addr_is_multicast(addr);
378
379 rcu_read_lock();
380 in6_dev = in6_dev_get(dev);
381 if (in6_dev == NULL) {
382 rcu_read_unlock();
383 return -EINVAL;
384 }
385
386 parms = in6_dev->nd_parms;
387 __neigh_parms_put(neigh->parms);
388 neigh->parms = neigh_parms_clone(parms);
389 rcu_read_unlock();
390
391 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
392 if (!dev->header_ops) {
393 neigh->nud_state = NUD_NOARP;
394 neigh->ops = &ndisc_direct_ops;
395 neigh->output = neigh->ops->queue_xmit;
396 } else {
397 if (is_multicast) {
398 neigh->nud_state = NUD_NOARP;
399 ndisc_mc_map(addr, neigh->ha, dev, 1);
400 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
401 neigh->nud_state = NUD_NOARP;
402 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
403 if (dev->flags&IFF_LOOPBACK)
404 neigh->type = RTN_LOCAL;
405 } else if (dev->flags&IFF_POINTOPOINT) {
406 neigh->nud_state = NUD_NOARP;
407 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
408 }
409 if (dev->header_ops->cache)
410 neigh->ops = &ndisc_hh_ops;
411 else
412 neigh->ops = &ndisc_generic_ops;
413 if (neigh->nud_state&NUD_VALID)
414 neigh->output = neigh->ops->connected_output;
415 else
416 neigh->output = neigh->ops->output;
417 }
418 in6_dev_put(in6_dev);
419 return 0;
420 }
421
422 static int pndisc_constructor(struct pneigh_entry *n)
423 {
424 struct in6_addr *addr = (struct in6_addr*)&n->key;
425 struct in6_addr maddr;
426 struct net_device *dev = n->dev;
427
428 if (dev == NULL || __in6_dev_get(dev) == NULL)
429 return -EINVAL;
430 addrconf_addr_solict_mult(addr, &maddr);
431 ipv6_dev_mc_inc(dev, &maddr);
432 return 0;
433 }
434
435 static void pndisc_destructor(struct pneigh_entry *n)
436 {
437 struct in6_addr *addr = (struct in6_addr*)&n->key;
438 struct in6_addr maddr;
439 struct net_device *dev = n->dev;
440
441 if (dev == NULL || __in6_dev_get(dev) == NULL)
442 return;
443 addrconf_addr_solict_mult(addr, &maddr);
444 ipv6_dev_mc_dec(dev, &maddr);
445 }
446
447 struct sk_buff *ndisc_build_skb(struct net_device *dev,
448 const struct in6_addr *daddr,
449 const struct in6_addr *saddr,
450 struct icmp6hdr *icmp6h,
451 const struct in6_addr *target,
452 int llinfo)
453 {
454 struct net *net = dev_net(dev);
455 struct sock *sk = net->ipv6.ndisc_sk;
456 struct sk_buff *skb;
457 struct icmp6hdr *hdr;
458 int len;
459 int err;
460 u8 *opt;
461
462 if (!dev->addr_len)
463 llinfo = 0;
464
465 len = sizeof(struct icmp6hdr) + (target ? sizeof(*target) : 0);
466 if (llinfo)
467 len += ndisc_opt_addr_space(dev);
468
469 skb = sock_alloc_send_skb(sk,
470 (MAX_HEADER + sizeof(struct ipv6hdr) +
471 len + LL_ALLOCATED_SPACE(dev)),
472 1, &err);
473 if (!skb) {
474 ND_PRINTK0(KERN_ERR
475 "ICMPv6 ND: %s() failed to allocate an skb, err=%d.\n",
476 __func__, err);
477 return NULL;
478 }
479
480 skb_reserve(skb, LL_RESERVED_SPACE(dev));
481 ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len);
482
483 skb->transport_header = skb->tail;
484 skb_put(skb, len);
485
486 hdr = (struct icmp6hdr *)skb_transport_header(skb);
487 memcpy(hdr, icmp6h, sizeof(*hdr));
488
489 opt = skb_transport_header(skb) + sizeof(struct icmp6hdr);
490 if (target) {
491 ipv6_addr_copy((struct in6_addr *)opt, target);
492 opt += sizeof(*target);
493 }
494
495 if (llinfo)
496 ndisc_fill_addr_option(opt, llinfo, dev->dev_addr,
497 dev->addr_len, dev->type);
498
499 hdr->icmp6_cksum = csum_ipv6_magic(saddr, daddr, len,
500 IPPROTO_ICMPV6,
501 csum_partial(hdr,
502 len, 0));
503
504 return skb;
505 }
506
507 EXPORT_SYMBOL(ndisc_build_skb);
508
509 void ndisc_send_skb(struct sk_buff *skb,
510 struct net_device *dev,
511 struct neighbour *neigh,
512 const struct in6_addr *daddr,
513 const struct in6_addr *saddr,
514 struct icmp6hdr *icmp6h)
515 {
516 struct flowi6 fl6;
517 struct dst_entry *dst;
518 struct net *net = dev_net(dev);
519 struct sock *sk = net->ipv6.ndisc_sk;
520 struct inet6_dev *idev;
521 int err;
522 u8 type;
523
524 type = icmp6h->icmp6_type;
525
526 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, dev->ifindex);
527
528 dst = icmp6_dst_alloc(dev, neigh, daddr);
529 if (!dst) {
530 kfree_skb(skb);
531 return;
532 }
533
534 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
535 if (IS_ERR(dst)) {
536 kfree_skb(skb);
537 return;
538 }
539
540 skb_dst_set(skb, dst);
541
542 idev = in6_dev_get(dst->dev);
543 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
544
545 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev,
546 dst_output);
547 if (!err) {
548 ICMP6MSGOUT_INC_STATS(net, idev, type);
549 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
550 }
551
552 if (likely(idev != NULL))
553 in6_dev_put(idev);
554 }
555
556 EXPORT_SYMBOL(ndisc_send_skb);
557
558 /*
559 * Send a Neighbour Discover packet
560 */
561 static void __ndisc_send(struct net_device *dev,
562 struct neighbour *neigh,
563 const struct in6_addr *daddr,
564 const struct in6_addr *saddr,
565 struct icmp6hdr *icmp6h, const struct in6_addr *target,
566 int llinfo)
567 {
568 struct sk_buff *skb;
569
570 skb = ndisc_build_skb(dev, daddr, saddr, icmp6h, target, llinfo);
571 if (!skb)
572 return;
573
574 ndisc_send_skb(skb, dev, neigh, daddr, saddr, icmp6h);
575 }
576
577 static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
578 const struct in6_addr *daddr,
579 const struct in6_addr *solicited_addr,
580 int router, int solicited, int override, int inc_opt)
581 {
582 struct in6_addr tmpaddr;
583 struct inet6_ifaddr *ifp;
584 const struct in6_addr *src_addr;
585 struct icmp6hdr icmp6h = {
586 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
587 };
588
589 /* for anycast or proxy, solicited_addr != src_addr */
590 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
591 if (ifp) {
592 src_addr = solicited_addr;
593 if (ifp->flags & IFA_F_OPTIMISTIC)
594 override = 0;
595 inc_opt |= ifp->idev->cnf.force_tllao;
596 in6_ifa_put(ifp);
597 } else {
598 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
599 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
600 &tmpaddr))
601 return;
602 src_addr = &tmpaddr;
603 }
604
605 icmp6h.icmp6_router = router;
606 icmp6h.icmp6_solicited = solicited;
607 icmp6h.icmp6_override = override;
608
609 __ndisc_send(dev, neigh, daddr, src_addr,
610 &icmp6h, solicited_addr,
611 inc_opt ? ND_OPT_TARGET_LL_ADDR : 0);
612 }
613
614 static void ndisc_send_unsol_na(struct net_device *dev)
615 {
616 struct inet6_dev *idev;
617 struct inet6_ifaddr *ifa;
618 struct in6_addr mcaddr;
619
620 idev = in6_dev_get(dev);
621 if (!idev)
622 return;
623
624 read_lock_bh(&idev->lock);
625 list_for_each_entry(ifa, &idev->addr_list, if_list) {
626 addrconf_addr_solict_mult(&ifa->addr, &mcaddr);
627 ndisc_send_na(dev, NULL, &mcaddr, &ifa->addr,
628 /*router=*/ !!idev->cnf.forwarding,
629 /*solicited=*/ false, /*override=*/ true,
630 /*inc_opt=*/ true);
631 }
632 read_unlock_bh(&idev->lock);
633
634 in6_dev_put(idev);
635 }
636
637 void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh,
638 const struct in6_addr *solicit,
639 const struct in6_addr *daddr, const struct in6_addr *saddr)
640 {
641 struct in6_addr addr_buf;
642 struct icmp6hdr icmp6h = {
643 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
644 };
645
646 if (saddr == NULL) {
647 if (ipv6_get_lladdr(dev, &addr_buf,
648 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
649 return;
650 saddr = &addr_buf;
651 }
652
653 __ndisc_send(dev, neigh, daddr, saddr,
654 &icmp6h, solicit,
655 !ipv6_addr_any(saddr) ? ND_OPT_SOURCE_LL_ADDR : 0);
656 }
657
658 void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
659 const struct in6_addr *daddr)
660 {
661 struct icmp6hdr icmp6h = {
662 .icmp6_type = NDISC_ROUTER_SOLICITATION,
663 };
664 int send_sllao = dev->addr_len;
665
666 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
667 /*
668 * According to section 2.2 of RFC 4429, we must not
669 * send router solicitations with a sllao from
670 * optimistic addresses, but we may send the solicitation
671 * if we don't include the sllao. So here we check
672 * if our address is optimistic, and if so, we
673 * suppress the inclusion of the sllao.
674 */
675 if (send_sllao) {
676 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
677 dev, 1);
678 if (ifp) {
679 if (ifp->flags & IFA_F_OPTIMISTIC) {
680 send_sllao = 0;
681 }
682 in6_ifa_put(ifp);
683 } else {
684 send_sllao = 0;
685 }
686 }
687 #endif
688 __ndisc_send(dev, NULL, daddr, saddr,
689 &icmp6h, NULL,
690 send_sllao ? ND_OPT_SOURCE_LL_ADDR : 0);
691 }
692
693
694 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
695 {
696 /*
697 * "The sender MUST return an ICMP
698 * destination unreachable"
699 */
700 dst_link_failure(skb);
701 kfree_skb(skb);
702 }
703
704 /* Called with locked neigh: either read or both */
705
706 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
707 {
708 struct in6_addr *saddr = NULL;
709 struct in6_addr mcaddr;
710 struct net_device *dev = neigh->dev;
711 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
712 int probes = atomic_read(&neigh->probes);
713
714 if (skb && ipv6_chk_addr(dev_net(dev), &ipv6_hdr(skb)->saddr, dev, 1))
715 saddr = &ipv6_hdr(skb)->saddr;
716
717 if ((probes -= neigh->parms->ucast_probes) < 0) {
718 if (!(neigh->nud_state & NUD_VALID)) {
719 ND_PRINTK1(KERN_DEBUG "%s(): trying to ucast probe in NUD_INVALID: %pI6\n",
720 __func__, target);
721 }
722 ndisc_send_ns(dev, neigh, target, target, saddr);
723 } else if ((probes -= neigh->parms->app_probes) < 0) {
724 #ifdef CONFIG_ARPD
725 neigh_app_ns(neigh);
726 #endif
727 } else {
728 addrconf_addr_solict_mult(target, &mcaddr);
729 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr);
730 }
731 }
732
733 static int pndisc_is_router(const void *pkey,
734 struct net_device *dev)
735 {
736 struct pneigh_entry *n;
737 int ret = -1;
738
739 read_lock_bh(&nd_tbl.lock);
740 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
741 if (n)
742 ret = !!(n->flags & NTF_ROUTER);
743 read_unlock_bh(&nd_tbl.lock);
744
745 return ret;
746 }
747
748 static void ndisc_recv_ns(struct sk_buff *skb)
749 {
750 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
751 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
752 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
753 u8 *lladdr = NULL;
754 u32 ndoptlen = skb->tail - (skb->transport_header +
755 offsetof(struct nd_msg, opt));
756 struct ndisc_options ndopts;
757 struct net_device *dev = skb->dev;
758 struct inet6_ifaddr *ifp;
759 struct inet6_dev *idev = NULL;
760 struct neighbour *neigh;
761 int dad = ipv6_addr_any(saddr);
762 int inc;
763 int is_router = -1;
764
765 if (ipv6_addr_is_multicast(&msg->target)) {
766 ND_PRINTK2(KERN_WARNING
767 "ICMPv6 NS: multicast target address");
768 return;
769 }
770
771 /*
772 * RFC2461 7.1.1:
773 * DAD has to be destined for solicited node multicast address.
774 */
775 if (dad &&
776 !(daddr->s6_addr32[0] == htonl(0xff020000) &&
777 daddr->s6_addr32[1] == htonl(0x00000000) &&
778 daddr->s6_addr32[2] == htonl(0x00000001) &&
779 daddr->s6_addr [12] == 0xff )) {
780 ND_PRINTK2(KERN_WARNING
781 "ICMPv6 NS: bad DAD packet (wrong destination)\n");
782 return;
783 }
784
785 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
786 ND_PRINTK2(KERN_WARNING
787 "ICMPv6 NS: invalid ND options\n");
788 return;
789 }
790
791 if (ndopts.nd_opts_src_lladdr) {
792 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
793 if (!lladdr) {
794 ND_PRINTK2(KERN_WARNING
795 "ICMPv6 NS: invalid link-layer address length\n");
796 return;
797 }
798
799 /* RFC2461 7.1.1:
800 * If the IP source address is the unspecified address,
801 * there MUST NOT be source link-layer address option
802 * in the message.
803 */
804 if (dad) {
805 ND_PRINTK2(KERN_WARNING
806 "ICMPv6 NS: bad DAD packet (link-layer address option)\n");
807 return;
808 }
809 }
810
811 inc = ipv6_addr_is_multicast(daddr);
812
813 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
814 if (ifp) {
815
816 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
817 if (dad) {
818 if (dev->type == ARPHRD_IEEE802_TR) {
819 const unsigned char *sadr;
820 sadr = skb_mac_header(skb);
821 if (((sadr[8] ^ dev->dev_addr[0]) & 0x7f) == 0 &&
822 sadr[9] == dev->dev_addr[1] &&
823 sadr[10] == dev->dev_addr[2] &&
824 sadr[11] == dev->dev_addr[3] &&
825 sadr[12] == dev->dev_addr[4] &&
826 sadr[13] == dev->dev_addr[5]) {
827 /* looped-back to us */
828 goto out;
829 }
830 }
831
832 /*
833 * We are colliding with another node
834 * who is doing DAD
835 * so fail our DAD process
836 */
837 addrconf_dad_failure(ifp);
838 return;
839 } else {
840 /*
841 * This is not a dad solicitation.
842 * If we are an optimistic node,
843 * we should respond.
844 * Otherwise, we should ignore it.
845 */
846 if (!(ifp->flags & IFA_F_OPTIMISTIC))
847 goto out;
848 }
849 }
850
851 idev = ifp->idev;
852 } else {
853 struct net *net = dev_net(dev);
854
855 idev = in6_dev_get(dev);
856 if (!idev) {
857 /* XXX: count this drop? */
858 return;
859 }
860
861 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
862 (idev->cnf.forwarding &&
863 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
864 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
865 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
866 skb->pkt_type != PACKET_HOST &&
867 inc != 0 &&
868 idev->nd_parms->proxy_delay != 0) {
869 /*
870 * for anycast or proxy,
871 * sender should delay its response
872 * by a random time between 0 and
873 * MAX_ANYCAST_DELAY_TIME seconds.
874 * (RFC2461) -- yoshfuji
875 */
876 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
877 if (n)
878 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
879 goto out;
880 }
881 } else
882 goto out;
883 }
884
885 if (is_router < 0)
886 is_router = !!idev->cnf.forwarding;
887
888 if (dad) {
889 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &msg->target,
890 is_router, 0, (ifp != NULL), 1);
891 goto out;
892 }
893
894 if (inc)
895 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
896 else
897 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
898
899 /*
900 * update / create cache entry
901 * for the source address
902 */
903 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
904 !inc || lladdr || !dev->addr_len);
905 if (neigh)
906 neigh_update(neigh, lladdr, NUD_STALE,
907 NEIGH_UPDATE_F_WEAK_OVERRIDE|
908 NEIGH_UPDATE_F_OVERRIDE);
909 if (neigh || !dev->header_ops) {
910 ndisc_send_na(dev, neigh, saddr, &msg->target,
911 is_router,
912 1, (ifp != NULL && inc), inc);
913 if (neigh)
914 neigh_release(neigh);
915 }
916
917 out:
918 if (ifp)
919 in6_ifa_put(ifp);
920 else
921 in6_dev_put(idev);
922 }
923
924 static void ndisc_recv_na(struct sk_buff *skb)
925 {
926 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
927 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
928 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
929 u8 *lladdr = NULL;
930 u32 ndoptlen = skb->tail - (skb->transport_header +
931 offsetof(struct nd_msg, opt));
932 struct ndisc_options ndopts;
933 struct net_device *dev = skb->dev;
934 struct inet6_ifaddr *ifp;
935 struct neighbour *neigh;
936
937 if (skb->len < sizeof(struct nd_msg)) {
938 ND_PRINTK2(KERN_WARNING
939 "ICMPv6 NA: packet too short\n");
940 return;
941 }
942
943 if (ipv6_addr_is_multicast(&msg->target)) {
944 ND_PRINTK2(KERN_WARNING
945 "ICMPv6 NA: target address is multicast.\n");
946 return;
947 }
948
949 if (ipv6_addr_is_multicast(daddr) &&
950 msg->icmph.icmp6_solicited) {
951 ND_PRINTK2(KERN_WARNING
952 "ICMPv6 NA: solicited NA is multicasted.\n");
953 return;
954 }
955
956 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
957 ND_PRINTK2(KERN_WARNING
958 "ICMPv6 NS: invalid ND option\n");
959 return;
960 }
961 if (ndopts.nd_opts_tgt_lladdr) {
962 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
963 if (!lladdr) {
964 ND_PRINTK2(KERN_WARNING
965 "ICMPv6 NA: invalid link-layer address length\n");
966 return;
967 }
968 }
969 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
970 if (ifp) {
971 if (skb->pkt_type != PACKET_LOOPBACK
972 && (ifp->flags & IFA_F_TENTATIVE)) {
973 addrconf_dad_failure(ifp);
974 return;
975 }
976 /* What should we make now? The advertisement
977 is invalid, but ndisc specs say nothing
978 about it. It could be misconfiguration, or
979 an smart proxy agent tries to help us :-)
980
981 We should not print the error if NA has been
982 received from loopback - it is just our own
983 unsolicited advertisement.
984 */
985 if (skb->pkt_type != PACKET_LOOPBACK)
986 ND_PRINTK1(KERN_WARNING
987 "ICMPv6 NA: someone advertises our address %pI6 on %s!\n",
988 &ifp->addr, ifp->idev->dev->name);
989 in6_ifa_put(ifp);
990 return;
991 }
992 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
993
994 if (neigh) {
995 u8 old_flags = neigh->flags;
996 struct net *net = dev_net(dev);
997
998 if (neigh->nud_state & NUD_FAILED)
999 goto out;
1000
1001 /*
1002 * Don't update the neighbor cache entry on a proxy NA from
1003 * ourselves because either the proxied node is off link or it
1004 * has already sent a NA to us.
1005 */
1006 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
1007 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
1008 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
1009 /* XXX: idev->cnf.prixy_ndp */
1010 goto out;
1011 }
1012
1013 neigh_update(neigh, lladdr,
1014 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
1015 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1016 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
1017 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1018 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0));
1019
1020 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
1021 /*
1022 * Change: router to host
1023 */
1024 struct rt6_info *rt;
1025 rt = rt6_get_dflt_router(saddr, dev);
1026 if (rt)
1027 ip6_del_rt(rt);
1028 }
1029
1030 out:
1031 neigh_release(neigh);
1032 }
1033 }
1034
1035 static void ndisc_recv_rs(struct sk_buff *skb)
1036 {
1037 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
1038 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
1039 struct neighbour *neigh;
1040 struct inet6_dev *idev;
1041 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
1042 struct ndisc_options ndopts;
1043 u8 *lladdr = NULL;
1044
1045 if (skb->len < sizeof(*rs_msg))
1046 return;
1047
1048 idev = in6_dev_get(skb->dev);
1049 if (!idev) {
1050 if (net_ratelimit())
1051 ND_PRINTK1("ICMP6 RS: can't find in6 device\n");
1052 return;
1053 }
1054
1055 /* Don't accept RS if we're not in router mode */
1056 if (!idev->cnf.forwarding)
1057 goto out;
1058
1059 /*
1060 * Don't update NCE if src = ::;
1061 * this implies that the source node has no ip address assigned yet.
1062 */
1063 if (ipv6_addr_any(saddr))
1064 goto out;
1065
1066 /* Parse ND options */
1067 if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) {
1068 if (net_ratelimit())
1069 ND_PRINTK2("ICMP6 NS: invalid ND option, ignored\n");
1070 goto out;
1071 }
1072
1073 if (ndopts.nd_opts_src_lladdr) {
1074 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1075 skb->dev);
1076 if (!lladdr)
1077 goto out;
1078 }
1079
1080 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1081 if (neigh) {
1082 neigh_update(neigh, lladdr, NUD_STALE,
1083 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1084 NEIGH_UPDATE_F_OVERRIDE|
1085 NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
1086 neigh_release(neigh);
1087 }
1088 out:
1089 in6_dev_put(idev);
1090 }
1091
1092 static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1093 {
1094 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1095 struct sk_buff *skb;
1096 struct nlmsghdr *nlh;
1097 struct nduseroptmsg *ndmsg;
1098 struct net *net = dev_net(ra->dev);
1099 int err;
1100 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1101 + (opt->nd_opt_len << 3));
1102 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1103
1104 skb = nlmsg_new(msg_size, GFP_ATOMIC);
1105 if (skb == NULL) {
1106 err = -ENOBUFS;
1107 goto errout;
1108 }
1109
1110 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1111 if (nlh == NULL) {
1112 goto nla_put_failure;
1113 }
1114
1115 ndmsg = nlmsg_data(nlh);
1116 ndmsg->nduseropt_family = AF_INET6;
1117 ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1118 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1119 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1120 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1121
1122 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1123
1124 NLA_PUT(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr),
1125 &ipv6_hdr(ra)->saddr);
1126 nlmsg_end(skb, nlh);
1127
1128 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1129 return;
1130
1131 nla_put_failure:
1132 nlmsg_free(skb);
1133 err = -EMSGSIZE;
1134 errout:
1135 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1136 }
1137
1138 static inline int accept_ra(struct inet6_dev *in6_dev)
1139 {
1140 /*
1141 * If forwarding is enabled, RA are not accepted unless the special
1142 * hybrid mode (accept_ra=2) is enabled.
1143 */
1144 if (in6_dev->cnf.forwarding && in6_dev->cnf.accept_ra < 2)
1145 return 0;
1146
1147 return in6_dev->cnf.accept_ra;
1148 }
1149
1150 static void ndisc_router_discovery(struct sk_buff *skb)
1151 {
1152 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1153 struct neighbour *neigh = NULL;
1154 struct inet6_dev *in6_dev;
1155 struct rt6_info *rt = NULL;
1156 int lifetime;
1157 struct ndisc_options ndopts;
1158 int optlen;
1159 unsigned int pref = 0;
1160
1161 __u8 * opt = (__u8 *)(ra_msg + 1);
1162
1163 optlen = (skb->tail - skb->transport_header) - sizeof(struct ra_msg);
1164
1165 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1166 ND_PRINTK2(KERN_WARNING
1167 "ICMPv6 RA: source address is not link-local.\n");
1168 return;
1169 }
1170 if (optlen < 0) {
1171 ND_PRINTK2(KERN_WARNING
1172 "ICMPv6 RA: packet too short\n");
1173 return;
1174 }
1175
1176 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1177 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1178 ND_PRINTK2(KERN_WARNING
1179 "ICMPv6 RA: from host or unauthorized router\n");
1180 return;
1181 }
1182 #endif
1183
1184 /*
1185 * set the RA_RECV flag in the interface
1186 */
1187
1188 in6_dev = in6_dev_get(skb->dev);
1189 if (in6_dev == NULL) {
1190 ND_PRINTK0(KERN_ERR
1191 "ICMPv6 RA: can't find inet6 device for %s.\n",
1192 skb->dev->name);
1193 return;
1194 }
1195
1196 if (!ndisc_parse_options(opt, optlen, &ndopts)) {
1197 in6_dev_put(in6_dev);
1198 ND_PRINTK2(KERN_WARNING
1199 "ICMP6 RA: invalid ND options\n");
1200 return;
1201 }
1202
1203 if (!accept_ra(in6_dev))
1204 goto skip_linkparms;
1205
1206 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1207 /* skip link-specific parameters from interior routers */
1208 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1209 goto skip_linkparms;
1210 #endif
1211
1212 if (in6_dev->if_flags & IF_RS_SENT) {
1213 /*
1214 * flag that an RA was received after an RS was sent
1215 * out on this interface.
1216 */
1217 in6_dev->if_flags |= IF_RA_RCVD;
1218 }
1219
1220 /*
1221 * Remember the managed/otherconf flags from most recently
1222 * received RA message (RFC 2462) -- yoshfuji
1223 */
1224 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1225 IF_RA_OTHERCONF)) |
1226 (ra_msg->icmph.icmp6_addrconf_managed ?
1227 IF_RA_MANAGED : 0) |
1228 (ra_msg->icmph.icmp6_addrconf_other ?
1229 IF_RA_OTHERCONF : 0);
1230
1231 if (!in6_dev->cnf.accept_ra_defrtr)
1232 goto skip_defrtr;
1233
1234 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1235
1236 #ifdef CONFIG_IPV6_ROUTER_PREF
1237 pref = ra_msg->icmph.icmp6_router_pref;
1238 /* 10b is handled as if it were 00b (medium) */
1239 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1240 !in6_dev->cnf.accept_ra_rtr_pref)
1241 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1242 #endif
1243
1244 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1245
1246 if (rt)
1247 neigh = rt->rt6i_nexthop;
1248
1249 if (rt && lifetime == 0) {
1250 neigh_clone(neigh);
1251 ip6_del_rt(rt);
1252 rt = NULL;
1253 }
1254
1255 if (rt == NULL && lifetime) {
1256 ND_PRINTK3(KERN_DEBUG
1257 "ICMPv6 RA: adding default router.\n");
1258
1259 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
1260 if (rt == NULL) {
1261 ND_PRINTK0(KERN_ERR
1262 "ICMPv6 RA: %s() failed to add default route.\n",
1263 __func__);
1264 in6_dev_put(in6_dev);
1265 return;
1266 }
1267
1268 neigh = rt->rt6i_nexthop;
1269 if (neigh == NULL) {
1270 ND_PRINTK0(KERN_ERR
1271 "ICMPv6 RA: %s() got default router without neighbour.\n",
1272 __func__);
1273 dst_release(&rt->dst);
1274 in6_dev_put(in6_dev);
1275 return;
1276 }
1277 neigh->flags |= NTF_ROUTER;
1278 } else if (rt) {
1279 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1280 }
1281
1282 if (rt)
1283 rt->rt6i_expires = jiffies + (HZ * lifetime);
1284
1285 if (ra_msg->icmph.icmp6_hop_limit) {
1286 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1287 if (rt)
1288 dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
1289 ra_msg->icmph.icmp6_hop_limit);
1290 }
1291
1292 skip_defrtr:
1293
1294 /*
1295 * Update Reachable Time and Retrans Timer
1296 */
1297
1298 if (in6_dev->nd_parms) {
1299 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1300
1301 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1302 rtime = (rtime*HZ)/1000;
1303 if (rtime < HZ/10)
1304 rtime = HZ/10;
1305 in6_dev->nd_parms->retrans_time = rtime;
1306 in6_dev->tstamp = jiffies;
1307 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1308 }
1309
1310 rtime = ntohl(ra_msg->reachable_time);
1311 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1312 rtime = (rtime*HZ)/1000;
1313
1314 if (rtime < HZ/10)
1315 rtime = HZ/10;
1316
1317 if (rtime != in6_dev->nd_parms->base_reachable_time) {
1318 in6_dev->nd_parms->base_reachable_time = rtime;
1319 in6_dev->nd_parms->gc_staletime = 3 * rtime;
1320 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1321 in6_dev->tstamp = jiffies;
1322 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1323 }
1324 }
1325 }
1326
1327 skip_linkparms:
1328
1329 /*
1330 * Process options.
1331 */
1332
1333 if (!neigh)
1334 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1335 skb->dev, 1);
1336 if (neigh) {
1337 u8 *lladdr = NULL;
1338 if (ndopts.nd_opts_src_lladdr) {
1339 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1340 skb->dev);
1341 if (!lladdr) {
1342 ND_PRINTK2(KERN_WARNING
1343 "ICMPv6 RA: invalid link-layer address length\n");
1344 goto out;
1345 }
1346 }
1347 neigh_update(neigh, lladdr, NUD_STALE,
1348 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1349 NEIGH_UPDATE_F_OVERRIDE|
1350 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1351 NEIGH_UPDATE_F_ISROUTER);
1352 }
1353
1354 if (!accept_ra(in6_dev))
1355 goto out;
1356
1357 #ifdef CONFIG_IPV6_ROUTE_INFO
1358 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1359 struct nd_opt_hdr *p;
1360 for (p = ndopts.nd_opts_ri;
1361 p;
1362 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1363 struct route_info *ri = (struct route_info *)p;
1364 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1365 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1366 ri->prefix_len == 0)
1367 continue;
1368 #endif
1369 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1370 continue;
1371 rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3,
1372 &ipv6_hdr(skb)->saddr);
1373 }
1374 }
1375 #endif
1376
1377 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1378 /* skip link-specific ndopts from interior routers */
1379 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1380 goto out;
1381 #endif
1382
1383 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1384 struct nd_opt_hdr *p;
1385 for (p = ndopts.nd_opts_pi;
1386 p;
1387 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1388 addrconf_prefix_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3);
1389 }
1390 }
1391
1392 if (ndopts.nd_opts_mtu) {
1393 __be32 n;
1394 u32 mtu;
1395
1396 memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1397 mtu = ntohl(n);
1398
1399 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1400 ND_PRINTK2(KERN_WARNING
1401 "ICMPv6 RA: invalid mtu: %d\n",
1402 mtu);
1403 } else if (in6_dev->cnf.mtu6 != mtu) {
1404 in6_dev->cnf.mtu6 = mtu;
1405
1406 if (rt)
1407 dst_metric_set(&rt->dst, RTAX_MTU, mtu);
1408
1409 rt6_mtu_change(skb->dev, mtu);
1410 }
1411 }
1412
1413 if (ndopts.nd_useropts) {
1414 struct nd_opt_hdr *p;
1415 for (p = ndopts.nd_useropts;
1416 p;
1417 p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) {
1418 ndisc_ra_useropt(skb, p);
1419 }
1420 }
1421
1422 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1423 ND_PRINTK2(KERN_WARNING
1424 "ICMPv6 RA: invalid RA options");
1425 }
1426 out:
1427 if (rt)
1428 dst_release(&rt->dst);
1429 else if (neigh)
1430 neigh_release(neigh);
1431 in6_dev_put(in6_dev);
1432 }
1433
1434 static void ndisc_redirect_rcv(struct sk_buff *skb)
1435 {
1436 struct inet6_dev *in6_dev;
1437 struct icmp6hdr *icmph;
1438 const struct in6_addr *dest;
1439 const struct in6_addr *target; /* new first hop to destination */
1440 struct neighbour *neigh;
1441 int on_link = 0;
1442 struct ndisc_options ndopts;
1443 int optlen;
1444 u8 *lladdr = NULL;
1445
1446 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1447 switch (skb->ndisc_nodetype) {
1448 case NDISC_NODETYPE_HOST:
1449 case NDISC_NODETYPE_NODEFAULT:
1450 ND_PRINTK2(KERN_WARNING
1451 "ICMPv6 Redirect: from host or unauthorized router\n");
1452 return;
1453 }
1454 #endif
1455
1456 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1457 ND_PRINTK2(KERN_WARNING
1458 "ICMPv6 Redirect: source address is not link-local.\n");
1459 return;
1460 }
1461
1462 optlen = skb->tail - skb->transport_header;
1463 optlen -= sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1464
1465 if (optlen < 0) {
1466 ND_PRINTK2(KERN_WARNING
1467 "ICMPv6 Redirect: packet too short\n");
1468 return;
1469 }
1470
1471 icmph = icmp6_hdr(skb);
1472 target = (const struct in6_addr *) (icmph + 1);
1473 dest = target + 1;
1474
1475 if (ipv6_addr_is_multicast(dest)) {
1476 ND_PRINTK2(KERN_WARNING
1477 "ICMPv6 Redirect: destination address is multicast.\n");
1478 return;
1479 }
1480
1481 if (ipv6_addr_equal(dest, target)) {
1482 on_link = 1;
1483 } else if (ipv6_addr_type(target) !=
1484 (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1485 ND_PRINTK2(KERN_WARNING
1486 "ICMPv6 Redirect: target address is not link-local unicast.\n");
1487 return;
1488 }
1489
1490 in6_dev = in6_dev_get(skb->dev);
1491 if (!in6_dev)
1492 return;
1493 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects) {
1494 in6_dev_put(in6_dev);
1495 return;
1496 }
1497
1498 /* RFC2461 8.1:
1499 * The IP source address of the Redirect MUST be the same as the current
1500 * first-hop router for the specified ICMP Destination Address.
1501 */
1502
1503 if (!ndisc_parse_options((u8*)(dest + 1), optlen, &ndopts)) {
1504 ND_PRINTK2(KERN_WARNING
1505 "ICMPv6 Redirect: invalid ND options\n");
1506 in6_dev_put(in6_dev);
1507 return;
1508 }
1509 if (ndopts.nd_opts_tgt_lladdr) {
1510 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr,
1511 skb->dev);
1512 if (!lladdr) {
1513 ND_PRINTK2(KERN_WARNING
1514 "ICMPv6 Redirect: invalid link-layer address length\n");
1515 in6_dev_put(in6_dev);
1516 return;
1517 }
1518 }
1519
1520 neigh = __neigh_lookup(&nd_tbl, target, skb->dev, 1);
1521 if (neigh) {
1522 rt6_redirect(dest, &ipv6_hdr(skb)->daddr,
1523 &ipv6_hdr(skb)->saddr, neigh, lladdr,
1524 on_link);
1525 neigh_release(neigh);
1526 }
1527 in6_dev_put(in6_dev);
1528 }
1529
1530 void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh,
1531 const struct in6_addr *target)
1532 {
1533 struct net_device *dev = skb->dev;
1534 struct net *net = dev_net(dev);
1535 struct sock *sk = net->ipv6.ndisc_sk;
1536 int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1537 struct sk_buff *buff;
1538 struct icmp6hdr *icmph;
1539 struct in6_addr saddr_buf;
1540 struct in6_addr *addrp;
1541 struct rt6_info *rt;
1542 struct dst_entry *dst;
1543 struct inet6_dev *idev;
1544 struct flowi6 fl6;
1545 u8 *opt;
1546 int rd_len;
1547 int err;
1548 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL;
1549
1550 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1551 ND_PRINTK2(KERN_WARNING
1552 "ICMPv6 Redirect: no link-local address on %s\n",
1553 dev->name);
1554 return;
1555 }
1556
1557 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1558 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1559 ND_PRINTK2(KERN_WARNING
1560 "ICMPv6 Redirect: target address is not link-local unicast.\n");
1561 return;
1562 }
1563
1564 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1565 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1566
1567 dst = ip6_route_output(net, NULL, &fl6);
1568 if (dst == NULL)
1569 return;
1570
1571 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1572 if (IS_ERR(dst))
1573 return;
1574
1575 rt = (struct rt6_info *) dst;
1576
1577 if (rt->rt6i_flags & RTF_GATEWAY) {
1578 ND_PRINTK2(KERN_WARNING
1579 "ICMPv6 Redirect: destination is not a neighbour.\n");
1580 goto release;
1581 }
1582 if (!rt->rt6i_peer)
1583 rt6_bind_peer(rt, 1);
1584 if (inet_peer_xrlim_allow(rt->rt6i_peer, 1*HZ))
1585 goto release;
1586
1587 if (dev->addr_len) {
1588 read_lock_bh(&neigh->lock);
1589 if (neigh->nud_state & NUD_VALID) {
1590 memcpy(ha_buf, neigh->ha, dev->addr_len);
1591 read_unlock_bh(&neigh->lock);
1592 ha = ha_buf;
1593 len += ndisc_opt_addr_space(dev);
1594 } else
1595 read_unlock_bh(&neigh->lock);
1596 }
1597
1598 rd_len = min_t(unsigned int,
1599 IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8);
1600 rd_len &= ~0x7;
1601 len += rd_len;
1602
1603 buff = sock_alloc_send_skb(sk,
1604 (MAX_HEADER + sizeof(struct ipv6hdr) +
1605 len + LL_ALLOCATED_SPACE(dev)),
1606 1, &err);
1607 if (buff == NULL) {
1608 ND_PRINTK0(KERN_ERR
1609 "ICMPv6 Redirect: %s() failed to allocate an skb, err=%d.\n",
1610 __func__, err);
1611 goto release;
1612 }
1613
1614 skb_reserve(buff, LL_RESERVED_SPACE(dev));
1615 ip6_nd_hdr(sk, buff, dev, &saddr_buf, &ipv6_hdr(skb)->saddr,
1616 IPPROTO_ICMPV6, len);
1617
1618 skb_set_transport_header(buff, skb_tail_pointer(buff) - buff->data);
1619 skb_put(buff, len);
1620 icmph = icmp6_hdr(buff);
1621
1622 memset(icmph, 0, sizeof(struct icmp6hdr));
1623 icmph->icmp6_type = NDISC_REDIRECT;
1624
1625 /*
1626 * copy target and destination addresses
1627 */
1628
1629 addrp = (struct in6_addr *)(icmph + 1);
1630 ipv6_addr_copy(addrp, target);
1631 addrp++;
1632 ipv6_addr_copy(addrp, &ipv6_hdr(skb)->daddr);
1633
1634 opt = (u8*) (addrp + 1);
1635
1636 /*
1637 * include target_address option
1638 */
1639
1640 if (ha)
1641 opt = ndisc_fill_addr_option(opt, ND_OPT_TARGET_LL_ADDR, ha,
1642 dev->addr_len, dev->type);
1643
1644 /*
1645 * build redirect option and copy skb over to the new packet.
1646 */
1647
1648 memset(opt, 0, 8);
1649 *(opt++) = ND_OPT_REDIRECT_HDR;
1650 *(opt++) = (rd_len >> 3);
1651 opt += 6;
1652
1653 memcpy(opt, ipv6_hdr(skb), rd_len - 8);
1654
1655 icmph->icmp6_cksum = csum_ipv6_magic(&saddr_buf, &ipv6_hdr(skb)->saddr,
1656 len, IPPROTO_ICMPV6,
1657 csum_partial(icmph, len, 0));
1658
1659 skb_dst_set(buff, dst);
1660 idev = in6_dev_get(dst->dev);
1661 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
1662 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, buff, NULL, dst->dev,
1663 dst_output);
1664 if (!err) {
1665 ICMP6MSGOUT_INC_STATS(net, idev, NDISC_REDIRECT);
1666 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
1667 }
1668
1669 if (likely(idev != NULL))
1670 in6_dev_put(idev);
1671 return;
1672
1673 release:
1674 dst_release(dst);
1675 }
1676
1677 static void pndisc_redo(struct sk_buff *skb)
1678 {
1679 ndisc_recv_ns(skb);
1680 kfree_skb(skb);
1681 }
1682
1683 int ndisc_rcv(struct sk_buff *skb)
1684 {
1685 struct nd_msg *msg;
1686
1687 if (!pskb_may_pull(skb, skb->len))
1688 return 0;
1689
1690 msg = (struct nd_msg *)skb_transport_header(skb);
1691
1692 __skb_push(skb, skb->data - skb_transport_header(skb));
1693
1694 if (ipv6_hdr(skb)->hop_limit != 255) {
1695 ND_PRINTK2(KERN_WARNING
1696 "ICMPv6 NDISC: invalid hop-limit: %d\n",
1697 ipv6_hdr(skb)->hop_limit);
1698 return 0;
1699 }
1700
1701 if (msg->icmph.icmp6_code != 0) {
1702 ND_PRINTK2(KERN_WARNING
1703 "ICMPv6 NDISC: invalid ICMPv6 code: %d\n",
1704 msg->icmph.icmp6_code);
1705 return 0;
1706 }
1707
1708 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1709
1710 switch (msg->icmph.icmp6_type) {
1711 case NDISC_NEIGHBOUR_SOLICITATION:
1712 ndisc_recv_ns(skb);
1713 break;
1714
1715 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1716 ndisc_recv_na(skb);
1717 break;
1718
1719 case NDISC_ROUTER_SOLICITATION:
1720 ndisc_recv_rs(skb);
1721 break;
1722
1723 case NDISC_ROUTER_ADVERTISEMENT:
1724 ndisc_router_discovery(skb);
1725 break;
1726
1727 case NDISC_REDIRECT:
1728 ndisc_redirect_rcv(skb);
1729 break;
1730 }
1731
1732 return 0;
1733 }
1734
1735 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1736 {
1737 struct net_device *dev = ptr;
1738 struct net *net = dev_net(dev);
1739
1740 switch (event) {
1741 case NETDEV_CHANGEADDR:
1742 neigh_changeaddr(&nd_tbl, dev);
1743 fib6_run_gc(~0UL, net);
1744 break;
1745 case NETDEV_DOWN:
1746 neigh_ifdown(&nd_tbl, dev);
1747 fib6_run_gc(~0UL, net);
1748 break;
1749 case NETDEV_NOTIFY_PEERS:
1750 ndisc_send_unsol_na(dev);
1751 break;
1752 default:
1753 break;
1754 }
1755
1756 return NOTIFY_DONE;
1757 }
1758
1759 static struct notifier_block ndisc_netdev_notifier = {
1760 .notifier_call = ndisc_netdev_event,
1761 };
1762
1763 #ifdef CONFIG_SYSCTL
1764 static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1765 const char *func, const char *dev_name)
1766 {
1767 static char warncomm[TASK_COMM_LEN];
1768 static int warned;
1769 if (strcmp(warncomm, current->comm) && warned < 5) {
1770 strcpy(warncomm, current->comm);
1771 printk(KERN_WARNING
1772 "process `%s' is using deprecated sysctl (%s) "
1773 "net.ipv6.neigh.%s.%s; "
1774 "Use net.ipv6.neigh.%s.%s_ms "
1775 "instead.\n",
1776 warncomm, func,
1777 dev_name, ctl->procname,
1778 dev_name, ctl->procname);
1779 warned++;
1780 }
1781 }
1782
1783 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
1784 {
1785 struct net_device *dev = ctl->extra1;
1786 struct inet6_dev *idev;
1787 int ret;
1788
1789 if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1790 (strcmp(ctl->procname, "base_reachable_time") == 0))
1791 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1792
1793 if (strcmp(ctl->procname, "retrans_time") == 0)
1794 ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
1795
1796 else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1797 ret = proc_dointvec_jiffies(ctl, write,
1798 buffer, lenp, ppos);
1799
1800 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1801 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1802 ret = proc_dointvec_ms_jiffies(ctl, write,
1803 buffer, lenp, ppos);
1804 else
1805 ret = -1;
1806
1807 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1808 if (ctl->data == &idev->nd_parms->base_reachable_time)
1809 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time);
1810 idev->tstamp = jiffies;
1811 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1812 in6_dev_put(idev);
1813 }
1814 return ret;
1815 }
1816
1817
1818 #endif
1819
1820 static int __net_init ndisc_net_init(struct net *net)
1821 {
1822 struct ipv6_pinfo *np;
1823 struct sock *sk;
1824 int err;
1825
1826 err = inet_ctl_sock_create(&sk, PF_INET6,
1827 SOCK_RAW, IPPROTO_ICMPV6, net);
1828 if (err < 0) {
1829 ND_PRINTK0(KERN_ERR
1830 "ICMPv6 NDISC: Failed to initialize the control socket (err %d).\n",
1831 err);
1832 return err;
1833 }
1834
1835 net->ipv6.ndisc_sk = sk;
1836
1837 np = inet6_sk(sk);
1838 np->hop_limit = 255;
1839 /* Do not loopback ndisc messages */
1840 np->mc_loop = 0;
1841
1842 return 0;
1843 }
1844
1845 static void __net_exit ndisc_net_exit(struct net *net)
1846 {
1847 inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1848 }
1849
1850 static struct pernet_operations ndisc_net_ops = {
1851 .init = ndisc_net_init,
1852 .exit = ndisc_net_exit,
1853 };
1854
1855 int __init ndisc_init(void)
1856 {
1857 int err;
1858
1859 err = register_pernet_subsys(&ndisc_net_ops);
1860 if (err)
1861 return err;
1862 /*
1863 * Initialize the neighbour table
1864 */
1865 neigh_table_init(&nd_tbl);
1866
1867 #ifdef CONFIG_SYSCTL
1868 err = neigh_sysctl_register(NULL, &nd_tbl.parms, "ipv6",
1869 &ndisc_ifinfo_sysctl_change);
1870 if (err)
1871 goto out_unregister_pernet;
1872 #endif
1873 err = register_netdevice_notifier(&ndisc_netdev_notifier);
1874 if (err)
1875 goto out_unregister_sysctl;
1876 out:
1877 return err;
1878
1879 out_unregister_sysctl:
1880 #ifdef CONFIG_SYSCTL
1881 neigh_sysctl_unregister(&nd_tbl.parms);
1882 out_unregister_pernet:
1883 #endif
1884 unregister_pernet_subsys(&ndisc_net_ops);
1885 goto out;
1886 }
1887
1888 void ndisc_cleanup(void)
1889 {
1890 unregister_netdevice_notifier(&ndisc_netdev_notifier);
1891 #ifdef CONFIG_SYSCTL
1892 neigh_sysctl_unregister(&nd_tbl.parms);
1893 #endif
1894 neigh_table_clear(&nd_tbl);
1895 unregister_pernet_subsys(&ndisc_net_ops);
1896 }
Linux 2.6 ibm-acpi/thinkpad-acpi driver git tree