2 * Neighbour Discovery for IPv6
3 * Linux INET6 implementation
6 * Pedro Roque <roque@di.fc.ul.pt>
7 * Mike Shaver <shaver@ingenia.com>
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version
12 * 2 of the License, or (at your option) any later version.
18 * Lars Fenneberg : fixed MTU setting on receipt
21 * Janos Farkas : kmalloc failure checks
22 * Alexey Kuznetsov : state machine reworked
23 * and moved to net/core.
24 * Pekka Savola : RFC2461 validation
25 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly
28 /* Set to 3 to get tracing... */
31 #define ND_PRINTK(x...) printk(KERN_DEBUG x)
32 #define ND_NOPRINTK(x...) do { ; } while(0)
33 #define ND_PRINTK0 ND_PRINTK
34 #define ND_PRINTK1 ND_NOPRINTK
35 #define ND_PRINTK2 ND_NOPRINTK
38 #define ND_PRINTK1 ND_PRINTK
42 #define ND_PRINTK2 ND_PRINTK
45 #define __NO_VERSION__
46 #include <linux/module.h>
47 #include <linux/config.h>
48 #include <linux/errno.h>
49 #include <linux/types.h>
50 #include <linux/socket.h>
51 #include <linux/sockios.h>
52 #include <linux/sched.h>
53 #include <linux/net.h>
54 #include <linux/in6.h>
55 #include <linux/route.h>
56 #include <linux/init.h>
58 #include <linux/sysctl.h>
61 #include <linux/if_arp.h>
62 #include <linux/ipv6.h>
63 #include <linux/icmpv6.h>
69 #include <net/protocol.h>
70 #include <net/ndisc.h>
71 #include <net/ip6_route.h>
72 #include <net/addrconf.h>
75 #include <net/checksum.h>
76 #include <linux/proc_fs.h>
78 static struct socket
*ndisc_socket
;
80 static u32
ndisc_hash(const void *pkey
, const struct net_device
*dev
);
81 static int ndisc_constructor(struct neighbour
*neigh
);
82 static void ndisc_solicit(struct neighbour
*neigh
, struct sk_buff
*skb
);
83 static void ndisc_error_report(struct neighbour
*neigh
, struct sk_buff
*skb
);
84 static int pndisc_constructor(struct pneigh_entry
*n
);
85 static void pndisc_destructor(struct pneigh_entry
*n
);
86 static void pndisc_redo(struct sk_buff
*skb
);
88 static struct neigh_ops ndisc_generic_ops
= {
90 .solicit
= ndisc_solicit
,
91 .error_report
= ndisc_error_report
,
92 .output
= neigh_resolve_output
,
93 .connected_output
= neigh_connected_output
,
94 .hh_output
= dev_queue_xmit
,
95 .queue_xmit
= dev_queue_xmit
,
98 static struct neigh_ops ndisc_hh_ops
= {
100 .solicit
= ndisc_solicit
,
101 .error_report
= ndisc_error_report
,
102 .output
= neigh_resolve_output
,
103 .connected_output
= neigh_resolve_output
,
104 .hh_output
= dev_queue_xmit
,
105 .queue_xmit
= dev_queue_xmit
,
109 static struct neigh_ops ndisc_direct_ops
= {
111 .output
= dev_queue_xmit
,
112 .connected_output
= dev_queue_xmit
,
113 .hh_output
= dev_queue_xmit
,
114 .queue_xmit
= dev_queue_xmit
,
117 struct neigh_table nd_tbl
= {
119 .entry_size
= sizeof(struct neighbour
) + sizeof(struct in6_addr
),
120 .key_len
= sizeof(struct in6_addr
),
122 .constructor
= ndisc_constructor
,
123 .pconstructor
= pndisc_constructor
,
124 .pdestructor
= pndisc_destructor
,
125 .proxy_redo
= pndisc_redo
,
129 .base_reachable_time
= 30 * HZ
,
130 .retrans_time
= 1 * HZ
,
131 .gc_staletime
= 60 * HZ
,
132 .reachable_time
= 30 * HZ
,
133 .delay_probe_time
= 5 * HZ
,
137 .anycast_delay
= 1 * HZ
,
138 .proxy_delay
= (8 * HZ
) / 10,
141 .gc_interval
= 30 * HZ
,
147 #define NDISC_OPT_SPACE(len) (((len)+2+7)&~7)
149 static u8
*ndisc_fill_option(u8
*opt
, int type
, void *data
, int data_len
)
151 int space
= NDISC_OPT_SPACE(data_len
);
155 memcpy(opt
+2, data
, data_len
);
158 if ((space
-= data_len
) > 0)
159 memset(opt
, 0, space
);
163 struct nd_opt_hdr
*ndisc_next_option(struct nd_opt_hdr
*cur
,
164 struct nd_opt_hdr
*end
)
167 if (!cur
|| !end
|| cur
>= end
)
169 type
= cur
->nd_opt_type
;
171 cur
= ((void *)cur
) + (cur
->nd_opt_len
<< 3);
172 } while(cur
< end
&& cur
->nd_opt_type
!= type
);
173 return (cur
<= end
&& cur
->nd_opt_type
== type
? cur
: NULL
);
176 struct ndisc_options
*ndisc_parse_options(u8
*opt
, int opt_len
,
177 struct ndisc_options
*ndopts
)
179 struct nd_opt_hdr
*nd_opt
= (struct nd_opt_hdr
*)opt
;
181 if (!nd_opt
|| opt_len
< 0 || !ndopts
)
183 memset(ndopts
, 0, sizeof(*ndopts
));
186 if (opt_len
< sizeof(struct nd_opt_hdr
))
188 l
= nd_opt
->nd_opt_len
<< 3;
189 if (opt_len
< l
|| l
== 0)
191 switch (nd_opt
->nd_opt_type
) {
192 case ND_OPT_SOURCE_LL_ADDR
:
193 case ND_OPT_TARGET_LL_ADDR
:
195 case ND_OPT_REDIRECT_HDR
:
196 if (ndopts
->nd_opt_array
[nd_opt
->nd_opt_type
]) {
197 ND_PRINTK2((KERN_WARNING
198 "ndisc_parse_options(): duplicated ND6 option found: type=%d\n",
199 nd_opt
->nd_opt_type
));
201 ndopts
->nd_opt_array
[nd_opt
->nd_opt_type
] = nd_opt
;
204 case ND_OPT_PREFIX_INFO
:
205 ndopts
->nd_opts_pi_end
= nd_opt
;
206 if (ndopts
->nd_opt_array
[nd_opt
->nd_opt_type
] == 0)
207 ndopts
->nd_opt_array
[nd_opt
->nd_opt_type
] = nd_opt
;
211 * Unknown options must be silently ignored,
212 * to accomodate future extension to the protocol.
214 ND_PRINTK2(KERN_WARNING
215 "ndisc_parse_options(): ignored unsupported option; type=%d, len=%d\n",
216 nd_opt
->nd_opt_type
, nd_opt
->nd_opt_len
);
219 nd_opt
= ((void *)nd_opt
) + l
;
224 int ndisc_mc_map(struct in6_addr
*addr
, char *buf
, struct net_device
*dev
, int dir
)
228 case ARPHRD_IEEE802
: /* Not sure. Check it later. --ANK */
230 ipv6_eth_mc_map(addr
, buf
);
232 case ARPHRD_IEEE802_TR
:
233 ipv6_tr_mc_map(addr
,buf
);
237 memcpy(buf
, dev
->broadcast
, dev
->addr_len
);
244 static u32
ndisc_hash(const void *pkey
, const struct net_device
*dev
)
248 hash_val
= *(u32
*)(pkey
+ sizeof(struct in6_addr
) - 4);
249 hash_val
^= (hash_val
>>16);
250 hash_val
^= hash_val
>>8;
251 hash_val
^= hash_val
>>3;
252 hash_val
= (hash_val
^dev
->ifindex
)&NEIGH_HASHMASK
;
257 static int ndisc_constructor(struct neighbour
*neigh
)
259 struct in6_addr
*addr
= (struct in6_addr
*)&neigh
->primary_key
;
260 struct net_device
*dev
= neigh
->dev
;
261 struct inet6_dev
*in6_dev
= in6_dev_get(dev
);
267 addr_type
= ipv6_addr_type(addr
);
268 if (in6_dev
->nd_parms
)
269 neigh
->parms
= in6_dev
->nd_parms
;
271 if (addr_type
&IPV6_ADDR_MULTICAST
)
272 neigh
->type
= RTN_MULTICAST
;
274 neigh
->type
= RTN_UNICAST
;
275 if (dev
->hard_header
== NULL
) {
276 neigh
->nud_state
= NUD_NOARP
;
277 neigh
->ops
= &ndisc_direct_ops
;
278 neigh
->output
= neigh
->ops
->queue_xmit
;
280 if (addr_type
&IPV6_ADDR_MULTICAST
) {
281 neigh
->nud_state
= NUD_NOARP
;
282 ndisc_mc_map(addr
, neigh
->ha
, dev
, 1);
283 } else if (dev
->flags
&(IFF_NOARP
|IFF_LOOPBACK
)) {
284 neigh
->nud_state
= NUD_NOARP
;
285 memcpy(neigh
->ha
, dev
->dev_addr
, dev
->addr_len
);
286 if (dev
->flags
&IFF_LOOPBACK
)
287 neigh
->type
= RTN_LOCAL
;
288 } else if (dev
->flags
&IFF_POINTOPOINT
) {
289 neigh
->nud_state
= NUD_NOARP
;
290 memcpy(neigh
->ha
, dev
->broadcast
, dev
->addr_len
);
292 if (dev
->hard_header_cache
)
293 neigh
->ops
= &ndisc_hh_ops
;
295 neigh
->ops
= &ndisc_generic_ops
;
296 if (neigh
->nud_state
&NUD_VALID
)
297 neigh
->output
= neigh
->ops
->connected_output
;
299 neigh
->output
= neigh
->ops
->output
;
301 in6_dev_put(in6_dev
);
305 static int pndisc_constructor(struct pneigh_entry
*n
)
307 struct in6_addr
*addr
= (struct in6_addr
*)&n
->key
;
308 struct in6_addr maddr
;
309 struct net_device
*dev
= n
->dev
;
311 if (dev
== NULL
|| __in6_dev_get(dev
) == NULL
)
313 addrconf_addr_solict_mult(addr
, &maddr
);
314 ipv6_dev_mc_inc(dev
, &maddr
);
318 static void pndisc_destructor(struct pneigh_entry
*n
)
320 struct in6_addr
*addr
= (struct in6_addr
*)&n
->key
;
321 struct in6_addr maddr
;
322 struct net_device
*dev
= n
->dev
;
324 if (dev
== NULL
|| __in6_dev_get(dev
) == NULL
)
326 addrconf_addr_solict_mult(addr
, &maddr
);
327 ipv6_dev_mc_dec(dev
, &maddr
);
333 ndisc_build_ll_hdr(struct sk_buff
*skb
, struct net_device
*dev
,
334 struct in6_addr
*daddr
, struct neighbour
*neigh
, int len
)
336 unsigned char ha
[MAX_ADDR_LEN
];
337 unsigned char *h_dest
= NULL
;
339 skb_reserve(skb
, (dev
->hard_header_len
+ 15) & ~15);
341 if (dev
->hard_header
) {
342 if (ipv6_addr_type(daddr
) & IPV6_ADDR_MULTICAST
) {
343 ndisc_mc_map(daddr
, ha
, dev
, 1);
346 read_lock_bh(&neigh
->lock
);
347 if (neigh
->nud_state
&NUD_VALID
) {
348 memcpy(ha
, neigh
->ha
, dev
->addr_len
);
351 read_unlock_bh(&neigh
->lock
);
353 neigh
= neigh_lookup(&nd_tbl
, daddr
, dev
);
355 read_lock_bh(&neigh
->lock
);
356 if (neigh
->nud_state
&NUD_VALID
) {
357 memcpy(ha
, neigh
->ha
, dev
->addr_len
);
360 read_unlock_bh(&neigh
->lock
);
361 neigh_release(neigh
);
365 if (dev
->hard_header(skb
, dev
, ETH_P_IPV6
, h_dest
, NULL
, len
) < 0)
374 * Send a Neighbour Advertisement
377 static void ndisc_send_na(struct net_device
*dev
, struct neighbour
*neigh
,
378 struct in6_addr
*daddr
, struct in6_addr
*solicited_addr
,
379 int router
, int solicited
, int override
, int inc_opt
)
381 struct sock
*sk
= ndisc_socket
->sk
;
387 len
= sizeof(struct icmp6hdr
) + sizeof(struct in6_addr
);
391 len
+= NDISC_OPT_SPACE(dev
->addr_len
);
396 skb
= sock_alloc_send_skb(sk
, MAX_HEADER
+ len
+ dev
->hard_header_len
+ 15,
400 ND_PRINTK1("send_na: alloc skb failed\n");
404 if (ndisc_build_ll_hdr(skb
, dev
, daddr
, neigh
, len
) == 0) {
409 ip6_nd_hdr(sk
, skb
, dev
, solicited_addr
, daddr
, IPPROTO_ICMPV6
, len
);
411 msg
= (struct nd_msg
*) skb_put(skb
, len
);
413 msg
->icmph
.icmp6_type
= NDISC_NEIGHBOUR_ADVERTISEMENT
;
414 msg
->icmph
.icmp6_code
= 0;
415 msg
->icmph
.icmp6_cksum
= 0;
417 msg
->icmph
.icmp6_unused
= 0;
418 msg
->icmph
.icmp6_router
= router
;
419 msg
->icmph
.icmp6_solicited
= solicited
;
420 msg
->icmph
.icmp6_override
= !!override
;
422 /* Set the target address. */
423 ipv6_addr_copy(&msg
->target
, solicited_addr
);
426 ndisc_fill_option(msg
->opt
, ND_OPT_TARGET_LL_ADDR
, dev
->dev_addr
, dev
->addr_len
);
429 msg
->icmph
.icmp6_cksum
= csum_ipv6_magic(solicited_addr
, daddr
, len
,
431 csum_partial((__u8
*) msg
,
436 ICMP6_INC_STATS(Icmp6OutNeighborAdvertisements
);
437 ICMP6_INC_STATS(Icmp6OutMsgs
);
440 void ndisc_send_ns(struct net_device
*dev
, struct neighbour
*neigh
,
441 struct in6_addr
*solicit
,
442 struct in6_addr
*daddr
, struct in6_addr
*saddr
)
444 struct sock
*sk
= ndisc_socket
->sk
;
447 struct in6_addr addr_buf
;
453 if (ipv6_get_lladdr(dev
, &addr_buf
))
458 len
= sizeof(struct icmp6hdr
) + sizeof(struct in6_addr
);
459 send_llinfo
= dev
->addr_len
&& ipv6_addr_type(saddr
) != IPV6_ADDR_ANY
;
461 len
+= NDISC_OPT_SPACE(dev
->addr_len
);
463 skb
= sock_alloc_send_skb(sk
, MAX_HEADER
+ len
+ dev
->hard_header_len
+ 15,
466 ND_PRINTK1("send_ns: alloc skb failed\n");
470 if (ndisc_build_ll_hdr(skb
, dev
, daddr
, neigh
, len
) == 0) {
475 ip6_nd_hdr(sk
, skb
, dev
, saddr
, daddr
, IPPROTO_ICMPV6
, len
);
477 msg
= (struct nd_msg
*)skb_put(skb
, len
);
478 msg
->icmph
.icmp6_type
= NDISC_NEIGHBOUR_SOLICITATION
;
479 msg
->icmph
.icmp6_code
= 0;
480 msg
->icmph
.icmp6_cksum
= 0;
481 msg
->icmph
.icmp6_unused
= 0;
483 /* Set the target address. */
484 ipv6_addr_copy(&msg
->target
, solicit
);
487 ndisc_fill_option(msg
->opt
, ND_OPT_SOURCE_LL_ADDR
, dev
->dev_addr
, dev
->addr_len
);
490 msg
->icmph
.icmp6_cksum
= csum_ipv6_magic(&skb
->nh
.ipv6h
->saddr
,
493 csum_partial((__u8
*) msg
,
498 ICMP6_INC_STATS(Icmp6OutNeighborSolicits
);
499 ICMP6_INC_STATS(Icmp6OutMsgs
);
502 void ndisc_send_rs(struct net_device
*dev
, struct in6_addr
*saddr
,
503 struct in6_addr
*daddr
)
505 struct sock
*sk
= ndisc_socket
->sk
;
507 struct icmp6hdr
*hdr
;
512 len
= sizeof(struct icmp6hdr
);
514 len
+= NDISC_OPT_SPACE(dev
->addr_len
);
516 skb
= sock_alloc_send_skb(sk
, MAX_HEADER
+ len
+ dev
->hard_header_len
+ 15,
519 ND_PRINTK1("send_ns: alloc skb failed\n");
523 if (ndisc_build_ll_hdr(skb
, dev
, daddr
, NULL
, len
) == 0) {
528 ip6_nd_hdr(sk
, skb
, dev
, saddr
, daddr
, IPPROTO_ICMPV6
, len
);
530 hdr
= (struct icmp6hdr
*) skb_put(skb
, len
);
531 hdr
->icmp6_type
= NDISC_ROUTER_SOLICITATION
;
533 hdr
->icmp6_cksum
= 0;
534 hdr
->icmp6_unused
= 0;
536 opt
= (u8
*) (hdr
+ 1);
539 ndisc_fill_option(opt
, ND_OPT_SOURCE_LL_ADDR
, dev
->dev_addr
, dev
->addr_len
);
542 hdr
->icmp6_cksum
= csum_ipv6_magic(&skb
->nh
.ipv6h
->saddr
, daddr
, len
,
544 csum_partial((__u8
*) hdr
, len
, 0));
549 ICMP6_INC_STATS(Icmp6OutRouterSolicits
);
550 ICMP6_INC_STATS(Icmp6OutMsgs
);
554 static void ndisc_error_report(struct neighbour
*neigh
, struct sk_buff
*skb
)
557 * "The sender MUST return an ICMP
558 * destination unreachable"
560 dst_link_failure(skb
);
564 /* Called with locked neigh: either read or both */
566 static void ndisc_solicit(struct neighbour
*neigh
, struct sk_buff
*skb
)
568 struct in6_addr
*saddr
= NULL
;
569 struct in6_addr mcaddr
;
570 struct net_device
*dev
= neigh
->dev
;
571 struct in6_addr
*target
= (struct in6_addr
*)&neigh
->primary_key
;
572 int probes
= atomic_read(&neigh
->probes
);
574 if (skb
&& ipv6_chk_addr(&skb
->nh
.ipv6h
->saddr
, dev
))
575 saddr
= &skb
->nh
.ipv6h
->saddr
;
577 if ((probes
-= neigh
->parms
->ucast_probes
) < 0) {
578 if (!(neigh
->nud_state
&NUD_VALID
))
579 ND_PRINTK1("trying to ucast probe in NUD_INVALID\n");
580 ndisc_send_ns(dev
, neigh
, target
, target
, saddr
);
581 } else if ((probes
-= neigh
->parms
->app_probes
) < 0) {
586 addrconf_addr_solict_mult(target
, &mcaddr
);
587 ndisc_send_ns(dev
, NULL
, target
, &mcaddr
, saddr
);
591 void ndisc_recv_ns(struct sk_buff
*skb
)
593 struct nd_msg
*msg
= (struct nd_msg
*)skb
->h
.raw
;
594 struct in6_addr
*saddr
= &skb
->nh
.ipv6h
->saddr
;
595 struct in6_addr
*daddr
= &skb
->nh
.ipv6h
->daddr
;
598 u32 ndoptlen
= skb
->tail
- msg
->opt
;
599 struct ndisc_options ndopts
;
600 struct net_device
*dev
= skb
->dev
;
601 struct inet6_ifaddr
*ifp
;
602 struct neighbour
*neigh
;
604 if (skb
->len
< sizeof(struct nd_msg
)) {
606 printk(KERN_WARNING
"ICMP NS: packet too short\n");
610 if (ipv6_addr_type(&msg
->target
)&IPV6_ADDR_MULTICAST
) {
612 printk(KERN_WARNING
"ICMP NS: target address is multicast\n");
616 if (!ndisc_parse_options(msg
->opt
, ndoptlen
, &ndopts
)) {
618 printk(KERN_WARNING
"ICMP NS: invalid ND option, ignored.\n");
622 if (ndopts
.nd_opts_src_lladdr
) {
623 lladdr
= (u8
*)(ndopts
.nd_opts_src_lladdr
+ 1);
624 lladdrlen
= ndopts
.nd_opts_src_lladdr
->nd_opt_len
<< 3;
625 if (lladdrlen
!= NDISC_OPT_SPACE(dev
->addr_len
)) {
627 printk(KERN_WARNING
"ICMP NS: bad lladdr length.\n");
632 /* XXX: RFC2461 7.1.1:
633 * If the IP source address is the unspecified address, there
634 * MUST NOT be source link-layer address option in the message.
636 * NOTE! Linux kernel < 2.4.4 broke this rule.
639 /* XXX: RFC2461 7.1.1:
640 * If the IP source address is the unspecified address, the IP
641 * destination address MUST be a solicited-node multicast address.
644 if ((ifp
= ipv6_get_ifaddr(&msg
->target
, dev
)) != NULL
) {
645 int addr_type
= ipv6_addr_type(saddr
);
647 if (ifp
->flags
& IFA_F_TENTATIVE
) {
648 /* Address is tentative. If the source
649 is unspecified address, it is someone
650 does DAD, otherwise we ignore solicitations
651 until DAD timer expires.
653 if (addr_type
== IPV6_ADDR_ANY
) {
654 if (dev
->type
== ARPHRD_IEEE802_TR
) {
655 unsigned char *sadr
= skb
->mac
.raw
;
656 if (((sadr
[8] &0x7f) != (dev
->dev_addr
[0] & 0x7f)) ||
657 (sadr
[9] != dev
->dev_addr
[1]) ||
658 (sadr
[10] != dev
->dev_addr
[2]) ||
659 (sadr
[11] != dev
->dev_addr
[3]) ||
660 (sadr
[12] != dev
->dev_addr
[4]) ||
661 (sadr
[13] != dev
->dev_addr
[5]))
663 addrconf_dad_failure(ifp
) ;
666 addrconf_dad_failure(ifp
);
673 if (addr_type
== IPV6_ADDR_ANY
) {
674 struct in6_addr maddr
;
676 ipv6_addr_all_nodes(&maddr
);
677 ndisc_send_na(dev
, NULL
, &maddr
, &ifp
->addr
,
678 ifp
->idev
->cnf
.forwarding
, 0,
679 ipv6_addr_type(&ifp
->addr
)&IPV6_ADDR_ANYCAST
? 0 : 1,
685 if (addr_type
& IPV6_ADDR_UNICAST
) {
686 int inc
= ipv6_addr_type(daddr
)&IPV6_ADDR_MULTICAST
;
689 nd_tbl
.stats
.rcv_probes_mcast
++;
691 nd_tbl
.stats
.rcv_probes_ucast
++;
694 * update / create cache entry
695 * for the source adddress
698 neigh
= neigh_event_ns(&nd_tbl
, lladdr
, saddr
, dev
);
700 if (neigh
|| !dev
->hard_header
) {
701 ndisc_send_na(dev
, neigh
, saddr
, &ifp
->addr
,
702 ifp
->idev
->cnf
.forwarding
, 1,
703 ipv6_addr_type(&ifp
->addr
)&IPV6_ADDR_ANYCAST
? 0 : 1,
706 neigh_release(neigh
);
711 struct inet6_dev
*in6_dev
= in6_dev_get(dev
);
712 int addr_type
= ipv6_addr_type(saddr
);
714 if (in6_dev
&& in6_dev
->cnf
.forwarding
&&
715 (addr_type
& IPV6_ADDR_UNICAST
) &&
716 pneigh_lookup(&nd_tbl
, &msg
->target
, dev
, 0)) {
717 int inc
= ipv6_addr_type(daddr
)&IPV6_ADDR_MULTICAST
;
719 if (skb
->stamp
.tv_sec
== 0 ||
720 skb
->pkt_type
== PACKET_HOST
||
722 in6_dev
->nd_parms
->proxy_delay
== 0) {
724 nd_tbl
.stats
.rcv_probes_mcast
++;
726 nd_tbl
.stats
.rcv_probes_ucast
++;
728 neigh
= neigh_event_ns(&nd_tbl
, lladdr
, saddr
, dev
);
731 ndisc_send_na(dev
, neigh
, saddr
, &msg
->target
,
733 neigh_release(neigh
);
736 struct sk_buff
*n
= skb_clone(skb
, GFP_ATOMIC
);
738 pneigh_enqueue(&nd_tbl
, in6_dev
->nd_parms
, n
);
739 in6_dev_put(in6_dev
);
744 in6_dev_put(in6_dev
);
749 void ndisc_recv_na(struct sk_buff
*skb
)
751 struct nd_msg
*msg
= (struct nd_msg
*)skb
->h
.raw
;
752 struct in6_addr
*saddr
= &skb
->nh
.ipv6h
->saddr
;
753 struct in6_addr
*daddr
= &skb
->nh
.ipv6h
->daddr
;
756 u32 ndoptlen
= skb
->tail
- msg
->opt
;
757 struct ndisc_options ndopts
;
758 struct net_device
*dev
= skb
->dev
;
759 struct inet6_ifaddr
*ifp
;
760 struct neighbour
*neigh
;
762 if (skb
->len
< sizeof(struct nd_msg
)) {
764 printk(KERN_WARNING
"ICMP NA: packet too short\n");
768 if (ipv6_addr_type(&msg
->target
)&IPV6_ADDR_MULTICAST
) {
770 printk(KERN_WARNING
"NDISC NA: target address is multicast\n");
774 if ((ipv6_addr_type(daddr
)&IPV6_ADDR_MULTICAST
) &&
775 msg
->icmph
.icmp6_solicited
) {
776 ND_PRINTK0("NDISC: solicited NA is multicasted\n");
780 if (!ndisc_parse_options(msg
->opt
, ndoptlen
, &ndopts
)) {
782 printk(KERN_WARNING
"ICMP NS: invalid ND option, ignored.\n");
785 if (ndopts
.nd_opts_tgt_lladdr
) {
786 lladdr
= (u8
*)(ndopts
.nd_opts_tgt_lladdr
+ 1);
787 lladdrlen
= ndopts
.nd_opts_tgt_lladdr
->nd_opt_len
<< 3;
788 if (lladdrlen
!= NDISC_OPT_SPACE(dev
->addr_len
)) {
790 printk(KERN_WARNING
"NDISC NA: invalid lladdr length.\n");
794 if ((ifp
= ipv6_get_ifaddr(&msg
->target
, dev
))) {
795 if (ifp
->flags
& IFA_F_TENTATIVE
) {
796 addrconf_dad_failure(ifp
);
799 /* What should we make now? The advertisement
800 is invalid, but ndisc specs say nothing
801 about it. It could be misconfiguration, or
802 an smart proxy agent tries to help us :-)
804 ND_PRINTK0("%s: someone advertises our address!\n",
805 ifp
->idev
->dev
->name
);
809 neigh
= neigh_lookup(&nd_tbl
, &msg
->target
, dev
);
812 if (neigh
->flags
& NTF_ROUTER
) {
813 if (msg
->icmph
.icmp6_router
== 0) {
815 * Change: router to host
818 rt
= rt6_get_dflt_router(saddr
, dev
);
823 if (msg
->icmph
.icmp6_router
)
824 neigh
->flags
|= NTF_ROUTER
;
827 neigh_update(neigh
, lladdr
,
828 msg
->icmph
.icmp6_solicited
? NUD_REACHABLE
: NUD_STALE
,
829 msg
->icmph
.icmp6_override
, 1);
830 neigh_release(neigh
);
834 static void ndisc_router_discovery(struct sk_buff
*skb
)
836 struct ra_msg
*ra_msg
= (struct ra_msg
*) skb
->h
.raw
;
837 struct neighbour
*neigh
;
838 struct inet6_dev
*in6_dev
;
841 struct ndisc_options ndopts
;
844 __u8
* opt
= (__u8
*)(ra_msg
+ 1);
846 optlen
= (skb
->tail
- skb
->h
.raw
) - sizeof(struct ra_msg
);
848 if (!(ipv6_addr_type(&skb
->nh
.ipv6h
->saddr
) & IPV6_ADDR_LINKLOCAL
)) {
850 printk(KERN_WARNING
"ICMP RA: source address is not linklocal\n");
855 printk(KERN_WARNING
"ICMP RA: packet too short\n");
860 * set the RA_RECV flag in the interface
863 in6_dev
= in6_dev_get(skb
->dev
);
864 if (in6_dev
== NULL
) {
865 ND_PRINTK1("RA: can't find in6 device\n");
868 if (in6_dev
->cnf
.forwarding
|| !in6_dev
->cnf
.accept_ra
) {
869 in6_dev_put(in6_dev
);
873 if (!ndisc_parse_options(opt
, optlen
, &ndopts
)) {
874 in6_dev_put(in6_dev
);
876 ND_PRINTK2(KERN_WARNING
877 "ICMP6 RA: invalid ND option, ignored.\n");
881 if (in6_dev
->if_flags
& IF_RS_SENT
) {
883 * flag that an RA was received after an RS was sent
884 * out on this interface.
886 in6_dev
->if_flags
|= IF_RA_RCVD
;
889 lifetime
= ntohs(ra_msg
->icmph
.icmp6_rt_lifetime
);
891 rt
= rt6_get_dflt_router(&skb
->nh
.ipv6h
->saddr
, skb
->dev
);
893 if (rt
&& lifetime
== 0) {
898 if (rt
== NULL
&& lifetime
) {
899 ND_PRINTK2("ndisc_rdisc: adding default router\n");
901 rt
= rt6_add_dflt_router(&skb
->nh
.ipv6h
->saddr
, skb
->dev
);
903 ND_PRINTK1("route_add failed\n");
904 in6_dev_put(in6_dev
);
908 neigh
= rt
->rt6i_nexthop
;
910 ND_PRINTK1("nd: add default router: null neighbour\n");
911 dst_release(&rt
->u
.dst
);
912 in6_dev_put(in6_dev
);
915 neigh
->flags
|= NTF_ROUTER
;
918 * If we where using an "all destinations on link" route
922 rt6_purge_dflt_routers(RTF_ALLONLINK
);
926 rt
->rt6i_expires
= jiffies
+ (HZ
* lifetime
);
928 if (ra_msg
->icmph
.icmp6_hop_limit
)
929 in6_dev
->cnf
.hop_limit
= ra_msg
->icmph
.icmp6_hop_limit
;
932 * Update Reachable Time and Retrans Timer
935 if (in6_dev
->nd_parms
) {
936 __u32 rtime
= ntohl(ra_msg
->retrans_timer
);
938 if (rtime
&& rtime
/1000 < MAX_SCHEDULE_TIMEOUT
/HZ
) {
939 rtime
= (rtime
*HZ
)/1000;
942 in6_dev
->nd_parms
->retrans_time
= rtime
;
945 rtime
= ntohl(ra_msg
->reachable_time
);
946 if (rtime
&& rtime
/1000 < MAX_SCHEDULE_TIMEOUT
/(3*HZ
)) {
947 rtime
= (rtime
*HZ
)/1000;
952 if (rtime
!= in6_dev
->nd_parms
->base_reachable_time
) {
953 in6_dev
->nd_parms
->base_reachable_time
= rtime
;
954 in6_dev
->nd_parms
->gc_staletime
= 3 * rtime
;
955 in6_dev
->nd_parms
->reachable_time
= neigh_rand_reach_time(rtime
);
964 if (rt
&& (neigh
= rt
->rt6i_nexthop
) != NULL
) {
967 if (ndopts
.nd_opts_src_lladdr
) {
968 lladdr
= (u8
*)((ndopts
.nd_opts_src_lladdr
)+1);
969 lladdrlen
= ndopts
.nd_opts_src_lladdr
->nd_opt_len
<< 3;
970 if (lladdrlen
!= NDISC_OPT_SPACE(skb
->dev
->addr_len
)) {
972 ND_PRINTK2(KERN_WARNING
973 "ICMP6 RA: Invalid lladdr length.\n");
977 neigh_update(neigh
, lladdr
, NUD_STALE
, 1, 1);
980 if (ndopts
.nd_opts_pi
) {
981 struct nd_opt_hdr
*p
;
982 for (p
= ndopts
.nd_opts_pi
;
984 p
= ndisc_next_option(p
, ndopts
.nd_opts_pi_end
)) {
985 addrconf_prefix_rcv(skb
->dev
, (u8
*)p
, (p
->nd_opt_len
) << 3);
989 if (ndopts
.nd_opts_mtu
) {
992 memcpy(&mtu
, ((u8
*)(ndopts
.nd_opts_mtu
+1))+2, sizeof(mtu
));
995 if (mtu
< IPV6_MIN_MTU
|| mtu
> skb
->dev
->mtu
) {
996 if (net_ratelimit()) {
997 ND_PRINTK0("NDISC: router announcement with mtu = %d\n",
1002 if (in6_dev
->cnf
.mtu6
!= mtu
) {
1003 in6_dev
->cnf
.mtu6
= mtu
;
1006 rt
->u
.dst
.metrics
[RTAX_MTU
-1] = mtu
;
1008 rt6_mtu_change(skb
->dev
, mtu
);
1012 if (ndopts
.nd_opts_tgt_lladdr
|| ndopts
.nd_opts_rh
) {
1013 if (net_ratelimit())
1014 ND_PRINTK0(KERN_WARNING
1015 "ICMP6 RA: got illegal option with RA");
1019 dst_release(&rt
->u
.dst
);
1020 in6_dev_put(in6_dev
);
1023 static void ndisc_redirect_rcv(struct sk_buff
*skb
)
1025 struct inet6_dev
*in6_dev
;
1026 struct icmp6hdr
*icmph
;
1027 struct in6_addr
*dest
;
1028 struct in6_addr
*target
; /* new first hop to destination */
1029 struct neighbour
*neigh
;
1031 struct ndisc_options ndopts
;
1036 if (!(ipv6_addr_type(&skb
->nh
.ipv6h
->saddr
) & IPV6_ADDR_LINKLOCAL
)) {
1037 if (net_ratelimit())
1038 printk(KERN_WARNING
"ICMP redirect: source address is not linklocal\n");
1042 optlen
= skb
->tail
- skb
->h
.raw
;
1043 optlen
-= sizeof(struct icmp6hdr
) + 2 * sizeof(struct in6_addr
);
1046 if (net_ratelimit())
1047 printk(KERN_WARNING
"ICMP redirect: packet too small\n");
1051 icmph
= (struct icmp6hdr
*) skb
->h
.raw
;
1052 target
= (struct in6_addr
*) (icmph
+ 1);
1055 if (ipv6_addr_type(dest
) & IPV6_ADDR_MULTICAST
) {
1056 if (net_ratelimit())
1057 printk(KERN_WARNING
"ICMP redirect for multicast addr\n");
1061 if (ipv6_addr_cmp(dest
, target
) == 0) {
1063 } else if (!(ipv6_addr_type(target
) & IPV6_ADDR_LINKLOCAL
)) {
1064 if (net_ratelimit())
1065 printk(KERN_WARNING
"ICMP redirect: target address is not linklocal\n");
1069 in6_dev
= in6_dev_get(skb
->dev
);
1072 if (in6_dev
->cnf
.forwarding
|| !in6_dev
->cnf
.accept_redirects
) {
1073 in6_dev_put(in6_dev
);
1077 /* XXX: RFC2461 8.1:
1078 * The IP source address of the Redirect MUST be the same as the current
1079 * first-hop router for the specified ICMP Destination Address.
1082 if (!ndisc_parse_options((u8
*)(dest
+ 1), optlen
, &ndopts
)) {
1083 if (net_ratelimit())
1084 ND_PRINTK2(KERN_WARNING
1085 "ICMP6 Redirect: invalid ND options, rejected.\n");
1086 in6_dev_put(in6_dev
);
1089 if (ndopts
.nd_opts_tgt_lladdr
) {
1090 lladdr
= (u8
*)(ndopts
.nd_opts_tgt_lladdr
+ 1);
1091 lladdrlen
= ndopts
.nd_opts_tgt_lladdr
->nd_opt_len
<< 3;
1092 if (lladdrlen
!= NDISC_OPT_SPACE(skb
->dev
->addr_len
)) {
1093 if (net_ratelimit())
1094 ND_PRINTK2(KERN_WARNING
1095 "ICMP6 Redirect: invalid lladdr length.\n");
1096 in6_dev_put(in6_dev
);
1100 /* passed validation tests */
1103 We install redirect only if nexthop state is valid.
1106 neigh
= __neigh_lookup(&nd_tbl
, target
, skb
->dev
, 1);
1108 neigh_update(neigh
, lladdr
, NUD_STALE
, 1, 1);
1109 if (neigh
->nud_state
&NUD_VALID
)
1110 rt6_redirect(dest
, &skb
->nh
.ipv6h
->saddr
, neigh
, on_link
);
1112 __neigh_event_send(neigh
, NULL
);
1113 neigh_release(neigh
);
1115 in6_dev_put(in6_dev
);
1118 void ndisc_send_redirect(struct sk_buff
*skb
, struct neighbour
*neigh
,
1119 struct in6_addr
*target
)
1121 struct sock
*sk
= ndisc_socket
->sk
;
1122 int len
= sizeof(struct icmp6hdr
) + 2 * sizeof(struct in6_addr
);
1123 struct sk_buff
*buff
;
1124 struct icmp6hdr
*icmph
;
1125 struct in6_addr saddr_buf
;
1126 struct in6_addr
*addrp
;
1127 struct net_device
*dev
;
1128 struct rt6_info
*rt
;
1135 rt
= rt6_lookup(&skb
->nh
.ipv6h
->saddr
, NULL
, dev
->ifindex
, 1);
1140 if (rt
->rt6i_flags
& RTF_GATEWAY
) {
1141 ND_PRINTK1("ndisc_send_redirect: not a neighbour\n");
1142 dst_release(&rt
->u
.dst
);
1145 if (!xrlim_allow(&rt
->u
.dst
, 1*HZ
)) {
1146 dst_release(&rt
->u
.dst
);
1149 dst_release(&rt
->u
.dst
);
1151 if (dev
->addr_len
) {
1152 if (neigh
->nud_state
&NUD_VALID
) {
1153 len
+= NDISC_OPT_SPACE(dev
->addr_len
);
1155 /* If nexthop is not valid, do not redirect!
1156 We will make it later, when will be sure,
1163 rd_len
= min_t(unsigned int,
1164 IPV6_MIN_MTU
-sizeof(struct ipv6hdr
)-len
, skb
->len
+ 8);
1168 if (ipv6_get_lladdr(dev
, &saddr_buf
)) {
1169 ND_PRINTK1("redirect: no link_local addr for dev\n");
1173 buff
= sock_alloc_send_skb(sk
, MAX_HEADER
+ len
+ dev
->hard_header_len
+ 15,
1176 ND_PRINTK1("ndisc_send_redirect: alloc_skb failed\n");
1182 if (ndisc_build_ll_hdr(buff
, dev
, &skb
->nh
.ipv6h
->saddr
, NULL
, len
) == 0) {
1187 ip6_nd_hdr(sk
, buff
, dev
, &saddr_buf
, &skb
->nh
.ipv6h
->saddr
,
1188 IPPROTO_ICMPV6
, len
);
1190 icmph
= (struct icmp6hdr
*) skb_put(buff
, len
);
1192 memset(icmph
, 0, sizeof(struct icmp6hdr
));
1193 icmph
->icmp6_type
= NDISC_REDIRECT
;
1196 * copy target and destination addresses
1199 addrp
= (struct in6_addr
*)(icmph
+ 1);
1200 ipv6_addr_copy(addrp
, target
);
1202 ipv6_addr_copy(addrp
, &skb
->nh
.ipv6h
->daddr
);
1204 opt
= (u8
*) (addrp
+ 1);
1207 * include target_address option
1211 opt
= ndisc_fill_option(opt
, ND_OPT_TARGET_LL_ADDR
, neigh
->ha
, dev
->addr_len
);
1214 * build redirect option and copy skb over to the new packet.
1218 *(opt
++) = ND_OPT_REDIRECT_HDR
;
1219 *(opt
++) = (rd_len
>> 3);
1222 memcpy(opt
, skb
->nh
.ipv6h
, rd_len
- 8);
1224 icmph
->icmp6_cksum
= csum_ipv6_magic(&saddr_buf
, &skb
->nh
.ipv6h
->saddr
,
1225 len
, IPPROTO_ICMPV6
,
1226 csum_partial((u8
*) icmph
, len
, 0));
1228 dev_queue_xmit(buff
);
1230 ICMP6_INC_STATS(Icmp6OutRedirects
);
1231 ICMP6_INC_STATS(Icmp6OutMsgs
);
1234 static void pndisc_redo(struct sk_buff
*skb
)
1240 int ndisc_rcv(struct sk_buff
*skb
)
1242 struct nd_msg
*msg
= (struct nd_msg
*) skb
->h
.raw
;
1244 __skb_push(skb
, skb
->data
-skb
->h
.raw
);
1246 if (skb
->nh
.ipv6h
->hop_limit
!= 255) {
1247 if (net_ratelimit())
1249 "ICMP NDISC: fake message with non-255 Hop Limit received: %d\n",
1250 skb
->nh
.ipv6h
->hop_limit
);
1254 if (msg
->icmph
.icmp6_code
!= 0) {
1255 if (net_ratelimit())
1256 printk(KERN_WARNING
"ICMP NDISC: code is not zero\n");
1260 switch (msg
->icmph
.icmp6_type
) {
1261 case NDISC_NEIGHBOUR_SOLICITATION
:
1265 case NDISC_NEIGHBOUR_ADVERTISEMENT
:
1269 case NDISC_ROUTER_ADVERTISEMENT
:
1270 ndisc_router_discovery(skb
);
1273 case NDISC_REDIRECT
:
1274 ndisc_redirect_rcv(skb
);
1281 int __init
ndisc_init(struct net_proto_family
*ops
)
1283 struct ipv6_pinfo
*np
;
1287 err
= sock_create(PF_INET6
, SOCK_RAW
, IPPROTO_ICMPV6
, &ndisc_socket
);
1290 "Failed to initialize the NDISC control socket (err %d).\n",
1292 ndisc_socket
= NULL
; /* For safety. */
1296 sk
= ndisc_socket
->sk
;
1298 sk
->allocation
= GFP_ATOMIC
;
1299 np
->hop_limit
= 255;
1300 /* Do not loopback ndisc messages */
1302 sk
->prot
->unhash(sk
);
1305 * Initialize the neighbour table
1308 neigh_table_init(&nd_tbl
);
1310 #ifdef CONFIG_SYSCTL
1311 neigh_sysctl_register(NULL
, &nd_tbl
.parms
, NET_IPV6
, NET_IPV6_NEIGH
, "ipv6");
1317 void ndisc_cleanup(void)
1319 neigh_table_clear(&nd_tbl
);
1320 sock_release(ndisc_socket
);
1321 ndisc_socket
= NULL
; /* For safety. */