1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Neighbour Discovery for IPv6
4 * Linux INET6 implementation
5 *
6 * Authors:
7 * Pedro Roque <roque@di.fc.ul.pt>
8 * Mike Shaver <shaver@ingenia.com>
9 */
10
11 /*
12 * Changes:
13 *
14 * Alexey I. Froloff : RFC6106 (DNSSL) support
15 * Pierre Ynard : export userland ND options
16 * through netlink (RDNSS support)
17 * Lars Fenneberg : fixed MTU setting on receipt
18 * of an RA.
19 * Janos Farkas : kmalloc failure checks
20 * Alexey Kuznetsov : state machine reworked
21 * and moved to net/core.
22 * Pekka Savola : RFC2461 validation
23 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly
24 */
25
26 #define pr_fmt(fmt) "ICMPv6: " fmt
27
28 #include <linux/module.h>
29 #include <linux/errno.h>
30 #include <linux/types.h>
31 #include <linux/socket.h>
32 #include <linux/sockios.h>
33 #include <linux/sched.h>
34 #include <linux/net.h>
35 #include <linux/in6.h>
36 #include <linux/route.h>
37 #include <linux/init.h>
38 #include <linux/rcupdate.h>
39 #include <linux/slab.h>
40 #ifdef CONFIG_SYSCTL
41 #include <linux/sysctl.h>
42 #endif
43
44 #include <linux/if_addr.h>
45 #include <linux/if_ether.h>
46 #include <linux/if_arp.h>
47 #include <linux/ipv6.h>
48 #include <linux/icmpv6.h>
49 #include <linux/jhash.h>
50
51 #include <net/sock.h>
52 #include <net/snmp.h>
53
54 #include <net/ipv6.h>
55 #include <net/protocol.h>
56 #include <net/ndisc.h>
57 #include <net/ip6_route.h>
58 #include <net/addrconf.h>
59 #include <net/icmp.h>
60
61 #include <net/netlink.h>
62 #include <linux/rtnetlink.h>
63
64 #include <net/flow.h>
65 #include <net/ip6_checksum.h>
66 #include <net/inet_common.h>
67 #include <linux/proc_fs.h>
68
69 #include <linux/netfilter.h>
70 #include <linux/netfilter_ipv6.h>
71
72 static u32 ndisc_hash(const void *pkey,
73 const struct net_device *dev,
74 __u32 *hash_rnd);
75 static bool ndisc_key_eq(const struct neighbour *neigh, const void *pkey);
76 static bool ndisc_allow_add(const struct net_device *dev,
77 struct netlink_ext_ack *extack);
78 static int ndisc_constructor(struct neighbour *neigh);
79 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
80 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
81 static int pndisc_constructor(struct pneigh_entry *n);
82 static void pndisc_destructor(struct pneigh_entry *n);
83 static void pndisc_redo(struct sk_buff *skb);
84 static int ndisc_is_multicast(const void *pkey);
85
86 static const struct neigh_ops ndisc_generic_ops = {
87 .family = AF_INET6,
88 .solicit = ndisc_solicit,
89 .error_report = ndisc_error_report,
90 .output = neigh_resolve_output,
91 .connected_output = neigh_connected_output,
92 };
93
94 static const struct neigh_ops ndisc_hh_ops = {
95 .family = AF_INET6,
96 .solicit = ndisc_solicit,
97 .error_report = ndisc_error_report,
98 .output = neigh_resolve_output,
99 .connected_output = neigh_resolve_output,
100 };
101
102
103 static const struct neigh_ops ndisc_direct_ops = {
104 .family = AF_INET6,
105 .output = neigh_direct_output,
106 .connected_output = neigh_direct_output,
107 };
108
109 struct neigh_table nd_tbl = {
110 .family = AF_INET6,
111 .key_len = sizeof(struct in6_addr),
112 .protocol = cpu_to_be16(ETH_P_IPV6),
113 .hash = ndisc_hash,
114 .key_eq = ndisc_key_eq,
115 .constructor = ndisc_constructor,
116 .pconstructor = pndisc_constructor,
117 .pdestructor = pndisc_destructor,
118 .proxy_redo = pndisc_redo,
119 .is_multicast = ndisc_is_multicast,
120 .allow_add = ndisc_allow_add,
121 .id = "ndisc_cache",
122 .parms = {
123 .tbl = &nd_tbl,
124 .reachable_time = ND_REACHABLE_TIME,
125 .data = {
126 [NEIGH_VAR_MCAST_PROBES] = 3,
127 [NEIGH_VAR_UCAST_PROBES] = 3,
128 [NEIGH_VAR_RETRANS_TIME] = ND_RETRANS_TIMER,
129 [NEIGH_VAR_BASE_REACHABLE_TIME] = ND_REACHABLE_TIME,
130 [NEIGH_VAR_DELAY_PROBE_TIME] = 5 * HZ,
131 [NEIGH_VAR_INTERVAL_PROBE_TIME_MS] = 5 * HZ,
132 [NEIGH_VAR_GC_STALETIME] = 60 * HZ,
133 [NEIGH_VAR_QUEUE_LEN_BYTES] = SK_WMEM_MAX,
134 [NEIGH_VAR_PROXY_QLEN] = 64,
135 [NEIGH_VAR_ANYCAST_DELAY] = 1 * HZ,
136 [NEIGH_VAR_PROXY_DELAY] = (8 * HZ) / 10,
137 },
138 },
139 .gc_interval = 30 * HZ,
140 .gc_thresh1 = 128,
141 .gc_thresh2 = 512,
142 .gc_thresh3 = 1024,
143 };
144 EXPORT_SYMBOL_GPL(nd_tbl);
145
146 void __ndisc_fill_addr_option(struct sk_buff *skb, int type, const void *data,
147 int data_len, int pad)
148 {
149 int space = __ndisc_opt_addr_space(data_len, pad);
150 u8 *opt = skb_put(skb, space);
151
152 opt[0] = type;
153 opt[1] = space>>3;
154
155 memset(opt + 2, 0, pad);
156 opt += pad;
157 space -= pad;
158
159 memcpy(opt+2, data, data_len);
160 data_len += 2;
161 opt += data_len;
162 space -= data_len;
163 if (space > 0)
164 memset(opt, 0, space);
165 }
166 EXPORT_SYMBOL_GPL(__ndisc_fill_addr_option);
167
168 static inline void ndisc_fill_addr_option(struct sk_buff *skb, int type,
169 const void *data, u8 icmp6_type)
170 {
171 __ndisc_fill_addr_option(skb, type, data, skb->dev->addr_len,
172 ndisc_addr_option_pad(skb->dev->type));
173 ndisc_ops_fill_addr_option(skb->dev, skb, icmp6_type);
174 }
175
176 static inline void ndisc_fill_redirect_addr_option(struct sk_buff *skb,
177 void *ha,
178 const u8 *ops_data)
179 {
180 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR, ha, NDISC_REDIRECT);
181 ndisc_ops_fill_redirect_addr_option(skb->dev, skb, ops_data);
182 }
183
184 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
185 struct nd_opt_hdr *end)
186 {
187 int type;
188 if (!cur || !end || cur >= end)
189 return NULL;
190 type = cur->nd_opt_type;
191 do {
192 cur = ((void *)cur) + (cur->nd_opt_len << 3);
193 } while (cur < end && cur->nd_opt_type != type);
194 return cur <= end && cur->nd_opt_type == type ? cur : NULL;
195 }
196
197 static inline int ndisc_is_useropt(const struct net_device *dev,
198 struct nd_opt_hdr *opt)
199 {
200 return opt->nd_opt_type == ND_OPT_PREFIX_INFO ||
201 opt->nd_opt_type == ND_OPT_RDNSS ||
202 opt->nd_opt_type == ND_OPT_DNSSL ||
203 opt->nd_opt_type == ND_OPT_CAPTIVE_PORTAL ||
204 opt->nd_opt_type == ND_OPT_PREF64 ||
205 ndisc_ops_is_useropt(dev, opt->nd_opt_type);
206 }
207
208 static struct nd_opt_hdr *ndisc_next_useropt(const struct net_device *dev,
209 struct nd_opt_hdr *cur,
210 struct nd_opt_hdr *end)
211 {
212 if (!cur || !end || cur >= end)
213 return NULL;
214 do {
215 cur = ((void *)cur) + (cur->nd_opt_len << 3);
216 } while (cur < end && !ndisc_is_useropt(dev, cur));
217 return cur <= end && ndisc_is_useropt(dev, cur) ? cur : NULL;
218 }
219
220 struct ndisc_options *ndisc_parse_options(const struct net_device *dev,
221 u8 *opt, int opt_len,
222 struct ndisc_options *ndopts)
223 {
224 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
225
226 if (!nd_opt || opt_len < 0 || !ndopts)
227 return NULL;
228 memset(ndopts, 0, sizeof(*ndopts));
229 while (opt_len) {
230 bool unknown = false;
231 int l;
232 if (opt_len < sizeof(struct nd_opt_hdr))
233 return NULL;
234 l = nd_opt->nd_opt_len << 3;
235 if (opt_len < l || l == 0)
236 return NULL;
237 if (ndisc_ops_parse_options(dev, nd_opt, ndopts))
238 goto next_opt;
239 switch (nd_opt->nd_opt_type) {
240 case ND_OPT_SOURCE_LL_ADDR:
241 case ND_OPT_TARGET_LL_ADDR:
242 case ND_OPT_MTU:
243 case ND_OPT_NONCE:
244 case ND_OPT_REDIRECT_HDR:
245 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
246 ND_PRINTK(2, warn,
247 "%s: duplicated ND6 option found: type=%d\n",
248 __func__, nd_opt->nd_opt_type);
249 } else {
250 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
251 }
252 break;
253 case ND_OPT_PREFIX_INFO:
254 ndopts->nd_opts_pi_end = nd_opt;
255 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
256 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
257 break;
258 #ifdef CONFIG_IPV6_ROUTE_INFO
259 case ND_OPT_ROUTE_INFO:
260 ndopts->nd_opts_ri_end = nd_opt;
261 if (!ndopts->nd_opts_ri)
262 ndopts->nd_opts_ri = nd_opt;
263 break;
264 #endif
265 default:
266 unknown = true;
267 }
268 if (ndisc_is_useropt(dev, nd_opt)) {
269 ndopts->nd_useropts_end = nd_opt;
270 if (!ndopts->nd_useropts)
271 ndopts->nd_useropts = nd_opt;
272 } else if (unknown) {
273 /*
274 * Unknown options must be silently ignored,
275 * to accommodate future extension to the
276 * protocol.
277 */
278 ND_PRINTK(2, notice,
279 "%s: ignored unsupported option; type=%d, len=%d\n",
280 __func__,
281 nd_opt->nd_opt_type,
282 nd_opt->nd_opt_len);
283 }
284 next_opt:
285 opt_len -= l;
286 nd_opt = ((void *)nd_opt) + l;
287 }
288 return ndopts;
289 }
290
291 int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
292 {
293 switch (dev->type) {
294 case ARPHRD_ETHER:
295 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */
296 case ARPHRD_FDDI:
297 ipv6_eth_mc_map(addr, buf);
298 return 0;
299 case ARPHRD_ARCNET:
300 ipv6_arcnet_mc_map(addr, buf);
301 return 0;
302 case ARPHRD_INFINIBAND:
303 ipv6_ib_mc_map(addr, dev->broadcast, buf);
304 return 0;
305 case ARPHRD_IPGRE:
306 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
307 default:
308 if (dir) {
309 memcpy(buf, dev->broadcast, dev->addr_len);
310 return 0;
311 }
312 }
313 return -EINVAL;
314 }
315 EXPORT_SYMBOL(ndisc_mc_map);
316
317 static u32 ndisc_hash(const void *pkey,
318 const struct net_device *dev,
319 __u32 *hash_rnd)
320 {
321 return ndisc_hashfn(pkey, dev, hash_rnd);
322 }
323
324 static bool ndisc_key_eq(const struct neighbour *n, const void *pkey)
325 {
326 return neigh_key_eq128(n, pkey);
327 }
328
329 static int ndisc_constructor(struct neighbour *neigh)
330 {
331 struct in6_addr *addr = (struct in6_addr *)&neigh->primary_key;
332 struct net_device *dev = neigh->dev;
333 struct inet6_dev *in6_dev;
334 struct neigh_parms *parms;
335 bool is_multicast = ipv6_addr_is_multicast(addr);
336
337 in6_dev = in6_dev_get(dev);
338 if (!in6_dev) {
339 return -EINVAL;
340 }
341
342 parms = in6_dev->nd_parms;
343 __neigh_parms_put(neigh->parms);
344 neigh->parms = neigh_parms_clone(parms);
345
346 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
347 if (!dev->header_ops) {
348 neigh->nud_state = NUD_NOARP;
349 neigh->ops = &ndisc_direct_ops;
350 neigh->output = neigh_direct_output;
351 } else {
352 if (is_multicast) {
353 neigh->nud_state = NUD_NOARP;
354 ndisc_mc_map(addr, neigh->ha, dev, 1);
355 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
356 neigh->nud_state = NUD_NOARP;
357 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
358 if (dev->flags&IFF_LOOPBACK)
359 neigh->type = RTN_LOCAL;
360 } else if (dev->flags&IFF_POINTOPOINT) {
361 neigh->nud_state = NUD_NOARP;
362 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
363 }
364 if (dev->header_ops->cache)
365 neigh->ops = &ndisc_hh_ops;
366 else
367 neigh->ops = &ndisc_generic_ops;
368 if (neigh->nud_state&NUD_VALID)
369 neigh->output = neigh->ops->connected_output;
370 else
371 neigh->output = neigh->ops->output;
372 }
373 in6_dev_put(in6_dev);
374 return 0;
375 }
376
377 static int pndisc_constructor(struct pneigh_entry *n)
378 {
379 struct in6_addr *addr = (struct in6_addr *)&n->key;
380 struct in6_addr maddr;
381 struct net_device *dev = n->dev;
382
383 if (!dev || !__in6_dev_get(dev))
384 return -EINVAL;
385 addrconf_addr_solict_mult(addr, &maddr);
386 ipv6_dev_mc_inc(dev, &maddr);
387 return 0;
388 }
389
390 static void pndisc_destructor(struct pneigh_entry *n)
391 {
392 struct in6_addr *addr = (struct in6_addr *)&n->key;
393 struct in6_addr maddr;
394 struct net_device *dev = n->dev;
395
396 if (!dev || !__in6_dev_get(dev))
397 return;
398 addrconf_addr_solict_mult(addr, &maddr);
399 ipv6_dev_mc_dec(dev, &maddr);
400 }
401
402 /* called with rtnl held */
403 static bool ndisc_allow_add(const struct net_device *dev,
404 struct netlink_ext_ack *extack)
405 {
406 struct inet6_dev *idev = __in6_dev_get(dev);
407
408 if (!idev || idev->cnf.disable_ipv6) {
409 NL_SET_ERR_MSG(extack, "IPv6 is disabled on this device");
410 return false;
411 }
412
413 return true;
414 }
415
416 static struct sk_buff *ndisc_alloc_skb(struct net_device *dev,
417 int len)
418 {
419 int hlen = LL_RESERVED_SPACE(dev);
420 int tlen = dev->needed_tailroom;
421 struct sock *sk = dev_net(dev)->ipv6.ndisc_sk;
422 struct sk_buff *skb;
423
424 skb = alloc_skb(hlen + sizeof(struct ipv6hdr) + len + tlen, GFP_ATOMIC);
425 if (!skb) {
426 ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb\n",
427 __func__);
428 return NULL;
429 }
430
431 skb->protocol = htons(ETH_P_IPV6);
432 skb->dev = dev;
433
434 skb_reserve(skb, hlen + sizeof(struct ipv6hdr));
435 skb_reset_transport_header(skb);
436
437 /* Manually assign socket ownership as we avoid calling
438 * sock_alloc_send_pskb() to bypass wmem buffer limits
439 */
440 skb_set_owner_w(skb, sk);
441
442 return skb;
443 }
444
445 static void ip6_nd_hdr(struct sk_buff *skb,
446 const struct in6_addr *saddr,
447 const struct in6_addr *daddr,
448 int hop_limit, int len)
449 {
450 struct ipv6hdr *hdr;
451 struct inet6_dev *idev;
452 unsigned tclass;
453
454 rcu_read_lock();
455 idev = __in6_dev_get(skb->dev);
456 tclass = idev ? READ_ONCE(idev->cnf.ndisc_tclass) : 0;
457 rcu_read_unlock();
458
459 skb_push(skb, sizeof(*hdr));
460 skb_reset_network_header(skb);
461 hdr = ipv6_hdr(skb);
462
463 ip6_flow_hdr(hdr, tclass, 0);
464
465 hdr->payload_len = htons(len);
466 hdr->nexthdr = IPPROTO_ICMPV6;
467 hdr->hop_limit = hop_limit;
468
469 hdr->saddr = *saddr;
470 hdr->daddr = *daddr;
471 }
472
473 void ndisc_send_skb(struct sk_buff *skb, const struct in6_addr *daddr,
474 const struct in6_addr *saddr)
475 {
476 struct dst_entry *dst = skb_dst(skb);
477 struct net *net = dev_net(skb->dev);
478 struct sock *sk = net->ipv6.ndisc_sk;
479 struct inet6_dev *idev;
480 int err;
481 struct icmp6hdr *icmp6h = icmp6_hdr(skb);
482 u8 type;
483
484 type = icmp6h->icmp6_type;
485
486 if (!dst) {
487 struct flowi6 fl6;
488 int oif = skb->dev->ifindex;
489
490 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, oif);
491 dst = icmp6_dst_alloc(skb->dev, &fl6);
492 if (IS_ERR(dst)) {
493 kfree_skb(skb);
494 return;
495 }
496
497 skb_dst_set(skb, dst);
498 }
499
500 icmp6h->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len,
501 IPPROTO_ICMPV6,
502 csum_partial(icmp6h,
503 skb->len, 0));
504
505 ip6_nd_hdr(skb, saddr, daddr, READ_ONCE(inet6_sk(sk)->hop_limit), skb->len);
506
507 rcu_read_lock();
508 idev = __in6_dev_get(dst->dev);
509 IP6_INC_STATS(net, idev, IPSTATS_MIB_OUTREQUESTS);
510
511 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT,
512 net, sk, skb, NULL, dst->dev,
513 dst_output);
514 if (!err) {
515 ICMP6MSGOUT_INC_STATS(net, idev, type);
516 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
517 }
518
519 rcu_read_unlock();
520 }
521 EXPORT_SYMBOL(ndisc_send_skb);
522
523 void ndisc_send_na(struct net_device *dev, const struct in6_addr *daddr,
524 const struct in6_addr *solicited_addr,
525 bool router, bool solicited, bool override, bool inc_opt)
526 {
527 struct sk_buff *skb;
528 struct in6_addr tmpaddr;
529 struct inet6_ifaddr *ifp;
530 const struct in6_addr *src_addr;
531 struct nd_msg *msg;
532 int optlen = 0;
533
534 /* for anycast or proxy, solicited_addr != src_addr */
535 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
536 if (ifp) {
537 src_addr = solicited_addr;
538 if (ifp->flags & IFA_F_OPTIMISTIC)
539 override = false;
540 inc_opt |= READ_ONCE(ifp->idev->cnf.force_tllao);
541 in6_ifa_put(ifp);
542 } else {
543 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
544 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
545 &tmpaddr))
546 return;
547 src_addr = &tmpaddr;
548 }
549
550 if (!dev->addr_len)
551 inc_opt = false;
552 if (inc_opt)
553 optlen += ndisc_opt_addr_space(dev,
554 NDISC_NEIGHBOUR_ADVERTISEMENT);
555
556 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
557 if (!skb)
558 return;
559
560 msg = skb_put(skb, sizeof(*msg));
561 *msg = (struct nd_msg) {
562 .icmph = {
563 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
564 .icmp6_router = router,
565 .icmp6_solicited = solicited,
566 .icmp6_override = override,
567 },
568 .target = *solicited_addr,
569 };
570
571 if (inc_opt)
572 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR,
573 dev->dev_addr,
574 NDISC_NEIGHBOUR_ADVERTISEMENT);
575
576 ndisc_send_skb(skb, daddr, src_addr);
577 }
578
579 static void ndisc_send_unsol_na(struct net_device *dev)
580 {
581 struct inet6_dev *idev;
582 struct inet6_ifaddr *ifa;
583
584 idev = in6_dev_get(dev);
585 if (!idev)
586 return;
587
588 read_lock_bh(&idev->lock);
589 list_for_each_entry(ifa, &idev->addr_list, if_list) {
590 /* skip tentative addresses until dad completes */
591 if (ifa->flags & IFA_F_TENTATIVE &&
592 !(ifa->flags & IFA_F_OPTIMISTIC))
593 continue;
594
595 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &ifa->addr,
596 /*router=*/ !!idev->cnf.forwarding,
597 /*solicited=*/ false, /*override=*/ true,
598 /*inc_opt=*/ true);
599 }
600 read_unlock_bh(&idev->lock);
601
602 in6_dev_put(idev);
603 }
604
605 struct sk_buff *ndisc_ns_create(struct net_device *dev, const struct in6_addr *solicit,
606 const struct in6_addr *saddr, u64 nonce)
607 {
608 int inc_opt = dev->addr_len;
609 struct sk_buff *skb;
610 struct nd_msg *msg;
611 int optlen = 0;
612
613 if (!saddr)
614 return NULL;
615
616 if (ipv6_addr_any(saddr))
617 inc_opt = false;
618 if (inc_opt)
619 optlen += ndisc_opt_addr_space(dev,
620 NDISC_NEIGHBOUR_SOLICITATION);
621 if (nonce != 0)
622 optlen += 8;
623
624 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
625 if (!skb)
626 return NULL;
627
628 msg = skb_put(skb, sizeof(*msg));
629 *msg = (struct nd_msg) {
630 .icmph = {
631 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
632 },
633 .target = *solicit,
634 };
635
636 if (inc_opt)
637 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
638 dev->dev_addr,
639 NDISC_NEIGHBOUR_SOLICITATION);
640 if (nonce != 0) {
641 u8 *opt = skb_put(skb, 8);
642
643 opt[0] = ND_OPT_NONCE;
644 opt[1] = 8 >> 3;
645 memcpy(opt + 2, &nonce, 6);
646 }
647
648 return skb;
649 }
650 EXPORT_SYMBOL(ndisc_ns_create);
651
652 void ndisc_send_ns(struct net_device *dev, const struct in6_addr *solicit,
653 const struct in6_addr *daddr, const struct in6_addr *saddr,
654 u64 nonce)
655 {
656 struct in6_addr addr_buf;
657 struct sk_buff *skb;
658
659 if (!saddr) {
660 if (ipv6_get_lladdr(dev, &addr_buf,
661 (IFA_F_TENTATIVE | IFA_F_OPTIMISTIC)))
662 return;
663 saddr = &addr_buf;
664 }
665
666 skb = ndisc_ns_create(dev, solicit, saddr, nonce);
667
668 if (skb)
669 ndisc_send_skb(skb, daddr, saddr);
670 }
671
672 void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
673 const struct in6_addr *daddr)
674 {
675 struct sk_buff *skb;
676 struct rs_msg *msg;
677 int send_sllao = dev->addr_len;
678 int optlen = 0;
679
680 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
681 /*
682 * According to section 2.2 of RFC 4429, we must not
683 * send router solicitations with a sllao from
684 * optimistic addresses, but we may send the solicitation
685 * if we don't include the sllao. So here we check
686 * if our address is optimistic, and if so, we
687 * suppress the inclusion of the sllao.
688 */
689 if (send_sllao) {
690 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
691 dev, 1);
692 if (ifp) {
693 if (ifp->flags & IFA_F_OPTIMISTIC) {
694 send_sllao = 0;
695 }
696 in6_ifa_put(ifp);
697 } else {
698 send_sllao = 0;
699 }
700 }
701 #endif
702 if (send_sllao)
703 optlen += ndisc_opt_addr_space(dev, NDISC_ROUTER_SOLICITATION);
704
705 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
706 if (!skb)
707 return;
708
709 msg = skb_put(skb, sizeof(*msg));
710 *msg = (struct rs_msg) {
711 .icmph = {
712 .icmp6_type = NDISC_ROUTER_SOLICITATION,
713 },
714 };
715
716 if (send_sllao)
717 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
718 dev->dev_addr,
719 NDISC_ROUTER_SOLICITATION);
720
721 ndisc_send_skb(skb, daddr, saddr);
722 }
723
724
725 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
726 {
727 /*
728 * "The sender MUST return an ICMP
729 * destination unreachable"
730 */
731 dst_link_failure(skb);
732 kfree_skb(skb);
733 }
734
735 /* Called with locked neigh: either read or both */
736
737 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
738 {
739 struct in6_addr *saddr = NULL;
740 struct in6_addr mcaddr;
741 struct net_device *dev = neigh->dev;
742 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
743 int probes = atomic_read(&neigh->probes);
744
745 if (skb && ipv6_chk_addr_and_flags(dev_net(dev), &ipv6_hdr(skb)->saddr,
746 dev, false, 1,
747 IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))
748 saddr = &ipv6_hdr(skb)->saddr;
749 probes -= NEIGH_VAR(neigh->parms, UCAST_PROBES);
750 if (probes < 0) {
751 if (!(READ_ONCE(neigh->nud_state) & NUD_VALID)) {
752 ND_PRINTK(1, dbg,
753 "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
754 __func__, target);
755 }
756 ndisc_send_ns(dev, target, target, saddr, 0);
757 } else if ((probes -= NEIGH_VAR(neigh->parms, APP_PROBES)) < 0) {
758 neigh_app_ns(neigh);
759 } else {
760 addrconf_addr_solict_mult(target, &mcaddr);
761 ndisc_send_ns(dev, target, &mcaddr, saddr, 0);
762 }
763 }
764
765 static int pndisc_is_router(const void *pkey,
766 struct net_device *dev)
767 {
768 struct pneigh_entry *n;
769 int ret = -1;
770
771 read_lock_bh(&nd_tbl.lock);
772 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
773 if (n)
774 ret = !!(n->flags & NTF_ROUTER);
775 read_unlock_bh(&nd_tbl.lock);
776
777 return ret;
778 }
779
780 void ndisc_update(const struct net_device *dev, struct neighbour *neigh,
781 const u8 *lladdr, u8 new, u32 flags, u8 icmp6_type,
782 struct ndisc_options *ndopts)
783 {
784 neigh_update(neigh, lladdr, new, flags, 0);
785 /* report ndisc ops about neighbour update */
786 ndisc_ops_update(dev, neigh, flags, icmp6_type, ndopts);
787 }
788
789 static enum skb_drop_reason ndisc_recv_ns(struct sk_buff *skb)
790 {
791 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
792 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
793 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
794 u8 *lladdr = NULL;
795 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
796 offsetof(struct nd_msg, opt));
797 struct ndisc_options ndopts;
798 struct net_device *dev = skb->dev;
799 struct inet6_ifaddr *ifp;
800 struct inet6_dev *idev = NULL;
801 struct neighbour *neigh;
802 int dad = ipv6_addr_any(saddr);
803 int is_router = -1;
804 SKB_DR(reason);
805 u64 nonce = 0;
806 bool inc;
807
808 if (skb->len < sizeof(struct nd_msg))
809 return SKB_DROP_REASON_PKT_TOO_SMALL;
810
811 if (ipv6_addr_is_multicast(&msg->target)) {
812 ND_PRINTK(2, warn, "NS: multicast target address\n");
813 return reason;
814 }
815
816 /*
817 * RFC2461 7.1.1:
818 * DAD has to be destined for solicited node multicast address.
819 */
820 if (dad && !ipv6_addr_is_solict_mult(daddr)) {
821 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
822 return reason;
823 }
824
825 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts))
826 return SKB_DROP_REASON_IPV6_NDISC_BAD_OPTIONS;
827
828 if (ndopts.nd_opts_src_lladdr) {
829 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
830 if (!lladdr) {
831 ND_PRINTK(2, warn,
832 "NS: invalid link-layer address length\n");
833 return reason;
834 }
835
836 /* RFC2461 7.1.1:
837 * If the IP source address is the unspecified address,
838 * there MUST NOT be source link-layer address option
839 * in the message.
840 */
841 if (dad) {
842 ND_PRINTK(2, warn,
843 "NS: bad DAD packet (link-layer address option)\n");
844 return reason;
845 }
846 }
847 if (ndopts.nd_opts_nonce && ndopts.nd_opts_nonce->nd_opt_len == 1)
848 memcpy(&nonce, (u8 *)(ndopts.nd_opts_nonce + 1), 6);
849
850 inc = ipv6_addr_is_multicast(daddr);
851
852 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
853 if (ifp) {
854 have_ifp:
855 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
856 if (dad) {
857 if (nonce != 0 && ifp->dad_nonce == nonce) {
858 u8 *np = (u8 *)&nonce;
859 /* Matching nonce if looped back */
860 ND_PRINTK(2, notice,
861 "%s: IPv6 DAD loopback for address %pI6c nonce %pM ignored\n",
862 ifp->idev->dev->name,
863 &ifp->addr, np);
864 goto out;
865 }
866 /*
867 * We are colliding with another node
868 * who is doing DAD
869 * so fail our DAD process
870 */
871 addrconf_dad_failure(skb, ifp);
872 return reason;
873 } else {
874 /*
875 * This is not a dad solicitation.
876 * If we are an optimistic node,
877 * we should respond.
878 * Otherwise, we should ignore it.
879 */
880 if (!(ifp->flags & IFA_F_OPTIMISTIC))
881 goto out;
882 }
883 }
884
885 idev = ifp->idev;
886 } else {
887 struct net *net = dev_net(dev);
888
889 /* perhaps an address on the master device */
890 if (netif_is_l3_slave(dev)) {
891 struct net_device *mdev;
892
893 mdev = netdev_master_upper_dev_get_rcu(dev);
894 if (mdev) {
895 ifp = ipv6_get_ifaddr(net, &msg->target, mdev, 1);
896 if (ifp)
897 goto have_ifp;
898 }
899 }
900
901 idev = in6_dev_get(dev);
902 if (!idev) {
903 /* XXX: count this drop? */
904 return reason;
905 }
906
907 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
908 (READ_ONCE(idev->cnf.forwarding) &&
909 (READ_ONCE(net->ipv6.devconf_all->proxy_ndp) ||
910 READ_ONCE(idev->cnf.proxy_ndp)) &&
911 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
912 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
913 skb->pkt_type != PACKET_HOST &&
914 inc &&
915 NEIGH_VAR(idev->nd_parms, PROXY_DELAY) != 0) {
916 /*
917 * for anycast or proxy,
918 * sender should delay its response
919 * by a random time between 0 and
920 * MAX_ANYCAST_DELAY_TIME seconds.
921 * (RFC2461) -- yoshfuji
922 */
923 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
924 if (n)
925 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
926 goto out;
927 }
928 } else {
929 SKB_DR_SET(reason, IPV6_NDISC_NS_OTHERHOST);
930 goto out;
931 }
932 }
933
934 if (is_router < 0)
935 is_router = READ_ONCE(idev->cnf.forwarding);
936
937 if (dad) {
938 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &msg->target,
939 !!is_router, false, (ifp != NULL), true);
940 goto out;
941 }
942
943 if (inc)
944 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
945 else
946 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
947
948 /*
949 * update / create cache entry
950 * for the source address
951 */
952 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
953 !inc || lladdr || !dev->addr_len);
954 if (neigh)
955 ndisc_update(dev, neigh, lladdr, NUD_STALE,
956 NEIGH_UPDATE_F_WEAK_OVERRIDE|
957 NEIGH_UPDATE_F_OVERRIDE,
958 NDISC_NEIGHBOUR_SOLICITATION, &ndopts);
959 if (neigh || !dev->header_ops) {
960 ndisc_send_na(dev, saddr, &msg->target, !!is_router,
961 true, (ifp != NULL && inc), inc);
962 if (neigh)
963 neigh_release(neigh);
964 reason = SKB_CONSUMED;
965 }
966
967 out:
968 if (ifp)
969 in6_ifa_put(ifp);
970 else
971 in6_dev_put(idev);
972 return reason;
973 }
974
975 static int accept_untracked_na(struct net_device *dev, struct in6_addr *saddr)
976 {
977 struct inet6_dev *idev = __in6_dev_get(dev);
978
979 switch (READ_ONCE(idev->cnf.accept_untracked_na)) {
980 case 0: /* Don't accept untracked na (absent in neighbor cache) */
981 return 0;
982 case 1: /* Create new entries from na if currently untracked */
983 return 1;
984 case 2: /* Create new entries from untracked na only if saddr is in the
985 * same subnet as an address configured on the interface that
986 * received the na
987 */
988 return !!ipv6_chk_prefix(saddr, dev);
989 default:
990 return 0;
991 }
992 }
993
994 static enum skb_drop_reason ndisc_recv_na(struct sk_buff *skb)
995 {
996 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
997 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
998 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
999 u8 *lladdr = NULL;
1000 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
1001 offsetof(struct nd_msg, opt));
1002 struct ndisc_options ndopts;
1003 struct net_device *dev = skb->dev;
1004 struct inet6_dev *idev = __in6_dev_get(dev);
1005 struct inet6_ifaddr *ifp;
1006 struct neighbour *neigh;
1007 SKB_DR(reason);
1008 u8 new_state;
1009
1010 if (skb->len < sizeof(struct nd_msg))
1011 return SKB_DROP_REASON_PKT_TOO_SMALL;
1012
1013 if (ipv6_addr_is_multicast(&msg->target)) {
1014 ND_PRINTK(2, warn, "NA: target address is multicast\n");
1015 return reason;
1016 }
1017
1018 if (ipv6_addr_is_multicast(daddr) &&
1019 msg->icmph.icmp6_solicited) {
1020 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
1021 return reason;
1022 }
1023
1024 /* For some 802.11 wireless deployments (and possibly other networks),
1025 * there will be a NA proxy and unsolicitd packets are attacks
1026 * and thus should not be accepted.
1027 * drop_unsolicited_na takes precedence over accept_untracked_na
1028 */
1029 if (!msg->icmph.icmp6_solicited && idev &&
1030 READ_ONCE(idev->cnf.drop_unsolicited_na))
1031 return reason;
1032
1033 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts))
1034 return SKB_DROP_REASON_IPV6_NDISC_BAD_OPTIONS;
1035
1036 if (ndopts.nd_opts_tgt_lladdr) {
1037 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
1038 if (!lladdr) {
1039 ND_PRINTK(2, warn,
1040 "NA: invalid link-layer address length\n");
1041 return reason;
1042 }
1043 }
1044 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
1045 if (ifp) {
1046 if (skb->pkt_type != PACKET_LOOPBACK
1047 && (ifp->flags & IFA_F_TENTATIVE)) {
1048 addrconf_dad_failure(skb, ifp);
1049 return reason;
1050 }
1051 /* What should we make now? The advertisement
1052 is invalid, but ndisc specs say nothing
1053 about it. It could be misconfiguration, or
1054 an smart proxy agent tries to help us :-)
1055
1056 We should not print the error if NA has been
1057 received from loopback - it is just our own
1058 unsolicited advertisement.
1059 */
1060 if (skb->pkt_type != PACKET_LOOPBACK)
1061 ND_PRINTK(1, warn,
1062 "NA: %pM advertised our address %pI6c on %s!\n",
1063 eth_hdr(skb)->h_source, &ifp->addr, ifp->idev->dev->name);
1064 in6_ifa_put(ifp);
1065 return reason;
1066 }
1067
1068 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
1069
1070 /* RFC 9131 updates original Neighbour Discovery RFC 4861.
1071 * NAs with Target LL Address option without a corresponding
1072 * entry in the neighbour cache can now create a STALE neighbour
1073 * cache entry on routers.
1074 *
1075 * entry accept fwding solicited behaviour
1076 * ------- ------ ------ --------- ----------------------
1077 * present X X 0 Set state to STALE
1078 * present X X 1 Set state to REACHABLE
1079 * absent 0 X X Do nothing
1080 * absent 1 0 X Do nothing
1081 * absent 1 1 X Add a new STALE entry
1082 *
1083 * Note that we don't do a (daddr == all-routers-mcast) check.
1084 */
1085 new_state = msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE;
1086 if (!neigh && lladdr && idev && READ_ONCE(idev->cnf.forwarding)) {
1087 if (accept_untracked_na(dev, saddr)) {
1088 neigh = neigh_create(&nd_tbl, &msg->target, dev);
1089 new_state = NUD_STALE;
1090 }
1091 }
1092
1093 if (neigh && !IS_ERR(neigh)) {
1094 u8 old_flags = neigh->flags;
1095 struct net *net = dev_net(dev);
1096
1097 if (READ_ONCE(neigh->nud_state) & NUD_FAILED)
1098 goto out;
1099
1100 /*
1101 * Don't update the neighbor cache entry on a proxy NA from
1102 * ourselves because either the proxied node is off link or it
1103 * has already sent a NA to us.
1104 */
1105 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
1106 READ_ONCE(net->ipv6.devconf_all->forwarding) &&
1107 READ_ONCE(net->ipv6.devconf_all->proxy_ndp) &&
1108 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
1109 /* XXX: idev->cnf.proxy_ndp */
1110 goto out;
1111 }
1112
1113 ndisc_update(dev, neigh, lladdr,
1114 new_state,
1115 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1116 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
1117 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1118 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0),
1119 NDISC_NEIGHBOUR_ADVERTISEMENT, &ndopts);
1120
1121 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
1122 /*
1123 * Change: router to host
1124 */
1125 rt6_clean_tohost(dev_net(dev), saddr);
1126 }
1127 reason = SKB_CONSUMED;
1128 out:
1129 neigh_release(neigh);
1130 }
1131 return reason;
1132 }
1133
1134 static enum skb_drop_reason ndisc_recv_rs(struct sk_buff *skb)
1135 {
1136 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
1137 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
1138 struct neighbour *neigh;
1139 struct inet6_dev *idev;
1140 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
1141 struct ndisc_options ndopts;
1142 u8 *lladdr = NULL;
1143 SKB_DR(reason);
1144
1145 if (skb->len < sizeof(*rs_msg))
1146 return SKB_DROP_REASON_PKT_TOO_SMALL;
1147
1148 idev = __in6_dev_get(skb->dev);
1149 if (!idev) {
1150 ND_PRINTK(1, err, "RS: can't find in6 device\n");
1151 return reason;
1152 }
1153
1154 /* Don't accept RS if we're not in router mode */
1155 if (!READ_ONCE(idev->cnf.forwarding))
1156 goto out;
1157
1158 /*
1159 * Don't update NCE if src = ::;
1160 * this implies that the source node has no ip address assigned yet.
1161 */
1162 if (ipv6_addr_any(saddr))
1163 goto out;
1164
1165 /* Parse ND options */
1166 if (!ndisc_parse_options(skb->dev, rs_msg->opt, ndoptlen, &ndopts))
1167 return SKB_DROP_REASON_IPV6_NDISC_BAD_OPTIONS;
1168
1169 if (ndopts.nd_opts_src_lladdr) {
1170 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1171 skb->dev);
1172 if (!lladdr)
1173 goto out;
1174 }
1175
1176 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1177 if (neigh) {
1178 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1179 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1180 NEIGH_UPDATE_F_OVERRIDE|
1181 NEIGH_UPDATE_F_OVERRIDE_ISROUTER,
1182 NDISC_ROUTER_SOLICITATION, &ndopts);
1183 neigh_release(neigh);
1184 reason = SKB_CONSUMED;
1185 }
1186 out:
1187 return reason;
1188 }
1189
1190 static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1191 {
1192 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1193 struct sk_buff *skb;
1194 struct nlmsghdr *nlh;
1195 struct nduseroptmsg *ndmsg;
1196 struct net *net = dev_net(ra->dev);
1197 int err;
1198 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1199 + (opt->nd_opt_len << 3));
1200 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1201
1202 skb = nlmsg_new(msg_size, GFP_ATOMIC);
1203 if (!skb) {
1204 err = -ENOBUFS;
1205 goto errout;
1206 }
1207
1208 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1209 if (!nlh) {
1210 goto nla_put_failure;
1211 }
1212
1213 ndmsg = nlmsg_data(nlh);
1214 ndmsg->nduseropt_family = AF_INET6;
1215 ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1216 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1217 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1218 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1219
1220 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1221
1222 if (nla_put_in6_addr(skb, NDUSEROPT_SRCADDR, &ipv6_hdr(ra)->saddr))
1223 goto nla_put_failure;
1224 nlmsg_end(skb, nlh);
1225
1226 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1227 return;
1228
1229 nla_put_failure:
1230 nlmsg_free(skb);
1231 err = -EMSGSIZE;
1232 errout:
1233 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1234 }
1235
1236 static enum skb_drop_reason ndisc_router_discovery(struct sk_buff *skb)
1237 {
1238 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1239 bool send_ifinfo_notify = false;
1240 struct neighbour *neigh = NULL;
1241 struct ndisc_options ndopts;
1242 struct fib6_info *rt = NULL;
1243 struct inet6_dev *in6_dev;
1244 struct fib6_table *table;
1245 u32 defrtr_usr_metric;
1246 unsigned int pref = 0;
1247 __u32 old_if_flags;
1248 struct net *net;
1249 SKB_DR(reason);
1250 int lifetime;
1251 int optlen;
1252
1253 __u8 *opt = (__u8 *)(ra_msg + 1);
1254
1255 optlen = (skb_tail_pointer(skb) - skb_transport_header(skb)) -
1256 sizeof(struct ra_msg);
1257
1258 ND_PRINTK(2, info,
1259 "RA: %s, dev: %s\n",
1260 __func__, skb->dev->name);
1261 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1262 ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1263 return reason;
1264 }
1265 if (optlen < 0)
1266 return SKB_DROP_REASON_PKT_TOO_SMALL;
1267
1268 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1269 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1270 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
1271 return reason;
1272 }
1273 #endif
1274
1275 in6_dev = __in6_dev_get(skb->dev);
1276 if (!in6_dev) {
1277 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1278 skb->dev->name);
1279 return reason;
1280 }
1281
1282 if (!ndisc_parse_options(skb->dev, opt, optlen, &ndopts))
1283 return SKB_DROP_REASON_IPV6_NDISC_BAD_OPTIONS;
1284
1285 if (!ipv6_accept_ra(in6_dev)) {
1286 ND_PRINTK(2, info,
1287 "RA: %s, did not accept ra for dev: %s\n",
1288 __func__, skb->dev->name);
1289 goto skip_linkparms;
1290 }
1291
1292 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1293 /* skip link-specific parameters from interior routers */
1294 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1295 ND_PRINTK(2, info,
1296 "RA: %s, nodetype is NODEFAULT, dev: %s\n",
1297 __func__, skb->dev->name);
1298 goto skip_linkparms;
1299 }
1300 #endif
1301
1302 if (in6_dev->if_flags & IF_RS_SENT) {
1303 /*
1304 * flag that an RA was received after an RS was sent
1305 * out on this interface.
1306 */
1307 in6_dev->if_flags |= IF_RA_RCVD;
1308 }
1309
1310 /*
1311 * Remember the managed/otherconf flags from most recently
1312 * received RA message (RFC 2462) -- yoshfuji
1313 */
1314 old_if_flags = in6_dev->if_flags;
1315 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1316 IF_RA_OTHERCONF)) |
1317 (ra_msg->icmph.icmp6_addrconf_managed ?
1318 IF_RA_MANAGED : 0) |
1319 (ra_msg->icmph.icmp6_addrconf_other ?
1320 IF_RA_OTHERCONF : 0);
1321
1322 if (old_if_flags != in6_dev->if_flags)
1323 send_ifinfo_notify = true;
1324
1325 if (!READ_ONCE(in6_dev->cnf.accept_ra_defrtr)) {
1326 ND_PRINTK(2, info,
1327 "RA: %s, defrtr is false for dev: %s\n",
1328 __func__, skb->dev->name);
1329 goto skip_defrtr;
1330 }
1331
1332 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1333 if (lifetime != 0 &&
1334 lifetime < READ_ONCE(in6_dev->cnf.accept_ra_min_lft)) {
1335 ND_PRINTK(2, info,
1336 "RA: router lifetime (%ds) is too short: %s\n",
1337 lifetime, skb->dev->name);
1338 goto skip_defrtr;
1339 }
1340
1341 /* Do not accept RA with source-addr found on local machine unless
1342 * accept_ra_from_local is set to true.
1343 */
1344 net = dev_net(in6_dev->dev);
1345 if (!READ_ONCE(in6_dev->cnf.accept_ra_from_local) &&
1346 ipv6_chk_addr(net, &ipv6_hdr(skb)->saddr, in6_dev->dev, 0)) {
1347 ND_PRINTK(2, info,
1348 "RA from local address detected on dev: %s: default router ignored\n",
1349 skb->dev->name);
1350 goto skip_defrtr;
1351 }
1352
1353 #ifdef CONFIG_IPV6_ROUTER_PREF
1354 pref = ra_msg->icmph.icmp6_router_pref;
1355 /* 10b is handled as if it were 00b (medium) */
1356 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1357 !READ_ONCE(in6_dev->cnf.accept_ra_rtr_pref))
1358 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1359 #endif
1360 /* routes added from RAs do not use nexthop objects */
1361 rt = rt6_get_dflt_router(net, &ipv6_hdr(skb)->saddr, skb->dev);
1362 if (rt) {
1363 neigh = ip6_neigh_lookup(&rt->fib6_nh->fib_nh_gw6,
1364 rt->fib6_nh->fib_nh_dev, NULL,
1365 &ipv6_hdr(skb)->saddr);
1366 if (!neigh) {
1367 ND_PRINTK(0, err,
1368 "RA: %s got default router without neighbour\n",
1369 __func__);
1370 fib6_info_release(rt);
1371 return reason;
1372 }
1373 }
1374 /* Set default route metric as specified by user */
1375 defrtr_usr_metric = in6_dev->cnf.ra_defrtr_metric;
1376 /* delete the route if lifetime is 0 or if metric needs change */
1377 if (rt && (lifetime == 0 || rt->fib6_metric != defrtr_usr_metric)) {
1378 ip6_del_rt(net, rt, false);
1379 rt = NULL;
1380 }
1381
1382 ND_PRINTK(3, info, "RA: rt: %p lifetime: %d, metric: %d, for dev: %s\n",
1383 rt, lifetime, defrtr_usr_metric, skb->dev->name);
1384 if (!rt && lifetime) {
1385 ND_PRINTK(3, info, "RA: adding default router\n");
1386
1387 if (neigh)
1388 neigh_release(neigh);
1389
1390 rt = rt6_add_dflt_router(net, &ipv6_hdr(skb)->saddr,
1391 skb->dev, pref, defrtr_usr_metric,
1392 lifetime);
1393 if (!rt) {
1394 ND_PRINTK(0, err,
1395 "RA: %s failed to add default route\n",
1396 __func__);
1397 return reason;
1398 }
1399
1400 neigh = ip6_neigh_lookup(&rt->fib6_nh->fib_nh_gw6,
1401 rt->fib6_nh->fib_nh_dev, NULL,
1402 &ipv6_hdr(skb)->saddr);
1403 if (!neigh) {
1404 ND_PRINTK(0, err,
1405 "RA: %s got default router without neighbour\n",
1406 __func__);
1407 fib6_info_release(rt);
1408 return reason;
1409 }
1410 neigh->flags |= NTF_ROUTER;
1411 } else if (rt && IPV6_EXTRACT_PREF(rt->fib6_flags) != pref) {
1412 struct nl_info nlinfo = {
1413 .nl_net = net,
1414 };
1415 rt->fib6_flags = (rt->fib6_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1416 inet6_rt_notify(RTM_NEWROUTE, rt, &nlinfo, NLM_F_REPLACE);
1417 }
1418
1419 if (rt) {
1420 table = rt->fib6_table;
1421 spin_lock_bh(&table->tb6_lock);
1422
1423 fib6_set_expires(rt, jiffies + (HZ * lifetime));
1424 fib6_add_gc_list(rt);
1425
1426 spin_unlock_bh(&table->tb6_lock);
1427 }
1428 if (READ_ONCE(in6_dev->cnf.accept_ra_min_hop_limit) < 256 &&
1429 ra_msg->icmph.icmp6_hop_limit) {
1430 if (READ_ONCE(in6_dev->cnf.accept_ra_min_hop_limit) <=
1431 ra_msg->icmph.icmp6_hop_limit) {
1432 WRITE_ONCE(in6_dev->cnf.hop_limit,
1433 ra_msg->icmph.icmp6_hop_limit);
1434 fib6_metric_set(rt, RTAX_HOPLIMIT,
1435 ra_msg->icmph.icmp6_hop_limit);
1436 } else {
1437 ND_PRINTK(2, warn, "RA: Got route advertisement with lower hop_limit than minimum\n");
1438 }
1439 }
1440
1441 skip_defrtr:
1442
1443 /*
1444 * Update Reachable Time and Retrans Timer
1445 */
1446
1447 if (in6_dev->nd_parms) {
1448 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1449
1450 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1451 rtime = (rtime*HZ)/1000;
1452 if (rtime < HZ/100)
1453 rtime = HZ/100;
1454 NEIGH_VAR_SET(in6_dev->nd_parms, RETRANS_TIME, rtime);
1455 in6_dev->tstamp = jiffies;
1456 send_ifinfo_notify = true;
1457 }
1458
1459 rtime = ntohl(ra_msg->reachable_time);
1460 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1461 rtime = (rtime*HZ)/1000;
1462
1463 if (rtime < HZ/10)
1464 rtime = HZ/10;
1465
1466 if (rtime != NEIGH_VAR(in6_dev->nd_parms, BASE_REACHABLE_TIME)) {
1467 NEIGH_VAR_SET(in6_dev->nd_parms,
1468 BASE_REACHABLE_TIME, rtime);
1469 NEIGH_VAR_SET(in6_dev->nd_parms,
1470 GC_STALETIME, 3 * rtime);
1471 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1472 in6_dev->tstamp = jiffies;
1473 send_ifinfo_notify = true;
1474 }
1475 }
1476 }
1477
1478 skip_linkparms:
1479
1480 /*
1481 * Process options.
1482 */
1483
1484 if (!neigh)
1485 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1486 skb->dev, 1);
1487 if (neigh) {
1488 u8 *lladdr = NULL;
1489 if (ndopts.nd_opts_src_lladdr) {
1490 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1491 skb->dev);
1492 if (!lladdr) {
1493 ND_PRINTK(2, warn,
1494 "RA: invalid link-layer address length\n");
1495 goto out;
1496 }
1497 }
1498 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1499 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1500 NEIGH_UPDATE_F_OVERRIDE|
1501 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1502 NEIGH_UPDATE_F_ISROUTER,
1503 NDISC_ROUTER_ADVERTISEMENT, &ndopts);
1504 reason = SKB_CONSUMED;
1505 }
1506
1507 if (!ipv6_accept_ra(in6_dev)) {
1508 ND_PRINTK(2, info,
1509 "RA: %s, accept_ra is false for dev: %s\n",
1510 __func__, skb->dev->name);
1511 goto out;
1512 }
1513
1514 #ifdef CONFIG_IPV6_ROUTE_INFO
1515 if (!READ_ONCE(in6_dev->cnf.accept_ra_from_local) &&
1516 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
1517 in6_dev->dev, 0)) {
1518 ND_PRINTK(2, info,
1519 "RA from local address detected on dev: %s: router info ignored.\n",
1520 skb->dev->name);
1521 goto skip_routeinfo;
1522 }
1523
1524 if (READ_ONCE(in6_dev->cnf.accept_ra_rtr_pref) && ndopts.nd_opts_ri) {
1525 struct nd_opt_hdr *p;
1526 for (p = ndopts.nd_opts_ri;
1527 p;
1528 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1529 struct route_info *ri = (struct route_info *)p;
1530 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1531 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1532 ri->prefix_len == 0)
1533 continue;
1534 #endif
1535 if (ri->prefix_len == 0 &&
1536 !READ_ONCE(in6_dev->cnf.accept_ra_defrtr))
1537 continue;
1538 if (ri->lifetime != 0 &&
1539 ntohl(ri->lifetime) < READ_ONCE(in6_dev->cnf.accept_ra_min_lft))
1540 continue;
1541 if (ri->prefix_len < READ_ONCE(in6_dev->cnf.accept_ra_rt_info_min_plen))
1542 continue;
1543 if (ri->prefix_len > READ_ONCE(in6_dev->cnf.accept_ra_rt_info_max_plen))
1544 continue;
1545 rt6_route_rcv(skb->dev, (u8 *)p, (p->nd_opt_len) << 3,
1546 &ipv6_hdr(skb)->saddr);
1547 }
1548 }
1549
1550 skip_routeinfo:
1551 #endif
1552
1553 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1554 /* skip link-specific ndopts from interior routers */
1555 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1556 ND_PRINTK(2, info,
1557 "RA: %s, nodetype is NODEFAULT (interior routes), dev: %s\n",
1558 __func__, skb->dev->name);
1559 goto out;
1560 }
1561 #endif
1562
1563 if (READ_ONCE(in6_dev->cnf.accept_ra_pinfo) && ndopts.nd_opts_pi) {
1564 struct nd_opt_hdr *p;
1565 for (p = ndopts.nd_opts_pi;
1566 p;
1567 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1568 addrconf_prefix_rcv(skb->dev, (u8 *)p,
1569 (p->nd_opt_len) << 3,
1570 ndopts.nd_opts_src_lladdr != NULL);
1571 }
1572 }
1573
1574 if (ndopts.nd_opts_mtu && READ_ONCE(in6_dev->cnf.accept_ra_mtu)) {
1575 __be32 n;
1576 u32 mtu;
1577
1578 memcpy(&n, ((u8 *)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1579 mtu = ntohl(n);
1580
1581 if (in6_dev->ra_mtu != mtu) {
1582 in6_dev->ra_mtu = mtu;
1583 send_ifinfo_notify = true;
1584 }
1585
1586 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1587 ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1588 } else if (READ_ONCE(in6_dev->cnf.mtu6) != mtu) {
1589 WRITE_ONCE(in6_dev->cnf.mtu6, mtu);
1590 fib6_metric_set(rt, RTAX_MTU, mtu);
1591 rt6_mtu_change(skb->dev, mtu);
1592 }
1593 }
1594
1595 if (ndopts.nd_useropts) {
1596 struct nd_opt_hdr *p;
1597 for (p = ndopts.nd_useropts;
1598 p;
1599 p = ndisc_next_useropt(skb->dev, p,
1600 ndopts.nd_useropts_end)) {
1601 ndisc_ra_useropt(skb, p);
1602 }
1603 }
1604
1605 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1606 ND_PRINTK(2, warn, "RA: invalid RA options\n");
1607 }
1608 out:
1609 /* Send a notify if RA changed managed/otherconf flags or
1610 * timer settings or ra_mtu value
1611 */
1612 if (send_ifinfo_notify)
1613 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1614
1615 fib6_info_release(rt);
1616 if (neigh)
1617 neigh_release(neigh);
1618 return reason;
1619 }
1620
1621 static enum skb_drop_reason ndisc_redirect_rcv(struct sk_buff *skb)
1622 {
1623 struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb);
1624 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
1625 offsetof(struct rd_msg, opt));
1626 struct ndisc_options ndopts;
1627 SKB_DR(reason);
1628 u8 *hdr;
1629
1630 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1631 switch (skb->ndisc_nodetype) {
1632 case NDISC_NODETYPE_HOST:
1633 case NDISC_NODETYPE_NODEFAULT:
1634 ND_PRINTK(2, warn,
1635 "Redirect: from host or unauthorized router\n");
1636 return reason;
1637 }
1638 #endif
1639
1640 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1641 ND_PRINTK(2, warn,
1642 "Redirect: source address is not link-local\n");
1643 return reason;
1644 }
1645
1646 if (!ndisc_parse_options(skb->dev, msg->opt, ndoptlen, &ndopts))
1647 return SKB_DROP_REASON_IPV6_NDISC_BAD_OPTIONS;
1648
1649 if (!ndopts.nd_opts_rh) {
1650 ip6_redirect_no_header(skb, dev_net(skb->dev),
1651 skb->dev->ifindex);
1652 return reason;
1653 }
1654
1655 hdr = (u8 *)ndopts.nd_opts_rh;
1656 hdr += 8;
1657 if (!pskb_pull(skb, hdr - skb_transport_header(skb)))
1658 return SKB_DROP_REASON_PKT_TOO_SMALL;
1659
1660 return icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1661 }
1662
1663 static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb,
1664 struct sk_buff *orig_skb,
1665 int rd_len)
1666 {
1667 u8 *opt = skb_put(skb, rd_len);
1668
1669 memset(opt, 0, 8);
1670 *(opt++) = ND_OPT_REDIRECT_HDR;
1671 *(opt++) = (rd_len >> 3);
1672 opt += 6;
1673
1674 skb_copy_bits(orig_skb, skb_network_offset(orig_skb), opt,
1675 rd_len - 8);
1676 }
1677
1678 void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1679 {
1680 struct net_device *dev = skb->dev;
1681 struct net *net = dev_net(dev);
1682 struct sock *sk = net->ipv6.ndisc_sk;
1683 int optlen = 0;
1684 struct inet_peer *peer;
1685 struct sk_buff *buff;
1686 struct rd_msg *msg;
1687 struct in6_addr saddr_buf;
1688 struct rt6_info *rt;
1689 struct dst_entry *dst;
1690 struct flowi6 fl6;
1691 int rd_len;
1692 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL,
1693 ops_data_buf[NDISC_OPS_REDIRECT_DATA_SPACE], *ops_data = NULL;
1694 bool ret;
1695
1696 if (netif_is_l3_master(skb->dev)) {
1697 dev = __dev_get_by_index(dev_net(skb->dev), IPCB(skb)->iif);
1698 if (!dev)
1699 return;
1700 }
1701
1702 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1703 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1704 dev->name);
1705 return;
1706 }
1707
1708 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1709 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1710 ND_PRINTK(2, warn,
1711 "Redirect: target address is not link-local unicast\n");
1712 return;
1713 }
1714
1715 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1716 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1717
1718 dst = ip6_route_output(net, NULL, &fl6);
1719 if (dst->error) {
1720 dst_release(dst);
1721 return;
1722 }
1723 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1724 if (IS_ERR(dst))
1725 return;
1726
1727 rt = dst_rt6_info(dst);
1728
1729 if (rt->rt6i_flags & RTF_GATEWAY) {
1730 ND_PRINTK(2, warn,
1731 "Redirect: destination is not a neighbour\n");
1732 goto release;
1733 }
1734 peer = inet_getpeer_v6(net->ipv6.peers, &ipv6_hdr(skb)->saddr, 1);
1735 ret = inet_peer_xrlim_allow(peer, 1*HZ);
1736 if (peer)
1737 inet_putpeer(peer);
1738 if (!ret)
1739 goto release;
1740
1741 if (dev->addr_len) {
1742 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1743 if (!neigh) {
1744 ND_PRINTK(2, warn,
1745 "Redirect: no neigh for target address\n");
1746 goto release;
1747 }
1748
1749 read_lock_bh(&neigh->lock);
1750 if (neigh->nud_state & NUD_VALID) {
1751 memcpy(ha_buf, neigh->ha, dev->addr_len);
1752 read_unlock_bh(&neigh->lock);
1753 ha = ha_buf;
1754 optlen += ndisc_redirect_opt_addr_space(dev, neigh,
1755 ops_data_buf,
1756 &ops_data);
1757 } else
1758 read_unlock_bh(&neigh->lock);
1759
1760 neigh_release(neigh);
1761 }
1762
1763 rd_len = min_t(unsigned int,
1764 IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen,
1765 skb->len + 8);
1766 rd_len &= ~0x7;
1767 optlen += rd_len;
1768
1769 buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
1770 if (!buff)
1771 goto release;
1772
1773 msg = skb_put(buff, sizeof(*msg));
1774 *msg = (struct rd_msg) {
1775 .icmph = {
1776 .icmp6_type = NDISC_REDIRECT,
1777 },
1778 .target = *target,
1779 .dest = ipv6_hdr(skb)->daddr,
1780 };
1781
1782 /*
1783 * include target_address option
1784 */
1785
1786 if (ha)
1787 ndisc_fill_redirect_addr_option(buff, ha, ops_data);
1788
1789 /*
1790 * build redirect option and copy skb over to the new packet.
1791 */
1792
1793 if (rd_len)
1794 ndisc_fill_redirect_hdr_option(buff, skb, rd_len);
1795
1796 skb_dst_set(buff, dst);
1797 ndisc_send_skb(buff, &ipv6_hdr(skb)->saddr, &saddr_buf);
1798 return;
1799
1800 release:
1801 dst_release(dst);
1802 }
1803
1804 static void pndisc_redo(struct sk_buff *skb)
1805 {
1806 enum skb_drop_reason reason = ndisc_recv_ns(skb);
1807
1808 kfree_skb_reason(skb, reason);
1809 }
1810
1811 static int ndisc_is_multicast(const void *pkey)
1812 {
1813 return ipv6_addr_is_multicast((struct in6_addr *)pkey);
1814 }
1815
1816 static bool ndisc_suppress_frag_ndisc(struct sk_buff *skb)
1817 {
1818 struct inet6_dev *idev = __in6_dev_get(skb->dev);
1819
1820 if (!idev)
1821 return true;
1822 if (IP6CB(skb)->flags & IP6SKB_FRAGMENTED &&
1823 READ_ONCE(idev->cnf.suppress_frag_ndisc)) {
1824 net_warn_ratelimited("Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.\n");
1825 return true;
1826 }
1827 return false;
1828 }
1829
1830 enum skb_drop_reason ndisc_rcv(struct sk_buff *skb)
1831 {
1832 struct nd_msg *msg;
1833 SKB_DR(reason);
1834
1835 if (ndisc_suppress_frag_ndisc(skb))
1836 return SKB_DROP_REASON_IPV6_NDISC_FRAG;
1837
1838 if (skb_linearize(skb))
1839 return SKB_DROP_REASON_NOMEM;
1840
1841 msg = (struct nd_msg *)skb_transport_header(skb);
1842
1843 __skb_push(skb, skb->data - skb_transport_header(skb));
1844
1845 if (ipv6_hdr(skb)->hop_limit != 255) {
1846 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1847 ipv6_hdr(skb)->hop_limit);
1848 return SKB_DROP_REASON_IPV6_NDISC_HOP_LIMIT;
1849 }
1850
1851 if (msg->icmph.icmp6_code != 0) {
1852 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1853 msg->icmph.icmp6_code);
1854 return SKB_DROP_REASON_IPV6_NDISC_BAD_CODE;
1855 }
1856
1857 switch (msg->icmph.icmp6_type) {
1858 case NDISC_NEIGHBOUR_SOLICITATION:
1859 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1860 reason = ndisc_recv_ns(skb);
1861 break;
1862
1863 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1864 reason = ndisc_recv_na(skb);
1865 break;
1866
1867 case NDISC_ROUTER_SOLICITATION:
1868 reason = ndisc_recv_rs(skb);
1869 break;
1870
1871 case NDISC_ROUTER_ADVERTISEMENT:
1872 reason = ndisc_router_discovery(skb);
1873 break;
1874
1875 case NDISC_REDIRECT:
1876 reason = ndisc_redirect_rcv(skb);
1877 break;
1878 }
1879
1880 return reason;
1881 }
1882
1883 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1884 {
1885 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1886 struct netdev_notifier_change_info *change_info;
1887 struct net *net = dev_net(dev);
1888 struct inet6_dev *idev;
1889 bool evict_nocarrier;
1890
1891 switch (event) {
1892 case NETDEV_CHANGEADDR:
1893 neigh_changeaddr(&nd_tbl, dev);
1894 fib6_run_gc(0, net, false);
1895 fallthrough;
1896 case NETDEV_UP:
1897 idev = in6_dev_get(dev);
1898 if (!idev)
1899 break;
1900 if (READ_ONCE(idev->cnf.ndisc_notify) ||
1901 READ_ONCE(net->ipv6.devconf_all->ndisc_notify))
1902 ndisc_send_unsol_na(dev);
1903 in6_dev_put(idev);
1904 break;
1905 case NETDEV_CHANGE:
1906 idev = in6_dev_get(dev);
1907 if (!idev)
1908 evict_nocarrier = true;
1909 else {
1910 evict_nocarrier = READ_ONCE(idev->cnf.ndisc_evict_nocarrier) &&
1911 READ_ONCE(net->ipv6.devconf_all->ndisc_evict_nocarrier);
1912 in6_dev_put(idev);
1913 }
1914
1915 change_info = ptr;
1916 if (change_info->flags_changed & IFF_NOARP)
1917 neigh_changeaddr(&nd_tbl, dev);
1918 if (evict_nocarrier && !netif_carrier_ok(dev))
1919 neigh_carrier_down(&nd_tbl, dev);
1920 break;
1921 case NETDEV_DOWN:
1922 neigh_ifdown(&nd_tbl, dev);
1923 fib6_run_gc(0, net, false);
1924 break;
1925 case NETDEV_NOTIFY_PEERS:
1926 ndisc_send_unsol_na(dev);
1927 break;
1928 default:
1929 break;
1930 }
1931
1932 return NOTIFY_DONE;
1933 }
1934
1935 static struct notifier_block ndisc_netdev_notifier = {
1936 .notifier_call = ndisc_netdev_event,
1937 .priority = ADDRCONF_NOTIFY_PRIORITY - 5,
1938 };
1939
1940 #ifdef CONFIG_SYSCTL
1941 static void ndisc_warn_deprecated_sysctl(const struct ctl_table *ctl,
1942 const char *func, const char *dev_name)
1943 {
1944 static char warncomm[TASK_COMM_LEN];
1945 static int warned;
1946 if (strcmp(warncomm, current->comm) && warned < 5) {
1947 strcpy(warncomm, current->comm);
1948 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1949 warncomm, func,
1950 dev_name, ctl->procname,
1951 dev_name, ctl->procname);
1952 warned++;
1953 }
1954 }
1955
1956 int ndisc_ifinfo_sysctl_change(const struct ctl_table *ctl, int write, void *buffer,
1957 size_t *lenp, loff_t *ppos)
1958 {
1959 struct net_device *dev = ctl->extra1;
1960 struct inet6_dev *idev;
1961 int ret;
1962
1963 if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1964 (strcmp(ctl->procname, "base_reachable_time") == 0))
1965 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1966
1967 if (strcmp(ctl->procname, "retrans_time") == 0)
1968 ret = neigh_proc_dointvec(ctl, write, buffer, lenp, ppos);
1969
1970 else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1971 ret = neigh_proc_dointvec_jiffies(ctl, write,
1972 buffer, lenp, ppos);
1973
1974 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1975 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1976 ret = neigh_proc_dointvec_ms_jiffies(ctl, write,
1977 buffer, lenp, ppos);
1978 else
1979 ret = -1;
1980
1981 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1982 if (ctl->data == &NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME))
1983 idev->nd_parms->reachable_time =
1984 neigh_rand_reach_time(NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME));
1985 WRITE_ONCE(idev->tstamp, jiffies);
1986 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1987 in6_dev_put(idev);
1988 }
1989 return ret;
1990 }
1991
1992
1993 #endif
1994
1995 static int __net_init ndisc_net_init(struct net *net)
1996 {
1997 struct ipv6_pinfo *np;
1998 struct sock *sk;
1999 int err;
2000
2001 err = inet_ctl_sock_create(&sk, PF_INET6,
2002 SOCK_RAW, IPPROTO_ICMPV6, net);
2003 if (err < 0) {
2004 ND_PRINTK(0, err,
2005 "NDISC: Failed to initialize the control socket (err %d)\n",
2006 err);
2007 return err;
2008 }
2009
2010 net->ipv6.ndisc_sk = sk;
2011
2012 np = inet6_sk(sk);
2013 np->hop_limit = 255;
2014 /* Do not loopback ndisc messages */
2015 inet6_clear_bit(MC6_LOOP, sk);
2016
2017 return 0;
2018 }
2019
2020 static void __net_exit ndisc_net_exit(struct net *net)
2021 {
2022 inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
2023 }
2024
2025 static struct pernet_operations ndisc_net_ops = {
2026 .init = ndisc_net_init,
2027 .exit = ndisc_net_exit,
2028 };
2029
2030 int __init ndisc_init(void)
2031 {
2032 int err;
2033
2034 err = register_pernet_subsys(&ndisc_net_ops);
2035 if (err)
2036 return err;
2037 /*
2038 * Initialize the neighbour table
2039 */
2040 neigh_table_init(NEIGH_ND_TABLE, &nd_tbl);
2041
2042 #ifdef CONFIG_SYSCTL
2043 err = neigh_sysctl_register(NULL, &nd_tbl.parms,
2044 ndisc_ifinfo_sysctl_change);
2045 if (err)
2046 goto out_unregister_pernet;
2047 out:
2048 #endif
2049 return err;
2050
2051 #ifdef CONFIG_SYSCTL
2052 out_unregister_pernet:
2053 unregister_pernet_subsys(&ndisc_net_ops);
2054 goto out;
2055 #endif
2056 }
2057
2058 int __init ndisc_late_init(void)
2059 {
2060 return register_netdevice_notifier(&ndisc_netdev_notifier);
2061 }
2062
2063 void ndisc_late_cleanup(void)
2064 {
2065 unregister_netdevice_notifier(&ndisc_netdev_notifier);
2066 }
2067
2068 void ndisc_cleanup(void)
2069 {
2070 #ifdef CONFIG_SYSCTL
2071 neigh_sysctl_unregister(&nd_tbl.parms);
2072 #endif
2073 neigh_table_clear(NEIGH_ND_TABLE, &nd_tbl);
2074 unregister_pernet_subsys(&ndisc_net_ops);
2075 }
2076
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.