1 /*
2  *	Neighbour Discovery for IPv6
3  *	Linux INET6 implementation
4  *
5  *	Authors:
6  *	Pedro Roque		<roque@di.fc.ul.pt>
7  *	Mike Shaver		<shaver@ingenia.com>
8  *
9  *	This program is free software; you can redistribute it and/or
10  *      modify it under the terms of the GNU General Public License
11  *      as published by the Free Software Foundation; either version
12  *      2 of the License, or (at your option) any later version.
13  */
14 
15 /*
16  *	Changes:
17  *
18  *	Alexey I. Froloff		:	RFC6106 (DNSSL) support
19  *	Pierre Ynard			:	export userland ND options
20  *						through netlink (RDNSS support)
21  *	Lars Fenneberg			:	fixed MTU setting on receipt
22  *						of an RA.
23  *	Janos Farkas			:	kmalloc failure checks
24  *	Alexey Kuznetsov		:	state machine reworked
25  *						and moved to net/core.
26  *	Pekka Savola			:	RFC2461 validation
27  *	YOSHIFUJI Hideaki @USAGI	:	Verify ND options properly
28  */
29 
30 #define pr_fmt(fmt) "ICMPv6: " fmt
31 
32 #include <linux/module.h>
33 #include <linux/errno.h>
34 #include <linux/types.h>
35 #include <linux/socket.h>
36 #include <linux/sockios.h>
37 #include <linux/sched.h>
38 #include <linux/net.h>
39 #include <linux/in6.h>
40 #include <linux/route.h>
41 #include <linux/init.h>
42 #include <linux/rcupdate.h>
43 #include <linux/slab.h>
44 #ifdef CONFIG_SYSCTL
45 #include <linux/sysctl.h>
46 #endif
47 
48 #include <linux/if_addr.h>
49 #include <linux/if_ether.h>
50 #include <linux/if_arp.h>
51 #include <linux/ipv6.h>
52 #include <linux/icmpv6.h>
53 #include <linux/jhash.h>
54 
55 #include <net/sock.h>
56 #include <net/snmp.h>
57 
58 #include <net/ipv6.h>
59 #include <net/protocol.h>
60 #include <net/ndisc.h>
61 #include <net/ip6_route.h>
62 #include <net/addrconf.h>
63 #include <net/icmp.h>
64 
65 #include <net/netlink.h>
66 #include <linux/rtnetlink.h>
67 
68 #include <net/flow.h>
69 #include <net/ip6_checksum.h>
70 #include <net/inet_common.h>
71 #include <linux/proc_fs.h>
72 
73 #include <linux/netfilter.h>
74 #include <linux/netfilter_ipv6.h>
75 
76 static u32 ndisc_hash(const void *pkey,
77 		      const struct net_device *dev,
78 		      __u32 *hash_rnd);
79 static bool ndisc_key_eq(const struct neighbour *neigh, const void *pkey);
80 static int ndisc_constructor(struct neighbour *neigh);
81 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
82 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
83 static int pndisc_constructor(struct pneigh_entry *n);
84 static void pndisc_destructor(struct pneigh_entry *n);
85 static void pndisc_redo(struct sk_buff *skb);
86 
87 static const struct neigh_ops ndisc_generic_ops = {
88 	.family =		AF_INET6,
89 	.solicit =		ndisc_solicit,
90 	.error_report =		ndisc_error_report,
91 	.output =		neigh_resolve_output,
92 	.connected_output =	neigh_connected_output,
93 };
94 
95 static const struct neigh_ops ndisc_hh_ops = {
96 	.family =		AF_INET6,
97 	.solicit =		ndisc_solicit,
98 	.error_report =		ndisc_error_report,
99 	.output =		neigh_resolve_output,
100 	.connected_output =	neigh_resolve_output,
101 };
102 
103 
104 static const struct neigh_ops ndisc_direct_ops = {
105 	.family =		AF_INET6,
106 	.output =		neigh_direct_output,
107 	.connected_output =	neigh_direct_output,
108 };
109 
110 struct neigh_table nd_tbl = {
111 	.family =	AF_INET6,
112 	.key_len =	sizeof(struct in6_addr),
113 	.protocol =	cpu_to_be16(ETH_P_IPV6),
114 	.hash =		ndisc_hash,
115 	.key_eq =	ndisc_key_eq,
116 	.constructor =	ndisc_constructor,
117 	.pconstructor =	pndisc_constructor,
118 	.pdestructor =	pndisc_destructor,
119 	.proxy_redo =	pndisc_redo,
120 	.id =		"ndisc_cache",
121 	.parms = {
122 		.tbl			= &nd_tbl,
123 		.reachable_time		= ND_REACHABLE_TIME,
124 		.data = {
125 			[NEIGH_VAR_MCAST_PROBES] = 3,
126 			[NEIGH_VAR_UCAST_PROBES] = 3,
127 			[NEIGH_VAR_RETRANS_TIME] = ND_RETRANS_TIMER,
128 			[NEIGH_VAR_BASE_REACHABLE_TIME] = ND_REACHABLE_TIME,
129 			[NEIGH_VAR_DELAY_PROBE_TIME] = 5 * HZ,
130 			[NEIGH_VAR_GC_STALETIME] = 60 * HZ,
131 			[NEIGH_VAR_QUEUE_LEN_BYTES] = SK_WMEM_MAX,
132 			[NEIGH_VAR_PROXY_QLEN] = 64,
133 			[NEIGH_VAR_ANYCAST_DELAY] = 1 * HZ,
134 			[NEIGH_VAR_PROXY_DELAY] = (8 * HZ) / 10,
135 		},
136 	},
137 	.gc_interval =	  30 * HZ,
138 	.gc_thresh1 =	 128,
139 	.gc_thresh2 =	 512,
140 	.gc_thresh3 =	1024,
141 };
142 EXPORT_SYMBOL_GPL(nd_tbl);
143 
__ndisc_fill_addr_option(struct sk_buff * skb,int type,void * data,int data_len,int pad)144 void __ndisc_fill_addr_option(struct sk_buff *skb, int type, void *data,
145 			      int data_len, int pad)
146 {
147 	int space = __ndisc_opt_addr_space(data_len, pad);
148 	u8 *opt = skb_put(skb, space);
149 
150 	opt[0] = type;
151 	opt[1] = space>>3;
152 
153 	memset(opt + 2, 0, pad);
154 	opt   += pad;
155 	space -= pad;
156 
157 	memcpy(opt+2, data, data_len);
158 	data_len += 2;
159 	opt += data_len;
160 	space -= data_len;
161 	if (space > 0)
162 		memset(opt, 0, space);
163 }
164 EXPORT_SYMBOL_GPL(__ndisc_fill_addr_option);
165 
ndisc_fill_addr_option(struct sk_buff * skb,int type,void * data,u8 icmp6_type)166 static inline void ndisc_fill_addr_option(struct sk_buff *skb, int type,
167 					  void *data, u8 icmp6_type)
168 {
169 	__ndisc_fill_addr_option(skb, type, data, skb->dev->addr_len,
170 				 ndisc_addr_option_pad(skb->dev->type));
171 	ndisc_ops_fill_addr_option(skb->dev, skb, icmp6_type);
172 }
173 
ndisc_fill_redirect_addr_option(struct sk_buff * skb,void * ha,const u8 * ops_data)174 static inline void ndisc_fill_redirect_addr_option(struct sk_buff *skb,
175 						   void *ha,
176 						   const u8 *ops_data)
177 {
178 	ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR, ha, NDISC_REDIRECT);
179 	ndisc_ops_fill_redirect_addr_option(skb->dev, skb, ops_data);
180 }
181 
ndisc_next_option(struct nd_opt_hdr * cur,struct nd_opt_hdr * end)182 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
183 					    struct nd_opt_hdr *end)
184 {
185 	int type;
186 	if (!cur || !end || cur >= end)
187 		return NULL;
188 	type = cur->nd_opt_type;
189 	do {
190 		cur = ((void *)cur) + (cur->nd_opt_len << 3);
191 	} while (cur < end && cur->nd_opt_type != type);
192 	return cur <= end && cur->nd_opt_type == type ? cur : NULL;
193 }
194 
ndisc_is_useropt(const struct net_device * dev,struct nd_opt_hdr * opt)195 static inline int ndisc_is_useropt(const struct net_device *dev,
196 				   struct nd_opt_hdr *opt)
197 {
198 	return opt->nd_opt_type == ND_OPT_RDNSS ||
199 		opt->nd_opt_type == ND_OPT_DNSSL ||
200 		ndisc_ops_is_useropt(dev, opt->nd_opt_type);
201 }
202 
ndisc_next_useropt(const struct net_device * dev,struct nd_opt_hdr * cur,struct nd_opt_hdr * end)203 static struct nd_opt_hdr *ndisc_next_useropt(const struct net_device *dev,
204 					     struct nd_opt_hdr *cur,
205 					     struct nd_opt_hdr *end)
206 {
207 	if (!cur || !end || cur >= end)
208 		return NULL;
209 	do {
210 		cur = ((void *)cur) + (cur->nd_opt_len << 3);
211 	} while (cur < end && !ndisc_is_useropt(dev, cur));
212 	return cur <= end && ndisc_is_useropt(dev, cur) ? cur : NULL;
213 }
214 
ndisc_parse_options(const struct net_device * dev,u8 * opt,int opt_len,struct ndisc_options * ndopts)215 struct ndisc_options *ndisc_parse_options(const struct net_device *dev,
216 					  u8 *opt, int opt_len,
217 					  struct ndisc_options *ndopts)
218 {
219 	struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
220 
221 	if (!nd_opt || opt_len < 0 || !ndopts)
222 		return NULL;
223 	memset(ndopts, 0, sizeof(*ndopts));
224 	while (opt_len) {
225 		int l;
226 		if (opt_len < sizeof(struct nd_opt_hdr))
227 			return NULL;
228 		l = nd_opt->nd_opt_len << 3;
229 		if (opt_len < l || l == 0)
230 			return NULL;
231 		if (ndisc_ops_parse_options(dev, nd_opt, ndopts))
232 			goto next_opt;
233 		switch (nd_opt->nd_opt_type) {
234 		case ND_OPT_SOURCE_LL_ADDR:
235 		case ND_OPT_TARGET_LL_ADDR:
236 		case ND_OPT_MTU:
237 		case ND_OPT_NONCE:
238 		case ND_OPT_REDIRECT_HDR:
239 			if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
240 				ND_PRINTK(2, warn,
241 					  "%s: duplicated ND6 option found: type=%d\n",
242 					  __func__, nd_opt->nd_opt_type);
243 			} else {
244 				ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
245 			}
246 			break;
247 		case ND_OPT_PREFIX_INFO:
248 			ndopts->nd_opts_pi_end = nd_opt;
249 			if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
250 				ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
251 			break;
252 #ifdef CONFIG_IPV6_ROUTE_INFO
253 		case ND_OPT_ROUTE_INFO:
254 			ndopts->nd_opts_ri_end = nd_opt;
255 			if (!ndopts->nd_opts_ri)
256 				ndopts->nd_opts_ri = nd_opt;
257 			break;
258 #endif
259 		default:
260 			if (ndisc_is_useropt(dev, nd_opt)) {
261 				ndopts->nd_useropts_end = nd_opt;
262 				if (!ndopts->nd_useropts)
263 					ndopts->nd_useropts = nd_opt;
264 			} else {
265 				/*
266 				 * Unknown options must be silently ignored,
267 				 * to accommodate future extension to the
268 				 * protocol.
269 				 */
270 				ND_PRINTK(2, notice,
271 					  "%s: ignored unsupported option; type=%d, len=%d\n",
272 					  __func__,
273 					  nd_opt->nd_opt_type,
274 					  nd_opt->nd_opt_len);
275 			}
276 		}
277 next_opt:
278 		opt_len -= l;
279 		nd_opt = ((void *)nd_opt) + l;
280 	}
281 	return ndopts;
282 }
283 
ndisc_mc_map(const struct in6_addr * addr,char * buf,struct net_device * dev,int dir)284 int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
285 {
286 	switch (dev->type) {
287 	case ARPHRD_ETHER:
288 	case ARPHRD_IEEE802:	/* Not sure. Check it later. --ANK */
289 	case ARPHRD_FDDI:
290 		ipv6_eth_mc_map(addr, buf);
291 		return 0;
292 	case ARPHRD_ARCNET:
293 		ipv6_arcnet_mc_map(addr, buf);
294 		return 0;
295 	case ARPHRD_INFINIBAND:
296 		ipv6_ib_mc_map(addr, dev->broadcast, buf);
297 		return 0;
298 	case ARPHRD_IPGRE:
299 		return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
300 	default:
301 		if (dir) {
302 			memcpy(buf, dev->broadcast, dev->addr_len);
303 			return 0;
304 		}
305 	}
306 	return -EINVAL;
307 }
308 EXPORT_SYMBOL(ndisc_mc_map);
309 
ndisc_hash(const void * pkey,const struct net_device * dev,__u32 * hash_rnd)310 static u32 ndisc_hash(const void *pkey,
311 		      const struct net_device *dev,
312 		      __u32 *hash_rnd)
313 {
314 	return ndisc_hashfn(pkey, dev, hash_rnd);
315 }
316 
ndisc_key_eq(const struct neighbour * n,const void * pkey)317 static bool ndisc_key_eq(const struct neighbour *n, const void *pkey)
318 {
319 	return neigh_key_eq128(n, pkey);
320 }
321 
ndisc_constructor(struct neighbour * neigh)322 static int ndisc_constructor(struct neighbour *neigh)
323 {
324 	struct in6_addr *addr = (struct in6_addr *)&neigh->primary_key;
325 	struct net_device *dev = neigh->dev;
326 	struct inet6_dev *in6_dev;
327 	struct neigh_parms *parms;
328 	bool is_multicast = ipv6_addr_is_multicast(addr);
329 
330 	in6_dev = in6_dev_get(dev);
331 	if (!in6_dev) {
332 		return -EINVAL;
333 	}
334 
335 	parms = in6_dev->nd_parms;
336 	__neigh_parms_put(neigh->parms);
337 	neigh->parms = neigh_parms_clone(parms);
338 
339 	neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
340 	if (!dev->header_ops) {
341 		neigh->nud_state = NUD_NOARP;
342 		neigh->ops = &ndisc_direct_ops;
343 		neigh->output = neigh_direct_output;
344 	} else {
345 		if (is_multicast) {
346 			neigh->nud_state = NUD_NOARP;
347 			ndisc_mc_map(addr, neigh->ha, dev, 1);
348 		} else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
349 			neigh->nud_state = NUD_NOARP;
350 			memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
351 			if (dev->flags&IFF_LOOPBACK)
352 				neigh->type = RTN_LOCAL;
353 		} else if (dev->flags&IFF_POINTOPOINT) {
354 			neigh->nud_state = NUD_NOARP;
355 			memcpy(neigh->ha, dev->broadcast, dev->addr_len);
356 		}
357 		if (dev->header_ops->cache)
358 			neigh->ops = &ndisc_hh_ops;
359 		else
360 			neigh->ops = &ndisc_generic_ops;
361 		if (neigh->nud_state&NUD_VALID)
362 			neigh->output = neigh->ops->connected_output;
363 		else
364 			neigh->output = neigh->ops->output;
365 	}
366 	in6_dev_put(in6_dev);
367 	return 0;
368 }
369 
pndisc_constructor(struct pneigh_entry * n)370 static int pndisc_constructor(struct pneigh_entry *n)
371 {
372 	struct in6_addr *addr = (struct in6_addr *)&n->key;
373 	struct in6_addr maddr;
374 	struct net_device *dev = n->dev;
375 
376 	if (!dev || !__in6_dev_get(dev))
377 		return -EINVAL;
378 	addrconf_addr_solict_mult(addr, &maddr);
379 	ipv6_dev_mc_inc(dev, &maddr);
380 	return 0;
381 }
382 
pndisc_destructor(struct pneigh_entry * n)383 static void pndisc_destructor(struct pneigh_entry *n)
384 {
385 	struct in6_addr *addr = (struct in6_addr *)&n->key;
386 	struct in6_addr maddr;
387 	struct net_device *dev = n->dev;
388 
389 	if (!dev || !__in6_dev_get(dev))
390 		return;
391 	addrconf_addr_solict_mult(addr, &maddr);
392 	ipv6_dev_mc_dec(dev, &maddr);
393 }
394 
ndisc_alloc_skb(struct net_device * dev,int len)395 static struct sk_buff *ndisc_alloc_skb(struct net_device *dev,
396 				       int len)
397 {
398 	int hlen = LL_RESERVED_SPACE(dev);
399 	int tlen = dev->needed_tailroom;
400 	struct sock *sk = dev_net(dev)->ipv6.ndisc_sk;
401 	struct sk_buff *skb;
402 
403 	skb = alloc_skb(hlen + sizeof(struct ipv6hdr) + len + tlen, GFP_ATOMIC);
404 	if (!skb) {
405 		ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb\n",
406 			  __func__);
407 		return NULL;
408 	}
409 
410 	skb->protocol = htons(ETH_P_IPV6);
411 	skb->dev = dev;
412 
413 	skb_reserve(skb, hlen + sizeof(struct ipv6hdr));
414 	skb_reset_transport_header(skb);
415 
416 	/* Manually assign socket ownership as we avoid calling
417 	 * sock_alloc_send_pskb() to bypass wmem buffer limits
418 	 */
419 	skb_set_owner_w(skb, sk);
420 
421 	return skb;
422 }
423 
ip6_nd_hdr(struct sk_buff * skb,const struct in6_addr * saddr,const struct in6_addr * daddr,int hop_limit,int len)424 static void ip6_nd_hdr(struct sk_buff *skb,
425 		       const struct in6_addr *saddr,
426 		       const struct in6_addr *daddr,
427 		       int hop_limit, int len)
428 {
429 	struct ipv6hdr *hdr;
430 	struct inet6_dev *idev;
431 	unsigned tclass;
432 
433 	rcu_read_lock();
434 	idev = __in6_dev_get(skb->dev);
435 	tclass = idev ? idev->cnf.ndisc_tclass : 0;
436 	rcu_read_unlock();
437 
438 	skb_push(skb, sizeof(*hdr));
439 	skb_reset_network_header(skb);
440 	hdr = ipv6_hdr(skb);
441 
442 	ip6_flow_hdr(hdr, tclass, 0);
443 
444 	hdr->payload_len = htons(len);
445 	hdr->nexthdr = IPPROTO_ICMPV6;
446 	hdr->hop_limit = hop_limit;
447 
448 	hdr->saddr = *saddr;
449 	hdr->daddr = *daddr;
450 }
451 
ndisc_send_skb(struct sk_buff * skb,const struct in6_addr * daddr,const struct in6_addr * saddr)452 static void ndisc_send_skb(struct sk_buff *skb,
453 			   const struct in6_addr *daddr,
454 			   const struct in6_addr *saddr)
455 {
456 	struct dst_entry *dst = skb_dst(skb);
457 	struct net *net = dev_net(skb->dev);
458 	struct sock *sk = net->ipv6.ndisc_sk;
459 	struct inet6_dev *idev;
460 	int err;
461 	struct icmp6hdr *icmp6h = icmp6_hdr(skb);
462 	u8 type;
463 
464 	type = icmp6h->icmp6_type;
465 
466 	if (!dst) {
467 		struct flowi6 fl6;
468 		int oif = skb->dev->ifindex;
469 
470 		icmpv6_flow_init(sk, &fl6, type, saddr, daddr, oif);
471 		dst = icmp6_dst_alloc(skb->dev, &fl6);
472 		if (IS_ERR(dst)) {
473 			kfree_skb(skb);
474 			return;
475 		}
476 
477 		skb_dst_set(skb, dst);
478 	}
479 
480 	icmp6h->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len,
481 					      IPPROTO_ICMPV6,
482 					      csum_partial(icmp6h,
483 							   skb->len, 0));
484 
485 	ip6_nd_hdr(skb, saddr, daddr, inet6_sk(sk)->hop_limit, skb->len);
486 
487 	rcu_read_lock();
488 	idev = __in6_dev_get(dst->dev);
489 	IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
490 
491 	err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT,
492 		      net, sk, skb, NULL, dst->dev,
493 		      dst_output);
494 	if (!err) {
495 		ICMP6MSGOUT_INC_STATS(net, idev, type);
496 		ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
497 	}
498 
499 	rcu_read_unlock();
500 }
501 
ndisc_send_na(struct net_device * dev,const struct in6_addr * daddr,const struct in6_addr * solicited_addr,bool router,bool solicited,bool override,bool inc_opt)502 void ndisc_send_na(struct net_device *dev, const struct in6_addr *daddr,
503 		   const struct in6_addr *solicited_addr,
504 		   bool router, bool solicited, bool override, bool inc_opt)
505 {
506 	struct sk_buff *skb;
507 	struct in6_addr tmpaddr;
508 	struct inet6_ifaddr *ifp;
509 	const struct in6_addr *src_addr;
510 	struct nd_msg *msg;
511 	int optlen = 0;
512 
513 	/* for anycast or proxy, solicited_addr != src_addr */
514 	ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
515 	if (ifp) {
516 		src_addr = solicited_addr;
517 		if (ifp->flags & IFA_F_OPTIMISTIC)
518 			override = false;
519 		inc_opt |= ifp->idev->cnf.force_tllao;
520 		in6_ifa_put(ifp);
521 	} else {
522 		if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
523 				       inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
524 				       &tmpaddr))
525 			return;
526 		src_addr = &tmpaddr;
527 	}
528 
529 	if (!dev->addr_len)
530 		inc_opt = false;
531 	if (inc_opt)
532 		optlen += ndisc_opt_addr_space(dev,
533 					       NDISC_NEIGHBOUR_ADVERTISEMENT);
534 
535 	skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
536 	if (!skb)
537 		return;
538 
539 	msg = skb_put(skb, sizeof(*msg));
540 	*msg = (struct nd_msg) {
541 		.icmph = {
542 			.icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
543 			.icmp6_router = router,
544 			.icmp6_solicited = solicited,
545 			.icmp6_override = override,
546 		},
547 		.target = *solicited_addr,
548 	};
549 
550 	if (inc_opt)
551 		ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR,
552 				       dev->dev_addr,
553 				       NDISC_NEIGHBOUR_ADVERTISEMENT);
554 
555 	ndisc_send_skb(skb, daddr, src_addr);
556 }
557 
ndisc_send_unsol_na(struct net_device * dev)558 static void ndisc_send_unsol_na(struct net_device *dev)
559 {
560 	struct inet6_dev *idev;
561 	struct inet6_ifaddr *ifa;
562 
563 	idev = in6_dev_get(dev);
564 	if (!idev)
565 		return;
566 
567 	read_lock_bh(&idev->lock);
568 	list_for_each_entry(ifa, &idev->addr_list, if_list) {
569 		/* skip tentative addresses until dad completes */
570 		if (ifa->flags & IFA_F_TENTATIVE &&
571 		    !(ifa->flags & IFA_F_OPTIMISTIC))
572 			continue;
573 
574 		ndisc_send_na(dev, &in6addr_linklocal_allnodes, &ifa->addr,
575 			      /*router=*/ !!idev->cnf.forwarding,
576 			      /*solicited=*/ false, /*override=*/ true,
577 			      /*inc_opt=*/ true);
578 	}
579 	read_unlock_bh(&idev->lock);
580 
581 	in6_dev_put(idev);
582 }
583 
ndisc_send_ns(struct net_device * dev,const struct in6_addr * solicit,const struct in6_addr * daddr,const struct in6_addr * saddr,u64 nonce)584 void ndisc_send_ns(struct net_device *dev, const struct in6_addr *solicit,
585 		   const struct in6_addr *daddr, const struct in6_addr *saddr,
586 		   u64 nonce)
587 {
588 	struct sk_buff *skb;
589 	struct in6_addr addr_buf;
590 	int inc_opt = dev->addr_len;
591 	int optlen = 0;
592 	struct nd_msg *msg;
593 
594 	if (!saddr) {
595 		if (ipv6_get_lladdr(dev, &addr_buf,
596 				   (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
597 			return;
598 		saddr = &addr_buf;
599 	}
600 
601 	if (ipv6_addr_any(saddr))
602 		inc_opt = false;
603 	if (inc_opt)
604 		optlen += ndisc_opt_addr_space(dev,
605 					       NDISC_NEIGHBOUR_SOLICITATION);
606 	if (nonce != 0)
607 		optlen += 8;
608 
609 	skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
610 	if (!skb)
611 		return;
612 
613 	msg = skb_put(skb, sizeof(*msg));
614 	*msg = (struct nd_msg) {
615 		.icmph = {
616 			.icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
617 		},
618 		.target = *solicit,
619 	};
620 
621 	if (inc_opt)
622 		ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
623 				       dev->dev_addr,
624 				       NDISC_NEIGHBOUR_SOLICITATION);
625 	if (nonce != 0) {
626 		u8 *opt = skb_put(skb, 8);
627 
628 		opt[0] = ND_OPT_NONCE;
629 		opt[1] = 8 >> 3;
630 		memcpy(opt + 2, &nonce, 6);
631 	}
632 
633 	ndisc_send_skb(skb, daddr, saddr);
634 }
635 
ndisc_send_rs(struct net_device * dev,const struct in6_addr * saddr,const struct in6_addr * daddr)636 void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
637 		   const struct in6_addr *daddr)
638 {
639 	struct sk_buff *skb;
640 	struct rs_msg *msg;
641 	int send_sllao = dev->addr_len;
642 	int optlen = 0;
643 
644 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
645 	/*
646 	 * According to section 2.2 of RFC 4429, we must not
647 	 * send router solicitations with a sllao from
648 	 * optimistic addresses, but we may send the solicitation
649 	 * if we don't include the sllao.  So here we check
650 	 * if our address is optimistic, and if so, we
651 	 * suppress the inclusion of the sllao.
652 	 */
653 	if (send_sllao) {
654 		struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
655 							   dev, 1);
656 		if (ifp) {
657 			if (ifp->flags & IFA_F_OPTIMISTIC)  {
658 				send_sllao = 0;
659 			}
660 			in6_ifa_put(ifp);
661 		} else {
662 			send_sllao = 0;
663 		}
664 	}
665 #endif
666 	if (send_sllao)
667 		optlen += ndisc_opt_addr_space(dev, NDISC_ROUTER_SOLICITATION);
668 
669 	skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
670 	if (!skb)
671 		return;
672 
673 	msg = skb_put(skb, sizeof(*msg));
674 	*msg = (struct rs_msg) {
675 		.icmph = {
676 			.icmp6_type = NDISC_ROUTER_SOLICITATION,
677 		},
678 	};
679 
680 	if (send_sllao)
681 		ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
682 				       dev->dev_addr,
683 				       NDISC_ROUTER_SOLICITATION);
684 
685 	ndisc_send_skb(skb, daddr, saddr);
686 }
687 
688 
ndisc_error_report(struct neighbour * neigh,struct sk_buff * skb)689 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
690 {
691 	/*
692 	 *	"The sender MUST return an ICMP
693 	 *	 destination unreachable"
694 	 */
695 	dst_link_failure(skb);
696 	kfree_skb(skb);
697 }
698 
699 /* Called with locked neigh: either read or both */
700 
ndisc_solicit(struct neighbour * neigh,struct sk_buff * skb)701 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
702 {
703 	struct in6_addr *saddr = NULL;
704 	struct in6_addr mcaddr;
705 	struct net_device *dev = neigh->dev;
706 	struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
707 	int probes = atomic_read(&neigh->probes);
708 
709 	if (skb && ipv6_chk_addr_and_flags(dev_net(dev), &ipv6_hdr(skb)->saddr,
710 					   dev, false, 1,
711 					   IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))
712 		saddr = &ipv6_hdr(skb)->saddr;
713 	probes -= NEIGH_VAR(neigh->parms, UCAST_PROBES);
714 	if (probes < 0) {
715 		if (!(neigh->nud_state & NUD_VALID)) {
716 			ND_PRINTK(1, dbg,
717 				  "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
718 				  __func__, target);
719 		}
720 		ndisc_send_ns(dev, target, target, saddr, 0);
721 	} else if ((probes -= NEIGH_VAR(neigh->parms, APP_PROBES)) < 0) {
722 		neigh_app_ns(neigh);
723 	} else {
724 		addrconf_addr_solict_mult(target, &mcaddr);
725 		ndisc_send_ns(dev, target, &mcaddr, saddr, 0);
726 	}
727 }
728 
pndisc_is_router(const void * pkey,struct net_device * dev)729 static int pndisc_is_router(const void *pkey,
730 			    struct net_device *dev)
731 {
732 	struct pneigh_entry *n;
733 	int ret = -1;
734 
735 	read_lock_bh(&nd_tbl.lock);
736 	n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
737 	if (n)
738 		ret = !!(n->flags & NTF_ROUTER);
739 	read_unlock_bh(&nd_tbl.lock);
740 
741 	return ret;
742 }
743 
ndisc_update(const struct net_device * dev,struct neighbour * neigh,const u8 * lladdr,u8 new,u32 flags,u8 icmp6_type,struct ndisc_options * ndopts)744 void ndisc_update(const struct net_device *dev, struct neighbour *neigh,
745 		  const u8 *lladdr, u8 new, u32 flags, u8 icmp6_type,
746 		  struct ndisc_options *ndopts)
747 {
748 	neigh_update(neigh, lladdr, new, flags, 0);
749 	/* report ndisc ops about neighbour update */
750 	ndisc_ops_update(dev, neigh, flags, icmp6_type, ndopts);
751 }
752 
ndisc_recv_ns(struct sk_buff * skb)753 static void ndisc_recv_ns(struct sk_buff *skb)
754 {
755 	struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
756 	const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
757 	const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
758 	u8 *lladdr = NULL;
759 	u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
760 				    offsetof(struct nd_msg, opt));
761 	struct ndisc_options ndopts;
762 	struct net_device *dev = skb->dev;
763 	struct inet6_ifaddr *ifp;
764 	struct inet6_dev *idev = NULL;
765 	struct neighbour *neigh;
766 	int dad = ipv6_addr_any(saddr);
767 	bool inc;
768 	int is_router = -1;
769 	u64 nonce = 0;
770 
771 	if (skb->len < sizeof(struct nd_msg)) {
772 		ND_PRINTK(2, warn, "NS: packet too short\n");
773 		return;
774 	}
775 
776 	if (ipv6_addr_is_multicast(&msg->target)) {
777 		ND_PRINTK(2, warn, "NS: multicast target address\n");
778 		return;
779 	}
780 
781 	/*
782 	 * RFC2461 7.1.1:
783 	 * DAD has to be destined for solicited node multicast address.
784 	 */
785 	if (dad && !ipv6_addr_is_solict_mult(daddr)) {
786 		ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
787 		return;
788 	}
789 
790 	if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
791 		ND_PRINTK(2, warn, "NS: invalid ND options\n");
792 		return;
793 	}
794 
795 	if (ndopts.nd_opts_src_lladdr) {
796 		lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
797 		if (!lladdr) {
798 			ND_PRINTK(2, warn,
799 				  "NS: invalid link-layer address length\n");
800 			return;
801 		}
802 
803 		/* RFC2461 7.1.1:
804 		 *	If the IP source address is the unspecified address,
805 		 *	there MUST NOT be source link-layer address option
806 		 *	in the message.
807 		 */
808 		if (dad) {
809 			ND_PRINTK(2, warn,
810 				  "NS: bad DAD packet (link-layer address option)\n");
811 			return;
812 		}
813 	}
814 	if (ndopts.nd_opts_nonce && ndopts.nd_opts_nonce->nd_opt_len == 1)
815 		memcpy(&nonce, (u8 *)(ndopts.nd_opts_nonce + 1), 6);
816 
817 	inc = ipv6_addr_is_multicast(daddr);
818 
819 	ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
820 	if (ifp) {
821 have_ifp:
822 		if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
823 			if (dad) {
824 				if (nonce != 0 && ifp->dad_nonce == nonce) {
825 					u8 *np = (u8 *)&nonce;
826 					/* Matching nonce if looped back */
827 					ND_PRINTK(2, notice,
828 						  "%s: IPv6 DAD loopback for address %pI6c nonce %pM ignored\n",
829 						  ifp->idev->dev->name,
830 						  &ifp->addr, np);
831 					goto out;
832 				}
833 				/*
834 				 * We are colliding with another node
835 				 * who is doing DAD
836 				 * so fail our DAD process
837 				 */
838 				addrconf_dad_failure(skb, ifp);
839 				return;
840 			} else {
841 				/*
842 				 * This is not a dad solicitation.
843 				 * If we are an optimistic node,
844 				 * we should respond.
845 				 * Otherwise, we should ignore it.
846 				 */
847 				if (!(ifp->flags & IFA_F_OPTIMISTIC))
848 					goto out;
849 			}
850 		}
851 
852 		idev = ifp->idev;
853 	} else {
854 		struct net *net = dev_net(dev);
855 
856 		/* perhaps an address on the master device */
857 		if (netif_is_l3_slave(dev)) {
858 			struct net_device *mdev;
859 
860 			mdev = netdev_master_upper_dev_get_rcu(dev);
861 			if (mdev) {
862 				ifp = ipv6_get_ifaddr(net, &msg->target, mdev, 1);
863 				if (ifp)
864 					goto have_ifp;
865 			}
866 		}
867 
868 		idev = in6_dev_get(dev);
869 		if (!idev) {
870 			/* XXX: count this drop? */
871 			return;
872 		}
873 
874 		if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
875 		    (idev->cnf.forwarding &&
876 		     (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
877 		     (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
878 			if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
879 			    skb->pkt_type != PACKET_HOST &&
880 			    inc &&
881 			    NEIGH_VAR(idev->nd_parms, PROXY_DELAY) != 0) {
882 				/*
883 				 * for anycast or proxy,
884 				 * sender should delay its response
885 				 * by a random time between 0 and
886 				 * MAX_ANYCAST_DELAY_TIME seconds.
887 				 * (RFC2461) -- yoshfuji
888 				 */
889 				struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
890 				if (n)
891 					pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
892 				goto out;
893 			}
894 		} else
895 			goto out;
896 	}
897 
898 	if (is_router < 0)
899 		is_router = idev->cnf.forwarding;
900 
901 	if (dad) {
902 		ndisc_send_na(dev, &in6addr_linklocal_allnodes, &msg->target,
903 			      !!is_router, false, (ifp != NULL), true);
904 		goto out;
905 	}
906 
907 	if (inc)
908 		NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
909 	else
910 		NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
911 
912 	/*
913 	 *	update / create cache entry
914 	 *	for the source address
915 	 */
916 	neigh = __neigh_lookup(&nd_tbl, saddr, dev,
917 			       !inc || lladdr || !dev->addr_len);
918 	if (neigh)
919 		ndisc_update(dev, neigh, lladdr, NUD_STALE,
920 			     NEIGH_UPDATE_F_WEAK_OVERRIDE|
921 			     NEIGH_UPDATE_F_OVERRIDE,
922 			     NDISC_NEIGHBOUR_SOLICITATION, &ndopts);
923 	if (neigh || !dev->header_ops) {
924 		ndisc_send_na(dev, saddr, &msg->target, !!is_router,
925 			      true, (ifp != NULL && inc), inc);
926 		if (neigh)
927 			neigh_release(neigh);
928 	}
929 
930 out:
931 	if (ifp)
932 		in6_ifa_put(ifp);
933 	else
934 		in6_dev_put(idev);
935 }
936 
ndisc_recv_na(struct sk_buff * skb)937 static void ndisc_recv_na(struct sk_buff *skb)
938 {
939 	struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
940 	struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
941 	const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
942 	u8 *lladdr = NULL;
943 	u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
944 				    offsetof(struct nd_msg, opt));
945 	struct ndisc_options ndopts;
946 	struct net_device *dev = skb->dev;
947 	struct inet6_dev *idev = __in6_dev_get(dev);
948 	struct inet6_ifaddr *ifp;
949 	struct neighbour *neigh;
950 
951 	if (skb->len < sizeof(struct nd_msg)) {
952 		ND_PRINTK(2, warn, "NA: packet too short\n");
953 		return;
954 	}
955 
956 	if (ipv6_addr_is_multicast(&msg->target)) {
957 		ND_PRINTK(2, warn, "NA: target address is multicast\n");
958 		return;
959 	}
960 
961 	if (ipv6_addr_is_multicast(daddr) &&
962 	    msg->icmph.icmp6_solicited) {
963 		ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
964 		return;
965 	}
966 
967 	/* For some 802.11 wireless deployments (and possibly other networks),
968 	 * there will be a NA proxy and unsolicitd packets are attacks
969 	 * and thus should not be accepted.
970 	 */
971 	if (!msg->icmph.icmp6_solicited && idev &&
972 	    idev->cnf.drop_unsolicited_na)
973 		return;
974 
975 	if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
976 		ND_PRINTK(2, warn, "NS: invalid ND option\n");
977 		return;
978 	}
979 	if (ndopts.nd_opts_tgt_lladdr) {
980 		lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
981 		if (!lladdr) {
982 			ND_PRINTK(2, warn,
983 				  "NA: invalid link-layer address length\n");
984 			return;
985 		}
986 	}
987 	ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
988 	if (ifp) {
989 		if (skb->pkt_type != PACKET_LOOPBACK
990 		    && (ifp->flags & IFA_F_TENTATIVE)) {
991 				addrconf_dad_failure(skb, ifp);
992 				return;
993 		}
994 		/* What should we make now? The advertisement
995 		   is invalid, but ndisc specs say nothing
996 		   about it. It could be misconfiguration, or
997 		   an smart proxy agent tries to help us :-)
998 
999 		   We should not print the error if NA has been
1000 		   received from loopback - it is just our own
1001 		   unsolicited advertisement.
1002 		 */
1003 		if (skb->pkt_type != PACKET_LOOPBACK)
1004 			ND_PRINTK(1, warn,
1005 				  "NA: %pM advertised our address %pI6c on %s!\n",
1006 				  eth_hdr(skb)->h_source, &ifp->addr, ifp->idev->dev->name);
1007 		in6_ifa_put(ifp);
1008 		return;
1009 	}
1010 	neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
1011 
1012 	if (neigh) {
1013 		u8 old_flags = neigh->flags;
1014 		struct net *net = dev_net(dev);
1015 
1016 		if (neigh->nud_state & NUD_FAILED)
1017 			goto out;
1018 
1019 		/*
1020 		 * Don't update the neighbor cache entry on a proxy NA from
1021 		 * ourselves because either the proxied node is off link or it
1022 		 * has already sent a NA to us.
1023 		 */
1024 		if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
1025 		    net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
1026 		    pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
1027 			/* XXX: idev->cnf.proxy_ndp */
1028 			goto out;
1029 		}
1030 
1031 		ndisc_update(dev, neigh, lladdr,
1032 			     msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
1033 			     NEIGH_UPDATE_F_WEAK_OVERRIDE|
1034 			     (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
1035 			     NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1036 			     (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0),
1037 			     NDISC_NEIGHBOUR_ADVERTISEMENT, &ndopts);
1038 
1039 		if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
1040 			/*
1041 			 * Change: router to host
1042 			 */
1043 			rt6_clean_tohost(dev_net(dev),  saddr);
1044 		}
1045 
1046 out:
1047 		neigh_release(neigh);
1048 	}
1049 }
1050 
ndisc_recv_rs(struct sk_buff * skb)1051 static void ndisc_recv_rs(struct sk_buff *skb)
1052 {
1053 	struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
1054 	unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
1055 	struct neighbour *neigh;
1056 	struct inet6_dev *idev;
1057 	const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
1058 	struct ndisc_options ndopts;
1059 	u8 *lladdr = NULL;
1060 
1061 	if (skb->len < sizeof(*rs_msg))
1062 		return;
1063 
1064 	idev = __in6_dev_get(skb->dev);
1065 	if (!idev) {
1066 		ND_PRINTK(1, err, "RS: can't find in6 device\n");
1067 		return;
1068 	}
1069 
1070 	/* Don't accept RS if we're not in router mode */
1071 	if (!idev->cnf.forwarding)
1072 		goto out;
1073 
1074 	/*
1075 	 * Don't update NCE if src = ::;
1076 	 * this implies that the source node has no ip address assigned yet.
1077 	 */
1078 	if (ipv6_addr_any(saddr))
1079 		goto out;
1080 
1081 	/* Parse ND options */
1082 	if (!ndisc_parse_options(skb->dev, rs_msg->opt, ndoptlen, &ndopts)) {
1083 		ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n");
1084 		goto out;
1085 	}
1086 
1087 	if (ndopts.nd_opts_src_lladdr) {
1088 		lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1089 					     skb->dev);
1090 		if (!lladdr)
1091 			goto out;
1092 	}
1093 
1094 	neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1095 	if (neigh) {
1096 		ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1097 			     NEIGH_UPDATE_F_WEAK_OVERRIDE|
1098 			     NEIGH_UPDATE_F_OVERRIDE|
1099 			     NEIGH_UPDATE_F_OVERRIDE_ISROUTER,
1100 			     NDISC_ROUTER_SOLICITATION, &ndopts);
1101 		neigh_release(neigh);
1102 	}
1103 out:
1104 	return;
1105 }
1106 
ndisc_ra_useropt(struct sk_buff * ra,struct nd_opt_hdr * opt)1107 static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1108 {
1109 	struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1110 	struct sk_buff *skb;
1111 	struct nlmsghdr *nlh;
1112 	struct nduseroptmsg *ndmsg;
1113 	struct net *net = dev_net(ra->dev);
1114 	int err;
1115 	int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1116 				    + (opt->nd_opt_len << 3));
1117 	size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1118 
1119 	skb = nlmsg_new(msg_size, GFP_ATOMIC);
1120 	if (!skb) {
1121 		err = -ENOBUFS;
1122 		goto errout;
1123 	}
1124 
1125 	nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1126 	if (!nlh) {
1127 		goto nla_put_failure;
1128 	}
1129 
1130 	ndmsg = nlmsg_data(nlh);
1131 	ndmsg->nduseropt_family = AF_INET6;
1132 	ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1133 	ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1134 	ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1135 	ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1136 
1137 	memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1138 
1139 	if (nla_put_in6_addr(skb, NDUSEROPT_SRCADDR, &ipv6_hdr(ra)->saddr))
1140 		goto nla_put_failure;
1141 	nlmsg_end(skb, nlh);
1142 
1143 	rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1144 	return;
1145 
1146 nla_put_failure:
1147 	nlmsg_free(skb);
1148 	err = -EMSGSIZE;
1149 errout:
1150 	rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1151 }
1152 
ndisc_router_discovery(struct sk_buff * skb)1153 static void ndisc_router_discovery(struct sk_buff *skb)
1154 {
1155 	struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1156 	struct neighbour *neigh = NULL;
1157 	struct inet6_dev *in6_dev;
1158 	struct fib6_info *rt = NULL;
1159 	struct net *net;
1160 	int lifetime;
1161 	struct ndisc_options ndopts;
1162 	int optlen;
1163 	unsigned int pref = 0;
1164 	__u32 old_if_flags;
1165 	bool send_ifinfo_notify = false;
1166 
1167 	__u8 *opt = (__u8 *)(ra_msg + 1);
1168 
1169 	optlen = (skb_tail_pointer(skb) - skb_transport_header(skb)) -
1170 		sizeof(struct ra_msg);
1171 
1172 	ND_PRINTK(2, info,
1173 		  "RA: %s, dev: %s\n",
1174 		  __func__, skb->dev->name);
1175 	if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1176 		ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1177 		return;
1178 	}
1179 	if (optlen < 0) {
1180 		ND_PRINTK(2, warn, "RA: packet too short\n");
1181 		return;
1182 	}
1183 
1184 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1185 	if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1186 		ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
1187 		return;
1188 	}
1189 #endif
1190 
1191 	/*
1192 	 *	set the RA_RECV flag in the interface
1193 	 */
1194 
1195 	in6_dev = __in6_dev_get(skb->dev);
1196 	if (!in6_dev) {
1197 		ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1198 			  skb->dev->name);
1199 		return;
1200 	}
1201 
1202 	if (!ndisc_parse_options(skb->dev, opt, optlen, &ndopts)) {
1203 		ND_PRINTK(2, warn, "RA: invalid ND options\n");
1204 		return;
1205 	}
1206 
1207 	if (!ipv6_accept_ra(in6_dev)) {
1208 		ND_PRINTK(2, info,
1209 			  "RA: %s, did not accept ra for dev: %s\n",
1210 			  __func__, skb->dev->name);
1211 		goto skip_linkparms;
1212 	}
1213 
1214 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1215 	/* skip link-specific parameters from interior routers */
1216 	if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1217 		ND_PRINTK(2, info,
1218 			  "RA: %s, nodetype is NODEFAULT, dev: %s\n",
1219 			  __func__, skb->dev->name);
1220 		goto skip_linkparms;
1221 	}
1222 #endif
1223 
1224 	if (in6_dev->if_flags & IF_RS_SENT) {
1225 		/*
1226 		 *	flag that an RA was received after an RS was sent
1227 		 *	out on this interface.
1228 		 */
1229 		in6_dev->if_flags |= IF_RA_RCVD;
1230 	}
1231 
1232 	/*
1233 	 * Remember the managed/otherconf flags from most recently
1234 	 * received RA message (RFC 2462) -- yoshfuji
1235 	 */
1236 	old_if_flags = in6_dev->if_flags;
1237 	in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1238 				IF_RA_OTHERCONF)) |
1239 				(ra_msg->icmph.icmp6_addrconf_managed ?
1240 					IF_RA_MANAGED : 0) |
1241 				(ra_msg->icmph.icmp6_addrconf_other ?
1242 					IF_RA_OTHERCONF : 0);
1243 
1244 	if (old_if_flags != in6_dev->if_flags)
1245 		send_ifinfo_notify = true;
1246 
1247 	if (!in6_dev->cnf.accept_ra_defrtr) {
1248 		ND_PRINTK(2, info,
1249 			  "RA: %s, defrtr is false for dev: %s\n",
1250 			  __func__, skb->dev->name);
1251 		goto skip_defrtr;
1252 	}
1253 
1254 	/* Do not accept RA with source-addr found on local machine unless
1255 	 * accept_ra_from_local is set to true.
1256 	 */
1257 	net = dev_net(in6_dev->dev);
1258 	if (!in6_dev->cnf.accept_ra_from_local &&
1259 	    ipv6_chk_addr(net, &ipv6_hdr(skb)->saddr, in6_dev->dev, 0)) {
1260 		ND_PRINTK(2, info,
1261 			  "RA from local address detected on dev: %s: default router ignored\n",
1262 			  skb->dev->name);
1263 		goto skip_defrtr;
1264 	}
1265 
1266 	lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1267 
1268 #ifdef CONFIG_IPV6_ROUTER_PREF
1269 	pref = ra_msg->icmph.icmp6_router_pref;
1270 	/* 10b is handled as if it were 00b (medium) */
1271 	if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1272 	    !in6_dev->cnf.accept_ra_rtr_pref)
1273 		pref = ICMPV6_ROUTER_PREF_MEDIUM;
1274 #endif
1275 
1276 	rt = rt6_get_dflt_router(net, &ipv6_hdr(skb)->saddr, skb->dev);
1277 
1278 	if (rt) {
1279 		neigh = ip6_neigh_lookup(&rt->fib6_nh.nh_gw,
1280 					 rt->fib6_nh.nh_dev, NULL,
1281 					  &ipv6_hdr(skb)->saddr);
1282 		if (!neigh) {
1283 			ND_PRINTK(0, err,
1284 				  "RA: %s got default router without neighbour\n",
1285 				  __func__);
1286 			fib6_info_release(rt);
1287 			return;
1288 		}
1289 	}
1290 	if (rt && lifetime == 0) {
1291 		ip6_del_rt(net, rt);
1292 		rt = NULL;
1293 	}
1294 
1295 	ND_PRINTK(3, info, "RA: rt: %p  lifetime: %d, for dev: %s\n",
1296 		  rt, lifetime, skb->dev->name);
1297 	if (!rt && lifetime) {
1298 		ND_PRINTK(3, info, "RA: adding default router\n");
1299 
1300 		rt = rt6_add_dflt_router(net, &ipv6_hdr(skb)->saddr,
1301 					 skb->dev, pref);
1302 		if (!rt) {
1303 			ND_PRINTK(0, err,
1304 				  "RA: %s failed to add default route\n",
1305 				  __func__);
1306 			return;
1307 		}
1308 
1309 		neigh = ip6_neigh_lookup(&rt->fib6_nh.nh_gw,
1310 					 rt->fib6_nh.nh_dev, NULL,
1311 					  &ipv6_hdr(skb)->saddr);
1312 		if (!neigh) {
1313 			ND_PRINTK(0, err,
1314 				  "RA: %s got default router without neighbour\n",
1315 				  __func__);
1316 			fib6_info_release(rt);
1317 			return;
1318 		}
1319 		neigh->flags |= NTF_ROUTER;
1320 	} else if (rt) {
1321 		rt->fib6_flags = (rt->fib6_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1322 	}
1323 
1324 	if (rt)
1325 		fib6_set_expires(rt, jiffies + (HZ * lifetime));
1326 	if (in6_dev->cnf.accept_ra_min_hop_limit < 256 &&
1327 	    ra_msg->icmph.icmp6_hop_limit) {
1328 		if (in6_dev->cnf.accept_ra_min_hop_limit <= ra_msg->icmph.icmp6_hop_limit) {
1329 			in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1330 			fib6_metric_set(rt, RTAX_HOPLIMIT,
1331 					ra_msg->icmph.icmp6_hop_limit);
1332 		} else {
1333 			ND_PRINTK(2, warn, "RA: Got route advertisement with lower hop_limit than minimum\n");
1334 		}
1335 	}
1336 
1337 skip_defrtr:
1338 
1339 	/*
1340 	 *	Update Reachable Time and Retrans Timer
1341 	 */
1342 
1343 	if (in6_dev->nd_parms) {
1344 		unsigned long rtime = ntohl(ra_msg->retrans_timer);
1345 
1346 		if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1347 			rtime = (rtime*HZ)/1000;
1348 			if (rtime < HZ/10)
1349 				rtime = HZ/10;
1350 			NEIGH_VAR_SET(in6_dev->nd_parms, RETRANS_TIME, rtime);
1351 			in6_dev->tstamp = jiffies;
1352 			send_ifinfo_notify = true;
1353 		}
1354 
1355 		rtime = ntohl(ra_msg->reachable_time);
1356 		if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1357 			rtime = (rtime*HZ)/1000;
1358 
1359 			if (rtime < HZ/10)
1360 				rtime = HZ/10;
1361 
1362 			if (rtime != NEIGH_VAR(in6_dev->nd_parms, BASE_REACHABLE_TIME)) {
1363 				NEIGH_VAR_SET(in6_dev->nd_parms,
1364 					      BASE_REACHABLE_TIME, rtime);
1365 				NEIGH_VAR_SET(in6_dev->nd_parms,
1366 					      GC_STALETIME, 3 * rtime);
1367 				in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1368 				in6_dev->tstamp = jiffies;
1369 				send_ifinfo_notify = true;
1370 			}
1371 		}
1372 	}
1373 
1374 	/*
1375 	 *	Send a notify if RA changed managed/otherconf flags or timer settings
1376 	 */
1377 	if (send_ifinfo_notify)
1378 		inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1379 
1380 skip_linkparms:
1381 
1382 	/*
1383 	 *	Process options.
1384 	 */
1385 
1386 	if (!neigh)
1387 		neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1388 				       skb->dev, 1);
1389 	if (neigh) {
1390 		u8 *lladdr = NULL;
1391 		if (ndopts.nd_opts_src_lladdr) {
1392 			lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1393 						     skb->dev);
1394 			if (!lladdr) {
1395 				ND_PRINTK(2, warn,
1396 					  "RA: invalid link-layer address length\n");
1397 				goto out;
1398 			}
1399 		}
1400 		ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1401 			     NEIGH_UPDATE_F_WEAK_OVERRIDE|
1402 			     NEIGH_UPDATE_F_OVERRIDE|
1403 			     NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1404 			     NEIGH_UPDATE_F_ISROUTER,
1405 			     NDISC_ROUTER_ADVERTISEMENT, &ndopts);
1406 	}
1407 
1408 	if (!ipv6_accept_ra(in6_dev)) {
1409 		ND_PRINTK(2, info,
1410 			  "RA: %s, accept_ra is false for dev: %s\n",
1411 			  __func__, skb->dev->name);
1412 		goto out;
1413 	}
1414 
1415 #ifdef CONFIG_IPV6_ROUTE_INFO
1416 	if (!in6_dev->cnf.accept_ra_from_local &&
1417 	    ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
1418 			  in6_dev->dev, 0)) {
1419 		ND_PRINTK(2, info,
1420 			  "RA from local address detected on dev: %s: router info ignored.\n",
1421 			  skb->dev->name);
1422 		goto skip_routeinfo;
1423 	}
1424 
1425 	if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1426 		struct nd_opt_hdr *p;
1427 		for (p = ndopts.nd_opts_ri;
1428 		     p;
1429 		     p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1430 			struct route_info *ri = (struct route_info *)p;
1431 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1432 			if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1433 			    ri->prefix_len == 0)
1434 				continue;
1435 #endif
1436 			if (ri->prefix_len == 0 &&
1437 			    !in6_dev->cnf.accept_ra_defrtr)
1438 				continue;
1439 			if (ri->prefix_len < in6_dev->cnf.accept_ra_rt_info_min_plen)
1440 				continue;
1441 			if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1442 				continue;
1443 			rt6_route_rcv(skb->dev, (u8 *)p, (p->nd_opt_len) << 3,
1444 				      &ipv6_hdr(skb)->saddr);
1445 		}
1446 	}
1447 
1448 skip_routeinfo:
1449 #endif
1450 
1451 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1452 	/* skip link-specific ndopts from interior routers */
1453 	if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1454 		ND_PRINTK(2, info,
1455 			  "RA: %s, nodetype is NODEFAULT (interior routes), dev: %s\n",
1456 			  __func__, skb->dev->name);
1457 		goto out;
1458 	}
1459 #endif
1460 
1461 	if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1462 		struct nd_opt_hdr *p;
1463 		for (p = ndopts.nd_opts_pi;
1464 		     p;
1465 		     p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1466 			addrconf_prefix_rcv(skb->dev, (u8 *)p,
1467 					    (p->nd_opt_len) << 3,
1468 					    ndopts.nd_opts_src_lladdr != NULL);
1469 		}
1470 	}
1471 
1472 	if (ndopts.nd_opts_mtu && in6_dev->cnf.accept_ra_mtu) {
1473 		__be32 n;
1474 		u32 mtu;
1475 
1476 		memcpy(&n, ((u8 *)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1477 		mtu = ntohl(n);
1478 
1479 		if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1480 			ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1481 		} else if (in6_dev->cnf.mtu6 != mtu) {
1482 			in6_dev->cnf.mtu6 = mtu;
1483 			fib6_metric_set(rt, RTAX_MTU, mtu);
1484 			rt6_mtu_change(skb->dev, mtu);
1485 		}
1486 	}
1487 
1488 	if (ndopts.nd_useropts) {
1489 		struct nd_opt_hdr *p;
1490 		for (p = ndopts.nd_useropts;
1491 		     p;
1492 		     p = ndisc_next_useropt(skb->dev, p,
1493 					    ndopts.nd_useropts_end)) {
1494 			ndisc_ra_useropt(skb, p);
1495 		}
1496 	}
1497 
1498 	if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1499 		ND_PRINTK(2, warn, "RA: invalid RA options\n");
1500 	}
1501 out:
1502 	fib6_info_release(rt);
1503 	if (neigh)
1504 		neigh_release(neigh);
1505 }
1506 
ndisc_redirect_rcv(struct sk_buff * skb)1507 static void ndisc_redirect_rcv(struct sk_buff *skb)
1508 {
1509 	u8 *hdr;
1510 	struct ndisc_options ndopts;
1511 	struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb);
1512 	u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
1513 				    offsetof(struct rd_msg, opt));
1514 
1515 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1516 	switch (skb->ndisc_nodetype) {
1517 	case NDISC_NODETYPE_HOST:
1518 	case NDISC_NODETYPE_NODEFAULT:
1519 		ND_PRINTK(2, warn,
1520 			  "Redirect: from host or unauthorized router\n");
1521 		return;
1522 	}
1523 #endif
1524 
1525 	if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1526 		ND_PRINTK(2, warn,
1527 			  "Redirect: source address is not link-local\n");
1528 		return;
1529 	}
1530 
1531 	if (!ndisc_parse_options(skb->dev, msg->opt, ndoptlen, &ndopts))
1532 		return;
1533 
1534 	if (!ndopts.nd_opts_rh) {
1535 		ip6_redirect_no_header(skb, dev_net(skb->dev),
1536 					skb->dev->ifindex, 0);
1537 		return;
1538 	}
1539 
1540 	hdr = (u8 *)ndopts.nd_opts_rh;
1541 	hdr += 8;
1542 	if (!pskb_pull(skb, hdr - skb_transport_header(skb)))
1543 		return;
1544 
1545 	icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1546 }
1547 
ndisc_fill_redirect_hdr_option(struct sk_buff * skb,struct sk_buff * orig_skb,int rd_len)1548 static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb,
1549 					   struct sk_buff *orig_skb,
1550 					   int rd_len)
1551 {
1552 	u8 *opt = skb_put(skb, rd_len);
1553 
1554 	memset(opt, 0, 8);
1555 	*(opt++) = ND_OPT_REDIRECT_HDR;
1556 	*(opt++) = (rd_len >> 3);
1557 	opt += 6;
1558 
1559 	skb_copy_bits(orig_skb, skb_network_offset(orig_skb), opt,
1560 		      rd_len - 8);
1561 }
1562 
ndisc_send_redirect(struct sk_buff * skb,const struct in6_addr * target)1563 void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1564 {
1565 	struct net_device *dev = skb->dev;
1566 	struct net *net = dev_net(dev);
1567 	struct sock *sk = net->ipv6.ndisc_sk;
1568 	int optlen = 0;
1569 	struct inet_peer *peer;
1570 	struct sk_buff *buff;
1571 	struct rd_msg *msg;
1572 	struct in6_addr saddr_buf;
1573 	struct rt6_info *rt;
1574 	struct dst_entry *dst;
1575 	struct flowi6 fl6;
1576 	int rd_len;
1577 	u8 ha_buf[MAX_ADDR_LEN], *ha = NULL,
1578 	   ops_data_buf[NDISC_OPS_REDIRECT_DATA_SPACE], *ops_data = NULL;
1579 	bool ret;
1580 
1581 	if (netif_is_l3_master(skb->dev)) {
1582 		dev = __dev_get_by_index(dev_net(skb->dev), IPCB(skb)->iif);
1583 		if (!dev)
1584 			return;
1585 	}
1586 
1587 	if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1588 		ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1589 			  dev->name);
1590 		return;
1591 	}
1592 
1593 	if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1594 	    ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1595 		ND_PRINTK(2, warn,
1596 			  "Redirect: target address is not link-local unicast\n");
1597 		return;
1598 	}
1599 
1600 	icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1601 			 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1602 
1603 	dst = ip6_route_output(net, NULL, &fl6);
1604 	if (dst->error) {
1605 		dst_release(dst);
1606 		return;
1607 	}
1608 	dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1609 	if (IS_ERR(dst))
1610 		return;
1611 
1612 	rt = (struct rt6_info *) dst;
1613 
1614 	if (rt->rt6i_flags & RTF_GATEWAY) {
1615 		ND_PRINTK(2, warn,
1616 			  "Redirect: destination is not a neighbour\n");
1617 		goto release;
1618 	}
1619 	peer = inet_getpeer_v6(net->ipv6.peers, &ipv6_hdr(skb)->saddr, 1);
1620 	ret = inet_peer_xrlim_allow(peer, 1*HZ);
1621 	if (peer)
1622 		inet_putpeer(peer);
1623 	if (!ret)
1624 		goto release;
1625 
1626 	if (dev->addr_len) {
1627 		struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1628 		if (!neigh) {
1629 			ND_PRINTK(2, warn,
1630 				  "Redirect: no neigh for target address\n");
1631 			goto release;
1632 		}
1633 
1634 		read_lock_bh(&neigh->lock);
1635 		if (neigh->nud_state & NUD_VALID) {
1636 			memcpy(ha_buf, neigh->ha, dev->addr_len);
1637 			read_unlock_bh(&neigh->lock);
1638 			ha = ha_buf;
1639 			optlen += ndisc_redirect_opt_addr_space(dev, neigh,
1640 								ops_data_buf,
1641 								&ops_data);
1642 		} else
1643 			read_unlock_bh(&neigh->lock);
1644 
1645 		neigh_release(neigh);
1646 	}
1647 
1648 	rd_len = min_t(unsigned int,
1649 		       IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen,
1650 		       skb->len + 8);
1651 	rd_len &= ~0x7;
1652 	optlen += rd_len;
1653 
1654 	buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
1655 	if (!buff)
1656 		goto release;
1657 
1658 	msg = skb_put(buff, sizeof(*msg));
1659 	*msg = (struct rd_msg) {
1660 		.icmph = {
1661 			.icmp6_type = NDISC_REDIRECT,
1662 		},
1663 		.target = *target,
1664 		.dest = ipv6_hdr(skb)->daddr,
1665 	};
1666 
1667 	/*
1668 	 *	include target_address option
1669 	 */
1670 
1671 	if (ha)
1672 		ndisc_fill_redirect_addr_option(buff, ha, ops_data);
1673 
1674 	/*
1675 	 *	build redirect option and copy skb over to the new packet.
1676 	 */
1677 
1678 	if (rd_len)
1679 		ndisc_fill_redirect_hdr_option(buff, skb, rd_len);
1680 
1681 	skb_dst_set(buff, dst);
1682 	ndisc_send_skb(buff, &ipv6_hdr(skb)->saddr, &saddr_buf);
1683 	return;
1684 
1685 release:
1686 	dst_release(dst);
1687 }
1688 
pndisc_redo(struct sk_buff * skb)1689 static void pndisc_redo(struct sk_buff *skb)
1690 {
1691 	ndisc_recv_ns(skb);
1692 	kfree_skb(skb);
1693 }
1694 
ndisc_suppress_frag_ndisc(struct sk_buff * skb)1695 static bool ndisc_suppress_frag_ndisc(struct sk_buff *skb)
1696 {
1697 	struct inet6_dev *idev = __in6_dev_get(skb->dev);
1698 
1699 	if (!idev)
1700 		return true;
1701 	if (IP6CB(skb)->flags & IP6SKB_FRAGMENTED &&
1702 	    idev->cnf.suppress_frag_ndisc) {
1703 		net_warn_ratelimited("Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.\n");
1704 		return true;
1705 	}
1706 	return false;
1707 }
1708 
ndisc_rcv(struct sk_buff * skb)1709 int ndisc_rcv(struct sk_buff *skb)
1710 {
1711 	struct nd_msg *msg;
1712 
1713 	if (ndisc_suppress_frag_ndisc(skb))
1714 		return 0;
1715 
1716 	if (skb_linearize(skb))
1717 		return 0;
1718 
1719 	msg = (struct nd_msg *)skb_transport_header(skb);
1720 
1721 	__skb_push(skb, skb->data - skb_transport_header(skb));
1722 
1723 	if (ipv6_hdr(skb)->hop_limit != 255) {
1724 		ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1725 			  ipv6_hdr(skb)->hop_limit);
1726 		return 0;
1727 	}
1728 
1729 	if (msg->icmph.icmp6_code != 0) {
1730 		ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1731 			  msg->icmph.icmp6_code);
1732 		return 0;
1733 	}
1734 
1735 	memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1736 
1737 	switch (msg->icmph.icmp6_type) {
1738 	case NDISC_NEIGHBOUR_SOLICITATION:
1739 		ndisc_recv_ns(skb);
1740 		break;
1741 
1742 	case NDISC_NEIGHBOUR_ADVERTISEMENT:
1743 		ndisc_recv_na(skb);
1744 		break;
1745 
1746 	case NDISC_ROUTER_SOLICITATION:
1747 		ndisc_recv_rs(skb);
1748 		break;
1749 
1750 	case NDISC_ROUTER_ADVERTISEMENT:
1751 		ndisc_router_discovery(skb);
1752 		break;
1753 
1754 	case NDISC_REDIRECT:
1755 		ndisc_redirect_rcv(skb);
1756 		break;
1757 	}
1758 
1759 	return 0;
1760 }
1761 
ndisc_netdev_event(struct notifier_block * this,unsigned long event,void * ptr)1762 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1763 {
1764 	struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1765 	struct netdev_notifier_change_info *change_info;
1766 	struct net *net = dev_net(dev);
1767 	struct inet6_dev *idev;
1768 
1769 	switch (event) {
1770 	case NETDEV_CHANGEADDR:
1771 		neigh_changeaddr(&nd_tbl, dev);
1772 		fib6_run_gc(0, net, false);
1773 		/* fallthrough */
1774 	case NETDEV_UP:
1775 		idev = in6_dev_get(dev);
1776 		if (!idev)
1777 			break;
1778 		if (idev->cnf.ndisc_notify ||
1779 		    net->ipv6.devconf_all->ndisc_notify)
1780 			ndisc_send_unsol_na(dev);
1781 		in6_dev_put(idev);
1782 		break;
1783 	case NETDEV_CHANGE:
1784 		change_info = ptr;
1785 		if (change_info->flags_changed & IFF_NOARP)
1786 			neigh_changeaddr(&nd_tbl, dev);
1787 		break;
1788 	case NETDEV_DOWN:
1789 		neigh_ifdown(&nd_tbl, dev);
1790 		fib6_run_gc(0, net, false);
1791 		break;
1792 	case NETDEV_NOTIFY_PEERS:
1793 		ndisc_send_unsol_na(dev);
1794 		break;
1795 	default:
1796 		break;
1797 	}
1798 
1799 	return NOTIFY_DONE;
1800 }
1801 
1802 static struct notifier_block ndisc_netdev_notifier = {
1803 	.notifier_call = ndisc_netdev_event,
1804 	.priority = ADDRCONF_NOTIFY_PRIORITY - 5,
1805 };
1806 
1807 #ifdef CONFIG_SYSCTL
ndisc_warn_deprecated_sysctl(struct ctl_table * ctl,const char * func,const char * dev_name)1808 static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1809 					 const char *func, const char *dev_name)
1810 {
1811 	static char warncomm[TASK_COMM_LEN];
1812 	static int warned;
1813 	if (strcmp(warncomm, current->comm) && warned < 5) {
1814 		strcpy(warncomm, current->comm);
1815 		pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1816 			warncomm, func,
1817 			dev_name, ctl->procname,
1818 			dev_name, ctl->procname);
1819 		warned++;
1820 	}
1821 }
1822 
ndisc_ifinfo_sysctl_change(struct ctl_table * ctl,int write,void __user * buffer,size_t * lenp,loff_t * ppos)1823 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
1824 {
1825 	struct net_device *dev = ctl->extra1;
1826 	struct inet6_dev *idev;
1827 	int ret;
1828 
1829 	if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1830 	    (strcmp(ctl->procname, "base_reachable_time") == 0))
1831 		ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1832 
1833 	if (strcmp(ctl->procname, "retrans_time") == 0)
1834 		ret = neigh_proc_dointvec(ctl, write, buffer, lenp, ppos);
1835 
1836 	else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1837 		ret = neigh_proc_dointvec_jiffies(ctl, write,
1838 						  buffer, lenp, ppos);
1839 
1840 	else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1841 		 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1842 		ret = neigh_proc_dointvec_ms_jiffies(ctl, write,
1843 						     buffer, lenp, ppos);
1844 	else
1845 		ret = -1;
1846 
1847 	if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1848 		if (ctl->data == &NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME))
1849 			idev->nd_parms->reachable_time =
1850 					neigh_rand_reach_time(NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME));
1851 		idev->tstamp = jiffies;
1852 		inet6_ifinfo_notify(RTM_NEWLINK, idev);
1853 		in6_dev_put(idev);
1854 	}
1855 	return ret;
1856 }
1857 
1858 
1859 #endif
1860 
ndisc_net_init(struct net * net)1861 static int __net_init ndisc_net_init(struct net *net)
1862 {
1863 	struct ipv6_pinfo *np;
1864 	struct sock *sk;
1865 	int err;
1866 
1867 	err = inet_ctl_sock_create(&sk, PF_INET6,
1868 				   SOCK_RAW, IPPROTO_ICMPV6, net);
1869 	if (err < 0) {
1870 		ND_PRINTK(0, err,
1871 			  "NDISC: Failed to initialize the control socket (err %d)\n",
1872 			  err);
1873 		return err;
1874 	}
1875 
1876 	net->ipv6.ndisc_sk = sk;
1877 
1878 	np = inet6_sk(sk);
1879 	np->hop_limit = 255;
1880 	/* Do not loopback ndisc messages */
1881 	np->mc_loop = 0;
1882 
1883 	return 0;
1884 }
1885 
ndisc_net_exit(struct net * net)1886 static void __net_exit ndisc_net_exit(struct net *net)
1887 {
1888 	inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1889 }
1890 
1891 static struct pernet_operations ndisc_net_ops = {
1892 	.init = ndisc_net_init,
1893 	.exit = ndisc_net_exit,
1894 };
1895 
ndisc_init(void)1896 int __init ndisc_init(void)
1897 {
1898 	int err;
1899 
1900 	err = register_pernet_subsys(&ndisc_net_ops);
1901 	if (err)
1902 		return err;
1903 	/*
1904 	 * Initialize the neighbour table
1905 	 */
1906 	neigh_table_init(NEIGH_ND_TABLE, &nd_tbl);
1907 
1908 #ifdef CONFIG_SYSCTL
1909 	err = neigh_sysctl_register(NULL, &nd_tbl.parms,
1910 				    ndisc_ifinfo_sysctl_change);
1911 	if (err)
1912 		goto out_unregister_pernet;
1913 out:
1914 #endif
1915 	return err;
1916 
1917 #ifdef CONFIG_SYSCTL
1918 out_unregister_pernet:
1919 	unregister_pernet_subsys(&ndisc_net_ops);
1920 	goto out;
1921 #endif
1922 }
1923 
ndisc_late_init(void)1924 int __init ndisc_late_init(void)
1925 {
1926 	return register_netdevice_notifier(&ndisc_netdev_notifier);
1927 }
1928 
ndisc_late_cleanup(void)1929 void ndisc_late_cleanup(void)
1930 {
1931 	unregister_netdevice_notifier(&ndisc_netdev_notifier);
1932 }
1933 
ndisc_cleanup(void)1934 void ndisc_cleanup(void)
1935 {
1936 #ifdef CONFIG_SYSCTL
1937 	neigh_sysctl_unregister(&nd_tbl.parms);
1938 #endif
1939 	neigh_table_clear(NEIGH_ND_TABLE, &nd_tbl);
1940 	unregister_pernet_subsys(&ndisc_net_ops);
1941 }
1942