2 * Neighbour Discovery for IPv6
3 * Linux INET6 implementation
6 * Pedro Roque <roque@di.fc.ul.pt>
7 * Mike Shaver <shaver@ingenia.com>
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version
12 * 2 of the License, or (at your option) any later version.
18 * Alexey I. Froloff : RFC6106 (DNSSL) support
19 * Pierre Ynard : export userland ND options
20 * through netlink (RDNSS support)
21 * Lars Fenneberg : fixed MTU setting on receipt
23 * Janos Farkas : kmalloc failure checks
24 * Alexey Kuznetsov : state machine reworked
25 * and moved to net/core.
26 * Pekka Savola : RFC2461 validation
27 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly
30 #define pr_fmt(fmt) "ICMPv6: " fmt
32 #include <linux/module.h>
33 #include <linux/errno.h>
34 #include <linux/types.h>
35 #include <linux/socket.h>
36 #include <linux/sockios.h>
37 #include <linux/sched.h>
38 #include <linux/net.h>
39 #include <linux/in6.h>
40 #include <linux/route.h>
41 #include <linux/init.h>
42 #include <linux/rcupdate.h>
43 #include <linux/slab.h>
45 #include <linux/sysctl.h>
48 #include <linux/if_addr.h>
49 #include <linux/if_arp.h>
50 #include <linux/ipv6.h>
51 #include <linux/icmpv6.h>
52 #include <linux/jhash.h>
58 #include <net/protocol.h>
59 #include <net/ndisc.h>
60 #include <net/ip6_route.h>
61 #include <net/addrconf.h>
64 #include <net/netlink.h>
65 #include <linux/rtnetlink.h>
68 #include <net/ip6_checksum.h>
69 #include <net/inet_common.h>
70 #include <net/l3mdev.h>
71 #include <linux/proc_fs.h>
73 #include <linux/netfilter.h>
74 #include <linux/netfilter_ipv6.h>
76 /* Set to 3 to get tracing... */
79 #define ND_PRINTK(val, level, fmt, ...) \
81 if (val <= ND_DEBUG) \
82 net_##level##_ratelimited(fmt, ##__VA_ARGS__); \
85 static u32 ndisc_hash(const void *pkey,
86 const struct net_device *dev,
88 static bool ndisc_key_eq(const struct neighbour *neigh, const void *pkey);
89 static int ndisc_constructor(struct neighbour *neigh);
90 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
91 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
92 static int pndisc_constructor(struct pneigh_entry *n);
93 static void pndisc_destructor(struct pneigh_entry *n);
94 static void pndisc_redo(struct sk_buff *skb);
96 static const struct neigh_ops ndisc_generic_ops = {
98 .solicit = ndisc_solicit,
99 .error_report = ndisc_error_report,
100 .output = neigh_resolve_output,
101 .connected_output = neigh_connected_output,
104 static const struct neigh_ops ndisc_hh_ops = {
106 .solicit = ndisc_solicit,
107 .error_report = ndisc_error_report,
108 .output = neigh_resolve_output,
109 .connected_output = neigh_resolve_output,
113 static const struct neigh_ops ndisc_direct_ops = {
115 .output = neigh_direct_output,
116 .connected_output = neigh_direct_output,
119 struct neigh_table nd_tbl = {
121 .key_len = sizeof(struct in6_addr),
122 .protocol = cpu_to_be16(ETH_P_IPV6),
124 .key_eq = ndisc_key_eq,
125 .constructor = ndisc_constructor,
126 .pconstructor = pndisc_constructor,
127 .pdestructor = pndisc_destructor,
128 .proxy_redo = pndisc_redo,
132 .reachable_time = ND_REACHABLE_TIME,
134 [NEIGH_VAR_MCAST_PROBES] = 3,
135 [NEIGH_VAR_UCAST_PROBES] = 3,
136 [NEIGH_VAR_RETRANS_TIME] = ND_RETRANS_TIMER,
137 [NEIGH_VAR_BASE_REACHABLE_TIME] = ND_REACHABLE_TIME,
138 [NEIGH_VAR_DELAY_PROBE_TIME] = 5 * HZ,
139 [NEIGH_VAR_GC_STALETIME] = 60 * HZ,
140 [NEIGH_VAR_QUEUE_LEN_BYTES] = 64 * 1024,
141 [NEIGH_VAR_PROXY_QLEN] = 64,
142 [NEIGH_VAR_ANYCAST_DELAY] = 1 * HZ,
143 [NEIGH_VAR_PROXY_DELAY] = (8 * HZ) / 10,
146 .gc_interval = 30 * HZ,
151 EXPORT_SYMBOL_GPL(nd_tbl);
153 static void ndisc_fill_addr_option(struct sk_buff *skb, int type, void *data)
155 int pad = ndisc_addr_option_pad(skb->dev->type);
156 int data_len = skb->dev->addr_len;
157 int space = ndisc_opt_addr_space(skb->dev);
158 u8 *opt = skb_put(skb, space);
163 memset(opt + 2, 0, pad);
167 memcpy(opt+2, data, data_len);
172 memset(opt, 0, space);
175 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
176 struct nd_opt_hdr *end)
179 if (!cur || !end || cur >= end)
181 type = cur->nd_opt_type;
183 cur = ((void *)cur) + (cur->nd_opt_len << 3);
184 } while (cur < end && cur->nd_opt_type != type);
185 return cur <= end && cur->nd_opt_type == type ? cur : NULL;
188 static inline int ndisc_is_useropt(struct nd_opt_hdr *opt)
190 return opt->nd_opt_type == ND_OPT_RDNSS ||
191 opt->nd_opt_type == ND_OPT_DNSSL;
194 static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur,
195 struct nd_opt_hdr *end)
197 if (!cur || !end || cur >= end)
200 cur = ((void *)cur) + (cur->nd_opt_len << 3);
201 } while (cur < end && !ndisc_is_useropt(cur));
202 return cur <= end && ndisc_is_useropt(cur) ? cur : NULL;
205 struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
206 struct ndisc_options *ndopts)
208 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
210 if (!nd_opt || opt_len < 0 || !ndopts)
212 memset(ndopts, 0, sizeof(*ndopts));
215 if (opt_len < sizeof(struct nd_opt_hdr))
217 l = nd_opt->nd_opt_len << 3;
218 if (opt_len < l || l == 0)
220 switch (nd_opt->nd_opt_type) {
221 case ND_OPT_SOURCE_LL_ADDR:
222 case ND_OPT_TARGET_LL_ADDR:
224 case ND_OPT_REDIRECT_HDR:
225 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
227 "%s: duplicated ND6 option found: type=%d\n",
228 __func__, nd_opt->nd_opt_type);
230 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
233 case ND_OPT_PREFIX_INFO:
234 ndopts->nd_opts_pi_end = nd_opt;
235 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
236 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
238 #ifdef CONFIG_IPV6_ROUTE_INFO
239 case ND_OPT_ROUTE_INFO:
240 ndopts->nd_opts_ri_end = nd_opt;
241 if (!ndopts->nd_opts_ri)
242 ndopts->nd_opts_ri = nd_opt;
246 if (ndisc_is_useropt(nd_opt)) {
247 ndopts->nd_useropts_end = nd_opt;
248 if (!ndopts->nd_useropts)
249 ndopts->nd_useropts = nd_opt;
252 * Unknown options must be silently ignored,
253 * to accommodate future extension to the
257 "%s: ignored unsupported option; type=%d, len=%d\n",
264 nd_opt = ((void *)nd_opt) + l;
269 int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
273 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */
275 ipv6_eth_mc_map(addr, buf);
278 ipv6_arcnet_mc_map(addr, buf);
280 case ARPHRD_INFINIBAND:
281 ipv6_ib_mc_map(addr, dev->broadcast, buf);
284 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
287 memcpy(buf, dev->broadcast, dev->addr_len);
293 EXPORT_SYMBOL(ndisc_mc_map);
295 static u32 ndisc_hash(const void *pkey,
296 const struct net_device *dev,
299 return ndisc_hashfn(pkey, dev, hash_rnd);
302 static bool ndisc_key_eq(const struct neighbour *n, const void *pkey)
304 return neigh_key_eq128(n, pkey);
307 static int ndisc_constructor(struct neighbour *neigh)
309 struct in6_addr *addr = (struct in6_addr *)&neigh->primary_key;
310 struct net_device *dev = neigh->dev;
311 struct inet6_dev *in6_dev;
312 struct neigh_parms *parms;
313 bool is_multicast = ipv6_addr_is_multicast(addr);
315 in6_dev = in6_dev_get(dev);
320 parms = in6_dev->nd_parms;
321 __neigh_parms_put(neigh->parms);
322 neigh->parms = neigh_parms_clone(parms);
324 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
325 if (!dev->header_ops) {
326 neigh->nud_state = NUD_NOARP;
327 neigh->ops = &ndisc_direct_ops;
328 neigh->output = neigh_direct_output;
331 neigh->nud_state = NUD_NOARP;
332 ndisc_mc_map(addr, neigh->ha, dev, 1);
333 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
334 neigh->nud_state = NUD_NOARP;
335 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
336 if (dev->flags&IFF_LOOPBACK)
337 neigh->type = RTN_LOCAL;
338 } else if (dev->flags&IFF_POINTOPOINT) {
339 neigh->nud_state = NUD_NOARP;
340 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
342 if (dev->header_ops->cache)
343 neigh->ops = &ndisc_hh_ops;
345 neigh->ops = &ndisc_generic_ops;
346 if (neigh->nud_state&NUD_VALID)
347 neigh->output = neigh->ops->connected_output;
349 neigh->output = neigh->ops->output;
351 in6_dev_put(in6_dev);
355 static int pndisc_constructor(struct pneigh_entry *n)
357 struct in6_addr *addr = (struct in6_addr *)&n->key;
358 struct in6_addr maddr;
359 struct net_device *dev = n->dev;
361 if (!dev || !__in6_dev_get(dev))
363 addrconf_addr_solict_mult(addr, &maddr);
364 ipv6_dev_mc_inc(dev, &maddr);
368 static void pndisc_destructor(struct pneigh_entry *n)
370 struct in6_addr *addr = (struct in6_addr *)&n->key;
371 struct in6_addr maddr;
372 struct net_device *dev = n->dev;
374 if (!dev || !__in6_dev_get(dev))
376 addrconf_addr_solict_mult(addr, &maddr);
377 ipv6_dev_mc_dec(dev, &maddr);
380 static struct sk_buff *ndisc_alloc_skb(struct net_device *dev,
383 int hlen = LL_RESERVED_SPACE(dev);
384 int tlen = dev->needed_tailroom;
385 struct sock *sk = dev_net(dev)->ipv6.ndisc_sk;
388 skb = alloc_skb(hlen + sizeof(struct ipv6hdr) + len + tlen, GFP_ATOMIC);
390 ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb\n",
395 skb->protocol = htons(ETH_P_IPV6);
398 skb_reserve(skb, hlen + sizeof(struct ipv6hdr));
399 skb_reset_transport_header(skb);
401 /* Manually assign socket ownership as we avoid calling
402 * sock_alloc_send_pskb() to bypass wmem buffer limits
404 skb_set_owner_w(skb, sk);
409 static void ip6_nd_hdr(struct sk_buff *skb,
410 const struct in6_addr *saddr,
411 const struct in6_addr *daddr,
412 int hop_limit, int len)
416 skb_push(skb, sizeof(*hdr));
417 skb_reset_network_header(skb);
420 ip6_flow_hdr(hdr, 0, 0);
422 hdr->payload_len = htons(len);
423 hdr->nexthdr = IPPROTO_ICMPV6;
424 hdr->hop_limit = hop_limit;
430 static void ndisc_send_skb(struct sk_buff *skb,
431 const struct in6_addr *daddr,
432 const struct in6_addr *saddr)
434 struct dst_entry *dst = skb_dst(skb);
435 struct net *net = dev_net(skb->dev);
436 struct sock *sk = net->ipv6.ndisc_sk;
437 struct inet6_dev *idev;
439 struct icmp6hdr *icmp6h = icmp6_hdr(skb);
442 type = icmp6h->icmp6_type;
446 int oif = l3mdev_fib_oif(skb->dev);
448 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, oif);
449 if (oif != skb->dev->ifindex)
450 fl6.flowi6_flags |= FLOWI_FLAG_L3MDEV_SRC;
451 dst = icmp6_dst_alloc(skb->dev, &fl6);
457 skb_dst_set(skb, dst);
460 icmp6h->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len,
465 ip6_nd_hdr(skb, saddr, daddr, inet6_sk(sk)->hop_limit, skb->len);
468 idev = __in6_dev_get(dst->dev);
469 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
471 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT,
472 net, sk, skb, NULL, dst->dev,
475 ICMP6MSGOUT_INC_STATS(net, idev, type);
476 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
482 void ndisc_send_na(struct net_device *dev, const struct in6_addr *daddr,
483 const struct in6_addr *solicited_addr,
484 bool router, bool solicited, bool override, bool inc_opt)
487 struct in6_addr tmpaddr;
488 struct inet6_ifaddr *ifp;
489 const struct in6_addr *src_addr;
493 /* for anycast or proxy, solicited_addr != src_addr */
494 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
496 src_addr = solicited_addr;
497 if (ifp->flags & IFA_F_OPTIMISTIC)
499 inc_opt |= ifp->idev->cnf.force_tllao;
502 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
503 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
512 optlen += ndisc_opt_addr_space(dev);
514 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
518 msg = (struct nd_msg *)skb_put(skb, sizeof(*msg));
519 *msg = (struct nd_msg) {
521 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
522 .icmp6_router = router,
523 .icmp6_solicited = solicited,
524 .icmp6_override = override,
526 .target = *solicited_addr,
530 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR,
534 ndisc_send_skb(skb, daddr, src_addr);
537 static void ndisc_send_unsol_na(struct net_device *dev)
539 struct inet6_dev *idev;
540 struct inet6_ifaddr *ifa;
542 idev = in6_dev_get(dev);
546 read_lock_bh(&idev->lock);
547 list_for_each_entry(ifa, &idev->addr_list, if_list) {
548 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &ifa->addr,
549 /*router=*/ !!idev->cnf.forwarding,
550 /*solicited=*/ false, /*override=*/ true,
553 read_unlock_bh(&idev->lock);
558 void ndisc_send_ns(struct net_device *dev, const struct in6_addr *solicit,
559 const struct in6_addr *daddr, const struct in6_addr *saddr)
562 struct in6_addr addr_buf;
563 int inc_opt = dev->addr_len;
568 if (ipv6_get_lladdr(dev, &addr_buf,
569 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
574 if (ipv6_addr_any(saddr))
577 optlen += ndisc_opt_addr_space(dev);
579 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
583 msg = (struct nd_msg *)skb_put(skb, sizeof(*msg));
584 *msg = (struct nd_msg) {
586 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
592 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
595 ndisc_send_skb(skb, daddr, saddr);
598 void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
599 const struct in6_addr *daddr)
603 int send_sllao = dev->addr_len;
606 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
608 * According to section 2.2 of RFC 4429, we must not
609 * send router solicitations with a sllao from
610 * optimistic addresses, but we may send the solicitation
611 * if we don't include the sllao. So here we check
612 * if our address is optimistic, and if so, we
613 * suppress the inclusion of the sllao.
616 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
619 if (ifp->flags & IFA_F_OPTIMISTIC) {
629 optlen += ndisc_opt_addr_space(dev);
631 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
635 msg = (struct rs_msg *)skb_put(skb, sizeof(*msg));
636 *msg = (struct rs_msg) {
638 .icmp6_type = NDISC_ROUTER_SOLICITATION,
643 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
646 ndisc_send_skb(skb, daddr, saddr);
650 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
653 * "The sender MUST return an ICMP
654 * destination unreachable"
656 dst_link_failure(skb);
660 /* Called with locked neigh: either read or both */
662 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
664 struct in6_addr *saddr = NULL;
665 struct in6_addr mcaddr;
666 struct net_device *dev = neigh->dev;
667 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
668 int probes = atomic_read(&neigh->probes);
670 if (skb && ipv6_chk_addr_and_flags(dev_net(dev), &ipv6_hdr(skb)->saddr,
672 IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))
673 saddr = &ipv6_hdr(skb)->saddr;
674 probes -= NEIGH_VAR(neigh->parms, UCAST_PROBES);
676 if (!(neigh->nud_state & NUD_VALID)) {
678 "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
681 ndisc_send_ns(dev, target, target, saddr);
682 } else if ((probes -= NEIGH_VAR(neigh->parms, APP_PROBES)) < 0) {
685 addrconf_addr_solict_mult(target, &mcaddr);
686 ndisc_send_ns(dev, target, &mcaddr, saddr);
690 static int pndisc_is_router(const void *pkey,
691 struct net_device *dev)
693 struct pneigh_entry *n;
696 read_lock_bh(&nd_tbl.lock);
697 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
699 ret = !!(n->flags & NTF_ROUTER);
700 read_unlock_bh(&nd_tbl.lock);
705 static void ndisc_recv_ns(struct sk_buff *skb)
707 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
708 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
709 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
711 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
712 offsetof(struct nd_msg, opt));
713 struct ndisc_options ndopts;
714 struct net_device *dev = skb->dev;
715 struct inet6_ifaddr *ifp;
716 struct inet6_dev *idev = NULL;
717 struct neighbour *neigh;
718 int dad = ipv6_addr_any(saddr);
722 if (skb->len < sizeof(struct nd_msg)) {
723 ND_PRINTK(2, warn, "NS: packet too short\n");
727 if (ipv6_addr_is_multicast(&msg->target)) {
728 ND_PRINTK(2, warn, "NS: multicast target address\n");
734 * DAD has to be destined for solicited node multicast address.
736 if (dad && !ipv6_addr_is_solict_mult(daddr)) {
737 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
741 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
742 ND_PRINTK(2, warn, "NS: invalid ND options\n");
746 if (ndopts.nd_opts_src_lladdr) {
747 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
750 "NS: invalid link-layer address length\n");
755 * If the IP source address is the unspecified address,
756 * there MUST NOT be source link-layer address option
761 "NS: bad DAD packet (link-layer address option)\n");
766 inc = ipv6_addr_is_multicast(daddr);
768 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
771 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
774 * We are colliding with another node
776 * so fail our DAD process
778 addrconf_dad_failure(ifp);
782 * This is not a dad solicitation.
783 * If we are an optimistic node,
785 * Otherwise, we should ignore it.
787 if (!(ifp->flags & IFA_F_OPTIMISTIC))
794 struct net *net = dev_net(dev);
796 /* perhaps an address on the master device */
797 if (netif_is_l3_slave(dev)) {
798 struct net_device *mdev;
800 mdev = netdev_master_upper_dev_get_rcu(dev);
802 ifp = ipv6_get_ifaddr(net, &msg->target, mdev, 1);
808 idev = in6_dev_get(dev);
810 /* XXX: count this drop? */
814 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
815 (idev->cnf.forwarding &&
816 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
817 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
818 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
819 skb->pkt_type != PACKET_HOST &&
821 NEIGH_VAR(idev->nd_parms, PROXY_DELAY) != 0) {
823 * for anycast or proxy,
824 * sender should delay its response
825 * by a random time between 0 and
826 * MAX_ANYCAST_DELAY_TIME seconds.
827 * (RFC2461) -- yoshfuji
829 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
831 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
839 is_router = idev->cnf.forwarding;
842 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &msg->target,
843 !!is_router, false, (ifp != NULL), true);
848 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
850 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
853 * update / create cache entry
854 * for the source address
856 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
857 !inc || lladdr || !dev->addr_len);
859 neigh_update(neigh, lladdr, NUD_STALE,
860 NEIGH_UPDATE_F_WEAK_OVERRIDE|
861 NEIGH_UPDATE_F_OVERRIDE);
862 if (neigh || !dev->header_ops) {
863 ndisc_send_na(dev, saddr, &msg->target, !!is_router,
864 true, (ifp != NULL && inc), inc);
866 neigh_release(neigh);
876 static void ndisc_recv_na(struct sk_buff *skb)
878 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
879 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
880 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
882 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
883 offsetof(struct nd_msg, opt));
884 struct ndisc_options ndopts;
885 struct net_device *dev = skb->dev;
886 struct inet6_dev *idev = __in6_dev_get(dev);
887 struct inet6_ifaddr *ifp;
888 struct neighbour *neigh;
890 if (skb->len < sizeof(struct nd_msg)) {
891 ND_PRINTK(2, warn, "NA: packet too short\n");
895 if (ipv6_addr_is_multicast(&msg->target)) {
896 ND_PRINTK(2, warn, "NA: target address is multicast\n");
900 if (ipv6_addr_is_multicast(daddr) &&
901 msg->icmph.icmp6_solicited) {
902 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
906 /* For some 802.11 wireless deployments (and possibly other networks),
907 * there will be a NA proxy and unsolicitd packets are attacks
908 * and thus should not be accepted.
910 if (!msg->icmph.icmp6_solicited && idev &&
911 idev->cnf.drop_unsolicited_na)
914 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
915 ND_PRINTK(2, warn, "NS: invalid ND option\n");
918 if (ndopts.nd_opts_tgt_lladdr) {
919 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
922 "NA: invalid link-layer address length\n");
926 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
928 if (skb->pkt_type != PACKET_LOOPBACK
929 && (ifp->flags & IFA_F_TENTATIVE)) {
930 addrconf_dad_failure(ifp);
933 /* What should we make now? The advertisement
934 is invalid, but ndisc specs say nothing
935 about it. It could be misconfiguration, or
936 an smart proxy agent tries to help us :-)
938 We should not print the error if NA has been
939 received from loopback - it is just our own
940 unsolicited advertisement.
942 if (skb->pkt_type != PACKET_LOOPBACK)
944 "NA: someone advertises our address %pI6 on %s!\n",
945 &ifp->addr, ifp->idev->dev->name);
949 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
952 u8 old_flags = neigh->flags;
953 struct net *net = dev_net(dev);
955 if (neigh->nud_state & NUD_FAILED)
959 * Don't update the neighbor cache entry on a proxy NA from
960 * ourselves because either the proxied node is off link or it
961 * has already sent a NA to us.
963 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
964 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
965 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
966 /* XXX: idev->cnf.proxy_ndp */
970 neigh_update(neigh, lladdr,
971 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
972 NEIGH_UPDATE_F_WEAK_OVERRIDE|
973 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
974 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
975 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0));
977 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
979 * Change: router to host
981 rt6_clean_tohost(dev_net(dev), saddr);
985 neigh_release(neigh);
989 static void ndisc_recv_rs(struct sk_buff *skb)
991 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
992 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
993 struct neighbour *neigh;
994 struct inet6_dev *idev;
995 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
996 struct ndisc_options ndopts;
999 if (skb->len < sizeof(*rs_msg))
1002 idev = __in6_dev_get(skb->dev);
1004 ND_PRINTK(1, err, "RS: can't find in6 device\n");
1008 /* Don't accept RS if we're not in router mode */
1009 if (!idev->cnf.forwarding)
1013 * Don't update NCE if src = ::;
1014 * this implies that the source node has no ip address assigned yet.
1016 if (ipv6_addr_any(saddr))
1019 /* Parse ND options */
1020 if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) {
1021 ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n");
1025 if (ndopts.nd_opts_src_lladdr) {
1026 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1032 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1034 neigh_update(neigh, lladdr, NUD_STALE,
1035 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1036 NEIGH_UPDATE_F_OVERRIDE|
1037 NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
1038 neigh_release(neigh);
1044 static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1046 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1047 struct sk_buff *skb;
1048 struct nlmsghdr *nlh;
1049 struct nduseroptmsg *ndmsg;
1050 struct net *net = dev_net(ra->dev);
1052 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1053 + (opt->nd_opt_len << 3));
1054 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1056 skb = nlmsg_new(msg_size, GFP_ATOMIC);
1062 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1064 goto nla_put_failure;
1067 ndmsg = nlmsg_data(nlh);
1068 ndmsg->nduseropt_family = AF_INET6;
1069 ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1070 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1071 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1072 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1074 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1076 if (nla_put_in6_addr(skb, NDUSEROPT_SRCADDR, &ipv6_hdr(ra)->saddr))
1077 goto nla_put_failure;
1078 nlmsg_end(skb, nlh);
1080 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1087 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1090 static void ndisc_router_discovery(struct sk_buff *skb)
1092 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1093 struct neighbour *neigh = NULL;
1094 struct inet6_dev *in6_dev;
1095 struct rt6_info *rt = NULL;
1097 struct ndisc_options ndopts;
1099 unsigned int pref = 0;
1101 bool send_ifinfo_notify = false;
1103 __u8 *opt = (__u8 *)(ra_msg + 1);
1105 optlen = (skb_tail_pointer(skb) - skb_transport_header(skb)) -
1106 sizeof(struct ra_msg);
1109 "RA: %s, dev: %s\n",
1110 __func__, skb->dev->name);
1111 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1112 ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1116 ND_PRINTK(2, warn, "RA: packet too short\n");
1120 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1121 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1122 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
1128 * set the RA_RECV flag in the interface
1131 in6_dev = __in6_dev_get(skb->dev);
1133 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1138 if (!ndisc_parse_options(opt, optlen, &ndopts)) {
1139 ND_PRINTK(2, warn, "RA: invalid ND options\n");
1143 if (!ipv6_accept_ra(in6_dev)) {
1145 "RA: %s, did not accept ra for dev: %s\n",
1146 __func__, skb->dev->name);
1147 goto skip_linkparms;
1150 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1151 /* skip link-specific parameters from interior routers */
1152 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1154 "RA: %s, nodetype is NODEFAULT, dev: %s\n",
1155 __func__, skb->dev->name);
1156 goto skip_linkparms;
1160 if (in6_dev->if_flags & IF_RS_SENT) {
1162 * flag that an RA was received after an RS was sent
1163 * out on this interface.
1165 in6_dev->if_flags |= IF_RA_RCVD;
1169 * Remember the managed/otherconf flags from most recently
1170 * received RA message (RFC 2462) -- yoshfuji
1172 old_if_flags = in6_dev->if_flags;
1173 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1175 (ra_msg->icmph.icmp6_addrconf_managed ?
1176 IF_RA_MANAGED : 0) |
1177 (ra_msg->icmph.icmp6_addrconf_other ?
1178 IF_RA_OTHERCONF : 0);
1180 if (old_if_flags != in6_dev->if_flags)
1181 send_ifinfo_notify = true;
1183 if (!in6_dev->cnf.accept_ra_defrtr) {
1185 "RA: %s, defrtr is false for dev: %s\n",
1186 __func__, skb->dev->name);
1190 /* Do not accept RA with source-addr found on local machine unless
1191 * accept_ra_from_local is set to true.
1193 if (!in6_dev->cnf.accept_ra_from_local &&
1194 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
1197 "RA from local address detected on dev: %s: default router ignored\n",
1202 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1204 #ifdef CONFIG_IPV6_ROUTER_PREF
1205 pref = ra_msg->icmph.icmp6_router_pref;
1206 /* 10b is handled as if it were 00b (medium) */
1207 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1208 !in6_dev->cnf.accept_ra_rtr_pref)
1209 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1212 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1215 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1218 "RA: %s got default router without neighbour\n",
1224 if (rt && lifetime == 0) {
1229 ND_PRINTK(3, info, "RA: rt: %p lifetime: %d, for dev: %s\n",
1230 rt, lifetime, skb->dev->name);
1231 if (!rt && lifetime) {
1232 ND_PRINTK(3, info, "RA: adding default router\n");
1234 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
1237 "RA: %s failed to add default route\n",
1242 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1245 "RA: %s got default router without neighbour\n",
1250 neigh->flags |= NTF_ROUTER;
1252 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1256 rt6_set_expires(rt, jiffies + (HZ * lifetime));
1257 if (in6_dev->cnf.accept_ra_min_hop_limit < 256 &&
1258 ra_msg->icmph.icmp6_hop_limit) {
1259 if (in6_dev->cnf.accept_ra_min_hop_limit <= ra_msg->icmph.icmp6_hop_limit) {
1260 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1262 dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
1263 ra_msg->icmph.icmp6_hop_limit);
1265 ND_PRINTK(2, warn, "RA: Got route advertisement with lower hop_limit than minimum\n");
1272 * Update Reachable Time and Retrans Timer
1275 if (in6_dev->nd_parms) {
1276 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1278 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1279 rtime = (rtime*HZ)/1000;
1282 NEIGH_VAR_SET(in6_dev->nd_parms, RETRANS_TIME, rtime);
1283 in6_dev->tstamp = jiffies;
1284 send_ifinfo_notify = true;
1287 rtime = ntohl(ra_msg->reachable_time);
1288 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1289 rtime = (rtime*HZ)/1000;
1294 if (rtime != NEIGH_VAR(in6_dev->nd_parms, BASE_REACHABLE_TIME)) {
1295 NEIGH_VAR_SET(in6_dev->nd_parms,
1296 BASE_REACHABLE_TIME, rtime);
1297 NEIGH_VAR_SET(in6_dev->nd_parms,
1298 GC_STALETIME, 3 * rtime);
1299 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1300 in6_dev->tstamp = jiffies;
1301 send_ifinfo_notify = true;
1307 * Send a notify if RA changed managed/otherconf flags or timer settings
1309 if (send_ifinfo_notify)
1310 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1319 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1323 if (ndopts.nd_opts_src_lladdr) {
1324 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1328 "RA: invalid link-layer address length\n");
1332 neigh_update(neigh, lladdr, NUD_STALE,
1333 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1334 NEIGH_UPDATE_F_OVERRIDE|
1335 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1336 NEIGH_UPDATE_F_ISROUTER);
1339 if (!ipv6_accept_ra(in6_dev)) {
1341 "RA: %s, accept_ra is false for dev: %s\n",
1342 __func__, skb->dev->name);
1346 #ifdef CONFIG_IPV6_ROUTE_INFO
1347 if (!in6_dev->cnf.accept_ra_from_local &&
1348 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
1351 "RA from local address detected on dev: %s: router info ignored.\n",
1353 goto skip_routeinfo;
1356 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1357 struct nd_opt_hdr *p;
1358 for (p = ndopts.nd_opts_ri;
1360 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1361 struct route_info *ri = (struct route_info *)p;
1362 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1363 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1364 ri->prefix_len == 0)
1367 if (ri->prefix_len == 0 &&
1368 !in6_dev->cnf.accept_ra_defrtr)
1370 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1372 rt6_route_rcv(skb->dev, (u8 *)p, (p->nd_opt_len) << 3,
1373 &ipv6_hdr(skb)->saddr);
1380 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1381 /* skip link-specific ndopts from interior routers */
1382 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1384 "RA: %s, nodetype is NODEFAULT (interior routes), dev: %s\n",
1385 __func__, skb->dev->name);
1390 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1391 struct nd_opt_hdr *p;
1392 for (p = ndopts.nd_opts_pi;
1394 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1395 addrconf_prefix_rcv(skb->dev, (u8 *)p,
1396 (p->nd_opt_len) << 3,
1397 ndopts.nd_opts_src_lladdr != NULL);
1401 if (ndopts.nd_opts_mtu && in6_dev->cnf.accept_ra_mtu) {
1405 memcpy(&n, ((u8 *)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1408 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1409 ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1410 } else if (in6_dev->cnf.mtu6 != mtu) {
1411 in6_dev->cnf.mtu6 = mtu;
1414 dst_metric_set(&rt->dst, RTAX_MTU, mtu);
1416 rt6_mtu_change(skb->dev, mtu);
1420 if (ndopts.nd_useropts) {
1421 struct nd_opt_hdr *p;
1422 for (p = ndopts.nd_useropts;
1424 p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) {
1425 ndisc_ra_useropt(skb, p);
1429 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1430 ND_PRINTK(2, warn, "RA: invalid RA options\n");
1435 neigh_release(neigh);
1438 static void ndisc_redirect_rcv(struct sk_buff *skb)
1441 struct ndisc_options ndopts;
1442 struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb);
1443 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
1444 offsetof(struct rd_msg, opt));
1446 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1447 switch (skb->ndisc_nodetype) {
1448 case NDISC_NODETYPE_HOST:
1449 case NDISC_NODETYPE_NODEFAULT:
1451 "Redirect: from host or unauthorized router\n");
1456 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1458 "Redirect: source address is not link-local\n");
1462 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts))
1465 if (!ndopts.nd_opts_rh) {
1466 ip6_redirect_no_header(skb, dev_net(skb->dev),
1467 skb->dev->ifindex, 0);
1471 hdr = (u8 *)ndopts.nd_opts_rh;
1473 if (!pskb_pull(skb, hdr - skb_transport_header(skb)))
1476 icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1479 static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb,
1480 struct sk_buff *orig_skb,
1483 u8 *opt = skb_put(skb, rd_len);
1486 *(opt++) = ND_OPT_REDIRECT_HDR;
1487 *(opt++) = (rd_len >> 3);
1490 memcpy(opt, ipv6_hdr(orig_skb), rd_len - 8);
1493 void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1495 struct net_device *dev = skb->dev;
1496 struct net *net = dev_net(dev);
1497 struct sock *sk = net->ipv6.ndisc_sk;
1499 struct inet_peer *peer;
1500 struct sk_buff *buff;
1502 struct in6_addr saddr_buf;
1503 struct rt6_info *rt;
1504 struct dst_entry *dst;
1507 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL;
1508 int oif = l3mdev_fib_oif(dev);
1511 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1512 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1517 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1518 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1520 "Redirect: target address is not link-local unicast\n");
1524 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1525 &saddr_buf, &ipv6_hdr(skb)->saddr, oif);
1527 if (oif != skb->dev->ifindex)
1528 fl6.flowi6_flags |= FLOWI_FLAG_L3MDEV_SRC;
1530 dst = ip6_route_output(net, NULL, &fl6);
1535 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1539 rt = (struct rt6_info *) dst;
1541 if (rt->rt6i_flags & RTF_GATEWAY) {
1543 "Redirect: destination is not a neighbour\n");
1546 peer = inet_getpeer_v6(net->ipv6.peers, &ipv6_hdr(skb)->saddr, 1);
1547 ret = inet_peer_xrlim_allow(peer, 1*HZ);
1553 if (dev->addr_len) {
1554 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1557 "Redirect: no neigh for target address\n");
1561 read_lock_bh(&neigh->lock);
1562 if (neigh->nud_state & NUD_VALID) {
1563 memcpy(ha_buf, neigh->ha, dev->addr_len);
1564 read_unlock_bh(&neigh->lock);
1566 optlen += ndisc_opt_addr_space(dev);
1568 read_unlock_bh(&neigh->lock);
1570 neigh_release(neigh);
1573 rd_len = min_t(unsigned int,
1574 IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen,
1579 buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
1583 msg = (struct rd_msg *)skb_put(buff, sizeof(*msg));
1584 *msg = (struct rd_msg) {
1586 .icmp6_type = NDISC_REDIRECT,
1589 .dest = ipv6_hdr(skb)->daddr,
1593 * include target_address option
1597 ndisc_fill_addr_option(buff, ND_OPT_TARGET_LL_ADDR, ha);
1600 * build redirect option and copy skb over to the new packet.
1604 ndisc_fill_redirect_hdr_option(buff, skb, rd_len);
1606 skb_dst_set(buff, dst);
1607 ndisc_send_skb(buff, &ipv6_hdr(skb)->saddr, &saddr_buf);
1614 static void pndisc_redo(struct sk_buff *skb)
1620 static bool ndisc_suppress_frag_ndisc(struct sk_buff *skb)
1622 struct inet6_dev *idev = __in6_dev_get(skb->dev);
1626 if (IP6CB(skb)->flags & IP6SKB_FRAGMENTED &&
1627 idev->cnf.suppress_frag_ndisc) {
1628 net_warn_ratelimited("Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.\n");
1634 int ndisc_rcv(struct sk_buff *skb)
1638 if (ndisc_suppress_frag_ndisc(skb))
1641 if (skb_linearize(skb))
1644 msg = (struct nd_msg *)skb_transport_header(skb);
1646 __skb_push(skb, skb->data - skb_transport_header(skb));
1648 if (ipv6_hdr(skb)->hop_limit != 255) {
1649 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1650 ipv6_hdr(skb)->hop_limit);
1654 if (msg->icmph.icmp6_code != 0) {
1655 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1656 msg->icmph.icmp6_code);
1660 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1662 switch (msg->icmph.icmp6_type) {
1663 case NDISC_NEIGHBOUR_SOLICITATION:
1667 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1671 case NDISC_ROUTER_SOLICITATION:
1675 case NDISC_ROUTER_ADVERTISEMENT:
1676 ndisc_router_discovery(skb);
1679 case NDISC_REDIRECT:
1680 ndisc_redirect_rcv(skb);
1687 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1689 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1690 struct netdev_notifier_change_info *change_info;
1691 struct net *net = dev_net(dev);
1692 struct inet6_dev *idev;
1695 case NETDEV_CHANGEADDR:
1696 neigh_changeaddr(&nd_tbl, dev);
1697 fib6_run_gc(0, net, false);
1698 idev = in6_dev_get(dev);
1701 if (idev->cnf.ndisc_notify)
1702 ndisc_send_unsol_na(dev);
1707 if (change_info->flags_changed & IFF_NOARP)
1708 neigh_changeaddr(&nd_tbl, dev);
1711 neigh_ifdown(&nd_tbl, dev);
1712 fib6_run_gc(0, net, false);
1714 case NETDEV_NOTIFY_PEERS:
1715 ndisc_send_unsol_na(dev);
1724 static struct notifier_block ndisc_netdev_notifier = {
1725 .notifier_call = ndisc_netdev_event,
1728 #ifdef CONFIG_SYSCTL
1729 static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1730 const char *func, const char *dev_name)
1732 static char warncomm[TASK_COMM_LEN];
1734 if (strcmp(warncomm, current->comm) && warned < 5) {
1735 strcpy(warncomm, current->comm);
1736 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1738 dev_name, ctl->procname,
1739 dev_name, ctl->procname);
1744 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
1746 struct net_device *dev = ctl->extra1;
1747 struct inet6_dev *idev;
1750 if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1751 (strcmp(ctl->procname, "base_reachable_time") == 0))
1752 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1754 if (strcmp(ctl->procname, "retrans_time") == 0)
1755 ret = neigh_proc_dointvec(ctl, write, buffer, lenp, ppos);
1757 else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1758 ret = neigh_proc_dointvec_jiffies(ctl, write,
1759 buffer, lenp, ppos);
1761 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1762 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1763 ret = neigh_proc_dointvec_ms_jiffies(ctl, write,
1764 buffer, lenp, ppos);
1768 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1769 if (ctl->data == &NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME))
1770 idev->nd_parms->reachable_time =
1771 neigh_rand_reach_time(NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME));
1772 idev->tstamp = jiffies;
1773 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1782 static int __net_init ndisc_net_init(struct net *net)
1784 struct ipv6_pinfo *np;
1788 err = inet_ctl_sock_create(&sk, PF_INET6,
1789 SOCK_RAW, IPPROTO_ICMPV6, net);
1792 "NDISC: Failed to initialize the control socket (err %d)\n",
1797 net->ipv6.ndisc_sk = sk;
1800 np->hop_limit = 255;
1801 /* Do not loopback ndisc messages */
1807 static void __net_exit ndisc_net_exit(struct net *net)
1809 inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1812 static struct pernet_operations ndisc_net_ops = {
1813 .init = ndisc_net_init,
1814 .exit = ndisc_net_exit,
1817 int __init ndisc_init(void)
1821 err = register_pernet_subsys(&ndisc_net_ops);
1825 * Initialize the neighbour table
1827 neigh_table_init(NEIGH_ND_TABLE, &nd_tbl);
1829 #ifdef CONFIG_SYSCTL
1830 err = neigh_sysctl_register(NULL, &nd_tbl.parms,
1831 ndisc_ifinfo_sysctl_change);
1833 goto out_unregister_pernet;
1838 #ifdef CONFIG_SYSCTL
1839 out_unregister_pernet:
1840 unregister_pernet_subsys(&ndisc_net_ops);
1845 int __init ndisc_late_init(void)
1847 return register_netdevice_notifier(&ndisc_netdev_notifier);
1850 void ndisc_late_cleanup(void)
1852 unregister_netdevice_notifier(&ndisc_netdev_notifier);
1855 void ndisc_cleanup(void)
1857 #ifdef CONFIG_SYSCTL
1858 neigh_sysctl_unregister(&nd_tbl.parms);
1860 neigh_table_clear(NEIGH_ND_TABLE, &nd_tbl);
1861 unregister_pernet_subsys(&ndisc_net_ops);
projects / linux-2.6-block.git / blob