1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * Neighbour Discovery for IPv6
4 * Linux INET6 implementation
7 * Pedro Roque <roque@di.fc.ul.pt>
8 * Mike Shaver <shaver@ingenia.com>
14 * Alexey I. Froloff : RFC6106 (DNSSL) support
15 * Pierre Ynard : export userland ND options
16 * through netlink (RDNSS support)
17 * Lars Fenneberg : fixed MTU setting on receipt
19 * Janos Farkas : kmalloc failure checks
20 * Alexey Kuznetsov : state machine reworked
21 * and moved to net/core.
22 * Pekka Savola : RFC2461 validation
23 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly
26 #define pr_fmt(fmt) "ICMPv6: " fmt
28 #include <linux/module.h>
29 #include <linux/errno.h>
30 #include <linux/types.h>
31 #include <linux/socket.h>
32 #include <linux/sockios.h>
33 #include <linux/sched.h>
34 #include <linux/net.h>
35 #include <linux/in6.h>
36 #include <linux/route.h>
37 #include <linux/init.h>
38 #include <linux/rcupdate.h>
39 #include <linux/slab.h>
41 #include <linux/sysctl.h>
44 #include <linux/if_addr.h>
45 #include <linux/if_ether.h>
46 #include <linux/if_arp.h>
47 #include <linux/ipv6.h>
48 #include <linux/icmpv6.h>
49 #include <linux/jhash.h>
55 #include <net/protocol.h>
56 #include <net/ndisc.h>
57 #include <net/ip6_route.h>
58 #include <net/addrconf.h>
61 #include <net/netlink.h>
62 #include <linux/rtnetlink.h>
65 #include <net/ip6_checksum.h>
66 #include <net/inet_common.h>
67 #include <linux/proc_fs.h>
69 #include <linux/netfilter.h>
70 #include <linux/netfilter_ipv6.h>
72 static u32 ndisc_hash(const void *pkey,
73 const struct net_device *dev,
75 static bool ndisc_key_eq(const struct neighbour *neigh, const void *pkey);
76 static bool ndisc_allow_add(const struct net_device *dev,
77 struct netlink_ext_ack *extack);
78 static int ndisc_constructor(struct neighbour *neigh);
79 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
80 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
81 static int pndisc_constructor(struct pneigh_entry *n);
82 static void pndisc_destructor(struct pneigh_entry *n);
83 static void pndisc_redo(struct sk_buff *skb);
84 static int ndisc_is_multicast(const void *pkey);
86 static const struct neigh_ops ndisc_generic_ops = {
88 .solicit = ndisc_solicit,
89 .error_report = ndisc_error_report,
90 .output = neigh_resolve_output,
91 .connected_output = neigh_connected_output,
94 static const struct neigh_ops ndisc_hh_ops = {
96 .solicit = ndisc_solicit,
97 .error_report = ndisc_error_report,
98 .output = neigh_resolve_output,
99 .connected_output = neigh_resolve_output,
103 static const struct neigh_ops ndisc_direct_ops = {
105 .output = neigh_direct_output,
106 .connected_output = neigh_direct_output,
109 struct neigh_table nd_tbl = {
111 .key_len = sizeof(struct in6_addr),
112 .protocol = cpu_to_be16(ETH_P_IPV6),
114 .key_eq = ndisc_key_eq,
115 .constructor = ndisc_constructor,
116 .pconstructor = pndisc_constructor,
117 .pdestructor = pndisc_destructor,
118 .proxy_redo = pndisc_redo,
119 .is_multicast = ndisc_is_multicast,
120 .allow_add = ndisc_allow_add,
124 .reachable_time = ND_REACHABLE_TIME,
126 [NEIGH_VAR_MCAST_PROBES] = 3,
127 [NEIGH_VAR_UCAST_PROBES] = 3,
128 [NEIGH_VAR_RETRANS_TIME] = ND_RETRANS_TIMER,
129 [NEIGH_VAR_BASE_REACHABLE_TIME] = ND_REACHABLE_TIME,
130 [NEIGH_VAR_DELAY_PROBE_TIME] = 5 * HZ,
131 [NEIGH_VAR_INTERVAL_PROBE_TIME_MS] = 5 * HZ,
132 [NEIGH_VAR_GC_STALETIME] = 60 * HZ,
133 [NEIGH_VAR_QUEUE_LEN_BYTES] = SK_WMEM_MAX,
134 [NEIGH_VAR_PROXY_QLEN] = 64,
135 [NEIGH_VAR_ANYCAST_DELAY] = 1 * HZ,
136 [NEIGH_VAR_PROXY_DELAY] = (8 * HZ) / 10,
139 .gc_interval = 30 * HZ,
144 EXPORT_SYMBOL_GPL(nd_tbl);
146 void __ndisc_fill_addr_option(struct sk_buff *skb, int type, const void *data,
147 int data_len, int pad)
149 int space = __ndisc_opt_addr_space(data_len, pad);
150 u8 *opt = skb_put(skb, space);
155 memset(opt + 2, 0, pad);
159 memcpy(opt+2, data, data_len);
164 memset(opt, 0, space);
166 EXPORT_SYMBOL_GPL(__ndisc_fill_addr_option);
168 static inline void ndisc_fill_addr_option(struct sk_buff *skb, int type,
169 const void *data, u8 icmp6_type)
171 __ndisc_fill_addr_option(skb, type, data, skb->dev->addr_len,
172 ndisc_addr_option_pad(skb->dev->type));
173 ndisc_ops_fill_addr_option(skb->dev, skb, icmp6_type);
176 static inline void ndisc_fill_redirect_addr_option(struct sk_buff *skb,
180 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR, ha, NDISC_REDIRECT);
181 ndisc_ops_fill_redirect_addr_option(skb->dev, skb, ops_data);
184 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
185 struct nd_opt_hdr *end)
188 if (!cur || !end || cur >= end)
190 type = cur->nd_opt_type;
192 cur = ((void *)cur) + (cur->nd_opt_len << 3);
193 } while (cur < end && cur->nd_opt_type != type);
194 return cur <= end && cur->nd_opt_type == type ? cur : NULL;
197 static inline int ndisc_is_useropt(const struct net_device *dev,
198 struct nd_opt_hdr *opt)
200 return opt->nd_opt_type == ND_OPT_PREFIX_INFO ||
201 opt->nd_opt_type == ND_OPT_RDNSS ||
202 opt->nd_opt_type == ND_OPT_DNSSL ||
203 opt->nd_opt_type == ND_OPT_CAPTIVE_PORTAL ||
204 opt->nd_opt_type == ND_OPT_PREF64 ||
205 ndisc_ops_is_useropt(dev, opt->nd_opt_type);
208 static struct nd_opt_hdr *ndisc_next_useropt(const struct net_device *dev,
209 struct nd_opt_hdr *cur,
210 struct nd_opt_hdr *end)
212 if (!cur || !end || cur >= end)
215 cur = ((void *)cur) + (cur->nd_opt_len << 3);
216 } while (cur < end && !ndisc_is_useropt(dev, cur));
217 return cur <= end && ndisc_is_useropt(dev, cur) ? cur : NULL;
220 struct ndisc_options *ndisc_parse_options(const struct net_device *dev,
221 u8 *opt, int opt_len,
222 struct ndisc_options *ndopts)
224 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
226 if (!nd_opt || opt_len < 0 || !ndopts)
228 memset(ndopts, 0, sizeof(*ndopts));
231 if (opt_len < sizeof(struct nd_opt_hdr))
233 l = nd_opt->nd_opt_len << 3;
234 if (opt_len < l || l == 0)
236 if (ndisc_ops_parse_options(dev, nd_opt, ndopts))
238 switch (nd_opt->nd_opt_type) {
239 case ND_OPT_SOURCE_LL_ADDR:
240 case ND_OPT_TARGET_LL_ADDR:
243 case ND_OPT_REDIRECT_HDR:
244 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
246 "%s: duplicated ND6 option found: type=%d\n",
247 __func__, nd_opt->nd_opt_type);
249 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
252 case ND_OPT_PREFIX_INFO:
253 ndopts->nd_opts_pi_end = nd_opt;
254 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
255 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
257 #ifdef CONFIG_IPV6_ROUTE_INFO
258 case ND_OPT_ROUTE_INFO:
259 ndopts->nd_opts_ri_end = nd_opt;
260 if (!ndopts->nd_opts_ri)
261 ndopts->nd_opts_ri = nd_opt;
265 if (ndisc_is_useropt(dev, nd_opt)) {
266 ndopts->nd_useropts_end = nd_opt;
267 if (!ndopts->nd_useropts)
268 ndopts->nd_useropts = nd_opt;
271 * Unknown options must be silently ignored,
272 * to accommodate future extension to the
276 "%s: ignored unsupported option; type=%d, len=%d\n",
284 nd_opt = ((void *)nd_opt) + l;
289 int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
293 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */
295 ipv6_eth_mc_map(addr, buf);
298 ipv6_arcnet_mc_map(addr, buf);
300 case ARPHRD_INFINIBAND:
301 ipv6_ib_mc_map(addr, dev->broadcast, buf);
304 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
307 memcpy(buf, dev->broadcast, dev->addr_len);
313 EXPORT_SYMBOL(ndisc_mc_map);
315 static u32 ndisc_hash(const void *pkey,
316 const struct net_device *dev,
319 return ndisc_hashfn(pkey, dev, hash_rnd);
322 static bool ndisc_key_eq(const struct neighbour *n, const void *pkey)
324 return neigh_key_eq128(n, pkey);
327 static int ndisc_constructor(struct neighbour *neigh)
329 struct in6_addr *addr = (struct in6_addr *)&neigh->primary_key;
330 struct net_device *dev = neigh->dev;
331 struct inet6_dev *in6_dev;
332 struct neigh_parms *parms;
333 bool is_multicast = ipv6_addr_is_multicast(addr);
335 in6_dev = in6_dev_get(dev);
340 parms = in6_dev->nd_parms;
341 __neigh_parms_put(neigh->parms);
342 neigh->parms = neigh_parms_clone(parms);
344 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
345 if (!dev->header_ops) {
346 neigh->nud_state = NUD_NOARP;
347 neigh->ops = &ndisc_direct_ops;
348 neigh->output = neigh_direct_output;
351 neigh->nud_state = NUD_NOARP;
352 ndisc_mc_map(addr, neigh->ha, dev, 1);
353 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
354 neigh->nud_state = NUD_NOARP;
355 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
356 if (dev->flags&IFF_LOOPBACK)
357 neigh->type = RTN_LOCAL;
358 } else if (dev->flags&IFF_POINTOPOINT) {
359 neigh->nud_state = NUD_NOARP;
360 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
362 if (dev->header_ops->cache)
363 neigh->ops = &ndisc_hh_ops;
365 neigh->ops = &ndisc_generic_ops;
366 if (neigh->nud_state&NUD_VALID)
367 neigh->output = neigh->ops->connected_output;
369 neigh->output = neigh->ops->output;
371 in6_dev_put(in6_dev);
375 static int pndisc_constructor(struct pneigh_entry *n)
377 struct in6_addr *addr = (struct in6_addr *)&n->key;
378 struct in6_addr maddr;
379 struct net_device *dev = n->dev;
381 if (!dev || !__in6_dev_get(dev))
383 addrconf_addr_solict_mult(addr, &maddr);
384 ipv6_dev_mc_inc(dev, &maddr);
388 static void pndisc_destructor(struct pneigh_entry *n)
390 struct in6_addr *addr = (struct in6_addr *)&n->key;
391 struct in6_addr maddr;
392 struct net_device *dev = n->dev;
394 if (!dev || !__in6_dev_get(dev))
396 addrconf_addr_solict_mult(addr, &maddr);
397 ipv6_dev_mc_dec(dev, &maddr);
400 /* called with rtnl held */
401 static bool ndisc_allow_add(const struct net_device *dev,
402 struct netlink_ext_ack *extack)
404 struct inet6_dev *idev = __in6_dev_get(dev);
406 if (!idev || idev->cnf.disable_ipv6) {
407 NL_SET_ERR_MSG(extack, "IPv6 is disabled on this device");
414 static struct sk_buff *ndisc_alloc_skb(struct net_device *dev,
417 int hlen = LL_RESERVED_SPACE(dev);
418 int tlen = dev->needed_tailroom;
419 struct sock *sk = dev_net(dev)->ipv6.ndisc_sk;
422 skb = alloc_skb(hlen + sizeof(struct ipv6hdr) + len + tlen, GFP_ATOMIC);
424 ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb\n",
429 skb->protocol = htons(ETH_P_IPV6);
432 skb_reserve(skb, hlen + sizeof(struct ipv6hdr));
433 skb_reset_transport_header(skb);
435 /* Manually assign socket ownership as we avoid calling
436 * sock_alloc_send_pskb() to bypass wmem buffer limits
438 skb_set_owner_w(skb, sk);
443 static void ip6_nd_hdr(struct sk_buff *skb,
444 const struct in6_addr *saddr,
445 const struct in6_addr *daddr,
446 int hop_limit, int len)
449 struct inet6_dev *idev;
453 idev = __in6_dev_get(skb->dev);
454 tclass = idev ? idev->cnf.ndisc_tclass : 0;
457 skb_push(skb, sizeof(*hdr));
458 skb_reset_network_header(skb);
461 ip6_flow_hdr(hdr, tclass, 0);
463 hdr->payload_len = htons(len);
464 hdr->nexthdr = IPPROTO_ICMPV6;
465 hdr->hop_limit = hop_limit;
471 void ndisc_send_skb(struct sk_buff *skb, const struct in6_addr *daddr,
472 const struct in6_addr *saddr)
474 struct dst_entry *dst = skb_dst(skb);
475 struct net *net = dev_net(skb->dev);
476 struct sock *sk = net->ipv6.ndisc_sk;
477 struct inet6_dev *idev;
479 struct icmp6hdr *icmp6h = icmp6_hdr(skb);
482 type = icmp6h->icmp6_type;
486 int oif = skb->dev->ifindex;
488 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, oif);
489 dst = icmp6_dst_alloc(skb->dev, &fl6);
495 skb_dst_set(skb, dst);
498 icmp6h->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len,
503 ip6_nd_hdr(skb, saddr, daddr, READ_ONCE(inet6_sk(sk)->hop_limit), skb->len);
506 idev = __in6_dev_get(dst->dev);
507 IP6_INC_STATS(net, idev, IPSTATS_MIB_OUTREQUESTS);
509 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT,
510 net, sk, skb, NULL, dst->dev,
513 ICMP6MSGOUT_INC_STATS(net, idev, type);
514 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
519 EXPORT_SYMBOL(ndisc_send_skb);
521 void ndisc_send_na(struct net_device *dev, const struct in6_addr *daddr,
522 const struct in6_addr *solicited_addr,
523 bool router, bool solicited, bool override, bool inc_opt)
526 struct in6_addr tmpaddr;
527 struct inet6_ifaddr *ifp;
528 const struct in6_addr *src_addr;
532 /* for anycast or proxy, solicited_addr != src_addr */
533 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
535 src_addr = solicited_addr;
536 if (ifp->flags & IFA_F_OPTIMISTIC)
538 inc_opt |= ifp->idev->cnf.force_tllao;
541 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
542 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
551 optlen += ndisc_opt_addr_space(dev,
552 NDISC_NEIGHBOUR_ADVERTISEMENT);
554 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
558 msg = skb_put(skb, sizeof(*msg));
559 *msg = (struct nd_msg) {
561 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
562 .icmp6_router = router,
563 .icmp6_solicited = solicited,
564 .icmp6_override = override,
566 .target = *solicited_addr,
570 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR,
572 NDISC_NEIGHBOUR_ADVERTISEMENT);
574 ndisc_send_skb(skb, daddr, src_addr);
577 static void ndisc_send_unsol_na(struct net_device *dev)
579 struct inet6_dev *idev;
580 struct inet6_ifaddr *ifa;
582 idev = in6_dev_get(dev);
586 read_lock_bh(&idev->lock);
587 list_for_each_entry(ifa, &idev->addr_list, if_list) {
588 /* skip tentative addresses until dad completes */
589 if (ifa->flags & IFA_F_TENTATIVE &&
590 !(ifa->flags & IFA_F_OPTIMISTIC))
593 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &ifa->addr,
594 /*router=*/ !!idev->cnf.forwarding,
595 /*solicited=*/ false, /*override=*/ true,
598 read_unlock_bh(&idev->lock);
603 struct sk_buff *ndisc_ns_create(struct net_device *dev, const struct in6_addr *solicit,
604 const struct in6_addr *saddr, u64 nonce)
606 int inc_opt = dev->addr_len;
614 if (ipv6_addr_any(saddr))
617 optlen += ndisc_opt_addr_space(dev,
618 NDISC_NEIGHBOUR_SOLICITATION);
622 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
626 msg = skb_put(skb, sizeof(*msg));
627 *msg = (struct nd_msg) {
629 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
635 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
637 NDISC_NEIGHBOUR_SOLICITATION);
639 u8 *opt = skb_put(skb, 8);
641 opt[0] = ND_OPT_NONCE;
643 memcpy(opt + 2, &nonce, 6);
648 EXPORT_SYMBOL(ndisc_ns_create);
650 void ndisc_send_ns(struct net_device *dev, const struct in6_addr *solicit,
651 const struct in6_addr *daddr, const struct in6_addr *saddr,
654 struct in6_addr addr_buf;
658 if (ipv6_get_lladdr(dev, &addr_buf,
659 (IFA_F_TENTATIVE | IFA_F_OPTIMISTIC)))
664 skb = ndisc_ns_create(dev, solicit, saddr, nonce);
667 ndisc_send_skb(skb, daddr, saddr);
670 void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
671 const struct in6_addr *daddr)
675 int send_sllao = dev->addr_len;
678 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
680 * According to section 2.2 of RFC 4429, we must not
681 * send router solicitations with a sllao from
682 * optimistic addresses, but we may send the solicitation
683 * if we don't include the sllao. So here we check
684 * if our address is optimistic, and if so, we
685 * suppress the inclusion of the sllao.
688 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
691 if (ifp->flags & IFA_F_OPTIMISTIC) {
701 optlen += ndisc_opt_addr_space(dev, NDISC_ROUTER_SOLICITATION);
703 skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
707 msg = skb_put(skb, sizeof(*msg));
708 *msg = (struct rs_msg) {
710 .icmp6_type = NDISC_ROUTER_SOLICITATION,
715 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
717 NDISC_ROUTER_SOLICITATION);
719 ndisc_send_skb(skb, daddr, saddr);
723 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
726 * "The sender MUST return an ICMP
727 * destination unreachable"
729 dst_link_failure(skb);
733 /* Called with locked neigh: either read or both */
735 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
737 struct in6_addr *saddr = NULL;
738 struct in6_addr mcaddr;
739 struct net_device *dev = neigh->dev;
740 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
741 int probes = atomic_read(&neigh->probes);
743 if (skb && ipv6_chk_addr_and_flags(dev_net(dev), &ipv6_hdr(skb)->saddr,
745 IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))
746 saddr = &ipv6_hdr(skb)->saddr;
747 probes -= NEIGH_VAR(neigh->parms, UCAST_PROBES);
749 if (!(READ_ONCE(neigh->nud_state) & NUD_VALID)) {
751 "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
754 ndisc_send_ns(dev, target, target, saddr, 0);
755 } else if ((probes -= NEIGH_VAR(neigh->parms, APP_PROBES)) < 0) {
758 addrconf_addr_solict_mult(target, &mcaddr);
759 ndisc_send_ns(dev, target, &mcaddr, saddr, 0);
763 static int pndisc_is_router(const void *pkey,
764 struct net_device *dev)
766 struct pneigh_entry *n;
769 read_lock_bh(&nd_tbl.lock);
770 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
772 ret = !!(n->flags & NTF_ROUTER);
773 read_unlock_bh(&nd_tbl.lock);
778 void ndisc_update(const struct net_device *dev, struct neighbour *neigh,
779 const u8 *lladdr, u8 new, u32 flags, u8 icmp6_type,
780 struct ndisc_options *ndopts)
782 neigh_update(neigh, lladdr, new, flags, 0);
783 /* report ndisc ops about neighbour update */
784 ndisc_ops_update(dev, neigh, flags, icmp6_type, ndopts);
787 static enum skb_drop_reason ndisc_recv_ns(struct sk_buff *skb)
789 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
790 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
791 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
793 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
794 offsetof(struct nd_msg, opt));
795 struct ndisc_options ndopts;
796 struct net_device *dev = skb->dev;
797 struct inet6_ifaddr *ifp;
798 struct inet6_dev *idev = NULL;
799 struct neighbour *neigh;
800 int dad = ipv6_addr_any(saddr);
806 if (skb->len < sizeof(struct nd_msg))
807 return SKB_DROP_REASON_PKT_TOO_SMALL;
809 if (ipv6_addr_is_multicast(&msg->target)) {
810 ND_PRINTK(2, warn, "NS: multicast target address\n");
816 * DAD has to be destined for solicited node multicast address.
818 if (dad && !ipv6_addr_is_solict_mult(daddr)) {
819 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
823 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts))
824 return SKB_DROP_REASON_IPV6_NDISC_BAD_OPTIONS;
826 if (ndopts.nd_opts_src_lladdr) {
827 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
830 "NS: invalid link-layer address length\n");
835 * If the IP source address is the unspecified address,
836 * there MUST NOT be source link-layer address option
841 "NS: bad DAD packet (link-layer address option)\n");
845 if (ndopts.nd_opts_nonce && ndopts.nd_opts_nonce->nd_opt_len == 1)
846 memcpy(&nonce, (u8 *)(ndopts.nd_opts_nonce + 1), 6);
848 inc = ipv6_addr_is_multicast(daddr);
850 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
853 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
855 if (nonce != 0 && ifp->dad_nonce == nonce) {
856 u8 *np = (u8 *)&nonce;
857 /* Matching nonce if looped back */
859 "%s: IPv6 DAD loopback for address %pI6c nonce %pM ignored\n",
860 ifp->idev->dev->name,
865 * We are colliding with another node
867 * so fail our DAD process
869 addrconf_dad_failure(skb, ifp);
873 * This is not a dad solicitation.
874 * If we are an optimistic node,
876 * Otherwise, we should ignore it.
878 if (!(ifp->flags & IFA_F_OPTIMISTIC))
885 struct net *net = dev_net(dev);
887 /* perhaps an address on the master device */
888 if (netif_is_l3_slave(dev)) {
889 struct net_device *mdev;
891 mdev = netdev_master_upper_dev_get_rcu(dev);
893 ifp = ipv6_get_ifaddr(net, &msg->target, mdev, 1);
899 idev = in6_dev_get(dev);
901 /* XXX: count this drop? */
905 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
906 (idev->cnf.forwarding &&
907 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
908 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
909 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
910 skb->pkt_type != PACKET_HOST &&
912 NEIGH_VAR(idev->nd_parms, PROXY_DELAY) != 0) {
914 * for anycast or proxy,
915 * sender should delay its response
916 * by a random time between 0 and
917 * MAX_ANYCAST_DELAY_TIME seconds.
918 * (RFC2461) -- yoshfuji
920 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
922 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
926 SKB_DR_SET(reason, IPV6_NDISC_NS_OTHERHOST);
932 is_router = idev->cnf.forwarding;
935 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &msg->target,
936 !!is_router, false, (ifp != NULL), true);
941 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
943 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
946 * update / create cache entry
947 * for the source address
949 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
950 !inc || lladdr || !dev->addr_len);
952 ndisc_update(dev, neigh, lladdr, NUD_STALE,
953 NEIGH_UPDATE_F_WEAK_OVERRIDE|
954 NEIGH_UPDATE_F_OVERRIDE,
955 NDISC_NEIGHBOUR_SOLICITATION, &ndopts);
956 if (neigh || !dev->header_ops) {
957 ndisc_send_na(dev, saddr, &msg->target, !!is_router,
958 true, (ifp != NULL && inc), inc);
960 neigh_release(neigh);
961 reason = SKB_CONSUMED;
972 static int accept_untracked_na(struct net_device *dev, struct in6_addr *saddr)
974 struct inet6_dev *idev = __in6_dev_get(dev);
976 switch (idev->cnf.accept_untracked_na) {
977 case 0: /* Don't accept untracked na (absent in neighbor cache) */
979 case 1: /* Create new entries from na if currently untracked */
981 case 2: /* Create new entries from untracked na only if saddr is in the
982 * same subnet as an address configured on the interface that
985 return !!ipv6_chk_prefix(saddr, dev);
991 static enum skb_drop_reason ndisc_recv_na(struct sk_buff *skb)
993 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
994 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
995 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
997 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
998 offsetof(struct nd_msg, opt));
999 struct ndisc_options ndopts;
1000 struct net_device *dev = skb->dev;
1001 struct inet6_dev *idev = __in6_dev_get(dev);
1002 struct inet6_ifaddr *ifp;
1003 struct neighbour *neigh;
1007 if (skb->len < sizeof(struct nd_msg))
1008 return SKB_DROP_REASON_PKT_TOO_SMALL;
1010 if (ipv6_addr_is_multicast(&msg->target)) {
1011 ND_PRINTK(2, warn, "NA: target address is multicast\n");
1015 if (ipv6_addr_is_multicast(daddr) &&
1016 msg->icmph.icmp6_solicited) {
1017 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
1021 /* For some 802.11 wireless deployments (and possibly other networks),
1022 * there will be a NA proxy and unsolicitd packets are attacks
1023 * and thus should not be accepted.
1024 * drop_unsolicited_na takes precedence over accept_untracked_na
1026 if (!msg->icmph.icmp6_solicited && idev &&
1027 idev->cnf.drop_unsolicited_na)
1030 if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts))
1031 return SKB_DROP_REASON_IPV6_NDISC_BAD_OPTIONS;
1033 if (ndopts.nd_opts_tgt_lladdr) {
1034 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
1037 "NA: invalid link-layer address length\n");
1041 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
1043 if (skb->pkt_type != PACKET_LOOPBACK
1044 && (ifp->flags & IFA_F_TENTATIVE)) {
1045 addrconf_dad_failure(skb, ifp);
1048 /* What should we make now? The advertisement
1049 is invalid, but ndisc specs say nothing
1050 about it. It could be misconfiguration, or
1051 an smart proxy agent tries to help us :-)
1053 We should not print the error if NA has been
1054 received from loopback - it is just our own
1055 unsolicited advertisement.
1057 if (skb->pkt_type != PACKET_LOOPBACK)
1059 "NA: %pM advertised our address %pI6c on %s!\n",
1060 eth_hdr(skb)->h_source, &ifp->addr, ifp->idev->dev->name);
1065 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
1067 /* RFC 9131 updates original Neighbour Discovery RFC 4861.
1068 * NAs with Target LL Address option without a corresponding
1069 * entry in the neighbour cache can now create a STALE neighbour
1070 * cache entry on routers.
1072 * entry accept fwding solicited behaviour
1073 * ------- ------ ------ --------- ----------------------
1074 * present X X 0 Set state to STALE
1075 * present X X 1 Set state to REACHABLE
1076 * absent 0 X X Do nothing
1077 * absent 1 0 X Do nothing
1078 * absent 1 1 X Add a new STALE entry
1080 * Note that we don't do a (daddr == all-routers-mcast) check.
1082 new_state = msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE;
1083 if (!neigh && lladdr && idev && idev->cnf.forwarding) {
1084 if (accept_untracked_na(dev, saddr)) {
1085 neigh = neigh_create(&nd_tbl, &msg->target, dev);
1086 new_state = NUD_STALE;
1090 if (neigh && !IS_ERR(neigh)) {
1091 u8 old_flags = neigh->flags;
1092 struct net *net = dev_net(dev);
1094 if (READ_ONCE(neigh->nud_state) & NUD_FAILED)
1098 * Don't update the neighbor cache entry on a proxy NA from
1099 * ourselves because either the proxied node is off link or it
1100 * has already sent a NA to us.
1102 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
1103 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
1104 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
1105 /* XXX: idev->cnf.proxy_ndp */
1109 ndisc_update(dev, neigh, lladdr,
1111 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1112 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
1113 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1114 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0),
1115 NDISC_NEIGHBOUR_ADVERTISEMENT, &ndopts);
1117 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
1119 * Change: router to host
1121 rt6_clean_tohost(dev_net(dev), saddr);
1123 reason = SKB_CONSUMED;
1125 neigh_release(neigh);
1130 static enum skb_drop_reason ndisc_recv_rs(struct sk_buff *skb)
1132 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
1133 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
1134 struct neighbour *neigh;
1135 struct inet6_dev *idev;
1136 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
1137 struct ndisc_options ndopts;
1141 if (skb->len < sizeof(*rs_msg))
1142 return SKB_DROP_REASON_PKT_TOO_SMALL;
1144 idev = __in6_dev_get(skb->dev);
1146 ND_PRINTK(1, err, "RS: can't find in6 device\n");
1150 /* Don't accept RS if we're not in router mode */
1151 if (!idev->cnf.forwarding)
1155 * Don't update NCE if src = ::;
1156 * this implies that the source node has no ip address assigned yet.
1158 if (ipv6_addr_any(saddr))
1161 /* Parse ND options */
1162 if (!ndisc_parse_options(skb->dev, rs_msg->opt, ndoptlen, &ndopts))
1163 return SKB_DROP_REASON_IPV6_NDISC_BAD_OPTIONS;
1165 if (ndopts.nd_opts_src_lladdr) {
1166 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1172 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1174 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1175 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1176 NEIGH_UPDATE_F_OVERRIDE|
1177 NEIGH_UPDATE_F_OVERRIDE_ISROUTER,
1178 NDISC_ROUTER_SOLICITATION, &ndopts);
1179 neigh_release(neigh);
1180 reason = SKB_CONSUMED;
1186 static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1188 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1189 struct sk_buff *skb;
1190 struct nlmsghdr *nlh;
1191 struct nduseroptmsg *ndmsg;
1192 struct net *net = dev_net(ra->dev);
1194 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1195 + (opt->nd_opt_len << 3));
1196 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1198 skb = nlmsg_new(msg_size, GFP_ATOMIC);
1204 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1206 goto nla_put_failure;
1209 ndmsg = nlmsg_data(nlh);
1210 ndmsg->nduseropt_family = AF_INET6;
1211 ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1212 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1213 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1214 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1216 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1218 if (nla_put_in6_addr(skb, NDUSEROPT_SRCADDR, &ipv6_hdr(ra)->saddr))
1219 goto nla_put_failure;
1220 nlmsg_end(skb, nlh);
1222 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1229 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1232 static enum skb_drop_reason ndisc_router_discovery(struct sk_buff *skb)
1234 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1235 bool send_ifinfo_notify = false;
1236 struct neighbour *neigh = NULL;
1237 struct ndisc_options ndopts;
1238 struct fib6_info *rt = NULL;
1239 struct inet6_dev *in6_dev;
1240 struct fib6_table *table;
1241 u32 defrtr_usr_metric;
1242 unsigned int pref = 0;
1249 __u8 *opt = (__u8 *)(ra_msg + 1);
1251 optlen = (skb_tail_pointer(skb) - skb_transport_header(skb)) -
1252 sizeof(struct ra_msg);
1255 "RA: %s, dev: %s\n",
1256 __func__, skb->dev->name);
1257 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1258 ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1262 return SKB_DROP_REASON_PKT_TOO_SMALL;
1264 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1265 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1266 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
1271 in6_dev = __in6_dev_get(skb->dev);
1273 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1278 if (!ndisc_parse_options(skb->dev, opt, optlen, &ndopts))
1279 return SKB_DROP_REASON_IPV6_NDISC_BAD_OPTIONS;
1281 if (!ipv6_accept_ra(in6_dev)) {
1283 "RA: %s, did not accept ra for dev: %s\n",
1284 __func__, skb->dev->name);
1285 goto skip_linkparms;
1288 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1289 /* skip link-specific parameters from interior routers */
1290 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1292 "RA: %s, nodetype is NODEFAULT, dev: %s\n",
1293 __func__, skb->dev->name);
1294 goto skip_linkparms;
1298 if (in6_dev->if_flags & IF_RS_SENT) {
1300 * flag that an RA was received after an RS was sent
1301 * out on this interface.
1303 in6_dev->if_flags |= IF_RA_RCVD;
1307 * Remember the managed/otherconf flags from most recently
1308 * received RA message (RFC 2462) -- yoshfuji
1310 old_if_flags = in6_dev->if_flags;
1311 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1313 (ra_msg->icmph.icmp6_addrconf_managed ?
1314 IF_RA_MANAGED : 0) |
1315 (ra_msg->icmph.icmp6_addrconf_other ?
1316 IF_RA_OTHERCONF : 0);
1318 if (old_if_flags != in6_dev->if_flags)
1319 send_ifinfo_notify = true;
1321 if (!in6_dev->cnf.accept_ra_defrtr) {
1323 "RA: %s, defrtr is false for dev: %s\n",
1324 __func__, skb->dev->name);
1328 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1329 if (lifetime != 0 && lifetime < in6_dev->cnf.accept_ra_min_lft) {
1331 "RA: router lifetime (%ds) is too short: %s\n",
1332 lifetime, skb->dev->name);
1336 /* Do not accept RA with source-addr found on local machine unless
1337 * accept_ra_from_local is set to true.
1339 net = dev_net(in6_dev->dev);
1340 if (!in6_dev->cnf.accept_ra_from_local &&
1341 ipv6_chk_addr(net, &ipv6_hdr(skb)->saddr, in6_dev->dev, 0)) {
1343 "RA from local address detected on dev: %s: default router ignored\n",
1348 #ifdef CONFIG_IPV6_ROUTER_PREF
1349 pref = ra_msg->icmph.icmp6_router_pref;
1350 /* 10b is handled as if it were 00b (medium) */
1351 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1352 !in6_dev->cnf.accept_ra_rtr_pref)
1353 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1355 /* routes added from RAs do not use nexthop objects */
1356 rt = rt6_get_dflt_router(net, &ipv6_hdr(skb)->saddr, skb->dev);
1358 neigh = ip6_neigh_lookup(&rt->fib6_nh->fib_nh_gw6,
1359 rt->fib6_nh->fib_nh_dev, NULL,
1360 &ipv6_hdr(skb)->saddr);
1363 "RA: %s got default router without neighbour\n",
1365 fib6_info_release(rt);
1369 /* Set default route metric as specified by user */
1370 defrtr_usr_metric = in6_dev->cnf.ra_defrtr_metric;
1371 /* delete the route if lifetime is 0 or if metric needs change */
1372 if (rt && (lifetime == 0 || rt->fib6_metric != defrtr_usr_metric)) {
1373 ip6_del_rt(net, rt, false);
1377 ND_PRINTK(3, info, "RA: rt: %p lifetime: %d, metric: %d, for dev: %s\n",
1378 rt, lifetime, defrtr_usr_metric, skb->dev->name);
1379 if (!rt && lifetime) {
1380 ND_PRINTK(3, info, "RA: adding default router\n");
1383 neigh_release(neigh);
1385 rt = rt6_add_dflt_router(net, &ipv6_hdr(skb)->saddr,
1386 skb->dev, pref, defrtr_usr_metric,
1390 "RA: %s failed to add default route\n",
1395 neigh = ip6_neigh_lookup(&rt->fib6_nh->fib_nh_gw6,
1396 rt->fib6_nh->fib_nh_dev, NULL,
1397 &ipv6_hdr(skb)->saddr);
1400 "RA: %s got default router without neighbour\n",
1402 fib6_info_release(rt);
1405 neigh->flags |= NTF_ROUTER;
1406 } else if (rt && IPV6_EXTRACT_PREF(rt->fib6_flags) != pref) {
1407 struct nl_info nlinfo = {
1410 rt->fib6_flags = (rt->fib6_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1411 inet6_rt_notify(RTM_NEWROUTE, rt, &nlinfo, NLM_F_REPLACE);
1415 table = rt->fib6_table;
1416 spin_lock_bh(&table->tb6_lock);
1418 fib6_set_expires(rt, jiffies + (HZ * lifetime));
1419 fib6_add_gc_list(rt);
1421 spin_unlock_bh(&table->tb6_lock);
1423 if (in6_dev->cnf.accept_ra_min_hop_limit < 256 &&
1424 ra_msg->icmph.icmp6_hop_limit) {
1425 if (in6_dev->cnf.accept_ra_min_hop_limit <= ra_msg->icmph.icmp6_hop_limit) {
1426 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1427 fib6_metric_set(rt, RTAX_HOPLIMIT,
1428 ra_msg->icmph.icmp6_hop_limit);
1430 ND_PRINTK(2, warn, "RA: Got route advertisement with lower hop_limit than minimum\n");
1437 * Update Reachable Time and Retrans Timer
1440 if (in6_dev->nd_parms) {
1441 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1443 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1444 rtime = (rtime*HZ)/1000;
1447 NEIGH_VAR_SET(in6_dev->nd_parms, RETRANS_TIME, rtime);
1448 in6_dev->tstamp = jiffies;
1449 send_ifinfo_notify = true;
1452 rtime = ntohl(ra_msg->reachable_time);
1453 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1454 rtime = (rtime*HZ)/1000;
1459 if (rtime != NEIGH_VAR(in6_dev->nd_parms, BASE_REACHABLE_TIME)) {
1460 NEIGH_VAR_SET(in6_dev->nd_parms,
1461 BASE_REACHABLE_TIME, rtime);
1462 NEIGH_VAR_SET(in6_dev->nd_parms,
1463 GC_STALETIME, 3 * rtime);
1464 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1465 in6_dev->tstamp = jiffies;
1466 send_ifinfo_notify = true;
1478 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1482 if (ndopts.nd_opts_src_lladdr) {
1483 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1487 "RA: invalid link-layer address length\n");
1491 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1492 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1493 NEIGH_UPDATE_F_OVERRIDE|
1494 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1495 NEIGH_UPDATE_F_ISROUTER,
1496 NDISC_ROUTER_ADVERTISEMENT, &ndopts);
1497 reason = SKB_CONSUMED;
1500 if (!ipv6_accept_ra(in6_dev)) {
1502 "RA: %s, accept_ra is false for dev: %s\n",
1503 __func__, skb->dev->name);
1507 #ifdef CONFIG_IPV6_ROUTE_INFO
1508 if (!in6_dev->cnf.accept_ra_from_local &&
1509 ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
1512 "RA from local address detected on dev: %s: router info ignored.\n",
1514 goto skip_routeinfo;
1517 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1518 struct nd_opt_hdr *p;
1519 for (p = ndopts.nd_opts_ri;
1521 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1522 struct route_info *ri = (struct route_info *)p;
1523 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1524 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1525 ri->prefix_len == 0)
1528 if (ri->prefix_len == 0 &&
1529 !in6_dev->cnf.accept_ra_defrtr)
1531 if (ri->lifetime != 0 &&
1532 ntohl(ri->lifetime) < in6_dev->cnf.accept_ra_min_lft)
1534 if (ri->prefix_len < in6_dev->cnf.accept_ra_rt_info_min_plen)
1536 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1538 rt6_route_rcv(skb->dev, (u8 *)p, (p->nd_opt_len) << 3,
1539 &ipv6_hdr(skb)->saddr);
1546 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1547 /* skip link-specific ndopts from interior routers */
1548 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1550 "RA: %s, nodetype is NODEFAULT (interior routes), dev: %s\n",
1551 __func__, skb->dev->name);
1556 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1557 struct nd_opt_hdr *p;
1558 for (p = ndopts.nd_opts_pi;
1560 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1561 addrconf_prefix_rcv(skb->dev, (u8 *)p,
1562 (p->nd_opt_len) << 3,
1563 ndopts.nd_opts_src_lladdr != NULL);
1567 if (ndopts.nd_opts_mtu && in6_dev->cnf.accept_ra_mtu) {
1571 memcpy(&n, ((u8 *)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1574 if (in6_dev->ra_mtu != mtu) {
1575 in6_dev->ra_mtu = mtu;
1576 send_ifinfo_notify = true;
1579 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1580 ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1581 } else if (in6_dev->cnf.mtu6 != mtu) {
1582 in6_dev->cnf.mtu6 = mtu;
1583 fib6_metric_set(rt, RTAX_MTU, mtu);
1584 rt6_mtu_change(skb->dev, mtu);
1588 if (ndopts.nd_useropts) {
1589 struct nd_opt_hdr *p;
1590 for (p = ndopts.nd_useropts;
1592 p = ndisc_next_useropt(skb->dev, p,
1593 ndopts.nd_useropts_end)) {
1594 ndisc_ra_useropt(skb, p);
1598 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1599 ND_PRINTK(2, warn, "RA: invalid RA options\n");
1602 /* Send a notify if RA changed managed/otherconf flags or
1603 * timer settings or ra_mtu value
1605 if (send_ifinfo_notify)
1606 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1608 fib6_info_release(rt);
1610 neigh_release(neigh);
1614 static enum skb_drop_reason ndisc_redirect_rcv(struct sk_buff *skb)
1616 struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb);
1617 u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
1618 offsetof(struct rd_msg, opt));
1619 struct ndisc_options ndopts;
1623 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1624 switch (skb->ndisc_nodetype) {
1625 case NDISC_NODETYPE_HOST:
1626 case NDISC_NODETYPE_NODEFAULT:
1628 "Redirect: from host or unauthorized router\n");
1633 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1635 "Redirect: source address is not link-local\n");
1639 if (!ndisc_parse_options(skb->dev, msg->opt, ndoptlen, &ndopts))
1640 return SKB_DROP_REASON_IPV6_NDISC_BAD_OPTIONS;
1642 if (!ndopts.nd_opts_rh) {
1643 ip6_redirect_no_header(skb, dev_net(skb->dev),
1648 hdr = (u8 *)ndopts.nd_opts_rh;
1650 if (!pskb_pull(skb, hdr - skb_transport_header(skb)))
1651 return SKB_DROP_REASON_PKT_TOO_SMALL;
1653 return icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1656 static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb,
1657 struct sk_buff *orig_skb,
1660 u8 *opt = skb_put(skb, rd_len);
1663 *(opt++) = ND_OPT_REDIRECT_HDR;
1664 *(opt++) = (rd_len >> 3);
1667 skb_copy_bits(orig_skb, skb_network_offset(orig_skb), opt,
1671 void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1673 struct net_device *dev = skb->dev;
1674 struct net *net = dev_net(dev);
1675 struct sock *sk = net->ipv6.ndisc_sk;
1677 struct inet_peer *peer;
1678 struct sk_buff *buff;
1680 struct in6_addr saddr_buf;
1681 struct rt6_info *rt;
1682 struct dst_entry *dst;
1685 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL,
1686 ops_data_buf[NDISC_OPS_REDIRECT_DATA_SPACE], *ops_data = NULL;
1689 if (netif_is_l3_master(skb->dev)) {
1690 dev = __dev_get_by_index(dev_net(skb->dev), IPCB(skb)->iif);
1695 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1696 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1701 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1702 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1704 "Redirect: target address is not link-local unicast\n");
1708 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1709 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1711 dst = ip6_route_output(net, NULL, &fl6);
1716 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1720 rt = (struct rt6_info *) dst;
1722 if (rt->rt6i_flags & RTF_GATEWAY) {
1724 "Redirect: destination is not a neighbour\n");
1727 peer = inet_getpeer_v6(net->ipv6.peers, &ipv6_hdr(skb)->saddr, 1);
1728 ret = inet_peer_xrlim_allow(peer, 1*HZ);
1734 if (dev->addr_len) {
1735 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1738 "Redirect: no neigh for target address\n");
1742 read_lock_bh(&neigh->lock);
1743 if (neigh->nud_state & NUD_VALID) {
1744 memcpy(ha_buf, neigh->ha, dev->addr_len);
1745 read_unlock_bh(&neigh->lock);
1747 optlen += ndisc_redirect_opt_addr_space(dev, neigh,
1751 read_unlock_bh(&neigh->lock);
1753 neigh_release(neigh);
1756 rd_len = min_t(unsigned int,
1757 IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen,
1762 buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
1766 msg = skb_put(buff, sizeof(*msg));
1767 *msg = (struct rd_msg) {
1769 .icmp6_type = NDISC_REDIRECT,
1772 .dest = ipv6_hdr(skb)->daddr,
1776 * include target_address option
1780 ndisc_fill_redirect_addr_option(buff, ha, ops_data);
1783 * build redirect option and copy skb over to the new packet.
1787 ndisc_fill_redirect_hdr_option(buff, skb, rd_len);
1789 skb_dst_set(buff, dst);
1790 ndisc_send_skb(buff, &ipv6_hdr(skb)->saddr, &saddr_buf);
1797 static void pndisc_redo(struct sk_buff *skb)
1799 enum skb_drop_reason reason = ndisc_recv_ns(skb);
1801 kfree_skb_reason(skb, reason);
1804 static int ndisc_is_multicast(const void *pkey)
1806 return ipv6_addr_is_multicast((struct in6_addr *)pkey);
1809 static bool ndisc_suppress_frag_ndisc(struct sk_buff *skb)
1811 struct inet6_dev *idev = __in6_dev_get(skb->dev);
1815 if (IP6CB(skb)->flags & IP6SKB_FRAGMENTED &&
1816 idev->cnf.suppress_frag_ndisc) {
1817 net_warn_ratelimited("Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.\n");
1823 enum skb_drop_reason ndisc_rcv(struct sk_buff *skb)
1828 if (ndisc_suppress_frag_ndisc(skb))
1829 return SKB_DROP_REASON_IPV6_NDISC_FRAG;
1831 if (skb_linearize(skb))
1832 return SKB_DROP_REASON_NOMEM;
1834 msg = (struct nd_msg *)skb_transport_header(skb);
1836 __skb_push(skb, skb->data - skb_transport_header(skb));
1838 if (ipv6_hdr(skb)->hop_limit != 255) {
1839 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1840 ipv6_hdr(skb)->hop_limit);
1841 return SKB_DROP_REASON_IPV6_NDISC_HOP_LIMIT;
1844 if (msg->icmph.icmp6_code != 0) {
1845 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1846 msg->icmph.icmp6_code);
1847 return SKB_DROP_REASON_IPV6_NDISC_BAD_CODE;
1850 switch (msg->icmph.icmp6_type) {
1851 case NDISC_NEIGHBOUR_SOLICITATION:
1852 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1853 reason = ndisc_recv_ns(skb);
1856 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1857 reason = ndisc_recv_na(skb);
1860 case NDISC_ROUTER_SOLICITATION:
1861 reason = ndisc_recv_rs(skb);
1864 case NDISC_ROUTER_ADVERTISEMENT:
1865 reason = ndisc_router_discovery(skb);
1868 case NDISC_REDIRECT:
1869 reason = ndisc_redirect_rcv(skb);
1876 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1878 struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1879 struct netdev_notifier_change_info *change_info;
1880 struct net *net = dev_net(dev);
1881 struct inet6_dev *idev;
1882 bool evict_nocarrier;
1885 case NETDEV_CHANGEADDR:
1886 neigh_changeaddr(&nd_tbl, dev);
1887 fib6_run_gc(0, net, false);
1890 idev = in6_dev_get(dev);
1893 if (idev->cnf.ndisc_notify ||
1894 net->ipv6.devconf_all->ndisc_notify)
1895 ndisc_send_unsol_na(dev);
1899 idev = in6_dev_get(dev);
1901 evict_nocarrier = true;
1903 evict_nocarrier = idev->cnf.ndisc_evict_nocarrier &&
1904 net->ipv6.devconf_all->ndisc_evict_nocarrier;
1909 if (change_info->flags_changed & IFF_NOARP)
1910 neigh_changeaddr(&nd_tbl, dev);
1911 if (evict_nocarrier && !netif_carrier_ok(dev))
1912 neigh_carrier_down(&nd_tbl, dev);
1915 neigh_ifdown(&nd_tbl, dev);
1916 fib6_run_gc(0, net, false);
1918 case NETDEV_NOTIFY_PEERS:
1919 ndisc_send_unsol_na(dev);
1928 static struct notifier_block ndisc_netdev_notifier = {
1929 .notifier_call = ndisc_netdev_event,
1930 .priority = ADDRCONF_NOTIFY_PRIORITY - 5,
1933 #ifdef CONFIG_SYSCTL
1934 static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1935 const char *func, const char *dev_name)
1937 static char warncomm[TASK_COMM_LEN];
1939 if (strcmp(warncomm, current->comm) && warned < 5) {
1940 strcpy(warncomm, current->comm);
1941 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1943 dev_name, ctl->procname,
1944 dev_name, ctl->procname);
1949 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void *buffer,
1950 size_t *lenp, loff_t *ppos)
1952 struct net_device *dev = ctl->extra1;
1953 struct inet6_dev *idev;
1956 if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1957 (strcmp(ctl->procname, "base_reachable_time") == 0))
1958 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1960 if (strcmp(ctl->procname, "retrans_time") == 0)
1961 ret = neigh_proc_dointvec(ctl, write, buffer, lenp, ppos);
1963 else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1964 ret = neigh_proc_dointvec_jiffies(ctl, write,
1965 buffer, lenp, ppos);
1967 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1968 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1969 ret = neigh_proc_dointvec_ms_jiffies(ctl, write,
1970 buffer, lenp, ppos);
1974 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1975 if (ctl->data == &NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME))
1976 idev->nd_parms->reachable_time =
1977 neigh_rand_reach_time(NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME));
1978 WRITE_ONCE(idev->tstamp, jiffies);
1979 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1988 static int __net_init ndisc_net_init(struct net *net)
1990 struct ipv6_pinfo *np;
1994 err = inet_ctl_sock_create(&sk, PF_INET6,
1995 SOCK_RAW, IPPROTO_ICMPV6, net);
1998 "NDISC: Failed to initialize the control socket (err %d)\n",
2003 net->ipv6.ndisc_sk = sk;
2006 np->hop_limit = 255;
2007 /* Do not loopback ndisc messages */
2008 inet6_clear_bit(MC6_LOOP, sk);
2013 static void __net_exit ndisc_net_exit(struct net *net)
2015 inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
2018 static struct pernet_operations ndisc_net_ops = {
2019 .init = ndisc_net_init,
2020 .exit = ndisc_net_exit,
2023 int __init ndisc_init(void)
2027 err = register_pernet_subsys(&ndisc_net_ops);
2031 * Initialize the neighbour table
2033 neigh_table_init(NEIGH_ND_TABLE, &nd_tbl);
2035 #ifdef CONFIG_SYSCTL
2036 err = neigh_sysctl_register(NULL, &nd_tbl.parms,
2037 ndisc_ifinfo_sysctl_change);
2039 goto out_unregister_pernet;
2044 #ifdef CONFIG_SYSCTL
2045 out_unregister_pernet:
2046 unregister_pernet_subsys(&ndisc_net_ops);
2051 int __init ndisc_late_init(void)
2053 return register_netdevice_notifier(&ndisc_netdev_notifier);
2056 void ndisc_late_cleanup(void)
2058 unregister_netdevice_notifier(&ndisc_netdev_notifier);
2061 void ndisc_cleanup(void)
2063 #ifdef CONFIG_SYSCTL
2064 neigh_sysctl_unregister(&nd_tbl.parms);
2066 neigh_table_clear(NEIGH_ND_TABLE, &nd_tbl);
2067 unregister_pernet_subsys(&ndisc_net_ops);
projects / linux-block.git / blob