2 * Neighbour Discovery for IPv6
3 * Linux INET6 implementation
6 * Pedro Roque <roque@di.fc.ul.pt>
7 * Mike Shaver <shaver@ingenia.com>
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version
12 * 2 of the License, or (at your option) any later version.
18 * Pierre Ynard : export userland ND options
19 * through netlink (RDNSS support)
20 * Lars Fenneberg : fixed MTU setting on receipt
22 * Janos Farkas : kmalloc failure checks
23 * Alexey Kuznetsov : state machine reworked
24 * and moved to net/core.
25 * Pekka Savola : RFC2461 validation
26 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly
29 /* Set to 3 to get tracing... */
32 #define ND_PRINTK(fmt, args...) do { if (net_ratelimit()) { printk(fmt, ## args); } } while(0)
33 #define ND_NOPRINTK(x...) do { ; } while(0)
34 #define ND_PRINTK0 ND_PRINTK
35 #define ND_PRINTK1 ND_NOPRINTK
36 #define ND_PRINTK2 ND_NOPRINTK
37 #define ND_PRINTK3 ND_NOPRINTK
40 #define ND_PRINTK1 ND_PRINTK
44 #define ND_PRINTK2 ND_PRINTK
48 #define ND_PRINTK3 ND_PRINTK
51 #include <linux/module.h>
52 #include <linux/errno.h>
53 #include <linux/types.h>
54 #include <linux/socket.h>
55 #include <linux/sockios.h>
56 #include <linux/sched.h>
57 #include <linux/net.h>
58 #include <linux/in6.h>
59 #include <linux/route.h>
60 #include <linux/init.h>
61 #include <linux/rcupdate.h>
62 #include <linux/slab.h>
64 #include <linux/sysctl.h>
67 #include <linux/if_addr.h>
68 #include <linux/if_arp.h>
69 #include <linux/ipv6.h>
70 #include <linux/icmpv6.h>
71 #include <linux/jhash.h>
77 #include <net/protocol.h>
78 #include <net/ndisc.h>
79 #include <net/ip6_route.h>
80 #include <net/addrconf.h>
83 #include <net/netlink.h>
84 #include <linux/rtnetlink.h>
87 #include <net/ip6_checksum.h>
88 #include <net/inet_common.h>
89 #include <linux/proc_fs.h>
91 #include <linux/netfilter.h>
92 #include <linux/netfilter_ipv6.h>
94 static u32 ndisc_hash(const void *pkey,
95 const struct net_device *dev,
97 static int ndisc_constructor(struct neighbour *neigh);
98 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
99 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
100 static int pndisc_constructor(struct pneigh_entry *n);
101 static void pndisc_destructor(struct pneigh_entry *n);
102 static void pndisc_redo(struct sk_buff *skb);
104 static const struct neigh_ops ndisc_generic_ops = {
106 .solicit = ndisc_solicit,
107 .error_report = ndisc_error_report,
108 .output = neigh_resolve_output,
109 .connected_output = neigh_connected_output,
112 static const struct neigh_ops ndisc_hh_ops = {
114 .solicit = ndisc_solicit,
115 .error_report = ndisc_error_report,
116 .output = neigh_resolve_output,
117 .connected_output = neigh_resolve_output,
121 static const struct neigh_ops ndisc_direct_ops = {
123 .output = neigh_direct_output,
124 .connected_output = neigh_direct_output,
127 struct neigh_table nd_tbl = {
129 .entry_size = sizeof(struct neighbour) + sizeof(struct in6_addr),
130 .key_len = sizeof(struct in6_addr),
132 .constructor = ndisc_constructor,
133 .pconstructor = pndisc_constructor,
134 .pdestructor = pndisc_destructor,
135 .proxy_redo = pndisc_redo,
139 .base_reachable_time = ND_REACHABLE_TIME,
140 .retrans_time = ND_RETRANS_TIMER,
141 .gc_staletime = 60 * HZ,
142 .reachable_time = ND_REACHABLE_TIME,
143 .delay_probe_time = 5 * HZ,
147 .anycast_delay = 1 * HZ,
148 .proxy_delay = (8 * HZ) / 10,
151 .gc_interval = 30 * HZ,
158 struct ndisc_options {
159 struct nd_opt_hdr *nd_opt_array[__ND_OPT_ARRAY_MAX];
160 #ifdef CONFIG_IPV6_ROUTE_INFO
161 struct nd_opt_hdr *nd_opts_ri;
162 struct nd_opt_hdr *nd_opts_ri_end;
164 struct nd_opt_hdr *nd_useropts;
165 struct nd_opt_hdr *nd_useropts_end;
168 #define nd_opts_src_lladdr nd_opt_array[ND_OPT_SOURCE_LL_ADDR]
169 #define nd_opts_tgt_lladdr nd_opt_array[ND_OPT_TARGET_LL_ADDR]
170 #define nd_opts_pi nd_opt_array[ND_OPT_PREFIX_INFO]
171 #define nd_opts_pi_end nd_opt_array[__ND_OPT_PREFIX_INFO_END]
172 #define nd_opts_rh nd_opt_array[ND_OPT_REDIRECT_HDR]
173 #define nd_opts_mtu nd_opt_array[ND_OPT_MTU]
175 #define NDISC_OPT_SPACE(len) (((len)+2+7)&~7)
178 * Return the padding between the option length and the start of the
179 * link addr. Currently only IP-over-InfiniBand needs this, although
180 * if RFC 3831 IPv6-over-Fibre Channel is ever implemented it may
181 * also need a pad of 2.
183 static int ndisc_addr_option_pad(unsigned short type)
186 case ARPHRD_INFINIBAND: return 2;
191 static inline int ndisc_opt_addr_space(struct net_device *dev)
193 return NDISC_OPT_SPACE(dev->addr_len + ndisc_addr_option_pad(dev->type));
196 static u8 *ndisc_fill_addr_option(u8 *opt, int type, void *data, int data_len,
197 unsigned short addr_type)
199 int space = NDISC_OPT_SPACE(data_len);
200 int pad = ndisc_addr_option_pad(addr_type);
205 memset(opt + 2, 0, pad);
209 memcpy(opt+2, data, data_len);
212 if ((space -= data_len) > 0)
213 memset(opt, 0, space);
217 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
218 struct nd_opt_hdr *end)
221 if (!cur || !end || cur >= end)
223 type = cur->nd_opt_type;
225 cur = ((void *)cur) + (cur->nd_opt_len << 3);
226 } while(cur < end && cur->nd_opt_type != type);
227 return cur <= end && cur->nd_opt_type == type ? cur : NULL;
230 static inline int ndisc_is_useropt(struct nd_opt_hdr *opt)
232 return opt->nd_opt_type == ND_OPT_RDNSS;
235 static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur,
236 struct nd_opt_hdr *end)
238 if (!cur || !end || cur >= end)
241 cur = ((void *)cur) + (cur->nd_opt_len << 3);
242 } while(cur < end && !ndisc_is_useropt(cur));
243 return cur <= end && ndisc_is_useropt(cur) ? cur : NULL;
246 static struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
247 struct ndisc_options *ndopts)
249 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
251 if (!nd_opt || opt_len < 0 || !ndopts)
253 memset(ndopts, 0, sizeof(*ndopts));
256 if (opt_len < sizeof(struct nd_opt_hdr))
258 l = nd_opt->nd_opt_len << 3;
259 if (opt_len < l || l == 0)
261 switch (nd_opt->nd_opt_type) {
262 case ND_OPT_SOURCE_LL_ADDR:
263 case ND_OPT_TARGET_LL_ADDR:
265 case ND_OPT_REDIRECT_HDR:
266 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
267 ND_PRINTK2(KERN_WARNING
268 "%s(): duplicated ND6 option found: type=%d\n",
270 nd_opt->nd_opt_type);
272 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
275 case ND_OPT_PREFIX_INFO:
276 ndopts->nd_opts_pi_end = nd_opt;
277 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
278 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
280 #ifdef CONFIG_IPV6_ROUTE_INFO
281 case ND_OPT_ROUTE_INFO:
282 ndopts->nd_opts_ri_end = nd_opt;
283 if (!ndopts->nd_opts_ri)
284 ndopts->nd_opts_ri = nd_opt;
288 if (ndisc_is_useropt(nd_opt)) {
289 ndopts->nd_useropts_end = nd_opt;
290 if (!ndopts->nd_useropts)
291 ndopts->nd_useropts = nd_opt;
294 * Unknown options must be silently ignored,
295 * to accommodate future extension to the
298 ND_PRINTK2(KERN_NOTICE
299 "%s(): ignored unsupported option; type=%d, len=%d\n",
301 nd_opt->nd_opt_type, nd_opt->nd_opt_len);
305 nd_opt = ((void *)nd_opt) + l;
310 static inline u8 *ndisc_opt_addr_data(struct nd_opt_hdr *p,
311 struct net_device *dev)
313 u8 *lladdr = (u8 *)(p + 1);
314 int lladdrlen = p->nd_opt_len << 3;
315 int prepad = ndisc_addr_option_pad(dev->type);
316 if (lladdrlen != NDISC_OPT_SPACE(dev->addr_len + prepad))
318 return lladdr + prepad;
321 int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
325 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */
327 ipv6_eth_mc_map(addr, buf);
329 case ARPHRD_IEEE802_TR:
330 ipv6_tr_mc_map(addr,buf);
333 ipv6_arcnet_mc_map(addr, buf);
335 case ARPHRD_INFINIBAND:
336 ipv6_ib_mc_map(addr, dev->broadcast, buf);
339 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
342 memcpy(buf, dev->broadcast, dev->addr_len);
349 EXPORT_SYMBOL(ndisc_mc_map);
351 static u32 ndisc_hash(const void *pkey,
352 const struct net_device *dev,
355 const u32 *p32 = pkey;
359 for (i = 0; i < (sizeof(struct in6_addr) / sizeof(u32)); i++)
362 return jhash_2words(addr_hash, dev->ifindex, hash_rnd);
365 static int ndisc_constructor(struct neighbour *neigh)
367 struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key;
368 struct net_device *dev = neigh->dev;
369 struct inet6_dev *in6_dev;
370 struct neigh_parms *parms;
371 int is_multicast = ipv6_addr_is_multicast(addr);
373 in6_dev = in6_dev_get(dev);
374 if (in6_dev == NULL) {
378 parms = in6_dev->nd_parms;
379 __neigh_parms_put(neigh->parms);
380 neigh->parms = neigh_parms_clone(parms);
382 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
383 if (!dev->header_ops) {
384 neigh->nud_state = NUD_NOARP;
385 neigh->ops = &ndisc_direct_ops;
386 neigh->output = neigh_direct_output;
389 neigh->nud_state = NUD_NOARP;
390 ndisc_mc_map(addr, neigh->ha, dev, 1);
391 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
392 neigh->nud_state = NUD_NOARP;
393 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
394 if (dev->flags&IFF_LOOPBACK)
395 neigh->type = RTN_LOCAL;
396 } else if (dev->flags&IFF_POINTOPOINT) {
397 neigh->nud_state = NUD_NOARP;
398 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
400 if (dev->header_ops->cache)
401 neigh->ops = &ndisc_hh_ops;
403 neigh->ops = &ndisc_generic_ops;
404 if (neigh->nud_state&NUD_VALID)
405 neigh->output = neigh->ops->connected_output;
407 neigh->output = neigh->ops->output;
409 in6_dev_put(in6_dev);
413 static int pndisc_constructor(struct pneigh_entry *n)
415 struct in6_addr *addr = (struct in6_addr*)&n->key;
416 struct in6_addr maddr;
417 struct net_device *dev = n->dev;
419 if (dev == NULL || __in6_dev_get(dev) == NULL)
421 addrconf_addr_solict_mult(addr, &maddr);
422 ipv6_dev_mc_inc(dev, &maddr);
426 static void pndisc_destructor(struct pneigh_entry *n)
428 struct in6_addr *addr = (struct in6_addr*)&n->key;
429 struct in6_addr maddr;
430 struct net_device *dev = n->dev;
432 if (dev == NULL || __in6_dev_get(dev) == NULL)
434 addrconf_addr_solict_mult(addr, &maddr);
435 ipv6_dev_mc_dec(dev, &maddr);
438 struct sk_buff *ndisc_build_skb(struct net_device *dev,
439 const struct in6_addr *daddr,
440 const struct in6_addr *saddr,
441 struct icmp6hdr *icmp6h,
442 const struct in6_addr *target,
445 struct net *net = dev_net(dev);
446 struct sock *sk = net->ipv6.ndisc_sk;
448 struct icmp6hdr *hdr;
449 int hlen = LL_RESERVED_SPACE(dev);
450 int tlen = dev->needed_tailroom;
457 len = sizeof(struct icmp6hdr) + (target ? sizeof(*target) : 0);
459 len += ndisc_opt_addr_space(dev);
461 skb = alloc_skb((MAX_HEADER + sizeof(struct ipv6hdr) +
462 len + hlen + tlen), GFP_ATOMIC);
465 "ICMPv6 ND: %s() failed to allocate an skb.\n",
470 skb_reserve(skb, hlen);
471 ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len);
473 skb->transport_header = skb->tail;
476 hdr = (struct icmp6hdr *)skb_transport_header(skb);
477 memcpy(hdr, icmp6h, sizeof(*hdr));
479 opt = skb_transport_header(skb) + sizeof(struct icmp6hdr);
481 ipv6_addr_copy((struct in6_addr *)opt, target);
482 opt += sizeof(*target);
486 ndisc_fill_addr_option(opt, llinfo, dev->dev_addr,
487 dev->addr_len, dev->type);
489 hdr->icmp6_cksum = csum_ipv6_magic(saddr, daddr, len,
494 /* Manually assign socket ownership as we avoid calling
495 * sock_alloc_send_pskb() to bypass wmem buffer limits
497 skb_set_owner_w(skb, sk);
502 EXPORT_SYMBOL(ndisc_build_skb);
504 void ndisc_send_skb(struct sk_buff *skb,
505 struct net_device *dev,
506 struct neighbour *neigh,
507 const struct in6_addr *daddr,
508 const struct in6_addr *saddr,
509 struct icmp6hdr *icmp6h)
512 struct dst_entry *dst;
513 struct net *net = dev_net(dev);
514 struct sock *sk = net->ipv6.ndisc_sk;
515 struct inet6_dev *idev;
519 type = icmp6h->icmp6_type;
521 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, dev->ifindex);
523 dst = icmp6_dst_alloc(dev, neigh, daddr);
529 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
535 skb_dst_set(skb, dst);
538 idev = __in6_dev_get(dst->dev);
539 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
541 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev,
544 ICMP6MSGOUT_INC_STATS(net, idev, type);
545 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
551 EXPORT_SYMBOL(ndisc_send_skb);
554 * Send a Neighbour Discover packet
556 static void __ndisc_send(struct net_device *dev,
557 struct neighbour *neigh,
558 const struct in6_addr *daddr,
559 const struct in6_addr *saddr,
560 struct icmp6hdr *icmp6h, const struct in6_addr *target,
565 skb = ndisc_build_skb(dev, daddr, saddr, icmp6h, target, llinfo);
569 ndisc_send_skb(skb, dev, neigh, daddr, saddr, icmp6h);
572 static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
573 const struct in6_addr *daddr,
574 const struct in6_addr *solicited_addr,
575 int router, int solicited, int override, int inc_opt)
577 struct in6_addr tmpaddr;
578 struct inet6_ifaddr *ifp;
579 const struct in6_addr *src_addr;
580 struct icmp6hdr icmp6h = {
581 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
584 /* for anycast or proxy, solicited_addr != src_addr */
585 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
587 src_addr = solicited_addr;
588 if (ifp->flags & IFA_F_OPTIMISTIC)
590 inc_opt |= ifp->idev->cnf.force_tllao;
593 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
594 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
600 icmp6h.icmp6_router = router;
601 icmp6h.icmp6_solicited = solicited;
602 icmp6h.icmp6_override = override;
604 __ndisc_send(dev, neigh, daddr, src_addr,
605 &icmp6h, solicited_addr,
606 inc_opt ? ND_OPT_TARGET_LL_ADDR : 0);
609 static void ndisc_send_unsol_na(struct net_device *dev)
611 struct inet6_dev *idev;
612 struct inet6_ifaddr *ifa;
613 struct in6_addr mcaddr = IN6ADDR_LINKLOCAL_ALLNODES_INIT;
615 idev = in6_dev_get(dev);
619 read_lock_bh(&idev->lock);
620 list_for_each_entry(ifa, &idev->addr_list, if_list) {
621 ndisc_send_na(dev, NULL, &mcaddr, &ifa->addr,
622 /*router=*/ !!idev->cnf.forwarding,
623 /*solicited=*/ false, /*override=*/ true,
626 read_unlock_bh(&idev->lock);
631 void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh,
632 const struct in6_addr *solicit,
633 const struct in6_addr *daddr, const struct in6_addr *saddr)
635 struct in6_addr addr_buf;
636 struct icmp6hdr icmp6h = {
637 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
641 if (ipv6_get_lladdr(dev, &addr_buf,
642 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
647 __ndisc_send(dev, neigh, daddr, saddr,
649 !ipv6_addr_any(saddr) ? ND_OPT_SOURCE_LL_ADDR : 0);
652 void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
653 const struct in6_addr *daddr)
655 struct icmp6hdr icmp6h = {
656 .icmp6_type = NDISC_ROUTER_SOLICITATION,
658 int send_sllao = dev->addr_len;
660 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
662 * According to section 2.2 of RFC 4429, we must not
663 * send router solicitations with a sllao from
664 * optimistic addresses, but we may send the solicitation
665 * if we don't include the sllao. So here we check
666 * if our address is optimistic, and if so, we
667 * suppress the inclusion of the sllao.
670 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
673 if (ifp->flags & IFA_F_OPTIMISTIC) {
682 __ndisc_send(dev, NULL, daddr, saddr,
684 send_sllao ? ND_OPT_SOURCE_LL_ADDR : 0);
688 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
691 * "The sender MUST return an ICMP
692 * destination unreachable"
694 dst_link_failure(skb);
698 /* Called with locked neigh: either read or both */
700 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
702 struct in6_addr *saddr = NULL;
703 struct in6_addr mcaddr;
704 struct net_device *dev = neigh->dev;
705 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
706 int probes = atomic_read(&neigh->probes);
708 if (skb && ipv6_chk_addr(dev_net(dev), &ipv6_hdr(skb)->saddr, dev, 1))
709 saddr = &ipv6_hdr(skb)->saddr;
711 if ((probes -= neigh->parms->ucast_probes) < 0) {
712 if (!(neigh->nud_state & NUD_VALID)) {
713 ND_PRINTK1(KERN_DEBUG "%s(): trying to ucast probe in NUD_INVALID: %pI6\n",
716 ndisc_send_ns(dev, neigh, target, target, saddr);
717 } else if ((probes -= neigh->parms->app_probes) < 0) {
722 addrconf_addr_solict_mult(target, &mcaddr);
723 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr);
727 static int pndisc_is_router(const void *pkey,
728 struct net_device *dev)
730 struct pneigh_entry *n;
733 read_lock_bh(&nd_tbl.lock);
734 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
736 ret = !!(n->flags & NTF_ROUTER);
737 read_unlock_bh(&nd_tbl.lock);
742 static void ndisc_recv_ns(struct sk_buff *skb)
744 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
745 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
746 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
748 u32 ndoptlen = skb->tail - (skb->transport_header +
749 offsetof(struct nd_msg, opt));
750 struct ndisc_options ndopts;
751 struct net_device *dev = skb->dev;
752 struct inet6_ifaddr *ifp;
753 struct inet6_dev *idev = NULL;
754 struct neighbour *neigh;
755 int dad = ipv6_addr_any(saddr);
759 if (ipv6_addr_is_multicast(&msg->target)) {
760 ND_PRINTK2(KERN_WARNING
761 "ICMPv6 NS: multicast target address");
767 * DAD has to be destined for solicited node multicast address.
770 !(daddr->s6_addr32[0] == htonl(0xff020000) &&
771 daddr->s6_addr32[1] == htonl(0x00000000) &&
772 daddr->s6_addr32[2] == htonl(0x00000001) &&
773 daddr->s6_addr [12] == 0xff )) {
774 ND_PRINTK2(KERN_WARNING
775 "ICMPv6 NS: bad DAD packet (wrong destination)\n");
779 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
780 ND_PRINTK2(KERN_WARNING
781 "ICMPv6 NS: invalid ND options\n");
785 if (ndopts.nd_opts_src_lladdr) {
786 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
788 ND_PRINTK2(KERN_WARNING
789 "ICMPv6 NS: invalid link-layer address length\n");
794 * If the IP source address is the unspecified address,
795 * there MUST NOT be source link-layer address option
799 ND_PRINTK2(KERN_WARNING
800 "ICMPv6 NS: bad DAD packet (link-layer address option)\n");
805 inc = ipv6_addr_is_multicast(daddr);
807 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
810 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
812 if (dev->type == ARPHRD_IEEE802_TR) {
813 const unsigned char *sadr;
814 sadr = skb_mac_header(skb);
815 if (((sadr[8] ^ dev->dev_addr[0]) & 0x7f) == 0 &&
816 sadr[9] == dev->dev_addr[1] &&
817 sadr[10] == dev->dev_addr[2] &&
818 sadr[11] == dev->dev_addr[3] &&
819 sadr[12] == dev->dev_addr[4] &&
820 sadr[13] == dev->dev_addr[5]) {
821 /* looped-back to us */
827 * We are colliding with another node
829 * so fail our DAD process
831 addrconf_dad_failure(ifp);
835 * This is not a dad solicitation.
836 * If we are an optimistic node,
838 * Otherwise, we should ignore it.
840 if (!(ifp->flags & IFA_F_OPTIMISTIC))
847 struct net *net = dev_net(dev);
849 idev = in6_dev_get(dev);
851 /* XXX: count this drop? */
855 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
856 (idev->cnf.forwarding &&
857 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
858 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
859 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
860 skb->pkt_type != PACKET_HOST &&
862 idev->nd_parms->proxy_delay != 0) {
864 * for anycast or proxy,
865 * sender should delay its response
866 * by a random time between 0 and
867 * MAX_ANYCAST_DELAY_TIME seconds.
868 * (RFC2461) -- yoshfuji
870 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
872 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
880 is_router = !!idev->cnf.forwarding;
883 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &msg->target,
884 is_router, 0, (ifp != NULL), 1);
889 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
891 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
894 * update / create cache entry
895 * for the source address
897 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
898 !inc || lladdr || !dev->addr_len);
900 neigh_update(neigh, lladdr, NUD_STALE,
901 NEIGH_UPDATE_F_WEAK_OVERRIDE|
902 NEIGH_UPDATE_F_OVERRIDE);
903 if (neigh || !dev->header_ops) {
904 ndisc_send_na(dev, neigh, saddr, &msg->target,
906 1, (ifp != NULL && inc), inc);
908 neigh_release(neigh);
918 static void ndisc_recv_na(struct sk_buff *skb)
920 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
921 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
922 const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
924 u32 ndoptlen = skb->tail - (skb->transport_header +
925 offsetof(struct nd_msg, opt));
926 struct ndisc_options ndopts;
927 struct net_device *dev = skb->dev;
928 struct inet6_ifaddr *ifp;
929 struct neighbour *neigh;
931 if (skb->len < sizeof(struct nd_msg)) {
932 ND_PRINTK2(KERN_WARNING
933 "ICMPv6 NA: packet too short\n");
937 if (ipv6_addr_is_multicast(&msg->target)) {
938 ND_PRINTK2(KERN_WARNING
939 "ICMPv6 NA: target address is multicast.\n");
943 if (ipv6_addr_is_multicast(daddr) &&
944 msg->icmph.icmp6_solicited) {
945 ND_PRINTK2(KERN_WARNING
946 "ICMPv6 NA: solicited NA is multicasted.\n");
950 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
951 ND_PRINTK2(KERN_WARNING
952 "ICMPv6 NS: invalid ND option\n");
955 if (ndopts.nd_opts_tgt_lladdr) {
956 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
958 ND_PRINTK2(KERN_WARNING
959 "ICMPv6 NA: invalid link-layer address length\n");
963 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
965 if (skb->pkt_type != PACKET_LOOPBACK
966 && (ifp->flags & IFA_F_TENTATIVE)) {
967 addrconf_dad_failure(ifp);
970 /* What should we make now? The advertisement
971 is invalid, but ndisc specs say nothing
972 about it. It could be misconfiguration, or
973 an smart proxy agent tries to help us :-)
975 We should not print the error if NA has been
976 received from loopback - it is just our own
977 unsolicited advertisement.
979 if (skb->pkt_type != PACKET_LOOPBACK)
980 ND_PRINTK1(KERN_WARNING
981 "ICMPv6 NA: someone advertises our address %pI6 on %s!\n",
982 &ifp->addr, ifp->idev->dev->name);
986 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
989 u8 old_flags = neigh->flags;
990 struct net *net = dev_net(dev);
992 if (neigh->nud_state & NUD_FAILED)
996 * Don't update the neighbor cache entry on a proxy NA from
997 * ourselves because either the proxied node is off link or it
998 * has already sent a NA to us.
1000 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
1001 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
1002 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
1003 /* XXX: idev->cnf.prixy_ndp */
1007 neigh_update(neigh, lladdr,
1008 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
1009 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1010 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
1011 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1012 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0));
1014 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
1016 * Change: router to host
1018 struct rt6_info *rt;
1019 rt = rt6_get_dflt_router(saddr, dev);
1025 neigh_release(neigh);
1029 static void ndisc_recv_rs(struct sk_buff *skb)
1031 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
1032 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
1033 struct neighbour *neigh;
1034 struct inet6_dev *idev;
1035 const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
1036 struct ndisc_options ndopts;
1039 if (skb->len < sizeof(*rs_msg))
1042 idev = __in6_dev_get(skb->dev);
1044 if (net_ratelimit())
1045 ND_PRINTK1("ICMP6 RS: can't find in6 device\n");
1049 /* Don't accept RS if we're not in router mode */
1050 if (!idev->cnf.forwarding)
1054 * Don't update NCE if src = ::;
1055 * this implies that the source node has no ip address assigned yet.
1057 if (ipv6_addr_any(saddr))
1060 /* Parse ND options */
1061 if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) {
1062 if (net_ratelimit())
1063 ND_PRINTK2("ICMP6 NS: invalid ND option, ignored\n");
1067 if (ndopts.nd_opts_src_lladdr) {
1068 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1074 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1076 neigh_update(neigh, lladdr, NUD_STALE,
1077 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1078 NEIGH_UPDATE_F_OVERRIDE|
1079 NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
1080 neigh_release(neigh);
1086 static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1088 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1089 struct sk_buff *skb;
1090 struct nlmsghdr *nlh;
1091 struct nduseroptmsg *ndmsg;
1092 struct net *net = dev_net(ra->dev);
1094 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1095 + (opt->nd_opt_len << 3));
1096 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1098 skb = nlmsg_new(msg_size, GFP_ATOMIC);
1104 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1106 goto nla_put_failure;
1109 ndmsg = nlmsg_data(nlh);
1110 ndmsg->nduseropt_family = AF_INET6;
1111 ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1112 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1113 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1114 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1116 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1118 NLA_PUT(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr),
1119 &ipv6_hdr(ra)->saddr);
1120 nlmsg_end(skb, nlh);
1122 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1129 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1132 static inline int accept_ra(struct inet6_dev *in6_dev)
1135 * If forwarding is enabled, RA are not accepted unless the special
1136 * hybrid mode (accept_ra=2) is enabled.
1138 if (in6_dev->cnf.forwarding && in6_dev->cnf.accept_ra < 2)
1141 return in6_dev->cnf.accept_ra;
1144 static void ndisc_router_discovery(struct sk_buff *skb)
1146 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1147 struct neighbour *neigh = NULL;
1148 struct inet6_dev *in6_dev;
1149 struct rt6_info *rt = NULL;
1151 struct ndisc_options ndopts;
1153 unsigned int pref = 0;
1155 __u8 * opt = (__u8 *)(ra_msg + 1);
1157 optlen = (skb->tail - skb->transport_header) - sizeof(struct ra_msg);
1159 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1160 ND_PRINTK2(KERN_WARNING
1161 "ICMPv6 RA: source address is not link-local.\n");
1165 ND_PRINTK2(KERN_WARNING
1166 "ICMPv6 RA: packet too short\n");
1170 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1171 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1172 ND_PRINTK2(KERN_WARNING
1173 "ICMPv6 RA: from host or unauthorized router\n");
1179 * set the RA_RECV flag in the interface
1182 in6_dev = __in6_dev_get(skb->dev);
1183 if (in6_dev == NULL) {
1185 "ICMPv6 RA: can't find inet6 device for %s.\n",
1190 if (!ndisc_parse_options(opt, optlen, &ndopts)) {
1191 ND_PRINTK2(KERN_WARNING
1192 "ICMP6 RA: invalid ND options\n");
1196 if (!accept_ra(in6_dev))
1197 goto skip_linkparms;
1199 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1200 /* skip link-specific parameters from interior routers */
1201 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1202 goto skip_linkparms;
1205 if (in6_dev->if_flags & IF_RS_SENT) {
1207 * flag that an RA was received after an RS was sent
1208 * out on this interface.
1210 in6_dev->if_flags |= IF_RA_RCVD;
1214 * Remember the managed/otherconf flags from most recently
1215 * received RA message (RFC 2462) -- yoshfuji
1217 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1219 (ra_msg->icmph.icmp6_addrconf_managed ?
1220 IF_RA_MANAGED : 0) |
1221 (ra_msg->icmph.icmp6_addrconf_other ?
1222 IF_RA_OTHERCONF : 0);
1224 if (!in6_dev->cnf.accept_ra_defrtr)
1227 if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0))
1230 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1232 #ifdef CONFIG_IPV6_ROUTER_PREF
1233 pref = ra_msg->icmph.icmp6_router_pref;
1234 /* 10b is handled as if it were 00b (medium) */
1235 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1236 !in6_dev->cnf.accept_ra_rtr_pref)
1237 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1240 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1243 neigh = dst_get_neighbour(&rt->dst);
1245 if (rt && lifetime == 0) {
1251 if (rt == NULL && lifetime) {
1252 ND_PRINTK3(KERN_DEBUG
1253 "ICMPv6 RA: adding default router.\n");
1255 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
1258 "ICMPv6 RA: %s() failed to add default route.\n",
1263 neigh = dst_get_neighbour(&rt->dst);
1264 if (neigh == NULL) {
1266 "ICMPv6 RA: %s() got default router without neighbour.\n",
1268 dst_release(&rt->dst);
1271 neigh->flags |= NTF_ROUTER;
1273 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1277 rt->rt6i_expires = jiffies + (HZ * lifetime);
1279 if (in6_dev->cnf.accept_ra_min_hop_limit < 256 &&
1280 ra_msg->icmph.icmp6_hop_limit) {
1281 if (in6_dev->cnf.accept_ra_min_hop_limit <= ra_msg->icmph.icmp6_hop_limit) {
1282 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1284 dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
1285 ra_msg->icmph.icmp6_hop_limit);
1287 ND_PRINTK2(KERN_WARNING "RA: Got route advertisement with lower hop_limit than minimum\n");
1294 * Update Reachable Time and Retrans Timer
1297 if (in6_dev->nd_parms) {
1298 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1300 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1301 rtime = (rtime*HZ)/1000;
1304 in6_dev->nd_parms->retrans_time = rtime;
1305 in6_dev->tstamp = jiffies;
1306 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1309 rtime = ntohl(ra_msg->reachable_time);
1310 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1311 rtime = (rtime*HZ)/1000;
1316 if (rtime != in6_dev->nd_parms->base_reachable_time) {
1317 in6_dev->nd_parms->base_reachable_time = rtime;
1318 in6_dev->nd_parms->gc_staletime = 3 * rtime;
1319 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1320 in6_dev->tstamp = jiffies;
1321 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1333 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1337 if (ndopts.nd_opts_src_lladdr) {
1338 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1341 ND_PRINTK2(KERN_WARNING
1342 "ICMPv6 RA: invalid link-layer address length\n");
1346 neigh_update(neigh, lladdr, NUD_STALE,
1347 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1348 NEIGH_UPDATE_F_OVERRIDE|
1349 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1350 NEIGH_UPDATE_F_ISROUTER);
1353 if (!accept_ra(in6_dev))
1356 #ifdef CONFIG_IPV6_ROUTE_INFO
1357 if (ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr, NULL, 0))
1358 goto skip_routeinfo;
1360 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1361 struct nd_opt_hdr *p;
1362 for (p = ndopts.nd_opts_ri;
1364 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1365 struct route_info *ri = (struct route_info *)p;
1366 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1367 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1368 ri->prefix_len == 0)
1371 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1373 rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3,
1374 &ipv6_hdr(skb)->saddr);
1381 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1382 /* skip link-specific ndopts from interior routers */
1383 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1387 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1388 struct nd_opt_hdr *p;
1389 for (p = ndopts.nd_opts_pi;
1391 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1392 addrconf_prefix_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3);
1396 if (ndopts.nd_opts_mtu) {
1400 memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1403 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1404 ND_PRINTK2(KERN_WARNING
1405 "ICMPv6 RA: invalid mtu: %d\n",
1407 } else if (in6_dev->cnf.mtu6 != mtu) {
1408 in6_dev->cnf.mtu6 = mtu;
1411 dst_metric_set(&rt->dst, RTAX_MTU, mtu);
1413 rt6_mtu_change(skb->dev, mtu);
1417 if (ndopts.nd_useropts) {
1418 struct nd_opt_hdr *p;
1419 for (p = ndopts.nd_useropts;
1421 p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) {
1422 ndisc_ra_useropt(skb, p);
1426 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1427 ND_PRINTK2(KERN_WARNING
1428 "ICMPv6 RA: invalid RA options");
1432 dst_release(&rt->dst);
1434 neigh_release(neigh);
1437 static void ndisc_redirect_rcv(struct sk_buff *skb)
1439 struct inet6_dev *in6_dev;
1440 struct icmp6hdr *icmph;
1441 const struct in6_addr *dest;
1442 const struct in6_addr *target; /* new first hop to destination */
1443 struct neighbour *neigh;
1445 struct ndisc_options ndopts;
1449 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1450 switch (skb->ndisc_nodetype) {
1451 case NDISC_NODETYPE_HOST:
1452 case NDISC_NODETYPE_NODEFAULT:
1453 ND_PRINTK2(KERN_WARNING
1454 "ICMPv6 Redirect: from host or unauthorized router\n");
1459 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1460 ND_PRINTK2(KERN_WARNING
1461 "ICMPv6 Redirect: source address is not link-local.\n");
1465 optlen = skb->tail - skb->transport_header;
1466 optlen -= sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1469 ND_PRINTK2(KERN_WARNING
1470 "ICMPv6 Redirect: packet too short\n");
1474 icmph = icmp6_hdr(skb);
1475 target = (const struct in6_addr *) (icmph + 1);
1478 if (ipv6_addr_is_multicast(dest)) {
1479 ND_PRINTK2(KERN_WARNING
1480 "ICMPv6 Redirect: destination address is multicast.\n");
1484 if (ipv6_addr_equal(dest, target)) {
1486 } else if (ipv6_addr_type(target) !=
1487 (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1488 ND_PRINTK2(KERN_WARNING
1489 "ICMPv6 Redirect: target address is not link-local unicast.\n");
1493 in6_dev = __in6_dev_get(skb->dev);
1496 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects)
1500 * The IP source address of the Redirect MUST be the same as the current
1501 * first-hop router for the specified ICMP Destination Address.
1504 if (!ndisc_parse_options((u8*)(dest + 1), optlen, &ndopts)) {
1505 ND_PRINTK2(KERN_WARNING
1506 "ICMPv6 Redirect: invalid ND options\n");
1509 if (ndopts.nd_opts_tgt_lladdr) {
1510 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr,
1513 ND_PRINTK2(KERN_WARNING
1514 "ICMPv6 Redirect: invalid link-layer address length\n");
1519 neigh = __neigh_lookup(&nd_tbl, target, skb->dev, 1);
1521 rt6_redirect(dest, &ipv6_hdr(skb)->daddr,
1522 &ipv6_hdr(skb)->saddr, neigh, lladdr,
1524 neigh_release(neigh);
1528 void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh,
1529 const struct in6_addr *target)
1531 struct net_device *dev = skb->dev;
1532 struct net *net = dev_net(dev);
1533 struct sock *sk = net->ipv6.ndisc_sk;
1534 int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1535 struct sk_buff *buff;
1536 struct icmp6hdr *icmph;
1537 struct in6_addr saddr_buf;
1538 struct in6_addr *addrp;
1539 struct rt6_info *rt;
1540 struct dst_entry *dst;
1541 struct inet6_dev *idev;
1547 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL;
1549 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1550 ND_PRINTK2(KERN_WARNING
1551 "ICMPv6 Redirect: no link-local address on %s\n",
1556 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1557 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1558 ND_PRINTK2(KERN_WARNING
1559 "ICMPv6 Redirect: target address is not link-local unicast.\n");
1563 icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1564 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1566 dst = ip6_route_output(net, NULL, &fl6);
1570 dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1574 rt = (struct rt6_info *) dst;
1576 if (rt->rt6i_flags & RTF_GATEWAY) {
1577 ND_PRINTK2(KERN_WARNING
1578 "ICMPv6 Redirect: destination is not a neighbour.\n");
1582 rt6_bind_peer(rt, 1);
1583 if (!inet_peer_xrlim_allow(rt->rt6i_peer, 1*HZ))
1586 if (dev->addr_len) {
1587 read_lock_bh(&neigh->lock);
1588 if (neigh->nud_state & NUD_VALID) {
1589 memcpy(ha_buf, neigh->ha, dev->addr_len);
1590 read_unlock_bh(&neigh->lock);
1592 len += ndisc_opt_addr_space(dev);
1594 read_unlock_bh(&neigh->lock);
1597 rd_len = min_t(unsigned int,
1598 IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8);
1602 hlen = LL_RESERVED_SPACE(dev);
1603 tlen = dev->needed_tailroom;
1604 buff = sock_alloc_send_skb(sk,
1605 (MAX_HEADER + sizeof(struct ipv6hdr) +
1610 "ICMPv6 Redirect: %s() failed to allocate an skb, err=%d.\n",
1615 skb_reserve(buff, hlen);
1616 ip6_nd_hdr(sk, buff, dev, &saddr_buf, &ipv6_hdr(skb)->saddr,
1617 IPPROTO_ICMPV6, len);
1619 skb_set_transport_header(buff, skb_tail_pointer(buff) - buff->data);
1621 icmph = icmp6_hdr(buff);
1623 memset(icmph, 0, sizeof(struct icmp6hdr));
1624 icmph->icmp6_type = NDISC_REDIRECT;
1627 * copy target and destination addresses
1630 addrp = (struct in6_addr *)(icmph + 1);
1631 ipv6_addr_copy(addrp, target);
1633 ipv6_addr_copy(addrp, &ipv6_hdr(skb)->daddr);
1635 opt = (u8*) (addrp + 1);
1638 * include target_address option
1642 opt = ndisc_fill_addr_option(opt, ND_OPT_TARGET_LL_ADDR, ha,
1643 dev->addr_len, dev->type);
1646 * build redirect option and copy skb over to the new packet.
1650 *(opt++) = ND_OPT_REDIRECT_HDR;
1651 *(opt++) = (rd_len >> 3);
1654 memcpy(opt, ipv6_hdr(skb), rd_len - 8);
1656 icmph->icmp6_cksum = csum_ipv6_magic(&saddr_buf, &ipv6_hdr(skb)->saddr,
1657 len, IPPROTO_ICMPV6,
1658 csum_partial(icmph, len, 0));
1660 skb_dst_set(buff, dst);
1662 idev = __in6_dev_get(dst->dev);
1663 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
1664 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, buff, NULL, dst->dev,
1667 ICMP6MSGOUT_INC_STATS(net, idev, NDISC_REDIRECT);
1668 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
1678 static void pndisc_redo(struct sk_buff *skb)
1684 int ndisc_rcv(struct sk_buff *skb)
1688 if (!pskb_may_pull(skb, skb->len))
1691 msg = (struct nd_msg *)skb_transport_header(skb);
1693 __skb_push(skb, skb->data - skb_transport_header(skb));
1695 if (ipv6_hdr(skb)->hop_limit != 255) {
1696 ND_PRINTK2(KERN_WARNING
1697 "ICMPv6 NDISC: invalid hop-limit: %d\n",
1698 ipv6_hdr(skb)->hop_limit);
1702 if (msg->icmph.icmp6_code != 0) {
1703 ND_PRINTK2(KERN_WARNING
1704 "ICMPv6 NDISC: invalid ICMPv6 code: %d\n",
1705 msg->icmph.icmp6_code);
1709 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1711 switch (msg->icmph.icmp6_type) {
1712 case NDISC_NEIGHBOUR_SOLICITATION:
1716 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1720 case NDISC_ROUTER_SOLICITATION:
1724 case NDISC_ROUTER_ADVERTISEMENT:
1725 ndisc_router_discovery(skb);
1728 case NDISC_REDIRECT:
1729 ndisc_redirect_rcv(skb);
1736 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1738 struct net_device *dev = ptr;
1739 struct net *net = dev_net(dev);
1742 case NETDEV_CHANGEADDR:
1743 neigh_changeaddr(&nd_tbl, dev);
1744 fib6_run_gc(0, net, false);
1747 neigh_ifdown(&nd_tbl, dev);
1748 fib6_run_gc(0, net, false);
1750 case NETDEV_NOTIFY_PEERS:
1751 ndisc_send_unsol_na(dev);
1760 static struct notifier_block ndisc_netdev_notifier = {
1761 .notifier_call = ndisc_netdev_event,
1764 #ifdef CONFIG_SYSCTL
1765 static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1766 const char *func, const char *dev_name)
1768 static char warncomm[TASK_COMM_LEN];
1770 if (strcmp(warncomm, current->comm) && warned < 5) {
1771 strcpy(warncomm, current->comm);
1773 "process `%s' is using deprecated sysctl (%s) "
1774 "net.ipv6.neigh.%s.%s; "
1775 "Use net.ipv6.neigh.%s.%s_ms "
1778 dev_name, ctl->procname,
1779 dev_name, ctl->procname);
1784 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
1786 struct net_device *dev = ctl->extra1;
1787 struct inet6_dev *idev;
1790 if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1791 (strcmp(ctl->procname, "base_reachable_time") == 0))
1792 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1794 if (strcmp(ctl->procname, "retrans_time") == 0)
1795 ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
1797 else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1798 ret = proc_dointvec_jiffies(ctl, write,
1799 buffer, lenp, ppos);
1801 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1802 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1803 ret = proc_dointvec_ms_jiffies(ctl, write,
1804 buffer, lenp, ppos);
1808 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1809 if (ctl->data == &idev->nd_parms->base_reachable_time)
1810 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time);
1811 idev->tstamp = jiffies;
1812 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1821 static int __net_init ndisc_net_init(struct net *net)
1823 struct ipv6_pinfo *np;
1827 err = inet_ctl_sock_create(&sk, PF_INET6,
1828 SOCK_RAW, IPPROTO_ICMPV6, net);
1831 "ICMPv6 NDISC: Failed to initialize the control socket (err %d).\n",
1836 net->ipv6.ndisc_sk = sk;
1839 np->hop_limit = 255;
1840 /* Do not loopback ndisc messages */
1846 static void __net_exit ndisc_net_exit(struct net *net)
1848 inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1851 static struct pernet_operations ndisc_net_ops = {
1852 .init = ndisc_net_init,
1853 .exit = ndisc_net_exit,
1856 int __init ndisc_init(void)
1860 err = register_pernet_subsys(&ndisc_net_ops);
1864 * Initialize the neighbour table
1866 neigh_table_init(&nd_tbl);
1868 #ifdef CONFIG_SYSCTL
1869 err = neigh_sysctl_register(NULL, &nd_tbl.parms, "ipv6",
1870 &ndisc_ifinfo_sysctl_change);
1872 goto out_unregister_pernet;
1874 err = register_netdevice_notifier(&ndisc_netdev_notifier);
1876 goto out_unregister_sysctl;
1880 out_unregister_sysctl:
1881 #ifdef CONFIG_SYSCTL
1882 neigh_sysctl_unregister(&nd_tbl.parms);
1883 out_unregister_pernet:
1885 unregister_pernet_subsys(&ndisc_net_ops);
1889 void ndisc_cleanup(void)
1891 unregister_netdevice_notifier(&ndisc_netdev_notifier);
1892 #ifdef CONFIG_SYSCTL
1893 neigh_sysctl_unregister(&nd_tbl.parms);
1895 neigh_table_clear(&nd_tbl);
1896 unregister_pernet_subsys(&ndisc_net_ops);