2 * Neighbour Discovery for IPv6
3 * Linux INET6 implementation
6 * Pedro Roque <roque@di.fc.ul.pt>
7 * Mike Shaver <shaver@ingenia.com>
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version
12 * 2 of the License, or (at your option) any later version.
18 * Pierre Ynard : export userland ND options
19 * through netlink (RDNSS support)
20 * Lars Fenneberg : fixed MTU setting on receipt
22 * Janos Farkas : kmalloc failure checks
23 * Alexey Kuznetsov : state machine reworked
24 * and moved to net/core.
25 * Pekka Savola : RFC2461 validation
26 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly
29 /* Set to 3 to get tracing... */
32 #define ND_PRINTK(fmt, args...) do { if (net_ratelimit()) { printk(fmt, ## args); } } while(0)
33 #define ND_NOPRINTK(x...) do { ; } while(0)
34 #define ND_PRINTK0 ND_PRINTK
35 #define ND_PRINTK1 ND_NOPRINTK
36 #define ND_PRINTK2 ND_NOPRINTK
37 #define ND_PRINTK3 ND_NOPRINTK
40 #define ND_PRINTK1 ND_PRINTK
44 #define ND_PRINTK2 ND_PRINTK
48 #define ND_PRINTK3 ND_PRINTK
51 #include <linux/module.h>
52 #include <linux/errno.h>
53 #include <linux/types.h>
54 #include <linux/socket.h>
55 #include <linux/sockios.h>
56 #include <linux/sched.h>
57 #include <linux/net.h>
58 #include <linux/in6.h>
59 #include <linux/route.h>
60 #include <linux/init.h>
61 #include <linux/rcupdate.h>
62 #include <linux/slab.h>
64 #include <linux/sysctl.h>
67 #include <linux/if_addr.h>
68 #include <linux/if_arp.h>
69 #include <linux/ipv6.h>
70 #include <linux/icmpv6.h>
71 #include <linux/jhash.h>
77 #include <net/protocol.h>
78 #include <net/ndisc.h>
79 #include <net/ip6_route.h>
80 #include <net/addrconf.h>
83 #include <net/netlink.h>
84 #include <linux/rtnetlink.h>
87 #include <net/ip6_checksum.h>
88 #include <net/inet_common.h>
89 #include <linux/proc_fs.h>
91 #include <linux/netfilter.h>
92 #include <linux/netfilter_ipv6.h>
94 static u32 ndisc_hash(const void *pkey, const struct net_device *dev);
95 static int ndisc_constructor(struct neighbour *neigh);
96 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
97 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
98 static int pndisc_constructor(struct pneigh_entry *n);
99 static void pndisc_destructor(struct pneigh_entry *n);
100 static void pndisc_redo(struct sk_buff *skb);
102 static const struct neigh_ops ndisc_generic_ops = {
104 .solicit = ndisc_solicit,
105 .error_report = ndisc_error_report,
106 .output = neigh_resolve_output,
107 .connected_output = neigh_connected_output,
108 .hh_output = dev_queue_xmit,
109 .queue_xmit = dev_queue_xmit,
112 static const struct neigh_ops ndisc_hh_ops = {
114 .solicit = ndisc_solicit,
115 .error_report = ndisc_error_report,
116 .output = neigh_resolve_output,
117 .connected_output = neigh_resolve_output,
118 .hh_output = dev_queue_xmit,
119 .queue_xmit = dev_queue_xmit,
123 static const struct neigh_ops ndisc_direct_ops = {
125 .output = dev_queue_xmit,
126 .connected_output = dev_queue_xmit,
127 .hh_output = dev_queue_xmit,
128 .queue_xmit = dev_queue_xmit,
131 struct neigh_table nd_tbl = {
133 .entry_size = sizeof(struct neighbour) + sizeof(struct in6_addr),
134 .key_len = sizeof(struct in6_addr),
136 .constructor = ndisc_constructor,
137 .pconstructor = pndisc_constructor,
138 .pdestructor = pndisc_destructor,
139 .proxy_redo = pndisc_redo,
143 .base_reachable_time = 30 * HZ,
144 .retrans_time = 1 * HZ,
145 .gc_staletime = 60 * HZ,
146 .reachable_time = 30 * HZ,
147 .delay_probe_time = 5 * HZ,
151 .anycast_delay = 1 * HZ,
152 .proxy_delay = (8 * HZ) / 10,
155 .gc_interval = 30 * HZ,
162 struct ndisc_options {
163 struct nd_opt_hdr *nd_opt_array[__ND_OPT_ARRAY_MAX];
164 #ifdef CONFIG_IPV6_ROUTE_INFO
165 struct nd_opt_hdr *nd_opts_ri;
166 struct nd_opt_hdr *nd_opts_ri_end;
168 struct nd_opt_hdr *nd_useropts;
169 struct nd_opt_hdr *nd_useropts_end;
172 #define nd_opts_src_lladdr nd_opt_array[ND_OPT_SOURCE_LL_ADDR]
173 #define nd_opts_tgt_lladdr nd_opt_array[ND_OPT_TARGET_LL_ADDR]
174 #define nd_opts_pi nd_opt_array[ND_OPT_PREFIX_INFO]
175 #define nd_opts_pi_end nd_opt_array[__ND_OPT_PREFIX_INFO_END]
176 #define nd_opts_rh nd_opt_array[ND_OPT_REDIRECT_HDR]
177 #define nd_opts_mtu nd_opt_array[ND_OPT_MTU]
179 #define NDISC_OPT_SPACE(len) (((len)+2+7)&~7)
182 * Return the padding between the option length and the start of the
183 * link addr. Currently only IP-over-InfiniBand needs this, although
184 * if RFC 3831 IPv6-over-Fibre Channel is ever implemented it may
185 * also need a pad of 2.
187 static int ndisc_addr_option_pad(unsigned short type)
190 case ARPHRD_INFINIBAND: return 2;
195 static inline int ndisc_opt_addr_space(struct net_device *dev)
197 return NDISC_OPT_SPACE(dev->addr_len + ndisc_addr_option_pad(dev->type));
200 static u8 *ndisc_fill_addr_option(u8 *opt, int type, void *data, int data_len,
201 unsigned short addr_type)
203 int space = NDISC_OPT_SPACE(data_len);
204 int pad = ndisc_addr_option_pad(addr_type);
209 memset(opt + 2, 0, pad);
213 memcpy(opt+2, data, data_len);
216 if ((space -= data_len) > 0)
217 memset(opt, 0, space);
221 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
222 struct nd_opt_hdr *end)
225 if (!cur || !end || cur >= end)
227 type = cur->nd_opt_type;
229 cur = ((void *)cur) + (cur->nd_opt_len << 3);
230 } while(cur < end && cur->nd_opt_type != type);
231 return (cur <= end && cur->nd_opt_type == type ? cur : NULL);
234 static inline int ndisc_is_useropt(struct nd_opt_hdr *opt)
236 return (opt->nd_opt_type == ND_OPT_RDNSS);
239 static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur,
240 struct nd_opt_hdr *end)
242 if (!cur || !end || cur >= end)
245 cur = ((void *)cur) + (cur->nd_opt_len << 3);
246 } while(cur < end && !ndisc_is_useropt(cur));
247 return (cur <= end && ndisc_is_useropt(cur) ? cur : NULL);
250 static struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
251 struct ndisc_options *ndopts)
253 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
255 if (!nd_opt || opt_len < 0 || !ndopts)
257 memset(ndopts, 0, sizeof(*ndopts));
260 if (opt_len < sizeof(struct nd_opt_hdr))
262 l = nd_opt->nd_opt_len << 3;
263 if (opt_len < l || l == 0)
265 switch (nd_opt->nd_opt_type) {
266 case ND_OPT_SOURCE_LL_ADDR:
267 case ND_OPT_TARGET_LL_ADDR:
269 case ND_OPT_REDIRECT_HDR:
270 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
271 ND_PRINTK2(KERN_WARNING
272 "%s(): duplicated ND6 option found: type=%d\n",
274 nd_opt->nd_opt_type);
276 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
279 case ND_OPT_PREFIX_INFO:
280 ndopts->nd_opts_pi_end = nd_opt;
281 if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
282 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
284 #ifdef CONFIG_IPV6_ROUTE_INFO
285 case ND_OPT_ROUTE_INFO:
286 ndopts->nd_opts_ri_end = nd_opt;
287 if (!ndopts->nd_opts_ri)
288 ndopts->nd_opts_ri = nd_opt;
292 if (ndisc_is_useropt(nd_opt)) {
293 ndopts->nd_useropts_end = nd_opt;
294 if (!ndopts->nd_useropts)
295 ndopts->nd_useropts = nd_opt;
298 * Unknown options must be silently ignored,
299 * to accommodate future extension to the
302 ND_PRINTK2(KERN_NOTICE
303 "%s(): ignored unsupported option; type=%d, len=%d\n",
305 nd_opt->nd_opt_type, nd_opt->nd_opt_len);
309 nd_opt = ((void *)nd_opt) + l;
314 static inline u8 *ndisc_opt_addr_data(struct nd_opt_hdr *p,
315 struct net_device *dev)
317 u8 *lladdr = (u8 *)(p + 1);
318 int lladdrlen = p->nd_opt_len << 3;
319 int prepad = ndisc_addr_option_pad(dev->type);
320 if (lladdrlen != NDISC_OPT_SPACE(dev->addr_len + prepad))
322 return (lladdr + prepad);
325 int ndisc_mc_map(struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
329 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */
331 ipv6_eth_mc_map(addr, buf);
333 case ARPHRD_IEEE802_TR:
334 ipv6_tr_mc_map(addr,buf);
337 ipv6_arcnet_mc_map(addr, buf);
339 case ARPHRD_INFINIBAND:
340 ipv6_ib_mc_map(addr, dev->broadcast, buf);
344 memcpy(buf, dev->broadcast, dev->addr_len);
351 EXPORT_SYMBOL(ndisc_mc_map);
353 static u32 ndisc_hash(const void *pkey, const struct net_device *dev)
355 const u32 *p32 = pkey;
359 for (i = 0; i < (sizeof(struct in6_addr) / sizeof(u32)); i++)
362 return jhash_2words(addr_hash, dev->ifindex, nd_tbl.hash_rnd);
365 static int ndisc_constructor(struct neighbour *neigh)
367 struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key;
368 struct net_device *dev = neigh->dev;
369 struct inet6_dev *in6_dev;
370 struct neigh_parms *parms;
371 int is_multicast = ipv6_addr_is_multicast(addr);
374 in6_dev = in6_dev_get(dev);
375 if (in6_dev == NULL) {
380 parms = in6_dev->nd_parms;
381 __neigh_parms_put(neigh->parms);
382 neigh->parms = neigh_parms_clone(parms);
385 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
386 if (!dev->header_ops) {
387 neigh->nud_state = NUD_NOARP;
388 neigh->ops = &ndisc_direct_ops;
389 neigh->output = neigh->ops->queue_xmit;
392 neigh->nud_state = NUD_NOARP;
393 ndisc_mc_map(addr, neigh->ha, dev, 1);
394 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
395 neigh->nud_state = NUD_NOARP;
396 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
397 if (dev->flags&IFF_LOOPBACK)
398 neigh->type = RTN_LOCAL;
399 } else if (dev->flags&IFF_POINTOPOINT) {
400 neigh->nud_state = NUD_NOARP;
401 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
403 if (dev->header_ops->cache)
404 neigh->ops = &ndisc_hh_ops;
406 neigh->ops = &ndisc_generic_ops;
407 if (neigh->nud_state&NUD_VALID)
408 neigh->output = neigh->ops->connected_output;
410 neigh->output = neigh->ops->output;
412 in6_dev_put(in6_dev);
416 static int pndisc_constructor(struct pneigh_entry *n)
418 struct in6_addr *addr = (struct in6_addr*)&n->key;
419 struct in6_addr maddr;
420 struct net_device *dev = n->dev;
422 if (dev == NULL || __in6_dev_get(dev) == NULL)
424 addrconf_addr_solict_mult(addr, &maddr);
425 ipv6_dev_mc_inc(dev, &maddr);
429 static void pndisc_destructor(struct pneigh_entry *n)
431 struct in6_addr *addr = (struct in6_addr*)&n->key;
432 struct in6_addr maddr;
433 struct net_device *dev = n->dev;
435 if (dev == NULL || __in6_dev_get(dev) == NULL)
437 addrconf_addr_solict_mult(addr, &maddr);
438 ipv6_dev_mc_dec(dev, &maddr);
441 struct sk_buff *ndisc_build_skb(struct net_device *dev,
442 const struct in6_addr *daddr,
443 const struct in6_addr *saddr,
444 struct icmp6hdr *icmp6h,
445 const struct in6_addr *target,
448 struct net *net = dev_net(dev);
449 struct sock *sk = net->ipv6.ndisc_sk;
451 struct icmp6hdr *hdr;
459 len = sizeof(struct icmp6hdr) + (target ? sizeof(*target) : 0);
461 len += ndisc_opt_addr_space(dev);
463 skb = sock_alloc_send_skb(sk,
464 (MAX_HEADER + sizeof(struct ipv6hdr) +
465 len + LL_ALLOCATED_SPACE(dev)),
469 "ICMPv6 ND: %s() failed to allocate an skb, err=%d.\n",
474 skb_reserve(skb, LL_RESERVED_SPACE(dev));
475 ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len);
477 skb->transport_header = skb->tail;
480 hdr = (struct icmp6hdr *)skb_transport_header(skb);
481 memcpy(hdr, icmp6h, sizeof(*hdr));
483 opt = skb_transport_header(skb) + sizeof(struct icmp6hdr);
485 ipv6_addr_copy((struct in6_addr *)opt, target);
486 opt += sizeof(*target);
490 ndisc_fill_addr_option(opt, llinfo, dev->dev_addr,
491 dev->addr_len, dev->type);
493 hdr->icmp6_cksum = csum_ipv6_magic(saddr, daddr, len,
501 EXPORT_SYMBOL(ndisc_build_skb);
503 void ndisc_send_skb(struct sk_buff *skb,
504 struct net_device *dev,
505 struct neighbour *neigh,
506 const struct in6_addr *daddr,
507 const struct in6_addr *saddr,
508 struct icmp6hdr *icmp6h)
511 struct dst_entry *dst;
512 struct net *net = dev_net(dev);
513 struct sock *sk = net->ipv6.ndisc_sk;
514 struct inet6_dev *idev;
518 type = icmp6h->icmp6_type;
520 icmpv6_flow_init(sk, &fl, type, saddr, daddr, dev->ifindex);
522 dst = icmp6_dst_alloc(dev, neigh, daddr);
528 err = xfrm_lookup(net, &dst, &fl, NULL, 0);
534 skb_dst_set(skb, dst);
536 idev = in6_dev_get(dst->dev);
537 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
539 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev,
542 ICMP6MSGOUT_INC_STATS(net, idev, type);
543 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
546 if (likely(idev != NULL))
550 EXPORT_SYMBOL(ndisc_send_skb);
553 * Send a Neighbour Discover packet
555 static void __ndisc_send(struct net_device *dev,
556 struct neighbour *neigh,
557 const struct in6_addr *daddr,
558 const struct in6_addr *saddr,
559 struct icmp6hdr *icmp6h, const struct in6_addr *target,
564 skb = ndisc_build_skb(dev, daddr, saddr, icmp6h, target, llinfo);
568 ndisc_send_skb(skb, dev, neigh, daddr, saddr, icmp6h);
571 static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
572 const struct in6_addr *daddr,
573 const struct in6_addr *solicited_addr,
574 int router, int solicited, int override, int inc_opt)
576 struct in6_addr tmpaddr;
577 struct inet6_ifaddr *ifp;
578 const struct in6_addr *src_addr;
579 struct icmp6hdr icmp6h = {
580 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
583 /* for anycast or proxy, solicited_addr != src_addr */
584 ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
586 src_addr = solicited_addr;
587 if (ifp->flags & IFA_F_OPTIMISTIC)
591 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
592 inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
598 icmp6h.icmp6_router = router;
599 icmp6h.icmp6_solicited = solicited;
600 icmp6h.icmp6_override = override;
602 inc_opt |= ifp->idev->cnf.force_tllao;
603 __ndisc_send(dev, neigh, daddr, src_addr,
604 &icmp6h, solicited_addr,
605 inc_opt ? ND_OPT_TARGET_LL_ADDR : 0);
608 void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh,
609 const struct in6_addr *solicit,
610 const struct in6_addr *daddr, const struct in6_addr *saddr)
612 struct in6_addr addr_buf;
613 struct icmp6hdr icmp6h = {
614 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
618 if (ipv6_get_lladdr(dev, &addr_buf,
619 (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
624 __ndisc_send(dev, neigh, daddr, saddr,
626 !ipv6_addr_any(saddr) ? ND_OPT_SOURCE_LL_ADDR : 0);
629 void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
630 const struct in6_addr *daddr)
632 struct icmp6hdr icmp6h = {
633 .icmp6_type = NDISC_ROUTER_SOLICITATION,
635 int send_sllao = dev->addr_len;
637 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
639 * According to section 2.2 of RFC 4429, we must not
640 * send router solicitations with a sllao from
641 * optimistic addresses, but we may send the solicitation
642 * if we don't include the sllao. So here we check
643 * if our address is optimistic, and if so, we
644 * suppress the inclusion of the sllao.
647 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
650 if (ifp->flags & IFA_F_OPTIMISTIC) {
659 __ndisc_send(dev, NULL, daddr, saddr,
661 send_sllao ? ND_OPT_SOURCE_LL_ADDR : 0);
665 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
668 * "The sender MUST return an ICMP
669 * destination unreachable"
671 dst_link_failure(skb);
675 /* Called with locked neigh: either read or both */
677 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
679 struct in6_addr *saddr = NULL;
680 struct in6_addr mcaddr;
681 struct net_device *dev = neigh->dev;
682 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
683 int probes = atomic_read(&neigh->probes);
685 if (skb && ipv6_chk_addr(dev_net(dev), &ipv6_hdr(skb)->saddr, dev, 1))
686 saddr = &ipv6_hdr(skb)->saddr;
688 if ((probes -= neigh->parms->ucast_probes) < 0) {
689 if (!(neigh->nud_state & NUD_VALID)) {
690 ND_PRINTK1(KERN_DEBUG "%s(): trying to ucast probe in NUD_INVALID: %pI6\n",
693 ndisc_send_ns(dev, neigh, target, target, saddr);
694 } else if ((probes -= neigh->parms->app_probes) < 0) {
699 addrconf_addr_solict_mult(target, &mcaddr);
700 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr);
704 static int pndisc_is_router(const void *pkey,
705 struct net_device *dev)
707 struct pneigh_entry *n;
710 read_lock_bh(&nd_tbl.lock);
711 n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
713 ret = !!(n->flags & NTF_ROUTER);
714 read_unlock_bh(&nd_tbl.lock);
719 static void ndisc_recv_ns(struct sk_buff *skb)
721 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
722 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
723 struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
725 u32 ndoptlen = skb->tail - (skb->transport_header +
726 offsetof(struct nd_msg, opt));
727 struct ndisc_options ndopts;
728 struct net_device *dev = skb->dev;
729 struct inet6_ifaddr *ifp;
730 struct inet6_dev *idev = NULL;
731 struct neighbour *neigh;
732 int dad = ipv6_addr_any(saddr);
736 if (ipv6_addr_is_multicast(&msg->target)) {
737 ND_PRINTK2(KERN_WARNING
738 "ICMPv6 NS: multicast target address");
744 * DAD has to be destined for solicited node multicast address.
747 !(daddr->s6_addr32[0] == htonl(0xff020000) &&
748 daddr->s6_addr32[1] == htonl(0x00000000) &&
749 daddr->s6_addr32[2] == htonl(0x00000001) &&
750 daddr->s6_addr [12] == 0xff )) {
751 ND_PRINTK2(KERN_WARNING
752 "ICMPv6 NS: bad DAD packet (wrong destination)\n");
756 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
757 ND_PRINTK2(KERN_WARNING
758 "ICMPv6 NS: invalid ND options\n");
762 if (ndopts.nd_opts_src_lladdr) {
763 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
765 ND_PRINTK2(KERN_WARNING
766 "ICMPv6 NS: invalid link-layer address length\n");
771 * If the IP source address is the unspecified address,
772 * there MUST NOT be source link-layer address option
776 ND_PRINTK2(KERN_WARNING
777 "ICMPv6 NS: bad DAD packet (link-layer address option)\n");
782 inc = ipv6_addr_is_multicast(daddr);
784 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
787 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
789 if (dev->type == ARPHRD_IEEE802_TR) {
790 const unsigned char *sadr;
791 sadr = skb_mac_header(skb);
792 if (((sadr[8] ^ dev->dev_addr[0]) & 0x7f) == 0 &&
793 sadr[9] == dev->dev_addr[1] &&
794 sadr[10] == dev->dev_addr[2] &&
795 sadr[11] == dev->dev_addr[3] &&
796 sadr[12] == dev->dev_addr[4] &&
797 sadr[13] == dev->dev_addr[5]) {
798 /* looped-back to us */
804 * We are colliding with another node
806 * so fail our DAD process
808 addrconf_dad_failure(ifp);
812 * This is not a dad solicitation.
813 * If we are an optimistic node,
815 * Otherwise, we should ignore it.
817 if (!(ifp->flags & IFA_F_OPTIMISTIC))
824 struct net *net = dev_net(dev);
826 idev = in6_dev_get(dev);
828 /* XXX: count this drop? */
832 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
833 (idev->cnf.forwarding &&
834 (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
835 (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
836 if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
837 skb->pkt_type != PACKET_HOST &&
839 idev->nd_parms->proxy_delay != 0) {
841 * for anycast or proxy,
842 * sender should delay its response
843 * by a random time between 0 and
844 * MAX_ANYCAST_DELAY_TIME seconds.
845 * (RFC2461) -- yoshfuji
847 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
849 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
857 is_router = !!idev->cnf.forwarding;
860 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &msg->target,
861 is_router, 0, (ifp != NULL), 1);
866 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
868 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
871 * update / create cache entry
872 * for the source address
874 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
875 !inc || lladdr || !dev->addr_len);
877 neigh_update(neigh, lladdr, NUD_STALE,
878 NEIGH_UPDATE_F_WEAK_OVERRIDE|
879 NEIGH_UPDATE_F_OVERRIDE);
880 if (neigh || !dev->header_ops) {
881 ndisc_send_na(dev, neigh, saddr, &msg->target,
883 1, (ifp != NULL && inc), inc);
885 neigh_release(neigh);
897 static void ndisc_recv_na(struct sk_buff *skb)
899 struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
900 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
901 struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
903 u32 ndoptlen = skb->tail - (skb->transport_header +
904 offsetof(struct nd_msg, opt));
905 struct ndisc_options ndopts;
906 struct net_device *dev = skb->dev;
907 struct inet6_ifaddr *ifp;
908 struct neighbour *neigh;
910 if (skb->len < sizeof(struct nd_msg)) {
911 ND_PRINTK2(KERN_WARNING
912 "ICMPv6 NA: packet too short\n");
916 if (ipv6_addr_is_multicast(&msg->target)) {
917 ND_PRINTK2(KERN_WARNING
918 "ICMPv6 NA: target address is multicast.\n");
922 if (ipv6_addr_is_multicast(daddr) &&
923 msg->icmph.icmp6_solicited) {
924 ND_PRINTK2(KERN_WARNING
925 "ICMPv6 NA: solicited NA is multicasted.\n");
929 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
930 ND_PRINTK2(KERN_WARNING
931 "ICMPv6 NS: invalid ND option\n");
934 if (ndopts.nd_opts_tgt_lladdr) {
935 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
937 ND_PRINTK2(KERN_WARNING
938 "ICMPv6 NA: invalid link-layer address length\n");
942 ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
944 if (ifp->flags & IFA_F_TENTATIVE) {
945 addrconf_dad_failure(ifp);
948 /* What should we make now? The advertisement
949 is invalid, but ndisc specs say nothing
950 about it. It could be misconfiguration, or
951 an smart proxy agent tries to help us :-)
953 We should not print the error if NA has been
954 received from loopback - it is just our own
955 unsolicited advertisement.
957 if (skb->pkt_type != PACKET_LOOPBACK)
958 ND_PRINTK1(KERN_WARNING
959 "ICMPv6 NA: someone advertises our address %pI6 on %s!\n",
960 &ifp->addr, ifp->idev->dev->name);
964 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
967 u8 old_flags = neigh->flags;
968 struct net *net = dev_net(dev);
970 if (neigh->nud_state & NUD_FAILED)
974 * Don't update the neighbor cache entry on a proxy NA from
975 * ourselves because either the proxied node is off link or it
976 * has already sent a NA to us.
978 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
979 net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
980 pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
981 /* XXX: idev->cnf.prixy_ndp */
985 neigh_update(neigh, lladdr,
986 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
987 NEIGH_UPDATE_F_WEAK_OVERRIDE|
988 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
989 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
990 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0));
992 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
994 * Change: router to host
997 rt = rt6_get_dflt_router(saddr, dev);
1003 neigh_release(neigh);
1007 static void ndisc_recv_rs(struct sk_buff *skb)
1009 struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
1010 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
1011 struct neighbour *neigh;
1012 struct inet6_dev *idev;
1013 struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
1014 struct ndisc_options ndopts;
1017 if (skb->len < sizeof(*rs_msg))
1020 idev = in6_dev_get(skb->dev);
1022 if (net_ratelimit())
1023 ND_PRINTK1("ICMP6 RS: can't find in6 device\n");
1027 /* Don't accept RS if we're not in router mode */
1028 if (!idev->cnf.forwarding)
1032 * Don't update NCE if src = ::;
1033 * this implies that the source node has no ip address assigned yet.
1035 if (ipv6_addr_any(saddr))
1038 /* Parse ND options */
1039 if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) {
1040 if (net_ratelimit())
1041 ND_PRINTK2("ICMP6 NS: invalid ND option, ignored\n");
1045 if (ndopts.nd_opts_src_lladdr) {
1046 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1052 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1054 neigh_update(neigh, lladdr, NUD_STALE,
1055 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1056 NEIGH_UPDATE_F_OVERRIDE|
1057 NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
1058 neigh_release(neigh);
1064 static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1066 struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1067 struct sk_buff *skb;
1068 struct nlmsghdr *nlh;
1069 struct nduseroptmsg *ndmsg;
1070 struct net *net = dev_net(ra->dev);
1072 int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1073 + (opt->nd_opt_len << 3));
1074 size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1076 skb = nlmsg_new(msg_size, GFP_ATOMIC);
1082 nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1084 goto nla_put_failure;
1087 ndmsg = nlmsg_data(nlh);
1088 ndmsg->nduseropt_family = AF_INET6;
1089 ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1090 ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1091 ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1092 ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1094 memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1096 NLA_PUT(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr),
1097 &ipv6_hdr(ra)->saddr);
1098 nlmsg_end(skb, nlh);
1100 rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1107 rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1110 static void ndisc_router_discovery(struct sk_buff *skb)
1112 struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1113 struct neighbour *neigh = NULL;
1114 struct inet6_dev *in6_dev;
1115 struct rt6_info *rt = NULL;
1117 struct ndisc_options ndopts;
1119 unsigned int pref = 0;
1121 __u8 * opt = (__u8 *)(ra_msg + 1);
1123 optlen = (skb->tail - skb->transport_header) - sizeof(struct ra_msg);
1125 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1126 ND_PRINTK2(KERN_WARNING
1127 "ICMPv6 RA: source address is not link-local.\n");
1131 ND_PRINTK2(KERN_WARNING
1132 "ICMPv6 RA: packet too short\n");
1136 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1137 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1138 ND_PRINTK2(KERN_WARNING
1139 "ICMPv6 RA: from host or unauthorized router\n");
1145 * set the RA_RECV flag in the interface
1148 in6_dev = in6_dev_get(skb->dev);
1149 if (in6_dev == NULL) {
1151 "ICMPv6 RA: can't find inet6 device for %s.\n",
1156 if (!ndisc_parse_options(opt, optlen, &ndopts)) {
1157 in6_dev_put(in6_dev);
1158 ND_PRINTK2(KERN_WARNING
1159 "ICMP6 RA: invalid ND options\n");
1163 /* skip route and link configuration on routers */
1164 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_ra)
1165 goto skip_linkparms;
1167 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1168 /* skip link-specific parameters from interior routers */
1169 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1170 goto skip_linkparms;
1173 if (in6_dev->if_flags & IF_RS_SENT) {
1175 * flag that an RA was received after an RS was sent
1176 * out on this interface.
1178 in6_dev->if_flags |= IF_RA_RCVD;
1182 * Remember the managed/otherconf flags from most recently
1183 * received RA message (RFC 2462) -- yoshfuji
1185 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1187 (ra_msg->icmph.icmp6_addrconf_managed ?
1188 IF_RA_MANAGED : 0) |
1189 (ra_msg->icmph.icmp6_addrconf_other ?
1190 IF_RA_OTHERCONF : 0);
1192 if (!in6_dev->cnf.accept_ra_defrtr)
1195 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1197 #ifdef CONFIG_IPV6_ROUTER_PREF
1198 pref = ra_msg->icmph.icmp6_router_pref;
1199 /* 10b is handled as if it were 00b (medium) */
1200 if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1201 !in6_dev->cnf.accept_ra_rtr_pref)
1202 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1205 rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1208 neigh = rt->rt6i_nexthop;
1210 if (rt && lifetime == 0) {
1216 if (rt == NULL && lifetime) {
1217 ND_PRINTK3(KERN_DEBUG
1218 "ICMPv6 RA: adding default router.\n");
1220 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
1223 "ICMPv6 RA: %s() failed to add default route.\n",
1225 in6_dev_put(in6_dev);
1229 neigh = rt->rt6i_nexthop;
1230 if (neigh == NULL) {
1232 "ICMPv6 RA: %s() got default router without neighbour.\n",
1234 dst_release(&rt->u.dst);
1235 in6_dev_put(in6_dev);
1238 neigh->flags |= NTF_ROUTER;
1240 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1244 rt->rt6i_expires = jiffies + (HZ * lifetime);
1246 if (ra_msg->icmph.icmp6_hop_limit) {
1247 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1249 rt->u.dst.metrics[RTAX_HOPLIMIT-1] = ra_msg->icmph.icmp6_hop_limit;
1255 * Update Reachable Time and Retrans Timer
1258 if (in6_dev->nd_parms) {
1259 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1261 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1262 rtime = (rtime*HZ)/1000;
1265 in6_dev->nd_parms->retrans_time = rtime;
1266 in6_dev->tstamp = jiffies;
1267 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1270 rtime = ntohl(ra_msg->reachable_time);
1271 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1272 rtime = (rtime*HZ)/1000;
1277 if (rtime != in6_dev->nd_parms->base_reachable_time) {
1278 in6_dev->nd_parms->base_reachable_time = rtime;
1279 in6_dev->nd_parms->gc_staletime = 3 * rtime;
1280 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1281 in6_dev->tstamp = jiffies;
1282 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1294 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1298 if (ndopts.nd_opts_src_lladdr) {
1299 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1302 ND_PRINTK2(KERN_WARNING
1303 "ICMPv6 RA: invalid link-layer address length\n");
1307 neigh_update(neigh, lladdr, NUD_STALE,
1308 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1309 NEIGH_UPDATE_F_OVERRIDE|
1310 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1311 NEIGH_UPDATE_F_ISROUTER);
1314 /* skip route and link configuration on routers */
1315 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_ra)
1318 #ifdef CONFIG_IPV6_ROUTE_INFO
1319 if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1320 struct nd_opt_hdr *p;
1321 for (p = ndopts.nd_opts_ri;
1323 p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1324 struct route_info *ri = (struct route_info *)p;
1325 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1326 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1327 ri->prefix_len == 0)
1330 if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1332 rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3,
1333 &ipv6_hdr(skb)->saddr);
1338 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1339 /* skip link-specific ndopts from interior routers */
1340 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1344 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1345 struct nd_opt_hdr *p;
1346 for (p = ndopts.nd_opts_pi;
1348 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1349 addrconf_prefix_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3);
1353 if (ndopts.nd_opts_mtu) {
1357 memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1360 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1361 ND_PRINTK2(KERN_WARNING
1362 "ICMPv6 RA: invalid mtu: %d\n",
1364 } else if (in6_dev->cnf.mtu6 != mtu) {
1365 in6_dev->cnf.mtu6 = mtu;
1368 rt->u.dst.metrics[RTAX_MTU-1] = mtu;
1370 rt6_mtu_change(skb->dev, mtu);
1374 if (ndopts.nd_useropts) {
1375 struct nd_opt_hdr *p;
1376 for (p = ndopts.nd_useropts;
1378 p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) {
1379 ndisc_ra_useropt(skb, p);
1383 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1384 ND_PRINTK2(KERN_WARNING
1385 "ICMPv6 RA: invalid RA options");
1389 dst_release(&rt->u.dst);
1391 neigh_release(neigh);
1392 in6_dev_put(in6_dev);
1395 static void ndisc_redirect_rcv(struct sk_buff *skb)
1397 struct inet6_dev *in6_dev;
1398 struct icmp6hdr *icmph;
1399 struct in6_addr *dest;
1400 struct in6_addr *target; /* new first hop to destination */
1401 struct neighbour *neigh;
1403 struct ndisc_options ndopts;
1407 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1408 switch (skb->ndisc_nodetype) {
1409 case NDISC_NODETYPE_HOST:
1410 case NDISC_NODETYPE_NODEFAULT:
1411 ND_PRINTK2(KERN_WARNING
1412 "ICMPv6 Redirect: from host or unauthorized router\n");
1417 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1418 ND_PRINTK2(KERN_WARNING
1419 "ICMPv6 Redirect: source address is not link-local.\n");
1423 optlen = skb->tail - skb->transport_header;
1424 optlen -= sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1427 ND_PRINTK2(KERN_WARNING
1428 "ICMPv6 Redirect: packet too short\n");
1432 icmph = icmp6_hdr(skb);
1433 target = (struct in6_addr *) (icmph + 1);
1436 if (ipv6_addr_is_multicast(dest)) {
1437 ND_PRINTK2(KERN_WARNING
1438 "ICMPv6 Redirect: destination address is multicast.\n");
1442 if (ipv6_addr_equal(dest, target)) {
1444 } else if (ipv6_addr_type(target) !=
1445 (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1446 ND_PRINTK2(KERN_WARNING
1447 "ICMPv6 Redirect: target address is not link-local unicast.\n");
1451 in6_dev = in6_dev_get(skb->dev);
1454 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects) {
1455 in6_dev_put(in6_dev);
1460 * The IP source address of the Redirect MUST be the same as the current
1461 * first-hop router for the specified ICMP Destination Address.
1464 if (!ndisc_parse_options((u8*)(dest + 1), optlen, &ndopts)) {
1465 ND_PRINTK2(KERN_WARNING
1466 "ICMPv6 Redirect: invalid ND options\n");
1467 in6_dev_put(in6_dev);
1470 if (ndopts.nd_opts_tgt_lladdr) {
1471 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr,
1474 ND_PRINTK2(KERN_WARNING
1475 "ICMPv6 Redirect: invalid link-layer address length\n");
1476 in6_dev_put(in6_dev);
1481 neigh = __neigh_lookup(&nd_tbl, target, skb->dev, 1);
1483 rt6_redirect(dest, &ipv6_hdr(skb)->daddr,
1484 &ipv6_hdr(skb)->saddr, neigh, lladdr,
1486 neigh_release(neigh);
1488 in6_dev_put(in6_dev);
1491 void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh,
1492 const struct in6_addr *target)
1494 struct net_device *dev = skb->dev;
1495 struct net *net = dev_net(dev);
1496 struct sock *sk = net->ipv6.ndisc_sk;
1497 int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1498 struct sk_buff *buff;
1499 struct icmp6hdr *icmph;
1500 struct in6_addr saddr_buf;
1501 struct in6_addr *addrp;
1502 struct rt6_info *rt;
1503 struct dst_entry *dst;
1504 struct inet6_dev *idev;
1509 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL;
1511 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1512 ND_PRINTK2(KERN_WARNING
1513 "ICMPv6 Redirect: no link-local address on %s\n",
1518 if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1519 ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1520 ND_PRINTK2(KERN_WARNING
1521 "ICMPv6 Redirect: target address is not link-local unicast.\n");
1525 icmpv6_flow_init(sk, &fl, NDISC_REDIRECT,
1526 &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1528 dst = ip6_route_output(net, NULL, &fl);
1532 err = xfrm_lookup(net, &dst, &fl, NULL, 0);
1536 rt = (struct rt6_info *) dst;
1538 if (rt->rt6i_flags & RTF_GATEWAY) {
1539 ND_PRINTK2(KERN_WARNING
1540 "ICMPv6 Redirect: destination is not a neighbour.\n");
1543 if (!xrlim_allow(dst, 1*HZ))
1546 if (dev->addr_len) {
1547 read_lock_bh(&neigh->lock);
1548 if (neigh->nud_state & NUD_VALID) {
1549 memcpy(ha_buf, neigh->ha, dev->addr_len);
1550 read_unlock_bh(&neigh->lock);
1552 len += ndisc_opt_addr_space(dev);
1554 read_unlock_bh(&neigh->lock);
1557 rd_len = min_t(unsigned int,
1558 IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8);
1562 buff = sock_alloc_send_skb(sk,
1563 (MAX_HEADER + sizeof(struct ipv6hdr) +
1564 len + LL_ALLOCATED_SPACE(dev)),
1568 "ICMPv6 Redirect: %s() failed to allocate an skb, err=%d.\n",
1573 skb_reserve(buff, LL_RESERVED_SPACE(dev));
1574 ip6_nd_hdr(sk, buff, dev, &saddr_buf, &ipv6_hdr(skb)->saddr,
1575 IPPROTO_ICMPV6, len);
1577 skb_set_transport_header(buff, skb_tail_pointer(buff) - buff->data);
1579 icmph = icmp6_hdr(buff);
1581 memset(icmph, 0, sizeof(struct icmp6hdr));
1582 icmph->icmp6_type = NDISC_REDIRECT;
1585 * copy target and destination addresses
1588 addrp = (struct in6_addr *)(icmph + 1);
1589 ipv6_addr_copy(addrp, target);
1591 ipv6_addr_copy(addrp, &ipv6_hdr(skb)->daddr);
1593 opt = (u8*) (addrp + 1);
1596 * include target_address option
1600 opt = ndisc_fill_addr_option(opt, ND_OPT_TARGET_LL_ADDR, ha,
1601 dev->addr_len, dev->type);
1604 * build redirect option and copy skb over to the new packet.
1608 *(opt++) = ND_OPT_REDIRECT_HDR;
1609 *(opt++) = (rd_len >> 3);
1612 memcpy(opt, ipv6_hdr(skb), rd_len - 8);
1614 icmph->icmp6_cksum = csum_ipv6_magic(&saddr_buf, &ipv6_hdr(skb)->saddr,
1615 len, IPPROTO_ICMPV6,
1616 csum_partial(icmph, len, 0));
1618 skb_dst_set(buff, dst);
1619 idev = in6_dev_get(dst->dev);
1620 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
1621 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, buff, NULL, dst->dev,
1624 ICMP6MSGOUT_INC_STATS(net, idev, NDISC_REDIRECT);
1625 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
1628 if (likely(idev != NULL))
1636 static void pndisc_redo(struct sk_buff *skb)
1642 int ndisc_rcv(struct sk_buff *skb)
1646 if (!pskb_may_pull(skb, skb->len))
1649 msg = (struct nd_msg *)skb_transport_header(skb);
1651 __skb_push(skb, skb->data - skb_transport_header(skb));
1653 if (ipv6_hdr(skb)->hop_limit != 255) {
1654 ND_PRINTK2(KERN_WARNING
1655 "ICMPv6 NDISC: invalid hop-limit: %d\n",
1656 ipv6_hdr(skb)->hop_limit);
1660 if (msg->icmph.icmp6_code != 0) {
1661 ND_PRINTK2(KERN_WARNING
1662 "ICMPv6 NDISC: invalid ICMPv6 code: %d\n",
1663 msg->icmph.icmp6_code);
1667 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1669 switch (msg->icmph.icmp6_type) {
1670 case NDISC_NEIGHBOUR_SOLICITATION:
1674 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1678 case NDISC_ROUTER_SOLICITATION:
1682 case NDISC_ROUTER_ADVERTISEMENT:
1683 ndisc_router_discovery(skb);
1686 case NDISC_REDIRECT:
1687 ndisc_redirect_rcv(skb);
1694 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1696 struct net_device *dev = ptr;
1697 struct net *net = dev_net(dev);
1700 case NETDEV_CHANGEADDR:
1701 neigh_changeaddr(&nd_tbl, dev);
1702 fib6_run_gc(~0UL, net);
1705 neigh_ifdown(&nd_tbl, dev);
1706 fib6_run_gc(~0UL, net);
1715 static struct notifier_block ndisc_netdev_notifier = {
1716 .notifier_call = ndisc_netdev_event,
1719 #ifdef CONFIG_SYSCTL
1720 static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1721 const char *func, const char *dev_name)
1723 static char warncomm[TASK_COMM_LEN];
1725 if (strcmp(warncomm, current->comm) && warned < 5) {
1726 strcpy(warncomm, current->comm);
1728 "process `%s' is using deprecated sysctl (%s) "
1729 "net.ipv6.neigh.%s.%s; "
1730 "Use net.ipv6.neigh.%s.%s_ms "
1733 dev_name, ctl->procname,
1734 dev_name, ctl->procname);
1739 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
1741 struct net_device *dev = ctl->extra1;
1742 struct inet6_dev *idev;
1745 if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1746 (strcmp(ctl->procname, "base_reachable_time") == 0))
1747 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1749 if (strcmp(ctl->procname, "retrans_time") == 0)
1750 ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
1752 else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1753 ret = proc_dointvec_jiffies(ctl, write,
1754 buffer, lenp, ppos);
1756 else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1757 (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1758 ret = proc_dointvec_ms_jiffies(ctl, write,
1759 buffer, lenp, ppos);
1763 if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1764 if (ctl->data == &idev->nd_parms->base_reachable_time)
1765 idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time);
1766 idev->tstamp = jiffies;
1767 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1776 static int __net_init ndisc_net_init(struct net *net)
1778 struct ipv6_pinfo *np;
1782 err = inet_ctl_sock_create(&sk, PF_INET6,
1783 SOCK_RAW, IPPROTO_ICMPV6, net);
1786 "ICMPv6 NDISC: Failed to initialize the control socket (err %d).\n",
1791 net->ipv6.ndisc_sk = sk;
1794 np->hop_limit = 255;
1795 /* Do not loopback ndisc messages */
1801 static void __net_exit ndisc_net_exit(struct net *net)
1803 inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1806 static struct pernet_operations ndisc_net_ops = {
1807 .init = ndisc_net_init,
1808 .exit = ndisc_net_exit,
1811 int __init ndisc_init(void)
1815 err = register_pernet_subsys(&ndisc_net_ops);
1819 * Initialize the neighbour table
1821 neigh_table_init(&nd_tbl);
1823 #ifdef CONFIG_SYSCTL
1824 err = neigh_sysctl_register(NULL, &nd_tbl.parms, "ipv6",
1825 &ndisc_ifinfo_sysctl_change);
1827 goto out_unregister_pernet;
1829 err = register_netdevice_notifier(&ndisc_netdev_notifier);
1831 goto out_unregister_sysctl;
1835 out_unregister_sysctl:
1836 #ifdef CONFIG_SYSCTL
1837 neigh_sysctl_unregister(&nd_tbl.parms);
1838 out_unregister_pernet:
1840 unregister_pernet_subsys(&ndisc_net_ops);
1844 void ndisc_cleanup(void)
1846 unregister_netdevice_notifier(&ndisc_netdev_notifier);
1847 #ifdef CONFIG_SYSCTL
1848 neigh_sysctl_unregister(&nd_tbl.parms);
1850 neigh_table_clear(&nd_tbl);
1851 unregister_pernet_subsys(&ndisc_net_ops);
git.openpandora.org / pandora-kernel.git / blob