Merge tag 'keystone-dts-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/ssant...
[firefly-linux-kernel-4.4.55.git] / net / ipv6 / ndisc.c
1 /*
2  *      Neighbour Discovery for IPv6
3  *      Linux INET6 implementation
4  *
5  *      Authors:
6  *      Pedro Roque             <roque@di.fc.ul.pt>
7  *      Mike Shaver             <shaver@ingenia.com>
8  *
9  *      This program is free software; you can redistribute it and/or
10  *      modify it under the terms of the GNU General Public License
11  *      as published by the Free Software Foundation; either version
12  *      2 of the License, or (at your option) any later version.
13  */
14
15 /*
16  *      Changes:
17  *
18  *      Alexey I. Froloff               :       RFC6106 (DNSSL) support
19  *      Pierre Ynard                    :       export userland ND options
20  *                                              through netlink (RDNSS support)
21  *      Lars Fenneberg                  :       fixed MTU setting on receipt
22  *                                              of an RA.
23  *      Janos Farkas                    :       kmalloc failure checks
24  *      Alexey Kuznetsov                :       state machine reworked
25  *                                              and moved to net/core.
26  *      Pekka Savola                    :       RFC2461 validation
27  *      YOSHIFUJI Hideaki @USAGI        :       Verify ND options properly
28  */
29
30 #define pr_fmt(fmt) "ICMPv6: " fmt
31
32 #include <linux/module.h>
33 #include <linux/errno.h>
34 #include <linux/types.h>
35 #include <linux/socket.h>
36 #include <linux/sockios.h>
37 #include <linux/sched.h>
38 #include <linux/net.h>
39 #include <linux/in6.h>
40 #include <linux/route.h>
41 #include <linux/init.h>
42 #include <linux/rcupdate.h>
43 #include <linux/slab.h>
44 #ifdef CONFIG_SYSCTL
45 #include <linux/sysctl.h>
46 #endif
47
48 #include <linux/if_addr.h>
49 #include <linux/if_arp.h>
50 #include <linux/ipv6.h>
51 #include <linux/icmpv6.h>
52 #include <linux/jhash.h>
53
54 #include <net/sock.h>
55 #include <net/snmp.h>
56
57 #include <net/ipv6.h>
58 #include <net/protocol.h>
59 #include <net/ndisc.h>
60 #include <net/ip6_route.h>
61 #include <net/addrconf.h>
62 #include <net/icmp.h>
63
64 #include <net/netlink.h>
65 #include <linux/rtnetlink.h>
66
67 #include <net/flow.h>
68 #include <net/ip6_checksum.h>
69 #include <net/inet_common.h>
70 #include <linux/proc_fs.h>
71
72 #include <linux/netfilter.h>
73 #include <linux/netfilter_ipv6.h>
74
75 /* Set to 3 to get tracing... */
76 #define ND_DEBUG 1
77
78 #define ND_PRINTK(val, level, fmt, ...)                         \
79 do {                                                            \
80         if (val <= ND_DEBUG)                                    \
81                 net_##level##_ratelimited(fmt, ##__VA_ARGS__);  \
82 } while (0)
83
84 static u32 ndisc_hash(const void *pkey,
85                       const struct net_device *dev,
86                       __u32 *hash_rnd);
87 static bool ndisc_key_eq(const struct neighbour *neigh, const void *pkey);
88 static int ndisc_constructor(struct neighbour *neigh);
89 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
90 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
91 static int pndisc_constructor(struct pneigh_entry *n);
92 static void pndisc_destructor(struct pneigh_entry *n);
93 static void pndisc_redo(struct sk_buff *skb);
94
95 static const struct neigh_ops ndisc_generic_ops = {
96         .family =               AF_INET6,
97         .solicit =              ndisc_solicit,
98         .error_report =         ndisc_error_report,
99         .output =               neigh_resolve_output,
100         .connected_output =     neigh_connected_output,
101 };
102
103 static const struct neigh_ops ndisc_hh_ops = {
104         .family =               AF_INET6,
105         .solicit =              ndisc_solicit,
106         .error_report =         ndisc_error_report,
107         .output =               neigh_resolve_output,
108         .connected_output =     neigh_resolve_output,
109 };
110
111
112 static const struct neigh_ops ndisc_direct_ops = {
113         .family =               AF_INET6,
114         .output =               neigh_direct_output,
115         .connected_output =     neigh_direct_output,
116 };
117
118 struct neigh_table nd_tbl = {
119         .family =       AF_INET6,
120         .key_len =      sizeof(struct in6_addr),
121         .protocol =     cpu_to_be16(ETH_P_IPV6),
122         .hash =         ndisc_hash,
123         .key_eq =       ndisc_key_eq,
124         .constructor =  ndisc_constructor,
125         .pconstructor = pndisc_constructor,
126         .pdestructor =  pndisc_destructor,
127         .proxy_redo =   pndisc_redo,
128         .id =           "ndisc_cache",
129         .parms = {
130                 .tbl                    = &nd_tbl,
131                 .reachable_time         = ND_REACHABLE_TIME,
132                 .data = {
133                         [NEIGH_VAR_MCAST_PROBES] = 3,
134                         [NEIGH_VAR_UCAST_PROBES] = 3,
135                         [NEIGH_VAR_RETRANS_TIME] = ND_RETRANS_TIMER,
136                         [NEIGH_VAR_BASE_REACHABLE_TIME] = ND_REACHABLE_TIME,
137                         [NEIGH_VAR_DELAY_PROBE_TIME] = 5 * HZ,
138                         [NEIGH_VAR_GC_STALETIME] = 60 * HZ,
139                         [NEIGH_VAR_QUEUE_LEN_BYTES] = 64 * 1024,
140                         [NEIGH_VAR_PROXY_QLEN] = 64,
141                         [NEIGH_VAR_ANYCAST_DELAY] = 1 * HZ,
142                         [NEIGH_VAR_PROXY_DELAY] = (8 * HZ) / 10,
143                 },
144         },
145         .gc_interval =    30 * HZ,
146         .gc_thresh1 =    128,
147         .gc_thresh2 =    512,
148         .gc_thresh3 =   1024,
149 };
150
151 static void ndisc_fill_addr_option(struct sk_buff *skb, int type, void *data)
152 {
153         int pad   = ndisc_addr_option_pad(skb->dev->type);
154         int data_len = skb->dev->addr_len;
155         int space = ndisc_opt_addr_space(skb->dev);
156         u8 *opt = skb_put(skb, space);
157
158         opt[0] = type;
159         opt[1] = space>>3;
160
161         memset(opt + 2, 0, pad);
162         opt   += pad;
163         space -= pad;
164
165         memcpy(opt+2, data, data_len);
166         data_len += 2;
167         opt += data_len;
168         space -= data_len;
169         if (space > 0)
170                 memset(opt, 0, space);
171 }
172
173 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
174                                             struct nd_opt_hdr *end)
175 {
176         int type;
177         if (!cur || !end || cur >= end)
178                 return NULL;
179         type = cur->nd_opt_type;
180         do {
181                 cur = ((void *)cur) + (cur->nd_opt_len << 3);
182         } while (cur < end && cur->nd_opt_type != type);
183         return cur <= end && cur->nd_opt_type == type ? cur : NULL;
184 }
185
186 static inline int ndisc_is_useropt(struct nd_opt_hdr *opt)
187 {
188         return opt->nd_opt_type == ND_OPT_RDNSS ||
189                 opt->nd_opt_type == ND_OPT_DNSSL;
190 }
191
192 static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur,
193                                              struct nd_opt_hdr *end)
194 {
195         if (!cur || !end || cur >= end)
196                 return NULL;
197         do {
198                 cur = ((void *)cur) + (cur->nd_opt_len << 3);
199         } while (cur < end && !ndisc_is_useropt(cur));
200         return cur <= end && ndisc_is_useropt(cur) ? cur : NULL;
201 }
202
203 struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
204                                           struct ndisc_options *ndopts)
205 {
206         struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
207
208         if (!nd_opt || opt_len < 0 || !ndopts)
209                 return NULL;
210         memset(ndopts, 0, sizeof(*ndopts));
211         while (opt_len) {
212                 int l;
213                 if (opt_len < sizeof(struct nd_opt_hdr))
214                         return NULL;
215                 l = nd_opt->nd_opt_len << 3;
216                 if (opt_len < l || l == 0)
217                         return NULL;
218                 switch (nd_opt->nd_opt_type) {
219                 case ND_OPT_SOURCE_LL_ADDR:
220                 case ND_OPT_TARGET_LL_ADDR:
221                 case ND_OPT_MTU:
222                 case ND_OPT_REDIRECT_HDR:
223                         if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
224                                 ND_PRINTK(2, warn,
225                                           "%s: duplicated ND6 option found: type=%d\n",
226                                           __func__, nd_opt->nd_opt_type);
227                         } else {
228                                 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
229                         }
230                         break;
231                 case ND_OPT_PREFIX_INFO:
232                         ndopts->nd_opts_pi_end = nd_opt;
233                         if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
234                                 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
235                         break;
236 #ifdef CONFIG_IPV6_ROUTE_INFO
237                 case ND_OPT_ROUTE_INFO:
238                         ndopts->nd_opts_ri_end = nd_opt;
239                         if (!ndopts->nd_opts_ri)
240                                 ndopts->nd_opts_ri = nd_opt;
241                         break;
242 #endif
243                 default:
244                         if (ndisc_is_useropt(nd_opt)) {
245                                 ndopts->nd_useropts_end = nd_opt;
246                                 if (!ndopts->nd_useropts)
247                                         ndopts->nd_useropts = nd_opt;
248                         } else {
249                                 /*
250                                  * Unknown options must be silently ignored,
251                                  * to accommodate future extension to the
252                                  * protocol.
253                                  */
254                                 ND_PRINTK(2, notice,
255                                           "%s: ignored unsupported option; type=%d, len=%d\n",
256                                           __func__,
257                                           nd_opt->nd_opt_type,
258                                           nd_opt->nd_opt_len);
259                         }
260                 }
261                 opt_len -= l;
262                 nd_opt = ((void *)nd_opt) + l;
263         }
264         return ndopts;
265 }
266
267 int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
268 {
269         switch (dev->type) {
270         case ARPHRD_ETHER:
271         case ARPHRD_IEEE802:    /* Not sure. Check it later. --ANK */
272         case ARPHRD_FDDI:
273                 ipv6_eth_mc_map(addr, buf);
274                 return 0;
275         case ARPHRD_ARCNET:
276                 ipv6_arcnet_mc_map(addr, buf);
277                 return 0;
278         case ARPHRD_INFINIBAND:
279                 ipv6_ib_mc_map(addr, dev->broadcast, buf);
280                 return 0;
281         case ARPHRD_IPGRE:
282                 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
283         default:
284                 if (dir) {
285                         memcpy(buf, dev->broadcast, dev->addr_len);
286                         return 0;
287                 }
288         }
289         return -EINVAL;
290 }
291 EXPORT_SYMBOL(ndisc_mc_map);
292
293 static u32 ndisc_hash(const void *pkey,
294                       const struct net_device *dev,
295                       __u32 *hash_rnd)
296 {
297         return ndisc_hashfn(pkey, dev, hash_rnd);
298 }
299
300 static bool ndisc_key_eq(const struct neighbour *n, const void *pkey)
301 {
302         return neigh_key_eq128(n, pkey);
303 }
304
305 static int ndisc_constructor(struct neighbour *neigh)
306 {
307         struct in6_addr *addr = (struct in6_addr *)&neigh->primary_key;
308         struct net_device *dev = neigh->dev;
309         struct inet6_dev *in6_dev;
310         struct neigh_parms *parms;
311         bool is_multicast = ipv6_addr_is_multicast(addr);
312
313         in6_dev = in6_dev_get(dev);
314         if (!in6_dev) {
315                 return -EINVAL;
316         }
317
318         parms = in6_dev->nd_parms;
319         __neigh_parms_put(neigh->parms);
320         neigh->parms = neigh_parms_clone(parms);
321
322         neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
323         if (!dev->header_ops) {
324                 neigh->nud_state = NUD_NOARP;
325                 neigh->ops = &ndisc_direct_ops;
326                 neigh->output = neigh_direct_output;
327         } else {
328                 if (is_multicast) {
329                         neigh->nud_state = NUD_NOARP;
330                         ndisc_mc_map(addr, neigh->ha, dev, 1);
331                 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
332                         neigh->nud_state = NUD_NOARP;
333                         memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
334                         if (dev->flags&IFF_LOOPBACK)
335                                 neigh->type = RTN_LOCAL;
336                 } else if (dev->flags&IFF_POINTOPOINT) {
337                         neigh->nud_state = NUD_NOARP;
338                         memcpy(neigh->ha, dev->broadcast, dev->addr_len);
339                 }
340                 if (dev->header_ops->cache)
341                         neigh->ops = &ndisc_hh_ops;
342                 else
343                         neigh->ops = &ndisc_generic_ops;
344                 if (neigh->nud_state&NUD_VALID)
345                         neigh->output = neigh->ops->connected_output;
346                 else
347                         neigh->output = neigh->ops->output;
348         }
349         in6_dev_put(in6_dev);
350         return 0;
351 }
352
353 static int pndisc_constructor(struct pneigh_entry *n)
354 {
355         struct in6_addr *addr = (struct in6_addr *)&n->key;
356         struct in6_addr maddr;
357         struct net_device *dev = n->dev;
358
359         if (!dev || !__in6_dev_get(dev))
360                 return -EINVAL;
361         addrconf_addr_solict_mult(addr, &maddr);
362         ipv6_dev_mc_inc(dev, &maddr);
363         return 0;
364 }
365
366 static void pndisc_destructor(struct pneigh_entry *n)
367 {
368         struct in6_addr *addr = (struct in6_addr *)&n->key;
369         struct in6_addr maddr;
370         struct net_device *dev = n->dev;
371
372         if (!dev || !__in6_dev_get(dev))
373                 return;
374         addrconf_addr_solict_mult(addr, &maddr);
375         ipv6_dev_mc_dec(dev, &maddr);
376 }
377
378 static struct sk_buff *ndisc_alloc_skb(struct net_device *dev,
379                                        int len)
380 {
381         int hlen = LL_RESERVED_SPACE(dev);
382         int tlen = dev->needed_tailroom;
383         struct sock *sk = dev_net(dev)->ipv6.ndisc_sk;
384         struct sk_buff *skb;
385
386         skb = alloc_skb(hlen + sizeof(struct ipv6hdr) + len + tlen, GFP_ATOMIC);
387         if (!skb) {
388                 ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb\n",
389                           __func__);
390                 return NULL;
391         }
392
393         skb->protocol = htons(ETH_P_IPV6);
394         skb->dev = dev;
395
396         skb_reserve(skb, hlen + sizeof(struct ipv6hdr));
397         skb_reset_transport_header(skb);
398
399         /* Manually assign socket ownership as we avoid calling
400          * sock_alloc_send_pskb() to bypass wmem buffer limits
401          */
402         skb_set_owner_w(skb, sk);
403
404         return skb;
405 }
406
407 static void ip6_nd_hdr(struct sk_buff *skb,
408                        const struct in6_addr *saddr,
409                        const struct in6_addr *daddr,
410                        int hop_limit, int len)
411 {
412         struct ipv6hdr *hdr;
413
414         skb_push(skb, sizeof(*hdr));
415         skb_reset_network_header(skb);
416         hdr = ipv6_hdr(skb);
417
418         ip6_flow_hdr(hdr, 0, 0);
419
420         hdr->payload_len = htons(len);
421         hdr->nexthdr = IPPROTO_ICMPV6;
422         hdr->hop_limit = hop_limit;
423
424         hdr->saddr = *saddr;
425         hdr->daddr = *daddr;
426 }
427
428 static void ndisc_send_skb(struct sk_buff *skb,
429                            const struct in6_addr *daddr,
430                            const struct in6_addr *saddr)
431 {
432         struct dst_entry *dst = skb_dst(skb);
433         struct net *net = dev_net(skb->dev);
434         struct sock *sk = net->ipv6.ndisc_sk;
435         struct inet6_dev *idev;
436         int err;
437         struct icmp6hdr *icmp6h = icmp6_hdr(skb);
438         u8 type;
439
440         type = icmp6h->icmp6_type;
441
442         if (!dst) {
443                 struct flowi6 fl6;
444
445                 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, skb->dev->ifindex);
446                 dst = icmp6_dst_alloc(skb->dev, &fl6);
447                 if (IS_ERR(dst)) {
448                         kfree_skb(skb);
449                         return;
450                 }
451
452                 skb_dst_set(skb, dst);
453         }
454
455         icmp6h->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len,
456                                               IPPROTO_ICMPV6,
457                                               csum_partial(icmp6h,
458                                                            skb->len, 0));
459
460         ip6_nd_hdr(skb, saddr, daddr, inet6_sk(sk)->hop_limit, skb->len);
461
462         rcu_read_lock();
463         idev = __in6_dev_get(dst->dev);
464         IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
465
466         err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, sk, skb,
467                       NULL, dst->dev,
468                       dst_output_sk);
469         if (!err) {
470                 ICMP6MSGOUT_INC_STATS(net, idev, type);
471                 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
472         }
473
474         rcu_read_unlock();
475 }
476
477 void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
478                    const struct in6_addr *daddr,
479                    const struct in6_addr *solicited_addr,
480                    bool router, bool solicited, bool override, bool inc_opt)
481 {
482         struct sk_buff *skb;
483         struct in6_addr tmpaddr;
484         struct inet6_ifaddr *ifp;
485         const struct in6_addr *src_addr;
486         struct nd_msg *msg;
487         int optlen = 0;
488
489         /* for anycast or proxy, solicited_addr != src_addr */
490         ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
491         if (ifp) {
492                 src_addr = solicited_addr;
493                 if (ifp->flags & IFA_F_OPTIMISTIC)
494                         override = false;
495                 inc_opt |= ifp->idev->cnf.force_tllao;
496                 in6_ifa_put(ifp);
497         } else {
498                 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
499                                        inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
500                                        &tmpaddr))
501                         return;
502                 src_addr = &tmpaddr;
503         }
504
505         if (!dev->addr_len)
506                 inc_opt = 0;
507         if (inc_opt)
508                 optlen += ndisc_opt_addr_space(dev);
509
510         skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
511         if (!skb)
512                 return;
513
514         msg = (struct nd_msg *)skb_put(skb, sizeof(*msg));
515         *msg = (struct nd_msg) {
516                 .icmph = {
517                         .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
518                         .icmp6_router = router,
519                         .icmp6_solicited = solicited,
520                         .icmp6_override = override,
521                 },
522                 .target = *solicited_addr,
523         };
524
525         if (inc_opt)
526                 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR,
527                                        dev->dev_addr);
528
529
530         ndisc_send_skb(skb, daddr, src_addr);
531 }
532
533 static void ndisc_send_unsol_na(struct net_device *dev)
534 {
535         struct inet6_dev *idev;
536         struct inet6_ifaddr *ifa;
537
538         idev = in6_dev_get(dev);
539         if (!idev)
540                 return;
541
542         read_lock_bh(&idev->lock);
543         list_for_each_entry(ifa, &idev->addr_list, if_list) {
544                 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &ifa->addr,
545                               /*router=*/ !!idev->cnf.forwarding,
546                               /*solicited=*/ false, /*override=*/ true,
547                               /*inc_opt=*/ true);
548         }
549         read_unlock_bh(&idev->lock);
550
551         in6_dev_put(idev);
552 }
553
554 void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh,
555                    const struct in6_addr *solicit,
556                    const struct in6_addr *daddr, const struct in6_addr *saddr)
557 {
558         struct sk_buff *skb;
559         struct in6_addr addr_buf;
560         int inc_opt = dev->addr_len;
561         int optlen = 0;
562         struct nd_msg *msg;
563
564         if (!saddr) {
565                 if (ipv6_get_lladdr(dev, &addr_buf,
566                                    (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
567                         return;
568                 saddr = &addr_buf;
569         }
570
571         if (ipv6_addr_any(saddr))
572                 inc_opt = false;
573         if (inc_opt)
574                 optlen += ndisc_opt_addr_space(dev);
575
576         skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
577         if (!skb)
578                 return;
579
580         msg = (struct nd_msg *)skb_put(skb, sizeof(*msg));
581         *msg = (struct nd_msg) {
582                 .icmph = {
583                         .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
584                 },
585                 .target = *solicit,
586         };
587
588         if (inc_opt)
589                 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
590                                        dev->dev_addr);
591
592         ndisc_send_skb(skb, daddr, saddr);
593 }
594
595 void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
596                    const struct in6_addr *daddr)
597 {
598         struct sk_buff *skb;
599         struct rs_msg *msg;
600         int send_sllao = dev->addr_len;
601         int optlen = 0;
602
603 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
604         /*
605          * According to section 2.2 of RFC 4429, we must not
606          * send router solicitations with a sllao from
607          * optimistic addresses, but we may send the solicitation
608          * if we don't include the sllao.  So here we check
609          * if our address is optimistic, and if so, we
610          * suppress the inclusion of the sllao.
611          */
612         if (send_sllao) {
613                 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
614                                                            dev, 1);
615                 if (ifp) {
616                         if (ifp->flags & IFA_F_OPTIMISTIC)  {
617                                 send_sllao = 0;
618                         }
619                         in6_ifa_put(ifp);
620                 } else {
621                         send_sllao = 0;
622                 }
623         }
624 #endif
625         if (send_sllao)
626                 optlen += ndisc_opt_addr_space(dev);
627
628         skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
629         if (!skb)
630                 return;
631
632         msg = (struct rs_msg *)skb_put(skb, sizeof(*msg));
633         *msg = (struct rs_msg) {
634                 .icmph = {
635                         .icmp6_type = NDISC_ROUTER_SOLICITATION,
636                 },
637         };
638
639         if (send_sllao)
640                 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
641                                        dev->dev_addr);
642
643         ndisc_send_skb(skb, daddr, saddr);
644 }
645
646
647 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
648 {
649         /*
650          *      "The sender MUST return an ICMP
651          *       destination unreachable"
652          */
653         dst_link_failure(skb);
654         kfree_skb(skb);
655 }
656
657 /* Called with locked neigh: either read or both */
658
659 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
660 {
661         struct in6_addr *saddr = NULL;
662         struct in6_addr mcaddr;
663         struct net_device *dev = neigh->dev;
664         struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
665         int probes = atomic_read(&neigh->probes);
666
667         if (skb && ipv6_chk_addr_and_flags(dev_net(dev), &ipv6_hdr(skb)->saddr,
668                                            dev, 1,
669                                            IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))
670                 saddr = &ipv6_hdr(skb)->saddr;
671         probes -= NEIGH_VAR(neigh->parms, UCAST_PROBES);
672         if (probes < 0) {
673                 if (!(neigh->nud_state & NUD_VALID)) {
674                         ND_PRINTK(1, dbg,
675                                   "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
676                                   __func__, target);
677                 }
678                 ndisc_send_ns(dev, neigh, target, target, saddr);
679         } else if ((probes -= NEIGH_VAR(neigh->parms, APP_PROBES)) < 0) {
680                 neigh_app_ns(neigh);
681         } else {
682                 addrconf_addr_solict_mult(target, &mcaddr);
683                 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr);
684         }
685 }
686
687 static int pndisc_is_router(const void *pkey,
688                             struct net_device *dev)
689 {
690         struct pneigh_entry *n;
691         int ret = -1;
692
693         read_lock_bh(&nd_tbl.lock);
694         n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
695         if (n)
696                 ret = !!(n->flags & NTF_ROUTER);
697         read_unlock_bh(&nd_tbl.lock);
698
699         return ret;
700 }
701
702 static void ndisc_recv_ns(struct sk_buff *skb)
703 {
704         struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
705         const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
706         const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
707         u8 *lladdr = NULL;
708         u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
709                                     offsetof(struct nd_msg, opt));
710         struct ndisc_options ndopts;
711         struct net_device *dev = skb->dev;
712         struct inet6_ifaddr *ifp;
713         struct inet6_dev *idev = NULL;
714         struct neighbour *neigh;
715         int dad = ipv6_addr_any(saddr);
716         bool inc;
717         int is_router = -1;
718
719         if (skb->len < sizeof(struct nd_msg)) {
720                 ND_PRINTK(2, warn, "NS: packet too short\n");
721                 return;
722         }
723
724         if (ipv6_addr_is_multicast(&msg->target)) {
725                 ND_PRINTK(2, warn, "NS: multicast target address\n");
726                 return;
727         }
728
729         /*
730          * RFC2461 7.1.1:
731          * DAD has to be destined for solicited node multicast address.
732          */
733         if (dad && !ipv6_addr_is_solict_mult(daddr)) {
734                 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
735                 return;
736         }
737
738         if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
739                 ND_PRINTK(2, warn, "NS: invalid ND options\n");
740                 return;
741         }
742
743         if (ndopts.nd_opts_src_lladdr) {
744                 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
745                 if (!lladdr) {
746                         ND_PRINTK(2, warn,
747                                   "NS: invalid link-layer address length\n");
748                         return;
749                 }
750
751                 /* RFC2461 7.1.1:
752                  *      If the IP source address is the unspecified address,
753                  *      there MUST NOT be source link-layer address option
754                  *      in the message.
755                  */
756                 if (dad) {
757                         ND_PRINTK(2, warn,
758                                   "NS: bad DAD packet (link-layer address option)\n");
759                         return;
760                 }
761         }
762
763         inc = ipv6_addr_is_multicast(daddr);
764
765         ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
766         if (ifp) {
767
768                 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
769                         if (dad) {
770                                 /*
771                                  * We are colliding with another node
772                                  * who is doing DAD
773                                  * so fail our DAD process
774                                  */
775                                 addrconf_dad_failure(ifp);
776                                 return;
777                         } else {
778                                 /*
779                                  * This is not a dad solicitation.
780                                  * If we are an optimistic node,
781                                  * we should respond.
782                                  * Otherwise, we should ignore it.
783                                  */
784                                 if (!(ifp->flags & IFA_F_OPTIMISTIC))
785                                         goto out;
786                         }
787                 }
788
789                 idev = ifp->idev;
790         } else {
791                 struct net *net = dev_net(dev);
792
793                 idev = in6_dev_get(dev);
794                 if (!idev) {
795                         /* XXX: count this drop? */
796                         return;
797                 }
798
799                 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
800                     (idev->cnf.forwarding &&
801                      (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
802                      (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
803                         if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
804                             skb->pkt_type != PACKET_HOST &&
805                             inc &&
806                             NEIGH_VAR(idev->nd_parms, PROXY_DELAY) != 0) {
807                                 /*
808                                  * for anycast or proxy,
809                                  * sender should delay its response
810                                  * by a random time between 0 and
811                                  * MAX_ANYCAST_DELAY_TIME seconds.
812                                  * (RFC2461) -- yoshfuji
813                                  */
814                                 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
815                                 if (n)
816                                         pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
817                                 goto out;
818                         }
819                 } else
820                         goto out;
821         }
822
823         if (is_router < 0)
824                 is_router = idev->cnf.forwarding;
825
826         if (dad) {
827                 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &msg->target,
828                               !!is_router, false, (ifp != NULL), true);
829                 goto out;
830         }
831
832         if (inc)
833                 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
834         else
835                 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
836
837         /*
838          *      update / create cache entry
839          *      for the source address
840          */
841         neigh = __neigh_lookup(&nd_tbl, saddr, dev,
842                                !inc || lladdr || !dev->addr_len);
843         if (neigh)
844                 neigh_update(neigh, lladdr, NUD_STALE,
845                              NEIGH_UPDATE_F_WEAK_OVERRIDE|
846                              NEIGH_UPDATE_F_OVERRIDE);
847         if (neigh || !dev->header_ops) {
848                 ndisc_send_na(dev, neigh, saddr, &msg->target,
849                               !!is_router,
850                               true, (ifp != NULL && inc), inc);
851                 if (neigh)
852                         neigh_release(neigh);
853         }
854
855 out:
856         if (ifp)
857                 in6_ifa_put(ifp);
858         else
859                 in6_dev_put(idev);
860 }
861
862 static void ndisc_recv_na(struct sk_buff *skb)
863 {
864         struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
865         struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
866         const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
867         u8 *lladdr = NULL;
868         u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
869                                     offsetof(struct nd_msg, opt));
870         struct ndisc_options ndopts;
871         struct net_device *dev = skb->dev;
872         struct inet6_ifaddr *ifp;
873         struct neighbour *neigh;
874
875         if (skb->len < sizeof(struct nd_msg)) {
876                 ND_PRINTK(2, warn, "NA: packet too short\n");
877                 return;
878         }
879
880         if (ipv6_addr_is_multicast(&msg->target)) {
881                 ND_PRINTK(2, warn, "NA: target address is multicast\n");
882                 return;
883         }
884
885         if (ipv6_addr_is_multicast(daddr) &&
886             msg->icmph.icmp6_solicited) {
887                 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
888                 return;
889         }
890
891         if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
892                 ND_PRINTK(2, warn, "NS: invalid ND option\n");
893                 return;
894         }
895         if (ndopts.nd_opts_tgt_lladdr) {
896                 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
897                 if (!lladdr) {
898                         ND_PRINTK(2, warn,
899                                   "NA: invalid link-layer address length\n");
900                         return;
901                 }
902         }
903         ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
904         if (ifp) {
905                 if (skb->pkt_type != PACKET_LOOPBACK
906                     && (ifp->flags & IFA_F_TENTATIVE)) {
907                                 addrconf_dad_failure(ifp);
908                                 return;
909                 }
910                 /* What should we make now? The advertisement
911                    is invalid, but ndisc specs say nothing
912                    about it. It could be misconfiguration, or
913                    an smart proxy agent tries to help us :-)
914
915                    We should not print the error if NA has been
916                    received from loopback - it is just our own
917                    unsolicited advertisement.
918                  */
919                 if (skb->pkt_type != PACKET_LOOPBACK)
920                         ND_PRINTK(1, warn,
921                                   "NA: someone advertises our address %pI6 on %s!\n",
922                                   &ifp->addr, ifp->idev->dev->name);
923                 in6_ifa_put(ifp);
924                 return;
925         }
926         neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
927
928         if (neigh) {
929                 u8 old_flags = neigh->flags;
930                 struct net *net = dev_net(dev);
931
932                 if (neigh->nud_state & NUD_FAILED)
933                         goto out;
934
935                 /*
936                  * Don't update the neighbor cache entry on a proxy NA from
937                  * ourselves because either the proxied node is off link or it
938                  * has already sent a NA to us.
939                  */
940                 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
941                     net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
942                     pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
943                         /* XXX: idev->cnf.proxy_ndp */
944                         goto out;
945                 }
946
947                 neigh_update(neigh, lladdr,
948                              msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
949                              NEIGH_UPDATE_F_WEAK_OVERRIDE|
950                              (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
951                              NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
952                              (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0));
953
954                 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
955                         /*
956                          * Change: router to host
957                          */
958                         rt6_clean_tohost(dev_net(dev),  saddr);
959                 }
960
961 out:
962                 neigh_release(neigh);
963         }
964 }
965
966 static void ndisc_recv_rs(struct sk_buff *skb)
967 {
968         struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
969         unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
970         struct neighbour *neigh;
971         struct inet6_dev *idev;
972         const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
973         struct ndisc_options ndopts;
974         u8 *lladdr = NULL;
975
976         if (skb->len < sizeof(*rs_msg))
977                 return;
978
979         idev = __in6_dev_get(skb->dev);
980         if (!idev) {
981                 ND_PRINTK(1, err, "RS: can't find in6 device\n");
982                 return;
983         }
984
985         /* Don't accept RS if we're not in router mode */
986         if (!idev->cnf.forwarding)
987                 goto out;
988
989         /*
990          * Don't update NCE if src = ::;
991          * this implies that the source node has no ip address assigned yet.
992          */
993         if (ipv6_addr_any(saddr))
994                 goto out;
995
996         /* Parse ND options */
997         if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) {
998                 ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n");
999                 goto out;
1000         }
1001
1002         if (ndopts.nd_opts_src_lladdr) {
1003                 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1004                                              skb->dev);
1005                 if (!lladdr)
1006                         goto out;
1007         }
1008
1009         neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1010         if (neigh) {
1011                 neigh_update(neigh, lladdr, NUD_STALE,
1012                              NEIGH_UPDATE_F_WEAK_OVERRIDE|
1013                              NEIGH_UPDATE_F_OVERRIDE|
1014                              NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
1015                 neigh_release(neigh);
1016         }
1017 out:
1018         return;
1019 }
1020
1021 static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1022 {
1023         struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1024         struct sk_buff *skb;
1025         struct nlmsghdr *nlh;
1026         struct nduseroptmsg *ndmsg;
1027         struct net *net = dev_net(ra->dev);
1028         int err;
1029         int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1030                                     + (opt->nd_opt_len << 3));
1031         size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1032
1033         skb = nlmsg_new(msg_size, GFP_ATOMIC);
1034         if (!skb) {
1035                 err = -ENOBUFS;
1036                 goto errout;
1037         }
1038
1039         nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1040         if (!nlh) {
1041                 goto nla_put_failure;
1042         }
1043
1044         ndmsg = nlmsg_data(nlh);
1045         ndmsg->nduseropt_family = AF_INET6;
1046         ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1047         ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1048         ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1049         ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1050
1051         memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1052
1053         if (nla_put_in6_addr(skb, NDUSEROPT_SRCADDR, &ipv6_hdr(ra)->saddr))
1054                 goto nla_put_failure;
1055         nlmsg_end(skb, nlh);
1056
1057         rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1058         return;
1059
1060 nla_put_failure:
1061         nlmsg_free(skb);
1062         err = -EMSGSIZE;
1063 errout:
1064         rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1065 }
1066
1067 static void ndisc_router_discovery(struct sk_buff *skb)
1068 {
1069         struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1070         struct neighbour *neigh = NULL;
1071         struct inet6_dev *in6_dev;
1072         struct rt6_info *rt = NULL;
1073         int lifetime;
1074         struct ndisc_options ndopts;
1075         int optlen;
1076         unsigned int pref = 0;
1077
1078         __u8 *opt = (__u8 *)(ra_msg + 1);
1079
1080         optlen = (skb_tail_pointer(skb) - skb_transport_header(skb)) -
1081                 sizeof(struct ra_msg);
1082
1083         ND_PRINTK(2, info,
1084                   "RA: %s, dev: %s\n",
1085                   __func__, skb->dev->name);
1086         if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1087                 ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1088                 return;
1089         }
1090         if (optlen < 0) {
1091                 ND_PRINTK(2, warn, "RA: packet too short\n");
1092                 return;
1093         }
1094
1095 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1096         if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1097                 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
1098                 return;
1099         }
1100 #endif
1101
1102         /*
1103          *      set the RA_RECV flag in the interface
1104          */
1105
1106         in6_dev = __in6_dev_get(skb->dev);
1107         if (!in6_dev) {
1108                 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1109                           skb->dev->name);
1110                 return;
1111         }
1112
1113         if (!ndisc_parse_options(opt, optlen, &ndopts)) {
1114                 ND_PRINTK(2, warn, "RA: invalid ND options\n");
1115                 return;
1116         }
1117
1118         if (!ipv6_accept_ra(in6_dev)) {
1119                 ND_PRINTK(2, info,
1120                           "RA: %s, did not accept ra for dev: %s\n",
1121                           __func__, skb->dev->name);
1122                 goto skip_linkparms;
1123         }
1124
1125 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1126         /* skip link-specific parameters from interior routers */
1127         if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1128                 ND_PRINTK(2, info,
1129                           "RA: %s, nodetype is NODEFAULT, dev: %s\n",
1130                           __func__, skb->dev->name);
1131                 goto skip_linkparms;
1132         }
1133 #endif
1134
1135         if (in6_dev->if_flags & IF_RS_SENT) {
1136                 /*
1137                  *      flag that an RA was received after an RS was sent
1138                  *      out on this interface.
1139                  */
1140                 in6_dev->if_flags |= IF_RA_RCVD;
1141         }
1142
1143         /*
1144          * Remember the managed/otherconf flags from most recently
1145          * received RA message (RFC 2462) -- yoshfuji
1146          */
1147         in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1148                                 IF_RA_OTHERCONF)) |
1149                                 (ra_msg->icmph.icmp6_addrconf_managed ?
1150                                         IF_RA_MANAGED : 0) |
1151                                 (ra_msg->icmph.icmp6_addrconf_other ?
1152                                         IF_RA_OTHERCONF : 0);
1153
1154         if (!in6_dev->cnf.accept_ra_defrtr) {
1155                 ND_PRINTK(2, info,
1156                           "RA: %s, defrtr is false for dev: %s\n",
1157                           __func__, skb->dev->name);
1158                 goto skip_defrtr;
1159         }
1160
1161         /* Do not accept RA with source-addr found on local machine unless
1162          * accept_ra_from_local is set to true.
1163          */
1164         if (!in6_dev->cnf.accept_ra_from_local &&
1165             ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
1166                           NULL, 0)) {
1167                 ND_PRINTK(2, info,
1168                           "RA from local address detected on dev: %s: default router ignored\n",
1169                           skb->dev->name);
1170                 goto skip_defrtr;
1171         }
1172
1173         lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1174
1175 #ifdef CONFIG_IPV6_ROUTER_PREF
1176         pref = ra_msg->icmph.icmp6_router_pref;
1177         /* 10b is handled as if it were 00b (medium) */
1178         if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1179             !in6_dev->cnf.accept_ra_rtr_pref)
1180                 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1181 #endif
1182
1183         rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1184
1185         if (rt) {
1186                 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1187                 if (!neigh) {
1188                         ND_PRINTK(0, err,
1189                                   "RA: %s got default router without neighbour\n",
1190                                   __func__);
1191                         ip6_rt_put(rt);
1192                         return;
1193                 }
1194         }
1195         if (rt && lifetime == 0) {
1196                 ip6_del_rt(rt);
1197                 rt = NULL;
1198         }
1199
1200         ND_PRINTK(3, info, "RA: rt: %p  lifetime: %d, for dev: %s\n",
1201                   rt, lifetime, skb->dev->name);
1202         if (!rt && lifetime) {
1203                 ND_PRINTK(3, info, "RA: adding default router\n");
1204
1205                 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
1206                 if (!rt) {
1207                         ND_PRINTK(0, err,
1208                                   "RA: %s failed to add default route\n",
1209                                   __func__);
1210                         return;
1211                 }
1212
1213                 neigh = dst_neigh_lookup(&rt->dst, &ipv6_hdr(skb)->saddr);
1214                 if (!neigh) {
1215                         ND_PRINTK(0, err,
1216                                   "RA: %s got default router without neighbour\n",
1217                                   __func__);
1218                         ip6_rt_put(rt);
1219                         return;
1220                 }
1221                 neigh->flags |= NTF_ROUTER;
1222         } else if (rt) {
1223                 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1224         }
1225
1226         if (rt)
1227                 rt6_set_expires(rt, jiffies + (HZ * lifetime));
1228         if (ra_msg->icmph.icmp6_hop_limit) {
1229                 /* Only set hop_limit on the interface if it is higher than
1230                  * the current hop_limit.
1231                  */
1232                 if (in6_dev->cnf.hop_limit < ra_msg->icmph.icmp6_hop_limit) {
1233                         in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1234                 } else {
1235                         ND_PRINTK(2, warn, "RA: Got route advertisement with lower hop_limit than current\n");
1236                 }
1237                 if (rt)
1238                         dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
1239                                        ra_msg->icmph.icmp6_hop_limit);
1240         }
1241
1242 skip_defrtr:
1243
1244         /*
1245          *      Update Reachable Time and Retrans Timer
1246          */
1247
1248         if (in6_dev->nd_parms) {
1249                 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1250
1251                 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1252                         rtime = (rtime*HZ)/1000;
1253                         if (rtime < HZ/10)
1254                                 rtime = HZ/10;
1255                         NEIGH_VAR_SET(in6_dev->nd_parms, RETRANS_TIME, rtime);
1256                         in6_dev->tstamp = jiffies;
1257                         inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1258                 }
1259
1260                 rtime = ntohl(ra_msg->reachable_time);
1261                 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1262                         rtime = (rtime*HZ)/1000;
1263
1264                         if (rtime < HZ/10)
1265                                 rtime = HZ/10;
1266
1267                         if (rtime != NEIGH_VAR(in6_dev->nd_parms, BASE_REACHABLE_TIME)) {
1268                                 NEIGH_VAR_SET(in6_dev->nd_parms,
1269                                               BASE_REACHABLE_TIME, rtime);
1270                                 NEIGH_VAR_SET(in6_dev->nd_parms,
1271                                               GC_STALETIME, 3 * rtime);
1272                                 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1273                                 in6_dev->tstamp = jiffies;
1274                                 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1275                         }
1276                 }
1277         }
1278
1279 skip_linkparms:
1280
1281         /*
1282          *      Process options.
1283          */
1284
1285         if (!neigh)
1286                 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1287                                        skb->dev, 1);
1288         if (neigh) {
1289                 u8 *lladdr = NULL;
1290                 if (ndopts.nd_opts_src_lladdr) {
1291                         lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1292                                                      skb->dev);
1293                         if (!lladdr) {
1294                                 ND_PRINTK(2, warn,
1295                                           "RA: invalid link-layer address length\n");
1296                                 goto out;
1297                         }
1298                 }
1299                 neigh_update(neigh, lladdr, NUD_STALE,
1300                              NEIGH_UPDATE_F_WEAK_OVERRIDE|
1301                              NEIGH_UPDATE_F_OVERRIDE|
1302                              NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1303                              NEIGH_UPDATE_F_ISROUTER);
1304         }
1305
1306         if (!ipv6_accept_ra(in6_dev)) {
1307                 ND_PRINTK(2, info,
1308                           "RA: %s, accept_ra is false for dev: %s\n",
1309                           __func__, skb->dev->name);
1310                 goto out;
1311         }
1312
1313 #ifdef CONFIG_IPV6_ROUTE_INFO
1314         if (!in6_dev->cnf.accept_ra_from_local &&
1315             ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
1316                           NULL, 0)) {
1317                 ND_PRINTK(2, info,
1318                           "RA from local address detected on dev: %s: router info ignored.\n",
1319                           skb->dev->name);
1320                 goto skip_routeinfo;
1321         }
1322
1323         if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1324                 struct nd_opt_hdr *p;
1325                 for (p = ndopts.nd_opts_ri;
1326                      p;
1327                      p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1328                         struct route_info *ri = (struct route_info *)p;
1329 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1330                         if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1331                             ri->prefix_len == 0)
1332                                 continue;
1333 #endif
1334                         if (ri->prefix_len == 0 &&
1335                             !in6_dev->cnf.accept_ra_defrtr)
1336                                 continue;
1337                         if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1338                                 continue;
1339                         rt6_route_rcv(skb->dev, (u8 *)p, (p->nd_opt_len) << 3,
1340                                       &ipv6_hdr(skb)->saddr);
1341                 }
1342         }
1343
1344 skip_routeinfo:
1345 #endif
1346
1347 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1348         /* skip link-specific ndopts from interior routers */
1349         if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1350                 ND_PRINTK(2, info,
1351                           "RA: %s, nodetype is NODEFAULT (interior routes), dev: %s\n",
1352                           __func__, skb->dev->name);
1353                 goto out;
1354         }
1355 #endif
1356
1357         if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1358                 struct nd_opt_hdr *p;
1359                 for (p = ndopts.nd_opts_pi;
1360                      p;
1361                      p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1362                         addrconf_prefix_rcv(skb->dev, (u8 *)p,
1363                                             (p->nd_opt_len) << 3,
1364                                             ndopts.nd_opts_src_lladdr != NULL);
1365                 }
1366         }
1367
1368         if (ndopts.nd_opts_mtu && in6_dev->cnf.accept_ra_mtu) {
1369                 __be32 n;
1370                 u32 mtu;
1371
1372                 memcpy(&n, ((u8 *)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1373                 mtu = ntohl(n);
1374
1375                 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1376                         ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1377                 } else if (in6_dev->cnf.mtu6 != mtu) {
1378                         in6_dev->cnf.mtu6 = mtu;
1379
1380                         if (rt)
1381                                 dst_metric_set(&rt->dst, RTAX_MTU, mtu);
1382
1383                         rt6_mtu_change(skb->dev, mtu);
1384                 }
1385         }
1386
1387         if (ndopts.nd_useropts) {
1388                 struct nd_opt_hdr *p;
1389                 for (p = ndopts.nd_useropts;
1390                      p;
1391                      p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) {
1392                         ndisc_ra_useropt(skb, p);
1393                 }
1394         }
1395
1396         if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1397                 ND_PRINTK(2, warn, "RA: invalid RA options\n");
1398         }
1399 out:
1400         ip6_rt_put(rt);
1401         if (neigh)
1402                 neigh_release(neigh);
1403 }
1404
1405 static void ndisc_redirect_rcv(struct sk_buff *skb)
1406 {
1407         u8 *hdr;
1408         struct ndisc_options ndopts;
1409         struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb);
1410         u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
1411                                     offsetof(struct rd_msg, opt));
1412
1413 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1414         switch (skb->ndisc_nodetype) {
1415         case NDISC_NODETYPE_HOST:
1416         case NDISC_NODETYPE_NODEFAULT:
1417                 ND_PRINTK(2, warn,
1418                           "Redirect: from host or unauthorized router\n");
1419                 return;
1420         }
1421 #endif
1422
1423         if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1424                 ND_PRINTK(2, warn,
1425                           "Redirect: source address is not link-local\n");
1426                 return;
1427         }
1428
1429         if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts))
1430                 return;
1431
1432         if (!ndopts.nd_opts_rh) {
1433                 ip6_redirect_no_header(skb, dev_net(skb->dev),
1434                                         skb->dev->ifindex, 0);
1435                 return;
1436         }
1437
1438         hdr = (u8 *)ndopts.nd_opts_rh;
1439         hdr += 8;
1440         if (!pskb_pull(skb, hdr - skb_transport_header(skb)))
1441                 return;
1442
1443         icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1444 }
1445
1446 static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb,
1447                                            struct sk_buff *orig_skb,
1448                                            int rd_len)
1449 {
1450         u8 *opt = skb_put(skb, rd_len);
1451
1452         memset(opt, 0, 8);
1453         *(opt++) = ND_OPT_REDIRECT_HDR;
1454         *(opt++) = (rd_len >> 3);
1455         opt += 6;
1456
1457         memcpy(opt, ipv6_hdr(orig_skb), rd_len - 8);
1458 }
1459
1460 void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1461 {
1462         struct net_device *dev = skb->dev;
1463         struct net *net = dev_net(dev);
1464         struct sock *sk = net->ipv6.ndisc_sk;
1465         int optlen = 0;
1466         struct inet_peer *peer;
1467         struct sk_buff *buff;
1468         struct rd_msg *msg;
1469         struct in6_addr saddr_buf;
1470         struct rt6_info *rt;
1471         struct dst_entry *dst;
1472         struct flowi6 fl6;
1473         int rd_len;
1474         u8 ha_buf[MAX_ADDR_LEN], *ha = NULL;
1475         bool ret;
1476
1477         if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1478                 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1479                           dev->name);
1480                 return;
1481         }
1482
1483         if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1484             ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1485                 ND_PRINTK(2, warn,
1486                           "Redirect: target address is not link-local unicast\n");
1487                 return;
1488         }
1489
1490         icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1491                          &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1492
1493         dst = ip6_route_output(net, NULL, &fl6);
1494         if (dst->error) {
1495                 dst_release(dst);
1496                 return;
1497         }
1498         dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1499         if (IS_ERR(dst))
1500                 return;
1501
1502         rt = (struct rt6_info *) dst;
1503
1504         if (rt->rt6i_flags & RTF_GATEWAY) {
1505                 ND_PRINTK(2, warn,
1506                           "Redirect: destination is not a neighbour\n");
1507                 goto release;
1508         }
1509         peer = inet_getpeer_v6(net->ipv6.peers, &ipv6_hdr(skb)->saddr, 1);
1510         ret = inet_peer_xrlim_allow(peer, 1*HZ);
1511         if (peer)
1512                 inet_putpeer(peer);
1513         if (!ret)
1514                 goto release;
1515
1516         if (dev->addr_len) {
1517                 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1518                 if (!neigh) {
1519                         ND_PRINTK(2, warn,
1520                                   "Redirect: no neigh for target address\n");
1521                         goto release;
1522                 }
1523
1524                 read_lock_bh(&neigh->lock);
1525                 if (neigh->nud_state & NUD_VALID) {
1526                         memcpy(ha_buf, neigh->ha, dev->addr_len);
1527                         read_unlock_bh(&neigh->lock);
1528                         ha = ha_buf;
1529                         optlen += ndisc_opt_addr_space(dev);
1530                 } else
1531                         read_unlock_bh(&neigh->lock);
1532
1533                 neigh_release(neigh);
1534         }
1535
1536         rd_len = min_t(unsigned int,
1537                        IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen,
1538                        skb->len + 8);
1539         rd_len &= ~0x7;
1540         optlen += rd_len;
1541
1542         buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
1543         if (!buff)
1544                 goto release;
1545
1546         msg = (struct rd_msg *)skb_put(buff, sizeof(*msg));
1547         *msg = (struct rd_msg) {
1548                 .icmph = {
1549                         .icmp6_type = NDISC_REDIRECT,
1550                 },
1551                 .target = *target,
1552                 .dest = ipv6_hdr(skb)->daddr,
1553         };
1554
1555         /*
1556          *      include target_address option
1557          */
1558
1559         if (ha)
1560                 ndisc_fill_addr_option(buff, ND_OPT_TARGET_LL_ADDR, ha);
1561
1562         /*
1563          *      build redirect option and copy skb over to the new packet.
1564          */
1565
1566         if (rd_len)
1567                 ndisc_fill_redirect_hdr_option(buff, skb, rd_len);
1568
1569         skb_dst_set(buff, dst);
1570         ndisc_send_skb(buff, &ipv6_hdr(skb)->saddr, &saddr_buf);
1571         return;
1572
1573 release:
1574         dst_release(dst);
1575 }
1576
1577 static void pndisc_redo(struct sk_buff *skb)
1578 {
1579         ndisc_recv_ns(skb);
1580         kfree_skb(skb);
1581 }
1582
1583 static bool ndisc_suppress_frag_ndisc(struct sk_buff *skb)
1584 {
1585         struct inet6_dev *idev = __in6_dev_get(skb->dev);
1586
1587         if (!idev)
1588                 return true;
1589         if (IP6CB(skb)->flags & IP6SKB_FRAGMENTED &&
1590             idev->cnf.suppress_frag_ndisc) {
1591                 net_warn_ratelimited("Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.\n");
1592                 return true;
1593         }
1594         return false;
1595 }
1596
1597 int ndisc_rcv(struct sk_buff *skb)
1598 {
1599         struct nd_msg *msg;
1600
1601         if (ndisc_suppress_frag_ndisc(skb))
1602                 return 0;
1603
1604         if (skb_linearize(skb))
1605                 return 0;
1606
1607         msg = (struct nd_msg *)skb_transport_header(skb);
1608
1609         __skb_push(skb, skb->data - skb_transport_header(skb));
1610
1611         if (ipv6_hdr(skb)->hop_limit != 255) {
1612                 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1613                           ipv6_hdr(skb)->hop_limit);
1614                 return 0;
1615         }
1616
1617         if (msg->icmph.icmp6_code != 0) {
1618                 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1619                           msg->icmph.icmp6_code);
1620                 return 0;
1621         }
1622
1623         memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1624
1625         switch (msg->icmph.icmp6_type) {
1626         case NDISC_NEIGHBOUR_SOLICITATION:
1627                 ndisc_recv_ns(skb);
1628                 break;
1629
1630         case NDISC_NEIGHBOUR_ADVERTISEMENT:
1631                 ndisc_recv_na(skb);
1632                 break;
1633
1634         case NDISC_ROUTER_SOLICITATION:
1635                 ndisc_recv_rs(skb);
1636                 break;
1637
1638         case NDISC_ROUTER_ADVERTISEMENT:
1639                 ndisc_router_discovery(skb);
1640                 break;
1641
1642         case NDISC_REDIRECT:
1643                 ndisc_redirect_rcv(skb);
1644                 break;
1645         }
1646
1647         return 0;
1648 }
1649
1650 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1651 {
1652         struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1653         struct net *net = dev_net(dev);
1654         struct inet6_dev *idev;
1655
1656         switch (event) {
1657         case NETDEV_CHANGEADDR:
1658                 neigh_changeaddr(&nd_tbl, dev);
1659                 fib6_run_gc(0, net, false);
1660                 idev = in6_dev_get(dev);
1661                 if (!idev)
1662                         break;
1663                 if (idev->cnf.ndisc_notify)
1664                         ndisc_send_unsol_na(dev);
1665                 in6_dev_put(idev);
1666                 break;
1667         case NETDEV_DOWN:
1668                 neigh_ifdown(&nd_tbl, dev);
1669                 fib6_run_gc(0, net, false);
1670                 break;
1671         case NETDEV_NOTIFY_PEERS:
1672                 ndisc_send_unsol_na(dev);
1673                 break;
1674         default:
1675                 break;
1676         }
1677
1678         return NOTIFY_DONE;
1679 }
1680
1681 static struct notifier_block ndisc_netdev_notifier = {
1682         .notifier_call = ndisc_netdev_event,
1683 };
1684
1685 #ifdef CONFIG_SYSCTL
1686 static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1687                                          const char *func, const char *dev_name)
1688 {
1689         static char warncomm[TASK_COMM_LEN];
1690         static int warned;
1691         if (strcmp(warncomm, current->comm) && warned < 5) {
1692                 strcpy(warncomm, current->comm);
1693                 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1694                         warncomm, func,
1695                         dev_name, ctl->procname,
1696                         dev_name, ctl->procname);
1697                 warned++;
1698         }
1699 }
1700
1701 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
1702 {
1703         struct net_device *dev = ctl->extra1;
1704         struct inet6_dev *idev;
1705         int ret;
1706
1707         if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1708             (strcmp(ctl->procname, "base_reachable_time") == 0))
1709                 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1710
1711         if (strcmp(ctl->procname, "retrans_time") == 0)
1712                 ret = neigh_proc_dointvec(ctl, write, buffer, lenp, ppos);
1713
1714         else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1715                 ret = neigh_proc_dointvec_jiffies(ctl, write,
1716                                                   buffer, lenp, ppos);
1717
1718         else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1719                  (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1720                 ret = neigh_proc_dointvec_ms_jiffies(ctl, write,
1721                                                      buffer, lenp, ppos);
1722         else
1723                 ret = -1;
1724
1725         if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1726                 if (ctl->data == &NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME))
1727                         idev->nd_parms->reachable_time =
1728                                         neigh_rand_reach_time(NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME));
1729                 idev->tstamp = jiffies;
1730                 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1731                 in6_dev_put(idev);
1732         }
1733         return ret;
1734 }
1735
1736
1737 #endif
1738
1739 static int __net_init ndisc_net_init(struct net *net)
1740 {
1741         struct ipv6_pinfo *np;
1742         struct sock *sk;
1743         int err;
1744
1745         err = inet_ctl_sock_create(&sk, PF_INET6,
1746                                    SOCK_RAW, IPPROTO_ICMPV6, net);
1747         if (err < 0) {
1748                 ND_PRINTK(0, err,
1749                           "NDISC: Failed to initialize the control socket (err %d)\n",
1750                           err);
1751                 return err;
1752         }
1753
1754         net->ipv6.ndisc_sk = sk;
1755
1756         np = inet6_sk(sk);
1757         np->hop_limit = 255;
1758         /* Do not loopback ndisc messages */
1759         np->mc_loop = 0;
1760
1761         return 0;
1762 }
1763
1764 static void __net_exit ndisc_net_exit(struct net *net)
1765 {
1766         inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1767 }
1768
1769 static struct pernet_operations ndisc_net_ops = {
1770         .init = ndisc_net_init,
1771         .exit = ndisc_net_exit,
1772 };
1773
1774 int __init ndisc_init(void)
1775 {
1776         int err;
1777
1778         err = register_pernet_subsys(&ndisc_net_ops);
1779         if (err)
1780                 return err;
1781         /*
1782          * Initialize the neighbour table
1783          */
1784         neigh_table_init(NEIGH_ND_TABLE, &nd_tbl);
1785
1786 #ifdef CONFIG_SYSCTL
1787         err = neigh_sysctl_register(NULL, &nd_tbl.parms,
1788                                     ndisc_ifinfo_sysctl_change);
1789         if (err)
1790                 goto out_unregister_pernet;
1791 out:
1792 #endif
1793         return err;
1794
1795 #ifdef CONFIG_SYSCTL
1796 out_unregister_pernet:
1797         unregister_pernet_subsys(&ndisc_net_ops);
1798         goto out;
1799 #endif
1800 }
1801
1802 int __init ndisc_late_init(void)
1803 {
1804         return register_netdevice_notifier(&ndisc_netdev_notifier);
1805 }
1806
1807 void ndisc_late_cleanup(void)
1808 {
1809         unregister_netdevice_notifier(&ndisc_netdev_notifier);
1810 }
1811
1812 void ndisc_cleanup(void)
1813 {
1814 #ifdef CONFIG_SYSCTL
1815         neigh_sysctl_unregister(&nd_tbl.parms);
1816 #endif
1817         neigh_table_clear(NEIGH_ND_TABLE, &nd_tbl);
1818         unregister_pernet_subsys(&ndisc_net_ops);
1819 }