root/net/ipv6/ndisc.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. __ndisc_fill_addr_option
  2. ndisc_fill_addr_option
  3. ndisc_fill_redirect_addr_option
  4. ndisc_next_option
  5. ndisc_is_useropt
  6. ndisc_next_useropt
  7. ndisc_parse_options
  8. ndisc_mc_map
  9. ndisc_hash
  10. ndisc_key_eq
  11. ndisc_constructor
  12. pndisc_constructor
  13. pndisc_destructor
  14. ndisc_allow_add
  15. ndisc_alloc_skb
  16. ip6_nd_hdr
  17. ndisc_send_skb
  18. ndisc_send_na
  19. ndisc_send_unsol_na
  20. ndisc_send_ns
  21. ndisc_send_rs
  22. ndisc_error_report
  23. ndisc_solicit
  24. pndisc_is_router
  25. ndisc_update
  26. ndisc_recv_ns
  27. ndisc_recv_na
  28. ndisc_recv_rs
  29. ndisc_ra_useropt
  30. ndisc_router_discovery
  31. ndisc_redirect_rcv
  32. ndisc_fill_redirect_hdr_option
  33. ndisc_send_redirect
  34. pndisc_redo
  35. ndisc_suppress_frag_ndisc
  36. ndisc_rcv
  37. ndisc_netdev_event
  38. ndisc_warn_deprecated_sysctl
  39. ndisc_ifinfo_sysctl_change
  40. ndisc_net_init
  41. ndisc_net_exit
  42. ndisc_init
  43. ndisc_late_init
  44. ndisc_late_cleanup
  45. ndisc_cleanup

   1 // SPDX-License-Identifier: GPL-2.0-or-later
   2 /*
   3  *      Neighbour Discovery for IPv6
   4  *      Linux INET6 implementation
   5  *
   6  *      Authors:
   7  *      Pedro Roque             <roque@di.fc.ul.pt>
   8  *      Mike Shaver             <shaver@ingenia.com>
   9  */
  10 
  11 /*
  12  *      Changes:
  13  *
  14  *      Alexey I. Froloff               :       RFC6106 (DNSSL) support
  15  *      Pierre Ynard                    :       export userland ND options
  16  *                                              through netlink (RDNSS support)
  17  *      Lars Fenneberg                  :       fixed MTU setting on receipt
  18  *                                              of an RA.
  19  *      Janos Farkas                    :       kmalloc failure checks
  20  *      Alexey Kuznetsov                :       state machine reworked
  21  *                                              and moved to net/core.
  22  *      Pekka Savola                    :       RFC2461 validation
  23  *      YOSHIFUJI Hideaki @USAGI        :       Verify ND options properly
  24  */
  25 
  26 #define pr_fmt(fmt) "ICMPv6: " fmt
  27 
  28 #include <linux/module.h>
  29 #include <linux/errno.h>
  30 #include <linux/types.h>
  31 #include <linux/socket.h>
  32 #include <linux/sockios.h>
  33 #include <linux/sched.h>
  34 #include <linux/net.h>
  35 #include <linux/in6.h>
  36 #include <linux/route.h>
  37 #include <linux/init.h>
  38 #include <linux/rcupdate.h>
  39 #include <linux/slab.h>
  40 #ifdef CONFIG_SYSCTL
  41 #include <linux/sysctl.h>
  42 #endif
  43 
  44 #include <linux/if_addr.h>
  45 #include <linux/if_ether.h>
  46 #include <linux/if_arp.h>
  47 #include <linux/ipv6.h>
  48 #include <linux/icmpv6.h>
  49 #include <linux/jhash.h>
  50 
  51 #include <net/sock.h>
  52 #include <net/snmp.h>
  53 
  54 #include <net/ipv6.h>
  55 #include <net/protocol.h>
  56 #include <net/ndisc.h>
  57 #include <net/ip6_route.h>
  58 #include <net/addrconf.h>
  59 #include <net/icmp.h>
  60 
  61 #include <net/netlink.h>
  62 #include <linux/rtnetlink.h>
  63 
  64 #include <net/flow.h>
  65 #include <net/ip6_checksum.h>
  66 #include <net/inet_common.h>
  67 #include <linux/proc_fs.h>
  68 
  69 #include <linux/netfilter.h>
  70 #include <linux/netfilter_ipv6.h>
  71 
  72 static u32 ndisc_hash(const void *pkey,
  73                       const struct net_device *dev,
  74                       __u32 *hash_rnd);
  75 static bool ndisc_key_eq(const struct neighbour *neigh, const void *pkey);
  76 static bool ndisc_allow_add(const struct net_device *dev,
  77                             struct netlink_ext_ack *extack);
  78 static int ndisc_constructor(struct neighbour *neigh);
  79 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
  80 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
  81 static int pndisc_constructor(struct pneigh_entry *n);
  82 static void pndisc_destructor(struct pneigh_entry *n);
  83 static void pndisc_redo(struct sk_buff *skb);
  84 
  85 static const struct neigh_ops ndisc_generic_ops = {
  86         .family =               AF_INET6,
  87         .solicit =              ndisc_solicit,
  88         .error_report =         ndisc_error_report,
  89         .output =               neigh_resolve_output,
  90         .connected_output =     neigh_connected_output,
  91 };
  92 
  93 static const struct neigh_ops ndisc_hh_ops = {
  94         .family =               AF_INET6,
  95         .solicit =              ndisc_solicit,
  96         .error_report =         ndisc_error_report,
  97         .output =               neigh_resolve_output,
  98         .connected_output =     neigh_resolve_output,
  99 };
 100 
 101 
 102 static const struct neigh_ops ndisc_direct_ops = {
 103         .family =               AF_INET6,
 104         .output =               neigh_direct_output,
 105         .connected_output =     neigh_direct_output,
 106 };
 107 
 108 struct neigh_table nd_tbl = {
 109         .family =       AF_INET6,
 110         .key_len =      sizeof(struct in6_addr),
 111         .protocol =     cpu_to_be16(ETH_P_IPV6),
 112         .hash =         ndisc_hash,
 113         .key_eq =       ndisc_key_eq,
 114         .constructor =  ndisc_constructor,
 115         .pconstructor = pndisc_constructor,
 116         .pdestructor =  pndisc_destructor,
 117         .proxy_redo =   pndisc_redo,
 118         .allow_add  =   ndisc_allow_add,
 119         .id =           "ndisc_cache",
 120         .parms = {
 121                 .tbl                    = &nd_tbl,
 122                 .reachable_time         = ND_REACHABLE_TIME,
 123                 .data = {
 124                         [NEIGH_VAR_MCAST_PROBES] = 3,
 125                         [NEIGH_VAR_UCAST_PROBES] = 3,
 126                         [NEIGH_VAR_RETRANS_TIME] = ND_RETRANS_TIMER,
 127                         [NEIGH_VAR_BASE_REACHABLE_TIME] = ND_REACHABLE_TIME,
 128                         [NEIGH_VAR_DELAY_PROBE_TIME] = 5 * HZ,
 129                         [NEIGH_VAR_GC_STALETIME] = 60 * HZ,
 130                         [NEIGH_VAR_QUEUE_LEN_BYTES] = SK_WMEM_MAX,
 131                         [NEIGH_VAR_PROXY_QLEN] = 64,
 132                         [NEIGH_VAR_ANYCAST_DELAY] = 1 * HZ,
 133                         [NEIGH_VAR_PROXY_DELAY] = (8 * HZ) / 10,
 134                 },
 135         },
 136         .gc_interval =    30 * HZ,
 137         .gc_thresh1 =    128,
 138         .gc_thresh2 =    512,
 139         .gc_thresh3 =   1024,
 140 };
 141 EXPORT_SYMBOL_GPL(nd_tbl);
 142 
 143 void __ndisc_fill_addr_option(struct sk_buff *skb, int type, void *data,
 144                               int data_len, int pad)
 145 {
 146         int space = __ndisc_opt_addr_space(data_len, pad);
 147         u8 *opt = skb_put(skb, space);
 148 
 149         opt[0] = type;
 150         opt[1] = space>>3;
 151 
 152         memset(opt + 2, 0, pad);
 153         opt   += pad;
 154         space -= pad;
 155 
 156         memcpy(opt+2, data, data_len);
 157         data_len += 2;
 158         opt += data_len;
 159         space -= data_len;
 160         if (space > 0)
 161                 memset(opt, 0, space);
 162 }
 163 EXPORT_SYMBOL_GPL(__ndisc_fill_addr_option);
 164 
 165 static inline void ndisc_fill_addr_option(struct sk_buff *skb, int type,
 166                                           void *data, u8 icmp6_type)
 167 {
 168         __ndisc_fill_addr_option(skb, type, data, skb->dev->addr_len,
 169                                  ndisc_addr_option_pad(skb->dev->type));
 170         ndisc_ops_fill_addr_option(skb->dev, skb, icmp6_type);
 171 }
 172 
 173 static inline void ndisc_fill_redirect_addr_option(struct sk_buff *skb,
 174                                                    void *ha,
 175                                                    const u8 *ops_data)
 176 {
 177         ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR, ha, NDISC_REDIRECT);
 178         ndisc_ops_fill_redirect_addr_option(skb->dev, skb, ops_data);
 179 }
 180 
 181 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
 182                                             struct nd_opt_hdr *end)
 183 {
 184         int type;
 185         if (!cur || !end || cur >= end)
 186                 return NULL;
 187         type = cur->nd_opt_type;
 188         do {
 189                 cur = ((void *)cur) + (cur->nd_opt_len << 3);
 190         } while (cur < end && cur->nd_opt_type != type);
 191         return cur <= end && cur->nd_opt_type == type ? cur : NULL;
 192 }
 193 
 194 static inline int ndisc_is_useropt(const struct net_device *dev,
 195                                    struct nd_opt_hdr *opt)
 196 {
 197         return opt->nd_opt_type == ND_OPT_RDNSS ||
 198                 opt->nd_opt_type == ND_OPT_DNSSL ||
 199                 opt->nd_opt_type == ND_OPT_CAPTIVE_PORTAL ||
 200                 ndisc_ops_is_useropt(dev, opt->nd_opt_type);
 201 }
 202 
 203 static struct nd_opt_hdr *ndisc_next_useropt(const struct net_device *dev,
 204                                              struct nd_opt_hdr *cur,
 205                                              struct nd_opt_hdr *end)
 206 {
 207         if (!cur || !end || cur >= end)
 208                 return NULL;
 209         do {
 210                 cur = ((void *)cur) + (cur->nd_opt_len << 3);
 211         } while (cur < end && !ndisc_is_useropt(dev, cur));
 212         return cur <= end && ndisc_is_useropt(dev, cur) ? cur : NULL;
 213 }
 214 
 215 struct ndisc_options *ndisc_parse_options(const struct net_device *dev,
 216                                           u8 *opt, int opt_len,
 217                                           struct ndisc_options *ndopts)
 218 {
 219         struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
 220 
 221         if (!nd_opt || opt_len < 0 || !ndopts)
 222                 return NULL;
 223         memset(ndopts, 0, sizeof(*ndopts));
 224         while (opt_len) {
 225                 int l;
 226                 if (opt_len < sizeof(struct nd_opt_hdr))
 227                         return NULL;
 228                 l = nd_opt->nd_opt_len << 3;
 229                 if (opt_len < l || l == 0)
 230                         return NULL;
 231                 if (ndisc_ops_parse_options(dev, nd_opt, ndopts))
 232                         goto next_opt;
 233                 switch (nd_opt->nd_opt_type) {
 234                 case ND_OPT_SOURCE_LL_ADDR:
 235                 case ND_OPT_TARGET_LL_ADDR:
 236                 case ND_OPT_MTU:
 237                 case ND_OPT_NONCE:
 238                 case ND_OPT_REDIRECT_HDR:
 239                         if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
 240                                 ND_PRINTK(2, warn,
 241                                           "%s: duplicated ND6 option found: type=%d\n",
 242                                           __func__, nd_opt->nd_opt_type);
 243                         } else {
 244                                 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
 245                         }
 246                         break;
 247                 case ND_OPT_PREFIX_INFO:
 248                         ndopts->nd_opts_pi_end = nd_opt;
 249                         if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
 250                                 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
 251                         break;
 252 #ifdef CONFIG_IPV6_ROUTE_INFO
 253                 case ND_OPT_ROUTE_INFO:
 254                         ndopts->nd_opts_ri_end = nd_opt;
 255                         if (!ndopts->nd_opts_ri)
 256                                 ndopts->nd_opts_ri = nd_opt;
 257                         break;
 258 #endif
 259                 default:
 260                         if (ndisc_is_useropt(dev, nd_opt)) {
 261                                 ndopts->nd_useropts_end = nd_opt;
 262                                 if (!ndopts->nd_useropts)
 263                                         ndopts->nd_useropts = nd_opt;
 264                         } else {
 265                                 /*
 266                                  * Unknown options must be silently ignored,
 267                                  * to accommodate future extension to the
 268                                  * protocol.
 269                                  */
 270                                 ND_PRINTK(2, notice,
 271                                           "%s: ignored unsupported option; type=%d, len=%d\n",
 272                                           __func__,
 273                                           nd_opt->nd_opt_type,
 274                                           nd_opt->nd_opt_len);
 275                         }
 276                 }
 277 next_opt:
 278                 opt_len -= l;
 279                 nd_opt = ((void *)nd_opt) + l;
 280         }
 281         return ndopts;
 282 }
 283 
 284 int ndisc_mc_map(const struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
 285 {
 286         switch (dev->type) {
 287         case ARPHRD_ETHER:
 288         case ARPHRD_IEEE802:    /* Not sure. Check it later. --ANK */
 289         case ARPHRD_FDDI:
 290                 ipv6_eth_mc_map(addr, buf);
 291                 return 0;
 292         case ARPHRD_ARCNET:
 293                 ipv6_arcnet_mc_map(addr, buf);
 294                 return 0;
 295         case ARPHRD_INFINIBAND:
 296                 ipv6_ib_mc_map(addr, dev->broadcast, buf);
 297                 return 0;
 298         case ARPHRD_IPGRE:
 299                 return ipv6_ipgre_mc_map(addr, dev->broadcast, buf);
 300         default:
 301                 if (dir) {
 302                         memcpy(buf, dev->broadcast, dev->addr_len);
 303                         return 0;
 304                 }
 305         }
 306         return -EINVAL;
 307 }
 308 EXPORT_SYMBOL(ndisc_mc_map);
 309 
 310 static u32 ndisc_hash(const void *pkey,
 311                       const struct net_device *dev,
 312                       __u32 *hash_rnd)
 313 {
 314         return ndisc_hashfn(pkey, dev, hash_rnd);
 315 }
 316 
 317 static bool ndisc_key_eq(const struct neighbour *n, const void *pkey)
 318 {
 319         return neigh_key_eq128(n, pkey);
 320 }
 321 
 322 static int ndisc_constructor(struct neighbour *neigh)
 323 {
 324         struct in6_addr *addr = (struct in6_addr *)&neigh->primary_key;
 325         struct net_device *dev = neigh->dev;
 326         struct inet6_dev *in6_dev;
 327         struct neigh_parms *parms;
 328         bool is_multicast = ipv6_addr_is_multicast(addr);
 329 
 330         in6_dev = in6_dev_get(dev);
 331         if (!in6_dev) {
 332                 return -EINVAL;
 333         }
 334 
 335         parms = in6_dev->nd_parms;
 336         __neigh_parms_put(neigh->parms);
 337         neigh->parms = neigh_parms_clone(parms);
 338 
 339         neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
 340         if (!dev->header_ops) {
 341                 neigh->nud_state = NUD_NOARP;
 342                 neigh->ops = &ndisc_direct_ops;
 343                 neigh->output = neigh_direct_output;
 344         } else {
 345                 if (is_multicast) {
 346                         neigh->nud_state = NUD_NOARP;
 347                         ndisc_mc_map(addr, neigh->ha, dev, 1);
 348                 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
 349                         neigh->nud_state = NUD_NOARP;
 350                         memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
 351                         if (dev->flags&IFF_LOOPBACK)
 352                                 neigh->type = RTN_LOCAL;
 353                 } else if (dev->flags&IFF_POINTOPOINT) {
 354                         neigh->nud_state = NUD_NOARP;
 355                         memcpy(neigh->ha, dev->broadcast, dev->addr_len);
 356                 }
 357                 if (dev->header_ops->cache)
 358                         neigh->ops = &ndisc_hh_ops;
 359                 else
 360                         neigh->ops = &ndisc_generic_ops;
 361                 if (neigh->nud_state&NUD_VALID)
 362                         neigh->output = neigh->ops->connected_output;
 363                 else
 364                         neigh->output = neigh->ops->output;
 365         }
 366         in6_dev_put(in6_dev);
 367         return 0;
 368 }
 369 
 370 static int pndisc_constructor(struct pneigh_entry *n)
 371 {
 372         struct in6_addr *addr = (struct in6_addr *)&n->key;
 373         struct in6_addr maddr;
 374         struct net_device *dev = n->dev;
 375 
 376         if (!dev || !__in6_dev_get(dev))
 377                 return -EINVAL;
 378         addrconf_addr_solict_mult(addr, &maddr);
 379         ipv6_dev_mc_inc(dev, &maddr);
 380         return 0;
 381 }
 382 
 383 static void pndisc_destructor(struct pneigh_entry *n)
 384 {
 385         struct in6_addr *addr = (struct in6_addr *)&n->key;
 386         struct in6_addr maddr;
 387         struct net_device *dev = n->dev;
 388 
 389         if (!dev || !__in6_dev_get(dev))
 390                 return;
 391         addrconf_addr_solict_mult(addr, &maddr);
 392         ipv6_dev_mc_dec(dev, &maddr);
 393 }
 394 
 395 /* called with rtnl held */
 396 static bool ndisc_allow_add(const struct net_device *dev,
 397                             struct netlink_ext_ack *extack)
 398 {
 399         struct inet6_dev *idev = __in6_dev_get(dev);
 400 
 401         if (!idev || idev->cnf.disable_ipv6) {
 402                 NL_SET_ERR_MSG(extack, "IPv6 is disabled on this device");
 403                 return false;
 404         }
 405 
 406         return true;
 407 }
 408 
 409 static struct sk_buff *ndisc_alloc_skb(struct net_device *dev,
 410                                        int len)
 411 {
 412         int hlen = LL_RESERVED_SPACE(dev);
 413         int tlen = dev->needed_tailroom;
 414         struct sock *sk = dev_net(dev)->ipv6.ndisc_sk;
 415         struct sk_buff *skb;
 416 
 417         skb = alloc_skb(hlen + sizeof(struct ipv6hdr) + len + tlen, GFP_ATOMIC);
 418         if (!skb) {
 419                 ND_PRINTK(0, err, "ndisc: %s failed to allocate an skb\n",
 420                           __func__);
 421                 return NULL;
 422         }
 423 
 424         skb->protocol = htons(ETH_P_IPV6);
 425         skb->dev = dev;
 426 
 427         skb_reserve(skb, hlen + sizeof(struct ipv6hdr));
 428         skb_reset_transport_header(skb);
 429 
 430         /* Manually assign socket ownership as we avoid calling
 431          * sock_alloc_send_pskb() to bypass wmem buffer limits
 432          */
 433         skb_set_owner_w(skb, sk);
 434 
 435         return skb;
 436 }
 437 
 438 static void ip6_nd_hdr(struct sk_buff *skb,
 439                        const struct in6_addr *saddr,
 440                        const struct in6_addr *daddr,
 441                        int hop_limit, int len)
 442 {
 443         struct ipv6hdr *hdr;
 444         struct inet6_dev *idev;
 445         unsigned tclass;
 446 
 447         rcu_read_lock();
 448         idev = __in6_dev_get(skb->dev);
 449         tclass = idev ? idev->cnf.ndisc_tclass : 0;
 450         rcu_read_unlock();
 451 
 452         skb_push(skb, sizeof(*hdr));
 453         skb_reset_network_header(skb);
 454         hdr = ipv6_hdr(skb);
 455 
 456         ip6_flow_hdr(hdr, tclass, 0);
 457 
 458         hdr->payload_len = htons(len);
 459         hdr->nexthdr = IPPROTO_ICMPV6;
 460         hdr->hop_limit = hop_limit;
 461 
 462         hdr->saddr = *saddr;
 463         hdr->daddr = *daddr;
 464 }
 465 
 466 static void ndisc_send_skb(struct sk_buff *skb,
 467                            const struct in6_addr *daddr,
 468                            const struct in6_addr *saddr)
 469 {
 470         struct dst_entry *dst = skb_dst(skb);
 471         struct net *net = dev_net(skb->dev);
 472         struct sock *sk = net->ipv6.ndisc_sk;
 473         struct inet6_dev *idev;
 474         int err;
 475         struct icmp6hdr *icmp6h = icmp6_hdr(skb);
 476         u8 type;
 477 
 478         type = icmp6h->icmp6_type;
 479 
 480         if (!dst) {
 481                 struct flowi6 fl6;
 482                 int oif = skb->dev->ifindex;
 483 
 484                 icmpv6_flow_init(sk, &fl6, type, saddr, daddr, oif);
 485                 dst = icmp6_dst_alloc(skb->dev, &fl6);
 486                 if (IS_ERR(dst)) {
 487                         kfree_skb(skb);
 488                         return;
 489                 }
 490 
 491                 skb_dst_set(skb, dst);
 492         }
 493 
 494         icmp6h->icmp6_cksum = csum_ipv6_magic(saddr, daddr, skb->len,
 495                                               IPPROTO_ICMPV6,
 496                                               csum_partial(icmp6h,
 497                                                            skb->len, 0));
 498 
 499         ip6_nd_hdr(skb, saddr, daddr, inet6_sk(sk)->hop_limit, skb->len);
 500 
 501         rcu_read_lock();
 502         idev = __in6_dev_get(dst->dev);
 503         IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
 504 
 505         err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT,
 506                       net, sk, skb, NULL, dst->dev,
 507                       dst_output);
 508         if (!err) {
 509                 ICMP6MSGOUT_INC_STATS(net, idev, type);
 510                 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
 511         }
 512 
 513         rcu_read_unlock();
 514 }
 515 
 516 void ndisc_send_na(struct net_device *dev, const struct in6_addr *daddr,
 517                    const struct in6_addr *solicited_addr,
 518                    bool router, bool solicited, bool override, bool inc_opt)
 519 {
 520         struct sk_buff *skb;
 521         struct in6_addr tmpaddr;
 522         struct inet6_ifaddr *ifp;
 523         const struct in6_addr *src_addr;
 524         struct nd_msg *msg;
 525         int optlen = 0;
 526 
 527         /* for anycast or proxy, solicited_addr != src_addr */
 528         ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
 529         if (ifp) {
 530                 src_addr = solicited_addr;
 531                 if (ifp->flags & IFA_F_OPTIMISTIC)
 532                         override = false;
 533                 inc_opt |= ifp->idev->cnf.force_tllao;
 534                 in6_ifa_put(ifp);
 535         } else {
 536                 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
 537                                        inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
 538                                        &tmpaddr))
 539                         return;
 540                 src_addr = &tmpaddr;
 541         }
 542 
 543         if (!dev->addr_len)
 544                 inc_opt = false;
 545         if (inc_opt)
 546                 optlen += ndisc_opt_addr_space(dev,
 547                                                NDISC_NEIGHBOUR_ADVERTISEMENT);
 548 
 549         skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
 550         if (!skb)
 551                 return;
 552 
 553         msg = skb_put(skb, sizeof(*msg));
 554         *msg = (struct nd_msg) {
 555                 .icmph = {
 556                         .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
 557                         .icmp6_router = router,
 558                         .icmp6_solicited = solicited,
 559                         .icmp6_override = override,
 560                 },
 561                 .target = *solicited_addr,
 562         };
 563 
 564         if (inc_opt)
 565                 ndisc_fill_addr_option(skb, ND_OPT_TARGET_LL_ADDR,
 566                                        dev->dev_addr,
 567                                        NDISC_NEIGHBOUR_ADVERTISEMENT);
 568 
 569         ndisc_send_skb(skb, daddr, src_addr);
 570 }
 571 
 572 static void ndisc_send_unsol_na(struct net_device *dev)
 573 {
 574         struct inet6_dev *idev;
 575         struct inet6_ifaddr *ifa;
 576 
 577         idev = in6_dev_get(dev);
 578         if (!idev)
 579                 return;
 580 
 581         read_lock_bh(&idev->lock);
 582         list_for_each_entry(ifa, &idev->addr_list, if_list) {
 583                 /* skip tentative addresses until dad completes */
 584                 if (ifa->flags & IFA_F_TENTATIVE &&
 585                     !(ifa->flags & IFA_F_OPTIMISTIC))
 586                         continue;
 587 
 588                 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &ifa->addr,
 589                               /*router=*/ !!idev->cnf.forwarding,
 590                               /*solicited=*/ false, /*override=*/ true,
 591                               /*inc_opt=*/ true);
 592         }
 593         read_unlock_bh(&idev->lock);
 594 
 595         in6_dev_put(idev);
 596 }
 597 
 598 void ndisc_send_ns(struct net_device *dev, const struct in6_addr *solicit,
 599                    const struct in6_addr *daddr, const struct in6_addr *saddr,
 600                    u64 nonce)
 601 {
 602         struct sk_buff *skb;
 603         struct in6_addr addr_buf;
 604         int inc_opt = dev->addr_len;
 605         int optlen = 0;
 606         struct nd_msg *msg;
 607 
 608         if (!saddr) {
 609                 if (ipv6_get_lladdr(dev, &addr_buf,
 610                                    (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
 611                         return;
 612                 saddr = &addr_buf;
 613         }
 614 
 615         if (ipv6_addr_any(saddr))
 616                 inc_opt = false;
 617         if (inc_opt)
 618                 optlen += ndisc_opt_addr_space(dev,
 619                                                NDISC_NEIGHBOUR_SOLICITATION);
 620         if (nonce != 0)
 621                 optlen += 8;
 622 
 623         skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
 624         if (!skb)
 625                 return;
 626 
 627         msg = skb_put(skb, sizeof(*msg));
 628         *msg = (struct nd_msg) {
 629                 .icmph = {
 630                         .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
 631                 },
 632                 .target = *solicit,
 633         };
 634 
 635         if (inc_opt)
 636                 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
 637                                        dev->dev_addr,
 638                                        NDISC_NEIGHBOUR_SOLICITATION);
 639         if (nonce != 0) {
 640                 u8 *opt = skb_put(skb, 8);
 641 
 642                 opt[0] = ND_OPT_NONCE;
 643                 opt[1] = 8 >> 3;
 644                 memcpy(opt + 2, &nonce, 6);
 645         }
 646 
 647         ndisc_send_skb(skb, daddr, saddr);
 648 }
 649 
 650 void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
 651                    const struct in6_addr *daddr)
 652 {
 653         struct sk_buff *skb;
 654         struct rs_msg *msg;
 655         int send_sllao = dev->addr_len;
 656         int optlen = 0;
 657 
 658 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
 659         /*
 660          * According to section 2.2 of RFC 4429, we must not
 661          * send router solicitations with a sllao from
 662          * optimistic addresses, but we may send the solicitation
 663          * if we don't include the sllao.  So here we check
 664          * if our address is optimistic, and if so, we
 665          * suppress the inclusion of the sllao.
 666          */
 667         if (send_sllao) {
 668                 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
 669                                                            dev, 1);
 670                 if (ifp) {
 671                         if (ifp->flags & IFA_F_OPTIMISTIC)  {
 672                                 send_sllao = 0;
 673                         }
 674                         in6_ifa_put(ifp);
 675                 } else {
 676                         send_sllao = 0;
 677                 }
 678         }
 679 #endif
 680         if (send_sllao)
 681                 optlen += ndisc_opt_addr_space(dev, NDISC_ROUTER_SOLICITATION);
 682 
 683         skb = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
 684         if (!skb)
 685                 return;
 686 
 687         msg = skb_put(skb, sizeof(*msg));
 688         *msg = (struct rs_msg) {
 689                 .icmph = {
 690                         .icmp6_type = NDISC_ROUTER_SOLICITATION,
 691                 },
 692         };
 693 
 694         if (send_sllao)
 695                 ndisc_fill_addr_option(skb, ND_OPT_SOURCE_LL_ADDR,
 696                                        dev->dev_addr,
 697                                        NDISC_ROUTER_SOLICITATION);
 698 
 699         ndisc_send_skb(skb, daddr, saddr);
 700 }
 701 
 702 
 703 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
 704 {
 705         /*
 706          *      "The sender MUST return an ICMP
 707          *       destination unreachable"
 708          */
 709         dst_link_failure(skb);
 710         kfree_skb(skb);
 711 }
 712 
 713 /* Called with locked neigh: either read or both */
 714 
 715 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
 716 {
 717         struct in6_addr *saddr = NULL;
 718         struct in6_addr mcaddr;
 719         struct net_device *dev = neigh->dev;
 720         struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
 721         int probes = atomic_read(&neigh->probes);
 722 
 723         if (skb && ipv6_chk_addr_and_flags(dev_net(dev), &ipv6_hdr(skb)->saddr,
 724                                            dev, false, 1,
 725                                            IFA_F_TENTATIVE|IFA_F_OPTIMISTIC))
 726                 saddr = &ipv6_hdr(skb)->saddr;
 727         probes -= NEIGH_VAR(neigh->parms, UCAST_PROBES);
 728         if (probes < 0) {
 729                 if (!(neigh->nud_state & NUD_VALID)) {
 730                         ND_PRINTK(1, dbg,
 731                                   "%s: trying to ucast probe in NUD_INVALID: %pI6\n",
 732                                   __func__, target);
 733                 }
 734                 ndisc_send_ns(dev, target, target, saddr, 0);
 735         } else if ((probes -= NEIGH_VAR(neigh->parms, APP_PROBES)) < 0) {
 736                 neigh_app_ns(neigh);
 737         } else {
 738                 addrconf_addr_solict_mult(target, &mcaddr);
 739                 ndisc_send_ns(dev, target, &mcaddr, saddr, 0);
 740         }
 741 }
 742 
 743 static int pndisc_is_router(const void *pkey,
 744                             struct net_device *dev)
 745 {
 746         struct pneigh_entry *n;
 747         int ret = -1;
 748 
 749         read_lock_bh(&nd_tbl.lock);
 750         n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
 751         if (n)
 752                 ret = !!(n->flags & NTF_ROUTER);
 753         read_unlock_bh(&nd_tbl.lock);
 754 
 755         return ret;
 756 }
 757 
 758 void ndisc_update(const struct net_device *dev, struct neighbour *neigh,
 759                   const u8 *lladdr, u8 new, u32 flags, u8 icmp6_type,
 760                   struct ndisc_options *ndopts)
 761 {
 762         neigh_update(neigh, lladdr, new, flags, 0);
 763         /* report ndisc ops about neighbour update */
 764         ndisc_ops_update(dev, neigh, flags, icmp6_type, ndopts);
 765 }
 766 
 767 static void ndisc_recv_ns(struct sk_buff *skb)
 768 {
 769         struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
 770         const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
 771         const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
 772         u8 *lladdr = NULL;
 773         u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
 774                                     offsetof(struct nd_msg, opt));
 775         struct ndisc_options ndopts;
 776         struct net_device *dev = skb->dev;
 777         struct inet6_ifaddr *ifp;
 778         struct inet6_dev *idev = NULL;
 779         struct neighbour *neigh;
 780         int dad = ipv6_addr_any(saddr);
 781         bool inc;
 782         int is_router = -1;
 783         u64 nonce = 0;
 784 
 785         if (skb->len < sizeof(struct nd_msg)) {
 786                 ND_PRINTK(2, warn, "NS: packet too short\n");
 787                 return;
 788         }
 789 
 790         if (ipv6_addr_is_multicast(&msg->target)) {
 791                 ND_PRINTK(2, warn, "NS: multicast target address\n");
 792                 return;
 793         }
 794 
 795         /*
 796          * RFC2461 7.1.1:
 797          * DAD has to be destined for solicited node multicast address.
 798          */
 799         if (dad && !ipv6_addr_is_solict_mult(daddr)) {
 800                 ND_PRINTK(2, warn, "NS: bad DAD packet (wrong destination)\n");
 801                 return;
 802         }
 803 
 804         if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
 805                 ND_PRINTK(2, warn, "NS: invalid ND options\n");
 806                 return;
 807         }
 808 
 809         if (ndopts.nd_opts_src_lladdr) {
 810                 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
 811                 if (!lladdr) {
 812                         ND_PRINTK(2, warn,
 813                                   "NS: invalid link-layer address length\n");
 814                         return;
 815                 }
 816 
 817                 /* RFC2461 7.1.1:
 818                  *      If the IP source address is the unspecified address,
 819                  *      there MUST NOT be source link-layer address option
 820                  *      in the message.
 821                  */
 822                 if (dad) {
 823                         ND_PRINTK(2, warn,
 824                                   "NS: bad DAD packet (link-layer address option)\n");
 825                         return;
 826                 }
 827         }
 828         if (ndopts.nd_opts_nonce && ndopts.nd_opts_nonce->nd_opt_len == 1)
 829                 memcpy(&nonce, (u8 *)(ndopts.nd_opts_nonce + 1), 6);
 830 
 831         inc = ipv6_addr_is_multicast(daddr);
 832 
 833         ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
 834         if (ifp) {
 835 have_ifp:
 836                 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
 837                         if (dad) {
 838                                 if (nonce != 0 && ifp->dad_nonce == nonce) {
 839                                         u8 *np = (u8 *)&nonce;
 840                                         /* Matching nonce if looped back */
 841                                         ND_PRINTK(2, notice,
 842                                                   "%s: IPv6 DAD loopback for address %pI6c nonce %pM ignored\n",
 843                                                   ifp->idev->dev->name,
 844                                                   &ifp->addr, np);
 845                                         goto out;
 846                                 }
 847                                 /*
 848                                  * We are colliding with another node
 849                                  * who is doing DAD
 850                                  * so fail our DAD process
 851                                  */
 852                                 addrconf_dad_failure(skb, ifp);
 853                                 return;
 854                         } else {
 855                                 /*
 856                                  * This is not a dad solicitation.
 857                                  * If we are an optimistic node,
 858                                  * we should respond.
 859                                  * Otherwise, we should ignore it.
 860                                  */
 861                                 if (!(ifp->flags & IFA_F_OPTIMISTIC))
 862                                         goto out;
 863                         }
 864                 }
 865 
 866                 idev = ifp->idev;
 867         } else {
 868                 struct net *net = dev_net(dev);
 869 
 870                 /* perhaps an address on the master device */
 871                 if (netif_is_l3_slave(dev)) {
 872                         struct net_device *mdev;
 873 
 874                         mdev = netdev_master_upper_dev_get_rcu(dev);
 875                         if (mdev) {
 876                                 ifp = ipv6_get_ifaddr(net, &msg->target, mdev, 1);
 877                                 if (ifp)
 878                                         goto have_ifp;
 879                         }
 880                 }
 881 
 882                 idev = in6_dev_get(dev);
 883                 if (!idev) {
 884                         /* XXX: count this drop? */
 885                         return;
 886                 }
 887 
 888                 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
 889                     (idev->cnf.forwarding &&
 890                      (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
 891                      (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
 892                         if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
 893                             skb->pkt_type != PACKET_HOST &&
 894                             inc &&
 895                             NEIGH_VAR(idev->nd_parms, PROXY_DELAY) != 0) {
 896                                 /*
 897                                  * for anycast or proxy,
 898                                  * sender should delay its response
 899                                  * by a random time between 0 and
 900                                  * MAX_ANYCAST_DELAY_TIME seconds.
 901                                  * (RFC2461) -- yoshfuji
 902                                  */
 903                                 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
 904                                 if (n)
 905                                         pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
 906                                 goto out;
 907                         }
 908                 } else
 909                         goto out;
 910         }
 911 
 912         if (is_router < 0)
 913                 is_router = idev->cnf.forwarding;
 914 
 915         if (dad) {
 916                 ndisc_send_na(dev, &in6addr_linklocal_allnodes, &msg->target,
 917                               !!is_router, false, (ifp != NULL), true);
 918                 goto out;
 919         }
 920 
 921         if (inc)
 922                 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
 923         else
 924                 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
 925 
 926         /*
 927          *      update / create cache entry
 928          *      for the source address
 929          */
 930         neigh = __neigh_lookup(&nd_tbl, saddr, dev,
 931                                !inc || lladdr || !dev->addr_len);
 932         if (neigh)
 933                 ndisc_update(dev, neigh, lladdr, NUD_STALE,
 934                              NEIGH_UPDATE_F_WEAK_OVERRIDE|
 935                              NEIGH_UPDATE_F_OVERRIDE,
 936                              NDISC_NEIGHBOUR_SOLICITATION, &ndopts);
 937         if (neigh || !dev->header_ops) {
 938                 ndisc_send_na(dev, saddr, &msg->target, !!is_router,
 939                               true, (ifp != NULL && inc), inc);
 940                 if (neigh)
 941                         neigh_release(neigh);
 942         }
 943 
 944 out:
 945         if (ifp)
 946                 in6_ifa_put(ifp);
 947         else
 948                 in6_dev_put(idev);
 949 }
 950 
 951 static void ndisc_recv_na(struct sk_buff *skb)
 952 {
 953         struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
 954         struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
 955         const struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
 956         u8 *lladdr = NULL;
 957         u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
 958                                     offsetof(struct nd_msg, opt));
 959         struct ndisc_options ndopts;
 960         struct net_device *dev = skb->dev;
 961         struct inet6_dev *idev = __in6_dev_get(dev);
 962         struct inet6_ifaddr *ifp;
 963         struct neighbour *neigh;
 964 
 965         if (skb->len < sizeof(struct nd_msg)) {
 966                 ND_PRINTK(2, warn, "NA: packet too short\n");
 967                 return;
 968         }
 969 
 970         if (ipv6_addr_is_multicast(&msg->target)) {
 971                 ND_PRINTK(2, warn, "NA: target address is multicast\n");
 972                 return;
 973         }
 974 
 975         if (ipv6_addr_is_multicast(daddr) &&
 976             msg->icmph.icmp6_solicited) {
 977                 ND_PRINTK(2, warn, "NA: solicited NA is multicasted\n");
 978                 return;
 979         }
 980 
 981         /* For some 802.11 wireless deployments (and possibly other networks),
 982          * there will be a NA proxy and unsolicitd packets are attacks
 983          * and thus should not be accepted.
 984          */
 985         if (!msg->icmph.icmp6_solicited && idev &&
 986             idev->cnf.drop_unsolicited_na)
 987                 return;
 988 
 989         if (!ndisc_parse_options(dev, msg->opt, ndoptlen, &ndopts)) {
 990                 ND_PRINTK(2, warn, "NS: invalid ND option\n");
 991                 return;
 992         }
 993         if (ndopts.nd_opts_tgt_lladdr) {
 994                 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
 995                 if (!lladdr) {
 996                         ND_PRINTK(2, warn,
 997                                   "NA: invalid link-layer address length\n");
 998                         return;
 999                 }
1000         }
1001         ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
1002         if (ifp) {
1003                 if (skb->pkt_type != PACKET_LOOPBACK
1004                     && (ifp->flags & IFA_F_TENTATIVE)) {
1005                                 addrconf_dad_failure(skb, ifp);
1006                                 return;
1007                 }
1008                 /* What should we make now? The advertisement
1009                    is invalid, but ndisc specs say nothing
1010                    about it. It could be misconfiguration, or
1011                    an smart proxy agent tries to help us :-)
1012 
1013                    We should not print the error if NA has been
1014                    received from loopback - it is just our own
1015                    unsolicited advertisement.
1016                  */
1017                 if (skb->pkt_type != PACKET_LOOPBACK)
1018                         ND_PRINTK(1, warn,
1019                                   "NA: %pM advertised our address %pI6c on %s!\n",
1020                                   eth_hdr(skb)->h_source, &ifp->addr, ifp->idev->dev->name);
1021                 in6_ifa_put(ifp);
1022                 return;
1023         }
1024         neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
1025 
1026         if (neigh) {
1027                 u8 old_flags = neigh->flags;
1028                 struct net *net = dev_net(dev);
1029 
1030                 if (neigh->nud_state & NUD_FAILED)
1031                         goto out;
1032 
1033                 /*
1034                  * Don't update the neighbor cache entry on a proxy NA from
1035                  * ourselves because either the proxied node is off link or it
1036                  * has already sent a NA to us.
1037                  */
1038                 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
1039                     net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
1040                     pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
1041                         /* XXX: idev->cnf.proxy_ndp */
1042                         goto out;
1043                 }
1044 
1045                 ndisc_update(dev, neigh, lladdr,
1046                              msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
1047                              NEIGH_UPDATE_F_WEAK_OVERRIDE|
1048                              (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
1049                              NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1050                              (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0),
1051                              NDISC_NEIGHBOUR_ADVERTISEMENT, &ndopts);
1052 
1053                 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
1054                         /*
1055                          * Change: router to host
1056                          */
1057                         rt6_clean_tohost(dev_net(dev),  saddr);
1058                 }
1059 
1060 out:
1061                 neigh_release(neigh);
1062         }
1063 }
1064 
1065 static void ndisc_recv_rs(struct sk_buff *skb)
1066 {
1067         struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
1068         unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
1069         struct neighbour *neigh;
1070         struct inet6_dev *idev;
1071         const struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
1072         struct ndisc_options ndopts;
1073         u8 *lladdr = NULL;
1074 
1075         if (skb->len < sizeof(*rs_msg))
1076                 return;
1077 
1078         idev = __in6_dev_get(skb->dev);
1079         if (!idev) {
1080                 ND_PRINTK(1, err, "RS: can't find in6 device\n");
1081                 return;
1082         }
1083 
1084         /* Don't accept RS if we're not in router mode */
1085         if (!idev->cnf.forwarding)
1086                 goto out;
1087 
1088         /*
1089          * Don't update NCE if src = ::;
1090          * this implies that the source node has no ip address assigned yet.
1091          */
1092         if (ipv6_addr_any(saddr))
1093                 goto out;
1094 
1095         /* Parse ND options */
1096         if (!ndisc_parse_options(skb->dev, rs_msg->opt, ndoptlen, &ndopts)) {
1097                 ND_PRINTK(2, notice, "NS: invalid ND option, ignored\n");
1098                 goto out;
1099         }
1100 
1101         if (ndopts.nd_opts_src_lladdr) {
1102                 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1103                                              skb->dev);
1104                 if (!lladdr)
1105                         goto out;
1106         }
1107 
1108         neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1109         if (neigh) {
1110                 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1111                              NEIGH_UPDATE_F_WEAK_OVERRIDE|
1112                              NEIGH_UPDATE_F_OVERRIDE|
1113                              NEIGH_UPDATE_F_OVERRIDE_ISROUTER,
1114                              NDISC_ROUTER_SOLICITATION, &ndopts);
1115                 neigh_release(neigh);
1116         }
1117 out:
1118         return;
1119 }
1120 
1121 static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1122 {
1123         struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1124         struct sk_buff *skb;
1125         struct nlmsghdr *nlh;
1126         struct nduseroptmsg *ndmsg;
1127         struct net *net = dev_net(ra->dev);
1128         int err;
1129         int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1130                                     + (opt->nd_opt_len << 3));
1131         size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1132 
1133         skb = nlmsg_new(msg_size, GFP_ATOMIC);
1134         if (!skb) {
1135                 err = -ENOBUFS;
1136                 goto errout;
1137         }
1138 
1139         nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1140         if (!nlh) {
1141                 goto nla_put_failure;
1142         }
1143 
1144         ndmsg = nlmsg_data(nlh);
1145         ndmsg->nduseropt_family = AF_INET6;
1146         ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1147         ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1148         ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1149         ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1150 
1151         memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1152 
1153         if (nla_put_in6_addr(skb, NDUSEROPT_SRCADDR, &ipv6_hdr(ra)->saddr))
1154                 goto nla_put_failure;
1155         nlmsg_end(skb, nlh);
1156 
1157         rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1158         return;
1159 
1160 nla_put_failure:
1161         nlmsg_free(skb);
1162         err = -EMSGSIZE;
1163 errout:
1164         rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1165 }
1166 
1167 static void ndisc_router_discovery(struct sk_buff *skb)
1168 {
1169         struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1170         struct neighbour *neigh = NULL;
1171         struct inet6_dev *in6_dev;
1172         struct fib6_info *rt = NULL;
1173         struct net *net;
1174         int lifetime;
1175         struct ndisc_options ndopts;
1176         int optlen;
1177         unsigned int pref = 0;
1178         __u32 old_if_flags;
1179         bool send_ifinfo_notify = false;
1180 
1181         __u8 *opt = (__u8 *)(ra_msg + 1);
1182 
1183         optlen = (skb_tail_pointer(skb) - skb_transport_header(skb)) -
1184                 sizeof(struct ra_msg);
1185 
1186         ND_PRINTK(2, info,
1187                   "RA: %s, dev: %s\n",
1188                   __func__, skb->dev->name);
1189         if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1190                 ND_PRINTK(2, warn, "RA: source address is not link-local\n");
1191                 return;
1192         }
1193         if (optlen < 0) {
1194                 ND_PRINTK(2, warn, "RA: packet too short\n");
1195                 return;
1196         }
1197 
1198 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1199         if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1200                 ND_PRINTK(2, warn, "RA: from host or unauthorized router\n");
1201                 return;
1202         }
1203 #endif
1204 
1205         /*
1206          *      set the RA_RECV flag in the interface
1207          */
1208 
1209         in6_dev = __in6_dev_get(skb->dev);
1210         if (!in6_dev) {
1211                 ND_PRINTK(0, err, "RA: can't find inet6 device for %s\n",
1212                           skb->dev->name);
1213                 return;
1214         }
1215 
1216         if (!ndisc_parse_options(skb->dev, opt, optlen, &ndopts)) {
1217                 ND_PRINTK(2, warn, "RA: invalid ND options\n");
1218                 return;
1219         }
1220 
1221         if (!ipv6_accept_ra(in6_dev)) {
1222                 ND_PRINTK(2, info,
1223                           "RA: %s, did not accept ra for dev: %s\n",
1224                           __func__, skb->dev->name);
1225                 goto skip_linkparms;
1226         }
1227 
1228 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1229         /* skip link-specific parameters from interior routers */
1230         if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1231                 ND_PRINTK(2, info,
1232                           "RA: %s, nodetype is NODEFAULT, dev: %s\n",
1233                           __func__, skb->dev->name);
1234                 goto skip_linkparms;
1235         }
1236 #endif
1237 
1238         if (in6_dev->if_flags & IF_RS_SENT) {
1239                 /*
1240                  *      flag that an RA was received after an RS was sent
1241                  *      out on this interface.
1242                  */
1243                 in6_dev->if_flags |= IF_RA_RCVD;
1244         }
1245 
1246         /*
1247          * Remember the managed/otherconf flags from most recently
1248          * received RA message (RFC 2462) -- yoshfuji
1249          */
1250         old_if_flags = in6_dev->if_flags;
1251         in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1252                                 IF_RA_OTHERCONF)) |
1253                                 (ra_msg->icmph.icmp6_addrconf_managed ?
1254                                         IF_RA_MANAGED : 0) |
1255                                 (ra_msg->icmph.icmp6_addrconf_other ?
1256                                         IF_RA_OTHERCONF : 0);
1257 
1258         if (old_if_flags != in6_dev->if_flags)
1259                 send_ifinfo_notify = true;
1260 
1261         if (!in6_dev->cnf.accept_ra_defrtr) {
1262                 ND_PRINTK(2, info,
1263                           "RA: %s, defrtr is false for dev: %s\n",
1264                           __func__, skb->dev->name);
1265                 goto skip_defrtr;
1266         }
1267 
1268         /* Do not accept RA with source-addr found on local machine unless
1269          * accept_ra_from_local is set to true.
1270          */
1271         net = dev_net(in6_dev->dev);
1272         if (!in6_dev->cnf.accept_ra_from_local &&
1273             ipv6_chk_addr(net, &ipv6_hdr(skb)->saddr, in6_dev->dev, 0)) {
1274                 ND_PRINTK(2, info,
1275                           "RA from local address detected on dev: %s: default router ignored\n",
1276                           skb->dev->name);
1277                 goto skip_defrtr;
1278         }
1279 
1280         lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1281 
1282 #ifdef CONFIG_IPV6_ROUTER_PREF
1283         pref = ra_msg->icmph.icmp6_router_pref;
1284         /* 10b is handled as if it were 00b (medium) */
1285         if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1286             !in6_dev->cnf.accept_ra_rtr_pref)
1287                 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1288 #endif
1289         /* routes added from RAs do not use nexthop objects */
1290         rt = rt6_get_dflt_router(net, &ipv6_hdr(skb)->saddr, skb->dev);
1291         if (rt) {
1292                 neigh = ip6_neigh_lookup(&rt->fib6_nh->fib_nh_gw6,
1293                                          rt->fib6_nh->fib_nh_dev, NULL,
1294                                           &ipv6_hdr(skb)->saddr);
1295                 if (!neigh) {
1296                         ND_PRINTK(0, err,
1297                                   "RA: %s got default router without neighbour\n",
1298                                   __func__);
1299                         fib6_info_release(rt);
1300                         return;
1301                 }
1302         }
1303         if (rt && lifetime == 0) {
1304                 ip6_del_rt(net, rt);
1305                 rt = NULL;
1306         }
1307 
1308         ND_PRINTK(3, info, "RA: rt: %p  lifetime: %d, for dev: %s\n",
1309                   rt, lifetime, skb->dev->name);
1310         if (!rt && lifetime) {
1311                 ND_PRINTK(3, info, "RA: adding default router\n");
1312 
1313                 rt = rt6_add_dflt_router(net, &ipv6_hdr(skb)->saddr,
1314                                          skb->dev, pref);
1315                 if (!rt) {
1316                         ND_PRINTK(0, err,
1317                                   "RA: %s failed to add default route\n",
1318                                   __func__);
1319                         return;
1320                 }
1321 
1322                 neigh = ip6_neigh_lookup(&rt->fib6_nh->fib_nh_gw6,
1323                                          rt->fib6_nh->fib_nh_dev, NULL,
1324                                           &ipv6_hdr(skb)->saddr);
1325                 if (!neigh) {
1326                         ND_PRINTK(0, err,
1327                                   "RA: %s got default router without neighbour\n",
1328                                   __func__);
1329                         fib6_info_release(rt);
1330                         return;
1331                 }
1332                 neigh->flags |= NTF_ROUTER;
1333         } else if (rt) {
1334                 rt->fib6_flags = (rt->fib6_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1335         }
1336 
1337         if (rt)
1338                 fib6_set_expires(rt, jiffies + (HZ * lifetime));
1339         if (in6_dev->cnf.accept_ra_min_hop_limit < 256 &&
1340             ra_msg->icmph.icmp6_hop_limit) {
1341                 if (in6_dev->cnf.accept_ra_min_hop_limit <= ra_msg->icmph.icmp6_hop_limit) {
1342                         in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1343                         fib6_metric_set(rt, RTAX_HOPLIMIT,
1344                                         ra_msg->icmph.icmp6_hop_limit);
1345                 } else {
1346                         ND_PRINTK(2, warn, "RA: Got route advertisement with lower hop_limit than minimum\n");
1347                 }
1348         }
1349 
1350 skip_defrtr:
1351 
1352         /*
1353          *      Update Reachable Time and Retrans Timer
1354          */
1355 
1356         if (in6_dev->nd_parms) {
1357                 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1358 
1359                 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1360                         rtime = (rtime*HZ)/1000;
1361                         if (rtime < HZ/10)
1362                                 rtime = HZ/10;
1363                         NEIGH_VAR_SET(in6_dev->nd_parms, RETRANS_TIME, rtime);
1364                         in6_dev->tstamp = jiffies;
1365                         send_ifinfo_notify = true;
1366                 }
1367 
1368                 rtime = ntohl(ra_msg->reachable_time);
1369                 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1370                         rtime = (rtime*HZ)/1000;
1371 
1372                         if (rtime < HZ/10)
1373                                 rtime = HZ/10;
1374 
1375                         if (rtime != NEIGH_VAR(in6_dev->nd_parms, BASE_REACHABLE_TIME)) {
1376                                 NEIGH_VAR_SET(in6_dev->nd_parms,
1377                                               BASE_REACHABLE_TIME, rtime);
1378                                 NEIGH_VAR_SET(in6_dev->nd_parms,
1379                                               GC_STALETIME, 3 * rtime);
1380                                 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1381                                 in6_dev->tstamp = jiffies;
1382                                 send_ifinfo_notify = true;
1383                         }
1384                 }
1385         }
1386 
1387         /*
1388          *      Send a notify if RA changed managed/otherconf flags or timer settings
1389          */
1390         if (send_ifinfo_notify)
1391                 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1392 
1393 skip_linkparms:
1394 
1395         /*
1396          *      Process options.
1397          */
1398 
1399         if (!neigh)
1400                 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1401                                        skb->dev, 1);
1402         if (neigh) {
1403                 u8 *lladdr = NULL;
1404                 if (ndopts.nd_opts_src_lladdr) {
1405                         lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1406                                                      skb->dev);
1407                         if (!lladdr) {
1408                                 ND_PRINTK(2, warn,
1409                                           "RA: invalid link-layer address length\n");
1410                                 goto out;
1411                         }
1412                 }
1413                 ndisc_update(skb->dev, neigh, lladdr, NUD_STALE,
1414                              NEIGH_UPDATE_F_WEAK_OVERRIDE|
1415                              NEIGH_UPDATE_F_OVERRIDE|
1416                              NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1417                              NEIGH_UPDATE_F_ISROUTER,
1418                              NDISC_ROUTER_ADVERTISEMENT, &ndopts);
1419         }
1420 
1421         if (!ipv6_accept_ra(in6_dev)) {
1422                 ND_PRINTK(2, info,
1423                           "RA: %s, accept_ra is false for dev: %s\n",
1424                           __func__, skb->dev->name);
1425                 goto out;
1426         }
1427 
1428 #ifdef CONFIG_IPV6_ROUTE_INFO
1429         if (!in6_dev->cnf.accept_ra_from_local &&
1430             ipv6_chk_addr(dev_net(in6_dev->dev), &ipv6_hdr(skb)->saddr,
1431                           in6_dev->dev, 0)) {
1432                 ND_PRINTK(2, info,
1433                           "RA from local address detected on dev: %s: router info ignored.\n",
1434                           skb->dev->name);
1435                 goto skip_routeinfo;
1436         }
1437 
1438         if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1439                 struct nd_opt_hdr *p;
1440                 for (p = ndopts.nd_opts_ri;
1441                      p;
1442                      p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1443                         struct route_info *ri = (struct route_info *)p;
1444 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1445                         if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1446                             ri->prefix_len == 0)
1447                                 continue;
1448 #endif
1449                         if (ri->prefix_len == 0 &&
1450                             !in6_dev->cnf.accept_ra_defrtr)
1451                                 continue;
1452                         if (ri->prefix_len < in6_dev->cnf.accept_ra_rt_info_min_plen)
1453                                 continue;
1454                         if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1455                                 continue;
1456                         rt6_route_rcv(skb->dev, (u8 *)p, (p->nd_opt_len) << 3,
1457                                       &ipv6_hdr(skb)->saddr);
1458                 }
1459         }
1460 
1461 skip_routeinfo:
1462 #endif
1463 
1464 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1465         /* skip link-specific ndopts from interior routers */
1466         if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT) {
1467                 ND_PRINTK(2, info,
1468                           "RA: %s, nodetype is NODEFAULT (interior routes), dev: %s\n",
1469                           __func__, skb->dev->name);
1470                 goto out;
1471         }
1472 #endif
1473 
1474         if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1475                 struct nd_opt_hdr *p;
1476                 for (p = ndopts.nd_opts_pi;
1477                      p;
1478                      p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1479                         addrconf_prefix_rcv(skb->dev, (u8 *)p,
1480                                             (p->nd_opt_len) << 3,
1481                                             ndopts.nd_opts_src_lladdr != NULL);
1482                 }
1483         }
1484 
1485         if (ndopts.nd_opts_mtu && in6_dev->cnf.accept_ra_mtu) {
1486                 __be32 n;
1487                 u32 mtu;
1488 
1489                 memcpy(&n, ((u8 *)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1490                 mtu = ntohl(n);
1491 
1492                 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1493                         ND_PRINTK(2, warn, "RA: invalid mtu: %d\n", mtu);
1494                 } else if (in6_dev->cnf.mtu6 != mtu) {
1495                         in6_dev->cnf.mtu6 = mtu;
1496                         fib6_metric_set(rt, RTAX_MTU, mtu);
1497                         rt6_mtu_change(skb->dev, mtu);
1498                 }
1499         }
1500 
1501         if (ndopts.nd_useropts) {
1502                 struct nd_opt_hdr *p;
1503                 for (p = ndopts.nd_useropts;
1504                      p;
1505                      p = ndisc_next_useropt(skb->dev, p,
1506                                             ndopts.nd_useropts_end)) {
1507                         ndisc_ra_useropt(skb, p);
1508                 }
1509         }
1510 
1511         if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1512                 ND_PRINTK(2, warn, "RA: invalid RA options\n");
1513         }
1514 out:
1515         fib6_info_release(rt);
1516         if (neigh)
1517                 neigh_release(neigh);
1518 }
1519 
1520 static void ndisc_redirect_rcv(struct sk_buff *skb)
1521 {
1522         u8 *hdr;
1523         struct ndisc_options ndopts;
1524         struct rd_msg *msg = (struct rd_msg *)skb_transport_header(skb);
1525         u32 ndoptlen = skb_tail_pointer(skb) - (skb_transport_header(skb) +
1526                                     offsetof(struct rd_msg, opt));
1527 
1528 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1529         switch (skb->ndisc_nodetype) {
1530         case NDISC_NODETYPE_HOST:
1531         case NDISC_NODETYPE_NODEFAULT:
1532                 ND_PRINTK(2, warn,
1533                           "Redirect: from host or unauthorized router\n");
1534                 return;
1535         }
1536 #endif
1537 
1538         if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1539                 ND_PRINTK(2, warn,
1540                           "Redirect: source address is not link-local\n");
1541                 return;
1542         }
1543 
1544         if (!ndisc_parse_options(skb->dev, msg->opt, ndoptlen, &ndopts))
1545                 return;
1546 
1547         if (!ndopts.nd_opts_rh) {
1548                 ip6_redirect_no_header(skb, dev_net(skb->dev),
1549                                         skb->dev->ifindex);
1550                 return;
1551         }
1552 
1553         hdr = (u8 *)ndopts.nd_opts_rh;
1554         hdr += 8;
1555         if (!pskb_pull(skb, hdr - skb_transport_header(skb)))
1556                 return;
1557 
1558         icmpv6_notify(skb, NDISC_REDIRECT, 0, 0);
1559 }
1560 
1561 static void ndisc_fill_redirect_hdr_option(struct sk_buff *skb,
1562                                            struct sk_buff *orig_skb,
1563                                            int rd_len)
1564 {
1565         u8 *opt = skb_put(skb, rd_len);
1566 
1567         memset(opt, 0, 8);
1568         *(opt++) = ND_OPT_REDIRECT_HDR;
1569         *(opt++) = (rd_len >> 3);
1570         opt += 6;
1571 
1572         skb_copy_bits(orig_skb, skb_network_offset(orig_skb), opt,
1573                       rd_len - 8);
1574 }
1575 
1576 void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1577 {
1578         struct net_device *dev = skb->dev;
1579         struct net *net = dev_net(dev);
1580         struct sock *sk = net->ipv6.ndisc_sk;
1581         int optlen = 0;
1582         struct inet_peer *peer;
1583         struct sk_buff *buff;
1584         struct rd_msg *msg;
1585         struct in6_addr saddr_buf;
1586         struct rt6_info *rt;
1587         struct dst_entry *dst;
1588         struct flowi6 fl6;
1589         int rd_len;
1590         u8 ha_buf[MAX_ADDR_LEN], *ha = NULL,
1591            ops_data_buf[NDISC_OPS_REDIRECT_DATA_SPACE], *ops_data = NULL;
1592         bool ret;
1593 
1594         if (netif_is_l3_master(skb->dev)) {
1595                 dev = __dev_get_by_index(dev_net(skb->dev), IPCB(skb)->iif);
1596                 if (!dev)
1597                         return;
1598         }
1599 
1600         if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1601                 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
1602                           dev->name);
1603                 return;
1604         }
1605 
1606         if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1607             ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1608                 ND_PRINTK(2, warn,
1609                           "Redirect: target address is not link-local unicast\n");
1610                 return;
1611         }
1612 
1613         icmpv6_flow_init(sk, &fl6, NDISC_REDIRECT,
1614                          &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1615 
1616         dst = ip6_route_output(net, NULL, &fl6);
1617         if (dst->error) {
1618                 dst_release(dst);
1619                 return;
1620         }
1621         dst = xfrm_lookup(net, dst, flowi6_to_flowi(&fl6), NULL, 0);
1622         if (IS_ERR(dst))
1623                 return;
1624 
1625         rt = (struct rt6_info *) dst;
1626 
1627         if (rt->rt6i_flags & RTF_GATEWAY) {
1628                 ND_PRINTK(2, warn,
1629                           "Redirect: destination is not a neighbour\n");
1630                 goto release;
1631         }
1632         peer = inet_getpeer_v6(net->ipv6.peers, &ipv6_hdr(skb)->saddr, 1);
1633         ret = inet_peer_xrlim_allow(peer, 1*HZ);
1634         if (peer)
1635                 inet_putpeer(peer);
1636         if (!ret)
1637                 goto release;
1638 
1639         if (dev->addr_len) {
1640                 struct neighbour *neigh = dst_neigh_lookup(skb_dst(skb), target);
1641                 if (!neigh) {
1642                         ND_PRINTK(2, warn,
1643                                   "Redirect: no neigh for target address\n");
1644                         goto release;
1645                 }
1646 
1647                 read_lock_bh(&neigh->lock);
1648                 if (neigh->nud_state & NUD_VALID) {
1649                         memcpy(ha_buf, neigh->ha, dev->addr_len);
1650                         read_unlock_bh(&neigh->lock);
1651                         ha = ha_buf;
1652                         optlen += ndisc_redirect_opt_addr_space(dev, neigh,
1653                                                                 ops_data_buf,
1654                                                                 &ops_data);
1655                 } else
1656                         read_unlock_bh(&neigh->lock);
1657 
1658                 neigh_release(neigh);
1659         }
1660 
1661         rd_len = min_t(unsigned int,
1662                        IPV6_MIN_MTU - sizeof(struct ipv6hdr) - sizeof(*msg) - optlen,
1663                        skb->len + 8);
1664         rd_len &= ~0x7;
1665         optlen += rd_len;
1666 
1667         buff = ndisc_alloc_skb(dev, sizeof(*msg) + optlen);
1668         if (!buff)
1669                 goto release;
1670 
1671         msg = skb_put(buff, sizeof(*msg));
1672         *msg = (struct rd_msg) {
1673                 .icmph = {
1674                         .icmp6_type = NDISC_REDIRECT,
1675                 },
1676                 .target = *target,
1677                 .dest = ipv6_hdr(skb)->daddr,
1678         };
1679 
1680         /*
1681          *      include target_address option
1682          */
1683 
1684         if (ha)
1685                 ndisc_fill_redirect_addr_option(buff, ha, ops_data);
1686 
1687         /*
1688          *      build redirect option and copy skb over to the new packet.
1689          */
1690 
1691         if (rd_len)
1692                 ndisc_fill_redirect_hdr_option(buff, skb, rd_len);
1693 
1694         skb_dst_set(buff, dst);
1695         ndisc_send_skb(buff, &ipv6_hdr(skb)->saddr, &saddr_buf);
1696         return;
1697 
1698 release:
1699         dst_release(dst);
1700 }
1701 
1702 static void pndisc_redo(struct sk_buff *skb)
1703 {
1704         ndisc_recv_ns(skb);
1705         kfree_skb(skb);
1706 }
1707 
1708 static bool ndisc_suppress_frag_ndisc(struct sk_buff *skb)
1709 {
1710         struct inet6_dev *idev = __in6_dev_get(skb->dev);
1711 
1712         if (!idev)
1713                 return true;
1714         if (IP6CB(skb)->flags & IP6SKB_FRAGMENTED &&
1715             idev->cnf.suppress_frag_ndisc) {
1716                 net_warn_ratelimited("Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.\n");
1717                 return true;
1718         }
1719         return false;
1720 }
1721 
1722 int ndisc_rcv(struct sk_buff *skb)
1723 {
1724         struct nd_msg *msg;
1725 
1726         if (ndisc_suppress_frag_ndisc(skb))
1727                 return 0;
1728 
1729         if (skb_linearize(skb))
1730                 return 0;
1731 
1732         msg = (struct nd_msg *)skb_transport_header(skb);
1733 
1734         __skb_push(skb, skb->data - skb_transport_header(skb));
1735 
1736         if (ipv6_hdr(skb)->hop_limit != 255) {
1737                 ND_PRINTK(2, warn, "NDISC: invalid hop-limit: %d\n",
1738                           ipv6_hdr(skb)->hop_limit);
1739                 return 0;
1740         }
1741 
1742         if (msg->icmph.icmp6_code != 0) {
1743                 ND_PRINTK(2, warn, "NDISC: invalid ICMPv6 code: %d\n",
1744                           msg->icmph.icmp6_code);
1745                 return 0;
1746         }
1747 
1748         switch (msg->icmph.icmp6_type) {
1749         case NDISC_NEIGHBOUR_SOLICITATION:
1750                 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1751                 ndisc_recv_ns(skb);
1752                 break;
1753 
1754         case NDISC_NEIGHBOUR_ADVERTISEMENT:
1755                 ndisc_recv_na(skb);
1756                 break;
1757 
1758         case NDISC_ROUTER_SOLICITATION:
1759                 ndisc_recv_rs(skb);
1760                 break;
1761 
1762         case NDISC_ROUTER_ADVERTISEMENT:
1763                 ndisc_router_discovery(skb);
1764                 break;
1765 
1766         case NDISC_REDIRECT:
1767                 ndisc_redirect_rcv(skb);
1768                 break;
1769         }
1770 
1771         return 0;
1772 }
1773 
1774 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1775 {
1776         struct net_device *dev = netdev_notifier_info_to_dev(ptr);
1777         struct netdev_notifier_change_info *change_info;
1778         struct net *net = dev_net(dev);
1779         struct inet6_dev *idev;
1780 
1781         switch (event) {
1782         case NETDEV_CHANGEADDR:
1783                 neigh_changeaddr(&nd_tbl, dev);
1784                 fib6_run_gc(0, net, false);
1785                 /* fallthrough */
1786         case NETDEV_UP:
1787                 idev = in6_dev_get(dev);
1788                 if (!idev)
1789                         break;
1790                 if (idev->cnf.ndisc_notify ||
1791                     net->ipv6.devconf_all->ndisc_notify)
1792                         ndisc_send_unsol_na(dev);
1793                 in6_dev_put(idev);
1794                 break;
1795         case NETDEV_CHANGE:
1796                 change_info = ptr;
1797                 if (change_info->flags_changed & IFF_NOARP)
1798                         neigh_changeaddr(&nd_tbl, dev);
1799                 if (!netif_carrier_ok(dev))
1800                         neigh_carrier_down(&nd_tbl, dev);
1801                 break;
1802         case NETDEV_DOWN:
1803                 neigh_ifdown(&nd_tbl, dev);
1804                 fib6_run_gc(0, net, false);
1805                 break;
1806         case NETDEV_NOTIFY_PEERS:
1807                 ndisc_send_unsol_na(dev);
1808                 break;
1809         default:
1810                 break;
1811         }
1812 
1813         return NOTIFY_DONE;
1814 }
1815 
1816 static struct notifier_block ndisc_netdev_notifier = {
1817         .notifier_call = ndisc_netdev_event,
1818         .priority = ADDRCONF_NOTIFY_PRIORITY - 5,
1819 };
1820 
1821 #ifdef CONFIG_SYSCTL
1822 static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1823                                          const char *func, const char *dev_name)
1824 {
1825         static char warncomm[TASK_COMM_LEN];
1826         static int warned;
1827         if (strcmp(warncomm, current->comm) && warned < 5) {
1828                 strcpy(warncomm, current->comm);
1829                 pr_warn("process `%s' is using deprecated sysctl (%s) net.ipv6.neigh.%s.%s - use net.ipv6.neigh.%s.%s_ms instead\n",
1830                         warncomm, func,
1831                         dev_name, ctl->procname,
1832                         dev_name, ctl->procname);
1833                 warned++;
1834         }
1835 }
1836 
1837 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
1838 {
1839         struct net_device *dev = ctl->extra1;
1840         struct inet6_dev *idev;
1841         int ret;
1842 
1843         if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1844             (strcmp(ctl->procname, "base_reachable_time") == 0))
1845                 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1846 
1847         if (strcmp(ctl->procname, "retrans_time") == 0)
1848                 ret = neigh_proc_dointvec(ctl, write, buffer, lenp, ppos);
1849 
1850         else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1851                 ret = neigh_proc_dointvec_jiffies(ctl, write,
1852                                                   buffer, lenp, ppos);
1853 
1854         else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1855                  (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1856                 ret = neigh_proc_dointvec_ms_jiffies(ctl, write,
1857                                                      buffer, lenp, ppos);
1858         else
1859                 ret = -1;
1860 
1861         if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1862                 if (ctl->data == &NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME))
1863                         idev->nd_parms->reachable_time =
1864                                         neigh_rand_reach_time(NEIGH_VAR(idev->nd_parms, BASE_REACHABLE_TIME));
1865                 idev->tstamp = jiffies;
1866                 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1867                 in6_dev_put(idev);
1868         }
1869         return ret;
1870 }
1871 
1872 
1873 #endif
1874 
1875 static int __net_init ndisc_net_init(struct net *net)
1876 {
1877         struct ipv6_pinfo *np;
1878         struct sock *sk;
1879         int err;
1880 
1881         err = inet_ctl_sock_create(&sk, PF_INET6,
1882                                    SOCK_RAW, IPPROTO_ICMPV6, net);
1883         if (err < 0) {
1884                 ND_PRINTK(0, err,
1885                           "NDISC: Failed to initialize the control socket (err %d)\n",
1886                           err);
1887                 return err;
1888         }
1889 
1890         net->ipv6.ndisc_sk = sk;
1891 
1892         np = inet6_sk(sk);
1893         np->hop_limit = 255;
1894         /* Do not loopback ndisc messages */
1895         np->mc_loop = 0;
1896 
1897         return 0;
1898 }
1899 
1900 static void __net_exit ndisc_net_exit(struct net *net)
1901 {
1902         inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1903 }
1904 
1905 static struct pernet_operations ndisc_net_ops = {
1906         .init = ndisc_net_init,
1907         .exit = ndisc_net_exit,
1908 };
1909 
1910 int __init ndisc_init(void)
1911 {
1912         int err;
1913 
1914         err = register_pernet_subsys(&ndisc_net_ops);
1915         if (err)
1916                 return err;
1917         /*
1918          * Initialize the neighbour table
1919          */
1920         neigh_table_init(NEIGH_ND_TABLE, &nd_tbl);
1921 
1922 #ifdef CONFIG_SYSCTL
1923         err = neigh_sysctl_register(NULL, &nd_tbl.parms,
1924                                     ndisc_ifinfo_sysctl_change);
1925         if (err)
1926                 goto out_unregister_pernet;
1927 out:
1928 #endif
1929         return err;
1930 
1931 #ifdef CONFIG_SYSCTL
1932 out_unregister_pernet:
1933         unregister_pernet_subsys(&ndisc_net_ops);
1934         goto out;
1935 #endif
1936 }
1937 
1938 int __init ndisc_late_init(void)
1939 {
1940         return register_netdevice_notifier(&ndisc_netdev_notifier);
1941 }
1942 
1943 void ndisc_late_cleanup(void)
1944 {
1945         unregister_netdevice_notifier(&ndisc_netdev_notifier);
1946 }
1947 
1948 void ndisc_cleanup(void)
1949 {
1950 #ifdef CONFIG_SYSCTL
1951         neigh_sysctl_unregister(&nd_tbl.parms);
1952 #endif
1953         neigh_table_clear(NEIGH_ND_TABLE, &nd_tbl);
1954         unregister_pernet_subsys(&ndisc_net_ops);
1955 }

/* [<][>][^][v][top][bottom][index][help] */