Merge branch 'x86-platform-for-linus' of git://git.kernel.org/pub/scm/linux/kernel...
[platform/adaptation/renesas_rcar/renesas_kernel.git] / net / ipv6 / ndisc.c
1 /*
2  *      Neighbour Discovery for IPv6
3  *      Linux INET6 implementation
4  *
5  *      Authors:
6  *      Pedro Roque             <roque@di.fc.ul.pt>
7  *      Mike Shaver             <shaver@ingenia.com>
8  *
9  *      This program is free software; you can redistribute it and/or
10  *      modify it under the terms of the GNU General Public License
11  *      as published by the Free Software Foundation; either version
12  *      2 of the License, or (at your option) any later version.
13  */
14
15 /*
16  *      Changes:
17  *
18  *      Pierre Ynard                    :       export userland ND options
19  *                                              through netlink (RDNSS support)
20  *      Lars Fenneberg                  :       fixed MTU setting on receipt
21  *                                              of an RA.
22  *      Janos Farkas                    :       kmalloc failure checks
23  *      Alexey Kuznetsov                :       state machine reworked
24  *                                              and moved to net/core.
25  *      Pekka Savola                    :       RFC2461 validation
26  *      YOSHIFUJI Hideaki @USAGI        :       Verify ND options properly
27  */
28
29 /* Set to 3 to get tracing... */
30 #define ND_DEBUG 1
31
32 #define ND_PRINTK(fmt, args...) do { if (net_ratelimit()) { printk(fmt, ## args); } } while(0)
33 #define ND_NOPRINTK(x...) do { ; } while(0)
34 #define ND_PRINTK0 ND_PRINTK
35 #define ND_PRINTK1 ND_NOPRINTK
36 #define ND_PRINTK2 ND_NOPRINTK
37 #define ND_PRINTK3 ND_NOPRINTK
38 #if ND_DEBUG >= 1
39 #undef ND_PRINTK1
40 #define ND_PRINTK1 ND_PRINTK
41 #endif
42 #if ND_DEBUG >= 2
43 #undef ND_PRINTK2
44 #define ND_PRINTK2 ND_PRINTK
45 #endif
46 #if ND_DEBUG >= 3
47 #undef ND_PRINTK3
48 #define ND_PRINTK3 ND_PRINTK
49 #endif
50
51 #include <linux/module.h>
52 #include <linux/errno.h>
53 #include <linux/types.h>
54 #include <linux/socket.h>
55 #include <linux/sockios.h>
56 #include <linux/sched.h>
57 #include <linux/net.h>
58 #include <linux/in6.h>
59 #include <linux/route.h>
60 #include <linux/init.h>
61 #include <linux/rcupdate.h>
62 #include <linux/slab.h>
63 #ifdef CONFIG_SYSCTL
64 #include <linux/sysctl.h>
65 #endif
66
67 #include <linux/if_addr.h>
68 #include <linux/if_arp.h>
69 #include <linux/ipv6.h>
70 #include <linux/icmpv6.h>
71 #include <linux/jhash.h>
72
73 #include <net/sock.h>
74 #include <net/snmp.h>
75
76 #include <net/ipv6.h>
77 #include <net/protocol.h>
78 #include <net/ndisc.h>
79 #include <net/ip6_route.h>
80 #include <net/addrconf.h>
81 #include <net/icmp.h>
82
83 #include <net/netlink.h>
84 #include <linux/rtnetlink.h>
85
86 #include <net/flow.h>
87 #include <net/ip6_checksum.h>
88 #include <net/inet_common.h>
89 #include <linux/proc_fs.h>
90
91 #include <linux/netfilter.h>
92 #include <linux/netfilter_ipv6.h>
93
94 static u32 ndisc_hash(const void *pkey,
95                       const struct net_device *dev,
96                       __u32 rnd);
97 static int ndisc_constructor(struct neighbour *neigh);
98 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
99 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
100 static int pndisc_constructor(struct pneigh_entry *n);
101 static void pndisc_destructor(struct pneigh_entry *n);
102 static void pndisc_redo(struct sk_buff *skb);
103
104 static const struct neigh_ops ndisc_generic_ops = {
105         .family =               AF_INET6,
106         .solicit =              ndisc_solicit,
107         .error_report =         ndisc_error_report,
108         .output =               neigh_resolve_output,
109         .connected_output =     neigh_connected_output,
110         .hh_output =            dev_queue_xmit,
111         .queue_xmit =           dev_queue_xmit,
112 };
113
114 static const struct neigh_ops ndisc_hh_ops = {
115         .family =               AF_INET6,
116         .solicit =              ndisc_solicit,
117         .error_report =         ndisc_error_report,
118         .output =               neigh_resolve_output,
119         .connected_output =     neigh_resolve_output,
120         .hh_output =            dev_queue_xmit,
121         .queue_xmit =           dev_queue_xmit,
122 };
123
124
125 static const struct neigh_ops ndisc_direct_ops = {
126         .family =               AF_INET6,
127         .output =               dev_queue_xmit,
128         .connected_output =     dev_queue_xmit,
129         .hh_output =            dev_queue_xmit,
130         .queue_xmit =           dev_queue_xmit,
131 };
132
133 struct neigh_table nd_tbl = {
134         .family =       AF_INET6,
135         .entry_size =   sizeof(struct neighbour) + sizeof(struct in6_addr),
136         .key_len =      sizeof(struct in6_addr),
137         .hash =         ndisc_hash,
138         .constructor =  ndisc_constructor,
139         .pconstructor = pndisc_constructor,
140         .pdestructor =  pndisc_destructor,
141         .proxy_redo =   pndisc_redo,
142         .id =           "ndisc_cache",
143         .parms = {
144                 .tbl =                  &nd_tbl,
145                 .base_reachable_time =  30 * HZ,
146                 .retrans_time =  1 * HZ,
147                 .gc_staletime = 60 * HZ,
148                 .reachable_time =               30 * HZ,
149                 .delay_probe_time =      5 * HZ,
150                 .queue_len =             3,
151                 .ucast_probes =  3,
152                 .mcast_probes =  3,
153                 .anycast_delay =         1 * HZ,
154                 .proxy_delay =          (8 * HZ) / 10,
155                 .proxy_qlen =           64,
156         },
157         .gc_interval =    30 * HZ,
158         .gc_thresh1 =    128,
159         .gc_thresh2 =    512,
160         .gc_thresh3 =   1024,
161 };
162
163 /* ND options */
164 struct ndisc_options {
165         struct nd_opt_hdr *nd_opt_array[__ND_OPT_ARRAY_MAX];
166 #ifdef CONFIG_IPV6_ROUTE_INFO
167         struct nd_opt_hdr *nd_opts_ri;
168         struct nd_opt_hdr *nd_opts_ri_end;
169 #endif
170         struct nd_opt_hdr *nd_useropts;
171         struct nd_opt_hdr *nd_useropts_end;
172 };
173
174 #define nd_opts_src_lladdr      nd_opt_array[ND_OPT_SOURCE_LL_ADDR]
175 #define nd_opts_tgt_lladdr      nd_opt_array[ND_OPT_TARGET_LL_ADDR]
176 #define nd_opts_pi              nd_opt_array[ND_OPT_PREFIX_INFO]
177 #define nd_opts_pi_end          nd_opt_array[__ND_OPT_PREFIX_INFO_END]
178 #define nd_opts_rh              nd_opt_array[ND_OPT_REDIRECT_HDR]
179 #define nd_opts_mtu             nd_opt_array[ND_OPT_MTU]
180
181 #define NDISC_OPT_SPACE(len) (((len)+2+7)&~7)
182
183 /*
184  * Return the padding between the option length and the start of the
185  * link addr.  Currently only IP-over-InfiniBand needs this, although
186  * if RFC 3831 IPv6-over-Fibre Channel is ever implemented it may
187  * also need a pad of 2.
188  */
189 static int ndisc_addr_option_pad(unsigned short type)
190 {
191         switch (type) {
192         case ARPHRD_INFINIBAND: return 2;
193         default:                return 0;
194         }
195 }
196
197 static inline int ndisc_opt_addr_space(struct net_device *dev)
198 {
199         return NDISC_OPT_SPACE(dev->addr_len + ndisc_addr_option_pad(dev->type));
200 }
201
202 static u8 *ndisc_fill_addr_option(u8 *opt, int type, void *data, int data_len,
203                                   unsigned short addr_type)
204 {
205         int space = NDISC_OPT_SPACE(data_len);
206         int pad   = ndisc_addr_option_pad(addr_type);
207
208         opt[0] = type;
209         opt[1] = space>>3;
210
211         memset(opt + 2, 0, pad);
212         opt   += pad;
213         space -= pad;
214
215         memcpy(opt+2, data, data_len);
216         data_len += 2;
217         opt += data_len;
218         if ((space -= data_len) > 0)
219                 memset(opt, 0, space);
220         return opt + space;
221 }
222
223 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
224                                             struct nd_opt_hdr *end)
225 {
226         int type;
227         if (!cur || !end || cur >= end)
228                 return NULL;
229         type = cur->nd_opt_type;
230         do {
231                 cur = ((void *)cur) + (cur->nd_opt_len << 3);
232         } while(cur < end && cur->nd_opt_type != type);
233         return cur <= end && cur->nd_opt_type == type ? cur : NULL;
234 }
235
236 static inline int ndisc_is_useropt(struct nd_opt_hdr *opt)
237 {
238         return opt->nd_opt_type == ND_OPT_RDNSS;
239 }
240
241 static struct nd_opt_hdr *ndisc_next_useropt(struct nd_opt_hdr *cur,
242                                              struct nd_opt_hdr *end)
243 {
244         if (!cur || !end || cur >= end)
245                 return NULL;
246         do {
247                 cur = ((void *)cur) + (cur->nd_opt_len << 3);
248         } while(cur < end && !ndisc_is_useropt(cur));
249         return cur <= end && ndisc_is_useropt(cur) ? cur : NULL;
250 }
251
252 static struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
253                                                  struct ndisc_options *ndopts)
254 {
255         struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
256
257         if (!nd_opt || opt_len < 0 || !ndopts)
258                 return NULL;
259         memset(ndopts, 0, sizeof(*ndopts));
260         while (opt_len) {
261                 int l;
262                 if (opt_len < sizeof(struct nd_opt_hdr))
263                         return NULL;
264                 l = nd_opt->nd_opt_len << 3;
265                 if (opt_len < l || l == 0)
266                         return NULL;
267                 switch (nd_opt->nd_opt_type) {
268                 case ND_OPT_SOURCE_LL_ADDR:
269                 case ND_OPT_TARGET_LL_ADDR:
270                 case ND_OPT_MTU:
271                 case ND_OPT_REDIRECT_HDR:
272                         if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
273                                 ND_PRINTK2(KERN_WARNING
274                                            "%s(): duplicated ND6 option found: type=%d\n",
275                                            __func__,
276                                            nd_opt->nd_opt_type);
277                         } else {
278                                 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
279                         }
280                         break;
281                 case ND_OPT_PREFIX_INFO:
282                         ndopts->nd_opts_pi_end = nd_opt;
283                         if (!ndopts->nd_opt_array[nd_opt->nd_opt_type])
284                                 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
285                         break;
286 #ifdef CONFIG_IPV6_ROUTE_INFO
287                 case ND_OPT_ROUTE_INFO:
288                         ndopts->nd_opts_ri_end = nd_opt;
289                         if (!ndopts->nd_opts_ri)
290                                 ndopts->nd_opts_ri = nd_opt;
291                         break;
292 #endif
293                 default:
294                         if (ndisc_is_useropt(nd_opt)) {
295                                 ndopts->nd_useropts_end = nd_opt;
296                                 if (!ndopts->nd_useropts)
297                                         ndopts->nd_useropts = nd_opt;
298                         } else {
299                                 /*
300                                  * Unknown options must be silently ignored,
301                                  * to accommodate future extension to the
302                                  * protocol.
303                                  */
304                                 ND_PRINTK2(KERN_NOTICE
305                                            "%s(): ignored unsupported option; type=%d, len=%d\n",
306                                            __func__,
307                                            nd_opt->nd_opt_type, nd_opt->nd_opt_len);
308                         }
309                 }
310                 opt_len -= l;
311                 nd_opt = ((void *)nd_opt) + l;
312         }
313         return ndopts;
314 }
315
316 static inline u8 *ndisc_opt_addr_data(struct nd_opt_hdr *p,
317                                       struct net_device *dev)
318 {
319         u8 *lladdr = (u8 *)(p + 1);
320         int lladdrlen = p->nd_opt_len << 3;
321         int prepad = ndisc_addr_option_pad(dev->type);
322         if (lladdrlen != NDISC_OPT_SPACE(dev->addr_len + prepad))
323                 return NULL;
324         return lladdr + prepad;
325 }
326
327 int ndisc_mc_map(struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
328 {
329         switch (dev->type) {
330         case ARPHRD_ETHER:
331         case ARPHRD_IEEE802:    /* Not sure. Check it later. --ANK */
332         case ARPHRD_FDDI:
333                 ipv6_eth_mc_map(addr, buf);
334                 return 0;
335         case ARPHRD_IEEE802_TR:
336                 ipv6_tr_mc_map(addr,buf);
337                 return 0;
338         case ARPHRD_ARCNET:
339                 ipv6_arcnet_mc_map(addr, buf);
340                 return 0;
341         case ARPHRD_INFINIBAND:
342                 ipv6_ib_mc_map(addr, dev->broadcast, buf);
343                 return 0;
344         default:
345                 if (dir) {
346                         memcpy(buf, dev->broadcast, dev->addr_len);
347                         return 0;
348                 }
349         }
350         return -EINVAL;
351 }
352
353 EXPORT_SYMBOL(ndisc_mc_map);
354
355 static u32 ndisc_hash(const void *pkey,
356                       const struct net_device *dev,
357                       __u32 hash_rnd)
358 {
359         const u32 *p32 = pkey;
360         u32 addr_hash, i;
361
362         addr_hash = 0;
363         for (i = 0; i < (sizeof(struct in6_addr) / sizeof(u32)); i++)
364                 addr_hash ^= *p32++;
365
366         return jhash_2words(addr_hash, dev->ifindex, hash_rnd);
367 }
368
369 static int ndisc_constructor(struct neighbour *neigh)
370 {
371         struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key;
372         struct net_device *dev = neigh->dev;
373         struct inet6_dev *in6_dev;
374         struct neigh_parms *parms;
375         int is_multicast = ipv6_addr_is_multicast(addr);
376
377         rcu_read_lock();
378         in6_dev = in6_dev_get(dev);
379         if (in6_dev == NULL) {
380                 rcu_read_unlock();
381                 return -EINVAL;
382         }
383
384         parms = in6_dev->nd_parms;
385         __neigh_parms_put(neigh->parms);
386         neigh->parms = neigh_parms_clone(parms);
387         rcu_read_unlock();
388
389         neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
390         if (!dev->header_ops) {
391                 neigh->nud_state = NUD_NOARP;
392                 neigh->ops = &ndisc_direct_ops;
393                 neigh->output = neigh->ops->queue_xmit;
394         } else {
395                 if (is_multicast) {
396                         neigh->nud_state = NUD_NOARP;
397                         ndisc_mc_map(addr, neigh->ha, dev, 1);
398                 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
399                         neigh->nud_state = NUD_NOARP;
400                         memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
401                         if (dev->flags&IFF_LOOPBACK)
402                                 neigh->type = RTN_LOCAL;
403                 } else if (dev->flags&IFF_POINTOPOINT) {
404                         neigh->nud_state = NUD_NOARP;
405                         memcpy(neigh->ha, dev->broadcast, dev->addr_len);
406                 }
407                 if (dev->header_ops->cache)
408                         neigh->ops = &ndisc_hh_ops;
409                 else
410                         neigh->ops = &ndisc_generic_ops;
411                 if (neigh->nud_state&NUD_VALID)
412                         neigh->output = neigh->ops->connected_output;
413                 else
414                         neigh->output = neigh->ops->output;
415         }
416         in6_dev_put(in6_dev);
417         return 0;
418 }
419
420 static int pndisc_constructor(struct pneigh_entry *n)
421 {
422         struct in6_addr *addr = (struct in6_addr*)&n->key;
423         struct in6_addr maddr;
424         struct net_device *dev = n->dev;
425
426         if (dev == NULL || __in6_dev_get(dev) == NULL)
427                 return -EINVAL;
428         addrconf_addr_solict_mult(addr, &maddr);
429         ipv6_dev_mc_inc(dev, &maddr);
430         return 0;
431 }
432
433 static void pndisc_destructor(struct pneigh_entry *n)
434 {
435         struct in6_addr *addr = (struct in6_addr*)&n->key;
436         struct in6_addr maddr;
437         struct net_device *dev = n->dev;
438
439         if (dev == NULL || __in6_dev_get(dev) == NULL)
440                 return;
441         addrconf_addr_solict_mult(addr, &maddr);
442         ipv6_dev_mc_dec(dev, &maddr);
443 }
444
445 struct sk_buff *ndisc_build_skb(struct net_device *dev,
446                                 const struct in6_addr *daddr,
447                                 const struct in6_addr *saddr,
448                                 struct icmp6hdr *icmp6h,
449                                 const struct in6_addr *target,
450                                 int llinfo)
451 {
452         struct net *net = dev_net(dev);
453         struct sock *sk = net->ipv6.ndisc_sk;
454         struct sk_buff *skb;
455         struct icmp6hdr *hdr;
456         int len;
457         int err;
458         u8 *opt;
459
460         if (!dev->addr_len)
461                 llinfo = 0;
462
463         len = sizeof(struct icmp6hdr) + (target ? sizeof(*target) : 0);
464         if (llinfo)
465                 len += ndisc_opt_addr_space(dev);
466
467         skb = sock_alloc_send_skb(sk,
468                                   (MAX_HEADER + sizeof(struct ipv6hdr) +
469                                    len + LL_ALLOCATED_SPACE(dev)),
470                                   1, &err);
471         if (!skb) {
472                 ND_PRINTK0(KERN_ERR
473                            "ICMPv6 ND: %s() failed to allocate an skb, err=%d.\n",
474                            __func__, err);
475                 return NULL;
476         }
477
478         skb_reserve(skb, LL_RESERVED_SPACE(dev));
479         ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len);
480
481         skb->transport_header = skb->tail;
482         skb_put(skb, len);
483
484         hdr = (struct icmp6hdr *)skb_transport_header(skb);
485         memcpy(hdr, icmp6h, sizeof(*hdr));
486
487         opt = skb_transport_header(skb) + sizeof(struct icmp6hdr);
488         if (target) {
489                 ipv6_addr_copy((struct in6_addr *)opt, target);
490                 opt += sizeof(*target);
491         }
492
493         if (llinfo)
494                 ndisc_fill_addr_option(opt, llinfo, dev->dev_addr,
495                                        dev->addr_len, dev->type);
496
497         hdr->icmp6_cksum = csum_ipv6_magic(saddr, daddr, len,
498                                            IPPROTO_ICMPV6,
499                                            csum_partial(hdr,
500                                                         len, 0));
501
502         return skb;
503 }
504
505 EXPORT_SYMBOL(ndisc_build_skb);
506
507 void ndisc_send_skb(struct sk_buff *skb,
508                     struct net_device *dev,
509                     struct neighbour *neigh,
510                     const struct in6_addr *daddr,
511                     const struct in6_addr *saddr,
512                     struct icmp6hdr *icmp6h)
513 {
514         struct flowi fl;
515         struct dst_entry *dst;
516         struct net *net = dev_net(dev);
517         struct sock *sk = net->ipv6.ndisc_sk;
518         struct inet6_dev *idev;
519         int err;
520         u8 type;
521
522         type = icmp6h->icmp6_type;
523
524         icmpv6_flow_init(sk, &fl, type, saddr, daddr, dev->ifindex);
525
526         dst = icmp6_dst_alloc(dev, neigh, daddr);
527         if (!dst) {
528                 kfree_skb(skb);
529                 return;
530         }
531
532         err = xfrm_lookup(net, &dst, &fl, NULL, 0);
533         if (err < 0) {
534                 kfree_skb(skb);
535                 return;
536         }
537
538         skb_dst_set(skb, dst);
539
540         idev = in6_dev_get(dst->dev);
541         IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
542
543         err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev,
544                       dst_output);
545         if (!err) {
546                 ICMP6MSGOUT_INC_STATS(net, idev, type);
547                 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
548         }
549
550         if (likely(idev != NULL))
551                 in6_dev_put(idev);
552 }
553
554 EXPORT_SYMBOL(ndisc_send_skb);
555
556 /*
557  *      Send a Neighbour Discover packet
558  */
559 static void __ndisc_send(struct net_device *dev,
560                          struct neighbour *neigh,
561                          const struct in6_addr *daddr,
562                          const struct in6_addr *saddr,
563                          struct icmp6hdr *icmp6h, const struct in6_addr *target,
564                          int llinfo)
565 {
566         struct sk_buff *skb;
567
568         skb = ndisc_build_skb(dev, daddr, saddr, icmp6h, target, llinfo);
569         if (!skb)
570                 return;
571
572         ndisc_send_skb(skb, dev, neigh, daddr, saddr, icmp6h);
573 }
574
575 static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
576                           const struct in6_addr *daddr,
577                           const struct in6_addr *solicited_addr,
578                           int router, int solicited, int override, int inc_opt)
579 {
580         struct in6_addr tmpaddr;
581         struct inet6_ifaddr *ifp;
582         const struct in6_addr *src_addr;
583         struct icmp6hdr icmp6h = {
584                 .icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT,
585         };
586
587         /* for anycast or proxy, solicited_addr != src_addr */
588         ifp = ipv6_get_ifaddr(dev_net(dev), solicited_addr, dev, 1);
589         if (ifp) {
590                 src_addr = solicited_addr;
591                 if (ifp->flags & IFA_F_OPTIMISTIC)
592                         override = 0;
593                 inc_opt |= ifp->idev->cnf.force_tllao;
594                 in6_ifa_put(ifp);
595         } else {
596                 if (ipv6_dev_get_saddr(dev_net(dev), dev, daddr,
597                                        inet6_sk(dev_net(dev)->ipv6.ndisc_sk)->srcprefs,
598                                        &tmpaddr))
599                         return;
600                 src_addr = &tmpaddr;
601         }
602
603         icmp6h.icmp6_router = router;
604         icmp6h.icmp6_solicited = solicited;
605         icmp6h.icmp6_override = override;
606
607         __ndisc_send(dev, neigh, daddr, src_addr,
608                      &icmp6h, solicited_addr,
609                      inc_opt ? ND_OPT_TARGET_LL_ADDR : 0);
610 }
611
612 void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh,
613                    const struct in6_addr *solicit,
614                    const struct in6_addr *daddr, const struct in6_addr *saddr)
615 {
616         struct in6_addr addr_buf;
617         struct icmp6hdr icmp6h = {
618                 .icmp6_type = NDISC_NEIGHBOUR_SOLICITATION,
619         };
620
621         if (saddr == NULL) {
622                 if (ipv6_get_lladdr(dev, &addr_buf,
623                                    (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)))
624                         return;
625                 saddr = &addr_buf;
626         }
627
628         __ndisc_send(dev, neigh, daddr, saddr,
629                      &icmp6h, solicit,
630                      !ipv6_addr_any(saddr) ? ND_OPT_SOURCE_LL_ADDR : 0);
631 }
632
633 void ndisc_send_rs(struct net_device *dev, const struct in6_addr *saddr,
634                    const struct in6_addr *daddr)
635 {
636         struct icmp6hdr icmp6h = {
637                 .icmp6_type = NDISC_ROUTER_SOLICITATION,
638         };
639         int send_sllao = dev->addr_len;
640
641 #ifdef CONFIG_IPV6_OPTIMISTIC_DAD
642         /*
643          * According to section 2.2 of RFC 4429, we must not
644          * send router solicitations with a sllao from
645          * optimistic addresses, but we may send the solicitation
646          * if we don't include the sllao.  So here we check
647          * if our address is optimistic, and if so, we
648          * suppress the inclusion of the sllao.
649          */
650         if (send_sllao) {
651                 struct inet6_ifaddr *ifp = ipv6_get_ifaddr(dev_net(dev), saddr,
652                                                            dev, 1);
653                 if (ifp) {
654                         if (ifp->flags & IFA_F_OPTIMISTIC)  {
655                                 send_sllao = 0;
656                         }
657                         in6_ifa_put(ifp);
658                 } else {
659                         send_sllao = 0;
660                 }
661         }
662 #endif
663         __ndisc_send(dev, NULL, daddr, saddr,
664                      &icmp6h, NULL,
665                      send_sllao ? ND_OPT_SOURCE_LL_ADDR : 0);
666 }
667
668
669 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
670 {
671         /*
672          *      "The sender MUST return an ICMP
673          *       destination unreachable"
674          */
675         dst_link_failure(skb);
676         kfree_skb(skb);
677 }
678
679 /* Called with locked neigh: either read or both */
680
681 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
682 {
683         struct in6_addr *saddr = NULL;
684         struct in6_addr mcaddr;
685         struct net_device *dev = neigh->dev;
686         struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
687         int probes = atomic_read(&neigh->probes);
688
689         if (skb && ipv6_chk_addr(dev_net(dev), &ipv6_hdr(skb)->saddr, dev, 1))
690                 saddr = &ipv6_hdr(skb)->saddr;
691
692         if ((probes -= neigh->parms->ucast_probes) < 0) {
693                 if (!(neigh->nud_state & NUD_VALID)) {
694                         ND_PRINTK1(KERN_DEBUG "%s(): trying to ucast probe in NUD_INVALID: %pI6\n",
695                                    __func__, target);
696                 }
697                 ndisc_send_ns(dev, neigh, target, target, saddr);
698         } else if ((probes -= neigh->parms->app_probes) < 0) {
699 #ifdef CONFIG_ARPD
700                 neigh_app_ns(neigh);
701 #endif
702         } else {
703                 addrconf_addr_solict_mult(target, &mcaddr);
704                 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr);
705         }
706 }
707
708 static int pndisc_is_router(const void *pkey,
709                             struct net_device *dev)
710 {
711         struct pneigh_entry *n;
712         int ret = -1;
713
714         read_lock_bh(&nd_tbl.lock);
715         n = __pneigh_lookup(&nd_tbl, dev_net(dev), pkey, dev);
716         if (n)
717                 ret = !!(n->flags & NTF_ROUTER);
718         read_unlock_bh(&nd_tbl.lock);
719
720         return ret;
721 }
722
723 static void ndisc_recv_ns(struct sk_buff *skb)
724 {
725         struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
726         struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
727         struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
728         u8 *lladdr = NULL;
729         u32 ndoptlen = skb->tail - (skb->transport_header +
730                                     offsetof(struct nd_msg, opt));
731         struct ndisc_options ndopts;
732         struct net_device *dev = skb->dev;
733         struct inet6_ifaddr *ifp;
734         struct inet6_dev *idev = NULL;
735         struct neighbour *neigh;
736         int dad = ipv6_addr_any(saddr);
737         int inc;
738         int is_router = -1;
739
740         if (ipv6_addr_is_multicast(&msg->target)) {
741                 ND_PRINTK2(KERN_WARNING
742                            "ICMPv6 NS: multicast target address");
743                 return;
744         }
745
746         /*
747          * RFC2461 7.1.1:
748          * DAD has to be destined for solicited node multicast address.
749          */
750         if (dad &&
751             !(daddr->s6_addr32[0] == htonl(0xff020000) &&
752               daddr->s6_addr32[1] == htonl(0x00000000) &&
753               daddr->s6_addr32[2] == htonl(0x00000001) &&
754               daddr->s6_addr [12] == 0xff )) {
755                 ND_PRINTK2(KERN_WARNING
756                            "ICMPv6 NS: bad DAD packet (wrong destination)\n");
757                 return;
758         }
759
760         if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
761                 ND_PRINTK2(KERN_WARNING
762                            "ICMPv6 NS: invalid ND options\n");
763                 return;
764         }
765
766         if (ndopts.nd_opts_src_lladdr) {
767                 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr, dev);
768                 if (!lladdr) {
769                         ND_PRINTK2(KERN_WARNING
770                                    "ICMPv6 NS: invalid link-layer address length\n");
771                         return;
772                 }
773
774                 /* RFC2461 7.1.1:
775                  *      If the IP source address is the unspecified address,
776                  *      there MUST NOT be source link-layer address option
777                  *      in the message.
778                  */
779                 if (dad) {
780                         ND_PRINTK2(KERN_WARNING
781                                    "ICMPv6 NS: bad DAD packet (link-layer address option)\n");
782                         return;
783                 }
784         }
785
786         inc = ipv6_addr_is_multicast(daddr);
787
788         ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
789         if (ifp) {
790
791                 if (ifp->flags & (IFA_F_TENTATIVE|IFA_F_OPTIMISTIC)) {
792                         if (dad) {
793                                 if (dev->type == ARPHRD_IEEE802_TR) {
794                                         const unsigned char *sadr;
795                                         sadr = skb_mac_header(skb);
796                                         if (((sadr[8] ^ dev->dev_addr[0]) & 0x7f) == 0 &&
797                                             sadr[9] == dev->dev_addr[1] &&
798                                             sadr[10] == dev->dev_addr[2] &&
799                                             sadr[11] == dev->dev_addr[3] &&
800                                             sadr[12] == dev->dev_addr[4] &&
801                                             sadr[13] == dev->dev_addr[5]) {
802                                                 /* looped-back to us */
803                                                 goto out;
804                                         }
805                                 }
806
807                                 /*
808                                  * We are colliding with another node
809                                  * who is doing DAD
810                                  * so fail our DAD process
811                                  */
812                                 addrconf_dad_failure(ifp);
813                                 return;
814                         } else {
815                                 /*
816                                  * This is not a dad solicitation.
817                                  * If we are an optimistic node,
818                                  * we should respond.
819                                  * Otherwise, we should ignore it.
820                                  */
821                                 if (!(ifp->flags & IFA_F_OPTIMISTIC))
822                                         goto out;
823                         }
824                 }
825
826                 idev = ifp->idev;
827         } else {
828                 struct net *net = dev_net(dev);
829
830                 idev = in6_dev_get(dev);
831                 if (!idev) {
832                         /* XXX: count this drop? */
833                         return;
834                 }
835
836                 if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
837                     (idev->cnf.forwarding &&
838                      (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
839                      (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
840                         if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
841                             skb->pkt_type != PACKET_HOST &&
842                             inc != 0 &&
843                             idev->nd_parms->proxy_delay != 0) {
844                                 /*
845                                  * for anycast or proxy,
846                                  * sender should delay its response
847                                  * by a random time between 0 and
848                                  * MAX_ANYCAST_DELAY_TIME seconds.
849                                  * (RFC2461) -- yoshfuji
850                                  */
851                                 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
852                                 if (n)
853                                         pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
854                                 goto out;
855                         }
856                 } else
857                         goto out;
858         }
859
860         if (is_router < 0)
861                 is_router = !!idev->cnf.forwarding;
862
863         if (dad) {
864                 ndisc_send_na(dev, NULL, &in6addr_linklocal_allnodes, &msg->target,
865                               is_router, 0, (ifp != NULL), 1);
866                 goto out;
867         }
868
869         if (inc)
870                 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
871         else
872                 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
873
874         /*
875          *      update / create cache entry
876          *      for the source address
877          */
878         neigh = __neigh_lookup(&nd_tbl, saddr, dev,
879                                !inc || lladdr || !dev->addr_len);
880         if (neigh)
881                 neigh_update(neigh, lladdr, NUD_STALE,
882                              NEIGH_UPDATE_F_WEAK_OVERRIDE|
883                              NEIGH_UPDATE_F_OVERRIDE);
884         if (neigh || !dev->header_ops) {
885                 ndisc_send_na(dev, neigh, saddr, &msg->target,
886                               is_router,
887                               1, (ifp != NULL && inc), inc);
888                 if (neigh)
889                         neigh_release(neigh);
890         }
891
892 out:
893         if (ifp)
894                 in6_ifa_put(ifp);
895         else
896                 in6_dev_put(idev);
897 }
898
899 static void ndisc_recv_na(struct sk_buff *skb)
900 {
901         struct nd_msg *msg = (struct nd_msg *)skb_transport_header(skb);
902         struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
903         struct in6_addr *daddr = &ipv6_hdr(skb)->daddr;
904         u8 *lladdr = NULL;
905         u32 ndoptlen = skb->tail - (skb->transport_header +
906                                     offsetof(struct nd_msg, opt));
907         struct ndisc_options ndopts;
908         struct net_device *dev = skb->dev;
909         struct inet6_ifaddr *ifp;
910         struct neighbour *neigh;
911
912         if (skb->len < sizeof(struct nd_msg)) {
913                 ND_PRINTK2(KERN_WARNING
914                            "ICMPv6 NA: packet too short\n");
915                 return;
916         }
917
918         if (ipv6_addr_is_multicast(&msg->target)) {
919                 ND_PRINTK2(KERN_WARNING
920                            "ICMPv6 NA: target address is multicast.\n");
921                 return;
922         }
923
924         if (ipv6_addr_is_multicast(daddr) &&
925             msg->icmph.icmp6_solicited) {
926                 ND_PRINTK2(KERN_WARNING
927                            "ICMPv6 NA: solicited NA is multicasted.\n");
928                 return;
929         }
930
931         if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
932                 ND_PRINTK2(KERN_WARNING
933                            "ICMPv6 NS: invalid ND option\n");
934                 return;
935         }
936         if (ndopts.nd_opts_tgt_lladdr) {
937                 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr, dev);
938                 if (!lladdr) {
939                         ND_PRINTK2(KERN_WARNING
940                                    "ICMPv6 NA: invalid link-layer address length\n");
941                         return;
942                 }
943         }
944         ifp = ipv6_get_ifaddr(dev_net(dev), &msg->target, dev, 1);
945         if (ifp) {
946                 if (ifp->flags & IFA_F_TENTATIVE) {
947                         addrconf_dad_failure(ifp);
948                         return;
949                 }
950                 /* What should we make now? The advertisement
951                    is invalid, but ndisc specs say nothing
952                    about it. It could be misconfiguration, or
953                    an smart proxy agent tries to help us :-)
954
955                    We should not print the error if NA has been
956                    received from loopback - it is just our own
957                    unsolicited advertisement.
958                  */
959                 if (skb->pkt_type != PACKET_LOOPBACK)
960                         ND_PRINTK1(KERN_WARNING
961                            "ICMPv6 NA: someone advertises our address %pI6 on %s!\n",
962                            &ifp->addr, ifp->idev->dev->name);
963                 in6_ifa_put(ifp);
964                 return;
965         }
966         neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
967
968         if (neigh) {
969                 u8 old_flags = neigh->flags;
970                 struct net *net = dev_net(dev);
971
972                 if (neigh->nud_state & NUD_FAILED)
973                         goto out;
974
975                 /*
976                  * Don't update the neighbor cache entry on a proxy NA from
977                  * ourselves because either the proxied node is off link or it
978                  * has already sent a NA to us.
979                  */
980                 if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
981                     net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp &&
982                     pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
983                         /* XXX: idev->cnf.prixy_ndp */
984                         goto out;
985                 }
986
987                 neigh_update(neigh, lladdr,
988                              msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
989                              NEIGH_UPDATE_F_WEAK_OVERRIDE|
990                              (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
991                              NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
992                              (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0));
993
994                 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
995                         /*
996                          * Change: router to host
997                          */
998                         struct rt6_info *rt;
999                         rt = rt6_get_dflt_router(saddr, dev);
1000                         if (rt)
1001                                 ip6_del_rt(rt);
1002                 }
1003
1004 out:
1005                 neigh_release(neigh);
1006         }
1007 }
1008
1009 static void ndisc_recv_rs(struct sk_buff *skb)
1010 {
1011         struct rs_msg *rs_msg = (struct rs_msg *)skb_transport_header(skb);
1012         unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
1013         struct neighbour *neigh;
1014         struct inet6_dev *idev;
1015         struct in6_addr *saddr = &ipv6_hdr(skb)->saddr;
1016         struct ndisc_options ndopts;
1017         u8 *lladdr = NULL;
1018
1019         if (skb->len < sizeof(*rs_msg))
1020                 return;
1021
1022         idev = in6_dev_get(skb->dev);
1023         if (!idev) {
1024                 if (net_ratelimit())
1025                         ND_PRINTK1("ICMP6 RS: can't find in6 device\n");
1026                 return;
1027         }
1028
1029         /* Don't accept RS if we're not in router mode */
1030         if (!idev->cnf.forwarding)
1031                 goto out;
1032
1033         /*
1034          * Don't update NCE if src = ::;
1035          * this implies that the source node has no ip address assigned yet.
1036          */
1037         if (ipv6_addr_any(saddr))
1038                 goto out;
1039
1040         /* Parse ND options */
1041         if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) {
1042                 if (net_ratelimit())
1043                         ND_PRINTK2("ICMP6 NS: invalid ND option, ignored\n");
1044                 goto out;
1045         }
1046
1047         if (ndopts.nd_opts_src_lladdr) {
1048                 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1049                                              skb->dev);
1050                 if (!lladdr)
1051                         goto out;
1052         }
1053
1054         neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1055         if (neigh) {
1056                 neigh_update(neigh, lladdr, NUD_STALE,
1057                              NEIGH_UPDATE_F_WEAK_OVERRIDE|
1058                              NEIGH_UPDATE_F_OVERRIDE|
1059                              NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
1060                 neigh_release(neigh);
1061         }
1062 out:
1063         in6_dev_put(idev);
1064 }
1065
1066 static void ndisc_ra_useropt(struct sk_buff *ra, struct nd_opt_hdr *opt)
1067 {
1068         struct icmp6hdr *icmp6h = (struct icmp6hdr *)skb_transport_header(ra);
1069         struct sk_buff *skb;
1070         struct nlmsghdr *nlh;
1071         struct nduseroptmsg *ndmsg;
1072         struct net *net = dev_net(ra->dev);
1073         int err;
1074         int base_size = NLMSG_ALIGN(sizeof(struct nduseroptmsg)
1075                                     + (opt->nd_opt_len << 3));
1076         size_t msg_size = base_size + nla_total_size(sizeof(struct in6_addr));
1077
1078         skb = nlmsg_new(msg_size, GFP_ATOMIC);
1079         if (skb == NULL) {
1080                 err = -ENOBUFS;
1081                 goto errout;
1082         }
1083
1084         nlh = nlmsg_put(skb, 0, 0, RTM_NEWNDUSEROPT, base_size, 0);
1085         if (nlh == NULL) {
1086                 goto nla_put_failure;
1087         }
1088
1089         ndmsg = nlmsg_data(nlh);
1090         ndmsg->nduseropt_family = AF_INET6;
1091         ndmsg->nduseropt_ifindex = ra->dev->ifindex;
1092         ndmsg->nduseropt_icmp_type = icmp6h->icmp6_type;
1093         ndmsg->nduseropt_icmp_code = icmp6h->icmp6_code;
1094         ndmsg->nduseropt_opts_len = opt->nd_opt_len << 3;
1095
1096         memcpy(ndmsg + 1, opt, opt->nd_opt_len << 3);
1097
1098         NLA_PUT(skb, NDUSEROPT_SRCADDR, sizeof(struct in6_addr),
1099                 &ipv6_hdr(ra)->saddr);
1100         nlmsg_end(skb, nlh);
1101
1102         rtnl_notify(skb, net, 0, RTNLGRP_ND_USEROPT, NULL, GFP_ATOMIC);
1103         return;
1104
1105 nla_put_failure:
1106         nlmsg_free(skb);
1107         err = -EMSGSIZE;
1108 errout:
1109         rtnl_set_sk_err(net, RTNLGRP_ND_USEROPT, err);
1110 }
1111
1112 static inline int accept_ra(struct inet6_dev *in6_dev)
1113 {
1114         /*
1115          * If forwarding is enabled, RA are not accepted unless the special
1116          * hybrid mode (accept_ra=2) is enabled.
1117          */
1118         if (in6_dev->cnf.forwarding && in6_dev->cnf.accept_ra < 2)
1119                 return 0;
1120
1121         return in6_dev->cnf.accept_ra;
1122 }
1123
1124 static void ndisc_router_discovery(struct sk_buff *skb)
1125 {
1126         struct ra_msg *ra_msg = (struct ra_msg *)skb_transport_header(skb);
1127         struct neighbour *neigh = NULL;
1128         struct inet6_dev *in6_dev;
1129         struct rt6_info *rt = NULL;
1130         int lifetime;
1131         struct ndisc_options ndopts;
1132         int optlen;
1133         unsigned int pref = 0;
1134
1135         __u8 * opt = (__u8 *)(ra_msg + 1);
1136
1137         optlen = (skb->tail - skb->transport_header) - sizeof(struct ra_msg);
1138
1139         if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1140                 ND_PRINTK2(KERN_WARNING
1141                            "ICMPv6 RA: source address is not link-local.\n");
1142                 return;
1143         }
1144         if (optlen < 0) {
1145                 ND_PRINTK2(KERN_WARNING
1146                            "ICMPv6 RA: packet too short\n");
1147                 return;
1148         }
1149
1150 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1151         if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1152                 ND_PRINTK2(KERN_WARNING
1153                            "ICMPv6 RA: from host or unauthorized router\n");
1154                 return;
1155         }
1156 #endif
1157
1158         /*
1159          *      set the RA_RECV flag in the interface
1160          */
1161
1162         in6_dev = in6_dev_get(skb->dev);
1163         if (in6_dev == NULL) {
1164                 ND_PRINTK0(KERN_ERR
1165                            "ICMPv6 RA: can't find inet6 device for %s.\n",
1166                            skb->dev->name);
1167                 return;
1168         }
1169
1170         if (!ndisc_parse_options(opt, optlen, &ndopts)) {
1171                 in6_dev_put(in6_dev);
1172                 ND_PRINTK2(KERN_WARNING
1173                            "ICMP6 RA: invalid ND options\n");
1174                 return;
1175         }
1176
1177         if (!accept_ra(in6_dev))
1178                 goto skip_linkparms;
1179
1180 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1181         /* skip link-specific parameters from interior routers */
1182         if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1183                 goto skip_linkparms;
1184 #endif
1185
1186         if (in6_dev->if_flags & IF_RS_SENT) {
1187                 /*
1188                  *      flag that an RA was received after an RS was sent
1189                  *      out on this interface.
1190                  */
1191                 in6_dev->if_flags |= IF_RA_RCVD;
1192         }
1193
1194         /*
1195          * Remember the managed/otherconf flags from most recently
1196          * received RA message (RFC 2462) -- yoshfuji
1197          */
1198         in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1199                                 IF_RA_OTHERCONF)) |
1200                                 (ra_msg->icmph.icmp6_addrconf_managed ?
1201                                         IF_RA_MANAGED : 0) |
1202                                 (ra_msg->icmph.icmp6_addrconf_other ?
1203                                         IF_RA_OTHERCONF : 0);
1204
1205         if (!in6_dev->cnf.accept_ra_defrtr)
1206                 goto skip_defrtr;
1207
1208         lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1209
1210 #ifdef CONFIG_IPV6_ROUTER_PREF
1211         pref = ra_msg->icmph.icmp6_router_pref;
1212         /* 10b is handled as if it were 00b (medium) */
1213         if (pref == ICMPV6_ROUTER_PREF_INVALID ||
1214             !in6_dev->cnf.accept_ra_rtr_pref)
1215                 pref = ICMPV6_ROUTER_PREF_MEDIUM;
1216 #endif
1217
1218         rt = rt6_get_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev);
1219
1220         if (rt)
1221                 neigh = rt->rt6i_nexthop;
1222
1223         if (rt && lifetime == 0) {
1224                 neigh_clone(neigh);
1225                 ip6_del_rt(rt);
1226                 rt = NULL;
1227         }
1228
1229         if (rt == NULL && lifetime) {
1230                 ND_PRINTK3(KERN_DEBUG
1231                            "ICMPv6 RA: adding default router.\n");
1232
1233                 rt = rt6_add_dflt_router(&ipv6_hdr(skb)->saddr, skb->dev, pref);
1234                 if (rt == NULL) {
1235                         ND_PRINTK0(KERN_ERR
1236                                    "ICMPv6 RA: %s() failed to add default route.\n",
1237                                    __func__);
1238                         in6_dev_put(in6_dev);
1239                         return;
1240                 }
1241
1242                 neigh = rt->rt6i_nexthop;
1243                 if (neigh == NULL) {
1244                         ND_PRINTK0(KERN_ERR
1245                                    "ICMPv6 RA: %s() got default router without neighbour.\n",
1246                                    __func__);
1247                         dst_release(&rt->dst);
1248                         in6_dev_put(in6_dev);
1249                         return;
1250                 }
1251                 neigh->flags |= NTF_ROUTER;
1252         } else if (rt) {
1253                 rt->rt6i_flags = (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
1254         }
1255
1256         if (rt)
1257                 rt->rt6i_expires = jiffies + (HZ * lifetime);
1258
1259         if (ra_msg->icmph.icmp6_hop_limit) {
1260                 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1261                 if (rt)
1262                         rt->dst.metrics[RTAX_HOPLIMIT-1] = ra_msg->icmph.icmp6_hop_limit;
1263         }
1264
1265 skip_defrtr:
1266
1267         /*
1268          *      Update Reachable Time and Retrans Timer
1269          */
1270
1271         if (in6_dev->nd_parms) {
1272                 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1273
1274                 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1275                         rtime = (rtime*HZ)/1000;
1276                         if (rtime < HZ/10)
1277                                 rtime = HZ/10;
1278                         in6_dev->nd_parms->retrans_time = rtime;
1279                         in6_dev->tstamp = jiffies;
1280                         inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1281                 }
1282
1283                 rtime = ntohl(ra_msg->reachable_time);
1284                 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1285                         rtime = (rtime*HZ)/1000;
1286
1287                         if (rtime < HZ/10)
1288                                 rtime = HZ/10;
1289
1290                         if (rtime != in6_dev->nd_parms->base_reachable_time) {
1291                                 in6_dev->nd_parms->base_reachable_time = rtime;
1292                                 in6_dev->nd_parms->gc_staletime = 3 * rtime;
1293                                 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1294                                 in6_dev->tstamp = jiffies;
1295                                 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1296                         }
1297                 }
1298         }
1299
1300 skip_linkparms:
1301
1302         /*
1303          *      Process options.
1304          */
1305
1306         if (!neigh)
1307                 neigh = __neigh_lookup(&nd_tbl, &ipv6_hdr(skb)->saddr,
1308                                        skb->dev, 1);
1309         if (neigh) {
1310                 u8 *lladdr = NULL;
1311                 if (ndopts.nd_opts_src_lladdr) {
1312                         lladdr = ndisc_opt_addr_data(ndopts.nd_opts_src_lladdr,
1313                                                      skb->dev);
1314                         if (!lladdr) {
1315                                 ND_PRINTK2(KERN_WARNING
1316                                            "ICMPv6 RA: invalid link-layer address length\n");
1317                                 goto out;
1318                         }
1319                 }
1320                 neigh_update(neigh, lladdr, NUD_STALE,
1321                              NEIGH_UPDATE_F_WEAK_OVERRIDE|
1322                              NEIGH_UPDATE_F_OVERRIDE|
1323                              NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1324                              NEIGH_UPDATE_F_ISROUTER);
1325         }
1326
1327         if (!accept_ra(in6_dev))
1328                 goto out;
1329
1330 #ifdef CONFIG_IPV6_ROUTE_INFO
1331         if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
1332                 struct nd_opt_hdr *p;
1333                 for (p = ndopts.nd_opts_ri;
1334                      p;
1335                      p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
1336                         struct route_info *ri = (struct route_info *)p;
1337 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1338                         if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT &&
1339                             ri->prefix_len == 0)
1340                                 continue;
1341 #endif
1342                         if (ri->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
1343                                 continue;
1344                         rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3,
1345                                       &ipv6_hdr(skb)->saddr);
1346                 }
1347         }
1348 #endif
1349
1350 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1351         /* skip link-specific ndopts from interior routers */
1352         if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1353                 goto out;
1354 #endif
1355
1356         if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1357                 struct nd_opt_hdr *p;
1358                 for (p = ndopts.nd_opts_pi;
1359                      p;
1360                      p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1361                         addrconf_prefix_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3);
1362                 }
1363         }
1364
1365         if (ndopts.nd_opts_mtu) {
1366                 __be32 n;
1367                 u32 mtu;
1368
1369                 memcpy(&n, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1370                 mtu = ntohl(n);
1371
1372                 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1373                         ND_PRINTK2(KERN_WARNING
1374                                    "ICMPv6 RA: invalid mtu: %d\n",
1375                                    mtu);
1376                 } else if (in6_dev->cnf.mtu6 != mtu) {
1377                         in6_dev->cnf.mtu6 = mtu;
1378
1379                         if (rt)
1380                                 rt->dst.metrics[RTAX_MTU-1] = mtu;
1381
1382                         rt6_mtu_change(skb->dev, mtu);
1383                 }
1384         }
1385
1386         if (ndopts.nd_useropts) {
1387                 struct nd_opt_hdr *p;
1388                 for (p = ndopts.nd_useropts;
1389                      p;
1390                      p = ndisc_next_useropt(p, ndopts.nd_useropts_end)) {
1391                         ndisc_ra_useropt(skb, p);
1392                 }
1393         }
1394
1395         if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1396                 ND_PRINTK2(KERN_WARNING
1397                            "ICMPv6 RA: invalid RA options");
1398         }
1399 out:
1400         if (rt)
1401                 dst_release(&rt->dst);
1402         else if (neigh)
1403                 neigh_release(neigh);
1404         in6_dev_put(in6_dev);
1405 }
1406
1407 static void ndisc_redirect_rcv(struct sk_buff *skb)
1408 {
1409         struct inet6_dev *in6_dev;
1410         struct icmp6hdr *icmph;
1411         struct in6_addr *dest;
1412         struct in6_addr *target;        /* new first hop to destination */
1413         struct neighbour *neigh;
1414         int on_link = 0;
1415         struct ndisc_options ndopts;
1416         int optlen;
1417         u8 *lladdr = NULL;
1418
1419 #ifdef CONFIG_IPV6_NDISC_NODETYPE
1420         switch (skb->ndisc_nodetype) {
1421         case NDISC_NODETYPE_HOST:
1422         case NDISC_NODETYPE_NODEFAULT:
1423                 ND_PRINTK2(KERN_WARNING
1424                            "ICMPv6 Redirect: from host or unauthorized router\n");
1425                 return;
1426         }
1427 #endif
1428
1429         if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1430                 ND_PRINTK2(KERN_WARNING
1431                            "ICMPv6 Redirect: source address is not link-local.\n");
1432                 return;
1433         }
1434
1435         optlen = skb->tail - skb->transport_header;
1436         optlen -= sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1437
1438         if (optlen < 0) {
1439                 ND_PRINTK2(KERN_WARNING
1440                            "ICMPv6 Redirect: packet too short\n");
1441                 return;
1442         }
1443
1444         icmph = icmp6_hdr(skb);
1445         target = (struct in6_addr *) (icmph + 1);
1446         dest = target + 1;
1447
1448         if (ipv6_addr_is_multicast(dest)) {
1449                 ND_PRINTK2(KERN_WARNING
1450                            "ICMPv6 Redirect: destination address is multicast.\n");
1451                 return;
1452         }
1453
1454         if (ipv6_addr_equal(dest, target)) {
1455                 on_link = 1;
1456         } else if (ipv6_addr_type(target) !=
1457                    (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1458                 ND_PRINTK2(KERN_WARNING
1459                            "ICMPv6 Redirect: target address is not link-local unicast.\n");
1460                 return;
1461         }
1462
1463         in6_dev = in6_dev_get(skb->dev);
1464         if (!in6_dev)
1465                 return;
1466         if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects) {
1467                 in6_dev_put(in6_dev);
1468                 return;
1469         }
1470
1471         /* RFC2461 8.1:
1472          *      The IP source address of the Redirect MUST be the same as the current
1473          *      first-hop router for the specified ICMP Destination Address.
1474          */
1475
1476         if (!ndisc_parse_options((u8*)(dest + 1), optlen, &ndopts)) {
1477                 ND_PRINTK2(KERN_WARNING
1478                            "ICMPv6 Redirect: invalid ND options\n");
1479                 in6_dev_put(in6_dev);
1480                 return;
1481         }
1482         if (ndopts.nd_opts_tgt_lladdr) {
1483                 lladdr = ndisc_opt_addr_data(ndopts.nd_opts_tgt_lladdr,
1484                                              skb->dev);
1485                 if (!lladdr) {
1486                         ND_PRINTK2(KERN_WARNING
1487                                    "ICMPv6 Redirect: invalid link-layer address length\n");
1488                         in6_dev_put(in6_dev);
1489                         return;
1490                 }
1491         }
1492
1493         neigh = __neigh_lookup(&nd_tbl, target, skb->dev, 1);
1494         if (neigh) {
1495                 rt6_redirect(dest, &ipv6_hdr(skb)->daddr,
1496                              &ipv6_hdr(skb)->saddr, neigh, lladdr,
1497                              on_link);
1498                 neigh_release(neigh);
1499         }
1500         in6_dev_put(in6_dev);
1501 }
1502
1503 void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh,
1504                          const struct in6_addr *target)
1505 {
1506         struct net_device *dev = skb->dev;
1507         struct net *net = dev_net(dev);
1508         struct sock *sk = net->ipv6.ndisc_sk;
1509         int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1510         struct sk_buff *buff;
1511         struct icmp6hdr *icmph;
1512         struct in6_addr saddr_buf;
1513         struct in6_addr *addrp;
1514         struct rt6_info *rt;
1515         struct dst_entry *dst;
1516         struct inet6_dev *idev;
1517         struct flowi fl;
1518         u8 *opt;
1519         int rd_len;
1520         int err;
1521         u8 ha_buf[MAX_ADDR_LEN], *ha = NULL;
1522
1523         if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1524                 ND_PRINTK2(KERN_WARNING
1525                            "ICMPv6 Redirect: no link-local address on %s\n",
1526                            dev->name);
1527                 return;
1528         }
1529
1530         if (!ipv6_addr_equal(&ipv6_hdr(skb)->daddr, target) &&
1531             ipv6_addr_type(target) != (IPV6_ADDR_UNICAST|IPV6_ADDR_LINKLOCAL)) {
1532                 ND_PRINTK2(KERN_WARNING
1533                         "ICMPv6 Redirect: target address is not link-local unicast.\n");
1534                 return;
1535         }
1536
1537         icmpv6_flow_init(sk, &fl, NDISC_REDIRECT,
1538                          &saddr_buf, &ipv6_hdr(skb)->saddr, dev->ifindex);
1539
1540         dst = ip6_route_output(net, NULL, &fl);
1541         if (dst == NULL)
1542                 return;
1543
1544         err = xfrm_lookup(net, &dst, &fl, NULL, 0);
1545         if (err)
1546                 return;
1547
1548         rt = (struct rt6_info *) dst;
1549
1550         if (rt->rt6i_flags & RTF_GATEWAY) {
1551                 ND_PRINTK2(KERN_WARNING
1552                            "ICMPv6 Redirect: destination is not a neighbour.\n");
1553                 goto release;
1554         }
1555         if (!xrlim_allow(dst, 1*HZ))
1556                 goto release;
1557
1558         if (dev->addr_len) {
1559                 read_lock_bh(&neigh->lock);
1560                 if (neigh->nud_state & NUD_VALID) {
1561                         memcpy(ha_buf, neigh->ha, dev->addr_len);
1562                         read_unlock_bh(&neigh->lock);
1563                         ha = ha_buf;
1564                         len += ndisc_opt_addr_space(dev);
1565                 } else
1566                         read_unlock_bh(&neigh->lock);
1567         }
1568
1569         rd_len = min_t(unsigned int,
1570                      IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8);
1571         rd_len &= ~0x7;
1572         len += rd_len;
1573
1574         buff = sock_alloc_send_skb(sk,
1575                                    (MAX_HEADER + sizeof(struct ipv6hdr) +
1576                                     len + LL_ALLOCATED_SPACE(dev)),
1577                                    1, &err);
1578         if (buff == NULL) {
1579                 ND_PRINTK0(KERN_ERR
1580                            "ICMPv6 Redirect: %s() failed to allocate an skb, err=%d.\n",
1581                            __func__, err);
1582                 goto release;
1583         }
1584
1585         skb_reserve(buff, LL_RESERVED_SPACE(dev));
1586         ip6_nd_hdr(sk, buff, dev, &saddr_buf, &ipv6_hdr(skb)->saddr,
1587                    IPPROTO_ICMPV6, len);
1588
1589         skb_set_transport_header(buff, skb_tail_pointer(buff) - buff->data);
1590         skb_put(buff, len);
1591         icmph = icmp6_hdr(buff);
1592
1593         memset(icmph, 0, sizeof(struct icmp6hdr));
1594         icmph->icmp6_type = NDISC_REDIRECT;
1595
1596         /*
1597          *      copy target and destination addresses
1598          */
1599
1600         addrp = (struct in6_addr *)(icmph + 1);
1601         ipv6_addr_copy(addrp, target);
1602         addrp++;
1603         ipv6_addr_copy(addrp, &ipv6_hdr(skb)->daddr);
1604
1605         opt = (u8*) (addrp + 1);
1606
1607         /*
1608          *      include target_address option
1609          */
1610
1611         if (ha)
1612                 opt = ndisc_fill_addr_option(opt, ND_OPT_TARGET_LL_ADDR, ha,
1613                                              dev->addr_len, dev->type);
1614
1615         /*
1616          *      build redirect option and copy skb over to the new packet.
1617          */
1618
1619         memset(opt, 0, 8);
1620         *(opt++) = ND_OPT_REDIRECT_HDR;
1621         *(opt++) = (rd_len >> 3);
1622         opt += 6;
1623
1624         memcpy(opt, ipv6_hdr(skb), rd_len - 8);
1625
1626         icmph->icmp6_cksum = csum_ipv6_magic(&saddr_buf, &ipv6_hdr(skb)->saddr,
1627                                              len, IPPROTO_ICMPV6,
1628                                              csum_partial(icmph, len, 0));
1629
1630         skb_dst_set(buff, dst);
1631         idev = in6_dev_get(dst->dev);
1632         IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
1633         err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, buff, NULL, dst->dev,
1634                       dst_output);
1635         if (!err) {
1636                 ICMP6MSGOUT_INC_STATS(net, idev, NDISC_REDIRECT);
1637                 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);
1638         }
1639
1640         if (likely(idev != NULL))
1641                 in6_dev_put(idev);
1642         return;
1643
1644 release:
1645         dst_release(dst);
1646 }
1647
1648 static void pndisc_redo(struct sk_buff *skb)
1649 {
1650         ndisc_recv_ns(skb);
1651         kfree_skb(skb);
1652 }
1653
1654 int ndisc_rcv(struct sk_buff *skb)
1655 {
1656         struct nd_msg *msg;
1657
1658         if (!pskb_may_pull(skb, skb->len))
1659                 return 0;
1660
1661         msg = (struct nd_msg *)skb_transport_header(skb);
1662
1663         __skb_push(skb, skb->data - skb_transport_header(skb));
1664
1665         if (ipv6_hdr(skb)->hop_limit != 255) {
1666                 ND_PRINTK2(KERN_WARNING
1667                            "ICMPv6 NDISC: invalid hop-limit: %d\n",
1668                            ipv6_hdr(skb)->hop_limit);
1669                 return 0;
1670         }
1671
1672         if (msg->icmph.icmp6_code != 0) {
1673                 ND_PRINTK2(KERN_WARNING
1674                            "ICMPv6 NDISC: invalid ICMPv6 code: %d\n",
1675                            msg->icmph.icmp6_code);
1676                 return 0;
1677         }
1678
1679         memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
1680
1681         switch (msg->icmph.icmp6_type) {
1682         case NDISC_NEIGHBOUR_SOLICITATION:
1683                 ndisc_recv_ns(skb);
1684                 break;
1685
1686         case NDISC_NEIGHBOUR_ADVERTISEMENT:
1687                 ndisc_recv_na(skb);
1688                 break;
1689
1690         case NDISC_ROUTER_SOLICITATION:
1691                 ndisc_recv_rs(skb);
1692                 break;
1693
1694         case NDISC_ROUTER_ADVERTISEMENT:
1695                 ndisc_router_discovery(skb);
1696                 break;
1697
1698         case NDISC_REDIRECT:
1699                 ndisc_redirect_rcv(skb);
1700                 break;
1701         }
1702
1703         return 0;
1704 }
1705
1706 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1707 {
1708         struct net_device *dev = ptr;
1709         struct net *net = dev_net(dev);
1710
1711         switch (event) {
1712         case NETDEV_CHANGEADDR:
1713                 neigh_changeaddr(&nd_tbl, dev);
1714                 fib6_run_gc(~0UL, net);
1715                 break;
1716         case NETDEV_DOWN:
1717                 neigh_ifdown(&nd_tbl, dev);
1718                 fib6_run_gc(~0UL, net);
1719                 break;
1720         default:
1721                 break;
1722         }
1723
1724         return NOTIFY_DONE;
1725 }
1726
1727 static struct notifier_block ndisc_netdev_notifier = {
1728         .notifier_call = ndisc_netdev_event,
1729 };
1730
1731 #ifdef CONFIG_SYSCTL
1732 static void ndisc_warn_deprecated_sysctl(struct ctl_table *ctl,
1733                                          const char *func, const char *dev_name)
1734 {
1735         static char warncomm[TASK_COMM_LEN];
1736         static int warned;
1737         if (strcmp(warncomm, current->comm) && warned < 5) {
1738                 strcpy(warncomm, current->comm);
1739                 printk(KERN_WARNING
1740                         "process `%s' is using deprecated sysctl (%s) "
1741                         "net.ipv6.neigh.%s.%s; "
1742                         "Use net.ipv6.neigh.%s.%s_ms "
1743                         "instead.\n",
1744                         warncomm, func,
1745                         dev_name, ctl->procname,
1746                         dev_name, ctl->procname);
1747                 warned++;
1748         }
1749 }
1750
1751 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos)
1752 {
1753         struct net_device *dev = ctl->extra1;
1754         struct inet6_dev *idev;
1755         int ret;
1756
1757         if ((strcmp(ctl->procname, "retrans_time") == 0) ||
1758             (strcmp(ctl->procname, "base_reachable_time") == 0))
1759                 ndisc_warn_deprecated_sysctl(ctl, "syscall", dev ? dev->name : "default");
1760
1761         if (strcmp(ctl->procname, "retrans_time") == 0)
1762                 ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
1763
1764         else if (strcmp(ctl->procname, "base_reachable_time") == 0)
1765                 ret = proc_dointvec_jiffies(ctl, write,
1766                                             buffer, lenp, ppos);
1767
1768         else if ((strcmp(ctl->procname, "retrans_time_ms") == 0) ||
1769                  (strcmp(ctl->procname, "base_reachable_time_ms") == 0))
1770                 ret = proc_dointvec_ms_jiffies(ctl, write,
1771                                                buffer, lenp, ppos);
1772         else
1773                 ret = -1;
1774
1775         if (write && ret == 0 && dev && (idev = in6_dev_get(dev)) != NULL) {
1776                 if (ctl->data == &idev->nd_parms->base_reachable_time)
1777                         idev->nd_parms->reachable_time = neigh_rand_reach_time(idev->nd_parms->base_reachable_time);
1778                 idev->tstamp = jiffies;
1779                 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1780                 in6_dev_put(idev);
1781         }
1782         return ret;
1783 }
1784
1785
1786 #endif
1787
1788 static int __net_init ndisc_net_init(struct net *net)
1789 {
1790         struct ipv6_pinfo *np;
1791         struct sock *sk;
1792         int err;
1793
1794         err = inet_ctl_sock_create(&sk, PF_INET6,
1795                                    SOCK_RAW, IPPROTO_ICMPV6, net);
1796         if (err < 0) {
1797                 ND_PRINTK0(KERN_ERR
1798                            "ICMPv6 NDISC: Failed to initialize the control socket (err %d).\n",
1799                            err);
1800                 return err;
1801         }
1802
1803         net->ipv6.ndisc_sk = sk;
1804
1805         np = inet6_sk(sk);
1806         np->hop_limit = 255;
1807         /* Do not loopback ndisc messages */
1808         np->mc_loop = 0;
1809
1810         return 0;
1811 }
1812
1813 static void __net_exit ndisc_net_exit(struct net *net)
1814 {
1815         inet_ctl_sock_destroy(net->ipv6.ndisc_sk);
1816 }
1817
1818 static struct pernet_operations ndisc_net_ops = {
1819         .init = ndisc_net_init,
1820         .exit = ndisc_net_exit,
1821 };
1822
1823 int __init ndisc_init(void)
1824 {
1825         int err;
1826
1827         err = register_pernet_subsys(&ndisc_net_ops);
1828         if (err)
1829                 return err;
1830         /*
1831          * Initialize the neighbour table
1832          */
1833         neigh_table_init(&nd_tbl);
1834
1835 #ifdef CONFIG_SYSCTL
1836         err = neigh_sysctl_register(NULL, &nd_tbl.parms, "ipv6",
1837                                     &ndisc_ifinfo_sysctl_change);
1838         if (err)
1839                 goto out_unregister_pernet;
1840 #endif
1841         err = register_netdevice_notifier(&ndisc_netdev_notifier);
1842         if (err)
1843                 goto out_unregister_sysctl;
1844 out:
1845         return err;
1846
1847 out_unregister_sysctl:
1848 #ifdef CONFIG_SYSCTL
1849         neigh_sysctl_unregister(&nd_tbl.parms);
1850 out_unregister_pernet:
1851 #endif
1852         unregister_pernet_subsys(&ndisc_net_ops);
1853         goto out;
1854 }
1855
1856 void ndisc_cleanup(void)
1857 {
1858         unregister_netdevice_notifier(&ndisc_netdev_notifier);
1859 #ifdef CONFIG_SYSCTL
1860         neigh_sysctl_unregister(&nd_tbl.parms);
1861 #endif
1862         neigh_table_clear(&nd_tbl);
1863         unregister_pernet_subsys(&ndisc_net_ops);
1864 }