2 * Neighbour Discovery for IPv6
3 * Linux INET6 implementation
6 * Pedro Roque <roque@di.fc.ul.pt>
7 * Mike Shaver <shaver@ingenia.com>
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version
12 * 2 of the License, or (at your option) any later version.
18 * Lars Fenneberg : fixed MTU setting on receipt
21 * Janos Farkas : kmalloc failure checks
22 * Alexey Kuznetsov : state machine reworked
23 * and moved to net/core.
24 * Pekka Savola : RFC2461 validation
25 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly
28 /* Set to 3 to get tracing... */
31 #define ND_PRINTK(fmt, args...) do { if (net_ratelimit()) { printk(fmt, ## args); } } while(0)
32 #define ND_NOPRINTK(x...) do { ; } while(0)
33 #define ND_PRINTK0 ND_PRINTK
34 #define ND_PRINTK1 ND_NOPRINTK
35 #define ND_PRINTK2 ND_NOPRINTK
36 #define ND_PRINTK3 ND_NOPRINTK
39 #define ND_PRINTK1 ND_PRINTK
43 #define ND_PRINTK2 ND_PRINTK
47 #define ND_PRINTK3 ND_PRINTK
50 #include <linux/module.h>
51 #include <linux/config.h>
52 #include <linux/errno.h>
53 #include <linux/types.h>
54 #include <linux/socket.h>
55 #include <linux/sockios.h>
56 #include <linux/sched.h>
57 #include <linux/net.h>
58 #include <linux/in6.h>
59 #include <linux/route.h>
60 #include <linux/init.h>
61 #include <linux/rcupdate.h>
63 #include <linux/sysctl.h>
66 #include <linux/if_arp.h>
67 #include <linux/ipv6.h>
68 #include <linux/icmpv6.h>
69 #include <linux/jhash.h>
75 #include <net/protocol.h>
76 #include <net/ndisc.h>
77 #include <net/ip6_route.h>
78 #include <net/addrconf.h>
82 #include <net/ip6_checksum.h>
83 #include <linux/proc_fs.h>
85 #include <linux/netfilter.h>
86 #include <linux/netfilter_ipv6.h>
88 static struct socket *ndisc_socket;
90 static u32 ndisc_hash(const void *pkey, const struct net_device *dev);
91 static int ndisc_constructor(struct neighbour *neigh);
92 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
93 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
94 static int pndisc_constructor(struct pneigh_entry *n);
95 static void pndisc_destructor(struct pneigh_entry *n);
96 static void pndisc_redo(struct sk_buff *skb);
98 static struct neigh_ops ndisc_generic_ops = {
100 .solicit = ndisc_solicit,
101 .error_report = ndisc_error_report,
102 .output = neigh_resolve_output,
103 .connected_output = neigh_connected_output,
104 .hh_output = dev_queue_xmit,
105 .queue_xmit = dev_queue_xmit,
108 static struct neigh_ops ndisc_hh_ops = {
110 .solicit = ndisc_solicit,
111 .error_report = ndisc_error_report,
112 .output = neigh_resolve_output,
113 .connected_output = neigh_resolve_output,
114 .hh_output = dev_queue_xmit,
115 .queue_xmit = dev_queue_xmit,
119 static struct neigh_ops ndisc_direct_ops = {
121 .output = dev_queue_xmit,
122 .connected_output = dev_queue_xmit,
123 .hh_output = dev_queue_xmit,
124 .queue_xmit = dev_queue_xmit,
127 struct neigh_table nd_tbl = {
129 .entry_size = sizeof(struct neighbour) + sizeof(struct in6_addr),
130 .key_len = sizeof(struct in6_addr),
132 .constructor = ndisc_constructor,
133 .pconstructor = pndisc_constructor,
134 .pdestructor = pndisc_destructor,
135 .proxy_redo = pndisc_redo,
139 .base_reachable_time = 30 * HZ,
140 .retrans_time = 1 * HZ,
141 .gc_staletime = 60 * HZ,
142 .reachable_time = 30 * HZ,
143 .delay_probe_time = 5 * HZ,
147 .anycast_delay = 1 * HZ,
148 .proxy_delay = (8 * HZ) / 10,
151 .gc_interval = 30 * HZ,
158 struct ndisc_options {
159 struct nd_opt_hdr *nd_opt_array[7];
160 struct nd_opt_hdr *nd_opt_piend;
163 #define nd_opts_src_lladdr nd_opt_array[ND_OPT_SOURCE_LL_ADDR]
164 #define nd_opts_tgt_lladdr nd_opt_array[ND_OPT_TARGET_LL_ADDR]
165 #define nd_opts_pi nd_opt_array[ND_OPT_PREFIX_INFO]
166 #define nd_opts_pi_end nd_opt_piend
167 #define nd_opts_rh nd_opt_array[ND_OPT_REDIRECT_HDR]
168 #define nd_opts_mtu nd_opt_array[ND_OPT_MTU]
170 #define NDISC_OPT_SPACE(len) (((len)+2+7)&~7)
173 * Return the padding between the option length and the start of the
174 * link addr. Currently only IP-over-InfiniBand needs this, although
175 * if RFC 3831 IPv6-over-Fibre Channel is ever implemented it may
176 * also need a pad of 2.
178 static int ndisc_addr_option_pad(unsigned short type)
181 case ARPHRD_INFINIBAND: return 2;
186 static u8 *ndisc_fill_addr_option(u8 *opt, int type, void *data, int data_len,
187 unsigned short addr_type)
189 int space = NDISC_OPT_SPACE(data_len);
190 int pad = ndisc_addr_option_pad(addr_type);
195 memset(opt + 2, 0, pad);
199 memcpy(opt+2, data, data_len);
202 if ((space -= data_len) > 0)
203 memset(opt, 0, space);
207 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
208 struct nd_opt_hdr *end)
211 if (!cur || !end || cur >= end)
213 type = cur->nd_opt_type;
215 cur = ((void *)cur) + (cur->nd_opt_len << 3);
216 } while(cur < end && cur->nd_opt_type != type);
217 return (cur <= end && cur->nd_opt_type == type ? cur : NULL);
220 static struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
221 struct ndisc_options *ndopts)
223 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
225 if (!nd_opt || opt_len < 0 || !ndopts)
227 memset(ndopts, 0, sizeof(*ndopts));
230 if (opt_len < sizeof(struct nd_opt_hdr))
232 l = nd_opt->nd_opt_len << 3;
233 if (opt_len < l || l == 0)
235 switch (nd_opt->nd_opt_type) {
236 case ND_OPT_SOURCE_LL_ADDR:
237 case ND_OPT_TARGET_LL_ADDR:
239 case ND_OPT_REDIRECT_HDR:
240 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
241 ND_PRINTK2(KERN_WARNING
242 "%s(): duplicated ND6 option found: type=%d\n",
244 nd_opt->nd_opt_type);
246 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
249 case ND_OPT_PREFIX_INFO:
250 ndopts->nd_opts_pi_end = nd_opt;
251 if (ndopts->nd_opt_array[nd_opt->nd_opt_type] == 0)
252 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
256 * Unknown options must be silently ignored,
257 * to accommodate future extension to the protocol.
259 ND_PRINTK2(KERN_NOTICE
260 "%s(): ignored unsupported option; type=%d, len=%d\n",
262 nd_opt->nd_opt_type, nd_opt->nd_opt_len);
265 nd_opt = ((void *)nd_opt) + l;
270 int ndisc_mc_map(struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
274 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */
276 ipv6_eth_mc_map(addr, buf);
278 case ARPHRD_IEEE802_TR:
279 ipv6_tr_mc_map(addr,buf);
282 ipv6_arcnet_mc_map(addr, buf);
284 case ARPHRD_INFINIBAND:
285 ipv6_ib_mc_map(addr, buf);
289 memcpy(buf, dev->broadcast, dev->addr_len);
296 static u32 ndisc_hash(const void *pkey, const struct net_device *dev)
298 const u32 *p32 = pkey;
302 for (i = 0; i < (sizeof(struct in6_addr) / sizeof(u32)); i++)
305 return jhash_2words(addr_hash, dev->ifindex, nd_tbl.hash_rnd);
308 static int ndisc_constructor(struct neighbour *neigh)
310 struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key;
311 struct net_device *dev = neigh->dev;
312 struct inet6_dev *in6_dev;
313 struct neigh_parms *parms;
314 int is_multicast = ipv6_addr_is_multicast(addr);
317 in6_dev = in6_dev_get(dev);
318 if (in6_dev == NULL) {
323 parms = in6_dev->nd_parms;
324 __neigh_parms_put(neigh->parms);
325 neigh->parms = neigh_parms_clone(parms);
328 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
329 if (dev->hard_header == NULL) {
330 neigh->nud_state = NUD_NOARP;
331 neigh->ops = &ndisc_direct_ops;
332 neigh->output = neigh->ops->queue_xmit;
335 neigh->nud_state = NUD_NOARP;
336 ndisc_mc_map(addr, neigh->ha, dev, 1);
337 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
338 neigh->nud_state = NUD_NOARP;
339 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
340 if (dev->flags&IFF_LOOPBACK)
341 neigh->type = RTN_LOCAL;
342 } else if (dev->flags&IFF_POINTOPOINT) {
343 neigh->nud_state = NUD_NOARP;
344 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
346 if (dev->hard_header_cache)
347 neigh->ops = &ndisc_hh_ops;
349 neigh->ops = &ndisc_generic_ops;
350 if (neigh->nud_state&NUD_VALID)
351 neigh->output = neigh->ops->connected_output;
353 neigh->output = neigh->ops->output;
355 in6_dev_put(in6_dev);
359 static int pndisc_constructor(struct pneigh_entry *n)
361 struct in6_addr *addr = (struct in6_addr*)&n->key;
362 struct in6_addr maddr;
363 struct net_device *dev = n->dev;
365 if (dev == NULL || __in6_dev_get(dev) == NULL)
367 addrconf_addr_solict_mult(addr, &maddr);
368 ipv6_dev_mc_inc(dev, &maddr);
372 static void pndisc_destructor(struct pneigh_entry *n)
374 struct in6_addr *addr = (struct in6_addr*)&n->key;
375 struct in6_addr maddr;
376 struct net_device *dev = n->dev;
378 if (dev == NULL || __in6_dev_get(dev) == NULL)
380 addrconf_addr_solict_mult(addr, &maddr);
381 ipv6_dev_mc_dec(dev, &maddr);
385 * Send a Neighbour Advertisement
388 static inline void ndisc_flow_init(struct flowi *fl, u8 type,
389 struct in6_addr *saddr, struct in6_addr *daddr)
391 memset(fl, 0, sizeof(*fl));
392 ipv6_addr_copy(&fl->fl6_src, saddr);
393 ipv6_addr_copy(&fl->fl6_dst, daddr);
394 fl->proto = IPPROTO_ICMPV6;
395 fl->fl_icmp_type = type;
396 fl->fl_icmp_code = 0;
399 static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
400 struct in6_addr *daddr, struct in6_addr *solicited_addr,
401 int router, int solicited, int override, int inc_opt)
403 struct in6_addr tmpaddr;
404 struct inet6_ifaddr *ifp;
405 struct inet6_dev *idev;
407 struct dst_entry* dst;
408 struct sock *sk = ndisc_socket->sk;
409 struct in6_addr *src_addr;
415 len = sizeof(struct icmp6hdr) + sizeof(struct in6_addr);
417 /* for anycast or proxy, solicited_addr != src_addr */
418 ifp = ipv6_get_ifaddr(solicited_addr, dev, 1);
420 src_addr = solicited_addr;
423 if (ipv6_dev_get_saddr(dev, daddr, &tmpaddr))
428 ndisc_flow_init(&fl, NDISC_NEIGHBOUR_ADVERTISEMENT, src_addr, daddr);
430 dst = ndisc_dst_alloc(dev, neigh, daddr, ip6_output);
434 err = xfrm_lookup(&dst, &fl, NULL, 0);
442 len += NDISC_OPT_SPACE(dev->addr_len);
447 skb = sock_alloc_send_skb(sk, MAX_HEADER + len + LL_RESERVED_SPACE(dev),
452 "ICMPv6 NA: %s() failed to allocate an skb.\n",
458 skb_reserve(skb, LL_RESERVED_SPACE(dev));
459 ip6_nd_hdr(sk, skb, dev, src_addr, daddr, IPPROTO_ICMPV6, len);
461 msg = (struct nd_msg *)skb_put(skb, len);
462 skb->h.raw = (unsigned char*)msg;
464 msg->icmph.icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT;
465 msg->icmph.icmp6_code = 0;
466 msg->icmph.icmp6_cksum = 0;
468 msg->icmph.icmp6_unused = 0;
469 msg->icmph.icmp6_router = router;
470 msg->icmph.icmp6_solicited = solicited;
471 msg->icmph.icmp6_override = !!override;
473 /* Set the target address. */
474 ipv6_addr_copy(&msg->target, solicited_addr);
477 ndisc_fill_addr_option(msg->opt, ND_OPT_TARGET_LL_ADDR, dev->dev_addr,
478 dev->addr_len, dev->type);
481 msg->icmph.icmp6_cksum = csum_ipv6_magic(src_addr, daddr, len,
483 csum_partial((__u8 *) msg,
487 idev = in6_dev_get(dst->dev);
488 IP6_INC_STATS(IPSTATS_MIB_OUTREQUESTS);
489 err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, dst_output);
491 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTNEIGHBORADVERTISEMENTS);
492 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS);
495 if (likely(idev != NULL))
499 void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh,
500 struct in6_addr *solicit,
501 struct in6_addr *daddr, struct in6_addr *saddr)
504 struct dst_entry* dst;
505 struct inet6_dev *idev;
506 struct sock *sk = ndisc_socket->sk;
509 struct in6_addr addr_buf;
515 if (ipv6_get_lladdr(dev, &addr_buf))
520 ndisc_flow_init(&fl, NDISC_NEIGHBOUR_SOLICITATION, saddr, daddr);
522 dst = ndisc_dst_alloc(dev, neigh, daddr, ip6_output);
526 err = xfrm_lookup(&dst, &fl, NULL, 0);
532 len = sizeof(struct icmp6hdr) + sizeof(struct in6_addr);
533 send_llinfo = dev->addr_len && !ipv6_addr_any(saddr);
535 len += NDISC_OPT_SPACE(dev->addr_len);
537 skb = sock_alloc_send_skb(sk, MAX_HEADER + len + LL_RESERVED_SPACE(dev),
541 "ICMPv6 NA: %s() failed to allocate an skb.\n",
547 skb_reserve(skb, LL_RESERVED_SPACE(dev));
548 ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len);
550 msg = (struct nd_msg *)skb_put(skb, len);
551 skb->h.raw = (unsigned char*)msg;
552 msg->icmph.icmp6_type = NDISC_NEIGHBOUR_SOLICITATION;
553 msg->icmph.icmp6_code = 0;
554 msg->icmph.icmp6_cksum = 0;
555 msg->icmph.icmp6_unused = 0;
557 /* Set the target address. */
558 ipv6_addr_copy(&msg->target, solicit);
561 ndisc_fill_addr_option(msg->opt, ND_OPT_SOURCE_LL_ADDR, dev->dev_addr,
562 dev->addr_len, dev->type);
565 msg->icmph.icmp6_cksum = csum_ipv6_magic(&skb->nh.ipv6h->saddr,
568 csum_partial((__u8 *) msg,
572 idev = in6_dev_get(dst->dev);
573 IP6_INC_STATS(IPSTATS_MIB_OUTREQUESTS);
574 err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, dst_output);
576 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTNEIGHBORSOLICITS);
577 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS);
580 if (likely(idev != NULL))
584 void ndisc_send_rs(struct net_device *dev, struct in6_addr *saddr,
585 struct in6_addr *daddr)
588 struct dst_entry* dst;
589 struct inet6_dev *idev;
590 struct sock *sk = ndisc_socket->sk;
592 struct icmp6hdr *hdr;
597 ndisc_flow_init(&fl, NDISC_ROUTER_SOLICITATION, saddr, daddr);
599 dst = ndisc_dst_alloc(dev, NULL, daddr, ip6_output);
603 err = xfrm_lookup(&dst, &fl, NULL, 0);
609 len = sizeof(struct icmp6hdr);
611 len += NDISC_OPT_SPACE(dev->addr_len);
613 skb = sock_alloc_send_skb(sk, MAX_HEADER + len + LL_RESERVED_SPACE(dev),
617 "ICMPv6 RS: %s() failed to allocate an skb.\n",
623 skb_reserve(skb, LL_RESERVED_SPACE(dev));
624 ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len);
626 hdr = (struct icmp6hdr *)skb_put(skb, len);
627 skb->h.raw = (unsigned char*)hdr;
628 hdr->icmp6_type = NDISC_ROUTER_SOLICITATION;
630 hdr->icmp6_cksum = 0;
631 hdr->icmp6_unused = 0;
633 opt = (u8*) (hdr + 1);
636 ndisc_fill_addr_option(opt, ND_OPT_SOURCE_LL_ADDR, dev->dev_addr,
637 dev->addr_len, dev->type);
640 hdr->icmp6_cksum = csum_ipv6_magic(&skb->nh.ipv6h->saddr, daddr, len,
642 csum_partial((__u8 *) hdr, len, 0));
646 idev = in6_dev_get(dst->dev);
647 IP6_INC_STATS(IPSTATS_MIB_OUTREQUESTS);
648 err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, dst_output);
650 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTROUTERSOLICITS);
651 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS);
654 if (likely(idev != NULL))
659 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
662 * "The sender MUST return an ICMP
663 * destination unreachable"
665 dst_link_failure(skb);
669 /* Called with locked neigh: either read or both */
671 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
673 struct in6_addr *saddr = NULL;
674 struct in6_addr mcaddr;
675 struct net_device *dev = neigh->dev;
676 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
677 int probes = atomic_read(&neigh->probes);
679 if (skb && ipv6_chk_addr(&skb->nh.ipv6h->saddr, dev, 1))
680 saddr = &skb->nh.ipv6h->saddr;
682 if ((probes -= neigh->parms->ucast_probes) < 0) {
683 if (!(neigh->nud_state & NUD_VALID)) {
684 ND_PRINTK1(KERN_DEBUG
685 "%s(): trying to ucast probe in NUD_INVALID: "
686 "%04x:%04x:%04x:%04x:%04x:%04x:%04x:%04x\n",
690 ndisc_send_ns(dev, neigh, target, target, saddr);
691 } else if ((probes -= neigh->parms->app_probes) < 0) {
696 addrconf_addr_solict_mult(target, &mcaddr);
697 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr);
701 static void ndisc_recv_ns(struct sk_buff *skb)
703 struct nd_msg *msg = (struct nd_msg *)skb->h.raw;
704 struct in6_addr *saddr = &skb->nh.ipv6h->saddr;
705 struct in6_addr *daddr = &skb->nh.ipv6h->daddr;
708 u32 ndoptlen = skb->tail - msg->opt;
709 struct ndisc_options ndopts;
710 struct net_device *dev = skb->dev;
711 struct inet6_ifaddr *ifp;
712 struct inet6_dev *idev = NULL;
713 struct neighbour *neigh;
714 int dad = ipv6_addr_any(saddr);
717 if (ipv6_addr_is_multicast(&msg->target)) {
718 ND_PRINTK2(KERN_WARNING
719 "ICMPv6 NS: multicast target address");
725 * DAD has to be destined for solicited node multicast address.
728 !(daddr->s6_addr32[0] == htonl(0xff020000) &&
729 daddr->s6_addr32[1] == htonl(0x00000000) &&
730 daddr->s6_addr32[2] == htonl(0x00000001) &&
731 daddr->s6_addr [12] == 0xff )) {
732 ND_PRINTK2(KERN_WARNING
733 "ICMPv6 NS: bad DAD packet (wrong destination)\n");
737 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
738 ND_PRINTK2(KERN_WARNING
739 "ICMPv6 NS: invalid ND options\n");
743 if (ndopts.nd_opts_src_lladdr) {
744 lladdr = (u8*)(ndopts.nd_opts_src_lladdr + 1) +
745 ndisc_addr_option_pad(dev->type);
746 lladdrlen = ndopts.nd_opts_src_lladdr->nd_opt_len << 3;
747 if (lladdrlen != NDISC_OPT_SPACE(dev->addr_len)) {
748 ND_PRINTK2(KERN_WARNING
749 "ICMPv6 NS: invalid link-layer address length\n");
754 * If the IP source address is the unspecified address,
755 * there MUST NOT be source link-layer address option
759 ND_PRINTK2(KERN_WARNING
760 "ICMPv6 NS: bad DAD packet (link-layer address option)\n");
765 inc = ipv6_addr_is_multicast(daddr);
767 if ((ifp = ipv6_get_ifaddr(&msg->target, dev, 1)) != NULL) {
768 if (ifp->flags & IFA_F_TENTATIVE) {
769 /* Address is tentative. If the source
770 is unspecified address, it is someone
771 does DAD, otherwise we ignore solicitations
772 until DAD timer expires.
776 if (dev->type == ARPHRD_IEEE802_TR) {
777 unsigned char *sadr = skb->mac.raw;
778 if (((sadr[8] ^ dev->dev_addr[0]) & 0x7f) == 0 &&
779 sadr[9] == dev->dev_addr[1] &&
780 sadr[10] == dev->dev_addr[2] &&
781 sadr[11] == dev->dev_addr[3] &&
782 sadr[12] == dev->dev_addr[4] &&
783 sadr[13] == dev->dev_addr[5]) {
784 /* looped-back to us */
788 addrconf_dad_failure(ifp);
794 idev = in6_dev_get(dev);
796 /* XXX: count this drop? */
800 if (ipv6_chk_acast_addr(dev, &msg->target) ||
801 (idev->cnf.forwarding &&
802 pneigh_lookup(&nd_tbl, &msg->target, dev, 0))) {
803 if (skb->stamp.tv_sec != LOCALLY_ENQUEUED &&
804 skb->pkt_type != PACKET_HOST &&
806 idev->nd_parms->proxy_delay != 0) {
808 * for anycast or proxy,
809 * sender should delay its response
810 * by a random time between 0 and
811 * MAX_ANYCAST_DELAY_TIME seconds.
812 * (RFC2461) -- yoshfuji
814 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
816 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
824 struct in6_addr maddr;
826 ipv6_addr_all_nodes(&maddr);
827 ndisc_send_na(dev, NULL, &maddr, &msg->target,
828 idev->cnf.forwarding, 0, (ifp != NULL), 1);
833 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
835 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
838 * update / create cache entry
839 * for the source address
841 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
842 !inc || lladdr || !dev->addr_len);
844 neigh_update(neigh, lladdr, NUD_STALE,
845 NEIGH_UPDATE_F_WEAK_OVERRIDE|
846 NEIGH_UPDATE_F_OVERRIDE);
847 if (neigh || !dev->hard_header) {
848 ndisc_send_na(dev, neigh, saddr, &msg->target,
849 idev->cnf.forwarding,
850 1, (ifp != NULL && inc), inc);
852 neigh_release(neigh);
864 static void ndisc_recv_na(struct sk_buff *skb)
866 struct nd_msg *msg = (struct nd_msg *)skb->h.raw;
867 struct in6_addr *saddr = &skb->nh.ipv6h->saddr;
868 struct in6_addr *daddr = &skb->nh.ipv6h->daddr;
871 u32 ndoptlen = skb->tail - msg->opt;
872 struct ndisc_options ndopts;
873 struct net_device *dev = skb->dev;
874 struct inet6_ifaddr *ifp;
875 struct neighbour *neigh;
877 if (skb->len < sizeof(struct nd_msg)) {
878 ND_PRINTK2(KERN_WARNING
879 "ICMPv6 NA: packet too short\n");
883 if (ipv6_addr_is_multicast(&msg->target)) {
884 ND_PRINTK2(KERN_WARNING
885 "ICMPv6 NA: target address is multicast.\n");
889 if (ipv6_addr_is_multicast(daddr) &&
890 msg->icmph.icmp6_solicited) {
891 ND_PRINTK2(KERN_WARNING
892 "ICMPv6 NA: solicited NA is multicasted.\n");
896 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
897 ND_PRINTK2(KERN_WARNING
898 "ICMPv6 NS: invalid ND option\n");
901 if (ndopts.nd_opts_tgt_lladdr) {
902 lladdr = (u8*)(ndopts.nd_opts_tgt_lladdr + 1) +
903 ndisc_addr_option_pad(dev->type);
904 lladdrlen = ndopts.nd_opts_tgt_lladdr->nd_opt_len << 3;
905 if (lladdrlen != NDISC_OPT_SPACE(dev->addr_len)) {
906 ND_PRINTK2(KERN_WARNING
907 "ICMPv6 NA: invalid link-layer address length\n");
911 if ((ifp = ipv6_get_ifaddr(&msg->target, dev, 1))) {
912 if (ifp->flags & IFA_F_TENTATIVE) {
913 addrconf_dad_failure(ifp);
916 /* What should we make now? The advertisement
917 is invalid, but ndisc specs say nothing
918 about it. It could be misconfiguration, or
919 an smart proxy agent tries to help us :-)
921 ND_PRINTK1(KERN_WARNING
922 "ICMPv6 NA: someone advertises our address on %s!\n",
923 ifp->idev->dev->name);
927 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
930 u8 old_flags = neigh->flags;
932 if (neigh->nud_state & NUD_FAILED)
935 neigh_update(neigh, lladdr,
936 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
937 NEIGH_UPDATE_F_WEAK_OVERRIDE|
938 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
939 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
940 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0));
942 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
944 * Change: router to host
947 rt = rt6_get_dflt_router(saddr, dev);
949 ip6_del_rt(rt, NULL, NULL);
953 neigh_release(neigh);
957 static void ndisc_recv_rs(struct sk_buff *skb)
959 struct rs_msg *rs_msg = (struct rs_msg *) skb->h.raw;
960 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
961 struct neighbour *neigh;
962 struct inet6_dev *idev;
963 struct in6_addr *saddr = &skb->nh.ipv6h->saddr;
964 struct ndisc_options ndopts;
968 if (skb->len < sizeof(*rs_msg))
971 idev = in6_dev_get(skb->dev);
974 ND_PRINTK1("ICMP6 RS: can't find in6 device\n");
978 /* Don't accept RS if we're not in router mode */
979 if (!idev->cnf.forwarding)
983 * Don't update NCE if src = ::;
984 * this implies that the source node has no ip address assigned yet.
986 if (ipv6_addr_any(saddr))
989 /* Parse ND options */
990 if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) {
992 ND_PRINTK2("ICMP6 NS: invalid ND option, ignored\n");
996 if (ndopts.nd_opts_src_lladdr) {
997 lladdr = (u8 *)(ndopts.nd_opts_src_lladdr + 1) +
998 ndisc_addr_option_pad(skb->dev->type);
999 lladdrlen = ndopts.nd_opts_src_lladdr->nd_opt_len << 3;
1000 if (lladdrlen != NDISC_OPT_SPACE(skb->dev->addr_len))
1004 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1006 neigh_update(neigh, lladdr, NUD_STALE,
1007 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1008 NEIGH_UPDATE_F_OVERRIDE|
1009 NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
1010 neigh_release(neigh);
1016 static void ndisc_router_discovery(struct sk_buff *skb)
1018 struct ra_msg *ra_msg = (struct ra_msg *) skb->h.raw;
1019 struct neighbour *neigh = NULL;
1020 struct inet6_dev *in6_dev;
1021 struct rt6_info *rt;
1023 struct ndisc_options ndopts;
1026 __u8 * opt = (__u8 *)(ra_msg + 1);
1028 optlen = (skb->tail - skb->h.raw) - sizeof(struct ra_msg);
1030 if (!(ipv6_addr_type(&skb->nh.ipv6h->saddr) & IPV6_ADDR_LINKLOCAL)) {
1031 ND_PRINTK2(KERN_WARNING
1032 "ICMPv6 RA: source address is not link-local.\n");
1036 ND_PRINTK2(KERN_WARNING
1037 "ICMPv6 RA: packet too short\n");
1042 * set the RA_RECV flag in the interface
1045 in6_dev = in6_dev_get(skb->dev);
1046 if (in6_dev == NULL) {
1048 "ICMPv6 RA: can't find inet6 device for %s.\n",
1052 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_ra) {
1053 in6_dev_put(in6_dev);
1057 if (!ndisc_parse_options(opt, optlen, &ndopts)) {
1058 in6_dev_put(in6_dev);
1059 ND_PRINTK2(KERN_WARNING
1060 "ICMP6 RA: invalid ND options\n");
1064 if (in6_dev->if_flags & IF_RS_SENT) {
1066 * flag that an RA was received after an RS was sent
1067 * out on this interface.
1069 in6_dev->if_flags |= IF_RA_RCVD;
1073 * Remember the managed/otherconf flags from most recently
1074 * received RA message (RFC 2462) -- yoshfuji
1076 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1078 (ra_msg->icmph.icmp6_addrconf_managed ?
1079 IF_RA_MANAGED : 0) |
1080 (ra_msg->icmph.icmp6_addrconf_other ?
1081 IF_RA_OTHERCONF : 0);
1083 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1085 rt = rt6_get_dflt_router(&skb->nh.ipv6h->saddr, skb->dev);
1088 neigh = rt->rt6i_nexthop;
1090 if (rt && lifetime == 0) {
1092 ip6_del_rt(rt, NULL, NULL);
1096 if (rt == NULL && lifetime) {
1097 ND_PRINTK3(KERN_DEBUG
1098 "ICMPv6 RA: adding default router.\n");
1100 rt = rt6_add_dflt_router(&skb->nh.ipv6h->saddr, skb->dev);
1103 "ICMPv6 RA: %s() failed to add default route.\n",
1105 in6_dev_put(in6_dev);
1109 neigh = rt->rt6i_nexthop;
1110 if (neigh == NULL) {
1112 "ICMPv6 RA: %s() got default router without neighbour.\n",
1114 dst_release(&rt->u.dst);
1115 in6_dev_put(in6_dev);
1118 neigh->flags |= NTF_ROUTER;
1122 rt->rt6i_expires = jiffies + (HZ * lifetime);
1124 if (ra_msg->icmph.icmp6_hop_limit)
1125 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1128 * Update Reachable Time and Retrans Timer
1131 if (in6_dev->nd_parms) {
1132 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1134 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1135 rtime = (rtime*HZ)/1000;
1138 in6_dev->nd_parms->retrans_time = rtime;
1139 in6_dev->tstamp = jiffies;
1140 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1143 rtime = ntohl(ra_msg->reachable_time);
1144 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1145 rtime = (rtime*HZ)/1000;
1150 if (rtime != in6_dev->nd_parms->base_reachable_time) {
1151 in6_dev->nd_parms->base_reachable_time = rtime;
1152 in6_dev->nd_parms->gc_staletime = 3 * rtime;
1153 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1154 in6_dev->tstamp = jiffies;
1155 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1165 neigh = __neigh_lookup(&nd_tbl, &skb->nh.ipv6h->saddr,
1170 if (ndopts.nd_opts_src_lladdr) {
1171 lladdr = (u8*)((ndopts.nd_opts_src_lladdr)+1) +
1172 ndisc_addr_option_pad(skb->dev->type);
1173 lladdrlen = ndopts.nd_opts_src_lladdr->nd_opt_len << 3;
1174 if (lladdrlen != NDISC_OPT_SPACE(skb->dev->addr_len)) {
1175 ND_PRINTK2(KERN_WARNING
1176 "ICMPv6 RA: invalid link-layer address length\n");
1180 neigh_update(neigh, lladdr, NUD_STALE,
1181 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1182 NEIGH_UPDATE_F_OVERRIDE|
1183 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1184 NEIGH_UPDATE_F_ISROUTER);
1187 if (ndopts.nd_opts_pi) {
1188 struct nd_opt_hdr *p;
1189 for (p = ndopts.nd_opts_pi;
1191 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1192 addrconf_prefix_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3);
1196 if (ndopts.nd_opts_mtu) {
1199 memcpy(&mtu, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1202 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1203 ND_PRINTK2(KERN_WARNING
1204 "ICMPv6 RA: invalid mtu: %d\n",
1206 } else if (in6_dev->cnf.mtu6 != mtu) {
1207 in6_dev->cnf.mtu6 = mtu;
1210 rt->u.dst.metrics[RTAX_MTU-1] = mtu;
1212 rt6_mtu_change(skb->dev, mtu);
1216 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1217 ND_PRINTK2(KERN_WARNING
1218 "ICMPv6 RA: invalid RA options");
1222 dst_release(&rt->u.dst);
1224 neigh_release(neigh);
1225 in6_dev_put(in6_dev);
1228 static void ndisc_redirect_rcv(struct sk_buff *skb)
1230 struct inet6_dev *in6_dev;
1231 struct icmp6hdr *icmph;
1232 struct in6_addr *dest;
1233 struct in6_addr *target; /* new first hop to destination */
1234 struct neighbour *neigh;
1236 struct ndisc_options ndopts;
1241 if (!(ipv6_addr_type(&skb->nh.ipv6h->saddr) & IPV6_ADDR_LINKLOCAL)) {
1242 ND_PRINTK2(KERN_WARNING
1243 "ICMPv6 Redirect: source address is not link-local.\n");
1247 optlen = skb->tail - skb->h.raw;
1248 optlen -= sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1251 ND_PRINTK2(KERN_WARNING
1252 "ICMPv6 Redirect: packet too short\n");
1256 icmph = (struct icmp6hdr *) skb->h.raw;
1257 target = (struct in6_addr *) (icmph + 1);
1260 if (ipv6_addr_is_multicast(dest)) {
1261 ND_PRINTK2(KERN_WARNING
1262 "ICMPv6 Redirect: destination address is multicast.\n");
1266 if (ipv6_addr_equal(dest, target)) {
1268 } else if (!(ipv6_addr_type(target) & IPV6_ADDR_LINKLOCAL)) {
1269 ND_PRINTK2(KERN_WARNING
1270 "ICMPv6 Redirect: target address is not link-local.\n");
1274 in6_dev = in6_dev_get(skb->dev);
1277 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects) {
1278 in6_dev_put(in6_dev);
1283 * The IP source address of the Redirect MUST be the same as the current
1284 * first-hop router for the specified ICMP Destination Address.
1287 if (!ndisc_parse_options((u8*)(dest + 1), optlen, &ndopts)) {
1288 ND_PRINTK2(KERN_WARNING
1289 "ICMPv6 Redirect: invalid ND options\n");
1290 in6_dev_put(in6_dev);
1293 if (ndopts.nd_opts_tgt_lladdr) {
1294 lladdr = (u8*)(ndopts.nd_opts_tgt_lladdr + 1) +
1295 ndisc_addr_option_pad(skb->dev->type);
1296 lladdrlen = ndopts.nd_opts_tgt_lladdr->nd_opt_len << 3;
1297 if (lladdrlen != NDISC_OPT_SPACE(skb->dev->addr_len)) {
1298 ND_PRINTK2(KERN_WARNING
1299 "ICMPv6 Redirect: invalid link-layer address length\n");
1300 in6_dev_put(in6_dev);
1305 neigh = __neigh_lookup(&nd_tbl, target, skb->dev, 1);
1307 rt6_redirect(dest, &skb->nh.ipv6h->saddr, neigh, lladdr,
1309 neigh_release(neigh);
1311 in6_dev_put(in6_dev);
1314 void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh,
1315 struct in6_addr *target)
1317 struct sock *sk = ndisc_socket->sk;
1318 int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1319 struct sk_buff *buff;
1320 struct icmp6hdr *icmph;
1321 struct in6_addr saddr_buf;
1322 struct in6_addr *addrp;
1323 struct net_device *dev;
1324 struct rt6_info *rt;
1325 struct dst_entry *dst;
1326 struct inet6_dev *idev;
1335 if (ipv6_get_lladdr(dev, &saddr_buf)) {
1336 ND_PRINTK2(KERN_WARNING
1337 "ICMPv6 Redirect: no link-local address on %s\n",
1342 ndisc_flow_init(&fl, NDISC_REDIRECT, &saddr_buf, &skb->nh.ipv6h->saddr);
1344 rt = rt6_lookup(&skb->nh.ipv6h->saddr, NULL, dev->ifindex, 1);
1349 err = xfrm_lookup(&dst, &fl, NULL, 0);
1355 rt = (struct rt6_info *) dst;
1357 if (rt->rt6i_flags & RTF_GATEWAY) {
1358 ND_PRINTK2(KERN_WARNING
1359 "ICMPv6 Redirect: destination is not a neighbour.\n");
1363 if (!xrlim_allow(dst, 1*HZ)) {
1368 if (dev->addr_len) {
1369 if (neigh->nud_state&NUD_VALID) {
1370 len += NDISC_OPT_SPACE(dev->addr_len);
1372 /* If nexthop is not valid, do not redirect!
1373 We will make it later, when will be sure,
1381 rd_len = min_t(unsigned int,
1382 IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8);
1386 buff = sock_alloc_send_skb(sk, MAX_HEADER + len + LL_RESERVED_SPACE(dev),
1390 "ICMPv6 Redirect: %s() failed to allocate an skb.\n",
1398 skb_reserve(buff, LL_RESERVED_SPACE(dev));
1399 ip6_nd_hdr(sk, buff, dev, &saddr_buf, &skb->nh.ipv6h->saddr,
1400 IPPROTO_ICMPV6, len);
1402 icmph = (struct icmp6hdr *)skb_put(buff, len);
1403 buff->h.raw = (unsigned char*)icmph;
1405 memset(icmph, 0, sizeof(struct icmp6hdr));
1406 icmph->icmp6_type = NDISC_REDIRECT;
1409 * copy target and destination addresses
1412 addrp = (struct in6_addr *)(icmph + 1);
1413 ipv6_addr_copy(addrp, target);
1415 ipv6_addr_copy(addrp, &skb->nh.ipv6h->daddr);
1417 opt = (u8*) (addrp + 1);
1420 * include target_address option
1424 opt = ndisc_fill_addr_option(opt, ND_OPT_TARGET_LL_ADDR, neigh->ha,
1425 dev->addr_len, dev->type);
1428 * build redirect option and copy skb over to the new packet.
1432 *(opt++) = ND_OPT_REDIRECT_HDR;
1433 *(opt++) = (rd_len >> 3);
1436 memcpy(opt, skb->nh.ipv6h, rd_len - 8);
1438 icmph->icmp6_cksum = csum_ipv6_magic(&saddr_buf, &skb->nh.ipv6h->saddr,
1439 len, IPPROTO_ICMPV6,
1440 csum_partial((u8 *) icmph, len, 0));
1443 idev = in6_dev_get(dst->dev);
1444 IP6_INC_STATS(IPSTATS_MIB_OUTREQUESTS);
1445 err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, buff, NULL, dst->dev, dst_output);
1447 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTREDIRECTS);
1448 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS);
1451 if (likely(idev != NULL))
1455 static void pndisc_redo(struct sk_buff *skb)
1461 int ndisc_rcv(struct sk_buff *skb)
1465 if (!pskb_may_pull(skb, skb->len))
1468 msg = (struct nd_msg *) skb->h.raw;
1470 __skb_push(skb, skb->data-skb->h.raw);
1472 if (skb->nh.ipv6h->hop_limit != 255) {
1473 ND_PRINTK2(KERN_WARNING
1474 "ICMPv6 NDISC: invalid hop-limit: %d\n",
1475 skb->nh.ipv6h->hop_limit);
1479 if (msg->icmph.icmp6_code != 0) {
1480 ND_PRINTK2(KERN_WARNING
1481 "ICMPv6 NDISC: invalid ICMPv6 code: %d\n",
1482 msg->icmph.icmp6_code);
1486 switch (msg->icmph.icmp6_type) {
1487 case NDISC_NEIGHBOUR_SOLICITATION:
1491 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1495 case NDISC_ROUTER_SOLICITATION:
1499 case NDISC_ROUTER_ADVERTISEMENT:
1500 ndisc_router_discovery(skb);
1503 case NDISC_REDIRECT:
1504 ndisc_redirect_rcv(skb);
1511 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1513 struct net_device *dev = ptr;
1516 case NETDEV_CHANGEADDR:
1517 neigh_changeaddr(&nd_tbl, dev);
1521 neigh_ifdown(&nd_tbl, dev);
1531 static struct notifier_block ndisc_netdev_notifier = {
1532 .notifier_call = ndisc_netdev_event,
1535 #ifdef CONFIG_SYSCTL
1536 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, struct file * filp, void __user *buffer, size_t *lenp, loff_t *ppos)
1538 struct net_device *dev = ctl->extra1;
1539 struct inet6_dev *idev;
1541 if (write && dev && (idev = in6_dev_get(dev)) != NULL) {
1542 idev->tstamp = jiffies;
1543 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1546 return proc_dointvec(ctl, write, filp, buffer, lenp, ppos);
1550 int __init ndisc_init(struct net_proto_family *ops)
1552 struct ipv6_pinfo *np;
1556 err = sock_create_kern(PF_INET6, SOCK_RAW, IPPROTO_ICMPV6, &ndisc_socket);
1559 "ICMPv6 NDISC: Failed to initialize the control socket (err %d).\n",
1561 ndisc_socket = NULL; /* For safety. */
1565 sk = ndisc_socket->sk;
1567 sk->sk_allocation = GFP_ATOMIC;
1568 np->hop_limit = 255;
1569 /* Do not loopback ndisc messages */
1571 sk->sk_prot->unhash(sk);
1574 * Initialize the neighbour table
1577 neigh_table_init(&nd_tbl);
1579 #ifdef CONFIG_SYSCTL
1580 neigh_sysctl_register(NULL, &nd_tbl.parms, NET_IPV6, NET_IPV6_NEIGH,
1581 "ipv6", &ndisc_ifinfo_sysctl_change);
1584 register_netdevice_notifier(&ndisc_netdev_notifier);
1588 void ndisc_cleanup(void)
1590 #ifdef CONFIG_SYSCTL
1591 neigh_sysctl_unregister(&nd_tbl.parms);
1593 neigh_table_clear(&nd_tbl);
1594 sock_release(ndisc_socket);
1595 ndisc_socket = NULL; /* For safety. */