2 * Neighbour Discovery for IPv6
3 * Linux INET6 implementation
6 * Pedro Roque <roque@di.fc.ul.pt>
7 * Mike Shaver <shaver@ingenia.com>
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version
12 * 2 of the License, or (at your option) any later version.
18 * Lars Fenneberg : fixed MTU setting on receipt
21 * Janos Farkas : kmalloc failure checks
22 * Alexey Kuznetsov : state machine reworked
23 * and moved to net/core.
24 * Pekka Savola : RFC2461 validation
25 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly
28 /* Set to 3 to get tracing... */
31 #define ND_PRINTK(fmt, args...) do { if (net_ratelimit()) { printk(fmt, ## args); } } while(0)
32 #define ND_NOPRINTK(x...) do { ; } while(0)
33 #define ND_PRINTK0 ND_PRINTK
34 #define ND_PRINTK1 ND_NOPRINTK
35 #define ND_PRINTK2 ND_NOPRINTK
36 #define ND_PRINTK3 ND_NOPRINTK
39 #define ND_PRINTK1 ND_PRINTK
43 #define ND_PRINTK2 ND_PRINTK
47 #define ND_PRINTK3 ND_PRINTK
50 #include <linux/module.h>
51 #include <linux/config.h>
52 #include <linux/errno.h>
53 #include <linux/types.h>
54 #include <linux/socket.h>
55 #include <linux/sockios.h>
56 #include <linux/sched.h>
57 #include <linux/net.h>
58 #include <linux/in6.h>
59 #include <linux/route.h>
60 #include <linux/init.h>
61 #include <linux/rcupdate.h>
63 #include <linux/sysctl.h>
66 #include <linux/if_arp.h>
67 #include <linux/ipv6.h>
68 #include <linux/icmpv6.h>
69 #include <linux/jhash.h>
75 #include <net/protocol.h>
76 #include <net/ndisc.h>
77 #include <net/ip6_route.h>
78 #include <net/addrconf.h>
82 #include <net/ip6_checksum.h>
83 #include <linux/proc_fs.h>
85 #include <linux/netfilter.h>
86 #include <linux/netfilter_ipv6.h>
88 static struct socket *ndisc_socket;
90 static u32 ndisc_hash(const void *pkey, const struct net_device *dev);
91 static int ndisc_constructor(struct neighbour *neigh);
92 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
93 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
94 static int pndisc_constructor(struct pneigh_entry *n);
95 static void pndisc_destructor(struct pneigh_entry *n);
96 static void pndisc_redo(struct sk_buff *skb);
98 static struct neigh_ops ndisc_generic_ops = {
100 .solicit = ndisc_solicit,
101 .error_report = ndisc_error_report,
102 .output = neigh_resolve_output,
103 .connected_output = neigh_connected_output,
104 .hh_output = dev_queue_xmit,
105 .queue_xmit = dev_queue_xmit,
108 static struct neigh_ops ndisc_hh_ops = {
110 .solicit = ndisc_solicit,
111 .error_report = ndisc_error_report,
112 .output = neigh_resolve_output,
113 .connected_output = neigh_resolve_output,
114 .hh_output = dev_queue_xmit,
115 .queue_xmit = dev_queue_xmit,
119 static struct neigh_ops ndisc_direct_ops = {
121 .output = dev_queue_xmit,
122 .connected_output = dev_queue_xmit,
123 .hh_output = dev_queue_xmit,
124 .queue_xmit = dev_queue_xmit,
127 struct neigh_table nd_tbl = {
129 .entry_size = sizeof(struct neighbour) + sizeof(struct in6_addr),
130 .key_len = sizeof(struct in6_addr),
132 .constructor = ndisc_constructor,
133 .pconstructor = pndisc_constructor,
134 .pdestructor = pndisc_destructor,
135 .proxy_redo = pndisc_redo,
139 .base_reachable_time = 30 * HZ,
140 .retrans_time = 1 * HZ,
141 .gc_staletime = 60 * HZ,
142 .reachable_time = 30 * HZ,
143 .delay_probe_time = 5 * HZ,
147 .anycast_delay = 1 * HZ,
148 .proxy_delay = (8 * HZ) / 10,
151 .gc_interval = 30 * HZ,
158 struct ndisc_options {
159 struct nd_opt_hdr *nd_opt_array[7];
160 struct nd_opt_hdr *nd_opt_piend;
163 #define nd_opts_src_lladdr nd_opt_array[ND_OPT_SOURCE_LL_ADDR]
164 #define nd_opts_tgt_lladdr nd_opt_array[ND_OPT_TARGET_LL_ADDR]
165 #define nd_opts_pi nd_opt_array[ND_OPT_PREFIX_INFO]
166 #define nd_opts_pi_end nd_opt_piend
167 #define nd_opts_rh nd_opt_array[ND_OPT_REDIRECT_HDR]
168 #define nd_opts_mtu nd_opt_array[ND_OPT_MTU]
170 #define NDISC_OPT_SPACE(len) (((len)+2+7)&~7)
172 static u8 *ndisc_fill_option(u8 *opt, int type, void *data, int data_len)
174 int space = NDISC_OPT_SPACE(data_len);
178 memcpy(opt+2, data, data_len);
181 if ((space -= data_len) > 0)
182 memset(opt, 0, space);
186 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
187 struct nd_opt_hdr *end)
190 if (!cur || !end || cur >= end)
192 type = cur->nd_opt_type;
194 cur = ((void *)cur) + (cur->nd_opt_len << 3);
195 } while(cur < end && cur->nd_opt_type != type);
196 return (cur <= end && cur->nd_opt_type == type ? cur : NULL);
199 static struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
200 struct ndisc_options *ndopts)
202 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
204 if (!nd_opt || opt_len < 0 || !ndopts)
206 memset(ndopts, 0, sizeof(*ndopts));
209 if (opt_len < sizeof(struct nd_opt_hdr))
211 l = nd_opt->nd_opt_len << 3;
212 if (opt_len < l || l == 0)
214 switch (nd_opt->nd_opt_type) {
215 case ND_OPT_SOURCE_LL_ADDR:
216 case ND_OPT_TARGET_LL_ADDR:
218 case ND_OPT_REDIRECT_HDR:
219 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
220 ND_PRINTK2(KERN_WARNING
221 "%s(): duplicated ND6 option found: type=%d\n",
223 nd_opt->nd_opt_type);
225 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
228 case ND_OPT_PREFIX_INFO:
229 ndopts->nd_opts_pi_end = nd_opt;
230 if (ndopts->nd_opt_array[nd_opt->nd_opt_type] == 0)
231 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
235 * Unknown options must be silently ignored,
236 * to accommodate future extension to the protocol.
238 ND_PRINTK2(KERN_NOTICE
239 "%s(): ignored unsupported option; type=%d, len=%d\n",
241 nd_opt->nd_opt_type, nd_opt->nd_opt_len);
244 nd_opt = ((void *)nd_opt) + l;
249 int ndisc_mc_map(struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
253 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */
255 ipv6_eth_mc_map(addr, buf);
257 case ARPHRD_IEEE802_TR:
258 ipv6_tr_mc_map(addr,buf);
261 ipv6_arcnet_mc_map(addr, buf);
265 memcpy(buf, dev->broadcast, dev->addr_len);
272 static u32 ndisc_hash(const void *pkey, const struct net_device *dev)
274 const u32 *p32 = pkey;
278 for (i = 0; i < (sizeof(struct in6_addr) / sizeof(u32)); i++)
281 return jhash_2words(addr_hash, dev->ifindex, nd_tbl.hash_rnd);
284 static int ndisc_constructor(struct neighbour *neigh)
286 struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key;
287 struct net_device *dev = neigh->dev;
288 struct inet6_dev *in6_dev;
289 struct neigh_parms *parms;
290 int is_multicast = ipv6_addr_is_multicast(addr);
293 in6_dev = in6_dev_get(dev);
294 if (in6_dev == NULL) {
299 parms = in6_dev->nd_parms;
300 __neigh_parms_put(neigh->parms);
301 neigh->parms = neigh_parms_clone(parms);
304 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
305 if (dev->hard_header == NULL) {
306 neigh->nud_state = NUD_NOARP;
307 neigh->ops = &ndisc_direct_ops;
308 neigh->output = neigh->ops->queue_xmit;
311 neigh->nud_state = NUD_NOARP;
312 ndisc_mc_map(addr, neigh->ha, dev, 1);
313 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
314 neigh->nud_state = NUD_NOARP;
315 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
316 if (dev->flags&IFF_LOOPBACK)
317 neigh->type = RTN_LOCAL;
318 } else if (dev->flags&IFF_POINTOPOINT) {
319 neigh->nud_state = NUD_NOARP;
320 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
322 if (dev->hard_header_cache)
323 neigh->ops = &ndisc_hh_ops;
325 neigh->ops = &ndisc_generic_ops;
326 if (neigh->nud_state&NUD_VALID)
327 neigh->output = neigh->ops->connected_output;
329 neigh->output = neigh->ops->output;
331 in6_dev_put(in6_dev);
335 static int pndisc_constructor(struct pneigh_entry *n)
337 struct in6_addr *addr = (struct in6_addr*)&n->key;
338 struct in6_addr maddr;
339 struct net_device *dev = n->dev;
341 if (dev == NULL || __in6_dev_get(dev) == NULL)
343 addrconf_addr_solict_mult(addr, &maddr);
344 ipv6_dev_mc_inc(dev, &maddr);
348 static void pndisc_destructor(struct pneigh_entry *n)
350 struct in6_addr *addr = (struct in6_addr*)&n->key;
351 struct in6_addr maddr;
352 struct net_device *dev = n->dev;
354 if (dev == NULL || __in6_dev_get(dev) == NULL)
356 addrconf_addr_solict_mult(addr, &maddr);
357 ipv6_dev_mc_dec(dev, &maddr);
361 * Send a Neighbour Advertisement
364 static inline void ndisc_flow_init(struct flowi *fl, u8 type,
365 struct in6_addr *saddr, struct in6_addr *daddr)
367 memset(fl, 0, sizeof(*fl));
368 ipv6_addr_copy(&fl->fl6_src, saddr);
369 ipv6_addr_copy(&fl->fl6_dst, daddr);
370 fl->proto = IPPROTO_ICMPV6;
371 fl->fl_icmp_type = type;
372 fl->fl_icmp_code = 0;
375 static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
376 struct in6_addr *daddr, struct in6_addr *solicited_addr,
377 int router, int solicited, int override, int inc_opt)
379 struct in6_addr tmpaddr;
380 struct inet6_ifaddr *ifp;
381 struct inet6_dev *idev;
383 struct dst_entry* dst;
384 struct sock *sk = ndisc_socket->sk;
385 struct in6_addr *src_addr;
391 len = sizeof(struct icmp6hdr) + sizeof(struct in6_addr);
393 /* for anycast or proxy, solicited_addr != src_addr */
394 ifp = ipv6_get_ifaddr(solicited_addr, dev, 1);
396 src_addr = solicited_addr;
399 if (ipv6_dev_get_saddr(dev, daddr, &tmpaddr))
404 ndisc_flow_init(&fl, NDISC_NEIGHBOUR_ADVERTISEMENT, src_addr, daddr);
406 dst = ndisc_dst_alloc(dev, neigh, daddr, ip6_output);
410 err = xfrm_lookup(&dst, &fl, NULL, 0);
418 len += NDISC_OPT_SPACE(dev->addr_len);
423 skb = sock_alloc_send_skb(sk, MAX_HEADER + len + LL_RESERVED_SPACE(dev),
428 "ICMPv6 NA: %s() failed to allocate an skb.\n",
434 skb_reserve(skb, LL_RESERVED_SPACE(dev));
435 ip6_nd_hdr(sk, skb, dev, src_addr, daddr, IPPROTO_ICMPV6, len);
437 msg = (struct nd_msg *)skb_put(skb, len);
438 skb->h.raw = (unsigned char*)msg;
440 msg->icmph.icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT;
441 msg->icmph.icmp6_code = 0;
442 msg->icmph.icmp6_cksum = 0;
444 msg->icmph.icmp6_unused = 0;
445 msg->icmph.icmp6_router = router;
446 msg->icmph.icmp6_solicited = solicited;
447 msg->icmph.icmp6_override = !!override;
449 /* Set the target address. */
450 ipv6_addr_copy(&msg->target, solicited_addr);
453 ndisc_fill_option(msg->opt, ND_OPT_TARGET_LL_ADDR, dev->dev_addr, dev->addr_len);
456 msg->icmph.icmp6_cksum = csum_ipv6_magic(src_addr, daddr, len,
458 csum_partial((__u8 *) msg,
462 idev = in6_dev_get(dst->dev);
463 IP6_INC_STATS(IPSTATS_MIB_OUTREQUESTS);
464 err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, dst_output);
466 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTNEIGHBORADVERTISEMENTS);
467 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS);
470 if (likely(idev != NULL))
474 void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh,
475 struct in6_addr *solicit,
476 struct in6_addr *daddr, struct in6_addr *saddr)
479 struct dst_entry* dst;
480 struct inet6_dev *idev;
481 struct sock *sk = ndisc_socket->sk;
484 struct in6_addr addr_buf;
490 if (ipv6_get_lladdr(dev, &addr_buf))
495 ndisc_flow_init(&fl, NDISC_NEIGHBOUR_SOLICITATION, saddr, daddr);
497 dst = ndisc_dst_alloc(dev, neigh, daddr, ip6_output);
501 err = xfrm_lookup(&dst, &fl, NULL, 0);
507 len = sizeof(struct icmp6hdr) + sizeof(struct in6_addr);
508 send_llinfo = dev->addr_len && !ipv6_addr_any(saddr);
510 len += NDISC_OPT_SPACE(dev->addr_len);
512 skb = sock_alloc_send_skb(sk, MAX_HEADER + len + LL_RESERVED_SPACE(dev),
516 "ICMPv6 NA: %s() failed to allocate an skb.\n",
522 skb_reserve(skb, LL_RESERVED_SPACE(dev));
523 ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len);
525 msg = (struct nd_msg *)skb_put(skb, len);
526 skb->h.raw = (unsigned char*)msg;
527 msg->icmph.icmp6_type = NDISC_NEIGHBOUR_SOLICITATION;
528 msg->icmph.icmp6_code = 0;
529 msg->icmph.icmp6_cksum = 0;
530 msg->icmph.icmp6_unused = 0;
532 /* Set the target address. */
533 ipv6_addr_copy(&msg->target, solicit);
536 ndisc_fill_option(msg->opt, ND_OPT_SOURCE_LL_ADDR, dev->dev_addr, dev->addr_len);
539 msg->icmph.icmp6_cksum = csum_ipv6_magic(&skb->nh.ipv6h->saddr,
542 csum_partial((__u8 *) msg,
546 idev = in6_dev_get(dst->dev);
547 IP6_INC_STATS(IPSTATS_MIB_OUTREQUESTS);
548 err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, dst_output);
550 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTNEIGHBORSOLICITS);
551 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS);
554 if (likely(idev != NULL))
558 void ndisc_send_rs(struct net_device *dev, struct in6_addr *saddr,
559 struct in6_addr *daddr)
562 struct dst_entry* dst;
563 struct inet6_dev *idev;
564 struct sock *sk = ndisc_socket->sk;
566 struct icmp6hdr *hdr;
571 ndisc_flow_init(&fl, NDISC_ROUTER_SOLICITATION, saddr, daddr);
573 dst = ndisc_dst_alloc(dev, NULL, daddr, ip6_output);
577 err = xfrm_lookup(&dst, &fl, NULL, 0);
583 len = sizeof(struct icmp6hdr);
585 len += NDISC_OPT_SPACE(dev->addr_len);
587 skb = sock_alloc_send_skb(sk, MAX_HEADER + len + LL_RESERVED_SPACE(dev),
591 "ICMPv6 RS: %s() failed to allocate an skb.\n",
597 skb_reserve(skb, LL_RESERVED_SPACE(dev));
598 ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len);
600 hdr = (struct icmp6hdr *)skb_put(skb, len);
601 skb->h.raw = (unsigned char*)hdr;
602 hdr->icmp6_type = NDISC_ROUTER_SOLICITATION;
604 hdr->icmp6_cksum = 0;
605 hdr->icmp6_unused = 0;
607 opt = (u8*) (hdr + 1);
610 ndisc_fill_option(opt, ND_OPT_SOURCE_LL_ADDR, dev->dev_addr, dev->addr_len);
613 hdr->icmp6_cksum = csum_ipv6_magic(&skb->nh.ipv6h->saddr, daddr, len,
615 csum_partial((__u8 *) hdr, len, 0));
619 idev = in6_dev_get(dst->dev);
620 IP6_INC_STATS(IPSTATS_MIB_OUTREQUESTS);
621 err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, dst_output);
623 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTROUTERSOLICITS);
624 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS);
627 if (likely(idev != NULL))
632 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
635 * "The sender MUST return an ICMP
636 * destination unreachable"
638 dst_link_failure(skb);
642 /* Called with locked neigh: either read or both */
644 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
646 struct in6_addr *saddr = NULL;
647 struct in6_addr mcaddr;
648 struct net_device *dev = neigh->dev;
649 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
650 int probes = atomic_read(&neigh->probes);
652 if (skb && ipv6_chk_addr(&skb->nh.ipv6h->saddr, dev, 1))
653 saddr = &skb->nh.ipv6h->saddr;
655 if ((probes -= neigh->parms->ucast_probes) < 0) {
656 if (!(neigh->nud_state & NUD_VALID)) {
657 ND_PRINTK1(KERN_DEBUG
658 "%s(): trying to ucast probe in NUD_INVALID: "
659 "%04x:%04x:%04x:%04x:%04x:%04x:%04x:%04x\n",
663 ndisc_send_ns(dev, neigh, target, target, saddr);
664 } else if ((probes -= neigh->parms->app_probes) < 0) {
669 addrconf_addr_solict_mult(target, &mcaddr);
670 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr);
674 static void ndisc_recv_ns(struct sk_buff *skb)
676 struct nd_msg *msg = (struct nd_msg *)skb->h.raw;
677 struct in6_addr *saddr = &skb->nh.ipv6h->saddr;
678 struct in6_addr *daddr = &skb->nh.ipv6h->daddr;
681 u32 ndoptlen = skb->tail - msg->opt;
682 struct ndisc_options ndopts;
683 struct net_device *dev = skb->dev;
684 struct inet6_ifaddr *ifp;
685 struct inet6_dev *idev = NULL;
686 struct neighbour *neigh;
687 int dad = ipv6_addr_any(saddr);
690 if (ipv6_addr_is_multicast(&msg->target)) {
691 ND_PRINTK2(KERN_WARNING
692 "ICMPv6 NS: multicast target address");
698 * DAD has to be destined for solicited node multicast address.
701 !(daddr->s6_addr32[0] == htonl(0xff020000) &&
702 daddr->s6_addr32[1] == htonl(0x00000000) &&
703 daddr->s6_addr32[2] == htonl(0x00000001) &&
704 daddr->s6_addr [12] == 0xff )) {
705 ND_PRINTK2(KERN_WARNING
706 "ICMPv6 NS: bad DAD packet (wrong destination)\n");
710 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
711 ND_PRINTK2(KERN_WARNING
712 "ICMPv6 NS: invalid ND options\n");
716 if (ndopts.nd_opts_src_lladdr) {
717 lladdr = (u8*)(ndopts.nd_opts_src_lladdr + 1);
718 lladdrlen = ndopts.nd_opts_src_lladdr->nd_opt_len << 3;
719 if (lladdrlen != NDISC_OPT_SPACE(dev->addr_len)) {
720 ND_PRINTK2(KERN_WARNING
721 "ICMPv6 NS: invalid link-layer address length\n");
726 * If the IP source address is the unspecified address,
727 * there MUST NOT be source link-layer address option
731 ND_PRINTK2(KERN_WARNING
732 "ICMPv6 NS: bad DAD packet (link-layer address option)\n");
737 inc = ipv6_addr_is_multicast(daddr);
739 if ((ifp = ipv6_get_ifaddr(&msg->target, dev, 1)) != NULL) {
740 if (ifp->flags & IFA_F_TENTATIVE) {
741 /* Address is tentative. If the source
742 is unspecified address, it is someone
743 does DAD, otherwise we ignore solicitations
744 until DAD timer expires.
748 if (dev->type == ARPHRD_IEEE802_TR) {
749 unsigned char *sadr = skb->mac.raw;
750 if (((sadr[8] ^ dev->dev_addr[0]) & 0x7f) == 0 &&
751 sadr[9] == dev->dev_addr[1] &&
752 sadr[10] == dev->dev_addr[2] &&
753 sadr[11] == dev->dev_addr[3] &&
754 sadr[12] == dev->dev_addr[4] &&
755 sadr[13] == dev->dev_addr[5]) {
756 /* looped-back to us */
760 addrconf_dad_failure(ifp);
766 idev = in6_dev_get(dev);
768 /* XXX: count this drop? */
772 if (ipv6_chk_acast_addr(dev, &msg->target) ||
773 (idev->cnf.forwarding &&
774 pneigh_lookup(&nd_tbl, &msg->target, dev, 0))) {
775 if (skb->stamp.tv_sec != LOCALLY_ENQUEUED &&
776 skb->pkt_type != PACKET_HOST &&
778 idev->nd_parms->proxy_delay != 0) {
780 * for anycast or proxy,
781 * sender should delay its response
782 * by a random time between 0 and
783 * MAX_ANYCAST_DELAY_TIME seconds.
784 * (RFC2461) -- yoshfuji
786 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
788 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
796 struct in6_addr maddr;
798 ipv6_addr_all_nodes(&maddr);
799 ndisc_send_na(dev, NULL, &maddr, &msg->target,
800 idev->cnf.forwarding, 0, (ifp != NULL), 1);
805 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
807 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
810 * update / create cache entry
811 * for the source address
813 neigh = __neigh_lookup(&nd_tbl, saddr, dev,
814 !inc || lladdr || !dev->addr_len);
816 neigh_update(neigh, lladdr, NUD_STALE,
817 NEIGH_UPDATE_F_WEAK_OVERRIDE|
818 NEIGH_UPDATE_F_OVERRIDE);
819 if (neigh || !dev->hard_header) {
820 ndisc_send_na(dev, neigh, saddr, &msg->target,
821 idev->cnf.forwarding,
822 1, (ifp != NULL && inc), inc);
824 neigh_release(neigh);
836 static void ndisc_recv_na(struct sk_buff *skb)
838 struct nd_msg *msg = (struct nd_msg *)skb->h.raw;
839 struct in6_addr *saddr = &skb->nh.ipv6h->saddr;
840 struct in6_addr *daddr = &skb->nh.ipv6h->daddr;
843 u32 ndoptlen = skb->tail - msg->opt;
844 struct ndisc_options ndopts;
845 struct net_device *dev = skb->dev;
846 struct inet6_ifaddr *ifp;
847 struct neighbour *neigh;
849 if (skb->len < sizeof(struct nd_msg)) {
850 ND_PRINTK2(KERN_WARNING
851 "ICMPv6 NA: packet too short\n");
855 if (ipv6_addr_is_multicast(&msg->target)) {
856 ND_PRINTK2(KERN_WARNING
857 "ICMPv6 NA: target address is multicast.\n");
861 if (ipv6_addr_is_multicast(daddr) &&
862 msg->icmph.icmp6_solicited) {
863 ND_PRINTK2(KERN_WARNING
864 "ICMPv6 NA: solicited NA is multicasted.\n");
868 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
869 ND_PRINTK2(KERN_WARNING
870 "ICMPv6 NS: invalid ND option\n");
873 if (ndopts.nd_opts_tgt_lladdr) {
874 lladdr = (u8*)(ndopts.nd_opts_tgt_lladdr + 1);
875 lladdrlen = ndopts.nd_opts_tgt_lladdr->nd_opt_len << 3;
876 if (lladdrlen != NDISC_OPT_SPACE(dev->addr_len)) {
877 ND_PRINTK2(KERN_WARNING
878 "ICMPv6 NA: invalid link-layer address length\n");
882 if ((ifp = ipv6_get_ifaddr(&msg->target, dev, 1))) {
883 if (ifp->flags & IFA_F_TENTATIVE) {
884 addrconf_dad_failure(ifp);
887 /* What should we make now? The advertisement
888 is invalid, but ndisc specs say nothing
889 about it. It could be misconfiguration, or
890 an smart proxy agent tries to help us :-)
892 ND_PRINTK1(KERN_WARNING
893 "ICMPv6 NA: someone advertises our address on %s!\n",
894 ifp->idev->dev->name);
898 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
901 u8 old_flags = neigh->flags;
903 neigh_update(neigh, lladdr,
904 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
905 NEIGH_UPDATE_F_WEAK_OVERRIDE|
906 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0)|
907 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
908 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0));
910 if ((old_flags & ~neigh->flags) & NTF_ROUTER) {
912 * Change: router to host
915 rt = rt6_get_dflt_router(saddr, dev);
917 ip6_del_rt(rt, NULL, NULL);
920 neigh_release(neigh);
924 static void ndisc_recv_rs(struct sk_buff *skb)
926 struct rs_msg *rs_msg = (struct rs_msg *) skb->h.raw;
927 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
928 struct neighbour *neigh;
929 struct inet6_dev *idev;
930 struct in6_addr *saddr = &skb->nh.ipv6h->saddr;
931 struct ndisc_options ndopts;
935 if (skb->len < sizeof(*rs_msg))
938 idev = in6_dev_get(skb->dev);
941 ND_PRINTK1("ICMP6 RS: can't find in6 device\n");
945 /* Don't accept RS if we're not in router mode */
946 if (!idev->cnf.forwarding)
950 * Don't update NCE if src = ::;
951 * this implies that the source node has no ip address assigned yet.
953 if (ipv6_addr_any(saddr))
956 /* Parse ND options */
957 if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) {
959 ND_PRINTK2("ICMP6 NS: invalid ND option, ignored\n");
963 if (ndopts.nd_opts_src_lladdr) {
964 lladdr = (u8 *)(ndopts.nd_opts_src_lladdr + 1);
965 lladdrlen = ndopts.nd_opts_src_lladdr->nd_opt_len << 3;
966 if (lladdrlen != NDISC_OPT_SPACE(skb->dev->addr_len))
970 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
972 neigh_update(neigh, lladdr, NUD_STALE,
973 NEIGH_UPDATE_F_WEAK_OVERRIDE|
974 NEIGH_UPDATE_F_OVERRIDE|
975 NEIGH_UPDATE_F_OVERRIDE_ISROUTER);
976 neigh_release(neigh);
982 static void ndisc_router_discovery(struct sk_buff *skb)
984 struct ra_msg *ra_msg = (struct ra_msg *) skb->h.raw;
985 struct neighbour *neigh;
986 struct inet6_dev *in6_dev;
989 struct ndisc_options ndopts;
992 __u8 * opt = (__u8 *)(ra_msg + 1);
994 optlen = (skb->tail - skb->h.raw) - sizeof(struct ra_msg);
996 if (!(ipv6_addr_type(&skb->nh.ipv6h->saddr) & IPV6_ADDR_LINKLOCAL)) {
997 ND_PRINTK2(KERN_WARNING
998 "ICMPv6 RA: source address is not link-local.\n");
1002 ND_PRINTK2(KERN_WARNING
1003 "ICMPv6 RA: packet too short\n");
1008 * set the RA_RECV flag in the interface
1011 in6_dev = in6_dev_get(skb->dev);
1012 if (in6_dev == NULL) {
1014 "ICMPv6 RA: can't find inet6 device for %s.\n",
1018 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_ra) {
1019 in6_dev_put(in6_dev);
1023 if (!ndisc_parse_options(opt, optlen, &ndopts)) {
1024 in6_dev_put(in6_dev);
1025 ND_PRINTK2(KERN_WARNING
1026 "ICMP6 RA: invalid ND options\n");
1030 if (in6_dev->if_flags & IF_RS_SENT) {
1032 * flag that an RA was received after an RS was sent
1033 * out on this interface.
1035 in6_dev->if_flags |= IF_RA_RCVD;
1039 * Remember the managed/otherconf flags from most recently
1040 * received RA message (RFC 2462) -- yoshfuji
1042 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1044 (ra_msg->icmph.icmp6_addrconf_managed ?
1045 IF_RA_MANAGED : 0) |
1046 (ra_msg->icmph.icmp6_addrconf_other ?
1047 IF_RA_OTHERCONF : 0);
1049 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1051 rt = rt6_get_dflt_router(&skb->nh.ipv6h->saddr, skb->dev);
1053 if (rt && lifetime == 0) {
1054 ip6_del_rt(rt, NULL, NULL);
1058 if (rt == NULL && lifetime) {
1059 ND_PRINTK3(KERN_DEBUG
1060 "ICMPv6 RA: adding default router.\n");
1062 rt = rt6_add_dflt_router(&skb->nh.ipv6h->saddr, skb->dev);
1065 "ICMPv6 RA: %s() failed to add default route.\n",
1067 in6_dev_put(in6_dev);
1071 neigh = rt->rt6i_nexthop;
1072 if (neigh == NULL) {
1074 "ICMPv6 RA: %s() got default router without neighbour.\n",
1076 dst_release(&rt->u.dst);
1077 in6_dev_put(in6_dev);
1080 neigh->flags |= NTF_ROUTER;
1084 rt->rt6i_expires = jiffies + (HZ * lifetime);
1086 if (ra_msg->icmph.icmp6_hop_limit)
1087 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1090 * Update Reachable Time and Retrans Timer
1093 if (in6_dev->nd_parms) {
1094 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1096 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1097 rtime = (rtime*HZ)/1000;
1100 in6_dev->nd_parms->retrans_time = rtime;
1101 in6_dev->tstamp = jiffies;
1102 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1105 rtime = ntohl(ra_msg->reachable_time);
1106 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1107 rtime = (rtime*HZ)/1000;
1112 if (rtime != in6_dev->nd_parms->base_reachable_time) {
1113 in6_dev->nd_parms->base_reachable_time = rtime;
1114 in6_dev->nd_parms->gc_staletime = 3 * rtime;
1115 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1116 in6_dev->tstamp = jiffies;
1117 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1126 if (rt && (neigh = rt->rt6i_nexthop) != NULL) {
1129 if (ndopts.nd_opts_src_lladdr) {
1130 lladdr = (u8*)((ndopts.nd_opts_src_lladdr)+1);
1131 lladdrlen = ndopts.nd_opts_src_lladdr->nd_opt_len << 3;
1132 if (lladdrlen != NDISC_OPT_SPACE(skb->dev->addr_len)) {
1133 ND_PRINTK2(KERN_WARNING
1134 "ICMPv6 RA: invalid link-layer address length\n");
1138 neigh_update(neigh, lladdr, NUD_STALE,
1139 NEIGH_UPDATE_F_WEAK_OVERRIDE|
1140 NEIGH_UPDATE_F_OVERRIDE|
1141 NEIGH_UPDATE_F_OVERRIDE_ISROUTER|
1142 NEIGH_UPDATE_F_ISROUTER);
1145 if (ndopts.nd_opts_pi) {
1146 struct nd_opt_hdr *p;
1147 for (p = ndopts.nd_opts_pi;
1149 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1150 addrconf_prefix_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3);
1154 if (ndopts.nd_opts_mtu) {
1157 memcpy(&mtu, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1160 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1161 ND_PRINTK2(KERN_WARNING
1162 "ICMPv6 RA: invalid mtu: %d\n",
1164 } else if (in6_dev->cnf.mtu6 != mtu) {
1165 in6_dev->cnf.mtu6 = mtu;
1168 rt->u.dst.metrics[RTAX_MTU-1] = mtu;
1170 rt6_mtu_change(skb->dev, mtu);
1174 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1175 ND_PRINTK2(KERN_WARNING
1176 "ICMPv6 RA: invalid RA options");
1180 dst_release(&rt->u.dst);
1181 in6_dev_put(in6_dev);
1184 static void ndisc_redirect_rcv(struct sk_buff *skb)
1186 struct inet6_dev *in6_dev;
1187 struct icmp6hdr *icmph;
1188 struct in6_addr *dest;
1189 struct in6_addr *target; /* new first hop to destination */
1190 struct neighbour *neigh;
1192 struct ndisc_options ndopts;
1197 if (!(ipv6_addr_type(&skb->nh.ipv6h->saddr) & IPV6_ADDR_LINKLOCAL)) {
1198 ND_PRINTK2(KERN_WARNING
1199 "ICMPv6 Redirect: source address is not link-local.\n");
1203 optlen = skb->tail - skb->h.raw;
1204 optlen -= sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1207 ND_PRINTK2(KERN_WARNING
1208 "ICMPv6 Redirect: packet too short\n");
1212 icmph = (struct icmp6hdr *) skb->h.raw;
1213 target = (struct in6_addr *) (icmph + 1);
1216 if (ipv6_addr_is_multicast(dest)) {
1217 ND_PRINTK2(KERN_WARNING
1218 "ICMPv6 Redirect: destination address is multicast.\n");
1222 if (ipv6_addr_equal(dest, target)) {
1224 } else if (!(ipv6_addr_type(target) & IPV6_ADDR_LINKLOCAL)) {
1225 ND_PRINTK2(KERN_WARNING
1226 "ICMPv6 Redirect: target address is not link-local.\n");
1230 in6_dev = in6_dev_get(skb->dev);
1233 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects) {
1234 in6_dev_put(in6_dev);
1239 * The IP source address of the Redirect MUST be the same as the current
1240 * first-hop router for the specified ICMP Destination Address.
1243 if (!ndisc_parse_options((u8*)(dest + 1), optlen, &ndopts)) {
1244 ND_PRINTK2(KERN_WARNING
1245 "ICMPv6 Redirect: invalid ND options\n");
1246 in6_dev_put(in6_dev);
1249 if (ndopts.nd_opts_tgt_lladdr) {
1250 lladdr = (u8*)(ndopts.nd_opts_tgt_lladdr + 1);
1251 lladdrlen = ndopts.nd_opts_tgt_lladdr->nd_opt_len << 3;
1252 if (lladdrlen != NDISC_OPT_SPACE(skb->dev->addr_len)) {
1253 ND_PRINTK2(KERN_WARNING
1254 "ICMPv6 Redirect: invalid link-layer address length\n");
1255 in6_dev_put(in6_dev);
1260 neigh = __neigh_lookup(&nd_tbl, target, skb->dev, 1);
1262 rt6_redirect(dest, &skb->nh.ipv6h->saddr, neigh, lladdr,
1264 neigh_release(neigh);
1266 in6_dev_put(in6_dev);
1269 void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh,
1270 struct in6_addr *target)
1272 struct sock *sk = ndisc_socket->sk;
1273 int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1274 struct sk_buff *buff;
1275 struct icmp6hdr *icmph;
1276 struct in6_addr saddr_buf;
1277 struct in6_addr *addrp;
1278 struct net_device *dev;
1279 struct rt6_info *rt;
1280 struct dst_entry *dst;
1281 struct inet6_dev *idev;
1290 if (ipv6_get_lladdr(dev, &saddr_buf)) {
1291 ND_PRINTK2(KERN_WARNING
1292 "ICMPv6 Redirect: no link-local address on %s\n",
1297 ndisc_flow_init(&fl, NDISC_REDIRECT, &saddr_buf, &skb->nh.ipv6h->saddr);
1299 rt = rt6_lookup(&skb->nh.ipv6h->saddr, NULL, dev->ifindex, 1);
1304 err = xfrm_lookup(&dst, &fl, NULL, 0);
1310 rt = (struct rt6_info *) dst;
1312 if (rt->rt6i_flags & RTF_GATEWAY) {
1313 ND_PRINTK2(KERN_WARNING
1314 "ICMPv6 Redirect: destination is not a neighbour.\n");
1318 if (!xrlim_allow(dst, 1*HZ)) {
1323 if (dev->addr_len) {
1324 if (neigh->nud_state&NUD_VALID) {
1325 len += NDISC_OPT_SPACE(dev->addr_len);
1327 /* If nexthop is not valid, do not redirect!
1328 We will make it later, when will be sure,
1336 rd_len = min_t(unsigned int,
1337 IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8);
1341 buff = sock_alloc_send_skb(sk, MAX_HEADER + len + LL_RESERVED_SPACE(dev),
1345 "ICMPv6 Redirect: %s() failed to allocate an skb.\n",
1353 skb_reserve(buff, LL_RESERVED_SPACE(dev));
1354 ip6_nd_hdr(sk, buff, dev, &saddr_buf, &skb->nh.ipv6h->saddr,
1355 IPPROTO_ICMPV6, len);
1357 icmph = (struct icmp6hdr *)skb_put(buff, len);
1358 buff->h.raw = (unsigned char*)icmph;
1360 memset(icmph, 0, sizeof(struct icmp6hdr));
1361 icmph->icmp6_type = NDISC_REDIRECT;
1364 * copy target and destination addresses
1367 addrp = (struct in6_addr *)(icmph + 1);
1368 ipv6_addr_copy(addrp, target);
1370 ipv6_addr_copy(addrp, &skb->nh.ipv6h->daddr);
1372 opt = (u8*) (addrp + 1);
1375 * include target_address option
1379 opt = ndisc_fill_option(opt, ND_OPT_TARGET_LL_ADDR, neigh->ha, dev->addr_len);
1382 * build redirect option and copy skb over to the new packet.
1386 *(opt++) = ND_OPT_REDIRECT_HDR;
1387 *(opt++) = (rd_len >> 3);
1390 memcpy(opt, skb->nh.ipv6h, rd_len - 8);
1392 icmph->icmp6_cksum = csum_ipv6_magic(&saddr_buf, &skb->nh.ipv6h->saddr,
1393 len, IPPROTO_ICMPV6,
1394 csum_partial((u8 *) icmph, len, 0));
1397 idev = in6_dev_get(dst->dev);
1398 IP6_INC_STATS(IPSTATS_MIB_OUTREQUESTS);
1399 err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, buff, NULL, dst->dev, dst_output);
1401 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTREDIRECTS);
1402 ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS);
1405 if (likely(idev != NULL))
1409 static void pndisc_redo(struct sk_buff *skb)
1415 int ndisc_rcv(struct sk_buff *skb)
1419 if (!pskb_may_pull(skb, skb->len))
1422 msg = (struct nd_msg *) skb->h.raw;
1424 __skb_push(skb, skb->data-skb->h.raw);
1426 if (skb->nh.ipv6h->hop_limit != 255) {
1427 ND_PRINTK2(KERN_WARNING
1428 "ICMPv6 NDISC: invalid hop-limit: %d\n",
1429 skb->nh.ipv6h->hop_limit);
1433 if (msg->icmph.icmp6_code != 0) {
1434 ND_PRINTK2(KERN_WARNING
1435 "ICMPv6 NDISC: invalid ICMPv6 code: %d\n",
1436 msg->icmph.icmp6_code);
1440 switch (msg->icmph.icmp6_type) {
1441 case NDISC_NEIGHBOUR_SOLICITATION:
1445 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1449 case NDISC_ROUTER_SOLICITATION:
1453 case NDISC_ROUTER_ADVERTISEMENT:
1454 ndisc_router_discovery(skb);
1457 case NDISC_REDIRECT:
1458 ndisc_redirect_rcv(skb);
1465 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1467 struct net_device *dev = ptr;
1470 case NETDEV_CHANGEADDR:
1471 neigh_changeaddr(&nd_tbl, dev);
1475 neigh_ifdown(&nd_tbl, dev);
1485 static struct notifier_block ndisc_netdev_notifier = {
1486 .notifier_call = ndisc_netdev_event,
1489 #ifdef CONFIG_SYSCTL
1490 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, struct file * filp, void __user *buffer, size_t *lenp, loff_t *ppos)
1492 struct net_device *dev = ctl->extra1;
1493 struct inet6_dev *idev;
1495 if (write && dev && (idev = in6_dev_get(dev)) != NULL) {
1496 idev->tstamp = jiffies;
1497 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1500 return proc_dointvec(ctl, write, filp, buffer, lenp, ppos);
1504 int __init ndisc_init(struct net_proto_family *ops)
1506 struct ipv6_pinfo *np;
1510 err = sock_create_kern(PF_INET6, SOCK_RAW, IPPROTO_ICMPV6, &ndisc_socket);
1513 "ICMPv6 NDISC: Failed to initialize the control socket (err %d).\n",
1515 ndisc_socket = NULL; /* For safety. */
1519 sk = ndisc_socket->sk;
1521 sk->sk_allocation = GFP_ATOMIC;
1522 np->hop_limit = 255;
1523 /* Do not loopback ndisc messages */
1525 sk->sk_prot->unhash(sk);
1528 * Initialize the neighbour table
1531 neigh_table_init(&nd_tbl);
1533 #ifdef CONFIG_SYSCTL
1534 neigh_sysctl_register(NULL, &nd_tbl.parms, NET_IPV6, NET_IPV6_NEIGH,
1535 "ipv6", &ndisc_ifinfo_sysctl_change);
1538 register_netdevice_notifier(&ndisc_netdev_notifier);
1542 void ndisc_cleanup(void)
1544 #ifdef CONFIG_SYSCTL
1545 neigh_sysctl_unregister(&nd_tbl.parms);
1547 neigh_table_clear(&nd_tbl);
1548 sock_release(ndisc_socket);
1549 ndisc_socket = NULL; /* For safety. */