2 * Neighbour Discovery for IPv6
3 * Linux INET6 implementation
6 * Pedro Roque <roque@di.fc.ul.pt>
7 * Mike Shaver <shaver@ingenia.com>
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version
12 * 2 of the License, or (at your option) any later version.
18 * Lars Fenneberg : fixed MTU setting on receipt
21 * Janos Farkas : kmalloc failure checks
22 * Alexey Kuznetsov : state machine reworked
23 * and moved to net/core.
24 * Pekka Savola : RFC2461 validation
25 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly
28 /* Set to 3 to get tracing... */
31 #define ND_PRINTK(x...) printk(KERN_DEBUG x)
32 #define ND_NOPRINTK(x...) do { ; } while(0)
33 #define ND_PRINTK0 ND_PRINTK
34 #define ND_PRINTK1 ND_NOPRINTK
35 #define ND_PRINTK2 ND_NOPRINTK
38 #define ND_PRINTK1 ND_PRINTK
42 #define ND_PRINTK2 ND_PRINTK
45 #include <linux/module.h>
46 #include <linux/config.h>
47 #include <linux/errno.h>
48 #include <linux/types.h>
49 #include <linux/socket.h>
50 #include <linux/sockios.h>
51 #include <linux/sched.h>
52 #include <linux/net.h>
53 #include <linux/in6.h>
54 #include <linux/route.h>
55 #include <linux/init.h>
57 #include <linux/sysctl.h>
60 #include <linux/if_arp.h>
61 #include <linux/ipv6.h>
62 #include <linux/icmpv6.h>
68 #include <net/protocol.h>
69 #include <net/ndisc.h>
70 #include <net/ip6_route.h>
71 #include <net/addrconf.h>
75 #include <net/checksum.h>
76 #include <linux/proc_fs.h>
78 #include <linux/netfilter.h>
79 #include <linux/netfilter_ipv6.h>
81 static struct socket *ndisc_socket;
83 static u32 ndisc_hash(const void *pkey, const struct net_device *dev);
84 static int ndisc_constructor(struct neighbour *neigh);
85 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
86 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
87 static int pndisc_constructor(struct pneigh_entry *n);
88 static void pndisc_destructor(struct pneigh_entry *n);
89 static void pndisc_redo(struct sk_buff *skb);
91 static struct neigh_ops ndisc_generic_ops = {
93 .solicit = ndisc_solicit,
94 .error_report = ndisc_error_report,
95 .output = neigh_resolve_output,
96 .connected_output = neigh_connected_output,
97 .hh_output = dev_queue_xmit,
98 .queue_xmit = dev_queue_xmit,
101 static struct neigh_ops ndisc_hh_ops = {
103 .solicit = ndisc_solicit,
104 .error_report = ndisc_error_report,
105 .output = neigh_resolve_output,
106 .connected_output = neigh_resolve_output,
107 .hh_output = dev_queue_xmit,
108 .queue_xmit = dev_queue_xmit,
112 static struct neigh_ops ndisc_direct_ops = {
114 .output = dev_queue_xmit,
115 .connected_output = dev_queue_xmit,
116 .hh_output = dev_queue_xmit,
117 .queue_xmit = dev_queue_xmit,
120 struct neigh_table nd_tbl = {
122 .entry_size = sizeof(struct neighbour) + sizeof(struct in6_addr),
123 .key_len = sizeof(struct in6_addr),
125 .constructor = ndisc_constructor,
126 .pconstructor = pndisc_constructor,
127 .pdestructor = pndisc_destructor,
128 .proxy_redo = pndisc_redo,
132 .base_reachable_time = 30 * HZ,
133 .retrans_time = 1 * HZ,
134 .gc_staletime = 60 * HZ,
135 .reachable_time = 30 * HZ,
136 .delay_probe_time = 5 * HZ,
140 .anycast_delay = 1 * HZ,
141 .proxy_delay = (8 * HZ) / 10,
144 .gc_interval = 30 * HZ,
151 struct ndisc_options {
152 struct nd_opt_hdr *nd_opt_array[7];
153 struct nd_opt_hdr *nd_opt_piend;
156 #define nd_opts_src_lladdr nd_opt_array[ND_OPT_SOURCE_LL_ADDR]
157 #define nd_opts_tgt_lladdr nd_opt_array[ND_OPT_TARGET_LL_ADDR]
158 #define nd_opts_pi nd_opt_array[ND_OPT_PREFIX_INFO]
159 #define nd_opts_pi_end nd_opt_piend
160 #define nd_opts_rh nd_opt_array[ND_OPT_REDIRECT_HDR]
161 #define nd_opts_mtu nd_opt_array[ND_OPT_MTU]
163 #define NDISC_OPT_SPACE(len) (((len)+2+7)&~7)
165 static u8 *ndisc_fill_option(u8 *opt, int type, void *data, int data_len)
167 int space = NDISC_OPT_SPACE(data_len);
171 memcpy(opt+2, data, data_len);
174 if ((space -= data_len) > 0)
175 memset(opt, 0, space);
179 static struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
180 struct nd_opt_hdr *end)
183 if (!cur || !end || cur >= end)
185 type = cur->nd_opt_type;
187 cur = ((void *)cur) + (cur->nd_opt_len << 3);
188 } while(cur < end && cur->nd_opt_type != type);
189 return (cur <= end && cur->nd_opt_type == type ? cur : NULL);
192 static struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
193 struct ndisc_options *ndopts)
195 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
197 if (!nd_opt || opt_len < 0 || !ndopts)
199 memset(ndopts, 0, sizeof(*ndopts));
202 if (opt_len < sizeof(struct nd_opt_hdr))
204 l = nd_opt->nd_opt_len << 3;
205 if (opt_len < l || l == 0)
207 switch (nd_opt->nd_opt_type) {
208 case ND_OPT_SOURCE_LL_ADDR:
209 case ND_OPT_TARGET_LL_ADDR:
211 case ND_OPT_REDIRECT_HDR:
212 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
213 ND_PRINTK2("ndisc_parse_options(): duplicated ND6 option found: type=%d\n",
214 nd_opt->nd_opt_type);
216 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
219 case ND_OPT_PREFIX_INFO:
220 ndopts->nd_opts_pi_end = nd_opt;
221 if (ndopts->nd_opt_array[nd_opt->nd_opt_type] == 0)
222 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
226 * Unknown options must be silently ignored,
227 * to accommodate future extension to the protocol.
229 ND_PRINTK2(KERN_WARNING
230 "ndisc_parse_options(): ignored unsupported option; type=%d, len=%d\n",
231 nd_opt->nd_opt_type, nd_opt->nd_opt_len);
234 nd_opt = ((void *)nd_opt) + l;
239 int ndisc_mc_map(struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
243 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */
245 ipv6_eth_mc_map(addr, buf);
247 case ARPHRD_IEEE802_TR:
248 ipv6_tr_mc_map(addr,buf);
251 ipv6_arcnet_mc_map(addr, buf);
255 memcpy(buf, dev->broadcast, dev->addr_len);
262 static u32 ndisc_hash(const void *pkey, const struct net_device *dev)
266 hash_val = *(u32*)(pkey + sizeof(struct in6_addr) - 4);
267 hash_val ^= (hash_val>>16);
268 hash_val ^= hash_val>>8;
269 hash_val ^= hash_val>>3;
270 hash_val = (hash_val^dev->ifindex)&NEIGH_HASHMASK;
275 static int ndisc_constructor(struct neighbour *neigh)
277 struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key;
278 struct net_device *dev = neigh->dev;
279 struct inet6_dev *in6_dev = in6_dev_get(dev);
280 int is_multicast = ipv6_addr_is_multicast(addr);
285 if (in6_dev->nd_parms)
286 neigh->parms = in6_dev->nd_parms;
288 neigh->type = is_multicast ? RTN_MULTICAST : RTN_UNICAST;
289 if (dev->hard_header == NULL) {
290 neigh->nud_state = NUD_NOARP;
291 neigh->ops = &ndisc_direct_ops;
292 neigh->output = neigh->ops->queue_xmit;
295 neigh->nud_state = NUD_NOARP;
296 ndisc_mc_map(addr, neigh->ha, dev, 1);
297 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
298 neigh->nud_state = NUD_NOARP;
299 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
300 if (dev->flags&IFF_LOOPBACK)
301 neigh->type = RTN_LOCAL;
302 } else if (dev->flags&IFF_POINTOPOINT) {
303 neigh->nud_state = NUD_NOARP;
304 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
306 if (dev->hard_header_cache)
307 neigh->ops = &ndisc_hh_ops;
309 neigh->ops = &ndisc_generic_ops;
310 if (neigh->nud_state&NUD_VALID)
311 neigh->output = neigh->ops->connected_output;
313 neigh->output = neigh->ops->output;
315 in6_dev_put(in6_dev);
319 static int pndisc_constructor(struct pneigh_entry *n)
321 struct in6_addr *addr = (struct in6_addr*)&n->key;
322 struct in6_addr maddr;
323 struct net_device *dev = n->dev;
325 if (dev == NULL || __in6_dev_get(dev) == NULL)
327 addrconf_addr_solict_mult(addr, &maddr);
328 ipv6_dev_mc_inc(dev, &maddr);
332 static void pndisc_destructor(struct pneigh_entry *n)
334 struct in6_addr *addr = (struct in6_addr*)&n->key;
335 struct in6_addr maddr;
336 struct net_device *dev = n->dev;
338 if (dev == NULL || __in6_dev_get(dev) == NULL)
340 addrconf_addr_solict_mult(addr, &maddr);
341 ipv6_dev_mc_dec(dev, &maddr);
345 * Send a Neighbour Advertisement
348 static inline void ndisc_flow_init(struct flowi *fl, u8 type,
349 struct in6_addr *saddr, struct in6_addr *daddr)
351 memset(fl, 0, sizeof(*fl));
352 ipv6_addr_copy(&fl->fl6_src, saddr);
353 ipv6_addr_copy(&fl->fl6_dst, daddr);
354 fl->proto = IPPROTO_ICMPV6;
355 fl->fl_icmp_type = type;
356 fl->fl_icmp_code = 0;
359 static void inline ndisc_update(struct neighbour *neigh,
360 u8 *lladdr, u32 flags)
363 write_lock_bh(&neigh->lock);
364 notify = __neigh_update(neigh, lladdr, NUD_STALE, flags);
366 if (notify > 0 && neigh->parms->app_probes) {
367 write_unlock_bh(&neigh->lock);
368 neigh_app_notify(neigh);
371 write_unlock_bh(&neigh->lock);
374 static void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
375 struct in6_addr *daddr, struct in6_addr *solicited_addr,
376 int router, int solicited, int override, int inc_opt)
378 struct in6_addr tmpaddr;
379 struct inet6_ifaddr *ifp;
380 struct inet6_dev *idev;
382 struct dst_entry* dst;
383 struct sock *sk = ndisc_socket->sk;
384 struct in6_addr *src_addr;
390 len = sizeof(struct icmp6hdr) + sizeof(struct in6_addr);
392 /* for anycast or proxy, solicited_addr != src_addr */
393 ifp = ipv6_get_ifaddr(solicited_addr, dev, 1);
395 src_addr = solicited_addr;
398 if (ipv6_dev_get_saddr(dev, daddr, &tmpaddr))
403 ndisc_flow_init(&fl, NDISC_NEIGHBOUR_ADVERTISEMENT, src_addr, daddr);
405 dst = ndisc_dst_alloc(dev, neigh, daddr, ip6_output2);
409 err = xfrm_lookup(&dst, &fl, NULL, 0);
417 len += NDISC_OPT_SPACE(dev->addr_len);
422 skb = sock_alloc_send_skb(sk, MAX_HEADER + len + LL_RESERVED_SPACE(dev) + dst->header_len + 64,
426 ND_PRINTK1("send_na: alloc skb failed\n");
431 skb_reserve(skb, LL_RESERVED_SPACE(dev));
432 ip6_nd_hdr(sk, skb, dev, src_addr, daddr, IPPROTO_ICMPV6, len);
434 msg = (struct nd_msg *)skb_put(skb, len);
435 skb->h.raw = (unsigned char*)msg;
437 msg->icmph.icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT;
438 msg->icmph.icmp6_code = 0;
439 msg->icmph.icmp6_cksum = 0;
441 msg->icmph.icmp6_unused = 0;
442 msg->icmph.icmp6_router = router;
443 msg->icmph.icmp6_solicited = solicited;
444 msg->icmph.icmp6_override = !!override;
446 /* Set the target address. */
447 ipv6_addr_copy(&msg->target, solicited_addr);
450 ndisc_fill_option(msg->opt, ND_OPT_TARGET_LL_ADDR, dev->dev_addr, dev->addr_len);
453 msg->icmph.icmp6_cksum = csum_ipv6_magic(src_addr, daddr, len,
455 csum_partial((__u8 *) msg,
459 idev = in6_dev_get(dst->dev);
460 err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, dst_output);
462 ICMP6_INC_STATS(idev, Icmp6OutNeighborAdvertisements);
463 ICMP6_INC_STATS(idev, Icmp6OutMsgs);
466 if (likely(idev != NULL))
470 void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh,
471 struct in6_addr *solicit,
472 struct in6_addr *daddr, struct in6_addr *saddr)
475 struct dst_entry* dst;
476 struct inet6_dev *idev;
477 struct sock *sk = ndisc_socket->sk;
480 struct in6_addr addr_buf;
486 if (ipv6_get_lladdr(dev, &addr_buf))
491 ndisc_flow_init(&fl, NDISC_NEIGHBOUR_SOLICITATION, saddr, daddr);
493 dst = ndisc_dst_alloc(dev, neigh, daddr, ip6_output2);
497 err = xfrm_lookup(&dst, &fl, NULL, 0);
503 len = sizeof(struct icmp6hdr) + sizeof(struct in6_addr);
504 send_llinfo = dev->addr_len && !ipv6_addr_any(saddr);
506 len += NDISC_OPT_SPACE(dev->addr_len);
508 skb = sock_alloc_send_skb(sk, MAX_HEADER + len + LL_RESERVED_SPACE(dev) + dst->header_len + 64,
511 ND_PRINTK1("send_ns: alloc skb failed\n");
516 skb_reserve(skb, LL_RESERVED_SPACE(dev));
517 ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len);
519 msg = (struct nd_msg *)skb_put(skb, len);
520 skb->h.raw = (unsigned char*)msg;
521 msg->icmph.icmp6_type = NDISC_NEIGHBOUR_SOLICITATION;
522 msg->icmph.icmp6_code = 0;
523 msg->icmph.icmp6_cksum = 0;
524 msg->icmph.icmp6_unused = 0;
526 /* Set the target address. */
527 ipv6_addr_copy(&msg->target, solicit);
530 ndisc_fill_option(msg->opt, ND_OPT_SOURCE_LL_ADDR, dev->dev_addr, dev->addr_len);
533 msg->icmph.icmp6_cksum = csum_ipv6_magic(&skb->nh.ipv6h->saddr,
536 csum_partial((__u8 *) msg,
540 idev = in6_dev_get(dst->dev);
541 err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, dst_output);
543 ICMP6_INC_STATS(idev, Icmp6OutNeighborSolicits);
544 ICMP6_INC_STATS(idev, Icmp6OutMsgs);
547 if (likely(idev != NULL))
551 void ndisc_send_rs(struct net_device *dev, struct in6_addr *saddr,
552 struct in6_addr *daddr)
555 struct dst_entry* dst;
556 struct inet6_dev *idev;
557 struct sock *sk = ndisc_socket->sk;
559 struct icmp6hdr *hdr;
564 ndisc_flow_init(&fl, NDISC_ROUTER_SOLICITATION, saddr, daddr);
566 dst = ndisc_dst_alloc(dev, NULL, daddr, ip6_output2);
570 err = xfrm_lookup(&dst, &fl, NULL, 0);
576 len = sizeof(struct icmp6hdr);
578 len += NDISC_OPT_SPACE(dev->addr_len);
580 skb = sock_alloc_send_skb(sk, MAX_HEADER + len + LL_RESERVED_SPACE(dev) + dst->header_len + 64,
583 ND_PRINTK1("send_ns: alloc skb failed\n");
588 skb_reserve(skb, LL_RESERVED_SPACE(dev));
589 ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len);
591 hdr = (struct icmp6hdr *)skb_put(skb, len);
592 skb->h.raw = (unsigned char*)hdr;
593 hdr->icmp6_type = NDISC_ROUTER_SOLICITATION;
595 hdr->icmp6_cksum = 0;
596 hdr->icmp6_unused = 0;
598 opt = (u8*) (hdr + 1);
601 ndisc_fill_option(opt, ND_OPT_SOURCE_LL_ADDR, dev->dev_addr, dev->addr_len);
604 hdr->icmp6_cksum = csum_ipv6_magic(&skb->nh.ipv6h->saddr, daddr, len,
606 csum_partial((__u8 *) hdr, len, 0));
610 idev = in6_dev_get(dst->dev);
611 err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, dst_output);
613 ICMP6_INC_STATS(idev, Icmp6OutRouterSolicits);
614 ICMP6_INC_STATS(idev, Icmp6OutMsgs);
617 if (likely(idev != NULL))
622 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
625 * "The sender MUST return an ICMP
626 * destination unreachable"
628 dst_link_failure(skb);
632 /* Called with locked neigh: either read or both */
634 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
636 struct in6_addr *saddr = NULL;
637 struct in6_addr mcaddr;
638 struct net_device *dev = neigh->dev;
639 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
640 int probes = atomic_read(&neigh->probes);
642 if (skb && ipv6_chk_addr(&skb->nh.ipv6h->saddr, dev, 1))
643 saddr = &skb->nh.ipv6h->saddr;
645 if ((probes -= neigh->parms->ucast_probes) < 0) {
646 if (!(neigh->nud_state&NUD_VALID))
647 ND_PRINTK1("trying to ucast probe in NUD_INVALID\n");
648 ndisc_send_ns(dev, neigh, target, target, saddr);
649 } else if ((probes -= neigh->parms->app_probes) < 0) {
654 addrconf_addr_solict_mult(target, &mcaddr);
655 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr);
659 static void ndisc_recv_ns(struct sk_buff *skb)
661 struct nd_msg *msg = (struct nd_msg *)skb->h.raw;
662 struct in6_addr *saddr = &skb->nh.ipv6h->saddr;
663 struct in6_addr *daddr = &skb->nh.ipv6h->daddr;
666 u32 ndoptlen = skb->tail - msg->opt;
667 struct ndisc_options ndopts;
668 struct net_device *dev = skb->dev;
669 struct inet6_ifaddr *ifp;
670 struct inet6_dev *idev = NULL;
671 struct neighbour *neigh;
672 int dad = ipv6_addr_any(saddr);
675 if (ipv6_addr_is_multicast(&msg->target)) {
677 printk(KERN_WARNING "ICMP NS: target address is multicast\n");
683 * DAD has to be destined for solicited node multicast address.
686 !(daddr->s6_addr32[0] == htonl(0xff020000) &&
687 daddr->s6_addr32[1] == htonl(0x00000000) &&
688 daddr->s6_addr32[2] == htonl(0x00000001) &&
689 daddr->s6_addr [12] == 0xff )) {
691 printk(KERN_DEBUG "ICMP6 NS: bad DAD packet (wrong destination)\n");
695 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
697 printk(KERN_WARNING "ICMP NS: invalid ND option, ignored.\n");
701 if (ndopts.nd_opts_src_lladdr) {
702 lladdr = (u8*)(ndopts.nd_opts_src_lladdr + 1);
703 lladdrlen = ndopts.nd_opts_src_lladdr->nd_opt_len << 3;
704 if (lladdrlen != NDISC_OPT_SPACE(dev->addr_len)) {
706 printk(KERN_WARNING "ICMP NS: bad lladdr length.\n");
711 * If the IP source address is the unspecified address,
712 * there MUST NOT be source link-layer address option
717 printk(KERN_WARNING "ICMP6 NS: bad DAD packet (link-layer address option)\n");
722 inc = ipv6_addr_is_multicast(daddr);
724 if ((ifp = ipv6_get_ifaddr(&msg->target, dev, 1)) != NULL) {
725 if (ifp->flags & IFA_F_TENTATIVE) {
726 /* Address is tentative. If the source
727 is unspecified address, it is someone
728 does DAD, otherwise we ignore solicitations
729 until DAD timer expires.
733 if (dev->type == ARPHRD_IEEE802_TR) {
734 unsigned char *sadr = skb->mac.raw;
735 if (((sadr[8] ^ dev->dev_addr[0]) & 0x7f) == 0 &&
736 sadr[9] == dev->dev_addr[1] &&
737 sadr[10] == dev->dev_addr[2] &&
738 sadr[11] == dev->dev_addr[3] &&
739 sadr[12] == dev->dev_addr[4] &&
740 sadr[13] == dev->dev_addr[5]) {
741 /* looped-back to us */
745 addrconf_dad_failure(ifp);
751 idev = in6_dev_get(dev);
753 /* XXX: count this drop? */
757 if (ipv6_chk_acast_addr(dev, &msg->target) ||
758 (idev->cnf.forwarding &&
759 pneigh_lookup(&nd_tbl, &msg->target, dev, 0))) {
760 if (skb->stamp.tv_sec != 0 &&
761 skb->pkt_type != PACKET_HOST &&
763 idev->nd_parms->proxy_delay != 0) {
765 * for anycast or proxy,
766 * sender should delay its response
767 * by a random time between 0 and
768 * MAX_ANYCAST_DELAY_TIME seconds.
770 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
772 pneigh_enqueue(&nd_tbl, idev->nd_parms, n);
780 struct in6_addr maddr;
782 ipv6_addr_all_nodes(&maddr);
783 #ifdef CONFIG_IPV6_NDISC_NEW
784 ndisc_send_na(dev, NULL, &maddr, &msg->target,
785 idev->cnf.forwarding, 0, ifp && inc, inc);
787 ndisc_send_na(dev, NULL, &maddr, &msg->target,
788 idev->cnf.forwarding, 0, ifp != NULL, inc);
794 nd_tbl.stats.rcv_probes_mcast++;
796 nd_tbl.stats.rcv_probes_ucast++;
799 * update / create cache entry
800 * for the source address
802 #ifdef CONFIG_IPV6_NDISC_NEW
803 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, !inc || lladdr || !skb->dev->addr_len);
805 ndisc_update(neigh, lladdr, NEIGH_UPDATE_F_IP6NS);
806 ndisc_send_na(dev, neigh, saddr, &msg->target,
807 idev->cnf.forwarding, 1, (ifp && inc) , inc);
808 neigh_release(neigh);
811 neigh = neigh_event_ns(&nd_tbl, lladdr, saddr, dev);
813 if (neigh || !dev->hard_header) {
814 ndisc_send_na(dev, neigh, saddr, &msg->target,
815 idev->cnf.forwarding, 1, ifp != NULL, 1);
817 neigh_release(neigh);
830 static void ndisc_recv_na(struct sk_buff *skb)
832 struct nd_msg *msg = (struct nd_msg *)skb->h.raw;
833 struct in6_addr *saddr = &skb->nh.ipv6h->saddr;
834 struct in6_addr *daddr = &skb->nh.ipv6h->daddr;
837 u32 ndoptlen = skb->tail - msg->opt;
838 struct ndisc_options ndopts;
839 struct net_device *dev = skb->dev;
840 struct inet6_ifaddr *ifp;
841 struct neighbour *neigh;
843 if (skb->len < sizeof(struct nd_msg)) {
845 printk(KERN_WARNING "ICMP NA: packet too short\n");
849 if (ipv6_addr_is_multicast(&msg->target)) {
851 printk(KERN_WARNING "NDISC NA: target address is multicast\n");
855 if (ipv6_addr_is_multicast(daddr) &&
856 msg->icmph.icmp6_solicited) {
857 ND_PRINTK0("NDISC: solicited NA is multicasted\n");
861 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
863 printk(KERN_WARNING "ICMP NS: invalid ND option, ignored.\n");
866 if (ndopts.nd_opts_tgt_lladdr) {
867 lladdr = (u8*)(ndopts.nd_opts_tgt_lladdr + 1);
868 lladdrlen = ndopts.nd_opts_tgt_lladdr->nd_opt_len << 3;
869 if (lladdrlen != NDISC_OPT_SPACE(dev->addr_len)) {
871 printk(KERN_WARNING "NDISC NA: invalid lladdr length.\n");
875 if ((ifp = ipv6_get_ifaddr(&msg->target, dev, 1))) {
876 if (ifp->flags & IFA_F_TENTATIVE) {
877 addrconf_dad_failure(ifp);
880 /* What should we make now? The advertisement
881 is invalid, but ndisc specs say nothing
882 about it. It could be misconfiguration, or
883 an smart proxy agent tries to help us :-)
885 ND_PRINTK0("%s: someone advertises our address!\n",
886 ifp->idev->dev->name);
890 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
893 #ifdef CONFIG_IPV6_NDISC_NEW
897 write_lock_bh(&neigh->lock);
898 if (!(neigh->nud_state & ~NUD_FAILED))
901 was_router = neigh->flags & NTF_ROUTER;
903 notify = __neigh_update(neigh, lladdr,
904 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
905 (NEIGH_UPDATE_F_IP6NA|
906 (msg->icmph.icmp6_override ? NEIGH_UPDATE_F_OVERRIDE : 0) |
907 (msg->icmph.icmp6_router ? NEIGH_UPDATE_F_ISROUTER : 0)));
909 if (was_router && !(neigh->flags & NTF_ROUTER)) {
911 * Change: router to host
914 rt = rt6_get_dflt_router(saddr, dev);
916 ip6_del_rt(rt, NULL, NULL);
919 if (neigh->flags & NTF_ROUTER) {
920 if (msg->icmph.icmp6_router == 0) {
922 * Change: router to host
925 rt = rt6_get_dflt_router(saddr, dev);
927 ip6_del_rt(rt, NULL, NULL);
930 if (msg->icmph.icmp6_router)
931 neigh->flags |= NTF_ROUTER;
934 neigh_update(neigh, lladdr,
935 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
936 msg->icmph.icmp6_override, 1);
938 #ifdef CONFIG_IPV6_NDISC_NEW
941 if (notify > 0 && neigh->parms->app_probes) {
942 write_unlock_bh(&neigh->lock);
943 neigh_app_notify(neigh);
946 write_unlock_bh(&neigh->lock);
948 neigh_release(neigh);
952 static void ndisc_recv_rs(struct sk_buff *skb)
954 struct rs_msg *rs_msg = (struct rs_msg *) skb->h.raw;
955 unsigned long ndoptlen = skb->len - sizeof(*rs_msg);
956 struct neighbour *neigh;
957 struct inet6_dev *idev;
958 struct in6_addr *saddr = &skb->nh.ipv6h->saddr;
959 struct ndisc_options ndopts;
963 if (skb->len < sizeof(*rs_msg))
966 idev = in6_dev_get(skb->dev);
969 ND_PRINTK1("ICMP6 RS: can't find in6 device\n");
973 /* Don't accept RS if we're not in router mode */
974 if (!idev->cnf.forwarding || idev->cnf.accept_ra)
978 * Don't update NCE if src = ::;
979 * this implies that the source node has no ip address assigned yet.
981 if (ipv6_addr_any(saddr))
984 /* Parse ND options */
985 if (!ndisc_parse_options(rs_msg->opt, ndoptlen, &ndopts)) {
987 ND_PRINTK2("ICMP6 NS: invalid ND option, ignored\n");
991 if (ndopts.nd_opts_src_lladdr) {
992 lladdr = (u8 *)(ndopts.nd_opts_src_lladdr + 1);
993 lladdrlen = ndopts.nd_opts_src_lladdr->nd_opt_len << 3;
994 if (lladdrlen != NDISC_OPT_SPACE(skb->dev->addr_len))
998 neigh = __neigh_lookup(&nd_tbl, saddr, skb->dev, 1);
1000 #ifdef CONFIG_IPV6_NDISC_NEW
1001 ndisc_update(neigh, lladdr, NEIGH_UPDATE_F_IP6RS);
1003 neigh_update(neigh, lladdr, NUD_STALE, 1, 1);
1005 neigh_release(neigh);
1011 static void ndisc_router_discovery(struct sk_buff *skb)
1013 struct ra_msg *ra_msg = (struct ra_msg *) skb->h.raw;
1014 struct neighbour *neigh;
1015 struct inet6_dev *in6_dev;
1016 struct rt6_info *rt;
1018 struct ndisc_options ndopts;
1021 __u8 * opt = (__u8 *)(ra_msg + 1);
1023 optlen = (skb->tail - skb->h.raw) - sizeof(struct ra_msg);
1025 if (!(ipv6_addr_type(&skb->nh.ipv6h->saddr) & IPV6_ADDR_LINKLOCAL)) {
1026 if (net_ratelimit())
1027 printk(KERN_WARNING "ICMP RA: source address is not linklocal\n");
1031 if (net_ratelimit())
1032 printk(KERN_WARNING "ICMP RA: packet too short\n");
1037 * set the RA_RECV flag in the interface
1040 in6_dev = in6_dev_get(skb->dev);
1041 if (in6_dev == NULL) {
1042 ND_PRINTK1("RA: can't find in6 device\n");
1045 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_ra) {
1046 in6_dev_put(in6_dev);
1050 if (!ndisc_parse_options(opt, optlen, &ndopts)) {
1051 in6_dev_put(in6_dev);
1052 if (net_ratelimit())
1053 ND_PRINTK2(KERN_WARNING
1054 "ICMP6 RA: invalid ND option, ignored.\n");
1058 if (in6_dev->if_flags & IF_RS_SENT) {
1060 * flag that an RA was received after an RS was sent
1061 * out on this interface.
1063 in6_dev->if_flags |= IF_RA_RCVD;
1067 * Remember the managed/otherconf flags from most recently
1068 * received RA message (RFC 2462) -- yoshfuji
1070 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
1072 (ra_msg->icmph.icmp6_addrconf_managed ?
1073 IF_RA_MANAGED : 0) |
1074 (ra_msg->icmph.icmp6_addrconf_other ?
1075 IF_RA_OTHERCONF : 0);
1077 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
1079 rt = rt6_get_dflt_router(&skb->nh.ipv6h->saddr, skb->dev);
1081 if (rt && lifetime == 0) {
1082 ip6_del_rt(rt, NULL, NULL);
1086 if (rt == NULL && lifetime) {
1087 ND_PRINTK2("ndisc_rdisc: adding default router\n");
1089 rt = rt6_add_dflt_router(&skb->nh.ipv6h->saddr, skb->dev);
1091 ND_PRINTK1("route_add failed\n");
1092 in6_dev_put(in6_dev);
1096 neigh = rt->rt6i_nexthop;
1097 if (neigh == NULL) {
1098 ND_PRINTK1("nd: add default router: null neighbour\n");
1099 dst_release(&rt->u.dst);
1100 in6_dev_put(in6_dev);
1103 neigh->flags |= NTF_ROUTER;
1106 * If we where using an "all destinations on link" route
1110 rt6_purge_dflt_routers(RTF_ALLONLINK);
1114 rt->rt6i_expires = jiffies + (HZ * lifetime);
1116 if (ra_msg->icmph.icmp6_hop_limit)
1117 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1120 * Update Reachable Time and Retrans Timer
1123 if (in6_dev->nd_parms) {
1124 __u32 rtime = ntohl(ra_msg->retrans_timer);
1126 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1127 rtime = (rtime*HZ)/1000;
1130 in6_dev->nd_parms->retrans_time = rtime;
1131 in6_dev->tstamp = jiffies;
1132 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1135 rtime = ntohl(ra_msg->reachable_time);
1136 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1137 rtime = (rtime*HZ)/1000;
1142 if (rtime != in6_dev->nd_parms->base_reachable_time) {
1143 in6_dev->nd_parms->base_reachable_time = rtime;
1144 in6_dev->nd_parms->gc_staletime = 3 * rtime;
1145 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1146 in6_dev->tstamp = jiffies;
1147 inet6_ifinfo_notify(RTM_NEWLINK, in6_dev);
1156 if (rt && (neigh = rt->rt6i_nexthop) != NULL) {
1159 if (ndopts.nd_opts_src_lladdr) {
1160 lladdr = (u8*)((ndopts.nd_opts_src_lladdr)+1);
1161 lladdrlen = ndopts.nd_opts_src_lladdr->nd_opt_len << 3;
1162 if (lladdrlen != NDISC_OPT_SPACE(skb->dev->addr_len)) {
1163 if (net_ratelimit())
1164 ND_PRINTK2(KERN_WARNING
1165 "ICMP6 RA: Invalid lladdr length.\n");
1169 #ifdef CONFIG_IPV6_NDISC_NEW
1170 ndisc_update(neigh, lladdr, NEIGH_UPDATE_F_IP6RA);
1172 neigh_update(neigh, lladdr, NUD_STALE, 1, 1);
1176 if (ndopts.nd_opts_pi) {
1177 struct nd_opt_hdr *p;
1178 for (p = ndopts.nd_opts_pi;
1180 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1181 addrconf_prefix_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3);
1185 if (ndopts.nd_opts_mtu) {
1188 memcpy(&mtu, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1191 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1192 if (net_ratelimit()) {
1193 ND_PRINTK0("NDISC: router announcement with mtu = %d\n",
1196 } else if (in6_dev->cnf.mtu6 != mtu) {
1197 in6_dev->cnf.mtu6 = mtu;
1200 rt->u.dst.metrics[RTAX_MTU-1] = mtu;
1202 rt6_mtu_change(skb->dev, mtu);
1206 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1207 if (net_ratelimit())
1208 ND_PRINTK0(KERN_WARNING
1209 "ICMP6 RA: got invalid option with RA");
1213 dst_release(&rt->u.dst);
1214 in6_dev_put(in6_dev);
1217 static void ndisc_redirect_rcv(struct sk_buff *skb)
1219 struct inet6_dev *in6_dev;
1220 struct icmp6hdr *icmph;
1221 struct in6_addr *dest;
1222 struct in6_addr *target; /* new first hop to destination */
1223 struct neighbour *neigh;
1225 struct ndisc_options ndopts;
1230 if (!(ipv6_addr_type(&skb->nh.ipv6h->saddr) & IPV6_ADDR_LINKLOCAL)) {
1231 if (net_ratelimit())
1232 printk(KERN_WARNING "ICMP redirect: source address is not linklocal\n");
1236 optlen = skb->tail - skb->h.raw;
1237 optlen -= sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1240 if (net_ratelimit())
1241 printk(KERN_WARNING "ICMP redirect: packet too small\n");
1245 icmph = (struct icmp6hdr *) skb->h.raw;
1246 target = (struct in6_addr *) (icmph + 1);
1249 if (ipv6_addr_is_multicast(dest)) {
1250 if (net_ratelimit())
1251 printk(KERN_WARNING "ICMP redirect for multicast addr\n");
1255 if (ipv6_addr_cmp(dest, target) == 0) {
1257 } else if (!(ipv6_addr_type(target) & IPV6_ADDR_LINKLOCAL)) {
1258 if (net_ratelimit())
1259 printk(KERN_WARNING "ICMP redirect: target address is not linklocal\n");
1263 in6_dev = in6_dev_get(skb->dev);
1266 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects) {
1267 in6_dev_put(in6_dev);
1271 /* XXX: RFC2461 8.1:
1272 * The IP source address of the Redirect MUST be the same as the current
1273 * first-hop router for the specified ICMP Destination Address.
1276 if (!ndisc_parse_options((u8*)(dest + 1), optlen, &ndopts)) {
1277 if (net_ratelimit())
1278 ND_PRINTK2(KERN_WARNING
1279 "ICMP6 Redirect: invalid ND options, rejected.\n");
1280 in6_dev_put(in6_dev);
1283 if (ndopts.nd_opts_tgt_lladdr) {
1284 lladdr = (u8*)(ndopts.nd_opts_tgt_lladdr + 1);
1285 lladdrlen = ndopts.nd_opts_tgt_lladdr->nd_opt_len << 3;
1286 if (lladdrlen != NDISC_OPT_SPACE(skb->dev->addr_len)) {
1287 if (net_ratelimit())
1288 ND_PRINTK2(KERN_WARNING
1289 "ICMP6 Redirect: invalid lladdr length.\n");
1290 in6_dev_put(in6_dev);
1294 /* passed validation tests */
1297 We install redirect only if nexthop state is valid.
1300 neigh = __neigh_lookup(&nd_tbl, target, skb->dev, 1);
1302 #ifdef CONFIG_IPV6_NDISC_NEW
1303 rt6_redirect(dest, &skb->nh.ipv6h->saddr, neigh, on_link);
1305 if (neigh->nud_state&NUD_VALID) {
1306 if (!rt6_redirect(dest, &skb->nh.ipv6h->saddr, neigh, NULL, on_link))
1307 neigh_update(neigh, lladdr, NUD_STALE, 1, 1);
1309 write_lock_bh(&neigh->lock);
1310 __neigh_event_send(neigh, NULL);
1311 write_unlock_bh(&neigh->lock);
1314 neigh_release(neigh);
1316 in6_dev_put(in6_dev);
1319 void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh,
1320 struct in6_addr *target)
1322 struct sock *sk = ndisc_socket->sk;
1323 int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1324 struct sk_buff *buff;
1325 struct icmp6hdr *icmph;
1326 struct in6_addr saddr_buf;
1327 struct in6_addr *addrp;
1328 struct net_device *dev;
1329 struct rt6_info *rt;
1330 struct dst_entry *dst;
1331 struct inet6_dev *idev;
1340 if (ipv6_get_lladdr(dev, &saddr_buf)) {
1341 ND_PRINTK1("redirect: no link_local addr for dev\n");
1345 ndisc_flow_init(&fl, NDISC_REDIRECT, &saddr_buf, &skb->nh.ipv6h->saddr);
1347 rt = rt6_lookup(&skb->nh.ipv6h->saddr, NULL, dev->ifindex, 1);
1352 err = xfrm_lookup(&dst, &fl, NULL, 0);
1358 rt = (struct rt6_info *) dst;
1360 if (rt->rt6i_flags & RTF_GATEWAY) {
1361 ND_PRINTK1("ndisc_send_redirect: not a neighbour\n");
1365 if (!xrlim_allow(dst, 1*HZ)) {
1370 if (dev->addr_len) {
1371 if (neigh->nud_state&NUD_VALID) {
1372 len += NDISC_OPT_SPACE(dev->addr_len);
1374 /* If nexthop is not valid, do not redirect!
1375 We will make it later, when will be sure,
1383 rd_len = min_t(unsigned int,
1384 IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8);
1388 buff = sock_alloc_send_skb(sk, MAX_HEADER + len + LL_RESERVED_SPACE(dev) + dst->header_len + 64,
1391 ND_PRINTK1("ndisc_send_redirect: alloc_skb failed\n");
1398 skb_reserve(buff, LL_RESERVED_SPACE(dev));
1399 ip6_nd_hdr(sk, buff, dev, &saddr_buf, &skb->nh.ipv6h->saddr,
1400 IPPROTO_ICMPV6, len);
1402 icmph = (struct icmp6hdr *)skb_put(buff, len);
1403 buff->h.raw = (unsigned char*)icmph;
1405 memset(icmph, 0, sizeof(struct icmp6hdr));
1406 icmph->icmp6_type = NDISC_REDIRECT;
1409 * copy target and destination addresses
1412 addrp = (struct in6_addr *)(icmph + 1);
1413 ipv6_addr_copy(addrp, target);
1415 ipv6_addr_copy(addrp, &skb->nh.ipv6h->daddr);
1417 opt = (u8*) (addrp + 1);
1420 * include target_address option
1424 opt = ndisc_fill_option(opt, ND_OPT_TARGET_LL_ADDR, neigh->ha, dev->addr_len);
1427 * build redirect option and copy skb over to the new packet.
1431 *(opt++) = ND_OPT_REDIRECT_HDR;
1432 *(opt++) = (rd_len >> 3);
1435 memcpy(opt, skb->nh.ipv6h, rd_len - 8);
1437 icmph->icmp6_cksum = csum_ipv6_magic(&saddr_buf, &skb->nh.ipv6h->saddr,
1438 len, IPPROTO_ICMPV6,
1439 csum_partial((u8 *) icmph, len, 0));
1442 idev = in6_dev_get(dst->dev);
1443 err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, buff, NULL, dst->dev, dst_output);
1445 ICMP6_INC_STATS(idev, Icmp6OutRedirects);
1446 ICMP6_INC_STATS(idev, Icmp6OutMsgs);
1449 if (likely(idev != NULL))
1453 static void pndisc_redo(struct sk_buff *skb)
1459 int ndisc_rcv(struct sk_buff *skb)
1463 if (!pskb_may_pull(skb, skb->len))
1466 msg = (struct nd_msg *) skb->h.raw;
1468 __skb_push(skb, skb->data-skb->h.raw);
1470 if (skb->nh.ipv6h->hop_limit != 255) {
1471 if (net_ratelimit())
1473 "ICMP NDISC: fake message with non-255 Hop Limit received: %d\n",
1474 skb->nh.ipv6h->hop_limit);
1478 if (msg->icmph.icmp6_code != 0) {
1479 if (net_ratelimit())
1480 printk(KERN_WARNING "ICMP NDISC: code is not zero\n");
1484 switch (msg->icmph.icmp6_type) {
1485 case NDISC_NEIGHBOUR_SOLICITATION:
1489 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1493 case NDISC_ROUTER_SOLICITATION:
1497 case NDISC_ROUTER_ADVERTISEMENT:
1498 ndisc_router_discovery(skb);
1501 case NDISC_REDIRECT:
1502 ndisc_redirect_rcv(skb);
1509 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1511 struct net_device *dev = ptr;
1514 case NETDEV_CHANGEADDR:
1515 neigh_changeaddr(&nd_tbl, dev);
1525 struct notifier_block ndisc_netdev_notifier = {
1526 .notifier_call = ndisc_netdev_event,
1529 #ifdef CONFIG_SYSCTL
1530 int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, struct file * filp, void __user *buffer, size_t *lenp)
1532 struct net_device *dev = ctl->extra1;
1533 struct inet6_dev *idev;
1535 if (write && dev && (idev = in6_dev_get(dev)) != NULL) {
1536 idev->tstamp = jiffies;
1537 inet6_ifinfo_notify(RTM_NEWLINK, idev);
1540 return proc_dointvec(ctl, write, filp, buffer, lenp);
1544 int __init ndisc_init(struct net_proto_family *ops)
1546 struct ipv6_pinfo *np;
1550 err = sock_create(PF_INET6, SOCK_RAW, IPPROTO_ICMPV6, &ndisc_socket);
1553 "Failed to initialize the NDISC control socket (err %d).\n",
1555 ndisc_socket = NULL; /* For safety. */
1559 sk = ndisc_socket->sk;
1561 sk->sk_allocation = GFP_ATOMIC;
1562 np->hop_limit = 255;
1563 /* Do not loopback ndisc messages */
1565 sk->sk_prot->unhash(sk);
1568 * Initialize the neighbour table
1571 neigh_table_init(&nd_tbl);
1573 #ifdef CONFIG_SYSCTL
1574 neigh_sysctl_register(NULL, &nd_tbl.parms, NET_IPV6, NET_IPV6_NEIGH,
1575 "ipv6", &ndisc_ifinfo_sysctl_change);
1578 register_netdevice_notifier(&ndisc_netdev_notifier);
1582 void ndisc_cleanup(void)
1584 #ifdef CONFIG_SYSCTL
1585 neigh_sysctl_unregister(&nd_tbl.parms);
1587 neigh_table_clear(&nd_tbl);
1588 sock_release(ndisc_socket);
1589 ndisc_socket = NULL; /* For safety. */