2 * Neighbour Discovery for IPv6
3 * Linux INET6 implementation
6 * Pedro Roque <pedro_m@yahoo.com>
7 * Mike Shaver <shaver@ingenia.com>
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version
12 * 2 of the License, or (at your option) any later version.
18 * Lars Fenneberg : fixed MTU setting on receipt
21 * Janos Farkas : kmalloc failure checks
22 * Alexey Kuznetsov : state machine reworked
23 * and moved to net/core.
24 * Pekka Savola : RFC2461 validation
25 * YOSHIFUJI Hideaki @USAGI : Verify ND options properly
28 /* Set to 3 to get tracing... */
31 #define ND_PRINTK(x...) printk(KERN_DEBUG x)
32 #define ND_NOPRINTK(x...) do { ; } while(0)
33 #define ND_PRINTK0 ND_PRINTK
34 #define ND_PRINTK1 ND_NOPRINTK
35 #define ND_PRINTK2 ND_NOPRINTK
38 #define ND_PRINTK1 ND_PRINTK
42 #define ND_PRINTK2 ND_PRINTK
45 #include <linux/module.h>
46 #include <linux/config.h>
47 #include <linux/errno.h>
48 #include <linux/types.h>
49 #include <linux/socket.h>
50 #include <linux/sockios.h>
51 #include <linux/sched.h>
52 #include <linux/net.h>
53 #include <linux/in6.h>
54 #include <linux/route.h>
55 #include <linux/init.h>
57 #include <linux/sysctl.h>
60 #include <linux/if_arp.h>
61 #include <linux/ipv6.h>
62 #include <linux/icmpv6.h>
63 #include <linux/jhash.h>
69 #include <net/protocol.h>
70 #include <net/ndisc.h>
71 #include <net/ip6_route.h>
72 #include <net/addrconf.h>
75 #include <net/checksum.h>
76 #include <linux/proc_fs.h>
78 static struct socket *ndisc_socket;
80 static u32 ndisc_hash(const void *pkey, const struct net_device *dev);
81 static int ndisc_constructor(struct neighbour *neigh);
82 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb);
83 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb);
84 static int pndisc_constructor(struct pneigh_entry *n);
85 static void pndisc_destructor(struct pneigh_entry *n);
86 static void pndisc_redo(struct sk_buff *skb);
88 static struct neigh_ops ndisc_generic_ops =
95 neigh_connected_output,
100 static struct neigh_ops ndisc_hh_ops =
106 neigh_resolve_output,
107 neigh_resolve_output,
113 static struct neigh_ops ndisc_direct_ops =
125 struct neigh_table nd_tbl =
129 sizeof(struct neighbour) + sizeof(struct in6_addr),
130 sizeof(struct in6_addr),
137 { NULL, NULL, &nd_tbl, 0, NULL, NULL,
138 30*HZ, 1*HZ, 60*HZ, 30*HZ, 5*HZ, 3, 3, 0, 3, 1*HZ, (8*HZ)/10, 64, 0 },
139 30*HZ, 128, 512, 1024,
142 #define NDISC_OPT_SPACE(len) (((len)+2+7)&~7)
144 static u8 *ndisc_fill_option(u8 *opt, int type, void *data, int data_len)
146 int space = NDISC_OPT_SPACE(data_len);
150 memcpy(opt+2, data, data_len);
153 if ((space -= data_len) > 0)
154 memset(opt, 0, space);
158 struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur,
159 struct nd_opt_hdr *end)
162 if (!cur || !end || cur >= end)
164 type = cur->nd_opt_type;
166 cur = ((void *)cur) + (cur->nd_opt_len << 3);
167 } while(cur < end && cur->nd_opt_type != type);
168 return (cur <= end && cur->nd_opt_type == type ? cur : NULL);
171 struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
172 struct ndisc_options *ndopts)
174 struct nd_opt_hdr *nd_opt = (struct nd_opt_hdr *)opt;
176 if (!nd_opt || opt_len < 0 || !ndopts)
178 memset(ndopts, 0, sizeof(*ndopts));
181 if (opt_len < sizeof(struct nd_opt_hdr))
183 l = nd_opt->nd_opt_len << 3;
184 if (opt_len < l || l == 0)
186 switch (nd_opt->nd_opt_type) {
187 case ND_OPT_SOURCE_LL_ADDR:
188 case ND_OPT_TARGET_LL_ADDR:
190 case ND_OPT_REDIRECT_HDR:
191 if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
192 ND_PRINTK2((KERN_WARNING
193 "ndisc_parse_options(): duplicated ND6 option found: type=%d\n",
194 nd_opt->nd_opt_type));
196 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
199 case ND_OPT_PREFIX_INFO:
200 ndopts->nd_opts_pi_end = nd_opt;
201 if (ndopts->nd_opt_array[nd_opt->nd_opt_type] == 0)
202 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
206 * Unknown options must be silently ignored,
207 * to accomodate future extension to the protocol.
209 ND_PRINTK2(KERN_WARNING
210 "ndisc_parse_options(): ignored unsupported option; type=%d, len=%d\n",
211 nd_opt->nd_opt_type, nd_opt->nd_opt_len);
214 nd_opt = ((void *)nd_opt) + l;
219 int ndisc_mc_map(struct in6_addr *addr, char *buf, struct net_device *dev, int dir)
223 case ARPHRD_IEEE802: /* Not sure. Check it later. --ANK */
225 ipv6_eth_mc_map(addr, buf);
227 case ARPHRD_IEEE802_TR:
228 ipv6_tr_mc_map(addr,buf);
231 ipv6_arcnet_mc_map(addr, buf);
235 memcpy(buf, dev->broadcast, dev->addr_len);
242 static u32 ndisc_hash(const void *pkey, const struct net_device *dev)
244 const u32 *p32 = pkey;
248 for (i = 0; i < (sizeof(struct in6_addr) / sizeof(u32)); i++)
251 return jhash_2words(addr_hash, dev->ifindex, nd_tbl.hash_rnd);
254 static int ndisc_constructor(struct neighbour *neigh)
256 struct in6_addr *addr = (struct in6_addr*)&neigh->primary_key;
257 struct net_device *dev = neigh->dev;
258 struct inet6_dev *in6_dev = in6_dev_get(dev);
264 addr_type = ipv6_addr_type(addr);
265 if (in6_dev->nd_parms)
266 neigh->parms = in6_dev->nd_parms;
268 if (addr_type&IPV6_ADDR_MULTICAST)
269 neigh->type = RTN_MULTICAST;
271 neigh->type = RTN_UNICAST;
272 if (dev->hard_header == NULL) {
273 neigh->nud_state = NUD_NOARP;
274 neigh->ops = &ndisc_direct_ops;
275 neigh->output = neigh->ops->queue_xmit;
277 if (addr_type&IPV6_ADDR_MULTICAST) {
278 neigh->nud_state = NUD_NOARP;
279 ndisc_mc_map(addr, neigh->ha, dev, 1);
280 } else if (dev->flags&(IFF_NOARP|IFF_LOOPBACK)) {
281 neigh->nud_state = NUD_NOARP;
282 memcpy(neigh->ha, dev->dev_addr, dev->addr_len);
283 if (dev->flags&IFF_LOOPBACK)
284 neigh->type = RTN_LOCAL;
285 } else if (dev->flags&IFF_POINTOPOINT) {
286 neigh->nud_state = NUD_NOARP;
287 memcpy(neigh->ha, dev->broadcast, dev->addr_len);
289 if (dev->hard_header_cache)
290 neigh->ops = &ndisc_hh_ops;
292 neigh->ops = &ndisc_generic_ops;
293 if (neigh->nud_state&NUD_VALID)
294 neigh->output = neigh->ops->connected_output;
296 neigh->output = neigh->ops->output;
298 in6_dev_put(in6_dev);
302 static int pndisc_constructor(struct pneigh_entry *n)
304 struct in6_addr *addr = (struct in6_addr*)&n->key;
305 struct in6_addr maddr;
306 struct net_device *dev = n->dev;
308 if (dev == NULL || __in6_dev_get(dev) == NULL)
310 addrconf_addr_solict_mult(addr, &maddr);
311 ipv6_dev_mc_inc(dev, &maddr);
315 static void pndisc_destructor(struct pneigh_entry *n)
317 struct in6_addr *addr = (struct in6_addr*)&n->key;
318 struct in6_addr maddr;
319 struct net_device *dev = n->dev;
321 if (dev == NULL || __in6_dev_get(dev) == NULL)
323 addrconf_addr_solict_mult(addr, &maddr);
324 ipv6_dev_mc_dec(dev, &maddr);
330 ndisc_build_ll_hdr(struct sk_buff *skb, struct net_device *dev,
331 struct in6_addr *daddr, struct neighbour *neigh, int len)
333 unsigned char ha[MAX_ADDR_LEN];
334 unsigned char *h_dest = NULL;
336 skb_reserve(skb, (dev->hard_header_len + 15) & ~15);
338 if (dev->hard_header) {
339 if (ipv6_addr_type(daddr) & IPV6_ADDR_MULTICAST) {
340 ndisc_mc_map(daddr, ha, dev, 1);
343 read_lock_bh(&neigh->lock);
344 if (neigh->nud_state&NUD_VALID) {
345 memcpy(ha, neigh->ha, dev->addr_len);
348 read_unlock_bh(&neigh->lock);
350 neigh = neigh_lookup(&nd_tbl, daddr, dev);
352 read_lock_bh(&neigh->lock);
353 if (neigh->nud_state&NUD_VALID) {
354 memcpy(ha, neigh->ha, dev->addr_len);
357 read_unlock_bh(&neigh->lock);
358 neigh_release(neigh);
362 if (dev->hard_header(skb, dev, ETH_P_IPV6, h_dest, NULL, len) < 0)
371 * Send a Neighbour Advertisement
374 void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
375 struct in6_addr *daddr, struct in6_addr *solicited_addr,
376 int router, int solicited, int override, int inc_opt)
378 static struct in6_addr tmpaddr;
379 struct inet6_ifaddr *ifp;
380 struct sock *sk = ndisc_socket->sk;
381 struct in6_addr *src_addr;
387 len = sizeof(struct icmp6hdr) + sizeof(struct in6_addr);
391 len += NDISC_OPT_SPACE(dev->addr_len);
396 skb = sock_alloc_send_skb(sk, MAX_HEADER + len + dev->hard_header_len + 15,
400 ND_PRINTK1("send_na: alloc skb failed\n");
403 /* for anycast or proxy, solicited_addr != src_addr */
404 ifp = ipv6_get_ifaddr(solicited_addr, dev);
406 src_addr = solicited_addr;
409 if (ipv6_dev_get_saddr(dev, daddr, &tmpaddr, 0))
414 if (ndisc_build_ll_hdr(skb, dev, daddr, neigh, len) == 0) {
419 ip6_nd_hdr(sk, skb, dev, src_addr, daddr, IPPROTO_ICMPV6, len);
421 msg = (struct nd_msg *) skb_put(skb, len);
423 msg->icmph.icmp6_type = NDISC_NEIGHBOUR_ADVERTISEMENT;
424 msg->icmph.icmp6_code = 0;
425 msg->icmph.icmp6_cksum = 0;
427 msg->icmph.icmp6_unused = 0;
428 msg->icmph.icmp6_router = router;
429 msg->icmph.icmp6_solicited = solicited;
430 msg->icmph.icmp6_override = !!override;
432 /* Set the target address. */
433 ipv6_addr_copy(&msg->target, solicited_addr);
436 ndisc_fill_option(msg->opt, ND_OPT_TARGET_LL_ADDR, dev->dev_addr, dev->addr_len);
439 msg->icmph.icmp6_cksum = csum_ipv6_magic(src_addr, daddr, len,
441 csum_partial((__u8 *) msg,
446 ICMP6_INC_STATS(Icmp6OutNeighborAdvertisements);
447 ICMP6_INC_STATS(Icmp6OutMsgs);
450 void ndisc_send_ns(struct net_device *dev, struct neighbour *neigh,
451 struct in6_addr *solicit,
452 struct in6_addr *daddr, struct in6_addr *saddr)
454 struct sock *sk = ndisc_socket->sk;
457 struct in6_addr addr_buf;
463 if (ipv6_get_lladdr(dev, &addr_buf))
468 len = sizeof(struct icmp6hdr) + sizeof(struct in6_addr);
469 send_llinfo = dev->addr_len && ipv6_addr_type(saddr) != IPV6_ADDR_ANY;
471 len += NDISC_OPT_SPACE(dev->addr_len);
473 skb = sock_alloc_send_skb(sk, MAX_HEADER + len + dev->hard_header_len + 15,
476 ND_PRINTK1("send_ns: alloc skb failed\n");
480 if (ndisc_build_ll_hdr(skb, dev, daddr, neigh, len) == 0) {
485 ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len);
487 msg = (struct nd_msg *)skb_put(skb, len);
488 msg->icmph.icmp6_type = NDISC_NEIGHBOUR_SOLICITATION;
489 msg->icmph.icmp6_code = 0;
490 msg->icmph.icmp6_cksum = 0;
491 msg->icmph.icmp6_unused = 0;
493 /* Set the target address. */
494 ipv6_addr_copy(&msg->target, solicit);
497 ndisc_fill_option(msg->opt, ND_OPT_SOURCE_LL_ADDR, dev->dev_addr, dev->addr_len);
500 msg->icmph.icmp6_cksum = csum_ipv6_magic(&skb->nh.ipv6h->saddr,
503 csum_partial((__u8 *) msg,
508 ICMP6_INC_STATS(Icmp6OutNeighborSolicits);
509 ICMP6_INC_STATS(Icmp6OutMsgs);
512 void ndisc_send_rs(struct net_device *dev, struct in6_addr *saddr,
513 struct in6_addr *daddr)
515 struct sock *sk = ndisc_socket->sk;
517 struct icmp6hdr *hdr;
522 len = sizeof(struct icmp6hdr);
524 len += NDISC_OPT_SPACE(dev->addr_len);
526 skb = sock_alloc_send_skb(sk, MAX_HEADER + len + dev->hard_header_len + 15,
529 ND_PRINTK1("send_ns: alloc skb failed\n");
533 if (ndisc_build_ll_hdr(skb, dev, daddr, NULL, len) == 0) {
538 ip6_nd_hdr(sk, skb, dev, saddr, daddr, IPPROTO_ICMPV6, len);
540 hdr = (struct icmp6hdr *) skb_put(skb, len);
541 hdr->icmp6_type = NDISC_ROUTER_SOLICITATION;
543 hdr->icmp6_cksum = 0;
544 hdr->icmp6_unused = 0;
546 opt = (u8*) (hdr + 1);
549 ndisc_fill_option(opt, ND_OPT_SOURCE_LL_ADDR, dev->dev_addr, dev->addr_len);
552 hdr->icmp6_cksum = csum_ipv6_magic(&skb->nh.ipv6h->saddr, daddr, len,
554 csum_partial((__u8 *) hdr, len, 0));
559 ICMP6_INC_STATS(Icmp6OutRouterSolicits);
560 ICMP6_INC_STATS(Icmp6OutMsgs);
564 static void ndisc_error_report(struct neighbour *neigh, struct sk_buff *skb)
567 * "The sender MUST return an ICMP
568 * destination unreachable"
570 dst_link_failure(skb);
574 /* Called with locked neigh: either read or both */
576 static void ndisc_solicit(struct neighbour *neigh, struct sk_buff *skb)
578 struct in6_addr *saddr = NULL;
579 struct in6_addr mcaddr;
580 struct net_device *dev = neigh->dev;
581 struct in6_addr *target = (struct in6_addr *)&neigh->primary_key;
582 int probes = atomic_read(&neigh->probes);
584 if (skb && ipv6_chk_addr(&skb->nh.ipv6h->saddr, dev))
585 saddr = &skb->nh.ipv6h->saddr;
587 if ((probes -= neigh->parms->ucast_probes) < 0) {
588 if (!(neigh->nud_state&NUD_VALID))
589 ND_PRINTK1("trying to ucast probe in NUD_INVALID\n");
590 ndisc_send_ns(dev, neigh, target, target, saddr);
591 } else if ((probes -= neigh->parms->app_probes) < 0) {
596 addrconf_addr_solict_mult(target, &mcaddr);
597 ndisc_send_ns(dev, NULL, target, &mcaddr, saddr);
601 void ndisc_recv_ns(struct sk_buff *skb)
603 struct nd_msg *msg = (struct nd_msg *)skb->h.raw;
604 struct in6_addr *saddr = &skb->nh.ipv6h->saddr;
605 struct in6_addr *daddr = &skb->nh.ipv6h->daddr;
608 u32 ndoptlen = skb->tail - msg->opt;
609 struct ndisc_options ndopts;
610 struct net_device *dev = skb->dev;
611 struct inet6_ifaddr *ifp;
612 struct neighbour *neigh;
614 if (skb->len < sizeof(struct nd_msg)) {
616 printk(KERN_WARNING "ICMP NS: packet too short\n");
620 if (ipv6_addr_type(&msg->target)&IPV6_ADDR_MULTICAST) {
622 printk(KERN_WARNING "ICMP NS: target address is multicast\n");
626 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
628 printk(KERN_WARNING "ICMP NS: invalid ND option, ignored.\n");
632 if (ndopts.nd_opts_src_lladdr) {
633 lladdr = (u8*)(ndopts.nd_opts_src_lladdr + 1);
634 lladdrlen = ndopts.nd_opts_src_lladdr->nd_opt_len << 3;
635 if (lladdrlen != NDISC_OPT_SPACE(dev->addr_len)) {
637 printk(KERN_WARNING "ICMP NS: bad lladdr length.\n");
642 /* XXX: RFC2461 7.1.1:
643 * If the IP source address is the unspecified address, there
644 * MUST NOT be source link-layer address option in the message.
646 * NOTE! Linux kernel < 2.4.4 broke this rule.
649 /* XXX: RFC2461 7.1.1:
650 * If the IP source address is the unspecified address, the IP
651 * destination address MUST be a solicited-node multicast address.
654 if ((ifp = ipv6_get_ifaddr(&msg->target, dev)) != NULL) {
655 int addr_type = ipv6_addr_type(saddr);
657 if (ifp->flags & IFA_F_TENTATIVE) {
658 /* Address is tentative. If the source
659 is unspecified address, it is someone
660 does DAD, otherwise we ignore solicitations
661 until DAD timer expires.
663 if (addr_type == IPV6_ADDR_ANY) {
664 if (dev->type == ARPHRD_IEEE802_TR) {
665 unsigned char *sadr = skb->mac.raw ;
666 if (((sadr[8] &0x7f) != (dev->dev_addr[0] & 0x7f)) ||
667 (sadr[9] != dev->dev_addr[1]) ||
668 (sadr[10] != dev->dev_addr[2]) ||
669 (sadr[11] != dev->dev_addr[3]) ||
670 (sadr[12] != dev->dev_addr[4]) ||
671 (sadr[13] != dev->dev_addr[5]))
673 addrconf_dad_failure(ifp) ;
676 addrconf_dad_failure(ifp);
683 if (addr_type == IPV6_ADDR_ANY) {
684 struct in6_addr maddr;
686 ipv6_addr_all_nodes(&maddr);
687 ndisc_send_na(dev, NULL, &maddr, &ifp->addr,
688 ifp->idev->cnf.forwarding, 0,
689 ipv6_addr_type(&ifp->addr)&IPV6_ADDR_ANYCAST ? 0 : 1,
695 if (addr_type & IPV6_ADDR_UNICAST) {
696 int inc = ipv6_addr_type(daddr)&IPV6_ADDR_MULTICAST;
699 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
701 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
704 * update / create cache entry
705 * for the source adddress
708 neigh = neigh_event_ns(&nd_tbl, lladdr, saddr, dev);
710 if (neigh || !dev->hard_header) {
711 ndisc_send_na(dev, neigh, saddr, &ifp->addr,
712 ifp->idev->cnf.forwarding, 1,
713 ipv6_addr_type(&ifp->addr)&IPV6_ADDR_ANYCAST ? 0 : 1,
716 neigh_release(neigh);
720 } else if (ipv6_chk_acast_addr(dev, &msg->target)) {
721 struct inet6_dev *idev = in6_dev_get(dev);
722 int addr_type = ipv6_addr_type(saddr);
727 /* XXX: count this drop? */
731 if (addr_type == IPV6_ADDR_ANY) {
732 struct in6_addr maddr;
734 ipv6_addr_all_nodes(&maddr);
735 ndisc_send_na(dev, NULL, &maddr, &msg->target,
736 idev->cnf.forwarding, 0, 0, 1);
741 if (addr_type & IPV6_ADDR_UNICAST) {
742 int inc = ipv6_addr_type(daddr)&IPV6_ADDR_MULTICAST;
744 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_mcast);
746 NEIGH_CACHE_STAT_INC(&nd_tbl, rcv_probes_ucast);
749 * update / create cache entry
750 * for the source adddress
753 neigh = neigh_event_ns(&nd_tbl, lladdr, saddr, skb->dev);
755 if (neigh || !dev->hard_header) {
756 ndisc_send_na(dev, neigh, saddr,
758 idev->cnf.forwarding, 1, 0, inc);
760 neigh_release(neigh);
765 struct inet6_dev *in6_dev = in6_dev_get(dev);
766 int addr_type = ipv6_addr_type(saddr);
768 if (in6_dev && in6_dev->cnf.forwarding &&
769 (addr_type & IPV6_ADDR_UNICAST) &&
770 pneigh_lookup(&nd_tbl, &msg->target, dev, 0)) {
771 int inc = ipv6_addr_type(daddr)&IPV6_ADDR_MULTICAST;
773 if (skb->stamp.tv_sec == 0 ||
774 skb->pkt_type == PACKET_HOST ||
776 in6_dev->nd_parms->proxy_delay == 0) {
778 NEIGH_CACHE_STAT_INC(&nd_tbl,
781 NEIGH_CACHE_STAT_INC(&nd_tbl,
784 neigh = neigh_event_ns(&nd_tbl, lladdr, saddr, dev);
787 ndisc_send_na(dev, neigh, saddr, &msg->target,
789 neigh_release(neigh);
792 struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
794 pneigh_enqueue(&nd_tbl, in6_dev->nd_parms, n);
795 in6_dev_put(in6_dev);
800 in6_dev_put(in6_dev);
805 void ndisc_recv_na(struct sk_buff *skb)
807 struct nd_msg *msg = (struct nd_msg *)skb->h.raw;
808 struct in6_addr *saddr = &skb->nh.ipv6h->saddr;
809 struct in6_addr *daddr = &skb->nh.ipv6h->daddr;
812 u32 ndoptlen = skb->tail - msg->opt;
813 struct ndisc_options ndopts;
814 struct net_device *dev = skb->dev;
815 struct inet6_ifaddr *ifp;
816 struct neighbour *neigh;
818 if (skb->len < sizeof(struct nd_msg)) {
820 printk(KERN_WARNING "ICMP NA: packet too short\n");
824 if (ipv6_addr_type(&msg->target)&IPV6_ADDR_MULTICAST) {
826 printk(KERN_WARNING "NDISC NA: target address is multicast\n");
830 if ((ipv6_addr_type(daddr)&IPV6_ADDR_MULTICAST) &&
831 msg->icmph.icmp6_solicited) {
832 ND_PRINTK0("NDISC: solicited NA is multicasted\n");
836 if (!ndisc_parse_options(msg->opt, ndoptlen, &ndopts)) {
838 printk(KERN_WARNING "ICMP NS: invalid ND option, ignored.\n");
841 if (ndopts.nd_opts_tgt_lladdr) {
842 lladdr = (u8*)(ndopts.nd_opts_tgt_lladdr + 1);
843 lladdrlen = ndopts.nd_opts_tgt_lladdr->nd_opt_len << 3;
844 if (lladdrlen != NDISC_OPT_SPACE(dev->addr_len)) {
846 printk(KERN_WARNING "NDISC NA: invalid lladdr length.\n");
850 if ((ifp = ipv6_get_ifaddr(&msg->target, dev))) {
851 if (ifp->flags & IFA_F_TENTATIVE) {
852 addrconf_dad_failure(ifp);
855 /* What should we make now? The advertisement
856 is invalid, but ndisc specs say nothing
857 about it. It could be misconfiguration, or
858 an smart proxy agent tries to help us :-)
860 ND_PRINTK0("%s: someone advertises our address!\n",
861 ifp->idev->dev->name);
865 neigh = neigh_lookup(&nd_tbl, &msg->target, dev);
868 if (neigh->flags & NTF_ROUTER) {
869 if (msg->icmph.icmp6_router == 0) {
871 * Change: router to host
874 rt = rt6_get_dflt_router(saddr, dev);
876 /* It is safe only because
878 dst_release(&rt->u.dst);
879 ip6_del_rt(rt, NULL, NULL);
883 if (msg->icmph.icmp6_router)
884 neigh->flags |= NTF_ROUTER;
887 neigh_update(neigh, lladdr,
888 msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE,
889 msg->icmph.icmp6_override, 1);
890 neigh_release(neigh);
894 static void ndisc_router_discovery(struct sk_buff *skb)
896 struct ra_msg *ra_msg = (struct ra_msg *) skb->h.raw;
897 struct neighbour *neigh;
898 struct inet6_dev *in6_dev;
901 struct ndisc_options ndopts;
904 __u8 * opt = (__u8 *)(ra_msg + 1);
906 optlen = (skb->tail - skb->h.raw) - sizeof(struct ra_msg);
908 if (!(ipv6_addr_type(&skb->nh.ipv6h->saddr) & IPV6_ADDR_LINKLOCAL)) {
910 printk(KERN_WARNING "ICMP RA: source address is not linklocal\n");
915 printk(KERN_WARNING "ICMP RA: packet too short\n");
920 * set the RA_RECV flag in the interface
923 in6_dev = in6_dev_get(skb->dev);
924 if (in6_dev == NULL) {
925 ND_PRINTK1("RA: can't find in6 device\n");
928 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_ra) {
929 in6_dev_put(in6_dev);
933 if (!ndisc_parse_options(opt, optlen, &ndopts)) {
934 in6_dev_put(in6_dev);
936 ND_PRINTK2(KERN_WARNING
937 "ICMP6 RA: invalid ND option, ignored.\n");
941 if (in6_dev->if_flags & IF_RS_SENT) {
943 * flag that an RA was received after an RS was sent
944 * out on this interface.
946 in6_dev->if_flags |= IF_RA_RCVD;
950 * Remember the managed/otherconf flags from most recently
951 * received RA message (RFC 2462) -- yoshfuji
953 in6_dev->if_flags = (in6_dev->if_flags & ~(IF_RA_MANAGED |
955 (ra_msg->icmph.icmp6_addrconf_managed ?
957 (ra_msg->icmph.icmp6_addrconf_other ?
958 IF_RA_OTHERCONF : 0);
960 lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
962 rt = rt6_get_dflt_router(&skb->nh.ipv6h->saddr, skb->dev);
964 if (rt && lifetime == 0) {
965 ip6_del_rt(rt, NULL, NULL);
969 if (rt == NULL && lifetime) {
970 ND_PRINTK2("ndisc_rdisc: adding default router\n");
972 rt = rt6_add_dflt_router(&skb->nh.ipv6h->saddr, skb->dev);
974 ND_PRINTK1("route_add failed\n");
975 in6_dev_put(in6_dev);
979 neigh = rt->rt6i_nexthop;
981 ND_PRINTK1("nd: add default router: null neighbour\n");
982 dst_release(&rt->u.dst);
983 in6_dev_put(in6_dev);
986 neigh->flags |= NTF_ROUTER;
989 * If we where using an "all destinations on link" route
993 rt6_purge_dflt_routers(RTF_ALLONLINK);
997 rt->rt6i_expires = jiffies + (HZ * lifetime);
999 if (ra_msg->icmph.icmp6_hop_limit)
1000 in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
1003 * Update Reachable Time and Retrans Timer
1006 if (in6_dev->nd_parms) {
1007 unsigned long rtime = ntohl(ra_msg->retrans_timer);
1009 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/HZ) {
1010 rtime = (rtime*HZ)/1000;
1013 in6_dev->nd_parms->retrans_time = rtime;
1016 rtime = ntohl(ra_msg->reachable_time);
1017 if (rtime && rtime/1000 < MAX_SCHEDULE_TIMEOUT/(3*HZ)) {
1018 rtime = (rtime*HZ)/1000;
1023 if (rtime != in6_dev->nd_parms->base_reachable_time) {
1024 in6_dev->nd_parms->base_reachable_time = rtime;
1025 in6_dev->nd_parms->gc_staletime = 3 * rtime;
1026 in6_dev->nd_parms->reachable_time = neigh_rand_reach_time(rtime);
1035 if (rt && (neigh = rt->rt6i_nexthop) != NULL) {
1038 if (ndopts.nd_opts_src_lladdr) {
1039 lladdr = (u8*)((ndopts.nd_opts_src_lladdr)+1);
1040 lladdrlen = ndopts.nd_opts_src_lladdr->nd_opt_len << 3;
1041 if (lladdrlen != NDISC_OPT_SPACE(skb->dev->addr_len)) {
1042 if (net_ratelimit())
1043 ND_PRINTK2(KERN_WARNING
1044 "ICMP6 RA: Invalid lladdr length.\n");
1048 neigh_update(neigh, lladdr, NUD_STALE, 1, 1);
1051 if (ndopts.nd_opts_pi) {
1052 struct nd_opt_hdr *p;
1053 for (p = ndopts.nd_opts_pi;
1055 p = ndisc_next_option(p, ndopts.nd_opts_pi_end)) {
1056 addrconf_prefix_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3);
1060 if (ndopts.nd_opts_mtu) {
1063 memcpy(&mtu, ((u8*)(ndopts.nd_opts_mtu+1))+2, sizeof(mtu));
1066 if (mtu < IPV6_MIN_MTU || mtu > skb->dev->mtu) {
1067 if (net_ratelimit()) {
1068 ND_PRINTK0("NDISC: router announcement with mtu = %d\n",
1073 if (in6_dev->cnf.mtu6 != mtu) {
1074 in6_dev->cnf.mtu6 = mtu;
1077 rt->u.dst.pmtu = mtu;
1079 rt6_mtu_change(skb->dev, mtu);
1083 if (ndopts.nd_opts_tgt_lladdr || ndopts.nd_opts_rh) {
1084 if (net_ratelimit())
1085 ND_PRINTK0(KERN_WARNING
1086 "ICMP6 RA: got illegal option with RA");
1090 dst_release(&rt->u.dst);
1091 in6_dev_put(in6_dev);
1094 static void ndisc_redirect_rcv(struct sk_buff *skb)
1096 struct inet6_dev *in6_dev;
1097 struct icmp6hdr *icmph;
1098 struct in6_addr *dest;
1099 struct in6_addr *target; /* new first hop to destination */
1100 struct neighbour *neigh;
1102 struct ndisc_options ndopts;
1107 if (!(ipv6_addr_type(&skb->nh.ipv6h->saddr) & IPV6_ADDR_LINKLOCAL)) {
1108 if (net_ratelimit())
1109 printk(KERN_WARNING "ICMP redirect: source address is not linklocal\n");
1113 optlen = skb->tail - skb->h.raw;
1114 optlen -= sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1117 if (net_ratelimit())
1118 printk(KERN_WARNING "ICMP redirect: packet too small\n");
1122 icmph = (struct icmp6hdr *) skb->h.raw;
1123 target = (struct in6_addr *) (icmph + 1);
1126 if (ipv6_addr_type(dest) & IPV6_ADDR_MULTICAST) {
1127 if (net_ratelimit())
1128 printk(KERN_WARNING "ICMP redirect for multicast addr\n");
1132 if (ipv6_addr_cmp(dest, target) == 0) {
1134 } else if (!(ipv6_addr_type(target) & IPV6_ADDR_LINKLOCAL)) {
1135 if (net_ratelimit())
1136 printk(KERN_WARNING "ICMP redirect: target address is not linklocal\n");
1140 in6_dev = in6_dev_get(skb->dev);
1143 if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects) {
1144 in6_dev_put(in6_dev);
1148 /* XXX: RFC2461 8.1:
1149 * The IP source address of the Redirect MUST be the same as the current
1150 * first-hop router for the specified ICMP Destination Address.
1153 if (!ndisc_parse_options((u8*)(dest + 1), optlen, &ndopts)) {
1154 if (net_ratelimit())
1155 ND_PRINTK2(KERN_WARNING
1156 "ICMP6 Redirect: invalid ND options, rejected.\n");
1157 in6_dev_put(in6_dev);
1160 if (ndopts.nd_opts_tgt_lladdr) {
1161 lladdr = (u8*)(ndopts.nd_opts_tgt_lladdr + 1);
1162 lladdrlen = ndopts.nd_opts_tgt_lladdr->nd_opt_len << 3;
1163 if (lladdrlen != NDISC_OPT_SPACE(skb->dev->addr_len)) {
1164 if (net_ratelimit())
1165 ND_PRINTK2(KERN_WARNING
1166 "ICMP6 Redirect: invalid lladdr length.\n");
1167 in6_dev_put(in6_dev);
1171 /* passed validation tests */
1174 We install redirect only if nexthop state is valid.
1177 neigh = __neigh_lookup(&nd_tbl, target, skb->dev, 1);
1179 neigh_update(neigh, lladdr, NUD_STALE, 1, 1);
1180 if (neigh->nud_state&NUD_VALID)
1181 rt6_redirect(dest, &skb->nh.ipv6h->saddr, neigh, on_link);
1183 __neigh_event_send(neigh, NULL);
1184 neigh_release(neigh);
1186 in6_dev_put(in6_dev);
1189 void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh,
1190 struct in6_addr *target)
1192 struct sock *sk = ndisc_socket->sk;
1193 int len = sizeof(struct icmp6hdr) + 2 * sizeof(struct in6_addr);
1194 struct sk_buff *buff;
1195 struct icmp6hdr *icmph;
1196 struct in6_addr saddr_buf;
1197 struct in6_addr *addrp;
1198 struct net_device *dev;
1199 struct rt6_info *rt;
1206 rt = rt6_lookup(&skb->nh.ipv6h->saddr, NULL, dev->ifindex, 1);
1211 if (rt->rt6i_flags & RTF_GATEWAY) {
1212 ND_PRINTK1("ndisc_send_redirect: not a neighbour\n");
1213 dst_release(&rt->u.dst);
1216 if (!xrlim_allow(&rt->u.dst, 1*HZ)) {
1217 dst_release(&rt->u.dst);
1220 dst_release(&rt->u.dst);
1222 if (dev->addr_len) {
1223 if (neigh->nud_state&NUD_VALID) {
1224 len += NDISC_OPT_SPACE(dev->addr_len);
1226 /* If nexthop is not valid, do not redirect!
1227 We will make it later, when will be sure,
1234 rd_len = min_t(unsigned int,
1235 IPV6_MIN_MTU-sizeof(struct ipv6hdr)-len, skb->len + 8);
1239 if (ipv6_get_lladdr(dev, &saddr_buf)) {
1240 ND_PRINTK1("redirect: no link_local addr for dev\n");
1244 buff = sock_alloc_send_skb(sk, MAX_HEADER + len + dev->hard_header_len + 15,
1247 ND_PRINTK1("ndisc_send_redirect: alloc_skb failed\n");
1253 if (ndisc_build_ll_hdr(buff, dev, &skb->nh.ipv6h->saddr, NULL, len) == 0) {
1258 ip6_nd_hdr(sk, buff, dev, &saddr_buf, &skb->nh.ipv6h->saddr,
1259 IPPROTO_ICMPV6, len);
1261 icmph = (struct icmp6hdr *) skb_put(buff, len);
1263 memset(icmph, 0, sizeof(struct icmp6hdr));
1264 icmph->icmp6_type = NDISC_REDIRECT;
1267 * copy target and destination addresses
1270 addrp = (struct in6_addr *)(icmph + 1);
1271 ipv6_addr_copy(addrp, target);
1273 ipv6_addr_copy(addrp, &skb->nh.ipv6h->daddr);
1275 opt = (u8*) (addrp + 1);
1278 * include target_address option
1282 opt = ndisc_fill_option(opt, ND_OPT_TARGET_LL_ADDR, neigh->ha, dev->addr_len);
1285 * build redirect option and copy skb over to the new packet.
1289 *(opt++) = ND_OPT_REDIRECT_HDR;
1290 *(opt++) = (rd_len >> 3);
1293 memcpy(opt, skb->nh.ipv6h, rd_len - 8);
1295 icmph->icmp6_cksum = csum_ipv6_magic(&saddr_buf, &skb->nh.ipv6h->saddr,
1296 len, IPPROTO_ICMPV6,
1297 csum_partial((u8 *) icmph, len, 0));
1299 dev_queue_xmit(buff);
1301 ICMP6_INC_STATS(Icmp6OutRedirects);
1302 ICMP6_INC_STATS(Icmp6OutMsgs);
1305 static void pndisc_redo(struct sk_buff *skb)
1311 int ndisc_rcv(struct sk_buff *skb)
1313 struct nd_msg *msg = (struct nd_msg *) skb->h.raw;
1315 __skb_push(skb, skb->data-skb->h.raw);
1317 if (skb->nh.ipv6h->hop_limit != 255) {
1318 if (net_ratelimit())
1320 "ICMP NDISC: fake message with non-255 Hop Limit received: %d\n",
1321 skb->nh.ipv6h->hop_limit);
1325 if (msg->icmph.icmp6_code != 0) {
1326 if (net_ratelimit())
1327 printk(KERN_WARNING "ICMP NDISC: code is not zero\n");
1331 switch (msg->icmph.icmp6_type) {
1332 case NDISC_NEIGHBOUR_SOLICITATION:
1336 case NDISC_NEIGHBOUR_ADVERTISEMENT:
1340 case NDISC_ROUTER_ADVERTISEMENT:
1341 ndisc_router_discovery(skb);
1344 case NDISC_REDIRECT:
1345 ndisc_redirect_rcv(skb);
1352 static int ndisc_netdev_event(struct notifier_block *this, unsigned long event, void *ptr)
1354 struct net_device *dev = ptr;
1357 case NETDEV_CHANGEADDR:
1358 neigh_changeaddr(&nd_tbl, dev);
1368 struct notifier_block ndisc_netdev_notifier = {
1369 .notifier_call = ndisc_netdev_event,
1372 int __init ndisc_init(struct net_proto_family *ops)
1377 ndisc_socket = sock_alloc();
1378 if (ndisc_socket == NULL) {
1380 "Failed to create the NDISC control socket.\n");
1383 ndisc_socket->inode->i_uid = 0;
1384 ndisc_socket->inode->i_gid = 0;
1385 ndisc_socket->type = SOCK_RAW;
1387 if((err = ops->create(ndisc_socket, IPPROTO_ICMPV6)) < 0) {
1389 "Failed to initialize the NDISC control socket (err %d).\n",
1391 sock_release(ndisc_socket);
1392 ndisc_socket = NULL; /* For safety. */
1396 sk = ndisc_socket->sk;
1397 sk->allocation = GFP_ATOMIC;
1398 sk->net_pinfo.af_inet6.hop_limit = 255;
1399 /* Do not loopback ndisc messages */
1400 sk->net_pinfo.af_inet6.mc_loop = 0;
1401 sk->prot->unhash(sk);
1404 * Initialize the neighbour table
1407 neigh_table_init(&nd_tbl);
1409 #ifdef CONFIG_SYSCTL
1410 neigh_sysctl_register(NULL, &nd_tbl.parms, NET_IPV6, NET_IPV6_NEIGH, "ipv6");
1413 register_netdevice_notifier(&ndisc_netdev_notifier);
1417 void ndisc_cleanup(void)
1419 neigh_table_clear(&nd_tbl);
1420 sock_release(ndisc_socket);
1421 ndisc_socket = NULL; /* For safety. */