aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/linux/if_tunnel.h18
-rw-r--r--include/linux/skbuff.h3
-rw-r--r--include/net/ipip.h7
-rw-r--r--include/net/ndisc.h9
-rw-r--r--net/ipv6/ndisc.c24
-rw-r--r--net/ipv6/route.c2
-rw-r--r--net/ipv6/sit.c186
7 files changed, 199 insertions, 50 deletions
diff --git a/include/linux/if_tunnel.h b/include/linux/if_tunnel.h
index 228eb4eb3129..f20c224d544c 100644
--- a/include/linux/if_tunnel.h
+++ b/include/linux/if_tunnel.h
@@ -7,6 +7,9 @@
7#define SIOCADDTUNNEL (SIOCDEVPRIVATE + 1) 7#define SIOCADDTUNNEL (SIOCDEVPRIVATE + 1)
8#define SIOCDELTUNNEL (SIOCDEVPRIVATE + 2) 8#define SIOCDELTUNNEL (SIOCDEVPRIVATE + 2)
9#define SIOCCHGTUNNEL (SIOCDEVPRIVATE + 3) 9#define SIOCCHGTUNNEL (SIOCDEVPRIVATE + 3)
10#define SIOCADDPRL (SIOCDEVPRIVATE + 5)
11#define SIOCDELPRL (SIOCDEVPRIVATE + 6)
12#define SIOCCHGPRL (SIOCDEVPRIVATE + 7)
10 13
11#define GRE_CSUM __constant_htons(0x8000) 14#define GRE_CSUM __constant_htons(0x8000)
12#define GRE_ROUTING __constant_htons(0x4000) 15#define GRE_ROUTING __constant_htons(0x4000)
@@ -17,9 +20,6 @@
17#define GRE_FLAGS __constant_htons(0x00F8) 20#define GRE_FLAGS __constant_htons(0x00F8)
18#define GRE_VERSION __constant_htons(0x0007) 21#define GRE_VERSION __constant_htons(0x0007)
19 22
20/* i_flags values for SIT mode */
21#define SIT_ISATAP 0x0001
22
23struct ip_tunnel_parm 23struct ip_tunnel_parm
24{ 24{
25 char name[IFNAMSIZ]; 25 char name[IFNAMSIZ];
@@ -31,4 +31,16 @@ struct ip_tunnel_parm
31 struct iphdr iph; 31 struct iphdr iph;
32}; 32};
33 33
34/* SIT-mode i_flags */
35#define SIT_ISATAP 0x0001
36
37struct ip_tunnel_prl {
38 __be32 addr;
39 __u16 flags;
40 __u16 __reserved;
41};
42
43/* PRL flags */
44#define PRL_DEFAULT 0x0001
45
34#endif /* _IF_TUNNEL_H_ */ 46#endif /* _IF_TUNNEL_H_ */
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
index ff72145d5d9e..e10e55c9b081 100644
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -313,7 +313,8 @@ struct sk_buff {
313 __u16 tc_verd; /* traffic control verdict */ 313 __u16 tc_verd; /* traffic control verdict */
314#endif 314#endif
315#endif 315#endif
316 /* 2 byte hole */ 316 __u8 ndisc_nodetype:2;
317 /* 14 bit hole */
317 318
318#ifdef CONFIG_NET_DMA 319#ifdef CONFIG_NET_DMA
319 dma_cookie_t dma_cookie; 320 dma_cookie_t dma_cookie;
diff --git a/include/net/ipip.h b/include/net/ipip.h
index 549e132bca9c..205536a014e8 100644
--- a/include/net/ipip.h
+++ b/include/net/ipip.h
@@ -24,6 +24,13 @@ struct ip_tunnel
24 int mlink; 24 int mlink;
25 25
26 struct ip_tunnel_parm parms; 26 struct ip_tunnel_parm parms;
27 struct ip_tunnel_prl_entry *prl; /* potential router list */
28};
29
30struct ip_tunnel_prl_entry
31{
32 struct ip_tunnel_prl_entry *next;
33 struct ip_tunnel_prl entry;
27}; 34};
28 35
29#define IPTUNNEL_XMIT() do { \ 36#define IPTUNNEL_XMIT() do { \
diff --git a/include/net/ndisc.h b/include/net/ndisc.h
index 5aedf324de66..9f2bae68d28c 100644
--- a/include/net/ndisc.h
+++ b/include/net/ndisc.h
@@ -12,6 +12,15 @@
12#define NDISC_REDIRECT 137 12#define NDISC_REDIRECT 137
13 13
14/* 14/*
15 * Router type: cross-layer information from link-layer to
16 * IPv6 layer reported by certain link types (e.g., RFC4214).
17 */
18#define NDISC_NODETYPE_UNSPEC 0 /* unspecified (default) */
19#define NDISC_NODETYPE_HOST 1 /* host or unauthorized router */
20#define NDISC_NODETYPE_NODEFAULT 2 /* non-default router */
21#define NDISC_NODETYPE_DEFAULT 3 /* default router */
22
23/*
15 * ndisc options 24 * ndisc options
16 */ 25 */
17 26
diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
index 510aa747a404..53b546019fd5 100644
--- a/net/ipv6/ndisc.c
+++ b/net/ipv6/ndisc.c
@@ -1092,6 +1092,12 @@ static void ndisc_router_discovery(struct sk_buff *skb)
1092 return; 1092 return;
1093 } 1093 }
1094 1094
1095 if (skb->ndisc_nodetype == NDISC_NODETYPE_HOST) {
1096 ND_PRINTK2(KERN_WARNING
1097 "ICMPv6 RA: from host or unauthorized router\n");
1098 return;
1099 }
1100
1095 /* 1101 /*
1096 * set the RA_RECV flag in the interface 1102 * set the RA_RECV flag in the interface
1097 */ 1103 */
@@ -1115,6 +1121,10 @@ static void ndisc_router_discovery(struct sk_buff *skb)
1115 return; 1121 return;
1116 } 1122 }
1117 1123
1124 /* skip link-specific parameters from interior routers */
1125 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1126 goto skip_linkparms;
1127
1118 if (in6_dev->if_flags & IF_RS_SENT) { 1128 if (in6_dev->if_flags & IF_RS_SENT) {
1119 /* 1129 /*
1120 * flag that an RA was received after an RS was sent 1130 * flag that an RA was received after an RS was sent
@@ -1229,6 +1239,8 @@ skip_defrtr:
1229 } 1239 }
1230 } 1240 }
1231 1241
1242skip_linkparms:
1243
1232 /* 1244 /*
1233 * Process options. 1245 * Process options.
1234 */ 1246 */
@@ -1268,6 +1280,10 @@ skip_defrtr:
1268 } 1280 }
1269#endif 1281#endif
1270 1282
1283 /* skip link-specific ndopts from interior routers */
1284 if (skb->ndisc_nodetype == NDISC_NODETYPE_NODEFAULT)
1285 goto out;
1286
1271 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) { 1287 if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
1272 struct nd_opt_hdr *p; 1288 struct nd_opt_hdr *p;
1273 for (p = ndopts.nd_opts_pi; 1289 for (p = ndopts.nd_opts_pi;
@@ -1331,6 +1347,14 @@ static void ndisc_redirect_rcv(struct sk_buff *skb)
1331 int optlen; 1347 int optlen;
1332 u8 *lladdr = NULL; 1348 u8 *lladdr = NULL;
1333 1349
1350 switch (skb->ndisc_nodetype) {
1351 case NDISC_NODETYPE_HOST:
1352 case NDISC_NODETYPE_NODEFAULT:
1353 ND_PRINTK2(KERN_WARNING
1354 "ICMPv6 Redirect: from host or unauthorized router\n");
1355 return;
1356 }
1357
1334 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) { 1358 if (!(ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL)) {
1335 ND_PRINTK2(KERN_WARNING 1359 ND_PRINTK2(KERN_WARNING
1336 "ICMPv6 Redirect: source address is not link-local.\n"); 1360 "ICMPv6 Redirect: source address is not link-local.\n");
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index cd82b6db35ff..f17b2f61891e 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -1699,8 +1699,6 @@ struct rt6_info *rt6_get_dflt_router(struct in6_addr *addr, struct net_device *d
1699 return rt; 1699 return rt;
1700} 1700}
1701 1701
1702EXPORT_SYMBOL(rt6_get_dflt_router);
1703
1704struct rt6_info *rt6_add_dflt_router(struct in6_addr *gwaddr, 1702struct rt6_info *rt6_add_dflt_router(struct in6_addr *gwaddr,
1705 struct net_device *dev, 1703 struct net_device *dev,
1706 unsigned int pref) 1704 unsigned int pref)
diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c
index 1b8196c8d145..4786419ade0e 100644
--- a/net/ipv6/sit.c
+++ b/net/ipv6/sit.c
@@ -16,7 +16,7 @@
16 * Changes: 16 * Changes:
17 * Roger Venning <r.venning@telstra.com>: 6to4 support 17 * Roger Venning <r.venning@telstra.com>: 6to4 support
18 * Nate Thompson <nate@thebog.net>: 6to4 support 18 * Nate Thompson <nate@thebog.net>: 6to4 support
19 * Fred L. Templin <fltemplin@acm.org>: isatap support 19 * Fred Templin <fred.l.templin@boeing.com>: isatap support
20 */ 20 */
21 21
22#include <linux/module.h> 22#include <linux/module.h>
@@ -197,6 +197,119 @@ failed:
197 return NULL; 197 return NULL;
198} 198}
199 199
200static struct ip_tunnel_prl_entry *
201ipip6_tunnel_locate_prl(struct ip_tunnel *t, __be32 addr)
202{
203 struct ip_tunnel_prl_entry *p = (struct ip_tunnel_prl_entry *)NULL;
204
205 for (p = t->prl; p; p = p->next)
206 if (p->entry.addr == addr)
207 break;
208 return p;
209
210}
211
212static int
213ipip6_tunnel_add_prl(struct ip_tunnel *t, struct ip_tunnel_prl *a, int chg)
214{
215 struct ip_tunnel_prl_entry *p;
216
217 for (p = t->prl; p; p = p->next) {
218 if (p->entry.addr == a->addr) {
219 if (chg) {
220 p->entry = *a;
221 return 0;
222 }
223 return -EEXIST;
224 }
225 }
226
227 if (chg)
228 return -ENXIO;
229
230 p = kzalloc(sizeof(struct ip_tunnel_prl_entry), GFP_KERNEL);
231 if (!p)
232 return -ENOBUFS;
233
234 p->entry = *a;
235 p->next = t->prl;
236 t->prl = p;
237 return 0;
238}
239
240static int
241ipip6_tunnel_del_prl(struct ip_tunnel *t, struct ip_tunnel_prl *a)
242{
243 struct ip_tunnel_prl_entry *x, **p;
244
245 if (a) {
246 for (p = &t->prl; *p; p = &(*p)->next) {
247 if ((*p)->entry.addr == a->addr) {
248 x = *p;
249 *p = x->next;
250 kfree(x);
251 return 0;
252 }
253 }
254 return -ENXIO;
255 } else {
256 while (t->prl) {
257 x = t->prl;
258 t->prl = t->prl->next;
259 kfree(x);
260 }
261 }
262 return 0;
263}
264
265/* copied directly from anycast.c */
266static int
267ipip6_onlink(struct in6_addr *addr, struct net_device *dev)
268{
269 struct inet6_dev *idev;
270 struct inet6_ifaddr *ifa;
271 int onlink;
272
273 onlink = 0;
274 rcu_read_lock();
275 idev = __in6_dev_get(dev);
276 if (idev) {
277 read_lock_bh(&idev->lock);
278 for (ifa=idev->addr_list; ifa; ifa=ifa->if_next) {
279 onlink = ipv6_prefix_equal(addr, &ifa->addr,
280 ifa->prefix_len);
281 if (onlink)
282 break;
283 }
284 read_unlock_bh(&idev->lock);
285 }
286 rcu_read_unlock();
287 return onlink;
288}
289
290static int
291isatap_chksrc(struct sk_buff *skb, struct iphdr *iph, struct ip_tunnel *t)
292{
293 struct ip_tunnel_prl_entry *p = ipip6_tunnel_locate_prl(t, iph->saddr);
294 int ok = 1;
295
296 if (p) {
297 if (p->entry.flags & PRL_DEFAULT)
298 skb->ndisc_nodetype = NDISC_NODETYPE_DEFAULT;
299 else
300 skb->ndisc_nodetype = NDISC_NODETYPE_NODEFAULT;
301 } else {
302 struct in6_addr *addr6 = &ipv6_hdr(skb)->saddr;
303 if (ipv6_addr_is_isatap(addr6) &&
304 (addr6->s6_addr32[3] == iph->saddr) &&
305 ipip6_onlink(addr6, t->dev))
306 skb->ndisc_nodetype = NDISC_NODETYPE_HOST;
307 else
308 ok = 0;
309 }
310 return ok;
311}
312
200static void ipip6_tunnel_uninit(struct net_device *dev) 313static void ipip6_tunnel_uninit(struct net_device *dev)
201{ 314{
202 if (dev == ipip6_fb_tunnel_dev) { 315 if (dev == ipip6_fb_tunnel_dev) {
@@ -206,6 +319,7 @@ static void ipip6_tunnel_uninit(struct net_device *dev)
206 dev_put(dev); 319 dev_put(dev);
207 } else { 320 } else {
208 ipip6_tunnel_unlink(netdev_priv(dev)); 321 ipip6_tunnel_unlink(netdev_priv(dev));
322 ipip6_tunnel_del_prl(netdev_priv(dev), 0);
209 dev_put(dev); 323 dev_put(dev);
210 } 324 }
211} 325}
@@ -365,48 +479,6 @@ static inline void ipip6_ecn_decapsulate(struct iphdr *iph, struct sk_buff *skb)
365 IP6_ECN_set_ce(ipv6_hdr(skb)); 479 IP6_ECN_set_ce(ipv6_hdr(skb));
366} 480}
367 481
368/* ISATAP (RFC4214) - check source address */
369static int
370isatap_srcok(struct sk_buff *skb, struct iphdr *iph, struct net_device *dev)
371{
372 struct neighbour *neigh;
373 struct dst_entry *dst;
374 struct rt6_info *rt;
375 struct flowi fl;
376 struct in6_addr *addr6;
377 struct in6_addr rtr;
378 struct ipv6hdr *iph6;
379 int ok = 0;
380
381 /* from onlink default router */
382 ipv6_addr_set(&rtr, htonl(0xFE800000), 0, 0, 0);
383 ipv6_isatap_eui64(rtr.s6_addr + 8, iph->saddr);
384 if ((rt = rt6_get_dflt_router(&rtr, dev))) {
385 dst_release(&rt->u.dst);
386 return 1;
387 }
388
389 iph6 = ipv6_hdr(skb);
390 memset(&fl, 0, sizeof(fl));
391 fl.proto = iph6->nexthdr;
392 ipv6_addr_copy(&fl.fl6_dst, &iph6->saddr);
393 fl.oif = dev->ifindex;
394 security_skb_classify_flow(skb, &fl);
395
396 dst = ip6_route_output(&init_net, NULL, &fl);
397 if (!dst->error && (dst->dev == dev) && (neigh = dst->neighbour)) {
398
399 addr6 = (struct in6_addr*)&neigh->primary_key;
400
401 /* from correct previous hop */
402 if (ipv6_addr_is_isatap(addr6) &&
403 (addr6->s6_addr32[3] == iph->saddr))
404 ok = 1;
405 }
406 dst_release(dst);
407 return ok;
408}
409
410static int ipip6_rcv(struct sk_buff *skb) 482static int ipip6_rcv(struct sk_buff *skb)
411{ 483{
412 struct iphdr *iph; 484 struct iphdr *iph;
@@ -427,7 +499,7 @@ static int ipip6_rcv(struct sk_buff *skb)
427 skb->pkt_type = PACKET_HOST; 499 skb->pkt_type = PACKET_HOST;
428 500
429 if ((tunnel->dev->priv_flags & IFF_ISATAP) && 501 if ((tunnel->dev->priv_flags & IFF_ISATAP) &&
430 !isatap_srcok(skb, iph, tunnel->dev)) { 502 !isatap_chksrc(skb, iph, tunnel)) {
431 tunnel->stat.rx_errors++; 503 tunnel->stat.rx_errors++;
432 read_unlock(&ipip6_lock); 504 read_unlock(&ipip6_lock);
433 kfree_skb(skb); 505 kfree_skb(skb);
@@ -707,6 +779,7 @@ ipip6_tunnel_ioctl (struct net_device *dev, struct ifreq *ifr, int cmd)
707{ 779{
708 int err = 0; 780 int err = 0;
709 struct ip_tunnel_parm p; 781 struct ip_tunnel_parm p;
782 struct ip_tunnel_prl prl;
710 struct ip_tunnel *t; 783 struct ip_tunnel *t;
711 784
712 switch (cmd) { 785 switch (cmd) {
@@ -806,6 +879,31 @@ ipip6_tunnel_ioctl (struct net_device *dev, struct ifreq *ifr, int cmd)
806 err = 0; 879 err = 0;
807 break; 880 break;
808 881
882 case SIOCADDPRL:
883 case SIOCDELPRL:
884 case SIOCCHGPRL:
885 err = -EPERM;
886 if (!capable(CAP_NET_ADMIN))
887 goto done;
888 err = -EINVAL;
889 if (dev == ipip6_fb_tunnel_dev)
890 goto done;
891 err = -EFAULT;
892 if (copy_from_user(&prl, ifr->ifr_ifru.ifru_data, sizeof(prl)))
893 goto done;
894 err = -ENOENT;
895 if (!(t = netdev_priv(dev)))
896 goto done;
897
898 ipip6_tunnel_unlink(t);
899 if (cmd == SIOCDELPRL)
900 err = ipip6_tunnel_del_prl(t, &prl);
901 else
902 err = ipip6_tunnel_add_prl(t, &prl, cmd == SIOCCHGPRL);
903 ipip6_tunnel_link(t);
904 netdev_state_change(dev);
905 break;
906
809 default: 907 default:
810 err = -EINVAL; 908 err = -EINVAL;
811 } 909 }