projects / cascardo / linux.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
ipv6 addrconf: disallow rtr_solicits < -1
[cascardo/linux.git] / net / ipv6 / addrconf.c
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 2f1f5d4..d8983e1 100644 (file)
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -112,6 +112,27 @@ static inline u32 cstamp_delta(unsigned long cstamp)
        return (cstamp - INITIAL_JIFFIES) * 100UL / HZ;
 }
 
+static inline s32 rfc3315_s14_backoff_init(s32 irt)
+{
+       /* multiply 'initial retransmission time' by 0.9 .. 1.1 */
+       u64 tmp = (900000 + prandom_u32() % 200001) * (u64)irt;
+       do_div(tmp, 1000000);
+       return (s32)tmp;
+}
+
+static inline s32 rfc3315_s14_backoff_update(s32 rt, s32 mrt)
+{
+       /* multiply 'retransmission timeout' by 1.9 .. 2.1 */
+       u64 tmp = (1900000 + prandom_u32() % 200001) * (u64)rt;
+       do_div(tmp, 1000000);
+       if ((s32)tmp > mrt) {
+               /* multiply 'maximum retransmission time' by 0.9 .. 1.1 */
+               tmp = (900000 + prandom_u32() % 200001) * (u64)mrt;
+               do_div(tmp, 1000000);
+       }
+       return (s32)tmp;
+}
+
 #ifdef CONFIG_SYSCTL
 static int addrconf_sysctl_register(struct inet6_dev *idev);
 static void addrconf_sysctl_unregister(struct inet6_dev *idev);
@@ -187,6 +208,7 @@ static struct ipv6_devconf ipv6_devconf __read_mostly = {
        .dad_transmits          = 1,
        .rtr_solicits           = MAX_RTR_SOLICITATIONS,
        .rtr_solicit_interval   = RTR_SOLICITATION_INTERVAL,
+       .rtr_solicit_max_interval = RTR_SOLICITATION_MAX_INTERVAL,
        .rtr_solicit_delay      = MAX_RTR_SOLICITATION_DELAY,
        .use_tempaddr           = 0,
        .temp_valid_lft         = TEMP_VALID_LIFETIME,
@@ -232,6 +254,7 @@ static struct ipv6_devconf ipv6_devconf_dflt __read_mostly = {
        .dad_transmits          = 1,
        .rtr_solicits           = MAX_RTR_SOLICITATIONS,
        .rtr_solicit_interval   = RTR_SOLICITATION_INTERVAL,
+       .rtr_solicit_max_interval = RTR_SOLICITATION_MAX_INTERVAL,
        .rtr_solicit_delay      = MAX_RTR_SOLICITATION_DELAY,
        .use_tempaddr           = 0,
        .temp_valid_lft         = TEMP_VALID_LIFETIME,
@@ -3687,7 +3710,7 @@ static void addrconf_rs_timer(unsigned long data)
        if (idev->if_flags & IF_RA_RCVD)
                goto out;
 
-       if (idev->rs_probes++ < idev->cnf.rtr_solicits) {
+       if (idev->rs_probes++ < idev->cnf.rtr_solicits || idev->cnf.rtr_solicits < 0) {
                write_unlock(&idev->lock);
                if (!ipv6_get_lladdr(dev, &lladdr, IFA_F_TENTATIVE))
                        ndisc_send_rs(dev, &lladdr,
@@ -3696,11 +3719,13 @@ static void addrconf_rs_timer(unsigned long data)
                        goto put;
 
                write_lock(&idev->lock);
+               idev->rs_interval = rfc3315_s14_backoff_update(
+                       idev->rs_interval, idev->cnf.rtr_solicit_max_interval);
                /* The wait after the last probe can be shorter */
                addrconf_mod_rs_timer(idev, (idev->rs_probes ==
                                             idev->cnf.rtr_solicits) ?
                                      idev->cnf.rtr_solicit_delay :
-                                     idev->cnf.rtr_solicit_interval);
+                                     idev->rs_interval);
        } else {
                /*
                 * Note: we do not support deprecated "all on-link"
@@ -3949,7 +3974,7 @@ static void addrconf_dad_completed(struct inet6_ifaddr *ifp)
        send_mld = ifp->scope == IFA_LINK && ipv6_lonely_lladdr(ifp);
        send_rs = send_mld &&
                  ipv6_accept_ra(ifp->idev) &&
-                 ifp->idev->cnf.rtr_solicits > 0 &&
+                 ifp->idev->cnf.rtr_solicits != 0 &&
                  (dev->flags&IFF_LOOPBACK) == 0;
        read_unlock_bh(&ifp->idev->lock);
 
@@ -3971,10 +3996,11 @@ static void addrconf_dad_completed(struct inet6_ifaddr *ifp)
 
                write_lock_bh(&ifp->idev->lock);
                spin_lock(&ifp->lock);
+               ifp->idev->rs_interval = rfc3315_s14_backoff_init(
+                       ifp->idev->cnf.rtr_solicit_interval);
                ifp->idev->rs_probes = 1;
                ifp->idev->if_flags |= IF_RS_SENT;
-               addrconf_mod_rs_timer(ifp->idev,
-                                     ifp->idev->cnf.rtr_solicit_interval);
+               addrconf_mod_rs_timer(ifp->idev, ifp->idev->rs_interval);
                spin_unlock(&ifp->lock);
                write_unlock_bh(&ifp->idev->lock);
        }
@@ -4891,6 +4917,8 @@ static inline void ipv6_store_devconf(struct ipv6_devconf *cnf,
        array[DEVCONF_RTR_SOLICITS] = cnf->rtr_solicits;
        array[DEVCONF_RTR_SOLICIT_INTERVAL] =
                jiffies_to_msecs(cnf->rtr_solicit_interval);
+       array[DEVCONF_RTR_SOLICIT_MAX_INTERVAL] =
+               jiffies_to_msecs(cnf->rtr_solicit_max_interval);
        array[DEVCONF_RTR_SOLICIT_DELAY] =
                jiffies_to_msecs(cnf->rtr_solicit_delay);
        array[DEVCONF_FORCE_MLD_VERSION] = cnf->force_mld_version;
@@ -4961,18 +4989,18 @@ static inline size_t inet6_if_nlmsg_size(void)
 }
 
 static inline void __snmp6_fill_statsdev(u64 *stats, atomic_long_t *mib,
-                                     int items, int bytes)
+                                       int bytes)
 {
        int i;
-       int pad = bytes - sizeof(u64) * items;
+       int pad = bytes - sizeof(u64) * ICMP6_MIB_MAX;
        BUG_ON(pad < 0);
 
        /* Use put_unaligned() because stats may not be aligned for u64. */
-       put_unaligned(items, &stats[0]);
-       for (i = 1; i < items; i++)
+       put_unaligned(ICMP6_MIB_MAX, &stats[0]);
+       for (i = 1; i < ICMP6_MIB_MAX; i++)
                put_unaligned(atomic_long_read(&mib[i]), &stats[i]);
 
-       memset(&stats[items], 0, pad);
+       memset(&stats[ICMP6_MIB_MAX], 0, pad);
 }
 
 static inline void __snmp6_fill_stats64(u64 *stats, void __percpu *mib,
@@ -5005,7 +5033,7 @@ static void snmp6_fill_stats(u64 *stats, struct inet6_dev *idev, int attrtype,
                                     offsetof(struct ipstats_mib, syncp));
                break;
        case IFLA_INET6_ICMP6STATS:
-               __snmp6_fill_statsdev(stats, idev->stats.icmpv6dev->mibs, ICMP6_MIB_MAX, bytes);
+               __snmp6_fill_statsdev(stats, idev->stats.icmpv6dev->mibs, bytes);
                break;
        }
 }
@@ -5099,7 +5127,7 @@ static int inet6_set_iftoken(struct inet6_dev *idev, struct in6_addr *token)
                return -EINVAL;
        if (!ipv6_accept_ra(idev))
                return -EINVAL;
-       if (idev->cnf.rtr_solicits <= 0)
+       if (idev->cnf.rtr_solicits == 0)
                return -EINVAL;
 
        write_lock_bh(&idev->lock);
@@ -5128,8 +5156,10 @@ update_lft:
 
        if (update_rs) {
                idev->if_flags |= IF_RS_SENT;
+               idev->rs_interval = rfc3315_s14_backoff_init(
+                       idev->cnf.rtr_solicit_interval);
                idev->rs_probes = 1;
-               addrconf_mod_rs_timer(idev, idev->cnf.rtr_solicit_interval);
+               addrconf_mod_rs_timer(idev, idev->rs_interval);
        }
 
        /* Well, that's kinda nasty ... */
@@ -5466,20 +5496,6 @@ int addrconf_sysctl_forward(struct ctl_table *ctl, int write,
        return ret;
 }
 
-static
-int addrconf_sysctl_hop_limit(struct ctl_table *ctl, int write,
-                              void __user *buffer, size_t *lenp, loff_t *ppos)
-{
-       struct ctl_table lctl;
-       int min_hl = 1, max_hl = 255;
-
-       lctl = *ctl;
-       lctl.extra1 = &min_hl;
-       lctl.extra2 = &max_hl;
-
-       return proc_dointvec_minmax(&lctl, write, buffer, lenp, ppos);
-}
-
 static
 int addrconf_sysctl_mtu(struct ctl_table *ctl, int write,
                        void __user *buffer, size_t *lenp, loff_t *ppos)
@@ -5713,6 +5729,10 @@ int addrconf_sysctl_ignore_routes_with_linkdown(struct ctl_table *ctl,
        return ret;
 }
 
+static int minus_one = -1;
+static const int one = 1;
+static const int two_five_five = 255;
+
 static const struct ctl_table addrconf_sysctl[] = {
        {
                .procname       = "forwarding",
@@ -5726,7 +5746,9 @@ static const struct ctl_table addrconf_sysctl[] = {
                .data           = &ipv6_devconf.hop_limit,
                .maxlen         = sizeof(int),
                .mode           = 0644,
-               .proc_handler   = addrconf_sysctl_hop_limit,
+               .proc_handler   = proc_dointvec_minmax,
+               .extra1         = (void *)&one,
+               .extra2         = (void *)&two_five_five,
        },
        {
                .procname       = "mtu",
@@ -5768,7 +5790,8 @@ static const struct ctl_table addrconf_sysctl[] = {
                .data           = &ipv6_devconf.rtr_solicits,
                .maxlen         = sizeof(int),
                .mode           = 0644,
-               .proc_handler   = proc_dointvec,
+               .proc_handler   = proc_dointvec_minmax,
+               .extra1         = &minus_one,
        },
        {
                .procname       = "router_solicitation_interval",
@@ -5777,6 +5800,13 @@ static const struct ctl_table addrconf_sysctl[] = {
                .mode           = 0644,
                .proc_handler   = proc_dointvec_jiffies,
        },
+       {
+               .procname       = "router_solicitation_max_interval",
+               .data           = &ipv6_devconf.rtr_solicit_max_interval,
+               .maxlen         = sizeof(int),
+               .mode           = 0644,
+               .proc_handler   = proc_dointvec_jiffies,
+       },
        {
                .procname       = "router_solicitation_delay",
                .data           = &ipv6_devconf.rtr_solicit_delay,
@@ -6044,8 +6074,14 @@ static int __addrconf_sysctl_register(struct net *net, char *dev_name,
 
        for (i = 0; table[i].data; i++) {
                table[i].data += (char *)p - (char *)&ipv6_devconf;
-               table[i].extra1 = idev; /* embedded; no ref */
-               table[i].extra2 = net;
+               /* If one of these is already set, then it is not safe to
+                * overwrite either of them: this makes proc_dointvec_minmax
+                * usable.
+                */
+               if (!table[i].extra1 && !table[i].extra2) {
+                       table[i].extra1 = idev; /* embedded; no ref */
+                       table[i].extra2 = net;
+               }
        }
 
        snprintf(path, sizeof(path), "net/ipv6/conf/%s", dev_name);
Unnamed repository; edit this file 'description' to name the repository.